create-workframe 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.dockerignore +22 -0
- package/.gitignore +73 -0
- package/LICENSE +201 -0
- package/NOTICE +12 -0
- package/README.md +111 -0
- package/SECURITY.md +40 -0
- package/bin/create-workframe.js +2814 -0
- package/bin/workframe.js +329 -0
- package/docs/workspace-instructions/WORKFRAME_DISCORD.md +20 -0
- package/docs/workspace-instructions/WORKFRAME_DOCUMENTS_AND_ARTIFACTS.md +20 -0
- package/docs/workspace-instructions/WORKFRAME_KANBAN.md +20 -0
- package/docs/workspace-instructions/WORKFRAME_ONBOARDING.md +21 -0
- package/docs/workspace-instructions/WORKFRAME_ROUTING.md +29 -0
- package/docs/workspace-instructions/WORKFRAME_TELEGRAM.md +19 -0
- package/package.json +67 -0
- package/profiles/README.md +15 -0
- package/profiles/architect/AGENTS.md +29 -0
- package/profiles/architect/SOUL.md +44 -0
- package/profiles/architect/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/designer/AGENTS.md +26 -0
- package/profiles/designer/SOUL.md +31 -0
- package/profiles/designer/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/dev/AGENTS.md +28 -0
- package/profiles/dev/SOUL.md +31 -0
- package/profiles/dev/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/docs/AGENTS.md +27 -0
- package/profiles/docs/SOUL.md +30 -0
- package/profiles/docs/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/research/AGENTS.md +26 -0
- package/profiles/research/SOUL.md +31 -0
- package/profiles/research/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/visionary/AGENTS.md +25 -0
- package/profiles/visionary/SOUL.md +31 -0
- package/profiles/visionary/skills/devops/kanban-worker/SKILL.md +27 -0
- package/profiles/workframe-agent/AGENTS.md +37 -0
- package/profiles/workframe-agent/SETUP.md +185 -0
- package/profiles/workframe-agent/SOUL.md +61 -0
- package/profiles/workframe-agent/skills/devops/botfather/SKILL.md +85 -0
- package/profiles/workframe-agent/skills/devops/kanban-handoff-pattern/SKILL.md +58 -0
- package/profiles/workframe-agent/skills/devops/workframe-cohort/SKILL.md +54 -0
- package/prompts/WORKFRAME_PROMPT_TEMPLATES.md +16 -0
- package/rules/.hermes.md +11 -0
- package/rules/AGENTS.md +22 -0
- package/rules/workspace-README.md +5 -0
- package/scripts/apply-update-hermes.sh +17 -0
- package/scripts/apply-update-workframe.sh +77 -0
- package/scripts/bootstrap-workspace-link.sh +8 -0
- package/scripts/bundle-workframe-ui.mjs +77 -0
- package/scripts/compose-docker-host.sh +37 -0
- package/scripts/create_workframe_scaffold.py +648 -0
- package/scripts/ensure-compose-host-paths.mjs +51 -0
- package/scripts/fix-zk-encryption-key.sh +35 -0
- package/scripts/lib/install-identity.mjs +212 -0
- package/scripts/lib/workframe-registry.mjs +290 -0
- package/scripts/new-project.mjs +68 -0
- package/scripts/restart-gateway-hermes.sh +12 -0
- package/scripts/security_audit.py +156 -0
- package/scripts/select_agent_pack.py +31 -0
- package/scripts/set-compose-public-url.mjs +92 -0
- package/scripts/setup-stack-secrets.sh +50 -0
- package/scripts/sync-canonical-to-package.mjs +146 -0
- package/scripts/test-scaffold.mjs +390 -0
- package/scripts/verify-public-deploy.sh +105 -0
- package/shared/WORKFRAME_AGENT_LIBRARY.md +31 -0
- package/shared/WORKFRAME_AGENT_OPERATIONS.md +29 -0
- package/shared/WORKFRAME_AGENT_PACKS.json +64 -0
- package/shared/WORKFRAME_AGENT_PACKS.yaml +20 -0
- package/shared/WORKFRAME_CHAT_PERMISSION_MODEL.md +20 -0
- package/shared/WORKFRAME_HANDOFF_SCHEMA.md +25 -0
- package/shared/WORKFRAME_SKILL_CURATION.md +27 -0
- package/shared/agent-avatars/ada.png +0 -0
- package/shared/agent-avatars/aibert.png +0 -0
- package/shared/agent-avatars/amelia.png +0 -0
- package/shared/agent-avatars/andy.png +0 -0
- package/shared/agent-avatars/arc.png +0 -0
- package/shared/agent-avatars/bob.png +0 -0
- package/shared/agent-avatars/buzz.png +0 -0
- package/shared/agent-avatars/carl.png +0 -0
- package/shared/agent-avatars/catalog.json +171 -0
- package/shared/agent-avatars/corbu.png +0 -0
- package/shared/agent-avatars/diana.png +0 -0
- package/shared/agent-avatars/ella.png +0 -0
- package/shared/agent-avatars/elvis.png +0 -0
- package/shared/agent-avatars/f1.png +0 -0
- package/shared/agent-avatars/f2.png +0 -0
- package/shared/agent-avatars/f3.png +0 -0
- package/shared/agent-avatars/f4.png +0 -0
- package/shared/agent-avatars/f5.png +0 -0
- package/shared/agent-avatars/f6.png +0 -0
- package/shared/agent-avatars/frida.png +0 -0
- package/shared/agent-avatars/george.png +0 -0
- package/shared/agent-avatars/grace.png +0 -0
- package/shared/agent-avatars/hedy.png +0 -0
- package/shared/agent-avatars/hermes.png +0 -0
- package/shared/agent-avatars/isaac.png +0 -0
- package/shared/agent-avatars/jes.png +0 -0
- package/shared/agent-avatars/john.png +0 -0
- package/shared/agent-avatars/joni.png +0 -0
- package/shared/agent-avatars/leo.png +0 -0
- package/shared/agent-avatars/louis.png +0 -0
- package/shared/agent-avatars/ludwig.png +0 -0
- package/shared/agent-avatars/m1.png +0 -0
- package/shared/agent-avatars/m2.png +0 -0
- package/shared/agent-avatars/m3.png +0 -0
- package/shared/agent-avatars/m4.png +0 -0
- package/shared/agent-avatars/m5.png +0 -0
- package/shared/agent-avatars/m6.png +0 -0
- package/shared/agent-avatars/marie.png +0 -0
