@cortask/gateway 0.1.0

package/dist/index.js

@@ -0,0 +1,1722 @@
+// src/server.ts
+import express from "express";
+import { createServer } from "http";
+import { WebSocketServer } from "ws";
+import cors from "cors";
+import path3 from "path";
+import fs from "fs";
+import { fileURLToPath } from "url";
+import {
+  loadConfig,
+  getDataDir,
+  WorkspaceManager,
+  SessionStore,
+  migrateAllWorkspaces,
+  EncryptedCredentialStore,
+  getOrCreateSecret,
+  createProvider as createProvider3,
+  AgentRunner,
+  builtinTools,
+  createCronTool,
+  createArtifactTool,
+  createBrowserTool,
+  createSubagentTool,
+  createSwitchWorkspaceTool,
+  setSubagentRunner,
+  cleanupSubagentRecords,
+  loadSkills as loadSkills2,
+  getEligibleSkills,
+  buildSkillTools,
+  CronService,
+  ArtifactStore,
+  UsageStore,
+  ModelStore,
+  TemplateStore,
+  logger as logger2
+} from "@cortask/core";
+import { TelegramAdapter, DiscordAdapter, WhatsAppAdapter as WhatsAppAdapter2 } from "@cortask/channels";
+
+// src/routes/workspaces.ts
+import { Router } from "express";
+import path from "path";
+function createWorkspaceRoutes(ctx) {
+  const router = Router();
+  router.get("/", async (_req, res) => {
+    try {
+      const workspaces = await ctx.workspaceManager.list();
+      res.json(workspaces);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:id", async (req, res) => {
+    try {
+      const workspace = await ctx.workspaceManager.get(req.params.id);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      res.json(workspace);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/", async (req, res) => {
+    try {
+      const { name, rootPath } = req.body;
+      if (!name) {
+        res.status(400).json({ error: "name is required" });
+        return;
+      }
+      const workspace = await ctx.workspaceManager.create(name, rootPath || void 0);
+      res.status(201).json(workspace);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.put("/reorder", async (req, res) => {
+    try {
+      const { ids } = req.body;
+      if (!Array.isArray(ids)) {
+        res.status(400).json({ error: "ids array required" });
+        return;
+      }
+      await ctx.workspaceManager.reorder(ids);
+      res.json({ ok: true });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.put("/:id", async (req, res) => {
+    try {
+      await ctx.workspaceManager.update(req.params.id, req.body);
+      const updated = await ctx.workspaceManager.get(req.params.id);
+      res.json(updated);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.delete("/:id", async (req, res) => {
+    try {
+      await ctx.workspaceManager.delete(req.params.id);
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/:id/open", async (req, res) => {
+    try {
+      const workspace = await ctx.workspaceManager.open(req.params.id);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      res.json(workspace);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:id/files/*", async (req, res) => {
+    try {
+      const workspace = await ctx.workspaceManager.get(req.params.id);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      const relPath = req.params["0"];
+      if (!relPath) {
+        res.status(400).json({ error: "File path required" });
+        return;
+      }
+      const fullPath = path.resolve(workspace.rootPath, relPath);
+      if (!fullPath.startsWith(path.resolve(workspace.rootPath))) {
+        res.status(403).json({ error: "Path outside workspace" });
+        return;
+      }
+      res.sendFile(fullPath, (err) => {
+        if (err) {
+          res.status(404).json({ error: "File not found" });
+        }
+      });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/sessions.ts
+import { Router as Router2 } from "express";
+function createSessionRoutes(ctx) {
+  const router = Router2();
+  router.get("/", async (req, res) => {
+    try {
+      const workspaceId = req.query.workspaceId;
+      if (!workspaceId) {
+        res.status(400).json({ error: "workspaceId query param required" });
+        return;
+      }
+      const workspace = await ctx.workspaceManager.get(workspaceId);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      const store = ctx.getSessionStore(workspace.rootPath);
+      const sessions = store.listSessions();
+      res.json(sessions);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:id", async (req, res) => {
+    try {
+      const workspaceId = req.query.workspaceId;
+      if (!workspaceId) {
+        res.status(400).json({ error: "workspaceId query param required" });
+        return;
+      }
+      const workspace = await ctx.workspaceManager.get(workspaceId);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      const store = ctx.getSessionStore(workspace.rootPath);
+      const session = store.getSession(req.params.id);
+      if (!session) {
+        res.status(404).json({ error: "Session not found" });
+        return;
+      }
+      res.json(session);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.delete("/:id", async (req, res) => {
+    try {
+      const workspaceId = req.query.workspaceId;
+      if (!workspaceId) {
+        res.status(400).json({ error: "workspaceId query param required" });
+        return;
+      }
+      const workspace = await ctx.workspaceManager.get(workspaceId);
+      if (!workspace) {
+        res.status(404).json({ error: "Workspace not found" });
+        return;
+      }
+      const store = ctx.getSessionStore(workspace.rootPath);
+      store.deleteSession(req.params.id);
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/credentials.ts
+import { Router as Router3 } from "express";
+import { clearSkillCache } from "@cortask/core";
+function createCredentialRoutes(ctx) {
+  const router = Router3();
+  router.get("/", async (_req, res) => {
+    try {
+      const keys = await ctx.credentialStore.list();
+      res.json(keys);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/", async (req, res) => {
+    try {
+      const { key, value } = req.body;
+      if (!key || !value) {
+        res.status(400).json({ error: "key and value are required" });
+        return;
+      }
+      await ctx.credentialStore.set(key, value);
+      clearSkillCache();
+      res.status(201).json({ key });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:key", async (req, res) => {
+    try {
+      const value = await ctx.credentialStore.get(req.params.key);
+      if (value === null) {
+        res.status(404).json({ error: "Key not found" });
+        return;
+      }
+      res.json({ key: req.params.key, value });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.delete("/:key", async (req, res) => {
+    try {
+      await ctx.credentialStore.delete(req.params.key);
+      clearSkillCache();
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/providers.ts
+import { Router as Router4 } from "express";
+import { createProvider, saveConfig } from "@cortask/core";
+var PROVIDERS = [
+  { id: "anthropic", name: "Anthropic", defaultModel: "claude-sonnet-4-5-20250929", credKey: "provider.anthropic.apiKey" },
+  { id: "openai", name: "OpenAI", defaultModel: "gpt-4o", credKey: "provider.openai.apiKey" },
