nterminal 1.2.0

package/dist/server/routes/notificationAssetRoutes.js

@@ -0,0 +1,280 @@
+import { randomUUID } from 'node:crypto';
+import { createReadStream } from 'node:fs';
+import { mkdir, open, rename, rm, stat } from 'node:fs/promises';
+import path from 'node:path';
+import { builtInNotificationAssets } from '../../shared/notificationAssets.js';
+import { requireAllowedOrigin } from './authRoutes.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+const notificationAssetMaxBytes = 5 * 1024 * 1024;
+const allowedContentTypes = new Map([
+    ['video/mp4', '.mp4'],
+    ['video/webm', '.webm']
+]);
+class NotificationAssetError extends Error {
+    statusCode;
+    code;
+    constructor(statusCode, code) {
+        super(code);
+        this.statusCode = statusCode;
+        this.code = code;
+    }
+}
+export async function registerNotificationAssetRoutes(app, config, services) {
+    app.get('/api/notification-assets', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const state = await services.fileStore.read();
+        return notificationAssetListResponse(state.notificationAssets, state.notificationAssetDisabledIds);
+    });
+    app.post('/api/notification-assets', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        if (!request.isMultipart()) {
+            return reply.code(400).send({ error: 'multipart_required' });
+        }
+        const part = await request.file({
+            limits: {
+                files: 1,
+                fileSize: notificationAssetMaxBytes + 1,
+                parts: 1
+            }
+        });
+        if (!part) {
+            return reply.code(400).send({ error: 'notification_asset_required' });
+        }
+        const contentType = part.mimetype;
+        if (!isAllowedContentType(contentType)) {
+            await drain(part.file);
+            return reply.code(415).send({ error: 'unsupported_notification_asset_type' });
+        }
+        const root = notificationAssetRoot(config);
+        const id = randomUUID();
+        const storedFilename = `${id}${allowedContentTypes.get(contentType)}`;
+        const tempPath = path.join(root, `${storedFilename}.${process.pid}.tmp`);
+        const finalPath = path.join(root, storedFilename);
+        let size = 0;
+        try {
+            size = await writeLimitedFile(part.file, tempPath, notificationAssetMaxBytes);
+            if (size === 0) {
+                await rm(tempPath, { force: true });
+                return reply.code(400).send({ error: 'empty_notification_asset' });
+            }
+            await rename(tempPath, finalPath);
+        }
+        catch (error) {
+            await rm(tempPath, { force: true });
+            if (error instanceof NotificationAssetError) {
+                return reply.code(error.statusCode).send({ error: error.code });
+            }
+            throw error;
+        }
+        const asset = {
+            id,
+            filename: sanitizeFilename(part.filename, contentType),
+            storedFilename,
+            contentType,
+            size,
+            createdAt: new Date().toISOString()
+        };
+        await services.fileStore.update((state) => ({ ...state, notificationAssets: [...state.notificationAssets, asset] }), { flush: 'immediate' });
+        return reply.code(201).send({ asset: toSummary(asset, isNotificationAssetEnabled(asset.id, new Set())) });
+    });
+    app.put('/api/notification-assets/selection', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const enabledAssetIds = Array.isArray(request.body?.enabledAssetIds) ? request.body.enabledAssetIds : null;
+        if (!enabledAssetIds) {
+            return reply.code(400).send({ error: 'invalid_notification_asset_selection' });
+        }
+        const uniqueEnabledAssetIds = Array.from(new Set(enabledAssetIds.filter((assetId) => typeof assetId === 'string')));
+        if (uniqueEnabledAssetIds.length === 0) {
+            return reply.code(400).send({ error: 'notification_asset_selection_required' });
+        }
+        let nextState;
+        try {
+            nextState = await services.fileStore.update((state) => {
+                const knownAssetIds = notificationAssetIds(state.notificationAssets);
+                const unknownAssetId = uniqueEnabledAssetIds.find((assetId) => !knownAssetIds.has(assetId));
+                if (unknownAssetId) {
+                    throw new NotificationAssetError(400, 'unknown_notification_asset');
+                }
+                const enabledSet = new Set(uniqueEnabledAssetIds);
+                return {
+                    ...state,
+                    notificationAssetDisabledIds: Array.from(knownAssetIds).filter((assetId) => !enabledSet.has(assetId))
+                };
+            }, { flush: 'immediate' });
+        }
+        catch (error) {
+            if (error instanceof NotificationAssetError) {
+                return reply.code(error.statusCode).send({ error: error.code });
+            }
+            throw error;
+        }
+        return notificationAssetListResponse(nextState.notificationAssets, nextState.notificationAssetDisabledIds);
+    });
+    app.delete('/api/notification-assets/:id', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const currentState = await services.fileStore.read();
+        const removed = currentState.notificationAssets.find((asset) => asset.id === request.params.id);
+        if (!removed) {
+            return reply.code(404).send({ error: 'notification_asset_not_found' });
+        }
+        await services.fileStore.update((state) => ({
+            ...state,
