@bundy-lmw/hive-server 1.0.1

package/dist/config.js

@@ -0,0 +1,156 @@
+/**
+ * Hive Server Configuration
+ *
+ * Loads configuration from hive.config.json with environment variable interpolation.
+ * Falls back to .env for backwards compatibility.
+ */
+import { config as dotenvConfig } from 'dotenv';
+import { existsSync, readFileSync, mkdirSync } from 'fs';
+import { resolve, join } from 'path';
+import AjvModule from 'ajv';
+const Ajv = AjvModule.default;
+/**
+ * Hive 工作空间根目录
+ *
+ * 优先级: HIVE_HOME 环境变量 > ~/.hive
+ */
+function getHiveHome() {
+    if (process.env.HIVE_HOME) {
+        return process.env.HIVE_HOME;
+    }
+    return resolve(process.env.HOME || '~', '.hive');
+}
+export const HIVE_HOME = getHiveHome();
+// 确保工作空间目录存在
+if (!existsSync(HIVE_HOME)) {
+    mkdirSync(HIVE_HOME, { recursive: true });
+}
+// Load .env file if exists (for env var interpolation)
+if (existsSync(join(HIVE_HOME, '.env'))) {
+    dotenvConfig({ path: join(HIVE_HOME, '.env') });
+}
+/**
+ * Interpolate ${ENV_VAR} placeholders in a string
+ * E.g., "${GLM_API_KEY}" → "actual-api-key"
+ */
+function interpolateEnvVars(value) {
+    return value.replace(/\$\{([^}]+)\}/g, (_, envVar) => {
+        return process.env[envVar] || '';
+    });
+}
+/**
+ * Recursively interpolate ${ENV_VAR} in configuration object
+ */
+function interpolateConfig(obj) {
+    if (typeof obj === 'string') {
+        return interpolateEnvVars(obj);
+    }
+    if (Array.isArray(obj)) {
+        return obj.map(interpolateConfig);
+    }
+    if (obj && typeof obj === 'object') {
+        const result = {};
+        for (const [key, value] of Object.entries(obj)) {
+            result[key] = interpolateConfig(value);
+        }
+        return result;
+    }
+    return obj;
+}
+/**
+ * Load and parse hive.config.json
+ */
+function loadJsonConfig() {
+    const configPath = join(HIVE_HOME, 'hive.config.json');
+    if (!existsSync(configPath)) {
+        return {};
+    }
+    try {
+        const content = readFileSync(configPath, 'utf-8');
+        const raw = JSON.parse(content);
+        const interpolated = interpolateConfig(raw);
+        // Validate against JSON Schema
+        const schemaPath = join(HIVE_HOME, 'hive.config.schema.json');
+        if (existsSync(schemaPath)) {
+            const schemaContent = readFileSync(schemaPath, 'utf-8');
+            const schema = JSON.parse(schemaContent);
+            const ajv = new Ajv({ useDefaults: true });
+            const validate = ajv.compile(schema);
+            if (!validate(interpolated)) {
+                console.error('[config] Validation errors:');
+                for (const error of validate.errors || []) {
+                    console.error(`  - ${error.instancePath}: ${error.message}`);
+                }
+                throw new Error('Configuration validation failed');
+            }
+        }
+        return interpolated;
+    }
+    catch (error) {
+        console.error('[config] Failed to load hive.config.json:', error);
+        throw error;
+    }
+}
+/**
+ * Load configuration from hive.config.json with fallbacks
+ */
+export function loadConfig() {
+    const jsonConfig = loadJsonConfig();
+    // Server config with defaults
+    const server = jsonConfig.server || {};
+    // Auth config
+    const auth = jsonConfig.auth || {};
+    // Provider config
+    const provider = jsonConfig.provider || { id: 'glm' };
+    // Heartbeat config
+    const heartbeat = jsonConfig.heartbeat || {};
+    // Plugin list (keys of plugins object)
+    const plugins = jsonConfig.plugins ? Object.keys(jsonConfig.plugins) : [];
+    return {
+        port: server.port ?? parseInt(process.env.PORT || '4450', 10),
+        host: server.host ?? process.env.HOST ?? '127.0.0.1',
+        logLevel: server.logLevel ?? process.env.LOG_LEVEL ?? 'info',
+        auth: {
+            enabled: auth.enabled ?? process.env.AUTH_ENABLED === 'true',
+            apiKey: auth.apiKey || process.env.AUTH_API_KEY || '',
+        },
+        plugins,
+        provider: {
+            id: provider.id || process.env.PROVIDER_ID || 'glm',
+            apiKey: provider.apiKey || process.env.API_KEY || process.env.GLM_API_KEY || '',
+            model: provider.model || process.env.MODEL,
+            baseUrl: provider.baseUrl || process.env.BASE_URL,
+        },
+        heartbeat: {
+            enabled: heartbeat.enabled ?? process.env.HEARTBEAT_ENABLED === 'true',
+            intervalMs: heartbeat.intervalMs ?? parseInt(process.env.HEARTBEAT_INTERVAL_MS || '300000', 10),
+            model: heartbeat.model || process.env.HEARTBEAT_MODEL,
+            prompt: heartbeat.prompt || process.env.HEARTBEAT_PROMPT,
+        },
+        pluginConfigs: jsonConfig.plugins || {},
+    };
+}
+/**
+ * Get configuration for a specific plugin
+ */
+export function getPluginConfig(config, pluginName) {
+    return config.pluginConfigs[pluginName] || {};
+}
+/** Cached config instance */
+let _config = null;
+/**
+ * Get configuration (lazy-loaded singleton)
+ */
+export function getConfig() {
+    if (!_config) {
+        _config = loadConfig();
+    }
+    return _config;
+}
+/**
+ * Reset cached config (for testing)
