claudeck 1.3.1 → 1.4.1

package/server/routes/marketplace.js

@@ -0,0 +1,316 @@
+// Marketplace routes — fetch community plugin registry, install/uninstall plugins
+import { Router } from "express";
+import { join } from "path";
+import { existsSync, mkdirSync, rmSync, readdirSync, readFileSync, writeFileSync, statSync } from "fs";
+import { pathToFileURL } from "url";
+import { userPluginsDir, userConfigDir, packageRoot } from "../paths.js";
+
+const router = Router();
+
+// Reference to Express app (set during mount for hot-mounting plugin server routes)
+let _app = null;
+export function setApp(app) { _app = app; }
+
+// Track hot-mounted plugin routers so we can swap/remove them on uninstall
+const mountedPluginRouters = new Map();
+
+// ── Config ──────────────────────────────────────────────────
+const MARKETPLACE_REPO = "hamedafarag/claudeck-marketplace";
+const MARKETPLACE_BRANCH = "main";
+const MARKETPLACE_FILE = "marketplace.json";
+const CACHE_TTL = 5 * 60 * 1000; // 5 minutes
+
+let registryCache = null;
+let registryCacheTime = 0;
+
+// ── GET /api/marketplace — fetch registry ───────────────────
+router.get("/", async (req, res) => {
+  try {
+    const now = Date.now();
+    const force = req.query.refresh === "true";
+
+    if (!force && registryCache && now - registryCacheTime < CACHE_TTL) {
+      return res.json(enrichRegistry(registryCache));
+    }
+
+    const url = `https://raw.githubusercontent.com/${MARKETPLACE_REPO}/${MARKETPLACE_BRANCH}/${MARKETPLACE_FILE}`;
+    const resp = await fetch(url);
+    if (!resp.ok) {
+      // Return cached data if available, empty otherwise
+      if (registryCache) return res.json(enrichRegistry(registryCache));
+      return res.json({ name: "claudeck-marketplace", version: "0.0.0", plugins: [] });
+    }
+
+    registryCache = await resp.json();
+    registryCacheTime = now;
+    res.json(enrichRegistry(registryCache));
+  } catch (err) {
+    console.error("Marketplace fetch error:", err.message);
+    if (registryCache) return res.json(enrichRegistry(registryCache));
+    res.json({ name: "claudeck-marketplace", version: "0.0.0", plugins: [] });
+  }
+});
+
+// ── GET /api/marketplace/installed — list installed community plugins ──
+router.get("/installed", (req, res) => {
+  const installed = [];
+  if (!existsSync(userPluginsDir)) return res.json(installed);
+
+  for (const name of readdirSync(userPluginsDir)) {
+    const dir = join(userPluginsDir, name);
+    if (!statSync(dir).isDirectory()) continue;
+    const manifestPath = join(dir, "manifest.json");
+    if (!existsSync(manifestPath)) continue;
+    try {
+      const manifest = JSON.parse(readFileSync(manifestPath, "utf8"));
+      // Only list community plugins (those with _marketplace marker)
+      const metaPath = join(dir, ".marketplace");
+      if (existsSync(metaPath)) {
+        const meta = JSON.parse(readFileSync(metaPath, "utf8"));
+        installed.push({ ...manifest, installedFrom: meta.source, installedAt: meta.installedAt });
+      }
+    } catch {}
+  }
+  res.json(installed);
+});
+
+// Validate plugin ID to prevent path traversal
+const SAFE_ID = /^[a-z0-9][a-z0-9-]*$/;
+
+// ── POST /api/marketplace/install — install a community plugin ──
+router.post("/install", async (req, res) => {
+  const { id, repo, source } = req.body;
+  if (!id) return res.status(400).json({ error: "Plugin id required" });
+  if (!SAFE_ID.test(id)) return res.status(400).json({ error: "Invalid plugin id" });
+
+  const pluginDir = join(userPluginsDir, id);
+
+  try {
+    // Determine download source
+    let downloadUrl;
+    let isMonorepo = false;
+
+    if (source && source.startsWith("./")) {
+      // Monorepo plugin — download from marketplace repo subdirectory
+      isMonorepo = true;
+      downloadUrl = `https://api.github.com/repos/${MARKETPLACE_REPO}/tarball/${MARKETPLACE_BRANCH}`;
+    } else if (repo) {
+      // External repo — download tarball
+      downloadUrl = `https://api.github.com/repos/${repo}/tarball`;
+    } else {
+      return res.status(400).json({ error: "Plugin must have 'repo' or 'source'" });
