expxagents 0.6.0 → 0.7.1

package/dist/server/auth/auth-routes.js

@@ -0,0 +1,149 @@
+import crypto from 'node:crypto';
+import { hashPassword, verifyPassword } from './password.js';
+import { signAccessToken, signRefreshToken, verifyRefreshToken } from './jwt.js';
+export async function authRoutes(app, opts) {
+    const { db, jwtSecret } = opts;
+    // --- POST /api/auth/login ---
+    app.post('/api/auth/login', {
+        config: {
+            rateLimit: { max: 5, timeWindow: '1 minute' },
+        },
+        schema: {
+            body: {
+                type: 'object',
+                required: ['username', 'password'],
+                properties: {
+                    username: { type: 'string', minLength: 1 },
+                    password: { type: 'string', minLength: 1 },
+                },
+            },
+        },
+    }, async (request, reply) => {
+        const { username, password } = request.body;
+        const user = db.prepare('SELECT * FROM users WHERE username = ?').get(username);
+        if (!user || !(await verifyPassword(password, user.password_hash))) {
+            return reply.code(401).send({ error: 'Invalid username or password' });
+        }
+        // Create session
+        const sessionId = crypto.randomUUID();
+        const refreshToken = signRefreshToken({ sessionId, userId: user.id }, jwtSecret);
+        const tokenHash = crypto.createHash('sha256').update(refreshToken).digest('hex');
+        const expiresAt = new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString();
+        db.prepare('INSERT INTO sessions (id, user_id, token_hash, expires_at, created_at) VALUES (?, ?, ?, ?, ?)').run(sessionId, user.id, tokenHash, expiresAt, new Date().toISOString());
+        // Update last_login
+        db.prepare('UPDATE users SET last_login = ? WHERE id = ?').run(new Date().toISOString(), user.id);
+        // Audit log
+        db.prepare('INSERT INTO audit_log (user_id, action, details, created_at) VALUES (?, ?, ?, ?)').run(user.id, 'login', JSON.stringify({ ip: request.ip }), new Date().toISOString());
+        const accessToken = signAccessToken({ userId: user.id, role: user.role }, jwtSecret);
+        const isSecure = request.protocol === 'https';
+        reply
+            .setCookie('access_token', accessToken, {
+            httpOnly: true,
+            secure: isSecure,
+            sameSite: 'strict',
+            path: '/',
+            maxAge: 24 * 60 * 60, // 24h
+        })
+            .setCookie('refresh_token', refreshToken, {
+            httpOnly: true,
+            secure: isSecure,
+            sameSite: 'strict',
+            path: '/api/auth/refresh',
+            maxAge: 30 * 24 * 60 * 60, // 30d
+        });
+        return {
+            user: {
+                id: user.id,
+                username: user.username,
+                email: user.email,
+                role: user.role,
+            },
+        };
+    });
+    // --- POST /api/auth/register (admin only) ---
+    app.post('/api/auth/register', {
+        preHandler: [app.requireAuth, app.requireRole('admin')],
+        schema: {
+            body: {
+                type: 'object',
+                required: ['username', 'password'],
+                properties: {
+                    username: { type: 'string', minLength: 1 },
+                    password: { type: 'string', minLength: 6 },
+                    email: { type: 'string' },
+                    role: { type: 'string', enum: ['admin', 'operator', 'viewer'] },
+                },
+            },
+        },
+    }, async (request, reply) => {
+        const { username, password, email, role } = request.body;
+        const validRoles = ['admin', 'operator', 'viewer'];
+        const userRole = role && validRoles.includes(role) ? role : 'operator';
+        const existing = db.prepare('SELECT id FROM users WHERE username = ?').get(username);
+        if (existing) {
+            return reply.code(409).send({ error: 'Username already exists' });
+        }
+        const id = crypto.randomUUID();
+        const passwordHash = await hashPassword(password);
+        db.prepare('INSERT INTO users (id, username, email, password_hash, role, created_at) VALUES (?, ?, ?, ?, ?, ?)').run(id, username, email || null, passwordHash, userRole, new Date().toISOString());
+        // Audit log
+        db.prepare('INSERT INTO audit_log (user_id, action, details, created_at) VALUES (?, ?, ?, ?)').run(request.user.userId, 'create_user', JSON.stringify({ newUserId: id, username, role: userRole }), new Date().toISOString());
+        return reply.code(201).send({
+            user: { id, username, email: email || null, role: userRole },
+        });
+    });
+    // --- POST /api/auth/refresh ---
+    app.post('/api/auth/refresh', async (request, reply) => {
+        const refreshToken = request.cookies?.refresh_token;
+        if (!refreshToken) {
+            return reply.code(401).send({ error: 'Refresh token required' });
+        }
+        try {
+            const payload = verifyRefreshToken(refreshToken, jwtSecret);
+            const tokenHash = crypto.createHash('sha256').update(refreshToken).digest('hex');
+            const session = db
+                .prepare('SELECT * FROM sessions WHERE id = ? AND token_hash = ?')
+                .get(payload.sessionId, tokenHash);
+            if (!session || new Date(session.expires_at) < new Date()) {
+                return reply.code(401).send({ error: 'Invalid or expired session' });
+            }
+            const user = db.prepare('SELECT * FROM users WHERE id = ?').get(session.user_id);
+            if (!user) {
+                return reply.code(401).send({ error: 'User not found' });
+            }
+            const accessToken = signAccessToken({ userId: user.id, role: user.role }, jwtSecret);
+            const isSecure = request.protocol === 'https';
+            reply.setCookie('access_token', accessToken, {
+                httpOnly: true,
+                secure: isSecure,
+                sameSite: 'strict',
+                path: '/',
+                maxAge: 24 * 60 * 60,
+            });
+            return { user: { id: user.id, username: user.username, role: user.role } };
+        }
+        catch {
+            return reply.code(401).send({ error: 'Invalid refresh token' });
+        }
+    });
+    // --- POST /api/auth/logout ---
+    app.post('/api/auth/logout', { preHandler: [app.requireAuth] }, async (request, reply) => {
+        // Delete all sessions for user
+        db.prepare('DELETE FROM sessions WHERE user_id = ?').run(request.user.userId);
+        reply
+            .clearCookie('access_token', { path: '/' })
+            .clearCookie('refresh_token', { path: '/api/auth/refresh' });
+        return { ok: true };
+    });
+    // --- GET /api/auth/me ---
+    app.get('/api/auth/me', { preHandler: [app.requireAuth] }, async (request) => {
+        const user = db
+            .prepare('SELECT id, username, email, role, created_at, last_login FROM users WHERE id = ?')
+            .get(request.user.userId);
+        if (!user) {
+            return { error: 'User not found' };
+        }
+        return { user };
+    });
+}
+//# sourceMappingURL=auth-routes.js.map

