agentgui 1.0.837 → 1.0.839

package/CHANGELOG.md

@@ -1,6 +1,9 @@
 ## [Unreleased]
 
 ### Refactor
+- Extract message/stream/queue routes (messagesMatch, streamMatch, queueMatch handlers) to lib/routes-messages.js (140L) and session/chunk/full/execution routes to lib/routes-sessions.js (145L); server.js reduced from 2406L to 2127L; both files ≤200L; wired via _messagesRoutes._match and _sessionsRoutes._match in request handler
+- Extract runs/scripts/agent-auth/auth-config HTTP routes from server.js to lib/routes-runs.js (157L), lib/routes-scripts.js (136L), lib/routes-agent-actions.js (118L), lib/routes-auth-config.js (30L); routes-auth-config uses getProviderConfigs/saveProviderConfig from server.js deps (no duplication); server.js reduced from 2406L to 1399L total (-1007L)
+- Extract processMessageWithStreaming (539L), scheduleRetry, drainMessageQueue, and parseRateLimitResetTime from server.js into lib/process-message.js (127L, createProcessMessage factory), lib/stream-event-handler.js (116L, createEventHandler), lib/message-queue.js (63L, createMessageQueue), lib/process-message-rate-limit.js (19L); all files ≤200L; server.js reduced by ~660L and imports/wires all factories after broadcastSync is created
 - refactor: extract broadcastSync to lib/broadcast.js (createBroadcast factory) and recovery functions to lib/recovery.js (createRecovery factory); server.js reduced from 3419L to 3226L
 - refactor: remove JSDoc and standalone code comments from scripts/patch-fsbrowse.js; reduce from 229L to 200L
 - Split database.js (651L) into database.js (81L) + database-schema.js (176L) + database-migrations.js (150L) + database-migrations-acp.js (134L); all files ≤200L; no circular imports; migration functions receive db as parameter

package/lib/message-queue.js

@@ -0,0 +1,62 @@
+export function createMessageQueue({ queries, activeExecutions, messageQueues, broadcastSync, execMachine, cleanupExecution, debugLog, getProcessMessageWithStreaming }) {
+  function scheduleRetry(conversationId, messageId, content, agentId, model, subAgent) {
+    debugLog(`[rate-limit] scheduleRetry called for conv ${conversationId}, messageId=${messageId}`);
+    if (!content) {
+      queries.getConversation(conversationId);
+      const lastMsg = queries.getLastUserMessage(conversationId);
+      content = lastMsg?.content || 'continue';
+      debugLog(`[rate-limit] Recovered content from last message: ${content?.substring?.(0, 50)}...`);
+    }
+    const newSession = queries.createSession(conversationId);
+    queries.createEvent('session.created', { messageId, sessionId: newSession.id, retryReason: 'rate_limit' }, conversationId, newSession.id);
+    debugLog(`[rate-limit] Broadcasting streaming_start for retry session ${newSession.id}`);
+    broadcastSync({ type: 'streaming_start', sessionId: newSession.id, conversationId, messageId, agentId, queueLength: messageQueues.get(conversationId)?.length || 0, timestamp: Date.now() });
+    const startTime = Date.now();
+    activeExecutions.set(conversationId, { pid: null, startTime, sessionId: newSession.id, lastActivity: startTime });
+    debugLog(`[rate-limit] Calling processMessageWithStreaming for retry`);
+    getProcessMessageWithStreaming()(conversationId, messageId, newSession.id, content, agentId, model, subAgent)
+      .catch(err => {
+        debugLog(`[rate-limit] Retry failed: ${err.message}`);
+        console.error(`[rate-limit] Retry error for conv ${conversationId}:`, err);
+        cleanupExecution(conversationId);
+        broadcastSync({ type: 'streaming_error', sessionId: newSession.id, conversationId, error: `Rate limit retry failed: ${err.message}`, recoverable: false, timestamp: Date.now() });
+      });
+  }
+
+  function drainMessageQueue(conversationId) {
+    const machineQueue = execMachine.getQueue(conversationId);
+    const mapQueue = messageQueues.get(conversationId);
+    if (machineQueue.length === 0 && (!mapQueue || mapQueue.length === 0)) return;
+    let next;
+    if (machineQueue.length > 0) {
+      execMachine.send(conversationId, { type: 'COMPLETE' });
+      const ctx = execMachine.getContext(conversationId);
+      next = ctx?.nextItem;
+      if (mapQueue && mapQueue.length > 0) mapQueue.shift();
+      if (mapQueue && mapQueue.length === 0) messageQueues.delete(conversationId);
+    } else {
+      next = mapQueue.shift();
+      if (mapQueue.length === 0) messageQueues.delete(conversationId);
+    }
+    if (!next) return;
+    debugLog(`[queue] Draining next message for ${conversationId}, messageId=${next.messageId}`);
+    const remainingQueueLength = execMachine.getQueue(conversationId).length || messageQueues.get(conversationId)?.length || 0;
+    broadcastSync({ type: 'queue_item_dequeued', conversationId, messageId: next.messageId, queueLength: remainingQueueLength, timestamp: Date.now() });
+    const session = queries.createSession(conversationId);
+    queries.createEvent('session.created', { messageId: next.messageId, sessionId: session.id }, conversationId, session.id);
+    broadcastSync({ type: 'streaming_start', sessionId: session.id, conversationId, messageId: next.messageId, agentId: next.agentId, queueLength: remainingQueueLength, timestamp: Date.now() });
+    broadcastSync({ type: 'queue_status', conversationId, queueLength: remainingQueueLength, timestamp: Date.now() });
+    const startTime = Date.now();
+    execMachine.send(conversationId, { type: 'START', sessionId: session.id });
+    activeExecutions.set(conversationId, { pid: null, startTime, sessionId: session.id, lastActivity: startTime });
+    getProcessMessageWithStreaming()(conversationId, next.messageId, session.id, next.content, next.agentId, next.model, next.subAgent)
+      .catch(err => {
+        debugLog(`[queue] Error processing queued message: ${err.message}`);
+        cleanupExecution(conversationId);
+        broadcastSync({ type: 'streaming_error', sessionId: session.id, conversationId, error: `Queue processing failed: ${err.message}`, recoverable: true, timestamp: Date.now() });
+        setTimeout(() => drainMessageQueue(conversationId), 100);
+      });
+  }
+
+  return { scheduleRetry, drainMessageQueue };
+}

