npm - aicodeman - Versions diffs - 0.2.9 → 0.3.1 - Mend

aicodeman 0.2.9 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (374) hide show

package/README.md +118 -4
package/dist/ai-idle-checker.d.ts.map +1 -1
package/dist/ai-idle-checker.js +3 -2
package/dist/ai-idle-checker.js.map +1 -1
package/dist/ai-plan-checker.d.ts.map +1 -1
package/dist/ai-plan-checker.js +3 -2
package/dist/ai-plan-checker.js.map +1 -1
package/dist/bash-tool-parser.d.ts +2 -3
package/dist/bash-tool-parser.d.ts.map +1 -1
package/dist/bash-tool-parser.js +14 -31
package/dist/bash-tool-parser.js.map +1 -1
package/dist/config/ai-defaults.d.ts +16 -0
package/dist/config/ai-defaults.d.ts.map +1 -0
package/dist/config/ai-defaults.js +16 -0
package/dist/config/ai-defaults.js.map +1 -0
package/dist/config/auth-config.d.ts +19 -0
package/dist/config/auth-config.d.ts.map +1 -0
package/dist/config/auth-config.js +28 -0
package/dist/config/auth-config.js.map +1 -0
package/dist/config/exec-timeout.d.ts +10 -0
package/dist/config/exec-timeout.d.ts.map +1 -0
package/dist/config/exec-timeout.js +10 -0
package/dist/config/exec-timeout.js.map +1 -0
package/dist/config/map-limits.d.ts +4 -0
package/dist/config/map-limits.d.ts.map +1 -1
package/dist/config/map-limits.js +7 -0
package/dist/config/map-limits.js.map +1 -1
package/dist/config/server-timing.d.ts +42 -0
package/dist/config/server-timing.d.ts.map +1 -0
package/dist/config/server-timing.js +57 -0
package/dist/config/server-timing.js.map +1 -0
package/dist/config/team-config.d.ts +16 -0
package/dist/config/team-config.d.ts.map +1 -0
package/dist/config/team-config.js +16 -0
package/dist/config/team-config.js.map +1 -0
package/dist/config/terminal-limits.d.ts +18 -0
package/dist/config/terminal-limits.d.ts.map +1 -0
package/dist/config/terminal-limits.js +18 -0
package/dist/config/terminal-limits.js.map +1 -0
package/dist/config/tunnel-config.d.ts +27 -0
package/dist/config/tunnel-config.d.ts.map +1 -0
package/dist/config/tunnel-config.js +36 -0
package/dist/config/tunnel-config.js.map +1 -0
package/dist/hooks-config.d.ts +21 -6
package/dist/hooks-config.d.ts.map +1 -1
package/dist/hooks-config.js +28 -12
package/dist/hooks-config.js.map +1 -1
package/dist/image-watcher.d.ts +4 -4
package/dist/image-watcher.d.ts.map +1 -1
package/dist/image-watcher.js +17 -30
package/dist/image-watcher.js.map +1 -1
package/dist/index.js +1 -2
package/dist/index.js.map +1 -1
package/dist/plan-orchestrator.d.ts +2 -24
package/dist/plan-orchestrator.d.ts.map +1 -1
package/dist/plan-orchestrator.js.map +1 -1
package/dist/prompts/planner.d.ts +7 -8
package/dist/prompts/planner.d.ts.map +1 -1
package/dist/prompts/planner.js +7 -8
package/dist/prompts/planner.js.map +1 -1
package/dist/prompts/research-agent.d.ts +6 -4
package/dist/prompts/research-agent.d.ts.map +1 -1
package/dist/prompts/research-agent.js +6 -4
package/dist/prompts/research-agent.js.map +1 -1
package/dist/push-store.d.ts +1 -1
package/dist/push-store.d.ts.map +1 -1
package/dist/push-store.js +4 -12
package/dist/push-store.js.map +1 -1
package/dist/ralph-fix-plan-watcher.d.ts +91 -0
package/dist/ralph-fix-plan-watcher.d.ts.map +1 -0
package/dist/ralph-fix-plan-watcher.js +326 -0
package/dist/ralph-fix-plan-watcher.js.map +1 -0
package/dist/ralph-loop.d.ts +14 -4
package/dist/ralph-loop.d.ts.map +1 -1
package/dist/ralph-loop.js +14 -4
package/dist/ralph-loop.js.map +1 -1
package/dist/ralph-plan-tracker.d.ts +201 -0
package/dist/ralph-plan-tracker.d.ts.map +1 -0
package/dist/ralph-plan-tracker.js +325 -0
package/dist/ralph-plan-tracker.js.map +1 -0
package/dist/ralph-stall-detector.d.ts +84 -0
package/dist/ralph-stall-detector.d.ts.map +1 -0
package/dist/ralph-stall-detector.js +139 -0
package/dist/ralph-stall-detector.js.map +1 -0
package/dist/ralph-status-parser.d.ts +141 -0
package/dist/ralph-status-parser.d.ts.map +1 -0
package/dist/ralph-status-parser.js +478 -0
package/dist/ralph-status-parser.js.map +1 -0
package/dist/ralph-tracker.d.ts +218 -692
package/dist/ralph-tracker.d.ts.map +1 -1
package/dist/ralph-tracker.js +389 -1723
package/dist/ralph-tracker.js.map +1 -1
package/dist/respawn-adaptive-timing.d.ts +61 -0
package/dist/respawn-adaptive-timing.d.ts.map +1 -0
package/dist/respawn-adaptive-timing.js +105 -0
package/dist/respawn-adaptive-timing.js.map +1 -0
package/dist/respawn-controller.d.ts +35 -115
package/dist/respawn-controller.d.ts.map +1 -1
package/dist/respawn-controller.js +167 -607
package/dist/respawn-controller.js.map +1 -1
package/dist/respawn-health.d.ts +54 -0
package/dist/respawn-health.d.ts.map +1 -0
package/dist/respawn-health.js +183 -0
package/dist/respawn-health.js.map +1 -0
