vellum 0.2.2 → 0.2.8

package/src/security/oauth2.ts

@@ -1,6 +1,10 @@
 /**
  * General-purpose OAuth2 Authorization Code flow with PKCE.
  *
+ * Supports two callback transports:
+ *   - loopback: spins up a local HTTP server on 127.0.0.1 (default when no public URL configured)
+ *   - gateway:  uses the gateway's OAuth callback route + in-memory registry (when ingress.publicBaseUrl is set)
+ *
  * Moved from integrations/oauth2.ts. Types that were in integrations/types.ts
  * are now inlined here since the integration framework is removed.
  */
@@ -39,6 +43,11 @@ export interface OAuth2FlowCallbacks {
   openUrl: (url: string) => void;
 }
 
+export interface OAuth2FlowOptions {
+  /** Which callback transport to use. When omitted, auto-detected from config. */
+  callbackTransport?: 'loopback' | 'gateway';
+}
+
 export interface OAuth2FlowResult {
   tokens: OAuth2TokenResult;
   grantedScopes: string[];
@@ -62,20 +71,107 @@ function generateState(): string {
 }
 
 // ---------------------------------------------------------------------------
-// Public API
+// Token exchange (shared between transports)
+// ---------------------------------------------------------------------------
+
+async function exchangeCodeForTokens(
+  config: OAuth2Config,
+  code: string,
+  redirectUri: string,
+  codeVerifier: string,
+): Promise<OAuth2FlowResult> {
+  const usePKCE = !config.clientSecret;
+
+  const tokenBody: Record<string, string> = {
+    grant_type: 'authorization_code',
+    code,
+    redirect_uri: redirectUri,
+    client_id: config.clientId,
+  };
+  if (usePKCE) {
+    tokenBody.code_verifier = codeVerifier;
+  }
+  if (config.clientSecret) {
+    tokenBody.client_secret = config.clientSecret;
+  }
+
+  const tokenResp = await fetch(config.tokenUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams(tokenBody),
+  });
+
+  if (!tokenResp.ok) {
+    const rawBody = await tokenResp.text().catch(() => '');
+    let safeDetail: Record<string, unknown> = {};
+    let errorCode = '';
+    try {
+      const parsed = JSON.parse(rawBody) as Record<string, unknown>;
+      if (parsed.error) { safeDetail.error = String(parsed.error); errorCode = String(parsed.error); }
+      if (parsed.error_description) safeDetail.error_description = String(parsed.error_description);
+    } catch {
+      safeDetail.error = '[non-JSON response]';
+    }
+    log.error({ status: tokenResp.status, ...safeDetail }, 'OAuth2 token exchange failed');
+    const detail = errorCode ? `HTTP ${tokenResp.status}: ${errorCode}` : `HTTP ${tokenResp.status}`;
+    throw new Error(`OAuth2 token exchange failed (${detail})`);
+  }
+
+  const tokenData = await tokenResp.json() as Record<string, unknown>;
+
+  // Slack V2 OAuth returns user tokens nested under `authed_user`
+  const authedUser = tokenData.authed_user as Record<string, unknown> | undefined;
+  const tokenSource = authedUser?.access_token ? authedUser : tokenData;
+
+  const tokens: OAuth2TokenResult = {
+    accessToken: (tokenSource.access_token as string) ?? (tokenData.access_token as string),
+    refreshToken: (tokenSource.refresh_token as string | undefined) ?? (tokenData.refresh_token as string | undefined),
+    expiresIn: (tokenSource.expires_in as number | undefined) ?? (tokenData.expires_in as number | undefined),
+    scope: (tokenSource.scope as string | undefined) ?? (tokenData.scope as string | undefined),
+    tokenType: (tokenSource.token_type as string | undefined) ?? (tokenData.token_type as string | undefined),
+  };
+
+  const grantedScopes = typeof tokens.scope === 'string'
+    ? tokens.scope.split(/[ ,]/).filter(Boolean)
+    : [...config.scopes];
+
+  return { tokens, grantedScopes, rawTokenResponse: tokenData };
+}
+
+// ---------------------------------------------------------------------------
+// Transport auto-detection
 // ---------------------------------------------------------------------------
 