- package/shared/agent-avatars/marilyn.png +0 -0
- package/shared/agent-avatars/neil.png +0 -0
- package/shared/agent-avatars/nikola.png +0 -0
- package/shared/agent-avatars/nina.png +0 -0
- package/shared/agent-avatars/paul.png +0 -0
- package/shared/agent-avatars/ringo.png +0 -0
- package/shared/agent-avatars/rosie.png +0 -0
- package/shared/agent-avatars/ste.png +0 -0
- package/shared/agent-avatars/steve.png +0 -0
- package/shared/agent-avatars/sun.png +0 -0
- package/shared/agent-avatars/tom.png +0 -0
- package/shared/agent-avatars/warren.png +0 -0
- package/shared/agent-avatars/woz.png +0 -0
- package/shared/agent-avatars/zaha.png +0 -0
- package/workframe-api/Dockerfile +14 -0
- package/workframe-api/README.md +28 -0
- package/workframe-api/action_proxy.py +131 -0
- package/workframe-api/auth_rate_limit.py +49 -0
- package/workframe-api/catalog/avatar-catalog.json +171 -0
- package/workframe-api/catalog/logo-catalog.json +86 -0
- package/workframe-api/catalog/user-avatar-catalog.json +171 -0
- package/workframe-api/credential_vault.py +445 -0
- package/workframe-api/data/.gitkeep +0 -0
- package/workframe-api/data/avatar-catalog.json +41 -0
- package/workframe-api/data/logo-catalog.json +14 -0
- package/workframe-api/data/user-avatar-catalog.json +18 -0
- package/workframe-api/email_sender.py +220 -0
- package/workframe-api/google_auth.py +90 -0
- package/workframe-api/install_api.py +359 -0
- package/workframe-api/internal_proxy_auth.py +150 -0
- package/workframe-api/llm_proxy.py +277 -0
- package/workframe-api/oidc_jwt.py +108 -0
- package/workframe-api/package.json +13 -0
- package/workframe-api/platform_auth.py +194 -0
- package/workframe-api/profile_secret_policy.py +86 -0
- package/workframe-api/public/assets/index-DPXu_lGn.css +1 -0
- package/workframe-api/public/assets/index-DYnLrCZZ.js +9 -0
- package/workframe-api/public/assets/index-DglUqFB_.js +9 -0
- package/workframe-api/public/index.html +12 -0
- package/workframe-api/requirements.txt +2 -0
- package/workframe-api/server.py +19646 -0
- package/workframe-api/site_meta.py +271 -0
- package/workframe-api/stack_config.py +427 -0
- package/workframe-api/tests/__init__.py +0 -0
- package/workframe-api/tests/db_setup.py +13 -0
- package/workframe-api/tests/test_admin_updates_gated.py +30 -0
- package/workframe-api/tests/test_agent_dm_bootstrap.py +196 -0
- package/workframe-api/tests/test_agent_profile_sync.py +76 -0
- package/workframe-api/tests/test_auth_email.py +222 -0
- package/workframe-api/tests/test_auth_hole_fix_selfcheck.py +99 -0
- package/workframe-api/tests/test_auth_rate_limit.py +19 -0
- package/workframe-api/tests/test_avatar_resolve.py +77 -0
- package/workframe-api/tests/test_child_soul_template.py +71 -0
- package/workframe-api/tests/test_credential_canary.py +135 -0
- package/workframe-api/tests/test_credential_isolation.py +448 -0
- package/workframe-api/tests/test_credential_resolution.py +206 -0
- package/workframe-api/tests/test_device_oauth.py +108 -0
- package/workframe-api/tests/test_doctor_repair.py +103 -0
- package/workframe-api/tests/test_ensure_profile_api.py +77 -0
- package/workframe-api/tests/test_gateway_compose_security.py +136 -0
- package/workframe-api/tests/test_install_secure_host.py +39 -0
- package/workframe-api/tests/test_internal_proxy_auth.py +125 -0
- package/workframe-api/tests/test_invite_runtime_bootstrap.py +72 -0
- package/workframe-api/tests/test_kanban_delegation.py +185 -0
- package/workframe-api/tests/test_llm_proxy.py +155 -0
- package/workframe-api/tests/test_login_access_policy.py +183 -0
- package/workframe-api/tests/test_mvp_model_bootstrap.py +75 -0
- package/workframe-api/tests/test_onboarding_bootstrap.py +248 -0
- package/workframe-api/tests/test_platform_auth.py +47 -0
- package/workframe-api/tests/test_profile_config_path.py +56 -0
- package/workframe-api/tests/test_profile_config_yaml_repair.py +63 -0
- package/workframe-api/tests/test_profile_create.py +72 -0
- package/workframe-api/tests/test_profile_identity_overlay.py +61 -0
- package/workframe-api/tests/test_profile_install_health.py +45 -0
- package/workframe-api/tests/test_profile_secret_policy.py +57 -0
- package/workframe-api/tests/test_profile_workspace_cwd.py +34 -0
- package/workframe-api/tests/test_provider_bootstrap.py +75 -0
- package/workframe-api/tests/test_provider_connect.py +54 -0
- package/workframe-api/tests/test_room_crud.py +192 -0
- package/workframe-api/tests/test_room_tenancy.py +701 -0
- package/workframe-api/tests/test_runtime_identity_backfill.py +34 -0
- package/workframe-api/tests/test_site_meta.py +81 -0
- package/workframe-api/tests/test_soul_stub.py +42 -0
- package/workframe-api/tests/test_space_member_sync.py +99 -0
- package/workframe-api/tests/test_stripe_stack_config.py +37 -0
- package/workframe-api/tests/test_supervisor_lifecycle.py +52 -0
- package/workframe-api/tests/test_turn_credential_vault.py +125 -0
- package/workframe-api/tests/test_updates.py +176 -0
- package/workframe-api/tests/test_user_cohort.py +113 -0
- package/workframe-api/tests/test_vault_envelope.py +110 -0
- package/workframe-api/tests/test_workspace_members.py +183 -0
- package/workframe-api/tests/test_workspace_messaging_sync.py +125 -0
- package/workframe-api/tests/test_workspace_provider_list.py +57 -0
