@fenglimg/fabric-server 0.1.0 → 1.0.0

package/dist/http-3BNWQWPP.js

@@ -0,0 +1,1608 @@
+import {
+  AgentsMetaFileMissingError,
+  AgentsMetaInvalidError,
+  appendLedgerEntry,
+  assertPathWithinProjectRoot,
+  atomicWriteText,
+  hashHumanLockedContent,
+  readAgentsMeta,
+  readHumanLock,
+  readHumanLockDocument,
+  readHumanLockEntry,
+  readLedger
+} from "./chunk-KZO24GUQ.js";
+
+// src/http.ts
+import { randomUUID as randomUUID2 } from "crypto";
+import { appendFile, readFile as readFile3 } from "fs/promises";
+import { join as join4 } from "path";
+import { createMcpExpressApp } from "@modelcontextprotocol/sdk/server/express.js";
+import {
+  StreamableHTTPServerTransport
+} from "@modelcontextprotocol/sdk/server/streamableHttp.js";
+
+// src/services/doctor.ts
+import { createHash } from "crypto";
+import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { readFile } from "fs/promises";
+import { isAbsolute, join, posix, resolve } from "path";
+import { detectFramework, forensicReportSchema } from "@fenglimg/fabric-shared";
+var SCRIPT_EXTENSIONS = /* @__PURE__ */ new Set([".js", ".jsx", ".ts", ".tsx"]);
+var IGNORED_DIRECTORIES = /* @__PURE__ */ new Set([
+  ".fabric",
+  ".git",
+  ".next",
+  ".turbo",
+  "Library",
+  "Temp",
+  "build",
+  "coverage",
+  "dist",
+  "node_modules"
+]);
+var LEDGER_WARN_AFTER_MS = 3 * 24 * 60 * 60 * 1e3;
+var LEDGER_ERROR_AFTER_MS = 7 * 24 * 60 * 60 * 1e3;
+async function runDoctorReport(target) {
+  const projectRoot = normalizeTarget(target);
+  const framework = detectFramework(projectRoot);
+  const entryPoints = collectEntryPoints(projectRoot);
+  const [savedForensic, metaSnapshot, humanLockSnapshot, ledgerSnapshot] = await Promise.all([
+    readSavedForensic(projectRoot),
+    inspectMetaRevision(projectRoot),
+    inspectHumanLock(projectRoot),
+    inspectLedger(projectRoot)
+  ]);
+  const checks = [
+    createForensicCheck(savedForensic, framework, entryPoints),
+    createFrameworkCheck(savedForensic, framework, entryPoints),
+    createMetaRevisionCheck(metaSnapshot),
+    createProtectedPathsCheck(humanLockSnapshot),
+    createLedgerCheck(ledgerSnapshot)
+  ];
+  return {
+    status: reduceStatus(checks.map((check) => check.status)),
+    checks,
+    summary: {
+      target: projectRoot,
+      framework: {
+        kind: framework.kind,
+        version: framework.version,
+        subkind: framework.subkind
+      },
+      entryPoints,
+      driftCount: humanLockSnapshot.driftCount,
+      protectedPathCount: humanLockSnapshot.protectedPathCount,
+      protectedPathsIntact: humanLockSnapshot.present && humanLockSnapshot.driftCount === 0,
+      lastLedgerEntryTs: ledgerSnapshot.lastEntryTs,
+      lastLedgerEntryAgeMs: ledgerSnapshot.lastEntryAgeMs,
+      metaRevision: metaSnapshot.revision
+    }
+  };
+}
+function createForensicCheck(forensic, framework, entryPoints) {
+  if (!forensic.present) {
+    return {
+      name: "Forensic snapshot",
+      status: "error",
+      message: `${forensic.reason} Live scan detects ${formatFramework(framework)} with ${entryPoints.length} entry point${entryPoints.length === 1 ? "" : "s"}.`
+    };
+  }
+  return {
+    name: "Forensic snapshot",
+    status: "ok",
+    message: `Loaded .fabric/forensic.json for ${formatFramework(forensic.report.framework)} with ${forensic.report.entry_points.length} recorded entry point${forensic.report.entry_points.length === 1 ? "" : "s"}.`
+  };
+}
+function createFrameworkCheck(forensic, framework, entryPoints) {
+  if (framework.kind === "unknown") {
+    return {
+      name: "Framework fingerprint",
+      status: "warn",
+      message: "Unable to identify the project framework from current files."
+    };
+  }
+  if (!forensic.present) {
+    return {
+      name: "Framework fingerprint",
+      status: "warn",
+      message: `Live detection sees ${formatFramework(framework)} and ${entryPoints.length} entry point${entryPoints.length === 1 ? "" : "s"}, but no forensic baseline exists yet.`
+    };
+  }
+  const matches = forensic.report.framework.kind === framework.kind && forensic.report.framework.version === framework.version && forensic.report.framework.subkind === framework.subkind;
+  if (!matches) {
+    return {
+      name: "Framework fingerprint",
+      status: "warn",
+      message: `Forensic baseline says ${formatFramework(forensic.report.framework)}; live scan says ${formatFramework(framework)}.`
+    };
+  }
+  return {
+    name: "Framework fingerprint",
+    status: "ok",
+    message: `Framework baseline matches live scan: ${formatFramework(framework)} \xB7 ${entryPoints.length} current entry point${entryPoints.length === 1 ? "" : "s"}.`
+  };
+}
+function createMetaRevisionCheck(snapshot) {
+  if (!snapshot.present) {
+    return {
+      name: "Meta revision",
+      status: "error",
+      message: snapshot.unexpectedError ?? "agents.meta.json is missing."
+    };
+  }
+  if (snapshot.driftCount > 0 || snapshot.missingFiles.length > 0) {
+    const parts = [
+      `${snapshot.driftCount} tracked AGENTS file drift`,
+      snapshot.missingFiles.length > 0 ? `${snapshot.missingFiles.length} missing tracked file` : null
+    ].filter((part) => part !== null);
+    return {
+      name: "Meta revision",
+      status: "error",
+      message: `agents.meta.json revision ${snapshot.revision} is stale: ${parts.join(" \xB7 ")}.`
+    };
+  }
+  return {
+    name: "Meta revision",
+    status: "ok",
+    message: `agents.meta.json revision ${snapshot.revision} matches ${snapshot.nodeCount} tracked AGENTS file${snapshot.nodeCount === 1 ? "" : "s"}.`
+  };
+}
+function createProtectedPathsCheck(snapshot) {
+  if (!snapshot.present) {
+    return {
+      name: "Protected paths",
+      status: "warn",
+      message: snapshot.reason
+    };
+  }
+  if (snapshot.driftCount > 0) {
+    return {
+      name: "Protected paths",
+      status: "warn",
+      message: `${snapshot.driftCount} of ${snapshot.protectedPathCount} protected path${snapshot.protectedPathCount === 1 ? "" : "s"} drifted from approved hashes.`
+    };
+  }
+  return {
+    name: "Protected paths",
+    status: "ok",
+    message: `${snapshot.protectedPathCount} protected path${snapshot.protectedPathCount === 1 ? "" : "s"} intact with zero hash drift.`
+  };
+}
+function createLedgerCheck(snapshot) {
+  if (snapshot.lastEntryTs === null || snapshot.lastEntryAgeMs === null) {
+    return {
+      name: "Intent ledger",
+      status: "warn",
+      message: "No ledger entries recorded yet."
