npm - dominds - Versions diffs - 0.1.0 - Mend

dominds 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (273) hide show

package/LICENSE +157 -0
package/README.md +250 -0
package/README.zh.md +161 -0
package/dist/access-control.js +253 -0
package/dist/cli/create.js +263 -0
package/dist/cli/read.js +84 -0
package/dist/cli/tui.js +199 -0
package/dist/cli/webui.js +169 -0
package/dist/cli.js +227 -0
package/dist/dialog-factory.js +53 -0
package/dist/dialog-global-registry.js +68 -0
package/dist/dialog-instance-registry.js +78 -0
package/dist/dialog-run-state.js +198 -0
package/dist/dialog.js +1024 -0
package/dist/evt-registry.js +103 -0
package/dist/index.js +8 -0
package/dist/llm/client.js +69 -0
package/dist/llm/defaults.yaml +386 -0
package/dist/llm/driver.js +3214 -0
package/dist/llm/gen/anthropic.js +611 -0
package/dist/llm/gen/codex.js +375 -0
package/dist/llm/gen/mock.js +326 -0
package/dist/llm/gen/openai.js +470 -0
package/dist/llm/gen/registry.js +26 -0
package/dist/llm/gen.js +2 -0
package/dist/llm/tools-projection.js +37 -0
package/dist/log.js +228 -0
package/dist/mcp/config.js +230 -0
package/dist/mcp/sdk-client.js +129 -0
package/dist/mcp/server-runtime.js +57 -0
package/dist/mcp/stdio-client.js +280 -0
package/dist/mcp/supervisor.js +979 -0
package/dist/mcp/tool-names.js +109 -0
package/dist/minds/builtin/cmdr/persona.md +3 -0
package/dist/minds/builtin/dijiang/knowledge.md +287 -0
package/dist/minds/builtin/dijiang/persona.md +7 -0
package/dist/minds/builtin/fuxi/persona.en.md +59 -0
package/dist/minds/builtin/fuxi/persona.zh.md +49 -0
package/dist/minds/builtin/pangu/persona.en.md +78 -0
package/dist/minds/builtin/pangu/persona.zh.md +71 -0
package/dist/minds/load.js +617 -0
package/dist/minds/minds-i18n.js +131 -0
package/dist/minds/system-prompt.js +281 -0
package/dist/persistence.js +3128 -0
package/dist/problems.js +109 -0
package/dist/server/api-routes.js +1031 -0
package/dist/server/auth.js +180 -0
package/dist/server/mime-types.js +32 -0
package/dist/server/prompts-routes.js +543 -0
package/dist/server/server-core.js +235 -0
package/dist/server/setup-routes.js +697 -0
package/dist/server/static-server.js +132 -0
package/dist/server/websocket-handler.js +1011 -0
package/dist/server.js +164 -0
package/dist/shared/async-fifo-mutex.js +36 -0
package/dist/shared/diligence.js +20 -0
package/dist/shared/dotenv.js +144 -0
package/dist/shared/evt.js +195 -0
package/dist/shared/i18n/driver-messages.js +267 -0
package/dist/shared/i18n/text.js +9 -0
package/dist/shared/i18n/tool-result-messages.js +51 -0
package/dist/shared/rtws-cli.js +73 -0
package/dist/shared/runtime-language.js +47 -0
package/dist/shared/team-mgmt-manual.js +116 -0
package/dist/shared/types/context-health.js +2 -0
package/dist/shared/types/dialog.js +11 -0
package/dist/shared/types/i18n.js +2 -0
package/dist/shared/types/index.js +26 -0
package/dist/shared/types/language.js +40 -0
package/dist/shared/types/problems.js +2 -0
package/dist/shared/types/prompts.js +2 -0
package/dist/shared/types/q4h.js +7 -0
package/dist/shared/types/run-state.js +8 -0
