teleton 0.8.1 → 0.8.2

package/dist/{setup-server-32XGDPE6.js → chunk-57URFK6M.js}

@@ -1,6 +1,6 @@
 import {
   getModelsForProvider
-} from "./chunk-OJCLKU5Z.js";
+} from "./chunk-WFTC3JJW.js";
 import {
   ConfigSchema,
   DealsConfigSchema,
@@ -11,40 +11,26 @@ import {
   isNewWorkspace,
   saveWallet,
   walletExists
-} from "./chunk-S6PHGKOC.js";
+} from "./chunk-7YKSXOQQ.js";
 import {
   getClaudeCodeApiKey,
   getProviderMetadata,
   getSupportedProviders,
   isClaudeCodeTokenValid,
   validateApiKeyFormat
-} from "./chunk-PHSAHTK4.js";
-import "./chunk-VFA7QMCZ.js";
+} from "./chunk-YOSUPUAJ.js";
 import {
   TELEGRAM_MAX_MESSAGE_LENGTH
-} from "./chunk-UP55PXFH.js";
+} from "./chunk-C4NKJT2Z.js";
 import {
   fetchWithTimeout
 } from "./chunk-XQUHC3JZ.js";
-import "./chunk-R4YSJ4EY.js";
 import {
   TELETON_ROOT
 } from "./chunk-EYWNOHMJ.js";
 import {
   createLogger
-} from "./chunk-RCMD3U65.js";
-import "./chunk-3RG5ZIWI.js";
-
-// src/webui/setup-server.ts
-import { Hono as Hono2 } from "hono";
-import { serve } from "@hono/node-server";
-import { cors } from "hono/cors";
-import { bodyLimit } from "hono/body-limit";
-import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
-import { join as join3, dirname as dirname2, resolve, relative } from "path";
-import { fileURLToPath } from "url";
-import { exec } from "child_process";
-import { platform } from "os";
+} from "./chunk-NQ6FZKCE.js";
 
 // src/webui/routes/setup.ts
 import { Hono } from "hono";
@@ -467,7 +453,7 @@ function createSetupRoutes() {
   app.get("/detect-claude-code-key", (c) => {
     try {
       const key = getClaudeCodeApiKey();
-      const masked = key.slice(0, 12) + "****" + key.slice(-4);
+      const masked = maskKey(key);
       return c.json({
         success: true,
         data: {
@@ -871,191 +857,6 @@ function createSetupRoutes() {
   return app;
 }
 
