@assistkick/create 1.0.0

package/templates/product-system/packages/backend/src/routes/graph.ts

@@ -0,0 +1,67 @@
+/**
+ * Graph API routes — read graph data and individual nodes.
+ */
+
+import {Router} from 'express';
+import {readFile} from 'node:fs/promises';
+import {join} from 'node:path';
+import {readGraph} from '@interview-system/shared/lib/graph.js';
+import {getDb} from '@interview-system/shared/lib/db.js';
+import {nodes} from '@interview-system/shared/db/schema.js';
+import {eq} from 'drizzle-orm';
+import matter from 'gray-matter';
+import {log, paths} from '../services/init.js';
+
+const router: Router = Router();
+
+// GET /api/graph
+router.get('/graph', async (req, res) => {
+    const projectId = req.query.project_id as string | undefined;
+    log('API', `GET /api/graph${projectId ? ` project_id=${projectId}` : ''}`);
+    try {
+        const graph = await readGraph(projectId);
+        res.json(graph);
+    } catch (err: any) {
+        log('API', `GET /api/graph FAILED: ${err.message}`, err.cause || err);
+        res.status(500).json({error: 'Failed to read graph'});
+    }
+});
+
+// GET /api/node/:id
+router.get('/node/:id', async (req, res) => {
+    const nodeId = req.params.id;
+    log('API', `GET /api/node/${nodeId}`);
+    try {
+        const db = getDb();
+        const rows = await db.select().from(nodes).where(eq(nodes.id, nodeId));
+        const row = rows[0];
+        if (!row) {
+            log('API', `GET /api/node/${nodeId} — not found`);
+            return res.status(404).json({error: `Node not found: ${nodeId}`});
+        }
+
+        let content;
+        if (row.body) {
+            const frontmatter: any = {
+                id: row.id,
+                type: row.type,
+                name: row.name,
+                status: row.status,
+                priority: row.priority,
+                ...(row.kind ? {kind: row.kind} : {}),
+                created_at: row.createdAt,
+                updated_at: row.updatedAt,
+            };
+            content = matter.stringify(row.body, frontmatter);
+        } else {
+            const filePath = join(paths.dataDir, 'nodes', `${nodeId}.md`);
+            content = await readFile(filePath, 'utf-8');
+        }
+        res.json({id: nodeId, content});
+    } catch (err: any) {
+        log('API', `GET /api/node/${nodeId} FAILED: ${err.message}`);
+        res.status(500).json({error: `Failed to read node: ${nodeId}`});
+    }
+});
+
+export default router;

