teleton 0.8.0 → 0.8.2

package/dist/server-GYZXKIKU.js

@@ -0,0 +1,787 @@
+import {
+  createSetupRoutes
+} from "./chunk-57URFK6M.js";
+import {
+  createConfigRoutes,
+  createHooksRoutes,
+  createLogsRoutes,
+  createMarketplaceRoutes,
+  createMcpRoutes,
+  createMemoryRoutes,
+  createPluginsRoutes,
+  createSoulRoutes,
+  createStatusRoutes,
+  createTasksRoutes,
+  createTonProxyRoutes,
+  createToolsRoutes,
+  createWorkspaceRoutes,
+  logInterceptor
+} from "./chunk-XBSCYMKM.js";
+import {
+  ensureTlsCert
+} from "./chunk-5SEMA47R.js";
+import "./chunk-WFTC3JJW.js";
+import "./chunk-GGXJLMOH.js";
+import "./chunk-7YKSXOQQ.js";
+import "./chunk-55SKE6YH.js";
+import "./chunk-W25Z7CM6.js";
+import "./chunk-3UFPFWYP.js";
+import "./chunk-7TECSLJ4.js";
+import "./chunk-J73TA3UM.js";
+import "./chunk-YOSUPUAJ.js";
+import "./chunk-LC4TV3KL.js";
+import "./chunk-VYKW7FMV.js";
+import "./chunk-HEDJCLA6.js";
+import "./chunk-VFA7QMCZ.js";
+import "./chunk-C4NKJT2Z.js";
+import "./chunk-XQUHC3JZ.js";
+import "./chunk-R4YSJ4EY.js";
+import {
+  TELETON_ROOT
+} from "./chunk-EYWNOHMJ.js";
+import {
+  createLogger
+} from "./chunk-NQ6FZKCE.js";
+import "./chunk-4L66JHQE.js";
+import "./chunk-3RG5ZIWI.js";
+
+// src/api/server.ts
+import { Hono as Hono6 } from "hono";
+import { bodyLimit } from "hono/body-limit";
+import { timeout } from "hono/timeout";
+import { streamSSE as streamSSE2 } from "hono/streaming";
+import { serve } from "@hono/node-server";
+import { createServer as createHttpsServer } from "https";
+import { randomBytes, createHash as createHash2 } from "crypto";
+import { HTTPException as HTTPException3 } from "hono/http-exception";
+
+// src/api/deps.ts
+import { HTTPException } from "hono/http-exception";
+function createDepsAdapter(apiDeps) {
+  const handler = {
+    get(target, prop, receiver) {
+      const value = Reflect.get(target, prop, receiver);
+      if (prop === "config" || prop === "configPath" || prop === "lifecycle" || prop === "userHookEvaluator" || prop === "marketplace") {
+        return value;
+      }
+      if (value === null || value === void 0) {
+        throw new HTTPException(503, {
+          message: `Service unavailable: ${String(prop)} is not initialized (agent not running)`
+        });
+      }
+      return value;
+    }
+  };
+  return new Proxy(apiDeps, handler);
+}
+
+// src/api/schemas/common.ts
+import { z } from "zod";
+var ProblemDetailSchema = z.object({
+  type: z.string().default("about:blank"),
+  title: z.string(),
+  status: z.number(),
+  detail: z.string().optional(),
+  instance: z.string().optional()
+});
+function createProblem(status, title, detail, instance) {
+  return {
+    type: "about:blank",
+    title,
+    status,
+    ...detail ? { detail } : {},
+    ...instance ? { instance } : {}
+  };
+}
+function createProblemResponse(c, status, title, detail, headers) {
+  const body = createProblem(status, title, detail, c.req.path);
+  return c.json(body, status, {
+    "Content-Type": "application/problem+json",
+    ...headers ?? {}
+  });
+}
+
+// src/api/middleware/request-id.ts
+import { randomUUID } from "crypto";
+var requestId = async (c, next) => {
+  const id = c.req.header("X-Request-Id") || randomUUID();
+  c.set("requestId", id);
+  c.header("X-Request-Id", id);
+  await next();
+};
+
+// src/api/middleware/auth.ts
+import { createHash, timingSafeEqual } from "crypto";
+import { HTTPException as HTTPException2 } from "hono/http-exception";
+var MAX_FAILED = 10;
+var WINDOW_MS = 5 * 60 * 1e3;
+var BLOCK_MS = 15 * 60 * 1e3;
+function normalizeIp(ip) {
+  if (ip.startsWith("::ffff:")) return ip.slice(7);
+  return ip;
+}
+function hashApiKey(key) {
+  return createHash("sha256").update(key).digest("hex");
+}
+function createAuthMiddleware(config) {
+  const failedAttempts = /* @__PURE__ */ new Map();
+  const cleanupInterval = setInterval(() => {
+    const now = Date.now();
+    for (const [ip, attempt] of failedAttempts) {
+      if (attempt.blockedUntil < now && now - attempt.blockedUntil > WINDOW_MS) {