-// src/webui/setup-server.ts
-import { randomBytes as randomBytes2 } from "crypto";
-import { readFileSync as readYaml, writeFileSync as writeFileSync3 } from "fs";
-import YAML2 from "yaml";
-var log3 = createLogger("Setup");
-function findWebDist() {
-  const candidates = [resolve("dist/web"), resolve("web")];
-  const __dirname = dirname2(fileURLToPath(import.meta.url));
-  candidates.push(resolve(__dirname, "web"), resolve(__dirname, "../dist/web"));
-  for (const candidate of candidates) {
-    if (existsSync3(join3(candidate, "index.html"))) {
-      return candidate;
-    }
-  }
-  return null;
-}
-function autoOpenBrowser(url) {
-  const os = platform();
-  let cmd;
-  if (os === "darwin") {
-    cmd = `open "${url}"`;
-  } else if (os === "win32") {
-    cmd = `start "${url}"`;
-  } else {
-    cmd = `xdg-open "${url}"`;
-  }
-  exec(cmd, (err) => {
-    if (err) {
-      log3.info(`Open this URL in your browser: ${url}`);
-    }
-  });
-}
-var SetupServer = class {
-  constructor(port = 7777) {
-    this.port = port;
-    this.app = new Hono2();
-    this.launchPromise = new Promise((resolve2) => {
-      this.launchResolve = resolve2;
-    });
-    this.setupMiddleware();
-    this.setupRoutes();
-    this.setupStaticServing();
-  }
-  app;
-  server = null;
-  launchResolve = null;
-  launchPromise;
-  /** Returns a promise that resolves with the auth token when the user clicks "Start Agent" */
-  waitForLaunch() {
-    return this.launchPromise;
-  }
-  setupMiddleware() {
-    this.app.use(
-      "*",
-      cors({
-        origin: [
-          "http://localhost:5173",
-          `http://localhost:${this.port}`,
-          "http://127.0.0.1:5173",
-          `http://127.0.0.1:${this.port}`
-        ],
-        credentials: true,
-        allowMethods: ["GET", "HEAD", "PUT", "POST", "DELETE", "PATCH"],
-        allowHeaders: ["Content-Type"],
-        maxAge: 3600
-      })
-    );
-    this.app.use(
-      "*",
-      bodyLimit({
-        maxSize: 2 * 1024 * 1024,
-        onError: (c) => c.json({ success: false, error: "Request body too large (max 2MB)" }, 413)
-      })
-    );
-    this.app.use("*", async (c, next) => {
-      await next();
-      c.res.headers.set("X-Content-Type-Options", "nosniff");
-      c.res.headers.set("X-Frame-Options", "DENY");
-      c.res.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
-    });
-  }
-  setupRoutes() {
-    this.app.get("/health", (c) => c.json({ status: "ok" }));
-    this.app.route("/api/setup", createSetupRoutes());
-    this.app.get(
-      "/auth/check",
-      (c) => c.json({ success: true, data: { authenticated: false, setup: true } })
-    );
-    this.app.post("/api/setup/launch", async (c) => {
-      try {
-        const token = randomBytes2(32).toString("hex");
-        const configPath = join3(TELETON_ROOT, "config.yaml");
-        const raw = readYaml(configPath, "utf-8");
-        const config = YAML2.parse(raw);
-        config.webui = { ...config.webui || {}, enabled: true, auth_token: token };
-        writeFileSync3(configPath, YAML2.stringify(config), { encoding: "utf-8", mode: 384 });
-        log3.info("Launch requested \u2014 auth token generated");
-        const resolve2 = this.launchResolve;
-        this.launchResolve = null;
-        if (resolve2) {
-          setTimeout(() => resolve2(token), 500);
-        }
-        return c.json({ success: true, data: { token } });
-      } catch (err) {
-        return c.json(
-          { success: false, error: err instanceof Error ? err.message : String(err) },
-          500
-        );
-      }
-    });
-    this.app.onError((err, c) => {
-      log3.error({ err }, "Setup server error");
-      return c.json({ success: false, error: err.message || "Internal server error" }, 500);
-    });
-  }
-  setupStaticServing() {
-    const webDist = findWebDist();
-    if (!webDist) return;
-    const indexHtml = readFileSync2(join3(webDist, "index.html"), "utf-8");
-    const mimeTypes = {
-      js: "application/javascript",
-      css: "text/css",
-      svg: "image/svg+xml",
-      png: "image/png",
-      jpg: "image/jpeg",
-      jpeg: "image/jpeg",
-      ico: "image/x-icon",
-      json: "application/json",
-      woff2: "font/woff2",
-      woff: "font/woff"
-    };
-    this.app.get("*", (c) => {
-      const filePath = resolve(join3(webDist, c.req.path));
-      const rel = relative(webDist, filePath);
-      if (rel.startsWith("..") || resolve(filePath) !== filePath) {
-        return c.html(indexHtml);
-      }
-      try {
-        const content = readFileSync2(filePath);
-        const ext = filePath.split(".").pop() || "";
-        if (mimeTypes[ext]) {
-          const immutable = c.req.path.startsWith("/assets/");
-          return c.body(content, 200, {
-            "Content-Type": mimeTypes[ext],
-            "Cache-Control": immutable ? "public, max-age=31536000, immutable" : "public, max-age=3600"
-          });
-        }
-      } catch {
-      }
-      return c.html(indexHtml);
-    });
-  }
-  async start() {
-    return new Promise((resolve2, reject) => {
-      try {
-        this.server = serve(
-          {
-            fetch: this.app.fetch,
-            hostname: "127.0.0.1",
-            port: this.port
-          },
-          () => {
-            const url = `http://localhost:${this.port}/setup`;
-            log3.info(`Setup wizard: ${url}`);
-            autoOpenBrowser(url);
-            resolve2();
-          }
-        );
-      } catch (error) {
-        reject(error);
-      }
-    });
-  }
-  async stop() {
-    if (this.server) {
-      return new Promise((resolve2) => {
-        this.server.closeAllConnections();
-        this.server?.close(() => {
-          log3.info("Setup server stopped");
-          resolve2();
-        });
-      });
-    }
-  }
-};
 export {
-  SetupServer
+  createSetupRoutes
 };

