opensidian 1.0.0

package/dist/shared/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,kBAAkB,CAAC;AAErD,MAAM,WAAW,KAAK;IACpB,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,KAAK,EAAE,IAAI,EAAE,CAAC;CACf;AAED,MAAM,WAAW,IAAI;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,EAAE,MAAM,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC;IAChB,WAAW,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACrC,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,UAAU,CAAC,CAAC,SAAS,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;IACrF,WAAW,EAAE,CAAC,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,IAAI,EAAE,MAAM,CAAC;IACb,KAAK,EAAE,MAAM,EAAE,CAAC;IAChB,QAAQ,EAAE,KAAK,CAAC;QAAE,KAAK,EAAE,MAAM,CAAC;QAAC,IAAI,EAAE,MAAM,CAAC;QAAC,EAAE,EAAE,MAAM,CAAA;KAAE,CAAC,CAAC;CAC9D;AAED,MAAM,WAAW,KAAK;IACpB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,KAAK,EAAE,SAAS,EAAE,CAAC;IACnB,QAAQ,EAAE,aAAa,CAAC;CACzB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,EAAE,CAAC;IAChB,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED,MAAM,WAAW,SAAS;IACxB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,UAAU,GAAG,QAAQ,GAAG,KAAK,CAAC;CACrC;AAED,MAAM,WAAW,aAAa;IAC5B,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,MAAM;IACrB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;IACrD,QAAQ,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC,GAAG,IAAI,CAAC;CACnC;AAED,MAAM,WAAW,aAAa;IAC5B,eAAe,CAAC,OAAO,EAAE,aAAa,GAAG,IAAI,CAAC;IAC9C,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,IAAI,CAAC;IACpD,eAAe,IAAI,YAAY,CAAC;IAChC,cAAc,IAAI,WAAW,CAAC;CAC/B;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,IAAI,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjC;AAED,MAAM,WAAW,MAAM;IACrB,MAAM,EAAE;QACN,IAAI,EAAE,MAAM,CAAC;QACb,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,MAAM,EAAE;QACN,WAAW,EAAE,MAAM,CAAC;QACpB,QAAQ,EAAE,OAAO,CAAC;KACnB,CAAC;IACF,IAAI,EAAE;QACJ,OAAO,EAAE,OAAO,CAAC;QACjB,IAAI,EAAE,MAAM,CAAC;KACd,CAAC;IACF,OAAO,EAAE;QACP,OAAO,EAAE,OAAO,CAAC;QACjB,KAAK,EAAE,MAAM,EAAE,CAAC;KACjB,CAAC;CACH"}

package/dist/shared/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/shared/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/shared/types.ts"],"names":[],"mappings":""}

package/docker/Dockerfile

@@ -0,0 +1,37 @@
+FROM node:20-alpine AS builder
+
+WORKDIR /app
+
+COPY package*.json ./
+
+RUN npm ci
+
+COPY . .
+
+RUN npm run build
+
+FROM node:20-alpine AS runner
+
+WORKDIR /app
+
+ENV NODE_ENV=production
+
+RUN addgroup -g 1001 -S nodejs && \
+    adduser -S opensidian -u 1001
+
+COPY --from=builder /app/dist ./dist
+COPY --from=builder /app/package*.json ./
+
+RUN npm ci --only=production && \
+    npm cache clean --force
+
+RUN chown -R opensidian:nodejs /app
+
+USER opensidian
+
+EXPOSE 3000 3001
+
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+  CMD wget --no-verbose --tries=1 --spider http://localhost:3000/health || exit 1
+
+CMD ["node", "dist/index.js"]

