npm - @femtomc/mu-server - Versions diffs - 26.2.36 → 26.2.38 - Mend

@femtomc/mu-server 26.2.36 → 26.2.38

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/README.md +29 -1
package/dist/api/events.d.ts +2 -0
package/dist/api/events.js +45 -0
package/dist/api/forum.js +2 -2
package/dist/api/issues.js +5 -5
package/dist/cli.js +3 -3
package/dist/config.d.ts +99 -0
package/dist/config.js +360 -0
package/dist/control_plane.d.ts +5 -28
package/dist/control_plane.js +33 -97
package/dist/index.d.ts +6 -4
package/dist/index.js +3 -2
package/dist/server.d.ts +19 -5
package/dist/server.js +207 -50
package/package.json +6 -6
package/public/assets/index-CxkevQNh.js +100 -0
package/public/index.html +1 -1
package/public/assets/index-0FGFtKeu.js +0 -85

package/dist/control_plane.js CHANGED Viewed

@@ -1,114 +1,49 @@
+import { ApprovedCommandBroker, CommandContextResolver, MessagingMetaAgentRuntime, PiMessagingMetaAgentBackend, serveExtensionPaths, } from "@femtomc/mu-agent";
 import { ControlPlaneCommandPipeline, ControlPlaneOutbox, ControlPlaneOutboxDispatcher, ControlPlaneRuntime, DiscordControlPlaneAdapter, getControlPlanePaths, SlackControlPlaneAdapter, TelegramControlPlaneAdapter, } from "@femtomc/mu-control-plane";
-import { ApprovedCommandBroker, CommandContextResolver, MessagingMetaAgentRuntime, PiMessagingMetaAgentBackend, } from "@femtomc/mu-agent";
-export const ENV_VARS = {
-    slack: { signingSecret: "MU_SLACK_SIGNING_SECRET" },
-    discord: { signingSecret: "MU_DISCORD_SIGNING_SECRET" },
-    telegram: {
-        webhookSecret: "MU_TELEGRAM_WEBHOOK_SECRET",
-        botToken: "MU_TELEGRAM_BOT_TOKEN",
-        botUsername: "MU_TELEGRAM_BOT_USERNAME",
-        tenantId: "MU_TELEGRAM_TENANT_ID",
-    },
-    metaAgent: {
-        enabled: "MU_META_AGENT_ENABLED",
-        enabledChannels: "MU_META_AGENT_ENABLED_CHANNELS",
-        runTriggersEnabled: "MU_META_AGENT_RUN_TRIGGERS_ENABLED",
-        provider: "MU_META_AGENT_PROVIDER",
-        model: "MU_META_AGENT_MODEL",
-        thinking: "MU_META_AGENT_THINKING",
-        systemPrompt: "MU_META_AGENT_SYSTEM_PROMPT",
-        timeoutMs: "MU_META_AGENT_TIMEOUT_MS",
-    },
-};
-const ROUTE_MAP = {
-    slack: "/webhooks/slack",
-    discord: "/webhooks/discord",
-    telegram: "/webhooks/telegram",
-};
-export function detectAdapters(env) {
+import { DEFAULT_MU_CONFIG } from "./config.js";
+export function detectAdapters(config) {
     const adapters = [];
-    const slackSecret = env[ENV_VARS.slack.signingSecret];
+    const slackSecret = config.adapters.slack.signing_secret;
     if (slackSecret) {
         adapters.push({ name: "slack", signingSecret: slackSecret });
     }
-    const discordSecret = env[ENV_VARS.discord.signingSecret];
+    const discordSecret = config.adapters.discord.signing_secret;
     if (discordSecret) {
         adapters.push({ name: "discord", signingSecret: discordSecret });
     }
-    const telegramSecret = env[ENV_VARS.telegram.webhookSecret];
+    const telegramSecret = config.adapters.telegram.webhook_secret;
     if (telegramSecret) {
         adapters.push({
             name: "telegram",
             webhookSecret: telegramSecret,
-            botToken: env[ENV_VARS.telegram.botToken] ?? null,
-            botUsername: env[ENV_VARS.telegram.botUsername] ?? null,
-            tenantId: env[ENV_VARS.telegram.tenantId] ?? null,
+            botToken: config.adapters.telegram.bot_token,
