@wrongstack/webui 0.63.4 → 0.66.13

package/dist/server/index.js

@@ -1,6 +1,6 @@
 // src/server/index.ts
-import * as fs2 from "fs/promises";
-import * as path2 from "path";
+import * as fs4 from "fs/promises";
+import * as path4 from "path";
 
 // src/server/http-server.ts
 import * as fs from "fs/promises";
@@ -15,6 +15,16 @@ var MIME_TYPES = {
   ".png": "image/png",
   ".ico": "image/x-icon"
 };
+function injectWsPort(html, wsPort) {
+  const tag = `<meta name="wrongstack-ws-port" content="${wsPort}" />`;
+  if (html.includes('name="wrongstack-ws-port"')) return html;
+  if (html.includes("</head>")) {
+    return html.replace("</head>", `  ${tag}
+  </head>`);
+  }
+  return `${tag}
+${html}`;
+}
 function buildCspHeader(wsPort) {
   return `default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws://127.0.0.1:${wsPort} wss://127.0.0.1:${wsPort} ws://[::1]:${wsPort} wss://[::1]:${wsPort}; img-src 'self' data:; font-src 'self' data:; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'`;
 }
@@ -55,6 +65,10 @@ function createHttpServer(opts) {
       if (ext === ".html") {
         res.setHeader("Cache-Control", "no-cache");
         res.setHeader("Content-Security-Policy", buildCspHeader(wsPort));
+        const html = await fs.readFile(resolvedPath, "utf8");
+        res.writeHead(200);
+        res.end(injectWsPort(html, wsPort));
+        return;
       }
       const fileContent = await fs.readFile(resolvedPath);
       res.writeHead(200);
@@ -62,7 +76,7 @@ function createHttpServer(opts) {
     } catch (err) {
       if (err.code === "ENOENT") {
         try {
-          const fileContent = await fs.readFile(path.join(distDir, "index.html"));
+          const html = await fs.readFile(path.join(distDir, "index.html"), "utf8");
           res.writeHead(200, {
             "Content-Type": "text/html",
             "X-Content-Type-Options": "nosniff",
@@ -70,7 +84,7 @@ function createHttpServer(opts) {
             "Referrer-Policy": "strict-origin-when-cross-origin",
             "Content-Security-Policy": buildCspHeader(wsPort)
           });
-          res.end(fileContent);
+          res.end(injectWsPort(html, wsPort));
         } catch {
           res.writeHead(404);
           res.end("Not found");
@@ -154,7 +168,7 @@ import {
   ProviderRegistry,
   TOKENS as TOKENS2,
   ToolRegistry,
-  atomicWrite,
+  atomicWrite as atomicWrite3,
   createDefaultPipelines,
   DEFAULT_CONTEXT_WINDOW_MODE_ID,
   DEFAULT_TOOLS_CONFIG,
@@ -163,11 +177,9 @@ import {
   resolveContextWindowPolicy
 } from "@wrongstack/core";
 import { ToolExecutor } from "@wrongstack/core/execution";
-import { decryptConfigSecrets, encryptConfigSecrets } from "@wrongstack/core/security";
 import { buildProviderFactoriesFromRegistry, makeProviderFromConfig } from "@wrongstack/providers";
 import { builtinToolsPack, forgetTool, rememberTool } from "@wrongstack/tools";
-import { WebSocket, WebSocketServer } from "ws";
-import { randomBytes } from "crypto";
+import { WebSocketServer } from "ws";
 
 // ../runtime/src/container.ts
 import {
@@ -227,6 +239,7 @@ function createDefaultContainer(opts) {
       trustFile: wpaths.projectTrust,
       yolo: opts.permission?.yolo ?? false,
       yoloDestructive: opts.permission?.yoloDestructive ?? opts.permission?.forceAllYolo ?? false,
+      confirmDestructive: opts.permission?.confirmDestructive ?? false,
       promptDelegate: opts.permission?.promptDelegate
     })
   );
@@ -1446,6 +1459,13 @@ function createShutdown(res) {
     }
     for (const ws of res.clients()) ws.close();
     for (const server of res.servers) server?.close();
+    if (res.onShutdown) {
+      try {
+        await res.onShutdown();
+      } catch (e) {
+        log(`[WebUI] Error during shutdown cleanup: ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
