npm - @neuralnomads/codenomad-dev - Versions diffs - 0.10.3-dev-20260213-ba418a85 - Mend

@neuralnomads/codenomad-dev 0.10.3-dev-20260213-ba418a85

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (462) hide show

package/README.md +126 -0
package/dist/api-types.js +1 -0
package/dist/auth/auth-store.js +134 -0
package/dist/auth/http-auth.js +37 -0
package/dist/auth/manager.js +128 -0
package/dist/auth/password-hash.js +32 -0
package/dist/auth/session-manager.js +17 -0
package/dist/auth/token-manager.js +27 -0
package/dist/background-processes/manager.js +437 -0
package/dist/bin.js +24 -0
package/dist/config/binaries.js +148 -0
package/dist/config/location.js +57 -0
package/dist/config/schema.js +70 -0
package/dist/config/store.js +200 -0
package/dist/events/bus.js +41 -0
package/dist/filesystem/__tests__/search-cache.test.js +40 -0
package/dist/filesystem/browser.js +285 -0
package/dist/filesystem/search-cache.js +43 -0
package/dist/filesystem/search.js +135 -0
package/dist/index.js +410 -0
package/dist/integrations/github/bot-signature.js +11 -0
package/dist/integrations/github/git-ops.js +133 -0
package/dist/integrations/github/github-types.js +1 -0
package/dist/integrations/github/job-runner.js +608 -0
package/dist/integrations/github/octokit.js +58 -0
package/dist/integrations/github/sanitize-webhook.js +42 -0
package/dist/integrations/github/webhook-verify.js +21 -0
package/dist/integrations/github/workspace-context.js +10 -0
package/dist/integrations/github/worktree-context.js +15 -0
package/dist/launcher.js +149 -0
package/dist/loader.js +21 -0
package/dist/logger.js +109 -0
package/dist/opencode/request-context.js +39 -0
package/dist/opencode/worktree-directory.js +42 -0
package/dist/opencode-config/README.md +32 -0
package/dist/opencode-config/opencode.jsonc +3 -0
package/dist/opencode-config/package.json +9 -0
package/dist/opencode-config/plugin/codenomad.ts +32 -0
package/dist/opencode-config/plugin/lib/background-process.ts +253 -0
package/dist/opencode-config/plugin/lib/client.ts +133 -0
package/dist/opencode-config/plugin/lib/request.ts +214 -0
package/dist/opencode-config-template/README.md +32 -0
package/dist/opencode-config-template/opencode.jsonc +3 -0
package/dist/opencode-config-template/plugin/codenomad.ts +40 -0
package/dist/opencode-config-template/plugin/lib/background-process.ts +160 -0
package/dist/opencode-config-template/plugin/lib/client.ts +165 -0
package/dist/opencode-config.js +26 -0
package/dist/plugins/channel.js +40 -0
package/dist/plugins/handlers.js +17 -0
package/dist/releases/dev-release-monitor.js +75 -0
package/dist/releases/release-monitor.js +107 -0
package/dist/server/http-server.js +547 -0
package/dist/server/network-addresses.js +72 -0
package/dist/server/routes/auth-pages/login.html +134 -0
package/dist/server/routes/auth-pages/token.html +93 -0
package/dist/server/routes/auth.js +134 -0
package/dist/server/routes/background-processes.js +60 -0
package/dist/server/routes/config.js +59 -0
package/dist/server/routes/events.js +43 -0
package/dist/server/routes/filesystem.js +43 -0
package/dist/server/routes/github-plugin.js +215 -0
package/dist/server/routes/github-webhook.js +32 -0
package/dist/server/routes/meta.js +47 -0
package/dist/server/routes/plugin.js +52 -0
package/dist/server/routes/storage.js +52 -0
package/dist/server/routes/workspaces.js +89 -0
package/dist/server/routes/worktrees.js +156 -0
package/dist/server/tls.js +224 -0
package/dist/storage/instance-store.js +56 -0
package/dist/ui/__tests__/remote-ui.test.js +46 -0
package/dist/ui/remote-ui.js +462 -0
package/dist/workspaces/git-worktrees.js +199 -0
package/dist/workspaces/instance-events.js +180 -0
package/dist/workspaces/manager.js +375 -0
package/dist/workspaces/opencode-auth.js +16 -0
package/dist/workspaces/runtime.js +346 -0
package/dist/workspaces/worktree-map.js +116 -0
package/package.json +49 -0
package/public/apple-touch-icon-180x180.png +0 -0
package/public/assets/CodeNomad-Icon-bmTWNPXy.png +0 -0
package/public/assets/abap-BdImnpbu.js +1 -0
package/public/assets/actionscript-3-CfeIJUat.js +1 -0
package/public/assets/ada-bCR0ucgS.js +1 -0
package/public/assets/andromeeda-C-Jbm3Hp.js +1 -0
package/public/assets/angular-html-CU67Zn6k.js +1 -0
package/public/assets/angular-ts-BwZT4LLn.js +1 -0
package/public/assets/apache-Pmp26Uib.js +1 -0
package/public/assets/apex-DhZLUxFE.js +1 -0
package/public/assets/apl-dKokRX4l.js +1 -0
package/public/assets/applescript-Co6uUVPk.js +1 -0
package/public/assets/ara-BRHolxvo.js +1 -0
package/public/assets/asciidoc-Dv7Oe6Be.js +1 -0
package/public/assets/asm-D_Q5rh1f.js +1 -0
package/public/assets/astro-CbQHKStN.js +1 -0
package/public/assets/aurora-x-D-2ljcwZ.js +1 -0
package/public/assets/awk-DMzUqQB5.js +1 -0
package/public/assets/ayu-dark-Cv9koXgw.js +1 -0
package/public/assets/ballerina-BFfxhgS-.js +1 -0
package/public/assets/bat-BkioyH1T.js +1 -0
package/public/assets/beancount-k_qm7-4y.js +1 -0
package/public/assets/berry-D08WgyRC.js +1 -0
package/public/assets/bibtex-CHM0blh-.js +1 -0
package/public/assets/bicep-Bmn6On1c.js +1 -0
package/public/assets/blade-DVc8C-J4.js +1 -0
package/public/assets/bsl-BO_Y6i37.js +1 -0
package/public/assets/c-BIGW1oBm.js +1 -0
package/public/assets/cadence-Bv_4Rxtq.js +1 -0
