thevoidforge 21.0.0

package/dist/wizard/lib/updater.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Update mechanisms — methodology update (replaces /void git-fetch),
+ * self-update, and extension update.
+ */
+export interface UpdatePlan {
+    added: string[];
+    modified: string[];
+    removed: string[];
+    unchanged: number;
+}
+export interface UpdateResult {
+    applied: boolean;
+    plan: UpdatePlan;
+    newVersion: string;
+}
+/**
+ * Diff methodology source against project files.
+ * Returns a plan showing what would change.
+ */
+export declare function diffMethodology(projectDir: string): Promise<UpdatePlan>;
+/**
+ * Apply the update plan — copy new/modified files from source to project.
+ * Does NOT delete removed files (user may have customizations).
+ */
+export declare function applyUpdate(projectDir: string): Promise<UpdateResult>;
+export declare function selfUpdate(): {
+    success: boolean;
+    message: string;
+};

package/dist/wizard/lib/updater.js

@@ -0,0 +1,190 @@
+/**
+ * Update mechanisms — methodology update (replaces /void git-fetch),
+ * self-update, and extension update.
+ */
+import { readFile, readdir, cp } from 'node:fs/promises';
+import { existsSync } from 'node:fs';
+import { join } from 'node:path';
+import { execSync } from 'node:child_process';
+import { readMarker, writeMarker } from './marker.js';
+// ── Methodology Source Resolution ────────────────────────
+async function resolveMethodologySource() {
+    const dir = import.meta.dirname ?? new URL('.', import.meta.url).pathname;
+    let current = dir;
+    for (let i = 0; i < 10; i++) {
+        if (existsSync(join(current, 'CLAUDE.md')) && existsSync(join(current, '.claude', 'commands'))) {
+            return current;
+        }
+        const { resolve } = await import('node:path');
+        current = resolve(current, '..');
+    }
+    try {
+        const { createRequire } = await import('node:module');
+        const require_ = createRequire(import.meta.url);
+        const pkgPath = require_.resolve('@voidforge/methodology/package.json');
+        const { resolve } = await import('node:path');
+        return resolve(pkgPath, '..');
+    }
+    catch {
+        // Not installed
+    }
+    throw new Error('Cannot find methodology source for update.');
+}
+// ── Diff ─────────────────────────────────────────────────
+async function collectFiles(dir, base = '') {
+    if (!existsSync(dir))
+        return [];
+    const files = [];
+    const entries = await readdir(dir, { withFileTypes: true });
+    for (const entry of entries) {
+        const rel = base ? `${base}/${entry.name}` : entry.name;
+        if (entry.isDirectory()) {
+            files.push(...await collectFiles(join(dir, entry.name), rel));
+        }
+        else {
+            files.push(rel);
+        }
+    }
+    return files;
+}
+/**
+ * Diff methodology source against project files.
+ * Returns a plan showing what would change.
+ */
+export async function diffMethodology(projectDir) {
+    const sourceRoot = await resolveMethodologySource();
+    const plan = { added: [], modified: [], removed: [], unchanged: 0 };
+    // Directories to compare
+    const dirs = [
+        { src: '.claude/commands', dest: '.claude/commands' },
+        { src: 'docs/methods', dest: 'docs/methods' },
+        { src: 'docs/patterns', dest: 'docs/patterns' },
+        { src: 'scripts/thumper', dest: 'scripts/thumper' },
+    ];
+    // Single files to compare
+    const singleFiles = ['CLAUDE.md', 'HOLOCRON.md', 'VERSION.md'];
+    // Check single files
+    for (const file of singleFiles) {
+        const srcPath = join(sourceRoot, file);
+        const destPath = join(projectDir, file);
+        if (!existsSync(srcPath))
+            continue;
+        if (!existsSync(destPath)) {
+            plan.added.push(file);
+        }
+        else {
+            const srcContent = await readFile(srcPath, 'utf-8');
+            const destContent = await readFile(destPath, 'utf-8');
+            // Skip CLAUDE.md first 10 lines (project identity) when comparing
+            if (file === 'CLAUDE.md') {
+                const srcLines = srcContent.split('\n').slice(10).join('\n');
+                const destLines = destContent.split('\n').slice(10).join('\n');
