npm - ruflo - Versions diffs - 3.10.46 → 3.12.0 - Mend

ruflo 3.10.46 → 3.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (498) hide show

package/README.md +412 -412
package/bin/ruflo.js +77 -77
package/package.json +118 -113
package/src/chat-ui/Dockerfile +25 -25
package/src/chat-ui/patch-mcp-url-safety.sh +28 -28
package/src/config/config.example.json +76 -76
package/src/mcp-bridge/Dockerfile +45 -45
package/src/mcp-bridge/index.js +1692 -1692
package/src/mcp-bridge/mcp-stdio-kernel.js +159 -159
package/src/mcp-bridge/package.json +17 -17
package/src/mcp-bridge/test-harness.js +470 -470
package/src/nginx/Dockerfile +10 -10
package/src/nginx/nginx.conf +67 -67
package/src/nginx/static/favicon-dark.svg +4 -4
package/src/nginx/static/favicon.svg +4 -4
package/src/nginx/static/icon.svg +5 -5
package/src/nginx/static/logo.svg +9 -9
package/src/nginx/static/manifest.json +22 -22
package/src/nginx/static/welcome.js +184 -184
package/src/ruvocal/.claude/skills/add-model-descriptions/SKILL.md +73 -73
package/src/ruvocal/.claude-flow/daemon-state.json +135 -0
package/src/ruvocal/.claude-flow/data/pending-insights.jsonl +0 -0
package/src/ruvocal/.claude-flow/data/ranked-context.json +5 -0
package/src/ruvocal/.claude-flow/logs/daemon.log +31 -0
package/src/ruvocal/.claude-flow/logs/headless/audit_1777949411822_juxau0_prompt.log +989 -0
package/src/ruvocal/.claude-flow/logs/headless/audit_1777949411822_juxau0_result.log +67 -0
package/src/ruvocal/.claude-flow/logs/headless/audit_1777950042278_jvj5xq_prompt.log +989 -0
package/src/ruvocal/.claude-flow/logs/headless/audit_1777950042278_jvj5xq_result.log +93 -0
package/src/ruvocal/.claude-flow/logs/headless/optimize_1777949531823_yt5yc2_prompt.log +1498 -0
package/src/ruvocal/.claude-flow/logs/headless/optimize_1777949531823_yt5yc2_result.log +93 -0
package/src/ruvocal/.claude-flow/logs/headless/testgaps_1777949771821_elw1j4_prompt.log +1498 -0
package/src/ruvocal/.claude-flow/logs/headless/testgaps_1777949771821_elw1j4_result.log +100 -0
package/src/ruvocal/.claude-flow/metrics/codebase-map.json +11 -0
package/src/ruvocal/.claude-flow/metrics/consolidation.json +6 -0
package/src/ruvocal/.claude-flow/neural/stats.json +6 -0
package/src/ruvocal/.claude-flow/sessions/current.json +13 -0
package/src/ruvocal/.devcontainer/Dockerfile +9 -9
package/src/ruvocal/.devcontainer/devcontainer.json +36 -36
package/src/ruvocal/.dockerignore +16 -16
package/src/ruvocal/.eslintignore +13 -13
package/src/ruvocal/.eslintrc.cjs +45 -45
package/src/ruvocal/.gcloudignore +18 -18
package/src/ruvocal/.github/ISSUE_TEMPLATE/bug-report--chat-ui-.md +43 -43
package/src/ruvocal/.github/ISSUE_TEMPLATE/config-support.md +9 -9
package/src/ruvocal/.github/ISSUE_TEMPLATE/feature-request--chat-ui-.md +17 -17
package/src/ruvocal/.github/ISSUE_TEMPLATE/huggingchat.md +11 -11
package/src/ruvocal/.github/release.yml +16 -16
package/src/ruvocal/.github/workflows/build-docs.yml +18 -18
package/src/ruvocal/.github/workflows/build-image.yml +142 -142
package/src/ruvocal/.github/workflows/build-pr-docs.yml +20 -20
package/src/ruvocal/.github/workflows/deploy-dev.yml +63 -63
package/src/ruvocal/.github/workflows/deploy-prod.yml +78 -78
package/src/ruvocal/.github/workflows/lint-and-test.yml +84 -84
package/src/ruvocal/.github/workflows/slugify.yaml +72 -72
package/src/ruvocal/.github/workflows/trufflehog.yml +17 -17
package/src/ruvocal/.github/workflows/upload-pr-documentation.yml +16 -16
package/src/ruvocal/.husky/lint-stage-config.js +4 -4
package/src/ruvocal/.husky/pre-commit +2 -2
package/src/ruvocal/.prettierignore +14 -14
package/src/ruvocal/.prettierrc +7 -7
package/src/ruvocal/.swarm/attestation.db +0 -0
package/src/ruvocal/.swarm/hnsw.index +0 -0
package/src/ruvocal/.swarm/hnsw.metadata.json +1 -0
package/src/ruvocal/.swarm/memory.db +0 -0
package/src/ruvocal/.swarm/schema.sql +305 -0
package/src/ruvocal/CLAUDE.md +126 -126
package/src/ruvocal/Dockerfile +96 -96
package/src/ruvocal/LICENSE +202 -202
package/src/ruvocal/PRIVACY.md +41 -41
package/src/ruvocal/README.md +164 -164
package/src/ruvocal/chart/Chart.yaml +5 -5
package/src/ruvocal/chart/env/dev.yaml +260 -260
package/src/ruvocal/chart/env/prod.yaml +273 -273
package/src/ruvocal/chart/templates/_helpers.tpl +22 -22
package/src/ruvocal/chart/templates/config.yaml +10 -10
package/src/ruvocal/chart/templates/deployment.yaml +81 -81
package/src/ruvocal/chart/templates/hpa.yaml +45 -45
package/src/ruvocal/chart/templates/infisical.yaml +24 -24
package/src/ruvocal/chart/templates/ingress-internal.yaml +32 -32
package/src/ruvocal/chart/templates/ingress.yaml +32 -32
package/src/ruvocal/chart/templates/network-policy.yaml +36 -36
package/src/ruvocal/chart/templates/service-account.yaml +13 -13
package/src/ruvocal/chart/templates/service-monitor.yaml +17 -17
package/src/ruvocal/chart/templates/service.yaml +21 -21
package/src/ruvocal/chart/values.yaml +73 -73
package/src/ruvocal/cloudbuild.yaml +68 -68
package/src/ruvocal/config/branding.env.example +19 -19
package/src/ruvocal/docker-compose.yml +21 -21
package/src/ruvocal/docs/adr/ADR-029-HUGGINGFACE-CHAT-UI-CLOUD-RUN.md +1236 -1236
package/src/ruvocal/docs/adr/ADR-033-RUVECTOR-RUFLO-MCP-INTEGRATION.md +111 -111
package/src/ruvocal/docs/adr/ADR-034-OPTIONAL-MCP-BACKENDS.md +117 -117
package/src/ruvocal/docs/adr/ADR-035-MCP-TOOL-GROUPS.md +186 -186
package/src/ruvocal/docs/adr/ADR-037-AUTOPILOT-CHAT-MODE.md +1500 -1500
package/src/ruvocal/docs/adr/ADR-038-RUVOCAL-FORK.md +286 -286
package/src/ruvocal/docs/source/_toctree.yml +30 -30
package/src/ruvocal/docs/source/configuration/common-issues.md +38 -38
package/src/ruvocal/docs/source/configuration/llm-router.md +105 -105
package/src/ruvocal/docs/source/configuration/mcp-tools.md +84 -84
package/src/ruvocal/docs/source/configuration/metrics.md +9 -9
package/src/ruvocal/docs/source/configuration/open-id.md +57 -57
package/src/ruvocal/docs/source/configuration/overview.md +89 -89
package/src/ruvocal/docs/source/configuration/theming.md +20 -20
package/src/ruvocal/docs/source/developing/architecture.md +48 -48
package/src/ruvocal/docs/source/index.md +53 -53
package/src/ruvocal/docs/source/installation/docker.md +43 -43
package/src/ruvocal/docs/source/installation/helm.md +43 -43
package/src/ruvocal/docs/source/installation/local.md +62 -62
package/src/ruvocal/entrypoint.sh +18 -18
package/src/ruvocal/mcp-bridge/Dockerfile +45 -45
package/src/ruvocal/mcp-bridge/cloudbuild.yaml +49 -49
package/src/ruvocal/mcp-bridge/index.js +1902 -1902
package/src/ruvocal/mcp-bridge/mcp-stdio-kernel.js +159 -159
package/src/ruvocal/mcp-bridge/package-lock.json +762 -762
package/src/ruvocal/mcp-bridge/package.json +17 -17
package/src/ruvocal/mcp-bridge/test-harness.js +470 -470
package/src/ruvocal/package-lock.json +11741 -11741
