sh3-server 0.19.6 → 0.20.2

package/dist/mounts/store.js

@@ -0,0 +1,115 @@
+import { readFileSync, writeFileSync, mkdirSync, existsSync } from 'node:fs';
+import { dirname } from 'node:path';
+export class MountStore {
+    #mountsPath;
+    #attachmentsPath;
+    #mounts = [];
+    #attachments = [];
+    constructor(dataDir) {
+        this.#mountsPath = `${dataDir}/mounts.json`;
+        this.#attachmentsPath = `${dataDir}/mount-attachments.json`;
+        this.#load();
+    }
+    #load() {
+        if (existsSync(this.#mountsPath)) {
+            try {
+                const data = JSON.parse(readFileSync(this.#mountsPath, 'utf-8'));
+                this.#mounts = data.mounts ?? [];
+            }
+            catch {
+                this.#mounts = [];
+            }
+        }
+        if (existsSync(this.#attachmentsPath)) {
+            try {
+                const data = JSON.parse(readFileSync(this.#attachmentsPath, 'utf-8'));
+                this.#attachments = data.attachments ?? [];
+            }
+            catch {
+                this.#attachments = [];
+            }
+        }
+    }
+    #saveMounts() {
+        mkdirSync(dirname(this.#mountsPath), { recursive: true });
+        writeFileSync(this.#mountsPath, JSON.stringify({ mounts: this.#mounts }, null, 2));
+    }
+    #saveAttachments() {
+        mkdirSync(dirname(this.#attachmentsPath), { recursive: true });
+        writeFileSync(this.#attachmentsPath, JSON.stringify({ attachments: this.#attachments }, null, 2));
+    }
+    create(input) {
+        if (this.#mounts.some(m => m.id === input.id)) {
+            throw new Error(`Mount "${input.id}" already exists`);
+        }
+        const now = new Date().toISOString();
+        const record = {
+            id: input.id,
+            label: input.label,
+            path: input.path,
+            createdAt: now,
+            updatedAt: now,
+        };
+        this.#mounts.push(record);
+        this.#saveMounts();
+        return { ...record };
+    }
+    get(id) {
+        return this.#mounts.find(m => m.id === id) ?? null;
+    }
+    list() {
+        return [...this.#mounts];
+    }
+    update(id, patch) {
+        const mount = this.#mounts.find(m => m.id === id);
+        if (!mount)
+            return null;
+        if (patch.label !== undefined)
+            mount.label = patch.label;
+        if (patch.path !== undefined)
+            mount.path = patch.path;
+        mount.updatedAt = new Date().toISOString();
+        this.#saveMounts();
+        return { ...mount };
+    }
+    delete(id) {
+        const before = this.#mounts.length;
+        this.#mounts = this.#mounts.filter(m => m.id !== id);
+        if (this.#mounts.length < before) {
+            this.#attachments = this.#attachments.filter(a => a.mountId !== id);
+            this.#saveMounts();
+            this.#saveAttachments();
+            return true;
+        }
+        return false;
+    }
+    attach(mountId, tenantId) {
+        const existing = this.#attachments.find(a => a.mountId === mountId && a.tenantId === tenantId);
+        if (existing)
+            return { ...existing };
+        const att = {
+            mountId,
+            tenantId,
+            attachedAt: new Date().toISOString(),
+        };
+        this.#attachments.push(att);
+        this.#saveAttachments();
+        return { ...att };
+    }
+    detach(mountId, tenantId) {
+        const before = this.#attachments.length;
+        this.#attachments = this.#attachments.filter(a => !(a.mountId === mountId && a.tenantId === tenantId));
+        if (this.#attachments.length < before) {
+            this.#saveAttachments();
+        }
+    }
+    listAttachments(mountId) {
+        return this.#attachments.filter(a => a.mountId === mountId);
+    }
+    listTenantAttachments(tenantId) {
+        return this.#attachments.filter(a => a.tenantId === tenantId);
+    }
+    isAttached(mountId, tenantId) {
+        return this.#attachments.some(a => a.mountId === mountId && a.tenantId === tenantId);
+    }
+}

