npm - @winspan/claude-forge - Versions diffs - 8.51.1 → 8.54.3 - Mend

@winspan/claude-forge 8.51.1 → 8.54.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (409) hide show

package/DEVELOPMENT.md +290 -221
package/README.md +50 -8
package/dist/cli/commands/skills.d.ts.map +1 -1
package/dist/cli/commands/skills.js +121 -2
package/dist/cli/commands/skills.js.map +1 -1
package/dist/cli/init/hook-manager.d.ts +1 -1
package/dist/cli/init/hook-manager.d.ts.map +1 -1
package/dist/cli/init/hook-manager.js +1 -0
package/dist/cli/init/hook-manager.js.map +1 -1
package/dist/core/constants.d.ts +2 -0
package/dist/core/constants.d.ts.map +1 -1
package/dist/core/constants.js +4 -0
package/dist/core/constants.js.map +1 -1
package/dist/core/storage/events.d.ts.map +1 -1
package/dist/core/storage/events.js +0 -1
package/dist/core/storage/events.js.map +1 -1
package/dist/core/storage/maintenance.d.ts +25 -3
package/dist/core/storage/maintenance.d.ts.map +1 -1
package/dist/core/storage/maintenance.js +33 -4
package/dist/core/storage/maintenance.js.map +1 -1
package/dist/core/storage/routing.d.ts +4 -0
package/dist/core/storage/routing.d.ts.map +1 -1
package/dist/core/storage/routing.js +10 -4
package/dist/core/storage/routing.js.map +1 -1
package/dist/core/storage/sessions.d.ts +17 -0
package/dist/core/storage/sessions.d.ts.map +1 -1
package/dist/core/storage/sessions.js +64 -0
package/dist/core/storage/sessions.js.map +1 -1
package/dist/core/storage/skills.d.ts +4 -0
package/dist/core/storage/skills.d.ts.map +1 -1
package/dist/core/storage/skills.js +10 -2
package/dist/core/storage/skills.js.map +1 -1
package/dist/core/storage/sqlite.d.ts +5 -0
package/dist/core/storage/sqlite.d.ts.map +1 -1
package/dist/core/storage/sqlite.js +6 -0
package/dist/core/storage/sqlite.js.map +1 -1
package/dist/core/storage/tasks.d.ts.map +1 -1
package/dist/core/storage/tasks.js +2 -0
package/dist/core/storage/tasks.js.map +1 -1
package/dist/core/types.d.ts +7 -0
package/dist/core/types.d.ts.map +1 -1
package/dist/daemon/index.d.ts.map +1 -1
package/dist/daemon/index.js +30 -5
package/dist/daemon/index.js.map +1 -1
package/dist/daemon/skill-sync.d.ts +21 -0
package/dist/daemon/skill-sync.d.ts.map +1 -0
package/dist/daemon/skill-sync.js +75 -0
package/dist/daemon/skill-sync.js.map +1 -0
package/dist/hooks/notification.sh +1 -1
package/dist/hooks/post-tool-use.sh +1 -1
package/dist/hooks/pre-tool-use.sh +1 -1
package/dist/hooks/stop.sh +1 -1
package/dist/hooks/user-prompt-submit.sh +1 -1
package/dist/skills/official/code-simplifier.md +37 -1
package/dist/skills/official/find-skills.md +120 -1
package/dist/skills/official/official-api-design.md +14 -1
package/dist/skills/official/official-architecture-decision.md +22 -1
package/dist/skills/official/official-db-schema-design.md +19 -1
package/dist/skills/official/official-debug.md +9 -1
package/dist/skills/official/official-pr-review.md +1 -1
package/dist/skills/official/official-security-hardening.md +7 -1
package/dist/skills/official/planning-with-files.md +206 -2
package/dist/skills/official/ui-ux-pro-max.md +88 -1
package/dist/skills/official/webapp-testing.md +85 -1
package/dist/skills/registry.d.ts +1 -1
package/dist/skills/registry.d.ts.map +1 -1
package/dist/skills/registry.js +15 -4
package/dist/skills/registry.js.map +1 -1
package/dist/skills/semantic-matcher.d.ts +4 -3
package/dist/skills/semantic-matcher.d.ts.map +1 -1
