thevoidforge 21.0.7 → 21.0.9

package/dist/wizard/api/auth.js

@@ -4,7 +4,7 @@
  */
 import { addRoute } from '../router.js';
 import { parseJsonBody } from '../lib/body-parser.js';
-import { hasUsers, createUser, login, logout, validateSession, parseSessionCookie, buildSessionCookie, clearSessionCookie, isRemoteMode, checkRateLimit, getClientIp, getUserRole, isValidUsername, } from '../lib/tower-auth.js';
+import { hasUsers, createUser, login, logout, validateSession, parseSessionCookie, buildSessionCookie, clearSessionCookie, isRemoteMode, isLanMode, checkRateLimit, getClientIp, getUserRole, isValidUsername, } from '../lib/tower-auth.js';
 import { audit } from '../lib/audit-log.js';
 import { sendJson } from '../lib/http-helpers.js';
 // POST /api/auth/setup — Create initial admin user (only when no users exist)
@@ -114,8 +114,8 @@ addRoute('POST', '/api/auth/logout', async (req, res) => {
 });
 // GET /api/auth/session — Check if current session is valid
 addRoute('GET', '/api/auth/session', async (req, res) => {
-    if (!isRemoteMode()) {
-        sendJson(res, 200, { success: true, data: { authenticated: true, username: 'local', role: 'admin', remoteMode: false } });
+    if (!isRemoteMode() && !isLanMode()) {
+        sendJson(res, 200, { success: true, data: { authenticated: true, username: 'local', role: 'admin', remoteMode: false, lanMode: false } });
         return;
     }
     const token = parseSessionCookie(req.headers.cookie);
@@ -129,5 +129,5 @@ addRoute('GET', '/api/auth/session', async (req, res) => {
         sendJson(res, 200, { success: true, data: { authenticated: false, needsSetup: false } });
         return;
     }
-    sendJson(res, 200, { success: true, data: { authenticated: true, username: session.username, role: session.role, remoteMode: true } });
+    sendJson(res, 200, { success: true, data: { authenticated: true, username: session.username, role: session.role, remoteMode: isRemoteMode(), lanMode: isLanMode() } });
 });

package/dist/wizard/server.js

@@ -159,11 +159,10 @@ async function handleRequest(req, res) {
         sendJson(res, 403, { success: false, error: 'Missing X-VoidForge-Request header' });
         return;
     }
-    // LAN mode — full access. LAN is a private network (ZeroTier, local subnet),
-    // inherently more secure than remote. No endpoint restrictions.
-    // Auth: optional password (no TOTP). All features available.
-    // Auth middleware — in remote mode, require valid session for non-exempt paths
-    if (isRemoteMode()) {
+    // Auth middleware — in remote and LAN modes, require valid session for non-exempt paths.
+    // LAN mode has full access (same as remote) but simpler auth (password only, no TOTP).
+    // Local mode (127.0.0.1) has no auth — it's your own machine.
+    if (isRemoteMode() || isLanMode()) {
         const url = new URL(req.url ?? '/', `http://${req.headers.host ?? 'localhost'}`);
         if (!isAuthExempt(url.pathname)) {
             const token = parseSessionCookie(req.headers.cookie);

package/dist/wizard/ui/app.js

@@ -669,6 +669,50 @@
     }
   });
 
