@schuttdev/gigai 0.2.6 → 0.2.8

package/dist/dist-Z7XWWQBF.js

@@ -0,0 +1,1889 @@
+#!/usr/bin/env node
+
+// ../server/dist/index.mjs
+import { parseArgs } from "util";
+import Fastify from "fastify";
+import cors from "@fastify/cors";
+import rateLimit from "@fastify/rate-limit";
+import multipart from "@fastify/multipart";
+
+// ../shared/dist/index.mjs
+import { randomBytes, createCipheriv, createDecipheriv } from "crypto";
+import { z } from "zod";
+var ALGORITHM = "aes-256-gcm";
+var IV_LENGTH = 12;
+var TAG_LENGTH = 16;
+function encrypt(payload, key) {
+  const keyBuffer = Buffer.from(key, "hex");
+  if (keyBuffer.length !== 32) {
+    throw new Error("Encryption key must be 32 bytes (64 hex chars)");
+  }
+  const iv = randomBytes(IV_LENGTH);
+  const cipher = createCipheriv(ALGORITHM, keyBuffer, iv, {
+    authTagLength: TAG_LENGTH
+  });
+  const plaintext = JSON.stringify(payload);
+  const encrypted = Buffer.concat([
+    cipher.update(plaintext, "utf8"),
+    cipher.final()
+  ]);
+  const tag = cipher.getAuthTag();
+  return {
+    iv: iv.toString("base64"),
+    ciphertext: encrypted.toString("base64"),
+    tag: tag.toString("base64")
+  };
+}
+function decrypt(encrypted, key) {
+  const keyBuffer = Buffer.from(key, "hex");
+  if (keyBuffer.length !== 32) {
+    throw new Error("Encryption key must be 32 bytes (64 hex chars)");
+  }
+  const iv = Buffer.from(encrypted.iv, "base64");
+  const ciphertext = Buffer.from(encrypted.ciphertext, "base64");
+  const tag = Buffer.from(encrypted.tag, "base64");
+  const decipher = createDecipheriv(ALGORITHM, keyBuffer, iv, {
+    authTagLength: TAG_LENGTH
+  });
+  decipher.setAuthTag(tag);
+  const decrypted = Buffer.concat([
+    decipher.update(ciphertext),
+    decipher.final()
+  ]);
+  return JSON.parse(decrypted.toString("utf8"));
+}
+function generateEncryptionKey() {
+  return randomBytes(32).toString("hex");
+}
+var ErrorCode = /* @__PURE__ */ ((ErrorCode2) => {
+  ErrorCode2["PAIRING_EXPIRED"] = "PAIRING_EXPIRED";
+  ErrorCode2["PAIRING_INVALID"] = "PAIRING_INVALID";
+  ErrorCode2["PAIRING_USED"] = "PAIRING_USED";
+  ErrorCode2["TOKEN_INVALID"] = "TOKEN_INVALID";
+  ErrorCode2["TOKEN_DECRYPT_FAILED"] = "TOKEN_DECRYPT_FAILED";
+  ErrorCode2["ORG_MISMATCH"] = "ORG_MISMATCH";
+  ErrorCode2["SESSION_EXPIRED"] = "SESSION_EXPIRED";
+  ErrorCode2["SESSION_INVALID"] = "SESSION_INVALID";
+  ErrorCode2["AUTH_REQUIRED"] = "AUTH_REQUIRED";
+  ErrorCode2["TOOL_NOT_FOUND"] = "TOOL_NOT_FOUND";
+  ErrorCode2["EXEC_TIMEOUT"] = "EXEC_TIMEOUT";
+  ErrorCode2["EXEC_FAILED"] = "EXEC_FAILED";
+  ErrorCode2["HTTPS_REQUIRED"] = "HTTPS_REQUIRED";
+  ErrorCode2["RATE_LIMITED"] = "RATE_LIMITED";
+  ErrorCode2["VALIDATION_ERROR"] = "VALIDATION_ERROR";
+  ErrorCode2["INTERNAL_ERROR"] = "INTERNAL_ERROR";
+  ErrorCode2["MCP_ERROR"] = "MCP_ERROR";
+  ErrorCode2["MCP_NOT_CONNECTED"] = "MCP_NOT_CONNECTED";
+  ErrorCode2["TRANSFER_NOT_FOUND"] = "TRANSFER_NOT_FOUND";
+  ErrorCode2["TRANSFER_EXPIRED"] = "TRANSFER_EXPIRED";
+  ErrorCode2["PATH_NOT_ALLOWED"] = "PATH_NOT_ALLOWED";
+  ErrorCode2["COMMAND_NOT_ALLOWED"] = "COMMAND_NOT_ALLOWED";
+  return ErrorCode2;
+})(ErrorCode || {});
+var STATUS_CODES = {
+  [
+    "PAIRING_EXPIRED"
+    /* PAIRING_EXPIRED */
+  ]: 410,
+  [
+    "PAIRING_INVALID"
+    /* PAIRING_INVALID */
+  ]: 400,
+  [
+    "PAIRING_USED"
+    /* PAIRING_USED */
+  ]: 409,
+  [
+    "TOKEN_INVALID"
+    /* TOKEN_INVALID */
+  ]: 401,
+  [
+    "TOKEN_DECRYPT_FAILED"
+    /* TOKEN_DECRYPT_FAILED */
+  ]: 401,
+  [
+    "ORG_MISMATCH"
+    /* ORG_MISMATCH */
+  ]: 403,
+  [
+    "SESSION_EXPIRED"
+    /* SESSION_EXPIRED */
+  ]: 401,
+  [
+    "SESSION_INVALID"
+    /* SESSION_INVALID */
+  ]: 401,
+  [
+    "AUTH_REQUIRED"
+    /* AUTH_REQUIRED */
+  ]: 401,
+  [
+    "TOOL_NOT_FOUND"
+    /* TOOL_NOT_FOUND */
+  ]: 404,
+  [
+    "EXEC_TIMEOUT"
+    /* EXEC_TIMEOUT */
+  ]: 408,
+  [
+    "EXEC_FAILED"
+    /* EXEC_FAILED */
+  ]: 500,
+  [
+    "HTTPS_REQUIRED"
+    /* HTTPS_REQUIRED */
+  ]: 403,
+  [
+    "RATE_LIMITED"
+    /* RATE_LIMITED */
+  ]: 429,
+  [
+    "VALIDATION_ERROR"
+    /* VALIDATION_ERROR */
+  ]: 400,
+  [
+    "INTERNAL_ERROR"
+    /* INTERNAL_ERROR */
+  ]: 500,
+  [
+    "MCP_ERROR"
+    /* MCP_ERROR */
+  ]: 502,
+  [
+    "MCP_NOT_CONNECTED"
+    /* MCP_NOT_CONNECTED */
+  ]: 503,
+  [
+    "TRANSFER_NOT_FOUND"
+    /* TRANSFER_NOT_FOUND */
+  ]: 404,
+  [
+    "TRANSFER_EXPIRED"
+    /* TRANSFER_EXPIRED */
+  ]: 410,
+  [
+    "PATH_NOT_ALLOWED"
+    /* PATH_NOT_ALLOWED */
+  ]: 403,
+  [
+    "COMMAND_NOT_ALLOWED"
+    /* COMMAND_NOT_ALLOWED */
+  ]: 403
+};
+var GigaiError = class extends Error {
+  code;
+  statusCode;
+  details;
+  constructor(code, message, details) {
+    super(message);
+    this.name = "GigaiError";
+    this.code = code;
+    this.statusCode = STATUS_CODES[code];
+    this.details = details;
+  }
+  toJSON() {
+    return {
+      error: {
+        code: this.code,
+        message: this.message,
+        ...this.details !== void 0 && { details: this.details }
+      }
+    };
+  }
+};
+var TailscaleHttpsConfigSchema = z.object({
+  provider: z.literal("tailscale"),
+  funnelPort: z.number().optional()
+});
+var CloudflareHttpsConfigSchema = z.object({
+  provider: z.literal("cloudflare"),
+  tunnelName: z.string(),
+  domain: z.string().optional()
+});
+var ManualHttpsConfigSchema = z.object({
+  provider: z.literal("manual"),
+  certPath: z.string(),
+  keyPath: z.string()
+});
+var HttpsConfigSchema = z.discriminatedUnion("provider", [
+  TailscaleHttpsConfigSchema,
+  CloudflareHttpsConfigSchema,
+  ManualHttpsConfigSchema
+]);
+var CliToolConfigSchema = z.object({
+  type: z.literal("cli"),
+  name: z.string(),
+  command: z.string(),
+  args: z.array(z.string()).optional(),
+  description: z.string(),
+  timeout: z.number().optional(),
+  cwd: z.string().optional(),
+  env: z.record(z.string()).optional()
+});
+var McpToolConfigSchema = z.object({
+  type: z.literal("mcp"),
+  name: z.string(),
+  command: z.string(),
+  args: z.array(z.string()).optional(),
+  description: z.string(),
+  env: z.record(z.string()).optional()
+});
+var ScriptToolConfigSchema = z.object({
+  type: z.literal("script"),
+  name: z.string(),
+  path: z.string(),
+  description: z.string(),
+  timeout: z.number().optional(),
+  interpreter: z.string().optional()
+});
+var BuiltinToolConfigSchema = z.object({
+  type: z.literal("builtin"),
+  name: z.string(),
+  builtin: z.enum(["filesystem", "shell"]),
+  description: z.string(),
+  config: z.record(z.unknown()).optional()
+});
+var ToolConfigSchema = z.discriminatedUnion("type", [
+  CliToolConfigSchema,
+  McpToolConfigSchema,
+  ScriptToolConfigSchema,
+  BuiltinToolConfigSchema
+]);
+var AuthConfigSchema = z.object({
+  encryptionKey: z.string().length(64),
+  pairingTtlSeconds: z.number().default(300),
+  sessionTtlSeconds: z.number().default(14400)
+});
+var ServerConfigSchema = z.object({
+  port: z.number().default(7443),
+  host: z.string().default("0.0.0.0"),
+  https: HttpsConfigSchema.optional()
+});
+var GigaiConfigSchema = z.object({
+  serverName: z.string().optional(),
+  server: ServerConfigSchema,
+  auth: AuthConfigSchema,
+  tools: z.array(ToolConfigSchema).default([])
+});
+
+// ../server/dist/index.mjs
+import fp from "fastify-plugin";
+import { nanoid } from "nanoid";
+import { randomBytes as randomBytes2 } from "crypto";
