npm - @wrongstack/webui - Versions diffs - 0.63.4 → 0.68.0 - Mend

@wrongstack/webui 0.63.4 → 0.68.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (53) hide show

package/dist/server/index.js CHANGED Viewed

@@ -1,6 +1,6 @@
 // src/server/index.ts
-import * as fs2 from "fs/promises";
-import * as path2 from "path";
+import * as fs4 from "fs/promises";
+import * as path4 from "path";
 // src/server/http-server.ts
 import * as fs from "fs/promises";
@@ -15,6 +15,16 @@ var MIME_TYPES = {
   ".png": "image/png",
   ".ico": "image/x-icon"
 };
+function injectWsPort(html, wsPort) {
+  const tag = `<meta name="wrongstack-ws-port" content="${wsPort}" />`;
+  if (html.includes('name="wrongstack-ws-port"')) return html;
+  if (html.includes("</head>")) {
+    return html.replace("</head>", `  ${tag}
+  </head>`);
+  }
+  return `${tag}
+${html}`;
+}
 function buildCspHeader(wsPort) {
   return `default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; connect-src 'self' ws://127.0.0.1:${wsPort} wss://127.0.0.1:${wsPort} ws://[::1]:${wsPort} wss://[::1]:${wsPort}; img-src 'self' data:; font-src 'self' data:; object-src 'none'; base-uri 'self'; frame-ancestors 'none'; form-action 'self'`;
 }
@@ -55,6 +65,10 @@ function createHttpServer(opts) {
       if (ext === ".html") {
         res.setHeader("Cache-Control", "no-cache");
         res.setHeader("Content-Security-Policy", buildCspHeader(wsPort));
+        const html = await fs.readFile(resolvedPath, "utf8");
+        res.writeHead(200);
+        res.end(injectWsPort(html, wsPort));
+        return;
       }
       const fileContent = await fs.readFile(resolvedPath);
       res.writeHead(200);
@@ -62,7 +76,7 @@ function createHttpServer(opts) {
     } catch (err) {
       if (err.code === "ENOENT") {
         try {
-          const fileContent = await fs.readFile(path.join(distDir, "index.html"));
+          const html = await fs.readFile(path.join(distDir, "index.html"), "utf8");
           res.writeHead(200, {
             "Content-Type": "text/html",
             "X-Content-Type-Options": "nosniff",
@@ -70,7 +84,7 @@ function createHttpServer(opts) {
             "Referrer-Policy": "strict-origin-when-cross-origin",
             "Content-Security-Policy": buildCspHeader(wsPort)
           });
-          res.end(fileContent);
+          res.end(injectWsPort(html, wsPort));
         } catch {
           res.writeHead(404);
           res.end("Not found");
@@ -154,7 +168,7 @@ import {
   ProviderRegistry,
   TOKENS as TOKENS2,
   ToolRegistry,
-  atomicWrite,
+  atomicWrite as atomicWrite3,
   createDefaultPipelines,
   DEFAULT_CONTEXT_WINDOW_MODE_ID,
   DEFAULT_TOOLS_CONFIG,
@@ -163,11 +177,9 @@ import {
   resolveContextWindowPolicy
 } from "@wrongstack/core";
 import { ToolExecutor } from "@wrongstack/core/execution";
-import { decryptConfigSecrets, encryptConfigSecrets } from "@wrongstack/core/security";
 import { buildProviderFactoriesFromRegistry, makeProviderFromConfig } from "@wrongstack/providers";
 import { builtinToolsPack, forgetTool, rememberTool } from "@wrongstack/tools";
-import { WebSocket, WebSocketServer } from "ws";
-import { randomBytes } from "crypto";
+import { WebSocketServer } from "ws";
 // ../runtime/src/container.ts
 import {
@@ -227,6 +239,7 @@ function createDefaultContainer(opts) {
       trustFile: wpaths.projectTrust,
       yolo: opts.permission?.yolo ?? false,
       yoloDestructive: opts.permission?.yoloDestructive ?? opts.permission?.forceAllYolo ?? false,
+      confirmDestructive: opts.permission?.confirmDestructive ?? false,
       promptDelegate: opts.permission?.promptDelegate
     })
   );
@@ -1446,6 +1459,13 @@ function createShutdown(res) {
     }
     for (const ws of res.clients()) ws.close();
     for (const server of res.servers) server?.close();
+    if (res.onShutdown) {
+      try {
+        await res.onShutdown();
+      } catch (e) {
+        log(`[WebUI] Error during shutdown cleanup: ${e instanceof Error ? e.message : String(e)}`);
+      }
+    }
     exit(0);
   };
 }
@@ -1459,6 +1479,138 @@ function registerShutdownHandlers(res) {
   };
 }
+// src/server/instance-registry.ts
+import * as os from "os";
+import * as path2 from "path";
+import * as fs2 from "fs/promises";
+import { atomicWrite } from "@wrongstack/core";
+function defaultBaseDir() {
