agentopia 1.0.0

package/dist/routes/projects.js

@@ -0,0 +1,754 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerProjectRoutes = registerProjectRoutes;
+const uuid_1 = require("uuid");
+const child_process_1 = require("child_process");
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const fs = __importStar(require("fs"));
+const database_1 = require("../db/database");
+const process_manager_1 = require("../services/process-manager");
+const config_1 = require("../config");
+const auth_1 = require("../middleware/auth");
+const project_permissions_1 = require("../services/project-permissions");
+function normalizeOrchestratorEngine(value) {
+    if (value === undefined)
+        return null;
+    const engine = String(value).toLowerCase();
+    if (engine === 'native' || engine === 'langgraph')
+        return engine;
+    return null;
+}
+function buildSqlPlaceholders(values) {
+    return values.map(() => '?').join(', ');
+}
+function getProjectOwnerSummary(db, projectId) {
+    return db.prepare(`SELECT u.id, u.username, u.display_name, u.role
+     FROM projects p
+     LEFT JOIN users u ON u.id = p.owner_id
+     WHERE p.id = ?`).get(projectId);
+}
+function getProjectMemberCount(db, projectId) {
+    const row = db.prepare(`SELECT COUNT(*) as count
+     FROM (
+       SELECT owner_id as user_id
+       FROM projects
+       WHERE id = ? AND owner_id IS NOT NULL
+       UNION
+       SELECT user_id
+       FROM project_members
+       WHERE project_id = ?
+     ) members`).get(projectId, projectId);
+    return row?.count || 0;
+}
+function serializeProject(db, project, user, localhostBypass) {
+    const permission = (0, project_permissions_1.getProjectPermission)(db, project.id, user, localhostBypass);
+    const owner = getProjectOwnerSummary(db, project.id);
+    return {
+        ...project,
+        permission_level: permission.level,
+        can_manage: permission.canManage,
+        owner,
+        member_count: getProjectMemberCount(db, project.id),
+    };
+}
+function registerProjectRoutes(fastify) {
+    // Dashboard summary — aggregate stats across all projects
+    fastify.get('/api/dashboard/summary', async (request) => {
+        const db = (0, database_1.getDatabase)();
+        const { user, localhostBypass } = (0, project_permissions_1.getProjectRequestContext)(request);
+        const projectIds = (0, project_permissions_1.listAccessibleProjectIds)(db, user, localhostBypass);
+        if (projectIds.length === 0) {
+            return {
+                agents: { total: 0, running: 0, error_count: 0 },
+                issues: { total: 0, open: 0 },
+                total_cost_usd: 0,
+                last_activity: {},
+            };
+        }
+        const placeholders = buildSqlPlaceholders(projectIds);
+        const agentStats = db.prepare(`SELECT COUNT(*) as total,
+              SUM(CASE WHEN status = 'running' THEN 1 ELSE 0 END) as running,
+              SUM(CASE WHEN status = 'error' THEN 1 ELSE 0 END) as error_count
+       FROM agents
+       WHERE project_id IN (${placeholders})`).get(...projectIds);
+        const issueStats = db.prepare(`SELECT COUNT(*) as total,
+              SUM(CASE WHEN status IN ('open', 'in_progress') THEN 1 ELSE 0 END) as open_count
+       FROM issues
+       WHERE project_id IN (${placeholders})`).get(...projectIds);
+        // Total cost across all projects — only last record per run_id (cost is cumulative)
+        const costRows = db.prepare(`SELECT c.content FROM conversation_logs c
+       INNER JOIN (
+         SELECT MAX(cl.id) as max_id
+         FROM conversation_logs cl
+         JOIN agents a ON cl.agent_id = a.id
+         WHERE cl.stream = 'cost' AND a.project_id IN (${placeholders})
+         GROUP BY cl.run_id
+       ) latest
+       ON c.id = latest.max_id`).all(...projectIds);
+        let totalCost = 0;
+        let totalInputTokens = 0;
+        let totalOutputTokens = 0;
+        for (const c of costRows) {
+            try {
+                const data = JSON.parse(c.content);
+                totalCost += data.cost_usd || 0;
+                totalInputTokens += data.input_tokens || 0;
+                totalOutputTokens += data.output_tokens || 0;
+            }
+            catch { }
+        }
+        // Last activity per project (most recent agent started_at or issue updated_at)
+        const projectActivity = db.prepare(`SELECT p.id,
+        MAX(COALESCE(a.started_at, a.finished_at)) as last_agent_activity,
+        MAX(i.updated_at) as last_issue_activity
+       FROM projects p
+       LEFT JOIN agents a ON a.project_id = p.id
+       LEFT JOIN issues i ON i.project_id = p.id
