claudecto 0.1.0

package/dist/server/index.js

@@ -0,0 +1,1207 @@
+/**
+ * claudecto server - Hono-based API server
+ */
+import fs from 'node:fs';
+import http from 'node:http';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { Hono } from 'hono';
+import { cors } from 'hono/cors';
+import { WebSocketServer, WebSocket } from 'ws';
+import { ClaudeDir } from '../services/claude-dir.js';
+import { SessionService } from '../services/sessions.js';
+import { StatsService } from '../services/stats.js';
+import { PlansService } from '../services/plans.js';
+import { SkillsService } from '../services/skills.js';
+import { SearchService } from '../services/search.js';
+import { MemoryService } from '../services/memory.js';
+import { HooksService } from '../services/hooks.js';
+import { AnalyticsService } from '../services/analytics.js';
+import { TerminalService } from '../services/terminal.js';
+import { InsightsService } from '../services/insights.js';
+import { TechStackService } from '../services/tech-stack.js';
+import { AgentsService } from '../services/agents.js';
+import { TeamsService } from '../services/teams.js';
+import { BlueprintsService } from '../services/blueprints.js';
+import { AgentGeneratorService } from '../services/agent-generator.js';
+import { AdvisorService } from '../services/advisor.js';
+import { ProjectIntelligenceService } from '../services/project-intelligence.js';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+/**
+ * Validates and decodes a base64-encoded project path.
+ * Prevents path traversal attacks by checking for '..' sequences.
+ * @returns The decoded path or null if invalid
+ */
+function validateProjectPath(encoded) {
+    try {
+        const decoded = Buffer.from(encoded, 'base64').toString('utf-8');
+        // Prevent path traversal attacks
+        if (decoded.includes('..') || decoded.includes('\0')) {
+            return null;
+        }
+        // Must be an absolute path
+        if (!path.isAbsolute(decoded)) {
+            return null;
+        }
+        return decoded;
+    }
+    catch {
+        return null;
+    }
+}
+function resolveUiRoot() {
+    const candidates = [
+        path.resolve(__dirname, '../ui'),
+        path.resolve(__dirname, '../../ui/dist'),
+        path.resolve(process.cwd(), 'ui/dist'),
+    ];
+    for (const dir of candidates) {
+        if (fs.existsSync(path.join(dir, 'index.html'))) {
+            return dir;
+        }
+    }
+    return null;
+}
+function contentTypeForExt(ext) {
+    const types = {
+        '.html': 'text/html; charset=utf-8',
+        '.js': 'application/javascript; charset=utf-8',
+        '.mjs': 'application/javascript; charset=utf-8',
+        '.css': 'text/css; charset=utf-8',
+        '.json': 'application/json; charset=utf-8',
+        '.svg': 'image/svg+xml',
+        '.png': 'image/png',
+        '.jpg': 'image/jpeg',
+        '.jpeg': 'image/jpeg',
+        '.ico': 'image/x-icon',
+        '.woff': 'font/woff',
+        '.woff2': 'font/woff2',
+    };
+    return types[ext] ?? 'application/octet-stream';
+}
+function serveStatic(req, res, root) {
+    const url = new URL(req.url ?? '/', 'http://localhost');
+    if (url.pathname.startsWith('/api/'))
+        return false;
+    let relPath = url.pathname.slice(1) || 'index.html';
+    if (relPath.endsWith('/'))
+        relPath += 'index.html';
+    const normalized = path.posix.normalize(relPath);
+    if (normalized.startsWith('../') || normalized.includes('\0'))
+        return false;
+    const filePath = path.join(root, relPath);
+    if (!filePath.startsWith(root))
+        return false;
+    if (fs.existsSync(filePath) && fs.statSync(filePath).isFile()) {
+        res.setHeader('Content-Type', contentTypeForExt(path.extname(filePath)));
+        res.setHeader('Cache-Control', 'no-cache');
+        res.end(fs.readFileSync(filePath));
+        return true;
+    }
+    // SPA fallback
+    const indexPath = path.join(root, 'index.html');
+    if (fs.existsSync(indexPath)) {
+        res.setHeader('Content-Type', 'text/html; charset=utf-8');
+        res.setHeader('Cache-Control', 'no-cache');
+        res.end(fs.readFileSync(indexPath));
+        return true;
+    }
+    return false;
+}
+export async function createServer(config) {
+    const { claudeDir: claudeDirPath, port, host } = config;
+    // Initialize services
+    const claudeDir = new ClaudeDir(claudeDirPath);
+    const sessionService = new SessionService(claudeDir);
+    const statsService = new StatsService(claudeDir);
+    const plansService = new PlansService(claudeDir);
+    const skillsService = new SkillsService(claudeDir);
+    const searchService = new SearchService(claudeDir);
+    const hooksService = new HooksService(claudeDir);
+    const memoryService = new MemoryService(claudeDir);
+    const analyticsService = new AnalyticsService(claudeDir);
+    const terminalService = new TerminalService();
+    const insightsService = new InsightsService(claudeDir, sessionService, analyticsService);
+    const techStackService = new TechStackService(claudeDir);
+    const agentsService = new AgentsService(claudeDir);
+    const teamsService = new TeamsService(claudeDir);
+    const blueprintsService = new BlueprintsService(claudeDir);
+    const agentGeneratorService = new AgentGeneratorService(claudeDir);
+    const advisorService = new AdvisorService(claudeDir, sessionService, analyticsService, skillsService, hooksService, memoryService, agentsService);
+    const projectIntelligenceService = new ProjectIntelligenceService(claudeDir, sessionService);
+    // Cache for generation results (in-memory for session)
+    const generationCache = new Map();
+    // Create Hono app
+    const app = new Hono();
+    // Restrict CORS to configured origins (security fix)
+    const allowedOrigins = process.env.ALLOWED_ORIGINS?.split(',') || [
+        'http://localhost:18791',
+        'http://127.0.0.1:18791',
+        `http://localhost:${port}`,
+        `http://127.0.0.1:${port}`,
+    ];
+    app.use('*', cors({
+        origin: (origin) => {
+            // Allow requests with no origin (same-origin, curl, etc)
+            if (!origin)
+                return allowedOrigins[0] || 'http://localhost:18791';
+            // Check if origin is in allowed list
+            if (allowedOrigins.includes(origin))
+                return origin;
+            // Fallback - don't allow unknown origins
+            return null;
