@lovelybunch/api 1.0.75-alpha.0 → 1.0.75-alpha.10

package/dist/lib/auth/auth-manager.d.ts

@@ -128,3 +128,8 @@ export declare class AuthManager {
  * @param configPath - Optional custom path to auth.json. If not provided, uses OS app data directory.
  */
 export declare function getAuthManager(configPath?: string): AuthManager;
+/**
+ * Reset the singleton AuthManager (for testing isolation).
+ * Only effective when NODE_ENV is 'test'.
+ */
+export declare function resetAuthManagerForTesting(): void;

package/dist/lib/auth/auth-manager.js

@@ -420,3 +420,12 @@ export function getAuthManager(configPath) {
     }
     return authManagerInstance;
 }
+/**
+ * Reset the singleton AuthManager (for testing isolation).
+ * Only effective when NODE_ENV is 'test'.
+ */
+export function resetAuthManagerForTesting() {
+    if (process.env.NODE_ENV === 'test') {
+        authManagerInstance = null;
+    }
+}

package/dist/lib/storage/file-storage.d.ts

@@ -1,30 +1,30 @@
-import { ChangeProposal, CPStatus } from '@lovelybunch/types';
-export interface CPFilter {
-    status?: CPStatus;
+import { Task, TaskStatus } from '@lovelybunch/types';
+export interface TaskFilter {
+    status?: TaskStatus;
     author?: string;
     priority?: string;
     tags?: string[];
     search?: string;
 }
 export interface StorageAdapter {
-    createCP(cp: ChangeProposal): Promise<void>;
-    getCP(id: string): Promise<ChangeProposal | null>;
-    updateCP(id: string, cp: Partial<ChangeProposal>): Promise<void>;
-    deleteCP(id: string): Promise<void>;
-    listCPs(filter?: CPFilter): Promise<ChangeProposal[]>;
-    searchCPs(query: string): Promise<ChangeProposal[]>;
+    createTask(task: Task): Promise<void>;
+    getTask(id: string): Promise<Task | null>;
+    updateTask(id: string, task: Partial<Task>): Promise<void>;
+    deleteTask(id: string): Promise<void>;
+    listTasks(filter?: TaskFilter): Promise<Task[]>;
+    searchTasks(query: string): Promise<Task[]>;
 }
 export declare class FileStorageAdapter implements StorageAdapter {
     private basePath;
     private sanitizeForYAML;
     constructor(basePath?: string);
     ensureDirectories(): Promise<void>;
-    createCP(cp: ChangeProposal): Promise<void>;
-    getCP(id: string): Promise<ChangeProposal | null>;
-    updateCP(id: string, updates: Partial<ChangeProposal>): Promise<void>;
-    deleteCP(id: string): Promise<void>;
-    listCPs(filter?: CPFilter): Promise<ChangeProposal[]>;
-    searchCPs(query: string): Promise<ChangeProposal[]>;
-    private frontmatterToCP;
+    createTask(task: Task): Promise<void>;
+    getTask(id: string): Promise<Task | null>;
+    updateTask(id: string, updates: Partial<Task>): Promise<void>;
+    deleteTask(id: string): Promise<void>;
+    listTasks(filter?: TaskFilter): Promise<Task[]>;
+    searchTasks(query: string): Promise<Task[]>;
+    private frontmatterToTask;
     private getDefaultContent;
 }