+       WHERE p.id IN (${placeholders})
+       GROUP BY p.id`).all(...projectIds);
+        const lastActivityMap = {};
+        for (const row of projectActivity) {
+            const times = [row.last_agent_activity, row.last_issue_activity].filter(Boolean);
+            lastActivityMap[row.id] = times.length ? times.sort().pop() : null;
+        }
+        return {
+            agents: { total: agentStats.total || 0, running: agentStats.running || 0, error_count: agentStats.error_count || 0 },
+            issues: { total: issueStats.total || 0, open: issueStats.open_count || 0 },
+            total_cost_usd: totalCost,
+            total_input_tokens: totalInputTokens,
+            total_output_tokens: totalOutputTokens,
+            last_activity: lastActivityMap,
+        };
+    });
+    // Dashboard usage by project — stacked bar chart data
+    fastify.get('/api/dashboard/usage-by-project', async (request) => {
+        const db = (0, database_1.getDatabase)();
+        const period = request.query.period || 'day';
+        const { user, localhostBypass } = (0, project_permissions_1.getProjectRequestContext)(request);
+        const projectIds = (0, project_permissions_1.listAccessibleProjectIds)(db, user, localhostBypass);
+        if (projectIds.length === 0) {
+            return {
+                period,
+                time_buckets: [],
+                projects: [],
+                data: {},
+            };
+        }
+        const placeholders = buildSqlPlaceholders(projectIds);
+        // Only last cost record per run_id (cost is cumulative)
+        const rows = db.prepare(`SELECT c.content, c.created_at, p.id as project_id, p.name as project_name
+       FROM conversation_logs c
+       INNER JOIN (
+         SELECT MAX(cl.id) as max_id
+         FROM conversation_logs cl
+         JOIN agents a2 ON cl.agent_id = a2.id
+         WHERE cl.stream = 'cost' AND a2.project_id IN (${placeholders})
+         GROUP BY cl.run_id
+       ) latest ON c.id = latest.max_id
+       JOIN agents a ON c.agent_id = a.id
+       JOIN projects p ON a.project_id = p.id
+       ORDER BY c.created_at`).all(...projectIds);
+        // Aggregate by time bucket + project
+        const buckets = {};
+        const projectNames = {};
+        for (const row of rows) {
+            try {
+                const data = JSON.parse(row.content);
+                const costUsd = data.cost_usd || 0;
+                const inputTokens = data.input_tokens || 0;
+                const outputTokens = data.output_tokens || 0;
+                if (!row.created_at)
+                    continue;
+                let key;
+                const date = row.created_at.slice(0, 10);
+                if (period === 'hour') {
+                    key = row.created_at.slice(0, 13);
+                }
+                else if (period === 'week') {
+                    const d = new Date(date);
+                    d.setDate(d.getDate() - d.getDay());
+                    key = d.toISOString().slice(0, 10);
+                }
+                else {
+                    key = date;
+                }
+                projectNames[row.project_id] = row.project_name;
+                if (!buckets[key])
+                    buckets[key] = {};
+                if (!buckets[key][row.project_id])
+                    buckets[key][row.project_id] = { cost: 0, input_tokens: 0, output_tokens: 0 };
+                buckets[key][row.project_id].cost += costUsd;
+                buckets[key][row.project_id].input_tokens += inputTokens;
+                buckets[key][row.project_id].output_tokens += outputTokens;
+            }
+            catch { }
+        }
+        const timeBuckets = Object.keys(buckets).sort();
+        const projects = Object.entries(projectNames).map(([id, name]) => ({ id, name }));
+        return {
+            period,
+            time_buckets: timeBuckets,
+            projects,
+            data: Object.fromEntries(timeBuckets.map(t => [t, buckets[t]])),
+        };
+    });
+    // Generate project metadata from user description using AI
+    fastify.post('/api/generate-project', async (request, reply) => {
+        const { description, tool_path } = request.body;
+        if (!description)
+            return reply.code(400).send({ error: 'description is required' });
+        const tool = (tool_path || config_1.config.defaultCommandTemplate || '').trim() || 'cld';
+        const prompt = `Given the user's input below, generate a JSON object. IMPORTANT: Use the SAME LANGUAGE as the user's input (if Chinese, respond in Chinese; if English, respond in English).