+            botUsername: config.adapters.telegram.bot_username,
         });
     }
     return adapters;
 }
-function parseBooleanEnv(value, defaultValue) {
-    if (value == null) {
-        return defaultValue;
-    }
-    const normalized = value.trim().toLowerCase();
-    if (["1", "true", "yes", "on", "enabled"].includes(normalized)) {
-        return true;
-    }
-    if (["0", "false", "no", "off", "disabled"].includes(normalized)) {
-        return false;
-    }
-    return defaultValue;
-}
-function parsePositiveIntEnv(value) {
-    if (!value) {
-        return undefined;
-    }
-    const parsed = Number.parseInt(value, 10);
-    if (!Number.isFinite(parsed) || parsed <= 0) {
-        return undefined;
-    }
-    return parsed;
-}
-function parseCsvEnv(value) {
-    if (!value) {
-        return undefined;
-    }
-    const tokens = value
-        .split(",")
-        .map((token) => token.trim().toLowerCase())
-        .filter((token) => token.length > 0);
-    return tokens.length > 0 ? tokens : undefined;
-}
 function buildMessagingMetaAgentRuntime(opts) {
-    const enabled = parseBooleanEnv(opts.env[ENV_VARS.metaAgent.enabled], true);
-    if (!enabled) {
+    if (!opts.config.meta_agent.enabled) {
         return null;
     }
-    const runTriggersEnabled = parseBooleanEnv(opts.env[ENV_VARS.metaAgent.runTriggersEnabled], true);
-    const enabledChannels = parseCsvEnv(opts.env[ENV_VARS.metaAgent.enabledChannels]);
-    const timeoutMs = parsePositiveIntEnv(opts.env[ENV_VARS.metaAgent.timeoutMs]);
     const backend = opts.backend ??
         new PiMessagingMetaAgentBackend({
-            provider: opts.env[ENV_VARS.metaAgent.provider],
-            model: opts.env[ENV_VARS.metaAgent.model],
-            thinking: opts.env[ENV_VARS.metaAgent.thinking],
-            systemPrompt: opts.env[ENV_VARS.metaAgent.systemPrompt],
-            timeoutMs,
+            provider: opts.config.meta_agent.provider ?? undefined,
+            model: opts.config.meta_agent.model ?? undefined,
+            extensionPaths: serveExtensionPaths,
         });
     return new MessagingMetaAgentRuntime({
         backend,
         broker: new ApprovedCommandBroker({
-            runTriggersEnabled,
+            runTriggersEnabled: opts.config.meta_agent.run_triggers_enabled,
             contextResolver: new CommandContextResolver({ allowedRepoRoots: [opts.repoRoot] }),
         }),
-        enabled,
-        enabledChannels,
+        enabled: true,
     });
 }
 export async function bootstrapControlPlane(opts) {
-    const env = opts.env ?? process.env;
-    const detected = detectAdapters(env);
+    const controlPlaneConfig = opts.config ?? DEFAULT_MU_CONFIG.control_plane;
+    const detected = detectAdapters(controlPlaneConfig);
     if (detected.length === 0) {
         return null;
     }
@@ -119,18 +54,16 @@ export async function bootstrapControlPlane(opts) {
         ? opts.metaAgentRuntime
         : buildMessagingMetaAgentRuntime({
             repoRoot: opts.repoRoot,
-            env,
+            config: controlPlaneConfig,
             backend: opts.metaAgentBackend,
         });
     const pipeline = new ControlPlaneCommandPipeline({ runtime, metaAgent });
     await pipeline.start();
     const outbox = new ControlPlaneOutbox(paths.outboxPath);
     await outbox.load();
-    // Collect bot tokens for delivery.
