claudeck 1.0.0

package/server/routes/agents.js

@@ -0,0 +1,294 @@
+import { Router } from "express";
+import { readFile, writeFile } from "fs/promises";
+import { configPath } from "../paths.js";
+import { getAllAgentContext } from "../../db.js";
+
+const router = Router();
+
+async function readAgents() {
+  const data = await readFile(configPath("agents.json"), "utf-8");
+  return JSON.parse(data);
+}
+
+async function writeAgents(agents) {
+  await writeFile(configPath("agents.json"), JSON.stringify(agents, null, 2) + "\n");
+}
+
+async function readChains() {
+  try {
+    const data = await readFile(configPath("agent-chains.json"), "utf-8");
+    return JSON.parse(data);
+  } catch {
+    return [];
+  }
+}
+
+async function writeChains(chains) {
+  await writeFile(configPath("agent-chains.json"), JSON.stringify(chains, null, 2) + "\n");
+}
+
+async function readDags() {
+  try {
+    const data = await readFile(configPath("agent-dags.json"), "utf-8");
+    return JSON.parse(data);
+  } catch {
+    return [];
+  }
+}
+
+async function writeDags(dags) {
+  await writeFile(configPath("agent-dags.json"), JSON.stringify(dags, null, 2) + "\n");
+}
+
+function slugify(text) {
+  return text.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+}
+
+// ── Agent Context (shared memory) ──
+
+router.get("/context/:runId", (req, res) => {
+  try {
+    const rows = getAllAgentContext(req.params.runId);
+    res.json(rows);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Agent Chains CRUD (must come before /:id to avoid route conflict) ──
+
+router.get("/chains", async (req, res) => {
+  try {
+    res.json(await readChains());
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.get("/chains/:id", async (req, res) => {
+  try {
+    const chains = await readChains();
+    const chain = chains.find((c) => c.id === req.params.id);
+    if (!chain) return res.status(404).json({ error: "Chain not found" });
+    res.json(chain);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.post("/chains", async (req, res) => {
+  try {
+    const { title, description, agents: agentIds, contextPassing } = req.body;
+    if (!title || !agentIds?.length) {
+      return res.status(400).json({ error: "title and agents are required" });
+    }
+    const chains = await readChains();
+    const id = slugify(title);
+    if (chains.find((c) => c.id === id)) {
+      return res.status(409).json({ error: `Chain "${id}" already exists` });
+    }
+    const chain = {
+      id,
+      title,
+      description: description || "",
+      agents: agentIds,
+      contextPassing: contextPassing || "summary",
+    };
+    chains.push(chain);
+    await writeChains(chains);
+    res.json(chain);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.put("/chains/:id", async (req, res) => {
+  try {
+    const chains = await readChains();
+    const idx = chains.findIndex((c) => c.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "Chain not found" });
+    const { title, description, agents: agentIds, contextPassing } = req.body;
+    if (title !== undefined) chains[idx].title = title;
+    if (description !== undefined) chains[idx].description = description;
+    if (agentIds !== undefined) chains[idx].agents = agentIds;
+    if (contextPassing !== undefined) chains[idx].contextPassing = contextPassing;
+    await writeChains(chains);
+    res.json(chains[idx]);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.delete("/chains/:id", async (req, res) => {
+  try {
+    const chains = await readChains();
+    const idx = chains.findIndex((c) => c.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "Chain not found" });
+    chains.splice(idx, 1);
+    await writeChains(chains);
+    res.json({ ok: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Agent DAGs CRUD ──
+
+router.get("/dags", async (req, res) => {
+  try {
+    res.json(await readDags());
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.get("/dags/:id", async (req, res) => {
+  try {
+    const dags = await readDags();
+    const dag = dags.find((d) => d.id === req.params.id);
+    if (!dag) return res.status(404).json({ error: "DAG not found" });
+    res.json(dag);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.post("/dags", async (req, res) => {
+  try {
+    const { title, description, nodes, edges } = req.body;
+    if (!title || !nodes?.length) {
+      return res.status(400).json({ error: "title and nodes are required" });
+    }
+    const dags = await readDags();
+    const id = slugify(title);
+    if (dags.find((d) => d.id === id)) {
+      return res.status(409).json({ error: `DAG "${id}" already exists` });
+    }
+    const dag = { id, title, description: description || "", nodes, edges: edges || [] };
+    dags.push(dag);
+    await writeDags(dags);
+    res.json(dag);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.put("/dags/:id", async (req, res) => {
+  try {
+    const dags = await readDags();
+    const idx = dags.findIndex((d) => d.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "DAG not found" });
+    const { title, description, nodes, edges } = req.body;
+    if (title !== undefined) dags[idx].title = title;
+    if (description !== undefined) dags[idx].description = description;
+    if (nodes !== undefined) dags[idx].nodes = nodes;
+    if (edges !== undefined) dags[idx].edges = edges;
+    await writeDags(dags);
+    res.json(dags[idx]);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.delete("/dags/:id", async (req, res) => {
+  try {
+    const dags = await readDags();
+    const idx = dags.findIndex((d) => d.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "DAG not found" });
+    dags.splice(idx, 1);
+    await writeDags(dags);
+    res.json({ ok: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Agents CRUD ──
+
+router.get("/", async (req, res) => {
+  try {
+    res.json(await readAgents());
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.get("/:id", async (req, res) => {
+  try {
+    const agents = await readAgents();
+    const agent = agents.find((a) => a.id === req.params.id);
+    if (!agent) return res.status(404).json({ error: "Agent not found" });
+    res.json(agent);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.post("/", async (req, res) => {
+  try {
+    const { title, description, goal, icon, constraints } = req.body;
+    if (!title || !goal) {
+      return res.status(400).json({ error: "title and goal are required" });
+    }
+    const agents = await readAgents();
+    const id = req.body.id || slugify(title);
+    if (agents.find((a) => a.id === id)) {
+      return res.status(409).json({ error: `Agent with id "${id}" already exists` });
+    }
+    const agent = {
+      id,
+      title,
+      description: description || "",
+      icon: icon || "tool",
+      goal,
+      custom: true,
+      constraints: {
+        maxTurns: constraints?.maxTurns || 50,
+        timeoutMs: constraints?.timeoutMs || 300000,
+      },
+    };
+    agents.push(agent);
+    await writeAgents(agents);
+    res.json(agent);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.put("/:id", async (req, res) => {
+  try {
+    const agents = await readAgents();
+    const idx = agents.findIndex((a) => a.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "Agent not found" });
+    const { title, description, goal, icon, constraints } = req.body;
+    if (title !== undefined) agents[idx].title = title;
+    if (description !== undefined) agents[idx].description = description;
+    if (goal !== undefined) agents[idx].goal = goal;
+    if (icon !== undefined) agents[idx].icon = icon;
+    if (constraints) {
+      agents[idx].constraints = {
+        ...agents[idx].constraints,
+        ...constraints,
+      };
+    }
+    await writeAgents(agents);
+    res.json(agents[idx]);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+router.delete("/:id", async (req, res) => {
+  try {
+    const agents = await readAgents();
+    const idx = agents.findIndex((a) => a.id === req.params.id);
+    if (idx === -1) return res.status(404).json({ error: "Agent not found" });
+    agents.splice(idx, 1);
+    await writeAgents(agents);
+    res.json({ ok: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+export default router;