+
+Fields:
+- "name": short project name in English (lowercase, hyphens, max 30 chars)
+- "description": one-line summary (max 100 chars, same language as user)
+- "task_description": detailed instructions for the controller agent (2-5 sentences, same language as user)
+- "controller_role": role description for the controller agent (same language as user)
+- "working_directory": if the user mentions a path or directory, extract it here (absolute path); otherwise null
+
+User's input: "${description.replace(/"/g, '\\"')}"
+
+Respond with ONLY valid JSON, no markdown, no explanation.`;
+        try {
+            const lowerTool = tool.toLowerCase();
+            let cmd;
+            if (lowerTool.startsWith('cld') || lowerTool.startsWith('claude')) {
+                // Claude Code / cld — keep existing non-interactive print mode
+                cmd = `${tool} -p`;
+            }
+            else if (lowerTool.startsWith('gemini')) {
+                // Gemini CLI — use text output mode with -p prompt flag
+                cmd = `${tool} --output-format text -p`;
+            }
+            else if (lowerTool.startsWith('codex')) {
+                // Codex CLI — non-interactive exec. We avoid --json here to keep
+                // output as plain text so that JSON extraction via regex still works.
+                // PROMPT is read from stdin when '-' is used.
+                cmd = 'codex exec --sandbox workspace-write --skip-git-repo-check -';
+            }
+            else {
+                // Fallback: run the tool as-is, reading prompt from stdin
+                cmd = tool;
+            }
+            const result = (0, child_process_1.execSync)(`echo ${JSON.stringify(prompt)} | ${cmd}`, {
+                timeout: 60000,
+                encoding: 'utf-8',
+                env: { ...process.env },
+            }).trim();
+            // Extract JSON from response (handle possible markdown wrapping)
+            const jsonMatch = result.match(/\{[\s\S]*\}/);
+            if (!jsonMatch) {
+                return reply.code(500).send({ error: 'AI did not return valid JSON', raw: result });
+            }
+            const parsed = JSON.parse(jsonMatch[0]);
+            return { ...parsed };
+        }
+        catch (e) {
+            return reply.code(500).send({ error: 'Failed to generate: ' + (e.message || '').slice(0, 200) });
+        }
+    });
+    // Project cost summary with per-run breakdowns and time-series support
+    fastify.get('/api/projects/:id/costs', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const pid = request.params.id;
+        const period = request.query.period; // day | week | month
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        // Only last cost record per run_id (cost is cumulative)
+        const costs = db.prepare(`SELECT c.content, c.run_id, c.created_at, a.name as agent_name
+       FROM conversation_logs c
+       INNER JOIN (SELECT MAX(cl.id) as max_id FROM conversation_logs cl JOIN agents al ON cl.agent_id = al.id WHERE al.project_id = ? AND cl.stream = 'cost' GROUP BY cl.run_id) latest ON c.id = latest.max_id
+       JOIN agents a ON c.agent_id = a.id
+       ORDER BY c.created_at`).all(pid);
+        let totalCost = 0;
+        let totalInput = 0;
+        let totalOutput = 0;
+        const byAgent = {};
+        const runs = [];
+        const timeSeries = {};
+        const timeSeriesByAgent = {};
+        for (const c of costs) {
+            try {
+                const data = JSON.parse(c.content);
+                const costUsd = data.cost_usd || 0;
+                const inputTokens = data.input_tokens || 0;
+                const outputTokens = data.output_tokens || 0;
+                totalCost += costUsd;
+                totalInput += inputTokens;
+                totalOutput += outputTokens;
+                if (!byAgent[c.agent_name])
+                    byAgent[c.agent_name] = { cost: 0, runs: 0, input_tokens: 0, output_tokens: 0 };
+                byAgent[c.agent_name].cost += costUsd;
+                byAgent[c.agent_name].runs++;
+                byAgent[c.agent_name].input_tokens += inputTokens;
+                byAgent[c.agent_name].output_tokens += outputTokens;
+                runs.push({
+                    run_id: c.run_id,
+                    agent_name: c.agent_name,
+                    cost_usd: costUsd,
+                    input_tokens: inputTokens,
+                    output_tokens: outputTokens,
+                    timestamp: c.created_at,
+                });
+                // Build time-series buckets
+                if (period && c.created_at) {
