@openpalm/ui 0.11.0-rc.3 → 0.11.0-rc.4

package/build/server/chunks/{_server.ts-D0VWz3Eu.js.map → _server.ts-ncFk6KuU.js.map}

@@ -1 +1 @@
-{"version":3,"file":"_server.ts-D0VWz3Eu.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/api/setup/opencode/auth/_provider_/_server.ts.js"],"sourcesContent":["import { r as json } from \"../../../../../../../chunks/exports.js\";\nimport { a as getOpenCodeClient } from \"../../../../../../../chunks/helpers.js\";\n//#region src/routes/api/setup/opencode/auth/[provider]/+server.ts\nvar PROVIDER_ID_RE = /^[a-zA-Z0-9_-]{1,64}$/;\nvar PUT = async ({ params, request }) => {\n\tif (!PROVIDER_ID_RE.test(params.provider)) return json({\n\t\tok: false,\n\t\tmessage: \"Invalid provider\"\n\t}, { status: 400 });\n\ttry {\n\t\tconst { key } = await request.json();\n\t\tif (!(await getOpenCodeClient().setProviderApiKey(params.provider, typeof key === \"string\" ? key : \"\")).ok) return json({\n\t\t\tok: false,\n\t\t\tmessage: \"Failed to set provider credentials\"\n\t\t}, { status: 400 });\n\t\treturn json({ ok: true });\n\t} catch {\n\t\treturn json({\n\t\t\tok: false,\n\t\t\tmessage: \"Failed to set provider credentials\"\n\t\t}, { status: 500 });\n\t}\n};\n//#endregion\nexport { PUT };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAEA;AACA,IAAI,cAAc,GAAG,uBAAuB;AACzC,IAAC,GAAG,GAAG,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;AACzC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAO,IAAI,CAAC;AACxD,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,OAAO,EAAE;AACX,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACpB,CAAC,IAAI;AACL,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE;AACtC,EAAE,IAAI,CAAC,CAAC,MAAM,iBAAiB,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,GAAG,KAAK,QAAQ,GAAG,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,OAAO,IAAI,CAAC;AAC1H,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,OAAO,EAAE;AACZ,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACrB,EAAE,OAAO,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO,IAAI,CAAC;AACd,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,OAAO,EAAE;AACZ,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACrB,CAAC;AACD;;;;"}
+{"version":3,"file":"_server.ts-ncFk6KuU.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/api/setup/opencode/auth/_provider_/_server.ts.js"],"sourcesContent":["import { r as json } from \"../../../../../../../chunks/exports.js\";\nimport { a as getOpenCodeClient } from \"../../../../../../../chunks/helpers.js\";\n//#region src/routes/api/setup/opencode/auth/[provider]/+server.ts\nvar PROVIDER_ID_RE = /^[a-zA-Z0-9_-]{1,64}$/;\nvar PUT = async ({ params, request }) => {\n\tif (!PROVIDER_ID_RE.test(params.provider)) return json({\n\t\tok: false,\n\t\tmessage: \"Invalid provider\"\n\t}, { status: 400 });\n\ttry {\n\t\tconst { key } = await request.json();\n\t\tif (!(await getOpenCodeClient().setProviderApiKey(params.provider, typeof key === \"string\" ? key : \"\")).ok) return json({\n\t\t\tok: false,\n\t\t\tmessage: \"Failed to set provider credentials\"\n\t\t}, { status: 400 });\n\t\treturn json({ ok: true });\n\t} catch {\n\t\treturn json({\n\t\t\tok: false,\n\t\t\tmessage: \"Failed to set provider credentials\"\n\t\t}, { status: 500 });\n\t}\n};\n//#endregion\nexport { PUT };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAEA;AACA,IAAI,cAAc,GAAG,uBAAuB;AACzC,IAAC,GAAG,GAAG,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK;AACzC,CAAC,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,MAAM,CAAC,QAAQ,CAAC,EAAE,OAAO,IAAI,CAAC;AACxD,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,OAAO,EAAE;AACX,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACpB,CAAC,IAAI;AACL,EAAE,MAAM,EAAE,GAAG,EAAE,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE;AACtC,EAAE,IAAI,CAAC,CAAC,MAAM,iBAAiB,EAAE,CAAC,iBAAiB,CAAC,MAAM,CAAC,QAAQ,EAAE,OAAO,GAAG,KAAK,QAAQ,GAAG,GAAG,GAAG,EAAE,CAAC,EAAE,EAAE,EAAE,OAAO,IAAI,CAAC;AAC1H,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,OAAO,EAAE;AACZ,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACrB,EAAE,OAAO,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;AAC3B,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO,IAAI,CAAC;AACd,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,OAAO,EAAE;AACZ,GAAG,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC;AACrB,CAAC;AACD;;;;"}

package/build/server/chunks/{_server.ts-DtxwCTTn.js → _server.ts-sAx1xFio.js}

@@ -1,6 +1,6 @@
-import { ap as validateProposedState, y as createLogger } from './src-BsgfqG_-.js';
-import { b as getState } from './endpoints-kaPFORka.js';
-import { d as getRequestId, r as requireAdmin, h as jsonResponse } from './helpers-B8h4zchW.js';
+import { ap as validateProposedState, y as createLogger } from './src-BWQ05CjI.js';
+import { b as getState } from './endpoints-Dz6qhKXB.js';
+import { d as getRequestId, r as requireAdmin, h as jsonResponse } from './helpers-C1fMEpiP.js';
 import './chunk-CLZ62Ad-.js';
 import 'node:module';
 import 'node:fs';
@@ -37,4 +37,4 @@ var GET = async (event) => {
 };
 
 export { GET };
-//# sourceMappingURL=_server.ts-DtxwCTTn.js.map
+//# sourceMappingURL=_server.ts-sAx1xFio.js.map

package/build/server/chunks/{_server.ts-DtxwCTTn.js.map → _server.ts-sAx1xFio.js.map}

@@ -1 +1 @@
-{"version":3,"file":"_server.ts-DtxwCTTn.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/admin/config/validate/_server.ts.js"],"sourcesContent":["import { Nt as createLogger, z as validateProposedState } from \"../../../../../chunks/src.js\";\nimport { c as getState } from \"../../../../../chunks/endpoints.js\";\nimport { d as requireAdmin, l as jsonResponse, o as getRequestId } from \"../../../../../chunks/helpers.js\";\n//#region src/routes/admin/config/validate/+server.ts\nvar logger = createLogger(\"admin.config.validate\");\nvar GET = async (event) => {\n\tconst requestId = getRequestId(event);\n\tconst authErr = requireAdmin(event, requestId);\n\tif (authErr) return authErr;\n\tconst result = await validateProposedState(getState());\n\tif (!result.ok) logger.warn(\"config validation failed\", {\n\t\trequestId,\n\t\terrors: result.errors,\n\t\twarnings: result.warnings\n\t});\n\treturn jsonResponse(200, result, requestId);\n};\n//#endregion\nexport { GET };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAGA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,uBAAuB,CAAC;AAC/C,IAAC,GAAG,GAAG,OAAO,KAAK,KAAK;AAC3B,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AAC/C,CAAC,IAAI,OAAO,EAAE,OAAO,OAAO;AAC5B,CAAC,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,CAAC;AACvD,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;AACzD,EAAE,SAAS;AACX,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM;AACvB,EAAE,QAAQ,EAAE,MAAM,CAAC;AACnB,EAAE,CAAC;AACH,CAAC,OAAO,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC;AAC5C;;;;"}
+{"version":3,"file":"_server.ts-sAx1xFio.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/admin/config/validate/_server.ts.js"],"sourcesContent":["import { Nt as createLogger, z as validateProposedState } from \"../../../../../chunks/src.js\";\nimport { c as getState } from \"../../../../../chunks/endpoints.js\";\nimport { d as requireAdmin, l as jsonResponse, o as getRequestId } from \"../../../../../chunks/helpers.js\";\n//#region src/routes/admin/config/validate/+server.ts\nvar logger = createLogger(\"admin.config.validate\");\nvar GET = async (event) => {\n\tconst requestId = getRequestId(event);\n\tconst authErr = requireAdmin(event, requestId);\n\tif (authErr) return authErr;\n\tconst result = await validateProposedState(getState());\n\tif (!result.ok) logger.warn(\"config validation failed\", {\n\t\trequestId,\n\t\terrors: result.errors,\n\t\twarnings: result.warnings\n\t});\n\treturn jsonResponse(200, result, requestId);\n};\n//#endregion\nexport { GET };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAGA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,uBAAuB,CAAC;AAC/C,IAAC,GAAG,GAAG,OAAO,KAAK,KAAK;AAC3B,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,OAAO,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AAC/C,CAAC,IAAI,OAAO,EAAE,OAAO,OAAO;AAC5B,CAAC,MAAM,MAAM,GAAG,MAAM,qBAAqB,CAAC,QAAQ,EAAE,CAAC;AACvD,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,MAAM,CAAC,IAAI,CAAC,0BAA0B,EAAE;AACzD,EAAE,SAAS;AACX,EAAE,MAAM,EAAE,MAAM,CAAC,MAAM;AACvB,EAAE,QAAQ,EAAE,MAAM,CAAC;AACnB,EAAE,CAAC;AACH,CAAC,OAAO,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,SAAS,CAAC;AAC5C;;;;"}

package/build/server/chunks/{_server.ts-GPzYT0sb.js → _server.ts-zY_DK-6S.js}

@@ -1,6 +1,6 @@
-import { m as checkDocker, v as composeStats, k as buildComposeOptions } from './src-BsgfqG_-.js';
-import { b as getState } from './endpoints-kaPFORka.js';
-import { d as getRequestId, r as requireAdmin, e as errorResponse, h as jsonResponse } from './helpers-B8h4zchW.js';
+import { m as checkDocker, v as composeStats, k as buildComposeOptions } from './src-BWQ05CjI.js';
+import { b as getState } from './endpoints-Dz6qhKXB.js';
+import { d as getRequestId, r as requireAdmin, e as errorResponse, h as jsonResponse } from './helpers-C1fMEpiP.js';
 import './chunk-CLZ62Ad-.js';
 import 'node:module';
 import 'node:fs';
@@ -41,4 +41,4 @@ var GET = async (event) => {
 };
 
 export { GET };
-//# sourceMappingURL=_server.ts-GPzYT0sb.js.map
+//# sourceMappingURL=_server.ts-zY_DK-6S.js.map

package/build/server/chunks/{_server.ts-GPzYT0sb.js.map → _server.ts-zY_DK-6S.js.map}

@@ -1 +1 @@
-{"version":3,"file":"_server.ts-GPzYT0sb.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/admin/containers/stats/_server.ts.js"],"sourcesContent":["import { P as composeStats, T as checkDocker, w as buildComposeOptions } from \"../../../../../chunks/src.js\";\nimport { c as getState } from \"../../../../../chunks/endpoints.js\";\nimport { d as requireAdmin, i as errorResponse, l as jsonResponse, o as getRequestId } from \"../../../../../chunks/helpers.js\";\n//#region src/routes/admin/containers/stats/+server.ts\nvar GET = async (event) => {\n\tconst requestId = getRequestId(event);\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst state = getState();\n\tif (!(await checkDocker()).ok) return errorResponse(503, \"docker_unavailable\", \"Docker is not available\", {}, requestId);\n\tconst result = await composeStats(buildComposeOptions(state));\n\tif (!result.ok) return errorResponse(500, \"docker_error\", `Failed to get container stats: ${result.stderr}`, {}, requestId);\n\tlet stats = [];\n\tif (result.stdout.trim()) try {\n\t\tstats = result.stdout.trim().split(\"\\n\").filter((l) => l.startsWith(\"{\")).map((l) => JSON.parse(l));\n\t} catch (e) {\n\t\tconsole.warn(\"[containers.stats] Failed to parse Docker stats output\", e);\n\t\treturn errorResponse(500, \"parse_error\", \"Failed to parse Docker stats output\", {}, requestId);\n\t}\n\treturn jsonResponse(200, { stats }, requestId);\n};\n//#endregion\nexport { GET };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAGA;AACG,IAAC,GAAG,GAAG,OAAO,KAAK,KAAK;AAC3B,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,KAAK,GAAG,QAAQ,EAAE;AACzB,CAAC,IAAI,CAAC,CAAC,MAAM,WAAW,EAAE,EAAE,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,EAAE,EAAE,SAAS,CAAC;AACzH,CAAC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC,+BAA+B,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5H,CAAC,IAAI,KAAK,GAAG,EAAE;AACf,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI;AAC/B,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC;AAC3E,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,qCAAqC,EAAE,EAAE,EAAE,SAAS,CAAC;AAChG,CAAC;AACD,CAAC,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,SAAS,CAAC;AAC/C;;;;"}
+{"version":3,"file":"_server.ts-zY_DK-6S.js","sources":["../../../.svelte-kit/adapter-node/entries/endpoints/admin/containers/stats/_server.ts.js"],"sourcesContent":["import { P as composeStats, T as checkDocker, w as buildComposeOptions } from \"../../../../../chunks/src.js\";\nimport { c as getState } from \"../../../../../chunks/endpoints.js\";\nimport { d as requireAdmin, i as errorResponse, l as jsonResponse, o as getRequestId } from \"../../../../../chunks/helpers.js\";\n//#region src/routes/admin/containers/stats/+server.ts\nvar GET = async (event) => {\n\tconst requestId = getRequestId(event);\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst state = getState();\n\tif (!(await checkDocker()).ok) return errorResponse(503, \"docker_unavailable\", \"Docker is not available\", {}, requestId);\n\tconst result = await composeStats(buildComposeOptions(state));\n\tif (!result.ok) return errorResponse(500, \"docker_error\", `Failed to get container stats: ${result.stderr}`, {}, requestId);\n\tlet stats = [];\n\tif (result.stdout.trim()) try {\n\t\tstats = result.stdout.trim().split(\"\\n\").filter((l) => l.startsWith(\"{\")).map((l) => JSON.parse(l));\n\t} catch (e) {\n\t\tconsole.warn(\"[containers.stats] Failed to parse Docker stats output\", e);\n\t\treturn errorResponse(500, \"parse_error\", \"Failed to parse Docker stats output\", {}, requestId);\n\t}\n\treturn jsonResponse(200, { stats }, requestId);\n};\n//#endregion\nexport { GET };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;AAGA;AACG,IAAC,GAAG,GAAG,OAAO,KAAK,KAAK;AAC3B,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,KAAK,GAAG,QAAQ,EAAE;AACzB,CAAC,IAAI,CAAC,CAAC,MAAM,WAAW,EAAE,EAAE,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,oBAAoB,EAAE,yBAAyB,EAAE,EAAE,EAAE,SAAS,CAAC;AACzH,CAAC,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;AAC9D,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,CAAC,+BAA+B,EAAE,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5H,CAAC,IAAI,KAAK,GAAG,EAAE;AACf,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI;AAC/B,EAAE,KAAK,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;AACrG,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC;AAC3E,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,aAAa,EAAE,qCAAqC,EAAE,EAAE,EAAE,SAAS,CAAC;AAChG,CAAC;AACD,CAAC,OAAO,YAAY,CAAC,GAAG,EAAE,EAAE,KAAK,EAAE,EAAE,SAAS,CAAC;AAC/C;;;;"}

package/build/server/chunks/{addon-helpers-8efgpHMX.js → addon-helpers-DM77guzq.js}

@@ -1,4 +1,4 @@
-import { a0 as listEnabledAddonIds, S as getAddonServiceNames, m as checkDocker, w as composeStop, k as buildComposeOptions, am as setAddonEnabled, y as createLogger } from './src-BsgfqG_-.js';
+import { a0 as listEnabledAddonIds, S as getAddonServiceNames, m as checkDocker, w as composeStop, k as buildComposeOptions, am as setAddonEnabled, y as createLogger } from './src-BWQ05CjI.js';
 
 //#region src/lib/server/addon-helpers.ts
 /**
@@ -46,4 +46,4 @@ async function performAddonToggle(state, name, requestedEnabled, requestId) {
 }
 
 export { performAddonToggle as p };
-//# sourceMappingURL=addon-helpers-8efgpHMX.js.map
+//# sourceMappingURL=addon-helpers-DM77guzq.js.map

package/build/server/chunks/{addon-helpers-8efgpHMX.js.map → addon-helpers-DM77guzq.js.map}

@@ -1 +1 @@
-{"version":3,"file":"addon-helpers-8efgpHMX.js","sources":["../../../.svelte-kit/adapter-node/chunks/addon-helpers.js"],"sourcesContent":["import { F as composeStop, Nt as createLogger, T as checkDocker, ct as setAddonEnabled, it as getAddonServiceNames, st as listEnabledAddonIds, w as buildComposeOptions } from \"./src.js\";\n//#region src/lib/server/addon-helpers.ts\n/**\n* Shared addon enable/disable logic for admin route handlers.\n*\n* Both /admin/addons and /admin/addons/:name share the same POST flow:\n* validate → stop running services if disabling → mutate state → audit.\n* This module houses the shared mutation step so neither route duplicates it.\n*/\nvar logger = createLogger(\"addon-helpers\");\n/**\n* Stop running services if disabling, then call setAddonEnabled.\n* Returns the mutation result with the final enabled state.\n*/\nasync function performAddonToggle(state, name, requestedEnabled, requestId) {\n\tconst wasEnabled = listEnabledAddonIds(state.homeDir).includes(name);\n\tconst nextEnabled = requestedEnabled !== void 0 ? requestedEnabled : wasEnabled;\n\tif (!nextEnabled && wasEnabled) {\n\t\tconst serviceNames = getAddonServiceNames(state.homeDir, name);\n\t\tif (serviceNames.length > 0) {\n\t\t\tif ((await checkDocker()).ok) try {\n\t\t\t\tawait composeStop(serviceNames, buildComposeOptions(state));\n\t\t\t\tlogger.info(\"stopped addon services before disable\", {\n\t\t\t\t\tname,\n\t\t\t\t\tservices: serviceNames,\n\t\t\t\t\trequestId\n\t\t\t\t});\n\t\t\t} catch (err) {\n\t\t\t\tlogger.warn(\"failed to stop addon services before disable\", {\n\t\t\t\t\tname,\n\t\t\t\t\tservices: serviceNames,\n\t\t\t\t\terror: String(err),\n\t\t\t\t\trequestId\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t}\n\tconst mutation = setAddonEnabled(state.homeDir, state.stackDir, name, nextEnabled, state);\n\tif (!mutation.ok) return mutation;\n\treturn {\n\t\tok: true,\n\t\tenabled: listEnabledAddonIds(state.homeDir).includes(name),\n\t\tchanged: mutation.changed\n\t};\n}\n//#endregion\nexport { performAddonToggle as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC;AAC1C;AACA;AACA;AACA;AACA,eAAe,kBAAkB,CAAC,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE;AAC5E,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AACrE,CAAC,MAAM,WAAW,GAAG,gBAAgB,KAAK,MAAM,GAAG,gBAAgB,GAAG,UAAU;AAChF,CAAC,IAAI,CAAC,WAAW,IAAI,UAAU,EAAE;AACjC,EAAE,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC;AAChE,EAAE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AAC/B,GAAG,IAAI,CAAC,MAAM,WAAW,EAAE,EAAE,EAAE,EAAE,IAAI;AACrC,IAAI,MAAM,WAAW,CAAC,YAAY,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC;AAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE;AACzD,KAAK,IAAI;AACT,KAAK,QAAQ,EAAE,YAAY;AAC3B,KAAK;AACL,KAAK,CAAC;AACN,GAAG,CAAC,CAAC,OAAO,GAAG,EAAE;AACjB,IAAI,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;AAChE,KAAK,IAAI;AACT,KAAK,QAAQ,EAAE,YAAY;AAC3B,KAAK,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;AACvB,KAAK;AACL,KAAK,CAAC;AACN,GAAG;AACH,EAAE;AACF,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAkB,CAAC;AAC1F,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,QAAQ;AAClC,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,IAAI;AACV,EAAE,OAAO,EAAE,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AAC5D,EAAE,OAAO,EAAE,QAAQ,CAAC;AACpB,EAAE;AACF;;;;"}
+{"version":3,"file":"addon-helpers-DM77guzq.js","sources":["../../../.svelte-kit/adapter-node/chunks/addon-helpers.js"],"sourcesContent":["import { F as composeStop, Nt as createLogger, T as checkDocker, ct as setAddonEnabled, it as getAddonServiceNames, st as listEnabledAddonIds, w as buildComposeOptions } from \"./src.js\";\n//#region src/lib/server/addon-helpers.ts\n/**\n* Shared addon enable/disable logic for admin route handlers.\n*\n* Both /admin/addons and /admin/addons/:name share the same POST flow:\n* validate → stop running services if disabling → mutate state → audit.\n* This module houses the shared mutation step so neither route duplicates it.\n*/\nvar logger = createLogger(\"addon-helpers\");\n/**\n* Stop running services if disabling, then call setAddonEnabled.\n* Returns the mutation result with the final enabled state.\n*/\nasync function performAddonToggle(state, name, requestedEnabled, requestId) {\n\tconst wasEnabled = listEnabledAddonIds(state.homeDir).includes(name);\n\tconst nextEnabled = requestedEnabled !== void 0 ? requestedEnabled : wasEnabled;\n\tif (!nextEnabled && wasEnabled) {\n\t\tconst serviceNames = getAddonServiceNames(state.homeDir, name);\n\t\tif (serviceNames.length > 0) {\n\t\t\tif ((await checkDocker()).ok) try {\n\t\t\t\tawait composeStop(serviceNames, buildComposeOptions(state));\n\t\t\t\tlogger.info(\"stopped addon services before disable\", {\n\t\t\t\t\tname,\n\t\t\t\t\tservices: serviceNames,\n\t\t\t\t\trequestId\n\t\t\t\t});\n\t\t\t} catch (err) {\n\t\t\t\tlogger.warn(\"failed to stop addon services before disable\", {\n\t\t\t\t\tname,\n\t\t\t\t\tservices: serviceNames,\n\t\t\t\t\terror: String(err),\n\t\t\t\t\trequestId\n\t\t\t\t});\n\t\t\t}\n\t\t}\n\t}\n\tconst mutation = setAddonEnabled(state.homeDir, state.stackDir, name, nextEnabled, state);\n\tif (!mutation.ok) return mutation;\n\treturn {\n\t\tok: true,\n\t\tenabled: listEnabledAddonIds(state.homeDir).includes(name),\n\t\tchanged: mutation.changed\n\t};\n}\n//#endregion\nexport { performAddonToggle as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,eAAe,CAAC;AAC1C;AACA;AACA;AACA;AACA,eAAe,kBAAkB,CAAC,KAAK,EAAE,IAAI,EAAE,gBAAgB,EAAE,SAAS,EAAE;AAC5E,CAAC,MAAM,UAAU,GAAG,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AACrE,CAAC,MAAM,WAAW,GAAG,gBAAgB,KAAK,MAAM,GAAG,gBAAgB,GAAG,UAAU;AAChF,CAAC,IAAI,CAAC,WAAW,IAAI,UAAU,EAAE;AACjC,EAAE,MAAM,YAAY,GAAG,oBAAoB,CAAC,KAAK,CAAC,OAAO,EAAE,IAAI,CAAC;AAChE,EAAE,IAAI,YAAY,CAAC,MAAM,GAAG,CAAC,EAAE;AAC/B,GAAG,IAAI,CAAC,MAAM,WAAW,EAAE,EAAE,EAAE,EAAE,IAAI;AACrC,IAAI,MAAM,WAAW,CAAC,YAAY,EAAE,mBAAmB,CAAC,KAAK,CAAC,CAAC;AAC/D,IAAI,MAAM,CAAC,IAAI,CAAC,uCAAuC,EAAE;AACzD,KAAK,IAAI;AACT,KAAK,QAAQ,EAAE,YAAY;AAC3B,KAAK;AACL,KAAK,CAAC;AACN,GAAG,CAAC,CAAC,OAAO,GAAG,EAAE;AACjB,IAAI,MAAM,CAAC,IAAI,CAAC,8CAA8C,EAAE;AAChE,KAAK,IAAI;AACT,KAAK,QAAQ,EAAE,YAAY;AAC3B,KAAK,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC;AACvB,KAAK;AACL,KAAK,CAAC;AACN,GAAG;AACH,EAAE;AACF,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,QAAQ,EAAE,IAAI,EAAE,WAAkB,CAAC;AAC1F,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,OAAO,QAAQ;AAClC,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,IAAI;AACV,EAAE,OAAO,EAAE,mBAAmB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC;AAC5D,EAAE,OAAO,EAAE,QAAQ,CAAC;AACpB,EAAE;AACF;;;;"}