+    };
+  }
+  if (snapshot.lastEntryAgeMs >= LEDGER_ERROR_AFTER_MS) {
+    return {
+      name: "Intent ledger",
+      status: "error",
+      message: `Last ledger entry is ${formatAge(snapshot.lastEntryAgeMs)} old (${new Date(snapshot.lastEntryTs).toISOString()}).`
+    };
+  }
+  if (snapshot.lastEntryAgeMs >= LEDGER_WARN_AFTER_MS) {
+    return {
+      name: "Intent ledger",
+      status: "warn",
+      message: `Last ledger entry is ${formatAge(snapshot.lastEntryAgeMs)} old (${new Date(snapshot.lastEntryTs).toISOString()}).`
+    };
+  }
+  return {
+    name: "Intent ledger",
+    status: "ok",
+    message: `Last ledger entry is ${formatAge(snapshot.lastEntryAgeMs)} old (${snapshot.count} total entr${snapshot.count === 1 ? "y" : "ies"}).`
+  };
+}
+async function readSavedForensic(projectRoot) {
+  const forensicPath = join(projectRoot, ".fabric", "forensic.json");
+  try {
+    const raw = await readFile(forensicPath, "utf8");
+    const parsed = forensicReportSchema.safeParse(JSON.parse(raw));
+    if (!parsed.success) {
+      return {
+        present: false,
+        reason: "forensic.json is invalid."
+      };
+    }
+    return {
+      present: true,
+      report: parsed.data
+    };
+  } catch (error) {
+    if (isMissingFileError(error)) {
+      return {
+        present: false,
+        reason: ".fabric/forensic.json is missing."
+      };
+    }
+    return {
+      present: false,
+      reason: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function inspectMetaRevision(projectRoot) {
+  try {
+    const meta = readAgentsMeta(projectRoot);
+    const entries = Object.entries(meta.nodes).sort(([left], [right]) => left.localeCompare(right));
+    const missingFiles = [];
+    let driftCount = 0;
+    const revisionSource = entries.map(([, node]) => {
+      const absolutePath = join(projectRoot, node.file);
+      if (!existsSync(absolutePath)) {
+        missingFiles.push(node.file);
+        driftCount += 1;
+        return "missing";
+      }
+      const actualHash = sha256(readFileSync(absolutePath, "utf8"));
+      if (actualHash !== node.hash) {
+        driftCount += 1;
+      }
+      return actualHash;
+    }).join("");
+    const revision = sha256(revisionSource);
+    return {
+      present: true,
+      revision: meta.revision,
+      nodeCount: entries.length,
+      driftCount: revision === meta.revision ? driftCount : Math.max(driftCount, 1),
+      missingFiles
+    };
+  } catch (error) {
+    return {
+      present: false,
+      revision: null,
+      nodeCount: 0,
+      driftCount: 0,
+      missingFiles: [],
+      unexpectedError: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function inspectHumanLock(projectRoot) {
+  try {
+    const entries = await readHumanLock(projectRoot);
+    return {
+      present: true,
+      driftCount: entries.filter((entry) => entry.drift).length,
+      protectedPathCount: entries.length
+    };
+  } catch (error) {
+    if (isMissingFileError(error)) {
+      return {
+        present: false,
+        driftCount: 0,
+        protectedPathCount: 0,
+        reason: ".fabric/human-lock.json is missing; no protected paths are being tracked."
+      };
+    }
+    return {
+      present: false,
+      driftCount: 0,
+      protectedPathCount: 0,
+      reason: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+async function inspectLedger(projectRoot) {
+  const entries = await readLedger(projectRoot);
+  const lastEntry = entries.reduce(
+    (latest, entry) => latest === null || entry.ts > latest ? entry.ts : latest,
+    null
+  );
+  return {
+    count: entries.length,
+    lastEntryTs: lastEntry,
+    lastEntryAgeMs: lastEntry === null ? null : Math.max(Date.now() - lastEntry, 0)
+  };
+}
+function normalizeTarget(targetInput) {
+  return isAbsolute(targetInput) ? targetInput : resolve(process.cwd(), targetInput);
+}
+function collectEntryPoints(root) {
+  if (!existsSync(root) || !statSync(root).isDirectory()) {
+    return [];
+  }
+  const entries = [];
+  const stack = [root];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (current === void 0) {
+      continue;
+    }
+    for (const entry of readdirSync(current, { withFileTypes: true })) {
+      const absolutePath = join(current, entry.name);
+      const relativePath = posix.normalize(absolutePath.slice(root.length + 1).split("\\").join("/"));
+      if (relativePath.length === 0) {
+        continue;
+      }
+      if (entry.isDirectory()) {
+        if (IGNORED_DIRECTORIES.has(entry.name)) {
+          continue;
+        }
+        stack.push(absolutePath);
+        continue;
+      }
+      if (!entry.isFile()) {
+        continue;
+      }
+      const reason = getEntryPointReason(relativePath);
+      if (reason !== null) {
+        entries.push({
+          path: relativePath,
+          reason
+        });
+      }
+    }
+  }
+  return entries.sort((left, right) => left.path.localeCompare(right.path));
+}
+function getEntryPointReason(relativePath) {
+  const extension = relativePath.slice(relativePath.lastIndexOf("."));
+  if (!SCRIPT_EXTENSIONS.has(extension)) {
+    return null;
+  }
+  const directory = posix.dirname(relativePath);
+  const fileName = posix.basename(relativePath);
+  const fileBase = fileName.slice(0, Math.max(fileName.lastIndexOf("."), 0));
+  if (directory === "assets/scripts" || directory === "scripts") {
+    return "top-level script";
+  }
+  if (directory === "src" && /^(App|app|index|main)$/.test(fileBase)) {
+    return "application entry";
+  }
+  if ((directory === "app" || directory.startsWith("app/")) && /^(layout|page|route)$/.test(fileBase)) {
+    return "next app route";
+  }
+  if ((directory === "pages" || directory.startsWith("pages/")) && fileName !== "_app.d.ts") {
+    return "next page route";
+  }
+  return null;
+}
+function reduceStatus(statuses) {
+  if (statuses.includes("error")) {
+    return "error";
+  }
+  if (statuses.includes("warn")) {
+    return "warn";
+  }
+  return "ok";
+}
+function formatFramework(framework) {
+  const pieces = [framework.kind, framework.version !== "unknown" ? framework.version : null, framework.subkind].filter((piece) => piece !== null && piece !== "unknown");
+  return pieces.length > 0 ? pieces.join(" \xB7 ") : "unknown";
+}
+function formatAge(ageMs) {
+  const seconds = Math.floor(ageMs / 1e3);
+  if (seconds < 60) {
+    return `${seconds}s`;
+  }
+  const minutes = Math.floor(seconds / 60);
+  if (minutes < 60) {
+    return `${minutes}m`;
