annotask 0.0.8 → 0.0.9

package/README.md

@@ -15,15 +15,16 @@ Visual markup tool for web apps. Annotate your UI in the browser — pins, arrow
  Annotate the UI:
    pin elements, draw
    sections, add notes,         ──>  /annotask-apply
-   describe what you want            Reads tasks from Annotask API
-                                     Edits source files
-                                     Marks tasks as "ready for review"
- Review changes in                <──
- Annotask shell:
+   describe what you want            Fetches pending tasks
+                                     Locks each task (in_progress)
+                                     Applies code change
+                                     Marks for review — one at a time
+ Review changes live              <──
+ as they come in:
    Accept ✓  or  Deny ✗
-   (denied tasks return
-    with your feedback
-    for the agent to retry)
+   (denied tasks include your
+    feedback for the agent
+    to retry with corrections)
 ```
 
 ### How it works
@@ -32,9 +33,9 @@ Visual markup tool for web apps. Annotate your UI in the browser — pins, arrow
 
 2. **Tasks are created** — Each annotation becomes a structured task with full context: source file, line number, component name, element tag, surrounding layout, and your intent in plain language.
 
-3. **Your coding agent applies the tasks** — Invoke `/annotask-apply` in Claude Code (or the equivalent skill in your agent). It fetches pending tasks from the Annotask API, edits the source files, and marks each task as ready for review.
+3. **Your coding agent applies the tasks** — Invoke `/annotask-apply` in Claude Code (or the equivalent skill in your agent). It processes tasks one at a time: locks the task (`in_progress`), applies the code change, then marks it for review — so you can start reviewing immediately while later tasks are still being applied.
 
-4. **You review** — Back in the Annotask shell, accept or deny each change. Denied tasks return to the queue with your feedback so the agent can retry with corrections.
+4. **You review** — In the Annotask shell, click any task to open the detail drawer — see the full markdown description, screenshots, element context, interaction history, and source files. Accept or deny each change. Denied tasks include your feedback so the agent can retry with corrections.
 
 ## Agent Setup
 
@@ -166,9 +167,21 @@ Start your dev server, then open:
 - **Page-level scanning** — Runs axe-core WCAG analysis on the entire page from the A11y panel
 - **Violation cards** — Shows impact level, rule, description, and affected element count
 - **One-click fix tasks** — Create tasks from violations with full context (HTML snippets, CSS selectors, source file/line, and fix suggestions)
+- **Locally bundled** — axe-core and html2canvas are shipped with the package (no CDN dependency, works offline and under CSP)
+
+### Task detail drawer
+- **Slide-out detail view** — Click any task in the sidebar to open a full detail drawer
+- **Markdown descriptions** — Task descriptions support full GitHub-flavored Markdown (rendered with `marked`)
+- **Inline editing** — Click the rendered description to switch to a markdown editor; save with Ctrl+Enter
+- **Screenshot thumbnails** — Clickable thumbnails with full-screen lightbox preview
+- **Element display** — Shows selected element(s) with tag, classes, and component name
+- **Multi-file view** — Shows all source files involved (primary, arrow targets, multi-element)
+- **Interaction log** — History displayed as a numbered action log with route navigation and click details
+- **JSON view** — Toggle raw JSON view of the complete task object with copy button
+- **Accept/Deny actions** — Review tasks directly from the detail drawer (deny form includes screenshot, history, and DOM context options)
 
 ### Screenshots
-- **Snipping tool** — Click "Add Screenshot" on any task form, then drag a region or click for full-page capture
+- **Snipping tool** — Click "Add Screenshot" on any task form or deny form, then drag a region or click for full-page capture
 - **Thumbnail preview** — Screenshot appears as a preview on the task form before submitting (removable)
 - **Task-attached** — Screenshots are stored on the server and referenced by filename in the task
 - **Multimodal AI context** — AI agents can download and view screenshots for visual understanding of what the user sees
@@ -188,8 +201,10 @@ These optional features give the AI agent richer context beyond just "change thi
   > The agent can find breakpoints by reading config files and stylesheets — and usually will. This pre-detects them so the agent has the project's breakpoint system immediately alongside the viewport dimensions on each task. When a task is created at 375px, the agent can instantly map that to the right Tailwind prefix, Bootstrap tier, or custom media query without searching the codebase first.