package/public/assets/cairo-KRGpt6FW.js +1 -0
package/public/assets/catppuccin-frappe-DFWUc33u.js +1 -0
package/public/assets/catppuccin-latte-C9dUb6Cb.js +1 -0
package/public/assets/catppuccin-macchiato-DQyhUUbL.js +1 -0
package/public/assets/catppuccin-mocha-D87Tk5Gz.js +1 -0
package/public/assets/clarity-D53aC0YG.js +1 -0
package/public/assets/clojure-P80f7IUj.js +1 -0
package/public/assets/cmake-D1j8_8rp.js +1 -0
package/public/assets/cobol-nwyudZeR.js +1 -0
package/public/assets/codeowners-Bp6g37R7.js +1 -0
package/public/assets/codeql-DsOJ9woJ.js +1 -0
package/public/assets/coffee-Ch7k5sss.js +1 -0
package/public/assets/common-lisp-Cg-RD9OK.js +1 -0
package/public/assets/coq-DkFqJrB1.js +1 -0
package/public/assets/core-BSTVzpXI.js +1 -0
package/public/assets/cpp-CofmeUqb.js +1 -0
package/public/assets/crystal-tKQVLTB8.js +1 -0
package/public/assets/csharp-CX12Zw3r.js +1 -0
package/public/assets/css-DPfMkruS.js +1 -0
package/public/assets/csv-fuZLfV_i.js +1 -0
package/public/assets/cue-D82EKSYY.js +1 -0
package/public/assets/cypher-COkxafJQ.js +1 -0
package/public/assets/d-85-TOEBH.js +1 -0
package/public/assets/dark-plus-eOWES_5F.js +1 -0
package/public/assets/dart-CF10PKvl.js +1 -0
package/public/assets/dax-CEL-wOlO.js +1 -0
package/public/assets/desktop-BmXAJ9_W.js +1 -0
package/public/assets/diff-D97Zzqfu.js +1 -0
package/public/assets/docker-BcOcwvcX.js +1 -0
package/public/assets/dotenv-Da5cRb03.js +1 -0
package/public/assets/dracula-BzJJZx-M.js +1 -0
package/public/assets/dracula-soft-BXkSAIEj.js +1 -0
package/public/assets/dream-maker-BtqSS_iP.js +1 -0
package/public/assets/edge-BkV0erSs.js +1 -0
package/public/assets/elixir-CDX3lj18.js +1 -0
package/public/assets/elm-DbKCFpqz.js +1 -0
package/public/assets/emacs-lisp-C9XAeP06.js +1 -0
package/public/assets/erb-BOJIQeun.js +1 -0
package/public/assets/erlang-DsQrWhSR.js +1 -0
package/public/assets/everforest-dark-BgDCqdQA.js +1 -0
package/public/assets/everforest-light-C8M2exoo.js +1 -0
package/public/assets/fennel-BYunw83y.js +1 -0
package/public/assets/fish-BvzEVeQv.js +1 -0
package/public/assets/fluent-C4IJs8-o.js +1 -0
package/public/assets/fortran-fixed-form-BZjJHVRy.js +1 -0
package/public/assets/fortran-free-form-D22FLkUw.js +1 -0
package/public/assets/fsharp-CXgrBDvD.js +1 -0
package/public/assets/gdresource-B7Tvp0Sc.js +1 -0
package/public/assets/gdscript-DTMYz4Jt.js +1 -0
package/public/assets/gdshader-DkwncUOv.js +1 -0
package/public/assets/genie-D0YGMca9.js +1 -0
package/public/assets/gherkin-DyxjwDmM.js +1 -0
package/public/assets/git-commit-F4YmCXRG.js +1 -0
package/public/assets/git-rebase-r7XF79zn.js +1 -0
package/public/assets/github-dark-DHJKELXO.js +1 -0
package/public/assets/github-dark-default-Cuk6v7N8.js +1 -0
package/public/assets/github-dark-dimmed-DH5Ifo-i.js +1 -0
package/public/assets/github-dark-high-contrast-E3gJ1_iC.js +1 -0
package/public/assets/github-light-DAi9KRSo.js +1 -0
package/public/assets/github-light-default-D7oLnXFd.js +1 -0
package/public/assets/github-light-high-contrast-BfjtVDDH.js +1 -0
package/public/assets/gleam-BspZqrRM.js +1 -0
package/public/assets/glimmer-js-Rg0-pVw9.js +1 -0
package/public/assets/glimmer-ts-U6CK756n.js +1 -0
package/public/assets/glsl-DplSGwfg.js +1 -0
package/public/assets/gnuplot-DdkO51Og.js +1 -0
package/public/assets/go-Dn2_MT6a.js +1 -0
package/public/assets/graphql-ChdNCCLP.js +1 -0
package/public/assets/groovy-gcz8RCvz.js +1 -0
package/public/assets/gruvbox-dark-hard-CFHQjOhq.js +1 -0
package/public/assets/gruvbox-dark-medium-GsRaNv29.js +1 -0
package/public/assets/gruvbox-dark-soft-CVdnzihN.js +1 -0
package/public/assets/gruvbox-light-hard-CH1njM8p.js +1 -0
package/public/assets/gruvbox-light-medium-DRw_LuNl.js +1 -0
package/public/assets/gruvbox-light-soft-hJgmCMqR.js +1 -0
package/public/assets/hack-CaT9iCJl.js +1 -0
package/public/assets/haml-B8DHNrY2.js +1 -0
package/public/assets/handlebars-BL8al0AC.js +1 -0
package/public/assets/haskell-Df6bDoY_.js +1 -0
package/public/assets/haxe-CzTSHFRz.js +1 -0
package/public/assets/hcl-BWvSN4gD.js +1 -0
package/public/assets/hjson-D5-asLiD.js +1 -0
package/public/assets/hlsl-D3lLCCz7.js +1 -0
package/public/assets/houston-DnULxvSX.js +1 -0
package/public/assets/html-GMplVEZG.js +1 -0
package/public/assets/html-derivative-BFtXZ54Q.js +1 -0
package/public/assets/http-jrhK8wxY.js +1 -0
package/public/assets/hurl-irOxFIW8.js +1 -0
package/public/assets/hxml-Bvhsp5Yf.js +1 -0
package/public/assets/hy-DFXneXwc.js +1 -0
package/public/assets/imba-DGztddWO.js +1 -0
package/public/assets/index-D4PT0yE4.js +1 -0
package/public/assets/index-DN20ggb1.js +1 -0
package/public/assets/index-DdQ7zIzB.js +1 -0
package/public/assets/index-Dl-rJJuP.js +1 -0
package/public/assets/index-Dlo2gDiy.css +1 -0
package/public/assets/ini-BEwlwnbL.js +1 -0
package/public/assets/java-CylS5w8V.js +1 -0
package/public/assets/javascript-wDzz0qaB.js +1 -0
package/public/assets/jinja-4LBKfQ-Z.js +1 -0
package/public/assets/jison-wvAkD_A8.js +1 -0
package/public/assets/json-Cp-IABpG.js +1 -0
package/public/assets/json5-C9tS-k6U.js +1 -0
package/public/assets/jsonc-Des-eS-w.js +1 -0
package/public/assets/jsonl-DcaNXYhu.js +1 -0
package/public/assets/jsonnet-DFQXde-d.js +1 -0
package/public/assets/jssm-C2t-YnRu.js +1 -0
package/public/assets/jsx-g9-lgVsj.js +1 -0
