webcake-landing-mcp 1.0.77 → 1.0.78

package/dist/auth/oauth-server.js

@@ -15,49 +15,215 @@
  *   - Token endpoint (POST /token)  authorization_code + refresh_token
  *   - Authorization Server + Protected Resource metadata (the /.well-known docs)
  *
- * Access tokens are OPAQUE random strings mapped to the user's `ljwt` in this
+ * Access tokens are OPAQUE random strings mapped to the user's `ljwt` in the
  * store (so they can be revoked and the ljwt never leaves the server). The HTTP
  * layer resolves a Bearer access token to its ljwt and injects it as the normal
  * `x-webcake-jwt` header, so the rest of the server (persistence/config.ts) is
  * UNCHANGED and the legacy `?jwt=` / `x-webcake-jwt` paths keep working untouched.
  *
- * STORE: in-memory + single-process. Fine for one `serve` instance; move the maps
- * to Redis (same interface) before running multiple instances behind a load balancer.
+ * STORE: Postgres when DATABASE_URL is set (tokens survive a `serve` restart and
+ * are shared across instances behind a load balancer), else in-memory maps
+ * (single-instance `serve`, stdio/`npx`, offline tests). Both implement the same
+ * async `OAuthStore` interface; the rest of this module is backend-agnostic. All
+ * exported state functions are async — callers (src/http.ts) `await` them.
  */
 import { randomBytes, createHash } from "node:crypto";
+import { getPg, ensureOAuthSchema } from "../persistence/postgres.js";
 // ---- TTLs (override via env where useful) ---------------------------------
 const TEN_MIN = 10 * 60 * 1000;
 const ACCESS_TTL = Number(process.env.WEBCAKE_OAUTH_ACCESS_TTL_MS) || 60 * 60 * 1000; // 1h
 const REFRESH_TTL = Number(process.env.WEBCAKE_OAUTH_REFRESH_TTL_MS) || 30 * 24 * 60 * 60 * 1000; // 30d
 const CODE_TTL = TEN_MIN;
 const PENDING_TTL = TEN_MIN;
-// ---- In-memory maps -------------------------------------------------------
-const clients = new Map();
-const pending = new Map(); // key: internal state we send to /mcp-connect
-const codes = new Map(); // key: authorization code
-const accessTokens = new Map(); // key: access token
-const refreshTokens = new Map(); // key: refresh token
 function now() {
     return Date.now();
 }
 function token(bytes = 32) {
     return randomBytes(bytes).toString("base64url");
 }
-/** Lazy sweep of anything expired — cheap, called on the hot paths. */
-function sweep() {
-    const t = now();
-    for (const [k, v] of pending)
-        if (v.expiresAt < t)
-            pending.delete(k);
-    for (const [k, v] of codes)
-        if (v.expiresAt < t)
-            codes.delete(k);
-    for (const [k, v] of accessTokens)
-        if (v.expiresAt < t)
-            accessTokens.delete(k);
-    for (const [k, v] of refreshTokens)
-        if (v.expiresAt < t)
-            refreshTokens.delete(k);
+// ---- In-memory store (default; no DATABASE_URL) ---------------------------
+class MemoryStore {
+    clients = new Map();
+    pending = new Map();
+    codes = new Map();
+    access = new Map();
+    refresh = new Map();
+    /** Lazy sweep of anything expired — cheap, called on the hot paths. */
+    sweep() {
+        const t = now();
+        for (const [k, v] of this.pending)
+            if (v.expiresAt < t)
+                this.pending.delete(k);
+        for (const [k, v] of this.codes)
+            if (v.expiresAt < t)
+                this.codes.delete(k);
+        for (const [k, v] of this.access)
+            if (v.expiresAt < t)
+                this.access.delete(k);
+        for (const [k, v] of this.refresh)
+            if (v.expiresAt < t)
+                this.refresh.delete(k);
+    }
+    async putClient(c) {
+        this.clients.set(c.client_id, c);
+    }
+    async getClient(id) {
+        return this.clients.get(id);
+    }
+    async putPending(state, p) {
+        this.sweep();
