@webmaster-droid/server 0.1.0 → 0.2.0

package/dist/chunk-OWXROQ4O.js

@@ -0,0 +1,416 @@
+// src/storage-supabase/index.ts
+import {
+  createClient
+} from "@supabase/supabase-js";
+import { normalizeCmsDocument } from "@webmaster-droid/contracts";
+function createId(prefix) {
+  return `${prefix}_${Math.random().toString(36).slice(2, 10)}`;
+}
+function nowIso() {
+  return (/* @__PURE__ */ new Date()).toISOString();
+}
+function monthKey(date = /* @__PURE__ */ new Date()) {
+  const year = date.getUTCFullYear();
+  const month = `${date.getUTCMonth() + 1}`.padStart(2, "0");
+  return `${year}-${month}`;
+}
+function keySafeTimestamp(date = /* @__PURE__ */ new Date()) {
+  return `${date.getTime()}`;
+}
+function parseIdFromKey(key) {
+  const filename = key.split("/").pop() ?? key;
+  const parts = filename.split("__");
+  if (parts.length !== 2) {
+    return filename.replace(/\.json$/, "");
+  }
+  return parts[1].replace(/\.json$/, "");
+}
+function parseTimestampFromKey(key) {
+  const filename = key.split("/").pop() ?? key;
+  const parts = filename.split("__");
+  if (parts.length !== 2) {
+    return (/* @__PURE__ */ new Date(0)).toISOString();
+  }
+  const encoded = Number(parts[0]);
+  const parsed = new Date(encoded);
+  if (Number.isNaN(parsed.getTime())) {
+    return (/* @__PURE__ */ new Date(0)).toISOString();
+  }
+  return parsed.toISOString();
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function parseCheckpointEnvelope(value) {
+  if (!isRecord(value)) {
+    return null;
+  }
+  const checkpoint = value.checkpoint;
+  const content = value.content;
+  if (!isRecord(checkpoint) || !isRecord(content)) {
+    return null;
+  }
+  const id = typeof checkpoint.id === "string" ? checkpoint.id : "";
+  const createdAt = typeof checkpoint.createdAt === "string" ? checkpoint.createdAt : "";
+  const reason = typeof checkpoint.reason === "string" ? checkpoint.reason : "";
+  const createdBy = typeof checkpoint.createdBy === "string" ? checkpoint.createdBy : void 0;
+  if (!id || !createdAt || !reason) {
+    return null;
+  }
+  return {
+    checkpoint: {
+      id,
+      createdAt,
+      createdBy,
+      reason
+    },
+    content
+  };
+}
+function mergeLegacyValue(target, incoming) {
+  if (!isRecord(target) || !isRecord(incoming)) {
+    return incoming;
+  }
+  for (const [key, value] of Object.entries(incoming)) {
+    if (target[key] === void 0) {
+      target[key] = value;
+      continue;
+    }
+    target[key] = mergeLegacyValue(target[key], value);
+  }
+  return target;
+}
+function normalizeLegacyIndexedKeys(root) {
+  let changed = false;
+  const visit = (node) => {
+    if (Array.isArray(node)) {
+      for (const item of node) {
+        visit(item);
+      }
+      return;
+    }
+    if (!isRecord(node)) {
+      return;
+    }
+    const record = node;
+    const keys = Object.keys(record);
+    for (const key of keys) {
+      const match = /^([^\[\]]+)\[(\d+)\]$/.exec(key);
+      if (!match) {
+        continue;
+      }
+      const baseKey = match[1];
+      const index = Number(match[2]);
+      if (Number.isNaN(index)) {
+        continue;
+      }
+      const baseValue = record[baseKey];
+      if (baseValue !== void 0 && !Array.isArray(baseValue)) {
+        continue;
+      }
+      const targetArray = record[baseKey] ?? [];
+      record[baseKey] = targetArray;
+      const legacyValue = record[key];
+      const existing = targetArray[index];
+      if (existing === void 0) {
+        targetArray[index] = legacyValue;
+      } else {
+        targetArray[index] = mergeLegacyValue(existing, legacyValue);
+      }
+      delete record[key];
+      changed = true;
+    }
+    for (const value of Object.values(record)) {
+      visit(value);
+    }
+  };
+  visit(root);
+  return changed;
+}
+function normalizeStoragePath(value) {
+  return value.replace(/^\/+/, "").replace(/\/+$/, "");
+}
+function toStorageError(error) {
+  if (!error || typeof error !== "object") {
+    return {};
+  }
+  return error;
+}
+var SupabaseCmsStorage = class {
+  bucket;
+  client;
+  prefix;
+  constructor(options) {