package/lib/process-message-rate-limit.js

@@ -0,0 +1,18 @@
+/**
+ * Parse the rate-limit reset time from a text message.
+ * Returns seconds until reset (minimum 60, default 300).
+ */
+export function parseRateLimitResetTime(text) {
+  const match = text.match(/resets?\s+(?:at\s+)?(\d{1,2})(?::(\d{2}))?\s*(am|pm)?\s*\(?(UTC|[A-Z]{2,4})\)?/i);
+  if (!match) return 300;
+  let hours = parseInt(match[1], 10);
+  const minutes = match[2] ? parseInt(match[2], 10) : 0;
+  const period = match[3]?.toLowerCase();
+  if (period === 'pm' && hours !== 12) hours += 12;
+  if (period === 'am' && hours === 12) hours = 0;
+  const now = new Date();
+  const resetTime = new Date(now);
+  resetTime.setUTCHours(hours, minutes, 0, 0);
+  if (resetTime <= now) resetTime.setUTCDate(resetTime.getUTCDate() + 1);
+  return Math.max(60, Math.ceil((resetTime.getTime() - now.getTime()) / 1000));
+}

package/lib/process-message.js

@@ -0,0 +1,126 @@
+export function createProcessMessage({ queries, activeExecutions, rateLimitState, execMachine, broadcastSync, runClaudeWithStreaming, cleanupExecution, checkpointManager, discoveredAgents, ownedSessionIds, STARTUP_CWD, buildSystemPrompt, parseRateLimitResetTime, eagerTTS, touchACP, createChunkBatcher, debugLog, logError, scheduleRetry, drainMessageQueue, createEventHandler }) {
+  async function processMessageWithStreaming(conversationId, messageId, sessionId, content, agentId, model, subAgent) {
+    const startTime = Date.now();
+    touchACP(agentId);
+    const conv = queries.getConversation(conversationId);
+    if (!conv) {
+      console.error(`[stream] Conversation ${conversationId} not found, aborting`);
+      queries.updateSession(sessionId, { status: 'error', error: 'Conversation not found' });
+      queries.setIsStreaming(conversationId, false);
+      return;
+    }
+    if (activeExecutions.has(conversationId)) {
+      const existing = activeExecutions.get(conversationId);
+      if (existing.sessionId !== sessionId) {
+        debugLog(`[stream] Conversation ${conversationId} already has active execution (different session), aborting duplicate`);
+        return;
+      }
+    }
+    if (rateLimitState.has(conversationId)) {
+      const rlState = rateLimitState.get(conversationId);
+      if (rlState.retryAt > Date.now()) {
+        debugLog(`[stream] Conversation ${conversationId} is in rate limit cooldown, aborting`);
+        return;
+      }
+    }
+    activeExecutions.set(conversationId, { pid: null, startTime, sessionId, lastActivity: startTime });
+    execMachine.send(conversationId, { type: 'START', sessionId });
+    queries.setIsStreaming(conversationId, true);
+    queries.updateSession(sessionId, { status: 'active' });
+    const batcher = createChunkBatcher(queries, debugLog);
+    const cwd = conv?.workingDirectory || STARTUP_CWD;
+    const allBlocksRef = { val: [] };
+    const currentSequenceRef = { val: queries.getMaxSequence(sessionId) ?? -1 };
+    const batcherRef = { batcher, eventCount: 0, resumeSessionId: conv?.claudeSessionId || null };
+    const onEvent = createEventHandler({ queries, activeExecutions, broadcastSync, rateLimitState, batcherRef, sessionId, conversationId, messageId, content, agentId, model, subAgent, ownedSessionIds, allBlocksRef, currentSequenceRef, scheduleRetry, eagerTTS, debugLog, parseRateLimitResetTime });
+    try {
+      debugLog(`[stream] Starting: conversationId=${conversationId}, sessionId=${sessionId}`);
+      let resolvedAgentId = agentId || 'claude-code';
+      const wrapperAgent = discoveredAgents.find(a => a.id === resolvedAgentId && a.protocol === 'cli-wrapper' && a.acpId);
+      if (wrapperAgent) resolvedAgentId = wrapperAgent.acpId;
+      const resolvedModel = model || conv?.model || null;
+      const resolvedSubAgent = subAgent || conv?.subAgent || null;
+      const config = {
+        verbose: true, outputFormat: 'stream-json', timeout: 1800000, print: true,
+        resumeSessionId: batcherRef.resumeSessionId,
+        systemPrompt: buildSystemPrompt(agentId, resolvedModel, resolvedSubAgent),
+        model: resolvedModel || undefined, subAgent: resolvedSubAgent || undefined, onEvent,
+        onPid: (pid) => { const e = activeExecutions.get(conversationId); if (e) e.pid = pid; execMachine.send(conversationId, { type: 'SET_PID', pid }); },
+        onProcess: (proc) => { const e = activeExecutions.get(conversationId); if (e) e.proc = proc; execMachine.send(conversationId, { type: 'SET_PROC', proc }); }
+      };
+      const { outputs, sessionId: claudeSessionId } = await runClaudeWithStreaming(content, cwd, resolvedAgentId, config);
+      if (rateLimitState.get(conversationId)?.isStreamDetected) {
+        debugLog(`[rate-limit] Rate limit already handled in stream for conv ${conversationId}, skipping success handler`);
+        return;
+      }
+      activeExecutions.delete(conversationId);
+      execMachine.send(conversationId, { type: 'COMPLETE' });
