@branch-fiction/extension-sdk 0.1.0

package/dist/server-BcwliPFy.mjs

@@ -0,0 +1,752 @@
+import { c as optionURL, o as isUseSlotRequirement, u as validateManifest } from "./manifest-CQaa55kR.mjs";
+import { extensionSdkSource } from "./sdk-source.js";
+import { existsSync, mkdirSync, readFileSync, readdirSync, statSync, writeFileSync } from "node:fs";
+import { dirname, isAbsolute, join, normalize, relative } from "node:path";
+import Database from "better-sqlite3";
+import { Hono } from "hono";
+import { cors } from "hono/cors";
+import { streamSSE } from "hono/streaming";
+import { spawn } from "node:child_process";
+import { randomUUID } from "node:crypto";
+import { createInterface } from "node:readline";
+//#region src/dev/config.ts
+function readDevConfig(path) {
+	if (!existsSync(path)) return {};
+	try {
+		return JSON.parse(readFileSync(path, "utf8"));
+	} catch {
+		return {};
+	}
+}
+function writeDevConfig(path, config) {
+	writeFileSync(path, JSON.stringify(config, null, 2) + "\n");
+}
+function checkDevConfig(manifest, config) {
+	const missing = [];
+	const reqs = manifest.providers ?? [];
+	for (const req of reqs) {
+		const binding = config.providers?.[req.key];
+		if (!binding) {
+			missing.push(`providers.${req.key}`);
+			continue;
+		}
+		if (isUseSlotRequirement(req)) {
+			if (binding.kind !== "useSlot") {
+				missing.push(`providers.${req.key} (expected useSlot binding)`);
+				continue;
+			}
+			if (!binding.providerType || !binding.modelKey || !binding.baseURL) missing.push(`providers.${req.key} (incomplete useSlot binding)`);
+			if (binding.auth?.kind !== "none" && !binding.apiKey) missing.push(`providers.${req.key}.apiKey`);
+		} else {
+			if (binding.kind !== "options") {
+				missing.push(`providers.${req.key} (expected options binding)`);
+				continue;
+			}
+			const opt = req.options[binding.useIndex];
+			if (!opt) {
+				missing.push(`providers.${req.key}.useIndex out of range`);
+				continue;
+			}
+			if (opt.auth.kind !== "none" && !binding.apiKey) missing.push(`providers.${req.key}.apiKey`);
+		}
+	}
+	return {
+		ok: missing.length === 0,
+		missing
+	};
+}
+//#endregion
+//#region src/dev/db.ts
+let cached = null;
+function open(path) {
+	if (cached && cached.path === path) return cached.db;
+	if (cached) cached.db.close();
+	const db = new Database(path);
+	db.pragma("journal_mode = WAL");
+	db.pragma("busy_timeout = 5000");
+	db.pragma("foreign_keys = ON");
+	cached = {
+		path,
+		db
+	};
+	return db;
+}
+function dbQuery(dbPath, req) {
+	const db = open(dbPath);
+	const trimmed = req.sql.trimStart().toLowerCase();
+	const isQuery = trimmed.startsWith("select") || trimmed.startsWith("with") || trimmed.startsWith("pragma") || trimmed.startsWith("explain");
+	const stmt = db.prepare(req.sql);
+	if (isQuery) return {
+		rows: stmt.all(...req.params ?? []),
+		changes: 0
+	};
+	const info = stmt.run(...req.params ?? []);
+	return {
+		rows: [],
+		changes: Number(info.changes ?? 0)
+	};
+}
+//#endregion
+//#region src/dev/fs.ts
+function safeJoin(root, rel) {
+	if (rel.startsWith("/") || isAbsolute(rel)) throw new Error(`absolute path not allowed: ${rel}`);
+	const joined = normalize(join(root, rel));
+	const inside = relative(root, joined);
+	if (inside.startsWith("..") || isAbsolute(inside)) throw new Error(`path escapes assets dir: ${rel}`);
+	return joined;
+}
+function fsRead(assetsDir, relPath) {
+	return { bytesBase64: readFileSync(safeJoin(assetsDir, relPath)).toString("base64") };
+}
+function fsWrite(assetsDir, relPath, bytesBase64) {
+	const path = safeJoin(assetsDir, relPath);
+	mkdirSync(dirname(path), { recursive: true });
+	writeFileSync(path, Buffer.from(bytesBase64, "base64"));
+	return { ok: true };
+}
+function fsList(assetsDir, relPath) {
+	const path = safeJoin(assetsDir, relPath ?? "");
+	let entries;
+	try {
+		entries = readdirSync(path);
+	} catch {
+		return [];
+	}
+	return entries.map((name) => {
+		let isDirectory = false;
+		try {
+			isDirectory = statSync(join(path, name)).isDirectory();
+		} catch {}
+		return {
+			name,
+			isDirectory
+		};
+	});
+}
+//#endregion
+//#region src/dev/proxy.ts
+const STRIP_HEADERS = new Set([
+	"host",
+	"authorization",
+	"x-goog-api-key",
+	"content-length",
+	"connection"
+]);
+async function proxyToProvider(c, label, resolved, rest) {
+	const target = buildTargetUrl(resolved.baseURL, rest, c.req.url);
+	const outbound = sanitizeHeaders(c.req.raw.headers, resolved);
+	if (resolved.apiKey) applyAuth(resolved, outbound, target);
+	const init = {
+		method: c.req.method,