+    }
+
+    // Download tarball
+    const resp = await fetch(downloadUrl, {
+      headers: { "Accept": "application/vnd.github+json", "User-Agent": "claudeck" },
+      redirect: "follow",
+    });
+    if (!resp.ok) {
+      return res.status(502).json({ error: `GitHub download failed: ${resp.status} ${resp.statusText}` });
+    }
+
+    // Write tarball to temp file
+    const tmpTar = join(userPluginsDir, `_tmp_${id}.tar.gz`);
+    const tmpDir = join(userPluginsDir, `_tmp_${id}`);
+    const buffer = Buffer.from(await resp.arrayBuffer());
+    writeFileSync(tmpTar, buffer);
+
+    // Extract tarball
+    mkdirSync(tmpDir, { recursive: true });
+    const { execSync } = await import("child_process");
+    execSync(`tar -xzf "${tmpTar}" -C "${tmpDir}" --no-same-owner --no-same-permissions`, { stdio: "pipe" });
+
+    // Find extracted content (tarball has a root dir like owner-repo-sha/)
+    const extracted = readdirSync(tmpDir);
+    const rootDir = extracted.length === 1 ? join(tmpDir, extracted[0]) : tmpDir;
+
+    // Determine source directory within extracted content
+    let sourceDir;
+    if (isMonorepo) {
+      // For monorepo plugins, navigate to the plugin subdirectory
+      const subPath = source.replace("./", "");
+      sourceDir = join(rootDir, subPath);
+      if (!existsSync(sourceDir) || !existsSync(join(sourceDir, "client.js"))) {
+        // Cleanup
+        rmSync(tmpTar, { force: true });
+        rmSync(tmpDir, { recursive: true, force: true });
+        return res.status(404).json({ error: `Plugin directory not found in marketplace repo: ${subPath}` });
+      }
+    } else {
+      // External repo — root is the plugin
+      sourceDir = rootDir;
+      if (!existsSync(join(sourceDir, "client.js"))) {
+        rmSync(tmpTar, { force: true });
+        rmSync(tmpDir, { recursive: true, force: true });
+        return res.status(400).json({ error: "Plugin repo must contain client.js at root" });
+      }
+    }
+
+    // Remove old installation if exists
+    if (existsSync(pluginDir)) {
+      rmSync(pluginDir, { recursive: true, force: true });
+    }
+
+    // Move plugin to final location
+    const { cpSync } = await import("fs");
+    cpSync(sourceDir, pluginDir, { recursive: true });
+
+    // Patch server.js imports: rewrite relative db.js imports to absolute path
+    const serverFilePath = join(pluginDir, "server.js");
+    if (existsSync(serverFilePath)) {
+      try {
+        let code = readFileSync(serverFilePath, "utf8");
+        const dbAbsolute = pathToFileURL(join(packageRoot, "db.js")).href;
+        // Replace relative imports like ../../db.js, ../db.js, etc.
+        code = code.replace(
+          /from\s+["'](?:\.\.\/)+db\.js["']/g,
+          `from "${dbAbsolute}"`
+        );
+        writeFileSync(serverFilePath, code);
+      } catch (err) {
+        console.warn(`Could not patch server.js imports for ${id}:`, err.message);
+      }
+    }
+
+    // Write marketplace metadata
+    writeFileSync(join(pluginDir, ".marketplace"), JSON.stringify({
+      source: repo || source,
+      installedAt: new Date().toISOString(),
+      marketplace: MARKETPLACE_REPO,
+    }));
+
+    // Copy default config if plugin ships one
+    const configSrc = join(pluginDir, "config.json");
+    const configDst = join(userConfigDir, `${id}-config.json`);
+    if (existsSync(configSrc) && !existsSync(configDst)) {
+      const { copyFileSync } = await import("fs");
+      copyFileSync(configSrc, configDst);
+    }
+
+    // Cleanup temp files
+    rmSync(tmpTar, { force: true });
+    rmSync(tmpDir, { recursive: true, force: true });
+
+    // Read installed manifest
+    const manifestPath = join(pluginDir, "manifest.json");
+    let manifest = null;
+    if (existsSync(manifestPath)) {
+      try { manifest = JSON.parse(readFileSync(manifestPath, "utf8")); } catch {}
+    }
+
+    // Hot-mount server routes if plugin has server.js and app is available
+    let serverMounted = false;
+    const serverFile = join(pluginDir, "server.js");
+    if (_app && existsSync(serverFile)) {
