gitmaps 1.0.0 → 1.1.1

package/app/api/auth/positions/route.ts

@@ -1,50 +1,112 @@
 /**
  * GET /api/auth/positions?repo=<url> — Load saved positions for a repo
- * POST /api/auth/positions — Save positions for a repo
- * 
- * Enables shared repositories: each user has their own card layout
- * for the same cloned repository.
+ * POST /api/auth/positions — Save positions for a repo (Leader only)
+ *
+ * Leader/Follower enforcement:
+ * - Leaders (localhost/local network): Can read/write positions
+ * - Followers (remote/production): Read-only access
+ *
+ * This prevents unauthorized canvas modifications on production servers.
  */
-import { getSessionFromRequest, loadRepoPositions, saveRepoPositions } from '../../../lib/auth';
+import {
+  getSessionFromRequest,
+  loadRepoPositions,
+  saveRepoPositions,
+} from "../../../lib/auth";
+
+/**
+ * Detect if request is from a leader (local) or follower (remote)
+ * Based on IP address - localhost and local network = leader
+ */
+function isLeaderRequest(req: Request): boolean {
+  const forwarded = req.headers.get("x-forwarded-for");
+  const ip =
+    forwarded?.split(",")[0]?.trim() ||
+    req.headers.get("x-real-ip") ||
+    "unknown";
+
+  // Leader: localhost, local network IPs
+  const leaderPatterns = [
+    /^127\./, // 127.0.0.1
+    /^::1$/, // IPv6 localhost
+    /^192\.168\./, // Private network
+    /^10\./, // Private network
+    /^172\.(1[6-9]|2[0-9]|3[0-1])\./, // Private network
+    /^localhost$/i,
+    /^unknown$/i, // No IP header = likely local dev
+  ];
+
+  return leaderPatterns.some((pattern) => pattern.test(ip));
+}
 
 export async function GET(req: Request) {
-    const user = getSessionFromRequest(req);
-    if (!user) {
-        return Response.json({ authenticated: false });
-    }
+  const url = new URL(req.url);
+  const repoUrl = url.searchParams.get("repo");
+  if (!repoUrl) {
+    return Response.json({ error: "repo param required" }, { status: 400 });
+  }
 
-    const url = new URL(req.url);
-    const repoUrl = url.searchParams.get('repo');
-    if (!repoUrl) {
-        return Response.json({ error: 'repo param required' }, { status: 400 });
-    }
+  const user = getSessionFromRequest(req);
 
-    const positionsJson = loadRepoPositions(user.id, repoUrl);
+  // Allow unauthenticated reads (for public repos)
+  if (!user) {
+    // Try to load from guest account (userId 0) or return empty
+    const positionsJson = loadRepoPositions(0, repoUrl);
     return Response.json({
-        positions: positionsJson ? JSON.parse(positionsJson) : null,
-        repoUrl,
+      positions: positionsJson ? JSON.parse(positionsJson) : null,
+      repoUrl,
+      authenticated: false,
     });
+  }
+
+  const positionsJson = loadRepoPositions(user.id, repoUrl);
+  return Response.json({
+    positions: positionsJson ? JSON.parse(positionsJson) : null,
+    repoUrl,
+    authenticated: true,
+  });
 }
 
 export async function POST(req: Request) {
-    const user = getSessionFromRequest(req);
-    if (!user) {
-        return Response.json({ error: 'Not authenticated' }, { status: 401 });
-    }
+  // Enforce leader-only writes
+  const isLeader = isLeaderRequest(req);
+  if (!isLeader) {
+    return Response.json(
+      {
+        error:
+          "Write access denied: Follower mode (read-only). Run GitMaps locally to edit canvas.",
+        code: "FOLLOWER_READ_ONLY",
+      },
+      { status: 403 },
+    );
+  }
+
+  const user = getSessionFromRequest(req);
 
-    try {
-        const body = await req.json() as {
-            repoUrl: string;
-            positions: Record<string, any>;
-        };
+  // Allow local dev without auth (guest mode - use userId 0)
+  const userId = user?.id ?? 0;
 
-        if (!body.repoUrl) {
-            return Response.json({ error: 'repoUrl required' }, { status: 400 });
-        }
+  try {
+    const body = (await req.json()) as {
+      repoUrl: string;
+      positions: Record<string, any>;
+    };
 
