npm - orbitchat - Versions diffs - 3.1.1 → 3.1.2 - Mend

orbitchat 3.1.1 → 3.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/bin/orbitchat.js CHANGED Viewed

@@ -3,11 +3,8 @@
  * ORBIT Chat CLI
  *
  * Serves the chat-app as a standalone application with runtime configuration.
- * Configuration is read from orbitchat.yaml (CWD by default, overridable via --config).
- * Secrets (adapter API keys) come from VITE_ADAPTERS / ORBIT_ADAPTERS env var.
- *
- * The server acts as a proxy to hide API keys from the client by mapping
- * adapter names to actual API keys.
+ * Configuration is read from orbitchat.yaml.
+ * Secrets come from VITE_ADAPTER_KEYS / ORBIT_ADAPTER_KEYS env var.
  */
 import express from 'express';
@@ -23,19 +20,14 @@ import rateLimit from 'express-rate-limit';
 const __filename = fileURLToPath(import.meta.url);
 const __dirname = dirname(__filename);
-// ---- Minimal .env loader (CLI mode) ----
+// ---- Minimal .env loader ----
 function parseDotEnvValue(raw) {
   const trimmed = raw.trim();
   if (!trimmed) return '';
-  if (
-    (trimmed.startsWith('"') && trimmed.endsWith('"')) ||
-    (trimmed.startsWith("'") && trimmed.endsWith("'"))
-  ) {
+  if ((trimmed.startsWith('"') && trimmed.endsWith('"')) || (trimmed.startsWith("'") && trimmed.endsWith("'"))) {
     return trimmed.slice(1, -1);
   }
   return trimmed;
 }
@@ -43,217 +35,106 @@ function loadDotEnvFromFile(filePath) {
   if (!fs.existsSync(filePath)) return;
   const content = fs.readFileSync(filePath, 'utf8');
   const lines = content.split(/\r?\n/);
   for (let i = 0; i < lines.length; i++) {
     const trimmed = lines[i].trim();
     if (!trimmed || trimmed.startsWith('#')) continue;
     const equalsIndex = trimmed.indexOf('=');
     if (equalsIndex <= 0) continue;
     const key = trimmed.slice(0, equalsIndex).trim();
-    if (!key) continue;
     if (process.env[key] !== undefined) continue;
     let valueRaw = trimmed.slice(equalsIndex + 1);
     const startsWithDouble = valueRaw.startsWith('"');
     const startsWithSingle = valueRaw.startsWith("'");
-    // Support simple multiline quoted values, useful for formatted JSON values.
-    if (
-      (startsWithDouble && !valueRaw.endsWith('"')) ||
-      (startsWithSingle && !valueRaw.endsWith("'"))
-    ) {
+    if ((startsWithDouble && !valueRaw.endsWith('"')) || (startsWithSingle && !valueRaw.endsWith("'"))) {
       const quote = startsWithDouble ? '"' : "'";
       while (i + 1 < lines.length) {
         i += 1;
         valueRaw += `\n${lines[i]}`;
-        if (lines[i].trim().endsWith(quote)) {
-          break;
-        }
+        if (lines[i].trim().endsWith(quote)) break;
       }
     }
-    const value = parseDotEnvValue(valueRaw);
-    process.env[key] = value;
+    process.env[key] = parseDotEnvValue(valueRaw);
   }
 }
 function loadDotEnv(baseDir) {
-  // Same precedence idea as Vite: .env then .env.local; do not override exported vars.
-  loadDotEnvFromFile(path.join(baseDir, '.env'));
   loadDotEnvFromFile(path.join(baseDir, '.env.local'));
+  loadDotEnvFromFile(path.join(baseDir, '.env'));
 }
-// ---- Defaults (must match DEFAULTS in src/utils/runtimeConfig.ts) ----
+// ---- Deep Merge ----
+function isObject(item) {
+  return typeof item === 'object' && item !== null && !Array.isArray(item);
+}
+function deepMerge(target, source) {
+  if (!isObject(target) || !isObject(source)) return source;
+  const output = { ...target };
+  Object.keys(source).forEach(key => {
+    if (isObject(target[key]) && isObject(source[key])) {
+      output[key] = deepMerge(target[key], source[key]);
+    } else if (source[key] !== undefined) {
+      output[key] = source[key];
+    }
+  });
+  return output;
+}
+// ---- Defaults ----
 const DEFAULTS = {
-  apiUrl: 'http://localhost:3000',
-  defaultKey: 'default-key',
-  applicationName: 'ORBIT Chat',
-  applicationDescription: "Explore ideas with ORBIT's AI copilots, share context, and build together.",
-  defaultInputPlaceholder: 'Message ORBIT...',
-  consoleDebug: false,
-  locale: 'en-US',
-  enableUploadButton: false,
-  enableAudioOutput: false,
-  enableAudioInput: false,
-  enableFeedbackButtons: false,
-  enableConversationThreads: true,
-  enableAutocomplete: false,
-  voiceSilenceTimeoutMs: 4000,
-  voiceRecognitionLanguage: '',
-  showGitHubStats: true,
+  application: {
+    name: 'ORBIT Chat',
+    description: "Explore ideas with ORBIT's AI copilots, share context, and build together.",
+    inputPlaceholder: 'Message ORBIT...',
+    settingsAboutMsg: 'ORBIT Chat',
+    locale: 'en-US',
+  },
+  debug: {
+    consoleDebug: false,
+  },
+  features: {
+    enableUpload: false,
+    enableAudioOutput: false,
+    enableAudioInput: false,
+    enableFeedbackButtons: false,
+    enableConversationThreads: true,
+    enableAutocomplete: false,
+  },
+  voice: {
+    silenceTimeoutMs: 4000,
+    recognitionLanguage: '',
+  },
+  github: {
+    showStats: true,
+    owner: 'schmitech',
+    repo: 'orbit',
+  },
   outOfServiceMessage: null,
-  githubOwner: 'schmitech',
-  githubRepo: 'orbit',
-  maxFilesPerConversation: 5,
-  maxFileSizeMB: 50,
-  maxTotalFiles: 100,
-  maxConversations: 10,
-  maxMessagesPerConversation: 1000,
-  maxMessagesPerThread: 1000,
-  maxTotalMessages: 10000,
-  maxMessageLength: 1000,
-  guestMaxConversations: 1,
-  guestMaxMessagesPerConversation: 10,
-  guestMaxTotalMessages: 10,
-  guestMaxMessagesPerThread: 10,
-  guestMaxFilesPerConversation: 1,
-  guestMaxTotalFiles: 2,
-  guestMaxMessageLength: 500,
-  guestMaxFileSizeMB: 10,
-  settingsAboutMsg: 'ORBIT Chat',
-  enableAuth: false,
-  authDomain: '',
-  authClientId: '',
-  authAudience: '',
