npm - heyhank - Versions diffs - 0.1.0 → 0.2.0 - Mend

heyhank 0.1.0 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (156) hide show

package/LICENSE +21 -0
package/README.md +83 -10
package/bin/cli.ts +7 -7
package/bin/ctl.ts +42 -42
package/dist/assets/{AgentsPage-BPhirnCe.js → AgentsPage-B-AAmsMK.js} +3 -3
package/dist/assets/AssistantPage-BV1Mfwdt.js +2 -0
package/dist/assets/BusinessPage-tLpNEz19.js +1 -0
package/dist/assets/{CronManager-DDbz-yiT.js → CronManager-B-K_n3Jg.js} +1 -1
package/dist/assets/HelpPage-Bhf_j6Xr.js +1 -0
package/dist/assets/{IntegrationsPage-CrOitCmJ.js → IntegrationsPage-DAMjs9tM.js} +1 -1
package/dist/assets/JarvisHUD-C_TGXCCn.js +120 -0
package/dist/assets/MediaPage-C48HTTrt.js +1 -0
package/dist/assets/MemoryPage-JkC-qtgp.js +1 -0
package/dist/assets/{PlatformDashboard-Do6F0O2p.js → PlatformDashboard-AUo7tNnE.js} +1 -1
package/dist/assets/{Playground-Fc5cdc5p.js → Playground-AzNMsRBL.js} +1 -1
package/dist/assets/{ProcessPanel-CslEiZkI.js → ProcessPanel-DpE_2sX3.js} +1 -1
package/dist/assets/{PromptsPage-D2EhsdNO.js → PromptsPage-C2RQOs6p.js} +2 -2
package/dist/assets/RunsPage-B9UOyO79.js +1 -0
package/dist/assets/{SandboxManager-a1AVI5q2.js → SandboxManager-jHvYjwfh.js} +1 -1
package/dist/assets/SettingsPage-BBJax6gt.js +51 -0
package/dist/assets/SkillsMarketplace-IjmjfdjD.js +1 -0
package/dist/assets/SocialMediaPage-DoPZHhr2.js +10 -0
package/dist/assets/{TailscalePage-CHiFhZXF.js → TailscalePage-DDEY7ckO.js} +1 -1
package/dist/assets/TelephonyPage-OPNBZYKt.js +9 -0
package/dist/assets/{TerminalPage-Drwyrnfd.js → TerminalPage-BjMbHHW3.js} +1 -1
package/dist/assets/{gemini-live-client-C7rqAW7G.js → gemini-live-client-C70FEtX2.js} +11 -8
package/dist/assets/{index-CEqZnThB.js → index-BgYM4wXw.js} +94 -93
package/dist/assets/index-BkjSoVgn.css +32 -0
package/dist/assets/sw-register-C7NOHtIu.js +1 -0
package/dist/assets/text-chat-client-BSbLJerZ.js +2 -0
package/dist/index.html +2 -2
package/dist/sw.js +1 -1
package/package.json +6 -1
package/server/agent-executor.ts +37 -2
package/server/agent-store.ts +3 -3
package/server/agent-types.ts +11 -0
package/server/assistant-store.ts +232 -6
package/server/auth-manager.ts +9 -0
package/server/cache-headers.ts +1 -1
package/server/calendar-service.ts +10 -0
package/server/ceo/document-store.ts +129 -0
package/server/ceo/finance-store.ts +343 -0
package/server/ceo/kpi-store.ts +208 -0
package/server/ceo/memory-import.ts +277 -0
package/server/ceo/news-store.ts +208 -0
package/server/ceo/template-store.ts +134 -0
package/server/ceo/time-tracking-store.ts +227 -0
package/server/claude-auth-monitor.ts +128 -0
package/server/claude-code-worker.ts +86 -0
package/server/claude-session-discovery.ts +74 -1
package/server/cli-launcher.ts +32 -10
package/server/codex-adapter.ts +2 -2
package/server/codex-ws-proxy.cjs +1 -1
package/server/container-manager.ts +4 -4
package/server/content-intelligence/content-engine.ts +1112 -0
package/server/content-intelligence/platform-knowledge.ts +870 -0
package/server/cron-store.ts +3 -3
package/server/embedding-service.ts +49 -0
package/server/event-bus-types.ts +13 -0
package/server/federation/node-store.ts +5 -4
package/server/fs-utils.ts +28 -1
package/server/hank-notifications-store.ts +91 -0
package/server/hank-tool-executor.ts +1835 -0
package/server/hank-tools.ts +2107 -0
package/server/image-pull-manager.ts +2 -2
package/server/index.ts +25 -2
package/server/llm-providers-streaming.ts +541 -0
package/server/llm-providers.ts +12 -0
package/server/marketplace.ts +249 -0
package/server/mcp-registry.ts +158 -0
package/server/memory-service.ts +296 -0
package/server/obsidian-sync.ts +184 -0
package/server/provider-manager.ts +5 -2
package/server/provider-registry.ts +12 -0
package/server/reminder-scheduler.ts +37 -1
package/server/routes/agent-routes.ts +2 -1
package/server/routes/assistant-routes.ts +198 -5