+  { id: "google", name: "Google", defaultModel: "gemini-2.0-flash", credKey: "provider.google.apiKey" },
+  { id: "moonshot", name: "Moonshot", defaultModel: "moonshot-v1-8k", credKey: "provider.moonshot.apiKey" },
+  { id: "grok", name: "Grok", defaultModel: "grok-3-latest", credKey: "provider.grok.apiKey" },
+  { id: "openrouter", name: "OpenRouter", defaultModel: "openai/gpt-4o", credKey: "provider.openrouter.apiKey" },
+  { id: "minimax", name: "MiniMax", defaultModel: "MiniMax-Text-01", credKey: "provider.minimax.apiKey" },
+  { id: "ollama", name: "Ollama", defaultModel: "llama3", credKey: "provider.ollama.host" }
+];
+function createProviderRoutes(ctx) {
+  const router = Router4();
+  router.get("/", async (_req, res) => {
+    try {
+      const providers = await Promise.all(
+        PROVIDERS.map(async (p) => {
+          const providerConfig = ctx.config.providers[p.id];
+          const configModel = providerConfig?.model;
+          return {
+            id: p.id,
+            name: p.name,
+            defaultModel: configModel || p.defaultModel,
+            configured: await ctx.credentialStore.has(p.credKey),
+            isDefault: ctx.config.providers.default === p.id
+          };
+        })
+      );
+      res.json(providers);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.put("/default", async (req, res) => {
+    try {
+      const { providerId, model } = req.body;
+      if (!providerId || !model) {
+        res.status(400).json({ error: "providerId and model are required" });
+        return;
+      }
+      ctx.config.providers.default = providerId;
+      const key = providerId;
+      if (key in ctx.config.providers) {
+        ctx.config.providers[key] = { model };
+      }
+      await saveConfig(ctx.configPath, ctx.config);
+      res.json({ providerId, model });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/:id/test", async (req, res) => {
+    try {
+      const providerId = req.params.id;
+      const provMeta = PROVIDERS.find((p) => p.id === providerId);
+      const apiKey = await ctx.credentialStore.get(
+        provMeta?.credKey ?? `provider.${providerId}.apiKey`
+      );
+      if (!apiKey) {
+        res.status(400).json({ error: "No API key configured" });
+        return;
+      }
+      const provider = createProvider(providerId, apiKey);
+      const result = await provider.generateText({
+        model: PROVIDERS.find((p) => p.id === providerId)?.defaultModel ?? "claude-sonnet-4-5-20250929",
+        messages: [{ role: "user", content: "Say hi in 3 words" }],
+        maxTokens: 20
+      });
+      res.json({
+        success: true,
+        response: result.content,
+        usage: result.usage
+      });
+    } catch (err) {
+      res.status(500).json({
+        success: false,
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  return router;
+}
+
+// src/routes/skills.ts
+import crypto from "crypto";
+import { Router as Router5 } from "express";
+import path2 from "path";
+import {
+  loadSkills,
+  clearSkillCache as clearSkillCache2,
+  installSkillFromGit,
+  removeSkill,
+  getCredentialStorageKey,
+  getOAuth2StorageKeys,
+  buildSkillOAuth2AuthUrl,
+  exchangeSkillOAuth2Code,
+  revokeSkillOAuth2
+} from "@cortask/core";
+var oauthStates = /* @__PURE__ */ new Map();
+var STATE_TTL_MS = 10 * 60 * 1e3;
+setInterval(() => {
+  const now = Date.now();
+  for (const [key, val] of oauthStates) {
+    if (now - val.createdAt > STATE_TTL_MS) {
+      oauthStates.delete(key);
+    }
+  }
+}, 6e4).unref();
+function oauthHtml(title, message, script) {
+  return `<html><body><h2>${title}</h2><p>${message}</p>${script ? `<script>${script}</script>` : "<p>You can close this tab.</p>"}</body></html>`;
+}
+function createSkillRoutes(ctx) {
+  const router = Router5();
+  const bundledDir = ctx.bundledSkillsDir;
+  const userSkillsDir = path2.join(ctx.dataDir, "skills");
+  async function findSkillAndOAuth(name) {
+    const skills = await loadSkills(
+      bundledDir,
+      userSkillsDir,
+      ctx.config.skills.dirs,
+      ctx.credentialStore
+    );
+    const skill = skills.find((s) => s.manifest.name === name);
+    if (!skill) return null;
+    const oauth2Cred = skill.credentialSchema?.credentials.find((c) => c.type === "oauth2");
+    return { skill, oauth2Cred };
+  }
+  router.get("/", async (_req, res) => {
+    try {
+      const skills = await loadSkills(
+        bundledDir,
+        userSkillsDir,
+        ctx.config.skills.dirs,
+        ctx.credentialStore
+      );
+      const result = skills.map((s) => ({
+        name: s.manifest.name,
+        description: s.manifest.description,
+        eligible: s.eligible,
+        ineligibleReason: s.ineligibleReason,
+        source: s.source,
+        editable: s.editable,
+        hasCodeTools: s.hasCodeTools,
+        toolCount: (s.manifest.tools?.length ?? 0) + (s.hasCodeTools ? 1 : 0),
+        tags: s.manifest.metadata?.tags ?? [],
+        homepage: s.manifest.metadata?.homepage ?? null,
+        content: s.content,
+        installOptions: s.installOptions,
+        credentialSchema: s.credentialSchema,
+        credentialStatus: s.credentialStatus
+      }));
+      res.json(result);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/install", async (req, res) => {
+    try {
+      const { gitUrl } = req.body;
+      if (!gitUrl) {
+        res.status(400).json({ error: "gitUrl is required" });
+        return;
+      }
+      const result = await installSkillFromGit(gitUrl, userSkillsDir);
+      clearSkillCache2();
+      res.status(201).json(result);
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.delete("/:name", async (req, res) => {
+    try {
+      await removeSkill(req.params.name, userSkillsDir);
+      clearSkillCache2();
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.get("/:name/oauth2/authorize", async (req, res) => {
+    try {
+      const name = req.params.name;
+      const result = await findSkillAndOAuth(name);
+      if (!result || !result.oauth2Cred?.oauth) {
+        res.status(400).json({ error: "Skill not found or has no OAuth2 config" });
+        return;
+      }
+      const credentialId = result.oauth2Cred.id;
+      const clientIdKey = getCredentialStorageKey(name, credentialId, "clientId", result.oauth2Cred.storeAs);
+      const clientId = await ctx.credentialStore.get(clientIdKey);
+      if (!clientId) {
+        res.status(400).json({ error: "Client ID not configured. Save it before authorizing." });
+        return;
+      }
+      const state = crypto.randomBytes(16).toString("hex");
+      oauthStates.set(state, { skillName: name, credentialId, createdAt: Date.now() });
+      const proto = req.headers["x-forwarded-proto"] || req.protocol || "http";
+      const host = req.headers["x-forwarded-host"] || req.headers.host || "localhost:3777";
+      const gatewayBaseUrl = `${proto}://${host}`;
+      const redirectUri = `${gatewayBaseUrl}/api/skills/${encodeURIComponent(name)}/oauth2/callback`;
+      const authorizationUrl = buildSkillOAuth2AuthUrl(
+        name,
+        result.oauth2Cred.oauth,
+        clientId,
+        redirectUri,
+        state
+      );