package/src/ruvocal/package.json +121 -121
package/src/ruvocal/postcss.config.js +6 -6
package/src/ruvocal/rvf.manifest.json +204 -204
package/src/ruvocal/scripts/config.ts +64 -64
package/src/ruvocal/scripts/generate-welcome.mjs +181 -181
package/src/ruvocal/scripts/populate.ts +288 -288
package/src/ruvocal/scripts/samples.txt +194 -194
package/src/ruvocal/scripts/setups/vitest-setup-server.ts +44 -44
package/src/ruvocal/scripts/updateLocalEnv.ts +48 -48
package/src/ruvocal/src/ambient.d.ts +7 -7
package/src/ruvocal/src/app.d.ts +29 -29
package/src/ruvocal/src/app.html +53 -53
package/src/ruvocal/src/hooks.server.ts +32 -32
package/src/ruvocal/src/hooks.ts +6 -6
package/src/ruvocal/src/lib/APIClient.ts +148 -148
package/src/ruvocal/src/lib/actions/clickOutside.ts +18 -18
package/src/ruvocal/src/lib/actions/snapScrollToBottom.ts +346 -346
package/src/ruvocal/src/lib/buildPrompt.ts +33 -33
package/src/ruvocal/src/lib/components/AnnouncementBanner.svelte +20 -20
package/src/ruvocal/src/lib/components/BackgroundGenerationPoller.svelte +168 -168
package/src/ruvocal/src/lib/components/CodeBlock.svelte +73 -73
package/src/ruvocal/src/lib/components/CopyToClipBoardBtn.svelte +92 -92
package/src/ruvocal/src/lib/components/DeleteConversationModal.svelte +75 -75
package/src/ruvocal/src/lib/components/EditConversationModal.svelte +100 -100
package/src/ruvocal/src/lib/components/ExpandNavigation.svelte +22 -22
package/src/ruvocal/src/lib/components/FoundationBackground.svelte +242 -242
package/src/ruvocal/src/lib/components/HoverTooltip.svelte +44 -44
package/src/ruvocal/src/lib/components/HtmlPreviewModal.svelte +143 -143
package/src/ruvocal/src/lib/components/InfiniteScroll.svelte +50 -50
package/src/ruvocal/src/lib/components/MobileNav.svelte +300 -300
package/src/ruvocal/src/lib/components/Modal.svelte +115 -115
package/src/ruvocal/src/lib/components/ModelCardMetadata.svelte +71 -71
package/src/ruvocal/src/lib/components/NavConversationItem.svelte +151 -151
package/src/ruvocal/src/lib/components/NavMenu.svelte +313 -313
package/src/ruvocal/src/lib/components/Pagination.svelte +97 -97
package/src/ruvocal/src/lib/components/PaginationArrow.svelte +27 -27
package/src/ruvocal/src/lib/components/Portal.svelte +24 -24
package/src/ruvocal/src/lib/components/RetryBtn.svelte +18 -18
package/src/ruvocal/src/lib/components/RuFloUniverse.svelte +185 -185
package/src/ruvocal/src/lib/components/RufloHelpModal.svelte +411 -411
package/src/ruvocal/src/lib/components/ScrollToBottomBtn.svelte +47 -47
package/src/ruvocal/src/lib/components/ScrollToPreviousBtn.svelte +77 -77
package/src/ruvocal/src/lib/components/ShareConversationModal.svelte +182 -182
package/src/ruvocal/src/lib/components/StopGeneratingBtn.svelte +69 -69
package/src/ruvocal/src/lib/components/SubscribeModal.svelte +87 -87
package/src/ruvocal/src/lib/components/Switch.svelte +36 -36
package/src/ruvocal/src/lib/components/SystemPromptModal.svelte +44 -44
package/src/ruvocal/src/lib/components/Toast.svelte +27 -27
package/src/ruvocal/src/lib/components/Tooltip.svelte +30 -30
package/src/ruvocal/src/lib/components/WelcomeModal.svelte +46 -46
package/src/ruvocal/src/lib/components/chat/Alternatives.svelte +77 -77
package/src/ruvocal/src/lib/components/chat/BlockWrapper.svelte +72 -72
package/src/ruvocal/src/lib/components/chat/ChatInput.svelte +490 -490
package/src/ruvocal/src/lib/components/chat/ChatIntroduction.svelte +123 -123
package/src/ruvocal/src/lib/components/chat/ChatMessage.svelte +548 -548
package/src/ruvocal/src/lib/components/chat/ChatWindow.svelte +1057 -1057
package/src/ruvocal/src/lib/components/chat/FileDropzone.svelte +92 -92
package/src/ruvocal/src/lib/components/chat/ImageLightbox.svelte +66 -66
package/src/ruvocal/src/lib/components/chat/MarkdownBlock.svelte +23 -23
package/src/ruvocal/src/lib/components/chat/MarkdownRenderer.svelte +69 -69
package/src/ruvocal/src/lib/components/chat/MarkdownRenderer.svelte.test.ts +58 -58
package/src/ruvocal/src/lib/components/chat/MessageAvatar.svelte +103 -103
package/src/ruvocal/src/lib/components/chat/ModelSwitch.svelte +64 -64
package/src/ruvocal/src/lib/components/chat/OpenReasoningResults.svelte +81 -81
package/src/ruvocal/src/lib/components/chat/TaskGroup.svelte +88 -88
package/src/ruvocal/src/lib/components/chat/ToolUpdate.svelte +273 -273
package/src/ruvocal/src/lib/components/chat/UploadedFile.svelte +253 -253
package/src/ruvocal/src/lib/components/chat/UrlFetchModal.svelte +203 -203
package/src/ruvocal/src/lib/components/chat/VoiceRecorder.svelte +214 -214
package/src/ruvocal/src/lib/components/icons/IconBurger.svelte +20 -20
package/src/ruvocal/src/lib/components/icons/IconCheap.svelte +20 -20
package/src/ruvocal/src/lib/components/icons/IconChevron.svelte +24 -24
package/src/ruvocal/src/lib/components/icons/IconDazzled.svelte +40 -40
package/src/ruvocal/src/lib/components/icons/IconFast.svelte +20 -20
package/src/ruvocal/src/lib/components/icons/IconLoading.svelte +22 -22
package/src/ruvocal/src/lib/components/icons/IconMCP.svelte +28 -28
package/src/ruvocal/src/lib/components/icons/IconMoon.svelte +21 -21
package/src/ruvocal/src/lib/components/icons/IconNew.svelte +20 -20
package/src/ruvocal/src/lib/components/icons/IconOmni.svelte +90 -90
package/src/ruvocal/src/lib/components/icons/IconPaperclip.svelte +24 -24
package/src/ruvocal/src/lib/components/icons/IconPro.svelte +37 -37
package/src/ruvocal/src/lib/components/icons/IconShare.svelte +21 -21
package/src/ruvocal/src/lib/components/icons/IconSun.svelte +93 -93
package/src/ruvocal/src/lib/components/icons/Logo.svelte +68 -68
package/src/ruvocal/src/lib/components/icons/LogoHuggingFaceBorderless.svelte +54 -54
package/src/ruvocal/src/lib/components/mcp/AddServerForm.svelte +250 -250
package/src/ruvocal/src/lib/components/mcp/MCPServerManager.svelte +185 -185
package/src/ruvocal/src/lib/components/mcp/ServerCard.svelte +203 -203
package/src/ruvocal/src/lib/components/players/AudioPlayer.svelte +82 -82
package/src/ruvocal/src/lib/components/voice/AudioWaveform.svelte +96 -96
package/src/ruvocal/src/lib/components/wasm/GalleryPanel.svelte +357 -357
package/src/ruvocal/src/lib/constants/mcpExamples.ts +114 -114
package/src/ruvocal/src/lib/constants/mime.ts +11 -11
package/src/ruvocal/src/lib/constants/pagination.ts +1 -1
package/src/ruvocal/src/lib/constants/publicSepToken.ts +1 -1
package/src/ruvocal/src/lib/constants/routerExamples.ts +133 -133
package/src/ruvocal/src/lib/constants/rvagentPresets.ts +206 -206
package/src/ruvocal/src/lib/createShareLink.ts +27 -27
package/src/ruvocal/src/lib/jobs/refresh-conversation-stats.ts +297 -297
package/src/ruvocal/src/lib/migrations/lock.ts +56 -56
package/src/ruvocal/src/lib/migrations/migrations.spec.ts +74 -74
