@undefineds.co/xpod 0.1.0-local.202602081751

package/dist/http/terminal/TerminalHttpHandler.js

@@ -0,0 +1,306 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.TerminalHttpHandler = void 0;
+const global_logger_factory_1 = require("global-logger-factory");
+const community_server_1 = require("@solid/community-server");
+const ws_1 = require("ws");
+const TerminalSessionManager_1 = require("../../terminal/TerminalSessionManager");
+class TerminalHttpHandler extends community_server_1.HttpHandler {
+    constructor(options) {
+        super();
+        this.logger = (0, global_logger_factory_1.getLoggerFor)(this);
+        this.wsConnections = new Map();
+        this.sidecarPath = options.sidecarPath ?? '/-/terminal';
+        this.credentialsExtractor = options.credentialsExtractor;
+        this.sessionManager = new TerminalSessionManager_1.TerminalSessionManager({
+            maxSessionsPerUser: options.maxSessionsPerUser,
+            maxTotalSessions: options.maxTotalSessions,
+            defaultTimeout: options.defaultTimeout,
+            maxTimeout: options.maxTimeout,
+            defaultWorkdir: options.defaultWorkdir,
+        });
+    }
+    async canHandle({ request }) {
+        const url = new URL(request.url ?? '', `http://${request.headers.host}`);
+        if (!url.pathname.includes(this.sidecarPath)) {
+            throw new Error(`Not a terminal request: ${url.pathname}`);
+        }
+    }
+    async handle({ request, response }) {
+        const url = new URL(request.url ?? '', `http://${request.headers.host}`);
+        const pathAfterSidecar = url.pathname.split(this.sidecarPath)[1] ?? '';
+        try {
+            // Route to appropriate handler
+            if (pathAfterSidecar === '/sessions' || pathAfterSidecar === '/sessions/') {
+                if (request.method === 'POST') {
+                    await this.handleCreateSession(request, response);
+                }
+                else if (request.method === 'OPTIONS') {
+                    this.handleCors(response);
+                }
+                else {
+                    this.sendError(response, 405, 'Method Not Allowed');
+                }
+            }
+            else if (pathAfterSidecar.match(/^\/sessions\/[^/]+$/)) {
+                const sessionId = pathAfterSidecar.split('/')[2];
+                if (request.method === 'GET') {
+                    await this.handleGetSession(sessionId, request, response);
+                }
+                else if (request.method === 'DELETE') {
+                    await this.handleDeleteSession(sessionId, request, response);
+                }
+                else if (request.method === 'OPTIONS') {
+                    this.handleCors(response);
+                }
+                else {
+                    this.sendError(response, 405, 'Method Not Allowed');
+                }
+            }
+            else if (pathAfterSidecar.match(/^\/sessions\/[^/]+\/ws$/)) {
+                // WebSocket upgrade is handled separately via handleUpgrade
+                this.sendError(response, 400, 'WebSocket upgrade required');
+            }
+            else {
+                this.sendError(response, 404, 'Not Found');
+            }
+        }
+        catch (error) {
+            this.logger.error(`Terminal handler error: ${error}`);
+            this.sendError(response, 500, error.message);
+        }
+    }
+    /**
+     * Handle WebSocket upgrade requests
+     * This should be called from the server's 'upgrade' event
+     */
+    handleUpgrade(request, socket, head) {
+        if (!this.wss) {
+            this.wss = new ws_1.WebSocketServer({ noServer: true });
+        }
+        const url = new URL(request.url ?? '', `http://${request.headers.host}`);
+        const match = url.pathname.match(new RegExp(`${this.sidecarPath}/sessions/([^/]+)/ws`));
+        if (!match) {
+            socket.destroy();
+            return;
+        }
+        const sessionId = match[1];
+        const session = this.sessionManager.getSession(sessionId);
+        if (!session) {
+            socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
+            socket.destroy();
+            return;
+        }
+        this.wss.handleUpgrade(request, socket, head, (ws) => {
+            this.handleWebSocketConnection(ws, session);
+        });
+    }
+    async handleCreateSession(request, response) {
+        // Authenticate
+        const credentials = await this.credentialsExtractor.handleSafe(request);
+        if (!credentials.agent?.webId) {
+            this.sendError(response, 401, 'Unauthorized');
+            return;
+        }
+        const userId = credentials.agent.webId;
+        // Parse request body
+        const body = await this.readBody(request);
+        let sessionRequest;
+        try {
+            sessionRequest = JSON.parse(body);
+        }
+        catch {
+            this.sendError(response, 400, 'Invalid JSON body');
+            return;
+        }
+        if (!sessionRequest.command) {
+            this.sendError(response, 400, 'Missing required field: command');
+            return;
+        }
+        try {
+            const session = await this.sessionManager.createSession(userId, sessionRequest);
+            // Preserve the base path before sidecarPath (e.g., /alice from /alice/-/terminal/sessions)
+            const requestUrl = new URL(request.url ?? '', `http://${request.headers.host}`);
+            const sidecarIndex = requestUrl.pathname.indexOf(this.sidecarPath);
+            const basePath = sidecarIndex > 0 ? requestUrl.pathname.slice(0, sidecarIndex) : '';