+ */
+export function resetConfig() {
+    _config = null;
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,MAAM,IAAI,YAAY,EAAE,MAAM,QAAQ,CAAA;AAC/C,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,IAAI,CAAA;AACxD,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AACpC,OAAO,SAAS,MAAM,KAAK,CAAA;AAC3B,MAAM,GAAG,GAAG,SAAS,CAAC,OAAO,CAAA;AAE7B;;;;GAIG;AACH,SAAS,WAAW;IAClB,IAAI,OAAO,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC;QAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAA;IAC9B,CAAC;IACD,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,EAAE,OAAO,CAAC,CAAA;AAClD,CAAC;AAED,MAAM,CAAC,MAAM,SAAS,GAAG,WAAW,EAAE,CAAA;AAEtC,aAAa;AACb,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;IAC3B,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAA;AAC3C,CAAC;AAED,uDAAuD;AACvD,IAAI,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC,EAAE,CAAC;IACxC,YAAY,CAAC,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,EAAE,MAAM,CAAC,EAAE,CAAC,CAAA;AACjD,CAAC;AA2ED;;;GAGG;AACH,SAAS,kBAAkB,CAAC,KAAa;IACvC,OAAO,KAAK,CAAC,OAAO,CAAC,gBAAgB,EAAE,CAAC,CAAC,EAAE,MAAM,EAAE,EAAE;QACnD,OAAO,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,CAAA;IAClC,CAAC,CAAC,CAAA;AACJ,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,GAAY;IACrC,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QAC5B,OAAO,kBAAkB,CAAC,GAAG,CAAC,CAAA;IAChC,CAAC;IACD,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;QACvB,OAAO,GAAG,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAA;IACnC,CAAC;IACD,IAAI,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;QACnC,MAAM,MAAM,GAA4B,EAAE,CAAA;QAC1C,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAA8B,CAAC,EAAE,CAAC;YAC1E,MAAM,CAAC,GAAG,CAAC,GAAG,iBAAiB,CAAC,KAAK,CAAC,CAAA;QACxC,CAAC;QACD,OAAO,MAAM,CAAA;IACf,CAAC;IACD,OAAO,GAAG,CAAA;AACZ,CAAC;AAED;;GAEG;AACH,SAAS,cAAc;IACrB,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,kBAAkB,CAAC,CAAA;IAEtD,IAAI,CAAC,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;QAC5B,OAAO,EAAE,CAAA;IACX,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;QACjD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;QAC/B,MAAM,YAAY,GAAG,iBAAiB,CAAC,GAAG,CAAmB,CAAA;QAE7D,+BAA+B;QAC/B,MAAM,UAAU,GAAG,IAAI,CAAC,SAAS,EAAE,yBAAyB,CAAC,CAAA;QAC7D,IAAI,UAAU,CAAC,UAAU,CAAC,EAAE,CAAC;YAC3B,MAAM,aAAa,GAAG,YAAY,CAAC,UAAU,EAAE,OAAO,CAAC,CAAA;YACvD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,CAAA;YACxC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,EAAE,WAAW,EAAE,IAAI,EAAE,CAAC,CAAA;YAC1C,MAAM,QAAQ,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,CAAA;YAEpC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAAE,CAAC;gBAC5B,OAAO,CAAC,KAAK,CAAC,6BAA6B,CAAC,CAAA;gBAC5C,KAAK,MAAM,KAAK,IAAI,QAAQ,CAAC,MAAM,IAAI,EAAE,EAAE,CAAC;oBAC1C,OAAO,CAAC,KAAK,CAAC,OAAO,KAAK,CAAC,YAAY,KAAK,KAAK,CAAC,OAAO,EAAE,CAAC,CAAA;gBAC9D,CAAC;gBACD,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC,CAAA;YACpD,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAA;IACrB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,2CAA2C,EAAE,KAAK,CAAC,CAAA;QACjE,MAAM,KAAK,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,UAAU,GAAG,cAAc,EAAE,CAAA;IAEnC,8BAA8B;IAC9B,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,IAAI,EAAE,CAAA;IAEtC,cAAc;IACd,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,IAAI,EAAE,CAAA;IAElC,kBAAkB;IAClB,MAAM,QAAQ,GAAG,UAAU,CAAC,QAAQ,IAAI,EAAE,EAAE,EAAE,KAAK,EAAE,CAAA;IAErD,mBAAmB;IACnB,MAAM,SAAS,GAAG,UAAU,CAAC,SAAS,IAAI,EAAE,CAAA;IAE5C,uCAAuC;IACvC,MAAM,OAAO,GAAG,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,CAAA;IAEzE,OAAO;QACL,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,MAAM,EAAE,EAAE,CAAC;QAC7D,IAAI,EAAE,MAAM,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,WAAW;QACpD,QAAQ,EAAE,MAAM,CAAC,QAAQ,IAAK,OAAO,CAAC,GAAG,CAAC,SAAsC,IAAI,MAAM;QAC1F,IAAI,EAAE;YACJ,OAAO,EAAE,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,KAAK,MAAM;YAC5D,MAAM,EAAE,IAAI,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,YAAY,IAAI,EAAE;SACtD;QACD,OAAO;QACP,QAAQ,EAAE;YACR,EAAE,EAAE,QAAQ,CAAC,EAAE,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,KAAK;YACnD,MAAM,EAAE,QAAQ,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE;YAC/E,KAAK,EAAE,QAAQ,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,KAAK;YAC1C,OAAO,EAAE,QAAQ,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ;SAClD;QACD,SAAS,EAAE;YACT,OAAO,EAAE,SAAS,CAAC,OAAO,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,KAAK,MAAM;YACtE,UAAU,EAAE,SAAS,CAAC,UAAU,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,qBAAqB,IAAI,QAAQ,EAAE,EAAE,CAAC;YAC/F,KAAK,EAAE,SAAS,CAAC,KAAK,IAAI,OAAO,CAAC,GAAG,CAAC,eAAe;YACrD,MAAM,EAAE,SAAS,CAAC,MAAM,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB;SACzD;QACD,aAAa,EAAE,UAAU,CAAC,OAAO,IAAI,EAAE;KACxC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,eAAe,CAAC,MAAoB,EAAE,UAAkB;IACtE,OAAO,MAAM,CAAC,aAAa,CAAC,UAAU,CAAC,IAAI,EAAE,CAAA;AAC/C,CAAC;AAED,6BAA6B;AAC7B,IAAI,OAAO,GAAwB,IAAI,CAAA;AAEvC;;GAEG;AACH,MAAM,UAAU,SAAS;IACvB,IAAI,CAAC,OAAO,EAAE,CAAC;QACb,OAAO,GAAG,UAAU,EAAE,CAAA;IACxB,CAAC;IACD,OAAO,OAAO,CAAA;AAChB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,GAAG,IAAI,CAAA;AAChB,CAAC"}

