npm - specrails-desktop - Versions diffs - 2.0.0 - Mend

specrails-desktop 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (455) hide show

package/.claude/commands/specrails/batch-implement.md +287 -0
package/.claude/commands/specrails/compat-check.md +271 -0
package/.claude/commands/specrails/doctor.md +62 -0
package/.claude/commands/specrails/enrich.md +1635 -0
package/.claude/commands/specrails/explore-spec.md +173 -0
package/.claude/commands/specrails/health-check.md +527 -0
package/.claude/commands/specrails/implement.md +1457 -0
package/.claude/commands/specrails/memory-inspect.md +259 -0
package/.claude/commands/specrails/opsx-diff.md +419 -0
package/.claude/commands/specrails/propose-spec.md +102 -0
package/.claude/commands/specrails/reconfig.md +89 -0
package/.claude/commands/specrails/refactor-recommender.md +212 -0
package/.claude/commands/specrails/retry.md +363 -0
package/.claude/commands/specrails/telemetry.md +552 -0
package/.claude/commands/specrails/why.md +96 -0
package/LICENSE +21 -0
package/README.md +290 -0
package/cli/dist/specrails-desktop.js +1098 -0
package/client/dist/assets/ActivityFeedPage-Gy4x8dBt.js +1 -0
package/client/dist/assets/AgentsPage-CPgu--Fb.js +86 -0
package/client/dist/assets/AnalyticsPage-B5sJEee2.js +1 -0
package/client/dist/assets/BarChart-7IMQ8HY1.js +33 -0
package/client/dist/assets/CodePage-CBdFvbwe.js +2 -0
package/client/dist/assets/DesktopAnalyticsPage-w0rdTq4w.js +1 -0
package/client/dist/assets/DocsDialog-BZUYM7wm.js +11 -0
package/client/dist/assets/DocsPage-9QglWl46.js +11 -0
package/client/dist/assets/ExportDropdown-BLZFXtNi.js +1 -0
package/client/dist/assets/IntegrationsPage-BxBE4y99.js +3 -0
package/client/dist/assets/JobDetailPage-DydWx_5S.js +16 -0
package/client/dist/assets/JobsPage-20ibw0IO.js +1 -0
package/client/dist/assets/abap-Bw6f2wDG.js +1 -0
package/client/dist/assets/activity-BEIp_Y1A.js +1 -0
package/client/dist/assets/activity-BdrPln96.js +1 -0
package/client/dist/assets/activity-CpkRS8Sx.js +1 -0
package/client/dist/assets/activity-DKCpESPt.js +1 -0
package/client/dist/assets/activity-DOUVEjJi.js +1 -0
package/client/dist/assets/activity-DRwkql_y.js +1 -0
package/client/dist/assets/activity-DcDQ7tjw.js +1 -0
package/client/dist/assets/activity-Dv6H7wEr.js +1 -0
package/client/dist/assets/addon-image-3WCl5Vhd.js +1 -0
package/client/dist/assets/addon-ligatures-C5OdliKs.js +2 -0
package/client/dist/assets/addon-webgl-BbX6pSjl.js +44 -0
package/client/dist/assets/addspec-B5yl4Loj.js +1 -0
package/client/dist/assets/addspec-BEeF5-zc.js +1 -0
package/client/dist/assets/addspec-D33ocMxf.js +1 -0
package/client/dist/assets/addspec-DFswZ0jK.js +1 -0
package/client/dist/assets/addspec-DRE-jZv7.js +1 -0
package/client/dist/assets/addspec-DVZ15Jp8.js +1 -0
package/client/dist/assets/addspec-Fkv91Opc.js +1 -0
package/client/dist/assets/addspec-GWm4ffKl.js +1 -0
package/client/dist/assets/agents-1nCDWRmP.js +1 -0
package/client/dist/assets/agents-Bm9rPqnt.js +1 -0
package/client/dist/assets/agents-CMxtJMLD.js +1 -0
package/client/dist/assets/agents-DK-Dlc0i.js +1 -0
package/client/dist/assets/agents-Q6Ldfpxx.js +1 -0
package/client/dist/assets/agents-TeOSy-ax.js +1 -0
package/client/dist/assets/agents-iTqjRajS.js +1 -0
package/client/dist/assets/agents-s87sMGzL.js +1 -0
package/client/dist/assets/agentstudio-B6Wb59E7.js +1 -0
package/client/dist/assets/agentstudio-BADhZ41e.js +1 -0
package/client/dist/assets/agentstudio-BSnWLR63.js +1 -0
package/client/dist/assets/agentstudio-BdidyBzZ.js +1 -0
package/client/dist/assets/agentstudio-CxlUllqI.js +1 -0
package/client/dist/assets/agentstudio-D3I62TLJ.js +1 -0
package/client/dist/assets/agentstudio-DuH9TogZ.js +1 -0
package/client/dist/assets/agentstudio-Kw88_dUF.js +1 -0
package/client/dist/assets/aiedit-BWxHGsYA.js +1 -0
package/client/dist/assets/aiedit-D2ji6Qy0.js +1 -0
package/client/dist/assets/aiedit-DAhZTvtk.js +1 -0
package/client/dist/assets/aiedit-DJMny-D5.js +1 -0
package/client/dist/assets/aiedit-DOcxERkU.js +1 -0
package/client/dist/assets/aiedit-DvrcbwGv.js +1 -0
package/client/dist/assets/aiedit-TTwzL1TS.js +1 -0
package/client/dist/assets/aiedit-WBSjT_C1.js +1 -0
package/client/dist/assets/analytics-BIdr0YfL.js +1 -0
package/client/dist/assets/analytics-C6EzgtdE.js +1 -0
package/client/dist/assets/analytics-C9Zc-rkM.js +1 -0
package/client/dist/assets/analytics-CVx3YOc0.js +1 -0
package/client/dist/assets/analytics-CYj0tfj7.js +1 -0
package/client/dist/assets/analytics-CnY4kNG3.js +1 -0
package/client/dist/assets/analytics-CrPCZRJ-.js +1 -0
package/client/dist/assets/analytics-DMCto-TF.js +1 -0
package/client/dist/assets/apex-Cw8_REBo.js +1 -0
package/client/dist/assets/atom-one-dark-B-oHczHB.css +1 -0
package/client/dist/assets/attachments-BIsSSnHJ.js +1 -0
package/client/dist/assets/attachments-BW4L3l2L.js +1 -0
package/client/dist/assets/attachments-Bcf6BG6V.js +1 -0
package/client/dist/assets/attachments-Bke8sCU4.js +1 -0
package/client/dist/assets/attachments-COcrGRFz.js +1 -0
package/client/dist/assets/attachments-DYHGA2Dj.js +1 -0
package/client/dist/assets/attachments-Dd92KpUH.js +1 -0
package/client/dist/assets/attachments-DzdU6DV6.js +1 -0
package/client/dist/assets/azcli-Cz6HAoOw.js +1 -0
package/client/dist/assets/bat-CcJ-xyqL.js +1 -0
package/client/dist/assets/bicep-z1WDCKYz.js +2 -0
package/client/dist/assets/browser-5ErDlJoR.js +1 -0
package/client/dist/assets/browser-Bc-YdlVg.js +1 -0
package/client/dist/assets/browser-BlYF4OOq.js +1 -0
package/client/dist/assets/browser-CT-ReZGt.js +1 -0
package/client/dist/assets/browser-DGITz3fC.js +1 -0
package/client/dist/assets/browser-JsAIGCEW.js +1 -0
package/client/dist/assets/browser-M5-rbPlw.js +1 -0
package/client/dist/assets/browser-Qya9cARy.js +1 -0
package/client/dist/assets/cameligo-BRewOpfa.js +1 -0
package/client/dist/assets/chat-BEGuC03z.js +1 -0
package/client/dist/assets/chat-BEW60P_u.js +1 -0
package/client/dist/assets/chat-BQNMD0PL.js +1 -0
package/client/dist/assets/chat-BsbNGPW9.js +1 -0
package/client/dist/assets/chat-CboQguCi.js +1 -0
package/client/dist/assets/chat-DRCa9pOt.js +1 -0