 /**
- * Run a full OAuth2 PKCE authorization code flow using a loopback redirect.
+ * Determine which callback transport to use when not explicitly specified.
+ * Uses gateway if ingress.publicBaseUrl is configured, otherwise loopback.
  */
-export async function startOAuth2Flow(
+function detectTransport(): 'loopback' | 'gateway' {
+  try {
+    // Dynamic import avoided — loadConfig is synchronous and already used elsewhere.
+    const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+    const appConfig = loadConfig();
+    if (appConfig.ingress?.publicBaseUrl) {
+      return 'gateway';
+    }
+  } catch {
+    // Config loading failed — fall back to loopback
+    log.debug('Config not available for transport auto-detection, defaulting to loopback');
+  }
+  return 'loopback';
+}
+
+// ---------------------------------------------------------------------------
+// Loopback transport
+// ---------------------------------------------------------------------------
+
+async function runLoopbackFlow(
   config: OAuth2Config,
   callbacks: OAuth2FlowCallbacks,
+  codeVerifier: string,
+  codeChallenge: string,
+  state: string,
 ): Promise<OAuth2FlowResult> {
-  const codeVerifier = generateCodeVerifier();
-  const codeChallenge = generateCodeChallenge(codeVerifier);
-  const state = generateState();
-
   let resolveCode: (value: { code: string; returnedState: string }) => void;
   let rejectCode: (reason: Error) => void;
 
@@ -84,7 +180,6 @@ export async function startOAuth2Flow(
     rejectCode = reject;
   });
 
-  /** How long to wait for the user to complete the OAuth consent flow. */
   const FLOW_TIMEOUT_MS = 120_000;
 
   const timeout = setTimeout(() => {
@@ -153,64 +248,85 @@ export async function startOAuth2Flow(
       throw new Error('OAuth2 state mismatch — possible CSRF attack');
     }
 
-    const tokenBody: Record<string, string> = {
-      grant_type: 'authorization_code',
-      code,
-      redirect_uri: redirectUri,
-      client_id: config.clientId,
-    };
-    if (usePKCE) {
-      tokenBody.code_verifier = codeVerifier;
-    }
-    if (config.clientSecret) {
-      tokenBody.client_secret = config.clientSecret;
-    }
+    return await exchangeCodeForTokens(config, code, redirectUri, codeVerifier);
+  } finally {
+    clearTimeout(timeout);
+    server.stop(true);
+  }
+}
 
-    const tokenResp = await fetch(config.tokenUrl, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-      body: new URLSearchParams(tokenBody),
-    });
+// ---------------------------------------------------------------------------
+// Gateway transport
+// ---------------------------------------------------------------------------
 
-    if (!tokenResp.ok) {
-      const rawBody = await tokenResp.text().catch(() => '');
-      let safeDetail: Record<string, unknown> = {};
-      let errorCode = '';
-      try {
-        const parsed = JSON.parse(rawBody) as Record<string, unknown>;
-        if (parsed.error) { safeDetail.error = String(parsed.error); errorCode = String(parsed.error); }
-        if (parsed.error_description) safeDetail.error_description = String(parsed.error_description);
-      } catch {
-        safeDetail.error = '[non-JSON response]';
-      }
-      log.error({ status: tokenResp.status, ...safeDetail }, 'OAuth2 token exchange failed');
-      const detail = errorCode ? `HTTP ${tokenResp.status}: ${errorCode}` : `HTTP ${tokenResp.status}`;
-      throw new Error(`OAuth2 token exchange failed (${detail})`);
-    }
+async function runGatewayFlow(
+  config: OAuth2Config,
+  callbacks: OAuth2FlowCallbacks,
+  codeVerifier: string,
+  codeChallenge: string,
+  state: string,
+): Promise<OAuth2FlowResult> {
+  const { loadConfig } = require('../config/loader.js') as typeof import('../config/loader.js');
+  const { getOAuthCallbackUrl } = require('../inbound/public-ingress-urls.js') as typeof import('../inbound/public-ingress-urls.js');
+  const { registerPendingCallback } = require('./oauth-callback-registry.js') as typeof import('./oauth-callback-registry.js');
 