package/dist/chunk-5SEMA47R.js

@@ -0,0 +1,75 @@
+import {
+  createLogger
+} from "./chunk-NQ6FZKCE.js";
+
+// src/api/tls.ts
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { createHash, X509Certificate } from "crypto";
+import { generate } from "selfsigned";
+var log = createLogger("TLS");
+function computeFingerprint(certPem) {
+  const x509 = new X509Certificate(certPem);
+  const der = x509.raw;
+  return createHash("sha256").update(der).digest("hex");
+}
+function isCertValid(certPem) {
+  try {
+    const x509 = new X509Certificate(certPem);
+    const now = /* @__PURE__ */ new Date();
+    return now >= new Date(x509.validFrom) && now <= new Date(x509.validTo);
+  } catch {
+    return false;
+  }
+}
+async function ensureTlsCert(dataDir) {
+  const certPath = join(dataDir, "api-cert.pem");
+  const keyPath = join(dataDir, "api-key.pem");
+  if (existsSync(certPath) && existsSync(keyPath)) {
+    const cert = readFileSync(certPath, "utf-8");
+    const key = readFileSync(keyPath, "utf-8");
+    if (isCertValid(cert)) {
+      const fingerprint2 = computeFingerprint(cert);
+      log.info("Loaded existing TLS certificate");
+      return { cert, key, fingerprint: fingerprint2 };
+    }
+    log.warn("Existing TLS certificate is expired, regenerating");
+  }
+  log.info("Generating self-signed TLS certificate");
+  const notBeforeDate = /* @__PURE__ */ new Date();
+  const notAfterDate = /* @__PURE__ */ new Date();
+  notAfterDate.setFullYear(notAfterDate.getFullYear() + 2);
+  const pems = await generate([{ name: "commonName", value: "teleton-api" }], {
+    keySize: 2048,
+    algorithm: "sha256",
+    notBeforeDate,
+    notAfterDate,
+    extensions: [
+      { name: "basicConstraints", cA: false, critical: true },
+      {
+        name: "keyUsage",
+        digitalSignature: true,
+        keyEncipherment: true,
+        critical: true
+      },
+      { name: "extKeyUsage", serverAuth: true },
+      {
+        name: "subjectAltName",
+        altNames: [
+          { type: 2, value: "localhost" },
+          { type: 7, ip: "127.0.0.1" },
+          { type: 7, ip: "::1" }
+        ]
+      }
+    ]
+  });
+  writeFileSync(certPath, pems.cert, { mode: 384 });
+  writeFileSync(keyPath, pems.private, { mode: 384 });
+  const fingerprint = computeFingerprint(pems.cert);
+  log.info(`TLS certificate generated (fingerprint: ${fingerprint.slice(0, 16)}...)`);
+  return { cert: pems.cert, key: pems.private, fingerprint };
+}
+
+export {
+  ensureTlsCert
+};

package/dist/{chunk-S6PHGKOC.js → chunk-7YKSXOQQ.js}

@@ -4,7 +4,7 @@ import {
 } from "./chunk-VFA7QMCZ.js";
 import {
   TELEGRAM_MAX_MESSAGE_LENGTH
-} from "./chunk-UP55PXFH.js";
+} from "./chunk-C4NKJT2Z.js";
 import {
   fetchWithTimeout
 } from "./chunk-XQUHC3JZ.js";
@@ -15,7 +15,7 @@ import {
 } from "./chunk-EYWNOHMJ.js";
 import {
   createLogger
-} from "./chunk-RCMD3U65.js";
+} from "./chunk-NQ6FZKCE.js";
 
