@r_masseater/ops-harbor 0.1.3 → 0.1.5

package/dist/control-plane.js

@@ -567,133 +567,8 @@ function deriveAlerts(item, recentEvents = []) {
 function hasBlockingAlerts(item) {
   return item.alerts.some((alert) => alert.severity !== "info");
 }
-// ../../packages/ops-harbor-core/src/db-helpers.ts
-function mapWorkItemsToAlertSummaries(workItems) {
-  return workItems.map((item) => ({
-    workItemId: item.id,
-    repository: item.repository,
-    number: item.number,
-    title: item.title,
-    url: item.url,
-    alerts: item.alerts,
-    updatedAt: item.updatedAt
-  }));
-}
-function buildActivityWhereClause(options, columnMap = {
-  workItemId: "work_item_id",
-  repository: "repository"
-}) {
-  const clauses = [];
-  const params = [];
-  if (options.workItemId) {
-    clauses.push(`${columnMap.workItemId} = ?`);
-    params.push(options.workItemId);
-  }
-  if (options.repository) {
-    clauses.push(`${columnMap.repository} = ?`);
-    params.push(options.repository);
-  }
-  const where = clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : "";
-  return { where, params };
-}
-// ../../packages/ops-harbor-core/src/filters.ts
-function filterWorkItems(items, filter) {
-  return items.filter((item) => {
-    if (filter.state && item.state !== filter.state)
-      return false;
-    if (filter.repository && item.repository !== filter.repository)
-      return false;
-    if (filter.hasBlocker !== undefined && hasBlockingAlerts(item) !== filter.hasBlocker) {
-      return false;
-    }
-    if (filter.updatedSince && item.updatedAt < filter.updatedSince)
-      return false;
-    return true;
-  });
-}
-function parseWorkItemFilterFromQuery(getParam) {
-  const filter = {};
-  const state = getParam("state");
-  if (state === "open" || state === "closed" || state === "merged") {
-    filter.state = state;
-  }
-  const repository = getParam("repository");
-  if (repository)
-    filter.repository = repository;
-  if (getParam("has_blocker") === "true") {
-    filter.hasBlocker = true;
-  } else if (getParam("has_blocker") === "false") {
-    filter.hasBlocker = false;
-  }
-  const updatedSince = getParam("updated_since");
-  if (updatedSince)
-    filter.updatedSince = updatedSince;
-  return filter;
-}
-// ../../packages/ops-harbor-core/src/prompt.ts
-var TRIGGER_INSTRUCTIONS = {
-  ci_failed: "Investigate the failing checks, implement the minimum safe fix, and rerun local validation.",
-  conflicted: "Resolve merge conflicts with the base branch while preserving branch intent.",
-  base_behind: "Update the branch with the latest base branch changes and resolve follow-up issues.",
-  review_commented: "Review the latest reviewer feedback, apply the requested follow-up if it is actionable, and summarize the changes.",
-  review_changes_requested: "Address the requested review changes, validate locally, and prepare the branch for another review."
