@winspan/claude-forge 8.30.0 → 8.33.0

package/dist/web/routes/agents.js

@@ -0,0 +1,192 @@
+import fs from 'fs';
+import path from 'path';
+import { homedir } from 'os';
+import { logger } from '../../core/utils/logger.js';
+/**
+ * /api/agents/* — list, read, update, version, rollback.
+ */
+export function registerAgentsRoutes(app, ctx) {
+    const agents = ctx.agents;
+    // GET /api/agents — list all agents (official + user)
+    app.get('/api/agents', (_req, res) => {
+        try {
+            const agentsDir = path.join(homedir(), '.claude', 'agents');
+            const official = agents?.getAll() || [];
+            const userAgents = [];
+            if (fs.existsSync(agentsDir)) {
+                const files = fs.readdirSync(agentsDir).filter(f => f.endsWith('.md'));
+                for (const file of files) {
+                    const name = file.replace('.md', '');
+                    if (official.some((a) => a.name === name))
+                        continue;
+                    const content = fs.readFileSync(path.join(agentsDir, file), 'utf-8');
+                    const match = content.match(/^---\n([\s\S]*?)\n---/);
+                    if (match) {
+                        const fm = match[1];
+                        const descMatch = fm.match(/description:\s*["']?([^"'\n]+)["']?/);
+                        const verMatch = fm.match(/version:\s*["']?([^"'\n]+)["']?/);
+                        userAgents.push({
+                            name,
+                            description: descMatch?.[1] || '',
+                            version: verMatch?.[1],
+                        });
+                    }
+                }
+            }
+            res.json({ official, user: userAgents });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to list agents: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // GET /api/agents/:name — get agent details
+    app.get('/api/agents/:name', (req, res) => {
+        try {
+            const { name } = req.params;
+            const agentsDir = path.join(homedir(), '.claude', 'agents');
+            const filePath = path.join(agentsDir, `${name}.md`);
+            if (!fs.existsSync(filePath)) {
+                res.status(404).json({ error: 'Agent not found' });
+                return;
+            }
+            const content = fs.readFileSync(filePath, 'utf-8');
+            const match = content.match(/^---\n([\s\S]*?)\n---\n([\s\S]*)$/);
+            if (!match) {
+                res.json({ name, content });
+                return;
+            }
+            const fm = match[1];
+            const descMatch = fm.match(/description:\s*["']?([^"'\n]+)["']?/);
+            const verMatch = fm.match(/version:\s*["']?([^"'\n]+)["']?/);
+            const toolsMatch = fm.match(/tools:\s*(.+)/);
+            res.json({
+                name,
+                description: descMatch?.[1] || '',
+                version: verMatch?.[1],
+                tools: toolsMatch?.[1],
+                content,
+            });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to get agent ${req.params.name}: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // PUT /api/agents/:name — update agent content
+    app.put('/api/agents/:name', (req, res) => {
+        try {
+            const { name } = req.params;
+            const { content } = req.body;
+            if (!content || typeof content !== 'string') {
+                res.status(400).json({ error: 'Missing content' });
+                return;
+            }
+            const agentsDir = path.join(homedir(), '.claude', 'agents');
+            const filePath = path.join(agentsDir, `${name}.md`);
+            if (!fs.existsSync(filePath)) {
+                res.status(404).json({ error: 'Agent not found' });
+                return;
+            }
+            const backupDir = path.join(homedir(), '.claude-forge', 'backups', 'agents');
+            fs.mkdirSync(backupDir, { recursive: true });
+            const timestamp = new Date().toISOString().replace(/[:.]/g, '-');
+            const backupPath = path.join(backupDir, `${name}-${timestamp}.md`);
+            fs.copyFileSync(filePath, backupPath);
+            fs.writeFileSync(filePath, content, 'utf-8');
+            logger.info(`[Web] Updated agent ${name} (backup: ${backupPath})`);
+            res.json({ success: true, backup: backupPath });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to update agent ${req.params.name}: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // GET /api/agents/:name/versions — list backup versions
+    app.get('/api/agents/:name/versions', (req, res) => {
+        try {
+            const { name } = req.params;
+            const backupDir = path.join(homedir(), '.claude-forge', 'backups', 'agents');
+            if (!fs.existsSync(backupDir)) {
+                res.json({ versions: [] });
+                return;
+            }
+            const files = fs.readdirSync(backupDir)
+                .filter(f => f.startsWith(`${name}-`) && f.endsWith('.md'))
+                .map(f => {
+                const filePath = path.join(backupDir, f);
+                const stats = fs.statSync(filePath);
+                const timestampMatch = f.match(/-(\d{4}-\d{2}-\d{2}T\d{2}-\d{2}-\d{2}-\d{3}Z)\.md$/);
+                return {
+                    filename: f,
+                    timestamp: timestampMatch ? timestampMatch[1].replace(/-/g, ':').replace(/T(\d{2}):(\d{2}):(\d{2})/, 'T$1:$2:$3') : '',
+                    size: stats.size,
+                    mtime: stats.mtime.toISOString(),
+                };
+            })
+                .sort((a, b) => new Date(b.mtime).getTime() - new Date(a.mtime).getTime());
+            res.json({ versions: files });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to list agent versions: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // GET /api/agents/:name/versions/:timestamp — get specific version content
+    app.get('/api/agents/:name/versions/:timestamp', (req, res) => {
+        try {
+            const { name, timestamp } = req.params;
+            const backupDir = path.join(homedir(), '.claude-forge', 'backups', 'agents');
+            const filename = `${name}-${timestamp}.md`;
+            const filePath = path.join(backupDir, filename);
+            if (!fs.existsSync(filePath)) {
+                res.status(404).json({ error: 'Version not found' });
+                return;
+            }
+            const content = fs.readFileSync(filePath, 'utf-8');
+            res.json({ content });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to get agent version: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // POST /api/agents/:name/rollback — rollback to a specific version
+    app.post('/api/agents/:name/rollback', (req, res) => {
+        try {
+            const { name } = req.params;
+            const { timestamp } = req.body;
+            if (!timestamp) {
+                res.status(400).json({ error: 'Missing timestamp' });
+                return;
+            }
+            const agentsDir = path.join(homedir(), '.claude', 'agents');
+            const currentPath = path.join(agentsDir, `${name}.md`);
+            const backupDir = path.join(homedir(), '.claude-forge', 'backups', 'agents');
+            const versionPath = path.join(backupDir, `${name}-${timestamp}.md`);
+            if (!fs.existsSync(currentPath)) {
+                res.status(404).json({ error: 'Agent not found' });
+                return;
+            }
+            if (!fs.existsSync(versionPath)) {
+                res.status(404).json({ error: 'Version not found' });
+                return;
+            }
+            // Backup current version before rollback
+            fs.mkdirSync(backupDir, { recursive: true });
+            const rollbackTimestamp = new Date().toISOString().replace(/[:.]/g, '-');
+            const rollbackBackupPath = path.join(backupDir, `${name}-${rollbackTimestamp}.md`);
+            fs.copyFileSync(currentPath, rollbackBackupPath);
+            // Restore version
+            const versionContent = fs.readFileSync(versionPath, 'utf-8');
+            fs.writeFileSync(currentPath, versionContent, 'utf-8');
+            logger.info(`[Web] Rolled back agent ${name} to ${timestamp} (backup: ${rollbackBackupPath})`);
+            res.json({ success: true, backup: rollbackBackupPath });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to rollback agent: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+}
+//# sourceMappingURL=agents.js.map