package/dist/lib/storage/file-storage.js

@@ -49,68 +49,76 @@ export class FileStorageAdapter {
         }
     }
     async ensureDirectories() {
-        const dirs = ['proposals', 'specs', 'flags', 'experiments', 'templates', 'jobs'];
+        const dirs = ['tasks', 'specs', 'flags', 'experiments', 'templates', 'jobs'];
         for (const dir of dirs) {
             await fs.mkdir(path.join(this.basePath, dir), { recursive: true });
         }
     }
-    async createCP(cp) {
+    async createTask(task) {
         await this.ensureDirectories();
-        // Extract content from the proposal if it exists
-        const { content, ...frontmatter } = cp;
+        // Extract content from the task if it exists
+        const { content, ...frontmatter } = task;
         // Normalize date fields to Date instances in case callers provide ISO strings
-        const createdAt = cp.metadata.createdAt instanceof Date
-            ? cp.metadata.createdAt
-            : new Date(cp.metadata.createdAt);
-        const updatedAt = cp.metadata.updatedAt instanceof Date
-            ? cp.metadata.updatedAt
-            : new Date(cp.metadata.updatedAt);
-        // Convert the proposal to markdown with YAML frontmatter
+        const createdAt = task.metadata.createdAt instanceof Date
+            ? task.metadata.createdAt
+            : new Date(task.metadata.createdAt);
+        const updatedAt = task.metadata.updatedAt instanceof Date
+            ? task.metadata.updatedAt
+            : new Date(task.metadata.updatedAt);
+        // Convert the task to markdown with YAML frontmatter
         const frontmatterData = this.sanitizeForYAML({
             // Required fields
-            id: cp.id,
-            title: cp.title,
+            id: task.id,
+            title: task.title,
             // Deprecated: intent is kept for backward compatibility during migration
             // TODO: Remove intent field in future version
-            ...(cp.intent && { intent: cp.intent }),
+            ...(task.intent && { intent: task.intent }),
             createdAt: createdAt.toISOString(),
             updatedAt: updatedAt.toISOString(),
-            status: cp.status,
-            priority: cp.metadata.priority || 'medium',
+            status: task.status,
+            priority: task.metadata.priority || 'medium',
             // Author information
             author: {
-                id: cp.author.id,
-                name: cp.author.name,
-                email: cp.author.email || '',
+                id: task.author.id,
+                name: task.author.name,
+                email: task.author.email || '',
                 role: 'engineer', // Default role
-                type: cp.author.type
-            },
-            // Plan
-            plan: {
-                estimatedDuration: 'TBD',
-                dependencies: [],
-                steps: cp.planSteps.map(step => ({
-                    id: step.id,
-                    description: step.description,
-                    status: step.status
-                }))
+                type: task.author.type
             },
+            // Steps (top-level for consistency with CLI storage format)
+            steps: task.planSteps.map(step => ({
+                id: step.id,
+                description: step.description,
+                status: step.status,
+                ...(step.command && { command: step.command }),
+                ...(step.expectedOutcome && { expectedOutcome: step.expectedOutcome }),
+                ...(step.output && { output: step.output }),
+                ...(step.executedAt && { executedAt: step.executedAt instanceof Date ? step.executedAt.toISOString() : step.executedAt }),
+            })),
             // Metadata
-            tags: cp.metadata.tags || [],
+            tags: task.metadata.tags || [],
             labels: [],
-            comments: (cp.comments || []).filter((c) => c !== undefined)
+            // Comments use consistent field names: id, author, content, createdAt
+            comments: (task.comments || [])
+                .filter((c) => c !== undefined)
+                .map((c) => ({
+                id: c.id,
+                author: typeof c.author === 'string' ? c.author : c.author?.name || 'Unknown',
+                content: c.content || c.text || '',
+                createdAt: c.createdAt || c.timestamp || new Date().toISOString(),
+            }))
         });
-        const markdown = matter.stringify(content || this.getDefaultContent(cp), frontmatterData);
-        const filePath = path.join(this.basePath, 'proposals', `${cp.id}.md`);
+        const markdown = matter.stringify(content || this.getDefaultContent(task), frontmatterData);
+        const filePath = path.join(this.basePath, 'tasks', `${task.id}.md`);
         await fs.writeFile(filePath, markdown, 'utf-8');
     }
-    async getCP(id) {
+    async getTask(id) {
         try {
-            const filePath = path.join(this.basePath, 'proposals', `${id}.md`);
+            const filePath = path.join(this.basePath, 'tasks', `${id}.md`);
             const fileContent = await fs.readFile(filePath, 'utf-8');
             const { data, content } = matter(fileContent);
-            // Convert the frontmatter back to a ChangeProposal
-            return this.frontmatterToCP(data, content);
+            // Convert the frontmatter back to a Task
+            return this.frontmatterToTask(data, content);
         }
         catch (error) {
             if (error.code === 'ENOENT')
@@ -118,21 +126,19 @@ export class FileStorageAdapter {
             throw error;
         }
     }
-    async updateCP(id, updates) {
-        const existing = await this.getCP(id);
+    async updateTask(id, updates) {
+        const existing = await this.getTask(id);
         if (!existing)
-            throw new Error(`CP ${id} not found`);
-        // Never allow id to be updated to prevent overwriting other proposals
+            throw new Error(`Task ${id} not found`);
+        // Never allow id to be updated to prevent overwriting other tasks
         const { id: _, ...safeUpdates } = updates;
-        // Handle comments separately as they're stored at root level in file format
-        // Comments can come from either root level or metadata.comments
