@stackmemoryai/stackmemory 0.5.59 → 0.5.61

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (632) hide show
  1. package/README.md +105 -1
  2. package/dist/src/cli/claude-sm.js +130 -50
  3. package/dist/src/cli/claude-sm.js.map +2 -2
  4. package/dist/src/cli/index.js +18 -3
  5. package/dist/src/cli/index.js.map +3 -3
  6. package/dist/src/core/extensions/custom-tools.js +567 -0
  7. package/dist/src/core/extensions/custom-tools.js.map +7 -0
  8. package/dist/src/core/extensions/index.js +55 -0
  9. package/dist/src/core/extensions/index.js.map +7 -0
  10. package/dist/src/core/extensions/loader.js +709 -0
  11. package/dist/src/core/extensions/loader.js.map +7 -0
  12. package/dist/src/core/extensions/plugin-system.js +506 -0
  13. package/dist/src/core/extensions/plugin-system.js.map +7 -0
  14. package/dist/src/core/extensions/provider-adapter.js +617 -0
  15. package/dist/src/core/extensions/provider-adapter.js.map +7 -0
  16. package/dist/src/core/extensions/sandbox-runtime.js +664 -0
  17. package/dist/src/core/extensions/sandbox-runtime.js.map +7 -0
  18. package/dist/src/core/storage/chromadb-adapter.js +32 -6
  19. package/dist/src/core/storage/chromadb-adapter.js.map +2 -2
  20. package/dist/src/skills/repo-ingestion-skill.js +35 -12
  21. package/dist/src/skills/repo-ingestion-skill.js.map +2 -2
  22. package/package.json +11 -7
  23. package/scripts/background-sync-manager.js +145 -83
  24. package/scripts/claude-sm-autostart.js +17 -12
  25. package/scripts/gepa/README.md +275 -0
  26. package/scripts/gepa/config.json +53 -0
  27. package/scripts/gepa/evals/coding-tasks.jsonl +5 -0
  28. package/scripts/gepa/evals/fixtures/buggy-loop.js +18 -0
  29. package/scripts/gepa/evals/fixtures/callback-hell.js +53 -0
  30. package/scripts/gepa/generations/gen-000/baseline.md +124 -0
  31. package/scripts/gepa/hooks/auto-optimize.js +494 -0
  32. package/scripts/gepa/hooks/eval-tracker.js +203 -0
  33. package/scripts/gepa/hooks/reflect.js +311 -0
  34. package/scripts/gepa/optimize.js +611 -0
  35. package/scripts/gepa/state.json +14 -0
  36. package/scripts/test-pre-publish-quick.sh +1 -1
  37. package/dist/agents/core/agent-task-manager.js +0 -527
  38. package/dist/agents/core/agent-task-manager.js.map +0 -7
  39. package/dist/agents/testing-agent.js +0 -614
  40. package/dist/agents/testing-agent.js.map +0 -7
  41. package/dist/agents/verifiers/base-verifier.js +0 -133
  42. package/dist/agents/verifiers/base-verifier.js.map +0 -7
  43. package/dist/agents/verifiers/formatter-verifier.js +0 -130
  44. package/dist/agents/verifiers/formatter-verifier.js.map +0 -7
  45. package/dist/agents/verifiers/llm-judge.js +0 -252
  46. package/dist/agents/verifiers/llm-judge.js.map +0 -7
  47. package/dist/cli/auto-detect.js +0 -321
  48. package/dist/cli/auto-detect.js.map +0 -7
  49. package/dist/cli/browser-test.js +0 -33
  50. package/dist/cli/browser-test.js.map +0 -7
  51. package/dist/cli/claude-sm-danger.js +0 -21
  52. package/dist/cli/claude-sm-danger.js.map +0 -7
  53. package/dist/cli/claude-sm.js +0 -1156
  54. package/dist/cli/claude-sm.js.map +0 -7
  55. package/dist/cli/codex-sm-danger.js +0 -21
  56. package/dist/cli/codex-sm-danger.js.map +0 -7
  57. package/dist/cli/codex-sm.js +0 -349
  58. package/dist/cli/codex-sm.js.map +0 -7
  59. package/dist/cli/commands/api.js +0 -232
  60. package/dist/cli/commands/api.js.map +0 -7
  61. package/dist/cli/commands/auto-background.js +0 -180
  62. package/dist/cli/commands/auto-background.js.map +0 -7
  63. package/dist/cli/commands/cleanup-processes.js +0 -68
  64. package/dist/cli/commands/cleanup-processes.js.map +0 -7
  65. package/dist/cli/commands/clear.js +0 -202
  66. package/dist/cli/commands/clear.js.map +0 -7
  67. package/dist/cli/commands/config.js +0 -445
  68. package/dist/cli/commands/config.js.map +0 -7
  69. package/dist/cli/commands/context-rehydrate.js +0 -751
  70. package/dist/cli/commands/context-rehydrate.js.map +0 -7
  71. package/dist/cli/commands/context.js +0 -343
  72. package/dist/cli/commands/context.js.map +0 -7
  73. package/dist/cli/commands/daemon.js +0 -392
  74. package/dist/cli/commands/daemon.js.map +0 -7
  75. package/dist/cli/commands/dashboard.js +0 -210
  76. package/dist/cli/commands/dashboard.js.map +0 -7
  77. package/dist/cli/commands/db.js +0 -147
  78. package/dist/cli/commands/db.js.map +0 -7
  79. package/dist/cli/commands/decision.js +0 -266
  80. package/dist/cli/commands/decision.js.map +0 -7
  81. package/dist/cli/commands/discovery.js +0 -279
  82. package/dist/cli/commands/discovery.js.map +0 -7
  83. package/dist/cli/commands/handoff.js +0 -624
  84. package/dist/cli/commands/handoff.js.map +0 -7
  85. package/dist/cli/commands/hooks.js +0 -298
  86. package/dist/cli/commands/hooks.js.map +0 -7
  87. package/dist/cli/commands/linear-unified.js +0 -353
  88. package/dist/cli/commands/linear-unified.js.map +0 -7
  89. package/dist/cli/commands/linear.js +0 -529
  90. package/dist/cli/commands/linear.js.map +0 -7
  91. package/dist/cli/commands/log.js +0 -169
  92. package/dist/cli/commands/log.js.map +0 -7
  93. package/dist/cli/commands/login.js +0 -172
  94. package/dist/cli/commands/login.js.map +0 -7
  95. package/dist/cli/commands/migrate.js +0 -240
  96. package/dist/cli/commands/migrate.js.map +0 -7
  97. package/dist/cli/commands/model.js +0 -533
  98. package/dist/cli/commands/model.js.map +0 -7
  99. package/dist/cli/commands/monitor.js +0 -313
  100. package/dist/cli/commands/monitor.js.map +0 -7
  101. package/dist/cli/commands/onboard.js +0 -536
  102. package/dist/cli/commands/onboard.js.map +0 -7
  103. package/dist/cli/commands/projects.js +0 -199
  104. package/dist/cli/commands/projects.js.map +0 -7
  105. package/dist/cli/commands/quality.js +0 -413
  106. package/dist/cli/commands/quality.js.map +0 -7
  107. package/dist/cli/commands/ralph.js +0 -909
  108. package/dist/cli/commands/ralph.js.map +0 -7
  109. package/dist/cli/commands/retrieval.js +0 -248
  110. package/dist/cli/commands/retrieval.js.map +0 -7
  111. package/dist/cli/commands/search.js +0 -173
  112. package/dist/cli/commands/search.js.map +0 -7
  113. package/dist/cli/commands/service.js +0 -749
  114. package/dist/cli/commands/service.js.map +0 -7
  115. package/dist/cli/commands/session.js +0 -200
  116. package/dist/cli/commands/session.js.map +0 -7
  117. package/dist/cli/commands/settings.js +0 -306
  118. package/dist/cli/commands/settings.js.map +0 -7
  119. package/dist/cli/commands/setup.js +0 -701
  120. package/dist/cli/commands/setup.js.map +0 -7
  121. package/dist/cli/commands/shell.js +0 -249
  122. package/dist/cli/commands/shell.js.map +0 -7
  123. package/dist/cli/commands/signup.js +0 -50
  124. package/dist/cli/commands/signup.js.map +0 -7
  125. package/dist/cli/commands/skills.js +0 -470
  126. package/dist/cli/commands/skills.js.map +0 -7
  127. package/dist/cli/commands/sms-notify.js +0 -795
  128. package/dist/cli/commands/sms-notify.js.map +0 -7
  129. package/dist/cli/commands/storage-tier.js +0 -183
  130. package/dist/cli/commands/storage-tier.js.map +0 -7
  131. package/dist/cli/commands/storage.js +0 -360
  132. package/dist/cli/commands/storage.js.map +0 -7
  133. package/dist/cli/commands/sweep.js +0 -249
  134. package/dist/cli/commands/sweep.js.map +0 -7
  135. package/dist/cli/commands/tasks.js +0 -213
  136. package/dist/cli/commands/tasks.js.map +0 -7
  137. package/dist/cli/commands/test.js +0 -286
  138. package/dist/cli/commands/test.js.map +0 -7
  139. package/dist/cli/commands/workflow.js +0 -142
  140. package/dist/cli/commands/workflow.js.map +0 -7
  141. package/dist/cli/commands/worktree.js +0 -319
  142. package/dist/cli/commands/worktree.js.map +0 -7
  143. package/dist/cli/index.js +0 -594
  144. package/dist/cli/index.js.map +0 -7
  145. package/dist/cli/opencode-sm.js +0 -448
  146. package/dist/cli/opencode-sm.js.map +0 -7
  147. package/dist/cli/utils/viewer.js +0 -96
  148. package/dist/cli/utils/viewer.js.map +0 -7
  149. package/dist/core/analytics/team-analytics.js +0 -378
  150. package/dist/core/analytics/team-analytics.js.map +0 -7
  151. package/dist/core/config/config-manager.js +0 -398
  152. package/dist/core/config/config-manager.js.map +0 -7
  153. package/dist/core/config/feature-flags.js +0 -76
  154. package/dist/core/config/feature-flags.js.map +0 -7
  155. package/dist/core/config/storage-config.js +0 -115
  156. package/dist/core/config/storage-config.js.map +0 -7
  157. package/dist/core/config/types.js +0 -144
  158. package/dist/core/config/types.js.map +0 -7
  159. package/dist/core/context/auto-context.js +0 -80
  160. package/dist/core/context/auto-context.js.map +0 -7
  161. package/dist/core/context/dual-stack-manager.js +0 -870
  162. package/dist/core/context/dual-stack-manager.js.map +0 -7
  163. package/dist/core/context/enhanced-rehydration.js +0 -994
  164. package/dist/core/context/enhanced-rehydration.js.map +0 -7
  165. package/dist/core/context/frame-database.js +0 -479
  166. package/dist/core/context/frame-database.js.map +0 -7
  167. package/dist/core/context/frame-digest.js +0 -250
  168. package/dist/core/context/frame-digest.js.map +0 -7
  169. package/dist/core/context/frame-handoff-manager.js +0 -778
  170. package/dist/core/context/frame-handoff-manager.js.map +0 -7
  171. package/dist/core/context/frame-lifecycle-hooks.js +0 -119
  172. package/dist/core/context/frame-lifecycle-hooks.js.map +0 -7
  173. package/dist/core/context/frame-manager.js +0 -1069
  174. package/dist/core/context/frame-manager.js.map +0 -7
  175. package/dist/core/context/frame-recovery.js +0 -302
  176. package/dist/core/context/frame-recovery.js.map +0 -7
  177. package/dist/core/context/frame-stack.js +0 -314
  178. package/dist/core/context/frame-stack.js.map +0 -7
  179. package/dist/core/context/frame-types.js +0 -5
  180. package/dist/core/context/frame-types.js.map +0 -7
  181. package/dist/core/context/incremental-gc.js +0 -290
  182. package/dist/core/context/incremental-gc.js.map +0 -7
  183. package/dist/core/context/index.js +0 -25
  184. package/dist/core/context/index.js.map +0 -7
  185. package/dist/core/context/model-aware-compaction.js +0 -623
  186. package/dist/core/context/model-aware-compaction.js.map +0 -7
  187. package/dist/core/context/permission-manager.js +0 -185
  188. package/dist/core/context/permission-manager.js.map +0 -7
  189. package/dist/core/context/recursive-context-manager.js +0 -592
  190. package/dist/core/context/recursive-context-manager.js.map +0 -7
  191. package/dist/core/context/refactored-frame-manager.js +0 -754
  192. package/dist/core/context/refactored-frame-manager.js.map +0 -7
  193. package/dist/core/context/shared-context-layer.js +0 -621
  194. package/dist/core/context/shared-context-layer.js.map +0 -7
  195. package/dist/core/context/stack-merge-resolver.js +0 -749
  196. package/dist/core/context/stack-merge-resolver.js.map +0 -7
  197. package/dist/core/context/validation.js +0 -130
  198. package/dist/core/context/validation.js.map +0 -7
  199. package/dist/core/database/batch-operations.js +0 -384
  200. package/dist/core/database/batch-operations.js.map +0 -7
  201. package/dist/core/database/connection-pool.js +0 -330
  202. package/dist/core/database/connection-pool.js.map +0 -7
  203. package/dist/core/database/database-adapter.js +0 -60
  204. package/dist/core/database/database-adapter.js.map +0 -7
  205. package/dist/core/database/migration-manager.js +0 -614
  206. package/dist/core/database/migration-manager.js.map +0 -7
  207. package/dist/core/database/paradedb-adapter.js +0 -990
  208. package/dist/core/database/paradedb-adapter.js.map +0 -7
  209. package/dist/core/database/query-cache.js +0 -298
  210. package/dist/core/database/query-cache.js.map +0 -7
  211. package/dist/core/database/query-router.js +0 -430
  212. package/dist/core/database/query-router.js.map +0 -7
  213. package/dist/core/database/sqlite-adapter.js +0 -738
