@seqyuan/annodex 0.1.10 → 0.1.12

package/app/api/files/[...path]/route.ts

@@ -0,0 +1,621 @@
+import { NextRequest, NextResponse } from "next/server";
+import fs from "fs";
+import path from "path";
+import { listAllSessions } from "@/lib/session-reader";
+
+const IGNORED_NAMES = new Set([
+  "node_modules", ".git", ".next", "dist", "build", "__pycache__",
+  ".turbo", ".cache", "coverage", ".pytest_cache", ".mypy_cache",
+  "target", "vendor", ".DS_Store", ".git",
+]);
+
+const IGNORED_SUFFIXES = [".pyc"];
+
+const TEXT_PREVIEW_MAX_BYTES = 256 * 1024;
+const TABLE_PREVIEW_MAX_BYTES = 2 * 1024 * 1024;
+const LONG_TEXT_PREVIEW_MAX_BYTES = 2 * 1024 * 1024;
+const IMAGE_PREVIEW_MAX_BYTES = 10 * 1024 * 1024;
+
+const IMAGE_EXT_TO_MIME: Record<string, string> = {
+  png: "image/png",
+  jpg: "image/jpeg",
+  jpeg: "image/jpeg",
+  gif: "image/gif",
+  webp: "image/webp",
+  svg: "image/svg+xml",
+  bmp: "image/bmp",
+  ico: "image/x-icon",
+  avif: "image/avif",
+};
+
+const AUDIO_EXT_TO_MIME: Record<string, string> = {
+  mp3: "audio/mpeg",
+  wav: "audio/wav",
+  ogg: "audio/ogg",
+  oga: "audio/ogg",
+  opus: "audio/ogg",
+  m4a: "audio/mp4",
+  aac: "audio/aac",
+  flac: "audio/flac",
+  weba: "audio/webm",
+  webm: "audio/webm",
+};
+
+const DOC_EXT_TO_MIME: Record<string, string> = {
+  pdf: "application/pdf",
+  docx: "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  xlsx: "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+  pptx: "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  xls: "application/vnd.ms-excel",
+  doc: "application/msword",
+  ppt: "application/vnd.ms-powerpoint",
+};
+
+const DOC_PREVIEW_MAX_BYTES = 50 * 1024 * 1024; // 50MB
+const UPLOAD_MAX_FILE_BYTES = 50 * 1024 * 1024; // 50MB
+const UPLOAD_MAX_TOTAL_BYTES = 200 * 1024 * 1024; // 200MB
+
+function getExt(filePath: string): string {
+  const ext = path.basename(filePath).toLowerCase().split(".").pop() ?? "";
+  return ext;
+}
+
+function getImageMime(filePath: string): string | null {
+  return IMAGE_EXT_TO_MIME[getExt(filePath)] ?? null;
+}
+
+function getAudioMime(filePath: string): string | null {
+  return AUDIO_EXT_TO_MIME[getExt(filePath)] ?? null;
+}
+
+function getDocMime(filePath: string): string | null {
+  return DOC_EXT_TO_MIME[getExt(filePath)] ?? null;
+}
+
+const EXT_TO_LANGUAGE: Record<string, string> = {
+  ts: "typescript", tsx: "typescript", js: "javascript", jsx: "javascript",
+  mjs: "javascript", cjs: "javascript", py: "python", rb: "ruby",
+  go: "go", rs: "rust", java: "java", kt: "kotlin", swift: "swift",
+  c: "c", cpp: "cpp", h: "c", hpp: "cpp", cs: "csharp",
+  html: "html", htm: "html", css: "css", scss: "css", less: "css",
+  json: "json", jsonl: "json", yaml: "yaml", yml: "yaml",
+  toml: "toml", xml: "xml", md: "markdown", mdx: "markdown",
+  csv: "csv", tsv: "tsv",
+  log: "text",
+  sh: "bash", bash: "bash", zsh: "bash", fish: "bash",
+  sql: "sql", graphql: "graphql", gql: "graphql",
+  dockerfile: "dockerfile", tf: "hcl", hcl: "hcl",
+  env: "bash", gitignore: "bash", txt: "text",
+};
+
+function getLanguage(filePath: string): string {
+  const base = path.basename(filePath).toLowerCase();
+  // Special full-name matches