package/build/server/chunks/{config-1dyh_9h4.js → config-BE8RNUzZ.js}

@@ -1,5 +1,5 @@
 import { b as asRecord } from './coercion-TNFJisCC.js';
-import { o as opencodeFetch } from './http-8UL6GfDM.js';
+import { o as opencodeFetch } from './http-CmL_uneS.js';
 import { readFileSync, writeFileSync } from 'node:fs';
 import { join } from 'node:path';
 
@@ -118,4 +118,4 @@ async function unsetMainModel(target) {
 }
 
 export { setProviderEnabled as a, setProviderOptions as b, getCurrentConfig as g, patchConfig as p, registerProvider as r, setMainModel as s, unsetMainModel as u };
-//# sourceMappingURL=config-1dyh_9h4.js.map
+//# sourceMappingURL=config-BE8RNUzZ.js.map

package/build/server/chunks/{config-1dyh_9h4.js.map → config-BE8RNUzZ.js.map}

@@ -1 +1 @@
-{"version":3,"file":"config-1dyh_9h4.js","sources":["../../../.svelte-kit/adapter-node/chunks/config.js"],"sourcesContent":["import { n as asRecord } from \"./coercion.js\";\nimport { t as opencodeFetch } from \"./http.js\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n//#region src/lib/server/opencode/config.ts\n/**\n* OpenCode config read/write + small mutation helpers.\n*\n* Reads/writes `OP_HOME/config/assistant/opencode.json` directly because the\n* container mount is read-only and OpenCode's PATCH /config does not persist\n* to disk. We still call PATCH afterwards (best-effort) so the live process\n* picks up the change without a restart.\n*/\nfunction configPath() {\n\treturn join(process.env.OP_HOME ?? \"\", \"config\", \"assistant\", \"opencode.json\");\n}\nasync function getCurrentConfig() {\n\ttry {\n\t\treturn JSON.parse(readFileSync(configPath(), \"utf-8\"));\n\t} catch {\n\t\treturn opencodeFetch(\"/config\");\n\t}\n}\nasync function patchConfig(config) {\n\tlet existing = {};\n\ttry {\n\t\texisting = JSON.parse(readFileSync(configPath(), \"utf-8\"));\n\t} catch {}\n\tconst merged = {\n\t\t...existing,\n\t\t...config\n\t};\n\tif (config.provider) merged.provider = {\n\t\t...existing.provider ?? {},\n\t\t...config.provider\n\t};\n\twriteFileSync(configPath(), JSON.stringify(merged, null, 2) + \"\\n\");\n\tawait opencodeFetch(\"/config\", {\n\t\tmethod: \"PATCH\",\n\t\tbody: JSON.stringify(config)\n\t}).catch(() => {});\n\treturn merged;\n}\nfunction normalizeProviderConfig(providerConfig) {\n\tconst normalized = providerConfig ? { ...providerConfig } : {};\n\tconst options = asRecord(normalized.options);\n\tif (options && Object.keys(options).length === 0) delete normalized.options;\n\treturn Object.keys(normalized).length > 0 ? normalized : void 0;\n}\nfunction setProviderEnabled(config, providerId, enabled) {\n\tconst disabled = new Set(config.disabled_providers ?? []);\n\tconst allowlist = config.enabled_providers ? new Set(config.enabled_providers) : void 0;\n\tif (enabled) {\n\t\tdisabled.delete(providerId);\n\t\tallowlist?.add(providerId);\n\t} else {\n\t\tdisabled.add(providerId);\n\t\tallowlist?.delete(providerId);\n\t}\n\tconfig.disabled_providers = Array.from(disabled).sort();\n\tif (allowlist) config.enabled_providers = Array.from(allowlist).sort();\n\treturn config;\n}\n/** Save non-credential connection options (baseURL, headers, timeout, etc.) for a provider. */\nasync function setProviderOptions(providerId, options) {\n\tconst config = await getCurrentConfig();\n\tconst providerConfig = { ...config.provider ?? {} };\n\tconst current = asRecord(providerConfig[providerId]) ?? {};\n\tconst nextOptions = { ...asRecord(current.options) ?? {} };\n\tdelete nextOptions.apiKey;\n\tif (options.baseURL) nextOptions.baseURL = options.baseURL;\n\telse delete nextOptions.baseURL;\n\tif (options.enterpriseUrl) nextOptions.enterpriseUrl = options.enterpriseUrl;\n\telse delete nextOptions.enterpriseUrl;\n\tif (options.timeout !== void 0 && options.timeout > 0) nextOptions.timeout = options.timeout;\n\telse delete nextOptions.timeout;\n\tif (options.setCacheKey === true) nextOptions.setCacheKey = true;\n\telse delete nextOptions.setCacheKey;\n\tif (options.headers && Object.keys(options.headers).length > 0) nextOptions.headers = options.headers;\n\telse delete nextOptions.headers;\n\tconst nextEntry = normalizeProviderConfig({\n\t\t...current,\n\t\toptions: nextOptions\n\t});\n\tif (nextEntry) providerConfig[providerId] = nextEntry;\n\telse delete providerConfig[providerId];\n\tconfig.provider = providerConfig;\n\tawait patchConfig(config);\n}\n/** Register a provider entry (local-detected or fully custom) in opencode.json. */\nasync function registerProvider(providerId, entry, overwrite = false) {\n\tconst config = await getCurrentConfig();\n\tconst providerConfig = { ...config.provider ?? {} };\n\tif (providerConfig[providerId] && !overwrite) return { alreadyExists: true };\n\tproviderConfig[providerId] = {\n\t\t...asRecord(providerConfig[providerId]),\n\t\t...entry.npm !== void 0 ? { npm: entry.npm } : {},\n\t\t...entry.name !== void 0 ? { name: entry.name } : {},\n\t\t...entry.options !== void 0 ? { options: entry.options } : {},\n\t\t...entry.models !== void 0 ? { models: entry.models } : {}\n\t};\n\tconfig.provider = providerConfig;\n\tawait patchConfig(config);\n\treturn { alreadyExists: false };\n}\n/** Set the main model (or small model) in opencode.json. */\nasync function setMainModel(providerId, modelId, target) {\n\tconst config = await getCurrentConfig();\n\tconfig[target] = `${providerId}/${modelId}`;\n\tawait patchConfig(config);\n}\n/** Clear the main model (or small model) in opencode.json. */\nasync function unsetMainModel(target) {\n\tconst config = await getCurrentConfig();\n\tdelete config[target];\n\tawait patchConfig(config);\n}\n//#endregion\nexport { setProviderEnabled as a, setMainModel as i, patchConfig as n, setProviderOptions as o, registerProvider as r, unsetMainModel as s, getCurrentConfig as t };\n"],"names":[],"mappings":";;;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,UAAU,GAAG;AACtB,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,CAAC;AAC/E;AACA,eAAe,gBAAgB,GAAG;AAClC,CAAC,IAAI;AACL,EAAE,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO,aAAa,CAAC,SAAS,CAAC;AACjC,CAAC;AACD;AACA,eAAe,WAAW,CAAC,MAAM,EAAE;AACnC,CAAC,IAAI,QAAQ,GAAG,EAAE;AAClB,CAAC,IAAI;AACL,EAAE,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,MAAM,MAAM,GAAG;AAChB,EAAE,GAAG,QAAQ;AACb,EAAE,GAAG;AACL,EAAE;AACF,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,GAAG;AACxC,EAAE,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE;AAC5B,EAAE,GAAG,MAAM,CAAC;AACZ,EAAE;AACF,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;AACpE,CAAC,MAAM,aAAa,CAAC,SAAS,EAAE;AAChC,EAAE,MAAM,EAAE,OAAO;AACjB,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;AAC7B,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;AACnB,CAAC,OAAO,MAAM;AACd;AACA,SAAS,uBAAuB,CAAC,cAAc,EAAE;AACjD,CAAC,MAAM,UAAU,GAAG,cAAc,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,EAAE;AAC/D,CAAC,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;AAC7C,CAAC,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,OAAO;AAC5E,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,UAAU,GAAG,MAAM;AAChE;AACA,SAAS,kBAAkB,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;AACzD,CAAC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC;AAC1D,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,MAAM;AACxF,CAAC,IAAI,OAAO,EAAE;AACd,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;AAC7B,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC;AAC5B,CAAC,CAAC,MAAM;AACR,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;AAC1B,EAAE,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC;AAC/B,CAAC;AACD,CAAC,MAAM,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE;AACxD,CAAC,IAAI,SAAS,EAAE,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE;AACvE,CAAC,OAAO,MAAM;AACd;AACA;AACA,eAAe,kBAAkB,CAAC,UAAU,EAAE,OAAO,EAAE;AACvD,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE;AACpD,CAAC,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE;AAC3D,CAAC,MAAM,WAAW,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE;AAC3D,CAAC,OAAO,WAAW,CAAC,MAAM;AAC1B,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AAC3D,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,IAAI,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa;AAC7E,MAAM,OAAO,WAAW,CAAC,aAAa;AACtC,CAAC,IAAI,OAAO,CAAC,OAAO,KAAK,MAAM,IAAI,OAAO,CAAC,OAAO,GAAG,CAAC,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AAC7F,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,IAAI,OAAO,CAAC,WAAW,KAAK,IAAI,EAAE,WAAW,CAAC,WAAW,GAAG,IAAI;AACjE,MAAM,OAAO,WAAW,CAAC,WAAW;AACpC,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AACtG,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,MAAM,SAAS,GAAG,uBAAuB,CAAC;AAC3C,EAAE,GAAG,OAAO;AACZ,EAAE,OAAO,EAAE;AACX,EAAE,CAAC;AACH,CAAC,IAAI,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS;AACtD,MAAM,OAAO,cAAc,CAAC,UAAU,CAAC;AACvC,CAAC,MAAM,CAAC,QAAQ,GAAG,cAAc;AACjC,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;AACA;AACA,eAAe,gBAAgB,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,GAAG,KAAK,EAAE;AACtE,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE;AACpD,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;AAC7E,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG;AAC9B,EAAE,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;AACzC,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,MAAM,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE;AACnD,EAAE,GAAG,KAAK,CAAC,IAAI,KAAK,MAAM,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE;AACtD,EAAE,GAAG,KAAK,CAAC,OAAO,KAAK,MAAM,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE;AAC/D,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,MAAM,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,GAAG;AAC1D,EAAE;AACF,CAAC,MAAM,CAAC,QAAQ,GAAG,cAAc;AACjC,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE;AAChC;AACA;AACA,eAAe,YAAY,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE;AACzD,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;AACA;AACA,eAAe,cAAc,CAAC,MAAM,EAAE;AACtC,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC;AACtB,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;;;;"}
+{"version":3,"file":"config-BE8RNUzZ.js","sources":["../../../.svelte-kit/adapter-node/chunks/config.js"],"sourcesContent":["import { n as asRecord } from \"./coercion.js\";\nimport { t as opencodeFetch } from \"./http.js\";\nimport { readFileSync, writeFileSync } from \"node:fs\";\nimport { join } from \"node:path\";\n//#region src/lib/server/opencode/config.ts\n/**\n* OpenCode config read/write + small mutation helpers.\n*\n* Reads/writes `OP_HOME/config/assistant/opencode.json` directly because the\n* container mount is read-only and OpenCode's PATCH /config does not persist\n* to disk. We still call PATCH afterwards (best-effort) so the live process\n* picks up the change without a restart.\n*/\nfunction configPath() {\n\treturn join(process.env.OP_HOME ?? \"\", \"config\", \"assistant\", \"opencode.json\");\n}\nasync function getCurrentConfig() {\n\ttry {\n\t\treturn JSON.parse(readFileSync(configPath(), \"utf-8\"));\n\t} catch {\n\t\treturn opencodeFetch(\"/config\");\n\t}\n}\nasync function patchConfig(config) {\n\tlet existing = {};\n\ttry {\n\t\texisting = JSON.parse(readFileSync(configPath(), \"utf-8\"));\n\t} catch {}\n\tconst merged = {\n\t\t...existing,\n\t\t...config\n\t};\n\tif (config.provider) merged.provider = {\n\t\t...existing.provider ?? {},\n\t\t...config.provider\n\t};\n\twriteFileSync(configPath(), JSON.stringify(merged, null, 2) + \"\\n\");\n\tawait opencodeFetch(\"/config\", {\n\t\tmethod: \"PATCH\",\n\t\tbody: JSON.stringify(config)\n\t}).catch(() => {});\n\treturn merged;\n}\nfunction normalizeProviderConfig(providerConfig) {\n\tconst normalized = providerConfig ? { ...providerConfig } : {};\n\tconst options = asRecord(normalized.options);\n\tif (options && Object.keys(options).length === 0) delete normalized.options;\n\treturn Object.keys(normalized).length > 0 ? normalized : void 0;\n}\nfunction setProviderEnabled(config, providerId, enabled) {\n\tconst disabled = new Set(config.disabled_providers ?? []);\n\tconst allowlist = config.enabled_providers ? new Set(config.enabled_providers) : void 0;\n\tif (enabled) {\n\t\tdisabled.delete(providerId);\n\t\tallowlist?.add(providerId);\n\t} else {\n\t\tdisabled.add(providerId);\n\t\tallowlist?.delete(providerId);\n\t}\n\tconfig.disabled_providers = Array.from(disabled).sort();\n\tif (allowlist) config.enabled_providers = Array.from(allowlist).sort();\n\treturn config;\n}\n/** Save non-credential connection options (baseURL, headers, timeout, etc.) for a provider. */\nasync function setProviderOptions(providerId, options) {\n\tconst config = await getCurrentConfig();\n\tconst providerConfig = { ...config.provider ?? {} };\n\tconst current = asRecord(providerConfig[providerId]) ?? {};\n\tconst nextOptions = { ...asRecord(current.options) ?? {} };\n\tdelete nextOptions.apiKey;\n\tif (options.baseURL) nextOptions.baseURL = options.baseURL;\n\telse delete nextOptions.baseURL;\n\tif (options.enterpriseUrl) nextOptions.enterpriseUrl = options.enterpriseUrl;\n\telse delete nextOptions.enterpriseUrl;\n\tif (options.timeout !== void 0 && options.timeout > 0) nextOptions.timeout = options.timeout;\n\telse delete nextOptions.timeout;\n\tif (options.setCacheKey === true) nextOptions.setCacheKey = true;\n\telse delete nextOptions.setCacheKey;\n\tif (options.headers && Object.keys(options.headers).length > 0) nextOptions.headers = options.headers;\n\telse delete nextOptions.headers;\n\tconst nextEntry = normalizeProviderConfig({\n\t\t...current,\n\t\toptions: nextOptions\n\t});\n\tif (nextEntry) providerConfig[providerId] = nextEntry;\n\telse delete providerConfig[providerId];\n\tconfig.provider = providerConfig;\n\tawait patchConfig(config);\n}\n/** Register a provider entry (local-detected or fully custom) in opencode.json. */\nasync function registerProvider(providerId, entry, overwrite = false) {\n\tconst config = await getCurrentConfig();\n\tconst providerConfig = { ...config.provider ?? {} };\n\tif (providerConfig[providerId] && !overwrite) return { alreadyExists: true };\n\tproviderConfig[providerId] = {\n\t\t...asRecord(providerConfig[providerId]),\n\t\t...entry.npm !== void 0 ? { npm: entry.npm } : {},\n\t\t...entry.name !== void 0 ? { name: entry.name } : {},\n\t\t...entry.options !== void 0 ? { options: entry.options } : {},\n\t\t...entry.models !== void 0 ? { models: entry.models } : {}\n\t};\n\tconfig.provider = providerConfig;\n\tawait patchConfig(config);\n\treturn { alreadyExists: false };\n}\n/** Set the main model (or small model) in opencode.json. */\nasync function setMainModel(providerId, modelId, target) {\n\tconst config = await getCurrentConfig();\n\tconfig[target] = `${providerId}/${modelId}`;\n\tawait patchConfig(config);\n}\n/** Clear the main model (or small model) in opencode.json. */\nasync function unsetMainModel(target) {\n\tconst config = await getCurrentConfig();\n\tdelete config[target];\n\tawait patchConfig(config);\n}\n//#endregion\nexport { setProviderEnabled as a, setMainModel as i, patchConfig as n, setProviderOptions as o, registerProvider as r, unsetMainModel as s, getCurrentConfig as t };\n"],"names":[],"mappings":";;;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,UAAU,GAAG;AACtB,CAAC,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,EAAE,EAAE,QAAQ,EAAE,WAAW,EAAE,eAAe,CAAC;AAC/E;AACA,eAAe,gBAAgB,GAAG;AAClC,CAAC,IAAI;AACL,EAAE,OAAO,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO,aAAa,CAAC,SAAS,CAAC;AACjC,CAAC;AACD;AACA,eAAe,WAAW,CAAC,MAAM,EAAE;AACnC,CAAC,IAAI,QAAQ,GAAG,EAAE;AAClB,CAAC,IAAI;AACL,EAAE,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,UAAU,EAAE,EAAE,OAAO,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,MAAM,MAAM,GAAG;AAChB,EAAE,GAAG,QAAQ;AACb,EAAE,GAAG;AACL,EAAE;AACF,CAAC,IAAI,MAAM,CAAC,QAAQ,EAAE,MAAM,CAAC,QAAQ,GAAG;AACxC,EAAE,GAAG,QAAQ,CAAC,QAAQ,IAAI,EAAE;AAC5B,EAAE,GAAG,MAAM,CAAC;AACZ,EAAE;AACF,CAAC,aAAa,CAAC,UAAU,EAAE,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,GAAG,IAAI,CAAC;AACpE,CAAC,MAAM,aAAa,CAAC,SAAS,EAAE;AAChC,EAAE,MAAM,EAAE,OAAO;AACjB,EAAE,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM;AAC7B,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC;AACnB,CAAC,OAAO,MAAM;AACd;AACA,SAAS,uBAAuB,CAAC,cAAc,EAAE;AACjD,CAAC,MAAM,UAAU,GAAG,cAAc,GAAG,EAAE,GAAG,cAAc,EAAE,GAAG,EAAE;AAC/D,CAAC,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,CAAC,OAAO,CAAC;AAC7C,CAAC,IAAI,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,OAAO,UAAU,CAAC,OAAO;AAC5E,CAAC,OAAO,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,GAAG,UAAU,GAAG,MAAM;AAChE;AACA,SAAS,kBAAkB,CAAC,MAAM,EAAE,UAAU,EAAE,OAAO,EAAE;AACzD,CAAC,MAAM,QAAQ,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,kBAAkB,IAAI,EAAE,CAAC;AAC1D,CAAC,MAAM,SAAS,GAAG,MAAM,CAAC,iBAAiB,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,GAAG,MAAM;AACxF,CAAC,IAAI,OAAO,EAAE;AACd,EAAE,QAAQ,CAAC,MAAM,CAAC,UAAU,CAAC;AAC7B,EAAE,SAAS,EAAE,GAAG,CAAC,UAAU,CAAC;AAC5B,CAAC,CAAC,MAAM;AACR,EAAE,QAAQ,CAAC,GAAG,CAAC,UAAU,CAAC;AAC1B,EAAE,SAAS,EAAE,MAAM,CAAC,UAAU,CAAC;AAC/B,CAAC;AACD,CAAC,MAAM,CAAC,kBAAkB,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,IAAI,EAAE;AACxD,CAAC,IAAI,SAAS,EAAE,MAAM,CAAC,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,IAAI,EAAE;AACvE,CAAC,OAAO,MAAM;AACd;AACA;AACA,eAAe,kBAAkB,CAAC,UAAU,EAAE,OAAO,EAAE;AACvD,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE;AACpD,CAAC,MAAM,OAAO,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE;AAC3D,CAAC,MAAM,WAAW,GAAG,EAAE,GAAG,QAAQ,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,EAAE;AAC3D,CAAC,OAAO,WAAW,CAAC,MAAM;AAC1B,CAAC,IAAI,OAAO,CAAC,OAAO,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AAC3D,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,IAAI,OAAO,CAAC,aAAa,EAAE,WAAW,CAAC,aAAa,GAAG,OAAO,CAAC,aAAa;AAC7E,MAAM,OAAO,WAAW,CAAC,aAAa;AACtC,CAAC,IAAI,OAAO,CAAC,OAAO,KAAK,MAAM,IAAI,OAAO,CAAC,OAAO,GAAG,CAAC,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AAC7F,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,IAAI,OAAO,CAAC,WAAW,KAAK,IAAI,EAAE,WAAW,CAAC,WAAW,GAAG,IAAI;AACjE,MAAM,OAAO,WAAW,CAAC,WAAW;AACpC,CAAC,IAAI,OAAO,CAAC,OAAO,IAAI,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE,WAAW,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO;AACtG,MAAM,OAAO,WAAW,CAAC,OAAO;AAChC,CAAC,MAAM,SAAS,GAAG,uBAAuB,CAAC;AAC3C,EAAE,GAAG,OAAO;AACZ,EAAE,OAAO,EAAE;AACX,EAAE,CAAC;AACH,CAAC,IAAI,SAAS,EAAE,cAAc,CAAC,UAAU,CAAC,GAAG,SAAS;AACtD,MAAM,OAAO,cAAc,CAAC,UAAU,CAAC;AACvC,CAAC,MAAM,CAAC,QAAQ,GAAG,cAAc;AACjC,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;AACA;AACA,eAAe,gBAAgB,CAAC,UAAU,EAAE,KAAK,EAAE,SAAS,GAAG,KAAK,EAAE;AACtE,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,cAAc,GAAG,EAAE,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE,EAAE;AACpD,CAAC,IAAI,cAAc,CAAC,UAAU,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE;AAC7E,CAAC,cAAc,CAAC,UAAU,CAAC,GAAG;AAC9B,EAAE,GAAG,QAAQ,CAAC,cAAc,CAAC,UAAU,CAAC,CAAC;AACzC,EAAE,GAAG,KAAK,CAAC,GAAG,KAAK,MAAM,GAAG,EAAE,GAAG,EAAE,KAAK,CAAC,GAAG,EAAE,GAAG,EAAE;AACnD,EAAE,GAAG,KAAK,CAAC,IAAI,KAAK,MAAM,GAAG,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,GAAG,EAAE;AACtD,EAAE,GAAG,KAAK,CAAC,OAAO,KAAK,MAAM,GAAG,EAAE,OAAO,EAAE,KAAK,CAAC,OAAO,EAAE,GAAG,EAAE;AAC/D,EAAE,GAAG,KAAK,CAAC,MAAM,KAAK,MAAM,GAAG,EAAE,MAAM,EAAE,KAAK,CAAC,MAAM,EAAE,GAAG;AAC1D,EAAE;AACF,CAAC,MAAM,CAAC,QAAQ,GAAG,cAAc;AACjC,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B,CAAC,OAAO,EAAE,aAAa,EAAE,KAAK,EAAE;AAChC;AACA;AACA,eAAe,YAAY,CAAC,UAAU,EAAE,OAAO,EAAE,MAAM,EAAE;AACzD,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,EAAE,UAAU,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;AACA;AACA,eAAe,cAAc,CAAC,MAAM,EAAE;AACtC,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,EAAE;AACxC,CAAC,OAAO,MAAM,CAAC,MAAM,CAAC;AACtB,CAAC,MAAM,WAAW,CAAC,MAAM,CAAC;AAC1B;;;;"}