- package/workframe-api/time-bind-chat.py +99 -0
- package/workframe-api/turn_credentials.py +226 -0
- package/workframe-api/updates.py +417 -0
- package/workframe-api/vault_kek.py +159 -0
- package/workframe-api/zk_auth.py +633 -0
- package/workframe-supervisor/Dockerfile +11 -0
- package/workframe-supervisor/profile_secret_policy.py +76 -0
- package/workframe-supervisor/server.py +787 -0
- package/workframe-supervisor/tests/test_exec_guard.py +42 -0
- package/workframe-supervisor/tests/test_server_import.py +21 -0
- package/workframe-ui/docker/nginx.conf +85 -0
- package/workframe-ui/public/assets/1-DLJbBkOb.png +0 -0
- package/workframe-ui/public/assets/10-uwRwj5ce.png +0 -0
- package/workframe-ui/public/assets/11-5OuV9F_e.png +0 -0
- package/workframe-ui/public/assets/12-u_axjxW-.png +0 -0
- package/workframe-ui/public/assets/13-ldSvcMsH.png +0 -0
- package/workframe-ui/public/assets/14-xdcALEYD.png +0 -0
- package/workframe-ui/public/assets/15-aZ4snEFB.png +0 -0
- package/workframe-ui/public/assets/16-L_5-DttY.png +0 -0
- package/workframe-ui/public/assets/2-zOPZTppD.png +0 -0
- package/workframe-ui/public/assets/3-Dc3WoVu5.png +0 -0
- package/workframe-ui/public/assets/4-C50hk7_m.png +0 -0
- package/workframe-ui/public/assets/5-Eweetkq4.png +0 -0
- package/workframe-ui/public/assets/6-5sOXgfkw.png +0 -0
- package/workframe-ui/public/assets/7-BqRBCbiC.png +0 -0
- package/workframe-ui/public/assets/8-DEDKS94h.png +0 -0
- package/workframe-ui/public/assets/9-DNj34GW-.png +0 -0
- package/workframe-ui/public/assets/ada-DsvuOc9n.png +0 -0
- package/workframe-ui/public/assets/aibert-BCz8Lo8H.png +0 -0
- package/workframe-ui/public/assets/amelia-DUf3EBGu.png +0 -0
- package/workframe-ui/public/assets/andy-Cpymuhhx.png +0 -0
- package/workframe-ui/public/assets/arc-CBDYvkAF.js +1 -0
- package/workframe-ui/public/assets/architecture-7EHR7CIX-CtbQKTuT.js +1 -0
- package/workframe-ui/public/assets/architectureDiagram-3BPJPVTR-XnBRKeW0.js +36 -0
- package/workframe-ui/public/assets/array-BifhSqXX.js +1 -0
- package/workframe-ui/public/assets/avatars/ada.png +0 -0
- package/workframe-ui/public/assets/avatars/aibert.png +0 -0
- package/workframe-ui/public/assets/avatars/amelia.png +0 -0
- package/workframe-ui/public/assets/avatars/andy.png +0 -0
- package/workframe-ui/public/assets/avatars/bob.png +0 -0
- package/workframe-ui/public/assets/avatars/buzz.png +0 -0
- package/workframe-ui/public/assets/avatars/carl.png +0 -0
- package/workframe-ui/public/assets/avatars/catalog.json +171 -0
- package/workframe-ui/public/assets/avatars/corbu.png +0 -0
- package/workframe-ui/public/assets/avatars/diana.png +0 -0
- package/workframe-ui/public/assets/avatars/elvis.png +0 -0
- package/workframe-ui/public/assets/avatars/frida.png +0 -0
- package/workframe-ui/public/assets/avatars/george.png +0 -0
- package/workframe-ui/public/assets/avatars/grace.png +0 -0
- package/workframe-ui/public/assets/avatars/hedy.png +0 -0
- package/workframe-ui/public/assets/avatars/hermes.png +0 -0
- package/workframe-ui/public/assets/avatars/isaac.png +0 -0
- package/workframe-ui/public/assets/avatars/john.png +0 -0
- package/workframe-ui/public/assets/avatars/joni.png +0 -0
- package/workframe-ui/public/assets/avatars/leo.png +0 -0
- package/workframe-ui/public/assets/avatars/louis.png +0 -0
- package/workframe-ui/public/assets/avatars/ludwig.png +0 -0
- package/workframe-ui/public/assets/avatars/marie.png +0 -0
- package/workframe-ui/public/assets/avatars/marilyn.png +0 -0
- package/workframe-ui/public/assets/avatars/nikola.png +0 -0
- package/workframe-ui/public/assets/avatars/nina.png +0 -0
- package/workframe-ui/public/assets/avatars/paul.png +0 -0
- package/workframe-ui/public/assets/avatars/ringo.png +0 -0
- package/workframe-ui/public/assets/avatars/rosie.png +0 -0
- package/workframe-ui/public/assets/avatars/steve.png +0 -0
- package/workframe-ui/public/assets/avatars/sun.png +0 -0
- package/workframe-ui/public/assets/avatars/warren.png +0 -0
- package/workframe-ui/public/assets/avatars/woz.png +0 -0
- package/workframe-ui/public/assets/avatars/zaha.png +0 -0
- package/workframe-ui/public/assets/blockDiagram-GPEHLZMM-VYHUfVhd.js +132 -0
- package/workframe-ui/public/assets/bob-DRz-48Id.png +0 -0
- package/workframe-ui/public/assets/branding/banner.png +0 -0
- package/workframe-ui/public/assets/branding/og-default.png +0 -0
- package/workframe-ui/public/assets/branding/workframe'white.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-1.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-2.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-3.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-4.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-5.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-banner.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-logo-horizontal-mini.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-logo-horizontal-nano.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-logo-horizontal.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-logo-vertical-alt.png +0 -0
- package/workframe-ui/public/assets/branding/workframe-logo-vertical.png +0 -0
- package/workframe-ui/public/assets/branding/workframe.png +0 -0
- package/workframe-ui/public/assets/buzz-mC4PtMvC.png +0 -0