+  if (base === "dockerfile" || base.startsWith("dockerfile.")) return "dockerfile";
+  if (base === ".env" || base.startsWith(".env.")) return "bash";
+  if (base === "makefile" || base === "gnumakefile") return "makefile";
+  const ext = base.split(".").pop() ?? "";
+  return EXT_TO_LANGUAGE[ext] ?? "text";
+}
+
+function getTextPreviewLimit(filePath: string): number {
+  const ext = getExt(filePath);
+  if (ext === "csv" || ext === "tsv") return TABLE_PREVIEW_MAX_BYTES;
+  if (ext === "md" || ext === "mdx" || ext === "txt" || ext === "log") return LONG_TEXT_PREVIEW_MAX_BYTES;
+  return TEXT_PREVIEW_MAX_BYTES;
+}
+
+function formatLimit(bytes: number): string {
+  const mb = bytes / 1024 / 1024;
+  if (mb >= 1) return `${Math.round(mb * 10) / 10}MB`;
+  return `${Math.round(bytes / 1024)}KB`;
+}
+
+function sanitizeUploadName(name: string): string | null {
+  const clean = name.replace(/\0/g, "").trim();
+  if (!clean || clean === "." || clean === "..") return null;
+  if (clean.includes("/") || clean.includes("\\")) return null;
+  return clean;
+}
+
+function getUploadCandidate(dirPath: string, fileName: string, index: number): { name: string; path: string } {
+  const ext = path.extname(fileName);
+  const stem = fileName.slice(0, fileName.length - ext.length) || fileName;
+  const name = index === 0 ? fileName : `${stem} (${index})${ext}`;
+  return { name, path: path.join(dirPath, name) };
+}
+
+function isNodeFileError(error: unknown, code: string): boolean {
+  return typeof error === "object" && error !== null && "code" in error && error.code === code;
+}
+
+function isFormUploadFile(value: FormDataEntryValue): value is File {
+  return (
+    typeof value === "object" &&
+    value !== null &&
+    "name" in value &&
+    "size" in value &&
+    "arrayBuffer" in value
+  );
+}
+
+// Short-TTL cache for the allowed-roots set. Without this, every file list/read
+// request re-scans every saved session just to check access. 5s is short
+// enough that newly-created cwds appear promptly; stored on globalThis so it
+// survives Next.js hot-reload.
+declare global {
+  var __annodexAllowedRootsCache: { roots: Set<string>; expiresAt: number } | undefined;
+}
+
+const ALLOWED_ROOTS_TTL_MS = 5_000;
+const WINDOWS_ABSOLUTE_RE = /^[a-zA-Z]:[\\/]/;
+
+function normalizeSlashes(filePath: string): string {
+  return filePath.replace(/\\/g, "/");
+}
+
+function isWindowsAbsolutePath(filePath: string): boolean {
+  return WINDOWS_ABSOLUTE_RE.test(filePath) || filePath.startsWith("\\\\") || filePath.startsWith("//");
+}
+
+function filePathFromSegments(segments: string[]): string {
+  const joined = segments.join("/");
+  const slashJoined = normalizeSlashes(joined);
+  if (isWindowsAbsolutePath(slashJoined)) return slashJoined;
+  return "/" + joined.replace(/^\/+/, "");
+}
+
+async function getAllowedRoots(): Promise<Set<string>> {
+  const now = Date.now();
+  const cached = globalThis.__annodexAllowedRootsCache;
+  if (cached && cached.expiresAt > now) return cached.roots;
+
+  const sessions = await listAllSessions();
+  const roots = new Set<string>();
+  for (const s of sessions) {
+    if (s.cwd) roots.add(s.cwd);
+  }
+  // Also allow manually registered projects and default workspace directories.