+        },
+        credentials: true,
+    }));
+    // ============================================================================
+    // Status & Health
+    // ============================================================================
+    app.get('/api/status', async (c) => {
+        const exists = await claudeDir.exists();
+        if (!exists) {
+            return c.json({ error: 'Claude directory not found', code: 'NOT_FOUND' }, 404);
+        }
+        const projects = await sessionService.listProjects();
+        const { sessions } = await sessionService.listSessions({ limit: 1 });
+        const plans = await plansService.listPlans();
+        const skills = await skillsService.listSkills();
+        const stats = await statsService.getStats();
+        return c.json({
+            claudeDir: claudeDir.root,
+            projectCount: projects.length,
+            sessionCount: sessions.length > 0 ? (await sessionService.listSessions()).total : 0,
+            planCount: plans.length,
+            skillCount: skills.length,
+            hasStats: stats !== null,
+        });
+    });
+    app.get('/api/health', (c) => c.json({ ok: true }));
+    // ============================================================================
+    // OAuth (for Electron Google Sign-In)
+    // ============================================================================
+    // Store pending auth tokens (cleared after retrieval)
+    let pendingAuthTokens = null;
+    let pendingAuthError = null;
+    // Endpoint to check for pending auth tokens
+    app.get('/api/auth/pending', (c) => {
+        if (pendingAuthError) {
+            const error = pendingAuthError;
+            pendingAuthError = null;
+            return c.json({ error });
+        }
+        if (pendingAuthTokens) {
+            const tokens = pendingAuthTokens;
+            pendingAuthTokens = null; // Clear after retrieval
+            return c.json({ tokens });
+        }
+        return c.json({ pending: true });
+    });
+    // OAuth callback from Google
+    app.get('/auth/callback', async (c) => {
+        const code = c.req.query('code');
+        const error = c.req.query('error');
+        const successHtml = `
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <title>Authentication Successful</title>
+          <style>
+            body { font-family: system-ui, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #0f172a; color: white; }
+            .container { text-align: center; padding: 2rem; }
+            h1 { color: #22c55e; }
+          </style>
+        </head>
+        <body>
+          <div class="container">
+            <h1>Authentication Successful!</h1>
+            <p>You can close this tab and return to the app.</p>
+          </div>
+        </body>
+      </html>
+    `;
+        const errorHtml = (msg) => `
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <title>Authentication Failed</title>
+          <style>
+            body { font-family: system-ui, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #0f172a; color: white; }
+            .container { text-align: center; padding: 2rem; }
+            h1 { color: #ef4444; }
+          </style>
+        </head>
+        <body>
+          <div class="container">
+            <h1>Authentication Failed</h1>
+            <p>${msg}</p>
+            <p>You can close this tab and try again.</p>
+          </div>
+        </body>
+      </html>
+    `;
+        if (error) {
+            pendingAuthError = c.req.query('error_description') || error;
+            return c.html(errorHtml(pendingAuthError));
+        }
+        if (!code) {
+            pendingAuthError = 'No authorization code received';
+            return c.html(errorHtml(pendingAuthError));
+        }
+        if (!config.oauth) {
+            pendingAuthError = 'OAuth not configured';
+            return c.html(errorHtml(pendingAuthError));
+        }
+        try {
+            // Validate OAuth credentials are configured
+            if (!config.oauth.googleClientId || config.oauth.googleClientId.includes('REPLACE_WITH')) {
+                throw new Error('Google OAuth client ID not configured. Set GOOGLE_CLIENT_ID environment variable.');
+            }
+            if (!config.oauth.googleClientSecret || config.oauth.googleClientSecret.includes('REPLACE_WITH')) {
+                throw new Error('Google OAuth client secret not configured. Set GOOGLE_CLIENT_SECRET environment variable.');
+            }
+            // Exchange code for tokens
+            const tokenResponse = await fetch('https://oauth2.googleapis.com/token', {
+                method: 'POST',
+                headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+                body: new URLSearchParams({
+                    code,
+                    client_id: config.oauth.googleClientId,
+                    client_secret: config.oauth.googleClientSecret,
+                    redirect_uri: `http://localhost:${port}/auth/callback`,
+                    grant_type: 'authorization_code',
+                }),
+            });
+            const tokens = await tokenResponse.json();
+            if (tokens.error) {
+                // Provide helpful error messages for common OAuth errors
+                let errorMessage = tokens.error_description || tokens.error;
+                if (tokens.error === 'invalid_grant') {
+                    errorMessage = 'Authorization code expired or already used. Please try signing in again.';
+                }
+                else if (tokens.error === 'invalid_client') {
+                    errorMessage = 'Invalid OAuth client credentials. Please check GOOGLE_CLIENT_ID and GOOGLE_CLIENT_SECRET.';
+                }
+                else if (tokens.error === 'redirect_uri_mismatch') {
+                    errorMessage = 'Redirect URI mismatch. Add http://localhost:18791/auth/callback to your OAuth client in Google Cloud Console.';
+                }
+                throw new Error(errorMessage);
+            }
+            if (!tokens.id_token) {
+                throw new Error('No ID token received. Ensure "openid" scope is included in OAuth request.');
+            }
+            // Store tokens for the app to retrieve
+            pendingAuthTokens = {
+                idToken: tokens.id_token,
+                accessToken: tokens.access_token,
+            };
+            return c.html(successHtml);
+        }
+        catch (err) {