-  enableHeader: false,
-  headerLogoUrl: '',
-  headerBrandName: '',
-  headerBgColor: '',
-  headerTextColor: '',
-  headerNavLinks: [],
-  enableFooter: false,
-  footerText: '',
-  footerBgColor: '',
-  footerTextColor: '',
-  footerNavLinks: [],
+  limits: {
+    files: { perConversation: 5, maxSizeMB: 50, totalFiles: 100 },
+    conversations: { maxConversations: 10, messagesPerConversation: 1000, messagesPerThread: 1000, totalMessages: 10000 },
+    messages: { maxLength: 1000 },
+  },
+  guestLimits: {
+    files: { perConversation: 1, maxSizeMB: 10, totalFiles: 2 },
+    conversations: { maxConversations: 1, messagesPerConversation: 10, messagesPerThread: 10, totalMessages: 10 },
+    messages: { maxLength: 500 },
+  },
+  auth: { enabled: false, domain: '', clientId: '', audience: '' },
+  header: { enabled: false, logoUrl: '', logoUrlLight: '', logoUrlDark: '', brandName: '', bgColor: '', textColor: '', showBorder: true, navLinks: [] },
+  footer: { enabled: false, text: '', bgColor: '', textColor: '', showBorder: false, layout: 'stacked', align: 'center', topPadding: 'large', navLinks: [] },
+  adapters: [],
 };
 // ---- YAML config loading ----
-function flattenYamlConfig(y) {
-  const f = {};
-  if (y.application) {
-    const a = y.application;
-    if (a.name !== undefined) f.applicationName = a.name;
-    if (a.description !== undefined) f.applicationDescription = a.description;
-    if (a.inputPlaceholder !== undefined) f.defaultInputPlaceholder = a.inputPlaceholder;
-    if (a.settingsAboutMsg !== undefined) f.settingsAboutMsg = a.settingsAboutMsg;
-    if (a.locale !== undefined) f.locale = a.locale;
-  }
-  if (y.api) {
-    if (y.api.url !== undefined) f.apiUrl = y.api.url;
-    if (y.api.defaultAdapter !== undefined) f.defaultKey = y.api.defaultAdapter;
-  }
-  if (y.debug) {
-    if (y.debug.consoleDebug !== undefined) f.consoleDebug = y.debug.consoleDebug;
-  }
-  if (y.features) {
-    const fe = y.features;
-    if (fe.enableUpload !== undefined) f.enableUploadButton = fe.enableUpload;
-    if (fe.enableAudioOutput !== undefined) f.enableAudioOutput = fe.enableAudioOutput;
-    if (fe.enableAudioInput !== undefined) f.enableAudioInput = fe.enableAudioInput;
-    if (fe.enableFeedbackButtons !== undefined) f.enableFeedbackButtons = fe.enableFeedbackButtons;
-    if (fe.enableConversationThreads !== undefined) f.enableConversationThreads = fe.enableConversationThreads;
-    if (fe.enableAutocomplete !== undefined) f.enableAutocomplete = fe.enableAutocomplete;
-  }
-  if (y.voice) {
-    if (y.voice.silenceTimeoutMs !== undefined) f.voiceSilenceTimeoutMs = y.voice.silenceTimeoutMs;
-    if (y.voice.recognitionLanguage !== undefined) f.voiceRecognitionLanguage = y.voice.recognitionLanguage;
-  }
-  if (y.github) {
-    if (y.github.showStats !== undefined) f.showGitHubStats = y.github.showStats;
-    if (y.github.owner !== undefined) f.githubOwner = y.github.owner;
-    if (y.github.repo !== undefined) f.githubRepo = y.github.repo;
-  }
-  if (y.outOfServiceMessage !== undefined) f.outOfServiceMessage = y.outOfServiceMessage;
-  if (y.limits) {
-    const l = y.limits;
-    if (l.files) {
-      if (l.files.perConversation !== undefined) f.maxFilesPerConversation = l.files.perConversation;
-      if (l.files.maxSizeMB !== undefined) f.maxFileSizeMB = l.files.maxSizeMB;
-      if (l.files.totalFiles !== undefined) f.maxTotalFiles = l.files.totalFiles;
-    }
-    if (l.conversations) {
-      if (l.conversations.maxConversations !== undefined) f.maxConversations = l.conversations.maxConversations;
-      if (l.conversations.messagesPerConversation !== undefined) f.maxMessagesPerConversation = l.conversations.messagesPerConversation;
-      if (l.conversations.messagesPerThread !== undefined) f.maxMessagesPerThread = l.conversations.messagesPerThread;
-      if (l.conversations.totalMessages !== undefined) f.maxTotalMessages = l.conversations.totalMessages;
-    }
-    if (l.messages) {
-      if (l.messages.maxLength !== undefined) f.maxMessageLength = l.messages.maxLength;
-    }
-  }
-  if (y.guestLimits) {
-    const g = y.guestLimits;
-    if (g.files) {
-      if (g.files.perConversation !== undefined) f.guestMaxFilesPerConversation = g.files.perConversation;
-      if (g.files.maxSizeMB !== undefined) f.guestMaxFileSizeMB = g.files.maxSizeMB;
-      if (g.files.totalFiles !== undefined) f.guestMaxTotalFiles = g.files.totalFiles;
-    }
-    if (g.conversations) {
-      if (g.conversations.maxConversations !== undefined) f.guestMaxConversations = g.conversations.maxConversations;
-      if (g.conversations.messagesPerConversation !== undefined) f.guestMaxMessagesPerConversation = g.conversations.messagesPerConversation;
-      if (g.conversations.messagesPerThread !== undefined) f.guestMaxMessagesPerThread = g.conversations.messagesPerThread;
-      if (g.conversations.totalMessages !== undefined) f.guestMaxTotalMessages = g.conversations.totalMessages;
-    }
-    if (g.messages) {
-      if (g.messages.maxLength !== undefined) f.guestMaxMessageLength = g.messages.maxLength;
-    }
-  }
-  if (y.auth) {
-    if (y.auth.enabled !== undefined) f.enableAuth = y.auth.enabled;
-  }
-  if (y.header) {
-    const h = y.header;
-    if (h.enabled !== undefined) f.enableHeader = h.enabled;
-    if (h.logoUrl !== undefined) f.headerLogoUrl = h.logoUrl;
-    if (h.brandName !== undefined) f.headerBrandName = h.brandName;
-    if (h.bgColor !== undefined) f.headerBgColor = h.bgColor;
-    if (h.textColor !== undefined) f.headerTextColor = h.textColor;
-    if (h.navLinks !== undefined) f.headerNavLinks = h.navLinks;
-  }
-  if (y.footer) {
-    const ft = y.footer;