package/server/routes/ceo-finance-kpi-routes.ts +167 -0
package/server/routes/ceo-news-time-routes.ts +137 -0
package/server/routes/ceo-routes.ts +99 -0
package/server/routes/content-routes.ts +116 -0
package/server/routes/email-routes.ts +147 -0
package/server/routes/env-routes.ts +3 -3
package/server/routes/fs-routes.ts +12 -9
package/server/routes/hank-chat-routes.ts +592 -0
package/server/routes/llm-routes.ts +12 -0
package/server/routes/marketplace-routes.ts +63 -0
package/server/routes/media-routes.ts +1 -1
package/server/routes/memory-routes.ts +127 -0
package/server/routes/platform-routes.ts +14 -675
package/server/routes/sandbox-routes.ts +1 -1
package/server/routes/settings-routes.ts +51 -1
package/server/routes/socialmedia-routes.ts +152 -2
package/server/routes/system-routes.ts +2 -2
package/server/routes/team-routes.ts +71 -0
package/server/routes/telephony-routes.ts +98 -18
package/server/routes.ts +36 -9
package/server/session-creation-service.ts +2 -2
package/server/session-orchestrator.ts +54 -2
package/server/session-types.ts +2 -0
package/server/settings-manager.ts +50 -2
package/server/skill-discovery.ts +68 -0
package/server/socialmedia/adapters/browser-adapter.ts +179 -0
package/server/socialmedia/adapters/postiz-adapter.ts +291 -14
package/server/socialmedia/manager.ts +234 -15
package/server/socialmedia/store.ts +51 -1
package/server/socialmedia/types.ts +35 -2
package/server/socialview/browser-manager.ts +150 -0
package/server/socialview/extractors.ts +1298 -0
package/server/socialview/image-describe.ts +188 -0
package/server/socialview/library.ts +119 -0
package/server/socialview/poster.ts +276 -0
package/server/socialview/routes.ts +371 -0
package/server/socialview/style-analyzer.ts +187 -0
package/server/socialview/style-profiles.ts +67 -0
package/server/socialview/types.ts +166 -0
package/server/socialview/vision.ts +127 -0
package/server/socialview/vnc-manager.ts +110 -0
package/server/style-injector.ts +135 -0
package/server/team-service.ts +239 -0
package/server/team-store.ts +75 -0
package/server/team-types.ts +52 -0
package/server/telephony/audio-bridge.ts +281 -35
package/server/telephony/audio-recorder.ts +132 -0
package/server/telephony/call-manager.ts +803 -104
package/server/telephony/call-types.ts +67 -1
package/server/telephony/esl-client.ts +319 -0
package/server/telephony/freeswitch-sync.ts +155 -0
package/server/telephony/phone-utils.ts +63 -0
package/server/telephony/telephony-store.ts +9 -8
package/server/url-validator.ts +82 -0
package/server/vault-markdown.ts +317 -0
package/server/vault-migration.ts +121 -0
package/server/vault-store.ts +466 -0
package/server/vault-watcher.ts +59 -0
package/server/vector-store.ts +210 -0
package/server/voice-pipeline/gemini-live-adapter.ts +97 -0
package/server/voice-pipeline/greeting-cache.ts +200 -0
package/server/voice-pipeline/manager.ts +249 -0
package/server/voice-pipeline/pipeline.ts +335 -0
package/server/voice-pipeline/providers/index.ts +47 -0
package/server/voice-pipeline/providers/llm-internal.ts +527 -0
package/server/voice-pipeline/providers/stt-google.ts +157 -0
package/server/voice-pipeline/providers/tts-google.ts +126 -0
package/server/voice-pipeline/types.ts +247 -0
package/server/ws-bridge-types.ts +6 -1
package/dist/assets/AssistantPage-DJ-cMQfb.js +0 -1
package/dist/assets/HelpPage-DMfkzERp.js +0 -1
package/dist/assets/MediaPage-CE5rdvkC.js +0 -1
package/dist/assets/RunsPage-C5BZF5Rx.js +0 -1
package/dist/assets/SettingsPage-DirhjQrJ.js +0 -51
package/dist/assets/SocialMediaPage-DBuM28vD.js +0 -1
package/dist/assets/TelephonyPage-x0VV0fOo.js +0 -1
package/dist/assets/index-C8M_PUmX.css +0 -32
package/dist/assets/sw-register-LSSpj6RU.js +0 -1
package/server/socialmedia/adapters/ayrshare-adapter.ts +0 -169

package/server/routes/content-routes.ts ADDED Viewed

@@ -0,0 +1,116 @@
