npm - @openqa/cli - Versions diffs - 2.0.0 → 2.1.0 - Mend

@openqa/cli 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +202 -5
package/dist/cli/daemon.js +1459 -221
package/dist/cli/dashboard.html.js +3 -0
package/dist/cli/env-config.js +391 -0
package/dist/cli/env-routes.js +820 -0
package/dist/cli/env.html.js +679 -0
package/dist/cli/index.js +4537 -2323
package/dist/cli/server.js +2168 -12
package/install.sh +19 -10
package/package.json +2 -1

package/dist/cli/daemon.js CHANGED Viewed

@@ -1,9 +1,5 @@
-var __create = Object.create;
 var __defProp = Object.defineProperty;
-var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
-var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require : typeof Proxy !== "undefined" ? new Proxy(x, {
   get: (a, b) => (typeof require !== "undefined" ? require : a)[b]
 }) : x)(function(x) {
@@ -13,29 +9,10 @@ var __require = /* @__PURE__ */ ((x) => typeof require !== "undefined" ? require
 var __esm = (fn, res) => function __init() {
   return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
 };
-var __commonJS = (cb, mod) => function __require2() {
-  return mod || (0, cb[__getOwnPropNames(cb)[0]])((mod = { exports: {} }).exports, mod), mod.exports;
-};
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __copyProps = (to, from, except, desc) => {
-  if (from && typeof from === "object" || typeof from === "function") {
-    for (let key of __getOwnPropNames(from))
-      if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
-  }
-  return to;
-};
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 // node_modules/tsup/assets/esm_shims.js
 import path from "path";
@@ -137,173 +114,6 @@ var init_coverage = __esm({
   }
 });
-// node_modules/cookie/index.js
-var require_cookie = __commonJS({
-  "node_modules/cookie/index.js"(exports) {
-    "use strict";
-    init_esm_shims();
-    exports.parse = parse;
-    exports.serialize = serialize;
-    var __toString = Object.prototype.toString;
-    var __hasOwnProperty = Object.prototype.hasOwnProperty;
-    var cookieNameRegExp = /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/;
-    var cookieValueRegExp = /^("?)[\u0021\u0023-\u002B\u002D-\u003A\u003C-\u005B\u005D-\u007E]*\1$/;
-    var domainValueRegExp = /^([.]?[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)([.][a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)*$/i;
-    var pathValueRegExp = /^[\u0020-\u003A\u003D-\u007E]*$/;
-    function parse(str, opt) {
-      if (typeof str !== "string") {
-        throw new TypeError("argument str must be a string");
-      }
-      var obj = {};
-      var len = str.length;
-      if (len < 2) return obj;
-      var dec = opt && opt.decode || decode;
-      var index = 0;
-      var eqIdx = 0;
-      var endIdx = 0;
-      do {
-        eqIdx = str.indexOf("=", index);
-        if (eqIdx === -1) break;
-        endIdx = str.indexOf(";", index);
-        if (endIdx === -1) {
-          endIdx = len;
-        } else if (eqIdx > endIdx) {
-          index = str.lastIndexOf(";", eqIdx - 1) + 1;
-          continue;
-        }
-        var keyStartIdx = startIndex(str, index, eqIdx);
-        var keyEndIdx = endIndex(str, eqIdx, keyStartIdx);
-        var key = str.slice(keyStartIdx, keyEndIdx);
-        if (!__hasOwnProperty.call(obj, key)) {
-          var valStartIdx = startIndex(str, eqIdx + 1, endIdx);
-          var valEndIdx = endIndex(str, endIdx, valStartIdx);
-          if (str.charCodeAt(valStartIdx) === 34 && str.charCodeAt(valEndIdx - 1) === 34) {
-            valStartIdx++;
-            valEndIdx--;
-          }
-          var val = str.slice(valStartIdx, valEndIdx);
-          obj[key] = tryDecode(val, dec);
-        }
-        index = endIdx + 1;
-      } while (index < len);
-      return obj;
-    }
-    function startIndex(str, index, max) {
-      do {
-        var code = str.charCodeAt(index);
-        if (code !== 32 && code !== 9) return index;
-      } while (++index < max);
-      return max;
-    }
-    function endIndex(str, index, min) {
-      while (index > min) {
-        var code = str.charCodeAt(--index);
-        if (code !== 32 && code !== 9) return index + 1;
-      }
-      return min;
-    }
-    function serialize(name, val, opt) {
-      var enc = opt && opt.encode || encodeURIComponent;
-      if (typeof enc !== "function") {
-        throw new TypeError("option encode is invalid");
-      }
-      if (!cookieNameRegExp.test(name)) {
-        throw new TypeError("argument name is invalid");
-      }
-      var value = enc(val);
-      if (!cookieValueRegExp.test(value)) {
-        throw new TypeError("argument val is invalid");
-      }
-      var str = name + "=" + value;
-      if (!opt) return str;
-      if (null != opt.maxAge) {
-        var maxAge = Math.floor(opt.maxAge);
-        if (!isFinite(maxAge)) {
-          throw new TypeError("option maxAge is invalid");
-        }
-        str += "; Max-Age=" + maxAge;
-      }
-      if (opt.domain) {
-        if (!domainValueRegExp.test(opt.domain)) {
-          throw new TypeError("option domain is invalid");
-        }
-        str += "; Domain=" + opt.domain;
-      }
-      if (opt.path) {
-        if (!pathValueRegExp.test(opt.path)) {
-          throw new TypeError("option path is invalid");
-        }
-        str += "; Path=" + opt.path;
-      }
-      if (opt.expires) {
-        var expires = opt.expires;
-        if (!isDate(expires) || isNaN(expires.valueOf())) {
-          throw new TypeError("option expires is invalid");
-        }
-        str += "; Expires=" + expires.toUTCString();
-      }
-      if (opt.httpOnly) {
-        str += "; HttpOnly";
-      }
-      if (opt.secure) {
-        str += "; Secure";
-      }
-      if (opt.partitioned) {
-        str += "; Partitioned";
-      }
-      if (opt.priority) {
-        var priority = typeof opt.priority === "string" ? opt.priority.toLowerCase() : opt.priority;
-        switch (priority) {
-          case "low":
-            str += "; Priority=Low";
-            break;
-          case "medium":
-            str += "; Priority=Medium";
-            break;
-          case "high":
-            str += "; Priority=High";
-            break;
-          default:
-            throw new TypeError("option priority is invalid");
-        }
-      }
-      if (opt.sameSite) {
-        var sameSite = typeof opt.sameSite === "string" ? opt.sameSite.toLowerCase() : opt.sameSite;
-        switch (sameSite) {
-          case true:
-            str += "; SameSite=Strict";
-            break;