package/public/assets/julia-C8NyazO9.js +1 -0
package/public/assets/kanagawa-dragon-CkXjmgJE.js +1 -0
package/public/assets/kanagawa-lotus-CfQXZHmo.js +1 -0
package/public/assets/kanagawa-wave-DWedfzmr.js +1 -0
package/public/assets/kdl-DV7GczEv.js +1 -0
package/public/assets/kotlin-BdnUsdx6.js +1 -0
package/public/assets/kusto-BvAqAH-y.js +1 -0
package/public/assets/laserwave-DUszq2jm.js +1 -0
package/public/assets/latex-BUKiar2Z.js +1 -0
package/public/assets/lean-DP1Csr6i.js +1 -0
package/public/assets/less-B1dDrJ26.js +1 -0
package/public/assets/light-plus-B7mTdjB0.js +1 -0
package/public/assets/liquid-DYVedYrR.js +1 -0
package/public/assets/llvm-BtvRca6l.js +1 -0
package/public/assets/loading-CmEVQgyj.css +1 -0
package/public/assets/loading-DgqIiz-T.js +1 -0
package/public/assets/log-2UxHyX5q.js +1 -0
package/public/assets/logo-BtOb2qkB.js +1 -0
package/public/assets/lua-BbnMAYS6.js +1 -0
package/public/assets/luau-CXu1NL6O.js +1 -0
package/public/assets/main-CSlDZj4f.js +188 -0
package/public/assets/main-HAZkIolJ.css +19 -0
package/public/assets/make-CHLpvVh8.js +1 -0
package/public/assets/markdown-Cvjx9yec.js +1 -0
package/public/assets/marko-CPi9NSCl.js +1 -0
package/public/assets/material-theme-D5KoaKCx.js +1 -0
package/public/assets/material-theme-darker-BfHTSMKl.js +1 -0
package/public/assets/material-theme-lighter-B0m2ddpp.js +1 -0
package/public/assets/material-theme-ocean-CyktbL80.js +1 -0
package/public/assets/material-theme-palenight-Csfq5Kiy.js +1 -0
package/public/assets/matlab-D7o27uSR.js +1 -0
package/public/assets/mdc-DUICxH0z.js +1 -0
package/public/assets/mdx-Cmh6b_Ma.js +1 -0
package/public/assets/mermaid-DKYwYmdq.js +1 -0
package/public/assets/min-dark-CafNBF8u.js +1 -0
package/public/assets/min-light-CTRr51gU.js +1 -0
package/public/assets/mipsasm-CKIfxQSi.js +1 -0
package/public/assets/mojo-1DNp92w6.js +1 -0
package/public/assets/monokai-D4h5O-jR.js +1 -0
package/public/assets/move-Bu9oaDYs.js +1 -0
package/public/assets/narrat-DRg8JJMk.js +1 -0
package/public/assets/nextflow-CUEJCptM.js +1 -0
package/public/assets/nginx-DknmC5AR.js +1 -0
package/public/assets/night-owl-C39BiMTA.js +1 -0
package/public/assets/nim-CVrawwO9.js +1 -0
package/public/assets/nix-BbRYJGeE.js +1 -0
package/public/assets/nord-Ddv68eIx.js +1 -0
package/public/assets/nushell-C-sUppwS.js +1 -0
package/public/assets/objective-c-DXmwc3jG.js +1 -0
package/public/assets/objective-cpp-CLxacb5B.js +1 -0
package/public/assets/ocaml-C0hk2d4L.js +1 -0
package/public/assets/one-dark-pro-DVMEJ2y_.js +1 -0
package/public/assets/one-light-PoHY5YXO.js +1 -0
package/public/assets/pascal-D93ZcfNL.js +1 -0
package/public/assets/perl-C0TMdlhV.js +1 -0
package/public/assets/php-CDn_0X-4.js +1 -0
package/public/assets/pkl-u5AG7uiY.js +1 -0
package/public/assets/plastic-3e1v2bzS.js +1 -0
package/public/assets/plsql-ChMvpjG-.js +1 -0
package/public/assets/po-BTJTHyun.js +1 -0
package/public/assets/poimandres-CS3Unz2-.js +1 -0
package/public/assets/polar-C0HS_06l.js +1 -0
package/public/assets/postcss-CXtECtnM.js +1 -0
package/public/assets/powerquery-CEu0bR-o.js +1 -0
package/public/assets/powershell-Dpen1YoG.js +1 -0
package/public/assets/prisma-Dd19v3D-.js +1 -0
package/public/assets/prolog-CbFg5uaA.js +1 -0
package/public/assets/proto-DyJlTyXw.js +1 -0
package/public/assets/pug-CGlum2m_.js +1 -0
package/public/assets/puppet-BMWR74SV.js +1 -0
package/public/assets/purescript-CklMAg4u.js +1 -0
package/public/assets/python-B6aJPvgy.js +1 -0
package/public/assets/qml-3beO22l8.js +1 -0
package/public/assets/qmldir-C8lEn-DE.js +1 -0
package/public/assets/qss-IeuSbFQv.js +1 -0
package/public/assets/r-DiinP2Uv.js +1 -0
package/public/assets/racket-BqYA7rlc.js +1 -0
package/public/assets/raku-DXvB9xmW.js +1 -0
package/public/assets/razor-WgofotgN.js +1 -0
package/public/assets/red-bN70gL4F.js +1 -0
package/public/assets/reg-C-SQnVFl.js +1 -0
package/public/assets/regexp-CDVJQ6XC.js +1 -0
package/public/assets/rel-C3B-1QV4.js +1 -0
package/public/assets/riscv-BM1_JUlF.js +1 -0
package/public/assets/rose-pine-BHrmToEH.js +1 -0
package/public/assets/rose-pine-dawn-CnK8MTSM.js +1 -0
package/public/assets/rose-pine-moon-NleAzG8P.js +1 -0
package/public/assets/rosmsg-BJDFO7_C.js +1 -0
package/public/assets/rst-B0xPkSld.js +1 -0
package/public/assets/ruby-BvKwtOVI.js +1 -0
package/public/assets/rust-B1yitclQ.js +1 -0
package/public/assets/sas-cz2c8ADy.js +1 -0
package/public/assets/sass-Cj5Yp3dK.js +1 -0
package/public/assets/scala-C151Ov-r.js +1 -0
package/public/assets/scheme-C98Dy4si.js +1 -0
package/public/assets/scss-OYdSNvt2.js +1 -0
package/public/assets/sdbl-DVxCFoDh.js +1 -0
package/public/assets/shaderlab-Dg9Lc6iA.js +1 -0
package/public/assets/shellscript-Yzrsuije.js +1 -0
package/public/assets/shellsession-BADoaaVG.js +1 -0
package/public/assets/slack-dark-BthQWCQV.js +1 -0
package/public/assets/slack-ochin-DqwNpetd.js +1 -0
package/public/assets/smalltalk-BERRCDM3.js +1 -0
package/public/assets/snazzy-light-Bw305WKR.js +1 -0
package/public/assets/solarized-dark-DXbdFlpD.js +1 -0
package/public/assets/solarized-light-L9t79GZl.js +1 -0
package/public/assets/solidity-BbcW6ACK.js +1 -0
package/public/assets/soy-Brmx7dQM.js +1 -0
package/public/assets/sparql-rVzFXLq3.js +1 -0
package/public/assets/splunk-BtCnVYZw.js +1 -0