 // src/ton/endpoint.ts
 var ENDPOINT_CACHE_TTL_MS = 6e4;
@@ -351,6 +351,13 @@ var _DevObject = z.object({
   hot_reload: z.boolean().default(false).describe("Enable plugin hot-reload (watches ~/.teleton/plugins/ for changes)")
 });
 var DevConfigSchema = _DevObject.default(_DevObject.parse({}));
+var _ApiObject = z.object({
+  enabled: z.boolean().default(false).describe("Enable HTTPS Management API server"),
+  port: z.number().min(1).max(65535).default(7778).describe("HTTPS server port"),
+  key_hash: z.string().default("").describe("SHA-256 hash of the API key (auto-generated if empty)"),
+  allowed_ips: z.array(z.string()).default([]).describe("IP whitelist (empty = allow all authenticated requests)")
+});
+var ApiConfigSchema = _ApiObject.default(_ApiObject.parse({}));
 var McpServerSchema = z.object({
   command: z.string().optional().describe("Stdio command (e.g. 'npx @modelcontextprotocol/server-filesystem /tmp')"),
   args: z.array(z.string()).optional().describe("Explicit args array (overrides command splitting)"),
@@ -410,6 +417,7 @@ var ConfigSchema = z.object({
   dev: DevConfigSchema,
   tool_rag: ToolRagConfigSchema,
   capabilities: CapabilitiesConfigSchema,
+  api: ApiConfigSchema.optional(),
   ton_proxy: TonProxyConfigSchema,
   mcp: McpConfigSchema,
   plugins: z.record(z.string(), z.unknown()).default({}).describe("Per-plugin config (key = plugin name with underscores)"),

package/dist/{chunk-UP55PXFH.js → chunk-C4NKJT2Z.js}

@@ -23,6 +23,9 @@ var CONTEXT_MAX_RECENT_MESSAGES = 10;
 var CONTEXT_MAX_RELEVANT_CHUNKS = 5;
 var FEED_MESSAGE_MAX_CHARS = 2e3;
 var HYBRID_SEARCH_MIN_SCORE = 0.15;
+var RECENCY_DECAY_FACTOR = 0.05;
+var RECENCY_WEIGHT = 0.15;
+var EMBEDDING_QUERY_MAX_CHARS = 1e3;
 var CONTEXT_OVERFLOW_SUMMARY_MESSAGES = 15;
 var RATE_LIMIT_MAX_RETRIES = 3;
 var SERVER_ERROR_MAX_RETRIES = 3;
@@ -56,6 +59,7 @@ var RESULT_TRUNCATION_KEEP_CHARS = 500;
 var EMBEDDING_CACHE_EVICTION_RATIO = 0.1;
 var WEB_FETCH_MAX_TEXT_LENGTH = 2e4;
 var WEB_SEARCH_MAX_RESULTS = 10;
+var TOOL_CONCURRENCY_LIMIT = 2;
 var TOOL_RAG_MIN_SCORE = 0.1;
 var TOOL_RAG_VECTOR_WEIGHT = 0.6;
 var TOOL_RAG_KEYWORD_WEIGHT = 0.4;
@@ -85,6 +89,9 @@ export {
   CONTEXT_MAX_RELEVANT_CHUNKS,
   FEED_MESSAGE_MAX_CHARS,
   HYBRID_SEARCH_MIN_SCORE,
+  RECENCY_DECAY_FACTOR,
+  RECENCY_WEIGHT,
+  EMBEDDING_QUERY_MAX_CHARS,
   CONTEXT_OVERFLOW_SUMMARY_MESSAGES,
   RATE_LIMIT_MAX_RETRIES,
   SERVER_ERROR_MAX_RETRIES,
@@ -118,6 +125,7 @@ export {
   EMBEDDING_CACHE_EVICTION_RATIO,
   WEB_FETCH_MAX_TEXT_LENGTH,
   WEB_SEARCH_MAX_RESULTS,
+  TOOL_CONCURRENCY_LIMIT,
   TOOL_RAG_MIN_SCORE,
   TOOL_RAG_VECTOR_WEIGHT,
   TOOL_RAG_KEYWORD_WEIGHT