package/dist/respawn-metrics.d.ts +81 -0
package/dist/respawn-metrics.d.ts.map +1 -0
package/dist/respawn-metrics.js +198 -0
package/dist/respawn-metrics.js.map +1 -0
package/dist/respawn-patterns.d.ts +45 -0
package/dist/respawn-patterns.d.ts.map +1 -0
package/dist/respawn-patterns.js +125 -0
package/dist/respawn-patterns.js.map +1 -0
package/dist/session-auto-ops.d.ts +89 -0
package/dist/session-auto-ops.d.ts.map +1 -0
package/dist/session-auto-ops.js +224 -0
package/dist/session-auto-ops.js.map +1 -0
package/dist/session-cli-builder.d.ts +62 -0
package/dist/session-cli-builder.d.ts.map +1 -0
package/dist/session-cli-builder.js +121 -0
package/dist/session-cli-builder.js.map +1 -0
package/dist/session-manager.d.ts +17 -5
package/dist/session-manager.d.ts.map +1 -1
package/dist/session-manager.js +17 -5
package/dist/session-manager.js.map +1 -1
package/dist/session-task-cache.d.ts +52 -0
package/dist/session-task-cache.d.ts.map +1 -0
package/dist/session-task-cache.js +90 -0
package/dist/session-task-cache.js.map +1 -0
package/dist/session.d.ts +23 -41
package/dist/session.d.ts.map +1 -1
package/dist/session.js +79 -317
package/dist/session.js.map +1 -1
package/dist/state-store.d.ts +19 -9
package/dist/state-store.d.ts.map +1 -1
package/dist/state-store.js +29 -30
package/dist/state-store.js.map +1 -1
package/dist/subagent-watcher.d.ts +26 -7
package/dist/subagent-watcher.d.ts.map +1 -1
package/dist/subagent-watcher.js +47 -64
package/dist/subagent-watcher.js.map +1 -1
package/dist/team-watcher.d.ts.map +1 -1
package/dist/team-watcher.js +2 -5
package/dist/team-watcher.js.map +1 -1
package/dist/tmux-manager.d.ts.map +1 -1
package/dist/tmux-manager.js +1 -2
package/dist/tmux-manager.js.map +1 -1
package/dist/tunnel-manager.d.ts +26 -0
package/dist/tunnel-manager.d.ts.map +1 -1
package/dist/tunnel-manager.js +126 -7
package/dist/tunnel-manager.js.map +1 -1
package/dist/types/api.d.ts +108 -0
package/dist/types/api.d.ts.map +1 -0
package/dist/types/api.js +98 -0
package/dist/types/api.js.map +1 -0
package/dist/types/app-state.d.ts +117 -0
package/dist/types/app-state.d.ts.map +1 -0
package/dist/types/app-state.js +76 -0
package/dist/types/app-state.js.map +1 -0
package/dist/types/common.d.ts +79 -0
package/dist/types/common.d.ts.map +1 -0
package/dist/types/common.js +17 -0
package/dist/types/common.js.map +1 -0
package/dist/types/index.d.ts +66 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +66 -0
package/dist/types/index.js.map +1 -0
package/dist/types/lifecycle.d.ts +28 -0
package/dist/types/lifecycle.d.ts.map +1 -0
package/dist/types/lifecycle.js +16 -0
package/dist/types/lifecycle.js.map +1 -0
package/dist/types/plan.d.ts +45 -0
package/dist/types/plan.d.ts.map +1 -0
package/dist/types/plan.js +18 -0
package/dist/types/plan.js.map +1 -0
package/dist/types/push.d.ts +36 -0
package/dist/types/push.d.ts.map +1 -0
package/dist/types/push.js +18 -0
package/dist/types/push.js.map +1 -0
package/dist/types/ralph.d.ts +262 -0
package/dist/types/ralph.d.ts.map +1 -0
package/dist/types/ralph.js +70 -0
package/dist/types/ralph.js.map +1 -0
package/dist/types/respawn.d.ts +271 -0
package/dist/types/respawn.d.ts.map +1 -0
package/dist/types/respawn.js +26 -0
package/dist/types/respawn.js.map +1 -0
package/dist/types/run-summary.d.ts +96 -0
package/dist/types/run-summary.d.ts.map +1 -0
package/dist/types/run-summary.js +37 -0
package/dist/types/run-summary.js.map +1 -0
package/dist/types/session.d.ts +152 -0
package/dist/types/session.d.ts.map +1 -0
package/dist/types/session.js +27 -0
package/dist/types/session.js.map +1 -0
package/dist/types/task.d.ts +72 -0
package/dist/types/task.d.ts.map +1 -0
package/dist/types/task.js +19 -0
package/dist/types/task.js.map +1 -0
package/dist/types/teams.d.ts +73 -0
package/dist/types/teams.d.ts.map +1 -0
package/dist/types/teams.js +23 -0
package/dist/types/teams.js.map +1 -0
package/dist/types/tools.d.ts +61 -0
package/dist/types/tools.d.ts.map +1 -0
package/dist/types/tools.js +20 -0
package/dist/types/tools.js.map +1 -0
package/dist/types.d.ts +8 -1134
package/dist/types.d.ts.map +1 -1
package/dist/types.js +8 -210
package/dist/types.js.map +1 -1
package/dist/utils/claude-cli-resolver.d.ts.map +1 -1
package/dist/utils/claude-cli-resolver.js +1 -2
package/dist/utils/claude-cli-resolver.js.map +1 -1
package/dist/utils/debouncer.d.ts +111 -0
package/dist/utils/debouncer.d.ts.map +1 -0
package/dist/utils/debouncer.js +162 -0
package/dist/utils/debouncer.js.map +1 -0
package/dist/utils/index.d.ts +3 -2
package/dist/utils/index.d.ts.map +1 -1
package/dist/utils/index.js +3 -2
package/dist/utils/index.js.map +1 -1
