edoardo 1.0.0

package/server/standalone.js

@@ -0,0 +1,697 @@
+/**
+ * Standalone Server for Edoardo
+ *
+ * This server combines:
+ * - Static file serving for the frontend (from dist/)
+ * - MCP proxy endpoints for plugin communication
+ * - Serverless-like API routes for plugins
+ *
+ * Used when running as an npm package (edoardo command)
+ */
+
+import express from 'express';
+import cors from 'cors';
+import { spawn } from 'child_process';
+import { fileURLToPath } from 'url';
+import { dirname, join } from 'path';
+import { existsSync, readFileSync } from 'fs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+const rootDir = join(__dirname, '..');
+const distDir = join(rootDir, 'dist');
+
+const app = express();
+const PORT = process.env.PORT || 3001;
+
+// Store for active stdio MCP server processes
+const stdioServers = new Map();
+
+// ============ STATIC FILE SERVING (must be first!) ============
+
+// Serve index.html for root path
+app.get('/', (req, res) => {
+  const indexPath = join(distDir, 'index.html');
+  if (existsSync(indexPath)) {
+    const html = readFileSync(indexPath, 'utf-8');
+    res.type('html').send(html);
+  } else {
+    res.status(404).send('Application not found. Please run "npm run build" first.');
+  }
+});
+
+// Serve static files from dist directory (assets, etc.)
+app.use(express.static(distDir));
+
+// Enable CORS (after static files to avoid CORS issues with assets)
+app.use(cors({
+  origin: true,
+  methods: ['GET', 'POST', 'OPTIONS'],
+  allowedHeaders: ['Content-Type', 'Authorization', 'X-MCP-Endpoint', 'X-MCP-Auth-Type', 'X-MCP-Auth-Token', 'X-MCP-Type', 'X-MCP-Command', 'X-MCP-Args', 'X-MCP-Allowed-Paths'],
+}));
+
+app.use(express.json());
+
+// ============ HEALTH CHECK ============
+
+app.get('/health', (req, res) => {
+  res.json({ status: 'ok', mode: 'standalone', activeStdioServers: stdioServers.size });
+});
+
+// ============ MCP PROXY HELPERS ============
+
+async function parseSSEResponse(response) {
+  const text = await response.text();
+  const lines = text.split('\n');
+  let result = null;
+  let dataBuffer = '';
+
+  for (const line of lines) {
+    if (line.startsWith('data:')) {
+      const dataStr = line.slice(5).trim();
+      if (dataStr && dataStr !== '[DONE]') {
+        dataBuffer += dataStr;
+      }
+      continue;
+    }
+    if (line.trim() === '' && dataBuffer) {
+      try {
+        const parsed = JSON.parse(dataBuffer);
+        if (parsed.result !== undefined || parsed.error !== undefined || parsed.id !== undefined) {
+          result = parsed;
+        }
+      } catch (e) {}
+      dataBuffer = '';
+    }
+  }
+
+  if (dataBuffer) {
+    try {
+      const parsed = JSON.parse(dataBuffer);
+      if (parsed.result !== undefined || parsed.error !== undefined || parsed.id !== undefined) {
+        result = parsed;
+      }
+    } catch (e) {}
+  }
+
+  return result;
+}
+
+async function handleMcpResponse(response) {
+  const contentType = response.headers.get('content-type') || '';
+  if (contentType.includes('text/event-stream')) {
+    return await parseSSEResponse(response);
+  } else {
+    return await response.json();
+  }
+}
+
+async function initHttpMcpSession(endpoint, headers) {
+  try {
+    const initRes = await fetch(endpoint, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        id: 0,
+        method: 'initialize',
+        params: {
+          protocolVersion: '2024-11-05',
+          capabilities: {},
+          clientInfo: { name: 'edoardo', version: '1.0.0' }
+        }
+      })
+    });
+
+    const sessionId = initRes.headers.get('mcp-session-id');
+
+    if (initRes.ok) {
+      await handleMcpResponse(initRes);
+    } else {
+      return null;
+    }
+
+    const notifHeaders = { ...headers };
+    if (sessionId) notifHeaders['Mcp-Session-Id'] = sessionId;
+
+    await fetch(endpoint, {
+      method: 'POST',
+      headers: notifHeaders,
+      body: JSON.stringify({
+        jsonrpc: '2.0',
+        method: 'notifications/initialized'
+      })
+    }).then(res => res.text()).catch(() => {});
+
+    return sessionId;
+  } catch (err) {
+    return null;
+  }
+}
+
+// ============ STDIO MCP SERVER CLASS ============
+
+class StdioMcpServer {
+  constructor(command, args, env = {}) {
