@simonyea/holysheep-cli 2.1.40 → 2.1.42

package/src/webui/aionui-wrapper.js

@@ -1,734 +0,0 @@
-/**
- * AionUi wrapper — zero-dep Node http proxy in front of AionUi.
- *
- * Architecture:
- *   user browser :9876 (this wrapper)
- *     ├─ POST /api/auth/holysheep-login      → validate HS key, mint bootstrap token
- *     ├─ GET  /api/auth/holysheep-bootstrap  → loopback-only, one-shot, copy AionUi cookie, 302 /
- *     ├─ GET  /api/holysheep/status|tools|config
- *     ├─ POST /api/holysheep/login (alias for holysheep-login, convenience)
- *     ├─ POST /api/holysheep/setup/:tool, install, launch, configure, reset
- *     └─ *                                    → proxied to AionUi 127.0.0.1:<internalPort>
- *                                                  + WebSocket upgrade support
- *
- * Security invariants:
- *   - AionUi server binds 127.0.0.1 only (ALLOW_REMOTE never set)
- *   - /api/auth/holysheep-bootstrap refuses non-loopback remoteAddress
- *   - /api/auth/holysheep-bootstrap refuses X-Forwarded-For / X-Real-IP
- *   - Bootstrap tokens: single-use, ≤ 30s TTL, 24-byte CSRNG random
- *   - Bridge admin credential file perms enforced 0600, startup refuses otherwise
- *   - Bridge credential never logged — only the masked form
- *
- * Vendor independence:
- *   AionUi's dist-server/server.mjs is NEVER modified. We speak HTTP to it.
- */
-
-'use strict'
-
-const http = require('http')
-const net = require('net')
-const fs = require('fs')
-const path = require('path')
-const os = require('os')
-const crypto = require('crypto')
-const { execSync, spawn } = require('child_process')
-
-const {
-  getApiKey, loadConfig, saveConfig,
-  BASE_URL_OPENAI,
-} = require('../utils/config')
-
-// ── Constants ────────────────────────────────────────────────────────────────
-
-const BRIDGE_DIR = path.join(os.homedir(), '.holysheep')
-const BRIDGE_CRED_FILE = path.join(BRIDGE_DIR, 'aionui-bridge.json')
-const TOKEN_TTL_MS = 30_000
-const INTERNAL_PORT_START = 9877
-const INTERNAL_PORT_TRIES = 10
-// First launch on Windows spends 30-40s in Defender + bun JIT + sqlite init,
-// so 25s was flaking on cold boxes. Align with the old standalone spawn path.
-const UPSTREAM_STARTUP_TIMEOUT_MS = Number(process.env.HS_WEB_STARTUP_TIMEOUT_MS) || 60_000
-const UPSTREAM_CONNECT_TIMEOUT_MS = 30_000
-const AIONUI_LOG_TAIL_BYTES = 4096
-
-// Bootstrap token store — Map<token, { createdAt, used }>
-const bootstrapTokens = new Map()
-
-// Periodic GC so idle wrappers don't grow memory unboundedly. .unref() so the
-// timer doesn't block process exit on SIGINT. No-op if TTL-cleanup already
-// happened via the lazy path in pruneExpiredTokens().
-let tokenCleanupInterval = null
-function startTokenCleanup() {
-  if (tokenCleanupInterval) return
-  tokenCleanupInterval = setInterval(() => pruneExpiredTokens(), 60_000)
-  if (typeof tokenCleanupInterval.unref === 'function') tokenCleanupInterval.unref()
-}
-
-// Cached AionUi session cookie obtained by internal /login. Refreshed lazily.
-let cachedAionUiCookie = null
-let cachedAionUiCookieAt = 0
-const AIONUI_COOKIE_TTL_MS = 10 * 60 * 1000
-
-// ── Helpers ──────────────────────────────────────────────────────────────────
-
-function log(msg) {
-  // eslint-disable-next-line no-console
-  console.log(`[holysheep-web] ${msg}`)
-}
-
-function randomToken(bytes = 24) {
-  return crypto.randomBytes(bytes).toString('hex')
-}
-
-function randomPassword() {
-  // 24-char URL-safe password. Long enough for bcrypt, avoids shell-meta headaches.