package/build/server/chunks/{docker-DggffvOl.js → docker-BFje1OYT.js}

@@ -1,4 +1,4 @@
-import { t as composeRestart$1, q as composePreflight, ah as resolveComposeProjectName } from './src-BsgfqG_-.js';
+import { t as composeRestart$1, q as composePreflight, ah as resolveComposeProjectName } from './src-BWQ05CjI.js';
 
 //#region src/lib/server/docker.ts
 async function runPreflight(options) {
@@ -17,4 +17,4 @@ async function composeRestart(services, options) {
 }
 
 export { composeRestart as c };
-//# sourceMappingURL=docker-DggffvOl.js.map
+//# sourceMappingURL=docker-BFje1OYT.js.map

package/build/server/chunks/{docker-DggffvOl.js.map → docker-BFje1OYT.js.map}

@@ -1 +1 @@
-{"version":3,"file":"docker-DggffvOl.js","sources":["../../../.svelte-kit/adapter-node/chunks/docker.js"],"sourcesContent":["import { M as composeRestart$1, R as resolveComposeProjectName, k as composePreflight } from \"./src.js\";\n//#region src/lib/server/docker.ts\nasync function runPreflight(options) {\n\tif (options.files.length === 0 || process.env.OP_SKIP_COMPOSE_PREFLIGHT) return;\n\tconst result = await composePreflight(options);\n\tif (!result.ok) {\n\t\tconst project = resolveComposeProjectName();\n\t\tconst fileArgs = options.files.map((f) => `-f ${f}`).join(\" \");\n\t\tconst envArgs = (options.envFiles ?? []).map((f) => `--env-file ${f}`).join(\" \");\n\t\tthrow new Error(`Compose preflight failed: ${result.stderr}\\nResolved command: docker compose ${fileArgs} --project-name ${project} ${envArgs} config --quiet`);\n\t}\n}\nasync function composeRestart(services, options) {\n\tawait runPreflight(options);\n\treturn composeRestart$1(services, options);\n}\n//#endregion\nexport { composeRestart as t };\n"],"names":[],"mappings":";;AACA;AACA,eAAe,YAAY,CAAC,OAAO,EAAE;AACrC,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE;AAC1E,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC;AAC/C,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE;AACjB,EAAE,MAAM,OAAO,GAAG,yBAAyB,EAAE;AAC7C,EAAE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAChE,EAAE,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAClF,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,0BAA0B,EAAE,MAAM,CAAC,MAAM,CAAC,mCAAmC,EAAE,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;AACjK,CAAC;AACD;AACA,eAAe,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjD,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC;AAC5B,CAAC,OAAO,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC;AAC3C;;;;"}
+{"version":3,"file":"docker-BFje1OYT.js","sources":["../../../.svelte-kit/adapter-node/chunks/docker.js"],"sourcesContent":["import { M as composeRestart$1, R as resolveComposeProjectName, k as composePreflight } from \"./src.js\";\n//#region src/lib/server/docker.ts\nasync function runPreflight(options) {\n\tif (options.files.length === 0 || process.env.OP_SKIP_COMPOSE_PREFLIGHT) return;\n\tconst result = await composePreflight(options);\n\tif (!result.ok) {\n\t\tconst project = resolveComposeProjectName();\n\t\tconst fileArgs = options.files.map((f) => `-f ${f}`).join(\" \");\n\t\tconst envArgs = (options.envFiles ?? []).map((f) => `--env-file ${f}`).join(\" \");\n\t\tthrow new Error(`Compose preflight failed: ${result.stderr}\\nResolved command: docker compose ${fileArgs} --project-name ${project} ${envArgs} config --quiet`);\n\t}\n}\nasync function composeRestart(services, options) {\n\tawait runPreflight(options);\n\treturn composeRestart$1(services, options);\n}\n//#endregion\nexport { composeRestart as t };\n"],"names":[],"mappings":";;AACA;AACA,eAAe,YAAY,CAAC,OAAO,EAAE;AACrC,CAAC,IAAI,OAAO,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,OAAO,CAAC,GAAG,CAAC,yBAAyB,EAAE;AAC1E,CAAC,MAAM,MAAM,GAAG,MAAM,gBAAgB,CAAC,OAAO,CAAC;AAC/C,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE;AACjB,EAAE,MAAM,OAAO,GAAG,yBAAyB,EAAE;AAC7C,EAAE,MAAM,QAAQ,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAChE,EAAE,MAAM,OAAO,GAAG,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE,EAAE,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC;AAClF,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,0BAA0B,EAAE,MAAM,CAAC,MAAM,CAAC,mCAAmC,EAAE,QAAQ,CAAC,gBAAgB,EAAE,OAAO,CAAC,CAAC,EAAE,OAAO,CAAC,eAAe,CAAC,CAAC;AACjK,CAAC;AACD;AACA,eAAe,cAAc,CAAC,QAAQ,EAAE,OAAO,EAAE;AACjD,CAAC,MAAM,YAAY,CAAC,OAAO,CAAC;AAC5B,CAAC,OAAO,gBAAgB,CAAC,QAAQ,EAAE,OAAO,CAAC;AAC3C;;;;"}

package/build/server/chunks/{endpoints-kaPFORka.js → endpoints-Dz6qhKXB.js}

@@ -1,4 +1,4 @@
-import { B as createState } from './src-BsgfqG_-.js';
+import { B as createState } from './src-BWQ05CjI.js';
 import { existsSync, readFileSync, mkdirSync, writeFileSync, chmodSync, unlinkSync } from 'node:fs';
 import { dirname } from 'node:path';
 import { randomUUID } from 'node:crypto';
@@ -337,4 +337,4 @@ function deleteEndpoint(id) {
 }
 
 export { addEndpoint as a, getState as b, deleteEndpoint as d, getActiveEndpoint as g, listEndpoints as l, resetState as r, setActiveId as s, updateEndpoint as u, validateEndpointUrl as v };
-//# sourceMappingURL=endpoints-kaPFORka.js.map
+//# sourceMappingURL=endpoints-Dz6qhKXB.js.map

package/build/server/chunks/{endpoints-kaPFORka.js.map → endpoints-Dz6qhKXB.js.map}

