npm - @lobu/gateway - Versions diffs - 3.0.9 → 3.0.13 - Mend

@lobu/gateway 3.0.9 → 3.0.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (212) hide show

package/dist/api/platform.d.ts.map +1 -1
package/dist/api/platform.js +7 -26
package/dist/api/platform.js.map +1 -1
package/dist/auth/mcp/proxy.d.ts +14 -0
package/dist/auth/mcp/proxy.d.ts.map +1 -1
package/dist/auth/mcp/proxy.js +149 -13
package/dist/auth/mcp/proxy.js.map +1 -1
package/dist/cli/gateway.d.ts.map +1 -1
package/dist/cli/gateway.js +29 -0
package/dist/cli/gateway.js.map +1 -1
package/dist/connections/chat-instance-manager.d.ts.map +1 -1
package/dist/connections/chat-instance-manager.js +2 -1
package/dist/connections/chat-instance-manager.js.map +1 -1
package/dist/connections/interaction-bridge.d.ts +9 -2
package/dist/connections/interaction-bridge.d.ts.map +1 -1
package/dist/connections/interaction-bridge.js +121 -261
package/dist/connections/interaction-bridge.js.map +1 -1
package/dist/gateway/index.js +1 -1
package/dist/gateway/index.js.map +1 -1
package/dist/interactions.d.ts +9 -43
package/dist/interactions.d.ts.map +1 -1
package/dist/interactions.js +10 -52
package/dist/interactions.js.map +1 -1
package/dist/routes/public/agent.d.ts +4 -0
package/dist/routes/public/agent.d.ts.map +1 -1
package/dist/routes/public/agent.js +21 -0
package/dist/routes/public/agent.js.map +1 -1
package/dist/services/core-services.d.ts.map +1 -1
package/dist/services/core-services.js +4 -0
package/dist/services/core-services.js.map +1 -1
package/package.json +9 -9
package/src/__tests__/agent-config-routes.test.ts +0 -254
package/src/__tests__/agent-history-routes.test.ts +0 -72
package/src/__tests__/agent-routes.test.ts +0 -68
package/src/__tests__/agent-schedules-routes.test.ts +0 -59
package/src/__tests__/agent-settings-store.test.ts +0 -323
package/src/__tests__/bedrock-model-catalog.test.ts +0 -40
package/src/__tests__/bedrock-openai-service.test.ts +0 -157
package/src/__tests__/bedrock-provider-module.test.ts +0 -56
package/src/__tests__/chat-instance-manager-slack.test.ts +0 -204
package/src/__tests__/chat-response-bridge.test.ts +0 -131
package/src/__tests__/config-memory-plugins.test.ts +0 -92
package/src/__tests__/config-request-store.test.ts +0 -127
package/src/__tests__/connection-routes.test.ts +0 -144
package/src/__tests__/core-services-store-selection.test.ts +0 -92
package/src/__tests__/docker-deployment.test.ts +0 -1211
package/src/__tests__/embedded-deployment.test.ts +0 -342
package/src/__tests__/grant-store.test.ts +0 -148
package/src/__tests__/http-proxy.test.ts +0 -281
package/src/__tests__/instruction-service.test.ts +0 -37
package/src/__tests__/link-buttons.test.ts +0 -112
package/src/__tests__/lobu.test.ts +0 -32
package/src/__tests__/mcp-config-service.test.ts +0 -347
package/src/__tests__/mcp-proxy.test.ts +0 -694
package/src/__tests__/message-handler-bridge.test.ts +0 -17
package/src/__tests__/model-selection.test.ts +0 -172
package/src/__tests__/oauth-templates.test.ts +0 -39
package/src/__tests__/platform-adapter-slack-send.test.ts +0 -114
package/src/__tests__/platform-helpers-model-resolution.test.ts +0 -253
package/src/__tests__/provider-inheritance.test.ts +0 -212
package/src/__tests__/routes/cli-auth.test.ts +0 -337
package/src/__tests__/routes/interactions.test.ts +0 -121
package/src/__tests__/secret-proxy.test.ts +0 -85
package/src/__tests__/session-manager.test.ts +0 -572
package/src/__tests__/setup.ts +0 -133
package/src/__tests__/skill-and-mcp-registry.test.ts +0 -203
package/src/__tests__/slack-routes.test.ts +0 -161
package/src/__tests__/system-config-resolver.test.ts +0 -75
package/src/__tests__/system-message-limiter.test.ts +0 -89
package/src/__tests__/system-skills-service.test.ts +0 -362
package/src/__tests__/transcription-service.test.ts +0 -222
package/src/__tests__/utils/rate-limiter.test.ts +0 -102
package/src/__tests__/worker-connection-manager.test.ts +0 -497
package/src/__tests__/worker-job-router.test.ts +0 -722
package/src/api/index.ts +0 -1
package/src/api/platform.ts +0 -292
package/src/api/response-renderer.ts +0 -157
package/src/auth/agent-metadata-store.ts +0 -168
package/src/auth/api-auth-middleware.ts +0 -69
package/src/auth/api-key-provider-module.ts +0 -213
package/src/auth/base-provider-module.ts +0 -201
package/src/auth/bedrock/provider-module.ts +0 -110
package/src/auth/chatgpt/chatgpt-oauth-module.ts +0 -185
package/src/auth/chatgpt/device-code-client.ts +0 -218
package/src/auth/chatgpt/index.ts +0 -1
package/src/auth/claude/oauth-module.ts +0 -280
package/src/auth/cli/token-service.ts +0 -249
package/src/auth/external/client.ts +0 -560
package/src/auth/external/device-code-client.ts +0 -235
package/src/auth/mcp/config-service.ts +0 -420
package/src/auth/mcp/proxy.ts +0 -1086
package/src/auth/mcp/string-substitution.ts +0 -17
package/src/auth/mcp/tool-cache.ts +0 -90
package/src/auth/oauth/base-client.ts +0 -267
package/src/auth/oauth/client.ts +0 -153
package/src/auth/oauth/credentials.ts +0 -7
package/src/auth/oauth/providers.ts +0 -69
package/src/auth/oauth/state-store.ts +0 -150
package/src/auth/oauth-templates.ts +0 -179
package/src/auth/provider-catalog.ts +0 -220
package/src/auth/provider-model-options.ts +0 -41
package/src/auth/settings/agent-settings-store.ts +0 -565
package/src/auth/settings/auth-profiles-manager.ts +0 -216
