npm - codepiper - Versions diffs - 0.1.0 - Mend

codepiper 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (149) hide show

package/.env.example +28 -0
package/CHANGELOG.md +10 -0
package/LEGAL_NOTICE.md +39 -0
package/LICENSE +21 -0
package/README.md +524 -0
package/package.json +90 -0
package/packages/cli/package.json +13 -0
package/packages/cli/src/commands/analytics.ts +157 -0
package/packages/cli/src/commands/attach.ts +299 -0
package/packages/cli/src/commands/audit.ts +50 -0
package/packages/cli/src/commands/auth.ts +261 -0
package/packages/cli/src/commands/daemon.ts +162 -0
package/packages/cli/src/commands/doctor.ts +303 -0
package/packages/cli/src/commands/env-set.ts +162 -0
package/packages/cli/src/commands/hook-forward.ts +268 -0
package/packages/cli/src/commands/keys.ts +77 -0
package/packages/cli/src/commands/kill.ts +19 -0
package/packages/cli/src/commands/logs.ts +419 -0
package/packages/cli/src/commands/model.ts +172 -0
package/packages/cli/src/commands/policy-set.ts +185 -0
package/packages/cli/src/commands/policy.ts +227 -0
package/packages/cli/src/commands/providers.ts +114 -0
package/packages/cli/src/commands/resize.ts +34 -0
package/packages/cli/src/commands/send.ts +184 -0
package/packages/cli/src/commands/sessions.ts +202 -0
package/packages/cli/src/commands/slash.ts +92 -0
package/packages/cli/src/commands/start.ts +243 -0
package/packages/cli/src/commands/stop.ts +19 -0
package/packages/cli/src/commands/tail.ts +137 -0
package/packages/cli/src/commands/workflow.ts +786 -0
package/packages/cli/src/commands/workspace.ts +127 -0
package/packages/cli/src/lib/api.ts +78 -0
package/packages/cli/src/lib/args.ts +72 -0
package/packages/cli/src/lib/format.ts +93 -0
package/packages/cli/src/main.ts +563 -0
package/packages/core/package.json +7 -0
package/packages/core/src/config.ts +30 -0
package/packages/core/src/errors.ts +38 -0
package/packages/core/src/eventBus.ts +56 -0
package/packages/core/src/eventBusAdapter.ts +143 -0
package/packages/core/src/index.ts +10 -0
package/packages/core/src/sqliteEventBus.ts +336 -0
package/packages/core/src/types.ts +63 -0
package/packages/daemon/package.json +11 -0
package/packages/daemon/src/api/analyticsRoutes.ts +343 -0
package/packages/daemon/src/api/authRoutes.ts +344 -0
package/packages/daemon/src/api/bodyLimit.ts +133 -0
package/packages/daemon/src/api/envSetRoutes.ts +170 -0
package/packages/daemon/src/api/gitRoutes.ts +409 -0
package/packages/daemon/src/api/hooks.ts +588 -0
package/packages/daemon/src/api/inputPolicy.ts +249 -0
package/packages/daemon/src/api/notificationRoutes.ts +532 -0
package/packages/daemon/src/api/policyRoutes.ts +234 -0
package/packages/daemon/src/api/policySetRoutes.ts +445 -0
package/packages/daemon/src/api/routeUtils.ts +28 -0
package/packages/daemon/src/api/routes.ts +1004 -0
package/packages/daemon/src/api/server.ts +1388 -0
package/packages/daemon/src/api/settingsRoutes.ts +367 -0
package/packages/daemon/src/api/sqliteErrors.ts +47 -0
package/packages/daemon/src/api/stt.ts +143 -0
package/packages/daemon/src/api/terminalRoutes.ts +200 -0
package/packages/daemon/src/api/validation.ts +287 -0
package/packages/daemon/src/api/validationRoutes.ts +174 -0
package/packages/daemon/src/api/workflowRoutes.ts +567 -0
package/packages/daemon/src/api/workspaceRoutes.ts +151 -0
package/packages/daemon/src/api/ws.ts +1588 -0
package/packages/daemon/src/auth/apiRateLimiter.ts +73 -0
package/packages/daemon/src/auth/authMiddleware.ts +305 -0
package/packages/daemon/src/auth/authService.ts +496 -0
package/packages/daemon/src/auth/rateLimiter.ts +137 -0
package/packages/daemon/src/config/pricing.ts +79 -0
package/packages/daemon/src/crypto/encryption.ts +196 -0
package/packages/daemon/src/db/db.ts +2745 -0
