plotlink-ows 0.1.14 → 0.1.18

package/app/routes/publish.ts

@@ -1,7 +1,6 @@
 import { Hono } from "hono";
 import { streamSSE } from "hono/streaming";
-import { db } from "../db";
-import { publishStoryline, getEthBalance, estimatePublishCost } from "../lib/publish";
+import { publishStoryline, publishPlot, getEthBalance, estimatePublishCost } from "../lib/publish";
 import { keccak256, toBytes } from "viem";
 import { listAgentWallets, getBaseAddress } from "../../lib/ows/wallet";
 
@@ -64,41 +63,73 @@ publish.get("/preflight", async (c) => {
   }
 });
 
-/** POST /api/publish/:draftId — publish a draft on-chain (streams progress) */
-publish.post("/:draftId", async (c) => {
-  const draftId = c.req.param("draftId");
+/** POST /api/publish/file — publish a story file on-chain (streams progress) */
+publish.post("/file", async (c) => {
+  const body = await c.req.json<{
+    storyName: string;
+    fileName: string;
+    title: string;
+    content: string;
+    genre?: string;
+    storylineId?: number;
+  }>();
 
-  const draft = await db.draft.findUnique({ where: { id: draftId } });
-  if (!draft) return c.json({ error: "Draft not found" }, 404);
-  if (draft.status === "published") return c.json({ error: "Already published" }, 409);
+  if (!body.title || !body.content) {
+    return c.json({ error: "title and content required" }, 400);
+  }
 
   // Get wallet
-  const wallets = listAgentWallets();
+  let wallets;
+  try {
+    wallets = listAgentWallets();
+  } catch (err) {
+    console.error("[publish/file] listAgentWallets error:", err);
+    return c.json({ error: `OWS wallet error: ${err instanceof Error ? err.message : String(err)}` }, 500);
+  }
   const wallet = wallets.find((w) => w.name.startsWith("plotlink-writer"));
   if (!wallet) return c.json({ error: "No OWS wallet" }, 400);
 
+  console.log("[publish/file] Starting publish for", body.storyName, body.fileName, "wallet:", wallet.name);
+
+  // Determine if this is genesis (createStoryline) or plot (chainPlot)
+  const isPlot = body.fileName.match(/^plot-\d+\.md$/);
+
   return streamSSE(c, async (stream) => {
     try {
-      const result = await publishStoryline(
-        wallet.name,
-        draft.title,
-        draft.content,
-        draft.genre || undefined,
-        async (progress) => {
-          await stream.writeSSE({ data: JSON.stringify(progress) });
-        },
-      );
+      let result;
+      if (isPlot && body.storylineId) {
+        // Chain plot to existing storyline
+        result = await publishPlot(
+          wallet.name,
+          body.storylineId,
+          body.title,
+          body.content,
+          body.genre,
+          async (progress) => {
+            await stream.writeSSE({ data: JSON.stringify(progress) });
+          },
+        );
+      } else {
+        // Create new storyline (genesis or first file)
+        result = await publishStoryline(
+          wallet.name,
+          body.title,
+          body.content,
+          body.genre,
+          async (progress) => {
+            await stream.writeSSE({ data: JSON.stringify(progress) });
+          },
+        );
+      }
 
-      // Only mark published after tx confirmed (publishStoryline waits for confirmation)
-      await db.draft.update({
-        where: { id: draftId },
-        data: {
-          status: "published",
+      await stream.writeSSE({
+        data: JSON.stringify({
+          step: "done",
           txHash: result.txHash,
           storylineId: result.storylineId,
           contentCid: result.contentCid,
           gasCost: result.gasCost,
-        },
+        }),
       });
     } catch (err: unknown) {
       const message = err instanceof Error ? err.message : "Publish failed";