+		headers: outbound,
+		redirect: "manual"
+	};
+	if (c.req.method !== "GET" && c.req.method !== "HEAD") init.body = await c.req.raw.arrayBuffer();
+	if (resolved.auth.kind === "body") {
+		const rewrite = applyBodyAuth(resolved.auth.field, resolved.apiKey ?? "", c.req.method, outbound, init.body);
+		if (!rewrite.ok) return new Response(rewrite.error, { status: 400 });
+		init.body = rewrite.body;
+	}
+	let upstream;
+	try {
+		upstream = await fetch(target, init);
+	} catch (e) {
+		console.error(`[proxy] ${label} ${c.req.method} ${target} -> send error:`, e);
+		throw e;
+	}
+	console.log(`[proxy] ${label} ${c.req.method} ${target} -> ${upstream.status}`);
+	const headers = new Headers(upstream.headers);
+	headers.delete("content-length");
+	headers.delete("content-encoding");
+	headers.delete("transfer-encoding");
+	return new Response(upstream.body, {
+		status: upstream.status,
+		headers
+	});
+}
+function buildTargetUrl(baseURL, rest, reqUrl) {
+	const trimmedBase = baseURL.replace(/\/+$/, "");
+	const trimmedRest = rest.replace(/^\/+/, "");
+	const joined = trimmedRest ? `${trimmedBase}/${trimmedRest}` : trimmedBase;
+	const url = new URL(joined);
+	const callerQuery = new URL(reqUrl).search;
+	if (callerQuery) {
+		const callerParams = new URLSearchParams(callerQuery);
+		for (const [k, v] of callerParams) url.searchParams.append(k, v);
+	}
+	return url;
+}
+function sanitizeHeaders(incoming, resolved) {
+	const out = new Headers();
+	const stripCustom = resolved.auth.kind === "header" ? resolved.auth.header.toLowerCase() : null;
+	for (const [name, value] of incoming) {
+		const n = name.toLowerCase();
+		if (STRIP_HEADERS.has(n)) continue;
+		if (stripCustom && n === stripCustom) continue;
+		out.append(name, value);
+	}
+	return out;
+}
+function applyAuth(resolved, headers, url) {
+	const apiKey = resolved.apiKey ?? "";
+	switch (resolved.auth.kind) {
+		case "none": return;
+		case "bearer":
+			headers.set("authorization", `Bearer ${apiKey}`);
+			return;
+		case "header":
+			headers.set(resolved.auth.header, apiKey);
+			return;
+		case "queryParam":
+			url.searchParams.set(resolved.auth.param, apiKey);
+			return;
+		case "body": return;
+	}
+}
+function applyBodyAuth(field, apiKey, method, headers, body) {
+	if (method === "GET" || method === "HEAD" || !body || body.byteLength === 0) return {
+		ok: false,
+		error: "body auth requires a JSON request body"
+	};
+	const contentType = headers.get("content-type") ?? "";
+	if (contentType && !/^application\/json\b/i.test(contentType)) return {
+		ok: false,
+		error: "body auth requires application/json content-type"
+	};
+	let parsed;
+	try {
+		parsed = JSON.parse(new TextDecoder().decode(body));
+	} catch (e) {
+		return {
+			ok: false,
+			error: `body auth: invalid json: ${e.message}`
+		};
+	}
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) return {
+		ok: false,
+		error: "body auth: JSON root must be an object"
+	};
+	parsed[field] = apiKey;
+	headers.set("content-type", "application/json");
+	return {
+		ok: true,
+		body: JSON.stringify(parsed)
+	};
+}
+//#endregion
+//#region \0@oxc-project+runtime@0.135.0/helpers/esm/taggedTemplateLiteral.js
+function _taggedTemplateLiteral(e, t) {
+	return t || (t = e.slice(0)), Object.freeze(Object.defineProperties(e, { raw: { value: Object.freeze(t) } }));
+}
+//#endregion
+//#region src/dev/setup-ui.ts
+var _templateObject;
+const SETUP_UI_HTML = String.raw(_templateObject || (_templateObject = _taggedTemplateLiteral(["<!doctype html>\n<html lang=\"en\">\n<head>\n<meta charset=\"utf-8\" />\n<title>Extension dev setup</title>\n<style>\n  :root {\n    color-scheme: dark light;\n    --fg: #1a1a1a;\n    --bg: #fafafa;\n    --muted: #707070;\n    --border: #ddd;\n    --primary: #2658d3;\n    --warn: #b04a00;\n    --ok: #1a7a3a;\n  }\n  @media (prefers-color-scheme: dark) {\n    :root {\n      --fg: #eee;\n      --bg: #18181a;\n      --muted: #999;\n      --border: #333;\n      --primary: #6691ff;\n    }\n  }\n  * { box-sizing: border-box; }\n  body {\n    font: 14px/1.45 system-ui, -apple-system, sans-serif;\n    margin: 0; padding: 32px 24px; max-width: 760px; margin-inline: auto;\n    color: var(--fg); background: var(--bg);\n  }\n  h1 { font-size: 22px; margin: 0 0 4px; }\n  h2 { font-size: 16px; margin: 24px 0 8px; }\n  p.sub { color: var(--muted); margin: 0 0 24px; }\n  .card { border: 1px solid var(--border); border-radius: 8px; padding: 16px; margin: 12px 0; }\n  .row { display: grid; grid-template-columns: 160px 1fr; gap: 12px; margin: 8px 0; align-items: center; }\n  label { color: var(--muted); }\n  input, select, textarea {\n    font: inherit; padding: 6px 8px; border: 1px solid var(--border);\n    border-radius: 4px; background: var(--bg); color: var(--fg); width: 100%;\n  }\n  input[type=checkbox] { width: auto; }\n  button {\n    font: inherit; padding: 8px 14px; border-radius: 4px; border: 1px solid var(--primary);\n    background: var(--primary); color: white; cursor: pointer;\n  }\n  button.secondary { background: transparent; color: var(--primary); }\n  button:disabled, button.secondary:disabled {\n    background: transparent; color: var(--muted); border-color: var(--border);\n    cursor: not-allowed; opacity: 0.7;\n  }\n  .small { font-size: 12px; color: var(--muted); }\n  code { font: 12px/1.4 ui-monospace, \"SF Mono\", Menlo, monospace; padding: 1px 4px;\n    background: var(--border); border-radius: 3px; }\n  .actions { display: flex; gap: 8px; margin-top: 24px; }\n  .err { color: var(--warn); margin: 8px 0; }\n</style>\n</head>\n<body>\n<h1>Extension dev setup</h1>\n<p class=\"sub\">Configure provider bindings + pick a book. Saved to <code>dev.config.json</code> in your extension dir.</p>\n<div id=\"root\">Loading…</div>\n<script type=\"module\">\nconst root = document.getElementById('root');\n\nasync function fetchStatus() {\n  const r = await fetch('/__dev__/api/status');\n  if (!r.ok) throw new Error('status: ' + r.status);\n  return r.json();\n}\n\nfunction inputRow(label, value, onInput, opts = {}) {\n  const wrap = document.createElement('div');\n  wrap.className = 'row';\n  const lab = document.createElement('label');\n  lab.textContent = label;\n  const input = document.createElement('input');\n  input.type = opts.type ?? 'text';\n  if (opts.placeholder) input.placeholder = opts.placeholder;\n  input.value = value ?? '';\n  input.addEventListener('input', () => onInput(input.value));\n  wrap.append(lab, input);\n  return wrap;\n}\n\nfunction selectRow(label, value, options, onChange) {\n  const wrap = document.createElement('div');\n  wrap.className = 'row';\n  const lab = document.createElement('label');\n  lab.textContent = label;\n  const sel = document.createElement('select');\n  for (const opt of options) {\n    const o = document.createElement('option');\n    o.value = opt.value;\n    o.textContent = opt.label;\n    if (opt.value === value) o.selected = true;\n    sel.appendChild(o);\n  }\n  sel.addEventListener('change', () => onChange(sel.value));\n  wrap.append(lab, sel);\n  return wrap;\n}\n\nconst PROVIDER_TYPES = [\n  { value: 'google_gemini', label: 'Google Gemini', baseURL: 'https://generativelanguage.googleapis.com/v1beta', auth: { kind: 'header', header: 'x-goog-api-key' } },\n  { value: 'openai', label: 'OpenAI', baseURL: 'https://api.openai.com/v1', auth: { kind: 'bearer' } },\n  { value: 'anthropic', label: 'Anthropic', baseURL: 'https://api.anthropic.com', auth: { kind: 'header', header: 'x-api-key' } },\n  { value: 'openrouter', label: 'OpenRouter', baseURL: 'https://openrouter.ai/api/v1', auth: { kind: 'bearer' } },\n  { value: 'xai', label: 'xAI', baseURL: 'https://api.x.ai/v1', auth: { kind: 'bearer' } },\n  { value: 'fal', label: 'Fal', baseURL: 'https://fal.run', auth: { kind: 'bearer', headerPrefix: 'Key' } },\n  { value: 'ollama', label: 'Ollama', baseURL: 'http://localhost:11434', auth: { kind: 'none' } },\n  { value: 'openai_compatible', label: 'OpenAI Compatible', baseURL: '', auth: { kind: 'bearer' } }\n];\n\nfunction defaultBindingForReq(req, existing) {\n  if ('useSlot' in req) {\n    const e = existing && existing.kind === 'useSlot' ? existing : null;\n    const preset = PROVIDER_TYPES[0];\n    return {\n      kind: 'useSlot',\n      providerType: e?.providerType ?? preset.value,\n      modelKey: e?.modelKey ?? '',\n      baseURL: e?.baseURL ?? preset.baseURL,\n      auth: e?.auth ?? preset.auth,\n      apiKey: e?.apiKey ?? '',\n      reasoning: e?.reasoning\n    };\n  }\n  const e = existing && existing.kind === 'options' ? existing : null;\n  return {\n    kind: 'options',\n    useIndex: e?.useIndex ?? 