+  return path2.join(os.homedir(), ".wrongstack");
+}
+function registryPath(baseDir = defaultBaseDir()) {
+  return path2.join(baseDir, "webui-instances.json");
+}
+function isPidAlive(pid) {
+  if (!Number.isInteger(pid) || pid <= 0) return false;
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (err) {
+    return err.code !== "ESRCH";
+  }
+}
+async function load(file) {
+  try {
+    const raw = await fs2.readFile(file, "utf8");
+    const parsed = JSON.parse(raw);
+    if (parsed?.version === 1 && Array.isArray(parsed.instances)) {
+      return parsed;
+    }
+  } catch {
+  }
+  return { version: 1, instances: [] };
+}
+async function save(file, instances) {
+  await atomicWrite(file, `${JSON.stringify({ version: 1, instances }, null, 2)}
+`, {
+    mode: 384
+  });
+}
+function prune(instances, excludePid) {
+  return instances.filter((i) => i.pid !== excludePid && isPidAlive(i.pid));
+}
+async function registerInstance(record, baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const instances = prune(data.instances, record.pid);
+  instances.push(record);
+  await save(file, instances);
+}
+async function unregisterInstance(pid, baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const instances = prune(data.instances, pid);
+  await save(file, instances);
+}
+async function listInstances(baseDir = defaultBaseDir()) {
+  const file = registryPath(baseDir);
+  const data = await load(file);
+  const live = prune(data.instances);
+  if (live.length !== data.instances.length) {
+    await save(file, live).catch(() => {
+    });
+  }
+  return live;
+}
+function formatInstances(instances) {
+  if (instances.length === 0) {
+    return "No WebUI instances are currently running.";
+  }
+  const lines = [`Running WebUI instances (${instances.length}):`, ""];
+  for (const i of instances) {
+    lines.push(
+      `  \u2022 ${i.url}  \xB7  ws:${i.wsPort}  \xB7  pid ${i.pid}`,
+      `      project: ${i.projectName}  (${i.projectRoot})`,
+      `      since:   ${i.startedAt}`
+    );
+  }
+  return lines.join("\n");
+}
+// src/server/port-utils.ts
+import * as net from "net";
+function isPortFree(host, port) {
+  return new Promise((resolve3) => {
+    const srv = net.createServer();
+    srv.once("error", () => resolve3(false));
+    srv.once("listening", () => {
+      srv.close(() => resolve3(true));
+    });
+    try {
+      srv.listen(port, host);
+    } catch {
+      resolve3(false);
+    }
+  });
+}
+async function findFreePort(host, startPort, opts = {}) {
+  const exclude = opts.exclude ?? /* @__PURE__ */ new Set();
+  const maxTries = opts.maxTries ?? 200;
+  let port = startPort;
+  for (let i = 0; i < maxTries; i++) {
+    if (port > 65535) port = 1024 + port % 5e4;
+    if (!exclude.has(port) && await isPortFree(host, port)) {
+      return port;
+    }
+    port++;
+  }
+  throw new Error(
+    `No free port found near ${startPort} on ${host} after ${maxTries} attempts.`
+  );
+}
+// src/server/open-browser.ts
+import { spawn } from "child_process";
+function browserOpenCommand(url, platform = process.platform) {
+  if (platform === "win32") {
+    return { command: "cmd", args: ["/c", "start", "", url] };
+  }
+  if (platform === "darwin") {
+    return { command: "open", args: [url] };
+  }
+  return { command: "xdg-open", args: [url] };
+}
+function openBrowser(url, platform = process.platform) {
+  try {
+    const { command, args } = browserOpenCommand(url, platform);
+    const child = spawn(command, args, { stdio: "ignore", detached: true });
+    child.on("error", () => {
+    });
+    child.unref();
+  } catch {
+  }
+}
 // src/server/usage-cost.ts
 function getCostRates(model) {
   const cost = model?.cost;
@@ -1472,6 +1624,68 @@ function computeUsageCost(usage, rates) {
   return (usage.input * rates.input + usage.output * rates.output + (usage.cacheRead ?? 0) * rates.cacheRead) / 1e6;
 }
+// src/server/provider-config-io.ts
+import * as fs3 from "fs/promises";
+import * as path3 from "path";
+import { atomicWrite as atomicWrite2 } from "@wrongstack/core";
+import { decryptConfigSecrets, encryptConfigSecrets } from "@wrongstack/core/security";
+import { DefaultSecretVault } from "@wrongstack/core";
+async function loadSavedProviders(configPath, vault) {
+  let raw;
+  try {
+    raw = await fs3.readFile(configPath, "utf8");