+    this.bucket = options.bucket.trim();
+    if (!this.bucket) {
+      throw new Error("Supabase bucket name is required.");
+    }
+    this.prefix = options.prefix?.replace(/\/$/, "") ?? "cms";
+    this.client = options.client ?? createClient(options.supabaseUrl, options.serviceRoleKey, {
+      auth: {
+        persistSession: false,
+        autoRefreshToken: false
+      }
+    });
+  }
+  async ensureInitialized(seed) {
+    const [live, draft] = await Promise.all([
+      this.tryGetStage("live"),
+      this.tryGetStage("draft")
+    ]);
+    if (!live) {
+      await this.saveStage("live", seed);
+    }
+    if (!draft) {
+      await this.saveStage("draft", seed);
+    }
+  }
+  async getContent(stage) {
+    const key = this.stageKey(stage);
+    const text = await this.getText(key);
+    const parsed = JSON.parse(text);
+    normalizeLegacyIndexedKeys(parsed);
+    return normalizeCmsDocument(parsed);
+  }
+  async saveDraft(content) {
+    await this.saveStage("draft", content);
+  }
+  async saveLive(content) {
+    await this.saveStage("live", content);
+  }
+  async putPublicAsset(input) {
+    const key = input.key.replace(/^\/+/, "");
+    if (!key) {
+      throw new Error("Public asset key is required.");
+    }
+    const { error } = await this.client.storage.from(this.bucket).upload(key, input.body, {
+      upsert: true,
+      contentType: input.contentType,
+      cacheControl: input.cacheControl
+    });
+    if (error) {
+      throw new Error(`Failed to upload public asset (${key}): ${error.message}`);
+    }
+  }
+  async createCheckpoint(content, input) {
+    const createdAt = nowIso();
+    const id = createId("cp");
+    const key = `${this.prefix}/checkpoints/${keySafeTimestamp()}__${id}.json`;
+    const checkpointMeta = {
+      id,
+      createdAt,
+      createdBy: input.createdBy,
+      reason: input.reason
+    };
+    const payload = {
+      checkpoint: checkpointMeta,
+      content: {
+        ...content,
+        meta: {
+          ...content.meta,
+          updatedAt: createdAt,
+          updatedBy: input.createdBy,
+          sourceCheckpointId: id
+        }
+      }
+    };
+    await this.putJson(key, payload);
+    return checkpointMeta;
+  }
+  async deleteCheckpoint(id) {
+    const targetId = id.trim();
+    if (!targetId) {
+      return false;
+    }
+    const keys = await this.listKeys(`${this.prefix}/checkpoints`);
+    const key = keys.find((candidate) => parseIdFromKey(candidate) === targetId);
+    if (!key) {
+      return false;
+    }
+    const { error } = await this.client.storage.from(this.bucket).remove([key]);
+    if (error) {
+      throw new Error(`Failed to delete checkpoint (${targetId}): ${error.message}`);
+    }
+    return true;
+  }
+  async listCheckpoints() {
+    const keys = await this.listKeys(`${this.prefix}/checkpoints`);
+    const items = await Promise.all(
+      keys.map(async (key) => {
+        const fallback = {
+          id: parseIdFromKey(key),
+          createdAt: parseTimestampFromKey(key),
+          reason: "auto-checkpoint"
+        };
+        try {
+          const text = await this.getText(key);
+          const parsed = JSON.parse(text);
+          const envelope = parseCheckpointEnvelope(parsed);
+          if (!envelope) {
+            return fallback;
+          }
+          return {
+            id: envelope.checkpoint.id || fallback.id,
+            createdAt: envelope.checkpoint.createdAt || fallback.createdAt,
+            createdBy: envelope.checkpoint.createdBy,
+            reason: envelope.checkpoint.reason || fallback.reason
+          };
+        } catch {
+          return fallback;
+        }
+      })
+    );
+    return items.sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+  }
+  async publishDraft(input) {
+    const createdAt = nowIso();
+    const id = createId("pub");
+    const key = `${this.prefix}/published/${keySafeTimestamp()}__${id}.json`;
+    const payload = {
+      ...input.content,
+      meta: {
+        ...input.content.meta,
+        updatedAt: createdAt,
+        updatedBy: input.createdBy,
+        contentVersion: id
+      }
+    };
