@essentialai/cogent-server 2.0.0

package/dist/routes/poll.d.ts

@@ -0,0 +1,15 @@
+import { Hono } from "hono";
+import type { SessionStore } from "../services/session-store.js";
+import type { AuthService } from "../services/auth-service.js";
+import type { ServerEnv } from "../types.js";
+/**
+ * Create poll routes sub-router.
+ *
+ * GET /:sessionId/poll -> Polling fallback for environments without WebSocket
+ *
+ * Returns new messages and peer lifecycle events since the last poll,
+ * filtered for the requesting peer. Updates the peer's lastSeenAt
+ * to keep it alive for stale cleanup.
+ */
+export declare function createPollRoutes(sessionStore: SessionStore, authService: AuthService): Hono<ServerEnv>;
+//# sourceMappingURL=poll.d.ts.map

package/dist/routes/poll.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll.d.ts","sourceRoot":"","sources":["../../src/routes/poll.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAQ5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAI7C;;;;;;;;GAQG;AACH,wBAAgB,gBAAgB,CAC9B,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC,SAAS,CAAC,CA6GjB"}

package/dist/routes/poll.js

@@ -0,0 +1,97 @@
+import { Hono } from "hono";
+import { zValidator } from "@hono/zod-validator";
+import { BridgeError, ErrorCode, PollQuerySchema, } from "@essentialai/cogent";
+import { createAuthMiddleware } from "../middleware/auth.js";
+import { validationHook } from "./validation-hook.js";
+/**
+ * Create poll routes sub-router.
+ *
+ * GET /:sessionId/poll -> Polling fallback for environments without WebSocket
+ *
+ * Returns new messages and peer lifecycle events since the last poll,
+ * filtered for the requesting peer. Updates the peer's lastSeenAt
+ * to keep it alive for stale cleanup.
+ */
+export function createPollRoutes(sessionStore, authService) {
+    const poll = new Hono();
+    // Auth middleware applied per-route (not wildcard) to avoid intercepting
+    // unauthenticated session routes mounted at the same /api/sessions prefix.
+    const auth = createAuthMiddleware(sessionStore, authService);
+    /**
+     * GET /:sessionId/poll - Poll for new messages and peer events.
+     *
+     * If lastMessageId is provided, returns messages after that ID.
+     * If lastMessageId is not found (truncated by cap), returns all messages.
+     * If lastMessageId is not provided (first poll), returns all messages.
+     *
+     * Messages are filtered to those relevant to the polling peer:
+     * sent by, addressed to, or broadcast to this peer.
+     *
+     * Peer events are filtered by timestamp (after the lastMessageId's timestamp).
+     * Limited to the last 100 events to prevent unbounded growth.
+     */
+    poll.get("/:sessionId/poll", auth, zValidator("query", PollQuerySchema, validationHook), async (c) => {
+        const authSessionId = c.get("sessionId");
+        const pathSessionId = c.req.param("sessionId");
+        // Verify path param matches authenticated session
+        if (pathSessionId !== authSessionId) {
+            throw new BridgeError(ErrorCode.AUTH_INVALID_TOKEN, "Token does not belong to this session");
+        }
+        const { lastMessageId, peerId } = c.req.valid("query");
+        // Update the polling peer's lastSeenAt to keep them alive for stale cleanup
+        await sessionStore.updateSession(authSessionId, (state) => {
+            if (state.peers[peerId]) {
+                state.peers[peerId].lastSeenAt = new Date().toISOString();
+            }
+            return state;
+        });
+        // Fresh read from store after the update
+        const session = await sessionStore.getSession(authSessionId);
+        if (!session) {
+            throw new BridgeError(ErrorCode.SESSION_NOT_FOUND, `Session ${authSessionId} not found`);
+        }
+        // Find new messages since lastMessageId
+        let newMessages;
+        let referenceTimestamp = null;
+        if (lastMessageId) {
+            const idx = session.messages.findIndex((msg) => msg.id === lastMessageId);
+            if (idx !== -1) {
+                // Found the message -- return everything after it
+                referenceTimestamp = session.messages[idx].timestamp;
+                newMessages = session.messages.slice(idx + 1);
+            }
+            else {
+                // Message not found (may have been truncated by cap) -- return all
+                newMessages = session.messages;
+            }
+        }
+        else {
+            // First poll -- return all messages
+            newMessages = session.messages;
+        }
+        // Filter messages relevant to this peer
+        const filteredMessages = newMessages.filter((msg) => msg.toPeerId === peerId ||
+            msg.toPeerId === "*" ||
+            msg.fromPeerId === peerId);
+        // Find peer events since the reference timestamp
+        let events;
+        if (referenceTimestamp) {
+            const refTime = new Date(referenceTimestamp).getTime();
+            events = session.peerEvents.filter((evt) => new Date(evt.timestamp).getTime() > refTime);
+        }
+        else {
+            // No reference -- return all events
+            events = session.peerEvents;
+        }
+        // Limit to last 100 events to prevent unbounded growth
+        if (events.length > 100) {
+            events = events.slice(-100);
+        }
+        return c.json({
+            messages: filteredMessages,
+            events,
+        });
+    });
+    return poll;
+}
+//# sourceMappingURL=poll.js.map