+      const allowUserServer = process.env.CLAUDECK_USER_SERVER_PLUGINS === "true";
+      if (allowUserServer) {
+        try {
+          // Use cache-busting query to force re-import on reinstall
+          const mod = await import(pathToFileURL(serverFile).href + `?t=${Date.now()}`);
+
+          // If already mounted, swap the inner handler; otherwise mount a wrapper
+          if (mountedPluginRouters.has(id)) {
+            mountedPluginRouters.get(id).inner = mod.default;
+          } else {
+            const wrapper = { inner: mod.default };
+            const wrapperRouter = Router();
+            wrapperRouter.use((req, res, next) => {
+              if (wrapper.inner) wrapper.inner(req, res, next);
+              else next();
+            });
+            _app.use(`/api/plugins/${id}`, wrapperRouter);
+            mountedPluginRouters.set(id, wrapper);
+          }
+          serverMounted = true;
+          console.log(`Hot-mounted plugin routes: /api/plugins/${id}`);
+        } catch (err) {
+          console.error(`Failed to hot-mount plugin server: ${id}`, err.message);
+        }
+      }
+    }
+
+    res.json({ ok: true, id, manifest, serverMounted });
+  } catch (err) {
+    // Cleanup on error
+    const tmpTar = join(userPluginsDir, `_tmp_${id}.tar.gz`);
+    const tmpDir = join(userPluginsDir, `_tmp_${id}`);
+    rmSync(tmpTar, { force: true });
+    rmSync(tmpDir, { recursive: true, force: true });
+    console.error(`Marketplace install error (${id}):`, err.message);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── POST /api/marketplace/uninstall — remove a community plugin ──
+router.post("/uninstall", (req, res) => {
+  const { id } = req.body;
+  if (!id) return res.status(400).json({ error: "Plugin id required" });
+  if (!SAFE_ID.test(id)) return res.status(400).json({ error: "Invalid plugin id" });
+
+  const pluginDir = join(userPluginsDir, id);
+  const marketplaceMeta = join(pluginDir, ".marketplace");
+
+  // Only allow uninstalling community plugins (has .marketplace marker)
+  if (!existsSync(marketplaceMeta)) {
+    return res.status(400).json({ error: "Plugin is not a community plugin or not installed" });
+  }
+
+  try {
+    rmSync(pluginDir, { recursive: true, force: true });
+
+    // Disable hot-mounted server routes (wrapper stays but inner is nulled)
+    if (mountedPluginRouters.has(id)) {
+      mountedPluginRouters.get(id).inner = null;
+      console.log(`Disabled plugin routes: /api/plugins/${id}`);
+    }
+
+    res.json({ ok: true, id });
+  } catch (err) {
+    console.error(`Marketplace uninstall error (${id}):`, err.message);
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ── Helpers ─────────────────────────────────────────────────
+
+/** Enrich registry with installation status and built-in detection */
+function enrichRegistry(registry) {
+  const builtinDir = join(packageRoot, "plugins");
+  const enriched = { ...registry, plugins: [] };
+  for (const plugin of registry.plugins || []) {
+    // Check if this plugin ships as a built-in
+    const isBuiltin = existsSync(join(builtinDir, plugin.id, "client.js"));
+
+    const dir = join(userPluginsDir, plugin.id);
+    const installed = existsSync(join(dir, ".marketplace"));
+    let installedVersion = null;
+    if (installed) {
+      const mPath = join(dir, "manifest.json");
+      if (existsSync(mPath)) {
+        try { installedVersion = JSON.parse(readFileSync(mPath, "utf8")).version; } catch {}
+      }
+    }
+    enriched.plugins.push({
+      ...plugin,
+      isBuiltin,
+      installed,
+      installedVersion,
+      updateAvailable: installed && installedVersion && semverNewer(plugin.version, installedVersion),
+    });
+  }
+  return enriched;
+}
+
+/** Return true if `a` is strictly newer than `b` (simple semver comparison) */
+function semverNewer(a, b) {
+  const pa = (a || "0.0.0").split(".").map(Number);
+  const pb = (b || "0.0.0").split(".").map(Number);
+  for (let i = 0; i < 3; i++) {
+    if ((pa[i] || 0) > (pb[i] || 0)) return true;
+    if ((pa[i] || 0) < (pb[i] || 0)) return false;
+  }
+  return false;
+}
+
+export default router;