  214. package/dist/core/database/sqlite-adapter.js.map +0 -7
  215. package/dist/core/digest/enhanced-hybrid-digest.js +0 -277
  216. package/dist/core/digest/enhanced-hybrid-digest.js.map +0 -7
  217. package/dist/core/digest/frame-digest-integration.js +0 -176
  218. package/dist/core/digest/frame-digest-integration.js.map +0 -7
  219. package/dist/core/digest/hybrid-digest-generator.js +0 -553
  220. package/dist/core/digest/hybrid-digest-generator.js.map +0 -7
  221. package/dist/core/digest/index.js +0 -9
  222. package/dist/core/digest/index.js.map +0 -7
  223. package/dist/core/digest/types.js +0 -25
  224. package/dist/core/digest/types.js.map +0 -7
  225. package/dist/core/errors/error-utils.js +0 -208
  226. package/dist/core/errors/error-utils.js.map +0 -7
  227. package/dist/core/errors/index.js +0 -521
  228. package/dist/core/errors/index.js.map +0 -7
  229. package/dist/core/errors/recovery.js +0 -269
  230. package/dist/core/errors/recovery.js.map +0 -7
  231. package/dist/core/execution/parallel-executor.js +0 -258
  232. package/dist/core/execution/parallel-executor.js.map +0 -7
  233. package/dist/core/frame/workflow-templates.js +0 -319
  234. package/dist/core/frame/workflow-templates.js.map +0 -7
  235. package/dist/core/merge/conflict-detector.js +0 -431
  236. package/dist/core/merge/conflict-detector.js.map +0 -7
  237. package/dist/core/merge/index.js +0 -9
  238. package/dist/core/merge/index.js.map +0 -7
  239. package/dist/core/merge/resolution-engine.js +0 -558
  240. package/dist/core/merge/resolution-engine.js.map +0 -7
  241. package/dist/core/merge/stack-diff.js +0 -532
  242. package/dist/core/merge/stack-diff.js.map +0 -7
  243. package/dist/core/merge/unified-merge-resolver.js +0 -303
  244. package/dist/core/merge/unified-merge-resolver.js.map +0 -7
  245. package/dist/core/models/fallback-monitor.js +0 -232
  246. package/dist/core/models/fallback-monitor.js.map +0 -7
  247. package/dist/core/models/model-router.js +0 -340
  248. package/dist/core/models/model-router.js.map +0 -7
  249. package/dist/core/monitoring/error-handler.js +0 -49
  250. package/dist/core/monitoring/error-handler.js.map +0 -7
  251. package/dist/core/monitoring/logger.js +0 -202
  252. package/dist/core/monitoring/logger.js.map +0 -7
  253. package/dist/core/monitoring/metrics.js +0 -172
  254. package/dist/core/monitoring/metrics.js.map +0 -7
  255. package/dist/core/monitoring/progress-tracker.js +0 -189
  256. package/dist/core/monitoring/progress-tracker.js.map +0 -7
  257. package/dist/core/monitoring/session-monitor.js +0 -300
  258. package/dist/core/monitoring/session-monitor.js.map +0 -7
  259. package/dist/core/performance/context-cache.js +0 -273
  260. package/dist/core/performance/context-cache.js.map +0 -7
  261. package/dist/core/performance/index.js +0 -11
  262. package/dist/core/performance/index.js.map +0 -7
  263. package/dist/core/performance/lazy-context-loader.js +0 -327
  264. package/dist/core/performance/lazy-context-loader.js.map +0 -7
  265. package/dist/core/performance/monitor.js +0 -221
  266. package/dist/core/performance/monitor.js.map +0 -7
  267. package/dist/core/performance/optimized-frame-context.js +0 -345
  268. package/dist/core/performance/optimized-frame-context.js.map +0 -7
  269. package/dist/core/performance/performance-benchmark.js +0 -277
  270. package/dist/core/performance/performance-benchmark.js.map +0 -7
  271. package/dist/core/performance/performance-profiler.js +0 -370
  272. package/dist/core/performance/performance-profiler.js.map +0 -7
  273. package/dist/core/performance/streaming-jsonl-parser.js +0 -195
  274. package/dist/core/performance/streaming-jsonl-parser.js.map +0 -7
  275. package/dist/core/persistence/postgres-adapter.js +0 -349
  276. package/dist/core/persistence/postgres-adapter.js.map +0 -7
  277. package/dist/core/projects/project-isolation.js +0 -201
  278. package/dist/core/projects/project-isolation.js.map +0 -7
  279. package/dist/core/projects/project-manager.js +0 -697
  280. package/dist/core/projects/project-manager.js.map +0 -7
  281. package/dist/core/query/query-parser.js +0 -370
  282. package/dist/core/query/query-parser.js.map +0 -7
  283. package/dist/core/query/query-templates.js +0 -321
  284. package/dist/core/query/query-templates.js.map +0 -7
  285. package/dist/core/retrieval/context-retriever.js +0 -479
  286. package/dist/core/retrieval/context-retriever.js.map +0 -7
  287. package/dist/core/retrieval/graph-retrieval.js +0 -662
  288. package/dist/core/retrieval/graph-retrieval.js.map +0 -7
  289. package/dist/core/retrieval/hierarchical-retrieval.js +0 -656
  290. package/dist/core/retrieval/hierarchical-retrieval.js.map +0 -7
  291. package/dist/core/retrieval/index.js +0 -8
  292. package/dist/core/retrieval/index.js.map +0 -7
  293. package/dist/core/retrieval/llm-context-retrieval.js +0 -613
  294. package/dist/core/retrieval/llm-context-retrieval.js.map +0 -7
  295. package/dist/core/retrieval/llm-provider.js +0 -151
  296. package/dist/core/retrieval/llm-provider.js.map +0 -7
  297. package/dist/core/retrieval/retrieval-audit.js +0 -236
  298. package/dist/core/retrieval/retrieval-audit.js.map +0 -7
  299. package/dist/core/retrieval/retrieval-benchmarks.js +0 -521
  300. package/dist/core/retrieval/retrieval-benchmarks.js.map +0 -7
  301. package/dist/core/retrieval/summary-generator.js +0 -589
  302. package/dist/core/retrieval/summary-generator.js.map +0 -7
  303. package/dist/core/retrieval/types.js +0 -21
  304. package/dist/core/retrieval/types.js.map +0 -7
  305. package/dist/core/security/index.js +0 -35
  306. package/dist/core/security/index.js.map +0 -7
  307. package/dist/core/security/input-sanitizer.js +0 -321
  308. package/dist/core/security/input-sanitizer.js.map +0 -7
  309. package/dist/core/session/clear-survival.js +0 -465
  310. package/dist/core/session/clear-survival.js.map +0 -7
  311. package/dist/core/session/enhanced-handoff.js +0 -792
  312. package/dist/core/session/enhanced-handoff.js.map +0 -7
  313. package/dist/core/session/handoff-generator.js +0 -343
  314. package/dist/core/session/handoff-generator.js.map +0 -7
  315. package/dist/core/session/index.js +0 -15
  316. package/dist/core/session/index.js.map +0 -7
  317. package/dist/core/session/session-manager.js +0 -347
  318. package/dist/core/session/session-manager.js.map +0 -7
  319. package/dist/core/skills/index.js +0 -7
  320. package/dist/core/skills/index.js.map +0 -7
  321. package/dist/core/skills/skill-storage.js +0 -764
  322. package/dist/core/skills/skill-storage.js.map +0 -7
  323. package/dist/core/skills/types.js +0 -193
  324. package/dist/core/skills/types.js.map +0 -7
  325. package/dist/core/storage/chromadb-adapter.js +0 -354
  326. package/dist/core/storage/chromadb-adapter.js.map +0 -7
  327. package/dist/core/storage/infinite-storage.js +0 -510
  328. package/dist/core/storage/infinite-storage.js.map +0 -7
  329. package/dist/core/storage/railway-optimized-storage.js +0 -591
  330. package/dist/core/storage/railway-optimized-storage.js.map +0 -7
  331. package/dist/core/storage/remote-storage.js +0 -489
  332. package/dist/core/storage/remote-storage.js.map +0 -7
  333. package/dist/core/storage/two-tier-storage.js +0 -766
  334. package/dist/core/storage/two-tier-storage.js.map +0 -7
  335. package/dist/core/trace/cli-trace-wrapper.js +0 -132
  336. package/dist/core/trace/cli-trace-wrapper.js.map +0 -7
  337. package/dist/core/trace/db-trace-wrapper.js +0 -247
  338. package/dist/core/trace/db-trace-wrapper.js.map +0 -7
  339. package/dist/core/trace/debug-trace.js +0 -417
  340. package/dist/core/trace/debug-trace.js.map +0 -7
  341. package/dist/core/trace/index.js +0 -109
  342. package/dist/core/trace/index.js.map +0 -7
  343. package/dist/core/trace/linear-api-wrapper.js +0 -178
  344. package/dist/core/trace/linear-api-wrapper.js.map +0 -7
  345. package/dist/core/trace/trace-demo.js +0 -154
  346. package/dist/core/trace/trace-demo.js.map +0 -7
  347. package/dist/core/trace/trace-detector.demo.js +0 -142
  348. package/dist/core/trace/trace-detector.demo.js.map +0 -7
  349. package/dist/core/trace/trace-detector.js +0 -528
  350. package/dist/core/trace/trace-detector.js.map +0 -7
  351. package/dist/core/trace/trace-store.js +0 -345
  352. package/dist/core/trace/trace-store.js.map +0 -7
  353. package/dist/core/trace/types.js +0 -77
  354. package/dist/core/trace/types.js.map +0 -7
  355. package/dist/core/types.js +0 -5
  356. package/dist/core/types.js.map +0 -7
  357. package/dist/core/utils/async-mutex.js +0 -114
  358. package/dist/core/utils/async-mutex.js.map +0 -7
  359. package/dist/core/utils/compression.js +0 -83
  360. package/dist/core/utils/compression.js.map +0 -7
  361. package/dist/core/utils/update-checker.js +0 -218
  362. package/dist/core/utils/update-checker.js.map +0 -7
  363. package/dist/core/worktree/worktree-manager.js +0 -465
  364. package/dist/core/worktree/worktree-manager.js.map +0 -7
  365. package/dist/daemon/daemon-config.js +0 -149
  366. package/dist/daemon/daemon-config.js.map +0 -7
  367. package/dist/daemon/services/context-service.js +0 -122
  368. package/dist/daemon/services/context-service.js.map +0 -7
  369. package/dist/daemon/services/linear-service.js +0 -136
  370. package/dist/daemon/services/linear-service.js.map +0 -7
  371. package/dist/daemon/session-daemon.js +0 -312
  372. package/dist/daemon/session-daemon.js.map +0 -7
  373. package/dist/daemon/unified-daemon.js +0 -276
  374. package/dist/daemon/unified-daemon.js.map +0 -7
  375. package/dist/features/analytics/api/analytics-api.js +0 -287
  376. package/dist/features/analytics/api/analytics-api.js.map +0 -7
  377. package/dist/features/analytics/core/analytics-service.js +0 -282
  378. package/dist/features/analytics/core/analytics-service.js.map +0 -7
  379. package/dist/features/analytics/index.js +0 -18
  380. package/dist/features/analytics/index.js.map +0 -7
  381. package/dist/features/analytics/queries/metrics-queries.js +0 -277
  382. package/dist/features/analytics/queries/metrics-queries.js.map +0 -7
  383. package/dist/features/analytics/types/metrics.js +0 -5
  384. package/dist/features/analytics/types/metrics.js.map +0 -7
  385. package/dist/features/browser/browser-mcp.js +0 -492
  386. package/dist/features/browser/browser-mcp.js.map +0 -7
  387. package/dist/features/sweep/index.js +0 -20
  388. package/dist/features/sweep/index.js.map +0 -7
  389. package/dist/features/sweep/prediction-client.js +0 -155
  390. package/dist/features/sweep/prediction-client.js.map +0 -7
  391. package/dist/features/sweep/prompt-builder.js +0 -85
  392. package/dist/features/sweep/prompt-builder.js.map +0 -7
  393. package/dist/features/sweep/pty-wrapper.js +0 -171
  394. package/dist/features/sweep/pty-wrapper.js.map +0 -7
  395. package/dist/features/sweep/state-watcher.js +0 -87
  396. package/dist/features/sweep/state-watcher.js.map +0 -7
  397. package/dist/features/sweep/status-bar.js +0 -88
  398. package/dist/features/sweep/status-bar.js.map +0 -7
  399. package/dist/features/sweep/sweep-server-manager.js +0 -226
  400. package/dist/features/sweep/sweep-server-manager.js.map +0 -7
  401. package/dist/features/sweep/tab-interceptor.js +0 -38
  402. package/dist/features/sweep/tab-interceptor.js.map +0 -7
  403. package/dist/features/sweep/types.js +0 -18
  404. package/dist/features/sweep/types.js.map +0 -7
  405. package/dist/features/tasks/linear-task-manager.js +0 -487
  406. package/dist/features/tasks/linear-task-manager.js.map +0 -7
  407. package/dist/features/tasks/task-aware-context.js +0 -410
  408. package/dist/features/tasks/task-aware-context.js.map +0 -7
  409. package/dist/features/tui/simple-monitor.js +0 -116
  410. package/dist/features/tui/simple-monitor.js.map +0 -7
  411. package/dist/features/tui/swarm-monitor.js +0 -648
  412. package/dist/features/tui/swarm-monitor.js.map +0 -7
  413. package/dist/features/web/client/stores/task-store.js +0 -26
