vibeoscore 1.0.2 → 1.0.8

package/lib/tdd.js

@@ -1,218 +0,0 @@
-function extractExports(sourceContent, ext) {
-  if (!sourceContent || typeof sourceContent !== "string") return []
-  const exports = []
-  const seen = new Set()
-  const add = (name, type = "function") => {
-    if (name && !seen.has(name)) { seen.add(name); exports.push({ name, type }) }
-  }
-
-  switch (ext) {
-    case "py": {
-      const defRe = /^def\s+([a-zA-Z_]\w*)\s*\(/gm
-      const classRe = /^class\s+([a-zA-Z_]\w*)/gm
-      let m
-      while ((m = defRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = classRe.exec(sourceContent)) !== null) add(m[1], "class")
-      break
-    }
-    case "js": case "mjs": case "jsx": {
-      const funcRe = /^(?:export\s+)?(?:async\s+)?function\s+([a-zA-Z_$]\w*)\s*\(/gm
-      const constRe = /^(?:export\s+)?const\s+([a-zA-Z_$]\w*)\s*[:=]\s*(?:async\s+)?(?:\(|function)/gm
-      let m
-      while ((m = funcRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = constRe.exec(sourceContent)) !== null) add(m[1], "function")
-      break
-    }
-    case "ts": case "tsx": {
-      const funcRe = /^(?:export\s+)?(?:async\s+)?function\s+([a-zA-Z_$]\w*)\s*\(/gm
-      const constRe = /^(?:export\s+)?const\s+([a-zA-Z_$]\w*)\s*[:=]\s*(?:async\s+)?(?:\(|function)/gm
-      const classRe = /^(?:export\s+)?class\s+([a-zA-Z_$]\w*)/gm
-      let m
-      while ((m = funcRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = constRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = classRe.exec(sourceContent)) !== null) add(m[1], "class")
-      break
-    }
-    case "go": {
-      const funcRe = /^func\s+(?:\([^)]+\)\s+)?([a-zA-Z_]\w*)\s*\(/gm
-      let m
-      while ((m = funcRe.exec(sourceContent)) !== null) add(m[1], "function")
-      break
-    }
-    case "rs": {
-      const fnRe = /^pub\s+(?:async\s+)?fn\s+([a-zA-Z_]\w*)\s*[<(]/gm
-      const structRe = /^pub\s+struct\s+([a-zA-Z_]\w*)/gm
-      let m
-      while ((m = fnRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = structRe.exec(sourceContent)) !== null) add(m[1], "struct")
-      break
-    }
-    case "rb": {
-      const defRe = /^\s*def\s+(?:self\.)?([a-zA-Z_]\w*[!?=]?)/gm
-      const classRe = /^\s*class\s+([a-zA-Z_]\w*)/gm
-      let m
-      while ((m = defRe.exec(sourceContent)) !== null) add(m[1], "function")
-      while ((m = classRe.exec(sourceContent)) !== null) add(m[1], "class")
-      break
-    }
-    case "java": case "kt": {
-      const methodRe = /^\s*(?:public|protected|private|\s)+\s+(?:static\s+)?(?:final\s+)?\w+\s+([a-zA-Z_]\w*)\s*\(/gm
-      const funRe = /^\s*(?:fun)\s+([a-zA-Z_]\w*)\s*[<(]/gm
-      let m
-      while ((m = ext === "kt" ? funRe.exec(sourceContent) : methodRe.exec(sourceContent)) !== null) add(m[1], "function")
-      break
-    }
-    case "sh": {
-      const funcRe = /^(?:function\s+)?([a-zA-Z_]\w*)\s*\(\)/gm
-      let m
-      while ((m = funcRe.exec(sourceContent)) !== null) add(m[1], "function")
-      break
-    }
-  }
-  return exports
-}
-
-function inferFunctionParams(sourceContent, funcName) {
-  if (!sourceContent || !funcName) return []
-  const patterns = [
-    new RegExp(`(?:export\\s+)?(?:async\\s+)?function\\s+${escapeRegex(funcName)}\\s*\\(([^)]*)\\)`, "m"),
-    new RegExp(`(?:export\\s+)?const\\s+${escapeRegex(funcName)}\\s*[:=]\\s*(?:async\\s+)?\\(([^)]*)\\)`, "m"),
-    new RegExp(`def\\s+${escapeRegex(funcName)}\\s*\\(([^)]*)\\)`, "m"),
-    new RegExp(`func\\s+(?:\\([^)]+\\)\\s+)?${escapeRegex(funcName)}\\s*\\(([^)]*)\\)`, "m"),