-          case "lax":
-            str += "; SameSite=Lax";
-            break;
-          case "strict":
-            str += "; SameSite=Strict";
-            break;
-          case "none":
-            str += "; SameSite=None";
-            break;
-          default:
-            throw new TypeError("option sameSite is invalid");
-        }
-      }
-      return str;
-    }
-    function decode(str) {
-      return str.indexOf("%") !== -1 ? decodeURIComponent(str) : str;
-    }
-    function isDate(val) {
-      return __toString.call(val) === "[object Date]";
-    }
-    function tryDecode(str, decode2) {
-      try {
-        return decode2(str);
-      } catch (e) {
-        return str;
-      }
-    }
-  }
-});
 // cli/daemon.ts
 init_esm_shims();
@@ -3856,8 +3666,8 @@ async function verifyPassword(plain, stored) {
 // cli/auth/jwt.ts
 init_esm_shims();
-var import_cookie = __toESM(require_cookie(), 1);
 import { createHmac, randomBytes as randomBytes2 } from "crypto";
+import { parse as parseCookies } from "cookie";
 var TTL_MS = 24 * 60 * 60 * 1e3;
 var COOKIE_NAME = "openqa_token";
 var _secret = null;
@@ -3912,7 +3722,7 @@ function clearAuthCookie(res) {
 function extractToken(req) {
   const cookieHeader = req.headers.cookie ?? "";
   if (cookieHeader) {
-    const cookies = (0, import_cookie.parse)(cookieHeader);
+    const cookies = parseCookies(cookieHeader);
     if (cookies[COOKIE_NAME]) return cookies[COOKIE_NAME];
   }
   const auth = req.headers.authorization ?? "";
@@ -3980,7 +3790,7 @@ var loginSchema = z3.object({
   password: z3.string().min(1).max(200)
 });
 var setupSchema = z3.object({
-  username: z3.string().min(3).max(50).regex(/^[a-z0-9_]+$/, "Only lowercase letters, digits and underscores"),
+  username: z3.string().min(3).max(100).regex(/^[a-z0-9_.@-]+$/, "Only lowercase letters, digits, and ._@- characters"),
   password: z3.string().min(8).max(200)
 });
 var changePasswordSchema = z3.object({
@@ -3988,7 +3798,7 @@ var changePasswordSchema = z3.object({
   newPassword: z3.string().min(8).max(200)
 });
 var createUserSchema = z3.object({
-  username: z3.string().min(3).max(50).regex(/^[a-z0-9_]+$/, "Only lowercase letters, digits and underscores"),
+  username: z3.string().min(3).max(100).regex(/^[a-z0-9_.@-]+$/, "Only lowercase letters, digits, and ._@- characters"),
   password: z3.string().min(8).max(200),
   role: z3.enum(["admin", "viewer"])
 });
@@ -4118,6 +3928,759 @@ function createAuthRouter(db2) {
   return router;
 }
+// cli/env-routes.ts
+init_esm_shims();
+import { Router as Router3 } from "express";
+import { readFileSync as readFileSync5, writeFileSync as writeFileSync3, existsSync as existsSync4 } from "fs";
+import { join as join6 } from "path";
+// cli/env-config.ts
+init_esm_shims();
+var ENV_VARIABLES = [
+  // ============================================================================
+  // LLM CONFIGURATION
+  // ============================================================================
+  {
+    key: "LLM_PROVIDER",
+    type: "select",
+    category: "llm",
+    required: true,
+    description: "LLM provider to use for AI operations",
+    options: ["openai", "anthropic", "ollama"],
+    placeholder: "openai",
+    restartRequired: true
+  },
+  {
+    key: "OPENAI_API_KEY",
+    type: "password",
+    category: "llm",
+    required: false,
+    description: "OpenAI API key (required if LLM_PROVIDER=openai)",
+    placeholder: "sk-...",
+    sensitive: true,
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      if (!value.startsWith("sk-")) {
+        return { valid: false, error: 'OpenAI API key must start with "sk-"' };
+      }
+      if (value.length < 20) {
+        return { valid: false, error: "API key seems too short" };
+      }
+      return { valid: true };
+    },
+    restartRequired: true
+  },
+  {
+    key: "ANTHROPIC_API_KEY",
+    type: "password",
+    category: "llm",
+    required: false,
+    description: "Anthropic API key (required if LLM_PROVIDER=anthropic)",
+    placeholder: "sk-ant-...",
+    sensitive: true,
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      if (!value.startsWith("sk-ant-")) {
+        return { valid: false, error: 'Anthropic API key must start with "sk-ant-"' };
+      }
+      return { valid: true };
+    },
+    restartRequired: true
+  },
+  {
+    key: "OLLAMA_BASE_URL",
+    type: "url",
+    category: "llm",
+    required: false,
+    description: "Ollama server URL (required if LLM_PROVIDER=ollama)",
+    placeholder: "http://localhost:11434",
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      try {
+        new URL(value);
+        return { valid: true };
+      } catch {
+        return { valid: false, error: "Invalid URL format" };
+      }
+    },
+    restartRequired: true
+  },
+  {
+    key: "LLM_MODEL",
+    type: "text",
+    category: "llm",
+    required: false,
+    description: "LLM model to use (e.g., gpt-4, claude-3-opus, llama2)",
+    placeholder: "gpt-4",
+    restartRequired: true
+  },
+  // ============================================================================
+  // SECURITY
+  // ============================================================================
+  {
+    key: "OPENQA_JWT_SECRET",
+    type: "password",
+    category: "security",
+    required: true,
+    description: "Secret key for JWT token signing (min 32 characters)",
+    placeholder: "Generate with: openssl rand -hex 32",
+    sensitive: true,
+    validation: (value) => {
+      if (!value) return { valid: false, error: "JWT secret is required" };
+      if (value.length < 32) {
+        return { valid: false, error: "JWT secret must be at least 32 characters" };
+      }
+      return { valid: true };
+    },
+    restartRequired: true
+  },
+  {
+    key: "OPENQA_AUTH_DISABLED",
+    type: "boolean",
+    category: "security",
+    required: false,
+    description: "\u26A0\uFE0F DANGER: Disable authentication (NEVER use in production!)",
+    placeholder: "false",
+    validation: (value) => {
+      if (value === "true" && process.env.NODE_ENV === "production") {
+        return { valid: false, error: "Cannot disable auth in production!" };
+      }
+      return { valid: true };
+    },
+    restartRequired: true
+  },
+  {
+    key: "NODE_ENV",
+    type: "select",
+    category: "security",
+    required: false,
+    description: "Node environment (production enables security features)",
+    options: ["development", "production", "test"],
+    placeholder: "production",
+    restartRequired: true
