@burdenoff/vibe-agent 2.1.1 → 2.2.0

package/dist/app-6mmbmske.js

@@ -0,0 +1,1166 @@
+// @bun
+import {
+  ServiceRegistry
+} from "./index-atjhkm74.js";
+import {
+  gatewayClient
+} from "./index-05qfwz8r.js";
+import {
+  logger
+} from "./index-88ym10cs.js";
+import {
+  Elysia
+} from "./index-wr0mkm57.js";
+import {
+  __require,
+  __toESM
+} from "./index-g8dczzvv.js";
+import {
+  PluginManager
+} from "./plugin-system-v7a7xnhk.js";
+
+// node_modules/@elysiajs/cors/dist/index.mjs
+var isBun = typeof new Headers()?.toJSON === "function";
+var processHeaders = (headers) => {
+  if (isBun)
+    return Object.keys(headers.toJSON()).join(", ");
+  let keys = "";
+  let i = 0;
+  headers.forEach((_, key) => {
+    if (i)
+      keys = keys + ", " + key;
+    else
+      keys = key;
+    i++;
+  });
+  return keys;
+};
+var cors = (config) => {
+  let {
+    aot = true,
+    origin = true,
+    methods = true,
+    allowedHeaders = true,
+    exposeHeaders = true,
+    credentials = true,
+    maxAge = 5,
+    preflight = true
+  } = config ?? {};
+  if (Array.isArray(allowedHeaders))
+    allowedHeaders = allowedHeaders.join(", ");
+  if (Array.isArray(exposeHeaders))
+    exposeHeaders = exposeHeaders.join(", ");
+  const origins = typeof origin === "boolean" ? undefined : Array.isArray(origin) ? origin : [origin];
+  const app = new Elysia({
+    name: "@elysiajs/cors",
+    seed: config,
+    aot
+  });
+  const anyOrigin = origins?.some((o) => o === "*");
+  const originMap = {};
+  if (origins) {
+    for (const origin2 of origins)
+      if (typeof origin2 === "string")
+        originMap[origin2] = true;
+  }
+  const processOrigin = (origin2, request, from) => {
+    if (Array.isArray(origin2))
+      return origin2.some((o) => processOrigin(o, request, from));
+    switch (typeof origin2) {
+      case "string":
+        if (from in originMap)
+          return true;
+        const fromProtocol = from.indexOf("://");
+        if (fromProtocol !== -1)
+          from = from.slice(fromProtocol + 3);
+        return origin2 === from;
+      case "function":
+        return origin2(request) === true;
+      case "object":
+        if (origin2 instanceof RegExp)
+          return origin2.test(from);
+    }
+    return false;
+  };
+  const handleOrigin = (set, request) => {
+    if (origin === true) {
+      set.headers.vary = "*";
+      set.headers["access-control-allow-origin"] = request.headers.get("Origin") || "*";
+      return;
+    }
+    if (anyOrigin) {
+      set.headers.vary = "*";
+      set.headers["access-control-allow-origin"] = "*";
+      return;
+    }
+    if (!origins?.length)
+      return;
+    if (origins.length) {
+      const from = request.headers.get("Origin") ?? "";
+      for (let i = 0;i < origins.length; i++) {
+        const value = processOrigin(origins[i], request, from);
+        if (value === true) {
+          set.headers.vary = origin ? "Origin" : "*";
+          set.headers["access-control-allow-origin"] = from || "*";
+          return;
+        }
+      }
+    }
+    set.headers.vary = "Origin";
+  };
+  const handleMethod = (set, method) => {
+    if (!method)
+      return;
+    if (methods === true)
+      return set.headers["access-control-allow-methods"] = method ?? "*";
+    if (methods === false || !methods?.length)
+      return;
+    if (methods === "*")
+      return set.headers["access-control-allow-methods"] = "*";
+    if (!Array.isArray(methods))
+      return set.headers["access-control-allow-methods"] = methods;
+    set.headers["access-control-allow-methods"] = methods.join(", ");
+  };
+  const defaultHeaders = {};
+  if (typeof exposeHeaders === "string")
+    defaultHeaders["access-control-expose-headers"] = exposeHeaders;
+  if (typeof allowedHeaders === "string")
+    defaultHeaders["access-control-allow-headers"] = allowedHeaders;
+  if (credentials === true)
+    defaultHeaders["access-control-allow-credentials"] = "true";
+  app.headers(defaultHeaders);
+  function handleOption({ set, request, headers }) {
+    handleOrigin(set, request);
+    handleMethod(set, request.headers.get("access-control-request-method"));
+    if (allowedHeaders === true || exposeHeaders === true) {
+      if (allowedHeaders === true)
+        set.headers["access-control-allow-headers"] = headers["access-control-request-headers"];
+      if (exposeHeaders === true)
+        set.headers["access-control-expose-headers"] = Object.keys(headers).join(",");
+    }
+    if (maxAge)
+      set.headers["access-control-max-age"] = maxAge.toString();
+    return new Response(null, {
+      status: 204
+    });
+  }
+  if (preflight)
+    app.options("/", handleOption).options("/*", handleOption);
+  return app.onRequest(function processCors({ set, request }) {
+    handleOrigin(set, request);
+    if (preflight && request.method === "OPTIONS") {
+      return handleOption({
+        set,
+        request,
+        headers: isBun ? request.headers.toJSON() : Object.fromEntries(request.headers.entries())
+      });
+    }
+    handleMethod(set, request.method);
+    if (allowedHeaders === true || exposeHeaders === true) {