package/dist/web/routes/agents.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents.js","sourceRoot":"","sources":["../../../src/web/routes/agents.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,IAAI,CAAC;AACpB,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,OAAO,EAAE,MAAM,IAAI,CAAC;AAC7B,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AAGpD;;GAEG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAgB,EAAE,GAAiB;IACtE,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;IAE1B,sDAAsD;IACtD,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACnC,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;YACxC,MAAM,UAAU,GAAmE,EAAE,CAAC;YAEtF,IAAI,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC7B,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC;gBACvE,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;oBACzB,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;oBACrC,IAAI,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAmB,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC;wBAAE,SAAS;oBACtE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,OAAO,CAAC,CAAC;oBACrE,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;oBACrD,IAAI,KAAK,EAAE,CAAC;wBACV,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;wBACpB,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;wBAClE,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;wBAC7D,UAAU,CAAC,IAAI,CAAC;4BACd,IAAI;4BACJ,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE;4BACjC,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;yBACvB,CAAC,CAAC;oBACL,CAAC;gBACH,CAAC;YACH,CAAC;YAED,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC,CAAC;QAC3C,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,EAAE,CAAC,CAAC;YACnD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,4CAA4C;IAC5C,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACxC,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,KAAK,CAAC,CAAC;YAEpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,GAAG,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;gBAC5B,OAAO;YACT,CAAC;YAED,MAAM,EAAE,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;YACpB,MAAM,SAAS,GAAG,EAAE,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;YAClE,MAAM,QAAQ,GAAG,EAAE,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;YAC7D,MAAM,UAAU,GAAG,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;YAE7C,GAAG,CAAC,IAAI,CAAC;gBACP,IAAI;gBACJ,WAAW,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE;gBACjC,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;gBACtB,KAAK,EAAE,UAAU,EAAE,CAAC,CAAC,CAAC;gBACtB,OAAO;aACR,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,6BAA6B,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC,CAAC;YACpE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,+CAA+C;IAC/C,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACxC,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAE7B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC5D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,KAAK,CAAC,CAAC;YAEpD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7E,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACjE,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,IAAI,SAAS,KAAK,CAAC,CAAC;YACnE,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC;YAEtC,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAC7C,MAAM,CAAC,IAAI,CAAC,uBAAuB,IAAI,aAAa,UAAU,GAAG,CAAC,CAAC;YAEnE,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,UAAU,EAAE,CAAC,CAAC;QAClD,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,gCAAgC,GAAG,CAAC,MAAM,CAAC,IAAI,KAAK,GAAG,EAAE,CAAC,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wDAAwD;IACxD,GAAG,CAAC,GAAG,CAAC,4BAA4B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACjD,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAE7E,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBAC9B,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;gBAC3B,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,EAAE,CAAC,WAAW,CAAC,SAAS,CAAC;iBACpC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;iBAC1D,GAAG,CAAC,CAAC,CAAC,EAAE;gBACP,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,CAAC,CAAC;gBACzC,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;gBACpC,MAAM,cAAc,GAAG,CAAC,CAAC,KAAK,CAAC,oDAAoD,CAAC,CAAC;gBACrF,OAAO;oBACL,QAAQ,EAAE,CAAC;oBACX,SAAS,EAAE,cAAc,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,0BAA0B,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC,EAAE;oBACtH,IAAI,EAAE,KAAK,CAAC,IAAI;oBAChB,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE;iBACjC,CAAC;YACJ,CAAC,CAAC;iBACD,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YAE7E,GAAG,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;QAChC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,wCAAwC,GAAG,EAAE,CAAC,CAAC;YAC3D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,2EAA2E;IAC3E,GAAG,CAAC,GAAG,CAAC,uCAAuC,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAC5D,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YACvC,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7E,MAAM,QAAQ,GAAG,GAAG,IAAI,IAAI,SAAS,KAAK,CAAC;YAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;YAEhD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;YACnD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,CAAC,CAAC;QACxB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,sCAAsC,GAAG,EAAE,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,mEAAmE;IACnE,GAAG,CAAC,IAAI,CAAC,4BAA4B,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAClD,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;YAC5B,MAAM,EAAE,SAAS,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAE/B,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,KAAK,CAAC,CAAC;YACvD,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,EAAE,eAAe,EAAE,SAAS,EAAE,QAAQ,CAAC,CAAC;YAC7E,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,IAAI,SAAS,KAAK,CAAC,CAAC;YAEpE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnD,OAAO;YACT,CAAC;YAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAChC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBACrD,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YAC7C,MAAM,iBAAiB,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,OAAO,EAAE,GAAG,CAAC,CAAC;YACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,IAAI,IAAI,iBAAiB,KAAK,CAAC,CAAC;YACnF,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;YAEjD,kBAAkB;YAClB,MAAM,cAAc,GAAG,EAAE,CAAC,YAAY,CAAC,WAAW,EAAE,OAAO,CAAC,CAAC;YAC7D,EAAE,CAAC,aAAa,CAAC,WAAW,EAAE,cAAc,EAAE,OAAO,CAAC,CAAC;YAEvD,MAAM,CAAC,IAAI,CAAC,2BAA2B,IAAI,OAAO,SAAS,aAAa,kBAAkB,GAAG,CAAC,CAAC;YAC/F,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC,CAAC;QAC1D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,mCAAmC,GAAG,EAAE,CAAC,CAAC;YACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/routes/ai.d.ts