+                    let key;
+                    const date = c.created_at.slice(0, 10); // YYYY-MM-DD
+                    if (period === 'hour') {
+                        key = c.created_at.slice(0, 13); // YYYY-MM-DD HH
+                    }
+                    else if (period === 'day') {
+                        key = date;
+                    }
+                    else if (period === 'week') {
+                        const d = new Date(date);
+                        const day = d.getDay();
+                        d.setDate(d.getDate() - day);
+                        key = d.toISOString().slice(0, 10);
+                    }
+                    else if (period === 'month') {
+                        key = date.slice(0, 7); // YYYY-MM
+                    }
+                    else {
+                        key = date;
+                    }
+                    if (!timeSeries[key])
+                        timeSeries[key] = { cost: 0, runs: 0 };
+                    timeSeries[key].cost += costUsd;
+                    timeSeries[key].runs++;
+                    // Per-agent time-series
+                    if (!timeSeriesByAgent[c.agent_name])
+                        timeSeriesByAgent[c.agent_name] = {};
+                    if (!timeSeriesByAgent[c.agent_name][key])
+                        timeSeriesByAgent[c.agent_name][key] = { cost: 0, runs: 0 };
+                    timeSeriesByAgent[c.agent_name][key].cost += costUsd;
+                    timeSeriesByAgent[c.agent_name][key].runs++;
+                }
+            }
+            catch { }
+        }
+        const result = {
+            total_cost_usd: totalCost,
+            total_input_tokens: totalInput,
+            total_output_tokens: totalOutput,
+            by_agent: byAgent,
+            runs,
+        };
+        if (period) {
+            result.time_series = Object.entries(timeSeries)
+                .sort(([a], [b]) => a.localeCompare(b))
+                .map(([period_start, data]) => ({ period_start, ...data }));
+            // Per-agent time-series breakdown
+            result.time_series_by_agent = Object.fromEntries(Object.entries(timeSeriesByAgent).map(([agent, series]) => [
+                agent,
+                Object.entries(series)
+                    .sort(([a], [b]) => a.localeCompare(b))
+                    .map(([period_start, data]) => ({ period_start, ...data })),
+            ]));
+        }
+        return result;
+    });
+    // Git log — aggregate recent commits from all agents' working directories
+    fastify.get('/api/projects/:id/git-log', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const pid = request.params.id;
+        const limit = Math.min(parseInt(request.query.limit || '20', 10), 100);
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        const agents = db.prepare('SELECT id, name, working_directory FROM agents WHERE project_id = ?').all(pid);
+        const seen = new Set(); // deduplicate by commit hash
+        const commits = [];
+        // Collect unique working directories
+        const dirToAgents = new Map();
+        for (const agent of agents) {
+            let dir = agent.working_directory;
+            if (!dir)
+                continue;
+            if (dir.startsWith('~/'))
+                dir = path.join(os.homedir(), dir.slice(2));
+            if (!dirToAgents.has(dir))
+                dirToAgents.set(dir, []);
+            dirToAgents.get(dir).push(agent.name);
+        }
+        for (const [dir, agentNames] of dirToAgents) {
+            try {
+                if (!fs.existsSync(path.join(dir, '.git')) && !fs.existsSync(dir))
+                    continue;
+                const output = (0, child_process_1.execSync)(`git log --format='%H|%an|%s|%ai' -n ${limit}`, { cwd: dir, timeout: 2000, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
+                if (!output)
+                    continue;
+                for (const line of output.split('\n')) {
+                    const parts = line.split('|');
+                    if (parts.length < 4)
+                        continue;
+                    const hash = parts[0];
+                    if (seen.has(hash))
+                        continue;
+                    seen.add(hash);
+                    commits.push({
+                        hash,
+                        short_hash: hash.slice(0, 7),
+                        author: parts[1],
+                        message: parts[2],
+                        date: parts.slice(3).join('|'), // date may contain |
+                        repo_path: dir,
