From 7a5c0c5e567a95219593e431be6900f2746c5100 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 13:53:48 -0700
Subject: [PATCH 01/11] docs: add HTML format design spec

Brainstorm output for the planned HTML page format alongside A2UI.
View-only, no JS, sandbox+CSP+sanitizer defense-in-depth. Two MCP
tools (show_ui, show_html). No subdomain isolation; no-JS is a
structural constraint enforced by CI.
---
 .../specs/2026-05-15-html-format-design.md    | 584 ++++++++++++++++++
 1 file changed, 584 insertions(+)
 create mode 100644 docs/superpowers/specs/2026-05-15-html-format-design.md

diff --git a/docs/superpowers/specs/2026-05-15-html-format-design.md b/docs/superpowers/specs/2026-05-15-html-format-design.md
new file mode 100644
index 0000000..1d17cf9
--- /dev/null
+++ b/docs/superpowers/specs/2026-05-15-html-format-design.md
@@ -0,0 +1,584 @@
+# HTML Page Format — Design
+
+Status: draft, awaiting user review (2026-05-15).
+
+## Goal
+
+Add **HTML** as a second first-class page format alongside A2UI. The
+agent gets two single-purpose tools:
+
+- `show_ui(spec)` — emit an A2UI spec when you need a **structured
+  answer** back from the user (form, picker, confirmation). _Existing
+  behavior, unchanged._
+- `show_html(html)` — emit an HTML page when you need to **show** the
+  user a visual artifact (report, dashboard, chart, infographic,
+  comparison, slide). View-only; nothing comes back.
+
+The rule is binary: **`show_html` to show, `show_ui` to ask.** If you
+need to read the user's response, use A2UI.
+
+## Why now
+
+PRD § _Scope V0 — out_ already names "Multi-format spec" as the
+anticipated future wire-shape change. This is that change. A2UI is great
+at the "structured input" lane but inadequate when the agent wants to
+hand the user a rendered visual — there is no A2UI primitive for "a
+report with these styled tables and inline SVG bars." HTML closes that
+gap without disturbing A2UI.
+
+## Non-goals
+
+This spec deliberately excludes the following. Each is rejected with a
+reason so future maintainers don't quietly add them back.
+
+- **JavaScript execution.** No `<script>`, no `on*=` handlers, no
+  `javascript:` URLs. _Reason: see § Structural constraint below — JS
+  support is incompatible with same-origin srcdoc isolation, and we are
+  not investing in subdomain isolation._
+- **Submit from HTML pages.** HTML pages never produce a result; the
+  state machine is `open` → expiry. _Reason: A2UI already owns the
+  submit/result pipeline. Splitting that responsibility would duplicate
+  a working surface for no gain. Multi-step flows already work by
+  emitting a follow-up page._
+- **External assets.** No external `<script src>`, `<link rel=stylesheet>`,
+  `<img src=https:>`, web fonts, CDN libraries. Inline only. _Reason:
+  external `connect-src` is the dominant exfiltration channel and the
+  primary supply-chain attack surface. Allowing it negates most of the
+  benefit of the no-JS posture._
+- **Subdomain isolation.** HTML is served from the existing renderer
+  origin via srcdoc. _Reason: scoped out by the product owner; no
+  custom domain investment for V1._
+- **Real abuse-reporting flow.** V1 ships only a `mailto:` report link.
+  _Reason: a real flow is a separate project (intake form, moderation
+  queue, takedown automation, SLA)._
+- **Content scanning / Safe Browsing integration.** _Reason: out of
+  scope for V1; revisit if abuse becomes a real signal in logs._
+- **Custom TTL per format.** Both formats use the existing 30 min TTL.
+  _Reason: V1 doesn't need a "shareable for longer" HTML mode and
+  longer TTL grows the abuse blast radius._
+
+## Structural constraint (load-bearing)
+
+> **HTML pages MUST NOT execute JavaScript.** Ever.
+
+The security model of this design rests on three layers — sandbox
+attribute, CSP, sanitizer — and each layer becomes much weaker if JS
+runs. Same-origin srcdoc isolation specifically is safe _only because_
+no script executes; with JS enabled, an attacker-controlled page could
+exfiltrate anything the renderer origin ever stored in cookies or
+localStorage, register a service worker that persists across all future
+Pagent visits, or beacon out via `fetch`.
+
+Removing the `sandbox` attribute, allowing `<script>`, allowing event
+handlers, or weakening the CSP `script-src` is forbidden without first
+introducing wildcard subdomain isolation (separate registrable origin
+per page, PSL submission, wildcard TLS, dedicated edge routing). Since
+the product owner has scoped that investment out, the practical effect
+is: **JS support is off the roadmap.**
+
+This constraint is enforced by a CI test (§ Testing).
+
+## Architecture
+
+```
+agent (MCP)              api/server.ts                Postgres
+  │                          │                           │
+  │ show_html(html)──────────│                           │
+  │  POST /new              ─│ sanitize(html)            │
+  │  {format:"html", spec}   │ INSERT pages              │
+  │                          │ (format=html, state=open)─│
+  │◀── { id, url }           │ map.set(id, page)         │
+  │                          │                           │
+user (browser)                │                           │
+  │  GET /<id> ─────────────▶│ map.get(id) ─────────────▶│
+  │◀── { format:"html",      │                           │
+  │      spec, state, ... }  │                           │
+  │                          │                           │
+  ▼                          │                           │
+shell (apps/web)             │                           │
+  ├─ format router           │                           │
+  ├─ "a2ui"  → A2UI surface  │                           │
+  └─ "html"  → <iframe sandbox srcdoc="...">             │
+```
+
+Two surfaces, one router. Same backend, same storage table, same TTL,
+same rate limit. The only diverging path is "what the renderer does
+with the spec."
+
+## Wire format
+
+`POST /new` request body grows one optional field:
+
+```ts
+{
+  format?: "a2ui" | "html",   // defaults to "a2ui" for backcompat
+  spec: A2uiMessage[] | string  // array for a2ui, string for html
+}
+```
+
+Zod schema (in `apps/api/schemas.ts`) becomes a discriminated union with
+a defaulted discriminator:
+
+```ts
+const newPageBodySchema = z.union([
+  z.object({
+    format: z.literal("a2ui").optional().default("a2ui"),
+    spec: z.unknown(),   // existing behaviour: opaque to the service
+  }),
+  z.object({
+    format: z.literal("html"),
+    spec: z.string().min(1).max(1_000_000),
+  }),
+]);
+```
+
+Existing clients (no `format` field) keep working — they fall through
+to the A2UI branch.
+
+`GET /:id` response grows the `format` field so the renderer can route:
+
+```ts
+{ format: "a2ui" | "html", spec, state, result, expires_at }
+```
+
+## API changes (`apps/api/`)
+
+| File          | Change                                                                                                                                |
+| ------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
+| `schemas.ts`  | Discriminated-union `newPageBodySchema` (above).                                                                                      |
+| `app.ts`      | `POST /new`: read `format`; if `html`, run the sanitizer (§ Sanitizer) before storage. Include `format` in `GET /:id` response.       |
+| `app.ts`      | `POST /:id/result`: reject with `400 invalid_for_format` when `format === "html"`. HTML pages have no result.                         |
+| `app.ts`      | Body-size limit: keep current 256 KB for A2UI; bump to **1 MB** for HTML. Branch on early `format` peek before the full Zod parse.    |
+| `db.ts`       | New column `format text not null default 'a2ui' check (format in ('a2ui','html'))`. Insert/select pick up the new column.             |
+| `db.ts`       | `Page` type adds `format: 'a2ui' \| 'html'`.                                                                                          |
+| `migrations/` | One `ALTER TABLE pages ADD COLUMN format …` migration; backfill is implicit via the default.                                          |
+
+Storage: `spec` column stays `jsonb`. JSONB stores strings fine
+(serialized as a JSON string). No type change.
+
+## Sanitizer
+
+Server-side, runs once on submission, before storage. We store the
+sanitized output. We _also_ log the dropped tag/attribute counts for
+abuse forensics, but we don't persist the raw original payload (the
+sanitizer's idempotent over identity for safe inputs).
+
+Library: **DOMPurify** running inside **jsdom** (server-side, Node 22+).
+Both packages are mature, actively maintained, widely used in this
+exact role.
+
+Config (`apps/api/sanitize.ts`, new file):
+
+```ts
+import createDOMPurify from "dompurify";
+import { JSDOM } from "jsdom";
+
+const window = new JSDOM("").window;
+const DOMPurify = createDOMPurify(window as unknown as Window);
+
+DOMPurify.setConfig({
+  USE_PROFILES: { html: true, svg: true },
+  FORBID_TAGS: [
+    "script", "iframe", "frame", "frameset",
+    "embed", "object", "applet",
+    "link",   // no external stylesheets
+    "base",   // we inject our own <base>
+    "meta",   // refuses meta-refresh & meta-CSP from agent
+  ],
+  FORBID_ATTR: [
+    "formaction",
+    "srcdoc",        // no nested srcdoc
+    "xlink:href",    // SVG-XSS vector
+  ],
+  ALLOWED_URI_REGEXP:
+    /^(?:(?:https):|mailto:|#|data:image\/(?:png|jpe?g|gif|webp|svg\+xml);base64,)/i,
+  ALLOW_DATA_ATTR: false,
+  ADD_ATTR: [],
+  // DOMPurify strips all on* event handlers by default; explicit:
+  FORBID_CONTENTS: ["script"],
+  WHOLE_DOCUMENT: false,  // we wrap in our scaffold
+  RETURN_TRUSTED_TYPE: false,
+});
+
+export function sanitize(html: string): {
+  output: string;
+  removedTags: number;
+  removedAttrs: number;
+};
+```
+
+Defense in depth:
+
+| Layer          | What it stops                                                              | Where it fails              |
+| -------------- | -------------------------------------------------------------------------- | --------------------------- |
+| Sanitizer      | `<script>`, event handlers, `javascript:` URLs, dangerous tags             | DOMPurify bypass (rare CVE) |
+| CSP            | Inline JS (`unsafe-inline` is not granted), external fetch, form submit    | Browser CSP bug             |
+| `sandbox`      | Script execution at the iframe document level                              | Misconfigured attribute     |
+
+Bypassing all three layers requires a defect in each. We accept that
+absolute safety doesn't exist; the goal is "no single defect grants
+script execution on the renderer origin."
+
+## Renderer flow (`apps/web/`)
+
+`main.ts` becomes a format router. The A2UI path is the existing code,
+moved into `renderA2ui`. A new `renderHtml` handles the HTML format.
+
+```ts
+// apps/web/main.ts (sketch)
+const page = await fetchPage(pageId);
+if (page.format === "html") {
+  renderHtml(page.spec as string);  // string after sanitization
+} else {
+  renderA2ui(page.spec as A2uiMessage[]);  // existing
+}
+```
+
+`renderHtml` builds a scaffolded document and embeds it in a sandboxed
+iframe:
+
+```ts
+function scaffold(sanitizedHtml: string): string {
+  return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta http-equiv="Content-Security-Policy" content="${IFRAME_CSP}">
+<meta name="robots" content="noindex,nofollow,noarchive">
+<meta name="referrer" content="no-referrer">
+<base target="_blank" rel="noopener noreferrer nofollow ugc">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+</head>
+<body>${sanitizedHtml}</body>
+</html>`;
+}
+
+function renderHtml(html: string) {
+  const iframe = document.createElement("iframe");
+  iframe.setAttribute("sandbox", "");           // no tokens → maximum lockdown
+  iframe.setAttribute("referrerpolicy", "no-referrer");
+  iframe.setAttribute("allow", "");              // explicit empty Permissions-Policy
+  iframe.setAttribute("loading", "lazy");
+  iframe.setAttribute("title", "Agent-generated content");
+  iframe.srcdoc = scaffold(html);
+  iframe.style.cssText = "width:100%;height:100vh;border:0;display:block";
+  appElement.replaceChildren(renderChrome(), iframe);
+}
+```
+
+`renderChrome` is a thin shell-side header outside the iframe with:
+
+- a small "AI-generated content" label,
+- a "Report" link → `mailto:alex@blockful.io?subject=Abuse report for page <id>&body=<id>` (V1 abuse flow).
+
+### Iframe CSP (`IFRAME_CSP`)
+
+```
+default-src 'none';
+img-src 'self' data:;
+style-src 'unsafe-inline';
+font-src data:;
+form-action 'none';
+frame-src 'none';
+base-uri 'none';
+sandbox;
+```
+
+Plain English per directive:
+
+- `default-src 'none'` — block everything by default; re-enable narrowly.
+- `img-src 'self' data:` — only inline images; same-origin is empty
+  (opaque origin), so practically only `data:` URIs.
+- `style-src 'unsafe-inline'` — inline `<style>` and `style=""` work.
+  No external stylesheets (would need to be in `style-src` URLs, none
+  allowed).
+- `font-src data:` — inline fonts only. No CDN fonts.
+- `form-action 'none'` — `<form action=…>` cannot submit anywhere.
+  Phishing forms are inert.
+- `frame-src 'none'` — no nested iframes.
+- `base-uri 'none'` — agent can't redirect relative URLs by changing
+  the base.
+- `sandbox` — CSP-level sandbox, redundant with the iframe attribute,
+  cheap defense-in-depth.
+
+`frame-ancestors` is deliberately omitted. The iframe document has an
+opaque origin (`sandbox` without `allow-same-origin`), so `'self'` would
+fail to match the parent shell (every opaque origin is unique) and could
+block our own renderer from displaying it. The shell origin already
+sets `X-Frame-Options: DENY` (`apps/web/vercel.json`), which prevents
+third-party sites from embedding the renderer URL — the upstream
+protection that `frame-ancestors` would have provided here.
+
+## MCP server changes (`apps/mcp/`)
+
+Two tools instead of one. `check_result`'s return shape grows a
+`format` field.
+
+```ts
+// existing — unchanged signature, sharpened description
+show_ui({ spec: unknown }) -> { page_id, url, expires_at }
+
+// new
+show_html({ html: string }) -> { page_id, url, expires_at }
+
+// existing tool — return shape grows `format` (existing
+// callers that destructure { state, result } keep working).
+check_result({ page_id: string }) -> { state, result, format }
+```
+
+Both `show_*` tools hit the same `POST /new` endpoint, setting the
+right `format` value in the body. `check_result` now surfaces the page
+format so an agent that calls it on an HTML page (against the skill's
+guidance) at least gets the explicit signal `format === "html"` and
+can stop polling.
+
+### Tool descriptions
+
+`show_ui`:
+
+> Ask the user a question that needs a structured answer back. Forms,
+> pickers, confirmations, multi-field intake. The user submits in the
+> browser; poll `check_result` until the answer arrives. Use this
+> whenever you need _anything_ from the user — input, a choice, a
+> confirmation. If you only want to _show_ something, use `show_html`
+> instead.
+
+`show_html`:
+
+> Show the user a rich visualization: a styled report, dashboard,
+> chart, infographic, comparison table, slide, or other view-only
+> artifact. The page is one-way — the user looks at it; nothing comes
+> back. **Do not poll `check_result` for HTML pages; they never
+> produce a result.**
+>
+> Constraints (enforced; violations are stripped or rejected):
+>
+> - No `<script>` tags, no `on*=` event handlers, no `javascript:`
+>   URLs. JavaScript does not run.
+> - No external assets. Inline all CSS as `<style>`. Embed images as
+>   `data:image/...;base64,...` URIs. No Google Fonts, no CDN
+>   libraries, no remote `<img src=https:>`.
+> - No `<form>` submissions. No `<iframe>`, `<meta http-equiv=refresh>`.
+> - 1 MB payload cap.
+>
+> If the user needs to act on what they see, follow up with a
+> `show_ui` call.
+
+## Skill prose (`skills/pagent/SKILL.md`)
+
+Add a section at the top titled **"Picking a tool"**:
+
+> Two tools, one rule: **`show_html` to show; `show_ui` to ask.**
+>
+> If anything has to come back from the user — a value, a selection,
+> a click — use `show_ui`. If the user just looks at it — a report, a
+> chart, a dashboard, a comparison — use `show_html`. When in doubt,
+> ask yourself: "Do I need to read the user's response?" Yes →
+> `show_ui`. No → `show_html`.
+>
+> Multi-step flows work the same way: each step is a separate page.
+> Show a dashboard with `show_html`, then ask "what next?" with
+> `show_ui`. Don't try to bundle visualization and input into one
+> page.
+
+The polling-pattern prose stays. Add a single line under it:
+
+> Only A2UI pages have a result. HTML pages never transition out of
+> `open` — do not poll them.
+
+## State machine
+
+A2UI pages: `open → submitted → received` (unchanged).
+HTML pages: `open` (terminal). Page expires on TTL. No result
+transition.
+
+`POST /:id/result` on an HTML page returns `400 invalid_for_format`.
+`GET /:id/result` on an HTML page returns
+`{ state: "open", result: null, format: "html" }` until expiry. The
+`format` field is the explicit signal to the agent: "this is HTML —
+stop polling." Skill prose and MCP tool descriptions reinforce the
+same instruction; the field is the load-bearing primitive.
+
+## Body size, TTL, rate limiting
+
+| Setting           | A2UI                | HTML                |
+| ----------------- | ------------------- | ------------------- |
+| Max body          | 256 KB (unchanged effective cap) | **1 MB**            |
+| TTL               | 30 min (unchanged)  | 30 min              |
+| Rate limit        | 30/min/IP (existing)| 30/min/IP (shared)  |
+
+Implementation: the Hono `bodyLimit` middleware is set to 1 MB
+unconditionally. The post-parse handler enforces the per-format cap —
+if `format !== "html"` and the raw body exceeded 256 KB, return 413
+with `{ error: "payload_too_large", format: "a2ui", max: 256000 }`.
+HTML payloads above 1 MB are rejected by the middleware before the
+handler runs. The exact size check (Content-Length header vs. captured
+body length) is an implementation detail for the writing-plans phase
+to settle against Hono's middleware ordering; the constraint is what
+matters here.
+
+## Observability
+
+Existing Pino + OTel logging. New fields:
+
+- `format` on every page-create log line.
+- `sanitizer_removed_tags` (count) on HTML submissions.
+- `sanitizer_removed_attrs` (count) same.
+
+No new dashboards required in V1. Spike in sanitizer-removed counts is
+the early signal that an agent (or attacker) is routinely emitting
+something we strip — informs future allowlist tuning.
+
+## Testing
+
+### Unit (Vitest)
+
+- `sanitize.ts`: one test per forbidden tag (`<script>`, `<iframe>`,
+  `<object>`, `<embed>`, `<link>`, `<base>`, `<meta>`, `<applet>`,
+  `<frame>`, `<frameset>`) asserting the tag is stripped from the
+  output.
+- `sanitize.ts`: one test per dangerous attribute (`onclick`, `onload`,
+  `onerror`, `formaction`, `srcdoc`, `xlink:href`).
+- `sanitize.ts`: one test per blocked URI scheme (`javascript:`,
+  `vbscript:`, `data:text/html`, `data:application/javascript`).
+- `sanitize.ts`: idempotency — sanitizing a clean payload returns it
+  unchanged.
+- `schemas.ts`: discriminated-union acceptance/rejection per format.
+- `app.ts`: body limit per format, 413 cases for both.
+- `app.ts`: `POST /:id/result` returns `400 invalid_for_format` on an
+  HTML page.
+
+### Renderer (Vitest + happy-dom or Playwright)
+
+- HTML page renders with `iframe[sandbox=""]` (empty string, no tokens)
+  and `srcdoc` containing the scaffolded document.
+- Iframe's srcdoc contains the strict CSP meta tag at the top of
+  `<head>`.
+- A2UI path is unaffected (no iframe, A2UI surface renders).
+
+### E2E (Playwright)
+
+- Submit an HTML payload containing each of:
+  - `<script>alert(1)</script>`,
+  - `<form action="https://attacker.example">…</form>`,
+  - `<meta http-equiv="refresh" content="0;url=https://attacker.example">`,
+  - `<img src="https://attacker.example/pixel.png">`,
+  - `<a onclick="…">`,
+  - `<iframe src="https://attacker.example">`.
+- Open the rendered URL.
+- Assert: no network requests to `attacker.example` (Playwright
+  intercept), no top navigation, no `alert` fired, no script in the DOM
+  (via the iframe content tree).
+
+### CI tripwire
+
+A test in `apps/web/` that loads the iframe code path and asserts:
+
+```ts
+expect(iframe.getAttribute("sandbox")).toBe("");
+expect(iframe.getAttribute("sandbox")).not.toContain("allow-scripts");
+expect(iframe.getAttribute("sandbox")).not.toContain("allow-same-origin");
+```
+
+A test in `apps/api/` that asserts the sanitizer config does not allow
+`<script>`:
+
+```ts
+expect(sanitize("<script>1</script>").output).not.toContain("<script");
+```
+
+## Migration
+
+This codebase has no separate migrations directory — schema is bootstrap
+in `apps/api/db.ts`'s `init()` (`create table if not exists pages …`).
+Two changes there:
+
+1. Add `format` to the create-table block so fresh deployments get it:
+
+   ```ts
+   await sql`
+     create table if not exists pages (
+       id           text primary key,
+       spec         jsonb       not null,
+       format       text        not null default 'a2ui'
+                                check (format in ('a2ui','html')),
+       state        text        not null check (state in ('open','submitted','received')),
+       result       jsonb,
+       created_at   timestamptz not null default now(),
+       expires_at   timestamptz not null,
+       submitted_at timestamptz,
+       received_at  timestamptz
+     )
+   `;
+   ```
+
+2. Add an idempotent `ALTER TABLE` immediately after, so existing
+   deployments pick up the column without manual intervention:
+
+   ```ts
+   await sql`
+     alter table pages
+       add column if not exists format text
+         not null default 'a2ui'
+         check (format in ('a2ui','html'))
+   `;
+   ```
+
+Backfill is implicit via the default — every existing row inherits
+`format = 'a2ui'`. Both statements are idempotent and safe to run on
+every boot.
+
+## Rollout
+
+Land in **one PR** as three logical commits in order:
+
+1. **API + storage** — Zod discriminator, sanitizer, body-limit branch,
+   schema update, `POST /:id/result` rejection for HTML, `format` in
+   `GET /:id` and `GET /:id/result` responses. Includes API unit tests.
+2. **MCP** — `show_html` tool added, `show_ui` description sharpened,
+   tool registry updated. Includes MCP smoke test.
+3. **Renderer + skill** — format router, scaffold + iframe rendering,
+   chrome with Report link, `SKILL.md` updated. Includes renderer
+   tests and the Playwright E2E.
+
+Each commit individually leaves the tree green. Pre-commit-2 code, the
+API has the new format but no MCP tool calls it (manual `curl` works,
+agents don't change). Pre-commit-3, the API + MCP accept HTML but the
+renderer hasn't shipped — the JSON `GET /:id` returns `format: "html"`,
+the renderer (still on the old version until Vercel redeploys) would
+render the spec as A2UI and fail. So **commits 1 and 2 can ship to
+Railway only after commit 3 has reached Vercel.** Practical sequencing:
+merge the PR, wait for Vercel to deploy the renderer, then redeploy
+Railway. Both auto-deploy from `main` per existing CD.
+
+## Open questions
+
+None blocking implementation. Future considerations to revisit when V1
+ships:
+
+- Sanitizer-removed-tag dashboards: are agents routinely emitting
+  things we strip that we could safely allow (e.g. inline SVG features
+  not in the default profile)?
+- Should A2UI pages bump to 1 MB too, or stay 256 KB? V1 keeps them at
+  256 KB — no real-world ceiling reports yet.
+- Abuse-reporting flow upgrade from `mailto:` → real intake form +
+  moderation queue. Spec separately when traffic justifies it.
+- Custom domain → wildcard subdomain isolation, if the JS-support
+  question ever comes back.
+
+## Decisions summary
+
+| Decision                           | Chosen                                          | Rejected                                                  |
+| ---------------------------------- | ----------------------------------------------- | --------------------------------------------------------- |
+| Adding HTML alongside A2UI         | Yes, both first-class                           | HTML replaces A2UI / A2UI-only                            |
+| JS in HTML                         | None ever (structural)                          | Inline JS / allowlisted CDN scripts / unrestricted        |
+| Submit in HTML                     | None (view-only)                                | `<form action>` direct POST / `postMessage`               |
+| Origin isolation                   | Same origin, srcdoc, opaque-sandbox             | Wildcard subdomain (Approach 2)                           |
+| Sanitization                       | Server-side DOMPurify+jsdom, strict denylist    | Trust agent / client-side only / no sanitization          |
+| External assets                    | None (inline only)                              | Allowlisted CDNs / Google Fonts / `https:` images         |
+| Body cap (HTML)                    | 1 MB                                            | 256 KB (too tight with data URIs) / 5 MB (overkill)       |
+| Body cap (A2UI)                    | 256 KB (unchanged)                              | Uniform 1 MB                                              |
+| TTL                                | 30 min for both                                 | Longer TTL for HTML                                       |
+| MCP tool                           | Two tools: `show_ui`, `show_html`               | One tool with `format` flag / brand-new endpoint          |
+| Result polling for HTML            | Never transitions; advise agent not to poll     | Synthesize a "viewed" state                               |
+| Abuse flow V1                      | `mailto:` Report link only                      | Full intake form + moderation queue                       |

From a7cb4c7149629e6138831676d3e25ee0764b3688 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 14:13:37 -0700
Subject: [PATCH 02/11] docs: add HTML format implementation plan

Step-by-step plan covering 16 tasks across 3 commits (API+sanitizer,
MCP tools, renderer+skill+docs) + quality gate + PR. Each task has
bite-sized TDD steps with the actual code.
---
 .../plans/2026-05-15-html-format.md           | 2270 +++++++++++++++++
 1 file changed, 2270 insertions(+)
 create mode 100644 docs/superpowers/plans/2026-05-15-html-format.md