     exit(0);
   };
 }
@@ -1459,6 +1479,138 @@ function registerShutdownHandlers(res) {
   };
 }
 
+// src/server/instance-registry.ts
+import * as os from "os";
+import * as path2 from "path";
+import * as fs2 from "fs/promises";
+import { atomicWrite } from "@wrongstack/core";
+function defaultBaseDir() {
+  return path2.join(os.homedir(), ".wrongstack");
+}
+function registryPath(baseDir = defaultBaseDir()) {
+  return path2.join(baseDir, "webui-instances.json");
+}
+function isPidAlive(pid) {
+  if (!Number.isInteger(pid) || pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err.code !== "ESRCH";
+  }
+}
+async function load(file) {
+  try {
+    const raw = await fs2.readFile(file, "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed?.version === 1 && Array.isArray(parsed.instances)) {
+      return parsed;
+    }
+  } catch {
+  }
+  return { version: 1, instances: [] };
+}
+async function save(file, instances) {
+  await atomicWrite(file, `${JSON.stringify({ version: 1, instances }, null, 2)}
+`, {
+    mode: 384
+  });
+}
+function prune(instances, excludePid) {
+  return instances.filter((i) => i.pid !== excludePid && isPidAlive(i.pid));
+}
+async function registerInstance(record, baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const instances = prune(data.instances, record.pid);
+  instances.push(record);
+  await save(file, instances);
+}
+async function unregisterInstance(pid, baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const instances = prune(data.instances, pid);
+  await save(file, instances);
+}
+async function listInstances(baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const live = prune(data.instances);
+  if (live.length !== data.instances.length) {
+    await save(file, live).catch(() => {
+    });
+  }
+  return live;
+}
+function formatInstances(instances) {
+  if (instances.length === 0) {
+    return "No WebUI instances are currently running.";
+  }
+  const lines = [`Running WebUI instances (${instances.length}):`, ""];
+  for (const i of instances) {
+    lines.push(
+      `  \u2022 ${i.url}  \xB7  ws:${i.wsPort}  \xB7  pid ${i.pid}`,
+      `      project: ${i.projectName}  (${i.projectRoot})`,
+      `      since:   ${i.startedAt}`
+    );
+  }
+  return lines.join("\n");
+}
+
+// src/server/port-utils.ts
+import * as net from "net";
+function isPortFree(host, port) {
+  return new Promise((resolve3) => {
+    const srv = net.createServer();
+    srv.once("error", () => resolve3(false));
+    srv.once("listening", () => {
+      srv.close(() => resolve3(true));
+    });
+    try {
+      srv.listen(port, host);
+    } catch {
+      resolve3(false);
+    }
+  });
+}
+async function findFreePort(host, startPort, opts = {}) {
+  const exclude = opts.exclude ?? /* @__PURE__ */ new Set();
+  const maxTries = opts.maxTries ?? 200;
+  let port = startPort;
+  for (let i = 0; i < maxTries; i++) {
+    if (port > 65535) port = 1024 + port % 5e4;
+    if (!exclude.has(port) && await isPortFree(host, port)) {
+      return port;
+    }
+    port++;
+  }
+  throw new Error(
+    `No free port found near ${startPort} on ${host} after ${maxTries} attempts.`
+  );
+}
+
+// src/server/open-browser.ts
+import { spawn } from "child_process";
+function browserOpenCommand(url, platform = process.platform) {
+  if (platform === "win32") {
+    return { command: "cmd", args: ["/c", "start", "", url] };
+  }
+  if (platform === "darwin") {
+    return { command: "open", args: [url] };
+  }
+  return { command: "xdg-open", args: [url] };
+}
+function openBrowser(url, platform = process.platform) {
+  try {
+    const { command, args } = browserOpenCommand(url, platform);
+    const child = spawn(command, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {
+    });
+    child.unref();
+  } catch {
+  }
+}
+
 // src/server/usage-cost.ts
 function getCostRates(model) {
   const cost = model?.cost;
@@ -1567,6 +1719,97 @@ function removeProvider(providers, providerId) {
   return { ok: true, message: `Provider "${providerId}" removed` };
 }
 
+// src/server/provider-config-io.ts
+import * as fs3 from "fs/promises";
+import * as path3 from "path";
+import { atomicWrite as atomicWrite2 } from "@wrongstack/core";
+import { decryptConfigSecrets, encryptConfigSecrets } from "@wrongstack/core/security";
+import { DefaultSecretVault } from "@wrongstack/core";
+async function loadSavedProviders(configPath, vault) {
+  let raw;
+  try {
+    raw = await fs3.readFile(configPath, "utf8");
+  } catch {
+    return {};
+  }
+  let parsed = {};
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return {};
+  }
+  if (!parsed.providers) return {};
+  return decryptConfigSecrets(parsed.providers, vault);
+}
+async function saveProviders(configPath, vault, providers) {
+  let raw;
+  let fileExists = true;
+  try {
+    raw = await fs3.readFile(configPath, "utf8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw new Error(
+        `Refusing to mutate ${configPath}: ${err.message}`,
+        { cause: err }
+      );
+    }
+    fileExists = false;
+    raw = "{}";
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    if (fileExists) {
+      throw new Error(
+        `Refusing to overwrite corrupt config at ${configPath} (${err.message}). Fix or move the file aside before retrying.`,
+        { cause: err }
+      );
+    }
+    parsed = {};
+  }
+  parsed.providers = providers;
+  const encrypted = encryptConfigSecrets(parsed, vault);
+  await atomicWrite2(configPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
+}
+function createProviderConfigIO(configPath) {
+  const keyFile = path3.join(path3.dirname(configPath), ".key");
+  const vault = new DefaultSecretVault({ keyFile });
+  return {
+    load: () => loadSavedProviders(configPath, vault),
+    save: (providers) => saveProviders(configPath, vault, providers)
+  };
+}
+
+// src/server/ws-utils.ts
+import { randomBytes } from "crypto";
+import { WebSocket } from "ws";
+function send(ws, msg) {
+  if (ws.readyState === WebSocket.OPEN) {
+    ws.send(JSON.stringify(msg));
+  }
+}
+function broadcast(clients, msg) {
+  const data = JSON.stringify(msg);
+  for (const [ws] of clients) {
+    if (ws.readyState === WebSocket.OPEN) {
+      try {
+        ws.send(data);
+      } catch {
+      }
+    }
+  }
+}
+function sendResult(ws, success, message) {
+  send(ws, { type: "key.operation_result", payload: { success, message } });
+}
+function errMessage(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+function generateAuthToken() {
+  return randomBytes(16).toString("hex");
+}
+
 // src/server/token-estimator.ts
 function estimateTokens(s) {
   return Math.ceil(s.length / 4);
@@ -1625,12 +1868,23 @@ function estimateContextBreakdown(input) {
 }
 
 // src/server/index.ts
-function errMessage(err) {
-  return err instanceof Error ? err.message : String(err);
-}
 async function startWebUI(opts = {}) {
-  const wsPort = opts.wsPort ?? 3457;
+  const requestedWsPort = opts.wsPort ?? 3457;
   const wsHost = opts.wsHost ?? "127.0.0.1";
+  const requestedHttpPort = Number.parseInt(process.env["PORT"] ?? "3456", 10);
+  const strictPort = process.env["WEBUI_STRICT_PORT"] === "1" || process.env["WEBUI_STRICT_PORT"] === "true";
+  let wsPort = requestedWsPort;
+  let httpPort = requestedHttpPort;
+  if (!strictPort) {
+    httpPort = await findFreePort(wsHost, requestedHttpPort);
+    wsPort = await findFreePort(wsHost, requestedWsPort, { exclude: /* @__PURE__ */ new Set([httpPort]) });