package/src/auth/settings/index.ts +0 -12
package/src/auth/settings/model-preference-store.ts +0 -52
package/src/auth/settings/model-selection.ts +0 -135
package/src/auth/settings/resolved-settings-view.ts +0 -298
package/src/auth/settings/template-utils.ts +0 -44
package/src/auth/settings/token-service.ts +0 -88
package/src/auth/system-env-store.ts +0 -98
package/src/auth/user-agents-store.ts +0 -68
package/src/channels/binding-service.ts +0 -214
package/src/channels/index.ts +0 -4
package/src/cli/gateway.ts +0 -1312
package/src/cli/index.ts +0 -74
package/src/commands/built-in-commands.ts +0 -80
package/src/commands/command-dispatcher.ts +0 -94
package/src/commands/command-reply-adapters.ts +0 -27
package/src/config/file-loader.ts +0 -618
package/src/config/index.ts +0 -588
package/src/config/network-allowlist.ts +0 -71
package/src/connections/chat-instance-manager.ts +0 -1284
package/src/connections/chat-response-bridge.ts +0 -618
package/src/connections/index.ts +0 -7
package/src/connections/interaction-bridge.ts +0 -831
package/src/connections/message-handler-bridge.ts +0 -440
package/src/connections/platform-auth-methods.ts +0 -15
package/src/connections/types.ts +0 -84
package/src/gateway/connection-manager.ts +0 -291
package/src/gateway/index.ts +0 -698
package/src/gateway/job-router.ts +0 -201
package/src/gateway-main.ts +0 -200
package/src/index.ts +0 -41
package/src/infrastructure/queue/index.ts +0 -12
package/src/infrastructure/queue/queue-producer.ts +0 -148
package/src/infrastructure/queue/redis-queue.ts +0 -361
package/src/infrastructure/queue/types.ts +0 -133
package/src/infrastructure/redis/system-message-limiter.ts +0 -94
package/src/interactions/config-request-store.ts +0 -198
package/src/interactions.ts +0 -363
package/src/lobu.ts +0 -311
package/src/metrics/prometheus.ts +0 -159
package/src/modules/module-system.ts +0 -179
package/src/orchestration/base-deployment-manager.ts +0 -900
package/src/orchestration/deployment-utils.ts +0 -98
package/src/orchestration/impl/docker-deployment.ts +0 -620
package/src/orchestration/impl/embedded-deployment.ts +0 -268
package/src/orchestration/impl/index.ts +0 -8
package/src/orchestration/impl/k8s/deployment.ts +0 -1061
package/src/orchestration/impl/k8s/helpers.ts +0 -610
package/src/orchestration/impl/k8s/index.ts +0 -1
package/src/orchestration/index.ts +0 -333
package/src/orchestration/message-consumer.ts +0 -584
package/src/orchestration/scheduled-wakeup.ts +0 -704
package/src/permissions/approval-policy.ts +0 -36
package/src/permissions/grant-store.ts +0 -219
package/src/platform/file-handler.ts +0 -66
package/src/platform/link-buttons.ts +0 -57
package/src/platform/renderer-utils.ts +0 -44
package/src/platform/response-renderer.ts +0 -84
package/src/platform/unified-thread-consumer.ts +0 -194
package/src/platform.ts +0 -318
package/src/proxy/http-proxy.ts +0 -752
package/src/proxy/proxy-manager.ts +0 -81
package/src/proxy/secret-proxy.ts +0 -402
package/src/proxy/token-refresh-job.ts +0 -143
package/src/routes/internal/audio.ts +0 -141
package/src/routes/internal/device-auth.ts +0 -652
package/src/routes/internal/files.ts +0 -226
package/src/routes/internal/history.ts +0 -69
package/src/routes/internal/images.ts +0 -127
package/src/routes/internal/interactions.ts +0 -84
package/src/routes/internal/middleware.ts +0 -23
package/src/routes/internal/schedule.ts +0 -226
package/src/routes/internal/types.ts +0 -22
package/src/routes/openapi-auto.ts +0 -239
package/src/routes/public/agent-access.ts +0 -23
package/src/routes/public/agent-config.ts +0 -675
package/src/routes/public/agent-history.ts +0 -422
package/src/routes/public/agent-schedules.ts +0 -296
package/src/routes/public/agent.ts +0 -1086
package/src/routes/public/agents.ts +0 -373
package/src/routes/public/channels.ts +0 -191
package/src/routes/public/cli-auth.ts +0 -896
package/src/routes/public/connections.ts +0 -574
package/src/routes/public/landing.ts +0 -16
package/src/routes/public/oauth.ts +0 -147
package/src/routes/public/settings-auth.ts +0 -104
package/src/routes/public/slack.ts +0 -173
package/src/routes/shared/agent-ownership.ts +0 -101
package/src/routes/shared/token-verifier.ts +0 -34
package/src/services/bedrock-model-catalog.ts +0 -217
package/src/services/bedrock-openai-service.ts +0 -658
package/src/services/core-services.ts +0 -1072
package/src/services/image-generation-service.ts +0 -257
package/src/services/instruction-service.ts +0 -318
package/src/services/mcp-registry.ts +0 -94
package/src/services/platform-helpers.ts +0 -287
package/src/services/session-manager.ts +0 -262
package/src/services/settings-resolver.ts +0 -74
package/src/services/system-config-resolver.ts +0 -89
package/src/services/system-skills-service.ts +0 -229
package/src/services/transcription-service.ts +0 -684
package/src/session.ts +0 -110
package/src/spaces/index.ts +0 -1
package/src/spaces/space-resolver.ts +0 -17
package/src/stores/in-memory-agent-store.ts +0 -403
package/src/stores/redis-agent-store.ts +0 -279
package/src/utils/public-url.ts +0 -44
package/src/utils/rate-limiter.ts +0 -94
package/tsconfig.json +0 -33
package/tsconfig.tsbuildinfo +0 -1

package/src/routes/public/agent.ts DELETED Viewed

@@ -1,1086 +0,0 @@
-import { randomUUID } from "node:crypto";
-import { createRoute, OpenAPIHono } from "@hono/zod-openapi";
-import {
-  type AgentConfigStore,
-  createLogger,