package/dist/gateway/auth.d.ts

@@ -0,0 +1,16 @@
+/**
+ * API Key Authentication Middleware (Hono)
+ *
+ * Validates requests via Authorization: Bearer <key> header or ?apiKey=<key> query param.
+ */
+import type { MiddlewareHandler } from 'hono';
+import type { ServerConfig } from '../config.js';
+/**
+ * Create authentication middleware for Hono
+ */
+export declare function createAuthMiddleware(config: ServerConfig): MiddlewareHandler;
+/**
+ * Validate API key for WebSocket upgrade (query param only)
+ */
+export declare function validateWsApiKey(config: ServerConfig, apiKey: string | null | undefined): boolean;
+//# sourceMappingURL=auth.d.ts.map

package/dist/gateway/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/gateway/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAA;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,cAAc,CAAA;AAEhD;;GAEG;AACH,wBAAgB,oBAAoB,CAAC,MAAM,EAAE,YAAY,GAAG,iBAAiB,CAwB5E;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAQjG"}

package/dist/gateway/auth.js

@@ -0,0 +1,50 @@
+/**
+ * API Key Authentication Middleware (Hono)
+ *
+ * Validates requests via Authorization: Bearer <key> header or ?apiKey=<key> query param.
+ */
+/**
+ * Create authentication middleware for Hono
+ */
+export function createAuthMiddleware(config) {
+    const { enabled, apiKey } = config.auth;
+    return async (c, next) => {
+        if (!enabled || !apiKey) {
+            await next();
+            return;
+        }
+        const authHeader = c.req.header('Authorization');
+        const headerKey = extractBearerToken(authHeader);
+        const queryKey = c.req.query('apiKey');
+        const providedKey = headerKey || queryKey;
+        if (!providedKey) {
+            return c.json({ error: 'Missing API key' }, 401);
+        }
+        if (providedKey !== apiKey) {
+            return c.json({ error: 'Invalid API key' }, 401);
+        }
+        await next();
+    };
+}
+/**
+ * Validate API key for WebSocket upgrade (query param only)
+ */
+export function validateWsApiKey(config, apiKey) {
+    if (!config.auth.enabled || !config.auth.apiKey) {
+        return true;
+    }
+    if (!apiKey) {
+        return false;
+    }
+    return apiKey === config.auth.apiKey;
+}
+function extractBearerToken(authHeader) {
+    if (!authHeader)
+        return undefined;
+    const parts = authHeader.split(' ');
+    if (parts.length === 2 && parts[0] === 'Bearer') {
+        return parts[1];
+    }
+    return undefined;
+}
+//# sourceMappingURL=auth.js.map