-    const telegramBotTokens = new Map();
+    let telegramBotToken = null;
     const adapterMap = new Map();
     for (const d of detected) {
-        const route = ROUTE_MAP[d.name];
         let adapter;
         switch (d.name) {
             case "slack":
@@ -153,25 +86,31 @@ export async function bootstrapControlPlane(opts) {
                     outbox,
                     webhookSecret: d.webhookSecret,
                     botUsername: d.botUsername ?? undefined,
-                    tenantId: d.tenantId ?? undefined,
                 });
                 if (d.botToken) {
-                    telegramBotTokens.set(d.tenantId ?? "default", d.botToken);
+                    telegramBotToken = d.botToken;
                 }
                 break;
         }
-        adapterMap.set(route, { adapter, info: { name: d.name, route } });
+        const route = adapter.spec.route;
+        if (adapterMap.has(route)) {
+            throw new Error(`duplicate control-plane webhook route: ${route}`);
+        }
+        adapterMap.set(route, {
+            adapter,
+            info: {
+                name: adapter.spec.channel,
+                route,
+            },
+        });
     }
-    // Build delivery handler that routes by channel.
     const deliver = async (record) => {
         const { envelope } = record;
         if (envelope.channel === "telegram") {
-            const tenantId = envelope.channel_tenant_id ?? "default";
-            const botToken = telegramBotTokens.get(tenantId) ?? telegramBotTokens.values().next().value;
-            if (!botToken) {
-                return { kind: "retry", error: "MU_TELEGRAM_BOT_TOKEN not configured" };
+            if (!telegramBotToken) {
+                return { kind: "retry", error: "telegram bot token not configured in .mu/config.json" };
             }
-            const res = await fetch(`https://api.telegram.org/bot${botToken}/sendMessage`, {
+            const res = await fetch(`https://api.telegram.org/bot${telegramBotToken}/sendMessage`, {
                 method: "POST",
                 headers: { "Content-Type": "application/json" },
                 body: JSON.stringify({
@@ -191,17 +130,14 @@ export async function bootstrapControlPlane(opts) {
                     retryDelayMs: retryDelayMs && Number.isFinite(retryDelayMs) ? retryDelayMs : undefined,
                 };
             }
-            // Permanent error — let it dead-letter after max attempts.
             return {
                 kind: "retry",
                 error: `telegram sendMessage ${res.status}: ${await res.text().catch(() => "")}`,
             };
         }
-        // Other channels: treat as delivered (no-op for now).
         return undefined;
     };
     const dispatcher = new ControlPlaneOutboxDispatcher({ outbox, deliver });
-    // Drain loop: check for pending outbox records every 2 seconds.
     const drainInterval = setInterval(async () => {
         try {
             await dispatcher.drainDue();

package/dist/index.d.ts CHANGED Viewed

@@ -1,4 +1,6 @@
-export type { ServerOptions, ServerContext, ServerWithControlPlane } from "./server.js";
-export { createServer, createServerAsync, createContext } from "./server.js";
-export type { ControlPlaneHandle, ActiveAdapter } from "./control_plane.js";
-export { bootstrapControlPlane, detectAdapters, ENV_VARS } from "./control_plane.js";
+export type { MuConfig, MuConfigPatch, MuConfigPresence } from "./config.js";
+export { applyMuConfigPatch, DEFAULT_MU_CONFIG, getMuConfigPath, muConfigPresence, normalizeMuConfig, readMuConfigFile, redactMuConfigSecrets, writeMuConfigFile, } from "./config.js";
+export type { ActiveAdapter, ControlPlaneConfig, ControlPlaneHandle } from "./control_plane.js";
+export { bootstrapControlPlane, detectAdapters } from "./control_plane.js";
+export type { ServerContext, ServerOptions, ServerWithControlPlane } from "./server.js";
+export { createContext, createServer, createServerAsync } from "./server.js";

package/dist/index.js CHANGED Viewed

@@ -1,2 +1,3 @@
-export { createServer, createServerAsync, createContext } from "./server.js";
-export { bootstrapControlPlane, detectAdapters, ENV_VARS } from "./control_plane.js";
+export { applyMuConfigPatch, DEFAULT_MU_CONFIG, getMuConfigPath, muConfigPresence, normalizeMuConfig, readMuConfigFile, redactMuConfigSecrets, writeMuConfigFile, } from "./config.js";