@@ -1 +1 @@
-{"version":3,"file":"endpoints-kaPFORka.js","sources":["../../../.svelte-kit/adapter-node/chunks/endpoints.js"],"sourcesContent":["import { S as createState } from \"./src.js\";\nimport { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from \"node:fs\";\nimport { dirname } from \"node:path\";\nimport { randomUUID } from \"node:crypto\";\n//#region src/lib/server/state.ts\n/**\n* Singleton control plane state — shared across all SvelteKit server routes.\n*\n* Initialized once on server start. All API endpoints operate on this\n* shared state instance.\n*/\nvar _state = null;\nfunction getState() {\n\tif (!_state) _state = createState();\n\treturn _state;\n}\n/**\n* Bust the singleton so the next getState() call re-reads from disk.\n* Called after performSetup() writes new tokens to stack.env.\n*/\nfunction resetState() {\n\t_state = null;\n}\n//#endregion\n//#region src/lib/server/endpoints.ts\n/**\n* Assistant endpoints — list of OpenCode servers the UI can target, with\n* one marked active. The \"default\" entry is synthesized from environment\n* (OP_OPENCODE_URL / OP_ASSISTANT_URL / OP_ASSISTANT_PORT) and cannot be\n* deleted. User-added endpoints are persisted to a JSON file in the\n* config directory (it's user-owned configuration, not service state —\n* see Phase 5 / D4 in docs/technical/auth-and-proxy-refactor-plan.md).\n*\n* File: ${configDir}/endpoints.json (mode 0600)\n* Shape: { activeId: string | null, endpoints: EndpointEntry[] }\n*   - activeId === null or \"default\" → use the env-derived default\n*   - activeId === \"<id>\" → use the matching user entry (falls back to default if not found)\n*\n* Legacy path: ${dataDir}/admin/endpoints.json. Old installs are\n* migrated lazily on first read by maybeMigrateLegacyEndpointsFile().\n*/\nvar DEFAULT_ID = \"default\";\nvar LOCAL_ELECTRON_ID = \"local-electron\";\nfunction endpointsPath() {\n\treturn `${getState().configDir}/endpoints.json`;\n}\n/**\n* Legacy path used before Phase 5 of the auth/proxy refactor.\n* See docs/technical/auth-and-proxy-refactor-plan.md § Phase 5 / D4.\n*/\nfunction legacyEndpointsPath() {\n\treturn `${getState().dataDir}/admin/endpoints.json`;\n}\n/**\n* One-shot lazy migration from the legacy data/ path to the new config/ path.\n*\n* Phase 5 of docs/technical/auth-and-proxy-refactor-plan.md (D6 step 3):\n*   - If the new path already exists → no-op (already migrated).\n*   - If the legacy path doesn't exist → no-op (fresh install).\n*   - Otherwise copy contents to the new path (mode 0600), then unlink legacy.\n*\n* If the migration fails partway, the legacy file is left in place so reads\n* fall back to it for the remainder of this session. Idempotent across\n* process restarts because the existence check makes it a no-op after the\n* first successful run.\n*/\nfunction maybeMigrateLegacyEndpointsFile() {\n\tconst newPath = endpointsPath();\n\tif (existsSync(newPath)) return;\n\tconst oldPath = legacyEndpointsPath();\n\tif (!existsSync(oldPath)) return;\n\ttry {\n\t\tmkdirSync(dirname(newPath), { recursive: true });\n\t\twriteFileSync(newPath, readFileSync(oldPath), { mode: 384 });\n\t\ttry {\n\t\t\tchmodSync(newPath, 384);\n\t\t} catch {}\n\t\tunlinkSync(oldPath);\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to migrate legacy endpoints.json from data/ to config/. Leaving the old file in place; reads will fall back to it for this session.\", e);\n\t}\n}\nfunction localRuntimePath() {\n\treturn `${getState().dataDir}/local-opencode.runtime.json`;\n}\n/**\n* Read the Electron-written runtime.json each time it's needed. The file is\n* 0600 and is rewritten on each Electron launch (random password per launch),\n* so callers must NOT cache the result.\n*/\nfunction readLocalRuntime() {\n\tconst path = localRuntimePath();\n\tif (!existsSync(path)) return null;\n\ttry {\n\t\tconst parsed = JSON.parse(readFileSync(path, \"utf-8\"));\n\t\tif (!parsed || typeof parsed.url !== \"string\" || !parsed.url) return null;\n\t\treturn {\n\t\t\turl: parsed.url,\n\t\t\tusername: typeof parsed.username === \"string\" ? parsed.username : void 0,\n\t\t\tpassword: typeof parsed.password === \"string\" ? parsed.password : void 0,\n\t\t\tpid: typeof parsed.pid === \"number\" ? parsed.pid : void 0,\n\t\t\tstartedAt: typeof parsed.startedAt === \"string\" ? parsed.startedAt : void 0\n\t\t};\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to parse local-opencode.runtime.json:\", e);\n\t\treturn null;\n\t}\n}\nfunction localEndpoint() {\n\tconst rt = readLocalRuntime();\n\tif (!rt) return null;\n\treturn {\n\t\tid: LOCAL_ELECTRON_ID,\n\t\tlabel: \"OpenPalm Admin\",\n\t\turl: rt.url,\n\t\tusername: rt.username || \"openpalm\",\n\t\t...rt.password ? { password: rt.password } : {},\n\t\tisDefault: false,\n\t\tisLocal: true\n\t};\n}\nfunction readFile() {\n\tmaybeMigrateLegacyEndpointsFile();\n\tlet path = endpointsPath();\n\tif (!existsSync(path)) {\n\t\tconst legacy = legacyEndpointsPath();\n\t\tif (!existsSync(legacy)) return {\n\t\t\tactiveId: null,\n\t\t\tendpoints: []\n\t\t};\n\t\tpath = legacy;\n\t}\n\ttry {\n\t\tconst parsed = JSON.parse(readFileSync(path, \"utf-8\"));\n\t\treturn {\n\t\t\tactiveId: typeof parsed.activeId === \"string\" ? parsed.activeId : null,\n\t\t\tendpoints: Array.isArray(parsed.endpoints) ? parsed.endpoints.filter(isValidEntry) : []\n\t\t};\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to parse endpoints.json, resetting:\", e);\n\t\treturn {\n\t\t\tactiveId: null,\n\t\t\tendpoints: []\n\t\t};\n\t}\n}\nfunction isValidEntry(e) {\n\tif (!e || typeof e !== \"object\") return false;\n\tconst o = e;\n\treturn typeof o.id === \"string\" && typeof o.label === \"string\" && typeof o.url === \"string\";\n}\nfunction writeFile(data) {\n\tconst path = endpointsPath();\n\tmkdirSync(dirname(path), { recursive: true });\n\twriteFileSync(path, JSON.stringify(data, null, 2), {\n\t\tencoding: \"utf-8\",\n\t\tmode: 384\n\t});\n\ttry {\n\t\tchmodSync(path, 384);\n\t} catch {}\n}\nfunction defaultEndpoint() {\n\treturn {\n\t\tid: DEFAULT_ID,\n\t\tlabel: \"Local Assistant\",\n\t\turl: process.env.OP_OPENCODE_URL ?? process.env.OP_ASSISTANT_URL ?? `http://localhost:${process.env.OP_ASSISTANT_PORT ?? \"3800\"}`,\n\t\tusername: process.env.OPENCODE_SERVER_USERNAME || \"openpalm\",\n\t\tpassword: process.env.OPENCODE_SERVER_PASSWORD || void 0,\n\t\tisDefault: true\n\t};\n}\n/**\n* Hostnames where plain HTTP is permitted. Anything else must use HTTPS.\n*\n* - `127.0.0.1`, `::1`, `localhost` — loopback addresses on the same host.\n* - `host.docker.internal` — Docker's loopback-equivalent for the container\n*   hop back to the host (used by the Electron + dev compose setups).\n*\n* Phase 6 of docs/technical/auth-and-proxy-refactor-plan.md.\n*/\nvar LOOPBACK_HOSTS = new Set([\n\t\"127.0.0.1\",\n\t\"::1\",\n\t\"localhost\",\n\t\"host.docker.internal\"\n]);\n/**\n* `URL.hostname` wraps IPv6 addresses in square brackets (e.g. `[::1]`).\n* Strip them before checking against the loopback set so the literal IPv6\n* loopback matches `::1`.\n*/\nfunction isLoopbackHost(hostname) {\n\tconst stripped = hostname.toLowerCase().replace(/^\\[|\\]$/g, \"\");\n\treturn LOOPBACK_HOSTS.has(stripped);\n}\n/**\n* Discriminated validator that callers (admin routes) use to surface\n* specific error messages — in particular, the HTTPS-for-remote rule.\n*/\nfunction validateEndpointUrl(input) {\n\tlet u;\n\ttry {\n\t\tu = new URL(input.trim());\n\t} catch {\n\t\treturn {\n\t\t\tok: false,\n\t\t\treason: \"invalid_url\"\n\t\t};\n\t}\n\tif (u.protocol !== \"http:\" && u.protocol !== \"https:\") return {\n\t\tok: false,\n\t\treason: \"invalid_scheme\"\n\t};\n\tif (!u.hostname) return {\n\t\tok: false,\n\t\treason: \"missing_host\"\n\t};\n\tif (u.protocol === \"http:\" && !isLoopbackHost(u.hostname)) return {\n\t\tok: false,\n\t\treason: \"http_not_allowed\"\n\t};\n\treturn {\n\t\tok: true,\n\t\turl: u.toString().replace(/\\/$/, \"\")\n\t};\n}\n/**\n* Validate a URL string — must be http(s) with a host. Plain HTTP is only\n* allowed for loopback hosts (see `LOOPBACK_HOSTS`). Returns the normalized\n* URL or null. For finer-grained errors, use `validateEndpointUrl`.\n*/\nfunction normalizeEndpointUrl(input) {\n\tconst result = validateEndpointUrl(input);\n\treturn result.ok ? result.url : null;\n}\n/**\n* Returns: [local-electron (if Electron is running it), default, ...user entries].\n* The local-electron entry is synthesized at call time from\n* state/local-opencode.runtime.json — never persisted to endpoints.json.\n*/\nfunction listEndpoints() {\n\tconst { endpoints } = readFile();\n\tconst local = localEndpoint();\n\treturn [\n\t\t...local ? [local] : [],\n\t\tdefaultEndpoint(),\n\t\t...endpoints.map((e) => ({\n\t\t\t...e,\n\t\t\tisDefault: false\n\t\t}))\n\t];\n}\n/**\n* Returns the active endpoint, falling back to the default if no active id is\n* set OR if the active id is `local-electron` but the runtime.json isn't there\n* (e.g. the Electron child died). Re-reads runtime.json each call so a\n* password rotated by a new Electron launch is picked up immediately.\n*/\nfunction getActiveEndpoint() {\n\tconst { activeId, endpoints } = readFile();\n\tif (activeId === LOCAL_ELECTRON_ID) {\n\t\tconst local = localEndpoint();\n\t\tif (local) return local;\n\t\treturn defaultEndpoint();\n\t}\n\tif (!activeId || activeId === DEFAULT_ID) return defaultEndpoint();\n\tconst found = endpoints.find((e) => e.id === activeId);\n\tif (!found) return defaultEndpoint();\n\treturn {\n\t\t...found,\n\t\tisDefault: false\n\t};\n}\nfunction setActiveId(id) {\n\tconst data = readFile();\n\tif (!id || id === DEFAULT_ID) data.activeId = null;\n\telse if (id === LOCAL_ELECTRON_ID) {\n\t\tif (!localEndpoint()) throw new Error(\"Local OpenCode is not running (Electron only)\");\n\t\tdata.activeId = LOCAL_ELECTRON_ID;\n\t} else {\n\t\tif (!data.endpoints.some((e) => e.id === id)) throw new Error(`Endpoint not found: ${id}`);\n\t\tdata.activeId = id;\n\t}\n\twriteFile(data);\n\treturn getActiveEndpoint();\n}\nfunction addEndpoint(input) {\n\tconst label = input.label.trim();\n\tif (!label) throw new Error(\"Label is required\");\n\tconst url = normalizeEndpointUrl(input.url);\n\tif (!url) throw new Error(\"URL must be a valid http(s) URL\");\n\tconst data = readFile();\n\tconst entry = {\n\t\tid: randomUUID(),\n\t\tlabel,\n\t\turl,\n\t\t...input.password ? { password: input.password } : {}\n\t};\n\tdata.endpoints.push(entry);\n\twriteFile(data);\n\treturn entry;\n}\nfunction updateEndpoint(id, patch) {\n\tif (id === DEFAULT_ID) throw new Error(\"Cannot edit the default endpoint\");\n\tif (id === LOCAL_ELECTRON_ID) throw new Error(\"Cannot edit the local Electron OpenCode entry (it is ephemeral and per-launch)\");\n\tconst data = readFile();\n\tconst idx = data.endpoints.findIndex((e) => e.id === id);\n\tif (idx === -1) throw new Error(`Endpoint not found: ${id}`);\n\tconst next = { ...data.endpoints[idx] };\n\tif (patch.label !== void 0) {\n\t\tconst label = patch.label.trim();\n\t\tif (!label) throw new Error(\"Label cannot be empty\");\n\t\tnext.label = label;\n\t}\n\tif (patch.url !== void 0) {\n\t\tconst url = normalizeEndpointUrl(patch.url);\n\t\tif (!url) throw new Error(\"URL must be a valid http(s) URL\");\n\t\tnext.url = url;\n\t}\n\tif (patch.password === null) delete next.password;\n\telse if (typeof patch.password === \"string\") next.password = patch.password;\n\tdata.endpoints[idx] = next;\n\twriteFile(data);\n\treturn next;\n}\nfunction deleteEndpoint(id) {\n\tif (id === DEFAULT_ID) throw new Error(\"Cannot delete the default endpoint\");\n\tif (id === LOCAL_ELECTRON_ID) throw new Error(\"Cannot delete the local Electron OpenCode entry (managed by Electron lifecycle)\");\n\tconst data = readFile();\n\tconst idx = data.endpoints.findIndex((e) => e.id === id);\n\tif (idx === -1) throw new Error(`Endpoint not found: ${id}`);\n\tdata.endpoints.splice(idx, 1);\n\tif (data.activeId === id) data.activeId = null;\n\twriteFile(data);\n}\n//#endregion\nexport { setActiveId as a, getState as c, listEndpoints as i, resetState as l, deleteEndpoint as n, updateEndpoint as o, getActiveEndpoint as r, validateEndpointUrl as s, addEndpoint as t };\n"],"names":[],"mappings":";;;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,GAAG,IAAI;AACjB,SAAS,QAAQ,GAAG;AACpB,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,EAAE;AACpC,CAAC,OAAO,MAAM;AACd;AACA;AACA;AACA;AACA;AACA,SAAS,UAAU,GAAG;AACtB,CAAC,MAAM,GAAG,IAAI;AACd;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,UAAU,GAAG,SAAS;AAC1B,IAAI,iBAAiB,GAAG,gBAAgB;AACxC,SAAS,aAAa,GAAG;AACzB,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA,SAAS,mBAAmB,GAAG;AAC/B,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,qBAAqB,CAAC;AACpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,+BAA+B,GAAG;AAC3C,CAAC,MAAM,OAAO,GAAG,aAAa,EAAE;AAChC,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE;AAC1B,CAAC,MAAM,OAAO,GAAG,mBAAmB,EAAE;AACtC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AAC3B,CAAC,IAAI;AACL,EAAE,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAClD,EAAE,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AAC9D,EAAE,IAAI;AACN,GAAG,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC;AAC1B,EAAE,CAAC,CAAC,MAAM,CAAC;AACX,EAAE,UAAU,CAAC,OAAO,CAAC;AACrB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wJAAwJ,EAAE,CAAC,CAAC;AAC3K,CAAC;AACD;AACA,SAAS,gBAAgB,GAAG;AAC5B,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,4BAA4B,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,gBAAgB,GAAG;AAC5B,CAAC,MAAM,IAAI,GAAG,gBAAgB,EAAE;AAChC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AACnC,CAAC,IAAI;AACL,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACxD,EAAE,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI;AAC3E,EAAE,OAAO;AACT,GAAG,GAAG,EAAE,MAAM,CAAC,GAAG;AAClB,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;AAC3E,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;AAC3E,GAAG,GAAG,EAAE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,GAAG,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC;AAC5D,GAAG,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,GAAG,MAAM,CAAC,SAAS,GAAG,KAAK;AAC7E,GAAG;AACH,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAE,CAAC,CAAC;AAC7E,EAAE,OAAO,IAAI;AACb,CAAC;AACD;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,EAAE,GAAG,gBAAgB,EAAE;AAC9B,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,IAAI;AACrB,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,iBAAiB;AACvB,EAAE,KAAK,EAAE,gBAAgB;AACzB,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG;AACb,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,IAAI,UAAU;AACrC,EAAE,GAAG,EAAE,CAAC,QAAQ,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;AACjD,EAAE,SAAS,EAAE,KAAK;AAClB,EAAE,OAAO,EAAE;AACX,EAAE;AACF;AACA,SAAS,QAAQ,GAAG;AACpB,CAAC,+BAA+B,EAAE;AAClC,CAAC,IAAI,IAAI,GAAG,aAAa,EAAE;AAC3B,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AACxB,EAAE,MAAM,MAAM,GAAG,mBAAmB,EAAE;AACtC,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,OAAO;AAClC,GAAG,QAAQ,EAAE,IAAI;AACjB,GAAG,SAAS,EAAE;AACd,GAAG;AACH,EAAE,IAAI,GAAG,MAAM;AACf,CAAC;AACD,CAAC,IAAI;AACL,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACxD,EAAE,OAAO;AACT,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI;AACzE,GAAG,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG;AACxF,GAAG;AACH,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC;AAC3E,EAAE,OAAO;AACT,GAAG,QAAQ,EAAE,IAAI;AACjB,GAAG,SAAS,EAAE;AACd,GAAG;AACH,CAAC;AACD;AACA,SAAS,YAAY,CAAC,CAAC,EAAE;AACzB,CAAC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AAC9C,CAAC,MAAM,CAAC,GAAG,CAAC;AACZ,CAAC,OAAO,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;AAC5F;AACA,SAAS,SAAS,CAAC,IAAI,EAAE;AACzB,CAAC,MAAM,IAAI,GAAG,aAAa,EAAE;AAC7B,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC9C,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;AACpD,EAAE,QAAQ,EAAE,OAAO;AACnB,EAAE,IAAI,EAAE;AACR,EAAE,CAAC;AACH,CAAC,IAAI;AACL,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC;AACtB,CAAC,CAAC,CAAC,MAAM,CAAC;AACV;AACA,SAAS,eAAe,GAAG;AAC3B,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,UAAU;AAChB,EAAE,KAAK,EAAE,iBAAiB;AAC1B,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,MAAM,CAAC,CAAC;AACnI,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,UAAU;AAC9D,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,MAAM;AAC1D,EAAE,SAAS,EAAE;AACb,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,IAAI,GAAG,CAAC;AAC7B,CAAC,WAAW;AACZ,CAAC,KAAK;AACN,CAAC,WAAW;AACZ,CAAC;AACD,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA,SAAS,cAAc,CAAC,QAAQ,EAAE;AAClC,CAAC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC;AACpC;AACA;AACA;AACA;AACA;AACA,SAAS,mBAAmB,CAAC,KAAK,EAAE;AACpC,CAAC,IAAI,CAAC;AACN,CAAC,IAAI;AACL,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;AAC3B,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO;AACT,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,MAAM,EAAE;AACX,GAAG;AACH,CAAC;AACD,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,OAAO;AAC/D,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO;AACzB,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,OAAO;AACnE,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,IAAI;AACV,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE;AACrC,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,oBAAoB,CAAC,KAAK,EAAE;AACrC,CAAC,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC;AAC1C,CAAC,OAAO,MAAM,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI;AACrC;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;AACjC,CAAC,MAAM,KAAK,GAAG,aAAa,EAAE;AAC9B,CAAC,OAAO;AACR,EAAE,GAAG,KAAK,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE;AACzB,EAAE,eAAe,EAAE;AACnB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;AAC3B,GAAG,GAAG,CAAC;AACP,GAAG,SAAS,EAAE;AACd,GAAG,CAAC;AACJ,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;AAC3C,CAAC,IAAI,QAAQ,KAAK,iBAAiB,EAAE;AACrC,EAAE,MAAM,KAAK,GAAG,aAAa,EAAE;AAC/B,EAAE,IAAI,KAAK,EAAE,OAAO,KAAK;AACzB,EAAE,OAAO,eAAe,EAAE;AAC1B,CAAC;AACD,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,UAAU,EAAE,OAAO,eAAe,EAAE;AACnE,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC;AACvD,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,eAAe,EAAE;AACrC,CAAC,OAAO;AACR,EAAE,GAAG,KAAK;AACV,EAAE,SAAS,EAAE;AACb,EAAE;AACF;AACA,SAAS,WAAW,CAAC,EAAE,EAAE;AACzB,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,UAAU,EAAE,IAAI,CAAC,QAAQ,GAAG,IAAI;AACnD,MAAM,IAAI,EAAE,KAAK,iBAAiB,EAAE;AACpC,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC;AACxF,EAAE,IAAI,CAAC,QAAQ,GAAG,iBAAiB;AACnC,CAAC,CAAC,MAAM;AACR,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC5F,EAAE,IAAI,CAAC,QAAQ,GAAG,EAAE;AACpB,CAAC;AACD,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,iBAAiB,EAAE;AAC3B;AACA,SAAS,WAAW,CAAC,KAAK,EAAE;AAC5B,CAAC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;AACjC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC;AACjD,CAAC,MAAM,GAAG,GAAG,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC;AAC5C,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC;AAC7D,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,KAAK,GAAG;AACf,EAAE,EAAE,EAAE,UAAU,EAAE;AAClB,EAAE,KAAK;AACP,EAAE,GAAG;AACL,EAAE,GAAG,KAAK,CAAC,QAAQ,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,GAAG;AACrD,EAAE;AACF,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;AAC3B,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,KAAK;AACb;AACA,SAAS,cAAc,CAAC,EAAE,EAAE,KAAK,EAAE;AACnC,CAAC,IAAI,EAAE,KAAK,UAAU,EAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC;AAC3E,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,IAAI,KAAK,CAAC,gFAAgF,CAAC;AAChI,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC,IAAI,GAAG,KAAK,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC,MAAM,IAAI,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;AACxC,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;AAC7B,EAAE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;AAClC,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC;AACtD,EAAE,IAAI,CAAC,KAAK,GAAG,KAAK;AACpB,CAAC;AACD,CAAC,IAAI,KAAK,CAAC,GAAG,KAAK,MAAM,EAAE;AAC3B,EAAE,MAAM,GAAG,GAAG,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC;AAC7C,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC;AAC9D,EAAE,IAAI,CAAC,GAAG,GAAG,GAAG;AAChB,CAAC;AACD,CAAC,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE,OAAO,IAAI,CAAC,QAAQ;AAClD,MAAM,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ;AAC5E,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI;AAC3B,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,IAAI;AACZ;AACA,SAAS,cAAc,CAAC,EAAE,EAAE;AAC5B,CAAC,IAAI,EAAE,KAAK,UAAU,EAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC;AAC7E,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC;AACjI,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC,IAAI,GAAG,KAAK,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;AAC9B,CAAC,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,EAAE,IAAI,CAAC,QAAQ,GAAG,IAAI;AAC/C,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB;;;;"}