+            const errorMsg = err.message || 'Token exchange failed';
+            console.error('OAuth callback error:', errorMsg);
+            pendingAuthError = errorMsg;
+            return c.html(errorHtml(errorMsg));
+        }
+    });
+    // ============================================================================
+    // Stats
+    // ============================================================================
+    app.get('/api/stats', async (c) => {
+        const summary = await statsService.getSummary();
+        return c.json(summary);
+    });
+    app.get('/api/stats/daily', async (c) => {
+        const days = Number.parseInt(c.req.query('days') ?? '30', 10);
+        const activity = await statsService.getDailyActivity(days);
+        return c.json({ activity });
+    });
+    // ============================================================================
+    // Projects & Sessions
+    // ============================================================================
+    app.get('/api/projects', async (c) => {
+        const projects = await sessionService.listProjects();
+        return c.json({ projects });
+    });
+    app.get('/api/sessions', async (c) => {
+        const project = c.req.query('project');
+        const page = Number.parseInt(c.req.query('page') ?? '1', 10);
+        const limit = Number.parseInt(c.req.query('limit') ?? '20', 10);
+        const offset = (page - 1) * limit;
+        const { sessions, total } = await sessionService.listSessions({ project, limit, offset });
+        return c.json({
+            items: sessions,
+            total,
+            page,
+            limit,
+            hasMore: offset + sessions.length < total,
+        });
+    });
+    app.get('/api/sessions/:id', async (c) => {
+        const session = await sessionService.getSession(c.req.param('id'));
+        if (!session) {
+            return c.json({ error: 'Session not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ session });
+    });
+    app.get('/api/projects/:id/plans', async (c) => {
+        // Project ID is base64-encoded path - validate to prevent path traversal
+        const projectPath = validateProjectPath(c.req.param('id'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const plans = await plansService.getPlansForProject(projectPath);
+        return c.json({ plans });
+    });
+    // ============================================================================
+    // Search
+    // ============================================================================
+    app.post('/api/search', async (c) => {
+        const body = await c.req.json();
+        if (!body.query?.trim()) {
+            return c.json({ error: 'Query required', code: 'INVALID' }, 400);
+        }
+        const { results, total } = await searchService.search(body);
+        return c.json({ results, total, query: body.query });
+    });
+    // ============================================================================
+    // Plans
+    // ============================================================================
+    app.get('/api/plans', async (c) => {
+        const search = c.req.query('search');
+        const plans = search
+            ? await plansService.searchPlans(search)
+            : await plansService.listPlans();
+        return c.json({ plans });
+    });
+    app.get('/api/plans/:name', async (c) => {
+        const plan = await plansService.getPlan(c.req.param('name'));
+        if (!plan) {
+            return c.json({ error: 'Plan not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ plan });
+    });
+    // ============================================================================
+    // Skills
+    // ============================================================================
+    app.get('/api/skills', async (c) => {
+        const skills = await skillsService.listSkills();
+        return c.json({ skills });
+    });
+    app.get('/api/skills/:path', async (c) => {
+        const skill = await skillsService.getSkill(c.req.param('path'));
+        if (!skill) {
+            return c.json({ error: 'Skill not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ skill });
+    });
+    app.post('/api/skills', async (c) => {
+        const body = await c.req.json();
+        if (!body.name || !body.content) {
+            return c.json({ error: 'Name and content required', code: 'INVALID' }, 400);
+        }
+        const result = await skillsService.createSkill(body.name, body.content);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.put('/api/skills/:path', async (c) => {
+        const body = await c.req.json();
+        if (!body.content) {
+            return c.json({ error: 'Content required', code: 'INVALID' }, 400);
+        }
+        const result = await skillsService.updateSkill(c.req.param('path'), body.content);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.delete('/api/skills/:path', async (c) => {
+        const result = await skillsService.deleteSkill(c.req.param('path'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/skills/validate', async (c) => {
+        const body = await c.req.json();
+        if (!body.content) {
+            return c.json({ error: 'Content required', code: 'INVALID' }, 400);
+        }
+        const validation = skillsService.validateSkill(body.content);
+        return c.json(validation);
+    });
+    app.get('/api/skills/template', (c) => {
+        return c.json({ template: skillsService.getSkillTemplate() });
+    });
+    // ============================================================================
+    // Hooks
+    // ============================================================================
+    app.get('/api/hooks', async (c) => {
+        const hooks = await hooksService.listHooks();
+        return c.json({ hooks });
+    });
+    app.get('/api/hooks/:id', async (c) => {
+        const hook = await hooksService.getHook(c.req.param('id'));
+        if (!hook) {
+            return c.json({ error: 'Hook not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ hook });
+    });
+    app.post('/api/hooks', async (c) => {
+        const body = await c.req.json();
+        if (!body.event || !body.command) {
+            return c.json({ error: 'Event and command required', code: 'INVALID' }, 400);
+        }
+        const result = await hooksService.createHook(body);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true, id: result.id });