+    if (httpPort !== requestedHttpPort) {
+      console.warn(`[WebUI] HTTP port ${requestedHttpPort} in use \u2192 using ${httpPort}`);
+    }
+    if (wsPort !== requestedWsPort) {
+      console.warn(`[WebUI] WS port ${requestedWsPort} in use \u2192 using ${wsPort}`);
+    }
+  }
   console.log("[WebUI] Starting backend services...");
   const boot = await bootConfig();
   const { config: baseConfig, vault, globalConfigPath, projectRoot, wpaths, logger } = boot;
@@ -1884,14 +2138,14 @@ async function startWebUI(opts = {}) {
       inputCost,
       outputCost,
       cacheReadCost,
-      projectName: path2.basename(projectRoot) || projectRoot,
+      projectName: path4.basename(projectRoot) || projectRoot,
       cwd: projectRoot,
       mode: modeId,
       contextMode: String(context.meta["contextWindowMode"] ?? DEFAULT_CONTEXT_WINDOW_MODE_ID),
       wsToken
     };
   }
-  const wsToken = randomBytes(16).toString("hex");
+  const wsToken = generateAuthToken();
   console.log(`[WebUI] WS auth token: ${wsToken.slice(0, 4)}\u2026${wsToken.slice(-4)} (masked)`);
   const verifyClient2 = (info) => verifyClient({
     origin: info.origin,
@@ -1915,10 +2169,11 @@ async function startWebUI(opts = {}) {
     maxPayload: WS_MAX_PAYLOAD
   }) : null;
   const clients = /* @__PURE__ */ new Map();
-  const RATE_LIMIT_MESSAGES = 60;
+  const RATE_LIMIT_MESSAGES = Number.parseInt(process.env["WEBUI_RATE_LIMIT"] ?? "0", 10);
   const RATE_LIMIT_WINDOW_MS = 6e4;
   const rateLimits = /* @__PURE__ */ new Map();
   function checkRateLimit(ws, client) {
+    if (RATE_LIMIT_MESSAGES <= 0) return true;
     const now = Date.now();
     const key = client.sessionId ?? String(ws);
     const limit = rateLimits.get(key);
@@ -1937,25 +2192,25 @@ async function startWebUI(opts = {}) {
   const pendingConfirms = /* @__PURE__ */ new Map();
   function setupEvents() {
     events.on("iteration.started", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "iteration.started",
         payload: { index: e.index, maxIterations: config.tools?.maxIterations ?? 100 }
       });
     });
     events.on("provider.text_delta", (e) => {
-      broadcast({ type: "provider.text_delta", payload: { text: e.text, messageId: "current" } });
+      broadcast(clients, { type: "provider.text_delta", payload: { text: e.text, messageId: "current" } });
     });
     events.on("provider.thinking_delta", (e) => {
-      broadcast({ type: "provider.thinking_delta", payload: { text: e.text } });
+      broadcast(clients, { type: "provider.thinking_delta", payload: { text: e.text } });
     });
     events.on("tool.started", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "tool.started",
         payload: { id: e.id, name: e.name, input: e.input, messageId: `tool_${e.id}` }
       });
     });
     events.on("tool.progress", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "tool.progress",
         payload: {
           id: e.id,
@@ -1966,7 +2221,7 @@ async function startWebUI(opts = {}) {
       });
     });
     events.on("tool.executed", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "tool.executed",
         payload: {
           // Forward the tool_use id so frontend can correlate with the
@@ -1981,13 +2236,13 @@ async function startWebUI(opts = {}) {
           output: e.output
         }
       });
-      broadcast({
+      broadcast(clients, {
         type: "todos.updated",
         payload: { todos: [...context.todos] }
       });
     });
     events.on("provider.response", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "provider.response",
         payload: {
           usage: e.usage,
@@ -1997,7 +2252,7 @@ async function startWebUI(opts = {}) {
       });
     });
     events.on("context.repaired", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "context.repaired",
