npm - devglide - Versions diffs - 0.1.2 → 0.1.3 - Mend

devglide 0.1.2 → 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/package.json +5 -1
package/src/project-context.ts +36 -0
package/src/public/app.js +701 -0
package/src/public/favicon.svg +7 -0
package/src/public/index.html +78 -0
package/src/public/state.js +84 -0
package/src/public/style.css +1213 -0
package/src/routers/coder.ts +157 -0
package/src/routers/dashboard.ts +158 -0
package/src/routers/kanban.ts +38 -0
package/src/routers/log.ts +42 -0
package/src/routers/prompts.ts +134 -0
package/src/routers/shell/index.ts +47 -0
package/src/routers/shell/pty-manager.ts +107 -0
package/src/routers/shell/shell-config.ts +38 -0
package/src/routers/shell/shell-routes.ts +108 -0
package/src/routers/shell/shell-socket.ts +321 -0
package/src/routers/shell/shell-state.ts +59 -0
package/src/routers/test.ts +254 -0
package/src/routers/vocabulary.ts +149 -0
package/src/routers/voice.ts +10 -0
package/src/routers/workflow.ts +243 -0
package/src/server.ts +325 -0

package/src/server.ts ADDED Viewed

@@ -0,0 +1,325 @@
+/**
+ * Devglide Unified Server
+ *
+ * Consolidates all 9 Devglide micro-services into a single Express/Socket.io
+ * server. Each app's routes live in src/routers/<app>.ts and are mounted under
+ * /api/<app>. Static assets are served from the original app public dirs.
+ */
+import express from 'express';
+import { createServer } from 'http';
+import { Server, type Namespace } from 'socket.io';
+import path from 'path';
+import { fileURLToPath } from 'url';
+// Shared packages
+import { isLocalhostOrigin } from './packages/auth-middleware.js';
+import { LOGS_DIR } from './packages/paths.js';
+import { snifferSource, runnerSource } from './packages/devtools-middleware.js';
+import { initServerSniffer } from './packages/server-sniffer.js';
+import { mountMcpHttp } from './packages/mcp-utils/src/index.js';
+// Project context
+import { getActiveProject, setActiveProject } from './project-context.js';
+// Initial stored project
+import { getActiveProject as getStoredProject } from './packages/project-store.js';
+// Routers
+import { router as dashboardRouter, initDashboard } from './routers/dashboard.js';
+import { router as kanbanRouter, createKanbanMcpServer } from './routers/kanban.js';
+import { router as logRouter, initLog, shutdownLog, createLogMcpServer } from './routers/log.js';
+import { recordSession } from './apps/log/src/routes/log.js';
+import { router as testRouter, initTest, shutdownTest, createTestMcpServer } from './routers/test.js';
+import { router as shellRouter, initShell, mountShellMcp, shutdownShell } from './routers/shell/index.js';
+import { router as coderRouter } from './routers/coder.js';
+import { router as workflowRouter, initWorkflow, shutdownWorkflow, createWorkflowMcpServer } from './routers/workflow.js';
+import { router as voiceRouter, createVoiceMcpServer } from './routers/voice.js';
+import { router as vocabularyRouter, createVocabularyMcpServer } from './routers/vocabulary.js';
+import { router as promptsRouter, createPromptsMcpServer } from './routers/prompts.js';
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const ROOT = path.resolve(__dirname, '..');
+const PORT = parseInt(process.env.PORT || '7000', 10);
+// ---------------------------------------------------------------------------
+// Server sniffer — captures server-side console output to disk
+// ---------------------------------------------------------------------------
+initServerSniffer({ service: 'devglide', targetPath: path.join(ROOT, 'server.log'), logPort: PORT });
+// ---------------------------------------------------------------------------
+// Express + HTTP + Socket.io
+// ---------------------------------------------------------------------------
+const app = express();
+const httpServer = createServer(app);
+const io = new Server(httpServer, {
+  cors: {
+    origin: (origin: string | undefined, cb: (err: Error | null, allow?: boolean) => void) => {
+      if (!origin || isLocalhostOrigin(origin)) return cb(null, true);
+      cb(null, false);
+    },
+  },
+});
+// No auth — local-only dev tool; CORS restricts cross-origin access.