package/src/ruvocal/src/lib/migrations/migrations.ts +109 -109
package/src/ruvocal/src/lib/migrations/routines/01-update-search-assistants.ts +50 -50
package/src/ruvocal/src/lib/migrations/routines/02-update-assistants-models.ts +48 -48
package/src/ruvocal/src/lib/migrations/routines/04-update-message-updates.ts +151 -151
package/src/ruvocal/src/lib/migrations/routines/05-update-message-files.ts +56 -56
package/src/ruvocal/src/lib/migrations/routines/06-trim-message-updates.ts +56 -56
package/src/ruvocal/src/lib/migrations/routines/08-update-featured-to-review.ts +32 -32
package/src/ruvocal/src/lib/migrations/routines/09-delete-empty-conversations.spec.ts +214 -214
package/src/ruvocal/src/lib/migrations/routines/09-delete-empty-conversations.ts +88 -88
package/src/ruvocal/src/lib/migrations/routines/10-update-reports-assistantid.ts +29 -29
package/src/ruvocal/src/lib/migrations/routines/index.ts +15 -15
package/src/ruvocal/src/lib/server/__tests__/conversation-stop-generating.spec.ts +103 -103
package/src/ruvocal/src/lib/server/abortRegistry.ts +57 -57
package/src/ruvocal/src/lib/server/abortedGenerations.ts +43 -43
package/src/ruvocal/src/lib/server/adminToken.ts +62 -62
package/src/ruvocal/src/lib/server/api/__tests__/conversations-id.spec.ts +296 -296
package/src/ruvocal/src/lib/server/api/__tests__/conversations-message.spec.ts +216 -216
package/src/ruvocal/src/lib/server/api/__tests__/conversations.spec.ts +235 -235
package/src/ruvocal/src/lib/server/api/__tests__/misc.spec.ts +72 -72
package/src/ruvocal/src/lib/server/api/__tests__/testHelpers.ts +86 -86
package/src/ruvocal/src/lib/server/api/__tests__/user-reports.spec.ts +78 -78
package/src/ruvocal/src/lib/server/api/__tests__/user.spec.ts +239 -239
package/src/ruvocal/src/lib/server/api/types.ts +37 -37
package/src/ruvocal/src/lib/server/api/utils/requireAuth.ts +22 -22
package/src/ruvocal/src/lib/server/api/utils/resolveConversation.ts +69 -69
package/src/ruvocal/src/lib/server/api/utils/resolveModel.ts +27 -27
package/src/ruvocal/src/lib/server/api/utils/superjsonResponse.ts +15 -15
package/src/ruvocal/src/lib/server/apiToken.ts +11 -11
package/src/ruvocal/src/lib/server/auth.ts +554 -554
package/src/ruvocal/src/lib/server/config.ts +187 -187
package/src/ruvocal/src/lib/server/conversation.ts +83 -83
package/src/ruvocal/src/lib/server/database/__tests__/rvf.spec.ts +709 -709
package/src/ruvocal/src/lib/server/database/postgres.ts +700 -700
package/src/ruvocal/src/lib/server/database/rvf.ts +1078 -1078
package/src/ruvocal/src/lib/server/database.ts +145 -145
package/src/ruvocal/src/lib/server/endpoints/document.ts +68 -68
package/src/ruvocal/src/lib/server/endpoints/endpoints.ts +43 -43
package/src/ruvocal/src/lib/server/endpoints/images.ts +211 -211
package/src/ruvocal/src/lib/server/endpoints/openai/endpointOai.ts +266 -266
package/src/ruvocal/src/lib/server/endpoints/openai/openAIChatToTextGenerationStream.ts +212 -212
package/src/ruvocal/src/lib/server/endpoints/openai/openAICompletionToTextGenerationStream.ts +32 -32
package/src/ruvocal/src/lib/server/endpoints/preprocessMessages.ts +61 -61
package/src/ruvocal/src/lib/server/exitHandler.ts +59 -59
package/src/ruvocal/src/lib/server/files/downloadFile.ts +34 -34
package/src/ruvocal/src/lib/server/files/uploadFile.ts +29 -29
package/src/ruvocal/src/lib/server/findRepoRoot.ts +13 -13
package/src/ruvocal/src/lib/server/generateFromDefaultEndpoint.ts +46 -46
package/src/ruvocal/src/lib/server/hooks/error.ts +37 -37
package/src/ruvocal/src/lib/server/hooks/fetch.ts +22 -22
package/src/ruvocal/src/lib/server/hooks/handle.ts +250 -250
package/src/ruvocal/src/lib/server/hooks/init.ts +51 -51
package/src/ruvocal/src/lib/server/isURLLocal.spec.ts +31 -31
package/src/ruvocal/src/lib/server/isURLLocal.ts +74 -74
package/src/ruvocal/src/lib/server/logger.ts +42 -42
package/src/ruvocal/src/lib/server/mcp/clientPool.spec.ts +175 -175
package/src/ruvocal/src/lib/server/mcp/hf.ts +32 -32
package/src/ruvocal/src/lib/server/mcp/httpClient.ts +122 -122
package/src/ruvocal/src/lib/server/mcp/registry.ts +76 -76
package/src/ruvocal/src/lib/server/mcp/tools.ts +196 -196
package/src/ruvocal/src/lib/server/metrics.ts +255 -255
package/src/ruvocal/src/lib/server/models.ts +518 -518
package/src/ruvocal/src/lib/server/requestContext.ts +55 -55
package/src/ruvocal/src/lib/server/router/arch.ts +230 -230
package/src/ruvocal/src/lib/server/router/endpoint.ts +316 -316
package/src/ruvocal/src/lib/server/router/multimodal.ts +28 -28
package/src/ruvocal/src/lib/server/router/policy.ts +49 -49
package/src/ruvocal/src/lib/server/router/toolsRoute.ts +51 -51
package/src/ruvocal/src/lib/server/router/types.ts +21 -21
package/src/ruvocal/src/lib/server/sendSlack.ts +23 -23
package/src/ruvocal/src/lib/server/textGeneration/generate.ts +258 -258
package/src/ruvocal/src/lib/server/textGeneration/index.ts +96 -96
package/src/ruvocal/src/lib/server/textGeneration/mcp/fileRefs.ts +155 -155
package/src/ruvocal/src/lib/server/textGeneration/mcp/routerResolution.ts +108 -108
package/src/ruvocal/src/lib/server/textGeneration/mcp/runMcpFlow.ts +831 -831
package/src/ruvocal/src/lib/server/textGeneration/mcp/toolInvocation.ts +349 -349
package/src/ruvocal/src/lib/server/textGeneration/mcp/wasmTools.test.ts +633 -633
package/src/ruvocal/src/lib/server/textGeneration/reasoning.ts +23 -23
package/src/ruvocal/src/lib/server/textGeneration/title.ts +83 -83
package/src/ruvocal/src/lib/server/textGeneration/types.ts +28 -28
package/src/ruvocal/src/lib/server/textGeneration/utils/prepareFiles.ts +88 -88
package/src/ruvocal/src/lib/server/textGeneration/utils/routing.ts +21 -21
package/src/ruvocal/src/lib/server/textGeneration/utils/toolPrompt.ts +49 -49
package/src/ruvocal/src/lib/server/urlSafety.ts +77 -77
package/src/ruvocal/src/lib/server/usageLimits.ts +30 -30
package/src/ruvocal/src/lib/stores/autopilotStore.svelte.ts +175 -175
package/src/ruvocal/src/lib/stores/backgroundGenerations.svelte.ts +32 -32
package/src/ruvocal/src/lib/stores/backgroundGenerations.ts +1 -1
package/src/ruvocal/src/lib/stores/errors.ts +9 -9
package/src/ruvocal/src/lib/stores/isAborted.ts +3 -3
package/src/ruvocal/src/lib/stores/isPro.ts +4 -4
package/src/ruvocal/src/lib/stores/loading.ts +3 -3
package/src/ruvocal/src/lib/stores/mcpServers.ts +534 -534
package/src/ruvocal/src/lib/stores/pendingChatInput.ts +3 -3
package/src/ruvocal/src/lib/stores/pendingMessage.ts +9 -9
package/src/ruvocal/src/lib/stores/settings.ts +182 -182
package/src/ruvocal/src/lib/stores/shareModal.ts +13 -13
package/src/ruvocal/src/lib/stores/titleUpdate.ts +8 -8
package/src/ruvocal/src/lib/stores/wasmMcp.ts +472 -472
package/src/ruvocal/src/lib/switchTheme.ts +124 -124
package/src/ruvocal/src/lib/types/AbortedGeneration.ts +8 -8
