chapterhouse 0.1.1

package/dist/api/server.js

@@ -0,0 +1,651 @@
+import cors from "cors";
+import express from "express";
+import helmet from "helmet";
+import { existsSync, statSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import { z } from "zod";
+import { sendToOrchestrator, getAgentInfo, cancelCurrentMessage, getLastRouteResult, getCurrentSessionKey } from "../copilot/orchestrator.js";
+import { getAgentRegistry } from "../copilot/agents.js";
+import { config, persistModel } from "../config.js";
+import { getRouterConfig, updateRouterConfig } from "../copilot/router.js";
+import { searchIndex, parseIndex } from "../wiki/index-manager.js";
+import { createAuthMiddleware, getBootstrapAuthResponse } from "./auth.js";
+import { createConcurrentConnectionLimiter, createFixedWindowRateLimiter } from "./rate-limit.js";
+import { createTeamRouter } from "./team.js";
+import { writePage, deletePage, pageExists, listPages, ensureWikiStructure, assertPagePath, } from "../wiki/fs.js";
+import { readWikiPage, teamWikiSync } from "../wiki/team-sync.js";
+import { withWikiWrite } from "../wiki/lock.js";
+import { listSkills, removeSkill } from "../copilot/skills.js";
+import { restartDaemon } from "../daemon.js";
+import { API_TOKEN_PATH, resolveWikiRelativePath } from "../paths.js";
+import { getDb } from "../store/db.js";
+import { getStatus, onStatusChange } from "../status.js";
+import { formatSseData, formatSseEvent } from "./sse.js";
+import { syncDecisionsFileToWiki } from "../squad/mirror.js";
+import { assertAuthenticationConfigured, createHealthPayload, createPublicConfigPayload, buildHistoryEntries, getDisplayHost, resolveApiToken, shouldServeSpaPath, } from "./server-runtime.js";
+import { BadRequestError, ForbiddenError, InternalServerError, NotFoundError, apiNotFoundHandler, asBadRequest, createApiErrorHandler, parseRequest, } from "./errors.js";
+void searchIndex; // re-exported by index-manager; reference here documents the dep
+const __dirname = dirname(fileURLToPath(import.meta.url));
+// Built SPA bundle (web/dist/), shipped alongside dist/
+const WEB_DIST_DIR = join(__dirname, "..", "..", "web", "dist");
+const WEB_INDEX_HTML = join(WEB_DIST_DIR, "index.html");
+const requiredString = (message) => z.string({ error: message }).trim().min(1, message);
+const messageRequestSchema = z.object({
+    prompt: requiredString("Missing 'prompt' in request body"),
+    connectionId: requiredString("Missing or invalid 'connectionId'. Connect to /stream first."),
+    projectPath: z.string().optional(),
+    sessionKey: z.string().optional(),
+});
+const modelRequestSchema = z.object({
+    model: requiredString("Missing 'model' in request body"),
+}).strict();
+const autoRequestSchema = z.object({
+    enabled: z.boolean().optional(),
+    tierModels: z.object({
+        fast: requiredString("tierModels.fast must be a non-empty string").optional(),
+        standard: requiredString("tierModels.standard must be a non-empty string").optional(),
+        premium: requiredString("tierModels.premium must be a non-empty string").optional(),
+    }).strict().optional(),
+    cooldownMessages: z.number({ error: "cooldownMessages must be a number" })
+        .int("cooldownMessages must be an integer")
+        .min(0, "cooldownMessages must be a non-negative integer")
+        .optional(),
+}).strict();
+const wikiWriteSchema = z.object({
+    content: z.string({ error: "Missing 'content' string in request body" }),
+}).strict();
+// Load a configured API token when present; startup validation below enforces auth.
