@webmaster-droid/server 0.1.0-alpha.0

package/dist/chunk-5CVLHGGO.js

@@ -0,0 +1,672 @@
+import {
+  runAgentTurn
+} from "./chunk-X6TU47KZ.js";
+import {
+  CmsService
+} from "./chunk-2LAI3MY2.js";
+import {
+  S3CmsStorage
+} from "./chunk-MLID7STX.js";
+
+// src/api-aws/auth.ts
+import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify } from "jose";
+var jwksCache = null;
+function getJwks() {
+  const jwksUrl = process.env.SUPABASE_JWKS_URL;
+  if (!jwksUrl) {
+    throw new Error("SUPABASE_JWKS_URL is not configured");
+  }
+  if (!jwksCache) {
+    jwksCache = createRemoteJWKSet(new URL(jwksUrl));
+  }
+  return jwksCache;
+}
+function buildSupabaseUserEndpoint() {
+  const explicitBaseUrl = process.env.SUPABASE_URL?.trim();
+  if (explicitBaseUrl) {
+    return `${explicitBaseUrl.replace(/\/$/, "")}/auth/v1/user`;
+  }
+  const jwksUrl = process.env.SUPABASE_JWKS_URL?.trim();
+  if (!jwksUrl) {
+    throw new Error("SUPABASE_JWKS_URL is not configured");
+  }
+  const parsed = new URL(jwksUrl);
+  return `${parsed.origin}/auth/v1/user`;
+}
+function getSupabaseAnonKey() {
+  const key = process.env.SUPABASE_ANON_KEY?.trim() ?? process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY?.trim();
+  if (!key) {
+    throw new Error("SUPABASE_ANON_KEY is required for HS256 token verification fallback.");
+  }
+  return key;
+}
+async function verifyHs256ViaSupabase(token) {
+  const response = await fetch(buildSupabaseUserEndpoint(), {
+    method: "GET",
+    headers: {
+      authorization: `Bearer ${token}`,
+      apikey: getSupabaseAnonKey()
+    }
+  });
+  if (!response.ok) {
+    const detail = await response.text();
+    throw new Error(`Supabase token verification failed: ${response.status} ${detail}`);
+  }
+  const user = await response.json();
+  const sub = typeof user.id === "string" ? user.id : "";
+  if (!sub) {
+    throw new Error("Supabase token verification returned no user id.");
+  }
+  return {
+    sub,
+    email: typeof user.email === "string" ? user.email : void 0,
+    role: typeof user.role === "string" ? user.role : void 0
+  };
+}
+function getBearerToken(headers) {
+  const value = headers.authorization ?? headers.Authorization;
+  if (!value) {
+    return null;
+  }
+  const [prefix, token] = value.split(" ");
+  if (prefix?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+async function verifyAdminToken(token) {
+  const header = decodeProtectedHeader(token);
+  const algorithm = typeof header.alg === "string" ? header.alg : "";
+  if (algorithm === "HS256") {
+    const secret = process.env.SUPABASE_JWT_SECRET?.trim();
+    if (secret) {
+      const result2 = await jwtVerify(token, new TextEncoder().encode(secret), {
+        algorithms: ["HS256"]
+      });
+      const payload2 = result2.payload;
+      const identity3 = {
+        sub: String(payload2.sub ?? ""),
+        email: typeof payload2.email === "string" ? payload2.email : void 0,
+        role: typeof payload2.role === "string" ? payload2.role : typeof payload2.user_role === "string" ? payload2.user_role : void 0
+      };
+      if (!identity3.sub) {
+        throw new Error("Invalid token: subject is missing.");
+      }
+      const enforcedAdminEmail3 = process.env.ADMIN_EMAIL;
+      if (enforcedAdminEmail3 && identity3.email?.toLowerCase() !== enforcedAdminEmail3.toLowerCase()) {
+        throw new Error("Authenticated user is not allowed for admin access.");
+      }
+      return identity3;
+    }
+    const identity2 = await verifyHs256ViaSupabase(token);
+    const enforcedAdminEmail2 = process.env.ADMIN_EMAIL;
+    if (enforcedAdminEmail2 && identity2.email?.toLowerCase() !== enforcedAdminEmail2.toLowerCase()) {
+      throw new Error("Authenticated user is not allowed for admin access.");
+    }
+    return identity2;
+  }
+  const result = await jwtVerify(token, getJwks(), {
+    algorithms: ["RS256", "ES256"]
+  });
+  const payload = result.payload;
+  const identity = {
+    sub: String(payload.sub ?? ""),
+    email: typeof payload.email === "string" ? payload.email : void 0,
+    role: typeof payload.role === "string" ? payload.role : typeof payload.user_role === "string" ? payload.user_role : void 0