+// ─── Content Engine Routes ──────────────────────────────────────────────────
+// REST API for the Content Engine / Ad Creator system.
+import type { Hono } from "hono";
+export function registerContentRoutes(api: Hono): void {
+  /** Analyze a website — extract brand identity, products, colors, tone */
+  api.post("/content/analyze", async (c) => {
+    try {
+      const body = await c.req.json();
+      const url = (body.url || "").trim();
+      if (!url) return c.json({ error: "url is required" }, 400);
+      const { analyzeWebsite } = await import("../content-intelligence/content-engine.js");
+      const intelligence = await analyzeWebsite(url);
+      return c.json(intelligence);
+    } catch (e) {
+      return c.json({ error: e instanceof Error ? e.message : "Analysis failed" }, 500);
+    }
+  });
+  /** Create a content strategy based on website analysis */
+  api.post("/content/strategy", async (c) => {
+    try {
+      const body = await c.req.json();
+      const url = (body.url || "").trim();
+      if (!url) return c.json({ error: "url is required" }, 400);
+      const platformsStr = (body.platforms as string | undefined) || "instagram,linkedin,facebook";
+      const platforms = Array.isArray(platformsStr)
+        ? platformsStr
+        : platformsStr.split(",").map((p: string) => p.trim()).filter(Boolean);
+      const { analyzeWebsite, createContentStrategy } = await import("../content-intelligence/content-engine.js");
+      const intelligence = await analyzeWebsite(url);
+      const strategy = createContentStrategy(intelligence, platforms);
+      return c.json(strategy);
+    } catch (e) {
+      return c.json({ error: e instanceof Error ? e.message : "Strategy creation failed" }, 500);
+    }
+  });
+  /** Generate platform-optimized content pieces */
+  api.post("/content/generate", async (c) => {
+    try {
+      const body = await c.req.json();
+      const url = (body.url || "").trim();
+      const platform = (body.platform || "").trim();
+      if (!url) return c.json({ error: "url is required" }, 400);
+      if (!platform) return c.json({ error: "platform is required" }, 400);
+      const count = body.count || 5;
+      const journeyStage = body.journeyStage || undefined;
+      const styleProfileHandle =
+        typeof body.styleProfileHandle === "string" && body.styleProfileHandle.trim()
+          ? body.styleProfileHandle.trim()
+          : undefined;
+      const { analyzeWebsite, createContentStrategy, generateSmartContent } = await import("../content-intelligence/content-engine.js");
+      const intelligence = await analyzeWebsite(url);
+      const strategy = createContentStrategy(intelligence, [platform]);
+      const pieces = await generateSmartContent({
+        intelligence,
+        strategy,
+        platform,
+        journeyStage,
+        count,
+        styleProfileHandle,
+      });
+      return c.json({ pieces, count: pieces.length });
+    } catch (e) {
+      return c.json({ error: e instanceof Error ? e.message : "Content generation failed" }, 500);
+    }
+  });
+  /** Generate ad creatives */
+  api.post("/content/ads", async (c) => {
+    try {
+      const body = await c.req.json();
+      const url = (body.url || "").trim();
+      const platform = (body.platform || "").trim();
+      if (!url) return c.json({ error: "url is required" }, 400);
+      if (!platform) return c.json({ error: "platform is required" }, 400);
+      const count = body.count || 3;
+      const { analyzeWebsite, generateAdCreatives } = await import("../content-intelligence/content-engine.js");
+      const intelligence = await analyzeWebsite(url);
+      const ads = await generateAdCreatives({ intelligence, platform, count });
+      return c.json({ ads, count: ads.length });
+    } catch (e) {
+      return c.json({ error: e instanceof Error ? e.message : "Ad generation failed" }, 500);
