@webmaster-droid/server 0.1.0 → 0.2.0

package/dist/agent/index.d.ts

@@ -28,6 +28,11 @@ interface AgentRunnerResult {
     }>;
     updatedDraft: CmsDocument;
     mutationsApplied: boolean;
+    mutationSummary?: {
+        contentOperations: number;
+        themeTokenChanges: number;
+        imageOperations: number;
+    };
 }
 declare const STATIC_TOOL_NAMES: readonly ["patch_content", "patch_theme_tokens", "get_page", "get_section", "search_content", "generate_image"];
 type StaticToolName = (typeof STATIC_TOOL_NAMES)[number];

package/dist/agent/index.js

@@ -1,7 +1,7 @@
 import {
   listStaticToolNames,
   runAgentTurn
-} from "../chunk-IK36OUJQ.js";
+} from "../chunk-PS4GESOZ.js";
 import "../chunk-EYY23AAK.js";
 export {
   listStaticToolNames,

package/dist/api-aws/index.js

@@ -1,8 +1,9 @@
 import {
   handler,
   streamHandler
-} from "../chunk-6RB7H6PA.js";
-import "../chunk-IK36OUJQ.js";
+} from "../chunk-6M55DMUE.js";
+import "../chunk-SIXK4BMG.js";
+import "../chunk-PS4GESOZ.js";
 import "../chunk-EYY23AAK.js";
 import "../chunk-MLID7STX.js";
 export {

package/dist/api-supabase/index.d.ts

@@ -0,0 +1,3 @@
+declare function handler(request: Request): Promise<Response>;
+
+export { handler as default, handler };

package/dist/api-supabase/index.js

@@ -0,0 +1,12 @@
+import {
+  api_supabase_default,
+  handler
+} from "../chunk-JIGCFERP.js";
+import "../chunk-SIXK4BMG.js";
+import "../chunk-PS4GESOZ.js";
+import "../chunk-EYY23AAK.js";
+import "../chunk-OWXROQ4O.js";
+export {
+  api_supabase_default as default,
+  handler
+};

package/dist/{chunk-6RB7H6PA.js → chunk-6M55DMUE.js}

@@ -1,6 +1,11 @@
+import {
+  getBearerToken,
+  normalizeEditablePath,
+  verifyAdminToken
+} from "./chunk-SIXK4BMG.js";
 import {
   runAgentTurn
-} from "./chunk-IK36OUJQ.js";
+} from "./chunk-PS4GESOZ.js";
 import {
   CmsService
 } from "./chunk-EYY23AAK.js";
@@ -8,122 +13,6 @@ import {
   S3CmsStorage
 } from "./chunk-MLID7STX.js";
 
-// src/api-aws/auth.ts
-import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify } from "jose";
-var jwksCache = null;
-function getJwks() {
-  const jwksUrl = process.env.SUPABASE_JWKS_URL;
-  if (!jwksUrl) {
-    throw new Error("SUPABASE_JWKS_URL is not configured");
-  }
-  if (!jwksCache) {
-    jwksCache = createRemoteJWKSet(new URL(jwksUrl));
-  }
-  return jwksCache;
-}
-function buildSupabaseUserEndpoint() {
-  const explicitBaseUrl = process.env.SUPABASE_URL?.trim();
-  if (explicitBaseUrl) {
-    return `${explicitBaseUrl.replace(/\/$/, "")}/auth/v1/user`;
-  }
-  const jwksUrl = process.env.SUPABASE_JWKS_URL?.trim();
-  if (!jwksUrl) {
-    throw new Error("SUPABASE_JWKS_URL is not configured");
-  }
-  const parsed = new URL(jwksUrl);
-  return `${parsed.origin}/auth/v1/user`;
-}
-function getSupabaseAnonKey() {
-  const key = process.env.SUPABASE_ANON_KEY?.trim() ?? process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY?.trim();
-  if (!key) {
-    throw new Error("SUPABASE_ANON_KEY is required for HS256 token verification fallback.");
-  }
-  return key;
-}
-async function verifyHs256ViaSupabase(token) {
-  const response = await fetch(buildSupabaseUserEndpoint(), {
-    method: "GET",
-    headers: {
-      authorization: `Bearer ${token}`,
-      apikey: getSupabaseAnonKey()
-    }
-  });
-  if (!response.ok) {
-    const detail = await response.text();
-    throw new Error(`Supabase token verification failed: ${response.status} ${detail}`);
-  }
-  const user = await response.json();
-  const sub = typeof user.id === "string" ? user.id : "";
-  if (!sub) {
-    throw new Error("Supabase token verification returned no user id.");
-  }
-  return {
-    sub,
-    email: typeof user.email === "string" ? user.email : void 0,
-    role: typeof user.role === "string" ? user.role : void 0
-  };
-}
-function getBearerToken(headers) {
-  const value = headers.authorization ?? headers.Authorization;
-  if (!value) {
-    return null;
-  }
-  const [prefix, token] = value.split(" ");
-  if (prefix?.toLowerCase() !== "bearer" || !token) {
-    return null;
-  }
-  return token;
-}
-async function verifyAdminToken(token) {
-  const header = decodeProtectedHeader(token);
-  const algorithm = typeof header.alg === "string" ? header.alg : "";
-  if (algorithm === "HS256") {
-    const secret = process.env.SUPABASE_JWT_SECRET?.trim();
-    if (secret) {
-      const result2 = await jwtVerify(token, new TextEncoder().encode(secret), {
-        algorithms: ["HS256"]
-      });
-      const payload2 = result2.payload;
-      const identity3 = {
-        sub: String(payload2.sub ?? ""),
-        email: typeof payload2.email === "string" ? payload2.email : void 0,
-        role: typeof payload2.role === "string" ? payload2.role : typeof payload2.user_role === "string" ? payload2.user_role : void 0
-      };
-      if (!identity3.sub) {
-        throw new Error("Invalid token: subject is missing.");
-      }
-      const enforcedAdminEmail3 = process.env.ADMIN_EMAIL;
-      if (enforcedAdminEmail3 && identity3.email?.toLowerCase() !== enforcedAdminEmail3.toLowerCase()) {
-        throw new Error("Authenticated user is not allowed for admin access.");
-      }
-      return identity3;
-    }
-    const identity2 = await verifyHs256ViaSupabase(token);
-    const enforcedAdminEmail2 = process.env.ADMIN_EMAIL;
-    if (enforcedAdminEmail2 && identity2.email?.toLowerCase() !== enforcedAdminEmail2.toLowerCase()) {
-      throw new Error("Authenticated user is not allowed for admin access.");
-    }
-    return identity2;
-  }
-  const result = await jwtVerify(token, getJwks(), {
-    algorithms: ["RS256", "ES256"]
-  });
-  const payload = result.payload;
-  const identity = {
-    sub: String(payload.sub ?? ""),
-    email: typeof payload.email === "string" ? payload.email : void 0,
-    role: typeof payload.role === "string" ? payload.role : typeof payload.user_role === "string" ? payload.user_role : void 0
-  };
-  if (!identity.sub) {
-    throw new Error("Invalid token: subject is missing.");
-  }
-  const enforcedAdminEmail = process.env.ADMIN_EMAIL;
-  if (enforcedAdminEmail && identity.email?.toLowerCase() !== enforcedAdminEmail.toLowerCase()) {
-    throw new Error("Authenticated user is not allowed for admin access.");
-  }
-  return identity;
-}
-
 // src/api-aws/http.ts
 function jsonResponse(statusCode, body) {
   return {
@@ -168,23 +57,6 @@ function normalizePath(path) {
   return path.replace(/\/+$/, "") || "/";
 }
 