+import { hostname } from "os";
+import { nanoid as nanoid2 } from "nanoid";
+import fp2 from "fastify-plugin";
+import fp3 from "fastify-plugin";
+import { spawn } from "child_process";
+import fp4 from "fastify-plugin";
+import { Client } from "@modelcontextprotocol/sdk/client/index.js";
+import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
+import { readFileSync } from "fs";
+import { resolve } from "path";
+import { readFile as fsReadFile, readdir } from "fs/promises";
+import { resolve as resolve2, relative, join } from "path";
+import { realpath } from "fs/promises";
+import { spawn as spawn2 } from "child_process";
+import { writeFile, readFile, unlink, mkdir } from "fs/promises";
+import { join as join2 } from "path";
+import { tmpdir } from "os";
+import { nanoid as nanoid3 } from "nanoid";
+import { execFile, spawn as spawn3 } from "child_process";
+import { promisify } from "util";
+import { readFile as readFile2 } from "fs/promises";
+import { resolve as resolve3 } from "path";
+import { spawn as spawn4 } from "child_process";
+import { spawn as spawn5 } from "child_process";
+import { input, select, checkbox, confirm } from "@inquirer/prompts";
+import { writeFile as writeFile2 } from "fs/promises";
+import { resolve as resolve4 } from "path";
+import { execFile as execFile2, spawn as spawn6 } from "child_process";
+import { promisify as promisify2 } from "util";
+import { input as input2 } from "@inquirer/prompts";
+import { readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
+import { resolve as resolve5 } from "path";
+import { writeFile as writeFile4 } from "fs/promises";
+import { resolve as resolve6, join as join3 } from "path";
+import { homedir, platform } from "os";
+import { execFile as execFile3 } from "child_process";
+import { promisify as promisify3 } from "util";
+var AuthStore = class {
+  pairingCodes = /* @__PURE__ */ new Map();
+  sessions = /* @__PURE__ */ new Map();
+  cleanupInterval;
+  constructor() {
+    this.cleanupInterval = setInterval(() => this.cleanup(), 6e4);
+  }
+  // Pairing codes
+  addPairingCode(code, ttlSeconds) {
+    const entry = {
+      code,
+      expiresAt: Date.now() + ttlSeconds * 1e3,
+      used: false
+    };
+    this.pairingCodes.set(code, entry);
+    return entry;
+  }
+  getPairingCode(code) {
+    return this.pairingCodes.get(code);
+  }
+  markPairingCodeUsed(code) {
+    const entry = this.pairingCodes.get(code);
+    if (entry) {
+      entry.used = true;
+    }
+  }
+  // Sessions
+  createSession(orgUuid, ttlSeconds) {
+    const session = {
+      id: nanoid(32),
+      orgUuid,
+      token: nanoid(48),
+      expiresAt: Date.now() + ttlSeconds * 1e3,
+      lastActivity: Date.now()
+    };
+    this.sessions.set(session.token, session);
+    return session;
+  }
+  getSession(token) {
+    const session = this.sessions.get(token);
+    if (session) {
+      session.lastActivity = Date.now();
+    }
+    return session;
+  }
+  // Cleanup
+  cleanup() {
+    const now = Date.now();
+    for (const [key, code] of this.pairingCodes) {
+      if (code.expiresAt < now) {
+        this.pairingCodes.delete(key);
+      }
+    }
+    for (const [key, session] of this.sessions) {
+      if (session.expiresAt < now) {
+        this.sessions.delete(key);
+      }
+    }
+  }
+  destroy() {
+    clearInterval(this.cleanupInterval);
+    this.pairingCodes.clear();
+    this.sessions.clear();
+  }
+};
+function connectWithToken(store, encryptedToken, orgUuid, encryptionKey, sessionTtlSeconds) {
+  let payload;
+  try {
+    payload = JSON.parse(encryptedToken);
+  } catch {
+    throw new GigaiError(ErrorCode.TOKEN_INVALID, "Invalid token format");
+  }
+  let decrypted;
+  try {
+    decrypted = decrypt(payload, encryptionKey);
+  } catch {
+    throw new GigaiError(ErrorCode.TOKEN_DECRYPT_FAILED, "Failed to decrypt token");
+  }
+  if (decrypted.orgUuid !== orgUuid) {
+    throw new GigaiError(ErrorCode.ORG_MISMATCH, "Organization UUID mismatch");
+  }
+  return store.createSession(orgUuid, sessionTtlSeconds);
+}
+function validateSession(store, token) {
+  const session = store.getSession(token);
+  if (!session) {
+    throw new GigaiError(ErrorCode.SESSION_INVALID, "Invalid session token");
+  }
+  if (session.expiresAt < Date.now()) {
+    throw new GigaiError(ErrorCode.SESSION_EXPIRED, "Session expired");
+  }
+  return session;
+}
+function createAuthMiddleware(store) {
+  return async function authMiddleware(request, _reply) {
+    const authHeader = request.headers.authorization;
+    if (!authHeader?.startsWith("Bearer ")) {
+      throw new GigaiError(ErrorCode.AUTH_REQUIRED, "Authorization header required");
+    }
+    const token = authHeader.slice(7);
+    const session = validateSession(store, token);
+    request.session = session;
+  };
+}
+var PAIRING_CODE_LENGTH = 8;
+var PAIRING_CODE_CHARS = "0123456789ABCDEFGHJKLMNPQRSTUVWXYZ";
+function generatePairingCode(store, ttlSeconds) {
+  let code = "";
+  const bytes = nanoid2(PAIRING_CODE_LENGTH);
+  for (let i = 0; i < PAIRING_CODE_LENGTH; i++) {
+    code += PAIRING_CODE_CHARS[bytes.charCodeAt(i) % PAIRING_CODE_CHARS.length];
+  }
+  store.addPairingCode(code, ttlSeconds);
+  return code;
+}
+function validateAndPair(store, code, orgUuid, encryptionKey, serverFingerprint) {
+  const entry = store.getPairingCode(code.toUpperCase());
+  if (!entry) {
+    throw new GigaiError(ErrorCode.PAIRING_INVALID, "Invalid pairing code");
+  }
+  if (entry.used) {
+    throw new GigaiError(ErrorCode.PAIRING_USED, "Pairing code already used");
+  }
+  if (entry.expiresAt < Date.now()) {
+    throw new GigaiError(ErrorCode.PAIRING_EXPIRED, "Pairing code expired");
+  }
+  store.markPairingCodeUsed(code.toUpperCase());
+  return encrypt(
+    { orgUuid, serverFingerprint, createdAt: Date.now() },
+    encryptionKey
+  );
+}
+function registerAuthRoutes(server, store, config) {
+  const serverFingerprint = randomBytes2(16).toString("hex");
+  const serverName = config.serverName ?? hostname();
+  server.post("/auth/pair", {
+    config: {
+      rateLimit: { max: 5, timeWindow: "1 hour" }
+    },
+    schema: {
+      body: {
+        type: "object",
+        required: ["pairingCode", "orgUuid"],
+        properties: {
+          pairingCode: { type: "string" },
+          orgUuid: { type: "string" }
+        }
+      }
+    }
+  }, async (request) => {
+    const { pairingCode, orgUuid } = request.body;
+    const encryptedToken = validateAndPair(
+      store,
+      pairingCode,
+      orgUuid,
+      config.auth.encryptionKey,
+      serverFingerprint
+    );
+    return { encryptedToken: JSON.stringify(encryptedToken), serverName };
+  });
+  server.post("/auth/connect", {
+    config: {
+      rateLimit: { max: 10, timeWindow: "1 minute" }
+    },
+    schema: {
+      body: {
+        type: "object",
+        required: ["encryptedToken", "orgUuid"],
+        properties: {
+          encryptedToken: { type: "string" },
+          orgUuid: { type: "string" }
+        }
+      }
+    }
+  }, async (request) => {
+    const { encryptedToken, orgUuid } = request.body;
+    const session = connectWithToken(
+      store,
+      encryptedToken,
+      orgUuid,
+      config.auth.encryptionKey,
+      config.auth.sessionTtlSeconds
+    );
+    return {
+      sessionToken: session.token,
+      expiresAt: session.expiresAt
+    };
+  });
+  server.get("/auth/pair/generate", {