+  };
+  if (!identity.sub) {
+    throw new Error("Invalid token: subject is missing.");
+  }
+  const enforcedAdminEmail = process.env.ADMIN_EMAIL;
+  if (enforcedAdminEmail && identity.email?.toLowerCase() !== enforcedAdminEmail.toLowerCase()) {
+    throw new Error("Authenticated user is not allowed for admin access.");
+  }
+  return identity;
+}
+
+// src/api-aws/http.ts
+function jsonResponse(statusCode, body) {
+  return {
+    statusCode,
+    headers: {
+      "content-type": "application/json",
+      "access-control-allow-origin": "*",
+      "access-control-allow-headers": "content-type,authorization,accept,cache-control",
+      "access-control-allow-methods": "GET,POST,OPTIONS"
+    },
+    body: JSON.stringify(body)
+  };
+}
+function sseResponse(statusCode, events) {
+  const body = events.map((item) => {
+    const payload = typeof item.data === "string" ? item.data : JSON.stringify(item.data);
+    return `event: ${item.event}
+data: ${payload}
+
+`;
+  }).join("");
+  return {
+    statusCode,
+    headers: {
+      "content-type": "text/event-stream",
+      "cache-control": "no-cache, no-transform",
+      connection: "keep-alive",
+      "access-control-allow-origin": "*",
+      "access-control-allow-headers": "content-type,authorization,accept,cache-control",
+      "access-control-allow-methods": "GET,POST,OPTIONS"
+    },
+    body
+  };
+}
+function parseJsonBody(raw) {
+  if (!raw) {
+    throw new Error("Request body is required.");
+  }
+  return JSON.parse(raw);
+}
+function normalizePath(path) {
+  return path.replace(/\/+$/, "") || "/";
+}
+
+// src/api-aws/service-factory.ts
+import { createStarterCmsDocument } from "@webmaster-droid/contracts/starter";
+var servicePromise = null;
+function requireEnv(name) {
+  const value = process.env[name];
+  if (!value) {
+    throw new Error(`Missing required environment variable: ${name}`);
+  }
+  return value;
+}
+function parseBooleanEnv(name, defaultValue) {
+  const raw = process.env[name];
+  if (!raw) {
+    return defaultValue;
+  }
+  return raw.toLowerCase() === "true";
+}
+function parseOptionalEnv(name) {
+  const raw = process.env[name];
+  if (!raw) {
+    return void 0;
+  }
+  const trimmed = raw.trim();
+  return trimmed || void 0;
+}
+function buildModelConfig() {
+  return {
+    openaiEnabled: parseBooleanEnv("MODEL_OPENAI_ENABLED", true),
+    geminiEnabled: parseBooleanEnv("MODEL_GEMINI_ENABLED", true),
+    defaultModelId: process.env.DEFAULT_MODEL_ID ?? "openai:gpt-5.2"
+  };
+}
+function normalizeAllowedPath(path) {
+  const trimmed = path.trim();
+  if (!trimmed.startsWith("/")) {
+    return null;
+  }
+  if (trimmed === "/") {
+    return "/";
+  }
+  const normalized = trimmed.replace(/\/+$/, "");
+  if (!normalized) {
+    return null;
+  }
+  return `${normalized}/`;
+}
+function starterAllowedInternalPaths() {
+  const seed = createStarterCmsDocument();
+  const out = /* @__PURE__ */ new Set(["/"]);
+  for (const entry of Object.values(seed.seo)) {
+    const normalized = normalizeAllowedPath(entry.path);
+    if (normalized) {
+      out.add(normalized);
+    }
+  }
+  return Array.from(out);
+}
+function parseAllowedInternalPathsEnv(fallbackPaths) {
+  const raw = process.env.CMS_ALLOWED_INTERNAL_PATHS;
+  if (!raw) {
+    return fallbackPaths;
+  }
+  const normalized = raw.split(",").map((item) => normalizeAllowedPath(item)).filter((value) => Boolean(value));
+  return normalized.length > 0 ? normalized : fallbackPaths;
+}
+async function getCmsService() {
+  if (!servicePromise) {
+    servicePromise = (async () => {
+      const storage = new S3CmsStorage({
+        bucket: requireEnv("CMS_S3_BUCKET"),
+        region: requireEnv("CMS_S3_REGION"),
+        prefix: "cms"
+      });
+      const service = new CmsService(storage, {
+        modelConfig: buildModelConfig(),
+        allowedInternalPaths: parseAllowedInternalPathsEnv(starterAllowedInternalPaths()),
+        publicAssetBaseUrl: parseOptionalEnv("CMS_PUBLIC_BASE_URL"),
+        publicAssetPrefix: parseOptionalEnv("CMS_GENERATED_ASSET_PREFIX")
+      });