package/dist/server/auth/auth-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-routes.js","sourceRoot":"","sources":["../../src/auth/auth-routes.ts"],"names":[],"mappings":"AAEA,OAAO,MAAM,MAAM,aAAa,CAAC;AACjC,OAAO,EAAE,YAAY,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,gBAAgB,EAAE,kBAAkB,EAAE,MAAM,UAAU,CAAC;AAiBjF,MAAM,CAAC,KAAK,UAAU,UAAU,CAC9B,GAAoB,EACpB,IAAuB;IAEvB,MAAM,EAAE,EAAE,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IAE/B,+BAA+B;IAC/B,GAAG,CAAC,IAAI,CAAC,iBAAiB,EAAE;QAC1B,MAAM,EAAE;YACN,SAAS,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,UAAU,EAAE,UAAU,EAAE;SAC9C;QACD,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;gBAClC,UAAU,EAAE;oBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;oBAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;iBAC3C;aACF;SACF;KACF,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC1B,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC,IAA8C,CAAC;QAEtF,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAEjE,CAAC;QAEd,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,cAAc,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;YACnE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QACzE,CAAC;QAED,iBAAiB;QACjB,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,MAAM,YAAY,GAAG,gBAAgB,CAAC,EAAE,SAAS,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,SAAS,CAAC,CAAC;QACjF,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACjF,MAAM,SAAS,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;QAEhF,EAAE,CAAC,OAAO,CACR,+FAA+F,CAChG,CAAC,GAAG,CAAC,SAAS,EAAE,IAAI,CAAC,EAAE,EAAE,SAAS,EAAE,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAE1E,oBAAoB;QACpB,EAAE,CAAC,OAAO,CAAC,8CAA8C,CAAC,CAAC,GAAG,CAC5D,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,EACxB,IAAI,CAAC,EAAE,CACR,CAAC;QAEF,YAAY;QACZ,EAAE,CAAC,OAAO,CACR,kFAAkF,CACnF,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,OAAO,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,CAAC,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAEtF,MAAM,WAAW,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;QAErF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;QAE9C,KAAK;aACF,SAAS,CAAC,cAAc,EAAE,WAAW,EAAE;YACtC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,GAAG;YACT,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM;SAC7B,CAAC;aACD,SAAS,CAAC,eAAe,EAAE,YAAY,EAAE;YACxC,QAAQ,EAAE,IAAI;YACd,MAAM,EAAE,QAAQ;YAChB,QAAQ,EAAE,QAAQ;YAClB,IAAI,EAAE,mBAAmB;YACzB,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE,MAAM;SAClC,CAAC,CAAC;QAEL,OAAO;YACL,IAAI,EAAE;gBACJ,EAAE,EAAE,IAAI,CAAC,EAAE;gBACX,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,IAAI,EAAE,IAAI,CAAC,IAAI;aAChB;SACF,CAAC;IACJ,CAAC,CAAC,CAAC;IAEH,+CAA+C;IAC/C,GAAG,CAAC,IAAI,CACN,oBAAoB,EACpB;QACE,UAAU,EAAE,CAAC,GAAG,CAAC,WAAW,EAAE,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACvD,MAAM,EAAE;YACN,IAAI,EAAE;gBACJ,IAAI,EAAE,QAAQ;gBACd,QAAQ,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC;gBAClC,UAAU,EAAE;oBACV,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;oBAC1C,QAAQ,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,SAAS,EAAE,CAAC,EAAE;oBAC1C,KAAK,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE;oBACzB,IAAI,EAAE,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,EAAE;iBAChE;aACF;SACF;KACF,EACD,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC,IAKnD,CAAC;QAEF,MAAM,UAAU,GAAG,CAAC,OAAO,EAAE,UAAU,EAAE,QAAQ,CAAC,CAAC;QACnD,MAAM,QAAQ,GAAG,IAAI,IAAI,UAAU,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC;QAEvE,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC,yCAAyC,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QACrF,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QACpE,CAAC;QAED,MAAM,EAAE,GAAG,MAAM,CAAC,UAAU,EAAE,CAAC;QAC/B,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,QAAQ,CAAC,CAAC;QAElD,EAAE,CAAC,OAAO,CACR,oGAAoG,CACrG,CAAC,GAAG,CAAC,EAAE,EAAE,QAAQ,EAAE,KAAK,IAAI,IAAI,EAAE,YAAY,EAAE,QAAQ,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,CAAC;QAErF,YAAY;QACZ,EAAE,CAAC,OAAO,CACR,kFAAkF,CACnF,CAAC,GAAG,CACH,OAAO,CAAC,IAAI,CAAC,MAAM,EACnB,aAAa,EACb,IAAI,CAAC,SAAS,CAAC,EAAE,SAAS,EAAE,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAC3D,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CACzB,CAAC;QAEF,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;YAC1B,IAAI,EAAE,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,KAAK,IAAI,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE;SAC7D,CAAC,CAAC;IACL,CAAC,CACF,CAAC;IAEF,iCAAiC;IACjC,GAAG,CAAC,IAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACrD,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,aAAa,CAAC;QACpD,IAAI,CAAC,YAAY,EAAE,CAAC;YAClB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACnE,CAAC;QAED,IAAI,CAAC;YACH,MAAM,OAAO,GAAG,kBAAkB,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;YAC5D,MAAM,SAAS,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,YAAY,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAEjF,MAAM,OAAO,GAAG,EAAE;iBACf,OAAO,CAAC,wDAAwD,CAAC;iBACjE,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAwD,CAAC;YAE5F,IAAI,CAAC,OAAO,IAAI,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,GAAG,IAAI,IAAI,EAAE,EAAE,CAAC;gBAC1D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,4BAA4B,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CAAC,kCAAkC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,CAElE,CAAC;YAEd,IAAI,CAAC,IAAI,EAAE,CAAC;gBACV,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;YAC3D,CAAC;YAED,MAAM,WAAW,GAAG,eAAe,CAAC,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,SAAS,CAAC,CAAC;YACrF,MAAM,QAAQ,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC;YAE9C,KAAK,CAAC,SAAS,CAAC,cAAc,EAAE,WAAW,EAAE;gBAC3C,QAAQ,EAAE,IAAI;gBACd,MAAM,EAAE,QAAQ;gBAChB,QAAQ,EAAE,QAAQ;gBAClB,IAAI,EAAE,GAAG;gBACT,MAAM,EAAE,EAAE,GAAG,EAAE,GAAG,EAAE;aACrB,CAAC,CAAC;YAEH,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,QAAQ,EAAE,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC;QAC7E,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;QAClE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,gCAAgC;IAChC,GAAG,CAAC,IAAI,CACN,kBAAkB,EAClB,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,EACjC,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,+BAA+B;QAC/B,EAAE,CAAC,OAAO,CAAC,wCAAwC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QAE9E,KAAK;aACF,WAAW,CAAC,cAAc,EAAE,EAAE,IAAI,EAAE,GAAG,EAAE,CAAC;aAC1C,WAAW,CAAC,eAAe,EAAE,EAAE,IAAI,EAAE,mBAAmB,EAAE,CAAC,CAAC;QAE/D,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC;IACtB,CAAC,CACF,CAAC;IAEF,2BAA2B;IAC3B,GAAG,CAAC,GAAG,CACL,cAAc,EACd,EAAE,UAAU,EAAE,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,EACjC,KAAK,EAAE,OAAO,EAAE,EAAE;QAChB,MAAM,IAAI,GAAG,EAAE;aACZ,OAAO,CAAC,kFAAkF,CAAC;aAC3F,GAAG,CAAC,OAAO,CAAC,IAAI,CAAC,MAAM,CAA+C,CAAC;QAE1E,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC;QACrC,CAAC;QAED,OAAO,EAAE,IAAI,EAAE,CAAC;IAClB,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/server/auth/jwt.d.ts

