npm - hermes-web-ui - Versions diffs - 0.4.2 → 0.4.3 - Mend

hermes-web-ui 0.4.2 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

package/dist/server/index.js CHANGED Viewed

@@ -33,6 +33,176 @@ var __toESM = (mod2, isNodeMode, target) => (target = mod2 != null ? __create(__
 ));
 var __toCommonJS = (mod2) => __copyProps(__defProp({}, "__esModule", { value: true }), mod2);
+// packages/server/src/db/index.ts
+function isSqliteAvailable() {
+  return SQLITE_AVAILABLE;
+}
+function getDb() {
+  if (!SQLITE_AVAILABLE) return null;
+  if (!_db) {
+    (0, import_fs.mkdirSync)(DB_DIR, { recursive: true });
+    _db = new import_node_sqlite.DatabaseSync(DB_PATH);
+    _db.exec("PRAGMA journal_mode=WAL");
+    _db.exec("PRAGMA foreign_keys=ON");
+  }
+  return _db;
+}
+function ensureTable(tableName, schema2) {
+  const db = getDb();
+  if (!db) return;
+  const colDefs = Object.entries(schema2).map(([col, def]) => `"${col}" ${def}`).join(", ");
+  db.exec(`CREATE TABLE IF NOT EXISTS "${tableName}" (${colDefs})`);
+  const rows = db.prepare(`PRAGMA table_info("${tableName}")`).all();
+  const existingCols = new Set(rows.map((r) => r.name));
+  const expectedCols = new Set(Object.keys(schema2));
+  for (const col of expectedCols) {
+    if (!existingCols.has(col)) {
+      db.exec(`ALTER TABLE "${tableName}" ADD COLUMN "${col}" ${schema2[col]}`);
+    }
+  }
+  for (const col of existingCols) {
+    if (!expectedCols.has(col)) {
+      db.exec(`ALTER TABLE "${tableName}" DROP COLUMN "${col}"`);
+    }
+  }
+}
+function readJsonStore() {
+  if (!(0, import_fs.existsSync)(JSON_PATH)) return {};
+  try {
+    return JSON.parse((0, import_fs.readFileSync)(JSON_PATH, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function writeJsonStore(data) {
+  (0, import_fs.mkdirSync)(DB_DIR, { recursive: true });
+  (0, import_fs.writeFileSync)(JSON_PATH, JSON.stringify(data, null, 2), "utf-8");
+}
+function jsonGet(table, key) {
+  const data = readJsonStore();
+  return data[table]?.[key];
+}
+function jsonSet(table, key, value) {
+  const data = readJsonStore();
+  if (!data[table]) data[table] = {};
+  data[table][key] = value;
+  writeJsonStore(data);
+}
+function jsonGetAll(table) {
+  const data = readJsonStore();
+  return data[table] || {};
+}
+function jsonDelete(table, key) {
+  const data = readJsonStore();
+  if (data[table]) {
+    delete data[table][key];
+    writeJsonStore(data);
+  }
+}
+function getStoragePath() {
+  return SQLITE_AVAILABLE ? DB_PATH : JSON_PATH;
+}
+var import_node_sqlite, import_fs, import_path, import_os, DB_DIR, DB_PATH, JSON_PATH, SQLITE_AVAILABLE, _db;
+var init_db = __esm({
+  "packages/server/src/db/index.ts"() {
+    "use strict";
+    import_node_sqlite = require("node:sqlite");
+    import_fs = require("fs");
+    import_path = require("path");
+    import_os = require("os");
+    DB_DIR = (0, import_path.resolve)((0, import_os.homedir)(), ".hermes-web-ui");
+    DB_PATH = (0, import_path.resolve)(DB_DIR, "hermes-web-ui.db");
+    JSON_PATH = (0, import_path.resolve)(DB_DIR, "hermes-web-ui.json");
+    SQLITE_AVAILABLE = (() => {
+      const [major, minor] = process.versions.node.split(".").map(Number);
+      return major > 22 || major === 22 && minor >= 5;
+    })();
+    _db = null;
+  }
+});
+// packages/server/src/db/hermes/usage-store.ts
+var usage_store_exports = {};
+__export(usage_store_exports, {
+  deleteUsage: () => deleteUsage,
+  getUsage: () => getUsage,
+  getUsageBatch: () => getUsageBatch,
+  initUsageStore: () => initUsageStore,
+  updateUsage: () => updateUsage
+});
+function initUsageStore() {
+  if (isSqliteAvailable()) {
+    ensureTable(TABLE, SCHEMA);
+  }
+}
+function updateUsage(sessionId, inputTokens, outputTokens) {
+  const record = { input_tokens: inputTokens, output_tokens: outputTokens, updated_at: Date.now() };
+  if (isSqliteAvailable()) {
+    const db = getDb();
+    db.prepare(
+      `INSERT INTO ${TABLE} (session_id, input_tokens, output_tokens, updated_at)
+       VALUES (?, ?, ?, ?)
+       ON CONFLICT(session_id) DO UPDATE SET
+         input_tokens = excluded.input_tokens,
+         output_tokens = excluded.output_tokens,
+         updated_at = excluded.updated_at`
+    ).run(sessionId, inputTokens, outputTokens, record.updated_at);
+  } else {
+    jsonSet(TABLE, sessionId, record);
+  }
+}
+function getUsage(sessionId) {
+  if (isSqliteAvailable()) {
+    return getDb().prepare(
+      `SELECT input_tokens, output_tokens FROM ${TABLE} WHERE session_id = ?`
+    ).get(sessionId);
+  }
+  const row = jsonGet(TABLE, sessionId);
+  if (!row) return void 0;
+  return { input_tokens: row.input_tokens ?? 0, output_tokens: row.output_tokens ?? 0 };
+}
+function getUsageBatch(sessionIds) {
+  if (sessionIds.length === 0) return {};
+  if (isSqliteAvailable()) {
+    const db = getDb();
+    const placeholders = sessionIds.map(() => "?").join(",");
+    const rows = db.prepare(
+      `SELECT session_id, input_tokens, output_tokens FROM ${TABLE} WHERE session_id IN (${placeholders})`
+    ).all(...sessionIds);
+    const map3 = {};
+    for (const r of rows) map3[r.session_id] = { input_tokens: r.input_tokens, output_tokens: r.output_tokens };
+    return map3;
+  }
+  const all3 = jsonGetAll(TABLE);
+  const map2 = {};
+  for (const id of sessionIds) {
+    const row = all3[id];
+    if (row) map2[id] = { input_tokens: row.input_tokens ?? 0, output_tokens: row.output_tokens ?? 0 };
+  }
+  return map2;
+}
+function deleteUsage(sessionId) {
+  if (isSqliteAvailable()) {
+    getDb().prepare(`DELETE FROM ${TABLE} WHERE session_id = ?`).run(sessionId);
+  } else {
+    jsonDelete(TABLE, sessionId);
+  }
+}
+var TABLE, SCHEMA;
+var init_usage_store = __esm({
+  "packages/server/src/db/hermes/usage-store.ts"() {
+    "use strict";
+    init_db();
+    TABLE = "session_usage";
+    SCHEMA = {
+      session_id: "TEXT PRIMARY KEY",
+      input_tokens: "INTEGER NOT NULL DEFAULT 0",
+      output_tokens: "INTEGER NOT NULL DEFAULT 0",
+      updated_at: "INTEGER NOT NULL"
+    };
+  }
+});
 // node_modules/es-object-atoms/index.js
 var require_es_object_atoms = __commonJS({
   "node_modules/es-object-atoms/index.js"(exports2, module2) {
@@ -1231,13 +1401,13 @@ var require_common = __commonJS({
           }
         }
       }
-      function matchesTemplate(search, template) {
+      function matchesTemplate(search2, template) {
         let searchIndex = 0;
         let templateIndex = 0;
         let starIndex = -1;
         let matchIndex = 0;
-        while (searchIndex < search.length) {
-          if (templateIndex < template.length && (template[templateIndex] === search[searchIndex] || template[templateIndex] === "*")) {
+        while (searchIndex < search2.length) {
+          if (templateIndex < template.length && (template[templateIndex] === search2[searchIndex] || template[templateIndex] === "*")) {
             if (template[templateIndex] === "*") {
               starIndex = templateIndex;
               matchIndex = searchIndex;
@@ -15038,14 +15208,14 @@ var require_parseurl = __commonJS({
       }
       var pathname = str2;
       var query = null;
-      var search = null;
+      var search2 = null;
       for (var i = 1; i < str2.length; i++) {
         switch (str2.charCodeAt(i)) {
           case 63:
-            if (search === null) {
+            if (search2 === null) {
               pathname = str2.substring(0, i);
               query = str2.substring(i + 1);
-              search = str2.substring(i);
+              search2 = str2.substring(i);
             }
             break;
           case 9:
@@ -15069,9 +15239,9 @@ var require_parseurl = __commonJS({
       url3.path = str2;
       url3.href = str2;
       url3.pathname = pathname;
-      if (search !== null) {
+      if (search2 !== null) {
         url3.query = query;
-        url3.search = search;
+        url3.search = search2;
       }
       return url3;
     }
@@ -15788,9 +15958,9 @@ var require_co = __commonJS({
     function co(gen) {
       var ctx = this;
       var args2 = slice.call(arguments, 1);
-      return new Promise(function(resolve8, reject) {
+      return new Promise(function(resolve10, reject) {
         if (typeof gen === "function") gen = gen.apply(ctx, args2);
-        if (!gen || typeof gen.next !== "function") return resolve8(gen);
+        if (!gen || typeof gen.next !== "function") return resolve10(gen);
         onFulfilled();
         function onFulfilled(res) {
           var ret;
@@ -15811,7 +15981,7 @@ var require_co = __commonJS({
           next(ret);
         }
         function next(ret) {
-          if (ret.done) return resolve8(ret.value);
+          if (ret.done) return resolve10(ret.value);
           var value = toPromise.call(ctx, ret.value);
           if (value && isPromise(value)) return value.then(onFulfilled, onRejected);
           return onRejected(new TypeError('You may only yield a function, promise, generator, array, or object, but the following object was passed: "' + String(ret.value) + '"'));
@@ -15829,11 +15999,11 @@ var require_co = __commonJS({
     }
     function thunkToPromise(fn2) {
       var ctx = this;
-      return new Promise(function(resolve8, reject) {
+      return new Promise(function(resolve10, reject) {
         fn2.call(ctx, function(err, res) {
           if (err) return reject(err);
           if (arguments.length > 2) res = slice.call(arguments, 1);
-          resolve8(res);
+          resolve10(res);
         });
       });
     }
@@ -20211,10 +20381,10 @@ var require_raw_body = __commonJS({
       if (done) {
         return readStream2(stream4, encoding, length, limit, wrap(done));
       }
-      return new Promise(function executor(resolve8, reject) {
+      return new Promise(function executor(resolve10, reject) {
         readStream2(stream4, encoding, length, limit, function onRead(err, buf) {
           if (err) return reject(err);
-          resolve8(buf);
+          resolve10(buf);
         });
       });
     }
@@ -24106,10 +24276,10 @@ var require_resolve_path = __commonJS({
   "node_modules/resolve-path/index.js"(exports2, module2) {
     "use strict";
     var createError = require_http_errors4();
-    var join11 = require("path").join;
+    var join14 = require("path").join;
     var normalize = require("path").normalize;
     var pathIsAbsolute = require_path_is_absolute();
-    var resolve8 = require("path").resolve;
+    var resolve10 = require("path").resolve;
     var sep = require("path").sep;
     module2.exports = resolvePath;
     var UP_PATH_REGEXP = /(?:^|[\\/])\.\.(?:[\\/]|$)/;
@@ -24141,7 +24311,7 @@ var require_resolve_path = __commonJS({
       if (UP_PATH_REGEXP.test(normalize("." + sep + path))) {
         throw createError(403);
       }
-      return normalize(join11(resolve8(root), path));
+      return normalize(join14(resolve10(root), path));
     }
   }
 });
@@ -24900,7 +25070,7 @@ var require_koa_send = __commonJS({
       normalize,
       basename: basename2,
       extname,
-      resolve: resolve8,
+      resolve: resolve10,
       parse: parse2,
       sep
     } = require("path");
@@ -24909,7 +25079,7 @@ var require_koa_send = __commonJS({
       assert(ctx, "koa context required");
       assert(path, "pathname required");
       debug2('send "%s" %j', path, opts);
-      const root = opts.root ? normalize(resolve8(opts.root)) : "";
+      const root = opts.root ? normalize(resolve10(opts.root)) : "";
       const trailingSlash = path[path.length - 1] === "/";
       path = path.substr(parse2(path).root.length);
       const index = opts.index;
@@ -25013,7 +25183,7 @@ var require_koa_static = __commonJS({
   "node_modules/koa-static/index.js"(exports2, module2) {
     "use strict";
     var debug2 = require_src2()("koa-static");
-    var { resolve: resolve8 } = require("path");
+    var { resolve: resolve10 } = require("path");
     var assert = require("assert");
     var send2 = require_koa_send();
     module2.exports = serve2;
@@ -25021,7 +25191,7 @@ var require_koa_static = __commonJS({
       opts = Object.assign({}, opts);
       assert(root, "root directory is required to serve files");
       debug2('static "%s" %j', root, opts);
-      opts.root = resolve8(root);
+      opts.root = resolve10(root);
       if (opts.index !== false) opts.index = opts.index || "index.html";
       if (!opts.defer) {
         return async function serve3(ctx, next) {
@@ -28931,7 +29101,7 @@ var require_sonic_boom = __commonJS({
       if (!(this instanceof SonicBoom)) {
         return new SonicBoom(opts);
       }
-      let { fd, dest, minLength, maxLength, maxWrite, periodicFlush, sync, append: append2 = true, mkdir: mkdir4, retryEAGAIN, fsync, contentMode, mode } = opts || {};
+      let { fd, dest, minLength, maxLength, maxWrite, periodicFlush, sync, append: append2 = true, mkdir: mkdir5, retryEAGAIN, fsync, contentMode, mode } = opts || {};
       fd = fd || dest;
       this._len = 0;
       this.fd = -1;
@@ -28956,7 +29126,7 @@ var require_sonic_boom = __commonJS({