+      res.json({ authorizationUrl, redirectUri });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:name/oauth2/redirect-uri", (req, res) => {
+    const name = req.params.name;
+    const proto = req.headers["x-forwarded-proto"] || req.protocol || "http";
+    const host = req.headers["x-forwarded-host"] || req.headers.host || "localhost:3777";
+    const gatewayBaseUrl = `${proto}://${host}`;
+    const redirectUri = `${gatewayBaseUrl}/api/skills/${encodeURIComponent(name)}/oauth2/callback`;
+    res.json({ redirectUri });
+  });
+  router.get("/:name/oauth2/callback", async (req, res) => {
+    const { code, state, error: oauthError } = req.query;
+    const name = req.params.name;
+    if (oauthError) {
+      res.status(400).send(oauthHtml("OAuth Error", oauthError));
+      return;
+    }
+    if (!code || !state) {
+      res.status(400).send(oauthHtml("Error", "Missing code or state parameter."));
+      return;
+    }
+    const stateEntry = oauthStates.get(state);
+    if (!stateEntry || stateEntry.skillName !== name) {
+      res.status(400).send(oauthHtml("Error", "Invalid or expired OAuth state. Please try again."));
+      return;
+    }
+    oauthStates.delete(state);
+    if (Date.now() - stateEntry.createdAt > STATE_TTL_MS) {
+      res.status(400).send(oauthHtml("Error", "OAuth state expired. Please try again."));
+      return;
+    }
+    try {
+      const result = await findSkillAndOAuth(name);
+      if (!result || !result.oauth2Cred?.oauth) {
+        res.status(400).send(oauthHtml("Error", "Skill not found or has no OAuth2 config."));
+        return;
+      }
+      const credentialId = result.oauth2Cred.id;
+      const clientIdKey = getCredentialStorageKey(name, credentialId, "clientId", result.oauth2Cred.storeAs);
+      const clientSecretKey = getCredentialStorageKey(name, credentialId, "clientSecret", result.oauth2Cred.storeAs);
+      const clientId = await ctx.credentialStore.get(clientIdKey);
+      const clientSecret = await ctx.credentialStore.get(clientSecretKey);
+      if (!clientId || !clientSecret) {
+        res.status(400).send(oauthHtml("Error", "OAuth client credentials not configured."));
+        return;
+      }
+      const proto = req.headers["x-forwarded-proto"] || req.protocol || "http";
+      const host = req.headers["x-forwarded-host"] || req.headers.host || "localhost:3777";
+      const gatewayBaseUrl = `${proto}://${host}`;
+      const redirectUri = `${gatewayBaseUrl}/api/skills/${encodeURIComponent(name)}/oauth2/callback`;
+      await exchangeSkillOAuth2Code(
+        name,
+        credentialId,
+        result.oauth2Cred.oauth,
+        clientId,
+        clientSecret,
+        code,
+        redirectUri,
+        ctx.credentialStore
+      );
+      clearSkillCache2();
+      res.send(oauthHtml(
+        "Authorization Successful",
+        `Skill "${name}" has been authorized.`,
+        `if (window.opener) { window.opener.postMessage({ type: "oauth-success", skill: "${name}" }, "*"); }`
+      ));
+    } catch (err) {
+      res.status(500).send(oauthHtml("Error", `Token exchange failed: ${err instanceof Error ? err.message : String(err)}`));
+    }
+  });
+  router.get("/:name/oauth2/status", async (req, res) => {
+    try {
+      const name = req.params.name;
+      const result = await findSkillAndOAuth(name);
+      if (!result || !result.oauth2Cred) {
+        res.status(400).json({ error: "Skill not found or has no OAuth2 config" });
+        return;
+      }
+      const keys = getOAuth2StorageKeys(name, result.oauth2Cred.id);
+      const hasToken = await ctx.credentialStore.has(keys.accessToken);
+      const expiresAtStr = await ctx.credentialStore.get(keys.expiresAt);
+      const hasRefresh = await ctx.credentialStore.has(keys.refreshToken);
+      let expiresAt = null;
+      let expired = false;
+      if (expiresAtStr) {
+        expiresAt = parseInt(expiresAtStr, 10);
+        expired = !isNaN(expiresAt) && Date.now() >= expiresAt;
+      }
+      res.json({ connected: hasToken, expired, expiresAt, hasRefreshToken: hasRefresh });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/:name/oauth2/revoke", async (req, res) => {
+    try {
+      const name = req.params.name;
+      const result = await findSkillAndOAuth(name);
+      if (!result || !result.oauth2Cred) {
+        res.status(400).json({ error: "Skill not found or has no OAuth2 config" });
+        return;
+      }
+      await revokeSkillOAuth2(name, result.oauth2Cred.id, ctx.credentialStore);
+      clearSkillCache2();
+      res.json({ ok: true });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/cron.ts
+import { Router as Router6 } from "express";
+function createCronRoutes(cronService) {
+  const router = Router6();
+  router.get("/", (_req, res) => {
+    try {
+      const jobs = cronService.list();
+      const result = jobs.map((job) => {
+        const state = cronService.getState(job.id);
+        return { ...job, state };
+      });
+      res.json(result);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/:id", (req, res) => {
+    try {
+      const job = cronService.getJob(req.params.id);
+      if (!job) {
+        res.status(404).json({ error: "Job not found" });
+        return;
+      }
+      const state = cronService.getState(job.id);
+      res.json({ ...job, state });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/", (req, res) => {
+    try {
+      const input = req.body;
+      if (!input.name || !input.schedule || !input.prompt) {
+        res.status(400).json({ error: "name, schedule, and prompt are required" });
+        return;
+      }
+      const job = cronService.add(input);
+      res.status(201).json(job);
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.put("/:id", (req, res) => {
+    try {
+      const updated = cronService.update(req.params.id, req.body);
+      if (!updated) {
+        res.status(404).json({ error: "Job not found" });
+        return;
+      }
+      res.json(updated);
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.delete("/:id", (req, res) => {
+    try {
+      const removed = cronService.remove(req.params.id);
+      if (!removed) {
+        res.status(404).json({ error: "Job not found" });
+        return;
+      }
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.post("/:id/run", async (req, res) => {
+    try {
+      await cronService.runNow(req.params.id);
+      res.json({ status: "executed" });
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  return router;
+}
+
+// src/routes/channels.ts
+import { Router as Router7 } from "express";
+import { WhatsAppAdapter } from "@cortask/channels";
+
+// src/ws.ts
+import { logger } from "@cortask/core";
+function broadcastChannelStatus(wss, status) {
+  const data = JSON.stringify({ type: "channel:status", ...status });
+  for (const client of wss.clients) {
+    if (client.readyState === client.OPEN) {
+      client.send(data);
+    }
+  }
+}
+function broadcastSessionRefresh(wss, workspaceId) {
+  const data = JSON.stringify({ type: "session:refresh", workspaceId });
+  for (const client of wss.clients) {
+    if (client.readyState === client.OPEN) {
+      client.send(data);