+        failedAttempts.delete(ip);
+      }
+    }
+  }, WINDOW_MS);
+  cleanupInterval.unref();
+  return async (c, next) => {
+    const rawIp = c.env?.ip ?? c.req.header("x-real-ip") ?? "unknown";
+    const sourceIp = normalizeIp(rawIp);
+    if (config.allowedIps.length > 0 && !config.allowedIps.includes(sourceIp)) {
+      throw new HTTPException2(403, {
+        res: createProblemResponse(c, 403, "Forbidden", "IP address not in whitelist")
+      });
+    }
+    const attempt = failedAttempts.get(sourceIp);
+    if (attempt && attempt.blockedUntil > Date.now()) {
+      const retryAfter = Math.ceil((attempt.blockedUntil - Date.now()) / 1e3);
+      throw new HTTPException2(429, {
+        res: createProblemResponse(
+          c,
+          429,
+          "Too Many Requests",
+          `IP blocked due to too many failed auth attempts. Retry after ${retryAfter}s`,
+          { "Retry-After": String(retryAfter) }
+        )
+      });
+    }
+    const authHeader = c.req.header("Authorization");
+    if (!authHeader) {
+      throw new HTTPException2(401, {
+        res: createProblemResponse(
+          c,
+          401,
+          "Unauthorized",
+          "Missing Authorization header. Use: Authorization: Bearer tltn_..."
+        )
+      });
+    }
+    const match = authHeader.match(/^Bearer\s+(tltn_.+)$/);
+    if (!match) {
+      throw new HTTPException2(401, {
+        res: createProblemResponse(
+          c,
+          401,
+          "Unauthorized",
+          "Invalid Authorization format. Expected: Bearer tltn_..."
+        )
+      });
+    }
+    const apiKey = match[1];
+    const keyHash = hashApiKey(apiKey);
+    const storedBuf = Buffer.from(config.keyHash, "hex");
+    const providedBuf = Buffer.from(keyHash, "hex");
+    if (storedBuf.length !== providedBuf.length || !timingSafeEqual(storedBuf, providedBuf)) {
+      const existing = failedAttempts.get(sourceIp);
+      const count = (existing?.count ?? 0) + 1;
+      if (count >= MAX_FAILED) {
+        failedAttempts.set(sourceIp, {
+          count,
+          blockedUntil: Date.now() + BLOCK_MS
+        });
+      } else {
+        failedAttempts.set(sourceIp, {
+          count,
+          blockedUntil: 0
+        });
+      }
+      throw new HTTPException2(401, {
+        res: createProblemResponse(c, 401, "Unauthorized", "Invalid API key")
+      });
+    }
+    failedAttempts.delete(sourceIp);
+    c.set("keyPrefix", apiKey.slice(0, 10));
+    await next();
+  };
+}
+
+// src/api/middleware/rate-limit.ts
+import { rateLimiter } from "hono-rate-limiter";
+function keyGenerator(c) {
+  return c.get("keyPrefix") || "anonymous";
+}
+function createLimiter(windowMs, limit) {
+  return rateLimiter({
+    windowMs,
+    limit,
+    keyGenerator,
+    handler: (c) => {
+      const retryAfter = Math.ceil(windowMs / 1e3);
+      return createProblemResponse(
+        c,
+        429,
+        "Too Many Requests",
+        `Rate limit exceeded. Try again in ${retryAfter}s`,
+        { "Retry-After": String(retryAfter) }
+      );
+    }
+  });
+}
+var globalRateLimit = createLimiter(6e4, 60);
+var mutatingRateLimit = async (c, next) => {
+  const method = c.req.method;
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") {
+    return next();
+  }
+  return createLimiter(6e4, 10)(c, next);
+};
+var readRateLimit = async (c, next) => {
+  if (c.req.method !== "GET") {
+    return next();
+  }
+  return createLimiter(6e4, 300)(c, next);
+};
+
+// src/api/middleware/audit.ts
+var auditLog = createLogger("Audit");
+var auditMiddleware = async (c, next) => {
+  const method = c.req.method;
+  if (method === "GET" || method === "HEAD" || method === "OPTIONS") {
+    return next();
+  }
+  const start = Date.now();
+  await next();
+  const durationMs = Date.now() - start;
+  auditLog.warn({
+    audit: true,
+    requestId: c.get("requestId"),
+    event: "api_mutation",
+    method,
+    path: c.req.path,
+    statusCode: c.res.status,
+    durationMs,
+    sourceIp: c.env?.ip ?? "unknown",
+    keyPrefix: c.get("keyPrefix") ?? "unknown"