+        this.pending.set(state, p);
+    }
+    async takePending(state) {
+        this.sweep();
+        const p = this.pending.get(state);
+        this.pending.delete(state);
+        return p && p.expiresAt >= now() ? p : undefined;
+    }
+    async putCode(code, c) {
+        this.codes.set(code, c);
+    }
+    async takeCode(code) {
+        this.sweep();
+        const c = this.codes.get(code);
+        this.codes.delete(code);
+        return c && c.expiresAt >= now() ? c : undefined;
+    }
+    async putAccess(t, a) {
+        this.access.set(t, a);
+    }
+    async getAccess(t) {
+        const a = this.access.get(t);
+        if (a && a.expiresAt < now()) {
+            this.access.delete(t);
+            return undefined;
+        }
+        return a;
+    }
+    async putRefresh(t, r) {
+        this.refresh.set(t, r);
+    }
+    async takeRefresh(t) {
+        this.sweep();
+        const r = this.refresh.get(t);
+        this.refresh.delete(t);
+        return r && r.expiresAt >= now() ? r : undefined;
+    }
+    async revoke(t) {
+        this.access.delete(t);
+        this.refresh.delete(t);
+    }
+}
+// ---- Postgres store (when DATABASE_URL is set) ----------------------------
+class PgStore {
+    pool;
+    constructor(pool) {
+        this.pool = pool;
+    }
+    async putClient(c) {
+        await this.pool.query(`INSERT INTO oauth_clients (client_id, client_name, redirect_uris, created_at)
+       VALUES ($1,$2,$3,$4)
+       ON CONFLICT (client_id) DO UPDATE SET client_name=$2, redirect_uris=$3`, [c.client_id, c.client_name ?? null, JSON.stringify(c.redirect_uris), c.created_at]);
+    }
+    async getClient(id) {
+        const { rows } = await this.pool.query(`SELECT client_id, client_name, redirect_uris, created_at FROM oauth_clients WHERE client_id=$1`, [id]);
+        const r = rows[0];
+        if (!r)
+            return undefined;
+        return {
+            client_id: r.client_id,
+            client_name: r.client_name ?? undefined,
+            redirect_uris: Array.isArray(r.redirect_uris) ? r.redirect_uris : JSON.parse(r.redirect_uris),
+            created_at: Number(r.created_at),
+        };
+    }
+    async putPending(state, p) {
+        await this.pool.query(`INSERT INTO oauth_pending (state, client_id, redirect_uri, code_challenge, client_state, scope, expires_at)
+       VALUES ($1,$2,$3,$4,$5,$6,$7)`, [state, p.client_id, p.redirect_uri, p.code_challenge, p.state ?? null, p.scope ?? null, p.expiresAt]);
+    }
+    async takePending(state) {
+        const { rows } = await this.pool.query(`DELETE FROM oauth_pending WHERE state=$1 RETURNING client_id, redirect_uri, code_challenge, client_state, scope, expires_at`, [state]);
+        const r = rows[0];
+        if (!r || Number(r.expires_at) < now())
+            return undefined;
+        return {
+            client_id: r.client_id,
+            redirect_uri: r.redirect_uri,
+            code_challenge: r.code_challenge,
+            state: r.client_state ?? undefined,
+            scope: r.scope ?? undefined,
+            expiresAt: Number(r.expires_at),
+        };
+    }
+    async putCode(code, c) {
+        await this.pool.query(`INSERT INTO oauth_codes (code, client_id, redirect_uri, code_challenge, scope, ljwt, expires_at)
+       VALUES ($1,$2,$3,$4,$5,$6,$7)`, [code, c.client_id, c.redirect_uri, c.code_challenge, c.scope ?? null, c.ljwt, c.expiresAt]);
+    }
+    async takeCode(code) {
+        const { rows } = await this.pool.query(`DELETE FROM oauth_codes WHERE code=$1 RETURNING client_id, redirect_uri, code_challenge, scope, ljwt, expires_at`, [code]);
+        const r = rows[0];
+        if (!r || Number(r.expires_at) < now())
+            return undefined;
+        return {
+            client_id: r.client_id,
+            redirect_uri: r.redirect_uri,
+            code_challenge: r.code_challenge,
