@treeseed/sdk 0.9.0 → 0.10.6

package/dist/api/config.js

@@ -0,0 +1,118 @@
+import { existsSync } from "node:fs";
+import { resolve } from "node:path";
+const LOCAL_DEV_AUTH_TTL_SECONDS = 365 * 24 * 60 * 60;
+const DEFAULT_AUTH_TTL_SECONDS = 15 * 60;
+const DEFAULT_REFRESH_TTL_SECONDS = 7 * 24 * 60 * 60;
+function parseInteger(value, fallback) {
+  if (!value) return fallback;
+  const parsed = Number.parseInt(value, 10);
+  return Number.isFinite(parsed) ? parsed : fallback;
+}
+function resolveLocalWranglerConfigPath(repoRoot, env) {
+  const explicit = env.TREESEED_API_D1_WRANGLER_CONFIG?.trim() || env.TREESEED_LOCAL_WRANGLER_CONFIG?.trim();
+  if (explicit) return resolve(repoRoot, explicit);
+  const generated = resolve(repoRoot, ".treeseed", "generated", "environments", "local", "wrangler.toml");
+  return existsSync(generated) ? generated : void 0;
+}
+function normalizeUrl(value) {
+  return value.endsWith("/") ? value.slice(0, -1) : value;
+}
+function isLoopbackUrl(value) {
+  try {
+    const url = new URL(value);
+    return url.hostname === "127.0.0.1" || url.hostname === "localhost";
+  } catch {
+    return false;
+  }
+}
+function parseCsv(value) {
+  return (value ?? "").split(",").map((entry) => entry.trim().toLowerCase()).filter(Boolean);
+}
+function resolveBaseUrl(env, host, port) {
+  if (env.TREESEED_API_BASE_URL?.trim()) {
+    return normalizeUrl(env.TREESEED_API_BASE_URL.trim());
+  }
+  if (env.RAILWAY_PUBLIC_DOMAIN?.trim()) {
+    return normalizeUrl(`https://${env.RAILWAY_PUBLIC_DOMAIN.trim()}`);
+  }
+  return normalizeUrl(`http://${host}:${port}`);
+}
+function resolveAuthApprovalBaseUrl(env, baseUrl) {
+  const explicit = env.TREESEED_API_AUTH_APPROVAL_BASE_URL?.trim() || env.TREESEED_SITE_URL?.trim() || env.BETTER_AUTH_URL?.trim();
+  const explicitIsLoopback = explicit ? isLoopbackUrl(explicit) : false;
+  try {
+    const url = new URL(baseUrl);
+    const isLocalApi = url.hostname === "127.0.0.1" || url.hostname === "localhost";
+    if (!isLocalApi && explicit && explicitIsLoopback) {
+      throw new Error(`Refusing loopback device approval URL "${explicit}" for remote API "${baseUrl}".`);
+    }
+    if (explicit) {
+      return normalizeUrl(explicit);
+    }
+    if (isLocalApi && url.port === "3000") {
+      url.port = "4321";
+      return normalizeUrl(url.toString());
+    }
+  } catch (error) {
+    if (error instanceof Error && error.message.includes("Refusing loopback device approval URL")) {
+      throw error;
+    }
+    if (explicit && /^https?:\/\//u.test(explicit)) {
+      throw new Error(`Invalid device approval URL configuration for API "${baseUrl}".`);
+    }
+  }
+  return baseUrl;
+}
+function resolveApiConfig(env = process.env) {
+  const host = env.HOST?.trim() || "0.0.0.0";
+  const port = parseInteger(env.PORT, 3e3);
+  const baseUrl = resolveBaseUrl(env, host === "0.0.0.0" ? "127.0.0.1" : host, port);
+  const issuer = normalizeUrl(env.TREESEED_API_ISSUER?.trim() || baseUrl);
+  const repoRoot = resolve(env.TREESEED_API_REPO_ROOT?.trim() || process.cwd());