package/packages/daemon/src/db/index.ts +16 -0
package/packages/daemon/src/db/migrations.ts +182 -0
package/packages/daemon/src/db/policyDb.ts +349 -0
package/packages/daemon/src/db/schema.sql +408 -0
package/packages/daemon/src/db/workflowDb.ts +464 -0
package/packages/daemon/src/git/gitUtils.ts +544 -0
package/packages/daemon/src/index.ts +6 -0
package/packages/daemon/src/main.ts +525 -0
package/packages/daemon/src/notifications/pushNotifier.ts +369 -0
package/packages/daemon/src/providers/codexAppServerScaffold.ts +49 -0
package/packages/daemon/src/providers/registry.ts +111 -0
package/packages/daemon/src/providers/types.ts +82 -0
package/packages/daemon/src/sessions/auditLogger.ts +103 -0
package/packages/daemon/src/sessions/policyEngine.ts +165 -0
package/packages/daemon/src/sessions/policyMatcher.ts +114 -0
package/packages/daemon/src/sessions/policyTypes.ts +94 -0
package/packages/daemon/src/sessions/ptyProcess.ts +141 -0
package/packages/daemon/src/sessions/sessionManager.ts +1770 -0
package/packages/daemon/src/sessions/tmuxSession.ts +1073 -0
package/packages/daemon/src/sessions/transcriptManager.ts +110 -0
package/packages/daemon/src/sessions/transcriptParser.ts +149 -0
package/packages/daemon/src/sessions/transcriptTailer.ts +214 -0
package/packages/daemon/src/tracking/tokenTracker.ts +168 -0
package/packages/daemon/src/workflows/contextManager.ts +83 -0
package/packages/daemon/src/workflows/index.ts +31 -0
package/packages/daemon/src/workflows/resultExtractor.ts +118 -0
package/packages/daemon/src/workflows/waitConditionPoller.ts +131 -0
package/packages/daemon/src/workflows/workflowParser.ts +217 -0
package/packages/daemon/src/workflows/workflowRunner.ts +969 -0
package/packages/daemon/src/workflows/workflowTypes.ts +188 -0
package/packages/daemon/src/workflows/workflowValidator.ts +533 -0
package/packages/providers/claude-code/package.json +11 -0
package/packages/providers/claude-code/src/index.ts +7 -0
package/packages/providers/claude-code/src/overlaySettings.ts +198 -0
package/packages/providers/claude-code/src/provider.ts +311 -0
package/packages/web/dist/android-chrome-192x192.png +0 -0
package/packages/web/dist/android-chrome-512x512.png +0 -0
package/packages/web/dist/apple-touch-icon.png +0 -0
package/packages/web/dist/assets/AnalyticsPage-BIopKWRf.js +17 -0
package/packages/web/dist/assets/PoliciesPage-CjdLN3dl.js +11 -0
package/packages/web/dist/assets/SessionDetailPage-BtSA0V0M.js +179 -0
package/packages/web/dist/assets/SettingsPage-Dbbz4Ca5.js +37 -0
package/packages/web/dist/assets/WorkflowsPage-Dv6f3GgU.js +1 -0
package/packages/web/dist/assets/chart-vendor-DlOHLaCG.js +49 -0
package/packages/web/dist/assets/codicon-ngg6Pgfi.ttf +0 -0
package/packages/web/dist/assets/css.worker-BvV5MPou.js +93 -0
package/packages/web/dist/assets/editor.worker-CKy7Pnvo.js +26 -0
package/packages/web/dist/assets/html.worker-BLJhxQJQ.js +470 -0
package/packages/web/dist/assets/index-BbdhRfr2.css +1 -0
package/packages/web/dist/assets/index-hgphORiw.js +204 -0
package/packages/web/dist/assets/json.worker-usMZ-FED.js +58 -0
package/packages/web/dist/assets/monaco-core-B_19GPAS.css +1 -0
package/packages/web/dist/assets/monaco-core-DQ5Mk8AK.js +1234 -0
package/packages/web/dist/assets/monaco-react-DfZNWvtW.js +11 -0
package/packages/web/dist/assets/monacoSetup-DvBj52bT.js +1 -0
package/packages/web/dist/assets/pencil-Dbczxz59.js +11 -0
package/packages/web/dist/assets/react-vendor-B5MgMUHH.js +136 -0
package/packages/web/dist/assets/refresh-cw-B0MGsYPL.js +6 -0
package/packages/web/dist/assets/tabs-C8LsWiR5.js +1 -0
package/packages/web/dist/assets/terminal-vendor-Cs8KPbV3.js +9 -0
package/packages/web/dist/assets/terminal-vendor-LcAfv9l9.css +32 -0
package/packages/web/dist/assets/trash-2-Btlg0d4l.js +6 -0