+  const home = (await import("os")).homedir();
+  const { existsSync, readFileSync, readdirSync } = await import("fs");
+  for (const registryPath of [
+    path.join(home, ".config", "annodex", "annodex-projects.json"),
+    path.join(home, ".config", "annodex", "annovibe-projects.json"),
+  ]) {
+    if (!existsSync(registryPath)) continue;
+    try {
+      const raw = JSON.parse(readFileSync(registryPath, "utf8")) as {
+        projects?: Record<string, { cwd?: unknown; hidden?: unknown }>;
+      };
+      for (const [key, record] of Object.entries(raw.projects ?? {})) {
+        if (record?.hidden === true) continue;
+        const cwd = typeof record?.cwd === "string" ? record.cwd : key;
+        if (cwd) roots.add(cwd);
+      }
+    } catch {
+      // ignore malformed project registry
+    }
+  }
+  for (const workspaceRoot of [
+    path.join(home, "annodex", "workspace"),
+    path.join(home, "annovibe", "workspace"),
+  ]) {
+    if (existsSync(workspaceRoot)) roots.add(workspaceRoot);
+  }
+  try {
+    for (const name of readdirSync(home)) {
+      if (/^pi-cwd-\d{8}$/.test(name)) {
+        roots.add(path.join(home, name));
+      }
+    }
+  } catch {
+    // ignore if home is unreadable
+  }
+
+  globalThis.__annodexAllowedRootsCache = { roots, expiresAt: now + ALLOWED_ROOTS_TTL_MS };
+  return roots;
+}
+
+function isPathAllowed(target: string, allowedRoots: Set<string>): boolean {
+  for (const root of allowedRoots) {
+    const useWindowsRules = isWindowsAbsolutePath(target) || isWindowsAbsolutePath(root);
+    const resolver = useWindowsRules ? path.win32 : path;
+    const sep = useWindowsRules ? "\\" : path.sep;
+    const normalized = resolver.resolve(target);
+    const normalizedRoot = resolver.resolve(root);
+    const comparable = useWindowsRules ? normalized.toLowerCase() : normalized;
+    const comparableRoot = useWindowsRules ? normalizedRoot.toLowerCase() : normalizedRoot;
+    const rootWithSep = comparableRoot.endsWith(sep) ? comparableRoot : comparableRoot + sep;
+    if (comparable === comparableRoot || comparable.startsWith(rootWithSep)) {
+      return true;
+    }
+  }
+  return false;
+}
+
+function createFileBodyStream(filePath: string, range?: { start: number; end: number }): ReadableStream<Uint8Array> {
+  const fileStream = fs.createReadStream(filePath, range);
+  let closed = false;
+
+  return new ReadableStream<Uint8Array>({
+    start(controller) {
+      fileStream.on("data", (chunk: Buffer) => {
+        if (closed) return;
+        try {
+          controller.enqueue(new Uint8Array(chunk));
+        } catch {
+          closed = true;
+          fileStream.destroy();
+        }
+      });
+      fileStream.once("end", () => {
+        if (closed) return;
+        closed = true;
+        try {
+          controller.close();
+        } catch {
+          // The browser may cancel media probes before the file stream ends.
+        }
+      });
+      fileStream.once("error", (error) => {
+        if (closed) return;
+        closed = true;
+        try {
+          controller.error(error);
+        } catch {
+          // The response was already abandoned by the client.
+        }
+      });
+    },
+    cancel() {
+      closed = true;
+      fileStream.destroy();
+    },
+  });
+}
+
+function streamFile(filePath: string, stat: fs.Stats, contentType: string, rangeHeader: string | null): Response {
+  const headers = {
+    "Content-Type": contentType,
+    "Cache-Control": "no-cache",
+    "Accept-Ranges": "bytes",
+  };
+
+  if (!rangeHeader) {
+    return new Response(createFileBodyStream(filePath), {
+      headers: {
+        ...headers,
+        "Content-Length": String(stat.size),
+      },
+    });
+  }
+
+  const match = /^bytes=(\d*)-(\d*)$/.exec(rangeHeader);
+  if (!match) {
+    return new Response(null, {
+      status: 416,
+      headers: {
+        ...headers,
+        "Content-Range": `bytes */${stat.size}`,
+      },
+    });
+  }
+
+  let start = match[1] ? Number(match[1]) : 0;
+  let end = match[2] ? Number(match[2]) : stat.size - 1;
+  if (!match[1] && match[2]) {
+    const suffixLength = Number(match[2]);
+    start = Math.max(stat.size - suffixLength, 0);
+    end = stat.size - 1;
+  }
+
+  if (!Number.isFinite(start) || !Number.isFinite(end) || start < 0 || end < start || start >= stat.size) {