+            scope: r.scope ?? undefined,
+            ljwt: r.ljwt,
+            expiresAt: Number(r.expires_at),
+        };
+    }
+    async putAccess(t, a) {
+        await this.pool.query(`INSERT INTO oauth_access_tokens (token, ljwt, scope, expires_at) VALUES ($1,$2,$3,$4)`, [t, a.ljwt, a.scope ?? null, a.expiresAt]);
+    }
+    async getAccess(t) {
+        const { rows } = await this.pool.query(`SELECT ljwt, scope, expires_at FROM oauth_access_tokens WHERE token=$1`, [t]);
+        const r = rows[0];
+        if (!r)
+            return undefined;
+        if (Number(r.expires_at) < now()) {
+            await this.pool.query(`DELETE FROM oauth_access_tokens WHERE token=$1`, [t]);
+            return undefined;
+        }
+        return { ljwt: r.ljwt, scope: r.scope ?? undefined, expiresAt: Number(r.expires_at) };
+    }
+    async putRefresh(t, r) {
+        await this.pool.query(`INSERT INTO oauth_refresh_tokens (token, ljwt, client_id, scope, expires_at) VALUES ($1,$2,$3,$4,$5)`, [t, r.ljwt, r.client_id, r.scope ?? null, r.expiresAt]);
+    }
+    async takeRefresh(t) {
+        const { rows } = await this.pool.query(`DELETE FROM oauth_refresh_tokens WHERE token=$1 RETURNING ljwt, client_id, scope, expires_at`, [t]);
+        const r = rows[0];
+        if (!r || Number(r.expires_at) < now())
+            return undefined;
+        return {
+            ljwt: r.ljwt,
+            client_id: r.client_id,
+            scope: r.scope ?? undefined,
+            expiresAt: Number(r.expires_at),
+        };
+    }
+    async revoke(t) {
+        await this.pool.query(`DELETE FROM oauth_access_tokens WHERE token=$1`, [t]);
+        await this.pool.query(`DELETE FROM oauth_refresh_tokens WHERE token=$1`, [t]);
+    }
+}
+// ---- Backend selection (memoized) -----------------------------------------
+const memoryStore = new MemoryStore();
+let storePromise;
+/** Resolve the active store ONCE: Postgres if configured + schema ready, else memory. */
+function getStore() {
+    if (storePromise)
+        return storePromise;
+    storePromise = (async () => {
+        const pool = getPg();
+        if (pool && (await ensureOAuthSchema(pool)))
+            return new PgStore(pool);
+        return memoryStore;
+    })().catch((e) => {
+        console.error("[oauth] store init failed, using in-memory:", e?.message ?? e);
+        return memoryStore;
+    });
+    return storePromise;
 }
 // ---- PKCE -----------------------------------------------------------------
 /** base64url( SHA256(verifier) ) — the S256 transform. */
@@ -76,7 +242,7 @@ export function verifyPkce(verifier, challenge) {
         diff |= a.charCodeAt(i) ^ challenge.charCodeAt(i);
     return diff === 0;
 }
-export function registerClient(body) {
+export async function registerClient(body) {
     const uris = Array.isArray(body?.redirect_uris)
         ? body.redirect_uris.filter((u) => typeof u === "string" && /^https?:\/\//i.test(u))
         : [];
@@ -89,11 +255,13 @@ export function registerClient(body) {
         redirect_uris: uris,
         created_at: now(),
     };
-    clients.set(client.client_id, client);
+    (await getStore()).putClient(client).catch((e) => console.error("[oauth] putClient:", e?.message ?? e));
     return { ok: true, client };
 }
-export function getClient(clientId) {
-    return clientId ? clients.get(clientId) : undefined;
+export async function getClient(clientId) {
+    if (!clientId)
+        return undefined;
+    return (await getStore()).getClient(clientId);
 }
 /**
  * Validate an /authorize request and park it. Returns an `internalState` to send
@@ -101,9 +269,9 @@ export function getClient(clientId) {
  * `redirectable: false` means the error must be shown as a page (we can't trust
  * the redirect_uri); `true` means it's safe to bounce the error to the client.
