@adriandmitroca/relay 0.0.2

package/dist/index.html

@@ -0,0 +1,16 @@
+<!DOCTYPE html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>Relay</title>
+    <link rel="preconnect" href="https://fonts.googleapis.com" />
+    <link rel="preconnect" href="https://fonts.gstatic.com" crossorigin />
+    <link href="https://fonts.googleapis.com/css2?family=Plus+Jakarta+Sans:wght@400;500;600;700;800&family=JetBrains+Mono:wght@400;500&display=swap" rel="stylesheet" />
+    <script type="module" crossorigin src="/assets/index-RaJgQa_m.js"></script>
+    <link rel="stylesheet" crossorigin href="/assets/index-BcE2ldjQ.css">
+  </head>
+  <body>
+    <div id="root"></div>
+  </body>
+</html>

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "@adriandmitroca/relay",
+  "version": "0.0.2",
+  "description": "Autonomous SWE agent — triage and fix issues from Sentry, Asana, Linear, and Jira with Claude",
+  "module": "src/cli.ts",
+  "type": "module",
+  "bin": {
+    "relay": "src/cli.ts"
+  },
+  "files": [
+    "src/",
+    "dist/",
+    "scripts/"
+  ],
+  "engines": {
+    "bun": ">=1.0.0"
+  },
+  "scripts": {
+    "start": "bun run build && bun src/cli.ts start",
+    "dev": "DEV=1 bun --watch src/cli.ts start & bunx vite --config dashboard/vite.config.ts --open",
+    "build": "bunx vite build --config dashboard/vite.config.ts",
+    "test": "bun test",
+    "prepublishOnly": "bun run build"
+  },
+  "devDependencies": {
+    "@semantic-release/changelog": "^6.0.3",
+    "@semantic-release/git": "^10.0.1",
+    "@tailwindcss/vite": "^4.2.1",
+    "@tanstack/react-query": "^5.90.21",
+    "@types/bun": "latest",
+    "@types/react": "^19.2.14",
+    "@types/react-dom": "^19.2.3",
+    "@vitejs/plugin-react": "^5.1.4",
+    "react": "^19.2.4",
+    "react-dom": "^19.2.4",
+    "react-router": "^7.13.1",
+    "semantic-release": "^24.0.0",
+    "tailwindcss": "^4.2.1",
+    "vite": "^7.3.1"
+  },
+  "dependencies": {
+    "hono": "^4.12.5"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}

package/scripts/install-service.sh

@@ -0,0 +1,52 @@
+#!/bin/bash
+set -e
+
+LABEL="com.relay.daemon"
+PLIST="$HOME/Library/LaunchAgents/$LABEL.plist"
+ENGINEER_AI_DIR="$(cd "$(dirname "$0")/.." && pwd)"
+BUN_PATH="$(which bun)"
+LOG_LEVEL="${1:-info}"
+
+# Stop existing service if running
+launchctl bootout "gui/$(id -u)/$LABEL" 2>/dev/null || true
+
+cat > "$PLIST" <<EOF
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+    <key>Label</key>
+    <string>$LABEL</string>
+    <key>ProgramArguments</key>
+    <array>
+        <string>$BUN_PATH</string>
+        <string>src/cli.ts</string>
+        <string>start</string>
+        <string>--log-level</string>
+        <string>$LOG_LEVEL</string>
+    </array>
+    <key>WorkingDirectory</key>
+    <string>$ENGINEER_AI_DIR</string>
+    <key>RunAtLoad</key>
+    <true/>
+    <key>KeepAlive</key>
+    <true/>
+    <key>StandardOutPath</key>
+    <string>$ENGINEER_AI_DIR/relay.stdout.log</string>
+    <key>StandardErrorPath</key>
+    <string>$ENGINEER_AI_DIR/relay.stderr.log</string>
+    <key>EnvironmentVariables</key>
+    <dict>
+        <key>PATH</key>
+        <string>$(dirname "$BUN_PATH"):/usr/local/bin:/usr/bin:/bin</string>
+    </dict>
+</dict>
+</plist>
+EOF
+
+launchctl bootstrap "gui/$(id -u)" "$PLIST"
+
+echo "Relay service installed and started."