+    }
+  });
+  /** Generate a complete multi-week content plan */
+  api.post("/content/plan", async (c) => {
+    try {
+      const body = await c.req.json();
+      const url = (body.url || "").trim();
+      if (!url) return c.json({ error: "url is required" }, 400);
+      const platformsStr = (body.platforms as string | undefined) || "instagram,linkedin,facebook";
+      const platforms = Array.isArray(platformsStr)
+        ? platformsStr
+        : platformsStr.split(",").map((p: string) => p.trim()).filter(Boolean);
+      const weeks = body.weeks || 4;
+      const { generateContentPlan } = await import("../content-intelligence/content-engine.js");
+      const plan = await generateContentPlan({ url, platforms, weeks });
+      return c.json(plan);
+    } catch (e) {
+      return c.json({ error: e instanceof Error ? e.message : "Plan generation failed" }, 500);
+    }
+  });
+}

package/server/routes/email-routes.ts ADDED Viewed

@@ -0,0 +1,147 @@
+// ─── Email Routes ────────────────────────────────────────────────────────────
+// REST API for multi-account email management (IMAP/SMTP).
+import type { Hono } from "hono";
+import * as email from "../email-service.js";
+import type { EmailAccount } from "../email-service.js";
+/** Strip auth.pass from an account object before returning it to the client. */
+function sanitizeAccount(account: EmailAccount): Omit<EmailAccount, "auth"> & { auth: { user: string } } {
+  const { auth, ...rest } = account;
+  return { ...rest, auth: { user: auth.user } };
+}
+export function registerEmailRoutes(api: Hono): void {
+  // ─── Account Management ─────────────────────────────────────────────
+  api.get("/assistant/email/accounts", (c) => {
+    const accounts = email.loadAccounts().map(sanitizeAccount);
+    return c.json({ accounts });
+  });
+  api.post("/assistant/email/accounts", async (c) => {
+    const body = await c.req.json<{
+      name: string;
+      email: string;
+      imap: { host: string; port: number; secure: boolean };
+      smtp: { host: string; port: number; secure: boolean };
+      auth: { user: string; pass: string };
+    }>();
+    if (!body.name || !body.email || !body.imap || !body.smtp || !body.auth) {
+      return c.json({ error: "name, email, imap, smtp, and auth are required" }, 400);
+    }
+    const account = email.addAccount(body);
+    return c.json(sanitizeAccount(account));
+  });
+  api.delete("/assistant/email/accounts/:id", (c) => {
+    const ok = email.removeAccount(c.req.param("id"));
+    return c.json({ ok });
+  });
+  api.post("/assistant/email/accounts/:id/test", async (c) => {
+    const account = email.getAccount(c.req.param("id"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    try {
+      await email.listEmails(account, { limit: 1 });
+      return c.json({ ok: true, message: "IMAP connection successful" });
+    } catch (err: any) {
+      return c.json({ ok: false, error: err?.message || "connection failed" }, 500);
+    }
+  });
+  // ─── Unread Summary ─────────────────────────────────────────────────
+  api.get("/assistant/email/unread", async (c) => {
+    try {
+      const summary = await email.getUnreadSummary();
+      return c.json({ summary });
+    } catch (err: any) {
+      return c.json({ error: err?.message || "failed to get unread summary" }, 500);
+    }
+  });
+  // ─── Per-Account Email Operations ───────────────────────────────────
+  api.get("/assistant/email/:accountId/messages", async (c) => {
+    const account = email.getAccount(c.req.param("accountId"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    const limit = c.req.query("limit") ? Number(c.req.query("limit")) : undefined;
+    const unseen = c.req.query("unseen") === "true" ? true : undefined;
+    const folder = c.req.query("folder") || undefined;
+    try {