+            const wsUrl = new URL(request.url ?? '', `ws://${request.headers.host}`);
+            wsUrl.pathname = `${basePath}${this.sidecarPath}/sessions/${session.sessionId}/ws`;
+            const responseBody = {
+                sessionId: session.sessionId,
+                status: session.status,
+                wsUrl: wsUrl.toString(),
+                createdAt: session.createdAt.toISOString(),
+                expiresAt: session.expiresAt.toISOString(),
+            };
+            this.sendJson(response, 201, responseBody);
+        }
+        catch (error) {
+            if (error.message.includes('Untrusted')) {
+                this.sendError(response, 403, error.message);
+            }
+            else if (error.message.includes('Maximum')) {
+                this.sendError(response, 429, error.message);
+            }
+            else {
+                throw error;
+            }
+        }
+    }
+    async handleGetSession(sessionId, request, response) {
+        const credentials = await this.credentialsExtractor.handleSafe(request);
+        if (!credentials.agent?.webId) {
+            this.sendError(response, 401, 'Unauthorized');
+            return;
+        }
+        const session = this.sessionManager.getSession(sessionId);
+        if (!session) {
+            this.sendError(response, 404, 'Session not found');
+            return;
+        }
+        // Only session owner can access
+        if (session.userId !== credentials.agent.webId) {
+            this.sendError(response, 403, 'Forbidden');
+            return;
+        }
+        this.sendJson(response, 200, session.toJSON());
+    }
+    async handleDeleteSession(sessionId, request, response) {
+        const credentials = await this.credentialsExtractor.handleSafe(request);
+        if (!credentials.agent?.webId) {
+            this.sendError(response, 401, 'Unauthorized');
+            return;
+        }
+        const session = this.sessionManager.getSession(sessionId);
+        if (!session) {
+            this.sendError(response, 404, 'Session not found');
+            return;
+        }
+        // Only session owner can terminate
+        if (session.userId !== credentials.agent.webId) {
+            this.sendError(response, 403, 'Forbidden');
+            return;
+        }
+        this.sessionManager.terminateSession(sessionId);
+        response.writeHead(204);
+        response.end();
+    }
+    handleWebSocketConnection(ws, session) {
+        this.logger.debug(`WebSocket connected to session ${session.sessionId}`);
+        // Track connection
+        if (!this.wsConnections.has(session.sessionId)) {
+            this.wsConnections.set(session.sessionId, new Set());
+        }
+        this.wsConnections.get(session.sessionId).add(ws);
+        // Forward PTY output to WebSocket
+        const dataHandler = (data) => {
+            if (ws.readyState === ws_1.WebSocket.OPEN) {
+                const msg = { type: 'output', data };
+                ws.send(JSON.stringify(msg));
+            }
+        };
+        session.on('data', dataHandler);
+        // Forward PTY exit to WebSocket
+        const exitHandler = (code, signal) => {
+            if (ws.readyState === ws_1.WebSocket.OPEN) {
+                const msg = { type: 'exit', code, signal };
+                ws.send(JSON.stringify(msg));
+                ws.close();
+            }
+        };
+        session.on('exit', exitHandler);
+        // Handle incoming WebSocket messages
+        ws.on('message', (data) => {
+            try {
+                const msg = JSON.parse(data.toString());
+                this.handleClientMessage(session, msg, ws);
+            }
+            catch (error) {
+                this.logger.warn(`Invalid WebSocket message: ${error}`);
+            }
+        });
+        // Handle WebSocket close
+        ws.on('close', () => {
+            this.logger.debug(`WebSocket disconnected from session ${session.sessionId}`);
+            session.removeListener('data', dataHandler);
+            session.removeListener('exit', exitHandler);
+            const connections = this.wsConnections.get(session.sessionId);
+            if (connections) {
+                connections.delete(ws);
+                if (connections.size === 0) {
+                    this.wsConnections.delete(session.sessionId);
+                }
+            }
+        });
+        // Handle WebSocket error
+        ws.on('error', (error) => {
+            this.logger.error(`WebSocket error: ${error}`);
+        });
+        // Send initial ping
+        const pong = { type: 'pong' };
+        ws.send(JSON.stringify(pong));
+    }
+    handleClientMessage(session, msg, ws) {
+        switch (msg.type) {
+            case 'input':
+                if (msg.data) {
+                    session.write(msg.data);
+                }
+                break;
+            case 'resize':
+                if (msg.cols && msg.rows) {
+                    session.resize(msg.cols, msg.rows);
+                }
+                break;
+            case 'signal':
+                if (msg.signal) {
+                    session.sendSignal(msg.signal);
+                }
+                break;
+            case 'ping':
+                const pong = { type: 'pong' };
+                ws.send(JSON.stringify(pong));
+                break;
+            case 'permission_response':
+                // TODO: Handle permission responses for interactive prompts
+                this.logger.debug(`Permission response: ${msg.requestId} = ${msg.granted}`);
