plotlink-ows 0.1.15 → 1.0.0

package/app/routes/terminal.ts

@@ -0,0 +1,258 @@
+import { Hono } from "hono";
+import * as pty from "node-pty";
+import path from "path";
+import fs from "fs";
+import { fileURLToPath } from "url";
+import { randomUUID } from "crypto";
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const STORIES_DIR = path.join(__dirname, "..", "..", "stories");
+const MAX_SESSIONS = 5;
+const SESSION_FILE = path.join(__dirname, "..", "..", "data", "terminal-sessions.json");
+
+const terminal = new Hono();
+
+// Active PTY sessions keyed by story name
+const ptySessions = new Map<
+  string,
+  { term: pty.IPty; ws: WebSocket | null; state: "running" | "stopped"; sessionId: string }
+>();
+
+function safeName(name: string): string | null {
+  if (!name || name.includes("..") || name.includes("/") || name.includes("\\") || name.startsWith(".")) {
+    return null;
+  }
+  return name;
+}
+
+/** Load stored session UUIDs from disk */
+function loadSessionMap(): Record<string, string> {
+  try {
+    if (fs.existsSync(SESSION_FILE)) {
+      return JSON.parse(fs.readFileSync(SESSION_FILE, "utf-8"));
+    }
+  } catch { /* ignore */ }
+  return {};
+}
+
+/** Save session UUIDs to disk */
+function saveSessionMap(map: Record<string, string>) {
+  try {
+    const dir = path.dirname(SESSION_FILE);
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+    fs.writeFileSync(SESSION_FILE, JSON.stringify(map, null, 2) + "\n");
+  } catch { /* ignore */ }
+}
+
+function spawnPty(storyName: string, opts?: { sessionId?: string; resume?: boolean }) {
+  const storyDir = path.join(STORIES_DIR, storyName);
+  if (!fs.existsSync(storyDir)) fs.mkdirSync(storyDir, { recursive: true });
+  const shell = process.env.SHELL || "/bin/zsh";
+
+  // Determine session ID
+  const sessionMap = loadSessionMap();
+  let sessionId: string;
+
+  // Build Claude CLI command with session flags
+  // Note: no --cwd flag — Claude CLI uses process cwd, set via pty.spawn({ cwd: storyDir })
+  let claudeCmd = "claude";
+  if (opts?.resume && sessionMap[storyName]) {
+    // Resume: reuse stored session
+    sessionId = sessionMap[storyName];
+    claudeCmd += ` --resume "${sessionId}"`;
+  } else {
+    // Fresh: always generate new UUID
+    sessionId = opts?.sessionId || randomUUID();
+    claudeCmd += ` --session-id "${sessionId}"`;
+  }
+
+  const term = pty.spawn(shell, ["-l", "-c", claudeCmd], {
+    name: "xterm-256color",
+    cols: 120,
+    rows: 30,
+    cwd: storyDir,
+    env: process.env as Record<string, string>,
+  });
+
+  // Persist session ID
+  sessionMap[storyName] = sessionId;
+  saveSessionMap(sessionMap);
+
+  const isResume = !!opts?.resume;
+  const spawnTime = Date.now();
+  const session = { term, ws: null as WebSocket | null, state: "running" as const, sessionId };
+  ptySessions.set(storyName, session);
+
+  term.onExit(({ exitCode }) => {
+    const s = ptySessions.get(storyName);
+    if (s?.term !== term) return;
+
+    // If a resumed session exits quickly (< 5s), signal client to auto-reconnect fresh
+    const elapsed = Date.now() - spawnTime;
+    if (isResume && elapsed < 5000 && exitCode !== 0) {
+      console.log(`Resume for "${storyName}" failed (exit ${exitCode} in ${elapsed}ms), signaling fresh fallback`);
+      ptySessions.delete(storyName);
+      if (s.ws && s.ws.readyState <= 1) {
+        // Close code 4000 = resume-failed, client should auto-reconnect fresh
+        s.ws.close(4000, "resume-failed");
+      }
+      s.ws = null;
+      return;
+    }
+
+    s.state = "stopped";
+    if (s.ws && s.ws.readyState <= 1) {
+      s.ws.close(1000, `exited:${exitCode}`);
+    }
+    s.ws = null;
+  });
+
+  return session;
+}
+
+/** POST /api/terminal/spawn — spawn Claude CLI for a story */
+terminal.post("/spawn", async (c) => {
+  const body = await c.req.json<{ storyName?: string; resume?: boolean }>().catch(() => ({}));
+  const storyName = safeName(body.storyName || "default");
+  if (!storyName) return c.json({ error: "Invalid story name" }, 400);
+
+  const existing = ptySessions.get(storyName);
+  if (existing?.term && existing.state === "running") {
+    return c.json({ ok: true, pid: existing.term.pid, storyName, sessionId: existing.sessionId, reused: true });
+  }
+
+  // Enforce max concurrent sessions