+                        agent_name: agentNames[0],
+                    });
+                }
+            }
+            catch {
+                // Not a git repo or git failed — skip gracefully
+            }
+        }
+        // Sort by date descending and limit
+        commits.sort((a, b) => b.date > a.date ? 1 : -1);
+        return commits.slice(0, limit);
+    });
+    // Project activity timeline
+    fastify.get('/api/projects/:id/activity', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const limit = parseInt(request.query.limit || '50', 10);
+        const pid = request.params.id;
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        // Combine: issue events + agent status changes + comments into a unified timeline
+        const issues = db.prepare("SELECT 'issue' as event_type, id, number, title, status, created_by as actor, created_at as time FROM issues WHERE project_id = ? ORDER BY created_at DESC LIMIT ?").all(pid, limit);
+        const comments = db.prepare("SELECT 'comment' as event_type, c.id, c.body, c.author_id as actor, c.created_at as time, i.number as issue_number, i.title as issue_title FROM issue_comments c JOIN issues i ON c.issue_id = i.id WHERE i.project_id = ? ORDER BY c.created_at DESC LIMIT ?").all(pid, limit);
+        const agentRuns = db.prepare("SELECT 'agent_run' as event_type, a.id, a.name, a.status as agent_status, a.started_at as time FROM agents a WHERE a.project_id = ? AND a.started_at IS NOT NULL ORDER BY a.started_at DESC LIMIT ?").all(pid, limit);
+        // Merge and sort by time DESC
+        const all = [...issues, ...comments, ...agentRuns]
+            .sort((a, b) => b.time > a.time ? 1 : -1)
+            .slice(0, limit);
+        return all;
+    });
+    // Recent orchestration decision runs (for graph visualization)
+    fastify.get('/api/projects/:id/orchestration-runs', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const pid = request.params.id;
+        const limit = Math.min(Math.max(parseInt(request.query.limit || '20', 10), 1), 100);
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        const rows = db.prepare("SELECT id, project_id, engine, decision, controller_agent_id, controller_started, controller_run_id, controller_pid, dispatch_count, dispatch_summary, reasons, actions, dispatch_results, created_at FROM orchestration_runs WHERE project_id = ? ORDER BY id DESC LIMIT ?").all(pid, limit);
+        const parseJson = (raw, fallback) => {
+            if (typeof raw !== 'string' || raw.trim() === '')
+                return fallback;
+            try {
+                return JSON.parse(raw);
+            }
+            catch {
+                return fallback;
+            }
+        };
+        return rows.map((row) => ({
+            ...row,
+            controller_started: !!row.controller_started,
+            reasons: parseJson(row.reasons, []),
+            actions: parseJson(row.actions, []),
+            dispatch_results: parseJson(row.dispatch_results, []),
+        }));
+    });
+    // List projects (with optional embedded stats for dashboard performance)
+    fastify.get('/api/projects', async (request) => {
+        const db = (0, database_1.getDatabase)();
+        const { user, localhostBypass } = (0, project_permissions_1.getProjectRequestContext)(request);
+        const projects = (0, project_permissions_1.listAccessibleProjects)(db, user, localhostBypass).map((project) => serializeProject(db, project, user, localhostBypass));
+        if (request.query.with_stats !== '1')
+            return projects;
+        // Single-pass stats: avoids N+2 frontend requests per project
+        return projects.map(p => {
+            const agentStats = db.prepare("SELECT COUNT(*) as total, SUM(CASE WHEN status='running' THEN 1 ELSE 0 END) as running, SUM(CASE WHEN status='error' THEN 1 ELSE 0 END) as error_count FROM agents WHERE project_id = ?").get(p.id);
+            const issueStats = db.prepare("SELECT COUNT(*) as total, SUM(CASE WHEN status IN ('open','in_progress') THEN 1 ELSE 0 END) as open_count FROM issues WHERE project_id = ?").get(p.id);
+            const userIssues = db.prepare("SELECT number, title FROM issues WHERE project_id = ? AND assigned_to = 'user' AND status IN ('open','in_progress') ORDER BY priority DESC LIMIT 10").all(p.id);
+            return {
+                ...p,
+                stats: {
+                    agents: agentStats.total || 0,
+                    running: agentStats.running || 0,
+                    agentError: agentStats.error_count || 0,
+                    issues: issueStats.total || 0,