  414. package/dist/features/web/client/stores/task-store.js.map +0 -7
  415. package/dist/features/web/server/index.js +0 -194
  416. package/dist/features/web/server/index.js.map +0 -7
  417. package/dist/hooks/auto-background.js +0 -151
  418. package/dist/hooks/auto-background.js.map +0 -7
  419. package/dist/hooks/claude-code-whatsapp-hook.js +0 -197
  420. package/dist/hooks/claude-code-whatsapp-hook.js.map +0 -7
  421. package/dist/hooks/config.js +0 -150
  422. package/dist/hooks/config.js.map +0 -7
  423. package/dist/hooks/daemon.js +0 -364
  424. package/dist/hooks/daemon.js.map +0 -7
  425. package/dist/hooks/events.js +0 -58
  426. package/dist/hooks/events.js.map +0 -7
  427. package/dist/hooks/index.js +0 -12
  428. package/dist/hooks/index.js.map +0 -7
  429. package/dist/hooks/linear-task-picker.js +0 -186
  430. package/dist/hooks/linear-task-picker.js.map +0 -7
  431. package/dist/hooks/schemas.js +0 -197
  432. package/dist/hooks/schemas.js.map +0 -7
  433. package/dist/hooks/secure-fs.js +0 -49
  434. package/dist/hooks/secure-fs.js.map +0 -7
  435. package/dist/hooks/security-logger.js +0 -155
  436. package/dist/hooks/security-logger.js.map +0 -7
  437. package/dist/hooks/session-summary.js +0 -222
  438. package/dist/hooks/session-summary.js.map +0 -7
  439. package/dist/hooks/sms-action-runner.js +0 -371
  440. package/dist/hooks/sms-action-runner.js.map +0 -7
  441. package/dist/hooks/sms-notify.js +0 -506
  442. package/dist/hooks/sms-notify.js.map +0 -7
  443. package/dist/hooks/sms-watcher.js +0 -93
  444. package/dist/hooks/sms-watcher.js.map +0 -7
  445. package/dist/hooks/sms-webhook.js +0 -555
  446. package/dist/hooks/sms-webhook.js.map +0 -7
  447. package/dist/hooks/whatsapp-commands.js +0 -479
  448. package/dist/hooks/whatsapp-commands.js.map +0 -7
  449. package/dist/hooks/whatsapp-scheduler.js +0 -317
  450. package/dist/hooks/whatsapp-scheduler.js.map +0 -7
  451. package/dist/hooks/whatsapp-sync.js +0 -409
  452. package/dist/hooks/whatsapp-sync.js.map +0 -7
  453. package/dist/index.js +0 -25
  454. package/dist/index.js.map +0 -7
  455. package/dist/integrations/anthropic/client.js +0 -263
  456. package/dist/integrations/anthropic/client.js.map +0 -7
  457. package/dist/integrations/claude-code/agent-bridge.js +0 -768
  458. package/dist/integrations/claude-code/agent-bridge.js.map +0 -7
  459. package/dist/integrations/claude-code/enhanced-pre-clear-hooks.js +0 -459
  460. package/dist/integrations/claude-code/enhanced-pre-clear-hooks.js.map +0 -7
  461. package/dist/integrations/claude-code/lifecycle-hooks.js +0 -254
  462. package/dist/integrations/claude-code/lifecycle-hooks.js.map +0 -7
  463. package/dist/integrations/claude-code/post-task-hooks.js +0 -545
  464. package/dist/integrations/claude-code/post-task-hooks.js.map +0 -7
  465. package/dist/integrations/claude-code/subagent-client-stub.js +0 -20
  466. package/dist/integrations/claude-code/subagent-client-stub.js.map +0 -7
  467. package/dist/integrations/claude-code/subagent-client.js +0 -511
  468. package/dist/integrations/claude-code/subagent-client.js.map +0 -7
  469. package/dist/integrations/claude-code/task-coordinator.js +0 -360
  470. package/dist/integrations/claude-code/task-coordinator.js.map +0 -7
  471. package/dist/integrations/linear/auth.js +0 -337
  472. package/dist/integrations/linear/auth.js.map +0 -7
  473. package/dist/integrations/linear/auto-sync.js +0 -258
  474. package/dist/integrations/linear/auto-sync.js.map +0 -7
  475. package/dist/integrations/linear/client.js +0 -634
  476. package/dist/integrations/linear/client.js.map +0 -7
  477. package/dist/integrations/linear/config.js +0 -130
  478. package/dist/integrations/linear/config.js.map +0 -7
  479. package/dist/integrations/linear/migration.js +0 -361
  480. package/dist/integrations/linear/migration.js.map +0 -7
  481. package/dist/integrations/linear/oauth-server.js +0 -454
  482. package/dist/integrations/linear/oauth-server.js.map +0 -7
  483. package/dist/integrations/linear/rest-client.js +0 -213
  484. package/dist/integrations/linear/rest-client.js.map +0 -7
  485. package/dist/integrations/linear/sync-manager.js +0 -236
  486. package/dist/integrations/linear/sync-manager.js.map +0 -7
  487. package/dist/integrations/linear/sync-service.js +0 -231
  488. package/dist/integrations/linear/sync-service.js.map +0 -7
  489. package/dist/integrations/linear/sync.js +0 -782
  490. package/dist/integrations/linear/sync.js.map +0 -7
  491. package/dist/integrations/linear/types.js +0 -5
  492. package/dist/integrations/linear/types.js.map +0 -7
  493. package/dist/integrations/linear/unified-sync.js +0 -589
  494. package/dist/integrations/linear/unified-sync.js.map +0 -7
  495. package/dist/integrations/linear/webhook-handler.js +0 -219
  496. package/dist/integrations/linear/webhook-handler.js.map +0 -7
  497. package/dist/integrations/linear/webhook-server.js +0 -218
  498. package/dist/integrations/linear/webhook-server.js.map +0 -7
  499. package/dist/integrations/linear/webhook.js +0 -291
  500. package/dist/integrations/linear/webhook.js.map +0 -7
  501. package/dist/integrations/mcp/handlers/code-execution-handlers.js +0 -266
  502. package/dist/integrations/mcp/handlers/code-execution-handlers.js.map +0 -7
  503. package/dist/integrations/mcp/handlers/context-handlers.js +0 -257
  504. package/dist/integrations/mcp/handlers/context-handlers.js.map +0 -7
  505. package/dist/integrations/mcp/handlers/discovery-handlers.js +0 -497
  506. package/dist/integrations/mcp/handlers/discovery-handlers.js.map +0 -7
  507. package/dist/integrations/mcp/handlers/index.js +0 -166
  508. package/dist/integrations/mcp/handlers/index.js.map +0 -7
  509. package/dist/integrations/mcp/handlers/linear-handlers.js +0 -247
  510. package/dist/integrations/mcp/handlers/linear-handlers.js.map +0 -7
  511. package/dist/integrations/mcp/handlers/skill-handlers.js +0 -529
  512. package/dist/integrations/mcp/handlers/skill-handlers.js.map +0 -7
  513. package/dist/integrations/mcp/handlers/task-handlers.js +0 -239
  514. package/dist/integrations/mcp/handlers/task-handlers.js.map +0 -7
  515. package/dist/integrations/mcp/handlers/trace-handlers.js +0 -308
  516. package/dist/integrations/mcp/handlers/trace-handlers.js.map +0 -7
  517. package/dist/integrations/mcp/index.js +0 -23
  518. package/dist/integrations/mcp/index.js.map +0 -7
  519. package/dist/integrations/mcp/middleware/tool-scoring.js +0 -356
  520. package/dist/integrations/mcp/middleware/tool-scoring.js.map +0 -7
  521. package/dist/integrations/mcp/refactored-server.js +0 -374
  522. package/dist/integrations/mcp/refactored-server.js.map +0 -7
  523. package/dist/integrations/mcp/remote-server.js +0 -682
  524. package/dist/integrations/mcp/remote-server.js.map +0 -7
  525. package/dist/integrations/mcp/schemas.js +0 -147
  526. package/dist/integrations/mcp/schemas.js.map +0 -7
  527. package/dist/integrations/mcp/server.js +0 -1975
  528. package/dist/integrations/mcp/server.js.map +0 -7
  529. package/dist/integrations/mcp/tool-definitions-code.js +0 -125
  530. package/dist/integrations/mcp/tool-definitions-code.js.map +0 -7
  531. package/dist/integrations/mcp/tool-definitions.js +0 -702
  532. package/dist/integrations/mcp/tool-definitions.js.map +0 -7
  533. package/dist/integrations/mcp/trace-test.js +0 -48
  534. package/dist/integrations/mcp/trace-test.js.map +0 -7
  535. package/dist/integrations/pg-aiguide/embedding-provider.js +0 -189
  536. package/dist/integrations/pg-aiguide/embedding-provider.js.map +0 -7
  537. package/dist/integrations/pg-aiguide/semantic-search.js +0 -187
  538. package/dist/integrations/pg-aiguide/semantic-search.js.map +0 -7
  539. package/dist/integrations/pg-aiguide/timescale-analytics.js +0 -224
  540. package/dist/integrations/pg-aiguide/timescale-analytics.js.map +0 -7
  541. package/dist/integrations/ralph/bridge/ralph-stackmemory-bridge.js +0 -860
  542. package/dist/integrations/ralph/bridge/ralph-stackmemory-bridge.js.map +0 -7
  543. package/dist/integrations/ralph/context/context-budget-manager.js +0 -301
  544. package/dist/integrations/ralph/context/context-budget-manager.js.map +0 -7
  545. package/dist/integrations/ralph/context/stackmemory-context-loader.js +0 -360
  546. package/dist/integrations/ralph/context/stackmemory-context-loader.js.map +0 -7
  547. package/dist/integrations/ralph/coordination/enhanced-coordination.js +0 -410
  548. package/dist/integrations/ralph/coordination/enhanced-coordination.js.map +0 -7
  549. package/dist/integrations/ralph/index.js +0 -18
  550. package/dist/integrations/ralph/index.js.map +0 -7
  551. package/dist/integrations/ralph/learning/pattern-learner.js +0 -401
  552. package/dist/integrations/ralph/learning/pattern-learner.js.map +0 -7
  553. package/dist/integrations/ralph/lifecycle/iteration-lifecycle.js +0 -448
  554. package/dist/integrations/ralph/lifecycle/iteration-lifecycle.js.map +0 -7
  555. package/dist/integrations/ralph/monitoring/swarm-dashboard.js +0 -294
  556. package/dist/integrations/ralph/monitoring/swarm-dashboard.js.map +0 -7
  557. package/dist/integrations/ralph/monitoring/swarm-registry.js +0 -108
  558. package/dist/integrations/ralph/monitoring/swarm-registry.js.map +0 -7
  559. package/dist/integrations/ralph/orchestration/multi-loop-orchestrator.js +0 -463
  560. package/dist/integrations/ralph/orchestration/multi-loop-orchestrator.js.map +0 -7
  561. package/dist/integrations/ralph/patterns/compounding-engineering-pattern.js +0 -400
  562. package/dist/integrations/ralph/patterns/compounding-engineering-pattern.js.map +0 -7
  563. package/dist/integrations/ralph/patterns/extended-coherence-sessions.js +0 -473
  564. package/dist/integrations/ralph/patterns/extended-coherence-sessions.js.map +0 -7
  565. package/dist/integrations/ralph/patterns/oracle-worker-pattern.js +0 -388
  566. package/dist/integrations/ralph/patterns/oracle-worker-pattern.js.map +0 -7
  567. package/dist/integrations/ralph/performance/performance-optimizer.js +0 -358
  568. package/dist/integrations/ralph/performance/performance-optimizer.js.map +0 -7
  569. package/dist/integrations/ralph/ralph-integration-demo.js +0 -182
  570. package/dist/integrations/ralph/ralph-integration-demo.js.map +0 -7
  571. package/dist/integrations/ralph/recovery/crash-recovery.js +0 -462
  572. package/dist/integrations/ralph/recovery/crash-recovery.js.map +0 -7
  573. package/dist/integrations/ralph/state/state-reconciler.js +0 -404
  574. package/dist/integrations/ralph/state/state-reconciler.js.map +0 -7
  575. package/dist/integrations/ralph/swarm/git-workflow-manager.js +0 -428
  576. package/dist/integrations/ralph/swarm/git-workflow-manager.js.map +0 -7
  577. package/dist/integrations/ralph/swarm/swarm-coordinator.js +0 -996
  578. package/dist/integrations/ralph/swarm/swarm-coordinator.js.map +0 -7
  579. package/dist/integrations/ralph/types.js +0 -5
  580. package/dist/integrations/ralph/types.js.map +0 -7
  581. package/dist/integrations/ralph/visualization/ralph-debugger.js +0 -585
  582. package/dist/integrations/ralph/visualization/ralph-debugger.js.map +0 -7
  583. package/dist/mcp/stackmemory-mcp-server.js +0 -554
  584. package/dist/mcp/stackmemory-mcp-server.js.map +0 -7
  585. package/dist/middleware/exponential-rate-limiter.js +0 -289
  586. package/dist/middleware/exponential-rate-limiter.js.map +0 -7
  587. package/dist/models/user.model.js +0 -358
  588. package/dist/models/user.model.js.map +0 -7
  589. package/dist/servers/production/auth-middleware.js +0 -528
  590. package/dist/servers/production/auth-middleware.js.map +0 -7
  591. package/dist/servers/railway/config.js +0 -55
  592. package/dist/servers/railway/config.js.map +0 -7
  593. package/dist/servers/railway/index-enhanced.js +0 -160
  594. package/dist/servers/railway/index-enhanced.js.map +0 -7
  595. package/dist/servers/railway/index.js +0 -1349