+  }
+  const hours = Math.floor(minutes / 60);
+  if (hours < 48) {
+    return `${hours}h`;
+  }
+  const days = Math.floor(hours / 24);
+  if (days < 14) {
+    return `${days}d`;
+  }
+  return `${Math.floor(days / 7)}w`;
+}
+function sha256(content) {
+  return `sha256:${createHash("sha256").update(content).digest("hex")}`;
+}
+function isMissingFileError(error) {
+  return error instanceof Error && "code" in error && error.code === "ENOENT";
+}
+
+// src/api/_error.ts
+function sendError(res, status, code, message, details) {
+  const payload = {
+    error: {
+      code,
+      message
+    }
+  };
+  if (details !== void 0) {
+    payload.error.details = details;
+  }
+  res.status(status).json(payload);
+}
+function sendValidationError(res, message, details) {
+  sendError(res, 400, "BAD_REQUEST", message, details);
+}
+function sendUnknownError(res, error) {
+  const normalized = normalizeApiError(error);
+  sendError(res, normalized.status, normalized.code, normalized.message, normalized.details);
+}
+function normalizeApiError(error) {
+  if (error instanceof Error && "status" in error && "code" in error && typeof error.status === "number" && typeof error.code === "string") {
+    return {
+      status: error.status,
+      code: error.code,
+      message: error.message
+    };
+  }
+  if (error instanceof AgentsMetaFileMissingError) {
+    return {
+      status: 404,
+      code: error.code,
+      message: error.message
+    };
+  }
+  if (error instanceof AgentsMetaInvalidError) {
+    return {
+      status: 500,
+      code: error.code,
+      message: error.message
+    };
+  }
+  if (error instanceof Error) {
+    if (error.message.startsWith("Path escapes project root:")) {
+      return {
+        status: 403,
+        code: "PATH_OUTSIDE_PROJECT_ROOT",
+        message: error.message
+      };
+    }
+    if (error.message.startsWith("Cannot find human lock entry:")) {
+      return {
+        status: 404,
+        code: "HUMAN_LOCK_ENTRY_NOT_FOUND",
+        message: error.message
+      };
+    }
+    if (error.message.startsWith("Cannot find ledger entry:")) {
+      return {
+        status: 404,
+        code: "LEDGER_ENTRY_NOT_FOUND",
+        message: error.message
+      };
+    }
+    return {
+      status: 500,
+      code: "INTERNAL_ERROR",
+      message: error.message
+    };
+  }
+  return {
+    status: 500,
+    code: "INTERNAL_ERROR",
+    message: `Unexpected error: ${String(error)}`
+  };
+}
+
+// src/api/doctor.ts
+function registerDoctorApi(app, projectRoot) {
+  app.get("/api/doctor", async (_req, res) => {
+    try {
+      res.json(await runDoctorReport(projectRoot));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/events.ts
+import { createHash as createHash2, randomUUID } from "crypto";
+import { open, readFile as readFile2, stat } from "fs/promises";
+import { join as join2 } from "path";
+import {
+  agentsMetaSchema,
+  fabricEventSchema,
+  forensicReportSchema as forensicReportSchema2,
+  humanLockFileSchema,
+  ledgerEntrySchema
+} from "@fenglimg/fabric-shared";
+import chokidar from "chokidar";
+var AGENTS_META_PATH = ".fabric/agents.meta.json";
+var HUMAN_LOCK_PATH = ".fabric/human-lock.json";
+var FORENSIC_PATH = ".fabric/forensic.json";
+var LEDGER_PATH = ".intent-ledger.jsonl";
+var WATCHED_PATHS = [AGENTS_META_PATH, HUMAN_LOCK_PATH, FORENSIC_PATH, LEDGER_PATH];
+var CONNECTION_LIMIT = 10;
+var HEARTBEAT_INTERVAL_MS = 3e4;
+var WATCH_DEBOUNCE_MS = 75;
+function createEventsHandler(options) {
+  const { projectRoot } = options;
+  const state = {
+    clients: /* @__PURE__ */ new Set(),
+    pendingTimers: /* @__PURE__ */ new Map(),
+    ledgerOffset: 0,
+    ledgerRemainder: "",
+    humanLockSnapshot: createEmptyHumanLockSnapshot()
+  };
+  return async function handleEvents(req, res) {
+    if (state.clients.size >= CONNECTION_LIMIT) {
+      res.statusCode = 503;
+      res.setHeader("Content-Type", "application/json; charset=utf-8");
+      res.end(
+        JSON.stringify({
+          error: {
+            code: "SSE_CONNECTION_LIMIT",
+            message: `Too many SSE clients connected. Limit: ${CONNECTION_LIMIT}.`
+          }
+        })
+      );
+      return;
+    }
+    await ensureWatcher(state, projectRoot);
+    res.statusCode = 200;
+    res.setHeader("Content-Type", "text/event-stream; charset=utf-8");
+    res.setHeader("Cache-Control", "no-cache, no-transform");
+    res.setHeader("Connection", "keep-alive");
+    res.setHeader("X-Accel-Buffering", "no");
+    res.flushHeaders?.();
+    res.write(": connected\n\n");
+    state.clients.add(res);
+    const heartbeat = setInterval(() => {
+      if (!res.writableEnded) {
+        res.write(": ping\n\n");
+      }
+    }, HEARTBEAT_INTERVAL_MS);
+    let cleanedUp = false;
+    const cleanup = async () => {
+      if (cleanedUp) {
+        return;
+      }
+      cleanedUp = true;
+      clearInterval(heartbeat);
+      state.clients.delete(res);
+      if (state.clients.size === 0) {
+        await stopWatcher(state);
+      }
+    };
+    req.on("aborted", () => {
+      void cleanup();
+    });
+    req.on("close", () => {
+      void cleanup();
+    });
+    res.on("close", () => {
+      void cleanup();
+    });
+    res.on("error", () => {
+      void cleanup();
+    });
+  };
+}
+async function ensureWatcher(state, projectRoot) {
+  if (state.watcher !== void 0) {
+    return;
+  }
+  state.ledgerOffset = await readFileSize(join2(projectRoot, LEDGER_PATH));
+  state.ledgerRemainder = "";
+  state.humanLockSnapshot = await readHumanLockSnapshot(projectRoot);
+  const watcher = chokidar.watch([...WATCHED_PATHS], {
+    cwd: projectRoot,
+    ignoreInitial: true,
+    awaitWriteFinish: {
+      stabilityThreshold: 120,
+      pollInterval: 20
+    }
+  });
+  watcher.on("add", (relativePath) => {
+    scheduleFileChange(state, projectRoot, normalizePath(relativePath));
+  });
+  watcher.on("change", (relativePath) => {
+    scheduleFileChange(state, projectRoot, normalizePath(relativePath));
+  });
+  state.watcher = watcher;
+}
+async function stopWatcher(state) {
+  const watcher = state.watcher;
+  if (watcher === void 0) {
+    return;
+  }
+  state.watcher = void 0;
+  for (const timer of state.pendingTimers.values()) {
+    clearTimeout(timer);
+  }
+  state.pendingTimers.clear();
+  await watcher.close();
+}
+function scheduleFileChange(state, projectRoot, relativePath) {
+  if (!WATCHED_PATHS.includes(relativePath)) {
+    return;
+  }