@@ -0,0 +1,10 @@
+import type { Application } from 'express';
+import type { RouteContext } from './types.js';
+/**
+ * /api/ai/* and /api/config/ai — AI provider config + upstream connectivity.
+ *
+ * All outbound calls route through validateBaseUrl + redirect:'manual' so the
+ * daemon cannot be tricked into reaching internal hosts (SSRF guard).
+ */
+export declare function registerAIRoutes(app: Application, _ctx: RouteContext): void;
+//# sourceMappingURL=ai.d.ts.map

package/dist/web/routes/ai.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai.d.ts","sourceRoot":"","sources":["../../../src/web/routes/ai.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAQ3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;GAKG;AACH,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAoM3E"}

package/dist/web/routes/ai.js

@@ -0,0 +1,197 @@
+import { ConfigManager } from '../../core/config.js';
+import { logger } from '../../core/utils/logger.js';
+import { validateBaseUrl, extractHostFromBaseUrl, UPSTREAM_TIMEOUT_MS, } from '../ssrf-guard.js';
+/**
+ * /api/ai/* and /api/config/ai — AI provider config + upstream connectivity.
+ *
+ * All outbound calls route through validateBaseUrl + redirect:'manual' so the
+ * daemon cannot be tricked into reaching internal hosts (SSRF guard).
+ */
+export function registerAIRoutes(app, _ctx) {
+    // GET /api/config/ai — read current AI config (mask apiKey)
+    app.get('/api/config/ai', (_req, res) => {
+        const configManager = new ConfigManager();
+        const config = configManager.get();
+        const maskApiKey = (key) => {
+            if (!key || key.length < 10)
+                return '***';
+            return key.slice(0, 6) + '***' + key.slice(-4);
+        };
+        res.json({
+            api_key: maskApiKey(config.distill.api_key),
+            base_url: config.distill.base_url || '',
+            model: config.distill.model,
+            provider: config.distill.provider,
+            classifier_model: config.distill.classifier_model || '',
+            classifier_timeout: config.distill.classifier_timeout || 10000,
+        });
+    });
+    // PUT /api/config/ai — update AI config
+    app.put('/api/config/ai', (req, res) => {
+        const { api_key, base_url, model, provider, classifier_model, classifier_timeout } = req.body ?? {};
+        try {
+            const configManager = new ConfigManager();
+            const config = configManager.get();
+            if (typeof api_key === 'string')
+                config.distill.api_key = api_key;
+            if (typeof base_url === 'string') {
+                // Normalize http → https for upstream gateways that force HTTPS redirect
+                // (e.g. iflytek one.iflytek.com returns 302 and drops Authorization header)
+                let url = base_url.trim();
+                if (url.startsWith('http://'))
+                    url = 'https://' + url.slice('http://'.length);
+                config.distill.base_url = url;
+            }
+            if (typeof model === 'string')
+                config.distill.model = model;
+            if (typeof provider === 'string')
+                config.distill.provider = provider;
+            if (typeof classifier_model === 'string')
+                config.distill.classifier_model = classifier_model || undefined;
+            if (typeof classifier_timeout === 'number')
+                config.distill.classifier_timeout = classifier_timeout;
+            configManager.save();
+            logger.info('[Web] AI config updated');
+            res.json({ success: true });
+        }
+        catch (err) {
+            logger.warn(`[Web] Failed to update AI config: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // GET /api/ai/models — proxy to upstream /v1/models
+    app.get('/api/ai/models', async (req, res) => {
+        try {
+            const configManager = new ConfigManager();
+            const config = configManager.get();
+            const queryKey = typeof req.query.api_key === 'string' ? req.query.api_key : '';
+            const queryUrl = typeof req.query.base_url === 'string' ? req.query.base_url : '';
+            const apiKey = queryKey || config.distill.api_key;
+            let baseUrl = queryUrl || config.distill.base_url || 'https://api.anthropic.com';
+            if (baseUrl.startsWith('http://'))
+                baseUrl = 'https://' + baseUrl.slice('http://'.length);
+            if (!apiKey) {
+                res.status(400).json({ error: 'API key not configured' });
+                return;
+            }
+            const configuredHost = extractHostFromBaseUrl(config.distill.base_url);
+            const validation = validateBaseUrl(baseUrl, configuredHost ? [configuredHost] : []);
+            if (!validation.ok) {
+                res.status(400).json({ error: validation.error });
+                return;
+            }
+            const modelsUrl = baseUrl.endsWith('/v1')