+  },
+  // ============================================================================
+  // TARGET APPLICATION
+  // ============================================================================
+  {
+    key: "SAAS_URL",
+    type: "url",
+    category: "target",
+    required: true,
+    description: "URL of the application to test",
+    placeholder: "https://your-app.com",
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: false, error: "Target URL is required" };
+      try {
+        const url = new URL(value);
+        if (!["http:", "https:"].includes(url.protocol)) {
+          return { valid: false, error: "URL must use http or https protocol" };
+        }
+        return { valid: true };
+      } catch {
+        return { valid: false, error: "Invalid URL format" };
+      }
+    }
+  },
+  {
+    key: "SAAS_AUTH_TYPE",
+    type: "select",
+    category: "target",
+    required: false,
+    description: "Authentication type for target application",
+    options: ["none", "basic", "session"],
+    placeholder: "none"
+  },
+  {
+    key: "SAAS_USERNAME",
+    type: "text",
+    category: "target",
+    required: false,
+    description: "Username for target application authentication",
+    placeholder: "test@example.com"
+  },
+  {
+    key: "SAAS_PASSWORD",
+    type: "password",
+    category: "target",
+    required: false,
+    description: "Password for target application authentication",
+    placeholder: "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022",
+    sensitive: true
+  },
+  // ============================================================================
+  // GITHUB INTEGRATION
+  // ============================================================================
+  {
+    key: "GITHUB_TOKEN",
+    type: "password",
+    category: "github",
+    required: false,
+    description: "GitHub personal access token for issue creation",
+    placeholder: "ghp_...",
+    sensitive: true,
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      if (!value.startsWith("ghp_") && !value.startsWith("github_pat_")) {
+        return { valid: false, error: 'GitHub token must start with "ghp_" or "github_pat_"' };
+      }
+      return { valid: true };
+    }
+  },
+  {
+    key: "GITHUB_OWNER",
+    type: "text",
+    category: "github",
+    required: false,
+    description: "GitHub repository owner/organization",
+    placeholder: "your-username"
+  },
+  {
+    key: "GITHUB_REPO",
+    type: "text",
+    category: "github",
+    required: false,
+    description: "GitHub repository name",
+    placeholder: "your-repo"
+  },
+  {
+    key: "GITHUB_BRANCH",
+    type: "text",
+    category: "github",
+    required: false,
+    description: "GitHub branch to monitor",
+    placeholder: "main"
+  },
+  // ============================================================================
+  // WEB SERVER
+  // ============================================================================
+  {
+    key: "WEB_PORT",
+    type: "number",
+    category: "web",
+    required: false,
+    description: "Port for web server",
+    placeholder: "4242",
+    validation: (value) => {
+      if (!value) return { valid: true };
+      const port = parseInt(value, 10);
+      if (isNaN(port) || port < 1 || port > 65535) {
+        return { valid: false, error: "Port must be between 1 and 65535" };
+      }
+      return { valid: true };
+    },
+    restartRequired: true
+  },
+  {
+    key: "WEB_HOST",
+    type: "text",
+    category: "web",
+    required: false,
+    description: "Host to bind web server (0.0.0.0 for all interfaces)",
+    placeholder: "0.0.0.0",
+    restartRequired: true
+  },
+  {
+    key: "CORS_ORIGINS",
+    type: "text",
+    category: "web",
+    required: false,
+    description: "Allowed CORS origins (comma-separated)",
+    placeholder: "https://your-domain.com,https://app.example.com",
+    restartRequired: true
+  },
+  // ============================================================================
+  // AGENT CONFIGURATION
+  // ============================================================================
+  {
+    key: "AGENT_AUTO_START",
+    type: "boolean",
+    category: "agent",
+    required: false,
+    description: "Auto-start agent on server launch",
+    placeholder: "false"
+  },
+  {
+    key: "AGENT_INTERVAL_MS",
+    type: "number",
+    category: "agent",
+    required: false,
+    description: "Agent run interval in milliseconds (1 hour = 3600000)",
+    placeholder: "3600000",
+    validation: (value) => {
+      if (!value) return { valid: true };
+      const interval = parseInt(value, 10);
+      if (isNaN(interval) || interval < 6e4) {
+        return { valid: false, error: "Interval must be at least 60000ms (1 minute)" };
+      }
+      return { valid: true };
+    }
+  },
+  {
+    key: "AGENT_MAX_ITERATIONS",
+    type: "number",
+    category: "agent",
+    required: false,
+    description: "Maximum iterations per agent session",
+    placeholder: "20",
+    validation: (value) => {
+      if (!value) return { valid: true };
+      const max = parseInt(value, 10);
+      if (isNaN(max) || max < 1 || max > 1e3) {
+        return { valid: false, error: "Max iterations must be between 1 and 1000" };
+      }
+      return { valid: true };
+    }
+  },
+  {
+    key: "GIT_LISTENER_ENABLED",
+    type: "boolean",
+    category: "agent",
+    required: false,
+    description: "Enable git merge/pipeline detection",
+    placeholder: "true"
+  },
+  {
+    key: "GIT_POLL_INTERVAL_MS",
+    type: "number",
+    category: "agent",
+    required: false,
+    description: "Git polling interval in milliseconds",
+    placeholder: "60000"
+  },
+  // ============================================================================
+  // DATABASE
+  // ============================================================================
+  {
+    key: "DB_PATH",
+    type: "text",
+    category: "database",
+    required: false,
+    description: "Path to SQLite database file",
+    placeholder: "./data/openqa.db",
+    restartRequired: true
+  },
+  // ============================================================================
+  // NOTIFICATIONS
+  // ============================================================================
+  {
+    key: "SLACK_WEBHOOK_URL",
+    type: "url",
+    category: "notifications",
+    required: false,
+    description: "Slack webhook URL for notifications",
+    placeholder: "https://hooks.slack.com/services/...",
+    sensitive: true,