+  } catch {
+    return {};
+  }
+  let parsed = {};
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    return {};
+  }
+  if (!parsed.providers) return {};
+  return decryptConfigSecrets(parsed.providers, vault);
+}
+async function saveProviders(configPath, vault, providers) {
+  let raw;
+  let fileExists = true;
+  try {
+    raw = await fs3.readFile(configPath, "utf8");
+  } catch (err) {
+    if (err.code !== "ENOENT") {
+      throw new Error(
+        `Refusing to mutate ${configPath}: ${err.message}`,
+        { cause: err }
+      );
+    }
+    fileExists = false;
+    raw = "{}";
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (err) {
+    if (fileExists) {
+      throw new Error(
+        `Refusing to overwrite corrupt config at ${configPath} (${err.message}). Fix or move the file aside before retrying.`,
+        { cause: err }
+      );
+    }
+    parsed = {};
+  }
+  parsed.providers = providers;
+  const encrypted = encryptConfigSecrets(parsed, vault);
+  await atomicWrite2(configPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
+}
+function createProviderConfigIO(configPath) {
+  const keyFile = path3.join(path3.dirname(configPath), ".key");
+  const vault = new DefaultSecretVault({ keyFile });
+  return {
+    load: () => loadSavedProviders(configPath, vault),
+    save: (providers) => saveProviders(configPath, vault, providers)
+  };
+}
 // src/server/provider-keys.ts
 function normalizeKeys(cfg) {
   if (Array.isArray(cfg.apiKeys) && cfg.apiKeys.length > 0) {
@@ -1567,6 +1781,159 @@ function removeProvider(providers, providerId) {
   return { ok: true, message: `Provider "${providerId}" removed` };
 }
+// src/server/ws-utils.ts
+import { randomBytes } from "crypto";
+import { WebSocket } from "ws";
+function send(ws, msg) {
+  if (ws.readyState === WebSocket.OPEN) {
+    ws.send(JSON.stringify(msg));
+  }
+}
+function broadcast(clients, msg) {
+  const data = JSON.stringify(msg);
+  for (const [ws] of clients) {
+    if (ws.readyState === WebSocket.OPEN) {
+      try {
+        ws.send(data);
+      } catch {
+      }
+    }
+  }
+}
+function sendResult(ws, success, message) {
+  send(ws, { type: "key.operation_result", payload: { success, message } });
+}
+function errMessage(err) {
+  return err instanceof Error ? err.message : String(err);
+}
+function generateAuthToken() {
+  return randomBytes(16).toString("hex");
+}
+// src/server/provider-handlers.ts
+function createProviderHandlers(deps) {
+  const { globalConfigPath, vault } = deps;
+  let configWriteLock = deps.getConfigWriteLock();
+  async function loadConfigProviders() {
+    return loadSavedProviders(globalConfigPath, vault);
+  }
+  async function saveConfigProviders(providers) {
+    const next = configWriteLock.then(() => saveProviders(globalConfigPath, vault, providers));
+    configWriteLock = next;
+    deps.setConfigWriteLock(next);
+    await next;
+  }
+  async function handleKeyUpsert(ws, providerId, label, apiKey) {
+    try {
+      const providers = await loadConfigProviders();
+      const result = upsertKey(providers, providerId, label, apiKey, (/* @__PURE__ */ new Date()).toISOString());
+      if (result.ok) await saveConfigProviders(providers);
+      sendResult(ws, result.ok, result.message);
+    } catch (err) {
+      sendResult(ws, false, errMessage(err));
+    }
+  }
+  async function handleKeyDelete(ws, providerId, label) {
+    try {
+      const providers = await loadConfigProviders();
+      const result = deleteKey(providers, providerId, label);
+      if (result.ok) await saveConfigProviders(providers);
+      sendResult(ws, result.ok, result.message);
+    } catch (err) {
+      sendResult(ws, false, errMessage(err));
+    }
+  }
+  async function handleKeySetActive(ws, providerId, label) {
+    try {
+      const providers = await loadConfigProviders();
+      const result = setActiveKey(providers, providerId, label);
+      if (result.ok) await saveConfigProviders(providers);
+      sendResult(ws, result.ok, result.message);
+    } catch (err) {
+      sendResult(ws, false, errMessage(err));
+    }
+  }
+  async function handleProviderAdd(ws, payload) {
+    try {
+      const providers = await loadConfigProviders();
+      const result = addProvider(providers, payload, (/* @__PURE__ */ new Date()).toISOString());