package/app/routes/stories.ts

@@ -0,0 +1,156 @@
+import { Hono } from "hono";
+import fs from "fs";
+import path from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const STORIES_DIR = path.join(__dirname, "..", "..", "stories");
+
+const stories = new Hono();
+
+/** Sanitize path params to prevent directory traversal */
+function safeName(name: string): string | null {
+  if (!name || name.includes("..") || name.includes("/") || name.includes("\\") || name.startsWith(".")) {
+    return null;
+  }
+  return name;
+}
+
+interface FileStatus {
+  file: string;
+  status: "published" | "pending" | "draft";
+  txHash?: string;
+  storylineId?: number;
+  contentCid?: string;
+  publishedAt?: string;
+  gasCost?: string;
+}
+
+interface StoryInfo {
+  name: string;
+  files: FileStatus[];
+  hasStructure: boolean;
+  hasGenesis: boolean;
+  plotCount: number;
+  publishedCount: number;
+}
+
+function readPublishStatus(storyDir: string): Record<string, FileStatus> {
+  const statusFile = path.join(storyDir, ".publish-status.json");
+  try {
+    if (fs.existsSync(statusFile)) {
+      return JSON.parse(fs.readFileSync(statusFile, "utf-8"));
+    }
+  } catch { /* ignore */ }
+  return {};
+}
+
+function writePublishStatus(storyDir: string, status: Record<string, FileStatus>) {
+  const statusFile = path.join(storyDir, ".publish-status.json");
+  fs.writeFileSync(statusFile, JSON.stringify(status, null, 2) + "\n");
+}
+
+function scanStory(storyDir: string, name: string): StoryInfo {
+  const publishStatus = readPublishStatus(storyDir);
+  const entries = fs.readdirSync(storyDir).filter((f) => f.endsWith(".md"));
+
+  const files: FileStatus[] = entries.map((file) => {
+    const existing = publishStatus[file];
+    if (existing?.status === "published") {
+      return existing;
+    }
+    return { file, status: "pending" as const };
+  });
+
+  const hasStructure = entries.includes("structure.md");
+  const hasGenesis = entries.includes("genesis.md");
+  const plotCount = entries.filter((f) => f.match(/^plot-\d+\.md$/)).length;
+  const publishedCount = files.filter((f) => f.status === "published").length;
+
+  return { name, files, hasStructure, hasGenesis, plotCount, publishedCount };
+}
+
+/** GET /api/stories — list all stories */
+stories.get("/", (c) => {
+  if (!fs.existsSync(STORIES_DIR)) {
+    return c.json({ stories: [] });
+  }
+
+  const dirs = fs.readdirSync(STORIES_DIR, { withFileTypes: true })
+    .filter((d) => d.isDirectory() && !d.name.startsWith("."))
+    .map((d) => d.name)
+    .sort();
+
+  const result = dirs.map((name) => scanStory(path.join(STORIES_DIR, name), name));
+  return c.json({ stories: result });
+});
+
+/** GET /api/stories/:name — single story detail */
+stories.get("/:name", (c) => {
+  const name = safeName(c.req.param("name"));
+  if (!name) return c.json({ error: "Invalid story name" }, 400);
+  const storyDir = path.join(STORIES_DIR, name);
+
+  if (!fs.existsSync(storyDir) || !fs.statSync(storyDir).isDirectory()) {
+    return c.json({ error: "Story not found" }, 404);
+  }
+
+  const info = scanStory(storyDir, name);
+
+  // Include file contents
+  const filesWithContent = info.files.map((f) => {
+    const filePath = path.join(storyDir, f.file);
+    const content = fs.readFileSync(filePath, "utf-8");
+    return { ...f, content };
+  });
+
+  return c.json({ ...info, files: filesWithContent });
+});
+
+/** GET /api/stories/:name/:file — single file content */
+stories.get("/:name/:file", (c) => {
+  const name = safeName(c.req.param("name"));
+  const file = safeName(c.req.param("file"));
+  if (!name || !file) return c.json({ error: "Invalid path" }, 400);
+  const filePath = path.join(STORIES_DIR, name, file);
+
+  if (!fs.existsSync(filePath)) {
+    return c.json({ error: "File not found" }, 404);
+  }
+
+  const content = fs.readFileSync(filePath, "utf-8");
+  const publishStatus = readPublishStatus(path.join(STORIES_DIR, name));
+  const status = publishStatus[file] || { file, status: "pending" };
+
+  return c.json({ ...status, content });
+});
+
+/** POST /api/stories/:name/:file/publish-status — update publish status after publishing */
+stories.post("/:name/:file/publish-status", async (c) => {
+  const name = safeName(c.req.param("name"));
+  const file = safeName(c.req.param("file"));
+  if (!name || !file) return c.json({ error: "Invalid path" }, 400);
+  const storyDir = path.join(STORIES_DIR, name);
+  const body = await c.req.json<{
+    txHash: string;
+    storylineId?: number;
+    contentCid: string;
+    gasCost?: string;
+  }>();
+
+  const status = readPublishStatus(storyDir);
+  status[file] = {
+    file,
+    status: "published",
+    txHash: body.txHash,
+    storylineId: body.storylineId,
+    contentCid: body.contentCid,
+    gasCost: body.gasCost,
+    publishedAt: new Date().toISOString(),
+  };
+  writePublishStatus(storyDir, status);
+
+  return c.json({ ok: true });
+});
+
+export { stories as storiesRoutes, readPublishStatus, STORIES_DIR };