+    this.command = command;
+    this.args = args;
+    this.env = env;
+    this.process = null;
+    this.messageId = 0;
+    this.pendingRequests = new Map();
+    this.buffer = '';
+    this.initialized = false;
+  }
+
+  async start() {
+    return new Promise((resolve, reject) => {
+      const enhancedEnv = {
+        ...process.env,
+        ...this.env,
+        PATH: `${process.env.HOME}/.local/bin:${process.env.PATH}`
+      };
+
+      this.process = spawn(this.command, this.args, {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        shell: true,
+        env: enhancedEnv,
+      });
+
+      this.process.stdout.on('data', (data) => {
+        this.handleData(data.toString());
+      });
+
+      this.process.stderr.on('data', (data) => {
+        const output = data.toString().trim();
+        if (output.includes('version') || output.includes('initialized') || output.includes('Starting')) {
+          console.log(`[MCP] ${this.command}: ${output.substring(0, 200)}`);
+        }
+      });
+
+      this.process.on('error', (err) => {
+        reject(err);
+      });
+
+      let startupRejected = false;
+      this.process.on('exit', (code, signal) => {
+        if (!this.initialized && !startupRejected) {
+          startupRejected = true;
+          reject(new Error(`Server exited during startup (code: ${code})`));
+        }
+      });
+
+      this.process.on('close', (code) => {
+        for (const { reject } of this.pendingRequests.values()) {
+          reject(new Error(`Server process exited with code ${code}`));
+        }
+        this.cleanup();
+      });
+
+      setTimeout(async () => {
+        try {
+          await this.initialize();
+          resolve();
+        } catch (err) {
+          reject(err);
+        }
+      }, 1500);
+    });
+  }
+
+  async initialize() {
+    const initResult = await this.sendRequest('initialize', {
+      protocolVersion: '2024-11-05',
+      capabilities: {},
+      clientInfo: { name: 'edoardo', version: '1.0.0' }
+    });
+    this.sendNotification('notifications/initialized', {});
+    this.initialized = true;
+    return initResult;
+  }
+
+  handleData(data) {
+    this.buffer += data;
+    const lines = this.buffer.split('\n');
+    this.buffer = lines.pop() || '';
+
+    for (const line of lines) {
+      if (line.trim()) {
+        try {
+          const message = JSON.parse(line);
+          this.handleMessage(message);
+        } catch (e) {}
+      }
+    }
+  }
+
+  handleMessage(message) {
+    if (message.id !== undefined && this.pendingRequests.has(message.id)) {
+      const { resolve, reject } = this.pendingRequests.get(message.id);
+      this.pendingRequests.delete(message.id);
+      if (message.error) {
+        reject(new Error(message.error.message || 'Unknown error'));
+      } else {
+        resolve(message.result);
+      }
+    }
+  }
+
+  sendRequest(method, params) {
+    return new Promise((resolve, reject) => {
+      const id = ++this.messageId;
+      const request = { jsonrpc: '2.0', id, method, params };
+
+      const timeoutId = setTimeout(() => {
+        if (this.pendingRequests.has(id)) {
+          this.pendingRequests.delete(id);
+          reject(new Error(`Request timeout (method: ${method})`));
+        }
+      }, 30000);
+
+      this.pendingRequests.set(id, {
+        resolve: (result) => { clearTimeout(timeoutId); resolve(result); },
+        reject: (err) => { clearTimeout(timeoutId); reject(err); }
+      });
+
+      try {
+        this.process.stdin.write(JSON.stringify(request) + '\n');
+      } catch (err) {
+        clearTimeout(timeoutId);
+        this.pendingRequests.delete(id);
+        reject(new Error(`Failed to send request: ${err.message}`));
+      }
+    });
+  }
+
+  sendNotification(method, params) {
+    const notification = { jsonrpc: '2.0', method, params };
+    this.process.stdin.write(JSON.stringify(notification) + '\n');
+  }
+
+  async listTools() {
+    return await this.sendRequest('tools/list', {});
+  }
+
+  async callTool(name, args) {
+    return await this.sendRequest('tools/call', { name, arguments: args });
+  }
+
+  cleanup() {
+    this.initialized = false;
+    this.pendingRequests.clear();
+  }
+
+  stop() {
+    if (this.process) {
+      this.process.kill();