diff --git a/docs/superpowers/plans/2026-05-15-html-format.md b/docs/superpowers/plans/2026-05-15-html-format.md
new file mode 100644
index 0000000..e77f758
--- /dev/null
+++ b/docs/superpowers/plans/2026-05-15-html-format.md
@@ -0,0 +1,2270 @@
+# HTML Page Format Implementation Plan
+
+> **For agentic workers:** REQUIRED SUB-SKILL: Use superpowers:subagent-driven-development (recommended) or superpowers:executing-plans to implement this plan task-by-task. Steps use checkbox (`- [ ]`) syntax for tracking.
+
+**Goal:** Add HTML as a second first-class page format alongside A2UI, with two MCP tools (`show_ui` for asking, `show_html` for showing). HTML pages are view-only, JS-free, sandbox-iframe-rendered. Backwards compatible with all existing A2UI clients.
+
+**Architecture:** Single API endpoint (`POST /new`) accepts an optional `format` field discriminating A2UI vs HTML. New `format` column on the `pages` table. Server-side DOMPurify sanitization on HTML submission. Renderer routes by `format` and renders HTML inside a sandboxed iframe with strict CSP via meta tag. Two MCP tools surface this to the agent.
+
+**Tech Stack:** TypeScript (strict), Hono, Zod, Postgres (via `postgres`), Lit, Vite, Vitest, DOMPurify (via `isomorphic-dompurify`).
+
+**Spec:** [`docs/superpowers/specs/2026-05-15-html-format-design.md`](../specs/2026-05-15-html-format-design.md)
+
+---
+
+## File structure
+
+**New files:**
+- `apps/api/sanitize.ts` — DOMPurify wrapper, exports `sanitize(html)`
+- `apps/api/sanitize.test.ts` — tests for each blocked tag/attr/URI scheme
+- `apps/web/html-renderer.ts` — scaffolded-HTML + iframe rendering helpers (pure functions)
+- `apps/web/html-renderer.test.ts` — tests for scaffold + iframe attrs
+
+**Modified files:**
+- `apps/api/db.ts` — add `format` to schema, `Page` type, insert/get
+- `apps/api/schemas.ts` — discriminated-union `newPageBodySchema`
+- `apps/api/schemas.test.ts` — new cases for both branches
+- `apps/api/store.ts` — `createPage` accepts `format`
+- `apps/api/app.ts` — sanitize on POST /new, surface `format` in GET responses, reject POST result on HTML
+- `apps/api/app.test.ts` — new cases for HTML POST /new flow, format echo, result rejection
+- `apps/api/db.test.ts` — Page-with-format round-trip
+- `apps/api/mcp/tools.ts` — add `show_html`, sharpen `show_ui`, surface `format` in `check_result`
+- `apps/api/package.json` — add `isomorphic-dompurify` dep
+- `apps/mcp/server.ts` — wire `showHtml` in `PageOps`
+- `apps/web/main.ts` — route by `format` in `applySpec` / fetch flow
+- `apps/web/csp.ts` — add `buildIframeCsp()`
+- `apps/web/csp.test.ts` — tests for `buildIframeCsp`
+- `skills/pagent/SKILL.md` — show/ask dichotomy + skill description
+- `docs/openapi.yaml` — document `format` field on `POST /new` and `GET` responses
+
+**Three commits, one PR:**
+1. API + storage + sanitizer (Tasks 1–6)
+2. MCP tools (Tasks 7–9)
+3. Renderer + skill + docs (Tasks 10–14)
+Plus Task 15 (quality gate) and Task 16 (push + PR).
+
+---
+
+## Task 1: Add `format` column to DB schema and `Page` type
+
+**Files:**
+- Modify: `apps/api/db.ts`
+- Modify: `apps/api/db.test.ts`
+
+The `format` column lives on every row. Existing rows backfill to `'a2ui'` via the column default. The bootstrap `init()` adds both a create-table-if-not-exists (for fresh deployments) and an idempotent `alter table … add column if not exists` (for existing deployments). Idempotent on every boot.
+
+- [ ] **Step 1: Write the failing test**
+
+Append to `apps/api/db.test.ts` (find the existing `describe('insertPage / getActivePage', …)` block and add a sibling describe or extend it; if no DB tests exist for round-trips, add a new block — preserve any existing setup/teardown):
+
+```ts
+import { describe, it, expect, beforeAll, afterAll } from 'vitest';
+import * as db from './db.ts';
+import { newId } from './store.ts';
+
+// Reuse whatever DATABASE_URL the suite uses (vitest.config.ts sets it).
+describe('Page format column', () => {
+  beforeAll(async () => {
+    await db.init(process.env.DATABASE_URL!);
+  });
+
+  afterAll(async () => {
+    await db.shutdown();
+  });
+
+  it('round-trips format=a2ui (default) and format=html', async () => {
+    const idA = newId();
+    const idH = newId();
+    const now = Date.now();
+    await db.insertPage({
+      id: idA,
+      spec: { a: 1 },
+      format: 'a2ui',
+      state: 'open',
+      result: null,
+      createdAt: now,
+      expiresAt: now + 60_000,
+    });
+    await db.insertPage({
+      id: idH,
+      spec: '<div>hi</div>',
+      format: 'html',
+      state: 'open',
+      result: null,
+      createdAt: now,
+      expiresAt: now + 60_000,
+    });
+
+    const pA = await db.getActivePage(idA);
+    const pH = await db.getActivePage(idH);
+    expect(pA?.format).toBe('a2ui');
+    expect(pH?.format).toBe('html');
+    expect(pH?.spec).toBe('<div>hi</div>');
+  });
+});
+```
+
+- [ ] **Step 2: Run test to verify it fails**
+
+Run: `cd apps/api && npx vitest run db.test.ts -t "format column"`
+Expected: FAIL — `Page` type does not have `format`, `insertPage` doesn't accept it, `getActivePage` returns nothing for format. TypeScript error or runtime null.
+
+- [ ] **Step 3: Update `Page` type and DB layer**
+
+In `apps/api/db.ts`, replace the existing `Page` type with:
+
+```ts
+export type PageFormat = 'a2ui' | 'html';
+
+export type Page = {
+  id: string;
+  spec: unknown;
+  format: PageFormat;
+  state: PageState;
+  result: unknown;
+  createdAt: number;
+  expiresAt: number;
+};
+```
+
+Update the bootstrap `init()` (around line 39–57). Replace the create-table block with:
+
+```ts
+  await sql`
+    create table if not exists pages (
+      id           text primary key,
+      spec         jsonb       not null,
+      format       text        not null default 'a2ui' check (format in ('a2ui','html')),
+      state        text        not null check (state in ('open','submitted','received')),
+      result       jsonb,
+      created_at   timestamptz not null default now(),
+      expires_at   timestamptz not null,
+      submitted_at timestamptz,
+      received_at  timestamptz
+    )
+  `;
+  // Pick up the column on pre-existing deployments. Idempotent.
+  await sql`
+    alter table pages
+      add column if not exists format text
+        not null default 'a2ui'
+        check (format in ('a2ui','html'))
+  `;
+  await sql`create index if not exists pages_expires_at_idx on pages (expires_at)`;
+```
+
+Update `PageRow` (around line 75):
+
+```ts
+type PageRow = {
+  id: string;
+  spec: unknown;
+  format: PageFormat;
+  state: PageState;
+  result: unknown;
+  created_at: Date;
+  expires_at: Date;
+};
+```
+
+Update `getActivePage` (around line 84). Add `format` to the select and the returned object:
+
+```ts
+export async function getActivePage(id: string): Promise<Page | null> {
+  return withRetry(async () => {
+    const c = client();
+    const rows = await c<PageRow[]>`
+      select id, spec, format, state, result, created_at, expires_at
+      from pages
+      where id = ${id} and expires_at > now()
+    `;
+    if (rows.length === 0) return null;
+    const r = rows[0]!;
+    return {
+      id: r.id,
+      spec: r.spec,
+      format: r.format,
+      state: r.state,
+      result: r.result,
+      createdAt: r.created_at.getTime(),
+      expiresAt: r.expires_at.getTime(),
+    };
+  });
+}
+```
+
+Update `insertPage` (around line 171):
+
+```ts
+export async function insertPage(p: Page): Promise<void> {
+  await withRetry(async () => {
+    const c = client();
+    await c`insert into pages (id, spec, format, state, expires_at)
+            values (
+              ${p.id},
+              ${c.json(p.spec as Parameters<typeof c.json>[0])},
+              ${p.format},
+              'open',
+              to_timestamp(${p.expiresAt} / 1000.0)
+            )`;
+  });
+}
+```
+
+Also update `fetchAndAdvanceResult` to read and return `format` so the result handler can echo it:
+
+```ts
+export async function fetchAndAdvanceResult(
+  id: string,
+): Promise<{ stateAtRead: PageState; result: unknown; format: PageFormat } | null> {
+  const c = client();
+  const rows = await c<{ state: PageState; result: unknown; format: PageFormat }[]>`
+    select state, result, format from pages where id = ${id} and expires_at > now()
+  `;
+  if (rows.length === 0) return null;
+  const { state, result, format } = rows[0];
+  const stateAtRead = state;
+  if (state === 'submitted') {
+    await c`
+      update pages
+      set state = 'received', received_at = now()
+      where id = ${id} and state = 'submitted'
+    `;
+  }
+  return { stateAtRead, result, format };
+}
+```
+
+- [ ] **Step 4: Run test to verify it passes**
+
+Run: `cd apps/api && npx vitest run db.test.ts -t "format column"`
+Expected: PASS — both rows insert and round-trip with their formats preserved.
+
+- [ ] **Step 5: Commit (defer until end of Phase 1)**
+
+Don't commit yet — Phase 1 commits at the end of Task 6 to keep the tree green between API steps that depend on each other.
+
+---
+
+## Task 2: Discriminated-union `newPageBodySchema`
+
+**Files:**
+- Modify: `apps/api/schemas.ts`
+- Modify: `apps/api/schemas.test.ts`
+
+`newPageBodySchema` becomes a `z.discriminatedUnion` so a single Zod parse yields the typed `{ format, spec }` shape. A2UI is the default; HTML branch enforces `spec` is a non-empty string ≤ 1 MB.
+
+- [ ] **Step 1: Write the failing tests**
+
+In `apps/api/schemas.test.ts`, replace the `describe('newPageBodySchema', …)` block with:
+
+```ts
+describe('newPageBodySchema', () => {
+  it('rejects {} (no spec key)', () => {
+    expect(newPageBodySchema.safeParse({}).success).toBe(false);
+  });
+
+  it('defaults format to "a2ui" when absent', () => {
+    const r = newPageBodySchema.safeParse({ spec: { foo: 1 } });
+    expect(r.success).toBe(true);
+    if (r.success) expect(r.data.format).toBe('a2ui');
+  });
+
+  it('accepts explicit { format: "a2ui", spec: [] }', () => {
+    const r = newPageBodySchema.safeParse({ format: 'a2ui', spec: [] });
+    expect(r.success).toBe(true);
+    if (r.success) expect(r.data.format).toBe('a2ui');
+  });
+
+  it('accepts { format: "html", spec: "<div>hi</div>" }', () => {
+    const r = newPageBodySchema.safeParse({ format: 'html', spec: '<div>hi</div>' });
+    expect(r.success).toBe(true);
+    if (r.success) {
+      expect(r.data.format).toBe('html');
+      expect(r.data.spec).toBe('<div>hi</div>');
+    }
+  });
+
+  it('rejects { format: "html", spec: [] } (HTML spec must be string)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: [] }).success).toBe(false);
+  });
+
+  it('rejects { format: "html", spec: "" } (HTML spec must be non-empty)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: '' }).success).toBe(false);
+  });
+
+  it('rejects { format: "html", spec: <1 MB + 1 byte string> }', () => {
+    const big = 'a'.repeat(1_000_001);
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: big }).success).toBe(false);
+  });
+
+  it('rejects { format: "rss", spec: "x" } (unknown format)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'rss', spec: 'x' }).success).toBe(false);
+  });
+
+  it('still accepts pre-existing payloads with no format field', () => {
+    // Backwards compatibility — all existing MCP clients
+    expect(newPageBodySchema.safeParse({ spec: null }).success).toBe(true);
+    expect(newPageBodySchema.safeParse({ spec: { foo: 1 } }).success).toBe(true);
+    expect(newPageBodySchema.safeParse({ spec: 'string' }).success).toBe(true);
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+Run: `cd apps/api && npx vitest run schemas.test.ts -t newPageBodySchema`
+Expected: FAIL — current schema doesn't have a discriminated union; the format-specific cases fail.
+
+- [ ] **Step 3: Update the schema**
+
+Replace `newPageBodySchema` in `apps/api/schemas.ts` (lines 9–12) with:
+
+```ts
+// spec contents are opaque per format:
+//   a2ui — unknown JSON (passed through to the renderer; PRD §spec)
+//   html — UTF-8 string with a 1 MB cap
+// The default for `format` keeps every pre-discriminator client working
+// without changes (they POST `{ spec }` and land on the a2ui branch).
+export const newPageBodySchema = z.union([
+  z.object({
+    format: z.literal('a2ui').optional().default('a2ui'),
+    spec: z.unknown(),
+  }),
+  z.object({
+    format: z.literal('html'),
+    spec: z.string().min(1).max(1_000_000),
+  }),
+]);
+
+export type NewPageBody = z.infer<typeof newPageBodySchema>;
+```
+
+Add an `export type PageFormat = 'a2ui' | 'html';` if not exported from `db.ts` yet (it is from Task 1; just confirm the import surface).
+
+- [ ] **Step 4: Run tests to verify they pass**
+
+Run: `cd apps/api && npx vitest run schemas.test.ts -t newPageBodySchema`
+Expected: PASS — all 9 cases green.
+
+- [ ] **Step 5: Defer commit (Phase 1)**
+
+---
+
+## Task 3: Add `apps/api/sanitize.ts`
+
+**Files:**
+- Create: `apps/api/sanitize.ts`
+- Create: `apps/api/sanitize.test.ts`
+- Modify: `apps/api/package.json` (add dep)
+
+The sanitizer runs server-side once on HTML submission, before storage. Uses DOMPurify in jsdom via `isomorphic-dompurify`. Strict denylist: `<script>`, `<iframe>`, `<frame>`, `<frameset>`, `<embed>`, `<object>`, `<applet>`, `<link>`, `<base>`, `<meta>`. All event handlers (`on*=`) stripped. URL scheme allowlist: `https:`, `mailto:`, `#`, `data:image/*`.
+
+- [ ] **Step 1: Add the dependency**
+
+In `apps/api/package.json`, add to `dependencies` (alphabetical order; insert after `hono-rate-limiter`):
+
+```json
+    "isomorphic-dompurify": "^2.16.0",
+```
+
+Then install:
+
+```bash
+cd /Users/netto/work/hackathons/gen-ui-sf/agent-ui-session/.claude/worktrees/keen-roentgen-e25c2a
+npm install
+```
+
+Expected: `isomorphic-dompurify` and transitive deps (`dompurify`, `jsdom`) added to `node_modules`. No error.
+
+- [ ] **Step 2: Write the failing tests**
+
+Create `apps/api/sanitize.test.ts`:
+
+```ts
+import { describe, it, expect } from 'vitest';
+import { sanitize } from './sanitize.ts';
+
+describe('sanitize', () => {
+  it('returns clean payloads unchanged (idempotent on safe input)', () => {
+    const safe = '<div class="card"><h1>Hello</h1><p>World <em>!</em></p></div>';
+    expect(sanitize(safe).output).toBe(safe);
+  });
+
+  it('preserves inline <style>', () => {
+    const input = '<style>.x{color:red}</style><div class="x">hi</div>';
+    expect(sanitize(input).output).toContain('<style>');
+    expect(sanitize(input).output).toContain('.x{color:red}');
+  });
+
+  it('preserves data: image URLs', () => {
+    const input = '<img src="data:image/png;base64,iVBORw0K" alt="x">';
+    expect(sanitize(input).output).toContain('data:image/png;base64');
+  });
+
+  it('preserves https: anchor hrefs', () => {
+    const input = '<a href="https://example.com">link</a>';
+    expect(sanitize(input).output).toContain('href="https://example.com"');
+  });
+
+  it('strips <script>', () => {
+    const out = sanitize('<div>safe</div><script>alert(1)</script>').output;
+    expect(out).not.toContain('<script');
+    expect(out).not.toContain('alert(1)');
+    expect(out).toContain('<div>safe</div>');
+  });
+
+  it('strips <iframe>', () => {
+    const out = sanitize('<iframe src="https://attacker.example"></iframe>').output;
+    expect(out).not.toContain('<iframe');
+  });
+
+  it('strips <object>', () => {
+    const out = sanitize('<object data="x.swf"></object>').output;
+    expect(out).not.toContain('<object');
+  });
+
+  it('strips <embed>', () => {
+    const out = sanitize('<embed src="x.swf">').output;
+    expect(out).not.toContain('<embed');
+  });
+
+  it('strips <link>', () => {
+    const out = sanitize('<link rel="stylesheet" href="https://attacker.example/x.css">').output;
+    expect(out).not.toContain('<link');
+  });
+
+  it('strips <base>', () => {
+    const out = sanitize('<base href="https://attacker.example/">').output;
+    expect(out).not.toContain('<base');
+  });
+
+  it('strips <meta http-equiv=refresh>', () => {
+    const out = sanitize('<meta http-equiv="refresh" content="0;url=https://attacker.example">').output;
+    expect(out).not.toContain('<meta');
+  });
+
+  it('strips on* event handlers', () => {
+    const out = sanitize('<button onclick="alert(1)">x</button>').output;
+    expect(out).not.toContain('onclick');
+    expect(out).not.toContain('alert(1)');
+  });
+
+  it('strips onerror on <img>', () => {
+    const out = sanitize('<img src="x" onerror="alert(1)">').output;
+    expect(out).not.toContain('onerror');
+  });
+
+  it('strips javascript: URLs in href', () => {
+    const out = sanitize('<a href="javascript:alert(1)">click</a>').output;
+    expect(out).not.toMatch(/javascript:/i);
+  });
+
+  it('strips vbscript: URLs', () => {
+    const out = sanitize('<a href="vbscript:msgbox(1)">click</a>').output;
+    expect(out).not.toMatch(/vbscript:/i);
+  });
+
+  it('strips data:text/html (executable data URL)', () => {
+    const out = sanitize('<a href="data:text/html,<script>alert(1)</script>">click</a>').output;
+    expect(out).not.toContain('data:text/html');
+  });
+
+  it('strips formaction (form override attack)', () => {
+    const out = sanitize('<button formaction="https://attacker.example">x</button>').output;
+    expect(out).not.toContain('formaction');
+  });
+
+  it('strips srcdoc on any element', () => {
+    const out = sanitize('<iframe srcdoc="<script>x</script>"></iframe>').output;
+    expect(out).not.toContain('srcdoc');
+  });
+
+  it('preserves inline <svg>', () => {
+    const input = '<svg width="10" height="10"><circle cx="5" cy="5" r="4"/></svg>';
+    const out = sanitize(input).output;
+    expect(out).toContain('<svg');
+    expect(out).toContain('<circle');
+  });
+
+  it('strips xlink:href on SVG (legacy XSS vector)', () => {
+    const out = sanitize('<svg><use xlink:href="javascript:alert(1)"/></svg>').output;
+    expect(out).not.toMatch(/xlink:href/i);
+  });
+
+  it('reports counts of removed tags and attrs', () => {
+    const r = sanitize('<script>1</script><button onclick="x">y</button>');
+    expect(r.removedTags + r.removedAttrs).toBeGreaterThan(0);
+  });
+});
+```
+
+- [ ] **Step 3: Run tests to verify they fail**
+
+Run: `cd apps/api && npx vitest run sanitize.test.ts`
+Expected: FAIL — module does not exist.
+
+- [ ] **Step 4: Implement the sanitizer**
+
+Create `apps/api/sanitize.ts`:
+
+```ts
+/**
+ * Server-side HTML sanitization for the html page format.
+ *
+ * Runs once on POST /new before storage. Returns the cleaned HTML plus
+ * dropped-tag and dropped-attr counts (logged as forensic signal).
+ *
+ * Strict denylist, not allowlist — we accept arbitrary HTML/CSS/SVG and
+ * remove the dangerous parts. Combined with the iframe sandbox + meta-CSP
+ * in the renderer this is layer one of three (sanitizer → CSP → sandbox).
+ */
+import DOMPurify from 'isomorphic-dompurify';
+
+const FORBID_TAGS = [
+  'script',
+  'iframe',
+  'frame',
+  'frameset',
+  'embed',
+  'object',
+  'applet',
+  'link', // no external stylesheets
+  'base', // we inject our own <base> in the renderer scaffold
+  'meta', // no <meta http-equiv=refresh>; renderer injects its own meta-CSP
+];
+
+const FORBID_ATTR = [
+  'formaction',
+  'srcdoc',
+  'xlink:href',
+];
+
+// Allow https links, mailto, in-page anchors, and inline image data URIs only.
+// Explicitly blocks javascript:, vbscript:, data:text/html, data:application/*.
+const ALLOWED_URI_REGEXP =
+  /^(?:https:|mailto:|#|data:image\/(?:png|jpe?g|gif|webp|svg\+xml);base64,)/i;
+
+export function sanitize(html: string): {
+  output: string;
+  removedTags: number;
+  removedAttrs: number;
+} {
+  const removed: { tag: 0; attr: 0 } = { tag: 0, attr: 0 } as { tag: 0; attr: 0 };
+  // We use removed.* as numbers below; cast to keep the literal-zero type aside.
+  const counters = removed as unknown as { tag: number; attr: number };
+
+  const hooked = DOMPurify.addHook;
+  // Reset hook registry on every call by addHook'ing inside a fresh sanitize call.
+  // (DOMPurify hooks are global per instance — we re-add to keep the count fresh.)
+  DOMPurify.removeAllHooks();
+  hooked('uponSanitizeElement', (_node, data) => {
+    if (data.allowedTags[data.tagName] === false) counters.tag++;
+  });
+  hooked('uponSanitizeAttribute', (_node, data) => {
+    if (!data.allowedAttributes[data.attrName]) counters.attr++;
+  });
+
+  const output = DOMPurify.sanitize(html, {
+    USE_PROFILES: { html: true, svg: true },
+    FORBID_TAGS,
+    FORBID_ATTR,
+    ALLOWED_URI_REGEXP,
+    ALLOW_DATA_ATTR: false,
+    WHOLE_DOCUMENT: false,
+    RETURN_TRUSTED_TYPE: false,
+  }) as string;
+
+  DOMPurify.removeAllHooks();
+
+  return {
+    output,
+    removedTags: counters.tag,
+    removedAttrs: counters.attr,
+  };
+}
+```
+
+- [ ] **Step 5: Run tests to verify they pass**
+
+Run: `cd apps/api && npx vitest run sanitize.test.ts`
+Expected: PASS — all 21 cases green. If DOMPurify behaves slightly differently from expectations (e.g. inlining unknown attrs as text), adjust the test assertions to match observed safe behavior; do NOT loosen the sanitizer config.
+
+- [ ] **Step 6: Defer commit (Phase 1)**
+
+---
+
+## Task 4: Update `store.createPage` and wire sanitizer into `POST /new`
+
+**Files:**
+- Modify: `apps/api/store.ts`
+- Modify: `apps/api/app.ts`
+- Modify: `apps/api/app.test.ts`
+
+`createPage` accepts `format`. `POST /new` runs the sanitizer for HTML payloads, stores the sanitized output, logs the removed counts, and falls through to the existing flow for A2UI.
+
+- [ ] **Step 1: Write the failing tests**
+
+Append to `apps/api/app.test.ts` inside the main `describe`:
+
+```ts
+describe('POST /new with format=html', () => {
+  it('accepts an HTML payload and returns 201 with { id, url, expires_at }', async () => {
+    const res = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({
+        format: 'html',
+        spec: '<div><h1>Hello</h1><p>World</p></div>',
+      }),
+    });
+    expect(res.status).toBe(201);
+    const body = (await res.json()) as { id: string; url: string; expires_at: number };
+    expect(body.id).toMatch(/^[a-f0-9]{32}$/);
+    expect(body.url).toContain(body.id);
+    expect(typeof body.expires_at).toBe('number');
+  });
+
+  it('strips <script> from stored HTML', async () => {
+    const res = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({
+        format: 'html',
+        spec: '<div>safe</div><script>alert(1)</script>',
+      }),
+    });
+    const { id } = (await res.json()) as { id: string };
+
+    const get = await app.request(`/${id}`);
+    const page = (await get.json()) as { format: string; spec: unknown };
+    expect(page.format).toBe('html');
+    expect(typeof page.spec).toBe('string');
+    expect(page.spec as string).not.toContain('<script');
+    expect(page.spec as string).toContain('<div>safe</div>');
+  });
+
+  it('rejects HTML payloads > 1 MB', async () => {
+    const big = 'a'.repeat(1_000_001);
+    const res = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: big }),
+    });
+    // bodyLimit middleware fires before Zod when body is over the absolute cap.
+    expect([400, 413]).toContain(res.status);
+  });
+
+  it('accepts A2UI payloads with implicit default format (backwards compat)', async () => {
+    const res = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ spec: [{ createSurface: { surfaceId: 'm' } }] }),
+    });
+    expect(res.status).toBe(201);
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+Run: `cd apps/api && npx vitest run app.test.ts -t "format=html"`
+Expected: FAIL — store.createPage doesn't carry `format`; GET /:id doesn't return `format`; sanitizer not wired.
+
+- [ ] **Step 3: Update `store.ts`**
+
+Replace `createPage` in `apps/api/store.ts` (lines 22–39) with:
+
+```ts
+export async function createPage(
+  spec: unknown,
+  format: 'a2ui' | 'html',
+  cfg: CreatePageConfig,
+): Promise<ShowUiResult> {
+  const now = Date.now();
+  const page: Page = {
+    id: newId(),
+    spec,
+    format,
+    state: 'open',
+    result: null,
+    createdAt: now,
+    expiresAt: now + cfg.pageTtlMs,
+  };
+  await db.insertPage(page);
+  metrics.pagesCreated.add(1, { format });
+  return {
+    id: page.id,
+    url: `${cfg.publicUrl}/${page.id}`,
+    expires_at: page.expiresAt,
+  };
+}
+```
+
+Note: `metrics.pagesCreated.add` gets a `format` label. If `metrics.ts` doesn't carry a labeled counter signature here today, just keep the existing `metrics.pagesCreated.add(1)` call without labels — don't widen the metrics interface in this task.
+
+- [ ] **Step 4: Wire sanitizer + format into `POST /new` handler**
+
+Update `newPageHandler` in `apps/api/app.ts` (lines 200–218):
+
+```ts
+import { sanitize } from './sanitize.ts';
+
+// …
+
+const newPageHandler = async (c: Context) => {
+  const raw = await c.req.json().catch(() => null);
+  const result = newPageBodySchema.safeParse(raw);
+  if (!result.success) {
+    return c.json(
+      {
+        error: 'bad_request',
+        issues: result.error.issues,
+        message: 'Request body did not match the expected schema',
+      },
+      400,
+    );
+  }
+  const { format, spec } = result.data;
+
+  let storedSpec = spec;
+  if (format === 'html') {
+    const { output, removedTags, removedAttrs } = sanitize(spec as string);
+    getLog(c).info(
+      { format, removedTags, removedAttrs },
+      'sanitized html submission',
+    );
+    storedSpec = output;
+  }
+
+  const created = await store.createPage(storedSpec, format, {
+    publicUrl: PUBLIC_URL,
+    pageTtlMs: PAGE_TTL_MS,
+  });
+  return c.json(created, 201);
+};
+```
+
+Also bump `MAX_BODY_BYTES` so HTML payloads at the cap are accepted by the body-limit middleware. Replace line 41:
+
+```ts
+// 1 MB is the HTML payload cap (per spec); A2UI's effective 256 KB cap is
+// enforced post-parse in the handler.
+export const MAX_BODY_BYTES = 1_000_000;
+```
+
+Add a post-parse A2UI cap check inside `newPageHandler` after the Zod parse and before `storedSpec` assignment:
+
+```ts
+  if (format === 'a2ui') {
+    // Enforce the historical 256 KB cap on A2UI specs; HTML uses the full 1 MB.
+    const serialized = JSON.stringify(spec ?? null);
+    if (serialized.length > 256_000) {
+      return c.json(
+        {
+          error: 'payload_too_large',
+          format: 'a2ui',
+          max_bytes: 256_000,
+          message: 'A2UI spec exceeds the 256 KB limit; use format: "html" for larger payloads only when appropriate',
+        },
+        413,
+      );
+    }
+  }
+```
+
+- [ ] **Step 5: Run tests to verify they pass**
+
+Run: `cd apps/api && npx vitest run app.test.ts -t "format=html"`
+Expected: PASS — three HTML cases plus the backcompat A2UI case all green.
+
+- [ ] **Step 6: Defer commit (Phase 1)**
+
+---
+
+## Task 5: Surface `format` in `GET /:id` and `GET /:id/result`; reject `POST /:id/result` on HTML pages
+
+**Files:**
+- Modify: `apps/api/app.ts`
+- Modify: `apps/api/app.test.ts`
+
+`GET /:id` now returns `format`; `GET /:id/result` returns `format` so the agent (or the renderer / tools) can detect an HTML page and stop polling. `POST /:id/result` on an HTML page returns `400 invalid_for_format`.
+
+- [ ] **Step 1: Write the failing tests**
+
+Append to `apps/api/app.test.ts`:
+
+```ts
+describe('format echo and HTML result handling', () => {
+  it('GET /:id includes format=html for an HTML page', async () => {
+    const created = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: '<p>x</p>' }),
+    });
+    const { id } = (await created.json()) as { id: string };
+
+    const res = await app.request(`/${id}`);
+    const body = (await res.json()) as { format: string };
+    expect(body.format).toBe('html');
+  });
+
+  it('GET /:id includes format=a2ui for an A2UI page', async () => {
+    const created = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ spec: [{ createSurface: { surfaceId: 'm' } }] }),
+    });
+    const { id } = (await created.json()) as { id: string };
+
+    const res = await app.request(`/${id}`);
+    const body = (await res.json()) as { format: string };
+    expect(body.format).toBe('a2ui');
+  });
+
+  it('GET /:id/result includes format', async () => {
+    const created = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: '<p>x</p>' }),
+    });
+    const { id } = (await created.json()) as { id: string };
+
+    const res = await app.request(`/${id}/result`);
+    const body = (await res.json()) as { state: string; format: string; result: unknown };
+    expect(body.format).toBe('html');
+    expect(body.state).toBe('open');
+    expect(body.result).toBe(null);
+  });
+
+  it('POST /:id/result rejects HTML pages with 400 invalid_for_format', async () => {
+    const created = await app.request('/new', {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: '<p>x</p>' }),
+    });
+    const { id } = (await created.json()) as { id: string };
+
+    const res = await app.request(`/${id}/result`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ name: 'submitted', surfaceId: 'main' }),
+    });
+    expect(res.status).toBe(400);
+    const body = (await res.json()) as { error: string };
+    expect(body.error).toBe('invalid_for_format');
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+Run: `cd apps/api && npx vitest run app.test.ts -t "format echo"`
+Expected: FAIL — handlers don't surface `format`; submit handler doesn't reject HTML.
+
+- [ ] **Step 3: Update `getPageHandler`**
+
+In `apps/api/app.ts`, replace the existing `getPageHandler` body (lines 220–232):
+
+```ts
+const getPageHandler = async (c: Context) => {
+  const idResult = pageIdSchema.safeParse(c.req.param('id'));
+  if (!idResult.success)
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  const p = await db.getActivePage(idResult.data);
+  if (!p) return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  return c.json({
+    spec: p.spec,
+    format: p.format,
+    state: p.state,
+    result: p.result,
+    expires_at: p.expiresAt,
+  });
+};
+```
+
+- [ ] **Step 4: Update `getResultHandler`**
+
+In `apps/api/app.ts`, update `getResultHandler` (around line 267). Since `store.advanceResult` returns `CheckResultOutcome` without `format`, we need to extend that — or fetch format separately. Cleanest: extend `advanceResult` to return `format`. Update `apps/api/store.ts`:
+
+```ts
+export async function advanceResult(id: string): Promise<CheckResultOutcome> {
+  const r = await db.fetchAndAdvanceResult(id);
+  if (!r) return { kind: 'not_found' };
+  return { kind: 'state', state: r.stateAtRead, result: r.result, format: r.format };
+}
+```
+
+Update `CheckResultOutcome` type in `apps/api/mcp/tools.ts`:
+
+```ts
+export type CheckResultOutcome =
+  | { kind: 'not_found' }
+  | { kind: 'state'; state: PageState; result: unknown; format: 'a2ui' | 'html' };
+```
+
+Then update `getResultHandler` in `apps/api/app.ts`:
+
+```ts
+const getResultHandler = async (c: Context) => {
+  const idResult = pageIdSchema.safeParse(c.req.param('id'));
+  if (!idResult.success)
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  const outcome = await store.advanceResult(idResult.data);
+  if (outcome.kind === 'not_found')
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  return c.json({ state: outcome.state, result: outcome.result, format: outcome.format });
+};
+```
+
+- [ ] **Step 5: Update `submitResultHandler` to reject HTML pages**
+
+In `apps/api/app.ts`, update `submitResultHandler` (around line 234). Insert a format check after the page-id parse but before reading the body:
+
+```ts
+const submitResultHandler = async (c: Context) => {
+  const idResult = pageIdSchema.safeParse(c.req.param('id'));
+  if (!idResult.success)
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+
+  // Format check happens before body parse to fail fast on HTML pages.
+  const page = await db.getActivePage(idResult.data);
+  if (!page)
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  if (page.format !== 'a2ui') {
+    return c.json(
+      {
+        error: 'invalid_for_format',
+        format: page.format,
+        message: `POST /:id/result is not supported for format=${page.format}; HTML pages are view-only`,
+      },
+      400,
+    );
+  }
+
+  const raw = await c.req.json().catch(() => null);
+  const bodyResult = resultBodySchema.safeParse(raw);
+  if (!bodyResult.success) {
+    return c.json(
+      {
+        error: 'bad_request',
+        issues: bodyResult.error.issues,
+        message: 'Request body did not match the expected schema',
+      },
+      400,
+    );
+  }
+  const action = bodyResult.data;
+  const outcome = await db.submitPage(idResult.data, action);
+  if (outcome.kind === 'not_found')
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  if (outcome.kind === 'conflict')
+    return c.json(
+      {
+        error: 'conflict',
+        message: 'Page was already submitted; create a new page if you need another submission',
+      },
+      409,
+    );
+  metrics.pagesSubmitted.add(1);
+  metrics.pageSubmitLatency.record((Date.now() - outcome.createdAt.getTime()) / 1000);
+  return c.json({ ok: true });
+};
+```
+
+- [ ] **Step 6: Run tests to verify they pass**
+
+Run: `cd apps/api && npx vitest run app.test.ts -t "format echo"`
+Expected: PASS — all four cases green.
+
+- [ ] **Step 7: Defer commit (Phase 1)**
+
+---
+
+## Task 6: Phase 1 commit
+
+**Files:** all of Tasks 1–5.
+
+Now that the API + storage + sanitizer all hang together with green tests, commit Phase 1 as one atomic unit.
+
+- [ ] **Step 1: Run the full API test suite**
+
+Run: `cd /Users/netto/work/hackathons/gen-ui-sf/agent-ui-session/.claude/worktrees/keen-roentgen-e25c2a && npx vitest run apps/api`
+Expected: All tests pass. No regressions in existing tests.
+
+- [ ] **Step 2: Run typecheck**
+
+Run: `npm run typecheck`
+Expected: No TypeScript errors. (If errors mention `Page` type missing `format`, recheck Task 1 Step 3.)
+
+- [ ] **Step 3: Stage and commit**
+
+Run from repo root:
+
+```bash
+git add apps/api/db.ts apps/api/db.test.ts \
+        apps/api/schemas.ts apps/api/schemas.test.ts \
+        apps/api/store.ts \
+        apps/api/app.ts apps/api/app.test.ts \
+        apps/api/sanitize.ts apps/api/sanitize.test.ts \
+        apps/api/package.json apps/api/mcp/tools.ts \
+        package-lock.json
+git commit -m "$(cat <<'EOF'
+feat(api): add HTML page format alongside A2UI
+
+POST /new accepts an optional { format: "a2ui" | "html", spec } body.
+Default remains "a2ui" — every existing client keeps working unchanged.
+HTML payloads up to 1 MB are sanitized server-side (DOMPurify+jsdom via
+isomorphic-dompurify) before storage, then echoed in GET /:id and
+GET /:id/result so renderers and tools can route. POST /:id/result on
+an HTML page returns 400 invalid_for_format — HTML is view-only.
+
+Schema: new `format` column on `pages`, NOT NULL DEFAULT 'a2ui' with
+CHECK ('a2ui','html'). Added in init() with an idempotent ALTER TABLE
+for existing deployments.
+
+Three defensive layers for HTML: sanitize -> CSP (renderer) -> iframe
+sandbox (renderer). This commit lands the sanitizer; renderer work in
+a follow-up commit on the same branch.
+
+Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
+EOF
+)"
+```
+
+- [ ] **Step 4: Verify**
+
+Run: `git log --oneline -1 && git status`
+Expected: New commit present. Working tree clean (no untracked or modified files).
+
+---
+
+## Task 7: Add `show_html` MCP tool + sharpen `show_ui` + surface `format` in `check_result`
+
+**Files:**
+- Modify: `apps/api/mcp/tools.ts`
+- Modify: `apps/mcp/server.ts` (HTTP smoke / typing if needed)
+
+`show_ui` keeps its existing signature, gets a sharper description. New `show_html({ html: string })` tool. `check_result`'s `structuredContent` grows a `format` field.
+
+- [ ] **Step 1: Write the failing tests**
+
+Create or extend `apps/api/mcp/tools.test.ts` (if it exists, append; otherwise create with this header). The pattern: register the tools against a stub `PageOps` and assert the tool registration shapes.
+
+```ts
+import { describe, it, expect } from 'vitest';
+import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { registerPagentTools, type PageOps } from './tools.ts';
+
+function makeServer(): { server: McpServer; tools: Map<string, { description: string; inputSchema: unknown; handler: (...args: unknown[]) => unknown }> } {
+  const tools = new Map<string, { description: string; inputSchema: unknown; handler: (...args: unknown[]) => unknown }>();
+  const server = {
+    registerTool(name: string, def: { description: string; inputSchema: unknown }, handler: (...args: unknown[]) => unknown) {
+      tools.set(name, { ...def, handler });
+    },
+  } as unknown as McpServer;
+  return { server, tools };
+}
+
+const noopOps: PageOps = {
+  showUi: async () => ({ id: 'a'.repeat(32), url: 'http://x/a', expires_at: 0 }),
+  showHtml: async () => ({ id: 'b'.repeat(32), url: 'http://x/b', expires_at: 0 }),
+  checkResult: async () => ({ kind: 'state', state: 'open', result: null, format: 'a2ui' }),
+};
+
+describe('registerPagentTools', () => {
+  it('registers three tools: show_ui, show_html, check_result', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    expect(tools.has('show_ui')).toBe(true);
+    expect(tools.has('show_html')).toBe(true);
+    expect(tools.has('check_result')).toBe(true);
+  });
+
+  it('show_html description mentions view-only and no scripts', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const desc = tools.get('show_html')!.description;
+    expect(desc).toMatch(/view-only/i);
+    expect(desc).toMatch(/script/i);
+    expect(desc).toMatch(/JavaScript/i);
+  });
+
+  it('show_ui description distinguishes itself from show_html', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const desc = tools.get('show_ui')!.description;
+    expect(desc).toMatch(/show_html/);
+  });
+
+  it('check_result structuredContent includes format', async () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const handler = tools.get('check_result')!.handler;
+    const out = (await handler({ page_id: 'a'.repeat(32) })) as {
+      structuredContent: { state: string; result: unknown; page_id: string; format: string };
+    };
+    expect(out.structuredContent.format).toBe('a2ui');
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+Run: `cd apps/api && npx vitest run mcp/tools.test.ts`
+Expected: FAIL — `showHtml` not on `PageOps`, tool not registered, `format` not in structuredContent.
+
+- [ ] **Step 3: Extend `PageOps` and add `show_html` description**
+
+In `apps/api/mcp/tools.ts`, update the interface:
+
+```ts
+export interface PageOps {
+  showUi(spec: unknown): Promise<ShowUiResult>;
+  showHtml(html: string): Promise<ShowUiResult>;
+  checkResult(page_id: string): Promise<CheckResultOutcome>;
+}
+```
+
+(`CheckResultOutcome` was already extended in Task 5 to include `format`.)
+
+Sharpen `SHOW_UI_DESCRIPTION` and add `SHOW_HTML_DESCRIPTION` and `SHOW_HTML_INPUT_DESCRIPTION`. Replace the descriptions block (lines 38–58) with:
+
+```ts
+const SHOW_UI_DESCRIPTION = [
+  "Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.",
+  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing — only the final submitted result.",
+  "Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec — there is no surface-replace mechanism.",
+  "After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).",
+  "If you only want to SHOW something — a report, a chart, an infographic — use show_html instead. show_ui is for input.",
+].join('\n\n');
+
+const SHOW_UI_INPUT_DESCRIPTION = [
+  'A2UI v0.9 spec — an array of A2UI messages.',
+  'Start with one createSurface, then updateComponents with a tree whose root component MUST have id "root".',
+  'The basic catalog (https://a2ui.org/specification/v0_9/basic_catalog.json) provides Column, Row, Card, Text, TextField, Button, Checkbox, Image, Divider, List, Tabs, Slider.',
+  'Buttons fire actions via { action: { event: { name, context } } }; bind input fields with { value: { path: "/key" } } and reference those paths in the button context so user input flows back.',
+  'Keep specs small — one screen, one purpose.',
+].join(' ');
+
+const SHOW_HTML_DESCRIPTION = [
+  "Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.",
+  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way — the user looks at it; nothing comes back.",
+  "Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.",
+  "Constraints (enforced — violations are stripped or rejected): no <script> tags, no on*= event handlers, no javascript: URLs (JavaScript does not run); no external assets — inline all CSS as <style>, embed images as data:image/...;base64,... URIs (no Google Fonts, no CDN libraries, no remote <img src=https:>); no <form> submissions (use show_ui for input); no <iframe>, <meta http-equiv=refresh>; 1 MB payload cap.",
+].join('\n\n');
+
+const SHOW_HTML_INPUT_DESCRIPTION = [
+  'A single UTF-8 HTML string. May be a fragment or a full document; the renderer wraps it in a sandboxed scaffold either way.',
+  'Inline all CSS as <style>; embed all images as data: URIs. No external assets — they will not load.',
+  'Up to 1,000,000 bytes (1 MB).',
+].join(' ');
+
+const CHECK_RESULT_DESCRIPTION = [
+  'Fetch the current state of a page created by show_ui. Fire-and-return — does NOT block or wait.',
+  'Returns { state, result, format, page_id } where state is "open" | "submitted" | "received" and format is "a2ui" | "html".',
+  'When state is "open", the user has not responded yet — wait a few seconds and call again. When "submitted", result is the user input as an A2UI client-action: { name, surfaceId, sourceComponentId, context, timestamp }. When "received", you already read the result on a prior poll (treat as duplicate).',
+  'If format is "html", the page is view-only — stop polling; HTML pages never produce a result.',
+  'If the page expired (Page not found), do NOT retry the same page_id — ask the user in chat whether to start over, then call show_ui (or show_html) with a fresh spec.',
+].join('\n\n');
+```
+
+Add the `show_html` registration. Inside `registerPagentTools`, after the `show_ui` block, before `check_result`:
+
+```ts
+  server.registerTool(
+    'show_html',
+    {
+      title: 'Show HTML visualization to the user',
+      description: SHOW_HTML_DESCRIPTION,
+      inputSchema: {
+        html: z
+          .string()
+          .min(1)
+          .max(1_000_000)
+          .describe(SHOW_HTML_INPUT_DESCRIPTION),
+      },
+    },
+    async ({ html }) => {
+      const created = await ops.showHtml(html);
+      return {
+        content: [
+          {
+            type: 'text',
+            text: `View ready. Share this URL with the user:\n${created.url}\n\npage_id: ${created.id}\nexpires_at: ${created.expires_at}\n\nView-only — do not poll check_result for this page.`,
+          },
+        ],
+        structuredContent: {
+          page_id: created.id,
+          url: created.url,
+          expires_at: created.expires_at,
+        },
+      };
+    },
+  );
+```
+
+Finally, update the `check_result` handler's `structuredContent` to include `format`:
+
+```ts
+    async ({ page_id }) => {
+      const outcome = await ops.checkResult(page_id);
+      if (outcome.kind === 'not_found') {
+        throw new Error(
+          `Page ${page_id} not found (expired or deleted). Don't retry the same page_id — ask the user whether to start over, then call show_ui (or show_html) with a fresh spec.`,
+        );
+      }
+      const text =
+        outcome.format === 'html'
+          ? `Page ${page_id} is an HTML view (format: html). It does not produce a result — stop polling. If you need a follow-up decision, call show_ui with a fresh spec.`
+          : outcome.result == null
+            ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`
+            : `User submitted: ${JSON.stringify(outcome.result)}`;
+      return {
+        content: [{ type: 'text', text }],
+        structuredContent: {
+          state: outcome.state,
+          result: outcome.result,
+          format: outcome.format,
+          page_id,
+        },
+      };
+    },
+```
+
+- [ ] **Step 4: Update HTTP MCP adapter in `apps/api`**
+
+Find where the in-process HTTP MCP wires `PageOps`. It's likely `apps/api/mcp/http.ts` (based on the comment in tools.ts). Look at the existing `showUi` adapter — wherever it calls `store.createPage`, add a `showHtml` sibling that does the same with sanitization:
+
+```ts
+// In whatever file wires PageOps for the HTTP MCP transport:
+const httpOps: PageOps = {
+  async showUi(spec) {
+    return store.createPage(spec, 'a2ui', { publicUrl: PUBLIC_URL, pageTtlMs: PAGE_TTL_MS });
+  },
+  async showHtml(html) {
+    const { output, removedTags, removedAttrs } = sanitize(html);
+    // No request context here — log at the module logger level.
+    logger.info({ format: 'html', removedTags, removedAttrs }, 'sanitized html submission (http mcp)');
+    return store.createPage(output, 'html', { publicUrl: PUBLIC_URL, pageTtlMs: PAGE_TTL_MS });
+  },
+  async checkResult(page_id) {
+    return store.advanceResult(page_id);
+  },
+};
+```
+
+If the HTTP MCP adapter file doesn't exist (the tools just talk to `store` via a different surface), skip this step and re-check after Task 8 — the stdio adapter is the load-bearing one for plugin users.
+
+- [ ] **Step 5: Run tests to verify they pass**
+
+Run: `cd apps/api && npx vitest run mcp/tools.test.ts`
+Expected: PASS — all four cases green.
+
+- [ ] **Step 6: Defer commit (Phase 2)**
+
+---
+
+## Task 8: Wire `showHtml` into the stdio MCP server
+
+**Files:**
+- Modify: `apps/mcp/server.ts`
+
+The stdio adapter (`apps/mcp/server.ts`) calls the REST API. Add the `showHtml` POST that sets `format: 'html'` in the body.
+
+- [ ] **Step 1: Update `PageOps` impl**
+
+In `apps/mcp/server.ts`, replace the `restOps` constant (lines 56–78) with:
+
+```ts
+const restOps: PageOps = {
+  async showUi(spec) {
+    const res = await fetch(`${SERVICE_URL}/new`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ spec }),
+    });
+    if (!res.ok) throw await readError(res, 'show_ui');
+    return (await res.json()) as { id: string; url: string; expires_at: number };
+  },
+  async showHtml(html) {
+    const res = await fetch(`${SERVICE_URL}/new`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: html }),
+    });
+    if (!res.ok) throw await readError(res, 'show_html');
+    return (await res.json()) as { id: string; url: string; expires_at: number };
+  },
+  async checkResult(page_id) {
+    const res = await fetch(`${SERVICE_URL}/${page_id}/result`, {
+      headers: { accept: 'application/json' },
+    });
+    if (res.status === 404) return { kind: 'not_found' };
+    if (!res.ok) throw await readError(res, 'check_result');
+    const body = (await res.json()) as {
+      state: 'open' | 'submitted' | 'received';
+      result: unknown | null;
+      format: 'a2ui' | 'html';
+    };
+    return { kind: 'state', state: body.state, result: body.result, format: body.format };
+  },
+};
+```
+
+- [ ] **Step 2: Rebuild the bundled MCP server**
+
+Run: `npm run build:mcp`
+Expected: `apps/mcp/server.bundle.js` regenerated with the new tool. Single esbuild line. Verify the resulting bundle:
+
+```bash
+grep -c "show_html" apps/mcp/server.bundle.js
+```
+
+Expected: a positive count (the tool name should appear).
+
+- [ ] **Step 3: Smoke the MCP server (if test infra exists)**
+
+Run: `node apps/mcp/smoke.mjs` (whatever the smoke script does).
+Expected: connects to a running API and lists/invokes tools without error. If the smoke script doesn't exist or fails for unrelated reasons (no local API running), skip and rely on the unit tests for verification.
+
+- [ ] **Step 4: Defer commit (Phase 2)**
+
+---
+
+## Task 9: Phase 2 commit
+
+**Files:** all of Tasks 7–8.
+
+- [ ] **Step 1: Run typecheck + relevant test suites**
+
+```bash
+npm run typecheck
+npx vitest run apps/api/mcp
+```
+
+Expected: All green. If the stdio server has any test (`apps/mcp/*.test.ts`), include it.
+
+- [ ] **Step 2: Stage and commit**
+
+```bash
+git add apps/api/mcp/tools.ts apps/api/mcp/tools.test.ts \
+        apps/mcp/server.ts apps/mcp/server.bundle.js
+# Also stage the HTTP MCP adapter file if Task 7 Step 4 touched it.
+git commit -m "$(cat <<'EOF'
+feat(mcp): add show_html tool + sharpen show_ui description
+
+show_html({ html }) creates an HTML page (view-only, sandbox-rendered).
+The model gets two clearly distinct tools — show_ui to ask, show_html
+to show — instead of a single tool with a format flag. Sharpens
+show_ui's description to point at show_html for visualization use cases.
+
+check_result now returns the page's format in structuredContent so an
+agent that polls an HTML page (against guidance) at least gets the
+explicit "stop polling" signal.
+
+Both the stdio adapter (apps/mcp/server.ts) and the in-process HTTP
+MCP share the tool definitions through apps/api/mcp/tools.ts —
+description sync is automatic.
+
+Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
+EOF
+)"
+```
+
+- [ ] **Step 3: Verify**
+
+Run: `git log --oneline -2 && git status`
+Expected: Both phase commits visible, working tree clean.
+
+---
+
+## Task 10: Add `buildIframeCsp()` to `apps/web/csp.ts`
+
+**Files:**
+- Modify: `apps/web/csp.ts`
+- Modify: `apps/web/csp.test.ts`
+
+Pure function returning the CSP directive string that goes into the iframe's `<meta http-equiv>`. Unit-testable in isolation.
+
+- [ ] **Step 1: Write the failing tests**
+
+Append to `apps/web/csp.test.ts`:
+
+```ts
+import { buildIframeCsp } from './csp.ts';
+
+describe('buildIframeCsp', () => {
+  const csp = buildIframeCsp();
+
+  it("sets default-src 'none'", () => {
+    expect(csp).toMatch(/default-src 'none'/);
+  });
+
+  it("allows img-src 'self' data:", () => {
+    expect(csp).toMatch(/img-src 'self' data:/);
+  });
+
+  it("allows style-src 'unsafe-inline' only (no external)", () => {
+    expect(csp).toMatch(/style-src 'unsafe-inline'/);
+    expect(csp).not.toMatch(/style-src[^;]*https:/);
+  });
+
+  it('allows font-src data: only', () => {
+    expect(csp).toMatch(/font-src data:/);
+    expect(csp).not.toMatch(/font-src[^;]*https:/);
+  });
+
+  it("blocks form submission via form-action 'none'", () => {
+    expect(csp).toMatch(/form-action 'none'/);
+  });
+
+  it("blocks nested iframes via frame-src 'none'", () => {
+    expect(csp).toMatch(/frame-src 'none'/);
+  });
+
+  it("blocks base-uri rewriting via base-uri 'none'", () => {
+    expect(csp).toMatch(/base-uri 'none'/);
+  });
+
+  it('declares sandbox', () => {
+    expect(csp).toMatch(/(^|; )sandbox(;|$)/);
+  });
+
+  it('does not enable scripts (no script-src directive)', () => {
+    // default-src 'none' covers script-src by default; explicit script-src
+    // would be a regression — assert absence.
+    expect(csp).not.toMatch(/script-src/);
+  });
+
+  it('does not include frame-ancestors (handled upstream by shell X-Frame-Options)', () => {
+    expect(csp).not.toMatch(/frame-ancestors/);
+  });
+});
+```
+
+- [ ] **Step 2: Run tests to verify they fail**
+
+Run: `cd apps/web && npx vitest run csp.test.ts -t buildIframeCsp`
+Expected: FAIL — function does not exist.
+
+- [ ] **Step 3: Implement**
+
+Append to `apps/web/csp.ts`:
+
+```ts
+/**
+ * Build the Content-Security-Policy for the *iframe* that wraps agent-submitted
+ * HTML. Injected as a <meta http-equiv> inside the srcdoc scaffold (the iframe
+ * has an opaque origin under sandbox="" so per-request HTTP headers aren't an
+ * option; meta is what the browser will enforce).
+ *
+ * default-src 'none' starts every fetch class denied. We re-enable only the
+ * narrow set HTML pages need to render: inline styles, inline images via
+ * data: URIs, inline fonts via data:. No script, no connect, no form, no
+ * external anything. Sandbox at the CSP level is redundant with the iframe
+ * sandbox attribute but cheap as a second layer.
+ *
+ * frame-ancestors is deliberately omitted. The opaque-origin iframe makes
+ * 'self' meaningless (every opaque origin is unique and can never match the
+ * parent). The shell origin sets X-Frame-Options: DENY upstream, which is
+ * what would have been protected here.
+ */
+export function buildIframeCsp(): string {
+  return [
+    "default-src 'none'",
+    "img-src 'self' data:",
+    "style-src 'unsafe-inline'",
+    'font-src data:',
+    "form-action 'none'",
+    "frame-src 'none'",
+    "base-uri 'none'",
+    'sandbox',
+  ].join('; ');
+}
+```
+
+- [ ] **Step 4: Run tests to verify they pass**
+
+Run: `cd apps/web && npx vitest run csp.test.ts -t buildIframeCsp`
+Expected: PASS — all 10 cases green.
+
+- [ ] **Step 5: Defer commit (Phase 3)**
+
+---
+
+## Task 11: Create the HTML renderer module
+
+**Files:**
+- Create: `apps/web/html-renderer.ts`
+- Create: `apps/web/html-renderer.test.ts`
+
+Pure scaffold builder + iframe element factory. The renderer in `main.ts` calls into these from a single branch in the format router.
+
+- [ ] **Step 1: Write the failing tests**
+
+Create `apps/web/html-renderer.test.ts`:
+
+```ts
+import { describe, it, expect } from 'vitest';
+import { buildScaffoldedHtml, createSandboxedIframe } from './html-renderer.ts';
+
+describe('buildScaffoldedHtml', () => {
+  it('wraps the agent body in <!doctype html>', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out.startsWith('<!doctype html>')).toBe(true);
+  });
+
+  it('includes a charset meta tag', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta charset="utf-8">/);
+  });
+
+  it('includes the iframe CSP meta tag', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta http-equiv="Content-Security-Policy"/);
+    expect(out).toMatch(/default-src 'none'/);
+  });
+
+  it('includes robots noindex,nofollow,noarchive', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta name="robots" content="noindex,nofollow,noarchive">/);
+  });
+
+  it('injects the agent body inside <body>', () => {
+    const out = buildScaffoldedHtml('<p class="x">hello</p>');
+    expect(out).toMatch(/<body><p class="x">hello<\/p><\/body>/);
+  });
+
+  it('does not interpret the agent body as a template (no double-encoding)', () => {
+    const safe = '<div>Hello &amp; goodbye</div>';
+    const out = buildScaffoldedHtml(safe);
+    expect(out).toContain(safe);
+  });
+});
+
+describe('createSandboxedIframe', () => {
+  it('uses sandbox="" (empty string, no tokens)', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('sandbox')).toBe('');
+  });
+
+  it('never includes allow-scripts or allow-same-origin', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    const sandbox = iframe.getAttribute('sandbox') ?? '';
+    expect(sandbox).not.toContain('allow-scripts');
+    expect(sandbox).not.toContain('allow-same-origin');
+  });
+
+  it('sets referrerpolicy="no-referrer"', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('referrerpolicy')).toBe('no-referrer');
+  });
+
+  it('sets allow="" (empty Permissions-Policy delegation)', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('allow')).toBe('');
+  });
+
+  it('sets srcdoc to the scaffolded HTML', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.srcdoc).toContain('<p>x</p>');
+    expect(iframe.srcdoc).toContain('default-src');
+  });
+
+  it('sets a descriptive title', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.title.length).toBeGreaterThan(0);
+  });
+});
+```
+
+- [ ] **Step 2: Configure the test env to include a DOM**
+
+The renderer tests need DOM globals. Check whether `apps/web/vitest.config.ts` (or a root `vitest.config.ts`) already sets `environment: 'happy-dom'` or `'jsdom'`. If not:
+
+- If a `apps/web/vitest.config.ts` exists, add `test: { environment: 'happy-dom' }` and install `happy-dom`: `npm install -D happy-dom -w @pagent/web` (or `--save-dev` at the root if workspace nesting prefers).
+- If no vitest config exists for `apps/web`, add one:
+
+```ts
+// apps/web/vitest.config.ts
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    environment: 'happy-dom',
+  },
+});
+```
+
+- Run `npm install` to ensure deps are present.
+
+- [ ] **Step 3: Run tests to verify they fail**
+
+Run: `cd apps/web && npx vitest run html-renderer.test.ts`
+Expected: FAIL — module does not exist.
+
+- [ ] **Step 4: Implement the module**
+
+Create `apps/web/html-renderer.ts`:
+
+```ts
+/**
+ * Renders agent-submitted HTML inside a maximally-locked-down sandboxed iframe.
+ *
+ * Layer 1 (server, apps/api/sanitize.ts) — DOMPurify strips dangerous tags/attrs
+ *   before storage.
+ * Layer 2 (this module) — wraps in a scaffold with strict CSP meta + sets
+ *   iframe sandbox="" so the iframe document has an opaque origin and no
+ *   capabilities. JS does not run.
+ * Layer 3 (browser) — same-origin policy enforces opaque-origin isolation
+ *   regardless of what the HTML tries to do.
+ *
+ * The design assumption that JS is OFF is structural — see
+ * docs/superpowers/specs/2026-05-15-html-format-design.md § Structural
+ * constraint. If anyone adds allow-scripts, the CI tripwire breaks.
+ */
+import { buildIframeCsp } from './csp.ts';
+
+/**
+ * Wrap the (pre-sanitized) agent HTML in a security-headered scaffold.
+ * The scaffold is the document the browser parses inside the iframe.
+ */
+export function buildScaffoldedHtml(sanitizedHtml: string): string {
+  return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta http-equiv="Content-Security-Policy" content="${buildIframeCsp()}">
+<meta name="robots" content="noindex,nofollow,noarchive">
+<meta name="referrer" content="no-referrer">
+<base target="_blank" rel="noopener noreferrer nofollow ugc">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+</head>
+<body>${sanitizedHtml}</body>
+</html>`;
+}
+
+/**
+ * Create an iframe element pre-configured with the lockdown attributes.
+ * Caller appends to the DOM; this function never touches `document`.
+ *
+ * CI tripwire: tests assert sandbox="" with no tokens. Removing or
+ * weakening this is a security regression per spec.
+ */
+export function createSandboxedIframe(sanitizedHtml: string): HTMLIFrameElement {
+  const iframe = document.createElement('iframe');
+  // CRITICAL: empty string — no tokens. allow-scripts / allow-same-origin
+  // are forbidden. See spec § Structural constraint.
+  iframe.setAttribute('sandbox', '');
+  iframe.setAttribute('referrerpolicy', 'no-referrer');
+  iframe.setAttribute('allow', '');
+  iframe.setAttribute('loading', 'lazy');
+  iframe.title = 'Agent-generated content';
+  iframe.srcdoc = buildScaffoldedHtml(sanitizedHtml);
+  iframe.style.cssText = 'width:100%;height:100vh;border:0;display:block';
+  return iframe;
+}
+```
+
+- [ ] **Step 5: Run tests to verify they pass**
+
+Run: `cd apps/web && npx vitest run html-renderer.test.ts`
+Expected: PASS — all 13 cases green.
+
+- [ ] **Step 6: Defer commit (Phase 3)**
+
+---
+
+## Task 12: Update `apps/web/main.ts` to route by format
+
+**Files:**
+- Modify: `apps/web/main.ts`
+
+Branch in `loadPage` / `applySpec`. If `format === "html"`, swap the LitElement's body for a chrome bar + the sandboxed iframe; otherwise, do the existing A2UI path.
+
+- [ ] **Step 1: Update the `PageResponse` type**
+
+In `apps/web/main.ts` around line 15, update:
+
+```ts
+type PageFormat = 'a2ui' | 'html';
+type PageState = 'open' | 'submitted' | 'received';
+type PageResponse = {
+  spec: unknown;
+  format?: PageFormat;     // optional for forward-compat with older API responses
+  state: PageState;
+  result: unknown | null;
+  expires_at: number | string;
+};
+```
+
+- [ ] **Step 2: Add a format-routed render path**
+
+Add an import at the top of `main.ts`:
+
+```ts
+import { createSandboxedIframe } from './html-renderer.js';
+```
+
+In the `AgentUIApp` class, add a new state property `format` and an `htmlBody` slot:
+
+```ts
+  static properties = {
+    status: { state: true },
+    error: { state: true },
+    submitError: { state: true },
+    awaiting: { state: true },
+    awaitingMessage: { state: true },
+    awaitingStalled: { state: true },
+    format: { state: true },
+    htmlBody: { state: true },
+  };
+
+  // … existing declarations …
+  declare format: PageFormat;
+  declare htmlBody: string | null;
+```
+
+In the constructor, default these:
+
+```ts
+    this.format = 'a2ui';
+    this.htmlBody = null;
+```
+
+Update `loadPage` to pick the right path:
+
+```ts
+  private async loadPage() {
+    try {
+      const res = await fetch(`${API_BASE}/${pageId}`, {
+        headers: { accept: 'application/json' },
+      });
+      if (res.status === 404) {
+        this.status = 'error';
+        this.error = 'Page not found or expired.';
+        return;
+      }
+      if (!res.ok) {
+        this.status = 'error';
+        this.error = `Failed to load page (${res.status}).`;
+        return;
+      }
+      const page = (await res.json()) as PageResponse;
+      this.format = page.format ?? 'a2ui';
+
+      if (this.format === 'html') {
+        // HTML pages are pre-sanitized server-side. We trust the byte-string
+        // and wrap it in a sandboxed iframe. The iframe is opaque-origin and
+        // JS-free; nothing it does can reach back into this shell.
+        this.htmlBody = typeof page.spec === 'string' ? page.spec : '';
+        this.status = 'live';
+        return;
+      }
+
+      // A2UI path (existing behavior).
+      this.applySpec(page.spec);
+      this.status = 'live';
+
+      if (page.state === 'submitted') {
+        this.awaiting = true;
+        this.awaitingMessage = 'Sent — waiting for the agent…';
+        this.startPollingForReceived();
+      } else if (page.state === 'received') {
+        this.awaiting = true;
+        this.awaitingMessage = '✓ The agent has your input';
+        this.awaitingStalled = false;
+      }
+    } catch (err) {
+      console.error('GET page failed', err);
+      this.status = 'error';
+      this.error = 'Failed to load page.';
+    }
+  }
+```
+
+Update `render()` to route based on `format`:
+
+```ts
+  render() {
+    if (this.status === 'error') {
+      return html`<div class="error">${this.error ?? 'Connection error'}</div>`;
+    }
+    if (this.status === 'closed') {
+      return html`<div class="status">Session ended.</div>`;
+    }
+
+    if (this.format === 'html') {
+      return this.renderHtml();
+    }
+
+    // Existing A2UI render path:
+    const surfaces = Array.from(this.processor.model.surfacesMap.entries());
+    if (surfaces.length === 0) {
+      return html`<div class="pending">
+        <div class="spinner"></div>
+        <div class="status">Loading…</div>
+      </div>`;
+    }
+    return html`<section id="surfaces" class="surface-wrap ${this.awaiting ? 'is-awaiting' : ''}">
+      ${this.submitError
+        ? html`<div class="error" role="alert" aria-live="assertive">${this.submitError}</div>`
+        : nothing}
+      ${this.awaiting
+        ? html`<div
+            class="awaiting-banner ${this.awaitingStalled ? 'is-stalled' : ''}"
+            role="status"
+            aria-live="polite"
+          >
+            ${this.awaitingStalled
+              ? html`<span class="material-symbols" aria-hidden="true">info</span>`
+              : html`<div class="small-spinner"></div>`}
+            <span>${this.awaitingMessage}</span>
+          </div>`
+        : nothing}
+      <div class="a2ui-host" aria-disabled=${this.awaiting ? 'true' : 'false'}>
+        ${repeat(
+          surfaces,
+          ([id]) => id,
+          ([, surface]) => html`<a2ui-surface .surface=${surface}></a2ui-surface>`,
+        )}
+      </div>
+      ${this.error ? html`<div class="error">${this.error}</div>` : nothing}
+    </section>`;
+  }
+
+  private renderHtml() {
+    if (this.htmlBody == null) {
+      return html`<div class="pending">
+        <div class="spinner"></div>
+        <div class="status">Loading…</div>
+      </div>`;
+    }
+    return html`
+      <header class="html-chrome" role="contentinfo">
+        <span class="html-chrome-label">AI-generated content</span>
+        <a
+          class="html-chrome-report"
+          href=${`mailto:alex@blockful.io?subject=${encodeURIComponent(`Abuse report for page ${pageId}`)}&body=${encodeURIComponent(`Page id: ${pageId}\nDescribe the abuse:\n\n`)}`}
+          target="_blank"
+          rel="noopener noreferrer"
+        >
+          Report
+        </a>
+      </header>
+      ${this.htmlIframe()}
+    `;
+  }
+
+  // The Lit literal cannot embed a raw iframe element easily because Lit owns
+  // attribute setting and srcdoc would be re-escaped. We construct the iframe
+  // imperatively and stash it across renders via this helper.
+  private cachedIframe: HTMLIFrameElement | null = null;
+  private cachedIframeFor: string | null = null;
+  private htmlIframe() {
+    if (this.htmlBody == null) return nothing;
+    if (this.cachedIframe == null || this.cachedIframeFor !== this.htmlBody) {
+      this.cachedIframe = createSandboxedIframe(this.htmlBody);
+      this.cachedIframeFor = this.htmlBody;
+    }
+    return this.cachedIframe;
+  }
+```
+
+Add CSS for the chrome bar to the static `styles`. Insert these rules at the end of the existing `css` block (just before the closing backtick):
+
+```css
+    .html-chrome {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      padding: 8px 14px;
+      background: light-dark(rgba(245, 245, 247, 0.95), rgba(20, 24, 32, 0.95));
+      backdrop-filter: blur(8px);
+      border-bottom: 1px solid light-dark(rgba(0, 0, 0, 0.08), rgba(255, 255, 255, 0.08));
+      font-size: 13px;
+      color: var(--muted, #777);
+    }
+    .html-chrome-label::before {
+      content: '✦ ';
+      opacity: 0.6;
+    }
+    .html-chrome-report {
+      color: inherit;
+      text-decoration: underline;
+      font-size: 12px;
+    }
+    .html-chrome-report:hover {
+      color: var(--fg, #1b1b1b);
+    }
+```
+
+- [ ] **Step 3: Run all web tests**
+
+Run: `cd apps/web && npx vitest run`
+Expected: PASS — existing tests unchanged (poll-backoff, csp, spec-guard) plus the new csp and html-renderer cases green. If any A2UI flow test fails, recheck the conditional branch in `render()`.
+
+- [ ] **Step 4: Smoke locally**
+
+```bash
+cd /Users/netto/work/hackathons/gen-ui-sf/agent-ui-session/.claude/worktrees/keen-roentgen-e25c2a
+npm run dev
+```
+
+In another terminal:
+
+```bash
+# A2UI page — sanity, should keep working
+curl -s -X POST http://localhost:8787/new \
+  -H 'content-type: application/json' \
+  -d '{"spec":[{"createSurface":{"surfaceId":"main","catalogId":"https://a2ui.org/specification/v0_9/basic_catalog.json"}}]}'
+
+# HTML page — new path
+curl -s -X POST http://localhost:8787/new \
+  -H 'content-type: application/json' \
+  -d '{"format":"html","spec":"<style>body{font-family:sans-serif;padding:24px}h1{color:#5154b3}</style><h1>Hello, World</h1><p>This is a Pagent HTML page.</p>"}'
+```
+
+Open both returned URLs in the browser. The A2UI URL renders an empty surface; the HTML URL renders the styled `Hello, World` page with the chrome bar above it. Stop `npm run dev` when verified.
+
+- [ ] **Step 5: Defer commit (Phase 3)**
+
+---
+
+## Task 13: Update the skill prose
+
+**Files:**
+- Modify: `skills/pagent/SKILL.md`
+
+Top of the file gets a "Picking a tool" section. The description front-matter is broadened to cover both tools.
+
+- [ ] **Step 1: Update the description front-matter**
+
+Replace lines 1–4 (the YAML front matter) with:
+
+```yaml
+---
+name: pagent
+description: Render UI in the user's browser. Two tools — show_ui for asking the user a question that needs a structured answer back (forms, pickers, confirmations, dashboards-as-input, multi-step wizards), and show_html for showing a rich visualization the user just looks at (reports, dashboards, charts, infographics, comparison tables, slides). Trigger on "show me", "ask me", "let me pick", "confirm before you", "give me a dashboard", "render a chart", "show a report" — anything that beats plain text in chat. Rule: if anything has to come back from the user, show_ui. If the user just looks, show_html.
+---
+```
+
+- [ ] **Step 2: Add the "Picking a tool" section**
+
+Insert a new section after line 4 (right after the front matter, before `# Showing UI to your user`):
+
+```markdown
+# Showing UI to your user
+
+## Picking a tool
+
+Two tools, one rule: **`show_html` to show; `show_ui` to ask.**
+
+If anything has to come back from the user — a value, a selection, a click — use `show_ui`. If the user just looks at it — a report, a chart, a dashboard, a comparison — use `show_html`. When in doubt, ask yourself: "Do I need to read the user's response?" Yes → `show_ui`. No → `show_html`.
+
+Multi-step flows work the same way: each step is a separate page. Show a dashboard with `show_html`, then ask "what next?" with `show_ui`. Don't try to bundle visualization and input into one page.
+
+Only A2UI pages (created by `show_ui`) have a result. HTML pages (`show_html`) never transition out of `open` — do not poll `check_result` on them.
+
+## When to use show_ui
+```
+
+Then make the existing section header `## When to use this skill` become `## When to use show_ui` to match the new structure. The rest of the file is unchanged.
+
+- [ ] **Step 3: Add a "When to use show_html" section**
+
+After the `## Worked example: "What's your name?"` section (line ~64), insert:
+
+```markdown
+## When to use show_html
+
+Reach for `show_html` whenever you want to show the user something rich and visual that text in chat can't do justice to:
+
+- "Show me a styled dashboard of the test results."
+- "Render the last quarter's metrics as an infographic."
+- "Build me a side-by-side comparison table of these three options, with logos."
+- "Give me a one-page report on the open issues, grouped by severity."
+- "Mock up a landing page for this idea."
+- "Show me a chart of the response times."
+
+Indirect cues: "show me", "render", "make me a", "design a", "lay this out as".
+
+NOT for input: if the next message you'd send the user contains a question they need to answer, use `show_ui` instead.
+
+## How show_html works
+
+Call `show_html(html)` with a single string containing the page body. The string can be a full document (`<!doctype html>…`) or a fragment (`<div>…</div>`) — the renderer wraps it in a sandboxed scaffold either way. The tool returns `{ page_id, url }`. **Print the URL** so the user can open it. Do NOT poll `check_result` on this page — HTML is one-way.
+
+Rules (enforced — violations are stripped or rejected server-side):
+
+- **No JavaScript.** `<script>` tags are stripped. `onclick=`, `onload=`, all `on*=` event handlers are stripped. `javascript:` URLs are stripped.
+- **No external assets.** Inline all CSS as `<style>`. Embed images as `data:image/...;base64,...` URIs. No Google Fonts, no CDN scripts, no remote `<img src=https:>`.
+- **No forms.** `<form action=…>` submissions are blocked by CSP. Use `show_ui` if you need input.
+- **No `<iframe>`, `<meta http-equiv=refresh>`, `<object>`, `<embed>`.** Stripped.
+- **1 MB payload cap.** Watch data-URI sizes.
+
+The result: a maximally locked-down sandboxed iframe runs your HTML inside the user's browser. The user views it. Nothing comes back.
+
+## Worked example: a styled report
+
+```python
+html = """
+<style>
+  body { font-family: -apple-system, sans-serif; padding: 32px; max-width: 720px; margin: 0 auto; color: #1b1b1b; }
+  h1 { color: #5154b3; }
+  .stat { display: inline-block; padding: 16px; margin-right: 12px; background: #f5f5f7; border-radius: 8px; }
+  .stat-value { font-size: 32px; font-weight: 700; }
+  .stat-label { font-size: 12px; color: #777; text-transform: uppercase; }
+</style>
+<h1>Q3 Engineering Report</h1>
+<div class="stat"><div class="stat-value">142</div><div class="stat-label">PRs merged</div></div>
+<div class="stat"><div class="stat-value">11</div><div class="stat-label">Bugs closed</div></div>
+<div class="stat"><div class="stat-value">3</div><div class="stat-label">Outages</div></div>
+<p>The team shipped 142 pull requests this quarter…</p>
+"""
+show_html(html)
+```
+
+Print the returned URL. Move on — no polling.
+
+# Showing UI to your user (legacy section title — keep the original content below)
+```
+
+Note: the diff is fiddly. If the existing structure makes this overly invasive, an acceptable alternative is to replace the entire `skills/pagent/SKILL.md` with a rewritten version that interleaves the two tools cleanly, as long as no examples or polling guidance for `show_ui` is dropped. Validate by running existing skill-related tests if any (`grep -l SKILL.md` against the tests dir).
+
+- [ ] **Step 4: Defer commit (Phase 3)**
+
+---
+
+## Task 14: Update `docs/openapi.yaml`
+
+**Files:**
+- Modify: `docs/openapi.yaml`
+
+The OpenAPI spec needs the `format` field on request body and `GET` responses. Loaded at API boot and served at `/openapi.json`.
+
+- [ ] **Step 1: Read the existing spec**
+
+Run: `head -80 docs/openapi.yaml`
+
+Look for `paths: /new: post: requestBody:` and the response schemas for `/new` (201) and `GET /{id}`. Note the structure (likely `application/json` + `schema:` references).
+
+- [ ] **Step 2: Add `format` to relevant schemas**
+
+In `docs/openapi.yaml`:
+
+- Find the `NewPageRequest` (or inline body) schema. Add a `format` property:
+
+```yaml
+        format:
+          type: string
+          enum: [a2ui, html]
+          default: a2ui
+          description: |
+            Spec format. `a2ui` (default) — `spec` is an A2UI v0.9 message array.
+            `html` — `spec` is a UTF-8 HTML string up to 1,000,000 bytes; the
+            page becomes view-only and never produces a result.
+```
+
+- Find the `GET /{id}` response schema (typically `PageResponse`). Add:
+
+```yaml
+        format:
+          type: string
+          enum: [a2ui, html]
+          description: Format of the page's spec.
+```
+
+- Find the `GET /{id}/result` response. Add the same `format` property.
+
+- Find the `POST /{id}/result` 4xx responses section. Add a 400 response noting `invalid_for_format`:
+
+```yaml
+        '400':
+          description: |
+            Returned when the request body is malformed (bad_request) or when
+            the page is not a submit-able format (invalid_for_format —
+            HTML pages are view-only).
+```
+
+If the OpenAPI file is large enough that hand-edits get error-prone, prefer adding a sibling component schema rather than rewriting in place. Run `npm run typecheck` and `npm run test` to confirm nothing broke from a parsing perspective (the API loads the YAML at boot).
+
+- [ ] **Step 3: Defer commit (Phase 3)**
+
+---
+
+## Task 15: Phase 3 commit + Quality gate
+
+**Files:** Tasks 10–14.
+
+- [ ] **Step 1: Stage and commit Phase 3**
+
+```bash
+git add apps/web/csp.ts apps/web/csp.test.ts \
+        apps/web/html-renderer.ts apps/web/html-renderer.test.ts \
+        apps/web/main.ts \
+        skills/pagent/SKILL.md \
+        docs/openapi.yaml \
+        apps/web/vitest.config.ts apps/web/package.json package-lock.json
+# Only stage vitest.config.ts / package.json if Task 11 Step 2 created/modified them.
+
+git commit -m "$(cat <<'EOF'
+feat(web): render HTML pages in sandboxed iframe + update skill
+
+The renderer routes by the new `format` field. A2UI pages keep the
+existing Lit/A2UI path unchanged. HTML pages render inside an iframe
+with sandbox="" (no allow-scripts, no allow-same-origin) and an
+opaque origin, with a strict CSP meta tag and noindex/no-referrer
+attached to the scaffold. The shell adds a thin chrome bar with an
+"AI-generated content" label and a mailto: Report link.
+
+Adds buildIframeCsp() to apps/web/csp.ts and a small html-renderer
+module with pure functions (buildScaffoldedHtml, createSandboxedIframe)
+so the security-critical paths are unit-tested in isolation.
+
+SKILL.md gets a "show vs ask" section and a worked HTML example; the
+front-matter description now covers both tools.
+
+OpenAPI spec documents the new format field on POST /new and the GET
+responses.
+
+Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
+EOF
+)"
+```
+
+- [ ] **Step 2: Run the full quality gate**
+
+```bash
+cd /Users/netto/work/hackathons/gen-ui-sf/agent-ui-session/.claude/worktrees/keen-roentgen-e25c2a
+npm run typecheck
+npm run lint
+npm run format:check
+npm run test
+```
+
+Expected: all four green. If `format:check` fails, run `npm run format` to fix automatically and re-stage in a follow-up commit. If lint fails, inspect — most likely fixable with `npm run lint:fix`.
+
+- [ ] **Step 3: Verify the pre-push hook passes**
+
+Run: `.husky/pre-push`
+Expected: same suite as Step 2, green.
+
+- [ ] **Step 4: Sanity-check the diff summary**
+
+```bash
+git log --oneline origin/main..HEAD
+git diff --stat origin/main..HEAD
+```
+
+Expected: three feature commits (API, MCP, renderer+skill) plus the initial docs spec commit. Diff stat shows the right files in the right apps.
+
+---
+
+## Task 16: Push branch and open PR
+
+**Files:** none (git only).
+
+- [ ] **Step 1: Push the branch**
+
+```bash
+cd /Users/netto/work/hackathons/gen-ui-sf/agent-ui-session/.claude/worktrees/keen-roentgen-e25c2a
+git push -u origin HEAD
+```
+
+Expected: branch published to origin. If the remote rejects with "updates were rejected because the tip of your current branch is behind", the worktree branch tracks origin/main behind real main — investigate before forcing.
+
+- [ ] **Step 2: Open the PR via `gh`**
+
+```bash
+gh pr create --title "feat: HTML page format for view-only visualizations" --body "$(cat <<'EOF'
+## Summary
+
+Adds **HTML** as a second first-class page format alongside A2UI. The agent gets two single-purpose tools:
+
+- `show_ui` (existing) — ask the user a question; A2UI form/picker/confirmation; structured result via `check_result` polling.
+- `show_html` (new) — show a rich visualization (report, dashboard, chart, infographic, comparison table). View-only; nothing comes back.
+
+Rule for the agent: **`show_html` to show, `show_ui` to ask.**
+
+## What's in scope
+
+- New `format` field on `POST /new` (`"a2ui"` default — every existing client keeps working unchanged).
+- Server-side DOMPurify sanitization (via `isomorphic-dompurify`) on HTML submission.
+- 1 MB body cap for HTML; A2UI stays at 256 KB (enforced post-parse).
+- New `format` column on `pages` (added in `init()` with idempotent `ALTER TABLE`).
+- Renderer routes by format; HTML renders in a sandbox-`""` iframe with strict meta-CSP, no-referrer, noindex.
+- Thin shell chrome ("AI-generated content" label + `mailto:` Report link).
+- Two MCP tools (`show_ui`, `show_html`); `check_result` now returns `format`.
+- SKILL.md teaches the dichotomy.
+
+## What's deliberately out
+
+- JavaScript execution in HTML pages. **Load-bearing constraint** — see `docs/superpowers/specs/2026-05-15-html-format-design.md` § Structural constraint. JS support would require subdomain isolation; we are not making that investment.
+- Submit-from-HTML (HTML is view-only; use A2UI for input).
+- Subdomain isolation (deferred indefinitely; tied to the JS decision above).
+- External assets in HTML (inline only).
+- Real abuse-reporting flow beyond `mailto:`.
+
+## Three layers of defense for HTML
+
+1. **Sanitizer (server)** — DOMPurify + jsdom strips `<script>`, `<iframe>`, `<object>`, `<embed>`, `<link>`, `<base>`, `<meta>`, all `on*=` handlers, `formaction`, `srcdoc`, `xlink:href`, and dangerous URL schemes.
+2. **CSP (renderer)** — `default-src 'none'` + narrow re-enables (`img-src 'self' data:`, `style-src 'unsafe-inline'`, `font-src data:`), `form-action 'none'`, `frame-src 'none'`, `base-uri 'none'`, `sandbox`.
+3. **Iframe sandbox (renderer)** — `sandbox=""` with no tokens → opaque origin, no scripts, no forms, no top-nav, no popups, no plugins.
+
+A CI test asserts the iframe sandbox stays empty (no `allow-scripts` ever).
+
+## Test plan
+
+- [ ] `npm run typecheck` green
+- [ ] `npm run lint` green
+- [ ] `npm run format:check` green
+- [ ] `npm run test` green (all existing + ~50 new cases across sanitize/schemas/app/tools/csp/html-renderer)
+- [ ] Local smoke (`npm run dev` then `curl` from README's smoke section) — A2UI page renders
+- [ ] Local smoke — HTML page renders with chrome bar, no scripts execute, no external network requests
+- [ ] CI green on the PR
+
+## Refs
+
+- Spec: `docs/superpowers/specs/2026-05-15-html-format-design.md`
+- Plan: `docs/superpowers/plans/2026-05-15-html-format.md`
+EOF
+)"
+```
+
+Expected: PR URL printed. Save it.
+
+- [ ] **Step 3: Report back**
+
+Print the PR URL to the user. Note that merging to `main` will trigger Railway + Vercel auto-deploys (per the existing CD), and remind them that the renderer must reach Vercel before the API reaches Railway — but since both ship from the same `main` push and CD picks each up independently, in practice Vercel finishes first (smaller bundle). Worst case: a few seconds of API-returns-format-html-but-old-renderer-misroutes; the old renderer will treat the HTML page as A2UI and render an error message, which auto-clears on next refresh.
+
+---
+
+## Self-review
+
+**Spec coverage:**
+
+- § Goal & non-goals → Tasks 1–14 cover the in-scope items; out-of-scope explicitly absent (no subdomain isolation, no JS, no submit-from-HTML).
+- § Structural constraint → Task 11 sanity check (`createSandboxedIframe` test asserts `sandbox=""` and rejects `allow-scripts` / `allow-same-origin`).
+- § Wire format → Tasks 1 (column), 2 (Zod), 5 (response surfaces).
+- § API changes → Tasks 4, 5.
+- § Sanitizer → Task 3 (module + 21 unit tests covering each forbidden tag/attr/URI).
+- § Renderer flow → Tasks 11, 12.
+- § Iframe CSP → Task 10.
+- § MCP server changes → Tasks 7, 8.
+- § Skill prose → Task 13.
+- § State machine → Task 5 (POST result rejection; GET result echoes format).
+- § Body size, TTL, rate limiting → Task 4 (1 MB bodyLimit + post-parse A2UI cap).
+- § Observability → Task 4 wires `sanitized html submission` log line.
+- § Testing → Each task has explicit failing-test → impl → passing-test → defer-commit cycle; full quality gate in Task 15.
+- § Migration → Task 1 (additive `init()` + idempotent ALTER TABLE).
+- § Rollout → Tasks 6, 9, 15 (three commits, one PR); Task 16 docs the deploy ordering caveat in the PR body.
+
+**Placeholder scan:** No "TBD" or "TODO" remains. Two soft-asks remain: Task 7 Step 4 (HTTP MCP adapter location is "check `apps/api/mcp/http.ts`-like") and Task 14 (OpenAPI edits are described rather than reproduced as exact patches). Both are pragmatic because:
+- The HTTP MCP adapter file path can vary; an executor with the repo open can find it in <30 seconds.
+- The OpenAPI YAML is too large and structured for inline reproduction; the additive-edits guidance is concrete enough.
+
+**Type consistency:** `Page` type carries `format: PageFormat` consistently across Tasks 1, 4, 5. `CheckResultOutcome` extension (Task 5) feeds into Task 7's MCP changes without drift. `PageOps.showHtml` introduced in Task 7 is implemented in Task 8.
+
+**Scope check:** Single PR. Roughly 15–20 files touched, evenly split across the three commits. No subsystem decomposition needed — this is one coherent feature.