-    if (ft.enabled !== undefined) f.enableFooter = ft.enabled;
-    if (ft.text !== undefined) f.footerText = ft.text;
-    if (ft.bgColor !== undefined) f.footerBgColor = ft.bgColor;
-    if (ft.textColor !== undefined) f.footerTextColor = ft.textColor;
-    if (ft.navLinks !== undefined) f.footerNavLinks = ft.navLinks;
-  }
-  // Adapters from YAML: include metadata (name, description, notes, apiUrl) but NOT apiKey
-  if (y.adapters !== undefined) {
-    f.adapters = y.adapters.map(a => ({
-      name: a.name,
-      ...(a.apiUrl ? { apiUrl: a.apiUrl } : {}),
-      ...(a.description ? { description: a.description } : {}),
-      ...(a.notes ? { notes: a.notes } : {}),
-    }));
-  }
-  return f;
-}
 function loadYamlConfig(configPath) {
   try {
     if (fs.existsSync(configPath)) {
       const content = fs.readFileSync(configPath, 'utf8');
-      const parsed = yaml.load(content);
-      if (parsed && typeof parsed === 'object') {
-        return parsed;
-      }
+      return yaml.load(content);
     }
   } catch (error) {
     console.error(`Error: Failed to parse ${configPath}: ${error.message}`);
@@ -262,245 +143,100 @@ function loadYamlConfig(configPath) {
   return null;
 }
-// ---- Local asset handling (e.g. header logo file paths) ----
-function isUrlLike(value) {
-  return /^[a-zA-Z][a-zA-Z\d+\-.]*:/.test(value) || value.startsWith('//');
-}
+// ---- Local asset handling ----
 function resolveLocalAssetPath(rawValue, yamlPath) {
   if (!rawValue || typeof rawValue !== 'string') return null;
   const value = rawValue.trim();
-  if (!value || isUrlLike(value)) return null;
-  const expandedValue = value.startsWith('~/')
-    ? path.join(process.env.HOME || '', value.slice(2))
-    : value;
+  if (!value || /^[a-zA-Z][a-zA-Z\d+\-.]*:/.test(value) || value.startsWith('//')) return null;
+  const expandedValue = value.startsWith('~/') ? path.join(process.env.HOME || '', value.slice(2)) : value;
   const yamlDir = path.dirname(yamlPath);
-  const candidates = path.isAbsolute(expandedValue)
-    ? [expandedValue]
-    : [path.resolve(yamlDir, expandedValue), path.resolve(process.cwd(), expandedValue)];
+  const candidates = path.isAbsolute(expandedValue) ? [expandedValue] : [path.resolve(yamlDir, expandedValue), path.resolve(process.cwd(), expandedValue)];
   for (const candidate of candidates) {
     try {
-      if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) {
-        return fs.realpathSync(candidate);
-      }
-    } catch {
-      // ignore invalid candidate and continue
-    }
+      if (fs.existsSync(candidate) && fs.statSync(candidate).isFile()) return fs.realpathSync(candidate);
+    } catch { /* ignore */ }
   }
   return null;
 }
 // ---- Adapter loading (env secrets + YAML metadata) ----
-function parseAdaptersFromEnv() {
-  const envValue = process.env.ORBIT_ADAPTERS || process.env.VITE_ADAPTERS;
-  if (!envValue) return [];
-  try {
-    const parsed = JSON.parse(envValue);
-    if (!Array.isArray(parsed)) {
-      console.warn('Warning: ORBIT_ADAPTERS/VITE_ADAPTERS must be a JSON array');
-      return [];
-    }
-    return parsed.filter(a => a.name).map(a => ({
-      name: a.name,
-      apiKey: a.apiKey || DEFAULTS.defaultKey,
-      apiUrl: a.apiUrl || DEFAULTS.apiUrl,
-      description: a.description || a.summary,
-      notes: a.notes,
-    }));
-  } catch (error) {
-    console.warn('Warning: Could not parse ORBIT_ADAPTERS/VITE_ADAPTERS:', error.message);
-    return [];
-  }
-}
-function loadAdaptersConfig() {
-  const adapterList = parseAdaptersFromEnv();
-  if (adapterList.length === 0) return null;
+function loadAdaptersForProxy(yamlAdapters) {
   const adapters = {};
-  for (const adapter of adapterList) {
-    adapters[adapter.name] = {
-      apiKey: adapter.apiKey || DEFAULTS.defaultKey,
-      apiUrl: adapter.apiUrl || DEFAULTS.apiUrl,
-      description: adapter.description,
-      notes: adapter.notes,
-    };
+  const fallbackApiUrl = 'http://localhost:3000';
+  if (Array.isArray(yamlAdapters)) {
+    for (const ya of yamlAdapters) {
+      if (!ya.name) continue;
+      adapters[ya.name] = {
+        apiKey: '',
+        apiUrl: ya.apiUrl || fallbackApiUrl,
+        description: ya.description,
+        notes: ya.notes,
+        model: ya.model
+      };
+    }
   }
-  return Object.keys(adapters).length > 0 ? adapters : null;
-}
-function getDefaultAdapterFromEnv() {
-  const adapterList = parseAdaptersFromEnv();
-  return adapterList.length > 0 ? adapterList[0].name : null;
-}
-// ---- CLI arg parsing (server flags only) ----
-function parseArgs() {
-  const args = process.argv.slice(2);
-  const serverConfig = {
-    port: 5173,
-    host: 'localhost',
-    open: false,
-    configFile: null,
-    apiOnly: false,
-    corsOrigin: undefined,
-  };
-  for (let i = 0; i < args.length; i++) {
-    const arg = args[i];
-    switch (arg) {
-      case '--port':
-        serverConfig.port = parseInt(args[++i], 10);
-        break;
-      case '--host':
-        serverConfig.host = args[++i];
-        break;
-      case '--open':
-        serverConfig.open = true;
-        break;
-      case '--config':
-        serverConfig.configFile = args[++i];
-        break;
-      case '--api-only':
-        serverConfig.apiOnly = true;
-        break;
-      case '--cors-origin':
-        serverConfig.corsOrigin = args[++i];
-        break;
-      case '--help':
-      case '-h':
-      case '--version':
-      case '-v':
-        break;
-      default:
-        if (arg.startsWith('--')) {
-          console.error(`Unknown option: ${arg}`);
-          console.error('Use --help for usage information');
-          process.exit(1);