+  });
+};
+
+// src/api/routes/agent.ts
+import { Hono } from "hono";
+var log = createLogger("ManagementAPI");
+function createAgentRoutes(lifecycle) {
+  const app = new Hono();
+  app.post("/restart", async (c) => {
+    if (!lifecycle) {
+      return createProblemResponse(c, 503, "Service Unavailable", "Agent lifecycle not available");
+    }
+    const state = lifecycle.getState();
+    if (state === "starting" || state === "stopping") {
+      return createProblemResponse(c, 409, "Conflict", `Agent is currently ${state}, please wait`);
+    }
+    (async () => {
+      try {
+        if (lifecycle.getState() === "running") {
+          await lifecycle.stop();
+        }
+        await lifecycle.start();
+        log.info("Agent restarted via Management API");
+      } catch (err) {
+        log.error({ err }, "Agent restart failed");
+      }
+    })().catch(() => {
+    });
+    return c.json({ state: "restarting" });
+  });
+  return app;
+}
+
+// src/api/routes/system.ts
+import { Hono as Hono2 } from "hono";
+import { readFileSync } from "fs";
+import { join, dirname } from "path";
+import { fileURLToPath } from "url";
+import os from "os";
+var API_VERSION = "1.0.0";
+function readPackageVersion() {
+  try {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const candidates = [
+      join(__dirname, "../../package.json"),
+      join(__dirname, "../../../package.json")
+    ];
+    for (const p of candidates) {
+      try {
+        const pkg = JSON.parse(readFileSync(p, "utf-8"));
+        return pkg.version ?? "unknown";
+      } catch {
+        continue;
+      }
+    }
+  } catch {
+  }
+  return "unknown";
+}
+var cachedVersion = readPackageVersion();
+function createSystemRoutes() {
+  const app = new Hono2();
+  app.get("/version", (c) => {
+    return c.json({
+      teleton: cachedVersion,
+      node: process.version,
+      os: process.platform,
+      arch: process.arch,
+      apiVersion: API_VERSION
+    });
+  });
+  app.get("/info", (c) => {
+    const cpus = os.cpus();
+    const totalMem = os.totalmem();
+    const freeMem = os.freemem();
+    return c.json({
+      cpu: {
+        model: cpus[0]?.model ?? "unknown",
+        cores: cpus.length,
+        loadAvg: os.loadavg()
+      },
+      memory: {
+        total: totalMem,
+        free: freeMem,
+        used: totalMem - freeMem,
+        heapUsed: process.memoryUsage().heapUsed,
+        heapTotal: process.memoryUsage().heapTotal
+      },
+      uptime: {
+        process: Math.floor(process.uptime()),
+        system: Math.floor(os.uptime())
+      }
+    });
+  });
+  return app;
+}
+
+// src/api/routes/auth.ts
+import { Hono as Hono3 } from "hono";
+function createAuthRoutes() {
+  const app = new Hono3();
+  app.post("/validate", (c) => {
+    const keyPrefix = c.req.header("authorization")?.slice(7, 17) ?? "unknown";
+    return c.json({ valid: true, keyPrefix });
+  });
+  return app;
+}
+
+// src/api/routes/logs.ts
+import { Hono as Hono4 } from "hono";
+import { streamSSE } from "hono/streaming";
+function createApiLogsRoutes() {
+  const app = new Hono4();
+  app.get("/recent", (c) => {
+    const linesParam = c.req.query("lines");
+    const lines = Math.min(Math.max(parseInt(linesParam || "100", 10) || 100, 1), 1e3);
+    const entries = [];
+    return c.json({
+      lines: entries.slice(-lines),
+      count: entries.length,
+      note: "Use GET /v1/logs/stream (SSE) for live log streaming"
+    });
+  });
+  app.get("/stream", (c) => {
+    return streamSSE(c, async (stream) => {
+      let aborted = false;
+      stream.onAbort(() => {
+        aborted = true;
+        if (cleanup) cleanup();
+      });
+      const cleanup = logInterceptor.addListener((entry) => {
+        if (!aborted) {
+          void stream.writeSSE({
+            data: JSON.stringify(entry),
+            event: "log"
+          });
+        }
+      });
+      await stream.writeSSE({
+        data: JSON.stringify({
+          level: "log",
+          message: "Management API log stream connected",