+                if (srcLines !== destLines)
+                    plan.modified.push(file);
+                else
+                    plan.unchanged++;
+            }
+            else {
+                if (srcContent !== destContent)
+                    plan.modified.push(file);
+                else
+                    plan.unchanged++;
+            }
+        }
+    }
+    // Check directories
+    for (const { src, dest } of dirs) {
+        const srcDir = join(sourceRoot, src);
+        const destDir = join(projectDir, dest);
+        const srcFiles = await collectFiles(srcDir);
+        const destFiles = await collectFiles(destDir);
+        const srcSet = new Set(srcFiles);
+        const destSet = new Set(destFiles);
+        for (const file of srcFiles) {
+            const fullDest = join(destDir, file);
+            if (!destSet.has(file)) {
+                plan.added.push(`${dest}/${file}`);
+            }
+            else {
+                const srcContent = await readFile(join(srcDir, file), 'utf-8');
+                const destContent = await readFile(fullDest, 'utf-8');
+                if (srcContent !== destContent) {
+                    plan.modified.push(`${dest}/${file}`);
+                }
+                else {
+                    plan.unchanged++;
+                }
+            }
+        }
+        // Files in project but not in source (removed upstream)
+        for (const file of destFiles) {
+            if (!srcSet.has(file)) {
+                plan.removed.push(`${dest}/${file}`);
+            }
+        }
+    }
+    return plan;
+}
+// ── Apply Update ─────────────────────────────────────────
+/**
+ * Apply the update plan — copy new/modified files from source to project.
+ * Does NOT delete removed files (user may have customizations).
+ */
+export async function applyUpdate(projectDir) {
+    const sourceRoot = await resolveMethodologySource();
+    const plan = await diffMethodology(projectDir);
+    // Read source VERSION.md for new version
+    let newVersion = 'unknown';
+    const versionPath = join(sourceRoot, 'VERSION.md');
+    if (existsSync(versionPath)) {
+        const content = await readFile(versionPath, 'utf-8');
+        const match = content.match(/(\d+\.\d+\.\d+)/);
+        if (match)
+            newVersion = match[1];
+    }
+    if (plan.added.length === 0 && plan.modified.length === 0) {
+        return { applied: false, plan, newVersion };
+    }
+    // Copy added + modified files
+    const { mkdir } = await import('node:fs/promises');
+    for (const file of [...plan.added, ...plan.modified]) {
+        // Special handling for CLAUDE.md: preserve project identity (first 10 lines)
+        if (file === 'CLAUDE.md') {
+            const srcContent = await readFile(join(sourceRoot, file), 'utf-8');
+            const destPath = join(projectDir, file);
+            if (existsSync(destPath)) {
+                const destContent = await readFile(destPath, 'utf-8');
+                const destIdentity = destContent.split('\n').slice(0, 10).join('\n');
+                const srcBody = srcContent.split('\n').slice(10).join('\n');
+                await import('node:fs/promises').then(fs => fs.writeFile(destPath, destIdentity + '\n' + srcBody, 'utf-8'));
+            }
+            else {
+                await cp(join(sourceRoot, file), destPath);
+            }
+            continue;
+        }
+        const srcPath = join(sourceRoot, file);
+        const destPath = join(projectDir, file);
+        const destDir = join(destPath, '..');
+        await mkdir(destDir, { recursive: true });
+        await cp(srcPath, destPath);
+    }
+    // Update marker version
+    const marker = await readMarker(projectDir);
+    if (marker) {
+        marker.version = newVersion;
+        await writeMarker(projectDir, marker);
+    }
+    return { applied: true, plan, newVersion };
+}
+// ── Self-Update ──────────────────────────────────────────
+export function selfUpdate() {
+    try {
+        execSync('npm update -g voidforge', { stdio: 'pipe' });
+        return { success: true, message: 'VoidForge updated successfully.' };
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        return { success: false, message: `Self-update failed: ${msg}` };
+    }
+}