-  return crypto.randomBytes(18).toString('base64').replace(/[+/=]/g, '').slice(0, 24)
-}
-
-function nowMs() { return Date.now() }
-
-function isLoopbackRequest(req) {
-  if (req.headers['x-forwarded-for']) return false
-  if (req.headers['x-real-ip']) return false
-  const addr = req.socket.remoteAddress || ''
-  return addr === '127.0.0.1' || addr === '::1' || addr === '::ffff:127.0.0.1'
-}
-
-function sendJson(res, statusCode, body) {
-  const payload = JSON.stringify(body)
-  res.writeHead(statusCode, {
-    'Content-Type': 'application/json; charset=utf-8',
-    'Content-Length': Buffer.byteLength(payload),
-  })
-  res.end(payload)
-}
-
-function readBody(req, maxBytes = 1024 * 512) {
-  return new Promise((resolve, reject) => {
-    let size = 0
-    const chunks = []
-    req.on('data', (c) => {
-      size += c.length
-      if (size > maxBytes) {
-        reject(new Error('payload too large'))
-        try { req.destroy() } catch {}
-        return
-      }
-      chunks.push(c)
-    })
-    req.on('end', () => {
-      try {
-        const raw = Buffer.concat(chunks).toString('utf8')
-        if (!raw) return resolve({})
-        if (req.headers['content-type']?.includes('application/json')) {
-          return resolve(JSON.parse(raw))
-        }
-        resolve({ _raw: raw })
-      } catch (e) { reject(e) }
-    })
-    req.on('error', reject)
-  })
-}
-
-function pruneExpiredTokens() {
-  const now = nowMs()
-  for (const [t, meta] of bootstrapTokens) {
-    if (meta.used || now - meta.createdAt > TOKEN_TTL_MS) {
-      bootstrapTokens.delete(t)
-    }
-  }
-}
-
-// ── Bridge credential: persistent admin user for AionUi internal /login ──────
-
-function ensureBridgeDir() {
-  if (!fs.existsSync(BRIDGE_DIR)) fs.mkdirSync(BRIDGE_DIR, { recursive: true, mode: 0o700 })
-}
-
-function loadBridgeCredentials() {
-  if (!fs.existsSync(BRIDGE_CRED_FILE)) return null
-  try {
-    // Enforce 0600 perms — world-readable bridge creds defeat the whole loopback story
-    const stat = fs.statSync(BRIDGE_CRED_FILE)
-    if (process.platform !== 'win32' && (stat.mode & 0o077)) {
-      throw new Error(
-        `Refusing to read ${BRIDGE_CRED_FILE} with perms ${(stat.mode & 0o777).toString(8)} — ` +
-        `must be 0600. Run: chmod 600 ${BRIDGE_CRED_FILE}`
-      )
-    }
-    return JSON.parse(fs.readFileSync(BRIDGE_CRED_FILE, 'utf8'))
-  } catch (e) {
-    if (e.message.startsWith('Refusing')) throw e
-    return null
-  }
-}
-
-function saveBridgeCredentials(creds) {
-  ensureBridgeDir()
-  fs.writeFileSync(BRIDGE_CRED_FILE, JSON.stringify(creds, null, 2), { mode: 0o600 })
-  if (process.platform !== 'win32') {
-    try { fs.chmodSync(BRIDGE_CRED_FILE, 0o600) } catch {}
-  }
-}
-
-/**
- * The vendored AionUi v1.9.17 build has already been customized upstream so
- * that `POST /login` accepts `{ apiKey }` (NOT username/password) and validates
- * against HolySheep. That means the wrapper does NOT need to provision or
- * maintain a bridge admin password at all — we simply forward the HS API key
- * to AionUi's own /login endpoint.