+export { bootstrapControlPlane, detectAdapters } from "./control_plane.js";
+export { createContext, createServer, createServerAsync } from "./server.js";

package/dist/server.d.ts CHANGED Viewed

@@ -1,28 +1,42 @@
+import type { EventEnvelope, JsonlStore } from "@femtomc/mu-core";
 import { EventLog } from "@femtomc/mu-core/node";
-import { IssueStore } from "@femtomc/mu-issue";
 import { ForumStore } from "@femtomc/mu-forum";
-import { type ControlPlaneHandle } from "./control_plane.js";
+import { IssueStore } from "@femtomc/mu-issue";
+import { type MuConfig } from "./config.js";
+import { type ControlPlaneConfig, type ControlPlaneHandle } from "./control_plane.js";
+type ControlPlaneReloader = (opts: {
+    repoRoot: string;
+    previous: ControlPlaneHandle | null;
+    config: ControlPlaneConfig;
+}) => Promise<ControlPlaneHandle | null>;
+type ConfigReader = (repoRoot: string) => Promise<MuConfig>;
+type ConfigWriter = (repoRoot: string, config: MuConfig) => Promise<string>;
 export type ServerOptions = {
     repoRoot?: string;
     port?: number;
     controlPlane?: ControlPlaneHandle | null;
+    controlPlaneReloader?: ControlPlaneReloader;
+    config?: MuConfig;
+    configReader?: ConfigReader;
+    configWriter?: ConfigWriter;
 };
 export type ServerContext = {
     repoRoot: string;
     issueStore: IssueStore;
     forumStore: ForumStore;
     eventLog: EventLog;
+    eventsStore: JsonlStore<EventEnvelope>;
 };
 export declare function createContext(repoRoot: string): ServerContext;
 export declare function createServer(options?: ServerOptions): {
     port: number;
     fetch: (request: Request) => Promise<Response>;
     hostname: string;
+    controlPlane: ControlPlaneHandle;
 };
 export type ServerWithControlPlane = {
     serverConfig: ReturnType<typeof createServer>;
     controlPlane: ControlPlaneHandle | null;
 };
-export declare function createServerAsync(options?: Omit<ServerOptions, "controlPlane"> & {
-    env?: Record<string, string | undefined>;
-}): Promise<ServerWithControlPlane>;
+export declare function createServerAsync(options?: Omit<ServerOptions, "controlPlane">): Promise<ServerWithControlPlane>;
+export {};

package/dist/server.js CHANGED Viewed

@@ -1,11 +1,11 @@
-import { existsSync } from "node:fs";
-import { readFile } from "node:fs/promises";
 import { extname, join, resolve } from "node:path";
-import { fsEventLogFromRepoRoot, FsJsonlStore, getStorePaths } from "@femtomc/mu-core/node";
-import { IssueStore } from "@femtomc/mu-issue";
+import { currentRunId, EventLog, FsJsonlStore, getStorePaths, JsonlEventSink } from "@femtomc/mu-core/node";
 import { ForumStore } from "@femtomc/mu-forum";
-import { issueRoutes } from "./api/issues.js";
+import { IssueStore } from "@femtomc/mu-issue";
+import { eventRoutes } from "./api/events.js";
 import { forumRoutes } from "./api/forum.js";
+import { issueRoutes } from "./api/issues.js";
+import { applyMuConfigPatch, DEFAULT_MU_CONFIG, getMuConfigPath, muConfigPresence, readMuConfigFile, redactMuConfigSecrets, writeMuConfigFile, } from "./config.js";
 import { bootstrapControlPlane } from "./control_plane.js";
 const MIME_TYPES = {
     ".html": "text/html; charset=utf-8",
@@ -21,91 +21,243 @@ const MIME_TYPES = {
 };
 // Resolve public/ dir relative to this file (works in npm global installs)
 const PUBLIC_DIR = join(new URL(".", import.meta.url).pathname, "..", "public");
+function describeError(err) {
+    if (err instanceof Error)
+        return err.message;
+    return String(err);
+}
+function summarizeControlPlane(handle) {
+    if (!handle) {
+        return { active: false, adapters: [], routes: [] };
+    }
+    return {
+        active: handle.activeAdapters.length > 0,
+        adapters: handle.activeAdapters.map((adapter) => adapter.name),
+        routes: handle.activeAdapters.map((adapter) => ({ name: adapter.name, route: adapter.route })),
+    };
+}
 export function createContext(repoRoot) {
     const paths = getStorePaths(repoRoot);
-    const eventLog = fsEventLogFromRepoRoot(repoRoot);
+    const eventsStore = new FsJsonlStore(paths.eventsPath);
+    const eventLog = new EventLog(new JsonlEventSink(eventsStore), {
+        runIdProvider: currentRunId,
+    });
     const issueStore = new IssueStore(new FsJsonlStore(paths.issuesPath), { events: eventLog });