package/app/routes/terminal.ts

@@ -0,0 +1,154 @@
+import { Hono } from "hono";
+import * as pty from "node-pty";
+import path from "path";
+import { fileURLToPath } from "url";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const STORIES_DIR = path.join(__dirname, "..", "..", "stories");
+
+const terminal = new Hono();
+
+// Active PTY sessions keyed by session ID
+const ptySessions = new Map<
+  string,
+  { term: pty.IPty; ws: WebSocket | null; state: "running" | "stopped" }
+>();
+
+/** POST /api/terminal/spawn — spawn Claude CLI in stories/ */
+terminal.post("/spawn", (c) => {
+  const sessionId = "default";
+
+  const existing = ptySessions.get(sessionId);
+  if (existing?.term && existing.state === "running") {
+    return c.json({ ok: true, pid: existing.term.pid, reused: true });
+  }
+
+  try {
+    const shell = process.env.SHELL || "/bin/zsh";
+    const term = pty.spawn(shell, ["-l", "-c", "claude"], {
+      name: "xterm-256color",
+      cols: 120,
+      rows: 30,
+      cwd: STORIES_DIR,
+      env: process.env as Record<string, string>,
+    });
+
+    ptySessions.set(sessionId, { term, ws: null, state: "running" });
+
+    term.onExit(({ exitCode }) => {
+      const session = ptySessions.get(sessionId);
+      if (session?.term === term) {
+        session.state = "stopped";
+        if (session.ws && session.ws.readyState <= 1) {
+          session.ws.close(1000, `exited:${exitCode}`);
+        }
+        session.ws = null;
+      }
+    });
+
+    return c.json({ ok: true, pid: term.pid });
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : "Failed to spawn PTY";
+    return c.json({ ok: false, error: message }, 500);
+  }
+});
+
+/** POST /api/terminal/stop — kill PTY */
+terminal.post("/stop", (c) => {
+  const session = ptySessions.get("default");
+  if (session?.term && session.state === "running") {
+    session.term.kill();
+    session.state = "stopped";
+    return c.json({ ok: true });
+  }
+  return c.json({ ok: true, message: "not running" });
+});
+
+/** GET /api/terminal/status */
+terminal.get("/status", (c) => {
+  const session = ptySessions.get("default");
+  return c.json({
+    running: session?.state === "running",
+    pid: session?.term?.pid ?? null,
+  });
+});
+
+/**
+ * Attach a raw WebSocket to the PTY session.
+ * Called from server.ts WebSocket upgrade handler.
+ */
+export function attachTerminalWs(ws: WebSocket) {
+  const sessionId = "default";
+  let session = ptySessions.get(sessionId);
+
+  // Lazy spawn if no PTY exists
+  if (!session || session.state !== "running") {
+    try {
+      const shell = process.env.SHELL || "/bin/zsh";
+    const term = pty.spawn(shell, ["-l", "-c", "claude"], {
+        name: "xterm-256color",
+        cols: 120,
+        rows: 30,
+        cwd: STORIES_DIR,
+        env: process.env as Record<string, string>,
+      });
+
+      session = { term, ws: null, state: "running" };
+      ptySessions.set(sessionId, session);
+
+      term.onExit(({ exitCode }) => {
+        const s = ptySessions.get(sessionId);
+        if (s?.term === term) {
+          s.state = "stopped";
+          if (s.ws && s.ws.readyState <= 1) {
+            s.ws.close(1000, `exited:${exitCode}`);
+          }
+          s.ws = null;
+        }
+      });
+    } catch (err) {
+      console.error("PTY spawn failed:", err);
+      ws.close(1011, "pty-spawn-failed");
+      return;
+    }
+  }
+
+  // Replace previous WS
+  if (session.ws && session.ws !== ws && session.ws.readyState <= 1) {
+    session.ws.close(1000, "replaced");
+  }
+  session.ws = ws;
+
+  // PTY output → browser
+  const dataDisposable = session.term.onData((data: string) => {
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(data);
+    }
+  });
+
+  // Browser input → PTY
+  ws.addEventListener("message", (event: MessageEvent) => {
+    if (!session?.term || session.state !== "running") return;
+    const str = typeof event.data === "string" ? event.data : event.data.toString();
+    try {
+      const parsed = JSON.parse(str);
+      if (parsed.type === "resize" && parsed.cols && parsed.rows) {
+        session.term.resize(parsed.cols, parsed.rows);
+        return;
+      }
+    } catch {
+      // Not JSON — raw input
+    }
+    session.term.write(str);
+  });
+
+  // Cleanup on close (keep PTY running)
+  ws.addEventListener("close", () => {
+    dataDisposable.dispose();
+    if (session?.ws === ws) {
+      session.ws = null;
+    }
+  });
+}
+
+export { terminal as terminalRoutes };