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      if (!value.startsWith("https://hooks.slack.com/")) {
+        return { valid: false, error: "Invalid Slack webhook URL" };
+      }
+      return { valid: true };
+    }
+  },
+  {
+    key: "DISCORD_WEBHOOK_URL",
+    type: "url",
+    category: "notifications",
+    required: false,
+    description: "Discord webhook URL for notifications",
+    placeholder: "https://discord.com/api/webhooks/...",
+    sensitive: true,
+    testable: true,
+    validation: (value) => {
+      if (!value) return { valid: true };
+      if (!value.startsWith("https://discord.com/api/webhooks/")) {
+        return { valid: false, error: "Invalid Discord webhook URL" };
+      }
+      return { valid: true };
+    }
+  }
+];
+function getEnvVariable(key) {
+  return ENV_VARIABLES.find((v) => v.key === key);
+}
+function validateEnvValue(key, value) {
+  const envVar = getEnvVariable(key);
+  if (!envVar) return { valid: false, error: "Unknown environment variable" };
+  if (envVar.required && !value) {
+    return { valid: false, error: "This field is required" };
+  }
+  if (envVar.validation) {
+    return envVar.validation(value);
+  }
+  return { valid: true };
+}
+// cli/env-routes.ts
+function createEnvRouter() {
+  const router = Router3();
+  const ENV_FILE_PATH = join6(process.cwd(), ".env");
+  function readEnvFile() {
+    if (!existsSync4(ENV_FILE_PATH)) {
+      return {};
+    }
+    const content = readFileSync5(ENV_FILE_PATH, "utf-8");
+    const env = {};
+    content.split("\n").forEach((line) => {
+      line = line.trim();
+      if (!line || line.startsWith("#")) return;
+      const match = line.match(/^([^=]+)=(.*)$/);
+      if (match) {
+        const [, key, value] = match;
+        env[key.trim()] = value.trim().replace(/^["']|["']$/g, "");
+      }
+    });
+    return env;
+  }
+  function writeEnvFile(env) {
+    const lines = [
+      "# OpenQA Environment Configuration",
+      "# Auto-generated by OpenQA Dashboard",
+      "# Last updated: " + (/* @__PURE__ */ new Date()).toISOString(),
+      ""
+    ];
+    const categories = {};
+    ENV_VARIABLES.forEach((v) => {
+      if (!categories[v.category]) {
+        categories[v.category] = [];
+      }
+      const value = env[v.key] || "";
+      if (value || v.required) {
+        categories[v.category].push(`${v.key}=${value}`);
+      }
+    });
+    const categoryNames = {
+      llm: "LLM CONFIGURATION",
+      security: "SECURITY",
+      target: "TARGET APPLICATION",
+      github: "GITHUB INTEGRATION",
+      web: "WEB SERVER",
+      agent: "AGENT CONFIGURATION",
+      database: "DATABASE",
+      notifications: "NOTIFICATIONS"
+    };
+    Object.entries(categories).forEach(([category, vars]) => {
+      if (vars.length > 0) {
+        lines.push("# " + "=".repeat(76));
+        lines.push(`# ${categoryNames[category] || category.toUpperCase()}`);
+        lines.push("# " + "=".repeat(76));
+        lines.push(...vars);
+        lines.push("");
+      }
+    });
+    writeFileSync3(ENV_FILE_PATH, lines.join("\n"));
+  }
+  router.get("/api/env", requireAuth, requireAdmin, (_req, res) => {
+    try {
+      const envFile = readEnvFile();
+      const processEnv = process.env;
+      const variables = ENV_VARIABLES.map((v) => ({
+        key: v.key,
+        value: envFile[v.key] || processEnv[v.key] || "",
+        type: v.type,
+        category: v.category,
+        required: v.required,
+        description: v.description,
+        placeholder: v.placeholder,
+        options: v.options,
+        sensitive: v.sensitive,
+        testable: v.testable,
+        restartRequired: v.restartRequired,
+        // Mask sensitive values
+        displayValue: v.sensitive && (envFile[v.key] || processEnv[v.key]) ? "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022" : envFile[v.key] || processEnv[v.key] || ""
+      }));
+      res.json({
+        variables,
+        envFileExists: existsSync4(ENV_FILE_PATH),
+        lastModified: existsSync4(ENV_FILE_PATH) ? new Date(readFileSync5(ENV_FILE_PATH, "utf-8").match(/Last updated: (.+)/)?.[1] || 0).toISOString() : null
+      });
+    } catch (error) {
+      res.status(500).json({
+        error: "Failed to read environment variables",
+        details: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+  router.get("/api/env/:key", requireAuth, requireAdmin, (req, res) => {
+    try {
+      const { key } = req.params;
+      const envVar = ENV_VARIABLES.find((v) => v.key === key);
+      if (!envVar) {
+        res.status(404).json({ error: "Environment variable not found" });
+        return;
+      }
+      const envFile = readEnvFile();
+      const value = envFile[key] || process.env[key] || "";
+      res.json({
+        ...envVar,
+        value,
+        displayValue: envVar.sensitive && value ? "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022" : value
+      });
+    } catch (error) {
+      res.status(500).json({
+        error: "Failed to read environment variable",
+        details: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+  router.put("/api/env/:key", requireAuth, requireAdmin, (req, res) => {
+    try {
+      const { key } = req.params;
+      const { value } = req.body;
+      const validation = validateEnvValue(key, value);
+      if (!validation.valid) {
+        res.status(400).json({ error: validation.error });
+        return;
+      }
+      const env = readEnvFile();
+      if (value === "" || value === null || value === void 0) {
+        delete env[key];
+      } else {
+        env[key] = value;
+      }
+      writeEnvFile(env);
+      if (value) {
+        process.env[key] = value;
+      } else {
+        delete process.env[key];
+      }
+      const envVar = ENV_VARIABLES.find((v) => v.key === key);
+      res.json({
+        success: true,
+        key,
+        value: envVar?.sensitive ? "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022" : value,
+        restartRequired: envVar?.restartRequired || false
+      });
+    } catch (error) {
+      res.status(500).json({
+        error: "Failed to update environment variable",
+        details: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+  router.post("/api/env/bulk", requireAuth, requireAdmin, (req, res) => {
+    try {
+      const { variables } = req.body;
+      if (!variables || typeof variables !== "object") {
+        res.status(400).json({ error: "Invalid request body" });
+        return;
+      }
+      const errors = {};