+      const headers = processHeaders(request.headers);
+      if (allowedHeaders === true)
+        set.headers["access-control-allow-headers"] = headers;
+      if (exposeHeaders === true)
+        set.headers["access-control-expose-headers"] = headers;
+    }
+  });
+};
+
+// src/db/database.ts
+import { Database } from "bun:sqlite";
+import { join } from "path";
+import os from "os";
+import { existsSync, mkdirSync } from "fs";
+var VIBECONTROLS_DIR = join(os.homedir(), ".vibecontrols");
+var DEFAULT_DB_PATH = join(VIBECONTROLS_DIR, "agent.db");
+
+class AgentDatabase {
+  db;
+  constructor(dbPath = DEFAULT_DB_PATH) {
+    const dir = join(dbPath, "..");
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+    this.db = new Database(dbPath);
+    this.db.exec("PRAGMA journal_mode = WAL");
+    this.db.exec("PRAGMA busy_timeout = 5000");
+    this.db.exec("PRAGMA synchronous = NORMAL");
+    this.db.exec("PRAGMA foreign_keys = ON");
+    this.initializeSchema();
+  }
+  initializeSchema() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS tasks (
+        id TEXT PRIMARY KEY,
+        type TEXT CHECK(type IN ('command', 'script', 'file_operation')) NOT NULL,
+        status TEXT CHECK(status IN ('pending', 'running', 'completed', 'failed')) DEFAULT 'pending',
+        payload TEXT NOT NULL,
+        result TEXT,
+        error TEXT,
+        createdAt TEXT DEFAULT (datetime('now')),
+        updatedAt TEXT DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS agent_config (
+        id TEXT PRIMARY KEY,
+        key TEXT UNIQUE NOT NULL,
+        value TEXT NOT NULL,
+        updatedAt TEXT DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS git_repositories (
+        id TEXT PRIMARY KEY,
+        path TEXT UNIQUE NOT NULL,
+        name TEXT NOT NULL,
+        parentPath TEXT,
+        isSubmodule INTEGER DEFAULT 0,
+        projectType TEXT,
+        vitePort INTEGER,
+        lastScanned TEXT DEFAULT (datetime('now')),
+        createdAt TEXT DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS bookmarked_commands (
+        id TEXT PRIMARY KEY,
+        projectId TEXT,
+        command TEXT NOT NULL,
+        description TEXT,
+        category TEXT,
+        createdAt TEXT DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS notifications (
+        id TEXT PRIMARY KEY,
+        sessionName TEXT,
+        projectId TEXT,
+        type TEXT CHECK(type IN ('info', 'success', 'warning', 'error')) DEFAULT 'info',
+        title TEXT NOT NULL,
+        message TEXT NOT NULL,
+        status TEXT CHECK(status IN ('unread', 'read')) DEFAULT 'unread',
+        createdAt TEXT DEFAULT (datetime('now'))
+      );
+
+      CREATE TABLE IF NOT EXISTS plugin_state (
+        id INTEGER PRIMARY KEY AUTOINCREMENT,
+        pluginName TEXT NOT NULL,
+        key TEXT NOT NULL,
+        value TEXT NOT NULL,
+        updatedAt TEXT DEFAULT (datetime('now')),
+        UNIQUE(pluginName, key)
+      );
+
+      -- Indexes
+      CREATE INDEX IF NOT EXISTS idx_tasks_status ON tasks(status);
+      CREATE INDEX IF NOT EXISTS idx_tasks_type ON tasks(type);
+      CREATE INDEX IF NOT EXISTS idx_git_repositories_path ON git_repositories(path);
+      CREATE INDEX IF NOT EXISTS idx_git_repositories_parentPath ON git_repositories(parentPath);
+      CREATE INDEX IF NOT EXISTS idx_bookmarked_commands_projectId ON bookmarked_commands(projectId);
+      CREATE INDEX IF NOT EXISTS idx_notifications_status ON notifications(status);
+      CREATE INDEX IF NOT EXISTS idx_notifications_projectId ON notifications(projectId);
+      CREATE INDEX IF NOT EXISTS idx_plugin_state_plugin ON plugin_state(pluginName);
+    `);
+  }
+  createTask(task) {
+    const stmt = this.db.prepare(`
+      INSERT INTO tasks (id, type, status, payload, result, error)
+      VALUES ($id, $type, $status, $payload, $result, $error)
+    `);
+    stmt.run({
+      $id: task.id,
+      $type: task.type,
+      $status: task.status,
+      $payload: task.payload,
+      $result: task.result ?? null,
+      $error: task.error ?? null
+    });
+    return this.getTask(task.id);
+  }
+  getTask(id) {
+    return this.db.prepare("SELECT * FROM tasks WHERE id = ?").get(id);
+  }
+  getAllTasks() {
+    return this.db.prepare("SELECT * FROM tasks ORDER BY createdAt DESC").all();
+  }
+  getPendingTasks() {
+    return this.db.prepare("SELECT * FROM tasks WHERE status = 'pending' ORDER BY createdAt").all();
+  }
+  updateTask(id, updates) {
+    const fields = Object.keys(updates).filter((k) => k !== "id" && k !== "createdAt").map((k) => `${k} = $${k}`).join(", ");
+    if (!fields)
+      return;
+    const stmt = this.db.prepare(`UPDATE tasks SET ${fields}, updatedAt = datetime('now') WHERE id = $id`);
+    const params = { $id: id };
+    for (const [k, v] of Object.entries(updates)) {
+      params[`$${k}`] = v ?? null;
+    }
+    stmt.run(params);
+  }
+  cancelTask(id) {
+    const result = this.db.prepare("UPDATE tasks SET status = 'failed', error = 'Cancelled', updatedAt = datetime('now') WHERE id = ? AND status IN ('pending', 'running')").run(id);
+    return result.changes > 0;
+  }