-};
-function buildAutomationPrompt(workItem, trigger) {
-  return [
-    `Provider: ${workItem.provider}`,
-    `Repository: ${workItem.repository}`,
-    `Work item: #${workItem.number} ${workItem.title}`,
-    `URL: ${workItem.url}`,
-    `Base branch: ${workItem.baseBranch}`,
-    `Head branch: ${workItem.headBranch}`,
-    `Trigger: ${trigger}`,
-    "",
-    TRIGGER_INSTRUCTIONS[trigger]
-  ].join(`
-`);
-}
-// ../../packages/ops-harbor-core/src/port-finder.ts
-import { createServer } from "net";
-var MAX_PORT = 65535;
-async function findAvailablePort(startPort) {
-  for (let port = startPort;port <= MAX_PORT; port += 1) {
-    if (await isPortAvailable(port)) {
-      return port;
-    }
-  }
-  throw new Error(`No available port found between ${startPort} and ${MAX_PORT}`);
-}
-function isPortAvailable(port) {
-  return new Promise((resolve) => {
-    const server = createServer();
-    server.once("error", () => resolve(false));
-    server.once("listening", () => {
-      server.close(() => resolve(true));
-    });
-    server.listen(port, "127.0.0.1");
-  });
-}
-// ../../packages/ops-harbor-core/src/sqlite.ts
-import { createRequire } from "module";
-import { resolve } from "path";
-var requireFromModule = createRequire(import.meta.url);
-var requireFromWorkingDirectory = createRequire(resolve(process.cwd(), "package.json"));
-function openSqliteDatabase(filename) {
-  const db = typeof Bun !== "undefined" ? new (requireFromModule("bun:sqlite")).Database(filename) : new (requireFromWorkingDirectory("better-sqlite3"))(filename);
-  db.exec("PRAGMA journal_mode = WAL");
-  return db;
-}
-function parseJson(value, fallback) {
-  if (!value)
-    return fallback;
-  try {
-    return JSON.parse(value);
-  } catch {
-    return fallback;
-  }
-}
-// ../ops-harbor-control-plane/src/lib/github.ts
-import { createHmac, createSign } from "crypto";
+// ../../packages/ops-harbor-core/src/github.ts
+import { createSign } from "crypto";
 var SEARCH_QUERY = `
   query SearchPullRequests($query: String!, $first: Int!, $after: String) {
     search(query: $query, type: ISSUE, first: $first, after: $after) {
@@ -836,6 +711,202 @@ function createAppJwt(appId, privateKeyPem) {
   const signature = signer.sign(privateKeyPem);
   return `${encoded}.${toBase64Url(signature)}`;
 }
+function mapChecks(node) {
+  const contexts = node.commits.nodes[0]?.commit.statusCheckRollup?.contexts.nodes ?? [];
+  return contexts.map((context) => {
+    if (context.__typename === "CheckRun") {
+      return {
+        name: context.name,
+        status: context.status,
+        conclusion: context.conclusion,
+        url: context.detailsUrl ?? null,
+        startedAt: context.startedAt ?? null,
+        completedAt: context.completedAt ?? null
+      };
+    }
+    return {
+      name: context.context,
+      status: context.state === "PENDING" ? "pending" : "completed",
+      conclusion: context.state.toLowerCase(),
+      url: context.targetUrl ?? null,
+      startedAt: context.createdAt ?? null,
+      completedAt: context.createdAt ?? null
+    };
+  });
+}
+function mapReviews(node) {
+  return node.latestReviews.nodes.map((review) => ({
+    id: review.id,
+    state: review.state.toLowerCase(),
+    author: review.author?.login ?? "unknown",
+    submittedAt: review.submittedAt,
+    ...review.body ? { bodySnippet: review.body.slice(0, 240) } : {},
+    ...review.url ? { url: review.url } : {}
+  }));
+}
+function mapPullRequestNode(node, installationId) {
+  const checks = mapChecks(node);
+  const reviews = mapReviews(node);
+  const statusSummary = summarizeStatus(checks, reviews, {
+    mergeable: node.mergeable === "CONFLICTING" ? "conflicting" : node.mergeable === "MERGEABLE" ? "mergeable" : "unknown",
+    mergeStateStatus: node.mergeStateStatus,
+    reviewDecision: node.reviewDecision
+  });
+  return {
+    id: node.id,
+    provider: "github",
+    kind: "pull_request",
+    repository: node.repository.nameWithOwner,
+    number: node.number,
+    title: node.title,