package/docker/docker-compose.yml

@@ -0,0 +1,46 @@
+version: '3.8'
+
+services:
+  opensidian:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    container_name: opensidian
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+      - "3001:3001"
+    volumes:
+      - ./vaults:/app/vaults
+      - ./data:/app/data
+    environment:
+      - NODE_ENV=production
+      - PORT=3000
+      - SYNC_PORT=3001
+      - VAULT_PATH=/app/vaults
+      - SYNC_ENABLED=true
+      - PLUGINS_ENABLED=true
+    networks:
+      - opensidian-network
+
+  opensidian-mcp:
+    build:
+      context: .
+      dockerfile: docker/Dockerfile
+    container_name: opensidian-mcp
+    restart: unless-stopped
+    command: ["node", "dist/mcp/server.js"]
+    ports:
+      - "3002:3002"
+    volumes:
+      - ./vaults:/app/vaults
+    environment:
+      - NODE_ENV=production
+    networks:
+      - opensidian-network
+    depends_on:
+      - opensidian
+
+networks:
+  opensidian-network:
+    driver: bridge

package/docs/ARCHITECTURE.md

@@ -0,0 +1,321 @@
+# OpenSidian Architecture
+
+## Overview
+
+OpenSidian is a modular, extensible knowledge management system built with TypeScript/Node.js. It provides vault management, Markdown parsing, knowledge graph indexing, real-time synchronization, and a plugin architecture.
+
+## System Architecture
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                      Client Layer                           │
+│  ┌─────────────┐  ┌─────────────┐  ┌─────────────────────┐  │
+│  │   Web UI    │  │   CLI       │  │   MCP Client        │  │
+│  └─────────────┘  └─────────────┘  └─────────────────────┘  │
+├─────────────────────────────────────────────────────────────┤
+│                    API Gateway Layer                        │
+│  ┌─────────────────────────┐  ┌─────────────────────────┐  │
+│  │    REST API (Express)   │  │  WebSocket (Sync)       │  │
+│  │    Port 3000            │  │  Port 3001              │  │
+│  └─────────────────────────┘  └─────────────────────────┘  │
+├─────────────────────────────────────────────────────────────┤
+│                    Service Layer                            │
+│  ┌──────────┐ ┌──────────┐ ┌──────────┐ ┌──────────────┐  │
+│  │  Vault   │ │ Markdown  │ │  Graph   │ │   Plugin     │  │
+│  │ Manager  │ │  Parser   │ │  Engine  │ │     Host     │  │
+│  └──────────┘ └──────────┘ └──────────┘ └──────────────┘  │
+├─────────────────────────────────────────────────────────────┤
+│                    MCP Server Layer                         │
+│  ┌─────────────────────────────────────────────────────┐   │
+│  │         Model Context Protocol Server                 │   │
+│  │         (Stdio Transport)                             │   │
+│  └─────────────────────────────────────────────────────┘   │
+├─────────────────────────────────────────────────────────────┤
+│                    Storage Layer                            │
+│  ┌─────────────────┐  ┌─────────────────────────────────┐  │
+│  │  File System     │  │  In-Memory Graph Index           │  │
+│  │  (Vaults)        │  │  (GraphEngine)                   │  │
+│  └─────────────────┘  └─────────────────────────────────┘  │
+└─────────────────────────────────────────────────────────────┘
+```
+
+## Core Components
+
+### 1. Vault Manager (`src/core/vault.ts`)
+
+Responsible for vault and note lifecycle management.
+
+**Responsibilities:**
+- Create, open, and delete vaults
+- Create, read, update, and delete notes
+- Search notes by content
+- Parse Markdown content for links and frontmatter
+
+**Key Classes:**
+- `VaultManager` - Main vault management class
+
+**Public API:**
+```typescript