-        saveRepoPositions(user.id, body.repoUrl, JSON.stringify(body.positions || {}));
-        return Response.json({ ok: true });
-    } catch (err: any) {
-        return Response.json({ error: err.message }, { status: 400 });
+    if (!body.repoUrl) {
+      return Response.json({ error: "repoUrl required" }, { status: 400 });
     }
+
+    saveRepoPositions(
+      userId,
+      body.repoUrl,
+      JSON.stringify(body.positions || {}),
+    );
+    return Response.json({
+      ok: true,
+      mode: "leader",
+      syncedAt: new Date().toISOString(),
+    });
+  } catch (err: any) {
+    return Response.json({ error: err.message }, { status: 400 });
+  }
 }

package/app/api/build-info/route.ts

@@ -0,0 +1,19 @@
+import path from 'path';
+
+function runGit(args: string[]): string {
+    const repoRoot = path.resolve(import.meta.dir, '../../..');
+    const proc = Bun.spawnSync(['git', ...args], {
+        cwd: repoRoot,
+        stdout: 'pipe',
+        stderr: 'pipe',
+    });
+
+    if (proc.exitCode !== 0) return '';
+    return proc.stdout.toString().trim();
+}
+
+export async function GET() {
+    const commit = process.env.GIT_COMMIT_HASH || runGit(['rev-parse', '--short', 'HEAD']) || 'unknown';
+    const commitDate = process.env.GIT_COMMIT_DATE || runGit(['log', '-1', '--format=%cs']) || '';
+    return Response.json({ commit, commitDate });
+}

package/app/api/chat/route.ts

@@ -41,7 +41,12 @@ Help the user understand this file. You can:
 - Suggest refactorings
 - Explain the diff/changes
 
-Be concise but thorough. Use code blocks with language tags for code examples. Reference line numbers when relevant.`;
+Be concise but thorough. Use code blocks with language tags for code examples. Reference line numbers when relevant.
+
+To suggest physical refactors or file changes, ALWAYS use the following format:
+<edit_file path="path/to/file.ts">
+// Full replacement file content goes here
+</edit_file>`;
             } else if (canvasContext) {
                 systemPrompt = `You are an AI code assistant helping analyze a Git repository's commit changes.
 
@@ -51,7 +56,13 @@ CURRENT COMMIT: ${canvasContext.commitHash || 'none'} — ${canvasContext.commit
 FILES ON CANVAS:
 ${(canvasContext.files || []).map(f => `- ${f.path} (${f.status})`).join('\n')}
 
-Help the user understand the codebase, the commit changes, relationships between files, architecture patterns, and potential issues. Be concise and actionable.`;
+Help the user understand the codebase, the commit changes, relationships between files, architecture patterns, and potential issues. Be concise and actionable.
+
+To suggest physical refactors or file changes, ALWAYS use the following format:
+<edit_file path="path/to/file.ts">
+// Full replacement file content goes here
+</edit_file>
+You may output multiple <edit_file> blocks in a single response to perform bulk refactoring across multiple files.`;
             } else {
                 systemPrompt = `You are an AI code assistant. Help the user with their coding questions. Be concise and use code blocks with language tags.`;
             }

package/app/api/manifest.json/route.ts

@@ -0,0 +1,20 @@
+// GET /api/manifest.json — PWA Web App Manifest
+export function GET() {
+    return Response.json({
+        name: 'GitMaps — Spatial Code Explorer',
+        short_name: 'GitMaps',
+        description: 'Transcend the file tree. Explore code on an infinite canvas with layers, time-travel, and a minimap.',
+        start_url: '/',
+        display: 'standalone',
+        background_color: '#0a0a0f',
+        theme_color: '#7c3aed',
+        orientation: 'any',
+        categories: ['developer-tools', 'productivity'],
+        icons: [
+            { src: '/api/pwa-icon?size=192', sizes: '192x192', type: 'image/png' },
+            { src: '/api/pwa-icon?size=512', sizes: '512x512', type: 'image/png' },
+        ],
+    }, {
+        headers: { 'Content-Type': 'application/manifest+json' },
+    });
+}

package/app/api/og-image/route.ts

@@ -0,0 +1,14 @@
+import { readFileSync } from 'fs';
+import { join } from 'path';
+
+const ogBuffer = readFileSync(join(import.meta.dir, '..', '..', 'og-image.png'));
+
+// GET /api/og-image — serves the Open Graph social sharing image
+export function GET() {
+    return new Response(ogBuffer, {
+        headers: {
+            'Content-Type': 'image/png',
+            'Cache-Control': 'public, max-age=86400',
+        },
+    });
+}

package/app/api/pwa-icon/route.ts

@@ -0,0 +1,14 @@
+import { readFileSync } from 'fs';
+import { join } from 'path';
+
+const iconBuffer = readFileSync(join(import.meta.dir, '..', '..', 'icon.png'));
+
+// GET /api/pwa-icon — serves the app icon (any size param ignored, returns PNG)
+export function GET() {
+    return new Response(iconBuffer, {
+        headers: {
+            'Content-Type': 'image/png',
+            'Cache-Control': 'public, max-age=86400',
+        },
+    });
+}

package/app/api/repo/clone-stream/route.ts

@@ -1,7 +1,7 @@
 import { measure } from 'measure-fn';
 import path from 'path';
 import fs from 'fs';
-import { spawn } from 'child_process';
+
 
 const CLONES_DIR = path.join(process.cwd(), 'git-canvas', 'repos');
 