+    url: node.url,
+    state: node.state.toLowerCase(),
+    author: node.author?.login ?? "unknown",
+    isDraft: node.isDraft,
+    headBranch: node.headRefName,
+    headSha: node.headRefOid,
+    baseBranch: node.baseRefName,
+    mergeable: node.mergeable === "CONFLICTING" ? "conflicting" : node.mergeable === "MERGEABLE" ? "mergeable" : "unknown",
+    mergeStateStatus: node.mergeStateStatus,
+    reviewDecision: node.reviewDecision,
+    statusSummary,
+    checks,
+    reviews,
+    alerts: [],
+    lastActivityAt: node.updatedAt,
+    updatedAt: node.updatedAt,
+    providerPayload: {
+      installationId,
+      repositoryUrl: node.repository.url
+    }
+  };
+}
+// ../../packages/ops-harbor-core/src/db-helpers.ts
+function mapWorkItemsToAlertSummaries(workItems) {
+  return workItems.map((item) => ({
+    workItemId: item.id,
+    repository: item.repository,
+    number: item.number,
+    title: item.title,
+    url: item.url,
+    alerts: item.alerts,
+    updatedAt: item.updatedAt
+  }));
+}
+function buildActivityWhereClause(options, columnMap = {
+  workItemId: "work_item_id",
+  repository: "repository"
+}) {
+  const clauses = [];
+  const params = [];
+  if (options.workItemId) {
+    clauses.push(`${columnMap.workItemId} = ?`);
+    params.push(options.workItemId);
+  }
+  if (options.repository) {
+    clauses.push(`${columnMap.repository} = ?`);
+    params.push(options.repository);
+  }
+  const where = clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : "";
+  return { where, params };
+}
+// ../../packages/ops-harbor-core/src/filters.ts
+function filterWorkItems(items, filter) {
+  return items.filter((item) => {
+    if (filter.state && item.state !== filter.state)
+      return false;
+    if (filter.repository && item.repository !== filter.repository)
+      return false;
+    if (filter.hasBlocker !== undefined && hasBlockingAlerts(item) !== filter.hasBlocker) {
+      return false;
+    }
+    if (filter.updatedSince && item.updatedAt < filter.updatedSince)
+      return false;
+    return true;
+  });
+}
+function parseWorkItemFilterFromQuery(getParam) {
+  const filter = {};
+  const state = getParam("state");
+  if (state === "open" || state === "closed" || state === "merged") {
+    filter.state = state;
+  }
+  const repository = getParam("repository");
+  if (repository)
+    filter.repository = repository;
+  if (getParam("has_blocker") === "true") {
+    filter.hasBlocker = true;
+  } else if (getParam("has_blocker") === "false") {
+    filter.hasBlocker = false;
+  }
+  const updatedSince = getParam("updated_since");
+  if (updatedSince)
+    filter.updatedSince = updatedSince;
+  return filter;
+}
+// ../../packages/ops-harbor-core/src/prompt.ts
+var TRIGGER_INSTRUCTIONS = {
+  ci_failed: "Investigate the failing checks, implement the minimum safe fix, and rerun local validation.",
+  conflicted: "Resolve merge conflicts with the base branch while preserving branch intent.",
+  base_behind: "Update the branch with the latest base branch changes and resolve follow-up issues.",
+  review_commented: "Review the latest reviewer feedback, apply the requested follow-up if it is actionable, and summarize the changes.",
+  review_changes_requested: "Address the requested review changes, validate locally, and prepare the branch for another review."
+};
+function buildAutomationPrompt(workItem, trigger) {
+  return [
+    `Provider: ${workItem.provider}`,
+    `Repository: ${workItem.repository}`,
+    `Work item: #${workItem.number} ${workItem.title}`,
+    `URL: ${workItem.url}`,
+    `Base branch: ${workItem.baseBranch}`,
+    `Head branch: ${workItem.headBranch}`,
+    `Trigger: ${trigger}`,
+    "",
+    TRIGGER_INSTRUCTIONS[trigger]
+  ].join(`
+`);
+}
+// ../../packages/ops-harbor-core/src/port-finder.ts
+import { createServer } from "net";
+var MAX_PORT = 65535;
+async function findAvailablePort(startPort) {
+  for (let port = startPort;port <= MAX_PORT; port += 1) {
+    if (await isPortAvailable(port)) {