package/client/dist/assets/chat-DwUm6W9z.js +1 -0
package/client/dist/assets/chat-yoXwguQu.js +1 -0
package/client/dist/assets/chunk-CilyBKbf.js +1 -0
package/client/dist/assets/clojure-DBjRWN6g.js +1 -0
package/client/dist/assets/clsx-DnqN-uhr.js +1 -0
package/client/dist/assets/code-AL1rVIMb.js +1 -0
package/client/dist/assets/code-C0BKpkht.js +1 -0
package/client/dist/assets/code-C0FTS3ew.js +1 -0
package/client/dist/assets/code-CPcHxzxw.js +1 -0
package/client/dist/assets/code-D3ryDniw.js +1 -0
package/client/dist/assets/code-D3zVVQTj.js +1 -0
package/client/dist/assets/code-PCmfS3dn.js +1 -0
package/client/dist/assets/code-exI0G5Wd.js +1 -0
package/client/dist/assets/codicon-ngg6Pgfi.ttf +0 -0
package/client/dist/assets/coffee-Cfk_XHGR.js +1 -0
package/client/dist/assets/commands-B772IyDa.js +1 -0
package/client/dist/assets/commands-BDDp6xFG.js +1 -0
package/client/dist/assets/commands-CJxCry-o.js +1 -0
package/client/dist/assets/commands-CfgY-_of.js +1 -0
package/client/dist/assets/commands-DLrvnPNg.js +1 -0
package/client/dist/assets/commands-IXMOKBYt.js +1 -0
package/client/dist/assets/commands-UD1NzmwX.js +1 -0
package/client/dist/assets/commands-sqrqsxyE.js +1 -0
package/client/dist/assets/common-DCr6VzJ7.js +1 -0
package/client/dist/assets/common-Dard9UNH.js +1 -0
package/client/dist/assets/common-DeDELLZJ.js +1 -0
package/client/dist/assets/common-DltqHaAe.js +1 -0
package/client/dist/assets/common-Dmm1GhdD.js +1 -0
package/client/dist/assets/common-DnjcgkPH.js +1 -0
package/client/dist/assets/common-GbpxfPG8.js +1 -0
package/client/dist/assets/common-wA36jmj1.js +1 -0
package/client/dist/assets/cpp-BVob6BaP.js +1 -0
package/client/dist/assets/csharp-C4fbRuOu.js +1 -0
package/client/dist/assets/csp-DthFP_vT.js +1 -0
package/client/dist/assets/css-CGMH0hcW.js +3 -0
package/client/dist/assets/css.worker-Wv5dxAWO.js +89 -0
package/client/dist/assets/cssMode-Cc6ozl-J.js +1 -0
package/client/dist/assets/cypher-Pnf68BRV.js +1 -0
package/client/dist/assets/dart-PMMOtxZX.js +1 -0
package/client/dist/assets/dashboard-B4ixDVk8.js +1 -0
package/client/dist/assets/dashboard-BZBADHSj.js +1 -0
package/client/dist/assets/dashboard-C1MfeUHs.js +1 -0
package/client/dist/assets/dashboard-C7SK6xu5.js +1 -0
package/client/dist/assets/dashboard-CB6Le1yN.js +1 -0
package/client/dist/assets/dashboard-CoTpMOBM.js +1 -0
package/client/dist/assets/dashboard-Duo4DDCW.js +1 -0
package/client/dist/assets/dashboard-I19DXBxw.js +1 -0
package/client/dist/assets/dist-js-BY-Fv_fg.js +1 -0
package/client/dist/assets/dist-js-Bakc4uxT.js +1 -0
package/client/dist/assets/dockerfile-di1nsJCc.js +1 -0
package/client/dist/assets/ecl-D_WVcB5M.js +1 -0
package/client/dist/assets/editor-Br_kD0ds.css +1 -0
package/client/dist/assets/editor.api2-XLGzZfbc.js +872 -0
package/client/dist/assets/editor.main-CfXxHimg.js +6 -0
package/client/dist/assets/editor.worker-Bd9IXS8d.js +26 -0
package/client/dist/assets/elixir-OAdJEMOn.js +1 -0
package/client/dist/assets/explore-4mFpnrKU.js +1 -0
package/client/dist/assets/explore-A8Ltoblq.js +1 -0
package/client/dist/assets/explore-B9A3iN2W.js +1 -0
package/client/dist/assets/explore-BV5Xxlsn.js +1 -0
package/client/dist/assets/explore-BrBJvfjP.js +1 -0
package/client/dist/assets/explore-C3FSE42C.js +1 -0
package/client/dist/assets/explore-D2EFgt8J.js +1 -0
package/client/dist/assets/explore-hFc3HFcp.js +1 -0
package/client/dist/assets/flow9-D3QEZjgn.js +1 -0
package/client/dist/assets/format-command-CwGuwzGA.js +1 -0
package/client/dist/assets/freemarker2-DP7J1gG3.js +3 -0
package/client/dist/assets/fsharp-BF0k_8N8.js +1 -0
package/client/dist/assets/go-BAQO5Jsz.js +1 -0
package/client/dist/assets/graphql-hdFVFkiV.js +1 -0
package/client/dist/assets/handlebars-BjRlucw6.js +1 -0
package/client/dist/assets/hcl-DWnl1o-X.js +1 -0
package/client/dist/assets/html-OumBQJ-U.js +1 -0
package/client/dist/assets/html.worker-CQP8QQsS.js +502 -0
package/client/dist/assets/htmlMode-CStc3zXM.js +1 -0
package/client/dist/assets/index-CimDRRi7.css +2 -0
package/client/dist/assets/index-XGZaKl_u.js +142 -0
package/client/dist/assets/ini-CB-6OVu3.js +1 -0
package/client/dist/assets/integrations-C3p12Ms6.js +1 -0
package/client/dist/assets/integrations-Cr6hH7XR.js +1 -0
package/client/dist/assets/integrations-Cublz3m6.js +1 -0
package/client/dist/assets/integrations-D28q1kF6.js +1 -0
package/client/dist/assets/integrations-DRdbki5W.js +1 -0
package/client/dist/assets/integrations-DaC4SzzL.js +1 -0
package/client/dist/assets/integrations-DmQYCUvN.js +1 -0
package/client/dist/assets/integrations-HIlUxXVs.js +1 -0
package/client/dist/assets/java-d1CmfiHX.js +1 -0
package/client/dist/assets/javascript-CMk--e7g.js +1 -0
package/client/dist/assets/jobs-BE1siB0M.js +1 -0
package/client/dist/assets/jobs-BHcQ_Faf.js +1 -0
package/client/dist/assets/jobs-CFfc2dNX.js +1 -0
package/client/dist/assets/jobs-CSi5n8X_.js +1 -0
package/client/dist/assets/jobs-Dc3X86PY.js +1 -0
package/client/dist/assets/jobs-De5tASex.js +1 -0
package/client/dist/assets/jobs-DsoXEdo7.js +1 -0
package/client/dist/assets/jobs-Wl-ApPMb.js +1 -0
package/client/dist/assets/json.worker-DzV-CpCQ.js +58 -0
package/client/dist/assets/jsonMode-C2h3ZcjZ.js +7 -0
package/client/dist/assets/julia-Bgv08lKa.js +1 -0
package/client/dist/assets/kotlin-u98kaVTf.js +1 -0
package/client/dist/assets/less-CjYwpgg5.js +2 -0
package/client/dist/assets/lexon-YTjaAFBB.js +1 -0
package/client/dist/assets/lib-CPxTMOAq.js +7 -0
package/client/dist/assets/liquid-mI3KJrBE.js +1 -0
package/client/dist/assets/lspLanguageFeatures-DU09ggWi.js +4 -0
package/client/dist/assets/lua-BzmkWv27.js +1 -0
package/client/dist/assets/m3-CFwk9fw0.js +1 -0
package/client/dist/assets/markdown-CR5iMpSZ.js +1 -0
package/client/dist/assets/mdx-C41VDTR_.js +1 -0
package/client/dist/assets/mips-CcEalc17.js +1 -0
package/client/dist/assets/monaco.contribution-CPObAXMC.js +2 -0
package/client/dist/assets/msdax-BQbkawnr.js +1 -0
package/client/dist/assets/mysql-GTlaaW_P.js +1 -0
package/client/dist/assets/nav-0fwkrgHt.js +1 -0
package/client/dist/assets/nav-BEL3MTwK.js +1 -0