+      if (result.ok) await saveConfigProviders(providers);
+      sendResult(ws, result.ok, result.message);
+    } catch (err) {
+      sendResult(ws, false, errMessage(err));
+    }
+  }
+  async function handleProviderRemove(ws, providerId) {
+    try {
+      const providers = await loadConfigProviders();
+      const result = removeProvider(providers, providerId);
+      if (result.ok) await saveConfigProviders(providers);
+      sendResult(ws, result.ok, result.message);
+    } catch (err) {
+      sendResult(ws, false, errMessage(err));
+    }
+  }
+  return { handleKeyUpsert, handleKeyDelete, handleKeySetActive, handleProviderAdd, handleProviderRemove, loadConfigProviders };
+}
+// src/server/setup-events.ts
+function setupEvents(deps) {
+  const { events, broadcast: broadcast2, clients, config, context, pendingConfirms } = deps;
+  events.on("iteration.started", (e) => {
+    broadcast2(clients, {
+      type: "iteration.started",
+      payload: { index: e.index, maxIterations: config.tools?.maxIterations ?? 100 }
+    });
+  });
+  events.on("provider.text_delta", (e) => {
+    broadcast2(clients, { type: "provider.text_delta", payload: { text: e.text, messageId: "current" } });
+  });
+  events.on("provider.thinking_delta", (e) => {
+    broadcast2(clients, { type: "provider.thinking_delta", payload: { text: e.text } });
+  });
+  events.on("tool.started", (e) => {
+    broadcast2(clients, {
+      type: "tool.started",
+      payload: { id: e.id, name: e.name, input: e.input, messageId: `tool_${e.id}` }
+    });
+  });
+  events.on("tool.progress", (e) => {
+    broadcast2(clients, {
+      type: "tool.progress",
+      payload: { id: e.id, name: e.name, eventType: e.event.type, text: e.event.text }
+    });
+  });
+  events.on("tool.executed", (e) => {
+    broadcast2(clients, {
+      type: "tool.executed",
+      payload: { id: e.id, name: e.name, durationMs: e.durationMs, ok: e.ok, input: e.input, output: e.output }
+    });
+    broadcast2(clients, { type: "todos.updated", payload: { todos: [...context.todos] } });
+  });
+  events.on("provider.response", (e) => {
+    broadcast2(clients, { type: "provider.response", payload: { usage: e.usage, stopReason: e.stopReason, messageId: "current" } });
+  });
+  events.on("context.repaired", (e) => {
+    broadcast2(clients, { type: "context.repaired", payload: { removedToolUses: e.removedToolUses, removedToolResults: e.removedToolResults, removedMessages: e.removedMessages } });
+  });
+  events.on("tool.confirm_needed", (e) => {
+    const id = e.toolUseId ?? `confirm_${Date.now()}`;
+    pendingConfirms.set(id, e.resolve);
+    broadcast2(clients, { type: "tool.confirm_needed", payload: { id, toolName: e.tool?.name ?? "unknown", input: e.input, suggestedPattern: e.suggestedPattern } });
+  });
+  events.on("error", (e) => {
+    broadcast2(clients, { type: "error", payload: { phase: e.phase, message: e.err instanceof Error ? e.err.message : String(e.err) } });
+  });
+  const forwardSubagent = (kind, payload) => broadcast2(clients, { type: "subagent.event", payload: { kind, ...payload } });
+  events.on("subagent.spawned", (e) => forwardSubagent("spawned", { subagentId: e.subagentId, taskId: e.taskId, name: e.name, provider: e.provider, model: e.model, description: e.description }));
+  events.on("subagent.task_started", (e) => forwardSubagent("task_started", { subagentId: e.subagentId, taskId: e.taskId, description: e.description }));
+  events.on("subagent.tool_executed", (e) => forwardSubagent("tool_executed", { subagentId: e.subagentId, toolName: e.name, durationMs: e.durationMs, ok: e.ok }));
+  events.on("subagent.iteration_summary", (e) => forwardSubagent("iteration_summary", { subagentId: e.subagentId, iteration: e.iteration, toolCalls: e.toolCalls, costUsd: e.costUsd, currentTool: e.currentTool }));
+  events.on("subagent.budget_extended", (e) => forwardSubagent("budget_extended", { subagentId: e.subagentId, totalExtensions: e.totalExtensions }));
+  events.on("subagent.ctx_pct", (e) => forwardSubagent("ctx_pct", { subagentId: e.subagentId, load: e.load, tokens: e.tokens, maxContext: e.maxContext }));
+  events.on("subagent.task_completed", (e) => forwardSubagent("task_completed", { subagentId: e.subagentId, status: e.status, iterations: e.iterations, toolCalls: e.toolCalls, error: e.error ? { kind: e.error.kind, message: e.error.message } : void 0 }));