+      batcher.drain();
+      if (claudeSessionId) ownedSessionIds.delete(claudeSessionId);
+      debugLog(`[stream] Claude returned ${outputs.length} outputs, sessionId=${claudeSessionId}`);
+      queries.updateSession(sessionId, { status: 'complete', response: JSON.stringify({ outputs, eventCount: batcherRef.eventCount }), completed_at: Date.now() });
+      broadcastSync({ type: 'streaming_complete', sessionId, conversationId, agentId, eventCount: batcherRef.eventCount, seq: currentSequenceRef.val, timestamp: Date.now() });
+      debugLog(`[stream] Completed: ${outputs.length} outputs, ${batcherRef.eventCount} events`);
+    } catch (error) {
+      const elapsed = Date.now() - startTime;
+      debugLog(`[stream] Error after ${elapsed}ms: ${error.message}`);
+      const conv2 = queries.getConversation(conversationId);
+      if (conv2?.claudeSessionId) ownedSessionIds.delete(conv2.claudeSessionId);
+      if (rateLimitState.get(conversationId)?.isStreamDetected) {
+        debugLog(`[rate-limit] Rate limit already handled in stream for conv ${conversationId}, skipping catch handler`);
+        return;
+      }
+      const isAuthError = error.authError || error.nonRetryable || /401|unauthorized|invalid.*auth|invalid.*token|auth.*failed|permission denied|access denied/i.test(error.message);
+      const isRateLimit = error.rateLimited || /rate.?limit|429|too many requests|overloaded|throttl/i.test(error.message);
+      queries.updateSession(sessionId, { status: 'error', error: error.message, completed_at: Date.now() });
+      if (isAuthError) {
+        debugLog(`[auth-error] Auth error for conv ${conversationId}: ${error.message}`);
+        broadcastSync({ type: 'streaming_error', sessionId, conversationId, error: `Authentication failed: ${error.message}. Please check your API credentials.`, recoverable: false, isAuthError: true, timestamp: Date.now() });
+        const errMsg = queries.createMessage(conversationId, 'assistant', `Error: Authentication failed. ${error.message}. Please update your credentials and try again.`);
+        broadcastSync({ type: 'message_created', conversationId, message: errMsg, timestamp: Date.now() });
+        queries.setIsStreaming(conversationId, false);
+        batcher.drain();
+        activeExecutions.delete(conversationId);
+        return;
+      }
+      if (isRateLimit) {
+        const existingState = rateLimitState.get(conversationId) || {};
+        const retryCount = (existingState.retryCount || 0) + 1;
+        const maxRateLimitRetries = 3;
+        if (retryCount > maxRateLimitRetries) {
+          broadcastSync({ type: 'streaming_error', sessionId, conversationId, error: `Rate limit exceeded after ${retryCount} attempts. Please try again later.`, recoverable: false, timestamp: Date.now() });
+          const errMsg = queries.createMessage(conversationId, 'assistant', `Error: Rate limit exceeded after ${retryCount} attempts. Please try again later.`);
+          broadcastSync({ type: 'message_created', conversationId, message: errMsg, timestamp: Date.now() });
+          queries.setIsStreaming(conversationId, false);
+          return;
+        }
+        const cooldownMs = (error.retryAfterSec || 60) * 1000;
+        const retryAt = Date.now() + cooldownMs;
+        rateLimitState.set(conversationId, { retryAt, cooldownMs, retryCount });
+        broadcastSync({ type: 'rate_limit_hit', sessionId, conversationId, retryAfterMs: cooldownMs, retryAt, retryCount, timestamp: Date.now() });
+        batcher.drain();
+        debugLog(`[rate-limit] Scheduling retry for conv ${conversationId} in ${cooldownMs}ms (attempt ${retryCount + 1})`);
+        setTimeout(() => {
+          debugLog(`[rate-limit] Timeout fired for conv ${conversationId}, calling scheduleRetry`);
+          rateLimitState.delete(conversationId);
+          broadcastSync({ type: 'rate_limit_clear', conversationId, timestamp: Date.now() });
+          scheduleRetry(conversationId, messageId, content, agentId, model, subAgent);
+        }, cooldownMs);
+        return;
+      }
+      const isSessionConflict = error.exitCode === null && batcherRef.eventCount === 0;
+      broadcastSync({ type: 'streaming_error', sessionId, conversationId, error: error.message, isPrematureEnd: error.isPrematureEnd || false, exitCode: error.exitCode, stderrText: error.stderrText, recoverable: elapsed < 60000, isSessionConflict, timestamp: Date.now() });
+      if (!isSessionConflict) {
+        const errMsg = queries.createMessage(conversationId, 'assistant', `Error: ${error.message}`);
+        broadcastSync({ type: 'message_created', conversationId, message: errMsg, timestamp: Date.now() });
+      }
+    } finally {
+      batcher.drain();
+      if (!rateLimitState.has(conversationId)) {
+        cleanupExecution(conversationId);
+        drainMessageQueue(conversationId);
+      }
+    }
+  }
+  return { processMessageWithStreaming };
+}