+            notificationAssets: state.notificationAssets.filter((asset) => asset.id !== request.params.id),
+            notificationAssetDisabledIds: state.notificationAssetDisabledIds.filter((assetId) => assetId !== request.params.id)
+        }), { flush: 'immediate' });
+        await rm(path.join(notificationAssetRoot(config), removed.storedFilename), { force: true });
+        return reply.code(204).send();
+    });
+    app.get('/api/notification-assets/:id/content', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const state = await services.fileStore.read();
+        const asset = state.notificationAssets.find((candidate) => candidate.id === request.params.id);
+        if (!asset) {
+            return reply.code(404).send({ error: 'notification_asset_not_found' });
+        }
+        return sendAssetContent(request, reply, config, asset);
+    });
+}
+function notificationAssetListResponse(assets, disabledIds) {
+    const disabledSet = new Set(disabledIds);
+    return {
+        assets: [
+            ...builtInNotificationAssets.map((asset) => ({
+                ...asset,
+                source: 'built-in',
+                enabled: isNotificationAssetEnabled(asset.id, disabledSet)
+            })),
+            ...assets.map((asset) => toSummary(asset, isNotificationAssetEnabled(asset.id, disabledSet)))
+        ],
+        maxFileBytes: notificationAssetMaxBytes
+    };
+}
+function toSummary(asset, enabled) {
+    return {
+        id: asset.id,
+        filename: asset.filename,
+        source: 'uploaded',
+        enabled,
+        contentType: asset.contentType,
+        size: asset.size,
+        createdAt: asset.createdAt,
+        url: `/api/notification-assets/${encodeURIComponent(asset.id)}/content`
+    };
+}
+function notificationAssetIds(assets) {
+    return new Set([...builtInNotificationAssets.map((asset) => asset.id), ...assets.map((asset) => asset.id)]);
+}
+function isNotificationAssetEnabled(assetId, disabledIds) {
+    return !disabledIds.has(assetId);
+}
+function notificationAssetRoot(config) {
+    return path.join(path.dirname(config.statePath), 'notification-assets');
+}
+function isAllowedContentType(value) {
+    return value === 'video/mp4' || value === 'video/webm';
+}
+function sanitizeFilename(filename, contentType) {
+    const fallback = `notification${allowedContentTypes.get(contentType)}`;
+    const base = path.basename(filename || fallback).replace(/[\u0000-\u001f\u007f]/g, '').trim();
+    return (base || fallback).slice(0, 160);
+}
+async function writeLimitedFile(stream, filePath, maxBytes) {
+    await mkdir(path.dirname(filePath), { recursive: true, mode: 0o700 });
+    const handle = await open(filePath, 'wx', 0o600);
+    let bytes = 0;
+    let tooLarge = false;
+    try {
+        for await (const chunk of stream) {
+            const buffer = typeof chunk === 'string' ? Buffer.from(chunk) : Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk);
+            bytes += buffer.length;
+            if (bytes > maxBytes) {
+                tooLarge = true;
+                continue;
+            }
+            await handle.write(buffer);
+        }
+    }
+    finally {
+        await handle.close();
+    }
+    if (tooLarge) {
+        throw new NotificationAssetError(413, 'notification_asset_too_large');
+    }
+    return bytes;
+}
+async function sendAssetContent(request, reply, config, asset) {
+    const filePath = path.join(notificationAssetRoot(config), asset.storedFilename);
+    let fileStat;
+    try {
+        fileStat = await stat(filePath);
+    }
+    catch (error) {
+        if (error.code === 'ENOENT') {
+            return reply.code(404).send({ error: 'notification_asset_file_not_found' });
+        }
+        throw error;
+    }
+    reply.type(asset.contentType);
+    reply.header('Cache-Control', 'no-store');
+    reply.header('Accept-Ranges', 'bytes');
+    const range = parseRangeHeader(request.headers.range, fileStat.size);
+    if (range === 'invalid') {
+        reply.header('Content-Range', `bytes */${fileStat.size}`);
+        return reply.code(416).send();
+    }
+    if (range) {
+        reply.header('Content-Range', `bytes ${range.start}-${range.end}/${fileStat.size}`);
+        reply.header('Content-Length', String(range.end - range.start + 1));
+        return reply.code(206).send(createReadStream(filePath, range));
+    }
+    reply.header('Content-Length', String(fileStat.size));
+    return reply.send(createReadStream(filePath));
+}
+function parseRangeHeader(value, size) {
+    if (!value) {
+        return null;
+    }
+    const match = /^bytes=(\d*)-(\d*)$/.exec(value.trim());
+    if (!match) {
+        return 'invalid';
+    }
+    const [, startText, endText] = match;
+    if (!startText && !endText) {
+        return 'invalid';
+    }
+    if (!startText) {
+        const suffixLength = Number(endText);
+        if (!Number.isInteger(suffixLength) || suffixLength <= 0) {
+            return 'invalid';
+        }
+        return {
+            start: Math.max(size - suffixLength, 0),
+            end: Math.max(size - 1, 0)
+        };
+    }
+    const start = Number(startText);
+    const end = endText ? Number(endText) : size - 1;
+    if (!Number.isInteger(start) || !Number.isInteger(end) || start < 0 || end < start || start >= size) {
+        return 'invalid';
+    }
+    return {
+        start,
+        end: Math.min(end, size - 1)
+    };
+}
+async function drain(stream) {
+    for await (const _chunk of stream) {
+        // Consume invalid uploads so the multipart parser can finish cleanly.
+    }
+}
+//# sourceMappingURL=notificationAssetRoutes.js.map