+  const existingTimer = state.pendingTimers.get(relativePath);
+  if (existingTimer !== void 0) {
+    clearTimeout(existingTimer);
+  }
+  const timer = setTimeout(() => {
+    state.pendingTimers.delete(relativePath);
+    void publishFileChange(state, projectRoot, relativePath);
+  }, WATCH_DEBOUNCE_MS);
+  state.pendingTimers.set(relativePath, timer);
+}
+async function publishFileChange(state, projectRoot, relativePath) {
+  const events = await readEventsForFile(state, projectRoot, relativePath);
+  for (const event of events) {
+    broadcastEvent(state, event);
+  }
+}
+async function readEventsForFile(state, projectRoot, relativePath) {
+  if (relativePath === AGENTS_META_PATH) {
+    const event = await readMetaUpdatedEvent(projectRoot);
+    return event === null ? [] : [event];
+  }
+  if (relativePath === HUMAN_LOCK_PATH) {
+    return await readHumanLockEvents(state, projectRoot);
+  }
+  if (relativePath === FORENSIC_PATH) {
+    const event = await readDriftDetectedEvent(projectRoot);
+    return event === null ? [] : [event];
+  }
+  if (relativePath === LEDGER_PATH) {
+    return await readLedgerAppendedEvents(state, projectRoot);
+  }
+  return [];
+}
+async function readMetaUpdatedEvent(projectRoot) {
+  const filePath = join2(projectRoot, AGENTS_META_PATH);
+  const raw = await readUtf8File(filePath);
+  if (raw === null) {
+    return null;
+  }
+  const parsed = agentsMetaSchema.parse(JSON.parse(raw));
+  return {
+    type: "meta:updated",
+    payload: parsed
+  };
+}
+async function readDriftDetectedEvent(projectRoot) {
+  const filePath = join2(projectRoot, FORENSIC_PATH);
+  const raw = await readUtf8File(filePath);
+  if (raw === null) {
+    return null;
+  }
+  const parsed = forensicReportSchema2.parse(JSON.parse(raw));
+  return {
+    type: "drift:detected",
+    payload: parsed
+  };
+}
+async function readHumanLockEvents(state, projectRoot) {
+  const previousSnapshot = state.humanLockSnapshot;
+  const currentSnapshot = await readHumanLockSnapshot(projectRoot);
+  state.humanLockSnapshot = currentSnapshot;
+  const changedEntries = currentSnapshot.locked.filter((entry) => {
+    const key = getHumanLockKey(entry);
+    return previousSnapshot.hashByKey.get(key) !== entry.hash;
+  });
+  const approvedEntries = changedEntries.filter((entry) => {
+    const key = getHumanLockKey(entry);
+    return currentSnapshot.actualHashByKey.get(key) === entry.hash;
+  });
+  const driftChanged = !areSetsEqual(previousSnapshot.driftedKeys, currentSnapshot.driftedKeys);
+  const events = [];
+  if (approvedEntries.length > 0 || changedEntries.length > 0 && currentSnapshot.drifted.length === 0) {
+    events.push({
+      type: "lock:approved",
+      payload: {
+        locked: currentSnapshot.locked,
+        approved: approvedEntries.length > 0 ? approvedEntries : changedEntries
+      }
+    });
+  }
+  if (currentSnapshot.drifted.length > 0 && (driftChanged || approvedEntries.length === 0)) {
+    events.push({
+      type: "lock:drift",
+      payload: {
+        locked: currentSnapshot.locked,
+        drifted: currentSnapshot.drifted
+      }
+    });
+  }
+  return events;
+}
+async function readLedgerAppendedEvents(state, projectRoot) {
+  const ledgerPath = join2(projectRoot, LEDGER_PATH);
+  const nextSize = await readFileSize(ledgerPath);
+  if (nextSize < state.ledgerOffset) {
+    state.ledgerOffset = 0;
+    state.ledgerRemainder = "";
+  }
+  if (nextSize === state.ledgerOffset) {
+    return [];
+  }
+  const startOffset = state.ledgerOffset;
+  state.ledgerOffset = nextSize;
+  const handle = await open(ledgerPath, "r");
+  try {
+    const length = nextSize - startOffset;
+    const buffer = Buffer.alloc(length);
+    await handle.read(buffer, 0, length, startOffset);
+    const chunk = `${state.ledgerRemainder}${buffer.toString("utf8")}`;
+    const lines = chunk.split(/\r?\n/);
+    state.ledgerRemainder = chunk.endsWith("\n") ? "" : lines.pop() ?? "";
+    return lines.map((line) => line.trim()).filter((line) => line.length > 0).map(parseLedgerAppendedEvent).filter((event) => event !== null);
+  } finally {
+    await handle.close();
+  }
+}
+function parseLedgerAppendedEvent(line) {
+  try {
+    const parsed = JSON.parse(line);
+    if (parsed.kind === "mcp-event") {
+      return null;
+    }
+    const validation = ledgerEntrySchema.safeParse(parsed);
+    if (!validation.success) {
+      return null;
+    }
+    return {
+      type: "ledger:appended",
+      payload: validation.data
+    };
+  } catch {
+    return null;
+  }
+}
+function broadcastEvent(state, event) {
+  const payload = fabricEventSchema.parse(event);
+  const frame = `id: ${randomUUID()}
+event: ${payload.type}
+data: ${JSON.stringify(payload)}
+
+`;
+  const disconnectedClients = [];
+  for (const client of state.clients) {
+    try {
+      if (client.writableEnded) {
+        disconnectedClients.push(client);
+        continue;
+      }
+      client.write(frame);
+    } catch {
+      disconnectedClients.push(client);
+    }
+  }
+  for (const client of disconnectedClients) {
+    state.clients.delete(client);
+    if (!client.writableEnded) {
+      client.end();
+    }
+  }
+}
+async function readHumanLockSnapshot(projectRoot) {
+  const humanLockPath = join2(projectRoot, HUMAN_LOCK_PATH);
+  const raw = await readUtf8File(humanLockPath);
+  if (raw === null) {
+    return createEmptyHumanLockSnapshot();
+  }
+  const parsed = humanLockFileSchema.parse(JSON.parse(raw));
+  const locked = parsed.locked ?? [];
+  const actualHashByKey = await readActualHumanLockHashes(projectRoot, locked);
+  const drifted = locked.filter((entry) => actualHashByKey.get(getHumanLockKey(entry)) !== entry.hash);
+  return {
+    locked,
+    drifted,
+    driftedKeys: new Set(drifted.map((entry) => getHumanLockKey(entry))),
+    hashByKey: new Map(locked.map((entry) => [getHumanLockKey(entry), entry.hash])),
+    actualHashByKey
+  };
+}
+async function readActualHumanLockHashes(projectRoot, locked) {
+  const uniqueFiles = Array.from(new Set(locked.map((entry) => entry.file)));
+  const fileContents = await Promise.all(
+    uniqueFiles.map(async (file) => {
+      const raw = await readUtf8File(join2(projectRoot, file));
+      return [file, raw];
+    })
+  );
+  const contentByFile = new Map(fileContents);
+  return new Map(
+    locked.map((entry) => {
+      const content = contentByFile.get(entry.file);
+      return [getHumanLockKey(entry), content == null ? "missing" : hashLockedContent(content, entry)];
