@oscharko-dev/keiko 0.1.0-beta.0

package/dist/ui/files.js

@@ -0,0 +1,492 @@
+// Read-only filesystem browser for the desktop Files widget. The browser receives
+// only metadata or redacted preview content; every request is contained inside a
+// registered project root after realpath resolution.
+import { lstat, opendir, open, readFile, realpath, stat, } from "node:fs/promises";
+import { basename, dirname, extname, isAbsolute, join, parse as parsePath, posix as pathPosix, relative, resolve, } from "node:path";
+import { compileIgnore, isIgnored } from "../workspace/ignore.js";
+import { DENIED_MESSAGE, pathIsDenied } from "./files-deny.js";
+import { errorBody } from "./routes.js";
+const MAX_DIRECTORY_ENTRIES = 1_000;
+const MAX_TEXT_PREVIEW_BYTES = 1_000_000;
+const MAX_IMAGE_PREVIEW_BYTES = 3_000_000;
+const MAX_IGNORED_SCAN_ENTRIES = 10_000;
+class FilesError extends Error {
+    status;
+    code;
+    constructor(status, code, message) {
+        super(message);
+        this.status = status;
+        this.code = code;
+        this.name = "FilesError";
+    }
+}
+function filesErrorResult(error) {
+    return { status: error.status, body: errorBody(error.code, error.message) };
+}
+async function runFilesHandler(work) {
+    try {
+        return await work();
+    }
+    catch (error) {
+        if (error instanceof FilesError)
+            return filesErrorResult(error);
+        throw error;
+    }
+}
+async function resolveDirectory(candidate) {
+    let resolved;
+    try {
+        resolved = await realpath(candidate);
+    }
+    catch {
+        throw new FilesError(400, "INVALID_DIRECTORY", "The directory does not exist.");
+    }
+    const info = await stat(resolved);
+    if (!info.isDirectory()) {
+        throw new FilesError(400, "INVALID_DIRECTORY", "The selected path must be a directory.");
+    }
+    return resolved;
+}
+function projectFor(store, projectId) {
+    return store.listProjects().find((project) => project.path === projectId);
+}
+function rootNameIsDenied(rootPath) {
+    return pathIsDenied(basename(rootPath));
+}
+async function resolveRoot(store, rootInput) {
+    if (rootInput === null || rootInput.trim().length === 0) {
+        throw new FilesError(400, "BAD_REQUEST", "The root query parameter is required.");
+    }
+    const project = projectFor(store, rootInput);
+    if (project === undefined) {
+        throw new FilesError(403, "WORKSPACE_NOT_REGISTERED", "The selected root is not a registered project.");
+    }
+    if (rootNameIsDenied(project.path)) {
+        throw new FilesError(403, "DENIED", DENIED_MESSAGE);
+    }
+    const realRoot = await resolveDirectory(project.path);
+    if (rootNameIsDenied(realRoot)) {
+        throw new FilesError(403, "DENIED", DENIED_MESSAGE);
+    }
+    return { root: project.path, realRoot };
+}
+function directoryRoots(projectRoot) {
+    return [{ label: "Project root", path: projectRoot }];
+}
+function parentPath(pathValue, projectRoot) {
+    if (pathValue === projectRoot)
+        return null;
+    const parsed = parsePath(pathValue);
+    return pathValue === parsed.root ? null : dirname(pathValue);
+}
+function normalizeRelativePath(pathInput) {
+    const raw = pathInput ?? "";
+    if (raw.includes("\0") || isAbsolute(raw)) {
+        throw new FilesError(400, "BAD_PATH", "The path must be relative to the selected root.");
+    }
+    const normalized = pathPosix.normalize(raw.replaceAll("\\", "/"));
+    if (normalized === ".")
+        return "";
+    if (normalized === ".." || normalized.startsWith("../")) {
+        throw new FilesError(400, "PATH_ESCAPE", "The requested path is outside the selected root.");
+    }
+    return normalized;
+}
+function nativePath(root, relativePath) {
+    if (relativePath.length === 0)
+        return root;
+    return resolve(root, ...relativePath.split("/").filter((part) => part.length > 0));
+}
+function isContained(root, target) {
+    const rootCmp = process.platform === "win32" ? root.toLowerCase() : root;
+    const targetCmp = process.platform === "win32" ? target.toLowerCase() : target;
+    const rel = relative(rootCmp, targetCmp);
+    return rel === "" || (!rel.startsWith("..") && !isAbsolute(rel));
+}
+function rootRelativePosixPath(root, target) {
+    const rel = relative(root, target);
+    return rel.replaceAll("\\", "/");
+}
+function normalizeDirectoryPath(pathInput, registeredRoot, realRoot) {
+    const raw = pathInput?.trim();
+    if (raw === undefined || raw.length === 0)
+        return realRoot;
+    if (raw.includes("\0")) {
+        throw new FilesError(400, "BAD_PATH", "The path must stay inside the selected project.");