-  createRootSpan,
-  findTemplateAgentId,
-  generateWorkerToken,
-  type InstalledProvider,
-  type McpServerConfig,
-  type NetworkConfig,
-  verifyWorkerToken,
-} from "@lobu/core";
-import { streamSSE } from "hono/streaming";
-import { z } from "zod";
-import {
-  createApiAuthMiddleware,
-  TOKEN_EXPIRATION_MS,
-} from "../../auth/api-auth-middleware";
-import type { CliTokenService } from "../../auth/cli/token-service";
-import type { ExternalAuthClient } from "../../auth/external/client";
-import type { AgentSettingsStore } from "../../auth/settings/agent-settings-store";
-import type { QueueProducer } from "../../infrastructure/queue/queue-producer";
-import { getModelProviderModules } from "../../modules/module-system";
-import type { PlatformRegistry } from "../../platform";
-import { resolveAgentOptions } from "../../services/platform-helpers";
-import type { ISessionManager, ThreadSession } from "../../session";
-const logger = createLogger("agent-api");
-// =============================================================================
-// Constants
-// =============================================================================
-const MAX_CONNECTIONS_PER_AGENT = 5;
-const MAX_TOTAL_CONNECTIONS = 1000;
-// SSE connection tracking
-const sseConnections = new Map<string, Set<any>>();
-// =============================================================================
-// Zod Schemas
-// =============================================================================
-const NetworkConfigSchema = z.object({
-  allowedDomains: z.array(z.string()).optional(),
-  deniedDomains: z.array(z.string()).optional(),
-});
-const McpServerConfigSchema = z.object({
-  url: z.string().optional(),
-  type: z.enum(["sse", "stdio"]).optional(),
-  command: z.string().optional(),
-  args: z.array(z.string()).optional(),
-  env: z.record(z.string(), z.string()).optional(),
-  headers: z.record(z.string(), z.string()).optional(),
-  description: z.string().optional(),
-});
-const NixConfigSchema = z.object({
-  flakeUrl: z.string().optional(),
-  packages: z.array(z.string()).optional(),
-});
-const CreateAgentRequestSchema = z.object({
-  provider: z.string().default("claude").optional(),
-  model: z.string().optional(),
-  agentId: z.string().min(1).optional(),
-  userId: z.string().min(1).optional(),
-  thread: z.string().optional(),
-  forceNew: z.boolean().optional(),
-  dryRun: z.boolean().optional(),
-  networkConfig: NetworkConfigSchema.optional(),
-  mcpServers: z.record(z.string(), McpServerConfigSchema).optional(),
-  nix: NixConfigSchema.optional(),
-});
-const CreateAgentResponseSchema = z.object({
-  success: z.boolean(),
-  agentId: z.string(),
-  token: z.string(),
-  expiresAt: z.number(),
-  sseUrl: z.string(),
-  messagesUrl: z.string(),
-});
-const SlackRoutingInfoSchema = z.object({
-  channel: z.string().describe("Slack channel ID"),
-  thread: z.string().optional().describe("Thread timestamp for replies"),
-  team: z.string().optional().describe("Slack team ID"),
-});
-const SendMessageRequestSchema = z
-  .object({
-    content: z.string().optional().describe("Message content"),
-    message: z
-      .string()
-      .optional()
-      .describe("Message content (alias for content)"),
-    messageId: z.string().optional(),
-    platform: z
-      .string()
-      .optional()
-      .describe("Target platform (api, slack, telegram)"),
-    slack: SlackRoutingInfoSchema.optional().describe(
-      "Slack-specific routing info (required when platform=slack)"
-    ),
-  })
-  .passthrough();
-const SendMessageResponseSchema = z.object({
-  success: z.boolean(),
-  messageId: z.string(),
-  agentId: z.string().optional(),
-  jobId: z.string().optional(),
-  eventsUrl: z.string().optional(),
-  queued: z.boolean(),
-  traceparent: z.string().optional(),
-});
-const AgentStatusResponseSchema = z.object({
-  success: z.boolean(),
-  agent: z.object({
-    agentId: z.string(),
-    userId: z.string(),
-    status: z.string(),
-    createdAt: z.number(),
-    lastActivity: z.number(),
-    hasActiveConnection: z.boolean(),
-  }),
-});
-const ErrorResponseSchema = z.object({
-  success: z.boolean(),
-  error: z.string(),
-  details: z.string().optional(),
-});
-const SuccessResponseSchema = z.object({
-  success: z.boolean(),
-  message: z.string().optional(),
-  agentId: z.string().optional(),
-});
-// Path parameters
-const AgentIdParamSchema = z.object({
-  agentId: z.string(),
-});
-// =============================================================================
-// Validation Helpers
-// =============================================================================
-function validateDomainPattern(pattern: string): string | null {
-  if (!pattern || typeof pattern !== "string") {
-    return "Domain pattern must be a non-empty string";
-  }
-  const trimmed = pattern.trim().toLowerCase();
-  if (trimmed === "*") return "Bare wildcard '*' is not allowed";
-  if (trimmed.includes("://"))
-    return `Domain pattern cannot contain protocol: ${pattern}`;
-  if (trimmed.includes("/"))
-    return `Domain pattern cannot contain path: ${pattern}`;
-  if (trimmed.includes(":") && !trimmed.includes("[")) {
-    return `Domain pattern cannot contain port: ${pattern}`;
-  }
-  if (trimmed.startsWith("*.") || trimmed.startsWith(".")) {
-    const domain = trimmed.startsWith("*.")