+    })
+  );
+}
+function hashLockedContent(content, entry) {
+  const lines = content.split(/\r?\n/);
+  const slice = lines.slice(Math.max(entry.start_line - 1, 0), Math.max(entry.end_line, 0)).join("\n");
+  return `sha256:${createHash2("sha256").update(slice).digest("hex")}`;
+}
+function getHumanLockKey(entry) {
+  return `${entry.file}:${entry.start_line}:${entry.end_line}`;
+}
+function createEmptyHumanLockSnapshot() {
+  return {
+    locked: [],
+    drifted: [],
+    driftedKeys: /* @__PURE__ */ new Set(),
+    hashByKey: /* @__PURE__ */ new Map(),
+    actualHashByKey: /* @__PURE__ */ new Map()
+  };
+}
+function areSetsEqual(left, right) {
+  if (left.size !== right.size) {
+    return false;
+  }
+  for (const value of left) {
+    if (!right.has(value)) {
+      return false;
+    }
+  }
+  return true;
+}
+function normalizePath(value) {
+  return value.replaceAll("\\", "/");
+}
+async function readUtf8File(path) {
+  try {
+    return await readFile2(path, "utf8");
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return null;
+    }
+    throw error;
+  }
+}
+async function readFileSize(path) {
+  try {
+    const fileStat = await stat(path);
+    return fileStat.size;
+  } catch (error) {
+    if (isNodeError(error) && error.code === "ENOENT") {
+      return 0;
+    }
+    throw error;
+  }
+}
+function isNodeError(error) {
+  return error instanceof Error;
+}
+
+// src/api/history.ts
+import { historyStateQuerySchema } from "@fenglimg/fabric-shared";
+
+// src/services/rehydrate-state.ts
+import { execFile } from "child_process";
+import { promisify } from "util";
+import { agentsMetaSchema as agentsMetaSchema2 } from "@fenglimg/fabric-shared";
+var execFileAsync = promisify(execFile);
+var AGENTS_META_GIT_PATH = ".fabric/agents.meta.json";
+var HistoryReplayError = class extends Error {
+  constructor(message, code, status) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.name = "HistoryReplayError";
+  }
+  code;
+  status;
+};
+async function rehydrateAgentsMetaAt(projectRoot, target) {
+  const ledger = await readLedger(projectRoot);
+  const selectedIndex = resolveTargetIndex(ledger, target);
+  const replayedEntries = ledger.slice(0, selectedIndex + 1);
+  const selectedEntry = replayedEntries.at(-1);
+  if (selectedEntry === void 0) {
+    throw new HistoryReplayError(
+      "Cannot rehydrate history state because the ledger is empty.",
+      "HISTORY_STATE_NOT_FOUND",
+      404
+    );
+  }
+  const commitCandidates = collectCommitCandidates(replayedEntries);
+  for (const commit of commitCandidates) {
+    const meta = await tryReadAgentsMetaFromGit(projectRoot, commit);
+    if (meta !== null) {
+      return {
+        meta,
+        metadata: {
+          at_ledger_id: selectedEntry.id,
+          at_commit: commit,
+          replayed_count: replayedEntries.length,
+          mode: "git-show"
+        },
+        entries: replayedEntries
+      };
+    }
+  }
+  const fallbackMeta = buildLedgerFallbackMeta(replayedEntries);
+  return {
+    meta: fallbackMeta,
+    metadata: {
+      at_ledger_id: selectedEntry.id,
+      at_commit: commitCandidates[0] ?? null,
+      replayed_count: replayedEntries.length,
+      mode: "ledger-fallback"
+    },
+    entries: replayedEntries
+  };
+}
+function resolveTargetIndex(ledger, target) {
+  if ("ledgerEntryId" in target) {
+    const index = ledger.findIndex((entry) => entry.id === target.ledgerEntryId);
+    if (index === -1) {
+      throw new HistoryReplayError(
+        `Cannot find ledger entry: ${target.ledgerEntryId}`,
+        "LEDGER_ENTRY_NOT_FOUND",
+        404
+      );
+    }
+    return index;
+  }
+  for (let index = ledger.length - 1; index >= 0; index -= 1) {
+    if (ledger[index]?.ts <= target.timestamp) {
+      return index;
+    }
+  }
+  throw new HistoryReplayError(
+    `Cannot find ledger entry at or before timestamp: ${new Date(target.timestamp).toISOString()}`,
+    "HISTORY_STATE_NOT_FOUND",
+    404
+  );
+}
+function collectCommitCandidates(entries) {
+  const commits = [];
+  const seen = /* @__PURE__ */ new Set();
+  for (let index = entries.length - 1; index >= 0; index -= 1) {
+    const entry = entries[index];
+    const commit = entry.source === "ai" ? entry.commit_sha : entry.parent_sha;
+    if (typeof commit !== "string" || commit.length === 0 || commit === "root" || seen.has(commit)) {
+      continue;
+    }
+    seen.add(commit);
+    commits.push(commit);
+  }
+  return commits;
+}
+async function tryReadAgentsMetaFromGit(projectRoot, commit) {
+  try {
+    const { stdout } = await execFileAsync(
+      "git",
+      ["show", `${commit}:${AGENTS_META_GIT_PATH}`],
+      {
+        cwd: projectRoot,
+        encoding: "utf8",
+        maxBuffer: 1024 * 1024
+      }
+    );
+    return agentsMetaSchema2.parse(JSON.parse(stdout));
+  } catch (error) {
+    if (isRecoverableGitError(error)) {
+      return null;
+    }
+    throw error;
+  }
+}
+function buildLedgerFallbackMeta(entries) {
+  const nodes = entries.reduce((current, entry) => {
+    const hashBase = entry.source === "ai" ? entry.commit_sha ?? entry.id : entry.parent_sha;
+    for (const affectedPath of entry.affected_paths) {
+      current[affectedPath] = {
+        file: affectedPath,
+        scope_glob: affectedPath,
+        deps: [],
+        priority: "medium",
+        hash: `replayed:${hashBase ?? entry.id}`
+      };
+    }
+    return current;
+  }, {});
+  const lastEntry = entries.at(-1);
+  return {
+    revision: lastEntry?.source === "ai" ? lastEntry.commit_sha ?? `replayed:${lastEntry.id ?? entries.length}` : `replayed:${lastEntry?.id ?? entries.length}`,
+    nodes
+  };
+}
+function isRecoverableGitError(error) {
+  if (!(error instanceof Error)) {
+    return false;
+  }
+  const nodeError = error;
+  return nodeError.code === "ENOENT" || typeof nodeError.stderr === "string";
+}
+
+// src/api/history.ts
+function registerHistoryApi(app, projectRoot) {
+  app.get("/api/history/state", async (req, res) => {
+    const validation = historyStateQuerySchema.safeParse({
+      ledger_id: req.query.ledger_id,
+      ts: req.query.at ?? req.query.ts
+    });
+    if (!validation.success) {
+      sendValidationError(res, "Invalid history replay query parameters", validation.error.flatten());
+      return;
+    }
+    try {
+      const result = "ledger_id" in validation.data && validation.data.ledger_id !== void 0 ? await rehydrateAgentsMetaAt(projectRoot, { ledgerEntryId: validation.data.ledger_id }) : await rehydrateAgentsMetaAt(projectRoot, { timestamp: validation.data.ts });