+{"version":3,"file":"endpoints-Dz6qhKXB.js","sources":["../../../.svelte-kit/adapter-node/chunks/endpoints.js"],"sourcesContent":["import { S as createState } from \"./src.js\";\nimport { chmodSync, existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from \"node:fs\";\nimport { dirname } from \"node:path\";\nimport { randomUUID } from \"node:crypto\";\n//#region src/lib/server/state.ts\n/**\n* Singleton control plane state — shared across all SvelteKit server routes.\n*\n* Initialized once on server start. All API endpoints operate on this\n* shared state instance.\n*/\nvar _state = null;\nfunction getState() {\n\tif (!_state) _state = createState();\n\treturn _state;\n}\n/**\n* Bust the singleton so the next getState() call re-reads from disk.\n* Called after performSetup() writes new tokens to stack.env.\n*/\nfunction resetState() {\n\t_state = null;\n}\n//#endregion\n//#region src/lib/server/endpoints.ts\n/**\n* Assistant endpoints — list of OpenCode servers the UI can target, with\n* one marked active. The \"default\" entry is synthesized from environment\n* (OP_OPENCODE_URL / OP_ASSISTANT_URL / OP_ASSISTANT_PORT) and cannot be\n* deleted. User-added endpoints are persisted to a JSON file in the\n* config directory (it's user-owned configuration, not service state —\n* see Phase 5 / D4 in docs/technical/auth-and-proxy-refactor-plan.md).\n*\n* File: ${configDir}/endpoints.json (mode 0600)\n* Shape: { activeId: string | null, endpoints: EndpointEntry[] }\n*   - activeId === null or \"default\" → use the env-derived default\n*   - activeId === \"<id>\" → use the matching user entry (falls back to default if not found)\n*\n* Legacy path: ${dataDir}/admin/endpoints.json. Old installs are\n* migrated lazily on first read by maybeMigrateLegacyEndpointsFile().\n*/\nvar DEFAULT_ID = \"default\";\nvar LOCAL_ELECTRON_ID = \"local-electron\";\nfunction endpointsPath() {\n\treturn `${getState().configDir}/endpoints.json`;\n}\n/**\n* Legacy path used before Phase 5 of the auth/proxy refactor.\n* See docs/technical/auth-and-proxy-refactor-plan.md § Phase 5 / D4.\n*/\nfunction legacyEndpointsPath() {\n\treturn `${getState().dataDir}/admin/endpoints.json`;\n}\n/**\n* One-shot lazy migration from the legacy data/ path to the new config/ path.\n*\n* Phase 5 of docs/technical/auth-and-proxy-refactor-plan.md (D6 step 3):\n*   - If the new path already exists → no-op (already migrated).\n*   - If the legacy path doesn't exist → no-op (fresh install).\n*   - Otherwise copy contents to the new path (mode 0600), then unlink legacy.\n*\n* If the migration fails partway, the legacy file is left in place so reads\n* fall back to it for the remainder of this session. Idempotent across\n* process restarts because the existence check makes it a no-op after the\n* first successful run.\n*/\nfunction maybeMigrateLegacyEndpointsFile() {\n\tconst newPath = endpointsPath();\n\tif (existsSync(newPath)) return;\n\tconst oldPath = legacyEndpointsPath();\n\tif (!existsSync(oldPath)) return;\n\ttry {\n\t\tmkdirSync(dirname(newPath), { recursive: true });\n\t\twriteFileSync(newPath, readFileSync(oldPath), { mode: 384 });\n\t\ttry {\n\t\t\tchmodSync(newPath, 384);\n\t\t} catch {}\n\t\tunlinkSync(oldPath);\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to migrate legacy endpoints.json from data/ to config/. Leaving the old file in place; reads will fall back to it for this session.\", e);\n\t}\n}\nfunction localRuntimePath() {\n\treturn `${getState().dataDir}/local-opencode.runtime.json`;\n}\n/**\n* Read the Electron-written runtime.json each time it's needed. The file is\n* 0600 and is rewritten on each Electron launch (random password per launch),\n* so callers must NOT cache the result.\n*/\nfunction readLocalRuntime() {\n\tconst path = localRuntimePath();\n\tif (!existsSync(path)) return null;\n\ttry {\n\t\tconst parsed = JSON.parse(readFileSync(path, \"utf-8\"));\n\t\tif (!parsed || typeof parsed.url !== \"string\" || !parsed.url) return null;\n\t\treturn {\n\t\t\turl: parsed.url,\n\t\t\tusername: typeof parsed.username === \"string\" ? parsed.username : void 0,\n\t\t\tpassword: typeof parsed.password === \"string\" ? parsed.password : void 0,\n\t\t\tpid: typeof parsed.pid === \"number\" ? parsed.pid : void 0,\n\t\t\tstartedAt: typeof parsed.startedAt === \"string\" ? parsed.startedAt : void 0\n\t\t};\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to parse local-opencode.runtime.json:\", e);\n\t\treturn null;\n\t}\n}\nfunction localEndpoint() {\n\tconst rt = readLocalRuntime();\n\tif (!rt) return null;\n\treturn {\n\t\tid: LOCAL_ELECTRON_ID,\n\t\tlabel: \"OpenPalm Admin\",\n\t\turl: rt.url,\n\t\tusername: rt.username || \"openpalm\",\n\t\t...rt.password ? { password: rt.password } : {},\n\t\tisDefault: false,\n\t\tisLocal: true\n\t};\n}\nfunction readFile() {\n\tmaybeMigrateLegacyEndpointsFile();\n\tlet path = endpointsPath();\n\tif (!existsSync(path)) {\n\t\tconst legacy = legacyEndpointsPath();\n\t\tif (!existsSync(legacy)) return {\n\t\t\tactiveId: null,\n\t\t\tendpoints: []\n\t\t};\n\t\tpath = legacy;\n\t}\n\ttry {\n\t\tconst parsed = JSON.parse(readFileSync(path, \"utf-8\"));\n\t\treturn {\n\t\t\tactiveId: typeof parsed.activeId === \"string\" ? parsed.activeId : null,\n\t\t\tendpoints: Array.isArray(parsed.endpoints) ? parsed.endpoints.filter(isValidEntry) : []\n\t\t};\n\t} catch (e) {\n\t\tconsole.warn(\"[endpoints] Failed to parse endpoints.json, resetting:\", e);\n\t\treturn {\n\t\t\tactiveId: null,\n\t\t\tendpoints: []\n\t\t};\n\t}\n}\nfunction isValidEntry(e) {\n\tif (!e || typeof e !== \"object\") return false;\n\tconst o = e;\n\treturn typeof o.id === \"string\" && typeof o.label === \"string\" && typeof o.url === \"string\";\n}\nfunction writeFile(data) {\n\tconst path = endpointsPath();\n\tmkdirSync(dirname(path), { recursive: true });\n\twriteFileSync(path, JSON.stringify(data, null, 2), {\n\t\tencoding: \"utf-8\",\n\t\tmode: 384\n\t});\n\ttry {\n\t\tchmodSync(path, 384);\n\t} catch {}\n}\nfunction defaultEndpoint() {\n\treturn {\n\t\tid: DEFAULT_ID,\n\t\tlabel: \"Local Assistant\",\n\t\turl: process.env.OP_OPENCODE_URL ?? process.env.OP_ASSISTANT_URL ?? `http://localhost:${process.env.OP_ASSISTANT_PORT ?? \"3800\"}`,\n\t\tusername: process.env.OPENCODE_SERVER_USERNAME || \"openpalm\",\n\t\tpassword: process.env.OPENCODE_SERVER_PASSWORD || void 0,\n\t\tisDefault: true\n\t};\n}\n/**\n* Hostnames where plain HTTP is permitted. Anything else must use HTTPS.\n*\n* - `127.0.0.1`, `::1`, `localhost` — loopback addresses on the same host.\n* - `host.docker.internal` — Docker's loopback-equivalent for the container\n*   hop back to the host (used by the Electron + dev compose setups).\n*\n* Phase 6 of docs/technical/auth-and-proxy-refactor-plan.md.\n*/\nvar LOOPBACK_HOSTS = new Set([\n\t\"127.0.0.1\",\n\t\"::1\",\n\t\"localhost\",\n\t\"host.docker.internal\"\n]);\n/**\n* `URL.hostname` wraps IPv6 addresses in square brackets (e.g. `[::1]`).\n* Strip them before checking against the loopback set so the literal IPv6\n* loopback matches `::1`.\n*/\nfunction isLoopbackHost(hostname) {\n\tconst stripped = hostname.toLowerCase().replace(/^\\[|\\]$/g, \"\");\n\treturn LOOPBACK_HOSTS.has(stripped);\n}\n/**\n* Discriminated validator that callers (admin routes) use to surface\n* specific error messages — in particular, the HTTPS-for-remote rule.\n*/\nfunction validateEndpointUrl(input) {\n\tlet u;\n\ttry {\n\t\tu = new URL(input.trim());\n\t} catch {\n\t\treturn {\n\t\t\tok: false,\n\t\t\treason: \"invalid_url\"\n\t\t};\n\t}\n\tif (u.protocol !== \"http:\" && u.protocol !== \"https:\") return {\n\t\tok: false,\n\t\treason: \"invalid_scheme\"\n\t};\n\tif (!u.hostname) return {\n\t\tok: false,\n\t\treason: \"missing_host\"\n\t};\n\tif (u.protocol === \"http:\" && !isLoopbackHost(u.hostname)) return {\n\t\tok: false,\n\t\treason: \"http_not_allowed\"\n\t};\n\treturn {\n\t\tok: true,\n\t\turl: u.toString().replace(/\\/$/, \"\")\n\t};\n}\n/**\n* Validate a URL string — must be http(s) with a host. Plain HTTP is only\n* allowed for loopback hosts (see `LOOPBACK_HOSTS`). Returns the normalized\n* URL or null. For finer-grained errors, use `validateEndpointUrl`.\n*/\nfunction normalizeEndpointUrl(input) {\n\tconst result = validateEndpointUrl(input);\n\treturn result.ok ? result.url : null;\n}\n/**\n* Returns: [local-electron (if Electron is running it), default, ...user entries].\n* The local-electron entry is synthesized at call time from\n* state/local-opencode.runtime.json — never persisted to endpoints.json.\n*/\nfunction listEndpoints() {\n\tconst { endpoints } = readFile();\n\tconst local = localEndpoint();\n\treturn [\n\t\t...local ? [local] : [],\n\t\tdefaultEndpoint(),\n\t\t...endpoints.map((e) => ({\n\t\t\t...e,\n\t\t\tisDefault: false\n\t\t}))\n\t];\n}\n/**\n* Returns the active endpoint, falling back to the default if no active id is\n* set OR if the active id is `local-electron` but the runtime.json isn't there\n* (e.g. the Electron child died). Re-reads runtime.json each call so a\n* password rotated by a new Electron launch is picked up immediately.\n*/\nfunction getActiveEndpoint() {\n\tconst { activeId, endpoints } = readFile();\n\tif (activeId === LOCAL_ELECTRON_ID) {\n\t\tconst local = localEndpoint();\n\t\tif (local) return local;\n\t\treturn defaultEndpoint();\n\t}\n\tif (!activeId || activeId === DEFAULT_ID) return defaultEndpoint();\n\tconst found = endpoints.find((e) => e.id === activeId);\n\tif (!found) return defaultEndpoint();\n\treturn {\n\t\t...found,\n\t\tisDefault: false\n\t};\n}\nfunction setActiveId(id) {\n\tconst data = readFile();\n\tif (!id || id === DEFAULT_ID) data.activeId = null;\n\telse if (id === LOCAL_ELECTRON_ID) {\n\t\tif (!localEndpoint()) throw new Error(\"Local OpenCode is not running (Electron only)\");\n\t\tdata.activeId = LOCAL_ELECTRON_ID;\n\t} else {\n\t\tif (!data.endpoints.some((e) => e.id === id)) throw new Error(`Endpoint not found: ${id}`);\n\t\tdata.activeId = id;\n\t}\n\twriteFile(data);\n\treturn getActiveEndpoint();\n}\nfunction addEndpoint(input) {\n\tconst label = input.label.trim();\n\tif (!label) throw new Error(\"Label is required\");\n\tconst url = normalizeEndpointUrl(input.url);\n\tif (!url) throw new Error(\"URL must be a valid http(s) URL\");\n\tconst data = readFile();\n\tconst entry = {\n\t\tid: randomUUID(),\n\t\tlabel,\n\t\turl,\n\t\t...input.password ? { password: input.password } : {}\n\t};\n\tdata.endpoints.push(entry);\n\twriteFile(data);\n\treturn entry;\n}\nfunction updateEndpoint(id, patch) {\n\tif (id === DEFAULT_ID) throw new Error(\"Cannot edit the default endpoint\");\n\tif (id === LOCAL_ELECTRON_ID) throw new Error(\"Cannot edit the local Electron OpenCode entry (it is ephemeral and per-launch)\");\n\tconst data = readFile();\n\tconst idx = data.endpoints.findIndex((e) => e.id === id);\n\tif (idx === -1) throw new Error(`Endpoint not found: ${id}`);\n\tconst next = { ...data.endpoints[idx] };\n\tif (patch.label !== void 0) {\n\t\tconst label = patch.label.trim();\n\t\tif (!label) throw new Error(\"Label cannot be empty\");\n\t\tnext.label = label;\n\t}\n\tif (patch.url !== void 0) {\n\t\tconst url = normalizeEndpointUrl(patch.url);\n\t\tif (!url) throw new Error(\"URL must be a valid http(s) URL\");\n\t\tnext.url = url;\n\t}\n\tif (patch.password === null) delete next.password;\n\telse if (typeof patch.password === \"string\") next.password = patch.password;\n\tdata.endpoints[idx] = next;\n\twriteFile(data);\n\treturn next;\n}\nfunction deleteEndpoint(id) {\n\tif (id === DEFAULT_ID) throw new Error(\"Cannot delete the default endpoint\");\n\tif (id === LOCAL_ELECTRON_ID) throw new Error(\"Cannot delete the local Electron OpenCode entry (managed by Electron lifecycle)\");\n\tconst data = readFile();\n\tconst idx = data.endpoints.findIndex((e) => e.id === id);\n\tif (idx === -1) throw new Error(`Endpoint not found: ${id}`);\n\tdata.endpoints.splice(idx, 1);\n\tif (data.activeId === id) data.activeId = null;\n\twriteFile(data);\n}\n//#endregion\nexport { setActiveId as a, getState as c, listEndpoints as i, resetState as l, deleteEndpoint as n, updateEndpoint as o, getActiveEndpoint as r, validateEndpointUrl as s, addEndpoint as t };\n"],"names":[],"mappings":";;;;;AAIA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,MAAM,GAAG,IAAI;AACjB,SAAS,QAAQ,GAAG;AACpB,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,GAAG,WAAW,EAAE;AACpC,CAAC,OAAO,MAAM;AACd;AACA;AACA;AACA;AACA;AACA,SAAS,UAAU,GAAG;AACtB,CAAC,MAAM,GAAG,IAAI;AACd;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,UAAU,GAAG,SAAS;AAC1B,IAAI,iBAAiB,GAAG,gBAAgB;AACxC,SAAS,aAAa,GAAG;AACzB,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,SAAS,CAAC,eAAe,CAAC;AAChD;AACA;AACA;AACA;AACA;AACA,SAAS,mBAAmB,GAAG;AAC/B,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,qBAAqB,CAAC;AACpD;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,+BAA+B,GAAG;AAC3C,CAAC,MAAM,OAAO,GAAG,aAAa,EAAE;AAChC,CAAC,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE;AAC1B,CAAC,MAAM,OAAO,GAAG,mBAAmB,EAAE;AACtC,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AAC3B,CAAC,IAAI;AACL,EAAE,SAAS,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAClD,EAAE,aAAa,CAAC,OAAO,EAAE,YAAY,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;AAC9D,EAAE,IAAI;AACN,GAAG,SAAS,CAAC,OAAO,EAAE,GAAG,CAAC;AAC1B,EAAE,CAAC,CAAC,MAAM,CAAC;AACX,EAAE,UAAU,CAAC,OAAO,CAAC;AACrB,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wJAAwJ,EAAE,CAAC,CAAC;AAC3K,CAAC;AACD;AACA,SAAS,gBAAgB,GAAG;AAC5B,CAAC,OAAO,CAAC,EAAE,QAAQ,EAAE,CAAC,OAAO,CAAC,4BAA4B,CAAC;AAC3D;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,gBAAgB,GAAG;AAC5B,CAAC,MAAM,IAAI,GAAG,gBAAgB,EAAE;AAChC,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AACnC,CAAC,IAAI;AACL,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACxD,EAAE,IAAI,CAAC,MAAM,IAAI,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,IAAI,CAAC,MAAM,CAAC,GAAG,EAAE,OAAO,IAAI;AAC3E,EAAE,OAAO;AACT,GAAG,GAAG,EAAE,MAAM,CAAC,GAAG;AAClB,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;AAC3E,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,KAAK,CAAC;AAC3E,GAAG,GAAG,EAAE,OAAO,MAAM,CAAC,GAAG,KAAK,QAAQ,GAAG,MAAM,CAAC,GAAG,GAAG,KAAK,CAAC;AAC5D,GAAG,SAAS,EAAE,OAAO,MAAM,CAAC,SAAS,KAAK,QAAQ,GAAG,MAAM,CAAC,SAAS,GAAG,KAAK;AAC7E,GAAG;AACH,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,0DAA0D,EAAE,CAAC,CAAC;AAC7E,EAAE,OAAO,IAAI;AACb,CAAC;AACD;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,EAAE,GAAG,gBAAgB,EAAE;AAC9B,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,IAAI;AACrB,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,iBAAiB;AACvB,EAAE,KAAK,EAAE,gBAAgB;AACzB,EAAE,GAAG,EAAE,EAAE,CAAC,GAAG;AACb,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,IAAI,UAAU;AACrC,EAAE,GAAG,EAAE,CAAC,QAAQ,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;AACjD,EAAE,SAAS,EAAE,KAAK;AAClB,EAAE,OAAO,EAAE;AACX,EAAE;AACF;AACA,SAAS,QAAQ,GAAG;AACpB,CAAC,+BAA+B,EAAE;AAClC,CAAC,IAAI,IAAI,GAAG,aAAa,EAAE;AAC3B,CAAC,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE;AACxB,EAAE,MAAM,MAAM,GAAG,mBAAmB,EAAE;AACtC,EAAE,IAAI,CAAC,UAAU,CAAC,MAAM,CAAC,EAAE,OAAO;AAClC,GAAG,QAAQ,EAAE,IAAI;AACjB,GAAG,SAAS,EAAE;AACd,GAAG;AACH,EAAE,IAAI,GAAG,MAAM;AACf,CAAC;AACD,CAAC,IAAI;AACL,EAAE,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;AACxD,EAAE,OAAO;AACT,GAAG,QAAQ,EAAE,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,GAAG,MAAM,CAAC,QAAQ,GAAG,IAAI;AACzE,GAAG,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG;AACxF,GAAG;AACH,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC;AAC3E,EAAE,OAAO;AACT,GAAG,QAAQ,EAAE,IAAI;AACjB,GAAG,SAAS,EAAE;AACd,GAAG;AACH,CAAC;AACD;AACA,SAAS,YAAY,CAAC,CAAC,EAAE;AACzB,CAAC,IAAI,CAAC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AAC9C,CAAC,MAAM,CAAC,GAAG,CAAC;AACZ,CAAC,OAAO,OAAO,CAAC,CAAC,EAAE,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,KAAK,KAAK,QAAQ,IAAI,OAAO,CAAC,CAAC,GAAG,KAAK,QAAQ;AAC5F;AACA,SAAS,SAAS,CAAC,IAAI,EAAE;AACzB,CAAC,MAAM,IAAI,GAAG,aAAa,EAAE;AAC7B,CAAC,SAAS,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;AAC9C,CAAC,aAAa,CAAC,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;AACpD,EAAE,QAAQ,EAAE,OAAO;AACnB,EAAE,IAAI,EAAE;AACR,EAAE,CAAC;AACH,CAAC,IAAI;AACL,EAAE,SAAS,CAAC,IAAI,EAAE,GAAG,CAAC;AACtB,CAAC,CAAC,CAAC,MAAM,CAAC;AACV;AACA,SAAS,eAAe,GAAG;AAC3B,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,UAAU;AAChB,EAAE,KAAK,EAAE,iBAAiB;AAC1B,EAAE,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,CAAC,iBAAiB,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,MAAM,CAAC,CAAC;AACnI,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,UAAU;AAC9D,EAAE,QAAQ,EAAE,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,MAAM;AAC1D,EAAE,SAAS,EAAE;AACb,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,IAAI,GAAG,CAAC;AAC7B,CAAC,WAAW;AACZ,CAAC,KAAK;AACN,CAAC,WAAW;AACZ,CAAC;AACD,CAAC,CAAC;AACF;AACA;AACA;AACA;AACA;AACA,SAAS,cAAc,CAAC,QAAQ,EAAE;AAClC,CAAC,MAAM,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,UAAU,EAAE,EAAE,CAAC;AAChE,CAAC,OAAO,cAAc,CAAC,GAAG,CAAC,QAAQ,CAAC;AACpC;AACA;AACA;AACA;AACA;AACA,SAAS,mBAAmB,CAAC,KAAK,EAAE;AACpC,CAAC,IAAI,CAAC;AACN,CAAC,IAAI;AACL,EAAE,CAAC,GAAG,IAAI,GAAG,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;AAC3B,CAAC,CAAC,CAAC,MAAM;AACT,EAAE,OAAO;AACT,GAAG,EAAE,EAAE,KAAK;AACZ,GAAG,MAAM,EAAE;AACX,GAAG;AACH,CAAC;AACD,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,CAAC,QAAQ,KAAK,QAAQ,EAAE,OAAO;AAC/D,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,IAAI,CAAC,CAAC,CAAC,QAAQ,EAAE,OAAO;AACzB,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,IAAI,CAAC,CAAC,QAAQ,KAAK,OAAO,IAAI,CAAC,cAAc,CAAC,CAAC,CAAC,QAAQ,CAAC,EAAE,OAAO;AACnE,EAAE,EAAE,EAAE,KAAK;AACX,EAAE,MAAM,EAAE;AACV,EAAE;AACF,CAAC,OAAO;AACR,EAAE,EAAE,EAAE,IAAI;AACV,EAAE,GAAG,EAAE,CAAC,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE;AACrC,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,oBAAoB,CAAC,KAAK,EAAE;AACrC,CAAC,MAAM,MAAM,GAAG,mBAAmB,CAAC,KAAK,CAAC;AAC1C,CAAC,OAAO,MAAM,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,GAAG,IAAI;AACrC;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;AACjC,CAAC,MAAM,KAAK,GAAG,aAAa,EAAE;AAC9B,CAAC,OAAO;AACR,EAAE,GAAG,KAAK,GAAG,CAAC,KAAK,CAAC,GAAG,EAAE;AACzB,EAAE,eAAe,EAAE;AACnB,EAAE,GAAG,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;AAC3B,GAAG,GAAG,CAAC;AACP,GAAG,SAAS,EAAE;AACd,GAAG,CAAC;AACJ,EAAE;AACF;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,QAAQ,EAAE;AAC3C,CAAC,IAAI,QAAQ,KAAK,iBAAiB,EAAE;AACrC,EAAE,MAAM,KAAK,GAAG,aAAa,EAAE;AAC/B,EAAE,IAAI,KAAK,EAAE,OAAO,KAAK;AACzB,EAAE,OAAO,eAAe,EAAE;AAC1B,CAAC;AACD,CAAC,IAAI,CAAC,QAAQ,IAAI,QAAQ,KAAK,UAAU,EAAE,OAAO,eAAe,EAAE;AACnE,CAAC,MAAM,KAAK,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,QAAQ,CAAC;AACvD,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,eAAe,EAAE;AACrC,CAAC,OAAO;AACR,EAAE,GAAG,KAAK;AACV,EAAE,SAAS,EAAE;AACb,EAAE;AACF;AACA,SAAS,WAAW,CAAC,EAAE,EAAE;AACzB,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,KAAK,UAAU,EAAE,IAAI,CAAC,QAAQ,GAAG,IAAI;AACnD,MAAM,IAAI,EAAE,KAAK,iBAAiB,EAAE;AACpC,EAAE,IAAI,CAAC,aAAa,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC;AACxF,EAAE,IAAI,CAAC,QAAQ,GAAG,iBAAiB;AACnC,CAAC,CAAC,MAAM;AACR,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC5F,EAAE,IAAI,CAAC,QAAQ,GAAG,EAAE;AACpB,CAAC;AACD,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,iBAAiB,EAAE;AAC3B;AACA,SAAS,WAAW,CAAC,KAAK,EAAE;AAC5B,CAAC,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;AACjC,CAAC,IAAI,CAAC,KAAK,EAAE,MAAM,IAAI,KAAK,CAAC,mBAAmB,CAAC;AACjD,CAAC,MAAM,GAAG,GAAG,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC;AAC5C,CAAC,IAAI,CAAC,GAAG,EAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC;AAC7D,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,KAAK,GAAG;AACf,EAAE,EAAE,EAAE,UAAU,EAAE;AAClB,EAAE,KAAK;AACP,EAAE,GAAG;AACL,EAAE,GAAG,KAAK,CAAC,QAAQ,GAAG,EAAE,QAAQ,EAAE,KAAK,CAAC,QAAQ,EAAE,GAAG;AACrD,EAAE;AACF,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC;AAC3B,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,KAAK;AACb;AACA,SAAS,cAAc,CAAC,EAAE,EAAE,KAAK,EAAE;AACnC,CAAC,IAAI,EAAE,KAAK,UAAU,EAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC;AAC3E,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,IAAI,KAAK,CAAC,gFAAgF,CAAC;AAChI,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC,IAAI,GAAG,KAAK,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC,MAAM,IAAI,GAAG,EAAE,GAAG,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;AACxC,CAAC,IAAI,KAAK,CAAC,KAAK,KAAK,MAAM,EAAE;AAC7B,EAAE,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,IAAI,EAAE;AAClC,EAAE,IAAI,CAAC,KAAK,EAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,CAAC;AACtD,EAAE,IAAI,CAAC,KAAK,GAAG,KAAK;AACpB,CAAC;AACD,CAAC,IAAI,KAAK,CAAC,GAAG,KAAK,MAAM,EAAE;AAC3B,EAAE,MAAM,GAAG,GAAG,oBAAoB,CAAC,KAAK,CAAC,GAAG,CAAC;AAC7C,EAAE,IAAI,CAAC,GAAG,EAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,CAAC;AAC9D,EAAE,IAAI,CAAC,GAAG,GAAG,GAAG;AAChB,CAAC;AACD,CAAC,IAAI,KAAK,CAAC,QAAQ,KAAK,IAAI,EAAE,OAAO,IAAI,CAAC,QAAQ;AAClD,MAAM,IAAI,OAAO,KAAK,CAAC,QAAQ,KAAK,QAAQ,EAAE,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC,QAAQ;AAC5E,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,IAAI;AAC3B,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB,CAAC,OAAO,IAAI;AACZ;AACA,SAAS,cAAc,CAAC,EAAE,EAAE;AAC5B,CAAC,IAAI,EAAE,KAAK,UAAU,EAAE,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC;AAC7E,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE,MAAM,IAAI,KAAK,CAAC,iFAAiF,CAAC;AACjI,CAAC,MAAM,IAAI,GAAG,QAAQ,EAAE;AACxB,CAAC,MAAM,GAAG,GAAG,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,KAAK,EAAE,CAAC;AACzD,CAAC,IAAI,GAAG,KAAK,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,oBAAoB,EAAE,EAAE,CAAC,CAAC,CAAC;AAC7D,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC;AAC9B,CAAC,IAAI,IAAI,CAAC,QAAQ,KAAK,EAAE,EAAE,IAAI,CAAC,QAAQ,GAAG,IAAI;AAC/C,CAAC,SAAS,CAAC,IAAI,CAAC;AAChB;;;;"}