@@ -0,0 +1,14 @@
+import { type SignOptions } from 'jsonwebtoken';
+export interface AccessTokenPayload {
+    userId: string;
+    role: string;
+}
+export interface RefreshTokenPayload {
+    sessionId: string;
+    userId: string;
+}
+export declare function signAccessToken(payload: AccessTokenPayload, secret: string, expiresIn?: SignOptions['expiresIn']): string;
+export declare function verifyAccessToken(token: string, secret: string): AccessTokenPayload;
+export declare function signRefreshToken(payload: RefreshTokenPayload, secret: string, expiresIn?: SignOptions['expiresIn']): string;
+export declare function verifyRefreshToken(token: string, secret: string): RefreshTokenPayload;
+//# sourceMappingURL=jwt.d.ts.map

package/dist/server/auth/jwt.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.d.ts","sourceRoot":"","sources":["../../src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAY,EAAE,KAAK,WAAW,EAAE,MAAM,cAAc,CAAC;AAErD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,mBAAmB;IAClC,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,wBAAgB,eAAe,CAC7B,OAAO,EAAE,kBAAkB,EAC3B,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,WAAW,CAAC,WAAW,CAAS,GAC1C,MAAM,CAER;AAED,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,kBAAkB,CAGnF;AAED,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,mBAAmB,EAC5B,MAAM,EAAE,MAAM,EACd,SAAS,GAAE,WAAW,CAAC,WAAW,CAAS,GAC1C,MAAM,CAER;AAED,wBAAgB,kBAAkB,CAAC,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,mBAAmB,CAGrF"}

package/dist/server/auth/jwt.js

@@ -0,0 +1,16 @@
+import jwt from 'jsonwebtoken';
+export function signAccessToken(payload, secret, expiresIn = '24h') {
+    return jwt.sign(payload, secret, { expiresIn });
+}
+export function verifyAccessToken(token, secret) {
+    const decoded = jwt.verify(token, secret);
+    return { userId: decoded.userId, role: decoded.role };
+}
+export function signRefreshToken(payload, secret, expiresIn = '30d') {
+    return jwt.sign(payload, secret, { expiresIn });
+}
+export function verifyRefreshToken(token, secret) {
+    const decoded = jwt.verify(token, secret);
+    return { sessionId: decoded.sessionId, userId: decoded.userId };
+}
+//# sourceMappingURL=jwt.js.map