 
 ### Infrastructure
-- **Change reports** — Structured JSON of all changes, ready for agents to consume
-- **Task pipeline** — Create, review, accept, or deny design change tasks
+- **Change reports** — Structured JSON of all changes, ready for agents to consume (supports `?mfe=` filtering)
+- **Task pipeline** — `pending → in_progress → review → accepted/denied` lifecycle with live status updates
+- **Security** — CORS restricted to localhost origins, PATCH field whitelisting, postMessage sender validation
+- **Async I/O** — In-memory task cache with atomic file writes (no race conditions under concurrent access)
 - **CLI** — `annotask tasks`, `annotask report`, `annotask watch` for terminal access
 - **API** — HTTP and WebSocket endpoints for programmatic access
 
@@ -207,15 +222,17 @@ Options: `--port=N`, `--host=H`, `--server=URL` (override server.json), `--mfe=N
 
 ## API
 
-- `GET /__annotask/api/report` — Current change report
+- `GET /__annotask/api/report` — Current change report (supports `?mfe=NAME` filter)
 - `GET /__annotask/api/tasks` — Task list (supports `?mfe=NAME` filter)
 - `POST /__annotask/api/tasks` — Create a task
-- `PATCH /__annotask/api/tasks/:id` — Update task status
-- `POST /__annotask/api/screenshots` — Upload a screenshot (base64 PNG)
+- `PATCH /__annotask/api/tasks/:id` — Update task (whitelisted fields: status, description, feedback, screenshot, viewport, etc.)
+- `POST /__annotask/api/screenshots` — Upload a screenshot (base64 PNG, max 4MB)
 - `GET /__annotask/screenshots/:filename` — Serve a screenshot
 - `GET /__annotask/api/status` — Health check
 - `ws://localhost:5173/__annotask/ws` — Live WebSocket stream
 
+CORS is restricted to localhost origins. Mutating requests from non-local origins are rejected.
+
 ## Supported Frameworks
 
 | Framework | Vite | Webpack |
@@ -230,16 +247,17 @@ Options: `--port=N`, `--host=H`, `--server=URL` (override server.json), `--mfe=N
 ## Limitations
 
 - **Dev mode only** — Annotask only runs in dev servers (Vite or Webpack), never in production builds
-- **Local only** — API and WebSocket endpoints are unauthenticated (same model as Vite HMR)
+- **Local only** — API and WebSocket endpoints are localhost-restricted (CORS enforced, same model as Vite HMR)
 - **Source mapping** — Works best with component files (`.vue`, `.tsx`, `.svelte`, `.astro`, `.html`); dynamic components and render functions may not map correctly
 
 ## Development
 
 ```bash
 pnpm install
-pnpm build                   # Build shell + plugin + CLI
+pnpm build                   # Build shell + plugin + CLI + vendor deps
 pnpm dev:vue-vite             # Start Vue test app with Annotask
-pnpm test                     # Run tests
+pnpm test                     # Run unit tests
+pnpm typecheck                # Type-check (tsc + vue-tsc)
 pnpm test:e2e                 # Run E2E tests (all frameworks)
 ```
 
@@ -249,6 +267,8 @@ pnpm test:e2e                 # Run E2E tests (all frameworks)
 - `src/server/` — HTTP API, WebSocket server, shell serving, project state
 - `src/webpack/` — Webpack plugin and transform loader
 - `src/shell/` — Design tool UI (Vue 3 app, pre-built into dist/shell/)
+- `src/shell/composables/` — Vue composables (style editor, tasks, screenshots, keyboard shortcuts, a11y scanner, etc.)