package/dist/utils/opencode-cli-resolver.d.ts.map +1 -1
package/dist/utils/opencode-cli-resolver.js +1 -2
package/dist/utils/opencode-cli-resolver.js.map +1 -1
package/dist/utils/string-similarity.d.ts +0 -57
package/dist/utils/string-similarity.d.ts.map +1 -1
package/dist/utils/string-similarity.js +3 -18
package/dist/utils/string-similarity.js.map +1 -1
package/dist/web/middleware/auth.d.ts +31 -0
package/dist/web/middleware/auth.d.ts.map +1 -0
package/dist/web/middleware/auth.js +154 -0
package/dist/web/middleware/auth.js.map +1 -0
package/dist/web/ports/auth-port.d.ts +18 -0
package/dist/web/ports/auth-port.d.ts.map +1 -0
package/dist/web/ports/auth-port.js +6 -0
package/dist/web/ports/auth-port.js.map +1 -0
package/dist/web/ports/config-port.d.ts +28 -0
package/dist/web/ports/config-port.d.ts.map +1 -0
package/dist/web/ports/config-port.js +6 -0
package/dist/web/ports/config-port.js.map +1 -0
package/dist/web/ports/event-port.d.ts +13 -0
package/dist/web/ports/event-port.d.ts.map +1 -0
package/dist/web/ports/event-port.js +6 -0
package/dist/web/ports/event-port.js.map +1 -0
package/dist/web/ports/index.d.ts +14 -0
package/dist/web/ports/index.d.ts.map +1 -0
package/dist/web/ports/index.js +9 -0
package/dist/web/ports/index.js.map +1 -0
package/dist/web/ports/infra-port.d.ts +36 -0
package/dist/web/ports/infra-port.d.ts.map +1 -0
package/dist/web/ports/infra-port.js +6 -0
package/dist/web/ports/infra-port.js.map +1 -0
package/dist/web/ports/respawn-port.d.ts +20 -0
package/dist/web/ports/respawn-port.d.ts.map +1 -0
package/dist/web/ports/respawn-port.js +6 -0
package/dist/web/ports/respawn-port.js.map +1 -0
package/dist/web/ports/session-port.d.ts +15 -0
package/dist/web/ports/session-port.d.ts.map +1 -0
package/dist/web/ports/session-port.js +6 -0
package/dist/web/ports/session-port.js.map +1 -0
package/dist/web/public/api-client.js +82 -0
package/dist/web/public/api-client.js.br +0 -0
package/dist/web/public/api-client.js.gz +0 -0
package/dist/web/public/app.js +117 -201
package/dist/web/public/app.js.br +0 -0
package/dist/web/public/app.js.gz +0 -0
package/dist/web/public/constants.js +365 -0
package/dist/web/public/constants.js.br +0 -0
package/dist/web/public/constants.js.gz +0 -0
package/dist/web/public/index.html +15 -3
package/dist/web/public/index.html.br +0 -0
package/dist/web/public/index.html.gz +0 -0
package/dist/web/public/keyboard-accessory.js +302 -0
package/dist/web/public/keyboard-accessory.js.br +0 -0
package/dist/web/public/keyboard-accessory.js.gz +0 -0
package/dist/web/public/mobile-handlers.js +491 -0
package/dist/web/public/mobile-handlers.js.br +0 -0
package/dist/web/public/mobile-handlers.js.gz +0 -0
package/dist/web/public/mobile.css.gz +0 -0
package/dist/web/public/notification-manager.js +472 -0
package/dist/web/public/notification-manager.js.br +0 -0
package/dist/web/public/notification-manager.js.gz +0 -0
package/dist/web/public/ralph-wizard.js +33 -9
package/dist/web/public/ralph-wizard.js.br +0 -0
package/dist/web/public/ralph-wizard.js.gz +0 -0
package/dist/web/public/styles.css.gz +0 -0
package/dist/web/public/subagent-windows.js +1149 -0
package/dist/web/public/subagent-windows.js.br +0 -0
package/dist/web/public/subagent-windows.js.gz +0 -0
package/dist/web/public/sw.js +15 -0
package/dist/web/public/sw.js.br +0 -0
package/dist/web/public/sw.js.gz +0 -0
package/dist/web/public/upload.html.gz +0 -0
package/dist/web/public/vendor/xterm-addon-fit.min.js.gz +0 -0
package/dist/web/public/vendor/xterm-addon-unicode11.min.js.gz +0 -0
package/dist/web/public/vendor/xterm-addon-webgl.min.js.gz +0 -0
package/dist/web/public/vendor/xterm-zerolag-input.js +4 -0
package/dist/web/public/vendor/xterm-zerolag-input.js.br +0 -0
package/dist/web/public/vendor/xterm-zerolag-input.js.gz +0 -0
package/dist/web/public/vendor/xterm.css.gz +0 -0
package/dist/web/public/vendor/xterm.min.js.gz +0 -0
package/dist/web/public/voice-input.js +882 -0
package/dist/web/public/voice-input.js.br +0 -0
package/dist/web/public/voice-input.js.gz +0 -0
package/dist/web/route-helpers.d.ts +38 -0
package/dist/web/route-helpers.d.ts.map +1 -0
package/dist/web/route-helpers.js +144 -0
package/dist/web/route-helpers.js.map +1 -0
package/dist/web/routes/case-routes.d.ts +9 -0
package/dist/web/routes/case-routes.d.ts.map +1 -0
package/dist/web/routes/case-routes.js +426 -0
package/dist/web/routes/case-routes.js.map +1 -0
package/dist/web/routes/file-routes.d.ts +8 -0
package/dist/web/routes/file-routes.d.ts.map +1 -0
package/dist/web/routes/file-routes.js +337 -0
package/dist/web/routes/file-routes.js.map +1 -0
package/dist/web/routes/hook-event-routes.d.ts +9 -0