package/templates/product-system/packages/backend/src/routes/kanban.ts

@@ -0,0 +1,201 @@
+/**
+ * Kanban API routes — CRUD for kanban board, notes, pipeline.
+ */
+
+import { Router } from 'express';
+import { randomUUID } from 'node:crypto';
+import { readGraph } from '@interview-system/shared/lib/graph.js';
+import { loadKanban, getKanbanEntry, saveKanbanEntry } from '@interview-system/shared/lib/kanban.js';
+import { log, pipeline } from '../services/init.js';
+
+const router: Router = Router();
+
+const VALID_COLUMNS = ['todo', 'in_progress', 'in_review', 'qa', 'done'];
+
+// GET /api/kanban
+router.get('/', async (req, res) => {
+  const projectId = req.query.project_id as string | undefined;
+  log('API', `GET /api/kanban${projectId ? ` project_id=${projectId}` : ''}`);
+  try {
+    const kanban = await loadKanban(projectId);
+
+    // Auto-add missing feature nodes to the TODO column
+    const graph = await readGraph(projectId);
+    const featureNodes = graph.nodes.filter((n: any) => n.type === 'feature');
+    for (const node of featureNodes) {
+      if (!kanban[node.id]) {
+        const newEntry = {
+          column: 'todo',
+          rejection_count: 0,
+          notes: [],
+          moved_at: node.created_at || new Date().toISOString(),
+        };
+        await saveKanbanEntry(node.id, newEntry, projectId);
+        kanban[node.id] = newEntry;
+        log('KANBAN', `Auto-added ${node.id} to todo`);
+      }
+    }
+
+    res.json(kanban);
+  } catch (err: any) {
+    log('API', `GET /api/kanban FAILED: ${err.message}`);
+    res.status(500).json({ error: 'Failed to read kanban' });
+  }
+});
+
+// POST /api/kanban/:id/move
+router.post('/:id/move', async (req, res) => {
+  const featureId = req.params.id;
+  log('API', `POST /api/kanban/${featureId}/move`);
+  try {
+    const { column } = req.body;
+    log('MOVE', `${featureId} → target: ${column}`);
+
+    if (!column) {
+      log('MOVE', `REJECT: missing column`);
+      return res.status(400).json({ error: 'Missing "column" in request body' });
+    }
+
+    const entry = await getKanbanEntry(featureId);
+
+    if (!entry) {
+      log('MOVE', `REJECT: ${featureId} not found`);
+      return res.status(404).json({ error: `Feature "${featureId}" not found in kanban` });
+    }
+
+    const currentColumn = entry.column;
+    log('MOVE', `${featureId}: current=${currentColumn} target=${column}`);
+
+    if (!VALID_COLUMNS.includes(column)) {
+      log('MOVE', `REJECT: invalid column "${column}"`);
+      return res.status(400).json({ error: `Invalid column "${column}"` });
+    }
+
+    if (currentColumn === column) {
+      log('MOVE', `REJECT: card already in "${column}"`);
+      return res.status(400).json({ error: `Card is already in "${column}"` });
+    }
+
+    entry.column = column;
+    entry.moved_at = new Date().toISOString();
+
+    // Increment rejection count on QA → Todo
+    if (currentColumn === 'qa' && column === 'todo') {
+      entry.rejection_count = (entry.rejection_count || 0) + 1;
+      log('MOVE', `QA rejection #${entry.rejection_count} for ${featureId}`);
+    }
+
+    await saveKanbanEntry(featureId, entry);
+    log('MOVE', `OK: ${featureId} ${currentColumn} → ${column}`);
+
+    res.json({
+      feature_id: featureId,
+      previous_column: currentColumn,
