chapterhouse 0.9.1 → 0.10.0

package/dist/api/server.test.js

@@ -14,6 +14,7 @@ test("supports API_TOKEN env var and personal health route helpers", async () =>
     assert.equal(typeof runtime.createPublicConfigPayload, "function", "createPublicConfigPayload should be exported");
     assert.equal(typeof runtime.getDisplayHost, "function", "getDisplayHost should be exported");
     assert.equal(typeof runtime.assertAuthenticationConfigured, "function", "assertAuthenticationConfigured should be exported");
+    assert.equal(typeof runtime.setupSseCleanup, "function", "setupSseCleanup should be exported");
     const token = runtime.resolveApiToken({
         envToken: "personal-token",
         tokenPath: "/tmp/chapterhouse-api-token",
@@ -25,6 +26,10 @@ test("supports API_TOKEN env var and personal health route helpers", async () =>
         status: "ok",
         timestamp: "2026-05-06T00:00:00.000Z",
     });
+    assert.deepEqual(runtime.createHealthPayload(new Date("2026-05-06T00:00:00.000Z"), { fts5Ready: false }), {
+        status: "initializing",
+        timestamp: "2026-05-06T00:00:00.000Z",
+    });
     assert.deepEqual(runtime.createPublicConfigPayload({
         entraAuthEnabled: true,
         standaloneMode: false,
@@ -50,19 +55,51 @@ test("supports API_TOKEN env var and personal health route helpers", async () =>
         standalone: false,
         chatSseEnabled: true,
     });
-    assert.doesNotThrow(() => runtime.assertAuthenticationConfigured({
+    const assertAuthenticationConfigured = runtime.assertAuthenticationConfigured;
+    assert.doesNotThrow(() => assertAuthenticationConfigured({
         entraAuthEnabled: false,
         apiToken: null,
+        apiHost: "127.0.0.1",
     }));
-    assert.doesNotThrow(() => runtime.assertAuthenticationConfigured({
+    assert.throws(() => assertAuthenticationConfigured({
+        entraAuthEnabled: false,
+        apiToken: null,
+        apiHost: "0.0.0.0",
+    }), /Refusing to start without authentication on non-loopback bind 0\.0\.0\.0.*API_TOKEN.*Entra auth/s);
+    assert.doesNotThrow(() => assertAuthenticationConfigured({
         entraAuthEnabled: false,
         apiToken: "personal-token",
+        apiHost: "0.0.0.0",
     }));
-    assert.doesNotThrow(() => runtime.assertAuthenticationConfigured({
+    assert.doesNotThrow(() => assertAuthenticationConfigured({
         entraAuthEnabled: true,
         apiToken: null,
+        apiHost: "0.0.0.0",
     }));
 });
+test("setupSseCleanup cleans already-registered callbacks when setup throws", async () => {
+    const runtime = await import("./server-runtime.js");
+    const cleanupCalls = [];
+    const setupSseCleanup = runtime.setupSseCleanup;
+    assert.throws(() => setupSseCleanup((registerCleanup) => {
+        registerCleanup(() => cleanupCalls.push("heartbeat"));
+        registerCleanup(() => cleanupCalls.push("task-log"));
+        throw new Error("boom");
+    }), /boom/);
+    assert.deepEqual(cleanupCalls, ["task-log", "heartbeat"]);
+});
+test("setupSseCleanup only runs cleanup once after successful setup", async () => {
+    const runtime = await import("./server-runtime.js");
+    const cleanupCalls = [];
+    const setupSseCleanup = runtime.setupSseCleanup;
+    const cleanup = setupSseCleanup((registerCleanup) => {
+        registerCleanup(() => cleanupCalls.push("heartbeat"));
+        registerCleanup(() => cleanupCalls.push("task-log"));
+    });
+    cleanup();
+    cleanup();
+    assert.deepEqual(cleanupCalls, ["task-log", "heartbeat"]);
+});
 test("createPublicConfigPayload defaults chat SSE on when not explicitly provided", async () => {
     const runtime = await import("./server-runtime.js");
     assert.equal(typeof runtime.createPublicConfigPayload, "function", "createPublicConfigPayload should be exported");
@@ -219,7 +256,7 @@ async function withStartedServer(run, extraEnv = {}, timeoutMs = DEFAULT_API_SER
     const baseUrl = `http://127.0.0.1:${port}`;
     try {
         await waitForApiServerReady({ child, baseUrl, logs, timeoutMs });
-        await run({ baseUrl, authHeader: "Bearer route-token", testRoot });
+        await run({ baseUrl, authHeader: "Bearer route-token", testRoot, logs });
     }
     finally {
         await stopChild(child);
@@ -564,6 +601,44 @@ test("server returns 400 when PATCH /api/agents/:slug cannot parse malformed age
         assert.match((await response.json()).error, /^Invalid content:/);
     });
 });
+test("server rejects unknown fields in PATCH /api/agents/:slug", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        writeAgentFile(testRoot, "scribe", [
+            "---",
+            "name: Scribe",
+            "description: Drafts release notes",
+            "model: claude-sonnet-4.6",
+            "---",
+            "",
+            "Original system prompt.",
+        ].join("\n"));
