npm - @tstax/coding-tab - Versions diffs - 0.1.0 - Mend

@tstax/coding-tab 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/server.js ADDED Viewed

@@ -0,0 +1,668 @@
+// src/server/index.ts
+import express from "express";
+// src/server/authRoutes.ts
+import { Router } from "express";
+import { randomBytes } from "crypto";
+// src/server/authMiddleware.ts
+import { getIronSession } from "iron-session";
+// src/server/session.ts
+var SESSION_COOKIE_NAME = "coding_tab_session";
+function buildSessionOptions(password, secure) {
+  return {
+    password,
+    cookieName: SESSION_COOKIE_NAME,
+    cookieOptions: {
+      httpOnly: true,
+      secure,
+      sameSite: "lax",
+      path: "/",
+      maxAge: 60 * 60 * 24 * 30
+    }
+  };
+}
+// src/server/authMiddleware.ts
+function getSession(req, res, opts) {
+  return getIronSession(req, res, buildSessionOptions(opts.sessionPassword, opts.secure));
+}
+function makeRequireAuth(opts) {
+  const allowed = new Set(opts.allowedLogins.map((l) => l.toLowerCase()));
+  return async function requireAuth(req, res, next) {
+    try {
+      const session = await getSession(req, res, opts);
+      if (!session.githubLogin || !session.accessToken) {
+        res.status(401).json({ error: "unauthenticated" });
+        return;
+      }
+      if (allowed.size > 0 && !allowed.has(session.githubLogin.toLowerCase())) {
+        res.status(403).json({ error: "not_authorized" });
+        return;
+      }
+      req.user = {
+        githubLogin: session.githubLogin,
+        accessToken: session.accessToken,
+        avatarUrl: session.avatarUrl
+      };
+      next();
+    } catch (err) {
+      console.error(`[${SESSION_COOKIE_NAME}] requireAuth failed`, err);
+      res.status(500).json({ error: "session_error" });
+    }
+  };
+}
+// src/server/authRoutes.ts
+var OAUTH_STATE_TTL_MS = 10 * 60 * 1e3;
+function makeAuthRouter(opts) {
+  const router = Router();
+  const allowed = new Set(opts.oauth.allowedLogins.map((l) => l.toLowerCase()));
+  const scopes = opts.oauth.scopes ?? ["repo", "read:user"];
+  router.get("/auth/login", async (req, res) => {
+    const session = await getSession(req, res, opts);
+    const state = randomBytes(24).toString("hex");
+    session.oauthState = state;
+    session.oauthStateCreatedAt = Date.now();
+    await session.save();
+    const url = new URL("https://github.com/login/oauth/authorize");
+    url.searchParams.set("client_id", opts.oauth.clientId);
+    url.searchParams.set("redirect_uri", opts.oauth.callbackUrl);
+    url.searchParams.set("scope", scopes.join(" "));
+    url.searchParams.set("state", state);
+    url.searchParams.set("allow_signup", "false");
+    res.redirect(302, url.toString());
+  });
+  router.get("/auth/callback", async (req, res) => {
+    const session = await getSession(req, res, opts);
+    const code = typeof req.query.code === "string" ? req.query.code : null;
+    const state = typeof req.query.state === "string" ? req.query.state : null;
+    const expectedState = session.oauthState;
+    const stateAge = session.oauthStateCreatedAt ? Date.now() - session.oauthStateCreatedAt : Number.POSITIVE_INFINITY;
+    session.oauthState = void 0;
+    session.oauthStateCreatedAt = void 0;
+    if (!code || !state || !expectedState || state !== expectedState || stateAge > OAUTH_STATE_TTL_MS) {
+      await session.save();
+      res.status(400).send("OAuth state mismatch or expired. Try signing in again.");
+      return;
+    }
+    try {
+      const tokenResp = await fetch("https://github.com/login/oauth/access_token", {
+        method: "POST",
+        headers: {
+          Accept: "application/json",
+          "Content-Type": "application/json"
+        },
+        body: JSON.stringify({
+          client_id: opts.oauth.clientId,
+          client_secret: opts.oauth.clientSecret,
+          code,
+          redirect_uri: opts.oauth.callbackUrl
+        })
+      });
+      const tokenJson = await tokenResp.json();
+      if (!tokenJson.access_token) {
+        await session.save();