-    new RegExp(`(?:pub\\s+)?fn\\s+${escapeRegex(funcName)}\\s*[<\\(]([^)]*)\\)`, "m"),
-  ]
-
-  for (const pat of patterns) {
-    const m = sourceContent.match(pat)
-    if (m) {
-      return m[1].split(",").map(s => {
-        const trimmed = s.trim()
-        if (!trimmed) return null
-        const parts = trimmed.split(":").map(p => p.split("="))
-        const name = parts[0][0]?.trim().replace(/^[*&]/, "")
-        const type = parts[0][1]?.trim() || inferTypeFromName(name, parts[0][0]?.split("=")[1]?.trim())
-        const defaultValue = parts[0][1]?.includes("=") ? parts[0][0].split("=")[1]?.trim() : (parts[1]?.join("=").trim())
-        return name ? { name, type: type || "any", defaultValue } : null
-      }).filter(Boolean)
-    }
-  }
-  return []
-}
-
-function inferTypeFromName(paramName, defaultValue) {
-  if (!paramName) return "any"
-  const name = paramName.toLowerCase()
-
-  if (defaultValue !== undefined) {
-    if (typeof defaultValue === "string") {
-      if (defaultValue === "true" || defaultValue === "false") return "boolean"
-      if (/^-?\d+(\.\d+)?$/.test(defaultValue)) return "number"
-      if (defaultValue.startsWith("[") || defaultValue.startsWith("{")) return defaultValue.startsWith("[") ? "array" : "object"
-      return "string"
-    }
-  }
-
-  if (/^(is|has|can|should|will|did|enable|disable|visible|active|open|closed)/.test(name)) return "boolean"
-  if (/^(count|index|limit|size|length|max|min|width|height|depth|offset|duration|delay|timeout|interval|rate|threshold|level|score|priority|version|port|year|month|day|hour|minute|second)/.test(name)) return "number"
-  if (/^(name|title|label|text|content|body|message|description|summary|path|url|uri|host|port|file|filename|ext|extension|format|type|kind|mode|state|status|color|theme|lang|language|locale|timezone|currency|unit|prefix|suffix|key|token|secret|password|email|phone|address|id|uuid|slug)/.test(name)) return "string"
-  if (/^(items|list|array|elements|nodes|children|options|params|args|arguments|values|entries|records|rows|columns|fields|properties|attrs|attributes|headers|tags|categories|labels|classes|styles)/.test(name)) return "array"
-  if (/^(obj|config|opts|options|settings|prefs|preferences|context|state|data|info|metadata|meta|props|query|filter|sort|pagination|page|request|response|event|error|result|output|input)/.test(name)) return "object"
-  if (/^(fn|cb|callback|handler|listener|middleware|transform|map|reduce|filter|sort|forEach)/.test(name)) return "function"
-
-  return "any"
-}
-
-function buildTestSkeleton(language, fileName, exports, options = {}) {
-  const { strict = true, quality = true } = options
-  const testName = fileName.replace(/\.[^.]+$/, "")
-
-  const skeletons = {
-    py: () => {
-      const imports = `import unittest\nfrom ${testName} import ${exports.map(e => e.name).join(", ")}\n`
-      const tests = exports.map(exp => {
-        if (exp.type === "class") {
-          return `\nclass Test${exp.name}(unittest.TestCase):\n    def test_init(self):\n        """Test ${exp.name} initialization."""\n        instance = ${exp.name}()\n        self.assertIsNotNone(instance)\n`
-        }
-        const params = inferFunctionParams("", exp.name)
-        const paramStr = params.map(p => p.defaultValue !== undefined ? `${p.name}=${p.defaultValue}` : "None").join(", ") || ""
-        return `\n    def test_${exp.name}_smoke(self):\n        """Smoke test for ${exp.name}."""\n        result = ${exp.name}(${paramStr})\n        ${strict ? "self.assertIsNotNone(result)" : "pass"}\n`