+    config: { skipAuth: true }
+  }, async (request) => {
+    const remoteAddr = request.ip;
+    if (remoteAddr !== "127.0.0.1" && remoteAddr !== "::1" && remoteAddr !== "::ffff:127.0.0.1") {
+      throw new GigaiError(ErrorCode.AUTH_REQUIRED, "Pairing code generation is only available from localhost");
+    }
+    const code = generatePairingCode(store, config.auth.pairingTtlSeconds);
+    return { code, expiresIn: config.auth.pairingTtlSeconds };
+  });
+}
+var authPlugin = fp(async (server, opts) => {
+  const store = new AuthStore();
+  const authMiddleware = createAuthMiddleware(store);
+  server.decorate("authStore", store);
+  server.addHook("onRequest", async (request, reply) => {
+    const routeConfig = request.routeOptions?.config ?? {};
+    if (routeConfig.skipAuth) return;
+    if (request.url === "/health") return;
+    if (request.url.startsWith("/auth/")) return;
+    await authMiddleware(request, reply);
+  });
+  registerAuthRoutes(server, store, opts.config);
+  server.addHook("onClose", async () => {
+    store.destroy();
+  });
+}, { name: "auth" });
+var ToolRegistry = class {
+  tools = /* @__PURE__ */ new Map();
+  loadFromConfig(tools) {
+    for (const tool of tools) {
+      this.register(tool);
+    }
+  }
+  register(config) {
+    const entry = { type: config.type, config };
+    this.tools.set(config.name, entry);
+  }
+  get(name) {
+    const entry = this.tools.get(name);
+    if (!entry) {
+      throw new GigaiError(ErrorCode.TOOL_NOT_FOUND, `Tool not found: ${name}`);
+    }
+    return entry;
+  }
+  has(name) {
+    return this.tools.has(name);
+  }
+  list() {
+    return Array.from(this.tools.values()).map((entry) => ({
+      name: entry.config.name,
+      type: entry.config.type,
+      description: entry.config.description
+    }));
+  }
+  getDetail(name) {
+    const entry = this.get(name);
+    const detail = {
+      name: entry.config.name,
+      type: entry.config.type,
+      description: entry.config.description
+    };
+    if (entry.type === "cli") {
+      detail.usage = `${entry.config.command} ${(entry.config.args ?? []).join(" ")} [args...]`;
+    } else if (entry.type === "script") {
+      detail.usage = `${entry.config.path} [args...]`;
+    }
+    return detail;
+  }
+};
+var registryPlugin = fp2(async (server, opts) => {
+  const registry = new ToolRegistry();
+  registry.loadFromConfig(opts.config.tools);
+  server.decorate("registry", registry);
+  server.log.info(`Loaded ${registry.list().length} tools`);
+}, { name: "registry" });
+var MAX_ARG_LENGTH = 64 * 1024;
+function sanitizeArgs(args) {
+  return args.map((arg, i) => {
+    if (arg.includes("\0")) {
+      throw new GigaiError(
+        ErrorCode.VALIDATION_ERROR,
+        `Argument ${i} contains null byte`
+      );
+    }
+    if (arg.length > MAX_ARG_LENGTH) {
+      throw new GigaiError(
+        ErrorCode.VALIDATION_ERROR,
+        `Argument ${i} exceeds maximum length of ${MAX_ARG_LENGTH}`
+      );
+    }
+    return arg;
+  });
+}
+var DEFAULT_TIMEOUT = 3e4;
+var KILL_GRACE_PERIOD = 5e3;
+var MAX_OUTPUT_SIZE = 10 * 1024 * 1024;
+function executeTool(entry, args, timeout) {
+  const sanitized = sanitizeArgs(args);
+  const effectiveTimeout = timeout ?? DEFAULT_TIMEOUT;
+  let command;
+  let spawnArgs;
+  let cwd;
+  let env;
+  switch (entry.type) {
+    case "cli":
+      command = entry.config.command;
+      spawnArgs = [...entry.config.args ?? [], ...sanitized];
+      cwd = entry.config.cwd;
+      env = entry.config.env;
+      break;
+    case "script": {
+      const interpreter = entry.config.interpreter ?? "node";
+      command = interpreter;
+      spawnArgs = [entry.config.path, ...sanitized];
+      break;
+    }
+    default:
+      throw new GigaiError(
+        ErrorCode.EXEC_FAILED,
+        `Cannot execute tool of type: ${entry.type}`
+      );
+  }
+  return new Promise((resolve7, reject) => {
+    const start = Date.now();
+    const stdoutChunks = [];
+    const stderrChunks = [];
+    const child = spawn(command, spawnArgs, {
+      shell: false,
+      cwd,
+      env: env ? { ...process.env, ...env } : process.env,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    let killed = false;
+    const timer = setTimeout(() => {
+      killed = true;
+      child.kill("SIGTERM");
+      setTimeout(() => {
+        if (!child.killed) {
+          child.kill("SIGKILL");
+        }
+      }, KILL_GRACE_PERIOD);
+    }, effectiveTimeout);
+    let totalSize = 0;
+    child.stdout.on("data", (chunk) => {
+      totalSize += chunk.length;
+      if (totalSize <= MAX_OUTPUT_SIZE) stdoutChunks.push(chunk);
+      else if (!killed) {
+        killed = true;
+        child.kill("SIGTERM");
+      }
+    });
+    child.stderr.on("data", (chunk) => {
+      totalSize += chunk.length;
+      if (totalSize <= MAX_OUTPUT_SIZE) stderrChunks.push(chunk);
+      else if (!killed) {
+        killed = true;
+        child.kill("SIGTERM");
+      }
+    });
+    child.on("error", (err) => {
+      clearTimeout(timer);
+      reject(new GigaiError(ErrorCode.EXEC_FAILED, `Failed to spawn: ${err.message}`));
+    });
+    child.on("close", (exitCode) => {
+      clearTimeout(timer);
+      const durationMs = Date.now() - start;
+      if (killed) {
+        reject(new GigaiError(ErrorCode.EXEC_TIMEOUT, `Tool execution timed out after ${effectiveTimeout}ms`));
+        return;
+      }
+      resolve7({
+        stdout: Buffer.concat(stdoutChunks).toString("utf8"),
+        stderr: Buffer.concat(stderrChunks).toString("utf8"),
+        exitCode: exitCode ?? 1,
+        durationMs
+      });
+    });
+  });
+}
+var executorPlugin = fp3(async (server) => {
+  server.decorate("executor", {
+    execute: executeTool
+  });
+}, { name: "executor" });
+var McpClientWrapper = class {
+  constructor(config) {
+    this.config = config;
+  }
+  client = null;
+  transport = null;
+  toolsCache = null;
+  connected = false;
+  async ensureConnected() {
+    if (this.connected && this.client) return;
+    this.transport = new StdioClientTransport({
+      command: this.config.command,
+      args: this.config.args,
+      env: this.config.env ? { ...process.env, ...this.config.env } : process.env
+    });
+    this.client = new Client({
+      name: `gigai-${this.config.name}`,
+      version: "0.1.0"
+    });
+    await this.client.connect(this.transport);
+    this.connected = true;
+  }
+  async listTools() {
+    if (this.toolsCache) return this.toolsCache;
+    await this.ensureConnected();
+    const result = await this.client.listTools();
+    this.toolsCache = result.tools.map((t) => ({
+      name: t.name,
+      description: t.description ?? "",
+      inputSchema: t.inputSchema
+    }));
+    return this.toolsCache;
+  }
+  async callTool(toolName, args) {
+    await this.ensureConnected();
+    try {
+      const result = await this.client.callTool({ name: toolName, arguments: args });
+      return {
+        content: result.content ?? [],
+        isError: result.isError ?? false
+      };
+    } catch (err) {
+      throw new GigaiError(
+        ErrorCode.MCP_ERROR,
+        `MCP tool call failed: ${err.message}`
+      );
+    }
+  }
+  async disconnect() {
+    if (this.client && this.connected) {
+      try {
+        await this.client.close();
+      } catch {
+      }
+      this.client = null;
+      this.transport = null;
+      this.connected = false;
