aigetwey 1.0.1

package/dashboard/package.json

@@ -0,0 +1,29 @@
+{
+  "name": "aigetwey-dashboard",
+  "version": "0.1.0",
+  "private": true,
+  "scripts": {
+    "dev": "next dev",
+    "build": "next build",
+    "start": "next start",
+    "lint": "next lint"
+  },
+  "dependencies": {
+    "next": "^16.2.9",
+    "react": "^19.0.0",
+    "react-dom": "^19.0.0",
+    "server-only": "^0.0.1",
+    "yaml": "^2.9.0"
+  },
+  "devDependencies": {
+    "@tailwindcss/postcss": "^4.0.0",
+    "@types/node": "^22.10.0",
+    "@types/react": "^19.0.0",
+    "@types/react-dom": "^19.0.0",
+    "tailwindcss": "^4.0.0",
+    "typescript": "^5.7.2"
+  },
+  "allowScripts": {
+    "sharp@0.34.5": true
+  }
+}

package/dashboard/postcss.config.mjs

@@ -0,0 +1,5 @@
+const config = {
+  plugins: ["@tailwindcss/postcss"],
+};
+
+export default config;

package/dashboard/src/app/(console)/combos/page.tsx

@@ -0,0 +1,10 @@
+import { RoutingView } from "@/components/RoutingView";
+
+/**
+ * Combos & Routing — one concept (aigetwey-style): each combo is an alias + an
+ * ordered provider chain + a strategy. Call the alias as the model name from a
+ * CLI tool. No separate snapshot layer.
+ */
+export default function CombosPage() {
+  return <RoutingView />;
+}

package/dashboard/src/app/(console)/config/page.tsx

@@ -0,0 +1,5 @@
+import { ConfigEditor } from "@/components/ConfigEditor";
+
+export default function ConfigPage() {
+  return <ConfigEditor />;
+}

package/dashboard/src/app/(console)/console/page.tsx

@@ -0,0 +1,92 @@
+"use client";
+
+import { useState, useEffect, useRef } from "react";
+import { Icon } from "@/components/Icon";
+import { Button } from "@/components/Button";
+
+const LOG_COLORS: Record<string, string> = {
+  LOG: "text-success",
+  INFO: "text-info",
+  WARN: "text-warning",
+  ERROR: "text-danger",
+  DEBUG: "text-text-subtle",
+};
+
+interface LogEntry {
+  ts: number;
+  level: string;
+  message: string;
+}
+
+export default function ConsolePage() {
+  const [logs, setLogs] = useState<LogEntry[]>([]);
+  const [connected, setConnected] = useState(false);
+  const logRef = useRef<HTMLDivElement>(null);
+
+  useEffect(() => {
+    const es = new EventSource("/api/gw/admin/console/stream");
+
+    es.onopen = () => setConnected(true);
+
+    es.onmessage = (e) => {
+      const msg = JSON.parse(e.data);
+      if (msg.type === "init") {
+        setLogs(msg.logs.slice(-300));
+      } else if (msg.type === "line") {
+        setLogs((prev) => {
+          const next = [...prev, msg as LogEntry];
+          return next.length > 300 ? next.slice(-300) : next;
+        });
+      }
+    };
+
+    es.onerror = () => setConnected(false);
+
+    return () => es.close();
+  }, []);
+
+  useEffect(() => {
+    if (logRef.current) logRef.current.scrollTop = logRef.current.scrollHeight;
+  }, [logs]);
+
+  const handleClear = async () => {
+    await fetch("/api/gw/admin/console", { method: "DELETE" });
+    setLogs([]);
+  };
+
+  return (
+    <div>
+      <div className="mb-4 flex items-center justify-between">
+        <div>
+          <h1 className="text-[22px] font-semibold tracking-tight text-text">Server Console</h1>
+          <p className="mt-1 text-[13px] text-text-muted">Live gateway process output.</p>
+        </div>
+        <div className="flex items-center gap-3">
+          <span className={`flex items-center gap-1.5 text-[11px] ${connected ? "text-success" : "text-danger"}`}>
+            <Icon name={connected ? "radio_button_checked" : "radio_button_unchecked"} size={12} />
+            {connected ? "Connected" : "Disconnected"}
+          </span>
+          <Button variant="ghost" onClick={handleClear}>
+            <Icon name="delete" size={15} /> Clear
+          </Button>
+        </div>
+      </div>
+
+      <div
+        ref={logRef}
+        className="h-[calc(100vh-200px)] overflow-y-auto rounded-brand-lg border border-border bg-[#0a0a09] p-4 font-mono text-[12px]"
+      >
+        {logs.length === 0 ? (
+          <span className="text-text-subtle">No logs yet…</span>
+        ) : (
+          logs.map((entry, i) => (
+            <div key={i} className={`whitespace-pre-wrap break-all ${LOG_COLORS[entry.level] ?? "text-text"}`}>
+              <span className="text-text-subtle">{new Date(entry.ts).toLocaleTimeString()} </span>
+              <span className="font-semibold">[{entry.level}]</span> {entry.message}
+            </div>
+          ))
+        )}
+      </div>
+    </div>
+  );
+}