+    });
+    app.put('/api/hooks/:id', async (c) => {
+        const body = await c.req.json();
+        const result = await hooksService.updateHook(c.req.param('id'), body);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.delete('/api/hooks/:id', async (c) => {
+        const result = await hooksService.deleteHook(c.req.param('id'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/hooks/:id/test', async (c) => {
+        const result = await hooksService.testHook(c.req.param('id'));
+        return c.json(result);
+    });
+    // ============================================================================
+    // Memory
+    // ============================================================================
+    app.get('/api/memory', async (c) => {
+        const memory = await memoryService.getMemory();
+        return c.json({ content: memory });
+    });
+    app.post('/api/memory', async (c) => {
+        const body = await c.req.json();
+        if (typeof body.content !== 'string') {
+            return c.json({ error: 'Content required', code: 'INVALID' }, 400);
+        }
+        const result = await memoryService.updateMemory(body.content);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    // ============================================================================
+    // Analytics - Real Token/Cost Tracking
+    // ============================================================================
+    app.get('/api/analytics', async (c) => {
+        const daysParam = c.req.query('days');
+        const days = daysParam ? Number.parseInt(daysParam, 10) : undefined;
+        const analytics = await analyticsService.getGlobalAnalytics(days);
+        return c.json(analytics);
+    });
+    app.get('/api/analytics/daily', async (c) => {
+        const days = Number.parseInt(c.req.query('days') ?? '30', 10);
+        const daily = await analyticsService.getDailyAnalytics(days);
+        return c.json({ daily });
+    });
+    app.get('/api/analytics/projects/:id', async (c) => {
+        const projectDir = validateProjectPath(c.req.param('id'));
+        if (!projectDir) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const analytics = await analyticsService.getProjectAnalytics(projectDir);
+        if (!analytics) {
+            return c.json({ error: 'Project not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json(analytics);
+    });
+    app.get('/api/analytics/sessions/:id', async (c) => {
+        const sessionId = c.req.param('id');
+        // Find the session file
+        const projectDirs = await claudeDir.listProjects();
+        for (const projectDir of projectDirs) {
+            const sessionFiles = await claudeDir.listSessionFiles(projectDir);
+            for (const filePath of sessionFiles) {
+                const fileName = path.basename(filePath, '.jsonl');
+                if (fileName === sessionId || fileName.startsWith(sessionId)) {
+                    const analytics = await analyticsService.getSessionAnalytics(filePath, projectDir);
+                    if (analytics) {
+                        return c.json(analytics);
+                    }
+                }
+            }
+        }
+        return c.json({ error: 'Session not found', code: 'NOT_FOUND' }, 404);
+    });
+    app.get('/api/analytics/tools', async (c) => {
+        const days = Number.parseInt(c.req.query('days') ?? '30', 10);
+        const toolAnalytics = await analyticsService.getToolAnalytics(days);
+        return c.json(toolAnalytics);
+    });
+    // ============================================================================
+    // Insights - AI-Powered Session Analysis
+    // ============================================================================
+    app.get('/api/insights/status', async (c) => {
+        const available = await insightsService.isClaudeCodeAvailable();
+        return c.json({ available });
+    });
+    app.get('/api/insights', async (c) => {
+        const project = c.req.query('project');
+        const insights = await insightsService.listInsights(project);
+        return c.json({ insights });
+    });
+    // Global and project insights — must be before /:sessionId to avoid "global"/"project" matching as a sessionId
+    app.get('/api/insights/global', async (c) => {
+        const insight = await insightsService.getGlobalAIInsight();
+        if (!insight) {
+            return c.json({ error: 'Global insight not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ insight });
+    });
+    app.post('/api/insights/global/generate', async (c) => {
+        const body = await c.req.json().catch(() => ({ force: false }));
+        const insight = await insightsService.generateGlobalAIInsight(body.force ?? false);
+        return c.json({ insight });
+    });
+    app.get('/api/insights/project/:projectId', async (c) => {
+        const projectPath = validateProjectPath(c.req.param('projectId'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const insight = await insightsService.getProjectAIInsight(projectPath);
+        if (!insight) {
+            return c.json({ error: 'Project insight not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ insight });
+    });
+    app.post('/api/insights/project/:projectId/generate', async (c) => {
+        const projectPath = validateProjectPath(c.req.param('projectId'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const body = await c.req.json().catch(() => ({ force: false }));
+        const insight = await insightsService.generateProjectAIInsight(projectPath, body.force ?? false);
+        return c.json({ insight });
+    });
+    // Session-level insights — after static routes so "global"/"project" don't match as :sessionId
+    app.get('/api/insights/:sessionId', async (c) => {
+        const insight = await insightsService.getInsight(c.req.param('sessionId'));
+        if (!insight) {
+            return c.json({ error: 'Insight not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ insight });
+    });
+    app.post('/api/insights/:sessionId/generate', async (c) => {
+        const sessionId = c.req.param('sessionId');
+        const body = await c.req.json().catch(() => ({ force: false }));
+        // Verify session exists
+        const session = await sessionService.getSession(sessionId);
+        if (!session) {
+            return c.json({ error: 'Session not found', code: 'NOT_FOUND' }, 404);
+        }