+      this.process = null;
+    }
+    this.cleanup();
+  }
+}
+
+async function getOrCreateStdioServer(serverId, command, args, env = {}) {
+  if (stdioServers.has(serverId)) {
+    const server = stdioServers.get(serverId);
+    if (server.process && !server.process.killed) {
+      return server;
+    }
+    stdioServers.delete(serverId);
+  }
+
+  const server = new StdioMcpServer(command, args, env);
+  await server.start();
+  stdioServers.set(serverId, server);
+  return server;
+}
+
+// ============ MCP STDIO ENDPOINTS ============
+
+app.post('/mcp/stdio/start', async (req, res) => {
+  const { serverId, command, args, env } = req.body;
+  if (!serverId || !command) {
+    return res.status(400).json({ error: 'Missing serverId or command' });
+  }
+  try {
+    const server = await getOrCreateStdioServer(serverId, command, args || [], env || {});
+    res.json({ status: 'ok', initialized: server.initialized });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to start server', message: error.message });
+  }
+});
+
+app.post('/mcp/stdio/tools/list', async (req, res) => {
+  const { serverId, command, args, env } = req.body;
+  if (!serverId || !command) {
+    return res.status(400).json({ error: 'Missing serverId or command' });
+  }
+  try {
+    const server = await getOrCreateStdioServer(serverId, command, args || [], env || {});
+    const result = await server.listTools();
+    res.json(result);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to list tools', message: error.message });
+  }
+});
+
+app.post('/mcp/stdio/tools/call', async (req, res) => {
+  const { serverId, command, args, env, toolName, toolArgs } = req.body;
+  if (!serverId || !command || !toolName) {
+    return res.status(400).json({ error: 'Missing required parameters' });
+  }
+  try {
+    const server = await getOrCreateStdioServer(serverId, command, args || [], env || {});
+    const result = await server.callTool(toolName, toolArgs || {});
+    res.json(result);
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to call tool', message: error.message });
+  }
+});
+
+app.post('/mcp/stdio/stop', async (req, res) => {
+  const { serverId } = req.body;
+  if (!serverId) {
+    return res.status(400).json({ error: 'Missing serverId' });
+  }
+  if (stdioServers.has(serverId)) {
+    const server = stdioServers.get(serverId);
+    server.stop();
+    stdioServers.delete(serverId);
+    res.json({ status: 'stopped' });
+  } else {
+    res.json({ status: 'not_found' });
+  }
+});
+
+// ============ MCP HTTP PROXY ENDPOINTS ============
+
+app.post('/mcp/tools/list', async (req, res) => {
+  const endpoint = req.headers['x-mcp-endpoint'];
+  const authType = req.headers['x-mcp-auth-type'];
+  const authToken = req.headers['x-mcp-auth-token'];
+
+  if (!endpoint) {
+    return res.status(400).json({ error: 'Missing X-MCP-Endpoint header' });
+  }
+
+  try {
+    const headers = {
+      'Content-Type': 'application/json',
+      'Accept': 'application/json, text/event-stream',
+    };
+
+    const isLocalhost = endpoint.includes('localhost') || endpoint.includes('127.0.0.1');
+    if (authToken && !isLocalhost && (authType === 'bearer' || authType === 'oauth' || authType === 'api_key')) {
+      headers['Authorization'] = `Bearer ${authToken}`;
+    }
+
+    if (endpoint.includes('notion.com')) {
+      headers['Notion-Version'] = '2022-06-28';
+    }
+
+    if (!isLocalhost) {
+      const sessionId = await initHttpMcpSession(endpoint, headers);
+      if (sessionId) headers['Mcp-Session-Id'] = sessionId;
+    }
+
+    const mcpUrl = isLocalhost ? `${endpoint}/tools/list` : endpoint;
+    const response = await fetch(mcpUrl, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(req.body),
+    });
+
+    const data = await handleMcpResponse(response);
+    if (!data) {
+      return res.status(500).json({ error: 'Failed to parse MCP response' });
+    }
+    res.status(response.status).json(data);
+  } catch (error) {
+    res.status(500).json({ error: 'Proxy request failed', message: error.message });
+  }
+});
+
+app.post('/mcp/tools/call', async (req, res) => {
+  const endpoint = req.headers['x-mcp-endpoint'];
+  const authType = req.headers['x-mcp-auth-type'];
+  const authToken = req.headers['x-mcp-auth-token'];