package/app/routes/wallet.ts

@@ -34,22 +34,50 @@ wallet.get("/", async (c) => {
 
     const address = getBaseAddress(plotlinkWallet);
 
-    // Fetch USDC balance on Base via RPC
+    // Fetch balances on Base via RPC
+    let ethBalance = "0";
     let usdcBalance = "0";
+    let plotBalance = "0";
+    const rpcUrl = process.env.NEXT_PUBLIC_RPC_URL || "https://mainnet.base.org";
+
     if (address) {
+      const addrPadded = "000000000000000000000000" + address.slice(2).toLowerCase();
+      const balanceOfSig = "0x70a08231" + addrPadded;
+
       try {
-        const USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"; // USDC on Base mainnet
-        const balanceOfSig = "0x70a08231000000000000000000000000" + address.slice(2).toLowerCase();
-        const rpcUrl = process.env.NEXT_PUBLIC_RPC_URL || "https://mainnet.base.org";
-        const res = await fetch(rpcUrl, {
+        // ETH balance
+        const ethRes = await fetch(rpcUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "eth_getBalance", params: [address, "latest"] }),
+        });
+        const ethData = await ethRes.json() as { result?: string };
+        if (ethData.result && ethData.result !== "0x" && ethData.result !== "0x0") {
+          ethBalance = (Number(BigInt(ethData.result)) / 1e18).toFixed(6);
+        }
+
+        // USDC balance (6 decimals)
+        const USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+        const usdcRes = await fetch(rpcUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ jsonrpc: "2.0", id: 2, method: "eth_call", params: [{ to: USDC_BASE, data: balanceOfSig }, "latest"] }),
+        });
+        const usdcData = await usdcRes.json() as { result?: string };
+        if (usdcData.result && usdcData.result !== "0x") {
+          usdcBalance = (Number(BigInt(usdcData.result)) / 1e6).toFixed(2);
+        }
+
+        // PLOT balance (18 decimals)
+        const PLOT = "0x4F567DACBF9D15A6acBe4A47FC2Ade0719Fb63C4";
+        const plotRes = await fetch(rpcUrl, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "eth_call", params: [{ to: USDC_BASE, data: balanceOfSig }, "latest"] }),
+          body: JSON.stringify({ jsonrpc: "2.0", id: 3, method: "eth_call", params: [{ to: PLOT, data: balanceOfSig }, "latest"] }),
         });
-        const data = await res.json() as { result?: string };
-        if (data.result && data.result !== "0x") {
-          const raw = BigInt(data.result);
-          usdcBalance = (Number(raw) / 1e6).toFixed(2); // USDC has 6 decimals
+        const plotData = await plotRes.json() as { result?: string };
+        if (plotData.result && plotData.result !== "0x") {
+          plotBalance = (Number(BigInt(plotData.result)) / 1e18).toFixed(4);
         }
       } catch { /* balance fetch best-effort */ }
     }
@@ -59,7 +87,9 @@ wallet.get("/", async (c) => {
       walletId: plotlinkWallet.id,
       name: plotlinkWallet.name,
       address,
+      ethBalance,
       usdcBalance,
+      plotBalance,
       accounts: plotlinkWallet.accounts,
     });
   } catch (err: unknown) {

