firebase-hosting-mcp-server 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +191 -0
- package/dist/constants.d.ts +75 -0
- package/dist/constants.d.ts.map +1 -0
- package/dist/constants.js +179 -0
- package/dist/constants.js.map +1 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.d.ts.map +1 -0
- package/dist/index.js +269 -0
- package/dist/index.js.map +1 -0
- package/dist/schemas/index.d.ts +246 -0
- package/dist/schemas/index.d.ts.map +1 -0
- package/dist/schemas/index.js +238 -0
- package/dist/schemas/index.js.map +1 -0
- package/dist/services/firebase-cli.d.ts +20 -0
- package/dist/services/firebase-cli.d.ts.map +1 -0
- package/dist/services/firebase-cli.js +164 -0
- package/dist/services/firebase-cli.js.map +1 -0
- package/dist/services/license.d.ts +6 -0
- package/dist/services/license.d.ts.map +1 -0
- package/dist/services/license.js +111 -0
- package/dist/services/license.js.map +1 -0
- package/dist/tools/configure.d.ts +3 -0
- package/dist/tools/configure.d.ts.map +1 -0
- package/dist/tools/configure.js +102 -0
- package/dist/tools/configure.js.map +1 -0
- package/dist/tools/delete-channel.d.ts +3 -0
- package/dist/tools/delete-channel.d.ts.map +1 -0
- package/dist/tools/delete-channel.js +33 -0
- package/dist/tools/delete-channel.js.map +1 -0
- package/dist/tools/deploy.d.ts +3 -0
- package/dist/tools/deploy.d.ts.map +1 -0
- package/dist/tools/deploy.js +123 -0
- package/dist/tools/deploy.js.map +1 -0
- package/dist/tools/harden.d.ts +3 -0
- package/dist/tools/harden.d.ts.map +1 -0
- package/dist/tools/harden.js +181 -0
- package/dist/tools/harden.js.map +1 -0
- package/dist/tools/init.d.ts +3 -0
- package/dist/tools/init.d.ts.map +1 -0
- package/dist/tools/init.js +60 -0
- package/dist/tools/init.js.map +1 -0
- package/dist/tools/preview.d.ts +3 -0
- package/dist/tools/preview.d.ts.map +1 -0
- package/dist/tools/preview.js +85 -0
- package/dist/tools/preview.js.map +1 -0
- package/dist/tools/rollback.d.ts +3 -0
- package/dist/tools/rollback.d.ts.map +1 -0
- package/dist/tools/rollback.js +87 -0
- package/dist/tools/rollback.js.map +1 -0
- package/dist/tools/status.d.ts +3 -0
- package/dist/tools/status.d.ts.map +1 -0
- package/dist/tools/status.js +80 -0
- package/dist/tools/status.js.map +1 -0
- package/dist/types.d.ts +81 -0
- package/dist/types.d.ts.map +1 -0
- package/dist/types.js +3 -0
- package/dist/types.js.map +1 -0
- package/package.json +43 -0
package/README.md
ADDED
|
@@ -0,0 +1,191 @@
|
|
|
1
|
+
# 🔥 Firebase Hosting MCP Server
|
|
2
|
+
|
|
3
|
+
Deploy and manage Firebase Hosting projects from any MCP-compatible AI client — **Claude Code, Codex, Gemini CLI, Cursor, Windsurf**, and more.
|
|
4
|
+
|
|
5
|
+
Stop repeating the same deploy steps. Let your AI assistant handle Firebase Hosting for you.
|
|
6
|
+
|
|
7
|
+
## Features
|
|
8
|
+
|
|
9
|
+
| Tool | Description |
|
|
10
|
+
|------|-------------|
|
|
11
|
+
| `firebase_hosting_init` | Scaffold hosting config with auto-framework detection |
|
|
12
|
+
| `firebase_hosting_deploy` | Build & deploy to production in one command |
|
|
13
|
+
| `firebase_hosting_preview` | Deploy preview channels for PR reviews & demos |
|
|
14
|
+
| `firebase_hosting_harden` | Apply production-grade security headers in one shot |
|
|
15
|
+
| `firebase_hosting_status` | View releases, channels, and config at a glance |
|
|
16
|
+
| `firebase_hosting_rollback` | Roll back to a previous release instantly |
|
|
17
|
+
| `firebase_hosting_configure` | Modify firebase.json (rewrites, headers, redirects...) |
|
|
18
|
+
| `firebase_hosting_delete_channel` | Clean up preview channels |
|
|
19
|
+
|
|
20
|
+
**Auto-detects** React, Vue, Vite, Next.js, Nuxt, Angular, Svelte, and Astro — sets the correct public dir, SPA rewrites, and cache headers automatically.