+
+  if (!endpoint) {
+    return res.status(400).json({ error: 'Missing X-MCP-Endpoint header' });
+  }
+
+  try {
+    const headers = {
+      'Content-Type': 'application/json',
+      'Accept': 'application/json, text/event-stream',
+    };
+
+    if (authToken && (authType === 'bearer' || authType === 'oauth' || authType === 'api_key')) {
+      headers['Authorization'] = `Bearer ${authToken}`;
+    }
+
+    if (endpoint.includes('notion.com')) {
+      headers['Notion-Version'] = '2022-06-28';
+    }
+
+    const isLocalhost = endpoint.includes('localhost') || endpoint.includes('127.0.0.1');
+    if (!isLocalhost) {
+      const sessionId = await initHttpMcpSession(endpoint, headers);
+      if (sessionId) headers['Mcp-Session-Id'] = sessionId;
+    }
+
+    const mcpUrl = isLocalhost ? `${endpoint}/tools/call` : endpoint;
+    const response = await fetch(mcpUrl, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify(req.body),
+    });
+
+    const data = await handleMcpResponse(response);
+    if (!data) {
+      return res.status(500).json({ error: 'Failed to parse MCP response' });
+    }
+    res.status(response.status).json(data);
+  } catch (error) {
+    res.status(500).json({ error: 'Proxy request failed', message: error.message });
+  }
+});
+
+// ============ N8N PLUGIN ROUTES ============
+
+const N8N_TOOLS = [
+  { name: "list_workflows", description: "List all workflows in the n8n instance", inputSchema: { type: "object", properties: { active: { type: "boolean", description: "Filter by active status" }, limit: { type: "integer", description: "Maximum number of workflows to return" } }, required: [] } },
+  { name: "get_workflow", description: "Get details of a specific workflow by ID", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow" } }, required: ["workflow_id"] } },
+  { name: "create_workflow", description: "Create a new workflow", inputSchema: { type: "object", properties: { name: { type: "string", description: "Name of the workflow" }, nodes: { type: "array", description: "Array of node configurations", items: { type: "object", properties: {} } }, connections: { type: "object", description: "Connection mappings between nodes", properties: {} }, settings: { type: "object", description: "Workflow settings", properties: {} } }, required: ["name"] } },
+  { name: "update_workflow", description: "Update an existing workflow", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow" }, name: { type: "string", description: "New name for the workflow" }, nodes: { type: "array", description: "Updated nodes", items: { type: "object", properties: {} } }, connections: { type: "object", description: "Updated connections", properties: {} }, settings: { type: "object", description: "Updated settings", properties: {} } }, required: ["workflow_id"] } },
+  { name: "delete_workflow", description: "Delete a workflow", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow to delete" } }, required: ["workflow_id"] } },
+  { name: "activate_workflow", description: "Activate a workflow for automatic execution", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow to activate" } }, required: ["workflow_id"] } },
+  { name: "deactivate_workflow", description: "Deactivate a workflow", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow to deactivate" } }, required: ["workflow_id"] } },
+  { name: "execute_workflow", description: "Manually execute a workflow", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "The ID of the workflow to execute" }, data: { type: "object", description: "Input data to pass to the workflow", properties: {} } }, required: ["workflow_id"] } },
+  { name: "list_executions", description: "List workflow executions", inputSchema: { type: "object", properties: { workflow_id: { type: "string", description: "Filter by workflow ID" }, status: { type: "string", enum: ["success", "error", "waiting"], description: "Filter by status" }, limit: { type: "integer", description: "Maximum number of executions to return" } }, required: [] } },
+  { name: "get_execution", description: "Get details of a specific execution", inputSchema: { type: "object", properties: { execution_id: { type: "string", description: "The ID of the execution" } }, required: ["execution_id"] } },
