kabanos 1.0.0

package/dist/index.d.ts

@@ -0,0 +1,109 @@
+import { R as ResolvedKanbanConfig, S as SourceComment, a as StorageAdapter, B as BoardState, A as Actor, C as ColumnConfig } from './core-C0gUmthe.js';
+export { b as AuthConfig, c as Card, d as CardStatus, e as CommentParser, K as KabanosInstance, f as KanbanConfig, N as NodeRequest, g as ScanConfig, h as StorageConfig, T as TagConfig, i as ThemeMode, j as ThemeTokens, k as createKabanos, l as defineConfig, r as resolveConfig } from './core-C0gUmthe.js';
+import { Kysely } from 'kysely';
+import 'node:http';
+
+declare class KabanosError extends Error {
+    readonly code: string;
+    readonly status: number;
+    constructor(code: string, message: string, status?: number);
+}
+
+declare function extractComments(filePath: string, source: string, tags: string[]): SourceComment[];
+declare function parseComments(config: ResolvedKanbanConfig, filePath: string, source: string): SourceComment[];
+declare class ProjectScanner {
+    private cache;
+    scan(config: ResolvedKanbanConfig): Promise<SourceComment[]>;
+}
+declare function scanProject(config: ResolvedKanbanConfig): Promise<SourceComment[]>;
+
+interface DB {
+    schema_migrations: {
+        version: number;
+        applied_at: string;
+    };
+    boards: {
+        id: string;
+        name: string;
+        created_at: string;
+    };
+    columns: {
+        id: string;
+        board_id: string;
+        name: string;
+        position: number;
+        completion: number;
+        color_token: string | null;
+    };
+    cards: {
+        id: string;
+        board_id: string;
+        column_id: string;
+        position: number;
+        tag: string;
+        title: string;
+        body: string;
+        notes: string;
+        assignee: string | null;
+        labels: string;
+        priority: string;
+        source_file_path: string;
+        source_line: number;
+        source_content_hash: string;
+        source_context_hash: string;
+        source_occurrence: number;
+        status: string;
+        created_at: string;
+        updated_at: string;
+    };
+    resolved_fingerprints: {
+        id: string;
+        board_id: string;
+        card_id: string;
+        file_path: string;
+        content_hash: string;
+        context_hash: string;
+        occurrence: number;
+        resolved_at: string;
+        resolved_by: string | null;
+    };
+    settings: {
+        board_id: string;
+        value: string;
+    };
+    activity_log: {
+        id: string;
+        card_id: string;
+        action: string;
+        from_status: string | null;
+        to_status: string | null;
+        actor: string | null;
+        created_at: string;
+    };
+}
+declare class SqlStorage implements StorageAdapter {
+    private readonly db;
+    private readonly config;
+    constructor(db: Kysely<DB>, config: ResolvedKanbanConfig);
+    migrate(): Promise<void>;
+    initialize(config: ResolvedKanbanConfig): Promise<void>;
+    getBoard(): Promise<BoardState>;
+    reconcile(comments: SourceComment[]): Promise<{
+        created: number;
+        updated: number;
+        archived: number;
+    }>;
+    moveCard(id: string, columnId: string, position: number, actor?: Actor): Promise<void>;
+    updateCard(id: string, patch: {
+        notes?: string;
+        assignee?: string | null;
+        labels?: string[];
+    }, actor?: Actor): Promise<void>;
+    getActivity(cardId: string): Promise<unknown[]>;
+    updateSettings(patch: Record<string, unknown>): Promise<void>;
+    replaceColumns(columns: ColumnConfig[], destinationColumnId?: string): Promise<void>;
+    close(): Promise<void>;
+}
+declare function createStorage(config: ResolvedKanbanConfig): Promise<SqlStorage>;
+
+export { Actor, BoardState, ColumnConfig, KabanosError, ProjectScanner, ResolvedKanbanConfig, SourceComment, SqlStorage, StorageAdapter, createStorage, extractComments, parseComments, scanProject };

package/dist/index.js

@@ -0,0 +1,487 @@
+// src/config.ts
+import path from "path";
+import { z } from "zod";
+var schema = z.object({
+  projectRoot: z.string().optional(),
+  mountPath: z.string().regex(/^\/[\w/-]*$/).optional(),
+  boardName: z.string().min(1).optional(),
+  columns: z.array(z.union([z.string().min(1), z.object({ id: z.string().min(1), name: z.string().min(1), completion: z.boolean().optional(), colorToken: z.string().optional() })])).optional(),