package/dist/skills/semantic-matcher.js +20 -22
package/dist/skills/semantic-matcher.js.map +1 -1
package/dist/skills/upgrade-engine.d.ts +93 -0
package/dist/skills/upgrade-engine.d.ts.map +1 -0
package/dist/skills/upgrade-engine.js +447 -0
package/dist/skills/upgrade-engine.js.map +1 -0
package/dist/skills/upgrade-prompt.d.ts +20 -0
package/dist/skills/upgrade-prompt.d.ts.map +1 -0
package/dist/skills/upgrade-prompt.js +75 -0
package/dist/skills/upgrade-prompt.js.map +1 -0
package/dist/web/analytics/weekly-report.d.ts.map +1 -1
package/dist/web/analytics/weekly-report.js +21 -29
package/dist/web/analytics/weekly-report.js.map +1 -1
package/dist/web/routes/patch.d.ts.map +1 -1
package/dist/web/routes/patch.js +32 -2
package/dist/web/routes/patch.js.map +1 -1
package/dist/web/routes/sessions.d.ts.map +1 -1
package/dist/web/routes/sessions.js +9 -7
package/dist/web/routes/sessions.js.map +1 -1
package/dist/web/routes/trace.d.ts.map +1 -1
package/dist/web/routes/trace.js +2 -3
package/dist/web/routes/trace.js.map +1 -1
package/dist/web/server.d.ts.map +1 -1
package/dist/web/server.js +3 -2
package/dist/web/server.js.map +1 -1
package/package.json +12 -2
package/scripts/postinstall.cjs +21 -0
package/.claude/CLAUDE.md +0 -17
package/.eslintrc.js +0 -23
package/.prettierrc +0 -8
package/ARCHITECTURE_ISSUES.md +0 -249
package/CLAUDE.md +0 -265
package/CLAUDE.md.backup +0 -488
package/docs/concurrent-agents.md +0 -129
package/docs/design/architecture-review-20260516.md +0 -232
package/docs/design/fix-skills-data-and-set-leak-spec-20260516-1300.md +0 -219
package/docs/design/h1-storage-aggregation-spec-20260518-1121.md +0 -299
package/docs/design/h2-getdatabase-encapsulation-spec-20260518-1450.md +0 -191
package/docs/design/h3-fallback-removal-spec-20260518-1245.md +0 -76
package/docs/design/h4-index-dedup-spec-20260518-1230.md +0 -109
package/docs/design/h6-services-migration-spec-20260518-1355.md +0 -82
package/docs/design/hook-failure-queue-spec-20260516-1530.md +0 -204
package/docs/design/l1-swarm-protocol-extract-spec-20260518-1605.md +0 -106
package/docs/design/m10-forge-paths-spec-20260518-1320.md +0 -121
package/docs/design/m2-m3-tool-input-spec-20260518-1425.md +0 -131
package/docs/design/m7-routing-event-association-spec-20260518-1545.md +0 -103
package/docs/design/project-path-gitroot-spec-20260518-1715.md +0 -134
package/docs/design/refactor-phase1-spec-20260515-1600.md +0 -543
package/docs/design/refactor-phase2-spec-20260515-1700.md +0 -424
package/docs/design/task-active-gc-spec-20260518-1745.md +0 -146
package/docs/design/tasks-list-filter-pagination-spec-20260518-0930.md +0 -208
package/docs/implementation/fix-skills-data-and-set-leak-changelog-20260516-1300.md +0 -104
package/docs/implementation/h1-storage-aggregation-changelog-20260518-1121.md +0 -82
package/docs/implementation/h2-final-changelog-20260518-1530.md +0 -61
package/docs/implementation/h2-phase1-safety-net-changelog-20260518-1450.md +0 -70
package/docs/implementation/h2-phase2-operations-changelog-20260518-1450.md +0 -120
package/docs/implementation/h2-phase3-callsites-changelog-20260518-1450.md +0 -71
package/docs/implementation/h3-fallback-removal-changelog-20260518-1245.md +0 -71
package/docs/implementation/h4-index-dedup-changelog-20260518-1230.md +0 -60
package/docs/implementation/h6-services-migration-changelog-20260518-1355.md +0 -46