+      this.toolsCache = null;
+    }
+  }
+  get isConnected() {
+    return this.connected;
+  }
+  get name() {
+    return this.config.name;
+  }
+};
+var McpPool = class {
+  clients = /* @__PURE__ */ new Map();
+  loadFromConfig(tools) {
+    for (const tool of tools) {
+      this.clients.set(tool.name, new McpClientWrapper(tool));
+    }
+  }
+  getClient(name) {
+    const client = this.clients.get(name);
+    if (!client) {
+      throw new GigaiError(ErrorCode.TOOL_NOT_FOUND, `MCP tool not found: ${name}`);
+    }
+    return client;
+  }
+  has(name) {
+    return this.clients.has(name);
+  }
+  async listToolsFor(name) {
+    const client = this.getClient(name);
+    return client.listTools();
+  }
+  list() {
+    return Array.from(this.clients.keys());
+  }
+  async shutdownAll() {
+    const disconnects = Array.from(this.clients.values()).map((c) => c.disconnect());
+    await Promise.allSettled(disconnects);
+    this.clients.clear();
+  }
+};
+var McpLifecycleManager = class {
+  constructor(pool) {
+    this.pool = pool;
+  }
+  healthCheckInterval = null;
+  startHealthChecks(intervalMs = 3e4) {
+    this.healthCheckInterval = setInterval(async () => {
+      for (const name of this.pool.list()) {
+        try {
+          const client = this.pool.getClient(name);
+          if (client.isConnected) {
+            await client.listTools();
+          }
+        } catch {
+        }
+      }
+    }, intervalMs);
+  }
+  async shutdown() {
+    if (this.healthCheckInterval) {
+      clearInterval(this.healthCheckInterval);
+      this.healthCheckInterval = null;
+    }
+    await this.pool.shutdownAll();
+  }
+};
+var mcpPlugin = fp4(async (server, opts) => {
+  const pool = new McpPool();
+  const mcpTools = opts.config.tools.filter(
+    (t) => t.type === "mcp"
+  );
+  pool.loadFromConfig(mcpTools);
+  server.decorate("mcpPool", pool);
+  const lifecycle = new McpLifecycleManager(pool);
+  lifecycle.startHealthChecks();
+  server.log.info(`MCP pool initialized with ${mcpTools.length} servers`);
+  server.addHook("onClose", async () => {
+    await lifecycle.shutdown();
+  });
+}, { name: "mcp" });
+var startTime = Date.now();
+var startupVersion = "0.0.0";
+try {
+  const pkg = JSON.parse(
+    readFileSync(resolve(import.meta.dirname ?? ".", "../package.json"), "utf8")
+  );
+  startupVersion = pkg.version;
+} catch {
+}
+async function healthRoutes(server) {
+  server.get("/health", {
+    config: { skipAuth: true }
+  }, async () => {
+    return {
+      status: "ok",
+      version: startupVersion,
+      uptime: Date.now() - startTime
+    };
+  });
+}
+async function toolRoutes(server) {
+  server.get("/tools", async () => {
+    return { tools: server.registry.list() };
+  });
+  server.get("/tools/:name", async (request) => {
+    const { name } = request.params;
+    const detail = server.registry.getDetail(name);
+    const entry = server.registry.get(name);
+    if (entry.type === "mcp") {
+      try {
+        const mcpTools = await server.mcpPool.listToolsFor(name);
+        detail.mcpTools = mcpTools;
+      } catch {
+      }
+    }
+    return { tool: detail };
+  });
+  server.get("/tools/:name/mcp", async (request) => {
+    const { name } = request.params;
+    const entry = server.registry.get(name);
+    if (entry.type !== "mcp") {
+      return { tools: [] };
+    }
+    const mcpTools = await server.mcpPool.listToolsFor(name);
+    return { tools: mcpTools };
+  });
+}
+async function validatePath(targetPath, allowedPaths) {
+  const resolved = resolve2(targetPath);
+  let real;
+  try {
+    real = await realpath(resolved);
+  } catch {
+    real = resolved;
+  }
+  const isAllowed = allowedPaths.some((allowed) => {
+    const resolvedAllowed = resolve2(allowed);
+    const allowedPrefix = resolvedAllowed.endsWith("/") ? resolvedAllowed : resolvedAllowed + "/";
+    return real === resolvedAllowed || real.startsWith(allowedPrefix) || resolved === resolvedAllowed || resolved.startsWith(allowedPrefix);
+  });
+  if (!isAllowed) {
+    throw new GigaiError(
+      ErrorCode.PATH_NOT_ALLOWED,
+      `Path not within allowed directories: ${targetPath}`
+    );
+  }
+  return resolved;
+}
+async function readFileSafe(path, allowedPaths) {
+  const safePath = await validatePath(path, allowedPaths);
+  return fsReadFile(safePath, "utf8");
+}
+async function listDirSafe(path, allowedPaths) {
+  const safePath = await validatePath(path, allowedPaths);
+  const entries = await readdir(safePath, { withFileTypes: true });
+  return entries.map((e) => ({
+    name: e.name,
+    type: e.isDirectory() ? "directory" : "file"
+  }));
+}
+async function searchFilesSafe(path, pattern, allowedPaths) {
+  const safePath = await validatePath(path, allowedPaths);
+  const results = [];
+  let regex;
+  try {
+    regex = new RegExp(pattern, "i");
+  } catch {
+    throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Invalid search pattern: ${pattern}`);
+  }
+  async function walk(dir) {
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+      const fullPath = join(dir, entry.name);
+      if (regex.test(entry.name)) {
+        results.push(relative(safePath, fullPath));
+      }
+      if (entry.isDirectory()) {
+        await walk(fullPath);
+      }
+    }
+  }
+  await walk(safePath);
+  return results;
+}
+var SHELL_INTERPRETERS = /* @__PURE__ */ new Set([
+  "sh",
+  "bash",
+  "zsh",
+  "fish",
+  "csh",
+  "tcsh",
+  "dash",
+  "ksh",
+  "env",
+  "xargs",
+  "nohup",
+  "strace",
+  "ltrace"
+]);
+var MAX_OUTPUT_SIZE2 = 10 * 1024 * 1024;
+async function execCommandSafe(command, args, config) {
+  if (!config.allowlist.includes(command)) {
+    throw new GigaiError(
+      ErrorCode.COMMAND_NOT_ALLOWED,
+      `Command not in allowlist: ${command}. Allowed: ${config.allowlist.join(", ")}`
+    );
+  }
+  if (command === "sudo" && !config.allowSudo) {
+    throw new GigaiError(ErrorCode.COMMAND_NOT_ALLOWED, "sudo is not allowed");
+  }
+  if (SHELL_INTERPRETERS.has(command)) {
+    throw new GigaiError(
+      ErrorCode.COMMAND_NOT_ALLOWED,
+      `Shell interpreter not allowed: ${command}`
+    );
+  }
+  for (const arg of args) {
+    if (arg.includes("\0")) {
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, "Null byte in argument");
+    }
+  }
+  return new Promise((resolve7, reject) => {
+    const child = spawn2(command, args, {
+      shell: false,
+      stdio: ["ignore", "pipe", "pipe"]
+    });
+    const stdoutChunks = [];
+    const stderrChunks = [];
+    let totalSize = 0;
+    child.stdout.on("data", (chunk) => {
+      totalSize += chunk.length;
+      if (totalSize <= MAX_OUTPUT_SIZE2) stdoutChunks.push(chunk);
+      else child.kill("SIGTERM");
+    });
+    child.stderr.on("data", (chunk) => {
+      totalSize += chunk.length;
+      if (totalSize <= MAX_OUTPUT_SIZE2) stderrChunks.push(chunk);
+      else child.kill("SIGTERM");
+    });
+    child.on("error", (err) => {
+      reject(new GigaiError(ErrorCode.EXEC_FAILED, `Failed to spawn ${command}: ${err.message}`));
+    });
+    child.on("close", (exitCode) => {
+      resolve7({
+        stdout: Buffer.concat(stdoutChunks).toString("utf8"),
+        stderr: Buffer.concat(stderrChunks).toString("utf8"),
+        exitCode: exitCode ?? 1
+      });
+    });
+  });
+}
+async function execRoutes(server) {
+  server.post("/exec", {
+    config: {
+      rateLimit: { max: 60, timeWindow: "1 minute" }