       this.append = append2 || false;
       this.mode = mode;
       this.retryEAGAIN = retryEAGAIN || (() => true);
-      this.mkdir = mkdir4 || false;
+      this.mkdir = mkdir5 || false;
       let fsWriteSync;
       let fsWrite;
       if (contentMode === kContentModeBuffer) {
@@ -29662,7 +29832,7 @@ var require_thread_stream = __commonJS({
     var { version } = require_package();
     var { EventEmitter: EventEmitter2 } = require("events");
     var { Worker } = require("worker_threads");
-    var { join: join11 } = require("path");
+    var { join: join14 } = require("path");
     var { pathToFileURL } = require("url");
     var { wait } = require_wait();
     var {
@@ -29698,7 +29868,7 @@ var require_thread_stream = __commonJS({
     function createWorker(stream4, opts) {
       const { filename, workerData } = opts;
       const bundlerOverrides = "__bundlerPathsOverrides" in globalThis ? globalThis.__bundlerPathsOverrides : {};
-      const toExecute = bundlerOverrides["thread-stream-worker"] || join11(__dirname, "lib", "worker.js");
+      const toExecute = bundlerOverrides["thread-stream-worker"] || join14(__dirname, "lib", "worker.js");
       const worker = new Worker(toExecute, {
         ...opts.workerOpts,
         trackUnmanagedFds: false,
@@ -30087,9 +30257,9 @@ var require_transport = __commonJS({
   "node_modules/pino/lib/transport.js"(exports2, module2) {
     "use strict";
     var { createRequire } = require("module");
-    var { existsSync: existsSync11 } = require("node:fs");
+    var { existsSync: existsSync14 } = require("node:fs");
     var getCallers = require_caller();
-    var { join: join11, isAbsolute, sep } = require("node:path");
+    var { join: join14, isAbsolute, sep } = require("node:path");
     var { fileURLToPath } = require("node:url");
     var sleep = require_atomic_sleep();
     var onExit = require_on_exit_leak_free();
@@ -30161,7 +30331,7 @@ var require_transport = __commonJS({
           return false;
         }
       }
-      return isAbsolute(path) && !existsSync11(path);
+      return isAbsolute(path) && !existsSync14(path);
     }
     function stripQuotes(value) {
       const first = value[0];
@@ -30242,7 +30412,7 @@ var require_transport = __commonJS({
         throw new Error("only one of target or targets can be specified");
       }
       if (targets) {
-        target = bundlerOverrides["pino-worker"] || join11(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
         options.targets = targets.filter((dest) => dest.target).map((dest) => {
           return {
             ...dest,
@@ -30260,7 +30430,7 @@ var require_transport = __commonJS({
           });
         });
       } else if (pipeline) {
-        target = bundlerOverrides["pino-worker"] || join11(__dirname, "worker.js");
+        target = bundlerOverrides["pino-worker"] || join14(__dirname, "worker.js");
         options.pipelines = [pipeline.map((dest) => {
           return {
             ...dest,
@@ -30283,7 +30453,7 @@ var require_transport = __commonJS({
           return origin2;
         }
         if (origin2 === "pino/file") {
-          return join11(__dirname, "..", "file.js");
+          return join14(__dirname, "..", "file.js");
         }
         let fixTarget2;
         for (const filePath of callers) {
@@ -31263,7 +31433,7 @@ var require_safe_stable_stringify = __commonJS({
               return circularValue;
             }
             let res = "";
-            let join11 = ",";
+            let join14 = ",";
             const originalIndentation = indentation;
             if (Array.isArray(value)) {
               if (value.length === 0) {
@@ -31277,7 +31447,7 @@ var require_safe_stable_stringify = __commonJS({
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join11 = `,
+                join14 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -31285,13 +31455,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyFnReplacer(String(i), value, stack2, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join11;
+                res += join14;
               }
               const tmp = stringifyFnReplacer(String(i), value, stack2, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join11}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -31312,7 +31482,7 @@ ${originalIndentation}`;
             let separator = "";
             if (spacer !== "") {
               indentation += spacer;
-              join11 = `,
+              join14 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -31326,13 +31496,13 @@ ${indentation}`;
               const tmp = stringifyFnReplacer(key2, value, stack2, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join11;
+                separator = join14;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...":${whitespace}"${getItemCount(removedKeys)} not stringified"`;
-              separator = join11;
+              separator = join14;
             }
             if (spacer !== "" && separator.length > 1) {
               res = `
@@ -31373,7 +31543,7 @@ ${originalIndentation}`;
             }
             const originalIndentation = indentation;
             let res = "";
-            let join11 = ",";
+            let join14 = ",";
             if (Array.isArray(value)) {
               if (value.length === 0) {
                 return "[]";
@@ -31386,7 +31556,7 @@ ${originalIndentation}`;
                 indentation += spacer;
                 res += `
 ${indentation}`;
-                join11 = `,
+                join14 = `,
 ${indentation}`;
               }
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
@@ -31394,13 +31564,13 @@ ${indentation}`;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyArrayReplacer(String(i), value[i], stack2, replacer, spacer, indentation);
                 res += tmp2 !== void 0 ? tmp2 : "null";
-                res += join11;
+                res += join14;
               }
               const tmp = stringifyArrayReplacer(String(i), value[i], stack2, replacer, spacer, indentation);
               res += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res += `${join11}"... ${getItemCount(removedKeys)} not stringified"`;
+                res += `${join14}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               if (spacer !== "") {
                 res += `
@@ -31413,7 +31583,7 @@ ${originalIndentation}`;
             let whitespace = "";
             if (spacer !== "") {
               indentation += spacer;
-              join11 = `,
+              join14 = `,
 ${indentation}`;
               whitespace = " ";
             }
@@ -31422,7 +31592,7 @@ ${indentation}`;
               const tmp = stringifyArrayReplacer(key2, value[key2], stack2, replacer, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}:${whitespace}${tmp}`;
-                separator = join11;
+                separator = join14;
               }
             }
             if (spacer !== "" && separator.length > 1) {
@@ -31480,20 +31650,20 @@ ${originalIndentation}`;
               indentation += spacer;
               let res2 = `
 ${indentation}`;
-              const join12 = `,
+              const join15 = `,
 ${indentation}`;
               const maximumValuesToStringify = Math.min(value.length, maximumBreadth);
               let i = 0;
               for (; i < maximumValuesToStringify - 1; i++) {
                 const tmp2 = stringifyIndent(String(i), value[i], stack2, spacer, indentation);
                 res2 += tmp2 !== void 0 ? tmp2 : "null";
-                res2 += join12;
+                res2 += join15;
               }
               const tmp = stringifyIndent(String(i), value[i], stack2, spacer, indentation);
               res2 += tmp !== void 0 ? tmp : "null";
               if (value.length - 1 > maximumBreadth) {
                 const removedKeys = value.length - maximumBreadth - 1;
-                res2 += `${join12}"... ${getItemCount(removedKeys)} not stringified"`;
+                res2 += `${join15}"... ${getItemCount(removedKeys)} not stringified"`;
               }
               res2 += `
 ${originalIndentation}`;
@@ -31509,16 +31679,16 @@ ${originalIndentation}`;
               return '"[Object]"';
             }
             indentation += spacer;
-            const join11 = `,
+            const join14 = `,
 ${indentation}`;
             let res = "";
             let separator = "";
             let maximumPropertiesToStringify = Math.min(keyLength, maximumBreadth);
             if (isTypedArrayWithEntries(value)) {
-              res += stringifyTypedArray(value, join11, maximumBreadth);
+              res += stringifyTypedArray(value, join14, maximumBreadth);
               keys = keys.slice(value.length);
               maximumPropertiesToStringify -= value.length;
-              separator = join11;
+              separator = join14;
             }
             if (deterministic) {
               keys = sort(keys, comparator);
@@ -31529,13 +31699,13 @@ ${indentation}`;
               const tmp = stringifyIndent(key2, value[key2], stack2, spacer, indentation);
               if (tmp !== void 0) {
                 res += `${separator}${strEscape(key2)}: ${tmp}`;
-                separator = join11;
+                separator = join14;
               }
             }
             if (keyLength > maximumBreadth) {
               const removedKeys = keyLength - maximumBreadth;
               res += `${separator}"...": "${getItemCount(removedKeys)} not stringified"`;
-              separator = join11;
+              separator = join14;
             }
             if (separator !== "") {
               res = `
@@ -32062,28 +32232,28 @@ var require_pino = __commonJS({
 });
 // packages/server/src/services/logger.ts
-var import_pino, import_path3, import_fs, import_os3, MAX_LOG_SIZE, logDir, logFile, logger;
+var import_pino, import_path4, import_fs2, import_os4, MAX_LOG_SIZE, logDir, logFile, logger;
 var init_logger = __esm({
   "packages/server/src/services/logger.ts"() {
     "use strict";
     import_pino = __toESM(require_pino());
-    import_path3 = require("path");
-    import_fs = require("fs");
-    import_os3 = require("os");
+    import_path4 = require("path");
+    import_fs2 = require("fs");
+    import_os4 = require("os");
     MAX_LOG_SIZE = 3 * 1024 * 1024;
-    logDir = (0, import_path3.resolve)((0, import_os3.homedir)(), ".hermes-web-ui", "logs");
-    (0, import_fs.mkdirSync)(logDir, { recursive: true });
-    logFile = (0, import_path3.resolve)(logDir, "server.log");
+    logDir = (0, import_path4.resolve)((0, import_os4.homedir)(), ".hermes-web-ui", "logs");
+    (0, import_fs2.mkdirSync)(logDir, { recursive: true });
+    logFile = (0, import_path4.resolve)(logDir, "server.log");
     try {
-      const stat2 = (0, import_fs.statSync)(logFile);
+      const stat2 = (0, import_fs2.statSync)(logFile);
       if (stat2.size > MAX_LOG_SIZE) {
         const keepSize = Math.floor(MAX_LOG_SIZE / 2);
-        const fd = (0, import_fs.openSync)(logFile, "r");
+        const fd = (0, import_fs2.openSync)(logFile, "r");
         const buf = Buffer.alloc(keepSize);
-        (0, import_fs.readSync)(fd, buf, 0, keepSize, stat2.size - keepSize);
-        (0, import_fs.closeSync)(fd);
-        (0, import_fs.truncateSync)(logFile, 0);
-        (0, import_fs.writeFileSync)(logFile, buf);
+        (0, import_fs2.readSync)(fd, buf, 0, keepSize, stat2.size - keepSize);
+        (0, import_fs2.closeSync)(fd);
+        (0, import_fs2.truncateSync)(logFile, 0);
+        (0, import_fs2.writeFileSync)(logFile, buf);
       }
     } catch {
     }
@@ -32101,24 +32271,24 @@ var gateway_manager_exports = {};
 __export(gateway_manager_exports, {
   GatewayManager: () => GatewayManager
 });
-var import_child_process, import_path4, import_os4, import_fs2, import_child_process2, import_util, import_net, execFileAsync, HERMES_BASE, HERMES_BIN, isWsl, isDocker, needsRunMode, GatewayManager;
+var import_child_process, import_path5, import_os5, import_fs3, import_child_process2, import_util, import_net, execFileAsync, HERMES_BASE, HERMES_BIN, isWsl, isDocker, needsRunMode, GatewayManager;
 var init_gateway_manager = __esm({
   "packages/server/src/services/hermes/gateway-manager.ts"() {
     "use strict";
     import_child_process = require("child_process");
-    import_path4 = require("path");
-    import_os4 = require("os");
-    import_fs2 = require("fs");
+    import_path5 = require("path");
+    import_os5 = require("os");
+    import_fs3 = require("fs");
     import_child_process2 = require("child_process");
     import_util = require("util");
     import_net = require("net");
     init_js_yaml();
     init_logger();
     execFileAsync = (0, import_util.promisify)(import_child_process2.execFile);
-    HERMES_BASE = (0, import_path4.resolve)((0, import_os4.homedir)(), ".hermes");
+    HERMES_BASE = (0, import_path5.resolve)((0, import_os5.homedir)(), ".hermes");
     HERMES_BIN = process.env.HERMES_BIN?.trim() || "hermes";
-    isWsl = (0, import_fs2.existsSync)("/proc/version") && (0, import_fs2.readFileSync)("/proc/version", "utf-8").toLowerCase().includes("microsoft");