-        let commentsToStore = existing.metadata.comments || [];
+        // Comments live at root level on Task (not in metadata).
+        // Accept comments from root level or metadata.comments for backward compat.
+        let commentsToStore = existing.comments || [];
         if (safeUpdates.comments) {
-            // If comments are provided at root level, use them
             commentsToStore = safeUpdates.comments;
         }
         else if (safeUpdates.metadata?.comments) {
-            // If comments are provided in metadata, use them
             commentsToStore = safeUpdates.metadata.comments;
         }
         const updated = {
@@ -142,41 +148,39 @@ export class FileStorageAdapter {
                 ...existing.metadata,
                 ...safeUpdates.metadata,
                 updatedAt: new Date(),
-                comments: commentsToStore
             },
-            // Store comments at the root level for the file format
             comments: commentsToStore
         };
-        await this.createCP(updated);
+        await this.createTask(updated);
     }
-    async deleteCP(id) {
-        const filePath = path.join(this.basePath, 'proposals', `${id}.md`);
+    async deleteTask(id) {
+        const filePath = path.join(this.basePath, 'tasks', `${id}.md`);
         await fs.unlink(filePath);
     }
-    async listCPs(filter) {
-        const proposalsDir = path.join(this.basePath, 'proposals');
+    async listTasks(filter) {
+        const tasksDir = path.join(this.basePath, 'tasks');
         try {
-            const files = await fs.readdir(proposalsDir);
-            const proposals = await Promise.all(files
+            const files = await fs.readdir(tasksDir);
+            const tasks = await Promise.all(files
                 .filter(f => f.endsWith('.md'))
                 .map(async (file) => {
-                const content = await fs.readFile(path.join(proposalsDir, file), 'utf-8');
+                const content = await fs.readFile(path.join(tasksDir, file), 'utf-8');
                 const { data, content: body } = matter(content);
-                return this.frontmatterToCP(data, body);
+                return this.frontmatterToTask(data, body);
             }));
             // Apply filters
-            let filtered = proposals.filter(cp => {
-                if (!cp)
+            let filtered = tasks.filter(task => {
+                if (!task)
                     return false;
-                if (filter?.status && cp.status !== filter.status)
+                if (filter?.status && task.status !== filter.status)
                     return false;
-                if (filter?.author && cp.author.id !== filter.author)
+                if (filter?.author && task.author.id !== filter.author)
                     return false;
-                if (filter?.priority && cp.metadata.priority !== filter.priority)
+                if (filter?.priority && task.metadata.priority !== filter.priority)
                     return false;
                 if (filter?.tags && filter.tags.length > 0) {
-                    const cpTags = cp.metadata.tags || [];
-                    if (!filter.tags.some(tag => cpTags.includes(tag)))
+                    const taskTags = task.metadata.tags || [];
+                    if (!filter.tags.some(tag => taskTags.includes(tag)))
                         return false;
                 }
                 return true;
@@ -204,9 +208,9 @@ export class FileStorageAdapter {
             throw error;
         }
     }
-    async searchCPs(query) {
-        const allCPs = await this.listCPs();
-        const fuse = new Fuse(allCPs, {
+    async searchTasks(query) {
+        const allTasks = await this.listTasks();
+        const fuse = new Fuse(allTasks, {
             keys: [
                 { name: 'title', weight: 2 },
                 { name: 'intent', weight: 2 }, // Deprecated fallback
@@ -219,15 +223,16 @@ export class FileStorageAdapter {
         });
         return fuse.search(query).map(result => result.item);
     }
-    frontmatterToCP(data, content) {
-        // Handle both old and new format files
-        const steps = data.plan?.steps || data.steps || [];
-        // Transform comments to match expected format
-        const transformedComments = (data.comments || []).map((comment) => ({
+    frontmatterToTask(data, content) {
+        // Handle both old format (plan.steps) and new format (top-level steps)
+        const steps = data.steps || data.plan?.steps || [];
+        // Normalize comments using consistent field names (content/createdAt).
+        // Also handle legacy format (text/timestamp) for backward compatibility.
+        const normalizedComments = (data.comments || []).map((comment) => ({
             id: comment.id,
-            text: comment.content || comment.text || '', // Handle both content and text fields
             author: typeof comment.author === 'string' ? comment.author : comment.author?.name || 'Unknown',
-            timestamp: comment.createdAt || comment.timestamp || new Date().toISOString()
+            content: comment.content || comment.text || '',
+            createdAt: comment.createdAt || comment.timestamp || new Date().toISOString(),
         }));
         // Use title as primary, fall back to deprecated intent for backward compatibility
         const titleValue = data.title || data.intent || '';
@@ -260,6 +265,7 @@ export class FileStorageAdapter {
             telemetryContracts: data.telemetryContracts || [],
             releasePlan: data.releasePlan || { strategy: 'immediate' },
             status: data.status || 'draft',
+            comments: normalizedComments,
             metadata: {
                 createdAt: new Date(data.createdAt || Date.now()),
                 updatedAt: new Date(data.updatedAt || Date.now()),
@@ -267,16 +273,15 @@ export class FileStorageAdapter {
                 aiInteractions: data.aiInteractions || [],
                 tags: data.tags || [],
                 priority: data.priority || 'medium',
-                comments: transformedComments
             },
             content // Store the markdown content
         };
     }
-    getDefaultContent(cp) {
-        return `# ${cp.title}
+    getDefaultContent(task) {
+        return `# ${task.title}
 
