webpeel 0.1.0

package/dist/server/middleware/rate-limit.js

@@ -0,0 +1,85 @@
+/**
+ * Sliding window rate limiting middleware
+ */
+export class RateLimiter {
+    store = new Map();
+    windowMs;
+    constructor(windowMs = 60000) {
+        this.windowMs = windowMs;
+    }
+    /**
+     * Check if request is allowed under rate limit
+     */
+    checkLimit(identifier, limit) {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        // Get or create entry
+        let entry = this.store.get(identifier);
+        if (!entry) {
+            entry = { timestamps: [] };
+            this.store.set(identifier, entry);
+        }
+        // Remove timestamps outside the window
+        entry.timestamps = entry.timestamps.filter(ts => ts > windowStart);
+        // Check if limit exceeded
+        if (entry.timestamps.length >= limit) {
+            const oldestTimestamp = entry.timestamps[0];
+            const retryAfter = Math.ceil((oldestTimestamp + this.windowMs - now) / 1000);
+            return {
+                allowed: false,
+                remaining: 0,
+                retryAfter,
+            };
+        }
+        // Add current timestamp
+        entry.timestamps.push(now);
+        return {
+            allowed: true,
+            remaining: limit - entry.timestamps.length,
+        };
+    }
+    /**
+     * Clean up old entries (call periodically)
+     */
+    cleanup() {
+        const now = Date.now();
+        const windowStart = now - this.windowMs;
+        for (const [identifier, entry] of this.store.entries()) {
+            entry.timestamps = entry.timestamps.filter(ts => ts > windowStart);
+            if (entry.timestamps.length === 0) {
+                this.store.delete(identifier);
+            }
+        }
+    }
+}
+export function createRateLimitMiddleware(limiter) {
+    return (req, res, next) => {
+        try {
+            // Use API key or IP address as identifier
+            const identifier = req.auth?.keyInfo?.key || req.ip || 'unknown';
+            const limit = req.auth?.rateLimit || 10;
+            const result = limiter.checkLimit(identifier, limit);
+            // Set rate limit headers
+            res.setHeader('X-RateLimit-Limit', limit.toString());
+            res.setHeader('X-RateLimit-Remaining', result.remaining.toString());
+            if (!result.allowed) {
+                res.setHeader('Retry-After', result.retryAfter.toString());
+                res.status(429).json({
+                    error: 'rate_limited',
+                    message: 'Rate limit exceeded',
+                    retryAfter: result.retryAfter,
+                });
+                return;
+            }
+            next();
+        }
+        catch (error) {
+            const err = error;
+            res.status(500).json({
+                error: 'rate_limit_error',
+                message: err.message || 'Rate limiting failed',
+            });
+        }
+    };
+}
+//# sourceMappingURL=rate-limit.js.map