+// ---------------------------------------------------------------------------
+// Security headers
+// ---------------------------------------------------------------------------
+app.use((_req, res, next) => {
+  res.setHeader('X-Content-Type-Options', 'nosniff');
+  res.setHeader('X-Frame-Options', 'SAMEORIGIN');
+  res.setHeader('X-XSS-Protection', '0');
+  res.setHeader('Referrer-Policy', 'strict-origin-when-cross-origin');
+  res.setHeader('Permissions-Policy', 'camera=(), microphone=(self), geolocation=()');
+  next();
+});
+// ---------------------------------------------------------------------------
+// Shared CORS middleware
+// ---------------------------------------------------------------------------
+app.use((req, res, next) => {
+  const origin = req.headers.origin;
+  if (origin && isLocalhostOrigin(origin)) {
+    res.setHeader('Access-Control-Allow-Origin', origin);
+  }
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+  if (req.method === 'OPTIONS') return res.sendStatus(204);
+  next();
+});
+// ---------------------------------------------------------------------------
+// Body parser — 1 MB default, 25 MB for voice transcription uploads
+// ---------------------------------------------------------------------------
+const jsonDefault = express.json({ limit: '1mb' });
+const jsonLarge = express.json({ limit: '25mb' });
+app.use((req, res, next) => {
+  const isVoiceUpload = req.path.startsWith('/api/voice/transcribe') || req.path === '/api/transcribe';
+  (isVoiceUpload ? jsonLarge : jsonDefault)(req, res, next);
+});
+// ---------------------------------------------------------------------------
+// Static file serving
+// ---------------------------------------------------------------------------
+app.use('/shared-assets', express.static(path.join(ROOT, 'src/packages/shared-assets')));
+app.use('/df', express.static(path.join(ROOT, 'src/packages/design-tokens/dist')));
+app.use('/design-tokens', express.static(path.join(ROOT, 'src/packages/design-tokens/dist')));
+// App-specific static dirs
+app.use('/app/kanban', express.static(path.join(ROOT, 'src/apps/kanban/public')));
+app.use('/app/log', express.static(path.join(ROOT, 'src/apps/log/public')));
+app.use('/app/test', express.static(path.join(ROOT, 'src/apps/test/public')));
+app.use('/app/shell', express.static(path.join(ROOT, 'src/apps/shell/public')));
+app.use('/app/coder', express.static(path.join(ROOT, 'src/apps/coder/public')));
+app.use('/app/workflow', express.static(path.join(ROOT, 'src/apps/workflow/public')));
+app.use('/app/voice', express.static(path.join(ROOT, 'src/apps/voice/public')));
+app.use('/app/vocabulary', express.static(path.join(ROOT, 'src/apps/vocabulary/public')));
+app.use('/app/keymap', express.static(path.join(ROOT, 'src/apps/keymap/public')));
+app.use('/app/prompts', express.static(path.join(ROOT, 'src/apps/prompts/public')));
+app.use('/app/documentation', express.static(path.join(ROOT, 'src/apps/documentation/public')));
+// App shell (unified SPA) is the default landing page at root
+app.use('/', express.static(path.join(ROOT, 'src/public')));
+// ---------------------------------------------------------------------------
+// Rate limiter — per-IP request throttling for sensitive endpoints
+// ---------------------------------------------------------------------------
+const rateLimitState = new Map<string, { count: number; resetAt: number }>();
+function rateLimit(maxRequests: number, windowMs: number) {
+  return (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    const ip = req.ip ?? 'unknown';
+    const now = Date.now();
+    let entry = rateLimitState.get(ip);
+    if (!entry || now > entry.resetAt) {
+      entry = { count: 0, resetAt: now + windowMs };
+      rateLimitState.set(ip, entry);
+    }
+    entry.count++;
+    if (entry.count > maxRequests) {
+      res.status(429).json({ error: 'Too many requests' });
+      return;
+    }
+    next();
+  };
+}
+// Clean up stale entries periodically
+setInterval(() => {
+  const now = Date.now();
+  for (const [key, entry] of rateLimitState) {
+    if (now > entry.resetAt) rateLimitState.delete(key);
+  }
+}, 60_000);
+// ---------------------------------------------------------------------------
+// No auth middleware — local-only dev tool; CORS handles access control.
+// ---------------------------------------------------------------------------
+// ---------------------------------------------------------------------------
+// Devtools — serves /__devtools.js with inlined sniffer + runner.
+// Placed after auth to prevent unauthenticated path disclosure.