+                break;
+            default:
+                this.logger.warn(`Unknown message type: ${msg.type}`);
+        }
+    }
+    handleCors(response) {
+        response.writeHead(204, {
+            'Access-Control-Allow-Origin': '*',
+            'Access-Control-Allow-Methods': 'GET, POST, DELETE, OPTIONS',
+            'Access-Control-Allow-Headers': 'Content-Type, Authorization',
+        });
+        response.end();
+    }
+    sendJson(response, status, data) {
+        const body = JSON.stringify(data);
+        response.writeHead(status, {
+            'Content-Type': 'application/json',
+            'Content-Length': Buffer.byteLength(body),
+        });
+        response.end(body);
+    }
+    sendError(response, status, message) {
+        this.sendJson(response, status, { error: message });
+    }
+    readBody(request) {
+        return new Promise((resolve, reject) => {
+            const chunks = [];
+            request.on('data', (chunk) => chunks.push(chunk));
+            request.on('end', () => resolve(Buffer.concat(chunks).toString()));
+            request.on('error', reject);
+        });
+    }
+    /**
+     * Get the session manager for external access
+     */
+    getSessionManager() {
+        return this.sessionManager;
+    }
+}
+exports.TerminalHttpHandler = TerminalHttpHandler;
+//# sourceMappingURL=TerminalHttpHandler.js.map

package/dist/http/terminal/TerminalHttpHandler.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"TerminalHttpHandler.js","sourceRoot":"","sources":["../../../src/http/terminal/TerminalHttpHandler.ts"],"names":[],"mappings":";;;AACA,iEAAqD;AACrD,8DAAsD;AAOtD,2BAAgD;AAChD,kFAA+E;AAsB/E,MAAa,mBAAoB,SAAQ,8BAAW;IASlD,YAAY,OAAmC;QAC7C,KAAK,EAAE,CAAC;QATS,WAAM,GAAG,IAAA,oCAAY,EAAC,IAAI,CAAC,CAAC;QAM9B,kBAAa,GAAG,IAAI,GAAG,EAA0B,CAAC;QAIjE,IAAI,CAAC,WAAW,GAAG,OAAO,CAAC,WAAW,IAAI,aAAa,CAAC;QACxD,IAAI,CAAC,oBAAoB,GAAG,OAAO,CAAC,oBAAoB,CAAC;QACzD,IAAI,CAAC,cAAc,GAAG,IAAI,+CAAsB,CAAC;YAC/C,kBAAkB,EAAE,OAAO,CAAC,kBAAkB;YAC9C,gBAAgB,EAAE,OAAO,CAAC,gBAAgB;YAC1C,cAAc,EAAE,OAAO,CAAC,cAAc;YACtC,UAAU,EAAE,OAAO,CAAC,UAAU;YAC9B,cAAc,EAAE,OAAO,CAAC,cAAc;SACvC,CAAC,CAAC;IACL,CAAC;IAEQ,KAAK,CAAC,SAAS,CAAC,EAAE,OAAO,EAAoB;QACpD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACzE,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,WAAW,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,KAAK,CAAC,2BAA2B,GAAG,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;IACH,CAAC;IAED,KAAK,CAAC,MAAM,CAAC,EAAE,OAAO,EAAE,QAAQ,EAAoB;QAClD,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,gBAAgB,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;QAEvE,IAAI,CAAC;YACH,+BAA+B;YAC/B,IAAI,gBAAgB,KAAK,WAAW,IAAI,gBAAgB,KAAK,YAAY,EAAE,CAAC;gBAC1E,IAAI,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;oBAC9B,MAAM,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;gBACpD,CAAC;qBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,IAAI,gBAAgB,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE,CAAC;gBACzD,MAAM,SAAS,GAAG,gBAAgB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBACjD,IAAI,OAAO,CAAC,MAAM,KAAK,KAAK,EAAE,CAAC;oBAC7B,MAAM,IAAI,CAAC,gBAAgB,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC5D,CAAC;qBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBACvC,MAAM,IAAI,CAAC,mBAAmB,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC;gBAC/D,CAAC;qBAAM,IAAI,OAAO,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;oBACxC,IAAI,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;gBAC5B,CAAC;qBAAM,CAAC;oBACN,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,oBAAoB,CAAC,CAAC;gBACtD,CAAC;YACH,CAAC;iBAAM,IAAI,gBAAgB,CAAC,KAAK,CAAC,yBAAyB,CAAC,EAAE,CAAC;gBAC7D,4DAA4D;gBAC5D,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,4BAA4B,CAAC,CAAC;YAC9D,CAAC;iBAAM,CAAC;gBACN,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;YAC7C,CAAC;QACH,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,2BAA2B,KAAK,EAAE,CAAC,CAAC;YACtD,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;QAC1D,CAAC;IACH,CAAC;IAED;;;OAGG;IACH,aAAa,CAAC,OAAwB,EAAE,MAAW,EAAE,IAAY;QAC/D,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,IAAI,CAAC,GAAG,GAAG,IAAI,oBAAe,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QACrD,CAAC;QAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;QACzE,MAAM,KAAK,GAAG,GAAG,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,GAAG,IAAI,CAAC,WAAW,sBAAsB,CAAC,CAAC,CAAC;QAExF,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAE1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;YAC/C,MAAM,CAAC,OAAO,EAAE,CAAC;YACjB,OAAO;QACT,CAAC;QAED,IAAI,CAAC,GAAG,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE;YACnD,IAAI,CAAC,yBAAyB,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAC9C,CAAC,CAAC,CAAC;IACL,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,OAAoB,EACpB,QAAsB;QAEtB,eAAe;QACf,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QACD,MAAM,MAAM,GAAG,WAAW,CAAC,KAAK,CAAC,KAAK,CAAC;QAEvC,qBAAqB;QACrB,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC1C,IAAI,cAAoC,CAAC;QACzC,IAAI,CAAC;YACH,cAAc,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACpC,CAAC;QAAC,MAAM,CAAC;YACP,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,OAAO,EAAE,CAAC;YAC5B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,iCAAiC,CAAC,CAAC;YACjE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,aAAa,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAEhF,2FAA2F;YAC3F,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YAChF,MAAM,YAAY,GAAG,UAAU,CAAC,QAAQ,CAAC,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