+  const localDevAuth = env.TREESEED_LOCAL_DEV_MODE === "cloudflare" || isLoopbackUrl(baseUrl);
+  const defaultAccessTokenTtl = localDevAuth ? LOCAL_DEV_AUTH_TTL_SECONDS : DEFAULT_AUTH_TTL_SECONDS;
+  const defaultRefreshTokenTtl = localDevAuth ? LOCAL_DEV_AUTH_TTL_SECONDS : DEFAULT_REFRESH_TTL_SECONDS;
+  return {
+    name: env.TREESEED_API_NAME?.trim() || "@treeseed/sdk/api",
+    host,
+    port,
+    baseUrl,
+    authApprovalBaseUrl: resolveAuthApprovalBaseUrl(env, baseUrl),
+    issuer,
+    repoRoot,
+    projectId: env.TREESEED_PROJECT_ID?.trim() || "treeseed-project",
+    authSecret: env.TREESEED_API_AUTH_SECRET?.trim() || "treeseed-api-dev-secret",
+    projectApiKey: env.TREESEED_API_PROJECT_KEY?.trim() || void 0,
+    projectApiLabel: env.TREESEED_API_PROJECT_LABEL?.trim() || "Project API Key",
+    projectApiPermissions: parseCsv(env.TREESEED_API_PROJECT_KEY_PERMISSIONS).length > 0 ? parseCsv(env.TREESEED_API_PROJECT_KEY_PERMISSIONS) : ["sdk:execute:global", "agent:execute:global", "operations:execute:global"],
+    cloudflareAccountId: env.CLOUDFLARE_ACCOUNT_ID?.trim() || void 0,
+    cloudflareApiToken: env.CLOUDFLARE_API_TOKEN?.trim() || void 0,
+    d1DatabaseId: env.TREESEED_API_D1_DATABASE_ID?.trim() || void 0,
+    d1DatabaseName: env.TREESEED_API_D1_DATABASE_NAME?.trim() || env.SITE_DATA_DB?.trim() || void 0,
+    d1LocalPersistTo: env.TREESEED_API_D1_LOCAL_PERSIST_TO?.trim() || resolve(repoRoot, ".wrangler/state/v3/d1"),
+    d1WranglerConfigPath: resolveLocalWranglerConfigPath(repoRoot, env),
+    webServiceId: env.TREESEED_API_WEB_SERVICE_ID?.trim() || "web",
+    webServiceSecret: env.TREESEED_API_WEB_SERVICE_SECRET?.trim() || "treeseed-web-service-dev-secret",
+    webAssertionSecret: env.TREESEED_API_WEB_ASSERTION_SECRET?.trim() || env.TREESEED_API_AUTH_SECRET?.trim() || "treeseed-web-assertion-dev-secret",
+    webExchangeTtlSeconds: parseInteger(env.TREESEED_API_WEB_EXCHANGE_TTL, 300),
+    bootstrapAdminAllowlist: parseCsv(env.TREESEED_API_BOOTSTRAP_ADMIN_ALLOWLIST),
+    accessTokenTtlSeconds: parseInteger(env.TREESEED_API_ACCESS_TOKEN_TTL, defaultAccessTokenTtl),
+    refreshTokenTtlSeconds: parseInteger(env.TREESEED_API_REFRESH_TOKEN_TTL, defaultRefreshTokenTtl),
+    deviceCodeTtlSeconds: parseInteger(env.TREESEED_API_DEVICE_CODE_TTL, 10 * 60),
+    deviceCodePollIntervalSeconds: parseInteger(env.TREESEED_API_DEVICE_CODE_POLL_INTERVAL, 5),
+    templateCatalogPath: env.TREESEED_API_TEMPLATE_CATALOG_PATH?.trim() || void 0,
+    providers: {
+      auth: env.TREESEED_API_PROVIDER_AUTH?.trim() || "d1",
+      agents: {
+        execution: env.TREESEED_API_PROVIDER_AGENT_EXECUTION?.trim() || "stub",
+        queue: env.TREESEED_API_PROVIDER_AGENT_QUEUE?.trim() || "memory",
+        notification: env.TREESEED_API_PROVIDER_AGENT_NOTIFICATION?.trim() || "stub",
+        repository: env.TREESEED_API_PROVIDER_AGENT_REPOSITORY?.trim() || "stub",
+        verification: env.TREESEED_API_PROVIDER_AGENT_VERIFICATION?.trim() || "stub"
+      }
+    }
+  };
+}
+export {
+  resolveApiConfig
+};