+  getConfig(key) {
+    const row = this.db.prepare("SELECT value FROM agent_config WHERE key = ?").get(key);
+    if (row?.value === "__DELETED__")
+      return;
+    return row?.value;
+  }
+  setConfig(key, value) {
+    this.db.prepare(`
+      INSERT INTO agent_config (id, key, value)
+      VALUES ($id, $key, $value)
+      ON CONFLICT(key) DO UPDATE SET value = $value, updatedAt = datetime('now')
+    `).run({ $id: key, $key: key, $value: value });
+  }
+  deleteConfig(key) {
+    const result = this.db.prepare("DELETE FROM agent_config WHERE key = ?").run(key);
+    return result.changes > 0;
+  }
+  getAllConfig() {
+    const rows = this.db.prepare("SELECT key, value FROM agent_config").all();
+    return rows.reduce((acc, row) => {
+      if (row.value !== "__DELETED__") {
+        acc[row.key] = row.value;
+      }
+      return acc;
+    }, {});
+  }
+  bulkSetConfig(entries) {
+    const stmt = this.db.prepare(`
+      INSERT INTO agent_config (id, key, value)
+      VALUES ($id, $key, $value)
+      ON CONFLICT(key) DO UPDATE SET value = $value, updatedAt = datetime('now')
+    `);
+    const transaction = this.db.transaction((entries2) => {
+      for (const [key, value] of entries2) {
+        stmt.run({ $id: key, $key: key, $value: value });
+      }
+    });
+    transaction(Object.entries(entries));
+  }
+  getConfigStatus() {
+    const count = this.db.prepare("SELECT COUNT(*) as count FROM agent_config").get();
+    const latest = this.db.prepare("SELECT MAX(updatedAt) as latest FROM agent_config").get();
+    return { totalKeys: count.count, lastUpdated: latest.latest };
+  }
+  createGitRepository(repo) {
+    this.db.prepare(`
+      INSERT INTO git_repositories (id, path, name, parentPath, isSubmodule, projectType, vitePort)
+      VALUES ($id, $path, $name, $parentPath, $isSubmodule, $projectType, $vitePort)
+    `).run({
+      $id: repo.id,
+      $path: repo.path,
+      $name: repo.name,
+      $parentPath: repo.parentPath ?? null,
+      $isSubmodule: repo.isSubmodule ? 1 : 0,
+      $projectType: repo.projectType ?? null,
+      $vitePort: repo.vitePort ?? null
+    });
+    return this.getGitRepository(repo.id);
+  }
+  getGitRepository(id) {
+    const row = this.db.prepare("SELECT * FROM git_repositories WHERE id = ?").get(id);
+    if (row)
+      row.isSubmodule = Boolean(row.isSubmodule);
+    return row ?? undefined;
+  }
+  getGitRepositoryByPath(path) {
+    const row = this.db.prepare("SELECT * FROM git_repositories WHERE path = ?").get(path);
+    if (row)
+      row.isSubmodule = Boolean(row.isSubmodule);
+    return row ?? undefined;
+  }
+  getAllGitRepositories() {
+    const rows = this.db.prepare("SELECT * FROM git_repositories ORDER BY path").all();
+    return rows.map((r) => ({ ...r, isSubmodule: Boolean(r.isSubmodule) }));
+  }
+  updateGitRepository(id, updates) {
+    const fields = Object.keys(updates).filter((k) => k !== "id" && k !== "createdAt").map((k) => `${k} = $${k}`).join(", ");
+    if (!fields)
+      return;
+    const params = { $id: id };
+    for (const [k, v] of Object.entries(updates)) {
+      if (k === "isSubmodule")
+        params[`$${k}`] = v ? 1 : 0;
+      else
+        params[`$${k}`] = v ?? null;
+    }
+    this.db.prepare(`UPDATE git_repositories SET ${fields}, lastScanned = datetime('now') WHERE id = $id`).run(params);
+  }
+  deleteGitRepository(id) {
+    const result = this.db.prepare("DELETE FROM git_repositories WHERE id = ?").run(id);
+    return result.changes > 0;
+  }
+  fixGitHierarchy() {
+    const repos = this.getAllGitRepositories();
+    let fixed = 0;
+    for (const repo of repos) {
+      if (repo.isSubmodule)
+        continue;
+      const parent = repos.find((r) => r.id !== repo.id && repo.path.startsWith(r.path + "/") && !r.isSubmodule);
+      if (parent && repo.parentPath !== parent.path) {
+        this.updateGitRepository(repo.id, { parentPath: parent.path });
+        fixed++;
+      }
+    }
+    return { fixed };
+  }
+  createBookmarkedCommand(cmd) {
+    this.db.prepare(`
+      INSERT INTO bookmarked_commands (id, projectId, command, description, category)
+      VALUES ($id, $projectId, $command, $description, $category)
+    `).run({
+      $id: cmd.id,
+      $projectId: cmd.projectId ?? null,
+      $command: cmd.command,
+      $description: cmd.description ?? null,
+      $category: cmd.category ?? null
+    });
+    return this.getBookmarkedCommand(cmd.id);
+  }
+  getBookmarkedCommand(id) {
+    return this.db.prepare("SELECT * FROM bookmarked_commands WHERE id = ?").get(id);
+  }
+  getAllBookmarkedCommands() {
+    return this.db.prepare("SELECT * FROM bookmarked_commands ORDER BY createdAt DESC").all();
+  }
+  getBookmarkedCommandsByProject(projectId) {
+    if (projectId === null) {
+      return this.db.prepare("SELECT * FROM bookmarked_commands WHERE projectId IS NULL ORDER BY createdAt DESC").all();
+    }
+    return this.db.prepare("SELECT * FROM bookmarked_commands WHERE projectId = ? ORDER BY createdAt DESC").all(projectId);
+  }
+  getBookmarkedCommandsByCategory(category) {