+      await service.ensureInitialized(createStarterCmsDocument());
+      return service;
+    })();
+  }
+  return servicePromise;
+}
+
+// src/api-aws/index.ts
+var SSE_HEADERS = {
+  "content-type": "text/event-stream",
+  "cache-control": "no-cache, no-transform",
+  connection: "keep-alive",
+  "access-control-allow-origin": "*",
+  "access-control-allow-headers": "content-type,authorization,accept,cache-control",
+  "access-control-allow-methods": "GET,POST,OPTIONS"
+};
+var EDITABLE_ROOTS = ["pages.", "layout.", "seo.", "themeTokens."];
+var SELECTION_KIND_SET = /* @__PURE__ */ new Set([
+  "text",
+  "image",
+  "link",
+  "section"
+]);
+var DEFAULT_MODEL_OPTIONS = [
+  {
+    id: "openai:gpt-5.2",
+    label: "OpenAI GPT-5.2",
+    provider: "openai"
+  },
+  {
+    id: "gemini:gemini-3-flash-preview",
+    label: "Google Gemini 3 Flash (preview)",
+    provider: "gemini"
+  },
+  {
+    id: "gemini:gemini-3.1-pro-preview",
+    label: "Google Gemini 3.1 Pro (preview)",
+    provider: "gemini"
+  }
+];
+function buildAvailableModels(config) {
+  const enabledProviders = /* @__PURE__ */ new Set();
+  if (config.openaiEnabled) {
+    enabledProviders.add("openai");
+  }
+  if (config.geminiEnabled) {
+    enabledProviders.add("gemini");
+  }
+  const options = /* @__PURE__ */ new Map();
+  for (const candidate of DEFAULT_MODEL_OPTIONS) {
+    if (!enabledProviders.has(candidate.provider)) {
+      continue;
+    }
+    options.set(candidate.id, {
+      id: candidate.id,
+      label: candidate.label
+    });
+  }
+  return Array.from(options.values());
+}
+function resolveDefaultModelId(config, availableModels) {
+  const requestedDefault = config.defaultModelId.trim();
+  if (availableModels.some((model) => model.id === requestedDefault)) {
+    return requestedDefault;
+  }
+  return availableModels[0]?.id ?? requestedDefault;
+}
+function toHeaderRecord(headers) {
+  if (!headers || typeof headers !== "object") {
+    return {};
+  }
+  return headers;
+}
+function eventMethod(event) {
+  if (!event || typeof event !== "object") {
+    return "GET";
+  }
+  const e = event;
+  return e.httpMethod ?? e.requestContext?.http?.method ?? "GET";
+}
+function eventPath(event) {
+  if (!event || typeof event !== "object") {
+    return "/";
+  }
+  const e = event;
+  return normalizePath(e.path ?? e.rawPath ?? "/");
+}
+function parseEventBody(event) {
+  if (!event || typeof event !== "object") {
+    throw new Error("Request body is required.");
+  }
+  const e = event;
+  if (!e.body) {
+    throw new Error("Request body is required.");
+  }
+  const raw = e.isBase64Encoded ? Buffer.from(e.body, "base64").toString("utf8") : e.body;
+  return JSON.parse(raw);
+}
+function sseEvent(event, data) {
+  const payload = typeof data === "string" ? data : JSON.stringify(data);
+  return `event: ${event}
+data: ${payload}
+
+`;
+}
+function errorMessage(error) {
+  return error instanceof Error ? error.message : "Unknown error";
+}
+async function requireAdminFromHeaders(headers) {
+  const token = getBearerToken(headers);
+  if (!token) {
+    throw new Error("Missing bearer token.");
+  }
+  return verifyAdminToken(token);
+}
+async function requireAdmin(event) {
+  return requireAdminFromHeaders(toHeaderRecord(event.headers));
+}
+function getStageFromQuery(query) {
+  const stage = query?.stage;
+  if (stage === "draft") {
+    return "draft";
+  }
+  return "live";
+}
+function normalizeEditablePath(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const trimmed = value.trim();
+  if (!trimmed || trimmed.length > 320) {
+    return null;
+  }
+  if (!EDITABLE_ROOTS.some((prefix) => trimmed.startsWith(prefix))) {
+    return null;
+  }
+  return trimmed;
+}
+function normalizeText(value, maxLength) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const compact = value.replace(/\s+/g, " ").trim();
+  if (!compact) {
+    return null;
+  }
+  if (compact.length <= maxLength) {
+    return compact;
+  }
+  return `${compact.slice(0, maxLength - 3)}...`;
+}
+function normalizeSelectionKind(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  if (SELECTION_KIND_SET.has(value)) {