  596. package/dist/servers/railway/index.js.map +0 -7
  597. package/dist/servers/railway/simple.js +0 -64
  598. package/dist/servers/railway/simple.js.map +0 -7
  599. package/dist/servers/railway/storage-test.js +0 -459
  600. package/dist/servers/railway/storage-test.js.map +0 -7
  601. package/dist/services/config-service.js +0 -65
  602. package/dist/services/config-service.js.map +0 -7
  603. package/dist/services/context-service.js +0 -194
  604. package/dist/services/context-service.js.map +0 -7
  605. package/dist/skills/api-discovery.js +0 -354
  606. package/dist/skills/api-discovery.js.map +0 -7
  607. package/dist/skills/api-skill.js +0 -475
  608. package/dist/skills/api-skill.js.map +0 -7
  609. package/dist/skills/claude-skills.js +0 -1061
  610. package/dist/skills/claude-skills.js.map +0 -7
  611. package/dist/skills/dashboard-launcher.js +0 -216
  612. package/dist/skills/dashboard-launcher.js.map +0 -7
  613. package/dist/skills/recursive-agent-orchestrator.js +0 -575
  614. package/dist/skills/recursive-agent-orchestrator.js.map +0 -7
  615. package/dist/skills/repo-ingestion-skill.js +0 -609
  616. package/dist/skills/repo-ingestion-skill.js.map +0 -7
  617. package/dist/skills/security-secrets-scanner.js +0 -284
  618. package/dist/skills/security-secrets-scanner.js.map +0 -7
  619. package/dist/skills/unified-rlm-orchestrator.js +0 -404
  620. package/dist/skills/unified-rlm-orchestrator.js.map +0 -7
  621. package/dist/types/task.js +0 -5
  622. package/dist/types/task.js.map +0 -7
  623. package/dist/utils/env.js +0 -50
  624. package/dist/utils/env.js.map +0 -7
  625. package/dist/utils/formatting.js +0 -62
  626. package/dist/utils/formatting.js.map +0 -7
  627. package/dist/utils/process-cleanup.js +0 -136
  628. package/dist/utils/process-cleanup.js.map +0 -7
  629. package/dist/validation/schemas.js +0 -222
  630. package/dist/validation/schemas.js.map +0 -7
  631. /package/dist/{core/merge → src/core/extensions}/types.js +0 -0
  632. /package/dist/{core/merge → src/core/extensions}/types.js.map +0 -0
package/dist/servers/railway/index.js DELETED
@@ -1,1349 +0,0 @@
1
- #!/usr/bin/env node
2
- import { fileURLToPath as __fileURLToPath } from 'url';
3
- import { dirname as __pathDirname } from 'path';
4
- const __filename = __fileURLToPath(import.meta.url);
5
- const __dirname = __pathDirname(__filename);
6
- import express from "express";
7
- import { createServer } from "http";
8
- import { WebSocketServer } from "ws";
9
- import cors from "cors";
10
- import { Server } from "@modelcontextprotocol/sdk/server/index.js";
11
- import Database from "better-sqlite3";
12
- import * as bcrypt from "bcryptjs";
13
- import jwt from "jsonwebtoken";
14
- import { Pool } from "pg";
15
- import { join, dirname } from "path";
16
- import { existsSync, mkdirSync } from "fs";
17
- import { AuthMiddleware } from "../production/auth-middleware.js";
18
- const config = {
19
- port: parseInt(process.env["PORT"] || "3000"),
20
- environment: process.env["NODE_ENV"] || "development",
21
- corsOrigins: process.env["CORS_ORIGINS"]?.split(",") || [
22
- "http://localhost:3000"
23
- ],
24
- authMode: process.env["AUTH_MODE"] || "api_key",
25
- apiKeySecret: process.env["API_KEY_SECRET"] || "development-secret",
26
- jwtSecret: process.env["JWT_SECRET"] || "development-jwt-secret",
27
- databaseUrl: process.env["DATABASE_URL"] || join(process.cwd(), ".stackmemory", "railway.db"),
28
- rateLimitEnabled: process.env["RATE_LIMIT_ENABLED"] === "true",
29
- rateLimitFree: parseInt(process.env["RATE_LIMIT_FREE"] || "100"),
30
- enableWebSocket: process.env["ENABLE_WEBSOCKET"] !== "false",
31
- enableAnalytics: process.env["ENABLE_ANALYTICS"] === "true"
32
- };
33
- const rateLimiter = /* @__PURE__ */ new Map();
34
- class RailwayMCPServer {
35
- app;
36
- httpServer;
37
- wss;
38
- mcpServer;
39
- db;
40
- pgPool = null;
41
- authMiddleware = null;
42
- connections = /* @__PURE__ */ new Map();
43
- // Deprecated in-memory session cache; sessions are persisted in DB
44
- adminSessions = /* @__PURE__ */ new Map();
45
- // private browserMCP: BrowserMCPIntegration;
46
- constructor() {
47
- this.app = express();
48
- this.httpServer = createServer(this.app);
49
- this.initializeDatabase().then(() => {
50
- this.startAdminSessionCleanup();
51
- }).catch((err) => {
52
- console.error("Failed to initialize database:", err);
53
- });
54
- this.setupMiddleware();
55
- this.setupRoutes();
56
- if (config.enableWebSocket) {
57
- this.setupWebSocket();
58
- }
59
- }
60
- async initializeDatabase() {
61
- const isPg = config.databaseUrl.startsWith("postgres://") || config.databaseUrl.startsWith("postgresql://");
62
- if (isPg) {
63
- console.log("Using PostgreSQL database");
64
- this.pgPool = new Pool({ connectionString: config.databaseUrl });
65
- await this.pgPool.query(`
66
- CREATE TABLE IF NOT EXISTS contexts (
67
- id BIGSERIAL PRIMARY KEY,
68
- project_id TEXT NOT NULL,
69
- content TEXT NOT NULL,
70
- type TEXT DEFAULT 'general',
71
- metadata JSONB DEFAULT '{}'::jsonb,
72
- created_at TIMESTAMPTZ DEFAULT NOW(),
73
- updated_at TIMESTAMPTZ DEFAULT NOW()
74
- );
75
- `);
76
- await this.pgPool.query(`
77
- CREATE TABLE IF NOT EXISTS api_keys (
78
- id BIGSERIAL PRIMARY KEY,
79
- key_hash TEXT UNIQUE NOT NULL,
80
- user_id TEXT NOT NULL,
81
- name TEXT,
82
- created_at TIMESTAMPTZ DEFAULT NOW(),
83
- last_used TIMESTAMPTZ,
84
- revoked BOOLEAN DEFAULT false
85
- );
86
- `);
87
- await this.pgPool.query(`
88
- CREATE TABLE IF NOT EXISTS users (
89
- id TEXT PRIMARY KEY,
90
- email TEXT UNIQUE,
91
- name TEXT,
92
- password_hash TEXT,
93
- tier TEXT DEFAULT 'free',
94
- role TEXT DEFAULT 'user',
95
- created_at TIMESTAMPTZ DEFAULT NOW(),
96
- updated_at TIMESTAMPTZ DEFAULT NOW()
97
- );
98
- `);
99
- try {
100
- await this.pgPool.query(`ALTER TABLE users ADD COLUMN role TEXT DEFAULT 'user'`);
101
- } catch {
102
- }
103
- try {
104
- await this.pgPool.query(`ALTER TABLE users ADD COLUMN password_hash TEXT`);
105
- } catch {
106
- }
107
- try {
108
- await this.pgPool.query(`ALTER TABLE project_members ADD CONSTRAINT project_members_role_check CHECK (role IN ('admin','owner','editor','viewer'))`);
109
- } catch {
110
- }
111
- try {
112
- await this.pgPool.query(`ALTER TABLE users ADD CONSTRAINT users_role_check CHECK (role IN ('admin','user'))`);
113
- } catch {
114
- }
115
- await this.pgPool.query(`
116
- CREATE TABLE IF NOT EXISTS projects (
117
- id TEXT PRIMARY KEY,
118
- name TEXT,
119
- is_public BOOLEAN DEFAULT false,
120
- created_at TIMESTAMPTZ DEFAULT NOW(),
121
- updated_at TIMESTAMPTZ DEFAULT NOW()
122
- );
123
- `);
124
- await this.pgPool.query(`
125
- CREATE TABLE IF NOT EXISTS project_members (
126
- project_id TEXT NOT NULL,
127
- user_id TEXT NOT NULL,
128
- role TEXT NOT NULL,
129
- created_at TIMESTAMPTZ DEFAULT NOW(),
130
- PRIMARY KEY (project_id, user_id)
131
- );
132
- `);
133
- await this.pgPool.query("CREATE INDEX IF NOT EXISTS idx_contexts_project ON contexts(project_id);");
134
- await this.pgPool.query("CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);");
135
- await this.pgPool.query("CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);");
136
- await this.pgPool.query("CREATE INDEX IF NOT EXISTS idx_project_members_user ON project_members(user_id);");
137
- await this.pgPool.query(`
138
- CREATE TABLE IF NOT EXISTS admin_sessions (
139
- id TEXT PRIMARY KEY,
140
- user_id TEXT NOT NULL,
141
- created_at TIMESTAMPTZ DEFAULT NOW(),
142
- expires_at TIMESTAMPTZ NOT NULL,
143
- user_agent TEXT,
144
- ip TEXT
145
- );
146
- `);
147
- await this.pgPool.query("CREATE INDEX IF NOT EXISTS idx_admin_sessions_user ON admin_sessions(user_id);");
148
- try {
149
- await this.pgPool.query("CREATE TYPE user_role AS ENUM ('admin','user')");
150
- } catch {
151
- }
152
- try {
153
- await this.pgPool.query("CREATE TYPE member_role AS ENUM ('admin','owner','editor','viewer')");
154
- } catch {
155
- }
156
- try {
157
- await this.pgPool.query("ALTER TABLE users ALTER COLUMN role TYPE user_role USING role::user_role");
158
- } catch {
159
- }
160
- try {
161
- await this.pgPool.query("ALTER TABLE project_members ALTER COLUMN role TYPE member_role USING role::member_role");
162
- } catch {
163
- }
164
- await this.runMigrations("pg");
165
- } else {
166
- const dbDir = dirname(config.databaseUrl);
167
- if (!existsSync(dbDir)) {
168
- mkdirSync(dbDir, { recursive: true });
169
- }
170
- this.db = new Database(config.databaseUrl);
171
- this.db.pragma("foreign_keys = ON");
172
- this.db.exec(`
173
- CREATE TABLE IF NOT EXISTS contexts (
174
- id INTEGER PRIMARY KEY AUTOINCREMENT,
175
- project_id TEXT NOT NULL,
176
- content TEXT NOT NULL,
177
- type TEXT DEFAULT 'general',
178
- metadata TEXT DEFAULT '{}',
179
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
180
- updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
181
- );
182
-
183
- CREATE TABLE IF NOT EXISTS api_keys (
184
- id INTEGER PRIMARY KEY AUTOINCREMENT,
185
- key_hash TEXT UNIQUE NOT NULL,
186
- user_id TEXT NOT NULL,
187
- name TEXT,
188
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
189
- last_used DATETIME,
190
- revoked BOOLEAN DEFAULT 0
191
- );
192
-
193
- CREATE TABLE IF NOT EXISTS users (
194
- id TEXT PRIMARY KEY,
195
- email TEXT UNIQUE,
196
- name TEXT,
197
- password_hash TEXT,
198
- tier TEXT DEFAULT 'free',
199
- role TEXT DEFAULT 'user',
200
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
201
- updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
202
- );
203
-
204
- CREATE TABLE IF NOT EXISTS projects (
205
- id TEXT PRIMARY KEY,
206
- name TEXT,
207
- is_public BOOLEAN DEFAULT 0,
208
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
209
- updated_at DATETIME DEFAULT CURRENT_TIMESTAMP
210
- );
211
-
212
- CREATE TABLE IF NOT EXISTS project_members (
213
- project_id TEXT NOT NULL,
214
- user_id TEXT NOT NULL,
215
- role TEXT NOT NULL CHECK (role IN ('admin','owner','editor','viewer')),
216
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
217
- PRIMARY KEY (project_id, user_id)
218
- );
219
-
220
- CREATE INDEX IF NOT EXISTS idx_contexts_project ON contexts(project_id);
221
- CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash);
222
- CREATE INDEX IF NOT EXISTS idx_users_email ON users(email);
223
- CREATE INDEX IF NOT EXISTS idx_project_members_user ON project_members(user_id);
224
-
225
- CREATE TABLE IF NOT EXISTS admin_sessions (
226
- id TEXT PRIMARY KEY,
227
- user_id TEXT NOT NULL,
228
- created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
229
- expires_at DATETIME NOT NULL,
230
- user_agent TEXT,
231
- ip TEXT
232
- );
233
- CREATE INDEX IF NOT EXISTS idx_admin_sessions_user ON admin_sessions(user_id);
234
- `);
235
- await this.runMigrations("sqlite");
236
- }
237
- }
238
- // Simple migration framework (Railway server scope)
239
- async runMigrations(kind) {
240
- if (kind === "pg") {
241
- await this.pgPool.query(`
242
- CREATE TABLE IF NOT EXISTS railway_schema_version (
243
- version INTEGER PRIMARY KEY,
244
- applied_at TIMESTAMPTZ DEFAULT NOW(),
245
- description TEXT
246
- );
247
- `);
248
- const r = await this.pgPool.query("SELECT COALESCE(MAX(version), 0) AS v FROM railway_schema_version");
249
- let cur = Number(r.rows[0]?.v || 0);
250
- const apply = async (version, description, queries) => {
251
- if (cur >= version) return;
252
- for (const q of queries) {
253
- try {
254
- await this.pgPool.query(q);
255
- } catch (e) {
256
- }
257
- }
258
- await this.pgPool.query("INSERT INTO railway_schema_version (version, description) VALUES ($1, $2) ON CONFLICT (version) DO NOTHING", [version, description]);
259
- cur = version;
260
- };
261
- await apply(1, "base schema", [
262
- `CREATE TABLE IF NOT EXISTS contexts (id BIGSERIAL PRIMARY KEY, project_id TEXT NOT NULL, content TEXT NOT NULL, type TEXT DEFAULT 'general', metadata JSONB DEFAULT '{}'::jsonb, created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW())`,
263