package/dist/shared/types/setup.js +2 -0
package/dist/shared/types/storage.js +10 -0
package/dist/shared/types/tellask.js +8 -0
package/dist/shared/types/tools-registry.js +2 -0
package/dist/shared/types/wire.js +12 -0
package/dist/shared/utils/fmt.js +9 -0
package/dist/shared/utils/html.js +20 -0
package/dist/shared/utils/id.js +18 -0
package/dist/shared/utils/inter-dialog-format.js +101 -0
package/dist/shared/utils/time.js +13 -0
package/dist/static/assets/KaTeX_AMS-Regular-BQhdFMY1.woff2 +0 -0
package/dist/static/assets/KaTeX_AMS-Regular-DMm9YOAa.woff +0 -0
package/dist/static/assets/KaTeX_AMS-Regular-DRggAlZN.ttf +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Bold-ATXxdsX0.ttf +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Bold-BEiXGLvX.woff +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Bold-Dq_IR9rO.woff2 +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Regular-CTRA-rTL.woff +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Regular-Di6jR-x-.woff2 +0 -0
package/dist/static/assets/KaTeX_Caligraphic-Regular-wX97UBjC.ttf +0 -0
package/dist/static/assets/KaTeX_Fraktur-Bold-BdnERNNW.ttf +0 -0
package/dist/static/assets/KaTeX_Fraktur-Bold-BsDP51OF.woff +0 -0
package/dist/static/assets/KaTeX_Fraktur-Bold-CL6g_b3V.woff2 +0 -0
package/dist/static/assets/KaTeX_Fraktur-Regular-CB_wures.ttf +0 -0
package/dist/static/assets/KaTeX_Fraktur-Regular-CTYiF6lA.woff2 +0 -0
package/dist/static/assets/KaTeX_Fraktur-Regular-Dxdc4cR9.woff +0 -0
package/dist/static/assets/KaTeX_Main-Bold-Cx986IdX.woff2 +0 -0
package/dist/static/assets/KaTeX_Main-Bold-Jm3AIy58.woff +0 -0
package/dist/static/assets/KaTeX_Main-Bold-waoOVXN0.ttf +0 -0
package/dist/static/assets/KaTeX_Main-BoldItalic-DxDJ3AOS.woff2 +0 -0
package/dist/static/assets/KaTeX_Main-BoldItalic-DzxPMmG6.ttf +0 -0
package/dist/static/assets/KaTeX_Main-BoldItalic-SpSLRI95.woff +0 -0
package/dist/static/assets/KaTeX_Main-Italic-3WenGoN9.ttf +0 -0
package/dist/static/assets/KaTeX_Main-Italic-BMLOBm91.woff +0 -0
package/dist/static/assets/KaTeX_Main-Italic-NWA7e6Wa.woff2 +0 -0
package/dist/static/assets/KaTeX_Main-Regular-B22Nviop.woff2 +0 -0
package/dist/static/assets/KaTeX_Main-Regular-Dr94JaBh.woff +0 -0
package/dist/static/assets/KaTeX_Main-Regular-ypZvNtVU.ttf +0 -0
package/dist/static/assets/KaTeX_Math-BoldItalic-B3XSjfu4.ttf +0 -0
package/dist/static/assets/KaTeX_Math-BoldItalic-CZnvNsCZ.woff2 +0 -0
package/dist/static/assets/KaTeX_Math-BoldItalic-iY-2wyZ7.woff +0 -0
package/dist/static/assets/KaTeX_Math-Italic-DA0__PXp.woff +0 -0
package/dist/static/assets/KaTeX_Math-Italic-flOr_0UB.ttf +0 -0
package/dist/static/assets/KaTeX_Math-Italic-t53AETM-.woff2 +0 -0
package/dist/static/assets/KaTeX_SansSerif-Bold-CFMepnvq.ttf +0 -0
package/dist/static/assets/KaTeX_SansSerif-Bold-D1sUS0GD.woff2 +0 -0
package/dist/static/assets/KaTeX_SansSerif-Bold-DbIhKOiC.woff +0 -0
package/dist/static/assets/KaTeX_SansSerif-Italic-C3H0VqGB.woff2 +0 -0
package/dist/static/assets/KaTeX_SansSerif-Italic-DN2j7dab.woff +0 -0
package/dist/static/assets/KaTeX_SansSerif-Italic-YYjJ1zSn.ttf +0 -0