+      return port;
+    }
+  }
+  throw new Error(`No available port found between ${startPort} and ${MAX_PORT}`);
+}
+function isPortAvailable(port) {
+  return new Promise((resolve) => {
+    const server = createServer();
+    server.once("error", () => resolve(false));
+    server.once("listening", () => {
+      server.close(() => resolve(true));
+    });
+    server.listen(port, "127.0.0.1");
+  });
+}
+// ../../packages/ops-harbor-core/src/sqlite.ts
+import { createRequire } from "module";
+var overriddenCtor;
+function openSqliteDatabase(filename) {
+  const Ctor = overriddenCtor ?? createRequire(import.meta.url)("bun:sqlite").Database;
+  const db = new Ctor(filename);
+  db.exec("PRAGMA journal_mode = WAL");
+  return db;
+}
+function parseJson(value, fallback) {
+  if (!value)
+    return fallback;
+  try {
+    return JSON.parse(value);
+  } catch {
+    return fallback;
+  }
+}
+// ../ops-harbor-control-plane/src/lib/github.ts
+import { createHmac } from "crypto";
 async function githubRequest(config, path, init, scope) {
   const response = await fetch(`${config.githubApiUrl}${path}`, {
     ...init,
@@ -957,7 +1028,7 @@ async function ensureGitHubAppWebhookUrl(config, webhookUrl) {
     rateLimit: mergeRateLimitSnapshots(current.rateLimit, next.rateLimit)
   };
 }
-async function createInstallationToken(config, installationId) {
+async function createInstallationToken2(config, installationId) {
   const { data, rateLimit } = await githubRequest(config, `/app/installations/${installationId}/access_tokens`, {
     method: "POST",
     headers: {
@@ -967,7 +1038,7 @@ async function createInstallationToken(config, installationId) {
   return { token: data.token, rateLimit };
 }
 async function graphql(config, installationId, query, variables) {
-  const { token } = await createInstallationToken(config, installationId);
+  const { token } = await createInstallationToken2(config, installationId);
   const response = await fetch(`${config.githubApiUrl}/graphql`, {
     method: "POST",
     headers: {
@@ -996,77 +1067,7 @@ async function graphql(config, installationId, query, variables) {
     }
   };
 }
-function mapChecks(node) {
-  const contexts = node.commits.nodes[0]?.commit.statusCheckRollup?.contexts.nodes ?? [];
-  return contexts.map((context) => {
-    if (context.__typename === "CheckRun") {
-      return {
-        name: context.name,
-        status: context.status,
-        conclusion: context.conclusion,
-        url: context.detailsUrl ?? null,
-        startedAt: context.startedAt ?? null,
-        completedAt: context.completedAt ?? null
-      };
-    }
-    return {
-      name: context.context,
-      status: context.state === "PENDING" ? "pending" : "completed",
-      conclusion: context.state.toLowerCase(),
-      url: context.targetUrl ?? null,
-      startedAt: context.createdAt ?? null,
-      completedAt: context.createdAt ?? null
-    };
-  });
-}
-function mapReviews(node) {
-  return node.latestReviews.nodes.map((review) => ({
-    id: review.id,
-    state: review.state.toLowerCase(),
-    author: review.author?.login ?? "unknown",
-    submittedAt: review.submittedAt,
-    ...review.body ? { bodySnippet: review.body.slice(0, 240) } : {},
-    ...review.url ? { url: review.url } : {}
-  }));
-}
-function mapPullRequest(node, installationId) {
-  const checks = mapChecks(node);
-  const reviews = mapReviews(node);
-  const statusSummary = summarizeStatus(checks, reviews, {
-    mergeable: node.mergeable === "CONFLICTING" ? "conflicting" : node.mergeable === "MERGEABLE" ? "mergeable" : "unknown",
-    mergeStateStatus: node.mergeStateStatus,
-    reviewDecision: node.reviewDecision
-  });
-  return {
-    id: node.id,
-    provider: "github",
-    kind: "pull_request",
-    repository: node.repository.nameWithOwner,
-    number: node.number,
-    title: node.title,
-    url: node.url,
-    state: node.state.toLowerCase(),
-    author: node.author?.login ?? "unknown",
-    isDraft: node.isDraft,