From 5cc77a7e5f6a4a336601060678d10c1504d55203 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 14:27:49 -0700
Subject: [PATCH 03/11] feat(api): add HTML page format alongside A2UI
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

POST /new accepts an optional { format: "a2ui" | "html", spec } body.
Default remains "a2ui" — every existing client keeps working unchanged.
HTML payloads up to 1 MB are sanitized server-side (DOMPurify+jsdom via
isomorphic-dompurify) before storage, then echoed in GET /:id and
GET /:id/result so renderers and tools can route. POST /:id/result on
an HTML page returns 400 invalid_for_format — HTML is view-only.

Schema: new `format` column on `pages`, NOT NULL DEFAULT 'a2ui' with
CHECK ('a2ui','html'). Added in init() with an idempotent ALTER TABLE
for existing deployments.

Three defensive layers for HTML: sanitize -> CSP (renderer) -> iframe
sandbox (renderer). This commit lands the sanitizer; renderer work in
a follow-up commit on the same branch.

Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
---
 apps/api/app.test.ts      | 178 +++++++++++++-
 apps/api/app.ts           |  63 ++++-
 apps/api/db.test.ts       |  71 ++++++
 apps/api/db.ts            |  36 ++-
 apps/api/mcp/http.ts      |   2 +-
 apps/api/mcp/tools.ts     |   8 +-
 apps/api/package.json     |   1 +
 apps/api/sanitize.test.ts | 117 +++++++++
 apps/api/sanitize.ts      |  74 ++++++
 apps/api/schemas.test.ts  |  44 +++-
 apps/api/schemas.ts       |  25 +-
 apps/api/store.ts         |  13 +-
 package-lock.json         | 482 +++++++++++++++++++++++++++++++++++++-
 13 files changed, 1065 insertions(+), 49 deletions(-)
 create mode 100644 apps/api/sanitize.test.ts
 create mode 100644 apps/api/sanitize.ts

diff --git a/apps/api/app.test.ts b/apps/api/app.test.ts
index b1625d3..a409274 100644
--- a/apps/api/app.test.ts
+++ b/apps/api/app.test.ts
@@ -45,6 +45,7 @@ function fakePage(
   overrides: Partial<{
     id: string;
     spec: unknown;
+    format: 'a2ui' | 'html';
     state: 'open' | 'submitted' | 'received';
     result: unknown;
   }> = {},
@@ -52,6 +53,7 @@ function fakePage(
   return {
     id: overrides.id ?? 'aabbccddeeff00112233445566778899',
     spec: overrides.spec ?? { anything: 1 },
+    format: overrides.format ?? ('a2ui' as const),
     state: overrides.state ?? 'open',
     result: overrides.result ?? null,
     createdAt: Date.now(),
@@ -103,7 +105,7 @@ describe('POST /new', () => {
     expect(calledPage.state).toBe('open');
   });
 
-  it('rejects bodies over 256 KB with 413', async () => {
+  it('rejects A2UI bodies over 256 KB with 413 (post-parse cap)', async () => {
     const body = JSON.stringify({ spec: 'x'.repeat(300_000) });
     const res = await app.fetch(
       new Request(`${BASE}/new`, {
@@ -115,13 +117,13 @@ describe('POST /new', () => {
     expect(res.status).toBe(413);
     const resBody = await json(res);
     expect(resBody.error).toBe('payload_too_large');
-    expect(resBody.max_bytes).toBe(MAX_BODY_BYTES);
+    expect(resBody.max_bytes).toBe(256_000);
+    expect(resBody.format).toBe('a2ui');
     expect(typeof resBody.message).toBe('string');
-    expect(resBody.message as string).toContain(String(MAX_BODY_BYTES));
     expect(db.insertPage).not.toHaveBeenCalled();
   });
 
-  it('accepts a body just under 256 KB', async () => {
+  it('accepts an A2UI body just under 256 KB', async () => {
     const body = JSON.stringify({ spec: 'x'.repeat(250_000) });
     const res = await app.fetch(
       new Request(`${BASE}/new`, {
@@ -133,7 +135,7 @@ describe('POST /new', () => {
     expect(res.status).toBe(201);
   });
 
-  it('413 body.message references the byte limit', async () => {
+  it('413 body.message references the A2UI byte limit', async () => {
     const body = JSON.stringify({ spec: 'x'.repeat(300_000) });
     const res = await app.fetch(
       new Request(`${BASE}/new`, {
@@ -145,7 +147,84 @@ describe('POST /new', () => {
     expect(res.status).toBe(413);
     const resBody = await json(res);
     expect(typeof resBody.message).toBe('string');
-    expect(resBody.message as string).toContain(String(MAX_BODY_BYTES));
+    expect(resBody.message as string).toContain('256');
+  });
+
+  it('bodyLimit middleware rejects any body > 1 MB with 413', async () => {
+    // 1 MB is the absolute bodyLimit cap (per spec, HTML's true ceiling).
+    // Stuff in a JSON string that pushes the wire body past 1 MB.
+    const body = JSON.stringify({ spec: 'x'.repeat(1_050_000) });
+    const res = await app.fetch(
+      new Request(`${BASE}/new`, {
+        method: 'POST',
+        headers: { 'content-type': 'application/json' },
+        body,
+      }),
+    );
+    expect(res.status).toBe(413);
+    const resBody = await json(res);
+    expect(resBody.error).toBe('payload_too_large');
+    expect(resBody.max_bytes).toBe(MAX_BODY_BYTES);
+    expect(MAX_BODY_BYTES).toBe(1_000_000);
+  });
+});
+
+// ---------------------------------------------------------------------------
+// POST /new with format=html
+// ---------------------------------------------------------------------------
+
+describe('POST /new with format=html', () => {
+  it('accepts an HTML payload and returns 201 with { id, url, expires_at }', async () => {
+    const res = await app.fetch(
+      req('POST', '/new', {
+        format: 'html',
+        spec: '<div><h1>Hello</h1><p>World</p></div>',
+      }),
+    );
+    expect(res.status).toBe(201);
+    const body = await json(res);
+    expect((body.id as string) ?? '').toMatch(/^[a-f0-9]{32}$/);
+    expect(typeof body.url).toBe('string');
+    expect(typeof body.expires_at).toBe('number');
+  });
+
+  it('passes format=html and a sanitized spec to db.insertPage', async () => {
+    await app.fetch(
+      req('POST', '/new', {
+        format: 'html',
+        spec: '<div>safe</div><script>alert(1)</script>',
+      }),
+    );
+    expect(db.insertPage).toHaveBeenCalledOnce();
+    const [page] = vi.mocked(db.insertPage).mock.calls[0];
+    expect(page.format).toBe('html');
+    expect(typeof page.spec).toBe('string');
+    expect(page.spec as string).not.toContain('<script');
+    expect(page.spec as string).toContain('<div>safe</div>');
+  });
+
+  it('rejects HTML payloads > 1 MB', async () => {
+    const big = 'a'.repeat(1_000_001);
+    const res = await app.fetch(req('POST', '/new', { format: 'html', spec: big }));
+    // bodyLimit middleware fires before Zod when body is over the absolute cap.
+    expect([400, 413]).toContain(res.status);
+  });
+
+  it('accepts A2UI payloads with implicit default format (backwards compat)', async () => {
+    const res = await app.fetch(
+      req('POST', '/new', { spec: [{ createSurface: { surfaceId: 'm' } }] }),
+    );
+    expect(res.status).toBe(201);
+  });
+
+  it('rejects A2UI payloads > 256 KB even when body limit allows up to 1 MB', async () => {
+    // Use a value below the 1 MB bodyLimit but above the 256 KB A2UI cap.
+    const big = 'x'.repeat(300_000);
+    const res = await app.fetch(req('POST', '/new', { spec: big }));
+    expect(res.status).toBe(413);
+    const body = await json(res);
+    expect(body.error).toBe('payload_too_large');
+    expect(body.format).toBe('a2ui');
   });
 });
 
@@ -196,6 +275,10 @@ describe('POST /:id/result', () => {
     // returned 409 "already submitted" for a page that was merely expired.
     // The fixed SELECT adds `expires_at > now()`, making expired rows return
     // 'not_found' → 404, which is the correct user-facing response.
+    // The handler reads the page first via getActivePage for the format guard;
+    // mock it to return an active a2ui page so submitPage's 'not_found' outcome
+    // is what we exercise here (e.g. row expired between the two reads).
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(fakePage());
     (db.submitPage as ReturnType<typeof vi.fn>).mockResolvedValueOnce({ kind: 'not_found' });
     const res = await app.fetch(req('POST', `/${UNKNOWN_ID}/result`, validAction));
     expect(res.status).toBe(404);
@@ -205,6 +288,7 @@ describe('POST /:id/result', () => {
 
   it('returns 200 and calls db.submitPage when page is open', async () => {
     const page = fakePage();
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
     (db.submitPage as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       kind: 'ok',
       createdAt: new Date(),
@@ -218,6 +302,7 @@ describe('POST /:id/result', () => {
 
   it('returns 409 on conflict (already submitted)', async () => {
     const page = fakePage({ state: 'submitted' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
     (db.submitPage as ReturnType<typeof vi.fn>).mockResolvedValueOnce({ kind: 'conflict' });
     const res = await app.fetch(req('POST', `/${page.id}/result`, validAction));
     expect(res.status).toBe(409);
@@ -229,6 +314,7 @@ describe('POST /:id/result', () => {
 
   it('409 conflict body.message mentions creating a new page', async () => {
     const page = fakePage({ state: 'submitted' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
     (db.submitPage as ReturnType<typeof vi.fn>).mockResolvedValueOnce({ kind: 'conflict' });
     const res = await app.fetch(req('POST', `/${page.id}/result`, validAction));
     const body = await json(res);
@@ -236,8 +322,11 @@ describe('POST /:id/result', () => {
   });
 
   it('returns 400 for result body with name: "" (empty name)', async () => {
-    // Validation happens before db call, so no need to stub submitPage
-    const res = await app.fetch(req('POST', `/${UNKNOWN_ID}/result`, { name: '', surfaceId: 'x' }));
+    // Page must exist (a2ui) so we reach the body-parse stage.
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(fakePage());
+    const res = await app.fetch(
+      req('POST', `/${UNKNOWN_ID}/result`, { name: '', surfaceId: 'x' }),
+    );
     expect(res.status).toBe(400);
     const body = await json(res);
     expect(body.error).toBe('bad_request');
@@ -253,18 +342,21 @@ describe('GET /:id/result', () => {
     (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       stateAtRead: 'open',
       result: null,
+      format: 'a2ui',
     });
     const res = await app.fetch(req('GET', `/${UNKNOWN_ID}/result`));
     expect(res.status).toBe(200);
     const body = await json(res);
     expect(body.state).toBe('open');
     expect(body.result).toBeNull();
+    expect(body.format).toBe('a2ui');
   });
 
   it('returns submitted result after POST /:id/result', async () => {
     (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       stateAtRead: 'submitted',
       result: validAction,
+      format: 'a2ui',
     });
     const res = await app.fetch(req('GET', `/${UNKNOWN_ID}/result`));
     expect(res.status).toBe(200);
@@ -279,6 +371,7 @@ describe('GET /:id/result', () => {
     (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       stateAtRead: 'received',
       result: validAction,
+      format: 'a2ui',
     });
     const res = await app.fetch(req('GET', `/${UNKNOWN_ID}/result`));
     expect(res.status).toBe(200);
@@ -293,6 +386,72 @@ describe('GET /:id/result', () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// format echo + HTML result handling
+// ---------------------------------------------------------------------------
+
+describe('format echo and HTML result handling', () => {
+  it('GET /:id echoes format=html for an HTML page', async () => {
+    const page = fakePage({ format: 'html', spec: '<p>x</p>' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
+    const res = await app.fetch(req('GET', `/${page.id}`));
+    expect(res.status).toBe(200);
+    const body = await json(res);
+    expect(body.format).toBe('html');
+  });
+
+  it('GET /:id echoes format=a2ui for an A2UI page', async () => {
+    const page = fakePage({ format: 'a2ui' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
+    const res = await app.fetch(req('GET', `/${page.id}`));
+    expect(res.status).toBe(200);
+    const body = await json(res);
+    expect(body.format).toBe('a2ui');
+  });
+
+  it('GET /:id/result includes format on every response', async () => {
+    (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
+      stateAtRead: 'open',
+      result: null,
+      format: 'html',
+    });
+    const res = await app.fetch(req('GET', `/${UNKNOWN_ID}/result`));
+    expect(res.status).toBe(200);
+    const body = await json(res);
+    expect(body.format).toBe('html');
+    expect(body.state).toBe('open');
+    expect(body.result).toBeNull();
+  });
+
+  it('POST /:id/result rejects HTML pages with 400 invalid_for_format', async () => {
+    const page = fakePage({ format: 'html', spec: '<p>x</p>' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
+    const res = await app.fetch(
+      req('POST', `/${page.id}/result`, { name: 'submitted', surfaceId: 'main' }),
+    );
+    expect(res.status).toBe(400);
+    const body = await json(res);
+    expect(body.error).toBe('invalid_for_format');
+    expect(body.format).toBe('html');
+    expect(db.submitPage).not.toHaveBeenCalled();
+  });
+
+  it('POST /:id/result still works for A2UI pages (regression)', async () => {
+    const page = fakePage({ format: 'a2ui' });
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(page);
+    (db.submitPage as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
+      kind: 'ok',
+      createdAt: new Date(),
+    });
+    const res = await app.fetch(
+      req('POST', `/${page.id}/result`, { name: 'submitted', surfaceId: 'main' }),
+    );
+    expect(res.status).toBe(200);
+    const body = await json(res);
+    expect(body.ok).toBe(true);
+  });
+});
+
 // ---------------------------------------------------------------------------
 // GET /health
 // ---------------------------------------------------------------------------
@@ -479,6 +638,9 @@ describe('error handler', () => {
   });
 
   it('submitPage throw on POST /:id/result returns 500', async () => {
+    // Page-existence gate runs first; mock it to return an a2ui page so
+    // the throw on submitPage is what we actually exercise.
+    (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(fakePage());
     (db.submitPage as ReturnType<typeof vi.fn>).mockRejectedValueOnce(new Error('db write failed'));
     const res = await app.fetch(req('POST', `/${UNKNOWN_ID}/result`, validAction));
     expect(res.status).toBe(500);
diff --git a/apps/api/app.ts b/apps/api/app.ts
index 5e86404..a65bba7 100644
--- a/apps/api/app.ts
+++ b/apps/api/app.ts
@@ -13,6 +13,7 @@ import * as db from './db.ts';
 import * as store from './store.ts';
 import { clientKey } from './client-key.ts';
 import { env, pageIdSchema, newPageBodySchema, resultBodySchema } from './schemas.ts';
+import { sanitize } from './sanitize.ts';
 import { logger } from './logger.ts';
 import { metrics, statusClassFor } from './metrics.ts';
 import type { RequestIdVariables } from './request-id.ts';
@@ -38,7 +39,11 @@ export const PUBLIC_URL = env.PUBLIC_URL ?? `http://localhost:${PORT}`;
 export const PAGE_TTL_MS = env.PAGE_TTL_MS;
 export const ALLOWED_ORIGINS = env.ALLOWED_ORIGINS;
 
-export const MAX_BODY_BYTES = 256 * 1024; // 256 KB
+// 1 MB is the HTML payload cap (per spec). The historical 256 KB cap for
+// A2UI specs is enforced post-parse in newPageHandler so HTML payloads at the
+// real cap pass through bodyLimit middleware untouched.
+export const MAX_BODY_BYTES = 1_000_000;
+export const A2UI_MAX_SPEC_BYTES = 256_000;
 
 const newPageLimiter = rateLimiter({
   windowMs: env.RATE_LIMIT_WINDOW_MS,
@@ -210,7 +215,37 @@ const newPageHandler = async (c: Context) => {
       400,
     );
   }
-  const created = await store.createPage(result.data.spec, {
+  const { format, spec } = result.data;
+
+  if (format === 'a2ui') {
+    // Enforce the historical 256 KB cap on A2UI specs; HTML uses the full 1 MB.
+    // The bodyLimit middleware lets us inspect the parsed value here without
+    // double-paying for the read.
+    const serialized = JSON.stringify(spec ?? null);
+    if (serialized.length > A2UI_MAX_SPEC_BYTES) {
+      return c.json(
+        {
+          error: 'payload_too_large',
+          format: 'a2ui',
+          max_bytes: A2UI_MAX_SPEC_BYTES,
+          message: `A2UI spec exceeds the ${A2UI_MAX_SPEC_BYTES}-byte limit`,
+        },
+        413,
+      );
+    }
+  }
+
+  let storedSpec: unknown = spec;
+  if (format === 'html') {
+    const { output, removedTags, removedAttrs } = sanitize(spec as string);
+    getLog(c).info(
+      { format, removedTags, removedAttrs },
+      'sanitized html submission',
+    );
+    storedSpec = output;
+  }
+
+  const created = await store.createPage(storedSpec, format, {
     publicUrl: PUBLIC_URL,
     pageTtlMs: PAGE_TTL_MS,
   });
@@ -225,6 +260,7 @@ const getPageHandler = async (c: Context) => {
   if (!p) return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
   return c.json({
     spec: p.spec,
+    format: p.format,
     state: p.state,
     result: p.result,
     expires_at: p.expiresAt,
@@ -235,6 +271,23 @@ const submitResultHandler = async (c: Context) => {
   const idResult = pageIdSchema.safeParse(c.req.param('id'));
   if (!idResult.success)
     return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+
+  // Format check happens before body parse to fail fast on HTML pages. HTML
+  // pages are view-only — there is no submit pipeline for them.
+  const page = await db.getActivePage(idResult.data);
+  if (!page)
+    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  if (page.format !== 'a2ui') {
+    return c.json(
+      {
+        error: 'invalid_for_format',
+        format: page.format,
+        message: `POST /:id/result is not supported for format=${page.format}; HTML pages are view-only`,
+      },
+      400,
+    );
+  }
+
   const raw = await c.req.json().catch(() => null);
   const bodyResult = resultBodySchema.safeParse(raw);
   if (!bodyResult.success) {
@@ -271,7 +324,11 @@ const getResultHandler = async (c: Context) => {
   const outcome = await store.advanceResult(idResult.data);
   if (outcome.kind === 'not_found')
     return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
-  return c.json({ state: outcome.state, result: outcome.result });
+  return c.json({
+    state: outcome.state,
+    result: outcome.result,
+    format: outcome.format,
+  });
 };
 
 // --- Routes ------------------------------------------------------------------
diff --git a/apps/api/db.test.ts b/apps/api/db.test.ts
index 6a26b6e..b62aa77 100644
--- a/apps/api/db.test.ts
+++ b/apps/api/db.test.ts
@@ -1,5 +1,6 @@
 import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';
 import { withRetry, getActivePage } from './db';
+import type { Page, PageFormat } from './db';
 
 describe('withRetry', () => {
   beforeEach(() => {
@@ -122,6 +123,7 @@ describe('getActivePage retry semantics', () => {
     const fakeRow = {
       id: 'test-id',
       spec: { type: 'test' },
+      format: 'a2ui' as const,
       state: 'open' as const,
       result: null,
       created_at: new Date(1000),
@@ -152,6 +154,7 @@ describe('getActivePage retry semantics', () => {
       return {
         id: r.id,
         spec: r.spec,
+        format: r.format,
         state: r.state,
         result: r.result,
         createdAt: r.created_at.getTime(),
@@ -175,3 +178,71 @@ describe('getActivePage retry semantics', () => {
     expect(typeof getActivePage).toBe('function');
   });
 });
+
+// ---------------------------------------------------------------------------
+// Page format column — structural tests (no live DB)
+// ---------------------------------------------------------------------------
+// Real DB round-trips are out of scope for the unit suite (postgres URL is a
+// placeholder in vitest.config.ts). Instead, we assert that the type surface
+// carries `format`, that a row projection including `format` produces a Page
+// with the expected discriminator, and that PageFormat is the closed union.
+
+describe('Page format column (structural)', () => {
+  it('PageFormat is the closed union "a2ui" | "html"', () => {
+    const a: PageFormat = 'a2ui';
+    const h: PageFormat = 'html';
+    expect(a).toBe('a2ui');
+    expect(h).toBe('html');
+    // @ts-expect-error — only 'a2ui' | 'html' should typecheck.
+    const _bad: PageFormat = 'pdf';
+    expect(_bad).toBe('pdf');
+  });
+
+  it('Page accepts format and exposes it on the read shape', () => {
+    const p: Page = {
+      id: 'aabbccddeeff00112233445566778899',
+      spec: { foo: 1 },
+      format: 'html',
+      state: 'open',
+      result: null,
+      createdAt: 1,
+      expiresAt: 2,
+    };
+    expect(p.format).toBe('html');
+  });
+
+  it('row projection from a select including `format` maps to Page.format', async () => {
+    // Mirrors getActivePage's mapping over the retry path. If the SELECT
+    // were to drop `format`, the projection would lose it; this regression
+    // test ensures the mapping is wired both ways.
+    type Row = {
+      id: string;
+      spec: unknown;
+      format: PageFormat;
+      state: 'open';
+      result: unknown;
+      created_at: Date;
+      expires_at: Date;
+    };
+    const fakeRow: Row = {
+      id: 'test-id',
+      spec: '<div>hi</div>',
+      format: 'html',
+      state: 'open',
+      result: null,
+      created_at: new Date(1000),
+      expires_at: new Date(2000),
+    };
+    const projected: Page = {
+      id: fakeRow.id,
+      spec: fakeRow.spec,
+      format: fakeRow.format,
+      state: fakeRow.state,
+      result: fakeRow.result,
+      createdAt: fakeRow.created_at.getTime(),
+      expiresAt: fakeRow.expires_at.getTime(),
+    };
+    expect(projected.format).toBe('html');
+    expect(projected.spec).toBe('<div>hi</div>');
+  });
+});
diff --git a/apps/api/db.ts b/apps/api/db.ts
index 1108046..4e4377e 100644
--- a/apps/api/db.ts
+++ b/apps/api/db.ts
@@ -25,9 +25,12 @@ export async function withRetry<T>(fn: () => Promise<T>, opts: RetryOptions = {}
 
 export type PageState = 'open' | 'submitted' | 'received';
 
+export type PageFormat = 'a2ui' | 'html';
+
 export type Page = {
   id: string;
   spec: unknown;
+  format: PageFormat;
   state: PageState;
   result: unknown;
   createdAt: number;
@@ -45,6 +48,7 @@ export async function init(connectionString: string): Promise<void> {
     create table if not exists pages (
       id           text primary key,
       spec         jsonb       not null,
+      format       text        not null default 'a2ui' check (format in ('a2ui','html')),
       state        text        not null check (state in ('open','submitted','received')),
       result       jsonb,
       created_at   timestamptz not null default now(),
@@ -53,6 +57,14 @@ export async function init(connectionString: string): Promise<void> {
       received_at  timestamptz
     )
   `;
+  // Pick up the column on pre-existing deployments. Idempotent — safe to run
+  // on every boot. Backfill is implicit via the default.
+  await sql`
+    alter table pages
+      add column if not exists format text
+        not null default 'a2ui'
+        check (format in ('a2ui','html'))
+  `;
   await sql`create index if not exists pages_expires_at_idx on pages (expires_at)`;
 }
 
@@ -75,6 +87,7 @@ function client(): ReturnType<typeof postgres> {
 type PageRow = {
   id: string;
   spec: unknown;
+  format: PageFormat;
   state: PageState;
   result: unknown;
   created_at: Date;
@@ -85,7 +98,7 @@ export async function getActivePage(id: string): Promise<Page | null> {
   return withRetry(async () => {
     const c = client();
     const rows = await c<PageRow[]>`
-      select id, spec, state, result, created_at, expires_at
+      select id, spec, format, state, result, created_at, expires_at
       from pages
       where id = ${id} and expires_at > now()
     `;
@@ -94,6 +107,7 @@ export async function getActivePage(id: string): Promise<Page | null> {
     return {
       id: r.id,
       spec: r.spec,
+      format: r.format,
       state: r.state,
       result: r.result,
       createdAt: r.created_at.getTime(),
@@ -150,13 +164,13 @@ export async function submitPage(id: string, action: unknown): Promise<SubmitOut
  */
 export async function fetchAndAdvanceResult(
   id: string,
-): Promise<{ stateAtRead: PageState; result: unknown } | null> {
+): Promise<{ stateAtRead: PageState; result: unknown; format: PageFormat } | null> {
   const c = client();
-  const rows = await c<{ state: PageState; result: unknown }[]>`
-    select state, result from pages where id = ${id} and expires_at > now()
+  const rows = await c<{ state: PageState; result: unknown; format: PageFormat }[]>`
+    select state, result, format from pages where id = ${id} and expires_at > now()
   `;
   if (rows.length === 0) return null;
-  const { state, result } = rows[0];
+  const { state, result, format } = rows[0];
   const stateAtRead = state;
   if (state === 'submitted') {
     await c`
@@ -165,14 +179,20 @@ export async function fetchAndAdvanceResult(
       where id = ${id} and state = 'submitted'
     `;
   }
-  return { stateAtRead, result };
+  return { stateAtRead, result, format };
 }
 
 export async function insertPage(p: Page): Promise<void> {
   await withRetry(async () => {
     const c = client();
-    await c`insert into pages (id, spec, state, expires_at)
-            values (${p.id}, ${c.json(p.spec as Parameters<typeof c.json>[0])}, 'open', to_timestamp(${p.expiresAt} / 1000.0))`;
+    await c`insert into pages (id, spec, format, state, expires_at)
+            values (
+              ${p.id},
+              ${c.json(p.spec as Parameters<typeof c.json>[0])},
+              ${p.format},
+              'open',
+              to_timestamp(${p.expiresAt} / 1000.0)
+            )`;
   });
 }
 
diff --git a/apps/api/mcp/http.ts b/apps/api/mcp/http.ts
index 83415aa..48c9944 100644
--- a/apps/api/mcp/http.ts
+++ b/apps/api/mcp/http.ts
@@ -75,7 +75,7 @@ function applyBaseHeaders(req: IncomingMessage, res: ServerResponse, requestId:
 export function buildInProcessOps(cfg: McpHttpConfig): PageOps {
   return {
     async showUi(spec) {
-      return store.createPage(spec, {
+      return store.createPage(spec, 'a2ui', {
         publicUrl: cfg.publicUrl,
         pageTtlMs: cfg.pageTtlMs,
       });
diff --git a/apps/api/mcp/tools.ts b/apps/api/mcp/tools.ts
index cece50d..61dfea6 100644
--- a/apps/api/mcp/tools.ts
+++ b/apps/api/mcp/tools.ts
@@ -15,15 +15,21 @@ import { z } from 'zod';
 
 export type PageState = 'open' | 'submitted' | 'received';
 
+export type PageFormat = 'a2ui' | 'html';
+
 export type ShowUiResult = {
   id: string;
   url: string;
   expires_at: number;
 };
 
+// `format` is required on responses from the in-process API path (which knows
+// the format from the DB row) and optional on responses from the stdio
+// adapter (which currently doesn't surface it — see Phase 2). Once the stdio
+// path adds the field, this can be tightened to required.
 export type CheckResultOutcome =
   | { kind: 'not_found' }
-  | { kind: 'state'; state: PageState; result: unknown };
+  | { kind: 'state'; state: PageState; result: unknown; format?: PageFormat };
 
 export interface PageOps {
   showUi(spec: unknown): Promise<ShowUiResult>;
diff --git a/apps/api/package.json b/apps/api/package.json
index 0dcd43f..540405d 100644
--- a/apps/api/package.json
+++ b/apps/api/package.json
@@ -25,6 +25,7 @@
     "@scalar/hono-api-reference": "^0.10.14",
     "hono": "^4.6.14",
     "hono-rate-limiter": "^0.5.3",
+    "isomorphic-dompurify": "^2.16.0",
     "pino": "^10.3.1",
     "pino-opentelemetry-transport": "^3.0.0",
     "postgres": "^3.4.9",
diff --git a/apps/api/sanitize.test.ts b/apps/api/sanitize.test.ts
new file mode 100644
index 0000000..4a2273d
--- /dev/null
+++ b/apps/api/sanitize.test.ts
@@ -0,0 +1,117 @@
+import { describe, it, expect } from 'vitest';
+import { sanitize } from './sanitize.ts';
+
+describe('sanitize', () => {
+  it('returns clean payloads unchanged (idempotent on safe input)', () => {
+    const safe = '<div class="card"><h1>Hello</h1><p>World <em>!</em></p></div>';
+    expect(sanitize(safe).output).toBe(safe);
+  });
+
+  it('preserves inline <style>', () => {
+    const input = '<style>.x{color:red}</style><div class="x">hi</div>';
+    expect(sanitize(input).output).toContain('<style>');
+    expect(sanitize(input).output).toContain('.x{color:red}');
+  });
+
+  it('preserves data: image URLs', () => {
+    const input = '<img src="data:image/png;base64,iVBORw0K" alt="x">';
+    expect(sanitize(input).output).toContain('data:image/png;base64');
+  });
+
+  it('preserves https: anchor hrefs', () => {
+    const input = '<a href="https://example.com">link</a>';
+    expect(sanitize(input).output).toContain('href="https://example.com"');
+  });
+
+  it('strips <script>', () => {
+    const out = sanitize('<div>safe</div><script>alert(1)</script>').output;
+    expect(out).not.toContain('<script');
+    expect(out).not.toContain('alert(1)');
+    expect(out).toContain('<div>safe</div>');
+  });
+
+  it('strips <iframe>', () => {
+    const out = sanitize('<iframe src="https://attacker.example"></iframe>').output;
+    expect(out).not.toContain('<iframe');
+  });
+
+  it('strips <object>', () => {
+    const out = sanitize('<object data="x.swf"></object>').output;
+    expect(out).not.toContain('<object');
+  });
+
+  it('strips <embed>', () => {
+    const out = sanitize('<embed src="x.swf">').output;
+    expect(out).not.toContain('<embed');
+  });
+
+  it('strips <link>', () => {
+    const out = sanitize('<link rel="stylesheet" href="https://attacker.example/x.css">').output;
+    expect(out).not.toContain('<link');
+  });
+
+  it('strips <base>', () => {
+    const out = sanitize('<base href="https://attacker.example/">').output;
+    expect(out).not.toContain('<base');
+  });
+
+  it('strips <meta http-equiv=refresh>', () => {
+    const out = sanitize(
+      '<meta http-equiv="refresh" content="0;url=https://attacker.example">',
+    ).output;
+    expect(out).not.toContain('<meta');
+  });
+
+  it('strips on* event handlers', () => {
+    const out = sanitize('<button onclick="alert(1)">x</button>').output;
+    expect(out).not.toContain('onclick');
+    expect(out).not.toContain('alert(1)');
+  });
+
+  it('strips onerror on <img>', () => {
+    const out = sanitize('<img src="x" onerror="alert(1)">').output;
+    expect(out).not.toContain('onerror');
+  });
+
+  it('strips javascript: URLs in href', () => {
+    const out = sanitize('<a href="javascript:alert(1)">click</a>').output;
+    expect(out).not.toMatch(/javascript:/i);
+  });
+
+  it('strips vbscript: URLs', () => {
+    const out = sanitize('<a href="vbscript:msgbox(1)">click</a>').output;
+    expect(out).not.toMatch(/vbscript:/i);
+  });
+
+  it('strips data:text/html (executable data URL)', () => {
+    const out = sanitize('<a href="data:text/html,<script>alert(1)</script>">click</a>').output;
+    expect(out).not.toContain('data:text/html');
+  });
+
+  it('strips formaction (form override attack)', () => {
+    const out = sanitize('<button formaction="https://attacker.example">x</button>').output;
+    expect(out).not.toContain('formaction');
+  });
+
+  it('strips srcdoc on any element', () => {
+    const out = sanitize('<iframe srcdoc="<script>x</script>"></iframe>').output;
+    expect(out).not.toContain('srcdoc');
+  });
+
+  it('preserves inline <svg>', () => {
+    const input = '<svg width="10" height="10"><circle cx="5" cy="5" r="4"/></svg>';
+    const out = sanitize(input).output;
+    expect(out).toContain('<svg');
+    expect(out).toContain('<circle');
+  });
+
+  it('strips xlink:href on SVG (legacy XSS vector)', () => {
+    const out = sanitize('<svg><use xlink:href="javascript:alert(1)"/></svg>').output;
+    expect(out).not.toMatch(/xlink:href/i);
+  });
+
+  it('reports counts of removed tags and attrs', () => {
+    const r = sanitize('<script>1</script><button onclick="x">y</button>');
+    expect(r.removedTags + r.removedAttrs).toBeGreaterThan(0);
+  });
+});
diff --git a/apps/api/sanitize.ts b/apps/api/sanitize.ts
new file mode 100644
index 0000000..31a6cb3
--- /dev/null
+++ b/apps/api/sanitize.ts
@@ -0,0 +1,74 @@
+/**
+ * Server-side HTML sanitization for the html page format.
+ *
+ * Runs once on POST /new before storage. Returns the cleaned HTML plus
+ * dropped-tag and dropped-attr counts (logged as forensic signal).
+ *
+ * Strict denylist, not allowlist — we accept arbitrary HTML/CSS/SVG and
+ * remove the dangerous parts. Combined with the iframe sandbox + meta-CSP
+ * in the renderer this is layer one of three (sanitizer -> CSP -> sandbox).
+ */
+import DOMPurify from 'isomorphic-dompurify';
+
+const FORBID_TAGS = [
+  'script',
+  'iframe',
+  'frame',
+  'frameset',
+  'embed',
+  'object',
+  'applet',
+  'link', // no external stylesheets
+  'base', // we inject our own <base> in the renderer scaffold
+  'meta', // no <meta http-equiv=refresh>; renderer injects its own meta-CSP
+];
+
+const FORBID_ATTR = ['formaction', 'srcdoc', 'xlink:href'];
+
+// Allow https links, mailto, in-page anchors, and inline image data URIs only.
+// Explicitly blocks javascript:, vbscript:, data:text/html, data:application/*.
+const ALLOWED_URI_REGEXP =
+  /^(?:https:|mailto:|#|data:image\/(?:png|jpe?g|gif|webp|svg\+xml);base64,)/i;
+
+export function sanitize(html: string): {
+  output: string;
+  removedTags: number;
+  removedAttrs: number;
+} {
+  let removedTags = 0;
+  let removedAttrs = 0;
+
+  // Hooks are global per DOMPurify instance. Reset and re-register on each
+  // call so the counters start clean. removeAllHooks runs again at the end
+  // to leave the instance pristine for the next caller.
+  DOMPurify.removeAllHooks();
+  DOMPurify.addHook('uponSanitizeElement', (_node, data) => {
+    if (data.allowedTags[data.tagName] === false) removedTags++;
+  });
+  DOMPurify.addHook('uponSanitizeAttribute', (_node, data) => {
+    if (!data.allowedAttributes[data.attrName]) removedAttrs++;
+  });
+
+  const output = DOMPurify.sanitize(html, {
+    USE_PROFILES: { html: true, svg: true },
+    // <style> is not in the default html profile but is essential for inline
+    // CSS (the renderer's CSP allows style-src 'unsafe-inline'). Re-enable it
+    // explicitly so payloads with embedded styles aren't silently stripped.
+    ADD_TAGS: ['style'],
+    FORBID_TAGS,
+    FORBID_ATTR,
+    ALLOWED_URI_REGEXP,
+    ALLOW_DATA_ATTR: false,
+    // FORCE_BODY parses the input as body content (rather than a full
+    // document), so root-level <style> tags survive instead of being treated
+    // as head-only and dropped. The renderer wraps our output inside <body>
+    // anyway, so this matches the eventual placement.
+    FORCE_BODY: true,
+    WHOLE_DOCUMENT: false,
+    RETURN_TRUSTED_TYPE: false,
+  }) as string;
+
+  DOMPurify.removeAllHooks();
+
+  return { output, removedTags, removedAttrs };
+}
diff --git a/apps/api/schemas.test.ts b/apps/api/schemas.test.ts
index 7428e6e..f028efd 100644
--- a/apps/api/schemas.test.ts
+++ b/apps/api/schemas.test.ts
@@ -48,19 +48,49 @@ describe('newPageBodySchema', () => {
     expect(newPageBodySchema.safeParse({}).success).toBe(false);
   });
 
-  it('accepts { spec: null }', () => {
-    expect(newPageBodySchema.safeParse({ spec: null }).success).toBe(true);
+  it('defaults format to "a2ui" when absent', () => {
+    const r = newPageBodySchema.safeParse({ spec: { foo: 1 } });
+    expect(r.success).toBe(true);
+    if (r.success) expect(r.data.format).toBe('a2ui');
   });
 
-  it('accepts { spec: [] }', () => {
-    expect(newPageBodySchema.safeParse({ spec: [] }).success).toBe(true);
+  it('accepts explicit { format: "a2ui", spec: [] }', () => {
+    const r = newPageBodySchema.safeParse({ format: 'a2ui', spec: [] });
+    expect(r.success).toBe(true);
+    if (r.success) expect(r.data.format).toBe('a2ui');
   });
 
-  it('accepts { spec: { foo: 1 } }', () => {
-    expect(newPageBodySchema.safeParse({ spec: { foo: 1 } }).success).toBe(true);
+  it('accepts { format: "html", spec: "<div>hi</div>" }', () => {
+    const r = newPageBodySchema.safeParse({ format: 'html', spec: '<div>hi</div>' });
+    expect(r.success).toBe(true);
+    if (r.success) {
+      expect(r.data.format).toBe('html');
+      expect(r.data.spec).toBe('<div>hi</div>');
+    }
+  });
+
+  it('rejects { format: "html", spec: [] } (HTML spec must be string)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: [] }).success).toBe(false);
   });
 
-  it('accepts { spec: "string" }', () => {
+  it('rejects { format: "html", spec: "" } (HTML spec must be non-empty)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: '' }).success).toBe(false);
+  });
+
+  it('rejects { format: "html", spec: <1 MB + 1 byte string> }', () => {
+    const big = 'a'.repeat(1_000_001);
+    expect(newPageBodySchema.safeParse({ format: 'html', spec: big }).success).toBe(false);
+  });
+
+  it('rejects { format: "rss", spec: "x" } (unknown format)', () => {
+    expect(newPageBodySchema.safeParse({ format: 'rss', spec: 'x' }).success).toBe(false);
+  });
+
+  it('still accepts pre-existing payloads with no format field', () => {
+    // Backwards compatibility — all existing MCP clients post `{ spec }` only.
+    expect(newPageBodySchema.safeParse({ spec: null }).success).toBe(true);
+    expect(newPageBodySchema.safeParse({ spec: [] }).success).toBe(true);
+    expect(newPageBodySchema.safeParse({ spec: { foo: 1 } }).success).toBe(true);
     expect(newPageBodySchema.safeParse({ spec: 'string' }).success).toBe(true);
   });
 });
diff --git a/apps/api/schemas.ts b/apps/api/schemas.ts
index 5430bbd..a7e2fa9 100644
--- a/apps/api/schemas.ts
+++ b/apps/api/schemas.ts
@@ -6,10 +6,27 @@ export const pageIdSchema = z.string().regex(/^[a-f0-9]{32}$/, 'invalid page id'
 
 // --- Request bodies ----------------------------------------------------------
 
-// spec is opaque (PRD §spec): only presence is enforced, never contents.
-export const newPageBodySchema = z
-  .object({ spec: z.unknown() })
-  .refine((b) => 'spec' in b, { message: "missing 'spec'" });
+// spec contents are opaque per format:
+//   a2ui — unknown JSON (passed through to the renderer; PRD §spec)
+//   html — UTF-8 string with a 1 MB cap
+// The default for `format` keeps every pre-discriminator client working
+// without changes (they POST `{ spec }` and land on the a2ui branch).
+// The a2ui branch enforces presence of the `spec` key (allows null but not
+// missing) so a stray `{}` still gets a 400 — matches pre-discriminator behavior.
+export const newPageBodySchema = z.union([
+  z
+    .object({
+      format: z.literal('a2ui').optional().default('a2ui'),
+      spec: z.unknown(),
+    })
+    .refine((b) => 'spec' in b, { message: "missing 'spec'" }),
+  z.object({
+    format: z.literal('html'),
+    spec: z.string().min(1).max(1_000_000),
+  }),
+]);
+
+export type NewPageBody = z.infer<typeof newPageBodySchema>;
 
 // A2UI client action — passthrough so future fields don't 400 us.
 export const resultBodySchema = z
diff --git a/apps/api/store.ts b/apps/api/store.ts
index 525d8cb..614138c 100644
--- a/apps/api/store.ts
+++ b/apps/api/store.ts
@@ -8,7 +8,7 @@
  */
 import { randomBytes } from 'node:crypto';
 import * as db from './db.ts';
-import type { Page } from './db.ts';
+import type { Page, PageFormat } from './db.ts';
 import { metrics } from './metrics.ts';
 import type { ShowUiResult, CheckResultOutcome } from './mcp/tools.ts';
 
@@ -19,18 +19,23 @@ export type CreatePageConfig = {
 
 export const newId = (): string => randomBytes(16).toString('hex');
 