+                    openIssues: issueStats.open_count || 0,
+                    userIssues,
+                },
+            };
+        });
+    });
+    // Create project
+    fastify.post('/api/projects', async (request, reply) => {
+        const { name, description, task_description, command_template, orchestrator_engine, working_directory, controller_role } = request.body;
+        if (!task_description) {
+            return reply.code(400).send({ error: 'task_description is required' });
+        }
+        const db = (0, database_1.getDatabase)();
+        const id = (0, uuid_1.v4)();
+        const tmpl = command_template || config_1.config.defaultCommandTemplate;
+        const orchestratorEngine = normalizeOrchestratorEngine(orchestrator_engine);
+        const { user } = (0, project_permissions_1.getProjectRequestContext)(request);
+        const ownerId = user && !(0, auth_1.isLegacyAuthUser)(user) ? user.id : null;
+        if (orchestrator_engine !== undefined && orchestratorEngine === null) {
+            return reply.code(400).send({ error: 'Invalid orchestrator_engine. Use native or langgraph.' });
+        }
+        db.prepare(`
+      INSERT INTO projects (id, name, description, task_description, command_template, orchestrator_engine, owner_id, status)
+      VALUES (?, ?, ?, ?, ?, ?, ?, 'active')
+    `).run(id, name, description || '', task_description, tmpl, orchestratorEngine || config_1.config.defaultOrchestratorEngine, ownerId);
+        if (ownerId) {
+            db.prepare(`
+        INSERT INTO project_members (id, project_id, user_id, role)
+        VALUES (?, ?, ?, 'owner')
+        ON CONFLICT(project_id, user_id) DO UPDATE SET role = 'owner'
+      `).run((0, uuid_1.v4)(), id, ownerId);
+        }
+        // Create default controller agent (with Sonnet model for cost efficiency)
+        const controllerId = (0, uuid_1.v4)();
+        const ctrlRole = controller_role || 'Main controller agent that manages and coordinates other agents';
+        const ctrlCommandTemplate = `${tmpl} --model claude-sonnet-4-6`;
+        db.prepare(`
+      INSERT INTO agents (id, project_id, name, role, is_controller, working_directory, command_template, status)
+      VALUES (?, ?, ?, ?, 1, ?, ?, 'idle')
+    `).run(controllerId, id, `${name || 'project'}-controller`, ctrlRole, working_directory || null, ctrlCommandTemplate);
+        // Create default assistant agent
+        const assistantId = (0, uuid_1.v4)();
+        db.prepare(`
+      INSERT INTO agents (id, project_id, name, role, is_controller, working_directory, status)
+      VALUES (?, ?, ?, ?, 0, ?, 'idle')
+    `).run(assistantId, id, `${name || 'project'}-assistant`, 'Assistant to the controller. Handles analysis, code execution, data processing, and research tasks delegated by the controller.', working_directory || null);
+        const project = db.prepare('SELECT * FROM projects WHERE id = ?').get(id);
+        return reply.code(201).send(serializeProject(db, project, user, false));
+    });
+    // Get project
+    fastify.get('/api/projects/:id', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id);
+        if (!access)
+            return;
+        const project = db.prepare('SELECT * FROM projects WHERE id = ?').get(request.params.id);
+        if (!project)
+            return reply.code(404).send({ error: 'Project not found' });
+        return serializeProject(db, project, access.user, access.localhostBypass);
+    });
+    // Update project
+    fastify.put('/api/projects/:id', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id, true);
+        if (!access)
+            return;
+        const existing = db.prepare('SELECT * FROM projects WHERE id = ?').get(request.params.id);
+        if (!existing)
+            return reply.code(404).send({ error: 'Project not found' });
+        const { name, description, task_description, command_template, orchestrator_engine, status } = request.body;
+        const orchestratorEngine = normalizeOrchestratorEngine(orchestrator_engine);
+        if (orchestrator_engine !== undefined && orchestratorEngine === null) {
+            return reply.code(400).send({ error: 'Invalid orchestrator_engine. Use native or langgraph.' });
+        }
+        db.prepare(`
+      UPDATE projects SET
+        name = COALESCE(?, name),
+        description = COALESCE(?, description),
+        task_description = COALESCE(?, task_description),
+        command_template = COALESCE(?, command_template),
+        orchestrator_engine = COALESCE(?, orchestrator_engine),
+        status = COALESCE(?, status),
+        updated_at = datetime('now')
+      WHERE id = ?