+    },
+    schema: {
+      body: {
+        type: "object",
+        required: ["tool", "args"],
+        properties: {
+          tool: { type: "string" },
+          args: { type: "array", items: { type: "string" } },
+          timeout: { type: "number" }
+        }
+      }
+    }
+  }, async (request) => {
+    const { tool, args, timeout } = request.body;
+    const entry = server.registry.get(tool);
+    if (entry.type === "builtin") {
+      return handleBuiltin(entry.config, args);
+    }
+    const result = await server.executor.execute(entry, args, timeout);
+    return result;
+  });
+  server.post("/exec/mcp", {
+    config: {
+      rateLimit: { max: 60, timeWindow: "1 minute" }
+    },
+    schema: {
+      body: {
+        type: "object",
+        required: ["tool", "mcpTool", "args"],
+        properties: {
+          tool: { type: "string" },
+          mcpTool: { type: "string" },
+          args: { type: "object" }
+        }
+      }
+    }
+  }, async (request) => {
+    const { tool, mcpTool, args } = request.body;
+    const entry = server.registry.get(tool);
+    if (entry.type !== "mcp") {
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Tool ${tool} is not an MCP tool`);
+    }
+    const start = Date.now();
+    const client = server.mcpPool.getClient(tool);
+    const result = await client.callTool(mcpTool, args);
+    return {
+      content: result.content,
+      isError: result.isError,
+      durationMs: Date.now() - start
+    };
+  });
+}
+async function handleBuiltin(config, args) {
+  const builtinConfig = config.config ?? {};
+  switch (config.builtin) {
+    case "filesystem": {
+      const allowedPaths = builtinConfig.allowedPaths ?? ["."];
+      const subcommand = args[0];
+      const target = args[1] ?? ".";
+      switch (subcommand) {
+        case "read":
+          return { stdout: await readFileSafe(target, allowedPaths), stderr: "", exitCode: 0, durationMs: 0 };
+        case "list":
+          return { stdout: JSON.stringify(await listDirSafe(target, allowedPaths), null, 2), stderr: "", exitCode: 0, durationMs: 0 };
+        case "search":
+          return { stdout: JSON.stringify(await searchFilesSafe(target, args[2] ?? ".*", allowedPaths), null, 2), stderr: "", exitCode: 0, durationMs: 0 };
+        default:
+          throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Unknown filesystem subcommand: ${subcommand}. Use: read, list, search`);
+      }
+    }
+    case "shell": {
+      const allowlist = builtinConfig.allowlist ?? [];
+      const allowSudo = builtinConfig.allowSudo ?? false;
+      const command = args[0];
+      if (!command) {
+        throw new GigaiError(ErrorCode.VALIDATION_ERROR, "No command specified");
+      }
+      const result = await execCommandSafe(command, args.slice(1), { allowlist, allowSudo });
+      return { ...result, durationMs: 0 };
+    }
+    default:
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, `Unknown builtin: ${config.builtin}`);
+  }
+}
+var transfers = /* @__PURE__ */ new Map();
+var TRANSFER_DIR = join2(tmpdir(), "gigai-transfers");
+var TRANSFER_TTL = 60 * 60 * 1e3;
+setInterval(async () => {
+  const now = Date.now();
+  for (const [id, entry] of transfers) {
+    if (entry.expiresAt < now) {
+      transfers.delete(id);
+      try {
+        await unlink(entry.path);
+      } catch {
+      }
+    }
+  }
+}, 6e4);
+async function transferRoutes(server) {
+  await mkdir(TRANSFER_DIR, { recursive: true });
+  server.post("/transfer/upload", async (request) => {
+    const data = await request.file();
+    if (!data) {
+      throw new GigaiError(ErrorCode.VALIDATION_ERROR, "No file uploaded");
+    }
+    const id = nanoid3(16);
+    const buffer = await data.toBuffer();
+    const filePath = join2(TRANSFER_DIR, id);
+    await writeFile(filePath, buffer);
+    const entry = {
+      id,
+      path: filePath,
+      filename: data.filename,
+      mimeType: data.mimetype,
+      expiresAt: Date.now() + TRANSFER_TTL
+    };
+    transfers.set(id, entry);
+    return {
+      id,
+      expiresAt: entry.expiresAt
+    };
+  });
+  server.get("/transfer/:id", async (request, reply) => {
+    const { id } = request.params;
+    const entry = transfers.get(id);
+    if (!entry) {
+      throw new GigaiError(ErrorCode.TRANSFER_NOT_FOUND, "Transfer not found");
+    }
+    if (entry.expiresAt < Date.now()) {
+      transfers.delete(id);
+      throw new GigaiError(ErrorCode.TRANSFER_EXPIRED, "Transfer expired");
+    }
+    const content = await readFile(entry.path);
+    reply.type(entry.mimeType).send(content);
+  });
+}
+var execFileAsync = promisify(execFile);
+async function adminRoutes(server) {
+  server.post("/admin/update", async (_request, reply) => {
+    try {
+      const { stdout, stderr } = await execFileAsync(
+        "npm",
+        ["install", "-g", "@schuttdev/gigai@latest"],
+        { timeout: 12e4 }
+      );
+      server.log.info(`Update output: ${stdout}`);
+      if (stderr) server.log.warn(`Update stderr: ${stderr}`);
+    } catch (e) {
+      server.log.error(`Update failed: ${e.message}`);
+      reply.status(500);
+      return { updated: false, error: e.message };
+    }
+    setTimeout(async () => {
+      server.log.info("Restarting server after update...");
+      const args = ["start"];
+      const configIdx = process.argv.indexOf("--config");
+      if (configIdx !== -1 && process.argv[configIdx + 1]) {
+        args.push("--config", process.argv[configIdx + 1]);
+      }
+      const shortIdx = process.argv.indexOf("-c");
+      if (shortIdx !== -1 && process.argv[shortIdx + 1]) {
+        args.push("--config", process.argv[shortIdx + 1]);
+      }
+      if (process.argv.includes("--dev")) {
+        args.push("--dev");
+      }
+      await server.close();
+      const child = spawn3("gigai", args, {
+        detached: true,
+        stdio: "ignore",
+        cwd: process.cwd()
+      });
+      child.unref();
+      process.exit(0);
+    }, 500);
+    return { updated: true, restarting: true };
+  });
+}
+async function createServer(opts) {
+  const { config, dev = false } = opts;
+  const server = Fastify({
+    logger: {
+      level: dev ? "debug" : "info"
+    },
+    trustProxy: !dev
+    // Only trust proxy headers in production (behind HTTPS reverse proxy)
+  });
+  const httpsProvider = config.server.https?.provider;
+  const behindTunnel = httpsProvider === "tailscale" || httpsProvider === "cloudflare";
+  if (!dev && !behindTunnel) {
+    server.addHook("onRequest", async (request, _reply) => {
+      if (request.protocol !== "https") {
+        throw new GigaiError(ErrorCode.HTTPS_REQUIRED, "HTTPS is required");
+      }
+    });
+  }
+  await server.register(cors, { origin: false });
+  await server.register(rateLimit, { max: 100, timeWindow: "1 minute" });
+  await server.register(multipart, { limits: { fileSize: 50 * 1024 * 1024 } });
+  await server.register(authPlugin, { config });
+  await server.register(registryPlugin, { config });
+  await server.register(executorPlugin);
+  await server.register(mcpPlugin, { config });
+  await server.register(healthRoutes);
+  await server.register(toolRoutes);
+  await server.register(execRoutes);
+  await server.register(transferRoutes);
+  await server.register(adminRoutes);
+  server.setErrorHandler((error, _request, reply) => {
+    if (error instanceof GigaiError) {