+  // PRD file upload + drag-and-drop
+  const dropzone = $('#prd-dropzone');
+  const fileInput = $('#prd-file-input');
+  const prdTextarea = $('#prd-paste');
+
+  if (dropzone && fileInput) {
+    function handlePrdFile(file) {
+      const reader = new FileReader();
+      reader.onload = function (e) {
+        prdTextarea.value = e.target.result;
+        showStatus(prdStatus, 'success', 'Loaded: ' + file.name + ' (' + file.size + ' bytes)');
+        dropzone.style.borderColor = 'var(--accent, #5b5bf7)';
+        setTimeout(function () { dropzone.style.borderColor = ''; }, 2000);
+      };
+      reader.onerror = function () {
+        showStatus(prdStatus, 'error', 'Failed to read file');
+      };
+      reader.readAsText(file);
+    }
+
+    dropzone.addEventListener('click', function () { fileInput.click(); });
+    dropzone.addEventListener('keydown', function (e) { if (e.key === 'Enter' || e.key === ' ') fileInput.click(); });
+
+    fileInput.addEventListener('change', function () {
+      if (fileInput.files && fileInput.files[0]) handlePrdFile(fileInput.files[0]);
+    });
+
+    dropzone.addEventListener('dragover', function (e) {
+      e.preventDefault();
+      dropzone.style.borderColor = 'var(--accent, #5b5bf7)';
+      dropzone.style.background = 'rgba(91, 91, 247, 0.05)';
+    });
+    dropzone.addEventListener('dragleave', function () {
+      dropzone.style.borderColor = '';
+      dropzone.style.background = '';
+    });
+    dropzone.addEventListener('drop', function (e) {
+      e.preventDefault();
+      dropzone.style.borderColor = '';
+      dropzone.style.background = '';
+      if (e.dataTransfer.files && e.dataTransfer.files[0]) handlePrdFile(e.dataTransfer.files[0]);
+    });
+  }
+
   let cachedPrompt = null;
   $('#copy-prd-prompt').addEventListener('click', async () => {
     const promptCopyStatus = $('#prompt-copy-status');

package/dist/wizard/ui/index.html

@@ -177,11 +177,19 @@
 
         <div class="tab-panel" id="tab-paste" role="tabpanel" aria-labelledby="tab-btn-paste">
           <div class="card">
-            <p>Already have a PRD, or prefer to generate one with a different AI? Paste the finished result below.</p>
+            <p>Already have a PRD? Drop the file here, upload it, or paste below.</p>
+
+            <div class="field">
+              <div id="prd-dropzone" style="border: 2px dashed var(--border, #333); border-radius: 8px; padding: 2rem; text-align: center; cursor: pointer; transition: border-color 0.2s, background 0.2s; margin-bottom: 12px;" role="button" tabindex="0" aria-label="Drop a PRD file here or click to upload">
+                <p style="margin: 0 0 8px 0; font-size: 1.1em;">Drop your PRD file here</p>
+                <p style="margin: 0; opacity: 0.6; font-size: 0.9em;">or click to browse (.md, .txt, .yaml)</p>
+                <input type="file" id="prd-file-input" accept=".md,.txt,.yaml,.yml,.markdown" style="display: none;">
+              </div>
+            </div>
 
             <div class="field">
               <label>PRD Generator Prompt</label>
-              <p class="field-hint" style="margin-bottom: 8px;">Copy this prompt into ChatGPT, Gemini, or any AI — then paste the output below.</p>
+              <p class="field-hint" style="margin-bottom: 8px;">Or copy this prompt into ChatGPT, Gemini, or any AI — then paste the output below.</p>
               <button class="btn btn-secondary" id="copy-prd-prompt" type="button">Copy Generator Prompt to Clipboard</button>
               <div class="status-row" id="prompt-copy-status" role="status" aria-live="polite"></div>
             </div>

package/dist/wizard/ui/lobby.js

@@ -710,14 +710,14 @@
       const res = await fetch('/api/auth/session');
       const body = await res.json();
       const data = body.data || {};
-      if (data.remoteMode && data.authenticated) {
+      if ((data.remoteMode || data.lanMode) && data.authenticated) {
         currentUser = { username: data.username || '', role: data.role || 'viewer' };
         const roleLabel = { admin: 'Admin', deployer: 'Deployer', viewer: 'Viewer' }[data.role] || '';
         authUser.textContent = data.username + (roleLabel ? ' (' + roleLabel + ')' : '');
         authUser.style.display = '';
         btnLogout.style.display = '';
       }
-      if (data.remoteMode && !data.authenticated) {
+      if ((data.remoteMode || data.lanMode) && !data.authenticated) {
         window.location.href = '/login.html';
       }
     } catch { /* local mode — no auth needed */ }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "thevoidforge",
-  "version": "21.0.7",
+  "version": "21.0.9",
   "description": "From nothing, everything. A methodology framework for building with Claude Code.",
   "type": "module",
   "engines": {