+                ? `${baseUrl}/models`
+                : `${baseUrl}/v1/models`;
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), UPSTREAM_TIMEOUT_MS);
+            let response;
+            try {
+                response = await fetch(modelsUrl, {
+                    redirect: 'manual',
+                    signal: controller.signal,
+                    headers: {
+                        'Authorization': `Bearer ${apiKey}`,
+                        'x-api-key': apiKey,
+                    },
+                });
+            }
+            finally {
+                clearTimeout(timer);
+            }
+            if (response.status >= 300 && response.status < 400) {
+                res.status(400).json({
+                    error: `Upstream tried to redirect (status ${response.status}); refusing to follow`,
+                });
+                return;
+            }
+            if (!response.ok) {
+                const text = await response.text();
+                logger.warn(`[Web] Upstream /v1/models failed: ${response.status} ${text}`);
+                res.status(response.status).json({ error: text });
+                return;
+            }
+            const data = await response.json();
+            res.json(data);
+        }
+        catch (err) {
+            if (err instanceof Error && err.name === 'AbortError') {
+                res.status(504).json({ error: `Upstream timeout (${UPSTREAM_TIMEOUT_MS}ms)` });
+                return;
+            }
+            logger.warn(`[Web] Failed to fetch models: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+    // POST /api/ai/test — test AI connection using provided or saved config
+    app.post('/api/ai/test', async (req, res) => {
+        try {
+            const configManager = new ConfigManager();
+            const config = configManager.get();
+            const { api_key, base_url, model } = req.body ?? {};
+            const apiKey = (typeof api_key === 'string' && api_key) || config.distill.api_key;
+            let baseUrl = (typeof base_url === 'string' && base_url) || config.distill.base_url || 'https://api.anthropic.com';
+            const useModel = (typeof model === 'string' && model) || config.distill.model;
+            if (baseUrl.startsWith('http://'))
+                baseUrl = 'https://' + baseUrl.slice('http://'.length);
+            if (!apiKey) {
+                res.status(400).json({ error: 'API key not configured' });
+                return;
+            }
+            const configuredHost = extractHostFromBaseUrl(config.distill.base_url);
+            const validation = validateBaseUrl(baseUrl, configuredHost ? [configuredHost] : []);
+            if (!validation.ok) {
+                res.status(400).json({ error: validation.error });
+                return;
+            }
+            const messagesUrl = baseUrl.endsWith('/v1')
+                ? `${baseUrl}/messages`
+                : `${baseUrl}/v1/messages`;
+            const controller = new AbortController();
+            const timer = setTimeout(() => controller.abort(), UPSTREAM_TIMEOUT_MS);
+            let response;
+            try {
+                response = await fetch(messagesUrl, {
+                    method: 'POST',
+                    redirect: 'manual',
+                    signal: controller.signal,
+                    headers: {
+                        'Content-Type': 'application/json',
+                        'x-api-key': apiKey,
+                        'anthropic-version': '2023-06-01',
+                    },
+                    body: JSON.stringify({
+                        model: useModel,
+                        max_tokens: 10,
+                        messages: [{ role: 'user', content: 'ping' }],
+                    }),
+                });
+            }
+            finally {
+                clearTimeout(timer);
+            }
+            if (response.status >= 300 && response.status < 400) {
+                res.status(400).json({
+                    error: `Upstream tried to redirect (status ${response.status}); refusing to follow`,
+                });
+                return;
+            }
+            if (!response.ok) {
+                const text = await response.text();
+                res.status(response.status).json({ error: text });
+                return;
+            }
+            const data = await response.json();
+            res.json({ success: true, model: data.model || useModel });
+        }
+        catch (err) {
+            if (err instanceof Error && err.name === 'AbortError') {
+                res.status(504).json({ error: `Upstream timeout (${UPSTREAM_TIMEOUT_MS}ms)` });
+                return;
+            }
+            logger.warn(`[Web] AI connection test failed: ${err}`);
+            res.status(500).json({ error: String(err) });
+        }
+    });
+}
+//# sourceMappingURL=ai.js.map