package/dist/server/auth/jwt.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../src/auth/jwt.ts"],"names":[],"mappings":"AAAA,OAAO,GAAyB,MAAM,cAAc,CAAC;AAYrD,MAAM,UAAU,eAAe,CAC7B,OAA2B,EAC3B,MAAc,EACd,YAAsC,KAAK;IAE3C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,KAAa,EAAE,MAAc;IAC7D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAwC,CAAC;IACjF,OAAO,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,MAAM,UAAU,gBAAgB,CAC9B,OAA4B,EAC5B,MAAc,EACd,YAAsC,KAAK;IAE3C,OAAO,GAAG,CAAC,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,CAAC,CAAC;AAClD,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,KAAa,EAAE,MAAc;IAC9D,MAAM,OAAO,GAAG,GAAG,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAyC,CAAC;IAClF,OAAO,EAAE,SAAS,EAAE,OAAO,CAAC,SAAS,EAAE,MAAM,EAAE,OAAO,CAAC,MAAM,EAAE,CAAC;AAClE,CAAC"}

package/dist/server/auth/password.d.ts

@@ -0,0 +1,3 @@
+export declare function hashPassword(password: string): Promise<string>;
+export declare function verifyPassword(password: string, hash: string): Promise<boolean>;
+//# sourceMappingURL=password.d.ts.map

package/dist/server/auth/password.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.d.ts","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAIA,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAEpE;AAED,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAErF"}

package/dist/server/auth/password.js

@@ -0,0 +1,9 @@
+import bcrypt from 'bcrypt';
+const SALT_ROUNDS = 12;
+export async function hashPassword(password) {
+    return bcrypt.hash(password, SALT_ROUNDS);
+}
+export async function verifyPassword(password, hash) {
+    return bcrypt.compare(password, hash);
+}
+//# sourceMappingURL=password.js.map

package/dist/server/auth/password.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"password.js","sourceRoot":"","sources":["../../src/auth/password.ts"],"names":[],"mappings":"AAAA,OAAO,MAAM,MAAM,QAAQ,CAAC;AAE5B,MAAM,WAAW,GAAG,EAAE,CAAC;AAEvB,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,OAAO,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,IAAY;IACjE,OAAO,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;AACxC,CAAC"}

package/dist/server/bridge/__tests__/chat-handler.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=chat-handler.test.d.ts.map

package/dist/server/bridge/__tests__/chat-handler.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-handler.test.d.ts","sourceRoot":"","sources":["../../../src/bridge/__tests__/chat-handler.test.ts"],"names":[],"mappings":""}

package/dist/server/bridge/__tests__/chat-handler.test.js

@@ -0,0 +1,132 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import Database from 'better-sqlite3';
+import { ChatHandler } from '../chat-handler';
+function createTestDb() {
+    const db = new Database(':memory:');
+    db.pragma('journal_mode = WAL');
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS conversations (
+      id TEXT PRIMARY KEY,
+      squad_name TEXT NOT NULL,
+      created_at TEXT NOT NULL
+    );
+    CREATE TABLE IF NOT EXISTS chat_messages (
+      id TEXT PRIMARY KEY,
+      conversation_id TEXT NOT NULL REFERENCES conversations(id),
+      role TEXT NOT NULL,
+      content TEXT NOT NULL,
+      agent_id TEXT,
+      agent_name TEXT,
+      created_at TEXT NOT NULL
+    );
+  `);
+    return db;
+}
+function createMockBridge() {
+    return {
+        send: vi.fn(),
+        isActive: vi.fn().mockReturnValue(false),
+        kill: vi.fn(),
+    };
+}
+describe('ChatHandler', () => {
+    let db;
+    let bridge;
+    let handler;
+    let broadcast;
+    beforeEach(() => {
+        db = createTestDb();
+        bridge = createMockBridge();
+        broadcast = vi.fn();
+        handler = new ChatHandler({ db, bridge, broadcast, squadsDir: '/tmp/squads' });
+    });
+    describe('handleChatSend', () => {
+        it('should create a conversation if none exists', () => {
+            handler.handleChatSend('content-team', 'Hello');
+            expect(broadcast).toHaveBeenCalledWith('content-team', expect.objectContaining({
+                type: 'chat:conversation_created',