+    return new Response(null, {
+      status: 416,
+      headers: {
+        ...headers,
+        "Content-Range": `bytes */${stat.size}`,
+      },
+    });
+  }
+
+  end = Math.min(end, stat.size - 1);
+  const chunkSize = end - start + 1;
+  return new Response(createFileBodyStream(filePath, { start, end }), {
+    status: 206,
+    headers: {
+      ...headers,
+      "Content-Length": String(chunkSize),
+      "Content-Range": `bytes ${start}-${end}/${stat.size}`,
+    },
+  });
+}
+
+export async function GET(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  try {
+    const { path: segments } = await params;
+    const filePath = filePathFromSegments(segments);
+    const type = request.nextUrl.searchParams.get("type") ?? "list";
+
+    const allowedRoots = await getAllowedRoots();
+    if (!isPathAllowed(filePath, allowedRoots)) {
+      return NextResponse.json({ error: "Access denied" }, { status: 403 });
+    }
+
+    let stat: fs.Stats;
+    try {
+      stat = fs.statSync(filePath);
+    } catch {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+
+    if (type === "read") {
+      if (!stat.isFile()) {
+        return NextResponse.json({ error: "Not a file" }, { status: 400 });
+      }
+      const imageMime = getImageMime(filePath);
+      if (imageMime) {
+        if (stat.size > IMAGE_PREVIEW_MAX_BYTES) {
+          return NextResponse.json({ error: "Image too large (>10MB)" }, { status: 413 });
+        }
+        return streamFile(filePath, stat, imageMime, request.headers.get("range"));
+      }
+      const audioMime = getAudioMime(filePath);
+      if (audioMime) {
+        return streamFile(filePath, stat, audioMime, request.headers.get("range"));
+      }
+      const docMime = getDocMime(filePath);
+      if (docMime) {
+        if (stat.size > DOC_PREVIEW_MAX_BYTES) {
+          return NextResponse.json({ error: "Document too large (>50MB)" }, { status: 413 });
+        }
+        return streamFile(filePath, stat, docMime, request.headers.get("range"));
+      }
+      const textPreviewLimit = getTextPreviewLimit(filePath);
+      if (stat.size > textPreviewLimit) {
+        return NextResponse.json({ error: `File too large for preview (>${Math.round(textPreviewLimit / 1024 / 1024 * 10) / 10}MB)` }, { status: 413 });
+      }
+      const content = fs.readFileSync(filePath, "utf-8");
+      const language = getLanguage(filePath);
+      return NextResponse.json({ content, language, size: stat.size, mtime: stat.mtime.toISOString() });
+    }
+
+    if (type === "watch") {
+      if (!stat.isFile()) {
+        return NextResponse.json({ error: "Not a file" }, { status: 400 });
+      }
+      let watcher: fs.FSWatcher | null = null;
+      const stream = new ReadableStream({
+        start(controller) {
+          const send = (eventName: string, data: Record<string, unknown>) => {
+            const payload = `event: ${eventName}\ndata: ${JSON.stringify(data)}\n\n`;
+            try {
+              controller.enqueue(new TextEncoder().encode(payload));
+            } catch {
+              // client disconnected
+            }
+          };
+          // Send initial ping so client knows connection is live
+          send("connected", { filePath });
+          try {
+            watcher = fs.watch(filePath, () => {
+              try {
+                const s = fs.statSync(filePath);
+                send("change", { mtime: s.mtime.toISOString(), size: s.size });
+              } catch {
+                send("change", { mtime: new Date().toISOString(), size: 0 });
+              }
+            });
+            watcher.on("error", () => {
+              try { controller.close(); } catch { /* ignore */ }
+            });
+          } catch {
+            send("error", { message: "Failed to watch file" });
+            controller.close();
+          }
+        },
+        cancel() {
+          try { watcher?.close(); } catch { /* ignore */ }
+        },
+      });
+      return new Response(stream, {
+        headers: {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache, no-transform",
+          Connection: "keep-alive",
+          "X-Accel-Buffering": "no",
+        },
+      });
+    }
+
+    // type === "list"
+    if (!stat.isDirectory()) {
+      return NextResponse.json({ error: "Not a directory" }, { status: 400 });
+    }
+