+  { name: "delete_execution", description: "Delete an execution record", inputSchema: { type: "object", properties: { execution_id: { type: "string", description: "The ID of the execution to delete" } }, required: ["execution_id"] } },
+  { name: "list_tags", description: "List all tags for organizing workflows", inputSchema: { type: "object", properties: {}, required: [] } },
+  { name: "create_tag", description: "Create a new tag", inputSchema: { type: "object", properties: { name: { type: "string", description: "Name of the tag" } }, required: ["name"] } }
+];
+
+async function handleN8nTool(toolName, toolArgs, env) {
+  const host = env?.N8N_HOST;
+  const apiKey = env?.N8N_API_KEY;
+  if (!host || !apiKey) throw new Error('Missing n8n credentials');
+
+  let baseUrl = host.replace(/\/$/, '');
+  if (!baseUrl.includes('/api/')) {
+    baseUrl = `${baseUrl}/api/v1`;
+  }
+
+  const n8nRequest = async (method, path, body = null) => {
+    const fullUrl = `${baseUrl}${path}`;
+    const options = {
+      method,
+      headers: {
+        'X-N8N-API-KEY': apiKey,
+        'Content-Type': 'application/json',
+        'Accept': 'application/json'
+      }
+    };
+    if (body) options.body = JSON.stringify(body);
+
+    const response = await fetch(fullUrl, options);
+    if (!response.ok) {
+      const errText = await response.text();
+      let errData = {};
+      try { errData = JSON.parse(errText); } catch {}
+      throw new Error(`n8n API error (${response.status}): ${errData.message || errText}`);
+    }
+    return response.json();
+  };
+
+  switch (toolName) {
+    case 'list_workflows': {
+      const params = new URLSearchParams();
+      if (toolArgs.active !== undefined) params.set('active', String(toolArgs.active));
+      if (toolArgs.limit) params.set('limit', String(toolArgs.limit));
+      const queryString = params.toString() ? `?${params.toString()}` : '';
+      const result = await n8nRequest('GET', `/workflows${queryString}`);
+      return { workflows: result.data?.map(w => ({ id: w.id, name: w.name, active: w.active })) || result };
+    }
+    case 'get_workflow': {
+      const result = await n8nRequest('GET', `/workflows/${toolArgs.workflow_id}`);
+      return { id: result.id, name: result.name, active: result.active, nodes: result.nodes?.length || 0 };
+    }
+    case 'create_workflow': {
+      const body = { name: toolArgs.name, nodes: toolArgs.nodes || [], connections: toolArgs.connections || {}, settings: toolArgs.settings || {} };
+      const result = await n8nRequest('POST', '/workflows', body);
+      return { id: result.id, name: result.name, message: 'Workflow created' };
+    }
+    case 'update_workflow': {
+      const body = {};
+      if (toolArgs.name) body.name = toolArgs.name;
+      if (toolArgs.nodes) body.nodes = toolArgs.nodes;
+      if (toolArgs.connections) body.connections = toolArgs.connections;
+      if (toolArgs.settings) body.settings = toolArgs.settings;
+      const result = await n8nRequest('PATCH', `/workflows/${toolArgs.workflow_id}`, body);
+      return { id: result.id, name: result.name, message: 'Workflow updated' };
+    }
+    case 'delete_workflow':
+      await n8nRequest('DELETE', `/workflows/${toolArgs.workflow_id}`);
+      return { success: true, message: 'Workflow deleted' };
+    case 'activate_workflow': {
+      const result = await n8nRequest('PATCH', `/workflows/${toolArgs.workflow_id}`, { active: true });
+      return { id: result.id, active: result.active, message: 'Workflow activated' };
+    }
+    case 'deactivate_workflow': {
+      const result = await n8nRequest('PATCH', `/workflows/${toolArgs.workflow_id}`, { active: false });
+      return { id: result.id, active: result.active, message: 'Workflow deactivated' };
+    }
+    case 'execute_workflow': {
+      const body = toolArgs.data ? { data: toolArgs.data } : {};
+      const result = await n8nRequest('POST', `/workflows/${toolArgs.workflow_id}/run`, body);
+      return { executionId: result.data?.executionId, success: result.data?.finished };
+    }
+    case 'list_executions': {
+      const params = new URLSearchParams();
+      if (toolArgs.workflow_id) params.set('workflowId', toolArgs.workflow_id);
+      if (toolArgs.status) params.set('status', toolArgs.status);