+}
 // src/server/token-estimator.ts
 function estimateTokens(s) {
   return Math.ceil(s.length / 4);
@@ -1625,12 +1992,23 @@ function estimateContextBreakdown(input) {
 }
 // src/server/index.ts
-function errMessage(err) {
-  return err instanceof Error ? err.message : String(err);
-}
 async function startWebUI(opts = {}) {
-  const wsPort = opts.wsPort ?? 3457;
+  const requestedWsPort = opts.wsPort ?? 3457;
   const wsHost = opts.wsHost ?? "127.0.0.1";
+  const requestedHttpPort = Number.parseInt(process.env["PORT"] ?? "3456", 10);
+  const strictPort = process.env["WEBUI_STRICT_PORT"] === "1" || process.env["WEBUI_STRICT_PORT"] === "true";
+  let wsPort = requestedWsPort;
+  let httpPort = requestedHttpPort;
+  if (!strictPort) {
+    httpPort = await findFreePort(wsHost, requestedHttpPort);
+    wsPort = await findFreePort(wsHost, requestedWsPort, { exclude: /* @__PURE__ */ new Set([httpPort]) });
+    if (httpPort !== requestedHttpPort) {
+      console.warn(`[WebUI] HTTP port ${requestedHttpPort} in use \u2192 using ${httpPort}`);
+    }
+    if (wsPort !== requestedWsPort) {
+      console.warn(`[WebUI] WS port ${requestedWsPort} in use \u2192 using ${wsPort}`);
+    }
+  }
   console.log("[WebUI] Starting backend services...");
   const boot = await bootConfig();
   const { config: baseConfig, vault, globalConfigPath, projectRoot, wpaths, logger } = boot;
@@ -1884,14 +2262,14 @@ async function startWebUI(opts = {}) {
       inputCost,
       outputCost,
       cacheReadCost,
-      projectName: path2.basename(projectRoot) || projectRoot,
+      projectName: path4.basename(projectRoot) || projectRoot,
       cwd: projectRoot,
       mode: modeId,
       contextMode: String(context.meta["contextWindowMode"] ?? DEFAULT_CONTEXT_WINDOW_MODE_ID),
       wsToken
     };
   }
-  const wsToken = randomBytes(16).toString("hex");
+  const wsToken = generateAuthToken();
   console.log(`[WebUI] WS auth token: ${wsToken.slice(0, 4)}\u2026${wsToken.slice(-4)} (masked)`);
   const verifyClient2 = (info) => verifyClient({
     origin: info.origin,
@@ -1915,10 +2293,11 @@ async function startWebUI(opts = {}) {
     maxPayload: WS_MAX_PAYLOAD
   }) : null;
   const clients = /* @__PURE__ */ new Map();
-  const RATE_LIMIT_MESSAGES = 60;
+  const RATE_LIMIT_MESSAGES = Number.parseInt(process.env["WEBUI_RATE_LIMIT"] ?? "0", 10);
   const RATE_LIMIT_WINDOW_MS = 6e4;
   const rateLimits = /* @__PURE__ */ new Map();
   function checkRateLimit(ws, client) {
+    if (RATE_LIMIT_MESSAGES <= 0) return true;
     const now = Date.now();
     const key = client.sessionId ?? String(ws);
     const limit = rateLimits.get(key);
@@ -1935,113 +2314,6 @@ async function startWebUI(opts = {}) {
     `[WebUI] WebSocket server running on ws://${wsHost}:${wsPort}` + (wssSecondary ? ` (and ws://[::1]:${wsPort})` : "")
   );
   const pendingConfirms = /* @__PURE__ */ new Map();
-  function setupEvents() {
-    events.on("iteration.started", (e) => {
-      broadcast({
-        type: "iteration.started",
-        payload: { index: e.index, maxIterations: config.tools?.maxIterations ?? 100 }
-      });
-    });
-    events.on("provider.text_delta", (e) => {
-      broadcast({ type: "provider.text_delta", payload: { text: e.text, messageId: "current" } });
-    });
-    events.on("provider.thinking_delta", (e) => {
-      broadcast({ type: "provider.thinking_delta", payload: { text: e.text } });
-    });
-    events.on("tool.started", (e) => {
-      broadcast({
-        type: "tool.started",
-        payload: { id: e.id, name: e.name, input: e.input, messageId: `tool_${e.id}` }
-      });
-    });
-    events.on("tool.progress", (e) => {
-      broadcast({
-        type: "tool.progress",
-        payload: {
-          id: e.id,
-          name: e.name,
-          eventType: e.event.type,
-          text: e.event.text
-        }
-      });
-    });
-    events.on("tool.executed", (e) => {
-      broadcast({
-        type: "tool.executed",
-        payload: {
-          // Forward the tool_use id so frontend can correlate with the
-          // matching tool.started bubble — without this, parallel tool calls
-          // all stay stuck on "Running…" because the frontend can't tell
-          // which bubble this result belongs to.