+          timestamp: Date.now()
+        }),
+        event: "log"
+      });
+      await new Promise((resolve) => {
+        if (aborted) return resolve();
+        stream.onAbort(() => resolve());
+      });
+      if (cleanup) cleanup();
+    });
+  });
+  return app;
+}
+
+// src/api/routes/memory.ts
+import { Hono as Hono5 } from "hono";
+var log2 = createLogger("ManagementAPI");
+function createApiMemoryRoutes(getDb) {
+  const app = new Hono5();
+  app.delete("/sessions/:chatId", (c) => {
+    const db = getDb();
+    if (!db) {
+      return createProblemResponse(c, 503, "Service Unavailable", "Database not available");
+    }
+    const chatId = c.req.param("chatId");
+    const result = db.prepare("DELETE FROM sessions WHERE chat_id = ?").run(chatId);
+    if (result.changes === 0) {
+      return createProblemResponse(c, 404, "Not Found", `No session found for chat ${chatId}`);
+    }
+    log2.info(`Session deleted for chat ${chatId} via Management API`);
+    return c.json({ deleted: result.changes, chatId });
+  });
+  app.post("/sessions/prune", async (c) => {
+    const db = getDb();
+    if (!db) {
+      return createProblemResponse(c, 503, "Service Unavailable", "Database not available");
+    }
+    let maxAgeDays = 30;
+    try {
+      const body = await c.req.json();
+      if (body.maxAgeDays && body.maxAgeDays > 0) {
+        maxAgeDays = body.maxAgeDays;
+      }
+    } catch {
+    }
+    const cutoff = Date.now() - maxAgeDays * 24 * 60 * 60 * 1e3;
+    const result = db.prepare("DELETE FROM sessions WHERE updated_at < ?").run(cutoff);
+    log2.info(`Pruned ${result.changes} sessions older than ${maxAgeDays} days via Management API`);
+    return c.json({ pruned: result.changes, maxAgeDays });
+  });
+  return app;
+}
+
+// src/api/server.ts
+var log3 = createLogger("ManagementAPI");
+var KEY_PREFIX = "tltn_";
+function generateApiKey() {
+  return KEY_PREFIX + randomBytes(32).toString("base64url");
+}
+function hashApiKey2(key) {
+  return createHash2("sha256").update(key).digest("hex");
+}
+var SSE_PATHS = ["/v1/agent/events", "/v1/logs/stream"];
+var ApiServer = class {
+  app;
+  server = null;
+  deps;
+  config;
+  tls = null;
+  apiKey = null;
+  keyHash;
+  constructor(deps, config) {
+    this.deps = deps;
+    this.config = config;
+    this.app = new Hono6();
+    if (config.key_hash) {
+      this.keyHash = config.key_hash;
+    } else {
+      this.apiKey = generateApiKey();
+      this.keyHash = hashApiKey2(this.apiKey);
+    }
+  }
+  /** Update live deps (e.g., when agent starts/stops) */
+  updateDeps(partial) {
+    Object.assign(this.deps, partial);
+  }
+  setupMiddleware() {
+    this.app.use("*", async (c, next) => {
+      const incoming = c.env?.incoming;
+      if (incoming?.socket?.remoteAddress) {
+        c.env.ip = incoming.socket.remoteAddress;
+      }
+      await next();
+    });
+    this.app.use("*", requestId);
+    this.app.use(
+      "*",
+      bodyLimit({
+        maxSize: 2 * 1024 * 1024,
+        onError: (c) => {
+          return c.json(
+            createProblem(413, "Payload Too Large", "Request body exceeds 2MB limit"),
+            413,
+            {
+              "Content-Type": "application/problem+json"
+            }
+          );
+        }
+      })
+    );
+    this.app.use("*", async (c, next) => {
+      if (SSE_PATHS.some((p) => c.req.path === p)) {
+        return next();
+      }
+      return timeout(3e4)(c, next);
+    });
+    this.app.use("*", async (c, next) => {
+      await next();
+      c.res.headers.set("X-Content-Type-Options", "nosniff");
+      c.res.headers.set("X-Frame-Options", "DENY");
+      c.res.headers.set("Strict-Transport-Security", "max-age=31536000; includeSubDomains");
+    });
+  }
+  setupRoutes() {
+    this.app.get("/healthz", (c) => c.json({ status: "ok" }));
+    this.app.get("/readyz", (c) => {
+      const lifecycle = this.deps.lifecycle;
+      if (!lifecycle) {
+        return c.json({ status: "not_ready", reason: "lifecycle not initialized" }, 503);
+      }