+    }
+    const candidate = isAbsolute(raw) ? resolve(raw) : resolve(realRoot, raw);
+    if (!isContained(realRoot, candidate) && !isContained(registeredRoot, candidate)) {
+        throw new FilesError(403, "PATH_ESCAPE", "The requested path is outside the selected project.");
+    }
+    return candidate;
+}
+async function resolveDirectoryInsideRoot(store, rootInput, pathInput) {
+    const root = await resolveRoot(store, rootInput);
+    const candidate = normalizeDirectoryPath(pathInput, root.root, root.realRoot);
+    const pathValue = await resolveDirectory(candidate);
+    if (!isContained(root.realRoot, pathValue)) {
+        throw new FilesError(403, "PATH_ESCAPE", "The requested path is outside the selected project.");
+    }
+    const relativePath = rootRelativePosixPath(root.realRoot, pathValue);
+    if (pathIsDenied(relativePath)) {
+        throw new FilesError(403, "DENIED", DENIED_MESSAGE);
+    }
+    return { ...root, path: pathValue, relativePath };
+}
+async function resolveInsideRoot(store, rootInput, pathInput) {
+    const root = await resolveRoot(store, rootInput);
+    const relativePath = normalizeRelativePath(pathInput);
+    // Deny check runs BEFORE realpath so existence of a denied path is not
+    // observable via the 403/404 status-code difference. A non-existent denied
+    // path returns 403, identical to an existing denied path.
+    if (pathIsDenied(relativePath)) {
+        throw new FilesError(403, "DENIED", DENIED_MESSAGE);
+    }
+    const candidate = nativePath(root.realRoot, relativePath);
+    let target;
+    try {
+        target = await realpath(candidate);
+    }
+    catch {
+        throw new FilesError(404, "NOT_FOUND", "The requested path was not found.");
+    }
+    if (!isContained(root.realRoot, target)) {
+        throw new FilesError(403, "PATH_ESCAPE", "The requested path is outside the selected root.");
+    }
+    const targetRelativePath = rootRelativePosixPath(root.realRoot, target);
+    if (pathIsDenied(targetRelativePath)) {
+        throw new FilesError(403, "DENIED", DENIED_MESSAGE);
+    }
+    const linkStats = await lstat(candidate);
+    const targetStats = await stat(target);
+    return {
+        root: root.root,
+        realRoot: root.realRoot,
+        relativePath,
+        path: target,
+        stats: targetStats,
+        symlink: linkStats.isSymbolicLink(),
+    };
+}
+async function directoryEntries(root, pathValue) {
+    const entries = [];
+    const dir = await opendir(pathValue);
+    try {
+        for await (const entry of dir) {
+            if (!entry.isDirectory())
+                continue;
+            const entryPath = join(pathValue, entry.name);
+            const relativePath = rootRelativePosixPath(root, entryPath);
+            if (pathIsDenied(relativePath))
+                continue;
+            entries.push({ name: entry.name, path: entryPath });
+        }
+    }
+    finally {
+        await dir.close().catch(() => undefined);
+    }
+    return entries.sort((a, b) => a.name.localeCompare(b.name));
+}
+export async function listFilesDirectories(store, rootInput, pathInput) {
+    const target = await resolveDirectoryInsideRoot(store, rootInput, pathInput);
+    return {
+        path: target.path,
+        parent: parentPath(target.path, target.realRoot),
+        entries: await directoryEntries(target.realRoot, target.path),
+        roots: directoryRoots(target.root),
+    };
+}
+function extensionOf(name) {
+    const lower = name.toLowerCase();
+    if (lower === "dockerfile")
+        return "dockerfile";
+    if (lower === ".env" || lower.startsWith(".env."))
+        return "env";
+    const ext = extname(lower).replace(/^\./u, "");
+    return ext.length > 0 ? ext : null;
+}
+async function classifyEntry(root, parentRelativePath, parentNativePath, entry) {
+    const childRelativePath = parentRelativePath.length === 0
+        ? entry.name
+        : `${parentRelativePath}/${entry.name}`;
+    const entryPath = join(parentNativePath, entry.name);
+    const linkStats = await lstat(entryPath);
+    const symlink = linkStats.isSymbolicLink();
+    const base = {
+        name: entry.name,
+        path: childRelativePath,
+        sizeBytes: linkStats.size,
+        modifiedAt: linkStats.mtimeMs,
+        extension: extensionOf(entry.name),
+        symlink,
+    };
+    if (!symlink) {
+        const kind = linkStats.isDirectory() ? "directory" : "file";
+        return { ...base, kind, readable: true };
+    }
+    try {
+        const target = await realpath(entryPath);
+        const targetStats = await stat(target);