package/dist/server/middleware/rate-limit.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limit.js","sourceRoot":"","sources":["../../../src/server/middleware/rate-limit.ts"],"names":[],"mappings":"AAAA;;GAEG;AAQH,MAAM,OAAO,WAAW;IACd,KAAK,GAAG,IAAI,GAAG,EAA0B,CAAC;IAC1C,QAAQ,CAAS;IAEzB,YAAY,WAAmB,KAAK;QAClC,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;IAC3B,CAAC;IAED;;OAEG;IACH,UAAU,CAAC,UAAkB,EAAE,KAAa;QAK1C,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAExC,sBAAsB;QACtB,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,KAAK,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;YAC3B,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;QACpC,CAAC;QAED,uCAAuC;QACvC,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,WAAW,CAAC,CAAC;QAEnE,0BAA0B;QAC1B,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC;YACrC,MAAM,eAAe,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC;YAC5C,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC,eAAe,GAAG,IAAI,CAAC,QAAQ,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC;YAE7E,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,SAAS,EAAE,CAAC;gBACZ,UAAU;aACX,CAAC;QACJ,CAAC;QAED,wBAAwB;QACxB,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE3B,OAAO;YACL,OAAO,EAAE,IAAI;YACb,SAAS,EAAE,KAAK,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM;SAC3C,CAAC;IACJ,CAAC;IAED;;OAEG;IACH,OAAO;QACL,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,MAAM,WAAW,GAAG,GAAG,GAAG,IAAI,CAAC,QAAQ,CAAC;QAExC,KAAK,MAAM,CAAC,UAAU,EAAE,KAAK,CAAC,IAAI,IAAI,CAAC,KAAK,CAAC,OAAO,EAAE,EAAE,CAAC;YACvD,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,WAAW,CAAC,CAAC;YACnE,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAClC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,UAAU,CAAC,CAAC;YAChC,CAAC;QACH,CAAC;IACH,CAAC;CACF;AAED,MAAM,UAAU,yBAAyB,CAAC,OAAoB;IAC5D,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,IAAI,CAAC;YACH,0CAA0C;YAC1C,MAAM,UAAU,GAAG,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,IAAI,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;YACjE,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,EAAE,SAAS,IAAI,EAAE,CAAC;YAExC,MAAM,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;YAErD,yBAAyB;YACzB,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,KAAK,CAAC,QAAQ,EAAE,CAAC,CAAC;YACrD,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,SAAS,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEpE,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpB,GAAG,CAAC,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC,UAAW,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC5D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,cAAc;oBACrB,OAAO,EAAE,qBAAqB;oBAC9B,UAAU,EAAE,MAAM,CAAC,UAAU;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,EAAE,CAAC;QACT,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAc,CAAC;YAC3B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,kBAAkB;gBACzB,OAAO,EAAE,GAAG,CAAC,OAAO,IAAI,sBAAsB;aAC/C,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC;AACJ,CAAC"}

package/dist/server/routes/fetch.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Fetch endpoint with caching
+ */
+import { Router } from 'express';
+import { AuthStore } from '../auth-store.js';
+export declare function createFetchRouter(authStore: AuthStore): Router;
+//# sourceMappingURL=fetch.d.ts.map

package/dist/server/routes/fetch.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.d.ts","sourceRoot":"","sources":["../../../src/server/routes/fetch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAIpD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAO7C,wBAAgB,iBAAiB,CAAC,SAAS,EAAE,SAAS,GAAG,MAAM,CAsI9D"}