+  const running = [...ptySessions.values()].filter((s) => s.state === "running").length;
+  if (running >= MAX_SESSIONS) {
+    return c.json({ error: `Max ${MAX_SESSIONS} concurrent sessions`, ok: false }, 429);
+  }
+
+  try {
+    const session = spawnPty(storyName, { resume: body.resume });
+    return c.json({ ok: true, pid: session.term.pid, storyName, sessionId: session.sessionId });
+  } catch (err: unknown) {
+    const message = err instanceof Error ? err.message : "Failed to spawn PTY";
+    return c.json({ ok: false, error: message }, 500);
+  }
+});
+
+/** GET /api/terminal/session/:storyName — get stored session ID for a story */
+terminal.get("/session/:storyName", (c) => {
+  const storyName = safeName(c.req.param("storyName"));
+  if (!storyName) return c.json({ error: "Invalid story name" }, 400);
+
+  const sessionMap = loadSessionMap();
+  const sessionId = sessionMap[storyName] || null;
+  const active = ptySessions.get(storyName);
+
+  return c.json({
+    sessionId,
+    running: !!active && active.state === "running",
+  });
+});
+
+/** DELETE /api/terminal/:storyName — kill a story's PTY */
+terminal.delete("/:storyName", (c) => {
+  const storyName = safeName(c.req.param("storyName"));
+  if (!storyName) return c.json({ error: "Invalid story name" }, 400);
+
+  const session = ptySessions.get(storyName);
+  if (session?.term && session.state === "running") {
+    session.term.kill();
+    session.state = "stopped";
+    ptySessions.delete(storyName);
+    return c.json({ ok: true });
+  }
+  ptySessions.delete(storyName);
+  return c.json({ ok: true, message: "not running" });
+});
+
+/** POST /api/terminal/stop — kill PTY (legacy, kills default) */
+terminal.post("/stop", (c) => {
+  const session = ptySessions.get("default");
+  if (session?.term && session.state === "running") {
+    session.term.kill();
+    session.state = "stopped";
+    return c.json({ ok: true });
+  }
+  return c.json({ ok: true, message: "not running" });
+});
+
+/** GET /api/terminal/status — list all sessions */
+terminal.get("/status", (c) => {
+  const sessions: Record<string, { running: boolean; pid: number | null; sessionId: string }> = {};
+  for (const [name, session] of ptySessions) {
+    sessions[name] = {
+      running: session.state === "running",
+      pid: session.term?.pid ?? null,
+      sessionId: session.sessionId,
+    };
+  }
+  return c.json({ sessions });
+});
+
+/**
+ * Attach a raw WebSocket to a story's PTY session.
+ * Called from server.ts WebSocket upgrade handler.
+ */
+export function attachTerminalWs(ws: WebSocket, storyName?: string, resume?: boolean) {
+  const name = storyName && safeName(storyName) ? storyName : "default";
+  let session = ptySessions.get(name);
+
+  // Lazy spawn if no PTY exists
+  if (!session || session.state !== "running") {
+    // Enforce max concurrent sessions
+    const running = [...ptySessions.values()].filter((s) => s.state === "running").length;
+    if (running >= MAX_SESSIONS) {
+      ws.close(1013, "max-sessions");
+      return;
+    }
+
+    try {
+      session = spawnPty(name, { resume });
+    } catch (err) {
+      console.error("PTY spawn failed:", err);
+      ws.close(1011, "pty-spawn-failed");
+      return;
+    }
+  }
+
+  // Replace previous WS
+  if (session.ws && session.ws !== ws && session.ws.readyState <= 1) {
+    session.ws.close(1000, "replaced");
+  }
+  session.ws = ws;
+
+  // PTY output → browser
+  const dataDisposable = session.term.onData((data: string) => {
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(data);
+    }
+  });
+
+  // Browser input → PTY
+  ws.addEventListener("message", (event: MessageEvent) => {
+    if (!session?.term || session.state !== "running") return;
+    const str = typeof event.data === "string" ? event.data : event.data.toString();
+    try {
+      const parsed = JSON.parse(str);
+      if (parsed.type === "resize" && parsed.cols && parsed.rows) {
+        session.term.resize(parsed.cols, parsed.rows);
+        return;
+      }
+    } catch {
+      // Not JSON — raw input
+    }
+    session.term.write(str);
+  });
+
+  // Cleanup on close (keep PTY running)
+  ws.addEventListener("close", () => {
+    dataDisposable.dispose();
+    if (session?.ws === ws) {
+      session.ws = null;
+    }
+  });
+}
+
+export { terminal as terminalRoutes };