+        const response = await fetch(`${baseUrl}/api/agents/scribe`, {
+            method: "PATCH",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ description: "Updated", slug: "scribe" }),
+        });
+        assert.equal(response.status, 400);
+        assert.match((await response.json()).error, /slug|unrecognized/i);
+    });
+});
+test("server honors CHAPTERHOUSE_JSON_LIMIT for request bodies", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader }) => {
+        const response = await fetch(`${baseUrl}/api/model`, {
+            method: "POST",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({ model: "x".repeat(2_000) }),
+        });
+        assert.equal(response.status, 413);
+    }, {
+        CHAPTERHOUSE_JSON_LIMIT: "1kb",
+    });
+});
 test("server returns 404 when confirming reload for an unknown agent", async () => {
     await withStartedServer(async ({ baseUrl, authHeader }) => {
         const response = await fetch(`${baseUrl}/api/agents/missing/reload-confirm`, {
@@ -574,8 +649,8 @@ test("server returns 404 when confirming reload for an unknown agent", async ()
         assert.match(await response.text(), /Agent not found/i);
     });
 });
-test("server runs in standalone mode without auth", async () => {
-    await withStartedServer(async ({ baseUrl }) => {
+test("server runs in standalone mode without auth on loopback and logs a warning", async () => {
+    await withStartedServer(async ({ baseUrl, logs }) => {
         const bootstrap = await fetch(`${baseUrl}/api/bootstrap`);
         assert.equal(bootstrap.status, 200);
         assert.deepEqual(await bootstrap.json(), { authMode: "standalone" });
@@ -590,10 +665,46 @@ test("server runs in standalone mode without auth", async () => {
         const model = await fetch(`${baseUrl}/api/model`);
         assert.equal(model.status, 200);
         assert.deepEqual(await model.json(), { model: "claude-sonnet-4.6" });
+        assert.match(logs.join(""), /Running without authentication on loopback/);
     }, {
         API_TOKEN: "",
+        LOG_LEVEL: "warn",
     }, STANDALONE_API_SERVER_STARTUP_TIMEOUT_MS);
 });
+test("server refuses standalone mode on non-loopback binds", async () => {
+    const testRoot = join(repoRoot, ".test-work", `server-routes-${process.pid}-${Date.now()}-${Math.random().toString(16).slice(2)}`);
+    mkdirSync(join(repoRoot, ".test-work"), { recursive: true });
+    rmSync(testRoot, { recursive: true, force: true });
+    mkdirSync(testRoot, { recursive: true });
+    const port = await getFreePort();
+    const logs = [];
+    const child = spawn(process.execPath, [
+        "--input-type=module",
+        "-e",
+        "import { startApiServer } from './dist/api/server.js'; await startApiServer();",
+    ], {
+        cwd: repoRoot,
+        env: {
+            ...Object.fromEntries(Object.entries(process.env).filter(([k]) => !k.startsWith("COPILOT_"))),
+            CHAPTERHOUSE_DISABLE_DOTENV: "1",
+            CHAPTERHOUSE_HOME: testRoot,
+            API_HOST: "0.0.0.0",
+            API_PORT: String(port),
+            API_TOKEN: "",
+            LOG_LEVEL: "warn",
+        },
+        stdio: ["ignore", "pipe", "pipe"],
+    });
+    child.stdout?.on("data", (chunk) => logs.push(String(chunk)));
+    child.stderr?.on("data", (chunk) => logs.push(String(chunk)));
+    const exitCode = await new Promise((resolve) => {
+        child.once("exit", (code) => resolve(code));
+    });
+    assert.equal(exitCode, 1);
+    assert.match(logs.join(""), /Refusing to start without authentication on non-loopback bind 0\.0\.0\.0/);
+    assert.match(logs.join(""), /Set API_TOKEN or configure Entra auth/);
+    rmSync(testRoot, { recursive: true, force: true });
+});
 test("server exposes the active memory scope API and requires auth", async () => {
     await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
         const unauthorized = await fetch(`${baseUrl}/api/memory/active-scope`);
@@ -774,6 +885,30 @@ test("POST /api/wiki/page/pin rejects path traversal slugs", async () => {
         assert.match(body.error ?? "", /unsafe wiki path/i);
     });
 });
+test("wiki explicit auth routes reject requests without a valid token", async () => {
+    await withStartedServer(async ({ baseUrl }) => {
+        const requests = [
+            fetch(`${baseUrl}/api/wiki/update`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ slug: "topics/auth-required", compiled_truth: "# Auth required" }),
+            }),
+            fetch(`${baseUrl}/api/wiki/ingest`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ path: "raw source" }),
+            }),
+            fetch(`${baseUrl}/api/wiki/search?q=chapterhouse`),
+            fetch(`${baseUrl}/api/wiki/page/pin`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ slug: "topics/auth-required", pinned: true }),
+            }),
+        ];