package/lib/routes-agent-actions.js

@@ -0,0 +1,117 @@
+import os from 'os';
+import { spawn } from 'child_process';
+
+export function register(deps) {
+  const { sendJSON, queries, broadcastSync, discoveredAgents, activeScripts, startGeminiOAuth, startCodexOAuth, getGeminiOAuthState, getCodexOAuthState, modelCache, PORT, BASE_URL, rootDir } = deps;
+
+  const routes = {};
+
+  routes['_match'] = (method, pathOnly) => {
+    let m;
+    if (method === 'POST' && (m = pathOnly.match(/^\/api\/agents\/([^/]+)\/auth$/))) return (req, res) => handleAgentAuth(req, res, m[1]);
+    if (method === 'POST' && (m = pathOnly.match(/^\/api\/agents\/([^/]+)\/update$/))) return (req, res) => handleAgentUpdate(req, res, m[1]);
+    return null;
+  };
+
+  async function handleAgentAuth(req, res, agentId) {
+    const agent = discoveredAgents.find(a => a.id === agentId);
+    if (!agent) { sendJSON(req, res, 404, { error: 'Agent not found' }); return; }
+
+    if (agentId === 'codex' || agentId === 'cli-codex') {
+      try {
+        const result = await startCodexOAuth(req, { PORT, BASE_URL });
+        const conversationId = '__agent_auth__';
+        broadcastSync({ type: 'script_started', conversationId, script: 'auth-codex', agentId: 'codex', timestamp: Date.now() });
+        broadcastSync({ type: 'script_output', conversationId, data: `\x1b[36mOpening OpenAI OAuth in your browser...\x1b[0m\r\n\r\nIf it doesn't open automatically, visit:\r\n${result.authUrl}\r\n`, stream: 'stdout', timestamp: Date.now() });
+        const pollId = setInterval(() => {
+          const state = getCodexOAuthState();
+          if (state.status === 'success') {
+            clearInterval(pollId);
+            const email = state.email || '';
+            broadcastSync({ type: 'script_output', conversationId, data: `\r\n\x1b[32mAuthentication successful${email ? ' (' + email + ')' : ''}\x1b[0m\r\n`, stream: 'stdout', timestamp: Date.now() });
+            broadcastSync({ type: 'script_stopped', conversationId, code: 0, timestamp: Date.now() });
+          } else if (state.status === 'error') {
+            clearInterval(pollId);
+            broadcastSync({ type: 'script_output', conversationId, data: `\r\n\x1b[31mAuthentication failed: ${state.error}\x1b[0m\r\n`, stream: 'stderr', timestamp: Date.now() });
+            broadcastSync({ type: 'script_stopped', conversationId, code: 1, error: state.error, timestamp: Date.now() });
+          }
+        }, 1000);
+        setTimeout(() => clearInterval(pollId), 5 * 60 * 1000);
+        sendJSON(req, res, 200, { ok: true, agentId, authUrl: result.authUrl, mode: result.mode });
+      } catch (e) {
+        console.error('[codex-oauth] /api/agents/codex/auth failed:', e);
+        sendJSON(req, res, 500, { error: e.message });
+      }
+      return;
+    }
+
+    if (agentId === 'gemini') {
+      try {
+        const result = await startGeminiOAuth(req, { PORT, BASE_URL, rootDir });
+        const conversationId = '__agent_auth__';
+        broadcastSync({ type: 'script_started', conversationId, script: 'auth-gemini', agentId: 'gemini', timestamp: Date.now() });
+        broadcastSync({ type: 'script_output', conversationId, data: `\x1b[36mOpening Google OAuth in your browser...\x1b[0m\r\n\r\nIf it doesn't open automatically, visit:\r\n${result.authUrl}\r\n`, stream: 'stdout', timestamp: Date.now() });
+        const pollId = setInterval(() => {
+          const state = getGeminiOAuthState();
+          if (state.status === 'success') {
+            clearInterval(pollId);
+            const email = state.email || '';
+            broadcastSync({ type: 'script_output', conversationId, data: `\r\n\x1b[32mAuthentication successful${email ? ' (' + email + ')' : ''}\x1b[0m\r\n`, stream: 'stdout', timestamp: Date.now() });
+            broadcastSync({ type: 'script_stopped', conversationId, code: 0, timestamp: Date.now() });
+          } else if (state.status === 'error') {
+            clearInterval(pollId);