package/packages/web/dist/assets/ts.worker-DGHjMaqB.js +67731 -0
package/packages/web/dist/favicon.ico +0 -0
package/packages/web/dist/icon.svg +1 -0
package/packages/web/dist/index.html +29 -0
package/packages/web/dist/manifest.json +29 -0
package/packages/web/dist/og-image.png +0 -0
package/packages/web/dist/originals/android-chrome-192x192.png +0 -0
package/packages/web/dist/originals/android-chrome-512x512.png +0 -0
package/packages/web/dist/originals/apple-touch-icon.png +0 -0
package/packages/web/dist/originals/favicon.ico +0 -0
package/packages/web/dist/piper.svg +1 -0
package/packages/web/dist/sounds/codepiper-soft-chime.wav +0 -0
package/packages/web/dist/sw.js +257 -0
package/scripts/postinstall-link-workspaces.mjs +58 -0

package/packages/daemon/src/api/settingsRoutes.ts ADDED Viewed

@@ -0,0 +1,367 @@
+/**
+ * Daemon settings API route handlers
+ */
+import type { RouteContext } from "./routes";
+const MAX_NOTIFICATION_EVENT_DEFAULT_ENTRIES = 128;
+const MAX_NOTIFICATION_EVENT_KEY_LENGTH = 128;
+const MAX_NOTIFICATION_SOUND_MAP_ENTRIES = 128;
+const MAX_NOTIFICATION_SOUND_KEY_LENGTH = 128;
+const MAX_NOTIFICATION_SOUND_VALUE_BYTES = 700_000;
+const MAX_NOTIFICATION_SOUND_MAP_TOTAL_BYTES = 900_000;
+const utf8Encoder = new TextEncoder();
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function utf8ByteLength(value: string): number {
+  return utf8Encoder.encode(value).byteLength;
+}
+function validateRecordKey(key: string, field: string, maxLength: number): string | null {
+  if (key.length === 0) {
+    return `${field} keys must not be empty`;
+  }
+  if (key.length > maxLength) {
+    return `${field} keys must be at most ${maxLength} characters`;
+  }
+  if (key.trim() !== key) {
+    return `${field} keys must not have leading or trailing whitespace`;
+  }
+  for (let i = 0; i < key.length; i += 1) {
+    const codePoint = key.charCodeAt(i);
+    if (codePoint <= 0x1f || codePoint === 0x7f) {
+      return `${field} keys must not contain control characters`;
+    }
+  }
+  return null;
+}
+function validateNotificationEventDefaults(
+  value: unknown
+): { ok: true; value: Record<string, boolean> } | { ok: false; error: string } {
+  if (!isPlainObject(value)) {
+    return {
+      ok: false,
+      error: "notificationEventDefaults must be an object with boolean values",
+    };
+  }
+  const entries = Object.entries(value);
+  if (entries.length > MAX_NOTIFICATION_EVENT_DEFAULT_ENTRIES) {
+    return {
+      ok: false,
+      error: `notificationEventDefaults must contain at most ${MAX_NOTIFICATION_EVENT_DEFAULT_ENTRIES} entries`,
+    };
+  }
+  const normalized: Record<string, boolean> = {};
+  for (const [key, entry] of entries) {
+    const keyError = validateRecordKey(
+      key,
+      "notificationEventDefaults",
+      MAX_NOTIFICATION_EVENT_KEY_LENGTH
+    );
+    if (keyError) {
+      return { ok: false, error: keyError };
+    }
+    if (typeof entry !== "boolean") {
+      return {
+        ok: false,
+        error: "notificationEventDefaults must be an object with boolean values",
+      };
+    }
+    normalized[key] = entry;
+  }
+  return { ok: true, value: normalized };
+}
+function validateNotificationSoundMap(
+  value: unknown
+): { ok: true; value: Record<string, string> } | { ok: false; error: string } {
+  if (!isPlainObject(value)) {
+    return {
+      ok: false,
+      error: "notificationSoundMap must be an object with string values",
+    };
+  }
+  const entries = Object.entries(value);
+  if (entries.length > MAX_NOTIFICATION_SOUND_MAP_ENTRIES) {
+    return {
+      ok: false,
+      error: `notificationSoundMap must contain at most ${MAX_NOTIFICATION_SOUND_MAP_ENTRIES} entries`,
+    };
+  }