package/dist/gateway/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/gateway/auth.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAKH;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,MAAoB;IACvD,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,MAAM,CAAC,IAAI,CAAA;IAEvC,OAAO,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;QACvB,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;YACxB,MAAM,IAAI,EAAE,CAAA;YACZ,OAAM;QACR,CAAC;QAED,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAA;QAChD,MAAM,SAAS,GAAG,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAChD,MAAM,QAAQ,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;QACtC,MAAM,WAAW,GAAG,SAAS,IAAI,QAAQ,CAAA;QAEzC,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;QAClD,CAAC;QAED,IAAI,WAAW,KAAK,MAAM,EAAE,CAAC;YAC3B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;QAClD,CAAC;QAED,MAAM,IAAI,EAAE,CAAA;IACd,CAAC,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAoB,EAAE,MAAiC;IACtF,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QAChD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,KAAK,CAAA;IACd,CAAC;IACD,OAAO,MAAM,KAAK,MAAM,CAAC,IAAI,CAAC,MAAM,CAAA;AACtC,CAAC;AAED,SAAS,kBAAkB,CAAC,UAA8B;IACxD,IAAI,CAAC,UAAU;QAAE,OAAO,SAAS,CAAA;IACjC,MAAM,KAAK,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;IACnC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;QAChD,OAAO,KAAK,CAAC,CAAC,CAAC,CAAA;IACjB,CAAC;IACD,OAAO,SAAS,CAAA;AAClB,CAAC"}

package/dist/gateway/http.d.ts

@@ -0,0 +1,9 @@
+/**
+ * HTTP Gateway Factory
+ *
+ * Creates Hono app for HTTP API.
+ */
+import { Hono } from 'hono';
+import type { HiveContext } from '../bootstrap.js';
+export declare function createHttpGateway(ctx: HiveContext): Hono;
+//# sourceMappingURL=http.d.ts.map

package/dist/gateway/http.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.d.ts","sourceRoot":"","sources":["../../src/gateway/http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAG3B,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAqBlD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,WAAW,GAAG,IAAI,CAgMxD"}