+  scan: z.object({ include: z.array(z.string()).optional(), exclude: z.array(z.string()).optional(), tags: z.record(z.string(), z.object({ column: z.string(), priority: z.enum(["low", "normal", "high"]).optional(), label: z.string().optional() })).optional(), watch: z.boolean().optional(), intervalMs: z.number().int().nonnegative().optional(), maxFileSize: z.number().int().positive().optional(), parsers: z.array(z.custom((value) => Boolean(value) && typeof value === "object" && typeof value.parse === "function")).optional() }).optional(),
+  storage: z.object({ adapter: z.enum(["sqlite", "postgres", "mysql"]).optional(), connectionString: z.string().optional(), filename: z.string().optional() }).optional(),
+  theme: z.object({ default: z.enum(["light", "dark", "system"]).optional(), overrides: z.record(z.string(), z.string()).optional() }).optional(),
+  auth: z.object({ enabled: z.boolean().optional(), guard: z.function().optional(), actor: z.function().optional() }).optional()
+});
+function defineConfig(config) {
+  return config;
+}
+function resolveConfig(input = {}) {
+  const value = schema.parse(input);
+  const root = path.resolve(value.projectRoot ?? process.cwd());
+  const columns = (value.columns ?? ["Backlog", "In Progress", "Done"]).map((column, index, all) => typeof column === "string" ? { id: column.toLowerCase().replace(/[^a-z0-9]+/g, "-"), name: column, completion: index === all.length - 1 } : column);
+  if (columns.filter((column) => column.completion).length !== 1) throw new Error("Kabanos requires exactly one completion column.");
+  const enabled = value.auth?.enabled ?? true;
+  if (enabled && !value.auth?.guard) throw new Error("Kabanos requires auth.guard, or auth.enabled: false as an explicit public opt-out.");
+  return {
+    projectRoot: root,
+    mountPath: value.mountPath ?? "/admin/kb",
+    boardName: value.boardName ?? "Code board",
+    columns,
+    scan: {
+      include: value.scan?.include ?? ["**/*.{ts,tsx,js,jsx,mjs,cjs,py,go,rs,css,scss,html}"],
+      exclude: value.scan?.exclude ?? ["node_modules/**", "dist/**", "build/**", ".git/**", ".kanban/**", "**/*.min.*"],
+      tags: value.scan?.tags ?? { TODO: { column: "backlog", priority: "normal" }, FIXME: { column: "in-progress", priority: "high" } },
+      watch: value.scan?.watch ?? process.env.NODE_ENV === "development",
+      intervalMs: value.scan?.intervalMs ?? 0,
+      maxFileSize: value.scan?.maxFileSize ?? 1e6,
+      parsers: value.scan?.parsers ?? []
+    },
+    storage: { adapter: value.storage?.adapter ?? "sqlite", connectionString: value.storage?.connectionString ?? "", filename: path.resolve(root, value.storage?.filename ?? ".kanban/board.db") },
+    theme: { default: value.theme?.default ?? "system", overrides: value.theme?.overrides ?? {} },
+    auth: { enabled, ...value.auth }
+  };
+}
+
+// src/core.ts
+import { readFile as readFile2 } from "fs/promises";
+import path4 from "path";
+import { fileURLToPath } from "url";
+import chokidar from "chokidar";
+import { z as z2 } from "zod";
+
+// src/errors.ts
+var KabanosError = class extends Error {
+  constructor(code, message, status = 400) {
+    super(message);
+    this.code = code;
+    this.status = status;
+    this.name = "KabanosError";
+  }
+  code;
+  status;
+};
+
+// src/scanner.ts
+import { createHash } from "crypto";
+import { readFile, stat } from "fs/promises";
+import path2 from "path";
+import fg from "fast-glob";
+import ignore from "ignore";
+var COMMENT_PATTERNS = {
+  js: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  ts: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  jsx: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  tsx: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  py: [/#([^\n]*)/g],
+  go: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  rs: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  css: [/\/\*([\s\S]*?)\*\//g],
+  scss: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  html: [/<!--([\s\S]*?)-->/g],
+  mjs: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g],
+  cjs: [/\/\/([^\n]*)/g, /\/\*([\s\S]*?)\*\//g]
+};
+var hash = (value) => createHash("sha256").update(value).digest("hex");
+var normalize = (value) => value.replace(/^\s*[*#/-]+\s?/gm, "").replace(/\s+/g, " ").trim();
+function extractComments(filePath, source, tags) {
+  const extension = path2.extname(filePath).slice(1).toLowerCase();
+  const patterns = COMMENT_PATTERNS[extension] ?? [];
+  const tagPattern = new RegExp(`\\b(${tags.map(escapeRegExp).join("|")})\\b(?:\\s*[:(-]?\\s*)?([\\s\\S]*)`, "i");
+  const candidates = [];
+  for (const pattern of patterns) {
+    pattern.lastIndex = 0;
+    for (const match of source.matchAll(pattern)) {
+      const raw = match[1] ?? match[0];
+      const normalized = normalize(raw);