+    return value;
+  }
+  return null;
+}
+function normalizePagePath(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const [withoutQuery] = value.split(/[?#]/, 1);
+  const trimmed = withoutQuery?.trim() ?? "";
+  if (!trimmed || !trimmed.startsWith("/")) {
+    return null;
+  }
+  return trimmed;
+}
+function normalizeRelatedPaths(value) {
+  if (!Array.isArray(value)) {
+    return [];
+  }
+  const out = /* @__PURE__ */ new Set();
+  for (const item of value) {
+    const normalized = normalizeEditablePath(item);
+    if (normalized) {
+      out.add(normalized);
+    }
+  }
+  return Array.from(out);
+}
+function normalizeSelectedElementContext(value) {
+  if (!value || typeof value !== "object") {
+    return void 0;
+  }
+  const record = value;
+  const path = normalizeEditablePath(record.path);
+  const label = normalizeText(record.label, 120);
+  const kind = normalizeSelectionKind(record.kind);
+  const pagePath = normalizePagePath(record.pagePath);
+  if (!path || !label || !kind || !pagePath) {
+    return void 0;
+  }
+  const selected = {
+    path,
+    label,
+    kind,
+    pagePath
+  };
+  const relatedPaths = normalizeRelatedPaths(record.relatedPaths);
+  if (relatedPaths.length > 0) {
+    selected.relatedPaths = relatedPaths;
+  }
+  const preview = normalizeText(record.preview, 140);
+  if (preview) {
+    selected.preview = preview;
+  }
+  return selected;
+}
+async function handler(event) {
+  try {
+    if (event.httpMethod === "OPTIONS") {
+      return jsonResponse(200, { ok: true });
+    }
+    const service = await getCmsService();
+    const path = normalizePath(event.path);
+    if (event.httpMethod === "GET" && path.endsWith("/content")) {
+      const stage = getStageFromQuery(event.queryStringParameters);
+      if (stage === "draft") {
+        await requireAdmin(event);
+      }
+      const content = await service.getContent(stage);
+      return jsonResponse(200, { stage, content });
+    }
+    if (event.httpMethod === "GET" && path.endsWith("/models")) {
+      const config = service.getModelConfig();
+      const availableModels = buildAvailableModels(config);
+      const defaultModelId = resolveDefaultModelId(config, availableModels);
+      return jsonResponse(200, {
+        providers: {
+          openai: config.openaiEnabled,
+          gemini: config.geminiEnabled
+        },
+        defaultModelId,
+        showModelPicker: availableModels.length > 1,
+        availableModels
+      });
+    }
+    if (event.httpMethod === "GET" && path.endsWith("/session")) {
+      const identity = await requireAdmin(event);
+      return jsonResponse(200, {
+        authenticated: true,
+        identity
+      });
+    }
+    if (event.httpMethod === "GET" && path.endsWith("/history")) {
+      await requireAdmin(event);
+      const history = await service.listHistory();
+      return jsonResponse(200, history);
+    }
+    if (event.httpMethod === "POST" && path.endsWith("/publish")) {
+      const identity = await requireAdmin(event);
+      const body = parseJsonBody(event.body);
+      const result = await service.publishDraft(body, identity.email ?? identity.sub);
+      return jsonResponse(200, {
+        ok: true,
+        version: result
+      });
+    }
+    if (event.httpMethod === "POST" && path.endsWith("/rollback")) {
+      const identity = await requireAdmin(event);
+      const body = parseJsonBody(event.body);
+      const document = await service.rollbackDraft(body, identity.email ?? identity.sub);
+      return jsonResponse(200, {
+        ok: true,
+        draftVersion: document.meta.contentVersion
+      });
+    }
+    if (event.httpMethod === "POST" && path.endsWith("/checkpoints/delete")) {
+      await requireAdmin(event);
+      const body = parseJsonBody(event.body);
+      const checkpointId = typeof body.checkpointId === "string" ? body.checkpointId.trim() : "";
+      if (!checkpointId) {
+        throw new Error("checkpointId is required.");
+      }
+      await service.deleteCheckpoint(checkpointId);
+      return jsonResponse(200, {
+        ok: true,
+        checkpointId
+      });
+    }