+echo "  Logs: $ENGINEER_AI_DIR/relay.stderr.log"
+echo "  Stop: launchctl bootout gui/$(id -u)/$LABEL"
+echo "  Uninstall: bash $ENGINEER_AI_DIR/scripts/uninstall-service.sh"

package/scripts/uninstall-service.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+set -e
+
+LABEL="com.relay.daemon"
+PLIST="$HOME/Library/LaunchAgents/$LABEL.plist"
+
+launchctl bootout "gui/$(id -u)/$LABEL" 2>/dev/null || true
+rm -f "$PLIST"
+
+echo "Relay service uninstalled."

package/src/api/config.ts

@@ -0,0 +1,481 @@
+import { Hono } from "hono";
+import { readdir, stat } from "node:fs/promises";
+import { join, basename } from "node:path";
+import type { ConfigDB } from "../db.ts";
+
+const SECRET_KEYS = new Set(["authToken", "accessToken", "apiKey", "apiToken", "botToken", "bot_token"]);
+
+function maskValue(val: string): string {
+  if (val.length <= 8) return "•".repeat(val.length);
+  return val.slice(0, 4) + "•".repeat(Math.min(val.length - 8, 20)) + val.slice(-4);
+}
+
+function maskSecrets(obj: Record<string, unknown>): Record<string, unknown> {
+  const result = { ...obj };
+  for (const key of Object.keys(result)) {
+    if (SECRET_KEYS.has(key) && typeof result[key] === "string") {
+      result[key] = maskValue(result[key] as string);
+    }
+  }
+  return result;
+}
+
+export function createConfigRoutes(getConfigDB: () => ConfigDB, onConfigChange: () => void) {
+  const app = new Hono();
+
+  // ─── Settings ───
+
+  app.get("/api/settings", (c) => {
+    return c.json(getConfigDB().getSettings());
+  });
+
+  app.put("/api/settings", async (c) => {
+    const body = await c.req.json<Record<string, string>>();
+    getConfigDB().updateSettings(body);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  // ─── Config Check ───
+
+  app.get("/api/config/check", (c) => {
+    return c.json({ hasConfig: getConfigDB().hasConfig() });
+  });
+
+  // ─── Workspaces ───
+
+  app.get("/api/workspaces", (c) => {
+    const configDB = getConfigDB();
+    const workspaces = configDB.getWorkspaces().map((ws) => {
+      const projects = configDB.getProjects(ws.id).map((proj) => ({
+        ...proj,
+        sources: configDB.getSourceConfigs(proj.id).map((src) => ({
+          ...src,
+          config: JSON.stringify(maskSecrets(JSON.parse(src.config))),
+        })),
+      }));
+      const telegram = configDB.getTelegramConfig(ws.id);
+      const maskedTelegram = telegram ? { ...telegram, bot_token: maskValue(telegram.bot_token) } : null;
+      return { ...ws, projects, telegram: maskedTelegram };
+    });
+    return c.json(workspaces);
+  });
+
+  app.post("/api/workspaces", async (c) => {
+    const { key } = await c.req.json<{ key: string }>();
+    if (!key?.trim()) return c.json({ error: "key is required" }, 400);
+    try {
+      const ws = getConfigDB().createWorkspace(key.trim());
+      onConfigChange();
+      return c.json(ws, 201);
+    } catch (err) {
+      return c.json({ error: String(err) }, 400);
+    }
+  });
+
+  app.put("/api/workspaces/:id", async (c) => {
+    const id = parseInt(c.req.param("id"));
+    const { key } = await c.req.json<{ key: string }>();
+    if (!key?.trim()) return c.json({ error: "key is required" }, 400);
+    getConfigDB().updateWorkspace(id, key.trim());
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  app.delete("/api/workspaces/:id", (c) => {
+    const id = parseInt(c.req.param("id"));
+    getConfigDB().deleteWorkspace(id);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  // ─── Projects ───
+
+  app.post("/api/workspaces/:id/projects", async (c) => {
+    const workspaceId = parseInt(c.req.param("id"));
+    const body = await c.req.json<{ key: string; repoPath: string; baseBranch: string; testCommand?: string }>();
+    if (!body.key?.trim() || !body.repoPath?.trim() || !body.baseBranch?.trim()) {
+      return c.json({ error: "key, repoPath, and baseBranch are required" }, 400);
+    }
+    try {
+      const proj = getConfigDB().createProject(workspaceId, {
+        key: body.key.trim(),
+        repoPath: body.repoPath.trim(),
+        baseBranch: body.baseBranch.trim(),