+      const state = lifecycle.getState();
+      if (state === "running") {
+        return c.json({ status: "ready", state });
+      }
+      return c.json({ status: "not_ready", state }, 503);
+    });
+    const authMw = createAuthMiddleware({
+      keyHash: this.keyHash,
+      allowedIps: this.config.allowed_ips
+    });
+    this.app.use("/v1/*", authMw);
+    this.app.use("/v1/*", globalRateLimit);
+    this.app.use("/v1/*", mutatingRateLimit);
+    this.app.use("/v1/*", readRateLimit);
+    this.app.use("/v1/*", auditMiddleware);
+    this.app.get("/v1/openapi.json", (c) => {
+      return c.json({
+        openapi: "3.1.0",
+        info: {
+          title: "Teleton Management API",
+          version: "1.0.0",
+          description: "HTTPS management API for remote teleton agent administration"
+        },
+        servers: [{ url: `https://localhost:${this.config.port}` }]
+      });
+    });
+    const adaptedDeps = createDepsAdapter(this.deps);
+    this.app.route("/v1/status", createStatusRoutes(adaptedDeps));
+    this.app.route("/v1/tools", createToolsRoutes(adaptedDeps));
+    this.app.route("/v1/logs", createLogsRoutes(adaptedDeps));
+    this.app.route("/v1/memory", createMemoryRoutes(adaptedDeps));
+    this.app.route("/v1/soul", createSoulRoutes(adaptedDeps));
+    this.app.route("/v1/plugins", createPluginsRoutes(adaptedDeps));
+    this.app.route("/v1/mcp", createMcpRoutes(adaptedDeps));
+    this.app.route("/v1/workspace", createWorkspaceRoutes(adaptedDeps));
+    this.app.route("/v1/tasks", createTasksRoutes(adaptedDeps));
+    this.app.route("/v1/config", createConfigRoutes(adaptedDeps));
+    this.app.route("/v1/marketplace", createMarketplaceRoutes(adaptedDeps));
+    this.app.route("/v1/hooks", createHooksRoutes(adaptedDeps));
+    this.app.route("/v1/ton-proxy", createTonProxyRoutes(adaptedDeps));
+    this.app.route("/v1/setup", createSetupRoutes());
+    this.app.post("/v1/agent/start", async (c) => {
+      const lifecycle = this.deps.lifecycle;
+      if (!lifecycle) {
+        return c.json(
+          createProblem(503, "Service Unavailable", "Agent lifecycle not available"),
+          503,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      const state = lifecycle.getState();
+      if (state === "running") {
+        return c.json({ state: "running" }, 409);
+      }
+      if (state === "stopping") {
+        return c.json(
+          createProblem(409, "Conflict", "Agent is currently stopping, please wait"),
+          409,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      lifecycle.start().catch((err) => {
+        log3.error({ err }, "Agent start failed");
+      });
+      return c.json({ state: "starting" });
+    });
+    this.app.post("/v1/agent/stop", async (c) => {
+      const lifecycle = this.deps.lifecycle;
+      if (!lifecycle) {
+        return c.json(
+          createProblem(503, "Service Unavailable", "Agent lifecycle not available"),
+          503,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      const state = lifecycle.getState();
+      if (state === "stopped") {
+        return c.json({ state: "stopped" }, 409);
+      }
+      if (state === "starting") {
+        return c.json(
+          createProblem(409, "Conflict", "Agent is currently starting, please wait"),
+          409,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      lifecycle.stop().catch((err) => {
+        log3.error({ err }, "Agent stop failed");
+      });
+      return c.json({ state: "stopping" });
+    });
+    this.app.get("/v1/agent/status", (c) => {
+      const lifecycle = this.deps.lifecycle;
+      if (!lifecycle) {
+        return c.json(
+          createProblem(503, "Service Unavailable", "Agent lifecycle not available"),
+          503,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      return c.json({
+        state: lifecycle.getState(),
+        uptime: lifecycle.getUptime(),
+        error: lifecycle.getError() ?? null
+      });
+    });
+    this.app.get("/v1/agent/events", (c) => {