package/src/ruvocal/src/lib/types/Assistant.ts +31 -31
package/src/ruvocal/src/lib/types/AssistantStats.ts +11 -11
package/src/ruvocal/src/lib/types/ConfigKey.ts +4 -4
package/src/ruvocal/src/lib/types/ConvSidebar.ts +9 -9
package/src/ruvocal/src/lib/types/Conversation.ts +27 -27
package/src/ruvocal/src/lib/types/ConversationStats.ts +13 -13
package/src/ruvocal/src/lib/types/Message.ts +41 -41
package/src/ruvocal/src/lib/types/MessageEvent.ts +10 -10
package/src/ruvocal/src/lib/types/MessageUpdate.ts +139 -139
package/src/ruvocal/src/lib/types/MigrationResult.ts +7 -7
package/src/ruvocal/src/lib/types/Model.ts +23 -23
package/src/ruvocal/src/lib/types/Report.ts +12 -12
package/src/ruvocal/src/lib/types/Review.ts +6 -6
package/src/ruvocal/src/lib/types/Semaphore.ts +19 -19
package/src/ruvocal/src/lib/types/Session.ts +22 -22
package/src/ruvocal/src/lib/types/Settings.ts +93 -93
package/src/ruvocal/src/lib/types/SharedConversation.ts +9 -9
package/src/ruvocal/src/lib/types/Template.ts +6 -6
package/src/ruvocal/src/lib/types/Timestamps.ts +4 -4
package/src/ruvocal/src/lib/types/TokenCache.ts +6 -6
package/src/ruvocal/src/lib/types/Tool.ts +77 -77
package/src/ruvocal/src/lib/types/UrlDependency.ts +5 -5
package/src/ruvocal/src/lib/types/User.ts +14 -14
package/src/ruvocal/src/lib/utils/PublicConfig.svelte.ts +75 -75
package/src/ruvocal/src/lib/utils/auth.ts +17 -17
package/src/ruvocal/src/lib/utils/chunk.ts +33 -33
package/src/ruvocal/src/lib/utils/cookiesAreEnabled.ts +13 -13
package/src/ruvocal/src/lib/utils/debounce.ts +17 -17
package/src/ruvocal/src/lib/utils/deepestChild.ts +6 -6
package/src/ruvocal/src/lib/utils/favicon.ts +21 -21
package/src/ruvocal/src/lib/utils/fetchJSON.ts +23 -23
package/src/ruvocal/src/lib/utils/file2base64.ts +14 -14
package/src/ruvocal/src/lib/utils/formatUserCount.ts +37 -37
package/src/ruvocal/src/lib/utils/generationState.spec.ts +75 -75
package/src/ruvocal/src/lib/utils/generationState.ts +26 -26
package/src/ruvocal/src/lib/utils/getHref.ts +41 -41
package/src/ruvocal/src/lib/utils/getReturnFromGenerator.ts +7 -7
package/src/ruvocal/src/lib/utils/haptics.ts +64 -64
package/src/ruvocal/src/lib/utils/hashConv.ts +12 -12
package/src/ruvocal/src/lib/utils/hf.ts +17 -17
package/src/ruvocal/src/lib/utils/isDesktop.ts +7 -7
package/src/ruvocal/src/lib/utils/isUrl.ts +8 -8
package/src/ruvocal/src/lib/utils/isVirtualKeyboard.ts +16 -16
package/src/ruvocal/src/lib/utils/loadAttachmentsFromUrls.ts +115 -115
package/src/ruvocal/src/lib/utils/marked.spec.ts +96 -96
package/src/ruvocal/src/lib/utils/marked.ts +531 -531
package/src/ruvocal/src/lib/utils/mcpValidation.ts +147 -147
package/src/ruvocal/src/lib/utils/mergeAsyncGenerators.ts +38 -38
package/src/ruvocal/src/lib/utils/messageUpdates.spec.ts +262 -262
package/src/ruvocal/src/lib/utils/messageUpdates.ts +324 -324
package/src/ruvocal/src/lib/utils/mime.ts +56 -56
package/src/ruvocal/src/lib/utils/models.ts +14 -14
package/src/ruvocal/src/lib/utils/parseBlocks.ts +120 -120
package/src/ruvocal/src/lib/utils/parseIncompleteMarkdown.ts +644 -644
package/src/ruvocal/src/lib/utils/parseStringToList.ts +10 -10
package/src/ruvocal/src/lib/utils/randomUuid.ts +14 -14
package/src/ruvocal/src/lib/utils/searchTokens.ts +33 -33
package/src/ruvocal/src/lib/utils/sha256.ts +7 -7
package/src/ruvocal/src/lib/utils/stringifyError.ts +12 -12
package/src/ruvocal/src/lib/utils/sum.ts +3 -3
package/src/ruvocal/src/lib/utils/template.spec.ts +59 -59
package/src/ruvocal/src/lib/utils/template.ts +53 -53
package/src/ruvocal/src/lib/utils/timeout.ts +9 -9
package/src/ruvocal/src/lib/utils/toolProgress.spec.ts +46 -46
package/src/ruvocal/src/lib/utils/toolProgress.ts +11 -11
package/src/ruvocal/src/lib/utils/tree/addChildren.spec.ts +102 -102
package/src/ruvocal/src/lib/utils/tree/addChildren.ts +48 -48
package/src/ruvocal/src/lib/utils/tree/addSibling.spec.ts +81 -81
package/src/ruvocal/src/lib/utils/tree/addSibling.ts +41 -41
package/src/ruvocal/src/lib/utils/tree/buildSubtree.spec.ts +110 -110
package/src/ruvocal/src/lib/utils/tree/buildSubtree.ts +24 -24
package/src/ruvocal/src/lib/utils/tree/convertLegacyConversation.spec.ts +31 -31
package/src/ruvocal/src/lib/utils/tree/convertLegacyConversation.ts +36 -36
package/src/ruvocal/src/lib/utils/tree/isMessageId.spec.ts +15 -15
package/src/ruvocal/src/lib/utils/tree/isMessageId.ts +5 -5
package/src/ruvocal/src/lib/utils/tree/tree.d.ts +14 -14
package/src/ruvocal/src/lib/utils/tree/treeHelpers.spec.ts +167 -167
package/src/ruvocal/src/lib/utils/updates.ts +39 -39
package/src/ruvocal/src/lib/utils/urlParams.ts +13 -13
package/src/ruvocal/src/lib/wasm/idb.ts +438 -438
package/src/ruvocal/src/lib/wasm/index.ts +1213 -1213
package/src/ruvocal/src/lib/wasm/tests/wasm-capabilities.test.ts +565 -565
package/src/ruvocal/src/lib/wasm/wasm.worker.ts +332 -332
package/src/ruvocal/src/lib/wasm/workerClient.ts +166 -166
package/src/ruvocal/src/lib/workers/autopilotWorker.ts +221 -221
package/src/ruvocal/src/lib/workers/detailFetchWorker.ts +100 -100
package/src/ruvocal/src/lib/workers/markdownWorker.ts +61 -61
package/src/ruvocal/src/routes/+error.svelte +20 -20
package/src/ruvocal/src/routes/+layout.svelte +324 -324
package/src/ruvocal/src/routes/+layout.ts +91 -91
package/src/ruvocal/src/routes/+page.svelte +168 -168
package/src/ruvocal/src/routes/.well-known/oauth-cimd/+server.ts +37 -37
package/src/ruvocal/src/routes/__debug/openai/+server.ts +21 -21
package/src/ruvocal/src/routes/admin/export/+server.ts +159 -159
package/src/ruvocal/src/routes/admin/stats/compute/+server.ts +16 -16
package/src/ruvocal/src/routes/api/conversation/[id]/+server.ts +40 -40
package/src/ruvocal/src/routes/api/conversation/[id]/message/[messageId]/+server.ts +42 -42
package/src/ruvocal/src/routes/api/conversations/+server.ts +48 -48
package/src/ruvocal/src/routes/api/fetch-url/+server.ts +147 -147
package/src/ruvocal/src/routes/api/mcp/health/+server.ts +292 -292
package/src/ruvocal/src/routes/api/mcp/servers/+server.ts +32 -32
package/src/ruvocal/src/routes/api/models/+server.ts +25 -25
package/src/ruvocal/src/routes/api/transcribe/+server.ts +104 -104
package/src/ruvocal/src/routes/api/user/+server.ts +15 -15
package/src/ruvocal/src/routes/api/user/validate-token/+server.ts +20 -20
package/src/ruvocal/src/routes/api/v2/conversations/+server.ts +48 -48
package/src/ruvocal/src/routes/api/v2/conversations/[id]/+server.ts +94 -94
package/src/ruvocal/src/routes/api/v2/conversations/[id]/message/[messageId]/+server.ts +43 -43
package/src/ruvocal/src/routes/api/v2/conversations/import-share/+server.ts +23 -23
package/src/ruvocal/src/routes/api/v2/debug/config/+server.ts +16 -16
package/src/ruvocal/src/routes/api/v2/debug/refresh/+server.ts +30 -30
package/src/ruvocal/src/routes/api/v2/export/+server.ts +196 -196