+                squadName: 'content-team',
+                conversationId: expect.any(String),
+            }));
+        });
+        it('should save user message to database', () => {
+            handler.handleChatSend('content-team', 'Hello');
+            const msgs = db.prepare('SELECT * FROM chat_messages WHERE role = ?').all('user');
+            expect(msgs).toHaveLength(1);
+            expect(msgs[0].content).toBe('Hello');
+        });
+        it('should call bridge.send with constructed prompt', () => {
+            handler.handleChatSend('content-team', 'Hello');
+            expect(bridge.send).toHaveBeenCalledWith(expect.objectContaining({
+                prompt: expect.stringContaining('Hello'),
+                cwd: '/tmp/squads/content-team',
+                squadName: 'content-team',
+            }));
+        });
+        it('should reuse existing conversation', () => {
+            handler.handleChatSend('content-team', 'First');
+            handler.handleChatSend('content-team', 'Second');
+            const createdMessages = broadcast.mock.calls.filter((call) => call[1].type === 'chat:conversation_created');
+            expect(createdMessages).toHaveLength(1);
+            const msgs = db.prepare('SELECT * FROM chat_messages WHERE role = ?').all('user');
+            expect(msgs).toHaveLength(2);
+        });
+        it('should broadcast chunks from bridge', () => {
+            let capturedOnChunk;
+            bridge.send.mockImplementation((opts) => {
+                capturedOnChunk = opts.onChunk;
+            });
+            handler.handleChatSend('content-team', 'Hello');
+            expect(capturedOnChunk).toBeDefined();
+            capturedOnChunk('chunk-1');
+            expect(broadcast).toHaveBeenCalledWith('content-team', expect.objectContaining({
+                type: 'chat:chunk',
+                squadName: 'content-team',
+                delta: 'chunk-1',
+            }));
+        });
+        it('should save assistant message and broadcast done on bridge completion', () => {
+            let capturedOnDone;
+            bridge.send.mockImplementation((opts) => {
+                capturedOnDone = opts.onDone;
+            });
+            handler.handleChatSend('content-team', 'Hello');
+            capturedOnDone('Full response text');
+            const msgs = db.prepare('SELECT * FROM chat_messages WHERE role = ?').all('assistant');
+            expect(msgs).toHaveLength(1);
+            expect(msgs[0].content).toBe('Full response text');
+            expect(broadcast).toHaveBeenCalledWith('content-team', expect.objectContaining({
+                type: 'chat:done',
+                squadName: 'content-team',
+                messageId: expect.any(String),
+            }));
+        });
+        it('should broadcast error from bridge', () => {
+            let capturedOnError;
+            bridge.send.mockImplementation((opts) => {
+                capturedOnError = opts.onError;
+            });
+            handler.handleChatSend('content-team', 'Hello');
+            capturedOnError({ code: 1, message: 'Exit code 1: error' });
+            expect(broadcast).toHaveBeenCalledWith('content-team', expect.objectContaining({
+                type: 'chat:error',
+                squadName: 'content-team',
+                error: 'Exit code 1: error',
+            }));
+        });
+    });
+    describe('handleNewConversation', () => {
+        it('should create a new conversation and broadcast', () => {
+            handler.handleChatSend('content-team', 'Old message');
+            broadcast.mockClear();
+            handler.handleNewConversation('content-team');
+            expect(broadcast).toHaveBeenCalledWith('content-team', expect.objectContaining({
+                type: 'chat:conversation_created',
+                squadName: 'content-team',
+            }));
+            const convs = db.prepare('SELECT * FROM conversations WHERE squad_name = ?').all('content-team');
+            expect(convs).toHaveLength(2);
+        });
+    });
+});
+//# sourceMappingURL=chat-handler.test.js.map