package/dist/static/assets/KaTeX_SansSerif-Regular-BNo7hRIc.ttf +0 -0
package/dist/static/assets/KaTeX_SansSerif-Regular-CS6fqUqJ.woff +0 -0
package/dist/static/assets/KaTeX_SansSerif-Regular-DDBCnlJ7.woff2 +0 -0
package/dist/static/assets/KaTeX_Script-Regular-C5JkGWo-.ttf +0 -0
package/dist/static/assets/KaTeX_Script-Regular-D3wIWfF6.woff2 +0 -0
package/dist/static/assets/KaTeX_Script-Regular-D5yQViql.woff +0 -0
package/dist/static/assets/KaTeX_Size1-Regular-C195tn64.woff +0 -0
package/dist/static/assets/KaTeX_Size1-Regular-Dbsnue_I.ttf +0 -0
package/dist/static/assets/KaTeX_Size1-Regular-mCD8mA8B.woff2 +0 -0
package/dist/static/assets/KaTeX_Size2-Regular-B7gKUWhC.ttf +0 -0
package/dist/static/assets/KaTeX_Size2-Regular-Dy4dx90m.woff2 +0 -0
package/dist/static/assets/KaTeX_Size2-Regular-oD1tc_U0.woff +0 -0
package/dist/static/assets/KaTeX_Size3-Regular-CTq5MqoE.woff +0 -0
package/dist/static/assets/KaTeX_Size3-Regular-DgpXs0kz.ttf +0 -0
package/dist/static/assets/KaTeX_Size4-Regular-BF-4gkZK.woff +0 -0
package/dist/static/assets/KaTeX_Size4-Regular-DWFBv043.ttf +0 -0
package/dist/static/assets/KaTeX_Size4-Regular-Dl5lxZxV.woff2 +0 -0
package/dist/static/assets/KaTeX_Typewriter-Regular-C0xS9mPB.woff +0 -0
package/dist/static/assets/KaTeX_Typewriter-Regular-CO6r4hn1.woff2 +0 -0
package/dist/static/assets/KaTeX_Typewriter-Regular-D3Ib7_Hf.ttf +0 -0
package/dist/static/assets/_baseUniq-Crfl3d5Y.js +661 -0
package/dist/static/assets/_baseUniq-Crfl3d5Y.js.map +1 -0
package/dist/static/assets/arc-CbA_x9GD.js +132 -0
package/dist/static/assets/arc-CbA_x9GD.js.map +1 -0
package/dist/static/assets/architectureDiagram-VXUJARFQ-lcFS8ZQJ.js +8685 -0
package/dist/static/assets/architectureDiagram-VXUJARFQ-lcFS8ZQJ.js.map +1 -0
package/dist/static/assets/blockDiagram-VD42YOAC-B3Q36qRc.js +3608 -0
package/dist/static/assets/blockDiagram-VD42YOAC-B3Q36qRc.js.map +1 -0
package/dist/static/assets/c4Diagram-YG6GDRKO-Mt-aq3VH.js +2482 -0
package/dist/static/assets/c4Diagram-YG6GDRKO-Mt-aq3VH.js.map +1 -0
package/dist/static/assets/channel-BVr1Yke-.js +8 -0
package/dist/static/assets/channel-BVr1Yke-.js.map +1 -0
package/dist/static/assets/chunk-4BX2VUAB-qCIn5Iic.js +17 -0
package/dist/static/assets/chunk-4BX2VUAB-qCIn5Iic.js.map +1 -0
package/dist/static/assets/chunk-55IACEB6-q172NeCV.js +14 -0
package/dist/static/assets/chunk-55IACEB6-q172NeCV.js.map +1 -0
package/dist/static/assets/chunk-B4BG7PRW-CMJmtYzq.js +1827 -0
package/dist/static/assets/chunk-B4BG7PRW-CMJmtYzq.js.map +1 -0
package/dist/static/assets/chunk-DI55MBZ5-DiuwwZPL.js +1916 -0
package/dist/static/assets/chunk-DI55MBZ5-DiuwwZPL.js.map +1 -0
package/dist/static/assets/chunk-FMBD7UC4-06sqZTTn.js +20 -0
package/dist/static/assets/chunk-FMBD7UC4-06sqZTTn.js.map +1 -0
package/dist/static/assets/chunk-QN33PNHL-CnpBNkpP.js +25 -0
package/dist/static/assets/chunk-QN33PNHL-CnpBNkpP.js.map +1 -0
package/dist/static/assets/chunk-QZHKN3VN-CNgjMR-e.js +18 -0
package/dist/static/assets/chunk-QZHKN3VN-CNgjMR-e.js.map +1 -0
package/dist/static/assets/chunk-TZMSLE5B-BxtzW6--.js +109 -0
package/dist/static/assets/chunk-TZMSLE5B-BxtzW6--.js.map +1 -0