package/dist/routes/admin.d.ts

@@ -7,4 +7,6 @@ import type { UserStore } from '../users.js';
 import type { SettingsStore } from '../settings.js';
 import type { SessionStore } from '../sessions.js';
 import type { KeyStore } from '../keys.js';
-export declare function createAdminRouter(users: UserStore, settings: SettingsStore, sessions: SessionStore, keys: KeyStore, dataDir: string): Hono;
+import type { MountStore } from '../mounts/store.js';
+import type { MountedPathResolver } from '../mounts/resolver.js';
+export declare function createAdminRouter(users: UserStore, settings: SettingsStore, sessions: SessionStore, keys: KeyStore, dataDir: string, mountStore?: MountStore, mountResolver?: MountedPathResolver): Hono;

package/dist/routes/admin.js

@@ -6,7 +6,8 @@ import { Hono } from 'hono';
 import { execFile } from 'node:child_process';
 import { existsSync } from 'node:fs';
 import { join } from 'node:path';
-export function createAdminRouter(users, settings, sessions, keys, dataDir) {
+import { createMountsRouter } from '../mounts/routes.js';
+export function createAdminRouter(users, settings, sessions, keys, dataDir, mountStore, mountResolver) {
     const router = new Hono();
     // --- Users CRUD ---
     router.get('/users', (c) => {
@@ -126,5 +127,9 @@ export function createAdminRouter(users, settings, sessions, keys, dataDir) {
             return c.json({ error: 'Key not found' }, 404);
         return c.body(null, 204);
     });
+    // Mount management routes (if stores provided)
+    if (mountStore && mountResolver) {
+        router.route('/', createMountsRouter(mountStore, mountResolver));
+    }
     return router;
 }

package/dist/routes/boot.d.ts

@@ -3,9 +3,15 @@
  *
  * Returns everything the client needs to decide how to render:
  * auth requirements, current session, user, and tenant ID.
+ *
+ * When localMode is true (Tauri sidecar), the route ensures a session
+ * for the local owner: if no valid session is on the request, a new
+ * one is minted against the SessionStore and returned in the response
+ * body. The client then carries it as Authorization: Bearer on
+ * subsequent calls.
  */
 import { Hono } from 'hono';
 import type { SessionStore } from '../sessions.js';
 import type { UserStore } from '../users.js';
 import type { SettingsStore } from '../settings.js';
-export declare function createBootRouter(sessions: SessionStore, users: UserStore, settings: SettingsStore, version: string): Hono;
+export declare function createBootRouter(sessions: SessionStore, users: UserStore, settings: SettingsStore, version: string, localMode?: boolean): Hono;

package/dist/routes/boot.js

@@ -3,14 +3,20 @@
  *
  * Returns everything the client needs to decide how to render:
  * auth requirements, current session, user, and tenant ID.
+ *
+ * When localMode is true (Tauri sidecar), the route ensures a session
+ * for the local owner: if no valid session is on the request, a new
+ * one is minted against the SessionStore and returned in the response
+ * body. The client then carries it as Authorization: Bearer on
+ * subsequent calls.
  */
 import { Hono } from 'hono';
 import { randomUUID } from 'node:crypto';
-export function createBootRouter(sessions, users, settings, version) {
+export function createBootRouter(sessions, users, settings, version, localMode = false) {
     const router = new Hono();
     router.get('/', (c) => {
         const config = settings.get();
-        // Try to extract session
+        // Try to extract session from cookie or Authorization header
         let session = null;
         const cookie = c.req.raw.headers.get('cookie');
         if (cookie) {
@@ -24,13 +30,17 @@ export function createBootRouter(sessions, users, settings, version) {
                 session = sessions.validate(auth.slice(7));
             }
         }
+        // localMode: ensure a session for the local owner.
+        if (localMode && !session) {
+            session = sessions.create('local', 'admin');
+        }
         const user = session ? users.get(session.userId) : null;
         // Determine tenant ID
         let tenantId;
         if (user) {
             tenantId = user.id;
         }
-        else if (!config.auth.required || config.auth.guestAllowed) {
+        else if (config.auth.guestAllowed) {
             tenantId = `guest_${randomUUID()}`;
         }
         else {
@@ -38,7 +48,6 @@ export function createBootRouter(sessions, users, settings, version) {
         }
         return c.json({
             auth: {
-                required: config.auth.required,
                 guestAllowed: config.auth.guestAllowed,
                 selfRegistration: config.auth.selfRegistration,
             },