 ## Problem Statement
-Describe the problem this change proposal addresses.
+Describe the problem this task addresses.
 
 ## Proposed Solution
 Describe the solution you're proposing.

package/dist/lib/terminal/terminal-manager.d.ts

@@ -2,13 +2,11 @@ import { WebSocket } from 'ws';
 import { ShellType } from './shell-utils.js';
 export interface TerminalSession {
     id: string;
-    proposalId: string;
+    taskId: string;
     pty: any;
     websocket?: WebSocket;
     createdAt: Date;
     lastActivity: Date;
-    enableLogging?: boolean;
-    logFilePath?: string;
     backlog: string;
     previewSockets?: Set<WebSocket>;
     previewBuffer?: string;
@@ -21,9 +19,9 @@ export declare class TerminalManager {
     private cleanupInterval;
     private static readonly MAX_BACKLOG_BYTES;
     constructor();
-    createSession(proposalId: string, enableLogging?: boolean, shellPreference?: ShellType, startupCommand?: string): Promise<TerminalSession>;
+    createSession(taskId: string, shellPreference?: ShellType, startupCommand?: string): Promise<TerminalSession>;
     getSession(sessionId: string): TerminalSession | undefined;
-    getSessionsByProposal(proposalId: string): TerminalSession[];
+    getSessionsByTask(taskId: string): TerminalSession[];
     attachWebSocket(sessionId: string, ws: WebSocket): boolean;
     destroySession(sessionId: string): boolean;
     resizeSession(sessionId: string, cols: number, rows: number): boolean;