         payload: {
           removedToolUses: e.removedToolUses,
@@ -2009,7 +2264,7 @@ async function startWebUI(opts = {}) {
     events.on("tool.confirm_needed", (e) => {
       const id = e.toolUseId ?? `confirm_${Date.now()}`;
       pendingConfirms.set(id, e.resolve);
-      broadcast({
+      broadcast(clients, {
         type: "tool.confirm_needed",
         payload: {
           id,
@@ -2020,7 +2275,7 @@ async function startWebUI(opts = {}) {
       });
     });
     events.on("error", (e) => {
-      broadcast({
+      broadcast(clients, {
         type: "error",
         payload: {
           phase: e.phase,
@@ -2028,19 +2283,71 @@ async function startWebUI(opts = {}) {
         }
       });
     });
-  }
-  function send(ws, msg) {
-    if (ws.readyState === WebSocket.OPEN) {
-      ws.send(JSON.stringify(msg));
-    }
-  }
-  function broadcast(msg) {
-    const data = JSON.stringify(msg);
-    for (const [ws] of clients) {
-      if (ws.readyState === WebSocket.OPEN) {
-        ws.send(data);
-      }
-    }
+    const forwardSubagent = (kind, payload) => broadcast(clients, { type: "subagent.event", payload: { kind, ...payload } });
+    events.on(
+      "subagent.spawned",
+      (e) => forwardSubagent("spawned", {
+        subagentId: e.subagentId,
+        taskId: e.taskId,
+        name: e.name,
+        provider: e.provider,
+        model: e.model,
+        description: e.description
+      })
+    );
+    events.on(
+      "subagent.task_started",
+      (e) => forwardSubagent("task_started", {
+        subagentId: e.subagentId,
+        taskId: e.taskId,
+        description: e.description
+      })
+    );
+    events.on(
+      "subagent.tool_executed",
+      (e) => forwardSubagent("tool_executed", {
+        subagentId: e.subagentId,
+        toolName: e.name,
+        durationMs: e.durationMs,
+        ok: e.ok
+      })
+    );
+    events.on(
+      "subagent.iteration_summary",
+      (e) => forwardSubagent("iteration_summary", {
+        subagentId: e.subagentId,
+        iteration: e.iteration,
+        toolCalls: e.toolCalls,
+        costUsd: e.costUsd,
+        currentTool: e.currentTool
+      })
+    );
+    events.on(
+      "subagent.budget_extended",
+      (e) => forwardSubagent("budget_extended", {
+        subagentId: e.subagentId,
+        totalExtensions: e.totalExtensions
+      })
+    );
+    events.on(
+      "subagent.ctx_pct",
+      (e) => forwardSubagent("ctx_pct", {
+        subagentId: e.subagentId,
+        load: e.load,
+        tokens: e.tokens,
+        maxContext: e.maxContext
+      })
+    );
+    events.on(
+      "subagent.task_completed",
+      (e) => forwardSubagent("task_completed", {
+        subagentId: e.subagentId,
+        status: e.status,
+        iterations: e.iterations,
+        toolCalls: e.toolCalls,
+        error: e.error ? { kind: e.error.kind, message: e.error.message } : void 0
+      })
+    );
   }
   const handleConnection = (ws) => {
     const client = { ws, sessionId: session.id, connectedAt: Date.now() };
@@ -2184,7 +2491,7 @@ async function startWebUI(opts = {}) {
       }
       case "abort":
         runLock?.abort();
-        broadcast({ type: "error", payload: { phase: "abort", message: "User aborted" } });
+        broadcast(clients, { type: "error", payload: { phase: "abort", message: "User aborted" } });
         break;
       case "ping":
         send(ws, { type: "pong", payload: {} });
@@ -2203,7 +2510,7 @@ async function startWebUI(opts = {}) {
         context.fileMtimes.clear();
         tokenCounter.reset();
         sessionStartedAt = Date.now();
-        broadcast({ type: "session.start", payload: await sessionStartPayload() });