package/dist/routes/docs.js

@@ -24,8 +24,8 @@ export function createDocsRouter(store, options = {}) {
         ? { settings: options }
         : options;
     const router = new Hono();
-    router.use('/:scope/*', scopeAccessMatch('scope', opts.settings));
-    router.use('/:scope', scopeAccessMatch('scope', opts.settings));
+    router.use('/:scope/*', scopeAccessMatch('scope'));
+    router.use('/:scope', scopeAccessMatch('scope'));
     if (opts.projectStore && opts.appRegistry) {
         router.use('/:scope/:shard/*', projectAppAllowlist({ projectStore: opts.projectStore, appRegistry: opts.appRegistry }));
     }
@@ -51,6 +51,9 @@ export function createDocsRouter(store, options = {}) {
         const { scope, shard } = c.req.param();
         if (isReservedShardId(shard))
             return c.notFound();
+        if (c.req.query('folders') === '1') {
+            return c.json(await store.listFolders(scope, shard, ''));
+        }
         return c.json(await store.list(scope, shard));
     });
     // Branch content read — conflict-branch by origin. Registered before the
@@ -82,6 +85,9 @@ export function createDocsRouter(store, options = {}) {
         const filePath = c.req.path.replace(`/api/docs/${scope}/${shard}/`, '');
         if (!filePath)
             return c.json({ error: 'Missing file path' }, 400);
+        if (c.req.query('folders') === '1') {
+            return c.json(await store.listFolders(scope, shard, filePath));
+        }
         if (c.req.query('meta') === '1') {
             const meta = await store.readMeta(scope, shard, filePath);
             if (!meta)
@@ -157,6 +163,81 @@ export function createDocsRouter(store, options = {}) {
             const meta = await store.readMeta(scope, shard, body.to);
             return c.json({ ok: true, version: meta?.version });
         }
+        if (rawPath.endsWith('/mkdir')) {
+            const folderPath = rawPath.replace(/\/mkdir$/, '');
+            if (!folderPath)
+                return c.json({ error: 'Missing folder path' }, 400);
+            try {
+                await store.mkdir(scope, shard, folderPath);
+            }
+            catch (err) {
+                return c.json({ error: String(err?.message ?? err) }, 409);
+            }
+            return c.json({ ok: true });
+        }
+        if (rawPath.endsWith('/rmdir')) {
+            const folderPath = rawPath.replace(/\/rmdir$/, '');
+            if (!folderPath)
+                return c.json({ error: 'Missing folder path' }, 400);
+            const body = await c.req.json().catch(() => ({}));
+            const recursive = body && body.recursive === true;
+            try {
+                await store.rmdir(scope, shard, folderPath, { recursive });
+            }
+            catch (err) {
+                return c.json({ error: String(err?.message ?? err) }, 409);
+            }
+            return c.json({ ok: true });
+        }
+        if (rawPath.endsWith('/rename-folder')) {
+            const oldPath = rawPath.replace(/\/rename-folder$/, '');
+            if (!oldPath)
+                return c.json({ error: 'Missing folder path' }, 400);
+            const body = await c.req.json().catch(() => null);
+            if (!body || typeof body.to !== 'string' || body.to.length === 0) {
+                return c.json({ error: 'Body must include { to: string }' }, 400);
+            }
+            if (body.to === oldPath) {
+                return c.json({ error: 'Rename target must differ from source' }, 400);
+            }
+            try {
+                await store.renameFolder(scope, shard, oldPath, body.to);
+            }
+            catch (err) {
+                const msg = String(err?.message ?? err);
+                if (/does not exist/i.test(msg))
+                    return c.json({ error: msg }, 404);
+                if (/already exists/i.test(msg))
+                    return c.json({ error: msg }, 409);
+                throw err;
+            }
+            return c.json({ ok: true });
+        }
+        if (rawPath.endsWith('/transfer')) {
+            const filePath = rawPath.replace(/\/transfer$/, '');
+            if (!filePath)
+                return c.json({ error: 'Missing file path' }, 400);
+            const body = await c.req.json().catch(() => null);
+            if (!body || typeof body.targetScope !== 'string' || body.targetScope.length === 0) {
+                return c.json({ error: 'Body must include { targetScope: string }' }, 400);
+            }
+            if (body.targetScope === scope) {
+                return c.json({ error: 'targetScope must differ from source scope' }, 400);
+            }
+            const caller = c.get('caller');
+            if (caller && !caller.accessibleScopes.includes(body.targetScope)) {
+                return c.json({ error: `Caller is not a member of scope "${body.targetScope}"` }, 403);
+            }
+            const targetShard = body.targetShardId ?? shard;
+            const content = await store.read(scope, shard, filePath);
+            if (content === null)
+                return c.json({ error: 'Source document not found' }, 404);
+            await store.write(body.targetScope, targetShard, filePath, content);
+            if (body.delete) {
+                await store.delete(scope, shard, filePath);
+            }
+            return c.json({ ok: true, [body.delete ? 'deleted' : 'copied']: true });
+        }
         return c.json({ error: 'Unknown docs POST endpoint' }, 404);
     });
     // Write