package/src/ruvocal/src/routes/api/v2/feature-flags/+server.ts +14 -14
package/src/ruvocal/src/routes/api/v2/models/+server.ts +38 -38
package/src/ruvocal/src/routes/api/v2/models/[namespace]/+server.ts +8 -8
package/src/ruvocal/src/routes/api/v2/models/[namespace]/[model]/+server.ts +8 -8
package/src/ruvocal/src/routes/api/v2/models/[namespace]/[model]/subscribe/+server.ts +28 -28
package/src/ruvocal/src/routes/api/v2/models/[namespace]/subscribe/+server.ts +28 -28
package/src/ruvocal/src/routes/api/v2/models/old/+server.ts +7 -7
package/src/ruvocal/src/routes/api/v2/models/refresh/+server.ts +33 -33
package/src/ruvocal/src/routes/api/v2/public-config/+server.ts +7 -7
package/src/ruvocal/src/routes/api/v2/user/+server.ts +17 -17
package/src/ruvocal/src/routes/api/v2/user/billing-orgs/+server.ts +73 -73
package/src/ruvocal/src/routes/api/v2/user/reports/+server.ts +17 -17
package/src/ruvocal/src/routes/api/v2/user/settings/+server.ts +110 -110
package/src/ruvocal/src/routes/conversation/+server.ts +115 -115
package/src/ruvocal/src/routes/conversation/[id]/+page.svelte +586 -586
package/src/ruvocal/src/routes/conversation/[id]/+page.ts +60 -60
package/src/ruvocal/src/routes/conversation/[id]/+server.ts +740 -740
package/src/ruvocal/src/routes/conversation/[id]/message/[messageId]/prompt/+server.ts +66 -66
package/src/ruvocal/src/routes/conversation/[id]/share/+server.ts +69 -69
package/src/ruvocal/src/routes/conversation/[id]/stop-generating/+server.ts +35 -35
package/src/ruvocal/src/routes/healthcheck/+server.ts +3 -3
package/src/ruvocal/src/routes/login/+server.ts +5 -5
package/src/ruvocal/src/routes/login/callback/+server.ts +103 -103
package/src/ruvocal/src/routes/login/callback/updateUser.spec.ts +157 -157
package/src/ruvocal/src/routes/login/callback/updateUser.ts +215 -215
package/src/ruvocal/src/routes/logout/+server.ts +18 -18
package/src/ruvocal/src/routes/metrics/+server.ts +18 -18
package/src/ruvocal/src/routes/models/+page.svelte +233 -233
package/src/ruvocal/src/routes/models/[...model]/+page.svelte +161 -161
package/src/ruvocal/src/routes/models/[...model]/+page.ts +14 -14
package/src/ruvocal/src/routes/models/[...model]/thumbnail.png/+server.ts +64 -64
package/src/ruvocal/src/routes/models/[...model]/thumbnail.png/ModelThumbnail.svelte +28 -28
package/src/ruvocal/src/routes/privacy/+page.svelte +11 -11
package/src/ruvocal/src/routes/r/[id]/+page.ts +34 -34
package/src/ruvocal/src/routes/settings/(nav)/+layout.svelte +282 -282
package/src/ruvocal/src/routes/settings/(nav)/+layout.ts +1 -1
package/src/ruvocal/src/routes/settings/(nav)/+server.ts +59 -59
package/src/ruvocal/src/routes/settings/(nav)/[...model]/+page.svelte +464 -464
package/src/ruvocal/src/routes/settings/(nav)/[...model]/+page.ts +14 -14
package/src/ruvocal/src/routes/settings/(nav)/application/+page.svelte +362 -362
package/src/ruvocal/src/routes/settings/+layout.svelte +40 -40
package/src/ruvocal/src/styles/highlight-js.css +195 -195
package/src/ruvocal/src/styles/main.css +144 -144
package/src/ruvocal/static/chatui/favicon-dark.svg +3 -3
package/src/ruvocal/static/chatui/favicon-dev.svg +3 -3
package/src/ruvocal/static/chatui/favicon.svg +3 -3
package/src/ruvocal/static/chatui/icon.svg +3 -3
package/src/ruvocal/static/chatui/logo.svg +7 -7
package/src/ruvocal/static/chatui/manifest.json +54 -54
package/src/ruvocal/static/chatui/welcome.js +184 -184
package/src/ruvocal/static/huggingchat/favicon-dark.svg +4 -4
package/src/ruvocal/static/huggingchat/favicon-dev.svg +4 -4
package/src/ruvocal/static/huggingchat/favicon.svg +4 -4
package/src/ruvocal/static/huggingchat/fulltext-logo.svg +1 -1
package/src/ruvocal/static/huggingchat/icon.svg +4 -4
package/src/ruvocal/static/huggingchat/logo.svg +4 -4
package/src/ruvocal/static/huggingchat/manifest.json +54 -54
package/src/ruvocal/static/huggingchat/routes.chat.json +226 -226
package/src/ruvocal/static/robots.txt +10 -10
package/src/ruvocal/static/wasm/rvagent_wasm.js +1539 -1539
package/src/ruvocal/stub/@reflink/reflink/package.json +5 -5
package/src/ruvocal/svelte.config.js +53 -53
package/src/ruvocal/tailwind.config.cjs +30 -30
package/src/ruvocal/tsconfig.json +19 -19
package/src/ruvocal/vite.config.ts +87 -87
package/src/scripts/deploy.sh +116 -116
package/src/scripts/generate-config.js +245 -245
package/src/scripts/generate-welcome.js +187 -187
package/src/scripts/package-rvf.sh +116 -116

package/src/ruvocal/src/lib/server/hooks/handle.ts CHANGED Viewed

@@ -1,250 +1,250 @@
-import type { Handle, RequestEvent } from "@sveltejs/kit";
-import { collections } from "$lib/server/database";
-import { base } from "$app/paths";
-import { dev } from "$app/environment";
-import {
-	authenticateRequest,
-	loginEnabled,
-	refreshSessionCookie,
-	triggerOauthFlow,
-} from "$lib/server/auth";
-import { ERROR_MESSAGES } from "$lib/stores/errors";
-import { addWeeks } from "date-fns";
-import { logger } from "$lib/server/logger";
-import { adminTokenManager } from "$lib/server/adminToken";
-import { isHostLocalhost } from "$lib/server/isURLLocal";
-import { runWithRequestContext, updateRequestContext } from "$lib/server/requestContext";
-import { config, ready } from "$lib/server/config";
-type HandleInput = Parameters<Handle>[0];
-function getClientAddressSafe(event: RequestEvent): string | undefined {
-	try {
-		return event.getClientAddress();
-	} catch {
-		return undefined;
-	}
-}
-export async function handleRequest({ event, resolve }: HandleInput): Promise<Response> {
-	// Generate a unique request ID for this request
-	const requestId = crypto.randomUUID();
-	// Run the entire request handling within the request context
-	return runWithRequestContext(
-		async () => {
-			await ready.then(() => {
-				config.checkForUpdates();
-			});
-			logger.debug(
-				{
-					locals: event.locals,
-					url: event.url.pathname,
-					params: event.params,
-					request: event.request,
-				},
-				"Request received"
-			);
-			function errorResponse(status: number, message: string) {
-				const sendJson =
-					event.request.headers.get("accept")?.includes("application/json") ||
-					event.request.headers.get("content-type")?.includes("application/json");
-				return new Response(sendJson ? JSON.stringify({ error: message }) : message, {
-					status,
-					headers: {
-						"content-type": sendJson ? "application/json" : "text/plain",
-					},
-				});
-			}
-			if (
-				event.url.pathname.startsWith(`${base}/admin/`) ||
-				event.url.pathname === `${base}/admin`
-			) {
-				const ADMIN_SECRET = config.ADMIN_API_SECRET || config.PARQUET_EXPORT_SECRET;
-				if (!ADMIN_SECRET) {
-					return errorResponse(500, "Admin API is not configured");
-				}
-				if (event.request.headers.get("Authorization") !== `Bearer ${ADMIN_SECRET}`) {