+    await this.putJson(key, payload);
+    return {
+      id,
+      createdAt,
+      createdBy: input.createdBy,
+      sourceContentVersion: input.content.meta.contentVersion
+    };
+  }
+  async listPublishedVersions() {
+    const keys = await this.listKeys(`${this.prefix}/published`);
+    const items = keys.map((key) => {
+      const id = parseIdFromKey(key);
+      const createdAt = parseTimestampFromKey(key);
+      return {
+        id,
+        createdAt,
+        sourceContentVersion: id
+      };
+    });
+    return items.sort((a, b) => b.createdAt.localeCompare(a.createdAt));
+  }
+  async getSnapshot(input) {
+    const folder = input.sourceType === "checkpoint" ? `${this.prefix}/checkpoints` : `${this.prefix}/published`;
+    const keys = await this.listKeys(folder);
+    const key = keys.find((candidate) => parseIdFromKey(candidate) === input.sourceId);
+    if (!key) {
+      return null;
+    }
+    const text = await this.getText(key);
+    const parsed = JSON.parse(text);
+    const envelope = parseCheckpointEnvelope(parsed);
+    const content = envelope ? envelope.content : parsed;
+    normalizeLegacyIndexedKeys(content);
+    return normalizeCmsDocument(content);
+  }
+  async appendEvent(event) {
+    const key = `${this.prefix}/events/${monthKey()}.jsonl`;
+    const existing = await this.tryGetText(key);
+    const line = `${JSON.stringify(event)}
+`;
+    const body = `${existing ?? ""}${line}`;
+    const { error } = await this.client.storage.from(this.bucket).upload(key, body, {
+      upsert: true,
+      contentType: "application/x-ndjson"
+    });
+    if (error) {
+      throw new Error(`Failed to append event log (${key}): ${error.message}`);
+    }
+  }
+  async tryGetStage(stage) {
+    try {
+      return await this.getContent(stage);
+    } catch (error) {
+      if (this.isMissingObjectError(error)) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  async saveStage(stage, content) {
+    await this.putJson(this.stageKey(stage), content);
+  }
+  stageKey(stage) {
+    return `${this.prefix}/${stage}/current.json`;
+  }
+  async putJson(key, value) {
+    const { error } = await this.client.storage.from(this.bucket).upload(key, JSON.stringify(value, null, 2), {
+      upsert: true,
+      contentType: "application/json"
+    });
+    if (error) {
+      throw new Error(`Failed to write JSON (${key}): ${error.message}`);
+    }
+  }
+  async listKeys(prefix) {
+    const normalizedPrefix = normalizeStoragePath(prefix);
+    const limit = 1e3;
+    let offset = 0;
+    const out = [];
+    while (true) {
+      const { data, error } = await this.client.storage.from(this.bucket).list(normalizedPrefix, {
+        limit,
+        offset,
+        sortBy: {
+          column: "name",
+          order: "asc"
+        }
+      });
+      if (error) {
+        throw new Error(`Failed to list keys (${normalizedPrefix}): ${error.message}`);
+      }
+      const rows = data ?? [];
+      for (const row of rows) {
+        if (!row.name) {
+          continue;
+        }
+        out.push(`${normalizedPrefix}/${row.name}`);
+      }
+      if (rows.length < limit) {
+        break;
+      }
+      offset += rows.length;
+    }
+    return out;
+  }
+  async tryGetText(key) {
+    try {
+      return await this.getText(key);
+    } catch (error) {
+      if (this.isMissingObjectError(error)) {
+        return null;
+      }
+      throw error;
+    }
+  }
+  async getText(key) {
+    const { data, error } = await this.client.storage.from(this.bucket).download(key);
+    if (error) {
+      throw new Error(`Failed to read object (${key}): ${error.message}`);
+    }
+    return data.text();
+  }
+  isMissingObjectError(error) {
+    const parsed = toStorageError(error);
+    if (parsed.statusCode === "404") {
+      return true;
+    }
+    const message = parsed.message?.toLowerCase() ?? "";
+    if (message.includes("not found") || message.includes("not exists")) {
+      return true;
+    }
+    const status = parsed.error?.toLowerCase() ?? "";
+    return status.includes("not found");
+  }
+};
+
+export {
+  SupabaseCmsStorage
+};

