chapterhouse 0.9.2 → 0.10.0

package/dist/api/routes/wiki.js

@@ -0,0 +1,455 @@
+import { Router } from "express";
+import { statSync } from "fs";
+import { join } from "path";
+import { z } from "zod";
+import { OkResponseSchema, WikiBrowserPageListSchema, WikiDeleteResponseSchema, WikiLinksResponseSchema, WikiPageContentSchema, WikiPageDetailSchema, WikiPageListSchema, WikiPageUpdateResponseSchema, WikiPinResponseSchema, WikiResearchSessionsResponseSchema, WikiSourcesResponseSchema, WikiWriteResponseSchema, } from "../../shared/api-schemas.js";
+import { getDb } from "../../store/db.js";
+import { deletePage, ensureWikiStructure, assertPagePath, getWikiDir, listPages, pageExists, readPage, writePage } from "../../wiki/fs.js";
+import { parseWikiFrontmatter } from "../../wiki/frontmatter.js";
+import { ingestSource } from "../../wiki/ingest.js";
+import { parseIndex } from "../../wiki/index-manager.js";
+import { withWikiWrite } from "../../wiki/lock.js";
+import { normalizeWikiPath } from "../../wiki/path-utils.js";
+import { readWikiPage, teamWikiSync } from "../../wiki/team-sync.js";
+import { asBadRequest, BadRequestError, NotFoundError, parseRequest } from "../errors.js";
+import { listKorgResearchSessions } from "../korg.js";
+import { sendJson } from "../send-json.js";
+const requiredString = (message) => z.string({ error: message }).trim().min(1, message);
+const wikiWriteSchema = z.object({
+    content: z.string({ error: "Missing 'content' string in request body" }),
+}).strict();
+function createWikiPagePayload(path, content) {
+    const { parsed: frontmatter, body: renderedContent } = parseWikiFrontmatter(content);
+    return {
+        path,
+        content,
+        renderedContent,
+        frontmatter,
+    };
+}
+function coerceWikiPageUpdated(path, updated) {
+    const normalized = updated?.trim();
+    if (normalized) {
+        return normalized;
+    }
+    try {
+        return statSync(join(getWikiDir(), path)).mtime.toISOString();
+    }
+    catch {
+        return "unknown";
+    }
+}
+function wikiPathToBrowserSlug(path) {
+    return path.replace(/^pages\//, "").replace(/\.md$/, "");
+}
+function entityTypeFromPath(path) {
+    const rest = path.startsWith("pages/") ? path.slice("pages/".length) : path;
+    const segs = rest.split("/").filter(Boolean);
+    if (segs.length <= 1)
+        return (segs[0] || "pages").replace(/\.md$/i, "");
+    return segs[0];
+}
+function normalizeOptionalQueryParam(value) {
+    if (typeof value !== "string") {
+        return undefined;
+    }
+    const trimmed = value.trim();
+    return trimmed ? trimmed : undefined;
+}
+function matchesWikiBrowserFilters(page, filters) {
+    if (filters.type && page.type !== filters.type) {
+        return false;
+    }
+    if (!filters.q) {
+        return true;
+    }
+    const query = filters.q.toLowerCase();
+    return page.title.toLowerCase().includes(query) || page.summary.toLowerCase().includes(query);
+}
+function mapIndexEntryToBrowserPage(entry) {
+    return {
+        slug: wikiPathToBrowserSlug(entry.path),
+        title: entry.title,
+        summary: entry.summary,
+        type: entry.section,
+        last_updated: coerceWikiPageUpdated(entry.path, entry.updated),
+    };
+}
+function listFallbackWikiBrowserPages(filters) {
+    const entries = parseIndex();
+    const indexed = new Set(entries.map((entry) => entry.path));
+    const indexedResults = entries.map(mapIndexEntryToBrowserPage);
+    const orphanResults = listPages()
+        .filter((path) => !indexed.has(path))
+        .map((path) => ({
+        slug: wikiPathToBrowserSlug(path),
+        title: path,
+        summary: "",
+        type: "Unindexed",
+        last_updated: coerceWikiPageUpdated(path, undefined),
+    }));
+    return [...indexedResults, ...orphanResults].filter((page) => matchesWikiBrowserFilters(page, filters));