- package/workframe-ui/public/assets/c4Diagram-AAUBKEIU-BTjUcJpm.js +10 -0
- package/workframe-ui/public/assets/carl-CtE74db_.png +0 -0
- package/workframe-ui/public/assets/channel-Dy4Z4-jn.js +1 -0
- package/workframe-ui/public/assets/chunk-2J33WTMH-w7uu7R-b.js +1 -0
- package/workframe-ui/public/assets/chunk-3OPIFGDE-Cb9LtnDX.js +62 -0
- package/workframe-ui/public/assets/chunk-4BX2VUAB-DiQ-qCwH.js +1 -0
- package/workframe-ui/public/assets/chunk-55IACEB6-C-mLFr7z.js +1 -0
- package/workframe-ui/public/assets/chunk-5ZQYHXKU-DOesfiCI.js +2 -0
- package/workframe-ui/public/assets/chunk-727SXJPM-BJ3oBZuz.js +206 -0
- package/workframe-ui/public/assets/chunk-AQP2D5EJ-CCA6xpGs.js +231 -0
- package/workframe-ui/public/assets/chunk-BSJP7CBP-a0cMNFb2.js +1 -0
- package/workframe-ui/public/assets/chunk-CSCIHK7Q-kuqN8EIY.js +122 -0
- package/workframe-ui/public/assets/chunk-FMBD7UC4-DyPgYHCg.js +15 -0
- package/workframe-ui/public/assets/chunk-KSCS5N6A-CdUuvR0V.js +10 -0
- package/workframe-ui/public/assets/chunk-L5ZTLDWV-Dq9NoWmK.js +1 -0
- package/workframe-ui/public/assets/chunk-LZXEDZCA-p74rddlO.js +2 -0
- package/workframe-ui/public/assets/chunk-ND2GUHAM-DBD2u1Gz.js +1 -0
- package/workframe-ui/public/assets/chunk-NNHCCRGN-DlpIbxXb.js +159 -0
- package/workframe-ui/public/assets/chunk-NZK2D7GU-BeIeYFnd.js +1 -0
- package/workframe-ui/public/assets/chunk-O5CBEL6O-ClHc56ib.js +70 -0
- package/workframe-ui/public/assets/chunk-QZHKN3VN-CtBEchFK.js +1 -0
- package/workframe-ui/public/assets/chunk-WU5MYG2G-B9pBtriN.js +1 -0
- package/workframe-ui/public/assets/chunk-XPW4576I-EFr8R_1p.js +32 -0
- package/workframe-ui/public/assets/classDiagram-4FO5ZUOK-BMAEA8jI.js +1 -0
- package/workframe-ui/public/assets/classDiagram-v2-Q7XG4LA2-BMAEA8jI.js +1 -0
- package/workframe-ui/public/assets/corbu-KiaMXzXQ.png +0 -0
- package/workframe-ui/public/assets/cose-bilkent-S5V4N54A-C7aPBODd.js +1 -0
- package/workframe-ui/public/assets/cytoscape.esm-h6BdjjI9.js +321 -0
- package/workframe-ui/public/assets/dagre-BM42HDAG-BdU1Rv-H.js +4 -0
- package/workframe-ui/public/assets/dagre-Bx709z4p.js +1 -0
- package/workframe-ui/public/assets/defaultLocale-C8Fc0cco.js +1 -0
- package/workframe-ui/public/assets/diagram-2AECGRRQ-DWowSo85.js +43 -0
- package/workframe-ui/public/assets/diagram-5GNKFQAL-MnxBbceO.js +10 -0
- package/workframe-ui/public/assets/diagram-KO2AKTUF-DQaLRXFf.js +3 -0
- package/workframe-ui/public/assets/diagram-LMA3HP47-CQaBud9k.js +24 -0
- package/workframe-ui/public/assets/diagram-OG6HWLK6-D8bAXbY9.js +24 -0
- package/workframe-ui/public/assets/diana-DW0MsL38.png +0 -0
- package/workframe-ui/public/assets/dist-DGpTLHr_.js +1 -0
- package/workframe-ui/public/assets/elvis-LCFaZIcT.png +0 -0
- package/workframe-ui/public/assets/erDiagram-TEJ5UH35-1E-xSvBK.js +85 -0
- package/workframe-ui/public/assets/eventmodeling-FCH6USID-D75cstNT.js +1 -0
- package/workframe-ui/public/assets/flowDiagram-I6XJVG4X-CgOVD5hu.js +162 -0
- package/workframe-ui/public/assets/frida-CXFA0w3F.png +0 -0
- package/workframe-ui/public/assets/ganttDiagram-6RSMTGT7-JFYAIauo.js +292 -0
- package/workframe-ui/public/assets/george-DBSH2Sm2.png +0 -0
- package/workframe-ui/public/assets/gitGraph-WXDBUCRP-B9REenIl.js +1 -0
- package/workframe-ui/public/assets/gitGraphDiagram-PVQCEYII-BQ7NcMSn.js +106 -0
- package/workframe-ui/public/assets/grace-BhV0UPc0.png +0 -0
- package/workframe-ui/public/assets/graphlib-B8gBHxth.js +1 -0
- package/workframe-ui/public/assets/hedy-BR2IHift.png +0 -0
- package/workframe-ui/public/assets/hermes-CqCzcE0y.png +0 -0
- package/workframe-ui/public/assets/index-Dnw6vjqb.js +133 -0
- package/workframe-ui/public/assets/index-DpAGxump.css +1 -0
- package/workframe-ui/public/assets/info-J43DQDTF-CL6-eTjH.js +1 -0
- package/workframe-ui/public/assets/infoDiagram-5YYISTIA-LJTODW4W.js +2 -0
- package/workframe-ui/public/assets/init-D6jRqBbL.js +1 -0
- package/workframe-ui/public/assets/isaac-D1nhJAuv.png +0 -0
- package/workframe-ui/public/assets/ishikawaDiagram-YF4QCWOH-bchrQVuo.js +70 -0
- package/workframe-ui/public/assets/john-zSPWwNi4.png +0 -0
- package/workframe-ui/public/assets/joni-BFLoyfJP.png +0 -0
- package/workframe-ui/public/assets/journeyDiagram-JHISSGLW-DkrvYuxP.js +139 -0
- package/workframe-ui/public/assets/kanban-definition-UN3LZRKU-DFRbj0IG.js +89 -0
- package/workframe-ui/public/assets/katex-Vhh-h91d.js +257 -0
- package/workframe-ui/public/assets/leo-C_3IOL11.png +0 -0
- package/workframe-ui/public/assets/line-Vd48P7-O.js +1 -0
- package/workframe-ui/public/assets/linear-Ckizh2G7.js +1 -0
- package/workframe-ui/public/assets/louis-DEEECFSX.png +0 -0
- package/workframe-ui/public/assets/ludwig-_hoKhhyK.png +0 -0
- package/workframe-ui/public/assets/marie-DET6MsfO.png +0 -0
- package/workframe-ui/public/assets/marilyn-DTqwt8Yh.png +0 -0
- package/workframe-ui/public/assets/mermaid-parser.core-Bkimsnqj.js +4 -0
- package/workframe-ui/public/assets/mermaid.core-x0TvVuPo.js +9 -0
- package/workframe-ui/public/assets/mindmap-definition-RKZ34NQL-6ykAFPEz.js +96 -0
- package/workframe-ui/public/assets/nikola-B4PtHrJv.png +0 -0
- package/workframe-ui/public/assets/nina-BYbrOn0d.png +0 -0
- package/workframe-ui/public/assets/ordinal-hYBb2elL.js +1 -0
- package/workframe-ui/public/assets/packet-YPE3B663-Dw3xgMDt.js +1 -0