package/dist/{chunk-IK36OUJQ.js → chunk-PS4GESOZ.js}

@@ -1047,7 +1047,7 @@ function buildAgentTools(input) {
       }
     }),
     generate_image: tool({
-      description: "Generates an image with Gemini Image Preview, uploads it to S3, and stages a CMS image URL update. Edit-mode references must be JPEG or PNG.",
+      description: "Generates an image with Gemini Image Preview, uploads it to the configured storage backend, and stages a CMS image URL update. Edit-mode references must be JPEG or PNG.",
       inputSchema: z2.object({
         targetPath: z2.string().min(3).max(320),
         prompt: z2.string().min(3).max(2500),
@@ -1499,6 +1499,9 @@ async function runAgentTurn(service, input) {
   const hasContentChanges = stagedContentOperations.length > 0;
   const hasThemeChanges = Object.keys(stagedThemeTokens).length > 0;
   const mutationsApplied = hasContentChanges || hasThemeChanges;
+  const imageOperations = stagedContentOperations.filter(
+    (operation) => /(?:^|[.\]])image(?:$|[.\[])/i.test(operation.path)
+  ).length;
   let updatedDraft;
   if (mutationsApplied) {
     const checkpointReason = resolveCheckpointReason({
@@ -1535,7 +1538,12 @@ async function runAgentTurn(service, input) {
     thinking,
     toolEvents,
     updatedDraft,
-    mutationsApplied
+    mutationsApplied,
+    mutationSummary: mutationsApplied ? {
+      contentOperations: stagedContentOperations.length,
+      themeTokenChanges: Object.keys(stagedThemeTokens).length,
+      imageOperations
+    } : void 0
   };
 }
 