package/dashboard/src/app/(console)/endpoint/page.tsx

@@ -0,0 +1,5 @@
+import { EndpointView } from "@/components/EndpointView";
+
+export default function EndpointPage() {
+  return <EndpointView />;
+}

package/dashboard/src/app/(console)/layout.tsx

@@ -0,0 +1,17 @@
+import { Rail } from "@/components/Rail";
+import { TopBar } from "@/components/TopBar";
+
+export default function ConsoleLayout({ children }: { children: React.ReactNode }) {
+  return (
+    <div className="console-grid">
+      <aside className="console-rail">
+        <Rail />
+      </aside>
+
+      <div className="console-col">
+        <TopBar />
+        <main className="console-main">{children}</main>
+      </div>
+    </div>
+  );
+}

package/dashboard/src/app/(console)/page.tsx

@@ -0,0 +1,8 @@
+import { EndpointView } from "@/components/EndpointView";
+
+// Landing page IS Endpoint & Key — where "/dashboard" renders
+// the endpoint view (gateway URL + keys + token savers), the first thing you
+// need to wire up a CLI tool.
+export default function LandingPage() {
+  return <EndpointView />;
+}

package/dashboard/src/app/(console)/providers/[id]/page.tsx

@@ -0,0 +1,6 @@
+import { ProviderDetail } from "@/components/ProviderDetail";
+
+export default async function ProviderDetailPage({ params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  return <ProviderDetail id={decodeURIComponent(id)} />;
+}

package/dashboard/src/app/(console)/providers/page.tsx

@@ -0,0 +1,5 @@
+import { ProviderManager } from "@/components/ProviderManager";
+
+export default function ProvidersPage() {
+  return <ProviderManager />;
+}

package/dashboard/src/app/(console)/quota/page.tsx

@@ -0,0 +1,5 @@
+import { QuotaView } from "@/components/QuotaView";
+
+export default function QuotaPage() {
+  return <QuotaView />;
+}

package/dashboard/src/app/(console)/tools/[id]/page.tsx

@@ -0,0 +1,6 @@
+import { ToolDetail } from "@/components/ToolDetail";
+
+export default async function ToolDetailPage({ params }: { params: Promise<{ id: string }> }) {
+  const { id } = await params;
+  return <ToolDetail id={decodeURIComponent(id)} />;
+}

package/dashboard/src/app/(console)/tools/page.tsx

@@ -0,0 +1,5 @@
+import { CliToolConfig } from "@/components/CliToolConfig";
+
+export default function ToolsPage() {
+  return <CliToolConfig />;
+}

package/dashboard/src/app/(console)/usage/page.tsx

@@ -0,0 +1,24 @@
+import { gateway } from "@/lib/gateway";
+import { UsageView } from "@/components/UsageView";
+import { LogTable } from "@/components/LogTable";
+import { Empty } from "@/components/ui";
+
+// always fresh — logs change every request.
+export const dynamic = "force-dynamic";
+
+// Usage = stats/charts + the full request log (with the detail drawer). aigetwey
+// keeps request logs inside Usage rather than a separate menu, so we do too.
+export default async function UsagePage() {
+  const res = await gateway.logs(200);
+  const logs = res.data?.logs ?? [];
+
+  return (
+    <div className="space-y-7">
+      <UsageView />
+      <div>
+        <h2 className="mb-3 text-[15px] font-semibold text-text">Requests</h2>
+        {res.ok ? <LogTable logs={logs} /> : <Empty>Could not reach the gateway: {res.error}</Empty>}
+      </div>
+    </div>
+  );
+}