+      const lifecycle = this.deps.lifecycle;
+      if (!lifecycle) {
+        return c.json(
+          createProblem(503, "Service Unavailable", "Agent lifecycle not available"),
+          503,
+          {
+            "Content-Type": "application/problem+json"
+          }
+        );
+      }
+      return streamSSE2(c, async (stream) => {
+        let aborted = false;
+        stream.onAbort(() => {
+          aborted = true;
+        });
+        const now = Date.now();
+        await stream.writeSSE({
+          event: "status",
+          id: String(now),
+          data: JSON.stringify({
+            state: lifecycle.getState(),
+            error: lifecycle.getError() ?? null,
+            timestamp: now
+          }),
+          retry: 3e3
+        });
+        const onStateChange = (event) => {
+          if (aborted) return;
+          void stream.writeSSE({
+            event: "status",
+            id: String(event.timestamp),
+            data: JSON.stringify({
+              state: event.state,
+              error: event.error ?? null,
+              timestamp: event.timestamp
+            })
+          });
+        };
+        lifecycle.on("stateChange", onStateChange);
+        while (!aborted) {
+          await stream.sleep(3e4);
+          if (aborted) break;
+          await stream.writeSSE({
+            event: "ping",
+            data: ""
+          });
+        }
+        lifecycle.off("stateChange", onStateChange);
+      });
+    });
+    this.app.route("/v1/agent", createAgentRoutes(this.deps.lifecycle));
+    this.app.route("/v1/system", createSystemRoutes());
+    this.app.route("/v1/auth", createAuthRoutes());
+    this.app.route("/v1/api-logs", createApiLogsRoutes());
+    this.app.route(
+      "/v1/api-memory",
+      createApiMemoryRoutes(() => this.deps.memory?.db ?? null)
+    );
+    this.app.onError((err, c) => {
+      log3.error({ err }, "Management API error");
+      if (err instanceof HTTPException3) {
+        if (err.res) return err.res;
+        return c.json(createProblem(err.status, err.message || "Error"), err.status, {
+          "Content-Type": "application/problem+json"
+        });
+      }
+      return c.json(
+        createProblem(500, "Internal Server Error", err.message || "An unexpected error occurred"),
+        500,
+        { "Content-Type": "application/problem+json" }
+      );
+    });
+  }
+  async start() {
+    const tls = await ensureTlsCert(TELETON_ROOT);
+    this.tls = tls;
+    this.setupMiddleware();
+    this.setupRoutes();
+    return new Promise((resolve, reject) => {
+      try {
+        this.server = serve(
+          {
+            fetch: this.app.fetch,
+            port: this.config.port,
+            createServer: createHttpsServer,
+            serverOptions: {
+              cert: tls.cert,
+              key: tls.key
+            }
+          },
+          (info) => {
+            this.server.maxConnections = 20;
+            log3.info(`Management API server running on https://localhost:${info.port}`);
+            if (this.apiKey) {
+              log3.info(
+                `API key: ${KEY_PREFIX}${this.apiKey.slice(KEY_PREFIX.length, KEY_PREFIX.length + 4)}...`
+              );
+            }
+            log3.info(`TLS fingerprint: ${tls.fingerprint.slice(0, 16)}...`);
+            resolve();
+          }
+        );
+        this.server.on("error", (err) => {
+          log3.error({ err }, "Management API server error");
+          reject(err);
+        });
+      } catch (error) {
+        reject(error);
+      }
+    });
+  }
+  async stop() {
+    if (this.server) {
+      return new Promise((resolve) => {
+        this.server.closeAllConnections();
+        this.server.close(() => {
+          log3.info("Management API server stopped");
+          resolve();
+        });
+      });
+    }
+  }
+  getCredentials() {
+    if (!this.tls) return null;
+    return {
+      apiKey: this.apiKey ?? "",
+      fingerprint: this.tls.fingerprint,
+      port: this.config.port
+    };
+  }
+};
+export {
+  ApiServer
+};