package/dist/web/routes/ai.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"ai.js","sourceRoot":"","sources":["../../../src/web/routes/ai.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,MAAM,EAAE,MAAM,4BAA4B,CAAC;AACpD,OAAO,EACL,eAAe,EACf,sBAAsB,EACtB,mBAAmB,GACpB,MAAM,kBAAkB,CAAC;AAG1B;;;;;GAKG;AACH,MAAM,UAAU,gBAAgB,CAAC,GAAgB,EAAE,IAAkB;IACnE,4DAA4D;IAC5D,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACtC,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;QAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC;QAEnC,MAAM,UAAU,GAAG,CAAC,GAAW,EAAU,EAAE;YACzC,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,EAAE;gBAAE,OAAO,KAAK,CAAC;YAC1C,OAAO,GAAG,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,GAAG,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;QACjD,CAAC,CAAC;QAEF,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,UAAU,CAAC,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,EAAE;YACvC,KAAK,EAAE,MAAM,CAAC,OAAO,CAAC,KAAK;YAC3B,QAAQ,EAAE,MAAM,CAAC,OAAO,CAAC,QAAQ;YACjC,gBAAgB,EAAE,MAAM,CAAC,OAAO,CAAC,gBAAgB,IAAI,EAAE;YACvD,kBAAkB,EAAE,MAAM,CAAC,OAAO,CAAC,kBAAkB,IAAI,KAAK;SAC/D,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,wCAAwC;IACxC,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACrC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAEpG,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC;YAEnC,IAAI,OAAO,OAAO,KAAK,QAAQ;gBAAE,MAAM,CAAC,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC;YAClE,IAAI,OAAO,QAAQ,KAAK,QAAQ,EAAE,CAAC;gBACjC,yEAAyE;gBACzE,4EAA4E;gBAC5E,IAAI,GAAG,GAAG,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC1B,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC;oBAAE,GAAG,GAAG,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;gBAC9E,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,GAAG,CAAC;YAChC,CAAC;YACD,IAAI,OAAO,KAAK,KAAK,QAAQ;gBAAE,MAAM,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAC;YAC5D,IAAI,OAAO,QAAQ,KAAK,QAAQ;gBAAE,MAAM,CAAC,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC;YACrE,IAAI,OAAO,gBAAgB,KAAK,QAAQ;gBAAE,MAAM,CAAC,OAAO,CAAC,gBAAgB,GAAG,gBAAgB,IAAI,SAAS,CAAC;YAC1G,IAAI,OAAO,kBAAkB,KAAK,QAAQ;gBAAE,MAAM,CAAC,OAAO,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;YAEnG,aAAa,CAAC,IAAI,EAAE,CAAC;YACrB,MAAM,CAAC,IAAI,CAAC,yBAAyB,CAAC,CAAC;YACvC,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,CAAC,IAAI,CAAC,qCAAqC,GAAG,EAAE,CAAC,CAAC;YACxD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,oDAAoD;IACpD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC3C,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC;YAEnC,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,MAAM,QAAQ,GAAG,OAAO,GAAG,CAAC,KAAK,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC,CAAC,EAAE,CAAC;YAClF,MAAM,MAAM,GAAG,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAClD,IAAI,OAAO,GAAG,QAAQ,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,2BAA2B,CAAC;YACjF,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAE1F,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACpF,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;gBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YAED,MAAM,SAAS,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACvC,CAAC,CAAC,GAAG,OAAO,SAAS;gBACrB,CAAC,CAAC,GAAG,OAAO,YAAY,CAAC;YAE3B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;YACxE,IAAI,QAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;oBAChC,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,OAAO,EAAE;wBACP,eAAe,EAAE,UAAU,MAAM,EAAE;wBACnC,WAAW,EAAE,MAAM;qBACpB;iBACF,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,sCAAsC,QAAQ,CAAC,MAAM,uBAAuB;iBACpF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,MAAM,CAAC,IAAI,CAAC,qCAAqC,QAAQ,CAAC,MAAM,IAAI,IAAI,EAAE,CAAC,CAAC;gBAC5E,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;YACnC,GAAG,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,iCAAiC,GAAG,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,wEAAwE;IACxE,GAAG,CAAC,IAAI,CAAC,cAAc,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1C,IAAI,CAAC;YACH,MAAM,aAAa,GAAG,IAAI,aAAa,EAAE,CAAC;YAC1C,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,EAAE,CAAC;YAEnC,MAAM,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;YACpD,MAAM,MAAM,GAAG,CAAC,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC;YAClF,IAAI,OAAO,GAAG,CAAC,OAAO,QAAQ,KAAK,QAAQ,IAAI,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,QAAQ,IAAI,2BAA2B,CAAC;YACnH,MAAM,QAAQ,GAAG,CAAC,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC;YAC9E,IAAI,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC;gBAAE,OAAO,GAAG,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;YAE1F,IAAI,CAAC,MAAM,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;gBAC1D,OAAO;YACT,CAAC;YAED,MAAM,cAAc,GAAG,sBAAsB,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACvE,MAAM,UAAU,GAAG,eAAe,CAAC,OAAO,EAAE,cAAc,CAAC,CAAC,CAAC,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACpF,IAAI,CAAC,UAAU,CAAC,EAAE,EAAE,CAAC;gBACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YAED,MAAM,WAAW,GAAG,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC;gBACzC,CAAC,CAAC,GAAG,OAAO,WAAW;gBACvB,CAAC,CAAC,GAAG,OAAO,cAAc,CAAC;YAE7B,MAAM,UAAU,GAAG,IAAI,eAAe,EAAE,CAAC;YACzC,MAAM,KAAK,GAAG,UAAU,CAAC,GAAG,EAAE,CAAC,UAAU,CAAC,KAAK,EAAE,EAAE,mBAAmB,CAAC,CAAC;YACxE,IAAI,QAAkB,CAAC;YACvB,IAAI,CAAC;gBACH,QAAQ,GAAG,MAAM,KAAK,CAAC,WAAW,EAAE;oBAClC,MAAM,EAAE,MAAM;oBACd,QAAQ,EAAE,QAAQ;oBAClB,MAAM,EAAE,UAAU,CAAC,MAAM;oBACzB,OAAO,EAAE;wBACP,cAAc,EAAE,kBAAkB;wBAClC,WAAW,EAAE,MAAM;wBACnB,mBAAmB,EAAE,YAAY;qBAClC;oBACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;wBACnB,KAAK,EAAE,QAAQ;wBACf,UAAU,EAAE,EAAE;wBACd,QAAQ,EAAE,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;qBAC9C,CAAC;iBACH,CAAC,CAAC;YACL,CAAC;oBAAS,CAAC;gBACT,YAAY,CAAC,KAAK,CAAC,CAAC;YACtB,CAAC;YAED,IAAI,QAAQ,CAAC,MAAM,IAAI,GAAG,IAAI,QAAQ,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;gBACpD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,sCAAsC,QAAQ,CAAC,MAAM,uBAAuB;iBACpF,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,IAAI,CAAC,QAAQ,CAAC,EAAE,EAAE,CAAC;gBACjB,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;gBACnC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBAClD,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAwB,CAAC;YACzD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,IAAI,QAAQ,EAAE,CAAC,CAAC;QAC7D,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAI,GAAG,YAAY,KAAK,IAAI,GAAG,CAAC,IAAI,KAAK,YAAY,EAAE,CAAC;gBACtD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qBAAqB,mBAAmB,KAAK,EAAE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YACD,MAAM,CAAC,IAAI,CAAC,oCAAoC,GAAG,EAAE,CAAC,CAAC;YACvD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/routes/auth.d.ts