+- `src/shell/components/` — UI components (inspector tabs, overlays, task detail drawer, report viewer, etc.)
 - `src/shared/` — Shared types (postMessage bridge protocol)
 - `src/schema.ts` — TypeScript types for change reports
 - `src/cli/` — CLI tool for terminal interaction

package/dist/chunk-7S23HMBH.js

@@ -0,0 +1,496 @@
+// src/server/api.ts
+import fsp from "fs/promises";
+import nodePath from "path";
+var MAX_BODY_SIZE = 4194304;
+var VALID_TASK_STATUSES = /* @__PURE__ */ new Set(["pending", "in_progress", "applied", "review", "accepted", "denied"]);
+var PATCHABLE_TASK_FIELDS = /* @__PURE__ */ new Set([
+  "status",
+  "description",
+  "notes",
+  "screenshot",
+  "feedback",
+  "intent",
+  "action",
+  "context",
+  "viewport",
+  "interaction_history",
+  "element_context",
+  "mfe"
+]);
+function readBody(req) {
+  return new Promise((resolve, reject) => {
+    let body = "";
+    let size = 0;
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY_SIZE) {
+        req.destroy();
+        reject(new Error("Request body too large"));
+        return;
+      }
+      body += chunk.toString();
+    });
+    req.on("end", () => resolve(body));
+    req.on("error", reject);
+  });
+}
+function parseJSON(raw) {
+  try {
+    return { ok: true, data: JSON.parse(raw) };
+  } catch {
+    return { ok: false };
+  }
+}
+function sendError(res, status, message) {
+  res.statusCode = status;
+  res.end(JSON.stringify({ error: message }));
+}
+function isLocalOrigin(origin) {
+  if (!origin) return true;
+  try {
+    const url = new URL(origin);
+    const host = url.hostname;
+    return host === "localhost" || host === "127.0.0.1" || host === "[::1]" || host === "::1";
+  } catch {
+    return false;
+  }
+}
+function getCorsOrigin(req) {
+  const origin = req.headers.origin;
+  if (!origin) return null;
+  return isLocalOrigin(origin) ? origin : null;
+}
+function createAPIMiddleware(options) {
+  return async (req, res, next) => {
+    if (req.url?.startsWith("/__annotask/screenshots/") && req.method === "GET") {
+      const filename = req.url.replace("/__annotask/screenshots/", "").replace(/\?.*$/, "");
+      if (!/^[a-zA-Z0-9_-]+\.png$/.test(filename)) {
+        res.statusCode = 400;
+        res.end("Invalid filename");
+        return;
+      }
+      const filePath = nodePath.join(options.projectRoot, ".annotask", "screenshots", filename);
+      try {
+        const data = await fsp.readFile(filePath);
+        res.setHeader("Content-Type", "image/png");
+        res.setHeader("Cache-Control", "public, max-age=3600");
+        const corsOrigin2 = getCorsOrigin(req);
+        if (corsOrigin2) res.setHeader("Access-Control-Allow-Origin", corsOrigin2);
+        res.end(data);
+      } catch {
+        res.statusCode = 404;
+        res.end("Not found");
+      }
+      return;
+    }
+    if (!req.url?.startsWith("/__annotask/api/")) return next();
+    const path3 = req.url.replace("/__annotask/api/", "");
+    const corsOrigin = getCorsOrigin(req);
+    res.setHeader("Content-Type", "application/json");
+    if (corsOrigin) {
+      res.setHeader("Access-Control-Allow-Origin", corsOrigin);
+      res.setHeader("Vary", "Origin");
+    }
+    res.setHeader("Access-Control-Allow-Methods", "GET, POST, PATCH, OPTIONS");
+    res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+    res.setHeader("Cache-Control", "no-cache");
+    if (req.method === "OPTIONS") {
+      res.statusCode = 200;
+      res.end();
+      return;
+    }
+    if ((req.method === "POST" || req.method === "PATCH") && !isLocalOrigin(req.headers.origin)) {