+      const messages = await email.listEmails(account, { limit, unseen, folder });
+      return c.json({ messages });
+    } catch (err: any) {
+      return c.json({ error: err?.message || "failed to list emails" }, 500);
+    }
+  });
+  api.get("/assistant/email/:accountId/messages/:uid", async (c) => {
+    const account = email.getAccount(c.req.param("accountId"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    const uid = Number(c.req.param("uid"));
+    const folder = c.req.query("folder") || undefined;
+    try {
+      const message = await email.readEmail(account, uid, folder);
+      if (!message) return c.json({ error: "message not found" }, 404);
+      return c.json({ message });
+    } catch (err: any) {
+      return c.json({ error: err?.message || "failed to read email" }, 500);
+    }
+  });
+  api.get("/assistant/email/:accountId/search", async (c) => {
+    const account = email.getAccount(c.req.param("accountId"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    const q = c.req.query("q");
+    if (!q) return c.json({ error: "q query parameter is required" }, 400);
+    const limit = c.req.query("limit") ? Number(c.req.query("limit")) : undefined;
+    try {
+      const messages = await email.searchEmails(account, q, limit);
+      return c.json({ messages });
+    } catch (err: any) {
+      return c.json({ error: err?.message || "search failed" }, 500);
+    }
+  });
+  api.post("/assistant/email/:accountId/send", async (c) => {
+    const account = email.getAccount(c.req.param("accountId"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    const body = await c.req.json<{ to: string; subject: string; body: string }>();
+    if (!body.to || !body.subject || !body.body) {
+      return c.json({ error: "to, subject, and body are required" }, 400);
+    }
+    try {
+      const result = await email.sendEmail(account, body.to, body.subject, body.body);
+      return c.json(result);
+    } catch (err: any) {
+      return c.json({ error: err?.message || "failed to send email" }, 500);
+    }
+  });
+  api.post("/assistant/email/:accountId/reply", async (c) => {
+    const account = email.getAccount(c.req.param("accountId"));
+    if (!account) return c.json({ error: "account not found" }, 404);
+    const body = await c.req.json<{ uid: number; body: string }>();
+    if (!body.uid || !body.body) {
+      return c.json({ error: "uid and body are required" }, 400);
+    }
+    try {
+      const result = await email.replyToEmail(account, body.uid, body.body);
+      return c.json(result);
+    } catch (err: any) {
+      return c.json({ error: err?.message || "failed to reply" }, 500);
+    }
+  });
+}

package/server/routes/env-routes.ts CHANGED Viewed

@@ -65,7 +65,7 @@ export function registerEnvRoutes(
       return c.json({ error: "Base Dockerfile not found at " + dockerfilePath }, 404);
     }
     try {
-      const log = containerManager.buildImage(dockerfilePath, "the-companion:latest");
+      const log = containerManager.buildImage(dockerfilePath, "heyhank:latest");
       return c.json({ success: true, log });
     } catch (e: unknown) {
       return c.json({ success: false, error: e instanceof Error ? e.message : String(e) }, 500);
@@ -73,8 +73,8 @@ export function registerEnvRoutes(
   });
   api.get("/docker/base-image", (c) => {
-    const exists = containerManager.imageExists("the-companion:latest");
-    return c.json({ exists, image: "the-companion:latest" });
+    const exists = containerManager.imageExists("heyhank:latest");
+    return c.json({ exists, image: "heyhank:latest" });
   });
   api.get("/images/:tag/status", (c) => {

package/server/routes/fs-routes.ts CHANGED Viewed

@@ -112,7 +112,7 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
     const cwd = process.cwd();
     // Only report cwd if the user launched heyhank from a real project directory