package/client/dist/assets/nav-B_G-TJDW.js +1 -0
package/client/dist/assets/nav-C2YXcbZS.js +1 -0
package/client/dist/assets/nav-ClzOE4mA.js +1 -0
package/client/dist/assets/nav-CtYwmMgu.js +1 -0
package/client/dist/assets/nav-D2bOGSEg.js +1 -0
package/client/dist/assets/nav-iH1V5j6o.js +1 -0
package/client/dist/assets/objective-c-Byu1T5if.js +1 -0
package/client/dist/assets/pascal-BrfzBfRm.js +1 -0
package/client/dist/assets/pascaligo-BXXKFUeo.js +1 -0
package/client/dist/assets/perl-B3OikKq-.js +1 -0
package/client/dist/assets/pgsql-CTsa0Acc.js +1 -0
package/client/dist/assets/php-DiQh3FUW.js +1 -0
package/client/dist/assets/pla-92uH8Fzm.js +1 -0
package/client/dist/assets/postiats-BbeWkKUr.js +1 -0
package/client/dist/assets/powerquery-DgDMzpsm.js +1 -0
package/client/dist/assets/powershell-BfdUUzaG.js +1 -0
package/client/dist/assets/preload-helper-DSXbuxSR.js +1 -0
package/client/dist/assets/protobuf-BojW2ftW.js +2 -0
package/client/dist/assets/pug-BxqTg3IU.js +1 -0
package/client/dist/assets/python-Y27rKQtk.js +1 -0
package/client/dist/assets/qsharp-BX_A-MW9.js +1 -0
package/client/dist/assets/r-D9BMnxvJ.js +1 -0
package/client/dist/assets/razor-Cd5-q9Bp.js +1 -0
package/client/dist/assets/redis-5cJqEQJJ.js +1 -0
package/client/dist/assets/redshift-d8BBqiwb.js +1 -0
package/client/dist/assets/restructuredtext-C8a6yIcZ.js +1 -0
package/client/dist/assets/ruby-egeh-6KX.js +1 -0
package/client/dist/assets/rust-a3r9IInB.js +1 -0
package/client/dist/assets/sb-y8iRIDei.js +1 -0
package/client/dist/assets/scala-BPDK2AmK.js +1 -0
package/client/dist/assets/scheme-BIWUEoOs.js +1 -0
package/client/dist/assets/scss-CA-PSzwg.js +3 -0
package/client/dist/assets/settings-55oDcbSh.js +1 -0
package/client/dist/assets/settings-Bd4Tq1RB.js +1 -0
package/client/dist/assets/settings-CCSM-Fhn.js +1 -0
package/client/dist/assets/settings-D3e_bDoW.js +1 -0
package/client/dist/assets/settings-DKbTkbn7.js +1 -0
package/client/dist/assets/settings-Dxpo6_w7.js +1 -0
package/client/dist/assets/settings-bt84e3Aa.js +1 -0
package/client/dist/assets/settings-nu68QukM.js +1 -0
package/client/dist/assets/setup-BMqwfbW9.js +1 -0
package/client/dist/assets/setup-Bb5LcG28.js +1 -0
package/client/dist/assets/setup-BeEx2_da.js +1 -0
package/client/dist/assets/setup-CCCrB53Q.js +1 -0
package/client/dist/assets/setup-CJA0ATmd.js +1 -0
package/client/dist/assets/setup-CeiDbZcb.js +1 -0
package/client/dist/assets/setup-Cus7TApA.js +1 -0
package/client/dist/assets/setup-D9qOs2Xo.js +1 -0
package/client/dist/assets/shell--LiT1Bja.js +1 -0
package/client/dist/assets/solidity-DdqZccZg.js +1 -0
package/client/dist/assets/sophia-S6-YxNG_.js +1 -0
package/client/dist/assets/sparql-BSf5kMp2.js +1 -0
package/client/dist/assets/specs-BFfu3u-a.js +1 -0
package/client/dist/assets/specs-B__C8-8a.js +1 -0
package/client/dist/assets/specs-CZ1PsXsC.js +1 -0
package/client/dist/assets/specs-D2FzlLn9.js +1 -0
package/client/dist/assets/specs-DaUTrNF9.js +1 -0
package/client/dist/assets/specs-Dyc5hYeE.js +1 -0
package/client/dist/assets/specs-cKEh2LXt.js +1 -0
package/client/dist/assets/specs-k0PyLDVt.js +1 -0
package/client/dist/assets/sql-D7KgjR8G.js +1 -0
package/client/dist/assets/st-BnoDa-Ml.js +1 -0
package/client/dist/assets/swift-DEUHTkUX.js +1 -0
package/client/dist/assets/systemverilog-Tqb_KPnW.js +1 -0
package/client/dist/assets/tcl-BmBFS2qq.js +1 -0
package/client/dist/assets/terminal-80yDMgMF.js +1 -0
package/client/dist/assets/terminal-Bje4ziIa.js +1 -0
package/client/dist/assets/terminal-C2WYcFHF.js +1 -0
package/client/dist/assets/terminal-CSONJOex.js +1 -0
package/client/dist/assets/terminal-DEqzGtcr.js +1 -0
package/client/dist/assets/terminal-DeWzh6ys.js +1 -0
package/client/dist/assets/terminal-YOlsJCQj.js +1 -0
package/client/dist/assets/terminal-lkZYR4wJ.js +1 -0
package/client/dist/assets/tickets-CB7N30gm.js +1 -0
package/client/dist/assets/tickets-CF2PYelu.js +1 -0
package/client/dist/assets/tickets-DNOANUXr.js +1 -0
package/client/dist/assets/tickets-DU1aqsbr.js +1 -0
package/client/dist/assets/tickets-DYvafSaY.js +1 -0
package/client/dist/assets/tickets-DlpC_iTg.js +1 -0
package/client/dist/assets/tickets-DucYgtdl.js +1 -0
package/client/dist/assets/tickets-clefmXLv.js +1 -0
package/client/dist/assets/ts.worker-METxwbDZ.js +67719 -0
package/client/dist/assets/tsMode-B0y_xEci.js +11 -0
package/client/dist/assets/twig-BQV8igWC.js +1 -0
package/client/dist/assets/typescript-BzK0OgwW.js +1 -0
package/client/dist/assets/typespec-DlFroUGY.js +1 -0
package/client/dist/assets/useProjectCache-DSaiGFjV.js +1 -0
package/client/dist/assets/vb-BlrJpIMX.js +1 -0
package/client/dist/assets/wgsl-BWgIc6FZ.js +298 -0
package/client/dist/assets/workers-rt--R2Qy.js +1 -0
package/client/dist/assets/xml-eX9QXAmI.js +1 -0
package/client/dist/assets/yaml-fcsNkpOt.js +1 -0
package/client/dist/index.html +246 -0
package/docs/README.md +54 -0
package/docs/cli.md +198 -0
package/docs/codex.md +210 -0
package/docs/creating-specs.md +197 -0
package/docs/customizing.md +197 -0
package/docs/getting-started.md +140 -0
package/docs/internals/README.md +25 -0
package/docs/internals/adding-a-provider.md +238 -0
package/docs/internals/api-reference.md +634 -0
package/docs/internals/architecture.md +332 -0
package/docs/internals/configuration.md +172 -0
package/docs/internals/openspec-workflow.md +282 -0
package/docs/internals/operations-runbook.md +198 -0
package/docs/internals/profiles.md +152 -0
package/docs/platforms/macos.md +130 -0
package/docs/platforms/windows.md +81 -0
package/docs/running-pipelines.md +240 -0
package/docs/terminal.md +138 -0
package/docs/tracking-cost.md +155 -0
package/package.json +82 -0
package/server/dist/agent-generator.js +232 -0
package/server/dist/agent-refine-db.js +124 -0
package/server/dist/agent-refine-manager.js +526 -0
package/server/dist/ai-invocations.js +111 -0
package/server/dist/attachment-manager.js +299 -0
package/server/dist/auth.js +207 -0
package/server/dist/binary-probe.js +35 -0
package/server/dist/browser-capture-manager.js +576 -0
package/server/dist/browser-capture-types.js +28 -0
package/server/dist/browser-network.js +149 -0