package/dist/routes/poll.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"poll.js","sourceRoot":"","sources":["../../src/routes/poll.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EACL,WAAW,EACX,SAAS,EACT,eAAe,GAChB,MAAM,qBAAqB,CAAC;AAK7B,OAAO,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAC7D,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;;;;;;;GAQG;AACH,MAAM,UAAU,gBAAgB,CAC9B,YAA0B,EAC1B,WAAwB;IAExB,MAAM,IAAI,GAAG,IAAI,IAAI,EAAa,CAAC;IAEnC,yEAAyE;IACzE,2EAA2E;IAC3E,MAAM,IAAI,GAAG,oBAAoB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;IAE7D;;;;;;;;;;;;OAYG;IACH,IAAI,CAAC,GAAG,CACN,kBAAkB,EAClB,IAAI,EACJ,UAAU,CAAC,OAAO,EAAE,eAAe,EAAE,cAAc,CAAC,EACpD,KAAK,EAAE,CAAC,EAAE,EAAE;QACV,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;QACzC,MAAM,aAAa,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAE/C,kDAAkD;QAClD,IAAI,aAAa,KAAK,aAAa,EAAE,CAAC;YACpC,MAAM,IAAI,WAAW,CACnB,SAAS,CAAC,kBAAkB,EAC5B,uCAAuC,CACxC,CAAC;QACJ,CAAC;QAED,MAAM,EAAE,aAAa,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEvD,4EAA4E;QAC5E,MAAM,YAAY,CAAC,aAAa,CAAC,aAAa,EAAE,CAAC,KAAK,EAAE,EAAE;YACxD,IAAI,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC;gBACxB,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,UAAU,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;YAC5D,CAAC;YACD,OAAO,KAAK,CAAC;QACf,CAAC,CAAC,CAAC;QAEH,yCAAyC;QACzC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CACnB,SAAS,CAAC,iBAAiB,EAC3B,WAAW,aAAa,YAAY,CACrC,CAAC;QACJ,CAAC;QAED,wCAAwC;QACxC,IAAI,WAA4B,CAAC;QACjC,IAAI,kBAAkB,GAAkB,IAAI,CAAC;QAE7C,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,CAAC,SAAS,CACpC,CAAC,GAAG,EAAE,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,aAAa,CAClC,CAAC;YACF,IAAI,GAAG,KAAK,CAAC,CAAC,EAAE,CAAC;gBACf,kDAAkD;gBAClD,kBAAkB,GAAG,OAAO,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC,SAAS,CAAC;gBACrD,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC;YAChD,CAAC;iBAAM,CAAC;gBACN,mEAAmE;gBACnE,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;YACjC,CAAC;QACH,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC;QACjC,CAAC;QAED,wCAAwC;QACxC,MAAM,gBAAgB,GAAG,WAAW,CAAC,MAAM,CACzC,CAAC,GAAG,EAAE,EAAE,CACN,GAAG,CAAC,QAAQ,KAAK,MAAM;YACvB,GAAG,CAAC,QAAQ,KAAK,GAAG;YACpB,GAAG,CAAC,UAAU,KAAK,MAAM,CAC5B,CAAC;QAEF,iDAAiD;QACjD,IAAI,MAAmB,CAAC;QACxB,IAAI,kBAAkB,EAAE,CAAC;YACvB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,kBAAkB,CAAC,CAAC,OAAO,EAAE,CAAC;YACvD,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC,MAAM,CAChC,CAAC,GAAG,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,OAAO,CACrD,CAAC;QACJ,CAAC;aAAM,CAAC;YACN,oCAAoC;YACpC,MAAM,GAAG,OAAO,CAAC,UAAU,CAAC;QAC9B,CAAC;QAED,uDAAuD;QACvD,IAAI,MAAM,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACxB,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,GAAG,CAAC,CAAC;QAC9B,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,QAAQ,EAAE,gBAAgB;YAC1B,MAAM;SACP,CAAC,CAAC;IACL,CAAC,CACF,CAAC;IAEF,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/routes/sessions.d.ts

@@ -0,0 +1,14 @@
+import { Hono } from "hono";
+import type { SessionStore } from "../services/session-store.js";
+import type { AuthService } from "../services/auth-service.js";
+import type { ServerEnv } from "../types.js";
+/**
+ * Create session routes sub-router.
+ *
+ * POST /           -> Create a new session (maps to /api/sessions via app.route)
+ * POST /:sessionId/join -> Join an existing session
+ *
+ * Both endpoints are unauthenticated (they issue tokens, not consume them).
+ */
+export declare function createSessionRoutes(sessionStore: SessionStore, authService: AuthService): Hono<ServerEnv>;
+//# sourceMappingURL=sessions.d.ts.map

package/dist/routes/sessions.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.d.ts","sourceRoot":"","sources":["../../src/routes/sessions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAW5B,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,6BAA6B,CAAC;AAC/D,OAAO,KAAK,EAAc,SAAS,EAAE,MAAM,aAAa,CAAC;AAGzD;;;;;;;GAOG;AACH,wBAAgB,mBAAmB,CACjC,YAAY,EAAE,YAAY,EAC1B,WAAW,EAAE,WAAW,GACvB,IAAI,CAAC,SAAS,CAAC,CA0JjB"}