package/dist/api/http.d.ts

@@ -0,0 +1,28 @@
+import type { Context } from 'hono';
+import type { ApiPrincipal, ApiScope } from '../remote.ts';
+import type { AppVariables } from './types.ts';
+export type ApiContext = Context<{
+    Variables: AppVariables;
+}>;
+export declare function jsonError(c: Context, status: number, error: string, details?: Record<string, unknown>): Response & import("hono").TypedResponse<{
+    ok: false;
+    error: string;
+}, never, "json">;
+export declare function bearerTokenFromRequest(request: Request): string | null;
+export declare function hasScope(principal: ApiPrincipal | null, requiredScope: ApiScope): boolean;
+export declare function requireScope(c: ApiContext, requiredScope: ApiScope): (Response & import("hono").TypedResponse<{
+    ok: false;
+    error: string;
+}, never, "json">) | null;
+export declare function requireAuthentication(c: ApiContext): (Response & import("hono").TypedResponse<{
+    ok: false;
+    error: string;
+}, never, "json">) | null;
+export declare function requireActorType(c: ApiContext, actorType: 'anonymous' | 'user' | 'service' | 'project', message?: string): (Response & import("hono").TypedResponse<{
+    ok: false;
+    error: string;
+}, never, "json">) | null;
+export declare function requirePermission(c: ApiContext, permission: string): (Response & import("hono").TypedResponse<{
+    ok: false;
+    error: string;
+}, never, "json">) | null;

package/dist/api/http.js

@@ -0,0 +1,51 @@
+import { permissionGranted } from "./auth/rbac.js";
+function jsonError(c, status, error, details) {
+  return c.json({
+    ok: false,
+    error,
+    ...details ?? {}
+  }, { status });
+}
+function bearerTokenFromRequest(request) {
+  const header = request.headers.get("authorization");
+  if (!header) return null;
+  const match = header.match(/^Bearer\s+(.+)$/i);
+  return match?.[1] ?? null;
+}
+function hasScope(principal, requiredScope) {
+  return Boolean(principal && (principal.scopes.includes(requiredScope) || principal.scopes.includes("*")));
+}
+function requireScope(c, requiredScope) {
+  if (!hasScope(c.get("principal"), requiredScope)) {
+    return jsonError(c, 401, "Authentication required.", { requiredScope });
+  }
+  return null;
+}
+function requireAuthentication(c) {
+  if (!c.get("principal")) {
+    return jsonError(c, 401, "Authentication required.");
+  }
+  return null;
+}
+function requireActorType(c, actorType, message = "Trusted service authentication required.") {
+  if (c.get("actorType") !== actorType) {
+    return jsonError(c, 401, message);
+  }
+  return null;
+}
+function requirePermission(c, permission) {
+  const principal = c.get("principal");
+  if (!principal || !permissionGranted(c.get("permissionGrants"), permission)) {
+    return jsonError(c, 403, "Permission denied.", { permission });
+  }
+  return null;
+}
+export {
+  bearerTokenFromRequest,
+  hasScope,
+  jsonError,
+  requireActorType,
+  requireAuthentication,
+  requirePermission,
+  requireScope
+};

package/dist/api/index.d.ts

@@ -0,0 +1,10 @@
+export { createTreeseedApiApp, createTreeseedApiRouter } from './app.ts';
+export { resolveApiConfig } from './config.ts';
+export { createRailwayTreeseedApiServer, createTreeseedNodeServer } from './railway.ts';
+export { resolveApiRuntimeProviders } from './providers.ts';
+export { resolveApiD1Database } from './auth/d1-database.ts';
+export { loadTemplateCatalog } from './templates.ts';
+export { MemoryDeviceCodeAuthProvider } from './auth/memory-provider.ts';
+export { D1AuthProvider } from './auth/d1-provider.ts';
+export { bearerTokenFromRequest, jsonError, requireActorType, requireAuthentication, requirePermission, requireScope } from './http.ts';
+export type * from './types.ts';

package/dist/api/index.js

@@ -0,0 +1,27 @@
+import { createTreeseedApiApp, createTreeseedApiRouter } from "./app.js";
+import { resolveApiConfig } from "./config.js";
+import { createRailwayTreeseedApiServer, createTreeseedNodeServer } from "./railway.js";
+import { resolveApiRuntimeProviders } from "./providers.js";
+import { resolveApiD1Database } from "./auth/d1-database.js";
+import { loadTemplateCatalog } from "./templates.js";
+import { MemoryDeviceCodeAuthProvider } from "./auth/memory-provider.js";
+import { D1AuthProvider } from "./auth/d1-provider.js";
+import { bearerTokenFromRequest, jsonError, requireActorType, requireAuthentication, requirePermission, requireScope } from "./http.js";
+export {
+  D1AuthProvider,
+  MemoryDeviceCodeAuthProvider,
+  bearerTokenFromRequest,
+  createRailwayTreeseedApiServer,
+  createTreeseedApiApp,
+  createTreeseedApiRouter,
+  createTreeseedNodeServer,
+  jsonError,
+  loadTemplateCatalog,
+  requireActorType,
+  requireAuthentication,
+  requirePermission,
+  requireScope,
+  resolveApiConfig,
+  resolveApiD1Database,
+  resolveApiRuntimeProviders
+};