+    if (event.httpMethod === "POST" && path.endsWith("/chat/stream")) {
+      const identity = await requireAdmin(event);
+      const body = parseJsonBody(event.body);
+      const selectedElement = normalizeSelectedElementContext(body.selectedElement);
+      const result = await runAgentTurn(service, {
+        prompt: body.message,
+        modelId: body.modelId,
+        includeThinking: body.includeThinking,
+        actor: identity.email ?? identity.sub,
+        currentPath: body.currentPath,
+        selectedElement,
+        history: body.history
+      });
+      const events = [];
+      if (body.includeThinking) {
+        for (const note of result.thinking) {
+          events.push({
+            event: "thinking",
+            data: { note }
+          });
+        }
+      }
+      for (const toolEvent of result.toolEvents) {
+        events.push({
+          event: "tool",
+          data: toolEvent
+        });
+      }
+      events.push({
+        event: "message",
+        data: {
+          text: result.text
+        }
+      });
+      if (result.mutationsApplied) {
+        events.push({
+          event: "draft-updated",
+          data: {
+            contentVersion: result.updatedDraft.meta.contentVersion,
+            updatedAt: result.updatedDraft.meta.updatedAt
+          }
+        });
+      }
+      events.push({
+        event: "done",
+        data: { ok: true }
+      });
+      return sseResponse(200, events);
+    }
+    return jsonResponse(404, {
+      error: "Not found",
+      path,
+      method: event.httpMethod
+    });
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Unknown error";
+    const statusCode = message.startsWith("Checkpoint not found:") ? 404 : 400;
+    return jsonResponse(statusCode, {
+      ok: false,
+      error: message
+    });
+  }
+}
+var streamHandler = awslambda.streamifyResponse(
+  async (event, responseStream) => {
+    const stream = awslambda.HttpResponseStream.from(responseStream, {
+      statusCode: 200,
+      headers: SSE_HEADERS
+    });
+    const write = (eventName, data) => {
+      stream.write(sseEvent(eventName, data));
+    };
+    let heartbeat = null;
+    try {
+      const method = eventMethod(event);
+      const path = eventPath(event);
+      if (method === "OPTIONS") {
+        write("done", { ok: true });
+        return;
+      }
+      if (method !== "POST" || !path.endsWith("/chat/stream")) {
+        write("error", {
+          ok: false,
+          error: `Not found: ${method} ${path}`
+        });
+        return;
+      }
+      const identity = await requireAdminFromHeaders(
+        toHeaderRecord(event.headers)
+      );
+      const body = parseEventBody(event);
+      const service = await getCmsService();
+      const selectedElement = normalizeSelectedElementContext(body.selectedElement);
+      write("ready", { ok: true });
+      heartbeat = setInterval(() => {
+        write("ping", { ts: (/* @__PURE__ */ new Date()).toISOString() });
+      }, 15e3);
+      const result = await runAgentTurn(service, {
+        prompt: body.message,
+        modelId: body.modelId,
+        includeThinking: body.includeThinking,
+        actor: identity.email ?? identity.sub,
+        currentPath: body.currentPath,
+        selectedElement,
+        history: body.history,
+        onThinkingEvent: body.includeThinking ? (note) => {
+          write("thinking", { note });
+        } : void 0,
+        onToolEvent: (toolEvent) => {
+          write("tool", toolEvent);
+        }
+      });
+      write("message", { text: result.text });
+      if (result.mutationsApplied) {
+        write("draft-updated", {
+          contentVersion: result.updatedDraft.meta.contentVersion,
+          updatedAt: result.updatedDraft.meta.updatedAt
+        });
+      }
+      write("done", { ok: true });
+    } catch (error) {
+      write("error", {
+        ok: false,
+        error: errorMessage(error)
+      });
+      write("done", { ok: false });
+    } finally {
+      if (heartbeat) {
+        clearInterval(heartbeat);
+      }
+      stream.end();
+    }
+  }
+);
+
+export {
+  handler,
+  streamHandler
+};