package/dist/routes/sessions.js

@@ -0,0 +1,113 @@
+import { Hono } from "hono";
+import { zValidator } from "@hono/zod-validator";
+import { BridgeError, ErrorCode, CreateSessionRequestSchema, JoinSessionRequestSchema, generateSessionId, generateSessionLabel, isValidSessionLabel, } from "@essentialai/cogent";
+import { validationHook } from "./validation-hook.js";
+/**
+ * Create session routes sub-router.
+ *
+ * POST /           -> Create a new session (maps to /api/sessions via app.route)
+ * POST /:sessionId/join -> Join an existing session
+ *
+ * Both endpoints are unauthenticated (they issue tokens, not consume them).
+ */
+export function createSessionRoutes(sessionStore, authService) {
+    const sessions = new Hono();
+    /**
+     * POST / - Create a new session.
+     *
+     * Receives { secret, label? }, bcrypt-hashes the secret, generates a bearer
+     * token, creates the session on disk, and returns { sessionId, token, createdAt }.
+     */
+    sessions.post("/", zValidator("json", CreateSessionRequestSchema, validationHook), async (c) => {
+        const { secret, label } = c.req.valid("json");
+        // Generate unique session ID
+        const sessionId = generateSessionId();
+        // Auto-generate label if not provided, with collision retry
+        let sessionLabel = label;
+        if (!sessionLabel) {
+            for (let i = 0; i < 5; i++) {
+                const candidate = generateSessionLabel();
+                if (!sessionStore.isLabelTaken(candidate)) {
+                    sessionLabel = candidate;
+                    break;
+                }
+            }
+            if (!sessionLabel)
+                sessionLabel = generateSessionLabel(); // last resort, collision unlikely
+        }
+        // Hash secret with bcrypt for secure storage
+        const secretHash = await authService.hashSecret(secret);
+        // Generate bearer token (returns plaintext + SHA-256 hash)
+        const { token, tokenHash } = authService.generateToken();
+        // Build token entry for storage
+        const tokenEntry = {
+            tokenHash,
+            createdAt: new Date().toISOString(),
+        };
+        // Capture creator IP (behind nginx: X-Forwarded-For or X-Real-IP)
+        const creatorIp = c.req.header("x-forwarded-for")?.split(",")[0].trim() ||
+            c.req.header("x-real-ip") ||
+            undefined;
+        // Persist the session
+        const session = await sessionStore.createSession(sessionId, sessionLabel, secretHash, tokenEntry, creatorIp);
+        return c.json({
+            sessionId,
+            token,
+            label: sessionLabel,
+            createdAt: session.createdAt,
+        }, 201);
+    });
+    /**
+     * GET /resolve/:label - Resolve a session label to its UUID.
+     *
+     * Unauthenticated -- a sessionId alone grants no access (token required).
+     * Returns { sessionId, label } or 400/404.
+     */
+    sessions.get("/resolve/:label", async (c) => {
+        const label = c.req.param("label");
+        if (!isValidSessionLabel(label)) {
+            return c.json({ error: "Invalid label format. Must be 3-32 lowercase alphanumeric characters with internal hyphens." }, 400);
+        }
+        const sessionId = sessionStore.getSessionIdByLabel(label);
+        if (!sessionId) {
+            throw new BridgeError(ErrorCode.SESSION_NOT_FOUND, `No session with label "${label}"`, "Check the label or use the full session ID");
+        }
+        return c.json({ sessionId, label });
+    });
+    /**
+     * POST /:sessionId/join - Join an existing session.
+     *
+     * Receives { secret }, verifies against bcrypt hash, generates a new bearer
+     * token, and returns { sessionId, token, peerCount }.
+     */
+    sessions.post("/:sessionId/join", zValidator("json", JoinSessionRequestSchema, validationHook), async (c) => {
+        const sessionId = c.req.param("sessionId");
+        const { secret } = c.req.valid("json");
+        // Look up the session
+        const session = await sessionStore.getSession(sessionId);
+        if (!session) {
+            throw new BridgeError(ErrorCode.SESSION_NOT_FOUND, `Session ${sessionId} not found`, "Check the session ID or create a new session");
+        }
+        // Verify the provided secret against the stored bcrypt hash
+        const isValid = await authService.verifySecret(secret, session.secretHash);
+        if (!isValid) {
+            throw new BridgeError(ErrorCode.AUTH_INVALID_TOKEN, "Invalid session secret", "Verify you are using the correct shared secret for this session");
+        }
+        // Generate a new bearer token for this joining client
+        const { token, tokenHash } = authService.generateToken();
+        const tokenEntry = {
+            tokenHash,
+            createdAt: new Date().toISOString(),
+        };
+        // Add the token to the session
+        await sessionStore.addToken(sessionId, tokenEntry);
+        return c.json({
+            sessionId,
+            token,
+            label: session.label ?? "",
+            peerCount: Object.keys(session.peers).length,
+        });
+    });
+    return sessions;
+}
+//# sourceMappingURL=sessions.js.map