- package/workframe-ui/public/assets/path-BWPyau1x.js +1 -0
- package/workframe-ui/public/assets/paul-CGURYQIn.png +0 -0
- package/workframe-ui/public/assets/pie-LRSECV5Y-DATysawG.js +1 -0
- package/workframe-ui/public/assets/pieDiagram-4H26LBE5-SJKD1S0S.js +30 -0
- package/workframe-ui/public/assets/project-logos/1.png +0 -0
- package/workframe-ui/public/assets/project-logos/10.png +0 -0
- package/workframe-ui/public/assets/project-logos/11.png +0 -0
- package/workframe-ui/public/assets/project-logos/12.png +0 -0
- package/workframe-ui/public/assets/project-logos/13.png +0 -0
- package/workframe-ui/public/assets/project-logos/14.png +0 -0
- package/workframe-ui/public/assets/project-logos/15.png +0 -0
- package/workframe-ui/public/assets/project-logos/16.png +0 -0
- package/workframe-ui/public/assets/project-logos/2.png +0 -0
- package/workframe-ui/public/assets/project-logos/3.png +0 -0
- package/workframe-ui/public/assets/project-logos/4.png +0 -0
- package/workframe-ui/public/assets/project-logos/5.png +0 -0
- package/workframe-ui/public/assets/project-logos/6.png +0 -0
- package/workframe-ui/public/assets/project-logos/7.png +0 -0
- package/workframe-ui/public/assets/project-logos/8.png +0 -0
- package/workframe-ui/public/assets/project-logos/9.png +0 -0
- package/workframe-ui/public/assets/project-logos/catalog.json +86 -0
- package/workframe-ui/public/assets/quadrantDiagram-W4KKPZXB-BrYDZX8q.js +7 -0
- package/workframe-ui/public/assets/radar-GUYGQ44K-BmWYPCds.js +1 -0
- package/workframe-ui/public/assets/requirementDiagram-4Y6WPE33-DwL9Mc8e.js +84 -0
- package/workframe-ui/public/assets/ringo-WhfUNOyY.png +0 -0
- package/workframe-ui/public/assets/rosie-CAtcIf87.png +0 -0
- package/workframe-ui/public/assets/rough.esm-CSKSodPl.js +1 -0
- package/workframe-ui/public/assets/sankeyDiagram-5OEKKPKP-DYIFsL8h.js +40 -0
- package/workframe-ui/public/assets/sequenceDiagram-3UESZ5HK-0-FPkFk8.js +162 -0
- package/workframe-ui/public/assets/src-B_od6b6h.js +1 -0
- package/workframe-ui/public/assets/stateDiagram-AJRCARHV-BQCiBk6u.js +1 -0
- package/workframe-ui/public/assets/stateDiagram-v2-BHNVJYJU-B89jAMFF.js +1 -0
- package/workframe-ui/public/assets/steve-CgXXJ9EZ.png +0 -0
- package/workframe-ui/public/assets/sun-BLNAhoZd.png +0 -0
- package/workframe-ui/public/assets/timeline-definition-PNZ67QCA-DS3tFcXj.js +120 -0
- package/workframe-ui/public/assets/treeView-BLDUP644-DSyUCKLY.js +1 -0
- package/workframe-ui/public/assets/treemap-LRROVOQU-CEZaNh5Y.js +1 -0
- package/workframe-ui/public/assets/vennDiagram-CIIHVFJN-CD-Vc9NF.js +34 -0
- package/workframe-ui/public/assets/wardley-L42UT6IY-Drq5w1Mc.js +1 -0
- package/workframe-ui/public/assets/wardleyDiagram-YWT4CUSO-DouXDJoF.js +78 -0
- package/workframe-ui/public/assets/warren-DIH7UKMY.png +0 -0
- package/workframe-ui/public/assets/woz-D2yleG-V.png +0 -0
- package/workframe-ui/public/assets/xychartDiagram-2RQKCTM6-DDf_Lol5.js +7 -0
- package/workframe-ui/public/assets/zaha-wersOEq9.png +0 -0
- package/workframe-ui/public/favicon.ico +0 -0
- package/workframe-ui/public/favicon.svg +7 -0
- package/workframe-ui/public/icons.svg +24 -0
- package/workframe-ui/public/index.html +50 -0
- package/workframe-ui/public/manifest.webmanifest +18 -0
- package/workframe-ui/public/workframe-config.json +4 -0
|
@@ -0,0 +1,194 @@
|
|
|
1
|
+
"""Stack-level sign-in: Discord OAuth + Telegram Login (workframe admin config)."""
|
|
2
|
+
|
|
3
|
+
from __future__ import annotations
|
|
4
|
+
|
|
5
|
+
import hashlib
|
|
6
|
+
import hmac
|
|
7
|
+
import json
|
|
8
|
+
import os
|
|
9
|
+
import secrets
|
|
10
|
+
import urllib.parse
|
|
11
|
+
import urllib.request
|
|
12
|
+
from typing import Any
|
|
13
|
+
from urllib.parse import urlparse
|
|
14
|
+
|
|
15
|
+
import stack_config
|
|
16
|
+
|
|
17
|
+
APP_BASE_URL = os.environ.get("APP_BASE_URL", "http://127.0.0.1:18644").rstrip("/")
|
|
18
|
+
|
|
19
|
+
|
|
20
|
+
def _oauth_public(block: dict[str, Any]) -> dict[str, Any]:
|
|
21
|
+
client_id = str(block.get("client_id") or "").strip()
|
|
22
|
+
return {
|
|
23
|
+
"client_id": client_id,
|
|
24
|
+
"has_secret": bool(str(block.get("client_secret") or "").strip()),
|
|
25
|
+
"enabled": bool(client_id),
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
|
|
29
|
+
def resolved_discord_oauth() -> dict[str, str]:
|
|
30
|
+
block = stack_config._stack_oauth_raw("discord_oauth") # ponytail: stack_config sibling module
|
|
31
|
+
return {
|
|
32
|
+
"client_id": str(block.get("client_id") or "").strip(),
|
|
33
|
+
"client_secret": str(block.get("client_secret") or "").strip(),
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
def discord_oauth_configured() -> bool:
|
|
38
|
+
cfg = resolved_discord_oauth()
|
|
39
|
+
return bool(cfg.get("client_id") and cfg.get("client_secret"))
|
|
40
|
+
|
|
41
|
+
|
|
42
|
+
def resolved_telegram_login() -> dict[str, str]:
|
|
43
|
+
block = stack_config._stack_oauth_raw("telegram_login")
|
|
44
|
+
return {
|
|
45
|
+
"bot_username": str(block.get("bot_username") or "").strip().lstrip("@"),
|
|
46
|
+
"bot_token": str(block.get("bot_token") or "").strip(),
|
|
47
|
+
}
|
|
48
|
+
|
|
49
|
+
|
|
50
|
+
def telegram_login_configured() -> bool:
|
|
51
|
+
cfg = resolved_telegram_login()
|
|
52
|
+