package/dist/api/operations-routes.d.ts

@@ -0,0 +1,11 @@
+import type { Hono } from 'hono';
+import type { AgentSdk } from '../sdk.ts';
+import { executeHttpWorkflowOperation } from './operations.ts';
+import type { ApiConfig } from './types.ts';
+export declare function registerOperationRoutes(app: Hono<any>, options: {
+    config: ApiConfig;
+    scope: string;
+    prefix?: string;
+    sdk?: AgentSdk;
+    executeOperation?: typeof executeHttpWorkflowOperation;
+}): void;

package/dist/api/operations-routes.js

@@ -0,0 +1,39 @@
+import { findTreeseedOperation } from "../operations-registry.js";
+import { executeHttpWorkflowOperation, isHttpWorkflowOperationAllowed } from "./operations.js";
+import { jsonError, requireScope } from "./http.js";
+function registerOperationRoutes(app, options) {
+  const executeOperation = options.executeOperation ?? executeHttpWorkflowOperation;
+  const prefix = options.prefix ?? "";
+  function withPrefix(path) {
+    if (!prefix) return path;
+    return `${prefix}${path}`.replace(/\/{2,}/g, "/");
+  }
+  app.post(withPrefix("/operations/:operation"), async (c) => {
+    const unauthorized = requireScope(c, options.scope);
+    if (unauthorized) return unauthorized;
+    const requestedOperation = c.req.param("operation");
+    const resolvedOperation = findTreeseedOperation(requestedOperation);
+    if (!resolvedOperation) {
+      return jsonError(c, 400, `Unknown Treeseed operation "${requestedOperation}".`, {
+        operation: requestedOperation
+      });
+    }
+    if (!isHttpWorkflowOperationAllowed(resolvedOperation.name)) {
+      return jsonError(c, 400, `Workflow operation "${resolvedOperation.name}" is not supported over HTTP.`, {
+        operation: resolvedOperation.name
+      });
+    }
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const result = await executeOperation(resolvedOperation.name, body);
+      return c.json(result, { status: result.ok ? 200 : 400 });
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      const status = /Unknown Treeseed operation|not supported over HTTP|confirmation required/i.test(message) ? 400 : 500;
+      return jsonError(c, status, message, { operation: resolvedOperation.name });
+    }
+  });
+}
+export {
+  registerOperationRoutes
+};

package/dist/api/operations.d.ts

@@ -0,0 +1,3 @@
+import type { ApiWorkflowOperationResponse, WorkflowHttpOperationRequest } from './types.ts';
+export declare function isHttpWorkflowOperationAllowed(operation: string): boolean;
+export declare function executeHttpWorkflowOperation(operation: string, request: WorkflowHttpOperationRequest): Promise<ApiWorkflowOperationResponse>;

package/dist/api/operations.js

@@ -0,0 +1,26 @@
+import { TreeseedOperationsSdk } from "../operations.js";
+const HTTP_BLOCKED_WORKFLOW_OPERATIONS = /* @__PURE__ */ new Set(["dev", "dev:watch"]);
+function isHttpWorkflowOperationAllowed(operation) {
+  return !HTTP_BLOCKED_WORKFLOW_OPERATIONS.has(operation);
+}
+async function executeHttpWorkflowOperation(operation, request) {
+  if (!isHttpWorkflowOperationAllowed(operation)) {
+    throw new Error(`Workflow operation "${operation}" is not supported over HTTP.`);
+  }
+  const operations = new TreeseedOperationsSdk();
+  return operations.execute({
+    operationName: operation,
+    input: request.input ?? {}
+  }, {
+    cwd: request.cwd ?? process.cwd(),
+    env: {
+      ...process.env,
+      ...request.env ?? {}
+    },
+    transport: "api"
+  });
+}
+export {
+  executeHttpWorkflowOperation,
+  isHttpWorkflowOperationAllowed
+};