- `CREATE TABLE IF NOT EXISTS api_keys (id BIGSERIAL PRIMARY KEY, key_hash TEXT UNIQUE NOT NULL, user_id TEXT NOT NULL, name TEXT, created_at TIMESTAMPTZ DEFAULT NOW(), last_used TIMESTAMPTZ, revoked BOOLEAN DEFAULT false)`,
264
- `CREATE TABLE IF NOT EXISTS users (id TEXT PRIMARY KEY, email TEXT, name TEXT, tier TEXT DEFAULT 'free', role TEXT DEFAULT 'user', created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW())`,
265
- `CREATE TABLE IF NOT EXISTS projects (id TEXT PRIMARY KEY, name TEXT, is_public BOOLEAN DEFAULT false, created_at TIMESTAMPTZ DEFAULT NOW(), updated_at TIMESTAMPTZ DEFAULT NOW())`,
266
- `CREATE TABLE IF NOT EXISTS project_members (project_id TEXT NOT NULL, user_id TEXT NOT NULL, role TEXT NOT NULL, created_at TIMESTAMPTZ DEFAULT NOW(), PRIMARY KEY (project_id, user_id))`,
267
- `CREATE INDEX IF NOT EXISTS idx_contexts_project ON contexts(project_id)`,
268
- `CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash)`,
269
- `CREATE INDEX IF NOT EXISTS idx_users_email ON users(email)`,
270
- `CREATE INDEX IF NOT EXISTS idx_project_members_user ON project_members(user_id)`
271
- ]);
272
- await apply(2, "admin sessions", [
273
- `CREATE TABLE IF NOT EXISTS admin_sessions (id TEXT PRIMARY KEY, user_id TEXT NOT NULL, created_at TIMESTAMPTZ DEFAULT NOW(), expires_at TIMESTAMPTZ NOT NULL, user_agent TEXT, ip TEXT)`,
274
- `CREATE INDEX IF NOT EXISTS idx_admin_sessions_user ON admin_sessions(user_id)`
275
- ]);
276
- await apply(3, "role enums & checks", [
277
- `CREATE TYPE user_role AS ENUM ('admin','user')`,
278
- `CREATE TYPE member_role AS ENUM ('admin','owner','editor','viewer')`,
279
- `ALTER TABLE users ALTER COLUMN role TYPE user_role USING role::user_role`,
280
- `ALTER TABLE project_members ALTER COLUMN role TYPE member_role USING role::member_role`,
281
- `ALTER TABLE project_members ADD CONSTRAINT project_members_role_check CHECK (role IN ('admin','owner','editor','viewer'))`,
282
- `ALTER TABLE users ADD CONSTRAINT users_role_check CHECK (role IN ('admin','user'))`
283
- ]);
284
- await apply(4, "password authentication", [
285
- `ALTER TABLE users ADD COLUMN IF NOT EXISTS password_hash TEXT`,
286
- `ALTER TABLE users ADD CONSTRAINT users_email_unique UNIQUE (email)`
287
- ]);
288
- } else {
289
- this.db.exec(`CREATE TABLE IF NOT EXISTS railway_schema_version (version INTEGER PRIMARY KEY, applied_at DATETIME DEFAULT CURRENT_TIMESTAMP, description TEXT)`);
290
- const row = this.db.prepare("SELECT COALESCE(MAX(version), 0) AS v FROM railway_schema_version").get();
291
- let cur = Number(row?.v || 0);
292
- const apply = (version, description, statements) => {
293
- if (cur >= version) return;
294
- this.db.exec("BEGIN");
295
- try {
296
- for (const s of statements) {
297
- try {
298
- this.db.exec(s);
299
- } catch {
300
- }
301
- }
302
- this.db.prepare("INSERT OR IGNORE INTO railway_schema_version (version, description) VALUES (?, ?)").run(version, description);
303
- this.db.exec("COMMIT");
304
- cur = version;
305
- } catch {
306
- this.db.exec("ROLLBACK");
307
- }
308
- };
309
- apply(1, "base schema", [
310
- `CREATE TABLE IF NOT EXISTS contexts (id INTEGER PRIMARY KEY AUTOINCREMENT, project_id TEXT NOT NULL, content TEXT NOT NULL, type TEXT DEFAULT 'general', metadata TEXT DEFAULT '{}', created_at DATETIME DEFAULT CURRENT_TIMESTAMP, updated_at DATETIME DEFAULT CURRENT_TIMESTAMP)`,
311
- `CREATE TABLE IF NOT EXISTS api_keys (id INTEGER PRIMARY KEY AUTOINCREMENT, key_hash TEXT UNIQUE NOT NULL, user_id TEXT NOT NULL, name TEXT, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, last_used DATETIME, revoked BOOLEAN DEFAULT 0)`,
312
- `CREATE TABLE IF NOT EXISTS users (id TEXT PRIMARY KEY, email TEXT, name TEXT, tier TEXT DEFAULT 'free', role TEXT DEFAULT 'user', created_at DATETIME DEFAULT CURRENT_TIMESTAMP, updated_at DATETIME DEFAULT CURRENT_TIMESTAMP)`,
313
- `CREATE TABLE IF NOT EXISTS projects (id TEXT PRIMARY KEY, name TEXT, is_public BOOLEAN DEFAULT 0, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, updated_at DATETIME DEFAULT CURRENT_TIMESTAMP)`,
314
- `CREATE TABLE IF NOT EXISTS project_members (project_id TEXT NOT NULL, user_id TEXT NOT NULL, role TEXT NOT NULL CHECK (role IN ('admin','owner','editor','viewer')), created_at DATETIME DEFAULT CURRENT_TIMESTAMP, PRIMARY KEY (project_id, user_id))`,
315
- `CREATE INDEX IF NOT EXISTS idx_contexts_project ON contexts(project_id)`,
316
- `CREATE INDEX IF NOT EXISTS idx_api_keys_hash ON api_keys(key_hash)`,
317
- `CREATE INDEX IF NOT EXISTS idx_users_email ON users(email)`,
318
- `CREATE INDEX IF NOT EXISTS idx_project_members_user ON project_members(user_id)`
319
- ]);
320
- apply(2, "admin sessions", [
321
- `CREATE TABLE IF NOT EXISTS admin_sessions (id TEXT PRIMARY KEY, user_id TEXT NOT NULL, created_at DATETIME DEFAULT CURRENT_TIMESTAMP, expires_at DATETIME NOT NULL, user_agent TEXT, ip TEXT)`,
322
- `CREATE INDEX IF NOT EXISTS idx_admin_sessions_user ON admin_sessions(user_id)`
323
- ]);
324
- apply(3, "password authentication", [
325
- `ALTER TABLE users ADD COLUMN password_hash TEXT`
326
- ]);
327
- }
328
- }
329
- // TTL cleanup for admin sessions
330
- startAdminSessionCleanup() {
331
- const minutes = parseInt(process.env["ADMIN_SESSION_CLEAN_INTERVAL_MIN"] || "15", 10);
332
- if (minutes <= 0) return;
333
- const run = async () => {
334
- try {
335
- if (this.pgPool) {
336
- await this.pgPool.query("DELETE FROM admin_sessions WHERE expires_at <= NOW()");
337
- } else if (this.db) {
338
- const tableExists = this.db.prepare(`SELECT name FROM sqlite_master WHERE type='table' AND name='admin_sessions'`).get();
339
- if (tableExists) {
340
- this.db.prepare('DELETE FROM admin_sessions WHERE datetime(expires_at) <= datetime("now")').run();
341
- }
342
- }
343
- } catch (error) {
344
- console.warn("Admin session cleanup failed:", error);
345
- }
346
- };
347
- run();
348
- setInterval(run, Math.max(1, minutes) * 60 * 1e3);
349
- }
350
- setupMiddleware() {
351
- this.app.use(
352
- cors({
353
- origin: config.corsOrigins,
354
- credentials: true
355
- })
356
- );
357
- this.app.use(express.json({ limit: "10mb" }));
358
- this.app.use((req, res, next) => {
359
- console.log(`${(/* @__PURE__ */ new Date()).toISOString()} ${req.method} ${req.path}`);
360
- next();
361
- });
362
- this.app.use("/api", this.authenticate.bind(this));
363
- this.app.use("/admin/api", this.authenticate.bind(this));
364
- if (config.rateLimitEnabled) {
365
- this.app.use("/api", this.rateLimit.bind(this));
366
- }
367
- }
368
- async authenticate(req, res, next) {
369
- if (req.path === "/health" || req.path === "/api/health" || req.path === "/health/db") {
370
- return next();
371
- }
372
- const authHeader = req.headers.authorization;
373
- if (config.authMode === "api_key") {
374
- if (!authHeader?.startsWith("Bearer ")) {
375
- return res.status(401).json({ error: "Missing API key" });
376
- }
377
- const apiKey = authHeader.substring(7);
378
- try {
379
- const valid = await this.validateApiKey(apiKey);
380
- if (!valid) {
381
- return res.status(403).json({ error: "Invalid API key" });
382
- }
383
- req.user = valid;
384
- return next();
385
- } catch (e) {
386
- return res.status(500).json({ error: e.message || "Auth error" });
387
- }
388
- }
389
- if (config.authMode === "jwt" && process.env["AUTH0_DOMAIN"]) {
390
- if (!this.authMiddleware) {
391
- this.authMiddleware = new AuthMiddleware({
392
- auth0Domain: process.env["AUTH0_DOMAIN"],
393
- auth0Audience: process.env["AUTH0_AUDIENCE"] || "stackmemory",
394
- redisUrl: process.env["REDIS_URL"] || "redis://localhost:6379",
395
- bypassAuth: process.env["NODE_ENV"] !== "production",
396
- dbPath: process.env["STACKMEMORY_AUTH_DB"] || ".stackmemory/auth.db"
397
- });
398
- }
399
- return this.authMiddleware.authenticate(req, res, next);
400
- }
401
- return next();
402
- }
403
- async validateApiKey(apiKey) {
404
- if (this.pgPool) {
405
- const { rows: rows2 } = await this.pgPool.query(
406
- `SELECT ak.id, ak.user_id, ak.key_hash, ak.revoked, u.name, u.email, u.tier, u.role
407
- FROM api_keys ak
408
- LEFT JOIN users u ON u.id = ak.user_id`
409
- );
410
- for (const row of rows2) {
411
- if (row.revoked) continue;
412
- if (await bcrypt.compare(apiKey, row.key_hash)) {
413
- await this.pgPool.query("UPDATE api_keys SET last_used = NOW() WHERE id = $1", [row.id]);
414
- return { id: row.user_id || "api-user", tier: row.tier || "free", name: row.name || void 0, email: row.email || void 0, role: row.role || "user" };
415
- }
416
- }
417
- return null;
418
- }
419
- const stmt = this.db.prepare(`
420
- SELECT ak.id, ak.user_id, ak.key_hash, ak.revoked, u.name, u.email, u.tier, u.role
421
- FROM api_keys ak
422
- LEFT JOIN users u ON u.id = ak.user_id
423
- `);
424
- const rows = stmt.all();
425
- for (const row of rows) {
426
- if (row.revoked) continue;
427
- if (await bcrypt.compare(apiKey, row.key_hash)) {
428
- this.db.prepare("UPDATE api_keys SET last_used = CURRENT_TIMESTAMP WHERE id = ?").run(row.id);
429
- return { id: row.user_id || "api-user", tier: row.tier || "free", name: row.name || void 0, email: row.email || void 0, role: row.role || "user" };
430
- }
431
- }
432
- return null;
433
- }
434
- rateLimit(req, res, next) {
435
- const userId = req.user?.id || req.ip;
436
- const now = Date.now();
437
- const windowMs = 15 * 60 * 1e3;
438
- const userLimit = rateLimiter.get(userId);
439
- if (!userLimit || userLimit.resetTime < now) {
440
- rateLimiter.set(userId, {
441
- count: 1,
442
- resetTime: now + windowMs
443
- });
444
- return next();
445
- }
446
- if (userLimit.count >= config.rateLimitFree) {
447
- const retryAfter = Math.ceil((userLimit.resetTime - now) / 1e3);
448
- res.setHeader("Retry-After", retryAfter.toString());
449
- return res.status(429).json({
450
- error: "Rate limit exceeded",
451
- retryAfter
452
- });
453
- }
454
- userLimit.count++;
455
- next();
456
- }
457
- setupRoutes() {
458
- const healthHandler = (req, res) => {
459
- const health = {
460
- status: "healthy",
461
- version: "1.0.0",
462
- timestamp: (/* @__PURE__ */ new Date()).toISOString(),
463
- uptime: process.uptime(),
464
- environment: config.environment
465
- };
466
- res.json(health);
467
- };
468
- this.app.get("/health", healthHandler);
469
- this.app.get("/api/health", healthHandler);
470
- this.app.get("/", (req, res) => {
471
- res.json({
472
- name: "StackMemory Railway Server",
473
- version: "1.0.0",
474
- health: "/health",
475
- api: {
476
- "POST /api/context/save": "Save context",
477
- "GET /api/context/load": "Load context",
478
- "POST /api/tools/execute": "Execute tool"
479
- }
480
- });
481
- });
482
- this.app.post("/auth/signup", async (req, res) => {
483
- try {
484
- const { email, password, name } = req.body;
485
- if (!email || !password) {
486
- return res.status(400).json({
487
- success: false,
488
- error: "Email and password are required"
489
- });
490
- }
491
- if (this.pgPool) {
492
- const existingUser = await this.pgPool.query(
493
- "SELECT id FROM users WHERE email = $1",
494
- [email]
495
- );
496
- if (existingUser.rowCount > 0) {
497
- return res.status(409).json({
498
- success: false,
499
- error: "User already exists"
500
- });
501
- }
502
- } else {
503
- const existingUser = this.db.prepare("SELECT id FROM users WHERE email = ?").get(email);
504
- if (existingUser) {
505
- return res.status(409).json({
506
- success: false,
507
- error: "User already exists"
508
- });
509
- }
510
- }
511
- const passwordHash = await bcrypt.hash(password, 10);
512
- const userId = `user_${Date.now()}_${Math.random().toString(36).substring(7)}`;
513
- if (this.pgPool) {
514
- await this.pgPool.query(
515
- "INSERT INTO users (id, email, name, password_hash, tier, role) VALUES ($1, $2, $3, $4, $5, $6)",
516
- [userId, email, name || email.split("@")[0], passwordHash, "free", "user"]
517
- );
518
- } else {
519
- this.db.prepare(
520
- "INSERT INTO users (id, email, name, password_hash, tier, role) VALUES (?, ?, ?, ?, ?, ?)"