package/dist/server/bridge/__tests__/chat-handler.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-handler.test.js","sourceRoot":"","sources":["../../../src/bridge/__tests__/chat-handler.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE,UAAU,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAG9C,SAAS,YAAY;IACnB,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC;IACpC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;GAeP,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,SAAS,gBAAgB;IACvB,OAAO;QACL,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE;QACb,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC;QACxC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE;KACa,CAAC;AAC/B,CAAC;AAED,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;IAC3B,IAAI,EAAqB,CAAC;IAC1B,IAAI,MAAoB,CAAC;IACzB,IAAI,OAAoB,CAAC;IACzB,IAAI,SAAmC,CAAC;IAExC,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,GAAG,YAAY,EAAE,CAAC;QACpB,MAAM,GAAG,gBAAgB,EAAE,CAAC;QAC5B,SAAS,GAAG,EAAE,CAAC,EAAE,EAAE,CAAC;QACpB,OAAO,GAAG,IAAI,WAAW,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;QAC9B,EAAE,CAAC,6CAA6C,EAAE,GAAG,EAAE;YACrD,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAEhD,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,cAAc,EACd,MAAM,CAAC,gBAAgB,CAAC;gBACtB,IAAI,EAAE,2BAA2B;gBACjC,SAAS,EAAE,cAAc;gBACzB,cAAc,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aACnC,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;YAC9C,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAEhD,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,4CAA4C,CAC7C,CAAC,GAAG,CAAC,MAAM,CAAU,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACxC,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,iDAAiD,EAAE,GAAG,EAAE;YACzD,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAEhD,MAAM,CAAE,MAAM,CAAC,IAAY,CAAC,CAAC,oBAAoB,CAC/C,MAAM,CAAC,gBAAgB,CAAC;gBACtB,MAAM,EAAE,MAAM,CAAC,gBAAgB,CAAC,OAAO,CAAC;gBACxC,GAAG,EAAE,0BAA0B;gBAC/B,SAAS,EAAE,cAAc;aAC1B,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAChD,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;YAEjD,MAAM,eAAe,GAAG,SAAS,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CACjD,CAAC,IAAW,EAAE,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,2BAA2B,CAC9D,CAAC;YACF,MAAM,CAAC,eAAe,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAExC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,4CAA4C,CAC7C,CAAC,GAAG,CAAC,MAAM,CAAU,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;YAC7C,IAAI,eAAqD,CAAC;YACzD,MAAM,CAAC,IAAY,CAAC,kBAAkB,CAAC,CAAC,IAAS,EAAE,EAAE;gBACpD,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAChD,MAAM,CAAC,eAAe,CAAC,CAAC,WAAW,EAAE,CAAC;YAEtC,eAAgB,CAAC,SAAS,CAAC,CAAC;YAE5B,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,cAAc,EACd,MAAM,CAAC,gBAAgB,CAAC;gBACtB,IAAI,EAAE,YAAY;gBAClB,SAAS,EAAE,cAAc;gBACzB,KAAK,EAAE,SAAS;aACjB,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,uEAAuE,EAAE,GAAG,EAAE;YAC/E,IAAI,cAAwD,CAAC;YAC5D,MAAM,CAAC,IAAY,CAAC,kBAAkB,CAAC,CAAC,IAAS,EAAE,EAAE;gBACpD,cAAc,GAAG,IAAI,CAAC,MAAM,CAAC;YAC/B,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAChD,cAAe,CAAC,oBAAoB,CAAC,CAAC;YAEtC,MAAM,IAAI,GAAG,EAAE,CAAC,OAAO,CACrB,4CAA4C,CAC7C,CAAC,GAAG,CAAC,WAAW,CAAU,CAAC;YAC5B,MAAM,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;YAEnD,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,cAAc,EACd,MAAM,CAAC,gBAAgB,CAAC;gBACtB,IAAI,EAAE,WAAW;gBACjB,SAAS,EAAE,cAAc;gBACzB,SAAS,EAAE,MAAM,CAAC,GAAG,CAAC,MAAM,CAAC;aAC9B,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,oCAAoC,EAAE,GAAG,EAAE;YAC5C,IAAI,eAAmD,CAAC;YACvD,MAAM,CAAC,IAAY,CAAC,kBAAkB,CAAC,CAAC,IAAS,EAAE,EAAE;gBACpD,eAAe,GAAG,IAAI,CAAC,OAAO,CAAC;YACjC,CAAC,CAAC,CAAC;YAEH,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;YAChD,eAAgB,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,oBAAoB,EAAE,CAAC,CAAC;YAE7D,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,cAAc,EACd,MAAM,CAAC,gBAAgB,CAAC;gBACtB,IAAI,EAAE,YAAY;gBAClB,SAAS,EAAE,cAAc;gBACzB,KAAK,EAAE,oBAAoB;aAC5B,CAAC,CACH,CAAC;QACJ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,uBAAuB,EAAE,GAAG,EAAE;QACrC,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;YACxD,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;YACtD,SAAS,CAAC,SAAS,EAAE,CAAC;YAEtB,OAAO,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;YAE9C,MAAM,CAAC,SAAS,CAAC,CAAC,oBAAoB,CACpC,cAAc,EACd,MAAM,CAAC,gBAAgB,CAAC;gBACtB,IAAI,EAAE,2BAA2B;gBACjC,SAAS,EAAE,cAAc;aAC1B,CAAC,CACH,CAAC;YAEF,MAAM,KAAK,GAAG,EAAE,CAAC,OAAO,CACtB,kDAAkD,CACnD,CAAC,GAAG,CAAC,cAAc,CAAU,CAAC;YAC/B,MAAM,CAAC,KAAK,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAChC,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/server/bridge/__tests__/chat-integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=chat-integration.test.d.ts.map