package/server/routes/memory.js

@@ -11,11 +11,11 @@ const router = Router();
 const CATEGORIES = ["convention", "decision", "discovery", "warning"];
 
 // List memories for a project
-router.get("/", (req, res) => {
+router.get("/", async (req, res) => {
   try {
     const { project, category } = req.query;
     if (!project) return res.status(400).json({ error: "project query param required" });
-    const memories = listMemories(project, category || null);
+    const memories = await listMemories(project, category || null);
     res.json(memories);
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -23,11 +23,11 @@ router.get("/", (req, res) => {
 });
 
 // Search memories
-router.get("/search", (req, res) => {
+router.get("/search", async (req, res) => {
   try {
     const { project, q, limit } = req.query;
     if (!project || !q) return res.status(400).json({ error: "project and q required" });
-    const results = searchMemories(project, q, Number(limit) || 20);
+    const results = await searchMemories(project, q, Number(limit) || 20);
     res.json(results);
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -35,13 +35,13 @@ router.get("/search", (req, res) => {
 });
 
 // Get top relevant memories (used for prompt injection)
-router.get("/top", (req, res) => {
+router.get("/top", async (req, res) => {
   try {
     const { project, limit } = req.query;
     if (!project) return res.status(400).json({ error: "project required" });
-    const memories = getTopMemories(project, Number(limit) || 10);
+    const memories = await getTopMemories(project, Number(limit) || 10);
     // Touch each memory to boost relevance
-    for (const m of memories) touchMemory(m.id);
+    for (const m of memories) await touchMemory(m.id);
     res.json(memories);
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -49,12 +49,12 @@ router.get("/top", (req, res) => {
 });
 
 // Get stats
-router.get("/stats", (req, res) => {
+router.get("/stats", async (req, res) => {
   try {
     const { project } = req.query;
     if (!project) return res.status(400).json({ error: "project required" });
-    const stats = getMemoryStats(project);
-    const counts = getMemoryCounts(project);
+    const stats = await getMemoryStats(project);
+    const counts = await getMemoryCounts(project);
     res.json({ ...stats, categories: counts });
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -62,14 +62,14 @@ router.get("/stats", (req, res) => {
 });
 
 // Create a memory
-router.post("/", (req, res) => {
+router.post("/", async (req, res) => {
   try {
     const { project, category, content, sessionId, agentId } = req.body;
     if (!project || !content) {
       return res.status(400).json({ error: "project and content required" });
     }
     const cat = CATEGORIES.includes(category) ? category : "discovery";
-    const info = createMemory(project, cat, content.trim(), sessionId || null, agentId || null);
+    const info = await createMemory(project, cat, content.trim(), sessionId || null, agentId || null);
     res.json({ id: info.lastInsertRowid });
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -77,13 +77,13 @@ router.post("/", (req, res) => {
 });
 
 // Update a memory
-router.put("/:id", (req, res) => {
+router.put("/:id", async (req, res) => {
   try {
     const id = Number(req.params.id);
     const { content, category } = req.body;
     if (!content) return res.status(400).json({ error: "content required" });
     const cat = CATEGORIES.includes(category) ? category : "discovery";
-    updateMemory(id, content.trim(), cat);
+    await updateMemory(id, content.trim(), cat);
     res.json({ ok: true });
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -91,10 +91,10 @@ router.put("/:id", (req, res) => {
 });
 