package/dist/api/providers.d.ts

@@ -0,0 +1,2 @@
+import type { ApiConfig, ApiRuntimeProviders, ResolvedApiRuntimeProviders } from './types.ts';
+export declare function resolveApiRuntimeProviders(config: ApiConfig, overrides?: ApiRuntimeProviders): ResolvedApiRuntimeProviders;

package/dist/api/providers.js

@@ -0,0 +1,68 @@
+import { MemoryDeviceCodeAuthProvider } from "./auth/memory-provider.js";
+import { D1AuthProvider } from "./auth/d1-provider.js";
+import { resolveApiD1Database } from "./auth/d1-database.js";
+function addProviders(target, incoming, label) {
+  for (const [id, value] of Object.entries(incoming ?? {})) {
+    if (target.has(id)) {
+      throw new Error(`Treeseed API runtime found duplicate ${label} provider "${id}".`);
+    }
+    target.set(id, value);
+  }
+}
+function resolveSelectedProvider(registry, selectedId, label) {
+  const selected = registry.get(selectedId);
+  if (!selected) {
+    throw new Error(`Treeseed API runtime could not resolve ${label} provider "${selectedId}".`);
+  }
+  return selected;
+}
+function resolveApiRuntimeProviders(config, overrides = {}) {
+  const authRegistry = /* @__PURE__ */ new Map();
+  const agentExecution = /* @__PURE__ */ new Map();
+  const agentQueue = /* @__PURE__ */ new Map();
+  const agentNotification = /* @__PURE__ */ new Map();
+  const agentRepository = /* @__PURE__ */ new Map();
+  const agentVerification = /* @__PURE__ */ new Map();
+  addProviders(authRegistry, {
+    memory: ({ config: runtimeConfig }) => new MemoryDeviceCodeAuthProvider({
+      ...runtimeConfig,
+      baseUrl: runtimeConfig.authApprovalBaseUrl ?? runtimeConfig.baseUrl
+    }),
+    d1: ({ config: runtimeConfig }) => new D1AuthProvider({
+      ...runtimeConfig,
+      baseUrl: runtimeConfig.authApprovalBaseUrl ?? runtimeConfig.baseUrl
+    }, { db: resolveApiD1Database(runtimeConfig) })
+  }, "auth");
+  addProviders(authRegistry, overrides.auth, "auth");
+  addProviders(agentExecution, { stub: { id: "stub" } }, "agent execution");
+  addProviders(agentQueue, { memory: { id: "memory" } }, "agent queue");
+  addProviders(agentNotification, { stub: { id: "stub" } }, "agent notification");
+  addProviders(agentRepository, { stub: { id: "stub" } }, "agent repository");
+  addProviders(agentVerification, { stub: { id: "stub" } }, "agent verification");
+  addProviders(agentExecution, overrides.agentExecution, "agent execution");
+  addProviders(agentQueue, overrides.agentQueue, "agent queue");
+  addProviders(agentNotification, overrides.agentNotification, "agent notification");
+  addProviders(agentRepository, overrides.agentRepository, "agent repository");
+  addProviders(agentVerification, overrides.agentVerification, "agent verification");
+  const authFactory = resolveSelectedProvider(authRegistry, config.providers.auth, "auth");
+  resolveSelectedProvider(agentExecution, config.providers.agents.execution, "agent execution");
+  resolveSelectedProvider(agentQueue, config.providers.agents.queue, "agent queue");
+  resolveSelectedProvider(agentNotification, config.providers.agents.notification, "agent notification");
+  resolveSelectedProvider(agentRepository, config.providers.agents.repository, "agent repository");
+  resolveSelectedProvider(agentVerification, config.providers.agents.verification, "agent verification");
+  return {
+    auth: authFactory({ config }),
+    registries: {
+      auth: authRegistry,
+      agentExecution,
+      agentQueue,
+      agentNotification,
+      agentRepository,
+      agentVerification
+    },
+    selections: config.providers
+  };
+}
+export {
+  resolveApiRuntimeProviders
+};