+      new_column: column,
+      rejection_count: entry.rejection_count || 0,
+    });
+  } catch (err: any) {
+    log('MOVE', `ERROR: ${err.message}`);
+    res.status(400).json({ error: err.message });
+  }
+});
+
+// POST /api/kanban/:id/notes
+router.post('/:id/notes', async (req, res) => {
+  const featureId = req.params.id;
+  log('API', `POST /api/kanban/${featureId}/notes`);
+  try {
+    const { text } = req.body;
+
+    if (!text || !text.trim()) {
+      log('NOTES', `REJECT: missing text`);
+      return res.status(400).json({ error: 'Missing "text" in request body' });
+    }
+
+    const entry = await getKanbanEntry(featureId);
+
+    if (!entry) {
+      log('NOTES', `REJECT: ${featureId} not found`);
+      return res.status(404).json({ error: `Feature "${featureId}" not found` });
+    }
+
+    const note = {
+      id: randomUUID().slice(0, 8),
+      text: text.trim(),
+      created_at: new Date().toISOString(),
+      updated_at: new Date().toISOString(),
+    };
+
+    if (!entry.notes) entry.notes = [];
+    entry.notes.push(note);
+
+    await saveKanbanEntry(featureId, entry);
+    log('NOTES', `Created note ${note.id} on ${featureId}`);
+    res.status(201).json(note);
+  } catch (err: any) {
+    log('NOTES', `ERROR: ${err.message}`);
+    res.status(400).json({ error: err.message });
+  }
+});
+
+// PUT /api/kanban/:id/notes/:nid
+router.put('/:id/notes/:nid', async (req, res) => {
+  const { id: featureId, nid: noteId } = req.params;
+  log('API', `PUT /api/kanban/${featureId}/notes/${noteId}`);
+  try {
+    const { text } = req.body;
+
+    if (!text || !text.trim()) {
+      return res.status(400).json({ error: 'Missing "text" in request body' });
+    }
+
+    const entry = await getKanbanEntry(featureId);
+
+    if (!entry) {
+      return res.status(404).json({ error: `Feature "${featureId}" not found` });
+    }
+
+    const note = (entry.notes || []).find((n: any) => n.id === noteId);
+    if (!note) {
+      return res.status(404).json({ error: `Note "${noteId}" not found` });
+    }
+
+    note.text = text.trim();
+    note.updated_at = new Date().toISOString();
+
+    await saveKanbanEntry(featureId, entry);
+    log('NOTES', `Updated note ${noteId} on ${featureId}`);
+    res.json(note);
+  } catch (err: any) {
+    log('NOTES', `ERROR: ${err.message}`);
+    res.status(400).json({ error: err.message });
+  }
+});
+
+// DELETE /api/kanban/:id/notes/:nid
+router.delete('/:id/notes/:nid', async (req, res) => {
+  const { id: featureId, nid: noteId } = req.params;
+  log('API', `DELETE /api/kanban/${featureId}/notes/${noteId}`);
+  try {
+    const entry = await getKanbanEntry(featureId);
+
+    if (!entry) {
+      return res.status(404).json({ error: `Feature "${featureId}" not found` });
+    }
+
+    const idx = (entry.notes || []).findIndex((n: any) => n.id === noteId);
+    if (idx === -1) {
+      return res.status(404).json({ error: `Note "${noteId}" not found` });
+    }
+
+    entry.notes.splice(idx, 1);
+    await saveKanbanEntry(featureId, entry);
+    log('NOTES', `Deleted note ${noteId} from ${featureId}`);
+    res.json({ deleted: true });
+  } catch (err: any) {
+    log('NOTES', `ERROR: ${err.message}`);
+    res.status(400).json({ error: err.message });
+  }
+});
+
+export default router;