-					return errorResponse(401, "Unauthorized");
-				}
-			}
-			const isApi = event.url.pathname.startsWith(`${base}/api/`);
-			const auth = await authenticateRequest(
-				event.request.headers,
-				event.cookies,
-				event.url,
-				isApi
-			);
-			event.locals.sessionId = auth.sessionId;
-			if (loginEnabled && !auth.user && !event.url.pathname.startsWith(`${base}/.well-known/`)) {
-				if (config.AUTOMATIC_LOGIN === "true") {
-					// AUTOMATIC_LOGIN: always redirect to OAuth flow (unless already on login or healthcheck pages)
-					if (
-						!event.url.pathname.startsWith(`${base}/login`) &&
-						!event.url.pathname.startsWith(`${base}/healthcheck`)
-					) {
-						// To get the same CSRF token after callback
-						refreshSessionCookie(event.cookies, auth.secretSessionId);
-						return await triggerOauthFlow(event);
-					}
-				} else {
-					// Redirect to OAuth flow unless on the authorized pages (home, shared conversation, login, healthcheck, model thumbnails)
-					if (
-						event.url.pathname !== `${base}/` &&
-						event.url.pathname !== `${base}` &&
-						!event.url.pathname.startsWith(`${base}/login`) &&
-						!event.url.pathname.startsWith(`${base}/login/callback`) &&
-						!event.url.pathname.startsWith(`${base}/healthcheck`) &&
-						!event.url.pathname.startsWith(`${base}/r/`) &&
-						!event.url.pathname.startsWith(`${base}/conversation/`) &&
-						!event.url.pathname.startsWith(`${base}/models/`) &&
-						!event.url.pathname.startsWith(`${base}/api`)
-					) {
-						refreshSessionCookie(event.cookies, auth.secretSessionId);
-						return triggerOauthFlow(event);
-					}
-				}
-			}
-			event.locals.user = auth.user || undefined;
-			event.locals.token = auth.token;
-			// Update request context with user after authentication
-			if (auth.user?.username) {
-				updateRequestContext({ user: auth.user.username });
-			}
-			event.locals.isAdmin =
-				event.locals.user?.isAdmin || adminTokenManager.isAdmin(event.locals.sessionId);
-			// CSRF protection
-			const requestContentType = event.request.headers.get("content-type")?.split(";")[0] ?? "";
-			/** https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-enctype */
-			const nativeFormContentTypes = [
-				"multipart/form-data",
-				"application/x-www-form-urlencoded",
-				"text/plain",
-			];
-			if (event.request.method === "POST") {
-				if (nativeFormContentTypes.includes(requestContentType)) {
-					const origin = event.request.headers.get("origin");
-					if (!origin) {
-						return errorResponse(403, "Non-JSON form requests need to have an origin");
-					}
-					const validOrigins = [
-						new URL(event.request.url).host,
-						...(config.PUBLIC_ORIGIN ? [new URL(config.PUBLIC_ORIGIN).host] : []),
-					];
-					if (!validOrigins.includes(new URL(origin).host)) {
-						return errorResponse(403, "Invalid referer for POST request");
-					}
-				}
-			}
-			if (
-				event.request.method === "POST" ||
-				event.url.pathname.startsWith(`${base}/login`) ||
-				event.url.pathname.startsWith(`${base}/login/callback`)
-			) {
-				// if the request is a POST request or login-related we refresh the cookie
-				refreshSessionCookie(event.cookies, auth.secretSessionId);
-				await collections.sessions.updateOne(
-					{ sessionId: auth.sessionId },
-					{ $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
-				);
-			}
-			if (
-				loginEnabled &&
-				!event.locals.user &&
-				!event.url.pathname.startsWith(`${base}/login`) &&
-				!event.url.pathname.startsWith(`${base}/admin`) &&
-				!event.url.pathname.startsWith(`${base}/settings`) &&
-				!["GET", "OPTIONS", "HEAD"].includes(event.request.method)
-			) {
-				return errorResponse(401, ERROR_MESSAGES.authOnly);
-			}
-			let replaced = false;
-			const response = await resolve(event, {
-				transformPageChunk: (chunk) => {
-					// For some reason, Sveltekit doesn't let us load env variables from .env in the app.html template
-					if (replaced || !chunk.html.includes("%gaId%")) {
-						return chunk.html;
-					}
-					replaced = true;
-					return chunk.html.replace("%gaId%", config.PUBLIC_GOOGLE_ANALYTICS_ID);
-				},
-				filterSerializedResponseHeaders: (header) => {
-					return header.includes("content-type");
-				},
-			});
-			// Update request context with status code
-			updateRequestContext({ statusCode: response.status });
-			// Add CSP header to control iframe embedding
-			// Always allow huggingface.co; when ALLOW_IFRAME=true, allow all domains
-			if (config.ALLOW_IFRAME !== "true") {
-				response.headers.append(
-					"Content-Security-Policy",
-					"frame-ancestors https://huggingface.co;"
-				);
-			}
-			if (
-				event.url.pathname.startsWith(`${base}/login/callback`) ||
-				event.url.pathname.startsWith(`${base}/login`)
-			) {
-				response.headers.append("Cache-Control", "no-store");
-			}
-			if (event.url.pathname.startsWith(`${base}/api/`)) {
-				// get origin from the request
-				const requestOrigin = event.request.headers.get("origin");
-				// get origin from the config if its defined
-				let allowedOrigin = config.PUBLIC_ORIGIN ? new URL(config.PUBLIC_ORIGIN).origin : undefined;
-				if (
-					dev || // if we're in dev mode
-					!requestOrigin || // or the origin is null (SSR)
-					isHostLocalhost(new URL(requestOrigin).hostname) // or the origin is localhost
-				) {
-					allowedOrigin = "*"; // allow all origins
-				} else if (allowedOrigin === requestOrigin) {
-					allowedOrigin = requestOrigin; // echo back the caller
-				}
-				if (allowedOrigin) {
-					response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
-					response.headers.set(
-						"Access-Control-Allow-Methods",
-						"GET, POST, PUT, PATCH, DELETE, OPTIONS"
-					);
-					response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
-				}
-			}
-			logger.info("Request completed");
-			return response;
-		},
-		{ requestId, url: event.url.pathname, ip: getClientAddressSafe(event) }
-	);
-}
+import type { Handle, RequestEvent } from "@sveltejs/kit";
+import { collections } from "$lib/server/database";
+import { base } from "$app/paths";
+import { dev } from "$app/environment";
+import {
+	authenticateRequest,
+	loginEnabled,
+	refreshSessionCookie,
+	triggerOauthFlow,
+} from "$lib/server/auth";
+import { ERROR_MESSAGES } from "$lib/stores/errors";
+import { addWeeks } from "date-fns";
+import { logger } from "$lib/server/logger";
+import { adminTokenManager } from "$lib/server/adminToken";
+import { isHostLocalhost } from "$lib/server/isURLLocal";
+import { runWithRequestContext, updateRequestContext } from "$lib/server/requestContext";
+import { config, ready } from "$lib/server/config";
+type HandleInput = Parameters<Handle>[0];