package/dist/routes/projects.d.ts

@@ -1,9 +1,7 @@
 /**
- * Projects HTTP API.
+ * Projects routes — admin-only management + member-visible listing.
  *
  * - GET    /              — list projects the caller is a member of
- * - GET    /all           — admin: list every project
- * - GET    /:id           — fetch one (member or admin)
  * - POST   /              — admin: create a project
  * - PATCH  /:id           — admin: mutate a project
  * - DELETE /:id           — admin: delete a project

package/dist/routes/projects.js

@@ -1,9 +1,7 @@
 /**
- * Projects HTTP API.
+ * Projects routes — admin-only management + member-visible listing.
  *
  * - GET    /              — list projects the caller is a member of
- * - GET    /all           — admin: list every project
- * - GET    /:id           — fetch one (member or admin)
  * - POST   /              — admin: create a project
  * - PATCH  /:id           — admin: mutate a project
  * - DELETE /:id           — admin: delete a project

package/dist/scope.d.ts

@@ -10,7 +10,6 @@
  * unless their accessibleScopes list includes the requested scope.
  */
 import type { MiddlewareHandler } from 'hono';
-import type { SettingsStore } from './settings.js';
 export declare function scopeRequired(scope: string): MiddlewareHandler;
 export declare const requireCallerScope: MiddlewareHandler;
-export declare function scopeAccessMatch(paramName: string, settings?: SettingsStore): MiddlewareHandler;
+export declare function scopeAccessMatch(paramName: string): MiddlewareHandler;

package/dist/scope.js

@@ -28,12 +28,8 @@ export const requireCallerScope = async (c, next) => {
         return c.json({ error: 'Scope-bound credentials required' }, 401);
     return next();
 };
-export function scopeAccessMatch(paramName, settings) {
+export function scopeAccessMatch(paramName) {
     return async (c, next) => {
-        // Open / no-auth mode: admin has explicitly disabled scope isolation.
-        // Mirrors sessionAuth's open-mode bypass; required for Tauri sidecar mode.
-        if (settings && !settings.get().auth.required)
-            return next();
         const caller = c.get('caller');
         if (!caller)
             return c.json({ error: 'Caller not resolved' }, 500);

package/dist/settings.d.ts

@@ -4,7 +4,6 @@
  */
 export interface GlobalSettings {
     auth: {
-        required: boolean;
         guestAllowed: boolean;
         sessionTTL: number;
         selfRegistration: boolean;

package/dist/settings.js

@@ -7,7 +7,6 @@ import { dirname } from 'node:path';
 const MAX_PACKAGE_CACHE_AGE = 31536000; // 1 year
 const DEFAULTS = {
     auth: {
-        required: true,
         guestAllowed: false,
         sessionTTL: 24,
         selfRegistration: false,
@@ -44,7 +43,6 @@ export class SettingsStore {
             const raw = JSON.parse(readFileSync(this.#path, 'utf-8'));
             return {
                 auth: {
-                    required: raw.auth?.required ?? DEFAULTS.auth.required,
                     guestAllowed: raw.auth?.guestAllowed ?? DEFAULTS.auth.guestAllowed,
                     sessionTTL: raw.auth?.sessionTTL ?? DEFAULTS.auth.sessionTTL,
                     selfRegistration: raw.auth?.selfRegistration ?? DEFAULTS.auth.selfRegistration,
@@ -72,8 +70,6 @@ export class SettingsStore {
     /** Patch settings. Only provided fields are updated. */
     update(patch) {
         if (patch.auth) {
-            if (patch.auth.required !== undefined)
-                this.#settings.auth.required = patch.auth.required;
             if (patch.auth.guestAllowed !== undefined)
                 this.#settings.auth.guestAllowed = patch.auth.guestAllowed;
             if (patch.auth.sessionTTL !== undefined)