+            broadcastSync({ type: 'script_output', conversationId, data: `\r\n\x1b[31mAuthentication failed: ${state.error}\x1b[0m\r\n`, stream: 'stderr', timestamp: Date.now() });
+            broadcastSync({ type: 'script_stopped', conversationId, code: 1, error: state.error, timestamp: Date.now() });
+          }
+        }, 1000);
+        setTimeout(() => clearInterval(pollId), 5 * 60 * 1000);
+        sendJSON(req, res, 200, { ok: true, agentId, authUrl: result.authUrl, mode: result.mode });
+      } catch (e) {
+        console.error('[gemini-oauth] /api/agents/gemini/auth failed:', e);
+        sendJSON(req, res, 500, { error: e.message });
+      }
+      return;
+    }
+
+    const authCommands = {
+      'claude-code': { cmd: 'claude', args: ['setup-token'] },
+      'opencode': { cmd: 'opencode', args: ['auth', 'login'] },
+    };
+    const authCmd = authCommands[agentId];
+    if (!authCmd) { sendJSON(req, res, 400, { error: 'No auth command for this agent' }); return; }
+    const conversationId = '__agent_auth__';
+    if (activeScripts.has(conversationId)) { sendJSON(req, res, 409, { error: 'Auth process already running' }); return; }
+    const child = spawn(authCmd.cmd, authCmd.args, { stdio: ['pipe', 'pipe', 'pipe'], env: { ...process.env, FORCE_COLOR: '1' }, shell: os.platform() === 'win32' });
+    activeScripts.set(conversationId, { process: child, script: 'auth-' + agentId, startTime: Date.now() });
+    broadcastSync({ type: 'script_started', conversationId, script: 'auth-' + agentId, agentId, timestamp: Date.now() });
+    const onData = (stream) => (chunk) => broadcastSync({ type: 'script_output', conversationId, data: chunk.toString(), stream, timestamp: Date.now() });
+    child.stdout.on('data', onData('stdout'));
+    child.stderr.on('data', onData('stderr'));
+    child.stdout.on('error', () => {});
+    child.stderr.on('error', () => {});
+    child.on('error', (err) => { activeScripts.delete(conversationId); broadcastSync({ type: 'script_stopped', conversationId, code: 1, error: err.message, timestamp: Date.now() }); });
+    child.on('close', (code) => { activeScripts.delete(conversationId); broadcastSync({ type: 'script_stopped', conversationId, code: code || 0, timestamp: Date.now() }); });
+    sendJSON(req, res, 200, { ok: true, agentId, pid: child.pid });
+  }
+
+  async function handleAgentUpdate(req, res, agentId) {
+    const updateCommands = { 'claude-code': { cmd: 'claude', args: ['update', '--yes'] } };
+    const updateCmd = updateCommands[agentId];
+    if (!updateCmd) { sendJSON(req, res, 400, { error: 'No update command for this agent' }); return; }
+    const conversationId = '__agent_update__';
+    if (activeScripts.has(conversationId)) { sendJSON(req, res, 409, { error: 'Update already running' }); return; }
+    const child = spawn(updateCmd.cmd, updateCmd.args, { stdio: ['pipe', 'pipe', 'pipe'], env: { ...process.env, FORCE_COLOR: '1' }, shell: os.platform() === 'win32' });
+    activeScripts.set(conversationId, { process: child, script: 'update-' + agentId, startTime: Date.now() });
+    broadcastSync({ type: 'script_started', conversationId, script: 'update-' + agentId, agentId, timestamp: Date.now() });
+    const onData = (stream) => (chunk) => broadcastSync({ type: 'script_output', conversationId, data: chunk.toString(), stream, timestamp: Date.now() });
+    child.stdout.on('data', onData('stdout'));
+    child.stderr.on('data', onData('stderr'));
+    child.stdout.on('error', () => {});
+    child.stderr.on('error', () => {});
+    child.on('error', (err) => { activeScripts.delete(conversationId); broadcastSync({ type: 'script_stopped', conversationId, code: 1, error: err.message, timestamp: Date.now() }); });
+    child.on('close', (code) => { activeScripts.delete(conversationId); modelCache.delete(agentId); broadcastSync({ type: 'script_stopped', conversationId, code: code || 0, timestamp: Date.now() }); });
+    sendJSON(req, res, 200, { ok: true, agentId, pid: child.pid });
+  }
+
+  return routes;
+}