+    return this.db.prepare("SELECT * FROM bookmarked_commands WHERE category = ? ORDER BY createdAt DESC").all(category);
+  }
+  updateBookmarkedCommand(id, updates) {
+    const fields = Object.keys(updates).filter((k) => k !== "id" && k !== "createdAt").map((k) => `${k} = $${k}`).join(", ");
+    if (!fields)
+      return;
+    const params = { $id: id };
+    for (const [k, v] of Object.entries(updates)) {
+      params[`$${k}`] = v ?? null;
+    }
+    this.db.prepare(`UPDATE bookmarked_commands SET ${fields} WHERE id = $id`).run(params);
+  }
+  deleteBookmarkedCommand(id) {
+    const result = this.db.prepare("DELETE FROM bookmarked_commands WHERE id = ?").run(id);
+    return result.changes > 0;
+  }
+  executeBookmarkedCommand(id) {
+    return this.getBookmarkedCommand(id);
+  }
+  createNotification(notification) {
+    this.db.prepare(`
+      INSERT INTO notifications (id, sessionName, projectId, type, title, message, status)
+      VALUES ($id, $sessionName, $projectId, $type, $title, $message, $status)
+    `).run({
+      $id: notification.id,
+      $sessionName: notification.sessionName ?? null,
+      $projectId: notification.projectId ?? null,
+      $type: notification.type,
+      $title: notification.title,
+      $message: notification.message,
+      $status: notification.status
+    });
+    return this.getNotification(notification.id);
+  }
+  getNotification(id) {
+    return this.db.prepare("SELECT * FROM notifications WHERE id = ?").get(id);
+  }
+  getAllNotifications() {
+    return this.db.prepare("SELECT * FROM notifications ORDER BY createdAt DESC").all();
+  }
+  getNotificationsByProject(projectId) {
+    if (projectId === null) {
+      return this.db.prepare("SELECT * FROM notifications WHERE projectId IS NULL ORDER BY createdAt DESC").all();
+    }
+    return this.db.prepare("SELECT * FROM notifications WHERE projectId = ? ORDER BY createdAt DESC").all(projectId);
+  }
+  getGlobalNotifications() {
+    return this.db.prepare("SELECT * FROM notifications WHERE projectId IS NULL ORDER BY createdAt DESC").all();
+  }
+  getUnreadNotifications() {
+    return this.db.prepare("SELECT * FROM notifications WHERE status = 'unread' ORDER BY createdAt DESC").all();
+  }
+  updateNotificationStatus(id, status) {
+    this.db.prepare("UPDATE notifications SET status = ? WHERE id = ?").run(status, id);
+  }
+  markAllNotificationsRead() {
+    const result = this.db.prepare("UPDATE notifications SET status = 'read' WHERE status = 'unread'").run();
+    return result.changes;
+  }
+  deleteNotification(id) {
+    const result = this.db.prepare("DELETE FROM notifications WHERE id = ?").run(id);
+    return result.changes > 0;
+  }
+  clearOldNotifications(olderThanDays = 30) {
+    const result = this.db.prepare("DELETE FROM notifications WHERE createdAt < datetime('now', '-' || ? || ' days')").run(olderThanDays);
+    return result.changes;
+  }
+  getPluginState(pluginName, key) {
+    const row = this.db.prepare("SELECT value FROM plugin_state WHERE pluginName = ? AND key = ?").get(pluginName, key);
+    return row?.value;
+  }
+  setPluginState(pluginName, key, value) {
+    this.db.prepare(`
+      INSERT INTO plugin_state (pluginName, key, value)
+      VALUES ($pluginName, $key, $value)
+      ON CONFLICT(pluginName, key) DO UPDATE SET value = $value, updatedAt = datetime('now')
+    `).run({ $pluginName: pluginName, $key: key, $value: value });
+  }
+  deletePluginState(pluginName, key) {
+    const result = this.db.prepare("DELETE FROM plugin_state WHERE pluginName = ? AND key = ?").run(pluginName, key);
+    return result.changes > 0;
+  }
+  getAllPluginState(pluginName) {
+    return this.db.prepare("SELECT key, value, updatedAt FROM plugin_state WHERE pluginName = ? ORDER BY key").all(pluginName);
+  }
+  deleteAllPluginState(pluginName) {
+    const result = this.db.prepare("DELETE FROM plugin_state WHERE pluginName = ?").run(pluginName);
+    return result.changes;
+  }
+  close() {
+    this.db.close();
+  }
+}
+
+// src/core/plugin-router.ts
+function createPluginRouter(pluginManager, deps) {
+  const router = new Elysia;
+  const publicPaths = [];
+  for (const plugin of pluginManager.getAllPlugins()) {
+    if (!plugin.createRoutes)
+      continue;
+    const prefix = plugin.apiPrefix || `/api/${plugin.name}`;
+    try {
+      const pluginRoutes = plugin.createRoutes(deps);
+      router.use(new Elysia({ prefix }).derive(() => ({
+        pluginContext: {
+          chain: [plugin.name],
+          parentPlugin: undefined,
+          activePlugin: plugin.name
+        }
+      })).use(pluginRoutes));
+      if (plugin.publicPaths) {
+        for (const p of plugin.publicPaths) {
+          publicPaths.push(`${prefix}${p}`);
+        }
+      }
+    } catch (err) {
+      console.error(`[plugin-router] Failed to mount routes for plugin '${plugin.name}':`, err);
+    }
+  }
+  return {
+    routes: router,
+    getPublicPaths: () => [...publicPaths]
+  };
+}
+
+// src/core/ui-server.ts
+import { join as join2, extname } from "path";
+var MIME_TYPES = {
+  ".html": "text/html",
+  ".js": "application/javascript",
+  ".mjs": "application/javascript",
+  ".css": "text/css",