+      return sendError(res, 403, "Forbidden: non-local origin");
+    }
+    if (path3 === "report" && req.method === "GET") {
+      const report = options.getReport() ?? { version: "1.0", changes: [] };
+      const urlObj = new URL(req.url, `http://${req.headers.host || "localhost"}`);
+      const mfeFilter = urlObj.searchParams.get("mfe");
+      if (mfeFilter && report.changes) {
+        const filtered = { ...report, changes: report.changes.filter((c) => c.mfe === mfeFilter) };
+        res.end(JSON.stringify(filtered, null, 2));
+      } else {
+        res.end(JSON.stringify(report, null, 2));
+      }
+      return;
+    }
+    if (path3 === "config" && req.method === "GET") {
+      res.end(JSON.stringify(options.getConfig(), null, 2));
+      return;
+    }
+    if (path3 === "design-spec" && req.method === "GET") {
+      res.end(JSON.stringify(options.getDesignSpec(), null, 2));
+      return;
+    }
+    if (path3.startsWith("tasks") && !path3.startsWith("tasks/") && req.method === "GET") {
+      const urlObj = new URL(req.url, `http://${req.headers.host || "localhost"}`);
+      const mfeFilter = urlObj.searchParams.get("mfe");
+      const taskData = options.getTasks();
+      if (mfeFilter) {
+        const filtered = { ...taskData, tasks: taskData.tasks.filter((t) => t.mfe === mfeFilter) };
+        res.end(JSON.stringify(filtered, null, 2));
+      } else {
+        res.end(JSON.stringify(taskData, null, 2));
+      }
+      return;
+    }
+    if (path3 === "tasks" && req.method === "POST") {
+      let raw;
+      try {
+        raw = await readBody(req);
+      } catch {
+        return sendError(res, 413, "Request body too large");
+      }
+      const parsed = parseJSON(raw);
+      if (!parsed.ok) return sendError(res, 400, "Invalid JSON body");
+      const body = parsed.data;
+      if (!body || typeof body !== "object" || Array.isArray(body)) return sendError(res, 400, "Request body must be a JSON object");
+      if (typeof body.type !== "string" || !body.type) return sendError(res, 400, "Missing required field: type (string)");
+      if (typeof body.description !== "string") return sendError(res, 400, "Missing required field: description (string)");
+      res.end(JSON.stringify(options.addTask(body), null, 2));
+      return;
+    }
+    if (path3 === "screenshots" && req.method === "POST") {
+      let raw;
+      try {
+        raw = await readBody(req);
+      } catch {
+        return sendError(res, 413, "Request body too large");
+      }
+      const parsed = parseJSON(raw);
+      if (!parsed.ok) return sendError(res, 400, "Invalid JSON body");
+      const body = parsed.data;
+      if (!body.data || typeof body.data !== "string") return sendError(res, 400, "Missing data field");
+      const match = body.data.match(/^data:image\/png;base64,(.+)$/);
+      if (!match) return sendError(res, 400, "Invalid PNG data URL");
+      const buffer = Buffer.from(match[1], "base64");
+      if (buffer.length > 4 * 1024 * 1024) return sendError(res, 413, "Screenshot too large (max 4MB)");
+      const filename = `screenshot-${Date.now()}-${Math.random().toString(36).slice(2, 7)}.png`;
+      const dir = nodePath.join(options.projectRoot, ".annotask", "screenshots");
+      await fsp.mkdir(dir, { recursive: true });
+      await fsp.writeFile(nodePath.join(dir, filename), buffer);
+      res.end(JSON.stringify({ filename }));
+      return;
+    }
+    if (path3.startsWith("tasks/") && req.method === "PATCH") {
+      const id = path3.replace("tasks/", "");
+      let raw;
+      try {
+        raw = await readBody(req);
+      } catch {