package/public/assets/sql-BLtJtn59.js +1 -0
package/public/assets/ssh-config-_ykCGR6B.js +1 -0
package/public/assets/stata-BH5u7GGu.js +1 -0
package/public/assets/stylus-BEDo0Tqx.js +1 -0
package/public/assets/svelte-3Dk4HxPD.js +1 -0
package/public/assets/swift-Dg5xB15N.js +1 -0
package/public/assets/synthwave-84-CbfX1IO0.js +1 -0
package/public/assets/system-verilog-CnnmHF94.js +1 -0
package/public/assets/systemd-4A_iFExJ.js +1 -0
package/public/assets/talonscript-CkByrt1z.js +1 -0
package/public/assets/tasl-QIJgUcNo.js +1 -0
package/public/assets/tcl-dwOrl1Do.js +1 -0
package/public/assets/templ-W15q3VgB.js +1 -0
package/public/assets/terraform-BETggiCN.js +1 -0
package/public/assets/tex-Cppo0RY3.js +1 -0
package/public/assets/tokyo-night-hegEt444.js +1 -0
package/public/assets/toml-vGWfd6FD.js +1 -0
package/public/assets/ts-tags-zn1MmPIZ.js +1 -0
package/public/assets/tsv-B_m7g4N7.js +1 -0
package/public/assets/tsx-COt5Ahok.js +1 -0
package/public/assets/turtle-BsS91CYL.js +1 -0
package/public/assets/twig-CO9l9SDP.js +1 -0
package/public/assets/typescript-BPQ3VLAy.js +1 -0
package/public/assets/typespec-Df68jz8_.js +1 -0
package/public/assets/typst-DHCkPAjA.js +1 -0
package/public/assets/v-BcVCzyr7.js +1 -0
package/public/assets/vala-CsfeWuGM.js +1 -0
package/public/assets/vb-D17OF-Vu.js +1 -0
package/public/assets/verilog-BQ8w6xss.js +1 -0
package/public/assets/vesper-DU1UobuO.js +1 -0
package/public/assets/vhdl-CeAyd5Ju.js +1 -0
package/public/assets/viml-CJc9bBzg.js +1 -0
package/public/assets/vitesse-black-Bkuqu6BP.js +1 -0
package/public/assets/vitesse-dark-D0r3Knsf.js +1 -0
package/public/assets/vitesse-light-CVO1_9PV.js +1 -0
package/public/assets/vue-CCoi5OLL.js +1 -0
package/public/assets/vue-html-DAAvJJDi.js +1 -0
package/public/assets/vue-vine-_Ih-lPRR.js +1 -0
package/public/assets/vyper-CDx5xZoG.js +1 -0
package/public/assets/wasm-CG6Dc4jp.js +1 -0
package/public/assets/wasm-MzD3tlZU.js +1 -0
package/public/assets/wenyan-BV7otONQ.js +1 -0
package/public/assets/wgsl-Dx-B1_4e.js +1 -0
package/public/assets/wikitext-BhOHFoWU.js +1 -0
package/public/assets/wit-5i3qLPDT.js +1 -0
package/public/assets/wolfram-lXgVvXCa.js +1 -0
package/public/assets/xml-sdJ4AIDG.js +1 -0
package/public/assets/xsl-CtQFsRM5.js +1 -0
package/public/assets/yaml-Buea-lGh.js +1 -0
package/public/assets/zenscript-DVFEvuxE.js +1 -0
package/public/assets/zig-VOosw3JB.js +1 -0
package/public/favicon.ico +0 -0
package/public/index.html +38 -0
package/public/loading.html +28 -0
package/public/logo.png +0 -0
package/public/manifest.webmanifest +1 -0
package/public/maskable-icon-512x512.png +0 -0
package/public/monaco/vs/base/browser/ui/codicons/codicon/codicon.ttf +0 -0
package/public/monaco/vs/base/worker/workerMain.js +31 -0
package/public/monaco/vs/basic-languages/cpp/cpp.js +10 -0
package/public/monaco/vs/basic-languages/kotlin/kotlin.js +10 -0
package/public/monaco/vs/basic-languages/markdown/markdown.js +10 -0
package/public/monaco/vs/basic-languages/python/python.js +10 -0
package/public/monaco/vs/editor/editor.main.css +8 -0
package/public/monaco/vs/editor/editor.main.js +798 -0
package/public/monaco/vs/language/css/cssMode.js +13 -0
package/public/monaco/vs/language/css/cssWorker.js +77 -0
package/public/monaco/vs/language/html/htmlMode.js +13 -0
package/public/monaco/vs/language/html/htmlWorker.js +454 -0
package/public/monaco/vs/language/json/jsonMode.js +19 -0
package/public/monaco/vs/language/json/jsonWorker.js +42 -0
package/public/monaco/vs/language/typescript/tsMode.js +20 -0
package/public/monaco/vs/language/typescript/tsWorker.js +51328 -0
package/public/monaco/vs/loader.js +11 -0
package/public/monaco.worker.js +7 -0
package/public/pwa-192x192.png +0 -0
package/public/pwa-512x512.png +0 -0
package/public/pwa-64x64.png +0 -0
package/public/registerSW.js +1 -0
package/public/sw.js +1 -0
package/public/ui-version.json +3 -0
package/public/workbox-60d14903.js +1 -0
package/scripts/copy-auth-pages.mjs +22 -0
package/scripts/copy-opencode-config.mjs +61 -0
package/scripts/copy-ui-dist.mjs +21 -0
package/src/api-types.ts +326 -0
package/src/auth/auth-store.ts +175 -0
package/src/auth/http-auth.ts +38 -0
package/src/auth/manager.ts +163 -0
package/src/auth/password-hash.ts +49 -0
package/src/auth/session-manager.ts +23 -0
package/src/auth/token-manager.ts +32 -0
package/src/background-processes/manager.ts +519 -0
package/src/bin.ts +29 -0
package/src/config/binaries.ts +192 -0
package/src/config/location.ts +78 -0
package/src/config/schema.ts +104 -0
package/src/config/store.ts +244 -0
package/src/events/bus.ts +45 -0
package/src/filesystem/__tests__/search-cache.test.ts +61 -0
package/src/filesystem/browser.ts +353 -0
package/src/filesystem/search-cache.ts +66 -0
package/src/filesystem/search.ts +184 -0
package/src/index.ts +540 -0
package/src/launcher.ts +177 -0
package/src/loader.ts +21 -0
package/src/logger.ts +133 -0
package/src/opencode-config.ts +31 -0
package/src/plugins/channel.ts +55 -0
package/src/plugins/handlers.ts +36 -0
package/src/releases/dev-release-monitor.ts +118 -0
package/src/releases/release-monitor.ts +149 -0
package/src/server/http-server.ts +693 -0
package/src/server/network-addresses.ts +75 -0
package/src/server/routes/auth-pages/login.html +134 -0