package/templates/product-system/packages/backend/src/routes/pipeline.ts

@@ -0,0 +1,41 @@
+/**
+ * Pipeline API routes — start/status/unblock dev pipeline.
+ */
+
+import { Router } from 'express';
+import { log, pipeline } from '../services/init.js';
+
+const router: Router = Router();
+
+// POST /api/kanban/:id/develop
+router.post('/:id/develop', async (req, res) => {
+  const featureId = req.params.id;
+  try {
+    const result = await pipeline.start(featureId);
+    res.status(result.status).json(result.error ? { error: result.error } : { started: result.started, feature_id: result.feature_id });
+  } catch (err: any) {
+    log('DEVELOP', `UNEXPECTED ERROR: ${err.message}`);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// GET /api/kanban/:id/pipeline
+router.get('/:id/pipeline', async (req, res) => {
+  const featureId = req.params.id;
+  const result = await pipeline.getStatus(featureId);
+  res.json(result);
+});
+
+// POST /api/kanban/:id/unblock
+router.post('/:id/unblock', async (req, res) => {
+  const featureId = req.params.id;
+  try {
+    const result = await pipeline.unblock(featureId);
+    res.status(result.status).json(result.error ? { error: result.error } : { unblocked: result.unblocked, feature_id: result.feature_id });
+  } catch (err: any) {
+    log('UNBLOCK', `ERROR: ${err.message}`);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+export default router;