|
|
21
|
+
|
|
22
|
+
## Prerequisites
|
|
23
|
+
|
|
24
|
+
1. **Node.js** ≥ 18
|
|
25
|
+
2. **Firebase CLI** installed and authenticated:
|
|
26
|
+
```bash
|
|
27
|
+
npm install -g firebase-tools
|
|
28
|
+
firebase login
|
|
29
|
+
```
|
|
30
|
+
3. **DjioniDev API key** — get yours at [djioni.dev](https://djioni.dev/products/firebase-hosting-mcp)
|
|
31
|
+
|
|
32
|
+
## Installation
|
|
33
|
+
|
|
34
|
+
```bash
|
|
35
|
+
npm install -g firebase-hosting-mcp-server
|
|
36
|
+
```
|
|
37
|
+
|
|
38
|
+
Or run directly with npx:
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
npx firebase-hosting-mcp-server
|
|
42
|
+
```
|
|
43
|
+
|
|
44
|
+
## Configuration
|
|
45
|
+
|
|
46
|
+
### Claude Code
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
claude mcp add firebase-hosting -- npx firebase-hosting-mcp-server
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
Then set your API key:
|
|
53
|
+
|
|
54
|
+
```bash
|
|
55
|
+
export DJIONI_API_KEY="your-api-key"
|
|
56
|
+
```
|
|
57
|
+
|
|
58
|
+
### Claude Desktop
|
|
59
|
+
|
|
60
|
+
Add to `~/Library/Application Support/Claude/claude_desktop_config.json` (macOS) or `%APPDATA%\Claude\claude_desktop_config.json` (Windows):
|
|
61
|
+
|
|
62
|
+
```json
|
|
63
|
+
{
|
|
64
|
+
"mcpServers": {
|
|
65
|
+
"firebase-hosting": {
|
|
66
|
+
"command": "npx",
|
|
67
|
+
"args": ["firebase-hosting-mcp-server"],
|
|
68
|
+
"env": {
|
|
69
|
+
"DJIONI_API_KEY": "your-api-key"
|
|
70
|
+
}
|
|
71
|
+
}
|
|
72
|
+
}
|
|
73
|
+
}
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### Cursor / Windsurf
|
|
77
|
+
|
|
78
|
+
Add to your MCP settings (`.cursor/mcp.json` or equivalent):
|
|
79
|
+
|
|
80
|
+
```json
|
|
81
|
+
{
|
|
82
|
+
"mcpServers": {
|
|
83
|
+
"firebase-hosting": {
|
|
84
|
+
"command": "npx",
|
|
85
|
+
"args": ["firebase-hosting-mcp-server"],
|
|
86
|
+
"env": {
|
|
87
|
+
"DJIONI_API_KEY": "your-api-key"
|
|
88
|
+
}
|
|
89
|
+
}
|
|
90
|
+
}
|
|
91
|
+
}
|
|
92
|
+
```
|
|
93
|
+
|
|
94
|
+
### Codex / Gemini CLI / Other MCP Clients
|
|
95
|
+
|
|
96
|
+
Any client supporting the MCP stdio transport can use this server:
|
|
97
|
+
|
|
98
|
+
```bash
|
|
99
|
+
DJIONI_API_KEY="your-api-key" npx firebase-hosting-mcp-server
|
|
100
|
+
```
|
|
101
|
+
|
|
102
|
+
## Usage Examples
|
|
103
|
+
|
|
104
|
+
### Initialize a project
|
|
105
|
+
|
|
106
|
+
> "Initialize Firebase Hosting for my React app in /Users/me/my-app with project ID my-app-prod"
|
|
107
|
+
|
|
108
|
+
The MCP will auto-detect React, set `build/` as the public dir, enable SPA rewrites, and configure optimized cache headers.
|
|
109
|
+
|
|
110
|
+
### Deploy to production
|
|
111
|
+
|
|
112
|
+
> "Deploy my app to Firebase Hosting"
|
|
113
|
+
|
|
114
|
+
Builds the project, deploys, and returns the live URL.