package/dist/chunk-SIXK4BMG.js

@@ -0,0 +1,138 @@
+// src/api-aws/auth.ts
+import { createRemoteJWKSet, decodeProtectedHeader, jwtVerify } from "jose";
+var jwksCache = null;
+function getJwks() {
+  const jwksUrl = process.env.SUPABASE_JWKS_URL;
+  if (!jwksUrl) {
+    throw new Error("SUPABASE_JWKS_URL is not configured");
+  }
+  if (!jwksCache) {
+    jwksCache = createRemoteJWKSet(new URL(jwksUrl));
+  }
+  return jwksCache;
+}
+function buildSupabaseUserEndpoint() {
+  const explicitBaseUrl = process.env.SUPABASE_URL?.trim();
+  if (explicitBaseUrl) {
+    return `${explicitBaseUrl.replace(/\/$/, "")}/auth/v1/user`;
+  }
+  const jwksUrl = process.env.SUPABASE_JWKS_URL?.trim();
+  if (!jwksUrl) {
+    throw new Error("SUPABASE_JWKS_URL is not configured");
+  }
+  const parsed = new URL(jwksUrl);
+  return `${parsed.origin}/auth/v1/user`;
+}
+function getSupabaseAnonKey() {
+  const key = process.env.SUPABASE_ANON_KEY?.trim() ?? process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY?.trim();
+  if (!key) {
+    throw new Error("SUPABASE_ANON_KEY is required for HS256 token verification fallback.");
+  }
+  return key;
+}
+async function verifyHs256ViaSupabase(token) {
+  const response = await fetch(buildSupabaseUserEndpoint(), {
+    method: "GET",
+    headers: {
+      authorization: `Bearer ${token}`,
+      apikey: getSupabaseAnonKey()
+    }
+  });
+  if (!response.ok) {
+    const detail = await response.text();
+    throw new Error(`Supabase token verification failed: ${response.status} ${detail}`);
+  }
+  const user = await response.json();
+  const sub = typeof user.id === "string" ? user.id : "";
+  if (!sub) {
+    throw new Error("Supabase token verification returned no user id.");
+  }
+  return {
+    sub,
+    email: typeof user.email === "string" ? user.email : void 0,
+    role: typeof user.role === "string" ? user.role : void 0
+  };
+}
+function getBearerToken(headers) {
+  const value = headers.authorization ?? headers.Authorization;
+  if (!value) {
+    return null;
+  }
+  const [prefix, token] = value.split(" ");
+  if (prefix?.toLowerCase() !== "bearer" || !token) {
+    return null;
+  }
+  return token;
+}
+async function verifyAdminToken(token) {
+  const header = decodeProtectedHeader(token);
+  const algorithm = typeof header.alg === "string" ? header.alg : "";
+  if (algorithm === "HS256") {
+    const secret = process.env.SUPABASE_JWT_SECRET?.trim();
+    if (secret) {
+      const result2 = await jwtVerify(token, new TextEncoder().encode(secret), {
+        algorithms: ["HS256"]
+      });
+      const payload2 = result2.payload;
+      const identity3 = {
+        sub: String(payload2.sub ?? ""),
+        email: typeof payload2.email === "string" ? payload2.email : void 0,
+        role: typeof payload2.role === "string" ? payload2.role : typeof payload2.user_role === "string" ? payload2.user_role : void 0
+      };
+      if (!identity3.sub) {
+        throw new Error("Invalid token: subject is missing.");
+      }
+      const enforcedAdminEmail3 = process.env.ADMIN_EMAIL;
+      if (enforcedAdminEmail3 && identity3.email?.toLowerCase() !== enforcedAdminEmail3.toLowerCase()) {
+        throw new Error("Authenticated user is not allowed for admin access.");
+      }
+      return identity3;
+    }
+    const identity2 = await verifyHs256ViaSupabase(token);
+    const enforcedAdminEmail2 = process.env.ADMIN_EMAIL;
+    if (enforcedAdminEmail2 && identity2.email?.toLowerCase() !== enforcedAdminEmail2.toLowerCase()) {
+      throw new Error("Authenticated user is not allowed for admin access.");
+    }
+    return identity2;
+  }
+  const result = await jwtVerify(token, getJwks(), {
+    algorithms: ["RS256", "ES256"]
+  });
+  const payload = result.payload;
+  const identity = {
+    sub: String(payload.sub ?? ""),
+    email: typeof payload.email === "string" ? payload.email : void 0,
+    role: typeof payload.role === "string" ? payload.role : typeof payload.user_role === "string" ? payload.user_role : void 0
+  };
+  if (!identity.sub) {
+    throw new Error("Invalid token: subject is missing.");
+  }
+  const enforcedAdminEmail = process.env.ADMIN_EMAIL;
+  if (enforcedAdminEmail && identity.email?.toLowerCase() !== enforcedAdminEmail.toLowerCase()) {
+    throw new Error("Authenticated user is not allowed for admin access.");
+  }
+  return identity;
+}
+
+// src/api-aws/normalize-editable-path.ts
+var EDITABLE_ROOTS = ["pages.", "layout.", "seo.", "themeTokens."];
+var MAX_PATH_LENGTH = 320;
+function normalizeEditablePath(value) {
+  if (typeof value !== "string") {
+    return null;
+  }
+  const trimmed = value.trim();
+  if (!trimmed || trimmed.length > MAX_PATH_LENGTH) {
+    return null;
+  }
+  if (!EDITABLE_ROOTS.some((prefix) => trimmed.startsWith(prefix))) {
+    return null;
+  }
+  return trimmed;
+}
+
+export {
+  getBearerToken,
+  verifyAdminToken,
+  normalizeEditablePath
+};