+  const normalized: Record<string, string> = {};
+  let totalBytes = 0;
+  for (const [key, entry] of entries) {
+    const keyError = validateRecordKey(
+      key,
+      "notificationSoundMap",
+      MAX_NOTIFICATION_SOUND_KEY_LENGTH
+    );
+    if (keyError) {
+      return { ok: false, error: keyError };
+    }
+    if (typeof entry !== "string") {
+      return {
+        ok: false,
+        error: "notificationSoundMap must be an object with string values",
+      };
+    }
+    const valueBytes = utf8ByteLength(entry);
+    if (valueBytes === 0) {
+      return {
+        ok: false,
+        error: "notificationSoundMap values must not be empty",
+      };
+    }
+    if (valueBytes > MAX_NOTIFICATION_SOUND_VALUE_BYTES) {
+      return {
+        ok: false,
+        error: `notificationSoundMap values must be at most ${MAX_NOTIFICATION_SOUND_VALUE_BYTES} bytes`,
+      };
+    }
+    totalBytes += valueBytes;
+    if (totalBytes > MAX_NOTIFICATION_SOUND_MAP_TOTAL_BYTES) {
+      return {
+        ok: false,
+        error: `notificationSoundMap total payload must be at most ${MAX_NOTIFICATION_SOUND_MAP_TOTAL_BYTES} bytes`,
+      };
+    }
+    normalized[key] = entry;
+  }
+  return { ok: true, value: normalized };
+}
+function parseCanaryPercent(
+  value: unknown,
+  key: string
+): { ok: true; value: number } | { ok: false; error: string } {
+  if (!(typeof value === "number" && Number.isFinite(value))) {
+    return { ok: false, error: `${key} must be a number` };
+  }
+  const rounded = Math.round(value);
+  if (rounded < 0 || rounded > 100) {
+    return { ok: false, error: `${key} must be between 0 and 100` };
+  }
+  return { ok: true, value: rounded };
+}
+/**
+ * GET /settings/daemon - Get daemon settings
+ */
+export async function handleGetDaemonSettings(_req: Request, ctx: RouteContext): Promise<Response> {
+  const settings = ctx.db.getDaemonSettings();
+  return Response.json({ settings });
+}
+/**
+ * PUT /settings/daemon - Update daemon settings
+ */
+export async function handleUpdateDaemonSettings(
+  req: Request,
+  ctx: RouteContext
+): Promise<Response> {
+  let body: any;
+  try {
+    body = await req.json();
+  } catch {
+    return Response.json({ error: "Invalid JSON in request body" }, { status: 400 });
+  }
+  if (body.preserveSessions !== undefined && typeof body.preserveSessions !== "boolean") {
+    return Response.json({ error: "preserveSessions must be a boolean" }, { status: 400 });
+  }
+  if (
+    body.defaultPolicyAction !== undefined &&
+    body.defaultPolicyAction !== "ask" &&
+    body.defaultPolicyAction !== "deny"
+  ) {
+    return Response.json({ error: 'defaultPolicyAction must be "ask" or "deny"' }, { status: 400 });
+  }
+  if (body.forwardSshAuthSock !== undefined && typeof body.forwardSshAuthSock !== "boolean") {
+    return Response.json({ error: "forwardSshAuthSock must be a boolean" }, { status: 400 });
+  }
+  if (
+    body.codexHostAccessProfileEnabled !== undefined &&
+    typeof body.codexHostAccessProfileEnabled !== "boolean"
+  ) {
+    return Response.json(
+      { error: "codexHostAccessProfileEnabled must be a boolean" },
+      { status: 400 }
+    );
+  }
+  if (body.notificationsEnabled !== undefined && typeof body.notificationsEnabled !== "boolean") {
+    return Response.json({ error: "notificationsEnabled must be a boolean" }, { status: 400 });
+  }
+  if (
+    body.systemNotificationsEnabled !== undefined &&
+    typeof body.systemNotificationsEnabled !== "boolean"
+  ) {
+    return Response.json(
+      { error: "systemNotificationsEnabled must be a boolean" },
+      { status: 400 }
+    );
+  }
+  if (
+    body.notificationSoundsEnabled !== undefined &&
+    typeof body.notificationSoundsEnabled !== "boolean"
+  ) {