+    }
+  }
+}
+var pendingPermissions = /* @__PURE__ */ new Map();
+var pendingQuestionnaires = /* @__PURE__ */ new Map();
+var activeRuns = /* @__PURE__ */ new Map();
+function handleWebSocket(ws, ctx) {
+  logger.info("WebSocket client connected", "gateway");
+  ws.on("message", async (raw) => {
+    let msg;
+    try {
+      msg = JSON.parse(raw.toString());
+    } catch {
+      sendError(ws, "", "Invalid JSON");
+      return;
+    }
+    if (msg.type === "chat") {
+      await handleChat(ws, msg, ctx);
+    } else if (msg.type === "cancel") {
+      logger.info(`Cancel requested for session ${msg.sessionKey}`, "gateway");
+      const controller = activeRuns.get(msg.sessionKey);
+      if (controller) {
+        controller.abort();
+        activeRuns.delete(msg.sessionKey);
+      }
+    } else if (msg.type === "permission_response") {
+      const resolver = pendingPermissions.get(msg.requestId);
+      if (resolver) {
+        resolver(msg.approved);
+        pendingPermissions.delete(msg.requestId);
+      }
+    } else if (msg.type === "questionnaire_response") {
+      const resolver = pendingQuestionnaires.get(msg.requestId);
+      if (resolver) {
+        resolver(msg.responses);
+        pendingQuestionnaires.delete(msg.requestId);
+      }
+    }
+  });
+  ws.on("close", () => {
+    logger.info("WebSocket client disconnected", "gateway");
+    for (const [id, controller] of activeRuns) {
+      controller.abort();
+      activeRuns.delete(id);
+    }
+    for (const [id, resolver] of pendingPermissions) {
+      resolver(false);
+      pendingPermissions.delete(id);
+    }
+  });
+}
+function checkSpendingLimit(ctx) {
+  const { spending } = ctx.config;
+  if (!spending.enabled) return null;
+  const summary = ctx.usageStore.getSummary(spending.period);
+  if (spending.maxTokens && summary.totalTokens >= spending.maxTokens) {
+    return `Spending limit reached: ${summary.totalTokens.toLocaleString()} / ${spending.maxTokens.toLocaleString()} tokens (${spending.period})`;
+  }
+  if (spending.maxCostUsd && summary.totalCostUsd >= spending.maxCostUsd) {
+    return `Spending limit reached: $${summary.totalCostUsd.toFixed(2)} / $${spending.maxCostUsd.toFixed(2)} (${spending.period})`;
+  }
+  return null;
+}
+async function handleChat(ws, msg, ctx) {
+  const abortController = new AbortController();
+  activeRuns.set(msg.sessionKey, abortController);
+  try {
+    const limitError = checkSpendingLimit(ctx);
+    if (limitError) {
+      sendError(ws, msg.sessionKey, limitError);
+      return;
+    }
+    const workspace = await ctx.workspaceManager.get(msg.workspaceId);
+    if (!workspace) {
+      sendError(ws, msg.sessionKey, "Workspace not found");
+      return;
+    }
+    const runner = await ctx.createAgentRunner(workspace.rootPath, {
+      onPermissionRequest: async (req) => {
+        return new Promise((resolve) => {
+          pendingPermissions.set(req.id, resolve);
+          send(ws, {
+            type: "permission_request",
+            requestId: req.id,
+            description: req.description,
+            details: req.details
+          });
+          setTimeout(() => {
+            if (pendingPermissions.has(req.id)) {
+              pendingPermissions.delete(req.id);
+              resolve(false);
+            }
+          }, 6e4);
+        });
+      },
+      onQuestionnaireRequest: async (req) => {
+        return new Promise((resolve) => {
+          pendingQuestionnaires.set(req.id, resolve);
+          send(ws, {
+            type: "questionnaire_request",
+            requestId: req.id,
+            data: {
+              title: req.title,
+              description: req.description,
+              questions: req.questions
+            }
+          });
+        });
+      }
+    });
+    for await (const event of runner.runStream({
+      prompt: msg.message,
+      attachments: msg.attachments,
+      sessionId: msg.sessionKey,
+      workspaceId: msg.workspaceId,
+      signal: abortController.signal
+    })) {
+      if (ws.readyState !== ws.OPEN || abortController.signal.aborted) break;
+      switch (event.type) {
+        case "thinking_delta":
+          send(ws, {
+            type: "thinking_delta",
+            sessionKey: msg.sessionKey,
+            text: event.text
+          });
+          break;
+        case "text_delta":
+          send(ws, {
+            type: "text_delta",
+            sessionKey: msg.sessionKey,
+            text: event.text
+          });
+          break;
+        case "tool_call_start":
+          send(ws, {
+            type: "tool_call_start",
+            sessionKey: msg.sessionKey,
+            toolName: event.toolName,
+            toolCallId: event.toolCallId
+          });
+          break;
+        case "tool_result":
+          send(ws, {
+            type: "tool_result",
+            sessionKey: msg.sessionKey,
+            toolCallId: event.toolCallId,
+            toolName: event.toolName,
+            toolArgs: event.toolArgs,
+            content: event.toolResult?.content,
+            isError: event.toolResult?.isError
+          });
+          break;
+        case "done":
+          if (event.usage) {
+            try {
+              const providerId = ctx.config.providers.default || "anthropic";
+              const providerConfig = ctx.config.providers[providerId];
+              const model = (typeof providerConfig === "object" && providerConfig && "model" in providerConfig ? providerConfig.model : void 0) || getDefaultModel(providerId);
+              ctx.usageStore.record(
+                providerId,
+                model,
+                event.usage.inputTokens,
+                event.usage.outputTokens
+              );
+            } catch (err) {
+              logger.error(`Failed to record usage: ${err}`, "gateway");
+            }
+          }
+          send(ws, {
+            type: "done",
+            sessionKey: msg.sessionKey,
+            usage: event.usage
+          });
+          break;
+        case "error":
+          sendError(ws, msg.sessionKey, event.error ?? "Unknown error");
+          break;
+      }
+    }
+  } catch (err) {
+    if (!abortController.signal.aborted) {
+      sendError(
+        ws,
+        msg.sessionKey,
+        err instanceof Error ? err.message : String(err)
+      );
+    }
+  } finally {
+    activeRuns.delete(msg.sessionKey);
+  }
+}
+function send(ws, data) {
+  if (ws.readyState === ws.OPEN) {
+    ws.send(JSON.stringify(data));
+  }
+}
+function sendError(ws, sessionKey, error) {
+  send(ws, { type: "error", sessionKey, error });
+}
+
+// src/routes/channels.ts
+function createChannelRoutes(channels, ctx, createChannel, wss) {
+  const router = Router7();
+  const KNOWN_CHANNELS = [
+    { id: "telegram", name: "Telegram" },
+    { id: "whatsapp", name: "WhatsApp" },
+    { id: "discord", name: "Discord" }
+  ];
+  router.get("/", (_req, res) => {
+    const result = KNOWN_CHANNELS.map((def) => {
+      const ch = channels.get(def.id);
+      const base = { id: def.id, name: ch?.name ?? def.name, running: ch?.isRunning() ?? false };
+      if (def.id === "whatsapp") {
+        const wa = ch;