package/dashboard/src/app/api/cli-detect/[tool]/route.ts

@@ -0,0 +1,253 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+import { exec } from "child_process";
+import { promisify } from "util";
+import fs from "fs/promises";
+import path from "path";
+import os from "os";
+import { modalitiesForModel } from "@/lib/capabilities";
+
+/**
+ * Local CLI-tool detection + auto-config. These run in the Next.js server (which,
+ * like the gateway, lives on the operator's machine), so they can read/write the
+ * tool's own config files — the trick behind aigetwey's "it just detects and
+ * configures itself". Session-gated by middleware like every other /api route.
+ *
+ * Only claude-code + opencode auto-configure (the two with a stable local config
+ * file we can safely merge into). Others report installed:false → the UI falls
+ * back to the manual env block.
+ */
+const execAsync = promisify(exec);
+
+type Json = Record<string, unknown>;
+
+async function onPath(bin: string): Promise<boolean> {
+  try {
+    const cmd = os.platform() === "win32" ? `where ${bin}` : `which ${bin}`;
+    await execAsync(cmd, { windowsHide: true });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function fileExists(p: string): Promise<boolean> {
+  try {
+    await fs.access(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// tolerate JSONC (trailing commas) and unparseable files (treat as "no config").
+function readJson(content: string): Json | null {
+  try {
+    return JSON.parse(content.replace(/,(\s*[}\]])/g, "$1")) as Json;
+  } catch {
+    return null;
+  }
+}
+
+// ─── Claude Code: ~/.claude/settings.json env block ─────────────────────────
+const claudePath = () => path.join(os.homedir(), ".claude", "settings.json");
+const CLAUDE_KEYS = [
+  "ANTHROPIC_BASE_URL",
+  "ANTHROPIC_AUTH_TOKEN",
+  "ANTHROPIC_DEFAULT_OPUS_MODEL",
+  "ANTHROPIC_DEFAULT_SONNET_MODEL",
+  "ANTHROPIC_DEFAULT_HAIKU_MODEL",
+  "API_TIMEOUT_MS",
+];
+
+async function claudeStatus() {
+  const installed = (await onPath("claude")) || (await fileExists(claudePath()));
+  if (!installed) return { installed: false as const };
+  let settings: Json | null = null;
+  try {
+    settings = readJson(await fs.readFile(claudePath(), "utf-8"));
+  } catch {
+    settings = null;
+  }
+  const env = (settings?.env as Json | undefined) ?? {};
+  return {
+    installed: true as const,
+    configured: typeof env.ANTHROPIC_BASE_URL === "string",
+    path: claudePath(),
+    baseUrl: (env.ANTHROPIC_BASE_URL as string) ?? null,
+    modelSlots: {
+      opus: (env.ANTHROPIC_DEFAULT_OPUS_MODEL as string) ?? null,
+      sonnet: (env.ANTHROPIC_DEFAULT_SONNET_MODEL as string) ?? null,
+      haiku: (env.ANTHROPIC_DEFAULT_HAIKU_MODEL as string) ?? null,
+    },
+  };
+}
+
+async function claudeApply(body: { base?: string; key?: string; models?: Record<string, string> }) {
+  if (!body.base) return { error: "base is required" };
+  const p = claudePath();
+  await fs.mkdir(path.dirname(p), { recursive: true });
+  let cur: Json = {};
+  try {
+    cur = readJson(await fs.readFile(p, "utf-8")) ?? {};
+  } catch {
+    cur = {};
+  }
+  const env: Record<string, string> = {
+    ANTHROPIC_BASE_URL: body.base,
+    API_TIMEOUT_MS: "600000",
+  };
+  if (body.key) env.ANTHROPIC_AUTH_TOKEN = body.key;
+  if (body.models?.opus) env.ANTHROPIC_DEFAULT_OPUS_MODEL = body.models.opus;
+  if (body.models?.sonnet) env.ANTHROPIC_DEFAULT_SONNET_MODEL = body.models.sonnet;
+  if (body.models?.haiku) env.ANTHROPIC_DEFAULT_HAIKU_MODEL = body.models.haiku;
+  const next = { ...cur, hasCompletedOnboarding: true, env: { ...((cur.env as Json) ?? {}), ...env } };
+  await fs.writeFile(p, JSON.stringify(next, null, 2));
+  return { success: true, path: p };
+}
+
+async function claudeReset() {
+  const p = claudePath();
+  let cur: Json;
+  try {
+    cur = readJson(await fs.readFile(p, "utf-8")) ?? {};
+  } catch {
+    return { success: true };
+  }
+  const env = cur.env as Json | undefined;
+  if (env) {
+    for (const k of CLAUDE_KEYS) delete env[k];
+    if (Object.keys(env).length === 0) delete cur.env;
+  }
+  await fs.writeFile(p, JSON.stringify(cur, null, 2));
+  return { success: true };
+}
+
+// ─── opencode: ~/.config/opencode/opencode.json provider entry ──────────────
+const OC_PROVIDER = "aigetwey";
+const ocDir = () => path.join(os.homedir(), ".config", "opencode");
+const ocPath = () => path.join(ocDir(), "opencode.json");
+
+async function opencodeStatus() {
+  const installed = (await onPath("opencode")) || (await fileExists(ocPath()));