YACnE,MAAM,QAAQ,GAAG,YAAY,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAEpF,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,IAAI,EAAE,EAAE,QAAQ,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC;YACzE,KAAK,CAAC,QAAQ,GAAG,GAAG,QAAQ,GAAG,IAAI,CAAC,WAAW,aAAa,OAAO,CAAC,SAAS,KAAK,CAAC;YAEnF,MAAM,YAAY,GAA0B;gBAC1C,SAAS,EAAE,OAAO,CAAC,SAAS;gBAC5B,MAAM,EAAE,OAAO,CAAC,MAAM;gBACtB,KAAK,EAAE,KAAK,CAAC,QAAQ,EAAE;gBACvB,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;gBAC1C,SAAS,EAAE,OAAO,CAAC,SAAS,CAAC,WAAW,EAAE;aAC3C,CAAC;YAEF,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,YAAY,CAAC,CAAC;QAC7C,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAK,KAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAC,EAAE,CAAC;gBACnD,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,IAAK,KAAe,CAAC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAC,EAAE,CAAC;gBACxD,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAG,KAAe,CAAC,OAAO,CAAC,CAAC;YAC1D,CAAC;iBAAM,CAAC;gBACN,MAAM,KAAK,CAAC;YACd,CAAC;QACH,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAC5B,SAAiB,EACjB,OAAoB,EACpB,QAAsB;QAEtB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,gCAAgC;QAChC,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YAC/C,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACjD,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,SAAiB,EACjB,OAAoB,EACpB,QAAsB;QAEtB,MAAM,WAAW,GAAG,MAAM,IAAI,CAAC,oBAAoB,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;QACxE,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,EAAE,CAAC;YAC9B,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,cAAc,CAAC,CAAC;YAC9C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;QAC1D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,mBAAmB,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,mCAAmC;QACnC,IAAI,OAAO,CAAC,MAAM,KAAK,WAAW,CAAC,KAAK,CAAC,KAAK,EAAE,CAAC;YAC/C,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QAED,IAAI,CAAC,cAAc,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;QAChD,QAAQ,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;QACxB,QAAQ,CAAC,GAAG,EAAE,CAAC;IACjB,CAAC;IAEO,yBAAyB,CAAC,EAAa,EAAE,OAAwB;QACvE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,kCAAkC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;QAEzE,mBAAmB;QACnB,IAAI,CAAC,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,CAAC;YAC/C,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC;QACvD,CAAC;QACD,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAE,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAEnD,kCAAkC;QAClC,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,EAAE;YACnC,IAAI,EAAE,CAAC,UAAU,KAAK,cAAS,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,GAAG,GAAkB,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBACpD,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC;QACF,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAEhC,gCAAgC;QAChC,MAAM,WAAW,GAAG,CAAC,IAAY,EAAE,MAAe,EAAE,EAAE;YACpD,IAAI,EAAE,CAAC,UAAU,KAAK,cAAS,CAAC,IAAI,EAAE,CAAC;gBACrC,MAAM,GAAG,GAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;gBAC1D,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC7B,EAAE,CAAC,KAAK,EAAE,CAAC;YACb,CAAC;QACH,CAAC,CAAC;QACF,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;QAEhC,qCAAqC;QACrC,EAAE,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,EAAE;YACxB,IAAI,CAAC;gBACH,MAAM,GAAG,GAAkB,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;gBACvD,IAAI,CAAC,mBAAmB,CAAC,OAAO,EAAE,GAAG,EAAE,EAAE,CAAC,CAAC;YAC7C,CAAC;YAAC,OAAO,KAAK,EAAE,CAAC;gBACf,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,8BAA8B,KAAK,EAAE,CAAC,CAAC;YAC1D,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YAClB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,uCAAuC,OAAO,CAAC,SAAS,EAAE,CAAC,CAAC;YAC9E,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAC5C,OAAO,CAAC,cAAc,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;YAE5C,MAAM,WAAW,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;YAC9D,IAAI,WAAW,EAAE,CAAC;gBAChB,WAAW,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBACvB,IAAI,WAAW,CAAC,IAAI,KAAK,CAAC,EAAE,CAAC;oBAC3B,IAAI,CAAC,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC;gBAC/C,CAAC;YACH,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,yBAAyB;QACzB,EAAE,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,KAAK,EAAE,EAAE;YACvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,KAAK,EAAE,CAAC,CAAC;QACjD,CAAC,CAAC,CAAC;QAEH,oBAAoB;QACpB,MAAM,IAAI,GAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;QAC7C,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;IAChC,CAAC;IAEO,mBAAmB,CACzB,OAAwB,EACxB,GAAkB,EAClB,EAAa;QAEb,QAAQ,GAAG,CAAC,IAAI,EAAE,CAAC;YACjB,KAAK,OAAO;gBACV,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;oBACb,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;gBAC1B,CAAC;gBACD,MAAM;YAER,KAAK,QAAQ;gBACX,IAAI,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;oBACzB,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,IAAI,EAAE,GAAG,CAAC,IAAI,CAAC,CAAC;gBACrC,CAAC;gBACD,MAAM;YAER,KAAK,QAAQ;gBACX,IAAI,GAAG,CAAC,MAAM,EAAE,CAAC;oBACf,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,MAAM,CAAC,CAAC;gBACjC,CAAC;gBACD,MAAM;YAER,KAAK,MAAM;gBACT,MAAM,IAAI,GAAkB,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;gBAC7C,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC;gBAC9B,MAAM;YAER,KAAK,qBAAqB;gBACxB,4DAA4D;gBAC5D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,wBAAwB,GAAG,CAAC,SAAS,MAAM,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC5E,MAAM;YAER;gBACE,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