package/src/server/routes/auth-pages/token.html +93 -0
package/src/server/routes/auth.ts +164 -0
package/src/server/routes/background-processes.ts +85 -0
package/src/server/routes/config.ts +76 -0
package/src/server/routes/events.ts +61 -0
package/src/server/routes/filesystem.ts +54 -0
package/src/server/routes/meta.ts +58 -0
package/src/server/routes/plugin.ts +75 -0
package/src/server/routes/storage.ts +66 -0
package/src/server/routes/workspaces.ts +113 -0
package/src/server/routes/worktrees.ts +195 -0
package/src/server/tls.ts +283 -0
package/src/storage/instance-store.ts +64 -0
package/src/ui/__tests__/remote-ui.test.ts +58 -0
package/src/ui/remote-ui.ts +571 -0
package/src/workspaces/git-worktrees.ts +241 -0
package/src/workspaces/instance-events.ts +226 -0
package/src/workspaces/manager.ts +493 -0
package/src/workspaces/opencode-auth.ts +22 -0
package/src/workspaces/runtime.ts +428 -0
package/src/workspaces/worktree-map.ts +129 -0
package/tsconfig.json +17 -0

package/src/server/http-server.ts ADDED Viewed

@@ -0,0 +1,693 @@
+import Fastify, { type FastifyInstance, type FastifyReply, type FastifyRequest } from "fastify"
+import cors from "@fastify/cors"
+import fastifyStatic from "@fastify/static"
+import replyFrom from "@fastify/reply-from"
+import fs from "fs"
+import path from "path"
+import { fetch } from "undici"
+import type { Logger } from "../logger"
+import { WorkspaceManager } from "../workspaces/manager"
+import { isValidWorktreeSlug, listWorktrees, resolveRepoRoot } from "../workspaces/git-worktrees"
+import { ConfigStore } from "../config/store"
+import { BinaryRegistry } from "../config/binaries"
+import { FileSystemBrowser } from "../filesystem/browser"
+import { EventBus } from "../events/bus"
+import { registerWorkspaceRoutes } from "./routes/workspaces"
+import { registerConfigRoutes } from "./routes/config"
+import { registerFilesystemRoutes } from "./routes/filesystem"
+import { registerMetaRoutes } from "./routes/meta"
+import { registerEventRoutes } from "./routes/events"
+import { registerStorageRoutes } from "./routes/storage"
+import { registerPluginRoutes } from "./routes/plugin"
+import { registerBackgroundProcessRoutes } from "./routes/background-processes"
+import { registerWorktreeRoutes } from "./routes/worktrees"
+import { ServerMeta } from "../api-types"
+import { InstanceStore } from "../storage/instance-store"
+import { BackgroundProcessManager } from "../background-processes/manager"
+import type { AuthManager } from "../auth/manager"
+import { registerAuthRoutes } from "./routes/auth"
+import { sendUnauthorized, wantsHtml } from "../auth/http-auth"
+interface HttpServerDeps {
+  bindHost: string
+  bindPort: number
+  /** When bindPort is 0, try this first. */
+  defaultPort: number
+  protocol: "http" | "https"
+  httpsOptions?: { key: string | Buffer; cert: string | Buffer; ca?: string | Buffer }
+  workspaceManager: WorkspaceManager
+  configStore: ConfigStore
+  binaryRegistry: BinaryRegistry
+  fileSystemBrowser: FileSystemBrowser
+  eventBus: EventBus
+  serverMeta: ServerMeta
+  instanceStore: InstanceStore
+  authManager: AuthManager
+  uiStaticDir: string
+  uiDevServerUrl?: string
+  logger: Logger
+}
+interface HttpServerStartResult {
+  port: number
+  url: string
+  displayHost: string
+}
+export function createHttpServer(deps: HttpServerDeps) {
+  // Fastify's type-level RawServer inference gets noisy when toggling HTTP vs HTTPS.
+  // We keep the runtime behavior correct and cast the instance to a generic FastifyInstance.
+  const app = Fastify(
+    ({
+      logger: false,
+      ...(deps.protocol === "https" && deps.httpsOptions ? { https: deps.httpsOptions } : {}),
+    } as unknown) as any,
+  ) as unknown as FastifyInstance
+  const proxyLogger = deps.logger.child({ component: "proxy" })
+  const apiLogger = deps.logger.child({ component: "http" })
+  const sseLogger = deps.logger.child({ component: "sse" })
+  const sseClients = new Set<() => void>()
+  const registerSseClient = (cleanup: () => void) => {
+    sseClients.add(cleanup)
+    return () => sseClients.delete(cleanup)
+  }
+  const closeSseClients = () => {
+    for (const cleanup of Array.from(sseClients)) {
+      cleanup()
+    }
+    sseClients.clear()
+  }
+  app.addHook("onRequest", (request, _reply, done) => {
+    ;(request as FastifyRequest & { __logMeta?: { start: bigint } }).__logMeta = {
+      start: process.hrtime.bigint(),
+    }
+    done()
+  })
+  app.addHook("onResponse", (request, reply, done) => {
+    const meta = (request as FastifyRequest & { __logMeta?: { start: bigint } }).__logMeta
+    const durationMs = meta ? Number((process.hrtime.bigint() - meta.start) / BigInt(1_000_000)) : undefined
+    const base = {
+      method: request.method,
+      url: request.url,
+      status: reply.statusCode,
+      durationMs,
+    }
+    apiLogger.debug(base, "HTTP request completed")
+    if (apiLogger.isLevelEnabled("trace")) {
+      apiLogger.trace({ ...base, params: request.params, query: request.query, body: request.body }, "HTTP request payload")
+    }
+    done()
+  })
+  const allowedDevOrigins = new Set(["http://localhost:3000", "http://127.0.0.1:3000"])
+  const isLoopbackHost = (host: string) => host === "127.0.0.1" || host === "::1" || host.startsWith("127.")