+      if (toolArgs.limit) params.set('limit', String(toolArgs.limit));
+      const queryString = params.toString() ? `?${params.toString()}` : '';
+      const result = await n8nRequest('GET', `/executions${queryString}`);
+      return { executions: result.data?.map(e => ({ id: e.id, workflowId: e.workflowId, status: e.status })) || result };
+    }
+    case 'get_execution': {
+      const result = await n8nRequest('GET', `/executions/${toolArgs.execution_id}`);
+      return { id: result.id, workflowId: result.workflowId, status: result.status };
+    }
+    case 'delete_execution':
+      await n8nRequest('DELETE', `/executions/${toolArgs.execution_id}`);
+      return { success: true, message: 'Execution deleted' };
+    case 'list_tags': {
+      const result = await n8nRequest('GET', '/tags');
+      return { tags: result.data?.map(t => ({ id: t.id, name: t.name })) || result };
+    }
+    case 'create_tag': {
+      const result = await n8nRequest('POST', '/tags', { name: toolArgs.name });
+      return { id: result.id, name: result.name };
+    }
+    default:
+      throw new Error(`Unknown n8n tool: ${toolName}`);
+  }
+}
+
+app.post('/plugins/n8n/list', async (req, res) => {
+  res.json({ tools: N8N_TOOLS });
+});
+
+app.post('/plugins/n8n/call', async (req, res) => {
+  const { toolName, toolArgs, env } = req.body;
+  if (!toolName) {
+    return res.status(400).json({ error: 'Missing toolName' });
+  }
+  try {
+    const result = await handleN8nTool(toolName, toolArgs || {}, env || {});
+    const formattedResult = typeof result === 'object' ? JSON.stringify(result, null, 2) : String(result);
+    res.json({ content: [{ type: 'text', text: formattedResult }], isError: false });
+  } catch (error) {
+    res.json({ content: [{ type: 'text', text: `n8n error: ${error.message}` }], isError: true });
+  }
+});
+
+// ============ OAUTH ENDPOINTS ============
+
+app.post('/oauth/register', async (req, res) => {
+  const { registration_endpoint, ...params } = req.body;
+  if (!registration_endpoint) {
+    return res.status(400).json({ error: 'Missing registration_endpoint' });
+  }
+  try {
+    const response = await fetch(registration_endpoint, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(params),
+    });
+    const data = await response.json();
+    res.status(response.status).json(data);
+  } catch (error) {
+    res.status(500).json({ error: 'Registration failed', message: error.message });
+  }
+});
+
+app.post('/oauth/token', async (req, res) => {
+  const { token_endpoint, ...params } = req.body;
+  if (!token_endpoint) {
+    return res.status(400).json({ error: 'Missing token_endpoint' });
+  }
+  try {
+    const response = await fetch(token_endpoint, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams(params).toString(),
+    });
+    const data = await response.json();
+    res.status(response.status).json(data);
+  } catch (error) {
+    res.status(500).json({ error: 'Token exchange failed', message: error.message });
+  }
+});
+
+// ============ SPA FALLBACK ============
+
+// Express 5 catch-all for SPA routes (not matched by API routes)
+app.use((req, res, next) => {
+  // Only handle GET requests that weren't matched by other routes
+  if (req.method === 'GET' && !req.path.startsWith('/api') && !req.path.startsWith('/mcp') && !req.path.startsWith('/plugins') && !req.path.startsWith('/oauth') && !req.path.startsWith('/health')) {
+    const indexPath = join(distDir, 'index.html');
+    if (existsSync(indexPath)) {
+      res.sendFile(indexPath);
+    } else {
+      res.status(404).send('Application not found. Please run "npm run build" first.');
+    }
+  } else {
+    next();
+  }
+});
+
+// ============ CLEANUP & START ============
+
+process.on('SIGINT', () => {
+  console.log('\n  Shutting down MCP servers...');
+  for (const [id, server] of stdioServers) {
+    server.stop();
+  }
+  process.exit(0);
+});
+
+process.on('SIGTERM', () => {
+  for (const [id, server] of stdioServers) {
+    server.stop();
+  }
+  process.exit(0);
+});
+
+app.listen(PORT, () => {
+  console.log(`  \x1b[32m✓\x1b[0m Server running at \x1b[36mhttp://localhost:${PORT}\x1b[0m`);
+  console.log('');
+  console.log('  Press Ctrl+C to stop');
+  console.log('');
+});