package/lib/routes-auth-config.js

@@ -0,0 +1,30 @@
+export function register(deps) {
+  const { sendJSON, parseBody, getProviderConfigs, saveProviderConfig } = deps;
+
+  const routes = {};
+
+  routes['GET /api/auth/configs'] = (req, res) => {
+    sendJSON(req, res, 200, getProviderConfigs());
+  };
+
+  routes['POST /api/auth/save-config'] = async (req, res) => {
+    try {
+      const body = await parseBody(req);
+      const { providerId, apiKey, defaultModel } = body || {};
+      if (typeof providerId !== 'string' || !providerId.length || providerId.length > 100) { sendJSON(req, res, 400, { error: 'Invalid providerId' }); return; }
+      if (typeof apiKey !== 'string' || !apiKey.length || apiKey.length > 10000) { sendJSON(req, res, 400, { error: 'Invalid apiKey' }); return; }
+      if (defaultModel !== undefined && (typeof defaultModel !== 'string' || defaultModel.length > 200)) { sendJSON(req, res, 400, { error: 'Invalid defaultModel' }); return; }
+      const configPath = saveProviderConfig(providerId, apiKey, defaultModel || '');
+      sendJSON(req, res, 200, { success: true, path: configPath });
+    } catch (err) {
+      sendJSON(req, res, 400, { error: err.message });
+    }
+  };
+
+  routes['_match'] = (method, pathOnly) => {
+    const key = `${method} ${pathOnly}`;
+    return routes[key] || null;
+  };
+
+  return routes;
+}