+}
+function listDbWikiBrowserPages(filters) {
+    const db = getDb();
+    const clauses = [];
+    const params = [];
+    if (filters.type) {
+        clauses.push("(entity_type = ? OR (entity_type IS NULL AND path LIKE ?))");
+        params.push(filters.type, `pages/${filters.type}/%`);
+    }
+    if (filters.q) {
+        clauses.push("(title LIKE ? COLLATE NOCASE OR COALESCE(summary, '') LIKE ? COLLATE NOCASE)");
+        params.push(`%${filters.q}%`, `%${filters.q}%`);
+    }
+    const rows = db.prepare(`
+    SELECT path, title, summary, entity_type, last_updated, pinned
+    FROM wiki_pages
+    ${clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : ""}
+    ORDER BY COALESCE(last_updated, '') DESC, title ASC
+  `).all(...params);
+    return rows.map((row) => ({
+        slug: wikiPathToBrowserSlug(row.path),
+        title: row.title,
+        summary: row.summary ?? "",
+        type: row.entity_type ?? entityTypeFromPath(row.path),
+        last_updated: coerceWikiPageUpdated(row.path, row.last_updated ?? undefined),
+        ...(row.pinned ? { pinned: true } : {}),
+    }));
+}
+function parseWikiSourcePages(value) {
+    if (!value) {
+        return [];
+    }
+    try {
+        const parsed = JSON.parse(value);
+        return Array.isArray(parsed)
+            ? parsed.filter((entry) => typeof entry === "string").map((entry) => normalizeWikiPath(entry))
+            : [];
+    }
+    catch {
+        return [];
+    }
+}
+function listWikiSources(page) {
+    const rows = getDb().prepare(`
+    SELECT source_type, origin, raw_path, pages_updated, status, session_id, ingested_at
+    FROM wiki_sources
+    ORDER BY ingested_at DESC, id ASC
+  `).all();
+    return rows
+        .filter((row) => !page || parseWikiSourcePages(row.pages_updated).includes(page))
+        .map((row) => ({
+        source_url: row.origin,
+        path: row.raw_path ?? undefined,
+        kind: row.source_type,
+        status: row.status,
+        session_id: row.session_id,
+        ingested_at: row.ingested_at,
+    }));
+}
+function wikiPathToSlug(path) {
+    const segments = normalizeWikiPath(path).split("/").filter(Boolean);
+    const file = segments[segments.length - 1] ?? path;
+    const base = file.endsWith(".md") ? file.slice(0, -3) : file;
+    if (base === "index" && segments.length >= 2) {
+        return segments[segments.length - 2] ?? base;
+    }
+    return base;
+}
+function listWikiLinks(page) {
+    const rows = page
+        ? getDb().prepare(`
+      SELECT from_page, to_page, link_type
+      FROM wiki_links
+      WHERE from_page = ? OR to_page = ?
+      ORDER BY from_page ASC, to_page ASC, link_type ASC
+    `).all(page, page)
+        : getDb().prepare(`
+      SELECT from_page, to_page, link_type
+      FROM wiki_links
+      ORDER BY from_page ASC, to_page ASC, link_type ASC
+    `).all();
+    return rows.map((row) => ({
+        source_slug: wikiPathToSlug(row.from_page),
+        target_slug: wikiPathToSlug(row.to_page),
+        link_type: row.link_type,
+        ...(page ? { direction: row.from_page === page ? "outgoing" : "incoming" } : {}),
+    }));
+}
+function readPathParam(req) {
+    const raw = req.query.path;
+    if (typeof raw !== "string" || !raw) {
+        throw new BadRequestError("Missing 'path' query param");
+    }
+    return raw;
+}
+function readOptionalPageFilter(req) {
+    const raw = req.query.page;
+    if (typeof raw !== "string" || !raw.trim()) {
+        return undefined;
+    }
+    return normalizeWikiPath(raw.trim());
+}
+function assertValidPagePath(path) {
+    try {
+        assertPagePath(path);
+        return path;
+    }
+    catch (error) {
+        asBadRequest(error);
+    }
+}
+function getEmptyWikiWelcomeContent(today = new Date()) {
+    return `---
+title: Wiki
+summary: Empty wiki — get started.