+  if (!installed) return { installed: false as const };
+  let cfg: Json | null = null;
+  try {
+    cfg = readJson(await fs.readFile(ocPath(), "utf-8"));
+  } catch {
+    cfg = null;
+  }
+  const prov = (cfg?.provider as Json | undefined)?.[OC_PROVIDER] as Json | undefined;
+  const models = prov?.models ? Object.keys(prov.models as Json) : [];
+  const active = typeof cfg?.model === "string" && cfg.model.startsWith(`${OC_PROVIDER}/`)
+    ? cfg.model.slice(OC_PROVIDER.length + 1)
+    : null;
+  return {
+    installed: true as const,
+    configured: !!prov,
+    path: ocPath(),
+    models,
+    activeModel: active,
+    baseUrl: ((prov?.options as Json | undefined)?.baseURL as string) ?? null,
+  };
+}
+
+async function opencodeApply(body: { base?: string; key?: string; models?: string[]; active?: string }) {
+  const models = (body.models ?? []).filter(Boolean);
+  if (!body.base || models.length === 0) return { error: "base and at least one model are required" };
+  const p = ocPath();
+  await fs.mkdir(ocDir(), { recursive: true });
+  let cfg: Json = {};
+  try {
+    cfg = readJson(await fs.readFile(p, "utf-8")) ?? {};
+  } catch {
+    cfg = {};
+  }
+  const baseURL = body.base.endsWith("/v1") ? body.base : `${body.base}/v1`;
+  const provider = (cfg.provider as Json | undefined) ?? {};
+  const existing = (provider[OC_PROVIDER] as Json | undefined) ?? {
+    npm: "@ai-sdk/openai-compatible",
+    options: {},
+    models: {},
+  };
+  existing.options = { ...((existing.options as Json) ?? {}), baseURL, apiKey: body.key || "aigetwey" };
+  const modelMap = (existing.models as Json) ?? {};
+  for (const m of models) modelMap[m] = { name: m, modalities: modalitiesForModel(m) };
+  existing.models = modelMap;
+  provider[OC_PROVIDER] = existing;
+  cfg.provider = provider;
+  const active = body.active && models.includes(body.active) ? body.active : models[0];
+  cfg.model = `${OC_PROVIDER}/${active}`;
+  await fs.writeFile(p, JSON.stringify(cfg, null, 2));
+  return { success: true, path: p };
+}
+
+async function opencodeReset() {
+  const p = ocPath();
+  let cfg: Json;
+  try {
+    cfg = readJson(await fs.readFile(p, "utf-8")) ?? {};
+  } catch {
+    return { success: true };
+  }
+  const provider = cfg.provider as Json | undefined;
+  if (provider) delete provider[OC_PROVIDER];
+  if (typeof cfg.model === "string" && cfg.model.startsWith(`${OC_PROVIDER}/`)) delete cfg.model;
+  await fs.writeFile(p, JSON.stringify(cfg, null, 2));
+  return { success: true };
+}
+
+type ApplyBody = { base?: string; key?: string; models?: string[] | Record<string, string>; active?: string };
+const HANDLERS: Record<
+  string,
+  { status: () => Promise<unknown>; apply: (b: ApplyBody) => Promise<unknown>; reset: () => Promise<unknown> }
+> = {
+  "claude-code": {
+    status: claudeStatus,
+    apply: (b) => claudeApply(b as { base?: string; key?: string; models?: Record<string, string> }),
+    reset: claudeReset,
+  },
+  opencode: {
+    status: opencodeStatus,
+    apply: (b) => opencodeApply(b as { base?: string; key?: string; models?: string[]; active?: string }),
+    reset: opencodeReset,
+  },
+};
+
+type Ctx = { params: Promise<{ tool: string }> };
+
+export async function GET(_req: NextRequest, ctx: Ctx) {
+  const { tool } = await ctx.params;
+  const h = HANDLERS[tool];
+  if (!h) return NextResponse.json({ installed: false, auto: false });
+  try {
+    return NextResponse.json({ auto: true, ...(await h.status() as object) });
+  } catch (e) {
+    return NextResponse.json({ error: (e as Error).message }, { status: 500 });
+  }
+}
+
+export async function POST(req: NextRequest, ctx: Ctx) {
+  const { tool } = await ctx.params;
+  const h = HANDLERS[tool];
+  if (!h) return NextResponse.json({ error: "tool does not support auto-config" }, { status: 400 });
+  try {
+    const body = (await req.json()) as ApplyBody;
+    const res = (await h.apply(body)) as { error?: string };
+    if (res.error) return NextResponse.json(res, { status: 400 });
+    return NextResponse.json(res);
+  } catch (e) {
+    return NextResponse.json({ error: (e as Error).message }, { status: 500 });
+  }
+}
+
+export async function DELETE(_req: NextRequest, ctx: Ctx) {
+  const { tool } = await ctx.params;
+  const h = HANDLERS[tool];
+  if (!h) return NextResponse.json({ error: "tool does not support auto-config" }, { status: 400 });
+  try {
+    return NextResponse.json(await h.reset() as object);
+  } catch (e) {
+    return NextResponse.json({ error: (e as Error).message }, { status: 500 });
+  }
+}