package/dist/static/assets/classDiagram-2ON5EDUG-29huvmn-.js +23 -0
package/dist/static/assets/classDiagram-2ON5EDUG-29huvmn-.js.map +1 -0
package/dist/static/assets/classDiagram-v2-WZHVMYZB-29huvmn-.js +23 -0
package/dist/static/assets/classDiagram-v2-WZHVMYZB-29huvmn-.js.map +1 -0
package/dist/static/assets/clone-D2OgLSSn.js +9 -0
package/dist/static/assets/clone-D2OgLSSn.js.map +1 -0
package/dist/static/assets/cose-bilkent-S5V4N54A-BNegDCxl.js +4943 -0
package/dist/static/assets/cose-bilkent-S5V4N54A-BNegDCxl.js.map +1 -0
package/dist/static/assets/cytoscape.esm-Bm8DJGmZ.js +30240 -0
package/dist/static/assets/cytoscape.esm-Bm8DJGmZ.js.map +1 -0
package/dist/static/assets/dagre-6UL2VRFP-f1XrTRSn.js +695 -0
package/dist/static/assets/dagre-6UL2VRFP-f1XrTRSn.js.map +1 -0
package/dist/static/assets/defaultLocale-DVr69WTU.js +207 -0
package/dist/static/assets/defaultLocale-DVr69WTU.js.map +1 -0
package/dist/static/assets/diagram-PSM6KHXK-8w1WbeDi.js +849 -0
package/dist/static/assets/diagram-PSM6KHXK-8w1WbeDi.js.map +1 -0
package/dist/static/assets/diagram-QEK2KX5R-CF4wtMmR.js +303 -0
package/dist/static/assets/diagram-QEK2KX5R-CF4wtMmR.js.map +1 -0
package/dist/static/assets/diagram-S2PKOQOG-8p3Avgn2.js +213 -0
package/dist/static/assets/diagram-S2PKOQOG-8p3Avgn2.js.map +1 -0
package/dist/static/assets/erDiagram-Q2GNP2WA-BMKLxlM9.js +1159 -0
package/dist/static/assets/erDiagram-Q2GNP2WA-BMKLxlM9.js.map +1 -0
package/dist/static/assets/favicon-Cmg5RbCj.svg +8 -0
package/dist/static/assets/flowDiagram-NV44I4VS-CgEuPNK2.js +2332 -0
package/dist/static/assets/flowDiagram-NV44I4VS-CgEuPNK2.js.map +1 -0
package/dist/static/assets/ganttDiagram-JELNMOA3-bJkDCf-9.js +3681 -0
package/dist/static/assets/ganttDiagram-JELNMOA3-bJkDCf-9.js.map +1 -0
package/dist/static/assets/gitGraphDiagram-NY62KEGX-4QE9kesp.js +1206 -0
package/dist/static/assets/gitGraphDiagram-NY62KEGX-4QE9kesp.js.map +1 -0
package/dist/static/assets/graph-CS0Pmm7c.js +597 -0
package/dist/static/assets/graph-CS0Pmm7c.js.map +1 -0
package/dist/static/assets/index-BS6HnGzC.js +112303 -0
package/dist/static/assets/index-BS6HnGzC.js.map +1 -0
package/dist/static/assets/index-DaIsSzC_.css +483 -0
package/dist/static/assets/infoDiagram-WHAUD3N6-ypBcKfUs.js +34 -0
package/dist/static/assets/infoDiagram-WHAUD3N6-ypBcKfUs.js.map +1 -0
package/dist/static/assets/init-ZxktEp_H.js +17 -0
package/dist/static/assets/init-ZxktEp_H.js.map +1 -0
package/dist/static/assets/journeyDiagram-XKPGCS4Q-QnrxDowJ.js +1255 -0
package/dist/static/assets/journeyDiagram-XKPGCS4Q-QnrxDowJ.js.map +1 -0
package/dist/static/assets/kanban-definition-3W4ZIXB7-CfvEc4z5.js +1048 -0
package/dist/static/assets/kanban-definition-3W4ZIXB7-CfvEc4z5.js.map +1 -0
package/dist/static/assets/layout-8TGxpm23.js +2218 -0
package/dist/static/assets/layout-8TGxpm23.js.map +1 -0
package/dist/static/assets/linear-BATBPQQv.js +341 -0
package/dist/static/assets/linear-BATBPQQv.js.map +1 -0
package/dist/static/assets/min-B3oVH3AC.js +42 -0
package/dist/static/assets/min-B3oVH3AC.js.map +1 -0