+    const names = fs.readdirSync(filePath);
+    const entries = names
+      .filter((name) => !IGNORED_NAMES.has(name) && !IGNORED_SUFFIXES.some((s) => name.endsWith(s)))
+      .map((name) => {
+        const full = path.join(filePath, name);
+        try {
+          const s = fs.statSync(full);
+          return {
+            name,
+            isDir: s.isDirectory(),
+            size: s.isFile() ? s.size : 0,
+            modified: s.mtime.toISOString(),
+          };
+        } catch {
+          return null;
+        }
+      })
+      .filter(Boolean)
+      .sort((a, b) => {
+        // Dirs first, then files, both alphabetically
+        if (a!.isDir !== b!.isDir) return a!.isDir ? -1 : 1;
+        return a!.name.localeCompare(b!.name);
+      });
+
+    return NextResponse.json({ entries, path: filePath });
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 });
+  }
+}
+
+export async function PUT(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  try {
+    const { path: segments } = await params;
+    const filePath = filePathFromSegments(segments);
+
+    const allowedRoots = await getAllowedRoots();
+    if (!isPathAllowed(filePath, allowedRoots)) {
+      return NextResponse.json({ error: "Access denied" }, { status: 403 });
+    }
+
+    let stat: fs.Stats;
+    try {
+      stat = fs.statSync(filePath);
+    } catch {
+      return NextResponse.json({ error: "Not found" }, { status: 404 });
+    }
+
+    if (!stat.isFile()) {
+      return NextResponse.json({ error: "Not a file" }, { status: 400 });
+    }
+
+    const body = await request.json() as { content?: string; baseMtime?: string };
+    if (typeof body.content !== "string") {
+      return NextResponse.json({ error: "Missing 'content' field" }, { status: 400 });
+    }
+
+    if (body.baseMtime && body.baseMtime !== stat.mtime.toISOString()) {
+      return NextResponse.json({
+        error: "File changed on disk since it was opened",
+        conflict: true,
+        mtime: stat.mtime.toISOString(),
+      }, { status: 409 });
+    }
+
+    const textLimit = getTextPreviewLimit(filePath);
+    if (Buffer.byteLength(body.content, "utf-8") > textLimit) {
+      return NextResponse.json({ error: `Content too large (>${formatLimit(textLimit)})` }, { status: 413 });
+    }
+
+    fs.writeFileSync(filePath, body.content, "utf-8");
+    return NextResponse.json({ success: true, mtime: fs.statSync(filePath).mtime.toISOString() });
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 });
+  }
+}
+
+export async function POST(
+  request: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  try {
+    const { path: segments } = await params;
+    const dirPath = filePathFromSegments(segments);
+    const type = request.nextUrl.searchParams.get("type");
+
+    if (type !== "upload") {
+      return NextResponse.json({ error: "Unsupported operation" }, { status: 400 });
+    }
+
+    const allowedRoots = await getAllowedRoots();
+    if (!isPathAllowed(dirPath, allowedRoots)) {
+      return NextResponse.json({ error: "Access denied" }, { status: 403 });
+    }
+
+    let stat: fs.Stats;
+    try {
+      stat = fs.statSync(dirPath);
+    } catch {
+      return NextResponse.json({ error: "Target directory not found" }, { status: 404 });
+    }
+
+    if (!stat.isDirectory()) {
+      return NextResponse.json({ error: "Target is not a directory" }, { status: 400 });
+    }
+
+    try {
+      fs.accessSync(dirPath, fs.constants.W_OK);
+    } catch {
+      return NextResponse.json({ error: "No write permission for target directory" }, { status: 403 });
+    }
+
+    const formData = await request.formData();
+    const values = formData.getAll("files");
+    const files = values.filter(isFormUploadFile);
+    if (files.length === 0) {
+      return NextResponse.json({ error: "No files uploaded" }, { status: 400 });
+    }
+
+    const totalBytes = files.reduce((sum, file) => sum + file.size, 0);
+    if (totalBytes > UPLOAD_MAX_TOTAL_BYTES) {
+      return NextResponse.json({ error: "Upload batch too large (>200MB)" }, { status: 413 });
+    }
+
+    const uploaded: Array<{ originalName: string; name: string; path: string; size: number }> = [];
+    const failed: Array<{ name: string; error: string }> = [];
+
+    for (const file of files) {
+      const originalName = file.name || "untitled";