|
|
115
|
+
|
|
116
|
+
### Create a preview for a PR
|
|
117
|
+
|
|
118
|
+
> "Deploy a preview channel called pr-42 for my app"
|
|
119
|
+
|
|
120
|
+
Creates a shareable URL like `https://my-app--pr-42.web.app` that expires in 7 days.
|
|
121
|
+
|
|
122
|
+
### Check status
|
|
123
|
+
|
|
124
|
+
> "What's the current status of my Firebase Hosting?"
|
|
125
|
+
|
|
126
|
+
Shows releases, preview channels, config summary, and auth info.
|
|
127
|
+
|
|
128
|
+
### Rollback
|
|
129
|
+
|
|
130
|
+
> "Roll back my Firebase Hosting to the previous release"
|
|
131
|
+
|
|
132
|
+
Instantly reverts to the last working version.
|
|
133
|
+
|
|
134
|
+
### Add a redirect
|
|
135
|
+
|
|
136
|
+
> "Add a redirect from /old-page to /new-page in my Firebase config"
|
|
137
|
+
|
|
138
|
+
Modifies firebase.json without touching anything else.
|
|
139
|
+
|
|
140
|
+
### Harden security headers
|
|
141
|
+
|
|
142
|
+
> "Harden the security headers on my Firebase Hosting"
|
|
143
|
+
|
|
144
|
+
Applies 9 production-grade security headers (CSP, HSTS, X-Frame-Options, Permissions-Policy, etc.) to `firebase.json`. Works with the `standard` preset for 95% of apps.
|
|
145
|
+
|
|
146
|
+
If your app uses external APIs or scripts, just tell it:
|
|
147
|
+
|
|
148
|
+
> "Harden security with csp_connect_src pointing to https://api.myapp.com"
|
|
149
|
+
|
|
150
|
+
Use `dry_run` to preview before applying:
|
|
151
|
+
|
|
152
|
+
> "Harden security with dry_run so I can see what changes"
|
|
153
|
+
|
|
154
|
+
Re-deploy after hardening to push headers live.
|
|
155
|
+
|
|
156
|
+
## Environment Variables
|
|
157
|
+
|
|
158
|
+
| Variable | Required | Description |
|
|
159
|
+
|----------|----------|-------------|
|
|
160
|
+
| `DJIONI_API_KEY` | ✅ | Your DjioniDev API key |
|
|
161
|
+
| `DJIONI_LICENSE_API_URL` | ❌ | Custom license API URL (default: Cloud Run backend) |
|
|
162
|
+
| `FIREBASE_HOSTING_MCP_KEY` | ❌ | Alternative env var for the API key |
|
|
163
|
+
|
|
164
|
+
## How It Works
|
|
165
|
+
|
|
166
|
+
This MCP server wraps the Firebase CLI (`firebase-tools`) and exposes it through the Model Context Protocol. Under the hood:
|
|
167
|
+
|
|
168
|
+
1. **License verification** — before each tool call, verifies your API key via `POST /v1/license/verify` (checks key validity, scope, and deploy quota)
|
|
169
|
+
2. **Framework detection** — reads `package.json` to identify your stack
|
|
170
|
+
3. **Smart config** — generates optimized `firebase.json` with proper cache headers, SPA rewrites, and clean URLs
|
|
171
|
+
4. **CLI wrapper** — executes `firebase deploy`, `hosting:channel:deploy`, etc. with `--json` for reliable parsing
|
|
172
|
+
5. **Usage tracking** — after successful deploys, records usage via `POST /v1/license/usage` (fire-and-forget, won't block your deploy)
|
|
173
|
+
|
|
174
|
+
### Billable vs Free actions
|
|
175
|
+
|
|
176
|
+
| Billable (counts against quota) | Free |
|
|
177
|
+
|---|---|
|
|
178
|
+
| `firebase_hosting_deploy` | `firebase_hosting_init` |
|
|
179
|
+
| `firebase_hosting_preview` | `firebase_hosting_status` |
|
|
180
|
+
| | `firebase_hosting_configure` |
|
|
181
|
+
| | `firebase_hosting_harden` |
|
|
182
|
+
| | `firebase_hosting_rollback` |
|
|
183
|
+
| | `firebase_hosting_delete_channel` |
|
|
184
|
+
|
|
185
|
+
### Key scoping
|
|
186
|
+
|
|
187
|
+
Your API key must have `firebase-hosting-mcp` in its scopes (or empty scopes = access to all DjioniDev products). This is configured when the key is created in the DjioniDev License API.