+class VaultManager {
+  listVaults(): Vault[]
+  openVault(vaultPath: string): Vault | null
+  createVault(name: string, vaultPath: string): Vault
+  createNote(vaultPath: string, filename: string, content: string): Promise<Note>
+  readNote(vaultPath: string, notePath: string): Promise<Note | null>
+  updateNote(vaultPath: string, notePath: string, content: string): Promise<Note>
+  deleteNote(vaultPath: string, notePath: string): Promise<void>
+  searchNotes(vaultPath: string, query: string): Promise<Note[]>
+}
+```
+
+### 2. Markdown Parser (`src/core/markdown.ts`)
+
+Handles Markdown parsing, link extraction, and frontmatter processing.
+
+**Responsibilities:**
+- Parse Markdown to HTML using `marked`
+- Extract frontmatter using `front-matter`
+- Extract wiki links `[[...]]` and Markdown links `[text](url)`
+- Extract headings with auto-generated IDs
+- Convert notes back to Markdown format
+
+**Key Classes:**
+- `MarkdownParser` - Main parsing class
+
+**Public API:**
+```typescript
+class MarkdownParser {
+  parse<T>(content: string): ParsedNote<T>
+  extractLinks(content: string): string[]
+  extractHeadings(content: string): Heading[]
+  slugify(text: string): string
+  toMarkdown(note: { frontmatter?: object, body: string }): string
+}
+```
+
+### 3. Graph Engine (`src/core/graph.ts`)
+
+Maintains the knowledge graph for vault navigation.
+
+**Responsibilities:**
+- Index notes and their links
+- Track graph nodes (notes) and edges (links)
+- Query neighbors and backlinks
+- Search by tags
+- Compute graph statistics
+
+**Key Classes:**
+- `GraphEngine` - Main graph management class
+
+**Public API:**
+```typescript
+class GraphEngine {
+  indexNote(vaultPath: string, note: Note): void
+  removeNote(vaultPath: string, notePath: string): void
+  getGraph(vaultPath: string): Graph | null
+  getNeighbors(vaultPath: string, notePath: string): GraphNode[]
+  getBacklinks(vaultPath: string, notePath: string): GraphNode[]
+  searchByTag(vaultPath: string, tag: string): GraphNode[]
+  computeStats(vaultPath: string): { mostConnected: GraphNode[], orphanNotes: GraphNode[] }
+}
+```
+
+### 4. Sync Service (`src/core/sync.ts`)
+
+Provides real-time synchronization via WebSockets.
+
+**Responsibilities:**
+- Manage WebSocket connections
+- Broadcast note changes to subscribed clients
+- Handle sync requests and responses
+
+**Key Classes:**
+- `SyncService` - WebSocket server with event emitter
+
+**Public API:**
+```typescript
+class SyncService extends EventEmitter {
+  start(): void
+  stop(): void
+  broadcastChange(message: SyncMessage): void
+  subscribeToVault(clientId: string, vaultPath: string): boolean
+  unsubscribeFromVault(clientId: string, vaultPath: string): boolean
+  getConnectedClients(): number
+}
+```
+
+### 5. Plugin Host (`src/plugins/host.ts`)
+
+Provides extensibility through a plugin system.
+
+**Responsibilities:**
+- Load and unload plugins
+- Manage plugin commands and hooks
+- Execute hooks on note events
+
+**Key Classes:**
+- `PluginHost` - Plugin lifecycle manager
+
+**Public API:**
+```typescript
+class PluginHost {
+  loadPlugin(plugin: Plugin): Promise<void>
+  unloadPlugin(name: string): Promise<void>
+  registerCommand(command: PluginCommand): void
+  registerHook(hook: string, handler: Function): void
+  executeHook(hook: string, ...args: unknown[]): Promise<unknown[]>
+  getCommand(id: string): PluginCommand | undefined
+  listCommands(): PluginCommand[]
+  listPlugins(): string[]
+}
+```
+
+### 6. MCP Server (`src/mcp/server.ts`)
+
+Model Context Protocol server for AI integration.
+
+**Responsibilities:**
+- Expose tools for vault and note operations
+- Handle MCP protocol requests via stdio