package/dist/index.d.ts

@@ -2,8 +2,11 @@ export { A as AgentBatchMutationInput, a as AnyCmsDocument, C as CmsMutationInpu
 export { applyPatch, applyThemeTokenPatch, readByPath, validatePatch } from './core/index.js';
 export { C as CmsService, c as createPatchFromAgentOperations, a as createThemePatchFromAgentOperations } from './service-BYwdlvCI.js';
 export { S3CmsStorage } from './storage-s3/index.js';
+export { SupabaseCmsStorage } from './storage-supabase/index.js';
 export { AgentRunnerInput, AgentRunnerResult, StaticToolName, listStaticToolNames, runAgentTurn } from './agent/index.js';
 export { handler, streamHandler } from './api-aws/index.js';
+export { default as supabaseHandler } from './api-supabase/index.js';
 import '@webmaster-droid/contracts';
 import '@aws-sdk/client-s3';
+import '@supabase/supabase-js';
 import 'aws-lambda';

package/dist/index.js

@@ -1,11 +1,15 @@
 import {
   handler,
   streamHandler
-} from "./chunk-6RB7H6PA.js";
+} from "./chunk-6M55DMUE.js";
+import {
+  handler as handler2
+} from "./chunk-JIGCFERP.js";
+import "./chunk-SIXK4BMG.js";
 import {
   listStaticToolNames,
   runAgentTurn
-} from "./chunk-IK36OUJQ.js";
+} from "./chunk-PS4GESOZ.js";
 import {
   CmsService,
   applyPatch,
@@ -18,9 +22,13 @@ import {
 import {
   S3CmsStorage
 } from "./chunk-MLID7STX.js";
+import {
+  SupabaseCmsStorage
+} from "./chunk-OWXROQ4O.js";
 export {
   CmsService,
   S3CmsStorage,
+  SupabaseCmsStorage,
   applyPatch,
   applyThemeTokenPatch,
   createPatchFromAgentOperations,
@@ -30,5 +38,6 @@ export {
   readByPath,
   runAgentTurn,
   streamHandler,
+  handler2 as supabaseHandler,
   validatePatch
 };

package/dist/storage-supabase/index.d.ts

@@ -0,0 +1,50 @@
+import { SupabaseClient } from '@supabase/supabase-js';
+import { CmsDocument, CmsStage, CheckpointMeta, PublishedVersionMeta, RollbackRequest, AuditEvent } from '@webmaster-droid/contracts';
+import { S as StorageAdapter } from '../types-OKJgq7Oo.js';
+
+interface SupabaseCmsStorageOptions {
+    supabaseUrl: string;
+    serviceRoleKey: string;
+    bucket: string;
+    prefix?: string;
+    client?: SupabaseClient;
+}
+declare class SupabaseCmsStorage implements StorageAdapter {
+    private readonly bucket;
+    private readonly client;
+    private readonly prefix;
+    constructor(options: SupabaseCmsStorageOptions);
+    ensureInitialized(seed: CmsDocument): Promise<void>;
+    getContent(stage: CmsStage): Promise<CmsDocument>;
+    saveDraft(content: CmsDocument): Promise<void>;
+    saveLive(content: CmsDocument): Promise<void>;
+    putPublicAsset(input: {
+        key: string;
+        body: Uint8Array;
+        contentType: string;
+        cacheControl?: string;
+    }): Promise<void>;
+    createCheckpoint(content: CmsDocument, input: {
+        createdBy?: string;
+        reason: string;
+    }): Promise<CheckpointMeta>;
+    deleteCheckpoint(id: string): Promise<boolean>;
+    listCheckpoints(): Promise<CheckpointMeta[]>;
+    publishDraft(input: {
+        content: CmsDocument;
+        createdBy?: string;
+    }): Promise<PublishedVersionMeta>;
+    listPublishedVersions(): Promise<PublishedVersionMeta[]>;
+    getSnapshot(input: RollbackRequest): Promise<CmsDocument | null>;
+    appendEvent(event: AuditEvent): Promise<void>;
+    private tryGetStage;
+    private saveStage;
+    private stageKey;
+    private putJson;
+    private listKeys;
+    private tryGetText;
+    private getText;
+    private isMissingObjectError;
+}
+
+export { SupabaseCmsStorage };

package/dist/storage-supabase/index.js

@@ -0,0 +1,6 @@
+import {
+  SupabaseCmsStorage
+} from "../chunk-OWXROQ4O.js";
+export {
+  SupabaseCmsStorage
+};