package/dist/web/routes/hook-event-routes.d.ts.map +1 -0
package/dist/web/routes/hook-event-routes.js +57 -0
package/dist/web/routes/hook-event-routes.js.map +1 -0
package/dist/web/routes/index.d.ts +16 -0
package/dist/web/routes/index.d.ts.map +1 -0
package/dist/web/routes/index.js +16 -0
package/dist/web/routes/index.js.map +1 -0
package/dist/web/routes/mux-routes.d.ts +8 -0
package/dist/web/routes/mux-routes.d.ts.map +1 -0
package/dist/web/routes/mux-routes.js +32 -0
package/dist/web/routes/mux-routes.js.map +1 -0
package/dist/web/routes/plan-routes.d.ts +9 -0
package/dist/web/routes/plan-routes.d.ts.map +1 -0
package/dist/web/routes/plan-routes.js +385 -0
package/dist/web/routes/plan-routes.js.map +1 -0
package/dist/web/routes/push-routes.d.ts +8 -0
package/dist/web/routes/push-routes.d.ts.map +1 -0
package/dist/web/routes/push-routes.js +49 -0
package/dist/web/routes/push-routes.js.map +1 -0
package/dist/web/routes/ralph-routes.d.ts +9 -0
package/dist/web/routes/ralph-routes.d.ts.map +1 -0
package/dist/web/routes/ralph-routes.js +485 -0
package/dist/web/routes/ralph-routes.js.map +1 -0
package/dist/web/routes/respawn-routes.d.ts +8 -0
package/dist/web/routes/respawn-routes.d.ts.map +1 -0
package/dist/web/routes/respawn-routes.js +270 -0
package/dist/web/routes/respawn-routes.js.map +1 -0
package/dist/web/routes/scheduled-routes.d.ts +8 -0
package/dist/web/routes/scheduled-routes.d.ts.map +1 -0
package/dist/web/routes/scheduled-routes.js +51 -0
package/dist/web/routes/scheduled-routes.js.map +1 -0
package/dist/web/routes/session-routes.d.ts +9 -0
package/dist/web/routes/session-routes.d.ts.map +1 -0
package/dist/web/routes/session-routes.js +751 -0
package/dist/web/routes/session-routes.js.map +1 -0
package/dist/web/routes/system-routes.d.ts +9 -0
package/dist/web/routes/system-routes.d.ts.map +1 -0
package/dist/web/routes/system-routes.js +699 -0
package/dist/web/routes/system-routes.js.map +1 -0
package/dist/web/routes/team-routes.d.ts +8 -0
package/dist/web/routes/team-routes.d.ts.map +1 -0
package/dist/web/routes/team-routes.js +14 -0
package/dist/web/routes/team-routes.js.map +1 -0
package/dist/web/schemas.d.ts +43 -3
package/dist/web/schemas.d.ts.map +1 -1
package/dist/web/schemas.js +6 -2
package/dist/web/schemas.js.map +1 -1
package/dist/web/server.d.ts +35 -15
package/dist/web/server.d.ts.map +1 -1
package/dist/web/server.js +563 -3971
package/dist/web/server.js.map +1 -1
package/dist/web/sse-events.d.ts +361 -0
package/dist/web/sse-events.d.ts.map +1 -0
package/dist/web/sse-events.js +396 -0
package/dist/web/sse-events.js.map +1 -0
package/package.json +2 -1
package/scripts/postinstall.js +58 -0

package/dist/web/routes/system-routes.js ADDED Viewed

@@ -0,0 +1,699 @@
+/**
+ * @fileoverview System, config, settings, subagent, and debug routes.
+ * Covers status, stats, config CRUD, settings, subagent monitoring,
+ * debug/memory, lifecycle logs, screenshots, and various persistence endpoints.
+ */
+import { join, dirname } from 'node:path';
+import { existsSync, mkdirSync, readdirSync } from 'node:fs';
+import fs from 'node:fs/promises';
+import { homedir, totalmem, freemem, loadavg, cpus } from 'node:os';
+import { execSync } from 'node:child_process';
+import { randomBytes } from 'node:crypto';
+import { ApiErrorCode, createErrorResponse, getErrorMessage } from '../../types.js';
+import { ConfigUpdateSchema, SettingsUpdateSchema, ModelConfigUpdateSchema, CpuLimitSchema, SubagentWindowStatesSchema, SubagentParentMapSchema, RevokeSessionSchema, } from '../schemas.js';
+import { subagentWatcher } from '../../subagent-watcher.js';
+import { imageWatcher } from '../../image-watcher.js';
+import { getLifecycleLog } from '../../session-lifecycle-log.js';
+import { findSessionOrFail, formatUptime, SETTINGS_PATH } from '../route-helpers.js';
+import { SseEvent } from '../sse-events.js';
+import { AUTH_COOKIE_NAME } from '../middleware/auth.js';
+import { QR_AUTH_FAILURE_MAX } from '../../config/tunnel-config.js';
+import { AUTH_SESSION_TTL_MS } from '../../config/auth-config.js';
+// Maximum screenshot upload size (10MB)
+const MAX_SCREENSHOT_SIZE = 10 * 1024 * 1024;
+// Screenshots directory
+const SCREENSHOTS_DIR = join(homedir(), '.codeman', 'screenshots');
+/** Cached CPU count — doesn't change at runtime */
+const CPU_COUNT = cpus().length;
+/** Get system CPU and memory usage */
+function getSystemStats() {
+    try {
+        const totalMem = totalmem();
+        // macOS: os.freemem() only returns truly free pages, not cached/purgeable memory.
+        // Use vm_stat to get accurate used memory (wired + active + compressed).