- *
- * The `loadBridgeCredentials()` / `saveBridgeCredentials()` helpers remain
- * above as a fallback codepath for any AionUi build that still uses legacy
- * username/password auth. When the vendored build is HolySheep-aware
- * (detected below), we prefer the direct apiKey-to-/login path.
- */
-function detectHolySheepAionUi(runtimeDir) {
-  try {
-    const serverPath = path.join(runtimeDir, 'dist-server', 'server.mjs')
-    // Scan for the HolySheep validation marker — fast regex, file is large
-    // but we stop after finding the first match.
-    const buf = fs.readFileSync(serverPath, 'utf8')
-    return buf.includes('validateHolySheepApiKey') ||
-           buf.includes('HolySheep API key is required') ||
-           buf.includes('HOLYSHEEP_PROVIDER_NAME')
-  } catch { return false }
-}
-
-// ── Validate HolySheep API key ───────────────────────────────────────────────
-
-async function validateHolySheepKey(apiKey) {
-  // Reuse the same validation contract as `hs login`: GET /v1/models with Bearer.
-  const fetch = require('node-fetch')
-  try {
-    const res = await fetch(`${BASE_URL_OPENAI}/models`, {
-      method: 'GET',
-      headers: { Authorization: `Bearer ${apiKey}`, 'Content-Type': 'application/json' },
-      timeout: 15_000,
-    })
-    return res.status === 200
-  } catch {
-    return false
-  }
-}
-
-// ── AionUi internal login: mint a cookie we can hand to the browser ──────────
-
-/**
- * POST the HolySheep API key to the internal AionUi /login endpoint.
- * AionUi's customized build (detectHolySheepAionUi above) accepts
- * `{ apiKey: 'cr_...' }` and returns a JWT cookie via Set-Cookie.
- * Works for vendored v1.9.17 and any future build that preserves this contract.
- */
-function aionuiInternalLoginWithApiKey({ internalPort, apiKey }) {
-  return new Promise((resolve, reject) => {
-    const body = JSON.stringify({ apiKey })
-    const req = http.request({
-      host: '127.0.0.1', port: internalPort, path: '/login', method: 'POST',
-      headers: {
-        'Content-Type': 'application/json',
-        'Content-Length': Buffer.byteLength(body),
-      },
-      timeout: 15_000,
-    }, (res) => {
-      let buf = ''
-      res.on('data', (c) => { buf += c.toString() })
-      res.on('end', () => {
-        if (res.statusCode !== 200) {
-          return reject(new Error(`HolySheep runtime /login returned ${res.statusCode}: ${buf.slice(0, 200)}`))
-        }
-        const setCookie = res.headers['set-cookie']
-        if (!setCookie || setCookie.length === 0) {
-          return reject(new Error('HolySheep runtime /login succeeded but no Set-Cookie header returned'))
-        }
-        resolve(setCookie)
-      })
-    })
-    req.on('error', reject)
-    req.setTimeout(15_000, () => { req.destroy(new Error('HolySheep runtime /login timed out')) })
-    req.write(body)
-    req.end()
-  })
-}
-
-async function getAionUiCookieFresh({ internalPort }) {
-  if (cachedAionUiCookie && nowMs() - cachedAionUiCookieAt < AIONUI_COOKIE_TTL_MS) {
-    return cachedAionUiCookie
-  }
-  const apiKey = getApiKey()
-  if (!apiKey) throw new Error('no HolySheep API key — call /api/auth/holysheep-login first')
-  const cookies = await aionuiInternalLoginWithApiKey({ internalPort, apiKey })
-  cachedAionUiCookie = cookies
-  cachedAionUiCookieAt = nowMs()
-  return cookies
-}
-
-// ── Wrapper endpoint handlers ────────────────────────────────────────────────
-
-async function handleHolySheepLogin(req, res) {
-  try {
-    const body = await readBody(req)
-    const apiKey = (body.apiKey || '').trim()
-    if (!apiKey || !apiKey.startsWith('cr_')) {
-      return sendJson(res, 400, { success: false, message: 'API Key must start with cr_' })
-    }
-    const valid = await validateHolySheepKey(apiKey)
-    if (!valid) return sendJson(res, 401, { success: false, message: 'HolySheep API key invalid' })
-    saveConfig({ apiKey, savedAt: new Date().toISOString() })
-
-    // Issue bootstrap token. Browser will hit /api/auth/holysheep-bootstrap next.