0,\n    fullURL: e?.fullURL,\n    apiKey: e?.apiKey ?? ''\n  };\n}\n\nfunction renderRequirement(req, binding, onChange) {\n  const card = document.createElement('div');\n  card.className = 'card';\n  const h = document.createElement('h2');\n  h.textContent = req.role ? req.role + ' (' + req.key + ')' : req.key;\n  card.appendChild(h);\n\n  if ('useSlot' in req) {\n    const small = document.createElement('p');\n    small.className = 'small';\n    small.textContent = 'useSlot: ' + req.useSlot + ' — pick any provider+model that fits this slot.';\n    card.appendChild(small);\n\n    card.appendChild(selectRow('Provider type', binding.providerType,\n      PROVIDER_TYPES.map((p) => ({ value: p.value, label: p.label })),\n      (v) => {\n        const preset = PROVIDER_TYPES.find((p) => p.value === v);\n        binding.providerType = v;\n        if (preset) {\n          binding.baseURL = preset.baseURL;\n          binding.auth = preset.auth;\n        }\n        onChange();\n      }));\n    card.appendChild(inputRow('Model id', binding.modelKey, (v) => { binding.modelKey = v; onChange(); }, { placeholder: 'e.g. gemini-2.5-flash' }));\n    card.appendChild(inputRow('Base URL', binding.baseURL, (v) => { binding.baseURL = v; onChange(); }));\n    card.appendChild(inputRow('API key', binding.apiKey, (v) => { binding.apiKey = v; onChange(); }, { type: 'password' }));\n  } else {\n    card.appendChild(selectRow('Option', String(binding.useIndex),\n      req.options.map((o, i) => ({ value: String(i), label: (o.providerName ?? '') + ' ' + (o.baseURL ?? o.fullURL) + (o.model ? ' / ' + o.model : '') })),\n      (v) => { binding.useIndex = Number(v); onChange(); }));\n    const opt = req.options[binding.useIndex];\n    if (opt && 'fullURL' in opt && opt.fullURL) {\n      card.appendChild(inputRow('Endpoint URL', binding.fullURL ?? opt.fullURL, (v) => { binding.fullURL = v; onChange(); }));\n    }\n    if (opt && opt.auth.kind !== 'none') {\n      card.appendChild(inputRow('API key', binding.apiKey, (v) => { binding.apiKey = v; onChange(); }, { type: 'password' }));\n    }\n  }\n  return card;\n}\n\nfunction renderConfigField(field, value, onChange) {\n  const wrap = document.createElement('div');\n  if (field.type === 'boolean') {\n    wrap.className = 'row';\n    const lab = document.createElement('label');\n    lab.textContent = field.label;\n    const cb = document.createElement('input');\n    cb.type = 'checkbox';\n    cb.checked = !!value;\n    cb.addEventListener('change', () => onChange(cb.checked));\n    wrap.append(lab, cb);\n  } else if (field.type === 'select') {\n    wrap.appendChild(selectRow(field.label, String(value ?? field.default ?? ''),\n      field.options.map((o) => ({ value: o.value, label: o.label })),\n      (v) => onChange(v)));\n  } else {\n    wrap.appendChild(inputRow(field.label, value ?? field.default ?? '', (v) => onChange(v), { placeholder: field.placeholder }));\n  }\n  return wrap;\n}\n\nlet manifest, config;\nlet books = [];\n\nasync function saveConfig() {\n  const r = await fetch('/__dev__/api/save', {\n    method: 'POST', headers: { 'Content-Type': 'application/json' },\n    body: JSON.stringify(config)\n  });\n  if (!r.ok) throw new Error(await r.text());\n}\n\nasync function init() {\n  let status;\n  try {\n    status = await fetchStatus();\n  } catch (e) {\n    root.innerHTML = '<div class=\"err\">Failed to load status: ' + e.message + '</div>';\n    return;\n  }\n\n  manifest = status.manifest;\n  config = status.config ?? {};\n  config.providers ??= {};\n  config.config ??= {};\n  books = status.books ?? [];\n\n  for (const req of manifest.providers ?? []) {\n    config.providers[req.key] = defaultBindingForReq(req, config.providers[req.key]);\n  }\n\n  const ready = status.ok && books.length > 0 && !!config.bookId\n    && books.some((b) => b.id === config.bookId);\n\n  // Auto-launch when Vite redirected us here (?auto=1) and there's nothing\n  // left to configure. Manual visits always show the wizard.\n  const params = new URLSearchParams(window.location.search);\n  if (params.has('auto') && ready) {\n    root.innerHTML = '<p class=\"small\">Launching…</p>';\n    try {\n      const r = await fetch('/__dev__/api/launch-url');\n      const j = await r.json().catch(() => ({}));\n      if (r.ok && j.ok !== false && j.url) {\n        window.location.replace(j.url);\n        return;\n      }\n      console.warn('[extension-dev] auto-launch failed:', j.error ?? r.statusText);\n    } catch (e) {\n      console.warn('[extension-dev] auto-launch failed:', e);\n    }\n  }\n\n  render();\n}\n\nlet darkMode = false;\n\nfunction render() {\n  root.innerHTML = '';\n\n  if ((manifest.providers ?? []).length > 0) {\n    const head = document.createElement('h2');\n    head.textContent = 'Provider requirements';\n    root.appendChild(head);\n    for (const req of manifest.providers ?? []) {\n      root.appendChild(renderRequirement(req, config.providers[req.key], () => undefined));\n    }\n  }\n\n  if ((manifest.config ?? []).length > 0) {\n    