-export async function createPage(spec: unknown, cfg: CreatePageConfig): Promise<ShowUiResult> {
+export async function createPage(
+  spec: unknown,
+  format: PageFormat,
+  cfg: CreatePageConfig,
+): Promise<ShowUiResult> {
   const now = Date.now();
   const page: Page = {
     id: newId(),
     spec,
+    format,
     state: 'open',
     result: null,
     createdAt: now,
     expiresAt: now + cfg.pageTtlMs,
   };
   await db.insertPage(page);
-  metrics.pagesCreated.add(1);
+  metrics.pagesCreated.add(1, { format });
   return {
     id: page.id,
     url: `${cfg.publicUrl}/${page.id}`,
@@ -41,5 +46,5 @@ export async function createPage(spec: unknown, cfg: CreatePageConfig): Promise<
 export async function advanceResult(id: string): Promise<CheckResultOutcome> {
   const r = await db.fetchAndAdvanceResult(id);
   if (!r) return { kind: 'not_found' };
-  return { kind: 'state', state: r.stateAtRead, result: r.result };
+  return { kind: 'state', state: r.stateAtRead, result: r.result, format: r.format };
 }
diff --git a/package-lock.json b/package-lock.json
index 0b7cb11..3870e96 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -101,6 +101,7 @@
         "@scalar/hono-api-reference": "^0.10.14",
         "hono": "^4.6.14",
         "hono-rate-limiter": "^0.5.3",
+        "isomorphic-dompurify": "^2.16.0",
         "pino": "^10.3.1",
         "pino-opentelemetry-transport": "^3.0.0",
         "postgres": "^3.4.9",
@@ -123,9 +124,6 @@
         "@modelcontextprotocol/sdk": "^1.29.0",
         "zod": "^3.25.76"
       },
-      "bin": {
-        "pagent-mcp": "server.ts"
-      },
       "engines": {
         "node": ">=22"
       }
@@ -214,6 +212,12 @@
       "resolved": "apps/web/vendor/a2ui-lit",
       "link": true
     },
+    "node_modules/@acemir/cssom": {
+      "version": "0.9.31",
+      "resolved": "https://registry.npmjs.org/@acemir/cssom/-/cssom-0.9.31.tgz",
+      "integrity": "sha512-ZnR3GSaH+/vJ0YlHau21FjfLYjMpYVIzTD8M8vIEQvIGxeOXyXdzCI140rrCY862p/C/BbzWsjc1dgnM9mkoTA==",
+      "license": "MIT"
+    },
     "node_modules/@ampproject/remapping": {
       "version": "2.3.0",
       "resolved": "https://registry.npmjs.org/@ampproject/remapping/-/remapping-2.3.0.tgz",
@@ -268,6 +272,43 @@
         "lru-cache": "^10.4.3"
       }
     },
+    "node_modules/@asamuzakjp/dom-selector": {
+      "version": "6.8.1",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/dom-selector/-/dom-selector-6.8.1.tgz",
+      "integrity": "sha512-MvRz1nCqW0fsy8Qz4dnLIvhOlMzqDVBabZx6lH+YywFDdjXhMY37SmpV1XFX3JzG5GWHn63j6HX6QPr3lZXHvQ==",
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/nwsapi": "^2.3.9",
+        "bidi-js": "^1.0.3",
+        "css-tree": "^3.1.0",
+        "is-potential-custom-element-name": "^1.0.1",
+        "lru-cache": "^11.2.6"
+      }
+    },
+    "node_modules/@asamuzakjp/dom-selector/node_modules/lru-cache": {
+      "version": "11.3.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
+      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/@asamuzakjp/generational-cache": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/generational-cache/-/generational-cache-1.0.1.tgz",
+      "integrity": "sha512-wajfB8KqzMCN2KGNFdLkReeHncd0AslUSrvHVvvYWuU8ghncRJoA50kT3zP9MVL0+9g4/67H+cdvBskj9THPzg==",
+      "license": "MIT",
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/@asamuzakjp/nwsapi": {
+      "version": "2.3.9",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/nwsapi/-/nwsapi-2.3.9.tgz",
+      "integrity": "sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==",
+      "license": "MIT"
+    },
     "node_modules/@babel/code-frame": {
       "version": "7.29.0",
       "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.29.0.tgz",
@@ -343,6 +384,18 @@
         "node": ">=18"
       }
     },
+    "node_modules/@bramus/specificity": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/@bramus/specificity/-/specificity-2.4.2.tgz",
+      "integrity": "sha512-ctxtJ/eA+t+6q2++vj5j7FYX3nRu311q1wfYH3xjlLOsczhlhxAg2FWNUXhpGvAw3BWo1xBcvOV6/YLc2r5FJw==",
+      "license": "MIT",
+      "dependencies": {
+        "css-tree": "^3.0.0"
+      },
+      "bin": {
+        "specificity": "bin/cli.js"
+      }
+    },
     "node_modules/@csstools/color-helpers": {
       "version": "5.1.0",
       "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-5.1.0.tgz",
@@ -438,6 +491,30 @@
         "@csstools/css-tokenizer": "^3.0.4"
       }
     },
+    "node_modules/@csstools/css-syntax-patches-for-csstree": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@csstools/css-syntax-patches-for-csstree/-/css-syntax-patches-for-csstree-1.1.4.tgz",
+      "integrity": "sha512-wgsqt92b7C7tQhIdPNxj0n9zuUbQlvAuI1exyzeNrOKOi62SD7ren8zqszmpVREjAOqg8cD2FqYhQfAuKjk4sw==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "peerDependencies": {
+        "css-tree": "^3.2.1"
+      },
+      "peerDependenciesMeta": {
+        "css-tree": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@csstools/css-tokenizer": {
       "version": "3.0.4",
       "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-3.0.4.tgz",
@@ -1135,6 +1212,23 @@
         "node": "^20.19.0 || ^22.13.0 || >=24"
       }
     },
+    "node_modules/@exodus/bytes": {
+      "version": "1.15.0",
+      "resolved": "https://registry.npmjs.org/@exodus/bytes/-/bytes-1.15.0.tgz",
+      "integrity": "sha512-UY0nlA+feH81UGSHv92sLEPLCeZFjXOuHhrIo0HQydScuQc8s0A7kL/UdgwgDq8g8ilksmuoF35YVTNphV2aBQ==",
+      "license": "MIT",
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "@noble/hashes": "^1.8.0 || ^2.0.0"
+      },
+      "peerDependenciesMeta": {
+        "@noble/hashes": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/@grpc/grpc-js": {
       "version": "1.14.3",
       "resolved": "https://registry.npmjs.org/@grpc/grpc-js/-/grpc-js-1.14.3.tgz",
@@ -4397,6 +4491,15 @@
       ],
       "license": "MIT"
     },
+    "node_modules/bidi-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/bidi-js/-/bidi-js-1.0.3.tgz",
+      "integrity": "sha512-RKshQI1R3YQ+n9YJz2QQ147P66ELpa1FQEg20Dk8oW9t2KgLbpDLLp9aGZ7y8WHSshDknG0bknqGw5/tyCs5tw==",
+      "license": "MIT",
+      "dependencies": {
+        "require-from-string": "^2.0.2"
+      }
+    },
     "node_modules/bignumber.js": {
       "version": "9.3.1",
       "resolved": "https://registry.npmjs.org/bignumber.js/-/bignumber.js-9.3.1.tgz",
@@ -4876,6 +4979,19 @@
         "node": ">= 8"
       }
     },
+    "node_modules/css-tree": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/css-tree/-/css-tree-3.2.1.tgz",
+      "integrity": "sha512-X7sjQzceUhu1u7Y/ylrRZFU2FS6LRiFVp6rKLPg23y3x3c3DOKAwuXGDp+PAGjh6CSnCjYeAul8pcT8bAl+lSA==",
+      "license": "MIT",
+      "dependencies": {
+        "mdn-data": "2.27.1",
+        "source-map-js": "^1.2.1"
+      },
+      "engines": {
+        "node": "^10 || ^12.20.0 || ^14.13.0 || >=15.0.0"
+      }
+    },
     "node_modules/cssstyle": {
       "version": "4.6.0",
       "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-4.6.0.tgz",
@@ -4998,7 +5114,6 @@
       "version": "10.6.0",
       "resolved": "https://registry.npmjs.org/decimal.js/-/decimal.js-10.6.0.tgz",
       "integrity": "sha512-YpgQiITW3JXGntzdUmyUR1V812Hn8T1YVXhCu+wO3OpS4eU9l4YdD3qjyiKdV6mvV29zapkMeD390UVEf2lkUg==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/deep-eql": {
@@ -5037,6 +5152,15 @@
         "node": ">= 0.8"
       }
     },
+    "node_modules/dompurify": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.4.3.tgz",
+      "integrity": "sha512-VVwJidIJcp1hpg2OMXML3ZVRPYSZiq4aX7qBh83BSIpOaRDqI+qxhXjjIWnpzkOXhmp0L81lnoME1mnCc9H48A==",
+      "license": "(MPL-2.0 OR Apache-2.0)",
+      "optionalDependencies": {
+        "@types/trusted-types": "^2.0.7"
+      }
+    },
     "node_modules/dunder-proto": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz",
@@ -6844,7 +6968,6 @@
       "version": "7.0.2",
       "resolved": "https://registry.npmjs.org/http-proxy-agent/-/http-proxy-agent-7.0.2.tgz",
       "integrity": "sha512-T1gkAiYYDWYx3V5Bmyu7HcfcvL7mUrTWiM6yOfa3PIphViJ/gFPbvidQ+veqSOHci/PxBcDabeUNCzpOODJZig==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "agent-base": "^7.1.0",
@@ -7132,7 +7255,6 @@
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/is-potential-custom-element-name/-/is-potential-custom-element-name-1.0.1.tgz",
       "integrity": "sha512-bCYeRA2rVibKZd+s2625gGnGF/t7DSqDs4dP7CrLA1m7jKWz6pps0LpYLJN8Q64HtmPKJ1hrN3nzPNKFEKOUiQ==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/is-promise": {
@@ -7160,6 +7282,332 @@
       "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
       "license": "ISC"
     },
+    "node_modules/isomorphic-dompurify": {
+      "version": "2.36.0",
+      "resolved": "https://registry.npmjs.org/isomorphic-dompurify/-/isomorphic-dompurify-2.36.0.tgz",
+      "integrity": "sha512-E8YkGyPY3a/U5s0WOoc8Ok+3SWL/33yn2IHCoxCFLBUUPVy9WGa++akJZFxQCcJIhI+UvYhbrbnTIFQkHKZbgA==",
+      "license": "MIT",
+      "dependencies": {
+        "dompurify": "^3.3.1",
+        "jsdom": "^28.0.0"
+      },
+      "engines": {
+        "node": ">=20.19.5"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@asamuzakjp/css-color": {
+      "version": "5.1.11",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-5.1.11.tgz",
+      "integrity": "sha512-KVw6qIiCTUQhByfTd78h2yD1/00waTmm9uy/R7Ck/ctUyAPj+AEDLkQIdJW0T8+qGgj3j5bpNKK7Q3G+LedJWg==",
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/generational-cache": "^1.0.1",
+        "@csstools/css-calc": "^3.2.0",
+        "@csstools/css-color-parser": "^4.1.0",
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@csstools/color-helpers": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
+      "integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT-0",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-calc": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-3.2.1.tgz",
+      "integrity": "sha512-DtdHlgXh5ZkA43cwBcAm+huzgJiwx3ZTWVjBs94kwz2xKqSimDA3lBgCjphYgwgVUMWatSM0pDd8TILB1yrVVg==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-color-parser": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-4.1.1.tgz",
+      "integrity": "sha512-eZ5XOtyhK+mggRafYUWzA0tvaYOFgdY8AkgQiCJF9qNAePnUo/zmsqqYubBBb3sQ8uNUaSKTY9s9klfRaAXL0g==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "dependencies": {
+        "@csstools/color-helpers": "^6.0.2",
+        "@csstools/css-calc": "^3.2.1"
+      },
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-parser-algorithms": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz",
+      "integrity": "sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "peerDependencies": {
+        "@csstools/css-tokenizer": "^4.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-tokenizer": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz",
+      "integrity": "sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
+        },
+        {
+          "type": "opencollective",
+          "url": "https://opencollective.com/csstools"
+        }
+      ],
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.19.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/cssstyle": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-6.2.0.tgz",
+      "integrity": "sha512-Fm5NvhYathRnXNVndkUsCCuR63DCLVVwGOOwQw782coXFi5HhkXdu289l59HlXZBawsyNccXfWRYvLzcDCdDig==",
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/css-color": "^5.0.1",
+        "@csstools/css-syntax-patches-for-csstree": "^1.0.28",
+        "css-tree": "^3.1.0",
+        "lru-cache": "^11.2.6"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/data-urls": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-7.0.0.tgz",
+      "integrity": "sha512-23XHcCF+coGYevirZceTVD7NdJOqVn+49IHyxgszm+JIiHLoB2TkmPtsYkNWT1pvRSGkc35L6NHs0yHkN2SumA==",
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^16.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/entities": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+      "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/html-encoding-sniffer": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz",
+      "integrity": "sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==",
+      "license": "MIT",
+      "dependencies": {
+        "@exodus/bytes": "^1.6.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/jsdom": {
+      "version": "28.1.0",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-28.1.0.tgz",
+      "integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
+      "license": "MIT",
+      "dependencies": {
+        "@acemir/cssom": "^0.9.31",
+        "@asamuzakjp/dom-selector": "^6.8.1",
+        "@bramus/specificity": "^2.4.2",
+        "@exodus/bytes": "^1.11.0",
+        "cssstyle": "^6.0.1",
+        "data-urls": "^7.0.0",
+        "decimal.js": "^10.6.0",
+        "html-encoding-sniffer": "^6.0.0",
+        "http-proxy-agent": "^7.0.2",
+        "https-proxy-agent": "^7.0.6",
+        "is-potential-custom-element-name": "^1.0.1",
+        "parse5": "^8.0.0",
+        "saxes": "^6.0.0",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^6.0.0",
+        "undici": "^7.21.0",
+        "w3c-xmlserializer": "^5.0.0",
+        "webidl-conversions": "^8.0.1",
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^16.0.0",
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "canvas": "^3.0.0"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/lru-cache": {
+      "version": "11.3.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
+      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/parse5": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+      "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
+      "license": "MIT",
+      "dependencies": {
+        "entities": "^8.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/tldts": {
+      "version": "7.0.30",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.30.tgz",
+      "integrity": "sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==",
+      "license": "MIT",
+      "dependencies": {
+        "tldts-core": "^7.0.30"
+      },
+      "bin": {
+        "tldts": "bin/cli.js"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/tldts-core": {
+      "version": "7.0.30",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.30.tgz",
+      "integrity": "sha512-uiHN8PIB1VmWyS98eZYja4xzlYqeFZVjb4OuYlJQnZAuJhMw4PbKQOKgHKhBdJR3FE/t5mUQ1Kd80++B+qhD1Q==",
+      "license": "MIT"
+    },
+    "node_modules/isomorphic-dompurify/node_modules/tough-cookie": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.1.tgz",
+      "integrity": "sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==",
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "tldts": "^7.0.5"
+      },
+      "engines": {
+        "node": ">=16"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/tr46": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
+      "integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
+      "license": "MIT",
+      "dependencies": {
+        "punycode": "^2.3.1"
+      },
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/webidl-conversions": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
+      "integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/whatwg-mimetype": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
+      "integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
+    "node_modules/isomorphic-dompurify/node_modules/whatwg-url": {
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-16.0.1.tgz",
+      "integrity": "sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==",
+      "license": "MIT",
+      "dependencies": {
+        "@exodus/bytes": "^1.11.0",
+        "tr46": "^6.0.0",
+        "webidl-conversions": "^8.0.1"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
     "node_modules/istanbul-lib-coverage": {
       "version": "3.2.2",
       "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
@@ -7596,6 +8044,12 @@
         "node": ">= 0.4"
       }
     },
+    "node_modules/mdn-data": {
+      "version": "2.27.1",
+      "resolved": "https://registry.npmjs.org/mdn-data/-/mdn-data-2.27.1.tgz",
+      "integrity": "sha512-9Yubnt3e8A0OKwxYSXyhLymGW4sCufcLG6VdiDdUGVkPhpqLxlvP5vl1983gQjJl3tqbrM731mjaZaP68AgosQ==",
+      "license": "CC0-1.0"
+    },
     "node_modules/media-typer": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-1.1.0.tgz",
@@ -8646,7 +9100,6 @@
       "version": "2.3.1",
       "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.3.1.tgz",
       "integrity": "sha512-vYt7UD1U9Wg6138shLtLOvdAu+8DsC/ilFtEVHcH+wydcSpNE20AfSOduf6MkRFahL5FY7X1oU7nKVZFtfq8Fg==",
-      "dev": true,
       "license": "MIT",
       "engines": {
         "node": ">=6"
@@ -9177,7 +9630,6 @@
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/saxes/-/saxes-6.0.0.tgz",
       "integrity": "sha512-xAg7SOnEhrm5zI3puOOKyy1OMcMlIJZYNJY7xLBwSze0UjhPLnWfj2GF2EpT0jmzaJKIWKHLsaSSajf35bcYnA==",
-      "dev": true,
       "license": "ISC",
       "dependencies": {
         "xmlchars": "^2.2.0"
@@ -9415,7 +9867,6 @@
       "version": "1.2.1",
       "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
       "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
-      "dev": true,
       "license": "BSD-3-Clause",
       "engines": {
         "node": ">=0.10.0"
@@ -9634,7 +10085,6 @@
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz",
       "integrity": "sha512-9QNk5KwDF+Bvz+PyObkmSYjI5ksVUYtjW7AU22r2NKcfLJcXp96hkDWU3+XndOsUb+AQ9QhfzfCT2O+CNWT5Tw==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/synckit": {
@@ -10002,6 +10452,15 @@
         "typescript": ">=4.8.4 <6.1.0"
       }
     },
+    "node_modules/undici": {
+      "version": "7.25.0",
+      "resolved": "https://registry.npmjs.org/undici/-/undici-7.25.0.tgz",
+      "integrity": "sha512-xXnp4kTyor2Zq+J1FfPI6Eq3ew5h6Vl0F/8d9XU5zZQf1tX9s2Su1/3PiMmUANFULpmksxkClamIZcaUqryHsQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=20.18.1"
+      }
+    },
     "node_modules/undici-types": {
       "version": "7.16.0",
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz",
@@ -10736,7 +11195,6 @@
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/w3c-xmlserializer/-/w3c-xmlserializer-5.0.0.tgz",
       "integrity": "sha512-o8qghlI8NZHU1lLPrpi2+Uq7abh4GGPpYANlalzWxyWteJOCsr/P+oPBA49TOLu5FTZO4d3F9MnWJfiMo4BkmA==",
-      "dev": true,
       "license": "MIT",
       "dependencies": {
         "xml-name-validator": "^5.0.0"
@@ -10976,7 +11434,6 @@
       "version": "5.0.0",
       "resolved": "https://registry.npmjs.org/xml-name-validator/-/xml-name-validator-5.0.0.tgz",
       "integrity": "sha512-EvGK8EJ3DhaHfbRlETOWAS5pO9MZITeauHKJyb8wyajUfQUenkIg2MvLDTZ4T/TgIcm3HU0TFBgWWboAZ30UHg==",
-      "dev": true,
       "license": "Apache-2.0",
       "engines": {
         "node": ">=18"
@@ -10986,7 +11443,6 @@
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/xmlchars/-/xmlchars-2.2.0.tgz",
       "integrity": "sha512-JZnDKK8B0RCDw84FNdDAIpZK+JuJw+s7Lz8nksI7SIuU3UXJJslUthsi+uWBUYOwPFwW7W7PRLRfUKpxjtjFCw==",
-      "dev": true,
       "license": "MIT"
     },
     "node_modules/xtend": {

From 373dc458f395301c36b600983c8ed00e3acf13f0 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 14:37:16 -0700
Subject: [PATCH 04/11] fix(api): address Phase 1 code review (hook safety,
 missing tests, exhaustiveness)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- sanitize.ts: wrap DOMPurify hook lifecycle in try/finally so hooks always
  clear even on mid-sanitize exceptions; add comment noting the function must
  remain synchronous because hook state is module-global.
- db.test.ts: move the closed-union assertion for PageFormat to a top-level
  type-only check; the prior runtime `expect('pdf').toBe('pdf')` was
  tautological and obscured the real (compile-time) verification.
- sanitize.test.ts: add five test cases the spec lists explicitly — strip
  data:application/javascript URLs, <applet>, <frame>, <frameset>, and onload.
  All pass against the current sanitizer config; documents the contract.
- app.ts: rewrite the format guard from `!== 'a2ui'` to `=== 'html'` plus a
  TypeScript exhaustiveness check on the residual type, so adding a new
  PageFormat variant fails to typecheck and forces explicit handling.
- app.ts: rename structured log keys `removedTags`/`removedAttrs` to
  `sanitizer_removed_tags`/`sanitizer_removed_attrs` to match the codebase's
  snake_case convention for log fields.
- mcp/tools.ts: add TODO(phase-2) marker near optional `format` on
  CheckResultOutcome.
- app.test.ts: replace `expect([400, 413]).toContain(res.status)` with the
  explicit 413 assertion (bodyLimit middleware fires first).
---
 apps/api/app.test.ts      |  9 ++++---
 apps/api/app.ts           | 11 ++++++---
 apps/api/db.test.ts       | 14 +++++++----
 apps/api/mcp/tools.ts     |  1 +
 apps/api/sanitize.test.ts | 25 ++++++++++++++++++++
 apps/api/sanitize.ts      | 50 +++++++++++++++++++++------------------
 6 files changed, 77 insertions(+), 33 deletions(-)

diff --git a/apps/api/app.test.ts b/apps/api/app.test.ts
index a409274..645e9ec 100644
--- a/apps/api/app.test.ts
+++ b/apps/api/app.test.ts
@@ -203,11 +203,14 @@ describe('POST /new with format=html', () => {
     expect(page.spec as string).toContain('<div>safe</div>');
   });
 
-  it('rejects HTML payloads > 1 MB', async () => {
+  it('rejects HTML payloads > 1 MB with 413 payload_too_large', async () => {
     const big = 'a'.repeat(1_000_001);
     const res = await app.fetch(req('POST', '/new', { format: 'html', spec: big }));
-    // bodyLimit middleware fires before Zod when body is over the absolute cap.
-    expect([400, 413]).toContain(res.status);
+    // The wire body (with JSON wrapping) exceeds the 1 MB bodyLimit, so the
+    // bodyLimit middleware fires before Zod parsing and returns 413.
+    expect(res.status).toBe(413);
+    const body = await json(res);
+    expect(body.error).toBe('payload_too_large');
   });
 
   it('accepts A2UI payloads with implicit default format (backwards compat)', async () => {
diff --git a/apps/api/app.ts b/apps/api/app.ts
index a65bba7..8def686 100644
--- a/apps/api/app.ts
+++ b/apps/api/app.ts
@@ -239,7 +239,7 @@ const newPageHandler = async (c: Context) => {
   if (format === 'html') {
     const { output, removedTags, removedAttrs } = sanitize(spec as string);
     getLog(c).info(
-      { format, removedTags, removedAttrs },
+      { format, sanitizer_removed_tags: removedTags, sanitizer_removed_attrs: removedAttrs },
       'sanitized html submission',
     );
     storedSpec = output;
@@ -277,16 +277,21 @@ const submitResultHandler = async (c: Context) => {
   const page = await db.getActivePage(idResult.data);
   if (!page)
     return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
-  if (page.format !== 'a2ui') {
+  if (page.format === 'html') {
     return c.json(
       {
         error: 'invalid_for_format',
         format: page.format,
-        message: `POST /:id/result is not supported for format=${page.format}; HTML pages are view-only`,
+        message: 'POST /:id/result is not supported for format=html; HTML pages are view-only',
       },
       400,
     );
   }
+  // Future formats: TypeScript exhaustiveness check — if PageFormat grows a new
+  // variant, this assignment fails to typecheck and forces maintainers to
+  // either handle the format above or remove it from the discriminated union.
+  const _exhaustive: 'a2ui' = page.format;
+  void _exhaustive;
 
   const raw = await c.req.json().catch(() => null);
   const bodyResult = resultBodySchema.safeParse(raw);
diff --git a/apps/api/db.test.ts b/apps/api/db.test.ts
index b62aa77..0184e1a 100644
--- a/apps/api/db.test.ts
+++ b/apps/api/db.test.ts
@@ -187,15 +187,21 @@ describe('getActivePage retry semantics', () => {
 // carries `format`, that a row projection including `format` produces a Page
 // with the expected discriminator, and that PageFormat is the closed union.
 
+// Type test: PageFormat is a closed union — assigning anything outside
+// 'a2ui' | 'html' must fail to typecheck. The `@ts-expect-error` directive
+// does the verification at compile time; npm run typecheck will fail if the
+// union ever loosens. No runtime assertion is needed (and would be misleading
+// since 'pdf' === 'pdf' is trivially true at runtime).
+// @ts-expect-error — only 'a2ui' | 'html' should typecheck.
+const _pageFormatClosedUnion: PageFormat = 'pdf';
+void _pageFormatClosedUnion;
+
 describe('Page format column (structural)', () => {
-  it('PageFormat is the closed union "a2ui" | "html"', () => {
+  it('PageFormat accepts the two allowed string literals', () => {
     const a: PageFormat = 'a2ui';
     const h: PageFormat = 'html';
     expect(a).toBe('a2ui');
     expect(h).toBe('html');
-    // @ts-expect-error — only 'a2ui' | 'html' should typecheck.
-    const _bad: PageFormat = 'pdf';
-    expect(_bad).toBe('pdf');
   });
 
   it('Page accepts format and exposes it on the read shape', () => {
diff --git a/apps/api/mcp/tools.ts b/apps/api/mcp/tools.ts
index 61dfea6..0e83018 100644
--- a/apps/api/mcp/tools.ts
+++ b/apps/api/mcp/tools.ts
@@ -29,6 +29,7 @@ export type ShowUiResult = {
 // path adds the field, this can be tightened to required.
 export type CheckResultOutcome =
   | { kind: 'not_found' }
+  // TODO(phase-2): make required after stdio MCP server is updated
   | { kind: 'state'; state: PageState; result: unknown; format?: PageFormat };
 
 export interface PageOps {
diff --git a/apps/api/sanitize.test.ts b/apps/api/sanitize.test.ts
index 4a2273d..fde7484 100644
--- a/apps/api/sanitize.test.ts
+++ b/apps/api/sanitize.test.ts
@@ -88,6 +88,31 @@ describe('sanitize', () => {
     expect(out).not.toContain('data:text/html');
   });
 
+  it('strips data:application/javascript URLs', () => {
+    const out = sanitize('<a href="data:application/javascript,alert(1)">click</a>').output;
+    expect(out).not.toContain('data:application/javascript');
+  });
+
+  it('strips <applet>', () => {
+    const out = sanitize('<applet code="x.class"></applet>').output;
+    expect(out).not.toContain('<applet');
+  });
+
+  it('strips <frame>', () => {
+    const out = sanitize('<frame src="https://attacker.example">').output;
+    expect(out).not.toContain('<frame');
+  });
+
+  it('strips <frameset>', () => {
+    const out = sanitize('<frameset><frame src="x"></frameset>').output;
+    expect(out).not.toContain('<frameset');
+  });
+
+  it('strips onload event handler', () => {
+    const out = sanitize('<body onload="alert(1)">x</body>').output;
+    expect(out).not.toContain('onload');
+  });
+
   it('strips formaction (form override attack)', () => {
     const out = sanitize('<button formaction="https://attacker.example">x</button>').output;
     expect(out).not.toContain('formaction');
diff --git a/apps/api/sanitize.ts b/apps/api/sanitize.ts
index 31a6cb3..671d14b 100644
--- a/apps/api/sanitize.ts
+++ b/apps/api/sanitize.ts
@@ -30,6 +30,7 @@ const FORBID_ATTR = ['formaction', 'srcdoc', 'xlink:href'];
 const ALLOWED_URI_REGEXP =
   /^(?:https:|mailto:|#|data:image\/(?:png|jpe?g|gif|webp|svg\+xml);base64,)/i;
 
+// Must remain synchronous — DOMPurify hook state is module-global.
 export function sanitize(html: string): {
   output: string;
   removedTags: number;
@@ -39,8 +40,9 @@ export function sanitize(html: string): {
   let removedAttrs = 0;
 
   // Hooks are global per DOMPurify instance. Reset and re-register on each
-  // call so the counters start clean. removeAllHooks runs again at the end
-  // to leave the instance pristine for the next caller.
+  // call so the counters start clean. The try/finally ensures hooks always
+  // clear even if sanitize() throws partway, leaving the instance pristine
+  // for the next caller.
   DOMPurify.removeAllHooks();
   DOMPurify.addHook('uponSanitizeElement', (_node, data) => {
     if (data.allowedTags[data.tagName] === false) removedTags++;
@@ -49,26 +51,28 @@ export function sanitize(html: string): {
     if (!data.allowedAttributes[data.attrName]) removedAttrs++;
   });
 
-  const output = DOMPurify.sanitize(html, {
-    USE_PROFILES: { html: true, svg: true },
-    // <style> is not in the default html profile but is essential for inline
-    // CSS (the renderer's CSP allows style-src 'unsafe-inline'). Re-enable it
-    // explicitly so payloads with embedded styles aren't silently stripped.
-    ADD_TAGS: ['style'],
-    FORBID_TAGS,
-    FORBID_ATTR,
-    ALLOWED_URI_REGEXP,
-    ALLOW_DATA_ATTR: false,
-    // FORCE_BODY parses the input as body content (rather than a full
-    // document), so root-level <style> tags survive instead of being treated
-    // as head-only and dropped. The renderer wraps our output inside <body>
-    // anyway, so this matches the eventual placement.
-    FORCE_BODY: true,
-    WHOLE_DOCUMENT: false,
-    RETURN_TRUSTED_TYPE: false,
-  }) as string;
+  try {
+    const output = DOMPurify.sanitize(html, {
+      USE_PROFILES: { html: true, svg: true },
+      // <style> is not in the default html profile but is essential for inline
+      // CSS (the renderer's CSP allows style-src 'unsafe-inline'). Re-enable it
+      // explicitly so payloads with embedded styles aren't silently stripped.
+      ADD_TAGS: ['style'],
+      FORBID_TAGS,
+      FORBID_ATTR,
+      ALLOWED_URI_REGEXP,
+      ALLOW_DATA_ATTR: false,
+      // FORCE_BODY parses the input as body content (rather than a full
+      // document), so root-level <style> tags survive instead of being treated
+      // as head-only and dropped. The renderer wraps our output inside <body>
+      // anyway, so this matches the eventual placement.
+      FORCE_BODY: true,
+      WHOLE_DOCUMENT: false,
+      RETURN_TRUSTED_TYPE: false,
+    }) as string;
 
-  DOMPurify.removeAllHooks();
-
-  return { output, removedTags, removedAttrs };
+    return { output, removedTags, removedAttrs };
+  } finally {
+    DOMPurify.removeAllHooks();
+  }
 }

From ae6e61420c55f0b1298fb66a5dc42ee83cbe8982 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 14:42:50 -0700
Subject: [PATCH 05/11] feat(mcp): add show_html tool + sharpen show_ui
 description
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

show_html({ html }) creates an HTML page (view-only, sandbox-rendered).
The model gets two clearly distinct tools — show_ui to ask, show_html
to show — instead of a single tool with a format flag. Sharpens
show_ui's description to point at show_html for visualization use cases.

check_result now returns the page's format in structuredContent so an
agent that polls an HTML page (against guidance) at least gets the
explicit "stop polling" signal.

Both the stdio adapter (apps/mcp/server.ts) and the in-process HTTP
MCP share the tool definitions through apps/api/mcp/tools.ts —
description sync is automatic.

Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
---
 apps/api/mcp/http.test.ts  | 10 ++++-
 apps/api/mcp/http.ts       | 14 +++++++
 apps/api/mcp/tools.test.ts | 76 ++++++++++++++++++++++++++++++++++++
 apps/api/mcp/tools.ts      | 80 ++++++++++++++++++++++++++++++--------
 apps/mcp/server.bundle.js  | 69 ++++++++++++++++++++++++++++----
 apps/mcp/server.ts         | 12 +++++-
 6 files changed, 235 insertions(+), 26 deletions(-)
 create mode 100644 apps/api/mcp/tools.test.ts

diff --git a/apps/api/mcp/http.test.ts b/apps/api/mcp/http.test.ts
index adb12fc..21f34aa 100644
--- a/apps/api/mcp/http.test.ts
+++ b/apps/api/mcp/http.test.ts
@@ -120,10 +120,14 @@ function postMcp(
 // ---------------------------------------------------------------------------
 
 describe('SDK client', () => {
-  it('lists both tools', async () => {
+  it('lists all three tools', async () => {
     const client = await newSdkClient();
     const result = await client.listTools();
-    expect(result.tools.map((t) => t.name).sort()).toEqual(['check_result', 'show_ui']);
+    expect(result.tools.map((t) => t.name).sort()).toEqual([
+      'check_result',
+      'show_html',
+      'show_ui',
+    ]);
     await client.close();
   });
 
@@ -161,6 +165,7 @@ describe('SDK client', () => {
     (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       stateAtRead: 'open',
       result: null,
+      format: 'a2ui',
     });
     const client = await newSdkClient();
     const result = await client.callTool({
@@ -170,6 +175,7 @@ describe('SDK client', () => {
     const sc = result.structuredContent as Record<string, unknown>;
     expect(sc.state).toBe('open');
     expect(sc.result).toBe(null);
+    expect(sc.format).toBe('a2ui');
     await client.close();
   });
 
diff --git a/apps/api/mcp/http.ts b/apps/api/mcp/http.ts
index 48c9944..41a558c 100644
--- a/apps/api/mcp/http.ts
+++ b/apps/api/mcp/http.ts
@@ -20,6 +20,7 @@ import { MAX_BODY_BYTES, ALLOWED_ORIGINS } from '../app.ts';
 import { clientKey } from '../client-key.ts';
 import { env } from '../schemas.ts';
 import * as store from '../store.ts';
+import { sanitize } from '../sanitize.ts';
 import { logger } from '../logger.ts';
 import { RateLimiter } from './rate-limit.ts';
 import { registerPagentTools, type PageOps } from './tools.ts';
@@ -80,6 +81,19 @@ export function buildInProcessOps(cfg: McpHttpConfig): PageOps {
         pageTtlMs: cfg.pageTtlMs,
       });
     },
+    async showHtml(html) {
+      const { output, removedTags, removedAttrs } = sanitize(html);
+      // No request context here — log at the module logger level. The REST
+      // POST /new path adds request-scoped fields; this is the MCP path.
+      logger.info(
+        { format: 'html', removedTags, removedAttrs },
+        'sanitized html submission (http mcp)',
+      );
+      return store.createPage(output, 'html', {
+        publicUrl: cfg.publicUrl,
+        pageTtlMs: cfg.pageTtlMs,
+      });
+    },
     async checkResult(page_id) {
       return store.advanceResult(page_id);
     },
diff --git a/apps/api/mcp/tools.test.ts b/apps/api/mcp/tools.test.ts
new file mode 100644
index 0000000..7e0afbf
--- /dev/null
+++ b/apps/api/mcp/tools.test.ts
@@ -0,0 +1,76 @@
+/**
+ * Unit tests for shared MCP tool registration.
+ *
+ * Exercises registerPagentTools against a stub server so we can assert
+ * the tools' shapes and descriptions without booting a transport. The
+ * HTTP MCP integration (apps/api/mcp/http.test.ts) covers end-to-end
+ * client flows; this file pins the contract the model sees.
+ */
+import { describe, it, expect } from 'vitest';
+import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
+import { registerPagentTools, type PageOps } from './tools.ts';
+
+type RegisteredTool = {
+  description: string;
+  inputSchema: unknown;
+  handler: (...args: unknown[]) => unknown;
+};
+
+function makeServer(): {
+  server: McpServer;
+  tools: Map<string, RegisteredTool>;
+} {
+  const tools = new Map<string, RegisteredTool>();
+  const server = {
+    registerTool(
+      name: string,
+      def: { description: string; inputSchema: unknown },
+      handler: (...args: unknown[]) => unknown,
+    ) {
+      tools.set(name, { ...def, handler });
+    },
+  } as unknown as McpServer;
+  return { server, tools };
+}
+
+const noopOps: PageOps = {
+  showUi: async () => ({ id: 'a'.repeat(32), url: 'http://x/a', expires_at: 0 }),
+  showHtml: async () => ({ id: 'b'.repeat(32), url: 'http://x/b', expires_at: 0 }),
+  checkResult: async () => ({ kind: 'state', state: 'open', result: null, format: 'a2ui' }),
+};
+
+describe('registerPagentTools', () => {
+  it('registers three tools: show_ui, show_html, check_result', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    expect(tools.has('show_ui')).toBe(true);
+    expect(tools.has('show_html')).toBe(true);
+    expect(tools.has('check_result')).toBe(true);
+  });
+
+  it('show_html description mentions view-only and no scripts', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const desc = tools.get('show_html')!.description;
+    expect(desc).toMatch(/view-only/i);
+    expect(desc).toMatch(/script/i);
+    expect(desc).toMatch(/JavaScript/i);
+  });
+
+  it('show_ui description distinguishes itself from show_html', () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const desc = tools.get('show_ui')!.description;
+    expect(desc).toMatch(/show_html/);
+  });
+
+  it('check_result structuredContent includes format', async () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(server, noopOps);
+    const handler = tools.get('check_result')!.handler;
+    const out = (await handler({ page_id: 'a'.repeat(32) })) as {
+      structuredContent: { state: string; result: unknown; page_id: string; format: string };
+    };
+    expect(out.structuredContent.format).toBe('a2ui');
+  });
+});
diff --git a/apps/api/mcp/tools.ts b/apps/api/mcp/tools.ts
index 0e83018..01ff646 100644
--- a/apps/api/mcp/tools.ts
+++ b/apps/api/mcp/tools.ts
@@ -23,17 +23,16 @@ export type ShowUiResult = {
   expires_at: number;
 };
 
-// `format` is required on responses from the in-process API path (which knows
-// the format from the DB row) and optional on responses from the stdio
-// adapter (which currently doesn't surface it — see Phase 2). Once the stdio
-// path adds the field, this can be tightened to required.
+// `format` is required on responses from both the in-process API path (which
+// knows the format from the DB row) and the stdio adapter (which reads it
+// from the REST API's GET /:id/result response).
 export type CheckResultOutcome =
   | { kind: 'not_found' }
-  // TODO(phase-2): make required after stdio MCP server is updated
-  | { kind: 'state'; state: PageState; result: unknown; format?: PageFormat };
+  | { kind: 'state'; state: PageState; result: unknown; format: PageFormat };
 
 export interface PageOps {
   showUi(spec: unknown): Promise<ShowUiResult>;
+  showHtml(html: string): Promise<ShowUiResult>;
   checkResult(page_id: string): Promise<CheckResultOutcome>;
 }
 
@@ -43,10 +42,11 @@ export interface PageOps {
 // skill (Codex, OpenCode, Cursor, Cline, etc.) still get the guidance.
 
 const SHOW_UI_DESCRIPTION = [
-  "Render an interactive UI in the user's browser — forms, pickers, dashboards, confirmations, multi-step wizards, surveys.",
-  'Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing — only the final submitted result.',
-  'Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec — there is no surface-replace mechanism.',
-  'After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).',
+  "Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.",
+  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing — only the final submitted result.",
+  "Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec — there is no surface-replace mechanism.",
+  "After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).",
+  "If you only want to SHOW something — a report, a chart, an infographic — use show_html instead. show_ui is for input.",
 ].join('\n\n');
 
 const SHOW_UI_INPUT_DESCRIPTION = [
@@ -57,11 +57,25 @@ const SHOW_UI_INPUT_DESCRIPTION = [
   'Keep specs small — one screen, one purpose.',
 ].join(' ');
 
+const SHOW_HTML_DESCRIPTION = [
+  "Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.",
+  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way — the user looks at it; nothing comes back.",
+  "Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.",
+  "Constraints (enforced — violations are stripped or rejected): no <script> tags, no on*= event handlers, no javascript: URLs (JavaScript does not run); no external assets — inline all CSS as <style>, embed images as data:image/...;base64,... URIs (no Google Fonts, no CDN libraries, no remote <img src=https:>); no <form> submissions (use show_ui for input); no <iframe>, <meta http-equiv=refresh>; 1 MB payload cap.",
+].join('\n\n');
+
+const SHOW_HTML_INPUT_DESCRIPTION = [
+  'A single UTF-8 HTML string. May be a fragment or a full document; the renderer wraps it in a sandboxed scaffold either way.',
+  'Inline all CSS as <style>; embed all images as data: URIs. No external assets — they will not load.',
+  'Up to 1,000,000 bytes (1 MB).',
+].join(' ');
+
 const CHECK_RESULT_DESCRIPTION = [
   'Fetch the current state of a page created by show_ui. Fire-and-return — does NOT block or wait.',
-  'Returns { state, result, page_id } where state is "open" | "submitted" | "received".',
+  'Returns { state, result, format, page_id } where state is "open" | "submitted" | "received" and format is "a2ui" | "html".',
   'When state is "open", the user has not responded yet — wait a few seconds and call again. When "submitted", result is the user input as an A2UI client-action: { name, surfaceId, sourceComponentId, context, timestamp }. When "received", you already read the result on a prior poll (treat as duplicate).',
-  'If the page expired (Page not found), do NOT retry the same page_id — ask the user in chat whether to start over, then call show_ui with a fresh spec.',
+  'If format is "html", the page is view-only — stop polling; HTML pages never produce a result.',
+  'If the page expired (Page not found), do NOT retry the same page_id — ask the user in chat whether to start over, then call show_ui (or show_html) with a fresh spec.',
 ].join('\n\n');
 
 // --- Registration ------------------------------------------------------------
@@ -94,6 +108,37 @@ export function registerPagentTools(server: McpServer, ops: PageOps): void {
     },
   );
 
+  server.registerTool(
+    'show_html',
+    {
+      title: 'Show HTML visualization to the user',
+      description: SHOW_HTML_DESCRIPTION,
+      inputSchema: {
+        html: z
+          .string()
+          .min(1)
+          .max(1_000_000)
+          .describe(SHOW_HTML_INPUT_DESCRIPTION),
+      },
+    },
+    async ({ html }) => {
+      const created = await ops.showHtml(html);
+      return {
+        content: [
+          {
+            type: 'text',
+            text: `View ready. Share this URL with the user:\n${created.url}\n\npage_id: ${created.id}\nexpires_at: ${created.expires_at}\n\nView-only — do not poll check_result for this page.`,
+          },
+        ],
+        structuredContent: {
+          page_id: created.id,
+          url: created.url,
+          expires_at: created.expires_at,
+        },
+      };
+    },
+  );
+
   server.registerTool(
     'check_result',
     {
@@ -110,18 +155,21 @@ export function registerPagentTools(server: McpServer, ops: PageOps): void {
       const outcome = await ops.checkResult(page_id);
       if (outcome.kind === 'not_found') {
         throw new Error(
-          `Page ${page_id} not found (expired or deleted). Don't retry the same page_id — ask the user whether to start over, then call show_ui with a fresh spec.`,
+          `Page ${page_id} not found (expired or deleted). Don't retry the same page_id — ask the user whether to start over, then call show_ui (or show_html) with a fresh spec.`,
         );
       }
       const text =
-        outcome.result == null
-          ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`
-          : `User submitted: ${JSON.stringify(outcome.result)}`;
+        outcome.format === 'html'
+          ? `Page ${page_id} is an HTML view (format: html). It does not produce a result — stop polling. If you need a follow-up decision, call show_ui with a fresh spec.`
+          : outcome.result == null
+            ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`
+            : `User submitted: ${JSON.stringify(outcome.result)}`;
       return {
         content: [{ type: 'text', text }],
         structuredContent: {
           state: outcome.state,
           result: outcome.result,
+          format: outcome.format,
           page_id,
         },
       };
diff --git a/apps/mcp/server.bundle.js b/apps/mcp/server.bundle.js
index 1848f4f..9b69a01 100755
--- a/apps/mcp/server.bundle.js
+++ b/apps/mcp/server.bundle.js
@@ -21103,10 +21103,11 @@ import { pathToFileURL } from "node:url";
 
 // apps/api/mcp/tools.ts
 var SHOW_UI_DESCRIPTION = [
-  "Render an interactive UI in the user's browser \u2014 forms, pickers, dashboards, confirmations, multi-step wizards, surveys.",
+  "Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.",
   "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing \u2014 only the final submitted result.",
   "Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec \u2014 there is no surface-replace mechanism.",
-  "After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking)."
+  "After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).",
+  "If you only want to SHOW something \u2014 a report, a chart, an infographic \u2014 use show_html instead. show_ui is for input."
 ].join("\n\n");
 var SHOW_UI_INPUT_DESCRIPTION = [
   "A2UI v0.9 spec \u2014 an array of A2UI messages.",
@@ -21115,11 +21116,23 @@ var SHOW_UI_INPUT_DESCRIPTION = [
   'Buttons fire actions via { action: { event: { name, context } } }; bind input fields with { value: { path: "/key" } } and reference those paths in the button context so user input flows back.',
   "Keep specs small \u2014 one screen, one purpose."
 ].join(" ");
+var SHOW_HTML_DESCRIPTION = [
+  "Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.",
+  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way \u2014 the user looks at it; nothing comes back.",
+  "Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.",
+  "Constraints (enforced \u2014 violations are stripped or rejected): no <script> tags, no on*= event handlers, no javascript: URLs (JavaScript does not run); no external assets \u2014 inline all CSS as <style>, embed images as data:image/...;base64,... URIs (no Google Fonts, no CDN libraries, no remote <img src=https:>); no <form> submissions (use show_ui for input); no <iframe>, <meta http-equiv=refresh>; 1 MB payload cap."
+].join("\n\n");
+var SHOW_HTML_INPUT_DESCRIPTION = [
+  "A single UTF-8 HTML string. May be a fragment or a full document; the renderer wraps it in a sandboxed scaffold either way.",
+  "Inline all CSS as <style>; embed all images as data: URIs. No external assets \u2014 they will not load.",
+  "Up to 1,000,000 bytes (1 MB)."
+].join(" ");
 var CHECK_RESULT_DESCRIPTION = [
   "Fetch the current state of a page created by show_ui. Fire-and-return \u2014 does NOT block or wait.",
-  'Returns { state, result, page_id } where state is "open" | "submitted" | "received".',
+  'Returns { state, result, format, page_id } where state is "open" | "submitted" | "received" and format is "a2ui" | "html".',
   'When state is "open", the user has not responded yet \u2014 wait a few seconds and call again. When "submitted", result is the user input as an A2UI client-action: { name, surfaceId, sourceComponentId, context, timestamp }. When "received", you already read the result on a prior poll (treat as duplicate).',
-  "If the page expired (Page not found), do NOT retry the same page_id \u2014 ask the user in chat whether to start over, then call show_ui with a fresh spec."
+  'If format is "html", the page is view-only \u2014 stop polling; HTML pages never produce a result.',
+  "If the page expired (Page not found), do NOT retry the same page_id \u2014 ask the user in chat whether to start over, then call show_ui (or show_html) with a fresh spec."
 ].join("\n\n");
 function registerPagentTools(server2, ops) {
   server2.registerTool(
@@ -21152,6 +21165,38 @@ expires_at: ${created.expires_at}`
       };
     }
   );
+  server2.registerTool(
+    "show_html",
+    {
+      title: "Show HTML visualization to the user",
+      description: SHOW_HTML_DESCRIPTION,
+      inputSchema: {
+        html: external_exports.string().min(1).max(1e6).describe(SHOW_HTML_INPUT_DESCRIPTION)
+      }
+    },
+    async ({ html }) => {
+      const created = await ops.showHtml(html);
+      return {
+        content: [
+          {
+            type: "text",
+            text: `View ready. Share this URL with the user:
+${created.url}
+
+page_id: ${created.id}
+expires_at: ${created.expires_at}
+
+View-only \u2014 do not poll check_result for this page.`
+          }
+        ],
+        structuredContent: {
+          page_id: created.id,
+          url: created.url,
+          expires_at: created.expires_at
+        }
+      };
+    }
+  );
   server2.registerTool(
     "check_result",
     {
@@ -21165,15 +21210,16 @@ expires_at: ${created.expires_at}`
       const outcome = await ops.checkResult(page_id);
       if (outcome.kind === "not_found") {
         throw new Error(
-          `Page ${page_id} not found (expired or deleted). Don't retry the same page_id \u2014 ask the user whether to start over, then call show_ui with a fresh spec.`
+          `Page ${page_id} not found (expired or deleted). Don't retry the same page_id \u2014 ask the user whether to start over, then call show_ui (or show_html) with a fresh spec.`
         );
       }
-      const text = outcome.result == null ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.` : `User submitted: ${JSON.stringify(outcome.result)}`;
+      const text = outcome.format === "html" ? `Page ${page_id} is an HTML view (format: html). It does not produce a result \u2014 stop polling. If you need a follow-up decision, call show_ui with a fresh spec.` : outcome.result == null ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.` : `User submitted: ${JSON.stringify(outcome.result)}`;
       return {
         content: [{ type: "text", text }],
         structuredContent: {
           state: outcome.state,
           result: outcome.result,
+          format: outcome.format,
           page_id
         }
       };
@@ -21230,6 +21276,15 @@ var restOps = {
     if (!res.ok) throw await readError(res, "show_ui");
     return await res.json();
   },
+  async showHtml(html) {
+    const res = await fetch(`${SERVICE_URL}/new`, {
+      method: "POST",
+      headers: { "content-type": "application/json" },
+      body: JSON.stringify({ format: "html", spec: html })
+    });
+    if (!res.ok) throw await readError(res, "show_html");
+    return await res.json();
+  },
   async checkResult(page_id) {
     const res = await fetch(`${SERVICE_URL}/${page_id}/result`, {
       headers: { accept: "application/json" }
@@ -21237,7 +21292,7 @@ var restOps = {
     if (res.status === 404) return { kind: "not_found" };
     if (!res.ok) throw await readError(res, "check_result");
     const body = await res.json();
-    return { kind: "state", state: body.state, result: body.result };
+    return { kind: "state", state: body.state, result: body.result, format: body.format };
   }
 };
 var server = new McpServer({ name: "pagent", version: "0.0.1" });
diff --git a/apps/mcp/server.ts b/apps/mcp/server.ts
index a437997..925de64 100755
--- a/apps/mcp/server.ts
+++ b/apps/mcp/server.ts
@@ -63,6 +63,15 @@ const restOps: PageOps = {
     if (!res.ok) throw await readError(res, 'show_ui');
     return (await res.json()) as { id: string; url: string; expires_at: number };
   },
+  async showHtml(html) {
+    const res = await fetch(`${SERVICE_URL}/new`, {
+      method: 'POST',
+      headers: { 'content-type': 'application/json' },
+      body: JSON.stringify({ format: 'html', spec: html }),
+    });
+    if (!res.ok) throw await readError(res, 'show_html');
+    return (await res.json()) as { id: string; url: string; expires_at: number };
+  },
   async checkResult(page_id) {
     const res = await fetch(`${SERVICE_URL}/${page_id}/result`, {
       headers: { accept: 'application/json' },
@@ -72,8 +81,9 @@ const restOps: PageOps = {
     const body = (await res.json()) as {
       state: 'open' | 'submitted' | 'received';
       result: unknown | null;
+      format: 'a2ui' | 'html';
     };
-    return { kind: 'state', state: body.state, result: body.result };
+    return { kind: 'state', state: body.state, result: body.result, format: body.format };
   },
 };
 

From 94936f435595005697344011d132647663f5ff83 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 14:54:23 -0700
Subject: [PATCH 06/11] fix(mcp): address Phase 2 code review (test depth, log
 naming, dedup, empty-output)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Test depth: tools.test.ts now invokes the registered handlers — a
show_html test asserts structuredContent + the "do not poll" guidance,
and a check_result test asserts the HTML branch surfaces "stop polling".
The test setup uses a makeOps(overrides) helper so each test can
partially override PageOps without rewriting the full stub.