-    isDocker = (0, import_fs2.existsSync)("/.dockerenv");
+    isWsl = (0, import_fs3.existsSync)("/proc/version") && (0, import_fs3.readFileSync)("/proc/version", "utf-8").toLowerCase().includes("microsoft");
+    isDocker = (0, import_fs3.existsSync)("/.dockerenv");
     needsRunMode = isWsl || isDocker;
     GatewayManager = class {
       /** 已注册的网关：profile name → { pid, port, host, url } */
@@ -32136,17 +32306,17 @@ var init_gateway_manager = __esm({
       /** 获取 profile 的 home 目录路径 */
       profileDir(name) {
         if (name === "default") return HERMES_BASE;
-        return (0, import_path4.join)(HERMES_BASE, "profiles", name);
+        return (0, import_path5.join)(HERMES_BASE, "profiles", name);
       }
       /**
        * 从 profile 的 config.yaml 读取 api_server 端口和主机
        * 读取路径：platforms.api_server.extra.port / extra.host
        */
       readProfilePort(name) {
-        const configPath3 = (0, import_path4.join)(this.profileDir(name), "config.yaml");
-        if (!(0, import_fs2.existsSync)(configPath3)) return { port: 8642, host: "127.0.0.1" };
+        const configPath3 = (0, import_path5.join)(this.profileDir(name), "config.yaml");
+        if (!(0, import_fs3.existsSync)(configPath3)) return { port: 8642, host: "127.0.0.1" };
         try {
-          const content = (0, import_fs2.readFileSync)(configPath3, "utf-8");
+          const content = (0, import_fs3.readFileSync)(configPath3, "utf-8");
           const cfg = jsYaml.load(content) || {};
           const extra = cfg?.platforms?.api_server?.extra;
           const rawPort = extra?.port || 8642;
@@ -32159,10 +32329,10 @@ var init_gateway_manager = __esm({
       }
       /** 从 profile 的 gateway.pid 文件读取 PID（JSON 格式 { "pid": 12345 }） */
       readPidFile(name) {
-        const pidPath = (0, import_path4.join)(this.profileDir(name), "gateway.pid");
-        if (!(0, import_fs2.existsSync)(pidPath)) return null;
+        const pidPath = (0, import_path5.join)(this.profileDir(name), "gateway.pid");
+        if (!(0, import_fs3.existsSync)(pidPath)) return null;
         try {
-          const content = (0, import_fs2.readFileSync)(pidPath, "utf-8").trim();
+          const content = (0, import_fs3.readFileSync)(pidPath, "utf-8").trim();
           const data = JSON.parse(content);
           return typeof data.pid === "number" ? data.pid : parseInt(data.pid, 10) || null;
         } catch {
@@ -32195,22 +32365,22 @@ var init_gateway_manager = __esm({
       /** 尝试绑定端口，检测端口是否被系统级进程占用 */
       checkPortAvailable(port, host) {
         if (port < 0 || port > 65535) return Promise.resolve(false);
-        return new Promise((resolve8) => {
+        return new Promise((resolve10) => {
           const server2 = (0, import_net.createServer)();
           server2.once("error", () => {
             server2.close();
-            resolve8(false);
+            resolve10(false);
           });
           server2.once("listening", () => {
             server2.close();
-            resolve8(true);
+            resolve10(true);
           });
           server2.listen(port, host);
         });
       }
       /** 从 base 端口开始递增查找空闲端口（上限 65535） */
       findFreePort(base, host = "127.0.0.1") {
-        return new Promise((resolve8, reject) => {
+        return new Promise((resolve10, reject) => {
           const tryPort = (port) => {
             if (port > 65535) {
               reject(new Error(`No free port found in range ${base}-65535`));
@@ -32223,7 +32393,7 @@ var init_gateway_manager = __esm({
             });
             server2.once("listening", () => {
               server2.close();
-              resolve8(port);
+              resolve10(port);
             });
             server2.listen(port, host);
           };
@@ -32247,9 +32417,9 @@ var init_gateway_manager = __esm({
        * 同时清理旧的顶层 port/host（避免 Hermes 读取错误）
        */
       writeProfilePort(name, port, host) {
-        const configPath3 = (0, import_path4.join)(this.profileDir(name), "config.yaml");
+        const configPath3 = (0, import_path5.join)(this.profileDir(name), "config.yaml");
         try {
-          const content = (0, import_fs2.existsSync)(configPath3) ? (0, import_fs2.readFileSync)(configPath3, "utf-8") : "";
+          const content = (0, import_fs3.existsSync)(configPath3) ? (0, import_fs3.readFileSync)(configPath3, "utf-8") : "";
           const cfg = jsYaml.load(content) || {};
           if (!cfg.platforms) cfg.platforms = {};
           if (!cfg.platforms.api_server) cfg.platforms.api_server = {};
@@ -32265,7 +32435,7 @@ var init_gateway_manager = __esm({
           if (cfg.platforms.api_server.host !== void 0) {
             delete cfg.platforms.api_server.host;
           }
-          (0, import_fs2.writeFileSync)(configPath3, jsYaml.dump(cfg, { lineWidth: -1 }), "utf-8");
+          (0, import_fs3.writeFileSync)(configPath3, jsYaml.dump(cfg, { lineWidth: -1 }), "utf-8");
           logger.debug("Updated %s: api_server.extra.port = %d", configPath3, port);
         } catch (err) {
           logger.error(err, 'Failed to write config for profile "%s"', name);
@@ -32324,9 +32494,9 @@ var init_gateway_manager = __esm({
       getApiKey(profileName) {
         const name = profileName || this.activeProfile;
         try {
-          const envPath3 = (0, import_path4.join)(this.profileDir(name), ".env");
-          if (!(0, import_fs2.existsSync)(envPath3)) return null;
-          const content = (0, import_fs2.readFileSync)(envPath3, "utf-8");
+          const envPath3 = (0, import_path5.join)(this.profileDir(name), ".env");
+          if (!(0, import_fs3.existsSync)(envPath3)) return null;
+          const content = (0, import_fs3.readFileSync)(envPath3, "utf-8");
           const match = content.match(/^API_SERVER_KEY\s*=\s*"?([^"\n]+)"?/m);
           return match?.[1]?.trim() || null;
         } catch {
@@ -32355,10 +32525,10 @@ var init_gateway_manager = __esm({
           return profiles;
         } catch {
           const profiles = ["default"];
-          const profilesDir = (0, import_path4.join)(HERMES_BASE, "profiles");
-          if ((0, import_fs2.existsSync)(profilesDir)) {
-            for (const entry of (0, import_fs2.readdirSync)(profilesDir, { withFileTypes: true })) {
-              if (entry.isDirectory() && (0, import_fs2.existsSync)((0, import_path4.join)(profilesDir, entry.name, "config.yaml"))) {
+          const profilesDir = (0, import_path5.join)(HERMES_BASE, "profiles");
+          if ((0, import_fs3.existsSync)(profilesDir)) {
+            for (const entry of (0, import_fs3.readdirSync)(profilesDir, { withFileTypes: true })) {
+              if (entry.isDirectory() && (0, import_fs3.existsSync)((0, import_path5.join)(profilesDir, entry.name, "config.yaml"))) {
                 profiles.push(entry.name);
               }
             }
@@ -32404,7 +32574,7 @@ var init_gateway_manager = __esm({
         const hermesHome = this.profileDir(name);
         const url2 = `http://${host}:${port}`;
         if (needsRunMode) {
-          return new Promise((resolve8, reject) => {
+          return new Promise((resolve10, reject) => {
             const env2 = { ...process.env, HERMES_HOME: hermesHome };
             const child = (0, import_child_process.spawn)(HERMES_BIN, ["gateway", "run", "--replace"], {
               detached: true,
@@ -32415,7 +32585,7 @@ var init_gateway_manager = __esm({
             child.unref();
             const pid = child.pid ?? 0;
             logger.info('Starting gateway for profile "%s" (run mode, PID: %d, port: %d)', name, pid, port);
-            this.waitForReady(name, pid, port, host, url2).then(resolve8).catch(reject);
+            this.waitForReady(name, pid, port, host, url2).then(resolve10).catch(reject);
           });
         }
         logger.info('Starting gateway for profile "%s" (start mode, port: %d)', name, port);
@@ -32579,30 +32749,30 @@ __export(hermes_profile_exports, {
   getProfileDir: () => getProfileDir
 });
 function getActiveProfileDir() {
-  const activeFile = (0, import_path5.join)(HERMES_BASE2, "active_profile");
+  const activeFile = (0, import_path6.join)(HERMES_BASE2, "active_profile");
   try {
-    const name = (0, import_fs3.readFileSync)(activeFile, "utf-8").trim();
+    const name = (0, import_fs4.readFileSync)(activeFile, "utf-8").trim();
     if (name && name !== "default") {
-      const dir = (0, import_path5.join)(HERMES_BASE2, "profiles", name);
-      if ((0, import_fs3.existsSync)(dir)) return dir;
+      const dir = (0, import_path6.join)(HERMES_BASE2, "profiles", name);
+      if ((0, import_fs4.existsSync)(dir)) return dir;
     }
   } catch {
   }
   return HERMES_BASE2;
 }
 function getActiveConfigPath() {
-  return (0, import_path5.join)(getActiveProfileDir(), "config.yaml");
+  return (0, import_path6.join)(getActiveProfileDir(), "config.yaml");
 }
 function getActiveAuthPath() {
-  return (0, import_path5.join)(getActiveProfileDir(), "auth.json");
+  return (0, import_path6.join)(getActiveProfileDir(), "auth.json");
 }
 function getActiveEnvPath() {
-  return (0, import_path5.join)(getActiveProfileDir(), ".env");
+  return (0, import_path6.join)(getActiveProfileDir(), ".env");
 }
 function getActiveProfileName() {
-  const activeFile = (0, import_path5.join)(HERMES_BASE2, "active_profile");
+  const activeFile = (0, import_path6.join)(HERMES_BASE2, "active_profile");
   try {
-    const name = (0, import_fs3.readFileSync)(activeFile, "utf-8").trim();
+    const name = (0, import_fs4.readFileSync)(activeFile, "utf-8").trim();
     return name || "default";
   } catch {
     return "default";
@@ -32610,17 +32780,17 @@ function getActiveProfileName() {
 }
 function getProfileDir(name) {
   if (!name || name === "default") return HERMES_BASE2;
-  const dir = (0, import_path5.join)(HERMES_BASE2, "profiles", name);
-  return (0, import_fs3.existsSync)(dir) ? dir : HERMES_BASE2;
+  const dir = (0, import_path6.join)(HERMES_BASE2, "profiles", name);
+  return (0, import_fs4.existsSync)(dir) ? dir : HERMES_BASE2;
 }
-var import_path5, import_os5, import_fs3, HERMES_BASE2;
+var import_path6, import_os6, import_fs4, HERMES_BASE2;
 var init_hermes_profile = __esm({
   "packages/server/src/services/hermes/hermes-profile.ts"() {
     "use strict";
-    import_path5 = require("path");
-    import_os5 = require("os");
-    import_fs3 = require("fs");
-    HERMES_BASE2 = (0, import_path5.resolve)((0, import_os5.homedir)(), ".hermes");
+    import_path6 = require("path");
+    import_os6 = require("os");
+    import_fs4 = require("fs");
+    HERMES_BASE2 = (0, import_path6.resolve)((0, import_os6.homedir)(), ".hermes");
   }
 });
@@ -34827,7 +34997,7 @@ var require_websocket = __commonJS({
     var http3 = require("http");
     var net = require("net");
     var tls = require("tls");
-    var { randomBytes: randomBytes3, createHash } = require("crypto");
+    var { randomBytes: randomBytes4, createHash } = require("crypto");
     var { Duplex, Readable: Readable2 } = require("stream");
     var { URL: URL2 } = require("url");
     var PerMessageDeflate2 = require_permessage_deflate();
@@ -35357,7 +35527,7 @@ var require_websocket = __commonJS({
         }
       }
       const defaultPort = isSecure ? 443 : 80;
-      const key = randomBytes3(16).toString("base64");
+      const key = randomBytes4(16).toString("base64");
       const request = isSecure ? https2.request : http3.request;
       const protocolSet = /* @__PURE__ */ new Set();
       let perMessageDeflate;
@@ -38110,23 +38280,23 @@ function bodyParserWrapper(opts = {}) {
 }
 // packages/server/src/config.ts
-var import_path = require("path");
-var import_os = require("os");
+var import_path2 = require("path");
+var import_os2 = require("os");
 var config = {
   port: parseInt(process.env.PORT || "8648", 10),
   upstream: process.env.UPSTREAM || "http://127.0.0.1:8642",
-  uploadDir: process.env.UPLOAD_DIR || (0, import_path.resolve)((0, import_os.tmpdir)(), "hermes-uploads"),
-  dataDir: (0, import_path.resolve)(__dirname, "..", "data"),
+  uploadDir: process.env.UPLOAD_DIR || (0, import_path2.resolve)((0, import_os2.tmpdir)(), "hermes-uploads"),
+  dataDir: (0, import_path2.resolve)(__dirname, "..", "data"),
   corsOrigins: process.env.CORS_ORIGINS || "*"
 };
 // packages/server/src/services/auth.ts
 var import_promises = require("fs/promises");
-var import_path2 = require("path");
+var import_path3 = require("path");
 var import_crypto = require("crypto");
-var import_os2 = require("os");
-var APP_HOME = (0, import_path2.join)((0, import_os2.homedir)(), ".hermes-web-ui");
-var TOKEN_FILE = (0, import_path2.join)(APP_HOME, ".token");
+var import_os3 = require("os");
+var APP_HOME = (0, import_path3.join)((0, import_os3.homedir)(), ".hermes-web-ui");
+var TOKEN_FILE = (0, import_path3.join)(APP_HOME, ".token");
 function generateToken() {
   return (0, import_crypto.randomBytes)(32).toString("hex");
 }
@@ -38195,10 +38365,10 @@ function bindShutdown(server2) {