package/server/dist/browser-playwright.js +888 -0
package/server/dist/build-dirs.js +44 -0
package/server/dist/changes-reader.js +120 -0
package/server/dist/chat-manager.js +1060 -0
package/server/dist/chromium-resolver.js +311 -0
package/server/dist/code-explorer-router.js +788 -0
package/server/dist/codex-otel-bridge.js +235 -0
package/server/dist/command-resolver.js +102 -0
package/server/dist/config.js +306 -0
package/server/dist/context-budget.js +113 -0
package/server/dist/context-scope.js +279 -0
package/server/dist/contract-refine-runner.js +521 -0
package/server/dist/core-compat.js +207 -0
package/server/dist/core-package.js +14 -0
package/server/dist/db.js +1034 -0
package/server/dist/desktop-analytics.js +156 -0
package/server/dist/desktop-db.js +456 -0
package/server/dist/desktop-router.js +735 -0
package/server/dist/docs-router.js +207 -0
package/server/dist/explore-contract-refine.js +421 -0
package/server/dist/explore-cwd-manager.js +242 -0
package/server/dist/explore-draft-title.js +47 -0
package/server/dist/explore-smash.js +450 -0
package/server/dist/feature-flags.js +17 -0
package/server/dist/file-provenance.js +382 -0
package/server/dist/file-summary-generator.js +221 -0
package/server/dist/file-summary-manager.js +689 -0
package/server/dist/hooks.js +102 -0
package/server/dist/ids.js +7 -0
package/server/dist/index.js +586 -0
package/server/dist/metrics.js +136 -0
package/server/dist/mobile/index.js +16 -0
package/server/dist/mobile/mobile-admin-router.js +84 -0
package/server/dist/mobile/mobile-auth.js +67 -0
package/server/dist/mobile/mobile-devices.js +80 -0
package/server/dist/mobile/mobile-event-bus.js +39 -0
package/server/dist/mobile/mobile-gateway.js +285 -0
package/server/dist/mobile/mobile-mdns.js +81 -0
package/server/dist/mobile/mobile-pairing.js +179 -0
package/server/dist/mobile/mobile-redact.js +53 -0
package/server/dist/mobile/mobile-router.js +411 -0
package/server/dist/mobile/mobile-tls.js +86 -0
package/server/dist/mobile/mobile-types.js +9 -0
package/server/dist/mobile/mobile-ws.js +275 -0
package/server/dist/path-resolver.js +298 -0
package/server/dist/plugin-manager.js +617 -0
package/server/dist/plugins/claude-approval.js +179 -0
package/server/dist/plugins/claude-md-mutation.js +146 -0
package/server/dist/plugins/codex-mcp.js +108 -0
package/server/dist/plugins/contributors.js +72 -0
package/server/dist/plugins/drift.js +58 -0
package/server/dist/plugins/index.js +14 -0
package/server/dist/plugins/json-mutation.js +120 -0
package/server/dist/plugins/manager.js +32 -0
package/server/dist/plugins/ownership.js +86 -0
package/server/dist/plugins/paths.js +37 -0
package/server/dist/plugins/prereq-installer.js +104 -0
package/server/dist/plugins/rail-integration.js +79 -0
package/server/dist/plugins/serena/index.js +13 -0
package/server/dist/plugins/serena/install.js +91 -0
package/server/dist/plugins/serena/instructions-content.js +21 -0
package/server/dist/plugins/serena/manifest.js +111 -0
package/server/dist/plugins/serena/verify.js +78 -0
package/server/dist/plugins-router.js +215 -0
package/server/dist/pricing.js +89 -0
package/server/dist/profile-manager.js +310 -0
package/server/dist/profiles-router.js +759 -0
package/server/dist/project-registry.js +443 -0
package/server/dist/project-router.js +4016 -0
package/server/dist/proposal-manager.js +291 -0
package/server/dist/provider-selection.js +69 -0
package/server/dist/providers/claude-adapter.js +281 -0
package/server/dist/providers/codex-adapter.js +264 -0
package/server/dist/providers/index.js +23 -0
package/server/dist/providers/registry.js +37 -0
package/server/dist/providers/types.js +22 -0
package/server/dist/queue-manager.js +1511 -0
package/server/dist/rails-router.js +362 -0
package/server/dist/rails-store.js +116 -0
package/server/dist/result-event.js +106 -0
package/server/dist/schemas/profile.v1.json +151 -0
package/server/dist/setup-manager.js +1165 -0
package/server/dist/setup-prerequisites.js +372 -0
package/server/dist/smash-runner.js +663 -0
package/server/dist/spec-draft-parser.js +133 -0
package/server/dist/spec-launcher-manager.js +174 -0
package/server/dist/spec-models.js +32 -0
package/server/dist/specrails-tech-client.js +82 -0
package/server/dist/spending.js +448 -0
package/server/dist/telemetry-compactor.js +180 -0
package/server/dist/telemetry-export.js +317 -0
package/server/dist/telemetry-receiver.js +224 -0
package/server/dist/terminal-manager.js +633 -0
package/server/dist/terminal-marks-store.js +117 -0
package/server/dist/terminal-osc-parser.js +159 -0
package/server/dist/terminal-settings.js +282 -0
package/server/dist/terminal-shell-integration.js +196 -0
package/server/dist/ticket-broadcast.js +47 -0
package/server/dist/ticket-store.js +397 -0
package/server/dist/ticket-watcher.js +117 -0
package/server/dist/types.js +10 -0
package/server/dist/user-mcp-config.js +117 -0
package/server/dist/util/cli-prompt.js +181 -0
package/server/dist/util/secure-fs.js +50 -0
package/server/dist/util/win-spawn.js +43 -0
package/server/dist/webhook-manager.js +89 -0
package/server/dist/ws-routing.js +47 -0

package/server/dist/code-explorer-router.js ADDED Viewed

@@ -0,0 +1,788 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCodeExplorerRouter = createCodeExplorerRouter;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+const child_process_1 = require("child_process");
+const express_1 = require("express");
+const feature_flags_1 = require("./feature-flags");
+const build_dirs_1 = require("./build-dirs");
+const file_provenance_1 = require("./file-provenance");
+const file_summary_manager_1 = require("./file-summary-manager");
+const MAX_TREE_PAGE = 2000;
+const MAX_FILE_BYTES = 2 * 1024 * 1024;
+const BINARY_PROBE_BYTES = 8 * 1024;
+// Hard-coded app deny-list (mirrors design D8). Dotfiles are excluded by name
+// prefix; build/dep dirs come from the shared BUILD_DIRS set (node_modules, dist,
+// build, out, coverage, target, vendor) so the on-demand tree walk skips the same
+// heavy trees the file-summary watcher prunes; extensions handled below.