-          id: e.id,
-          name: e.name,
-          durationMs: e.durationMs,
-          ok: e.ok,
-          input: e.input,
-          output: e.output
-        }
-      });
-      broadcast({
-        type: "todos.updated",
-        payload: { todos: [...context.todos] }
-      });
-    });
-    events.on("provider.response", (e) => {
-      broadcast({
-        type: "provider.response",
-        payload: {
-          usage: e.usage,
-          stopReason: e.stopReason,
-          messageId: "current"
-        }
-      });
-    });
-    events.on("context.repaired", (e) => {
-      broadcast({
-        type: "context.repaired",
-        payload: {
-          removedToolUses: e.removedToolUses,
-          removedToolResults: e.removedToolResults,
-          removedMessages: e.removedMessages
-        }
-      });
-    });
-    events.on("tool.confirm_needed", (e) => {
-      const id = e.toolUseId ?? `confirm_${Date.now()}`;
-      pendingConfirms.set(id, e.resolve);
-      broadcast({
-        type: "tool.confirm_needed",
-        payload: {
-          id,
-          toolName: e.tool?.name ?? "unknown",
-          input: e.input,
-          suggestedPattern: e.suggestedPattern
-        }
-      });
-    });
-    events.on("error", (e) => {
-      broadcast({
-        type: "error",
-        payload: {
-          phase: e.phase,
-          message: e.err instanceof Error ? e.err.message : String(e.err)
-        }
-      });
-    });
-  }
-  function send(ws, msg) {
-    if (ws.readyState === WebSocket.OPEN) {
-      ws.send(JSON.stringify(msg));
-    }
-  }
-  function broadcast(msg) {
-    const data = JSON.stringify(msg);
-    for (const [ws] of clients) {
-      if (ws.readyState === WebSocket.OPEN) {
-        ws.send(data);
-      }
-    }
-  }
   const handleConnection = (ws) => {
     const client = { ws, sessionId: session.id, connectedAt: Date.now() };
     clients.set(ws, client);
@@ -2099,7 +2371,7 @@ async function startWebUI(opts = {}) {
     if (eventsArmed) return;
     eventsArmed = true;
     console.log(`[WebUI] Backend ready (${label})`);
-    setupEvents();
+    setupEvents({ events, broadcast, clients, config, context, pendingConfirms });
   };
   wssPrimary.on("listening", () => armOnce(`${wsHost}:${wsPort}`));
   wssPrimary.on("connection", handleConnection);
@@ -2184,7 +2456,7 @@ async function startWebUI(opts = {}) {
       }
       case "abort":
         runLock?.abort();
-        broadcast({ type: "error", payload: { phase: "abort", message: "User aborted" } });
+        broadcast(clients, { type: "error", payload: { phase: "abort", message: "User aborted" } });
         break;
       case "ping":
         send(ws, { type: "pong", payload: {} });
@@ -2203,7 +2475,7 @@ async function startWebUI(opts = {}) {
         context.fileMtimes.clear();
         tokenCounter.reset();
         sessionStartedAt = Date.now();
-        broadcast({ type: "session.start", payload: await sessionStartPayload() });
+        broadcast(clients, { type: "session.start", payload: await sessionStartPayload() });
         break;
       }
       case "context.clear": {
@@ -2213,7 +2485,7 @@ async function startWebUI(opts = {}) {
         context.fileMtimes.clear();
         tokenCounter.reset();
         sendResult(ws, true, "Context cleared");
-        broadcast({
+        broadcast(clients, {
           type: "session.start",
           payload: { ...await sessionStartPayload(), reset: true }
         });
@@ -2272,7 +2544,7 @@ async function startWebUI(opts = {}) {
           beforeMessages,
           afterMessages: context.messages.length
         };
-        broadcast({ type: "context.repaired", payload });
+        broadcast(clients, { type: "context.repaired", payload });
         const removed = payload.removedToolUses.length + payload.removedToolResults.length + payload.removedMessages;
         sendResult(
           ws,
@@ -2310,7 +2582,7 @@ async function startWebUI(opts = {}) {
         context.meta["contextWindowMode"] = policy.id;
         context.meta["contextWindowPolicy"] = policy;
         sendResult(ws, true, `Context mode switched to ${policy.id}`);
-        broadcast({
+        broadcast(clients, {
           type: "context.mode.changed",
           payload: { id: policy.id, name: policy.name, policy }
         });
@@ -2336,7 +2608,7 @@ async function startWebUI(opts = {}) {
         break;
       }
       case "providers.saved": {
-        const saved = await loadSavedProviders();
+        const saved = await providerHandlers.loadConfigProviders();
         send(ws, {
           type: "providers.saved",
           payload: {
@@ -2395,11 +2667,11 @@ async function startWebUI(opts = {}) {
           updateAutoCompactionMaxContext?.(newProv);
           try {
             configWriteLock = configWriteLock.then(async () => {
-              const raw = await fs2.readFile(globalConfigPath, "utf8");