+        broadcast(clients, { type: "session.start", payload: await sessionStartPayload() });
         break;
       }
       case "context.clear": {
@@ -2213,7 +2520,7 @@ async function startWebUI(opts = {}) {
         context.fileMtimes.clear();
         tokenCounter.reset();
         sendResult(ws, true, "Context cleared");
-        broadcast({
+        broadcast(clients, {
           type: "session.start",
           payload: { ...await sessionStartPayload(), reset: true }
         });
@@ -2272,7 +2579,7 @@ async function startWebUI(opts = {}) {
           beforeMessages,
           afterMessages: context.messages.length
         };
-        broadcast({ type: "context.repaired", payload });
+        broadcast(clients, { type: "context.repaired", payload });
         const removed = payload.removedToolUses.length + payload.removedToolResults.length + payload.removedMessages;
         sendResult(
           ws,
@@ -2310,7 +2617,7 @@ async function startWebUI(opts = {}) {
         context.meta["contextWindowMode"] = policy.id;
         context.meta["contextWindowPolicy"] = policy;
         sendResult(ws, true, `Context mode switched to ${policy.id}`);
-        broadcast({
+        broadcast(clients, {
           type: "context.mode.changed",
           payload: { id: policy.id, name: policy.name, policy }
         });
@@ -2336,7 +2643,7 @@ async function startWebUI(opts = {}) {
         break;
       }
       case "providers.saved": {
-        const saved = await loadSavedProviders();
+        const saved = await loadConfigProviders();
         send(ws, {
           type: "providers.saved",
           payload: {
@@ -2395,11 +2702,11 @@ async function startWebUI(opts = {}) {
           updateAutoCompactionMaxContext?.(newProv);
           try {
             configWriteLock = configWriteLock.then(async () => {
-              const raw = await fs2.readFile(globalConfigPath, "utf8");
+              const raw = await fs4.readFile(globalConfigPath, "utf8");
               const parsed = JSON.parse(raw);
               parsed.provider = newProvider;
               parsed.model = newModel;
-              await atomicWrite(globalConfigPath, JSON.stringify(parsed, null, 2));
+              await atomicWrite3(globalConfigPath, JSON.stringify(parsed, null, 2));
             });
             await configWriteLock;
           } catch (err) {
@@ -2419,7 +2726,7 @@ async function startWebUI(opts = {}) {
           });
           break;
         }
-        broadcast({ type: "session.start", payload: await sessionStartPayload() });
+        broadcast(clients, { type: "session.start", payload: await sessionStartPayload() });
         break;
       }
       case "key.add":
@@ -2508,7 +2815,7 @@ async function startWebUI(opts = {}) {
           tokenCounter.reset();
           tokenCounter.account(resumed.data.usage, config.model);
           sessionStartedAt = Date.now();
-          broadcast({
+          broadcast(clients, {
             type: "session.start",
             payload: {
               ...await sessionStartPayload(),
@@ -2648,7 +2955,7 @@ async function startWebUI(opts = {}) {
       case "todos.clear": {
         context.state.replaceTodos([]);
         sendResult(ws, true, "Todos cleared");
-        broadcast({ type: "todos.updated", payload: { todos: [] } });
+        broadcast(clients, { type: "todos.updated", payload: { todos: [] } });
         break;
       }
       case "plan.get": {
@@ -2695,7 +3002,7 @@ async function startWebUI(opts = {}) {
           }
           await savePlan(planPath, plan);
           sendResult(ws, true, `Applied template "${tpl.name}" \u2014 ${tpl.items.length} items added.`);
-          broadcast({
+          broadcast(clients, {
             type: "plan.updated",
             payload: { plan }
           });