     const forumStore = new ForumStore(new FsJsonlStore(paths.forumPath), { events: eventLog });
-    return { repoRoot, issueStore, forumStore, eventLog };
+    return { repoRoot, issueStore, forumStore, eventLog, eventsStore };
 }
 export function createServer(options = {}) {
     const repoRoot = options.repoRoot || process.cwd();
     const context = createContext(repoRoot);
-    const controlPlane = options.controlPlane ?? null;
+    const readConfig = options.configReader ?? readMuConfigFile;
+    const writeConfig = options.configWriter ?? writeMuConfigFile;
+    const fallbackConfig = options.config ?? DEFAULT_MU_CONFIG;
+    let controlPlaneCurrent = options.controlPlane ?? null;
+    let reloadInFlight = null;
+    const controlPlaneReloader = options.controlPlaneReloader ??
+        (async ({ repoRoot, config }) => {
+            return await bootstrapControlPlane({ repoRoot, config });
+        });
+    const controlPlaneProxy = {
+        get activeAdapters() {
+            return controlPlaneCurrent?.activeAdapters ?? [];
+        },
+        async handleWebhook(path, req) {
+            const handle = controlPlaneCurrent;
+            if (!handle)
+                return null;
+            return await handle.handleWebhook(path, req);
+        },
+        async stop() {
+            const handle = controlPlaneCurrent;
+            controlPlaneCurrent = null;
+            await handle?.stop();
+        },
+    };
+    const loadConfigFromDisk = async () => {
+        try {
+            return await readConfig(context.repoRoot);
+        }
+        catch (err) {
+            if (err?.code === "ENOENT") {
+                return fallbackConfig;
+            }
+            throw err;
+        }
+    };
+    const performControlPlaneReload = async (reason) => {
+        const previous = controlPlaneCurrent;
+        const previousSummary = summarizeControlPlane(previous);
+        try {
+            const latestConfig = await loadConfigFromDisk();
+            const next = await controlPlaneReloader({
+                repoRoot: context.repoRoot,
+                previous,
+                config: latestConfig.control_plane,
+            });
+            controlPlaneCurrent = next;
+            if (previous && previous !== next) {
+                await previous.stop();
+            }
+            return {
+                ok: true,
+                reason,
+                previous_control_plane: previousSummary,
+                control_plane: summarizeControlPlane(next),
+            };
+        }
+        catch (err) {
+            return {
+                ok: false,
+                reason,
+                previous_control_plane: previousSummary,
+                control_plane: summarizeControlPlane(previous),
+                error: describeError(err),
+            };
+        }
+    };
+    const reloadControlPlane = async (reason) => {
+        if (reloadInFlight) {
+            return await reloadInFlight;
+        }
+        reloadInFlight = performControlPlaneReload(reason).finally(() => {
+            reloadInFlight = null;
+        });
+        return await reloadInFlight;
+    };
     const handleRequest = async (request) => {
         const url = new URL(request.url);
         const path = url.pathname;
-        // CORS headers for development
         const headers = new Headers({
             "Access-Control-Allow-Origin": "*",
             "Access-Control-Allow-Methods": "GET, POST, PATCH, DELETE, OPTIONS",
             "Access-Control-Allow-Headers": "Content-Type",
         });
-        // Handle preflight requests
         if (request.method === "OPTIONS") {
             return new Response(null, { status: 204, headers });
         }
-        // Health check
         if (path === "/healthz" || path === "/health") {
             return new Response("ok", { status: 200, headers });
         }
-        // Status endpoint
+        if (path === "/api/config") {
+            if (request.method === "GET") {
+                try {
+                    const config = await loadConfigFromDisk();
+                    return Response.json({
+                        repo_root: context.repoRoot,
+                        config_path: getMuConfigPath(context.repoRoot),
+                        config: redactMuConfigSecrets(config),