package/dashboard/src/app/api/gw/[...path]/route.ts

@@ -0,0 +1,89 @@
+import { NextResponse } from "next/server";
+import type { NextRequest } from "next/server";
+import { currentPassword } from "@/lib/session";
+
+/**
+ * Catch-all proxy to the gateway admin API. Client components call
+ * `/api/gw/admin/...`; this forwards the method, body, and query to the gateway
+ * with the admin password injected as a Bearer (never reaches the browser).
+ *
+ * Session-gated by middleware (every /api/* but login/logout needs a valid
+ * session), so only a logged-in browser can drive it. One thin file replaces a
+ * per-endpoint proxy for each admin route.
+ */
+function gatewayUrl(): string {
+  return (process.env.GATEWAY_URL ?? "http://127.0.0.1:18080").replace(/\/$/, "");
+}
+
+async function proxy(req: NextRequest, path: string[]): Promise<NextResponse | Response> {
+  const sub = path.join("/");
+  if (!sub.startsWith("admin/")) {
+    return NextResponse.json({ error: "not found" }, { status: 404 });
+  }
+  const search = req.nextUrl.search;
+  const target = `${gatewayUrl()}/${sub}${search}`;
+
+  // SSE passthrough for console stream
+  if (sub === "admin/console/stream") {
+    try {
+      const res = await fetch(target, {
+        headers: { authorization: `Bearer ${await currentPassword()}` },
+        cache: "no-store",
+      });
+      if (!res.body) return NextResponse.json({ error: "no stream" }, { status: 502 });
+      return new Response(res.body, {
+        headers: {
+          "Content-Type": "text/event-stream",
+          "Cache-Control": "no-cache, no-transform",
+          Connection: "keep-alive",
+          // don't let Next's prod server buffer the proxied stream.
+          "X-Accel-Buffering": "no",
+        },
+      });
+    } catch (e) {
+      return NextResponse.json({ error: `gateway unreachable: ${(e as Error).message}` }, { status: 502 });
+    }
+  }
+
+  const hasBody = req.method !== "GET" && req.method !== "DELETE";
+  let body: string | undefined;
+  if (hasBody) {
+    body = await req.text();
+  }
+
+  let res: Response;
+  try {
+    res = await fetch(target, {
+      method: req.method,
+      headers: {
+        authorization: `Bearer ${await currentPassword()}`,
+        ...(body ? { "content-type": "application/json" } : {}),
+      },
+      body: body || undefined,
+      cache: "no-store",
+    });
+  } catch (e) {
+    return NextResponse.json({ error: `gateway unreachable: ${(e as Error).message}` }, { status: 502 });
+  }
+
+  const text = await res.text();
+  return new NextResponse(text || "{}", {
+    status: res.status,
+    headers: { "content-type": "application/json" },
+  });
+}
+
+type Ctx = { params: Promise<{ path: string[] }> };
+
+export async function GET(req: NextRequest, ctx: Ctx) {
+  return proxy(req, (await ctx.params).path);
+}
+export async function POST(req: NextRequest, ctx: Ctx) {
+  return proxy(req, (await ctx.params).path);
+}
+export async function PUT(req: NextRequest, ctx: Ctx) {
+  return proxy(req, (await ctx.params).path);
+}
+export async function DELETE(req: NextRequest, ctx: Ctx) {
+  return proxy(req, (await ctx.params).path);
+}