+      Object.entries(variables).forEach(([key, value]) => {
+        const validation = validateEnvValue(key, value);
+        if (!validation.valid) {
+          errors[key] = validation.error || "Invalid value";
+        }
+      });
+      if (Object.keys(errors).length > 0) {
+        res.status(400).json({ error: "Validation failed", errors });
+        return;
+      }
+      const env = readEnvFile();
+      Object.entries(variables).forEach(([key, value]) => {
+        if (value === "" || value === null || value === void 0) {
+          delete env[key];
+          delete process.env[key];
+        } else {
+          env[key] = value;
+          process.env[key] = value;
+        }
+      });
+      writeEnvFile(env);
+      const restartRequired = Object.keys(variables).some((key) => {
+        const envVar = ENV_VARIABLES.find((v) => v.key === key);
+        return envVar?.restartRequired;
+      });
+      res.json({
+        success: true,
+        updated: Object.keys(variables).length,
+        restartRequired
+      });
+    } catch (error) {
+      res.status(500).json({
+        error: "Failed to update environment variables",
+        details: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+  router.post("/api/env/test/:key", requireAuth, requireAdmin, async (req, res) => {
+    try {
+      const { key } = req.params;
+      const { value } = req.body;
+      const envVar = ENV_VARIABLES.find((v) => v.key === key);
+      if (!envVar || !envVar.testable) {
+        res.status(400).json({ error: "This variable cannot be tested" });
+        return;
+      }
+      let testResult;
+      switch (key) {
+        case "OPENAI_API_KEY":
+          testResult = await testOpenAIKey(value);
+          break;
+        case "ANTHROPIC_API_KEY":
+          testResult = await testAnthropicKey(value);
+          break;
+        case "OLLAMA_BASE_URL":
+          testResult = await testOllamaURL(value);
+          break;
+        case "GITHUB_TOKEN":
+          testResult = await testGitHubToken(value);
+          break;
+        case "SAAS_URL":
+          testResult = await testURL(value);
+          break;
+        case "SLACK_WEBHOOK_URL":
+          testResult = await testSlackWebhook(value);
+          break;
+        case "DISCORD_WEBHOOK_URL":
+          testResult = await testDiscordWebhook(value);
+          break;
+        default:
+          testResult = { success: false, message: "Test not implemented for this variable" };
+      }
+      res.json(testResult);
+    } catch (error) {
+      res.status(500).json({
+        success: false,
+        message: error instanceof Error ? error.message : "Test failed"
+      });
+    }
+  });
+  router.post("/api/env/generate/:key", requireAuth, requireAdmin, (req, res) => {
+    try {
+      const { key } = req.params;
+      let generated;
+      switch (key) {
+        case "OPENQA_JWT_SECRET":
+          generated = Array.from(
+            { length: 64 },
+            () => Math.floor(Math.random() * 16).toString(16)
+          ).join("");
+          break;
+        default:
+          res.status(400).json({ error: "Generation not supported for this variable" });
+          return;
+      }
+      res.json({ success: true, value: generated });
+    } catch (error) {
+      res.status(500).json({
+        error: "Failed to generate value",
+        details: error instanceof Error ? error.message : String(error)
+      });
+    }
+  });
+  return router;
+}
+async function testOpenAIKey(apiKey) {
+  try {
+    const response = await fetch("https://api.openai.com/v1/models", {
+      headers: { "Authorization": `Bearer ${apiKey}` }
+    });
+    if (response.ok) {
+      return { success: true, message: "OpenAI API key is valid" };
+    }
+    return { success: false, message: "Invalid OpenAI API key" };
+  } catch {
+    return { success: false, message: "Failed to connect to OpenAI API" };
+  }
+}
+async function testAnthropicKey(apiKey) {
+  try {
+    const response = await fetch("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "x-api-key": apiKey,
+        "anthropic-version": "2023-06-01",
+        "content-type": "application/json"
+      },
+      body: JSON.stringify({
+        model: "claude-3-haiku-20240307",
+        max_tokens: 1,
+        messages: [{ role: "user", content: "test" }]
+      })
+    });
+    if (response.status === 200 || response.status === 400) {
+      return { success: true, message: "Anthropic API key is valid" };
+    }
+    return { success: false, message: "Invalid Anthropic API key" };
+  } catch {
+    return { success: false, message: "Failed to connect to Anthropic API" };
+  }
+}
+async function testOllamaURL(url) {
+  try {
+    const response = await fetch(`${url}/api/tags`);
+    if (response.ok) {
+      return { success: true, message: "Ollama server is accessible" };
+    }
+    return { success: false, message: "Ollama server returned an error" };
+  } catch {
+    return { success: false, message: "Cannot connect to Ollama server" };
+  }
+}
+async function testGitHubToken(token) {
+  try {
+    const response = await fetch("https://api.github.com/user", {
+      headers: { "Authorization": `token ${token}` }
+    });
+    if (response.ok) {
+      const data = await response.json();
+      return { success: true, message: `GitHub token is valid (user: ${data.login})` };
+    }
+    return { success: false, message: "Invalid GitHub token" };
+  } catch {
+    return { success: false, message: "Failed to connect to GitHub API" };
+  }
+}
+async function testURL(url) {
+  try {
+    const response = await fetch(url, { method: "HEAD" });
+    if (response.ok) {
+      return { success: true, message: "URL is accessible" };
+    }
+    return { success: false, message: `URL returned status ${response.status}` };
+  } catch {
+    return { success: false, message: "Cannot connect to URL" };
+  }
+}
+async function testSlackWebhook(url) {
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ text: "OpenQA webhook test" })
+    });
+    if (response.ok) {
+      return { success: true, message: "Slack webhook is valid" };
+    }
+    return { success: false, message: "Invalid Slack webhook" };
+  } catch {
+    return { success: false, message: "Failed to connect to Slack webhook" };
+  }
+}
+async function testDiscordWebhook(url) {
+  try {
+    const response = await fetch(url, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({ content: "OpenQA webhook test" })
+    });
+    if (response.ok || response.status === 204) {