package/dist/server/routes/fetch.js

@@ -0,0 +1,127 @@
+/**
+ * Fetch endpoint with caching
+ */
+import { Router } from 'express';
+import { peel } from '../../index.js';
+import { LRUCache } from 'lru-cache';
+export function createFetchRouter(authStore) {
+    const router = Router();
+    // LRU cache: 5 minute TTL, max 1000 entries, 100MB total size
+    const cache = new LRUCache({
+        max: 1000,
+        ttl: 5 * 60 * 1000, // 5 minutes
+        maxSize: 100 * 1024 * 1024, // 100MB
+        sizeCalculation: (entry) => {
+            return JSON.stringify(entry).length;
+        },
+    });
+    router.get('/v1/fetch', async (req, res) => {
+        try {
+            const { url, render, wait, format } = req.query;
+            // Validate URL parameter
+            if (!url || typeof url !== 'string') {
+                res.status(400).json({
+                    error: 'invalid_request',
+                    message: 'Missing or invalid "url" parameter',
+                });
+                return;
+            }
+            // SECURITY: Validate URL format and length
+            if (url.length > 2048) {
+                res.status(400).json({
+                    error: 'invalid_url',
+                    message: 'URL too long (max 2048 characters)',
+                });
+                return;
+            }
+            try {
+                const parsed = new URL(url);
+                // Normalize URL for consistent caching
+                const normalizedUrl = parsed.href;
+                // Use normalized URL for cache key
+                if (normalizedUrl !== url) {
+                    // URL was normalized, update for caching
+                }
+            }
+            catch {
+                res.status(400).json({
+                    error: 'invalid_url',
+                    message: 'Invalid URL format',
+                });
+                return;
+            }
+            // Build cache key
+            const cacheKey = `fetch:${url}:${render}:${wait}:${format}`;
+            // Check cache
+            const cached = cache.get(cacheKey);
+            if (cached) {
+                res.setHeader('X-Cache', 'HIT');
+                res.setHeader('X-Cache-Age', Math.floor((Date.now() - cached.timestamp) / 1000).toString());
+                res.json(cached.result);
+                return;
+            }
+            // Parse options
+            const options = {
+                render: render === 'true',
+                wait: wait ? parseInt(wait, 10) : undefined,
+                format: format || 'markdown',
+            };
+            // Validate wait parameter
+            if (options.wait !== undefined && (isNaN(options.wait) || options.wait < 0 || options.wait > 60000)) {
+                res.status(400).json({
+                    error: 'invalid_request',
+                    message: 'Invalid "wait" parameter: must be between 0 and 60000ms',
+                });
+                return;
+            }
+            // Validate format parameter
+            if (!['markdown', 'text', 'html'].includes(options.format || '')) {
+                res.status(400).json({
+                    error: 'invalid_request',
+                    message: 'Invalid "format" parameter: must be "markdown", "text", or "html"',
+                });
+                return;
+            }
+            // Fetch content
+            const startTime = Date.now();
+            const result = await peel(url, options);
+            const elapsed = Date.now() - startTime;
+            // Track usage (1 credit per fetch)
+            if (req.auth?.keyInfo?.key) {
+                await authStore.trackUsage(req.auth.keyInfo.key, 1);
+            }
+            // Cache result
+            cache.set(cacheKey, {
+                result,
+                timestamp: Date.now(),
+            });
+            // Add usage headers
+            res.setHeader('X-Cache', 'MISS');
+            res.setHeader('X-Credits-Used', '1');
+            res.setHeader('X-Processing-Time', elapsed.toString());
+            res.json(result);
+        }
+        catch (error) {
+            const err = error;
+            // SECURITY: Sanitize error messages to prevent information disclosure
+            if (err.code) {
+                // WebPeelError from core library - safe to expose
+                const safeMessage = err.message.replace(/[<>"']/g, ''); // Remove HTML chars
+                res.status(500).json({
+                    error: err.code,
+                    message: safeMessage,
+                });
+            }
+            else {
+                // Unexpected error - generic message only
+                console.error('Fetch error:', err); // Log full error server-side
+                res.status(500).json({
+                    error: 'internal_error',
+                    message: 'An unexpected error occurred while fetching the URL',
+                });
+            }
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=fetch.js.map

package/dist/server/routes/fetch.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fetch.js","sourceRoot":"","sources":["../../../src/server/routes/fetch.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,IAAI,EAAE,MAAM,gBAAgB,CAAC;AAEtC,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAQrC,MAAM,UAAU,iBAAiB,CAAC,SAAoB;IACpD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,8DAA8D;IAC9D,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAqB;QAC7C,GAAG,EAAE,IAAI;QACT,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,YAAY;QAChC,OAAO,EAAE,GAAG,GAAG,IAAI,GAAG,IAAI,EAAE,QAAQ;QACpC,eAAe,EAAE,CAAC,KAAK,EAAE,EAAE;YACzB,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACtC,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC5D,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC;YAEhD,yBAAyB;YACzB,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,oCAAoC;iBAC9C,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,2CAA2C;YAC3C,IAAI,GAAG,CAAC,MAAM,GAAG,IAAI,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,aAAa;oBACpB,OAAO,EAAE,oCAAoC;iBAC9C,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;gBAC5B,uCAAuC;gBACvC,MAAM,aAAa,GAAG,MAAM,CAAC,IAAI,CAAC;gBAElC,mCAAmC;gBACnC,IAAI,aAAa,KAAK,GAAG,EAAE,CAAC;oBAC1B,yCAAyC;gBAC3C,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,aAAa;oBACpB,OAAO,EAAE,oBAAoB;iBAC9B,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,kBAAkB;YAClB,MAAM,QAAQ,GAAG,SAAS,GAAG,IAAI,MAAM,IAAI,IAAI,IAAI,MAAM,EAAE,CAAC;YAE5D,cAAc;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;gBAChC,GAAG,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC5F,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC;gBACxB,OAAO;YACT,CAAC;YAED,gBAAgB;YAChB,MAAM,OAAO,GAAgB;gBAC3B,MAAM,EAAE,MAAM,KAAK,MAAM;gBACzB,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAc,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS;gBACrD,MAAM,EAAG,MAAuC,IAAI,UAAU;aAC/D,CAAC;YAEF,0BAA0B;YAC1B,IAAI,OAAO,CAAC,IAAI,KAAK,SAAS,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,IAAI,OAAO,CAAC,IAAI,GAAG,CAAC,IAAI,OAAO,CAAC,IAAI,GAAG,KAAK,CAAC,EAAE,CAAC;gBACpG,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,yDAAyD;iBACnE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,4BAA4B;YAC5B,IAAI,CAAC,CAAC,UAAU,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC,EAAE,CAAC;gBACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,mEAAmE;iBAC7E,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,gBAAgB;YAChB,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAC7B,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;YACxC,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEvC,mCAAmC;YACnC,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;gBAC3B,MAAM,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,eAAe;YACf,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;gBAClB,MAAM;gBACN,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YAEH,oBAAoB;YACpB,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEvD,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACnB,CAAC;QAAC,OAAO,KAAU,EAAE,CAAC;YACpB,MAAM,GAAG,GAAG,KAAY,CAAC;YAEzB,sEAAsE;YACtE,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;gBACb,kDAAkD;gBAClD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,CAAC,CAAC,CAAC,oBAAoB;gBAC5E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,GAAG,CAAC,IAAI;oBACf,OAAO,EAAE,WAAW;iBACrB,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,0CAA0C;gBAC1C,OAAO,CAAC,KAAK,CAAC,cAAc,EAAE,GAAG,CAAC,CAAC,CAAC,6BAA6B;gBACjE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,gBAAgB;oBACvB,OAAO,EAAE,qDAAqD;iBAC/D,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/routes/health.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Health check endpoint
+ */
+import { Router } from 'express';
+export declare function createHealthRouter(): Router;
+//# sourceMappingURL=health.d.ts.map