+const DENY_EXTS = new Set(['.lock', '.log']);
+// Secret-bearing extensions/names blocked as defense-in-depth so credentials are
+// never served to the (non-developer) reader even if .gitignore is missing or git
+// is unavailable. Kept conservative to avoid hiding ordinary source files.
+const SECRET_EXTS = new Set(['.pem', '.key', '.p12', '.pfx', '.keystore', '.jks']);
+const SECRET_NAMES = new Set(['id_rsa', 'id_dsa', 'id_ecdsa', 'id_ed25519']);
+const DENY_NAMES = new Set(['package-lock.json', 'pnpm-lock.yaml', 'yarn.lock']);
+function isDenied(entryName) {
+    // Dotfiles (.env, .npmrc, .netrc, .git, …) are denied wholesale by prefix.
+    if (entryName.startsWith('.'))
+        return true;
+    // Case-insensitive for dir/lockfile names: macOS (APFS) and Windows (NTFS) are
+    // case-insensitive, so `Node_Modules` / `Package-Lock.json` resolve to the same
+    // denied path on disk and must not slip past the policy.
+    const lower = entryName.toLowerCase();
+    if (build_dirs_1.BUILD_DIRS.has(lower))
+        return true;
+    const ext = path_1.default.extname(lower);
+    if (DENY_EXTS.has(ext) || SECRET_EXTS.has(ext))
+        return true;
+    if (DENY_NAMES.has(lower) || SECRET_NAMES.has(lower))
+        return true;
+    return false;
+}
+// Apply the deny-list to ANY segment of a relative path so the policy is the
+// single source of truth across every surface (tree walk, touched-by-ai list,
+// and the content endpoints) — not just the top-level `all` walk.
+function isDeniedRelPath(rel) {
+    return rel.split(/[\\/]/).filter(Boolean).some(isDenied);
+}
+// Normalize a client-supplied relative path to POSIX separators so summary
+// (sha256 of relPath), provenance (git always emits '/'), and content lookups
+// all key off ONE canonical form regardless of the request's separator style.
+function normalizeRel(rel) {
+    return rel.split(/[\\/]/).filter((seg) => seg.length > 0).join('/');
+}
+// Return the subset of `relPaths` that git considers ignored (honours nested
+// .gitignore, excludes tracked files — exactly the set we must hide). One batched
+// `git check-ignore` spawn. Best-effort: any git failure (no repo, no git) → no
+// paths reported, so the deny-list remains the only filter. `check-ignore` exits
+// 1 ("none ignored") which execFileSync throws on — the matched list still lands
+// on stdout, so both branches read stdout.
+function gitIgnoredSet(projectPath, relPaths) {
+    if (relPaths.length === 0)
+        return new Set();
+    let out = '';
+    try {
+        out = (0, child_process_1.execFileSync)('git', ['check-ignore', '--stdin', '-z'], {
+            cwd: projectPath,
+            input: relPaths.join('\0') + '\0',
+            encoding: 'utf8',
+            stdio: ['pipe', 'pipe', 'ignore'],
+            maxBuffer: 16 * 1024 * 1024,
+            timeout: 15_000,
+        });
+    }
+    catch (err) {
+        out = (err.stdout ?? '').toString();
+    }
+    return new Set(out.split('\0').filter((p) => p.length > 0));
+}
+function isGitIgnored(projectPath, relPath) {
+    return gitIgnoredSet(projectPath, [relPath]).has(relPath);
+}
+function languageForExt(ext) {
+    const e = ext.toLowerCase();
+    switch (e) {
+        case '.ts':
+        case '.tsx':
+        case '.cts':
+        case '.mts': return 'typescript';
+        case '.js':
+        case '.jsx':
+        case '.mjs':
+        case '.cjs': return 'javascript';
+        case '.json': return 'json';
+        case '.md': return 'markdown';
+        case '.py': return 'python';
+        case '.rs': return 'rust';
+        case '.go': return 'go';
+        case '.css': return 'css';
+        case '.html': return 'html';
+        case '.yml':
+        case '.yaml': return 'yaml';
+        case '.sh': return 'shell';
+        case '.sql': return 'sql';
+        case '.toml': return 'toml';
+        default: return 'plaintext';
+    }
+}
+function decodeCursor(raw) {
+    if (!raw)
+        return { skip: 0 };
+    try {
+        const json = Buffer.from(raw, 'base64').toString('utf8');
+        const parsed = JSON.parse(json);
+        if (typeof parsed.skip === 'number' && parsed.skip >= 0)
+            return { skip: parsed.skip };
+    }
+    catch {
+        // fall through to default
+    }
+    return { skip: 0 };
+}
+function encodeCursor(skip) {
+    return Buffer.from(JSON.stringify({ skip }), 'utf8').toString('base64');
+}
+function rollupProvenance(rows) {
+    let createdByTicketId = null;
+    const modifiedSet = new Set();
+    // `rows` arrives ordered by `at DESC`. Walk oldest → newest so the earliest
+    // 'created' wins for createdByTicketId.
+    for (const r of [...rows].reverse()) {
+        if (r.ticket_id == null)
+            continue;
+        if (r.kind === 'created' && createdByTicketId == null) {
+            createdByTicketId = r.ticket_id;
+        }
+        else if (r.kind === 'modified') {
+            modifiedSet.add(r.ticket_id);
+        }
+    }
+    // Don't double-count the creating ticket in the modified chips list.