+      const tagged = normalized.match(tagPattern);
+      if (!tagged || match.index === void 0) continue;
+      const before = source.slice(0, match.index);
+      const line = before.split("\n").length;
+      const endLine = line + match[0].split("\n").length - 1;
+      const tag = tagged[1].toUpperCase();
+      const text = (tagged[2] ?? "").trim() || tag;
+      const lines = source.split("\n");
+      const context = lines.slice(Math.max(0, line - 3), Math.min(lines.length, endLine + 2)).join("\n");
+      candidates.push({ filePath, line, endLine, tag, text, rawText: match[0], contentHash: hash(`${tag}:${text}`), contextHash: hash(context) });
+    }
+  }
+  candidates.sort((a, b) => a.line - b.line);
+  const occurrences = /* @__PURE__ */ new Map();
+  return candidates.map((comment) => {
+    const occurrence = occurrences.get(comment.contentHash) ?? 0;
+    occurrences.set(comment.contentHash, occurrence + 1);
+    return { ...comment, occurrence };
+  });
+}
+function parseComments(config, filePath, source) {
+  const extension = path2.extname(filePath).slice(1).toLowerCase();
+  const parser = config.scan.parsers.find((candidate) => candidate.extensions.map((value) => value.replace(/^\./, "").toLowerCase()).includes(extension));
+  return parser ? parser.parse(filePath, source, Object.keys(config.scan.tags)) : extractComments(filePath, source, Object.keys(config.scan.tags));
+}
+var ProjectScanner = class {
+  cache = /* @__PURE__ */ new Map();
+  async scan(config) {
+    const gitignore = ignore();
+    try {
+      gitignore.add(await readFile(path2.join(config.projectRoot, ".gitignore"), "utf8"));
+    } catch {
+    }
+    gitignore.add(config.scan.exclude);
+    const files = await fg(config.scan.include, { cwd: config.projectRoot, onlyFiles: true, followSymbolicLinks: false, dot: true, unique: true });
+    const active = /* @__PURE__ */ new Set();
+    const comments = [];
+    for (const relative of files.sort()) {
+      const safeRelative = relative.replaceAll("\\", "/");
+      if (gitignore.ignores(safeRelative)) continue;
+      const absolute = path2.resolve(config.projectRoot, relative);
+      if (!isWithin(config.projectRoot, absolute)) continue;
+      const info = await stat(absolute);
+      if (!info.isFile() || info.size > config.scan.maxFileSize) continue;
+      active.add(safeRelative);
+      const cached = this.cache.get(safeRelative);
+      if (cached && cached.mtimeMs === info.mtimeMs && cached.size === info.size) {
+        comments.push(...cached.comments);
+        continue;
+      }
+      const parsed = parseComments(config, safeRelative, await readFile(absolute, "utf8"));
+      this.cache.set(safeRelative, { mtimeMs: info.mtimeMs, size: info.size, comments: parsed });
+      comments.push(...parsed);
+    }
+    for (const key of this.cache.keys()) if (!active.has(key)) this.cache.delete(key);
+    return comments;
+  }
+};
+async function scanProject(config) {
+  return new ProjectScanner().scan(config);
+}
+function isWithin(root, candidate) {
+  const relative = path2.relative(path2.resolve(root), path2.resolve(candidate));
+  return relative !== ".." && !relative.startsWith(`..${path2.sep}`) && !path2.isAbsolute(relative);
+}
+function escapeRegExp(value) {
+  return value.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+
+// src/storage.ts
+import { randomUUID } from "crypto";
+import { mkdir } from "fs/promises";
+import path3 from "path";
+import Database from "better-sqlite3";
+import { Kysely, MysqlDialect, PostgresDialect, SqliteDialect, sql } from "kysely";
+var SqlStorage = class {
+  constructor(db, config) {
+    this.db = db;
+    this.config = config;
+  }
+  db;
+  config;
+  async migrate() {
+    await this.db.schema.createTable("schema_migrations").ifNotExists().addColumn("version", "integer", (c) => c.primaryKey()).addColumn("applied_at", "varchar(32)", (c) => c.notNull()).execute();
+    const applied = new Set((await this.db.selectFrom("schema_migrations").select("version").execute()).map((r) => r.version));
+    const migrations = [
+      { version: 1, up: async (db) => {
+        await db.schema.createTable("boards").ifNotExists().addColumn("id", "varchar(64)", (c) => c.primaryKey()).addColumn("name", "varchar(255)", (c) => c.notNull()).addColumn("created_at", "varchar(32)", (c) => c.notNull()).execute();
+        await db.schema.createTable("columns").ifNotExists().addColumn("id", "varchar(64)", (c) => c.primaryKey()).addColumn("board_id", "varchar(64)", (c) => c.notNull()).addColumn("name", "varchar(255)", (c) => c.notNull()).addColumn("position", "integer", (c) => c.notNull()).addColumn("completion", "integer", (c) => c.notNull()).addColumn("color_token", "varchar(64)").execute();