@@ -46,8 +46,8 @@ export async function POST(req: Request) {
     if (fs.existsSync(path.join(targetPath, '.git'))) {
         return measure('api:repo:clone-stream:cached', async () => {
             try {
-                const pull = spawn('git', ['pull'], { cwd: targetPath, stdio: 'pipe' });
-                await new Promise<void>((resolve) => pull.on('close', resolve));
+                const pull = Bun.spawn(['git', 'pull'], { cwd: targetPath, stdio: ['ignore', 'pipe', 'pipe'] });
+                await pull.exited;
                 console.log(`[clone-stream] Updated existing repo: ${repoName}`);
             } catch {
                 console.log(`[clone-stream] Using existing repo (pull skipped): ${repoName}`);
@@ -69,7 +69,7 @@ export async function POST(req: Request) {
 
             sendSSE('progress', { message: `Starting clone of ${repoName}...`, percent: 0 });
 
-            const gitProc = spawn('git', ['clone', '--depth', '100', '--progress', url, targetPath], {
+            const gitProc = Bun.spawn(['git', 'clone', '--depth', '100', '--progress', url, targetPath], {
                 stdio: ['ignore', 'pipe', 'pipe']
             });
 
@@ -99,10 +99,20 @@ export async function POST(req: Request) {
                 }
             }
 
-            gitProc.stderr.on('data', parseProgress);
-            gitProc.stdout.on('data', parseProgress);
+            async function consumeStream(stream: ReadableStream) {
+                try {
+                    for await (const chunk of stream) {
+                        parseProgress(Buffer.from(chunk));
+                    }
+                } catch (e) {
+                    console.error('[clone-stream] stream parse error:', e);
+                }
+            }
 
-            gitProc.on('close', (code) => {
+            if (gitProc.stderr) consumeStream(gitProc.stderr);
+            if (gitProc.stdout) consumeStream(gitProc.stdout);
+
+            gitProc.exited.then(code => {
                 if (code === 0) {
                     console.log(`[clone-stream] ✅ Cloned ${repoName}`);
                     sendSSE('done', { ok: true, path: targetPath, cached: false });
@@ -110,13 +120,11 @@ export async function POST(req: Request) {
                     console.error(`[clone-stream] ✗ git clone exited with code ${code}`);
                     sendSSE('error', { error: `git clone failed (exit code ${code})` });
                 }
-                try { controller.close(); } catch { /* already closed */ }
-            });
-
-            gitProc.on('error', (err) => {
+                try { controller.close(); } catch { }
+            }).catch(err => {
                 console.error('[clone-stream] spawn error:', err);
                 sendSSE('error', { error: err.message || 'Failed to start git' });
-                try { controller.close(); } catch { /* already closed */ }
+                try { controller.close(); } catch { }
             });
         }
     });

package/app/api/repo/file-content/route.ts

@@ -1,28 +1,81 @@
-import { measure } from 'measure-fn';
-import simpleGit from 'simple-git';
-import { validateRepoPath } from '../validate-path';
+import { measure } from "measure-fn";
+import simpleGit from "simple-git";
+import { readFileSync } from "fs";
+import path from "path";
+import { validateRepoPath } from "../validate-path";
+
+const MIME_TYPES: Record<string, string> = {
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".webp": "image/webp",
+  ".svg": "image/svg+xml",
+  ".bmp": "image/bmp",
+  ".ico": "image/x-icon",
+};
 
 export async function POST(req: Request) {
-    return measure('api:repo:file-content', async () => {
-        try {
-            const { path: repoPath, commit, filePath } = await req.json();
+  return measure("api:repo:file-content", async () => {
+    try {
+      const { path: repoPath, commit, filePath } = await req.json();
+
+      if (!repoPath || !commit || !filePath) {
+        return new Response(
+          "Repository path, commit, and file path are required",
+          { status: 400 },
+        );
+      }
+
+      const blocked = validateRepoPath(repoPath);
+      if (blocked) return blocked;
+
+      const git = simpleGit(repoPath);
+      const content = await git.show([`${commit}:${filePath}`]);
+
+      return Response.json({ content });
+    } catch (error: any) {
+      console.error("api:repo:file-content:error", error);
+      return new Response(`Error: ${error.message}`, { status: 500 });
+    }
+  });
+}
+
+export async function GET(req: Request) {
+  return measure("api:repo:file-image", async () => {
+    try {
+      const url = new URL(req.url);
+      const repoPath = url.searchParams.get("path");
+      const file = url.searchParams.get("file");
+
+      if (!repoPath || !file) {
+        return new Response("Repository path and file are required", {
+          status: 400,
+        });
+      }
 