@@ -2712,7 +3019,7 @@ async function startWebUI(opts = {}) {
           if (depth > 8 || results.length >= 600) return;
           let entries = [];
           try {
-            entries = await fs2.readdir(dir, { withFileTypes: true });
+            entries = await fs4.readdir(dir, { withFileTypes: true });
           } catch {
             return;
           }
@@ -2722,7 +3029,7 @@ async function startWebUI(opts = {}) {
             const childRel = rel ? `${rel}/${e.name}` : e.name;
             if (e.isDirectory()) {
               if (SKIP_DIRS.has(e.name)) continue;
-              await walk(path2.join(dir, e.name), childRel, depth + 1);
+              await walk(path4.join(dir, e.name), childRel, depth + 1);
             } else if (e.isFile()) {
               results.push(childRel);
             }
@@ -2791,7 +3098,7 @@ async function startWebUI(opts = {}) {
             model: config.model
           });
           sendResult(ws, true, `Switched to mode "${id}"`);
-          broadcast({
+          broadcast(clients, {
             type: "session.start",
             payload: { ...await sessionStartPayload() }
           });
@@ -2830,39 +3137,20 @@ async function startWebUI(opts = {}) {
         }
     }
   }
-  async function loadSavedProviders() {
-    try {
-      const raw = await fs2.readFile(globalConfigPath, "utf8");
-      const parsed = JSON.parse(raw);
-      if (!parsed.providers) return {};
-      return decryptConfigSecrets(parsed.providers, vault);
-    } catch {
-      return {};
-    }
+  async function loadConfigProviders() {
+    return loadSavedProviders(globalConfigPath, vault);
   }
-  async function saveProviders(providers) {
-    configWriteLock = configWriteLock.then(async () => {
-      let parsed;
-      try {
-        const raw = await fs2.readFile(globalConfigPath, "utf8");
-        parsed = JSON.parse(raw);
-      } catch {
-        parsed = {};
-      }
-      parsed["providers"] = providers;
-      const encrypted = encryptConfigSecrets(parsed, vault);
-      await atomicWrite(globalConfigPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
-    });
+  async function saveConfigProviders(providers) {
+    configWriteLock = configWriteLock.then(
+      () => saveProviders(globalConfigPath, vault, providers)
+    );
     await configWriteLock;
   }
-  function sendResult(ws, success, message) {
-    send(ws, { type: "key.operation_result", payload: { success, message } });
-  }
   async function handleKeyUpsert(ws, providerId, label, apiKey) {
     try {
-      const providers = await loadSavedProviders();
+      const providers = await loadConfigProviders();
       const result = upsertKey(providers, providerId, label, apiKey, (/* @__PURE__ */ new Date()).toISOString());
-      if (result.ok) await saveProviders(providers);
+      if (result.ok) await saveConfigProviders(providers);
       sendResult(ws, result.ok, result.message);
     } catch (err) {
       sendResult(ws, false, errMessage(err));
@@ -2870,9 +3158,9 @@ async function startWebUI(opts = {}) {
   }
   async function handleKeyDelete(ws, providerId, label) {
     try {
-      const providers = await loadSavedProviders();
+      const providers = await loadConfigProviders();
       const result = deleteKey(providers, providerId, label);
-      if (result.ok) await saveProviders(providers);
+      if (result.ok) await saveConfigProviders(providers);
       sendResult(ws, result.ok, result.message);
     } catch (err) {
       sendResult(ws, false, errMessage(err));
@@ -2880,9 +3168,9 @@ async function startWebUI(opts = {}) {
   }
   async function handleKeySetActive(ws, providerId, label) {
     try {
-      const providers = await loadSavedProviders();
+      const providers = await loadConfigProviders();