+  const envKeysRaw = process.env.VITE_ADAPTER_KEYS || process.env.ORBIT_ADAPTER_KEYS;
+  if (envKeysRaw) {
+    try {
+      const keys = JSON.parse(envKeysRaw);
+      for (const [name, value] of Object.entries(keys)) {
+        const isObjectValue = typeof value === 'object' && value !== null;
+        const apiKey = isObjectValue
+          ? String(value.apiKey || value.key || '')
+          : String(value);
+        const apiUrl = isObjectValue && value.apiUrl ? String(value.apiUrl) : undefined;
+        const description = isObjectValue && value.description ? String(value.description) : undefined;
+        const notes = isObjectValue && value.notes ? String(value.notes) : undefined;
+        const model = isObjectValue && value.model ? String(value.model) : undefined;
+        if (!adapters[name]) {
+          adapters[name] = {
+            apiKey,
+            apiUrl: apiUrl || fallbackApiUrl,
+            description,
+            notes,
+            model
+          };
+        } else {
+          adapters[name].apiKey = apiKey;
+          if (apiUrl) adapters[name].apiUrl = apiUrl;
+          if (description !== undefined) adapters[name].description = description;
+          if (notes !== undefined) adapters[name].notes = notes;
+          if (model !== undefined) adapters[name].model = model;
         }
-    }
+      }
+    } catch { /* ignore */ }
   }
-  return serverConfig;
-}
-// ---- HTML injection ----
-function injectConfig(html, config) {
-  const configScript = `<script>window.ORBIT_CHAT_CONFIG = ${JSON.stringify(config)};</script>`;
-  // Remove the placeholder script tag
-  html = html.replace(
-    /<script id="orbit-chat-config" type="application\/json">[\s\S]*?<\/script>/,
-    '<!-- Config injected in head -->'
-  );
-  // Replace the title tag with the configured application name
-  if (config.applicationName) {
-    html = html.replace(
-      /<title>.*?<\/title>/i,
-      `<title>${config.applicationName}</title>`
-    );
-    html = html.replace(
-      /<meta name="apple-mobile-web-app-title" content="[^"]*" \/>/i,
-      `<meta name="apple-mobile-web-app-title" content="${config.applicationName}" />`
-    );
+  const finalAdapters = {};
+  for (const [name, config] of Object.entries(adapters)) {
+    if (config.apiKey) finalAdapters[name] = config;
   }
-  // Inject the config script at the START of <head>
-  return html.replace(
-    /<head>/i,
-    '<head>\n    ' + configScript
-  );
-}
-// ---- Rate limiting ----
-function createRateLimiters(rateLimitConfig) {
-  if (!rateLimitConfig || rateLimitConfig.enabled === false) return null;
-  const windowMs = rateLimitConfig.windowMs || 60000;
-  const maxRequests = rateLimitConfig.maxRequests || 30;
-  const chatWindowMs = rateLimitConfig.chat?.windowMs || 60000;
-  const chatMaxRequests = rateLimitConfig.chat?.maxRequests || 10;
-  const keyGenerator = (req) =>
-    req.ip || req.headers['x-forwarded-for'] || 'unknown';
-  const api = rateLimit({
-    windowMs,
-    max: maxRequests,
-    keyGenerator,
-    standardHeaders: 'draft-7',
-    legacyHeaders: false,
-    validate: { default: true, keyGeneratorIpFallback: false },
-    skip: (req) => req.method === 'OPTIONS' || req.path === '/adapters',
-    handler: (req, res) => {
-      const retryAfterMs = res.getHeader('RateLimit-Reset')
-        ? Number(res.getHeader('RateLimit-Reset')) * 1000
-        : windowMs;
-      res.status(429).json({
-        error: 'Too many requests',
-        message: `Rate limit exceeded. Try again in ${Math.ceil(retryAfterMs / 1000)} seconds.`,
-        retryAfterMs,
-      });
-    },
-  });
-  const chat = rateLimit({
-    windowMs: chatWindowMs,
-    max: chatMaxRequests,
-    keyGenerator,
-    standardHeaders: 'draft-7',
-    legacyHeaders: false,
-    validate: { default: true, keyGeneratorIpFallback: false },
-    handler: (req, res) => {
-      const retryAfterMs = res.getHeader('RateLimit-Reset')
-        ? Number(res.getHeader('RateLimit-Reset')) * 1000
-        : chatWindowMs;
-      res.status(429).json({
-        error: 'Too many requests',
-        message: `Chat rate limit exceeded. Try again in ${Math.ceil(retryAfterMs / 1000)} seconds.`,
-        retryAfterMs,
-      });
-    },
-  });
-  return { api, chat };
+  if (Object.keys(finalAdapters).length > 0) {
+    console.debug(`Loaded ${Object.keys(finalAdapters).length} adapters with API keys from environment.`);
+  }
+  return Object.keys(finalAdapters).length > 0 ? finalAdapters : null;
 }
 // ---- Express server ----
 function createServer(distPath, config, serverConfig = {}) {
   const app = express();
-  const adapters = loadAdaptersConfig();
+  const adapters = loadAdaptersForProxy(config.adapters);
   const apiOnly = serverConfig.apiOnly || false;
   const localAssets = serverConfig.localAssets || {};
-  const yamlAdapterMetadata = new Map(
-    Array.isArray(config.adapters)
-      ? config.adapters.filter(a => a && a.name).map(a => [a.name, a])
-      : []
-  );
   if (apiOnly) {
     const allowedOrigin = serverConfig.corsOrigin || '*';
     app.use((req, res, next) => {
       res.setHeader('Access-Control-Allow-Origin', allowedOrigin);
       res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
-      res.setHeader('Access-Control-Allow-Headers', 'Content-Type, X-API-Key, X-Session-ID, X-Thread-ID, X-Adapter-Name, Accept');
-      res.setHeader('Access-Control-Expose-Headers', 'Content-Type');
-      if (req.method === 'OPTIONS') {
-        return res.sendStatus(204);
-      }
+      res.setHeader('Access-Control-Allow-Headers', 'Content-Type, X-API-Key, X-Session-ID, X-Thread-ID, X-Adapter-Name, Accept, Authorization');