package/dist/routes/sessions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sessions.js","sourceRoot":"","sources":["../../src/routes/sessions.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,UAAU,EAAE,MAAM,qBAAqB,CAAC;AACjD,OAAO,EACL,WAAW,EACX,SAAS,EACT,0BAA0B,EAC1B,wBAAwB,EACxB,iBAAiB,EACjB,oBAAoB,EACpB,mBAAmB,GACpB,MAAM,qBAAqB,CAAC;AAI7B,OAAO,EAAE,cAAc,EAAE,MAAM,sBAAsB,CAAC;AAEtD;;;;;;;GAOG;AACH,MAAM,UAAU,mBAAmB,CACjC,YAA0B,EAC1B,WAAwB;IAExB,MAAM,QAAQ,GAAG,IAAI,IAAI,EAAa,CAAC;IAEvC;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CACX,GAAG,EACH,UAAU,CAAC,MAAM,EAAE,0BAA0B,EAAE,cAAc,CAAC,EAC9D,KAAK,EAAE,CAAC,EAAE,EAAE;QACV,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAE9C,6BAA6B;QAC7B,MAAM,SAAS,GAAG,iBAAiB,EAAE,CAAC;QAEtC,4DAA4D;QAC5D,IAAI,YAAY,GAAG,KAAK,CAAC;QACzB,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;gBAC3B,MAAM,SAAS,GAAG,oBAAoB,EAAE,CAAC;gBACzC,IAAI,CAAC,YAAY,CAAC,YAAY,CAAC,SAAS,CAAC,EAAE,CAAC;oBAC1C,YAAY,GAAG,SAAS,CAAC;oBACzB,MAAM;gBACR,CAAC;YACH,CAAC;YACD,IAAI,CAAC,YAAY;gBAAE,YAAY,GAAG,oBAAoB,EAAE,CAAC,CAAC,kCAAkC;QAC9F,CAAC;QAED,6CAA6C;QAC7C,MAAM,UAAU,GAAG,MAAM,WAAW,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAExD,2DAA2D;QAC3D,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC,aAAa,EAAE,CAAC;QAEzD,gCAAgC;QAChC,MAAM,UAAU,GAAe;YAC7B,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,kEAAkE;QAClE,MAAM,SAAS,GACb,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;YACrD,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,WAAW,CAAC;YACzB,SAAS,CAAC;QAEZ,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,aAAa,CAC9C,SAAS,EACT,YAAY,EACZ,UAAU,EACV,UAAU,EACV,SAAS,CACV,CAAC;QAEF,OAAO,CAAC,CAAC,IAAI,CACX;YACE,SAAS;YACT,KAAK;YACL,KAAK,EAAE,YAAY;YACnB,SAAS,EAAE,OAAO,CAAC,SAAS;SAC7B,EACD,GAAG,CACJ,CAAC;IACJ,CAAC,CACF,CAAC;IAEF;;;;;OAKG;IACH,QAAQ,CAAC,GAAG,CAAC,iBAAiB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC1C,MAAM,KAAK,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAEnC,IAAI,CAAC,mBAAmB,CAAC,KAAK,CAAC,EAAE,CAAC;YAChC,OAAO,CAAC,CAAC,IAAI,CACX,EAAE,KAAK,EAAE,6FAA6F,EAAE,EACxG,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,MAAM,SAAS,GAAG,YAAY,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,MAAM,IAAI,WAAW,CACnB,SAAS,CAAC,iBAAiB,EAC3B,0BAA0B,KAAK,GAAG,EAClC,4CAA4C,CAC7C,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;IACtC,CAAC,CAAC,CAAC;IAEH;;;;;OAKG;IACH,QAAQ,CAAC,IAAI,CACX,kBAAkB,EAClB,UAAU,CAAC,MAAM,EAAE,wBAAwB,EAAE,cAAc,CAAC,EAC5D,KAAK,EAAE,CAAC,EAAE,EAAE;QACV,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,EAAE,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEvC,sBAAsB;QACtB,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QACzD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CACnB,SAAS,CAAC,iBAAiB,EAC3B,WAAW,SAAS,YAAY,EAChC,8CAA8C,CAC/C,CAAC;QACJ,CAAC;QAED,4DAA4D;QAC5D,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAC5C,MAAM,EACN,OAAO,CAAC,UAAU,CACnB,CAAC;QACF,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,WAAW,CACnB,SAAS,CAAC,kBAAkB,EAC5B,wBAAwB,EACxB,iEAAiE,CAClE,CAAC;QACJ,CAAC;QAED,sDAAsD;QACtD,MAAM,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,WAAW,CAAC,aAAa,EAAE,CAAC;QACzD,MAAM,UAAU,GAAe;YAC7B,SAAS;YACT,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QAEF,+BAA+B;QAC/B,MAAM,YAAY,CAAC,QAAQ,CAAC,SAAS,EAAE,UAAU,CAAC,CAAC;QAEnD,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,SAAS;YACT,KAAK;YACL,KAAK,EAAE,OAAO,CAAC,KAAK,IAAI,EAAE;YAC1B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM;SAC7C,CAAC,CAAC;IACL,CAAC,CACF,CAAC;IAEF,OAAO,QAAQ,CAAC;AAClB,CAAC"}

package/dist/routes/ui.d.ts

@@ -0,0 +1,21 @@
+import { Hono } from "hono";
+import type { ServerEnv } from "../types.js";
+import type { StatsService } from "../services/stats-service.js";
+import type { SessionStore } from "../services/session-store.js";
+import type { ConnectionManager } from "../services/connection-manager.js";
+/** Dependencies for UI route handlers. */
+export interface UiRouteDeps {
+    statsService: StatsService;
+    adminPassword: string | null;
+    sessionStore: SessionStore;
+    connectionManager: ConnectionManager;
+}
+/**
+ * Create UI route handlers for the public landing page, SSE stats stream,
+ * and password-protected admin dashboard with session/peer CRUD and message log.
+ *
+ * Admin routes are only mounted when adminPassword is set (non-null).
+ * When disabled, /admin/* returns 404 via Hono's default handler.
+ */
+export declare function createUiRoutes(deps: UiRouteDeps): Hono<ServerEnv>;
+//# sourceMappingURL=ui.d.ts.map

package/dist/routes/ui.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ui.d.ts","sourceRoot":"","sources":["../../src/routes/ui.tsx"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAC;AAC7C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,8BAA8B,CAAC;AACjE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,mCAAmC,CAAC;AAU3E,0CAA0C;AAC1C,MAAM,WAAW,WAAW;IAC1B,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,YAAY,EAAE,YAAY,CAAC;IAC3B,iBAAiB,EAAE,iBAAiB,CAAC;CACtC;AAED;;;;;;GAMG;AACH,wBAAgB,cAAc,CAAC,IAAI,EAAE,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,CAkMjE"}