+let apiToken = null;
+try {
+    apiToken = resolveApiToken({
+        envToken: process.env.API_TOKEN,
+        tokenPath: API_TOKEN_PATH,
+    });
+    assertAuthenticationConfigured({
+        entraAuthEnabled: config.entraAuthEnabled,
+        apiToken,
+    });
+}
+catch (err) {
+    console.error(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+}
+if (config.standaloneMode) {
+    console.log("[standalone] Running without authentication — team features disabled");
+}
+function isLoopbackHostname(hostname) {
+    return hostname === "127.0.0.1" || hostname === "localhost" || hostname === "::1";
+}
+function isAllowedCorsOrigin(origin) {
+    if (config.corsAllowedOrigins.includes(origin)) {
+        return true;
+    }
+    if (!config.isProduction) {
+        try {
+            return isLoopbackHostname(new URL(origin).hostname);
+        }
+        catch {
+            return false;
+        }
+    }
+    return false;
+}
+const app = express();
+app.disable("x-powered-by");
+app.use(helmet({
+    contentSecurityPolicy: false,
+    crossOriginEmbedderPolicy: false,
+}));
+app.use(cors({
+    origin(origin, callback) {
+        if (!origin || isAllowedCorsOrigin(origin)) {
+            callback(null, true);
+            return;
+        }
+        callback(null, false);
+    },
+    methods: ["GET", "HEAD", "POST", "PUT", "DELETE", "OPTIONS"],
+    allowedHeaders: ["Authorization", "Content-Type"],
+    maxAge: 600,
+    optionsSuccessStatus: 204,
+}));
+app.use(express.json({ limit: "2mb" }));
+function sendRateLimitResponse(res, retryAfterSeconds, message) {
+    res.setHeader("Retry-After", String(retryAfterSeconds));
+    res.status(429).json({ error: `${message} Retry after ${retryAfterSeconds} seconds.` });
+}
+const apiRateLimit = createFixedWindowRateLimiter({
+    windowMs: config.apiRateLimitWindowMs,
+    maxRequests: config.apiRateLimitGeneralMax,
+    skip: (req) => req.path === "/bootstrap",
+    onLimit: (_req, res, retryAfterSeconds) => {
+        sendRateLimitResponse(res, retryAfterSeconds, "Too many API requests.");
+    },
+});
+const authRateLimit = createFixedWindowRateLimiter({
+    windowMs: config.apiRateLimitWindowMs,
+    maxRequests: config.apiRateLimitAuthMax,
+    onLimit: (_req, res, retryAfterSeconds) => {
+        sendRateLimitResponse(res, retryAfterSeconds, "Too many authentication attempts.");
+    },
+});
+const sseConcurrentLimit = createConcurrentConnectionLimiter({
+    maxConnections: config.apiRateLimitSseMaxConnections,
+    onLimit: (_req, res, retryAfterSeconds) => {
+        sendRateLimitResponse(res, retryAfterSeconds, "Too many concurrent stream connections.");
+    },
+});
+const authMiddleware = createAuthMiddleware({
+    apiToken,
+    config: {
+        entraAuthEnabled: config.entraAuthEnabled,
+        standaloneMode: config.standaloneMode,
+        entraTenantId: config.entraTenantId,
+        entraClientId: config.entraClientId,
+        entraRequiredRole: config.entraRequiredRole,
+        entraTeamLeadId: config.entraTeamLeadId,
+    },
+});
+app.use("/api/team", apiRateLimit, createTeamRouter({ authMiddleware }));
+app.use("/api", apiRateLimit);
+app.use("/api/bootstrap", authRateLimit);
+app.use("/stream", authRateLimit, sseConcurrentLimit);
+app.use(authMiddleware);
+// Loopback-only origin gate for the bootstrap endpoint that hands the token to the SPA.
+function isLoopbackOrigin(req) {
+    const origin = req.headers.origin || req.headers.referer;
+    if (!origin) {
+        // Same-origin fetches from the served SPA omit Origin; permit when the request comes
+        // from the loopback socket itself.
+        const remote = req.socket.remoteAddress || "";
+        return remote === "127.0.0.1" || remote === "::1" || remote === "::ffff:127.0.0.1";
+    }
+    try {
+        return isLoopbackHostname(new URL(origin).hostname);
+    }
+    catch {
+        return false;
+    }
+}
+function readPathParam(req) {
+    const raw = req.query.path;
+    if (typeof raw !== "string" || !raw) {
+        throw new BadRequestError("Missing 'path' query param");
+    }
+    return raw;
+}
+function assertValidPagePath(path) {
+    try {
+        assertPagePath(path);
+        return path;
+    }
+    catch (error) {
+        asBadRequest(error);
+    }
+}
+function getWikiPageScope(path) {
+    return teamWikiSync.isTeamPath(path) ? "team" : "personal";
+}
+// Active SSE connections
+const sseClients = new Map();
+const pendingSseMessages = [];
+let connectionCounter = 0;
+// ---------------------------------------------------------------------------
+// Bootstrap — hands the API token to the same-origin SPA on first load.
+// Loopback-only by IP / Origin check.