+        // Start generation (returns immediately with pending status if not cached)
+        const insight = await insightsService.generateInsight(sessionId, body.force ?? false);
+        return c.json({ insight });
+    });
+    // ============================================================================
+    // Tech Stack - Technology Usage Aggregation
+    // ============================================================================
+    app.get('/api/tech-stack', async (c) => {
+        const forceRefresh = c.req.query('refresh') === 'true';
+        const summary = await techStackService.getSummary(forceRefresh);
+        return c.json(summary);
+    });
+    app.get('/api/tech-stack/projects/:id', async (c) => {
+        const projectPath = validateProjectPath(c.req.param('id'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const breakdown = await techStackService.getProjectBreakdown(projectPath);
+        if (!breakdown) {
+            return c.json({ error: 'Project not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json(breakdown);
+    });
+    app.post('/api/tech-stack/refresh', async (c) => {
+        const summary = await techStackService.refresh();
+        return c.json(summary);
+    });
+    // Deep insights with patterns, correlations, evolution, and similarity
+    app.get('/api/tech-stack/insights', async (c) => {
+        const forceRefresh = c.req.query('refresh') === 'true';
+        const insights = await techStackService.getDeepInsights(forceRefresh);
+        return c.json(insights);
+    });
+    // AI-powered tech stack analysis
+    app.get('/api/tech-stack/ai-insight', async (c) => {
+        const insight = await techStackService.getAIInsight();
+        return c.json({ insight });
+    });
+    app.post('/api/tech-stack/ai-insight', async (c) => {
+        const body = await c.req.json().catch(() => ({}));
+        const force = body.force === true;
+        const insight = await techStackService.generateAIInsight(force);
+        return c.json({ insight });
+    });
+    // ============================================================================
+    // Agents - Custom Claude Code Subagents
+    // ============================================================================
+    app.get('/api/agents', async (c) => {
+        const agents = await agentsService.listAgents();
+        return c.json({ agents });
+    });
+    app.get('/api/agents/templates', (c) => {
+        const templates = agentsService.getAgentTemplates();
+        return c.json({ templates });
+    });
+    app.get('/api/agents/template/:id', (c) => {
+        const template = agentsService.getAgentTemplate(c.req.param('id'));
+        return c.json({ template });
+    });
+    app.get('/api/agents/:path', async (c) => {
+        const agent = await agentsService.getAgent(c.req.param('path'));
+        if (!agent) {
+            return c.json({ error: 'Agent not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ agent });
+    });
+    app.post('/api/agents', async (c) => {
+        const body = await c.req.json();
+        if (!body.name || !body.content) {
+            return c.json({ error: 'Name and content required', code: 'INVALID' }, 400);
+        }
+        const result = await agentsService.createAgent(body.name, body.content);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.put('/api/agents/:path', async (c) => {
+        const body = await c.req.json();
+        if (!body.content) {
+            return c.json({ error: 'Content required', code: 'INVALID' }, 400);
+        }
+        const result = await agentsService.updateAgent(c.req.param('path'), body.content);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.delete('/api/agents/:path', async (c) => {
+        const result = await agentsService.deleteAgent(c.req.param('path'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/agents/validate', async (c) => {
+        const body = await c.req.json();
+        if (!body.content) {
+            return c.json({ error: 'Content required', code: 'INVALID' }, 400);
+        }
+        const validation = agentsService.validateAgent(body.content);
+        return c.json(validation);
+    });
+    // AI-powered generation endpoints
+    app.post('/api/agents/generate', async (c) => {
+        const body = await c.req.json();
+        if (!body.prompt || body.prompt.trim().length < 10) {
+            return c.json({
+                error: 'Please provide a more detailed description (at least 10 characters)',
+                code: 'INVALID'
+            }, 400);
+        }
+        const result = await agentGeneratorService.generateFromPrompt(body.prompt);
+        // Cache the result for apply
+        generationCache.set(result.id, result);
+        // Clean old cache entries (keep last 10)
+        if (generationCache.size > 10) {
+            const oldest = Array.from(generationCache.keys()).slice(0, generationCache.size - 10);
+            oldest.forEach(key => generationCache.delete(key));
+        }
+        return c.json(result);
+    });
+    app.post('/api/agents/generate/apply', async (c) => {
+        const body = await c.req.json();
+        if (!body.generationId) {
+            return c.json({ error: 'Generation ID required', code: 'INVALID' }, 400);
+        }
+        const result = generationCache.get(body.generationId);
+        if (!result) {
+            return c.json({
+                error: 'Generation not found. Please generate again.',
+                code: 'NOT_FOUND'
+            }, 404);
+        }
+        const agents = body.selectedAgents || result.agents.map(a => a.name);
+        const teams = body.selectedTeams || result.teams.map(t => t.name);
+        const applyResult = await agentGeneratorService.applyGeneration(result, agents, teams);
+        // Clear from cache after applying
+        generationCache.delete(body.generationId);
+        return c.json(applyResult);
+    });
+    // ============================================================================
+    // Teams - Multi-Agent Team Configurations
+    // ============================================================================
+    app.get('/api/teams', async (c) => {
+        const teams = await teamsService.listTeams();
+        return c.json({ teams });
+    });
+    app.get('/api/teams/templates', (c) => {
+        const templates = teamsService.getTeamTemplates();
+        return c.json({ templates });
+    });