package/dist/wizard/lib/user-manager.d.ts

@@ -0,0 +1,39 @@
+/**
+ * User Manager — Multi-user RBAC for Avengers Tower v7.0.
+ *
+ * Invitation-only user creation. No self-registration.
+ * Three roles: admin (full), deployer (build/deploy), viewer (read-only).
+ * Invite tokens: cryptographically random, single-use, 24h expiry.
+ */
+import { removeUser, updateUserRole, listUsers, getUserRole, type UserRole, type SessionInfo } from './tower-auth.js';
+export declare function isValidRole(role: string): role is UserRole;
+/**
+ * Check if a session has the required role.
+ * Role hierarchy: admin > deployer > viewer.
+ */
+export declare function hasRole(session: SessionInfo, requiredRole: UserRole): boolean;
+/**
+ * Create an invitation token for a new user.
+ * Only admins can create invites.
+ */
+export declare function createInvite(role: UserRole, callerSession: SessionInfo, ip: string): Promise<{
+    token: string;
+    expiresAt: number;
+}>;
+/**
+ * Complete an invitation — new user sets username, password, and gets TOTP secret.
+ * The invite token is consumed (single-use). If user creation fails, the invite
+ * is restored so it can be retried.
+ */
+export declare function completeInvite(inviteToken: string, username: string, password: string, ip: string): Promise<{
+    totpSecret: string;
+    totpUri: string;
+    role: UserRole;
+}>;
+/**
+ * Check if a session has the required access level for a project.
+ * Admins have implicit access to all projects. Owners have full access.
+ * Others need an explicit access list entry with sufficient role.
+ */
+export declare function hasProjectAccess(session: SessionInfo, projectId: string, requiredRole: 'admin' | 'deployer' | 'viewer'): Promise<boolean>;
+export { removeUser, updateUserRole, listUsers, getUserRole, type UserRole, type SessionInfo, };