const head = document.createElement('h2');\n    head.textContent = 'Extension config';\n    root.appendChild(head);\n    const card = document.createElement('div');\n    card.className = 'card';\n    for (const field of manifest.config) {\n      card.appendChild(renderConfigField(field, config.config[field.key], (v) => {\n        config.config[field.key] = v;\n      }));\n    }\n    root.appendChild(card);\n  }\n\n  const bookHead = document.createElement('h2');\n  bookHead.textContent = 'Book context';\n  const bookCard = document.createElement('div');\n  bookCard.className = 'card';\n  if (books.length === 0) {\n    bookCard.textContent = 'No books found in your app DB. Import a book in Branch Fiction first, then reload.';\n  } else {\n    if (!config.bookId || !books.some((b) => b.id === config.bookId)) {\n      config.bookId = books[0].id;\n    }\n    bookCard.appendChild(selectRow('Book', config.bookId,\n      books.map((b) => ({ value: b.id, label: b.title + '  (' + b.id + ')' })),\n      (v) => { config.bookId = v; }));\n  }\n  root.append(bookHead, bookCard);\n\n  const darkRow = document.createElement('div');\n  darkRow.className = 'row';\n  const darkLab = document.createElement('label');\n  darkLab.style.display = 'flex';\n  darkLab.style.alignItems = 'center';\n  darkLab.style.gap = '8px';\n  darkLab.style.cursor = 'pointer';\n  const darkCb = document.createElement('input');\n  darkCb.type = 'checkbox';\n  darkCb.checked = darkMode;\n  darkCb.addEventListener('change', () => { darkMode = darkCb.checked; });\n  darkLab.append(darkCb, document.createTextNode('Dark mode?'));\n  darkRow.appendChild(darkLab);\n  root.appendChild(darkRow);\n\n  const actions = document.createElement('div');\n  actions.className = 'actions';\n  const launch = document.createElement('button');\n  launch.textContent = 'Save & launch';\n  launch.disabled = books.length === 0;\n  actions.append(launch);\n  root.appendChild(actions);\n\n  const err = document.createElement('div');\n  err.className = 'err';\n  root.appendChild(err);\n\n  launch.addEventListener('click', async () => {\n    err.textContent = '';\n    if (!config.bookId) {\n      err.textContent = 'Pick a book before launching.';\n      return;\n    }\n    try {\n      await saveConfig();\n    } catch (e) {\n      err.textContent = 'Save failed: ' + e.message;\n      return;\n    }\n    const r = await fetch('/__dev__/api/launch-url');\n    const j = await r.json().catch(() => ({}));\n    if (!r.ok || j.ok === false) {\n      err.textContent = 'Launch failed: ' + (j.error ?? r.statusText);\n      return;\n    }\n    const u = new URL(j.url, window.location.href);\n    if (darkMode) u.searchParams.set('dark', '1');\n    window.location.href = u.toString();\n  });\n}\n\nvoid init();\n<\/script>\n</body>\n</html>"])));
+//#endregion
+//#region src/dev/tasks.ts
+function spawnWorker(args) {
+	const taskId = `ptk_${randomUUID().replace(/-/g, "")}`;
+	const ac = new AbortController();
+	args.controllers.set(taskId, ac);
+	const allowRead = [
+		args.extensionDataRoot,
+		args.extensionDir,
+		dirname$1(args.extensionHostBundle)
+	].filter(Boolean).join(",");
+	const allowWrite = args.extensionDataRoot;
+	const allowNet = [
+		`127.0.0.1:${args.hostPort}`,
+		`localhost:${args.hostPort}`,
+		...args.netAllowlist
+	].join(",");
+	const denoArgs = [
+		"run",
+		"--no-config",
+		`--allow-read=${allowRead}`,
+		`--allow-write=${allowWrite}`,
+		`--allow-net=${allowNet}`,
+		args.extensionHostBundle
+	];
+	return {
+		taskId,
+		events: pump(spawn(args.denoBin, denoArgs, {
+			stdio: [
+				"pipe",
+				"pipe",
+				"pipe"
+			],
+			signal: ac.signal
+		}), args, ac, args.controllers, taskId),
+		cancel: () => ac.abort()
+	};
+}
+function dirname$1(p) {
+	const idx = p.lastIndexOf("/");
+	return idx === -1 ? p : p.slice(0, idx);
+}
+const INIT_REQ_ID = 1;
+const RUN_REQ_ID = 2;
+async function* pump(child, args, _ac, controllers, taskId) {
+	const buffer = [];
+	let resolve = null;
+	let done = false;
+	let error = null;
+	const onErr = (e) => {
+		if (e.name === "AbortError") return;
+		error = e;
+		done = true;
+		resolve?.();
+	};
+	const initReq = JSON.stringify({
+		jsonrpc: "2.0",
+		id: INIT_REQ_ID,
+		method: "init",
+		params: [{
+			extensionId: args.extensionId,
+			bookId: args.bookId,
+			providers: serializableProviders(args.providers),
+			config: args.config,
+			dbPath: args.dbPath,
+			dataDir: args.assetsDir,
+			extensionWorkerPath: `${args.extensionDir.replace(/\/+$/, "")}/${args.workerEntry.replace(/^\.?\/+/, "")}`
+		}]