package/dist/server/routes/notificationAssetRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"notificationAssetRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/notificationAssetRoutes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,gBAAgB,EAAE,MAAM,SAAS,CAAC;AAC3C,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,kBAAkB,CAAC;AACjE,OAAO,IAAI,MAAM,WAAW,CAAC;AAO7B,OAAO,EAAE,yBAAyB,EAAE,MAAM,oCAAoC,CAAC;AAI/E,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAElE,MAAM,yBAAyB,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC;AAClD,MAAM,mBAAmB,GAAG,IAAI,GAAG,CAAiD;IAClF,CAAC,WAAW,EAAE,MAAM,CAAC;IACrB,CAAC,YAAY,EAAE,OAAO,CAAC;CACxB,CAAC,CAAC;AAOH,MAAM,sBAAuB,SAAQ,KAAK;IAEtB;IACA;IAFlB,YACkB,UAAkB,EAClB,IAAY;QAE5B,KAAK,CAAC,IAAI,CAAC,CAAC;QAHI,eAAU,GAAV,UAAU,CAAQ;QAClB,SAAI,GAAJ,IAAI,CAAQ;IAG9B,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,+BAA+B,CACnD,GAAoB,EACpB,MAAiB,EACjB,QAAwC;IAExC,GAAG,CAAC,GAAG,CAAC,0BAA0B,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QAC3D,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,OAAO,6BAA6B,CAAC,KAAK,CAAC,kBAAkB,EAAE,KAAK,CAAC,4BAA4B,CAAC,CAAC;IACrG,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CACN,0BAA0B,EAC1B,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,IAAI,CAAC,OAAO,CAAC,WAAW,EAAE,EAAE,CAAC;YAC3B,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,IAAI,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC;YAC9B,MAAM,EAAE;gBACN,KAAK,EAAE,CAAC;gBACR,QAAQ,EAAE,yBAAyB,GAAG,CAAC;gBACvC,KAAK,EAAE,CAAC;aACT;SACF,CAAC,CAAC;QACH,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;QACxE,CAAC;QAED,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC;QAClC,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE,CAAC;YACvC,MAAM,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;QAChF,CAAC;QAED,MAAM,IAAI,GAAG,qBAAqB,CAAC,MAAM,CAAC,CAAC;QAC3C,MAAM,EAAE,GAAG,UAAU,EAAE,CAAC;QACxB,MAAM,cAAc,GAAG,GAAG,EAAE,GAAG,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;QACtE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,cAAc,IAAI,OAAO,CAAC,GAAG,MAAM,CAAC,CAAC;QACzE,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,cAAc,CAAC,CAAC;QAClD,IAAI,IAAI,GAAG,CAAC,CAAC;QACb,IAAI,CAAC;YACH,IAAI,GAAG,MAAM,gBAAgB,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,EAAE,yBAAyB,CAAC,CAAC;YAC9E,IAAI,IAAI,KAAK,CAAC,EAAE,CAAC;gBACf,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;gBACpC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;YACrE,CAAC;YACD,MAAM,MAAM,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC;QACpC,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,EAAE,CAAC,QAAQ,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;YACpC,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAClE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QAED,MAAM,KAAK,GAA4B;YACrC,EAAE;YACF,QAAQ,EAAE,gBAAgB,CAAC,IAAI,CAAC,QAAQ,EAAE,WAAW,CAAC;YACtD,cAAc;YACd,WAAW;YACX,IAAI;YACJ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;SACpC,CAAC;QACF,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAC7B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,kBAAkB,EAAE,CAAC,GAAG,KAAK,CAAC,kBAAkB,EAAE,KAAK,CAAC,EAAE,CAAC,EACnF,EAAE,KAAK,EAAE,WAAW,EAAE,CACvB,CAAC;QAEF,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,0BAA0B,CAAC,KAAK,CAAC,EAAE,EAAE,IAAI,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC;IAC5G,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CACL,oCAAoC,EACpC,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,eAAe,GAAG,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,IAAI,EAAE,eAAe,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC,IAAI,CAAC;QAC3G,IAAI,CAAC,eAAe,EAAE,CAAC;YACrB,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;QACjF,CAAC;QACD,MAAM,qBAAqB,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,GAAG,CAAC,eAAe,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpH,IAAI,qBAAqB,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,uCAAuC,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,IAAI,SAAiD,CAAC;QACtD,IAAI,CAAC;YACH,SAAS,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CACzC,CAAC,KAAK,EAAE,EAAE;gBACR,MAAM,aAAa,GAAG,oBAAoB,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBACrE,MAAM,cAAc,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,aAAa,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC;gBAC5F,IAAI,cAAc,EAAE,CAAC;oBACnB,MAAM,IAAI,sBAAsB,CAAC,GAAG,EAAE,4BAA4B,CAAC,CAAC;gBACtE,CAAC;gBACD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,qBAAqB,CAAC,CAAC;gBAClD,OAAO;oBACL,GAAG,KAAK;oBACR,4BAA4B,EAAE,KAAK,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,CAAC,UAAU,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;iBACtG,CAAC;YACJ,CAAC,EACD,EAAE,KAAK,EAAE,WAAW,EAAE,CACvB,CAAC;QACJ,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,sBAAsB,EAAE,CAAC;gBAC5C,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;YAClE,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;QACD,OAAO,6BAA6B,CAAC,SAAS,CAAC,kBAAkB,EAAE,SAAS,CAAC,4BAA4B,CAAC,CAAC;IAC7G,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,MAAM,CACR,8BAA8B,EAC9B,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,YAAY,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QACrD,MAAM,OAAO,GAAG,YAAY,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAChG,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAC7B,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;YACV,GAAG,KAAK;YACR,kBAAkB,EAAE,KAAK,CAAC,kBAAkB,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAC9F,4BAA4B,EAAE,KAAK,CAAC,4BAA4B,CAAC,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,KAAK,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;SACpH,CAAC,EACF,EAAE,KAAK,EAAE,WAAW,EAAE,CACvB,CAAC;QACF,MAAM,EAAE,CAAC,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,OAAO,CAAC,cAAc,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