+updated: ${today.toISOString().slice(0, 10)}
+---
+
+# Wiki
+
+Your wiki is empty. Pages are organized by category — projects, people, tools, topics, areas, orgs, facts, preferences, routines.
+
+Create your first page via the wiki UI or by editing files under \`pages/\`.
+`;
+}
+export function createWikiRouter(options) {
+    const { authMiddleware, modeContext } = options;
+    const router = Router();
+    function getWikiPageScope(path) {
+        return modeContext.canSyncTeamWiki() && teamWikiSync.isTeamPath(path) ? "team" : "personal";
+    }
+    router.get("/api/wiki/pages", async (req, res) => {
+        ensureWikiStructure();
+        // Sync team wiki pages if connected, using the caller's auth token
+        if (modeContext.canSyncTeamWiki() && teamWikiSync.isEnabled()) {
+            const authorizationHeader = typeof req.headers.authorization === "string"
+                ? req.headers.authorization
+                : undefined;
+            try {
+                await teamWikiSync.syncAll({ authorizationHeader });
+            }
+            catch {
+                // Non-fatal: list local pages even if team sync fails
+            }
+        }
+        const entries = parseIndex();
+        // Index entries first (rich metadata), then any pages on disk that aren't yet indexed.
+        const indexed = new Set(entries.map((e) => e.path));
+        const indexedResults = entries.map((e) => ({
+            path: e.path,
+            title: e.title,
+            summary: e.summary,
+            section: e.section,
+            tags: e.tags || [],
+            updated: coerceWikiPageUpdated(e.path, e.updated),
+            scope: getWikiPageScope(e.path),
+        }));
+        const orphanResults = listPages()
+            .filter((p) => !indexed.has(p))
+            .map((p) => ({
+            path: p,
+            title: p,
+            summary: "",
+            section: "Unindexed",
+            tags: [],
+            updated: coerceWikiPageUpdated(p, undefined),
+            scope: getWikiPageScope(p),
+        }));
+        sendJson(res, WikiPageListSchema, [...indexedResults, ...orphanResults]);
+    });
+    router.get("/api/wiki/browser-pages", async (req, res) => {
+        ensureWikiStructure();
+        const filters = {
+            q: normalizeOptionalQueryParam(req.query.q),
+            type: normalizeOptionalQueryParam(req.query.type),
+        };
+        const db = getDb();
+        const { count } = db.prepare("SELECT COUNT(*) AS count FROM wiki_pages").get();
+        const pages = count > 0
+            ? listDbWikiBrowserPages(filters)
+            : listFallbackWikiBrowserPages(filters);
+        sendJson(res, WikiBrowserPageListSchema, { pages });
+    });
+    router.get("/api/wiki/sources", async (req, res) => {
+        ensureWikiStructure();
+        sendJson(res, WikiSourcesResponseSchema, { sources: listWikiSources(readOptionalPageFilter(req)) });
+    });
+    router.get("/api/wiki/links", async (req, res) => {
+        ensureWikiStructure();
+        sendJson(res, WikiLinksResponseSchema, { links: listWikiLinks(readOptionalPageFilter(req)) });
+    });
+    router.get("/api/wiki/page", async (req, res) => {
+        const slugParam = normalizeOptionalQueryParam(req.query.slug);
+        if (slugParam) {
+            const path = `pages/${slugParam}.md`;
+            assertValidPagePath(path);
+            const db = getDb();
+            const row = db.prepare("SELECT title, entity_type, last_updated, pinned FROM wiki_pages WHERE path = ?").get(path);
+            const authorizationHeader = typeof req.headers.authorization === "string"
+                ? req.headers.authorization
+                : undefined;
+            const rawContent = await readWikiPage(path, { authorizationHeader });
+            if (rawContent === undefined) {
+                throw new NotFoundError("Page not found");
+            }
+            const { parsed: frontmatter } = parseWikiFrontmatter(rawContent);
+            sendJson(res, WikiPageDetailSchema, {
+                page: {
+                    slug: slugParam,
+                    title: row?.title ?? slugParam,