+	}) + "\n";
+	child.stdin?.write(initReq);
+	if (child.stdout) createInterface({ input: child.stdout }).on("line", (line) => {
+		const trimmed = line.trim();
+		if (!trimmed) return;
+		let msg;
+		try {
+			msg = JSON.parse(trimmed);
+		} catch {
+			return;
+		}
+		const id = typeof msg.id === "number" ? msg.id : null;
+		if (id === null) {
+			if (msg.method === "host.log") {
+				const params = msg.params ?? {};
+				buffer.push({
+					kind: "log",
+					args: params.args ?? []
+				});
+				resolve?.();
+			}
+			return;
+		}
+		if (id === INIT_REQ_ID) {
+			if (msg.error) {
+				buffer.push({
+					kind: "error",
+					message: errorMessage(msg.error) || "init failed"
+				});
+				done = true;
+				resolve?.();
+				return;
+			}
+			const runReq = JSON.stringify({
+				jsonrpc: "2.0",
+				id: RUN_REQ_ID,
+				method: "runTask",
+				params: [{
+					task: args.task,
+					payload: args.payload
+				}]
+			}) + "\n";
+			child.stdin?.write(runReq);
+		} else if (id === RUN_REQ_ID) {
+			if (msg.error) buffer.push({
+				kind: "error",
+				message: errorMessage(msg.error)
+			});
+			else {
+				const result = msg.result?.result ?? null;
+				buffer.push({
+					kind: "result",
+					value: result
+				});
+			}
+			done = true;
+			resolve?.();
+		}
+	});
+	if (child.stderr) child.stderr.on("data", (chunk) => {
+		const text = chunk.toString("utf8").trimEnd();
+		if (text) console.error(`[extension-host:${args.extensionId}]`, text);
+	});
+	child.on("error", onErr);
+	child.on("exit", () => {
+		if (!done) {
+			buffer.push({
+				kind: "error",
+				message: "extension worker exited without returning a result"
+			});
+			done = true;
+		}
+		resolve?.();
+	});
+	try {
+		while (true) {
+			while (buffer.length > 0) {
+				const ev = buffer.shift();
+				yield ev;
+				if (ev.kind === "result" || ev.kind === "error") return;
+			}
+			if (done) {
+				if (error) throw error;
+				return;
+			}
+			await new Promise((r) => {
+				resolve = r;
+			});
+			resolve = null;
+		}
+	} finally {
+		controllers.delete(taskId);
+		if (!child.killed) try {
+			child.kill();
+		} catch {}
+	}
+}
+function serializableProviders(providers) {
+	const out = {};
+	for (const [k, v] of Object.entries(providers)) out[k] = { ...v };
+	return out;
+}
+function errorMessage(err) {
+	if (err && typeof err === "object" && "message" in err) return String(err.message);
+	return "unknown error";
+}
+//#endregion
+//#region src/dev/tokens.ts
+var TokenRegistry = class {
+	dataToken = null;
+	proxyTokens = /* @__PURE__ */ new Map();
+	tokenByKey = /* @__PURE__ */ new Map();
+	resolved = /* @__PURE__ */ new Map();
+	handles = {};
+	mintDataToken() {
+		if (!this.dataToken) this.dataToken = `pdt_${randomUUID().replace(/-/g, "")}`;
+		return this.dataToken;
+	}
+	getDataToken() {
+		return this.mintDataToken();
+	}
+	buildProviders(manifest, config, hostOrigin) {
+		this.resolved.clear();
+		this.handles = {};
+		const reqs = manifest.providers ?? [];
+		for (const req of reqs) {
+			const binding = config.providers?.[req.key];
+			if (!binding) continue;
+			const resolved = resolveBinding(req, binding);
+			if (!resolved) continue;
+			let token = this.tokenByKey.get(req.key);
+			if (!token) {
+				token = `pps_${randomUUID().replace(/-/g, "")}`;
+				this.tokenByKey.set(req.key, token);
+				this.proxyTokens.set(token, { providerKey: req.key });
+			}
+			this.resolved.set(req.key, resolved);
+			const proxyBaseURL = `${hostOrigin}/extension-providers/${token}/${encodeURIComponent(req.key)}`;
+			const handle = {
+				baseURL: resolved.baseURL,
+				proxyBaseURL
+			};
+			if (isUseSlotRequirement(req) && binding.kind === "useSlot") {
+				handle.modelKey = binding.modelKey;
+				handle.providerType = binding.providerType;
+				if (binding.reasoning) handle.reasoning = binding.reasoning;
+			} else if (binding.kind === "options" && !isUseSlotRequirement(req)) {
+				const opt = req.options[binding.useIndex];
+				if (opt?.model) handle.modelKey = opt.model;
+			}
+			this.handles[req.key] = handle;
+		}
+		return this.handles;
+	}
+	resolveProxyForKey(token, providerKey) {
+		const session = this.proxyTokens.get(token);
+		if (!session || session.providerKey !== providerKey) return null;
+		return this.resolved.get(providerKey) ?? null;
+	}
+	isValidDataToken(token) {
+		return this.dataToken !== null && token === this.dataToken;
+	}
+};
+function resolveBinding(req, binding) {
+	if (isUseSlotRequirement(req)) {
+		if (binding.kind !== "useSlot") return null;
+		return {
+			baseURL: binding.baseURL,