+  const getSelfOrigins = (): Set<string> => {
+    const origins = new Set<string>()
+    const candidates: Array<string | undefined> = [deps.serverMeta.localUrl, deps.serverMeta.remoteUrl]
+    for (const candidate of candidates) {
+      if (!candidate) continue
+      try {
+        origins.add(new URL(candidate).origin)
+      } catch {
+        // ignore
+      }
+    }
+    for (const addr of deps.serverMeta.addresses ?? []) {
+      try {
+        origins.add(new URL(addr.remoteUrl).origin)
+      } catch {
+        // ignore
+      }
+    }
+    return origins
+  }
+  app.register(cors, {
+    origin: (origin, cb) => {
+      if (!origin) {
+        cb(null, true)
+        return
+      }
+      const selfOrigins = getSelfOrigins()
+      if (selfOrigins.has(origin)) {
+        cb(null, true)
+        return
+      }
+       if (allowedDevOrigins.has(origin)) {
+         cb(null, true)
+         return
+       }
+       // When we bind to a non-loopback host (e.g., 0.0.0.0 or LAN IP), allow cross-origin UI access.
+       if (deps.bindHost === "0.0.0.0" || !isLoopbackHost(deps.bindHost)) {
+         cb(null, true)
+         return
+       }
+      cb(null, false)
+    },
+    credentials: true,
+  })
+  app.register(replyFrom, {
+    contentTypesToEncode: [],
+    undici: {
+      connections: 16,
+      pipelining: 1,
+      bodyTimeout: 0,
+      headersTimeout: 0,
+    },
+  })
+  const backgroundProcessManager = new BackgroundProcessManager({
+    workspaceManager: deps.workspaceManager,
+    eventBus: deps.eventBus,
+    logger: deps.logger.child({ component: "background-processes" }),
+  })
+  registerAuthRoutes(app, { authManager: deps.authManager })
+  app.addHook("preHandler", (request, reply, done) => {
+    const rawUrl = request.raw.url ?? request.url
+    const pathname = (rawUrl.split("?")[0] ?? "").trim()
+    const publicApiPaths = new Set(["/api/auth/login", "/api/auth/token", "/api/auth/status", "/api/auth/logout"])
+    const publicPagePaths = new Set(["/login"])
+    if (deps.authManager.isTokenBootstrapEnabled()) {
+      publicPagePaths.add("/auth/token")
+    }
+    if (publicApiPaths.has(pathname) || publicPagePaths.has(pathname)) {
+      done()
+      return
+    }
+    const session = deps.authManager.getSessionFromRequest(request)
+    const requiresAuthForApi = pathname.startsWith("/api/") || pathname.startsWith("/workspaces/")
+    if (requiresAuthForApi && !session) {
+      // Allow OpenCode plugin -> CodeNomad calls with per-instance basic auth.
+      const pluginMatch = pathname.match(/^\/workspaces\/([^/]+)\/plugin(?:\/|$)/)
+      if (pluginMatch) {
+        const workspaceId = pluginMatch[1]
+        const expected = deps.workspaceManager.getInstanceAuthorizationHeader(workspaceId)
+        const provided = Array.isArray(request.headers.authorization)
+          ? request.headers.authorization[0]
+          : request.headers.authorization
+        if (expected && provided && provided === expected) {
+          done()
+          return
+        }
+      }
+      sendUnauthorized(request, reply)
+      return
+    }
+    if (!session && wantsHtml(request)) {
+      reply.redirect("/login")
+      return
+    }
+    done()
+  })
+  app.get("/", async (request, reply) => {
+    const session = deps.authManager.getSessionFromRequest(request)
+    if (!session) {
+      reply.redirect("/login")
+      return
+    }
+    if (deps.uiDevServerUrl) {
+      await proxyToDevServer(request, reply, deps.uiDevServerUrl)
+      return
+    }
+    const uiDir = deps.uiStaticDir
+    const indexPath = path.join(uiDir, "index.html")
+    if (uiDir && fs.existsSync(indexPath)) {
+      reply.type("text/html").send(fs.readFileSync(indexPath, "utf-8"))
+      return
+    }
+    reply.code(404).send({ message: "UI bundle missing" })
+  })
+  registerWorkspaceRoutes(app, { workspaceManager: deps.workspaceManager })
+  registerConfigRoutes(app, { configStore: deps.configStore, binaryRegistry: deps.binaryRegistry })
+  registerFilesystemRoutes(app, { fileSystemBrowser: deps.fileSystemBrowser })
+  registerMetaRoutes(app, { serverMeta: deps.serverMeta })
+  registerEventRoutes(app, { eventBus: deps.eventBus, registerClient: registerSseClient, logger: sseLogger })
+  registerWorktreeRoutes(app, { workspaceManager: deps.workspaceManager })
+  registerStorageRoutes(app, {
+    instanceStore: deps.instanceStore,
+    eventBus: deps.eventBus,
+    workspaceManager: deps.workspaceManager,
+  })
+  registerPluginRoutes(app, { workspaceManager: deps.workspaceManager, eventBus: deps.eventBus, logger: proxyLogger })
+  registerBackgroundProcessRoutes(app, { backgroundProcessManager })
+  registerInstanceProxyRoutes(app, { workspaceManager: deps.workspaceManager, logger: proxyLogger })
+  if (deps.uiDevServerUrl) {
+    setupDevProxy(app, deps.uiDevServerUrl, deps.authManager)
+  } else {
+    setupStaticUi(app, deps.uiStaticDir, deps.authManager)
+  }
+  return {
+    instance: app,
+    start: async (): Promise<HttpServerStartResult> => {
+      const attemptListen = async (requestedPort: number) => {
+        const addressInfo = await app.listen({ port: requestedPort, host: deps.bindHost })
+        return { addressInfo, requestedPort }
+      }
+      const autoPortRequested = deps.bindPort === 0
+      const primaryPort = autoPortRequested ? deps.defaultPort : deps.bindPort
+      const shouldRetryWithEphemeral = (error: unknown) => {
+        if (!autoPortRequested) return false
+        const err = error as NodeJS.ErrnoException | undefined
+        return Boolean(err && err.code === "EADDRINUSE")
+      }
+      let listenResult
+      try {
+        listenResult = await attemptListen(primaryPort)
+      } catch (error) {
+        if (!shouldRetryWithEphemeral(error)) {
+          throw error
+        }
+        deps.logger.warn({ err: error, port: primaryPort }, "Preferred port unavailable, retrying on ephemeral port")
+        listenResult = await attemptListen(0)
+      }
+      let actualPort = listenResult.requestedPort