@@ -0,0 +1,12 @@
+import type { Application } from 'express';
+import type { RouteContext } from './types.js';
+/**
+ * Auth routes — localhost bootstrap endpoint that returns the daemon token.
+ *
+ * This endpoint is intentionally NOT protected by requireAuth: the token file
+ * on disk is chmod 600 (current user only), so anyone who can reach this
+ * endpoint already has access to the file. Protecting it would create a
+ * chicken-and-egg problem for the UI.
+ */
+export declare function registerAuthRoutes(app: Application, _ctx: RouteContext): void;
+//# sourceMappingURL=auth.d.ts.map

package/dist/web/routes/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../src/web/routes/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;;;GAOG;AACH,wBAAgB,kBAAkB,CAAC,GAAG,EAAE,WAAW,EAAE,IAAI,EAAE,YAAY,GAAG,IAAI,CAS7E"}

package/dist/web/routes/auth.js

@@ -0,0 +1,20 @@
+import { readAuthToken } from '../auth-middleware.js';
+/**
+ * Auth routes — localhost bootstrap endpoint that returns the daemon token.
+ *
+ * This endpoint is intentionally NOT protected by requireAuth: the token file
+ * on disk is chmod 600 (current user only), so anyone who can reach this
+ * endpoint already has access to the file. Protecting it would create a
+ * chicken-and-egg problem for the UI.
+ */
+export function registerAuthRoutes(app, _ctx) {
+    app.get('/api/auth/token', (_req, res) => {
+        const token = readAuthToken();
+        if (!token) {
+            res.status(404).json({ error: 'TOKEN_NOT_FOUND' });
+            return;
+        }
+        res.json({ token });
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/web/routes/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../../src/web/routes/auth.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAGtD;;;;;;;GAOG;AACH,MAAM,UAAU,kBAAkB,CAAC,GAAgB,EAAE,IAAkB;IACrE,GAAG,CAAC,GAAG,CAAC,iBAAiB,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QACvC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;QAC9B,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,CAAC,CAAC;IACtB,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/routes/events.d.ts

@@ -0,0 +1,11 @@
+import type { Application } from 'express';
+import type { RouteContext } from './types.js';
+/**
+ * /api/events — recent events list + SSE live stream.
+ *
+ * Note: /api/events/stream must be registered BEFORE `/api/events` handlers
+ * that might swallow it, but Express matches exact paths so order here is
+ * not actually load-bearing for correctness.
+ */
+export declare function registerEventsRoutes(app: Application, ctx: RouteContext): void;
+//# sourceMappingURL=events.d.ts.map

package/dist/web/routes/events.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.d.ts","sourceRoot":"","sources":["../../../src/web/routes/events.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;;GAMG;AACH,wBAAgB,oBAAoB,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,YAAY,GAAG,IAAI,CAoC9E"}