+        await db.schema.createTable("cards").ifNotExists().addColumn("id", "varchar(64)", (c) => c.primaryKey()).addColumn("board_id", "varchar(64)", (c) => c.notNull()).addColumn("column_id", "varchar(64)", (c) => c.notNull()).addColumn("position", "integer", (c) => c.notNull()).addColumn("tag", "varchar(64)", (c) => c.notNull()).addColumn("title", "text", (c) => c.notNull()).addColumn("body", "text", (c) => c.notNull()).addColumn("notes", "text", (c) => c.notNull()).addColumn("assignee", "varchar(255)").addColumn("labels", "text", (c) => c.notNull()).addColumn("priority", "varchar(32)", (c) => c.notNull()).addColumn("source_file_path", "text", (c) => c.notNull()).addColumn("source_line", "integer", (c) => c.notNull()).addColumn("source_content_hash", "varchar(64)", (c) => c.notNull()).addColumn("source_context_hash", "varchar(64)", (c) => c.notNull()).addColumn("source_occurrence", "integer", (c) => c.notNull()).addColumn("status", "varchar(32)", (c) => c.notNull()).addColumn("created_at", "varchar(32)", (c) => c.notNull()).addColumn("updated_at", "varchar(32)", (c) => c.notNull()).execute();
+        await db.schema.createTable("resolved_fingerprints").ifNotExists().addColumn("id", "varchar(64)", (c) => c.primaryKey()).addColumn("board_id", "varchar(64)", (c) => c.notNull()).addColumn("card_id", "varchar(64)", (c) => c.notNull()).addColumn("file_path", "text", (c) => c.notNull()).addColumn("content_hash", "varchar(64)", (c) => c.notNull()).addColumn("context_hash", "varchar(64)", (c) => c.notNull()).addColumn("occurrence", "integer", (c) => c.notNull()).addColumn("resolved_at", "varchar(32)", (c) => c.notNull()).addColumn("resolved_by", "varchar(255)").execute();
+        await db.schema.createTable("settings").ifNotExists().addColumn("board_id", "varchar(64)", (c) => c.primaryKey()).addColumn("value", "text", (c) => c.notNull()).execute();
+        await db.schema.createTable("activity_log").ifNotExists().addColumn("id", "varchar(64)", (c) => c.primaryKey()).addColumn("card_id", "varchar(64)", (c) => c.notNull()).addColumn("action", "varchar(64)", (c) => c.notNull()).addColumn("from_status", "varchar(32)").addColumn("to_status", "varchar(32)").addColumn("actor", "varchar(255)").addColumn("created_at", "varchar(32)", (c) => c.notNull()).execute();
+      } }
+    ];
+    for (const migration of migrations) {
+      if (applied.has(migration.version)) continue;
+      await migration.up(this.db);
+      await this.db.insertInto("schema_migrations").values({ version: migration.version, applied_at: (/* @__PURE__ */ new Date()).toISOString() }).execute();
+    }
+  }
+  async initialize(config) {
+    await this.migrate();
+    const board = await this.db.selectFrom("boards").selectAll().where("id", "=", "default").executeTakeFirst();
+    if (board) return;
+    const now = (/* @__PURE__ */ new Date()).toISOString();
+    await this.db.transaction().execute(async (trx) => {
+      await trx.insertInto("boards").values({ id: "default", name: config.boardName, created_at: now }).execute();
+      await trx.insertInto("columns").values(config.columns.map((column, position) => ({ id: column.id, board_id: "default", name: column.name, position, completion: column.completion ? 1 : 0, color_token: column.colorToken ?? null }))).execute();
+      await trx.insertInto("settings").values({ board_id: "default", value: JSON.stringify({ theme: config.theme.default, tokenOverrides: config.theme.overrides, scan: { include: config.scan.include, exclude: config.scan.exclude } }) }).execute();
+    });
+  }
+  async getBoard() {
+    const [board, columns, cards, settings] = await Promise.all([
+      this.db.selectFrom("boards").selectAll().where("id", "=", "default").executeTakeFirstOrThrow(),
+      this.db.selectFrom("columns").selectAll().where("board_id", "=", "default").orderBy("position").execute(),
+      this.db.selectFrom("cards").selectAll().where("board_id", "=", "default").where("status", "!=", "archived").orderBy("position").execute(),
+      this.db.selectFrom("settings").selectAll().where("board_id", "=", "default").executeTakeFirst()
+    ]);
+    return { id: board.id, name: board.name, columns: columns.map((c) => ({ id: c.id, name: c.name, position: c.position, completion: Boolean(c.completion), ...c.color_token ? { colorToken: c.color_token } : {} })), cards: cards.map(toCard), settings: JSON.parse(settings?.value ?? "{}") };
+  }
+  async reconcile(comments) {
+    return this.db.transaction().execute(async (trx) => {