     logger.info("Shutting down (%s)...", signal);
     try {
       if (server2) {
-        await new Promise((resolve8) => {
+        await new Promise((resolve10) => {
           server2.close(() => {
             logger.info("HTTP server closed");
-            resolve8();
+            resolve10();
           });
         });
       }
@@ -38224,25 +38394,25 @@ var import_websocket_server = __toESM(require_websocket_server(), 1);
 var wrapper_default = import_websocket.default;
 // packages/server/src/routes/hermes/terminal.ts
-var import_fs4 = require("fs");
-var import_path6 = require("path");
+var import_fs5 = require("fs");
+var import_path7 = require("path");
 init_logger();
 var pty = null;
 function ensureNodePtySpawnHelperExecutable() {
   if (process.platform !== "darwin") return;
   try {
-    const nodePtyRoot = (0, import_path6.dirname)(require.resolve("node-pty/package.json"));
+    const nodePtyRoot = (0, import_path7.dirname)(require.resolve("node-pty/package.json"));
     const helperCandidates = [
-      (0, import_path6.join)(nodePtyRoot, "build", "Release", "spawn-helper"),
-      (0, import_path6.join)(nodePtyRoot, "build", "Debug", "spawn-helper"),
-      (0, import_path6.join)(nodePtyRoot, "prebuilds", `${process.platform}-${process.arch}`, "spawn-helper")
+      (0, import_path7.join)(nodePtyRoot, "build", "Release", "spawn-helper"),
+      (0, import_path7.join)(nodePtyRoot, "build", "Debug", "spawn-helper"),
+      (0, import_path7.join)(nodePtyRoot, "prebuilds", `${process.platform}-${process.arch}`, "spawn-helper")
     ];
     for (const helperPath of helperCandidates) {
-      if (!(0, import_fs4.existsSync)(helperPath)) continue;
+      if (!(0, import_fs5.existsSync)(helperPath)) continue;
       try {
-        (0, import_fs4.accessSync)(helperPath, import_fs4.constants.X_OK);
+        (0, import_fs5.accessSync)(helperPath, import_fs5.constants.X_OK);
       } catch {
-        (0, import_fs4.chmodSync)(helperPath, 493);
+        (0, import_fs5.chmodSync)(helperPath, 493);
         logger.debug("Restored execute bit for node-pty helper: %s", helperPath);
       }
     }
@@ -38265,7 +38435,7 @@ function findShell() {
     process.platform === "win32" ? "cmd.exe" : null
   ].filter(Boolean);
   for (const shell of candidates) {
-    if ((0, import_fs4.existsSync)(shell)) return shell;
+    if ((0, import_fs5.existsSync)(shell)) return shell;
   }
   return "/bin/bash";
 }
@@ -40033,12 +40203,12 @@ for (const httpMethod of httpMethods) {
 // packages/server/src/services/hermes/hermes-cli.ts
 var import_child_process3 = require("child_process");
-var import_fs5 = require("fs");
+var import_fs6 = require("fs");
 var import_util2 = require("util");
 init_logger();
 var execFileAsync2 = (0, import_util2.promisify)(import_child_process3.execFile);
 var execOpts = { windowsHide: true };
-var isDocker2 = (0, import_fs5.existsSync)("/.dockerenv");
+var isDocker2 = (0, import_fs6.existsSync)("/.dockerenv");
 function resolveHermesBin() {
   const envBin = process.env.HERMES_BIN?.trim();
   if (envBin) return envBin;
@@ -40420,11 +40590,11 @@ async function importProfile(archivePath, name) {
 }
 // packages/server/src/controllers/health.ts
-var LOCAL_VERSION = true ? "0.4.2" : (() => {
+var LOCAL_VERSION = true ? "0.4.3" : (() => {
   try {
-    const { readFileSync: readFileSync8 } = null;
-    const { resolve: resolve8 } = null;
-    return JSON.parse(readFileSync8(resolve8(__dirname, "../../package.json"), "utf-8")).version;
+    const { readFileSync: readFileSync10 } = null;
+    const { resolve: resolve10 } = null;
+    return JSON.parse(readFileSync10(resolve10(__dirname, "../../package.json"), "utf-8")).version;
   } catch {
     return "0.0.0";
   }
@@ -40432,8 +40602,8 @@ var LOCAL_VERSION = true ? "0.4.2" : (() => {
 var cachedLatestVersion = "";
 async function checkLatestVersion() {
   try {
-    const { readFileSync: readFileSync8 } = require("fs");
-    const pkg = JSON.parse(readFileSync8(resolve5(require("path").join(__dirname, "../../package.json")), "utf-8"));
+    const { readFileSync: readFileSync10 } = require("fs");
+    const pkg = JSON.parse(readFileSync10(resolve6(require("path").join(__dirname, "../../package.json")), "utf-8"));
     const name = pkg.name;
     const res = await fetch(`https://registry.npmjs.org/${name}/latest`, { signal: AbortSignal.timeout(1e4) });
     if (res.ok) {
@@ -40471,7 +40641,7 @@ async function healthCheck(ctx) {
     webui_update_available: cachedLatestVersion && cachedLatestVersion !== LOCAL_VERSION
   };
 }
-function resolve5(p) {
+function resolve6(p) {
   return p;
 }
@@ -40661,19 +40831,57 @@ uploadRoutes.post("/upload", handleUpload);
 // packages/server/src/controllers/update.ts
 var import_child_process4 = require("child_process");
+var import_path8 = require("path");
+function getNodeBinDir() {
+  return (0, import_path8.dirname)(process.execPath);
+}
+function getNpmBin() {
+  return (0, import_path8.join)(getNodeBinDir(), process.platform === "win32" ? "npm.cmd" : "npm");
+}
+function getCliBin() {
+  return (0, import_path8.join)(getNodeBinDir(), process.platform === "win32" ? "hermes-web-ui.cmd" : "hermes-web-ui");
+}
+function getWindowsShell() {
+  return process.env.ComSpec || "cmd.exe";
+}
+function quoteForWindowsCommand(value) {
+  return `"${value.replace(/"/g, '""')}"`;
+}
+function runUpdateInstall() {
+  if (process.platform === "win32") {
+    return (0, import_child_process4.execFileSync)(getWindowsShell(), ["/d", "/s", "/c", `${quoteForWindowsCommand(getNpmBin())} install -g hermes-web-ui@latest`], {
+      encoding: "utf-8",
+      timeout: 12e4,
+      stdio: ["pipe", "pipe", "pipe"],
+      windowsHide: true
+    });
+  }
+  return (0, import_child_process4.execFileSync)(getNpmBin(), ["install", "-g", "hermes-web-ui@latest"], {
+    encoding: "utf-8",
+    timeout: 12e4,
+    stdio: ["pipe", "pipe", "pipe"]
+  });
+}
+function spawnRestart(port) {
+  if (process.platform === "win32") {
+    return (0, import_child_process4.spawn)(getWindowsShell(), ["/d", "/s", "/c", `${quoteForWindowsCommand(getCliBin())} restart --port ${port}`], {
+      detached: true,
+      stdio: "ignore",
+      windowsHide: true
+    });
+  }
+  return (0, import_child_process4.spawn)(getCliBin(), ["restart", "--port", port], {
+    detached: true,
+    stdio: "ignore",
+    windowsHide: true
+  });
+}
 async function handleUpdate(ctx) {
-  const isWin = process.platform === "win32";
-  const cmd = isWin ? "cmd /c npm install -g hermes-web-ui@latest" : "npm install -g hermes-web-ui@latest";
   try {
-    const { execSync } = await import("child_process");
-    const output = execSync(cmd, { encoding: "utf-8", timeout: 12e4, stdio: ["pipe", "pipe", "pipe"] });
+    const output = runUpdateInstall();
     ctx.body = { success: true, message: output.trim() };
     setTimeout(() => {
-      (0, import_child_process4.spawn)(isWin ? "cmd" : "sh", isWin ? ["/c", "hermes-web-ui restart"] : ["-c", "hermes-web-ui restart"], {
-        detached: true,
-        stdio: "ignore",
-        windowsHide: true
-      }).unref();
+      spawnRestart(process.env.PORT || "8648").unref();
       process.exit(0);
     }, 2e3);
   } catch (err) {
@@ -40686,6 +40894,169 @@ async function handleUpdate(ctx) {
 var updateRoutes = new router_default();
 updateRoutes.post("/api/hermes/update", handleUpdate);
+// packages/server/src/services/credentials.ts
+var import_promises3 = require("fs/promises");
+var import_fs7 = require("fs");
+var import_path9 = require("path");
+var import_os7 = require("os");
+var import_node_crypto = require("node:crypto");
+var APP_HOME2 = (0, import_path9.join)((0, import_os7.homedir)(), ".hermes-web-ui");
+var CREDENTIALS_FILE = (0, import_path9.join)(APP_HOME2, ".credentials");
+var SCRYPT_OPTIONS = { N: 16384, r: 8, p: 1, maxmem: 64 * 1024 * 1024 };
+function hashPassword(password, salt) {
+  return (0, import_node_crypto.scryptSync)(password, salt, 64, SCRYPT_OPTIONS).toString("hex");
+}
+async function getCredentials() {
+  try {
+    const data = await (0, import_promises3.readFile)(CREDENTIALS_FILE, "utf-8");
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+async function setCredentials(username, password) {
+  const salt = (0, import_node_crypto.randomBytes)(16).toString("hex");
+  const password_hash = hashPassword(password, salt);
+  const cred = { username, password_hash, salt, created_at: Date.now() };
+  await (0, import_promises3.mkdir)(APP_HOME2, { recursive: true });
+  await (0, import_promises3.writeFile)(CREDENTIALS_FILE, JSON.stringify(cred, null, 2), { mode: 384 });
+  return cred;
+}
+async function deleteCredentials() {
+  try {
+    await (0, import_promises3.unlink)(CREDENTIALS_FILE);
+  } catch {
+  }
+}
+async function verifyCredentials(username, password) {
+  const cred = await getCredentials();
+  if (!cred) return false;
+  if (cred.username !== username) return false;
+  const computed = hashPassword(password, cred.salt);
+  return computed === cred.password_hash;
+}
+function credentialsFileExists() {
+  return (0, import_fs7.existsSync)(CREDENTIALS_FILE);
+}
+// packages/server/src/controllers/auth.ts
+async function authStatus(ctx) {
+  const cred = await getCredentials();
+  ctx.body = {
+    hasPasswordLogin: !!cred,
+    username: cred?.username || null
+  };
+}
+async function login(ctx) {
+  const { username, password } = ctx.request.body;
+  if (!username || !password) {
+    ctx.status = 400;
+    ctx.body = { error: "Username and password are required" };
+    return;
+  }
+  const valid = await verifyCredentials(username, password);
+  if (!valid) {
+    ctx.status = 401;
+    ctx.body = { error: "Invalid username or password" };
+    return;
+  }
+  const token = await getToken();
+  if (!token) {
+    ctx.status = 500;
+    ctx.body = { error: "Auth is disabled on this server" };
+    return;
+  }
+  ctx.body = { token };
+}
+async function setupPassword(ctx) {
+  const { username, password } = ctx.request.body;
+  if (!username || !password) {
+    ctx.status = 400;
+    ctx.body = { error: "Username and password are required" };
+    return;
+  }
+  if (username.length < 2) {
+    ctx.status = 400;
+    ctx.body = { error: "Username must be at least 2 characters" };
+    return;
+  }
+  if (password.length < 6) {
+    ctx.status = 400;
+    ctx.body = { error: "Password must be at least 6 characters" };
+    return;
+  }
+  await setCredentials(username, password);
+  ctx.body = { success: true };
+}
+async function changePassword(ctx) {
+  const { currentPassword, newPassword } = ctx.request.body;
+  if (!currentPassword || !newPassword) {
+    ctx.status = 400;
+    ctx.body = { error: "Current password and new password are required" };
+    return;
+  }
+  if (newPassword.length < 6) {
+    ctx.status = 400;
+    ctx.body = { error: "New password must be at least 6 characters" };
+    return;
+  }
+  const cred = await getCredentials();
+  if (!cred) {
+    ctx.status = 400;
+    ctx.body = { error: "Password login not configured" };
+    return;
+  }
+  const valid = await verifyCredentials(cred.username, currentPassword);
+  if (!valid) {
+    ctx.status = 400;
+    ctx.body = { error: "Current password is incorrect" };
+    return;
+  }
+  await setCredentials(cred.username, newPassword);
+  ctx.body = { success: true };
+}
+async function changeUsername(ctx) {
+  const { currentPassword, newUsername } = ctx.request.body;
+  if (!currentPassword || !newUsername) {
+    ctx.status = 400;
+    ctx.body = { error: "Current password and new username are required" };
+    return;
+  }
+  if (newUsername.length < 2) {
+    ctx.status = 400;
+    ctx.body = { error: "Username must be at least 2 characters" };
+    return;
+  }
+  const cred = await getCredentials();
+  if (!cred) {
+    ctx.status = 400;
+    ctx.body = { error: "Password login not configured" };
+    return;
+  }
+  const valid = await verifyCredentials(cred.username, currentPassword);
+  if (!valid) {
+    ctx.status = 400;
+    ctx.body = { error: "Current password is incorrect" };
+    return;
+  }
+  await setCredentials(newUsername, currentPassword);
+  ctx.body = { success: true };
+}
+async function removePassword(ctx) {
+  await deleteCredentials();
+  ctx.body = { success: true };
+}
+// packages/server/src/routes/auth.ts
+var authPublicRoutes = new router_default();
+authPublicRoutes.get("/api/auth/status", authStatus);
+authPublicRoutes.post("/api/auth/login", login);
+var authProtectedRoutes = new router_default();
+authProtectedRoutes.post("/api/auth/setup", setupPassword);
+authProtectedRoutes.post("/api/auth/change-password", changePassword);
+authProtectedRoutes.post("/api/auth/change-username", changeUsername);
+authProtectedRoutes.delete("/api/auth/password", removePassword);
 // packages/server/src/services/hermes/conversations.ts
 var LINEAGE_TOLERANCE_SECONDS = 3;
 var LIVE_WINDOW_SECONDS = 300;
@@ -40989,9 +41360,9 @@ async function getConversationDetail(sessionId, options = {}) {
   };
 }
-// packages/server/src/services/hermes/sessions-db.ts
