loopat 0.1.0

package/server/src/presets.ts

@@ -0,0 +1,30 @@
+export const DEFAULT_PROVIDER_PRESETS: Array<{ name: string; baseUrl: string; models: string[] }> = [
+  { name: "Anthropic", baseUrl: "https://api.anthropic.com",
+    models: ["claude-sonnet-4-20250514", "claude-opus-4-7-20251101"] },
+  { name: "DeepSeek",  baseUrl: "https://api.deepseek.com/anthropic",
+    models: ["deepseek-v4-pro[1m]", "deepseek-v4-flash[1m]"] },
+  { name: "Kimi",      baseUrl: "https://api.moonshot.cn/anthropic",
+    models: ["kimi-k2.6"] },
+  { name: "MiniMax",   baseUrl: "https://api.minimaxi.com/anthropic",
+    models: ["MiniMax-M2.7"] },
+  { name: "OpenRouter", baseUrl: "https://openrouter.ai/api/v1",
+    models: ["anthropic/claude-sonnet-4", "openai/gpt-4o", "google/gemini-2.5-flash"] },
+]
+
+export const DEFAULT_MISE_TOOL_PRESETS: Array<{ name: string; suggestedVersion: string; description?: string; backend?: string }> = [
+  { name: "node",       suggestedVersion: "22",      description: "Node.js runtime" },
+  { name: "python",     suggestedVersion: "3.12",    description: "Python runtime" },
+  { name: "go",         suggestedVersion: "1.22",    description: "Go programming language" },
+  { name: "rust",       suggestedVersion: "stable",  description: "Rust programming language" },
+  { name: "bun",        suggestedVersion: "latest",  description: "Bun all-in-one runtime" },
+  { name: "java",       suggestedVersion: "21",      description: "Java Development Kit" },
+  { name: "terraform",  suggestedVersion: "1.9",     description: "Infrastructure as code", backend: "aqua:hashicorp/terraform" },
+  { name: "lua",        suggestedVersion: "5.1",     description: "Lua scripting language" },
+  { name: "zig",        suggestedVersion: "0.13",    description: "Zig general-purpose language" },
+  { name: "ripgrep",    suggestedVersion: "14.1",    description: "Line-oriented search tool", backend: "aqua:BurntSushi/ripgrep" },
+  { name: "fd",         suggestedVersion: "10.2",    description: "Fast file finder", backend: "aqua:sharkdp/fd" },
+  { name: "jq",         suggestedVersion: "1.7",     description: "Command-line JSON processor", backend: "aqua:jqlang/jq" },
+]
+
+/** @deprecated — use DEFAULT_PROVIDER_PRESETS */
+export const PROVIDER_PRESETS = DEFAULT_PROVIDER_PRESETS

package/server/src/profiles.ts

@@ -0,0 +1,177 @@
+/**
+ * Profile resolver — CC-native model (post-2026-05 refactor).
+ *
+ * A "profile" in loopat is a directory under `.loopat/profiles/<name>/`
+ * that contains a `.claude/` subdir (the same shape CC's project-tier uses:
+ * settings.json + CLAUDE.md + skills/ + agents/). No loopat-invented schema.
+ *
+ * On loop spawn, loopat:
+ *   1. Determines active profiles (user defaults + CLI flags)
+ *   2. Merges team's `.loopat/.claude/` + each active profile's `.claude/`
+ *      + personal layer into loop's `.claude/` (handled by compose.ts)
+ *   3. Reads merged settings.json's `enabledPlugins` + `extraKnownMarketplaces`
+ *      to drive plugin installation (handled by plugin-installer.ts)
+ *
+ * See docs/composition.md.