package/dist/routes/ui.js

@@ -0,0 +1,173 @@
+import { jsx as _jsx } from "hono/jsx/jsx-runtime";
+import { Hono } from "hono";
+import { streamSSE } from "hono/streaming";
+import { basicAuth } from "hono/basic-auth";
+import { LandingPage } from "../ui/pages/LandingPage.js";
+import { HowToPage } from "../ui/pages/HowToPage.js";
+import { Layout } from "../ui/components/Layout.js";
+import { AdminDashboard } from "../ui/pages/AdminDashboard.js";
+import { SessionList } from "../ui/pages/SessionList.js";
+import { SessionDetail } from "../ui/pages/SessionDetail.js";
+import { MessageLog } from "../ui/pages/MessageLog.js";
+/**
+ * Create UI route handlers for the public landing page, SSE stats stream,
+ * and password-protected admin dashboard with session/peer CRUD and message log.
+ *
+ * Admin routes are only mounted when adminPassword is set (non-null).
+ * When disabled, /admin/* returns 404 via Hono's default handler.
+ */
+export function createUiRoutes(deps) {
+    const { statsService, adminPassword, sessionStore, connectionManager } = deps;
+    const ui = new Hono();
+    // GET / -- Landing page with server-rendered stats
+    ui.get("/", (c) => {
+        const stats = statsService.getStats();
+        return c.html(_jsx(LandingPage, { stats: stats }));
+    });
+    // GET /how-to -- Comprehensive how-to guide
+    ui.get("/how-to", (c) => {
+        return c.html(_jsx(HowToPage, {}));
+    });
+    // GET /ui/stats/stream -- SSE endpoint pushing stats every 5 seconds
+    ui.get("/ui/stats/stream", (c) => {
+        return streamSSE(c, async (stream) => {
+            while (true) {
+                const stats = statsService.getStats();
+                await stream.writeSSE({
+                    data: JSON.stringify(stats),
+                    event: "stats",
+                    id: String(Date.now()),
+                });
+                await stream.sleep(5000);
+            }
+        });
+    });
+    // --- Admin routes (only when password is configured) ---
+    if (adminPassword) {
+        const admin = new Hono();
+        // Basic Auth middleware for all admin routes
+        admin.use("*", basicAuth({
+            verifyUser: (username, password) => {
+                return username === "admin" && password === adminPassword;
+            },
+            realm: "COGENT Admin",
+        }));
+        // GET /admin/ or /admin -- Dashboard overview
+        admin.get("/", async (_c) => {
+            const stats = statsService.getStats();
+            return _c.html(_jsx(AdminDashboard, { stats: stats }));
+        });
+        // GET /admin/sessions -- Session list
+        admin.get("/sessions", async (c) => {
+            const sessionIds = await sessionStore.listSessions();
+            const sessions = [];
+            for (const id of sessionIds) {
+                const session = await sessionStore.getSession(id);
+                if (session) {
+                    sessions.push({
+                        sessionId: id,
+                        label: session.label,
+                        createdAt: session.createdAt,
+                        creatorIp: session.creatorIp,
+                        peerCount: Object.keys(session.peers).length,
+                        messageCount: session.messages.length,
+                        connectedPeerIds: connectionManager.getConnectedPeerIds(id),
+                    });
+                }
+            }
+            return c.html(_jsx(SessionList, { sessions: sessions }));
+        });
+        // GET /admin/sessions/:id -- Session detail
+        admin.get("/sessions/:id", async (c) => {
+            const sessionId = c.req.param("id");
+            const session = await sessionStore.getSession(sessionId);
+            if (!session) {
+                return c.html(_jsx(Layout, { title: "Not Found", children: _jsx("p", { children: "Session not found" }) }), 404);
+            }
+            const connectedPeerIds = connectionManager.getConnectedPeerIds(sessionId);
+            return c.html(_jsx(SessionDetail, { session: session, connectedPeerIds: connectedPeerIds }));
+        });
+        // POST /admin/sessions/:id/delete -- Delete session
+        admin.post("/sessions/:id/delete", async (c) => {
+            const sessionId = c.req.param("id");
+            // Close all WS connections for this session before deleting
+            const connectedPeers = connectionManager.getConnectedPeerIds(sessionId);
+            for (const peerId of connectedPeers) {
+                const conns = connectionManager.getConnections(sessionId, peerId);
+                for (const conn of conns) {
+                    try {
+                        conn.ws.close(1000, "Session deleted by admin");
+                    }
+                    catch {
+                        // Ignore errors from already-closed sockets
+                    }
+                }
+            }
+            await sessionStore.deleteSession(sessionId);
+            return c.redirect("/admin/sessions");
+        });
+        // POST /admin/sessions/:id/peers/:peerId/delete -- Delete peer from session
+        admin.post("/sessions/:id/peers/:peerId/delete", async (c) => {
+            const sessionId = c.req.param("id");
+            const peerId = c.req.param("peerId");
+            // Close WS connections for this peer
+            const conns = connectionManager.getConnections(sessionId, peerId);
+            for (const conn of conns) {
+                try {
+                    conn.ws.close(1000, "Peer removed by admin");
+                }
+                catch {
+                    // Ignore errors from already-closed sockets
+                }
+            }
+            // Remove peer from session state
+            await sessionStore.updateSession(sessionId, (state) => {
+                const { [peerId]: _, ...remainingPeers } = state.peers;
+                return { ...state, peers: remainingPeers };
+            });
+            return c.redirect("/admin/sessions/" + sessionId);
+        });
+        // GET /admin/messages -- Message log with filtering
+        admin.get("/messages", async (c) => {
+            const filterSessionId = c.req.query("sessionId") || undefined;
+            const filterPeerId = c.req.query("peerId") || undefined;
+            const filterQuery = c.req.query("q") || undefined;
+            const sessionIds = filterSessionId
+                ? [filterSessionId]
+                : await sessionStore.listSessions();
+            const allMessages = [];
+            for (const id of sessionIds) {
+                const session = await sessionStore.getSession(id);
+                if (session) {
+                    for (const msg of session.messages) {
+                        allMessages.push({ ...msg, sessionId: id });
+                    }
+                }
+            }
+            // Apply filters
+            let filtered = allMessages;
+            if (filterPeerId) {
+                filtered = filtered.filter((m) => m.fromPeerId === filterPeerId || m.toPeerId === filterPeerId);
+            }
+            if (filterQuery) {
+                const q = filterQuery.toLowerCase();
+                filtered = filtered.filter((m) => m.message.toLowerCase().includes(q));
+            }
+            // Sort by timestamp descending (newest first), take last 200
+            filtered.sort((a, b) => new Date(b.timestamp).getTime() - new Date(a.timestamp).getTime());
+            filtered = filtered.slice(0, 200);
+            const allSessionIds = await sessionStore.listSessions();
+            return c.html(_jsx(MessageLog, { messages: filtered, filters: {
+                    sessionId: filterSessionId,
+                    peerId: filterPeerId,
+                    query: filterQuery,
+                }, sessions: allSessionIds }));
+        });
+        // Mount admin sub-router
+        ui.route("/admin", admin);
+        // Hono sub-routers don't match trailing slash on root — redirect /admin/ → /admin
+        ui.get("/admin/", (c) => c.redirect("/admin"));
+    }
+    return ui;
+}
+//# sourceMappingURL=ui.js.map