+      reply.status(error.statusCode).send(error.toJSON());
+      return;
+    }
+    if ("statusCode" in error && error.statusCode === 429) {
+      reply.status(429).send({
+        error: { code: ErrorCode.RATE_LIMITED, message: "Too many requests" }
+      });
+      return;
+    }
+    server.log.error(error);
+    reply.status(500).send({
+      error: { code: ErrorCode.INTERNAL_ERROR, message: "Internal server error" }
+    });
+  });
+  return server;
+}
+var DEFAULT_CONFIG_PATH = "gigai.config.json";
+async function loadConfig(path) {
+  const configPath = resolve3(path ?? DEFAULT_CONFIG_PATH);
+  const raw = await readFile2(configPath, "utf8");
+  const json = JSON.parse(raw);
+  return GigaiConfigSchema.parse(json);
+}
+function runCommand(command, args) {
+  return new Promise((resolve7, reject) => {
+    const child = spawn4(command, args, { shell: false, stdio: ["ignore", "pipe", "pipe"] });
+    const chunks = [];
+    child.stdout.on("data", (chunk) => chunks.push(chunk));
+    child.on("error", reject);
+    child.on("close", (exitCode) => {
+      resolve7({ stdout: Buffer.concat(chunks).toString("utf8").trim(), exitCode: exitCode ?? 1 });
+    });
+  });
+}
+async function getTailscaleStatus() {
+  try {
+    const { stdout, exitCode } = await runCommand("tailscale", ["status", "--json"]);
+    if (exitCode !== 0) return { online: false };
+    const status = JSON.parse(stdout);
+    return {
+      online: status.BackendState === "Running",
+      hostname: status.Self?.DNSName?.replace(/\.$/, "")
+    };
+  } catch {
+    return { online: false };
+  }
+}
+async function enableFunnel(port) {
+  const status = await getTailscaleStatus();
+  if (!status.online || !status.hostname) {
+    throw new Error("Tailscale is not running or not connected");
+  }
+  const { exitCode, stdout } = await runCommand("tailscale", [
+    "funnel",
+    "--bg",
+    `${port}`
+  ]);
+  if (exitCode !== 0) {
+    throw new Error(`Failed to enable Tailscale Funnel: ${stdout}`);
+  }
+  return `https://${status.hostname}`;
+}
+async function disableFunnel(port) {
+  await runCommand("tailscale", ["funnel", "--bg", "off", `${port}`]);
+}
+function runTunnel(tunnelName, localPort) {
+  const child = spawn5("cloudflared", [
+    "tunnel",
+    "--url",
+    `http://localhost:${localPort}`,
+    "run",
+    tunnelName
+  ], {
+    shell: false,
+    stdio: "ignore",
+    detached: true
+  });
+  child.unref();
+  return child;
+}
+var execFileAsync2 = promisify2(execFile2);
+async function getTailscaleDnsName() {
+  try {
+    const { stdout } = await execFileAsync2("tailscale", ["status", "--json"]);
+    const data = JSON.parse(stdout);
+    const dnsName = data?.Self?.DNSName;
+    if (dnsName) return dnsName.replace(/\.$/, "");
+    return null;
+  } catch {
+    return null;
+  }
+}
+async function ensureTailscaleFunnel(port) {
+  const dnsName = await getTailscaleDnsName();
+  if (!dnsName) {
+    throw new Error("Tailscale is not running or not connected. Install/start Tailscale first.");
+  }
+  console.log("  Enabling Tailscale Funnel...");
+  try {
+    const { stdout, stderr } = await execFileAsync2("tailscale", ["funnel", "--bg", `${port}`]);
+    const output = stdout + stderr;
+    if (output.includes("Funnel is not enabled")) {
+      const urlMatch = output.match(/(https:\/\/login\.tailscale\.com\/\S+)/);
+      const enableUrl = urlMatch?.[1] ?? "https://login.tailscale.com/admin/machines";
+      console.log(`
+  Funnel is not enabled on your tailnet.`);
+      console.log(`  Enable it here: ${enableUrl}
+`);
+      await confirm({ message: "I've enabled Funnel in my Tailscale admin. Continue?", default: true });
+      const retry = await execFileAsync2("tailscale", ["funnel", "--bg", `${port}`]);
+      if ((retry.stdout + retry.stderr).includes("Funnel is not enabled")) {
+        throw new Error("Funnel is still not enabled. Please enable it in your Tailscale admin and try again.");
+      }
+    }
+  } catch (e) {
+    if (e.message.includes("Funnel is still not enabled")) throw e;
+  }
+  try {
+    const { stdout } = await execFileAsync2("tailscale", ["funnel", "status"]);
+    if (stdout.includes("No serve config")) {
+      throw new Error("Funnel setup failed. Run 'tailscale funnel --bg " + port + "' manually to debug.");
+    }
+  } catch {
+  }
+  console.log(`  Tailscale Funnel active: https://${dnsName}`);
+  return `https://${dnsName}`;
+}
+async function runInit() {
+  console.log("\n  gigai server setup\n");
+  const httpsProvider = await select({
+    message: "HTTPS provider:",
+    choices: [
+      { name: "Tailscale Funnel (recommended)", value: "tailscale" },
+      { name: "Cloudflare Tunnel", value: "cloudflare" },
+      { name: "Manual (provide certs)", value: "manual" },
+      { name: "None (dev mode only)", value: "none" }
+    ]
+  });
+  let httpsConfig;
+  switch (httpsProvider) {
+    case "tailscale":
+      httpsConfig = {
+        provider: "tailscale",
+        funnelPort: 7443
+      };
+      break;
+    case "cloudflare": {
+      const tunnelName = await input({
+        message: "Cloudflare tunnel name:",
+        default: "gigai"
+      });
+      const domain = await input({
+        message: "Domain (optional):"
+      });
+      httpsConfig = {
+        provider: "cloudflare",
+        tunnelName,
+        ...domain && { domain }
+      };
+      break;
+    }
+    case "manual": {
+      const certPath = await input({
+        message: "Path to TLS certificate:",
+        required: true
+      });
+      const keyPath = await input({
+        message: "Path to TLS private key:",
+        required: true
+      });
+      httpsConfig = {
+        provider: "manual",
+        certPath,
+        keyPath
+      };
+      break;
+    }
+    case "none":
+    default:
+      httpsConfig = void 0;
+      console.log("  No HTTPS \u2014 dev mode only.");
+      break;
+  }
+  const portStr = await input({
+    message: "Server port:",
+    default: "7443"
+  });
+  const port = parseInt(portStr, 10);
+  const selectedBuiltins = await checkbox({
+    message: "Built-in tools to enable:",
+    choices: [
+      { name: "Filesystem (read/list/search files)", value: "filesystem", checked: true },
+      { name: "Shell (execute allowed commands)", value: "shell", checked: true }
+    ]
+  });
+  const tools = [];
+  if (selectedBuiltins.includes("filesystem")) {
+    const pathsStr = await input({
+      message: "Allowed filesystem paths (comma-separated):",
+      default: process.env.HOME ?? "~"
+    });
+    const allowedPaths = pathsStr.split(",").map((p) => p.trim());
+    tools.push({
+      type: "builtin",
+      name: "fs",
+      builtin: "filesystem",
+      description: "Read, list, and search files",
+      config: { allowedPaths }
+    });
+  }
+  if (selectedBuiltins.includes("shell")) {
+    const allowlistStr = await input({
+      message: "Allowed shell commands (comma-separated):",
+      default: "ls,cat,head,tail,grep,find,wc,echo,date,whoami,pwd,git,npm,node"
+    });
+    const allowlist = allowlistStr.split(",").map((c) => c.trim());
+    const allowSudo = await confirm({
+      message: "Allow sudo?",
+      default: false
+    });
+    tools.push({
+      type: "builtin",
+      name: "shell",
+      builtin: "shell",
+      description: "Execute allowed shell commands",
+      config: { allowlist, allowSudo }