package/app/routes/wallet.ts

@@ -34,22 +34,50 @@ wallet.get("/", async (c) => {
 
     const address = getBaseAddress(plotlinkWallet);
 
-    // Fetch USDC balance on Base via RPC
+    // Fetch balances on Base via RPC
+    let ethBalance = "0";
     let usdcBalance = "0";
+    let plotBalance = "0";
+    const rpcUrl = process.env.NEXT_PUBLIC_RPC_URL || "https://mainnet.base.org";
+
     if (address) {
+      const addrPadded = "000000000000000000000000" + address.slice(2).toLowerCase();
+      const balanceOfSig = "0x70a08231" + addrPadded;
+
       try {
-        const USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913"; // USDC on Base mainnet
-        const balanceOfSig = "0x70a08231000000000000000000000000" + address.slice(2).toLowerCase();
-        const rpcUrl = process.env.NEXT_PUBLIC_RPC_URL || "https://mainnet.base.org";
-        const res = await fetch(rpcUrl, {
+        // ETH balance
+        const ethRes = await fetch(rpcUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "eth_getBalance", params: [address, "latest"] }),
+        });
+        const ethData = await ethRes.json() as { result?: string };
+        if (ethData.result && ethData.result !== "0x" && ethData.result !== "0x0") {
+          ethBalance = (Number(BigInt(ethData.result)) / 1e18).toFixed(6);
+        }
+
+        // USDC balance (6 decimals)
+        const USDC_BASE = "0x833589fCD6eDb6E08f4c7C32D4f71b54bdA02913";
+        const usdcRes = await fetch(rpcUrl, {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify({ jsonrpc: "2.0", id: 2, method: "eth_call", params: [{ to: USDC_BASE, data: balanceOfSig }, "latest"] }),
+        });
+        const usdcData = await usdcRes.json() as { result?: string };
+        if (usdcData.result && usdcData.result !== "0x") {
+          usdcBalance = (Number(BigInt(usdcData.result)) / 1e6).toFixed(2);
+        }
+
+        // PLOT balance (18 decimals)
+        const PLOT = "0x4F567DACBF9D15A6acBe4A47FC2Ade0719Fb63C4";
+        const plotRes = await fetch(rpcUrl, {
           method: "POST",
           headers: { "Content-Type": "application/json" },
-          body: JSON.stringify({ jsonrpc: "2.0", id: 1, method: "eth_call", params: [{ to: USDC_BASE, data: balanceOfSig }, "latest"] }),
+          body: JSON.stringify({ jsonrpc: "2.0", id: 3, method: "eth_call", params: [{ to: PLOT, data: balanceOfSig }, "latest"] }),
         });
-        const data = await res.json() as { result?: string };
-        if (data.result && data.result !== "0x") {
-          const raw = BigInt(data.result);
-          usdcBalance = (Number(raw) / 1e6).toFixed(2); // USDC has 6 decimals
+        const plotData = await plotRes.json() as { result?: string };
+        if (plotData.result && plotData.result !== "0x") {
+          plotBalance = (Number(BigInt(plotData.result)) / 1e18).toFixed(4);
         }
       } catch { /* balance fetch best-effort */ }
     }
@@ -59,7 +87,9 @@ wallet.get("/", async (c) => {
       walletId: plotlinkWallet.id,
       name: plotlinkWallet.name,
       address,
+      ethBalance,
       usdcBalance,
+      plotBalance,
       accounts: plotlinkWallet.accounts,
     });
   } catch (err: unknown) {