+// packages/server/src/db/hermes/sessions-db.ts
 init_hermes_profile();
-var SQLITE_AVAILABLE = (() => {
+var SQLITE_AVAILABLE2 = (() => {
   const [major, minor] = process.versions.node.split(".").map(Number);
   return major > 22 || major === 22 && minor >= 5;
 })();
@@ -41041,64 +41412,301 @@ function mapRow(row) {
     last_active: normalizeNumber(row.last_active, startedAt)
   };
 }
-var BASE_SELECT = `
-  SELECT
-    s.id,
-    s.source,
-    COALESCE(s.user_id, '') AS user_id,
-    COALESCE(s.model, '') AS model,
-    COALESCE(s.title, '') AS title,
-    COALESCE(s.started_at, 0) AS started_at,
-    s.ended_at AS ended_at,
-    COALESCE(s.end_reason, '') AS end_reason,
-    COALESCE(s.message_count, 0) AS message_count,
-    COALESCE(s.tool_call_count, 0) AS tool_call_count,
-    COALESCE(s.input_tokens, 0) AS input_tokens,
-    COALESCE(s.output_tokens, 0) AS output_tokens,
-    COALESCE(s.cache_read_tokens, 0) AS cache_read_tokens,
-    COALESCE(s.cache_write_tokens, 0) AS cache_write_tokens,
-    COALESCE(s.reasoning_tokens, 0) AS reasoning_tokens,
-    COALESCE(s.billing_provider, '') AS billing_provider,
-    COALESCE(s.estimated_cost_usd, 0) AS estimated_cost_usd,
-    s.actual_cost_usd AS actual_cost_usd,
-    COALESCE(s.cost_status, '') AS cost_status,
-    COALESCE(
-      (
-        SELECT SUBSTR(REPLACE(REPLACE(m.content, CHAR(10), ' '), CHAR(13), ' '), 1, 63)
-        FROM messages m
-        WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL
-        ORDER BY m.timestamp, m.id
-        LIMIT 1
-      ),
-      ''
-    ) AS preview,
-    COALESCE((SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), s.started_at) AS last_active
+var SESSION_SELECT = `
+  s.id,
+  s.source,
+  COALESCE(s.user_id, '') AS user_id,
+  COALESCE(s.model, '') AS model,
+  COALESCE(s.title, '') AS title,
+  COALESCE(s.started_at, 0) AS started_at,
+  s.ended_at AS ended_at,
+  COALESCE(s.end_reason, '') AS end_reason,
+  COALESCE(s.message_count, 0) AS message_count,
+  COALESCE(s.tool_call_count, 0) AS tool_call_count,
+  COALESCE(s.input_tokens, 0) AS input_tokens,
+  COALESCE(s.output_tokens, 0) AS output_tokens,
+  COALESCE(s.cache_read_tokens, 0) AS cache_read_tokens,
+  COALESCE(s.cache_write_tokens, 0) AS cache_write_tokens,
+  COALESCE(s.reasoning_tokens, 0) AS reasoning_tokens,
+  COALESCE(s.billing_provider, '') AS billing_provider,
+  COALESCE(s.estimated_cost_usd, 0) AS estimated_cost_usd,
+  s.actual_cost_usd AS actual_cost_usd,
+  COALESCE(s.cost_status, '') AS cost_status,
+  COALESCE(
+    (
+      SELECT SUBSTR(REPLACE(REPLACE(m.content, CHAR(10), ' '), CHAR(13), ' '), 1, 63)
+      FROM messages m
+      WHERE m.session_id = s.id AND m.role = 'user' AND m.content IS NOT NULL
+      ORDER BY m.timestamp, m.id
+      LIMIT 1
+    ),
+    ''
+  ) AS preview,
+  COALESCE((SELECT MAX(m2.timestamp) FROM messages m2 WHERE m2.session_id = s.id), s.started_at) AS last_active
+`;
+var SESSION_FROM = `
   FROM sessions s
   WHERE s.parent_session_id IS NULL
     AND s.source != 'tool'
 `;
+function buildBaseSessionSql(source) {
+  const sql = source ? `SELECT ${SESSION_SELECT}${SESSION_FROM}
+    AND s.source = ?` : `SELECT ${SESSION_SELECT}${SESSION_FROM}`;
+  return { sql, params: source ? [source] : [] };
+}
+function buildListSessionSql(source, limit = 2e3) {
+  const base = buildBaseSessionSql(source);
+  return {
+    sql: `${base.sql}
+  ORDER BY s.started_at DESC
+  LIMIT ?`,
+    params: [...base.params, limit]
+  };
+}
+function containsCjk(text) {
+  for (const ch of text) {
+    const cp = ch.codePointAt(0) ?? 0;
+    if (cp >= 19968 && cp <= 40959 || cp >= 13312 && cp <= 19903 || cp >= 131072 && cp <= 173791 || cp >= 12288 && cp <= 12351 || cp >= 12352 && cp <= 12447 || cp >= 12448 && cp <= 12543 || cp >= 44032 && cp <= 55215) {
+      return true;
+    }
+  }
+  return false;
+}
+function sanitizeFtsQuery(query) {
+  const quotedParts = [];
+  const preserved = query.replace(/"[^"]*"/g, (match) => {
+    quotedParts.push(match);
+    return `\0Q${quotedParts.length - 1}\0`;
+  });
+  let sanitized = preserved.replace(/[+{}()"^]/g, " ");
+  sanitized = sanitized.replace(/\*+/g, "*");
+  sanitized = sanitized.replace(/(^|\s)\*/g, "$1");
+  sanitized = sanitized.trim().replace(/^(AND|OR|NOT)\b\s*/i, "");
+  sanitized = sanitized.trim().replace(/\s+(AND|OR|NOT)\s*$/i, "");
+  sanitized = sanitized.replace(/\b(\w+(?:[.-]\w+)+)\b/g, '"$1"');
+  for (let i = 0; i < quotedParts.length; i += 1) {
+    sanitized = sanitized.replace(`\0Q${i}\0`, quotedParts[i]);
+  }
+  return sanitized.trim();
+}
+function toPrefixQuery(query) {
+  const tokens = query.match(/"[^"]*"|\S+/g);
+  if (!tokens) return "";
+  return tokens.map((token) => {
+    if (token === "AND" || token === "OR" || token === "NOT") return token;
+    if (token.startsWith('"') && token.endsWith('"')) return token;
+    if (token.endsWith("*")) return token;
+    return `${token}*`;
+  }).join(" ");
+}
+function mapSearchRow(row) {
+  return {
+    ...mapRow(row),
+    matched_message_id: normalizeNullableNumber(row.matched_message_id),
+    snippet: String(row.snippet || row.preview || ""),
+    rank: Number.isFinite(Number(row.rank)) ? Number(row.rank) : 0
+  };
+}
 async function listSessionSummaries(source, limit = 2e3) {
-  if (!SQLITE_AVAILABLE) {
+  if (!SQLITE_AVAILABLE2) {
     throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`);
   }
-  const { DatabaseSync } = await import("node:sqlite");
-  const db = new DatabaseSync(sessionDbPath(), { open: true, readOnly: true });
+  const { DatabaseSync: DatabaseSync2 } = await import("node:sqlite");
+  const db = new DatabaseSync2(sessionDbPath(), { open: true, readOnly: true });
   try {
-    const sql = source ? `${BASE_SELECT}
-    AND s.source = ?
-  ORDER BY s.started_at DESC
-  LIMIT ?` : `${BASE_SELECT}
-  ORDER BY s.started_at DESC
-  LIMIT ?`;
+    const { sql, params } = buildListSessionSql(source, limit);
     const statement = db.prepare(sql);
-    const rows = source ? statement.all(source, limit) : statement.all(limit);
+    const rows = statement.all(...params);
     return rows.map(mapRow);
   } finally {
     db.close();
   }
 }
+async function searchSessionSummaries(query, source, limit = 20) {
+  if (!SQLITE_AVAILABLE2) {
+    throw new Error(`node:sqlite requires Node >= 22.5, current: ${process.versions.node}`);
+  }
+  const trimmed = query.trim();
+  if (!trimmed) {
+    const recent = await listSessionSummaries(source, limit);
+    return recent.map((row) => ({
+      ...row,
+      matched_message_id: null,
+      snippet: row.preview,
+      rank: 0
+    }));
+  }
+  const { DatabaseSync: DatabaseSync2 } = await import("node:sqlite");
+  const db = new DatabaseSync2(sessionDbPath(), { open: true, readOnly: true });
+  const normalized = sanitizeFtsQuery(trimmed);
+  const prefixQuery = toPrefixQuery(normalized);
+  try {
+    const titleBase = buildBaseSessionSql(source);
+    const contentBase = buildBaseSessionSql(source);
+    const titleSql = `
+      WITH base AS (
+        ${titleBase.sql}
+      )
+      SELECT
+        base.*,
+        NULL AS matched_message_id,
+        CASE
+          WHEN base.title IS NOT NULL AND base.title != '' THEN base.title
+          ELSE base.preview
+        END AS snippet,
+        0 AS rank
+      FROM base
+      WHERE LOWER(COALESCE(base.title, '')) LIKE ?
+      ORDER BY base.last_active DESC
+      LIMIT ?
+    `;
+    const titleStatement = db.prepare(titleSql);
+    const titleRows = titleStatement.all(...titleBase.params, `%${trimmed.toLowerCase()}%`, limit);
+    const contentSql = `
+      WITH base AS (
+        ${contentBase.sql}
+      )
+      SELECT
+        base.*,
+        m.id AS matched_message_id,
+        snippet(messages_fts, 0, '>>>', '<<<', '...', 40) AS snippet,
+        bm25(messages_fts) AS rank
+      FROM messages_fts
+      JOIN messages m ON m.id = messages_fts.rowid
+      JOIN base ON base.id = m.session_id
+      WHERE messages_fts MATCH ?
+      ORDER BY rank, base.last_active DESC
+      LIMIT ?
+    `;
+    const contentRows = prefixQuery ? db.prepare(contentSql).all(...contentBase.params, prefixQuery, limit * 4) : [];
+    const merged = /* @__PURE__ */ new Map();
+    for (const row of titleRows) {
+      const mapped = mapSearchRow(row);
+      merged.set(mapped.id, mapped);
+    }
+    for (const row of contentRows) {
+      const mapped = mapSearchRow(row);
+      if (!merged.has(mapped.id)) {
+        merged.set(mapped.id, mapped);
+      }
+    }
+    const items = [...merged.values()];
+    items.sort((a, b) => {
+      if (a.rank !== b.rank) return a.rank - b.rank;
+      return b.last_active - a.last_active;
+    });
+    return items.slice(0, limit);
+  } catch (err) {
+    if (containsCjk(normalized)) {
+      const likeBase = buildBaseSessionSql(source);
+      const likeSql = `
+        WITH base AS (
+          ${likeBase.sql}
+        )
+        SELECT
+          base.*,
+          m.id AS matched_message_id,
+          substr(
+            m.content,
+            max(1, instr(m.content, ?) - 40),
+            120
+          ) AS snippet,
+          0 AS rank
+        FROM base
+        JOIN messages m ON m.session_id = base.id
+        WHERE m.content LIKE ?
+        ORDER BY base.last_active DESC, m.timestamp DESC
+      `;
+      const likeStatement = db.prepare(likeSql);
+      const likeRows = likeStatement.all(...likeBase.params, trimmed, `%${trimmed}%`);
+      const merged = /* @__PURE__ */ new Map();
+      for (const row of likeRows) {
+        const mapped = mapSearchRow(row);
+        if (!merged.has(mapped.id)) {
+          merged.set(mapped.id, mapped);
+        }
+      }
+      return [...merged.values()].slice(0, limit);
+    }
+    const message2 = err instanceof Error ? err.message : String(err);
+    throw new Error(`Failed to search sessions: ${message2}`);
+  } finally {
+    db.close();
+  }
+}
+// packages/server/src/services/hermes/model-context.ts
+var import_path10 = require("path");
+var import_os8 = require("os");
+var import_fs8 = require("fs");
+var HERMES_BASE3 = (0, import_path10.resolve)((0, import_os8.homedir)(), ".hermes");
+var MODELS_DEV_CACHE = (0, import_path10.resolve)(HERMES_BASE3, "models_dev_cache.json");
+var DEFAULT_CONTEXT_LENGTH = 2e5;
+var _cache = null;
+var _cacheMtime = 0;
+var CACHE_TTL_MS = 5 * 60 * 1e3;
+var _cacheLoadedAt = 0;
+function loadModelsDevCache() {
+  if (!(0, import_fs8.existsSync)(MODELS_DEV_CACHE)) return null;
+  try {
+    const stat2 = (0, import_fs8.statSync)(MODELS_DEV_CACHE);
+    const now = Date.now();
+    if (_cache && stat2.mtimeMs === _cacheMtime && now - _cacheLoadedAt < CACHE_TTL_MS) {
+      return _cache;
+    }
+    const raw = (0, import_fs8.readFileSync)(MODELS_DEV_CACHE, "utf-8");
+    _cache = JSON.parse(raw);
+    _cacheMtime = stat2.mtimeMs;
+    _cacheLoadedAt = now;
+    return _cache;
+  } catch {
+    return _cache;
+  }
+}
+function getProfileDir2(profile) {
+  if (!profile || profile === "default") return HERMES_BASE3;
+  const dir = (0, import_path10.join)(HERMES_BASE3, "profiles", profile);
+  return (0, import_fs8.existsSync)(dir) ? dir : HERMES_BASE3;
+}
+function getDefaultModel(profileDir) {
+  const configPath3 = (0, import_path10.join)(profileDir, "config.yaml");
+  if (!(0, import_fs8.existsSync)(configPath3)) return null;
+  try {
+    const content = (0, import_fs8.readFileSync)(configPath3, "utf-8");
+    const match = content.match(/^model:\s*\n\s+default:\s*(.+)$/m);
+    return match ? match[1].trim() : null;
+  } catch {
+    return null;
+  }
+}
+function lookupContextFromCache(modelName) {
+  const data = loadModelsDevCache();
+  if (!data) return null;
+  for (const prov of Object.values(data)) {
+    const models = prov.models || {};
+    const entry = models[modelName];
+    if (entry?.limit?.context) return entry.limit.context;
+  }
+  const lower = modelName.toLowerCase();
+  for (const prov of Object.values(data)) {
+    const models = prov.models || {};
+    for (const [name, entry] of Object.entries(models)) {
+      if (name.toLowerCase() === lower && entry?.limit?.context) {
+        return entry.limit.context;
+      }
+    }
+  }
+  return null;
+}
+function getModelContextLength(profile) {
+  const profileDir = getProfileDir2(profile);
+  const model = getDefaultModel(profileDir);
+  if (!model) return DEFAULT_CONTEXT_LENGTH;
+  return lookupContextFromCache(model) || DEFAULT_CONTEXT_LENGTH;
+}
 // packages/server/src/controllers/hermes/sessions.ts
+init_usage_store();
 init_logger();
 function parseHumanOnly(value) {
   if (typeof value !== "string") return true;
@@ -41140,6 +41748,19 @@ async function list(ctx) {
   const sessions2 = await listSessions(source, limit);
   ctx.body = { sessions: sessions2 };
 }
+async function search(ctx) {
+  const q = typeof ctx.query.q === "string" ? ctx.query.q : "";
+  const source = typeof ctx.query.source === "string" && ctx.query.source.trim() ? ctx.query.source.trim() : void 0;