-            if (!repoPath || !commit || !filePath) {
-                return new Response('Repository path, commit, and file path are required', { status: 400 });
-            }
+      const blocked = validateRepoPath(repoPath);
+      if (blocked) return blocked;
 
-            const blocked = validateRepoPath(repoPath);
-            if (blocked) return blocked;
+      const ext = path.extname(file).toLowerCase();
+      const mimeType = MIME_TYPES[ext];
 
-            const git = simpleGit(repoPath);
+      if (!mimeType) {
+        return new Response("Not an image file", { status: 400 });
+      }
 
-            // Get file content at this commit
-            const content = await git.show([`${commit}:${filePath}`]);
+      const fullPath = path.join(repoPath, file);
+      const buffer = readFileSync(fullPath);
 
-            return Response.json({ content });
-        } catch (error: any) {
-            console.error('api:repo:file-content:error', error);
-            return new Response(`Error: ${error.message}`, { status: 500 });
-        }
-    });
+      return new Response(buffer, {
+        headers: {
+          "Content-Type": mimeType,
+          "Cache-Control": "public, max-age=31536000",
+        },
+      });
+    } catch (error: any) {
+      console.error("api:repo:file-image:error", error);
+      return new Response(`Error: ${error.message}`, { status: 500 });
+    }
+  });
 }

package/app/api/repo/imports/route.ts

@@ -1,6 +1,7 @@
 import { measure } from 'measure-fn';
 import simpleGit from 'simple-git';
 import { validateRepoPath } from '../validate-path';
+import { join } from 'path';
 
 /**
  * POST /api/repo/imports
@@ -96,13 +97,30 @@ export async function POST(req: Request) {
             });
 
             // Scan each source file for imports (limit to first 200 files for perf)
-            const filesToScan = sourceFiles.slice(0, 200);
+            const filesToScan = sourceFiles.slice(0, 300);
             const edges: { source: string; target: string; line: number }[] = [];
 
+            const isWorkingTree = !commit || commit === 'allfiles' || commit === 'HEAD' || commit === '';
+
             await Promise.allSettled(filesToScan.map(async (filePath) => {
                 try {
-                    const content = await git.show([`${commit}:${filePath}`]);
-                    const lines = content.split('\n');
+                    let text = '';
+                    if (isWorkingTree) {
+                        try {
+                            const file = Bun.file(join(repoPath, filePath));
+                            if (await file.exists()) {
+                                text = await file.text();
+                            }
+                        } catch {
+                            // Fallback if failed
+                        }
+                    }
+                    if (!text) {
+                        text = await git.show([`${commit === 'allfiles' ? 'HEAD' : commit}:${filePath}`]);
+                    }
+                    if (!text) return;
+
+                    const lines = text.split('\n');
 
                     for (let i = 0; i < Math.min(lines.length, 100); i++) {
                         // Only scan first 100 lines (imports are at the top)

package/app/api/repo/list/route.ts

@@ -0,0 +1,30 @@
+// app/api/repo/list/route.ts — Lists repos from the git-canvas/repos directory
+import { readdirSync, statSync, existsSync } from 'fs';
+import { join } from 'path';
+
+export async function GET() {
+    const reposDir = join(process.cwd(), 'git-canvas', 'repos');
+    const repos: { name: string; path: string }[] = [];
+
+    if (existsSync(reposDir)) {
+        try {
+            const entries = readdirSync(reposDir);
+            for (const entry of entries) {
+                const fullPath = join(reposDir, entry);
+                try {
+                    const stat = statSync(fullPath);
+                    if (stat.isDirectory()) {
+                        // Check if it's a git repo (has .git)
+                        const isGit = existsSync(join(fullPath, '.git'));
+                        repos.push({
+                            name: entry,
+                            path: fullPath.replace(/\\/g, '/'),
+                        });
+                    }
+                } catch { }
+            }
+        } catch { }
+    }
+
+    return Response.json({ repos });
+}