package/docs/implementation/h7-m9-defaults-changelog-20260518-1300.md +0 -46
package/docs/implementation/hook-failure-queue-changelog-20260516-1530.md +0 -196
package/docs/implementation/hotfix-daemon-event-reject-20260516-1430.md +0 -56
package/docs/implementation/l1-swarm-protocol-extract-changelog-20260518-1605.md +0 -45
package/docs/implementation/l3-l4-daemon-perf-changelog-20260518-1410.md +0 -63
package/docs/implementation/l6-l8-final-cleanup-changelog-20260518-1640.md +0 -38
package/docs/implementation/m1-m4-m5-l7-cleanup-changelog-20260518-1310.md +0 -58
package/docs/implementation/m10-forge-paths-changelog-20260518-1320.md +0 -60
package/docs/implementation/m2-m3-tool-input-changelog-20260518-1425.md +0 -43
package/docs/implementation/m6-m8-naming-shutdown-changelog-20260518-1340.md +0 -56
package/docs/implementation/m7-routing-association-changelog-20260518-1545.md +0 -69
package/docs/implementation/project-path-gitroot-changelog-20260518-1715.md +0 -63
package/docs/implementation/refactor-phase1-changelog-20260515-1630.md +0 -354
package/docs/implementation/refactor-phase2-changelog-20260515-1705.md +0 -421
package/docs/implementation/task-active-gc-changelog-20260518-1745.md +0 -35
package/docs/implementation/task-title-summary-changelog-20260518-1130.md +0 -39
package/docs/implementation/tasks-detail-back-loses-filters-changelog-20260518-1100.md +0 -22
package/docs/implementation/tasks-list-filter-pagination-changelog-20260518-0930.md +0 -72
package/docs/implementation/tasks-page-white-screen-hotfix-changelog-20260518-1015.md +0 -56
package/docs/reviews/claudemd-template-sync.md +0 -54
package/docs/reviews/task-title-summary.md +0 -92
package/docs/reviews/tasks-detail-back-loses-filters.md +0 -58
package/docs/reviews/tasks-filter-pagination.md +0 -80
package/docs/reviews/tasks-page-white-screen-hotfix.md +0 -126
package/docs/ruflo-learning-strategy.md +0 -322
package/docs/skills-deduplication-analysis.md +0 -83
package/docs/skills-multiformat-support.md +0 -177
package/docs/skills-third-party.md +0 -183
package/docs/testing/tasks-filter-pagination-test-report.md +0 -86
package/forge +0 -321
package/playwright.config.ts +0 -40
package/scripts/demo-v2.ts +0 -91
package/scripts/dev-daemon.sh +0 -232
package/scripts/dev-web.ts +0 -109
package/scripts/e2e-mcp-link.ts +0 -423
package/scripts/e2e-methodology-quality.ts +0 -253
package/scripts/e2e-routing.ts +0 -456
package/scripts/e2e-user-methodology.ts +0 -326
package/scripts/e2e-web-workflows.ts +0 -299
package/scripts/migrate-legacy-to-dynamic.sql +0 -108
package/scripts/regenerate-execution-docs.ts +0 -116
package/scripts/sync-agent-skills.ts +0 -193
package/scripts/test-hook.sh +0 -71
package/scripts/verify-skill-loading.ts +0 -62
package/src/claudemd/claudemd-generator.ts +0 -568
package/src/claudemd/convention-extractor.ts +0 -69
package/src/claudemd/index.ts +0 -35
package/src/claudemd/persona-manager.ts +0 -88
package/src/claudemd/resume-manager.ts +0 -236
package/src/claudemd/tech-detector.ts +0 -220
package/src/claudemd/templates/swarm-protocol.md +0 -222
package/src/cli/commands/claudemd.ts +0 -84
package/src/cli/commands/config.ts +0 -46
package/src/cli/commands/daemon.ts +0 -310
package/src/cli/commands/executions.ts +0 -115
package/src/cli/commands/init.ts +0 -204
package/src/cli/commands/logs.ts +0 -181
package/src/cli/commands/mcp.ts +0 -242