+			auth: binding.auth,
+			apiKey: binding.apiKey
+		};
+	}
+	if (binding.kind !== "options") return null;
+	const opt = req.options[binding.useIndex];
+	if (!opt) return null;
+	return {
+		baseURL: binding.fullURL ?? optionURL(opt),
+		auth: opt.auth,
+		apiKey: binding.apiKey
+	};
+}
+const registry = new TokenRegistry();
+//#endregion
+//#region src/dev/server.ts
+const ASSET_MIME = {
+	png: "image/png",
+	jpg: "image/jpeg",
+	jpeg: "image/jpeg",
+	webp: "image/webp",
+	gif: "image/gif",
+	svg: "image/svg+xml",
+	mp4: "video/mp4",
+	webm: "video/webm"
+};
+function createDevServer(opts) {
+	const app = new Hono();
+	app.use("*", cors({
+		origin: "*",
+		allowHeaders: ["*"],
+		allowMethods: ["*"]
+	}));
+	const dataDir = opts.dataDir;
+	const configPath = opts.configPath ?? join(opts.extensionDir, "dev.config.json");
+	const dbPath = opts.dbPath;
+	const assetsDir = opts.assetsDir;
+	const taskControllers = /* @__PURE__ */ new Map();
+	const singletonTasks = /* @__PURE__ */ new Map();
+	const hostOrigin = `http://localhost:${opts.hostPort}`;
+	function loadManifest() {
+		const raw = readFileSync(join(opts.extensionDir, "manifest.json"), "utf8");
+		const manifest = JSON.parse(raw);
+		validateManifest(manifest);
+		return manifest;
+	}
+	function listBooks() {
+		if (!existsSync(dbPath)) return [];
+		const db = new Database(dbPath, {
+			readonly: true,
+			fileMustExist: true
+		});
+		try {
+			return db.prepare("SELECT id, title FROM books WHERE status = 'completed' ORDER BY title").all();
+		} catch {
+			return [];
+		} finally {
+			db.close();
+		}
+	}
+	app.get("/extension-sdk.js", (c) => {
+		c.header("Content-Type", "application/javascript; charset=utf-8");
+		return c.body(extensionSdkSource());
+	});
+	app.get("/extension-data/:token/context", (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const manifest = loadManifest();
+		const config = readDevConfig(configPath);
+		const providers = registry.buildProviders(manifest, config, hostOrigin);
+		return c.json({
+			extensionId: manifest.id,
+			bookId: config.bookId ?? null,
+			providers,
+			config: config.config ?? {}
+		});
+	});
+	app.post("/extension-data/:token/db/query", async (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const body = await c.req.json();
+		try {
+			return c.json(dbQuery(dbPath, body));
+		} catch (e) {
+			return c.text(`db.query: ${e.message}`, 400);
+		}
+	});
+	app.post("/extension-data/:token/fs/read", async (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const body = await c.req.json();
+		try {
+			return c.json(fsRead(assetsDir, body.relPath));
+		} catch (e) {
+			return c.text(`fs.read: ${e.message}`, 400);
+		}
+	});
+	app.post("/extension-data/:token/fs/write", async (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const body = await c.req.json();
+		try {
+			return c.json(fsWrite(assetsDir, body.relPath, body.bytesBase64));
+		} catch (e) {
+			return c.text(`fs.write: ${e.message}`, 400);
+		}
+	});
+	app.post("/extension-data/:token/fs/list", async (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const body = await c.req.json().catch(() => ({}));
+		return c.json(fsList(assetsDir, body.relPath ?? null));
+	});
+	app.post("/extension-data/:token/task/start", async (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const body = await c.req.json();
+		const manifest = loadManifest();
+		const workerEntry = manifest.path?.worker;
+		if (!workerEntry) return c.text("extension has no path.worker entry", 400);
+		const config = readDevConfig(configPath);
+		const providers = registry.buildProviders(manifest, config, hostOrigin);
+		const singletonKey = body.singletonKey ? `${manifest.id}|${config.bookId ?? ""}|${body.singletonKey}` : null;
+		if (singletonKey && singletonTasks.has(singletonKey)) return c.text(`task already running: ${body.singletonKey}`, 409);
+		const handle = spawnWorker({
+			extensionId: manifest.id,
+			bookId: config.bookId ?? null,
+			extensionDir: opts.extensionDir,
+			workerEntry,
+			extensionHostBundle: opts.extensionHostBundle,
+			denoBin: opts.denoBin,
+			extensionDataRoot: dataDir,
+			assetsDir,
+			dbPath,
+			providers,
+			config: config.config ?? {},
+			netAllowlist: manifest.net ?? [],
+			hostPort: opts.hostPort,
+			task: body.task,
+			payload: body.payload ?? null,
+			controllers: taskControllers
+		});
+		if (singletonKey) singletonTasks.set(singletonKey, handle.taskId);
+		return streamSSE(c, async (stream) => {
+			await stream.writeSSE({
+				event: "started",
+				data: JSON.stringify({ taskId: handle.taskId })