+ */
+
+import { existsSync } from "node:fs"
+import { readFile, readdir } from "node:fs/promises"
+import { join } from "node:path"
+import {
+  personalClaudeDir,
+  personalLoopatConfigPath,
+  personalVaultDir,
+  workspaceProfileClaudeDir,
+  workspaceProfilesDir,
+  workspaceTeamClaudeDir,
+} from "./paths"
+
+/** personal/<u>/.loopat/config.json fields relevant to profile resolution. */
+export type PersonalProfileConfig = {
+  default_profiles?: string[]
+  default_vault?: string
+  prefs?: Record<string, unknown>
+}
+
+/** Output of resolveLoopPlan — describes the materialization sources. */
+export type LoopPlan = {
+  user: string
+  /** `.claude/` dirs to merge into the loop's .claude/, in load order
+   *  (later sources win on conflicts; team first, profiles in declared order,
+   *  personal last). */
+  claudeSources: Array<{ source: string; dir: string }>
+  /** Active profile names (excludes team & personal). */
+  profiles: string[]
+  /** Vault selection (from personal config or override). */
+  vault?: string
+  /** Resolved vault dir on host (if exists). */
+  vaultDir?: string
+}
+
+export type ResolveInput = {
+  user: string
+  /** Profiles added via CLI (+name). */
+  cliAdded?: string[]
+  /** Profiles removed via CLI (-name). */
+  cliRemoved?: string[]
+  /** Hard override — replaces default_profiles. */
+  overrideProfiles?: string[]
+  /** Override vault selection. */
+  vaultOverride?: string
+  /** @deprecated Workdir is the SDK's project tier, read directly via
+   *  settingSources='project'. It is NOT merged into the user tier any more
+   *  (otherwise edits to workdir/.claude/ would change a frozen loop's
+   *  user-tier snapshot, violating principle 1). The field is kept for the
+   *  loopat CLI which still bundles workdir into a one-shot compose; remove
+   *  once that path is gone. */
+  workdir?: string
+}
+
+async function readPersonalConfig(user: string): Promise<PersonalProfileConfig> {
+  const path = personalLoopatConfigPath(user)
+  if (!existsSync(path)) return {}
+  try {
+    return JSON.parse(await readFile(path, "utf8")) as PersonalProfileConfig
+  } catch {
+    return {}
+  }
+}
+
+/**
+ * Compute active profile set: (default_profiles ∪ cliAdded) − cliRemoved,
+ * with overrideProfiles replacing default_profiles when set. Order preserved:
+ * defaults first, then cliAdded. Team-tier is always implicit (handled by
+ * compose); no need to include it here.
+ */
+function computeActiveProfiles(
+  cfg: PersonalProfileConfig,
+  cliAdded: string[],
+  cliRemoved: string[],
+  overrideProfiles?: string[],
+): string[] {
+  const base = overrideProfiles ?? cfg.default_profiles ?? []
+  const removed = new Set(cliRemoved)
+  const all = [...base, ...cliAdded]
+  const out: string[] = []
+  const seen = new Set<string>()
+  for (const p of all) {
+    if (removed.has(p) || seen.has(p)) continue
+    seen.add(p)
+    out.push(p)
+  }
+  return out
+}
+
+/**
+ * Main entry: produce a LoopPlan from inputs. Pure / no side effects.
+ * Validates that named profiles actually have `.claude/` subdirs (otherwise
+ * they'd be silently invisible).
+ */
+export async function resolveLoopPlan(input: ResolveInput): Promise<LoopPlan> {
+  const { user, cliAdded = [], cliRemoved = [], overrideProfiles, vaultOverride, workdir } = input
+
+  const cfg = await readPersonalConfig(user)
+  const activeNames = computeActiveProfiles(cfg, cliAdded, cliRemoved, overrideProfiles)
+
+  // Validate
+  const profilesRoot = workspaceProfilesDir()
+  if (activeNames.length > 0 && !existsSync(profilesRoot)) {
+    throw new Error(`workspace profiles dir not found: ${profilesRoot}`)
+  }
+  for (const name of activeNames) {
+    const cdir = workspaceProfileClaudeDir(name)
+    if (!existsSync(cdir)) {
+      throw new Error(`profile "${name}" has no .claude/ dir at ${cdir}`)
+    }
+  }
+
+  // Build claudeSources in merge order
+  const claudeSources: LoopPlan["claudeSources"] = []
+  const teamDir = workspaceTeamClaudeDir()
+  if (existsSync(teamDir)) {
+    claudeSources.push({ source: "team", dir: teamDir })
+  }
+  for (const name of activeNames) {
+    claudeSources.push({ source: `profile:${name}`, dir: workspaceProfileClaudeDir(name) })
+  }
+  // Personal `.claude/` — 4th layer. Same CC-native shape as workspace + profile.