package/build/server/chunks/{error.svelte-BhAtOJnJ.js → error.svelte-8jbbCpmR.js}

@@ -1,6 +1,6 @@
 import { p as escape_html } from './dev-DjANv7AF.js';
-import { p as page } from './state-CxWVaiQ-.js';
-import './internal-CGO6-n-l.js';
+import { p as page } from './state-CKV51p4g.js';
+import './internal-BJjTqjxK.js';
 import './utils-BSRjJDrZ.js';
 import 'node:module';
 import './chunk-CLZ62Ad-.js';
@@ -13,4 +13,4 @@ function Error($$renderer, $$props) {
 }
 
 export { Error as default };
-//# sourceMappingURL=error.svelte-BhAtOJnJ.js.map
+//# sourceMappingURL=error.svelte-8jbbCpmR.js.map

package/build/server/chunks/{error.svelte-BhAtOJnJ.js.map → error.svelte-8jbbCpmR.js.map}

@@ -1 +1 @@
-{"version":3,"file":"error.svelte-BhAtOJnJ.js","sources":["../../../.svelte-kit/adapter-node/entries/fallbacks/error.svelte.js"],"sourcesContent":["import { V as escape_html } from \"../../chunks/dev.js\";\nimport { t as page } from \"../../chunks/state.js\";\n//#region ../../node_modules/.bun/@sveltejs+kit@2.61.0+aeb06e9cf8e23ab6/node_modules/@sveltejs/kit/src/runtime/components/svelte-5/error.svelte\nfunction Error($$renderer, $$props) {\n\t$$renderer.component(($$renderer) => {\n\t\t$$renderer.push(`<h1>${escape_html(page.status)}</h1> <p>${escape_html(page.error?.message)}</p>`);\n\t});\n}\n//#endregion\nexport { Error as default };\n"],"names":[],"mappings":";;;;;;;AAEA;AACA,SAAS,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE;AACpC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,UAAU,KAAK;AACtC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC;AACpG,CAAC,CAAC,CAAC;AACH;;;;"}
+{"version":3,"file":"error.svelte-8jbbCpmR.js","sources":["../../../.svelte-kit/adapter-node/entries/fallbacks/error.svelte.js"],"sourcesContent":["import { V as escape_html } from \"../../chunks/dev.js\";\nimport { t as page } from \"../../chunks/state.js\";\n//#region ../../node_modules/.bun/@sveltejs+kit@2.61.0+aeb06e9cf8e23ab6/node_modules/@sveltejs/kit/src/runtime/components/svelte-5/error.svelte\nfunction Error($$renderer, $$props) {\n\t$$renderer.component(($$renderer) => {\n\t\t$$renderer.push(`<h1>${escape_html(page.status)}</h1> <p>${escape_html(page.error?.message)}</p>`);\n\t});\n}\n//#endregion\nexport { Error as default };\n"],"names":[],"mappings":";;;;;;;AAEA;AACA,SAAS,KAAK,CAAC,UAAU,EAAE,OAAO,EAAE;AACpC,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,UAAU,KAAK;AACtC,EAAE,UAAU,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,WAAW,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,SAAS,EAAE,WAAW,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,IAAI,CAAC,CAAC;AACpG,CAAC,CAAC,CAAC;AACH;;;;"}

package/build/server/chunks/{helpers-B8h4zchW.js → helpers-C1fMEpiP.js}

@@ -1,5 +1,5 @@
-import { a8 as readSecret, ak as resolveStackDir, z as createOpenCodeClient } from './src-BsgfqG_-.js';
-import { g as getActiveEndpoint } from './endpoints-kaPFORka.js';
+import { a8 as readSecret, ak as resolveStackDir, z as createOpenCodeClient } from './src-BWQ05CjI.js';
+import { g as getActiveEndpoint } from './endpoints-Dz6qhKXB.js';
 import { timingSafeEqual, createHash } from 'node:crypto';
 
 //#region src/lib/server/session-store.ts
@@ -223,4 +223,4 @@ function checkOriginHeader(request, port) {
 var UI_PORT = Number(process.env.PORT ?? 3880);
 
 export { UI_PORT as U, checkOriginHeader as a, createSession as b, checkHostHeader as c, getRequestId as d, errorResponse as e, getUiLoginPassword as f, getOpenCodeClient as g, jsonResponse as h, invalidateSession as i, jsonBodyError as j, parseJsonBody as p, requireAdmin as r, safeTokenCompare as s, withAdminBody as w };
-//# sourceMappingURL=helpers-B8h4zchW.js.map
+//# sourceMappingURL=helpers-C1fMEpiP.js.map