+              const raw = await fs4.readFile(globalConfigPath, "utf8");
               const parsed = JSON.parse(raw);
               parsed.provider = newProvider;
               parsed.model = newModel;
-              await atomicWrite(globalConfigPath, JSON.stringify(parsed, null, 2));
+              await atomicWrite3(globalConfigPath, JSON.stringify(parsed, null, 2));
             });
             await configWriteLock;
           } catch (err) {
@@ -2419,33 +2691,33 @@ async function startWebUI(opts = {}) {
           });
           break;
         }
-        broadcast({ type: "session.start", payload: await sessionStartPayload() });
+        broadcast(clients, { type: "session.start", payload: await sessionStartPayload() });
         break;
       }
       case "key.add":
       case "key.update": {
         const { providerId, label, apiKey } = msg.payload;
-        await handleKeyUpsert(ws, providerId, label, apiKey);
+        await providerHandlers.handleKeyUpsert(ws, providerId, label, apiKey);
         break;
       }
       case "key.delete": {
         const { providerId, label } = msg.payload;
-        await handleKeyDelete(ws, providerId, label);
+        await providerHandlers.handleKeyDelete(ws, providerId, label);
         break;
       }
       case "key.set_active": {
         const { providerId, label } = msg.payload;
-        await handleKeySetActive(ws, providerId, label);
+        await providerHandlers.handleKeySetActive(ws, providerId, label);
         break;
       }
       case "provider.add": {
         const p = msg.payload;
-        await handleProviderAdd(ws, p);
+        await providerHandlers.handleProviderAdd(ws, p);
         break;
       }
       case "provider.remove": {
         const { providerId } = msg.payload;
-        await handleProviderRemove(ws, providerId);
+        await providerHandlers.handleProviderRemove(ws, providerId);
         break;
       }
       case "sessions.list": {
@@ -2508,7 +2780,7 @@ async function startWebUI(opts = {}) {
           tokenCounter.reset();
           tokenCounter.account(resumed.data.usage, config.model);
           sessionStartedAt = Date.now();
-          broadcast({
+          broadcast(clients, {
             type: "session.start",
             payload: {
               ...await sessionStartPayload(),
@@ -2648,7 +2920,7 @@ async function startWebUI(opts = {}) {
       case "todos.clear": {
         context.state.replaceTodos([]);
         sendResult(ws, true, "Todos cleared");
-        broadcast({ type: "todos.updated", payload: { todos: [] } });
+        broadcast(clients, { type: "todos.updated", payload: { todos: [] } });
         break;
       }
       case "plan.get": {
@@ -2695,7 +2967,7 @@ async function startWebUI(opts = {}) {
           }
           await savePlan(planPath, plan);
           sendResult(ws, true, `Applied template "${tpl.name}" \u2014 ${tpl.items.length} items added.`);
-          broadcast({
+          broadcast(clients, {
             type: "plan.updated",
             payload: { plan }
           });
@@ -2712,7 +2984,7 @@ async function startWebUI(opts = {}) {
           if (depth > 8 || results.length >= 600) return;
           let entries = [];
           try {
-            entries = await fs2.readdir(dir, { withFileTypes: true });
+            entries = await fs4.readdir(dir, { withFileTypes: true });
           } catch {
             return;
           }
@@ -2722,7 +2994,7 @@ async function startWebUI(opts = {}) {
             const childRel = rel ? `${rel}/${e.name}` : e.name;
             if (e.isDirectory()) {
               if (SKIP_DIRS.has(e.name)) continue;
-              await walk(path2.join(dir, e.name), childRel, depth + 1);
+              await walk(path4.join(dir, e.name), childRel, depth + 1);
             } else if (e.isFile()) {
               results.push(childRel);
             }
@@ -2791,7 +3063,7 @@ async function startWebUI(opts = {}) {
             model: config.model
           });
           sendResult(ws, true, `Switched to mode "${id}"`);
-          broadcast({
+          broadcast(clients, {
             type: "session.start",
             payload: { ...await sessionStartPayload() }
           });
@@ -2830,92 +3102,37 @@ async function startWebUI(opts = {}) {
         }
     }
   }
-  async function loadSavedProviders() {
-    try {
-      const raw = await fs2.readFile(globalConfigPath, "utf8");
-      const parsed = JSON.parse(raw);
-      if (!parsed.providers) return {};
-      return decryptConfigSecrets(parsed.providers, vault);
-    } catch {
-      return {};
-    }
-  }
-  async function saveProviders(providers) {
-    configWriteLock = configWriteLock.then(async () => {
-      let parsed;
-      try {
-        const raw = await fs2.readFile(globalConfigPath, "utf8");
-        parsed = JSON.parse(raw);
-      } catch {