5F,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CAA6B,sCAAsC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACnG,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,kBAAkB,CAAC,IAAI,CAAC,CAAC,SAAS,EAAE,EAAE,CAAC,SAAS,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC/F,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;QACzE,CAAC;QACD,OAAO,gBAAgB,CAAC,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,KAAK,CAAC,CAAC;IACzD,CAAC,CAAC,CAAC;AACL,CAAC;AAED,SAAS,6BAA6B,CACpC,MAAiC,EACjC,WAA8B;IAE9B,MAAM,WAAW,GAAG,IAAI,GAAG,CAAC,WAAW,CAAC,CAAC;IACzC,OAAO;QACL,MAAM,EAAE;YACN,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC;gBAC3C,GAAG,KAAK;gBACR,MAAM,EAAE,UAAmB;gBAC3B,OAAO,EAAE,0BAA0B,CAAC,KAAK,CAAC,EAAE,EAAE,WAAW,CAAC;aAC3D,CAAC,CAAC;YACH,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,SAAS,CAAC,KAAK,EAAE,0BAA0B,CAAC,KAAK,CAAC,EAAE,EAAE,WAAW,CAAC,CAAC,CAAC;SAC9F;QACD,YAAY,EAAE,yBAAyB;KACxC,CAAC;AACJ,CAAC;AAED,SAAS,SAAS,CAAC,KAA8B,EAAE,OAAgB;IACjE,OAAO;QACL,EAAE,EAAE,KAAK,CAAC,EAAE;QACZ,QAAQ,EAAE,KAAK,CAAC,QAAQ;QACxB,MAAM,EAAE,UAAU;QAClB,OAAO;QACP,WAAW,EAAE,KAAK,CAAC,WAAW;QAC9B,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,SAAS,EAAE,KAAK,CAAC,SAAS;QAC1B,GAAG,EAAE,4BAA4B,kBAAkB,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU;KACxE,CAAC;AACJ,CAAC;AAED,SAAS,oBAAoB,CAAC,MAAiC;IAC7D,OAAO,IAAI,GAAG,CAAC,CAAC,GAAG,yBAAyB,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,EAAE,GAAG,MAAM,CAAC,GAAG,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;AAC9G,CAAC;AAED,SAAS,0BAA0B,CAAC,OAAe,EAAE,WAAgC;IACnF,OAAO,CAAC,WAAW,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,qBAAqB,CAAC,MAAiB;IAC9C,OAAO,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,EAAE,qBAAqB,CAAC,CAAC;AAC1E,CAAC;AAED,SAAS,oBAAoB,CAAC,KAAa;IACzC,OAAO,KAAK,KAAK,WAAW,IAAI,KAAK,KAAK,YAAY,CAAC;AACzD,CAAC;AAED,SAAS,gBAAgB,CAAC,QAA4B,EAAE,WAAmD;IACzG,MAAM,QAAQ,GAAG,eAAe,mBAAmB,CAAC,GAAG,CAAC,WAAW,CAAC,EAAE,CAAC;IACvE,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,IAAI,QAAQ,CAAC,CAAC,OAAO,CAAC,wBAAwB,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAC9F,OAAO,CAAC,IAAI,IAAI,QAAQ,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AAC1C,CAAC;AAED,KAAK,UAAU,gBAAgB,CAAC,MAA6B,EAAE,QAAgB,EAAE,QAAgB;IAC/F,MAAM,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IACtE,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC;IACjD,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,QAAQ,GAAG,KAAK,CAAC;IACrB,IAAI,CAAC;QACH,IAAI,KAAK,EAAE,MAAM,KAAK,IAAI,MAAM,EAAE,CAAC;YACjC,MAAM,MAAM,GAAG,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAmB,CAAC,CAAC;YAClI,KAAK,IAAI,MAAM,CAAC,MAAM,CAAC;YACvB,IAAI,KAAK,GAAG,QAAQ,EAAE,CAAC;gBACrB,QAAQ,GAAG,IAAI,CAAC;gBAChB,SAAS;YACX,CAAC;YACD,MAAM,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;YAAS,CAAC;QACT,MAAM,MAAM,CAAC,KAAK,EAAE,CAAC;IACvB,CAAC;IACD,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,IAAI,sBAAsB,CAAC,GAAG,EAAE,8BAA8B,CAAC,CAAC;IACxE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,KAAK,UAAU,gBAAgB,CAC7B,OAAuB,EACvB,KAAmB,EACnB,MAAiB,EACjB,KAA8B;IAE9B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,EAAE,KAAK,CAAC,cAAc,CAAC,CAAC;IAChF,IAAI,QAA0C,CAAC;IAC/C,IAAI,CAAC;QACH,QAAQ,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC,CAAC;IAClC,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAK,KAA+B,CAAC,IAAI,KAAK,QAAQ,EAAE,CAAC;YACvD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;QAC9E,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;IAED,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;IAC9B,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE,UAAU,CAAC,CAAC;IAC1C,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE,OAAO,CAAC,CAAC;IAEvC,MAAM,KAAK,GAAG,gBAAgB,CAAC,OAAO,CAAC,OAAO,CAAC,KAAK,EAAE,QAAQ,CAAC,IAAI,CAAC,CAAC;IACrE,IAAI,KAAK,KAAK,SAAS,EAAE,CAAC;QACxB,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE,WAAW,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QAC1D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC;IACD,IAAI,KAAK,EAAE,CAAC;QACV,KAAK,CAAC,MAAM,CAAC,eAAe,EAAE,SAAS,KAAK,CAAC,KAAK,IAAI,KAAK,CAAC,GAAG,IAAI,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC;QACpF,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,KAAK,CAAC,GAAG,GAAG,KAAK,CAAC,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,EAAE,KAAK,CAAC,CAAC,CAAC;IACjE,CAAC;IACD,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,MAAM,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACtD,OAAO,KAAK,CAAC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;AAChD,CAAC;AAED,SAAS,gBAAgB,CAAC,KAAyB,EAAE,IAAY;IAC/D,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,KAAK,GAAG,qBAAqB,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,MAAM,CAAC,EAAE,SAAS,EAAE,OAAO,CAAC,GAAG,KAAK,CAAC;IACrC,IAAI,CAAC,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC;QAC3B,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,YAAY,GAAG,MAAM,CAAC,OAAO,CAAC,CAAC;QACrC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,YAAY,CAAC,IAAI,YAAY,IAAI,CAAC,EAAE,CAAC;YACzD,OAAO,SAAS,CAAC;QACnB,CAAC;QACD,OAAO;YACL,KAAK,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,YAAY,EAAE,CAAC,CAAC;YACvC,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC,CAAC;SAC3B,CAAC;IACJ,CAAC;IACD,MAAM,KAAK,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC;IAChC,MAAM,GAAG,GAAG,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC;IACjD,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,IAAI,KAAK,GAAG,CAAC,IAAI,GAAG,GAAG,KAAK,IAAI,KAAK,IAAI,IAAI,EAAE,CAAC;QACpG,OAAO,SAAS,CAAC;IACnB,CAAC;IACD,OAAO;QACL,KAAK;QACL,GAAG,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,IAAI,GAAG,CAAC,CAAC;KAC7B,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,KAAK,CAAC,MAA6B;IAChD,IAAI,KAAK,EAAE,MAAM,MAAM,IAAI,MAAM,EAAE,CAAC;QAClC,sEAAsE;IACxE,CAAC;AACH,CAAC"}