package/dist/wizard/lib/user-manager.js

@@ -0,0 +1,182 @@
+/**
+ * User Manager — Multi-user RBAC for Avengers Tower v7.0.
+ *
+ * Invitation-only user creation. No self-registration.
+ * Three roles: admin (full), deployer (build/deploy), viewer (read-only).
+ * Invite tokens: cryptographically random, single-use, 24h expiry.
+ */
+import { randomBytes, timingSafeEqual } from 'node:crypto';
+import { readFile, mkdir, open, rename } from 'node:fs/promises';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { createUser, removeUser, updateUserRole, listUsers, getUserRole, } from './tower-auth.js';
+import { audit } from './audit-log.js';
+const VOIDFORGE_DIR = join(homedir(), '.voidforge');
+const INVITES_PATH = join(VOIDFORGE_DIR, 'invites.json');
+const INVITE_TTL_MS = 24 * 60 * 60 * 1000; // 24 hours
+const MAX_PENDING_INVITES = 50;
+// ── Write serialization ────────────────────────────
+let writeQueue = Promise.resolve();
+function serialized(fn) {
+    const result = writeQueue.then(fn, () => fn());
+    writeQueue = result.then(() => { }, () => { });
+    return result;
+}
+// ── Invite store I/O ───────────────────────────────
+async function readInviteStore() {
+    try {
+        const raw = await readFile(INVITES_PATH, 'utf-8');
+        const parsed = JSON.parse(raw);
+        if (typeof parsed !== 'object' || !Array.isArray(parsed.invites)) {
+            throw new Error('Invalid invite store format');
+        }
+        return parsed;
+    }
+    catch (err) {
+        if (err instanceof Error && 'code' in err && err.code === 'ENOENT') {
+            return { invites: [] };
+        }
+        throw err;
+    }
+}
+async function writeInviteStore(store) {
+    await mkdir(VOIDFORGE_DIR, { recursive: true });
+    const data = JSON.stringify(store, null, 2);
+    const tmpPath = INVITES_PATH + '.tmp';
+    const fh = await open(tmpPath, 'w', 0o600);
+    try {
+        await fh.writeFile(data);
+        await fh.sync();
+    }
+    finally {
+        await fh.close();
+    }
+    await rename(tmpPath, INVITES_PATH);
+}
+// ── Role validation ────────────────────────────────
+const VALID_ROLES = new Set(['admin', 'deployer', 'viewer']);
+export function isValidRole(role) {
+    return VALID_ROLES.has(role);
+}
+/**
+ * Check if a session has the required role.
+ * Role hierarchy: admin > deployer > viewer.
+ */
+export function hasRole(session, requiredRole) {
+    if (session.role === 'admin')
+        return true;
+    if (session.role === 'deployer')
+        return requiredRole !== 'admin';
+    return requiredRole === 'viewer';
+}
+// ── Invite management ──────────────────────────────
+/**
+ * Create an invitation token for a new user.
+ * Only admins can create invites.
+ */
+export async function createInvite(role, callerSession, ip) {
+    if (!hasRole(callerSession, 'admin')) {
+        await audit('access_denied', ip, callerSession.username, {
+            action: 'create_invite',
+            reason: 'insufficient_role',
+        });
+        throw new Error('Admin role required');
+    }
+    if (!isValidRole(role)) {
+        throw new Error('Invalid role');
+    }
+    return serialized(async () => {
+        const store = await readInviteStore();
+        // Purge expired invites
+        const now = Date.now();
+        store.invites = store.invites.filter((inv) => inv.expiresAt > now);
+        if (store.invites.length >= MAX_PENDING_INVITES) {
+            throw new Error('Too many pending invites');
+        }
+        const token = randomBytes(32).toString('hex');
+        const invite = {
+            token,
+            role,
+            createdBy: callerSession.username,
+            createdAt: new Date().toISOString(),
+            expiresAt: now + INVITE_TTL_MS,
+        };
+        store.invites.push(invite);
+        await writeInviteStore(store);
+        await audit('invite_create', ip, callerSession.username, {
+            role,
+            expiresIn: '24h',
+        });
+        return { token, expiresAt: invite.expiresAt };
+    });
+}
+/**
+ * Complete an invitation — new user sets username, password, and gets TOTP secret.
+ * The invite token is consumed (single-use). If user creation fails, the invite
+ * is restored so it can be retried.
+ */
+export async function completeInvite(inviteToken, username, password, ip) {
+    // Validate and consume the invite token (timing-safe comparison)
+    const invite = await serialized(async () => {
+        const store = await readInviteStore();
+        const now = Date.now();
+        // Purge expired
+        store.invites = store.invites.filter((inv) => inv.expiresAt > now);
+        // Timing-safe token lookup — prevent timing side-channel on public endpoint
+        const tokenBuf = Buffer.from(inviteToken);
+        let matchIdx = -1;
+        for (let i = 0; i < store.invites.length; i++) {
+            const storedBuf = Buffer.from(store.invites[i].token);
+            if (tokenBuf.length === storedBuf.length && timingSafeEqual(tokenBuf, storedBuf)) {
+                matchIdx = i;
+            }
+        }
+        if (matchIdx === -1) {
+            throw new Error('Invalid or expired invite');
+        }
+        const found = store.invites[matchIdx];
+        store.invites.splice(matchIdx, 1); // Consume the token
+        await writeInviteStore(store);
+        return found;
+    });
+    // Create the user via tower-auth (handles password hashing, TOTP generation)
+    // If creation fails, restore the invite so it can be retried
+    let result;
+    try {
+        result = await createUser(username, password, invite.role);
+    }
+    catch (err) {
+        // Rollback: re-insert the invite token
+        await serialized(async () => {
+            const store = await readInviteStore();
+            store.invites.push(invite);
+            await writeInviteStore(store);
+        });
+        throw err;
+    }
+    await audit('invite_complete', ip, username, {
+        role: invite.role,
+        invitedBy: invite.createdBy,
+    });
+    return { ...result, role: invite.role };
+}
+// ── Per-project access checking ────────────────────
+import { checkProjectAccess } from './project-registry.js';
+/**
+ * Check if a session has the required access level for a project.
+ * Admins have implicit access to all projects. Owners have full access.
+ * Others need an explicit access list entry with sufficient role.
+ */
+export async function hasProjectAccess(session, projectId, requiredRole) {
+    const effectiveRole = await checkProjectAccess(projectId, session.username, session.role);
+    if (!effectiveRole)
+        return false;
+    // Check hierarchy: admin > deployer > viewer
+    if (effectiveRole === 'admin')
+        return true;
+    if (effectiveRole === 'deployer')
+        return requiredRole !== 'admin';
+    return requiredRole === 'viewer';
+}
+// ── Re-exports for convenience ─────────────────────
+export { removeUser, updateUserRole, listUsers, getUserRole, };