+      return { success: true, message: "Discord webhook is valid" };
+    }
+    return { success: false, message: "Invalid Discord webhook" };
+  } catch {
+    return { success: false, message: "Failed to connect to Discord webhook" };
+  }
+}
 // cli/dashboard.html.ts
 init_esm_shims();
 function getDashboardHTML() {
@@ -4862,6 +5425,9 @@ function getDashboardHTML() {
       <a class="nav-item" href="/config">
         <span class="icon">\u2699</span> Config
       </a>
+      <a class="nav-item" href="/config/env">
+        <span class="icon">\u{1F527}</span> Environment
+      </a>
     </div>
     <div class="sidebar-footer">
@@ -7072,9 +7638,9 @@ function getSetupHTML() {
     <form id="setupForm">
       <div class="field">
-        <label for="username">Username</label>
-        <input type="text" id="username" name="username" autocomplete="username" autofocus required pattern="[a-z0-9_]+" title="Lowercase letters, digits and underscores only">
-        <div class="hint">Lowercase letters, digits and underscores only</div>
+        <label for="username">Username or Email</label>
+        <input type="text" id="username" name="username" autocomplete="username" autofocus required pattern="[a-z0-9_.@-]+" title="Lowercase letters, digits, and ._@- characters">
+        <div class="hint">Use your email or a username (lowercase, digits, ._@- allowed)</div>
       </div>
       <div class="field">
         <label for="password">Password</label>
@@ -7147,21 +7713,699 @@ function getSetupHTML() {
 </html>`;
 }
-// cli/daemon.ts
-import rateLimit from "express-rate-limit";
-import cors from "cors";
-import { z as z4 } from "zod";
-function validate3(schema) {
-  return (req, res, next) => {
-    const result = schema.safeParse(req.body);
-    if (!result.success) {
-      return res.status(400).json({
-        error: result.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ")
-      });
+// cli/env.html.ts
+init_esm_shims();
+function getEnvHTML() {
+  return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Environment Variables - OpenQA</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #667eea 0%, #764ba2 100%);
+      min-height: 100vh;
+      padding: 20px;
     }
-    req.body = result.data;
-    next();
-  };
+    .container {
+      max-width: 1200px;
+      margin: 0 auto;
+    }
+    .header {
+      background: rgba(255, 255, 255, 0.95);
+      backdrop-filter: blur(10px);
+      padding: 20px 30px;
+      border-radius: 12px;
+      margin-bottom: 20px;
+      box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+    }
+    .header h1 {
+      font-size: 24px;
+      color: #1a202c;
+      display: flex;
+      align-items: center;
+      gap: 10px;
+    }
+    .header-actions {
+      display: flex;
+      gap: 10px;
+    }
+    .btn {
+      padding: 10px 20px;
+      border: none;
+      border-radius: 8px;
+      font-size: 14px;
+      font-weight: 600;
+      cursor: pointer;
+      transition: all 0.2s;
+      text-decoration: none;
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+    }
+    .btn-primary {
+      background: #667eea;
+      color: white;
+    }
+    .btn-primary:hover {
+      background: #5568d3;
+      transform: translateY(-1px);
+    }
+    .btn-secondary {
+      background: #e2e8f0;
+      color: #4a5568;
+    }
+    .btn-secondary:hover {
+      background: #cbd5e0;
+    }
+    .btn-success {
+      background: #48bb78;
+      color: white;
+    }
+    .btn-success:hover {
+      background: #38a169;
+    }
+    .btn:disabled {
+      opacity: 0.5;
+      cursor: not-allowed;
+    }
+    .content {
+      background: rgba(255, 255, 255, 0.95);
+      backdrop-filter: blur(10px);
+      padding: 30px;
+      border-radius: 12px;
+      box-shadow: 0 4px 6px rgba(0, 0, 0, 0.1);
+    }
+    .tabs {
+      display: flex;
+      gap: 10px;
+      margin-bottom: 30px;
+      border-bottom: 2px solid #e2e8f0;
+      padding-bottom: 10px;
+    }
+    .tab {
+      padding: 10px 20px;
+      border: none;
+      background: none;
+      font-size: 14px;
+      font-weight: 600;
+      color: #718096;
+      cursor: pointer;
+      border-bottom: 3px solid transparent;
+      transition: all 0.2s;
+    }
+    .tab.active {
+      color: #667eea;
+      border-bottom-color: #667eea;
+    }
+    .tab:hover {
+      color: #667eea;
+    }
+    .category-section {
+      display: none;
+    }
+    .category-section.active {
+      display: block;
+    }
+    .category-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: center;
+      margin-bottom: 20px;
+    }
+    .category-title {
+      font-size: 18px;
+      font-weight: 600;
+      color: #2d3748;
+    }
+    .env-grid {
+      display: grid;
+      gap: 20px;
+    }
+    .env-item {
+      border: 1px solid #e2e8f0;
+      border-radius: 8px;
+      padding: 20px;
+      transition: all 0.2s;
+    }
+    .env-item:hover {
+      border-color: #cbd5e0;
+      box-shadow: 0 2px 4px rgba(0, 0, 0, 0.05);
+    }
+    .env-item-header {
+      display: flex;
+      justify-content: space-between;
+      align-items: flex-start;
+      margin-bottom: 10px;
+    }
+    .env-label {
+      font-weight: 600;
+      color: #2d3748;
+      font-size: 14px;
+      display: flex;
+      align-items: center;
+      gap: 8px;
+    }
+    .required-badge {
+      background: #fc8181;
+      color: white;
+      font-size: 10px;
+      padding: 2px 6px;
+      border-radius: 4px;
+      font-weight: 700;
+    }
+    .env-description {
+      font-size: 13px;
+      color: #718096;
+      margin-bottom: 10px;
+    }
+    .env-input-group {
+      display: flex;
+      gap: 10px;
+      align-items: center;
+    }
+    .env-input {
+      flex: 1;
+      padding: 10px 12px;
+      border: 1px solid #e2e8f0;
+      border-radius: 6px;
+      font-size: 14px;
+      font-family: 'Monaco', 'Courier New', monospace;
+      transition: all 0.2s;
+    }
+    .env-input:focus {
+      outline: none;
+      border-color: #667eea;
+      box-shadow: 0 0 0 3px rgba(102, 126, 234, 0.1);
+    }
+    .env-input.error {
+      border-color: #fc8181;
+    }
+    .env-actions {
+      display: flex;
+      gap: 5px;
+    }
+    .icon-btn {
+      padding: 8px;
+      border: none;
+      background: #e2e8f0;
+      border-radius: 6px;
+      cursor: pointer;
+      transition: all 0.2s;
+      font-size: 16px;
+    }
+    .icon-btn:hover {
+      background: #cbd5e0;
+    }
+    .icon-btn.test {
+      background: #bee3f8;
+      color: #2c5282;
+    }
+    .icon-btn.test:hover {