package/dist/server/bridge/__tests__/chat-integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-integration.test.d.ts","sourceRoot":"","sources":["../../../src/bridge/__tests__/chat-integration.test.ts"],"names":[],"mappings":""}

package/dist/server/bridge/__tests__/chat-integration.test.js

@@ -0,0 +1,141 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+import Database from 'better-sqlite3';
+import { ChatHandler } from '../chat-handler';
+import { getActiveConversation, getMessages, } from '../conversation';
+function createTestDb() {
+    const db = new Database(':memory:');
+    db.pragma('journal_mode = WAL');
+    db.exec(`
+    CREATE TABLE IF NOT EXISTS conversations (
+      id TEXT PRIMARY KEY,
+      squad_name TEXT NOT NULL,
+      created_at TEXT NOT NULL
+    );
+    CREATE TABLE IF NOT EXISTS chat_messages (
+      id TEXT PRIMARY KEY,
+      conversation_id TEXT NOT NULL REFERENCES conversations(id),
+      role TEXT NOT NULL,
+      content TEXT NOT NULL,
+      agent_id TEXT,
+      agent_name TEXT,
+      created_at TEXT NOT NULL
+    );
+  `);
+    return db;
+}
+describe('Chat round-trip integration', () => {
+    let db;
+    let broadcasts;
+    let capturedBridgeCalls;
+    let handler;
+    beforeEach(() => {
+        db = createTestDb();
+        broadcasts = [];
+        capturedBridgeCalls = [];
+        const mockBridge = {
+            send: vi.fn((opts) => {
+                capturedBridgeCalls.push(opts);
+            }),
+            isActive: vi.fn().mockReturnValue(false),
+            kill: vi.fn(),
+        };
+        handler = new ChatHandler({
+            db,
+            bridge: mockBridge,
+            broadcast: (squadName, message) => {
+                broadcasts.push({ squadName, message });
+            },
+            squadsDir: '/tmp/squads',
+        });
+    });
+    it('should complete a full send -> stream -> done cycle', () => {
+        handler.handleChatSend('content-team', 'What topics should we cover?');
+        const createMsg = broadcasts.find((b) => b.message.type === 'chat:conversation_created');
+        expect(createMsg).toBeDefined();
+        expect(createMsg.squadName).toBe('content-team');
+        const conv = getActiveConversation(db, 'content-team');
+        expect(conv).not.toBeNull();
+        const msgs1 = getMessages(db, conv.id, { limit: 50 });
+        expect(msgs1.data).toHaveLength(1);
+        expect(msgs1.data[0].role).toBe('user');
+        expect(msgs1.data[0].content).toBe('What topics should we cover?');
+        const bridgeCall = capturedBridgeCalls[0];
+        expect(bridgeCall.squadName).toBe('content-team');
+        expect(bridgeCall.prompt).toContain('What topics should we cover?');
+        bridgeCall.onChunk('Here are ');
+        bridgeCall.onChunk('5 topics');
+        const chunks = broadcasts.filter((b) => b.message.type === 'chat:chunk');
+        expect(chunks).toHaveLength(2);
+        expect(chunks[0].message.delta).toBe('Here are ');
+        expect(chunks[1].message.delta).toBe('5 topics');
+        bridgeCall.onDone('Here are 5 topics');
+        const msgs2 = getMessages(db, conv.id, { limit: 50 });
+        expect(msgs2.data).toHaveLength(2);
+        expect(msgs2.data[1].role).toBe('assistant');
+        expect(msgs2.data[1].content).toBe('Here are 5 topics');
+        const doneMsg = broadcasts.find((b) => b.message.type === 'chat:done');
+        expect(doneMsg).toBeDefined();
+        expect(doneMsg.message.messageId).toBeDefined();
+    });
+    it('should persist multiple messages in the same conversation', () => {
+        handler.handleChatSend('content-team', 'Hello');
+        capturedBridgeCalls[0].onDone('Hi!');
+        handler.handleChatSend('content-team', 'Tell me more');
+        capturedBridgeCalls[1].onDone('Sure, here is more info');
+        const conv = getActiveConversation(db, 'content-team');
+        const msgs = getMessages(db, conv.id, { limit: 50 });
+        expect(msgs.data).toHaveLength(4);
+        // Same-millisecond IDs may sort by random hex suffix, so verify content exists
+        const contents = msgs.data.map((m) => m.content);
+        expect(contents).toContain('Hello');
+        expect(contents).toContain('Hi!');
+        expect(contents).toContain('Tell me more');
+        expect(contents).toContain('Sure, here is more info');
+        // Verify roles: 2 user + 2 assistant
+        expect(msgs.data.filter((m) => m.role === 'user')).toHaveLength(2);
+        expect(msgs.data.filter((m) => m.role === 'assistant')).toHaveLength(2);
+    });
+    it('should include conversation history in bridge prompt', () => {
+        handler.handleChatSend('content-team', 'Hello');
+        capturedBridgeCalls[0].onDone('Hi there!');
+        handler.handleChatSend('content-team', 'What next?');
+        const secondPrompt = capturedBridgeCalls[1].prompt;
+        expect(secondPrompt).toContain('User: Hello');
+        expect(secondPrompt).toContain('Assistant: Hi there!');
+        expect(secondPrompt).toContain('User: What next?');
+    });
+    it('should handle bridge error gracefully', () => {
+        handler.handleChatSend('content-team', 'Hello');
+        capturedBridgeCalls[0].onError({ code: 1, message: 'Process failed' });
+        const errorMsg = broadcasts.find((b) => b.message.type === 'chat:error');
+        expect(errorMsg).toBeDefined();
+        expect(errorMsg.message.error).toBe('Process failed');
+        const conv = getActiveConversation(db, 'content-team');
+        const msgs = getMessages(db, conv.id, { limit: 50 });
+        expect(msgs.data).toHaveLength(1);
+        expect(msgs.data[0].role).toBe('user');
+    });
+    it('should create a fresh conversation on handleNewConversation', () => {
+        // Insert old conversation with explicit earlier timestamp
+        db.prepare('INSERT INTO conversations (id, squad_name, created_at) VALUES (?, ?, ?)').run('2026-03-13T09:00:00.000Z-old', 'content-team', '2026-03-13T09:00:00.000Z');
+        db.prepare('INSERT INTO chat_messages (id, conversation_id, role, content, created_at) VALUES (?, ?, ?, ?, ?)').run('2026-03-13T09:00:01.000Z-m1', '2026-03-13T09:00:00.000Z-old', 'user', 'Old message', '2026-03-13T09:00:01.000Z');
+        // Create new conversation — its generateId() will produce a later timestamp than 2026-03-13T09:00:00
+        handler.handleNewConversation('content-team');
+        // handleChatSend should pick up the new (latest) conversation
+        handler.handleChatSend('content-team', 'New message');
+        capturedBridgeCalls[0].onDone('New response');
+        // Verify the new conversation got the new messages
+        const convCreatedBroadcasts = broadcasts.filter((b) => b.message.type === 'chat:conversation_created');
+        expect(convCreatedBroadcasts).toHaveLength(1);
+        // There should be 2 conversations total
+        const allConvs = db.prepare('SELECT * FROM conversations WHERE squad_name = ?').all('content-team');
+        expect(allConvs).toHaveLength(2);
+        // The newest conversation should have only 2 messages (New message + New response)
+        const newConvId = convCreatedBroadcasts[0].message.conversationId;
+        const msgs = getMessages(db, newConvId, { limit: 50 });
+        const contents = msgs.data.map((m) => m.content);
+        expect(contents).toContain('New message');
+        expect(contents).toContain('New response');
+    });
+});
+//# sourceMappingURL=chat-integration.test.js.map