+        return { ...base, authenticated: wa?.isAuthenticated() ?? new WhatsAppAdapter().isAuthenticated() };
+      }
+      return base;
+    });
+    res.json(result);
+  });
+  router.post("/:id/start", async (req, res) => {
+    const { id } = req.params;
+    let channel = channels.get(id);
+    if (!channel) {
+      try {
+        const created = await createChannel(id);
+        if (!created) {
+          res.status(400).json({ error: `No credentials configured for ${id}` });
+          return;
+        }
+        channel = created;
+      } catch (err) {
+        res.status(400).json({
+          error: err instanceof Error ? err.message : String(err)
+        });
+        return;
+      }
+      channels.set(id, channel);
+    }
+    try {
+      await channel.start();
+      await ctx.credentialStore.set(`channel.${id}.enabled`, "true");
+      broadcastChannelStatus(wss, { channelId: id, running: true, authenticated: true });
+      res.json({ id, name: channel.name, running: true });
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.post("/:id/stop", async (req, res) => {
+    const channel = channels.get(req.params.id);
+    if (!channel) {
+      res.status(404).json({ error: "Channel not found" });
+      return;
+    }
+    try {
+      await channel.stop();
+      await ctx.credentialStore.delete(`channel.${req.params.id}.enabled`);
+      broadcastChannelStatus(wss, { channelId: req.params.id, running: false, authenticated: false });
+      res.json({ id: req.params.id, name: channel.name, running: false });
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.post("/whatsapp/qr", async (_req, res) => {
+    try {
+      let wa = channels.get("whatsapp");
+      if (!wa) {
+        const created = await createChannel("whatsapp");
+        if (!created) {
+          res.status(500).json({ error: "Failed to create WhatsApp adapter" });
+          return;
+        }
+        wa = created;
+        channels.set("whatsapp", wa);
+      }
+      const result = await wa.generateQR();
+      res.json(result);
+      if (result.success) {
+        const pollInterval = 2e3;
+        const maxPolls = 30;
+        let polls = 0;
+        const poller = setInterval(async () => {
+          polls++;
+          try {
+            if (wa.isAuthenticated() && !wa.isRunning()) {
+              clearInterval(poller);
+              await wa.start();
+              await ctx.credentialStore.set("channel.whatsapp.enabled", "true");
+              broadcastChannelStatus(wss, { channelId: "whatsapp", running: true, authenticated: true });
+            } else if (polls >= maxPolls) {
+              clearInterval(poller);
+              if (wa.isAuthenticated()) {
+                broadcastChannelStatus(wss, { channelId: "whatsapp", running: false, authenticated: true });
+              }
+            }
+          } catch (err) {
+            clearInterval(poller);
+            console.error("[whatsapp] Auto-start failed:", err);
+          }
+        }, pollInterval);
+      }
+    } catch (err) {
+      res.status(500).json({
+        success: false,
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.post("/whatsapp/logout", async (_req, res) => {
+    const wa = channels.get("whatsapp");
+    if (!wa) {
+      new WhatsAppAdapter().logout();
+      res.json({ success: true });
+      return;
+    }
+    try {
+      await wa.logout();
+      await ctx.credentialStore.delete("channel.whatsapp.enabled");
+      broadcastChannelStatus(wss, { channelId: "whatsapp", running: false, authenticated: false });
+      res.json({ success: true });
+    } catch (err) {
+      res.status(500).json({
+        error: err instanceof Error ? err.message : String(err)
+      });
+    }
+  });
+  router.get("/whatsapp/contacts", async (_req, res) => {
+    try {
+      const json = await ctx.credentialStore.get("channel.whatsapp.trustedContacts");
+      const contacts = json ? JSON.parse(json) : [];
+      res.json(contacts);
+    } catch (err) {
+      res.status(500).json({ error: err instanceof Error ? err.message : String(err) });
+    }
+  });
+  router.put("/whatsapp/contacts", async (req, res) => {
+    try {
+      const contacts = req.body;
+      await ctx.credentialStore.set("channel.whatsapp.trustedContacts", JSON.stringify(contacts));
+      const wa = channels.get("whatsapp");
+      if (wa) {
+        wa.setTrustedContacts(contacts);
+      }
+      res.json(contacts);
+    } catch (err) {
+      res.status(500).json({ error: err instanceof Error ? err.message : String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/artifacts.ts
+import { Router as Router8 } from "express";
+function createArtifactRoutes(artifactStore) {
+  const router = Router8();
+  router.get("/:id", (req, res) => {
+    const artifact = artifactStore.get(req.params.id);
+    if (!artifact) {
+      res.status(404).json({ error: "Artifact not found or expired" });
+      return;
+    }
+    if (req.query.raw !== void 0) {
+      res.setHeader("Content-Type", artifact.mimeType);
+      if (artifact.type === "image") {
+        res.send(Buffer.from(artifact.content, "base64"));
+      } else {
+        res.send(artifact.content);
+      }
+      return;
+    }
+    res.json({
+      id: artifact.id,
+      type: artifact.type,
+      title: artifact.title,
+      content: artifact.content,
+      mimeType: artifact.mimeType,
+      createdAt: artifact.createdAt
+    });
+  });
+  router.get("/", (_req, res) => {
+    const artifacts = artifactStore.list();
+    res.json(
+      artifacts.map((a) => ({
+        id: a.id,
+        type: a.type,
+        title: a.title,
+        mimeType: a.mimeType,
+        createdAt: a.createdAt
+      }))
+    );
+  });
+  return router;
+}
+
+// src/routes/onboarding.ts
+import { Router as Router9 } from "express";
+import { saveConfig as saveConfig2, AVAILABLE_PROVIDERS } from "@cortask/core";
+function createOnboardingRoutes(ctx) {
+  const router = Router9();
+  router.get("/status", async (_req, res) => {
+    try {
+      const hasProvider = await Promise.any(
+        AVAILABLE_PROVIDERS.flatMap((p) => [
+          ctx.credentialStore.has(`provider.${p.id}.apiKey`),
+          ctx.credentialStore.has(`provider.${p.id}.host`)
+        ])
+      ).catch(() => false);
+      const workspaces = await ctx.workspaceManager.list();
+      const hasWorkspace = workspaces.length > 0;
+      res.json({
+        completed: ctx.config.onboarded === true,
+        hasProvider,
+        hasWorkspace
+      });
+    } catch (error) {
+      res.status(500).json({
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+    }
+  });
+  router.post("/complete", async (req, res) => {
+    try {
+      const { provider } = req.body;
+      const isOllama = provider?.type === "ollama";
+      if (!provider?.type || !provider?.apiKey && !provider?.host) {
+        res.status(400).json({ error: "Provider configuration required" });
+        return;
+      }
+      const credKey = isOllama ? `provider.${provider.type}.host` : `provider.${provider.type}.apiKey`;
+      const credValue = isOllama ? provider.host : provider.apiKey;
+      await ctx.credentialStore.set(credKey, credValue);