package/dist/lib/terminal/terminal-manager.js

@@ -16,8 +16,8 @@ export class TerminalManager {
             this.cleanupInactiveSessions();
         }, 5 * 60 * 1000);
     }
-    async createSession(proposalId, enableLogging = false, shellPreference = 'bash', startupCommand) {
-        const sessionId = `${proposalId}-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
+    async createSession(taskId, shellPreference = 'bash', startupCommand) {
+        const sessionId = `${taskId}-${Date.now()}-${Math.random().toString(36).substr(2, 9)}`;
         // Get the project root directory
         let projectRoot;
         if (process.env.NODE_ENV === 'development' && process.env.GAIT_DEV_ROOT) {
@@ -32,8 +32,8 @@ export class TerminalManager {
         }
         // Prepare context information
         const contextInfo = {
-            proposalId,
-            proposalPath: path.join(projectRoot, '.nut', 'proposals', `${proposalId}.md`),
+            proposalId: taskId,
+            proposalPath: path.join(projectRoot, '.nut', 'tasks', `${taskId}.md`),
             contextPath: path.join(projectRoot, '.nut', 'context'),
             projectRoot,
         };
@@ -65,30 +65,21 @@ export class TerminalManager {
         catch (error) {
             console.error('Error creating init script:', error);
         }
-        // Set up logging if enabled
-        let logFilePath;
-        if (enableLogging) {
-            const sessionsDir = path.join(projectRoot, '.nut', 'sessions');
-            try {
-                fs.mkdirSync(sessionsDir, { recursive: true });
-                logFilePath = path.join(sessionsDir, `${sessionId}.log`);
-                // Create log file with session header
-                const logHeader = `# Terminal Session Log\n# Session ID: ${sessionId}\n# Proposal ID: ${proposalId}\n# Created: ${new Date().toISOString()}\n\n`;
-                fs.writeFileSync(logFilePath, logHeader);
-            }
-            catch (error) {
-                console.error('Error setting up session logging:', error);
-                logFilePath = undefined;
-            }
-        }
         // Get shell arguments
         const shellArgs = getShellArgs(shellPath, initScriptPath);
-        // Prepare environment variables with API keys injected
+        // Prepare environment variables with API keys injected.
+        // Remove internal dev-server env vars (GAIT_DEV_ROOT, NODE_ENV=development)
+        // so that tools like `nut` invoked inside the terminal resolve paths
+        // relative to the terminal's cwd (projectRoot) rather than the API package.
+        const injected = getInjectedEnv();
+        delete injected.GAIT_DEV_ROOT;
+        delete injected.NODE_ENV;
         const env = {
-            ...getInjectedEnv(),
-            COCONUT_PROPOSAL_ID: proposalId,
+            ...injected,
+            COCONUT_TASK_ID: taskId,
             COCONUT_CONTEXT_PATH: path.join(projectRoot, '.nut', 'context'),
-            COCONUT_PROPOSAL_PATH: path.join(projectRoot, '.nut', 'proposals', `${proposalId}.md`),
+            COCONUT_TASK_PATH: path.join(projectRoot, '.nut', 'tasks', `${taskId}.md`),
+            GAIT_DATA_PATH: projectRoot,
             TERM: 'xterm-256color',
             COLORTERM: 'truecolor',
         };
@@ -109,12 +100,10 @@ export class TerminalManager {
         });
         const session = {
             id: sessionId,
-            proposalId,
+            taskId,
             pty: ptyProcess,
             createdAt: new Date(),
             lastActivity: new Date(),
-            enableLogging,
-            logFilePath,
             backlog: '',
             previewSockets: new Set(),
             previewBuffer: '',
@@ -133,7 +122,7 @@ export class TerminalManager {
                 tags: ["agent", "terminal", "session"],
                 payload: {
                     sessionId,
-                    proposalId,
+                    taskId,
                     cwd: projectRoot,
                     shell: shellPath,
                 }
@@ -146,17 +135,6 @@ export class TerminalManager {
         // Set up PTY event handlers
         ptyProcess.onData((data) => {
             session.lastActivity = new Date();
-            // Log data if logging is enabled
-            if (session.enableLogging && session.logFilePath) {
-                try {
-                    const timestamp = new Date().toISOString();
-                    const logEntry = `[${timestamp}] OUTPUT: ${data}`;
-                    fs.appendFileSync(session.logFilePath, logEntry);
-                }
-                catch (error) {
-                    console.error('Error writing to session log:', error);
-                }
-            }
             // Maintain in-memory backlog (trim to last MAX_BACKLOG_BYTES)
             try {
                 // Append and trim to max size
@@ -180,17 +158,6 @@ export class TerminalManager {
         ptyProcess.onExit((e) => {
             const endTime = new Date();
             const duration = endTime.getTime() - session.createdAt.getTime();
-            // Log session end if logging is enabled
-            if (session.enableLogging && session.logFilePath) {
-                try {
-                    const timestamp = endTime.toISOString();
-                    const logEntry = `\n[${timestamp}] SESSION ENDED: Exit code ${e.exitCode}\n`;
-                    fs.appendFileSync(session.logFilePath, logEntry);
-                }
-                catch (error) {
-                    console.error('Error writing session end to log:', error);
-                }
-            }
             // Log session end to activity log
             try {
                 const logger = getLogger();
@@ -242,8 +209,8 @@ export class TerminalManager {
     getSession(sessionId) {
         return this.sessions.get(sessionId);
     }
-    getSessionsByProposal(proposalId) {
-        return Array.from(this.sessions.values()).filter(session => session.proposalId === proposalId);
+    getSessionsByTask(taskId) {
+        return Array.from(this.sessions.values()).filter(session => session.taskId === taskId);
     }
     attachWebSocket(sessionId, ws) {
         const session = this.sessions.get(sessionId);
@@ -282,17 +249,6 @@ export class TerminalManager {
                 const data = JSON.parse(message.toString());
                 switch (data.type) {
                     case 'input':
-                        // Log input if logging is enabled
-                        if (session.enableLogging && session.logFilePath) {
-                            try {
-                                const timestamp = new Date().toISOString();
-                                const logEntry = `[${timestamp}] INPUT: ${data.data}`;
-                                fs.appendFileSync(session.logFilePath, logEntry);
-                            }
-                            catch (error) {
-                                console.error('Error writing input to session log:', error);
-                            }
-                        }
                         session.pty.write(data.data);
                         session.lastActivity = new Date();
                         break;