+  ".json": "application/json",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".map": "application/json",
+  ".wasm": "application/wasm"
+};
+function getMimeType(filePath) {
+  return MIME_TYPES[extname(filePath).toLowerCase()] || "application/octet-stream";
+}
+var AUTH_BRIDGE_SCRIPT = `<script>
+window.__VIBE_AUTH__={apiKey:null};
+(function(){
+  var p=new URLSearchParams(window.location.search);
+  if(p.get('apiKey'))window.__VIBE_AUTH__.apiKey=p.get('apiKey');
+  window.addEventListener('message',function(e){
+    if(e.data&&e.data.type==='vibe-auth'&&e.data.apiKey){
+      window.__VIBE_AUTH__.apiKey=e.data.apiKey;
+      window.dispatchEvent(new CustomEvent('vibe-auth-ready'));
+    }
+  });
+})();
+</script>`;
+function injectAuthBridge(html) {
+  if (html.includes("</head>")) {
+    return html.replace("</head>", AUTH_BRIDGE_SCRIPT + "</head>");
+  }
+  if (html.includes("</body>")) {
+    return html.replace("</body>", AUTH_BRIDGE_SCRIPT + "</body>");
+  }
+  return html + AUTH_BRIDGE_SCRIPT;
+}
+function renderUIIndex(plugins) {
+  const items = plugins.map((p) => {
+    const tags = (p.tags || []).map((t) => `<span class="tag">${t}</span>`).join(" ");
+    return `<li><a href="/ui/${p.name}">${p.title || p.name}</a> ${tags}</li>`;
+  }).join(`
+`);
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>VibeControls - Plugin UIs</title>
+  <style>
+    body{font-family:system-ui,-apple-system,sans-serif;max-width:800px;margin:2rem auto;padding:0 1rem;background:#0a0a0a;color:#e0e0e0}
+    h1{color:#fff}a{color:#60a5fa;text-decoration:none}a:hover{text-decoration:underline}
+    ul{list-style:none;padding:0}li{padding:0.75rem 1rem;border:1px solid #333;border-radius:8px;margin-bottom:0.5rem;display:flex;align-items:center;gap:0.5rem}
+    .tag{font-size:0.75rem;padding:2px 8px;border-radius:4px;background:#1e3a5f;color:#93c5fd}
+    .empty{color:#888;font-style:italic}
+  </style>
+</head>
+<body>
+  <h1>VibeControls Plugin UIs</h1>
+  ${plugins.length > 0 ? `<ul>${items}</ul>` : '<p class="empty">No plugins with UIs installed.</p>'}
+</body>
+</html>`;
+}
+function createUIServer(pluginManager) {
+  return new Elysia({ prefix: "/ui" }).get("/", () => {
+    const plugins = pluginManager.getAllPlugins().filter((p) => p.ui).map((p) => ({
+      name: p.name,
+      title: p.ui?.title ?? p.name,
+      tags: p.tags
+    }));
+    return new Response(renderUIIndex(plugins), {
+      headers: { "Content-Type": "text/html; charset=utf-8" }
+    });
+  }).get("/*", async ({ params, set }) => {
+    const wildcard = params["*"] || "";
+    const parts = wildcard.split("/").filter(Boolean);
+    if (parts.length === 0) {
+      set.status = 404;
+      return { error: "Plugin not specified" };
+    }
+    const pluginKey = parts[0];
+    let plugin = pluginManager.getPluginByKey(pluginKey);
+    let subPath = parts.slice(1).join("/");
+    if (plugin && parts.length >= 2) {
+      const childPlugin = pluginManager.getPluginByKey(parts[1]);
+      if (childPlugin?.ui) {
+        plugin = childPlugin;
+        subPath = parts.slice(2).join("/");
+      }
+    }
+    if (!plugin?.ui) {
+      set.status = 404;
+      return { error: `No UI available for plugin '${pluginKey}'` };
+    }
+    if (plugin.ui.devUrl) {
+      try {
+        const targetUrl = new URL(subPath || "/", plugin.ui.devUrl).toString();
+        const resp = await fetch(targetUrl);
+        const body = await resp.arrayBuffer();
+        const headers = new Headers;
+        resp.headers.forEach((v, k) => headers.set(k, v));
+        return new Response(body, { status: resp.status, headers });
+      } catch {
+        set.status = 502;
+        return {
+          error: `Failed to proxy to dev server at ${plugin.ui.devUrl}`
+        };
+      }
+    }
+    if (plugin.ui.staticDir) {
+      const baseDir = plugin.ui.staticDir;
+      const requestedPath = subPath || "index.html";
+      const filePath = join2(baseDir, requestedPath);
+      if (!filePath.startsWith(baseDir)) {
+        set.status = 403;
+        return { error: "Access denied" };
+      }
+      const file = Bun.file(filePath);
+      if (await file.exists()) {
+        const contentType = getMimeType(filePath);
+        if (contentType === "text/html") {
+          const html = await file.text();
+          return new Response(injectAuthBridge(html), {
+            headers: { "Content-Type": "text/html; charset=utf-8" }
+          });
+        }
+        return new Response(file, {
+          headers: { "Content-Type": contentType }
+        });
+      }
+      const indexFile = Bun.file(join2(baseDir, "index.html"));
+      if (await indexFile.exists()) {
+        const html = await indexFile.text();
+        return new Response(injectAuthBridge(html), {
+          headers: { "Content-Type": "text/html; charset=utf-8" }
+        });
+      }
+      set.status = 404;
+      return { error: "File not found" };
+    }
+    set.status = 404;
+    return { error: "No UI configuration (neither staticDir nor devUrl)" };
+  });
+}
+
+// src/middleware/auth.ts
+import crypto from "crypto";
+import { join as join3 } from "path";