+        res.status(401).send(`GitHub token exchange failed: ${tokenJson.error_description ?? tokenJson.error ?? "unknown"}`);
+        return;
+      }
+      const userResp = await fetch("https://api.github.com/user", {
+        headers: {
+          Authorization: `Bearer ${tokenJson.access_token}`,
+          Accept: "application/vnd.github+json",
+          "X-GitHub-Api-Version": "2022-11-28"
+        }
+      });
+      if (!userResp.ok) {
+        await session.save();
+        res.status(401).send(`GitHub user lookup failed: ${userResp.status}`);
+        return;
+      }
+      const user = await userResp.json();
+      if (allowed.size > 0 && !allowed.has(user.login.toLowerCase())) {
+        await session.save();
+        res.status(403).send(`@${user.login} is not on the allowlist for this app.`);
+        return;
+      }
+      session.githubLogin = user.login;
+      session.avatarUrl = user.avatar_url;
+      session.accessToken = tokenJson.access_token;
+      await session.save();
+      res.redirect(302, opts.basePath + "/");
+    } catch (err) {
+      console.error("[coding-tab] OAuth callback failed", err);
+      res.status(500).send("OAuth callback failed. Check server logs.");
+    }
+  });
+  router.post("/auth/logout", async (req, res) => {
+    const session = await getSession(req, res, opts);
+    session.destroy();
+    res.json({ ok: true });
+  });
+  router.get("/auth/me", async (req, res) => {
+    const session = await getSession(req, res, opts);
+    if (!session.githubLogin || !session.accessToken) {
+      res.status(401).json({ error: "unauthenticated" });
+      return;
+    }
+    if (allowed.size > 0 && !allowed.has(session.githubLogin.toLowerCase())) {
+      res.status(403).json({ error: "not_authorized" });
+      return;
+    }
+    res.json({ githubLogin: session.githubLogin, avatarUrl: session.avatarUrl });
+  });
+  return router;
+}
+// src/server/agentRoutes.ts
+import { Router as Router2 } from "express";
+import { Agent, CursorAgentError } from "@cursor/sdk";
+// src/server/models.ts
+import { Cursor } from "@cursor/sdk";
+var SONNET_PATTERN = /sonnet/i;
+var OPUS_PATTERN = /opus/i;
+var cache = null;
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+async function getModelList(apiKey) {
+  if (cache && Date.now() - cache.fetchedAt < CACHE_TTL_MS) return cache.models;
+  const models = await Cursor.models.list({ apiKey });
+  cache = { fetchedAt: Date.now(), models };
+  return models;
+}
+function pickBest(models, pattern) {
+  const matches = models.filter((m) => pattern.test(m.id) || pattern.test(m.displayName) || (m.aliases ?? []).some((a) => pattern.test(a)));
+  if (matches.length === 0) return void 0;
+  matches.sort((a, b) => b.id.localeCompare(a.id));
+  return matches[0];
+}
+async function listAvailableModels(apiKey) {
+  const models = await getModelList(apiKey);
+  const out = [];
+  const sonnet = pickBest(models, SONNET_PATTERN);
+  if (sonnet) out.push({ choice: "sonnet", cursorModelId: sonnet.id, displayName: sonnet.displayName ?? sonnet.id });
+  const opus = pickBest(models, OPUS_PATTERN);
+  if (opus) out.push({ choice: "opus", cursorModelId: opus.id, displayName: opus.displayName ?? opus.id });
+  return out;
+}
+async function resolveModel(apiKey, choice) {
+  const models = await getModelList(apiKey);
+  const pattern = choice === "sonnet" ? SONNET_PATTERN : OPUS_PATTERN;
+  const picked = pickBest(models, pattern);
+  if (!picked) {
+    const available = models.map((m) => `${m.displayName} (${m.id})`).join(", ");
+    throw new Error(`No Cursor-routed model matches "${choice}". Available: ${available}`);
+  }
+  return { cursorModelId: picked.id, displayName: picked.displayName ?? picked.id };
+}
+// src/server/sessions.ts
+import { randomUUID } from "crypto";
+var SESSION_IDLE_TTL_MS = 30 * 60 * 1e3;
+var sessions = /* @__PURE__ */ new Map();
+var sweeperStarted = false;
+function startSweeper() {
+  if (sweeperStarted) return;
+  sweeperStarted = true;
+  setInterval(() => {
+    const now = Date.now();
+    for (const [id, s] of sessions) {