+        let usedMem;
+        if (process.platform === 'darwin') {
+            try {
+                const vmstat = execSync('vm_stat', { encoding: 'utf-8', timeout: 2000 });
+                const pageSize = parseInt(vmstat.match(/page size of (\d+)/)?.[1] || '4096', 10);
+                const wired = parseInt(vmstat.match(/Pages wired down:\s+(\d+)/)?.[1] || '0', 10);
+                const active = parseInt(vmstat.match(/Pages active:\s+(\d+)/)?.[1] || '0', 10);
+                const compressed = parseInt(vmstat.match(/Pages occupied by compressor:\s+(\d+)/)?.[1] || '0', 10);
+                usedMem = (wired + active + compressed) * pageSize;
+            }
+            catch {
+                usedMem = totalMem - freemem();
+            }
+        }
+        else {
+            usedMem = totalMem - freemem();
+        }
+        // CPU load average (1 min) as percentage (rough approximation)
+        const load = loadavg()[0];
+        const cpuPercent = Math.min(100, Math.round((load / CPU_COUNT) * 100));
+        return {
+            cpu: cpuPercent,
+            memory: {
+                usedMB: Math.round(usedMem / (1024 * 1024)),
+                totalMB: Math.round(totalMem / (1024 * 1024)),
+                percent: Math.round((usedMem / totalMem) * 100),
+            },
+        };
+    }
+    catch {
+        return {
+            cpu: 0,
+            memory: { usedMB: 0, totalMB: 0, percent: 0 },
+        };
+    }
+}
+export function registerSystemRoutes(app, ctx) {
+    const windowStatesPath = join(homedir(), '.codeman', 'subagent-window-states.json');
+    const parentMapPath = join(homedir(), '.codeman', 'subagent-parents.json');
+    // ═══════════════════════════════════════════════════════════════
+    // System Status & Health
+    // ═══════════════════════════════════════════════════════════════
+    // ========== Status ==========
+    app.get('/api/status', async () => ctx.getLightState());
+    // ========== Tunnel ==========
+    app.get('/api/tunnel/status', async () => ctx.tunnelManager.getStatus());
+    app.get('/api/tunnel/qr', async (_req, reply) => {
+        const url = ctx.tunnelManager.getUrl();
+        if (!url) {
+            return reply.code(404).send(createErrorResponse(ApiErrorCode.NOT_FOUND, 'Tunnel not running'));
+        }
+        try {
+            const authPassword = process.env.CODEMAN_PASSWORD;
+            if (authPassword) {
+                // Auth enabled — use cached SVG with embedded short code
+                const svg = await ctx.tunnelManager.getQrSvg(url);
+                return { svg, authEnabled: true };
+            }
+            // No auth — just encode the raw tunnel URL
+            const QRCode = await import('qrcode');
+            const svg = await QRCode.toString(url, { type: 'svg', margin: 2, width: 256 });
+            return { svg, authEnabled: false };
+        }
+        catch (err) {
+            return reply.code(500).send(createErrorResponse(ApiErrorCode.OPERATION_FAILED, getErrorMessage(err)));
+        }
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // Authentication (QR auth, session revocation)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== QR Auth Route ==========
+    app.get('/q/:code', async (req, reply) => {
+        const shortCode = req.params.code;
+        const authPassword = process.env.CODEMAN_PASSWORD;
+        // No point if auth isn't enabled — just redirect
+        if (!authPassword) {
+            return reply.redirect('/');
+        }
+        const clientIp = req.ip;
+        // Per-IP rate limit (separate counter from Basic Auth failures)
+        const qrFailures = ctx.qrAuthFailures?.get(clientIp) ?? 0;
+        if (qrFailures >= QR_AUTH_FAILURE_MAX) {
+            return reply.code(429).send('Too Many Requests');
+        }
+        // Validate and atomically consume the token
+        if (!shortCode || !ctx.tunnelManager.consumeToken(shortCode)) {
+            ctx.qrAuthFailures?.set(clientIp, qrFailures + 1);
+            return reply.code(401).send('Invalid or expired QR code');
+        }
+        // Issue session cookie (same pattern as Basic Auth success path)
+        const sessionToken = randomBytes(32).toString('hex');
+        const clientUA = req.headers['user-agent'] ?? '';
+        ctx.authSessions?.set(sessionToken, {
+            ip: clientIp,
+            ua: clientUA,
+            createdAt: Date.now(),
+            method: 'qr',
+        });
+        ctx.qrAuthFailures?.delete(clientIp);
+        // Audit log
+        const lifecycleLog = getLifecycleLog();
+        lifecycleLog.log({
+            event: 'qr_auth',
+            sessionId: 'system',
+            extra: {
+                ip: clientIp,
+                ua: clientUA,
+                shortCodePrefix: shortCode.slice(0, 3) + '***',
+            },
+        });
+        reply.setCookie(AUTH_COOKIE_NAME, sessionToken, {
+            httpOnly: true,
+            secure: ctx.https,
+            sameSite: 'lax',
+            maxAge: AUTH_SESSION_TTL_MS / 1000,
+            path: '/',
+        });
+        // Broadcast auth notification — desktop sees who authenticated
+        ctx.broadcast(SseEvent.TunnelQrAuthUsed, {
+            ip: clientIp,
+            ua: clientUA,
+            timestamp: Date.now(),
+        });
+        return reply.redirect('/');
+    });
+    // ========== QR Regeneration ==========
+    app.post('/api/tunnel/qr/regenerate', async () => {
+        ctx.tunnelManager.regenerateQrToken();
+        return { success: true };
+    });
+    // ========== Auth Session Revocation ==========
+    app.post('/api/auth/revoke', async (req) => {
+        const result = RevokeSessionSchema.safeParse(req.body);
+        if (result.success && result.data.sessionToken) {
+            ctx.authSessions?.delete(result.data.sessionToken);
+        }
+        else {
+            // Revoke all sessions (nuclear option)
+            ctx.authSessions?.clear();
+        }
+        return { success: true };
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // CLI Integrations (OpenCode)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== OpenCode ==========
+    app.get('/api/opencode/status', async () => {
+        const { isOpenCodeAvailable, resolveOpenCodeDir } = await import('../../utils/opencode-cli-resolver.js');
+        return {
+            available: isOpenCodeAvailable(),
+            path: resolveOpenCodeDir(),
+        };
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // State & Lifecycle (cleanup, lifecycle log, stats)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== State & Lifecycle ==========
+    app.post('/api/cleanup-state', async () => {
+        const activeSessionIds = new Set(ctx.sessions.keys());
+        const result = ctx.store.cleanupStaleSessions(activeSessionIds);
+        const lifecycleLog = getLifecycleLog();
+        for (const s of result.cleaned) {
+            lifecycleLog.log({ event: 'stale_cleaned', sessionId: s.id, name: s.name });
+        }
+        return { success: true, cleanedSessions: result.count };
+    });
+    app.get('/api/session-lifecycle', async (req) => {