  */
-export function startAuthorize(p) {
-    sweep();
-    const client = getClient(p.client_id);
+export async function startAuthorize(p) {
+    const store = await getStore();
+    const client = p.client_id ? await store.getClient(p.client_id) : undefined;
     if (!client) {
         return { ok: false, error: "invalid_client", error_description: "Unknown client_id. Register first via /register.", redirectable: false };
     }
@@ -118,7 +286,7 @@ export function startAuthorize(p) {
         return { ok: false, error: "invalid_request", error_description: "PKCE with code_challenge_method=S256 is required.", redirectable: true };
     }
     const internalState = token(24);
-    pending.set(internalState, {
+    await store.putPending(internalState, {
         client_id: client.client_id,
         redirect_uri: p.redirect_uri,
         code_challenge: p.code_challenge,
@@ -134,18 +302,17 @@ export function startAuthorize(p) {
  * parked PKCE challenge, and return where to redirect the user (the client's
  * redirect_uri with ?code=&state=).
  */
-export function completeAuthorize(internalState, ljwt) {
-    sweep();
-    if (!internalState || !pending.has(internalState)) {
+export async function completeAuthorize(internalState, ljwt) {
+    const store = await getStore();
+    const p = internalState ? await store.takePending(internalState) : undefined;
+    if (!p) {
         return { ok: false, error: "invalid_request", error_description: "Authorization session expired or unknown — restart the connection." };
     }
-    const p = pending.get(internalState);
-    pending.delete(internalState);
     if (!ljwt) {
         return { ok: false, error: "access_denied", error_description: "No Webcake token returned from login." };
     }
     const code = token(32);
-    codes.set(code, {
+    await store.putCode(code, {
         client_id: p.client_id,
         redirect_uri: p.redirect_uri,
         code_challenge: p.code_challenge,
@@ -155,21 +322,20 @@ export function completeAuthorize(internalState, ljwt) {
     });
     return { ok: true, redirectUri: p.redirect_uri, code, state: p.state };
 }
-function issueTokens(ljwt, client_id, scope) {
+async function issueTokens(store, ljwt, client_id, scope) {
     const access = token(32);
     const refresh = token(32);
-    accessTokens.set(access, { ljwt, scope, expiresAt: now() + ACCESS_TTL });
-    refreshTokens.set(refresh, { ljwt, client_id, scope, expiresAt: now() + REFRESH_TTL });
+    await store.putAccess(access, { ljwt, scope, expiresAt: now() + ACCESS_TTL });
+    await store.putRefresh(refresh, { ljwt, client_id, scope, expiresAt: now() + REFRESH_TTL });
     return { access_token: access, token_type: "Bearer", expires_in: Math.floor(ACCESS_TTL / 1000), refresh_token: refresh, scope };
 }
-export function exchangeToken(p) {
-    sweep();
+export async function exchangeToken(p) {
+    const store = await getStore();
     if (p.grant_type === "authorization_code") {
-        if (!p.code || !codes.has(p.code)) {
+        const c = p.code ? await store.takeCode(p.code) : undefined; // one-time use
+        if (!c) {
             return { ok: false, status: 400, error: "invalid_grant", error_description: "Unknown or expired authorization code." };
         }
-        const c = codes.get(p.code);
-        codes.delete(p.code); // one-time use
         if (c.client_id !== p.client_id) {
             return { ok: false, status: 400, error: "invalid_grant", error_description: "client_id does not match the authorization code." };
         }
@@ -179,38 +345,30 @@ export function exchangeToken(p) {
         if (!p.code_verifier || !verifyPkce(p.code_verifier, c.code_challenge)) {
             return { ok: false, status: 400, error: "invalid_grant", error_description: "PKCE verification failed." };
         }
-        return { ok: true, body: issueTokens(c.ljwt, c.client_id, c.scope) };
+        return { ok: true, body: await issueTokens(store, c.ljwt, c.client_id, c.scope) };
