scriptorium 0.0.1

package/docs/config.md

@@ -0,0 +1,49 @@
+# Configuration Reference
+
+Scriptorium reads non-sensitive settings from `config.yml` and secrets from `secrets.yml` in its per-user config directory.
+CLI flags override environment variables, which override YAML values, which override schema defaults.
+
+| Platform | <scriptorium_data_dir> |
+| --- | --- |
+| macOS | `~/Library/Application Support/scriptorium` |
+| Linux | `$XDG_DATA_HOME/scriptorium` or `~/.local/share/scriptorium` |
+| Windows | `%APPDATA%\scriptorium` |
+
+Examples use `<scriptorium_data_dir>` as shorthand for Scriptorium's per-user data directory and `$HOME` for the user's home directory.
+
+## config.yml
+
+```yaml
+server:
+  host: 0.0.0.0
+  port: 5174
+workspace:
+  browserRoot: $HOME
+opencode:
+  bin: opencode
+network:
+  tailscale: false
+database:
+  path: <scriptorium_data_dir>/app.db
+```
+
+| Key | Type | Default | CLI | Env | Description |
+| --- | --- | --- | --- | --- | --- |
+| `server.host` | string | `0.0.0.0` | `--host` | `HOST` | Host interface for the web server. |
+| `server.port` | number | `5174` | `--port` | `PORT` | Port for the web server. |
+| `workspace.browserRoot` | string | `$HOME` | `--browser-root` | `SCRIPTORIUM_BROWSER_ROOT` | Root directory exposed in the workspace browser. |
+| `opencode.bin` | string | `opencode` | `--opencode-bin` | `OPENCODE_BIN` | OpenCode executable name or path. |
+| `network.tailscale` | boolean | `false` | `--tailscale` |  | Expose the app with tailscale serve. |
+| `database.path` | string | `<scriptorium_data_dir>/app.db` | `--db-path` | `SCRIPTORIUM_DB_PATH` | Path to the SQLite database file. |
+
+## secrets.yml
+
+```yaml
+auth:
+  sessionSecret: <generated on first run or set via env>
+```
+
+| Key | Type | Default | CLI | Env | Description |
+| --- | --- | --- | --- | --- | --- |
+| `auth.sessionSecret` | string |  |  | `SESSION_SECRET` | Session signing secret. |
+

package/drizzle/20260312181200_fair_caretaker/migration.sql

@@ -0,0 +1,54 @@
+CREATE TABLE `activation_codes` (
+	`id` text PRIMARY KEY NOT NULL,
+	`passkey_id` text NOT NULL,
+	`code_hash` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`created_at` text NOT NULL,
+	`consumed_at` text,
+	`attempts` integer DEFAULT 0 NOT NULL,
+	FOREIGN KEY (`passkey_id`) REFERENCES `passkeys`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE INDEX `idx_activation_codes_passkey_id` ON `activation_codes` (`passkey_id`);--> statement-breakpoint
+CREATE TABLE `authentication_challenges` (
+	`id` text PRIMARY KEY NOT NULL,
+	`challenge` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `passkeys` (
+	`id` text PRIMARY KEY NOT NULL,
+	`webauthn_user_id` text NOT NULL,
+	`public_key` blob NOT NULL,
+	`counter` integer NOT NULL,
+	`device_type` text NOT NULL,
+	`backed_up` integer NOT NULL,
+	`transports_json` text NOT NULL,
+	`label` text NOT NULL,
+	`status` text NOT NULL,
+	`created_at` text NOT NULL,
+	`activated_at` text,
+	`revoked_at` text,
+	CONSTRAINT "passkeys_status_check" CHECK("passkeys"."status" in ('pending', 'active', 'revoked'))
+);
+--> statement-breakpoint
+CREATE INDEX `idx_passkeys_status` ON `passkeys` (`status`);--> statement-breakpoint
+CREATE TABLE `registration_challenges` (
+	`id` text PRIMARY KEY NOT NULL,
+	`challenge` text NOT NULL,
+	`label` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`created_at` text NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `sessions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`passkey_id` text NOT NULL,
+	`created_at` text NOT NULL,
+	`expires_at` text NOT NULL,
+	`last_seen_at` text NOT NULL,
+	FOREIGN KEY (`passkey_id`) REFERENCES `passkeys`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE INDEX `idx_sessions_expires_at` ON `sessions` (`expires_at`);