return bool(cfg.get("bot_username") and cfg.get("bot_token"))
|
|
53
|
+
|
|
54
|
+
|
|
55
|
+
def telegram_login_domain() -> str:
|
|
56
|
+
host = urlparse(APP_BASE_URL).hostname or ""
|
|
57
|
+
return host.strip()
|
|
58
|
+
|
|
59
|
+
|
|
60
|
+
def public_discord_oauth() -> dict[str, Any]:
|
|
61
|
+
return _oauth_public(stack_config._stack_oauth_raw("discord_oauth"))
|
|
62
|
+
|
|
63
|
+
|
|
64
|
+
def public_telegram_login() -> dict[str, Any]:
|
|
65
|
+
cfg = resolved_telegram_login()
|
|
66
|
+
domain = telegram_login_domain()
|
|
67
|
+
return {
|
|
68
|
+
"bot_username": cfg.get("bot_username") or "",
|
|
69
|
+
"has_token": bool(cfg.get("bot_token")),
|
|
70
|
+
"enabled": telegram_login_configured(),
|
|
71
|
+
"domain": domain,
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
|
|
75
|
+
def discord_redirect_uri() -> str:
|
|
76
|
+
return f"{APP_BASE_URL}/api/oauth/discord/callback"
|
|
77
|
+
|
|
78
|
+
|
|
79
|
+
def _discord_exchange_code(code: str, client_id: str, client_secret: str, redirect_uri: str) -> dict[str, Any]:
|
|
80
|
+
body = urllib.parse.urlencode(
|
|
81
|
+
{
|
|
82
|
+
"client_id": client_id,
|
|
83
|
+
"client_secret": client_secret,
|
|
84
|
+
"grant_type": "authorization_code",
|
|
85
|
+
"code": code,
|
|
86
|
+
"redirect_uri": redirect_uri,
|
|
87
|
+
},
|
|
88
|
+
).encode("utf-8")
|
|
89
|
+
req = urllib.request.Request(
|
|
90
|
+
"https://discord.com/api/oauth2/token",
|
|
91
|
+
data=body,
|
|
92
|
+
headers={"Content-Type": "application/x-www-form-urlencoded"},
|
|
93
|
+
method="POST",
|
|
94
|
+
)
|
|
95
|
+
try:
|
|
96
|
+
with urllib.request.urlopen(req, timeout=30) as resp:
|
|
97
|
+
raw = resp.read().decode("utf-8", errors="replace")
|
|
98
|
+
except urllib.error.HTTPError as exc:
|
|
99
|
+
raw = exc.read().decode("utf-8", errors="replace")
|
|
100
|
+
except OSError as exc:
|
|
101
|
+
return {"error": str(exc)}
|
|
102
|
+
try:
|
|
103
|
+
data = json.loads(raw)
|
|
104
|
+
except json.JSONDecodeError:
|
|
105
|
+
return {"error": raw or "discord_token_exchange_failed"}
|
|
106
|
+
return data if isinstance(data, dict) else {"error": "invalid_discord_response"}
|
|
107
|
+
|
|
108
|
+
|
|
109
|
+
def _discord_fetch_user(access_token: str) -> dict[str, Any]:
|
|
110
|
+
req = urllib.request.Request(
|
|
111
|
+
"https://discord.com/api/users/@me",
|
|
112
|
+
headers={"Authorization": f"Bearer {access_token}"},
|
|
113
|
+
)
|
|
114
|
+
try:
|
|
115
|
+
with urllib.request.urlopen(req, timeout=20) as resp:
|
|
116
|
+
data = json.loads(resp.read().decode("utf-8", errors="replace"))
|
|
117
|
+
except (OSError, urllib.error.HTTPError, json.JSONDecodeError) as exc:
|
|
118
|
+
return {"error": str(exc)}
|
|
119
|
+
return data if isinstance(data, dict) else {"error": "invalid_discord_user"}
|
|
120
|
+
|
|
121
|
+
|
|
122
|
+
def start_discord_link(
|
|
123
|
+
*,
|
|
124
|
+
state: str,
|
|
125
|
+
redirect_url: str,
|
|
126
|
+
) -> dict[str, Any]:
|
|
127
|
+
cfg = resolved_discord_oauth()
|
|
128
|
+
client_id = str(cfg.get("client_id") or "").strip()
|
|
129
|
+
if not client_id or not str(cfg.get("client_secret") or "").strip():
|
|
130
|
+
return {
|
|
131
|
+
"ok": False,
|
|
132
|
+
"error": "discord_oauth_not_configured",
|
|
133
|
+
"message": "Workframe admin must register a Discord OAuth app under Integrations.",
|
|
134
|
+
}
|
|
135
|
+
params = urllib.parse.urlencode(
|
|
136
|
+
{
|
|
137
|
+
"client_id": client_id,
|
|
138
|
+
"redirect_uri": discord_redirect_uri(),
|
|
139
|
+
"response_type": "code",
|
|
140
|
+
"scope": "identify",
|
|
141
|
+
"state": state,
|
|
142
|
+
"prompt": "consent",
|
|
143
|
+
},
|
|
144
|
+
)
|
|
145
|
+
return {
|
|
146
|
+
"ok": True,
|
|
147
|
+
"provider": "discord",
|
|
148
|
+
"redirect_url": redirect_url or f"https://discord.com/api/oauth2/authorize?{params}",
|
|
149
|
+
"output": "",
|
|
150
|
+
"error": None,
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
|
|
154
|
+
def complete_discord_link(code: str) -> dict[str, Any]:
|
|
155
|
+
cfg = resolved_discord_oauth()
|
|
156
|
+
client_id = str(cfg.get("client_id") or "").strip()
|
|
157
|
+
client_secret = str(cfg.get("client_secret") or "").strip()
|
|
158
|
+
if not client_id or not client_secret:
|
|
159
|
+
return {"ok": False, "error": "discord_oauth_not_configured"}
|
|
160
|
+
token_data = _discord_exchange_code(code, client_id, client_secret, discord_redirect_uri())
|
|
161
|
+
if token_data.get("error"):
|
|
162
|
+
return {"ok": False, "error": str(token_data.get("error"))}
|
|
163
|
+
access_token = str(token_data.get("access_token") or "").strip()
|
|
164
|
+
if not access_token:
|
|
165
|
+
return {"ok": False, "error": "discord_missing_access_token"}
|
|
166
|
+
user = _discord_fetch_user(access_token)
|
|
167
|
+
if user.get("error"):
|
|
168
|
+
return {"ok": False, "error": str(user.get("error"))}
|
|
169
|
+
discord_id = str(user.get("id") or "").strip()
|
|
170
|
+
if not discord_id:
|
|
171
|
+
return {"ok": False, "error": "discord_missing_user_id"}
|
|
172
|
+
return {"ok": True, "provider": "discord", "platform_ids": {"discord": discord_id}}
|
|
173
|
+
|
|
174
|
+
|
|
175
|
+
def verify_telegram_login(payload: dict[str, Any]) -> dict[str, Any]:
|
|
176
|
+
"""Validate Telegram Login widget payload; returns user id on success."""