+        testCommand: body.testCommand?.trim(),
+      });
+      onConfigChange();
+      return c.json(proj, 201);
+    } catch (err) {
+      return c.json({ error: String(err) }, 400);
+    }
+  });
+
+  app.put("/api/projects/:id", async (c) => {
+    const id = parseInt(c.req.param("id"));
+    const body = await c.req.json<{ key?: string; repoPath?: string; baseBranch?: string; testCommand?: string | null }>();
+    getConfigDB().updateProject(id, body);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  app.delete("/api/projects/:id", (c) => {
+    const id = parseInt(c.req.param("id"));
+    getConfigDB().deleteProject(id);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  // ─── Source Configs ───
+
+  app.post("/api/projects/:id/sources", async (c) => {
+    const projectId = parseInt(c.req.param("id"));
+    const body = await c.req.json<{ type: string; config: Record<string, unknown>; enabled?: boolean }>();
+    if (!body.type?.trim() || !body.config) {
+      return c.json({ error: "type and config are required" }, 400);
+    }
+    const src = getConfigDB().upsertSourceConfig(projectId, body.type.trim(), body.config, body.enabled ?? true);
+    onConfigChange();
+    return c.json(src, 201);
+  });
+
+  app.put("/api/sources/:id", async (c) => {
+    const id = parseInt(c.req.param("id"));
+    const body = await c.req.json<{ config?: Record<string, unknown>; enabled?: boolean }>();
+    // Preserve existing secrets when the client sends back masked values
+    if (body.config) {
+      const existing = getConfigDB().getSourceConfig(id);
+      if (existing) {
+        const existingConfig = JSON.parse(existing.config) as Record<string, unknown>;
+        for (const key of SECRET_KEYS) {
+          if (typeof body.config[key] === "string" && (body.config[key] as string).includes("•")) {
+            body.config[key] = existingConfig[key];
+          }
+        }
+      }
+    }
+    getConfigDB().updateSourceConfig(id, body);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  app.put("/api/sources/:id/toggle", async (c) => {
+    const id = parseInt(c.req.param("id"));
+    const { enabled } = await c.req.json<{ enabled: boolean }>();
+    getConfigDB().updateSourceConfig(id, { enabled });
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  app.delete("/api/sources/:id", (c) => {
+    const id = parseInt(c.req.param("id"));
+    getConfigDB().deleteSourceConfig(id);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  // ─── Telegram ───
+
+  app.put("/api/workspaces/:id/telegram", async (c) => {
+    const workspaceId = parseInt(c.req.param("id"));
+    const body = await c.req.json<{ botToken: string; chatId: string; enabled?: boolean }>();
+    if (!body.botToken?.trim() || !body.chatId?.trim()) {
+      return c.json({ error: "botToken and chatId are required" }, 400);
+    }
+    let botToken = body.botToken.trim();
+    // Preserve existing token if client sent back a masked value
+    if (botToken.includes("•")) {
+      const existing = getConfigDB().getTelegramConfig(workspaceId);
+      if (existing) botToken = existing.bot_token;
+    }
+    const tg = getConfigDB().upsertTelegramConfig(workspaceId, botToken, body.chatId.trim(), body.enabled ?? true);
+    onConfigChange();
+    return c.json({ ...tg, bot_token: maskValue(tg.bot_token) });
+  });
+
+  app.put("/api/workspaces/:id/telegram/toggle", async (c) => {
+    const workspaceId = parseInt(c.req.param("id"));
+    const { enabled } = await c.req.json<{ enabled: boolean }>();
+    getConfigDB().updateTelegramEnabled(workspaceId, enabled);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  app.delete("/api/workspaces/:id/telegram", (c) => {
+    const workspaceId = parseInt(c.req.param("id"));
+    getConfigDB().deleteTelegramConfig(workspaceId);
+    onConfigChange();
+    return c.json({ ok: true });
+  });
+
+  // ─── Project Discovery ───
+
+  app.post("/api/workspaces/:id/discover", async (c) => {
+    const workspaceId = parseInt(c.req.param("id"));
+    const { path: dirPath } = await c.req.json<{ path: string }>();
+    if (!dirPath?.trim()) return c.json({ error: "path is required" }, 400);