E2E: http.test.ts gains an integration test that drives show_html via
the SDK client and asserts <script> is stripped before storage, plus a
sibling test that the sanitized-empty path surfaces an MCP error.

Log naming: the in-process MCP path's HTML log now uses
sanitizer_removed_tags / sanitizer_removed_attrs — same snake_case shape
as the REST path — so dashboards and log queries see a uniform field set.

Dedup: pulled the sanitize+log+store ritual into a shared
store.createHtmlPage helper. REST POST /new and the MCP show_html op
both call it, eliminating drift between the two paths.

Magic number: the 1_000_000 HTML payload cap moved to a new
apps/api/limits.ts (HTML_MAX_BYTES). app.ts re-exports MAX_BODY_BYTES
from it; schemas.ts and mcp/tools.ts both import it directly.

Empty-output: SanitizedEmptyError is thrown when sanitize() strips the
input to nothing. REST maps it to a 400 sanitized_empty response; the
MCP transport surfaces the throw to the client as an error. Tests cover
both paths.

Nits: check_result's ternary-of-ternary is now an explicit if/else
chain. The show_html constraints paragraph is split into newline-
delimited bullets so the LLM sees clear paragraph breaks.

Bundle: rebuilt apps/mcp/server.bundle.js so stdio MCP users get the
updated tool descriptions and HTML_MAX_BYTES wiring.
---
 apps/api/app.test.ts       | 19 ++++++++--
 apps/api/app.ts            | 43 ++++++++++++++--------
 apps/api/limits.ts         | 12 ++++++
 apps/api/mcp/http.test.ts  | 36 ++++++++++++++++++
 apps/api/mcp/http.ts       | 21 ++++++-----
 apps/api/mcp/tools.test.ts | 75 ++++++++++++++++++++++++++++++++++----
 apps/api/mcp/tools.ts      | 43 ++++++++++++----------
 apps/api/schemas.ts        |  3 +-
 apps/api/store.ts          | 43 ++++++++++++++++++++++
 apps/mcp/server.bundle.js  | 20 ++++++++--
 10 files changed, 255 insertions(+), 60 deletions(-)
 create mode 100644 apps/api/limits.ts

diff --git a/apps/api/app.test.ts b/apps/api/app.test.ts
index 645e9ec..be5f920 100644
--- a/apps/api/app.test.ts
+++ b/apps/api/app.test.ts
@@ -229,6 +229,21 @@ describe('POST /new with format=html', () => {
     expect(body.error).toBe('payload_too_large');
     expect(body.format).toBe('a2ui');
   });
+
+  it('returns 400 sanitized_empty when sanitization yields empty output', async () => {
+    // Pure forbidden tags — DOMPurify strips everything, leaving an empty
+    // string. The handler must reject with a clear error rather than store
+    // an empty HTML page.
+    const res = await app.fetch(
+      req('POST', '/new', { format: 'html', spec: '<script>alert(1)</script>' }),
+    );
+    expect(res.status).toBe(400);
+    const body = await json(res);
+    expect(body.error).toBe('sanitized_empty');
+    expect(body.format).toBe('html');
+    expect(typeof body.message).toBe('string');
+    expect(db.insertPage).not.toHaveBeenCalled();
+  });
 });
 
 // ---------------------------------------------------------------------------
@@ -327,9 +342,7 @@ describe('POST /:id/result', () => {
   it('returns 400 for result body with name: "" (empty name)', async () => {
     // Page must exist (a2ui) so we reach the body-parse stage.
     (db.getActivePage as ReturnType<typeof vi.fn>).mockResolvedValueOnce(fakePage());
-    const res = await app.fetch(
-      req('POST', `/${UNKNOWN_ID}/result`, { name: '', surfaceId: 'x' }),
-    );
+    const res = await app.fetch(req('POST', `/${UNKNOWN_ID}/result`, { name: '', surfaceId: 'x' }));
     expect(res.status).toBe(400);
     const body = await json(res);
     expect(body.error).toBe('bad_request');
diff --git a/apps/api/app.ts b/apps/api/app.ts
index 8def686..96a310d 100644
--- a/apps/api/app.ts
+++ b/apps/api/app.ts
@@ -12,8 +12,8 @@ import { trace } from '@opentelemetry/api';
 import * as db from './db.ts';
 import * as store from './store.ts';
 import { clientKey } from './client-key.ts';
+import { HTML_MAX_BYTES } from './limits.ts';
 import { env, pageIdSchema, newPageBodySchema, resultBodySchema } from './schemas.ts';
-import { sanitize } from './sanitize.ts';
 import { logger } from './logger.ts';
 import { metrics, statusClassFor } from './metrics.ts';
 import type { RequestIdVariables } from './request-id.ts';
@@ -39,10 +39,11 @@ export const PUBLIC_URL = env.PUBLIC_URL ?? `http://localhost:${PORT}`;
 export const PAGE_TTL_MS = env.PAGE_TTL_MS;
 export const ALLOWED_ORIGINS = env.ALLOWED_ORIGINS;
 
-// 1 MB is the HTML payload cap (per spec). The historical 256 KB cap for
-// A2UI specs is enforced post-parse in newPageHandler so HTML payloads at the
-// real cap pass through bodyLimit middleware untouched.
-export const MAX_BODY_BYTES = 1_000_000;
+// The absolute body cap matches HTML_MAX_BYTES — the bodyLimit middleware
+// enforces it on the wire body so HTML payloads at the spec'd 1 MB ceiling
+// pass through cleanly. The historical 256 KB cap for A2UI specs is enforced
+// post-parse in newPageHandler. Re-exported for tests / external callers.
+export const MAX_BODY_BYTES = HTML_MAX_BYTES;
 export const A2UI_MAX_SPEC_BYTES = 256_000;
 
 const newPageLimiter = rateLimiter({
@@ -235,17 +236,30 @@ const newPageHandler = async (c: Context) => {
     }
   }
 
-  let storedSpec: unknown = spec;
   if (format === 'html') {
-    const { output, removedTags, removedAttrs } = sanitize(spec as string);
-    getLog(c).info(
-      { format, sanitizer_removed_tags: removedTags, sanitizer_removed_attrs: removedAttrs },
-      'sanitized html submission',
-    );
-    storedSpec = output;
+    try {
+      const created = await store.createHtmlPage(
+        spec as string,
+        { publicUrl: PUBLIC_URL, pageTtlMs: PAGE_TTL_MS },
+        getLog(c),
+      );
+      return c.json(created, 201);
+    } catch (err) {
+      if (err instanceof store.SanitizedEmptyError) {
+        return c.json(
+          {
+            error: 'sanitized_empty',
+            format: 'html',
+            message: err.message,
+          },
+          400,
+        );
+      }
+      throw err;
+    }
   }
 
-  const created = await store.createPage(storedSpec, format, {
+  const created = await store.createPage(spec, format, {
     publicUrl: PUBLIC_URL,
     pageTtlMs: PAGE_TTL_MS,
   });
@@ -275,8 +289,7 @@ const submitResultHandler = async (c: Context) => {
   // Format check happens before body parse to fail fast on HTML pages. HTML
   // pages are view-only — there is no submit pipeline for them.
   const page = await db.getActivePage(idResult.data);
-  if (!page)
-    return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
+  if (!page) return c.json({ error: 'not_found', message: 'Page not found or expired' }, 404);
   if (page.format === 'html') {
     return c.json(
       {
diff --git a/apps/api/limits.ts b/apps/api/limits.ts
new file mode 100644
index 0000000..f7b6f78
--- /dev/null
+++ b/apps/api/limits.ts
@@ -0,0 +1,12 @@
+/**
+ * Size limits shared across the API, MCP, and schema layers.
+ *
+ * Kept in a dedicated module to avoid import cycles: schemas.ts and
+ * mcp/tools.ts both need HTML_MAX_BYTES, but app.ts already imports from
+ * schemas.ts — so we can't host the constant there.
+ */
+
+// 1 MB is the HTML payload cap (per spec). The bodyLimit middleware enforces
+// this on the wire body; the format=html branch of newPageBodySchema and the
+// show_html MCP tool both enforce it again post-parse for clear error shapes.
+export const HTML_MAX_BYTES = 1_000_000;
diff --git a/apps/api/mcp/http.test.ts b/apps/api/mcp/http.test.ts
index 21f34aa..df0f436 100644
--- a/apps/api/mcp/http.test.ts
+++ b/apps/api/mcp/http.test.ts
@@ -161,6 +161,42 @@ describe('SDK client', () => {
     await client.close();
   });
 
+  it('show_html sanitizes the input before storage and returns id/url/expires_at', async () => {
+    const client = await newSdkClient();
+    const result = await client.callTool({
+      name: 'show_html',
+      arguments: { html: '<p>safe</p><script>alert(1)</script>' },
+    });
+    const sc = result.structuredContent as Record<string, unknown>;
+    expect(typeof sc.page_id).toBe('string');
+    expect((sc.page_id as string).length).toBe(32);
+    expect(sc.url).toMatch(/^http:\/\/test\.local\//);
+    expect(typeof sc.expires_at).toBe('number');
+    // db.insertPage receives the sanitized spec — <script> is stripped, the
+    // safe <p> survives.
+    expect(db.insertPage).toHaveBeenCalledTimes(1);
+    const [insertedPage] = (db.insertPage as ReturnType<typeof vi.fn>).mock.calls[0];
+    expect(insertedPage.format).toBe('html');
+    expect(typeof insertedPage.spec).toBe('string');
+    expect(insertedPage.spec as string).toContain('<p>safe</p>');
+    expect(insertedPage.spec as string).not.toContain('<script');
+    expect(insertedPage.spec as string).not.toContain('alert(1)');
+    await client.close();
+  });
+
+  it('show_html surfaces an error when sanitization yields empty output', async () => {
+    const client = await newSdkClient();
+    const result = await client.callTool({
+      name: 'show_html',
+      arguments: { html: '<script>x</script>' },
+    });
+    expect(result.isError).toBe(true);
+    const text = (result.content as Array<{ type: string; text: string }>)[0]?.text ?? '';
+    expect(text).toMatch(/stripped/i);
+    expect(db.insertPage).not.toHaveBeenCalled();
+    await client.close();
+  });
+
   it('check_result returns the open state for an existing page', async () => {
     (db.fetchAndAdvanceResult as ReturnType<typeof vi.fn>).mockResolvedValueOnce({
       stateAtRead: 'open',
diff --git a/apps/api/mcp/http.ts b/apps/api/mcp/http.ts
index 41a558c..9467bed 100644
--- a/apps/api/mcp/http.ts
+++ b/apps/api/mcp/http.ts
@@ -20,7 +20,6 @@ import { MAX_BODY_BYTES, ALLOWED_ORIGINS } from '../app.ts';
 import { clientKey } from '../client-key.ts';
 import { env } from '../schemas.ts';
 import * as store from '../store.ts';
-import { sanitize } from '../sanitize.ts';
 import { logger } from '../logger.ts';
 import { RateLimiter } from './rate-limit.ts';
 import { registerPagentTools, type PageOps } from './tools.ts';
@@ -82,17 +81,19 @@ export function buildInProcessOps(cfg: McpHttpConfig): PageOps {
       });
     },
     async showHtml(html) {
-      const { output, removedTags, removedAttrs } = sanitize(html);
       // No request context here — log at the module logger level. The REST
-      // POST /new path adds request-scoped fields; this is the MCP path.
-      logger.info(
-        { format: 'html', removedTags, removedAttrs },
-        'sanitized html submission (http mcp)',
+      // POST /new path passes a request-scoped child logger; this is the MCP
+      // path. store.createHtmlPage handles sanitize+log+store in one ritual
+      // and throws SanitizedEmptyError if the input was stripped to empty —
+      // the MCP transport surfaces the throw to the client as an error.
+      return store.createHtmlPage(
+        html,
+        {
+          publicUrl: cfg.publicUrl,
+          pageTtlMs: cfg.pageTtlMs,
+        },
+        logger,
       );
-      return store.createPage(output, 'html', {
-        publicUrl: cfg.publicUrl,
-        pageTtlMs: cfg.pageTtlMs,
-      });
     },
     async checkResult(page_id) {
       return store.advanceResult(page_id);
diff --git a/apps/api/mcp/tools.test.ts b/apps/api/mcp/tools.test.ts
index 7e0afbf..3095fcb 100644
--- a/apps/api/mcp/tools.test.ts
+++ b/apps/api/mcp/tools.test.ts
@@ -2,9 +2,10 @@
  * Unit tests for shared MCP tool registration.
  *
  * Exercises registerPagentTools against a stub server so we can assert
- * the tools' shapes and descriptions without booting a transport. The
- * HTTP MCP integration (apps/api/mcp/http.test.ts) covers end-to-end
- * client flows; this file pins the contract the model sees.
+ * the tools' shapes, descriptions, and handler behavior without booting
+ * a transport. The HTTP MCP integration (apps/api/mcp/http.test.ts)
+ * covers end-to-end client flows; this file pins the contract the model
+ * sees and the per-tool handler logic.
  */
 import { describe, it, expect } from 'vitest';
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
@@ -33,16 +34,22 @@ function makeServer(): {
   return { server, tools };
 }
 
-const noopOps: PageOps = {
+// Default no-op PageOps. Tests that exercise a specific handler call
+// makeOps({ ... }) to override one or more methods.
+const defaultOps: PageOps = {
   showUi: async () => ({ id: 'a'.repeat(32), url: 'http://x/a', expires_at: 0 }),
   showHtml: async () => ({ id: 'b'.repeat(32), url: 'http://x/b', expires_at: 0 }),
   checkResult: async () => ({ kind: 'state', state: 'open', result: null, format: 'a2ui' }),
 };
 
+function makeOps(overrides: Partial<PageOps> = {}): PageOps {
+  return { ...defaultOps, ...overrides };
+}
+
 describe('registerPagentTools', () => {
   it('registers three tools: show_ui, show_html, check_result', () => {
     const { server, tools } = makeServer();
-    registerPagentTools(server, noopOps);
+    registerPagentTools(server, makeOps());
     expect(tools.has('show_ui')).toBe(true);
     expect(tools.has('show_html')).toBe(true);
     expect(tools.has('check_result')).toBe(true);
@@ -50,7 +57,7 @@ describe('registerPagentTools', () => {
 
   it('show_html description mentions view-only and no scripts', () => {
     const { server, tools } = makeServer();
-    registerPagentTools(server, noopOps);
+    registerPagentTools(server, makeOps());
     const desc = tools.get('show_html')!.description;
     expect(desc).toMatch(/view-only/i);
     expect(desc).toMatch(/script/i);
@@ -59,18 +66,70 @@ describe('registerPagentTools', () => {
 
   it('show_ui description distinguishes itself from show_html', () => {
     const { server, tools } = makeServer();
-    registerPagentTools(server, noopOps);
+    registerPagentTools(server, makeOps());
     const desc = tools.get('show_ui')!.description;
     expect(desc).toMatch(/show_html/);
   });
 
   it('check_result structuredContent includes format', async () => {
     const { server, tools } = makeServer();
-    registerPagentTools(server, noopOps);
+    registerPagentTools(server, makeOps());
     const handler = tools.get('check_result')!.handler;
     const out = (await handler({ page_id: 'a'.repeat(32) })) as {
       structuredContent: { state: string; result: unknown; page_id: string; format: string };
     };
     expect(out.structuredContent.format).toBe('a2ui');
   });
+
+  it('show_html handler returns structuredContent matching showHtml + "do not poll" text', async () => {
+    const { server, tools } = makeServer();
+    const expectedId = 'c'.repeat(32);
+    const expectedUrl = 'http://test.local/' + expectedId;
+    const expectedExpires = 1700000000000;
+    registerPagentTools(
+      server,
+      makeOps({
+        showHtml: async (html) => {
+          // Sanity check: handler must forward the html argument.
+          expect(html).toBe('<p>x</p>');
+          return { id: expectedId, url: expectedUrl, expires_at: expectedExpires };
+        },
+      }),
+    );
+    const handler = tools.get('show_html')!.handler;
+    const out = (await handler({ html: '<p>x</p>' })) as {
+      structuredContent: { page_id: string; url: string; expires_at: number };
+      content: Array<{ type: string; text: string }>;
+    };
+    expect(out.structuredContent.page_id).toBe(expectedId);
+    expect(out.structuredContent.url).toBe(expectedUrl);
+    expect(out.structuredContent.expires_at).toBe(expectedExpires);
+    // Per show_html handler text (tools.ts), the LLM-facing string tells the
+    // model the page is view-only and not to poll. Match on "do not poll".
+    expect(out.content[0]?.text).toMatch(/do not poll/i);
+  });
+
+  it('check_result handler on an HTML page surfaces "stop polling" guidance', async () => {
+    const { server, tools } = makeServer();
+    registerPagentTools(
+      server,
+      makeOps({
+        checkResult: async () => ({
+          kind: 'state',
+          state: 'open',
+          result: null,
+          format: 'html',
+        }),
+      }),
+    );
+    const handler = tools.get('check_result')!.handler;
+    const out = (await handler({ page_id: 'd'.repeat(32) })) as {
+      structuredContent: { state: string; result: unknown; format: string; page_id: string };
+      content: Array<{ type: string; text: string }>;
+    };
+    expect(out.structuredContent.format).toBe('html');
+    expect(out.structuredContent.state).toBe('open');
+    expect(out.structuredContent.result).toBe(null);
+    expect(out.content[0]?.text).toMatch(/stop polling/i);
+  });
 });
diff --git a/apps/api/mcp/tools.ts b/apps/api/mcp/tools.ts
index 01ff646..091637e 100644
--- a/apps/api/mcp/tools.ts
+++ b/apps/api/mcp/tools.ts
@@ -10,6 +10,7 @@
  */
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { z } from 'zod';
+import { HTML_MAX_BYTES } from '../limits.ts';
 
 // --- Operations contract -----------------------------------------------------
 
@@ -42,11 +43,11 @@ export interface PageOps {
 // skill (Codex, OpenCode, Cursor, Cline, etc.) still get the guidance.
 
 const SHOW_UI_DESCRIPTION = [
-  "Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.",
-  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing — only the final submitted result.",
-  "Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec — there is no surface-replace mechanism.",
-  "After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).",
-  "If you only want to SHOW something — a report, a chart, an infographic — use show_html instead. show_ui is for input.",
+  'Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.',
+  'Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The agent never sees the user typing — only the final submitted result.',
+  'Each page is single-shot: one spec, one result. For a follow-up question, call show_ui again with a fresh spec — there is no surface-replace mechanism.',
+  'After this call, poll check_result on your own cadence to read the user response (start at 2-3s, back off exponentially up to ~30s; do other useful work between polls rather than blocking).',
+  'If you only want to SHOW something — a report, a chart, an infographic — use show_html instead. show_ui is for input.',
 ].join('\n\n');
 
 const SHOW_UI_INPUT_DESCRIPTION = [
@@ -58,10 +59,14 @@ const SHOW_UI_INPUT_DESCRIPTION = [
 ].join(' ');
 
 const SHOW_HTML_DESCRIPTION = [
-  "Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.",
-  "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way — the user looks at it; nothing comes back.",
-  "Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.",
-  "Constraints (enforced — violations are stripped or rejected): no <script> tags, no on*= event handlers, no javascript: URLs (JavaScript does not run); no external assets — inline all CSS as <style>, embed images as data:image/...;base64,... URIs (no Google Fonts, no CDN libraries, no remote <img src=https:>); no <form> submissions (use show_ui for input); no <iframe>, <meta http-equiv=refresh>; 1 MB payload cap.",
+  'Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.',
+  'Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way — the user looks at it; nothing comes back.',
+  'Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.',
+  'Constraints (enforced — violations are stripped or rejected):',
+  'No JavaScript: no <script> tags, no on*= event handlers, no javascript: URLs. JavaScript does not run.',
+  'No external assets: inline all CSS as <style>, embed images as data:image/...;base64,... URIs. No Google Fonts, no CDN libraries, no remote <img src=https:>.',
+  'No forms, iframes, or meta refresh: <form> submissions (use show_ui for input), <iframe>, and <meta http-equiv=refresh> are stripped.',
+  '1 MB payload cap.',
 ].join('\n\n');
 
 const SHOW_HTML_INPUT_DESCRIPTION = [
@@ -114,11 +119,7 @@ export function registerPagentTools(server: McpServer, ops: PageOps): void {
       title: 'Show HTML visualization to the user',
       description: SHOW_HTML_DESCRIPTION,
       inputSchema: {
-        html: z
-          .string()
-          .min(1)
-          .max(1_000_000)
-          .describe(SHOW_HTML_INPUT_DESCRIPTION),
+        html: z.string().min(1).max(HTML_MAX_BYTES).describe(SHOW_HTML_INPUT_DESCRIPTION),
       },
     },
     async ({ html }) => {
@@ -158,12 +159,14 @@ export function registerPagentTools(server: McpServer, ops: PageOps): void {
           `Page ${page_id} not found (expired or deleted). Don't retry the same page_id — ask the user whether to start over, then call show_ui (or show_html) with a fresh spec.`,
         );
       }
-      const text =
-        outcome.format === 'html'
-          ? `Page ${page_id} is an HTML view (format: html). It does not produce a result — stop polling. If you need a follow-up decision, call show_ui with a fresh spec.`
-          : outcome.result == null
-            ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`
-            : `User submitted: ${JSON.stringify(outcome.result)}`;
+      let text: string;
+      if (outcome.format === 'html') {
+        text = `Page ${page_id} is an HTML view (format: html). It does not produce a result — stop polling. If you need a follow-up decision, call show_ui with a fresh spec.`;
+      } else if (outcome.result == null) {
+        text = `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`;
+      } else {
+        text = `User submitted: ${JSON.stringify(outcome.result)}`;
+      }
       return {
         content: [{ type: 'text', text }],
         structuredContent: {
diff --git a/apps/api/schemas.ts b/apps/api/schemas.ts
index a7e2fa9..7f945bd 100644
--- a/apps/api/schemas.ts
+++ b/apps/api/schemas.ts
@@ -1,4 +1,5 @@
 import { z } from 'zod';
+import { HTML_MAX_BYTES } from './limits.ts';
 
 // --- Page ID -----------------------------------------------------------------
 
@@ -22,7 +23,7 @@ export const newPageBodySchema = z.union([
     .refine((b) => 'spec' in b, { message: "missing 'spec'" }),
   z.object({
     format: z.literal('html'),
-    spec: z.string().min(1).max(1_000_000),
+    spec: z.string().min(1).max(HTML_MAX_BYTES),
   }),
 ]);
 
diff --git a/apps/api/store.ts b/apps/api/store.ts
index 614138c..72053f2 100644
--- a/apps/api/store.ts
+++ b/apps/api/store.ts
@@ -7,9 +7,11 @@
  * forward them through `PageOps` without a structural-equivalence dance.
  */
 import { randomBytes } from 'node:crypto';
+import type { Logger } from 'pino';
 import * as db from './db.ts';
 import type { Page, PageFormat } from './db.ts';
 import { metrics } from './metrics.ts';
+import { sanitize } from './sanitize.ts';
 import type { ShowUiResult, CheckResultOutcome } from './mcp/tools.ts';
 
 export type CreatePageConfig = {
@@ -17,6 +19,19 @@ export type CreatePageConfig = {
   pageTtlMs: number;
 };
 
+/**
+ * Thrown by createHtmlPage when sanitization strips the input to empty.
+ * REST and MCP both map this to a clear 400 so the agent knows their payload
+ * was malformed (all-forbidden tags, all-event-handlers, etc.) rather than
+ * silently storing an empty page.
+ */
+export class SanitizedEmptyError extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'SanitizedEmptyError';
+  }
+}
+
 export const newId = (): string => randomBytes(16).toString('hex');
 
 export async function createPage(
@@ -43,6 +58,34 @@ export async function createPage(
   };
 }
 
+/**
+ * Sanitize + log + store an HTML submission. Shared between the REST
+ * POST /new path and the in-process MCP `show_html` tool so the sanitize
+ * ritual evolves in one place. Throws SanitizedEmptyError if the input was
+ * stripped to empty — the caller is responsible for surfacing the 400.
+ *
+ * The logger is narrowed to `Pick<Logger, 'info'>` so callers can pass a
+ * child logger with request-scoped fields baked in (REST) or the module
+ * logger (MCP path, which has no request context to attach).
+ */
+export async function createHtmlPage(
+  rawHtml: string,
+  cfg: CreatePageConfig,
+  log: Pick<Logger, 'info'>,
+): Promise<ShowUiResult> {
+  const { output, removedTags, removedAttrs } = sanitize(rawHtml);
+  log.info(
+    { format: 'html', sanitizer_removed_tags: removedTags, sanitizer_removed_attrs: removedAttrs },
+    'sanitized html submission',
+  );
+  if (output.trim() === '') {
+    throw new SanitizedEmptyError(
+      'All HTML content was stripped by the sanitizer. The submission contained only forbidden tags (e.g., <script>, <iframe>) or all event handlers. Re-author the HTML using inline-only styles and safe markup.',
+    );
+  }
+  return createPage(output, 'html', cfg);
+}
+
 export async function advanceResult(id: string): Promise<CheckResultOutcome> {
   const r = await db.fetchAndAdvanceResult(id);
   if (!r) return { kind: 'not_found' };
diff --git a/apps/mcp/server.bundle.js b/apps/mcp/server.bundle.js
index 9b69a01..7a864c3 100755
--- a/apps/mcp/server.bundle.js
+++ b/apps/mcp/server.bundle.js
@@ -21101,6 +21101,9 @@ var StdioServerTransport = class {
 // apps/mcp/server.ts
 import { pathToFileURL } from "node:url";
 
+// apps/api/limits.ts
+var HTML_MAX_BYTES = 1e6;
+
 // apps/api/mcp/tools.ts
 var SHOW_UI_DESCRIPTION = [
   "Ask the user a question that needs a structured answer back. Forms, pickers, confirmations, multi-step wizards, surveys, dashboards-as-input.",
@@ -21120,7 +21123,11 @@ var SHOW_HTML_DESCRIPTION = [
   "Show the user a rich visualization: a styled report, dashboard, chart, infographic, comparison table, slide, or other view-only artifact.",
   "Returns { page_id, url, expires_at }. PRINT the URL so the user can open it. The page is one-way \u2014 the user looks at it; nothing comes back.",
   "Do NOT poll check_result for HTML pages; they never produce a result. If you need a follow-up decision, call show_ui after with a fresh spec.",
-  "Constraints (enforced \u2014 violations are stripped or rejected): no <script> tags, no on*= event handlers, no javascript: URLs (JavaScript does not run); no external assets \u2014 inline all CSS as <style>, embed images as data:image/...;base64,... URIs (no Google Fonts, no CDN libraries, no remote <img src=https:>); no <form> submissions (use show_ui for input); no <iframe>, <meta http-equiv=refresh>; 1 MB payload cap."
+  "Constraints (enforced \u2014 violations are stripped or rejected):",
+  "No JavaScript: no <script> tags, no on*= event handlers, no javascript: URLs. JavaScript does not run.",
+  "No external assets: inline all CSS as <style>, embed images as data:image/...;base64,... URIs. No Google Fonts, no CDN libraries, no remote <img src=https:>.",
+  "No forms, iframes, or meta refresh: <form> submissions (use show_ui for input), <iframe>, and <meta http-equiv=refresh> are stripped.",
+  "1 MB payload cap."
 ].join("\n\n");
 var SHOW_HTML_INPUT_DESCRIPTION = [
   "A single UTF-8 HTML string. May be a fragment or a full document; the renderer wraps it in a sandboxed scaffold either way.",
@@ -21171,7 +21178,7 @@ expires_at: ${created.expires_at}`
       title: "Show HTML visualization to the user",
       description: SHOW_HTML_DESCRIPTION,
       inputSchema: {
-        html: external_exports.string().min(1).max(1e6).describe(SHOW_HTML_INPUT_DESCRIPTION)
+        html: external_exports.string().min(1).max(HTML_MAX_BYTES).describe(SHOW_HTML_INPUT_DESCRIPTION)
       }
     },
     async ({ html }) => {
@@ -21213,7 +21220,14 @@ View-only \u2014 do not poll check_result for this page.`
           `Page ${page_id} not found (expired or deleted). Don't retry the same page_id \u2014 ask the user whether to start over, then call show_ui (or show_html) with a fresh spec.`
         );
       }
-      const text = outcome.format === "html" ? `Page ${page_id} is an HTML view (format: html). It does not produce a result \u2014 stop polling. If you need a follow-up decision, call show_ui with a fresh spec.` : outcome.result == null ? `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.` : `User submitted: ${JSON.stringify(outcome.result)}`;
+      let text;
+      if (outcome.format === "html") {
+        text = `Page ${page_id} is an HTML view (format: html). It does not produce a result \u2014 stop polling. If you need a follow-up decision, call show_ui with a fresh spec.`;
+      } else if (outcome.result == null) {
+        text = `User has not responded yet (state: ${outcome.state}). Call check_result again in a few seconds.`;
+      } else {
+        text = `User submitted: ${JSON.stringify(outcome.result)}`;
+      }
       return {
         content: [{ type: "text", text }],
         structuredContent: {

From f19f112508fda658c4931e026cd3a7881538756f Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 15:03:58 -0700
Subject: [PATCH 07/11] feat(web): render HTML pages in sandboxed iframe +
 update skill

The renderer routes by the new `format` field. A2UI pages keep the
existing Lit/A2UI path unchanged. HTML pages render inside an iframe
with sandbox="" (no allow-scripts, no allow-same-origin) and an
opaque origin, with a strict CSP meta tag and noindex/no-referrer
attached to the scaffold. The shell adds a thin chrome bar with an
"AI-generated content" label and a mailto: Report link.

Adds buildIframeCsp() to apps/web/csp.ts and a small html-renderer
module with pure functions (buildScaffoldedHtml, createSandboxedIframe)
so the security-critical paths are unit-tested in isolation.

SKILL.md gets a "show vs ask" section and a worked HTML example; the
front-matter description now covers both tools.

OpenAPI spec documents the new format field on POST /new and the GET
responses.

Spec: docs/superpowers/specs/2026-05-15-html-format-design.md
---
 apps/web/csp.test.ts           | 50 +++++++++++++++++++-
 apps/web/csp.ts                | 30 ++++++++++++
 apps/web/html-renderer.test.ts | 72 ++++++++++++++++++++++++++++
 apps/web/html-renderer.ts      | 56 ++++++++++++++++++++++
 apps/web/main.ts               | 86 ++++++++++++++++++++++++++++++++++
 apps/web/package.json          |  1 +
 docs/openapi.yaml              | 81 +++++++++++++++++++++++++++-----
 package-lock.json              | 59 +++++++++++++++++++++++
 skills/pagent/SKILL.md         | 74 +++++++++++++++++++++++++++--
 9 files changed, 490 insertions(+), 19 deletions(-)
 create mode 100644 apps/web/html-renderer.test.ts
 create mode 100644 apps/web/html-renderer.ts

diff --git a/apps/web/csp.test.ts b/apps/web/csp.test.ts
index 48b2978..f452026 100644
--- a/apps/web/csp.test.ts
+++ b/apps/web/csp.test.ts
@@ -1,5 +1,5 @@
 import { describe, it, expect } from 'vitest';
-import { buildCsp } from './csp.js';
+import { buildCsp, buildIframeCsp } from './csp.js';
 
 const ALL_DIRECTIVES = [
   'default-src',
@@ -48,3 +48,51 @@ describe('buildCsp', () => {
     }
   });
 });
+
+describe('buildIframeCsp', () => {
+  const csp = buildIframeCsp();
+
+  it("sets default-src 'none'", () => {
+    expect(csp).toMatch(/default-src 'none'/);
+  });
+
+  it("allows img-src 'self' data:", () => {
+    expect(csp).toMatch(/img-src 'self' data:/);
+  });
+
+  it("allows style-src 'unsafe-inline' only (no external)", () => {
+    expect(csp).toMatch(/style-src 'unsafe-inline'/);
+    expect(csp).not.toMatch(/style-src[^;]*https:/);
+  });
+
+  it('allows font-src data: only', () => {
+    expect(csp).toMatch(/font-src data:/);
+    expect(csp).not.toMatch(/font-src[^;]*https:/);
+  });
+
+  it("blocks form submission via form-action 'none'", () => {
+    expect(csp).toMatch(/form-action 'none'/);
+  });
+
+  it("blocks nested iframes via frame-src 'none'", () => {
+    expect(csp).toMatch(/frame-src 'none'/);
+  });
+
+  it("blocks base-uri rewriting via base-uri 'none'", () => {
+    expect(csp).toMatch(/base-uri 'none'/);
+  });
+
+  it('declares sandbox', () => {
+    expect(csp).toMatch(/(^|; )sandbox(;|$)/);
+  });
+
+  it('does not enable scripts (no script-src directive)', () => {
+    // default-src 'none' covers script-src by default; explicit script-src
+    // would be a regression — assert absence.
+    expect(csp).not.toMatch(/script-src/);
+  });
+
+  it('does not include frame-ancestors (handled upstream by shell X-Frame-Options)', () => {
+    expect(csp).not.toMatch(/frame-ancestors/);
+  });
+});
diff --git a/apps/web/csp.ts b/apps/web/csp.ts
index e028a82..8ab0231 100644
--- a/apps/web/csp.ts
+++ b/apps/web/csp.ts
@@ -28,3 +28,33 @@ export function buildCsp(apiUrl: string | undefined): string {
     "form-action 'self'",
   ].join('; ');
 }
+
+/**
+ * Build the Content-Security-Policy for the *iframe* that wraps agent-submitted
+ * HTML. Injected as a <meta http-equiv> inside the srcdoc scaffold (the iframe
+ * has an opaque origin under sandbox="" so per-request HTTP headers aren't an
+ * option; meta is what the browser will enforce).
+ *
+ * default-src 'none' starts every fetch class denied. We re-enable only the
+ * narrow set HTML pages need to render: inline styles, inline images via
+ * data: URIs, inline fonts via data:. No script, no connect, no form, no
+ * external anything. Sandbox at the CSP level is redundant with the iframe
+ * sandbox attribute but cheap as a second layer.
+ *
+ * frame-ancestors is deliberately omitted. The opaque-origin iframe makes
+ * 'self' meaningless (every opaque origin is unique and can never match the
+ * parent). The shell origin sets X-Frame-Options: DENY upstream, which is
+ * what would have been protected here.
+ */
+export function buildIframeCsp(): string {
+  return [
+    "default-src 'none'",
+    "img-src 'self' data:",
+    "style-src 'unsafe-inline'",
+    'font-src data:',
+    "form-action 'none'",
+    "frame-src 'none'",
+    "base-uri 'none'",
+    'sandbox',
+  ].join('; ');
+}
diff --git a/apps/web/html-renderer.test.ts b/apps/web/html-renderer.test.ts
new file mode 100644
index 0000000..ef5c2f8
--- /dev/null
+++ b/apps/web/html-renderer.test.ts
@@ -0,0 +1,72 @@
+// @vitest-environment happy-dom
+import { describe, it, expect } from 'vitest';
+import { buildScaffoldedHtml, createSandboxedIframe } from './html-renderer.ts';
+
+describe('buildScaffoldedHtml', () => {
+  it('wraps the agent body in <!doctype html>', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out.startsWith('<!doctype html>')).toBe(true);
+  });
+
+  it('includes a charset meta tag', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta charset="utf-8">/);
+  });
+
+  it('includes the iframe CSP meta tag', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta http-equiv="Content-Security-Policy"/);
+    expect(out).toMatch(/default-src 'none'/);
+  });
+
+  it('includes robots noindex,nofollow,noarchive', () => {
+    const out = buildScaffoldedHtml('<p>x</p>');
+    expect(out).toMatch(/<meta name="robots" content="noindex,nofollow,noarchive">/);
+  });
+
+  it('injects the agent body inside <body>', () => {
+    const out = buildScaffoldedHtml('<p class="x">hello</p>');
+    expect(out).toMatch(/<body><p class="x">hello<\/p><\/body>/);
+  });
+
+  it('does not interpret the agent body as a template (no double-encoding)', () => {
+    const safe = '<div>Hello &amp; goodbye</div>';
+    const out = buildScaffoldedHtml(safe);
+    expect(out).toContain(safe);
+  });
+});
+
+describe('createSandboxedIframe', () => {
+  it('uses sandbox="" (empty string, no tokens)', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('sandbox')).toBe('');
+  });
+
+  it('never includes allow-scripts or allow-same-origin', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    const sandbox = iframe.getAttribute('sandbox') ?? '';
+    expect(sandbox).not.toContain('allow-scripts');
+    expect(sandbox).not.toContain('allow-same-origin');
+  });
+
+  it('sets referrerpolicy="no-referrer"', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('referrerpolicy')).toBe('no-referrer');
+  });
+
+  it('sets allow="" (empty Permissions-Policy delegation)', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.getAttribute('allow')).toBe('');
+  });
+
+  it('sets srcdoc to the scaffolded HTML', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.srcdoc).toContain('<p>x</p>');
+    expect(iframe.srcdoc).toContain('default-src');
+  });
+
+  it('sets a descriptive title', () => {
+    const iframe = createSandboxedIframe('<p>x</p>');
+    expect(iframe.title.length).toBeGreaterThan(0);
+  });
+});
diff --git a/apps/web/html-renderer.ts b/apps/web/html-renderer.ts
new file mode 100644
index 0000000..c22d247
--- /dev/null
+++ b/apps/web/html-renderer.ts
@@ -0,0 +1,56 @@
+/**
+ * Renders agent-submitted HTML inside a maximally-locked-down sandboxed iframe.
+ *
+ * Layer 1 (server, apps/api/sanitize.ts) — DOMPurify strips dangerous tags/attrs
+ *   before storage.
+ * Layer 2 (this module) — wraps in a scaffold with strict CSP meta + sets
+ *   iframe sandbox="" so the iframe document has an opaque origin and no
+ *   capabilities. JS does not run.
+ * Layer 3 (browser) — same-origin policy enforces opaque-origin isolation
+ *   regardless of what the HTML tries to do.
+ *
+ * The design assumption that JS is OFF is structural — see
+ * docs/superpowers/specs/2026-05-15-html-format-design.md § Structural
+ * constraint. If anyone adds allow-scripts, the CI tripwire breaks.
+ */
+import { buildIframeCsp } from './csp.ts';
+
+/**
+ * Wrap the (pre-sanitized) agent HTML in a security-headered scaffold.
+ * The scaffold is the document the browser parses inside the iframe.
+ */
+export function buildScaffoldedHtml(sanitizedHtml: string): string {
+  return `<!doctype html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta http-equiv="Content-Security-Policy" content="${buildIframeCsp()}">
+<meta name="robots" content="noindex,nofollow,noarchive">
+<meta name="referrer" content="no-referrer">
+<base target="_blank" rel="noopener noreferrer nofollow ugc">
+<meta name="viewport" content="width=device-width,initial-scale=1">
+</head>
+<body>${sanitizedHtml}</body>
+</html>`;
+}
+
+/**
+ * Create an iframe element pre-configured with the lockdown attributes.
+ * Caller appends to the DOM; this function never touches `document`.
+ *
+ * CI tripwire: tests assert sandbox="" with no tokens. Removing or
+ * weakening this is a security regression per spec.
+ */
+export function createSandboxedIframe(sanitizedHtml: string): HTMLIFrameElement {
+  const iframe = document.createElement('iframe');
+  // CRITICAL: empty string — no tokens. allow-scripts / allow-same-origin
+  // are forbidden. See spec § Structural constraint.
+  iframe.setAttribute('sandbox', '');
+  iframe.setAttribute('referrerpolicy', 'no-referrer');
+  iframe.setAttribute('allow', '');
+  iframe.setAttribute('loading', 'lazy');
+  iframe.title = 'Agent-generated content';
+  iframe.srcdoc = buildScaffoldedHtml(sanitizedHtml);
+  iframe.style.cssText = 'width:100%;height:100vh;border:0;display:block';
+  return iframe;
+}
diff --git a/apps/web/main.ts b/apps/web/main.ts
index 89cfb7e..631bfe9 100644
--- a/apps/web/main.ts
+++ b/apps/web/main.ts
@@ -7,13 +7,16 @@ import '@a2ui/lit/v0_9'; // registers <a2ui-surface>
 import './home'; // registers <home-page>
 import { assertCatalogsAllowed } from './spec-guard.js';
 import { nextPollDelay, pollTimeoutMessage } from './poll-backoff.js';
+import { createSandboxedIframe } from './html-renderer.js';
 
 /** Hard-coded allowlist of catalog URLs the renderer is permitted to use. */
 const ALLOWED_CATALOG_IDS = [basicCatalog.id] as const;
 
+type PageFormat = 'a2ui' | 'html';
 type PageState = 'open' | 'submitted' | 'received';
 type PageResponse = {
   spec: unknown;
+  format?: PageFormat; // optional for forward-compat with older API responses
   state: PageState;
   result: unknown | null;
   expires_at: number | string;
@@ -38,6 +41,8 @@ class AgentUIApp extends SignalWatcher(LitElement) {
     awaiting: { state: true },
     awaitingMessage: { state: true },
     awaitingStalled: { state: true },
+    format: { state: true },
+    htmlBody: { state: true },
   };
 
   static styles = css`
@@ -145,6 +150,29 @@ class AgentUIApp extends SignalWatcher(LitElement) {
       font-family: 'Material Symbols Outlined', sans-serif;
       font-variation-settings: 'FILL' 1;
     }
+    .html-chrome {
+      display: flex;
+      align-items: center;
+      justify-content: space-between;
+      padding: 8px 14px;
+      background: light-dark(rgba(245, 245, 247, 0.95), rgba(20, 24, 32, 0.95));
+      backdrop-filter: blur(8px);
+      border-bottom: 1px solid light-dark(rgba(0, 0, 0, 0.08), rgba(255, 255, 255, 0.08));
+      font-size: 13px;
+      color: var(--muted, #777);
+    }
+    .html-chrome-label::before {
+      content: '✦ ';
+      opacity: 0.6;
+    }
+    .html-chrome-report {
+      color: inherit;
+      text-decoration: underline;
+      font-size: 12px;
+    }
+    .html-chrome-report:hover {
+      color: var(--fg, #1b1b1b);
+    }
   `;
 
   declare status: 'connecting' | 'live' | 'closed' | 'error';
@@ -153,6 +181,8 @@ class AgentUIApp extends SignalWatcher(LitElement) {
   declare awaiting: boolean;
   declare awaitingMessage: string;
   declare awaitingStalled: boolean;
+  declare format: PageFormat;
+  declare htmlBody: string | null;
 
   constructor() {
     super();
@@ -162,6 +192,8 @@ class AgentUIApp extends SignalWatcher(LitElement) {
     this.awaiting = false;
     this.awaitingMessage = 'Sent — waiting for the agent…';
     this.awaitingStalled = false;
+    this.format = 'a2ui';
+    this.htmlBody = null;
   }
 
   private processor = new v0_9.MessageProcessor(
@@ -235,6 +267,18 @@ class AgentUIApp extends SignalWatcher(LitElement) {
         return;
       }
       const page = (await res.json()) as PageResponse;
+      this.format = page.format ?? 'a2ui';
+
+      if (this.format === 'html') {
+        // HTML pages are pre-sanitized server-side. We trust the byte-string
+        // and wrap it in a sandboxed iframe. The iframe is opaque-origin and
+        // JS-free; nothing it does can reach back into this shell.
+        this.htmlBody = typeof page.spec === 'string' ? page.spec : '';
+        this.status = 'live';
+        return;
+      }
+
+      // A2UI path (existing behavior).
       this.applySpec(page.spec);
       this.status = 'live';
 
@@ -334,6 +378,11 @@ class AgentUIApp extends SignalWatcher(LitElement) {
     if (this.status === 'closed') {
       return html`<div class="status">Session ended.</div>`;
     }
+
+    if (this.format === 'html') {
+      return this.renderHtml();
+    }
+
     const surfaces = Array.from(this.processor.model.surfacesMap.entries());
     if (surfaces.length === 0) {
       return html`<div class="pending">
@@ -367,6 +416,43 @@ class AgentUIApp extends SignalWatcher(LitElement) {
       ${this.error ? html`<div class="error">${this.error}</div>` : nothing}
     </section>`;
   }
+
+  private renderHtml() {
+    if (this.htmlBody == null) {
+      return html`<div class="pending">
+        <div class="spinner"></div>
+        <div class="status">Loading…</div>
+      </div>`;
+    }
+    return html`
+      <header class="html-chrome" role="contentinfo">
+        <span class="html-chrome-label">AI-generated content</span>
+        <a
+          class="html-chrome-report"
+          href=${`mailto:alex@blockful.io?subject=${encodeURIComponent(`Abuse report for page ${pageId}`)}&body=${encodeURIComponent(`Page id: ${pageId}\nDescribe the abuse:\n\n`)}`}
+          target="_blank"
+          rel="noopener noreferrer"
+        >
+          Report
+        </a>
+      </header>
+      ${this.htmlIframe()}
+    `;
+  }
+
+  // The Lit literal cannot embed a raw iframe element easily because Lit owns
+  // attribute setting and srcdoc would be re-escaped. We construct the iframe
+  // imperatively and stash it across renders via this helper.
+  private cachedIframe: HTMLIFrameElement | null = null;
+  private cachedIframeFor: string | null = null;
+  private htmlIframe() {
+    if (this.htmlBody == null) return nothing;
+    if (this.cachedIframe == null || this.cachedIframeFor !== this.htmlBody) {
+      this.cachedIframe = createSandboxedIframe(this.htmlBody);
+      this.cachedIframeFor = this.htmlBody;
+    }
+    return this.cachedIframe;
+  }
 }
 
 customElements.define('agent-ui-app', AgentUIApp);
diff --git a/apps/web/package.json b/apps/web/package.json
index eae5c44..07a612e 100644
--- a/apps/web/package.json
+++ b/apps/web/package.json
@@ -19,6 +19,7 @@
     "signal-utils": "^0.21.1"
   },
   "devDependencies": {
+    "happy-dom": "^20.9.0",
     "typescript": "^5.6.0",
     "vite": "^7.0.0",
     "vitest": "^3.2.4",
diff --git a/docs/openapi.yaml b/docs/openapi.yaml
index 9ee1895..46771ab 100644
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@@ -7,9 +7,15 @@ info:
     A2UI surface to this service, prints a short URL, and reads the user's
     interactions back via this API.
 
-    Spec contents are opaque to the service. V0 assumes A2UI v0.9 — there
-    is no `format` tag on the wire. See https://github.com/blockful/pagent
-    for the source.
+    Spec contents are opaque to the service. The `format` field on `POST /new`
+    selects how the spec is interpreted:
+    - `a2ui` (default) — `spec` is an A2UI v0.9 message array. Pages take user
+      input and produce a result.
+    - `html` — `spec` is a UTF-8 HTML string (up to 1,000,000 bytes).
+      Pages are view-only: they never transition past `open`, and
+      `POST /{id}/result` returns 400 `invalid_for_format`.
+
+    See https://github.com/blockful/pagent for the source.
 
     ## Page lifecycle
 
@@ -175,15 +181,23 @@ paths:
       tags: [Pages]
       summary: Create a new page
       description: |
-        Creates a new page from an A2UI spec and returns a short URL to share
+        Creates a new page from a spec and returns a short URL to share
         with the user. The page starts in state `open`.
 
-        The `spec` field is opaque — the service stores it verbatim and serves
-        it back to the renderer. No validation is performed on its contents.
+        The `format` field (default `a2ui`) selects the spec shape:
+        - `a2ui` — `spec` is an A2UI v0.9 message array. The service stores
+          and serves it back verbatim. Pages collect user input and produce a
+          result.
+        - `html` — `spec` is a UTF-8 HTML string (up to 1,000,000 bytes). The
+          service sanitises it with DOMPurify before storage. Pages are
+          view-only: they never transition past `open`, and
+          `POST /{id}/result` returns 400 `invalid_for_format`.
 
         **What to do next:** print the returned `url` in the terminal (or chat)
-        so the user can open it in a browser. Then poll `GET /{id}/result`
-        until `state` is no longer `open`.
+        so the user can open it in a browser. For A2UI pages, poll
+        `GET /{id}/result` until `state` is no longer `open`. For HTML pages,
+        there is nothing to poll for — once the user opens the URL, you are
+        done.
 
         Rate-limited to 30 requests per minute per source IP.
       requestBody:
@@ -363,7 +377,10 @@ paths:
         '400':
           description: |
             Request body is malformed or missing required fields (`name`,
-            `surfaceId`). Fix the request before retrying.
+            `surfaceId`); error `bad_request`. Or the target page is HTML
+            (view-only and cannot accept a result); error `invalid_for_format`.
+            Fix the request — or, for `invalid_for_format`, stop trying to
+            submit to this page — before retrying.
           headers:
             X-Request-ID:
               $ref: '#/components/headers/XRequestId'
@@ -496,8 +513,20 @@ components:
 
     Spec:
       description: >
-        Opaque A2UI v0.9 message array. The service stores and returns this
-        verbatim without parsing or validating its structure.
+        Page contents. Shape depends on the request's `format` field:
+        `a2ui` (default) — an array of A2UI v0.9 messages; the service stores
+        and returns this verbatim without parsing the structure.
+        `html` — a UTF-8 HTML string up to 1,000,000 bytes; the service runs
+        DOMPurify on the string at create time and stores the sanitised
+        result.
+      oneOf:
+        - type: array
+          description: A2UI v0.9 message array (when format is `a2ui`).
+          items:
+            type: object
+            additionalProperties: true
+        - type: string
+          description: HTML body, up to 1,000,000 bytes (when format is `html`).
       example:
         - createSurface:
             surfaceId: main
@@ -506,12 +535,28 @@ components:
             surfaceId: main
             components: []
 
+    PageFormat:
+      type: string
+      enum: [a2ui, html]
+      description: |
+        Spec format. `a2ui` (default) — `spec` is an A2UI v0.9 message array.
+        `html` — `spec` is a UTF-8 HTML string up to 1,000,000 bytes; the
+        page becomes view-only and never produces a result.
+
     NewPageRequest:
       type: object
       required: [spec]
       properties:
         spec:
           $ref: '#/components/schemas/Spec'
+        format:
+          type: string
+          enum: [a2ui, html]
+          default: a2ui
+          description: |
+            Spec format. `a2ui` (default) — `spec` is an A2UI v0.9 message array.
+            `html` — `spec` is a UTF-8 HTML string up to 1,000,000 bytes; the
+            page becomes view-only and never produces a result.
 