+        const contained = isContained(root, target);
+        const denied = contained && pathIsDenied(rootRelativePosixPath(root, target));
+        const kind = targetStats.isDirectory()
+            ? "directory"
+            : targetStats.isFile()
+                ? "file"
+                : "symlink";
+        return { ...base, kind, readable: contained && !denied };
+    }
+    catch {
+        return { ...base, kind: "symlink", readable: false };
+    }
+}
+function entryRank(entry) {
+    if (entry.kind === "directory")
+        return 0;
+    if (entry.kind === "file")
+        return 1;
+    return 2;
+}
+function childRelative(parentRelativePath, name) {
+    return parentRelativePath.length === 0 ? name : `${parentRelativePath}/${name}`;
+}
+// Best-effort: read the project root's `.gitignore` if present. Silent failure
+// is intentional — `.gitignore` is tier-2 noise reduction, not a safety
+// boundary (deny-list is tier 1). A missing/unreadable `.gitignore` is "no
+// filter". No long-lived cache: the BFF is stateless across user-selected roots.
+async function loadRootGitignore(rootPath) {
+    let raw;
+    try {
+        raw = await readFile(join(rootPath, ".gitignore"), "utf8");
+    }
+    catch {
+        return null;
+    }
+    const withoutBom = raw.charCodeAt(0) === 0xfeff ? raw.slice(1) : raw;
+    return compileIgnore(withoutBom.split("\n"));
+}
+function skipEntry(matcher, rel, isDir) {
+    if (pathIsDenied(rel))
+        return "denied";
+    return matcher !== null && isIgnored(matcher, rel, isDir) ? "ignored" : null;
+}
+async function listTreeEntries(root, relativePath, pathValue, matcher) {
+    const entries = [];
+    const dir = await opendir(pathValue);
+    let truncated = false;
+    let ignoredScans = 0;
+    try {
+        for await (const entry of dir) {
+            // Deny and .gitignore filtering happen BEFORE the truncation counter so
+            // a directory packed with denied entries (e.g. node_modules/**) cannot
+            // exhaust the 1000-entry budget and hide real files behind
+            // `truncated: true`. Deny is applied by the link name (the user only
+            // sees that name) so a symlink whose own name matches a deny pattern is
+            // denied even if its target does not — matches the workspace-layer
+            // semantics.
+            const rel = childRelative(relativePath, entry.name);
+            const skipReason = skipEntry(matcher, rel, entry.isDirectory());
+            if (skipReason === "denied")
+                continue;
+            if (skipReason === "ignored") {
+                ignoredScans += 1;
+                if (ignoredScans >= MAX_IGNORED_SCAN_ENTRIES) {
+                    truncated = true;
+                    break;
+                }
+                continue;
+            }
+            if (entries.length >= MAX_DIRECTORY_ENTRIES) {
+                truncated = true;
+                break;
+            }
+            entries.push(await classifyEntry(root, relativePath, pathValue, entry));
+        }
+    }
+    finally {
+        await dir.close().catch(() => undefined);
+    }
+    entries.sort((a, b) => entryRank(a) - entryRank(b) || a.name.localeCompare(b.name));
+    return { entries, truncated };
+}
+export async function readFilesTree(store, rootInput, pathInput) {
+    const target = await resolveInsideRoot(store, rootInput, pathInput);
+    if (!target.stats.isDirectory()) {
+        throw new FilesError(400, "NOT_DIRECTORY", "The requested path is not a directory.");
+    }
+    // Per-request: read the project root's `.gitignore` once. Best-effort noise
+    // reduction only; the matcher never relaxes the deny list. No long-lived
+    // cache — the BFF must stay stateless across user-selected roots.
+    const ignoreMatcher = await loadRootGitignore(target.realRoot);
+    const listed = await listTreeEntries(target.realRoot, target.relativePath, target.path, ignoreMatcher);
+    return {
+        root: target.root,
+        path: target.relativePath,
+        entries: listed.entries,
+        truncated: listed.truncated,
+    };
+}
+const IMAGE_MIME = {
+    png: "image/png",
+    jpg: "image/jpeg",
+    jpeg: "image/jpeg",
+    gif: "image/gif",
+    webp: "image/webp",
+    svg: "image/svg+xml",
+};
+const TEXT_EXTENSIONS = new Set([
+    "bash",
+    "c",
+    "cjs",
+    "css",
+    "csv",
+    "dockerfile",
+    "env",
+    "go",
+    "graphql",
+    "gql",
+    "gradle",
+    "html",
+    "java",
+    "js",
+    "json",
+    "jsx",
+    "kt",
+    "kts",
+    "md",
+    "mjs",
+    "properties",
+    "py",
+    "rs",
+    "sh",