+
+    try {
+      const dirStat = await stat(dirPath);
+      if (!dirStat.isDirectory()) return c.json({ error: "Path is not a directory" }, 400);
+    } catch {
+      return c.json({ error: "Path does not exist or is not accessible" }, 400);
+    }
+
+    const existingPaths = new Set(
+      getConfigDB().getProjects(workspaceId).map((p) => p.repo_path),
+    );
+
+    const toKebabCase = (name: string) =>
+      name.replace(/([a-z])([A-Z])/g, "$1-$2").replace(/[\s_]+/g, "-").toLowerCase();
+
+    async function scanDirectory(dir: string, depth = 0, maxDepth = 2): Promise<string[]> {
+      if (depth > maxDepth) return [];
+      const repos: string[] = [];
+      let entries;
+      try {
+        entries = await readdir(dir, { withFileTypes: true });
+      } catch {
+        return [];
+      }
+      for (const entry of entries) {
+        if (!entry.isDirectory()) continue;
+        if (entry.name.startsWith(".") || entry.name === "node_modules") continue;
+        const full = join(dir, entry.name);
+        try {
+          await stat(join(full, ".git"));
+          repos.push(full);
+        } catch {
+          repos.push(...(await scanDirectory(full, depth + 1, maxDepth)));
+        }
+      }
+      return repos;
+    }
+
+    async function detectBaseBranch(repoPath: string): Promise<string> {
+      try {
+        const proc = Bun.spawn(["git", "symbolic-ref", "refs/remotes/origin/HEAD"], { cwd: repoPath, stdout: "pipe", stderr: "ignore" });
+        const text = await new Response(proc.stdout).text();
+        const ref = text.trim().replace("refs/remotes/origin/", "");
+        if (ref) return ref;
+      } catch {}
+      for (const branch of ["main", "master"]) {
+        try {
+          await stat(join(repoPath, ".git", "refs", "remotes", "origin", branch));
+          return branch;
+        } catch {}
+      }
+      return "main";
+    }
+
+    async function detectTestCommand(repoPath: string): Promise<string | undefined> {
+      try {
+        const pkgFile = Bun.file(join(repoPath, "package.json"));
+        const pkg = await pkgFile.json() as { scripts?: Record<string, string> };
+        const testScript = pkg.scripts?.test;
+        if (testScript && !testScript.includes("no test specified")) {
+          try { await stat(join(repoPath, "bun.lockb")); return "bun test"; } catch {}
+          try { await stat(join(repoPath, "bun.lock")); return "bun test"; } catch {}
+          return "npm test";
+        }
+      } catch {}
+      try {
+        const makefile = await Bun.file(join(repoPath, "Makefile")).text();
+        if (/^test:/m.test(makefile)) return "make test";
+      } catch {}
+      return undefined;
+    }
+
+    async function detectSourceHints(repoPath: string): Promise<string[]> {
+      const hints: string[] = [];
+      const exists = async (path: string) => { try { await stat(join(repoPath, path)); return true; } catch { return false; } };
+
+      if (await exists(".sentryclirc") || await exists("sentry.properties")) hints.push("sentry");
+
+      try {
+        const pkg = await Bun.file(join(repoPath, "package.json")).text();
+        if (pkg.includes("@linear/sdk")) hints.push("linear");
+      } catch {}
+
+      if (await exists(".asana.yml")) hints.push("asana");
+
+      try {
+        const proc = Bun.spawn(["git", "log", "--oneline", "-20"], { cwd: repoPath, stdout: "pipe", stderr: "ignore" });
+        const log = await new Response(proc.stdout).text();
+        if (/\b[A-Z]{2,10}-\d+\b/.test(log)) hints.push("jira");
+      } catch {}
+
+      return hints;
+    }
+
+    const repoPaths = await scanDirectory(dirPath.trim());
+    const newPaths = repoPaths.filter((p) => !existingPaths.has(p));
+
+    const discovered = await Promise.all(
+      newPaths.map(async (repoPath) => {
+        const [baseBranch, testCommand, sourceHints] = await Promise.all([
+          detectBaseBranch(repoPath),
+          detectTestCommand(repoPath),
+          detectSourceHints(repoPath),
+        ]);
+        return {
+          repoPath,
+          key: toKebabCase(basename(repoPath)),