|
|
188
|
+
|
|
189
|
+
## License
|
|
190
|
+
|
|
191
|
+
MIT — Built by [DjioniDev](https://djioni.dev)
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
export declare const SERVER_NAME = "firebase-hosting-mcp-server";
|
|
2
|
+
export declare const SERVER_VERSION = "1.0.0";
|
|
3
|
+
export declare const LICENSE_API_URL: string;
|
|
4
|
+
export declare const PRODUCT_TOOL_NAME = "firebase-hosting-mcp";
|
|
5
|
+
export declare const FIREBASE_CLI_COMMAND = "firebase";
|
|
6
|
+
export declare const CHARACTER_LIMIT = 10000;
|
|
7
|
+
export declare const MAX_RELEASES_LIMIT = 25;
|
|
8
|
+
export declare const DEFAULT_SPA_CONFIG: {
|
|
9
|
+
hosting: {
|
|
10
|
+
public: string;
|
|
11
|
+
ignore: string[];
|
|
12
|
+
rewrites: {
|
|
13
|
+
source: string;
|
|
14
|
+
destination: string;
|
|
15
|
+
}[];
|
|
16
|
+
headers: {
|
|
17
|
+
source: string;
|
|
18
|
+
headers: {
|
|
19
|
+
key: string;
|
|
20
|
+
value: string;
|
|
21
|
+
}[];
|
|
22
|
+
}[];
|
|
23
|
+
};
|
|
24
|
+
};
|
|
25
|
+
export declare const DEFAULT_STATIC_CONFIG: {
|
|
26
|
+
hosting: {
|
|
27
|
+
public: string;
|
|
28
|
+
ignore: string[];
|
|
29
|
+
cleanUrls: boolean;
|
|
30
|
+
trailingSlash: boolean;
|
|
31
|
+
headers: {
|
|
32
|
+
source: string;
|
|
33
|
+
headers: {
|
|
34
|
+
key: string;
|
|
35
|
+
value: string;
|
|
36
|
+
}[];
|
|
37
|
+
}[];
|
|
38
|
+
};
|
|
39
|
+
};
|
|
40
|
+
/**
|
|
41
|
+
* Base CSP that works with most Firebase + GCP apps.
|
|
42
|
+
* Users can extend connect-src and script-src via tool params.
|
|
43
|
+
*/
|
|
44
|
+
export declare const DEFAULT_CSP_DIRECTIVES: Record<string, string[]>;
|
|
45
|
+
/**
|
|
46
|
+
* Security headers applied to all routes (**).
|
|
47
|
+
* Follows OWASP Secure Headers Project recommendations.
|
|
48
|
+
*/
|
|
49
|
+
export declare const SECURITY_HEADERS_GLOBAL: Array<{
|
|
50
|
+
key: string;
|
|
51
|
+
value: string;
|
|
52
|
+
}>;
|
|
53
|
+
/**
|
|
54
|
+
* Cache headers for immutable static assets.
|
|
55
|
+
* Hashed filenames (Vite, Webpack, etc.) are safe to cache forever.
|
|
56
|
+
*/
|
|
57
|
+
export declare const CACHE_IMMUTABLE_PATTERN = "**/*.@(js|css|svg|png|jpg|jpeg|gif|webp|avif|woff|woff2|ttf|eot)";
|
|
58
|
+
export declare const CACHE_IMMUTABLE_HEADERS: Array<{
|
|
59
|
+
key: string;
|
|
60
|
+
value: string;
|
|
61
|
+
}>;
|
|
62
|
+
/**
|
|
63
|
+
* HTML files should never be cached aggressively (SPA index.html, etc.)