+    "sql",
+    "toml",
+    "ts",
+    "tsx",
+    "txt",
+    "xml",
+    "yaml",
+    "yml",
+]);
+function mimeOf(extension) {
+    if (extension !== null && IMAGE_MIME[extension] !== undefined)
+        return IMAGE_MIME[extension];
+    if (extension === "json")
+        return "application/json";
+    if (extension === "md")
+        return "text/markdown";
+    if (extension === "html")
+        return "text/html";
+    if (extension === "css")
+        return "text/css";
+    if (isKnownTextExtension(extension))
+        return "text/plain";
+    return "application/octet-stream";
+}
+function isImageExtension(extension) {
+    return extension !== null && IMAGE_MIME[extension] !== undefined;
+}
+function isKnownTextExtension(extension) {
+    return extension !== null && TEXT_EXTENSIONS.has(extension);
+}
+function isLikelyUtf8Text(buffer) {
+    if (buffer.length === 0)
+        return true;
+    if (buffer.includes(0))
+        return false;
+    const decoded = buffer.toString("utf8");
+    if (decoded.includes("\uFFFD"))
+        return false;
+    let printable = 0;
+    for (const char of decoded) {
+        const code = char.charCodeAt(0);
+        if (code === 9 || code === 10 || code === 13 || code >= 32)
+            printable += 1;
+    }
+    return printable / decoded.length > 0.85;
+}
+async function readPrefix(pathValue, maxBytes) {
+    const file = await open(pathValue, "r");
+    try {
+        const buffer = Buffer.allocUnsafe(maxBytes + 1);
+        const result = await file.read(buffer, 0, maxBytes + 1, 0);
+        return {
+            buffer: buffer.subarray(0, Math.min(result.bytesRead, maxBytes)),
+            truncated: result.bytesRead > maxBytes,
+        };
+    }
+    finally {
+        await file.close();
+    }
+}
+function basePreview(target) {
+    const name = basename(target.relativePath);
+    const extension = extensionOf(name);
+    return {
+        root: target.root,
+        path: target.relativePath,
+        name,
+        sizeBytes: target.stats.size,
+        modifiedAt: target.stats.mtimeMs,
+        extension,
+        mime: mimeOf(extension),
+        symlink: target.symlink,
+    };
+}
+async function imagePreview(target, base) {
+    if (target.stats.size > MAX_IMAGE_PREVIEW_BYTES) {
+        return { ...base, kind: "binary", reason: "too_large", maxBytes: MAX_IMAGE_PREVIEW_BYTES };
+    }
+    const buffer = await readFile(target.path);
+    return {
+        ...base,
+        kind: "image",
+        dataUrl: `data:${base.mime};base64,${buffer.toString("base64")}`,
+        maxBytes: MAX_IMAGE_PREVIEW_BYTES,
+    };
+}
+async function textPreview(target, base, redactor) {
+    const prefix = await readPrefix(target.path, MAX_TEXT_PREVIEW_BYTES);
+    const content = prefix.buffer.toString("utf8");
+    const redacted = redactor(content);
+    return {
+        ...base,
+        kind: "text",
+        content: typeof redacted === "string" ? redacted : content,
+        truncated: prefix.truncated,
+        maxBytes: MAX_TEXT_PREVIEW_BYTES,
+    };
+}
+export async function readFilesPreview(store, rootInput, pathInput, redactor) {
+    const target = await resolveInsideRoot(store, rootInput, pathInput);
+    if (!target.stats.isFile()) {
+        throw new FilesError(400, "NOT_FILE", "The requested path is not a file.");
+    }
+    const base = basePreview(target);
+    if (isImageExtension(base.extension))
+        return imagePreview(target, base);
+    const prefix = await readPrefix(target.path, Math.min(target.stats.size, 4096));
+    if (isKnownTextExtension(base.extension) || isLikelyUtf8Text(prefix.buffer)) {
+        return textPreview(target, base, redactor);
+    }
+    return { ...base, kind: "binary", reason: "unsupported" };
+}
+export async function handleFilesDirectories(ctx, deps) {
+    return runFilesHandler(async () => {
+        const requestedRoot = ctx.url.searchParams.get("root");
+        const requestedPath = ctx.url.searchParams.get("path") ?? undefined;
+        return { status: 200, body: await listFilesDirectories(deps.store, requestedRoot, requestedPath) };
+    });
+}
+export async function handleFilesTree(ctx, deps) {
+    return runFilesHandler(async () => ({
+        status: 200,
+        body: await readFilesTree(deps.store, ctx.url.searchParams.get("root"), ctx.url.searchParams.get("path")),
+    }));
+}
+export async function handleFilesPreview(ctx, deps) {
+    return runFilesHandler(async () => ({
+        status: 200,
+        body: await readFilesPreview(deps.store, ctx.url.searchParams.get("root"), ctx.url.searchParams.get("path"), deps.redactor),
+    }));
+}