+        const responses = await Promise.all(requests);
+        assert.deepEqual(responses.map((response) => response.status), [401, 401, 401, 401]);
+    });
+});
 test("server worker detail returns the stored dispatched prompt", async () => {
     await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
         const db = new Database(join(testRoot, ".chapterhouse", "chapterhouse.db"));
@@ -804,7 +939,7 @@ test("server worker detail returns the stored dispatched prompt", async () => {
         assert.equal(body.completedAt, null);
     });
 });
-test("server session message hydration returns current run by default and include=all returns history", async () => {
+test("server session message hydration returns full history by default and include=current scopes to this run", async () => {
     await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
         const db = new Database(join(testRoot, ".chapterhouse", "chapterhouse.db"));
         try {
@@ -817,7 +952,15 @@ test("server session message hydration returns current run by default and includ
         finally {
             db.close();
         }
-        const currentOnly = await fetch(`${baseUrl}/api/session/hydration-session/messages`, {
+        const defaultHistory = await fetch(`${baseUrl}/api/session/hydration-session/messages`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(defaultHistory.status, 200);
+        assert.deepEqual((await defaultHistory.json()).messages.map((message) => message.content), [
+            "previous run",
+            "current run",
+        ]);
+        const currentOnly = await fetch(`${baseUrl}/api/session/hydration-session/messages?include=current`, {
             headers: { authorization: authHeader },
         });
         assert.equal(currentOnly.status, 200);
@@ -1152,6 +1295,59 @@ test("server projects create route rejects a duplicate slug", async () => {
         ]);
     }, {}, 60_000);
 });
+test("server projects create route rejects paths that do not exist or are not directories", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        const missingResponse = await fetch(`${baseUrl}/api/projects`, {
+            method: "POST",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                slug: "missing",
+                cwd: join(testRoot, "missing-project"),
+            }),
+        });
+        assert.equal(missingResponse.status, 400);
+        assert.deepEqual(await missingResponse.json(), { error: "Project cwd must exist and be a directory" });
+        const filePath = join(testRoot, "not-a-directory");
+        writeFileSync(filePath, "not a project", "utf-8");
+        const fileResponse = await fetch(`${baseUrl}/api/projects`, {
+            method: "POST",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                slug: "file-path",
+                cwd: filePath,
+            }),
+        });
+        assert.equal(fileResponse.status, 400);
+        assert.deepEqual(await fileResponse.json(), { error: "Project cwd must exist and be a directory" });
+        assert.deepEqual(readProjectRegistryRows(testRoot), []);
+    }, {}, 60_000);
+});
+test("server projects create route requires a team lead in team mode", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        const projectDir = join(testRoot, "team-project");
+        mkdirSync(projectDir, { recursive: true });
+        const response = await fetch(`${baseUrl}/api/projects`, {
+            method: "POST",
+            headers: {
+                authorization: authHeader,
+                "content-type": "application/json",
+            },
+            body: JSON.stringify({
+                slug: "team-project",
+                cwd: projectDir,
+            }),
+        });
+        assert.equal(response.status, 403);
+        assert.deepEqual(await response.json(), { error: "Forbidden" });
+        assert.deepEqual(readProjectRegistryRows(testRoot), []);
+    }, { CHAPTERHOUSE_MODE: "team" }, 60_000);
+});
 test("server projects delete route removes the registry entry and rules page", async () => {
     await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
         seedProjectRegistry(testRoot, {
@@ -1515,6 +1711,41 @@ test("GET /api/memory/:scope returns entries for a scope and 404 for unknown", a
         assert.deepEqual(await notFound.json(), { error: "Memory scope 'no-such-scope' not found" });
     });
 });
+test("GET /api/memory/:scope returns a cursor for additional pages", async () => {
+    await withStartedServer(async ({ baseUrl, authHeader, testRoot }) => {
+        const db = new Database(getProjectDbPath(testRoot));
+        try {
+            const scope = db.prepare(`SELECT id FROM mem_scopes WHERE slug = ?`).get("chapterhouse");
+            const insert = db.prepare(`
+        INSERT INTO mem_observations (scope_id, content, source, tier, created_at)
+        VALUES (?, ?, 'test', 'hot', ?)