-      ? trimmed.substring(2)
-      : trimmed.substring(1);
-    if (!domain.includes(".")) {
-      return `Wildcard pattern too broad: ${pattern}`;
-    }
-  } else if (!trimmed.includes(".")) {
-    return `Invalid domain pattern: ${pattern}`;
-  }
-  return null;
-}
-function validateNetworkConfig(config: NetworkConfig): string | null {
-  for (const domains of [config.allowedDomains, config.deniedDomains]) {
-    if (domains) {
-      for (const domain of domains) {
-        const error = validateDomainPattern(domain);
-        if (error) return error;
-      }
-    }
-  }
-  return null;
-}
-function validateMcpServerConfig(
-  id: string,
-  config: McpServerConfig
-): string | null {
-  if (!config.url && !config.command) {
-    return `MCP ${id}: must specify either 'url' or 'command'`;
-  }
-  if (
-    config.url &&
-    !config.url.startsWith("http://") &&
-    !config.url.startsWith("https://")
-  ) {
-    return `MCP ${id}: url must be http:// or https://`;
-  }
-  if (config.command) {
-    const dangerousCommands = [
-      "rm",
-      "sudo",
-      "curl",
-      "wget",
-      "sh",
-      "bash",
-      "zsh",
-      "kill",
-    ];
-    const baseCommand = config.command.split("/").pop()?.split(" ")[0] || "";
-    if (dangerousCommands.includes(baseCommand)) {
-      return `MCP ${id}: command '${baseCommand}' is not allowed`;
-    }
-  }
-  return null;
-}
-function validateMcpConfig(
-  mcpServers: Record<string, McpServerConfig>
-): string | null {
-  for (const [id, config] of Object.entries(mcpServers)) {
-    if (!/^[a-zA-Z0-9_-]+$/.test(id)) {
-      return `MCP ID '${id}' is invalid`;
-    }
-    const error = validateMcpServerConfig(id, config);
-    if (error) return error;
-  }
-  return null;
-}
-// =============================================================================
-// Broadcast Functions (exported for use by other modules)
-// =============================================================================
-export function broadcastToAgent(
-  agentId: string,
-  event: string,
-  data: unknown
-): void {
-  const connections = sseConnections.get(agentId);
-  if (!connections || connections.size === 0) return;
-  const deadConnections = new Set<any>();
-  for (const res of connections) {
-    try {
-      if (res.closed || res.destroyed || res.writableEnded) {
-        deadConnections.add(res);
-        continue;
-      }
-      if (typeof res.writeSSE === "function") {
-        res.writeSSE({ event, data: JSON.stringify(data) });
-      } else if (typeof res.write === "function") {
-        const message = `event: ${event}\ndata: ${JSON.stringify(data)}\n\n`;
-        res.write(message);
-      }
-    } catch {
-      deadConnections.add(res);
-    }
-  }
-  for (const deadRes of deadConnections) {
-    connections.delete(deadRes);
-  }
-  if (connections.size === 0) {
-    sseConnections.delete(agentId);
-  }
-}
-// =============================================================================
-// OpenAPI Route Definitions
-// =============================================================================
-const createAgentRoute = createRoute({
-  method: "post",
-  path: "/api/v1/agents",
-  tags: ["Agents"],
-  summary: "Create a new agent",
-  security: [{ bearerAuth: [] }],
-  description:
-    "Creates a new agent session and returns authentication credentials",
-  request: {
-    body: {
-      content: { "application/json": { schema: CreateAgentRequestSchema } },
-    },
-  },
-  responses: {
-    201: {
-      description: "Agent created",
-      content: { "application/json": { schema: CreateAgentResponseSchema } },
-    },
-    400: {
-      description: "Invalid request",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    401: {
-      description: "Unauthorized",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-  },
-});
-const getAgentRoute = createRoute({
-  method: "get",
-  path: "/api/v1/agents/{agentId}",
-  tags: ["Agents"],
-  summary: "Get agent status",
-  security: [{ bearerAuth: [] }],
-  request: { params: AgentIdParamSchema },
-  responses: {
-    200: {
-      description: "Agent status",
-      content: { "application/json": { schema: AgentStatusResponseSchema } },
-    },
-    401: {
-      description: "Unauthorized",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    404: {
-      description: "Not found",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-  },
-});
-const deleteAgentRoute = createRoute({
-  method: "delete",
-  path: "/api/v1/agents/{agentId}",
-  tags: ["Agents"],
-  summary: "Delete an agent",
-  security: [{ bearerAuth: [] }],
-  request: { params: AgentIdParamSchema },
-  responses: {
-    200: {
-      description: "Agent deleted",
-      content: { "application/json": { schema: SuccessResponseSchema } },
-    },
-    401: {
-      description: "Unauthorized",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    404: {
-      description: "Not found",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-  },
-});
-const getAgentEventsRoute = createRoute({
-  method: "get",
-  path: "/api/v1/agents/{agentId}/events",
-  tags: ["Messages"],
-  summary: "Subscribe to agent events (SSE)",
-  description: "Server-Sent Events stream for real-time agent updates",
-  security: [{ bearerAuth: [] }],
-  request: { params: AgentIdParamSchema },
-  responses: {
-    200: {
-      description: "SSE stream",
-      content: { "text/event-stream": { schema: z.string() } },