+      const newConfig = {
+        ...ctx.config,
+        onboarded: true,
+        providers: {
+          ...ctx.config.providers,
+          default: provider.type
+        }
+      };
+      await saveConfig2(ctx.configPath, newConfig);
+      Object.assign(ctx.config, newConfig);
+      const workspaces = await ctx.workspaceManager.list();
+      if (workspaces.length === 0) {
+        await ctx.workspaceManager.create("Default");
+      }
+      res.json({ success: true });
+    } catch (error) {
+      res.status(500).json({
+        error: error instanceof Error ? error.message : "Unknown error"
+      });
+    }
+  });
+  return router;
+}
+
+// src/routes/config.ts
+import { Router as Router10 } from "express";
+import { saveConfig as saveConfig3 } from "@cortask/core";
+function createConfigRoutes(ctx) {
+  const router = Router10();
+  router.get("/", (_req, res) => {
+    try {
+      const { agent, server, spending } = ctx.config;
+      res.json({ agent, server, spending });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.put("/", async (req, res) => {
+    try {
+      const { agent, server, spending } = req.body;
+      if (agent) {
+        if (agent.maxTurns !== void 0) {
+          const v = Math.max(1, Math.min(200, Math.round(agent.maxTurns)));
+          ctx.config.agent.maxTurns = v;
+        }
+        if (agent.temperature !== void 0) {
+          const v = Math.max(0, Math.min(2, agent.temperature));
+          ctx.config.agent.temperature = Math.round(v * 100) / 100;
+        }
+        if (agent.maxTokens !== void 0) {
+          ctx.config.agent.maxTokens = agent.maxTokens === null ? void 0 : Math.max(1, Math.round(agent.maxTokens));
+        }
+      }
+      if (server) {
+        if (server.port !== void 0) {
+          ctx.config.server.port = Math.max(1, Math.min(65535, Math.round(server.port)));
+        }
+        if (server.host !== void 0) {
+          ctx.config.server.host = server.host;
+        }
+      }
+      if (spending) {
+        if (spending.enabled !== void 0) {
+          ctx.config.spending.enabled = spending.enabled;
+        }
+        if (spending.maxTokens !== void 0) {
+          ctx.config.spending.maxTokens = spending.maxTokens === null ? void 0 : Math.max(0, Math.round(spending.maxTokens));
+        }
+        if (spending.maxCostUsd !== void 0) {
+          ctx.config.spending.maxCostUsd = spending.maxCostUsd === null ? void 0 : Math.max(0, spending.maxCostUsd);
+        }
+        if (spending.period !== void 0) {
+          ctx.config.spending.period = spending.period;
+        }
+      }
+      await saveConfig3(ctx.configPath, ctx.config);
+      res.json({
+        agent: ctx.config.agent,
+        server: ctx.config.server,
+        spending: ctx.config.spending
+      });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/usage.ts
+import { Router as Router11 } from "express";
+function createUsageRoutes(usageStore) {
+  const router = Router11();
+  router.get("/", (req, res) => {
+    try {
+      const period = req.query.period || "monthly";
+      if (!["daily", "weekly", "monthly"].includes(period)) {
+        res.status(400).json({ error: "Invalid period. Use daily, weekly, or monthly." });
+        return;
+      }
+      const summary = usageStore.getSummary(period);
+      res.json(summary);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.get("/history", (req, res) => {
+    try {
+      const days = Math.min(365, Math.max(1, parseInt(req.query.days) || 30));
+      const history = usageStore.getHistory(days);
+      res.json(history);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/models.ts
+import { Router as Router12 } from "express";
+import { createProvider as createProvider2, getModelDefinitions } from "@cortask/core";
+function createModelRoutes(ctx) {
+  const router = Router12();
+  router.get("/:providerId/available", async (req, res) => {
+    try {
+      const providerId = req.params.providerId;
+      if (providerId === "openrouter" || providerId === "ollama") {
+        const credKey = providerId === "ollama" ? "provider.ollama.host" : `provider.${providerId}.apiKey`;
+        const credential = await ctx.credentialStore.get(credKey);
+        if (!credential) {
+          res.status(400).json({ error: `No credentials configured for ${providerId}` });
+          return;
+        }
+        const provider = createProvider2(providerId, credential);
+        const models2 = await provider.listModels();
+        res.json(models2);
+        return;
+      }
+      const models = getModelDefinitions(providerId);
+      res.json(models);
+    } catch (err) {
+      res.status(500).json({ error: err instanceof Error ? err.message : String(err) });
+    }
+  });
+  router.get("/enabled", async (_req, res) => {
+    try {
+      const provider = _req.query.provider;
+      const models = ctx.modelStore.list(provider);
+      res.json(models);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/enable", async (req, res) => {
+    try {
+      const { provider, modelId, label, inputPricePer1m, outputPricePer1m } = req.body;
+      if (!provider || !modelId || !label) {
+        res.status(400).json({ error: "provider, modelId, and label are required" });
+        return;
+      }
+      const model = ctx.modelStore.enable(
+        provider,
+        modelId,
+        label,
+        inputPricePer1m ?? 0,
+        outputPricePer1m ?? 0
+      );
+      res.json(model);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.delete("/disable", async (req, res) => {
+    try {
+      const { provider, modelId } = req.body;
+      if (!provider || !modelId) {
+        res.status(400).json({ error: "provider and modelId are required" });
+        return;
+      }
+      ctx.modelStore.disable(provider, modelId);
+      res.json({ success: true });
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/routes/templates.ts
+import { Router as Router13 } from "express";
+function createTemplateRoutes(templateStore) {
+  const router = Router13();
+  router.get("/", (_req, res) => {
+    try {
+      const templates = templateStore.list();
+      res.json(templates);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.post("/", (req, res) => {
+    try {
+      const { name, content, category } = req.body;
+      if (!name || !content) {
+        res.status(400).json({ error: "name and content are required" });
+        return;
+      }
+      const template = templateStore.create(name, content, category);
+      res.status(201).json(template);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.put("/:id", (req, res) => {
+    try {
+      const updated = templateStore.update(req.params.id, req.body);
+      if (!updated) {
+        res.status(404).json({ error: "Template not found" });
+        return;
+      }
+      res.json(updated);
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  router.delete("/:id", (req, res) => {
+    try {
+      templateStore.delete(req.params.id);
+      res.status(204).send();
+    } catch (err) {
+      res.status(500).json({ error: String(err) });
+    }
+  });
+  return router;
+}
+
+// src/server.ts