+      const [cards, resolved, columns] = await Promise.all([
+        trx.selectFrom("cards").selectAll().where("board_id", "=", "default").execute(),
+        trx.selectFrom("resolved_fingerprints").selectAll().where("board_id", "=", "default").execute(),
+        trx.selectFrom("columns").selectAll().where("board_id", "=", "default").execute()
+      ]);
+      const seen = /* @__PURE__ */ new Set();
+      const createdPerColumn = /* @__PURE__ */ new Map();
+      let updated = 0, archived = 0;
+      for (const comment of comments) {
+        const exact = cards.find((c) => c.source_file_path === comment.filePath && c.source_content_hash === comment.contentHash && c.source_occurrence === comment.occurrence && c.status !== "archived");
+        if (exact) {
+          seen.add(exact.id);
+          if (exact.source_line !== comment.line || exact.source_context_hash !== comment.contextHash) {
+            await trx.updateTable("cards").set({ source_line: comment.line, source_context_hash: comment.contextHash, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).where("id", "=", exact.id).execute();
+            updated++;
+          }
+          continue;
+        }
+        const suppressed = resolved.some((r) => r.file_path === comment.filePath && r.content_hash === comment.contentHash && r.occurrence === comment.occurrence);
+        if (suppressed) continue;
+        const changed = cards.filter((c) => c.source_file_path === comment.filePath && !seen.has(c.id) && c.status !== "resolved" && c.status !== "archived").sort((a, b) => Number(b.source_context_hash === comment.contextHash) - Number(a.source_context_hash === comment.contextHash) || Math.abs(a.source_line - comment.line) - Math.abs(b.source_line - comment.line))[0];
+        if (changed) {
+          seen.add(changed.id);
+          await trx.updateTable("cards").set({ tag: comment.tag, title: comment.text, body: comment.rawText, source_line: comment.line, source_content_hash: comment.contentHash, source_context_hash: comment.contextHash, status: "changed", updated_at: (/* @__PURE__ */ new Date()).toISOString() }).where("id", "=", changed.id).execute();
+          updated++;
+          continue;
+        }
+        const tag = this.config.scan.tags[comment.tag];
+        const column = columns.find((c) => c.id === tag?.column) ?? columns[0];
+        if (!column) throw new Error("Board has no columns.");
+        const colCreated = createdPerColumn.get(column.id) ?? 0;
+        const id = randomUUID(), now = (/* @__PURE__ */ new Date()).toISOString();
+        await trx.insertInto("cards").values({ id, board_id: "default", column_id: column.id, position: cards.filter((c) => c.column_id === column.id).length + colCreated, tag: comment.tag, title: comment.text, body: comment.rawText, notes: "", assignee: null, labels: JSON.stringify(tag?.label ? [tag.label] : []), priority: tag?.priority ?? "normal", source_file_path: comment.filePath, source_line: comment.line, source_content_hash: comment.contentHash, source_context_hash: comment.contextHash, source_occurrence: comment.occurrence, status: "open", created_at: now, updated_at: now }).execute();
+        await log(trx, id, "created", null, "open", void 0);
+        seen.add(id);
+        createdPerColumn.set(column.id, colCreated + 1);
+      }
+      for (const card of cards.filter((c) => c.status !== "archived" && !seen.has(c.id))) {
+        await trx.updateTable("cards").set({ status: "archived", updated_at: (/* @__PURE__ */ new Date()).toISOString() }).where("id", "=", card.id).execute();
+        await log(trx, card.id, "archived", card.status, "archived", void 0);
+        archived++;
+      }
+      const created = [...createdPerColumn.values()].reduce((a, b) => a + b, 0);
+      return { created, updated, archived };
+    });
+  }
+  async moveCard(id, columnId, position, actor) {
+    await this.db.transaction().execute(async (trx) => {
+      const [card, column] = await Promise.all([trx.selectFrom("cards").selectAll().where("id", "=", id).executeTakeFirst(), trx.selectFrom("columns").selectAll().where("id", "=", columnId).executeTakeFirst()]);
+      if (!card) throw new KabanosError("CARD_NOT_FOUND", "Card not found.", 404);
+      if (!column) throw new KabanosError("COLUMN_NOT_FOUND", "Column not found.", 404);
+      const status = column.completion ? "resolved" : "open", now = (/* @__PURE__ */ new Date()).toISOString();
+      const target = await trx.selectFrom("cards").selectAll().where("column_id", "=", columnId).where("status", "!=", "archived").orderBy("position").execute();