package/dist/routes/ui.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ui.js","sourceRoot":"","sources":["../../src/routes/ui.tsx"],"names":[],"mappings":";AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,SAAS,EAAE,MAAM,gBAAgB,CAAC;AAC3C,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAM5C,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,SAAS,EAAE,MAAM,0BAA0B,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,+BAA+B,CAAC;AAC/D,OAAO,EAAE,WAAW,EAAE,MAAM,4BAA4B,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,UAAU,EAAE,MAAM,2BAA2B,CAAC;AAUvD;;;;;;GAMG;AACH,MAAM,UAAU,cAAc,CAAC,IAAiB;IAC9C,MAAM,EAAE,YAAY,EAAE,aAAa,EAAE,YAAY,EAAE,iBAAiB,EAAE,GAAG,IAAI,CAAC;IAC9E,MAAM,EAAE,GAAG,IAAI,IAAI,EAAa,CAAC;IAEjC,mDAAmD;IACnD,EAAE,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE;QAChB,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;QACtC,OAAO,CAAC,CAAC,IAAI,CAAC,KAAC,WAAW,IAAC,KAAK,EAAE,KAAK,GAAI,CAAC,CAAC;IAC/C,CAAC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE;QACtB,OAAO,CAAC,CAAC,IAAI,CAAC,KAAC,SAAS,KAAG,CAAC,CAAC;IAC/B,CAAC,CAAC,CAAC;IAEH,qEAAqE;IACrE,EAAE,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC,EAAE,EAAE;QAC/B,OAAO,SAAS,CAAC,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE;YACnC,OAAO,IAAI,EAAE,CAAC;gBACZ,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;gBACtC,MAAM,MAAM,CAAC,QAAQ,CAAC;oBACpB,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC;oBAC3B,KAAK,EAAE,OAAO;oBACd,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;iBACvB,CAAC,CAAC;gBACH,MAAM,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,0DAA0D;IAC1D,IAAI,aAAa,EAAE,CAAC;QAClB,MAAM,KAAK,GAAG,IAAI,IAAI,EAAa,CAAC;QAEpC,6CAA6C;QAC7C,KAAK,CAAC,GAAG,CACP,GAAG,EACH,SAAS,CAAC;YACR,UAAU,EAAE,CAAC,QAAQ,EAAE,QAAQ,EAAE,EAAE;gBACjC,OAAO,QAAQ,KAAK,OAAO,IAAI,QAAQ,KAAK,aAAa,CAAC;YAC5D,CAAC;YACD,KAAK,EAAE,cAAc;SACtB,CAAC,CACH,CAAC;QAEF,8CAA8C;QAC9C,KAAK,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,EAAE,EAAE,EAAE;YAC1B,MAAM,KAAK,GAAG,YAAY,CAAC,QAAQ,EAAE,CAAC;YACtC,OAAO,EAAE,CAAC,IAAI,CAAC,KAAC,cAAc,IAAC,KAAK,EAAE,KAAK,GAAI,CAAC,CAAC;QACnD,CAAC,CAAC,CAAC;QAEH,sCAAsC;QACtC,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,UAAU,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,CAAC;YACrD,MAAM,QAAQ,GAAG,EAAE,CAAC;YACpB,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;gBAClD,IAAI,OAAO,EAAE,CAAC;oBACZ,QAAQ,CAAC,IAAI,CAAC;wBACZ,SAAS,EAAE,EAAE;wBACb,KAAK,EAAE,OAAO,CAAC,KAAK;wBACpB,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,SAAS,EAAE,OAAO,CAAC,SAAS;wBAC5B,SAAS,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,MAAM;wBAC5C,YAAY,EAAE,OAAO,CAAC,QAAQ,CAAC,MAAM;wBACrC,gBAAgB,EAAE,iBAAiB,CAAC,mBAAmB,CAAC,EAAE,CAAC;qBAC5D,CAAC,CAAC;gBACL,CAAC;YACH,CAAC;YACD,OAAO,CAAC,CAAC,IAAI,CAAC,KAAC,WAAW,IAAC,QAAQ,EAAE,QAAQ,GAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,4CAA4C;QAC5C,KAAK,CAAC,GAAG,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACrC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,CAAC,CAAC,IAAI,CACX,KAAC,MAAM,IAAC,KAAK,EAAC,WAAW,YACvB,4CAAwB,GACjB,EACT,GAAG,CACJ,CAAC;YACJ,CAAC;YACD,MAAM,gBAAgB,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;YAC1E,OAAO,CAAC,CAAC,IAAI,CACX,KAAC,aAAa,IAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,GAAI,CACxE,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,oDAAoD;QACpD,KAAK,CAAC,IAAI,CAAC,sBAAsB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YAC7C,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,4DAA4D;YAC5D,MAAM,cAAc,GAAG,iBAAiB,CAAC,mBAAmB,CAAC,SAAS,CAAC,CAAC;YACxE,KAAK,MAAM,MAAM,IAAI,cAAc,EAAE,CAAC;gBACpC,MAAM,KAAK,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;gBAClE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,IAAI,CAAC;wBACH,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,0BAA0B,CAAC,CAAC;oBAClD,CAAC;oBAAC,MAAM,CAAC;wBACP,4CAA4C;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YACD,MAAM,YAAY,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;YAC5C,OAAO,CAAC,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC;QACvC,CAAC,CAAC,CAAC;QAEH,4EAA4E;QAC5E,KAAK,CAAC,IAAI,CAAC,oCAAoC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YAC3D,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;YACpC,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;YACrC,qCAAqC;YACrC,MAAM,KAAK,GAAG,iBAAiB,CAAC,cAAc,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;YAClE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;gBACzB,IAAI,CAAC;oBACH,IAAI,CAAC,EAAE,CAAC,KAAK,CAAC,IAAI,EAAE,uBAAuB,CAAC,CAAC;gBAC/C,CAAC;gBAAC,MAAM,CAAC;oBACP,4CAA4C;gBAC9C,CAAC;YACH,CAAC;YACD,iCAAiC;YACjC,MAAM,YAAY,CAAC,aAAa,CAAC,SAAS,EAAE,CAAC,KAAK,EAAE,EAAE;gBACpD,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,CAAC,EAAE,GAAG,cAAc,EAAE,GAAG,KAAK,CAAC,KAAK,CAAC;gBACvD,OAAO,EAAE,GAAG,KAAK,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC;YAC7C,CAAC,CAAC,CAAC;YACH,OAAO,CAAC,CAAC,QAAQ,CAAC,kBAAkB,GAAG,SAAS,CAAC,CAAC;QACpD,CAAC,CAAC,CAAC;QAEH,oDAAoD;QACpD,KAAK,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;YACjC,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,IAAI,SAAS,CAAC;YAC9D,MAAM,YAAY,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,SAAS,CAAC;YACxD,MAAM,WAAW,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,SAAS,CAAC;YAElD,MAAM,UAAU,GAAG,eAAe;gBAChC,CAAC,CAAC,CAAC,eAAe,CAAC;gBACnB,CAAC,CAAC,MAAM,YAAY,CAAC,YAAY,EAAE,CAAC;YAEtC,MAAM,WAAW,GAAiD,EAAE,CAAC;YACrE,KAAK,MAAM,EAAE,IAAI,UAAU,EAAE,CAAC;gBAC5B,MAAM,OAAO,GAAG,MAAM,YAAY,CAAC,UAAU,CAAC,EAAE,CAAC,CAAC;gBAClD,IAAI,OAAO,EAAE,CAAC;oBACZ,KAAK,MAAM,GAAG,IAAI,OAAO,CAAC,QAAQ,EAAE,CAAC;wBACnC,WAAW,CAAC,IAAI,CAAC,EAAE,GAAG,GAAG,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC,CAAC;oBAC9C,CAAC;gBACH,CAAC;YACH,CAAC;YAED,gBAAgB;YAChB,IAAI,QAAQ,GAAG,WAAW,CAAC;YAC3B,IAAI,YAAY,EAAE,CAAC;gBACjB,QAAQ,GAAG,QAAQ,CAAC,MAAM,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,KAAK,YAAY,IAAI,CAAC,CAAC,QAAQ,KAAK,YAAY,CACpE,CAAC;YACJ,CAAC;YACD,IAAI,WAAW,EAAE,CAAC;gBAChB,MAAM,CAAC,GAAG,WAAW,CAAC,WAAW,EAAE,CAAC;gBACpC,QAAQ,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAC/B,CAAC,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC,CACpC,CAAC;YACJ,CAAC;YAED,6DAA6D;YAC7D,QAAQ,CAAC,IAAI,CACX,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CACP,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,OAAO,EAAE,CACpE,CAAC;YACF,QAAQ,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;YAElC,MAAM,aAAa,GAAG,MAAM,YAAY,CAAC,YAAY,EAAE,CAAC;YAExD,OAAO,CAAC,CAAC,IAAI,CACX,KAAC,UAAU,IACT,QAAQ,EAAE,QAAQ,EAClB,OAAO,EAAE;oBACP,SAAS,EAAE,eAAe;oBAC1B,MAAM,EAAE,YAAY;oBACpB,KAAK,EAAE,WAAW;iBACnB,EACD,QAAQ,EAAE,aAAa,GACvB,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,EAAE,CAAC,KAAK,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC;QAE1B,kFAAkF;QAClF,EAAE,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;IACjD,CAAC;IAED,OAAO,EAAE,CAAC;AACZ,CAAC"}