-    },
-    401: {
-      description: "Unauthorized",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    429: {
-      description: "Too many connections",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-  },
-});
-const sendMessageRoute = createRoute({
-  method: "post",
-  path: "/api/v1/agents/{agentId}/messages",
-  tags: ["Messages"],
-  summary: "Send a message to the agent",
-  description:
-    "Send a message to an agent. Supports JSON body or multipart form data for file uploads. " +
-    "When platform is specified, the message is routed through the platform adapter.",
-  security: [{ bearerAuth: [] }],
-  request: {
-    params: AgentIdParamSchema,
-    body: {
-      content: {
-        "application/json": { schema: SendMessageRequestSchema },
-      },
-    },
-  },
-  responses: {
-    200: {
-      description: "Message queued",
-      content: { "application/json": { schema: SendMessageResponseSchema } },
-    },
-    400: {
-      description: "Invalid request",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    401: {
-      description: "Unauthorized",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    403: {
-      description: "Forbidden - worker tokens cannot route to platforms",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-    404: {
-      description: "Agent not found",
-      content: { "application/json": { schema: ErrorResponseSchema } },
-    },
-  },
-});
-// =============================================================================
-// Create OpenAPI Hono App
-// =============================================================================
-export interface AgentApiConfig {
-  queueProducer: QueueProducer;
-  sessionManager: ISessionManager;
-  publicGatewayUrl: string;
-  adminPassword?: string;
-  cliTokenService?: CliTokenService;
-  externalAuthClient?: ExternalAuthClient;
-  agentSettingsStore?: AgentSettingsStore;
-  agentConfigStore?: Pick<AgentConfigStore, "getSettings" | "listAgents">;
-  platformRegistry?: PlatformRegistry;
-}
-export function createAgentApi(config: AgentApiConfig): OpenAPIHono;
-export function createAgentApi(
-  queueProducer: QueueProducer,
-  sessionManager: ISessionManager,
-  publicGatewayUrl: string
-): OpenAPIHono;
-export function createAgentApi(
-  configOrQueue: AgentApiConfig | QueueProducer,
-  sessionManager?: ISessionManager,
-  publicGatewayUrl?: string
-): OpenAPIHono {
-  const config: AgentApiConfig =
-    configOrQueue instanceof Object && "queueProducer" in configOrQueue
-      ? configOrQueue
-      : {
-          queueProducer: configOrQueue as QueueProducer,
-          sessionManager: sessionManager!,
-          publicGatewayUrl: publicGatewayUrl!,
-        };
-  const {
-    queueProducer,
-    adminPassword,
-    cliTokenService,
-    agentSettingsStore,
-    agentConfigStore,
-    platformRegistry,
-  } = config;
-  const sessMgr = config.sessionManager;
-  const pubUrl = config.publicGatewayUrl;
-  const app = new OpenAPIHono();
-  // Unified auth middleware for all agent API routes
-  app.use(
-    "/api/v1/agents/*",
-    createApiAuthMiddleware({
-      adminPassword,
-      cliTokenService,
-      externalAuthClient: config.externalAuthClient,
-      allowSettingsSession: true,
-    })
-  );
-  // =============================================================================
-  // Route Handlers
-  // =============================================================================
-  // POST /api/v1/agents - Create agent
-  app.openapi(createAgentRoute, async (c): Promise<any> => {
-    const body = c.req.valid("json");
-    const {
-      provider = "claude",
-      model,
-      agentId: requestedAgentId,
-      userId: requestedUserId,
-      thread,
-      forceNew,
-      dryRun,
-      networkConfig,
-      mcpServers,
-      nix: nixConfig,
-    } = body;
-    // Validate provider
-    if (provider && !["claude"].includes(provider)) {
-      return c.json(
-        { success: false, error: "Invalid provider. Supported: claude" },
-        400
-      );
-    }
-    // Validate network config
-    if (networkConfig) {
-      const error = validateNetworkConfig(networkConfig as NetworkConfig);
-      if (error) return c.json({ success: false, error }, 400);
-    }
-    // Validate MCP config
-    if (mcpServers) {
-      const error = validateMcpConfig(
-        mcpServers as Record<string, McpServerConfig>
-      );
-      if (error) return c.json({ success: false, error }, 400);
-    }
-    const isEphemeral = !requestedAgentId?.trim();
-    const agentId = requestedAgentId?.trim() || randomUUID();
-    // For ephemeral agents, auto-provision settings so the worker gets provider config
-    if (isEphemeral && agentSettingsStore) {
-      // Try system-key providers first (env var based API keys)
-      const providerModules = getModelProviderModules();
-      const systemProviders: InstalledProvider[] = providerModules
-        .filter((m) => m.hasSystemKey())
-        .map((m) => ({
-          providerId: m.providerId,
-          installedAt: Date.now(),
-        }));
-      if (systemProviders.length > 0) {
-        // Also inherit pluginsConfig from template agent if available
-        const templateId = agentConfigStore
-          ? await findTemplateAgentId(agentConfigStore)
-          : await agentSettingsStore.findTemplateAgentId();
-        const templateSettings = templateId
-          ? await (agentConfigStore?.getSettings(templateId) ??