package/server/routes/bot.js

@@ -0,0 +1,45 @@
+import { Router } from "express";
+import { readFile, writeFile } from "fs/promises";
+import { configPath } from "../paths.js";
+
+const dataFile = configPath("bot-prompt.json");
+
+const DEFAULT_PROMPT = "You are an expert prompt engineer and AI assistant. Help users craft effective prompts, improve existing ones, and explain prompt engineering techniques. Be concise and actionable.";
+
+const router = Router();
+
+async function readPromptData() {
+  try {
+    const raw = await readFile(dataFile, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return { systemPrompt: DEFAULT_PROMPT };
+  }
+}
+
+// GET /prompt — return bot system prompt
+router.get("/prompt", async (req, res) => {
+  try {
+    const data = await readPromptData();
+    res.json(data);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// PUT /prompt — update bot system prompt
+router.put("/prompt", async (req, res) => {
+  try {
+    const { systemPrompt } = req.body;
+    if (typeof systemPrompt !== "string") {
+      return res.status(400).json({ error: "systemPrompt must be a string" });
+    }
+    const data = { systemPrompt };
+    await writeFile(dataFile, JSON.stringify(data, null, 2) + "\n");
+    res.json({ ok: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+export default router;

package/server/routes/exec.js

@@ -0,0 +1,35 @@
+import { Router } from "express";
+import { exec, execFile } from "child_process";
+import { homedir } from "os";
+
+const router = Router();
+
+router.post("/", (req, res) => {
+  const { command, cwd } = req.body;
+  if (!command) return res.status(400).json({ error: "command is required" });
+
+  const execOpts = {
+    cwd: cwd || homedir(),
+    timeout: 30000,
+    maxBuffer: 512 * 1024,
+  };
+
+  const callback = (err, stdout, stderr) => {
+    res.json({
+      command,
+      stdout: stdout || "",
+      stderr: stderr || "",
+      exitCode: err ? (err.code ?? 1) : 0,
+    });
+  };
+
+  // Use execFile for simple "binary ." commands to avoid shell escaping issues
+  const parts = command.split(/\s+/);
+  if (parts.length <= 2 && !command.includes("|") && !command.includes(">") && !command.includes("&")) {
+    execFile(parts[0], parts.slice(1), execOpts, callback);
+  } else {
+    exec(command, execOpts, callback);
+  }
+});
+
+export default router;