package/dist/middleware/auth.js

@@ -1,11 +1,36 @@
 import { getCookie } from 'hono/cookie';
+import { getConnInfo } from '@hono/node-server/conninfo';
 import { getAuthManager } from '../lib/auth/auth-manager.js';
+const LOOPBACK_ADDRESSES = new Set(['127.0.0.1', '::1', '::ffff:127.0.0.1']);
+/**
+ * Check if a request is a direct localhost connection (not proxied).
+ * Used to allow CLI tools running on the server to bypass auth.
+ *
+ * Safe because:
+ * - Raw socket address cannot be spoofed (TCP guarantees this)
+ * - Proxied requests (nginx/ALB → node) include X-Forwarded-For, so they
+ *   are excluded even though the socket address is loopback
+ */
+function isDirectLocalConnection(c) {
+    try {
+        // If X-Forwarded-For is present, the request came through a proxy
+        if (c.req.header('x-forwarded-for')) {
+            return false;
+        }
+        const info = getConnInfo(c);
+        return LOOPBACK_ADDRESSES.has(info.remote.address || '');
+    }
+    catch {
+        return false;
+    }
+}
 // Public routes that don't require authentication
 const PUBLIC_ROUTES = [
     '/api/health',
     '/api/v1/auth/status',
     '/api/v1/auth/login',
     '/api/v1/auth/register',
+    '/api/v1/auth/logout',
     '/api/v1/auth/oauth',
     '/api/v1/auth/callback',
 ];
@@ -40,6 +65,13 @@ export async function authMiddleware(c, next) {
         // Auth is disabled, allow all requests
         return next();
     }
+    // Allow direct localhost connections (CLI on the same machine) to bypass auth.
+    // This is safe: the raw TCP socket address can't be spoofed, and proxied
+    // requests are excluded by checking for the X-Forwarded-For header.
+    if (isDirectLocalConnection(c)) {
+        c.set('authType', 'localhost');
+        return next();
+    }
     const path = c.req.path;
     // Allow public routes without authentication
     if (isPublicRoute(path)) {
@@ -129,6 +161,10 @@ export function requireAuth(c) {
         // Return null to indicate auth passed but no session available
         return null;
     }
+    // Direct localhost connections bypass auth (CLI on the same machine)
+    if (authType === 'localhost') {
+        return null;
+    }
     throw new Error('Authentication required');
 }
 /**

package/dist/routes/api/v1/ai/index.js

@@ -1,7 +1,5 @@
 import { Hono } from 'hono';
 import { POST } from './route.js';
-import { POST as toolsPost } from './tools.js';
 const app = new Hono();
 app.post('/', POST);
-app.post('/tools', toolsPost);
 export default app;