package/build/server/chunks/{helpers-B8h4zchW.js.map → helpers-C1fMEpiP.js.map}

@@ -1 +1 @@
-{"version":3,"file":"helpers-B8h4zchW.js","sources":["../../../.svelte-kit/adapter-node/chunks/helpers.js"],"sourcesContent":["import { $ as createOpenCodeClient, St as readSecret, jt as resolveStackDir } from \"./src.js\";\nimport { r as getActiveEndpoint } from \"./endpoints.js\";\nimport { createHash, timingSafeEqual } from \"node:crypto\";\n//#region src/lib/server/session-store.ts\n/**\n* In-memory session store for op_session cookies.\n*\n* Replaces the plaintext-password-as-cookie scheme: instead of storing the\n* operator's password in the cookie jar, `createSession()` mints a random\n* opaque token and maps it to an expiry timestamp. `requireAdmin` /\n* `validateSession` then check the token without touching the password.\n*\n* The store is module-level (process lifetime). Sessions are valid for 24 h\n* and are lazily pruned on access so the map does not grow unbounded.\n*/\nvar SESSION_TTL_MS = 864e5;\n/** token → absolute expiry timestamp (ms since epoch) */\nvar sessions = /* @__PURE__ */ new Map();\n/**\n* Mint a new session token, store it with a 24-hour TTL, and return it.\n* The caller is responsible for placing the token in the `op_session` cookie.\n*/\nfunction createSession() {\n\tconst token = crypto.randomUUID();\n\tsessions.set(token, Date.now() + SESSION_TTL_MS);\n\treturn token;\n}\n/**\n* Return true iff `token` is a known, non-expired session.\n* Expired entries are removed on access.\n*/\nfunction validateSession(token) {\n\tif (!token) return false;\n\tconst expiresAt = sessions.get(token);\n\tif (expiresAt === void 0) return false;\n\tif (Date.now() >= expiresAt) {\n\t\tsessions.delete(token);\n\t\treturn false;\n\t}\n\treturn true;\n}\n/**\n* Remove a session token from the store (used by logout).\n* Safe to call with an unknown token — it's a no-op.\n*/\nfunction invalidateSession(token) {\n\tsessions.delete(token);\n}\n//#endregion\n//#region src/lib/server/helpers.ts\n/**\n* Lazy OpenCode client bound to the currently active endpoint. The client is\n* recreated whenever the active endpoint URL changes so user switches in the\n* UI take effect on the next call.\n*/\nvar _openCodeClient;\nvar _openCodeClientUrl;\nfunction getOpenCodeClient() {\n\tconst { url } = getActiveEndpoint();\n\tif (!_openCodeClient || url !== _openCodeClientUrl) {\n\t\t_openCodeClient = createOpenCodeClient({ baseUrl: url });\n\t\t_openCodeClientUrl = url;\n\t}\n\treturn _openCodeClient;\n}\nfunction safeTokenCompare(a, b) {\n\tif (typeof a !== \"string\" || typeof b !== \"string\") return false;\n\tif (!a || !b) return false;\n\treturn timingSafeEqual(createHash(\"sha256\").update(a).digest(), createHash(\"sha256\").update(b).digest());\n}\n/** Standard JSON response with request ID header */\nfunction jsonResponse(status, body, requestId = \"\") {\n\treturn new Response(JSON.stringify(body), {\n\t\tstatus,\n\t\theaders: {\n\t\t\t\"content-type\": \"application/json\",\n\t\t\t...requestId ? { \"x-request-id\": requestId } : {}\n\t\t}\n\t});\n}\n/** Standard error envelope */\nfunction errorResponse(status, error, message, details = {}, requestId = \"\") {\n\treturn jsonResponse(status, {\n\t\terror,\n\t\tmessage,\n\t\tdetails,\n\t\trequestId\n\t}, requestId);\n}\n/** Extract or generate request ID */\nfunction getRequestId(event) {\n\treturn event.request.headers.get(\"x-request-id\") || crypto.randomUUID();\n}\n/**\n* Read the operator UI login password from the host environment or the\n* file-based stack secret.\n*\n* Phase 4 of the auth/proxy refactor collapsed\n* `ControlPlaneState.adminToken` (and the assistant token alongside it).\n* Runtime persistence lives in `knowledge/secrets/op_ui_login_password`.\n* `process.env.OP_UI_LOGIN_PASSWORD` is still accepted for tests and explicit\n* host-process overrides.\n*\n* Returns the empty string when the env var is unset — `requireNonEmptyUiLoginPassword()`\n* surfaces that case as a 503 so all authenticated routes fail loudly\n* rather than silently accepting any cookie.\n*/\nfunction getUiLoginPassword() {\n\tconst envValue = process.env.OP_UI_LOGIN_PASSWORD;\n\tif (envValue) return envValue;\n\treturn readSecret(resolveStackDir(), \"op_ui_login_password\")?.trimEnd() ?? \"\";\n}\n/**\n* Extract raw session token from the `op_session` cookie.\n*\n* Phase 2 of the auth/proxy refactor (docs/technical/auth-and-proxy-refactor-plan.md)\n* removed the legacy `x-admin-token` / `Authorization: Bearer` header fallbacks.\n* The cookie is HttpOnly + SameSite=Strict and is the ONLY credential the browser\n* holds; XSS cannot read it and out-of-process callers must obtain a session via\n* `POST /admin/auth/login` (or `/session`) and present the cookie on subsequent\n* requests.\n*/\nfunction extractToken(event) {\n\tconst match = (event.request.headers.get(\"cookie\") ?? \"\").match(/(?:^|;\\s*)op_session=([^;]+)/);\n\tif (match) return match[1];\n\treturn \"\";\n}\n/** Check admin auth — returns error Response or null if OK */\nfunction requireAdmin(event, requestId) {\n\tif (!getUiLoginPassword()) return errorResponse(503, \"admin_not_configured\", \"OP_UI_LOGIN_PASSWORD has not been set. Complete setup first.\", {}, requestId);\n\tif (!validateSession(extractToken(event))) return errorResponse(401, \"unauthorized\", \"Missing or invalid credentials\", {}, requestId);\n\treturn null;\n}\n/** Parse JSON body safely — returns discriminated result with error type */\nasync function parseJsonBody(request, maxBytes = 1048576) {\n\ttry {\n\t\tconst contentLength = request.headers.get(\"content-length\");\n\t\tif (contentLength && parseInt(contentLength, 10) > maxBytes) return { error: \"too_large\" };\n\t\treturn { data: await request.json() };\n\t} catch (e) {\n\t\tconsole.warn(\"[helpers] Failed to parse JSON request body\", e);\n\t\treturn { error: \"invalid_json\" };\n\t}\n}\n/** Convert a ParseJsonBodyError to an appropriate HTTP error response */\nfunction jsonBodyError(err, requestId) {\n\tif (err.error === \"too_large\") return errorResponse(413, \"too_large\", \"Request body too large\", {}, requestId);\n\treturn errorResponse(400, \"invalid_json\", \"Request body must be valid JSON\", {}, requestId);\n}\n/**\n* Auth + JSON body wrapper for admin POST/DELETE handlers.\n*\n* Replaces the 4-line boilerplate copy-pasted across 30+ routes:\n*   const requestId = getRequestId(event);\n*   const authError = requireAdmin(event, requestId);\n*   if (authError) return authError;\n*   const result = await parseJsonBody(event.request);\n*   if ('error' in result) return jsonBodyError(result, requestId);\n*\n* Use for routes that need both auth and a JSON body. For auth-only or\n* GET routes, call `requireAdmin` directly.\n*/\nasync function withAdminBody(event, handler) {\n\tconst requestId = getRequestId(event);\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst result = await parseJsonBody(event.request);\n\tif (\"error\" in result) return jsonBodyError(result, requestId);\n\treturn handler({\n\t\trequestId,\n\t\tbody: result.data\n\t});\n}\n/**\n* Reject requests whose Host header does not match localhost or 127.0.0.1\n* on the configured admin port.\n*\n* @param request  Incoming Request (or SvelteKit RequestEvent.request)\n* @param port     The port this server is bound to (e.g. 3880 or 8100)\n* @returns        A 400 Response if the host is rejected; null if allowed\n*/\nfunction checkHostHeader(request, port) {\n\tconst normalized = (request.headers.get(\"host\") ?? \"\").trim().replace(/\\.$/, \"\");\n\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(normalized)) return null;\n\treturn new Response(JSON.stringify({\n\t\terror: \"invalid_host\",\n\t\thost: normalized,\n\t\tmessage: \"Request rejected: Host header does not match allowed hosts. The admin UI binds to loopback (127.0.0.1) only; reach it via localhost or front it with a reverse proxy/tunnel for remote access.\"\n\t}), {\n\t\tstatus: 400,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\n/**\n* Reject POST/PUT/DELETE requests whose Origin header does not match\n* localhost or 127.0.0.1. Requests with no Origin (non-browser clients)\n* are always allowed.\n*\n* @param request  Incoming Request\n* @param port     The port this server is bound to\n* @returns        A 403 Response if the origin is rejected; null if allowed\n*/\nfunction checkOriginHeader(request, port) {\n\tconst method = request.method.toUpperCase();\n\tif (method === \"GET\" || method === \"HEAD\" || method === \"OPTIONS\") return null;\n\tconst origin = request.headers.get(\"origin\");\n\tif (!origin) return null;\n\ttry {\n\t\tconst u = new URL(origin);\n\t\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(u.host)) return null;\n\t} catch {}\n\treturn new Response(JSON.stringify({\n\t\terror: \"forbidden_origin\",\n\t\torigin\n\t}), {\n\t\tstatus: 403,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\nvar UI_PORT = Number(process.env.PORT ?? 3880);\n//#endregion\nexport { getOpenCodeClient as a, jsonBodyError as c, requireAdmin as d, safeTokenCompare as f, invalidateSession as h, errorResponse as i, jsonResponse as l, createSession as m, checkHostHeader as n, getRequestId as o, withAdminBody as p, checkOriginHeader as r, getUiLoginPassword as s, UI_PORT as t, parseJsonBody as u };\n"],"names":[],"mappings":";;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,KAAK;AAC1B;AACA,IAAI,QAAQ,mBAAmB,IAAI,GAAG,EAAE;AACxC;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE;AAClC,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;AACjD,CAAC,OAAO,KAAK;AACb;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,KAAK,EAAE;AAChC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,KAAK;AACzB,CAAC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;AACtC,CAAC,IAAI,SAAS,KAAK,MAAM,EAAE,OAAO,KAAK;AACvC,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,EAAE;AAC9B,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;AACxB,EAAE,OAAO,KAAK;AACd,CAAC;AACD,CAAC,OAAO,IAAI;AACZ;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,KAAK,EAAE;AAClC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe;AACnB,IAAI,kBAAkB;AACtB,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,iBAAiB,EAAE;AACpC,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,KAAK,kBAAkB,EAAE;AACrD,EAAE,eAAe,GAAG,oBAAoB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC1D,EAAE,kBAAkB,GAAG,GAAG;AAC1B,CAAC;AACD,CAAC,OAAO,eAAe;AACvB;AACA,SAAS,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE;AAChC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AACjE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,KAAK;AAC3B,CAAC,OAAO,eAAe,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzG;AACA;AACA,SAAS,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,EAAE,EAAE;AACpD,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;AAC3C,EAAE,MAAM;AACR,EAAE,OAAO,EAAE;AACX,GAAG,cAAc,EAAE,kBAAkB;AACrC,GAAG,GAAG,SAAS,GAAG,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG;AAClD;AACA,EAAE,CAAC;AACH;AACA;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,EAAE;AAC7E,CAAC,OAAO,YAAY,CAAC,MAAM,EAAE;AAC7B,EAAE,KAAK;AACP,EAAE,OAAO;AACT,EAAE,OAAO;AACT,EAAE;AACF,EAAE,EAAE,SAAS,CAAC;AACd;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AACxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,kBAAkB,GAAG;AAC9B,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;AAClD,CAAC,IAAI,QAAQ,EAAE,OAAO,QAAQ;AAC9B,CAAC,OAAO,UAAU,CAAC,eAAe,EAAE,EAAE,sBAAsB,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;AAC9E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,8BAA8B,CAAC;AAChG,CAAC,IAAI,KAAK,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC;AAC3B,CAAC,OAAO,EAAE;AACV;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE;AACxC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,sBAAsB,EAAE,8DAA8D,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5J,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,gCAAgC,EAAE,EAAE,EAAE,SAAS,CAAC;AACtI,CAAC,OAAO,IAAI;AACZ;AACA;AACA,eAAe,aAAa,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,EAAE;AAC1D,CAAC,IAAI;AACL,EAAE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAC7D,EAAE,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE;AAC5F,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE;AACvC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,CAAC,CAAC;AAChE,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE;AAClC,CAAC;AACD;AACA;AACA,SAAS,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE;AACvC,CAAC,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,wBAAwB,EAAE,EAAE,EAAE,SAAS,CAAC;AAC/G,CAAC,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,iCAAiC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7C,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC;AAClD,CAAC,IAAI,OAAO,IAAI,MAAM,EAAE,OAAO,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC;AAC/D,CAAC,OAAO,OAAO,CAAC;AAChB,EAAE,SAAS;AACX,EAAE,IAAI,EAAE,MAAM,CAAC;AACf,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE;AACxC,CAAC,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACjF,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,IAAI;AACjF,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,cAAc;AACvB,EAAE,IAAI,EAAE,UAAU;AAClB,EAAE,OAAO,EAAE;AACX,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE;AAC1C,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;AAC5C,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS,EAAE,OAAO,IAAI;AAC/E,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC7C,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,IAAI;AACL,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;AAC3B,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AAC9E,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,kBAAkB;AAC3B,EAAE;AACF,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACG,IAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI;;;;"}
+{"version":3,"file":"helpers-C1fMEpiP.js","sources":["../../../.svelte-kit/adapter-node/chunks/helpers.js"],"sourcesContent":["import { $ as createOpenCodeClient, St as readSecret, jt as resolveStackDir } from \"./src.js\";\nimport { r as getActiveEndpoint } from \"./endpoints.js\";\nimport { createHash, timingSafeEqual } from \"node:crypto\";\n//#region src/lib/server/session-store.ts\n/**\n* In-memory session store for op_session cookies.\n*\n* Replaces the plaintext-password-as-cookie scheme: instead of storing the\n* operator's password in the cookie jar, `createSession()` mints a random\n* opaque token and maps it to an expiry timestamp. `requireAdmin` /\n* `validateSession` then check the token without touching the password.\n*\n* The store is module-level (process lifetime). Sessions are valid for 24 h\n* and are lazily pruned on access so the map does not grow unbounded.\n*/\nvar SESSION_TTL_MS = 864e5;\n/** token → absolute expiry timestamp (ms since epoch) */\nvar sessions = /* @__PURE__ */ new Map();\n/**\n* Mint a new session token, store it with a 24-hour TTL, and return it.\n* The caller is responsible for placing the token in the `op_session` cookie.\n*/\nfunction createSession() {\n\tconst token = crypto.randomUUID();\n\tsessions.set(token, Date.now() + SESSION_TTL_MS);\n\treturn token;\n}\n/**\n* Return true iff `token` is a known, non-expired session.\n* Expired entries are removed on access.\n*/\nfunction validateSession(token) {\n\tif (!token) return false;\n\tconst expiresAt = sessions.get(token);\n\tif (expiresAt === void 0) return false;\n\tif (Date.now() >= expiresAt) {\n\t\tsessions.delete(token);\n\t\treturn false;\n\t}\n\treturn true;\n}\n/**\n* Remove a session token from the store (used by logout).\n* Safe to call with an unknown token — it's a no-op.\n*/\nfunction invalidateSession(token) {\n\tsessions.delete(token);\n}\n//#endregion\n//#region src/lib/server/helpers.ts\n/**\n* Lazy OpenCode client bound to the currently active endpoint. The client is\n* recreated whenever the active endpoint URL changes so user switches in the\n* UI take effect on the next call.\n*/\nvar _openCodeClient;\nvar _openCodeClientUrl;\nfunction getOpenCodeClient() {\n\tconst { url } = getActiveEndpoint();\n\tif (!_openCodeClient || url !== _openCodeClientUrl) {\n\t\t_openCodeClient = createOpenCodeClient({ baseUrl: url });\n\t\t_openCodeClientUrl = url;\n\t}\n\treturn _openCodeClient;\n}\nfunction safeTokenCompare(a, b) {\n\tif (typeof a !== \"string\" || typeof b !== \"string\") return false;\n\tif (!a || !b) return false;\n\treturn timingSafeEqual(createHash(\"sha256\").update(a).digest(), createHash(\"sha256\").update(b).digest());\n}\n/** Standard JSON response with request ID header */\nfunction jsonResponse(status, body, requestId = \"\") {\n\treturn new Response(JSON.stringify(body), {\n\t\tstatus,\n\t\theaders: {\n\t\t\t\"content-type\": \"application/json\",\n\t\t\t...requestId ? { \"x-request-id\": requestId } : {}\n\t\t}\n\t});\n}\n/** Standard error envelope */\nfunction errorResponse(status, error, message, details = {}, requestId = \"\") {\n\treturn jsonResponse(status, {\n\t\terror,\n\t\tmessage,\n\t\tdetails,\n\t\trequestId\n\t}, requestId);\n}\n/** Extract or generate request ID */\nfunction getRequestId(event) {\n\treturn event.request.headers.get(\"x-request-id\") || crypto.randomUUID();\n}\n/**\n* Read the operator UI login password from the host environment or the\n* file-based stack secret.\n*\n* Phase 4 of the auth/proxy refactor collapsed\n* `ControlPlaneState.adminToken` (and the assistant token alongside it).\n* Runtime persistence lives in `knowledge/secrets/op_ui_login_password`.\n* `process.env.OP_UI_LOGIN_PASSWORD` is still accepted for tests and explicit\n* host-process overrides.\n*\n* Returns the empty string when the env var is unset — `requireNonEmptyUiLoginPassword()`\n* surfaces that case as a 503 so all authenticated routes fail loudly\n* rather than silently accepting any cookie.\n*/\nfunction getUiLoginPassword() {\n\tconst envValue = process.env.OP_UI_LOGIN_PASSWORD;\n\tif (envValue) return envValue;\n\treturn readSecret(resolveStackDir(), \"op_ui_login_password\")?.trimEnd() ?? \"\";\n}\n/**\n* Extract raw session token from the `op_session` cookie.\n*\n* Phase 2 of the auth/proxy refactor (docs/technical/auth-and-proxy-refactor-plan.md)\n* removed the legacy `x-admin-token` / `Authorization: Bearer` header fallbacks.\n* The cookie is HttpOnly + SameSite=Strict and is the ONLY credential the browser\n* holds; XSS cannot read it and out-of-process callers must obtain a session via\n* `POST /admin/auth/login` (or `/session`) and present the cookie on subsequent\n* requests.\n*/\nfunction extractToken(event) {\n\tconst match = (event.request.headers.get(\"cookie\") ?? \"\").match(/(?:^|;\\s*)op_session=([^;]+)/);\n\tif (match) return match[1];\n\treturn \"\";\n}\n/** Check admin auth — returns error Response or null if OK */\nfunction requireAdmin(event, requestId) {\n\tif (!getUiLoginPassword()) return errorResponse(503, \"admin_not_configured\", \"OP_UI_LOGIN_PASSWORD has not been set. Complete setup first.\", {}, requestId);\n\tif (!validateSession(extractToken(event))) return errorResponse(401, \"unauthorized\", \"Missing or invalid credentials\", {}, requestId);\n\treturn null;\n}\n/** Parse JSON body safely — returns discriminated result with error type */\nasync function parseJsonBody(request, maxBytes = 1048576) {\n\ttry {\n\t\tconst contentLength = request.headers.get(\"content-length\");\n\t\tif (contentLength && parseInt(contentLength, 10) > maxBytes) return { error: \"too_large\" };\n\t\treturn { data: await request.json() };\n\t} catch (e) {\n\t\tconsole.warn(\"[helpers] Failed to parse JSON request body\", e);\n\t\treturn { error: \"invalid_json\" };\n\t}\n}\n/** Convert a ParseJsonBodyError to an appropriate HTTP error response */\nfunction jsonBodyError(err, requestId) {\n\tif (err.error === \"too_large\") return errorResponse(413, \"too_large\", \"Request body too large\", {}, requestId);\n\treturn errorResponse(400, \"invalid_json\", \"Request body must be valid JSON\", {}, requestId);\n}\n/**\n* Auth + JSON body wrapper for admin POST/DELETE handlers.\n*\n* Replaces the 4-line boilerplate copy-pasted across 30+ routes:\n*   const requestId = getRequestId(event);\n*   const authError = requireAdmin(event, requestId);\n*   if (authError) return authError;\n*   const result = await parseJsonBody(event.request);\n*   if ('error' in result) return jsonBodyError(result, requestId);\n*\n* Use for routes that need both auth and a JSON body. For auth-only or\n* GET routes, call `requireAdmin` directly.\n*/\nasync function withAdminBody(event, handler) {\n\tconst requestId = getRequestId(event);\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst authError = requireAdmin(event, requestId);\n\tif (authError) return authError;\n\tconst result = await parseJsonBody(event.request);\n\tif (\"error\" in result) return jsonBodyError(result, requestId);\n\treturn handler({\n\t\trequestId,\n\t\tbody: result.data\n\t});\n}\n/**\n* Reject requests whose Host header does not match localhost or 127.0.0.1\n* on the configured admin port.\n*\n* @param request  Incoming Request (or SvelteKit RequestEvent.request)\n* @param port     The port this server is bound to (e.g. 3880 or 8100)\n* @returns        A 400 Response if the host is rejected; null if allowed\n*/\nfunction checkHostHeader(request, port) {\n\tconst normalized = (request.headers.get(\"host\") ?? \"\").trim().replace(/\\.$/, \"\");\n\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(normalized)) return null;\n\treturn new Response(JSON.stringify({\n\t\terror: \"invalid_host\",\n\t\thost: normalized,\n\t\tmessage: \"Request rejected: Host header does not match allowed hosts. The admin UI binds to loopback (127.0.0.1) only; reach it via localhost or front it with a reverse proxy/tunnel for remote access.\"\n\t}), {\n\t\tstatus: 400,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\n/**\n* Reject POST/PUT/DELETE requests whose Origin header does not match\n* localhost or 127.0.0.1. Requests with no Origin (non-browser clients)\n* are always allowed.\n*\n* @param request  Incoming Request\n* @param port     The port this server is bound to\n* @returns        A 403 Response if the origin is rejected; null if allowed\n*/\nfunction checkOriginHeader(request, port) {\n\tconst method = request.method.toUpperCase();\n\tif (method === \"GET\" || method === \"HEAD\" || method === \"OPTIONS\") return null;\n\tconst origin = request.headers.get(\"origin\");\n\tif (!origin) return null;\n\ttry {\n\t\tconst u = new URL(origin);\n\t\tif ([`localhost:${port}`, `127.0.0.1:${port}`].includes(u.host)) return null;\n\t} catch {}\n\treturn new Response(JSON.stringify({\n\t\terror: \"forbidden_origin\",\n\t\torigin\n\t}), {\n\t\tstatus: 403,\n\t\theaders: { \"content-type\": \"application/json\" }\n\t});\n}\nvar UI_PORT = Number(process.env.PORT ?? 3880);\n//#endregion\nexport { getOpenCodeClient as a, jsonBodyError as c, requireAdmin as d, safeTokenCompare as f, invalidateSession as h, errorResponse as i, jsonResponse as l, createSession as m, checkHostHeader as n, getRequestId as o, withAdminBody as p, checkOriginHeader as r, getUiLoginPassword as s, UI_PORT as t, parseJsonBody as u };\n"],"names":[],"mappings":";;;;AAGA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,cAAc,GAAG,KAAK;AAC1B;AACA,IAAI,QAAQ,mBAAmB,IAAI,GAAG,EAAE;AACxC;AACA;AACA;AACA;AACA,SAAS,aAAa,GAAG;AACzB,CAAC,MAAM,KAAK,GAAG,MAAM,CAAC,UAAU,EAAE;AAClC,CAAC,QAAQ,CAAC,GAAG,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,cAAc,CAAC;AACjD,CAAC,OAAO,KAAK;AACb;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,KAAK,EAAE;AAChC,CAAC,IAAI,CAAC,KAAK,EAAE,OAAO,KAAK;AACzB,CAAC,MAAM,SAAS,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC;AACtC,CAAC,IAAI,SAAS,KAAK,MAAM,EAAE,OAAO,KAAK;AACvC,CAAC,IAAI,IAAI,CAAC,GAAG,EAAE,IAAI,SAAS,EAAE;AAC9B,EAAE,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;AACxB,EAAE,OAAO,KAAK;AACd,CAAC;AACD,CAAC,OAAO,IAAI;AACZ;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,KAAK,EAAE;AAClC,CAAC,QAAQ,CAAC,MAAM,CAAC,KAAK,CAAC;AACvB;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,IAAI,eAAe;AACnB,IAAI,kBAAkB;AACtB,SAAS,iBAAiB,GAAG;AAC7B,CAAC,MAAM,EAAE,GAAG,EAAE,GAAG,iBAAiB,EAAE;AACpC,CAAC,IAAI,CAAC,eAAe,IAAI,GAAG,KAAK,kBAAkB,EAAE;AACrD,EAAE,eAAe,GAAG,oBAAoB,CAAC,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC;AAC1D,EAAE,kBAAkB,GAAG,GAAG;AAC1B,CAAC;AACD,CAAC,OAAO,eAAe;AACvB;AACA,SAAS,gBAAgB,CAAC,CAAC,EAAE,CAAC,EAAE;AAChC,CAAC,IAAI,OAAO,CAAC,KAAK,QAAQ,IAAI,OAAO,CAAC,KAAK,QAAQ,EAAE,OAAO,KAAK;AACjE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC,EAAE,OAAO,KAAK;AAC3B,CAAC,OAAO,eAAe,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;AACzG;AACA;AACA,SAAS,YAAY,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,GAAG,EAAE,EAAE;AACpD,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,EAAE;AAC3C,EAAE,MAAM;AACR,EAAE,OAAO,EAAE;AACX,GAAG,cAAc,EAAE,kBAAkB;AACrC,GAAG,GAAG,SAAS,GAAG,EAAE,cAAc,EAAE,SAAS,EAAE,GAAG;AAClD;AACA,EAAE,CAAC;AACH;AACA;AACA,SAAS,aAAa,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,OAAO,GAAG,EAAE,EAAE,SAAS,GAAG,EAAE,EAAE;AAC7E,CAAC,OAAO,YAAY,CAAC,MAAM,EAAE;AAC7B,EAAE,KAAK;AACP,EAAE,OAAO;AACT,EAAE,OAAO;AACT,EAAE;AACF,EAAE,EAAE,SAAS,CAAC;AACd;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,OAAO,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,MAAM,CAAC,UAAU,EAAE;AACxE;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,kBAAkB,GAAG;AAC9B,CAAC,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB;AAClD,CAAC,IAAI,QAAQ,EAAE,OAAO,QAAQ;AAC9B,CAAC,OAAO,UAAU,CAAC,eAAe,EAAE,EAAE,sBAAsB,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE;AAC9E;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE;AAC7B,CAAC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,KAAK,CAAC,8BAA8B,CAAC;AAChG,CAAC,IAAI,KAAK,EAAE,OAAO,KAAK,CAAC,CAAC,CAAC;AAC3B,CAAC,OAAO,EAAE;AACV;AACA;AACA,SAAS,YAAY,CAAC,KAAK,EAAE,SAAS,EAAE;AACxC,CAAC,IAAI,CAAC,kBAAkB,EAAE,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,sBAAsB,EAAE,8DAA8D,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5J,CAAC,IAAI,CAAC,eAAe,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,gCAAgC,EAAE,EAAE,EAAE,SAAS,CAAC;AACtI,CAAC,OAAO,IAAI;AACZ;AACA;AACA,eAAe,aAAa,CAAC,OAAO,EAAE,QAAQ,GAAG,OAAO,EAAE;AAC1D,CAAC,IAAI;AACL,EAAE,MAAM,aAAa,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;AAC7D,EAAE,IAAI,aAAa,IAAI,QAAQ,CAAC,aAAa,EAAE,EAAE,CAAC,GAAG,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,WAAW,EAAE;AAC5F,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,OAAO,CAAC,IAAI,EAAE,EAAE;AACvC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE;AACb,EAAE,OAAO,CAAC,IAAI,CAAC,6CAA6C,EAAE,CAAC,CAAC;AAChE,EAAE,OAAO,EAAE,KAAK,EAAE,cAAc,EAAE;AAClC,CAAC;AACD;AACA;AACA,SAAS,aAAa,CAAC,GAAG,EAAE,SAAS,EAAE;AACvC,CAAC,IAAI,GAAG,CAAC,KAAK,KAAK,WAAW,EAAE,OAAO,aAAa,CAAC,GAAG,EAAE,WAAW,EAAE,wBAAwB,EAAE,EAAE,EAAE,SAAS,CAAC;AAC/G,CAAC,OAAO,aAAa,CAAC,GAAG,EAAE,cAAc,EAAE,iCAAiC,EAAE,EAAE,EAAE,SAAS,CAAC;AAC5F;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,KAAK,EAAE,OAAO,EAAE;AAC7C,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,CAAC;AACtC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,SAAS,GAAG,YAAY,CAAC,KAAK,EAAE,SAAS,CAAC;AACjD,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,MAAM,GAAG,MAAM,aAAa,CAAC,KAAK,CAAC,OAAO,CAAC;AAClD,CAAC,IAAI,OAAO,IAAI,MAAM,EAAE,OAAO,aAAa,CAAC,MAAM,EAAE,SAAS,CAAC;AAC/D,CAAC,OAAO,OAAO,CAAC;AAChB,EAAE,SAAS;AACX,EAAE,IAAI,EAAE,MAAM,CAAC;AACf,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,eAAe,CAAC,OAAO,EAAE,IAAI,EAAE;AACxC,CAAC,MAAM,UAAU,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,IAAI,EAAE,EAAE,IAAI,EAAE,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC;AACjF,CAAC,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE,OAAO,IAAI;AACjF,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,cAAc;AACvB,EAAE,IAAI,EAAE,UAAU;AAClB,EAAE,OAAO,EAAE;AACX,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,SAAS,iBAAiB,CAAC,OAAO,EAAE,IAAI,EAAE;AAC1C,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,WAAW,EAAE;AAC5C,CAAC,IAAI,MAAM,KAAK,KAAK,IAAI,MAAM,KAAK,MAAM,IAAI,MAAM,KAAK,SAAS,EAAE,OAAO,IAAI;AAC/E,CAAC,MAAM,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;AAC7C,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,IAAI;AACzB,CAAC,IAAI;AACL,EAAE,MAAM,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,CAAC;AAC3B,EAAE,IAAI,CAAC,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,EAAE,CAAC,UAAU,EAAE,IAAI,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,IAAI;AAC9E,CAAC,CAAC,CAAC,MAAM,CAAC;AACV,CAAC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACpC,EAAE,KAAK,EAAE,kBAAkB;AAC3B,EAAE;AACF,EAAE,CAAC,EAAE;AACL,EAAE,MAAM,EAAE,GAAG;AACb,EAAE,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAC/C,EAAE,CAAC;AACH;AACG,IAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,IAAI,IAAI,IAAI;;;;"}

package/build/server/chunks/{hooks.server-DERyGNuF.js → hooks.server-C6uX-Qkd.js}

@@ -1,7 +1,7 @@
 import { r as redirect } from './exports-D1quPX8S.js';
-import { _ as isSetupComplete, ak as resolveStackDir, J as ensureHomeDirs, M as ensureSecrets, ab as readStackRuntimeEnv, K as ensureOpenCodeConfig, L as ensureOpenCodeSystemConfig, aj as resolveRuntimeFiles, ar as writeRuntimeFiles, y as createLogger } from './src-BsgfqG_-.js';
-import { b as getState } from './endpoints-kaPFORka.js';
-import { c as checkHostHeader, a as checkOriginHeader, U as UI_PORT } from './helpers-B8h4zchW.js';
+import { _ as isSetupComplete, ak as resolveStackDir, J as ensureHomeDirs, M as ensureSecrets, ab as readStackRuntimeEnv, K as ensureOpenCodeConfig, L as ensureOpenCodeSystemConfig, aj as resolveRuntimeFiles, ar as writeRuntimeFiles, y as createLogger } from './src-BWQ05CjI.js';
+import { b as getState } from './endpoints-Dz6qhKXB.js';
+import { c as checkHostHeader, a as checkOriginHeader, U as UI_PORT } from './helpers-C1fMEpiP.js';
 import './utils-BSRjJDrZ.js';
 import './chunk-CLZ62Ad-.js';
 import 'node:module';
@@ -79,4 +79,4 @@ var handle = async ({ event, resolve }) => {
 };
 
 export { handle };
-//# sourceMappingURL=hooks.server-DERyGNuF.js.map
+//# sourceMappingURL=hooks.server-C6uX-Qkd.js.map

package/build/server/chunks/{hooks.server-DERyGNuF.js.map → hooks.server-C6uX-Qkd.js.map}