+- Integrate with all core services
+
+**Tools Exposed:**
+- `vault_list`, `vault_open`, `vault_create`
+- `note_create`, `note_read`, `note_update`, `note_delete`, `note_search`
+- `graph_get`, `graph_neighbors`
+
+## Data Flow
+
+### Note Creation Flow
+
+```
+Client -> REST API / MCP Tool
+           |
+           v
+     VaultManager.createNote()
+           |
+           +-> MarkdownParser.parse() (extract links, frontmatter)
+           |
+           v
+     Note stored to filesystem
+           |
+           v
+     GraphEngine.indexNote() (update graph)
+           |
+           v
+     SyncService.broadcastChange() (notify clients)
+```
+
+### Graph Building Flow
+
+```
+Note saved to vault
+       |
+       v
+MarkdownParser.extractLinks() -> wiki links + md links
+       |
+       v
+GraphEngine.indexNote() -> create/update node, create edges
+       |
+       v
+Graph metadata updated (totalNotes, totalLinks)
+```
+
+## API Routes
+
+### REST API (`src/api/routes.ts`)
+
+**Vaults:**
+- `GET /api/vaults` - List all vaults
+- `POST /api/vaults` - Create a vault
+- `GET /api/vaults/:id` - Get vault info
+- `DELETE /api/vaults/:id` - Delete vault (not implemented)
+
+**Notes:**
+- `GET /api/notes?vault=<path>` - List notes in vault
+- `POST /api/notes` - Create a note
+- `GET /api/notes/:path?vault=<path>` - Get note content
+- `PUT /api/notes/:path?vault=<path>` - Update note
+- `DELETE /api/notes/:path?vault=<path>` - Delete note
+
+**Graph:**
+- `GET /api/graph?vault=<path>` - Get full graph
+- `GET /api/graph/neighbors/:path?vault=<path>` - Get note neighbors
+
+## Configuration
+
+Configuration is provided via environment variables or `config.json`:
+
+```typescript
+interface Config {
+  server: {
+    port: number;      // Default: 3000
+    host: string;      // Default: '0.0.0.0'
+  };
+  vaults: {
+    defaultPath: string;  // Default: './vaults'
+    autoOpen: boolean;   // Default: true
+  };
+  sync: {
+    enabled: boolean;     // Default: true
+    port: number;        // Default: 3001
+  };
+  plugins: {
+    enabled: boolean;     // Default: true
+    paths: string[];     // Default: ['./plugins']
+  };
+}
+```
+
+## Error Handling
+
+All layers use consistent error handling:
+
+1. **MCP Server**: Returns error messages in `isError: true` response
+2. **REST API**: Returns appropriate HTTP status codes with JSON error body
+3. **Core Services**: Throw typed errors with descriptive messages
+
+## Extension Points
+
+### Plugin Hooks
+
+Available hooks for plugins:
+
+- `note:pre-save` - Before note is saved (can modify note)
+- `note:post-save` - After note is saved (side effects)
+- `vault:pre-create` - Before vault is created
+- `vault:post-create` - After vault is created
+- `graph:pre-index` - Before note is indexed in graph
+- `graph:post-index` - After note is indexed
+
+### Plugin Commands
+
+Plugins can register commands that can be triggered via API or UI.
+
+## Testing Strategy
+
+Tests are located in `tests/` directory:
+
+- `tests/core/vault.test.ts` - VaultManager tests
+- `tests/core/markdown.test.ts` - MarkdownParser tests
+- `tests/core/graph.test.ts` - GraphEngine tests
+- `tests/core/sync.test.ts` - SyncService tests
+- `tests/plugins/host.test.ts` - PluginHost tests
+
+Coverage threshold: >80% for statements, branches, functions, and lines.
+
+## Docker Deployment
+
+The application can be deployed via Docker:
+
+- **Dockerfile**: Multi-stage build (builder + runner)
+- **docker-compose.yml**: Full stack with MCP server
+
+Volumes:
+- `./vaults` - Persist vault data
+- `./data` - Application data
+
+Ports:
+- 3000: REST API
+- 3001: WebSocket sync
+- 3002: MCP server (in docker-compose)