package/dist/server/routes/securityRoutes.d.ts

@@ -0,0 +1,7 @@
+import type { FastifyInstance } from 'fastify';
+import type { AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+export interface SecurityRouteServices {
+    authService: AuthService;
+}
+export declare function registerSecurityRoutes(app: FastifyInstance, config: AppConfig, services: SecurityRouteServices): Promise<void>;

package/dist/server/routes/securityRoutes.js

@@ -0,0 +1,53 @@
+import { AuthError } from '../auth/authService.js';
+import { cookieNames } from '../auth/cookies.js';
+import { requireAllowedOrigin } from './authRoutes.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+export async function registerSecurityRoutes(app, config, services) {
+    app.get('/api/auth/devices', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const deviceToken = request.cookies[cookieNames.device];
+        return { devices: await services.authService.listTrustedDevices(deviceToken) };
+    });
+    app.delete('/api/auth/devices/:id', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        await services.authService.revokeTrustedDevice(request.params.id);
+        return reply.code(204).send();
+    });
+    app.get('/api/auth/networks', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        return { networks: await services.authService.listIpRules() };
+    });
+    app.post('/api/auth/networks', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        const value = request.body?.value;
+        if (typeof value !== 'string' || !value.trim()) {
+            return reply.code(400).send({ error: 'value_required' });
+        }
+        try {
+            const rule = await services.authService.addIpRule(value, typeof request.body?.label === 'string' ? request.body.label : '');
+            return reply.code(201).send({ network: rule });
+        }
+        catch (error) {
+            if (error instanceof AuthError) {
+                return reply.code(error.statusCode).send({ error: error.code.toLowerCase() });
+            }
+            throw error;
+        }
+    });
+    app.delete('/api/auth/networks/:id', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth)
+            return reply;
+        await services.authService.removeIpRule(request.params.id);
+        return reply.code(204).send();
+    });
+}
+//# sourceMappingURL=securityRoutes.js.map

package/dist/server/routes/securityRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"securityRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/securityRoutes.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,SAAS,EAAE,MAAM,wBAAwB,CAAC;AAEnD,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAMlE,MAAM,CAAC,KAAK,UAAU,sBAAsB,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAA+B;IACnH,GAAG,CAAC,GAAG,CAAC,mBAAmB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACpD,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,WAAW,GAAI,OAAO,CAAC,OAA8C,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAChG,OAAO,EAAE,OAAO,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,kBAAkB,CAAC,WAAW,CAAC,EAAE,CAAC;IACjF,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,MAAM,CACR,uBAAuB,EACvB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,QAAQ,CAAC,WAAW,CAAC,mBAAmB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAClE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,GAAG,CAAC,oBAAoB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACrD,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,OAAO,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC,WAAW,CAAC,WAAW,EAAE,EAAE,CAAC;IAChE,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,IAAI,CACN,oBAAoB,EACpB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,KAAK,GAAG,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;QAClC,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC;YAC/C,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QAC3D,CAAC;QACD,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,WAAW,CAAC,SAAS,CAAC,KAAK,EAAE,OAAO,OAAO,CAAC,IAAI,EAAE,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YAC5H,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QACjD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,SAAS,EAAE,CAAC;gBAC/B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAChF,CAAC;YACD,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC,CACF,CAAC;IAEF,GAAG,CAAC,MAAM,CACR,wBAAwB,EACxB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI;YAAE,OAAO,KAAK,CAAC;QACxB,MAAM,QAAQ,CAAC,WAAW,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;QAC3D,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IAChC,CAAC,CACF,CAAC;AACJ,CAAC"}