package/app/server.ts

@@ -10,15 +10,13 @@ dotenv.config({ path: ENV_FILE });
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { serve } from "@hono/node-server";
-import { createNodeWebSocket } from "@hono/node-ws";
 import { serveStatic } from "@hono/node-server/serve-static";
 import { authRoutes, requireAuth } from "./routes/auth";
-import { configRoutes } from "./routes/config";
 import { walletRoutes } from "./routes/wallet";
-import { oauthRoutes } from "./routes/oauth";
-import { chatRoutes } from "./routes/chat";
 import { publishRoutes } from "./routes/publish";
 import { dashboardRoutes } from "./routes/dashboard";
+import { terminalRoutes, attachTerminalWs } from "./routes/terminal";
+import { storiesRoutes } from "./routes/stories";
 import { initDb } from "./db";
 import { execSync } from "child_process";
 import fs from "fs";
@@ -26,98 +24,26 @@ import fs from "fs";
 const __dirname = __dirnamePre;
 
 const app = new Hono();
-const { upgradeWebSocket, injectWebSocket } = createNodeWebSocket({ app });
-
 // CORS for local dev
 app.use("/*", cors({ origin: "http://localhost:5173", credentials: true }));
 
 // API routes
 app.route("/api/auth", authRoutes);
 // Protected routes
-app.use("/api/config/*", requireAuth);
 app.use("/api/wallet/*", requireAuth);
-// OAuth: protect start/status but NOT callback (provider redirects without auth)
-app.use("/api/oauth/:provider/start", requireAuth);
-app.use("/api/oauth/:provider/status", requireAuth);
-app.route("/api/config", configRoutes);
 app.route("/api/wallet", walletRoutes);
-app.route("/api/oauth", oauthRoutes);
-app.use("/api/chat/*", requireAuth);
 app.use("/api/publish/*", requireAuth);
-app.route("/api/chat", chatRoutes);
 app.route("/api/publish", publishRoutes);
 app.use("/api/dashboard/*", requireAuth);
 app.route("/api/dashboard", dashboardRoutes);
+app.use("/api/terminal/*", requireAuth);
+app.route("/api/terminal", terminalRoutes);
+app.use("/api/stories/*", requireAuth);
+app.route("/api/stories", storiesRoutes);
 
 // Health check
 app.get("/api/health", (c) => c.json({ status: "ok" }));
 
-// WebSocket chat endpoint (auth via query param since WS can't send headers)
-app.get(
-  "/ws/chat",
-  upgradeWebSocket((c) => {
-    const wsToken = new URL(c.req.url).searchParams.get("token");
-    let authenticated = false;
-
-    return {
-    async onOpen(_event, ws) {
-      if (!wsToken) { ws.close(4001, "Missing token"); return; }
-      const { db } = await import("./db");
-      const session = await db.session.findUnique({ where: { token: wsToken } });
-      if (!session || session.expiresAt < new Date()) { ws.close(4001, "Invalid token"); return; }
-      authenticated = true;
-    },
-    async onMessage(event, ws) {
-      if (!authenticated) { ws.close(4001, "Not authenticated"); return; }
-      try {
-        const data = JSON.parse(String(event.data));
-        if (data.type === "message" && data.sessionId && data.content) {
-          const { db } = await import("./db");
-          const { streamChat } = await import("./lib/llm-client");
-          const { WRITER_SYSTEM_PROMPT } = await import("./lib/writer-prompt");
-
-          // Save user message
-          await db.message.create({
-            data: { sessionId: data.sessionId, role: "user", content: data.content },
-          });
-
-          // Build context
-          const messages = await db.message.findMany({
-            where: { sessionId: data.sessionId },
-            orderBy: { createdAt: "asc" },
-          });
-
-          const chatMessages = [
-            { role: "system" as const, content: WRITER_SYSTEM_PROMPT },
-            ...messages.map((m: { role: string; content: string }) => ({
-              role: m.role as "user" | "assistant" | "system",
-              content: m.content,
-            })),
-          ];
-
-          // Stream response
-          let fullResponse = "";
-          for await (const chunk of streamChat(chatMessages)) {
-            fullResponse += chunk;
-            ws.send(JSON.stringify({ type: "chunk", content: chunk }));
-          }
-
-          // Save assistant message
-          await db.message.create({
-            data: { sessionId: data.sessionId, role: "assistant", content: fullResponse },
-          });
-
-          ws.send(JSON.stringify({ type: "done" }));
-        }
-      } catch (err: unknown) {
-        const message = err instanceof Error ? err.message : "WebSocket error";
-        ws.send(JSON.stringify({ type: "error", message }));
-      }
-    },
-  };
-  }),
-);
-
 // In production, serve the built frontend
 const distPath = path.join(__dirname, "web", "dist");
 if (fs.existsSync(distPath)) {
@@ -143,12 +69,34 @@ async function start() {
   // Initialize database connection
   await initDb();
 