-    pruneExpiredTokens()
-    const token = randomToken()
-    bootstrapTokens.set(token, { createdAt: nowMs(), used: false })
-    sendJson(res, 200, { success: true, bootstrapUrl: `/api/auth/holysheep-bootstrap?token=${token}` })
-  } catch (e) {
-    sendJson(res, 500, { success: false, message: e.message })
-  }
-}
-
-async function handleBootstrap(req, res, ctx) {
-  if (!isLoopbackRequest(req)) {
-    return sendJson(res, 403, { success: false, message: 'bootstrap endpoint is loopback-only' })
-  }
-  const url = new URL(req.url, `http://${req.headers.host}`)
-  const token = url.searchParams.get('token')
-  pruneExpiredTokens()
-  const entry = token ? bootstrapTokens.get(token) : null
-  if (!entry || entry.used || nowMs() - entry.createdAt > TOKEN_TTL_MS) {
-    return sendJson(res, 401, { success: false, message: 'bootstrap token invalid or expired' })
-  }
-  entry.used = true
-
-  try {
-    const cookies = await getAionUiCookieFresh({ internalPort: ctx.internalPort })
-    res.writeHead(302, {
-      'Set-Cookie': cookies,
-      'Location': '/',
-      'Cache-Control': 'no-store',
-    })
-    res.end()
-  } catch (e) {
-    sendJson(res, 502, { success: false, message: `bridge login failed: ${e.message}` })
-  }
-}
-
-async function handleHolySheepStatus(req, res) {
-  const apiKey = getApiKey()
-  sendJson(res, 200, {
-    loggedIn: !!apiKey,
-    apiKeyMasked: apiKey ? `${apiKey.slice(0, 6)}...${apiKey.slice(-4)}` : null,
-    mode: 'holysheep-webui',
-    version: require('../../package.json').version,
-  })
-}
-
-// Reuse legacy handlers in-process — no cross-port hops.
-let legacyModule = null
-function legacy() {
-  if (!legacyModule) legacyModule = require('./server')
-  return legacyModule
-}
-
-// ── HTTP proxy to AionUi internal server ─────────────────────────────────────
-
-const BODYLESS_METHODS = new Set(['GET', 'HEAD', 'OPTIONS'])
-
-function proxyHttp(req, res, internalPort) {
-  const headers = { ...req.headers }
-  // Host header must match internal target for Express routing to behave consistently
-  headers.host = `127.0.0.1:${internalPort}`
-  // Strip hop-by-hop per RFC 7230 §6.1
-  delete headers['connection']
-  delete headers['keep-alive']
-  delete headers['proxy-connection']
-  delete headers['te']
-  delete headers['trailer']
-  delete headers['transfer-encoding']
-  delete headers['upgrade']
-
-  const upstream = http.request({
-    host: '127.0.0.1',
-    port: internalPort,
-    method: req.method,
-    path: req.url,
-    headers,
-    timeout: UPSTREAM_CONNECT_TIMEOUT_MS,
-  }, (upRes) => {
-    // Clone upstream headers; drop hop-by-hop coming back
-    const outHeaders = { ...upRes.headers }
-    delete outHeaders['connection']
-    delete outHeaders['keep-alive']
-    delete outHeaders['proxy-connection']
-    res.writeHead(upRes.statusCode, upRes.statusMessage, outHeaders)
-    upRes.pipe(res)
-  })
-  upstream.on('error', (e) => {
-    try {
-      if (!res.headersSent) res.writeHead(502, { 'Content-Type': 'text/plain' })
-      res.end(`upstream error: ${e.code || e.message}`)
-    } catch {}
-  })
-  upstream.on('timeout', () => {
-    try { upstream.destroy(new Error('upstream timeout')) } catch {}
-  })
-
-  // For body-less methods, end immediately — otherwise Node waits for `req` to
-  // emit 'end', which may have already fired for header-only IncomingMessages.