package/dist/server/routes/socketBackpressure.d.ts

@@ -0,0 +1,26 @@
+export interface BackpressureSocket {
+    readonly bufferedAmount: number;
+    isOpen(): boolean;
+}
+export interface BackpressureSink {
+    pause(): void;
+    resume(): void;
+}
+export interface BackpressureOptions {
+    highWaterBytes: number;
+    lowWaterBytes: number;
+    pollMs: number;
+}
+export declare class SocketBackpressure {
+    private readonly socket;
+    private readonly sink;
+    private readonly options;
+    private paused;
+    private drainTimer;
+    constructor(socket: BackpressureSocket, sink: BackpressureSink, options: BackpressureOptions);
+    observe(): void;
+    dispose(): void;
+    private startDrainPoll;
+    private stopDrainPoll;
+    private tick;
+}

package/dist/server/routes/socketBackpressure.js

@@ -0,0 +1,63 @@
+// Watermark-based backpressure for a WebSocket-like sender. The route polls
+// `bufferedAmount` after each send; once it crosses `highWaterBytes` the sink
+// (a TerminalAttachment) is told to pause its PTY. While paused, we sample
+// `bufferedAmount` on `pollMs` and resume once it drains back below
+// `lowWaterBytes`. The split watermarks give the socket headroom and avoid
+// thrashing between pause and resume on every send.
+export class SocketBackpressure {
+    socket;
+    sink;
+    options;
+    paused = false;
+    drainTimer = null;
+    constructor(socket, sink, options) {
+        this.socket = socket;
+        this.sink = sink;
+        this.options = options;
+    }
+    // Call after each socket.send to re-evaluate backpressure.
+    observe() {
+        if (this.paused)
+            return;
+        if (this.socket.bufferedAmount <= this.options.highWaterBytes)
+            return;
+        this.paused = true;
+        this.sink.pause();
+        this.startDrainPoll();
+    }
+    // Stop polling. Does NOT release a held pause — the sink (attachment) is
+    // responsible for releasing on its own dispose, so we don't double-resume
+    // when both the socket and the attachment close.
+    dispose() {
+        this.stopDrainPoll();
+    }
+    startDrainPoll() {
+        if (this.drainTimer)
+            return;
+        this.drainTimer = setInterval(() => this.tick(), this.options.pollMs);
+        if (typeof this.drainTimer.unref === 'function') {
+            this.drainTimer.unref();
+        }
+    }
+    stopDrainPoll() {
+        if (this.drainTimer) {
+            clearInterval(this.drainTimer);
+            this.drainTimer = null;
+        }
+    }
+    tick() {
+        if (!this.socket.isOpen()) {
+            this.stopDrainPoll();
+            return;
+        }
+        if (this.socket.bufferedAmount > this.options.lowWaterBytes) {
+            return;
+        }
+        this.stopDrainPoll();
+        if (this.paused) {
+            this.paused = false;
+            this.sink.resume();
+        }
+    }
+}
+//# sourceMappingURL=socketBackpressure.js.map

package/dist/server/routes/socketBackpressure.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"socketBackpressure.js","sourceRoot":"","sources":["../../../src/server/routes/socketBackpressure.ts"],"names":[],"mappings":"AAAA,4EAA4E;AAC5E,8EAA8E;AAC9E,2EAA2E;AAC3E,oEAAoE;AACpE,2EAA2E;AAC3E,oDAAoD;AAkBpD,MAAM,OAAO,kBAAkB;IAKV;IACA;IACA;IANX,MAAM,GAAG,KAAK,CAAC;IACf,UAAU,GAA0B,IAAI,CAAC;IAEjD,YACmB,MAA0B,EAC1B,IAAsB,EACtB,OAA4B;QAF5B,WAAM,GAAN,MAAM,CAAoB;QAC1B,SAAI,GAAJ,IAAI,CAAkB;QACtB,YAAO,GAAP,OAAO,CAAqB;IAC5C,CAAC;IAEJ,2DAA2D;IAC3D,OAAO;QACL,IAAI,IAAI,CAAC,MAAM;YAAE,OAAO;QACxB,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,IAAI,IAAI,CAAC,OAAO,CAAC,cAAc;YAAE,OAAO;QACtE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC;QACnB,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QAClB,IAAI,CAAC,cAAc,EAAE,CAAC;IACxB,CAAC;IAED,yEAAyE;IACzE,0EAA0E;IAC1E,iDAAiD;IACjD,OAAO;QACL,IAAI,CAAC,aAAa,EAAE,CAAC;IACvB,CAAC;IAEO,cAAc;QACpB,IAAI,IAAI,CAAC,UAAU;YAAE,OAAO;QAC5B,IAAI,CAAC,UAAU,GAAG,WAAW,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACtE,IAAI,OAAO,IAAI,CAAC,UAAU,CAAC,KAAK,KAAK,UAAU,EAAE,CAAC;YAChD,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;QAC1B,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,IAAI,IAAI,CAAC,UAAU,EAAE,CAAC;YACpB,aAAa,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAC/B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC;QACzB,CAAC;IACH,CAAC;IAEO,IAAI;QACV,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,CAAC;YAC1B,IAAI,CAAC,aAAa,EAAE,CAAC;YACrB,OAAO;QACT,CAAC;QACD,IAAI,IAAI,CAAC,MAAM,CAAC,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,aAAa,EAAE,CAAC;YAC5D,OAAO;QACT,CAAC;QACD,IAAI,CAAC,aAAa,EAAE,CAAC;QACrB,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;YAChB,IAAI,CAAC,MAAM,GAAG,KAAK,CAAC;YACpB,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;QACrB,CAAC;IACH,CAAC;CACF"}