+    return Response.json({ error: "notificationSoundsEnabled must be a boolean" }, { status: 400 });
+  }
+  if (
+    body.notificationEventDefaults !== undefined &&
+    !isPlainObject(body.notificationEventDefaults)
+  ) {
+    return Response.json(
+      { error: "notificationEventDefaults must be an object with boolean values" },
+      { status: 400 }
+    );
+  }
+  if (body.notificationSoundMap !== undefined && !isPlainObject(body.notificationSoundMap)) {
+    return Response.json(
+      { error: "notificationSoundMap must be an object with string values" },
+      { status: 400 }
+    );
+  }
+  let notificationEventDefaults: Record<string, boolean> | undefined;
+  if (body.notificationEventDefaults !== undefined) {
+    const validated = validateNotificationEventDefaults(body.notificationEventDefaults);
+    if (!validated.ok) {
+      return Response.json({ error: validated.error }, { status: 400 });
+    }
+    notificationEventDefaults = validated.value;
+  }
+  let notificationSoundMap: Record<string, string> | undefined;
+  if (body.notificationSoundMap !== undefined) {
+    const validated = validateNotificationSoundMap(body.notificationSoundMap);
+    if (!validated.ok) {
+      return Response.json({ error: validated.error }, { status: 400 });
+    }
+    notificationSoundMap = validated.value;
+  }
+  const terminalFeaturesPatch: Record<string, unknown> = {};
+  if (body.terminalFeatures !== undefined) {
+    if (!isPlainObject(body.terminalFeatures)) {
+      return Response.json({ error: "terminalFeatures must be an object" }, { status: 400 });
+    }
+    const terminalFeatures = body.terminalFeatures as Record<string, unknown>;
+    const booleanFeatureKeys = [
+      "wsPtyPasteEnabled",
+      "latencyProbesEnabled",
+      "diagnosticsPanelEnabled",
+      "codexAppServerSpikeEnabled",
+    ] as const;
+    for (const key of booleanFeatureKeys) {
+      if (terminalFeatures[key] !== undefined && typeof terminalFeatures[key] !== "boolean") {
+        return Response.json({ error: `${key} must be a boolean` }, { status: 400 });
+      }
+      if (terminalFeatures[key] !== undefined) {
+        terminalFeaturesPatch[key] = terminalFeatures[key];
+      }
+    }
+    const canaryKeys = [
+      "wsPtyPasteCanaryPercent",
+      "latencyProbesCanaryPercent",
+      "diagnosticsPanelCanaryPercent",
+    ] as const;
+    for (const key of canaryKeys) {
+      if (terminalFeatures[key] === undefined) {
+        continue;
+      }
+      const parsed = parseCanaryPercent(terminalFeatures[key], key);
+      if (!parsed.ok) {
+        return Response.json({ error: parsed.error }, { status: 400 });
+      }
+      terminalFeaturesPatch[key] = parsed.value;
+    }
+  }
+  ctx.db.updateDaemonSettings({
+    preserveSessions: body.preserveSessions,
+    defaultPolicyAction: body.defaultPolicyAction,
+    forwardSshAuthSock: body.forwardSshAuthSock,
+    codexHostAccessProfileEnabled: body.codexHostAccessProfileEnabled,
+    notificationsEnabled: body.notificationsEnabled,
+    systemNotificationsEnabled: body.systemNotificationsEnabled,
+    notificationSoundsEnabled: body.notificationSoundsEnabled,
+    notificationEventDefaults,
+    notificationSoundMap,
+    terminalFeatures:
+      Object.keys(terminalFeaturesPatch).length > 0
+        ? (terminalFeaturesPatch as {
+            wsPtyPasteEnabled?: boolean;
+            latencyProbesEnabled?: boolean;
+            diagnosticsPanelEnabled?: boolean;
+            codexAppServerSpikeEnabled?: boolean;
+            wsPtyPasteCanaryPercent?: number;
+            latencyProbesCanaryPercent?: number;
+            diagnosticsPanelCanaryPercent?: number;
+          })
+        : undefined,
+  });
+  // Update live policy engine if default action changed