package/templates/product-system/packages/backend/src/routes/projects.ts

@@ -0,0 +1,122 @@
+/**
+ * Project routes — CRUD endpoints for project management.
+ * GET    /api/projects          — list active (non-archived) projects
+ * POST   /api/projects          — create a new project
+ * PATCH  /api/projects/:id      — rename a project
+ * POST   /api/projects/:id/archive  — archive (soft delete) a project
+ * POST   /api/projects/:id/restore  — restore an archived project
+ */
+
+import { Router } from 'express';
+import type { ProjectService } from '../services/project_service.js';
+
+interface ProjectRoutesDeps {
+  projectService: ProjectService;
+  log: (tag: string, ...args: any[]) => void;
+}
+
+export const createProjectRoutes = ({ projectService, log }: ProjectRoutesDeps): Router => {
+  const router: Router = Router();
+
+  // GET /api/projects — list active projects
+  router.get('/', async (_req, res) => {
+    log('PROJECTS', 'GET /api/projects');
+
+    try {
+      const projectList = await projectService.listActive();
+      res.json({ projects: projectList });
+    } catch (err: any) {
+      log('PROJECTS', `List projects failed: ${err.message}`, err.cause || err);
+      res.status(500).json({ error: 'Failed to list projects' });
+    }
+  });
+
+  // POST /api/projects — create a new project
+  router.post('/', async (req, res) => {
+    const { name } = req.body;
+    log('PROJECTS', `POST /api/projects name="${name}"`);
+
+    if (!name || typeof name !== 'string' || !name.trim()) {
+      res.status(400).json({ error: 'Project name is required' });
+      return;
+    }
+
+    try {
+      const project = await projectService.create(name.trim());
+      res.status(201).json({ project });
+    } catch (err: any) {
+      log('PROJECTS', `Create project failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to create project' });
+    }
+  });
+
+  // PATCH /api/projects/:id — rename a project
+  router.patch('/:id', async (req, res) => {
+    const { id } = req.params;
+    const { name } = req.body;
+    log('PROJECTS', `PATCH /api/projects/${id} name="${name}"`);
+
+    if (!name || typeof name !== 'string' || !name.trim()) {
+      res.status(400).json({ error: 'Project name is required' });
+      return;
+    }
+
+    try {
+      const project = await projectService.rename(id, name.trim());
+      res.json({ project });
+    } catch (err: any) {
+      log('PROJECTS', `Rename project failed: ${err.message}`);
+      if (err.message === 'Project not found') {
+        res.status(404).json({ error: err.message });
+        return;
+      }
+      res.status(500).json({ error: 'Failed to rename project' });
+    }
+  });
+
+  // POST /api/projects/:id/archive — archive a project
+  router.post('/:id/archive', async (req, res) => {
+    const { id } = req.params;
+    log('PROJECTS', `POST /api/projects/${id}/archive`);
+
+    try {
+      const project = await projectService.archive(id);
+      res.json({ project });
+    } catch (err: any) {
+      log('PROJECTS', `Archive project failed: ${err.message}`);
+      if (err.message === 'Project not found') {
+        res.status(404).json({ error: err.message });
+        return;
+      }
+      if (err.message === 'Cannot archive the default project' || err.message === 'Project is already archived') {
+        res.status(400).json({ error: err.message });
+        return;
+      }
+      res.status(500).json({ error: 'Failed to archive project' });
+    }
+  });
+
+  // POST /api/projects/:id/restore — restore an archived project
+  router.post('/:id/restore', async (req, res) => {
+    const { id } = req.params;
+    log('PROJECTS', `POST /api/projects/${id}/restore`);
+
+    try {
+      const project = await projectService.restore(id);
+      res.json({ project });
+    } catch (err: any) {
+      log('PROJECTS', `Restore project failed: ${err.message}`);
+      if (err.message === 'Project not found') {
+        res.status(404).json({ error: err.message });
+        return;
+      }
+      if (err.message === 'Project is not archived') {
+        res.status(400).json({ error: err.message });
+        return;
+      }
+      res.status(500).json({ error: 'Failed to restore project' });
+    }
+  });
+
+  return router;
+};

package/templates/product-system/packages/backend/src/routes/users.ts

@@ -0,0 +1,97 @@
+/**
+ * User management routes — admin-only endpoints for managing users and invitations.
+ * GET /api/users — list all users
+ * DELETE /api/users/:id — delete a user
+ * GET /api/users/invitations — list all invitations
+ * DELETE /api/users/invitations/:id — delete an invitation
+ */
+
+import { Router } from 'express';
+import type { Request, Response, NextFunction } from 'express';
+import type { UserManagementService } from '../services/user_management_service.js';
+
+interface UserRoutesDeps {
+  userManagementService: UserManagementService;
+  log: (tag: string, ...args: any[]) => void;
+}
+
+const requireAdmin = (req: Request, res: Response, next: NextFunction): void => {
+  const user = (req as any).user;
+  if (user?.role !== 'admin') {
+    res.status(403).json({ error: 'Admin access required' });
+    return;
+  }
+  next();
+};
+
+export const createUserRoutes = ({ userManagementService, log }: UserRoutesDeps): Router => {
+  const router: Router = Router();
+
+  router.use(requireAdmin);
+
+  // GET /api/users — list all users
+  router.get('/', async (req, res) => {
+    log('USERS', 'GET /api/users');
+
+    try {
+      const userList = await userManagementService.listUsers();
+      res.json({ users: userList });
+    } catch (err: any) {
+      log('USERS', `List users failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to list users' });
+    }
+  });
+
+  // DELETE /api/users/:id — delete a user
+  router.delete('/:id', async (req, res) => {
+    const { id } = req.params;
+    log('USERS', `DELETE /api/users/${id}`);
+    const user = (req as any).user;
+
+    try {
+      await userManagementService.deleteUser(id, user.id);
+      res.json({ message: 'User deleted' });
+    } catch (err: any) {
+      log('USERS', `Delete user failed: ${err.message}`);
+      if (err.message === 'Cannot delete your own account') {
+        return res.status(400).json({ error: err.message });
+      }
+      if (err.message === 'User not found') {
+        return res.status(404).json({ error: err.message });
+      }
+      res.status(500).json({ error: 'Failed to delete user' });
+    }
+  });
+
+  // GET /api/users/invitations — list all invitations
+  router.get('/invitations', async (req, res) => {
+    log('USERS', 'GET /api/users/invitations');
+
+    try {
+      const invitationList = await userManagementService.listInvitations();
+      res.json({ invitations: invitationList });
+    } catch (err: any) {
+      log('USERS', `List invitations failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to list invitations' });
+    }
+  });
+
+  // DELETE /api/users/invitations/:id — delete an invitation
+  router.delete('/invitations/:id', async (req, res) => {
+    const { id } = req.params;
+    log('USERS', `DELETE /api/users/invitations/${id}`);
+
+    try {
+      await userManagementService.deleteInvitation(id);
+      res.json({ message: 'Invitation deleted' });
+    } catch (err: any) {
+      log('USERS', `Delete invitation failed: ${err.message}`);
+      if (err.message === 'Invitation not found') {
+        return res.status(404).json({ error: err.message });
+      }
+      res.status(500).json({ error: 'Failed to delete invitation' });
+    }
+  });
+
+  return router;
+};