+  const limit = ctx.query.limit ? parseInt(ctx.query.limit, 10) : void 0;
+  try {
+    const results = await searchSessionSummaries(q, source, limit && limit > 0 ? limit : 20);
+    ctx.body = { results };
+  } catch (err) {
+    logger.error(err, "Hermes Session DB: search failed");
+    ctx.status = 500;
+    ctx.body = { error: "Failed to search sessions" };
+  }
+}
 async function get(ctx) {
   const session = await getSession(ctx.params.id);
   if (!session) {
@@ -41156,8 +41777,26 @@ async function remove(ctx) {
     ctx.body = { error: "Failed to delete session" };
     return;
   }
+  deleteUsage(ctx.params.id);
   ctx.body = { ok: true };
 }
+async function usageBatch(ctx) {
+  const ids = ctx.query.ids;
+  if (!ids) {
+    ctx.body = {};
+    return;
+  }
+  const idList = ids.split(",").filter(Boolean);
+  ctx.body = getUsageBatch(idList);
+}
+async function usageSingle(ctx) {
+  const result = getUsage(ctx.params.id);
+  if (!result) {
+    ctx.body = { input_tokens: 0, output_tokens: 0 };
+    return;
+  }
+  ctx.body = result;
+}
 async function rename(ctx) {
   const { title } = ctx.request.body;
   if (!title || typeof title !== "string") {
@@ -41173,21 +41812,30 @@ async function rename(ctx) {
   }
   ctx.body = { ok: true };
 }
+async function contextLength(ctx) {
+  const profile = ctx.query.profile || void 0;
+  ctx.body = { context_length: getModelContextLength(profile) };
+}
 // packages/server/src/routes/hermes/sessions.ts
 var sessionRoutes = new router_default();
 sessionRoutes.get("/api/hermes/sessions/conversations", listConversations);
 sessionRoutes.get("/api/hermes/sessions/conversations/:id/messages", getConversationMessages);
 sessionRoutes.get("/api/hermes/sessions", list);
+sessionRoutes.get("/api/hermes/search/sessions", search);
+sessionRoutes.get("/api/hermes/sessions/search", search);
+sessionRoutes.get("/api/hermes/sessions/usage", usageBatch);
+sessionRoutes.get("/api/hermes/sessions/context-length", contextLength);
 sessionRoutes.get("/api/hermes/sessions/:id", get);
+sessionRoutes.get("/api/hermes/sessions/:id/usage", usageSingle);
 sessionRoutes.delete("/api/hermes/sessions/:id", remove);
 sessionRoutes.post("/api/hermes/sessions/:id/rename", rename);
 // packages/server/src/controllers/hermes/profiles.ts
-var import_fs6 = require("fs");
-var import_promises3 = require("fs/promises");
-var import_path7 = require("path");
-var import_os6 = require("os");
+var import_fs9 = require("fs");
+var import_promises4 = require("fs/promises");
+var import_path11 = require("path");
+var import_os9 = require("os");
 init_logger();
 async function list2(ctx) {
   try {
@@ -41294,15 +41942,15 @@ async function switchProfile(ctx) {
     try {
       const detail = await getProfile(name);
       logger.debug("Profile detail.path = %s", detail.path);
-      if (!(0, import_fs6.existsSync)((0, import_path7.join)(detail.path, "config.yaml"))) {
+      if (!(0, import_fs9.existsSync)((0, import_path11.join)(detail.path, "config.yaml"))) {
         try {
           await setupReset();
         } catch {
         }
       }
-      const profileEnv = (0, import_path7.join)(detail.path, ".env");
-      if (!(0, import_fs6.existsSync)(profileEnv)) {
-        (0, import_fs6.writeFileSync)(profileEnv, "# Hermes Agent Environment Configuration\n", "utf-8");
+      const profileEnv = (0, import_path11.join)(detail.path, ".env");
+      if (!(0, import_fs9.existsSync)(profileEnv)) {
+        (0, import_fs9.writeFileSync)(profileEnv, "# Hermes Agent Environment Configuration\n", "utf-8");
         logger.info("Created .env for: %s", detail.path);
       }
     } catch (err) {
@@ -41316,21 +41964,21 @@ async function switchProfile(ctx) {
 }
 async function exportProfile2(ctx) {
   const { name } = ctx.params;
-  const outputPath = (0, import_path7.join)((0, import_os6.tmpdir)(), `hermes-profile-${name}.tar.gz`);
+  const outputPath = (0, import_path11.join)((0, import_os9.tmpdir)(), `hermes-profile-${name}.tar.gz`);
   try {
     await exportProfile(name, outputPath);
-    if (!(0, import_fs6.existsSync)(outputPath)) {
+    if (!(0, import_fs9.existsSync)(outputPath)) {
       ctx.status = 500;
       ctx.body = { error: "Export file not found" };
       return;
     }
-    const filename = (0, import_path7.basename)(outputPath);
+    const filename = (0, import_path11.basename)(outputPath);
     ctx.set("Content-Disposition", `attachment; filename="${filename}"`);
     ctx.set("Content-Type", "application/gzip");
-    ctx.body = (0, import_fs6.createReadStream)(outputPath);
+    ctx.body = (0, import_fs9.createReadStream)(outputPath);
     ctx.res.on("finish", () => {
       try {
-        (0, import_fs6.unlinkSync)(outputPath);
+        (0, import_fs9.unlinkSync)(outputPath);
       } catch {
       }
     });
@@ -41352,8 +42000,8 @@ async function importProfile2(ctx) {
     ctx.body = { error: "Missing boundary" };
     return;
   }
-  const tmpDir = (0, import_path7.join)((0, import_os6.tmpdir)(), "hermes-import");
-  await (0, import_promises3.mkdir)(tmpDir, { recursive: true });
+  const tmpDir = (0, import_path11.join)((0, import_os9.tmpdir)(), "hermes-import");
+  await (0, import_promises4.mkdir)(tmpDir, { recursive: true });
   const chunks = [];
   for await (const chunk of ctx.req) chunks.push(chunk);
   const body = Buffer.concat(chunks).toString("latin1");
@@ -41369,8 +42017,8 @@ async function importProfile2(ctx) {
     const filename = filenameMatch[1];
     const ext = filename.includes(".") ? "." + filename.split(".").pop() : "";
     if (![".gz", ".tar.gz", ".zip", ".tgz"].includes(ext)) continue;
-    archivePath = (0, import_path7.join)(tmpDir, filename);
-    await (0, import_promises3.writeFile)(archivePath, Buffer.from(data, "binary"));
+    archivePath = (0, import_path11.join)(tmpDir, filename);
+    await (0, import_promises4.writeFile)(archivePath, Buffer.from(data, "binary"));
     break;
   }
   if (!archivePath) {
@@ -41381,13 +42029,13 @@ async function importProfile2(ctx) {
   try {
     const result = await importProfile(archivePath);
     try {
-      (0, import_fs6.unlinkSync)(archivePath);
+      (0, import_fs9.unlinkSync)(archivePath);
     } catch {
     }
     ctx.body = { success: true, message: result.trim() };
   } catch (err) {
     try {
-      (0, import_fs6.unlinkSync)(archivePath);
+      (0, import_fs9.unlinkSync)(archivePath);
     } catch {
     }
     ctx.status = 500;
@@ -41407,9 +42055,9 @@ profileRoutes.post("/api/hermes/profiles/:name/export", exportProfile2);
 profileRoutes.post("/api/hermes/profiles/import", importProfile2);
 // packages/server/src/services/config-helpers.ts
-var import_promises4 = require("fs/promises");
 var import_promises5 = require("fs/promises");
-var import_path8 = require("path");
+var import_promises6 = require("fs/promises");
+var import_path12 = require("path");
 init_js_yaml();
 init_hermes_profile();
 init_logger();
@@ -41443,19 +42091,19 @@ async function readConfigYaml() {
 }
 async function writeConfigYaml(config2) {
   const cp = configPath();
-  await (0, import_promises4.copyFile)(cp, cp + ".bak");
+  await (0, import_promises5.copyFile)(cp, cp + ".bak");
   const yamlStr = jsYaml.dump(config2, {
     lineWidth: -1,
     noRefs: true,
     quotingType: '"'
   });
-  await (0, import_promises4.writeFile)(cp, yamlStr, "utf-8");
+  await (0, import_promises5.writeFile)(cp, yamlStr, "utf-8");
 }
 async function saveEnvValue(key, value) {
   const envPath3 = getActiveEnvPath();
   let raw;
   try {
-    raw = await (0, import_promises4.readFile)(envPath3, "utf-8");
+    raw = await (0, import_promises5.readFile)(envPath3, "utf-8");
   } catch {
     raw = "";
   }
@@ -41482,22 +42130,22 @@ async function saveEnvValue(key, value) {
     result.push(`${key}=${value}`);
   }
   let output = result.join("\n").replace(/\n{3,}/g, "\n\n").replace(/\n+$/, "") + "\n";
-  await (0, import_promises4.writeFile)(envPath3, output, "utf-8");
+  await (0, import_promises5.writeFile)(envPath3, output, "utf-8");
   try {
-    await (0, import_promises4.chmod)(envPath3, 384);
+    await (0, import_promises5.chmod)(envPath3, 384);
   } catch {
   }
 }
 async function safeReadFile(filePath) {
   try {
-    return await (0, import_promises4.readFile)(filePath, "utf-8");
+    return await (0, import_promises5.readFile)(filePath, "utf-8");
   } catch {
     return null;
   }
 }
 async function safeStat(filePath) {
   try {
-    const s = await (0, import_promises5.stat)(filePath);
+    const s = await (0, import_promises6.stat)(filePath);
     return { mtime: Math.round(s.mtimeMs) };
   } catch {
     return null;
@@ -41529,14 +42177,14 @@ async function listFilesRecursive(dir, prefix) {
   const result = [];
   let entries;
   try {
-    entries = await (0, import_promises5.readdir)(dir, { withFileTypes: true });
+    entries = await (0, import_promises6.readdir)(dir, { withFileTypes: true });
   } catch {
     return result;
   }
   for (const entry of entries) {
     const relPath = prefix ? `${prefix}/${entry.name}` : entry.name;
     if (entry.isDirectory()) {
-      result.push(...await listFilesRecursive((0, import_path8.join)(dir, entry.name), relPath));
+      result.push(...await listFilesRecursive((0, import_path12.join)(dir, entry.name), relPath));
     } else {
       result.push({ path: relPath, name: entry.name });
     }
@@ -41596,25 +42244,25 @@ function buildModelGroups(config2) {
 var getHermesDir = () => getActiveProfileDir();
 // packages/server/src/controllers/hermes/skills.ts
-var import_promises6 = require("fs/promises");
-var import_path9 = require("path");
+var import_promises7 = require("fs/promises");
+var import_path13 = require("path");
 async function list3(ctx) {
-  const skillsDir = (0, import_path9.join)(getHermesDir(), "skills");
+  const skillsDir = (0, import_path13.join)(getHermesDir(), "skills");
   try {
     const config2 = await readConfigYaml();
     const disabledList = config2.skills?.disabled || [];
-    const entries = await (0, import_promises6.readdir)(skillsDir, { withFileTypes: true });
+    const entries = await (0, import_promises7.readdir)(skillsDir, { withFileTypes: true });
     const categories = [];
     for (const entry of entries) {
       if (!entry.isDirectory() || entry.name.startsWith(".")) continue;
-      const catDir = (0, import_path9.join)(skillsDir, entry.name);
-      const catDesc = await safeReadFile((0, import_path9.join)(catDir, "DESCRIPTION.md"));
+      const catDir = (0, import_path13.join)(skillsDir, entry.name);
+      const catDesc = await safeReadFile((0, import_path13.join)(catDir, "DESCRIPTION.md"));
       const catDescription = catDesc ? catDesc.trim().split("\n")[0].replace(/^#+\s*/, "").slice(0, 100) : "";
-      const skillEntries = await (0, import_promises6.readdir)(catDir, { withFileTypes: true });
+      const skillEntries = await (0, import_promises7.readdir)(catDir, { withFileTypes: true });
       const skills = [];
       for (const se of skillEntries) {
         if (!se.isDirectory()) continue;
-        const skillMd = await safeReadFile((0, import_path9.join)(catDir, se.name, "SKILL.md"));
+        const skillMd = await safeReadFile((0, import_path13.join)(catDir, se.name, "SKILL.md"));
         if (skillMd) {
           skills.push({ name: se.name, description: extractDescription(skillMd), enabled: !disabledList.includes(se.name) });
         }
@@ -41660,7 +42308,7 @@ async function toggle(ctx) {
 }
 async function listFiles(ctx) {
   const { category, skill } = ctx.params;
-  const skillDir = (0, import_path9.join)(getHermesDir(), "skills", category, skill);
+  const skillDir = (0, import_path13.join)(getHermesDir(), "skills", category, skill);
   try {
     const allFiles = await listFilesRecursive(skillDir, "");
     const files = allFiles.filter((f) => f.path !== "SKILL.md");
@@ -41673,8 +42321,8 @@ async function listFiles(ctx) {
 async function readFile_(ctx) {
   const filePath = ctx.params.path;
   const hd = getHermesDir();
-  const fullPath = (0, import_path9.resolve)((0, import_path9.join)(hd, "skills", filePath));
-  if (!fullPath.startsWith((0, import_path9.join)(hd, "skills"))) {
+  const fullPath = (0, import_path13.resolve)((0, import_path13.join)(hd, "skills", filePath));
+  if (!fullPath.startsWith((0, import_path13.join)(hd, "skills"))) {
     ctx.status = 403;
     ctx.body = { error: "Access denied" };
     return;
@@ -41696,13 +42344,13 @@ skillRoutes.get("/api/hermes/skills/:category/:skill/files", listFiles);
 skillRoutes.get("/api/hermes/skills/{*path}", readFile_);
 // packages/server/src/controllers/hermes/memory.ts
-var import_promises7 = require("fs/promises");
-var import_path10 = require("path");
+var import_promises8 = require("fs/promises");
+var import_path14 = require("path");
 async function get3(ctx) {
   const hd = getHermesDir();
-  const memoryPath = (0, import_path10.join)(hd, "memories", "MEMORY.md");
-  const userPath = (0, import_path10.join)(hd, "memories", "USER.md");
-  const soulPath = (0, import_path10.join)(hd, "SOUL.md");