package/dist/gateway/http.js

@@ -0,0 +1,178 @@
+/**
+ * HTTP Gateway Factory
+ *
+ * Creates Hono app for HTTP API.
+ */
+import { Hono } from 'hono';
+import { cors } from 'hono/cors';
+import { logger } from 'hono/logger';
+import { createAuthMiddleware } from './auth.js';
+/** Maximum message length (100KB) */
+const MAX_MESSAGE_LENGTH = 100_000;
+/** Maximum in-memory sessions (LRU eviction) */
+const MAX_SESSIONS = 10_000;
+// Simple in-memory session store with LRU eviction
+const sessions = new Map();
+function setSession(key, value) {
+    if (sessions.size >= MAX_SESSIONS) {
+        const firstKey = sessions.keys().next().value;
+        if (firstKey !== undefined)
+            sessions.delete(firstKey);
+    }
+    sessions.set(key, value);
+}
+export function createHttpGateway(ctx) {
+    const app = new Hono();
+    // Middleware
+    app.use('*', logger());
+    const allowedOrigins = process.env.CORS_ORIGINS
+        ? process.env.CORS_ORIGINS.split(',').map(s => s.trim())
+        : ['http://localhost:3000'];
+    app.use('*', cors({
+        origin: allowedOrigins,
+        allowMethods: ['GET', 'POST', 'DELETE', 'OPTIONS'],
+        allowHeaders: ['Content-Type', 'Authorization'],
+    }));
+    // API authentication
+    app.use('/api/*', createAuthMiddleware(ctx.config));
+    // Health check (no auth required)
+    app.get('/health', (c) => {
+        return c.json({ status: 'ok', timestamp: new Date().toISOString() });
+    });
+    // Chat endpoint
+    app.post('/api/chat', async (c) => {
+        try {
+            const body = await c.req.json();
+            const { message, sessionId } = body;
+            if (!message) {
+                return c.json({ error: 'Missing message' }, 400);
+            }
+            if (typeof message !== 'string' || message.length > MAX_MESSAGE_LENGTH) {
+                return c.json({ error: `Message too long (max ${MAX_MESSAGE_LENGTH} chars)` }, 413);
+            }
+            const sid = sessionId || 'default';
+            // Get or create session
+            let session = sessions.get(sid);
+            if (!session) {
+                session = { id: sid, messages: [] };
+                setSession(sid, session);
+            }
+            // Add user message
+            session.messages.push({ role: 'user', content: message });
+            // Emit message received event
+            ctx.bus?.emit('message:received', {
+                content: message,
+                sessionId: sid,
+                timestamp: Date.now(),
+            });
+            // Send to agent (dispatch for smart routing)
+            const result = await ctx.agent.dispatch(message);
+            const response = result.text;
+            // Add assistant message
+            session.messages.push({ role: 'assistant', content: response });
+            // Emit message sent event
+            ctx.bus?.emit('message:sent', {
+                content: response,
+                sessionId: sid,
+                timestamp: Date.now(),
+            });
+            return c.json({
+                response,
+                sessionId: sid,
+            });
+        }
+        catch (error) {
+            const isDev = process.env.NODE_ENV !== 'production';
+            return c.json({
+                error: 'Internal server error',
+                ...(isDev ? { message: error instanceof Error ? error.message : 'Unknown error' } : {}),
+            }, 500);
+        }
+    });
+    // List plugins
+    app.get('/api/plugins', (c) => {
+        return c.json({
+            plugins: ctx.plugins.map((p) => ({
+                id: p.metadata.id,
+                name: p.metadata.name,
+                version: p.metadata.version,
+            })),
+        });
+    });
+    // List sessions
+    app.get('/api/sessions', (c) => {
+        const sessionList = Array.from(sessions.values()).map((s) => ({
+            id: s.id,
+            messageCount: s.messages.length,
+        }));
+        return c.json({ sessions: sessionList });
+    });
+    // Get session by ID
+    app.get('/api/sessions/:id', (c) => {
+        const sessionId = c.req.param('id');
+        const session = sessions.get(sessionId);
+        if (!session) {
+            return c.json({ error: 'Session not found' }, 404);
+        }
+        return c.json({ session });
+    });
+    // Delete session
+    app.delete('/api/sessions/:id', (c) => {
+        const sessionId = c.req.param('id');
+        const deleted = sessions.delete(sessionId);
+        return c.json({ success: deleted });
+    });
+    // Webhook endpoint for plugins (e.g., Feishu)
+    app.post('/webhook/:plugin/:appId', async (c) => {
+        try {
+            const pluginName = c.req.param('plugin');
+            const appId = c.req.param('appId');
+            // Get headers
+            const signature = c.req.header('X-Lark-Signature') || c.req.header('X-Feishu-Signature') || '';
+            const timestamp = c.req.header('X-Lark-Request-Timestamp') || c.req.header('X-Feishu-Timestamp') || '';
+            const nonce = c.req.header('X-Lark-Request-Nonce') || c.req.header('X-Feishu-Nonce') || '';
+            // Get body
+            const body = await c.req.json();
+            // Find the plugin and get its channel
+            const plugin = ctx.plugins.find((p) => p.metadata.id === pluginName);
+            if (!plugin) {
+                return c.json({ error: 'Plugin not found' }, 404);
+            }
+            // Get channel from plugin
+            const channels = plugin.getChannels();
+            const channel = channels.find((ch) => {
+                // Check channel id format: "feishu:appId"
+                if (ch.id === `${pluginName}:${appId}`)
+                    return true;
+                // Check if channel has appId property (for Feishu channels)
+                if ('appId' in ch && ch.appId === appId)
+                    return true;
+                return false;
+            });
+            const webhookChannel = channel;
+            if (!channel || typeof webhookChannel.handleWebhook !== 'function') {
+                return c.json({ error: 'Channel not found or does not support webhooks' }, 404);
+            }
+            // Handle webhook
+            const result = await webhookChannel.handleWebhook(body, signature, timestamp, nonce);
+            return c.json(result);
+        }
+        catch (error) {
+            const isDev = process.env.NODE_ENV !== 'production';
+            return c.json({
+                error: 'Webhook processing failed',
+                ...(isDev ? { message: error instanceof Error ? error.message : 'Unknown error' } : {}),
+            }, 500);
+        }
+    });
+    // Error handling
+    app.notFound((c) => {
+        return c.json({ error: 'Not found' }, 404);
+    });
+    app.onError((err, c) => {
+        const isDev = process.env.NODE_ENV !== 'production';
+        return c.json({ error: 'Internal server error', ...(isDev ? { message: err.message } : {}) }, 500);
+    });
+    return app;
+}
+//# sourceMappingURL=http.js.map