-  if (BODYLESS_METHODS.has((req.method || 'GET').toUpperCase())) {
-    upstream.end()
-  } else {
-    req.pipe(upstream)
-  }
-
-  // Client disconnect → kill upstream.
-  //
-  // [HolySheep fork v2.1.32 / hs23] Root-cause fix for "Network error" on
-  // /login: Node's IncomingMessage (`req`) emits 'close' as soon as its
-  // Readable side is fully consumed — NOT when the TCP socket disconnects.
-  // For POST requests, req.pipe(upstream) drains the body and the very next
-  // tick `req` fires 'close', which here destroyed the upstream *before*
-  // Express on 9877 had a chance to respond → ECONNRESET → wrapper 502.
-  //
-  // The correct signal for "client disconnected" is `res.on('close')` +
-  // `res.writableFinished === false`. That only fires if the downstream
-  // client aborts before we've finished writing the response.
-  res.on('close', () => {
-    if (res.writableFinished) return
-    if (!upstream.destroyed) upstream.destroy()
-  })
-  upstream.on('close', () => {
-    // If upstream closes before we finished writing to `res` (e.g. upstream
-    // crash), make sure we don't leave the client hanging.
-    if (!res.writableFinished && !res.headersSent) {
-      try { res.writeHead(502, { 'Content-Type': 'text/plain' }); res.end('upstream closed') } catch {}
-    }
-  })
-}
-
-// ── WebSocket proxy (upgrade event) ──────────────────────────────────────────
-
-function proxyWebSocket(req, clientSocket, head, internalPort) {
-  const upstream = net.connect({ host: '127.0.0.1', port: internalPort }, () => {
-    // Replay upgrade request verbatim
-    const lines = [
-      `${req.method} ${req.url} HTTP/1.1`,
-      `Host: 127.0.0.1:${internalPort}`,
-    ]
-    for (const [k, v] of Object.entries(req.headers)) {
-      if (k.toLowerCase() === 'host') continue
-      if (Array.isArray(v)) {
-        for (const vv of v) lines.push(`${k}: ${vv}`)
-      } else {
-        lines.push(`${k}: ${v}`)
-      }
-    }
-    upstream.write(lines.join('\r\n') + '\r\n\r\n')
-    if (head && head.length) upstream.write(head)
-
-    // Bidirectional pipe. `end: false` prevents premature close on one side dying.
-    upstream.pipe(clientSocket, { end: false })
-    clientSocket.pipe(upstream, { end: false })
-  })
-
-  const killBoth = (why) => {
-    try { upstream.destroy() } catch {}
-    try { clientSocket.destroy() } catch {}
-  }
-  upstream.on('error', killBoth)
-  upstream.on('close', () => killBoth('upstream-close'))
-  clientSocket.on('error', killBoth)
-  clientSocket.on('close', () => killBoth('client-close'))
-
-  // Prevent zombie connections on slow upstream
-  upstream.setTimeout(UPSTREAM_CONNECT_TIMEOUT_MS, () => killBoth('upstream-timeout'))
-}
-
-// ── Wait for internal AionUi server to become ready ──────────────────────────
-
-function waitForUpstreamReady(internalPort, timeoutMs = UPSTREAM_STARTUP_TIMEOUT_MS) {
-  const startedAt = nowMs()
-  return new Promise((resolve, reject) => {
-    const tick = () => {
-      const req = http.get({
-        host: '127.0.0.1', port: internalPort, path: '/', family: 4, timeout: 1500,
-      }, (res) => {
-        res.resume()
-        if (res.statusCode && res.statusCode < 500) return resolve(true)
-        retry()
-      })
-      req.on('error', retry)
-      req.on('timeout', () => { req.destroy(); retry() })
-    }
-    const retry = () => {
-      if (nowMs() - startedAt >= timeoutMs) return reject(new Error('upstream not ready in time'))
-      setTimeout(tick, 500)
-    }
-    tick()
-  })
-}
-