package/dist/static/assets/mindmap-definition-VGOIOE7T-L7VLwwF8.js +1127 -0
package/dist/static/assets/mindmap-definition-VGOIOE7T-L7VLwwF8.js.map +1 -0
package/dist/static/assets/ordinal-CxptdPJm.js +77 -0
package/dist/static/assets/ordinal-CxptdPJm.js.map +1 -0
package/dist/static/assets/pieDiagram-ADFJNKIX-CFW3zIhM.js +241 -0
package/dist/static/assets/pieDiagram-ADFJNKIX-CFW3zIhM.js.map +1 -0
package/dist/static/assets/quadrantDiagram-AYHSOK5B-B7ssen3E.js +1338 -0
package/dist/static/assets/quadrantDiagram-AYHSOK5B-B7ssen3E.js.map +1 -0
package/dist/static/assets/requirementDiagram-UZGBJVZJ-D0v5BArv.js +1162 -0
package/dist/static/assets/requirementDiagram-UZGBJVZJ-D0v5BArv.js.map +1 -0
package/dist/static/assets/sankeyDiagram-TZEHDZUN-B7slncJe.js +1195 -0
package/dist/static/assets/sankeyDiagram-TZEHDZUN-B7slncJe.js.map +1 -0
package/dist/static/assets/sequenceDiagram-WL72ISMW-oXU2lRh_.js +3875 -0
package/dist/static/assets/sequenceDiagram-WL72ISMW-oXU2lRh_.js.map +1 -0
package/dist/static/assets/stateDiagram-FKZM4ZOC-CFYsEd0x.js +452 -0
package/dist/static/assets/stateDiagram-FKZM4ZOC-CFYsEd0x.js.map +1 -0
package/dist/static/assets/stateDiagram-v2-4FDKWEC3-C0UWaNA7.js +22 -0
package/dist/static/assets/stateDiagram-v2-4FDKWEC3-C0UWaNA7.js.map +1 -0
package/dist/static/assets/timeline-definition-IT6M3QCI-C3KODUrh.js +1223 -0
package/dist/static/assets/timeline-definition-IT6M3QCI-C3KODUrh.js.map +1 -0
package/dist/static/assets/treemap-KMMF4GRG-DAGDLhj2.js +18753 -0
package/dist/static/assets/treemap-KMMF4GRG-DAGDLhj2.js.map +1 -0
package/dist/static/assets/xychartDiagram-PRI3JC2R-C0J9iwTO.js +1888 -0
package/dist/static/assets/xychartDiagram-PRI3JC2R-C0J9iwTO.js.map +1 -0
package/dist/static/index.html +71 -0
package/dist/static/testing/dom-observation-utils.js +425 -0
package/dist/static/testing/e2e-test-helper.js +3119 -0
package/dist/team.js +1160 -0
package/dist/tellask.js +431 -0
package/dist/tool.js +150 -0
package/dist/tools/apply-patch.js +542 -0
package/dist/tools/builtins.js +196 -0
package/dist/tools/context-health.js +177 -0
package/dist/tools/ctrl.js +478 -0
package/dist/tools/diag.js +583 -0
package/dist/tools/env.js +184 -0
package/dist/tools/fs.js +818 -0
package/dist/tools/mcp.js +138 -0
package/dist/tools/mem.js +349 -0
package/dist/tools/os.js +751 -0
package/dist/tools/prompts/team_mgmt.en.md +70 -0
package/dist/tools/prompts/team_mgmt.zh.md +70 -0
package/dist/tools/prompts/ws_mod.en.md +86 -0
package/dist/tools/prompts/ws_mod.zh.md +87 -0
package/dist/tools/registry-snapshot.js +31 -0
package/dist/tools/registry.js +121 -0
package/dist/tools/ripgrep.js +678 -0
package/dist/tools/team-mgmt.js +3300 -0
package/dist/tools/txt.js +3178 -0
package/dist/utils/id.js +72 -0
package/dist/utils/task-doc.js +236 -0
package/dist/utils/task-package.js +522 -0
package/dist/utils/taskdoc-search.js +280 -0
package/dist/utils/taskdoc.js +400 -0
package/package.json +69 -0

package/dist/server/auth.js ADDED Viewed

@@ -0,0 +1,180 @@
+"use strict";
+/**
+ * Module: server/auth
+ *
+ * Production-safe shared-secret authentication for Dominds.