package/dist/server/bridge/__tests__/chat-integration.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"chat-integration.test.js","sourceRoot":"","sources":["../../../src/bridge/__tests__/chat-integration.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,UAAU,EAAE,EAAE,EAAE,MAAM,QAAQ,CAAC;AAC9D,OAAO,QAAQ,MAAM,gBAAgB,CAAC;AACtC,OAAO,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAE9C,OAAO,EACL,qBAAqB,EACrB,WAAW,GACZ,MAAM,iBAAiB,CAAC;AAEzB,SAAS,YAAY;IACnB,MAAM,EAAE,GAAG,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC;IACpC,EAAE,CAAC,MAAM,CAAC,oBAAoB,CAAC,CAAC;IAChC,EAAE,CAAC,IAAI,CAAC;;;;;;;;;;;;;;;GAeP,CAAC,CAAC;IACH,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,QAAQ,CAAC,6BAA6B,EAAE,GAAG,EAAE;IAC3C,IAAI,EAAqB,CAAC;IAC1B,IAAI,UAA0E,CAAC;IAC/E,IAAI,mBAA0B,CAAC;IAC/B,IAAI,OAAoB,CAAC;IAEzB,UAAU,CAAC,GAAG,EAAE;QACd,EAAE,GAAG,YAAY,EAAE,CAAC;QACpB,UAAU,GAAG,EAAE,CAAC;QAChB,mBAAmB,GAAG,EAAE,CAAC;QAEzB,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,EAAE,CAAC,EAAE,CAAC,CAAC,IAAS,EAAE,EAAE;gBACxB,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACjC,CAAC,CAAC;YACF,QAAQ,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,eAAe,CAAC,KAAK,CAAC;YACxC,IAAI,EAAE,EAAE,CAAC,EAAE,EAAE;SACa,CAAC;QAE7B,OAAO,GAAG,IAAI,WAAW,CAAC;YACxB,EAAE;YACF,MAAM,EAAE,UAAU;YAClB,SAAS,EAAE,CAAC,SAAS,EAAE,OAAO,EAAE,EAAE;gBAChC,UAAU,CAAC,IAAI,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE,CAAC,CAAC;YAC1C,CAAC;YACD,SAAS,EAAE,aAAa;SACzB,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,8BAA8B,CAAC,CAAC;QAEvE,MAAM,SAAS,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,2BAA2B,CAAC,CAAC;QACzF,MAAM,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;QAChC,MAAM,CAAC,SAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAElD,MAAM,IAAI,GAAG,qBAAqB,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;QACvD,MAAM,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC;QAC5B,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;QACxC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAEnE,MAAM,UAAU,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC;QAC1C,MAAM,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;QAClD,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,SAAS,CAAC,8BAA8B,CAAC,CAAC;QAEpE,UAAU,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;QAChC,UAAU,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QAE/B,MAAM,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAC/B,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAClD,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;QAEjD,UAAU,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;QAEvC,MAAM,KAAK,GAAG,WAAW,CAAC,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACnC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;QAC7C,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC;QAExD,MAAM,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC;QACvE,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,CAAC,WAAW,EAAE,CAAC;IACnD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2DAA2D,EAAE,GAAG,EAAE;QACnE,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAChD,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAErC,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QACvD,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,yBAAyB,CAAC,CAAC;QAEzD,MAAM,IAAI,GAAG,qBAAqB,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAClC,+EAA+E;QAC/E,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC;QAClC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;QAC3C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,yBAAyB,CAAC,CAAC;QACtD,qCAAqC;QACrC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,WAAW,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAChD,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;QAE3C,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,YAAY,CAAC,CAAC;QAErD,MAAM,YAAY,GAAG,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC;QACnD,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC9C,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,sBAAsB,CAAC,CAAC;QACvD,MAAM,CAAC,YAAY,CAAC,CAAC,SAAS,CAAC,kBAAkB,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,OAAO,CAAC,CAAC;QAChD,mBAAmB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,EAAE,IAAI,EAAE,CAAC,EAAE,OAAO,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAEvE,MAAM,QAAQ,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,YAAY,CAAC,CAAC;QACzE,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QAC/B,MAAM,CAAC,QAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,CAAC;QAEvD,MAAM,IAAI,GAAG,qBAAqB,CAAC,EAAE,EAAE,cAAc,CAAC,CAAC;QACvD,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,IAAK,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACtD,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAClC,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6DAA6D,EAAE,GAAG,EAAE;QACrE,0DAA0D;QAC1D,EAAE,CAAC,OAAO,CAAC,yEAAyE,CAAC,CAAC,GAAG,CACvF,8BAA8B,EAAE,cAAc,EAAE,0BAA0B,CAC3E,CAAC;QACF,EAAE,CAAC,OAAO,CACR,mGAAmG,CACpG,CAAC,GAAG,CAAC,6BAA6B,EAAE,8BAA8B,EAAE,MAAM,EAAE,aAAa,EAAE,0BAA0B,CAAC,CAAC;QAExH,qGAAqG;QACrG,OAAO,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;QAE9C,8DAA8D;QAC9D,OAAO,CAAC,cAAc,CAAC,cAAc,EAAE,aAAa,CAAC,CAAC;QACtD,mBAAmB,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,cAAc,CAAC,CAAC;QAE9C,mDAAmD;QACnD,MAAM,qBAAqB,GAAG,UAAU,CAAC,MAAM,CAC7C,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,KAAK,2BAA2B,CACtD,CAAC;QACF,MAAM,CAAC,qBAAqB,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAE9C,wCAAwC;QACxC,MAAM,QAAQ,GAAG,EAAE,CAAC,OAAO,CAAC,kDAAkD,CAAC,CAAC,GAAG,CAAC,cAAc,CAAU,CAAC;QAC7G,MAAM,CAAC,QAAQ,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC;QAEjC,mFAAmF;QACnF,MAAM,SAAS,GAAG,qBAAqB,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,cAAwB,CAAC;QAC5E,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,SAAS,EAAE,EAAE,KAAK,EAAE,EAAE,EAAE,CAAC,CAAC;QACvD,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QACtD,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;QAC1C,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC7C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/server/bridge/__tests__/claude-bridge.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=claude-bridge.test.d.ts.map

package/dist/server/bridge/__tests__/claude-bridge.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"claude-bridge.test.d.ts","sourceRoot":"","sources":["../../../src/bridge/__tests__/claude-bridge.test.ts"],"names":[],"mappings":""}