+// ---------------------------------------------------------------------------
+app.get('/__devtools.js', (_req, res) => {
+  let script = `window.__devglideSnifferConfig=${JSON.stringify({
+    serverOrigin: `http://localhost:${PORT}`,
+    targetPath: path.join(LOGS_DIR, 'devglide-console.log'),
+    persistent: true,
+    allowedTypes: {},
+  })};\n`;
+  script += `window.__devglideRunnerConfig=${JSON.stringify({
+    serverOrigin: `http://localhost:${PORT}`,
+    target: ROOT,
+  })};\n`;
+  script += snifferSource + '\n' + runnerSource;
+  res.type('application/javascript').send(script);
+});
+app.get('/devtools.js', (req, res) => {
+  const dir = (req.query.target as string) || getActiveProject()?.path;
+  if (!dir) {
+    return res.type('application/javascript').send('/* devtools: no target */');
+  }
+  let script = `window.__devglideSnifferConfig=${JSON.stringify({
+    serverOrigin: `http://localhost:${PORT}`,
+    targetPath: path.join(LOGS_DIR, path.basename(dir) + '-console.log'),
+    persistent: true,
+    allowedTypes: {},
+  })};\n`;
+  script += `window.__devglideRunnerConfig=${JSON.stringify({
+    serverOrigin: `http://localhost:${PORT}`,
+    target: dir,
+  })};\n`;
+  script += snifferSource + '\n' + runnerSource;
+  res.type('application/javascript').send(script);
+});
+// ---------------------------------------------------------------------------
+// API routers
+// ---------------------------------------------------------------------------
+app.use('/api/dashboard', dashboardRouter);
+app.use('/api/kanban', kanbanRouter);
+app.use('/api/log', logRouter);
+app.use('/api/test', testRouter);
+app.use('/api/shell', rateLimit(100, 60_000), shellRouter);
+app.use('/api/coder', coderRouter);
+app.use('/api/workflow', workflowRouter);
+app.use('/api/voice', rateLimit(30, 60_000), voiceRouter);
+app.use('/api/vocabulary', vocabularyRouter);
+app.use('/api/prompts', promptsRouter);
+app.use('/', rateLimit(60, 60_000), shellRouter);  // /preview, /proxy
+// ---------------------------------------------------------------------------
+// MCP endpoints
+// ---------------------------------------------------------------------------
+mountMcpHttp(app, () => createKanbanMcpServer(), '/mcp/kanban');
+mountMcpHttp(app, createLogMcpServer, '/mcp/log');
+mountMcpHttp(app, createTestMcpServer, '/mcp/test');
+mountMcpHttp(app, createVoiceMcpServer, '/mcp/voice');
+mountMcpHttp(app, createWorkflowMcpServer, '/mcp/workflow');
+mountMcpHttp(app, createVocabularyMcpServer, '/mcp/vocabulary');
+mountMcpHttp(app, createPromptsMcpServer, '/mcp/prompts');
+mountShellMcp(app, '/mcp/shell');
+// ---------------------------------------------------------------------------
+// Socket.io namespaces
+// ---------------------------------------------------------------------------
+// Dashboard and shell events use the default namespace for backward
+// compatibility — the iframe-loaded frontends connect with io() which
+// hits the default namespace.  The event names don't conflict (dashboard
+// uses project:*, shell uses terminal:*/state:*/browser:*).
+initDashboard(io.of('/'));
+initShell(io.of('/'));
+// ---------------------------------------------------------------------------
+// Service initialization
+// ---------------------------------------------------------------------------
+async function bootstrap() {
+  initLog();
+  // Register the server log session directly (same process — no HTTP needed).
+  // The sniffer's initial SESSION_START POST fires before the server is listening,
+  // so this ensures the session is always discoverable in the log UI.
+  const serverLogPath = path.join(ROOT, 'server.log');
+  recordSession({
+    type: 'SESSION_START',
+    session: 'devglide-server',
+    ts: new Date().toISOString(),
+    url: 'server://devglide',
+    ua: `node/${process.version}`,
+    persistent: true,
+    targetPath: serverLogPath,
+  });
+  await initTest();
+  initWorkflow();
+  // Restore active project from persistent store
+  const stored = getStoredProject();
+  if (stored) setActiveProject(stored);
+  // Start listening
+  httpServer.listen(PORT, () => {
+    console.log(`[devglide] unified server listening on http://localhost:${PORT}`);
+  });
+}
+bootstrap().catch((err) => {
+  console.error('[devglide] bootstrap failed:', err);
+  process.exit(1);
+});
+// ---------------------------------------------------------------------------
+// Graceful shutdown
+// ---------------------------------------------------------------------------
+function shutdown() {
+  console.log('[devglide] shutting down...');
+  shutdownLog();
+  shutdownTest();
+  shutdownWorkflow();
+  shutdownShell();
+  io.close();
+  httpServer.close(() => {
+    console.log('[devglide] server closed');
+    process.exit(0);
+  });
+  // Force exit after 5 s if open connections prevent graceful shutdown
+  setTimeout(() => {
+    console.warn('[devglide] forced exit — open connections did not close in time');
+    process.exit(1);
+  }, 5000).unref();
+}
+process.on('SIGINT', shutdown);
+process.on('SIGTERM', shutdown);