,yBAA0B,GAAW,CAAC,IAAI,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC;IAEO,UAAU,CAAC,QAAsB;QACvC,QAAQ,CAAC,SAAS,CAAC,GAAG,EAAE;YACtB,6BAA6B,EAAE,GAAG;YAClC,8BAA8B,EAAE,4BAA4B;YAC5D,8BAA8B,EAAE,6BAA6B;SAC9D,CAAC,CAAC;QACH,QAAQ,CAAC,GAAG,EAAE,CAAC;IACjB,CAAC;IAEO,QAAQ,CAAC,QAAsB,EAAE,MAAc,EAAE,IAAa;QACpE,MAAM,IAAI,GAAG,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QAClC,QAAQ,CAAC,SAAS,CAAC,MAAM,EAAE;YACzB,cAAc,EAAE,kBAAkB;YAClC,gBAAgB,EAAE,MAAM,CAAC,UAAU,CAAC,IAAI,CAAC;SAC1C,CAAC,CAAC;QACH,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;IACrB,CAAC;IAEO,SAAS,CAAC,QAAsB,EAAE,MAAc,EAAE,OAAe;QACvE,IAAI,CAAC,QAAQ,CAAC,QAAQ,EAAE,MAAM,EAAE,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC,CAAC;IACtD,CAAC;IAEO,QAAQ,CAAC,OAAoB;QACnC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACrC,MAAM,MAAM,GAAa,EAAE,CAAC;YAC5B,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,KAAa,EAAE,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC1D,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,GAAG,EAAE,CAAC,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;YACnE,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;QAC9B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,CAAC;IAC7B,CAAC;CACF;AA5VD,kDA4VC","sourcesContent":["import { IncomingMessage, ServerResponse } from 'http';\nimport { getLoggerFor } from 'global-logger-factory';\nimport { HttpHandler } from '@solid/community-server';\nimport type {\n  HttpHandlerInput,\n  HttpRequest,\n  HttpResponse,\n  CredentialsExtractor,\n} from '@solid/community-server';\nimport { WebSocketServer, WebSocket } from 'ws';\nimport { TerminalSessionManager } from '../../terminal/TerminalSessionManager';\nimport { TerminalSession } from '../../terminal/TerminalSession';\nimport type {\n  CreateSessionRequest,\n  CreateSessionResponse,\n  ClientMessage,\n  ServerMessage,\n} from '../../terminal/types';\n\nexport interface TerminalHttpHandlerOptions {\n  /** Sidecar API path, default: '/-/terminal' */\n  sidecarPath?: string;\n  /** Credentials extractor for authentication */\n  credentialsExtractor: CredentialsExtractor;\n  /** Session manager options */\n  maxSessionsPerUser?: number;\n  maxTotalSessions?: number;\n  defaultTimeout?: number;\n  maxTimeout?: number;\n  defaultWorkdir?: string;\n}\n\nexport class TerminalHttpHandler extends HttpHandler {\n  protected readonly logger = getLoggerFor(this);\n  \n  private readonly sidecarPath: string;\n  private readonly sessionManager: TerminalSessionManager;\n  private readonly credentialsExtractor: CredentialsExtractor;\n  private wss?: WebSocketServer;\n  private readonly wsConnections = new Map<string, Set<WebSocket>>();\n\n  constructor(options: TerminalHttpHandlerOptions) {\n    super();\n    this.sidecarPath = options.sidecarPath ?? '/-/terminal';\n    this.credentialsExtractor = options.credentialsExtractor;\n    this.sessionManager = new TerminalSessionManager({\n      maxSessionsPerUser: options.maxSessionsPerUser,\n      maxTotalSessions: options.maxTotalSessions,\n      defaultTimeout: options.defaultTimeout,\n      maxTimeout: options.maxTimeout,\n      defaultWorkdir: options.defaultWorkdir,\n    });\n  }\n\n  override async canHandle({ request }: HttpHandlerInput): Promise<void> {\n    const url = new URL(request.url ?? '', `http://${request.headers.host}`);\n    if (!url.pathname.includes(this.sidecarPath)) {\n      throw new Error(`Not a terminal request: ${url.pathname}`);\n    }\n  }\n\n  async handle({ request, response }: HttpHandlerInput): Promise<void> {\n    const url = new URL(request.url ?? '', `http://${request.headers.host}`);\n    const pathAfterSidecar = url.pathname.split(this.sidecarPath)[1] ?? '';\n\n    try {\n      // Route to appropriate handler\n      if (pathAfterSidecar === '/sessions' || pathAfterSidecar === '/sessions/') {\n        if (request.method === 'POST') {\n          await this.handleCreateSession(request, response);\n        } else if (request.method === 'OPTIONS') {\n          this.handleCors(response);\n        } else {\n          this.sendError(response, 405, 'Method Not Allowed');\n        }\n      } else if (pathAfterSidecar.match(/^\\/sessions\\/[^/]+$/)) {\n        const sessionId = pathAfterSidecar.split('/')[2];\n        if (request.method === 'GET') {\n          await this.handleGetSession(sessionId, request, response);\n        } else if (request.method === 'DELETE') {\n          await this.handleDeleteSession(sessionId, request, response);\n        } else if (request.method === 'OPTIONS') {\n          this.handleCors(response);\n        } else {\n          this.sendError(response, 405, 'Method Not Allowed');\n        }\n      } else if (pathAfterSidecar.match(/^\\/sessions\\/[^/]+\\/ws$/)) {\n        // WebSocket upgrade is handled separately via handleUpgrade\n        this.sendError(response, 400, 'WebSocket upgrade required');\n      } else {\n        this.sendError(response, 404, 'Not Found');\n      }\n    } catch (error) {\n      this.logger.error(`Terminal handler error: ${error}`);\n      this.sendError(response, 500, (error as Error).message);\n    }\n  }\n\n  /**\n   * Handle WebSocket upgrade requests\n   * This should be called from the server's 'upgrade' event\n   */\n  handleUpgrade(request: IncomingMessage, socket: any, head: Buffer): void {\n    if (!this.wss) {\n      this.wss = new WebSocketServer({ noServer: true });\n    }\n\n    const url = new URL(request.url ?? '', `http://${request.headers.host}`);\n    const match = url.pathname.match(new RegExp(`${this.sidecarPath}/sessions/([^/]+)/ws`));\n    \n    if (!match) {\n      socket.destroy();\n      return;\n    }\n\n    const sessionId = match[1];\n    const session = this.sessionManager.getSession(sessionId);\n\n    if (!session) {\n      socket.write('HTTP/1.1 404 Not Found\\r\\n\\r\\n');\n      socket.destroy();\n      return;\n    }\n\n    this.wss.handleUpgrade(request, socket, head, (ws) => {\n      this.handleWebSocketConnection(ws, session);\n    });\n  }\n\n  private async handleCreateSession(\n    request: HttpRequest,\n    response: HttpResponse,\n  ): Promise<void> {\n    // Authenticate\n    const credentials = await this.credentialsExtractor.handleSafe(request);\n    if (!credentials.agent?.webId) {\n      this.sendError(response, 401, 'Unauthorized');\n      return;\n    }\n    const userId = credentials.agent.webId;\n\n    // Parse request body\n    const body = await this.readBody(request);\n    let sessionRequest: CreateSessionRequest;\n    try {\n      sessionRequest = JSON.parse(body);\n    } catch {\n      this.sendError(response, 400, 'Invalid JSON body');\n      return;\n    }\n\n    if (!sessionRequest.command) {\n      this.sendError(response, 400, 'Missing required field: command');\n      return;\n    }\n\n    try {\n      const session = await this.sessionManager.createSession(userId, sessionRequest);\n      \n      // Preserve the base path before sidecarPath (e.g., /alice from /alice/-/terminal/sessions)\n      const requestUrl = new URL(request.url ?? '', `http://${request.headers.host}`);\n      const sidecarIndex = requestUrl.pathname.indexOf(this.sidecarPath);\n      const basePath = sidecarIndex > 0 ? requestUrl.pathname.slice(0, sidecarIndex) : '';\n      \n      const wsUrl = new URL(request.url ?? '', `ws://${request.headers.host}`);\n      wsUrl.pathname = `${basePath}${this.sidecarPath}/sessions/${session.sessionId}/ws`;\n\n      const responseBody: CreateSessionResponse = {\n        sessionId: session.sessionId,\n        status: session.status,\n        wsUrl: wsUrl.toString(),\n        createdAt: session.createdAt.toISOString(),\n        expiresAt: session.expiresAt.toISOString(),\n      };\n\n      this.sendJson(response, 201, responseBody);\n    } catch (error) {\n      if ((error as Error).message.includes('Untrusted')) {\n        this.sendError(response, 403, (error as Error).message);\n      } else if ((error as Error).message.includes('Maximum')) {\n        this.sendError(response, 429, (error as Error).message);\n      } else {\n        throw error;\n      }\n    }\n  }\n\n  private async handleGetSession(\n    sessionId: string,\n    request: HttpRequest,\n    response: HttpResponse,\n  ): Promise<void> {\n    const credentials = await this.credentialsExtractor.handleSafe(request);\n    if (!credentials.agent?.webId) {\n      this.sendError(response, 401, 'Unauthorized');\n      return;\n    }\n\n    const session = this.sessionManager.getSession(sessionId);\n    if (!session) {\n      this.sendError(response, 404, 'Session not found');\n      return;\n    }\n\n    // Only session owner can access\n    if (session.userId !== credentials.agent.webId) {\n      this.sendError(response, 403, 'Forbidden');\n      return;\n    }\n\n    this.sendJson(response, 200, session.toJSON());\n  }\n\n  private async handleDeleteSession(\n    sessionId: string,\n    request: HttpRequest,\n    response: HttpResponse,\n  ): Promise<void> {\n    const credentials = await this.credentialsExtractor.handleSafe(request);\n    if (!credentials.agent?.webId) {\n      this.sendError(response, 401, 'Unauthorized');\n      return;\n    }\n\n    const session = this.sessionManager.getSession(sessionId);\n    if (!session) {\n      this.sendError(response, 404, 'Session not found');\n      return;\n    }\n\n    // Only session owner can terminate\n    if (session.userId !== credentials.agent.webId) {\n      this.sendError(response, 403, 'Forbidden');\n      return;\n    }\n\n    this.sessionManager.terminateSession(sessionId);\n    response.writeHead(204);\n    response.end();\n  }\n\n  private handleWebSocketConnection(ws: WebSocket, session: TerminalSession): void {\n    this.logger.debug(`WebSocket connected to session ${session.sessionId}`);\n\n    // Track connection\n    if (!this.wsConnections.has(session.sessionId)) {\n      this.wsConnections.set(session.sessionId, new Set());\n    }\n    this.wsConnections.get(session.sessionId)!.add(ws);\n\n    // Forward PTY output to WebSocket\n    const dataHandler = (data: string) => {\n      if (ws.readyState === WebSocket.OPEN) {\n        const msg: ServerMessage = { type: 'output', data };\n        ws.send(JSON.stringify(msg));\n      }\n    };\n    session.on('data', dataHandler);\n\n    // Forward PTY exit to WebSocket\n    const exitHandler = (code: number, signal?: string) => {\n      if (ws.readyState === WebSocket.OPEN) {\n        const msg: ServerMessage = { type: 'exit', code, signal };\n        ws.send(JSON.stringify(msg));\n        ws.close();\n      }\n    };\n    session.on('exit', exitHandler);\n\n    // Handle incoming WebSocket messages\n    ws.on('message', (data) => {\n      try {\n        const msg: ClientMessage = JSON.parse(data.toString());\n        this.handleClientMessage(session, msg, ws);\n      } catch (error) {\n        this.logger.warn(`Invalid WebSocket message: ${error}`);\n      }\n    });\n\n    // Handle WebSocket close\n    ws.on('close', () => {\n      this.logger.debug(`WebSocket disconnected from session ${session.sessionId}`);\n      session.removeListener('data', dataHandler);\n      session.removeListener('exit', exitHandler);\n      \n      const connections = this.wsConnections.get(session.sessionId);\n      if (connections) {\n        connections.delete(ws);\n        if (connections.size === 0) {\n          this.wsConnections.delete(session.sessionId);\n        }\n      }\n    });\n\n    // Handle WebSocket error\n    ws.on('error', (error) => {\n      this.logger.error(`WebSocket error: ${error}`);\n    });\n\n    // Send initial ping\n    const pong: ServerMessage = { type: 'pong' };\n    ws.send(JSON.stringify(pong));\n  }\n\n  private handleClientMessage(\n    session: TerminalSession,\n    msg: ClientMessage,\n    ws: WebSocket,\n  ): void {\n    switch (msg.type) {\n      case 'input':\n        if (msg.data) {\n          session.write(msg.data);\n        }\n        break;\n\n      case 'resize':\n        if (msg.cols && msg.rows) {\n          session.resize(msg.cols, msg.rows);\n        }\n        break;\n\n      case 'signal':\n        if (msg.signal) {\n          session.sendSignal(msg.signal);\n        }\n        break;\n\n      case 'ping':\n        const pong: ServerMessage = { type: 'pong' };\n        ws.send(JSON.stringify(pong));\n        break;\n\n      case 'permission_response':\n        // TODO: Handle permission responses for interactive prompts\n        this.logger.debug(`Permission response: ${msg.requestId} = ${msg.granted}`);\n        break;\n\n      default:\n        this.logger.warn(`Unknown message type: ${(msg as any).type}`);\n    }\n  }\n\n  private handleCors(response: HttpResponse): void {\n    response.writeHead(204, {\n      'Access-Control-Allow-Origin': '*',\n      'Access-Control-Allow-Methods': 'GET, POST, DELETE, OPTIONS',\n      'Access-Control-Allow-Headers': 'Content-Type, Authorization',\n    });\n    response.end();\n  }\n\n  private sendJson(response: HttpResponse, status: number, data: unknown): void {\n    const body = JSON.stringify(data);\n    response.writeHead(status, {\n      'Content-Type': 'application/json',\n      'Content-Length': Buffer.byteLength(body),\n    });\n    response.end(body);\n  }\n\n  private sendError(response: HttpResponse, status: number, message: string): void {\n    this.sendJson(response, status, { error: message });\n  }\n\n  private readBody(request: HttpRequest): Promise<string> {\n    return new Promise((resolve, reject) => {\n      const chunks: Buffer[] = [];\n      request.on('data', (chunk: Buffer) => chunks.push(chunk));\n      request.on('end', () => resolve(Buffer.concat(chunks).toString()));\n      request.on('error', reject);\n    });\n  }\n\n  /**\n   * Get the session manager for external access\n   */\n  getSessionManager(): TerminalSessionManager {\n    return this.sessionManager;\n  }\n}\n"]}

package/dist/http/terminal/TerminalHttpHandler.jsonld

@@ -0,0 +1,232 @@
+{
+  "@context": [
+    "https://linkedsoftwaredependencies.org/bundles/npm/@undefineds.co/xpod/^0.0.0/components/context.jsonld",
+    "https://linkedsoftwaredependencies.org/bundles/npm/@solid/community-server/^8.0.0/components/context.jsonld"
+  ],
+  "@id": "npmd:@undefineds.co/xpod",
+  "components": [
+    {
+      "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler",
+      "@type": "Class",
+      "requireElement": "TerminalHttpHandler",
+      "extends": [
+        "css:dist/server/HttpHandler.jsonld#HttpHandler"
+      ],
+      "parameters": [
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_sidecarPath",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:string",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          },
+          "comment": "Sidecar API path, default: '/-/terminal'"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_credentialsExtractor",
+          "range": "css:dist/authentication/CredentialsExtractor.jsonld#CredentialsExtractor",
+          "comment": "Credentials extractor for authentication"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxSessionsPerUser",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:number",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          },
+          "comment": "Session manager options"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxTotalSessions",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:number",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          }
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_defaultTimeout",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:number",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          }
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxTimeout",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:number",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          }
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_defaultWorkdir",
+          "range": {
+            "@type": "ParameterRangeUnion",
+            "parameterRangeElements": [
+              "xsd:string",
+              {
+                "@type": "ParameterRangeUndefined"
+              }
+            ]
+          }
+        }
+      ],
+      "memberFields": [
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_logger",
+          "memberFieldName": "logger",
+          "range": {
+            "@type": "ParameterRangeWildcard"
+          }
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_sidecarPath",
+          "memberFieldName": "sidecarPath"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_sessionManager",
+          "memberFieldName": "sessionManager"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_credentialsExtractor",
+          "memberFieldName": "credentialsExtractor"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_wss",