-    const tokenData = await tokenResp.json() as Record<string, unknown>;
+  const appConfig = loadConfig();
+  const redirectUri = getOAuthCallbackUrl(appConfig);
 
-    // Slack V2 OAuth returns user tokens nested under `authed_user`
-    const authedUser = tokenData.authed_user as Record<string, unknown> | undefined;
-    const tokenSource = authedUser?.access_token ? authedUser : tokenData;
+  const codePromise = new Promise<string>((resolve, reject) => {
+    registerPendingCallback(state, resolve, reject);
+  });
 
-    const tokens: OAuth2TokenResult = {
-      accessToken: (tokenSource.access_token as string) ?? (tokenData.access_token as string),
-      refreshToken: (tokenSource.refresh_token as string | undefined) ?? (tokenData.refresh_token as string | undefined),
-      expiresIn: (tokenSource.expires_in as number | undefined) ?? (tokenData.expires_in as number | undefined),
-      scope: (tokenSource.scope as string | undefined) ?? (tokenData.scope as string | undefined),
-      tokenType: (tokenSource.token_type as string | undefined) ?? (tokenData.token_type as string | undefined),
-    };
+  const usePKCE = !config.clientSecret;
+  const authParams = new URLSearchParams({
+    ...config.extraParams,
+    client_id: config.clientId,
+    redirect_uri: redirectUri,
+    response_type: 'code',
+    scope: config.scopes.join(' '),
+    state,
+    ...(usePKCE ? { code_challenge: codeChallenge, code_challenge_method: 'S256' } : {}),
+  });
 
-    const grantedScopes = typeof tokens.scope === 'string'
-      ? tokens.scope.split(/[ ,]/).filter(Boolean)
-      : [...config.scopes];
+  const authUrl = `${config.authUrl}?${authParams}`;
+  callbacks.openUrl(authUrl);
 
-    return { tokens, grantedScopes, rawTokenResponse: tokenData };
-  } finally {
-    clearTimeout(timeout);
-    server.stop(true);
+  const code = await codePromise;
+
+  return await exchangeCodeForTokens(config, code, redirectUri, codeVerifier);
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Run a full OAuth2 authorization code flow with PKCE support.
+ *
+ * Supports two callback transports:
+ *   - loopback (default): local HTTP server on 127.0.0.1
+ *   - gateway: callback via the gateway's OAuth route + in-memory registry
+ *
+ * Transport is auto-detected based on ingress.publicBaseUrl config unless
+ * explicitly specified via options.callbackTransport.
+ */
+export async function startOAuth2Flow(
+  config: OAuth2Config,
+  callbacks: OAuth2FlowCallbacks,
+  options?: OAuth2FlowOptions,
+): Promise<OAuth2FlowResult> {
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = generateCodeChallenge(codeVerifier);
+  const state = generateState();
+
+  const transport = options?.callbackTransport ?? detectTransport();
+  log.debug({ transport }, 'OAuth2 flow starting');
+
+  if (transport === 'gateway') {
+    return runGatewayFlow(config, callbacks, codeVerifier, codeChallenge, state);
   }
+
+  return runLoopbackFlow(config, callbacks, codeVerifier, codeChallenge, state);
 }
 
 /**

package/src/swarm/backend-claude-code.ts

@@ -117,7 +117,7 @@ export function createClaudeCodeBackend(): SwarmWorkerBackend {
 
               const parts: string[] = [`[${message.subtype}] (${message.num_turns} turns, ${(message.duration_ms / 1000).toFixed(1)}s)`];
               if (errors.length > 0) parts.push(`Errors: ${errors.join('; ')}`);
-              if (denials.length > 0) parts.push(`Permission denied: ${denials.map(d => d.tool_name).join(', ')}`);
+              if (denials.length > 0) parts.push(`Permission denied: ${denials.map((d: { tool_name: string }) => d.tool_name).join(', ')}`);
               resultText += `\n${parts.join('\n')}`;
             }
           }

package/src/tools/assets/search.ts

@@ -13,7 +13,7 @@ import type { Tool, ToolContext, ToolExecutionResult } from '../types.js';
 import type { ToolDefinition } from '../../providers/types.js';
 import { registerTool } from '../registry.js';
 import { getDb } from '../../memory/db.js';
-import { attachments, messageAttachments, messages, conversations, conversationKeys } from '../../memory/schema.js';
+import { attachments, messageAttachments, messages, conversations } from '../../memory/schema.js';
 import type { StoredAttachment } from '../../memory/attachments-store.js';
 import { isAttachmentVisible, type AttachmentContext } from '../../daemon/media-visibility-policy.js';
 import { getConversationThreadType } from '../../memory/conversation-store.js';
@@ -103,25 +103,6 @@ function isAttachmentVisibleFromContext(attachmentId: string, currentContext: At
   );
 }
 