+  if (body.defaultPolicyAction !== undefined) {
+    ctx.policyEngine.setDefaultAction(body.defaultPolicyAction);
+  }
+  const settings = ctx.db.getDaemonSettings();
+  return Response.json({ settings });
+}
+/**
+ * POST /settings/daemon/restart - Restart daemon process
+ */
+export async function handleRestartDaemon(_req: Request, ctx: RouteContext): Promise<Response> {
+  if (!ctx.restartDaemon) {
+    return Response.json(
+      { error: "Daemon restart is not available in this runtime" },
+      { status: 501 }
+    );
+  }
+  const preserveSessions = ctx.db.getDaemonSettings().preserveSessions;
+  try {
+    // Intentionally fire-and-forget so we can acknowledge before process teardown.
+    void Promise.resolve(ctx.restartDaemon()).catch((error) => {
+      console.error("Failed to restart daemon:", error);
+    });
+    return Response.json(
+      {
+        restarting: true,
+        preserveSessions,
+        message: preserveSessions
+          ? "Daemon restart scheduled. Active sessions will be preserved."
+          : "Daemon restart scheduled. Active sessions will be stopped.",
+      },
+      { status: 202 }
+    );
+  } catch (error) {
+    const message = error instanceof Error ? error.message : "Failed to schedule daemon restart";
+    return Response.json({ error: message }, { status: 500 });
+  }
+}

package/packages/daemon/src/api/sqliteErrors.ts ADDED Viewed

@@ -0,0 +1,47 @@
+/**
+ * Shared helpers for classifying SQLite constraint errors in API routes.
+ */
+function getSqliteErrorCode(error: unknown): string | undefined {
+  if (!error || typeof error !== "object" || Array.isArray(error)) {
+    return undefined;
+  }
+  const maybeCode = (error as { code?: unknown }).code;
+  if (typeof maybeCode === "string" && maybeCode.length > 0) {
+    return maybeCode;
+  }
+  return undefined;
+}
+export function getErrorMessage(error: unknown): string {
+  return error instanceof Error ? error.message : "Unknown error";
+}
+export function isSqliteUniqueConstraintError(error: unknown): boolean {
+  const code = getSqliteErrorCode(error);
+  if (code === "SQLITE_CONSTRAINT_UNIQUE") {
+    return true;
+  }
+  const message = getErrorMessage(error);
+  return (
+    message.includes("SQLITE_CONSTRAINT_UNIQUE") ||
+    message.includes("UNIQUE constraint") ||
+    message.includes("UNIQUE constraint failed")
+  );
+}
+export function isSqliteForeignKeyConstraintError(error: unknown): boolean {
+  const code = getSqliteErrorCode(error);
+  if (code === "SQLITE_CONSTRAINT_FOREIGNKEY") {
+    return true;
+  }
+  const message = getErrorMessage(error);
+  return (
+    message.includes("SQLITE_CONSTRAINT_FOREIGNKEY") ||
+    message.includes("FOREIGN KEY constraint failed")
+  );
+}

package/packages/daemon/src/api/stt.ts ADDED Viewed

@@ -0,0 +1,143 @@
+import { randomUUID } from "node:crypto";
+import { unlink } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+const DEFAULT_STT_TIMEOUT_MS = 45_000;
+const MAX_STDERR_SNIPPET_CHARS = 300;
+export class SttNotConfiguredError extends Error {
+  constructor(message = "Speech-to-text backend is not configured") {
+    super(message);
+    this.name = "SttNotConfiguredError";
+  }
+}
+export interface SttTranscriptionResult {
+  transcript: string;
+  backend: string;
+  durationMs: number;
+}
+function parseSttCommandTokens(): string[] | null {
+  const commandJson = process.env.CODEPIPER_STT_COMMAND_JSON?.trim();
+  if (commandJson) {
+    try {
+      const parsed = JSON.parse(commandJson) as unknown;
+      if (Array.isArray(parsed) && parsed.every((item) => typeof item === "string" && item)) {
+        return parsed;
+      }
+    } catch {
+      // Fall through to CODEPIPER_STT_COMMAND parsing.