+			});
+			try {
+				for await (const ev of handle.events) if (ev.kind === "log") await stream.writeSSE({
+					event: "log",
+					data: JSON.stringify({ args: ev.args })
+				});
+				else if (ev.kind === "result") {
+					await stream.writeSSE({
+						event: "result",
+						data: JSON.stringify({ value: ev.value })
+					});
+					return;
+				} else {
+					await stream.writeSSE({
+						event: "error",
+						data: JSON.stringify({ message: ev.message })
+					});
+					return;
+				}
+			} finally {
+				handle.cancel();
+				if (singletonKey && singletonTasks.get(singletonKey) === handle.taskId) singletonTasks.delete(singletonKey);
+			}
+		});
+	});
+	app.post("/extension-data/:token/task/:taskId/cancel", (c) => {
+		const token = c.req.param("token");
+		if (!registry.isValidDataToken(token)) return c.text("unauthorized", 401);
+		const taskId = c.req.param("taskId");
+		const ac = taskControllers.get(taskId);
+		if (ac) ac.abort();
+		return c.body(null, 204);
+	});
+	app.all("/extension-providers/:token/:providerKey/*", async (c) => {
+		const token = c.req.param("token");
+		const providerKey = c.req.param("providerKey");
+		const path = c.req.path;
+		const prefix = `/extension-providers/${token}/${providerKey}/`;
+		const rest = path.startsWith(prefix) ? path.slice(prefix.length) : "";
+		const found = registry.resolveProxyForKey(token, providerKey);
+		if (!found) {
+			console.warn(`[proxy] (unknown token ${token.slice(0, 12)}… or key ${providerKey}) ${c.req.method} /${rest} -> 401`);
+			return c.text("unknown proxy token", 401);
+		}
+		return proxyToProvider(c, providerKey, found, rest);
+	});
+	app.get("/extension-assets/:extensionId/*", (c) => {
+		if (c.req.param("extensionId") !== loadManifest().id) return c.text("unknown extension", 404);
+		const idx = c.req.path.indexOf("/assets/");
+		const relPath = idx >= 0 ? decodeURIComponent(c.req.path.slice(idx + 8)) : "";
+		if (!relPath) return c.text("missing path", 400);
+		let fullPath;
+		try {
+			fullPath = safeJoin(assetsDir, relPath);
+		} catch (e) {
+			return c.text(e.message, 400);
+		}
+		if (!existsSync(fullPath)) return c.text("not found", 404);
+		const mime = ASSET_MIME[relPath.slice(relPath.lastIndexOf(".") + 1).toLowerCase()] ?? "application/octet-stream";
+		c.header("Content-Type", mime);
+		c.header("Cache-Control", "no-cache");
+		return c.body(readFileSync(fullPath));
+	});
+	app.get("/extension-data/:extensionId/assets/*", (c) => {
+		if (c.req.param("extensionId") !== loadManifest().id) return c.text("unknown extension", 404);
+		const idx = c.req.path.indexOf("/assets/");
+		const relPath = idx >= 0 ? decodeURIComponent(c.req.path.slice(idx + 8)) : "";
+		if (!relPath) return c.text("missing path", 400);
+		let fullPath;
+		try {
+			fullPath = safeJoin(assetsDir, relPath);
+		} catch (e) {
+			return c.text(e.message, 400);
+		}
+		if (!existsSync(fullPath)) return c.text("not found", 404);
+		const mime = ASSET_MIME[relPath.slice(relPath.lastIndexOf(".") + 1).toLowerCase()] ?? "application/octet-stream";
+		c.header("Content-Type", mime);
+		c.header("Cache-Control", "no-cache");
+		return c.body(readFileSync(fullPath));
+	});
+	app.get("/__dev__/setup", (c) => {
+		c.header("Content-Type", "text/html; charset=utf-8");
+		return c.body(SETUP_UI_HTML);
+	});
+	app.get("/__dev__/api/status", (c) => {
+		const manifest = loadManifest();
+		const config = readDevConfig(configPath);
+		const status = checkDevConfig(manifest, config);
+		return c.json({
+			extensionId: manifest.id,
+			manifest,
+			config,
+			ok: status.ok,
+			missing: status.missing,
+			configPath,
+			books: listBooks()
+		});
+	});
+	app.post("/__dev__/api/save", async (c) => {
+		writeDevConfig(configPath, await c.req.json());
+		return c.json({ ok: true });
+	});
+	app.get("/__dev__/api/launch-url", (c) => {
+		const config = readDevConfig(configPath);
+		if (!config.bookId) return c.json({
+			ok: false,
+			error: "select a book before launching"
+		}, 400);
+		if (!listBooks().some((b) => b.id === config.bookId)) return c.json({
+			ok: false,
+			error: `selected book ${config.bookId} is not in the dev DB — re-seed?`
+		}, 400);
+		const token = registry.mintDataToken();
+		const url = `${opts.viteOrigin}?token=${encodeURIComponent(token)}&host=${encodeURIComponent(hostOrigin)}`;
+		return c.json({
+			ok: true,
+			url
+		});
+	});
+	return { app };
+}
+//#endregion
+export { readDevConfig as n, writeDevConfig as r, createDevServer as t };
+
+//# sourceMappingURL=server-BcwliPFy.mjs.map