+      if (now - s.lastUsedAt > SESSION_IDLE_TTL_MS) {
+        disposeSession(id).catch((e) => console.error("[coding-tab] session sweep dispose failed", e));
+      }
+    }
+  }, 5 * 60 * 1e3).unref?.();
+}
+function registerSession(opts) {
+  startSweeper();
+  const id = randomUUID();
+  const session = {
+    id,
+    githubLogin: opts.githubLogin,
+    agent: opts.agent,
+    repoUrl: opts.repoUrl,
+    startingRef: opts.startingRef,
+    createdAt: Date.now(),
+    lastUsedAt: Date.now()
+  };
+  sessions.set(id, session);
+  return session;
+}
+function getSession2(id) {
+  const s = sessions.get(id);
+  if (s) s.lastUsedAt = Date.now();
+  return s;
+}
+async function disposeSession(id) {
+  const s = sessions.get(id);
+  if (!s) return;
+  sessions.delete(id);
+  try {
+    await s.agent[Symbol.asyncDispose]();
+  } catch (err) {
+    console.error("[coding-tab] dispose failed", err);
+  }
+}
+// src/server/agentRoutes.ts
+var PLAN_INSTRUCTION = `You are operating in PLAN MODE.
+Produce a clear, concise markdown plan for the user's request. Do NOT modify any files. Do NOT call any file-editing or shell tools that mutate state. Read-only exploration tools (Read, Grep, Glob, semantic search) are encouraged.
+Structure the plan with:
+- Goal (1 line)
+- Approach (3-7 bullet points)
+- Files that will change (bulleted, with absolute or repo-relative paths)
+- Risks / things to verify after implementation
+When you are done, end your message with a single line: PLAN READY`;
+var EXECUTE_INSTRUCTION = `You are now in AGENT MODE. Implement the plan you produced above. Make all required file changes, run any necessary commands, and prepare the changes for a pull request. When complete, summarize what changed in 3-5 bullets.`;
+function sse(res, event) {
+  res.write(`data: ${JSON.stringify(event)}
+`);
+}
+function parsePrUrl(url) {
+  if (!url) return void 0;
+  const match = url.match(/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/);
+  if (!match) return void 0;
+  return { url, owner: match[1], repo: match[2], number: Number(match[3]) };
+}
+function modeInstructionPrefix(mode, prompt) {
+  return mode === "plan" ? `${PLAN_INSTRUCTION}
+---
+User request:
+${prompt}` : prompt;
+}
+function setupSseHeaders(res) {
+  res.set({
+    "Content-Type": "text/event-stream",
+    "Cache-Control": "no-cache, no-transform",
+    Connection: "keep-alive",
+    "X-Accel-Buffering": "no"
+  });
+  res.flushHeaders?.();
+}
+async function streamRun(res, run) {
+  try {
+    for await (const message of run.stream()) {
+      if (res.writableEnded) break;
+      if (message.type === "assistant") {
+        for (const block of message.message.content) {
+          if (block.type === "text" && block.text) sse(res, { kind: "text", text: block.text });
+          else if (block.type === "tool_use") sse(res, { kind: "tool", name: block.name, status: "running", callId: block.id, args: block.input });
+        }
+      } else if (message.type === "thinking") {
+        sse(res, { kind: "thinking", text: message.text });
+      } else if (message.type === "tool_call") {
+        sse(res, { kind: "tool", name: message.name, status: message.status, callId: message.call_id, args: message.args, result: message.result });
+      } else if (message.type === "status") {
+        sse(res, { kind: "status", status: message.status, message: message.message });
+      }
+    }
+    const result = await run.wait();
+    const prUrl = result.git?.branches?.find((b) => b.prUrl)?.prUrl;
+    sse(res, {
+      kind: "result",
+      status: result.status,
+      pr: parsePrUrl(prUrl),
+      durationMs: result.durationMs
+    });
+  } catch (err) {
+    const message = err instanceof Error ? err.message : String(err);
+    const retryable = err instanceof CursorAgentError ? Boolean(err.isRetryable) : false;
+    sse(res, { kind: "error", message, retryable });
+  } finally {
+    if (!res.writableEnded) res.end();
+  }
+}
+function makeAgentRouter(opts) {
+  const router = Router2();
+  router.get("/models", async (_req, res) => {