package/dist/api/railway.d.ts

@@ -0,0 +1,52 @@
+import { type Server } from 'node:http';
+import type { Hono } from 'hono';
+import type { ApiServerOptions } from './types.ts';
+export declare function createTreeseedNodeServer(options?: ApiServerOptions): Promise<{
+    app: Hono<{
+        Variables: import("./types.ts").AppVariables;
+    }, import("hono/types").BlankSchema, "/">;
+    config: {
+        providers: {
+            agents: {
+                execution: string;
+                queue: string;
+                notification: string;
+                repository: string;
+                verification: string;
+            };
+            auth: string;
+        };
+        name: string;
+        host: string;
+        port: number;
+        baseUrl: string;
+        authApprovalBaseUrl?: string;
+        issuer: string;
+        repoRoot: string;
+        projectId: string;
+        authSecret: string;
+        projectApiKey?: string;
+        projectApiLabel: string;
+        projectApiPermissions: string[];
+        cloudflareAccountId?: string;
+        cloudflareApiToken?: string;
+        d1DatabaseId?: string;
+        d1DatabaseName?: string;
+        d1LocalPersistTo?: string;
+        d1WranglerConfigPath?: string;
+        webServiceId: string;
+        webServiceSecret: string;
+        webAssertionSecret: string;
+        webExchangeTtlSeconds: number;
+        bootstrapAdminAllowlist: string[];
+        accessTokenTtlSeconds: number;
+        refreshTokenTtlSeconds: number;
+        deviceCodeTtlSeconds: number;
+        deviceCodePollIntervalSeconds: number;
+        templateCatalogPath?: string;
+    };
+    server: Server<typeof import("http").IncomingMessage, typeof import("http").ServerResponse>;
+    url: string;
+    close(): Promise<void>;
+}>;
+export declare const createRailwayTreeseedApiServer: typeof createTreeseedNodeServer;

package/dist/api/railway.js

@@ -0,0 +1,71 @@
+import { createServer } from "node:http";
+import { Readable } from "node:stream";
+import { createTreeseedApiApp } from "./app.js";
+import { resolveApiConfig } from "./config.js";
+function hasRequestBody(method) {
+  return method !== "GET" && method !== "HEAD";
+}
+async function honoNodeHandler(app, request, response) {
+  const req = request;
+  const res = response;
+  const origin = req.headers.host ? `http://${req.headers.host}` : "http://127.0.0.1";
+  const url = new URL(req.url ?? "/", origin);
+  const webRequest = new Request(url, {
+    method: req.method,
+    headers: req.headers,
+    body: hasRequestBody(req.method) ? req : void 0,
+    duplex: "half"
+  });
+  const webResponse = await app.fetch(webRequest);
+  res.statusCode = webResponse.status;
+  webResponse.headers.forEach((value, key) => {
+    res.setHeader(key, value);
+  });
+  if (!webResponse.body) {
+    res.end();
+    return;
+  }
+  Readable.fromWeb(webResponse.body).pipe(res);
+}
+async function createTreeseedNodeServer(options = {}) {
+  const config = {
+    ...resolveApiConfig(),
+    ...options.config ?? {},
+    providers: {
+      ...resolveApiConfig().providers,
+      ...options.config?.providers ?? {},
+      agents: {
+        ...resolveApiConfig().providers.agents,
+        ...options.config?.providers?.agents ?? {}
+      }
+    }
+  };
+  const app = createTreeseedApiApp({
+    ...options,
+    config
+  });
+  const server = createServer((req, res) => {
+    void honoNodeHandler(app, req, res);
+  });
+  await new Promise((resolvePromise) => {
+    server.listen(config.port, config.host, () => resolvePromise());
+  });
+  const address = server.address();
+  const resolvedUrl = address ? `${config.baseUrl.startsWith("http") ? config.baseUrl : `http://${address.address}:${address.port}`}` : config.baseUrl;
+  return {
+    app,
+    config,
+    server,
+    url: resolvedUrl,
+    async close() {
+      await new Promise((resolvePromise, rejectPromise) => {
+        server.close((error) => error ? rejectPromise(error) : resolvePromise());
+      });
+    }
+  };
+}
+const createRailwayTreeseedApiServer = createTreeseedNodeServer;
+export {
+  createRailwayTreeseedApiServer,
+  createTreeseedNodeServer
+};

package/dist/api/sdk-dispatch.d.ts

@@ -0,0 +1,6 @@
+import type { RemoteSdkOperationRequest } from '../remote.ts';
+import type { AgentSdk } from '../sdk.ts';
+import { executeSdkOperation, findSdkOperation, listSdkOperationNames } from '../sdk-dispatch.ts';
+import type { ApiConfig } from './types.ts';
+export { executeSdkOperation, findSdkOperation, listSdkOperationNames, };
+export declare function resolveSdkInstance(sharedSdk: AgentSdk | undefined, config: ApiConfig, request: RemoteSdkOperationRequest): AgentSdk;