     }
     if (p.grant_type === "refresh_token") {
-        if (!p.refresh_token || !refreshTokens.has(p.refresh_token)) {
+        const r = p.refresh_token ? await store.takeRefresh(p.refresh_token) : undefined; // rotate
+        if (!r) {
             return { ok: false, status: 400, error: "invalid_grant", error_description: "Unknown or expired refresh token." };
         }
-        const r = refreshTokens.get(p.refresh_token);
-        refreshTokens.delete(p.refresh_token); // rotate
-        return { ok: true, body: issueTokens(r.ljwt, r.client_id, r.scope) };
+        return { ok: true, body: await issueTokens(store, r.ljwt, r.client_id, r.scope) };
     }
     return { ok: false, status: 400, error: "unsupported_grant_type", error_description: "grant_type must be authorization_code or refresh_token." };
 }
 // ---- Resource-server side: resolve a Bearer access token to its ljwt -------
 /** Returns the user's ljwt for a valid, unexpired access token, else undefined. */
-export function resolveAccessToken(accessToken) {
+export async function resolveAccessToken(accessToken) {
     if (!accessToken)
         return undefined;
-    const a = accessTokens.get(accessToken);
-    if (!a)
-        return undefined;
-    if (a.expiresAt < now()) {
-        accessTokens.delete(accessToken);
-        return undefined;
-    }
-    return a.ljwt;
+    const a = await (await getStore()).getAccess(accessToken);
+    return a?.ljwt;
 }
 /** Revoke an access or refresh token (best-effort; for /revoke). */
-export function revokeToken(t) {
+export async function revokeToken(t) {
     if (!t)
         return;
-    accessTokens.delete(t);
-    refreshTokens.delete(t);
+    await (await getStore()).revoke(t);
 }
 // ---- Metadata documents (RFC 8414 / RFC 9728) -----------------------------
 /** /.well-known/oauth-authorization-server */

package/dist/changelog.json

@@ -1,4 +1,11 @@
 [
+  {
+    "v": "1.0.78",
+    "d": "15/06/2026",
+    "type": "Added",
+    "en": "The OAuth token store (clients, authorization codes, access and refresh tokens) now uses Postgres when DATABASE_URL, WEBCAKE_POSTGRES_URL, or…",
+    "vi": "Kho lưu trữ OAuth token (clients, authorization code, access và refresh token) nay sử dụng Postgres khi DATABASE_URL, WEBCAKE_POSTGRES_URL, hoặc…"
+  },
   {
     "v": "1.0.77",
     "d": "15/06/2026",
@@ -33,12 +40,5 @@
     "type": "Added",
     "en": "ingest_html and ingest_url now extract the full design system from a tailwind.config script block when present (Google Stitch and other Tailwind-CDN…",
     "vi": "ingest_html và ingest_url nay trích xuất toàn bộ design system từ block script tailwind.config khi có (trang Google Stitch và các trang Tailwind-CDN…"
-  },
-  {
-    "v": "1.0.72",
-    "d": "13/06/2026",
-    "type": "Fixed",
-    "en": "When cloning a LadiPage or Webcake-published page via ingest_html / ingest_url, html-box elements' passthrough HTML content now has its…",
-    "vi": "Khi clone trang LadiPage hoặc Webcake-published qua ingest_html / ingest_url, nội dung HTML passthrough của các phần tử html-box nay được đổi tên…"
   }
 ]

package/dist/http.js

@@ -189,7 +189,7 @@ async function handleOAuth(req, res, path) {
             return oauthError(res, 405, "invalid_request", "Use POST."), true;
         const raw = await readRawBody(req);
         const body = parseBodyParams(raw, String(req.headers["content-type"] ?? ""));
-        const result = registerClient(body);
+        const result = await registerClient(body);
         if (!result.ok)
             return oauthError(res, 400, result.error, result.error_description), true;
         res.writeHead(201, { "content-type": "application/json", "access-control-allow-origin": "*", "cache-control": "no-store" });
@@ -206,7 +206,7 @@ async function handleOAuth(req, res, path) {
     // ---- Authorize: validate + delegate to the SPA login, parking the request ----