+    try {
+      const models = await listAvailableModels(opts.cursorApiKey);
+      res.json({ models });
+    } catch (err) {
+      console.error("[coding-tab] /models failed", err);
+      res.status(500).json({ error: err instanceof Error ? err.message : "models_failed" });
+    }
+  });
+  router.post("/agent/start", async (req, res) => {
+    const user = req.user;
+    const { prompt, mode, model, repoUrl, startingRef } = req.body ?? {};
+    if (!prompt || mode !== "plan" && mode !== "agent" || model !== "sonnet" && model !== "opus") {
+      res.status(400).json({ error: "invalid_request" });
+      return;
+    }
+    setupSseHeaders(res);
+    let agent;
+    try {
+      const resolved = await resolveModel(opts.cursorApiKey, model);
+      agent = await Agent.create({
+        apiKey: opts.cursorApiKey,
+        model: { id: resolved.cursorModelId },
+        cloud: {
+          repos: [
+            {
+              url: repoUrl ?? opts.defaultRepo.url,
+              startingRef: startingRef ?? opts.defaultRepo.ref
+            }
+          ],
+          autoCreatePR: mode === "agent",
+          skipReviewerRequest: opts.skipReviewerRequest ?? true,
+          envVars: { GITHUB_TOKEN: user.accessToken },
+          ...opts.envName ? { env: { type: "cloud", name: opts.envName } } : {}
+        }
+      });
+      const session = registerSession({
+        githubLogin: user.githubLogin,
+        agent,
+        repoUrl: repoUrl ?? opts.defaultRepo.url,
+        startingRef: startingRef ?? opts.defaultRepo.ref
+      });
+      const run = await agent.send(modeInstructionPrefix(mode, prompt));
+      sse(res, { kind: "ready", sessionId: session.id, agentId: agent.agentId, runId: run.id });
+      console.log(`[coding-tab] start agent=${agent.agentId} run=${run.id} session=${session.id} login=${user.githubLogin}`);
+      await streamRun(res, run);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      const retryable = err instanceof CursorAgentError ? Boolean(err.isRetryable) : false;
+      console.error("[coding-tab] /agent/start failed", err);
+      sse(res, { kind: "error", message, retryable });
+      if (!res.writableEnded) res.end();
+      if (agent) await agent[Symbol.asyncDispose]().catch(() => {
+      });
+    }
+    req.on("close", () => {
+      if (!res.writableEnded) res.end();
+    });
+  });
+  router.post("/agent/send", async (req, res) => {
+    const { sessionId, prompt, mode } = req.body ?? {};
+    if (!sessionId || !prompt || mode !== "plan" && mode !== "agent") {
+      res.status(400).json({ error: "invalid_request" });
+      return;
+    }
+    const session = getSession2(sessionId);
+    if (!session) {
+      res.status(404).json({ error: "session_not_found" });
+      return;
+    }
+    setupSseHeaders(res);
+    try {
+      const run = await session.agent.send(modeInstructionPrefix(mode, prompt));
+      sse(res, { kind: "ready", sessionId: session.id, agentId: session.agent.agentId, runId: run.id });
+      console.log(`[coding-tab] send agent=${session.agent.agentId} run=${run.id} session=${session.id}`);
+      await streamRun(res, run);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error("[coding-tab] /agent/send failed", err);
+      sse(res, { kind: "error", message });
+      if (!res.writableEnded) res.end();
+    }
+    req.on("close", () => {
+      if (!res.writableEnded) res.end();
+    });
+  });
+  router.post("/agent/execute", async (req, res) => {
+    const { sessionId } = req.body ?? {};
+    if (!sessionId) {
+      res.status(400).json({ error: "invalid_request" });
+      return;
+    }
+    const session = getSession2(sessionId);
+    if (!session) {
+      res.status(404).json({ error: "session_not_found" });
+      return;
+    }
+    setupSseHeaders(res);
+    try {
+      const run = await session.agent.send(EXECUTE_INSTRUCTION);
+      sse(res, { kind: "ready", sessionId: session.id, agentId: session.agent.agentId, runId: run.id });
+      console.log(`[coding-tab] execute agent=${session.agent.agentId} run=${run.id} session=${session.id}`);