+        return sendError(res, 413, "Request body too large");
+      }
+      const parsed = parseJSON(raw);
+      if (!parsed.ok) return sendError(res, 400, "Invalid JSON body");
+      const body = parsed.data;
+      if (!body || typeof body !== "object" || Array.isArray(body)) return sendError(res, 400, "Request body must be a JSON object");
+      if (body.status !== void 0 && !VALID_TASK_STATUSES.has(body.status)) {
+        return sendError(res, 400, `Invalid status. Must be one of: ${[...VALID_TASK_STATUSES].join(", ")}`);
+      }
+      const sanitized = {};
+      for (const key of Object.keys(body)) {
+        if (PATCHABLE_TASK_FIELDS.has(key)) {
+          sanitized[key] = body[key];
+        }
+      }
+      res.end(JSON.stringify(options.updateTask(id, sanitized), null, 2));
+      return;
+    }
+    if (path3 === "status" && req.method === "GET") {
+      res.end(JSON.stringify({ status: "ok", tool: "annotask" }));
+      return;
+    }
+    res.statusCode = 404;
+    res.end(JSON.stringify({ error: "Not found" }));
+  };
+}
+
+// src/server/ws-server.ts
+import { WebSocketServer, WebSocket } from "ws";
+function createWSServer() {
+  let currentReport = null;
+  const clients = /* @__PURE__ */ new Set();
+  const wss = new WebSocketServer({ noServer: true });
+  wss.on("connection", (ws) => {
+    clients.add(ws);
+    if (currentReport) {
+      ws.send(JSON.stringify({ event: "report:current", data: currentReport, timestamp: Date.now() }));
+    }
+    ws.on("message", (raw) => {
+      try {
+        const msg = JSON.parse(raw.toString());
+        if (msg.event === "report:updated") {
+          currentReport = msg.data;
+          for (const client of clients) {
+            if (client !== ws && client.readyState === WebSocket.OPEN) {
+              client.send(JSON.stringify({ event: "report:updated", data: msg.data, timestamp: Date.now() }));
+            }
+          }
+        }
+        if (msg.event === "changes:cleared") {
+          currentReport = null;
+          for (const client of clients) {
+            if (client !== ws && client.readyState === WebSocket.OPEN) {
+              client.send(JSON.stringify({ event: "changes:cleared", data: null, timestamp: Date.now() }));
+            }
+          }
+        }
+        if (msg.event === "get:report") {
+          ws.send(JSON.stringify({ event: "report:current", data: currentReport, timestamp: Date.now() }));
+        }
+      } catch {
+      }
+    });
+    ws.on("close", () => {
+      clients.delete(ws);
+    });
+  });
+  return {
+    handleUpgrade(req, socket, head) {
+      wss.handleUpgrade(req, socket, head, (ws) => {
+        wss.emit("connection", ws, req);
+      });
+    },
+    broadcast(event, data) {
+      const msg = JSON.stringify({ event, data, timestamp: Date.now() });
+      for (const client of clients) {
+        if (client.readyState === WebSocket.OPEN) client.send(msg);
+      }
+    },
+    getReport() {
+      return currentReport;
+    },
+    clients
+  };
+}
+
+// src/server/serve-shell.ts
+import fsp2 from "fs/promises";
+import path from "path";
+import { fileURLToPath } from "url";
+var __dirname = path.dirname(fileURLToPath(import.meta.url));
+function findShellDist() {
+  return path.resolve(__dirname, "shell");
+}
+function findVendorDist() {
+  return path.resolve(__dirname, "vendor");
+}
+function createShellMiddleware() {
+  const shellDist = findShellDist();
+  const vendorDist = findVendorDist();
+  return async (req, res, next) => {
+    if (!req.url?.startsWith("/__annotask")) return next();
+    const origin = req.headers.origin;