+var __filename = fileURLToPath(import.meta.url);
+var __dirname = path3.dirname(__filename);
+var sessionStoreCache = /* @__PURE__ */ new Map();
+function getSessionStore(workspacePath) {
+  const dbPath = path3.join(workspacePath, ".cortask", "sessions.db");
+  let store = sessionStoreCache.get(dbPath);
+  if (!store) {
+    store = new SessionStore(dbPath);
+    sessionStoreCache.set(dbPath, store);
+  }
+  return store;
+}
+async function startServer(port, host) {
+  const dataDir = getDataDir();
+  const configPath = path3.join(dataDir, "config.yaml");
+  const config = await loadConfig(configPath);
+  logger2.init(path3.join(dataDir, "logs"));
+  logger2.info("Starting Cortask gateway", "gateway");
+  const dbPath = path3.join(dataDir, "cortask.db");
+  const workspaceManager = new WorkspaceManager(dbPath);
+  try {
+    const workspaces = await workspaceManager.list();
+    migrateAllWorkspaces(workspaces);
+  } catch (err) {
+    logger2.error(
+      `Database migration failed: ${err instanceof Error ? err.message : String(err)}`,
+      "gateway"
+    );
+  }
+  const secret = await getOrCreateSecret(dataDir);
+  const credentialStore = new EncryptedCredentialStore(
+    path3.join(dataDir, "credentials.enc.json"),
+    secret
+  );
+  const cronService = new CronService(dbPath);
+  const modelStore = new ModelStore(dbPath);
+  const templateStore = new TemplateStore(dbPath);
+  const usageStore = new UsageStore(dbPath, modelStore);
+  const artifactStore = new ArtifactStore();
+  const channels = /* @__PURE__ */ new Map();
+  let wss;
+  function wireMessageHandler(channel) {
+    const channelType = channel.id;
+    channel.onMessage(async (msg) => {
+      try {
+        if (config.spending.enabled) {
+          const summary = usageStore.getSummary(config.spending.period);
+          if (config.spending.maxTokens && summary.totalTokens >= config.spending.maxTokens) {
+            return "Spending limit reached. Please increase or disable the limit.";
+          }
+          if (config.spending.maxCostUsd && summary.totalCostUsd >= config.spending.maxCostUsd) {
+            return "Spending limit reached. Please increase or disable the limit.";
+          }
+        }
+        const chatKey = `${channel.id}-${msg.chatId}`;
+        const workspaces = await workspaceManager.list();
+        if (workspaces.length === 0) return "No workspace configured.";
+        const mappedWorkspaceId = workspaceManager.getChannelWorkspace(chatKey);
+        const workspace = mappedWorkspaceId ? await workspaceManager.get(mappedWorkspaceId) ?? workspaces[0] : workspaces[0];
+        const runner = await createAgentRunner(workspace.rootPath, void 0, {
+          channelType,
+          chatKey,
+          chatId: msg.chatId
+        });
+        const result = await runner.run({
+          prompt: msg.text,
+          sessionId: chatKey
+        });
+        if (wss) broadcastSessionRefresh(wss, workspace.id);
+        return result.response;
+      } catch (err) {
+        return `Error: ${err instanceof Error ? err.message : String(err)}`;
+      }
+    });
+  }
+  const bundledSkillsDir = process.env.CORTASK_SKILLS_DIR ?? path3.join(path3.resolve(__dirname, "..", "..", ".."), "skills");
+  const userSkillsDir = path3.join(dataDir, "skills");
+  const uiOnlyTools = /* @__PURE__ */ new Set(["questionnaire", "artifact", "show_file"]);
+  async function createAgentRunner(workspacePath, options, channelCtx) {
+    const providerId = config.providers.default || "anthropic";
+    const providerConfig = config.providers[providerId];
+    const model = providerConfig?.model || getDefaultModel(providerId);
+    const credKey = providerId === "ollama" ? "provider.ollama.host" : `provider.${providerId}.apiKey`;
+    const apiKey = await credentialStore.get(credKey);
+    if (!apiKey) {
+      throw new Error(
+        `No credentials found for provider "${providerId}". Set it in Settings.`
+      );
+    }
+    const provider = createProvider3(providerId, apiKey);
+    const sessionStore = getSessionStore(workspacePath);
+    const allSkills = await loadSkills2(
+      bundledSkillsDir,
+      userSkillsDir,
+      config.skills.dirs,
+      credentialStore
+    );
+    const eligible = getEligibleSkills(allSkills);
+    const skillRegistry = await buildSkillTools(eligible, credentialStore);
+    const skillToolHandlers = skillRegistry.toolDefs.map((def) => ({
+      definition: def,
+      execute: async (args, _context) => {
+        const handler = skillRegistry.handlers.get(def.name);
+        if (!handler) {
+          return { toolCallId: "", content: `No handler for skill tool: ${def.name}`, isError: true };
+        }
+        const result = await handler(args);
+        return result;
+      }
+    }));
+    const skillPrompts = eligible.map((s) => `- **${s.manifest.name}**: ${s.manifest.description}`);
+    const channelTools = channelCtx ? [createSwitchWorkspaceTool(workspaceManager, channelCtx.chatKey)] : [];
+    const runner = new AgentRunner({
+      config: {
+        provider,
+        model,
+        maxTurns: config.agent.maxTurns,
+        temperature: config.agent.temperature,
+        maxTokens: config.agent.maxTokens
+      },
+      tools: [
+        ...channelCtx ? builtinTools.filter((t) => !uiOnlyTools.has(t.definition.name)) : builtinTools,
+        createCronTool(cronService),
+        ...channelCtx ? [] : [createArtifactTool(artifactStore)],
+        createBrowserTool(artifactStore),
+        createSubagentTool(),
+        ...channelTools,
+        ...skillToolHandlers
+      ],
+      channel: channelCtx ? { type: channelCtx.channelType, chatId: channelCtx.chatId } : void 0,
+      getWorkspacePath: () => workspacePath,
+      getDataDir: () => dataDir,
+      getMemoryContent: () => workspaceManager.readMemory(workspacePath),
+      getGlobalMemoryContent: () => workspaceManager.readGlobalMemory(dataDir),
+      getSkillPrompts: () => skillPrompts,
+      getSessionMessages: async (sessionId) => {
+        return sessionStore.getMessages(sessionId);
+      },
+      saveSessionMessages: async (sessionId, messages) => {
+        sessionStore.saveMessages(sessionId, messages, channelCtx?.channelType);
+        const session = sessionStore.getSession(sessionId);
+        if (session && session.title === "New Chat") {
+          const firstUserMsg = messages.find((m) => m.role === "user");
+          if (firstUserMsg) {
+            const text = typeof firstUserMsg.content === "string" ? firstUserMsg.content : firstUserMsg.content.filter((p) => p.type === "text" && p.text).map((p) => p.text).join(" ");
+            if (text) {
+              sessionStore.updateTitle(
+                sessionId,
+                text.length > 80 ? text.slice(0, 80) + "\u2026" : text
+              );
+            }
+          }
+        }
+      },
+      onPermissionRequest: options?.onPermissionRequest,
+      onQuestionnaireRequest: options?.onQuestionnaireRequest
+    });
+    setSubagentRunner(runner);
+    return runner;
+  }
+  const ctx = {
+    config,
+    configPath,
+    dataDir,
+    bundledSkillsDir,
+    workspaceManager,
+    credentialStore,
+    usageStore,