+      if (req.method === 'OPTIONS') return res.sendStatus(204);
       next();
     });
   }
@@ -508,144 +244,59 @@ function createServer(distPath, config, serverConfig = {}) {
   if (Object.keys(localAssets).length > 0) {
     app.get('/__orbitchat_assets/:assetId', (req, res) => {
       const assetPath = localAssets[req.params.assetId];
-      if (!assetPath) {
-        return res.status(404).send('Asset not found');
-      }
-      if (!fs.existsSync(assetPath)) {
-        return res.status(404).send('Asset not found');
-      }
+      if (!assetPath || !fs.existsSync(assetPath)) return res.status(404).send('Asset not found');
       res.setHeader('Cache-Control', 'public, max-age=300');
-      res.sendFile(assetPath, (error) => {
-        if (error && !res.headersSent) {
-          res.status(500).send('Failed to serve asset');
-        }
-      });
+      res.sendFile(assetPath);
     });
   }
-  // Guest rate limiting — after CORS, before proxy. Skips authenticated requests.
-  const limiters = createRateLimiters(serverConfig.rateLimit);
-  if (limiters) {
-    app.use('/api', (req, res, next) => {
-      if (req.headers.authorization) return next();
-      limiters.api(req, res, next);
+  // Guest rate limiting
+  if (serverConfig.rateLimit?.enabled !== false) {
+    const rl = serverConfig.rateLimit || {};
+    const apiLimiter = rateLimit({
+      windowMs: rl.windowMs || 60000, max: rl.maxRequests || 30,
+      skip: (req) => req.method === 'OPTIONS' || req.path === '/adapters',
+      handler: (req, res) => res.status(429).json({ error: 'Too many requests' }),
+    });
+    const chatLimiter = rateLimit({
+      windowMs: rl.chat?.windowMs || 60000, max: rl.chat?.maxRequests || 10,
+      handler: (req, res) => res.status(429).json({ error: 'Chat rate limit exceeded' }),
     });
+    app.use('/api', (req, res, next) => { if (req.headers.authorization) return next(); apiLimiter(req, res, next); });
     app.use('/api', (req, res, next) => {
       if (req.headers.authorization) return next();
-      if (req.method === 'POST' && (/\/chat/i.test(req.path) || /\/stream/i.test(req.path))) {
-        return limiters.chat(req, res, next);
-      }
+      if (req.method === 'POST' && (/\/chat/i.test(req.path) || /\/stream/i.test(req.path))) return chatLimiter(req, res, next);
       next();
     });
   }
-  // API proxy endpoints - MUST be before body parsers
   if (adapters) {
-    // Merge adapter metadata from YAML so UI labels/notes are consistent with dev mode.
-    for (const [adapterName, adapter] of Object.entries(adapters)) {
-      const metadata = yamlAdapterMetadata.get(adapterName);
-      if (!metadata) continue;
-      if (!adapter.description && metadata.description) {
-        adapter.description = metadata.description;
-      }
-      if (!adapter.notes && metadata.notes) {
-        adapter.notes = metadata.notes;
-      }
-      if (!adapter.apiUrl && metadata.apiUrl) {
-        adapter.apiUrl = metadata.apiUrl;
-      }
-    }
-    const proxyInstances = {};
-    for (const [adapterName, adapter] of Object.entries(adapters)) {
-      if (!adapter.apiKey || !adapter.apiUrl) {
-        console.warn(`[Proxy] Skipping adapter '${adapterName}': missing apiKey or apiUrl`);
-        continue;
-      }
-      proxyInstances[adapterName] = createProxyMiddleware({
-        target: adapter.apiUrl,
-        changeOrigin: true,
-        pathRewrite: (path) => {
-          if (path.startsWith('/files') || path.startsWith('/threads')) {
-            return '/api' + path;
-          }
-          return path;
-        },
-        headers: {
-          'X-API-Key': adapter.apiKey,
-        },
-        selfHandleResponse: false,
-        onProxyReq: (proxyReq, req) => {
-          proxyReq.removeHeader('x-adapter-name');
-          proxyReq.setHeader('X-API-Key', adapter.apiKey);
-          const headersToPreserve = ['content-type', 'x-session-id', 'x-thread-id', 'accept', 'content-length', 'authorization'];
-          headersToPreserve.forEach(header => {
-            const value = req.headers[header];
-            if (value) {
-              proxyReq.setHeader(header, value);
-            }
-          });
-          Object.keys(req.headers).forEach(key => {
-            const lowerKey = key.toLowerCase();
-            if (!['x-adapter-name', 'host', 'connection', 'transfer-encoding'].includes(lowerKey)) {
-              const value = req.headers[key];
-              if (value && !headersToPreserve.includes(lowerKey)) {
-                proxyReq.setHeader(key, value);
-              }
-            }
-          });
-        },
-        onProxyRes: (proxyRes, req, res) => {
-          proxyRes.headers['access-control-allow-origin'] = '*';
-          proxyRes.headers['access-control-allow-methods'] = 'GET, POST, PUT, DELETE, OPTIONS';
-          proxyRes.headers['access-control-allow-headers'] = 'Content-Type, X-API-Key, X-Session-ID, X-Thread-ID, X-Adapter-Name';
-          const contentType = proxyRes.headers['content-type'] || '';
-          if (contentType.includes('text/event-stream')) {
-            proxyRes.headers['cache-control'] = 'no-cache';
-            proxyRes.headers['x-accel-buffering'] = 'no';
-            if (res.flushHeaders) {
-              res.flushHeaders();
-            }
-          }
-        },
-        onError: (err, req, res) => {
-          console.error('Proxy error:', err);
-          if (!res.headersSent) {
-            res.status(500).json({ error: 'Proxy error', message: err.message });
-          }
-        },
-        ws: false,
-        logLevel: 'silent',
-      });
-    }
-    // Fetch model info from ORBIT backend for each adapter (lazy, short-lived cache).