package/dist/gateway/http.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"http.js","sourceRoot":"","sources":["../../src/gateway/http.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAA;AAC3B,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAA;AAChC,OAAO,EAAE,MAAM,EAAE,MAAM,aAAa,CAAA;AAGpC,OAAO,EAAE,oBAAoB,EAAE,MAAM,WAAW,CAAA;AAEhD,qCAAqC;AACrC,MAAM,kBAAkB,GAAG,OAAO,CAAA;AAElC,gDAAgD;AAChD,MAAM,YAAY,GAAG,MAAM,CAAA;AAE3B,mDAAmD;AACnD,MAAM,QAAQ,GAAG,IAAI,GAAG,EAA8E,CAAA;AAEtG,SAAS,UAAU,CAAC,GAAW,EAAE,KAAyE;IACxG,IAAI,QAAQ,CAAC,IAAI,IAAI,YAAY,EAAE,CAAC;QAClC,MAAM,QAAQ,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC,IAAI,EAAE,CAAC,KAAK,CAAA;QAC7C,IAAI,QAAQ,KAAK,SAAS;YAAE,QAAQ,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAA;IACvD,CAAC;IACD,QAAQ,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,GAAgB;IAChD,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAA;IAEtB,aAAa;IACb,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,EAAE,CAAC,CAAA;IACtB,MAAM,cAAc,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY;QAC7C,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QACxD,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC;IAE9B,GAAG,CAAC,GAAG,CACL,GAAG,EACH,IAAI,CAAC;QACH,MAAM,EAAE,cAAc;QACtB,YAAY,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,CAAC;QAClD,YAAY,EAAE,CAAC,cAAc,EAAE,eAAe,CAAC;KAChD,CAAC,CACH,CAAA;IAED,qBAAqB;IACrB,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,oBAAoB,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC,CAAA;IAEnD,kCAAkC;IAClC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EAAE,CAAC,CAAA;IACtE,CAAC,CAAC,CAAA;IAEF,gBAAgB;IAChB,GAAG,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YAC/B,MAAM,EAAE,OAAO,EAAE,SAAS,EAAE,GAAG,IAAgD,CAAA;YAE/E,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,EAAE,GAAG,CAAC,CAAA;YAClD,CAAC;YAED,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,MAAM,GAAG,kBAAkB,EAAE,CAAC;gBACvE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,kBAAkB,SAAS,EAAE,EAAE,GAAG,CAAC,CAAA;YACrF,CAAC;YAED,MAAM,GAAG,GAAG,SAAS,IAAI,SAAS,CAAA;YAElC,wBAAwB;YACxB,IAAI,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,GAAG,CAAC,CAAA;YAC/B,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAA;gBACnC,UAAU,CAAC,GAAG,EAAE,OAAO,CAAC,CAAA;YAC1B,CAAC;YAED,mBAAmB;YACnB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAA;YAEzD,8BAA8B;YAC9B,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,kBAAkB,EAAE;gBAChC,OAAO,EAAE,OAAO;gBAChB,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAA;YAEF,6CAA6C;YAC7C,MAAM,MAAM,GAAG,MAAM,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAA;YAChD,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAA;YAE5B,wBAAwB;YACxB,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE/D,0BAA0B;YAC1B,GAAG,CAAC,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE;gBAC5B,OAAO,EAAE,QAAQ;gBACjB,SAAS,EAAE,GAAG;gBACd,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;aACtB,CAAC,CAAA;YAEF,OAAO,CAAC,CAAC,IAAI,CAAC;gBACZ,QAAQ;gBACR,SAAS,EAAE,GAAG;aACf,CAAC,CAAA;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAA;YACnD,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,uBAAuB;gBAC9B,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACxF,EACD,GAAG,CACJ,CAAA;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,eAAe;IACf,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE,EAAE;QAC5B,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBAC/B,EAAE,EAAE,CAAC,CAAC,QAAQ,CAAC,EAAE;gBACjB,IAAI,EAAE,CAAC,CAAC,QAAQ,CAAC,IAAI;gBACrB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,OAAO;aAC5B,CAAC,CAAC;SACJ,CAAC,CAAA;IACJ,CAAC,CAAC,CAAA;IAEF,gBAAgB;IAChB,GAAG,CAAC,GAAG,CAAC,eAAe,EAAE,CAAC,CAAC,EAAE,EAAE;QAC7B,MAAM,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;YAC5D,EAAE,EAAE,CAAC,CAAC,EAAE;YACR,YAAY,EAAE,CAAC,CAAC,QAAQ,CAAC,MAAM;SAChC,CAAC,CAAC,CAAA;QACH,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,WAAW,EAAE,CAAC,CAAA;IAC1C,CAAC,CAAC,CAAA;IAEF,oBAAoB;IACpB,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;QACjC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,GAAG,CAAC,SAAS,CAAC,CAAA;QAEvC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,EAAE,GAAG,CAAC,CAAA;QACpD,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;IAC5B,CAAC,CAAC,CAAA;IAEF,iBAAiB;IACjB,GAAG,CAAC,MAAM,CAAC,mBAAmB,EAAE,CAAC,CAAC,EAAE,EAAE;QACpC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;QACnC,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;QAC1C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAA;IACrC,CAAC,CAAC,CAAA;IAEF,8CAA8C;IAC9C,GAAG,CAAC,IAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC9C,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAA;YACxC,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;YAElC,cAAc;YACd,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAA;YAC9F,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,0BAA0B,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,oBAAoB,CAAC,IAAI,EAAE,CAAA;YACtG,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,gBAAgB,CAAC,IAAI,EAAE,CAAA;YAE1F,WAAW;YACX,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAA;YAE/B,sCAAsC;YACtC,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,KAAK,UAAU,CAAC,CAAA;YACpE,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,EAAE,GAAG,CAAC,CAAA;YACnD,CAAC;YAED,0BAA0B;YAC1B,MAAM,QAAQ,GAAG,MAAM,CAAC,WAAW,EAAE,CAAA;YACrC,MAAM,OAAO,GAAG,QAAQ,CAAC,IAAI,CAAC,CAAC,EAAE,EAAE,EAAE;gBACnC,0CAA0C;gBAC1C,IAAI,EAAE,CAAC,EAAE,KAAK,GAAG,UAAU,IAAI,KAAK,EAAE;oBAAE,OAAO,IAAI,CAAA;gBACnD,4DAA4D;gBAC5D,IAAI,OAAO,IAAI,EAAE,IAAK,EAAwB,CAAC,KAAK,KAAK,KAAK;oBAAE,OAAO,IAAI,CAAA;gBAC3E,OAAO,KAAK,CAAA;YACd,CAAC,CAAC,CAAA;YAEF,MAAM,cAAc,GAAG,OAAqC,CAAA;YAC5D,IAAI,CAAC,OAAO,IAAI,OAAO,cAAc,CAAC,aAAa,KAAK,UAAU,EAAE,CAAC;gBACnE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gDAAgD,EAAE,EAAE,GAAG,CAAC,CAAA;YACjF,CAAC;YAED,iBAAiB;YACjB,MAAM,MAAM,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,IAAI,EAAE,SAAS,EAAE,SAAS,EAAE,KAAK,CAAC,CAAA;YACpF,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAA;QACvB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAA;YACnD,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,2BAA2B;gBAClC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACxF,EACD,GAAG,CACJ,CAAA;QACH,CAAC;IACH,CAAC,CAAC,CAAA;IAEF,iBAAiB;IACjB,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,EAAE;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,EAAE,GAAG,CAAC,CAAA;IAC5C,CAAC,CAAC,CAAA;IAEF,GAAG,CAAC,OAAO,CAAC,CAAC,GAAG,EAAE,CAAC,EAAE,EAAE;QACrB,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAA;QACnD,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,uBAAuB,EAAE,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAC9E,GAAG,CACJ,CAAA;IACH,CAAC,CAAC,CAAA;IAEF,OAAO,GAAG,CAAA;AACZ,CAAC"}