     NewPageResponse:
       type: object
@@ -537,13 +582,16 @@ components:
       properties:
         spec:
           $ref: '#/components/schemas/Spec'
+        format:
+          $ref: '#/components/schemas/PageFormat'
         state:
           $ref: '#/components/schemas/PageState'
         result:
           type: object
           nullable: true
           description: >
-            The submitted A2UI action, or null if the page is still open.
+            The submitted A2UI action, or null if the page is still open or
+            if the page is an HTML page (HTML pages never produce a result).
             Shape mirrors `ResultRequest`.
         expires_at:
           type: integer
@@ -590,11 +638,14 @@ components:
       properties:
         state:
           $ref: '#/components/schemas/PageState'
+        format:
+          $ref: '#/components/schemas/PageFormat'
         result:
           type: object
           nullable: true
           description: >
             The submitted A2UI action, or null if the page is still `open`.
+            HTML pages always return null here — they never produce a result.
 
     SubmitOk:
       type: object
@@ -636,7 +687,11 @@ components:
       properties:
         error:
           type: string
-          enum: [bad_request]
+          enum: [bad_request, invalid_for_format]
+          description: |
+            `bad_request` — body is malformed or fails schema validation.
+            `invalid_for_format` — operation is not supported for this page's
+            format (e.g. POSTing a result to an HTML page).
         message:
           type: string
           description: Human-readable description of why the request was rejected.
diff --git a/package-lock.json b/package-lock.json
index 3870e96..8e1aa57 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -140,6 +140,7 @@
         "signal-utils": "^0.21.1"
       },
       "devDependencies": {
+        "happy-dom": "^20.9.0",
         "typescript": "^5.6.0",
         "vite": "^7.0.0",
         "vitest": "^3.2.4",
@@ -3776,6 +3777,23 @@
       "integrity": "sha512-ScaPdn1dQczgbl0QFTeTOmVHFULt394XJgOQNoyVhZ6r2vLnMLJfBPd53SB52T/3G36VI1/g2MZaX0cwDuXsfw==",
       "license": "MIT"
     },
+    "node_modules/@types/whatwg-mimetype": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/@types/whatwg-mimetype/-/whatwg-mimetype-3.0.2.tgz",
+      "integrity": "sha512-c2AKvDT8ToxLIOUlN51gTiHXflsfIFisS4pO7pDPoKouJCESkhZnEy623gwP9laCy5lnLDAw1vAzu2vM2YLOrA==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/@types/ws": {
+      "version": "8.18.1",
+      "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
+      "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": "*"
+      }
+    },
     "node_modules/@typescript-eslint/eslint-plugin": {
       "version": "8.59.2",
       "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.2.tgz",
@@ -6807,6 +6825,47 @@
         "node": "*"
       }
     },
+    "node_modules/happy-dom": {
+      "version": "20.9.0",
+      "resolved": "https://registry.npmjs.org/happy-dom/-/happy-dom-20.9.0.tgz",
+      "integrity": "sha512-GZZ9mKe8r646NUAf/zemnGbjYh4Bt8/MqASJY+pSm5ZDtc3YQox+4gsLI7yi1hba6o+eCsGxpHn5+iEVn31/FQ==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "@types/node": ">=20.0.0",
+        "@types/whatwg-mimetype": "^3.0.2",
+        "@types/ws": "^8.18.1",
+        "entities": "^7.0.1",
+        "whatwg-mimetype": "^3.0.0",
+        "ws": "^8.18.3"
+      },
+      "engines": {
+        "node": ">=20.0.0"
+      }
+    },
+    "node_modules/happy-dom/node_modules/entities": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/happy-dom/node_modules/whatwg-mimetype": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
+      "integrity": "sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      }
+    },
     "node_modules/hard-rejection": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz",
diff --git a/skills/pagent/SKILL.md b/skills/pagent/SKILL.md
index 2d7d0f3..71606de 100644
--- a/skills/pagent/SKILL.md
+++ b/skills/pagent/SKILL.md
@@ -1,11 +1,21 @@
 ---
 name: pagent
-description: Render an interactive browser UI — forms, pickers, multi-select, confirmations/approvals, dashboards, wizards, surveys. This skill should be used when the user asks to "show a form", "ask me via UI", "let me pick", "confirm before you", "give me a dashboard", or wants any prompt that needs typed input, structured choices, sliders, checkboxes, or multi-step flows. Prefer this over markdown tables or yes/no chat questions whenever real input widgets would be clearer.
+description: Render UI in the user's browser. Two tools — show_ui for asking the user a question that needs a structured answer back (forms, pickers, confirmations, dashboards-as-input, multi-step wizards), and show_html for showing a rich visualization the user just looks at (reports, dashboards, charts, infographics, comparison tables, slides). Trigger on "show me", "ask me", "let me pick", "confirm before you", "give me a dashboard", "render a chart", "show a report" — anything that beats plain text in chat. Rule: if anything has to come back from the user, show_ui. If the user just looks, show_html.
 ---
 
 # Showing UI to your user
 
-## When to use this skill
+## Picking a tool
+
+Two tools, one rule: **`show_html` to show; `show_ui` to ask.**
+
+If anything has to come back from the user — a value, a selection, a click — use `show_ui`. If the user just looks at it — a report, a chart, a dashboard, a comparison — use `show_html`. When in doubt, ask yourself: "Do I need to read the user's response?" Yes → `show_ui`. No → `show_html`.
+
+Multi-step flows work the same way: each step is a separate page. Show a dashboard with `show_html`, then ask "what next?" with `show_ui`. Don't try to bundle visualization and input into one page.
+
+Only A2UI pages (created by `show_ui`) have a result. HTML pages (`show_html`) never transition out of `open` — do not poll `check_result` on them.
+
+## When to use show_ui
 
 Reach for `show_ui` whenever a real input widget would beat asking the user to type freeform answers in chat. Examples that should trigger it:
 
@@ -20,13 +30,13 @@ Indirect cues count too: "let me choose", "let me approve", "show me", "give me
 
 Examples where this skill should NOT trigger — keep these as plain text/markdown:
 
-- "Show me a markdown table of these results." (rendering, not input)
+- "Show me a markdown table of these results." (rendering, not input — use `show_html` if it deserves a real layout)
 - "Summarize the diff." (no user input expected)
 - "What's the capital of France?" (one-shot factual, no choice to make)
 
 Rule of thumb: if the next message you'd send the user contains a question they need to answer, prefer `show_ui` over asking in chat — unless the answer is one short sentence.
 
-## How it works
+## How show_ui works
 
 You don't have a screen, but your user does. Call `show_ui(spec)` with an A2UI v0.9 surface and the tool returns `{ page_id, url }`. **Print the URL** so the user can open it. Then call `check_result(page_id)` — it returns immediately with `{ state, result }`. If `state === "open"`, the user hasn't responded yet: wait a few seconds (or do other useful work) and call `check_result` again. When `state === "submitted"`, `result` carries the user's input as an A2UI client-action: `{ name, surfaceId, sourceComponentId, context, timestamp }`. The renderer detects that you've fetched the result (state flips to `"received"` on your first read) and shows "the agent has your input" feedback to the user. Each page is **single-shot**: one spec, one result. For a follow-up question, call `show_ui` again with a fresh spec — there is no surface-replace mechanism.
 
@@ -85,7 +95,7 @@ Call pattern:
 
 That first read flips the page to `received`; the renderer picks that up and tells the user the agent has their input.
 
-## Polling cadence
+## Polling cadence (show_ui only)
 
 Polling is your call — the service does no waiting on your behalf — so
 spend that latitude wisely. A reasonable shape:
@@ -113,6 +123,60 @@ When `check_result` returns `state: "received"`, the user previously
 submitted AND you've already read the result on a prior poll. Treat
 this as "already handled" — usually means a duplicate poll snuck in.
 
+Reminder: do **not** poll `check_result` on pages created with `show_html`
+— HTML pages stay `open` forever and have no result.
+
+## When to use show_html
+
+Reach for `show_html` whenever you want to show the user something rich and visual that text in chat can't do justice to:
+
+- "Show me a styled dashboard of the test results."
+- "Render the last quarter's metrics as an infographic."
+- "Build me a side-by-side comparison table of these three options, with logos."
+- "Give me a one-page report on the open issues, grouped by severity."
+- "Mock up a landing page for this idea."
+- "Show me a chart of the response times."
+
+Indirect cues: "show me", "render", "make me a", "design a", "lay this out as".
+
+NOT for input: if the next message you'd send the user contains a question they need to answer, use `show_ui` instead.
+
+## How show_html works
+
+Call `show_html(html)` with a single string containing the page body. The string can be a full document (`<!doctype html>…`) or a fragment (`<div>…</div>`) — the renderer wraps it in a sandboxed scaffold either way. The tool returns `{ page_id, url }`. **Print the URL** so the user can open it. Do NOT poll `check_result` on this page — HTML is one-way.
+
+Rules (enforced — violations are stripped or rejected server-side):
+
+- **No JavaScript.** `<script>` tags are stripped. `onclick=`, `onload=`, all `on*=` event handlers are stripped. `javascript:` URLs are stripped.
+- **No external assets.** Inline all CSS as `<style>`. Embed images as `data:image/...;base64,...` URIs. No Google Fonts, no CDN scripts, no remote `<img src=https:>`.
+- **No forms.** `<form action=…>` submissions are blocked by CSP. Use `show_ui` if you need input.
+- **No `<iframe>`, `<meta http-equiv=refresh>`, `<object>`, `<embed>`.** Stripped.
+- **1 MB payload cap.** Watch data-URI sizes.
+
+The result: a maximally locked-down sandboxed iframe runs your HTML inside the user's browser. The user views it. Nothing comes back.
+
+## Worked example: a styled report
+
+```python
+html = """
+<style>
+  body { font-family: -apple-system, sans-serif; padding: 32px; max-width: 720px; margin: 0 auto; color: #1b1b1b; }
+  h1 { color: #5154b3; }
+  .stat { display: inline-block; padding: 16px; margin-right: 12px; background: #f5f5f7; border-radius: 8px; }
+  .stat-value { font-size: 32px; font-weight: 700; }
+  .stat-label { font-size: 12px; color: #777; text-transform: uppercase; }
+</style>
+<h1>Q3 Engineering Report</h1>
+<div class="stat"><div class="stat-value">142</div><div class="stat-label">PRs merged</div></div>
+<div class="stat"><div class="stat-value">11</div><div class="stat-label">Bugs closed</div></div>
+<div class="stat"><div class="stat-value">3</div><div class="stat-label">Outages</div></div>
+<p>The team shipped 142 pull requests this quarter…</p>
+"""
+show_html(html)
+```
+
+Print the returned URL. Move on — no polling.
+
 ## Setup expectation
 
 These tools talk to the hosted `pagent` REST service at `https://pagent.up.railway.app` by default. Set the `PAGENT_URL` env var to point at a self-hosted instance (e.g. `http://localhost:8787` if you're running the repo locally).

From ecd0dcb6f95a354863403fda484b1c0b37ad4330 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 15:06:38 -0700
Subject: [PATCH 08/11] chore: prettier-ignore design plan/spec docs

Plan and spec markdown files contain TypeScript pseudo-code blocks
that prettier mis-parses into semantically-broken output (e.g.
`{ a: 'x' | 'y', b }` parses as a comma expression). The docs were
author-formatted and committed as such in 7a5c0c5 and a7cb4c7.
Add docs/superpowers/{plans,specs}/ to .prettierignore so the
format:check gate stays green without rewriting the docs.
---
 .prettierignore | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.prettierignore b/.prettierignore
index 88af386..67a4f0f 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -5,3 +5,8 @@ apps/web/vendor/
 apps/mcp/server.bundle.js
 apps/web/.vercel/
 package-lock.json
+# Plan/spec documents contain embedded TypeScript pseudo-code that prettier
+# mis-parses into semantically-broken output (e.g. `{ a: 'x' | 'y', b }` is
+# parsed as a comma expression). Keep them author-formatted.
+docs/superpowers/plans/
+docs/superpowers/specs/

From 439c8a5cca0fcdecfb6b400c2a16d2965e070950 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 15:13:52 -0700
Subject: [PATCH 09/11] fix(web): address Phase 3 code review (banner role,
 viewport flex, base attr)

---
 apps/web/html-renderer.test.ts |  2 +-
 apps/web/html-renderer.ts      |  4 ++--
 apps/web/main.ts               | 36 ++++++++++++++++++++++------------
 3 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/apps/web/html-renderer.test.ts b/apps/web/html-renderer.test.ts
index ef5c2f8..70dc94b 100644
--- a/apps/web/html-renderer.test.ts
+++ b/apps/web/html-renderer.test.ts
@@ -26,7 +26,7 @@ describe('buildScaffoldedHtml', () => {
 
   it('injects the agent body inside <body>', () => {
     const out = buildScaffoldedHtml('<p class="x">hello</p>');
-    expect(out).toMatch(/<body><p class="x">hello<\/p><\/body>/);
+    expect(out).toMatch(/<body>\s*<p class="x">hello<\/p>\s*<\/body>/);
   });
 
   it('does not interpret the agent body as a template (no double-encoding)', () => {
diff --git a/apps/web/html-renderer.ts b/apps/web/html-renderer.ts
index c22d247..d3674e5 100644
--- a/apps/web/html-renderer.ts
+++ b/apps/web/html-renderer.ts
@@ -27,7 +27,7 @@ export function buildScaffoldedHtml(sanitizedHtml: string): string {
 <meta http-equiv="Content-Security-Policy" content="${buildIframeCsp()}">
 <meta name="robots" content="noindex,nofollow,noarchive">
 <meta name="referrer" content="no-referrer">
-<base target="_blank" rel="noopener noreferrer nofollow ugc">
+<base target="_blank">
 <meta name="viewport" content="width=device-width,initial-scale=1">
 </head>
 <body>${sanitizedHtml}</body>
@@ -51,6 +51,6 @@ export function createSandboxedIframe(sanitizedHtml: string): HTMLIFrameElement
   iframe.setAttribute('loading', 'lazy');
   iframe.title = 'Agent-generated content';
   iframe.srcdoc = buildScaffoldedHtml(sanitizedHtml);
-  iframe.style.cssText = 'width:100%;height:100vh;border:0;display:block';
+  iframe.style.cssText = 'flex:1 1 auto;width:100%;border:0;display:block;min-height:0';
   return iframe;
 }
diff --git a/apps/web/main.ts b/apps/web/main.ts
index 631bfe9..14c81fc 100644
--- a/apps/web/main.ts
+++ b/apps/web/main.ts
@@ -33,6 +33,10 @@ const POLL_MAX_MS = 30_000;
 const POLL_BACKOFF_FACTOR = 2;
 const POLL_TIMEOUT_MS = 60_000;
 
+// TODO: make REPORT_EMAIL configurable via VITE_REPORT_EMAIL once self-hosters need it.
+// Until then, abuse reports for pagent.vercel.app route to the project maintainer.
+const REPORT_EMAIL = 'alex@blockful.io';
+
 class AgentUIApp extends SignalWatcher(LitElement) {
   static properties = {
     status: { state: true },
@@ -173,6 +177,12 @@ class AgentUIApp extends SignalWatcher(LitElement) {
     .html-chrome-report:hover {
       color: var(--fg, #1b1b1b);
     }
+    .html-stack {
+      display: flex;
+      flex-direction: column;
+      height: 100vh;
+      min-height: 0;
+    }
   `;
 
   declare status: 'connecting' | 'live' | 'closed' | 'error';
@@ -425,18 +435,20 @@ class AgentUIApp extends SignalWatcher(LitElement) {
       </div>`;
     }
     return html`
-      <header class="html-chrome" role="contentinfo">
-        <span class="html-chrome-label">AI-generated content</span>
-        <a
-          class="html-chrome-report"
-          href=${`mailto:alex@blockful.io?subject=${encodeURIComponent(`Abuse report for page ${pageId}`)}&body=${encodeURIComponent(`Page id: ${pageId}\nDescribe the abuse:\n\n`)}`}
-          target="_blank"
-          rel="noopener noreferrer"
-        >
-          Report
-        </a>
-      </header>
-      ${this.htmlIframe()}
+      <div class="html-stack">
+        <header class="html-chrome" role="banner">
+          <span class="html-chrome-label">AI-generated content</span>
+          <a
+            class="html-chrome-report"
+            href=${`mailto:${REPORT_EMAIL}?subject=${encodeURIComponent(`Abuse report for page ${pageId}`)}&body=${encodeURIComponent(`Page id: ${pageId}\nDescribe the abuse:\n\n`)}`}
+            target="_blank"
+            rel="noopener noreferrer"
+          >
+            Report
+          </a>
+        </header>
+        ${this.htmlIframe()}
+      </div>
     `;
   }
 

From e2a3170cf5d977b241b6a6fdb6c5ca561cb4159f Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 15:20:18 -0700
Subject: [PATCH 10/11] docs: fix OpenAPI error schemas for HTML format
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Final-review feedback caught three OpenAPI drifts:
- Error400.enum was missing `sanitized_empty` (returned by POST /new on
  HTML payloads stripped to empty by the sanitizer); added it plus a
  `format` field that surfaces on both `invalid_for_format` and
  `sanitized_empty` rejections.
- Error413 still referenced the old 262 144-byte cap and lacked the
  `format` field that the API includes on every 413 response; updated
  to A2UI 256 000 / HTML 1 000 000 and added the `format` discriminator.
- The 413 response description on POST /new restated the same caps with
  guidance on which one triggered.

No behavior change — these match what the API already does in
apps/api/app.ts (250-253, 224-232).
---
 docs/openapi.yaml | 36 ++++++++++++++++++++++++++++--------
 1 file changed, 28 insertions(+), 8 deletions(-)

diff --git a/docs/openapi.yaml b/docs/openapi.yaml
index 46771ab..672bd94 100644
--- a/docs/openapi.yaml
+++ b/docs/openapi.yaml
@@ -237,9 +237,10 @@ paths:
                 $ref: '#/components/schemas/Error400'
         '413':
           description: |
-            Request body exceeds the service limit. Reduce the spec size.
-            The service caps the body at `max_bytes` bytes (currently 262 144).
-            Simplify or paginate your spec and retry.
+            Request body exceeds the service limit. A2UI specs cap at
+            256 000 bytes (post-parse); HTML payloads cap at 1 000 000 bytes
+            (wire body limit). The response's `format` field tells you which
+            cap fired so you can size the next submission appropriately.
           headers:
             X-Request-ID:
               $ref: '#/components/headers/XRequestId'
@@ -249,7 +250,9 @@ paths:
                 $ref: '#/components/schemas/Error413'
               example:
                 error: payload_too_large
-                max_bytes: 262144
+                format: a2ui
+                max_bytes: 256000
+                message: A2UI spec exceeds the 256 KB limit; use format "html" for larger payloads only when appropriate
         '429':
           description: |
             Per-IP rate limit exceeded. Wait `retry_after_seconds` seconds
@@ -687,11 +690,21 @@ components:
       properties:
         error:
           type: string
-          enum: [bad_request, invalid_for_format]
+          enum: [bad_request, invalid_for_format, sanitized_empty]
           description: |
             `bad_request` — body is malformed or fails schema validation.
             `invalid_for_format` — operation is not supported for this page's
             format (e.g. POSTing a result to an HTML page).
+            `sanitized_empty` — `POST /new` with `format: "html"` whose payload
+            was reduced to empty by the sanitizer (only forbidden tags like
+            `<script>` or `<iframe>` were supplied). Re-author the HTML with
+            safe markup and inline styles.
+        format:
+          type: string
+          enum: [a2ui, html]
+          description: |
+            Present on `invalid_for_format` and `sanitized_empty` errors —
+            identifies which format triggered the rejection.
         message:
           type: string
           description: Human-readable description of why the request was rejected.
@@ -734,14 +747,21 @@ components:
         error:
           type: string
           enum: [payload_too_large]
+        format:
+          type: string
+          enum: [a2ui, html]
+          description: |
+            The format whose size cap was exceeded. `a2ui` caps at 256 000 bytes
+            (enforced post-parse). `html` caps at 1 000 000 bytes (enforced by
+            the body-limit middleware before parse).
         max_bytes:
           type: integer
-          description: Maximum allowed body size in bytes.
-          example: 262144
+          description: Maximum allowed body size in bytes for this format.
+          example: 256000
         message:
           type: string
           description: Human-readable description of the size limit.
-          example: Request body exceeds the 262144-byte limit
+          example: A2UI spec exceeds the 256 KB limit; use format "html" for larger payloads only when appropriate
 
     Error429:
       type: object

From a91cf45f04d6e371a0df867b3565b60605323740 Mon Sep 17 00:00:00 2001
From: "Alexandro T. Netto" <alex.t.netto@gmail.com>
Date: Fri, 15 May 2026 15:38:33 -0700
Subject: [PATCH 11/11] chore: pin protobufjs >=8.2.0 to clear
 GHSA-66ff-xgx4-vchm
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

CI started failing on `npm audit --audit-level=high` between the last
main CI run (2026-05-11) and this PR's CI (2026-05-15). 17 high-sev
advisories all traced back to protobufjs@8.0.1 via the @opentelemetry/*
chain (GHSA-66ff-xgx4-vchm "code injection via bytes field defaults in
generated toObject code", affected range >=8.0.0 <=8.0.1).

Fix: add a root-package `overrides` entry forcing every transitive
protobufjs resolution to ^8.2.0. After regenerating the lockfile, npm
consolidates the duplicate copies (one was 8.0.1, one was 7.5.7) onto
protobufjs@8.3.0 and the audit drops from 23 vulns (17 high) to 6
(0 high; 4 low + 2 moderate, all transitive through tmp/jsdom and
wireit's brace-expansion — no available fix, sub-high-sev gate).