package/dist/server/routes/health.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.d.ts","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAIpD,wBAAgB,kBAAkB,IAAI,MAAM,CAe3C"}

package/dist/server/routes/health.js

@@ -0,0 +1,19 @@
+/**
+ * Health check endpoint
+ */
+import { Router } from 'express';
+const startTime = Date.now();
+export function createHealthRouter() {
+    const router = Router();
+    router.get('/health', (_req, res) => {
+        const uptime = Math.floor((Date.now() - startTime) / 1000);
+        res.json({
+            status: 'healthy',
+            version: process.env.npm_package_version || '1.0.0',
+            uptime,
+            timestamp: new Date().toISOString(),
+        });
+    });
+    return router;
+}
+//# sourceMappingURL=health.js.map

package/dist/server/routes/health.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health.js","sourceRoot":"","sources":["../../../src/server/routes/health.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAEpD,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;AAE7B,MAAM,UAAU,kBAAkB;IAChC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;QACrD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;QAE3D,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,SAAS;YACjB,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,OAAO;YACnD,MAAM;YACN,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/server/routes/search.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Search endpoint with caching
+ */
+import { Router } from 'express';
+import { AuthStore } from '../auth-store.js';
+export declare function createSearchRouter(authStore: AuthStore): Router;
+//# sourceMappingURL=search.d.ts.map

package/dist/server/routes/search.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.d.ts","sourceRoot":"","sources":["../../../src/server/routes/search.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAIpD,OAAO,EAAE,SAAS,EAAE,MAAM,kBAAkB,CAAC;AAa7C,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,SAAS,GAAG,MAAM,CAsI/D"}