     if (req.method === "GET" && path === OAUTH_AUTHORIZE) {
         const sp = new URL(req.url ?? "/", "http://x").searchParams;
-        const result = startAuthorize({
+        const result = await startAuthorize({
             client_id: sp.get("client_id"),
             redirect_uri: sp.get("redirect_uri"),
             response_type: sp.get("response_type"),
@@ -238,7 +238,7 @@ async function handleOAuth(req, res, path) {
     // ---- Login callback: the SPA handed back the user's ljwt → mint a code ----
     if (req.method === "GET" && path === OAUTH_CALLBACK) {
         const sp = new URL(req.url ?? "/", "http://x").searchParams;
-        const done = completeAuthorize(sp.get("state"), sp.get("token"));
+        const done = await completeAuthorize(sp.get("state"), sp.get("token"));
         if (!done.ok)
             return htmlError(res, 400, done.error_description), true;
         const r = new URL(done.redirectUri);
@@ -258,7 +258,7 @@ async function handleOAuth(req, res, path) {
             return oauthError(res, 405, "invalid_request", "Use POST."), true;
         const raw = await readRawBody(req);
         const body = parseBodyParams(raw, String(req.headers["content-type"] ?? ""));
-        const result = exchangeToken(body);
+        const result = await exchangeToken(body);
         if (!result.ok)
             return oauthError(res, result.status, result.error, result.error_description), true;
         res.writeHead(200, { "content-type": "application/json", "access-control-allow-origin": "*", "cache-control": "no-store" });
@@ -271,7 +271,7 @@ async function handleOAuth(req, res, path) {
             return oauthError(res, 405, "invalid_request", "Use POST."), true;
         const raw = await readRawBody(req);
         const body = parseBodyParams(raw, String(req.headers["content-type"] ?? ""));
-        revokeToken(body.token);
+        await revokeToken(body.token);
         res.writeHead(200, { "content-type": "application/json", "cache-control": "no-store" });
         res.end("{}");
         return true;
@@ -393,7 +393,7 @@ export async function startHttpServer(port) {
         // normal x-webcake-jwt header, so persistence/config.ts is unchanged. A legacy
         // raw JWT sent via x-webcake-jwt / ?jwt= still wins and passes straight through.
         const bearer = bearerFrom(req);
-        const oauthLjwt = resolveAccessToken(bearer);
+        const oauthLjwt = await resolveAccessToken(bearer);
         if (oauthLjwt && req.headers["x-webcake-jwt"] == null) {
             req.headers["x-webcake-jwt"] = oauthLjwt;
             req.rawHeaders.push("x-webcake-jwt", oauthLjwt);

package/dist/persistence/draft-cache.js

@@ -1,5 +1,5 @@
 /**
- * Tiny in-memory store for sources that need a cache — three kinds:
+ * Tiny store for sources that need a cache — three kinds:
  *
  *  - 'page'    (default/absent): a full page source whose create_page FAILED validation
  *              OR whose create_page network call failed/timed-out after validation passed.
@@ -23,20 +23,30 @@
  *              Commit path: update_page({draft_id, dry_run:false}) or
  *              patch_page({draft_id, patches?, dry_run:false}).
  *
+ * BACKEND: Redis when REDIS_URL is set (so drafts survive a restart and are shared
+ * across `serve` instances), else an in-memory Map (stdio/`npx`/offline smoke). The
+ * cache is DISPOSABLE either way — a lost draft (process restart, eviction, expiry)
+ * just means the model falls back to re-sending the full source, never a failure.
+ *
  * Bounded + TTL'd (SLIDING: every get/update refreshes the clock, so a draft being
- * actively worked on never expires mid-workflow); a lost draft (process restart,
- * eviction, expiry) just means the model falls back to re-sending the full source —
- * never a failure.
+ * actively worked on never expires mid-workflow). Redis does the sliding TTL natively
+ * via PEXPIRE; the memory path sweeps on each touch.