package/package.json

@@ -0,0 +1,65 @@
+{
+  "name": "opensidian",
+  "version": "1.0.0",
+  "description": "Open-source knowledge management system with MCP server, graph indexing, and real-time sync",
+  "main": "dist/index.js",
+  "type": "module",
+  "bin": {
+    "opensidian-mcp": "./dist/mcp/cli.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsx watch src/index.ts",
+    "start": "node dist/index.js",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "lint": "eslint src --ext .ts",
+    "lint:fix": "eslint src --ext .ts --fix",
+    "typecheck": "tsc --noEmit",
+    "prepare": "husky install"
+  },
+  "keywords": [
+    "knowledge-management",
+    "notes",
+    "markdown",
+    "graph",
+    "mcp",
+    "plugin",
+    "obsidian"
+  ],
+  "author": "OpenSidian Contributors",
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0",
+    "cors": "^2.8.5",
+    "d3": "^7.9.0",
+    "express": "^4.21.0",
+    "front-matter": "^4.0.2",
+    "gray-matter": "^4.0.3",
+    "marked": "^14.1.2",
+    "ws": "^8.18.0",
+    "yaml": "^2.5.0",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/cors": "^2.8.17",
+    "@types/d3": "^7.4.3",
+    "@types/express": "^4.17.21",
+    "@types/node": "^22.5.0",
+    "@types/ws": "^8.5.12",
+    "@vitest/coverage-v8": "^2.1.1",
+    "@typescript-eslint/eslint-plugin": "^8.3.0",
+    "@typescript-eslint/parser": "^8.3.0",
+    "eslint": "^9.11.0",
+    "husky": "^9.1.5",
+    "lint-staged": "^15.2.10",
+    "tsx": "^4.19.1",
+    "typescript": "^5.6.2",
+    "vite": "^5.4.8",
+    "vitest": "^2.1.1"
+  },
+  "engines": {
+    "node": ">=20.0.0"
+  }
+}

package/scripts/fix-gitignore.ps1

@@ -0,0 +1,5 @@
+cd D:\Projetos\opensidian
+git rm -r --cached local\
+git add .gitignore
+git commit -m "chore: ignore local vault files"
+git push

package/scripts/seed-notes.mjs

@@ -0,0 +1,60 @@
+const BASE = 'http://localhost:3000/api';
+
+async function createNote(filename, content) {
+  const res = await fetch(`${BASE}/notes`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ vaultPath: 'local', filename, content }),
+  });
+  const data = await res.json();
+  console.log(`✅ ${filename}:`, data.note?.path || data);
+}
+
+async function main() {
+  await createNote('typescript-dicas', `# Dicas de TypeScript
+
+## Tipos úteis
+- \`Partial<T>\` - deixa todas propriedades opcionais
+- \`Pick<T, K>\` - pega só algumas propriedades
+- \`Omit<T, K>\` - remove propriedades
+
+tags: typescript, programação`);
+
+  await createNote('react-hooks', `# React Hooks Essenciais
+
+## useState
+Estado local em componentes funcionais.
+
+## useEffect
+Efeitos colaterais (API, timers, subscriptions).
+
+## useCallback
+Memoriza funções para evitar re-renders.
+
+tags: react, frontend`);
+
+  await createNote('aprendendo-python', `# Aprendendo Python
+
+Python é ótimo para começar a programar.
+
+## Vantagens
+- Sintaxe limpa e legível
+- Ótimo para automação e scripts
+- Comunidade gigante
+
+tags: python, iniciante`);
+
+  await createNote('arquitetura-limpa', `# Arquitetura Limpa
+
+Princípios para organizar código de forma sustentável.
+
+## Camadas
+1. **Entidades** - regras de negócio
+2. **Casos de uso** - orquestração
+3. **Adaptadores** - ponte entre camadas
+4. **Frameworks** - detalhes externos
+
+tags: arquitetura, boas-praticas`);
+}
+
+main().catch(console.error);

