You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Context.@dotcms/ai is the runtime that runs model- and human-written code safely against dotCMS — the foundation under every agentic surface we ship.
Problem. The runtime exists only as an internal prototype (libs/agentic-tools): private, lower-level than it should be, with hardening gaps (per-call worker re-eval, no abort, no resource limits, thin test coverage) that block any "production" claim. There's no public package, and apps/mcp-server duplicates wiring the runtime should own.
Value. Every other CMS ships fixed tools; only dotCMS lets the model compose new operations as code, governed by construction. This epic ships that as a public SDK.
Solution (high level).
Move + rename libs/agentic-tools → libs/sdk/ai / @dotcms/agentic-tools → @dotcms/ai (public, no shim — internal name, no external consumers).
Public surface: one package, subpath exports; one runtime, two verbs (request() direct, run(code) sandboxed) sharing a single request core so they can't diverge; typed defineAdapter (Zod) that doubles as the tool definition.
Harden + specify production contracts: worker pool, abort, resource limits, error model, observability, semver/support matrix.
Prove it by migrating apps/mcp-server onto the new front door in the same PR.
Threat model (decided): capability confinement for trusted code generators, documented honestly — not adversarial isolation.
Description
Context.
@dotcms/aiis the runtime that runs model- and human-written code safely against dotCMS — the foundation under every agentic surface we ship.Problem. The runtime exists only as an internal prototype (
libs/agentic-tools):private, lower-level than it should be, with hardening gaps (per-call worker re-eval, no abort, no resource limits, thin test coverage) that block any "production" claim. There's no public package, andapps/mcp-serverduplicates wiring the runtime should own.Value. Every other CMS ships fixed tools; only dotCMS lets the model compose new operations as code, governed by construction. This epic ships that as a public SDK.
Solution (high level).
libs/agentic-tools→libs/sdk/ai/@dotcms/agentic-tools→@dotcms/ai(public, no shim — internal name, no external consumers).request()direct,run(code)sandboxed) sharing a single request core so they can't diverge; typeddefineAdapter(Zod) that doubles as the tool definition.apps/mcp-serveronto the new front door in the same PR.Threat model (decided): capability confinement for trusted code generators, documented honestly — not adversarial isolation.
Out of scope:
@dotcms/client(the content SDK lives beside this, not on top).Desired Outcome
apps/mcp-serverruns on@dotcms/aiin production, no behavior regression.@dotcms/aiis published (subpath exports, dual ESM/CJS, public-API audit done);libs/agentic-toolsis deleted.request()andrun()provably can't diverge.Target Personas
Links