+          baseBranch,
+          testCommand,
+          sourceHints,
+        };
+      }),
+    );
+
+    return c.json({ discovered });
+  });
+
+  // ─── Setup Wizard ───
+
+  app.post("/api/setup/complete", async (c) => {
+    const body = await c.req.json<{
+      settings?: Record<string, string>;
+      workspaces: Array<{
+        key: string;
+        telegram?: { botToken: string; chatId: string };
+        projects: Array<{
+          key: string;
+          repoPath: string;
+          baseBranch: string;
+          testCommand?: string;
+          sources?: Array<{ type: string; config: Record<string, unknown> }>;
+        }>;
+      }>;
+    }>();
+
+    if (!body.workspaces?.length) {
+      return c.json({ error: "At least one workspace is required" }, 400);
+    }
+
+    const configDB = getConfigDB();
+
+    try {
+      // Settings
+      if (body.settings) {
+        configDB.updateSettings(body.settings);
+      }
+
+      // Create workspaces
+      for (const wsData of body.workspaces) {
+        const ws = configDB.createWorkspace(wsData.key);
+
+        if (wsData.telegram) {
+          configDB.upsertTelegramConfig(ws.id, wsData.telegram.botToken, wsData.telegram.chatId);
+        }
+
+        for (const projData of wsData.projects) {
+          const proj = configDB.createProject(ws.id, {
+            key: projData.key,
+            repoPath: projData.repoPath,
+            baseBranch: projData.baseBranch,
+            testCommand: projData.testCommand,
+          });
+
+          if (projData.sources) {
+            for (const src of projData.sources) {
+              configDB.upsertSourceConfig(proj.id, src.type, src.config);
+            }
+          }
+        }
+      }
+
+      onConfigChange();
+      return c.json({ ok: true }, 201);
+    } catch (err) {
+      return c.json({ error: String(err) }, 400);
+    }
+  });
+
+  // ─── Connection Testing ───
+
+  app.post("/api/test/sentry", async (c) => {
+    const { authToken, org, project } = await c.req.json<{ authToken: string; org: string; project: string }>();
+    try {
+      const resp = await fetch(`https://sentry.io/api/0/projects/${org}/${project}/`, {
+        headers: { Authorization: `Bearer ${authToken}` },
+      });
+      if (resp.ok) return c.json({ ok: true });
+      const text = await resp.text();
+      return c.json({ ok: false, error: `${resp.status}: ${text.slice(0, 200)}` });
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) });
+    }
+  });
+
+  app.post("/api/test/asana", async (c) => {
+    const { accessToken, projectGid } = await c.req.json<{ accessToken: string; projectGid: string }>();
+    try {
+      const resp = await fetch(`https://app.asana.com/api/1.0/projects/${projectGid}`, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+      });
+      if (resp.ok) return c.json({ ok: true });
+      const text = await resp.text();
+      return c.json({ ok: false, error: `${resp.status}: ${text.slice(0, 200)}` });
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) });
+    }
+  });
+
+  app.post("/api/test/linear", async (c) => {
+    const { apiKey, teamId } = await c.req.json<{ apiKey: string; teamId: string }>();
+    try {
+      const resp = await fetch("https://api.linear.app/graphql", {
+        method: "POST",
+        headers: { Authorization: apiKey, "Content-Type": "application/json" },
+        body: JSON.stringify({ query: `{ team(id: "${teamId}") { id name } }` }),
+      });
+      if (!resp.ok) {
+        const text = await resp.text();
+        return c.json({ ok: false, error: `${resp.status}: ${text.slice(0, 200)}` });
+      }
+      const data = await resp.json() as { data?: { team?: { name: string } }; errors?: Array<{ message: string }> };
+      if (data.errors?.length) return c.json({ ok: false, error: data.errors[0].message });
+      if (!data.data?.team) return c.json({ ok: false, error: "Team not found" });
+      return c.json({ ok: true, teamName: data.data.team.name });
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) });
+    }
+  });
+
+  app.post("/api/test/jira", async (c) => {