|
|
64
|
+
*/
|
|
65
|
+
export declare const CACHE_HTML_PATTERN = "**/*.html";
|
|
66
|
+
export declare const CACHE_HTML_HEADERS: Array<{
|
|
67
|
+
key: string;
|
|
68
|
+
value: string;
|
|
69
|
+
}>;
|
|
70
|
+
export declare const FRAMEWORK_PATTERNS: Record<string, {
|
|
71
|
+
publicDir: string;
|
|
72
|
+
buildCommand: string;
|
|
73
|
+
isSPA: boolean;
|
|
74
|
+
}>;
|
|
75
|
+
//# sourceMappingURL=constants.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAEA,eAAO,MAAM,WAAW,gCAAgC,CAAC;AACzD,eAAO,MAAM,cAAc,UAAU,CAAC;AAGtC,eAAO,MAAM,eAAe,QAEuC,CAAC;AAGpE,eAAO,MAAM,iBAAiB,yBAAyB,CAAC;AAGxD,eAAO,MAAM,oBAAoB,aAAa,CAAC;AAG/C,eAAO,MAAM,eAAe,QAAS,CAAC;AACtC,eAAO,MAAM,kBAAkB,KAAK,CAAC;AAGrC,eAAO,MAAM,kBAAkB;;;;;;;;;;;;;;;;CAwC9B,CAAC;AAEF,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;CAkBjC,CAAC;AAIF;;;GAGG;AACH,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,EAAE,CAe3D,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAoBzE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,uBAAuB,qEACgC,CAAC;AAErE,eAAO,MAAM,uBAAuB,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAEzE,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,kBAAkB,cAAc,CAAC;AAE9C,eAAO,MAAM,kBAAkB,EAAE,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAA;CAAE,CAEpE,CAAC;AAGF,eAAO,MAAM,kBAAkB,EAAE,MAAM,CACrC,MAAM,EACN;IAAE,SAAS,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,OAAO,CAAA;CAAE,CA0C5D,CAAC"}
|
|
@@ -0,0 +1,179 @@
|
|
|
1
|
+
// Firebase Hosting MCP Server Constants
|
|
2
|
+
export const SERVER_NAME = "firebase-hosting-mcp-server";
|
|
3
|
+
export const SERVER_VERSION = "1.0.0";
|
|
4
|
+
// API key validation
|
|
5
|
+
export const LICENSE_API_URL = process.env.DJIONI_LICENSE_API_URL ||
|
|
6
|
+
"https://djioni-license-api-520910306453.europe-west1.run.app/v1";
|
|
7
|
+
// Product identifier (must match scope in license backend)
|
|
8
|
+
export const PRODUCT_TOOL_NAME = "firebase-hosting-mcp";
|
|
9
|
+
// Firebase CLI
|
|
10
|
+
export const FIREBASE_CLI_COMMAND = "firebase";
|
|
11
|
+
// Limits
|
|
12
|
+
export const CHARACTER_LIMIT = 10_000;
|
|
13
|
+
export const MAX_RELEASES_LIMIT = 25;
|
|
14
|
+
// Default Firebase Hosting config templates
|
|
15
|
+
export const DEFAULT_SPA_CONFIG = {
|
|
16
|
+
hosting: {
|
|
17
|
+
public: "dist",
|
|
18
|
+
ignore: ["firebase.json", "**/.*", "**/node_modules/**"],
|
|
19
|
+
rewrites: [
|
|
20
|
+
{
|
|
21
|
+
source: "**",
|
|
22
|
+
destination: "/index.html",
|
|
23
|
+
},
|
|
24
|
+
],
|
|
25
|
+
headers: [
|
|
26
|
+
{
|
|
27
|
+
source: "**/*.@(js|css)",
|
|
28
|
+
headers: [
|
|
29
|
+
{
|
|
30
|
+
key: "Cache-Control",
|
|
31
|
+
value: "public, max-age=31536000, immutable",
|
|
32
|
+
},
|
|
33
|
+
],
|
|
34
|
+
},
|
|
35
|
+
{
|
|
36
|
+
source: "**/*.@(jpg|jpeg|gif|png|svg|webp|avif|ico)",
|
|
37
|
+
headers: [
|
|
38
|
+
{
|
|
39
|
+
key: "Cache-Control",
|
|
40
|
+
value: "public, max-age=31536000, immutable",
|
|
41
|
+
},
|
|
42
|
+
],
|
|
43
|
+
},
|
|
44
|
+
{
|
|
45
|
+
source: "/index.html",
|
|
46
|
+
headers: [
|
|
47
|
+
{
|
|
48
|
+
key: "Cache-Control",
|
|
49
|
+
value: "no-cache, no-store, must-revalidate",
|
|
50
|
+
},
|
|
51
|
+
],
|
|
52
|
+
},
|
|
53
|
+
],
|
|
54
|
+
},
|
|
55
|
+
};
|
|
56
|
+
export const DEFAULT_STATIC_CONFIG = {
|
|
57
|
+
hosting: {
|
|
58
|
+
public: "public",
|
|
59
|
+
ignore: ["firebase.json", "**/.*", "**/node_modules/**"],
|
|
60
|
+
cleanUrls: true,
|
|
61
|
+
trailingSlash: false,
|
|
62
|
+
headers: [
|
|
63
|
+
{
|
|
64
|
+
source: "**/*.@(js|css)",
|
|
65
|
+
headers: [
|
|
66
|
+
{
|
|
67
|
+
key: "Cache-Control",
|
|
68
|
+
value: "public, max-age=31536000, immutable",
|
|
69
|
+
},
|
|
70
|
+
],
|
|
71
|
+
},
|
|
72
|
+
],
|
|
73
|
+
},
|
|
74
|
+
};
|
|
75
|
+
// ─── Security Header Presets ─────────────────────────────────────────
|
|
76
|
+
/**
|
|
77
|
+
* Base CSP that works with most Firebase + GCP apps.