-    headBranch: node.headRefName,
-    headSha: node.headRefOid,
-    baseBranch: node.baseRefName,
-    mergeable: node.mergeable === "CONFLICTING" ? "conflicting" : node.mergeable === "MERGEABLE" ? "mergeable" : "unknown",
-    mergeStateStatus: node.mergeStateStatus,
-    reviewDecision: node.reviewDecision,
-    statusSummary,
-    checks,
-    reviews,
-    alerts: [],
-    lastActivityAt: node.updatedAt,
-    updatedAt: node.updatedAt,
-    providerPayload: {
-      installationId,
-      repositoryUrl: node.repository.url
-    }
-  };
-}
-async function fetchOpenPullRequestsForAuthor(config, installationId, author, limit = 100) {
+async function fetchOpenPullRequestsForAuthor2(config, installationId, author, limit = 100) {
   const items = [];
   let cursor = null;
   let lastRateLimit = {};
@@ -1078,7 +1079,7 @@ async function fetchOpenPullRequestsForAuthor(config, installationId, author, li
     });
     const data = response.data;
     lastRateLimit = response.rateLimit;
-    items.push(...data.search.nodes.map((node) => mapPullRequest(node, installationId)));
+    items.push(...data.search.nodes.map((node) => mapPullRequestNode(node, installationId)));
     if (!data.search.pageInfo.hasNextPage)
       break;
     cursor = data.search.pageInfo.endCursor;
@@ -1092,7 +1093,7 @@ async function hydratePullRequest(config, installationId, repository, number2) {
   }
   const { data, rateLimit } = await graphql(config, installationId, PULL_REQUEST_QUERY, { owner, repo, number: number2 });
   return {
-    item: data.repository.pullRequest ? mapPullRequest(data.repository.pullRequest, installationId) : null,
+    item: data.repository.pullRequest ? mapPullRequestNode(data.repository.pullRequest, installationId) : null,
     rateLimit
   };
 }
@@ -2749,6 +2750,148 @@ var cors = (options) => {
   };
 };
 
+// ../../node_modules/.bun/hono@4.12.10/node_modules/hono/dist/utils/stream.js
+var StreamingApi = class {
+  writer;
+  encoder;
+  writable;
+  abortSubscribers = [];
+  responseReadable;
+  aborted = false;
+  closed = false;
+  constructor(writable, _readable) {
+    this.writable = writable;
+    this.writer = writable.getWriter();
+    this.encoder = new TextEncoder;
+    const reader = _readable.getReader();
+    this.abortSubscribers.push(async () => {
+      await reader.cancel();
+    });
+    this.responseReadable = new ReadableStream({
+      async pull(controller) {
+        const { done, value } = await reader.read();
+        done ? controller.close() : controller.enqueue(value);
+      },
+      cancel: () => {
+        this.abort();
+      }
+    });
+  }
+  async write(input) {
+    try {
+      if (typeof input === "string") {
+        input = this.encoder.encode(input);
+      }
+      await this.writer.write(input);
+    } catch {}
+    return this;
+  }
+  async writeln(input) {
+    await this.write(input + `
+`);
+    return this;
+  }
+  sleep(ms) {
+    return new Promise((res) => setTimeout(res, ms));
+  }
+  async close() {
+    try {
+      await this.writer.close();
+    } catch {}
+    this.closed = true;
+  }
+  async pipe(body) {
+    this.writer.releaseLock();
+    await body.pipeTo(this.writable, { preventClose: true });
+    this.writer = this.writable.getWriter();
+  }
+  onAbort(listener) {
+    this.abortSubscribers.push(listener);
+  }
+  abort() {
+    if (!this.aborted) {
+      this.aborted = true;
+      this.abortSubscribers.forEach((subscriber) => subscriber());
+    }
+  }
+};
+
+// ../../node_modules/.bun/hono@4.12.10/node_modules/hono/dist/helper/streaming/utils.js
+var isOldBunVersion = () => {
+  const version = typeof Bun !== "undefined" ? Bun.version : undefined;
+  if (version === undefined) {
+    return false;
+  }
+  const result = version.startsWith("1.1") || version.startsWith("1.0") || version.startsWith("0.");
+  isOldBunVersion = () => result;
+  return result;
+};
+
+// ../../node_modules/.bun/hono@4.12.10/node_modules/hono/dist/helper/streaming/sse.js
+var SSEStreamingApi = class extends StreamingApi {