+          "memberFieldName": "wss"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_wsConnections",
+          "memberFieldName": "wsConnections"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_constructor",
+          "memberFieldName": "constructor"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_canHandle",
+          "memberFieldName": "canHandle"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handle",
+          "memberFieldName": "handle"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleUpgrade",
+          "memberFieldName": "handleUpgrade"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleCreateSession",
+          "memberFieldName": "handleCreateSession"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleGetSession",
+          "memberFieldName": "handleGetSession"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleDeleteSession",
+          "memberFieldName": "handleDeleteSession"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleWebSocketConnection",
+          "memberFieldName": "handleWebSocketConnection"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleClientMessage",
+          "memberFieldName": "handleClientMessage"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_handleCors",
+          "memberFieldName": "handleCors"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_sendJson",
+          "memberFieldName": "sendJson"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_sendError",
+          "memberFieldName": "sendError"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_readBody",
+          "memberFieldName": "readBody"
+        },
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler__member_getSessionManager",
+          "memberFieldName": "getSessionManager"
+        }
+      ],
+      "constructorArguments": [
+        {
+          "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options__constructorArgument",
+          "fields": [
+            {
+              "keyRaw": "sidecarPath",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_sidecarPath"
+              }
+            },
+            {
+              "keyRaw": "credentialsExtractor",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_credentialsExtractor"
+              }
+            },
+            {
+              "keyRaw": "maxSessionsPerUser",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxSessionsPerUser"
+              }
+            },
+            {
+              "keyRaw": "maxTotalSessions",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxTotalSessions"
+              }
+            },
+            {
+              "keyRaw": "defaultTimeout",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_defaultTimeout"
+              }
+            },
+            {
+              "keyRaw": "maxTimeout",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_maxTimeout"
+              }
+            },
+            {
+              "keyRaw": "defaultWorkdir",
+              "value": {
+                "@id": "undefineds:dist/http/terminal/TerminalHttpHandler.jsonld#TerminalHttpHandler_options_defaultWorkdir"
+              }
+            }
+          ]
+        }
+      ]
+    }
+  ]
+}

package/dist/http/terminal/index.d.ts

@@ -0,0 +1 @@
+export * from './TerminalHttpHandler';

package/dist/http/terminal/index.js

@@ -0,0 +1,18 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __exportStar = (this && this.__exportStar) || function(m, exports) {
+    for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+__exportStar(require("./TerminalHttpHandler"), exports);
+//# sourceMappingURL=index.js.map

package/dist/http/terminal/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/http/terminal/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,wDAAsC","sourcesContent":["export * from './TerminalHttpHandler';\n"]}

package/dist/http/vector/VectorHttpHandler.d.ts

@@ -0,0 +1,42 @@
+/**
+ * VectorHttpHandler - 纯向量存储 HTTP API
+ *
+ * 提供 /-/vector 端点，只负责向量的存储和搜索，不访问 Pod 数据。
+ * AI embedding 生成、credential 管理等逻辑由外部 API Server 处理。
+ *
+ * 端点设计：
+ * - POST /-/vector/upsert   - 存入向量
+ * - POST /-/vector/search   - 搜索向量（只接受向量输入）
+ * - DELETE /-/vector/delete - 删除向量
+ * - GET  /-/vector/status   - 索引状态
+ */
+import { HttpHandler } from '@solid/community-server';
+import type { HttpHandlerInput } from '@solid/community-server';
+import type { CredentialsExtractor, PermissionReader, Authorizer } from '@solid/community-server';
+import { VectorStore } from '../../storage/vector/VectorStore';
+interface VectorHttpHandlerOptions {
+    sidecarPath?: string;
+}
+export declare class VectorHttpHandler extends HttpHandler {
+    protected readonly logger: import("global-logger-factory").Logger<unknown>;
+    private readonly vectorStore;
+    private readonly credentialsExtractor;
+    private readonly permissionReader;
+    private readonly authorizer;
+    private readonly sidecarPath;
+    constructor(vectorStore: VectorStore, credentialsExtractor: CredentialsExtractor, permissionReader: PermissionReader, authorizer: Authorizer, options?: VectorHttpHandlerOptions);
+    canHandle({ request }: HttpHandlerInput): Promise<void>;
+    handle({ request, response }: HttpHandlerInput): Promise<void>;
+    private handleUpsert;
+    private handleSearch;
+    private handleDelete;
+    private handleStatus;
+    private handleError;
+    private authorizeFor;
+    private parseUrl;
+    private readJsonBody;
+    private sendJsonResponse;
+    private sendErrorResponse;
+    private writeOptions;
+}
+export {};