+ *
+ * - Dev mode: always disabled.
+ * - Prod mode:
+ *   - DOMINDS_AUTH_KEY unset: enabled with generated key
+ *   - DOMINDS_AUTH_KEY empty string: disabled
+ *   - DOMINDS_AUTH_KEY non-empty: enabled with provided key verbatim
+ *
+ * HTTP: Authorization: Bearer <auth-key>
+ * WebSocket: prefers Authorization header, otherwise accepts a token in
+ * Sec-WebSocket-Protocol as "dominds-auth.<auth-key>" (plain text).
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.computeAuthConfig = computeAuthConfig;
+exports.isAuthEnabled = isAuthEnabled;
+exports.getHttpAuthCheck = getHttpAuthCheck;
+exports.getWebSocketAuthCheck = getWebSocketAuthCheck;
+exports.formatAutoAuthUrl = formatAutoAuthUrl;
+const crypto = __importStar(require("crypto"));
+function computeAuthConfig(params) {
+    if (params.mode === 'development')
+        return { kind: 'disabled' };
+    const raw = params.env.DOMINDS_AUTH_KEY;
+    if (raw === undefined) {
+        const key = generateAuthKey();
+        // Generated key is base64url, which is safe for WebSocket subprotocol tokens.
+        return { kind: 'enabled', key, source: 'generated' };
+    }
+    if (raw === '')
+        return { kind: 'disabled' };
+    if (!isWebSocketSubprotocolTokenSafe(raw)) {
+        throw new Error('DOMINDS_AUTH_KEY must be a plain-text token-safe string (RFC 7230 tchar set) so it can be used in WebSocket subprotocols.');
+    }
+    return { kind: 'enabled', key: raw, source: 'env' };
+}
+function isAuthEnabled(auth) {
+    return auth.kind === 'enabled';
+}
+function getHttpAuthCheck(req, auth) {
+    if (auth.kind === 'disabled')
+        return { kind: 'ok' };
+    const header = getSingleHeaderValue(req.headers.authorization);
+    if (!header)
+        return { kind: 'unauthorized', reason: 'missing' };
+    const parsed = parseBearerAuthHeader(header);
+    if (!parsed)
+        return { kind: 'unauthorized', reason: 'invalid' };
+    return constantTimeEqual(parsed.token, auth.key)
+        ? { kind: 'ok' }
+        : { kind: 'unauthorized', reason: 'invalid' };
+}
+function getWebSocketAuthCheck(req, auth) {
+    if (auth.kind === 'disabled')
+        return { kind: 'ok' };
+    // Prefer true Authorization header when available (Node clients can set this).
+    const header = getSingleHeaderValue(req.headers.authorization);
+    if (header) {
+        const parsed = parseBearerAuthHeader(header);
+        if (parsed && constantTimeEqual(parsed.token, auth.key))
+            return { kind: 'ok' };
+        return { kind: 'unauthorized', reason: 'invalid' };
+    }
+    // Browser clients cannot set Authorization; accept an encoded token via subprotocols.
+    const protocols = getSingleHeaderValue(req.headers['sec-websocket-protocol']);
+    if (!protocols)
+        return { kind: 'unauthorized', reason: 'missing' };
+    const token = extractAuthKeyFromWebSocketProtocols(protocols);
+    if (!token)
+        return { kind: 'unauthorized', reason: 'invalid' };
+    return constantTimeEqual(token, auth.key)
+        ? { kind: 'ok' }
+        : { kind: 'unauthorized', reason: 'invalid' };
+}
+function formatAutoAuthUrl(params) {
+    const visibleHost = normalizeHostForUrl(params.host);
+    return `http://${visibleHost}:${params.port}/?auth=${encodeURIComponent(params.authKey)}`;
+}
+function normalizeHostForUrl(host) {
+    // Binding to 0.0.0.0/:: is common, but not a browsable "host".