+  constructor(writable, readable) {
+    super(writable, readable);
+  }
+  async writeSSE(message) {
+    const data = await resolveCallback(message.data, HtmlEscapedCallbackPhase.Stringify, false, {});
+    const dataLines = data.split(/\r\n|\r|\n/).map((line) => {
+      return `data: ${line}`;
+    }).join(`
+`);
+    for (const key of ["event", "id", "retry"]) {
+      if (message[key] && /[\r\n]/.test(message[key])) {
+        throw new Error(`${key} must not contain "\\r" or "\\n"`);
+      }
+    }
+    const sseData = [
+      message.event && `event: ${message.event}`,
+      dataLines,
+      message.id && `id: ${message.id}`,
+      message.retry && `retry: ${message.retry}`
+    ].filter(Boolean).join(`
+`) + `
+
+`;
+    await this.write(sseData);
+  }
+};
+var run = async (stream, cb, onError) => {
+  try {
+    await cb(stream);
+  } catch (e) {
+    if (e instanceof Error && onError) {
+      await onError(e, stream);
+      await stream.writeSSE({
+        event: "error",
+        data: e.message
+      });
+    } else {
+      console.error(e);
+    }
+  } finally {
+    stream.close();
+  }
+};
+var contextStash = /* @__PURE__ */ new WeakMap;
+var streamSSE = (c, cb, onError) => {
+  const { readable, writable } = new TransformStream;
+  const stream = new SSEStreamingApi(writable, readable);
+  if (isOldBunVersion()) {
+    c.req.raw.signal.addEventListener("abort", () => {
+      if (!stream.closed) {
+        stream.abort();
+      }
+    });
+  }
+  contextStash.set(stream.responseReadable, c);
+  c.header("Transfer-Encoding", "chunked");
+  c.header("Content-Type", "text/event-stream");
+  c.header("Cache-Control", "no-cache");
+  c.header("Connection", "keep-alive");
+  run(stream, cb, onError);
+  return c.newResponse(stream.responseReadable);
+};
+
 // ../ops-harbor-control-plane/src/lib/db.ts
 import { mkdirSync } from "fs";
 import { dirname as dirname2 } from "path";
@@ -3277,7 +3420,7 @@ async function syncAuthorWorkItems(db, config, author) {
   let changed = 0;
   for (const installation of installations) {
     upsertInstallation(db, installation.id, installation.account?.login, installation.account?.type);
-    const { items, rateLimit: searchRateLimit } = await fetchOpenPullRequestsForAuthor(config, installation.id, author);
+    const { items, rateLimit: searchRateLimit } = await fetchOpenPullRequestsForAuthor2(config, installation.id, author);
     recordRateLimit(db, `installation.${installation.id}.search`, searchRateLimit);
     for (const item of items) {
       const existing = getWorkItem(db, item.id);
@@ -3309,6 +3452,8 @@ async function hydrateAndPersist(db, config, installationId, repository, number2
   recordRateLimit(db, `installation.${installationId}.hydrate`, rateLimit);
   if (!item)
     return;
+  if (config.defaultAuthor && item.author !== config.defaultAuthor)
+    return;
   await saveHydratedWorkItem(db, item, event);
 }
 async function handleWebhookEvent(db, config, eventName, payload) {
@@ -3370,6 +3515,19 @@ async function handleWebhookEvent(db, config, eventName, payload) {
 }
 
 // ../ops-harbor-control-plane/src/server.ts
+function createEventBus() {
+  const listeners = new Set;
+  return {
+    subscribe(listener) {
+      listeners.add(listener);
+      return () => listeners.delete(listener);
+    },
+    broadcast(event, data) {
+      for (const listener of listeners)
+        listener(event, data);
+    }
+  };
+}
 function fallbackRuntimeStatus() {
   return {
     tunnelEnabled: false,
@@ -3382,9 +3540,9 @@ function redactStoredConfig(config) {
   const { githubWebhookSecret: _githubWebhookSecret, ...rest } = config;
   return rest;
 }
-function createControlPlaneApp({ config, db, getRuntimeStatus }) {
+function createControlPlaneApp({ config, db, bus, getRuntimeStatus }) {
   const app = new Hono2;
-  const webhookHandler = createGitHubWebhookHandler({ config, db });
+  const webhookHandler = createGitHubWebhookHandler({ config, db, bus });
   app.use("/api/*", cors());