-              agentSettingsStore.getSettings(templateId))
-          : null;
-        await agentSettingsStore.saveSettings(agentId, {
-          installedProviders: systemProviders,
-          pluginsConfig: templateSettings?.pluginsConfig,
-        });
-        logger.info(
-          `Ephemeral agent ${agentId}: provisioned system providers [${systemProviders.map((p) => p.providerId).join(", ")}]`
-        );
-      } else {
-        // Fall back to using an existing agent as template (inherits its providers)
-        const templateId = agentConfigStore
-          ? await findTemplateAgentId(agentConfigStore)
-          : await agentSettingsStore.findTemplateAgentId();
-        if (templateId) {
-          const templateSettings = await (agentConfigStore?.getSettings(
-            templateId
-          ) ?? agentSettingsStore.getSettings(templateId));
-          await agentSettingsStore.saveSettings(agentId, {
-            templateAgentId: templateId,
-            pluginsConfig: templateSettings?.pluginsConfig,
-          });
-          logger.info(
-            `Ephemeral agent ${agentId}: using template ${templateId}`
-          );
-        }
-      }
-    }
-    const userId = requestedUserId || agentId;
-    // Build composite conversationId for user-specific sessions
-    // Uses _ separator (colons not allowed in BullMQ custom IDs)
-    const conversationId = thread
-      ? `${agentId}_${userId}_${thread}`
-      : `${agentId}_${userId}`;
-    const channelId = `api_${userId}`;
-    const deploymentName = `api-${agentId.slice(0, 8)}`;
-    // Try to resume existing session (unless forceNew is requested)
-    if (!forceNew) {
-      const existing = await sessMgr.getSession(conversationId);
-      if (existing) {
-        // Reuse existing session — touch lastActivity and return existing token
-        await sessMgr.touchSession(conversationId);
-        const token = generateWorkerToken(
-          agentId,
-          conversationId,
-          deploymentName,
-          {
-            channelId,
-            agentId,
-            platform: "api",
-            sessionKey: userId,
-          }
-        );
-        const expiresAt = Date.now() + TOKEN_EXPIRATION_MS;
-        const baseUrl = pubUrl || "http://localhost:8080";
-        logger.info(
-          `Resumed API session: ${conversationId} (agent=${agentId})`
-        );
-        return c.json(
-          {
-            success: true,
-            agentId: conversationId,
-            token,
-            expiresAt,
-            sseUrl: `${baseUrl}/api/v1/agents/${conversationId}/events`,
-            messagesUrl: `${baseUrl}/api/v1/agents/${conversationId}/messages`,
-          },
-          201
-        );
-      }
-    }
-    const token = generateWorkerToken(agentId, conversationId, deploymentName, {
-      channelId,
-      agentId,
-      platform: "api",
-      sessionKey: userId,
-    });
-    const expiresAt = Date.now() + TOKEN_EXPIRATION_MS;
-    const session: ThreadSession = {
-      conversationId,
-      channelId,
-      userId,
-      threadCreator: userId,
-      lastActivity: Date.now(),
-      createdAt: Date.now(),
-      status: "created",
-      provider,
-      model,
-      networkConfig: networkConfig as NetworkConfig | undefined,
-      mcpConfig: mcpServers
-        ? { mcpServers: mcpServers as Record<string, McpServerConfig> }
-        : undefined,
-      nixConfig,
-      agentId,
-      dryRun: dryRun || false,
-    };
-    await sessMgr.setSession(session);
-    logger.info(`Created API agent: ${conversationId} (agent=${agentId})`);
-    const baseUrl = pubUrl || "http://localhost:8080";
-    return c.json(
-      {
-        success: true,
-        agentId: conversationId,
-        token,
-        expiresAt,
-        sseUrl: `${baseUrl}/api/v1/agents/${conversationId}/events`,
-        messagesUrl: `${baseUrl}/api/v1/agents/${conversationId}/messages`,
-      },
-      201
-    );
-  });
-  // GET /api/v1/agents/:agentId - Get status
-  app.openapi(getAgentRoute, async (c): Promise<any> => {
-    const { agentId: sessionKey } = c.req.valid("param");
-    const session = await sessMgr.getSession(sessionKey);
-    if (!session) {
-      return c.json({ success: false, error: "Agent not found" }, 404);
-    }
-    const hasActiveConnection =
-      sseConnections.has(sessionKey) &&
-      (sseConnections.get(sessionKey)?.size ?? 0) > 0;
-    return c.json({
-      success: true,
-      agent: {
-        agentId: session.conversationId,
-        userId: session.userId,
-        status: session.status || "active",
-        createdAt: session.createdAt,
-        lastActivity: session.lastActivity,
-        hasActiveConnection,
-      },
-    });
-  });
-  // DELETE /api/v1/agents/:agentId
-  app.openapi(deleteAgentRoute, async (c): Promise<any> => {
-    const { agentId: sessionKey } = c.req.valid("param");
-    const connections = sseConnections.get(sessionKey);
-    if (connections) {
-      for (const connection of connections) {
-        try {
-          if (typeof connection.writeSSE === "function") {
-            connection.writeSSE({
-              event: "closed",
-              data: JSON.stringify({ reason: "agent_deleted" }),
-            });
-          } else if (typeof connection.write === "function") {
-            connection.write(
-              `event: closed\ndata: ${JSON.stringify({ reason: "agent_deleted" })}\n\n`
-            );
-          }
-          connection.close?.();
-          connection.end?.();
-        } catch {
-          // Ignore
-        }
-      }
-      sseConnections.delete(sessionKey);
-    }
-    // Get real agentId from session before deleting
-    const session = await sessMgr.getSession(sessionKey);
-    const realAgentId = session?.agentId || sessionKey;
-    await sessMgr.deleteSession(sessionKey);
-    // Clean up ephemeral agent settings
-    if (agentSettingsStore) {
-      await agentSettingsStore.deleteSettings(realAgentId).catch(() => {
-        /* best-effort cleanup */
-      });
-    }
-    logger.info(`Deleted agent ${sessionKey}`);
-    return c.json({
-      success: true,
-      message: "Agent deleted",