package/dist/wizard/lib/vault.d.ts

@@ -0,0 +1,26 @@
+/**
+ * Password-encrypted credential vault using Node.js built-in crypto.
+ *
+ * - AES-256-GCM encryption
+ * - PBKDF2 key derivation (100k iterations, SHA-512)
+ * - Stored at ~/.voidforge/vault.enc
+ * - Works on macOS, Linux, Windows — zero dependencies
+ * - User provides the password; they can store it however they want
+ *   (memory, 1Password, macOS Keychain, etc.)
+ */
+/** Store a credential in the encrypted vault */
+export declare function vaultSet(password: string, key: string, value: string): Promise<void>;
+/** Retrieve a credential from the encrypted vault */
+export declare function vaultGet(password: string, key: string): Promise<string | null>;
+/** Delete a credential from the vault */
+export declare function vaultDelete(password: string, key: string): Promise<void>;
+/** Check if a vault file exists (doesn't need password) */
+export declare function vaultExists(): boolean;
+/** Check if the password can decrypt the vault (password verification) */
+export declare function vaultUnlock(password: string): Promise<boolean>;
+/** List which keys are stored (requires password) */
+export declare function vaultKeys(password: string): Promise<string[]>;
+/** Clear the in-memory session cache */
+export declare function vaultLock(): void;
+/** Return the vault file path (for display purposes) */
+export declare function vaultPath(): string;

package/dist/wizard/lib/vault.js

@@ -0,0 +1,161 @@
+/**
+ * Password-encrypted credential vault using Node.js built-in crypto.
+ *
+ * - AES-256-GCM encryption
+ * - PBKDF2 key derivation (100k iterations, SHA-512)
+ * - Stored at ~/.voidforge/vault.enc
+ * - Works on macOS, Linux, Windows — zero dependencies
+ * - User provides the password; they can store it however they want
+ *   (memory, 1Password, macOS Keychain, etc.)
+ */
+import { createCipheriv, createDecipheriv, pbkdf2, randomBytes, timingSafeEqual } from 'node:crypto';
+import { readFile, rename, mkdir, open } from 'node:fs/promises';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+import { homedir } from 'node:os';
+const VAULT_DIR = join(homedir(), '.voidforge');
+const VAULT_PATH = join(VAULT_DIR, 'vault.enc');
+const ALGORITHM = 'aes-256-gcm';
+const KEY_LENGTH = 32;
+const IV_LENGTH = 16;
+const SALT_LENGTH = 32;
+const AUTH_TAG_LENGTH = 16;
+const PBKDF2_ITERATIONS = 100_000;
+const PBKDF2_DIGEST = 'sha512';
+const MAX_PASSWORD_LENGTH = 256;
+/** In-memory cache so we don't re-read the file on every call within a session */
+let sessionCache = null;
+/** Write queue to serialize all vault operations and prevent race conditions */
+let writeQueue = Promise.resolve();
+function serialized(fn) {
+    const result = writeQueue.then(fn, () => fn());
+    // Keep the chain going even if this operation fails
+    writeQueue = result.then(() => { }, () => { });
+    return result;
+}
+async function deriveKey(password, salt) {
+    const capped = password.slice(0, MAX_PASSWORD_LENGTH);
+    return new Promise((resolve, reject) => {
+        pbkdf2(capped, salt, PBKDF2_ITERATIONS, KEY_LENGTH, PBKDF2_DIGEST, (err, key) => {
+            if (err)
+                reject(err);
+            else
+                resolve(key);
+        });
+    });
+}
+async function encrypt(plaintext, password) {
+    const salt = randomBytes(SALT_LENGTH);
+    const iv = randomBytes(IV_LENGTH);
+    const key = await deriveKey(password, salt);
+    const cipher = createCipheriv(ALGORITHM, key, iv);
+    const encrypted = Buffer.concat([cipher.update(plaintext, 'utf-8'), cipher.final()]);
+    const authTag = cipher.getAuthTag();
+    // Format: salt (32) + iv (16) + authTag (16) + ciphertext
+    return Buffer.concat([salt, iv, authTag, encrypted]);
+}
+async function decrypt(data, password) {
+    const salt = data.subarray(0, SALT_LENGTH);
+    const iv = data.subarray(SALT_LENGTH, SALT_LENGTH + IV_LENGTH);
+    const authTag = data.subarray(SALT_LENGTH + IV_LENGTH, SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const ciphertext = data.subarray(SALT_LENGTH + IV_LENGTH + AUTH_TAG_LENGTH);
+    const key = await deriveKey(password, salt);
+    const decipher = createDecipheriv(ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    const decrypted = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
+    return decrypted.toString('utf-8');
+}
+async function readVault(password) {
+    // QA-R2-002: Use timing-safe comparison for cache password check
+    // IG-R2: Return a shallow copy from cache to prevent caller mutation from corrupting the cache
+    if (sessionCache) {
+        const a = Buffer.from(sessionCache.password, 'utf-8');
+        const b = Buffer.from(password, 'utf-8');
+        if (a.length === b.length && timingSafeEqual(a, b)) {
+            return { ...sessionCache.data };
+        }
+    }
+    if (!existsSync(VAULT_PATH)) {
+        return {};
+    }
+    const raw = await readFile(VAULT_PATH);
+    const json = await decrypt(raw, password);
+    const data = JSON.parse(json);
+    sessionCache = { password, data };
+    return { ...data };
+}
+async function writeVault(password, data) {
+    await mkdir(VAULT_DIR, { recursive: true });
+    const json = JSON.stringify(data);
+    const encrypted = await encrypt(json, password);
+    // Atomic write: write to temp file, fsync, then rename over the real file.
+    // This prevents corruption if the process crashes mid-write.
+    const tmpPath = VAULT_PATH + '.tmp';
+    const fh = await open(tmpPath, 'w', 0o600);
+    try {
+        await fh.writeFile(encrypted);
+        await fh.sync();
+    }
+    finally {
+        await fh.close();
+    }
+    await rename(tmpPath, VAULT_PATH);
+    sessionCache = { password, data };
+}
+/** Store a credential in the encrypted vault */
+export function vaultSet(password, key, value) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        data[key] = value;
+        await writeVault(password, data);
+    });
+}
+/** Retrieve a credential from the encrypted vault */
+export function vaultGet(password, key) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        return data[key] ?? null;
+    });
+}
+/** Delete a credential from the vault */
+export function vaultDelete(password, key) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        delete data[key];
+        await writeVault(password, data);
+    });
+}
+/** Check if a vault file exists (doesn't need password) */
+export function vaultExists() {
+    return existsSync(VAULT_PATH);
+}
+/** Check if the password can decrypt the vault (password verification) */
+export function vaultUnlock(password) {
+    if (!existsSync(VAULT_PATH)) {
+        return Promise.resolve(true);
+    }
+    return serialized(async () => {
+        try {
+            await readVault(password);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    });
+}
+/** List which keys are stored (requires password) */
+export function vaultKeys(password) {
+    return serialized(async () => {
+        const data = await readVault(password);
+        return Object.keys(data);
+    });
+}
+/** Clear the in-memory session cache */
+export function vaultLock() {
+    sessionCache = null;
+}
+/** Return the vault file path (for display purposes) */
+export function vaultPath() {
+    return VAULT_PATH;
+}