package/dist/routes/validation-hook.d.ts

@@ -0,0 +1,18 @@
+import type { Context, Env } from "hono";
+/**
+ * Shared validation hook for @hono/zod-validator.
+ *
+ * Converts Zod validation failures into structured BridgeError JSON
+ * responses with error code INVALID_INPUT and HTTP 400. This ensures
+ * all validation errors across routes use a consistent format.
+ *
+ * Reusable by all route files that use zValidator.
+ *
+ * Note: The hook uses the base Env type (not ServerEnv) because
+ * @hono/zod-validator's Hook type narrows Env generically.
+ */
+export declare function validationHook(result: {
+    success: boolean;
+    error?: unknown;
+}, c: Context<Env>): Response | void;
+//# sourceMappingURL=validation-hook.d.ts.map

package/dist/routes/validation-hook.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation-hook.d.ts","sourceRoot":"","sources":["../../src/routes/validation-hook.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,OAAO,EAAE,GAAG,EAAE,MAAM,MAAM,CAAC;AAEzC;;;;;;;;;;;GAWG;AACH,wBAAgB,cAAc,CAC5B,MAAM,EAAE;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,KAAK,CAAC,EAAE,OAAO,CAAA;CAAE,EAC7C,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,GACd,QAAQ,GAAG,IAAI,CAejB"}

package/dist/routes/validation-hook.js

@@ -0,0 +1,24 @@
+import { BridgeError, ErrorCode } from "@essentialai/cogent";
+/**
+ * Shared validation hook for @hono/zod-validator.
+ *
+ * Converts Zod validation failures into structured BridgeError JSON
+ * responses with error code INVALID_INPUT and HTTP 400. This ensures
+ * all validation errors across routes use a consistent format.
+ *
+ * Reusable by all route files that use zValidator.
+ *
+ * Note: The hook uses the base Env type (not ServerEnv) because
+ * @hono/zod-validator's Hook type narrows Env generically.
+ */
+export function validationHook(result, c) {
+    if (!result.success) {
+        const zodError = result.error;
+        const message = zodError instanceof Error
+            ? zodError.message
+            : "Invalid request body";
+        const err = new BridgeError(ErrorCode.INVALID_INPUT, `Validation failed: ${message}`, "Check request body matches the expected schema");
+        return c.json(err.toJSON(), 400);
+    }
+}
+//# sourceMappingURL=validation-hook.js.map