package/server/routes/files.js

@@ -0,0 +1,218 @@
+import { Router } from "express";
+import { readdir, readFile } from "fs/promises";
+import { join, posix, resolve, sep } from "path";
+
+const router = Router();
+
+// File listing for attachments (recursive, max depth 3)
+router.get("/", async (req, res) => {
+  const basePath = req.query.path;
+  if (!basePath) return res.status(400).json({ error: "path query param required" });
+
+  const SKIP = new Set([".git", "node_modules", ".next", "dist", "build", ".cache", ".turbo", "__pycache__", ".venv", "venv", "coverage", ".nyc_output"]);
+  const MAX_DEPTH = 3;
+  const MAX_FILES = 500;
+  const results = [];
+
+  async function walk(dir, depth) {
+    if (depth > MAX_DEPTH || results.length >= MAX_FILES) return;
+    try {
+      const entries = await readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (results.length >= MAX_FILES) break;
+        if (SKIP.has(entry.name)) continue;
+        const full = join(dir, entry.name);
+        const rel = full.slice(basePath.length + 1);
+        if (entry.isDirectory()) {
+          await walk(full, depth + 1);
+        } else {
+          results.push(rel);
+        }
+      }
+    } catch { /* permission errors etc */ }
+  }
+
+  try {
+    await walk(basePath, 0);
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Read file content for attachments (50KB limit)
+router.get("/content", async (req, res) => {
+  const base = req.query.base;
+  const filePath = req.query.path;
+  if (!base || !filePath) return res.status(400).json({ error: "base and path required" });
+
+  const resolved = resolve(base, filePath);
+  if (!resolved.startsWith(resolve(base) + sep) && resolved !== resolve(base)) return res.status(403).json({ error: "path traversal detected" });
+
+  try {
+    const { stat } = await import("fs/promises");
+    const stats = await stat(resolved);
+    if (stats.size > 50 * 1024) {
+      return res.status(413).json({ error: "File too large (50KB limit)" });
+    }
+    const content = await readFile(resolved, "utf-8");
+    res.json({ content, path: filePath });
+  } catch (err) {
+    res.status(404).json({ error: err.message });
+  }
+});
+
+// File tree (immediate children only, for lazy-loading explorer)
+router.get("/tree", async (req, res) => {
+  const base = req.query.base;
+  const dir = req.query.dir || "";
+  if (!base) return res.status(400).json({ error: "base query param required" });
+
+  const SKIP = new Set([".git", "node_modules", ".next", "dist", "build", ".cache", ".turbo", "__pycache__", ".venv", "venv", "coverage", ".nyc_output"]);
+
+  const target = dir ? resolve(base, dir) : resolve(base);
+  const resolvedBase = resolve(base);
+
+  // Path traversal protection
+  if (!target.startsWith(resolvedBase + sep) && target !== resolvedBase) {
+    return res.status(403).json({ error: "path traversal detected" });
+  }
+
+  try {
+    const entries = await readdir(target, { withFileTypes: true });
+    const results = [];
+
+    for (const entry of entries) {
+      if (SKIP.has(entry.name)) continue;
+      const relPath = dir ? posix.join(dir, entry.name) : entry.name;
+      results.push({
+        name: entry.name,
+        path: relPath,
+        type: entry.isDirectory() ? "dir" : "file",
+      });
+    }
+
+    // Sort: directories first, then alphabetical
+    results.sort((a, b) => {
+      if (a.type !== b.type) return a.type === "dir" ? -1 : 1;
+      return a.name.localeCompare(b.name);
+    });
+
+    res.json(results);
+  } catch (err) {
+    if (err.code === "ENOENT") {
+      return res.json([]);
+    }
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Serve raw binary files (images) with streaming
+const IMAGE_MIME = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".webp": "image/webp",