+                        presence: muConfigPresence(config),
+                    }, { headers });
+                }
+                catch (err) {
+                    return Response.json({ error: `failed to read config: ${describeError(err)}` }, { status: 500, headers });
+                }
+            }
+            if (request.method === "POST") {
+                let body;
+                try {
+                    body = (await request.json());
+                }
+                catch {
+                    return Response.json({ error: "invalid json body" }, { status: 400, headers });
+                }
+                if (!body || !("patch" in body)) {
+                    return Response.json({ error: "missing patch payload" }, { status: 400, headers });
+                }
+                try {
+                    const base = await loadConfigFromDisk();
+                    const next = applyMuConfigPatch(base, body.patch);
+                    const configPath = await writeConfig(context.repoRoot, next);
+                    return Response.json({
+                        ok: true,
+                        repo_root: context.repoRoot,
+                        config_path: configPath,
+                        config: redactMuConfigSecrets(next),
+                        presence: muConfigPresence(next),
+                    }, { headers });
+                }
+                catch (err) {
+                    return Response.json({ error: `failed to write config: ${describeError(err)}` }, { status: 500, headers });
+                }
+            }
+            return Response.json({ error: "Method Not Allowed" }, { status: 405, headers });
+        }
+        if (path === "/api/control-plane/reload") {
+            if (request.method !== "POST") {
+                return Response.json({ error: "Method Not Allowed" }, { status: 405, headers });
+            }
+            let reason = "api_control_plane_reload";
+            try {
+                const body = (await request.json());
+                if (typeof body.reason === "string" && body.reason.trim().length > 0) {
+                    reason = body.reason.trim();
+                }
+            }
+            catch {
+                // ignore invalid body for reason
+            }
+            const result = await reloadControlPlane(reason);
+            return Response.json(result, { status: result.ok ? 200 : 500, headers });
+        }
         if (path === "/api/status") {
             const issues = await context.issueStore.list();
-            const openIssues = issues.filter(i => i.status === "open");
+            const openIssues = issues.filter((i) => i.status === "open");
             const readyIssues = await context.issueStore.ready();
+            const controlPlane = summarizeControlPlane(controlPlaneCurrent);
             return Response.json({
                 repo_root: context.repoRoot,
                 open_count: openIssues.length,
                 ready_count: readyIssues.length,
-                control_plane: controlPlane
-                    ? { active: true, adapters: controlPlane.activeAdapters.map(a => a.name) }
-                    : { active: false, adapters: [] },
+                control_plane: controlPlane,
             }, { headers });
         }
-        // Issue routes
         if (path.startsWith("/api/issues")) {
             const response = await issueRoutes(request, context);
-            // Add CORS headers to the response
-            headers.forEach((value, key) => response.headers.set(key, value));
+            headers.forEach((value, key) => {
+                response.headers.set(key, value);
+            });
             return response;
         }
-        // Forum routes
         if (path.startsWith("/api/forum")) {
             const response = await forumRoutes(request, context);
-            // Add CORS headers to the response
-            headers.forEach((value, key) => response.headers.set(key, value));
+            headers.forEach((value, key) => {
+                response.headers.set(key, value);
+            });
             return response;
         }
-        // Webhook routes (control plane)
-        if (path.startsWith("/webhooks/") && controlPlane) {
-            const response = await controlPlane.handleWebhook(path, request);
+        if (path.startsWith("/api/events")) {