+      `);
+            for (let i = 0; i < 105; i++) {
+                insert.run(scope.id, `Paginated observation ${i}`, `2026-05-15T00:${String(i).padStart(2, "0")}:00.000Z`);
+            }
+        }
+        finally {
+            db.close();
+        }
+        const first = await fetch(`${baseUrl}/api/memory/chapterhouse?store=observations&tier=hot`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(first.status, 200);
+        const firstBody = await first.json();
+        assert.equal(firstBody.entries.length, 100);
+        assert.ok(firstBody.total >= 105);
+        assert.ok(firstBody.nextCursor);
+        const second = await fetch(`${baseUrl}/api/memory/chapterhouse?store=observations&tier=hot&cursor=${encodeURIComponent(firstBody.nextCursor)}`, {
+            headers: { authorization: authHeader },
+        });
+        assert.equal(second.status, 200);
+        const secondBody = await second.json();
+        assert.ok(secondBody.entries.length >= 5);
+        assert.equal(secondBody.total, firstBody.total);
+        assert.equal(secondBody.nextCursor, undefined);
+        assert.ok(Math.max(...secondBody.entries.map((entry) => entry.id)) < Math.min(...firstBody.entries.map((entry) => entry.id)));
+    });
+});
 test("POST /api/memory/:scope/remember writes an observation or decision", async () => {
     await withStartedServer(async ({ baseUrl, authHeader }) => {
         const unauthorized = await fetch(`${baseUrl}/api/memory/chapterhouse/remember`, {

package/dist/api/sse-hub.js

@@ -0,0 +1,37 @@
+import { formatSseData } from "./sse.js";
+export const sseClients = new Map();
+export const pendingSseMessages = [];
+let connectionCounter = 0;
+export function nextSseConnectionId() {
+    connectionCounter += 1;
+    return `web-${connectionCounter}`;
+}
+export function broadcastSsePayload(payload) {
+    for (const [, client] of sseClients) {
+        client.res.write(formatSseData(payload));
+    }
+}
+export function associateSseClient(connectionId, sessionKey) {
+    const client = sseClients.get(connectionId);
+    if (client) {
+        client.sessionKey = sessionKey;
+    }
+}
+export function broadcastSsePayloadToSession(sessionKey, payload) {
+    for (const [, client] of sseClients) {
+        if (client.sessionKey === sessionKey) {
+            client.res.write(formatSseData(payload));
+        }
+    }
+}
+/** Broadcast a proactive message to all connected SSE clients (for background task completions). */
+export function broadcastToSSE(text) {
+    if (sseClients.size === 0) {
+        pendingSseMessages.push(text);
+        return;
+    }
+    for (const [, client] of sseClients) {
+        client.res.write(formatSseData({ type: "message", content: text }));
+    }
+}
+//# sourceMappingURL=sse-hub.js.map

package/dist/cli.js

@@ -72,7 +72,7 @@ switch (command) {
         const force = updateFlags.includes("--force");
         const refIdx = updateFlags.indexOf("--ref");
         const ref = refIdx !== -1 ? (updateFlags[refIdx + 1] ?? null) : null;
-        const { checkForUpdate, performUpdate, detectInstallSource, checkPreconditions, buildLegacyGitInstallCommand, } = await import("./update.js");
+        const { checkForUpdate, performUpdate, detectInstallSource, checkPreconditions, } = await import("./update.js");
         const source = detectInstallSource();
         // Precondition check (bypass with --force)
         if (!force) {