+// ---------------------------------------------------------------------------
+app.get("/api/bootstrap", (req, res) => {
+    if (!isLoopbackOrigin(req)) {
+        throw new ForbiddenError("Bootstrap is loopback-only");
+    }
+    res.json(getBootstrapAuthResponse(apiToken, {
+        entraAuthEnabled: config.entraAuthEnabled,
+        standaloneMode: config.standaloneMode,
+        entraTenantId: config.entraTenantId,
+        entraClientId: config.entraClientId,
+        entraRequiredRole: config.entraRequiredRole,
+        entraTeamLeadId: config.entraTeamLeadId,
+    }));
+});
+app.get("/api/config/public", (_req, res) => {
+    res.json(createPublicConfigPayload({
+        entraAuthEnabled: config.entraAuthEnabled,
+        standaloneMode: config.standaloneMode,
+        entraClientId: config.entraClientId,
+        entraTenantId: config.entraTenantId,
+    }));
+});
+// Health check — intentionally unauthenticated, returns no sensitive data
+const handleHealth = (_req, res) => {
+    res.json(createHealthPayload());
+};
+app.get("/status", handleHealth);
+app.get("/health", handleHealth);
+// ---------------------------------------------------------------------------
+// Workers / agents
+// ---------------------------------------------------------------------------
+app.get("/api/agents", (_req, res) => {
+    res.json(getAgentInfo());
+});
+// List all workers: reads from SQLite agent_tasks (last 24 hours) so completed
+// squad-dispatched tasks remain visible after they finish, not just in-flight ones.
+app.get("/api/workers", (_req, res) => {
+    const rows = getDb()
+        .prepare(`SELECT task_id, agent_slug, description, status, started_at, completed_at
+       FROM agent_tasks
+       WHERE started_at >= datetime('now', '-24 hours')
+       ORDER BY started_at DESC
+       LIMIT 100`)
+        .all();
+    const registry = getAgentRegistry();
+    res.json(rows.map((row) => {
+        const agent = registry.find((a) => a.slug === row.agent_slug);
+        return {
+            taskId: row.task_id,
+            slug: row.agent_slug,
+            name: agent?.name || row.agent_slug,
+            model: agent?.model || "unknown",
+            description: row.description,
+            status: row.status,
+            startedAt: row.started_at,
+            completedAt: row.completed_at,
+        };
+    }));
+});
+// Detailed worker row: include task status, description, and any captured result/output.
+app.get("/api/workers/:taskId", (req, res) => {
+    const taskId = req.params.taskId;
+    const row = getDb()
+        .prepare(`SELECT task_id, agent_slug, description, status, result, started_at, completed_at
+       FROM agent_tasks WHERE task_id = ?`)
+        .get(taskId);
+    if (!row) {
+        throw new NotFoundError("Task not found");
+    }
+    res.json({
+        taskId: row.task_id,
+        agentSlug: row.agent_slug,
+        description: row.description,
+        status: row.status,
+        result: row.result,
+        startedAt: row.started_at,
+        completedAt: row.completed_at,
+    });
+});
+// ---------------------------------------------------------------------------
+// SSE stream for real-time chat
+// ---------------------------------------------------------------------------
+app.get("/stream", (req, res) => {
+    const connectionId = `web-${++connectionCounter}`;
+    res.writeHead(200, {
+        "Content-Type": "text/event-stream",
+        "Cache-Control": "no-cache",
+        Connection: "keep-alive",
+    });
+    res.write(formatSseData({ type: "connected", connectionId }));
+    while (pendingSseMessages.length > 0) {
+        const queued = pendingSseMessages.shift();
+        if (!queued) {
+            continue;
+        }
+        res.write(formatSseData({ type: "message", content: queued }));
+    }
+    sseClients.set(connectionId, res);
+    const unsubscribeStatus = onStatusChange((status, message) => {
+        res.write(formatSseEvent("status", { status, message }));
+    });
+    const currentStatus = getStatus();
+    if (currentStatus.status !== "idle") {
+        res.write(formatSseEvent("status", currentStatus));
+    }
+    const heartbeat = setInterval(() => {
+        res.write(`:ping\n\n`);
+    }, 20_000);
+    req.on("close", () => {
+        clearInterval(heartbeat);
+        unsubscribeStatus();
+        sseClients.delete(connectionId);
+    });
+});
+// ---------------------------------------------------------------------------
+// Send a message to the orchestrator
+// ---------------------------------------------------------------------------
+app.post("/api/message", (req, res) => {
+    const { prompt, connectionId, projectPath, sessionKey: requestedSessionKey } = parseRequest(messageRequestSchema, req.body);
+    const effectiveSessionKey = requestedSessionKey || "default";
+    if (!sseClients.has(connectionId)) {
+        throw new BadRequestError("Missing or invalid 'connectionId'. Connect to /stream first.");