package/app/api/repo/load/route.test.ts

@@ -0,0 +1,62 @@
+import { describe, expect, test } from 'bun:test';
+import { extractCanonicalForgeSlugInfo } from './route';
+
+describe('extractCanonicalForgeSlugInfo', () => {
+    test('parses GitHub HTTPS remote', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('https://github.com/7flash/gitmaps.git')
+        ).toEqual({
+            slug: '7flash/gitmaps',
+            source: 'github.com · https://github.com/7flash/gitmaps',
+        });
+    });
+
+    test('parses GitHub SSH remote', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('git@github.com:7flash/gitmaps.git')
+        ).toEqual({
+            slug: '7flash/gitmaps',
+            source: 'github.com · git@github.com:7flash/gitmaps',
+        });
+    });
+
+    test('preserves deep GitLab namespace', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('git@gitlab.com:team/platform/tools/gitmaps.git')
+        ).toEqual({
+            slug: 'team/platform/tools/gitmaps',
+            source: 'gitlab.com · git@gitlab.com:team/platform/tools/gitmaps',
+        });
+    });
+
+    test('filters forge helper path segments like scm', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('https://git.example.com/scm/team/gitmaps.git')
+        ).toEqual({
+            slug: 'team/gitmaps',
+            source: 'git.example.com · https://git.example.com/scm/team/gitmaps',
+        });
+    });
+
+    test('returns null slug for too-deep namespaces', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('https://git.example.com/a/b/c/d/e/f.git')
+        ).toEqual({
+            slug: null,
+            source: 'https://git.example.com/a/b/c/d/e/f',
+        });
+    });
+
+    test('returns null slug for invalid segments', () => {
+        expect(
+            extractCanonicalForgeSlugInfo('https://git.example.com/team/bad:name.git')
+        ).toEqual({
+            slug: null,
+            source: 'https://git.example.com/team/bad:name',
+        });
+    });
+
+    test('handles missing remote gracefully', () => {
+        expect(extractCanonicalForgeSlugInfo(null)).toEqual({ slug: null, source: '' });
+    });
+});

package/app/api/repo/load/route.ts

@@ -3,6 +3,33 @@ import simpleGit from 'simple-git';
 import path from 'path';
 import { validateRepoPath } from '../validate-path';
 
+export function extractCanonicalForgeSlugInfo(remoteUrl?: string | null): { slug: string | null; source: string } {
+    if (!remoteUrl) return { slug: null, source: '' };
+
+    const normalized = remoteUrl.trim().replace(/\.git$/i, '');
+
+    const sshMatch = normalized.match(/^[^@]+@([^:]+):(.+)$/);
+    const httpsMatch = normalized.match(/^(?:https?|ssh):\/\/([^/]+)\/(.+)$/i);
+    const host = sshMatch?.[1] || httpsMatch?.[1] || '';
+    const pathPart = sshMatch?.[2] || httpsMatch?.[2];
+    if (!pathPart) return { slug: null, source: normalized };
+
+    const segments = pathPart
+        .split('/')
+        .map(s => s.trim())
+        .filter(Boolean)
+        .filter(s => s !== '-' && s !== 'scm');
+
+    if (segments.length < 2) return { slug: null, source: normalized };
+    if (segments.length > 5) return { slug: null, source: normalized };
+    if (segments.some(part => /[:\\]/.test(part))) return { slug: null, source: normalized };
+
+    return {
+        slug: segments.join('/'),
+        source: host ? `${host} · ${normalized}` : normalized,
+    };
+}
+
 export async function POST(req: Request) {
     return measure('api:repo:load', async () => {
         try {
@@ -47,7 +74,20 @@ export async function POST(req: Request) {
                 refs: commit.refs ? commit.refs.split(',').map(r => r.trim()).filter(Boolean) : []
             }));
 
-            return Response.json({ commits });
+            let canonicalSlug: string | null = null;
+            let canonicalSlugSource = '';
+            try {
+                const remotes = await git.getRemotes(true);
+                const origin = remotes.find(r => r.name === 'origin') || remotes[0];
+                const info = extractCanonicalForgeSlugInfo(origin?.refs?.fetch || origin?.refs?.push || null);
+                canonicalSlug = info.slug;
+                canonicalSlugSource = info.source;
+            } catch {
+                canonicalSlug = null;
+                canonicalSlugSource = '';
+            }
+
+            return Response.json({ commits, canonicalSlug, canonicalSlugSource });
         } catch (error: any) {
             console.error('api:repo:load:error', error);
             return new Response(`Error: ${error.message}`, { status: 500 });