+      await streamRun(res, run);
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error("[coding-tab] /agent/execute failed", err);
+      sse(res, { kind: "error", message });
+      if (!res.writableEnded) res.end();
+    }
+    req.on("close", () => {
+      if (!res.writableEnded) res.end();
+    });
+  });
+  router.post("/agent/cancel", async (req, res) => {
+    const { sessionId, runId } = req.body ?? {};
+    if (!sessionId || !runId) {
+      res.status(400).json({ error: "invalid_request" });
+      return;
+    }
+    const session = getSession2(sessionId);
+    if (!session) {
+      res.status(404).json({ error: "session_not_found" });
+      return;
+    }
+    try {
+      await Agent.cancelRun(runId, { runtime: "cloud", agentId: session.agent.agentId, apiKey: opts.cursorApiKey });
+      res.json({ ok: true });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error("[coding-tab] /agent/cancel failed", err);
+      res.status(500).json({ error: message });
+    }
+  });
+  router.post("/agent/dispose", async (req, res) => {
+    const { sessionId } = req.body ?? {};
+    if (!sessionId) {
+      res.status(400).json({ error: "invalid_request" });
+      return;
+    }
+    await disposeSession(sessionId);
+    res.json({ ok: true });
+  });
+  return router;
+}
+// src/server/githubRoutes.ts
+import { Router as Router3 } from "express";
+import { Octokit } from "@octokit/rest";
+function parsePrUrl2(prUrl) {
+  const match = prUrl.match(/github\.com\/([^/]+)\/([^/]+)\/pull\/(\d+)/);
+  if (!match) return null;
+  return { owner: match[1], repo: match[2], number: Number(match[3]) };
+}
+function makeGitHubRouter() {
+  const router = Router3();
+  router.get("/pr/status", async (req, res) => {
+    const prUrl = typeof req.query.prUrl === "string" ? req.query.prUrl : null;
+    if (!prUrl) {
+      res.status(400).json({ error: "missing_prUrl" });
+      return;
+    }
+    const parsed = parsePrUrl2(prUrl);
+    if (!parsed) {
+      res.status(400).json({ error: "invalid_prUrl" });
+      return;
+    }
+    const user = req.user;
+    const octokit = new Octokit({ auth: user.accessToken });
+    try {
+      const pr = await octokit.pulls.get({ owner: parsed.owner, repo: parsed.repo, pull_number: parsed.number });
+      const info = {
+        url: pr.data.html_url,
+        owner: parsed.owner,
+        repo: parsed.repo,
+        number: parsed.number,
+        branch: pr.data.head?.ref,
+        state: pr.data.merged ? "merged" : pr.data.state,
+        title: pr.data.title,
+        body: pr.data.body ?? void 0
+      };
+      res.json({ pr: info, mergeable: pr.data.mergeable, mergeable_state: pr.data.mergeable_state });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      res.status(500).json({ error: message });
+    }
+  });
+  router.post("/pr/merge", async (req, res) => {
+    const body = req.body ?? {};
+    if (!body.prUrl) {
+      res.status(400).json({ error: "missing_prUrl" });
+      return;
+    }
+    const parsed = parsePrUrl2(body.prUrl);
+    if (!parsed) {
+      res.status(400).json({ error: "invalid_prUrl" });
+      return;
+    }
+    const user = req.user;
+    const octokit = new Octokit({ auth: user.accessToken });
+    try {
+      const merge = await octokit.pulls.merge({
+        owner: parsed.owner,
+        repo: parsed.repo,
+        pull_number: parsed.number,
+        merge_method: body.mergeMethod ?? "squash"
+      });
+      res.json({ sha: merge.data.sha, merged: merge.data.merged });
+    } catch (err) {
+      const message = err instanceof Error ? err.message : String(err);
+      console.error("[coding-tab] /pr/merge failed", err);
+      res.status(500).json({ error: message });
+    }
+  });
+  return router;
+}
+// src/server/staticAssets.ts
+import { Router as Router4 } from "express";
+import { readFile } from "fs/promises";
+import { resolve, dirname } from "path";
+import { fileURLToPath } from "url";
+var here = dirname(fileURLToPath(import.meta.url));
+var ASSET_CANDIDATES = [