+    if (host === '0.0.0.0' || host === '::')
+        return 'localhost';
+    return host;
+}
+function generateAuthKey() {
+    // 256-bit random, base64url output is URL-safe.
+    return crypto.randomBytes(32).toString('base64url');
+}
+function getSingleHeaderValue(value) {
+    if (typeof value === 'string')
+        return value;
+    if (Array.isArray(value))
+        return value[0];
+    return undefined;
+}
+function parseBearerAuthHeader(header) {
+    // Exact scheme match. Do not trim or normalize token; token is opaque.
+    const prefix = 'Bearer ';
+    if (!header.startsWith(prefix))
+        return undefined;
+    const token = header.slice(prefix.length);
+    if (token === '')
+        return undefined;
+    return { token };
+}
+function extractAuthKeyFromWebSocketProtocols(headerValue) {
+    // Header is a comma-separated list.
+    const protocols = headerValue
+        .split(',')
+        .map((s) => s.trim())
+        .filter((s) => s !== '');
+    for (const p of protocols) {
+        const decoded = decodeAuthKeyProtocol(p);
+        if (decoded)
+            return decoded;
+    }
+    return undefined;
+}
+function decodeAuthKeyProtocol(protocol) {
+    const prefix = 'dominds-auth.';
+    if (!protocol.startsWith(prefix))
+        return undefined;
+    const key = protocol.slice(prefix.length);
+    if (key === '')
+        return undefined;
+    if (!isWebSocketSubprotocolTokenSafe(key))
+        return undefined;
+    return key;
+}
+function isWebSocketSubprotocolTokenSafe(value) {
+    // WebSocket subprotocols are HTTP tokens. Require RFC 7230 "tchar" only.
+    // tchar = "!" / "#" / "$" / "%" / "&" / "'" / "*" / "+" / "-" / "." /
+    //         "^" / "_" / "`" / "|" / "~" / DIGIT / ALPHA
+    return /^[!#$%&'*+\-.^_`|~0-9A-Za-z]+$/.test(value);
+}
+function constantTimeEqual(a, b) {
+    const aBuf = Buffer.from(a, 'utf8');
+    const bBuf = Buffer.from(b, 'utf8');
+    const maxLen = Math.max(aBuf.length, bBuf.length);
+    const aPadded = maxLen === aBuf.length ? aBuf : Buffer.concat([aBuf, Buffer.alloc(maxLen - aBuf.length)]);
+    const bPadded = maxLen === bBuf.length ? bBuf : Buffer.concat([bBuf, Buffer.alloc(maxLen - bBuf.length)]);
+    const equal = crypto.timingSafeEqual(aPadded, bPadded);
+    return equal && aBuf.length === bBuf.length;
+}

package/dist/server/mime-types.js ADDED Viewed

@@ -0,0 +1,32 @@
+"use strict";
+/**
+ * Module: server/mime-types
+ *
+ * Common MIME type mappings for static file serving
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.MIME_TYPES = void 0;
+exports.getMimeType = getMimeType;
+exports.MIME_TYPES = {
+    '.html': 'text/html; charset=utf-8',
+    '.js': 'application/javascript; charset=utf-8',
+    '.css': 'text/css; charset=utf-8',
+    '.json': 'application/json; charset=utf-8',
+    '.png': 'image/png',
+    '.jpg': 'image/jpeg',
+    '.jpeg': 'image/jpeg',
+    '.gif': 'image/gif',
+    '.svg': 'image/svg+xml',
+    '.ico': 'image/x-icon',
+    '.woff': 'font/woff',
+    '.woff2': 'font/woff2',
+    '.ttf': 'font/ttf',
+    '.eot': 'application/vnd.ms-fontobject',
+    '.map': 'application/json',
+};
+/**
+ * Get MIME type for a file extension
+ */
+function getMimeType(ext) {
+    return exports.MIME_TYPES[ext] || 'application/octet-stream';
+}