package/dist/shard-router.d.ts

@@ -48,7 +48,7 @@ export interface MountContext {
     wsRegister(onConnect: (ws: any, c: any) => void): any;
 }
 /** Middleware requiring the caller's scope set to include admin:*. */
-export declare function adminOnly(_keys: KeyStore, settings: SettingsStore): MiddlewareHandler;
+export declare function adminOnly(): MiddlewareHandler;
 /**
  * Dynamic shard route manager. Holds a Map of shard Hono sub-apps
  * and delegates requests from a single wildcard route.

package/dist/shard-router.js

@@ -5,10 +5,8 @@ import { join } from 'node:path';
 import { scopeRequired, requireCallerScope } from './scope.js';
 import { pathToFileURL } from 'node:url';
 /** Middleware requiring the caller's scope set to include admin:*. */
-export function adminOnly(_keys, settings) {
+export function adminOnly() {
     return async (c, next) => {
-        if (!settings.get().auth.required)
-            return next();
         const caller = c.get('caller');
         if (caller?.scopes.includes('admin:*'))
             return next();
@@ -154,6 +152,26 @@ export class ShardRouter {
             // Framework built-ins (mountStatic) may have no sibling manifest; default to empty.
         }
         const docStore = ctx.docStore;
+        // Symmetric path translator: same (shardId, path) pair that documents()
+        // accepts. `mounts/*` walks the MountedPathResolver wired on the docStore;
+        // any other shardId resolves to the canonical native-doc location under
+        // the host's docs dir. Throws on unresolvable mounts so callers can just
+        // hand the result to spawn/streams without branching.
+        const resolveFsPath = (tenant, targetShardId, path) => {
+            if (targetShardId === 'mounts') {
+                const resolver = docStore.mountResolver;
+                if (!resolver)
+                    throw new Error('Mount resolver not configured on docStore');
+                const docPath = path ? `mounts/${path}` : 'mounts';
+                const resolved = resolver.resolve(tenant, docPath);
+                if (resolved.kind === 'mount')
+                    return resolved.realPath;
+                if (resolved.kind === 'mount-unresolved')
+                    throw new Error(resolved.error);
+                throw new Error(`Invalid mount path: ${docPath}`);
+            }
+            return join(docStore.dataDir, 'docs', tenant, targetShardId, path);
+        };
         // Hono's MiddlewareHandler uses a concrete Context generic that isn't
         // assignable to sh3-core's framework-agnostic stand-in (c: unknown).
         // Cast once at assembly — shards only call the handlers, never introspect.
@@ -161,7 +179,7 @@ export class ShardRouter {
             shardId,
             dataDir: shardDataDir,
             permissions,
-            adminOnly: adminOnly(ctx.keys, ctx.settings),
+            adminOnly: adminOnly(),
             scopeRequired,
             tenantRequired: requireCallerScope,
             wsRegister: ctx.wsRegister,
@@ -172,6 +190,7 @@ export class ShardRouter {
                     return; // silent no-op
                 docStore.roles.set(tenant, role);
             },
+            resolveFsPath,
         };
         return ctxOut;
     }

package/dist/tenant-fs/http.d.ts

@@ -5,11 +5,9 @@
  * Read-only. Writes are out of scope for this iteration.
  */
 import type { Hono } from 'hono';
-import type { SettingsStore } from '../settings.js';
 export interface TenantFsRouteContext {
     dataDir: string;
     rootBase: string;
-    settings: SettingsStore;
     maxReadBytes: number;
 }
 export declare function registerTenantFsRoutes(app: Hono, ctx: TenantFsRouteContext): void;

package/dist/tenant-fs/http.js

@@ -16,7 +16,7 @@ function userIdFromContext(c) {
     return session.userId;
 }
 export function registerTenantFsRoutes(app, ctx) {
-    const sessionRequired = makeSessionRequired(ctx.settings);
+    const sessionRequired = makeSessionRequired();
     app.get('/api/fs/list', sessionRequired, async (c) => {
         const rel = c.req.query('path') ?? '';
         const root = documentsRoot(ctx.dataDir, userIdFromContext(c), ctx.rootBase);