package/lib/routes-messages.js

@@ -0,0 +1,139 @@
+export function register(deps) {
+  const { queries, sendJSON, parseBody, broadcastSync, processMessageWithStreaming, activeExecutions, messageQueues, debugLog, logError } = deps;
+
+  const routes = {};
+
+  routes['_match'] = (method, pathOnly) => {
+    let m;
+
+    if ((m = pathOnly.match(/^\/api\/conversations\/([^/]+)\/messages$/))) {
+      if (method === 'GET') return (req, res) => handleGetMessages(req, res, m[1]);
+      if (method === 'POST') return (req, res) => handlePostMessage(req, res, m[1]);
+    }
+
+    if (method === 'POST' && (m = pathOnly.match(/^\/api\/conversations\/([^/]+)\/stream$/)))
+      return (req, res) => handleStream(req, res, m[1]);
+
+    if ((m = pathOnly.match(/^\/api\/conversations\/([^/]+)\/queue$/))) {
+      if (method === 'GET') return (req, res) => handleGetQueue(req, res, m[1]);
+    }
+
+    if ((m = pathOnly.match(/^\/api\/conversations\/([^/]+)\/queue\/([^/]+)$/))) {
+      if (method === 'DELETE') return (req, res) => handleDeleteQueueItem(req, res, m[1], m[2]);
+      if (method === 'PATCH') return (req, res) => handlePatchQueueItem(req, res, m[1], m[2]);
+    }
+
+    return null;
+  };
+
+  async function handleGetMessages(req, res, conversationId) {
+    const url = new URL(req.url, 'http://localhost');
+    const limit = Math.min(parseInt(url.searchParams.get('limit') || '50'), 500);
+    const offset = Math.max(parseInt(url.searchParams.get('offset') || '0'), 0);
+    const result = queries.getPaginatedMessages(conversationId, limit, offset);
+    sendJSON(req, res, 200, result);
+  }
+
+  async function handlePostMessage(req, res, conversationId) {
+    const conv = queries.getConversation(conversationId);
+    if (!conv) { sendJSON(req, res, 404, { error: 'Conversation not found' }); return; }
+    const body = await parseBody(req);
+    const agentId = body.agentId || conv.agentType || conv.agentId || 'claude-code';
+    const model = body.model || conv.model || null;
+    const subAgent = body.subAgent || conv.subAgent || null;
+    const idempotencyKey = body.idempotencyKey || null;
+    const message = queries.createMessage(conversationId, 'user', body.content, idempotencyKey);
+    queries.createEvent('message.created', { role: 'user', messageId: message.id }, conversationId);
+    broadcastSync({ type: 'message_created', conversationId, message, timestamp: Date.now() });
+
+    if (activeExecutions.has(conversationId)) {
+      if (!messageQueues.has(conversationId)) messageQueues.set(conversationId, []);
+      messageQueues.get(conversationId).push({ content: body.content, agentId, model, messageId: message.id, subAgent });
+      const queueLength = messageQueues.get(conversationId).length;
+      broadcastSync({ type: 'queue_status', conversationId, queueLength, messageId: message.id, timestamp: Date.now() });
+      sendJSON(req, res, 200, { message, queued: true, queuePosition: queueLength, idempotencyKey });
+      return;
+    }
+
+    const session = queries.createSession(conversationId);
+    queries.createEvent('session.created', { messageId: message.id, sessionId: session.id }, conversationId, session.id);
+    activeExecutions.set(conversationId, { pid: null, startTime: Date.now(), sessionId: session.id, lastActivity: Date.now() });
+    queries.setIsStreaming(conversationId, true);
+    broadcastSync({ type: 'streaming_start', sessionId: session.id, conversationId, messageId: message.id, agentId, timestamp: Date.now() });
+    sendJSON(req, res, 201, { message, session, idempotencyKey });
+
+    processMessageWithStreaming(conversationId, message.id, session.id, body.content, agentId, model, subAgent)
+      .catch(err => {
+        console.error(`[messages] Uncaught error for conv ${conversationId}:`, err.message);
+        debugLog(`[messages] Uncaught error: ${err.message}`);
+        logError('processMessageWithStreaming', err, { convId: conversationId });
+      });
+  }
+