package/src/cli/commands/menu.ts +0 -357
package/src/cli/commands/skills.ts +0 -185
package/src/cli/commands/stats.ts +0 -73
package/src/cli/commands/status.ts +0 -69
package/src/cli/commands/template.ts +0 -77
package/src/cli/commands/trace.ts +0 -148
package/src/cli/index.ts +0 -42
package/src/cli/init/hook-manager.ts +0 -132
package/src/core/ai/provider.ts +0 -308
package/src/core/ai/types.ts +0 -51
package/src/core/config.ts +0 -124
package/src/core/constants.ts +0 -62
package/src/core/event-fields.ts +0 -32
package/src/core/queue/index.ts +0 -192
package/src/core/storage/base.ts +0 -302
package/src/core/storage/events.ts +0 -434
package/src/core/storage/injections.ts +0 -78
package/src/core/storage/maintenance.ts +0 -59
package/src/core/storage/migrations/002_add_skill_tracking.sql +0 -6
package/src/core/storage/migrations/003_add_skill_invocations.sql +0 -23
package/src/core/storage/performance-indexes.sql +0 -23
package/src/core/storage/routing.ts +0 -322
package/src/core/storage/rows.ts +0 -112
package/src/core/storage/schema.sql +0 -224
package/src/core/storage/sessions.ts +0 -168
package/src/core/storage/skills.ts +0 -233
package/src/core/storage/sqlite.ts +0 -293
package/src/core/storage/tasks.ts +0 -318
package/src/core/storage/token-usage.ts +0 -93
package/src/core/types.ts +0 -181
package/src/core/utils/error-handler.ts +0 -257
package/src/core/utils/forge-resume-block.ts +0 -74
package/src/core/utils/format.ts +0 -69
package/src/core/utils/git.ts +0 -23
package/src/core/utils/logger.ts +0 -134
package/src/core/utils/lru-cache.ts +0 -54
package/src/core/utils/path.ts +0 -19
package/src/core/utils/session.ts +0 -26
package/src/core/utils/time.ts +0 -37
package/src/core/utils/token-tracker.ts +0 -97
package/src/daemon/event-parser.ts +0 -36
package/src/daemon/handlers/history-exporter.ts +0 -117
package/src/daemon/handlers/post-tool-use.ts +0 -54
package/src/daemon/handlers/stop.ts +0 -208
package/src/daemon/handlers/user-prompt.ts +0 -178
package/src/daemon/hook-sync.ts +0 -91
package/src/daemon/index.ts +0 -302
package/src/daemon/launchd/com.claude-forge.daemon.plist.template +0 -47
package/src/daemon/launchd-installer.ts +0 -260
package/src/daemon/lifecycle.ts +0 -128
package/src/daemon/router.ts +0 -40
package/src/daemon/server.ts +0 -196
package/src/daemon/services/task-segmenter.ts +0 -112
package/src/hooks/hook-lib.sh +0 -118
package/src/hooks/notification.sh +0 -35
package/src/hooks/post-tool-use.sh +0 -61
package/src/hooks/pre-tool-use.sh +0 -63
package/src/hooks/stop.sh +0 -43
package/src/hooks/user-prompt-submit.sh +0 -69
package/src/mcp/server.ts +0 -322
package/src/skills/index.ts +0 -2
package/src/skills/invocation-guard.ts +0 -177
package/src/skills/matcher.ts +0 -148
package/src/skills/official/code-simplifier.md +0 -16
package/src/skills/official/find-skills.md +0 -23
package/src/skills/official/official-api-design.md +0 -17
package/src/skills/official/official-architecture-decision.md +0 -20
package/src/skills/official/official-bmad.md +0 -118
package/src/skills/official/official-db-schema-design.md +0 -16
package/src/skills/official/official-debug.md +0 -17
package/src/skills/official/official-doc-driven.md +0 -31
package/src/skills/official/official-harness-engineering.md +0 -108
package/src/skills/official/official-performance-optimization.md +0 -30