package/dist/server/routes/search.js

@@ -0,0 +1,124 @@
+/**
+ * Search endpoint with caching
+ */
+import { Router } from 'express';
+import { fetch as undiciFetch } from 'undici';
+import { load } from 'cheerio';
+import { LRUCache } from 'lru-cache';
+export function createSearchRouter(authStore) {
+    const router = Router();
+    // LRU cache: 15 minute TTL, max 500 entries, 50MB total size
+    const cache = new LRUCache({
+        max: 500,
+        ttl: 15 * 60 * 1000, // 15 minutes
+        maxSize: 50 * 1024 * 1024, // 50MB
+        sizeCalculation: (entry) => {
+            return JSON.stringify(entry).length;
+        },
+    });
+    router.get('/v1/search', async (req, res) => {
+        try {
+            const { q, count } = req.query;
+            // Validate query parameter
+            if (!q || typeof q !== 'string') {
+                res.status(400).json({
+                    error: 'invalid_request',
+                    message: 'Missing or invalid "q" parameter',
+                });
+                return;
+            }
+            // Parse and validate count
+            const resultCount = count ? parseInt(count, 10) : 5;
+            if (isNaN(resultCount) || resultCount < 1 || resultCount > 10) {
+                res.status(400).json({
+                    error: 'invalid_request',
+                    message: 'Invalid "count" parameter: must be between 1 and 10',
+                });
+                return;
+            }
+            // Build cache key
+            const cacheKey = `search:${q}:${resultCount}`;
+            // Check cache
+            const cached = cache.get(cacheKey);
+            if (cached) {
+                res.setHeader('X-Cache', 'HIT');
+                res.setHeader('X-Cache-Age', Math.floor((Date.now() - cached.timestamp) / 1000).toString());
+                res.json({
+                    query: q,
+                    count: cached.results.length,
+                    results: cached.results,
+                });
+                return;
+            }
+            // Perform search
+            const searchUrl = `https://html.duckduckgo.com/html/?q=${encodeURIComponent(q)}`;
+            const startTime = Date.now();
+            const response = await undiciFetch(searchUrl, {
+                headers: {
+                    'User-Agent': 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36',
+                },
+            });
+            if (!response.ok) {
+                throw new Error(`Search failed: HTTP ${response.status}`);
+            }
+            const html = await response.text();
+            const $ = load(html);
+            const results = [];
+            $('.result').each((_i, elem) => {
+                if (results.length >= resultCount)
+                    return;
+                const $result = $(elem);
+                let title = $result.find('.result__title').text().trim();
+                let url = $result.find('.result__url').attr('href') || '';
+                let snippet = $result.find('.result__snippet').text().trim();
+                // SECURITY: Validate and sanitize results
+                if (!title || !url)
+                    return;
+                // Only allow HTTP/HTTPS URLs
+                try {
+                    const parsed = new URL(url);
+                    if (!['http:', 'https:'].includes(parsed.protocol)) {
+                        return;
+                    }
+                }
+                catch {
+                    return;
+                }
+                // Limit text lengths to prevent bloat
+                title = title.slice(0, 200);
+                snippet = snippet.slice(0, 500);
+                results.push({ title, url, snippet });
+            });
+            const elapsed = Date.now() - startTime;
+            // Track usage (1 credit per search)
+            if (req.auth?.keyInfo?.key) {
+                await authStore.trackUsage(req.auth.keyInfo.key, 1);
+            }
+            // Cache results
+            cache.set(cacheKey, {
+                results,
+                timestamp: Date.now(),
+            });
+            // Add headers
+            res.setHeader('X-Cache', 'MISS');
+            res.setHeader('X-Credits-Used', '1');
+            res.setHeader('X-Processing-Time', elapsed.toString());
+            res.json({
+                query: q,
+                count: results.length,
+                results,
+            });
+        }
+        catch (error) {
+            const err = error;
+            // SECURITY: Generic error message to prevent information disclosure
+            console.error('Search error:', err); // Log full error server-side
+            res.status(500).json({
+                error: 'search_failed',
+                message: 'Search request failed. Please try again.',
+            });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=search.js.map