   app.use("/api/admin/*", async (c, next) => {
     if (config.internalApiToken && c.req.header("x-ops-harbor-token") !== config.internalApiToken) {
@@ -3398,6 +3556,28 @@ function createControlPlaneApp({ config, db, getRuntimeStatus }) {
     }
     await next();
   });
+  app.get("/api/events", (c) => {
+    const token = c.req.header("x-ops-harbor-token") ?? c.req.query("token");
+    if (config.internalApiToken && token !== config.internalApiToken) {
+      return c.json({ error: "unauthorized" }, 401);
+    }
+    return streamSSE(c, async (stream2) => {
+      await stream2.writeSSE({ data: "", retry: 3000 });
+      const unsubscribe = bus.subscribe((event, data) => {
+        stream2.writeSSE({ event, data: JSON.stringify(data) });
+      });
+      const heartbeat = setInterval(() => {
+        stream2.writeSSE({ event: "heartbeat", data: "{}" });
+      }, 15000);
+      stream2.onAbort(() => {
+        clearInterval(heartbeat);
+        unsubscribe();
+      });
+      await new Promise(() => {});
+    }, async (error) => {
+      console.error("SSE stream error:", error);
+    });
+  });
   app.get("/api/health", (c) => c.json({
     ok: true,
     provider: "github",
@@ -3441,6 +3621,7 @@ function createControlPlaneApp({ config, db, getRuntimeStatus }) {
       return c.json({ error: "author is required" }, 400);
     try {
       const result = await syncAuthorWorkItems(db, config, author);
+      bus.broadcast("sync_completed", { synchronized: result.synchronized });
       return c.json(result);
     } catch (error) {
       return c.json({ error: error instanceof Error ? error.message : String(error) }, 500);
@@ -3461,7 +3642,7 @@ function createControlPlaneApp({ config, db, getRuntimeStatus }) {
   });
   return app;
 }
-function createGitHubWebhookHandler({ config, db }) {
+function createGitHubWebhookHandler({ config, db, bus }) {
   return async (c) => {
     const rawBody = await c.req.text();
     if (config.githubWebhookSecret) {
@@ -3484,15 +3665,18 @@ function createGitHubWebhookHandler({ config, db }) {
     try {
       await handleWebhookEvent(db, config, eventName, payload);
       markWebhookDeliveryProcessed(db, deliveryId);
+      const repoObj = payload.repository;
+      const repository = typeof repoObj === "object" && repoObj !== null ? String(repoObj.full_name ?? "") : "";
+      bus.broadcast("webhook_processed", { repository, event: eventName });
       return c.json({ ok: true });
     } catch (error) {
       return c.json({ error: error instanceof Error ? error.message : String(error) }, 500);
     }
   };
 }
-function createWebhookIngressApp({ config, db, getRuntimeStatus }) {
+function createWebhookIngressApp({ config, db, bus, getRuntimeStatus }) {
   const app = new Hono2;
-  const webhookHandler = createGitHubWebhookHandler({ config, db });
+  const webhookHandler = createGitHubWebhookHandler({ config, db, bus });
   app.get("/api/health", (c) => c.json({
     ok: true,
     ingress: "github-webhooks",
@@ -3503,10 +3687,11 @@ function createWebhookIngressApp({ config, db, getRuntimeStatus }) {
 }
 function openControlPlaneApps(config, getRuntimeStatus) {
   const db = openControlPlaneDb(config.dbPath);
+  const bus = createEventBus();
   return {
     db,
-    controlPlaneApp: createControlPlaneApp({ config, db, getRuntimeStatus }),
-    webhookIngressApp: createWebhookIngressApp({ config, db, getRuntimeStatus })
+    controlPlaneApp: createControlPlaneApp({ config, db, bus, getRuntimeStatus }),
+    webhookIngressApp: createWebhookIngressApp({ config, db, bus, getRuntimeStatus })
   };
 }
 
@@ -3527,6 +3712,7 @@ async function main() {
   Bun.serve({
     port: config.port,
     hostname: "127.0.0.1",
+    idleTimeout: 0,
     fetch: controlPlaneApp.fetch
   });
   let tunnelSession = null;
@@ -3536,6 +3722,7 @@ async function main() {
     Bun.serve({
       port: webhookIngressPort,
       hostname: "127.0.0.1",
+      idleTimeout: 0,
       fetch: webhookIngressApp.fetch
     });
     tunnelSession = await openTunnel({