|
|
177
|
+
cfg = resolved_telegram_login()
|
|
178
|
+
bot_token = str(cfg.get("bot_token") or "").strip()
|
|
179
|
+
if not bot_token:
|
|
180
|
+
return {"ok": False, "error": "telegram_login_not_configured"}
|
|
181
|
+
data = {k: str(v) for k, v in payload.items() if k != "hash" and v is not None}
|
|
182
|
+
check_hash = str(payload.get("hash") or "").strip()
|
|
183
|
+
if not check_hash or not data.get("id"):
|
|
184
|
+
return {"ok": False, "error": "telegram_invalid_payload"}
|
|
185
|
+
check_line = "\n".join(f"{k}={data[k]}" for k in sorted(data))
|
|
186
|
+
secret = hashlib.sha256(bot_token.encode("utf-8")).digest()
|
|
187
|
+
computed = hmac.new(secret, check_line.encode("utf-8"), hashlib.sha256).hexdigest()
|
|
188
|
+
if not hmac.compare_digest(computed, check_hash):
|
|
189
|
+
return {"ok": False, "error": "telegram_hash_mismatch"}
|
|
190
|
+
return {"ok": True, "provider": "telegram", "platform_ids": {"telegram": str(data["id"]).strip()}}
|
|
191
|
+
|
|
192
|
+
|
|
193
|
+
def new_oauth_state() -> str:
|
|
194
|
+
return secrets.token_urlsafe(24)
|
|
@@ -0,0 +1,86 @@
|
|
|
1
|
+
"""Speed bump for cross-profile secret reads — not an ACL. Real isolation = vault + per-profile mount."""
|
|
2
|
+
from __future__ import annotations
|
|
3
|
+
|
|
4
|
+
import re
|
|
5
|
+
|
|
6
|
+
# ponytail: shared by workframe-api and workframe-supervisor (copy in supervisor image)
|
|
7
|
+
_PROFILE_SECRET_PATH = re.compile(
|
|
8
|
+
r"(?:/opt/data/)?profiles/[^/\s]+/(?:\.env|auth\.json|credentials\.json|\.git-credentials|cookies\.txt)",
|
|
9
|
+
re.IGNORECASE,
|
|
10
|
+
)
|
|
11
|
+
_PROFILE_SLUG_REF = re.compile(
|
|
12
|
+
r"(?:/opt/data/)?profiles/([a-z0-9][a-z0-9-]{0,63})(?:/|$|\s)",
|
|
13
|
+
re.IGNORECASE,
|
|
14
|
+
)
|
|
15
|
+
_READ_VERBS = re.compile(
|
|
16
|
+
r"\b(?:cat|head|tail|sed|awk|grep|egrep|rg|less|more|od|xxd|nl|sort|wc|strings|dd|python3?|perl|ruby|node)\b",
|
|
17
|
+
re.IGNORECASE,
|
|
18
|
+
)
|
|
19
|
+
_SHELL_BYPASS = re.compile(
|
|
20
|
+
r"(?:\*|find\b[^\n]*-exec\b|xargs\b|\btar\b|\bbase64\b|\.e''nv|\.e\"\"nv"
|
|
21
|
+
r"|&&\s*(?:cat|head|tail|sed|awk|grep|python3?|perl|dd|od|xxd|nl|sort|wc)\b"
|
|
22
|
+
r"|\|\s*(?:cat|head|tail|sed|awk|grep|python3?|perl|dd|od|xxd|nl|sort|wc)\b)",
|
|
23
|
+
re.IGNORECASE,
|
|
24
|
+
)
|
|
25
|
+
# ponytail: shell var indirection ceiling — catches `P=…profiles/u-bob; cat $P/.env`
|
|
26
|
+
# but NOT python string concat ('pro'+'files/…'). Real fix = per-profile secret broker.
|
|
27
|
+
_VAR_PROFILE_ASSIGN = re.compile(
|
|
28
|
+
r"\b([A-Za-z_][A-Za-z0-9_]*)=(?:[^\s;&|]*\s*)?(?:/opt/data/)?profiles/[a-z0-9][a-z0-9-]{0,63}",
|
|
29
|
+
re.IGNORECASE,
|
|
30
|
+
)
|
|
31
|
+
_VAR_DEREF_SECRET = re.compile(
|
|
32
|
+
r"\$\{?([A-Za-z_][A-Za-z0-9_]*)\}?[^\s;&|]*/(?:\.env|auth\.json|credentials\.json|\.git-credentials|cookies\.txt)",
|
|
33
|
+
re.IGNORECASE,
|
|
34
|
+
)
|
|
35
|
+
|
|
36
|
+
|
|
37
|
+
def _cmd_blob(cmd: list[str] | str) -> str:
|
|
38
|
+
return " ".join(str(part) for part in cmd) if isinstance(cmd, list) else str(cmd)
|
|
39
|
+
|
|
40
|
+
|
|
41
|
+
def referenced_profile_slugs(cmd: list[str] | str) -> set[str]:
|
|
42
|
+
return {m.group(1).lower() for m in _PROFILE_SLUG_REF.finditer(_cmd_blob(cmd))}
|
|
43
|
+
|
|
44
|
+
|
|
45
|
+
def is_secret_read_attempt(cmd: list[str] | str) -> bool:
|
|
46
|
+
blob = _cmd_blob(cmd)
|
|
47
|
+
if _PROFILE_SECRET_PATH.search(blob):
|
|
48
|
+
return True
|
|
49
|
+
if "profiles/" in blob.lower() and _SHELL_BYPASS.search(blob):
|
|
50
|
+
return True
|
|
51
|
+
if _PROFILE_SLUG_REF.search(blob) and _READ_VERBS.search(blob):
|
|
52
|
+
return True
|
|
53
|
+
assigned = {m.group(1) for m in _VAR_PROFILE_ASSIGN.finditer(blob)}
|
|
54
|
+
if assigned:
|
|
55
|
+
for m in _VAR_DEREF_SECRET.finditer(blob):
|
|
56
|
+
if m.group(1) in assigned:
|
|
57
|
+
return True
|
|
58
|
+
return False
|
|
59
|
+
|
|
60
|
+
|
|
61
|
+
def touches_foreign_profile_secrets(cmd: list[str] | str, allowed_profile: str) -> bool:
|
|
62
|
+
"""True when command references another profile's tree (0022 N2 / 0023 C1)."""