+      const ordered = target.filter((item) => item.id !== id);
+      ordered.splice(Math.min(position, ordered.length), 0, { ...card, column_id: columnId });
+      for (const [index, item] of ordered.entries()) await trx.updateTable("cards").set({ column_id: columnId, position: index, ...item.id === id ? { status, updated_at: now } : {} }).where("id", "=", item.id).execute();
+      if (card.column_id !== columnId) {
+        const source = await trx.selectFrom("cards").selectAll().where("column_id", "=", card.column_id).where("id", "!=", id).where("status", "!=", "archived").orderBy("position").execute();
+        for (const [index, item] of source.entries()) await trx.updateTable("cards").set({ position: index }).where("id", "=", item.id).execute();
+      }
+      await trx.deleteFrom("resolved_fingerprints").where("card_id", "=", id).execute();
+      if (status === "resolved") await trx.insertInto("resolved_fingerprints").values({ id: randomUUID(), board_id: "default", card_id: id, file_path: card.source_file_path, content_hash: card.source_content_hash, context_hash: card.source_context_hash, occurrence: card.source_occurrence, resolved_at: now, resolved_by: actor?.id ?? null }).execute();
+      await log(trx, id, status === "resolved" ? "resolved" : "moved", card.status, status, actor);
+    });
+  }
+  async updateCard(id, patch, actor) {
+    const values = { updated_at: (/* @__PURE__ */ new Date()).toISOString() };
+    if (patch.notes !== void 0) values.notes = patch.notes;
+    if (patch.assignee !== void 0) values.assignee = patch.assignee;
+    if (patch.labels !== void 0) values.labels = JSON.stringify(patch.labels);
+    const result = await this.db.updateTable("cards").set(values).where("id", "=", id).executeTakeFirst();
+    if (Number(result.numUpdatedRows) === 0) throw new KabanosError("CARD_NOT_FOUND", "Card not found.", 404);
+    await log(this.db, id, "updated", null, null, actor);
+  }
+  async getActivity(cardId) {
+    return this.db.selectFrom("activity_log").selectAll().where("card_id", "=", cardId).orderBy("created_at", "desc").execute();
+  }
+  async updateSettings(patch) {
+    const current = await this.db.selectFrom("settings").select("value").where("board_id", "=", "default").executeTakeFirst();
+    await this.db.updateTable("settings").set({ value: JSON.stringify({ ...JSON.parse(current?.value ?? "{}"), ...patch }) }).where("board_id", "=", "default").execute();
+  }
+  async replaceColumns(columns, destinationColumnId) {
+    if (columns.length === 0 || columns.filter((column) => column.completion).length !== 1) throw new KabanosError("INVALID_COLUMNS", "Exactly one completion column is required.");
+    if (new Set(columns.map((column) => column.id)).size !== columns.length) throw new KabanosError("INVALID_COLUMNS", "Column IDs must be unique.");
+    await this.db.transaction().execute(async (trx) => {
+      const existing = await trx.selectFrom("columns").selectAll().where("board_id", "=", "default").execute();
+      const removed = existing.filter((column) => !columns.some((next) => next.id === column.id));
+      if (removed.length) {
+        const count = await trx.selectFrom("cards").select(sql`count(*)`.as("count")).where("column_id", "in", removed.map((column) => column.id)).where("status", "!=", "archived").executeTakeFirst();
+        if (Number(count?.count ?? 0) > 0) {
+          if (!destinationColumnId || !columns.some((column) => column.id === destinationColumnId)) throw new KabanosError("COLUMN_DESTINATION_REQUIRED", "A valid destination column is required when deleting a populated column.", 409);
+          await trx.updateTable("cards").set({ column_id: destinationColumnId, updated_at: (/* @__PURE__ */ new Date()).toISOString() }).where("column_id", "in", removed.map((column) => column.id)).execute();
+        }
+      }
+      await trx.deleteFrom("columns").where("board_id", "=", "default").execute();
+      await trx.insertInto("columns").values(columns.map((column, position) => ({ id: column.id, board_id: "default", name: column.name, position, completion: column.completion ? 1 : 0, color_token: column.colorToken ?? null }))).execute();
+    });
+  }
+  async close() {
+    await this.db.destroy();
+  }
+};
+async function createStorage(config) {
+  let dialect;
+  if (config.storage.adapter === "sqlite") {
+    await mkdir(path3.dirname(config.storage.filename), { recursive: true });
+    dialect = new SqliteDialect({ database: new Database(config.storage.filename) });
+  } else if (config.storage.adapter === "postgres") {
+    const { Pool } = await import("pg");