+function getClientAddressSafe(event: RequestEvent): string | undefined {
+	try {
+		return event.getClientAddress();
+	} catch {
+		return undefined;
+	}
+}
+export async function handleRequest({ event, resolve }: HandleInput): Promise<Response> {
+	// Generate a unique request ID for this request
+	const requestId = crypto.randomUUID();
+	// Run the entire request handling within the request context
+	return runWithRequestContext(
+		async () => {
+			await ready.then(() => {
+				config.checkForUpdates();
+			});
+			logger.debug(
+				{
+					locals: event.locals,
+					url: event.url.pathname,
+					params: event.params,
+					request: event.request,
+				},
+				"Request received"
+			);
+			function errorResponse(status: number, message: string) {
+				const sendJson =
+					event.request.headers.get("accept")?.includes("application/json") ||
+					event.request.headers.get("content-type")?.includes("application/json");
+				return new Response(sendJson ? JSON.stringify({ error: message }) : message, {
+					status,
+					headers: {
+						"content-type": sendJson ? "application/json" : "text/plain",
+					},
+				});
+			}
+			if (
+				event.url.pathname.startsWith(`${base}/admin/`) ||
+				event.url.pathname === `${base}/admin`
+			) {
+				const ADMIN_SECRET = config.ADMIN_API_SECRET || config.PARQUET_EXPORT_SECRET;
+				if (!ADMIN_SECRET) {
+					return errorResponse(500, "Admin API is not configured");
+				}
+				if (event.request.headers.get("Authorization") !== `Bearer ${ADMIN_SECRET}`) {
+					return errorResponse(401, "Unauthorized");
+				}
+			}
+			const isApi = event.url.pathname.startsWith(`${base}/api/`);
+			const auth = await authenticateRequest(
+				event.request.headers,
+				event.cookies,
+				event.url,
+				isApi
+			);
+			event.locals.sessionId = auth.sessionId;
+			if (loginEnabled && !auth.user && !event.url.pathname.startsWith(`${base}/.well-known/`)) {
+				if (config.AUTOMATIC_LOGIN === "true") {
+					// AUTOMATIC_LOGIN: always redirect to OAuth flow (unless already on login or healthcheck pages)
+					if (
+						!event.url.pathname.startsWith(`${base}/login`) &&
+						!event.url.pathname.startsWith(`${base}/healthcheck`)
+					) {
+						// To get the same CSRF token after callback
+						refreshSessionCookie(event.cookies, auth.secretSessionId);
+						return await triggerOauthFlow(event);
+					}
+				} else {
+					// Redirect to OAuth flow unless on the authorized pages (home, shared conversation, login, healthcheck, model thumbnails)
+					if (
+						event.url.pathname !== `${base}/` &&
+						event.url.pathname !== `${base}` &&
+						!event.url.pathname.startsWith(`${base}/login`) &&
+						!event.url.pathname.startsWith(`${base}/login/callback`) &&
+						!event.url.pathname.startsWith(`${base}/healthcheck`) &&
+						!event.url.pathname.startsWith(`${base}/r/`) &&
+						!event.url.pathname.startsWith(`${base}/conversation/`) &&
+						!event.url.pathname.startsWith(`${base}/models/`) &&
+						!event.url.pathname.startsWith(`${base}/api`)
+					) {
+						refreshSessionCookie(event.cookies, auth.secretSessionId);
+						return triggerOauthFlow(event);
+					}
+				}
+			}
+			event.locals.user = auth.user || undefined;
+			event.locals.token = auth.token;
+			// Update request context with user after authentication
+			if (auth.user?.username) {
+				updateRequestContext({ user: auth.user.username });
+			}
+			event.locals.isAdmin =
+				event.locals.user?.isAdmin || adminTokenManager.isAdmin(event.locals.sessionId);
+			// CSRF protection
+			const requestContentType = event.request.headers.get("content-type")?.split(";")[0] ?? "";
+			/** https://developer.mozilla.org/en-US/docs/Web/HTML/Element/form#attr-enctype */
+			const nativeFormContentTypes = [
+				"multipart/form-data",
+				"application/x-www-form-urlencoded",
+				"text/plain",
+			];
+			if (event.request.method === "POST") {
+				if (nativeFormContentTypes.includes(requestContentType)) {
+					const origin = event.request.headers.get("origin");
+					if (!origin) {
+						return errorResponse(403, "Non-JSON form requests need to have an origin");
+					}
+					const validOrigins = [
+						new URL(event.request.url).host,
+						...(config.PUBLIC_ORIGIN ? [new URL(config.PUBLIC_ORIGIN).host] : []),
+					];
+					if (!validOrigins.includes(new URL(origin).host)) {
+						return errorResponse(403, "Invalid referer for POST request");
+					}
+				}
+			}
+			if (
+				event.request.method === "POST" ||
+				event.url.pathname.startsWith(`${base}/login`) ||
+				event.url.pathname.startsWith(`${base}/login/callback`)
+			) {
+				// if the request is a POST request or login-related we refresh the cookie
+				refreshSessionCookie(event.cookies, auth.secretSessionId);
+				await collections.sessions.updateOne(
+					{ sessionId: auth.sessionId },
+					{ $set: { updatedAt: new Date(), expiresAt: addWeeks(new Date(), 2) } }
+				);
+			}
+			if (
+				loginEnabled &&
+				!event.locals.user &&
+				!event.url.pathname.startsWith(`${base}/login`) &&
+				!event.url.pathname.startsWith(`${base}/admin`) &&
+				!event.url.pathname.startsWith(`${base}/settings`) &&
+				!["GET", "OPTIONS", "HEAD"].includes(event.request.method)
+			) {
+				return errorResponse(401, ERROR_MESSAGES.authOnly);
+			}
+			let replaced = false;
+			const response = await resolve(event, {
+				transformPageChunk: (chunk) => {
+					// For some reason, Sveltekit doesn't let us load env variables from .env in the app.html template
+					if (replaced || !chunk.html.includes("%gaId%")) {
+						return chunk.html;
+					}
+					replaced = true;
+					return chunk.html.replace("%gaId%", config.PUBLIC_GOOGLE_ANALYTICS_ID);
+				},
+				filterSerializedResponseHeaders: (header) => {
+					return header.includes("content-type");
+				},
+			});
+			// Update request context with status code
+			updateRequestContext({ statusCode: response.status });
+			// Add CSP header to control iframe embedding
+			// Always allow huggingface.co; when ALLOW_IFRAME=true, allow all domains
+			if (config.ALLOW_IFRAME !== "true") {
+				response.headers.append(
+					"Content-Security-Policy",
+					"frame-ancestors https://huggingface.co;"
+				);
+			}
+			if (
+				event.url.pathname.startsWith(`${base}/login/callback`) ||
+				event.url.pathname.startsWith(`${base}/login`)
+			) {
+				response.headers.append("Cache-Control", "no-store");
+			}
+			if (event.url.pathname.startsWith(`${base}/api/`)) {
+				// get origin from the request
+				const requestOrigin = event.request.headers.get("origin");
+				// get origin from the config if its defined
+				let allowedOrigin = config.PUBLIC_ORIGIN ? new URL(config.PUBLIC_ORIGIN).origin : undefined;
+				if (