+import { homedir } from "os";
+import { existsSync as existsSync2, readFileSync } from "fs";
+var STATIC_EXEMPT_PREFIXES = [
+  "/health",
+  "/api/agent/identity",
+  "/api/agent/api-key",
+  "/api/agent/tunnel",
+  "/terminal/",
+  "/ws/",
+  "/ui/"
+];
+function isExempt(path, dynamicPaths) {
+  if (STATIC_EXEMPT_PREFIXES.some((prefix) => path.startsWith(prefix))) {
+    return true;
+  }
+  return dynamicPaths.some((prefix) => path.startsWith(prefix));
+}
+function generateApiKey() {
+  const bytes = crypto.randomBytes(32);
+  return `vcak_${bytes.toString("base64url")}`;
+}
+function loadStaticApiKey() {
+  const configFile = join3(homedir(), ".vibecontrols", "config.json");
+  if (existsSync2(configFile)) {
+    try {
+      const config = JSON.parse(readFileSync(configFile, "utf8"));
+      return config["static-api-key"] || undefined;
+    } catch {
+      return;
+    }
+  }
+  return;
+}
+function createAuthPlugin(getPluginPublicPaths) {
+  const envKey = process.env.AGENT_API_KEY;
+  const staticKey = loadStaticApiKey();
+  const apiKey = envKey || staticKey || generateApiKey();
+  logger.info("auth", `Agent API key: ${apiKey.substring(0, 12)}...`);
+  return new Elysia({ name: "plugin/auth" }).decorate("apiKey", apiKey).derive(({ headers, path }) => {
+    const dynamicPaths = getPluginPublicPaths?.() ?? [];
+    return {
+      isAuthenticated: (() => {
+        if (isExempt(path, dynamicPaths))
+          return true;
+        const providedKey = headers["x-agent-api-key"];
+        return providedKey === apiKey;
+      })()
+    };
+  }).onBeforeHandle(({ isAuthenticated, path, set }) => {
+    const dynamicPaths = getPluginPublicPaths?.() ?? [];
+    if (!isAuthenticated && !isExempt(path, dynamicPaths)) {
+      set.status = 401;
+      return { error: "Unauthorized", message: "Invalid or missing API key" };
+    }
+  });
+}
+
+// src/routes/health.routes.ts
+function createHealthRoutes(_serviceRegistry) {
+  return new Elysia({ prefix: "/health" }).get("/", () => ({
+    status: "ok",
+    timestamp: new Date().toISOString(),
+    uptime: process.uptime()
+  })).get("/live", () => ({ status: "ok" })).get("/ready", () => ({ status: "ok" }));
+}
+
+// src/ws/events.ws.ts
+import { EventEmitter } from "events";
+var eventBus = new EventEmitter;
+eventBus.setMaxListeners(100);
+function createEventsWs() {
+  const clients = new Set;
+  eventBus.on("ws:event", (event) => {
+    const json = JSON.stringify(event);
+    for (const client of clients) {
+      try {
+        client.send(json);
+      } catch {}
+    }
+  });
+  return new Elysia().ws("/ws/events", {
+    open(ws) {
+      const client = {
+        ws,
+        channels: new Set,
+        send: (data) => ws.send(data)
+      };
+      clients.add(client);
+      ws._client = client;
+      logger.info("ws-events", "Client connected", {
+        id: String(ws.id || "unknown")
+      });
+      ws.send(JSON.stringify({
+        type: "connected",
+        timestamp: new Date().toISOString()
+      }));
+    },
+    message(ws, message) {
+      try {
+        const data = typeof message === "string" ? JSON.parse(message) : message;
+        switch (data.type) {
+          case "subscribe": {
+            const client = ws._client;
+            if (client)
+              client.channels.add(data.channel);
+            logger.debug("ws-events", `Subscribed to ${data.channel}`);
+            break;
+          }
+          case "unsubscribe": {
+            const client = ws._client;
+            if (client)
+              client.channels.delete(data.channel);
+            logger.debug("ws-events", `Unsubscribed from ${data.channel}`);
+            break;
+          }
+          case "ping":
+            ws.send(JSON.stringify({
+              type: "pong",
+              timestamp: new Date().toISOString()
+            }));
+            break;
+          default:
+            logger.debug("ws-events", `Unknown message type: ${data.type}`);
+        }
+      } catch {
+        logger.warn("ws-events", "Failed to parse incoming message");
+      }
+    },
+    close(ws) {
+      const client = ws._client;
+      if (client)
+        clients.delete(client);
+      logger.info("ws-events", "Client disconnected");
+    }
+  });
+}
+// src/ws/terminal.ws.ts
+async function proxyToTtyd(port, upstreamPath, method, headers, body) {
+  const fetchHeaders = {};
+  for (const [k, v] of Object.entries(headers)) {
+    if (v && !["host", "connection"].includes(k.toLowerCase())) {
+      fetchHeaders[k] = v;
+    }
+  }
+  const init = { method, headers: fetchHeaders };
+  if (method !== "GET" && method !== "HEAD" && body) {
+    init.body = typeof body === "string" ? body : JSON.stringify(body);
+  }
+  return fetch(`http://127.0.0.1:${port}${upstreamPath}`, init);
+}
+async function resolveTtydPort(serviceRegistry, sessionId) {
+  const provider = serviceRegistry.getProvider("session");
+  if (!provider)
+    return null;
+  const terminal = await provider.getTerminalInfo(sessionId);
+  if (!terminal)
+    return null;
+  try {
+    process.kill(terminal.pid, 0);
+    return terminal.port;