-        parsed = {};
-      }
-      parsed["providers"] = providers;
-      const encrypted = encryptConfigSecrets(parsed, vault);
-      await atomicWrite(globalConfigPath, JSON.stringify(encrypted, null, 2), { mode: 384 });
-    });
-    await configWriteLock;
-  }
-  function sendResult(ws, success, message) {
-    send(ws, { type: "key.operation_result", payload: { success, message } });
-  }
-  async function handleKeyUpsert(ws, providerId, label, apiKey) {
-    try {
-      const providers = await loadSavedProviders();
-      const result = upsertKey(providers, providerId, label, apiKey, (/* @__PURE__ */ new Date()).toISOString());
-      if (result.ok) await saveProviders(providers);
-      sendResult(ws, result.ok, result.message);
-    } catch (err) {
-      sendResult(ws, false, errMessage(err));
+  const providerHandlers = createProviderHandlers({
+    globalConfigPath,
+    vault,
+    getConfigWriteLock: () => configWriteLock,
+    setConfigWriteLock: (p) => {
+      configWriteLock = p;
     }
-  }
-  async function handleKeyDelete(ws, providerId, label) {
-    try {
-      const providers = await loadSavedProviders();
-      const result = deleteKey(providers, providerId, label);
-      if (result.ok) await saveProviders(providers);
-      sendResult(ws, result.ok, result.message);
-    } catch (err) {
-      sendResult(ws, false, errMessage(err));
-    }
-  }
-  async function handleKeySetActive(ws, providerId, label) {
-    try {
-      const providers = await loadSavedProviders();
-      const result = setActiveKey(providers, providerId, label);
-      if (result.ok) await saveProviders(providers);
-      sendResult(ws, result.ok, result.message);
-    } catch (err) {
-      sendResult(ws, false, errMessage(err));
-    }
-  }
-  async function handleProviderAdd(ws, payload) {
-    try {
-      const providers = await loadSavedProviders();
-      const result = addProvider(providers, payload, (/* @__PURE__ */ new Date()).toISOString());
-      if (result.ok) await saveProviders(providers);
-      sendResult(ws, result.ok, result.message);
-    } catch (err) {
-      sendResult(ws, false, errMessage(err));
-    }
-  }
-  async function handleProviderRemove(ws, providerId) {
-    try {
-      const providers = await loadSavedProviders();
-      const result = removeProvider(providers, providerId);
-      if (result.ok) await saveProviders(providers);
-      sendResult(ws, result.ok, result.message);
-    } catch (err) {
-      sendResult(ws, false, errMessage(err));
-    }
-  }
+  });
   const httpServer = createHttpServer({
     host: wsHost,
-    distDir: path2.resolve(import.meta.dirname, "../../dist"),
+    distDir: path4.resolve(import.meta.dirname, "../../dist"),
     wsPort
   });
-  const httpPort = Number.parseInt(process.env["PORT"] ?? "3456", 10);
+  const registryBaseDir = path4.dirname(globalConfigPath);
   httpServer.listen(httpPort, wsHost, () => {
-    console.log(`[WebUI] HTTP server running on http://${wsHost}:${httpPort}`);
+    const openUrl = `http://${wsHost}:${httpPort}`;
+    console.log(`[WebUI] HTTP server running on ${openUrl}`);
+    if (opts.open) openBrowser(openUrl);
+    void registerInstance(
+      {
+        pid: process.pid,
+        httpPort,
+        wsPort,
+        host: wsHost,
+        projectRoot,
+        projectName: path4.basename(projectRoot) || projectRoot,
+        startedAt: (/* @__PURE__ */ new Date()).toISOString(),
+        url: `http://${wsHost}:${httpPort}`
+      },
+      registryBaseDir
+    ).catch((err) => console.warn("[WebUI] Could not record instance:", errMessage(err)));
   });
   registerShutdownHandlers({
     flushSession: async () => {
@@ -2927,10 +3144,48 @@ async function startWebUI(opts = {}) {
       await session.close();
     },
     clients: () => clients.keys(),
-    servers: [httpServer, wssPrimary, wssSecondary]
+    servers: [httpServer, wssPrimary, wssSecondary],
+    // Drop this instance from the registry on a clean exit so the file reflects
+    // reality. Crash exits are healed by the next register()/list() prune pass.
+    onShutdown: () => unregisterInstance(process.pid, registryBaseDir)
   });
 }
 export {
-  startWebUI
+  addProvider,
+  broadcast,
+  browserOpenCommand,
+  buildCspHeader,
+  createHttpServer,
+  createProviderConfigIO,
+  defaultBaseDir,
+  deleteKey,
+  errMessage,
+  extractToken,
+  findFreePort,
+  formatInstances,
+  generateAuthToken,
+  hostHeaderOk,
+  injectWsPort,
+  isLoopbackBind,
+  isLoopbackHostname,
+  isPortFree,
+  listInstances,
+  loadSavedProviders,
+  maskedKey,
+  normalizeKeys,
+  openBrowser,
+  registerInstance,
+  registryPath,
+  removeProvider,
+  saveProviders,
+  send,
+  sendResult,
+  setActiveKey,
+  startWebUI,
+  tokenMatches,
+  unregisterInstance,
+  upsertKey,
+  verifyClient,
+  writeKeysBack
 };
 //# sourceMappingURL=index.js.map