+        const query = req.query;
+        const lifecycleLog = getLifecycleLog();
+        const entries = await lifecycleLog.query({
+            sessionId: query.sessionId,
+            event: query.event,
+            since: query.since ? Number(query.since) : undefined,
+            limit: query.limit ? Math.min(Number(query.limit), 1000) : 200,
+        });
+        return { success: true, entries };
+    });
+    // ========== Stats ==========
+    app.get('/api/stats', async () => {
+        const activeSessionTokens = {};
+        for (const [sessionId, session] of ctx.sessions) {
+            activeSessionTokens[sessionId] = {
+                inputTokens: session.inputTokens,
+                outputTokens: session.outputTokens,
+                totalCost: session.totalCost,
+            };
+        }
+        return {
+            success: true,
+            stats: ctx.store.getAggregateStats(activeSessionTokens),
+            raw: ctx.store.getGlobalStats(),
+        };
+    });
+    app.get('/api/token-stats', async () => {
+        const activeSessionTokens = {};
+        for (const [sessionId, session] of ctx.sessions) {
+            activeSessionTokens[sessionId] = {
+                inputTokens: session.inputTokens,
+                outputTokens: session.outputTokens,
+                totalCost: session.totalCost,
+            };
+        }
+        return {
+            success: true,
+            daily: ctx.store.getDailyStats(30),
+            totals: ctx.store.getAggregateStats(activeSessionTokens),
+        };
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // Configuration & Settings (config, settings, model config, CPU priority)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== Config ==========
+    app.get('/api/config', async () => {
+        return { success: true, config: ctx.store.getConfig() };
+    });
+    app.put('/api/config', async (req) => {
+        const parseResult = ConfigUpdateSchema.safeParse(req.body);
+        if (!parseResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, `Invalid config: ${parseResult.error.message}`);
+        }
+        ctx.store.setConfig(parseResult.data);
+        return { success: true, config: ctx.store.getConfig() };
+    });
+    // ========== Debug/Memory ==========
+    app.get('/api/debug/memory', async () => {
+        const mem = process.memoryUsage();
+        const subagentStats = subagentWatcher.getStats();
+        const serverMapSizes = {
+            sessions: ctx.sessions.size,
+            runSummaryTrackers: ctx.runSummaryTrackers.size,
+            scheduledRuns: ctx.scheduledRuns.size,
+            activePlanOrchestrators: ctx.activePlanOrchestrators.size,
+        };
+        const totalServerMapEntries = Object.values(serverMapSizes).reduce((a, b) => a + b, 0);
+        const totalSubagentMapEntries = Object.values(subagentStats).reduce((a, b) => a + b, 0);
+        return {
+            memory: {
+                rss: mem.rss,
+                rssMB: Math.round((mem.rss / 1024 / 1024) * 10) / 10,
+                heapUsed: mem.heapUsed,
+                heapUsedMB: Math.round((mem.heapUsed / 1024 / 1024) * 10) / 10,
+                heapTotal: mem.heapTotal,
+                heapTotalMB: Math.round((mem.heapTotal / 1024 / 1024) * 10) / 10,
+                external: mem.external,
+                externalMB: Math.round((mem.external / 1024 / 1024) * 10) / 10,
+                arrayBuffers: mem.arrayBuffers,
+                arrayBuffersMB: Math.round((mem.arrayBuffers / 1024 / 1024) * 10) / 10,
+            },
+            mapSizes: {
+                server: serverMapSizes,
+                subagentWatcher: subagentStats,
+                totals: {
+                    serverEntries: totalServerMapEntries,
+                    subagentEntries: totalSubagentMapEntries,
+                    allEntries: totalServerMapEntries + totalSubagentMapEntries,
+                },
+            },
+            watchers: {
+                fileDebouncers: subagentStats.fileDebouncerCount,
+                dirWatchers: subagentStats.dirWatcherCount,
+                total: subagentStats.fileDebouncerCount + subagentStats.dirWatcherCount,
+            },
+            timers: {
+                subagentIdleTimers: subagentStats.idleTimerCount,
+                total: subagentStats.idleTimerCount,
+            },
+            uptime: {
+                seconds: Math.round(process.uptime()),
+                formatted: formatUptime(process.uptime()),
+            },
+            timestamp: Date.now(),
+        };
+    });
+    // ========== System Stats ==========
+    app.get('/api/system/stats', async () => {
+        return getSystemStats();
+    });
+    // ========== Settings ==========
+    app.get('/api/settings', async () => {
+        try {
+            const content = await fs.readFile(SETTINGS_PATH, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT') {
+                console.error('Failed to read settings:', err);
+            }
+        }
+        return {};
+    });
+    app.put('/api/settings', async (req) => {
+        const settingsResult = SettingsUpdateSchema.safeParse(req.body);
+        if (!settingsResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid settings');
+        }
+        const settings = settingsResult.data;
+        try {
+            const dir = dirname(SETTINGS_PATH);
+            if (!existsSync(dir)) {
+                mkdirSync(dir, { recursive: true });
+            }
+            let existing = {};
+            try {
+                existing = JSON.parse(await fs.readFile(SETTINGS_PATH, 'utf-8'));
+            }
+            catch {
+                /* ignore */
+            }
+            const merged = { ...existing, ...settings };
+            await fs.writeFile(SETTINGS_PATH, JSON.stringify(merged, null, 2));
+            // Handle subagent tracking toggle dynamically
+            const subagentEnabled = settings.subagentTrackingEnabled ?? true;
+            if (subagentEnabled && !subagentWatcher.isRunning()) {
+                subagentWatcher.start();
+                console.log('Subagent watcher started via settings change');
+            }
+            else if (!subagentEnabled && subagentWatcher.isRunning()) {
+                subagentWatcher.stop();
+                console.log('Subagent watcher stopped via settings change');
+            }
+            // Handle image watcher toggle dynamically
+            const imageWatcherEnabled = settings.imageWatcherEnabled ?? false;
+            if (imageWatcherEnabled && !imageWatcher.isRunning()) {
+                imageWatcher.start();
+                // Re-watch all active sessions that have image watcher enabled
+                for (const session of ctx.sessions.values()) {
+                    if (session.imageWatcherEnabled) {
+                        imageWatcher.watchSession(session.id, session.workingDir);
+                    }
+                }
+                console.log('Image watcher started via settings change');
+            }
+            else if (!imageWatcherEnabled && imageWatcher.isRunning()) {
+                imageWatcher.stop();