+    }
+    sendToOrchestrator(prompt, {
+        type: "web",
+        connectionId,
+        user: req.user,
+        authorizationHeader: typeof req.headers.authorization === "string" ? req.headers.authorization : undefined,
+        projectPath: projectPath || undefined,
+    }, (text, done) => {
+        const sseRes = sseClients.get(connectionId);
+        if (sseRes) {
+            const event = {
+                type: done ? "message" : "delta",
+                content: text,
+                sessionKey: effectiveSessionKey,
+            };
+            if (done) {
+                const routeResult = getLastRouteResult();
+                if (routeResult) {
+                    event.route = {
+                        model: routeResult.model,
+                        routerMode: routeResult.routerMode,
+                        tier: routeResult.tier,
+                        ...(routeResult.overrideName ? { overrideName: routeResult.overrideName } : {}),
+                    };
+                }
+            }
+            sseRes.write(formatSseData(event));
+        }
+    }, undefined, (activity) => {
+        const sseRes = sseClients.get(connectionId);
+        if (sseRes) {
+            sseRes.write(formatSseData({ type: "activity", ...activity, sessionKey: effectiveSessionKey }));
+        }
+    });
+    res.json({ status: "queued" });
+});
+// Cancel the current in-flight message
+app.post("/api/cancel", async (_req, res) => {
+    const sessionKey = getCurrentSessionKey();
+    const cancelled = await cancelCurrentMessage();
+    for (const [, sseRes] of sseClients) {
+        sseRes.write(formatSseData({ type: "cancelled", sessionKey }));
+    }
+    res.json({ status: "ok", cancelled });
+});
+// ---------------------------------------------------------------------------
+// Model & router
+// ---------------------------------------------------------------------------
+app.get("/api/model", (_req, res) => {
+    res.json({ model: config.copilotModel });
+});
+app.post("/api/model", async (req, res) => {
+    const { model } = parseRequest(modelRequestSchema, req.body);
+    try {
+        const { getClient } = await import("../copilot/client.js");
+        const client = await getClient();
+        const models = await client.listModels();
+        const match = models.find((m) => m.id === model);
+        if (!match) {
+            const suggestions = models
+                .filter((m) => m.id.includes(model) || m.id.toLowerCase().includes(model.toLowerCase()))
+                .map((m) => m.id);
+            const hint = suggestions.length > 0 ? ` Did you mean: ${suggestions.join(", ")}?` : "";
+            throw new BadRequestError(`Model '${model}' not found.${hint}`);
+        }
+    }
+    catch (error) {
+        if (error instanceof BadRequestError) {
+            throw error;
+        }
+        // If we can't validate (client not ready), allow the switch — it'll fail on next message if wrong
+    }
+    const previous = config.copilotModel;
+    config.copilotModel = model;
+    persistModel(model);
+    res.json({ previous, current: model });
+});
+app.get("/api/models", async (_req, res) => {
+    try {
+        const { getClient } = await import("../copilot/client.js");
+        const client = await getClient();
+        const models = await client.listModels();
+        res.json({ models: models.map((m) => m.id), current: config.copilotModel });
+    }
+    catch (error) {
+        console.error("[api] Failed to list models:", error);
+        throw new InternalServerError();
+    }
+});
+app.get("/api/auto", (_req, res) => {
+    const routerConfig = getRouterConfig();
+    const lastRoute = getLastRouteResult();
+    res.json({
+        ...routerConfig,
+        currentModel: config.copilotModel,
+        lastRoute: lastRoute || null,
+    });
+});
+app.post("/api/auto", (req, res) => {
+    const body = parseRequest(autoRequestSchema, req.body ?? {});
+    const updated = updateRouterConfig(body);
+    console.log(`[chapterhouse] Auto-routing ${updated.enabled ? "enabled" : "disabled"}`);
+    res.json(updated);
+});
+// ---------------------------------------------------------------------------
+// Wiki: list, read, write, delete
+// ---------------------------------------------------------------------------
+app.get("/api/wiki/pages", async (req, res) => {
+    ensureWikiStructure();
+    // Sync team wiki pages if connected, using the caller's auth token
+    if (teamWikiSync.isEnabled()) {
+        const authorizationHeader = typeof req.headers.authorization === "string"
+            ? req.headers.authorization
+            : undefined;
+        try {
+            await teamWikiSync.syncAll({ authorizationHeader });
+        }
+        catch {
+            // Non-fatal: list local pages even if team sync fails
+        }
+    }
+    const entries = parseIndex();
+    // Index entries first (rich metadata), then any pages on disk that aren't yet indexed.