+  resolve(here, "browser.js"),
+  resolve(here, "..", "dist", "browser.js"),
+  resolve(here, "..", "browser.js")
+];
+var STYLE_CANDIDATES = [
+  resolve(here, "style.css"),
+  resolve(here, "..", "dist", "style.css"),
+  resolve(here, "..", "style.css")
+];
+async function readFirst(paths) {
+  let lastErr;
+  for (const p of paths) {
+    try {
+      const data = await readFile(p);
+      return { path: p, data };
+    } catch (err) {
+      lastErr = err;
+    }
+  }
+  throw lastErr instanceof Error ? lastErr : new Error("asset not found");
+}
+function makeAssetRouter(basePath) {
+  const router = Router4();
+  router.get("/browser.js", async (_req, res) => {
+    try {
+      const { data } = await readFirst(ASSET_CANDIDATES);
+      res.set("Content-Type", "application/javascript; charset=utf-8");
+      res.set("Cache-Control", "public, max-age=300");
+      res.send(data);
+    } catch (err) {
+      res.status(500).send("// coding-tab browser bundle missing \u2014 did you run `npm run build`?");
+    }
+  });
+  router.get("/style.css", async (_req, res) => {
+    try {
+      const { data } = await readFirst(STYLE_CANDIDATES);
+      res.set("Content-Type", "text/css; charset=utf-8");
+      res.set("Cache-Control", "public, max-age=300");
+      res.send(data);
+    } catch {
+      res.status(404).send("/* style.css missing */");
+    }
+  });
+  router.get("/", async (_req, res) => {
+    const html = renderHostHtml(basePath);
+    res.set("Content-Type", "text/html; charset=utf-8");
+    res.send(html);
+  });
+  return router;
+}
+function renderHostHtml(basePath) {
+  return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover" />
+    <title>Coding Tab</title>
+    <link rel="stylesheet" href="${basePath}/style.css" />
+  </head>
+  <body>
+    <div id="coding-tab-root"></div>
+    <script src="${basePath}/browser.js"></script>
+    <script>
+      window.CodingTab.mountCodingTab(
+        document.getElementById("coding-tab-root"),
+        { apiBase: ${JSON.stringify(basePath)} },
+      );
+    </script>
+  </body>
+</html>`;
+}
+// src/server/index.ts
+function mountCodingTab(app, options) {
+  const basePath = (options.basePath ?? "/coding-tab").replace(/\/$/, "");
+  const secure = options.secure ?? process.env.NODE_ENV === "production";
+  if (!options.cursorApiKey) throw new Error("[coding-tab] cursorApiKey is required");
+  if (!options.sessionPassword || options.sessionPassword.length < 32) {
+    throw new Error("[coding-tab] sessionPassword must be at least 32 characters");
+  }
+  if (!options.githubOAuth?.clientId || !options.githubOAuth?.clientSecret) {
+    throw new Error("[coding-tab] githubOAuth.clientId and clientSecret are required");
+  }
+  if (!options.githubOAuth.callbackUrl) {
+    throw new Error("[coding-tab] githubOAuth.callbackUrl is required");
+  }
+  if (!options.githubOAuth.allowedLogins || options.githubOAuth.allowedLogins.length === 0) {
+    console.warn("[coding-tab] WARNING: allowedLogins is empty \u2014 anyone with a GitHub account can sign in.");
+  }
+  const router = express.Router();
+  router.use(express.json({ limit: "1mb" }));
+  const assetRouter = makeAssetRouter(basePath);
+  router.use(assetRouter);
+  const authRouter = makeAuthRouter({
+    oauth: options.githubOAuth,
+    sessionPassword: options.sessionPassword,
+    secure,
+    basePath
+  });
+  router.use(authRouter);
+  const requireAuth = makeRequireAuth({
+    sessionPassword: options.sessionPassword,
+    secure,
+    allowedLogins: options.githubOAuth.allowedLogins
+  });
+  const agentRouter = makeAgentRouter({
+    cursorApiKey: options.cursorApiKey,
+    defaultRepo: options.defaultRepo,
+    envName: options.envName,
+    skipReviewerRequest: options.skipReviewerRequest
+  });
+  router.use(requireAuth, agentRouter);
+  const githubRouter = makeGitHubRouter();
+  router.use(requireAuth, githubRouter);
+  app.use(basePath, router);
+  console.log(`[coding-tab] mounted at ${basePath}`);
+  return router;
+}
+export {
+  mountCodingTab
+};
+//# sourceMappingURL=server.js.map