+    // Lazy model hydration for adapter cards (mirrors vite dev behavior).
     let modelsLastFetchedAt = 0;
     let modelsFetchInFlight = null;
     const MODELS_CACHE_TTL_MS = 30000;
-    async function fetchAdapterModels(force = false) {
+    async function fetchAdapterModels(adapterMap, force = false) {
       const now = Date.now();
       if (!force && (now - modelsLastFetchedAt) < MODELS_CACHE_TTL_MS) return;
       if (modelsFetchInFlight) return modelsFetchInFlight;
       modelsFetchInFlight = (async () => {
-        const fetches = Object.entries(adapters).map(async ([, adapter]) => {
-        if (!adapter.apiUrl || !adapter.apiKey) return;
-        try {
-          const url = `${adapter.apiUrl.replace(/\/+$/, '')}/admin/adapters/info`;
-          const resp = await fetch(url, {
-            headers: { 'X-API-Key': adapter.apiKey },
-            signal: AbortSignal.timeout(5000),
-          });
-          if (resp.ok) {
-            const info = await resp.json();
-            const model = typeof info?.model === 'string' ? info.model.trim() : '';
-            adapter.model = model || null;
+        const fetches = Object.entries(adapterMap).map(async ([, adapter]) => {
+          if (!adapter.apiUrl || !adapter.apiKey) return;
+          try {
+            const url = `${String(adapter.apiUrl).replace(/\/+$/, '')}/admin/adapters/info`;
+            const resp = await fetch(url, {
+              headers: { 'X-API-Key': adapter.apiKey },
+              signal: AbortSignal.timeout(5000),
+            });
+            if (resp.ok) {
+              const info = await resp.json();
+              adapter.model = typeof info?.model === 'string' ? info.model.trim() || undefined : undefined;
+            }
+          } catch {
+            // Best-effort only; cards can render without model metadata.
           }
-        } catch {
-          // Silently ignore — model will be omitted
-        }
         });
         await Promise.all(fetches);
         modelsLastFetchedAt = Date.now();
@@ -656,256 +307,134 @@ function createServer(distPath, config, serverConfig = {}) {
       return modelsFetchInFlight;
     }
-    app.get('/api/adapters', async (req, res) => {
-      const cacheControl = typeof req.headers['cache-control'] === 'string' ? req.headers['cache-control'] : '';
-      const forceRefresh = req.query?.refresh === '1' || cacheControl.includes('no-cache');
-      await fetchAdapterModels(forceRefresh);
-      const adapterList = Object.keys(adapters).map(name => ({
+    const buildAdapterList = (adapterMap) =>
+      Object.keys(adapterMap).map(name => ({
         name,
-        description: adapters[name]?.description,
-        notes: adapters[name]?.notes,
-        model: adapters[name]?.model || null,
+        description: adapterMap[name].description,
+        notes: adapterMap[name].notes,
+        model: adapterMap[name].model || null
       }));
-      res.setHeader('Cache-Control', 'no-store');
-      res.json({ adapters: adapterList });
-    });
-    app.use('/api', (req, res, next) => {
-      if (req.path === '/adapters') {
-        return next('route');
-      }
-      const adapterName = req.headers['x-adapter-name'];
+    app.get('/api/adapters', (req, res) => {
+      const cacheControlHeader = typeof req.headers['cache-control'] === 'string' ? req.headers['cache-control'] : '';
+      const forceRefresh = req.url?.includes('refresh=1') || cacheControlHeader.includes('no-cache');
-      if (!adapterName) {
-        return res.status(400).json({ error: 'X-Adapter-Name header is required' });
-      }
+      fetchAdapterModels(adapters, forceRefresh).then(() => {
+        res.setHeader('Cache-Control', 'no-store');
+        res.json({ adapters: buildAdapterList(adapters) });
+      }).catch(() => {
+        res.setHeader('Cache-Control', 'no-store');
+        res.json({ adapters: buildAdapterList(adapters) });
+      });
+    });
-      const proxy = proxyInstances[adapterName];
-      if (!proxy) {
-        console.error(`[Proxy] Adapter '${adapterName}' not found. Available: ${Object.keys(proxyInstances).join(', ')}`);
-        return res.status(404).json({ error: `Adapter '${adapterName}' not found` });
-      }
+    const dynamicProxy = createProxyMiddleware({
+      target: 'http://localhost:3000', // Default fallback
+      router: (req) => {
+        const adapterName = req.headers['x-adapter-name'];
+        return adapters[adapterName]?.apiUrl;
+      },
+      changeOrigin: true,
+      pathRewrite: (p) => p.startsWith('/files') || p.startsWith('/threads') ? '/api' + p : p,
+      on: {
+        proxyReq: (proxyReq, reqIncoming) => {
+          const adapterName = reqIncoming.headers['x-adapter-name'];
+          const adapter = adapters[adapterName];
+          if (adapter) {
+            proxyReq.setHeader('X-API-Key', adapter.apiKey);
+          }
+          proxyReq.removeHeader('x-adapter-name');
+          ['content-type', 'x-session-id', 'x-thread-id', 'accept', 'content-length', 'authorization'].forEach(h => {
+            if (reqIncoming.headers[h]) proxyReq.setHeader(h, reqIncoming.headers[h]);
+          });
+        },
+        error: (err, _req, resProxy) => {
+          console.error('[Proxy] Proxy error:', err);
+          if (!resProxy.headersSent) {
+            resProxy.status(500).json({ error: 'Proxy error', message: err.message });
+          }
+        }
+      },
+      logLevel: 'silent',
+    });
-      proxy(req, res, next);
+    app.use('/api', (req, res, next) => {
+      if (req.path === '/adapters') return next('route');
+      const adapterName = req.headers['x-adapter-name'];
+      if (!adapterName) return res.status(400).json({ error: 'X-Adapter-Name header is required' });
+      if (!adapters[adapterName]) return res.status(404).json({ error: `Adapter '${adapterName}' not found` });
+      dynamicProxy(req, res, next);
     });
   }