+  const personalCdir = personalClaudeDir(user)
+  if (existsSync(personalCdir)) {
+    claudeSources.push({ source: `personal:${user}`, dir: personalCdir })
+  }
+
+  // Repo `.claude/` — 5th (highest) layer. CC project-tier from workdir.
+  // Optional; only if workdir is set AND has a .claude/ subdir.
+  if (workdir) {
+    const repoCdir = join(workdir, ".claude")
+    if (existsSync(repoCdir)) {
+      claudeSources.push({ source: `repo:${workdir}`, dir: repoCdir })
+    }
+  }
+
+  const vault = vaultOverride ?? cfg.default_vault
+  const vaultDir = vault ? personalVaultDir(user, vault) : undefined
+
+  return {
+    user,
+    claudeSources,
+    profiles: activeNames,
+    vault,
+    vaultDir: vaultDir && existsSync(vaultDir) ? vaultDir : undefined,
+  }
+}
+
+/** List available profile names = direct subdirs of profiles/ that contain `.claude/`. */
+export async function listProfiles(): Promise<string[]> {
+  const root = workspaceProfilesDir()
+  if (!existsSync(root)) return []
+  const entries = await readdir(root, { withFileTypes: true })
+  const out: string[] = []
+  for (const e of entries) {
+    if (!e.isDirectory() || e.name.startsWith(".")) continue
+    if (!existsSync(workspaceProfileClaudeDir(e.name))) continue
+    out.push(e.name)
+  }
+  return out.sort()
+}

package/server/src/providers.ts

@@ -0,0 +1,45 @@
+/**
+ * Git-host provider registry bootstrap.
+ *
+ * - Built-in (open-source) providers self-register via the static imports below.
+ * - External / internal providers live OUTSIDE the repo, in
+ *   `LOOPAT_HOME/extensions/providers/*.{ts,js,mjs}`. `loadExtensionProviders()`
+ *   dynamically imports each file and registers its default export. An extension
+ *   is a plain object shaped like GitHostProvider — it does NOT import loopat, so
+ *   an internal platform's adapter never has to enter the open-source core.
+ */
+import { join } from "node:path"
+import { existsSync } from "node:fs"
+import { readdir } from "node:fs/promises"
+import { pathToFileURL } from "node:url"
+import { registerProvider, type GitHostProvider } from "./git-host"
+import { extensionsProvidersDir } from "./paths"
+
+import "./github" // built-in, open-source
+
+let extLoaded = false
+
+/** Idempotently load external provider extensions from the extensions dir. */
+export async function loadExtensionProviders(): Promise<void> {
+  if (extLoaded) return
+  extLoaded = true
+  const dir = extensionsProvidersDir()
+  if (!existsSync(dir)) return
+  let files: string[] = []
+  try { files = await readdir(dir) } catch { return }
+  for (const f of files) {
+    if (!/\.(ts|js|mjs)$/.test(f)) continue
+    try {
+      const mod: any = await import(pathToFileURL(join(dir, f)).href)
+      const p = mod.default ?? mod.provider
+      if (p?.id && typeof p.authenticate === "function" && typeof p.ensureRepo === "function") {
+        registerProvider(p as GitHostProvider)
+        console.log(`[loopat] loaded git-host extension: ${p.id}`)
+      } else {
+        console.warn(`[loopat] ${f}: not a valid GitHostProvider (need id / authenticate / ensureRepo)`)
+      }
+    } catch (e: any) {
+      console.warn(`[loopat] failed to load provider extension ${f}: ${e?.message ?? e}`)
+    }
+  }
+}

package/server/src/serve.ts

@@ -0,0 +1,275 @@
+/**
+ * Standalone workspace serve service.
+ * Listens on port 7788, serves loop workdirs via subdomain routing.
+ * Supports static file serving and HTTP port forwarding.