package/dist/gateway/websocket.d.ts

@@ -0,0 +1,18 @@
+/**
+ * WebSocket Gateway
+ *
+ * Real-time bidirectional communication for chat and events.
+ */
+import type { Server as HttpServer } from 'http';
+import type { HiveContext } from '../bootstrap.js';
+interface OutgoingMessage {
+    type: string;
+    [key: string]: unknown;
+}
+export interface WebSocketGateway {
+    broadcast: (message: OutgoingMessage) => void;
+    close: () => void;
+}
+export declare function createWebSocketGateway(server: HttpServer, ctx: HiveContext): WebSocketGateway;
+export {};
+//# sourceMappingURL=websocket.d.ts.map

package/dist/gateway/websocket.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"websocket.d.ts","sourceRoot":"","sources":["../../src/gateway/websocket.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,UAAU,EAAE,MAAM,MAAM,CAAA;AAChD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAA;AAiBlD,UAAU,eAAe;IACvB,IAAI,EAAE,MAAM,CAAA;IACZ,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB;AAED,MAAM,WAAW,gBAAgB;IAC/B,SAAS,EAAE,CAAC,OAAO,EAAE,eAAe,KAAK,IAAI,CAAA;IAC7C,KAAK,EAAE,MAAM,IAAI,CAAA;CAClB;AAED,wBAAgB,sBAAsB,CACpC,MAAM,EAAE,UAAU,EAClB,GAAG,EAAE,WAAW,GACf,gBAAgB,CA6NlB"}