package/src/skills/official/official-pr-review.md +0 -35
package/src/skills/official/official-release-checklist.md +0 -30
package/src/skills/official/official-security-hardening.md +0 -26
package/src/skills/official/official-spec-driven-design.md +0 -31
package/src/skills/official/planning-with-files.md +0 -37
package/src/skills/official/ui-ux-pro-max.md +0 -18
package/src/skills/official/webapp-testing.md +0 -12
package/src/skills/official-skills.ts +0 -89
package/src/skills/registry.ts +0 -355
package/src/skills/semantic-matcher.ts +0 -231
package/src/skills/tools/pipeline-suggest.ts +0 -226
package/src/skills/tools/skill-invoke.ts +0 -168
package/src/skills/tools/skill-list.ts +0 -59
package/src/templates/go.yaml +0 -53
package/src/templates/python.yaml +0 -59
package/src/templates/react.yaml +0 -55
package/src/templates/template-manager.ts +0 -170
package/src/web/analytics/anti-pattern-detector.ts +0 -367
package/src/web/analytics/drift-detector.ts +0 -219
package/src/web/analytics/weekly-report.ts +0 -431
package/src/web/auth-middleware.ts +0 -54
package/src/web/routes/_helpers.ts +0 -34
package/src/web/routes/ai.ts +0 -204
package/src/web/routes/auth.ts +0 -22
package/src/web/routes/drift.ts +0 -25
package/src/web/routes/error-handler.ts +0 -120
package/src/web/routes/events.ts +0 -47
package/src/web/routes/insights.ts +0 -43
package/src/web/routes/patch.ts +0 -117
package/src/web/routes/reports.ts +0 -34
package/src/web/routes/rules.ts +0 -76
package/src/web/routes/sessions.ts +0 -250
package/src/web/routes/skill-stats.ts +0 -92
package/src/web/routes/skills.ts +0 -350
package/src/web/routes/static.ts +0 -67
package/src/web/routes/stats.ts +0 -50
package/src/web/routes/status.ts +0 -30
package/src/web/routes/tasks.ts +0 -193
package/src/web/routes/token-usage.ts +0 -20
package/src/web/routes/trace.ts +0 -126
package/src/web/routes/types.ts +0 -57
package/src/web/server.ts +0 -134
package/src/web/ssrf-guard.ts +0 -112
package/src/web/static/index.html +0 -3251
package/src/web/static/vendor/chart.umd.min.js +0 -20
package/tests/e2e/dashboard.spec.ts +0 -205
package/tests/e2e/routing-skill-e2e.test.ts +0 -39
package/tests/helpers/mock-ai.ts +0 -92
package/tests/helpers/mock-storage.ts +0 -159
package/tests/integration/claudemd-generator.test.ts +0 -90
package/tests/integration/queue-replay.integration.test.ts +0 -193
package/tests/integration/tasks-filter.integration.test.ts +0 -154
package/tests/integration/web-analytics.integration.test.ts +0 -133
package/tests/integration/web-stats.integration.test.ts +0 -135
package/tests/integration/web-trace.integration.test.ts +0 -175
package/tests/performance/database.benchmark.ts +0 -161
package/tests/semantic-matcher.test.ts +0 -99
package/tests/skill-matcher.test.ts +0 -110
package/tests/unit/ai-provider-retry.test.ts +0 -194
package/tests/unit/ai-provider-vision.test.ts +0 -224
package/tests/unit/claudemd-generator.test.ts +0 -68
package/tests/unit/cli-mcp.test.ts +0 -141
package/tests/unit/core/forge-paths.test.ts +0 -99
package/tests/unit/daemon/hook-sync.test.ts +0 -71
package/tests/unit/daemon/post-tool-use.test.ts +0 -121
package/tests/unit/daemon/stop-handler-behavior-summary.test.ts +0 -202
package/tests/unit/daemon/task-segmenter-recover.test.ts +0 -84
package/tests/unit/event-fields.test.ts +0 -88
package/tests/unit/event-parser.test.ts +0 -55
package/tests/unit/handlers.test.ts +0 -171