+            const response = await eventRoutes(request, context);
+            headers.forEach((value, key) => {
+                response.headers.set(key, value);
+            });
+            return response;
+        }
+        if (path.startsWith("/webhooks/")) {
+            const response = await controlPlaneProxy.handleWebhook(path, request);
             if (response) {
-                headers.forEach((value, key) => response.headers.set(key, value));
+                headers.forEach((value, key) => {
+                    response.headers.set(key, value);
+                });
                 return response;
             }
         }
-        // Static file serving (bundled web UI)
-        if (existsSync(PUBLIC_DIR)) {
-            // Try to serve the exact file (with path traversal protection)
-            const filePath = resolve(PUBLIC_DIR, `.${path === "/" ? "/index.html" : path}`);
-            if (!filePath.startsWith(PUBLIC_DIR)) {
-                return new Response("Forbidden", { status: 403, headers });
-            }
-            if (existsSync(filePath)) {
-                const ext = extname(filePath);
-                const mime = MIME_TYPES[ext] ?? "application/octet-stream";
-                const body = await readFile(filePath);
-                headers.set("Content-Type", mime);
-                return new Response(body, { status: 200, headers });
-            }
-            // SPA fallback: serve index.html for non-API, non-file paths
-            const indexPath = join(PUBLIC_DIR, "index.html");
-            if (existsSync(indexPath)) {
-                const body = await readFile(indexPath);
-                headers.set("Content-Type", "text/html; charset=utf-8");
-                return new Response(body, { status: 200, headers });
-            }
+        const filePath = resolve(PUBLIC_DIR, `.${path === "/" ? "/index.html" : path}`);
+        if (!filePath.startsWith(PUBLIC_DIR)) {
+            return new Response("Forbidden", { status: 403, headers });
+        }
+        const file = Bun.file(filePath);
+        if (await file.exists()) {
+            const ext = extname(filePath);
+            const mime = MIME_TYPES[ext] ?? "application/octet-stream";
+            headers.set("Content-Type", mime);
+            return new Response(await file.arrayBuffer(), { status: 200, headers });
+        }
+        const indexPath = join(PUBLIC_DIR, "index.html");
+        const indexFile = Bun.file(indexPath);
+        if (await indexFile.exists()) {
+            headers.set("Content-Type", "text/html; charset=utf-8");
+            return new Response(await indexFile.arrayBuffer(), { status: 200, headers });
         }
         return new Response("Not Found", { status: 404, headers });
     };
@@ -113,12 +265,17 @@ export function createServer(options = {}) {
         port: options.port || 3000,
         fetch: handleRequest,
         hostname: "0.0.0.0",
+        controlPlane: controlPlaneProxy,
     };
     return server;
 }
 export async function createServerAsync(options = {}) {
     const repoRoot = options.repoRoot || process.cwd();
-    const controlPlane = await bootstrapControlPlane({ repoRoot, env: options.env });
-    const serverConfig = createServer({ ...options, controlPlane });
-    return { serverConfig, controlPlane };
+    const config = options.config ?? (await readMuConfigFile(repoRoot));
+    const controlPlane = await bootstrapControlPlane({ repoRoot, config: config.control_plane });
+    const serverConfig = createServer({ ...options, controlPlane, config });
+    return {
+        serverConfig,
+        controlPlane: serverConfig.controlPlane,
+    };
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@femtomc/mu-server",
-  "version": "26.2.36",
+  "version": "26.2.38",
   "type": "module",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",
@@ -23,10 +23,10 @@
     "start": "bun run dist/cli.js"
   },
   "dependencies": {
-    "@femtomc/mu-agent": "26.2.36",
-    "@femtomc/mu-control-plane": "26.2.36",
-    "@femtomc/mu-core": "26.2.36",
-    "@femtomc/mu-forum": "26.2.36",
-    "@femtomc/mu-issue": "26.2.36"
+    "@femtomc/mu-agent": "26.2.38",
+    "@femtomc/mu-control-plane": "26.2.38",
+    "@femtomc/mu-core": "26.2.38",
+    "@femtomc/mu-forum": "26.2.38",
+    "@femtomc/mu-issue": "26.2.38"
   }
 }