package/dist/ui/headers.d.ts

@@ -0,0 +1,2 @@
+import type { ServerResponse } from "node:http";
+export declare function applySecurityHeaders(res: ServerResponse, csp: string, isApiPath: boolean): void;

package/dist/ui/headers.js

@@ -0,0 +1,21 @@
+// Security headers (ADR-0011 D5) applied to every BFF response. The CSP is precomputed once from
+// the static export's inline-script hashes (see csp.ts) and reused for all responses.
+// Headers set on every response regardless of route.
+const BASE_SECURITY_HEADERS = {
+    "X-Content-Type-Options": "nosniff",
+    "X-Frame-Options": "DENY",
+    "Referrer-Policy": "no-referrer",
+    "Cross-Origin-Opener-Policy": "same-origin",
+    "Cross-Origin-Resource-Policy": "same-origin",
+};
+// Applies the CSP and the base security headers, plus `Cache-Control: no-store` for API responses
+// (the contract requires it on every `/api/*` response; D5).
+export function applySecurityHeaders(res, csp, isApiPath) {
+    res.setHeader("Content-Security-Policy", csp);
+    for (const [name, value] of Object.entries(BASE_SECURITY_HEADERS)) {
+        res.setHeader(name, value);
+    }
+    if (isApiPath) {
+        res.setHeader("Cache-Control", "no-store");
+    }
+}

package/dist/ui/host-check.d.ts

@@ -0,0 +1,2 @@
+import type { IncomingMessage } from "node:http";
+export declare function isAllowedHost(req: IncomingMessage, expectedPort: number): boolean;