package/dist/gateway/websocket.js

@@ -0,0 +1,197 @@
+/**
+ * WebSocket Gateway
+ *
+ * Real-time bidirectional communication for chat and events.
+ */
+import { validateWsApiKey } from './auth.js';
+/** Maximum message length (100KB) — shared with HTTP gateway */
+const MAX_MESSAGE_LENGTH = 100_000;
+export function createWebSocketGateway(server, ctx) {
+    const clients = new Map();
+    let clientIdCounter = 0;
+    let busSubscriptionId = null;
+    // Handle WebSocket upgrade
+    server.on('upgrade', (request, socket, head) => {
+        const url = request.url;
+        if (!url)
+            return;
+        try {
+            const parsedUrl = new URL(url, `http://${request.headers.host || 'localhost'}`);
+            const pathname = parsedUrl.pathname;
+            if (pathname !== '/ws')
+                return;
+            // Validate API key from query param
+            const apiKey = parsedUrl.searchParams.get('apiKey');
+            if (!validateWsApiKey(ctx.config, apiKey)) {
+                socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+                socket.end();
+                return;
+            }
+        }
+        catch {
+            // Invalid URL, ignore
+        }
+    });
+    /**
+     * Handle incoming WebSocket message
+     */
+    async function handleMessage(client, data, ctx) {
+        try {
+            const message = JSON.parse(data);
+            switch (message.type) {
+                case 'chat': {
+                    await handleChat(client, message, ctx);
+                    break;
+                }
+                case 'session:create': {
+                    handleSessionCreate(client);
+                    break;
+                }
+                case 'session:join': {
+                    handleSessionJoin(client, message);
+                    break;
+                }
+                default:
+                    send(client, {
+                        type: 'error',
+                        message: `Unknown message type: ${message.type}`,
+                    });
+            }
+        }
+        catch (error) {
+            send(client, {
+                type: 'error',
+                message: 'Invalid message format',
+            });
+        }
+    }
+    /**
+     * Handle chat message
+     */
+    async function handleChat(client, message, ctx) {
+        const text = message.message;
+        const sessionId = message.sessionId;
+        if (!text) {
+            send(client, {
+                type: 'error',
+                message: 'Missing message content',
+            });
+            return;
+        }
+        if (typeof text !== 'string' || text.length > MAX_MESSAGE_LENGTH) {
+            send(client, {
+                type: 'error',
+                message: `Message too long (max ${MAX_MESSAGE_LENGTH} chars)`,
+            });
+            return;
+        }
+        try {
+            // Emit message received event
+            ctx.bus?.emit('message:received', {
+                content: text,
+                sessionId: sessionId || client.sessionId,
+                clientId: client.id,
+                timestamp: Date.now(),
+            });
+            // Send to agent (dispatch for smart routing)
+            const result = await ctx.agent.dispatch(text);
+            const response = result.text;
+            // Emit message sent event
+            ctx.bus?.emit('message:sent', {
+                content: response,
+                sessionId: sessionId || client.sessionId,
+                clientId: client.id,
+                timestamp: Date.now(),
+            });
+            send(client, {
+                type: 'response',
+                message: response,
+                sessionId: sessionId || client.sessionId,
+            });
+        }
+        catch (error) {
+            const isDev = process.env.NODE_ENV !== 'production';
+            send(client, {
+                type: 'error',
+                message: isDev && error instanceof Error ? error.message : 'Internal error',
+            });
+        }
+    }
+    /**
+     * Handle session create
+     */
+    function handleSessionCreate(client) {
+        const sessionId = `session-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+        client.sessionId = sessionId;
+        send(client, {
+            type: 'session:created',
+            sessionId,
+        });
+    }
+    /**
+     * Handle session join
+     */
+    function handleSessionJoin(client, message) {
+        const sessionId = message.sessionId;
+        if (!sessionId) {
+            send(client, {
+                type: 'error',
+                message: 'Missing sessionId',
+            });
+            return;
+        }
+        client.sessionId = sessionId;
+        send(client, {
+            type: 'session:joined',
+            sessionId,
+        });
+    }
+    /**
+     * Send message to client
+     */
+    function send(client, message) {
+        if (client.ws.readyState === 1) { // WebSocket.OPEN
+            client.ws.send(JSON.stringify(message));
+        }
+    }
+    /**
+     * Broadcast message to all clients
+     */
+    function broadcast(message) {
+        const data = JSON.stringify(message);
+        for (const client of clients.values()) {
+            if (client.ws.readyState === 1) { // WebSocket.OPEN
+                client.ws.send(data);
+            }
+        }
+    }
+    /**
+     * Close all connections
+     */
+    function close() {
+        // Unsubscribe from MessageBus
+        if (busSubscriptionId && ctx.bus) {
+            ctx.bus.unsubscribe(busSubscriptionId);
+        }
+        // Close all client connections
+        for (const client of clients.values()) {
+            client.ws.close();
+        }
+        clients.clear();
+    }
+    // Subscribe to MessageBus events and broadcast
+    if (ctx.bus) {
+        busSubscriptionId = ctx.bus.subscribe('plugin:event', (event) => {
+            broadcast({
+                type: 'event',
+                event: 'plugin:event',
+                data: event,
+            });
+        });
+    }
+    return {
+        broadcast,
+        close,
+    };
+}
+//# sourceMappingURL=websocket.js.map