package/drizzle/20260312181200_fair_caretaker/snapshot.json

@@ -0,0 +1,484 @@
+{
+  "dialect": "sqlite",
+  "id": "d8fe33d6-0884-4785-989a-e1ba4e24e2d9",
+  "prevIds": [
+    "00000000-0000-0000-0000-000000000000"
+  ],
+  "version": "7",
+  "ddl": [
+    {
+      "name": "activation_codes",
+      "entityType": "tables"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "id",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        "id"
+      ],
+      "nameExplicit": false,
+      "name": "activation_codes_pk",
+      "table": "activation_codes",
+      "entityType": "pks"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "passkey_id",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "code_hash",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "expires_at",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "created_at",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "consumed_at",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "type": "integer",
+      "notNull": true,
+      "autoincrement": false,
+      "default": "0",
+      "generated": null,
+      "name": "attempts",
+      "table": "activation_codes",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        {
+          "value": "passkey_id",
+          "isExpression": false
+        }
+      ],
+      "isUnique": false,
+      "where": null,
+      "origin": "manual",
+      "name": "idx_activation_codes_passkey_id",
+      "table": "activation_codes",
+      "entityType": "indexes"
+    },
+    {
+      "columns": [
+        "passkey_id"
+      ],
+      "tableTo": "passkeys",
+      "columnsTo": [
+        "id"
+      ],
+      "onUpdate": "NO ACTION",
+      "onDelete": "CASCADE",
+      "nameExplicit": false,
+      "name": "activation_codes_passkey_id_passkeys_id_fk",
+      "table": "activation_codes",
+      "entityType": "fks"
+    },
+    {
+      "name": "authentication_challenges",
+      "entityType": "tables"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "id",
+      "table": "authentication_challenges",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        "id"
+      ],
+      "nameExplicit": false,
+      "name": "authentication_challenges_pk",
+      "table": "authentication_challenges",
+      "entityType": "pks"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "challenge",
+      "table": "authentication_challenges",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "expires_at",
+      "table": "authentication_challenges",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "created_at",
+      "table": "authentication_challenges",
+      "entityType": "columns"
+    },
+    {
+      "name": "passkeys",
+      "entityType": "tables"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "id",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        "id"
+      ],
+      "nameExplicit": false,
+      "name": "passkeys_pk",
+      "table": "passkeys",
+      "entityType": "pks"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "webauthn_user_id",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "blob",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "public_key",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "integer",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "counter",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "device_type",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "integer",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "backed_up",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "transports_json",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "label",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "status",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "created_at",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "activated_at",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "revoked_at",
+      "table": "passkeys",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        {
+          "value": "status",
+          "isExpression": false
+        }
+      ],
+      "isUnique": false,
+      "where": null,
+      "origin": "manual",
+      "name": "idx_passkeys_status",
+      "table": "passkeys",
+      "entityType": "indexes"
+    },
+    {
+      "value": "\"passkeys\".\"status\" in ('pending', 'active', 'revoked')",
+      "name": "passkeys_status_check",
+      "table": "passkeys",
+      "entityType": "checks"
+    },
+    {
+      "name": "registration_challenges",
+      "entityType": "tables"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "id",
+      "table": "registration_challenges",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        "id"
+      ],
+      "nameExplicit": false,
+      "name": "registration_challenges_pk",
+      "table": "registration_challenges",
+      "entityType": "pks"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "challenge",
+      "table": "registration_challenges",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "label",
+      "table": "registration_challenges",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "expires_at",
+      "table": "registration_challenges",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "created_at",
+      "table": "registration_challenges",
+      "entityType": "columns"
+    },
+    {
+      "name": "sessions",
+      "entityType": "tables"
+    },
+    {
+      "type": "text",
+      "notNull": false,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "id",
+      "table": "sessions",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        "id"
+      ],
+      "nameExplicit": false,
+      "name": "sessions_pk",
+      "table": "sessions",
+      "entityType": "pks"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "passkey_id",
+      "table": "sessions",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "created_at",
+      "table": "sessions",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "expires_at",
+      "table": "sessions",
+      "entityType": "columns"
+    },
+    {
+      "type": "text",
+      "notNull": true,
+      "autoincrement": false,
+      "default": null,
+      "generated": null,
+      "name": "last_seen_at",
+      "table": "sessions",
+      "entityType": "columns"
+    },
+    {
+      "columns": [
+        {
+          "value": "expires_at",
+          "isExpression": false
+        }
+      ],
+      "isUnique": false,
+      "where": null,
+      "origin": "manual",
+      "name": "idx_sessions_expires_at",
+      "table": "sessions",
+      "entityType": "indexes"
+    },
+    {
+      "columns": [
+        "passkey_id"
+      ],
+      "tableTo": "passkeys",
+      "columnsTo": [
+        "id"
+      ],
+      "onUpdate": "NO ACTION",
+      "onDelete": "CASCADE",
+      "nameExplicit": false,
+      "name": "sessions_passkey_id_passkeys_id_fk",
+      "table": "sessions",
+      "entityType": "fks"
+    }
+  ],
+  "renames": []
+}