+    const indexed = new Set(entries.map((e) => e.path));
+    const indexedResults = entries.map((e) => ({
+        path: e.path,
+        title: e.title,
+        summary: e.summary,
+        section: e.section,
+        tags: e.tags || [],
+        updated: e.updated || "",
+        scope: getWikiPageScope(e.path),
+    }));
+    const orphanResults = listPages()
+        .filter((p) => !indexed.has(p))
+        .map((p) => ({
+        path: p,
+        title: p,
+        summary: "",
+        section: "Unindexed",
+        tags: [],
+        updated: "",
+        scope: getWikiPageScope(p),
+    }));
+    res.json([...indexedResults, ...orphanResults]);
+});
+app.get("/api/wiki/page", async (req, res) => {
+    const path = assertValidPagePath(readPathParam(req));
+    const authorizationHeader = typeof req.headers.authorization === "string"
+        ? req.headers.authorization
+        : undefined;
+    const content = await readWikiPage(path, { authorizationHeader });
+    if (content === undefined) {
+        throw new NotFoundError("Page not found");
+    }
+    res.json({ path, content });
+});
+app.put("/api/wiki/page", async (req, res) => {
+    const path = assertValidPagePath(readPathParam(req));
+    const { content } = parseRequest(wikiWriteSchema, req.body);
+    const created = await withWikiWrite(() => {
+        const isCreated = !pageExists(path);
+        writePage(path, content);
+        return isCreated;
+    });
+    res.json({ ok: true, created, path });
+});
+app.delete("/api/wiki/page", async (req, res) => {
+    const path = assertValidPagePath(readPathParam(req));
+    const removed = await withWikiWrite(() => deletePage(path));
+    res.json({ ok: removed, path });
+});
+// ---------------------------------------------------------------------------
+// History — past conversation summaries auto-written to pages/conversations/
+// ---------------------------------------------------------------------------
+app.get("/api/history", (_req, res) => {
+    ensureWikiStructure();
+    const entries = buildHistoryEntries(listPages().filter((p) => p.startsWith("pages/conversations/")), {
+        resolveWikiPath: resolveWikiRelativePath,
+        stat: statSync,
+    });
+    res.json(entries);
+});
+// ---------------------------------------------------------------------------
+// Skills
+// ---------------------------------------------------------------------------
+app.get("/api/skills", (_req, res) => {
+    res.json(listSkills());
+});
+app.delete("/api/skills/:slug", (req, res) => {
+    const slug = Array.isArray(req.params.slug) ? req.params.slug[0] : req.params.slug;
+    const result = removeSkill(slug);
+    if (!result.ok) {
+        throw new BadRequestError(result.message);
+    }
+    res.json({ ok: true, message: result.message });
+});
+// Restart daemon
+app.post("/api/restart", (_req, res) => {
+    res.json({ status: "restarting" });
+    setTimeout(() => {
+        restartDaemon().catch((err) => {
+            console.error("[chapterhouse] Restart failed:", err);
+        });
+    }, 500);
+});
+// ---------------------------------------------------------------------------
+// Projects (Squad integration)
+// ---------------------------------------------------------------------------
+const projectRegisterSchema = z.object({
+    projectRoot: requiredString("projectRoot must be a non-empty string"),
+}).strict();
+app.get("/api/projects", (_req, res) => {
+    if (!config.squadEnabled) {
+        res.status(503).json({ error: "Squad integration is disabled. Set ENABLE_SQUAD=1 to enable." });
+        return;
+    }
+    const db = getDb();
+    const rows = db.prepare(`
+    SELECT project_squads.project_root, project_squads.squad_dir,
+           COUNT(squad_agents.slug) as agent_count, project_squads.loaded_at
+    FROM project_squads
+    LEFT JOIN squad_agents ON project_squads.project_root = squad_agents.project_root
+    WHERE project_squads.registered = 1
+    GROUP BY project_squads.project_root
+    ORDER BY project_squads.loaded_at DESC
+  `).all();
+    res.json(rows.map((r) => ({
+        projectRoot: r.project_root,
+        squadDir: r.squad_dir,
+        agentCount: r.agent_count,
+        loadedAt: r.loaded_at,
+    })));
+});
+app.post("/api/projects", async (req, res) => {
+    if (!config.squadEnabled) {
+        res.status(503).json({ error: "Squad integration is disabled. Set ENABLE_SQUAD=1 to enable." });
+        return;
+    }
+    const { projectRoot } = parseRequest(projectRegisterSchema, req.body);
+    if (!existsSync(projectRoot)) {
+        throw new BadRequestError(`Directory not found: ${projectRoot}`);
+    }
+    const squadDir = join(projectRoot, ".squad");
+    if (!existsSync(squadDir)) {
+        res.status(400).json({ error: "No .squad directory found at this path" });
+        return;
+    }
+    const db = getDb();
+    db.prepare(`INSERT OR REPLACE INTO project_squads (project_root, squad_dir, team_dir, mode, registered) VALUES (?, ?, ?, 'local', 1)`)
+        .run(projectRoot, squadDir, squadDir);
+    // Fire-and-forget: sync decisions.md to the wiki. Non-fatal if it fails.