package/dist/server/routes/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sourceRoot":"","sources":["../../../src/server/routes/search.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,IAAI,EAAE,MAAM,SAAS,CAAC;AAC/B,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAcrC,MAAM,UAAU,kBAAkB,CAAC,SAAoB;IACrD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,6DAA6D;IAC7D,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAqB;QAC7C,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,EAAE,GAAG,EAAE,GAAG,IAAI,EAAE,aAAa;QAClC,OAAO,EAAE,EAAE,GAAG,IAAI,GAAG,IAAI,EAAE,OAAO;QAClC,eAAe,EAAE,CAAC,KAAK,EAAE,EAAE;YACzB,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC;QACtC,CAAC;KACF,CAAC,CAAC;IAEH,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC7D,IAAI,CAAC;YACH,MAAM,EAAE,CAAC,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,KAAK,CAAC;YAE/B,2BAA2B;YAC3B,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,kCAAkC;iBAC5C,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,2BAA2B;YAC3B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAe,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;YAC9D,IAAI,KAAK,CAAC,WAAW,CAAC,IAAI,WAAW,GAAG,CAAC,IAAI,WAAW,GAAG,EAAE,EAAE,CAAC;gBAC9D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,iBAAiB;oBACxB,OAAO,EAAE,qDAAqD;iBAC/D,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,kBAAkB;YAClB,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,WAAW,EAAE,CAAC;YAE9C,cAAc;YACd,MAAM,MAAM,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;YACnC,IAAI,MAAM,EAAE,CAAC;gBACX,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;gBAChC,GAAG,CAAC,SAAS,CAAC,aAAa,EAAE,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;gBAC5F,GAAG,CAAC,IAAI,CAAC;oBACP,KAAK,EAAE,CAAC;oBACR,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,MAAM;oBAC5B,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,iBAAiB;YACjB,MAAM,SAAS,GAAG,uCAAuC,kBAAkB,CAAC,CAAC,CAAC,EAAE,CAAC;YACjF,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;YAE7B,MAAM,QAAQ,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE;gBAC5C,OAAO,EAAE;oBACP,YAAY,EAAE,oEAAoE;iBACnF;aACF,CAAC,CAAC;YAEH,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,KAAK,CAAC,uBAAuB,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;YAC5D,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;YAErB,MAAM,OAAO,GAAmB,EAAE,CAAC;YAEnC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,IAAI,EAAE,EAAE;gBAC7B,IAAI,OAAO,CAAC,MAAM,IAAI,WAAW;oBAAE,OAAO;gBAE1C,MAAM,OAAO,GAAG,CAAC,CAAC,IAAI,CAAC,CAAC;gBACxB,IAAI,KAAK,GAAG,OAAO,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;gBACzD,IAAI,GAAG,GAAG,OAAO,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC;gBAC1D,IAAI,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC;gBAE7D,0CAA0C;gBAC1C,IAAI,CAAC,KAAK,IAAI,CAAC,GAAG;oBAAE,OAAO;gBAE3B,6BAA6B;gBAC7B,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,CAAC;oBAC5B,IAAI,CAAC,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,CAAC;wBACnD,OAAO;oBACT,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC;oBACP,OAAO;gBACT,CAAC;gBAED,sCAAsC;gBACtC,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAC5B,OAAO,GAAG,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;gBAEhC,OAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,EAAE,OAAO,EAAE,CAAC,CAAC;YACxC,CAAC,CAAC,CAAC;YAEH,MAAM,OAAO,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC;YAEvC,oCAAoC;YACpC,IAAI,GAAG,CAAC,IAAI,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;gBAC3B,MAAM,SAAS,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;YACtD,CAAC;YAED,gBAAgB;YAChB,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE;gBAClB,OAAO;gBACP,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAC;YAEH,cAAc;YACd,GAAG,CAAC,SAAS,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YACjC,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,GAAG,CAAC,CAAC;YACrC,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC;YAEvD,GAAG,CAAC,IAAI,CAAC;gBACP,KAAK,EAAE,CAAC;gBACR,KAAK,EAAE,OAAO,CAAC,MAAM;gBACrB,OAAO;aACR,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,GAAG,GAAG,KAAc,CAAC;YAC3B,oEAAoE;YACpE,OAAO,CAAC,KAAK,CAAC,eAAe,EAAE,GAAG,CAAC,CAAC,CAAC,6BAA6B;YAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,KAAK,EAAE,eAAe;gBACtB,OAAO,EAAE,0CAA0C;aACpD,CAAC,CAAC;QACL,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/types.d.ts