package/app/server.ts

@@ -10,15 +10,14 @@ dotenv.config({ path: ENV_FILE });
 import { Hono } from "hono";
 import { cors } from "hono/cors";
 import { serve } from "@hono/node-server";
-import { createNodeWebSocket } from "@hono/node-ws";
 import { serveStatic } from "@hono/node-server/serve-static";
 import { authRoutes, requireAuth } from "./routes/auth";
-import { configRoutes } from "./routes/config";
 import { walletRoutes } from "./routes/wallet";
-import { oauthRoutes } from "./routes/oauth";
-import { chatRoutes } from "./routes/chat";
 import { publishRoutes } from "./routes/publish";
 import { dashboardRoutes } from "./routes/dashboard";
+import { terminalRoutes, attachTerminalWs } from "./routes/terminal";
+import { storiesRoutes } from "./routes/stories";
+import { settingsRoutes } from "./routes/settings";
 import { initDb } from "./db";
 import { execSync } from "child_process";
 import fs from "fs";
@@ -26,98 +25,28 @@ import fs from "fs";
 const __dirname = __dirnamePre;
 
 const app = new Hono();
-const { upgradeWebSocket, injectWebSocket } = createNodeWebSocket({ app });
-
 // CORS for local dev
 app.use("/*", cors({ origin: "http://localhost:5173", credentials: true }));
 
 // API routes
 app.route("/api/auth", authRoutes);
 // Protected routes
-app.use("/api/config/*", requireAuth);
 app.use("/api/wallet/*", requireAuth);
-// OAuth: protect start/status but NOT callback (provider redirects without auth)
-app.use("/api/oauth/:provider/start", requireAuth);
-app.use("/api/oauth/:provider/status", requireAuth);
-app.route("/api/config", configRoutes);
 app.route("/api/wallet", walletRoutes);
-app.route("/api/oauth", oauthRoutes);
-app.use("/api/chat/*", requireAuth);
 app.use("/api/publish/*", requireAuth);
-app.route("/api/chat", chatRoutes);
 app.route("/api/publish", publishRoutes);
 app.use("/api/dashboard/*", requireAuth);
 app.route("/api/dashboard", dashboardRoutes);
+app.use("/api/terminal/*", requireAuth);
+app.route("/api/terminal", terminalRoutes);
+app.use("/api/stories/*", requireAuth);
+app.route("/api/stories", storiesRoutes);
+app.use("/api/settings/*", requireAuth);
+app.route("/api/settings", settingsRoutes);
 
 // Health check
 app.get("/api/health", (c) => c.json({ status: "ok" }));
 
-// WebSocket chat endpoint (auth via query param since WS can't send headers)
-app.get(
-  "/ws/chat",
-  upgradeWebSocket((c) => {
-    const wsToken = new URL(c.req.url).searchParams.get("token");
-    let authenticated = false;
-
-    return {
-    async onOpen(_event, ws) {
-      if (!wsToken) { ws.close(4001, "Missing token"); return; }
-      const { db } = await import("./db");
-      const session = await db.session.findUnique({ where: { token: wsToken } });
-      if (!session || session.expiresAt < new Date()) { ws.close(4001, "Invalid token"); return; }
-      authenticated = true;
-    },
-    async onMessage(event, ws) {
-      if (!authenticated) { ws.close(4001, "Not authenticated"); return; }
-      try {
-        const data = JSON.parse(String(event.data));
-        if (data.type === "message" && data.sessionId && data.content) {
-          const { db } = await import("./db");
-          const { streamChat } = await import("./lib/llm-client");
-          const { WRITER_SYSTEM_PROMPT } = await import("./lib/writer-prompt");
-
-          // Save user message
-          await db.message.create({
-            data: { sessionId: data.sessionId, role: "user", content: data.content },
-          });
-
-          // Build context
-          const messages = await db.message.findMany({
-            where: { sessionId: data.sessionId },
-            orderBy: { createdAt: "asc" },
-          });
-
-          const chatMessages = [
-            { role: "system" as const, content: WRITER_SYSTEM_PROMPT },
-            ...messages.map((m: { role: string; content: string }) => ({
-              role: m.role as "user" | "assistant" | "system",
-              content: m.content,
-            })),
-          ];
-
-          // Stream response
-          let fullResponse = "";
-          for await (const chunk of streamChat(chatMessages)) {
-            fullResponse += chunk;
-            ws.send(JSON.stringify({ type: "chunk", content: chunk }));
-          }
-
-          // Save assistant message
-          await db.message.create({
-            data: { sessionId: data.sessionId, role: "assistant", content: fullResponse },
-          });
-
-          ws.send(JSON.stringify({ type: "done" }));
-        }
-      } catch (err: unknown) {
-        const message = err instanceof Error ? err.message : "WebSocket error";
-        ws.send(JSON.stringify({ type: "error", message }));
-      }
-    },
-  };
-  }),
-);
-
 // In production, serve the built frontend
 const distPath = path.join(__dirname, "web", "dist");
 if (fs.existsSync(distPath)) {
@@ -143,12 +72,37 @@ async function start() {
   // Initialize database connection
   await initDb();
 