+      background: #90cdf4;
+    }
+    .icon-btn.generate {
+      background: #c6f6d5;
+      color: #22543d;
+    }
+    .icon-btn.generate:hover {
+      background: #9ae6b4;
+    }
+    .error-message {
+      color: #e53e3e;
+      font-size: 12px;
+      margin-top: 5px;
+    }
+    .success-message {
+      color: #38a169;
+      font-size: 12px;
+      margin-top: 5px;
+    }
+    .alert {
+      padding: 15px 20px;
+      border-radius: 8px;
+      margin-bottom: 20px;
+      display: flex;
+      align-items: center;
+      gap: 10px;
+    }
+    .alert-warning {
+      background: #fef5e7;
+      border-left: 4px solid #f59e0b;
+      color: #92400e;
+    }
+    .alert-info {
+      background: #eff6ff;
+      border-left: 4px solid #3b82f6;
+      color: #1e40af;
+    }
+    .alert-success {
+      background: #f0fdf4;
+      border-left: 4px solid #10b981;
+      color: #065f46;
+    }
+    .loading {
+      text-align: center;
+      padding: 40px;
+      color: #718096;
+    }
+    .spinner {
+      border: 3px solid #e2e8f0;
+      border-top: 3px solid #667eea;
+      border-radius: 50%;
+      width: 40px;
+      height: 40px;
+      animation: spin 1s linear infinite;
+      margin: 0 auto 20px;
+    }
+    @keyframes spin {
+      0% { transform: rotate(0deg); }
+      100% { transform: rotate(360deg); }
+    }
+    .modal {
+      display: none;
+      position: fixed;
+      top: 0;
+      left: 0;
+      right: 0;
+      bottom: 0;
+      background: rgba(0, 0, 0, 0.5);
+      z-index: 1000;
+      align-items: center;
+      justify-content: center;
+    }
+    .modal.show {
+      display: flex;
+    }
+    .modal-content {
+      background: white;
+      padding: 30px;
+      border-radius: 12px;
+      max-width: 500px;
+      width: 90%;
+      box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1);
+    }
+    .modal-header {
+      font-size: 20px;
+      font-weight: 600;
+      margin-bottom: 15px;
+      color: #2d3748;
+    }
+    .modal-body {
+      margin-bottom: 20px;
+      color: #4a5568;
+    }
+    .modal-footer {
+      display: flex;
+      gap: 10px;
+      justify-content: flex-end;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="header">
+      <h1>
+        <span>\u2699\uFE0F</span>
+        Environment Variables
+      </h1>
+      <div class="header-actions">
+        <a href="/config" class="btn btn-secondary">\u2190 Back to Config</a>
+        <button id="saveBtn" class="btn btn-success" disabled>\u{1F4BE} Save Changes</button>
+      </div>
+    </div>
+    <div class="content">
+      <div id="loading" class="loading">
+        <div class="spinner"></div>
+        <div>Loading environment variables...</div>
+      </div>
+      <div id="main" style="display: none;">
+        <div id="alerts"></div>
+        <div class="tabs">
+          <button class="tab active" data-category="llm">\u{1F916} LLM</button>
+          <button class="tab" data-category="security">\u{1F512} Security</button>
+          <button class="tab" data-category="target">\u{1F3AF} Target App</button>
+          <button class="tab" data-category="github">\u{1F419} GitHub</button>
+          <button class="tab" data-category="web">\u{1F310} Web Server</button>
+          <button class="tab" data-category="agent">\u{1F916} Agent</button>
+          <button class="tab" data-category="database">\u{1F4BE} Database</button>
+          <button class="tab" data-category="notifications">\u{1F514} Notifications</button>
+        </div>
+        <div id="categories"></div>
+      </div>
+    </div>
+  </div>
+  <!-- Test Result Modal -->
+  <div id="testModal" class="modal">
+    <div class="modal-content">
+      <div class="modal-header">Test Result</div>
+      <div class="modal-body" id="testResult"></div>
+      <div class="modal-footer">
+        <button class="btn btn-secondary" onclick="closeTestModal()">Close</button>
+      </div>
+    </div>
+  </div>
+  <script>
+    let envVariables = [];
+    let changedVariables = {};
+    let restartRequired = false;
+    // Load environment variables
+    async function loadEnvVariables() {
+      try {
+        const response = await fetch('/api/env');
+        if (!response.ok) throw new Error('Failed to load variables');
+        const data = await response.json();
+        envVariables = data.variables;
+        renderCategories();
+        document.getElementById('loading').style.display = 'none';
+        document.getElementById('main').style.display = 'block';
+      } catch (error) {
+        showAlert('error', 'Failed to load environment variables: ' + error.message);
+      }
+    }
+    // Render categories
+    function renderCategories() {
+      const container = document.getElementById('categories');
+      const categories = [...new Set(envVariables.map(v => v.category))];
+      categories.forEach((category, index) => {
+        const section = document.createElement('div');
+        section.className = 'category-section' + (index === 0 ? ' active' : '');
+        section.dataset.category = category;
+        const vars = envVariables.filter(v => v.category === category);
+        section.innerHTML = \`
+          <div class="category-header">
+            <div class="category-title">\${getCategoryTitle(category)}</div>
+          </div>
+          <div class="env-grid">
+            \${vars.map(v => renderEnvItem(v)).join('')}
+          </div>
+        \`;
+        container.appendChild(section);
+      });
+    }
+    // Render single env item
+    function renderEnvItem(envVar) {
+      const inputType = envVar.type === 'password' ? 'password' : 'text';
+      const value = envVar.displayValue || '';
+      return \`
+        <div class="env-item" data-key="\${envVar.key}">
+          <div class="env-item-header">
+            <div class="env-label">
+              \${envVar.key}
+              \${envVar.required ? '<span class="required-badge">REQUIRED</span>' : ''}
+            </div>
+          </div>
+          <div class="env-description">\${envVar.description}</div>
+          <div class="env-input-group">
+            \${envVar.type === 'select' ?
+              \`<select class="env-input" data-key="\${envVar.key}" onchange="handleChange(this)">
+                <option value="">-- Select --</option>
+                \${envVar.options.map(opt =>
+                  \`<option value="\${opt}" \${value === opt ? 'selected' : ''}>\${opt}</option>\`
+                ).join('')}
+              </select>\` :
+              envVar.type === 'boolean' ?