package/dist/ui/host-check.js

@@ -0,0 +1,58 @@
+// DNS-rebinding defense (ADR-0011 D5). The BFF binds 127.0.0.1 only and rejects any request whose
+// `Host` header (or `Origin`, when present) does not name the loopback interface on the bound port.
+// A rebinding attacker controls the victim's DNS but cannot forge the loopback host:port the
+// browser sends, so this check blocks cross-origin access to the local server.
+// Hostnames that legitimately resolve to the loopback interface.
+const LOOPBACK_HOSTS = new Set(["127.0.0.1", "localhost", "[::1]", "::1"]);
+// Parses a `host:port` authority into its host (lowercased) and optional port. IPv6 literals are
+// kept in their bracketed form so they compare against LOOPBACK_HOSTS.
+function splitAuthority(authority) {
+    const trimmed = authority.trim().toLowerCase();
+    if (trimmed.startsWith("[")) {
+        const close = trimmed.indexOf("]");
+        const host = close === -1 ? trimmed : trimmed.slice(0, close + 1);
+        const rest = close === -1 ? "" : trimmed.slice(close + 1);
+        const port = rest.startsWith(":") ? rest.slice(1) : undefined;
+        return { host, port };
+    }
+    const colon = trimmed.lastIndexOf(":");
+    if (colon === -1) {
+        return { host: trimmed, port: undefined };
+    }
+    return { host: trimmed.slice(0, colon), port: trimmed.slice(colon + 1) };
+}
+function isLoopbackAuthority(authority, expectedPort) {
+    const { host, port } = splitAuthority(authority);
+    if (!LOOPBACK_HOSTS.has(host)) {
+        return false;
+    }
+    return port === String(expectedPort);
+}
+function originAuthority(origin) {
+    try {
+        const parsed = new URL(origin);
+        if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+            return undefined;
+        }
+        return parsed.host;
+    }
+    catch {
+        return undefined;
+    }
+}
+// A request is accepted only if its `Host` is a loopback authority on the bound port and, when an
+// `Origin` is present, that origin is also loopback on the bound port. Opaque `Origin: null` is
+// rejected because state-changing API routes are reachable from sandboxed/file origins otherwise.
+// A missing `Host` is rejected.
+export function isAllowedHost(req, expectedPort) {
+    const host = req.headers.host;
+    if (host === undefined || !isLoopbackAuthority(host, expectedPort)) {
+        return false;
+    }
+    const origin = req.headers.origin;
+    if (origin === undefined) {
+        return true;
+    }
+    const authority = originAuthority(origin);
+    return authority !== undefined && isLoopbackAuthority(authority, expectedPort);
+}

package/dist/ui/index.d.ts

@@ -0,0 +1,20 @@
+export { createUiServer, DEFAULT_UI_PORT, UI_HOST, type UiServerDeps } from "./server.js";
+export { buildCspHeader, extractInlineScriptHashes } from "./csp.js";
+export { loadCspHeader } from "./load-csp.js";
+export { applySecurityHeaders } from "./headers.js";
+export { isAllowedHost } from "./host-check.js";
+export { resolveContainedPath, serveFile } from "./static.js";
+export { API_ROUTES, isApiPath, matchRoute, errorBody, STREAMING, type ApiError, type HandlerOutcome, type RouteContext, type RouteDefinition, type RouteHandler, type RouteMatch, type RouteResult, } from "./routes.js";
+export { buildUiHandlerDeps, buildRedactor, type UiHandlerDeps, type BuildHandlerDepsOptions, type Redactor, type ModelPortFactory, } from "./deps.js";
+export { createRunRegistry, ActiveRunLimitError, type RunRegistry, type RunRecord, type RunStatus, type AppliableSnapshot, } from "./runs.js";
+export { QueueEventSink, type StreamEvent, type SseWriter } from "./sink.js";
+export { parseRunRequest, type RunRequest, type RunKind } from "./run-request.js";
+export { startRun, applyRun, type StartRunResult } from "./run-engine.js";
+export { handleCreateRun, handleRunEvents, handleCancelRun, handleGetRun, handleApplyRun, } from "./run-handlers.js";
+export { persistWorkflowEvidence, persistExplainEvidence, type EvidencePersistContext, type RunIdentity, } from "./evidence.js";
+export { createInMemoryUiStore, createNodeUiStore, isProjectAvailable, resolveUiDbPath, runMigrations, SCHEMA_VERSION, UI_DB_DIRNAME, UI_DB_FILENAME, UiStoreError, validateProjectPath, type Chat, type ChatMessage, type ChatRole, type CreateChatOptions, type NewChatMessage, type Project, type UiStore, type UiStoreErrorCode, type UiStoreFactoryOptions, type UpdateChatPatch, type UpdateProjectPatch, type WorkflowStatus, } from "./store/index.js";
+export { handleListProjects, handleCreateProject, handleUpdateProject, handleDeleteProject, handleListChats, handleCreateChat, handleUpdateChat, handleDeleteChat, handleListMessages, handleCreateMessage, } from "./store-handlers.js";
+export { createTerminalExecutionManager, buildTerminalPolicySummary, listDirectories, type TerminalDirectoryListing, type TerminalExecutionInput, type TerminalExecutionManager, type TerminalExecutionResult, type TerminalEventEmitter, type TerminalEventEnvelope, type TerminalEventKind, type TerminalPolicySummary, } from "./terminal.js";
+export { TerminalToolError, type TerminalErrorCode } from "./terminal-errors.js";
+export { buildTerminalEvidenceEntry, appendTerminalEvidence, type TerminalEvidenceEntry, } from "./terminal-evidence.js";
+export { listFilesDirectories, readFilesPreview, readFilesTree, type FilesDirectoryEntry, type FilesDirectoryListing, type FilesDirectoryRoot, type FilesEntryKind, type FilesPreviewResponse, type FilesTreeEntry, type FilesTreeResponse, } from "./files.js";