521
- ).run(userId, email, name || email.split("@")[0], passwordHash, "free", "user");
522
- }
523
- const apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
524
- const apiKeyHash = await bcrypt.hash(apiKey, 10);
525
- if (this.pgPool) {
526
- await this.pgPool.query(
527
- "INSERT INTO api_keys (key_hash, user_id, name) VALUES ($1, $2, $3)",
528
- [apiKeyHash, userId, "Default API Key"]
529
- );
530
- } else {
531
- this.db.prepare(
532
- "INSERT INTO api_keys (key_hash, user_id, name) VALUES (?, ?, ?)"
533
- ).run(apiKeyHash, userId, "Default API Key");
534
- }
535
- const token = jwt.sign(
536
- { sub: userId, email, role: "user" },
537
- config.jwtSecret,
538
- { expiresIn: "30d" }
539
- );
540
- res.json({
541
- success: true,
542
- apiKey,
543
- token,
544
- email,
545
- userId,
546
- message: "Account created successfully"
547
- });
548
- } catch (error) {
549
- console.error("Signup error:", error);
550
- res.status(500).json({
551
- success: false,
552
- error: "Failed to create account"
553
- });
554
- }
555
- });
556
- this.app.post("/auth/login", async (req, res) => {
557
- try {
558
- const { email, password } = req.body;
559
- if (!email || !password) {
560
- return res.status(400).json({
561
- success: false,
562
- error: "Email and password are required"
563
- });
564
- }
565
- let user = null;
566
- if (this.pgPool) {
567
- const result = await this.pgPool.query(
568
- "SELECT id, email, name, password_hash, tier, role FROM users WHERE email = $1",
569
- [email]
570
- );
571
- user = result.rows[0];
572
- } else {
573
- user = this.db.prepare(
574
- "SELECT id, email, name, password_hash, tier, role FROM users WHERE email = ?"
575
- ).get(email);
576
- }
577
- if (!user) {
578
- return res.status(401).json({
579
- success: false,
580
- error: "Invalid credentials"
581
- });
582
- }
583
- const validPassword = await bcrypt.compare(password, user.password_hash);
584
- if (!validPassword) {
585
- return res.status(401).json({
586
- success: false,
587
- error: "Invalid credentials"
588
- });
589
- }
590
- let apiKey = null;
591
- if (this.pgPool) {
592
- const keyResult = await this.pgPool.query(
593
- "SELECT id FROM api_keys WHERE user_id = $1 AND revoked = false LIMIT 1",
594
- [user.id]
595
- );
596
- if (keyResult.rowCount === 0) {
597
- apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
598
- const apiKeyHash = await bcrypt.hash(apiKey, 10);
599
- await this.pgPool.query(
600
- "INSERT INTO api_keys (key_hash, user_id, name) VALUES ($1, $2, $3)",
601
- [apiKeyHash, user.id, "Default API Key"]
602
- );
603
- } else {
604
- apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
605
- const apiKeyHash = await bcrypt.hash(apiKey, 10);
606
- await this.pgPool.query(
607
- "UPDATE api_keys SET key_hash = $1, last_used = NOW() WHERE id = $2",
608
- [apiKeyHash, keyResult.rows[0].id]
609
- );
610
- }
611
- } else {
612
- const keyRow = this.db.prepare(
613
- "SELECT id FROM api_keys WHERE user_id = ? AND revoked = 0 LIMIT 1"
614
- ).get(user.id);
615
- if (!keyRow) {
616
- apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
617
- const apiKeyHash = await bcrypt.hash(apiKey, 10);
618
- this.db.prepare(
619
- "INSERT INTO api_keys (key_hash, user_id, name) VALUES (?, ?, ?)"
620
- ).run(apiKeyHash, user.id, "Default API Key");
621
- } else {
622
- apiKey = `sk_${Math.random().toString(36).substring(2)}${Math.random().toString(36).substring(2)}`;
623
- const apiKeyHash = await bcrypt.hash(apiKey, 10);
624
- this.db.prepare(
625
- "UPDATE api_keys SET key_hash = ?, last_used = CURRENT_TIMESTAMP WHERE id = ?"
626
- ).run(apiKeyHash, keyRow.id);
627
- }
628
- }
629
- const token = jwt.sign(
630
- { sub: user.id, email: user.email, role: user.role },
631
- config.jwtSecret,
632
- { expiresIn: "30d" }
633
- );
634
- res.json({
635
- success: true,
636
- apiKey,
637
- token,
638
- email: user.email,
639
- userId: user.id,
640
- databaseUrl: process.env.DATABASE_URL,
641
- // For client configuration
642
- message: "Login successful"
643
- });
644
- } catch (error) {
645
- console.error("Login error:", error);
646
- res.status(500).json({
647
- success: false,
648
- error: "Login failed"
649
- });
650
- }
651
- });
652
- this.app.post("/api/context/save", async (req, res) => {
653
- try {
654
- const { projectId = "default", content, type = "general", metadata = {} } = req.body;
655
- const user = req.user || { tier: "free" };
656
- const allowFreeWrite = process.env["ALLOW_FREE_WRITE"] === "true";
657
- if (user.tier === "free" && !allowFreeWrite) {
658
- return res.status(403).json({ error: "Write access denied for free tier", code: "WRITE_FORBIDDEN" });
659
- }
660
- await this.ensureProjectOwner(projectId, user.id || "api-user");
661
- const role = await this.getProjectRole(projectId, user.id || "api-user");
662
- if (!this.hasWriteAccess(role)) {
663
- return res.status(403).json({ error: "Insufficient permissions", code: "PERMISSION_DENIED" });
664
- }
665
- if (this.pgPool) {
666
- const r = await this.pgPool.query(
667
- `INSERT INTO contexts (project_id, content, type, metadata) VALUES ($1, $2, $3, $4) RETURNING id`,
668
- [projectId, content, type, metadata]
669
- );
670
- return res.json({ success: true, id: r.rows[0].id });
671
- }
672
- const stmt = this.db.prepare("INSERT INTO contexts (project_id, content, type, metadata) VALUES (?, ?, ?, ?)");
673
- const result = stmt.run(projectId, content, type, JSON.stringify(metadata));
674
- return res.json({ success: true, id: result.lastInsertRowid });
675
- } catch (error) {
676
- res.status(500).json({ error: error.message });
677
- }
678
- });
679
- this.app.get("/api/context/load", async (req, res) => {
680
- try {
681
- const { projectId = "default", limit = 10, offset = 0 } = req.query;
682
- const user = req.user || { id: "api-user" };
683
- const isPublic = await this.isProjectPublic(projectId);
684
- const role = await this.getProjectRole(projectId, user.id || "api-user");
685
- if (!this.hasReadAccess(role, isPublic)) {
686
- return res.status(403).json({ error: "Insufficient permissions", code: "PERMISSION_DENIED" });
687
- }
688
- if (this.pgPool) {
689
- const r = await this.pgPool.query(
690
- `SELECT * FROM contexts WHERE project_id = $1 ORDER BY created_at DESC LIMIT $2 OFFSET $3`,
691
- [projectId, Number(limit), Number(offset)]
692
- );
693
- return res.json({ success: true, contexts: r.rows });
694
- }
695
- const stmt = this.db.prepare("SELECT * FROM contexts WHERE project_id = ? ORDER BY created_at DESC LIMIT ? OFFSET ?");
696
- const rows = stmt.all(projectId, limit, offset);
697
- return res.json({ success: true, contexts: rows.map((c) => ({ ...c, metadata: JSON.parse(c.metadata || "{}") })) });
698
- } catch (error) {
699
- res.status(500).json({ error: error.message });
700
- }
701
- });
702
- const parseCookies = (cookieHeader) => {
703
- const out = {};
704
- if (!cookieHeader) return out;
705
- cookieHeader.split(";").forEach((p) => {
706
- const i = p.indexOf("=");
707
- if (i > -1) out[p.slice(0, i).trim()] = decodeURIComponent(p.slice(i + 1));
708
- });
709
- return out;
710
- };
711
- const setJwtCookie = (res, token) => {
712
- const flags = ["Path=/", "HttpOnly", "SameSite=Lax"];
713
- if (process.env["NODE_ENV"] === "production") flags.push("Secure");
714
- res.setHeader("Set-Cookie", `sm_admin_jwt=${encodeURIComponent(token)}; ${flags.join("; ")}`);
715
- };
716
- const clearJwtCookie = (res) => {
717
- res.setHeader("Set-Cookie", "sm_admin_jwt=; Path=/; HttpOnly; Max-Age=0; SameSite=Lax");
718
- };
719
- const verifyAdminJwt = (token) => {
720
- try {
721
- const secret = process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret";
722
- const payload = jwt.verify(token, secret);
723
- return { sub: payload.sub, jti: payload.jti };
724
- } catch {
725
- return null;
726
- }
727
- };
728
- const checkDbSession = async (jti) => {
729
- if (this.pgPool) {
730
- const r = await this.pgPool.query("SELECT 1 FROM admin_sessions WHERE id = $1 AND expires_at > NOW()", [jti]);
731
- return r.rowCount > 0;
732
- }
733
- const row = this.db.prepare('SELECT 1 FROM admin_sessions WHERE id = ? AND datetime(expires_at) > datetime("now")').get(jti);
734
- return !!row;
735
- };
736
- const requireAdmin = (req, res, next) => {
737
- const user = req.user || {};
738
- if (user.role === "admin") return next();
739
- const cookies = parseCookies(req.headers.cookie);
740
- const t = cookies["sm_admin_jwt"];
741
- if (t) {
742
- const verified = verifyAdminJwt(t);
743
- if (verified) {
744
- checkDbSession(verified.jti).then((ok) => {
745
- if (ok) return next();
746
- if (req.path === "/admin" || req.path.startsWith("/admin")) {
747
- res.redirect("/admin/login");
748
- } else {
749
- res.status(403).json({ error: "Admin access required", code: "ADMIN_REQUIRED" });
750
- }
751
- }).catch(() => {
752
- if (req.path === "/admin" || req.path.startsWith("/admin")) {
753
- res.redirect("/admin/login");
754
- } else {
755
- res.status(403).json({ error: "Admin access required", code: "ADMIN_REQUIRED" });
756
- }
757
- });
758
- return;
759
- }
760
- }
761
- if (req.path === "/admin" || req.path.startsWith("/admin")) {
762
- res.redirect("/admin/login");
763
- return;
764
- }
765
- return res.status(403).json({ error: "Admin access required", code: "ADMIN_REQUIRED" });
766
- };
767
- this.app.get("/admin/api/projects", requireAdmin, async (req, res) => {
768
- try {
769
- if (this.pgPool) {
770
- const r = await this.pgPool.query("SELECT id, name, is_public, created_at, updated_at FROM projects ORDER BY updated_at DESC");
771
- return res.json({ projects: r.rows });
772
- }
773
- const rows = this.db.prepare("SELECT id, name, is_public, created_at, updated_at FROM projects ORDER BY updated_at DESC").all();
774
- return res.json({ projects: rows });
775
- } catch (e) {
776
- res.status(500).json({ error: e.message });
777
- }
778
- });
779
- this.app.post("/admin/api/projects", requireAdmin, async (req, res) => {
780
- try {
781
- const { id, name, isPublic = false } = req.body || {};
782
- if (!id) return res.status(400).json({ error: "id required" });
783
- if (this.pgPool) {
784
- await this.pgPool.query("INSERT INTO projects (id, name, is_public) VALUES ($1, $2, $3) ON CONFLICT (id) DO NOTHING", [id, name || id, !!isPublic]);
785
- return res.json({ success: true });
786
- }
787
- this.db.prepare("INSERT OR IGNORE INTO projects (id, name, is_public) VALUES (?, ?, ?)").run(id, name || id, isPublic ? 1 : 0);
788
- return res.json({ success: true });
789
- } catch (e) {
790
- res.status(500).json({ error: e.message });
791
- }
792
- });
793
- this.app.patch("/admin/api/projects/:id/visibility", requireAdmin, async (req, res) => {
794
- try {
795
- const pid = req.params.id;
796
- const { isPublic } = req.body || {};
797
- if (typeof isPublic !== "boolean") return res.status(400).json({ error: "isPublic boolean required" });
798
- if (this.pgPool) {
799
- await this.pgPool.query("UPDATE projects SET is_public = $1, updated_at = NOW() WHERE id = $2", [isPublic, pid]);
800
- return res.json({ success: true });
801
- }
802
- this.db.prepare("UPDATE projects SET is_public = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?").run(isPublic ? 1 : 0, pid);
803
- return res.json({ success: true });
804
- } catch (e) {
805
- res.status(500).json({ error: e.message });
806
- }
807
- });
808
- this.app.get("/admin/api/projects/:id/members", requireAdmin, async (req, res) => {
809
- try {
810
- const pid = req.params.id;
811
- if (this.pgPool) {
812
- const r = await this.pgPool.query(
813
- "SELECT pm.user_id, pm.role, u.email, u.name FROM project_members pm LEFT JOIN users u ON u.id = pm.user_id WHERE pm.project_id = $1 ORDER BY pm.role",
814
- [pid]
815
- );
816
- return res.json({ members: r.rows });
817
- }
818
- const stmt = this.db.prepare("SELECT pm.user_id, pm.role, u.email, u.name FROM project_members pm LEFT JOIN users u ON u.id = pm.user_id WHERE pm.project_id = ? ORDER BY pm.role");
819
- return res.json({ members: stmt.all(pid) });
820
- } catch (e) {
821
- res.status(500).json({ error: e.message });
822
- }
823
- });
824
- this.app.put("/admin/api/projects/:id/members", requireAdmin, async (req, res) => {