-// ── Find a free internal port ────────────────────────────────────────────────
-
-function findFreeInternalPort(start = INTERNAL_PORT_START, tries = INTERNAL_PORT_TRIES) {
-  for (let i = 0; i < tries; i++) {
-    const p = start + i
-    try {
-      const server = net.createServer()
-      // Sync-ish port probe using Node's listen on 127.0.0.1
-      const ok = new Promise((resolve) => {
-        server.once('error', () => resolve(false))
-        server.once('listening', () => { server.close(() => resolve(true)) })
-        server.listen(p, '127.0.0.1')
-      })
-      // eslint-disable-next-line no-unused-expressions
-      ok // we use the returned probe below
-      return { port: p, probe: ok }
-    } catch {}
-  }
-  return null
-}
-
-async function pickInternalPort() {
-  for (let i = 0; i < INTERNAL_PORT_TRIES; i++) {
-    const p = INTERNAL_PORT_START + i
-    const server = net.createServer()
-    const ok = await new Promise((resolve) => {
-      server.once('error', () => resolve(false))
-      server.once('listening', () => { server.close(() => resolve(true)) })
-      server.listen(p, '127.0.0.1')
-    })
-    if (ok) return p
-  }
-  throw new Error(`no free internal port in ${INTERNAL_PORT_START}..${INTERNAL_PORT_START + INTERNAL_PORT_TRIES - 1}`)
-}
-
-// ── Router ───────────────────────────────────────────────────────────────────
-
-function buildRouter(ctx) {
-  return async function onRequest(req, res) {
-    try {
-      const url = new URL(req.url, `http://${req.headers.host}`)
-      const route = url.pathname
-
-      if (req.method === 'OPTIONS') {
-        res.writeHead(204, {
-          'Access-Control-Allow-Origin': '*',
-          'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
-          'Access-Control-Allow-Headers': 'Content-Type',
-        })
-        return res.end()
-      }
-
-      // 1. HolySheep authentication endpoints
-      if (route === '/api/auth/holysheep-login' && req.method === 'POST') {
-        return await handleHolySheepLogin(req, res)
-      }
-      if (route === '/api/auth/holysheep-bootstrap' && req.method === 'GET') {
-        return await handleBootstrap(req, res, ctx)
-      }
-
-      // 2. HolySheep multi-tool config & status (reuse legacy handlers in-process)
-      if (route === '/api/holysheep/status' && req.method === 'GET') {
-        return await handleHolySheepStatus(req, res)
-      }
-      if (route === '/api/holysheep/tools' && req.method === 'GET') {
-        return await legacy().handleTools(req, res)
-      }
-      if (route === '/api/holysheep/models' && req.method === 'GET') {
-        return await legacy().handleModels(req, res)
-      }
-      if (route === '/api/holysheep/balance' && req.method === 'GET') {
-        return await legacy().handleBalance(req, res)
-      }
-      if (route === '/api/holysheep/doctor' && req.method === 'GET') {
-        return await legacy().handleDoctor(req, res)
-      }
-      if (route === '/api/holysheep/env' && req.method === 'GET') {
-        return legacy().handleEnv(req, res)
-      }
-      if (route === '/api/holysheep/whoami' && req.method === 'GET') {
-        return await legacy().handleWhoami(req, res)
-      }
-      // One-click-all (SSE) — configure every installed tool in a single stream.
-      // Must sit next to `/api/holysheep/tool/*` so the Dashboard's
-      // "一键配置所有 CLI" button hits a real route instead of falling
-      // through to the default AionUi proxy (which returns 404/502 and
-      // surfaces as "Failed to load resource" in the console).