+    dialect = new PostgresDialect({ pool: new Pool({ connectionString: config.storage.connectionString }) });
+  } else {
+    const mysql = await import("mysql2");
+    dialect = new MysqlDialect({ pool: mysql.createPool(config.storage.connectionString) });
+  }
+  return new SqlStorage(new Kysely({ dialect }), config);
+}
+function toCard(row) {
+  return { id: row.id, columnId: row.column_id, position: row.position, tag: row.tag, title: row.title, body: row.body, notes: row.notes, ...row.assignee ? { assignee: row.assignee } : {}, labels: JSON.parse(row.labels), priority: row.priority, sourceFilePath: row.source_file_path, sourceLine: row.source_line, sourceContentHash: row.source_content_hash, sourceContextHash: row.source_context_hash, sourceOccurrence: row.source_occurrence, status: row.status, createdAt: row.created_at, updatedAt: row.updated_at };
+}
+async function log(db, cardId, action, from, to, actor) {
+  await db.insertInto("activity_log").values({ id: randomUUID(), card_id: cardId, action, from_status: from, to_status: to, actor: actor?.id ?? null, created_at: (/* @__PURE__ */ new Date()).toISOString() }).execute();
+}
+
+// src/core.ts
+async function createKabanos(input) {
+  const config = resolveConfig(input);
+  const storage = await createStorage(config);
+  await storage.initialize(config);
+  let watcher;
+  let timer;
+  let scanning;
+  const scanner = new ProjectScanner();
+  const scan = () => scanning ??= storage.getBoard().then((board) => {
+    const overrides = board.settings.scan ?? {};
+    return scanner.scan({ ...config, scan: { ...config.scan, ...overrides } });
+  }).then((comments) => storage.reconcile(comments)).finally(() => {
+    scanning = void 0;
+  });
+  await scan();
+  if (config.scan.watch) {
+    watcher = chokidar.watch(config.scan.include, { cwd: config.projectRoot, ignored: config.scan.exclude, ignoreInitial: true }).on("all", () => {
+      void scan();
+    });
+  }
+  if (config.scan.intervalMs > 0) timer = setInterval(() => {
+    void scan();
+  }, config.scan.intervalMs).unref();
+  return {
+    config,
+    storage,
+    scan,
+    handler: (request, nativeRequest = request) => handleRequest(request, nativeRequest, config, storage, scan),
+    async close() {
+      if (timer) clearInterval(timer);
+      await watcher?.close();
+      await storage.close();
+    }
+  };
+}
+async function handleRequest(request, nativeRequest, config, storage, scan) {
+  if (config.auth.enabled && !await config.auth.guard?.(nativeRequest)) return json({ error: { code: "UNAUTHORIZED", message: "Access denied." } }, 401);
+  const url = new URL(request.url);
+  const mount = config.mountPath.replace(/\/$/, "");
+  if (url.pathname === mount) return Response.redirect(`${url.origin}${mount}/`, 308);
+  if (!url.pathname.startsWith(`${mount}/`)) return json({ error: { code: "NOT_FOUND", message: "Route not found." } }, 404);
+  const route = url.pathname.slice(mount.length);
+  try {
+    if (route === "/api/v1/board" && request.method === "GET") return json(await storage.getBoard());
+    if (route === "/api/v1/scan" && request.method === "POST") {
+      assertMutation(request);
+      return json(await scan());
+    }
+    const move = route.match(/^\/api\/v1\/cards\/([^/]+)\/move$/);
+    if (move && request.method === "PATCH") {
+      assertMutation(request);
+      const body = moveSchema.parse(await request.json());
+      await storage.moveCard(move[1], body.columnId, body.position, await config.auth.actor?.(nativeRequest));
+      return json({ ok: true });
+    }
+    const card = route.match(/^\/api\/v1\/cards\/([^/]+)$/);
+    if (card && request.method === "PATCH") {
+      assertMutation(request);
+      const body = cardSchema.parse(await request.json());
+      await storage.updateCard(card[1], body, await config.auth.actor?.(nativeRequest));
+      return json({ ok: true });
+    }
+    const activity = route.match(/^\/api\/v1\/cards\/([^/]+)\/activity$/);
+    if (activity && request.method === "GET") return json(await storage.getActivity(activity[1]));
+    const context = route.match(/^\/api\/v1\/cards\/([^/]+)\/context$/);
+    if (context && request.method === "GET") {
+      const board = await storage.getBoard();
+      const selected = board.cards.find((c) => c.id === context[1]);
+      if (!selected) return json({ error: { code: "NOT_FOUND", message: "Card not found." } }, 404);
+      const absolute = path4.resolve(config.projectRoot, selected.sourceFilePath);
+      if (!isWithin(config.projectRoot, absolute)) throw new Error("Unsafe source path.");
+      const lines = (await readFile2(absolute, "utf8")).split("\n");