825
- try {
826
- const pid = req.params.id;
827
- const { userId, role } = req.body || {};
828
- if (!userId || !role) return res.status(400).json({ error: "userId and role required" });
829
- const validRoles = ["admin", "owner", "editor", "viewer"];
830
- if (!validRoles.includes(role)) return res.status(400).json({ error: "invalid role" });
831
- if (this.pgPool) {
832
- await this.pgPool.query(
833
- "INSERT INTO project_members (project_id, user_id, role) VALUES ($1, $2, $3) ON CONFLICT (project_id, user_id) DO UPDATE SET role = EXCLUDED.role",
834
- [pid, userId, role]
835
- );
836
- return res.json({ success: true });
837
- }
838
- this.db.prepare("INSERT INTO project_members (project_id, user_id, role) VALUES (?, ?, ?) ON CONFLICT(project_id, user_id) DO UPDATE SET role = ?").run(pid, userId, role, role);
839
- return res.json({ success: true });
840
- } catch (e) {
841
- res.status(500).json({ error: e.message });
842
- }
843
- });
844
- this.app.delete("/admin/api/projects/:id/members/:userId", requireAdmin, async (req, res) => {
845
- try {
846
- const pid = req.params.id;
847
- const uid = req.params.userId;
848
- if (this.pgPool) {
849
- await this.pgPool.query("DELETE FROM project_members WHERE project_id = $1 AND user_id = $2", [pid, uid]);
850
- return res.json({ success: true });
851
- }
852
- this.db.prepare("DELETE FROM project_members WHERE project_id = ? AND user_id = ?").run(pid, uid);
853
- return res.json({ success: true });
854
- } catch (e) {
855
- res.status(500).json({ error: e.message });
856
- }
857
- });
858
- this.app.get("/admin/api/sessions", requireAdmin, async (_req, res) => {
859
- try {
860
- if (this.pgPool) {
861
- const r = await this.pgPool.query("SELECT id, user_id, created_at, expires_at, user_agent, ip FROM admin_sessions ORDER BY created_at DESC");
862
- return res.json({ sessions: r.rows });
863
- }
864
- const rows = this.db.prepare("SELECT id, user_id, created_at, expires_at, user_agent, ip FROM admin_sessions ORDER BY created_at DESC").all();
865
- return res.json({ sessions: rows });
866
- } catch (e) {
867
- res.status(500).json({ error: e.message });
868
- }
869
- });
870
- this.app.delete("/admin/api/sessions/:id", requireAdmin, async (req, res) => {
871
- try {
872
- const id = req.params.id;
873
- if (this.pgPool) {
874
- await this.pgPool.query("DELETE FROM admin_sessions WHERE id = $1", [id]);
875
- } else {
876
- this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(id);
877
- }
878
- res.json({ success: true });
879
- } catch (e) {
880
- res.status(500).json({ error: e.message });
881
- }
882
- });
883
- this.app.post("/admin/api/sessions/refresh", requireAdmin, async (req, res) => {
884
- try {
885
- const cookies = parseCookies(req.headers.cookie);
886
- const t = cookies["sm_admin_jwt"];
887
- if (!t) return res.status(400).json({ error: "No session" });
888
- const secret = process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret";
889
- let payload;
890
- try {
891
- payload = jwt.verify(t, secret);
892
- } catch {
893
- return res.status(401).json({ error: "Invalid token" });
894
- }
895
- const oldJti = payload.jti;
896
- const userId = payload.sub;
897
- try {
898
- if (this.pgPool) {
899
- await this.pgPool.query("DELETE FROM admin_sessions WHERE id = $1", [oldJti]);
900
- } else {
901
- this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(oldJti);
902
- }
903
- } catch (error) {
904
- console.warn("Failed to delete session during refresh:", error);
905
- }
906
- const jti = Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
907
- const hours = parseInt(process.env["ADMIN_SESSION_HOURS"] || "8", 10);
908
- const expMs = Date.now() + hours * 3600 * 1e3;
909
- const expDateIso = new Date(expMs).toISOString();
910
- const ua = req.headers["user-agent"] || "";
911
- const ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress || "";
912
- if (this.pgPool) {
913
- await this.pgPool.query("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES ($1, $2, $3, $4, $5)", [jti, userId, expDateIso, ua, ip]);
914
- } else {
915
- this.db.prepare("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES (?, ?, ?, ?, ?)").run(jti, userId, expDateIso, ua, ip);
916
- }
917
- const token = jwt.sign({ sub: userId, role: "admin", jti }, secret, { expiresIn: hours + "h" });
918
- const flags = ["Path=/", "HttpOnly", "SameSite=Lax"];
919
- if (process.env["NODE_ENV"] === "production") flags.push("Secure");
920
- res.setHeader("Set-Cookie", `sm_admin_jwt=${encodeURIComponent(token)}; ${flags.join("; ")}`);
921
- return res.json({ success: true });
922
- } catch (e) {
923
- res.status(500).json({ error: e.message });
924
- }
925
- });
926
- this.app.get("/admin", requireAdmin, (req, res) => {
927
- res.setHeader("Content-Type", "text/html");
928
- res.send(`<!doctype html>
929
- <html><head><meta charset="utf-8"/><title>StackMemory Admin</title>
930
- <style>body{font-family:system-ui,Arial;margin:20px} table{border-collapse:collapse} th,td{border:1px solid #ddd;padding:6px} input,select{margin:4px} .row{margin-bottom:12px}</style>
931
- </head><body>
932
- <div style="display:flex;justify-content:space-between;align-items:center">
933
- <h2>Projects</h2>
934
- <div><a href="/admin/logout">Logout</a></div>
935
- </div>
936
- <div class="row">
937
- <input id="newId" placeholder="project id"/>
938
- <input id="newName" placeholder="name"/>
939
- <label title="Anyone with auth can read if public"><input type="checkbox" id="newPublic"/> public</label>
940
- <button onclick="createProject()">Create</button>
941
- </div>
942
- <div id="projects"></div>
943
- <hr/>
944
- <h2>Admin Sessions</h2>
945
- <div class="row">
946
- <button onclick="refreshSession()">Refresh This Session</button>
947
- <button onclick="loadSessions()">Reload Sessions</button>
948
- <span id="refreshMsg" style="margin-left:10px;color:#090"></span>
949
- </div>
950
- <div id="sessions"></div>
951
- <script>
952
- const ROLES = ['owner','editor','viewer','admin'];
953
- async function loadProjects(){
954
- const r = await fetch('/admin/api/projects'); const j = await r.json();
955
- const rows = (j.projects||[]).map(p=>\`<tr><td>\${p.id}</td><td>\${p.name||''}</td><td>\${p.is_public? 'yes':'no'}</td>
956
- <td><button onclick="togglePublic('\${p.id}',\${!p.is_public})">make \${!p.is_public?'public':'private'}</button>
957
- <button onclick="viewMembers('\${p.id}')">members</button></td></tr>\`).join('');
958
- document.getElementById('projects').innerHTML = \`<table><tr><th>id</th><th>name</th><th>public</th><th>actions</th></tr>\${rows}</table><div id="members"></div>\`;
959
- }
960
- async function createProject(){
961
- const id = document.getElementById('newId').value; const name = document.getElementById('newName').value; const isPublic = document.getElementById('newPublic').checked;
962
- await fetch('/admin/api/projects',{method:'POST',headers:{'Content-Type':'application/json'},body:JSON.stringify({id,name,isPublic})});
963
- loadProjects();
964
- }
965
- async function togglePublic(id, isPublic){
966
- await fetch('/admin/api/projects/'+id+'/visibility',{method:'PATCH',headers:{'Content-Type':'application/json'},body:JSON.stringify({isPublic})});
967
- loadProjects();
968
- }
969
- async function viewMembers(id){
970
- const r = await fetch('/admin/api/projects/'+id+'/members'); const j = await r.json();
971
- const rows = (j.members||[]).map(m=>\`<tr><td>\${m.user_id}</td><td>\${m.name||''}</td><td>\${m.email||''}</td><td>\${m.role}</td>
972
- <td><button onclick="removeMember('\${id}','\${m.user_id}')">remove</button></td></tr>\`).join('');
973
- document.getElementById('members').innerHTML = \`<h3>Members of \${id}</h3>
974
- <div class="row"><input id="mUser" placeholder="user id"/><select id="mRole">\${ROLES.map(r=>\`<option>\${r}</option>\`).join('')}</select>
975
- <button onclick="addMember('\${id}')">add/update</button></div>
976
- <table><tr><th>user</th><th>name</th><th>email</th><th>role</th><th>actions</th></tr>\${rows}</table>\`;
977
- }
978
- async function addMember(id){
979
- const userId = document.getElementById('mUser').value; const role = document.getElementById('mRole').value;
980
- if (!ROLES.includes(role)) { alert('Invalid role'); return; }
981
- await fetch('/admin/api/projects/'+id+'/members',{method:'PUT',headers:{'Content-Type':'application/json'},body:JSON.stringify({userId,role})});
982
- viewMembers(id);
983
- }
984
- async function removeMember(id, userId){
985
- await fetch('/admin/api/projects/'+id+'/members/'+userId,{method:'DELETE'});
986
- viewMembers(id);
987
- }
988
- async function loadSessions(){
989
- const r = await fetch('/admin/api/sessions'); const j = await r.json();
990
- const rows = (j.sessions||[]).map(s=>\`<tr><td>\${s.id}</td><td>\${s.user_id}</td><td>\${new Date(s.created_at).toLocaleString()}</td><td>\${new Date(s.expires_at).toLocaleString()}</td><td>\${s.ip||''}</td><td>\${(s.user_agent||'').slice(0,40)}</td><td><button onclick="killSession('\${s.id}')">terminate</button></td></tr>\`).join('');
991
- document.getElementById('sessions').innerHTML = \`<table><tr><th>id</th><th>user</th><th>created</th><th>expires</th><th>ip</th><th>agent</th><th>actions</th></tr>\${rows}</table>\`;
992
- }
993
- async function killSession(id){
994
- await fetch('/admin/api/sessions/'+id,{method:'DELETE'});
995
- loadSessions();
996
- }
997
- async function refreshSession(){
998
- const r = await fetch('/admin/api/sessions/refresh',{method:'POST'});
999
- if (r.ok){ document.getElementById('refreshMsg').textContent = 'Session refreshed.'; setTimeout(()=>document.getElementById('refreshMsg').textContent='',1500);} else { alert('Refresh failed'); }
1000
- }
1001
- loadProjects();
1002
- loadSessions();
1003
- </script>
1004
- </body></html>`);
1005
- });
1006
- this.app.get("/health/db", async (req, res) => {
1007
- try {
1008
- if (this.pgPool) {
1009
- const r = await this.pgPool.query("SELECT 1 as ok");
1010
- return res.json({ kind: "postgres", ok: !!r.rows?.length });
1011
- }
1012
- const row = this.db.prepare("SELECT 1 as ok").get();
1013
- return res.json({ kind: "sqlite", ok: row?.ok === 1 });
1014
- } catch (error) {
1015
- res.status(500).json({ error: error.message });
1016
- }
1017
- });
1018
- this.app.post("/api/tools/execute", async (req, res) => {
1019
- try {
1020
- const { tool, params } = req.body;
1021
- if (tool === "save_context") {
1022
- const user = req.user || { tier: "free" };
1023
- const allowFreeWrite = process.env["ALLOW_FREE_WRITE"] === "true";
1024
- if (user.tier === "free" && !allowFreeWrite) {
1025
- return res.status(403).json({ error: "Write access denied for free tier", code: "WRITE_FORBIDDEN" });
1026
- }
1027
- const projectId = params && params.projectId || "default";
1028
- await this.ensureProjectOwner(projectId, user.id || "api-user");
1029
- const role = await this.getProjectRole(projectId, user.id || "api-user");
1030
- if (!this.hasWriteAccess(role)) {
1031
- return res.status(403).json({ error: "Insufficient permissions", code: "PERMISSION_DENIED" });
1032
- }
1033
- }
1034
- if (tool === "load_context") {
1035
- const user = req.user || { id: "api-user" };
1036
- const projectId = params && params.projectId || "default";
1037
- const isPublic = await this.isProjectPublic(projectId);
1038
- const role = await this.getProjectRole(projectId, user.id || "api-user");
1039
- if (!this.hasReadAccess(role, isPublic)) {
1040
- return res.status(403).json({ error: "Insufficient permissions", code: "PERMISSION_DENIED" });
1041
- }
1042
- }
1043
- const result = await this.executeMCPTool(tool, params);
1044
- res.json({
1045
- success: true,
1046
- result
1047
- });
1048
- } catch (error) {
1049
- res.status(500).json({ error: error.message });
1050
- }
1051
- });
1052
- if (config.enableAnalytics) {
1053
- this.app.get("/api/analytics", (req, res) => {
1054
- try {
1055
- const { projectId = "default" } = req.query;
1056
- const stats = this.db.prepare(
1057
- `
1058
- SELECT
1059
- COUNT(*) as total_contexts,
1060
- COUNT(DISTINCT type) as unique_types,
1061
- MAX(created_at) as last_activity
1062
- FROM contexts
1063
- WHERE project_id = ?