   app.use(express.json());
-  app.use(express.urlencoded({ extended: true }));
   if (!apiOnly && distPath) {
-    app.get(['/', '/index.html'], (req, res) => {
-      try {
-        const indexPath = path.join(distPath, 'index.html');
-        let content = fs.readFileSync(indexPath, 'utf8');
-        content = injectConfig(content, config);
-        res.setHeader('Content-Type', 'text/html');
-        res.send(content);
-      } catch (error) {
-        console.error('Error serving index.html:', error);
-        res.status(500).send('Internal Server Error');
-      }
-    });
     app.use(express.static(distPath, { index: false }));
-    app.get('/{*splat}', (req, res, next) => {
-      if (req.path.startsWith('/api/')) {
-        return next();
-      }
-      if (path.extname(req.path)) {
-        return res.status(404).send('Not Found');
-      }
-      try {
-        const indexPath = path.join(distPath, 'index.html');
-        let content = fs.readFileSync(indexPath, 'utf8');
-        content = injectConfig(content, config);
-        res.setHeader('Content-Type', 'text/html');
-        res.send(content);
-      } catch (error) {
-        console.error('Error serving index.html:', error);
-        res.status(500).send('Internal Server Error');
-      }
+    app.get(/(.*)/, (req, res) => {
+      if (req.path.startsWith('/api/')) return res.status(404).json({ error: 'Not found' });
+      const indexPath = path.join(distPath, 'index.html');
+      let content = fs.readFileSync(indexPath, 'utf8');
+      content = content.replace(/<script id="orbit-chat-config" type="application\/json">[\s\S]*?<\/script>/, '<!-- Config injected -->');
+      const configScript = `<script>window.ORBIT_CHAT_CONFIG = ${JSON.stringify(config)};</script>`;
+      content = content.replace(/<head>/i, '<head>\n    ' + configScript);
+      if (config.application?.name) content = content.replace(/<title>.*?<\/title>/i, `<title>${config.application.name}</title>`);
+      res.setHeader('Content-Type', 'text/html');
+      res.send(content);
     });
   }
   return app;
 }
-// ---- Utilities ----
-function openBrowser(url) {
-  const platform = process.platform;
-  let command;
-  if (platform === 'darwin') command = `open "${url}"`;
-  else if (platform === 'linux') command = `xdg-open "${url}"`;
-  else if (platform === 'win32') command = `start "${url}"`;
-  else return;
-  try { execSync(command, { stdio: 'ignore' }); } catch { /* ignore */ }
-}
-function getVersion() {
-  try {
-    const packagePath = path.join(__dirname, '..', 'package.json');
-    const packageContent = fs.readFileSync(packagePath, 'utf8');
-    return JSON.parse(packageContent).version || 'unknown';
-  } catch { return 'unknown'; }
-}
-function printHelp() {
-  console.log(`
-ORBIT Chat CLI
-Usage: orbitchat [options]
-All application settings are configured in orbitchat.yaml (see orbitchat.yaml.example).
-Secrets (adapter API keys) go in VITE_ADAPTERS / ORBIT_ADAPTERS env var.
-Options:
-  --port PORT        Server port (default: 5173)
-  --host HOST        Server host (default: localhost)
-  --open             Open browser automatically
-  --config PATH      Path to orbitchat.yaml (default: ./orbitchat.yaml)
-  --api-only         Run API proxy only (no UI serving)
-  --cors-origin URL  Allowed CORS origin in api-only mode (default: *)
-  --help, -h         Show this help message
-  --version, -v      Show version number
-Environment Variables:
-  ORBIT_ADAPTERS or VITE_ADAPTERS   JSON array of adapter configurations (secrets)
-    Example: '[{"name":"Chat","apiKey":"key1","apiUrl":"https://api.example.com"}]'
-Examples:
-  orbitchat --port 8080
-  orbitchat --config /path/to/orbitchat.yaml --open
-  orbitchat --api-only --cors-origin http://localhost:3001
-`);
-}
 // ---- Main ----
 function main() {
-  if (process.argv.includes('--version') || process.argv.includes('-v')) {
-    console.log(getVersion());
-    return;
-  }
-  if (process.argv.includes('--help') || process.argv.includes('-h')) {
-    printHelp();
-    return;
+  const args = process.argv.slice(2);
+  const serverConfig = { port: 5173, host: 'localhost', open: false, configFile: null, apiOnly: false };
+  for (let i = 0; i < args.length; i++) {
+    if (args[i] === '--port') serverConfig.port = parseInt(args[++i], 10);
+    else if (args[i] === '--host') serverConfig.host = args[++i];
+    else if (args[i] === '--open') serverConfig.open = true;
+    else if (args[i] === '--config') serverConfig.configFile = args[++i];
+    else if (args[i] === '--api-only') serverConfig.apiOnly = true;
+    else if (args[i] === '--help' || args[i] === '-h') { console.log('ORBIT Chat CLI Help...'); return; }
   }
-  const serverConfig = parseArgs();
   loadDotEnv(process.cwd());
-  // Load YAML config
   const yamlPath = serverConfig.configFile || path.join(process.cwd(), 'orbitchat.yaml');
   const yamlObj = loadYamlConfig(yamlPath);
-  const yamlFlat = yamlObj ? flattenYamlConfig(yamlObj) : {};
+  let config = deepMerge(DEFAULTS, yamlObj || {});
-  if (yamlObj) {
-    console.debug(`Loaded config from ${yamlPath}`);
-  }
+  // Overlay secret env vars if they exist
+  if (process.env.VITE_AUTH_DOMAIN) config.auth.domain = process.env.VITE_AUTH_DOMAIN;
+  if (process.env.VITE_AUTH_CLIENT_ID) config.auth.clientId = process.env.VITE_AUTH_CLIENT_ID;
+  if (process.env.VITE_AUTH_AUDIENCE) config.auth.audience = process.env.VITE_AUTH_AUDIENCE;
-  // Merge: DEFAULTS < YAML config < auth secrets from env
-  const config = { ...DEFAULTS, ...yamlFlat };
   const localAssets = {};
+  const mapHeaderLogoAsset = (fieldName, assetId) => {
+    const resPath = resolveLocalAssetPath(config.header?.[fieldName], yamlPath);
+    if (!resPath) return;
+    localAssets[assetId] = resPath;
+    config.header[fieldName] = `/__orbitchat_assets/${assetId}?v=${Date.now()}`;
+  };
-  // Support local filesystem paths for header logo URL.