package/dashboard/src/app/api/login/route.ts

@@ -0,0 +1,30 @@
+import { NextResponse } from "next/server";
+import { cookies } from "next/headers";
+import { sealSession, SESSION_COOKIE } from "@/lib/session";
+import { checkGatewayAuth } from "@/lib/gateway";
+
+/**
+ * Login: the gateway is the source of truth for the admin password (a hash
+ * store, changeable at runtime). We verify the submitted password directly
+ * against the gateway, then store it encrypted in the session cookie so later
+ * proxied calls can present it as the Bearer.
+ */
+export async function POST(req: Request): Promise<NextResponse> {
+  const { password } = (await req.json().catch(() => ({}))) as { password?: string };
+  if (!password) {
+    return NextResponse.json({ error: "password required" }, { status: 400 });
+  }
+  if (!(await checkGatewayAuth(password))) {
+    return NextResponse.json({ error: "wrong password (or gateway unreachable)" }, { status: 401 });
+  }
+
+  const jar = await cookies();
+  jar.set(SESSION_COOKIE, sealSession(password), {
+    httpOnly: true,
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+    maxAge: 60 * 60 * 12, // 12h
+  });
+  return NextResponse.json({ ok: true });
+}

package/dashboard/src/app/api/logout/route.ts

@@ -0,0 +1,9 @@
+import { NextResponse } from "next/server";
+import { cookies } from "next/headers";
+import { SESSION_COOKIE } from "@/lib/session";
+
+export async function POST(): Promise<NextResponse> {
+  const jar = await cookies();
+  jar.delete(SESSION_COOKIE);
+  return NextResponse.json({ ok: true });
+}

package/dashboard/src/app/api/password/route.ts

@@ -0,0 +1,34 @@
+import { NextResponse } from "next/server";
+import { cookies } from "next/headers";
+import { sealSession, SESSION_COOKIE } from "@/lib/session";
+import { gateway } from "@/lib/gateway";
+
+/**
+ * Change the admin password. The gateway verifies the current password and
+ * persists the new hash; on success we re-issue the session cookie carrying the
+ * new password so this browser stays logged in (other sessions must re-login).
+ */
+export async function POST(req: Request): Promise<NextResponse> {
+  const { current, next } = (await req.json().catch(() => ({}))) as { current?: string; next?: string };
+  if (!current || !next) {
+    return NextResponse.json({ error: "current and next are required" }, { status: 400 });
+  }
+  if (next.length < 4) {
+    return NextResponse.json({ error: "new password must be at least 4 characters" }, { status: 400 });
+  }
+
+  const r = await gateway.changePassword(current, next);
+  if (!r.ok) {
+    return NextResponse.json({ error: r.error ?? "could not change password" }, { status: r.status || 400 });
+  }
+
+  const jar = await cookies();
+  jar.set(SESSION_COOKIE, sealSession(next), {
+    httpOnly: true,
+    sameSite: "lax",
+    secure: process.env.NODE_ENV === "production",
+    path: "/",
+    maxAge: 60 * 60 * 12,
+  });
+  return NextResponse.json({ ok: true });
+}