-// ---------------------------------------------------------------------------
-// Assistant ID lookup
-// ---------------------------------------------------------------------------
-
-/**
- * Derive the assistant ID that owns a conversation via the conversation_keys
- * table. Returns null when no mapping exists (e.g. native macOS app sessions
- * that use the implicit 'local-assistant' identity).
- */
-function getAssistantIdForConversation(conversationId: string): string | null {
-  const db = getDb();
-  const row = db
-    .select({ assistantId: conversationKeys.assistantId })
-    .from(conversationKeys)
-    .where(eq(conversationKeys.conversationId, conversationId))
-    .get();
-  return row?.assistantId ?? null;
-}
-
 // ---------------------------------------------------------------------------
 // Search logic
 // ---------------------------------------------------------------------------
@@ -131,8 +112,6 @@ export interface AssetSearchParams {
   filename?: string;
   recency?: string;
   conversation_id?: string;
-  /** Tenant boundary — when set, only attachments belonging to this assistant are returned. */
-  assistant_id?: string;
   limit?: number;
 }
 
@@ -163,11 +142,6 @@ export function searchAttachments(params: AssetSearchParams): StoredAttachment[]
     }
   }
 
-  // Tenant boundary — restrict to the active assistant's attachments
-  if (params.assistant_id) {
-    conditions.push(eq(attachments.assistantId, params.assistant_id));
-  }
-
   // Conversation scope — join through message_attachments + messages
   if (params.conversation_id) {
     const linkedIds = db
@@ -207,11 +181,6 @@ export function searchAttachments(params: AssetSearchParams): StoredAttachment[]
         bindValues.push(Date.now() - offsetMs);
       }
     }
-    if (params.assistant_id) {
-      whereParts.push(`a.assistant_id = ?`);
-      bindValues.push(params.assistant_id);
-    }
-
     const limit = Math.min(params.limit ?? DEFAULT_LIMIT, MAX_RESULTS);
     const stmt = raw.prepare(
       `SELECT a.id, a.original_filename, a.mime_type, a.size_bytes, a.kind, a.thumbnail_base64, a.created_at
@@ -347,9 +316,6 @@ class AssetSearchTool implements Tool {
     }
 
     try {
-      // Scope results to the active assistant to prevent cross-tenant leaks
-      const assistantId = getAssistantIdForConversation(context.conversationId) ?? undefined;
-
       // Over-fetch with MAX_RESULTS so visibility filtering doesn't
       // under-fill the caller's requested limit.
       const results = searchAttachments({
@@ -357,7 +323,6 @@ class AssetSearchTool implements Tool {
         filename,
         recency,
         conversation_id: conversationId,
-        assistant_id: assistantId,
         limit: MAX_RESULTS,
       });
 

package/src/tools/browser/api-map.ts

@@ -38,12 +38,31 @@ export interface ApiMapResult {
 const UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
 const NUMERIC_RE = /^\d+$/;
 const HEX_HASH_RE = /^[0-9a-f]{8,}$/i;
+const DATE_RE = /^\d{4}-\d{2}-\d{2}$/;
+
+/** URL path patterns that indicate non-API noise. */
+const NOISE_PATH_PATTERNS = [
+  /\/web-translations\//,
+  /\/cdn-cgi\//,
+  /\.properties$/,
+  /\.js$/,
+  /\.css$/,
+  /\.woff2?$/,
+  /\.png$/,
+  /\.jpg$/,
+  /\.svg$/,
+  /\.ico$/,
+  /\.map$/,
+  /\/preference\//,
+  /\/userpreference-service\//,
+];
 