package/dist/wizard/router.d.ts

@@ -0,0 +1,5 @@
+import type { IncomingMessage, ServerResponse } from 'node:http';
+type Handler = (req: IncomingMessage, res: ServerResponse) => Promise<void>;
+export declare function addRoute(method: string, path: string, handler: Handler): void;
+export declare function route(req: IncomingMessage, res: ServerResponse): Handler | null;
+export {};

package/dist/wizard/router.js

@@ -0,0 +1,15 @@
+const routes = [];
+export function addRoute(method, path, handler) {
+    routes.push({ method: method.toUpperCase(), path, handler });
+}
+export function route(req, res) {
+    const method = req.method?.toUpperCase() ?? 'GET';
+    const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
+    const path = url.pathname;
+    for (const r of routes) {
+        if (r.method === method && r.path === path) {
+            return r.handler;
+        }
+    }
+    return null;
+}

package/dist/wizard/server.d.ts

@@ -0,0 +1,18 @@
+import './api/credentials.js';
+import './api/cloud-providers.js';
+import './api/prd.js';
+import './api/project.js';
+import './api/provision.js';
+import './api/deploy.js';
+import './api/projects.js';
+import './api/auth.js';
+import './api/users.js';
+import './api/blueprint.js';
+import './api/danger-room.js';
+import './api/war-room.js';
+export declare function checkNativeModulesChanged(): Promise<boolean>;
+export declare function startServer(port: number, options?: {
+    remote?: boolean;
+    lan?: boolean;
+    host?: string;
+}): Promise<void>;