+  } catch {
+    return null;
+  }
+}
+function createTerminalProxy(serviceRegistry) {
+  return new Elysia().all("/terminal/:sessionId", async ({ params, request, set }) => {
+    const port = await resolveTtydPort(serviceRegistry, params.sessionId);
+    if (!port) {
+      set.status = 502;
+      return { error: "Terminal not running for this session" };
+    }
+    const upstream = await proxyToTtyd(port, "/", request.method, Object.fromEntries(Object.entries(request.headers).map(([k, v]) => [k, v])));
+    set.status = upstream.status;
+    const buf = await upstream.arrayBuffer();
+    return new Response(buf, {
+      status: upstream.status,
+      headers: upstream.headers
+    });
+  }).all("/terminal/:sessionId/*", async ({ params, request, set }) => {
+    const sessionId = params.sessionId;
+    const wildcardPath = params["*"] || "";
+    const port = await resolveTtydPort(serviceRegistry, sessionId);
+    if (!port) {
+      set.status = 502;
+      return { error: "Terminal not running for this session" };
+    }
+    const upstream = await proxyToTtyd(port, `/${wildcardPath}`, request.method, Object.fromEntries(Object.entries(request.headers).map(([k, v]) => [k, v])));
+    set.status = upstream.status;
+    const buf = await upstream.arrayBuffer();
+    return new Response(buf, {
+      status: upstream.status,
+      headers: upstream.headers
+    });
+  }).ws("/terminal/:sessionId/ws", {
+    open(ws) {
+      const wsData = ws.data;
+      const sessionId = wsData.params?.sessionId;
+      if (!sessionId) {
+        ws.close(1008, "Missing sessionId");
+        return;
+      }
+      logger.info("terminal-ws", `Client connected for session ${sessionId}`);
+      resolveTtydPort(serviceRegistry, sessionId).then((port) => {
+        if (!port) {
+          logger.warn("terminal-ws", `No ttyd running for session ${sessionId}`);
+          ws.close(1011, "No terminal running");
+          return;
+        }
+        const upstreamUrl = `ws://127.0.0.1:${port}/ws`;
+        const upstreamWs = new WebSocket(upstreamUrl, ["tty"]);
+        const upstreamBuffer = [];
+        let upstreamReady = false;
+        upstreamWs.addEventListener("open", () => {
+          upstreamReady = true;
+          logger.info("terminal-ws", `Bridge established \u2192 port ${port}`, {
+            sessionId
+          });
+          for (const msg of upstreamBuffer) {
+            upstreamWs.send(msg);
+          }
+          upstreamBuffer.length = 0;
+        });
+        upstreamWs.addEventListener("message", (event) => {
+          try {
+            ws.send(event.data);
+          } catch {}
+        });
+        upstreamWs.addEventListener("close", (event) => {
+          logger.info("terminal-ws", `Upstream closed (code=${event.code})`, { sessionId });
+          try {
+            ws.close(1000, "Upstream closed");
+          } catch {}
+        });
+        upstreamWs.addEventListener("error", (event) => {
+          logger.error("terminal-ws", `Upstream error`, { sessionId });
+          try {
+            ws.close(1011, "Upstream error");
+          } catch {}
+        });
+        ws._upstream = upstreamWs;
+        ws._upstreamReady = () => upstreamReady;
+        ws._upstreamBuffer = upstreamBuffer;
+      });
+    },
+    message(ws, message) {
+      const upstreamWs = ws._upstream;
+      const isReady = ws._upstreamReady?.();
+      const buffer = ws._upstreamBuffer;
+      if (upstreamWs && isReady && upstreamWs.readyState === WebSocket.OPEN) {
+        upstreamWs.send(message);
+      } else if (buffer) {
+        buffer.push(message);
+      }
+    },
+    close(ws) {
+      const sessionId = ws.data.params?.sessionId;
+      logger.info("terminal-ws", `Client disconnected`, { sessionId });
+      const upstreamWs = ws._upstream;
+      if (upstreamWs && upstreamWs.readyState === WebSocket.OPEN) {
+        upstreamWs.close(1000, "Client disconnected");
+      }
+    }
+  });
+}
+// src/ws/logs.ws.ts
+var LEVEL_PRIORITY = {
+  debug: 0,
+  info: 1,
+  warn: 2,
+  error: 3
+};
+function createLogWs() {
+  return new Elysia().ws("/ws/logs", {
+    open(ws) {
+      logger.info("ws-logs", "Log stream client connected");
+      const filters = {
+        minLevel: "info",
+        source: ""
+      };
+      ws._filters = filters;
+      const onLog = (entry) => {
+        const f = ws._filters;
+        if (LEVEL_PRIORITY[entry.level] < LEVEL_PRIORITY[f.minLevel])
+          return;
+        if (f.source && !entry.source.includes(f.source))
+          return;
+        try {
+          ws.send(JSON.stringify(entry));
+        } catch {}
+      };
+      logger.on("log", onLog);
+      ws._logHandler = onLog;
+      ws.send(JSON.stringify({
+        type: "connected",
+        timestamp: new Date().toISOString()
+      }));
+    },
+    message(ws, message) {
+      try {
+        const data = typeof message === "string" ? JSON.parse(message) : message;
+        if (data.type === "filter") {
+          const filters = ws._filters;
+          if (data.level)
+            filters.minLevel = data.level;
+          if (data.source !== undefined)