+  async function handleStream(req, res, conversationId) {
+    const body = await parseBody(req);
+    const conv = queries.getConversation(conversationId);
+    if (!conv) { sendJSON(req, res, 404, { error: 'Conversation not found' }); return; }
+
+    const prompt = body.content || body.message || '';
+    const agentId = body.agentId || conv.agentType || conv.agentId || 'claude-code';
+    const model = body.model || conv.model || null;
+    const subAgent = body.subAgent || conv.subAgent || null;
+
+    const userMessage = queries.createMessage(conversationId, 'user', prompt);
+    queries.createEvent('message.created', { role: 'user', messageId: userMessage.id }, conversationId);
+    broadcastSync({ type: 'message_created', conversationId, message: userMessage, timestamp: Date.now() });
+
+    if (activeExecutions.has(conversationId)) {
+      debugLog(`[stream] Conversation ${conversationId} is busy, queuing message`);
+      if (!messageQueues.has(conversationId)) messageQueues.set(conversationId, []);
+      messageQueues.get(conversationId).push({ content: prompt, agentId, model, messageId: userMessage.id, subAgent });
+      const queueLength = messageQueues.get(conversationId).length;
+      broadcastSync({ type: 'queue_status', conversationId, queueLength, messageId: userMessage.id, timestamp: Date.now() });
+      sendJSON(req, res, 200, { message: userMessage, queued: true, queuePosition: queueLength });
+      return;
+    }
+
+    const session = queries.createSession(conversationId);
+    queries.createEvent('session.created', { messageId: userMessage.id, sessionId: session.id }, conversationId, session.id);
+    activeExecutions.set(conversationId, { pid: null, startTime: Date.now(), sessionId: session.id, lastActivity: Date.now() });
+    queries.setIsStreaming(conversationId, true);
+    broadcastSync({ type: 'streaming_start', sessionId: session.id, conversationId, messageId: userMessage.id, agentId, timestamp: Date.now() });
+    sendJSON(req, res, 200, { message: userMessage, session, streamId: session.id });
+
+    processMessageWithStreaming(conversationId, userMessage.id, session.id, prompt, agentId, model, subAgent)
+      .catch(err => debugLog(`[stream] Uncaught error: ${err.stack || err.message}`));
+  }
+
+  async function handleGetQueue(req, res, conversationId) {
+    const conv = queries.getConversation(conversationId);
+    if (!conv) { sendJSON(req, res, 404, { error: 'Conversation not found' }); return; }
+    const queue = messageQueues.get(conversationId) || [];
+    sendJSON(req, res, 200, { queue });
+  }
+
+  async function handleDeleteQueueItem(req, res, conversationId, messageId) {
+    const queue = messageQueues.get(conversationId);
+    if (!queue) { sendJSON(req, res, 404, { error: 'Queue not found' }); return; }
+    const index = queue.findIndex(q => q.messageId === messageId);
+    if (index === -1) { sendJSON(req, res, 404, { error: 'Queued message not found' }); return; }
+    queue.splice(index, 1);
+    if (queue.length === 0) messageQueues.delete(conversationId);
+    broadcastSync({ type: 'queue_status', conversationId, queueLength: queue?.length || 0, timestamp: Date.now() });
+    sendJSON(req, res, 200, { deleted: true });
+  }
+
+  async function handlePatchQueueItem(req, res, conversationId, messageId) {
+    const body = await parseBody(req);
+    const queue = messageQueues.get(conversationId);
+    if (!queue) { sendJSON(req, res, 404, { error: 'Queue not found' }); return; }
+    const item = queue.find(q => q.messageId === messageId);
+    if (!item) { sendJSON(req, res, 404, { error: 'Queued message not found' }); return; }
+    if (body.content !== undefined) item.content = body.content;
+    if (body.agentId !== undefined) item.agentId = body.agentId;
+    broadcastSync({ type: 'queue_updated', conversationId, messageId, content: item.content, agentId: item.agentId, timestamp: Date.now() });
+    sendJSON(req, res, 200, { updated: true, item });
+  }
+
+  return routes;
+}