+ */
+import { createServer, request as httpRequest } from "node:http"
+import { existsSync, statSync, createReadStream, readdirSync, readFileSync as readFileSyncFs } from "node:fs"
+import { join, normalize } from "node:path"
+import { loopsDir, loopWorkdir, loopMetaPath } from "./paths"
+
+const SERVE_PORT = Number(process.env.LOOPAT_SERVE_PORT ?? 7788)
+const SERVE_HOST = process.env.LOOPAT_SERVE_HOST ?? "127.0.0.1"
+
+// Blocked paths — never served
+const BLOCKED = new Set([
+  ".git", ".ssh", ".env", "node_modules", ".DS_Store",
+  ".bun", ".claude", ".vscode", ".idea",
+])
+
+function isBlocked(filePath: string): boolean {
+  const parts = filePath.split("/").filter(Boolean)
+  return parts.some((p) => BLOCKED.has(p) || p.startsWith(".env"))
+}
+
+const MIME_TYPES: Record<string, string> = {
+  ".html": "text/html",
+  ".css": "text/css",
+  ".js": "application/javascript",
+  ".json": "application/json",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".svg": "image/svg+xml",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".ttf": "font/ttf",
+  ".eot": "application/vnd.ms-fontobject",
+  ".otf": "font/otf",
+  ".txt": "text/plain",
+  ".md": "text/markdown",
+  ".xml": "application/xml",
+  ".pdf": "application/pdf",
+  ".zip": "application/zip",
+  ".tar": "application/x-tar",
+  ".gz": "application/gzip",
+  ".wasm": "application/wasm",
+  ".webp": "image/webp",
+  ".mp4": "video/mp4",
+  ".webm": "video/webm",
+  ".mp3": "audio/mpeg",
+  ".ogg": "audio/ogg",
+  ".wav": "audio/wav",
+  ".csv": "text/csv",
+  ".yaml": "text/yaml",
+  ".yml": "text/yaml",
+  ".toml": "text/toml",
+}
+
+function getMime(path: string): string {
+  return MIME_TYPES[normalize(path).split(".").pop() ? `.${normalize(path).split(".").pop()}`.toLowerCase() : ""] || "application/octet-stream"
+}
+
+type LoopMeta = {
+  id: string
+  title: string
+  shareEnabled?: boolean
+  shareMode?: "static" | "port"
+  shareAlias?: string
+  sharePort?: number
+}
+
+// Cache: alias -> loop_id
+const aliasCache = new Map<string, string>()
+
+function loadMeta(loopId: string): LoopMeta | null {
+  const p = loopMetaPath(loopId)
+  if (!existsSync(p)) return null
+  try {
+    return JSON.parse(readFileSyncFs(p, "utf8"))
+  } catch {
+    return null
+  }
+}
+
+function resolveLoop(host: string): { loopId: string; meta: LoopMeta } | null {
+  const parts = host.split(".")
+  if (parts.length < 2) return null
+  const subdomain = parts[0].toLowerCase()
+
+  // Check alias cache first
+  if (aliasCache.has(subdomain)) {
+    const loopId = aliasCache.get(subdomain)!
+    const meta = loadMeta(loopId)
+    if (meta?.shareEnabled) return { loopId, meta }
+    aliasCache.delete(subdomain)
+  }
+
+  // Scan all loops
+  let dirs: string[]
+  try {
+    dirs = readdirSync(loopsDir())
+  } catch {
+    return null
+  }
+
+  for (const dir of dirs) {
+    const meta = loadMeta(dir)
+    if (!meta) continue
+    if (!meta.shareEnabled) continue
+    const shortId = dir.slice(0, 8)
+    if (shortId === subdomain || meta.shareAlias === subdomain) {
+      if (meta.shareAlias) aliasCache.set(meta.shareAlias, dir)
+      return { loopId: dir, meta }
+    }
+  }
+  return null
+}
+
+function rebuildAliasCache() {
+  aliasCache.clear()
+  let dirs: string[]
+  try {
+    dirs = readdirSync(loopsDir())
+  } catch {
+    return
+  }
+  for (const dir of dirs) {
+    const meta = loadMeta(dir)
+    if (meta?.shareEnabled && meta.shareAlias) {
+      aliasCache.set(meta.shareAlias, dir)
+    }
+  }
+}
+
+rebuildAliasCache()
+setInterval(rebuildAliasCache, 30_000)