+      res.json(result);
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+  app.get("/api/replay", async (req, res) => {
+    const validation = historyStateQuerySchema.safeParse({
+      ledger_id: req.query.ledger_id,
+      ts: req.query.at ?? req.query.ts
+    });
+    if (!validation.success) {
+      sendValidationError(res, "Invalid history replay query parameters", validation.error.flatten());
+      return;
+    }
+    try {
+      const result = "ledger_id" in validation.data && validation.data.ledger_id !== void 0 ? await rehydrateAgentsMetaAt(projectRoot, { ledgerEntryId: validation.data.ledger_id }) : await rehydrateAgentsMetaAt(projectRoot, { timestamp: validation.data.ts });
+      res.json(result);
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/human-lock.ts
+import { humanLockApproveRequestSchema, humanLockFileParamsSchema } from "@fenglimg/fabric-shared";
+
+// src/services/approve-human-lock.ts
+async function approveHumanLock(projectRoot, input) {
+  assertPathWithinProjectRoot(projectRoot, input.file);
+  const document = await readHumanLockDocument(projectRoot);
+  const index = document.locked.findIndex(
+    (entry) => entry.file === input.file && entry.start_line === input.start_line && entry.end_line === input.end_line
+  );
+  if (index === -1) {
+    throw new Error(`Cannot find human lock entry: ${input.file}:${input.start_line}-${input.end_line}`);
+  }
+  const currentEntry = document.locked[index];
+  if (currentEntry === void 0) {
+    throw new Error(`Cannot find human lock entry: ${input.file}:${input.start_line}-${input.end_line}`);
+  }
+  const nextEntry = {
+    ...currentEntry,
+    hash: input.new_hash
+  };
+  if (currentEntry.hash === input.new_hash) {
+    const currentHash2 = await hashHumanLockedContent(projectRoot, nextEntry);
+    return {
+      updated: false,
+      entry: {
+        ...nextEntry,
+        drift: currentHash2 !== nextEntry.hash,
+        current_hash: currentHash2
+      }
+    };
+  }
+  const nextLocked = document.locked.slice();
+  nextLocked[index] = nextEntry;
+  const nextRawObject = {
+    ...document.rawObject,
+    locked: nextLocked
+  };
+  await atomicWriteText(document.path, `${JSON.stringify(nextRawObject, null, 2)}
+`);
+  const currentHash = await hashHumanLockedContent(projectRoot, nextEntry);
+  const ledgerEntry = await appendLedgerEntry(projectRoot, createApproveLedgerEntry(input));
+  return {
+    updated: true,
+    entry: {
+      ...nextEntry,
+      drift: currentHash !== nextEntry.hash,
+      current_hash: currentHash
+    },
+    ledger_entry: ledgerEntry
+  };
+}
+function createApproveLedgerEntry(input) {
+  return {
+    ts: Date.now(),
+    source: "human",
+    parent_sha: "human-lock:approve",
+    intent: `approve human lock ${input.file}:${input.start_line}-${input.end_line}`,
+    affected_paths: [input.file, ".fabric/human-lock.json"],
+    diff_stat: `updated approved hash to ${input.new_hash}`
+  };
+}
+
+// src/api/human-lock.ts
+function registerHumanLockApi(app, projectRoot) {
+  app.get("/api/human-lock", async (_req, res) => {
+    try {
+      readAgentsMeta(projectRoot);
+      res.json(await readHumanLock(projectRoot));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+  app.get(/^\/api\/human-lock\/(.+)$/, async (req, res) => {
+    const rawFile = typeof req.params[0] === "string" ? decodeURIComponent(req.params[0]) : "";
+    const validation = humanLockFileParamsSchema.safeParse({
+      file: rawFile
+    });
+    if (!validation.success) {
+      sendValidationError(res, "Invalid human-lock file path", validation.error.flatten());
+      return;
+    }
+    try {
+      readAgentsMeta(projectRoot);
+      const entry = await readHumanLockEntry(projectRoot, validation.data.file);
+      if (entry === null) {
+        sendError(
+          res,
+          404,
+          "HUMAN_LOCK_ENTRY_NOT_FOUND",
+          `Cannot find human lock entry: ${validation.data.file}`
+        );
+        return;
+      }
+      res.json(entry);
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+  app.post("/api/human-lock/approve", async (req, res) => {
+    const validation = humanLockApproveRequestSchema.safeParse(req.body);
+    if (!validation.success) {
+      sendValidationError(res, "Invalid human-lock approval payload", validation.error.flatten());
+      return;
+    }
+    try {
+      readAgentsMeta(projectRoot);
+      res.json(await approveHumanLock(projectRoot, validation.data));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/intent.ts
+import { annotateIntentRequestSchema } from "@fenglimg/fabric-shared";
+
+// src/services/annotate-intent.ts
+async function annotateIntent(projectRoot, input) {
+  const entries = await readLedger(projectRoot);
+  const parentEntry = entries.find((entry2) => entry2.id === input.ledger_entry_id);
+  if (parentEntry === void 0) {
+    throw new Error(`Cannot find ledger entry: ${input.ledger_entry_id}`);
+  }
+  const lastEntry = entries[entries.length - 1];
+  if (lastEntry?.source === "human" && lastEntry.parent_ledger_entry_id === input.ledger_entry_id && lastEntry.annotation === input.annotation) {
+    return {
+      created: false,
+      entry: lastEntry
+    };
+  }
+  const entry = await appendLedgerEntry(projectRoot, createAnnotationEntry(parentEntry, input));
+  return {
+    created: true,
+    entry
+  };
+}
+function createAnnotationEntry(parentEntry, input) {
+  return {
+    ts: Date.now(),
+    source: "human",
+    parent_sha: input.ledger_entry_id,
+    parent_ledger_entry_id: input.ledger_entry_id,
+    intent: input.annotation,
+    annotation: input.annotation,
+    affected_paths: parentEntry.affected_paths,
+    diff_stat: "annotation"
+  };
+}
+
+// src/api/intent.ts
+function registerIntentApi(app, projectRoot) {
+  app.post("/api/intent/annotate", async (req, res) => {
+    const validation = annotateIntentRequestSchema.safeParse(req.body);
+    if (!validation.success) {
+      sendValidationError(res, "Invalid intent annotation payload", validation.error.flatten());
+      return;
+    }
+    try {
+      readAgentsMeta(projectRoot);
+      const result = await annotateIntent(projectRoot, validation.data);
+      res.status(result.created ? 201 : 200).json(result);
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/ledger.ts
+import { ledgerQuerySchema } from "@fenglimg/fabric-shared";