+            filters.source = data.source;
+          ws.send(JSON.stringify({ type: "filter-updated", filters }));
+        }
+      } catch {}
+    },
+    close(ws) {
+      const handler = ws._logHandler;
+      if (handler) {
+        logger.removeListener("log", handler);
+      }
+      logger.info("ws-logs", "Log stream client disconnected");
+    }
+  });
+}
+// src/app.ts
+async function createApp(options) {
+  const { port, host, dbPath, logLevel, corsOrigin } = options;
+  if (logLevel) {
+    logger.setLevel(logLevel);
+  }
+  const db = new AgentDatabase(dbPath);
+  const serviceRegistry = new ServiceRegistry(db);
+  const pluginManager = new PluginManager(db);
+  await pluginManager.loadCorePlugins();
+  try {
+    await pluginManager.loadAll();
+  } catch (err) {
+    logger.warn("app", "Failed to load some external plugins", {
+      error: String(err)
+    });
+  }
+  logger.info("app", `Plugins loaded: ${pluginManager.getPluginDetails().length} total (${pluginManager.getPluginDetails().filter((p) => p.isCore).length} core)`);
+  try {
+    const gwGlobalUrl = db.getConfig("gateway-auth:globalGatewayUrl");
+    const gwClientId = db.getConfig("gateway-auth:clientId");
+    const gwClientSecret = db.getConfig("gateway-auth:clientSecret");
+    if (gwGlobalUrl && gwClientId && gwClientSecret) {
+      const gwWorkspaceUrl = db.getConfig("gateway-auth:workspaceGatewayUrl");
+      gatewayClient.configure({
+        globalGatewayUrl: gwGlobalUrl,
+        workspaceGatewayUrl: gwWorkspaceUrl,
+        clientId: gwClientId,
+        clientSecret: gwClientSecret
+      });
+      logger.info("app", "Restored gateway client config from database");
+    }
+  } catch (err) {
+    logger.warn("app", "Failed to restore gateway client config", {
+      error: String(err)
+    });
+  }
+  const storageProvider = {
+    async get(key) {
+      return db.getPluginState("_host", key) ?? null;
+    },
+    async set(key, value) {
+      db.setPluginState("_host", key, value);
+    },
+    async delete(key) {
+      return db.deletePluginState("_host", key);
+    },
+    async list() {
+      return db.getAllPluginState("_host");
+    },
+    async deleteAll() {
+      return db.deleteAllPluginState("_host");
+    }
+  };
+  const packageVersion = await getPackageVersion();
+  const hostServices = {
+    storage: storageProvider,
+    logger,
+    serviceRegistry,
+    getProvider: (type) => serviceRegistry.getProvider(type),
+    getAgentBaseUrl: () => process.env.AGENT_URL || `http://localhost:${port}`,
+    getAgentVersion: () => packageVersion
+  };
+  const { routes: pluginRoutes, getPublicPaths } = createPluginRouter(pluginManager, { db, serviceRegistry, pluginManager });
+  const uiServer = createUIServer(pluginManager);
+  const app = new Elysia().use(cors({
+    origin: corsOrigin || true,
+    credentials: true
+  })).use(createAuthPlugin(getPublicPaths)).onAfterHandle(({ request, set }) => {
+    const url = new URL(request.url).pathname;
+    const isNoisy = url === "/health" || url.startsWith("/api/logs/stream") || url.startsWith("/ui/");
+    const status = typeof set.status === "number" ? set.status : 200;
+    const level = isNoisy ? "debug" : status >= 400 ? "warn" : "info";
+    logger[level]("http", `${request.method} ${url} \u2192 ${status}`, {
+      method: request.method,
+      path: url,
+      statusCode: status
+    });
+  }).use(createHealthRoutes(serviceRegistry)).use(pluginRoutes).use(uiServer).use(createEventsWs()).use(createLogWs()).use(createTerminalProxy(serviceRegistry));
+  try {
+    await pluginManager.dispatchServerStart(app, hostServices);
+  } catch (err) {
+    logger.warn("app", "Error during plugin onServerStart dispatch", {
+      error: String(err)
+    });
+  }
+  return {
+    app,
+    db,
+    serviceRegistry,
+    pluginManager,
+    hostServices,
+    async start() {
+      app.listen({ port, hostname: host });
+      logger.info("app", `Agent server listening on ${host}:${port}`);
+      try {
+        await pluginManager.dispatchServerReady(app, hostServices);
+      } catch (err) {
+        logger.warn("app", "Error during plugin onServerReady dispatch", {
+          error: String(err)
+        });
+      }
+      return app;
+    },
+    async stop() {
+      try {
+        await pluginManager.dispatchServerStop();
+      } catch (err) {
+        logger.warn("app", "Error stopping plugins", { error: String(err) });
+      }
+      db.close();
+      logger.close();
+      logger.info("app", "Agent server stopped");
+    }
+  };
+}
+async function getPackageVersion() {
+  try {
+    const { readFileSync: readFileSync2 } = await import("fs");
+    const { join: join4, dirname } = await import("path");
+    const { fileURLToPath } = await import("url");
+    const __dirname2 = dirname(fileURLToPath(import.meta.url));
+    const packageJson = JSON.parse(readFileSync2(join4(__dirname2, "..", "package.json"), "utf8"));
+    return packageJson.version || "1.0.0";
+  } catch {
+    return "1.0.0";
+  }
+}
+
+export { createApp };
+
+//# debugId=A25F451BEB8F8D4E64756E2164756E21
+//# sourceMappingURL=app-6mmbmske.js.map