 // Delete a memory
-router.delete("/:id", (req, res) => {
+router.delete("/:id", async (req, res) => {
   try {
     const id = Number(req.params.id);
-    deleteMemory(id);
+    await deleteMemory(id);
     res.json({ ok: true });
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -102,11 +102,11 @@ router.delete("/:id", (req, res) => {
 });
 
 // Decay old memories and clean expired
-router.post("/maintain", (req, res) => {
+router.post("/maintain", async (req, res) => {
   try {
     const { project } = req.body;
     if (!project) return res.status(400).json({ error: "project required" });
-    maintainMemories(project);
+    await maintainMemories(project);
     res.json({ ok: true });
   } catch (err) {
     res.status(500).json({ error: err.message });
@@ -129,13 +129,13 @@ router.post("/optimize", async (req, res) => {
 });
 
 // Apply optimization — replace memories with optimized set
-router.post("/optimize/apply", (req, res) => {
+router.post("/optimize/apply", async (req, res) => {
   try {
     const { project, optimized } = req.body;
     if (!project || !Array.isArray(optimized)) {
       return res.status(400).json({ error: "project and optimized array required" });
     }
-    const result = applyOptimization(project, optimized);
+    const result = await applyOptimization(project, optimized);
     res.json(result);
   } catch (err) {
     console.error("Apply optimization error:", err);

package/server/routes/messages.js

@@ -1,32 +1,63 @@
 import { Router } from "express";
-import { getMessages, getMessagesByChatId, getMessagesNoChatId } from "../../db.js";
+import {
+  getMessages, getMessagesByChatId, getMessagesNoChatId,
+  getRecentMessages, getRecentMessagesByChatId, getRecentMessagesNoChatId,
+  getOlderMessages, getOlderMessagesByChatId, getOlderMessagesNoChatId,
+} from "../../db.js";
 
 const router = Router();
 
-// Get all messages for a session
-router.get("/:id/messages", (req, res) => {
+// Get all messages for a session (supports ?limit=N&before=ID)
+router.get("/:id/messages", async (req, res) => {
   try {
-    const messages = getMessages(req.params.id);
+    const limit = req.query.limit ? parseInt(req.query.limit, 10) : 0;
+    const before = req.query.before ? parseInt(req.query.before, 10) : 0;
+    let messages;
+    if (limit > 0 && before > 0) {
+      messages = await getOlderMessages(req.params.id, before, limit);
+    } else if (limit > 0) {
+      messages = await getRecentMessages(req.params.id, limit);
+    } else {
+      messages = await getMessages(req.params.id);
+    }
     res.json(messages);
   } catch (err) {
     res.status(500).json({ error: err.message });
   }
 });
 
-// Get messages filtered by chatId
-router.get("/:id/messages/:chatId", (req, res) => {
+// Get messages filtered by chatId (supports ?limit=N&before=ID)
+router.get("/:id/messages/:chatId", async (req, res) => {
   try {
-    const messages = getMessagesByChatId(req.params.id, req.params.chatId);
+    const limit = req.query.limit ? parseInt(req.query.limit, 10) : 0;
+    const before = req.query.before ? parseInt(req.query.before, 10) : 0;
+    let messages;
+    if (limit > 0 && before > 0) {
+      messages = await getOlderMessagesByChatId(req.params.id, req.params.chatId, before, limit);
+    } else if (limit > 0) {
+      messages = await getRecentMessagesByChatId(req.params.id, req.params.chatId, limit);
+    } else {
+      messages = await getMessagesByChatId(req.params.id, req.params.chatId);
+    }
     res.json(messages);
   } catch (err) {
     res.status(500).json({ error: err.message });
   }
 });
 