+  const memoryPath = (0, import_path14.join)(hd, "memories", "MEMORY.md");
+  const userPath = (0, import_path14.join)(hd, "memories", "USER.md");
+  const soulPath = (0, import_path14.join)(hd, "SOUL.md");
   const [memory, user, soul, memoryStat, userStat, soulStat] = await Promise.all([
     safeReadFile(memoryPath),
     safeReadFile(userPath),
@@ -41734,13 +42382,13 @@ async function save(ctx) {
   }
   let filePath;
   if (section === "soul") {
-    filePath = (0, import_path10.join)(getHermesDir(), "SOUL.md");
+    filePath = (0, import_path14.join)(getHermesDir(), "SOUL.md");
   } else {
     const fileName = section === "memory" ? "MEMORY.md" : "USER.md";
-    filePath = (0, import_path10.join)(getHermesDir(), "memories", fileName);
+    filePath = (0, import_path14.join)(getHermesDir(), "memories", fileName);
   }
   try {
-    await (0, import_promises7.writeFile)(filePath, content, "utf-8");
+    await (0, import_promises8.writeFile)(filePath, content, "utf-8");
     ctx.body = { success: true };
   } catch (err) {
     ctx.status = 500;
@@ -42009,8 +42657,8 @@ function buildProviderModelMap() {
 }
 // packages/server/src/controllers/hermes/models.ts
-var import_promises8 = require("fs/promises");
-var import_fs8 = require("fs");
+var import_promises9 = require("fs/promises");
+var import_fs11 = require("fs");
 init_hermes_profile();
 var PROVIDER_MODEL_CATALOG = buildProviderModelMap();
 async function getAvailable(ctx) {
@@ -42029,7 +42677,7 @@ async function getAvailable(ctx) {
     const seenProviders = /* @__PURE__ */ new Set();
     let envContent = "";
     try {
-      envContent = await (0, import_promises8.readFile)(getActiveEnvPath(), "utf-8");
+      envContent = await (0, import_promises9.readFile)(getActiveEnvPath(), "utf-8");
     } catch {
     }
     const envHasValue = (key) => {
@@ -42050,8 +42698,8 @@ async function getAvailable(ctx) {
     const isOAuthAuthorized = (providerKey) => {
       try {
         const authPath = getActiveAuthPath();
-        if (!(0, import_fs8.existsSync)(authPath)) return false;
-        const auth = JSON.parse((0, import_fs8.readFileSync)(authPath, "utf-8"));
+        if (!(0, import_fs11.existsSync)(authPath)) return false;
+        const auth = JSON.parse((0, import_fs11.readFileSync)(authPath, "utf-8"));
         return !!auth.providers?.[providerKey]?.tokens?.access_token;
       } catch {
         return false;
@@ -42152,8 +42800,8 @@ modelRoutes.get("/api/hermes/config/models", getConfigModels);
 modelRoutes.put("/api/hermes/config/model", setConfigModel);
 // packages/server/src/controllers/hermes/providers.ts
-var import_fs9 = require("fs");
-var import_promises9 = require("fs/promises");
+var import_fs12 = require("fs");
+var import_promises10 = require("fs/promises");
 init_hermes_profile();
 init_logger();
 async function create2(ctx) {
@@ -42303,15 +42951,15 @@ async function remove3(ctx) {
       } else if (!envMapping?.api_key_env) {
         try {
           const authPath = getActiveAuthPath();
-          if ((0, import_fs9.existsSync)(authPath)) {
-            const auth = JSON.parse((0, import_fs9.readFileSync)(authPath, "utf-8"));
+          if ((0, import_fs12.existsSync)(authPath)) {
+            const auth = JSON.parse((0, import_fs12.readFileSync)(authPath, "utf-8"));
             if (auth.providers?.[poolKey]) {
               delete auth.providers[poolKey];
             }
             if (auth.credential_pool?.[poolKey]) {
               delete auth.credential_pool[poolKey];
             }
-            await (0, import_promises9.writeFile)(authPath, JSON.stringify(auth, null, 2) + "\n", "utf-8");
+            await (0, import_promises10.writeFile)(authPath, JSON.stringify(auth, null, 2) + "\n", "utf-8");
           }
         } catch (err) {
           logger.error(err, "Failed to clear OAuth tokens for %s", poolKey);
@@ -42357,7 +43005,7 @@ providerRoutes.put("/api/hermes/config/providers/:poolKey", update);
 providerRoutes.delete("/api/hermes/config/providers/:poolKey", remove3);
 // packages/server/src/controllers/hermes/config.ts
-var import_promises10 = require("fs/promises");
+var import_promises11 = require("fs/promises");
 init_js_yaml();
 init_hermes_profile();
 var PLATFORM_SECTIONS = /* @__PURE__ */ new Set([
@@ -42430,7 +43078,7 @@ function deepMerge2(target, source) {
 }
 async function readEnvPlatforms() {
   try {
-    const raw = await (0, import_promises10.readFile)(envPath(), "utf-8");
+    const raw = await (0, import_promises11.readFile)(envPath(), "utf-8");
     const env = parseEnv(raw);
     const platforms = {};
     for (const [envKey, [platform, cfgPath]] of Object.entries(envPlatformMap)) {
@@ -42447,14 +43095,14 @@ async function readEnvPlatforms() {
   }
 }
 async function readConfig() {
-  const raw = await (0, import_promises10.readFile)(configPath2(), "utf-8");
+  const raw = await (0, import_promises11.readFile)(configPath2(), "utf-8");
   return jsYaml.load(raw) || {};
 }
 async function writeConfig(data) {
   const cp = configPath2();
-  await (0, import_promises10.copyFile)(cp, cp + ".bak");
+  await (0, import_promises11.copyFile)(cp, cp + ".bak");
   const yamlStr = jsYaml.dump(data, { lineWidth: -1, noRefs: true, quotingType: '"', forceQuotes: false });
-  await (0, import_promises10.writeFile)(cp, yamlStr, "utf-8");
+  await (0, import_promises11.writeFile)(cp, yamlStr, "utf-8");
 }
 async function getConfig(ctx) {
   try {
@@ -42578,11 +43226,11 @@ configRoutes.put("/api/hermes/config", updateConfig);
 configRoutes.put("/api/hermes/config/credentials", updateCredentials);
 // packages/server/src/controllers/hermes/logs.ts
-var import_fs10 = require("fs");
-var import_promises11 = require("fs/promises");
-var import_path11 = require("path");
-var import_os7 = require("os");
-var WEBUI_LOG_FILE = (0, import_path11.join)((0, import_os7.homedir)(), ".hermes-web-ui", "logs", "server.log");
+var import_fs13 = require("fs");
+var import_promises12 = require("fs/promises");
+var import_path15 = require("path");
+var import_os10 = require("os");
+var WEBUI_LOG_FILE = (0, import_path15.join)((0, import_os10.homedir)(), ".hermes-web-ui", "logs", "server.log");
 function parseLine(line) {
   try {
     const obj = JSON.parse(line);
@@ -42605,9 +43253,9 @@ function parseLine(line) {
 }
 async function list4(ctx) {
   const files = await listLogFiles();
-  if ((0, import_fs10.existsSync)(WEBUI_LOG_FILE)) {
+  if ((0, import_fs13.existsSync)(WEBUI_LOG_FILE)) {
     try {
-      const stat2 = (0, import_fs10.statSync)(WEBUI_LOG_FILE);
+      const stat2 = (0, import_fs13.statSync)(WEBUI_LOG_FILE);
       const size = stat2.size > 1024 * 1024 ? `${(stat2.size / 1024 / 1024).toFixed(1)}MB` : `${(stat2.size / 1024).toFixed(1)}KB`;
       const modified = stat2.mtime.toLocaleString();
       files.push({ name: "webui", size, modified });
@@ -42624,11 +43272,11 @@ async function read(ctx) {
   const since = ctx.query.since || void 0;
   if (logName === "webui") {
     try {
-      if (!(0, import_fs10.existsSync)(WEBUI_LOG_FILE)) {
+      if (!(0, import_fs13.existsSync)(WEBUI_LOG_FILE)) {
         ctx.body = { entries: [] };
         return;
       }
-      const content = await (0, import_promises11.readFile)(WEBUI_LOG_FILE, "utf-8");
+      const content = await (0, import_promises12.readFile)(WEBUI_LOG_FILE, "utf-8");
       const rawLines = content.split("\n");
       const sliced = rawLines.length > lines ? rawLines.slice(-lines) : rawLines;
       const entries = [];
@@ -42665,9 +43313,9 @@ logRoutes.get("/api/hermes/logs/:name", read);
 // packages/server/src/controllers/hermes/codex-auth.ts
 var import_crypto3 = require("crypto");
-var import_path12 = require("path");
-var import_os8 = require("os");
-var import_fs11 = require("fs");
+var import_path16 = require("path");
+var import_os11 = require("os");
+var import_fs14 = require("fs");
 init_hermes_profile();
 init_logger();
 var CODEX_CLIENT_ID = "app_EMoamEEZ73f0CkXaXp7hrann";
@@ -42677,7 +43325,7 @@ var CODEX_OAUTH_TOKEN_URL = "https://auth.openai.com/oauth/token";
 var CODEX_DEFAULT_BASE_URL = "https://chatgpt.com/backend-api/codex";
 var CODEX_REDIRECT_URI = "https://auth.openai.com/deviceauth/callback";
 var CODEX_VERIFICATION_URL = "https://auth.openai.com/codex/device";
-var CODEX_HOME = (0, import_path12.join)((0, import_os8.homedir)(), ".codex");
+var CODEX_HOME = (0, import_path16.join)((0, import_os11.homedir)(), ".codex");
 var POLL_MAX_DURATION = 15 * 60 * 1e3;
 var POLL_DEFAULT_INTERVAL = 5e3;
 var sessions = /* @__PURE__ */ new Map();
@@ -42691,7 +43339,7 @@ function cleanupExpiredSessions() {
 }
 function loadAuthJson(authPath) {
   try {
-    return JSON.parse((0, import_fs11.readFileSync)(authPath, "utf-8"));
+    return JSON.parse((0, import_fs14.readFileSync)(authPath, "utf-8"));
   } catch {
     return { version: 1 };
   }
@@ -42699,15 +43347,15 @@ function loadAuthJson(authPath) {
 function saveAuthJson(authPath, data) {
   data.updated_at = (/* @__PURE__ */ new Date()).toISOString();
   const dir = authPath.substring(0, authPath.lastIndexOf("/"));
-  if (!(0, import_fs11.existsSync)(dir)) (0, import_fs11.mkdirSync)(dir, { recursive: true });
-  (0, import_fs11.writeFileSync)(authPath, JSON.stringify(data, null, 2) + "\n", { mode: 384 });
+  if (!(0, import_fs14.existsSync)(dir)) (0, import_fs14.mkdirSync)(dir, { recursive: true });
+  (0, import_fs14.writeFileSync)(authPath, JSON.stringify(data, null, 2) + "\n", { mode: 384 });
 }
 function saveCodexCliTokens(accessToken, refreshToken) {
   const codexHome = process.env.CODEX_HOME || CODEX_HOME;
-  const codexAuthPath = (0, import_path12.join)(codexHome, "auth.json");
+  const codexAuthPath = (0, import_path16.join)(codexHome, "auth.json");
   const dir = codexAuthPath.substring(0, codexAuthPath.lastIndexOf("/"));
-  if (!(0, import_fs11.existsSync)(dir)) (0, import_fs11.mkdirSync)(dir, { recursive: true });
-  (0, import_fs11.writeFileSync)(codexAuthPath, JSON.stringify({ tokens: { access_token: accessToken, refresh_token: refreshToken }, last_refresh: (/* @__PURE__ */ new Date()).toISOString() }, null, 2) + "\n", { mode: 384 });
+  if (!(0, import_fs14.existsSync)(dir)) (0, import_fs14.mkdirSync)(dir, { recursive: true });
+  (0, import_fs14.writeFileSync)(codexAuthPath, JSON.stringify({ tokens: { access_token: accessToken, refresh_token: refreshToken }, last_refresh: (/* @__PURE__ */ new Date()).toISOString() }, null, 2) + "\n", { mode: 384 });
 }
 function decodeJwtExp(token) {
   try {
@@ -42724,7 +43372,7 @@ async function codexLoginWorker(session, authPath) {
   const startTime = Date.now();
   const interval = POLL_DEFAULT_INTERVAL;
   while (Date.now() - startTime < POLL_MAX_DURATION) {
-    await new Promise((resolve8) => setTimeout(resolve8, interval));
+    await new Promise((resolve10) => setTimeout(resolve10, interval));
     if (session.status !== "pending") return;
     try {
       const pollRes = await fetch(CODEX_DEVICE_TOKEN_URL, {
@@ -44293,10 +44941,10 @@ var CanceledError = class extends AxiosError_default {
 var CanceledError_default = CanceledError;
 // node_modules/axios/lib/core/settle.js
-function settle(resolve8, reject, response) {
+function settle(resolve10, reject, response) {
   const validateStatus2 = response.config.validateStatus;
   if (!response.status || !validateStatus2 || validateStatus2(response.status)) {
-    resolve8(response);
+    resolve10(response);
   } else {
     reject(
       new AxiosError_default(
@@ -45083,7 +45731,7 @@ function setProxy(options, configProxy, location) {
 }
 var isHttpAdapterSupported = typeof process !== "undefined" && utils_default.kindOf(process) === "process";
 var wrapAsync = (asyncExecutor) => {
-  return new Promise((resolve8, reject) => {
+  return new Promise((resolve10, reject) => {
     let onDone;
     let isDone;
     const done = (value, isRejected) => {
@@ -45093,7 +45741,7 @@ var wrapAsync = (asyncExecutor) => {
     };
     const _resolve = (value) => {
       done(value);
-      resolve8(value);
+      resolve10(value);
     };
     const _reject = (reason) => {
       done(reason, true);
@@ -45140,7 +45788,7 @@ var http2Transport = {
   }
 };
 var http_default = isHttpAdapterSupported && function httpAdapter(config2) {
-  return wrapAsync(async function dispatchHttpRequest(resolve8, reject, onDone) {
+  return wrapAsync(async function dispatchHttpRequest(resolve10, reject, onDone) {
     let { data, lookup, family, httpVersion = 1, http2Options } = config2;
     const { responseType, responseEncoding } = config2;
     const method = config2.method.toUpperCase();
@@ -45230,7 +45878,7 @@ var http_default = isHttpAdapterSupported && function httpAdapter(config2) {
       }
       let convertedData;
       if (method !== "GET") {
-        return settle(resolve8, reject, {
+        return settle(resolve10, reject, {
           status: 405,
           statusText: "method not allowed",
           headers: {},
@@ -45252,7 +45900,7 @@ var http_default = isHttpAdapterSupported && function httpAdapter(config2) {
       } else if (responseType === "stream") {