 /** Returns true when a path segment looks like a dynamic ID. */
 function isIdSegment(segment: string): boolean {
   if (NUMERIC_RE.test(segment)) return true;
   if (UUID_RE.test(segment)) return true;
   if (HEX_HASH_RE.test(segment)) return true;
+  if (DATE_RE.test(segment)) return true;
   return false;
 }
 
@@ -69,27 +88,43 @@ function tryParseJson(text: string | undefined): Record<string, unknown> | undef
   return undefined;
 }
 
+/** Extract GraphQL operation name from request body. */
+function extractGraphQLOperationName(postData: string | undefined): string | null {
+  if (!postData) return null;
+  const body = tryParseJson(postData);
+  if (!body) return null;
+  if (typeof body.operationName === 'string' && body.operationName) return body.operationName;
+  // Try extracting from query string: "query FooBar { ..." or "mutation FooBar { ..."
+  if (typeof body.query === 'string') {
+    const named = body.query.match(/(?:query|mutation|subscription)\s+(\w+)/);
+    if (named) return named[1];
+    // Unnamed query — extract the first field name: "query{fooBar(" or "query { fooBar {"
+    const firstField = body.query.match(/(?:query|mutation|subscription)\s*\{?\s*(\w+)/);
+    if (firstField) return firstField[1];
+  }
+  return null;
+}
+
 // ---------------------------------------------------------------------------
 // Core analysis
 // ---------------------------------------------------------------------------
 
+interface GroupData {
+  method: string;
+  urlPattern: string;
+  exampleUrl: string;
+  queryParams: Set<string>;
+  requestBodyKeys: Set<string>;
+  responseStatus: Set<number>;
+  responseBodyKeys: Set<string>;
+  count: number;
+}
+
 export function analyzeApiMap(
   entries: NetworkRecordedEntry[],
   domain: string,
 ): ApiMapResult {
-  const groups = new Map<
-    string,
-    {
-      method: string;
-      urlPattern: string;
-      exampleUrl: string;
-      queryParams: Set<string>;
-      requestBodyKeys: Set<string>;
-      responseStatus: Set<number>;
-      responseBodyKeys: Set<string>;
-      count: number;
-    }
-  >();
+  const groups = new Map<string, GroupData>();
 
   for (const entry of entries) {
     const { request, response } = entry;
@@ -97,11 +132,30 @@ export function analyzeApiMap(
     try {
       parsed = new URL(request.url);
     } catch {
-      continue; // skip malformed URLs
+      continue;
     }
 
+    // Skip non-API noise
+    if (NOISE_PATH_PATTERNS.some(p => p.test(parsed.pathname))) continue;
+
+    // Skip non-JSON responses
+    const mimeType = response?.mimeType ?? '';
+    if (response && !mimeType.includes('json') && !mimeType.includes('graphql')) continue;
+
     const method = request.method.toUpperCase();
-    const urlPattern = `${parsed.hostname}${normalizePathSegments(parsed.pathname)}`;
+    const normalizedPath = normalizePathSegments(parsed.pathname);
+    const basePattern = `${parsed.hostname}${normalizedPath}`;
+
+    // For GraphQL endpoints, split by operation name
+    let urlPattern = basePattern;
+    const isGraphQL = normalizedPath.includes('graphql');
+    if (isGraphQL && method === 'POST') {
+      const opName = extractGraphQLOperationName(request.postData);
+      if (opName) {
+        urlPattern = `${basePattern} → ${opName}`;
+      }
+    }
+
     const key = `${method} ${urlPattern}`;
 
     let group = groups.get(key);
@@ -121,26 +175,23 @@ export function analyzeApiMap(
 
     group.count++;
 
-    // Collect query param keys
     for (const paramKey of parsed.searchParams.keys()) {
       group.queryParams.add(paramKey);
     }
 
-    // Request body keys (POST/PUT/PATCH)
     if (['POST', 'PUT', 'PATCH'].includes(method)) {
       const body = tryParseJson(request.postData);
       if (body) {
         for (const k of Object.keys(body)) {
-          group.requestBodyKeys.add(k);
+          if (k !== 'query' && k !== 'operationName' && k !== 'extensions') {
+            group.requestBodyKeys.add(k);
+          }
         }
       }
     }
 