package/tests/unit/hooks/resolve-project-path.test.ts +0 -122
package/tests/unit/invocation-guard.test.ts +0 -125
package/tests/unit/queue.test.ts +0 -272
package/tests/unit/router.test.ts +0 -138
package/tests/unit/security.test.ts +0 -128
package/tests/unit/skill-invocations-workflow.test.ts +0 -495
package/tests/unit/skill-registry.test.ts +0 -94
package/tests/unit/skills/invocation-guard-ttl.test.ts +0 -211
package/tests/unit/skills/official-skills-loader.test.ts +0 -126
package/tests/unit/skills/registry-multiformat.test.ts +0 -92
package/tests/unit/socket-server.test.ts +0 -183
package/tests/unit/storage/event-operations-aggregates.test.ts +0 -342
package/tests/unit/storage/migration-idempotent.test.ts +0 -304
package/tests/unit/storage/routing-aggregates.test.ts +0 -276
package/tests/unit/storage/routing.test.ts +0 -117
package/tests/unit/storage/schema-missing.test.ts +0 -81
package/tests/unit/storage/session-operations-aggregates.test.ts +0 -120
package/tests/unit/storage/sessions-aggregate.test.ts +0 -435
package/tests/unit/storage/skill-operations-counts.test.ts +0 -106
package/tests/unit/storage/skills-aggregates.test.ts +0 -104
package/tests/unit/storage/sqlite-refactor-harness.test.ts +0 -314
package/tests/unit/storage/task-operations-counts.test.ts +0 -46
package/tests/unit/storage/tasks-getById.test.ts +0 -343
package/tests/unit/storage/tasks-stale-gc.test.ts +0 -86
package/tests/unit/storage.test.ts +0 -172
package/tests/unit/token-usage.test.ts +0 -144
package/tests/unit/type-guards.test.ts +0 -201
package/tests/unit/utils/format.test.ts +0 -189
package/tests/unit/utils/session.test.ts +0 -89
package/tests/unit/utils/time.test.ts +0 -112
package/tests/unit/web/navigation-back-contract.test.ts +0 -134
package/tests/unit/web/routes-auth.test.ts +0 -93
package/tests/unit/web/routes-events.test.ts +0 -101
package/tests/unit/web/routes-rules.test.ts +0 -182
package/tests/unit/web/routes-sessions.test.ts +0 -181
package/tests/unit/web/routes-skill-stats.test.ts +0 -179
package/tests/unit/web/routes-stats.test.ts +0 -92
package/tests/unit/web/routes-tasks.test.ts +0 -385
package/tests/unit/web/task-title-contract.test.ts +0 -210
package/tests/unit/web/tasks-component-contract.test.ts +0 -179
package/tsconfig.json +0 -22
package/vitest.config.ts +0 -21
package/vitest.integration.config.ts +0 -16
package/web/CLAUDE.md +0 -20
package/web/index.html +0 -13
package/web/package-lock.json +0 -4854
package/web/package.json +0 -35
package/web/postcss.config.js +0 -6
package/web/src/App.tsx +0 -110
package/web/src/components/CodeBlock.tsx +0 -31
package/web/src/components/Confirm.tsx +0 -96
package/web/src/components/Drawer.tsx +0 -60
package/web/src/components/Layout.tsx +0 -145
package/web/src/components/MarkdownRenderer.tsx +0 -77
package/web/src/components/SearchInput.tsx +0 -31
package/web/src/components/SessionDetailContent.tsx +0 -157
package/web/src/components/Toast.tsx +0 -92
package/web/src/index.css +0 -19
package/web/src/main.tsx +0 -31
package/web/src/pages/AIConfig.tsx +0 -233
package/web/src/pages/Dashboard.tsx +0 -572
package/web/src/pages/Events.tsx +0 -271
package/web/src/pages/Reports.tsx +0 -428
package/web/src/pages/SessionDetail.tsx +0 -162
package/web/src/pages/Sessions.tsx +0 -205
package/web/src/pages/Skills.tsx +0 -180
package/web/src/pages/TaskDetail.tsx +0 -515