+                console.log('Image watcher stopped via settings change');
+            }
+            // Handle tunnel toggle dynamically
+            if ('tunnelEnabled' in settings) {
+                const tunnelEnabled = settings.tunnelEnabled;
+                if (tunnelEnabled && !ctx.tunnelManager.isRunning()) {
+                    ctx.tunnelManager.start(ctx.port, ctx.https);
+                    console.log('Tunnel started via settings change');
+                }
+                else if (tunnelEnabled && ctx.tunnelManager.isRunning() && ctx.tunnelManager.getUrl()) {
+                    // Tunnel already running — re-emit so the client gets the URL
+                    ctx.broadcast(SseEvent.TunnelStarted, { url: ctx.tunnelManager.getUrl() });
+                    console.log('Tunnel already running, re-broadcast URL to client');
+                }
+                else if (!tunnelEnabled && ctx.tunnelManager.isRunning()) {
+                    ctx.tunnelManager.stop();
+                    console.log('Tunnel stopped via settings change');
+                }
+            }
+            return { success: true };
+        }
+        catch (err) {
+            return createErrorResponse(ApiErrorCode.OPERATION_FAILED, getErrorMessage(err));
+        }
+    });
+    // ========== Model Configuration ==========
+    app.get('/api/execution/model-config', async () => {
+        try {
+            const content = await fs.readFile(SETTINGS_PATH, 'utf-8');
+            const settings = JSON.parse(content);
+            return { success: true, data: settings.modelConfig || {} };
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT') {
+                console.error('Failed to read model config:', err);
+            }
+            return { success: true, data: {} };
+        }
+    });
+    app.put('/api/execution/model-config', async (req) => {
+        const mcResult = ModelConfigUpdateSchema.safeParse(req.body);
+        if (!mcResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid model config');
+        }
+        const modelConfig = mcResult.data;
+        try {
+            let existingSettings = {};
+            try {
+                const content = await fs.readFile(SETTINGS_PATH, 'utf-8');
+                existingSettings = JSON.parse(content);
+            }
+            catch {
+                // File doesn't exist yet, start fresh
+            }
+            existingSettings.modelConfig = modelConfig;
+            const dir = dirname(SETTINGS_PATH);
+            if (!existsSync(dir)) {
+                mkdirSync(dir, { recursive: true });
+            }
+            await fs.writeFile(SETTINGS_PATH, JSON.stringify(existingSettings, null, 2));
+            return { success: true };
+        }
+        catch (err) {
+            return createErrorResponse(ApiErrorCode.OPERATION_FAILED, getErrorMessage(err));
+        }
+    });
+    // ========== CPU Priority ==========
+    app.get('/api/sessions/:id/cpu-limit', async (req) => {
+        const { id } = req.params;
+        const session = findSessionOrFail(ctx, id);
+        return {
+            success: true,
+            nice: session.niceConfig,
+        };
+    });
+    app.post('/api/sessions/:id/cpu-limit', async (req) => {
+        const { id } = req.params;
+        const session = findSessionOrFail(ctx, id);
+        const clResult = CpuLimitSchema.safeParse(req.body);
+        if (!clResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid request body');
+        }
+        const body = clResult.data;
+        session.setNice(body);
+        ctx.persistSessionState(session);
+        ctx.broadcast(SseEvent.SessionUpdated, { session: ctx.getSessionStateWithRespawn(session) });
+        return {
+            success: true,
+            nice: session.niceConfig,
+            note: 'Nice priority only affects newly created mux sessions, not currently running ones.',
+        };
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // Subagent Management (window states, parents, monitoring, transcripts)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== Subagent Window State Persistence ==========
+    app.get('/api/subagent-window-states', async () => {
+        try {
+            const content = await fs.readFile(windowStatesPath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT') {
+                console.error('Failed to read subagent window states:', err);
+            }
+        }
+        return { minimized: {}, open: [] };
+    });
+    app.put('/api/subagent-window-states', async (req) => {
+        const swResult = SubagentWindowStatesSchema.safeParse(req.body);
+        if (!swResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid window states');
+        }
+        const states = swResult.data;
+        try {
+            const dir = dirname(windowStatesPath);
+            if (!existsSync(dir)) {
+                mkdirSync(dir, { recursive: true });
+            }
+            await fs.writeFile(windowStatesPath, JSON.stringify(states, null, 2));
+            return { success: true };
+        }
+        catch (err) {
+            return createErrorResponse(ApiErrorCode.OPERATION_FAILED, getErrorMessage(err));
+        }
+    });
+    // ========== Subagent Parent Associations ==========
+    app.get('/api/subagent-parents', async () => {
+        try {
+            const content = await fs.readFile(parentMapPath, 'utf-8');
+            return JSON.parse(content);
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT') {
+                console.error('Failed to read subagent parent map:', err);
+            }
+        }
+        return {};
+    });
+    app.put('/api/subagent-parents', async (req) => {
+        const spResult = SubagentParentMapSchema.safeParse(req.body);
+        if (!spResult.success) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid parent map');
+        }
+        const parentMap = spResult.data;
+        try {
+            const dir = dirname(parentMapPath);
+            if (!existsSync(dir)) {
+                mkdirSync(dir, { recursive: true });
+            }
+            await fs.writeFile(parentMapPath, JSON.stringify(parentMap, null, 2));
+            return { success: true };
+        }
+        catch (err) {
+            return createErrorResponse(ApiErrorCode.OPERATION_FAILED, getErrorMessage(err));
+        }
+    });
+    // ========== Subagent Monitoring ==========
+    app.get('/api/subagents', async (req) => {
+        const { minutes } = req.query;
+        const subagents = minutes
+            ? subagentWatcher.getRecentSubagents(parseInt(minutes, 10))
+            : subagentWatcher.getSubagents();
+        return { success: true, data: subagents };
+    });
+    app.get('/api/sessions/:id/subagents', async (req) => {
+        const { id } = req.params;
+        const session = findSessionOrFail(ctx, id);
+        const subagents = subagentWatcher.getSubagentsForSession(session.workingDir);
+        return { success: true, data: subagents };
+    });
+    app.get('/api/subagents/:agentId', async (req) => {
+        const { agentId } = req.params;
+        const info = subagentWatcher.getSubagent(agentId);