Orthogonal to the HTML format feature this PR ships; folded in here
because it blocks the same CI gate.
---
 package-lock.json | 2509 +++++++++++++++++++++++----------------------
 package.json      |    3 +
 2 files changed, 1269 insertions(+), 1243 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8e1aa57..b7707d6 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -30,58 +30,6 @@
         "node": ">=22"
       }
     },
-    "../a2ui/renderers/lit": {
-      "name": "@a2ui/lit",
-      "version": "0.9.3",
-      "extraneous": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@a2ui/web_core": "file:../web_core",
-        "@lit-labs/signals": "^0.1.3",
-        "@lit/context": "^1.1.4",
-        "lit": "^3.3.1",
-        "signal-utils": "^0.21.1",
-        "zod": "^3.25.76"
-      },
-      "devDependencies": {
-        "@types/jsdom": "^28.0.1",
-        "@types/node": "^24.10.1",
-        "google-artifactregistry-auth": "^3.5.0",
-        "jsdom": "^25.0.0",
-        "typescript": "^5.8.3",
-        "wireit": "^0.15.0-pre.2"
-      },
-      "peerDependencies": {
-        "@a2ui/markdown-it": "file:../markdown/markdown-it"
-      },
-      "peerDependenciesMeta": {
-        "@a2ui/markdown-it": {
-          "optional": true
-        }
-      }
-    },
-    "../a2ui/renderers/web_core": {
-      "name": "@a2ui/web_core",
-      "version": "0.9.2",
-      "extraneous": true,
-      "license": "Apache-2.0",
-      "dependencies": {
-        "@preact/signals-core": "^1.13.0",
-        "date-fns": "^4.1.0",
-        "zod": "^3.25.76",
-        "zod-to-json-schema": "^3.25.1"
-      },
-      "devDependencies": {
-        "@angular/core": "^21.2.5",
-        "@types/node": "^24.11.0",
-        "c8": "^11.0.0",
-        "google-artifactregistry-auth": "^3.5.0",
-        "gts": "^7.0.0",
-        "rxjs": "^7.8.2",
-        "typescript": "^5.9.3",
-        "wireit": "^0.15.0-pre.2"
-      }
-    },
     "apps/api": {
       "name": "@pagent/api",
       "version": "0.0.1",
@@ -117,6 +65,20 @@
         "node": ">=22"
       }
     },
+    "apps/api/node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
     "apps/mcp": {
       "name": "@pagent/mcp",
       "version": "0.0.1",
@@ -154,6 +116,71 @@
       "resolved": "apps/web/vendor/a2ui-web-core",
       "link": true
     },
+    "apps/web/node_modules/jsdom": {
+      "version": "25.0.1",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-25.0.1.tgz",
+      "integrity": "sha512-8i7LzZj7BF8uplX+ZyOlIz86V6TAsSs+np6m1kpW9u0JWi4z/1t+FzcK1aek+ybTnAC4KhBL4uXCNT0wcUIeCw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "cssstyle": "^4.1.0",
+        "data-urls": "^5.0.0",
+        "decimal.js": "^10.4.3",
+        "form-data": "^4.0.0",
+        "html-encoding-sniffer": "^4.0.0",
+        "http-proxy-agent": "^7.0.2",
+        "https-proxy-agent": "^7.0.5",
+        "is-potential-custom-element-name": "^1.0.1",
+        "nwsapi": "^2.2.12",
+        "parse5": "^7.1.2",
+        "rrweb-cssom": "^0.7.1",
+        "saxes": "^6.0.0",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^5.0.0",
+        "w3c-xmlserializer": "^5.0.0",
+        "webidl-conversions": "^7.0.0",
+        "whatwg-encoding": "^3.1.1",
+        "whatwg-mimetype": "^4.0.0",
+        "whatwg-url": "^14.0.0",
+        "ws": "^8.18.0",
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      },
+      "peerDependencies": {
+        "canvas": "^2.11.2"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
+    "apps/web/node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "apps/web/node_modules/whatwg-mimetype": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz",
+      "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "apps/web/vendor/a2ui-lit": {
       "name": "@a2ui/lit",
       "version": "0.9.3",
@@ -234,9 +261,9 @@
       }
     },
     "node_modules/@angular/core": {
-      "version": "21.2.12",
-      "resolved": "https://registry.npmjs.org/@angular/core/-/core-21.2.12.tgz",
-      "integrity": "sha512-wcD6tzE30nwg58KmAU19347Jf/1F/vFg2CEd9Qcu5cA1Z4s3umzvaqs/7988ne4HaS4iJEpvTbRvGss7EYZEfA==",
+      "version": "21.2.13",
+      "resolved": "https://registry.npmjs.org/@angular/core/-/core-21.2.13.tgz",
+      "integrity": "sha512-23tS4oNL8nvkHcI4l9rbruQs2WS4yqQmBVQxWakqS9cmRpArLGgveR+hKNU5tPXm5EAi8oLO34/Zy7z70jUpCg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -246,7 +273,7 @@
         "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
       },
       "peerDependencies": {
-        "@angular/compiler": "21.2.12",
+        "@angular/compiler": "21.2.13",
         "rxjs": "^6.5.3 || ^7.4.0",
         "zone.js": "~0.15.0 || ~0.16.0"
       },
@@ -325,6 +352,13 @@
         "node": ">=6.9.0"
       }
     },
+    "node_modules/@babel/code-frame/node_modules/js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/@babel/helper-string-parser": {
       "version": "7.27.1",
       "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
@@ -997,6 +1031,19 @@
         "eslint": "^6.0.0 || ^7.0.0 || >=8.0.0"
       }
     },
+    "node_modules/@eslint-community/eslint-utils/node_modules/eslint-visitor-keys": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
+      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "engines": {
+        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+      },
+      "funding": {
+        "url": "https://opencollective.com/eslint"
+      }
+    },
     "node_modules/@eslint-community/regexpp": {
       "version": "4.12.2",
       "resolved": "https://registry.npmjs.org/@eslint-community/regexpp/-/regexpp-4.12.2.tgz",
@@ -1023,9 +1070,9 @@
       }
     },
     "node_modules/@eslint/config-helpers": {
-      "version": "0.5.5",
-      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.5.5.tgz",
-      "integrity": "sha512-eIJYKTCECbP/nsKaaruF6LW967mtbQbsw4JTtSVkUQc9MneSkbrgPJAbKl9nWr0ZeowV8BfsarBmPpBzGelA2w==",
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/@eslint/config-helpers/-/config-helpers-0.6.0.tgz",
+      "integrity": "sha512-ii6Bw9jJ2zi2cWA2Z+9/QZ/+3DX6kwaV5Q986D/CdP3Lap3w/pgQZ373FV7byY/i7L4IRH/G43I5dz1ClsCbpA==",
       "dev": true,
       "license": "Apache-2.0",
       "dependencies": {
@@ -1138,16 +1185,6 @@
         "url": "https://opencollective.com/eslint"
       }
     },
-    "node_modules/@eslint/eslintrc/node_modules/ignore": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
-      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/@eslint/eslintrc/node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
@@ -1168,6 +1205,19 @@
         "node": "*"
       }
     },
+    "node_modules/@eslint/eslintrc/node_modules/strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/@eslint/js": {
       "version": "10.0.1",
       "resolved": "https://registry.npmjs.org/@eslint/js/-/js-10.0.1.tgz",
@@ -1261,30 +1311,6 @@
         "node": ">=6"
       }
     },
-    "node_modules/@grpc/proto-loader/node_modules/protobufjs": {
-      "version": "7.5.7",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-7.5.7.tgz",
-      "integrity": "sha512-NGnrxS/nLKUo5nkbVQxlC71sB4hdfImdYIbFeSCidxtwATx0AHRPcANSLd0q5Bb2BkoSWo2iisQhGg5/r+ihbA==",
-      "hasInstallScript": true,
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "@protobufjs/aspromise": "^1.1.2",
-        "@protobufjs/base64": "^1.1.2",
-        "@protobufjs/codegen": "^2.0.5",
-        "@protobufjs/eventemitter": "^1.1.0",
-        "@protobufjs/fetch": "^1.1.0",
-        "@protobufjs/float": "^1.0.2",
-        "@protobufjs/inquire": "^1.1.1",
-        "@protobufjs/path": "^1.1.2",
-        "@protobufjs/pool": "^1.1.0",
-        "@protobufjs/utf8": "^1.1.1",
-        "@types/node": ">=13.7.0",
-        "long": "^5.0.0"
-      },
-      "engines": {
-        "node": ">=12.0.0"
-      }
-    },
     "node_modules/@hono/node-server": {
       "version": "1.19.14",
       "resolved": "https://registry.npmjs.org/@hono/node-server/-/node-server-1.19.14.tgz",
@@ -1394,19 +1420,6 @@
         "url": "https://github.com/chalk/ansi-regex?sponsor=1"
       }
     },
-    "node_modules/@isaacs/cliui/node_modules/ansi-styles": {
-      "version": "6.2.3",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
-      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
-      }
-    },
     "node_modules/@isaacs/cliui/node_modules/emoji-regex": {
       "version": "9.2.2",
       "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
@@ -1448,24 +1461,6 @@
         "url": "https://github.com/chalk/strip-ansi?sponsor=1"
       }
     },
-    "node_modules/@isaacs/cliui/node_modules/wrap-ansi": {
-      "version": "8.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
-      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "ansi-styles": "^6.1.0",
-        "string-width": "^5.0.1",
-        "strip-ansi": "^7.0.1"
-      },
-      "engines": {
-        "node": ">=12"
-      },
-      "funding": {
-        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
-      }
-    },
     "node_modules/@istanbuljs/schema": {
       "version": "0.1.6",
       "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.6.tgz",
@@ -1536,9 +1531,9 @@
       }
     },
     "node_modules/@lit-labs/ssr-dom-shim": {
-      "version": "1.5.1",
-      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.5.1.tgz",
-      "integrity": "sha512-Aou5UdlSpr5whQe8AA/bZG0jMj96CoJIWbGfZ91qieWu5AWUMKw8VR/pAkQkJYvBNhmCcWnZlyyk5oze8JIqYA==",
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@lit-labs/ssr-dom-shim/-/ssr-dom-shim-1.6.0.tgz",
+      "integrity": "sha512-VHb0ALPMTlgKjM6yIxxoQNnpKyUKLD04VzeQdsiXkMqkvYlAHxq9glGLmgbb889/1GsohSOAjvQYoiBppXFqrQ==",
       "license": "BSD-3-Clause"
     },
     "node_modules/@lit/context": {
@@ -2752,9 +2747,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-alibaba-cloud": {
-      "version": "0.33.7",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.33.7.tgz",
-      "integrity": "sha512-rLTLRDg2uehLfrhxmSWRYJMRFRVxmsUAbV/Qhw4PWD2LvW/XMRW5sfGzU3ZFyOXND/1HkYqGv3vtl5z009uhFQ==",
+      "version": "0.33.8",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-alibaba-cloud/-/resource-detector-alibaba-cloud-0.33.8.tgz",
+      "integrity": "sha512-RnSB/uxkElny0/WBFEtIG2HRG0cpSNTRdE+YSB7Poa+uljK+ddCacEZYz/PMgZh+cs586XstJQxdyjz0jtcAug==",
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^2.0.0",
@@ -2768,9 +2763,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-aws": {
-      "version": "2.17.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-2.17.0.tgz",
-      "integrity": "sha512-IpeUtIdKW5PQsO2Ylfvxqr5ZawoObKigzQtEbT96NxSs7gej8Fp4LQZuooGAGu5H+qAI8/wjCZWLlJk2FT1Uzg==",
+      "version": "2.18.0",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-aws/-/resource-detector-aws-2.18.0.tgz",
+      "integrity": "sha512-wyMM4UoRuHvI2KjqnTzvyW8Yv7MKRGA+I78Xti6gTEw7hBhqXU1SRo+f9KrsQfeeiOn+TkDuvxavuaAQbD3i6g==",
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^2.0.0",
@@ -2802,9 +2797,9 @@
       }
     },
     "node_modules/@opentelemetry/resource-detector-container": {
-      "version": "0.8.8",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.8.8.tgz",
-      "integrity": "sha512-8FG0la3ffB/bktmtGiKePmV9+yAQbj3LqdBHYoDkdq41X3kig/7MH0nN91J1Wn56fos8ifga/yiN3ZhDzXTnAA==",
+      "version": "0.8.9",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/resource-detector-container/-/resource-detector-container-0.8.9.tgz",
+      "integrity": "sha512-Xd2C4HjW9hl75iqZT7tQNy2yRBUqNucq2O9+e0FJRNkbiItInYVMzc0S0KDXcx/vZBwNmlrKS3R0uLCU9ULsGA==",
       "license": "Apache-2.0",
       "dependencies": {
         "@opentelemetry/core": "^2.0.0",
@@ -2834,61 +2829,6 @@
         "@opentelemetry/api": "^1.0.0"
       }
     },
-    "node_modules/@opentelemetry/resource-detector-gcp/node_modules/gaxios": {
-      "version": "7.1.4",
-      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-7.1.4.tgz",
-      "integrity": "sha512-bTIgTsM2bWn3XklZISBTQX7ZSddGW+IO3bMdGaemHZ3tbqExMENHLx6kKZ/KlejgrMtj8q7wBItt51yegqalrA==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "extend": "^3.0.2",
-        "https-proxy-agent": "^7.0.1",
-        "node-fetch": "^3.3.2"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@opentelemetry/resource-detector-gcp/node_modules/gcp-metadata": {
-      "version": "8.1.2",
-      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-8.1.2.tgz",
-      "integrity": "sha512-zV/5HKTfCeKWnxG0Dmrw51hEWFGfcF2xiXqcA3+J90WDuP0SvoiSO5ORvcBsifmx/FoIjgQN3oNOGaQ5PhLFkg==",
-      "license": "Apache-2.0",
-      "dependencies": {
-        "gaxios": "^7.0.0",
-        "google-logging-utils": "^1.0.0",
-        "json-bigint": "^1.0.0"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
-    "node_modules/@opentelemetry/resource-detector-gcp/node_modules/google-logging-utils": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-1.1.3.tgz",
-      "integrity": "sha512-eAmLkjDjAFCVXg7A1unxHsLf961m6y17QFqXqAXGj/gVkKFrEICfStRfwUlGNfeCEjNRa32JEWOUTlYXPyyKvA==",
-      "license": "Apache-2.0",
-      "engines": {
-        "node": ">=14"
-      }
-    },
-    "node_modules/@opentelemetry/resource-detector-gcp/node_modules/node-fetch": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz",
-      "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==",
-      "license": "MIT",
-      "dependencies": {
-        "data-uri-to-buffer": "^4.0.0",
-        "fetch-blob": "^3.1.4",
-        "formdata-polyfill": "^4.0.10"
-      },
-      "engines": {
-        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
-      },
-      "funding": {
-        "type": "opencollective",
-        "url": "https://opencollective.com/node-fetch"
-      }
-    },
     "node_modules/@opentelemetry/resources": {
       "version": "2.7.1",
       "resolved": "https://registry.npmjs.org/@opentelemetry/resources/-/resources-2.7.1.tgz",
@@ -3013,9 +2953,9 @@
       }
     },
     "node_modules/@opentelemetry/semantic-conventions": {
-      "version": "1.40.0",
-      "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.40.0.tgz",
-      "integrity": "sha512-cifvXDhcqMwwTlTK04GBNeIe7yyo28Mfby85QXFe1Yk8nmi36Ab/5UQwptOx84SsoGNRg+EVSjwzfSZMy6pmlw==",
+      "version": "1.41.1",
+      "resolved": "https://registry.npmjs.org/@opentelemetry/semantic-conventions/-/semantic-conventions-1.41.1.tgz",
+      "integrity": "sha512-/UhIkaZgPutTFmQ7RnIJGgDXZmtEJ7Dvi86xNTFWcnRxVRNk/aotsqDJYeEvDP+FSMB2SdW+pQzNMcWP0rwuNA==",
       "license": "Apache-2.0",
       "engines": {
         "node": ">=14"
@@ -3079,83 +3019,19 @@
       }
     },
     "node_modules/@preact/signals-core": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/@preact/signals-core/-/signals-core-1.14.1.tgz",
-      "integrity": "sha512-vxPpfXqrwUe9lpjqfYNjAF/0RF/eFGeLgdJzdmIIZjpOnTmGmAB4BjWone562mJGMRP4frU6iZ6ei3PDsu52Ng==",
+      "version": "1.14.2",
+      "resolved": "https://registry.npmjs.org/@preact/signals-core/-/signals-core-1.14.2.tgz",
+      "integrity": "sha512-RZHdBj9ZF4n40Rp4jS052EHHjBWf96P9oNdXPfhQTovCuWY9iQn3Gq+gOTJSgBO9A/JBuPfMOWsSX/lIU9Pc/A==",
       "license": "MIT",
       "funding": {
         "type": "opencollective",
         "url": "https://opencollective.com/preact"
       }
     },
-    "node_modules/@protobufjs/aspromise": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@protobufjs/aspromise/-/aspromise-1.1.2.tgz",
-      "integrity": "sha512-j+gKExEuLmKwvz3OgROXtrJ2UG2x8Ch2YZUxahh+s1F2HZ+wAceUNLkvy6zKCPVRkU++ZWQrdxsUeQXmcg4uoQ==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/base64": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@protobufjs/base64/-/base64-1.1.2.tgz",
-      "integrity": "sha512-AZkcAA5vnN/v4PDqKyMR5lx7hZttPDgClv83E//FMNhR2TMcLUhfRUBHCmSl0oi9zMgDDqRUJkSxO3wm85+XLg==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/codegen": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/@protobufjs/codegen/-/codegen-2.0.5.tgz",
-      "integrity": "sha512-zgXFLzW3Ap33e6d0Wlj4MGIm6Ce8O89n/apUaGNB/jx+hw+ruWEp7EwGUshdLKVRCxZW12fp9r40E1mQrf/34g==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/eventemitter": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@protobufjs/eventemitter/-/eventemitter-1.1.0.tgz",
-      "integrity": "sha512-j9ednRT81vYJ9OfVuXG6ERSTdEL1xVsNgqpkxMsbIabzSo3goCjDIveeGv5d03om39ML71RdmrGNjG5SReBP/Q==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/fetch": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@protobufjs/fetch/-/fetch-1.1.0.tgz",
-      "integrity": "sha512-lljVXpqXebpsijW71PZaCYeIcE5on1w5DlQy5WH6GLbFryLUrBD4932W/E2BSpfRJWseIL4v/KPgBFxDOIdKpQ==",
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "@protobufjs/aspromise": "^1.1.1",
-        "@protobufjs/inquire": "^1.1.0"
-      }
-    },
-    "node_modules/@protobufjs/float": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/@protobufjs/float/-/float-1.0.2.tgz",
-      "integrity": "sha512-Ddb+kVXlXst9d+R9PfTIxh1EdNkgoRe5tOX6t01f1lYWOvJnSPDBlG241QLzcyPdoNTsblLUdujGSE4RzrTZGQ==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/inquire": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@protobufjs/inquire/-/inquire-1.1.1.tgz",
-      "integrity": "sha512-mnzgDV26ueAvk7rsbt9L7bE0SuAoqyuys/sMMrmVcN5x9VsxpcG3rqAUSgDyLp0UZlmNfIbQ4fHfCtreVBk8Ew==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/path": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/@protobufjs/path/-/path-1.1.2.tgz",
-      "integrity": "sha512-6JOcJ5Tm08dOHAbdR3GrvP+yUUfkjG5ePsHYczMFLq3ZmMkAD98cDgcT2iA1lJ9NVwFd4tH/iSSoe44YWkltEA==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/pool": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/@protobufjs/pool/-/pool-1.1.0.tgz",
-      "integrity": "sha512-0kELaGSIDBKvcgS4zkjz1PeddatrjYcmMWOlAuAPwAeccUrPHdUqo/J6LiymHHEiJT5NrF1UVwxY14f+fy4WQw==",
-      "license": "BSD-3-Clause"
-    },
-    "node_modules/@protobufjs/utf8": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/@protobufjs/utf8/-/utf8-1.1.1.tgz",
-      "integrity": "sha512-oOAWABowe8EAbMyWKM0tYDKi8Yaox52D+HWZhAIJqQXbqe0xI/GV7FhLWqlEKreMkfDjshR5FKgi3mnle0h6Eg==",
-      "license": "BSD-3-Clause"
-    },
     "node_modules/@rollup/rollup-android-arm-eabi": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.3.tgz",
-      "integrity": "sha512-x35CNW/ANXG3hE/EZpRU8MXX1JDN86hBb2wMGAtltkz7pc6cxgjpy1OMMfDosOQ+2hWqIkag/fGok1Yady9nGw==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.60.4.tgz",
+      "integrity": "sha512-F5QXMSiFebS9hKZj02XhWLLnRpJ3B3AROP0tWbFBSj+6kCbg5m9j5JoHKd4mmSVy5mS/IMQloYgYxCuJC0fxEQ==",
       "cpu": [
         "arm"
       ],
@@ -3167,9 +3043,9 @@
       ]
     },
     "node_modules/@rollup/rollup-android-arm64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.3.tgz",
-      "integrity": "sha512-xw3xtkDApIOGayehp2+Rz4zimfkaX65r4t47iy+ymQB2G4iJCBBfj0ogVg5jpvjpn8UWn/+q9tprxleYeNp3Hw==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.60.4.tgz",
+      "integrity": "sha512-GxxTKApUpzRhof7poWvCJHRF51C67u1R7D6DiluBE8wKU1u5GWE8t+v81JvJYtbawoBFX1hLv5Ei4eVjkWokaw==",
       "cpu": [
         "arm64"
       ],
@@ -3181,9 +3057,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-arm64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.3.tgz",
-      "integrity": "sha512-vo6Y5Qfpx7/5EaamIwi0WqW2+zfiusVihKatLvtN1VFVy3D13uERk/6gZLU1UiHRL6fDXqj/ELIeVRGnvcTE1g==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.60.4.tgz",
+      "integrity": "sha512-tua0TaJxMOB1R0V0RS1jFZ/RpURFDJIOR2A6jWwQeawuFyS4gBW+rntLRaQd0EQ4bd6Vp44Z2rXW+YYDBsj6IA==",
       "cpu": [
         "arm64"
       ],
@@ -3195,9 +3071,9 @@
       ]
     },
     "node_modules/@rollup/rollup-darwin-x64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.3.tgz",
-      "integrity": "sha512-D+0QGcZhBzTN82weOnsSlY7V7+RMmPuF1CkbxyMAGE8+ZHeUjyb76ZiWmBlCu//AQQONvxcqRbwZTajZKqjuOw==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.60.4.tgz",
+      "integrity": "sha512-CSKq7MsP+5PFIcydhAiR1K0UhEI1A2jWXVKHPCBZ151yOutENwvnPocgVHkivu2kviURtCEB6zUQw0vs8RrhMg==",
       "cpu": [
         "x64"
       ],
@@ -3209,9 +3085,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-arm64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.3.tgz",
-      "integrity": "sha512-6HnvHCT7fDyj6R0Ph7A6x8dQS/S38MClRWeDLqc0MdfWkxjiu1HSDYrdPhqSILzjTIC/pnXbbJbo+ft+gy/9hQ==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-arm64/-/rollup-freebsd-arm64-4.60.4.tgz",
+      "integrity": "sha512-+O8OkVdyvXMtJEciu2wS/pzm1IxntEEQx3z5TAVy4l32G0etZn+RsA48ARRrFm6Ri8fvqPQfgrvNxSjKAbnd3g==",
       "cpu": [
         "arm64"
       ],
@@ -3223,9 +3099,9 @@
       ]
     },
     "node_modules/@rollup/rollup-freebsd-x64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.3.tgz",
-      "integrity": "sha512-KHLgC3WKlUYW3ShFKnnosZDOJ0xjg9zp7au3sIm2bs/tGBeC2ipmvRh/N7JKi0t9Ue20C0dpEshi8WUubg+cnA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-freebsd-x64/-/rollup-freebsd-x64-4.60.4.tgz",
+      "integrity": "sha512-Iw3oMskH3AfNuhU0MSN7vNbdi4me/NiYo2azqPz/Le16zHSa+3RRmliCMWWQmh4lcndccU40xcJuTYJZxNo/lw==",
       "cpu": [
         "x64"
       ],
@@ -3237,9 +3113,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-gnueabihf": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.3.tgz",
-      "integrity": "sha512-DV6fJoxEYWJOvaZIsok7KrYl0tPvga5OZ2yvKHNNYyk/2roMLqQAbGhr78EQ5YhHpnhLKJD3S1WFusAkmUuV5g==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.60.4.tgz",
+      "integrity": "sha512-EIPRXTVQpHyF8WOo219AD2yEltPehLTcTMz2fn6JsatLYSzQf00hj3rulF+yauOlF9/FtM2WpkT/hJh/KJFGhA==",
       "cpu": [
         "arm"
       ],
@@ -3251,9 +3127,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm-musleabihf": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.3.tgz",
-      "integrity": "sha512-mQKoJAzvuOs6F+TZybQO4GOTSMUu7v0WdxEk24krQ/uUxXoPTtHjuaUuPmFhtBcM4K0ons8nrE3JyhTuCFtT/w==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.60.4.tgz",
+      "integrity": "sha512-J3Yh9PzzF1Ovah2At+lHiGQdsYgArxBbXv/zHfSyaiFQEqvNv7DcW98pCrmdjCZBrqBiKrKKe2V+aaSGWuBe/w==",
       "cpu": [
         "arm"
       ],
@@ -3265,9 +3141,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.3.tgz",
-      "integrity": "sha512-Whjj2qoiJ6+OOJMGptTYazaJvjOJm+iKHpXQM1P3LzGjt7Ff++Tp7nH4N8J/BUA7R9IHfDyx4DJIflifwnbmIA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.60.4.tgz",
+      "integrity": "sha512-BFDEZMYfUvLn37ONE1yMBojPxnMlTFsdyNoqncT0qFq1mAfllL+ATMMJd8TeuVMiX84s1KbcxcZbXInmcO2mRg==",
       "cpu": [
         "arm64"
       ],
@@ -3279,9 +3155,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-arm64-musl": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.3.tgz",
-      "integrity": "sha512-4YTNHKqGng5+yiZt3mg77nmyuCfmNfX4fPmyUapBcIk+BdwSwmCWGXOUxhXbBEkFHtoN5boLj/5NON+u5QC9tg==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.60.4.tgz",
+      "integrity": "sha512-pc9EYOSlOgdQ2uPl1o9PF6/kLSgaUosia7gOuS8mB69IxJvlclko1MECXysjs5ryez1/5zjYqx3+xYU0TU6R1A==",
       "cpu": [
         "arm64"
       ],
@@ -3293,9 +3169,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.3.tgz",
-      "integrity": "sha512-SU3kNlhkpI4UqlUc2VXPGK9o886ZsSeGfMAX2ba2b8DKmMXq4AL7KUrkSWVbb7koVqx41Yczx6dx5PNargIrEA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-gnu/-/rollup-linux-loong64-gnu-4.60.4.tgz",
+      "integrity": "sha512-NxnomyxYerDh5n4iLrNa+sH+Z+U4BMEE46V2PgQ/hoB909i8gV1M5wPojWg9fk1jWpO3IQnOs20K4wyZuFLEFQ==",
       "cpu": [
         "loong64"
       ],
@@ -3307,9 +3183,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-loong64-musl": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.3.tgz",
-      "integrity": "sha512-6lDLl5h4TXpB1mTf2rQWnAk/LcXrx9vBfu/DT5TIPhvMhRWaZ5MxkIc8u4lJAmBo6klTe1ywXIUHFjylW505sg==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-loong64-musl/-/rollup-linux-loong64-musl-4.60.4.tgz",
+      "integrity": "sha512-nbJnQ8a3z1mtmrwImCYhc6BGpThAyYVRQxw9uKSKG4wR6aAYno9sVjJ0zaZcW9BPJX1GbrDPf+SvdWjgTuDmnw==",
       "cpu": [
         "loong64"
       ],
@@ -3321,9 +3197,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.3.tgz",
-      "integrity": "sha512-BMo8bOw8evlup/8G+cj5xWtPyp93xPdyoSN16Zy90Q2QZ0ZYRhCt6ZJSwbrRzG9HApFabjwj2p25TUPDWrhzqQ==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-gnu/-/rollup-linux-ppc64-gnu-4.60.4.tgz",
+      "integrity": "sha512-2EU6acNrQLd8tYvo/LXW535wupT3m6fo7HKo6lr7ktQoItxTyOL1ZCR/GfGCuXl2vR+zmfI6eRXkSemafv+iVg==",
       "cpu": [
         "ppc64"
       ],
@@ -3335,9 +3211,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-ppc64-musl": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.3.tgz",
-      "integrity": "sha512-E0L8X1dZN1/Rph+5VPF6Xj2G7JJvMACVXtamTJIDrVI44Y3K+G8gQaMEAavbqCGTa16InptiVrX6eM6pmJ+7qA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-ppc64-musl/-/rollup-linux-ppc64-musl-4.60.4.tgz",
+      "integrity": "sha512-WeBtoMuaMxiiIrO2IYP3xs6GMWkJP2C0EoT8beTLkUPmzV1i/UcOSVw1d5r9KBODtHKilG5yFxsGRnBbK3wJ4A==",
       "cpu": [
         "ppc64"
       ],
@@ -3349,9 +3225,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.3.tgz",
-      "integrity": "sha512-oZJ/WHaVfHUiRAtmTAeo3DcevNsVvH8mbvodjZy7D5QKvCefO371SiKRpxoDcCxB3PTRTLayWBkvmDQKTcX/sw==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.60.4.tgz",
+      "integrity": "sha512-FJHFfqpKUI3A10WrWKiFbBZ7yVbGT4q4B5o1qKFFojqpaYoh9LrQgqWCmmcxQzVSXYtyB5bzkXrYzlHTs21MYA==",
       "cpu": [
         "riscv64"
       ],
@@ -3363,9 +3239,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-riscv64-musl": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.3.tgz",
-      "integrity": "sha512-Dhbyh7j9FybM3YaTgaHmVALwA8AkUwTPccyCQ79TG9AJUsMQqgN1DDEZNr4+QUfwiWvLDumW5vdwzoeUF+TNxQ==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-musl/-/rollup-linux-riscv64-musl-4.60.4.tgz",
+      "integrity": "sha512-mcEl6CUT5IAUmQf1m9FYSmVqCJlpQ8r8eyftFUHG8i9OhY7BkBXSUdnLH5DOf0wCOjcP9v/QO93zpmF1SptCCw==",
       "cpu": [
         "riscv64"
       ],
@@ -3377,9 +3253,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-s390x-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.3.tgz",
-      "integrity": "sha512-cJd1X5XhHHlltkaypz1UcWLA8AcoIi1aWhsvaWDskD1oz2eKCypnqvTQ8ykMNI0RSmm7NkTdSqSSD7zM0xa6Ig==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.60.4.tgz",
+      "integrity": "sha512-ynt3JxVd2w2buzoKDWIyiV1pJW93xlQic1THVLXilz429oijRpSHivZAgp65KBu+cMcgf1eVVjdnTLvPxgCuoQ==",
       "cpu": [
         "s390x"
       ],
@@ -3391,9 +3267,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.3.tgz",
-      "integrity": "sha512-DAZDBHQfG2oQuhY7mc6I3/qB4LU2fQCjRvxbDwd/Jdvb9fypP4IJ4qmtu6lNjes6B531AI8cg1aKC2di97bUxA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-Boiz5+MsaROEWDf+GGEwF8VMHGhlUoQMtIPjOgA5fv4osupqTVnJteQNKJwUcnUog2G55jYXH7KZFFiJe0TEzQ==",
       "cpu": [
         "x64"
       ],
@@ -3405,9 +3281,9 @@
       ]
     },
     "node_modules/@rollup/rollup-linux-x64-musl": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.3.tgz",
-      "integrity": "sha512-cRxsE8c13mZOh3vP+wLDxpQBRrOHDIGOWyDL93Sy0Ga8y515fBcC2pjUfFwUe5T7tqvTvWbCpg1URM/AXdWIXA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.60.4.tgz",
+      "integrity": "sha512-+qfSY27qIrFfI/Hom04KYFw3GKZSGU4lXus51wsb5EuySfFlWRwjkKWoE9emgRw/ukoT4Udsj4W/+xxG8VbPKg==",
       "cpu": [
         "x64"
       ],
@@ -3419,9 +3295,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openbsd-x64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.3.tgz",
-      "integrity": "sha512-QaWcIgRxqEdQdhJqW4DJctsH6HCmo5vHxY0krHSX4jMtOqfzC+dqDGuHM87bu4H8JBeibWx7jFz+h6/4C8wA5Q==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openbsd-x64/-/rollup-openbsd-x64-4.60.4.tgz",
+      "integrity": "sha512-VpTfOPHgVXEBeeR8hZ2O0F3aSso+JDWqTWmTmzcQKted54IAdUVbxE+j/MVxUsKa8L20HJhv3vUezVPoquqWjA==",
       "cpu": [
         "x64"
       ],
@@ -3433,9 +3309,9 @@
       ]
     },
     "node_modules/@rollup/rollup-openharmony-arm64": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.3.tgz",
-      "integrity": "sha512-AaXwSvUi3QIPtroAUw1t5yHGIyqKEXwH54WUocFolZhpGDruJcs8c+xPNDRn4XiQsS7MEwnYsHW2l0MBLDMkWg==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-openharmony-arm64/-/rollup-openharmony-arm64-4.60.4.tgz",
+      "integrity": "sha512-IPOsh5aRYuLv/nkU51X10Bf75Bsf6+gZdx1X+QP5QM6lIJFHHqbHLG0uJn/hWthzo13UAc2umiUorqZy3axoZg==",
       "cpu": [
         "arm64"
       ],
@@ -3447,9 +3323,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-arm64-msvc": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.3.tgz",
-      "integrity": "sha512-65LAKM/bAWDqKNEelHlcHvm2V+Vfb8C6INFxQXRHCvaVN1rJfwr4NvdP4FyzUaLqWfaCGaadf6UbTm8xJeYfEg==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.60.4.tgz",
+      "integrity": "sha512-4QzE9E81OohJ/HKzHhsqU+zcYYojVOXlFMs1DdyMT6qXl/niOH7AVElmmEdUNHHS/oRkc++d5k6Vy85zFs0DEw==",
       "cpu": [
         "arm64"
       ],
@@ -3461,9 +3337,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-ia32-msvc": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.3.tgz",
-      "integrity": "sha512-EEM2gyhBF5MFnI6vMKdX1LAosE627RGBzIoGMdLloPZkXrUN0Ckqgr2Qi8+J3zip/8NVVro3/FjB+tjhZUgUHA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.60.4.tgz",
+      "integrity": "sha512-zTPgT1YuHHcd+Tmx7h8aml0FWFVelV5N54oHow9SLj+GfoDy/huQ+UV396N/C7KpMDMiPspRktzM1/0r1usYEA==",
       "cpu": [
         "ia32"
       ],
@@ -3475,9 +3351,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-gnu": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.3.tgz",
-      "integrity": "sha512-E5Eb5H/DpxaoXH++Qkv28RcUJboMopmdDUALBczvHMf7hNIxaDZqwY5lK12UK1BHacSmvupoEWGu+n993Z0y1A==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-gnu/-/rollup-win32-x64-gnu-4.60.4.tgz",
+      "integrity": "sha512-DRS4G7mi9lJxqEDezIkKCaUIKCrLUUDCUaCsTPCi/rtqaC6D/jjwslMQyiDU50Ka0JKpeXeRBFBAXwArY52vBw==",
       "cpu": [
         "x64"
       ],
@@ -3489,9 +3365,9 @@
       ]
     },
     "node_modules/@rollup/rollup-win32-x64-msvc": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.3.tgz",
-      "integrity": "sha512-hPt/bgL5cE+Qp+/TPHBqptcAgPzgj46mPcg/16zNUmbQk0j+mOEQV/+Lqu8QRtDV3Ek95Q6FeFITpuhl6OTsAA==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.60.4.tgz",
+      "integrity": "sha512-QVTUovf40zgTqlFVrKA1uXMVvU2QWEFWfAH8Wdc48IxLvrJMQVMBRjuQyUpzZCDkakImib9eVazbWlC6ksWtJw==",
       "cpu": [
         "x64"
       ],
@@ -3503,33 +3379,35 @@
       ]
     },
     "node_modules/@scalar/client-side-rendering": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/@scalar/client-side-rendering/-/client-side-rendering-0.1.7.tgz",
-      "integrity": "sha512-IDzjKF93jrOljlvKBsLHXT1FPWgz56jFrMPC+iLihREp1qH8wF92mG8Zpakw8cURkEuw5WijRk0xNBP2moGyuw==",
+      "version": "0.1.9",
+      "resolved": "https://registry.npmjs.org/@scalar/client-side-rendering/-/client-side-rendering-0.1.9.tgz",
+      "integrity": "sha512-Gv3CK0X+BqXYkVJLTQXNM8YgdquhuGV4hKlsM8S9k5GGonj8LBDSAiuU3W48JGX1pY7hRotBGcIIU+1a1X1mcw==",
       "license": "MIT",
       "dependencies": {
-        "@scalar/types": "0.9.6"
+        "@scalar/schemas": "0.2.0",
+        "@scalar/types": "0.11.0",
+        "@scalar/validation": "0.5.0"
       },
       "engines": {
         "node": ">=22"
       }
     },
     "node_modules/@scalar/helpers": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/@scalar/helpers/-/helpers-0.6.0.tgz",
-      "integrity": "sha512-pfSamAgBxqFeE8IpEG6uGkHlnPhY1CLeOTttV9+vKQbrBk5b7vvyTsUXv0Hz4kNU1TFrxcTTPE+Akn5S+jlTtQ==",
+      "version": "0.8.0",
+      "resolved": "https://registry.npmjs.org/@scalar/helpers/-/helpers-0.8.0.tgz",
+      "integrity": "sha512-gmOC6VravNB9VDl6wnt/GOj4K/hn48tj5bpW4AM4MhH8Ubil6uu7g1DSoKHwltu8Ks79KEtR6JmOrROi9R7jaQ==",
       "license": "MIT",
       "engines": {
         "node": ">=22"
       }
     },
     "node_modules/@scalar/hono-api-reference": {
-      "version": "0.10.14",
-      "resolved": "https://registry.npmjs.org/@scalar/hono-api-reference/-/hono-api-reference-0.10.14.tgz",
-      "integrity": "sha512-LCIT4ul3c4MyD7shhxsWcvvOABt0fEHNQID2n+2TPeItc/MR2qCjjp/QfqD+JoQ7zbc0nnzh1kwRR06MVBmnUA==",
+      "version": "0.10.16",
+      "resolved": "https://registry.npmjs.org/@scalar/hono-api-reference/-/hono-api-reference-0.10.16.tgz",
+      "integrity": "sha512-pllMIMZUXrTcbn1IeOhS5WHgpkw2kdtS3kFojz04DOdJptq3MawjHEunPhvydyMlIFlb1rhjieRllhPwt/y9Lw==",
       "license": "MIT",
       "dependencies": {
-        "@scalar/client-side-rendering": "0.1.7"
+        "@scalar/client-side-rendering": "0.1.9"
       },
       "engines": {
         "node": ">=22"
@@ -3538,52 +3416,31 @@
         "hono": "^4.12.5"
       }
     },
-    "node_modules/@scalar/types": {
-      "version": "0.9.6",
-      "resolved": "https://registry.npmjs.org/@scalar/types/-/types-0.9.6.tgz",
-      "integrity": "sha512-UaCQQcscFTJdxZREE8KhUdSJgaDlc44TZbmWcZffs4m1hzqOvEI7lEBS13iBpLq7/cxUXFgyJdecywvNqJ0PkA==",
+    "node_modules/@scalar/schemas": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/@scalar/schemas/-/schemas-0.2.0.tgz",
+      "integrity": "sha512-FOpNecNoEKo8SogHEsdWlVRN4Q4PH3dzuOBWMA5tGt1xLZu5iFnPG2X/h6+Z/mOR34c7iW+hiKTqdUZoDgT9CA==",
       "license": "MIT",
       "dependencies": {
-        "@scalar/helpers": "0.6.0",
-        "nanoid": "^5.1.6",
-        "type-fest": "^5.3.1",
-        "zod": "^4.3.5"
+        "@scalar/validation": "0.5.0"
       },
       "engines": {
         "node": ">=22"
       }
     },
-    "node_modules/@scalar/types/node_modules/nanoid": {
-      "version": "5.1.11",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.11.tgz",
-      "integrity": "sha512-v+KEsUv2ps74PaSKv0gHTxTCgMXOIfBEbaqa6w6ISIGC7ZsvHN4N9oJ8d4cmf0n5oTzQz2SLmThbQWhjd/8eKg==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/ai"
-        }
-      ],
+    "node_modules/@scalar/types": {
+      "version": "0.11.0",
+      "resolved": "https://registry.npmjs.org/@scalar/types/-/types-0.11.0.tgz",
+      "integrity": "sha512-TGZR8sys1jRlaWxLYfBo8y6D1W4UClYuDmkJ6Hmsb7oNuqokEAAK+AVYIzascVdBmaly0D1fqoqK7CzuGYHgyg==",
       "license": "MIT",
-      "bin": {
-        "nanoid": "bin/nanoid.js"
-      },
-      "engines": {
-        "node": "^18 || >=20"
-      }
-    },
-    "node_modules/@scalar/types/node_modules/type-fest": {
-      "version": "5.6.0",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-5.6.0.tgz",
-      "integrity": "sha512-8ZiHFm91orbSAe2PSAiSVBVko18pbhbiB3U9GglSzF/zCGkR+rxpHx6sEMCUm4kxY4LjDIUGgCfUMtwfZfjfUA==",
-      "license": "(MIT OR CC0-1.0)",
       "dependencies": {
-        "tagged-tag": "^1.0.0"
+        "@scalar/helpers": "0.8.0",
+        "nanoid": "^5.1.6",
+        "type-fest": "^5.3.1",
+        "zod": "^4.3.5"
       },
       "engines": {
-        "node": ">=20"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
+        "node": ">=22"
       }
     },
     "node_modules/@scalar/types/node_modules/zod": {
@@ -3595,6 +3452,15 @@
         "url": "https://github.com/sponsors/colinhacks"
       }
     },
+    "node_modules/@scalar/validation": {
+      "version": "0.5.0",
+      "resolved": "https://registry.npmjs.org/@scalar/validation/-/validation-0.5.0.tgz",
+      "integrity": "sha512-48CS1B0C7im57RQCHhS0GKt+qDLxB34IX8rO91jZj9D+Y/OosQZG3Gy57gJdHqZoD7l0sPUZtF8tVYry3BxRtw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=20"
+      }
+    },
     "node_modules/@types/aws-lambda": {
       "version": "8.10.161",
       "resolved": "https://registry.npmjs.org/@types/aws-lambda/-/aws-lambda-8.10.161.tgz",
@@ -3645,9 +3511,9 @@
       "license": "MIT"
     },
     "node_modules/@types/estree": {
-      "version": "1.0.8",
-      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
-      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.9.tgz",
+      "integrity": "sha512-GhdPgy1el4/ImP05X05Uw4cw2/M93BCUmnEvWZNStlCzEKME4Fkk+YpoA5OiHNQmoS7Cafb8Xa3Pya8m1Qrzeg==",
       "dev": true,
       "license": "MIT"
     },
@@ -3659,18 +3525,44 @@
       "license": "MIT"
     },
     "node_modules/@types/jsdom": {
-      "version": "28.0.1",
-      "resolved": "https://registry.npmjs.org/@types/jsdom/-/jsdom-28.0.1.tgz",
-      "integrity": "sha512-GJq2QE4TAZ5ajSoCasn5DOFm8u1mI3tIFvM5tIq3W5U/RTB6gsHwc6Yhpl91X9VSDOUVblgXmG+2+sSvFQrdlw==",
+      "version": "28.0.3",
+      "resolved": "https://registry.npmjs.org/@types/jsdom/-/jsdom-28.0.3.tgz",
+      "integrity": "sha512-/HQ2uFoetFTXuye8vzIcHw2z6Fwi7Hi/qcgC+RoS9NCyewiqxhVGqlG+ViGB6lkax481R6dmhf1I7lIGlzJStQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@types/node": "*",
         "@types/tough-cookie": "*",
-        "parse5": "^7.0.0",
+        "parse5": "^8.0.0",
         "undici-types": "^7.21.0"
       }
     },
+    "node_modules/@types/jsdom/node_modules/entities": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
+      "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=20.19.0"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
+    "node_modules/@types/jsdom/node_modules/parse5": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+      "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "entities": "^8.0.0"
+      },
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
+      }
+    },
     "node_modules/@types/jsdom/node_modules/undici-types": {
       "version": "7.25.0",
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.25.0.tgz",
@@ -3711,9 +3603,9 @@
       }
     },
     "node_modules/@types/node": {
-      "version": "24.12.3",
-      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.3.tgz",
-      "integrity": "sha512-8oljBDGun9cIsZRJR6fkihn0TSXJI0UDOOhncYaERq6M0JMDoPLxyscwruJcb4GKS6dvK/d8xebYBg27h/duaQ==",
+      "version": "24.12.4",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-24.12.4.tgz",
+      "integrity": "sha512-GUUEShf+PBCGW2KaXwcIt3Yk+e3pkKwWKb9GSyM9WQVE+ep2jzmHdGsHzu4wgcZy5fN9FBdVzjpBQsYlpfpgLA==",
       "license": "MIT",
       "dependencies": {
         "undici-types": "~7.16.0"
@@ -3795,17 +3687,17 @@
       }
     },
     "node_modules/@typescript-eslint/eslint-plugin": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.2.tgz",
-      "integrity": "sha512-j/bwmkBvHUtPNxzuWe5z6BEk3q54YRyGlBXkSsmfoih7zNrBvl5A9A98anlp/7JbyZcWIJ8KXo/3Tq/DjFLtuQ==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.59.3.tgz",
+      "integrity": "sha512-PwFvSKsXGShKGW6n5bZOhGHEcCZXM8HofLK9fNsEwZXzFRjoY+XT1Vsf1zgyXdwTr0ZYz1/2tkZ0DBTT9jZjhw==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/regexpp": "^4.12.2",
-        "@typescript-eslint/scope-manager": "8.59.2",
-        "@typescript-eslint/type-utils": "8.59.2",
-        "@typescript-eslint/utils": "8.59.2",
-        "@typescript-eslint/visitor-keys": "8.59.2",
+        "@typescript-eslint/scope-manager": "8.59.3",
+        "@typescript-eslint/type-utils": "8.59.3",
+        "@typescript-eslint/utils": "8.59.3",
+        "@typescript-eslint/visitor-keys": "8.59.3",
         "ignore": "^7.0.5",
         "natural-compare": "^1.4.0",
         "ts-api-utils": "^2.5.0"
@@ -3818,22 +3710,32 @@
         "url": "https://opencollective.com/typescript-eslint"
       },
       "peerDependencies": {
-        "@typescript-eslint/parser": "^8.59.2",
+        "@typescript-eslint/parser": "^8.59.3",
         "eslint": "^8.57.0 || ^9.0.0 || ^10.0.0",
         "typescript": ">=4.8.4 <6.1.0"
       }
     },
+    "node_modules/@typescript-eslint/eslint-plugin/node_modules/ignore": {
+      "version": "7.0.5",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
+      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 4"
+      }
+    },
     "node_modules/@typescript-eslint/parser": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.2.tgz",
-      "integrity": "sha512-plR3pp6D+SSUn1HM7xvSkx12/DhoHInI2YF35KAcVFNZvlC0gtrWqx7Qq1oH2Ssgi0vlFRCTbP+DZc7B9+TtsQ==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.59.3.tgz",
+      "integrity": "sha512-HPwA+hVkfcriajbNvTmZv4VRauibay+cWArYUYq7u7W7PmGShMxbPxLvrwDme55a6d5alG3nrYfhyJ/G28XlLg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/scope-manager": "8.59.2",
-        "@typescript-eslint/types": "8.59.2",
-        "@typescript-eslint/typescript-estree": "8.59.2",
-        "@typescript-eslint/visitor-keys": "8.59.2",
+        "@typescript-eslint/scope-manager": "8.59.3",
+        "@typescript-eslint/types": "8.59.3",
+        "@typescript-eslint/typescript-estree": "8.59.3",
+        "@typescript-eslint/visitor-keys": "8.59.3",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -3849,14 +3751,14 @@
       }
     },
     "node_modules/@typescript-eslint/project-service": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.2.tgz",
-      "integrity": "sha512-+2hqvEkeyf/0FBor67duF0Ll7Ot8jyKzDQOSrxazF/danillRq2DwR9dLptsXpoZQqxE1UisSmoZewrlPas9Vw==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.59.3.tgz",
+      "integrity": "sha512-ECiUWa/KYRGDFUqTNehaRgzDshnJfkTABJxVemHk4ko22gcr0ukloKjWvyQ64g8YCV/UI47kN1dbmjf/GaQYng==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/tsconfig-utils": "^8.59.2",
-        "@typescript-eslint/types": "^8.59.2",
+        "@typescript-eslint/tsconfig-utils": "^8.59.3",
+        "@typescript-eslint/types": "^8.59.3",
         "debug": "^4.4.3"
       },
       "engines": {
@@ -3871,14 +3773,14 @@
       }
     },
     "node_modules/@typescript-eslint/scope-manager": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.2.tgz",
-      "integrity": "sha512-JzfyEpEtOU89CcFSwyNS3mu4MLvLSXqnmX05+aKBDM+TdR5jzcGOEBwxwGNxrEQ7p/z6kK2WyioCGBf2zZBnvg==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.59.3.tgz",
+      "integrity": "sha512-t2LvZnoEfzKtnPjgeEu41xw5gxq9mQVfYy4OoZ4Vlt0sk3JwxmhCca/AR7DwOiHrjWgjAj6as4AhRLKSDfvZIA==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.59.2",
-        "@typescript-eslint/visitor-keys": "8.59.2"
+        "@typescript-eslint/types": "8.59.3",
+        "@typescript-eslint/visitor-keys": "8.59.3"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3889,9 +3791,9 @@
       }
     },
     "node_modules/@typescript-eslint/tsconfig-utils": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.2.tgz",
-      "integrity": "sha512-BKK4alN7oi4C/zv4VqHQ+uRU+lTa6JGIZ7s1juw7b3RHo9OfKB+bKX3u0iVZetdsUCBBkSbdWbarJbmN0fTeSw==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.59.3.tgz",
+      "integrity": "sha512-PcIJHjmaREXLgIAIzLnSY9VucEzz8FKXsRgFa1DmdGCK/5tJpW03TKJF01Q6VZd1lLdz2sIKPWaDUZN9dp//dw==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3906,15 +3808,15 @@
       }
     },
     "node_modules/@typescript-eslint/type-utils": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.2.tgz",
-      "integrity": "sha512-nhqaj1nmTdVVl/BP5omXNRGO38jn5iosis2vbdmupF2txCf8ylWT8lx+JlvMYYVqzGVKtjojUFoQ3JRWK+mfzQ==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.59.3.tgz",
+      "integrity": "sha512-g71d8QD8UaiHGvrJwyIS1hCX5r63w6Jll+4VEYhEAHXTDIqX1JgxhTAbEHtKntL9kuc4jRo7/GWw5xfCepSccQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.59.2",
-        "@typescript-eslint/typescript-estree": "8.59.2",
-        "@typescript-eslint/utils": "8.59.2",
+        "@typescript-eslint/types": "8.59.3",
+        "@typescript-eslint/typescript-estree": "8.59.3",
+        "@typescript-eslint/utils": "8.59.3",
         "debug": "^4.4.3",
         "ts-api-utils": "^2.5.0"
       },
@@ -3931,9 +3833,9 @@
       }
     },
     "node_modules/@typescript-eslint/types": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.2.tgz",
-      "integrity": "sha512-e82GVOE8Ps3E++Egvb6Y3Dw0S10u8NkQ9KXmtRhCWJJ8kDhOJTvtMAWnFL16kB1583goCWXsr0NieKCZMs2/0Q==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.59.3.tgz",
+      "integrity": "sha512-ePFoH0g4ludssdRFqqDxQePCxU4WQyRa9+XVwjm7yLn0FKhMeoetC+qBEEI1Eyb1pGSDveTIT09Bvw2WhlGayg==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -3945,16 +3847,16 @@
       }
     },
     "node_modules/@typescript-eslint/typescript-estree": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.2.tgz",
-      "integrity": "sha512-o0XPGNwcWw+FIwStOWn+BwBuEmL6QXP0rsvAFg7ET1dey1Nr6Wb1ac8p5HEsK0ygO/6mUxlk+YWQD9xcb/nnXg==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.59.3.tgz",
+      "integrity": "sha512-CbRjVRAf7Lr9Kr8RopKcbY45p2VfmmHrm0ygOCYFi7oU8q19m0Fs/6iHS7kNOmwpp+ob07ZVcAqlxUod9lYdmg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/project-service": "8.59.2",
-        "@typescript-eslint/tsconfig-utils": "8.59.2",
-        "@typescript-eslint/types": "8.59.2",
-        "@typescript-eslint/visitor-keys": "8.59.2",
+        "@typescript-eslint/project-service": "8.59.3",
+        "@typescript-eslint/tsconfig-utils": "8.59.3",
+        "@typescript-eslint/types": "8.59.3",
+        "@typescript-eslint/visitor-keys": "8.59.3",
         "debug": "^4.4.3",
         "minimatch": "^10.2.2",
         "semver": "^7.7.3",
@@ -3973,16 +3875,16 @@
       }
     },
     "node_modules/@typescript-eslint/utils": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.2.tgz",
-      "integrity": "sha512-Juw3EinkXqjaffxz6roowvV7GZT/kET5vSKKZT6upl5TXdWkLkYmNPXwDDL2Vkt2DPn0nODIS4egC/0AGxKo/Q==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.59.3.tgz",
+      "integrity": "sha512-JAvT14goBzRzzzZyqq3P9BLArIxTtQURUtFgQ/V7FO+eU+Gg6ES+5ymOPP1wRxXcxAYeivCk4uS3jCKWI1K8Zg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.9.1",
-        "@typescript-eslint/scope-manager": "8.59.2",
-        "@typescript-eslint/types": "8.59.2",
-        "@typescript-eslint/typescript-estree": "8.59.2"
+        "@typescript-eslint/scope-manager": "8.59.3",
+        "@typescript-eslint/types": "8.59.3",
+        "@typescript-eslint/typescript-estree": "8.59.3"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -3997,13 +3899,13 @@
       }
     },
     "node_modules/@typescript-eslint/visitor-keys": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.2.tgz",
-      "integrity": "sha512-NwjLUnGy8/Zfx23fl50tRC8rYaYnM52xNRYFAXvmiil9yh1+K6aRVQMnzW6gQB/1DLgWt977lYQn7C+wtgXZiA==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.59.3.tgz",
+      "integrity": "sha512-f1UQF7ggd42YiwI5wGrRaPsa+P0CINBlrkLPmGfpq/u/I/oVtecoEIfFR9ag/oa1sLOsRNZ6xehf6qMZhQGBDg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/types": "8.59.2",
+        "@typescript-eslint/types": "8.59.3",
         "eslint-visitor-keys": "^5.0.0"
       },
       "engines": {
@@ -4014,19 +3916,6 @@
         "url": "https://opencollective.com/typescript-eslint"
       }
     },
-    "node_modules/@typescript-eslint/visitor-keys/node_modules/eslint-visitor-keys": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
-      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "engines": {
-        "node": "^20.19.0 || ^22.13.0 || >=24"
-      },
-      "funding": {
-        "url": "https://opencollective.com/eslint"
-      }
-    },
     "node_modules/@vitest/coverage-v8": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/@vitest/coverage-v8/-/coverage-v8-3.2.4.tgz",
@@ -4061,93 +3950,6 @@
         }
       }
     },
-    "node_modules/@vitest/coverage-v8/node_modules/balanced-match": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/@vitest/coverage-v8/node_modules/brace-expansion": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
-      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^1.0.0"
-      }
-    },
-    "node_modules/@vitest/coverage-v8/node_modules/glob": {
-      "version": "10.5.0",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
-      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
-      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "foreground-child": "^3.1.0",
-        "jackspeak": "^3.1.2",
-        "minimatch": "^9.0.4",
-        "minipass": "^7.1.2",
-        "package-json-from-dist": "^1.0.0",
-        "path-scurry": "^1.11.1"
-      },
-      "bin": {
-        "glob": "dist/esm/bin.mjs"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
-    "node_modules/@vitest/coverage-v8/node_modules/glob/node_modules/minimatch": {
-      "version": "9.0.9",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
-      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "brace-expansion": "^2.0.2"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.17"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
-    "node_modules/@vitest/coverage-v8/node_modules/path-scurry": {
-      "version": "1.11.1",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
-      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
-      "dev": true,
-      "license": "BlueOak-1.0.0",
-      "dependencies": {
-        "lru-cache": "^10.2.0",
-        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
-      },
-      "engines": {
-        "node": ">=16 || 14 >=14.18"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
-    "node_modules/@vitest/coverage-v8/node_modules/test-exclude": {
-      "version": "7.0.2",
-      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.2.tgz",
-      "integrity": "sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "@istanbuljs/schema": "^0.1.2",
-        "glob": "^10.4.1",
-        "minimatch": "^10.2.2"
-      },
-      "engines": {
-        "node": ">=18"
-      }
-    },
     "node_modules/@vitest/expect": {
       "version": "3.2.4",
       "resolved": "https://registry.npmjs.org/@vitest/expect/-/expect-3.2.4.tgz",
@@ -4365,6 +4167,19 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
+    "node_modules/ansi-escapes/node_modules/type-fest": {
+      "version": "0.21.3",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz",
+      "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==",
+      "dev": true,
+      "license": "(MIT OR CC0-1.0)",
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
     "node_modules/ansi-regex": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
@@ -4455,13 +4270,6 @@
         "js-tokens": "^10.0.0"
       }
     },
-    "node_modules/ast-v8-to-istanbul/node_modules/js-tokens": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
-      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
-      "dev": true,
-      "license": "MIT"
-    },
     "node_modules/asynckit": {
       "version": "0.4.0",
       "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
@@ -4479,13 +4287,13 @@
       }
     },
     "node_modules/balanced-match": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-3.0.1.tgz",
-      "integrity": "sha512-vjtV3hiLqYDNRoiAv0zC4QaGAMPomEoq83PRmYIofPswwZurCeWR5LByXm7SyoL0Zh5+2z0+HC7jG8gSZJUh0w==",
+      "version": "4.0.4",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
+      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">= 16"
+        "node": "18 || 20 || >=22"
       }
     },
     "node_modules/base64-js": {
@@ -4565,16 +4373,16 @@
       }
     },
     "node_modules/brace-expansion": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-4.0.1.tgz",
-      "integrity": "sha512-YClrbvTCXGe70pU2JiEiPLYXO9gQkyxYeKpJIQHVS/gOs6EWMQP2RYBwjFLNT322Ji8TOC3IMPfsYCedNpzKfA==",
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
+      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "balanced-match": "^3.0.0"
+        "balanced-match": "^4.0.2"
       },
       "engines": {
-        "node": ">= 18"
+        "node": "18 || 20 || >=22"
       }
     },
     "node_modules/braces": {
@@ -4640,16 +4448,76 @@
         }
       }
     },
-    "node_modules/cac": {
-      "version": "6.7.14",
-      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
-      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+    "node_modules/c8/node_modules/glob": {
+      "version": "13.0.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz",
+      "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==",
       "dev": true,
-      "license": "MIT",
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "minimatch": "^10.2.2",
+        "minipass": "^7.1.3",
+        "path-scurry": "^2.0.2"
+      },
       "engines": {
-        "node": ">=8"
-      }
-    },
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/c8/node_modules/lru-cache": {
+      "version": "11.3.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
+      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/c8/node_modules/path-scurry": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.2.tgz",
+      "integrity": "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "lru-cache": "^11.0.0",
+        "minipass": "^7.1.2"
+      },
+      "engines": {
+        "node": "18 || 20 || >=22"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/c8/node_modules/test-exclude": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-8.0.0.tgz",
+      "integrity": "sha512-ZOffsNrXYggvU1mDGHk54I96r26P8SyMjO5slMKSc7+IWmtB/MQKnEC2fP51imB3/pT6YK5cT5E8f+Dd9KdyOQ==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^13.0.6",
+        "minimatch": "^10.2.2"
+      },
+      "engines": {
+        "node": "20 || >=22"
+      }
+    },
+    "node_modules/cac": {
+      "version": "6.7.14",
+      "resolved": "https://registry.npmjs.org/cac/-/cac-6.7.14.tgz",
+      "integrity": "sha512-b6Ilus+c3RrdDk+JhLKUAQfzzgLEPy6wcXqS7f/xe1EETvsDP6GORG7SFuOs6cID5YkqchW/LXZbX5bc8j7ZcQ==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=8"
+      }
+    },
     "node_modules/call-bind-apply-helpers": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz",
@@ -4806,6 +4674,19 @@
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/chokidar/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
     "node_modules/cjs-module-lexer": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/cjs-module-lexer/-/cjs-module-lexer-2.2.0.tgz",
@@ -4849,6 +4730,23 @@
         "node": ">=12"
       }
     },
+    "node_modules/cliui/node_modules/wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "license": "MIT",
+      "dependencies": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
+      }
+    },
     "node_modules/color-convert": {
       "version": "2.0.1",
       "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
@@ -5054,6 +4952,16 @@
         "node": ">=18"
       }
     },
+    "node_modules/data-urls/node_modules/whatwg-mimetype": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz",
+      "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/date-fns": {
       "version": "4.1.0",
       "resolved": "https://registry.npmjs.org/date-fns/-/date-fns-4.1.0.tgz",
@@ -5242,9 +5150,9 @@
       }
     },
     "node_modules/enhanced-resolve": {
-      "version": "5.21.2",
-      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.2.tgz",
-      "integrity": "sha512-xe9vQb5kReirPUxgQrXA3ihgbCqssmTiM7cOZ+Gzu+VeGWgpV98lLZvp0dl4yriyAePcewxGUs9UpKD8PET9KQ==",
+      "version": "5.21.3",
+      "resolved": "https://registry.npmjs.org/enhanced-resolve/-/enhanced-resolve-5.21.3.tgz",
+      "integrity": "sha512-QyL119InA+XXEkNLNTPCXPugSvOfhwv0JOlGNzvxs0hZaiHLNvXSpudUWsOlsXGWJh8G6ckCScEkVHfX3kw/2Q==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -5256,9 +5164,9 @@
       }
     },
     "node_modules/entities": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
-      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
+      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
       "dev": true,
       "license": "BSD-2-Clause",
       "engines": {
@@ -5402,16 +5310,16 @@
       }
     },
     "node_modules/eslint": {
-      "version": "10.3.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.3.0.tgz",
-      "integrity": "sha512-XbEXaRva5cF0ZQB8w6MluHA0kZZfV2DuCMJ3ozyEOHLwDpZX2Lmm/7Pp0xdJmI0GL1W05VH5VwIFHEm1Vcw2gw==",
+      "version": "10.4.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-10.4.0.tgz",
+      "integrity": "sha512-loXy6bWOoP3EP6JA7jo6p5jMpBJmHmsNZM5SFRHLdh1MGOPurMnNBj4ZlAbaqUAaQWbCr7jHV4P7gzAyryZWkQ==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
         "@eslint-community/eslint-utils": "^4.8.0",
         "@eslint-community/regexpp": "^4.12.2",
         "@eslint/config-array": "^0.23.5",
-        "@eslint/config-helpers": "^0.5.5",
+        "@eslint/config-helpers": "^0.6.0",
         "@eslint/core": "^1.2.1",
         "@eslint/plugin-kit": "^0.7.1",
         "@humanfs/node": "^0.16.6",
@@ -5551,16 +5459,6 @@
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
-    "node_modules/eslint-plugin-n/node_modules/ignore": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
-      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/eslint-plugin-prettier": {
       "version": "5.5.5",
       "resolved": "https://registry.npmjs.org/eslint-plugin-prettier/-/eslint-plugin-prettier-5.5.5.tgz",
@@ -5612,13 +5510,13 @@
       }
     },
     "node_modules/eslint-visitor-keys": {
-      "version": "3.4.3",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-3.4.3.tgz",
-      "integrity": "sha512-wpc+LXeiyiisxPlEkUzU6svyS1frIO3Mgxj1fdy7Pm8Ygzguax2N3Fa/D/ag1WqbOprdI+uY6wMUl8/a2G+iag==",
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
+      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
       "dev": true,
       "license": "Apache-2.0",
       "engines": {
-        "node": "^12.22.0 || ^14.17.0 || >=16.0.0"
+        "node": "^20.19.0 || ^22.13.0 || >=24"
       },
       "funding": {
         "url": "https://opencollective.com/eslint"
@@ -5641,42 +5539,6 @@
         "url": "https://github.com/sponsors/epoberezkin"
       }
     },
-    "node_modules/eslint/node_modules/eslint-visitor-keys": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
-      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "engines": {
-        "node": "^20.19.0 || ^22.13.0 || >=24"
-      },
-      "funding": {
-        "url": "https://opencollective.com/eslint"
-      }
-    },
-    "node_modules/eslint/node_modules/glob-parent": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
-      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "is-glob": "^4.0.3"
-      },
-      "engines": {
-        "node": ">=10.13.0"
-      }
-    },
-    "node_modules/eslint/node_modules/ignore": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
-      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/eslint/node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
@@ -5702,19 +5564,6 @@
         "url": "https://opencollective.com/eslint"
       }
     },
-    "node_modules/espree/node_modules/eslint-visitor-keys": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-5.0.1.tgz",
-      "integrity": "sha512-tD40eHxA35h0PEIZNeIjkHoDR4YjjJp34biM0mDvplBe//mB+IHCqHDGV7pxF+7MklTvighcCPPZC7ynWyjdTA==",
-      "dev": true,
-      "license": "Apache-2.0",
-      "engines": {
-        "node": "^20.19.0 || ^22.13.0 || >=24"
-      },
-      "funding": {
-        "url": "https://opencollective.com/eslint"
-      }
-    },
     "node_modules/esquery": {
       "version": "1.7.0",
       "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.7.0.tgz",
@@ -5825,6 +5674,13 @@
         "url": "https://github.com/sindresorhus/execa?sponsor=1"
       }
     },
+    "node_modules/execa/node_modules/signal-exit": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
+      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/expect-type": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/expect-type/-/expect-type-1.3.0.tgz",
@@ -5879,9 +5735,9 @@
       }
     },
     "node_modules/express-rate-limit": {
-      "version": "8.5.1",
-      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.1.tgz",
-      "integrity": "sha512-5O6KYmyJEpuPJV5hNTXKbAHWRqrzyu+OI3vUnSd2kXFubIVpG7ezpgxQy76Zo5GQZtrQBg86hF+CM/NX+cioiQ==",
+      "version": "8.5.2",
+      "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.5.2.tgz",
+      "integrity": "sha512-5Kb34ipNX694DH48vN9irak1Qx30nb0PLYHXfJgw4YEjiC3ZEmZJhwOp+VfiCYwFzvFTdB9QkArYS5kXa2cx2A==",
       "license": "MIT",
       "dependencies": {
         "ip-address": "^10.2.0"
@@ -5967,6 +5823,19 @@
         "node": ">=8.6.0"
       }
     },