+      const safeName = sanitizeUploadName(originalName);
+      if (!safeName) {
+        failed.push({ name: originalName, error: "Invalid file name" });
+        continue;
+      }
+      if (file.size > UPLOAD_MAX_FILE_BYTES) {
+        failed.push({ name: originalName, error: "File too large (>50MB)" });
+        continue;
+      }
+
+      try {
+        const buffer = Buffer.from(await file.arrayBuffer());
+        let saved = false;
+        for (let attempt = 0; attempt < 1000; attempt += 1) {
+          const target = getUploadCandidate(dirPath, safeName, attempt);
+          try {
+            fs.writeFileSync(target.path, buffer, { flag: "wx" });
+            uploaded.push({
+              originalName,
+              name: target.name,
+              path: target.path,
+              size: file.size,
+            });
+            saved = true;
+            break;
+          } catch (error) {
+            if (isNodeFileError(error, "EEXIST")) continue;
+            throw error;
+          }
+        }
+        if (!saved) {
+          failed.push({ name: originalName, error: "Could not find an available file name" });
+        }
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (message.includes("EACCES") || message.includes("EPERM")) {
+          failed.push({ name: originalName, error: "No write permission" });
+        } else {
+          failed.push({ name: originalName, error: message });
+        }
+      }
+    }
+
+    return NextResponse.json({
+      success: failed.length === 0,
+      uploaded,
+      failed,
+    }, { status: uploaded.length > 0 ? 200 : 400 });
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 });
+  }
+}

package/app/api/harness/route.ts

@@ -0,0 +1,47 @@
+import { NextResponse } from "next/server";
+import { readFileSync, writeFileSync, existsSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+
+function getConfigDir(): string {
+  return join(homedir(), ".config", "annodex");
+}
+
+function getHarnessPath(): string {
+  const dir = getConfigDir();
+  const upper = join(dir, "HARNESS.md");
+  const lower = join(dir, "harness.md");
+  // Read: uppercase first, fall back to lowercase
+  if (existsSync(upper)) return upper;
+  return lower;
+}
+
+// GET /api/harness — read global HARNESS.md
+export async function GET() {
+  try {
+    const path = getHarnessPath();
+    if (!existsSync(path)) {
+      return NextResponse.json({ content: "", exists: false });
+    }
+    const content = readFileSync(path, "utf-8");
+    return NextResponse.json({ content, exists: true, size: Buffer.byteLength(content, "utf-8") });
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 });
+  }
+}
+
+// PUT /api/harness — write global HARNESS.md (always uppercase)
+export async function PUT(req: Request) {
+  try {
+    const body = await req.json() as { content?: string };
+    if (typeof body.content !== "string") {
+      return NextResponse.json({ error: "Missing 'content' field" }, { status: 400 });
+    }
+    // Always write uppercase
+    const path = join(getConfigDir(), "HARNESS.md");
+    writeFileSync(path, body.content, "utf-8");
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    return NextResponse.json({ error: String(error) }, { status: 500 });
+  }
+}

package/app/api/home/route.ts

@@ -0,0 +1,6 @@
+import { NextResponse } from "next/server";
+import { homedir } from "os";
+
+export async function GET() {
+  return NextResponse.json({ home: homedir() });
+}

package/app/api/internal/runtime/route.ts

@@ -0,0 +1,26 @@
+import { NextResponse } from "next/server";
+import { getRuntimeStatus } from "@/lib/rpc-manager";
+
+export const dynamic = "force-dynamic";
+
+const CURRENT_VERSION = process.env.NEXT_PUBLIC_APP_VERSION ?? "0.0.0";
+
+function isAuthorized(req: Request): boolean {
+  const token = process.env.ANNODEX_INTERNAL_TOKEN ?? process.env.ANNOVIBE_INTERNAL_TOKEN;
+  if (!token) return false;
+  return req.headers.get("x-annodex-internal-token") === token
+    || req.headers.get("x-annovibe-internal-token") === token;
+}
+
+export async function GET(req: Request) {
+  if (!isAuthorized(req)) {
+    return NextResponse.json({ error: "Forbidden" }, { status: 403 });
+  }
+
+  return NextResponse.json({
+    runningVersion: CURRENT_VERSION,
+    pid: process.pid,
+    uptimeSeconds: Math.round(process.uptime()),
+    ...getRuntimeStatus(),
+  });
+}