1064
- `
1065
- ).get(projectId);
1066
- res.json({
1067
- success: true,
1068
- analytics: stats
1069
- });
1070
- } catch (error) {
1071
- res.status(500).json({ error: error.message });
1072
- }
1073
- });
1074
- }
1075
- this.app.get("/admin/login", (_req, res) => {
1076
- res.setHeader("Content-Type", "text/html");
1077
- res.send(`<!doctype html><html><head><meta charset="utf-8"/><title>Admin Login</title>
1078
- <style>body{font-family:system-ui;margin:40px} input{padding:8px;margin:4px} button{padding:8px}</style></head>
1079
- <body><h3>Admin Login</h3>
1080
- <p>Paste an admin API key to manage projects and members.</p>
1081
- <form method="POST" action="/admin/login">
1082
- <input type="password" name="apiKey" placeholder="sk-..." style="min-width:360px" required/>
1083
- <div><button type="submit">Login</button></div>
1084
- <p style="color:#666">Your key is validated server-side and not stored in the browser; a short-lived session cookie is created.</p>
1085
- </form>
1086
- </body></html>`);
1087
- });
1088
- this.app.post("/admin/login", express.urlencoded({ extended: false }), async (req, res) => {
1089
- try {
1090
- const apiKey = req.body?.apiKey || "";
1091
- if (!apiKey) return res.status(400).send("Missing API key");
1092
- const u = await this.validateApiKey(apiKey);
1093
- if (!u || u.role !== "admin") return res.status(403).send("Not an admin API key");
1094
- const jti = Math.random().toString(36).slice(2) + Math.random().toString(36).slice(2);
1095
- const hours = parseInt(process.env["ADMIN_SESSION_HOURS"] || "8", 10);
1096
- const expMs = Date.now() + hours * 3600 * 1e3;
1097
- const expDateIso = new Date(expMs).toISOString();
1098
- const ua = req.headers["user-agent"] || "";
1099
- const ip = req.headers["x-forwarded-for"] || req.socket.remoteAddress || "";
1100
- if (this.pgPool) {
1101
- await this.pgPool.query("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES ($1, $2, $3, $4, $5)", [jti, u.id, expDateIso, ua, ip]);
1102
- } else {
1103
- this.db.prepare("INSERT INTO admin_sessions (id, user_id, expires_at, user_agent, ip) VALUES (?, ?, ?, ?, ?)").run(jti, u.id, expDateIso, ua, ip);
1104
- }
1105
- const token = jwt.sign({ sub: u.id, role: "admin", jti }, process.env["ADMIN_JWT_SECRET"] || "dev-admin-secret", { expiresIn: hours + "h" });
1106
- setJwtCookie(res, token);
1107
- res.redirect("/admin");
1108
- } catch (e) {
1109
- res.status(500).send("Login failed");
1110
- }
1111
- });
1112
- this.app.get("/admin/logout", async (req, res) => {
1113
- const cookies = parseCookies(req.headers.cookie);
1114
- const t = cookies["sm_admin_jwt"];
1115
- if (t) {
1116
- const verified = verifyAdminJwt(t);
1117
- if (verified) {
1118
- try {
1119
- if (this.pgPool) {
1120
- await this.pgPool.query("DELETE FROM admin_sessions WHERE id = $1", [verified.jti]);
1121
- } else {
1122
- this.db.prepare("DELETE FROM admin_sessions WHERE id = ?").run(verified.jti);
1123
- }
1124
- } catch (error) {
1125
- console.warn("Failed to delete session during logout:", error);
1126
- }
1127
- }
1128
- }
1129
- clearJwtCookie(res);
1130
- res.redirect("/admin/login");
1131
- });
1132
- }
1133
- setupWebSocket() {
1134
- this.wss = new WebSocketServer({
1135
- server: this.httpServer,
1136
- path: "/ws"
1137
- });
1138
- this.wss.on("connection", (ws, _req) => {
1139
- console.log("WebSocket connection established");
1140
- const connectionId = Math.random().toString(36).substring(7);
1141
- this.connections.set(connectionId, ws);
1142
- ws.on("message", async (data) => {
1143
- try {
1144
- const message = JSON.parse(data.toString());
1145
- const response = await this.handleWebSocketMessage(message);
1146
- ws.send(JSON.stringify(response));
1147
- } catch (error) {
1148
- ws.send(
1149
- JSON.stringify({
1150
- error: error.message
1151
- })
1152
- );
1153
- }
1154
- });
1155
- ws.on("close", () => {
1156
- this.connections.delete(connectionId);
1157
- console.log("WebSocket connection closed");
1158
- });
1159
- });
1160
- }
1161
- async handleWebSocketMessage(message) {
1162
- const { type, tool, params } = message;
1163
- switch (type) {
1164
- case "execute":
1165
- return await this.executeMCPTool(tool, params);
1166
- case "ping":
1167
- return { type: "pong" };
1168
- default:
1169
- throw new Error(`Unknown message type: ${type}`);
1170
- }
1171
- }
1172
- async setupMCPServer() {
1173
- this.mcpServer = new Server(
1174
- {
1175
- name: "stackmemory-railway",
1176
- version: "1.0.0"
1177
- },
1178
- {
1179
- capabilities: {
1180
- tools: {},
1181
- resources: {}
1182
- }
1183
- }
1184
- );
1185
- this.mcpServer.setRequestHandler("tools/list", async () => {
1186
- return {
1187
- tools: [
1188
- {
1189
- name: "save_context",
1190
- description: "Save context to StackMemory",
1191
- inputSchema: {
1192
- type: "object",
1193
- properties: {
1194
- content: { type: "string" },
1195
- type: { type: "string" }
1196
- }
1197
- }
1198
- },
1199
- {
1200
- name: "load_context",
1201
- description: "Load context from StackMemory",
1202
- inputSchema: {
1203
- type: "object",
1204
- properties: {
1205
- query: { type: "string" },
1206
- limit: { type: "number" }
1207
- }
1208
- }
1209
- }
1210
- ]
1211
- };
1212
- });
1213
- this.mcpServer.setRequestHandler(
1214
- "tools/call",
1215
- async (request) => {
1216
- const { name, arguments: args } = request.params;
1217
- return await this.executeMCPTool(name, args);
1218
- }
1219
- );
1220
- }
1221
- async executeMCPTool(tool, params) {
1222
- switch (tool) {
1223
- case "save_context": {
1224
- if (this.pgPool) {
1225
- const r = await this.pgPool.query(
1226
- `INSERT INTO contexts (project_id, content, type, metadata)
1227
- VALUES ($1, $2, $3, $4) RETURNING id`,
1228
- [params.projectId || "default", params.content, params.type || "general", params.metadata || {}]
1229
- );
1230
- return { id: r.rows[0].id, success: true };
1231
- }
1232
- const stmt = this.db.prepare(
1233
- `INSERT INTO contexts (project_id, content, type, metadata) VALUES (?, ?, ?, ?)`
1234
- );
1235
- const result = stmt.run(
1236
- params.projectId || "default",
1237
- params.content,
1238
- params.type || "general",
1239
- JSON.stringify(params.metadata || {})
1240
- );
1241
- return { id: result.lastInsertRowid, success: true };
1242
- }
1243
- case "load_context": {
1244
- if (this.pgPool) {
1245
- const r = await this.pgPool.query(
1246
- `SELECT * FROM contexts
1247
- WHERE project_id = $1 AND content ILIKE $2
1248
- ORDER BY created_at DESC
1249
- LIMIT $3`,
1250
- [params.projectId || "default", `%${params.query || ""}%`, params.limit || 10]
1251
- );
1252
- return { contexts: r.rows, success: true };
1253
- }
1254
- const stmt = this.db.prepare(
1255
- `SELECT * FROM contexts WHERE project_id = ? AND content LIKE ? ORDER BY created_at DESC LIMIT ?`
1256
- );
1257
- const contexts = stmt.all(
1258
- params.projectId || "default",
1259
- `%${params.query || ""}%`,
1260
- params.limit || 10
1261
- );
1262
- return { contexts, success: true };
1263
- }
1264
- default:
1265
- throw new Error(`Unknown tool: ${tool}`);
1266
- }
1267
- }
1268
- // Permission helpers
1269
- hasReadAccess(role, isPublic) {
1270
- if (isPublic) return true;
1271
- return role === "admin" || role === "owner" || role === "editor" || role === "viewer";
1272
- }
1273
- hasWriteAccess(role) {
1274
- return role === "admin" || role === "owner" || role === "editor";
1275
- }
1276
- async getProjectRole(projectId, userId) {
1277
- if (this.pgPool) {
1278
- const r = await this.pgPool.query(
1279
- "SELECT role FROM project_members WHERE project_id = $1 AND user_id = $2",
1280
- [projectId, userId]
1281
- );
1282
- return r.rows[0]?.role || null;
1283
- }
1284
- const row = this.db.prepare("SELECT role FROM project_members WHERE project_id = ? AND user_id = ?").get(projectId, userId);
1285
- return row?.role || null;
1286
- }
1287
- async isProjectPublic(projectId) {
1288
- if (this.pgPool) {
1289
- const r = await this.pgPool.query("SELECT is_public FROM projects WHERE id = $1", [projectId]);
1290
- return !!r.rows[0]?.is_public;
1291
- }
1292
- const row = this.db.prepare("SELECT is_public FROM projects WHERE id = ?").get(projectId);
1293
- return !!row?.is_public;
1294
- }
1295
- async ensureProjectOwner(projectId, userId) {
1296
- if (this.pgPool) {
1297
- const pr2 = await this.pgPool.query("SELECT 1 FROM projects WHERE id = $1", [projectId]);
1298
- if (pr2.rowCount === 0) {
1299
- await this.pgPool.query("INSERT INTO projects (id, name, is_public) VALUES ($1, $2, $3)", [projectId, projectId, false]);
1300
- }
1301
- const mr2 = await this.pgPool.query(
1302
- "SELECT 1 FROM project_members WHERE project_id = $1 AND user_id = $2",
1303
- [projectId, userId]
1304
- );
1305
- if (mr2.rowCount === 0) {
1306
- await this.pgPool.query(
1307
- "INSERT INTO project_members (project_id, user_id, role) VALUES ($1, $2, $3)",
1308
- [projectId, userId, "owner"]
1309
- );
1310
- }
1311
- return;
1312
- }
1313
- const pr = this.db.prepare("SELECT 1 FROM projects WHERE id = ?").get(projectId);
1314
- if (!pr) {
1315
- this.db.prepare("INSERT INTO projects (id, name, is_public) VALUES (?, ?, ?)").run(projectId, projectId, 0);
1316
- }
1317
- const mr = this.db.prepare("SELECT 1 FROM project_members WHERE project_id = ? AND user_id = ?").get(projectId, userId);
1318
- if (!mr) {
1319
- this.db.prepare("INSERT INTO project_members (project_id, user_id, role) VALUES (?, ?, ?)").run(projectId, userId, "owner");
1320
- }
1321
- }
1322
- start() {
1323
- this.httpServer.listen(config.port, "0.0.0.0", () => {
1324
- console.log(`
1325
- \u{1F682} Railway MCP Server Started
1326
- ================================
1327
- Environment: ${config.environment}
1328
- Port: ${config.port}
1329
- WebSocket: ${config.enableWebSocket ? "Enabled" : "Disabled"}
1330
- Analytics: ${config.enableAnalytics ? "Enabled" : "Disabled"}
1331
- Rate Limiting: ${config.rateLimitEnabled ? "Enabled" : "Disabled"}
1332
- Auth Mode: ${config.authMode}
1333
- ================================
1334
- Health: http://localhost:${config.port}/health
1335
- `);
1336
- });
1337
- }
1338
- }
1339
- const server = new RailwayMCPServer();
1340
- server.start();
1341
- process.on("SIGTERM", () => {
1342
- console.log("Shutting down gracefully...");
1343
- process.exit(0);
1344
- });
1345
- process.on("SIGINT", () => {
1346
- console.log("Shutting down...");
1347
- process.exit(0);
1348
- });
1349
- //# sourceMappingURL=index.js.map