+        if (!info) {
+            return createErrorResponse(ApiErrorCode.NOT_FOUND, `Subagent ${agentId} not found`);
+        }
+        return { success: true, data: info };
+    });
+    app.get('/api/subagents/:agentId/transcript', async (req) => {
+        const { agentId } = req.params;
+        const { limit, format } = req.query;
+        const limitNum = limit ? parseInt(limit, 10) : undefined;
+        const transcript = await subagentWatcher.getTranscript(agentId, limitNum);
+        if (format === 'formatted') {
+            const formatted = subagentWatcher.formatTranscript(transcript);
+            return { success: true, data: { formatted, entryCount: transcript.length } };
+        }
+        return { success: true, data: transcript };
+    });
+    app.delete('/api/subagents/:agentId', async (req) => {
+        const { agentId } = req.params;
+        const info = subagentWatcher.getSubagent(agentId);
+        if (!info) {
+            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Subagent not found');
+        }
+        const killed = await subagentWatcher.killSubagent(agentId);
+        if (killed) {
+            return { success: true, data: { agentId, status: 'killed' } };
+        }
+        return createErrorResponse(ApiErrorCode.OPERATION_FAILED, 'Subagent not found or already completed');
+    });
+    app.post('/api/subagents/cleanup', async () => {
+        const removed = subagentWatcher.cleanupNow();
+        return { success: true, data: { removed, remaining: subagentWatcher.getSubagents().length } };
+    });
+    app.delete('/api/subagents', async () => {
+        const cleared = subagentWatcher.clearAll();
+        return { success: true, data: { cleared } };
+    });
+    // ═══════════════════════════════════════════════════════════════
+    // Screenshots (upload, list, serve)
+    // ═══════════════════════════════════════════════════════════════
+    // ========== Screenshots ==========
+    app.post('/api/screenshots', async (req, reply) => {
+        const contentType = req.headers['content-type'] ?? '';
+        if (!contentType.includes('multipart/form-data')) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Expected multipart/form-data');
+        }
+        // Parse multipart boundary
+        const boundaryMatch = contentType.match(/boundary=(.+?)(?:;|$)/);
+        if (!boundaryMatch) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Missing boundary');
+        }
+        // Collect raw body
+        const chunks = [];
+        let totalSize = 0;
+        for await (const chunk of req.raw) {
+            totalSize += chunk.length;
+            if (totalSize > MAX_SCREENSHOT_SIZE) {
+                reply.status(413);
+                return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'File too large (max 10MB)');
+            }
+            chunks.push(chunk);
+        }
+        const body = Buffer.concat(chunks);
+        // Extract file from multipart body
+        const boundary = '--' + boundaryMatch[1];
+        const boundaryBuf = Buffer.from(boundary);
+        const parts = [];
+        let pos = 0;
+        // Find each part between boundaries
+        while (pos < body.length) {
+            const start = body.indexOf(boundaryBuf, pos);
+            if (start === -1)
+                break;
+            const afterBoundary = start + boundaryBuf.length;
+            // Check for closing boundary (--)
+            if (body[afterBoundary] === 0x2d && body[afterBoundary + 1] === 0x2d)
+                break;
+            // Skip \r\n after boundary
+            const headerStart = afterBoundary + 2;
+            const headerEnd = body.indexOf(Buffer.from('\r\n\r\n'), headerStart);
+            if (headerEnd === -1)
+                break;
+            const headers = body.subarray(headerStart, headerEnd).toString();
+            const dataStart = headerEnd + 4;
+            const nextBoundary = body.indexOf(boundaryBuf, dataStart);
+            // Data ends 2 bytes before next boundary (\r\n)
+            const dataEnd = nextBoundary === -1 ? body.length : nextBoundary - 2;
+            parts.push({ headers, data: body.subarray(dataStart, dataEnd) });
+            pos = nextBoundary === -1 ? body.length : nextBoundary;
+        }
+        const filePart = parts.find((p) => p.headers.includes('name="file"'));
+        if (!filePart || filePart.data.length === 0) {
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'No file uploaded');
+        }
+        // Determine extension from Content-Type or filename
+        let ext = '.png';
+        const filenameMatch = filePart.headers.match(/filename="(.+?)"/);
+        if (filenameMatch) {
+            const origExt = filenameMatch[1].match(/\.(png|jpg|jpeg|webp|gif)$/i);
+            if (origExt)
+                ext = origExt[0].toLowerCase();
+        }
+        const ctMatch = filePart.headers.match(/Content-Type:\s*image\/(png|jpeg|webp|gif)/i);
+        if (ctMatch) {
+            const map = {
+                png: '.png',
+                jpeg: '.jpg',
+                webp: '.webp',
+                gif: '.gif',
+            };
+            ext = map[ctMatch[1].toLowerCase()] ?? ext;
+        }
+        // Save to ~/.codeman/screenshots/
+        if (!existsSync(SCREENSHOTS_DIR)) {
+            mkdirSync(SCREENSHOTS_DIR, { recursive: true });
+        }
+        const timestamp = new Date().toISOString().replace(/[:.]/g, '-').replace('T', '_').slice(0, 19);
+        const filename = `screenshot_${timestamp}${ext}`;
+        const filepath = join(SCREENSHOTS_DIR, filename);
+        await fs.writeFile(filepath, filePart.data);
+        return { success: true, path: filepath, filename };
+    });
+    app.get('/api/screenshots', async () => {
+        if (!existsSync(SCREENSHOTS_DIR)) {
+            return { files: [] };
+        }
+        const files = readdirSync(SCREENSHOTS_DIR)
+            .filter((f) => /\.(png|jpg|jpeg|webp|gif)$/i.test(f))
+            .sort()
+            .reverse()
+            .slice(0, 50)
+            .map((name) => ({ name, path: join(SCREENSHOTS_DIR, name) }));
+        return { files };
+    });
+    app.get('/api/screenshots/:name', async (req, reply) => {
+        const { name } = req.params;
+        // Prevent path traversal
+        if (name.includes('/') || name.includes('\\') || name.includes('..')) {
+            reply.status(400);
+            return createErrorResponse(ApiErrorCode.INVALID_INPUT, 'Invalid filename');
+        }
+        const filepath = join(SCREENSHOTS_DIR, name);
+        if (!existsSync(filepath)) {
+            reply.status(404);
+            return createErrorResponse(ApiErrorCode.NOT_FOUND, 'Screenshot not found');
+        }
+        const ext = name.match(/\.(png|jpg|jpeg|webp|gif)$/i)?.[1]?.toLowerCase() ?? 'png';
+        const mimeMap = {
+            png: 'image/png',
+            jpg: 'image/jpeg',
+            jpeg: 'image/jpeg',
+            webp: 'image/webp',
+            gif: 'image/gif',
+        };
+        reply.type(mimeMap[ext] ?? 'image/png');
+        return fs.readFile(filepath);
+    });
+}
+//# sourceMappingURL=system-routes.js.map