|
|
78
|
+
* Users can extend connect-src and script-src via tool params.
|
|
79
|
+
*/
|
|
80
|
+
export const DEFAULT_CSP_DIRECTIVES = {
|
|
81
|
+
"default-src": ["'self'"],
|
|
82
|
+
"script-src": ["'self'"],
|
|
83
|
+
"style-src": ["'self'", "'unsafe-inline'"],
|
|
84
|
+
"img-src": ["'self'", "data:", "https:"],
|
|
85
|
+
"font-src": ["'self'", "https://fonts.gstatic.com"],
|
|
86
|
+
"connect-src": [
|
|
87
|
+
"'self'",
|
|
88
|
+
"https://*.googleapis.com",
|
|
89
|
+
"https://*.firebaseio.com",
|
|
90
|
+
"https://*.cloudfunctions.net",
|
|
91
|
+
],
|
|
92
|
+
"frame-ancestors": ["'none'"],
|
|
93
|
+
"base-uri": ["'self'"],
|
|
94
|
+
"form-action": ["'self'"],
|
|
95
|
+
};
|
|
96
|
+
/**
|
|
97
|
+
* Security headers applied to all routes (**).
|
|
98
|
+
* Follows OWASP Secure Headers Project recommendations.
|
|
99
|
+
*/
|
|
100
|
+
export const SECURITY_HEADERS_GLOBAL = [
|
|
101
|
+
{ key: "X-Content-Type-Options", value: "nosniff" },
|
|
102
|
+
{ key: "X-Frame-Options", value: "DENY" },
|
|
103
|
+
{ key: "Referrer-Policy", value: "strict-origin-when-cross-origin" },
|
|
104
|
+
{
|
|
105
|
+
key: "Permissions-Policy",
|
|
106
|
+
value: "camera=(), microphone=(), geolocation=(), payment=()",
|
|
107
|
+
},
|
|
108
|
+
{
|
|
109
|
+
key: "Strict-Transport-Security",
|
|
110
|
+
value: "max-age=63072000; includeSubDomains; preload",
|
|
111
|
+
},
|
|
112
|
+
{
|
|
113
|
+
key: "Cross-Origin-Opener-Policy",
|
|
114
|
+
value: "same-origin",
|
|
115
|
+
},
|
|
116
|
+
{
|
|
117
|
+
key: "Cross-Origin-Resource-Policy",
|
|
118
|
+
value: "same-origin",
|
|
119
|
+
},
|
|
120
|
+
];
|
|
121
|
+
/**
|
|
122
|
+
* Cache headers for immutable static assets.
|
|
123
|
+
* Hashed filenames (Vite, Webpack, etc.) are safe to cache forever.
|
|
124
|
+
*/
|
|
125
|
+
export const CACHE_IMMUTABLE_PATTERN = "**/*.@(js|css|svg|png|jpg|jpeg|gif|webp|avif|woff|woff2|ttf|eot)";
|
|
126
|
+
export const CACHE_IMMUTABLE_HEADERS = [
|
|
127
|
+
{ key: "Cache-Control", value: "public, max-age=31536000, immutable" },
|
|
128
|
+
];
|
|
129
|
+
/**
|
|
130
|
+
* HTML files should never be cached aggressively (SPA index.html, etc.)