|
|
63
|
+
allowed = str(allowed_profile or "").strip().lower()
|
|
64
|
+
if not allowed:
|
|
65
|
+
return False
|
|
66
|
+
slugs = referenced_profile_slugs(cmd)
|
|
67
|
+
return bool(slugs - {allowed})
|
|
68
|
+
|
|
69
|
+
|
|
70
|
+
def exec_blocked_for_profile(cmd: list[str] | str, acting_profile: str = "") -> bool:
|
|
71
|
+
if is_secret_read_attempt(cmd):
|
|
72
|
+
return True
|
|
73
|
+
if acting_profile and touches_foreign_profile_secrets(cmd, acting_profile):
|
|
74
|
+
return True
|
|
75
|
+
return False
|
|
76
|
+
|
|
77
|
+
|
|
78
|
+
if __name__ == "__main__":
|
|
79
|
+
assert is_secret_read_attempt(["cat", "profiles/u-alice-dev/.env"])
|
|
80
|
+
assert is_secret_read_attempt("cat profiles/u-bob-dev/*")
|
|
81
|
+
assert is_secret_read_attempt("cd /opt/data/profiles/u-bob && head .env")
|
|
82
|
+
assert is_secret_read_attempt("cd profiles/u-x && python3 -c \"print(open('.env').read())\"")
|
|
83
|
+
assert touches_foreign_profile_secrets("cd profiles/u-bob && head .env", "u-alice-dev")
|
|
84
|
+
assert not touches_foreign_profile_secrets("hermes -p u-alice-dev gateway status", "u-alice-dev")
|
|
85
|
+
assert not is_secret_read_attempt(["hermes", "-p", "dev", "gateway", "run"])
|
|
86
|
+
print("profile_secret_policy ok")
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
:root{--lightningcss-light: ;--lightningcss-dark:initial;color-scheme:dark;--wf-font-sans:"Inter Tight", ui-sans-serif, system-ui, sans-serif;--wf-font-mono:"JetBrains Mono", ui-monospace, SFMono-Regular, Menlo, Consolas, monospace;--wf-blur:34px;--wf-header-height:56px;--wf-footer-height:28px}[data-theme=dark]{--lightningcss-light: ;--lightningcss-dark:initial;color-scheme:dark;--wf-bg:#0a0a0f;--wf-text:#e8e8ee;--wf-muted:#727280;--wf-border:#ffffff12;--wf-border-strong:#ffffff1c;--wf-surface:#12121a94;--wf-surface-soft:#12121a61;--wf-primary:#ffffffe6;--wf-primary-foreground:#0a0a0f;--wf-violet:#6d28d9;--wf-violet-glow:#7c3aed;--wf-ring:#6d28d961}[data-theme=light]{--lightningcss-light:initial;--lightningcss-dark: ;color-scheme:light;--wf-bg:#f2f2f7;--wf-text:#1c1c1e;--wf-muted:#8e8e93;--wf-border:#00000014;--wf-border-strong:#0000001f;--wf-surface:#fffc;--wf-surface-soft:#ffffff80;--wf-primary:#000;--wf-primary-foreground:#fff;--wf-violet:#6d28d9;--wf-violet-glow:#7c3aed;--wf-ring:#6d28d961}*{box-sizing:border-box;margin:0;padding:0}body{font-family:var(--wf-font-sans);background:var(--wf-bg);color:var(--wf-text);-webkit-font-smoothing:antialiased;line-height:1.5}.wf-shell{flex-direction:column;min-height:100vh;display:flex}.wf-shell--centered{justify-content:center;align-items:center}.wf-header{height:var(--wf-header-height);border-bottom:1px solid var(--wf-border);background:var(--wf-surface);-webkit-backdrop-filter:blur(var(--wf-blur));backdrop-filter:blur(var(--wf-blur));justify-content:space-between;align-items:center;padding:0 20px;display:flex}.wf-header__brand{letter-spacing:-.02em;color:var(--wf-text);font-size:18px;font-weight:700}.wf-header__actions{gap:8px;display:flex}.wf-auth{background:var(--wf-surface);border:1px solid var(--wf-border);width:100%;max-width:400px;-webkit-backdrop-filter:blur(var(--wf-blur));backdrop-filter:blur(var(--wf-blur));border-radius:16px;padding:32px}.wf-auth__title{letter-spacing:-.02em;margin:0 0 8px;font-size:24px;font-weight:700}.wf-auth__subtitle{color:var(--wf-muted);margin:0 0 24px;font-size:14px}.wf-field{margin-bottom:16px}.wf-field__label{color:var(--wf-muted);margin-bottom:6px;font-size:13px;font-weight:500;display:block}.wf-input{background:var(--wf-surface-soft);border:1px solid var(--wf-border);width:100%;height:40px;color:var(--wf-text);font-size:14px;font-family:var(--wf-font-sans);border-radius:8px;outline:none;padding:0 12px;transition:border-color .15s}.wf-input:focus{border-color:var(--wf-violet);box-shadow:0 0 0 3px var(--wf-ring)}.wf-input::placeholder{color:var(--wf-muted)}.wf-btn{height:40px;font-size:14px;font-weight:500;font-family:var(--wf-font-sans);cursor:pointer;border:none;border-radius:8px;justify-content:center;align-items:center;padding:0 16px;transition:all .15s;display:inline-flex}.wf-btn--primary{background:var(--wf-primary);color:var(--wf-primary-foreground)}.wf-btn--primary:hover{opacity:.9}.wf-btn--secondary{background:var(--wf-surface-soft);color:var(--wf-text);border:1px solid var(--wf-border)}.wf-btn--secondary:hover{background:var(--wf-border)}.wf-btn--ghost{color:var(--wf-text);background:0 0}.wf-btn--ghost:hover{background:var(--wf-surface-soft)}.wf-btn--sm{height:32px;padding:0 12px;font-size:13px}.wf-btn:disabled{opacity:.5;cursor:not-allowed}.wf-error{color:#ef4444;background:#ef44441a;border:1px solid #ef444433;border-radius:8px;margin-bottom:16px;padding:10px 12px;font-size:13px}.wf-success{color:#22c55e;background:#22c55e1a;border:1px solid #22c55e33;border-radius:8px;margin-bottom:16px;padding:10px 12px;font-size:13px}.wf-otp{justify-content:center;gap:8px;margin-bottom:16px;display:flex}.wf-otp__digit{text-align:center;width:44px;height:48px;font-size:20px;font-weight:600;font-family:var(--wf-font-mono);background:var(--wf-surface-soft);border:1px solid var(--wf-border);color:var(--wf-text);border-radius:8px;outline:none;padding:0;transition:border-color .15s}.wf-otp__digit:focus{border-color:var(--wf-violet);box-shadow:0 0 0 3px var(--wf-ring)}.wf-layout{flex:1;display:flex;overflow:hidden}.wf-sidebar{border-right:1px solid var(--wf-border);background:var(--wf-surface);width:200px;padding:16px 0}.wf-sidebar__link{color:var(--wf-muted);cursor:pointer;padding:8px 20px;font-size:14px;text-decoration:none;transition:all .15s;display:block}.wf-sidebar__link:hover{color:var(--wf-text);background:var(--wf-surface-soft)}.wf-sidebar__link--active{color:var(--wf-text);background:var(--wf-surface-soft);font-weight:500}.wf-main{flex:1;padding:24px;overflow-y:auto}.wf-profile{max-width:480px}.wf-profile__avatar{background:var(--wf-violet);color:#fff;border-radius:50%;justify-content:center;align-items:center;width:64px;height:64px;margin-bottom:24px;font-size:24px;font-weight:600;display:flex}.wf-profile__name{margin:0 0 4px;font-size:20px;font-weight:600}.wf-profile__email{color:var(--wf-muted);margin:0 0 24px;font-size:14px}.wf-otp{gap:8px;margin-bottom:16px;display:flex}.wf-otp .wf-input{text-align:center;letter-spacing:4px;font-size:20px;font-weight:600}
|