@@ -1 +1 @@
-{"version":3,"file":"hooks.server-DERyGNuF.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { i as redirect } from \"../chunks/exports.js\";\nimport { J as isSetupComplete, Nt as createLogger, _t as readStackRuntimeEnv, dt as resolveRuntimeFiles, ft as writeRuntimeFiles, ht as ensureSecrets, jt as resolveStackDir, kt as ensureHomeDirs, mt as ensureOpenCodeConfig, pt as ensureOpenCodeSystemConfig } from \"../chunks/src.js\";\nimport { c as getState } from \"../chunks/endpoints.js\";\nimport { n as checkHostHeader, r as checkOriginHeader, t as UI_PORT } from \"../chunks/helpers.js\";\n//#region src/hooks.server.ts\nvar logger = createLogger(\"admin\");\nvar startupApplyDone = false;\nfunction runStartupApply() {\n\tif (startupApplyDone) return;\n\tstartupApplyDone = true;\n\ttry {\n\t\tensureHomeDirs();\n\t\tconst state = getState();\n\t\tensureSecrets(state);\n\t\tconst stackVars = readStackRuntimeEnv(state.stackDir);\n\t\tfor (const [k, v] of Object.entries(stackVars)) if (v && !process.env[k]) process.env[k] = v;\n\t\tensureOpenCodeConfig();\n\t\tensureOpenCodeSystemConfig();\n\t\tstate.artifacts = resolveRuntimeFiles();\n\t\twriteRuntimeFiles(state);\n\t\tlogger.info(\"startup auto-apply completed successfully\", { artifactMeta: state.artifactMeta });\n\t} catch (err) {\n\t\tlogger.error(\"startup auto-apply failed\", { error: String(err) });\n\t}\n}\nrunStartupApply();\nvar SETUP_PATHS = [\n\t\"/setup\",\n\t\"/api/setup\",\n\t\"/health\",\n\t\"/guardian/health\"\n];\nfunction isLocalhostAddress(ip) {\n\treturn ip === \"127.0.0.1\" || ip === \"::1\" || ip === \"::ffff:127.0.0.1\";\n}\nvar handle = async ({ event, resolve }) => {\n\tconst hostError = checkHostHeader(event.request, UI_PORT);\n\tif (hostError) return hostError;\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst path = event.url.pathname;\n\tconst isSetupPath = SETUP_PATHS.some((p) => path === p || path.startsWith(p + \"/\"));\n\tif (isSetupPath && !isSetupComplete(resolveStackDir())) {\n\t\tif (!isLocalhostAddress(event.getClientAddress())) return new Response(JSON.stringify({\n\t\t\terror: \"setup_localhost_only\",\n\t\t\tmessage: \"Setup is only accessible from the host machine until installation is complete.\"\n\t\t}), {\n\t\t\tstatus: 403,\n\t\t\theaders: { \"content-type\": \"application/json\" }\n\t\t});\n\t}\n\tif (!isSetupPath && !isSetupComplete(resolveStackDir())) redirect(302, \"/setup\");\n\tconst response = await resolve(event);\n\tresponse.headers.set(\"X-Frame-Options\", \"DENY\");\n\tresponse.headers.set(\"X-Content-Type-Options\", \"nosniff\");\n\tresponse.headers.set(\"Referrer-Policy\", \"no-referrer\");\n\treturn response;\n};\n//#endregion\nexport { handle };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAIA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;AAClC,IAAI,gBAAgB,GAAG,KAAK;AAC5B,SAAS,eAAe,GAAG;AAC3B,CAAC,IAAI,gBAAgB,EAAE;AACvB,CAAC,gBAAgB,GAAG,IAAI;AACxB,CAAC,IAAI;AACL,EAAE,cAAc,EAAE;AAClB,EAAE,MAAM,KAAK,GAAG,QAAQ,EAAE;AAC1B,EAAE,aAAa,CAAC,KAAK,CAAC;AACtB,EAAE,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC;AACvD,EAAE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC9F,EAAE,oBAAoB,EAAE;AACxB,EAAE,0BAA0B,EAAE;AAC9B,EAAE,KAAK,CAAC,SAAS,GAAG,mBAAmB,EAAE;AACzC,EAAE,iBAAiB,CAAC,KAAK,CAAC;AAC1B,EAAE,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;AAChG,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE;AACf,EAAE,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;AACnE,CAAC;AACD;AACA,eAAe,EAAE;AACjB,IAAI,WAAW,GAAG;AAClB,CAAC,QAAQ;AACT,CAAC,YAAY;AACb,CAAC,SAAS;AACV,CAAC;AACD,CAAC;AACD,SAAS,kBAAkB,CAAC,EAAE,EAAE;AAChC,CAAC,OAAO,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,kBAAkB;AACvE;AACG,IAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC3C,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC1D,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ;AAChC,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AACpF,CAAC,IAAI,WAAW,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,CAAC,EAAE;AACzD,EAAE,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,EAAE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACxF,GAAG,KAAK,EAAE,sBAAsB;AAChC,GAAG,OAAO,EAAE;AACZ,GAAG,CAAC,EAAE;AACN,GAAG,MAAM,EAAE,GAAG;AACd,GAAG,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAChD,GAAG,CAAC;AACJ,CAAC;AACD,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC;AACjF,CAAC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACtC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC;AAChD,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC;AAC1D,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC;AACvD,CAAC,OAAO,QAAQ;AAChB;;;;"}
+{"version":3,"file":"hooks.server-C6uX-Qkd.js","sources":["../../../.svelte-kit/adapter-node/entries/hooks.server.js"],"sourcesContent":["import { i as redirect } from \"../chunks/exports.js\";\nimport { J as isSetupComplete, Nt as createLogger, _t as readStackRuntimeEnv, dt as resolveRuntimeFiles, ft as writeRuntimeFiles, ht as ensureSecrets, jt as resolveStackDir, kt as ensureHomeDirs, mt as ensureOpenCodeConfig, pt as ensureOpenCodeSystemConfig } from \"../chunks/src.js\";\nimport { c as getState } from \"../chunks/endpoints.js\";\nimport { n as checkHostHeader, r as checkOriginHeader, t as UI_PORT } from \"../chunks/helpers.js\";\n//#region src/hooks.server.ts\nvar logger = createLogger(\"admin\");\nvar startupApplyDone = false;\nfunction runStartupApply() {\n\tif (startupApplyDone) return;\n\tstartupApplyDone = true;\n\ttry {\n\t\tensureHomeDirs();\n\t\tconst state = getState();\n\t\tensureSecrets(state);\n\t\tconst stackVars = readStackRuntimeEnv(state.stackDir);\n\t\tfor (const [k, v] of Object.entries(stackVars)) if (v && !process.env[k]) process.env[k] = v;\n\t\tensureOpenCodeConfig();\n\t\tensureOpenCodeSystemConfig();\n\t\tstate.artifacts = resolveRuntimeFiles();\n\t\twriteRuntimeFiles(state);\n\t\tlogger.info(\"startup auto-apply completed successfully\", { artifactMeta: state.artifactMeta });\n\t} catch (err) {\n\t\tlogger.error(\"startup auto-apply failed\", { error: String(err) });\n\t}\n}\nrunStartupApply();\nvar SETUP_PATHS = [\n\t\"/setup\",\n\t\"/api/setup\",\n\t\"/health\",\n\t\"/guardian/health\"\n];\nfunction isLocalhostAddress(ip) {\n\treturn ip === \"127.0.0.1\" || ip === \"::1\" || ip === \"::ffff:127.0.0.1\";\n}\nvar handle = async ({ event, resolve }) => {\n\tconst hostError = checkHostHeader(event.request, UI_PORT);\n\tif (hostError) return hostError;\n\tconst originError = checkOriginHeader(event.request, UI_PORT);\n\tif (originError) return originError;\n\tconst path = event.url.pathname;\n\tconst isSetupPath = SETUP_PATHS.some((p) => path === p || path.startsWith(p + \"/\"));\n\tif (isSetupPath && !isSetupComplete(resolveStackDir())) {\n\t\tif (!isLocalhostAddress(event.getClientAddress())) return new Response(JSON.stringify({\n\t\t\terror: \"setup_localhost_only\",\n\t\t\tmessage: \"Setup is only accessible from the host machine until installation is complete.\"\n\t\t}), {\n\t\t\tstatus: 403,\n\t\t\theaders: { \"content-type\": \"application/json\" }\n\t\t});\n\t}\n\tif (!isSetupPath && !isSetupComplete(resolveStackDir())) redirect(302, \"/setup\");\n\tconst response = await resolve(event);\n\tresponse.headers.set(\"X-Frame-Options\", \"DENY\");\n\tresponse.headers.set(\"X-Content-Type-Options\", \"nosniff\");\n\tresponse.headers.set(\"Referrer-Policy\", \"no-referrer\");\n\treturn response;\n};\n//#endregion\nexport { handle };\n"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAIA;AACA,IAAI,MAAM,GAAG,YAAY,CAAC,OAAO,CAAC;AAClC,IAAI,gBAAgB,GAAG,KAAK;AAC5B,SAAS,eAAe,GAAG;AAC3B,CAAC,IAAI,gBAAgB,EAAE;AACvB,CAAC,gBAAgB,GAAG,IAAI;AACxB,CAAC,IAAI;AACL,EAAE,cAAc,EAAE;AAClB,EAAE,MAAM,KAAK,GAAG,QAAQ,EAAE;AAC1B,EAAE,aAAa,CAAC,KAAK,CAAC;AACtB,EAAE,MAAM,SAAS,GAAG,mBAAmB,CAAC,KAAK,CAAC,QAAQ,CAAC;AACvD,EAAE,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC;AAC9F,EAAE,oBAAoB,EAAE;AACxB,EAAE,0BAA0B,EAAE;AAC9B,EAAE,KAAK,CAAC,SAAS,GAAG,mBAAmB,EAAE;AACzC,EAAE,iBAAiB,CAAC,KAAK,CAAC;AAC1B,EAAE,MAAM,CAAC,IAAI,CAAC,2CAA2C,EAAE,EAAE,YAAY,EAAE,KAAK,CAAC,YAAY,EAAE,CAAC;AAChG,CAAC,CAAC,CAAC,OAAO,GAAG,EAAE;AACf,EAAE,MAAM,CAAC,KAAK,CAAC,2BAA2B,EAAE,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC;AACnE,CAAC;AACD;AACA,eAAe,EAAE;AACjB,IAAI,WAAW,GAAG;AAClB,CAAC,QAAQ;AACT,CAAC,YAAY;AACb,CAAC,SAAS;AACV,CAAC;AACD,CAAC;AACD,SAAS,kBAAkB,CAAC,EAAE,EAAE;AAChC,CAAC,OAAO,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,kBAAkB;AACvE;AACG,IAAC,MAAM,GAAG,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK;AAC3C,CAAC,MAAM,SAAS,GAAG,eAAe,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC1D,CAAC,IAAI,SAAS,EAAE,OAAO,SAAS;AAChC,CAAC,MAAM,WAAW,GAAG,iBAAiB,CAAC,KAAK,CAAC,OAAO,EAAE,OAAO,CAAC;AAC9D,CAAC,IAAI,WAAW,EAAE,OAAO,WAAW;AACpC,CAAC,MAAM,IAAI,GAAG,KAAK,CAAC,GAAG,CAAC,QAAQ;AAChC,CAAC,MAAM,WAAW,GAAG,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC;AACpF,CAAC,IAAI,WAAW,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,CAAC,EAAE;AACzD,EAAE,IAAI,CAAC,kBAAkB,CAAC,KAAK,CAAC,gBAAgB,EAAE,CAAC,EAAE,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC;AACxF,GAAG,KAAK,EAAE,sBAAsB;AAChC,GAAG,OAAO,EAAE;AACZ,GAAG,CAAC,EAAE;AACN,GAAG,MAAM,EAAE,GAAG;AACd,GAAG,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB;AAChD,GAAG,CAAC;AACJ,CAAC;AACD,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,eAAe,CAAC,eAAe,EAAE,CAAC,EAAE,QAAQ,CAAC,GAAG,EAAE,QAAQ,CAAC;AACjF,CAAC,MAAM,QAAQ,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC;AACtC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,MAAM,CAAC;AAChD,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,EAAE,SAAS,CAAC;AAC1D,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,aAAa,CAAC;AACvD,CAAC,OAAO,QAAQ;AAChB;;;;"}

package/build/server/chunks/{http-8UL6GfDM.js → http-CmL_uneS.js}

@@ -1,4 +1,4 @@
-import { g as getActiveEndpoint } from './endpoints-kaPFORka.js';
+import { g as getActiveEndpoint } from './endpoints-Dz6qhKXB.js';
 
 //#region src/lib/server/opencode/http.ts
 /**
@@ -28,4 +28,4 @@ async function opencodeFetch(path, init) {
 }
 
 export { opencodeFetch as o };
-//# sourceMappingURL=http-8UL6GfDM.js.map
+//# sourceMappingURL=http-CmL_uneS.js.map

package/build/server/chunks/{http-8UL6GfDM.js.map → http-CmL_uneS.js.map}

@@ -1 +1 @@
-{"version":3,"file":"http-8UL6GfDM.js","sources":["../../../.svelte-kit/adapter-node/chunks/http.js"],"sourcesContent":["import { r as getActiveEndpoint } from \"./endpoints.js\";\n//#region src/lib/server/opencode/http.ts\n/**\n* HTTP transport for talking to the active OpenCode endpoint.\n*\n* Used by sibling modules (`config.ts`, `catalog.ts`) — not part of the\n* public API of `$lib/server/opencode`. Reads the active endpoint per-call\n* so user switches in the UI take effect immediately.\n*/\nasync function opencodeFetch(path, init) {\n\tconst endpoint = getActiveEndpoint();\n\tconst headers = {\n\t\t\"content-type\": \"application/json\",\n\t\t...init?.headers\n\t};\n\tif (endpoint.password) {\n\t\tconst user = endpoint.username || \"openpalm\";\n\t\theaders[\"authorization\"] = `Basic ${btoa(`${user}:${endpoint.password}`)}`;\n\t}\n\tconst response = await fetch(`${endpoint.url}${path}`, {\n\t\t...init,\n\t\theaders\n\t});\n\tif (!response.ok) throw new Error(`${init?.method ?? \"GET\"} ${path} failed with ${response.status}`);\n\tif (response.status === 204) return;\n\treturn await response.json();\n}\n//#endregion\nexport { opencodeFetch as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE;AACzC,CAAC,MAAM,QAAQ,GAAG,iBAAiB,EAAE;AACrC,CAAC,MAAM,OAAO,GAAG;AACjB,EAAE,cAAc,EAAE,kBAAkB;AACpC,EAAE,GAAG,IAAI,EAAE;AACX,EAAE;AACF,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE;AACxB,EAAE,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,IAAI,UAAU;AAC9C,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE;AACxD,EAAE,GAAG,IAAI;AACT,EAAE;AACF,EAAE,CAAC;AACH,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AACrG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AAC9B,CAAC,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC7B;;;;"}
+{"version":3,"file":"http-CmL_uneS.js","sources":["../../../.svelte-kit/adapter-node/chunks/http.js"],"sourcesContent":["import { r as getActiveEndpoint } from \"./endpoints.js\";\n//#region src/lib/server/opencode/http.ts\n/**\n* HTTP transport for talking to the active OpenCode endpoint.\n*\n* Used by sibling modules (`config.ts`, `catalog.ts`) — not part of the\n* public API of `$lib/server/opencode`. Reads the active endpoint per-call\n* so user switches in the UI take effect immediately.\n*/\nasync function opencodeFetch(path, init) {\n\tconst endpoint = getActiveEndpoint();\n\tconst headers = {\n\t\t\"content-type\": \"application/json\",\n\t\t...init?.headers\n\t};\n\tif (endpoint.password) {\n\t\tconst user = endpoint.username || \"openpalm\";\n\t\theaders[\"authorization\"] = `Basic ${btoa(`${user}:${endpoint.password}`)}`;\n\t}\n\tconst response = await fetch(`${endpoint.url}${path}`, {\n\t\t...init,\n\t\theaders\n\t});\n\tif (!response.ok) throw new Error(`${init?.method ?? \"GET\"} ${path} failed with ${response.status}`);\n\tif (response.status === 204) return;\n\treturn await response.json();\n}\n//#endregion\nexport { opencodeFetch as t };\n"],"names":[],"mappings":";;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA;AACA,eAAe,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE;AACzC,CAAC,MAAM,QAAQ,GAAG,iBAAiB,EAAE;AACrC,CAAC,MAAM,OAAO,GAAG;AACjB,EAAE,cAAc,EAAE,kBAAkB;AACpC,EAAE,GAAG,IAAI,EAAE;AACX,EAAE;AACF,CAAC,IAAI,QAAQ,CAAC,QAAQ,EAAE;AACxB,EAAE,MAAM,IAAI,GAAG,QAAQ,CAAC,QAAQ,IAAI,UAAU;AAC9C,EAAE,OAAO,CAAC,eAAe,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,CAAC;AAC5E,CAAC;AACD,CAAC,MAAM,QAAQ,GAAG,MAAM,KAAK,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG,CAAC,EAAE,IAAI,CAAC,CAAC,EAAE;AACxD,EAAE,GAAG,IAAI;AACT,EAAE;AACF,EAAE,CAAC;AACH,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,EAAE,MAAM,IAAI,KAAK,CAAC,CAAC,EAAE,IAAI,CAAC,aAAa,EAAE,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AACrG,CAAC,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE;AAC9B,CAAC,OAAO,MAAM,QAAQ,CAAC,IAAI,EAAE;AAC7B;;;;"}

package/build/server/chunks/{internal-CGO6-n-l.js → internal-BJjTqjxK.js}

@@ -1518,7 +1518,7 @@ var options = {
 		app: ({ head, body, assets, nonce, env }) => "<!doctype html>\n<html lang=\"en\">\n  <head>\n    <meta charset=\"utf-8\" />\n    <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\" />\n    <meta name=\"theme-color\" content=\"#ffffff\" />\n    <meta name=\"color-scheme\" content=\"light\" />\n    <script>\n      (() => {\n        const storageKey = 'openpalm.theme';\n        const darkThemeColor = '#161c22';\n        const lightThemeColor = '#f9fafb';\n\n        try {\n          const stored = window.localStorage.getItem(storageKey);\n          const preference = stored === 'light' || stored === 'dark' || stored === 'system' ? stored : 'system';\n          const resolved = preference === 'system'\n            ? (window.matchMedia && window.matchMedia('(prefers-color-scheme: dark)').matches ? 'dark' : 'light')\n            : preference;\n          const root = document.documentElement;\n          root.setAttribute('data-theme', resolved);\n          root.style.colorScheme = resolved;\n\n          const themeColorMeta = document.querySelector('meta[name=\"theme-color\"]');\n          if (themeColorMeta) {\n            themeColorMeta.setAttribute('content', resolved === 'dark' ? darkThemeColor : lightThemeColor);\n          }\n\n          const colorSchemeMeta = document.querySelector('meta[name=\"color-scheme\"]');\n          if (colorSchemeMeta) {\n            colorSchemeMeta.setAttribute('content', resolved);\n          }\n        } catch {\n          // Keep the default light metadata if storage access is unavailable.\n        }\n      })();\n    <\/script>\n    <link rel=\"preconnect\" href=\"https://fonts.googleapis.com\" />\n    <link rel=\"preconnect\" href=\"https://fonts.gstatic.com\" crossorigin />\n    <link\n      href=\"https://fonts.googleapis.com/css2?family=Source+Sans+3:wght@400;500;600;700&family=IBM+Plex+Mono:wght@400;500&display=swap\"\n      rel=\"stylesheet\"\n    />\n    " + head + "\n  </head>\n  <body data-sveltekit-preload-data=\"hover\">\n    <div style=\"display: contents\">" + body + "</div>\n  </body>\n</html>\n",
 		error: ({ status, message }) => "<!doctype html>\n<html lang=\"en\">\n	<head>\n		<meta charset=\"utf-8\" />\n		<title>" + message + "</title>\n\n		<style>\n			body {\n				--bg: white;\n				--fg: #222;\n				--divider: #ccc;\n				background: var(--bg);\n				color: var(--fg);\n				font-family:\n					system-ui,\n					-apple-system,\n					BlinkMacSystemFont,\n					'Segoe UI',\n					Roboto,\n					Oxygen,\n					Ubuntu,\n					Cantarell,\n					'Open Sans',\n					'Helvetica Neue',\n					sans-serif;\n				display: flex;\n				align-items: center;\n				justify-content: center;\n				height: 100vh;\n				margin: 0;\n			}\n\n			.error {\n				display: flex;\n				align-items: center;\n				max-width: 32rem;\n				margin: 0 1rem;\n			}\n\n			.status {\n				font-weight: 200;\n				font-size: 3rem;\n				line-height: 1;\n				position: relative;\n				top: -0.05rem;\n			}\n\n			.message {\n				border-left: 1px solid var(--divider);\n				padding: 0 0 0 1rem;\n				margin: 0 0 0 1rem;\n				min-height: 2.5rem;\n				display: flex;\n				align-items: center;\n			}\n\n			.message h1 {\n				font-weight: 400;\n				font-size: 1em;\n				margin: 0;\n			}\n\n			@media (prefers-color-scheme: dark) {\n				body {\n					--bg: #222;\n					--fg: #ddd;\n					--divider: #666;\n				}\n			}\n		</style>\n	</head>\n	<body>\n		<div class=\"error\">\n			<span class=\"status\">" + status + "</span>\n			<div class=\"message\">\n				<h1>" + message + "</h1>\n			</div>\n		</div>\n	</body>\n</html>\n"
 	},
-	version_hash: "txf0dg"
+	version_hash: "1i7l36r"
 };
 async function get_hooks() {
 	let handle;
@@ -1526,7 +1526,7 @@ async function get_hooks() {
 	let handleError;
 	let handleValidationError;
 	let init;
-	({handle, handleFetch, handleError, handleValidationError, init} = await import('./hooks.server-DERyGNuF.js'));
+	({handle, handleFetch, handleError, handleValidationError, init} = await import('./hooks.server-C6uX-Qkd.js'));
 	let reroute;
 	let transport;
 	return {
@@ -1541,4 +1541,4 @@ async function get_hooks() {
 }
 
 export { stringify$1 as A, validate_layout_exports as B, validate_layout_server_exports as C, validate_page_exports as D, validate_page_server_exports as E, with_request_store as F, INVALIDATED_PARAM as I, NULL_BODY_STATUS as N, TRAILING_SLASH_PARAM as T, IN_WEBCONTAINER as a, compact as b, coalesce_to_error as c, create_remote_key as d, decode_pathname as e, disable_search as f, find_route as g, get_hooks as h, get_message as i, get_status as j, hash as k, merge_tracing as l, make_trackable as m, noop as n, noop_span as o, normalize_error as p, normalize_path as q, once as r, options as s, parse as t, parse_remote_arg as u, read_implementation as v, resolve as w, set_read_implementation as x, split_remote_key as y, stringify as z };
-//# sourceMappingURL=internal-CGO6-n-l.js.map
+//# sourceMappingURL=internal-BJjTqjxK.js.map