+    app.get('/api/teams/:name', async (c) => {
+        const team = await teamsService.getTeam(c.req.param('name'));
+        if (!team) {
+            return c.json({ error: 'Team not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ team });
+    });
+    app.post('/api/teams', async (c) => {
+        const body = await c.req.json();
+        if (!body.name) {
+            return c.json({ error: 'Name required', code: 'INVALID' }, 400);
+        }
+        const result = await teamsService.createTeam(body.name, {
+            description: body.description,
+            leader: body.leader,
+            teammates: body.teammates,
+            planFile: body.planFile,
+        });
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.put('/api/teams/:name', async (c) => {
+        const body = await c.req.json();
+        const result = await teamsService.updateTeam(c.req.param('name'), body);
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.delete('/api/teams/:name', async (c) => {
+        const result = await teamsService.deleteTeam(c.req.param('name'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/teams/:name/export', async (c) => {
+        const result = await teamsService.exportTeam(c.req.param('name'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ blueprint: result.blueprint });
+    });
+    // Get available agents for team member linking
+    app.get('/api/teams/available-agents', async (c) => {
+        const agents = await teamsService.listAvailableAgents();
+        return c.json({ agents });
+    });
+    // Validate agent references in team config
+    app.post('/api/teams/validate-agents', async (c) => {
+        const body = await c.req.json();
+        if (!body.teammates) {
+            return c.json({ valid: true, missing: [] });
+        }
+        const result = await teamsService.validateAgentRefs(body.teammates);
+        return c.json(result);
+    });
+    // Get invocation instructions for a team
+    app.get('/api/teams/:name/instructions', async (c) => {
+        const instructions = await teamsService.getInvocationInstructions(c.req.param('name'));
+        if (!instructions) {
+            return c.json({ error: 'Team not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ instructions });
+    });
+    // Generate setup script for a team
+    app.get('/api/teams/:name/setup-script', async (c) => {
+        const result = await teamsService.generateSetupScript(c.req.param('name'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ script: result.script });
+    });
+    // ============================================================================
+    // Blueprints - Pre-built Agent/Team Templates
+    // ============================================================================
+    app.get('/api/blueprints', async (c) => {
+        const type = c.req.query('type');
+        const category = c.req.query('category');
+        let blueprints;
+        if (type) {
+            blueprints = await blueprintsService.getBlueprintsByType(type);
+        }
+        else if (category) {
+            blueprints = await blueprintsService.getBlueprintsByCategory(category);
+        }
+        else {
+            blueprints = await blueprintsService.listBlueprints();
+        }
+        return c.json({ blueprints });
+    });
+    app.get('/api/blueprints/:id', async (c) => {
+        const blueprint = await blueprintsService.getBlueprint(c.req.param('id'));
+        if (!blueprint) {
+            return c.json({ error: 'Blueprint not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ blueprint });
+    });
+    app.post('/api/blueprints/:id/apply', async (c) => {
+        const blueprint = await blueprintsService.getBlueprint(c.req.param('id'));
+        if (!blueprint) {
+            return c.json({ error: 'Blueprint not found', code: 'NOT_FOUND' }, 404);
+        }
+        // Apply the blueprint based on type
+        if (blueprint.type === 'agent') {
+            // Extract name from agent content
+            const nameMatch = blueprint.content.match(/name:\s*([a-z0-9-]+)/);
+            const name = nameMatch ? nameMatch[1] : blueprint.id.replace('agent-', '');
+            const result = await agentsService.createAgent(name, blueprint.content);
+            if (!result.success) {
+                return c.json({ error: result.error, code: 'FAILED' }, 400);
+            }
+            return c.json({ success: true, type: 'agent', name });
+        }
+        else {
+            // Team blueprint
+            const config = JSON.parse(blueprint.content);
+            const result = await teamsService.createTeam(config.name, config);
+            if (!result.success) {
+                return c.json({ error: result.error, code: 'FAILED' }, 400);
+            }
+            return c.json({ success: true, type: 'team', name: config.name });
+        }
+    });
+    // ============================================================================
+    // Insight Progress - SSE for real-time updates
+    // ============================================================================
+    app.get('/api/insights/:sessionId/progress', async (c) => {
+        const sessionId = c.req.param('sessionId');
+        const progress = insightsService.getProgress(sessionId);
+        return c.json({ progress });
+    });
+    // ============================================================================
+    // AI Advisor - Proactive Intelligence
+    // ============================================================================
+    app.get('/api/advisor/recommendations', async (c) => {
+        const all = c.req.query('all') === 'true';
+        const recommendations = all
+            ? await advisorService.getAllRecommendations()
+            : await advisorService.getRecommendations();
+        return c.json({ recommendations });
+    });
+    app.get('/api/advisor/stats', async (c) => {
+        const state = await advisorService.getState();
+        const recs = state.recommendations;
+        const stats = {
+            pending: recs.filter(r => r.status === 'pending').length,
+            applied: recs.filter(r => r.status === 'applied').length,
+            dismissed: recs.filter(r => r.status === 'dismissed').length,
+            lastAnalyzed: state.lastAnalyzedAt,
+            byType: {
+                skill: recs.filter(r => r.type === 'skill' && r.status === 'pending').length,
+                agent: recs.filter(r => r.type === 'agent' && r.status === 'pending').length,