+    }
+  }
+  const command = process.env.CODEPIPER_STT_COMMAND?.trim();
+  if (!command) {
+    return null;
+  }
+  const tokens = command.split(/\s+/).filter(Boolean);
+  return tokens.length > 0 ? tokens : null;
+}
+function parseSttTimeoutMs(): number {
+  const raw = process.env.CODEPIPER_STT_TIMEOUT_MS;
+  if (!raw) {
+    return DEFAULT_STT_TIMEOUT_MS;
+  }
+  const parsed = Number.parseInt(raw, 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    return DEFAULT_STT_TIMEOUT_MS;
+  }
+  return parsed;
+}
+function resolveAudioFileExtension(mimeType: string): string {
+  if (mimeType.includes("ogg")) return "ogg";
+  if (mimeType.includes("mp4")) return "m4a";
+  if (mimeType.includes("wav")) return "wav";
+  return "webm";
+}
+function materializeCommandTokens(
+  tokens: string[],
+  inputPath: string,
+  mimeType: string
+): { argv: string[]; backend: string } {
+  let containsInputPlaceholder = false;
+  const argv = tokens.map((token) => {
+    const hasInput = token.includes("{input}");
+    if (hasInput) {
+      containsInputPlaceholder = true;
+    }
+    return token.replaceAll("{input}", inputPath).replaceAll("{mime}", mimeType);
+  });
+  if (!containsInputPlaceholder) {
+    argv.push(inputPath);
+  }
+  return {
+    argv,
+    backend: argv[0] ?? "unknown",
+  };
+}
+export async function transcribeAudioFile(file: File): Promise<SttTranscriptionResult> {
+  const commandTokens = parseSttCommandTokens();
+  if (!commandTokens) {
+    throw new SttNotConfiguredError(
+      "Set CODEPIPER_STT_COMMAND (or CODEPIPER_STT_COMMAND_JSON) to enable audio transcription"
+    );
+  }
+  const mimeType = file.type || "audio/webm";
+  const ext = resolveAudioFileExtension(mimeType);
+  const tempPath = join(tmpdir(), `codepiper-stt-${randomUUID()}.${ext}`);
+  const startedAt = performance.now();
+  try {
+    await Bun.write(tempPath, await file.arrayBuffer());
+    const { argv, backend } = materializeCommandTokens(commandTokens, tempPath, mimeType);
+    const timeoutMs = parseSttTimeoutMs();
+    const proc = Bun.spawn(argv, {
+      stdout: "pipe",
+      stderr: "pipe",
+      signal: AbortSignal.timeout(timeoutMs),
+    });
+    const [exitCode, stdout, stderr] = await Promise.all([
+      proc.exited,
+      new Response(proc.stdout).text(),
+      new Response(proc.stderr).text(),
+    ]);
+    if (exitCode !== 0) {
+      const stderrSnippet = stderr.trim().slice(0, MAX_STDERR_SNIPPET_CHARS);
+      throw new Error(
+        stderrSnippet
+          ? `STT backend failed (exit ${exitCode}): ${stderrSnippet}`
+          : `STT backend failed (exit ${exitCode})`
+      );
+    }
+    const transcript = stdout.trim();
+    if (!transcript) {
+      throw new Error("STT backend returned empty transcript");
+    }
+    return {
+      transcript,
+      backend,
+      durationMs: Math.max(0, performance.now() - startedAt),
+    };
+  } finally {
+    try {
+      await unlink(tempPath);
+    } catch {
+      // best-effort cleanup
+    }
+  }
+}