+    if (origin) {
+      try {
+        const host = new URL(origin).hostname;
+        if (host === "localhost" || host === "127.0.0.1" || host === "[::1]" || host === "::1") {
+          res.setHeader("Access-Control-Allow-Origin", origin);
+          res.setHeader("Vary", "Origin");
+        }
+      } catch {
+      }
+    }
+    let filePath = req.url.replace("/__annotask", "") || "/";
+    const queryIndex = filePath.indexOf("?");
+    if (queryIndex !== -1) filePath = filePath.slice(0, queryIndex);
+    if (filePath === "/" || filePath === "") filePath = "/index.html";
+    if (filePath.startsWith("/api/") || filePath === "/ws") return next();
+    if (filePath.startsWith("/vendor/")) {
+      const vendorFile = path.join(vendorDist, filePath.replace("/vendor/", ""));
+      if (!vendorFile.startsWith(vendorDist)) {
+        res.statusCode = 403;
+        res.end("Forbidden");
+        return;
+      }
+      try {
+        const data = await fsp2.readFile(vendorFile);
+        res.setHeader("Content-Type", "application/javascript");
+        res.setHeader("Cache-Control", "public, max-age=86400");
+        res.end(data);
+      } catch {
+        res.statusCode = 404;
+        res.end("Vendor file not found");
+        return;
+      }
+      return;
+    }
+    const fullPath = path.join(shellDist, filePath);
+    if (!fullPath.startsWith(shellDist)) {
+      res.statusCode = 403;
+      res.end("Forbidden");
+      return;
+    }
+    try {
+      const stat = await fsp2.stat(fullPath);
+      if (!stat.isFile()) throw new Error("not a file");
+      const ext = path.extname(fullPath);
+      const contentTypes = {
+        ".html": "text/html",
+        ".js": "application/javascript",
+        ".css": "text/css",
+        ".json": "application/json",
+        ".svg": "image/svg+xml",
+        ".png": "image/png",
+        ".ico": "image/x-icon"
+      };
+      res.setHeader("Content-Type", contentTypes[ext] || "application/octet-stream");
+      const data = await fsp2.readFile(fullPath);
+      res.end(data);
+    } catch {
+      const indexPath = path.join(shellDist, "index.html");
+      try {
+        const html = await fsp2.readFile(indexPath, "utf-8");
+        res.setHeader("Content-Type", "text/html");
+        res.end(html);
+      } catch {
+        res.statusCode = 404;
+        res.end("Annotask shell not built. Run: pnpm build:shell");
+      }
+    }
+  };
+}
+
+// src/server/state.ts
+import fs from "fs";
+import fsp3 from "fs/promises";
+import path2 from "path";
+var DEFAULT_DESIGN_SPEC = {
+  initialized: false,
+  version: "1.0",
+  framework: null,
+  colors: [],
+  typography: { families: [], scale: [], weights: [] },
+  spacing: [],
+  borders: { radius: [] },
+  icons: null,
+  components: null
+};
+async function atomicWrite(filePath, data) {
+  const dir = path2.dirname(filePath);
+  await fsp3.mkdir(dir, { recursive: true });
+  const tmpPath = filePath + `.tmp.${process.pid}.${Date.now()}`;
+  await fsp3.writeFile(tmpPath, data, "utf-8");
+  await fsp3.rename(tmpPath, filePath);
+}
+function createProjectState(projectRoot, broadcast) {
+  let cachedDesignSpec = null;
+  let specWatcher = null;
+  const tasksPath = path2.join(projectRoot, ".annotask", "tasks.json");
+  let taskCache = null;
+  let writeQueue = Promise.resolve();
+  function loadTasksSync() {
+    if (taskCache) return taskCache;
+    try {
+      taskCache = JSON.parse(fs.readFileSync(tasksPath, "utf-8"));
+    } catch {
+      taskCache = { version: "1.0", tasks: [] };
+    }
+    return taskCache;
+  }
+  function flushTasks() {
+    const data = taskCache;