package/dist/tenant-fs/session-required.d.ts

@@ -1,11 +1,9 @@
 import type { MiddlewareHandler } from 'hono';
-import type { SettingsStore } from '../settings.js';
 /**
  * Requires an authenticated session on the request. Any role passes.
- * When `auth.required` is false (dev/--no-auth), passes through.
  *
  * Contrast with adminOnly: this gate is for tenant-scoped APIs where any
  * logged-in user can operate — scope is enforced by the handler jailing to
  * the caller's own tenant root, not by role.
  */
-export declare function makeSessionRequired(settings: SettingsStore): MiddlewareHandler;
+export declare function makeSessionRequired(): MiddlewareHandler;

package/dist/tenant-fs/session-required.js

@@ -1,15 +1,12 @@
 /**
  * Requires an authenticated session on the request. Any role passes.
- * When `auth.required` is false (dev/--no-auth), passes through.
  *
  * Contrast with adminOnly: this gate is for tenant-scoped APIs where any
  * logged-in user can operate — scope is enforced by the handler jailing to
  * the caller's own tenant root, not by role.
  */
-export function makeSessionRequired(settings) {
+export function makeSessionRequired() {
     return async (c, next) => {
-        if (!settings.get().auth.required)
-            return next();
         const session = c.get('session') ?? c.env?.session;
         if (!session?.userId) {
             return c.json({ error: 'authentication required' }, 401);

package/dist/users.d.ts

@@ -6,7 +6,7 @@ export interface StoredUser {
     id: string;
     username: string;
     displayName: string;
-    passwordHash: string;
+    passwordHash: string | null;
     role: 'admin' | 'user';
     createdAt: string;
     updatedAt: string;
@@ -39,6 +39,19 @@ export declare class UserStore {
     }): Promise<PublicUser | null>;
     /** Delete a user by ID. Returns true if found and removed. */
     delete(id: string): boolean;
+    /**
+     * Upsert a synthetic user (no password). Used by `--local` desktop mode to
+     * persist the `local` owner without invoking bcrypt (which the SEA sidecar
+     * cannot load). Users created via this path have `passwordHash=null` and
+     * can never authenticate through the password flow — `authenticate()` filters
+     * them out.
+     */
+    upsertSynthetic(opts: {
+        id: string;
+        username: string;
+        displayName: string;
+        role: 'admin' | 'user';
+    }): PublicUser;
     /** Generate a random temporary password. */
     static generatePassword(): string;
 }

package/dist/users.js

@@ -64,6 +64,8 @@ export class UserStore {
         const user = this.#users.find(u => u.username === username.toLowerCase());
         if (!user)
             return null;
+        if (!user.passwordHash)
+            return null;
         if (!(await (await getBcrypt()).compare(password, user.passwordHash)))
             return null;
         return this.#toPublic(user);
@@ -102,6 +104,38 @@ export class UserStore {
         }
         return false;
     }
+    /**
+     * Upsert a synthetic user (no password). Used by `--local` desktop mode to
+     * persist the `local` owner without invoking bcrypt (which the SEA sidecar
+     * cannot load). Users created via this path have `passwordHash=null` and
+     * can never authenticate through the password flow — `authenticate()` filters
+     * them out.
+     */
+    upsertSynthetic(opts) {
+        const lower = opts.username.toLowerCase();
+        const existing = this.#users.find((u) => u.id === opts.id);
+        const now = new Date().toISOString();
+        if (existing) {
+            existing.username = lower;
+            existing.displayName = opts.displayName;
+            existing.role = opts.role;
+            existing.updatedAt = now;
+            this.#save();
+            return this.#toPublic(existing);
+        }
+        const user = {
+            id: opts.id,
+            username: lower,
+            displayName: opts.displayName,
+            passwordHash: null,
+            role: opts.role,
+            createdAt: now,
+            updatedAt: now,
+        };
+        this.#users.push(user);
+        this.#save();
+        return this.#toPublic(user);
+    }
     /** Generate a random temporary password. */
     static generatePassword() {
         return randomBytes(6).toString('base64url');

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sh3-server",
-  "version": "0.19.6",
+  "version": "0.20.2",
   "type": "module",
   "bin": {
     "sh3-server": "dist/cli.js"