+                hook: recs.filter(r => r.type === 'hook' && r.status === 'pending').length,
+                'claude-md': recs.filter(r => r.type === 'claude-md' && r.status === 'pending').length,
+                'mcp-server': recs.filter(r => r.type === 'mcp-server' && r.status === 'pending').length,
+                settings: recs.filter(r => r.type === 'settings' && r.status === 'pending').length,
+                model: recs.filter(r => r.type === 'model' && r.status === 'pending').length,
+            },
+        };
+        return c.json({ stats });
+    });
+    app.post('/api/advisor/analyze', async (c) => {
+        const body = await c.req.json().catch(() => ({ force: false }));
+        // Use AI-powered analysis for better recommendation quality
+        const result = await advisorService.runAnalysisWithAI(body.force ?? false);
+        return c.json(result);
+    });
+    app.post('/api/advisor/recommendations/:id/apply', async (c) => {
+        const result = await advisorService.applyRecommendation(c.req.param('id'));
+        if (!result.success) {
+            return c.json({ error: result.error, code: 'FAILED' }, 400);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/advisor/recommendations/:id/dismiss', async (c) => {
+        await advisorService.dismissRecommendation(c.req.param('id'));
+        return c.json({ success: true });
+    });
+    // ============================================================================
+    // Project Intelligence - Cross-Session Project Analysis
+    // ============================================================================
+    app.get('/api/intelligence', async (c) => {
+        const summaries = await projectIntelligenceService.listProjectIntelligence();
+        return c.json({ projects: summaries });
+    });
+    app.get('/api/intelligence/global', async (c) => {
+        const forceRefresh = c.req.query('refresh') === 'true';
+        const intelligence = await projectIntelligenceService.getGlobalIntelligence(forceRefresh);
+        return c.json({ intelligence });
+    });
+    app.get('/api/intelligence/project/:id', async (c) => {
+        const projectPath = validateProjectPath(c.req.param('id'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const intelligence = await projectIntelligenceService.getProjectIntelligence(projectPath);
+        if (!intelligence) {
+            return c.json({ error: 'Intelligence not generated yet', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ intelligence });
+    });
+    app.post('/api/intelligence/project/:id/generate', async (c) => {
+        const projectPath = validateProjectPath(c.req.param('id'));
+        if (!projectPath) {
+            return c.json({ error: 'Invalid project path', code: 'INVALID' }, 400);
+        }
+        const body = await c.req.json().catch(() => ({ force: false }));
+        const intelligence = await projectIntelligenceService.generateProjectIntelligence(projectPath, body.force);
+        return c.json({ intelligence });
+    });
+    app.post('/api/intelligence/generate-all', async (c) => {
+        const body = await c.req.json().catch(() => ({ force: false }));
+        const projects = await sessionService.listProjects();
+        // Generate for all projects (limited to prevent overload)
+        const results = [];
+        for (const project of projects.slice(0, 10)) {
+            const intelligence = await projectIntelligenceService.generateProjectIntelligence(project.path, body.force);
+            results.push({
+                projectPath: project.path,
+                projectName: project.name,
+                status: intelligence.status,
+            });
+        }
+        return c.json({ results });
+    });
+    // ============================================================================
+    // Terminal - Claude Code Integration
+    // ============================================================================
+    app.get('/api/terminal/sessions', (c) => {
+        const sessions = terminalService.listSessions();
+        return c.json({ sessions });
+    });
+    app.post('/api/terminal/sessions', async (c) => {
+        const body = await c.req.json();
+        try {
+            const sessionId = await terminalService.createSession({
+                workingDir: body.workingDir ?? process.cwd(),
+                cols: body.cols,
+                rows: body.rows,
+            });
+            return c.json({ sessionId });
+        }
+        catch (err) {
+            return c.json({ error: err.message, code: 'FAILED' }, 500);
+        }
+    });
+    app.post('/api/terminal/claude', async (c) => {
+        const body = await c.req.json();
+        try {
+            const sessionId = await terminalService.startClaudeCode({
+                workingDir: body.workingDir ?? process.cwd(),
+                resumeSessionId: body.resumeSessionId,
+                prompt: body.prompt,
+                cols: body.cols,
+                rows: body.rows,
+            });
+            return c.json({ sessionId });
+        }
+        catch (err) {
+            return c.json({ error: err.message, code: 'FAILED' }, 500);
+        }
+    });
+    app.post('/api/terminal/sessions/:id/write', async (c) => {
+        const body = await c.req.json();
+        const success = terminalService.write(c.req.param('id'), body.data);
+        if (!success) {
+            return c.json({ error: 'Session not found or closed', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/terminal/sessions/:id/resize', async (c) => {
+        const body = await c.req.json();
+        const success = terminalService.resize(c.req.param('id'), body.cols, body.rows);
+        if (!success) {
+            return c.json({ error: 'Session not found or closed', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ success: true });
+    });
+    app.post('/api/terminal/sessions/:id/interrupt', (c) => {
+        const success = terminalService.interrupt(c.req.param('id'));
+        if (!success) {
+            return c.json({ error: 'Session not found or closed', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ success: true });
+    });
+    app.delete('/api/terminal/sessions/:id', (c) => {
+        const success = terminalService.destroySession(c.req.param('id'));
+        if (!success) {
+            return c.json({ error: 'Session not found', code: 'NOT_FOUND' }, 404);