-// Get messages where chat_id IS NULL (single-mode)
-router.get("/:id/messages-single", (req, res) => {
+// Get messages where chat_id IS NULL (supports ?limit=N&before=ID)
+router.get("/:id/messages-single", async (req, res) => {
   try {
-    const messages = getMessagesNoChatId(req.params.id);
+    const limit = req.query.limit ? parseInt(req.query.limit, 10) : 0;
+    const before = req.query.before ? parseInt(req.query.before, 10) : 0;
+    let messages;
+    if (limit > 0 && before > 0) {
+      messages = await getOlderMessagesNoChatId(req.params.id, before, limit);
+    } else if (limit > 0) {
+      messages = await getRecentMessagesNoChatId(req.params.id, limit);
+    } else {
+      messages = await getMessagesNoChatId(req.params.id);
+    }
     res.json(messages);
   } catch (err) {
     res.status(500).json({ error: err.message });

package/server/routes/notifications.js

@@ -26,67 +26,67 @@ router.get("/vapid-public-key", (req, res) => {
   res.json({ key: vapidPublicKey });
 });
 
-router.post("/subscribe", (req, res) => {
+router.post("/subscribe", async (req, res) => {
   const { endpoint, keys } = req.body;
   if (!endpoint || !keys?.p256dh || !keys?.auth) {
     return res.status(400).json({ error: "Invalid subscription" });
   }
-  upsertPushSubscription(endpoint, keys.p256dh, keys.auth);
+  await upsertPushSubscription(endpoint, keys.p256dh, keys.auth);
   res.json({ ok: true });
 });
 
-router.post("/unsubscribe", (req, res) => {
+router.post("/unsubscribe", async (req, res) => {
   const { endpoint } = req.body;
   if (!endpoint) {
     return res.status(400).json({ error: "Missing endpoint" });
   }
-  deletePushSubscription(endpoint);
+  await deletePushSubscription(endpoint);
   res.json({ ok: true });
 });
 
 // ── Create notification (from frontend) ───────────────────
-router.post("/create", (req, res) => {
+router.post("/create", async (req, res) => {
   const { type, title, body, metadata, sourceSessionId, sourceAgentId } = req.body;
   if (!type || !title) {
     return res.status(400).json({ error: "type and title are required" });
   }
-  const notification = logNotification(type, title, body || null, metadata || null, sourceSessionId || null, sourceAgentId || null);
+  const notification = await logNotification(type, title, body || null, metadata || null, sourceSessionId || null, sourceAgentId || null);
   res.json(notification);
 });
 
 // ── Notification history & management ─────────────────────
-router.get("/history", (req, res) => {
+router.get("/history", async (req, res) => {
   const limit = Math.min(parseInt(req.query.limit) || 20, 100);
   const offset = parseInt(req.query.offset) || 0;
   const unreadOnly = req.query.unread_only === "true";
   const type = req.query.type || null;
-  const items = getNotificationHistory(limit, offset, unreadOnly, type);
+  const items = await getNotificationHistory(limit, offset, unreadOnly, type);
   res.json(items);
 });
 
-router.get("/unread-count", (_req, res) => {
-  res.json({ count: getUnreadNotificationCount() });
+router.get("/unread-count", async (_req, res) => {
+  res.json({ count: await getUnreadNotificationCount() });
 });
 
-router.post("/read", (req, res) => {
+router.post("/read", async (req, res) => {
   const { ids, all, before } = req.body;
   if (all) {
-    markAllNotificationsRead();
-    broadcastReadUpdate([]);
+    await markAllNotificationsRead();
+    await broadcastReadUpdate([]);
   } else if (before) {
-    markNotificationsReadBefore(before);
-    broadcastReadUpdate([]);
+    await markNotificationsReadBefore(before);
+    await broadcastReadUpdate([]);
   } else if (Array.isArray(ids) && ids.length > 0) {
-    markNotificationsRead(ids);
-    broadcastReadUpdate(ids);
+    await markNotificationsRead(ids);
+    await broadcastReadUpdate(ids);
   } else {
     return res.status(400).json({ error: "Provide ids, all, or before" });
   }
-  res.json({ ok: true, unreadCount: getUnreadNotificationCount() });
+  res.json({ ok: true, unreadCount: await getUnreadNotificationCount() });
 });
 
-router.delete("/old", (_req, res) => {
-  purgeOldNotifications(90);
+router.delete("/old", async (_req, res) => {
+  await purgeOldNotifications(90);
   res.json({ ok: true });
 });