|
|
131
|
+
*/
|
|
132
|
+
export const CACHE_HTML_PATTERN = "**/*.html";
|
|
133
|
+
export const CACHE_HTML_HEADERS = [
|
|
134
|
+
{ key: "Cache-Control", value: "no-cache, no-store, must-revalidate" },
|
|
135
|
+
];
|
|
136
|
+
// Framework detection patterns
|
|
137
|
+
export const FRAMEWORK_PATTERNS = {
|
|
138
|
+
next: {
|
|
139
|
+
publicDir: "out",
|
|
140
|
+
buildCommand: "npm run build",
|
|
141
|
+
isSPA: false,
|
|
142
|
+
},
|
|
143
|
+
react: {
|
|
144
|
+
publicDir: "build",
|
|
145
|
+
buildCommand: "npm run build",
|
|
146
|
+
isSPA: true,
|
|
147
|
+
},
|
|
148
|
+
vite: {
|
|
149
|
+
publicDir: "dist",
|
|
150
|
+
buildCommand: "npm run build",
|
|
151
|
+
isSPA: true,
|
|
152
|
+
},
|
|
153
|
+
vue: {
|
|
154
|
+
publicDir: "dist",
|
|
155
|
+
buildCommand: "npm run build",
|
|
156
|
+
isSPA: true,
|
|
157
|
+
},
|
|
158
|
+
angular: {
|
|
159
|
+
publicDir: "dist",
|
|
160
|
+
buildCommand: "npm run build",
|
|
161
|
+
isSPA: true,
|
|
162
|
+
},
|
|
163
|
+
svelte: {
|
|
164
|
+
publicDir: "build",
|
|
165
|
+
buildCommand: "npm run build",
|
|
166
|
+
isSPA: true,
|
|
167
|
+
},
|
|
168
|
+
nuxt: {
|
|
169
|
+
publicDir: ".output/public",
|
|
170
|
+
buildCommand: "npm run generate",
|
|
171
|
+
isSPA: false,
|
|
172
|
+
},
|
|
173
|
+
astro: {
|
|
174
|
+
publicDir: "dist",
|
|
175
|
+
buildCommand: "npm run build",
|
|
176
|
+
isSPA: false,
|
|
177
|
+
},
|
|
178
|
+
};
|
|
179
|
+
//# sourceMappingURL=constants.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constants.js","sourceRoot":"","sources":["../src/constants.ts"],"names":[],"mappings":"AAAA,wCAAwC;AAExC,MAAM,CAAC,MAAM,WAAW,GAAG,6BAA6B,CAAC;AACzD,MAAM,CAAC,MAAM,cAAc,GAAG,OAAO,CAAC;AAEtC,qBAAqB;AACrB,MAAM,CAAC,MAAM,eAAe,GAC1B,OAAO,CAAC,GAAG,CAAC,sBAAsB;IAClC,iEAAiE,CAAC;AAEpE,2DAA2D;AAC3D,MAAM,CAAC,MAAM,iBAAiB,GAAG,sBAAsB,CAAC;AAExD,eAAe;AACf,MAAM,CAAC,MAAM,oBAAoB,GAAG,UAAU,CAAC;AAE/C,SAAS;AACT,MAAM,CAAC,MAAM,eAAe,GAAG,MAAM,CAAC;AACtC,MAAM,CAAC,MAAM,kBAAkB,GAAG,EAAE,CAAC;AAErC,4CAA4C;AAC5C,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,OAAO,EAAE;QACP,MAAM,EAAE,MAAM;QACd,MAAM,EAAE,CAAC,eAAe,EAAE,OAAO,EAAE,oBAAoB,CAAC;QACxD,QAAQ,EAAE;YACR;gBACE,MAAM,EAAE,IAAI;gBACZ,WAAW,EAAE,aAAa;aAC3B;SACF;QACD,OAAO,EAAE;YACP;gBACE,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE;oBACP;wBACE,GAAG,EAAE,eAAe;wBACpB,KAAK,EAAE,qCAAqC;qBAC7C;iBACF;aACF;YACD;gBACE,MAAM,EAAE,4CAA4C;gBACpD,OAAO,EAAE;oBACP;wBACE,GAAG,EAAE,eAAe;wBACpB,KAAK,EAAE,qCAAqC;qBAC7C;iBACF;aACF;YACD;gBACE,MAAM,EAAE,aAAa;gBACrB,OAAO,EAAE;oBACP;wBACE,GAAG,EAAE,eAAe;wBACpB,KAAK,EAAE,qCAAqC;qBAC7C;iBACF;aACF;SACF;KACF;CACF,CAAC;AAEF,MAAM,CAAC,MAAM,qBAAqB,GAAG;IACnC,OAAO,EAAE;QACP,MAAM,EAAE,QAAQ;QAChB,MAAM,EAAE,CAAC,eAAe,EAAE,OAAO,EAAE,oBAAoB,CAAC;QACxD,SAAS,EAAE,IAAI;QACf,aAAa,EAAE,KAAK;QACpB,OAAO,EAAE;YACP;gBACE,MAAM,EAAE,gBAAgB;gBACxB,OAAO,EAAE;oBACP;wBACE,GAAG,EAAE,eAAe;wBACpB,KAAK,EAAE,qCAAqC;qBAC7C;iBACF;aACF;SACF;KACF;CACF,CAAC;AAEF,wEAAwE;AAExE;;;GAGG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA6B;IAC9D,aAAa,EAAE,CAAC,QAAQ,CAAC;IACzB,YAAY,EAAE,CAAC,QAAQ,CAAC;IACxB,WAAW,EAAE,CAAC,QAAQ,EAAE,iBAAiB,CAAC;IAC1C,SAAS,EAAE,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,CAAC;IACxC,UAAU,EAAE,CAAC,QAAQ,EAAE,2BAA2B,CAAC;IACnD,aAAa,EAAE;QACb,QAAQ;QACR,0BAA0B;QAC1B,0BAA0B;QAC1B,8BAA8B;KAC/B;IACD,iBAAiB,EAAE,CAAC,QAAQ,CAAC;IAC7B,UAAU,EAAE,CAAC,QAAQ,CAAC;IACtB,aAAa,EAAE,CAAC,QAAQ,CAAC;CAC1B,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAA0C;IAC5E,EAAE,GAAG,EAAE,wBAAwB,EAAE,KAAK,EAAE,SAAS,EAAE;IACnD,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,MAAM,EAAE;IACzC,EAAE,GAAG,EAAE,iBAAiB,EAAE,KAAK,EAAE,iCAAiC,EAAE;IACpE;QACE,GAAG,EAAE,oBAAoB;QACzB,KAAK,EAAE,sDAAsD;KAC9D;IACD;QACE,GAAG,EAAE,2BAA2B;QAChC,KAAK,EAAE,8CAA8C;KACtD;IACD;QACE,GAAG,EAAE,4BAA4B;QACjC,KAAK,EAAE,aAAa;KACrB;IACD;QACE,GAAG,EAAE,8BAA8B;QACnC,KAAK,EAAE,aAAa;KACrB;CACF,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,MAAM,uBAAuB,GAClC,kEAAkE,CAAC;AAErE,MAAM,CAAC,MAAM,uBAAuB,GAA0C;IAC5E,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,qCAAqC,EAAE;CACvE,CAAC;AAEF;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG,WAAW,CAAC;AAE9C,MAAM,CAAC,MAAM,kBAAkB,GAA0C;IACvE,EAAE,GAAG,EAAE,eAAe,EAAE,KAAK,EAAE,qCAAqC,EAAE;CACvE,CAAC;AAEF,+BAA+B;AAC/B,MAAM,CAAC,MAAM,kBAAkB,GAG3B;IACF,IAAI,EAAE;QACJ,SAAS,EAAE,KAAK;QAChB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,KAAK;KACb;IACD,KAAK,EAAE;QACL,SAAS,EAAE,OAAO;QAClB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,IAAI;KACZ;IACD,IAAI,EAAE;QACJ,SAAS,EAAE,MAAM;QACjB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,IAAI;KACZ;IACD,GAAG,EAAE;QACH,SAAS,EAAE,MAAM;QACjB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,IAAI;KACZ;IACD,OAAO,EAAE;QACP,SAAS,EAAE,MAAM;QACjB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,IAAI;KACZ;IACD,MAAM,EAAE;QACN,SAAS,EAAE,OAAO;QAClB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,IAAI;KACZ;IACD,IAAI,EAAE;QACJ,SAAS,EAAE,gBAAgB;QAC3B,YAAY,EAAE,kBAAkB;QAChC,KAAK,EAAE,KAAK;KACb;IACD,KAAK,EAAE;QACL,SAAS,EAAE,MAAM;QACjB,YAAY,EAAE,eAAe;QAC7B,KAAK,EAAE,KAAK;KACb;CACF,CAAC"}
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":""}
|