package/web/src/pages/Tasks.tsx +0 -415
package/web/src/utils/auth.ts +0 -59
package/web/src/utils/export.ts +0 -54
package/web/src/utils/navigation.ts +0 -25
package/web/src/utils/task-title.ts +0 -49
package/web/src/utils/time.ts +0 -13
package/web/tailwind.config.js +0 -11
package/web/tsconfig.json +0 -21
package/web/tsconfig.node.json +0 -10
package/web/vite.config.ts +0 -76
package/winspan-claude-forge-8.43.0.tgz +0 -0

package/src/web/ssrf-guard.ts DELETED Viewed

@@ -1,112 +0,0 @@
-/**
- * SSRF 防护 — Web API 对外 fetch 前的 URL 白名单校验
- *
- * 背景：`/api/ai/test` 与 `/api/ai/models` 允许请求方指定上游 `baseUrl`，
- * 若不加约束可被滥用为 SSRF 通道（访问 169.254.169.254 / 127.0.0.1 / 内网 API
- * 等），并通过 res.json 回显响应体。此模块统一做协议、主机、白名单校验。
- */
-/** 校验结果 */
-export interface SsrfValidationResult {
-  ok: boolean;
-  error?: string;
-}
-/** 默认允许访问的上游主机（已知 AI 服务商的官方域名） */
-export const DEFAULT_ALLOWED_HOSTS: ReadonlySet<string> = new Set([
-  'api.anthropic.com',
-  'api.openai.com',
-  'generativelanguage.googleapis.com',
-]);
-/** 统一的跨端点 fetch 超时（毫秒） */
-export const UPSTREAM_TIMEOUT_MS = 10_000;
-/** 判断字符串是否为 IPv4 字面量 */
-function isIPv4Literal(host: string): boolean {
-  return /^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/.test(host);
-}
-/** 判断主机是否为 loopback / 保留名 */
-function isLocalhostLike(host: string): boolean {
-  const h = host.toLowerCase();
-  return (
-    h === 'localhost' ||
-    h.endsWith('.localhost') ||
-    h === '0.0.0.0' ||
-    h === '::' ||
-    h === '::1'
-  );
-}
-/**
- * 校验用户提供的 baseUrl 是否允许被 daemon 代为访问。
- *
- * 规则：
- * 1. 必须能解析为 URL；
- * 2. 协议必须是 http 或 https；
- * 3. 禁止 IPv4 / IPv6 字面量、localhost 等本机/内网地址；
- * 4. 主机必须在默认白名单或 extraHosts 中。
- *
- * @param baseUrl 待校验的 URL
- * @param extraHosts 额外允许的主机（通常来自 config.yaml 里已配置的 base_url）
- */
-export function validateBaseUrl(
-  baseUrl: unknown,
-  extraHosts: Iterable<string> = [],
-): SsrfValidationResult {
-  if (typeof baseUrl !== 'string' || baseUrl.length === 0) {
-    return { ok: false, error: 'baseUrl is required' };
-  }
-  let parsed: URL;
-  try {
-    parsed = new URL(baseUrl);
-  } catch {
-    return { ok: false, error: 'Invalid URL' };
-  }
-  if (parsed.protocol !== 'https:' && parsed.protocol !== 'http:') {
-    return { ok: false, error: 'Only http/https protocols allowed' };
-  }
-  const host = parsed.hostname.toLowerCase();
-  if (isIPv4Literal(host)) {
-    return { ok: false, error: 'Direct IP access blocked (SSRF protection)' };
-  }
-  // URL parser strips brackets from IPv6 hostname; detect by ':' or '::'
-  if (host.includes(':')) {
-    return { ok: false, error: 'Direct IPv6 access blocked (SSRF protection)' };
-  }
-  if (isLocalhostLike(host)) {
-    return { ok: false, error: 'localhost access blocked (SSRF protection)' };
-  }
-  const allowed = new Set<string>(DEFAULT_ALLOWED_HOSTS);
-  for (const extra of extraHosts) {
-    if (extra) allowed.add(extra.toLowerCase());
-  }
-  if (!allowed.has(host)) {
-    return {
-      ok: false,
-      error: `Host ${host} not in allowlist. Allowed: ${[...allowed].sort().join(', ')}`,
-    };
-  }
-  return { ok: true };
-}
-/**
- * 从已配置的 base_url 中提取主机名，作为额外允许项。
- * 无效/为空返回 null，调用方可忽略。
- */
-export function extractHostFromBaseUrl(baseUrl: string | undefined | null): string | null {
-  if (!baseUrl) return null;
-  try {
-    return new URL(baseUrl).hostname.toLowerCase();
-  } catch {
-    return null;
-  }
-}