+      if (typeof listenResult.addressInfo === "string") {
+        try {
+          const parsed = new URL(listenResult.addressInfo)
+          actualPort = Number(parsed.port) || listenResult.requestedPort
+        } catch {
+          actualPort = listenResult.requestedPort
+        }
+      } else {
+        const address = app.server.address()
+        if (typeof address === "object" && address) {
+          actualPort = address.port
+        }
+      }
+      const displayHost = deps.bindHost === "127.0.0.1" ? "localhost" : deps.bindHost
+      const serverUrl = `${deps.protocol}://${displayHost}:${actualPort}`
+      deps.logger.info({ port: actualPort, host: deps.bindHost, protocol: deps.protocol }, "HTTP server listening")
+      return { port: actualPort, url: serverUrl, displayHost }
+    },
+    stop: () => {
+      closeSseClients()
+      return app.close()
+    },
+  }
+}
+interface InstanceProxyDeps {
+  workspaceManager: WorkspaceManager
+  logger: Logger
+}
+function registerInstanceProxyRoutes(app: FastifyInstance, deps: InstanceProxyDeps) {
+  app.register(async (instance) => {
+    instance.removeAllContentTypeParsers()
+    instance.addContentTypeParser("*", (req, body, done) => done(null, body))
+    const proxyBaseHandler = async (
+      request: FastifyRequest<{ Params: { id: string; slug: string } }>,
+      reply: FastifyReply,
+    ) => {
+      await proxyWorkspaceRequest({
+        request,
+        reply,
+        workspaceManager: deps.workspaceManager,
+        worktreeSlug: request.params.slug,
+        pathSuffix: "",
+        logger: deps.logger,
+      })
+    }
+    const proxyWildcardHandler = async (
+      request: FastifyRequest<{ Params: { id: string; slug: string; "*": string } }>,
+      reply: FastifyReply,
+    ) => {
+      await proxyWorkspaceRequest({
+        request,
+        reply,
+        workspaceManager: deps.workspaceManager,
+        worktreeSlug: request.params.slug,
+        pathSuffix: request.params["*"] ?? "",
+        logger: deps.logger,
+      })
+    }
+    instance.all("/workspaces/:id/worktrees/:slug/instance", proxyBaseHandler)
+    instance.all("/workspaces/:id/worktrees/:slug/instance/*", proxyWildcardHandler)
+  })
+}
+const INSTANCE_PROXY_HOST = "127.0.0.1"
+async function proxyWorkspaceRequest(args: {
+  request: FastifyRequest
+  reply: FastifyReply
+  workspaceManager: WorkspaceManager
+  logger: Logger
+  worktreeSlug: string
+  pathSuffix?: string
+}) {
+  const { request, reply, workspaceManager, logger, worktreeSlug } = args
+  const workspaceId = (request.params as { id: string }).id
+  const workspace = workspaceManager.get(workspaceId)
+  const bodyToJson = (body: unknown): unknown => {
+    if (body == null) return null
+    const anyBody = body as any
+    if (anyBody && typeof anyBody.pipe === "function") {
+      // Don't consume streams (would break proxying).
+      // Best-effort: if the stream already has buffered chunks, parse those.
+      try {
+        const buffered = anyBody?._readableState?.buffer
+        if (Array.isArray(buffered) && buffered.length > 0) {
+          const chunks: Buffer[] = []
+          for (const entry of buffered) {
+            if (!entry) continue
+            if (Buffer.isBuffer(entry)) {
+              chunks.push(entry)
+              continue
+            }
+            const data = (entry as any).data
+            if (Buffer.isBuffer(data)) {
+              chunks.push(data)
+            }
+          }
+          if (chunks.length > 0) {
+            const text = Buffer.concat(chunks).toString("utf-8")
+            try {
+              return JSON.parse(text)
+            } catch {
+              return { __raw: text }
+            }
+          }
+        }
+      } catch {
+        // fall through
+      }
+      return { __stream: true }
+    }
+    const maybeParse = (input: string): unknown => {
+      try {
+        return JSON.parse(input)
+      } catch {
+        return { __raw: input }
+      }
+    }
+    if (Buffer.isBuffer(body)) {
+      return maybeParse(body.toString("utf-8"))
+    }
+    if (typeof body === "string") {
+      return maybeParse(body)
+    }
+    if (typeof body === "object") {
+      return body
+    }
+    return body
+  }
+  if (!workspace) {
+    reply.code(404).send({ error: "Workspace not found" })
+    return
+  }
+  const port = workspaceManager.getInstancePort(workspaceId)
+  if (!port) {
+    reply.code(502).send({ error: "Workspace instance is not ready" })
+    return
+  }
+  if (!isValidWorktreeSlug(worktreeSlug)) {
+    reply.code(400).send({ error: "Invalid worktree slug" })
+    return
+  }
+  const directory = await resolveWorktreeDirectory({
+    workspaceId,
+    workspacePath: workspace.path,
+    worktreeSlug,
+    logger,
+  })
+  if (!directory) {
+    reply.code(404).send({ error: "Worktree not found" })
+    return
+  }
+  const normalizedSuffix = normalizeInstanceSuffix(args.pathSuffix)
+  const queryIndex = (request.raw.url ?? "").indexOf("?")
+  const search = queryIndex >= 0 ? (request.raw.url ?? "").slice(queryIndex) : ""
+  const targetUrl = `http://${INSTANCE_PROXY_HOST}:${port}${normalizedSuffix}${search}`
+  const instanceAuthHeader = workspaceManager.getInstanceAuthorizationHeader(workspaceId)
+  logger.debug({ workspaceId, method: request.method, targetUrl }, "Proxying request to instance")
+  if (logger.isLevelEnabled("trace")) {
+    logger.trace({ workspaceId, targetUrl, body: request.body }, "Instance proxy payload")
+  }
+  return reply.from(targetUrl, {
+    rewriteRequestHeaders: (_originalRequest, headers) => {
+      if (instanceAuthHeader) {
+        headers.authorization = instanceAuthHeader
+      }
+      // OpenCode expects the *full* path; we send it via header to avoid query tampering.
+      const isNonASCII = /[^\x00-\x7F]/.test(directory)
+      const encodedDirectory = isNonASCII ? encodeURIComponent(directory) : directory
+      // Overwrite any client-provided value (case-insensitive headers are normalized by Node).