+    `).run(name ?? null, description ?? null, task_description ?? null, command_template ?? null, orchestratorEngine ?? null, status ?? null, request.params.id);
+        const updated = db.prepare('SELECT * FROM projects WHERE id = ?').get(request.params.id);
+        return serializeProject(db, updated, access.user, access.localhostBypass);
+    });
+    fastify.get('/api/projects/:id/members', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id);
+        if (!access)
+            return;
+        const members = db.prepare(`SELECT pm.*,
+              u.username,
+              u.display_name,
+              u.role as user_role
+       FROM project_members pm
+       JOIN users u ON u.id = pm.user_id
+       WHERE pm.project_id = ?
+       ORDER BY CASE pm.role WHEN 'owner' THEN 0 ELSE 1 END, COALESCE(u.display_name, u.username), u.username`).all(request.params.id);
+        return { members };
+    });
+    fastify.post('/api/projects/:id/members', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id, true);
+        if (!access)
+            return;
+        const { user_id, username, role } = request.body;
+        if (!user_id && !username) {
+            return reply.code(400).send({ error: 'user_id or username is required' });
+        }
+        if (role && role !== 'member') {
+            return reply.code(400).send({ error: 'Only member role is supported' });
+        }
+        const project = db.prepare('SELECT owner_id FROM projects WHERE id = ?').get(request.params.id);
+        if (!project)
+            return reply.code(404).send({ error: 'Project not found' });
+        const targetUser = user_id
+            ? db.prepare('SELECT id, username, display_name, role FROM users WHERE id = ?').get(user_id)
+            : db.prepare('SELECT id, username, display_name, role FROM users WHERE username = ?').get(username);
+        if (!targetUser) {
+            return reply.code(404).send({ error: 'User not found' });
+        }
+        if (project.owner_id === targetUser.id) {
+            return reply.code(400).send({ error: 'Project owner already has access' });
+        }
+        const existingMember = db.prepare('SELECT * FROM project_members WHERE project_id = ? AND user_id = ?').get(request.params.id, targetUser.id);
+        if (existingMember?.role === 'owner') {
+            return reply.code(400).send({ error: 'Cannot change project owner membership via share API' });
+        }
+        if (existingMember) {
+            db.prepare("UPDATE project_members SET role = 'member' WHERE id = ?").run(existingMember.id);
+        }
+        else {
+            db.prepare("INSERT INTO project_members (id, project_id, user_id, role) VALUES (?, ?, ?, 'member')").run((0, uuid_1.v4)(), request.params.id, targetUser.id);
+        }
+        const member = db.prepare(`SELECT pm.*,
+                u.username,
+                u.display_name,
+                u.role as user_role
+         FROM project_members pm
+         JOIN users u ON u.id = pm.user_id
+         WHERE pm.project_id = ? AND pm.user_id = ?`).get(request.params.id, targetUser.id);
+        return reply.code(existingMember ? 200 : 201).send(member);
+    });
+    fastify.delete('/api/projects/:id/members/:userId', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id, true);
+        if (!access)
+            return;
+        const project = db.prepare('SELECT owner_id FROM projects WHERE id = ?').get(request.params.id);
+        if (!project)
+            return reply.code(404).send({ error: 'Project not found' });
+        if (project.owner_id === request.params.userId) {
+            return reply.code(400).send({ error: 'Cannot remove project owner' });
+        }
+        const existingMember = db.prepare('SELECT * FROM project_members WHERE project_id = ? AND user_id = ?').get(request.params.id, request.params.userId);
+        if (!existingMember) {
+            return reply.code(404).send({ error: 'Project member not found' });
+        }
+        db.prepare('DELETE FROM project_members WHERE id = ?').run(existingMember.id);
+        return { success: true };
+    });
+    // Export project data as JSON
+    fastify.get('/api/projects/:id/export', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const pid = request.params.id;