package/drizzle/20260313000548_windy_paibok/migration.sql

@@ -0,0 +1,37 @@
+CREATE TABLE `instances` (
+	`id` text PRIMARY KEY,
+	`name` text NOT NULL,
+	`directory` text NOT NULL,
+	`port` integer NOT NULL,
+	`status` text NOT NULL,
+	`created_at` text NOT NULL,
+	`updated_at` text NOT NULL,
+	`last_started_at` text,
+	`last_exit_at` text,
+	`last_error` text,
+	CONSTRAINT "instances_status_check" CHECK("status" in ('starting', 'running', 'stopped', 'error'))
+);
+--> statement-breakpoint
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_passkeys` (
+	`id` text PRIMARY KEY,
+	`webauthn_user_id` text NOT NULL,
+	`public_key` blob NOT NULL,
+	`counter` integer NOT NULL,
+	`device_type` text NOT NULL,
+	`backed_up` integer NOT NULL,
+	`transports_json` text NOT NULL,
+	`label` text NOT NULL,
+	`status` text NOT NULL,
+	`created_at` text NOT NULL,
+	`activated_at` text,
+	`revoked_at` text,
+	CONSTRAINT "passkeys_status_check" CHECK("status" in ('pending', 'active', 'revoked'))
+);
+--> statement-breakpoint
+INSERT INTO `__new_passkeys`(`id`, `webauthn_user_id`, `public_key`, `counter`, `device_type`, `backed_up`, `transports_json`, `label`, `status`, `created_at`, `activated_at`, `revoked_at`) SELECT `id`, `webauthn_user_id`, `public_key`, `counter`, `device_type`, `backed_up`, `transports_json`, `label`, `status`, `created_at`, `activated_at`, `revoked_at` FROM `passkeys`;--> statement-breakpoint
+DROP TABLE `passkeys`;--> statement-breakpoint
+ALTER TABLE `__new_passkeys` RENAME TO `passkeys`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE INDEX `idx_passkeys_status` ON `passkeys` (`status`);--> statement-breakpoint
+CREATE INDEX `idx_instances_status` ON `instances` (`status`);