+function registerLedgerApi(app, projectRoot) {
+  app.get("/api/ledger", async (req, res) => {
+    const validation = ledgerQuerySchema.safeParse({
+      source: req.query.source,
+      since: req.query.since
+    });
+    if (!validation.success) {
+      sendValidationError(res, "Invalid ledger query parameters", validation.error.flatten());
+      return;
+    }
+    try {
+      readAgentsMeta(projectRoot);
+      res.json(await readLedger(projectRoot, validation.data));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/rules.ts
+function registerRulesApi(app, projectRoot) {
+  app.get("/api/rules", async (_req, res) => {
+    try {
+      res.json(readAgentsMeta(projectRoot));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+
+// src/api/scan.ts
+import { existsSync as existsSync2, readdirSync as readdirSync2, readFileSync as readFileSync2, statSync as statSync2 } from "fs";
+import { isAbsolute as isAbsolute2, join as join3, relative, resolve as resolve2, sep } from "path";
+import { detectFramework as detectFramework2 } from "@fenglimg/fabric-shared";
+var DEFAULT_IGNORES = [
+  "**/*.meta",
+  "library/**",
+  "temp/**",
+  "build/**",
+  "settings/**",
+  "profiles/**",
+  "node_modules/**",
+  "dist/**",
+  ".git/**",
+  ".fabric/**"
+];
+function registerScanApi(app, projectRoot) {
+  app.get("/api/scan", async (_req, res) => {
+    try {
+      res.json(createScanReport(projectRoot));
+    } catch (error) {
+      sendUnknownError(res, error);
+    }
+  });
+}
+function createScanReport(targetInput = process.cwd()) {
+  const target = normalizeTarget2(targetInput);
+  const framework = detectFramework2(target);
+  const readmeQuality = getReadmeQuality(target);
+  const hasContributing = existsSync2(join3(target, "CONTRIBUTING.md"));
+  const hasExistingFabric = existsSync2(join3(target, "AGENTS.md")) || existsSync2(join3(target, ".fabric"));
+  const walkResult = walkFiles(target, DEFAULT_IGNORES);
+  return {
+    target,
+    framework,
+    readmeQuality,
+    hasContributing,
+    fileCount: walkResult.fileCount,
+    ignoredCount: walkResult.ignoredCount,
+    hasExistingFabric,
+    recommendations: buildRecommendations({
+      framework,
+      readmeQuality,
+      hasContributing,
+      hasExistingFabric
+    })
+  };
+}
+function normalizeTarget2(targetInput) {
+  return isAbsolute2(targetInput) ? targetInput : resolve2(process.cwd(), targetInput);
+}
+function getReadmeQuality(target) {
+  const readmePath = join3(target, "README.md");
+  if (!existsSync2(readmePath)) {
+    return "stub";
+  }
+  const wordCount = readFileSync2(readmePath, "utf8").trim().split(/\s+/).filter(Boolean).length;
+  return wordCount >= 200 ? "ok" : "stub";
+}
+function walkFiles(root, ignorePatterns) {
+  if (!existsSync2(root) || !statSync2(root).isDirectory()) {
+    throw new Error(`Target must be an existing directory: ${root}`);
+  }
+  let fileCount = 0;
+  let ignoredCount = 0;
+  const stack = [root];
+  while (stack.length > 0) {
+    const current = stack.pop();
+    if (current === void 0) {
+      continue;
+    }
+    for (const entry of readdirSync2(current, { withFileTypes: true })) {
+      const absolutePath = join3(current, entry.name);
+      const relativePath = toPosixPath(relative(root, absolutePath));
+      if (shouldIgnore(relativePath, entry.isDirectory(), ignorePatterns)) {
+        ignoredCount += 1;
+        continue;
+      }
+      if (entry.isDirectory()) {
+        stack.push(absolutePath);
+      } else if (entry.isFile()) {
+        fileCount += 1;
+      }
+    }
+  }
+  return { fileCount, ignoredCount };
+}
+function shouldIgnore(relativePath, isDirectory, ignorePatterns) {
+  return ignorePatterns.some((pattern) => matchesIgnorePattern(relativePath, isDirectory, pattern));
+}
+function matchesIgnorePattern(relativePath, isDirectory, pattern) {
+  const normalizedPattern = toPosixPath(pattern);
+  if (normalizedPattern === "**/*.meta") {
+    return relativePath.endsWith(".meta");
+  }
+  if (normalizedPattern.endsWith("/**")) {
+    const directoryPrefix = normalizedPattern.slice(0, -3);
+    return relativePath === directoryPrefix || relativePath.startsWith(`${directoryPrefix}/`) || isDirectory && `${relativePath}/` === directoryPrefix;
+  }
+  return relativePath === normalizedPattern;
+}
+function toPosixPath(path) {
+  return path.split(sep).join("/");
+}
+function buildRecommendations(input) {
+  const recommendations = [];
+  if (!input.hasExistingFabric) {
+    recommendations.push("L0: Run fab init to scaffold AGENTS.md with TODO markers.");
+  }
+  if (input.readmeQuality === "stub") {
+    recommendations.push("L0: Expand README.md before promoting project facts into AGENTS.md references.");
+  }
+  if (!input.hasContributing) {
+    recommendations.push("L0: Add CONTRIBUTING.md or leave an AGENTS.md TODO reference for contribution flow.");
+  }
+  if (input.framework.kind === "unknown") {
+    recommendations.push("L1: Add tech-stack TODOs manually because no framework marker was detected.");
+  } else {
+    recommendations.push(`L1: Review ${input.framework.kind} directories for future scoped AGENTS.md files.`);
+  }
+  return recommendations;
+}
+
+// src/api/static.ts
+import { existsSync as existsSync3 } from "fs";
+import { dirname, resolve as resolve3 } from "path";
+import { fileURLToPath } from "url";
+import express from "express";
+var DEFAULT_STATIC_DIR = resolve3(dirname(fileURLToPath(import.meta.url)), "static");
+function registerDashboardStatic(app, options = {}) {
+  if (options.dev ?? process.env.NODE_ENV === "development") {
+    return;
+  }
+  const staticDir = resolve3(options.dashboardDistPath ?? DEFAULT_STATIC_DIR);
+  const indexPath = resolve3(staticDir, "index.html");
+  if (!existsSync3(indexPath)) {
+    warnMissingDashboard(staticDir);
+    app.get("/", (_req, res) => {
+      res.status(404).json({
+        error: {
+          code: "DASHBOARD_DIST_MISSING",
+          message: `Fabric dashboard dist was not found at ${staticDir}. Run pnpm --filter @fenglimg/fabric-dashboard build.`
+        }
+      });
+    });
+    return;
+  }
+  app.use("/", express.static(staticDir, { index: "index.html", fallthrough: true }));
+  app.get(/^\/(?!api(?:\/|$)|mcp(?:\/|$)|events(?:\/|$)).*/, (_req, res) => {
+    res.sendFile(indexPath);
+  });
+}
+function warnMissingDashboard(staticDir) {
+  process.stderr.write(
+    `[fabric-server] dashboard dist missing at ${staticDir}; '/' will return 404 until dashboard assets are built.