-  const resolvedHeaderLogoPath = resolveLocalAssetPath(config.headerLogoUrl, yamlPath);
-  if (resolvedHeaderLogoPath) {
-    const mtimeMs = fs.statSync(resolvedHeaderLogoPath).mtimeMs || Date.now();
-    localAssets.header_logo = resolvedHeaderLogoPath;
-    config.headerLogoUrl = `/__orbitchat_assets/header_logo?v=${Math.floor(mtimeMs)}`;
-  }
-  // Auth secrets from env
-  if (process.env.VITE_AUTH_DOMAIN) config.authDomain = process.env.VITE_AUTH_DOMAIN;
-  if (process.env.VITE_AUTH_CLIENT_ID) config.authClientId = process.env.VITE_AUTH_CLIENT_ID;
-  if (process.env.VITE_AUTH_AUDIENCE) config.authAudience = process.env.VITE_AUTH_AUDIENCE;
-  // Default adapter fallback
-  const trimmedDefaultKey = (config.defaultKey || '').trim();
-  if (!trimmedDefaultKey || trimmedDefaultKey === DEFAULTS.defaultKey) {
-    const fallbackAdapter = getDefaultAdapterFromEnv();
-    if (fallbackAdapter) {
-      config.defaultKey = fallbackAdapter;
-    }
-  }
-  // Guest rate limiting (server-only, never sent to browser)
-  if (yamlObj && yamlObj.guestLimits?.rateLimit) {
-    serverConfig.rateLimit = yamlObj.guestLimits.rateLimit;
-  }
-  if (Object.keys(localAssets).length > 0) {
-    serverConfig.localAssets = localAssets;
-  }
+  mapHeaderLogoAsset('logoUrl', 'header_logo');
+  mapHeaderLogoAsset('logoUrlLight', 'header_logo_light');
+  mapHeaderLogoAsset('logoUrlDark', 'header_logo_dark');
-  // Find dist directory
   const distPath = path.join(__dirname, '..', 'dist');
+  const app = createServer(distPath, config, { ...serverConfig, rateLimit: yamlObj?.guestLimits?.rateLimit, localAssets });
-  if (!serverConfig.apiOnly && !fs.existsSync(distPath)) {
-    console.error('Error: dist directory not found. Please run "npm run build" first.');
-    process.exit(1);
-  }
-  const app = createServer(
-    serverConfig.apiOnly ? null : distPath,
-    config,
-    serverConfig
-  );
-  app.listen(serverConfig.port, serverConfig.host, () => {
-    const url = `http://${serverConfig.host}:${serverConfig.port}`;
-    if (serverConfig.apiOnly) {
-      console.debug(`\n🚀 ORBIT API Proxy is running at ${url}\n`);
-    } else {
-      console.debug(`\n🚀 ORBIT Chat App is running at ${url}\n`);
-    }
-    console.debug('Configuration:');
-    console.debug(`  Mode: ${serverConfig.apiOnly ? 'API-only (no UI)' : 'Full (API + UI)'}`);
-    console.debug(`  API URL: ${config.apiUrl}`);
-    console.debug(`  Default Adapter: ${config.defaultKey || '(not set)'}`);
-    console.debug(`  Port: ${serverConfig.port}`);
-    console.debug(`  Host: ${serverConfig.host}`);
-    if (yamlObj) {
-      console.debug(`  Config: ${yamlPath}`);
-    }
-    if (resolvedHeaderLogoPath) {
-      console.debug(`  Header logo file: ${resolvedHeaderLogoPath}`);
-    }
-    if (serverConfig.rateLimit && serverConfig.rateLimit.enabled !== false) {
-      console.debug(`  Guest Rate Limiting: enabled (${serverConfig.rateLimit.maxRequests || 30} req/${(serverConfig.rateLimit.windowMs || 60000) / 1000}s, chat: ${serverConfig.rateLimit.chat?.maxRequests || 10} req/${(serverConfig.rateLimit.chat?.windowMs || 60000) / 1000}s)`);
-    }
-    const startupAdapters = loadAdaptersConfig();
-    if (startupAdapters) {
-      console.debug(`  Available Adapters: ${Object.keys(startupAdapters).join(', ')}`);
-    } else {
-      console.debug(`  Warning: No adapters configured. Set ORBIT_ADAPTERS or VITE_ADAPTERS environment variable.`);
-    }
-    console.debug('');
-    if (serverConfig.open) {
-      openBrowser(url);
-    }
+  const server = app.listen(serverConfig.port, serverConfig.host, () => {
+    console.debug(`🚀 ORBIT Chat is running at http://${serverConfig.host}:${serverConfig.port}`);
+    if (serverConfig.open) execSync(`open http://${serverConfig.host}:${serverConfig.port}`);
   });
-  process.on('SIGINT', () => {
-    console.debug('\n\nShutting down server...');
-    process.exit(0);
-  });
-}
-// Run if called directly
-const isMainModule = process.argv[1] && (
-  import.meta.url === `file://${process.argv[1]}` ||
-  import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/')) ||
-  path.basename(process.argv[1]) === 'orbitchat' ||
-  path.basename(process.argv[1]) === 'orbitchat.js'
-);
-if (isMainModule) {
-  main();
+  // http-proxy may register multiple close listeners when routing across many adapters.
+  // Raise the listener cap to avoid noisy false-positive MaxListeners warnings.
+  if (typeof server.setMaxListeners === 'function') {
+    server.setMaxListeners(0);
+  }
 }
-export { main, createServer, loadAdaptersConfig };
+const isMainModule = process.argv[1] && (import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/')) || path.basename(process.argv[1]) === 'orbitchat');
+if (isMainModule) main();
+export { main, createServer };