package/dist/routes/validation-hook.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation-hook.js","sourceRoot":"","sources":["../../src/routes/validation-hook.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,SAAS,EAAE,MAAM,qBAAqB,CAAC;AAG7D;;;;;;;;;;;GAWG;AACH,MAAM,UAAU,cAAc,CAC5B,MAA6C,EAC7C,CAAe;IAEf,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;QACpB,MAAM,QAAQ,GAAG,MAAM,CAAC,KAAK,CAAC;QAC9B,MAAM,OAAO,GACX,QAAQ,YAAY,KAAK;YACvB,CAAC,CAAC,QAAQ,CAAC,OAAO;YAClB,CAAC,CAAC,sBAAsB,CAAC;QAE7B,MAAM,GAAG,GAAG,IAAI,WAAW,CACzB,SAAS,CAAC,aAAa,EACvB,sBAAsB,OAAO,EAAE,EAC/B,gDAAgD,CACjD,CAAC;QACF,OAAO,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,EAAE,GAAG,CAAC,CAAC;IACnC,CAAC;AACH,CAAC"}

package/dist/services/auth-service.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Authentication service for the Cogent server.
+ *
+ * Responsibilities:
+ * - bcrypt hashing of session secrets (one-time, during create/join)
+ * - Random bearer token generation with SHA-256 hashing for storage
+ * - Timing-safe comparison for token verification (every request)
+ *
+ * bcrypt is used for secrets (slow, salted -- appropriate for passwords).
+ * SHA-256 is used for tokens (fast -- tokens are high-entropy random values).
+ * Timing-safe comparison prevents timing attacks on token verification.
+ */
+export declare class AuthService {
+    private readonly bcryptRounds;
+    constructor(bcryptRounds: number);
+    /**
+     * Hash a plaintext secret using bcrypt.
+     * Used during session creation and join operations.
+     */
+    hashSecret(plainSecret: string): Promise<string>;
+    /**
+     * Verify a plaintext secret against a bcrypt hash.
+     * Used during session join to validate the provided secret.
+     */
+    verifySecret(plainSecret: string, hash: string): Promise<boolean>;
+    /**
+     * Generate a cryptographically random bearer token.
+     * Returns both the plaintext token (to send to client) and its
+     * SHA-256 hash (to store on disk for lookup).
+     */
+    generateToken(): {
+        token: string;
+        tokenHash: string;
+    };
+    /**
+     * Compute the SHA-256 hash of a token string.
+     * Used by auth middleware to look up tokens in the session store index.
+     */
+    hashToken(token: string): string;
+    /**
+     * Timing-safe string comparison.
+     * Hashes both strings with SHA-256 to normalize length, then uses
+     * crypto.timingSafeEqual on the resulting buffers. This prevents
+     * timing attacks regardless of input string lengths.
+     */
+    timingSafeCompare(a: string, b: string): boolean;
+}
+//# sourceMappingURL=auth-service.d.ts.map

package/dist/services/auth-service.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-service.d.ts","sourceRoot":"","sources":["../../src/services/auth-service.ts"],"names":[],"mappings":"AAGA;;;;;;;;;;;GAWG;AACH,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;gBAE1B,YAAY,EAAE,MAAM;IAIhC;;;OAGG;IACG,UAAU,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAItD;;;OAGG;IACG,YAAY,CAAC,WAAW,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAIvE;;;;OAIG;IACH,aAAa,IAAI;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,SAAS,EAAE,MAAM,CAAA;KAAE;IAMrD;;;OAGG;IACH,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM;IAIhC;;;;;OAKG;IACH,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO;CAKjD"}

package/dist/services/auth-service.js

@@ -0,0 +1,63 @@
+import crypto from "node:crypto";
+import bcrypt from "bcryptjs";
+/**
+ * Authentication service for the Cogent server.
+ *
+ * Responsibilities:
+ * - bcrypt hashing of session secrets (one-time, during create/join)
+ * - Random bearer token generation with SHA-256 hashing for storage
+ * - Timing-safe comparison for token verification (every request)
+ *
+ * bcrypt is used for secrets (slow, salted -- appropriate for passwords).
+ * SHA-256 is used for tokens (fast -- tokens are high-entropy random values).
+ * Timing-safe comparison prevents timing attacks on token verification.
+ */
+export class AuthService {
+    bcryptRounds;
+    constructor(bcryptRounds) {
+        this.bcryptRounds = bcryptRounds;
+    }
+    /**
+     * Hash a plaintext secret using bcrypt.
+     * Used during session creation and join operations.
+     */
+    async hashSecret(plainSecret) {
+        return bcrypt.hash(plainSecret, this.bcryptRounds);
+    }
+    /**
+     * Verify a plaintext secret against a bcrypt hash.
+     * Used during session join to validate the provided secret.
+     */
+    async verifySecret(plainSecret, hash) {
+        return bcrypt.compare(plainSecret, hash);
+    }
+    /**
+     * Generate a cryptographically random bearer token.
+     * Returns both the plaintext token (to send to client) and its
+     * SHA-256 hash (to store on disk for lookup).
+     */
+    generateToken() {
+        const token = crypto.randomBytes(32).toString("hex");
+        const tokenHash = this.hashToken(token);
+        return { token, tokenHash };
+    }
+    /**
+     * Compute the SHA-256 hash of a token string.
+     * Used by auth middleware to look up tokens in the session store index.
+     */
+    hashToken(token) {
+        return crypto.createHash("sha256").update(token).digest("hex");
+    }
+    /**
+     * Timing-safe string comparison.
+     * Hashes both strings with SHA-256 to normalize length, then uses
+     * crypto.timingSafeEqual on the resulting buffers. This prevents
+     * timing attacks regardless of input string lengths.
+     */
+    timingSafeCompare(a, b) {
+        const hashA = crypto.createHash("sha256").update(a).digest();
+        const hashB = crypto.createHash("sha256").update(b).digest();
+        return crypto.timingSafeEqual(hashA, hashB);
+    }
+}
+//# sourceMappingURL=auth-service.js.map