package/src/api/auth.ts

@@ -0,0 +1,130 @@
+import crypto from 'crypto';
+import express, { Request, Response, NextFunction } from 'express';
+
+interface User {
+  id: string;
+  email: string;
+  name: string;
+  passwordHash: string;
+  salt: string;
+  createdAt: string;
+}
+
+const users: User[] = [];
+const JWT_SECRET = process.env.JWT_SECRET || crypto.randomBytes(32).toString('hex');
+
+function hashPassword(password: string, salt: string): string {
+  return crypto.pbkdf2Sync(password, salt, 10000, 64, 'sha256').toString('hex');
+}
+
+function generateSalt(): string {
+  return crypto.randomBytes(16).toString('hex');
+}
+
+function base64UrlEncode(str: string): string {
+  return Buffer.from(str).toString('base64').replace(/=/g, '').replace(/\+/g, '-').replace(/\//g, '_');
+}
+
+function base64UrlDecode(str: string): string {
+  str = str.replace(/-/g, '+').replace(/_/g, '/');
+  while (str.length % 4) str += '=';
+  return Buffer.from(str, 'base64').toString();
+}
+
+function createToken(payload: Record<string, string | number>): string {
+  const header = base64UrlEncode(JSON.stringify({ alg: 'HS256', typ: 'JWT' }));
+  const body = base64UrlEncode(JSON.stringify({ ...payload, iat: Date.now() }));
+  const signature = crypto.createHmac('sha256', JWT_SECRET).update(`${header}.${body}`).digest('base64url');
+  return `${header}.${body}.${signature}`;
+}
+
+function verifyToken(token: string): Record<string, unknown> | null {
+  const parts = token.split('.');
+  if (parts.length !== 3) return null;
+  const signature = crypto.createHmac('sha256', JWT_SECRET).update(`${parts[0]}.${parts[1]}`).digest('base64url');
+  if (signature !== parts[2]) return null;
+  try {
+    return JSON.parse(base64UrlDecode(parts[1]));
+  } catch {
+    return null;
+  }
+}
+
+export function authMiddleware(req: Request, res: Response, next: NextFunction): void {
+  const header = req.headers.authorization;
+  if (!header?.startsWith('Bearer ')) {
+    res.status(401).json({ error: 'Token não fornecido' });
+    return;
+  }
+  const payload = verifyToken(header.slice(7));
+  if (!payload || !payload.userId) {
+    res.status(401).json({ error: 'Token inválido ou expirado' });
+    return;
+  }
+  (req as Request & { user: { userId: string; email: string } }).user = {
+    userId: payload.userId as string,
+    email: payload.email as string,
+  };
+  next();
+}
+
+const router = express.Router();
+
+router.post('/register', (req: Request, res: Response) => {
+  const { email, password, name } = req.body;
+  if (!email || !password || !name) {
+    res.status(400).json({ error: 'email, password e name são obrigatórios' });
+    return;
+  }
+  if (password.length < 6) {
+    res.status(400).json({ error: 'Senha deve ter no mínimo 6 caracteres' });
+    return;
+  }
+  if (users.find(u => u.email === email)) {
+    res.status(409).json({ error: 'Email já cadastrado' });
+    return;
+  }
+  const salt = generateSalt();
+  const user: User = {
+    id: crypto.randomUUID(),
+    email,
+    name,
+    passwordHash: hashPassword(password, salt),
+    salt,
+    createdAt: new Date().toISOString(),
+  };
+  users.push(user);
+  const token = createToken({ userId: user.id, email: user.email });
+  res.status(201).json({ token, user: { id: user.id, email: user.email, name: user.name } });
+});
+
+router.post('/login', (req: Request, res: Response) => {
+  const { email, password } = req.body;
+  if (!email || !password) {
+    res.status(400).json({ error: 'email e password são obrigatórios' });
+    return;
+  }
+  const user = users.find(u => u.email === email);
+  if (!user || user.passwordHash !== hashPassword(password, user.salt)) {
+    res.status(401).json({ error: 'Email ou senha inválidos' });
+    return;
+  }
+  const token = createToken({ userId: user.id, email: user.email });
+  res.json({ token, user: { id: user.id, email: user.email, name: user.name } });
+});
+
+router.get('/me', authMiddleware, (req: Request, res: Response) => {
+  const { userId } = (req as Request & { user: { userId: string; email: string } }).user;
+  const user = users.find(u => u.id === userId);
+  if (!user) {
+    res.status(404).json({ error: 'Usuário não encontrado' });
+    return;
+  }
+  res.json({ user: { id: user.id, email: user.email, name: user.name, createdAt: user.createdAt } });
+});
+
+router.post('/logout', (_req: Request, res: Response) => {
+  res.json({ message: 'Sessão encerrada' });
+});
+
+export default router;