+    modelStore,
+    getSessionStore,
+    createAgentRunner
+  };
+  const app = express();
+  app.use(cors());
+  app.use(express.json({ limit: "10mb" }));
+  const server = createServer(app);
+  wss = new WebSocketServer({ server, path: "/ws" });
+  wss.on("connection", (ws) => {
+    handleWebSocket(ws, ctx);
+  });
+  app.use("/api/onboarding", createOnboardingRoutes(ctx));
+  app.use("/api/workspaces", createWorkspaceRoutes(ctx));
+  app.use("/api/sessions", createSessionRoutes(ctx));
+  app.use("/api/credentials", createCredentialRoutes(ctx));
+  app.use("/api/providers", createProviderRoutes(ctx));
+  app.use("/api/config", createConfigRoutes(ctx));
+  app.use("/api/skills", createSkillRoutes(ctx));
+  app.use("/api/cron", createCronRoutes(cronService));
+  app.use("/api/usage", createUsageRoutes(usageStore));
+  app.use("/api/models", createModelRoutes(ctx));
+  app.use("/api/templates", createTemplateRoutes(templateStore));
+  async function createChannelAdapter(id) {
+    if (id === "telegram") {
+      const botToken = await credentialStore.get("channel.telegram.botToken");
+      if (!botToken) return null;
+      const adapter = new TelegramAdapter({
+        botToken,
+        allowedUsers: config.channels?.telegram?.allowedUsers ?? []
+      });
+      wireMessageHandler(adapter);
+      return adapter;
+    }
+    if (id === "discord") {
+      const botToken = await credentialStore.get("channel.discord.botToken");
+      if (!botToken) return null;
+      const adapter = new DiscordAdapter({ botToken });
+      wireMessageHandler(adapter);
+      return adapter;
+    }
+    if (id === "whatsapp") {
+      const contactsJson = await credentialStore.get("channel.whatsapp.trustedContacts");
+      const trustedContacts = contactsJson ? JSON.parse(contactsJson) : [];
+      const adapter = new WhatsAppAdapter2({ trustedContacts });
+      wireMessageHandler(adapter);
+      return adapter;
+    }
+    return null;
+  }
+  app.use("/api/channels", createChannelRoutes(channels, ctx, createChannelAdapter, wss));
+  app.use("/api/artifacts", createArtifactRoutes(artifactStore));
+  app.get("/api/health", (_req, res) => {
+    res.json({ status: "ok", version: "0.1.0" });
+  });
+  const resourcesPath = process.resourcesPath;
+  const uiDistCandidates = [
+    path3.resolve("../ui/dist"),
+    // monorepo dev
+    path3.resolve(__dirname, "../../ui/dist"),
+    // relative to gateway dist
+    ...resourcesPath ? [path3.resolve(resourcesPath, "ui")] : []
+    // electron packaged
+  ];
+  for (const uiDir of uiDistCandidates) {
+    if (fs.existsSync(path3.join(uiDir, "index.html"))) {
+      app.use(express.static(uiDir));
+      app.get("*", (_req, res, next) => {
+        if (_req.path.startsWith("/api/") || _req.path.startsWith("/ws")) {
+          return next();
+        }
+        res.sendFile(path3.join(uiDir, "index.html"));
+      });
+      logger2.info(`Serving UI from ${uiDir}`, "gateway");
+      break;
+    }
+  }
+  const envPort = process.env.CORTASK_PORT ? parseInt(process.env.CORTASK_PORT, 10) : void 0;
+  const envHost = process.env.CORTASK_HOST;
+  const finalPort = port ?? envPort ?? config.server.port;
+  const finalHost = host ?? envHost ?? config.server.host;
+  cronService.setExecutor(async (job) => {
+    if (config.spending.enabled) {
+      const summary = usageStore.getSummary(config.spending.period);
+      if (config.spending.maxTokens && summary.totalTokens >= config.spending.maxTokens) {
+        throw new Error(`Spending limit reached: ${summary.totalTokens.toLocaleString()} / ${config.spending.maxTokens.toLocaleString()} tokens`);
+      }
+      if (config.spending.maxCostUsd && summary.totalCostUsd >= config.spending.maxCostUsd) {
+        throw new Error(`Spending limit reached: $${summary.totalCostUsd.toFixed(2)} / $${config.spending.maxCostUsd.toFixed(2)}`);
+      }
+    }
+    const workspaces = await workspaceManager.list();
+    let workspacePath;
+    if (job.workspaceId) {
+      const ws = await workspaceManager.get(job.workspaceId);
+      workspacePath = ws?.rootPath ?? workspaces[0]?.rootPath ?? dataDir;
+    } else {
+      workspacePath = workspaces[0]?.rootPath ?? dataDir;
+    }
+    const runner = await createAgentRunner(workspacePath);
+    const result = await runner.run({ prompt: job.prompt });
+    if (job.delivery.channel && job.delivery.target) {
+      const channel = channels.get(job.delivery.channel);
+      if (!channel) {
+        logger2.warn(`Cron job "${job.name}" delivery failed: channel "${job.delivery.channel}" not found`, "cron");
+      } else if (!channel.isRunning()) {
+        logger2.warn(`Cron job "${job.name}" delivery failed: channel "${job.delivery.channel}" is not running`, "cron");
+      } else {
+        await channel.sendMessage(job.delivery.target, result.response);
+      }
+    } else if (!job.delivery.channel && !job.delivery.target) {
+      logger2.debug(`Cron job "${job.name}" has no delivery channel configured`, "cron");
+    }
+    return result.response;
+  });
+  cronService.start();
+  await new Promise((resolve, reject) => {
+    server.once("error", (err) => {
+      reject(err);
+    });
+    server.listen(finalPort, finalHost, () => {
+      logger2.info(
+        `Gateway running on http://${finalHost}:${finalPort}`,
+        "gateway"
+      );
+      console.log(`Cortask gateway running on http://${finalHost}:${finalPort}`);
+      const knownChannelIds = ["telegram", "discord", "whatsapp"];
+      for (const id of knownChannelIds) {
+        credentialStore.get(`channel.${id}.enabled`).then(async (enabled) => {
+          if (enabled !== "true") return;
+          try {
+            let channel = channels.get(id);
+            if (!channel) {
+              const created = await createChannelAdapter(id);
+              if (!created) return;
+              channel = created;
+              channels.set(id, channel);
+            }
+            await channel.start();
+            logger2.info(`Channel "${id}" auto-started`, "gateway");
+          } catch (err) {
+            logger2.error(`Failed to auto-start channel "${id}": ${err}`, "gateway");
+          }
+        });
+      }
+      setInterval(() => {
+        cleanupSubagentRecords(30 * 60 * 1e3);
+      }, 10 * 60 * 1e3);
+      resolve();
+    });
+  });
+  return { server, wss, ctx };
+}
+function getDefaultModel(providerId) {
+  switch (providerId) {
+    case "anthropic":
+      return "claude-sonnet-4-5-20250929";
+    case "openai":
+      return "gpt-4o";
+    case "google":
+      return "gemini-2.0-flash";
+    case "moonshot":
+      return "moonshot-v1-8k";
+    case "grok":
+      return "grok-3-latest";
+    case "openrouter":
+      return "openai/gpt-4o";
+    case "minimax":
+      return "MiniMax-Text-01";
+    default:
+      return "claude-sonnet-4-5-20250929";
+  }
+}
+
+// src/index.ts
+var isMainModule = typeof process !== "undefined" && process.argv[1]?.endsWith("index.js");
+if (isMainModule) {
+  startServer().catch((err) => {
+    console.error("Failed to start gateway:", err);
+    process.exit(1);
+  });
+}
+export {
+  startServer
+};
+//# sourceMappingURL=index.js.map