         convertedData = import_stream5.default.Readable.from(convertedData);
       }
-      return settle(resolve8, reject, {
+      return settle(resolve10, reject, {
         data: convertedData,
         status: 200,
         statusText: "OK",
@@ -45493,7 +46141,7 @@ var http_default = isHttpAdapterSupported && function httpAdapter(config2) {
       };
       if (responseType === "stream") {
         response.data = responseStream;
-        settle(resolve8, reject, response);
+        settle(resolve10, reject, response);
       } else {
         const responseBuffer = [];
         let totalResponseBytes = 0;
@@ -45543,7 +46191,7 @@ var http_default = isHttpAdapterSupported && function httpAdapter(config2) {
           } catch (err) {
             return reject(AxiosError_default.from(err, null, config2, response.request, response));
           }
-          settle(resolve8, reject, response);
+          settle(resolve10, reject, response);
         });
       }
       abortEmitter.once("abort", (err) => {
@@ -45804,7 +46452,7 @@ var resolveConfig_default = (config2) => {
 // node_modules/axios/lib/adapters/xhr.js
 var isXHRAdapterSupported = typeof XMLHttpRequest !== "undefined";
 var xhr_default = isXHRAdapterSupported && function(config2) {
-  return new Promise(function dispatchXhrRequest(resolve8, reject) {
+  return new Promise(function dispatchXhrRequest(resolve10, reject) {
     const _config = resolveConfig_default(config2);
     let requestData = _config.data;
     const requestHeaders = AxiosHeaders_default.from(_config.headers).normalize();
@@ -45839,7 +46487,7 @@ var xhr_default = isXHRAdapterSupported && function(config2) {
       };
       settle(
         function _resolve(value) {
-          resolve8(value);
+          resolve10(value);
           done();
         },
         function _reject(err) {
@@ -46239,8 +46887,8 @@ var factory = (env) => {
         config2
       );
       !isStreamResponse && unsubscribe && unsubscribe();
-      return await new Promise((resolve8, reject) => {
-        settle(resolve8, reject, {
+      return await new Promise((resolve10, reject) => {
+        settle(resolve10, reject, {
           data: responseData,
           headers: AxiosHeaders_default.from(response.headers),
           status: response.status,
@@ -46666,8 +47314,8 @@ var CancelToken = class _CancelToken {
       throw new TypeError("executor must be a function.");
     }
     let resolvePromise;
-    this.promise = new Promise(function promiseExecutor(resolve8) {
-      resolvePromise = resolve8;
+    this.promise = new Promise(function promiseExecutor(resolve10) {
+      resolvePromise = resolve10;
     });
     const token = this;
     this.promise.then((cancel) => {
@@ -46680,9 +47328,9 @@ var CancelToken = class _CancelToken {
     });
     this.promise.then = (onfulfilled) => {
       let _resolve;
-      const promise = new Promise((resolve8) => {
-        token.subscribe(resolve8);
-        _resolve = resolve8;
+      const promise = new Promise((resolve10) => {
+        token.subscribe(resolve10);
+        _resolve = resolve10;
       }).then(onfulfilled);
       promise.cancel = function reject() {
         token.unsubscribe(_resolve);
@@ -46900,7 +47548,7 @@ var {
 } = axios_default;
 // packages/server/src/controllers/hermes/weixin.ts
-var import_promises12 = require("fs/promises");
+var import_promises13 = require("fs/promises");
 init_hermes_profile();
 var ILINK_BASE = "https://ilinkai.weixin.qq.com";
 var envPath2 = () => getActiveEnvPath();
@@ -46950,7 +47598,7 @@ async function save2(ctx) {
   try {
     let raw;
     try {
-      raw = await (0, import_promises12.readFile)(envPath2(), "utf-8");
+      raw = await (0, import_promises13.readFile)(envPath2(), "utf-8");
     } catch {
       raw = "";
     }
@@ -46983,9 +47631,9 @@ async function save2(ctx) {
     }
     let output = result.join("\n").replace(/\n{3,}/g, "\n\n").replace(/\n+$/, "") + "\n";
     const ep = envPath2();
-    await (0, import_promises12.writeFile)(ep, output, "utf-8");
+    await (0, import_promises13.writeFile)(ep, output, "utf-8");
     try {
-      await (0, import_promises12.chmod)(ep, 384);
+      await (0, import_promises13.chmod)(ep, 384);
     } catch {
     }
     await restartGateway();
@@ -47003,9 +47651,18 @@ weixinRoutes.get("/api/hermes/weixin/qrcode/status", pollStatus);
 weixinRoutes.post("/api/hermes/weixin/save", save2);
 // packages/server/src/routes/hermes/proxy-handler.ts
+init_usage_store();
 function getGatewayManager() {
   return getGatewayManagerInstance();
 }
+var runSessionMap = /* @__PURE__ */ new Map();
+function setRunSession(runId, sessionId) {
+  runSessionMap.set(runId, sessionId);
+  setTimeout(() => runSessionMap.delete(runId), 30 * 60 * 1e3);
+}
+function getSessionForRun(runId) {
+  return runSessionMap.get(runId);
+}
 function isTransientGatewayError(err) {
   const msg = String(err?.message || "");
   const causeCode = String(err?.cause?.code || "");
@@ -47023,7 +47680,7 @@ async function waitForGatewayReady(upstream, timeoutMs = 5e3) {
       if (res.ok) return true;
     } catch {
     }
-    await new Promise((resolve8) => setTimeout(resolve8, 250));
+    await new Promise((resolve10) => setTimeout(resolve10, 250));
   }
   return false;
 }
@@ -47041,14 +47698,7 @@ function resolveUpstream(ctx) {
   }
   return config.upstream.replace(/\/$/, "");
 }
-async function proxy(ctx) {
-  const profile = resolveProfile(ctx);
-  const upstream = resolveUpstream(ctx);
-  const upstreamPath = ctx.path.replace(/^\/api\/hermes\/v1/, "/v1").replace(/^\/api\/hermes/, "/api");
-  const params = new URLSearchParams(ctx.search || "");
-  params.delete("token");
-  const search = params.toString();
-  const url2 = `${upstream}${upstreamPath}${search ? `?${search}` : ""}`;
+function buildProxyHeaders(ctx, upstream) {
   const headers = {};
   for (const [key, value] of Object.entries(ctx.headers)) {
     if (value == null) continue;
@@ -47064,21 +47714,80 @@ async function proxy(ctx) {
   }
   const mgr = getGatewayManager();
   if (mgr) {
-    const apiKey = mgr.getApiKey(profile);
+    const apiKey = mgr.getApiKey(resolveProfile(ctx));
     if (apiKey) {
       headers["authorization"] = `Bearer ${apiKey}`;
     }
   }
+  return headers;
+}
+var SSE_EVENTS_PATH = /^\/v1\/runs\/([^/]+)\/events$/;
+function extractRunCompletedFromChunk(chunk) {
+  const lines = chunk.split("\n");
+  for (const line of lines) {
+    if (!line.startsWith("data: ")) continue;
+    try {
+      const data = JSON.parse(line.slice(6));
+      if (data.event === "run.completed" && data.usage && data.run_id) {
+        const sessionId = getSessionForRun(data.run_id);
+        if (sessionId) {
+          updateUsage(sessionId, data.usage.input_tokens, data.usage.output_tokens);
+          return data.run_id;
+        }
+      }
+    } catch {
+    }
+  }
+  return null;
+}
+async function streamSSE(ctx, res) {
+  if (!res.body) {
+    ctx.res.end();
+    return;
+  }
+  const reader = res.body.getReader();
+  const decoder = new TextDecoder();
+  let buffer = "";
+  try {
+    while (true) {
+      const { done, value } = await reader.read();
+      if (done) break;
+      ctx.res.write(value);
+      buffer += decoder.decode(value, { stream: true });
+      let newlineIdx;
+      while ((newlineIdx = buffer.indexOf("\n\n")) !== -1) {
+        const eventBlock = buffer.slice(0, newlineIdx);
+        buffer = buffer.slice(newlineIdx + 2);
+        extractRunCompletedFromChunk(eventBlock);
+      }
+    }
+    if (buffer.trim()) {
+      extractRunCompletedFromChunk(buffer);
+    }
+  } finally {
+    ctx.res.end();
+  }
+}
+async function proxy(ctx) {
+  const profile = resolveProfile(ctx);
+  const upstream = resolveUpstream(ctx);
+  const upstreamPath = ctx.path.replace(/^\/api\/hermes\/v1/, "/v1").replace(/^\/api\/hermes/, "/api");
+  const params = new URLSearchParams(ctx.search || "");
+  params.delete("token");
+  const search2 = params.toString();
+  const url2 = `${upstream}${upstreamPath}${search2 ? `?${search2}` : ""}`;
+  const headers = buildProxyHeaders(ctx, upstream);
   try {
     let body;
     if (ctx.req.method !== "GET" && ctx.req.method !== "HEAD") {
-      body = ctx.request.rawBody;
+      const parsed = ctx.request.body;
+      if (typeof parsed === "string") {
+        body = parsed;
+      } else if (parsed && typeof parsed === "object") {
+        body = JSON.stringify(parsed);
+      }
     }
-    const requestInit = {
-      method: ctx.req.method,
-      headers,
-      body
-    };
+    const requestInit = { method: ctx.req.method, headers, body };
     let res;
     try {
       res = await fetch(url2, requestInit);
@@ -47096,6 +47805,30 @@ async function proxy(ctx) {
       }
     });
     ctx.status = res.status;
+    if (ctx.req.method === "POST" && /\/v1\/runs$/.test(upstreamPath) && body) {
+      try {
+        const parsed = JSON.parse(body);
+        if (parsed.session_id) {
+          const resBody = await res.text();
+          ctx.res.write(resBody);
+          ctx.res.end();
+          try {
+            const result = JSON.parse(resBody);
+            if (result.run_id) {
+              setRunSession(result.run_id, parsed.session_id);
+            }
+          } catch {
+          }
+          return;
+        }
+      } catch {
+      }
+    }
+    const sseMatch = upstreamPath.match(SSE_EVENTS_PATH);
+    if (sseMatch) {
+      await streamSSE(ctx, res);
+      return;
+    }
     if (res.body) {
       const reader = res.body.getReader();
       const pump = async () => {
@@ -47136,7 +47869,9 @@ async function proxyMiddleware(ctx, next) {
 function registerRoutes(app, requireAuth2) {
   app.use(healthRoutes.routes());
   app.use(webhookRoutes.routes());
+  app.use(authPublicRoutes.routes());
   app.use(requireAuth2);
+  app.use(authProtectedRoutes.routes());
   app.use(uploadRoutes.routes());
   app.use(updateRoutes.routes());
   app.use(sessionRoutes.routes());
@@ -47158,14 +47893,14 @@ function registerRoutes(app, requireAuth2) {
 var import_cors = __toESM(require_cors());
 var import_koa_static = __toESM(require_koa_static());
 var import_koa_send = __toESM(require_koa_send());
-var import_os9 = __toESM(require("os"));
-var import_path13 = require("path");
-var import_promises13 = require("fs/promises");
-var import_fs12 = require("fs");
+var import_os12 = __toESM(require("os"));
+var import_path17 = require("path");
+var import_promises14 = require("fs/promises");
+var import_fs15 = require("fs");
 init_logger();
-var APP_VERSION = true ? "0.4.2" : (() => {
+var APP_VERSION = true ? "0.4.3" : (() => {
   try {
-    return JSON.parse(readFileSync7((0, import_path13.resolve)(__dirname, "../../package.json"), "utf-8")).version;
+    return JSON.parse(readFileSync9((0, import_path17.resolve)(__dirname, "../../package.json"), "utf-8")).version;
   } catch {
     return "dev";
   }
@@ -47180,12 +47915,15 @@ process.on("unhandledRejection", (reason) => {
 var server = null;
 async function bootstrap() {
   console.log(`hermes-web-ui v${APP_VERSION} starting...`);
-  await (0, import_promises13.mkdir)(config.uploadDir, { recursive: true });
-  await (0, import_promises13.mkdir)(config.dataDir, { recursive: true });
+  await (0, import_promises14.mkdir)(config.uploadDir, { recursive: true });
+  await (0, import_promises14.mkdir)(config.dataDir, { recursive: true });
   const authToken = await getToken();
   const app = new koa_default();
   await initGatewayManager();
   console.log("[bootstrap] gateway manager initialized");
+  const { initUsageStore: initUsageStore2 } = await Promise.resolve().then(() => (init_usage_store(), usage_store_exports));
+  initUsageStore2();
+  console.log("[bootstrap] usage store initialized");
   app.use((0, import_cors.default)({ origin: config.corsOrigins }));
   app.use(bodyParserWrapper());
   console.log("[bootstrap] cors + bodyParser registered");
@@ -47196,7 +47934,7 @@ async function bootstrap() {
     console.log(`Auth enabled \u2014 token: ${authToken}`);
     logger.info("Auth enabled \u2014 token: %s", authToken);
   }
-  const distDir = (0, import_path13.resolve)(__dirname, "..", "client");
+  const distDir = (0, import_path17.resolve)(__dirname, "..", "client");
   app.use((0, import_koa_static.default)(distDir));
   app.use(async (ctx) => {
     if (!ctx.path.startsWith("/api") && ctx.path !== "/health" && ctx.path !== "/upload" && ctx.path !== "/webhook") {
@@ -47210,7 +47948,7 @@ async function bootstrap() {
   setupTerminalWebSocket(server);
   console.log("[bootstrap] terminal websocket setup");
   server.on("listening", () => {
-    const interfaces = import_os9.default.networkInterfaces();
+    const interfaces = import_os12.default.networkInterfaces();
     const localIp = Object.values(interfaces).flat().find((i) => i?.family === "IPv4" && !i?.internal)?.address || "localhost";
     console.log(`Server: http://localhost:${config.port} (LAN: http://${localIp}:${config.port})`);
     console.log(`Upstream: ${config.upstream}`);