+        }
+        return c.json({ success: true });
+    });
+    // ============================================================================
+    // Server Setup
+    // ============================================================================
+    const uiRoot = resolveUiRoot();
+    let server = null;
+    let wss = null;
+    // WebSocket client management
+    const terminalClients = new Map();
+    const setupTerminalWebSocket = (wsServer) => {
+        // Forward terminal events to connected WebSocket clients
+        const forwardToClients = (msg) => {
+            const clients = terminalClients.get(msg.sessionId);
+            if (!clients)
+                return;
+            const data = JSON.stringify(msg);
+            for (const ws of clients) {
+                if (ws.readyState === WebSocket.OPEN) {
+                    ws.send(data);
+                }
+            }
+        };
+        terminalService.on('output', forwardToClients);
+        terminalService.on('exit', forwardToClients);
+        terminalService.on('resize', forwardToClients);
+        terminalService.on('status', forwardToClients);
+        wsServer.on('connection', (ws, req) => {
+            const url = new URL(req.url ?? '/', `http://${req.headers.host}`);
+            const sessionId = url.searchParams.get('sessionId');
+            if (!sessionId) {
+                ws.close(4000, 'Missing sessionId parameter');
+                return;
+            }
+            // Add client to session's client set
+            if (!terminalClients.has(sessionId)) {
+                terminalClients.set(sessionId, new Set());
+            }
+            terminalClients.get(sessionId).add(ws);
+            // Send current session status
+            const session = terminalService.getSession(sessionId);
+            if (session) {
+                ws.send(JSON.stringify({
+                    type: 'status',
+                    sessionId,
+                    status: session.status,
+                }));
+            }
+            // Handle incoming messages
+            ws.on('message', (rawData) => {
+                try {
+                    const msg = JSON.parse(rawData.toString());
+                    switch (msg.type) {
+                        case 'input':
+                            if (msg.data) {
+                                terminalService.write(sessionId, msg.data);
+                            }
+                            break;
+                        case 'resize':
+                            if (msg.cols && msg.rows) {
+                                terminalService.resize(sessionId, msg.cols, msg.rows);
+                            }
+                            break;
+                        case 'interrupt':
+                            terminalService.interrupt(sessionId);
+                            break;
+                    }
+                }
+                catch {
+                    // Ignore malformed messages
+                }
+            });
+            // Cleanup on close
+            ws.on('close', () => {
+                const clients = terminalClients.get(sessionId);
+                if (clients) {
+                    clients.delete(ws);
+                    if (clients.size === 0) {
+                        terminalClients.delete(sessionId);
+                    }
+                }
+            });
+        });
+    };
+    return {
+        async start() {
+            return new Promise((resolve, reject) => {
+                server = http.createServer(async (req, res) => {
+                    if (uiRoot && serveStatic(req, res, uiRoot))
+                        return;
+                    const url = new URL(req.url ?? '/', `http://${req.headers.host}`);
+                    const headers = new Headers();
+                    for (const [k, v] of Object.entries(req.headers)) {
+                        if (v)
+                            headers.set(k, Array.isArray(v) ? v[0] : v);
+                    }
+                    let body;
+                    if (req.method !== 'GET' && req.method !== 'HEAD') {
+                        const chunks = [];
+                        for await (const chunk of req)
+                            chunks.push(chunk);
+                        body = Buffer.concat(chunks);
+                    }
+                    try {
+                        const fetchReq = new Request(url.toString(), {
+                            method: req.method,
+                            headers,
+                            body,
+                        });
+                        const fetchRes = await app.fetch(fetchReq);
+                        res.statusCode = fetchRes.status;
+                        fetchRes.headers.forEach((v, k) => res.setHeader(k, v));
+                        res.end(Buffer.from(await fetchRes.arrayBuffer()));
+                    }
+                    catch {
+                        res.statusCode = 500;
+                        res.end(JSON.stringify({ error: 'Internal error' }));
+                    }
+                });
+                // Setup WebSocket server for terminal
+                wss = new WebSocketServer({ server, path: '/api/terminal/ws' });
+                setupTerminalWebSocket(wss);
+                server.on('error', reject);
+                server.listen(port, host, () => {
+                    console.log(`claudecto server running at http://${host}:${port}`);
+                    console.log(`WebSocket terminal available at ws://${host}:${port}/api/terminal/ws`);
+                    if (!uiRoot) {
+                        console.log("UI not found. Run 'npm run build:ui' to build it.");
+                    }
+                    resolve();
+                });
+            });
+        },
+        async stop() {
+            return new Promise((resolve) => {
+                // Cleanup terminal sessions
+                terminalService.destroyAll();
+                // Close WebSocket server
+                if (wss) {
+                    wss.close();
+                }
+                if (server) {
+                    server.close(() => resolve());
+                }
+                else {
+                    resolve();
+                }
+            });
+        },
+        getUrl() {
+            return `http://${host === '0.0.0.0' ? 'localhost' : host}:${port}`;
+        },
+    };
+}
+//# sourceMappingURL=index.js.map