+					dev || // if we're in dev mode
+					!requestOrigin || // or the origin is null (SSR)
+					isHostLocalhost(new URL(requestOrigin).hostname) // or the origin is localhost
+				) {
+					allowedOrigin = "*"; // allow all origins
+				} else if (allowedOrigin === requestOrigin) {
+					allowedOrigin = requestOrigin; // echo back the caller
+				}
+				if (allowedOrigin) {
+					response.headers.set("Access-Control-Allow-Origin", allowedOrigin);
+					response.headers.set(
+						"Access-Control-Allow-Methods",
+						"GET, POST, PUT, PATCH, DELETE, OPTIONS"
+					);
+					response.headers.set("Access-Control-Allow-Headers", "Content-Type, Authorization");
+				}
+			}
+			logger.info("Request completed");
+			return response;
+		},
+		{ requestId, url: event.url.pathname, ip: getClientAddressSafe(event) }
+	);
+}

package/src/ruvocal/src/lib/server/hooks/init.ts CHANGED Viewed

@@ -1,51 +1,51 @@
-import { config, ready } from "$lib/server/config";
-import { logger } from "$lib/server/logger";
-import { initExitHandler } from "$lib/server/exitHandler";
-import { checkAndRunMigrations } from "$lib/migrations/migrations";
-import { refreshConversationStats } from "$lib/jobs/refresh-conversation-stats";
-import { loadMcpServersOnStartup } from "$lib/server/mcp/registry";
-import { AbortedGenerations } from "$lib/server/abortedGenerations";
-import { adminTokenManager } from "$lib/server/adminToken";
-import { MetricsServer } from "$lib/server/metrics";
-export async function initServer(): Promise<void> {
-	// Wait for config to be fully loaded
-	await ready;
-	// Ensure legacy env expected by some libs: map OPENAI_API_KEY -> HF_TOKEN if absent
-	const canonicalToken = config.OPENAI_API_KEY || config.HF_TOKEN;
-	if (canonicalToken) {
-		process.env.HF_TOKEN ??= canonicalToken;
-	}
-	// Warn if legacy-only var is used
-	if (!config.OPENAI_API_KEY && config.HF_TOKEN) {
-		logger.warn(
-			"HF_TOKEN is deprecated in favor of OPENAI_API_KEY. Please migrate to OPENAI_API_KEY."
-		);
-	}
-	logger.info("Starting server...");
-	initExitHandler();
-	if (config.METRICS_ENABLED === "true") {
-		MetricsServer.getInstance();
-	}
-	checkAndRunMigrations();
-	refreshConversationStats();
-	// Load MCP servers at startup
-	loadMcpServersOnStartup();
-	// Init AbortedGenerations refresh process
-	AbortedGenerations.getInstance();
-	adminTokenManager.displayToken();
-	if (config.EXPOSE_API) {
-		logger.warn(
-			"The EXPOSE_API flag has been deprecated. The API is now required for chat-ui to work."
-		);
-	}
-}
+import { config, ready } from "$lib/server/config";
+import { logger } from "$lib/server/logger";
+import { initExitHandler } from "$lib/server/exitHandler";
+import { checkAndRunMigrations } from "$lib/migrations/migrations";
+import { refreshConversationStats } from "$lib/jobs/refresh-conversation-stats";
+import { loadMcpServersOnStartup } from "$lib/server/mcp/registry";
+import { AbortedGenerations } from "$lib/server/abortedGenerations";
+import { adminTokenManager } from "$lib/server/adminToken";
+import { MetricsServer } from "$lib/server/metrics";
+export async function initServer(): Promise<void> {
+	// Wait for config to be fully loaded
+	await ready;
+	// Ensure legacy env expected by some libs: map OPENAI_API_KEY -> HF_TOKEN if absent
+	const canonicalToken = config.OPENAI_API_KEY || config.HF_TOKEN;
+	if (canonicalToken) {
+		process.env.HF_TOKEN ??= canonicalToken;
+	}
+	// Warn if legacy-only var is used
+	if (!config.OPENAI_API_KEY && config.HF_TOKEN) {
+		logger.warn(
+			"HF_TOKEN is deprecated in favor of OPENAI_API_KEY. Please migrate to OPENAI_API_KEY."
+		);
+	}
+	logger.info("Starting server...");
+	initExitHandler();
+	if (config.METRICS_ENABLED === "true") {
+		MetricsServer.getInstance();
+	}
+	checkAndRunMigrations();
+	refreshConversationStats();
+	// Load MCP servers at startup
+	loadMcpServersOnStartup();
+	// Init AbortedGenerations refresh process
+	AbortedGenerations.getInstance();
+	adminTokenManager.displayToken();
+	if (config.EXPOSE_API) {
+		logger.warn(
+			"The EXPOSE_API flag has been deprecated. The API is now required for chat-ui to work."
+		);
+	}
+}

package/src/ruvocal/src/lib/server/isURLLocal.spec.ts CHANGED Viewed

@@ -1,31 +1,31 @@
-import { isURLLocal } from "./isURLLocal";
-import { describe, expect, it } from "vitest";
-describe("isURLLocal", async () => {
-	it("should return true for localhost", async () => {
-		expect(await isURLLocal(new URL("http://localhost"))).toBe(true);
-	});
-	it("should return true for 127.0.0.1", async () => {
-		expect(await isURLLocal(new URL("http://127.0.0.1"))).toBe(true);
-	});
-	it("should return true for 127.254.254.254", async () => {
-		expect(await isURLLocal(new URL("http://127.254.254.254"))).toBe(true);
-	});
-	it("should return false for huggingface.co", async () => {
-		expect(await isURLLocal(new URL("https://huggingface.co/"))).toBe(false);
-	});
-	it("should return true for 127.0.0.1.nip.io", async () => {
-		expect(await isURLLocal(new URL("http://127.0.0.1.nip.io"))).toBe(true);
-	});
-	it("should fail on ipv6", async () => {
-		await expect(isURLLocal(new URL("http://[::1]"))).rejects.toThrow();
-	});
-	it("should fail on ipv6 --1.sslip.io", async () => {
-		await expect(isURLLocal(new URL("http://--1.sslip.io"))).rejects.toThrow();
-	});
-	it("should fail on invalid domain names", async () => {
-		await expect(
-			isURLLocal(new URL("http://34329487239847329874923948732984.com/"))
-		).rejects.toThrow();
-	});
-});
+import { isURLLocal } from "./isURLLocal";
+import { describe, expect, it } from "vitest";
+describe("isURLLocal", async () => {
+	it("should return true for localhost", async () => {
+		expect(await isURLLocal(new URL("http://localhost"))).toBe(true);
+	});
+	it("should return true for 127.0.0.1", async () => {
+		expect(await isURLLocal(new URL("http://127.0.0.1"))).toBe(true);
+	});
+	it("should return true for 127.254.254.254", async () => {
+		expect(await isURLLocal(new URL("http://127.254.254.254"))).toBe(true);
+	});
+	it("should return false for huggingface.co", async () => {
+		expect(await isURLLocal(new URL("https://huggingface.co/"))).toBe(false);
+	});
+	it("should return true for 127.0.0.1.nip.io", async () => {
+		expect(await isURLLocal(new URL("http://127.0.0.1.nip.io"))).toBe(true);
+	});
+	it("should fail on ipv6", async () => {
+		await expect(isURLLocal(new URL("http://[::1]"))).rejects.toThrow();
+	});
+	it("should fail on ipv6 --1.sslip.io", async () => {
+		await expect(isURLLocal(new URL("http://--1.sslip.io"))).rejects.toThrow();
+	});
+	it("should fail on invalid domain names", async () => {
+		await expect(
+			isURLLocal(new URL("http://34329487239847329874923948732984.com/"))
+		).rejects.toThrow();
+	});
+});