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        const project = db.prepare('SELECT * FROM projects WHERE id = ?').get(pid);
+        if (!project)
+            return reply.code(404).send({ error: 'Project not found' });
+        const agents = db.prepare('SELECT id, name, role, is_controller, status, started_at, finished_at, created_at FROM agents WHERE project_id = ?').all(pid);
+        const issues = db.prepare('SELECT * FROM issues WHERE project_id = ? ORDER BY number').all(pid);
+        const milestones = db.prepare('SELECT * FROM milestones WHERE project_id = ?').all(pid);
+        // Cost summary — only last cost record per run_id (cost is cumulative)
+        const costRows = db.prepare(`SELECT c.content FROM conversation_logs c
+       INNER JOIN (SELECT MAX(cl.id) as max_id FROM conversation_logs cl JOIN agents al ON cl.agent_id = al.id WHERE al.project_id = ? AND cl.stream = 'cost' GROUP BY cl.run_id) latest
+       ON c.id = latest.max_id`).all(pid);
+        let totalCost = 0;
+        let totalInput = 0;
+        let totalOutput = 0;
+        for (const c of costRows) {
+            try {
+                const data = JSON.parse(c.content);
+                totalCost += data.cost_usd || 0;
+                totalInput += data.input_tokens || 0;
+                totalOutput += data.output_tokens || 0;
+            }
+            catch { }
+        }
+        reply.header('Content-Type', 'application/json');
+        reply.header('Content-Disposition', `attachment; filename="${project.name || 'project'}-export.json"`);
+        return {
+            exported_at: new Date().toISOString(),
+            project,
+            agents,
+            issues,
+            milestones,
+            cost_summary: { total_cost_usd: totalCost, total_input_tokens: totalInput, total_output_tokens: totalOutput },
+        };
+    });
+    // Export issues as CSV
+    fastify.get('/api/projects/:id/export/issues.csv', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const pid = request.params.id;
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, pid);
+        if (!access)
+            return;
+        const project = db.prepare('SELECT * FROM projects WHERE id = ?').get(pid);
+        if (!project)
+            return reply.code(404).send({ error: 'Project not found' });
+        const issues = db.prepare('SELECT number, title, status, priority, labels, assigned_to, created_by, created_at, updated_at FROM issues WHERE project_id = ? ORDER BY number').all(pid);
+        const csvHeader = 'number,title,status,priority,labels,assigned_to,created_by,created_at,updated_at';
+        const csvRows = issues.map((i) => {
+            const escape = (v) => {
+                const s = String(v ?? '');
+                return s.includes(',') || s.includes('"') || s.includes('\n') ? `"${s.replace(/"/g, '""')}"` : s;
+            };
+            return [i.number, i.title, i.status, i.priority, i.labels, i.assigned_to, i.created_by, i.created_at, i.updated_at].map(escape).join(',');
+        });
+        reply.header('Content-Type', 'text/csv');
+        reply.header('Content-Disposition', `attachment; filename="${project.name || 'project'}-issues.csv"`);
+        return [csvHeader, ...csvRows].join('\n');
+    });
+    // Delete project
+    fastify.delete('/api/projects/:id', async (request, reply) => {
+        const db = (0, database_1.getDatabase)();
+        const access = (0, project_permissions_1.ensureProjectAccess)(db, request, reply, request.params.id, true);
+        if (!access)
+            return;
+        const existing = db.prepare('SELECT * FROM projects WHERE id = ?').get(request.params.id);
+        if (!existing)
+            return reply.code(404).send({ error: 'Project not found' });
+        // Stop all running agents before deleting
+        const agents = db.prepare('SELECT * FROM agents WHERE project_id = ?').all(request.params.id);
+        for (const agent of agents) {
+            if ((0, process_manager_1.isAgentRunning)(agent.id))
+                (0, process_manager_1.stopAgentProcess)(agent.id);
+        }
+        db.prepare('DELETE FROM projects WHERE id = ?').run(request.params.id);
+        return { success: true };
+    });
+}
+//# sourceMappingURL=projects.js.map