+    });
+  }
+  let serverName;
+  if (httpsProvider === "tailscale") {
+    const dnsName = await getTailscaleDnsName();
+    if (dnsName) {
+      serverName = dnsName.split(".")[0];
+    }
+  } else if (httpsProvider === "cloudflare") {
+    serverName = await input({
+      message: "Server name (identifies this machine):",
+      required: true
+    });
+  }
+  if (!serverName) {
+    const { hostname: osHostname } = await import("os");
+    serverName = osHostname();
+  }
+  const encryptionKey = generateEncryptionKey();
+  const config = {
+    serverName,
+    server: {
+      port,
+      host: "0.0.0.0",
+      ...httpsConfig && { https: httpsConfig }
+    },
+    auth: {
+      encryptionKey,
+      pairingTtlSeconds: 300,
+      sessionTtlSeconds: 14400
+    },
+    tools
+  };
+  const configPath = resolve4("gigai.config.json");
+  await writeFile2(configPath, JSON.stringify(config, null, 2) + "\n", { mode: 384 });
+  console.log(`
+  Config written to: ${configPath}`);
+  let serverUrl;
+  if (httpsProvider === "tailscale") {
+    try {
+      serverUrl = await ensureTailscaleFunnel(port);
+    } catch (e) {
+      console.error(`  ${e.message}`);
+      console.log("  You can enable Funnel later and run 'gigai start' manually.\n");
+    }
+  } else if (httpsProvider === "cloudflare" && httpsConfig && "domain" in httpsConfig && httpsConfig.domain) {
+    serverUrl = `https://${httpsConfig.domain}`;
+    console.log(`  Cloudflare URL: ${serverUrl}`);
+  }
+  if (!serverUrl) {
+    serverUrl = await input({
+      message: "Server URL (how clients will reach this server):",
+      required: true
+    });
+  }
+  console.log("\n  Starting server...");
+  const serverArgs = ["start", "--config", configPath];
+  if (!httpsConfig) serverArgs.push("--dev");
+  const child = spawn6("gigai", serverArgs, {
+    detached: true,
+    stdio: "ignore",
+    cwd: resolve4(".")
+  });
+  child.unref();
+  await new Promise((r) => setTimeout(r, 1500));
+  try {
+    const res = await fetch(`http://localhost:${port}/health`);
+    if (res.ok) {
+      console.log(`  Server running on port ${port} (PID ${child.pid})`);
+    }
+  } catch {
+    console.log(`  Server starting in background (PID ${child.pid})`);
+  }
+  let code;
+  const maxRetries = 5;
+  for (let i = 0; i < maxRetries; i++) {
+    try {
+      const res = await fetch(`http://localhost:${port}/auth/pair/generate`);
+      if (res.ok) {
+        const data = await res.json();
+        code = data.code;
+        break;
+      }
+    } catch {
+      await new Promise((r) => setTimeout(r, 1e3));
+    }
+  }
+  if (!code) {
+    console.log("\n  Server is starting but not ready yet.");
+    console.log("  Run 'gigai pair' once it's up to get a pairing code.\n");
+    return;
+  }
+  console.log(`
+  Paste this into Claude to pair:
+`);
+  console.log(`  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`);
+  console.log(`  Install kon and pair with my server:
+`);
+  console.log(`  \`\`\`bash`);
+  console.log(`  npm install -g @schuttdev/kon`);
+  console.log(`  kon pair ${code} ${serverUrl}`);
+  console.log(`  \`\`\`
+`);
+  console.log(`  Then show me the skill file output so I can save it.`);
+  console.log(`  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`);
+  console.log(`
+  Pairing code expires in ${config.auth.pairingTtlSeconds / 60} minutes.`);
+  console.log(`  Run 'gigai pair' to generate a new one.
+`);
+}
+async function loadConfigFile(path) {
+  const configPath = resolve5(path ?? "gigai.config.json");
+  const raw = await readFile3(configPath, "utf8");
+  const config = GigaiConfigSchema.parse(JSON.parse(raw));
+  return { config, path: configPath };
+}
+async function saveConfig(config, path) {
+  await writeFile3(path, JSON.stringify(config, null, 2) + "\n");
+}
+async function wrapCli() {
+  const { config, path } = await loadConfigFile();
+  const name = await input2({ message: "Tool name:", required: true });
+  const command = await input2({ message: "Command:", required: true });
+  const description = await input2({ message: "Description:", required: true });
+  const argsStr = await input2({ message: "Default args (space-separated, optional):" });
+  const timeoutStr = await input2({ message: "Timeout in ms (optional):", default: "30000" });
+  const tool = {
+    type: "cli",
+    name,
+    command,
+    description,
+    ...argsStr && { args: argsStr.split(" ").filter(Boolean) },
+    timeout: parseInt(timeoutStr, 10)
+  };
+  config.tools.push(tool);
+  await saveConfig(config, path);
+  console.log(`Added CLI tool: ${name}`);
+}
+async function wrapMcp() {
+  const { config, path } = await loadConfigFile();
+  const name = await input2({ message: "Tool name:", required: true });
+  const command = await input2({ message: "MCP server command:", required: true });
+  const description = await input2({ message: "Description:", required: true });
+  const argsStr = await input2({ message: "Command args (space-separated, optional):" });
+  const envStr = await input2({
+    message: "Environment variables (KEY=VALUE, comma-separated, optional):"
+  });
+  const env = {};
+  if (envStr) {
+    for (const pair of envStr.split(",")) {
+      const [k, ...v] = pair.trim().split("=");
+      if (k && v.length > 0) {
+        env[k.trim()] = v.join("=").trim();
+      }
+    }
+  }
+  const tool = {
+    type: "mcp",
+    name,
+    command,
+    description,
+    ...argsStr && { args: argsStr.split(" ").filter(Boolean) },
+    ...Object.keys(env).length > 0 && { env }
+  };
+  config.tools.push(tool);
+  await saveConfig(config, path);
+  console.log(`Added MCP tool: ${name}`);
+}
+async function wrapScript() {
+  const { config, path } = await loadConfigFile();
+  const name = await input2({ message: "Tool name:", required: true });
+  const scriptPath = await input2({ message: "Script path:", required: true });
+  const description = await input2({ message: "Description:", required: true });
+  const interpreter = await input2({ message: "Interpreter:", default: "node" });
+  const tool = {
+    type: "script",
+    name,
+    path: scriptPath,
+    description,
+    interpreter
+  };
+  config.tools.push(tool);
+  await saveConfig(config, path);
+  console.log(`Added script tool: ${name}`);
+}
+async function wrapImport(configFilePath) {
+  const { config, path } = await loadConfigFile();
+  const raw = await readFile3(resolve5(configFilePath), "utf8");
+  const desktopConfig = JSON.parse(raw);
+  const mcpServers = desktopConfig.mcpServers ?? {};
+  for (const [serverName, serverConfig] of Object.entries(mcpServers)) {
+    const sc = serverConfig;
+    const tool = {
+      type: "mcp",
+      name: serverName,
+      command: sc.command,
+      description: `Imported MCP server: ${serverName}`,
+      ...sc.args && { args: sc.args },
+      ...sc.env && { env: sc.env }
+    };
+    config.tools.push(tool);
+    console.log(`  Imported: ${serverName}`);
+  }
+  await saveConfig(config, path);
+  console.log(`
+Imported ${Object.keys(mcpServers).length} MCP servers.`);
+}
+async function unwrapTool(name) {
+  const { config, path } = await loadConfigFile();
+  const idx = config.tools.findIndex((t) => t.name === name);
+  if (idx === -1) {
+    console.error(`Tool not found: ${name}`);
+    process.exitCode = 1;
+    return;
+  }
+  config.tools.splice(idx, 1);
+  await saveConfig(config, path);