@@ -0,0 +1,59 @@
+/**
+ * Core types for WebPeel
+ */
+export interface PeelOptions {
+    /** Use headless browser instead of simple HTTP fetch */
+    render?: boolean;
+    /** Wait time in milliseconds after page load (only with render=true) */
+    wait?: number;
+    /** Output format */
+    format?: 'markdown' | 'text' | 'html';
+    /** Request timeout in milliseconds (default: 30000) */
+    timeout?: number;
+    /** Custom user agent */
+    userAgent?: string;
+}
+export interface PeelResult {
+    /** Final URL (after redirects) */
+    url: string;
+    /** Page title */
+    title: string;
+    /** Page content in requested format */
+    content: string;
+    /** Extracted metadata */
+    metadata: PageMetadata;
+    /** All links found on the page (absolute URLs, deduplicated) */
+    links: string[];
+    /** Estimated token count (rough: content.length / 4) */
+    tokens: number;
+    /** Method used: 'simple' | 'browser' */
+    method: 'simple' | 'browser';
+    /** Time elapsed in milliseconds */
+    elapsed: number;
+}
+export interface PageMetadata {
+    /** Meta description */
+    description?: string;
+    /** Author name */
+    author?: string;
+    /** Published date (ISO 8601) */
+    published?: string;
+    /** Open Graph image URL */
+    image?: string;
+    /** Canonical URL */
+    canonical?: string;
+}
+export declare class WebPeelError extends Error {
+    code?: string | undefined;
+    constructor(message: string, code?: string | undefined);
+}
+export declare class TimeoutError extends WebPeelError {
+    constructor(message: string);
+}
+export declare class BlockedError extends WebPeelError {
+    constructor(message: string);
+}
+export declare class NetworkError extends WebPeelError {
+    constructor(message: string);
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AAEH,MAAM,WAAW,WAAW;IAC1B,wDAAwD;IACxD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,wEAAwE;IACxE,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,oBAAoB;IACpB,MAAM,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;IACtC,uDAAuD;IACvD,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,wBAAwB;IACxB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,UAAU;IACzB,kCAAkC;IAClC,GAAG,EAAE,MAAM,CAAC;IACZ,iBAAiB;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,uCAAuC;IACvC,OAAO,EAAE,MAAM,CAAC;IAChB,yBAAyB;IACzB,QAAQ,EAAE,YAAY,CAAC;IACvB,gEAAgE;IAChE,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAC;IACf,wCAAwC;IACxC,MAAM,EAAE,QAAQ,GAAG,SAAS,CAAC;IAC7B,mCAAmC;IACnC,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,MAAM,WAAW,YAAY;IAC3B,uBAAuB;IACvB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,kBAAkB;IAClB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,gCAAgC;IAChC,SAAS,CAAC,EAAE,MAAM,CAAC;IACnB,2BAA2B;IAC3B,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,oBAAoB;IACpB,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,qBAAa,YAAa,SAAQ,KAAK;IACD,IAAI,CAAC,EAAE,MAAM;gBAArC,OAAO,EAAE,MAAM,EAAS,IAAI,CAAC,EAAE,MAAM,YAAA;CAIlD;AAED,qBAAa,YAAa,SAAQ,YAAY;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,YAAa,SAAQ,YAAY;gBAChC,OAAO,EAAE,MAAM;CAI5B;AAED,qBAAa,YAAa,SAAQ,YAAY;gBAChC,OAAO,EAAE,MAAM;CAI5B"}

package/dist/types.js

@@ -0,0 +1,30 @@
+/**
+ * Core types for WebPeel
+ */
+export class WebPeelError extends Error {
+    code;
+    constructor(message, code) {
+        super(message);
+        this.code = code;
+        this.name = 'WebPeelError';
+    }
+}
+export class TimeoutError extends WebPeelError {
+    constructor(message) {
+        super(message, 'TIMEOUT');
+        this.name = 'TimeoutError';
+    }
+}
+export class BlockedError extends WebPeelError {
+    constructor(message) {
+        super(message, 'BLOCKED');
+        this.name = 'BlockedError';
+    }
+}
+export class NetworkError extends WebPeelError {
+    constructor(message) {
+        super(message, 'NETWORK');
+        this.name = 'NetworkError';
+    }
+}
+//# sourceMappingURL=types.js.map

package/dist/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA;;GAEG;AA+CH,MAAM,OAAO,YAAa,SAAQ,KAAK;IACD;IAApC,YAAY,OAAe,EAAS,IAAa;QAC/C,KAAK,CAAC,OAAO,CAAC,CAAC;QADmB,SAAI,GAAJ,IAAI,CAAS;QAE/C,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,OAAO,YAAa,SAAQ,YAAY;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,OAAO,YAAa,SAAQ,YAAY;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF;AAED,MAAM,OAAO,YAAa,SAAQ,YAAY;IAC5C,YAAY,OAAe;QACzB,KAAK,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;QAC1B,IAAI,CAAC,IAAI,GAAG,cAAc,CAAC;IAC7B,CAAC;CACF"}