+    "node_modules/fast-glob/node_modules/glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "is-glob": "^4.0.1"
+      },
+      "engines": {
+        "node": ">= 6"
+      }
+    },
     "node_modules/fast-json-stable-stringify": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
@@ -6183,19 +6052,6 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/foreground-child/node_modules/signal-exit": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
-      "dev": true,
-      "license": "ISC",
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/form-data": {
       "version": "4.0.5",
       "resolved": "https://registry.npmjs.org/form-data/-/form-data-4.0.5.tgz",
@@ -6297,35 +6153,31 @@
       }
     },
     "node_modules/gaxios": {
-      "version": "6.7.1",
-      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz",
-      "integrity": "sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==",
-      "dev": true,
+      "version": "7.1.4",
+      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-7.1.4.tgz",
+      "integrity": "sha512-bTIgTsM2bWn3XklZISBTQX7ZSddGW+IO3bMdGaemHZ3tbqExMENHLx6kKZ/KlejgrMtj8q7wBItt51yegqalrA==",
       "license": "Apache-2.0",
       "dependencies": {
         "extend": "^3.0.2",
         "https-proxy-agent": "^7.0.1",
-        "is-stream": "^2.0.0",
-        "node-fetch": "^2.6.9",
-        "uuid": "^9.0.1"
+        "node-fetch": "^3.3.2"
       },
       "engines": {
-        "node": ">=14"
+        "node": ">=18"
       }
     },
     "node_modules/gcp-metadata": {
-      "version": "6.1.1",
-      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz",
-      "integrity": "sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==",
-      "dev": true,
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-8.1.2.tgz",
+      "integrity": "sha512-zV/5HKTfCeKWnxG0Dmrw51hEWFGfcF2xiXqcA3+J90WDuP0SvoiSO5ORvcBsifmx/FoIjgQN3oNOGaQ5PhLFkg==",
       "license": "Apache-2.0",
       "dependencies": {
-        "gaxios": "^6.1.1",
-        "google-logging-utils": "^0.0.2",
+        "gaxios": "^7.0.0",
+        "google-logging-utils": "^1.0.0",
         "json-bigint": "^1.0.0"
       },
       "engines": {
-        "node": ">=14"
+        "node": ">=18"
       }
     },
     "node_modules/get-caller-file": {
@@ -6401,40 +6253,77 @@
       }
     },
     "node_modules/glob": {
-      "version": "13.0.6",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-13.0.6.tgz",
-      "integrity": "sha512-Wjlyrolmm8uDpm/ogGyXZXb1Z+Ca2B8NbJwqBVg0axK9GbBeoS7yGV6vjXnYdGm6X53iehEuxxbyiKp8QmN4Vw==",
+      "version": "10.5.0",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-10.5.0.tgz",
+      "integrity": "sha512-DfXN8DfhJ7NH3Oe7cFmu3NCu1wKbkReJ8TorzSAFbSKrlNaQSKfIzqYqVY8zlbs2NLBbWpRiU52GX2PbaBVNkg==",
+      "deprecated": "Old versions of glob are not supported, and contain widely publicized security vulnerabilities, which have been fixed in the current version. Please update. Support for old versions may be purchased (at exorbitant rates) by contacting i@izs.me",
       "dev": true,
-      "license": "BlueOak-1.0.0",
+      "license": "ISC",
       "dependencies": {
-        "minimatch": "^10.2.2",
-        "minipass": "^7.1.3",
-        "path-scurry": "^2.0.2"
+        "foreground-child": "^3.1.0",
+        "jackspeak": "^3.1.2",
+        "minimatch": "^9.0.4",
+        "minipass": "^7.1.2",
+        "package-json-from-dist": "^1.0.0",
+        "path-scurry": "^1.11.1"
       },
-      "engines": {
-        "node": "18 || 20 || >=22"
+      "bin": {
+        "glob": "dist/esm/bin.mjs"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
       }
     },
     "node_modules/glob-parent": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
-      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
+      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
-        "is-glob": "^4.0.1"
+        "is-glob": "^4.0.3"
       },
       "engines": {
-        "node": ">= 6"
+        "node": ">=10.13.0"
       }
     },
-    "node_modules/globals": {
-      "version": "14.0.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz",
-      "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==",
+    "node_modules/glob/node_modules/balanced-match": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/glob/node_modules/brace-expansion": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.1.0.tgz",
+      "integrity": "sha512-TN1kCZAgdgweJhWWpgKYrQaMNHcDULHkWwQIspdtjV4Y5aurRdZpjAqn6yX3FPqTA9ngHCc4hJxMAMgGfve85w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^1.0.0"
+      }
+    },
+    "node_modules/glob/node_modules/minimatch": {
+      "version": "9.0.9",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.9.tgz",
+      "integrity": "sha512-OBwBN9AL4dqmETlpS2zasx+vTeWclWzkblfZk7KTA5j3jeOONz/tRCnZomUyvNg83wL5Zv9Ss6HMJXAgL8R2Yg==",
+      "dev": true,
+      "license": "ISC",
+      "dependencies": {
+        "brace-expansion": "^2.0.2"
+      },
+      "engines": {
+        "node": ">=16 || 14 >=14.17"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
+    },
+    "node_modules/globals": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-14.0.0.tgz",
+      "integrity": "sha512-oahGvuMGQlPw/ivIYBjVSrWAfWLBeku5tpPE2fOPLi+WHffIWbuh2tCjhyQhTBPMf5E9jDEH4FOmTYgYwbKwtQ==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -6484,7 +6373,39 @@
         "node": ">=14"
       }
     },
-    "node_modules/google-logging-utils": {
+    "node_modules/google-auth-library/node_modules/gaxios": {
+      "version": "6.7.1",
+      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz",
+      "integrity": "sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "extend": "^3.0.2",
+        "https-proxy-agent": "^7.0.1",
+        "is-stream": "^2.0.0",
+        "node-fetch": "^2.6.9",
+        "uuid": "^9.0.1"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/google-auth-library/node_modules/gcp-metadata": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/gcp-metadata/-/gcp-metadata-6.1.1.tgz",
+      "integrity": "sha512-a4tiq7E0/5fTjxPAaH4jpjkSv/uCaU2p5KC6HVGrvl0cDjA8iBZv4vv1gyzlmK0ZUKqwpOyQMKzZQe3lTit77A==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "gaxios": "^6.1.1",
+        "google-logging-utils": "^0.0.2",
+        "json-bigint": "^1.0.0"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/google-auth-library/node_modules/google-logging-utils": {
       "version": "0.0.2",
       "resolved": "https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-0.0.2.tgz",
       "integrity": "sha512-NEgUnEcBiP5HrPzufUkBzJOD/Sxsco3rLNo1F1TNf7ieU8ryUzBhqba8r756CjLX7rn3fHl6iLEwPYuqpoKgQQ==",
@@ -6494,6 +6415,61 @@
         "node": ">=14"
       }
     },
+    "node_modules/google-auth-library/node_modules/node-fetch": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/google-auth-library/node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/google-auth-library/node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
+      "dev": true,
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/google-auth-library/node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
+    "node_modules/google-logging-utils": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/google-logging-utils/-/google-logging-utils-1.1.3.tgz",
+      "integrity": "sha512-eAmLkjDjAFCVXg7A1unxHsLf961m6y17QFqXqAXGj/gVkKFrEICfStRfwUlGNfeCEjNRa32JEWOUTlYXPyyKvA==",
+      "license": "Apache-2.0",
+      "engines": {
+        "node": ">=14"
+      }
+    },
     "node_modules/gopd": {
       "version": "1.2.0",
       "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz",
@@ -6527,6 +6503,69 @@
         "node": ">=14.0.0"
       }
     },
+    "node_modules/gtoken/node_modules/gaxios": {
+      "version": "6.7.1",
+      "resolved": "https://registry.npmjs.org/gaxios/-/gaxios-6.7.1.tgz",
+      "integrity": "sha512-LDODD4TMYx7XXdpwxAVRAIAuB0bzv0s+ywFonY46k126qzQHT9ygyoa9tncmOiQmmDrik65UYsEkv3lbfqQ3yQ==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "dependencies": {
+        "extend": "^3.0.2",
+        "https-proxy-agent": "^7.0.1",
+        "is-stream": "^2.0.0",
+        "node-fetch": "^2.6.9",
+        "uuid": "^9.0.1"
+      },
+      "engines": {
+        "node": ">=14"
+      }
+    },
+    "node_modules/gtoken/node_modules/node-fetch": {
+      "version": "2.7.0",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "whatwg-url": "^5.0.0"
+      },
+      "engines": {
+        "node": "4.x || >=6.0.0"
+      },
+      "peerDependencies": {
+        "encoding": "^0.1.0"
+      },
+      "peerDependenciesMeta": {
+        "encoding": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/gtoken/node_modules/tr46": {
+      "version": "0.0.3",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/gtoken/node_modules/webidl-conversions": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
+      "dev": true,
+      "license": "BSD-2-Clause"
+    },
+    "node_modules/gtoken/node_modules/whatwg-url": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "tr46": "~0.0.3",
+        "webidl-conversions": "^3.0.0"
+      }
+    },
     "node_modules/gts": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/gts/-/gts-7.0.0.tgz",
@@ -6782,29 +6821,6 @@
         "url": "https://opencollective.com/eslint"
       }
     },
-    "node_modules/gts/node_modules/glob-parent": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
-      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
-      "dev": true,
-      "license": "ISC",
-      "dependencies": {
-        "is-glob": "^4.0.3"
-      },
-      "engines": {
-        "node": ">=10.13.0"
-      }
-    },
-    "node_modules/gts/node_modules/ignore": {
-      "version": "5.3.2",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
-      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">= 4"
-      }
-    },
     "node_modules/gts/node_modules/json-schema-traverse": {
       "version": "0.4.1",
       "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
@@ -6843,29 +6859,6 @@
         "node": ">=20.0.0"
       }
     },
-    "node_modules/happy-dom/node_modules/entities": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/entities/-/entities-7.0.1.tgz",
-      "integrity": "sha512-TWrgLOFUQTH994YUyl1yT4uyavY5nNB5muff+RtWaqNVCAK408b5ZnnbNAUEWLTCpum9w6arT70i1XdQ4UeOPA==",
-      "dev": true,
-      "license": "BSD-2-Clause",
-      "engines": {
-        "node": ">=0.12"
-      },
-      "funding": {
-        "url": "https://github.com/fb55/entities?sponsor=1"
-      }
-    },
-    "node_modules/happy-dom/node_modules/whatwg-mimetype": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
-      "integrity": "sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=12"
-      }
-    },
     "node_modules/hard-rejection": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/hard-rejection/-/hard-rejection-2.1.0.tgz",
@@ -7092,9 +7085,9 @@
       }
     },
     "node_modules/ignore": {
-      "version": "7.0.5",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-7.0.5.tgz",
-      "integrity": "sha512-Hs59xBNfUIunMFgWAbGX5cq6893IbWg4KnrjbYwX3tx0ztorVgTDA6B2sxf8ejHJ4wz8BqGUMYlnzNBer5NvGg==",
+      "version": "5.3.2",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-5.3.2.tgz",
+      "integrity": "sha512-hsBTNUqQTDwkWtcdYI2i06Y/nUBEsNEDJKjWdigLvegy8kDuJAS8uRlpkkcQpyEXL0Z/pjDy5HBmMjRCJ2gq+g==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -7354,30 +7347,192 @@
         "node": ">=20.19.5"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@asamuzakjp/css-color": {
-      "version": "5.1.11",
-      "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-5.1.11.tgz",
-      "integrity": "sha512-KVw6qIiCTUQhByfTd78h2yD1/00waTmm9uy/R7Ck/ctUyAPj+AEDLkQIdJW0T8+qGgj3j5bpNKK7Q3G+LedJWg==",
-      "license": "MIT",
+    "node_modules/istanbul-lib-coverage": {
+      "version": "3.2.2",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
+      "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-report": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz",
+      "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==",
+      "dev": true,
+      "license": "BSD-3-Clause",
       "dependencies": {
-        "@asamuzakjp/generational-cache": "^1.0.1",
-        "@csstools/css-calc": "^3.2.0",
-        "@csstools/css-color-parser": "^4.1.0",
-        "@csstools/css-parser-algorithms": "^4.0.0",
-        "@csstools/css-tokenizer": "^4.0.0"
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^4.0.0",
+        "supports-color": "^7.1.0"
       },
       "engines": {
-        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+        "node": ">=10"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@csstools/color-helpers": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
-      "integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
-      "funding": [
-        {
-          "type": "github",
-          "url": "https://github.com/sponsors/csstools"
+    "node_modules/istanbul-lib-report/node_modules/supports-color": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "has-flag": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/istanbul-lib-source-maps": {
+      "version": "5.0.6",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz",
+      "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "@jridgewell/trace-mapping": "^0.3.23",
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/istanbul-reports": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz",
+      "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==",
+      "dev": true,
+      "license": "BSD-3-Clause",
+      "dependencies": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/jackspeak": {
+      "version": "3.4.3",
+      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
+      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
+      "dev": true,
+      "license": "BlueOak-1.0.0",
+      "dependencies": {
+        "@isaacs/cliui": "^8.0.2"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      },
+      "optionalDependencies": {
+        "@pkgjs/parseargs": "^0.11.0"
+      }
+    },
+    "node_modules/jose": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.3.tgz",
+      "integrity": "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw==",
+      "license": "MIT",
+      "funding": {
+        "url": "https://github.com/sponsors/panva"
+      }
+    },
+    "node_modules/joycon": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz",
+      "integrity": "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=10"
+      }
+    },
+    "node_modules/js-tokens": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-10.0.0.tgz",
+      "integrity": "sha512-lM/UBzQmfJRo9ABXbPWemivdCW8V2G8FHaHdypQaIy523snUjog0W71ayWXTjiR+ixeMyVHN2XcpnTd/liPg/Q==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/js-yaml": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
+      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "argparse": "^2.0.1"
+      },
+      "bin": {
+        "js-yaml": "bin/js-yaml.js"
+      }
+    },
+    "node_modules/jsdom": {
+      "version": "28.1.0",
+      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-28.1.0.tgz",
+      "integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
+      "license": "MIT",
+      "dependencies": {
+        "@acemir/cssom": "^0.9.31",
+        "@asamuzakjp/dom-selector": "^6.8.1",
+        "@bramus/specificity": "^2.4.2",
+        "@exodus/bytes": "^1.11.0",
+        "cssstyle": "^6.0.1",
+        "data-urls": "^7.0.0",
+        "decimal.js": "^10.6.0",
+        "html-encoding-sniffer": "^6.0.0",
+        "http-proxy-agent": "^7.0.2",
+        "https-proxy-agent": "^7.0.6",
+        "is-potential-custom-element-name": "^1.0.1",
+        "parse5": "^8.0.0",
+        "saxes": "^6.0.0",
+        "symbol-tree": "^3.2.4",
+        "tough-cookie": "^6.0.0",
+        "undici": "^7.21.0",
+        "w3c-xmlserializer": "^5.0.0",
+        "webidl-conversions": "^8.0.1",
+        "whatwg-mimetype": "^5.0.0",
+        "whatwg-url": "^16.0.0",
+        "xml-name-validator": "^5.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      },
+      "peerDependencies": {
+        "canvas": "^3.0.0"
+      },
+      "peerDependenciesMeta": {
+        "canvas": {
+          "optional": true
+        }
+      }
+    },
+    "node_modules/jsdom/node_modules/@asamuzakjp/css-color": {
+      "version": "5.1.11",
+      "resolved": "https://registry.npmjs.org/@asamuzakjp/css-color/-/css-color-5.1.11.tgz",
+      "integrity": "sha512-KVw6qIiCTUQhByfTd78h2yD1/00waTmm9uy/R7Ck/ctUyAPj+AEDLkQIdJW0T8+qGgj3j5bpNKK7Q3G+LedJWg==",
+      "license": "MIT",
+      "dependencies": {
+        "@asamuzakjp/generational-cache": "^1.0.1",
+        "@csstools/css-calc": "^3.2.0",
+        "@csstools/css-color-parser": "^4.1.0",
+        "@csstools/css-parser-algorithms": "^4.0.0",
+        "@csstools/css-tokenizer": "^4.0.0"
+      },
+      "engines": {
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
+      }
+    },
+    "node_modules/jsdom/node_modules/@csstools/color-helpers": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@csstools/color-helpers/-/color-helpers-6.0.2.tgz",
+      "integrity": "sha512-LMGQLS9EuADloEFkcTBR3BwV/CGHV7zyDxVRtVDTwdI2Ca4it0CCVTT9wCkxSgokjE5Ho41hEPgb8OEUwoXr6Q==",
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/csstools"
         },
         {
           "type": "opencollective",
@@ -7389,7 +7544,7 @@
         "node": ">=20.19.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-calc": {
+    "node_modules/jsdom/node_modules/@csstools/css-calc": {
       "version": "3.2.1",
       "resolved": "https://registry.npmjs.org/@csstools/css-calc/-/css-calc-3.2.1.tgz",
       "integrity": "sha512-DtdHlgXh5ZkA43cwBcAm+huzgJiwx3ZTWVjBs94kwz2xKqSimDA3lBgCjphYgwgVUMWatSM0pDd8TILB1yrVVg==",
@@ -7412,7 +7567,7 @@
         "@csstools/css-tokenizer": "^4.0.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-color-parser": {
+    "node_modules/jsdom/node_modules/@csstools/css-color-parser": {
       "version": "4.1.1",
       "resolved": "https://registry.npmjs.org/@csstools/css-color-parser/-/css-color-parser-4.1.1.tgz",
       "integrity": "sha512-eZ5XOtyhK+mggRafYUWzA0tvaYOFgdY8AkgQiCJF9qNAePnUo/zmsqqYubBBb3sQ8uNUaSKTY9s9klfRaAXL0g==",
@@ -7439,7 +7594,7 @@
         "@csstools/css-tokenizer": "^4.0.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-parser-algorithms": {
+    "node_modules/jsdom/node_modules/@csstools/css-parser-algorithms": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-4.0.0.tgz",
       "integrity": "sha512-+B87qS7fIG3L5h3qwJ/IFbjoVoOe/bpOdh9hAjXbvx0o8ImEmUsGXN0inFOnk2ChCFgqkkGFQ+TpM5rbhkKe4w==",
@@ -7461,7 +7616,7 @@
         "@csstools/css-tokenizer": "^4.0.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/@csstools/css-tokenizer": {
+    "node_modules/jsdom/node_modules/@csstools/css-tokenizer": {
       "version": "4.0.0",
       "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-4.0.0.tgz",
       "integrity": "sha512-QxULHAm7cNu72w97JUNCBFODFaXpbDg+dP8b/oWFAZ2MTRppA3U00Y2L1HqaS4J6yBqxwa/Y3nMBaxVKbB/NsA==",
@@ -7480,7 +7635,7 @@
         "node": ">=20.19.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/cssstyle": {
+    "node_modules/jsdom/node_modules/cssstyle": {
       "version": "6.2.0",
       "resolved": "https://registry.npmjs.org/cssstyle/-/cssstyle-6.2.0.tgz",
       "integrity": "sha512-Fm5NvhYathRnXNVndkUsCCuR63DCLVVwGOOwQw782coXFi5HhkXdu289l59HlXZBawsyNccXfWRYvLzcDCdDig==",
@@ -7495,7 +7650,7 @@
         "node": ">=20"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/data-urls": {
+    "node_modules/jsdom/node_modules/data-urls": {
       "version": "7.0.0",
       "resolved": "https://registry.npmjs.org/data-urls/-/data-urls-7.0.0.tgz",
       "integrity": "sha512-23XHcCF+coGYevirZceTVD7NdJOqVn+49IHyxgszm+JIiHLoB2TkmPtsYkNWT1pvRSGkc35L6NHs0yHkN2SumA==",
@@ -7508,7 +7663,7 @@
         "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/entities": {
+    "node_modules/jsdom/node_modules/entities": {
       "version": "8.0.0",
       "resolved": "https://registry.npmjs.org/entities/-/entities-8.0.0.tgz",
       "integrity": "sha512-zwfzJecQ/Uej6tusMqwAqU/6KL2XaB2VZ2Jg54Je6ahNBGNH6Ek6g3jjNCF0fG9EWQKGZNddNjU5F1ZQn/sBnA==",
@@ -7520,7 +7675,7 @@
         "url": "https://github.com/fb55/entities?sponsor=1"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/html-encoding-sniffer": {
+    "node_modules/jsdom/node_modules/html-encoding-sniffer": {
       "version": "6.0.0",
       "resolved": "https://registry.npmjs.org/html-encoding-sniffer/-/html-encoding-sniffer-6.0.0.tgz",
       "integrity": "sha512-CV9TW3Y3f8/wT0BRFc1/KAVQ3TUHiXmaAb6VW9vtiMFf7SLoMd1PdAc4W3KFOFETBJUb90KatHqlsZMWV+R9Gg==",
@@ -7532,302 +7687,99 @@
         "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
       }
     },
-    "node_modules/isomorphic-dompurify/node_modules/jsdom": {
-      "version": "28.1.0",
-      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-28.1.0.tgz",
-      "integrity": "sha512-0+MoQNYyr2rBHqO1xilltfDjV9G7ymYGlAUazgcDLQaUf8JDHbuGwsxN6U9qWaElZ4w1B2r7yEGIL3GdeW3Rug==",
-      "license": "MIT",
-      "dependencies": {
-        "@acemir/cssom": "^0.9.31",
-        "@asamuzakjp/dom-selector": "^6.8.1",
-        "@bramus/specificity": "^2.4.2",
-        "@exodus/bytes": "^1.11.0",
-        "cssstyle": "^6.0.1",
-        "data-urls": "^7.0.0",
-        "decimal.js": "^10.6.0",
-        "html-encoding-sniffer": "^6.0.0",
-        "http-proxy-agent": "^7.0.2",
-        "https-proxy-agent": "^7.0.6",
-        "is-potential-custom-element-name": "^1.0.1",
-        "parse5": "^8.0.0",
-        "saxes": "^6.0.0",
-        "symbol-tree": "^3.2.4",
-        "tough-cookie": "^6.0.0",
-        "undici": "^7.21.0",
-        "w3c-xmlserializer": "^5.0.0",
-        "webidl-conversions": "^8.0.1",
-        "whatwg-mimetype": "^5.0.0",
-        "whatwg-url": "^16.0.0",
-        "xml-name-validator": "^5.0.0"
-      },
-      "engines": {
-        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
-      },
-      "peerDependencies": {
-        "canvas": "^3.0.0"
-      },
-      "peerDependenciesMeta": {
-        "canvas": {
-          "optional": true
-        }
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/lru-cache": {
-      "version": "11.3.6",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
-      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
-      "license": "BlueOak-1.0.0",
-      "engines": {
-        "node": "20 || >=22"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/parse5": {
-      "version": "8.0.1",
-      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
-      "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
-      "license": "MIT",
-      "dependencies": {
-        "entities": "^8.0.0"
-      },
-      "funding": {
-        "url": "https://github.com/inikulin/parse5?sponsor=1"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/tldts": {
-      "version": "7.0.30",
-      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.30.tgz",
-      "integrity": "sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==",
-      "license": "MIT",
-      "dependencies": {
-        "tldts-core": "^7.0.30"
-      },
-      "bin": {
-        "tldts": "bin/cli.js"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/tldts-core": {
-      "version": "7.0.30",
-      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.30.tgz",
-      "integrity": "sha512-uiHN8PIB1VmWyS98eZYja4xzlYqeFZVjb4OuYlJQnZAuJhMw4PbKQOKgHKhBdJR3FE/t5mUQ1Kd80++B+qhD1Q==",
-      "license": "MIT"
-    },
-    "node_modules/isomorphic-dompurify/node_modules/tough-cookie": {
-      "version": "6.0.1",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.1.tgz",
-      "integrity": "sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==",
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "tldts": "^7.0.5"
-      },
-      "engines": {
-        "node": ">=16"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/tr46": {
-      "version": "6.0.0",
-      "resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
-      "integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
-      "license": "MIT",
-      "dependencies": {
-        "punycode": "^2.3.1"
-      },
-      "engines": {
-        "node": ">=20"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/webidl-conversions": {
-      "version": "8.0.1",
-      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
-      "integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
-      "license": "BSD-2-Clause",
-      "engines": {
-        "node": ">=20"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/whatwg-mimetype": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
-      "integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
-      "license": "MIT",
-      "engines": {
-        "node": ">=20"
-      }
-    },
-    "node_modules/isomorphic-dompurify/node_modules/whatwg-url": {
-      "version": "16.0.1",
-      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-16.0.1.tgz",
-      "integrity": "sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==",
-      "license": "MIT",
-      "dependencies": {
-        "@exodus/bytes": "^1.11.0",
-        "tr46": "^6.0.0",
-        "webidl-conversions": "^8.0.1"
-      },
-      "engines": {
-        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
-      }
-    },
-    "node_modules/istanbul-lib-coverage": {
-      "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.2.tgz",
-      "integrity": "sha512-O8dpsF+r0WV/8MNRKfnmrtCWhuKjxrq2w+jpzBL5UZKTi2LeVWnWOmWRxFlesJONmc+wLAGvKQZEOanko0LFTg==",
-      "dev": true,
-      "license": "BSD-3-Clause",
-      "engines": {
-        "node": ">=8"
-      }
-    },
-    "node_modules/istanbul-lib-report": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.1.tgz",
-      "integrity": "sha512-GCfE1mtsHGOELCU8e/Z7YWzpmybrx/+dSTfLrvY8qRmaY6zXTKWn6WQIjaAFw069icm6GVMNkgu0NzI4iPZUNw==",
-      "dev": true,
-      "license": "BSD-3-Clause",
-      "dependencies": {
-        "istanbul-lib-coverage": "^3.0.0",
-        "make-dir": "^4.0.0",
-        "supports-color": "^7.1.0"
-      },
+    "node_modules/jsdom/node_modules/lru-cache": {
+      "version": "11.3.6",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
+      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
+      "license": "BlueOak-1.0.0",
       "engines": {
-        "node": ">=10"
+        "node": "20 || >=22"
       }
     },
-    "node_modules/istanbul-lib-report/node_modules/supports-color": {
-      "version": "7.2.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
-      "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
-      "dev": true,
+    "node_modules/jsdom/node_modules/parse5": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/parse5/-/parse5-8.0.1.tgz",
+      "integrity": "sha512-z1e/HMG90obSGeidlli3hj7cbocou0/wa5HacvI3ASx34PecNjNQeaHNo5WIZpWofN9kgkqV1q5YvXe3F0FoPw==",
       "license": "MIT",
       "dependencies": {
-        "has-flag": "^4.0.0"
+        "entities": "^8.0.0"
       },
-      "engines": {
-        "node": ">=8"
+      "funding": {
+        "url": "https://github.com/inikulin/parse5?sponsor=1"
       }
     },
-    "node_modules/istanbul-lib-source-maps": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-5.0.6.tgz",
-      "integrity": "sha512-yg2d+Em4KizZC5niWhQaIomgf5WlL4vOOjZ5xGCmF8SnPE/mDWWXgvRExdcpCgh9lLRRa1/fSYp2ymmbJ1pI+A==",
-      "dev": true,
-      "license": "BSD-3-Clause",
+    "node_modules/jsdom/node_modules/tldts": {
+      "version": "7.0.30",
+      "resolved": "https://registry.npmjs.org/tldts/-/tldts-7.0.30.tgz",
+      "integrity": "sha512-ELrFxuqsDdHUwoh0XxDbxuLD3Wnz49Z57IFvTtvWy1hJdcMZjXLIuonjilCiWHlT2GbE4Wlv1wKVTzDFnXH1aw==",
+      "license": "MIT",
       "dependencies": {
-        "@jridgewell/trace-mapping": "^0.3.23",
-        "debug": "^4.1.1",
-        "istanbul-lib-coverage": "^3.0.0"
+        "tldts-core": "^7.0.30"
       },
-      "engines": {
-        "node": ">=10"
+      "bin": {
+        "tldts": "bin/cli.js"
       }
     },
-    "node_modules/istanbul-reports": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.2.0.tgz",
-      "integrity": "sha512-HGYWWS/ehqTV3xN10i23tkPkpH46MLCIMFNCaaKNavAXTF1RkqxawEPtnjnGZ6XKSInBKkiOA5BKS+aZiY3AvA==",
-      "dev": true,
+    "node_modules/jsdom/node_modules/tldts-core": {
+      "version": "7.0.30",
+      "resolved": "https://registry.npmjs.org/tldts-core/-/tldts-core-7.0.30.tgz",
+      "integrity": "sha512-uiHN8PIB1VmWyS98eZYja4xzlYqeFZVjb4OuYlJQnZAuJhMw4PbKQOKgHKhBdJR3FE/t5mUQ1Kd80++B+qhD1Q==",
+      "license": "MIT"
+    },
+    "node_modules/jsdom/node_modules/tough-cookie": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-6.0.1.tgz",
+      "integrity": "sha512-LktZQb3IeoUWB9lqR5EWTHgW/VTITCXg4D21M+lvybRVdylLrRMnqaIONLVb5mav8vM19m44HIcGq4qASeu2Qw==",
       "license": "BSD-3-Clause",
       "dependencies": {
-        "html-escaper": "^2.0.0",
-        "istanbul-lib-report": "^3.0.0"
+        "tldts": "^7.0.5"
       },
       "engines": {
-        "node": ">=8"
+        "node": ">=16"
       }
     },
-    "node_modules/jackspeak": {
-      "version": "3.4.3",
-      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.4.3.tgz",
-      "integrity": "sha512-OGlZQpz2yfahA/Rd1Y8Cd9SIEsqvXkLVoSw/cgwhnhFMDbsQFeZYoJJ7bIZBS9BcamUW96asq/npPWugM+RQBw==",
-      "dev": true,
-      "license": "BlueOak-1.0.0",
+    "node_modules/jsdom/node_modules/tr46": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-6.0.0.tgz",
+      "integrity": "sha512-bLVMLPtstlZ4iMQHpFHTR7GAGj2jxi8Dg0s2h2MafAE4uSWF98FC/3MomU51iQAMf8/qDUbKWf5GxuvvVcXEhw==",
+      "license": "MIT",
       "dependencies": {
-        "@isaacs/cliui": "^8.0.2"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
+        "punycode": "^2.3.1"
       },
-      "optionalDependencies": {
-        "@pkgjs/parseargs": "^0.11.0"
-      }
-    },
-    "node_modules/jose": {
-      "version": "6.2.3",
-      "resolved": "https://registry.npmjs.org/jose/-/jose-6.2.3.tgz",
-      "integrity": "sha512-YYVDInQKFJfR/xa3ojUTl8c2KoTwiL1R5Wg9YCydwH0x0B9grbzlg5HC7mMjCtUJjbQ/YnGEZIhI5tCgfTb4Hw==",
-      "license": "MIT",
-      "funding": {
-        "url": "https://github.com/sponsors/panva"
+      "engines": {
+        "node": ">=20"
       }
     },
-    "node_modules/joycon": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/joycon/-/joycon-3.1.1.tgz",
-      "integrity": "sha512-34wB/Y7MW7bzjKRjUKTa46I2Z7eV62Rkhva+KkopW7Qvv/OSWBqvkSY7vusOPrNuZcUG3tApvdVgNB8POj3SPw==",
-      "dev": true,
-      "license": "MIT",
+    "node_modules/jsdom/node_modules/webidl-conversions": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-8.0.1.tgz",
+      "integrity": "sha512-BMhLD/Sw+GbJC21C/UgyaZX41nPt8bUTg+jWyDeg7e7YN4xOM05YPSIXceACnXVtqyEw/LMClUQMtMZ+PGGpqQ==",
+      "license": "BSD-2-Clause",
       "engines": {
-        "node": ">=10"
+        "node": ">=20"
       }
     },
-    "node_modules/js-tokens": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
-      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/js-yaml": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.1.tgz",
-      "integrity": "sha512-qQKT4zQxXl8lLwBtHMWwaTcGfFOZviOJet3Oy/xmGk2gZH677CJM9EvtfdSkgWcATZhj/55JZ0rmy3myCT5lsA==",
-      "dev": true,
+    "node_modules/jsdom/node_modules/whatwg-mimetype": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-5.0.0.tgz",
+      "integrity": "sha512-sXcNcHOC51uPGF0P/D4NVtrkjSU2fNsm9iog4ZvZJsL3rjoDAzXZhkm2MWt1y+PUdggKAYVoMAIYcs78wJ51Cw==",
       "license": "MIT",
-      "dependencies": {
-        "argparse": "^2.0.1"
-      },
-      "bin": {
-        "js-yaml": "bin/js-yaml.js"
+      "engines": {
+        "node": ">=20"
       }
     },
-    "node_modules/jsdom": {
-      "version": "25.0.1",
-      "resolved": "https://registry.npmjs.org/jsdom/-/jsdom-25.0.1.tgz",
-      "integrity": "sha512-8i7LzZj7BF8uplX+ZyOlIz86V6TAsSs+np6m1kpW9u0JWi4z/1t+FzcK1aek+ybTnAC4KhBL4uXCNT0wcUIeCw==",
-      "dev": true,
+    "node_modules/jsdom/node_modules/whatwg-url": {
+      "version": "16.0.1",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-16.0.1.tgz",
+      "integrity": "sha512-1to4zXBxmXHV3IiSSEInrreIlu02vUOvrhxJJH5vcxYTBDAx51cqZiKdyTxlecdKNSjj8EcxGBxNf6Vg+945gw==",
       "license": "MIT",
       "dependencies": {
-        "cssstyle": "^4.1.0",
-        "data-urls": "^5.0.0",
-        "decimal.js": "^10.4.3",
-        "form-data": "^4.0.0",
-        "html-encoding-sniffer": "^4.0.0",
-        "http-proxy-agent": "^7.0.2",
-        "https-proxy-agent": "^7.0.5",
-        "is-potential-custom-element-name": "^1.0.1",
-        "nwsapi": "^2.2.12",
-        "parse5": "^7.1.2",
-        "rrweb-cssom": "^0.7.1",
-        "saxes": "^6.0.0",
-        "symbol-tree": "^3.2.4",
-        "tough-cookie": "^5.0.0",
-        "w3c-xmlserializer": "^5.0.0",
-        "webidl-conversions": "^7.0.0",
-        "whatwg-encoding": "^3.1.1",
-        "whatwg-mimetype": "^4.0.0",
-        "whatwg-url": "^14.0.0",
-        "ws": "^8.18.0",
-        "xml-name-validator": "^5.0.0"
+        "@exodus/bytes": "^1.11.0",
+        "tr46": "^6.0.0",
+        "webidl-conversions": "^8.0.1"
       },
       "engines": {
-        "node": ">=18"
-      },
-      "peerDependencies": {
-        "canvas": "^2.11.2"
-      },
-      "peerDependenciesMeta": {
-        "canvas": {
-          "optional": true
-        }
+        "node": "^20.19.0 || ^22.12.0 || >=24.0.0"
       }
     },
     "node_modules/json-bigint": {
@@ -7957,9 +7909,9 @@
       "license": "MIT"
     },
     "node_modules/lit": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.2.tgz",
-      "integrity": "sha512-NF9zbsP79l4ao2SNrH3NkfmFgN/hBYSQo90saIVI1o5GpjAdCPVstVzO1MrLOakHoEhYkrtRjPK6Ob521aoYWQ==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/lit/-/lit-3.3.3.tgz",
+      "integrity": "sha512-fycuvZg/hkpozL00lm1pEJH5nN/lr9ZXd6mJI2HSN4+Bzc+LDNdEApJ6HFbPkdFNHLvOplIIuJvxkS4XUxqirw==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "@lit/reactive-element": "^2.1.0",
@@ -7979,9 +7931,9 @@
       }
     },
     "node_modules/lit-html": {
-      "version": "3.3.2",
-      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-3.3.2.tgz",
-      "integrity": "sha512-Qy9hU88zcmaxBXcc10ZpdK7cOLXvXpRoBxERdtqV9QOrfpMZZ6pSYP91LhpPtap3sFMUiL7Tw2RImbe0Al2/kw==",
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/lit-html/-/lit-html-3.3.3.tgz",
+      "integrity": "sha512-el8M6jK2o3RXBnrSHX3ZKrsN8zEV63pSExTO1wYJz7QndGYZ8353e2a5PPX+qHe2aGayfnchQmkAojaWAREOIA==",
       "license": "BSD-3-Clause",
       "dependencies": {
         "@types/trusted-types": "^2.0.2"
@@ -8285,29 +8237,6 @@
         "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/minimatch/node_modules/balanced-match": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-4.0.4.tgz",
-      "integrity": "sha512-BLrgEcRTwX2o6gGxGOCNyMvGSp35YofuYzw9h1IMTRmKqttAZZVU67bdb9Pr2vUHA8+j3i2tJfjO6C6+4myGTA==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": "18 || 20 || >=22"
-      }
-    },
-    "node_modules/minimatch/node_modules/brace-expansion": {
-      "version": "5.0.6",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-5.0.6.tgz",
-      "integrity": "sha512-kLpxurY4Z4r9sgMsyG0Z9uzsBlgiU/EFKhj/h91/8yHu0edo7XuixOIH3VcJ8kkxs6/jPzoI6U9Vj3WqbMQ94g==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "balanced-match": "^4.0.2"
-      },
-      "engines": {
-        "node": "18 || 20 || >=22"
-      }
-    },
     "node_modules/minimist": {
       "version": "1.2.8",
       "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz",
@@ -8363,10 +8292,9 @@
       "license": "ISC"
     },
     "node_modules/nanoid": {
-      "version": "3.3.12",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
-      "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
-      "dev": true,
+      "version": "5.1.11",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-5.1.11.tgz",
+      "integrity": "sha512-v+KEsUv2ps74PaSKv0gHTxTCgMXOIfBEbaqa6w6ISIGC7ZsvHN4N9oJ8d4cmf0n5oTzQz2SLmThbQWhjd/8eKg==",
       "funding": [
         {
           "type": "github",
@@ -8375,10 +8303,10 @@
       ],
       "license": "MIT",
       "bin": {
-        "nanoid": "bin/nanoid.cjs"
+        "nanoid": "bin/nanoid.js"
       },
       "engines": {
-        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+        "node": "^18 || >=20"
       }
     },
     "node_modules/natural-compare": {
@@ -8428,49 +8356,21 @@
       }
     },
     "node_modules/node-fetch": {
-      "version": "2.7.0",
-      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
-      "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
-      "dev": true,
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-3.3.2.tgz",
+      "integrity": "sha512-dRB78srN/l6gqWulah9SrxeYnxeddIG30+GOqK/9OlLVyLg3HPnr6SqOWTWOXKRwC2eGYCkZ59NNuSgvSrpgOA==",
       "license": "MIT",
       "dependencies": {
-        "whatwg-url": "^5.0.0"
+        "data-uri-to-buffer": "^4.0.0",
+        "fetch-blob": "^3.1.4",
+        "formdata-polyfill": "^4.0.10"
       },
       "engines": {
-        "node": "4.x || >=6.0.0"
-      },
-      "peerDependencies": {
-        "encoding": "^0.1.0"
+        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
       },
-      "peerDependenciesMeta": {
-        "encoding": {
-          "optional": true
-        }
-      }
-    },
-    "node_modules/node-fetch/node_modules/tr46": {
-      "version": "0.0.3",
-      "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-      "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
-      "dev": true,
-      "license": "MIT"
-    },
-    "node_modules/node-fetch/node_modules/webidl-conversions": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-      "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
-      "dev": true,
-      "license": "BSD-2-Clause"
-    },
-    "node_modules/node-fetch/node_modules/whatwg-url": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-      "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
-      "dev": true,
-      "license": "MIT",
-      "dependencies": {
-        "tr46": "~0.0.3",
-        "webidl-conversions": "^3.0.0"
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/node-fetch"
       }
     },
     "node_modules/normalize-package-data": {
@@ -8722,6 +8622,19 @@
         "url": "https://github.com/inikulin/parse5?sponsor=1"
       }
     },
+    "node_modules/parse5/node_modules/entities": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/entities/-/entities-6.0.1.tgz",
+      "integrity": "sha512-aN97NXWF6AWBTahfVOIrB/NShkzi5H7F9r1s9mD3cDj4Ko5f2qhhVoYMibXF7GlLveb/D2ioWay8lxI97Ven3g==",
+      "dev": true,
+      "license": "BSD-2-Clause",
+      "engines": {
+        "node": ">=0.12"
+      },
+      "funding": {
+        "url": "https://github.com/fb55/entities?sponsor=1"
+      }
+    },
     "node_modules/parseurl": {
       "version": "1.3.3",
       "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
@@ -8758,32 +8671,22 @@
       "license": "MIT"
     },
     "node_modules/path-scurry": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-2.0.2.tgz",
-      "integrity": "sha512-3O/iVVsJAPsOnpwWIeD+d6z/7PmqApyQePUtCndjatj/9I5LylHvt5qluFaBT3I5h3r1ejfR056c+FCv+NnNXg==",
+      "version": "1.11.1",
+      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
+      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
       "dev": true,
       "license": "BlueOak-1.0.0",
       "dependencies": {
-        "lru-cache": "^11.0.0",
-        "minipass": "^7.1.2"
+        "lru-cache": "^10.2.0",
+        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
       },
       "engines": {
-        "node": "18 || 20 || >=22"
+        "node": ">=16 || 14 >=14.18"
       },
       "funding": {
         "url": "https://github.com/sponsors/isaacs"
       }
     },
-    "node_modules/path-scurry/node_modules/lru-cache": {
-      "version": "11.3.6",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-11.3.6.tgz",
-      "integrity": "sha512-Gf/KoL3C/MlI7Bt0PGI9I+TeTC/I6r/csU58N4BSNc4lppLBeKsOdFYkK+dX0ABDUMJNfCHTyPpzwwO21Awd3A==",
-      "dev": true,
-      "license": "BlueOak-1.0.0",
-      "engines": {
-        "node": "20 || >=22"
-      }
-    },
     "node_modules/path-to-regexp": {
       "version": "8.4.2",
       "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-8.4.2.tgz",
@@ -8931,19 +8834,6 @@
         "pino-pretty": "bin.js"
       }
     },
-    "node_modules/pino-pretty/node_modules/strip-json-comments": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-5.0.3.tgz",
-      "integrity": "sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==",
-      "dev": true,
-      "license": "MIT",
-      "engines": {
-        "node": ">=14.16"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/sindresorhus"
-      }
-    },
     "node_modules/pino-std-serializers": {
       "version": "7.1.0",
       "resolved": "https://registry.npmjs.org/pino-std-serializers/-/pino-std-serializers-7.1.0.tgz",
@@ -8988,6 +8878,25 @@
         "node": "^10 || ^12 || >=14"
       }
     },
+    "node_modules/postcss/node_modules/nanoid": {
+      "version": "3.3.12",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.12.tgz",
+      "integrity": "sha512-ZB9RH/39qpq5Vu6Y+NmUaFhQR6pp+M2Xt76XBnEwDaGcVAqhlvxrl3B2bKS5D3NH3QR76v3aSrKaF/Kiy7lEtQ==",
+      "dev": true,
+      "funding": [
+        {
+          "type": "github",
+          "url": "https://github.com/sponsors/ai"
+        }
+      ],
+      "license": "MIT",
+      "bin": {
+        "nanoid": "bin/nanoid.cjs"
+      },
+      "engines": {
+        "node": "^10 || ^12 || ^13.7 || ^14 || >=15.0.1"
+      }
+    },
     "node_modules/postgres": {
       "version": "3.4.9",
       "resolved": "https://registry.npmjs.org/postgres/-/postgres-3.4.9.tgz",
@@ -9107,24 +9016,20 @@
         "signal-exit": "^3.0.2"
       }
     },
+    "node_modules/proper-lockfile/node_modules/signal-exit": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
+      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/protobufjs": {
-      "version": "8.0.1",
-      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-8.0.1.tgz",
-      "integrity": "sha512-NWWCCscLjs+cOKF/s/XVNFRW7Yih0fdH+9brffR5NZCy8k42yRdl5KlWKMVXuI1vfCoy4o1z80XR/W/QUb3V3w==",
+      "version": "8.3.0",
+      "resolved": "https://registry.npmjs.org/protobufjs/-/protobufjs-8.3.0.tgz",
+      "integrity": "sha512-JpJpFaR7yKNb6WqKvJJ1MLbiuIQWQnbUUb06nDtf2/i8YWYYLEfP6xf9BwSJoJQg1wAy61EQB8dssQg64oX4aA==",
       "hasInstallScript": true,
       "license": "BSD-3-Clause",
       "dependencies": {
-        "@protobufjs/aspromise": "^1.1.2",
-        "@protobufjs/base64": "^1.1.2",
-        "@protobufjs/codegen": "^2.0.4",
-        "@protobufjs/eventemitter": "^1.1.0",
-        "@protobufjs/fetch": "^1.1.0",
-        "@protobufjs/float": "^1.0.2",
-        "@protobufjs/inquire": "^1.1.0",
-        "@protobufjs/path": "^1.1.2",
-        "@protobufjs/pool": "^1.1.0",
-        "@protobufjs/utf8": "^1.1.0",
-        "@types/node": ">=13.7.0",
         "long": "^5.0.0"
       },
       "engines": {
@@ -9516,6 +9421,13 @@
         "node": ">=8"
       }
     },
+    "node_modules/restore-cursor/node_modules/signal-exit": {
+      "version": "3.0.7",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
+      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+      "dev": true,
+      "license": "ISC"
+    },
     "node_modules/retry": {
       "version": "0.12.0",
       "resolved": "https://registry.npmjs.org/retry/-/retry-0.12.0.tgz",
@@ -9538,9 +9450,9 @@
       }
     },
     "node_modules/rollup": {
-      "version": "4.60.3",
-      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.3.tgz",
-      "integrity": "sha512-pAQK9HalE84QSm4Po3EmWIZPd3FnjkShVkiMlz1iligWYkWQ7wHYd1PF/T7QZ5TVSD6uSTon5gBVMSM4JfBV+A==",
+      "version": "4.60.4",
+      "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.60.4.tgz",
+      "integrity": "sha512-WHeFSbZYsPu3+bLoNRUuAO+wavNlocOPf3wSHTP7hcFKVnJeWsYlCDbr3mTS14FCizf9ccIxXA8sGL8zKeQN3g==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
@@ -9554,34 +9466,41 @@
         "npm": ">=8.0.0"
       },
       "optionalDependencies": {
-        "@rollup/rollup-android-arm-eabi": "4.60.3",
-        "@rollup/rollup-android-arm64": "4.60.3",
-        "@rollup/rollup-darwin-arm64": "4.60.3",
-        "@rollup/rollup-darwin-x64": "4.60.3",
-        "@rollup/rollup-freebsd-arm64": "4.60.3",
-        "@rollup/rollup-freebsd-x64": "4.60.3",
-        "@rollup/rollup-linux-arm-gnueabihf": "4.60.3",
-        "@rollup/rollup-linux-arm-musleabihf": "4.60.3",
-        "@rollup/rollup-linux-arm64-gnu": "4.60.3",
-        "@rollup/rollup-linux-arm64-musl": "4.60.3",
-        "@rollup/rollup-linux-loong64-gnu": "4.60.3",
-        "@rollup/rollup-linux-loong64-musl": "4.60.3",
-        "@rollup/rollup-linux-ppc64-gnu": "4.60.3",
-        "@rollup/rollup-linux-ppc64-musl": "4.60.3",
-        "@rollup/rollup-linux-riscv64-gnu": "4.60.3",
-        "@rollup/rollup-linux-riscv64-musl": "4.60.3",
-        "@rollup/rollup-linux-s390x-gnu": "4.60.3",
-        "@rollup/rollup-linux-x64-gnu": "4.60.3",
-        "@rollup/rollup-linux-x64-musl": "4.60.3",
-        "@rollup/rollup-openbsd-x64": "4.60.3",
-        "@rollup/rollup-openharmony-arm64": "4.60.3",
-        "@rollup/rollup-win32-arm64-msvc": "4.60.3",
-        "@rollup/rollup-win32-ia32-msvc": "4.60.3",
-        "@rollup/rollup-win32-x64-gnu": "4.60.3",
-        "@rollup/rollup-win32-x64-msvc": "4.60.3",
+        "@rollup/rollup-android-arm-eabi": "4.60.4",
+        "@rollup/rollup-android-arm64": "4.60.4",
+        "@rollup/rollup-darwin-arm64": "4.60.4",
+        "@rollup/rollup-darwin-x64": "4.60.4",
+        "@rollup/rollup-freebsd-arm64": "4.60.4",
+        "@rollup/rollup-freebsd-x64": "4.60.4",
+        "@rollup/rollup-linux-arm-gnueabihf": "4.60.4",
+        "@rollup/rollup-linux-arm-musleabihf": "4.60.4",
+        "@rollup/rollup-linux-arm64-gnu": "4.60.4",
+        "@rollup/rollup-linux-arm64-musl": "4.60.4",
+        "@rollup/rollup-linux-loong64-gnu": "4.60.4",
+        "@rollup/rollup-linux-loong64-musl": "4.60.4",
+        "@rollup/rollup-linux-ppc64-gnu": "4.60.4",
+        "@rollup/rollup-linux-ppc64-musl": "4.60.4",
+        "@rollup/rollup-linux-riscv64-gnu": "4.60.4",
+        "@rollup/rollup-linux-riscv64-musl": "4.60.4",
+        "@rollup/rollup-linux-s390x-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-gnu": "4.60.4",
+        "@rollup/rollup-linux-x64-musl": "4.60.4",
+        "@rollup/rollup-openbsd-x64": "4.60.4",
+        "@rollup/rollup-openharmony-arm64": "4.60.4",
+        "@rollup/rollup-win32-arm64-msvc": "4.60.4",
+        "@rollup/rollup-win32-ia32-msvc": "4.60.4",
+        "@rollup/rollup-win32-x64-gnu": "4.60.4",
+        "@rollup/rollup-win32-x64-msvc": "4.60.4",
         "fsevents": "~2.3.2"
       }
     },
+    "node_modules/rollup/node_modules/@types/estree": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/@types/estree/-/estree-1.0.8.tgz",
+      "integrity": "sha512-dWHzHa2WqEXI/O1E9OjrocMTKJl2mSrEolh1Iomrv6U+JuNwaHXsXx9bLu5gG7BUWFIN0skIQJQ/L1rIex4X6w==",
+      "dev": true,
+      "license": "MIT"
+    },
     "node_modules/router": {
       "version": "2.2.0",
       "resolved": "https://registry.npmjs.org/router/-/router-2.2.0.tgz",
@@ -9892,11 +9811,17 @@
       "license": "ISC"
     },
     "node_modules/signal-exit": {
-      "version": "3.0.7",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.7.tgz",
-      "integrity": "sha512-wnD2ZE+l+SPC/uoS0vXeE9L1+0wuaMqKlfz9AMUo38JsyLSBWSFcHR1Rri62LZc12vLr1gb3jl7iwQhgwpAbGQ==",
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
+      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
       "dev": true,
-      "license": "ISC"
+      "license": "ISC",
+      "engines": {
+        "node": ">=14"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/isaacs"
+      }
     },
     "node_modules/signal-polyfill": {
       "version": "0.2.2",
@@ -10079,13 +10004,13 @@
       }
     },
     "node_modules/strip-json-comments": {
-      "version": "3.1.1",
-      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
-      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "version": "5.0.3",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-5.0.3.tgz",
+      "integrity": "sha512-1tB5mhVo7U+ETBKNf92xT4hrQa3pm0MZ0PQvuDnWgAAGHDsfp4lPSpiS6psrSiet87wyGPh9ft6wmhOMQ0hDiw==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=8"
+        "node": ">=14.16"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
@@ -10189,24 +10114,24 @@
       }
     },
     "node_modules/test-exclude": {
-      "version": "8.0.0",
-      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-8.0.0.tgz",
-      "integrity": "sha512-ZOffsNrXYggvU1mDGHk54I96r26P8SyMjO5slMKSc7+IWmtB/MQKnEC2fP51imB3/pT6YK5cT5E8f+Dd9KdyOQ==",
+      "version": "7.0.2",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-7.0.2.tgz",
+      "integrity": "sha512-u9E6A+ZDYdp7a4WnarkXPZOx8Ilz46+kby6p1yZ8zsGTz9gYa6FIS7lj2oezzNKmtdyyJNNmmXDppga5GB7kSw==",
       "dev": true,
       "license": "ISC",
       "dependencies": {
         "@istanbuljs/schema": "^0.1.2",
-        "glob": "^13.0.6",
+        "glob": "^10.4.1",
         "minimatch": "^10.2.2"
       },
       "engines": {
-        "node": "20 || >=22"
+        "node": ">=18"
       }
     },
     "node_modules/thread-stream": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.1.0.tgz",
-      "integrity": "sha512-Bw6h2iBDt16v6iHLChBIoVYU8CBo9GPsW8TG7h1hRVhqKhIkH6N8qkxNSmiOZTKsCLPbtWG4ViWLkU6KeKXpig==",
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/thread-stream/-/thread-stream-4.2.0.tgz",
+      "integrity": "sha512-e2zZ96wSChazBsbENf/Pcm/4swHt2cEKQ92rhUjkL9GCKiTDJIaTBenjE/m9DXi0QBmTMDkFDdOomUy20A1tDQ==",
       "license": "MIT",
       "dependencies": {
         "real-require": "^1.0.0"
@@ -10447,38 +10372,58 @@
       }
     },
     "node_modules/type-fest": {
-      "version": "0.21.3",
-      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.21.3.tgz",
-      "integrity": "sha512-t0rzBq87m3fVcduHDUFhKmyyX+9eo6WQjZvf51Ea/M0Q7+T374Jp1aUiyUl0GKxp8M/OETVHSDvmkyPgvX+X2w==",
-      "dev": true,
+      "version": "5.6.0",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-5.6.0.tgz",
+      "integrity": "sha512-8ZiHFm91orbSAe2PSAiSVBVko18pbhbiB3U9GglSzF/zCGkR+rxpHx6sEMCUm4kxY4LjDIUGgCfUMtwfZfjfUA==",
       "license": "(MIT OR CC0-1.0)",
+      "dependencies": {
+        "tagged-tag": "^1.0.0"
+      },
       "engines": {
-        "node": ">=10"
+        "node": ">=20"
       },
       "funding": {
         "url": "https://github.com/sponsors/sindresorhus"
       }
     },
     "node_modules/type-is": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.0.1.tgz",
-      "integrity": "sha512-OZs6gsjF4vMp32qrCbiVSkrFmXtG/AZhY3t0iAMrMBiAZyV9oALtXO8hsrHbMXF9x6L3grlFuwW2oAz7cav+Gw==",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/type-is/-/type-is-2.1.0.tgz",
+      "integrity": "sha512-faYHw0anBbc/kWF3zFTEnxSFOAGUX9GFbOBthvDdLsIlEoWOFOtS0zgCiQYwIskL9iGXZL3kAXD8OoZ4GmMATA==",
       "license": "MIT",
       "dependencies": {
-        "content-type": "^1.0.5",
+        "content-type": "^2.0.0",
         "media-typer": "^1.1.0",
         "mime-types": "^3.0.0"
       },
       "engines": {
-        "node": ">= 0.6"
+        "node": ">= 18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
+      }
+    },
+    "node_modules/type-is/node_modules/content-type": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/content-type/-/content-type-2.0.0.tgz",
+      "integrity": "sha512-j/O/d7GcZCyNl7/hwZAb606rzqkyvaDctLmckbxLzHvFBzTJHuGEdodATcP3yIRoDrLHkIATJuvzbFlp/ki2cQ==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=18"
+      },
+      "funding": {
+        "type": "opencollective",
+        "url": "https://opencollective.com/express"
       }
     },
     "node_modules/typescript": {
-      "version": "5.9.3",
-      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
-      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "version": "6.0.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-6.0.3.tgz",
+      "integrity": "sha512-y2TvuxSZPDyQakkFRPZHKFm+KKVqIisdg9/CZwm9ftvKXLP8NRWj38/ODjNbr43SsoXqNuAisEf1GdCxqWcdBw==",
       "dev": true,
       "license": "Apache-2.0",
+      "peer": true,
       "bin": {
         "tsc": "bin/tsc",
         "tsserver": "bin/tsserver"
@@ -10488,16 +10433,16 @@
       }
     },
     "node_modules/typescript-eslint": {
-      "version": "8.59.2",
-      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.2.tgz",
-      "integrity": "sha512-pJw051uomb3ZeCzGTpRb8RbEqB5Y4WWet8gl/GcTlU35BSx0PVdZ86/bqkQCyKKuraVQEK7r6kBHQXF+fBhkoQ==",
+      "version": "8.59.3",
+      "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.59.3.tgz",
+      "integrity": "sha512-KgusgyDgG4LI8Ih/sWaCtZ06tckLAS5CvT5A4D1Q7bYVoAAyzwiZvE4BmwDHkhRVkvhRBepKeASoFzQetha7Fg==",
       "dev": true,
       "license": "MIT",
       "dependencies": {
-        "@typescript-eslint/eslint-plugin": "8.59.2",
-        "@typescript-eslint/parser": "8.59.2",
-        "@typescript-eslint/typescript-estree": "8.59.2",
-        "@typescript-eslint/utils": "8.59.2"
+        "@typescript-eslint/eslint-plugin": "8.59.3",
+        "@typescript-eslint/parser": "8.59.3",
+        "@typescript-eslint/typescript-estree": "8.59.3",
+        "@typescript-eslint/utils": "8.59.3"
       },
       "engines": {
         "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -11309,13 +11254,13 @@
       }
     },
     "node_modules/whatwg-mimetype": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-4.0.0.tgz",
-      "integrity": "sha512-QaKxh0eNIi2mE9p2vEdzfagOKHCcj1pJ56EEHGQOVxp8r9/iszLUUV7v89x9O1p/T+NlTM5W7jW6+cz4Fq1YVg==",
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/whatwg-mimetype/-/whatwg-mimetype-3.0.0.tgz",
+      "integrity": "sha512-nt+N2dzIutVRxARx1nghPKGv1xHikU7HKdfafKkLNLindmPU/ch3U31NOCGGA/dmPcmb1VlofO0vnKAcsm0o/Q==",
       "dev": true,
       "license": "MIT",
       "engines": {
-        "node": ">=18"
+        "node": ">=12"
       }
     },
     "node_modules/whatwg-url": {
@@ -11388,6 +11333,29 @@
         "node": ">=18.0.0"
       }
     },
+    "node_modules/wireit/node_modules/balanced-match": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-3.0.1.tgz",
+      "integrity": "sha512-vjtV3hiLqYDNRoiAv0zC4QaGAMPomEoq83PRmYIofPswwZurCeWR5LByXm7SyoL0Zh5+2z0+HC7jG8gSZJUh0w==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">= 16"
+      }
+    },
+    "node_modules/wireit/node_modules/brace-expansion": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-4.0.1.tgz",
+      "integrity": "sha512-YClrbvTCXGe70pU2JiEiPLYXO9gQkyxYeKpJIQHVS/gOs6EWMQP2RYBwjFLNT322Ji8TOC3IMPfsYCedNpzKfA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "balanced-match": "^3.0.0"
+      },
+      "engines": {
+        "node": ">= 18"
+      }
+    },
     "node_modules/word-wrap": {
       "version": "1.2.5",
       "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.5.tgz",
@@ -11399,17 +11367,18 @@
       }
     },
     "node_modules/wrap-ansi": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
-      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
+      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
+      "dev": true,
       "license": "MIT",
       "dependencies": {
-        "ansi-styles": "^4.0.0",
-        "string-width": "^4.1.0",
-        "strip-ansi": "^6.0.0"
+        "ansi-styles": "^6.1.0",
+        "string-width": "^5.0.1",
+        "strip-ansi": "^7.0.1"
       },
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
       },
       "funding": {
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
@@ -11434,6 +11403,73 @@
         "url": "https://github.com/chalk/wrap-ansi?sponsor=1"
       }
     },
+    "node_modules/wrap-ansi/node_modules/ansi-regex": {
+      "version": "6.2.2",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.2.2.tgz",
+      "integrity": "sha512-Bq3SmSpyFHaWjPk8If9yc6svM8c56dB5BAtW4Qbw5jHTwwXXcTLoRMkpDJp6VL0XzlWaCHTXrkFURMYmD0sLqg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-regex?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/ansi-styles": {
+      "version": "6.2.3",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.3.tgz",
+      "integrity": "sha512-4Dj6M28JB+oAH8kFkTLUo+a2jwOFkuqb3yucU0CANcRRUbxS0cP0nZYCGjcc3BNXwRIsUVmDGgzawme7zvJHvg==",
+      "dev": true,
+      "license": "MIT",
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/ansi-styles?sponsor=1"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/emoji-regex": {
+      "version": "9.2.2",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
+      "dev": true,
+      "license": "MIT"
+    },
+    "node_modules/wrap-ansi/node_modules/string-width": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
+      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "eastasianwidth": "^0.2.0",
+        "emoji-regex": "^9.2.2",
+        "strip-ansi": "^7.0.1"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/sponsors/sindresorhus"
+      }
+    },
+    "node_modules/wrap-ansi/node_modules/strip-ansi": {
+      "version": "7.2.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.2.0.tgz",
+      "integrity": "sha512-yDPMNjp4WyfYBkHnjIRLfca1i6KMyGCtsVgoKe/z1+6vukgaENdgGBZt+ZmKPc4gavvEZ5OgHfHdrazhgNyG7w==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "ansi-regex": "^6.2.2"
+      },
+      "engines": {
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/chalk/strip-ansi?sponsor=1"
+      }
+    },
     "node_modules/wrappy": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
@@ -11454,23 +11490,10 @@
         "node": "^18.17.0 || >=20.5.0"
       }
     },
-    "node_modules/write-file-atomic/node_modules/signal-exit": {
-      "version": "4.1.0",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
-      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
-      "dev": true,
-      "license": "ISC",
-      "engines": {
-        "node": ">=14"
-      },
-      "funding": {
-        "url": "https://github.com/sponsors/isaacs"
-      }
-    },
     "node_modules/ws": {
-      "version": "8.20.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.0.tgz",
-      "integrity": "sha512-sAt8BhgNbzCtgGbt2OxmpuryO63ZoDk/sqaB/znQm94T4fCEsy/yV+7CdC1kJhOU9lboAEU7R3kquuycDoibVA==",
+      "version": "8.20.1",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.20.1.tgz",
+      "integrity": "sha512-It4dO0K5v//JtTXuPkfEOaI3uUN87iYPnqo/ZzqCoG3g8uhA66QUMs/SrM0YK7/NAu+r4LMh/9dq2A7k+rHs+w==",
       "dev": true,
       "license": "MIT",
       "engines": {
@@ -11530,9 +11553,9 @@
       "license": "ISC"
     },
     "node_modules/yaml": {
-      "version": "2.8.4",
-      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.8.4.tgz",
-      "integrity": "sha512-ml/JPOj9fOQK8RNnWojA67GbZ0ApXAUlN2UQclwv2eVgTgn7O9gg9o7paZWKMp4g0H3nTLtS9LVzhkpOFIKzog==",
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.9.0.tgz",
+      "integrity": "sha512-2AvhNX3mb8zd6Zy7INTtSpl1F15HW6Wnqj0srWlkKLcpYl/gMIMJiyuGq2KeI2YFxUPjdlB+3Lc10seMLtL4cA==",
       "license": "ISC",
       "bin": {
         "yaml": "bin.mjs"
diff --git a/package.json b/package.json
index 2b72bff..470c4d6 100644
--- a/package.json
+++ b/package.json
@@ -43,5 +43,8 @@
   },
   "engines": {
     "node": ">=22"
+  },
+  "overrides": {
+    "protobufjs": "^8.2.0"
   }
 }