+  console.log(`Removed tool: ${name}`);
+}
+async function generateServerPairingCode(configPath) {
+  const { config } = await loadConfigFile(configPath);
+  const port = config.server.port;
+  try {
+    const res = await fetch(`http://localhost:${port}/auth/pair/generate`);
+    if (!res.ok) {
+      const body = await res.text();
+      throw new Error(`Server returned ${res.status}: ${body}`);
+    }
+    const data = await res.json();
+    console.log(`
+Pairing code: ${data.code}`);
+    console.log(`Expires in ${data.expiresIn / 60} minutes.`);
+  } catch (e) {
+    if (e.message.includes("fetch failed") || e.message.includes("ECONNREFUSED")) {
+      console.error("Server is not running. Start it with: gigai start");
+    } else {
+      console.error(`Error: ${e.message}`);
+    }
+    process.exitCode = 1;
+  }
+}
+var execFileAsync3 = promisify3(execFile3);
+function getGigaiBin() {
+  return process.argv[1] ?? "gigai";
+}
+function getNodeBin() {
+  return process.execPath;
+}
+function getLaunchdPlist(configPath) {
+  const nodeBin = getNodeBin();
+  const bin = getGigaiBin();
+  const currentPath = process.env.PATH ?? "/usr/local/bin:/usr/bin:/bin";
+  return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>com.gigai.server</string>
+  <key>EnvironmentVariables</key>
+  <dict>
+    <key>PATH</key>
+    <string>${currentPath}</string>
+  </dict>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${nodeBin}</string>
+    <string>${bin}</string>
+    <string>start</string>
+    <string>--config</string>
+    <string>${configPath}</string>
+  </array>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardOutPath</key>
+  <string>${join3(homedir(), ".gigai", "server.log")}</string>
+  <key>StandardErrorPath</key>
+  <string>${join3(homedir(), ".gigai", "server.log")}</string>
+  <key>WorkingDirectory</key>
+  <string>${homedir()}</string>
+</dict>
+</plist>
+`;
+}
+function getSystemdUnit(configPath) {
+  const bin = getGigaiBin();
+  return `[Unit]
+Description=gigai server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=${bin} start --config ${configPath}
+Restart=always
+RestartSec=5
+WorkingDirectory=${homedir()}
+
+[Install]
+WantedBy=default.target
+`;
+}
+async function installDaemon(configPath) {
+  const config = resolve6(configPath ?? "gigai.config.json");
+  const os = platform();
+  if (os === "darwin") {
+    const plistPath = join3(homedir(), "Library", "LaunchAgents", "com.gigai.server.plist");
+    await writeFile4(plistPath, getLaunchdPlist(config));
+    console.log(`  Wrote launchd plist: ${plistPath}`);
+    try {
+      await execFileAsync3("launchctl", ["load", plistPath]);
+      console.log("  Service loaded and started.");
+    } catch {
+      console.log(`  Load it with: launchctl load ${plistPath}`);
+    }
+    console.log(`  Logs: ~/.gigai/server.log`);
+    console.log(`  Stop:  launchctl unload ${plistPath}`);
+  } else if (os === "linux") {
+    const unitDir = join3(homedir(), ".config", "systemd", "user");
+    const unitPath = join3(unitDir, "gigai.service");
+    const { mkdir: mkdir2 } = await import("fs/promises");
+    await mkdir2(unitDir, { recursive: true });
+    await writeFile4(unitPath, getSystemdUnit(config));
+    console.log(`  Wrote systemd unit: ${unitPath}`);
+    try {
+      await execFileAsync3("systemctl", ["--user", "daemon-reload"]);
+      await execFileAsync3("systemctl", ["--user", "enable", "--now", "gigai"]);
+      console.log("  Service enabled and started.");
+    } catch {
+      console.log("  Enable it with: systemctl --user enable --now gigai");
+    }
+    console.log(`  Logs:   journalctl --user -u gigai -f`);
+    console.log(`  Stop:   systemctl --user stop gigai`);
+    console.log(`  Remove: systemctl --user disable gigai`);
+  } else {
+    console.log("  Persistent daemon not supported on this platform.");
+    console.log("  Run 'gigai start' manually.");
+  }
+}
+async function uninstallDaemon() {
+  const os = platform();
+  if (os === "darwin") {
+    const plistPath = join3(homedir(), "Library", "LaunchAgents", "com.gigai.server.plist");
+    try {
+      await execFileAsync3("launchctl", ["unload", plistPath]);
+    } catch {
+    }
+    const { unlink: unlink2 } = await import("fs/promises");
+    try {
+      await unlink2(plistPath);
+      console.log("  Service removed.");
+    } catch {
+      console.log("  No service found.");
+    }
+  } else if (os === "linux") {
+    try {
+      await execFileAsync3("systemctl", ["--user", "disable", "--now", "gigai"]);
+    } catch {
+    }
+    const unitPath = join3(homedir(), ".config", "systemd", "user", "gigai.service");
+    const { unlink: unlink2 } = await import("fs/promises");
+    try {
+      await unlink2(unitPath);
+      await execFileAsync3("systemctl", ["--user", "daemon-reload"]);
+      console.log("  Service removed.");
+    } catch {
+      console.log("  No service found.");
+    }
+  }
+}
+async function stopServer() {
+  const { execFileSync } = await import("child_process");
+  let pids = [];
+  try {
+    const out = execFileSync("pgrep", ["-f", "gigai start"], { encoding: "utf8" });
+    pids = out.trim().split("\n").map(Number).filter((pid) => pid && pid !== process.pid);
+  } catch {
+  }
+  if (pids.length === 0) {
+    console.log("No running gigai server found.");
+    return;
+  }
+  for (const pid of pids) {
+    try {
+      process.kill(pid, "SIGTERM");
+      console.log(`Stopped gigai server (PID ${pid})`);
+    } catch (e) {
+      console.error(`Failed to stop PID ${pid}: ${e.message}`);
+    }
+  }
+}
+async function startServer() {
+  const { values } = parseArgs({
+    options: {
+      config: { type: "string", short: "c" },
+      dev: { type: "boolean", default: false }
+    },
+    strict: false
+  });
+  const config = await loadConfig(values.config);
+  const server = await createServer({ config, dev: values.dev });
+  const port = config.server.port;
+  const host = config.server.host;
+  await server.listen({ port, host });
+  server.log.info(`gigai server listening on ${host}:${port}`);
+  let cfTunnel;
+  const httpsProvider = config.server.https?.provider;
+  if (httpsProvider === "tailscale") {
+    try {
+      const funnelUrl = await enableFunnel(port);
+      server.log.info(`Tailscale Funnel enabled: ${funnelUrl}`);
+    } catch (e) {
+      server.log.error(`Failed to enable Tailscale Funnel: ${e.message}`);
+    }
+  } else if (httpsProvider === "cloudflare") {
+    try {
+      const tunnelName = config.server.https.tunnelName;
+      cfTunnel = runTunnel(tunnelName, port);
+      server.log.info(`Cloudflare Tunnel started: ${tunnelName}`);
+    } catch (e) {
+      server.log.error(`Failed to start Cloudflare Tunnel: ${e.message}`);
+    }
+  }
+  const shutdown = async () => {
+    server.log.info("Shutting down...");
+    if (httpsProvider === "tailscale") {
+      try {
+        await disableFunnel(port);
+      } catch {
+      }
+    }
+    if (cfTunnel) {
+      try {
+        cfTunnel.kill();
+      } catch {
+      }
+    }
+    await server.close();
+    process.exit(0);
+  };
+  process.on("SIGTERM", shutdown);
+  process.on("SIGINT", shutdown);
+}
+export {
+  createServer,
+  generateServerPairingCode,
+  installDaemon,
+  loadConfig,
+  runInit,
+  startServer,
+  stopServer,
+  uninstallDaemon,
+  unwrapTool,
+  wrapCli,
+  wrapImport,
+  wrapMcp,
+  wrapScript
+};