+
+function serveStaticFile(workdir: string, urlPath: string, res: any): boolean {
+  let rel = decodeURIComponent(urlPath)
+  if (rel.startsWith("/")) rel = rel.slice(1)
+  if (!rel) rel = "index.html"
+
+  const full = normalize(join(workdir, rel))
+  if (!full.startsWith(normalize(workdir))) {
+    res.writeHead(403)
+    res.end("Forbidden")
+    return true
+  }
+
+  if (isBlocked(rel)) {
+    res.writeHead(403)
+    res.end("Forbidden")
+    return true
+  }
+
+  if (!existsSync(full)) {
+    if (existsSync(join(full, "index.html"))) {
+      return serveStaticFile(workdir, rel + "/index.html", res)
+    }
+    res.writeHead(404)
+    res.end("Not found")
+    return true
+  }
+
+  const s = statSync(full)
+  if (s.isDirectory()) {
+    if (existsSync(join(full, "index.html"))) {
+      return serveStaticFile(workdir, rel + "/index.html", res)
+    }
+    res.writeHead(403)
+    res.end("Directory listing not allowed")
+    return true
+  }
+
+  if (!s.isFile()) {
+    res.writeHead(403)
+    res.end("Forbidden")
+    return true
+  }
+
+  res.writeHead(200, {
+    "Content-Type": getMime(full),
+    "Content-Length": s.size,
+    "Cache-Control": "no-cache",
+  })
+  createReadStream(full).pipe(res)
+  return true
+}
+
+function proxyToPort(port: number, req: any, res: any): void {
+  const headers: Record<string, string> = { ...req.headers }
+  delete headers["host"]
+  headers["host"] = `localhost:${port}`
+  if (req.socket.remoteAddress) headers["x-forwarded-for"] = req.socket.remoteAddress
+  if (req.headers["host"]) headers["x-forwarded-host"] = req.headers["host"]
+
+  const proxyReq = httpRequest({
+    hostname: "127.0.0.1",
+    port,
+    method: req.method,
+    path: req.url,
+    headers,
+    timeout: 30_000,
+  }, (proxyRes: any) => {
+    res.writeHead(proxyRes.statusCode, proxyRes.headers)
+    proxyRes.pipe(res)
+  })
+
+  proxyReq.on("error", () => {
+    res.writeHead(502)
+    res.end("Port forwarding error - is the service running?")
+  })
+
+  proxyReq.on("timeout", () => {
+    proxyReq.destroy()
+    res.writeHead(504)
+    res.end("Gateway timeout")
+  })
+
+  req.pipe(proxyReq)
+}
+
+const server = createServer((req, res) => {
+  const host = (req.headers["host"] ?? "").split(":")[0].toLowerCase()
+  const resolved = resolveLoop(host)
+
+  if (!resolved) {
+    res.writeHead(404, { "Content-Type": "text/plain" })
+    res.end("No workspace found for this domain")
+    return
+  }
+
+  const { meta, loopId } = resolved
+
+  if (!meta.shareEnabled) {
+    res.writeHead(403)
+    res.end("Workspace sharing is disabled")
+    return
+  }
+
+  const workdir = loopWorkdir(loopId)
+  if (!existsSync(workdir)) {
+    res.writeHead(404)
+    res.end("Workdir not found")
+    return
+  }
+
+  if (meta.shareMode === "port" && meta.sharePort) {
+    if (meta.sharePort < 1024 || meta.sharePort > 65535) {
+      res.writeHead(400)
+      res.end("Invalid port — must be 1024-65535")
+      return
+    }
+    proxyToPort(meta.sharePort, req, res)
+  } else {
+    serveStaticFile(workdir, req.url ?? "/", res)
+  }
+})
+
+server.on("error", (e: any) => {
+  if (e.code === "EADDRINUSE") {
+    console.error(`[loopat] workspace serve port ${SERVE_PORT} already in use`)
+  } else {
+    console.error(`[loopat] workspace serve error:`, e)
+  }
+})
+
+console.log(`[loopat] workspace serve starting on http://${SERVE_HOST}:${SERVE_PORT}`)
+server.listen(SERVE_PORT, SERVE_HOST, () => {
+  console.log(`[loopat] workspace serve listening on http://${SERVE_HOST}:${SERVE_PORT}`)
+})
+
+export { server }