+                    type: row?.entity_type ?? "topics",
+                    last_updated: row?.last_updated ?? coerceWikiPageUpdated(path, undefined),
+                    compiled_truth: rawContent,
+                    pinned: Boolean(row?.pinned),
+                    frontmatter,
+                },
+            });
+            return;
+        }
+        const path = assertValidPagePath(readPathParam(req));
+        const authorizationHeader = typeof req.headers.authorization === "string"
+            ? req.headers.authorization
+            : undefined;
+        const content = await readWikiPage(path, { authorizationHeader });
+        if (content === undefined) {
+            if (path === "pages/index.md") {
+                sendJson(res, WikiPageContentSchema, createWikiPagePayload(path, getEmptyWikiWelcomeContent()));
+                return;
+            }
+            throw new NotFoundError("Page not found");
+        }
+        sendJson(res, WikiPageContentSchema, createWikiPagePayload(path, content));
+    });
+    router.put("/api/wiki/page", async (req, res) => {
+        const path = assertValidPagePath(readPathParam(req));
+        const { content } = parseRequest(wikiWriteSchema, req.body);
+        const created = await withWikiWrite(() => {
+            const isCreated = !pageExists(path);
+            writePage(path, content);
+            return isCreated;
+        });
+        sendJson(res, WikiWriteResponseSchema, { ok: true, created, path });
+    });
+    const wikiUpdateSchema = z.object({
+        slug: requiredString("Missing 'slug' in request body"),
+        compiled_truth: z.string().optional(),
+        frontmatter: z.record(z.string(), z.unknown()).optional(),
+    });
+    router.post("/api/wiki/update", authMiddleware, async (req, res) => {
+        const { slug, compiled_truth, frontmatter: newFrontmatter } = parseRequest(wikiUpdateSchema, req.body);
+        const path = assertValidPagePath(`pages/${slug}.md`);
+        let finalContent = compiled_truth;
+        if (newFrontmatter !== undefined) {
+            const existing = readPage(path);
+            const base = finalContent ?? existing ?? "";
+            const { parsed: existingFrontmatter, body } = parseWikiFrontmatter(base);
+            const merged = { ...existingFrontmatter, ...newFrontmatter };
+            const fmLines = Object.entries(merged).map(([k, v]) => `${k}: ${JSON.stringify(v)}`).join("\n");
+            finalContent = `---\n${fmLines}\n---\n${body}`;
+        }
+        if (finalContent !== undefined) {
+            await withWikiWrite(() => writePage(path, finalContent));
+        }
+        const db = getDb();
+        const row = db.prepare("SELECT title, entity_type, last_updated, pinned FROM wiki_pages WHERE path = ?").get(path);
+        const content = readPage(path) ?? finalContent ?? "";
+        const { parsed: frontmatter } = parseWikiFrontmatter(content);
+        sendJson(res, WikiPageUpdateResponseSchema, {
+            ok: true,
+            page: {
+                slug,
+                title: row?.title ?? slug,
+                type: row?.entity_type ?? "topics",
+                last_updated: row?.last_updated ?? coerceWikiPageUpdated(path, undefined),
+                compiled_truth: content,
+                pinned: Boolean(row?.pinned),
+                frontmatter,
+            },
+        });
+    });
+    const wikiPinSchema = z.object({
+        slug: requiredString("Missing 'slug' in request body"),
+        pinned: z.boolean({ error: "Missing 'pinned' in request body" }),
+    });
+    router.post("/api/wiki/page/pin", authMiddleware, async (req, res) => {
+        const { slug, pinned } = parseRequest(wikiPinSchema, req.body);
+        const path = assertValidPagePath(`pages/${slug}.md`);
+        const db = getDb();
+        db.prepare("UPDATE wiki_pages SET pinned = ? WHERE path = ?").run(pinned ? 1 : 0, path);
+        sendJson(res, WikiPinResponseSchema, { ok: true, pinned: Boolean(pinned) });
+    });
+    router.delete("/api/wiki/page", async (req, res) => {
+        const path = assertValidPagePath(readPathParam(req));
+        const removed = await withWikiWrite(() => deletePage(path));