+    const { host, email, apiToken, projectKey } = await c.req.json<{ host: string; email: string; apiToken: string; projectKey: string }>();
+    try {
+      const encoded = btoa(`${email}:${apiToken}`);
+      const resp = await fetch(`https://${host}/rest/api/3/project/${projectKey}`, {
+        headers: { Authorization: `Basic ${encoded}`, Accept: "application/json" },
+      });
+      if (resp.ok) {
+        const data = await resp.json() as { name: string };
+        return c.json({ ok: true, projectName: data.name });
+      }
+      const text = await resp.text();
+      return c.json({ ok: false, error: `${resp.status}: ${text.slice(0, 200)}` });
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) });
+    }
+  });
+
+  app.post("/api/test/telegram", async (c) => {
+    const { botToken, chatId } = await c.req.json<{ botToken: string; chatId: string }>();
+    try {
+      const resp = await fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ chat_id: chatId, text: "🔌 Relay connection test — success!" }),
+      });
+      const data = await resp.json() as { ok: boolean; description?: string };
+      if (data.ok) return c.json({ ok: true });
+      return c.json({ ok: false, error: data.description ?? "Unknown error" });
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) });
+    }
+  });
+
+  return app;
+}

package/src/api/issues.ts

@@ -0,0 +1,81 @@
+import { Hono } from "hono";
+import type { IssueDB, IssueRow } from "../db.ts";
+import { type CallbackAction, type CallbackData } from "../constants.ts";
+
+const VALID_ACTIONS: CallbackAction[] = ["fix", "accept", "discard", "skip", "retry"];
+
+type ActionHandler = (data: CallbackData) => Promise<{ ok: boolean; error?: string; issue?: IssueRow }>;
+type StatusProvider = () => Array<{ workspace: string; telegram: boolean; sources: string[] }>;
+
+export function createIssueRoutes(getDB: () => IssueDB, getActionHandler: () => ActionHandler | null, getStatusProvider: () => StatusProvider | null) {
+  const app = new Hono();
+
+  app.get("/api/issues", (c) => {
+    const db = getDB();
+    const limit = Math.min(parseInt(c.req.query("limit") ?? "100"), 500);
+    const status = c.req.query("status") ?? undefined;
+    const source = c.req.query("source") ?? undefined;
+    const issues = db.getFiltered({ status, source, limit });
+    return c.json(issues);
+  });
+
+  app.get("/api/issues/:id", (c) => {
+    const db = getDB();
+    const id = parseInt(c.req.param("id"));
+    const issue = db.getById(id);
+    if (!issue) return c.json({ error: "Not found" }, 404);
+    return c.json(issue);
+  });
+
+  app.post("/api/issues/:id/action", async (c) => {
+    const actionHandler = getActionHandler();
+    if (!actionHandler) {
+      return c.json({ ok: false, error: "Action handler not configured" }, 503);
+    }
+
+    const db = getDB();
+    const id = parseInt(c.req.param("id"));
+
+    let body: { action?: string };
+    try {
+      body = await c.req.json();
+    } catch {
+      return c.json({ ok: false, error: "Invalid JSON body" }, 400);
+    }
+
+    if (!body.action || !VALID_ACTIONS.includes(body.action as CallbackAction)) {
+      return c.json({ ok: false, error: `Invalid action. Must be one of: ${VALID_ACTIONS.join(", ")}` }, 400);
+    }
+
+    const issue = db.getById(id);
+    if (!issue) {
+      return c.json({ ok: false, error: "Issue not found" }, 404);
+    }
+
+    try {
+      const result = await actionHandler({
+        action: body.action as CallbackAction,
+        source: issue.source,
+        sourceId: issue.sourceId,
+      });
+      return c.json(result, result.ok ? 200 : 400);
+    } catch (err) {
+      return c.json({ ok: false, error: String(err) }, 500);
+    }
+  });
+
+  app.get("/api/stats", (c) => {
+    const db = getDB();
+    const workspaceKey = c.req.query("workspace") ?? undefined;
+    const rows = db.getStatsBySource(workspaceKey);
+    return c.json(rows);
+  });
+
+  app.get("/api/status", (c) => {
+    const provider = getStatusProvider();
+    const status = provider ? provider() : [];
+    return c.json(status);
+  });
+
+  return app;
+}