package/dist/api/sdk-dispatch.js

@@ -0,0 +1,14 @@
+import { AgentSdk as AgentSdkClass } from "../sdk.js";
+import { executeSdkOperation, findSdkOperation, listSdkOperationNames } from "../sdk-dispatch.js";
+function resolveSdkInstance(sharedSdk, config, request) {
+  if (!request.repoRoot || request.repoRoot === config.repoRoot) {
+    return sharedSdk ?? new AgentSdkClass({ repoRoot: config.repoRoot });
+  }
+  return new AgentSdkClass({ repoRoot: request.repoRoot });
+}
+export {
+  executeSdkOperation,
+  findSdkOperation,
+  listSdkOperationNames,
+  resolveSdkInstance
+};

package/dist/api/sdk-routes.d.ts

@@ -0,0 +1,11 @@
+import type { Hono } from 'hono';
+import type { AgentSdk } from '../sdk.ts';
+import type { ApiConfig } from './types.ts';
+interface RegisterSdkRoutesOptions {
+    config: ApiConfig;
+    sharedSdk?: AgentSdk;
+    scope: string;
+    prefix?: string;
+}
+export declare function registerSdkRoutes(app: Hono<any>, options: RegisterSdkRoutesOptions): void;
+export {};

package/dist/api/sdk-routes.js

@@ -0,0 +1,29 @@
+import { executeSdkOperation, resolveSdkInstance } from "./sdk-dispatch.js";
+import { jsonError, requireScope } from "./http.js";
+function withPrefix(prefix, path) {
+  if (!prefix) return path;
+  return `${prefix}${path}`.replace(/\/{2,}/g, "/");
+}
+function registerSdkRoutes(app, options) {
+  app.post(withPrefix(options.prefix ?? "", "/sdk/:operation"), async (c) => {
+    const unauthorized = requireScope(c, options.scope);
+    if (unauthorized) return unauthorized;
+    const operation = c.req.param("operation");
+    const body = await c.req.json().catch(() => ({}));
+    try {
+      const result = await executeSdkOperation(
+        resolveSdkInstance(options.sharedSdk, options.config, body),
+        operation,
+        body.input ?? {}
+      );
+      return c.json(result);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      const status = /Unknown SDK operation/.test(message) ? 400 : 500;
+      return jsonError(c, status, message, { operation });
+    }
+  });
+}
+export {
+  registerSdkRoutes
+};

package/dist/api/templates.d.ts

@@ -0,0 +1,3 @@
+import type { SdkTemplateCatalogResponse } from '../sdk-types.ts';
+import type { ApiConfig } from './types.ts';
+export declare function loadTemplateCatalog(config: ApiConfig): SdkTemplateCatalogResponse;

package/dist/api/templates.js

@@ -0,0 +1,31 @@
+import { existsSync, readFileSync } from "node:fs";
+import { createRequire } from "node:module";
+import { dirname, resolve } from "node:path";
+import { parseTemplateCatalogResponse } from "../template-catalog.js";
+const require2 = createRequire(import.meta.url);
+function resolveSdkPackageRoot() {
+  const exportedEntrypoint = require2.resolve("@treeseed/sdk");
+  const distRoot = dirname(exportedEntrypoint);
+  const packageRoot = resolve(distRoot, "..");
+  return packageRoot;
+}
+function resolveDefaultCatalogPath() {
+  const sdkRoot = resolveSdkPackageRoot();
+  const candidates = [
+    resolve(sdkRoot, "dist", "treeseed", "template-catalog", "catalog.fixture.json"),
+    resolve(sdkRoot, "src", "treeseed", "template-catalog", "catalog.fixture.json")
+  ];
+  for (const candidate of candidates) {
+    if (existsSync(candidate)) {
+      return candidate;
+    }
+  }
+  throw new Error("Unable to resolve the bundled Treeseed template catalog fixture.");
+}
+function loadTemplateCatalog(config) {
+  const catalogPath = config.templateCatalogPath ?? resolveDefaultCatalogPath();
+  return parseTemplateCatalogResponse(JSON.parse(readFileSync(catalogPath, "utf8")));
+}
+export {
+  loadTemplateCatalog
+};