+        sendJson(res, WikiDeleteResponseSchema, { ok: removed, path });
+    });
+    router.get("/api/wiki/korg/sessions", authMiddleware, (_req, res) => {
+        sendJson(res, WikiResearchSessionsResponseSchema, { sessions: listKorgResearchSessions(getDb()) });
+    });
+    const wikiIngestSchema = z.object({
+        source_url: z.string().optional(),
+        path: z.string().optional(),
+        topic: z.string().optional(),
+    });
+    router.post("/api/wiki/ingest", authMiddleware, async (req, res) => {
+        const { source_url, path: ingestPath, topic } = parseRequest(wikiIngestSchema, req.body ?? {});
+        const source = source_url ?? ingestPath;
+        if (!source) {
+            throw new BadRequestError("Missing 'source_url' or 'path' in request body");
+        }
+        const type = source_url ? "url" : "text";
+        await withWikiWrite(() => ingestSource(source, type, topic));
+        sendJson(res, OkResponseSchema, { ok: true });
+    });
+    router.get("/api/wiki/search", authMiddleware, async (req, res) => {
+        ensureWikiStructure();
+        const q = normalizeOptionalQueryParam(req.query.q);
+        const type = normalizeOptionalQueryParam(req.query.type);
+        const db = getDb();
+        let rows;
+        try {
+            const clauses = ["wiki_pages_fts MATCH ?"];
+            const params = [q ? `${q}*` : "*"];
+            if (type) {
+                clauses.push("entity_type = ?");
+                params.push(type);
+            }
+            rows = db.prepare(`
+      SELECT path, title, entity_type, last_updated
+      FROM wiki_pages_fts
+      WHERE ${clauses.join(" AND ")}
+      ORDER BY rank
+      LIMIT 50
+    `).all(...params);
+        }
+        catch {
+            const clauses = [];
+            const params = [];
+            if (q) {
+                clauses.push("title LIKE ? COLLATE NOCASE");
+                params.push(`%${q}%`);
+            }
+            if (type) {
+                clauses.push("entity_type = ?");
+                params.push(type);
+            }
+            rows = db.prepare(`
+      SELECT path, title, entity_type, last_updated
+      FROM wiki_pages
+      ${clauses.length > 0 ? `WHERE ${clauses.join(" AND ")}` : ""}
+      LIMIT 50
+    `).all(...params);
+        }
+        const pages = rows.map((row) => ({
+            slug: wikiPathToBrowserSlug(row.path),
+            title: row.title,
+            type: row.entity_type ?? "topics",
+            last_updated: coerceWikiPageUpdated(row.path, row.last_updated ?? undefined),
+        }));
+        sendJson(res, WikiBrowserPageListSchema, { pages });
+    });
+    return router;
+}
+//# sourceMappingURL=wiki.js.map

package/dist/api/routes/wiki.test.js

@@ -0,0 +1,49 @@
+import assert from "node:assert/strict";
+import express from "express";
+import test from "node:test";
+import { createWikiRouter } from "./wiki.js";
+import { config } from "../../config.js";
+import { ModeContext } from "../../mode-context.js";
+test("wiki explicit auth routes are guarded when mounted without global auth", async () => {
+    const authMiddleware = (_req, res) => {
+        res.status(401).json({ error: "missing token" });
+    };
+    const app = express();
+    app.use(express.json());
+    app.use(createWikiRouter({
+        authMiddleware,
+        modeContext: new ModeContext(config),
+    }));
+    const server = app.listen(0, "127.0.0.1");
+    await new Promise((resolve) => server.once("listening", resolve));
+    const address = server.address();
+    assert.ok(address && typeof address === "object");
+    const baseUrl = `http://127.0.0.1:${address.port}`;
+    try {
+        const responses = await Promise.all([
+            fetch(`${baseUrl}/api/wiki/update`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ slug: "topics/auth-required", compiled_truth: "# Auth required" }),
+            }),
+            fetch(`${baseUrl}/api/wiki/ingest`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ path: "raw source" }),
+            }),
+            fetch(`${baseUrl}/api/wiki/search?q=chapterhouse`),