+  // Ensure stories directory exists
+  const storiesDir = path.join(__dirname, "..", "stories");
+  if (!fs.existsSync(storiesDir)) fs.mkdirSync(storiesDir, { recursive: true });
+
   const port = Number(process.env.APP_PORT) || 7777;
   const server = serve({ fetch: app.fetch, port }, (info) => {
     console.log(`\n  PlotLink OWS running at http://localhost:${info.port}\n`);
   });
 
-  injectWebSocket(server);
+  // Terminal WebSocket: raw WS on /ws/terminal (bypasses Hono for raw PTY relay)
+  const { WebSocketServer } = await import("ws");
+  const wss = new WebSocketServer({ noServer: true });
+  // server from serve() IS an http.Server
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
+  (server as any).on("upgrade", (req: any, socket: any, head: any) => {
+    const url = new URL(req.url || "", `http://localhost:${port}`);
+    if (url.pathname === "/ws/terminal") {
+      // Auth check: verify token from query params
+      const wsToken = url.searchParams.get("token");
+      if (!wsToken) { socket.destroy(); return; }
+      import("./db").then(async ({ db }) => {
+        const session = await db.session.findUnique({ where: { token: wsToken } });
+        if (!session || session.expiresAt < new Date()) { socket.destroy(); return; }
+        const story = url.searchParams.get("story") || undefined;
+        const resume = url.searchParams.get("resume") === "true";
+        wss.handleUpgrade(req, socket, head, (ws) => {
+          attachTerminalWs(ws as unknown as WebSocket, story, resume);
+        });
+      }).catch(() => socket.destroy());
+    }
+  });
 }
 
 start().catch(console.error);

package/app/web/App.tsx

@@ -3,8 +3,6 @@ import { Login } from "./components/Login";
 import { Setup } from "./components/Setup";
 import { Layout } from "./components/Layout";
 
-const API_BASE = "http://localhost:7777";
-
 export function App() {
   const [token, setToken] = useState<string | null>(() =>
     localStorage.getItem("ows-token"),
@@ -14,7 +12,7 @@ export function App() {
 
   useEffect(() => {
     // Check if passphrase is configured (first-run detection)
-    fetch(`${API_BASE}/api/auth/status`)
+    fetch(`/api/auth/status`)
       .then((r) => r.json())
       .then((d) => setConfigured(d.configured))
       .catch(() => setConfigured(null));
@@ -26,7 +24,7 @@ export function App() {
       setChecking(false);
       return;
     }
-    fetch(`${API_BASE}/api/auth/verify`, {
+    fetch(`/api/auth/verify`, {
       headers: { Authorization: `Bearer ${token}` },
     })
       .then((r) => {
@@ -44,7 +42,7 @@ export function App() {
 
   const handleLogin = async (passphrase: string): Promise<string | null> => {
     try {
-      const res = await fetch(`${API_BASE}/api/auth/login`, {
+      const res = await fetch(`/api/auth/login`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ passphrase }),
@@ -61,7 +59,7 @@ export function App() {
 
   const handleSetup = async (passphrase: string): Promise<string | null> => {
     try {
-      const res = await fetch(`${API_BASE}/api/auth/setup`, {
+      const res = await fetch(`/api/auth/setup`, {
         method: "POST",
         headers: { "Content-Type": "application/json" },
         body: JSON.stringify({ passphrase }),