       const result = setActiveKey(providers, providerId, label);
-      if (result.ok) await saveProviders(providers);
+      if (result.ok) await saveConfigProviders(providers);
       sendResult(ws, result.ok, result.message);
     } catch (err) {
       sendResult(ws, false, errMessage(err));
@@ -2890,9 +3178,9 @@ async function startWebUI(opts = {}) {
   }
   async function handleProviderAdd(ws, payload) {
     try {
-      const providers = await loadSavedProviders();
+      const providers = await loadConfigProviders();
       const result = addProvider(providers, payload, (/* @__PURE__ */ new Date()).toISOString());
-      if (result.ok) await saveProviders(providers);
+      if (result.ok) await saveConfigProviders(providers);
       sendResult(ws, result.ok, result.message);
     } catch (err) {
       sendResult(ws, false, errMessage(err));
@@ -2900,9 +3188,9 @@ async function startWebUI(opts = {}) {
   }
   async function handleProviderRemove(ws, providerId) {
     try {
-      const providers = await loadSavedProviders();
+      const providers = await loadConfigProviders();
       const result = removeProvider(providers, providerId);
-      if (result.ok) await saveProviders(providers);
+      if (result.ok) await saveConfigProviders(providers);
       sendResult(ws, result.ok, result.message);
     } catch (err) {
       sendResult(ws, false, errMessage(err));
@@ -2910,12 +3198,27 @@ async function startWebUI(opts = {}) {
   }
   const httpServer = createHttpServer({
     host: wsHost,
-    distDir: path2.resolve(import.meta.dirname, "../../dist"),
+    distDir: path4.resolve(import.meta.dirname, "../../dist"),
     wsPort
   });
-  const httpPort = Number.parseInt(process.env["PORT"] ?? "3456", 10);
+  const registryBaseDir = path4.dirname(globalConfigPath);
   httpServer.listen(httpPort, wsHost, () => {
-    console.log(`[WebUI] HTTP server running on http://${wsHost}:${httpPort}`);
+    const openUrl = `http://${wsHost}:${httpPort}`;
+    console.log(`[WebUI] HTTP server running on ${openUrl}`);
+    if (opts.open) openBrowser(openUrl);
+    void registerInstance(
+      {
+        pid: process.pid,
+        httpPort,
+        wsPort,
+        host: wsHost,
+        projectRoot,
+        projectName: path4.basename(projectRoot) || projectRoot,
+        startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        url: `http://${wsHost}:${httpPort}`
+      },
+      registryBaseDir
+    ).catch((err) => console.warn("[WebUI] Could not record instance:", errMessage(err)));
   });
   registerShutdownHandlers({
     flushSession: async () => {
@@ -2927,10 +3230,48 @@ async function startWebUI(opts = {}) {
       await session.close();
     },
     clients: () => clients.keys(),
-    servers: [httpServer, wssPrimary, wssSecondary]
+    servers: [httpServer, wssPrimary, wssSecondary],
+    // Drop this instance from the registry on a clean exit so the file reflects
+    // reality. Crash exits are healed by the next register()/list() prune pass.
+    onShutdown: () => unregisterInstance(process.pid, registryBaseDir)
   });
 }
 export {
-  startWebUI
+  addProvider,
+  broadcast,
+  browserOpenCommand,
+  buildCspHeader,
+  createHttpServer,
+  createProviderConfigIO,
+  defaultBaseDir,
+  deleteKey,
+  errMessage,
+  extractToken,
+  findFreePort,
+  formatInstances,
+  generateAuthToken,
+  hostHeaderOk,
+  injectWsPort,
+  isLoopbackBind,
+  isLoopbackHostname,
+  isPortFree,
+  listInstances,
+  loadSavedProviders,
+  maskedKey,
+  normalizeKeys,
+  openBrowser,
+  registerInstance,
+  registryPath,
+  removeProvider,
+  saveProviders,
+  send,
+  sendResult,
+  setActiveKey,
+  startWebUI,
+  tokenMatches,
+  unregisterInstance,
+  upsertKey,
+  verifyClient,
+  writeKeysBack
 };
 //# sourceMappingURL=index.js.map