+            fetch(`${baseUrl}/api/wiki/page/pin`, {
+                method: "POST",
+                headers: { "content-type": "application/json" },
+                body: JSON.stringify({ slug: "topics/auth-required", pinned: true }),
+            }),
+        ]);
+        assert.deepEqual(responses.map((response) => response.status), [401, 401, 401, 401]);
+    }
+    finally {
+        await new Promise((resolve, reject) => {
+            server.close((error) => (error ? reject(error) : resolve()));
+        });
+    }
+});
+//# sourceMappingURL=wiki.test.js.map

package/dist/api/send-json.js

@@ -0,0 +1,16 @@
+import { config } from "../config.js";
+import { childLogger } from "../util/logger.js";
+const log = childLogger("api.send-json");
+export function sendJson(res, schema, payload) {
+    const parsed = schema.safeParse(payload);
+    if (!parsed.success) {
+        const message = `Invalid API response payload: ${parsed.error.message}`;
+        if (!config.isProduction) {
+            throw new Error(message);
+        }
+        log.warn({ err: parsed.error.message }, "Invalid API response payload");
+        return res.json(payload);
+    }
+    return res.json(parsed.data);
+}
+//# sourceMappingURL=send-json.js.map

package/dist/api/send-json.test.js

@@ -0,0 +1,18 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+import { z } from "zod";
+test("sendJson validates payloads against shared schemas before responding", async () => {
+    const { sendJson } = await import("./send-json.js");
+    const writes = [];
+    const response = {
+        json(payload) {
+            writes.push(payload);
+            return this;
+        },
+    };
+    const schema = z.object({ ok: z.literal(true) });
+    sendJson(response, schema, { ok: true });
+    assert.deepEqual(writes, [{ ok: true }]);
+    assert.throws(() => sendJson(response, schema, { ok: false }), /Invalid API response payload/);
+});
+//# sourceMappingURL=send-json.test.js.map

package/dist/api/server-runtime.js

@@ -10,12 +10,24 @@ export function resolveApiToken({ envToken, tokenPath, exists = existsSync, read
     }
     return null;
 }
+function isLoopbackBindHost(host) {
+    const normalizedHost = host.trim().toLowerCase();
+    return normalizedHost === "127.0.0.1" || normalizedHost === "::1" || normalizedHost === "localhost";
+}
 export function assertAuthenticationConfigured(options) {
-    void options;
+    if (options.entraAuthEnabled || options.apiToken) {
+        return;
+    }
+    if (isLoopbackBindHost(options.apiHost)) {
+        return;
+    }
+    throw new Error(`Refusing to start without authentication on non-loopback bind ${options.apiHost}. `
+        + "Set API_TOKEN or configure Entra auth (ENTRA_AUTH_ENABLED=true with ENTRA_TENANT_ID and ENTRA_CLIENT_ID), "
+        + "or bind API_HOST to 127.0.0.1, ::1, or localhost for standalone local use.");
 }
-export function createHealthPayload(now = new Date()) {
+export function createHealthPayload(now = new Date(), options = {}) {
     return {
-        status: "ok",
+        status: options.fts5Ready === false ? "initializing" : "ok",
         timestamp: now.toISOString(),
     };
 }
@@ -46,4 +58,34 @@ export function shouldServeSpaPath(pathname) {
 export function getDisplayHost(host) {
     return host === "0.0.0.0" || host === "::" || host === "127.0.0.1" || host === "::1" ? "localhost" : host;
 }
+export function setupSseCleanup(setup) {
+    const cleanups = [];
+    let cleaned = false;
+    const cleanup = () => {
+        if (cleaned)
+            return;
+        cleaned = true;
+        for (let i = cleanups.length - 1; i >= 0; i--) {
+            try {
+                cleanups[i]?.();
+            }
+            catch {
+                // Best-effort cleanup should never mask the original SSE failure path.
+            }
+        }
+    };
+    let setupComplete = false;
+    try {
+        setup((fn) => {
+            if (fn)
+                cleanups.push(fn);
+        }, cleanup);
+        setupComplete = true;
+        return cleanup;
+    }
+    finally {
+        if (!setupComplete)
+            cleanup();
+    }
+}
 //# sourceMappingURL=server-runtime.js.map