+ *
  * Process-global, but draft_ids are random/unguessable AND persisting still uses the
  * CALLER's own creds, so a draft only ever yields a page in the caller's account.
+ *
+ * All functions are async (the Redis backend is async). Callers `await` them.
  */
 import { randomUUID } from "node:crypto";
+import { getRedis } from "./redis.js";
 /** Draft lifetime — default 2 hours. Override via WEBCAKE_DRAFT_TTL_MS env. */
 const TTL_MS = (() => {
     const v = parseInt(process.env.WEBCAKE_DRAFT_TTL_MS ?? "", 10);
     return Number.isFinite(v) && v > 0 ? v : 2 * 60 * 60 * 1000;
 })();
 const MAX_ENTRIES = 50;
+const REDIS_PREFIX = "wcl:draft:";
+// ---- In-memory fallback (used when no REDIS_URL) ---------------------------
 const store = new Map();
 function sweep(now) {
     for (const [id, d] of store)
@@ -57,16 +67,46 @@ function sweep(now) {
             break;
     }
 }
+function newId() {
+    return `draft_${randomUUID().replace(/-/g, "").slice(0, 20)}`;
+}
 /** Cache a failed source. Returns the draft_id to hand back to the model. */
-export function putDraft(draft) {
+export async function putDraft(draft) {
     const now = Date.now();
+    const id = newId();
+    const entry = { ...draft, created: now };
+    const redis = getRedis();
+    if (redis) {
+        try {
+            await redis.set(REDIS_PREFIX + id, JSON.stringify(entry), "PX", TTL_MS);
+            return id;
+        }
+        catch (e) {
+            console.error("[draft-cache] redis put failed, using memory:", e?.message ?? e);
+        }
+    }
     sweep(now);
-    const id = `draft_${randomUUID().replace(/-/g, "").slice(0, 20)}`;
-    store.set(id, { ...draft, created: now });
+    store.set(id, entry);
     return id;
 }
 /** Replace a draft's source after applying patches (refreshes its TTL). */
-export function updateDraft(id, source) {
+export async function updateDraft(id, source) {
+    const redis = getRedis();
+    if (redis) {
+        try {
+            const raw = await redis.get(REDIS_PREFIX + id);
+            if (raw) {
+                const entry = JSON.parse(raw);
+                entry.source = source;
+                entry.created = Date.now();
+                await redis.set(REDIS_PREFIX + id, JSON.stringify(entry), "PX", TTL_MS);
+            }
+            return;
+        }
+        catch (e) {
+            console.error("[draft-cache] redis update failed, using memory:", e?.message ?? e);
+        }
+    }
     const d = store.get(id);
     if (d) {
         d.source = source;
@@ -74,7 +114,22 @@ export function updateDraft(id, source) {
     }
 }
 /** Fetch a live (non-expired) draft, or null if missing/expired. Refreshes the TTL (sliding expiration) so an in-progress workflow never loses its draft. */
-export function getDraft(id) {
+export async function getDraft(id) {
+    const redis = getRedis();
+    if (redis) {
+        try {
+            const raw = await redis.get(REDIS_PREFIX + id);
+            if (!raw)
+                return null;
+            await redis.pexpire(REDIS_PREFIX + id, TTL_MS); // slide the TTL on every touch
+            const entry = JSON.parse(raw);
+            entry.created = Date.now();
+            return entry;
+        }
+        catch (e) {
+            console.error("[draft-cache] redis get failed, using memory:", e?.message ?? e);
+        }
+    }
     const now = Date.now();
     sweep(now);
     const d = store.get(id);
@@ -82,6 +137,16 @@ export function getDraft(id) {
         d.created = now;
     return d ?? null;
 }
-export function deleteDraft(id) {
+export async function deleteDraft(id) {
+    const redis = getRedis();
+    if (redis) {
+        try {
+            await redis.del(REDIS_PREFIX + id);
+            return;
+        }
+        catch (e) {
+            console.error("[draft-cache] redis delete failed, using memory:", e?.message ?? e);
+        }
+    }
     store.delete(id);
 }