package/dist/web/routes/events.js

@@ -0,0 +1,43 @@
+/**
+ * /api/events — recent events list + SSE live stream.
+ *
+ * Note: /api/events/stream must be registered BEFORE `/api/events` handlers
+ * that might swallow it, but Express matches exact paths so order here is
+ * not actually load-bearing for correctness.
+ */
+export function registerEventsRoutes(app, ctx) {
+    const { storage } = ctx;
+    app.get('/api/events', (req, res) => {
+        const limit = parseInt(req.query.limit) || 50;
+        const projectPath = req.query.project;
+        const sessionId = req.query.session;
+        const events = storage.queryEvents({ project_path: projectPath, session_id: sessionId, limit });
+        res.json(events);
+    });
+    // SSE: real-time event stream
+    app.get('/api/events/stream', (req, res) => {
+        res.writeHead(200, {
+            'Content-Type': 'text/event-stream',
+            'Cache-Control': 'no-cache',
+            Connection: 'keep-alive',
+        });
+        res.write('data: {"type":"connected"}\n\n');
+        const filterSession = req.query.session;
+        const filterProject = req.query.project;
+        const filterHook = req.query.hook;
+        const onEvent = (event) => {
+            if (filterSession && event.session_id !== filterSession)
+                return;
+            if (filterProject && event.project_path !== filterProject)
+                return;
+            if (filterHook && event.hook_type !== filterHook)
+                return;
+            res.write(`data: ${JSON.stringify(event)}\n\n`);
+        };
+        storage.on('event', onEvent);
+        req.on('close', () => {
+            storage.removeListener('event', onEvent);
+        });
+    });
+}
+//# sourceMappingURL=events.js.map

package/dist/web/routes/events.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"events.js","sourceRoot":"","sources":["../../../src/web/routes/events.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,MAAM,UAAU,oBAAoB,CAAC,GAAgB,EAAE,GAAiB;IACtE,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC;IAExB,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QAClC,MAAM,KAAK,GAAG,QAAQ,CAAC,GAAG,CAAC,KAAK,CAAC,KAAe,CAAC,IAAI,EAAE,CAAC;QACxD,MAAM,WAAW,GAAG,GAAG,CAAC,KAAK,CAAC,OAA6B,CAAC;QAC5D,MAAM,SAAS,GAAG,GAAG,CAAC,KAAK,CAAC,OAA6B,CAAC;QAC1D,MAAM,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,YAAY,EAAE,WAAW,EAAE,UAAU,EAAE,SAAS,EAAE,KAAK,EAAE,CAAC,CAAC;QAChG,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH,8BAA8B;IAC9B,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;QACzC,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE;YACjB,cAAc,EAAE,mBAAmB;YACnC,eAAe,EAAE,UAAU;YAC3B,UAAU,EAAE,YAAY;SACzB,CAAC,CAAC;QACH,GAAG,CAAC,KAAK,CAAC,gCAAgC,CAAC,CAAC;QAE5C,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,OAA6B,CAAC;QAC9D,MAAM,aAAa,GAAG,GAAG,CAAC,KAAK,CAAC,OAA6B,CAAC;QAC9D,MAAM,UAAU,GAAG,GAAG,CAAC,KAAK,CAAC,IAA0B,CAAC;QAExD,MAAM,OAAO,GAAG,CAAC,KAA8B,EAAE,EAAE;YACjD,IAAI,aAAa,IAAI,KAAK,CAAC,UAAU,KAAK,aAAa;gBAAE,OAAO;YAChE,IAAI,aAAa,IAAI,KAAK,CAAC,YAAY,KAAK,aAAa;gBAAE,OAAO;YAClE,IAAI,UAAU,IAAI,KAAK,CAAC,SAAS,KAAK,UAAU;gBAAE,OAAO;YACzD,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAClD,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC7B,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACnB,OAAO,CAAC,cAAc,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/routes/execution-trace.d.ts

@@ -0,0 +1,13 @@
+import type { Application } from 'express';
+import type { RouteContext } from './types.js';
+/**
+ * /api/execution-trace/* — routing-event-centric traces + SSE live status.
+ *
+ * Registration order mirrors the original server.ts exactly. In particular,
+ * `/stream` is registered AFTER `/:id`, which means Express matches `/stream`
+ * against `/:id` first (Number('stream') = NaN → 400). This preserves the
+ * original behaviour; fixing it is out of scope for this split.
+ * FIXME: `/api/execution-trace/stream` is shadowed by `/:id` — out of scope for this split.
+ */
+export declare function registerExecutionTraceRoutes(app: Application, ctx: RouteContext): void;
+//# sourceMappingURL=execution-trace.d.ts.map

package/dist/web/routes/execution-trace.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"execution-trace.d.ts","sourceRoot":"","sources":["../../../src/web/routes/execution-trace.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,SAAS,CAAC;AAE3C,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AAE/C;;;;;;;;GAQG;AACH,wBAAgB,4BAA4B,CAAC,GAAG,EAAE,WAAW,EAAE,GAAG,EAAE,YAAY,GAAG,IAAI,CA6XtF"}