-      if (route === '/api/holysheep/setup' && req.method === 'POST') {
-        return await legacy().handleSetup(req, res)
-      }
-      // POST handlers: install, configure, reset, launch for a named tool
-      if (route === '/api/holysheep/tool/install' && req.method === 'POST') {
-        return await legacy().handleToolInstall(req, res)
-      }
-      if (route === '/api/holysheep/tool/configure' && req.method === 'POST') {
-        return await legacy().handleToolConfigure(req, res)
-      }
-      if (route === '/api/holysheep/tool/reset' && req.method === 'POST') {
-        return await legacy().handleToolReset(req, res)
-      }
-      if (route === '/api/holysheep/tool/launch' && req.method === 'POST') {
-        return await legacy().handleToolLaunch(req, res)
-      }
-
-      // 3. Health probe (wrapper itself)
-      if (route === '/api/holysheep/__wrapper/healthz') {
-        return sendJson(res, 200, {
-          ok: true,
-          wrapper: require('../../package.json').version,
-          aionuiRuntime: ctx.runtimeVersion,
-          aionuiSource: ctx.runtimeSource,
-        })
-      }
-
-      // 4. Default: proxy to AionUi
-      return proxyHttp(req, res, ctx.internalPort)
-    } catch (e) {
-      try {
-        if (!res.headersSent) sendJson(res, 500, { success: false, message: e.message })
-      } catch {}
-    }
-  }
-}
-
-// ── Public entry point ───────────────────────────────────────────────────────
-
-/**
- * Start the wrapper.
- * @param {object} opts
- * @param {number} opts.port                public-facing port (e.g. 9876)
- * @param {string} opts.runtimeDir          resolved AionUi runtime directory
- * @param {string} opts.runtimeVersion      version string from package.json or 'unknown'
- * @param {string} opts.runtimeSource       'user-cache' | 'vendor' | 'env-download'
- * @param {string} opts.bunPath             path to bun binary
- * @returns {Promise<{ server, aionui, internalPort, mintBootstrapToken }>}
- */
-async function startWrapper({ port, runtimeDir, runtimeVersion, runtimeSource, bunPath }) {
-  // Detect if the vendored AionUi build natively speaks HolySheep auth.
-  // Vendored v1.9.17 does; upstream AionUi releases do not (use username/password).
-  const hsNative = detectHolySheepAionUi(runtimeDir)
-  log(`/login mode: ${hsNative ? 'holysheep-native (apiKey)' : 'legacy (username/password bridge)'}`)
-
-  // If the build is legacy username/password, eager pre-flight the bridge cred
-  // perms so a misconfigured file fails at boot rather than during a request.
-  if (!hsNative) {
-    loadBridgeCredentials() // throws if perms are wrong (0600 enforced on posix)
-  }
-
-  const internalPort = await pickInternalPort()
-  log(`internal runtime port: ${internalPort}`)
-
-  // Spawn AionUi, bound 127.0.0.1 only (ALLOW_REMOTE never set).
-  // stdio is piped (not inherited) so that:
-  //   1. When startup fails we can surface the last ~4KB of bun/AionUi
-  //      output via the rejected `startWrapper` promise (previously silent).
-  //   2. In HS_WEB_DEBUG=1 mode we stream live logs prefixed with [aionui].
-  const debug = process.env.HS_WEB_DEBUG === '1'
-  // [HolySheep fork v2.1.19] Pin CLI root so AionUi's prepareClaude() can
-  // require('claude-process-proxy.js') regardless of npm global install layout.
-  // `__dirname` here is .../holysheep-cli/src/webui, so up two levels is the
-  // CLI package root containing package.json + src/.
-  const cliRoot = path.resolve(__dirname, '..', '..')
-  const wrapperVersion = require('../../package.json').version
-  // [HolySheep fork v2.1.23] Do NOT put HOLYSHEEP_API_KEY in env — any other
-  // process owned by the same user can read it via `ps ewww`. Instead, the
-  // fork side reads ~/.holysheep/config.json (already 0644 today; will be
-  // tightened to 0600 in the same release). Pass only the path hint.