+  // Ensure stories directory exists
+  const storiesDir = path.join(__dirname, "..", "stories");
+  if (!fs.existsSync(storiesDir)) fs.mkdirSync(storiesDir, { recursive: true });
+
   const port = Number(process.env.APP_PORT) || 7777;
   const server = serve({ fetch: app.fetch, port }, (info) => {
     console.log(`\n  PlotLink OWS running at http://localhost:${info.port}\n`);
   });
 
-  injectWebSocket(server);
+  // Terminal WebSocket: raw WS on /ws/terminal (bypasses Hono for raw PTY relay)
+  const { WebSocketServer } = await import("ws");
+  const wss = new WebSocketServer({ noServer: true });
+  // server from serve() IS an http.Server
+  (server as any).on("upgrade", (req: any, socket: any, head: any) => {
+    const url = new URL(req.url || "", `http://localhost:${port}`);
+    if (url.pathname === "/ws/terminal") {
+      // Auth check: verify token from query params
+      const wsToken = url.searchParams.get("token");
+      if (!wsToken) { socket.destroy(); return; }
+      import("./db").then(async ({ db }) => {
+        const session = await db.session.findUnique({ where: { token: wsToken } });
+        if (!session || session.expiresAt < new Date()) { socket.destroy(); return; }
+        wss.handleUpgrade(req, socket, head, (ws) => {
+          attachTerminalWs(ws as unknown as WebSocket);
+        });
+      }).catch(() => socket.destroy());
+    }
+  });
 }
 
 start().catch(console.error);

package/app/web/App.tsx

@@ -3,8 +3,6 @@ import { Login } from "./components/Login";
 import { Setup } from "./components/Setup";
 import { Layout } from "./components/Layout";
 
-const API_BASE = "http://localhost:7777";
-
 export function App() {
   const [token, setToken] = useState<string | null>(() =>
     localStorage.getItem("ows-token"),
@@ -14,7 +12,7 @@ export function App() {
 
   useEffect(() => {
     // Check if passphrase is configured (first-run detection)
-    fetch(`${API_BASE}/api/auth/status`)
+    fetch(`/api/auth/status`)
       .then((r) => r.json())
       .then((d) => setConfigured(d.configured))
       .catch(() => setConfigured(null));
@@ -26,7 +24,7 @@ export function App() {
       setChecking(false);
       return;
     }
-    fetch(`${API_BASE}/api/auth/verify`, {
+    fetch(`/api/auth/verify`, {
       headers: { Authorization: `Bearer ${token}` },
     })
       .then((r) => {
@@ -44,7 +42,7 @@ export function App() {
 
   const handleLogin = async (passphrase: string): Promise<string | null> => {
     try {
-      const res = await fetch(`${API_BASE}/api/auth/login`, {
+      const res = await fetch(`/api/auth/login`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ passphrase }),
@@ -61,7 +59,7 @@ export function App() {
 
   const handleSetup = async (passphrase: string): Promise<string | null> => {
     try {
-      const res = await fetch(`${API_BASE}/api/auth/setup`, {
+      const res = await fetch(`/api/auth/setup`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ passphrase }),