+};
+
+router.get("/raw", async (req, res) => {
+  const base = req.query.base;
+  const filePath = req.query.path;
+  if (!base || !filePath) return res.status(400).json({ error: "base and path required" });
+
+  const resolved = resolve(base, filePath);
+  if (!resolved.startsWith(resolve(base) + sep) && resolved !== resolve(base)) return res.status(403).json({ error: "path traversal detected" });
+
+  const ext = filePath.slice(filePath.lastIndexOf(".")).toLowerCase();
+  const mime = IMAGE_MIME[ext];
+  if (!mime) return res.status(415).json({ error: "unsupported file type" });
+
+  try {
+    const { stat } = await import("fs/promises");
+    const stats = await stat(resolved);
+    if (stats.size > 5 * 1024 * 1024) {
+      return res.status(413).json({ error: "File too large (5MB limit)" });
+    }
+    res.type(mime).sendFile(resolved);
+  } catch (err) {
+    res.status(404).json({ error: err.message });
+  }
+});
+
+// Search files/folders by name (recursive, LIKE %query%)
+router.get("/search", async (req, res) => {
+  const base = req.query.base;
+  const q = (req.query.q || "").toLowerCase();
+  if (!base) return res.status(400).json({ error: "base query param required" });
+  if (!q) return res.json([]);
+
+  const SKIP = new Set([".git", "node_modules", ".next", "dist", "build", ".cache", ".turbo", "__pycache__", ".venv", "venv", "coverage", ".nyc_output"]);
+  const MAX_DEPTH = 8;
+  const MAX_RESULTS = 50;
+  const results = [];
+
+  async function walk(dir, relDir, depth) {
+    if (depth > MAX_DEPTH || results.length >= MAX_RESULTS) return;
+    try {
+      const entries = await readdir(dir, { withFileTypes: true });
+      for (const entry of entries) {
+        if (results.length >= MAX_RESULTS) break;
+        if (SKIP.has(entry.name)) continue;
+
+        const relPath = relDir ? posix.join(relDir, entry.name) : entry.name;
+        const isDir = entry.isDirectory();
+
+        // Match name (case-insensitive, like SQL LIKE %q%)
+        if (entry.name.toLowerCase().includes(q)) {
+          results.push({ name: entry.name, path: relPath, type: isDir ? "dir" : "file" });
+        }
+
+        if (isDir) {
+          await walk(join(dir, entry.name), relPath, depth + 1);
+        }
+      }
+    } catch { /* permission errors */ }
+  }
+
+  try {
+    await walk(base, "", 0);
+    // Sort: directories first, then alphabetical
+    results.sort((a, b) => {
+      if (a.type !== b.type) return a.type === "dir" ? -1 : 1;
+      return a.name.localeCompare(b.name);
+    });
+    res.json(results);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Write file content (for CLAUDE.md editor etc.)
+router.put("/content", async (req, res) => {
+  const { base, path: filePath, content } = req.body;
+  if (!base || !filePath) return res.status(400).json({ error: "base and path required" });
+  if (typeof content !== "string") return res.status(400).json({ error: "content must be a string" });
+
+  const resolved = resolve(base, filePath);
+  if (!resolved.startsWith(resolve(base) + sep) && resolved !== resolve(base)) return res.status(403).json({ error: "path traversal detected" });
+
+  // Only allow writing specific config files for safety
+  const ALLOWED_FILES = new Set(["CLAUDE.md", ".claude/settings.json"]);
+  if (!ALLOWED_FILES.has(filePath)) {
+    return res.status(403).json({ error: "writing this file is not allowed" });
+  }
+
+  try {
+    const { writeFile, mkdir } = await import("fs/promises");
+    const { dirname } = await import("path");
+    await mkdir(dirname(resolved), { recursive: true });
+    await writeFile(resolved, content, "utf-8");
+    res.json({ ok: true, path: filePath });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+export default router;