package/dist/server/routes/terminalLayoutRoutes.d.ts

@@ -0,0 +1,9 @@
+import type { FastifyInstance } from 'fastify';
+import type { AuthService } from '../auth/authService.js';
+import type { AppConfig } from '../config.js';
+import type { FileStore } from '../storage/fileStore.js';
+export interface TerminalLayoutRouteServices {
+    authService: AuthService;
+    fileStore: FileStore;
+}
+export declare function registerTerminalLayoutRoutes(app: FastifyInstance, config: AppConfig, services: TerminalLayoutRouteServices): Promise<void>;

package/dist/server/routes/terminalLayoutRoutes.js

@@ -0,0 +1,108 @@
+import { normalizeTerminalLayoutState } from '../../shared/layoutState.js';
+import { requireAllowedOrigin } from './authRoutes.js';
+import { authenticateTerminalRequest } from './terminalRoutes.js';
+class RevisionConflict extends Error {
+    current;
+    constructor(current) {
+        super('Stale terminal layout revision');
+        this.current = current;
+    }
+}
+export async function registerTerminalLayoutRoutes(app, config, services) {
+    // Local server layout.
+    app.get('/api/terminal-layout', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const state = await services.fileStore.read();
+        return terminalLayoutResponse(state.terminalLayout);
+    });
+    app.put('/api/terminal-layout', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => saveLayout(services, request, reply, {
+        read: (state) => state.terminalLayout,
+        write: (state, layout) => ({ ...state, terminalLayout: layout })
+    }));
+    // Per-agent layout, stored on the main (not proxied to the agent).
+    app.get('/api/agents/:agentId/terminal-layout', async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const state = await services.fileStore.read();
+        if (!state.agents.some((agent) => agent.id === request.params.agentId)) {
+            return reply.code(404).send({ error: 'agent_not_found' });
+        }
+        return terminalLayoutResponse(state.agentLayouts[request.params.agentId] ?? null);
+    });
+    app.put('/api/agents/:agentId/terminal-layout', { preHandler: (request, reply) => requireAllowedOrigin(config, request, reply) }, async (request, reply) => {
+        const auth = await authenticateTerminalRequest(services.authService, request, reply);
+        if (!auth) {
+            return reply;
+        }
+        const agentId = request.params.agentId;
+        const state = await services.fileStore.read();
+        if (!state.agents.some((agent) => agent.id === agentId)) {
+            return reply.code(404).send({ error: 'agent_not_found' });
+        }
+        return saveLayout(services, request, reply, {
+            read: (current) => current.agentLayouts[agentId] ?? null,
+            write: (current, layout) => ({ ...current, agentLayouts: { ...current.agentLayouts, [agentId]: layout } })
+        });
+    });
+}
+async function saveLayout(services, request, reply, slot) {
+    const auth = await authenticateTerminalRequest(services.authService, request, reply);
+    if (!auth) {
+        return reply;
+    }
+    const body = parseUpdateRequest(request.body);
+    if (!body) {
+        return reply.code(400).send({ error: 'invalid_terminal_layout' });
+    }
+    try {
+        const next = await services.fileStore.update((state) => {
+            const currentRevision = slot.read(state)?.revision ?? 0;
+            if (body.baseRevision !== undefined && body.baseRevision !== currentRevision) {
+                throw new RevisionConflict(slot.read(state));
+            }
+            const layout = {
+                layout: body.layout,
+                revision: currentRevision + 1,
+                updatedAt: new Date().toISOString()
+            };
+            return slot.write(state, layout);
+        });
+        return terminalLayoutResponse(slot.read(next));
+    }
+    catch (error) {
+        if (error instanceof RevisionConflict) {
+            return reply.code(409).send(terminalLayoutResponse(error.current));
+        }
+        throw error;
+    }
+}
+function parseUpdateRequest(value) {
+    if (!value || typeof value !== 'object') {
+        return null;
+    }
+    const request = value;
+    const layout = normalizeTerminalLayoutState(request.layout);
+    if (!layout) {
+        return null;
+    }
+    if (request.baseRevision !== undefined && (!Number.isInteger(request.baseRevision) || request.baseRevision < 0)) {
+        return null;
+    }
+    return request.baseRevision === undefined ? { layout } : { layout, baseRevision: request.baseRevision };
+}
+function terminalLayoutResponse(stored) {
+    if (!stored) {
+        return { layout: null, revision: 0, updatedAt: null };
+    }
+    return {
+        layout: stored.layout,
+        revision: stored.revision,
+        updatedAt: stored.updatedAt
+    };
+}
+//# sourceMappingURL=terminalLayoutRoutes.js.map