-  const credPath = path.join(os.homedir(), '.holysheep', 'config.json')
-  try {
-    // Belt-and-suspenders: ensure the creds file is not world-readable.
-    if (fs.existsSync(credPath)) {
-      fs.chmodSync(credPath, 0o600)
-    }
-  } catch { /* best effort */ }
-  const sanitizedParentEnv = { ...process.env }
-  // If the parent process already had HOLYSHEEP_API_KEY in its env (e.g. the
-  // user exported it in their shell), DON'T propagate it — the fork reads
-  // the file instead. This closes the ps-leak vector for npm-global users.
-  delete sanitizedParentEnv.HOLYSHEEP_API_KEY
-  const aionui = spawn(bunPath, ['dist-server/server.mjs'], {
-    cwd: runtimeDir,
-    env: {
-      ...sanitizedParentEnv,
-      PORT: String(internalPort),
-      HOST: '127.0.0.1',
-      ALLOW_REMOTE: '',
-      NODE_ENV: 'production',
-      HOLYSHEEP_CLI_ROOT: cliRoot,
-      HOLYSHEEP_CLI_VERSION: wrapperVersion,
-      HOLYSHEEP_CONFIG_PATH: credPath,
-    },
-    stdio: ['ignore', 'pipe', 'pipe'],
-  })
-
-  let logTail = ''
-  const appendLog = (stream, chunk) => {
-    const s = Buffer.isBuffer(chunk) ? chunk.toString('utf8') : String(chunk)
-    logTail += s
-    if (logTail.length > AIONUI_LOG_TAIL_BYTES) {
-      logTail = logTail.slice(logTail.length - AIONUI_LOG_TAIL_BYTES)
-    }
-    if (debug) {
-      const target = stream === 'err' ? process.stderr : process.stdout
-      target.write(`[aionui] ${s}`)
-    }
-  }
-  aionui.stdout.on('data', (d) => appendLog('out', d))
-  aionui.stderr.on('data', (d) => appendLog('err', d))
-  aionui.on('exit', (code) => {
-    log(`runtime upstream exited (code=${code})`)
-    process.exit(code || 1)
-  })
-
-  try {
-    await waitForUpstreamReady(internalPort)
-  } catch (e) {
-    const tail = logTail.trim()
-    const msg = tail
-      ? `${e.message}\n\n  --- last AionUi output (tail) ---\n${tail
-          .split(/\r?\n/)
-          .map((ln) => `  ${ln}`)
-          .join('\n')}\n  ------------------------------------`
-      : e.message
-    throw new Error(msg)
-  }
-  log(`runtime ready (version=${runtimeVersion}, source=${runtimeSource})`)
-
-  const ctx = { internalPort, runtimeDir, runtimeVersion, runtimeSource, bunPath }
-  const server = http.createServer(buildRouter(ctx))
-  server.on('upgrade', (req, socket, head) => {
-    try {
-      proxyWebSocket(req, socket, head, internalPort)
-    } catch (e) {
-      try { socket.destroy() } catch {}
-    }
-  })
-  await new Promise((resolve, reject) => {
-    server.once('error', reject)
-    server.listen(port, '127.0.0.1', resolve)
-  })
-  log(`wrapper listening on http://127.0.0.1:${port}`)
-  startTokenCleanup()
-
-  return {
-    server,
-    aionui,
-    internalPort,
-    mintBootstrapToken() {
-      pruneExpiredTokens()
-      const token = randomToken()
-      bootstrapTokens.set(token, { createdAt: nowMs(), used: false })
-      return token
-    },
-  }
-}
-
-module.exports = {
-  startWrapper,
-  // Exported for tests / inspection
-  isLoopbackRequest,
-  pruneExpiredTokens,
-  _tokens: bootstrapTokens,
-  TOKEN_TTL_MS,
-  BRIDGE_CRED_FILE,
-}