+      ;(headers as Record<string, unknown>)["x-opencode-directory"] = encodedDirectory
+      if (logger.isLevelEnabled("trace")) {
+        const outgoing: Record<string, unknown> = {}
+        for (const [key, value] of Object.entries(headers as Record<string, unknown>)) {
+          outgoing[key] = value
+        }
+        // Redact sensitive headers.
+        for (const key of Object.keys(outgoing)) {
+          const lower = key.toLowerCase()
+          if (lower === "authorization" || lower === "cookie" || lower === "set-cookie") {
+            outgoing[key] = "<redacted>"
+          }
+        }
+        logger.trace(
+          {
+            workspaceId,
+            method: request.method,
+            targetUrl,
+            worktreeSlug,
+            directory,
+            contentType: request.headers["content-type"],
+            body: bodyToJson(request.body),
+            headers: outgoing,
+          },
+          "Proxy -> OpenCode request",
+        )
+      }
+      return headers
+    },
+    onError: (proxyReply, { error }) => {
+      logger.error({ err: error, workspaceId, targetUrl }, "Failed to proxy workspace request")
+      if (!proxyReply.sent) {
+        proxyReply.code(502).send({ error: "Workspace instance proxy failed" })
+      }
+    },
+  })
+}
+function normalizeInstanceSuffix(pathSuffix: string | undefined) {
+  if (!pathSuffix || pathSuffix === "/") {
+    return "/"
+  }
+  const trimmed = pathSuffix.replace(/^\/+/, "")
+  return trimmed.length === 0 ? "/" : `/${trimmed}`
+}
+type WorktreeCacheEntry = {
+  expiresAt: number
+  repoRoot: string
+  worktrees: Array<{ slug: string; directory: string }>
+}
+const WORKTREE_CACHE_TTL_MS = 2000
+const worktreeCache = new Map<string, WorktreeCacheEntry>()
+async function getCachedWorktrees(params: { workspaceId: string; workspacePath: string; logger: Logger }) {
+  const cached = worktreeCache.get(params.workspaceId)
+  const now = Date.now()
+  if (cached && cached.expiresAt > now) {
+    return cached
+  }
+  const { repoRoot } = await resolveRepoRoot(params.workspacePath, params.logger)
+  const worktrees = await listWorktrees({ repoRoot, workspaceFolder: params.workspacePath, logger: params.logger })
+  const entry: WorktreeCacheEntry = {
+    expiresAt: now + WORKTREE_CACHE_TTL_MS,
+    repoRoot,
+    worktrees: worktrees.map((wt) => ({ slug: wt.slug, directory: wt.directory })),
+  }
+  worktreeCache.set(params.workspaceId, entry)
+  return entry
+}
+async function resolveWorktreeDirectory(params: {
+  workspaceId: string
+  workspacePath: string
+  worktreeSlug: string
+  logger: Logger
+}): Promise<string | null> {
+  const { worktreeSlug } = params
+  const cached = await getCachedWorktrees({ workspaceId: params.workspaceId, workspacePath: params.workspacePath, logger: params.logger })
+  const match = cached.worktrees.find((wt) => wt.slug === worktreeSlug)
+  if (match) {
+    return match.directory
+  }
+  // If the slug is new (e.g., created moments ago), refresh once.
+  worktreeCache.delete(params.workspaceId)
+  const refreshed = await getCachedWorktrees({ workspaceId: params.workspaceId, workspacePath: params.workspacePath, logger: params.logger })
+  return refreshed.worktrees.find((wt) => wt.slug === worktreeSlug)?.directory ?? null
+}
+function setupStaticUi(app: FastifyInstance, uiDir: string, authManager: AuthManager) {
+  if (!uiDir) {
+    app.log.warn("UI static directory not provided; API endpoints only")
+    return
+  }
+  if (!fs.existsSync(uiDir)) {
+    app.log.warn({ uiDir }, "UI static directory missing; API endpoints only")
+    return
+  }
+  app.register(fastifyStatic, {
+    root: uiDir,
+    prefix: "/",
+    decorateReply: false,
+  })
+  const indexPath = path.join(uiDir, "index.html")
+  app.setNotFoundHandler((request: FastifyRequest, reply: FastifyReply) => {
+    const url = request.raw.url ?? ""
+    if (isApiRequest(url)) {
+      reply.code(404).send({ message: "Not Found" })
+      return
+    }
+    const session = authManager.getSessionFromRequest(request)
+    if (!session && wantsHtml(request)) {
+      reply.redirect("/login")
+      return
+    }
+    if (fs.existsSync(indexPath)) {
+      reply.type("text/html").send(fs.readFileSync(indexPath, "utf-8"))
+    } else {
+      reply.code(404).send({ message: "UI bundle missing" })
+    }
+  })
+}
+function setupDevProxy(app: FastifyInstance, upstreamBase: string, authManager: AuthManager) {
+  app.log.info({ upstreamBase }, "Proxying UI requests to development server")
+  app.setNotFoundHandler((request: FastifyRequest, reply: FastifyReply) => {
+    const url = request.raw.url ?? ""
+    if (isApiRequest(url)) {
+      reply.code(404).send({ message: "Not Found" })
+      return
+    }
+    const session = authManager.getSessionFromRequest(request)
+    if (!session && wantsHtml(request)) {
+      reply.redirect("/login")
+      return
+    }
+    void proxyToDevServer(request, reply, upstreamBase)
+  })
+}
+async function proxyToDevServer(request: FastifyRequest, reply: FastifyReply, upstreamBase: string) {
+  try {
+    const targetUrl = new URL(request.raw.url ?? "/", upstreamBase)
+    const response = await fetch(targetUrl, {
+      method: request.method,
+      headers: buildProxyHeaders(request.headers),
+    })
+    response.headers.forEach((value, key) => {
+      reply.header(key, value)
+    })
+    reply.code(response.status)
+    if (!response.body || request.method === "HEAD") {
+      reply.send()
+      return
+    }
+    const buffer = Buffer.from(await response.arrayBuffer())
+    reply.send(buffer)
+  } catch (error) {
+    request.log.error({ err: error }, "Failed to proxy UI request to dev server")
+    if (!reply.sent) {
+      reply.code(502).send("UI dev server is unavailable")
+    }
+  }
+}
+function isApiRequest(rawUrl: string | null | undefined) {
+  if (!rawUrl) return false
+  const pathname = rawUrl.split("?")[0] ?? ""
+  return pathname === "/api" || pathname.startsWith("/api/")
+}
+function buildProxyHeaders(headers: FastifyRequest["headers"]): Record<string, string> {
+  const result: Record<string, string> = {}
+  for (const [key, value] of Object.entries(headers ?? {})) {
+    if (!value || key.toLowerCase() === "host") continue
+    result[key] = Array.isArray(value) ? value.join(",") : value
+  }
+  return result
+}