package/dist/server/routes/terminalLayoutRoutes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"terminalLayoutRoutes.js","sourceRoot":"","sources":["../../../src/server/routes/terminalLayoutRoutes.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,4BAA4B,EAAE,MAAM,6BAA6B,CAAC;AAM3E,OAAO,EAAE,oBAAoB,EAAE,MAAM,iBAAiB,CAAC;AACvD,OAAO,EAAE,2BAA2B,EAAE,MAAM,qBAAqB,CAAC;AAYlE,MAAM,gBAAiB,SAAQ,KAAK;IACN;IAA5B,YAA4B,OAAoC;QAC9D,KAAK,CAAC,gCAAgC,CAAC,CAAC;QADd,YAAO,GAAP,OAAO,CAA6B;IAEhE,CAAC;CACF;AAED,MAAM,CAAC,KAAK,UAAU,4BAA4B,CAAC,GAAoB,EAAE,MAAiB,EAAE,QAAqC;IAC/H,uBAAuB;IACvB,GAAG,CAAC,GAAG,CAAC,sBAAsB,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvD,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,OAAO,sBAAsB,CAAC,KAAK,CAAC,cAAc,CAAC,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CACL,sBAAsB,EACtB,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE,CACvB,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;QACnC,IAAI,EAAE,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,cAAc;QACrC,KAAK,EAAE,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,KAAK,EAAE,cAAc,EAAE,MAAM,EAAE,CAAC;KACjE,CAAC,CACL,CAAC;IAEF,mEAAmE;IACnE,GAAG,CAAC,GAAG,CAAkC,sCAAsC,EAAE,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACxG,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YACvE,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,sBAAsB,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;IAEH,GAAG,CAAC,GAAG,CACL,sCAAsC,EACtC,EAAE,UAAU,EAAE,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,CAAC,oBAAoB,CAAC,MAAM,EAAE,OAAO,EAAE,KAAK,CAAC,EAAE,EAChF,KAAK,EAAE,OAAO,EAAE,KAAK,EAAE,EAAE;QACvB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QACrF,IAAI,CAAC,IAAI,EAAE,CAAC;YACV,OAAO,KAAK,CAAC;QACf,CAAC;QACD,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC;QACvC,MAAM,KAAK,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,IAAI,EAAE,CAAC;QAC9C,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,KAAK,OAAO,CAAC,EAAE,CAAC;YACxD,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;QAC5D,CAAC;QACD,OAAO,UAAU,CAAC,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE;YAC1C,IAAI,EAAE,CAAC,OAAO,EAAE,EAAE,CAAC,OAAO,CAAC,YAAY,CAAC,OAAO,CAAC,IAAI,IAAI;YACxD,KAAK,EAAE,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,CAAC,CAAC,EAAE,GAAG,OAAO,EAAE,YAAY,EAAE,EAAE,GAAG,OAAO,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,EAAE,MAAM,EAAE,EAAE,CAAC;SAC3G,CAAC,CAAC;IACL,CAAC,CACF,CAAC;AACJ,CAAC;AAOD,KAAK,UAAU,UAAU,CACvB,QAAqC,EACrC,OAAuB,EACvB,KAAmB,EACnB,IAAgB;IAEhB,MAAM,IAAI,GAAG,MAAM,2BAA2B,CAAC,QAAQ,CAAC,WAAW,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;IACrF,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAC;IACf,CAAC;IACD,MAAM,IAAI,GAAG,kBAAkB,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;IACpE,CAAC;IACD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,KAAK,EAAE,EAAE;YACrD,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,QAAQ,IAAI,CAAC,CAAC;YACxD,IAAI,IAAI,CAAC,YAAY,KAAK,SAAS,IAAI,IAAI,CAAC,YAAY,KAAK,eAAe,EAAE,CAAC;gBAC7E,MAAM,IAAI,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC;YAC/C,CAAC;YACD,MAAM,MAAM,GAAyB;gBACnC,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,eAAe,GAAG,CAAC;gBAC7B,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;aACpC,CAAC;YACF,OAAO,IAAI,CAAC,KAAK,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;QACnC,CAAC,CAAC,CAAC;QACH,OAAO,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACjD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,gBAAgB,EAAE,CAAC;YACtC,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,sBAAsB,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC;QACrE,CAAC;QACD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,KAAc;IACxC,IAAI,CAAC,KAAK,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,IAAI,CAAC;IACd,CAAC;IACD,MAAM,OAAO,GAAG,KAA6C,CAAC;IAC9D,MAAM,MAAM,GAAG,4BAA4B,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;IAC5D,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,IAAI,CAAC;IACd,CAAC;IACD,IAAI,OAAO,CAAC,YAAY,KAAK,SAAS,IAAI,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,YAAY,GAAG,CAAC,CAAC,EAAE,CAAC;QAChH,OAAO,IAAI,CAAC;IACd,CAAC;IACD,OAAO,OAAO,CAAC,YAAY,KAAK,SAAS,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC,EAAE,MAAM,EAAE,YAAY,EAAE,OAAO,CAAC,YAAY,EAAE,CAAC;AAC1G,CAAC;AAED,SAAS,sBAAsB,CAAC,MAAmC;IACjE,IAAI,CAAC,MAAM,EAAE,CAAC;QACZ,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC;IACxD,CAAC;IACD,OAAO;QACL,MAAM,EAAE,MAAM,CAAC,MAAM;QACrB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC"}

package/dist/server/routes/terminalRoutes.d.ts

@@ -0,0 +1,14 @@
+import type { FastifyInstance, FastifyReply, FastifyRequest } from 'fastify';
+import type { AppConfig } from '../config.js';
+import type { AuthService } from '../auth/authService.js';
+import type { TerminalManager } from '../terminal/TerminalManager.js';
+export interface TerminalRouteServices {
+    authService: AuthService;
+    terminalManager: TerminalManager;
+}
+interface AuthContext {
+    sessionId?: string;
+}
+export declare function authenticateTerminalRequest(authService: AuthService, request: FastifyRequest, reply?: FastifyReply): Promise<AuthContext | null>;
+export declare function registerTerminalRoutes(app: FastifyInstance, config: AppConfig, services: TerminalRouteServices): Promise<void>;
+export {};