+      return json({ filePath: selected.sourceFilePath, line: selected.sourceLine, lines: lines.slice(Math.max(0, selected.sourceLine - 4), selected.sourceLine + 3), startLine: Math.max(1, selected.sourceLine - 3) });
+    }
+    if (route === "/api/v1/settings" && request.method === "PATCH") {
+      assertMutation(request);
+      const body = settingsSchema.parse(await request.json());
+      await storage.updateSettings(body);
+      return json({ ok: true });
+    }
+    if (route === "/api/v1/settings/columns" && request.method === "PUT") {
+      assertMutation(request);
+      const body = columnsSchema.parse(await request.json());
+      await storage.replaceColumns(body.columns, body.destinationColumnId);
+      return json({ ok: true });
+    }
+    if (request.method === "GET") return serveUi(route);
+    return json({ error: { code: "NOT_FOUND", message: "Route not found." } }, 404);
+  } catch (error) {
+    if (error instanceof z2.ZodError) return json({ error: { code: "INVALID_REQUEST", message: "Request validation failed.", issues: error.issues } }, 400);
+    if (error instanceof KabanosError) return json({ error: { code: error.code, message: error.message } }, error.status);
+    console.error("[kabanos]", error);
+    return json({ error: { code: "INTERNAL_ERROR", message: "Kabanos could not complete the request." } }, 500);
+  }
+}
+var moveSchema = z2.object({ columnId: z2.string().min(1), position: z2.number().int().nonnegative() });
+var cardSchema = z2.object({ notes: z2.string().max(2e4).optional(), assignee: z2.string().max(255).nullable().optional(), labels: z2.array(z2.string().max(64)).max(20).optional() });
+var settingsSchema = z2.object({ theme: z2.enum(["light", "dark", "system"]).optional(), tokenOverrides: z2.record(z2.string(), z2.string()).optional(), scan: z2.object({ include: z2.array(z2.string()).optional(), exclude: z2.array(z2.string()).optional() }).optional() }).strict();
+var columnsSchema = z2.object({ columns: z2.array(z2.object({ id: z2.string().regex(/^[a-z0-9-]+$/), name: z2.string().min(1).max(80), completion: z2.boolean().optional(), colorToken: z2.string().max(64).optional() })).min(1), destinationColumnId: z2.string().optional() }).refine((value) => value.columns.filter((column) => column.completion).length === 1, { message: "Exactly one completion column is required." });
+function assertMutation(request) {
+  const content = request.headers.get("content-type") ?? "";
+  if (!content.toLowerCase().startsWith("application/json")) throw new z2.ZodError([{ code: "custom", path: ["content-type"], message: "Mutations require application/json." }]);
+  const origin = request.headers.get("origin");
+  if (origin && origin !== new URL(request.url).origin) throw new z2.ZodError([{ code: "custom", path: ["origin"], message: "Cross-origin mutation rejected." }]);
+}
+function json(value, status = 200) {
+  return Response.json(value, { status, headers: { "cache-control": "no-store", "x-content-type-options": "nosniff" } });
+}
+async function serveUi(route) {
+  const moduleRoot = path4.dirname(fileURLToPath(import.meta.url));
+  const uiRoot = moduleRoot.endsWith(`${path4.sep}src`) ? path4.resolve(moduleRoot, "../dist/ui") : path4.resolve(moduleRoot, "ui");
+  const requested = route === "/" ? "index.html" : route.replace(/^\//, "");
+  let target = path4.resolve(uiRoot, requested);
+  if (!isWithin(uiRoot, target)) return new Response("Not found", { status: 404 });
+  try {
+    const body = await readFile2(target);
+    return new Response(body, { headers: { "content-type": contentType(target), "cache-control": target.endsWith("index.html") ? "no-cache" : "public, max-age=31536000, immutable", "x-content-type-options": "nosniff" } });
+  } catch {
+    target = path4.join(uiRoot, "index.html");
+    try {
+      return new Response(await readFile2(target), { headers: { "content-type": "text/html; charset=utf-8", "cache-control": "no-cache" } });
+    } catch {
+      return new Response("Kabanos UI has not been built.", { status: 503 });
+    }
+  }
+}
+function contentType(file) {
+  if (file.endsWith(".html")) return "text/html; charset=utf-8";
+  if (file.endsWith(".js")) return "text/javascript; charset=utf-8";
+  if (file.endsWith(".css")) return "text/css; charset=utf-8";
+  if (file.endsWith(".svg")) return "image/svg+xml";
+  return "application/octet-stream";
+}
+export {
+  KabanosError,
+  ProjectScanner,
+  SqlStorage,
+  createKabanos,
+  createStorage,
+  defineConfig,
+  extractComments,
+  parseComments,
+  resolveConfig,
+  scanProject
+};
+//# sourceMappingURL=index.js.map