+    if (createdByTicketId != null)
+        modifiedSet.delete(createdByTicketId);
+    return {
+        createdByTicketId,
+        modifiedByTicketIds: [...modifiedSet],
+        latest: rows[0] ?? null,
+        touchedFileCount: 0,
+        rows,
+    };
+}
+function rollupDirectoryProvenance(rowsByPath, dirPath) {
+    const prefix = `${dirPath}/`;
+    const childRows = [];
+    let touchedFileCount = 0;
+    for (const [filePath, rows] of rowsByPath) {
+        if (!filePath.startsWith(prefix))
+            continue;
+        touchedFileCount += 1;
+        childRows.push(...rows);
+    }
+    childRows.sort((a, b) => b.at - a.at);
+    return {
+        ...rollupProvenance(childRows),
+        touchedFileCount,
+    };
+}
+function provenanceToJson(row) {
+    if (!row)
+        return null;
+    return {
+        path: row.file_path,
+        ticketId: row.ticket_id,
+        jobId: row.job_id,
+        kind: row.kind,
+        at: row.at,
+    };
+}
+function provenanceRowsToJson(rows) {
+    return rows.map((row) => ({
+        path: row.file_path,
+        ticketId: row.ticket_id,
+        jobId: row.job_id,
+        kind: row.kind,
+        at: row.at,
+    }));
+}
+function treeProvenanceToJson(provenance) {
+    return {
+        createdByTicketId: provenance.createdByTicketId,
+        modifiedByTicketIds: provenance.modifiedByTicketIds,
+        latest: provenanceToJson(provenance.latest),
+        touchedFileCount: provenance.touchedFileCount,
+        rows: provenanceRowsToJson(provenance.rows),
+    };
+}
+function parsePositiveInt(raw) {
+    if (typeof raw !== 'string' || raw.trim() === '')
+        return null;
+    const n = Number(raw);
+    return Number.isInteger(n) && n > 0 ? n : null;
+}
+function parseNonEmptyString(raw) {
+    return typeof raw === 'string' && raw.trim() !== '' ? raw.trim() : null;
+}
+function listTouchedRows(db, filters) {
+    const where = [];
+    const args = [];
+    if (filters.ticketId != null) {
+        where.push('ticket_id = ?');
+        args.push(filters.ticketId);
+    }
+    if (filters.jobId) {
+        where.push('job_id = ?');
+        args.push(filters.jobId);
+    }
+    if (filters.path) {
+        where.push('file_path = ?');
+        args.push(filters.path);
+    }
+    const whereSql = where.length > 0 ? `WHERE ${where.join(' AND ')}` : '';
+    return db.prepare(`SELECT id, file_path, ticket_id, job_id, kind, at
+     FROM file_provenance ${whereSql}
+     ORDER BY file_path ASC, at DESC`).all(...args);
+}
+function listAllEntries(projectPath) {
+    const out = [];
+    const stack = [projectPath];
+    while (stack.length > 0) {
+        const dir = stack.pop();
+        let entries;
+        try {
+            entries = fs_1.default.readdirSync(dir, { withFileTypes: true });
+        }
+        catch {
+            continue;
+        }
+        for (const entry of entries) {
+            if (isDenied(entry.name))
+                continue;
+            const abs = path_1.default.join(dir, entry.name);
+            // Normalize to POSIX so provenance/summary lookups (which are '/'-keyed)
+            // match on Windows, where path.relative emits backslashes.
+            const rel = normalizeRel(path_1.default.relative(projectPath, abs));
+            if (entry.isDirectory()) {
+                out.push({ rel, isDir: true, size: null, mtime: null });
+                stack.push(abs);
+            }
+            else if (entry.isFile()) {
+                let size = null;
+                let mtime = null;
+                try {
+                    const st = fs_1.default.statSync(abs);
+                    size = st.size;
+                    mtime = st.mtimeMs;
+                }
+                catch {
+                    // ignore
+                }
+                out.push({ rel, isDir: false, size, mtime });
+            }
+        }
+    }
+    // Drop gitignored files (honours the documented .gitignore-respect contract).
+    // Directories are kept — git can't report an ignored dir without its files, and
+    // an empty dir node is harmless; its ignored children are already filtered.
+    const files = out.filter((e) => !e.isDir).map((e) => e.rel);
+    const ignored = gitIgnoredSet(projectPath, files);
+    const filtered = ignored.size > 0 ? out.filter((e) => e.isDir || !ignored.has(e.rel)) : out;
+    filtered.sort((a, b) => a.rel.localeCompare(b.rel));
+    return filtered;
+}
+function listTouchedEntries(projectPath, rowsByPath) {
+    const seen = new Set();
+    const out = [];
+    for (const filePath of rowsByPath.keys()) {
+        // Keep touched-by-ai consistent with the `all` tree (and never surface
+        // secrets like .env that an AI job happened to touch).
+        if (isDeniedRelPath(filePath))
+            continue;
+        const parts = filePath.split('/').filter(Boolean);
+        for (let i = 1; i < parts.length; i += 1) {
+            const dirRel = parts.slice(0, i).join('/');
+            if (!seen.has(dirRel)) {
+                seen.add(dirRel);
+                out.push({ rel: dirRel, isDir: true, size: null, mtime: null });
+            }
+        }
+        if (seen.has(filePath))
+            continue;
+        seen.add(filePath);
+        const abs = path_1.default.join(projectPath, filePath);
+        let size = null;
+        let mtime = null;
+        try {
+            const st = fs_1.default.statSync(abs);
+            size = st.size;
+            mtime = st.mtimeMs;
+        }
+        catch {
+            // file may have been deleted after provenance was recorded
+        }
+        out.push({ rel: filePath, isDir: false, size, mtime });
+    }
+    out.sort((a, b) => {
+        const byPath = a.rel.localeCompare(b.rel);
+        if (byPath !== 0)
+            return byPath;
+        return Number(b.isDir) - Number(a.isDir);
+    });
+    return out;
+}
+// Set of summary file basenames (without `.json`), i.e. the path-hash of every
+// file that currently has a summary on disk. One readdir replaces a per-entry
+// readSummary disk hit during the tree walk.
+function readSummaryHashSet(projectPath) {
+    const set = new Set();
+    let files;
+    try {
+        files = fs_1.default.readdirSync((0, file_summary_manager_1.summariesDir)(projectPath));
+    }
+    catch {
+        return set;
+    }
+    for (const f of files) {
+        if (f.endsWith('.json'))
+            set.add(f.slice(0, -'.json'.length));
+    }
+    return set;
+}
+function createCodeExplorerRouter(deps) {
+    const router = (0, express_1.Router)({ mergeParams: true });
+    const listByPath = deps.listProvenanceByPath ?? file_provenance_1.listProvenanceByPath;
+    const listByTicket = deps.listProvenanceByTicket ?? file_provenance_1.listProvenanceByTicket;
+    // Short-TTL per-project cache so paginating a large `all` tree reuses ONE
+    // synchronous filesystem walk instead of re-walking (and re-statting) on every
+    // page — the cursor only slices an already-materialized array. Also caches the
+    // one-readdir summary-hash set. 5s is long enough for a pagination burst and
+    // short enough that tree edits surface promptly.
+    const WALK_CACHE_TTL_MS = 5000;
+    let allEntriesCache = null;
+    let summaryHashCache = null;
+    const nowMs = () => Date.now();
+    function getAllEntriesCached() {
+        if (allEntriesCache && nowMs() - allEntriesCache.at < WALK_CACHE_TTL_MS)
+            return allEntriesCache.entries;
+        const entries = listAllEntries(deps.projectPath);
+        allEntriesCache = { at: nowMs(), entries };
+        return entries;
+    }
+    function getSummaryHashesCached() {
+        if (summaryHashCache && nowMs() - summaryHashCache.at < WALK_CACHE_TTL_MS)
+            return summaryHashCache.set;
+        const set = readSummaryHashSet(deps.projectPath);
+        summaryHashCache = { at: nowMs(), set };
+        return set;
+    }
+    // Feature-flag gate — entire prefix returns 404 when disabled.
+    router.use((_req, res, next) => {
+        if (!(0, feature_flags_1.isCodeExplorerEnabled)()) {
+            res.status(404).end();
+            return;
+        }
+        // Lazily attach the file-summary watcher on first Code-Explorer use. It is
+        // not attached at registry load (that recursive watcher caused the fd leak
+        // that broke terminals); attachWatcher is idempotent, so this is cheap on
+        // every subsequent request.