package/templates/product-system/packages/backend/src/server.ts

@@ -0,0 +1,159 @@
+/**
+ * Express server entry point.
+ * Serves API routes and static frontend files in production.
+ */
+
+import { config } from 'dotenv';
+import { resolve } from 'node:path';
+config({ path: resolve(import.meta.dirname, '..', '..', '..', '.env') });
+
+import express, {Express} from 'express';
+import cors from 'cors';
+import cookieParser from 'cookie-parser';
+import { createServer } from 'node:http';
+import { join, dirname } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { existsSync } from 'node:fs';
+import { WebSocketServer } from 'ws';
+import * as pty from 'node-pty';
+import { initServices, log } from './services/init.js';
+import { AuthService } from './services/auth_service.js';
+import { EmailService } from './services/email_service.js';
+import { PasswordResetService } from './services/password_reset_service.js';
+import { InvitationService } from './services/invitation_service.js';
+import { PtySessionManager } from './services/pty_session_manager.js';
+import { TerminalWsHandler } from './services/terminal_ws_handler.js';
+import { UserManagementService } from './services/user_management_service.js';
+import { ProjectService } from './services/project_service.js';
+import { AuthMiddleware } from './middleware/auth_middleware.js';
+import { createAuthRoutes } from './routes/auth.js';
+import { createUserRoutes } from './routes/users.js';
+import { createProjectRoutes } from './routes/projects.js';
+import { getDb } from '@interview-system/shared/lib/db.js';
+import graphRoutes from './routes/graph.js';
+import kanbanRoutes from './routes/kanban.js';
+import pipelineRoutes from './routes/pipeline.js';
+import coherenceRoutes from './routes/coherence.js';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const DEFAULT_PORT = 3000;
+
+const parseArgs = (argv: string[]) => {
+  const args = { port: DEFAULT_PORT, verbose: false };
+  for (let i = 2; i < argv.length; i++) {
+    if (argv[i] === '--port' && argv[i + 1]) {
+      args.port = parseInt(argv[i + 1], 10);
+      i++;
+    }
+    if (argv[i] === '--verbose') {
+      args.verbose = true;
+    }
+  }
+  return args;
+};
+
+const args = parseArgs(process.argv);
+
+// Initialize services after VERBOSE is set
+initServices(args.verbose);
+
+const app: Express = express();
+
+app.use(cors());
+app.use(express.json());
+app.use(cookieParser());
+
+// Request/response logging
+app.use((req, res, next) => {
+  const start = Date.now();
+  res.on('finish', () => {
+    const duration = Date.now() - start;
+    // Skip noisy pipeline polls
+    if (req.originalUrl.endsWith('/pipeline')) return;
+    log('HTTP', `${req.method} ${req.originalUrl} ${res.statusCode} ${duration}ms`);
+  });
+  next();
+});
+
+// Auth routes (public — no middleware)
+const jwtSecret = process.env.JWT_SECRET || 'dev-secret-change-in-production';
+const isProduction = process.env.NODE_ENV === 'production';
+const authService = new AuthService({ jwtSecret, isProduction });
+const resendApiKey = process.env.RESEND_API_KEY || '';
+const appBaseUrl = process.env.APP_BASE_URL || 'https://product-system.localhost';
+const emailFromAddress = process.env.EMAIL_FROM || 'noreply@example.com';
+const emailService = new EmailService({ apiKey: resendApiKey, fromAddress: emailFromAddress });
+const passwordResetService = new PasswordResetService({ getDb, emailService, authService, appBaseUrl, log });
+const invitationService = new InvitationService({ getDb, emailService, authService, appBaseUrl, log });
+const authRoutes = createAuthRoutes({ getDb, authService, passwordResetService, invitationService, log });
+app.use('/api/auth', authRoutes);
+
+// Auth middleware for protected API routes
+const authMiddleware = new AuthMiddleware({ authService });
+
+// User management routes (admin-only)
+const userManagementService = new UserManagementService({ getDb, log });
+const userRoutes = createUserRoutes({ userManagementService, log });
+app.use('/api/users', authMiddleware.requireAuth, userRoutes);
+
+// Project management routes (authenticated)
+const projectService = new ProjectService({ getDb, log });
+const projectRoutes = createProjectRoutes({ projectService, log });
+app.use('/api/projects', authMiddleware.requireAuth, projectRoutes);
+
+// Ensure default project exists and assign orphan nodes on startup
+projectService.ensureDefaultAndAssignOrphans().catch((err: any) => {
+  log('STARTUP', `Failed to ensure default project: ${err.message}`);
+});
+
+// Protected API routes — require authentication
+app.use('/api', authMiddleware.requireAuth, graphRoutes);
+app.use('/api/kanban', authMiddleware.requireAuth, kanbanRoutes);
+app.use('/api/kanban', authMiddleware.requireAuth, pipelineRoutes);
+app.use('/api/coherence', authMiddleware.requireAuth, coherenceRoutes);
+
+// Redirect favicon.ico to SVG favicon served from static files
+app.get('/favicon.ico', (_req, res) => { res.redirect(301, '/favicon.svg'); });
+
+// Serve frontend static files in production
+const FRONTEND_DIST = join(__dirname, '..', '..', 'frontend', 'dist');
+if (existsSync(FRONTEND_DIST)) {
+  app.use(express.static(FRONTEND_DIST));
+  // SPA fallback — send index.html for all non-API routes
+  app.get('/{*path}', (_req, res) => {
+    res.sendFile(join(FRONTEND_DIST, 'index.html'));
+  });
+}
+
+// Create HTTP server for both Express and WebSocket
+const server = createServer(app);
+
+// Set up WebSocket for terminal
+const wss = new WebSocketServer({ noServer: true });
+// Resolve project root: from packages/backend/src → product-system → repo root
+const PROJECT_ROOT = join(__dirname, '..', '..', '..', '..');
+const ptyManager = new PtySessionManager({ spawn: pty.spawn, log, projectRoot: PROJECT_ROOT });
+const terminalHandler = new TerminalWsHandler({ wss, authService, ptyManager, log });
+
+server.on('upgrade', (req, socket, head) => {
+  terminalHandler.handleUpgrade(req, socket, head);
+});
+
+// Clean up PTY sessions on server shutdown
+process.on('SIGTERM', () => {
+  ptyManager.destroyAll();
+  server.close();
+});
+
+server.listen(args.port, () => {
+  log('SERVER', `API server running at http://localhost:${args.port}`);
+  log('SERVER', `Verbose mode: ${args.verbose ? 'ON' : 'OFF'}`);
+  log('SERVER', `WebSocket terminal endpoint: ws://localhost:${args.port}/api/terminal`);
+  if (existsSync(FRONTEND_DIST)) {
+    log('SERVER', `Serving frontend from ${FRONTEND_DIST}`);
+  } else {
+    log('SERVER', `No frontend dist found — run "pnpm --filter @interview-system/frontend build" first, or use dev mode`);
+  }
+});
+
+export default app;