-      agentId: sessionKey,
-    });
-  });
-  // GET /api/v1/agents/:agentId/events - SSE stream
-  app.openapi(getAgentEventsRoute, async (c): Promise<any> => {
-    const { agentId: sessionKey } = c.req.valid("param");
-    const session = await sessMgr.getSession(sessionKey);
-    if (!session) {
-      return c.json({ success: false, error: "Agent not found" }, 404);
-    }
-    // Check connection limits
-    const totalConnections = Array.from(sseConnections.values()).reduce(
-      (acc, set) => acc + set.size,
-      0
-    );
-    if (totalConnections >= MAX_TOTAL_CONNECTIONS) {
-      return c.json(
-        { success: false, error: "Server connection limit reached" },
-        429
-      );
-    }
-    // Use conversationId as the SSE connection key (matches broadcastToAgent calls)
-    const sseKey = session.conversationId;
-    if (!sseConnections.has(sseKey)) {
-      sseConnections.set(sseKey, new Set());
-    }
-    const agentConnections = sseConnections.get(sseKey)!;
-    if (agentConnections.size >= MAX_CONNECTIONS_PER_AGENT) {
-      return c.json(
-        {
-          success: false,
-          error: `Maximum ${MAX_CONNECTIONS_PER_AGENT} connections`,
-        },
-        429
-      );
-    }
-    // Return SSE stream
-    return streamSSE(c, async (stream) => {
-      agentConnections.add(stream);
-      await stream.writeSSE({
-        event: "connected",
-        data: JSON.stringify({
-          agentId: session.agentId || sessionKey,
-          timestamp: Date.now(),
-        }),
-      });
-      const heartbeatInterval = setInterval(async () => {
-        try {
-          await stream.writeSSE({
-            event: "ping",
-            data: JSON.stringify({ timestamp: Date.now() }),
-          });
-        } catch {
-          clearInterval(heartbeatInterval);
-        }
-      }, 30000);
-      stream.onAbort(() => {
-        clearInterval(heartbeatInterval);
-        agentConnections.delete(stream);
-        if (agentConnections.size === 0) {
-          sseConnections.delete(sseKey);
-        }
-        logger.info(`SSE connection closed for session ${sseKey}`);
-      });
-      while (true) {
-        await stream.sleep(1000);
-      }
-    });
-  });
-  // POST /api/v1/agents/:agentId/messages - Send message
-  // Supports two paths:
-  //   1. Direct API (no platform field): requires pre-created session, enqueues directly
-  //   2. Platform-routed (platform field present): delegates to platform adapter
-  app.openapi(sendMessageRoute, async (c): Promise<any> => {
-    const { agentId } = c.req.valid("param");
-    // Parse body — multipart for file uploads, JSON otherwise
-    const contentType = c.req.header("content-type") || "";
-    let body: Record<string, any>;
-    let files: Array<{ buffer: Buffer; filename: string }> | undefined;
-    if (contentType.includes("multipart/form-data")) {
-      const formData = await c.req.formData();
-      body = {
-        content: formData.get("content") as string | null,
-        message: formData.get("message") as string | null,
-        messageId: formData.get("messageId") as string | null,
-        platform: formData.get("platform") as string | null,
-      };
-      // Extract nested platform routing from form fields
-      const slackChannel = formData.get("slack.channel") as string;
-      if (slackChannel) {
-        body.slack = {
-          channel: slackChannel,
-          thread: formData.get("slack.thread") as string | undefined,
-          team: formData.get("slack.team") as string | undefined,
-        };
-      }
-      const whatsappChat = formData.get("whatsapp.chat") as string;
-      if (whatsappChat) {
-        body.whatsapp = { chat: whatsappChat };
-      }
-      const telegramChatId = formData.get("telegram.chatId") as string;
-      if (telegramChatId) {
-        body.telegram = { chatId: telegramChatId };
-      }
-      // Extract files with size validation
-      const MAX_FILE_SIZE = 50 * 1024 * 1024;
-      const MAX_TOTAL_SIZE = 100 * 1024 * 1024;
-      const MAX_FILE_COUNT = 10;
-      const fileEntries = formData.getAll("files");
-      if (fileEntries.length > MAX_FILE_COUNT) {
-        return c.json(
-          {
-            success: false,
-            error: `Too many files: ${fileEntries.length} (max ${MAX_FILE_COUNT})`,
-          },
-          400
-        );
-      }
-      if (fileEntries.length > 0) {
-        const fileResults: Array<{ buffer: Buffer; filename: string }> = [];
-        let totalSize = 0;
-        for (const entry of fileEntries) {
-          if (entry instanceof File) {
-            if (entry.size > MAX_FILE_SIZE) {
-              return c.json(
-                {
-                  success: false,
-                  error: `File "${entry.name}" exceeds maximum size of ${MAX_FILE_SIZE / 1024 / 1024}MB`,
-                },
-                400
-              );
-            }
-            totalSize += entry.size;
-            if (totalSize > MAX_TOTAL_SIZE) {
-              return c.json(
-                {
-                  success: false,
-                  error: `Total upload size exceeds maximum of ${MAX_TOTAL_SIZE / 1024 / 1024}MB`,
-                },
-                400
-              );
-            }
-            const arrayBuffer = await entry.arrayBuffer();
-            fileResults.push({
-              buffer: Buffer.from(arrayBuffer),
-              filename: entry.name,
-            });
-          }
-        }
-        if (fileResults.length > 0) files = fileResults;
-      }
-    } else {
-      body = c.req.valid("json");
-    }
-    const messageContent = body.content || body.message;
-    const messageId = body.messageId || randomUUID();
-    if (!messageContent || typeof messageContent !== "string") {
-      return c.json({ success: false, error: "content is required" }, 400);
-    }
-    const platform = body.platform as string | undefined;
-    // ── Platform-routed path ──────────────────────────────────────────────────
-    // When platform is specified, delegate to the platform adapter which handles
-    // session creation, routing, and file delivery.