+              \`<select class="env-input" data-key="\${envVar.key}" onchange="handleChange(this)">
+                <option value="">-- Select --</option>
+                <option value="true" \${value === 'true' ? 'selected' : ''}>true</option>
+                <option value="false" \${value === 'false' ? 'selected' : ''}>false</option>
+              </select>\` :
+              \`<input
+                type="\${inputType}"
+                class="env-input"
+                data-key="\${envVar.key}"
+                value="\${value}"
+                placeholder="\${envVar.placeholder || ''}"
+                onchange="handleChange(this)"
+              />\`
+            }
+            <div class="env-actions">
+              \${envVar.testable ? \`<button class="icon-btn test" onclick="testVariable('\${envVar.key}')" title="Test">\u{1F9EA}</button>\` : ''}
+              \${envVar.key === 'OPENQA_JWT_SECRET' ? \`<button class="icon-btn generate" onclick="generateSecret('\${envVar.key}')" title="Generate">\u{1F511}</button>\` : ''}
+            </div>
+          </div>
+          <div class="error-message" id="error-\${envVar.key}"></div>
+          <div class="success-message" id="success-\${envVar.key}"></div>
+        </div>
+      \`;
+    }
+    // Handle input change
+    function handleChange(input) {
+      const key = input.dataset.key;
+      const value = input.value;
+      changedVariables[key] = value;
+      document.getElementById('saveBtn').disabled = false;
+      // Clear messages
+      document.getElementById(\`error-\${key}\`).textContent = '';
+      document.getElementById(\`success-\${key}\`).textContent = '';
+    }
+    // Save changes
+    async function saveChanges() {
+      const saveBtn = document.getElementById('saveBtn');
+      saveBtn.disabled = true;
+      saveBtn.textContent = '\u{1F4BE} Saving...';
+      try {
+        const response = await fetch('/api/env/bulk', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ variables: changedVariables }),
+        });
+        if (!response.ok) {
+          const error = await response.json();
+          throw new Error(error.error || 'Failed to save');
+        }
+        const result = await response.json();
+        restartRequired = result.restartRequired;
+        showAlert('success', \`\u2705 Saved \${result.updated} variable(s) successfully!\` +
+          (restartRequired ? ' \u26A0\uFE0F Restart required for changes to take effect.' : ''));
+        changedVariables = {};
+        saveBtn.textContent = '\u{1F4BE} Save Changes';
+        // Reload to show updated values
+        setTimeout(() => location.reload(), 2000);
+      } catch (error) {
+        showAlert('error', 'Failed to save: ' + error.message);
+        saveBtn.disabled = false;
+        saveBtn.textContent = '\u{1F4BE} Save Changes';
+      }
+    }
+    // Test variable
+    async function testVariable(key) {
+      const input = document.querySelector(\`[data-key="\${key}"]\`);
+      const value = input.value;
+      if (!value) {
+        showAlert('warning', 'Please enter a value first');
+        return;
+      }
+      try {
+        const response = await fetch(\`/api/env/test/\${key}\`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ value }),
+        });
+        const result = await response.json();
+        showTestResult(result);
+      } catch (error) {
+        showTestResult({ success: false, message: 'Test failed: ' + error.message });
+      }
+    }
+    // Generate secret
+    async function generateSecret(key) {
+      try {
+        const response = await fetch(\`/api/env/generate/\${key}\`, {
+          method: 'POST',
+        });
+        if (!response.ok) throw new Error('Failed to generate');
+        const result = await response.json();
+        const input = document.querySelector(\`[data-key="\${key}"]\`);
+        input.value = result.value;
+        handleChange(input);
+        document.getElementById(\`success-\${key}\`).textContent = '\u2705 Secret generated!';
+      } catch (error) {
+        document.getElementById(\`error-\${key}\`).textContent = 'Failed to generate: ' + error.message;
+      }
+    }
+    // Show test result
+    function showTestResult(result) {
+      const modal = document.getElementById('testModal');
+      const resultDiv = document.getElementById('testResult');
+      resultDiv.innerHTML = \`
+        <div class="alert \${result.success ? 'alert-success' : 'alert-warning'}">
+          \${result.success ? '\u2705' : '\u274C'} \${result.message}
+        </div>
+      \`;
+      modal.classList.add('show');
+    }
+    function closeTestModal() {
+      document.getElementById('testModal').classList.remove('show');
+    }
+    // Show alert
+    function showAlert(type, message) {
+      const alerts = document.getElementById('alerts');
+      const alertClass = type === 'error' ? 'alert-warning' :
+                        type === 'success' ? 'alert-success' : 'alert-info';
+      alerts.innerHTML = \`
+        <div class="alert \${alertClass}">
+          \${message}
+        </div>
+      \`;
+      setTimeout(() => alerts.innerHTML = '', 5000);
+    }
+    // Get category title
+    function getCategoryTitle(category) {
+      const titles = {
+        llm: '\u{1F916} LLM Configuration',
+        security: '\u{1F512} Security Settings',
+        target: '\u{1F3AF} Target Application',
+        github: '\u{1F419} GitHub Integration',
+        web: '\u{1F310} Web Server',
+        agent: '\u{1F916} Agent Configuration',
+        database: '\u{1F4BE} Database',
+        notifications: '\u{1F514} Notifications',
+      };
+      return titles[category] || category;
+    }
+    // Tab switching
+    document.addEventListener('click', (e) => {
+      if (e.target.classList.contains('tab')) {
+        const category = e.target.dataset.category;
+        document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
+        e.target.classList.add('active');
+        document.querySelectorAll('.category-section').forEach(s => s.classList.remove('active'));
+        document.querySelector(\`[data-category="\${category}"]\`).classList.add('active');
+      }
+    });
+    // Save button
+    document.getElementById('saveBtn').addEventListener('click', saveChanges);
+    // Load on page load
+    loadEnvVariables();
+  </script>
+</body>
+</html>`;
+}
+// cli/daemon.ts
+import rateLimit from "express-rate-limit";
+import cors from "cors";
+import { z as z4 } from "zod";
+function validate3(schema) {
+  return (req, res, next) => {
+    const result = schema.safeParse(req.body);
+    if (!result.success) {
+      return res.status(400).json({
+        error: result.error.issues.map((i) => `${i.path.join(".")}: ${i.message}`).join(", ")
+      });
+    }
+    req.body = result.data;
+    next();
+  };
 }
 var saasConfigSchema2 = z4.object({
   name: z4.string().min(1).max(200).optional(),
@@ -7238,6 +8482,7 @@ app.use(["/api/agent/start", "/api/project/setup", "/api/project/test", "/api/br
 var wss = new WebSocketServer({ noServer: true });
 var agent = null;
 app.use(createAuthRouter(db));
+app.use(createEnvRouter());
 app.use("/api", (req, res, next) => {
   const PUBLIC_PATHS = ["/auth/login", "/auth/logout", "/setup"];
   if (PUBLIC_PATHS.some((p) => req.path === p || req.path.startsWith(p + "/"))) return next();
@@ -7261,6 +8506,9 @@ app.get("/", authOrRedirect(db), (_req, res) => {
 app.get("/config", authOrRedirect(db), (_req, res) => {
   res.send(getConfigHTML(cfg));
 });
+app.get("/config/env", authOrRedirect(db), (_req, res) => {
+  res.send(getEnvHTML());
+});
 app.get("/kanban", authOrRedirect(db), (_req, res) => {
   res.send(getKanbanHTML());
 });
@@ -7560,13 +8808,3 @@ process.on("SIGINT", () => {
     process.exit(0);
   });
 });
-/*! Bundled license information:
-cookie/index.js:
-  (*!
-   * cookie
-   * Copyright(c) 2012-2014 Roman Shtylman
-   * Copyright(c) 2015 Douglas Christopher Wilson
-   * MIT Licensed
-   *)
-*/