+        try {
+            deps.fileSummaryManager.attachWatcher(deps.projectId, deps.projectPath);
+        }
+        catch { /* non-fatal */ }
+        next();
+    });
+    router.get('/tree', (req, res) => {
+        const filter = req.query.filter ?? 'touched-by-ai';
+        const withProvenance = req.query.withProvenance === '1' || req.query.withProvenance === 'true';
+        const { skip } = decodeCursor(req.query.cursor);
+        const ticketId = parsePositiveInt(req.query.ticketId);
+        const jobId = parseNonEmptyString(req.query.jobId);
+        let entries;
+        const touchedRowsByPath = new Map();
+        if (filter === 'touched-by-ai') {
+            const rows = listTouchedRows(deps.db, { ticketId, jobId });
+            for (const row of rows) {
+                const existing = touchedRowsByPath.get(row.file_path);
+                if (existing)
+                    existing.push(row);
+                else
+                    touchedRowsByPath.set(row.file_path, [row]);
+            }
+            entries = listTouchedEntries(deps.projectPath, touchedRowsByPath);
+        }
+        else {
+            entries = getAllEntriesCached();
+            // Batch-load ALL provenance once instead of a per-entry SQL query (N+1).
+            if (withProvenance) {
+                for (const row of listTouchedRows(deps.db, {})) {
+                    const existing = touchedRowsByPath.get(row.file_path);
+                    if (existing)
+                        existing.push(row);
+                    else
+                        touchedRowsByPath.set(row.file_path, [row]);
+                }
+            }
+        }
+        const page = entries.slice(skip, skip + MAX_TREE_PAGE);
+        const nextCursor = skip + page.length < entries.length ? encodeCursor(skip + page.length) : null;
+        // Read the summaries dir ONCE into a Set of path-hashes instead of opening +
+        // parsing a JSON file per entry just to test existence (cached per project).
+        const summaryHashes = getSummaryHashesCached();
+        const out = page.map((e) => {
+            const isTouchedDir = filter === 'touched-by-ai' && e.isDir;
+            const rawRows = withProvenance && !isTouchedDir ? (touchedRowsByPath.get(e.rel) ?? []) : [];
+            const provenance = withProvenance && isTouchedDir
+                ? rollupDirectoryProvenance(touchedRowsByPath, e.rel)
+                : rollupProvenance(rawRows);
+            return {
+                path: e.rel,
+                kind: e.isDir ? 'dir' : 'file',
+                sizeBytes: e.size,
+                hasSummary: !e.isDir && summaryHashes.has((0, file_summary_manager_1.pathHash)(e.rel)),
+                provenance,
+                lastModifiedAt: e.mtime,
+            };
+        });
+        res.json({
+            entries: out.map((entry) => ({
+                ...entry,
+                provenance: treeProvenanceToJson(entry.provenance),
+            })),
+            nextCursor,
+        });
+    });
+    router.get('/file', async (req, res) => {
+        const relRaw = req.query.path;
+        if (!relRaw || typeof relRaw !== 'string') {
+            res.status(400).json({ error: 'path query parameter is required' });
+            return;
+        }
+        const guard = resolveSafePath(deps.projectPath, relRaw);
+        if (!guard) {
+            res.status(400).json({ error: 'path traversal not allowed' });
+            return;
+        }
+        if (isDeniedRelPath(relRaw)) {
+            res.status(403).json({ error: 'path is excluded by the code-explorer deny-list' });
+            return;
+        }
+        // Canonical POSIX form for all summary/provenance/hash lookups.
+        const rel = normalizeRel(relRaw);
+        if (isGitIgnored(deps.projectPath, rel)) {
+            res.status(403).json({ error: 'path is gitignored' });
+            return;
+        }
+        const abs = guard;
+        let stat;
+        try {
+            stat = fs_1.default.statSync(abs);
+        }
+        catch {
+            // Honour the staleness scenario: even if content is unavailable, return
+            // the existing summary so the client can render a "not found" banner.
+            const summary = (0, file_summary_manager_1.readSummary)(deps.projectPath, rel);
+            const provenance = listByPath(deps.db, deps.projectId, rel);
+            if (summary || provenance.length > 0) {
+                res.json({
+                    content: null,
+                    reason: 'not-found',
+                    summary,
+                    summaryStale: true,
+                    provenance: provenanceRowsToJson(provenance),
+                });
+                return;
+            }
+            res.status(404).json({ error: 'file not found' });
+            return;
+        }
+        if (!stat.isFile()) {
+            res.status(400).json({ error: 'path is not a regular file' });
+            return;
+        }
+        if (stat.size > MAX_FILE_BYTES) {
+            res.json({
+                tooLarge: true,
+                sizeBytes: stat.size,
+                provenance: provenanceRowsToJson(listByPath(deps.db, deps.projectId, rel)),
+                summary: (0, file_summary_manager_1.readSummary)(deps.projectPath, rel),
+                absolutePath: abs,
+            });
+            return;
+        }
+        // Binary detection: read first 8 KB, scan for NUL.
+        let head;
+        try {
+            const fd = fs_1.default.openSync(abs, 'r');
+            try {
+                head = Buffer.alloc(Math.min(BINARY_PROBE_BYTES, stat.size));
+                fs_1.default.readSync(fd, head, 0, head.length, 0);
+            }
+            finally {
+                fs_1.default.closeSync(fd);
+            }
+        }
+        catch {
+            res.status(500).json({ error: 'failed to read file' });
+            return;
+        }
+        if (head.includes(0)) {
+            res.json({
+                binary: true,
+                sizeBytes: stat.size,
+                mime: 'application/octet-stream',
+                provenance: provenanceRowsToJson(listByPath(deps.db, deps.projectId, rel)),
+                summary: (0, file_summary_manager_1.readSummary)(deps.projectPath, rel),
+                absolutePath: abs,
+            });
+            return;
+        }
+        let content;
+        try {
+            content = fs_1.default.readFileSync(abs, 'utf8');
+        }
+        catch {
+            res.status(500).json({ error: 'failed to read file' });
+            return;
+        }
+        const summary = (0, file_summary_manager_1.readSummary)(deps.projectPath, rel);
+        const summaryStale = await computeStaleness(abs, summary);
+        res.json({
+            content,
+            encoding: 'utf-8',
+            language: languageForExt(path_1.default.extname(rel)),
+            provenance: provenanceRowsToJson(listByPath(deps.db, deps.projectId, rel)),
+            summary,
+            summaryStale,
+            absolutePath: abs,
+        });
+    });
+    router.get('/summary', async (req, res) => {
+        const relRaw = req.query.path;
+        if (!relRaw || typeof relRaw !== 'string') {
+            res.status(400).json({ error: 'path query parameter is required' });
+            return;
+        }
+        const guard = resolveSafePath(deps.projectPath, relRaw);
+        if (!guard) {
+            res.status(400).json({ error: 'path traversal not allowed' });
+            return;
+        }
+        if (isDeniedRelPath(relRaw)) {
+            res.status(403).json({ error: 'path is excluded by the code-explorer deny-list' });
+            return;
+        }
+        const rel = normalizeRel(relRaw);
+        if (isGitIgnored(deps.projectPath, rel)) {
+            res.status(403).json({ error: 'path is gitignored' });
+            return;
+        }
+        const summary = (0, file_summary_manager_1.readSummary)(deps.projectPath, rel);
+        if (!summary) {
+            res.json({ summary: null });
+            return;
+        }
+        let summaryStale = false;
+        try {
+            summaryStale = await computeStaleness(guard, summary);
+        }
+        catch {
+            summaryStale = true;
+        }
+        res.json({ summary, summaryStale });
+    });
+    router.post('/file/regenerate-summary', async (req, res) => {
+        const relRaw = req.query.path;
+        if (!relRaw || typeof relRaw !== 'string') {
+            res.status(400).json({ error: 'path query parameter is required' });
+            return;
+        }
+        const guard = resolveSafePath(deps.projectPath, relRaw);
+        if (!guard) {
+            res.status(400).json({ error: 'path traversal not allowed' });
+            return;
+        }
+        if (isDeniedRelPath(relRaw)) {
+            res.status(403).json({ error: 'path is excluded by the code-explorer deny-list' });
+            return;
+        }
+        const rel = normalizeRel(relRaw);
+        if (isGitIgnored(deps.projectPath, rel)) {
+            res.status(403).json({ error: 'path is gitignored' });
+            return;
+        }
+        let stat;
+        try {
+            stat = fs_1.default.statSync(guard);
+        }
+        catch {
+            res.status(404).json({ skipped: 'not-found' });
+            return;
+        }
+        if (!stat.isFile()) {
+            res.status(400).json({ skipped: 'not-file' });
+            return;
+        }
+        if (stat.size > MAX_FILE_BYTES) {
+            res.status(413).json({ skipped: 'too-large' });
+            return;
+        }
+        try {
+            const fd = fs_1.default.openSync(guard, 'r');
+            try {
+                const head = Buffer.alloc(Math.min(BINARY_PROBE_BYTES, stat.size));
+                fs_1.default.readSync(fd, head, 0, head.length, 0);
+                if (head.includes(0)) {
+                    res.status(415).json({ skipped: 'binary' });
+                    return;
+                }
+            }
+            finally {
+                fs_1.default.closeSync(fd);
+            }
+        }
+        catch {
+            res.status(500).json({ error: 'failed to inspect file' });
+            return;
+        }
+        const body = (req.body ?? {});
+        try {
+            // force: true — an explicit "Regenerate" click should re-summarise even if
+            // the content hash is unchanged (e.g. after an app language switch).