package/dist/ui/index.js

@@ -0,0 +1,23 @@
+// Local UI BFF. The browser tier stays presentation-only: model, filesystem, PTY, and harness
+// authority remain in the loopback Node process behind JSON, SSE, and token-scoped WebSocket seams.
+export { createUiServer, DEFAULT_UI_PORT, UI_HOST } from "./server.js";
+export { buildCspHeader, extractInlineScriptHashes } from "./csp.js";
+export { loadCspHeader } from "./load-csp.js";
+export { applySecurityHeaders } from "./headers.js";
+export { isAllowedHost } from "./host-check.js";
+export { resolveContainedPath, serveFile } from "./static.js";
+export { API_ROUTES, isApiPath, matchRoute, errorBody, STREAMING, } from "./routes.js";
+export { buildUiHandlerDeps, buildRedactor, } from "./deps.js";
+export { createRunRegistry, ActiveRunLimitError, } from "./runs.js";
+export { QueueEventSink } from "./sink.js";
+export { parseRunRequest } from "./run-request.js";
+export { startRun, applyRun } from "./run-engine.js";
+export { handleCreateRun, handleRunEvents, handleCancelRun, handleGetRun, handleApplyRun, } from "./run-handlers.js";
+export { persistWorkflowEvidence, persistExplainEvidence, } from "./evidence.js";
+// ADR-0013 — UI-local SQLite persistence: ports, factories, and route handlers.
+export { createInMemoryUiStore, createNodeUiStore, isProjectAvailable, resolveUiDbPath, runMigrations, SCHEMA_VERSION, UI_DB_DIRNAME, UI_DB_FILENAME, UiStoreError, validateProjectPath, } from "./store/index.js";
+export { handleListProjects, handleCreateProject, handleUpdateProject, handleDeleteProject, handleListChats, handleCreateChat, handleUpdateChat, handleDeleteChat, handleListMessages, handleCreateMessage, } from "./store-handlers.js";
+export { createTerminalExecutionManager, buildTerminalPolicySummary, listDirectories, } from "./terminal.js";
+export { TerminalToolError } from "./terminal-errors.js";
+export { buildTerminalEvidenceEntry, appendTerminalEvidence, } from "./terminal-evidence.js";
+export { listFilesDirectories, readFilesPreview, readFilesTree, } from "./files.js";

package/dist/ui/load-csp.d.ts

@@ -0,0 +1 @@
+export declare function loadCspHeader(hashesFile: string): Promise<string>;

package/dist/ui/load-csp.js

@@ -0,0 +1,28 @@
+// Loads the precomputed inline-script CSP hashes emitted by the UI build step (build:ui writes
+// `dist/ui/csp-hashes.json`) and folds them into the policy. When the file is absent or malformed,
+// the policy is built with no hashes — `script-src 'self'` — which fails closed (inline scripts are
+// blocked) rather than weakening the policy with `'unsafe-inline'`.
+import { readFile } from "node:fs/promises";
+import { buildCspHeader } from "./csp.js";
+function parseHashes(raw) {
+    const parsed = JSON.parse(raw);
+    if (!Array.isArray(parsed)) {
+        return [];
+    }
+    return parsed.filter((entry) => typeof entry === "string");
+}
+export async function loadCspHeader(hashesFile) {
+    let raw;
+    try {
+        raw = await readFile(hashesFile, "utf8");
+    }
+    catch {
+        return buildCspHeader([]);
+    }
+    try {
+        return buildCspHeader(parseHashes(raw));
+    }
+    catch {
+        return buildCspHeader([]);
+    }
+}

package/dist/ui/read-handlers.d.ts

@@ -0,0 +1,8 @@
+import type { RouteContext, RouteResult } from "./routes.js";
+import type { UiHandlerDeps } from "./deps.js";
+export declare function handleConfig(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function handleModels(_ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function handleWorkflows(): RouteResult;
+export declare function handleWorkspace(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function handleEvidenceList(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;
+export declare function handleEvidenceDetail(ctx: RouteContext, deps: UiHandlerDeps): RouteResult;