-// src/api-aws/normalize-editable-path.ts
-var EDITABLE_ROOTS = ["pages.", "layout.", "seo.", "themeTokens."];
-var MAX_PATH_LENGTH = 320;
-function normalizeEditablePath(value) {
-  if (typeof value !== "string") {
-    return null;
-  }
-  const trimmed = value.trim();
-  if (!trimmed || trimmed.length > MAX_PATH_LENGTH) {
-    return null;
-  }
-  if (!EDITABLE_ROOTS.some((prefix) => trimmed.startsWith(prefix))) {
-    return null;
-  }
-  return trimmed;
-}
-
 // src/api-aws/service-factory.ts
 import {
   createDefaultCmsDocument
@@ -314,6 +186,17 @@ function buildAvailableModels(config) {
   }
   return Array.from(options.values());
 }
+function buildModelCapabilities(input) {
+  const hasReadableModel = input.availableModels.length > 0;
+  const hasImagePipeline = input.config.geminiEnabled && input.hasPublicAssetBaseUrl;
+  return {
+    contentEdit: hasReadableModel,
+    themeTokenEdit: hasReadableModel,
+    imageGenerate: hasImagePipeline,
+    imageEdit: hasImagePipeline,
+    visionAssist: hasReadableModel
+  };
+}
 function resolveDefaultModelId(config, availableModels) {
   const requestedDefault = config.defaultModelId.trim();
   if (availableModels.some((model) => model.id === requestedDefault)) {
@@ -472,11 +355,17 @@ async function handler(event) {
       const config = service.getModelConfig();
       const availableModels = buildAvailableModels(config);
       const defaultModelId = resolveDefaultModelId(config, availableModels);
+      const capabilities = buildModelCapabilities({
+        config,
+        availableModels,
+        hasPublicAssetBaseUrl: Boolean(service.getPublicAssetBaseUrl())
+      });
       return jsonResponse(200, {
         providers: {
           openai: config.openaiEnabled,
           gemini: config.geminiEnabled
         },
+        capabilities,
         defaultModelId,
         showModelPicker: availableModels.length > 1,
         availableModels
@@ -564,7 +453,12 @@ async function handler(event) {
           event: "draft-updated",
           data: {
             contentVersion: result.updatedDraft.meta.contentVersion,
-            updatedAt: result.updatedDraft.meta.updatedAt
+            updatedAt: result.updatedDraft.meta.updatedAt,
+            summary: result.mutationSummary ?? {
+              contentOperations: 0,
+              themeTokenChanges: 0,
+              imageOperations: 0
+            }
           }
         });
       }
@@ -641,7 +535,12 @@ var streamHandler = awslambda.streamifyResponse(
       if (result.mutationsApplied) {
         write("draft-updated", {
           contentVersion: result.updatedDraft.meta.contentVersion,
-          updatedAt: result.updatedDraft.meta.updatedAt
+          updatedAt: result.updatedDraft.meta.updatedAt,
+          summary: result.mutationSummary ?? {
+            contentOperations: 0,
+            themeTokenChanges: 0,
+            imageOperations: 0
+          }
         });
       }
       write("done", { ok: true });