     // (not from the package root or the home directory itself)
-    const packageRoot = process.env.__HEYHANK_PACKAGE_ROOT || process.env.__COMPANION_PACKAGE_ROOT;
+    const packageRoot = process.env.__HEYHANK_PACKAGE_ROOT || process.env.__COMPANION_PACKAGE_ROOT /* legacy */;
     const isProjectDir =
       cwd !== home &&
       (!packageRoot || !cwd.startsWith(packageRoot));
@@ -243,14 +243,15 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
     const filePath = c.req.query("path");
     if (!filePath) return c.json({ error: "path required" }, 400);
     const base = c.req.query("base");
-    const absPath = resolve(filePath);
+    const absPath = guardPath(filePath, allowedBases());
+    if (!absPath) return c.json({ error: "Path outside allowed directories" }, 403);
     try {
       const repoRoot = execSync("git rev-parse --show-toplevel", {
         cwd: dirname(absPath),
         encoding: "utf-8",
         timeout: 5000,
       }).trim();
-      const relPath = execSync(`git -C "${repoRoot}" ls-files --full-name -- "${absPath}"`, {
+      const relPath = execSync(`git -C ${shellEscapeArg(repoRoot)} ls-files --full-name -- ${shellEscapeArg(absPath)}`, {
         encoding: "utf-8",
         timeout: 5000,
       }).trim() || absPath;
@@ -261,7 +262,7 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
         const diffBases = resolveBranchDiffBases(repoRoot);
         for (const b of diffBases) {
           try {
-            diff = execCaptureStdout(`git diff ${b} -- "${relPath}"`, {
+            diff = execCaptureStdout(`git diff ${shellEscapeArg(b)} -- ${shellEscapeArg(relPath)}`, {
               cwd: repoRoot,
               encoding: "utf-8",
               timeout: 5000,
@@ -273,7 +274,7 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
         }
       } else {
         try {
-          diff = execCaptureStdout(`git diff HEAD -- "${relPath}"`, {
+          diff = execCaptureStdout(`git diff HEAD -- ${shellEscapeArg(relPath)}`, {
             cwd: repoRoot,
             encoding: "utf-8",
             timeout: 5000,
@@ -284,13 +285,13 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
       }
       if (!diff.trim()) {
-        const untracked = execSync(`git ls-files --others --exclude-standard -- "${relPath}"`, {
+        const untracked = execSync(`git ls-files --others --exclude-standard -- ${shellEscapeArg(relPath)}`, {
           cwd: repoRoot,
           encoding: "utf-8",
           timeout: 5000,
         }).trim();
         if (untracked) {
-          diff = execCaptureStdout(`git diff --no-index -- /dev/null "${absPath}"`, {
+          diff = execCaptureStdout(`git diff --no-index -- /dev/null ${shellEscapeArg(absPath)}`, {
             cwd: repoRoot,
             encoding: "utf-8",
             timeout: 5000,
@@ -312,7 +313,8 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
     const cwd = c.req.query("cwd");
     if (!cwd) return c.json({ error: "cwd required" }, 400);
     const base = c.req.query("base"); // "last-commit" | "default-branch" | undefined
-    const resolvedCwd = resolve(cwd);
+    const resolvedCwd = guardPath(cwd, allowedBases());
+    if (!resolvedCwd) return c.json({ error: "Path outside allowed directories" }, 403);
     try {
       const repoRoot = execSync("git rev-parse --show-toplevel", {
         cwd: resolvedCwd,
@@ -604,7 +606,8 @@ export function registerFsRoutes(api: Hono, opts?: { allowedBases?: string[] }):
     if (base !== "CLAUDE.md") {
       return c.json({ error: "Can only write CLAUDE.md files" }, 400);
     }
-    const absPath = resolve(filePath);
+    const absPath = guardPath(filePath, allowedBases());
+    if (!absPath) return c.json({ error: "Path outside allowed directories" }, 403);
     if (!absPath.endsWith("/CLAUDE.md") && !absPath.endsWith("/.claude/CLAUDE.md")) {
       return c.json({ error: "Invalid CLAUDE.md path" }, 400);
     }