+`
+  );
+}
+
+// src/middleware/bearer-auth.ts
+import { createHash as createHash3, timingSafeEqual } from "crypto";
+function createBearerAuthMiddleware(token) {
+  const expectedDigest = hashToken(token);
+  return function bearerAuthMiddleware(req, res, next) {
+    const header = readAuthorizationHeader(req.headers.authorization);
+    const providedToken = parseBearerToken(header);
+    if (providedToken === void 0 || !tokensMatch(providedToken, expectedDigest)) {
+      sendError(res, 401, "UNAUTHORIZED", "Bearer token required");
+      return;
+    }
+    next();
+  };
+}
+function readAuthorizationHeader(value) {
+  if (typeof value === "string" && value.length > 0) {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.find((entry) => entry.length > 0);
+  }
+  return void 0;
+}
+function parseBearerToken(header) {
+  if (header === void 0) {
+    return void 0;
+  }
+  const match = /^Bearer\s+(.+)$/i.exec(header);
+  return match?.[1];
+}
+function tokensMatch(token, expectedDigest) {
+  return timingSafeEqual(hashToken(token), expectedDigest);
+}
+function hashToken(token) {
+  return createHash3("sha256").update(token, "utf8").digest();
+}
+
+// src/http.ts
+var DEFAULT_HOST = "127.0.0.1";
+var LEDGER_FILE = ".intent-ledger.jsonl";
+var JsonlEventStore = class {
+  constructor(ledgerPath) {
+    this.ledgerPath = ledgerPath;
+  }
+  ledgerPath;
+  async storeEvent(streamId, message) {
+    const eventId = randomUUID2();
+    const entry = {
+      kind: "mcp-event",
+      eventId,
+      streamId,
+      message
+    };
+    await appendFile(this.ledgerPath, `${JSON.stringify(entry)}
+`, "utf8");
+    return eventId;
+  }
+  async getStreamIdForEventId(eventId) {
+    const events = await this.readEvents();
+    return events.find((event) => event.eventId === eventId)?.streamId;
+  }
+  async replayEventsAfter(lastEventId, { send }) {
+    const events = await this.readEvents();
+    const startIndex = events.findIndex((event) => event.eventId === lastEventId);
+    if (startIndex === -1) {
+      throw new Error(`Unknown event ID: ${lastEventId}`);
+    }
+    const streamId = events[startIndex]?.streamId;
+    if (streamId === void 0) {
+      throw new Error(`Missing stream for event ID: ${lastEventId}`);
+    }
+    for (const event of events.slice(startIndex + 1)) {
+      if (event.streamId !== streamId) {
+        continue;
+      }
+      await send(event.eventId, event.message);
+    }
+    return streamId;
+  }
+  async readEvents() {
+    let raw;
+    try {
+      raw = await readFile3(this.ledgerPath, "utf8");
+    } catch (error) {
+      if (isNodeError2(error) && error.code === "ENOENT") {
+        return [];
+      }
+      throw error;
+    }
+    return raw.split(/\r?\n/).map((line) => line.trim()).filter((line) => line.length > 0).map((line) => parseStoredMcpEvent(line)).filter((event) => event !== null);
+  }
+};
+function createFabricHttpApp(options) {
+  const { projectRoot, host = DEFAULT_HOST, authToken, dashboardDistPath, dev } = options;
+  const app = createMcpExpressApp({ host });
+  const ledgerPath = join4(projectRoot, LEDGER_FILE);
+  const eventStore = new JsonlEventStore(ledgerPath);
+  const sessions = /* @__PURE__ */ new Map();
+  process.env.FABRIC_PROJECT_ROOT = projectRoot;
+  app.disable("x-powered-by");
+  if (authToken !== void 0) {
+    const bearerAuth = createBearerAuthMiddleware(authToken);
+    app.use("/api", bearerAuth);
+    app.use("/events", bearerAuth);
+  }
+  registerRulesApi(app, projectRoot);
+  registerLedgerApi(app, projectRoot);
+  registerHistoryApi(app, projectRoot);
+  registerScanApi(app, projectRoot);
+  registerDoctorApi(app, projectRoot);
+  registerHumanLockApi(app, projectRoot);
+  registerIntentApi(app, projectRoot);
+  app.get("/events", createEventsHandler({ projectRoot }));
+  app.all("/mcp", async (req, res) => {
+    const sessionId = readHeader(req.headers["mcp-session-id"]);
+    if (sessionId !== void 0) {
+      const session2 = sessions.get(sessionId);
+      if (session2 === void 0) {
+        writeJsonRpcError(res, 404, -32001, "Session not found");
+        return;
+      }
+      await session2.transport.handleRequest(req, res, req.body);
+      return;
+    }
+    if (!isInitializeRequest(req.body)) {
+      writeJsonRpcError(res, 400, -32e3, "Bad Request: Mcp-Session-Id header is required");
+      return;
+    }
+    const session = await createSession(eventStore, sessions);
+    await session.transport.handleRequest(req, res, req.body);
+  });
+  registerDashboardStatic(app, { dashboardDistPath, dev });
+  return app;
+}
+async function createSession(eventStore, sessions) {
+  const { createFabricServer } = await import("./index.js");
+  const server = createFabricServer();
+  const transport = new StreamableHTTPServerTransport({
+    sessionIdGenerator: randomUUID2,
+    enableJsonResponse: true,
+    eventStore,
+    onsessioninitialized: async (sessionId) => {
+      sessions.set(sessionId, { server, transport });
+    },
+    onsessionclosed: async (sessionId) => {
+      sessions.delete(sessionId);
+    }
+  });
+  transport.onclose = () => {
+    const sessionId = transport.sessionId;
+    if (sessionId !== void 0) {
+      sessions.delete(sessionId);
+    }
+  };
+  await server.connect(transport);
+  return { server, transport };
+}
+function isInitializeRequest(body) {
+  if (Array.isArray(body)) {
+    return body.some((entry) => isInitializeMessage(entry));
+  }
+  return isInitializeMessage(body);
+}
+function isInitializeMessage(value) {
+  return value !== null && typeof value === "object" && "jsonrpc" in value && "method" in value && value.jsonrpc === "2.0" && value.method === "initialize";
+}
+function parseStoredMcpEvent(line) {
+  try {
+    const parsed = JSON.parse(line);
+    if (parsed.kind !== "mcp-event" || typeof parsed.eventId !== "string" || typeof parsed.streamId !== "string" || parsed.message === void 0) {
+      return null;
+    }
+    return {
+      kind: "mcp-event",
+      eventId: parsed.eventId,
+      streamId: parsed.streamId,
+      message: parsed.message
+    };
+  } catch {
+    return null;
+  }
+}
+function readHeader(value) {
+  if (typeof value === "string" && value.length > 0) {
+    return value;
+  }
+  if (Array.isArray(value)) {
+    return value.find((entry) => entry.length > 0);
+  }
+  return void 0;
+}
+function writeJsonRpcError(res, status, code, message) {
+  res.status(status).json({
+    jsonrpc: "2.0",
+    error: {
+      code,
+      message
+    },
+    id: null
+  });
+}
+function isNodeError2(error) {
+  return error instanceof Error;
+}
+export {
+  createFabricHttpApp
+};