+            const result = await deps.fileSummaryManager.enqueue({
+                projectPath: deps.projectPath,
+                projectId: deps.projectId,
+                projectSlug: deps.projectId,
+                relPath: rel,
+                triggeredBy: { kind: 'user', id: 'manual', ticketId: null },
+                overrideBudget: body.overrideBudget === true,
+                force: true,
+            });
+            // Surface the enqueue outcome so the client's budget-override prompt is
+            // reachable. 200 (not 4xx) keeps res.ok true so the client reads `skipped`.
+            if (result === 'skipped:budget') {
+                res.status(200).json({ skipped: 'budget' });
+                return;
+            }
+            if (result === 'skipped:per-job-cap') {
+                res.status(200).json({ skipped: 'per-job-cap' });
+                return;
+            }
+            // TTL-dropped (queue saturated >5min) and not-found (file vanished between
+            // the stat above and the worker) must NOT masquerade as a 202 success —
+            // surface them so the client toasts "try again" instead of silently
+            // clearing the spinner with no summary.
+            if (result === 'skipped:ttl') {
+                res.status(200).json({ skipped: 'ttl' });
+                return;
+            }
+            if (result === 'skipped:not-found') {
+                res.status(200).json({ skipped: 'not-found' });
+                return;
+            }
+            if (result === 'failed') {
+                res.status(500).json({ error: 'summary generation failed' });
+                return;
+            }
+            res.status(202).json({ enqueued: true });
+        }
+        catch (err) {
+            console.error('[code-explorer-router] enqueue failed:', err);
+            res.status(500).json({ error: 'enqueue failed', message: err.message });
+        }
+    });
+    router.get('/provenance', (req, res) => {
+        const ticketId = parsePositiveInt(req.query.ticketId);
+        const jobId = parseNonEmptyString(req.query.jobId);
+        const relPath = parseNonEmptyString(req.query.path);
+        if (relPath) {
+            const guard = resolveSafePath(deps.projectPath, relPath);
+            if (!guard) {
+                res.status(400).json({ error: 'path traversal not allowed' });
+                return;
+            }
+            // Mirror the content endpoints: never leak even the metadata (which ticket/
+            // job touched it, when) of a denied/secret file.
+            if (isDeniedRelPath(relPath)) {
+                res.status(403).json({ error: 'path is excluded by the code-explorer deny-list' });
+                return;
+            }
+        }
+        if (ticketId == null && !jobId && !relPath) {
+            res.status(400).json({ error: 'ticketId, jobId, or path query parameter is required' });
+            return;
+        }
+        if (req.query.ticketId != null && ticketId == null) {
+            res.status(400).json({ error: 'ticketId must be a positive integer' });
+            return;
+        }
+        const rows = ticketId != null && !jobId && !relPath
+            ? listByTicket(deps.db, deps.projectId, ticketId)
+            : listTouchedRows(deps.db, { ticketId, jobId, path: relPath ? normalizeRel(relPath) : relPath });
+        res.json(provenanceRowsToJson(rows));
+    });
+    router.get('/diff', (req, res) => {
+        const jobId = parseNonEmptyString(req.query.jobId);
+        const relPath = parseNonEmptyString(req.query.path);
+        if (!jobId || !relPath) {
+            res.status(400).json({ error: 'jobId and path query parameters are required' });
+            return;
+        }
+        const guard = resolveSafePath(deps.projectPath, relPath);
+        if (!guard) {
+            res.status(400).json({ error: 'path traversal not allowed' });
+            return;
+        }
+        const diff = (0, file_provenance_1.getProvenanceDiff)(deps.db, deps.projectId, jobId, normalizeRel(relPath));
+        if (!diff) {
+            res.status(404).json({ error: 'diff not available' });
+            return;
+        }
+        res.json(diff);
+    });
+    return router;
+}
+function resolveSafePath(projectPath, relPath) {
+    // Reject absolute paths and any path with explicit traversal segments before
+    // we ever hit the filesystem. resolve() can collapse `..` legally so we still
+    // verify the prefix below.
+    if (path_1.default.isAbsolute(relPath))
+        return null;
+    const resolved = path_1.default.resolve(projectPath, relPath);
+    const root = projectPath.endsWith(path_1.default.sep) ? projectPath : projectPath + path_1.default.sep;
+    if (resolved !== projectPath && !resolved.startsWith(root))
+        return null;
+    // Symlink hardening: the lexical check above is defeated by an in-tree symlink
+    // whose target escapes the project (e.g. `link -> /etc/passwd`). Verify the
+    // REAL path stays under the REAL project root. Walk up to the nearest existing
+    // ancestor (so not-yet-created paths — used by the not-found banner and the
+    // regenerate endpoint — still validate), realpath it, then re-append the
+    // missing suffix.
+    let realRoot;
+    try {
+        realRoot = fs_1.default.realpathSync.native(projectPath);
+    }
+    catch {
+        // Project root itself is uncanonicalisable — fail CLOSED. Returning the
+        // lexical path here would silently drop the symlink-escape hardening (the
+        // lexical check alone is defeatable by an in-tree symlink pointing outside
+        // the project). Reading any file is pointless if the root can't resolve.
+        return null;
+    }
+    const realRootWithSep = realRoot.endsWith(path_1.default.sep) ? realRoot : realRoot + path_1.default.sep;
+    let probe = resolved;
+    const suffix = [];
+    for (;;) {
+        try {
+            const realProbe = fs_1.default.realpathSync.native(probe);
+            const realFull = suffix.length > 0
+                ? path_1.default.join(realProbe, ...suffix.slice().reverse())
+                : realProbe;
+            if (realFull !== realRoot && !realFull.startsWith(realRootWithSep))
+                return null;
+            return resolved;
+        }
+        catch (err) {
+            if (err.code !== 'ENOENT')
+                return null;
+            const parent = path_1.default.dirname(probe);
+            if (parent === probe)
+                return null; // hit filesystem root without resolving
+            suffix.push(path_1.default.basename(probe));
+            probe = parent;
+        }
+    }
+}
+async function computeStaleness(abs, summary) {
+    if (!summary)
+        return false;
+    try {
+        const currentHash = await (0, file_summary_manager_1.computeFileHash)(abs);
+        return currentHash !== summary.fileHash;
+    }
+    catch {
+        return true;
+    }
+}