+    if (!data) return;
+    writeQueue = writeQueue.then(() => atomicWrite(tasksPath, JSON.stringify(data, null, 2))).catch(() => {
+    });
+  }
+  function getDesignSpec() {
+    if (cachedDesignSpec !== null) return cachedDesignSpec;
+    const specPath = path2.join(projectRoot, ".annotask", "design-spec.json");
+    try {
+      cachedDesignSpec = { initialized: true, ...JSON.parse(fs.readFileSync(specPath, "utf-8")) };
+    } catch {
+      cachedDesignSpec = DEFAULT_DESIGN_SPEC;
+    }
+    if (!specWatcher) {
+      const configDir = path2.join(projectRoot, ".annotask");
+      try {
+        if (!fs.existsSync(configDir)) fs.mkdirSync(configDir, { recursive: true });
+        specWatcher = fs.watch(configDir, (_, filename) => {
+          cachedDesignSpec = null;
+          if (filename === "design-spec.json") broadcast("designspec:updated", null);
+          if (filename === "tasks.json") {
+            taskCache = null;
+          }
+        });
+      } catch {
+        cachedDesignSpec = null;
+      }
+    }
+    return cachedDesignSpec ?? DEFAULT_DESIGN_SPEC;
+  }
+  function getConfig() {
+    const spec = getDesignSpec();
+    return { initialized: !!spec?.initialized, ...spec };
+  }
+  function addTask(task) {
+    const data = loadTasksSync();
+    const id = `task-${Date.now()}-${Math.random().toString(36).slice(2, 7)}`;
+    const newTask = { id, status: "pending", createdAt: Date.now(), updatedAt: Date.now(), ...task };
+    data.tasks.push(newTask);
+    flushTasks();
+    broadcast("tasks:updated", data);
+    return newTask;
+  }
+  function updateTask(id, updates) {
+    const data = loadTasksSync();
+    const task = data.tasks.find((t) => t.id === id);
+    if (!task) return { error: "Task not found" };
+    Object.assign(task, updates, { updatedAt: Date.now() });
+    if (updates.status === "accepted") {
+      if (task.screenshot) {
+        const screenshotPath = path2.join(projectRoot, ".annotask", "screenshots", task.screenshot);
+        fsp3.unlink(screenshotPath).catch(() => {
+        });
+      }
+      data.tasks = data.tasks.filter((t) => t.id !== id);
+    }
+    flushTasks();
+    broadcast("tasks:updated", data);
+    return task;
+  }
+  function dispose() {
+    if (specWatcher) {
+      specWatcher.close();
+      specWatcher = null;
+    }
+  }
+  return { getDesignSpec, getConfig, getTasks: loadTasksSync, addTask, updateTask, dispose };
+}
+
+// src/server/index.ts
+function createAnnotaskServer(options) {
+  const wsServer = createWSServer();
+  const state = createProjectState(options.projectRoot, wsServer.broadcast);
+  const apiMiddleware = createAPIMiddleware({
+    projectRoot: options.projectRoot,
+    getReport: () => wsServer.getReport(),
+    getConfig: () => state.getConfig(),
+    getDesignSpec: () => state.getDesignSpec(),
+    getTasks: () => state.getTasks(),
+    addTask: (task) => state.addTask(task),
+    updateTask: (id, updates) => state.updateTask(id, updates)
+  });
+  const shellMiddleware = createShellMiddleware();
+  const middleware = (req, res, next) => {
+    apiMiddleware(req, res, () => {
+      shellMiddleware(req, res, next);
+    });
+  };
+  return {
+    middleware,
+    handleUpgrade: (req, socket, head) => wsServer.handleUpgrade(req, socket, head),
+    broadcast: (event, data) => wsServer.broadcast(event, data),
+    getReport: () => wsServer.getReport(),
+    dispose: () => state.dispose()
+  };
+}
+
+export {
+  createAPIMiddleware,
+  createWSServer,
+  createShellMiddleware,
+  createProjectState,
+  createAnnotaskServer
+};
+//# sourceMappingURL=chunk-7S23HMBH.js.map