package/server/routes/mcp.js

@@ -0,0 +1,82 @@
+import { Router } from "express";
+import { readFile, writeFile, mkdir } from "fs/promises";
+import { join, dirname, isAbsolute } from "path";
+import { homedir } from "os";
+
+const router = Router();
+
+const GLOBAL_SETTINGS = join(homedir(), ".claude", "settings.json");
+
+function getSettingsPath(projectPath) {
+  if (projectPath) {
+    if (!isAbsolute(projectPath) || projectPath.includes("..")) {
+      throw new Error("Invalid project path");
+    }
+    return join(projectPath, ".claude", "settings.json");
+  }
+  return GLOBAL_SETTINGS;
+}
+
+async function readSettings(settingsPath) {
+  try {
+    const content = await readFile(settingsPath, "utf-8");
+    return JSON.parse(content);
+  } catch (err) {
+    if (err.code === "ENOENT") return {};
+    throw err;
+  }
+}
+
+async function writeSettings(settingsPath, settings) {
+  await mkdir(dirname(settingsPath), { recursive: true });
+  await writeFile(settingsPath, JSON.stringify(settings, null, 2), "utf-8");
+}
+
+// List MCP servers (optional ?project=<path> for project-scoped)
+router.get("/servers", async (req, res) => {
+  try {
+    const settingsPath = getSettingsPath(req.query.project);
+    const settings = await readSettings(settingsPath);
+    res.json({ servers: settings.mcpServers || {} });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Create or update an MCP server
+router.put("/servers/:name", async (req, res) => {
+  try {
+    const { name } = req.params;
+    const config = req.body;
+    if (!config || typeof config !== "object") {
+      return res.status(400).json({ error: "Invalid config" });
+    }
+
+    const settingsPath = getSettingsPath(req.query.project);
+    const settings = await readSettings(settingsPath);
+    if (!settings.mcpServers) settings.mcpServers = {};
+    settings.mcpServers[name] = config;
+    await writeSettings(settingsPath, settings);
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// Delete an MCP server
+router.delete("/servers/:name", async (req, res) => {
+  try {
+    const { name } = req.params;
+    const settingsPath = getSettingsPath(req.query.project);
+    const settings = await readSettings(settingsPath);
+    if (settings.mcpServers) {
+      delete settings.mcpServers[name];
+      await writeSettings(settingsPath, settings);
+    }
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+export default router;