-    if (platform) {
-      // Worker tokens cannot route to user-facing platform connections
-      const authHeader = c.req.header("Authorization");
-      const rawToken = authHeader?.startsWith("Bearer ")
-        ? authHeader.substring(7)
-        : "";
-      if (verifyWorkerToken(rawToken)) {
-        return c.json(
-          { success: false, error: "Worker tokens cannot route to platforms" },
-          403
-        );
-      }
-      if (!platformRegistry) {
-        return c.json(
-          { success: false, error: "Platform routing not available" },
-          501
-        );
-      }
-      const adapter = platformRegistry.get(platform);
-      if (!adapter) {
-        return c.json(
-          {
-            success: false,
-            error: `Platform "${platform}" not found`,
-            details: `Available: ${platformRegistry.getAvailablePlatforms().join(", ")}`,
-          },
-          404
-        );
-      }
-      if (!adapter.sendMessage) {
-        return c.json(
-          {
-            success: false,
-            error: `Platform "${platform}" does not support sendMessage`,
-          },
-          501
-        );
-      }
-      // Extract platform-specific routing info
-      let channelId = agentId;
-      let conversationId: string | undefined =
-        platform === "api" ? agentId : undefined;
-      let teamId = "api";
-      if (adapter.extractRoutingInfo) {
-        const routingInfo = adapter.extractRoutingInfo(
-          body as Record<string, unknown>
-        );
-        if (routingInfo) {
-          channelId = routingInfo.channelId;
-          conversationId = routingInfo.conversationId || conversationId;
-          teamId = routingInfo.teamId || "api";
-        } else if (platform !== "api") {
-          return c.json(
-            {
-              success: false,
-              error: `Platform-specific routing info required for ${platform}`,
-            },
-            400
-          );
-        }
-      }
-      logger.info(
-        `Sending message via ${platform}: agentId=${agentId}, channelId=${channelId}${files?.length ? `, files=${files.length}` : ""}`
-      );
-      try {
-        const result = await adapter.sendMessage(rawToken, messageContent, {
-          agentId,
-          channelId,
-          conversationId,
-          teamId,
-          files,
-        });
-        return c.json({
-          success: true,
-          agentId,
-          messageId: result.messageId,
-          eventsUrl: result.eventsUrl,
-          queued: result.queued || false,
-        });
-      } catch (error) {
-        logger.error("Failed to send platform message", { error });
-        return c.json({ success: false, error: "Internal server error" }, 500);
-      }
-    }
-    // ── Direct API path ───────────────────────────────────────────────────────
-    // No platform field: use existing session-based direct enqueue
-    const session = await sessMgr.getSession(agentId);
-    if (!session) {
-      return c.json({ success: false, error: "Agent not found" }, 404);
-    }
-    await sessMgr.touchSession(agentId);
-    const realAgentId = session.agentId || agentId;
-    const { span: rootSpan, traceparent } = createRootSpan("message_received", {
-      "lobu.agent_id": realAgentId,
-      "lobu.message_id": messageId,
-    });
-    try {
-      const channelId = session.channelId || `api_${session.userId}`;
-      const baseOptions: Record<string, any> = {
-        provider: session.provider || "claude",
-        model: session.model,
-      };
-      const agentOptions = await resolveAgentOptions(
-        realAgentId,
-        baseOptions,
-        agentSettingsStore
-      );
-      const {
-        networkConfig: settingsNetwork,
-        mcpServers: settingsMcpServers,
-        ...remainingOptions
-      } = agentOptions;
-      const jobId = await queueProducer.enqueueMessage({
-        userId: session.userId,
-        conversationId: session.conversationId || agentId,
-        messageId,
-        channelId,
-        teamId: "api",
-        agentId: realAgentId,
-        botId: "lobu-api",
-        platform: "api",
-        messageText: messageContent,
-        platformMetadata: {
-          agentId: realAgentId,
-          source: "direct-api",
-          traceparent: traceparent || undefined,
-          dryRun: session.dryRun || false,
-        },
-        agentOptions: remainingOptions,
-        networkConfig: session.networkConfig || settingsNetwork,
-        mcpConfig:
-          session.mcpConfig ||
-          (settingsMcpServers ? { mcpServers: settingsMcpServers } : undefined),
-      });
-      rootSpan?.end();
-      return c.json({
-        success: true,
-        messageId,
-        jobId,
-        queued: true,
-        traceparent: traceparent || undefined,
-      });
-    } catch (error) {
-      rootSpan?.end();
-      throw error;
-    }
-  });
-  logger.debug("Hono Agent API routes registered");
-  return app;
-}