+    syncDecisionsFileToWiki(projectRoot).then(result => {
+        if (result) {
+            console.log(`[squad] Synced ${result.entriesSynced} decision entries to wiki for ${projectRoot}`);
+        }
+    }).catch(err => {
+        console.warn('[squad] syncDecisionsFileToWiki failed during registration (non-fatal):', err instanceof Error ? err.message : err);
+    });
+    res.status(201).json({ projectRoot, message: "Project registered successfully" });
+});
+app.delete("/api/projects/:projectRoot", (req, res) => {
+    if (!config.squadEnabled) {
+        res.status(503).json({ error: "Squad integration is disabled. Set ENABLE_SQUAD=1 to enable." });
+        return;
+    }
+    const raw = Array.isArray(req.params.projectRoot) ? req.params.projectRoot[0] : req.params.projectRoot;
+    const projectRoot = decodeURIComponent(raw);
+    const db = getDb();
+    const existing = db.prepare(`SELECT project_root FROM project_squads WHERE project_root = ?`).get(projectRoot);
+    if (!existing) {
+        throw new NotFoundError("Project not found");
+    }
+    db.prepare(`DELETE FROM project_squads WHERE project_root = ?`).run(projectRoot);
+    db.prepare(`DELETE FROM squad_agents WHERE project_root = ?`).run(projectRoot);
+    res.json({ message: "Project removed" });
+});
+app.use(apiNotFoundHandler);
+// ---------------------------------------------------------------------------
+// Static SPA + fallback. Mounted last so API routes win.
+// ---------------------------------------------------------------------------
+if (existsSync(WEB_DIST_DIR)) {
+    app.use(express.static(WEB_DIST_DIR, { index: false, maxAge: "1h" }));
+    // SPA fallback for client-side routing. Everything not under /api/ or the
+    // public transport endpoints gets index.html.
+    app.use((req, res, next) => {
+        if (req.method !== "GET" || !shouldServeSpaPath(req.path)) {
+            next();
+            return;
+        }
+        if (existsSync(WEB_INDEX_HTML)) {
+            res.sendFile("index.html", { root: WEB_DIST_DIR });
+        }
+        else {
+            res.status(404).send("Web UI not built. Run `npm run build` first.");
+        }
+    });
+}
+else {
+    app.get("/", (_req, res) => {
+        res
+            .status(503)
+            .send("Web UI not built. Run `npm run build` (or `npm --prefix web run build`) first.");
+    });
+}
+app.use(createApiErrorHandler());
+export function startApiServer() {
+    return new Promise((resolve, reject) => {
+        const server = app.listen(config.apiPort, config.apiHost, () => {
+            console.log(`[chapterhouse] HTTP API + web UI listening on http://${getDisplayHost(config.apiHost)}:${config.apiPort}`);
+            resolve();
+        });
+        server.on("error", (err) => {
+            if (err.code === "EADDRINUSE") {
+                reject(new Error(`Port ${config.apiPort} is already in use. Is another Chapterhouse instance running?`));
+            }
+            else {
+                reject(err);
+            }
+        });
+    });
+}
+/** Broadcast a proactive message to all connected SSE clients (for background task completions). */
+export function broadcastToSSE(text) {
+    if (sseClients.size === 0) {
+        pendingSseMessages.push(text);
+        return;
+    }
+    for (const [, res] of sseClients) {
+        res.write(formatSseData({ type: "message", content: text }));
+    }
+}
+//# sourceMappingURL=server.js.map