-    // Response status
     if (response) {
       group.responseStatus.add(response.status);
-
-      // Response body keys
       const resBody = tryParseJson(response.body);
       if (resBody) {
         for (const k of Object.keys(resBody)) {
@@ -161,13 +212,21 @@ export function analyzeApiMap(
     count: g.count,
   }));
 
-  // Sort by count descending, then by urlPattern for stability
-  endpoints.sort((a, b) => b.count - a.count || a.urlPattern.localeCompare(b.urlPattern));
+  // Sort: data endpoints first (low count = unique pages), then boilerplate
+  // Within each tier, sort alphabetically by pattern for readability
+  endpoints.sort((a, b) => {
+    const aIsBoilerplate = a.count > 15;
+    const bIsBoilerplate = b.count > 15;
+    if (aIsBoilerplate !== bIsBoilerplate) return aIsBoilerplate ? 1 : -1;
+    return a.urlPattern.localeCompare(b.urlPattern);
+  });
+
+  const totalApiRequests = endpoints.reduce((sum, ep) => sum + ep.count, 0);
 
   return {
     domain,
     analyzedAt: Date.now(),
-    totalRequests: entries.length,
+    totalRequests: totalApiRequests,
     endpoints,
   };
 }
@@ -191,30 +250,44 @@ export function saveApiMap(domain: string, result: ApiMapResult): string {
 // ---------------------------------------------------------------------------
 
 export function printApiMapTable(result: ApiMapResult): void {
-  console.log(`\nAPI Map for ${result.domain} — ${result.totalRequests} total requests, ${result.endpoints.length} unique endpoints\n`);
-
-  const header = ['Method', 'URL Pattern', 'Count', 'Status', 'Query Params'];
-  const rows = result.endpoints.map((ep) => [
-    ep.method,
-    ep.urlPattern,
-    String(ep.count),
-    ep.responseStatus.join(',') || '-',
-    ep.queryParams.join(',') || '-',
-  ]);
-
-  // Calculate column widths
-  const widths = header.map((h, i) =>
-    Math.max(h.length, ...rows.map((r) => r[i].length)),
-  );
-
-  const sep = widths.map((w) => '-'.repeat(w)).join(' | ');
-  const fmt = (row: string[]) =>
-    row.map((cell, i) => cell.padEnd(widths[i])).join(' | ');
-
-  console.log(fmt(header));
-  console.log(sep);
-  for (const row of rows) {
-    console.log(fmt(row));
-  }
-  console.log();
+  const dataEndpoints = result.endpoints.filter(ep => ep.count <= 15);
+  const boilerplate = result.endpoints.filter(ep => ep.count > 15);
+
+  console.log(`\nAPI Map for ${result.domain} — ${result.endpoints.length} endpoints discovered\n`);
+
+  const stripDomain = (pattern: string) => {
+    const idx = pattern.indexOf('/');
+    return idx >= 0 ? pattern.slice(idx) : pattern;
+  };
+
+  const printSection = (title: string, eps: ApiEndpoint[]) => {
+    if (eps.length === 0) return;
+    console.log(`  ${title} (${eps.length})\n`);
+
+    const header = ['Method', 'Endpoint', 'Hits', 'Response Keys'];
+    const rows = eps.map((ep) => [
+      ep.method,
+      stripDomain(ep.urlPattern),
+      String(ep.count),
+      ep.responseBodyKeys.slice(0, 5).join(', ') || '-',
+    ]);
+
+    const widths = header.map((h, i) =>
+      Math.min(i === 1 ? 72 : i === 3 ? 50 : 200, Math.max(h.length, ...rows.map((r) => r[i].length))),
+    );
+
+    const sep = widths.map((w) => '-'.repeat(w)).join(' | ');
+    const fmt = (row: string[]) =>
+      row.map((cell, i) => cell.slice(0, widths[i]).padEnd(widths[i])).join(' | ');
+
+    console.log(`  ${fmt(header)}`);
+    console.log(`  ${sep}`);
+    for (const row of rows) {
+      console.log(`  ${fmt(row)}`);
+    }
+    console.log();
+  };
+
+  printSection('DATA ENDPOINTS', dataEndpoints);
+  printSection('PAGE-LOAD BOILERPLATE', boilerplate);
 }