package/llms.txt

@@ -0,0 +1,60 @@
+# WebPeel
+
+> Fetch any web page as clean, AI-ready markdown.
+
+WebPeel is an open-source web fetcher designed for AI agents. It converts web pages to clean markdown with smart escalation: tries simple HTTP first (~200ms), automatically escalates to a headless browser when blocked.
+
+## Quick Start
+
+```bash
+# CLI (zero install)
+npx webpeel https://example.com
+
+# Library
+import { peel } from 'webpeel';
+const result = await peel('https://example.com');
+
+# MCP Server (Claude Desktop / Cursor / VS Code)
+npx webpeel mcp
+```
+
+## MCP Tools
+
+- `webpeel_fetch` — Fetch a URL, return clean markdown. Params: url (required), render (boolean), wait (ms), format (markdown|text|html)
+- `webpeel_search` — Search the web via DuckDuckGo. Params: query (required), count (1-10)
+
+## MCP Configuration
+
+```json
+{
+  "mcpServers": {
+    "webpeel": {
+      "command": "npx",
+      "args": ["-y", "webpeel", "mcp"]
+    }
+  }
+}
+```
+
+## Key Features
+
+- Smart escalation: HTTP → Playwright headless browser (only when needed)
+- Anti-bot bypass: handles Cloudflare challenges, JavaScript walls, 403s
+- Token-optimized: strips navigation, ads, scripts, cookie banners
+- Metadata extraction: title, description, author, published date, links
+- Search: built-in DuckDuckGo integration
+- Local-first: runs on your machine, no API key required
+
+## Hosted API
+
+```bash
+curl "https://api.webpeel.dev/v1/fetch?url=https://example.com"
+curl "https://api.webpeel.dev/v1/search?q=your+query"
+```
+
+## Links
+
+- Website: https://webpeel.dev
+- GitHub: https://github.com/JakeLiuMe/webpeel
+- npm: https://www.npmjs.com/package/webpeel
+- API Docs: https://webpeel.dev/docs

package/package.json

@@ -0,0 +1,80 @@
+{
+  "name": "webpeel",
+  "version": "0.1.0",
+  "description": "Fast web fetcher for AI agents - smart escalation from simple HTTP to headless browser",
+  "author": "Jake Liu",
+  "license": "MIT",
+  "type": "module",
+  "main": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "bin": {
+    "webpeel": "./dist/cli.js"
+  },
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    }
+  },
+  "files": [
+    "dist",
+    "!dist/tests",
+    "README.md",
+    "LICENSE",
+    "llms.txt"
+  ],
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "lint": "tsc --noEmit",
+    "prepublishOnly": "npm run build",
+    "serve": "node dist/server/app.js",
+    "mcp": "node dist/mcp/server.js"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/JakeLiuMe/webpeel.git"
+  },
+  "bugs": {
+    "url": "https://github.com/JakeLiuMe/webpeel/issues"
+  },
+  "homepage": "https://webpeel.dev",
+  "keywords": [
+    "web-scraper",
+    "ai-agent",
+    "mcp-server",
+    "mcp",
+    "playwright",
+    "markdown",
+    "fetcher",
+    "web-fetcher",
+    "claude",
+    "cursor",
+    "codex"
+  ],
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.4",
+    "cheerio": "^1.0.0",
+    "commander": "^12.0.0",
+    "cors": "^2.8.5",
+    "express": "^4.21.2",
+    "lru-cache": "^11.0.2",
+    "ora": "^8.0.1",
+    "playwright": "^1.48.0",
+    "turndown": "^7.2.0",
+    "undici": "^7.2.0"
+  },
+  "devDependencies": {
+    "@types/cors": "^2.8.17",
+    "@types/express": "^5.0.0",
+    "@types/node": "^22.0.0",
+    "@types/turndown": "^5.0.5",
+    "typescript": "^5.6.0",
+    "vitest": "^2.1.0"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}