-      }).join("")
-      return `${imports}\n${tests}`
-    },
-
-    js: () => {
-      const imports = `const { ${exports.map(e => e.name).join(", ")} } = require("./${testName}")\n`
-      const tests = exports.map(exp => {
-        const params = inferFunctionParams("", exp.name)
-        const paramStr = params.map(p => p.defaultValue !== undefined ? `${p.name}=${p.defaultValue}` : "undefined").join(", ") || ""
-        return `\ntest("${exp.name} smoke test", () => {\n  const result = ${exp.name}(${paramStr})\n  ${strict ? "expect(result).toBeDefined()" : "// TODO: add assertions"}\n})`
-      }).join("\n")
-      return `${imports}\n${tests}`
-    },
-
-    ts: () => {
-      const imports = `import { ${exports.map(e => e.name).join(", ")} } from "./${testName}"\n`
-      const tests = exports.map(exp => {
-        const params = inferFunctionParams("", exp.name)
-        const paramStr = params.map(p => p.defaultValue !== undefined ? `${p.name}=${p.defaultValue}` : "undefined").join(", ") || ""
-        return `\ntest("${exp.name} smoke test", () => {\n  const result = ${exp.name}(${paramStr})\n  ${strict ? "expect(result).toBeDefined()" : "// TODO: add assertions"}\n})`
-      }).join("\n")
-      return `${imports}\n${tests}`
-    },
-
-    go: () => {
-      const tests = exports.map(exp => {
-        return `\nfunc Test${capitalize(exp.name)}(t *testing.T) {\n\t// TODO: implement test for ${exp.name}\n\tt.Skip("not implemented")\n}`
-      }).join("\n")
-      return `package main\n\nimport "testing"\n${tests}`
-    },
-
-    sh: () => {
-      const tests = exports.map(exp => {
-        return `\ntest_${exp.name}() {\n  # TODO: implement test for ${exp.name}\n  echo "SKIP: test_${exp.name} not implemented"\n}`
-      }).join("\n")
-      return `#!/usr/bin/env bash\nset -euo pipefail\n\nsource "./${testName}.sh"\n${tests}`
-    },
-
-    rs: () => {
-      const tests = exports.map(exp => {
-        return `\n#[test]\nfn test_${exp.name}() {\n    // TODO: implement test for ${exp.name}\n}`
-      }).join("\n")
-      return `#[cfg(test)]\nmod tests {\n    use super::*;\n${tests}\n}`
-    },
-
-    rb: () => {
-      const tests = exports.map(exp => {
-        return `\n  def test_${exp.name}\n    # TODO: implement test for ${exp.name}\n    skip "not implemented"\n  end`
-      }).join("\n")
-      return `require "minitest/autorun"\nrequire_relative "${testName}"\n\nclass Test${capitalize(testName)} < Minitest::Test\n${tests}\nend`
-    },
-
-    java: () => {
-      const tests = exports.map(exp => {
-        return `\n    @Test\n    void test${capitalize(exp.name)}() {\n        // TODO: implement test for ${exp.name}\n    }`
-      }).join("\n")
-      return `import org.junit.jupiter.api.Test;\nimport static org.junit.jupiter.api.Assertions.*;\n\nclass ${capitalize(testName)}Test {\n${tests}\n}`
-    },
-
-    kt: () => {
-      const tests = exports.map(exp => {
-        return `\n    @Test\n    fun test${capitalize(exp.name)}() {\n        // TODO: implement test for ${exp.name}\n    }`
-      }).join("\n")
-      return `import org.junit.jupiter.api.Test\nimport org.junit.jupiter.api.Assertions.*\n\nclass ${capitalize(testName)}Test {\n${tests}\n}`
-    },
-  }
-
-  const generator = skeletons[language] || skeletons.js
-  return generator()
-}
-
-function escapeRegex(str) {
-  return str.replace(/[.*+?^${}()|[\]\\]/g, "\\$&")
-}
-
-function capitalize(str) {
-  return str.charAt(0).toUpperCase() + str.slice(1)
-}
-
-export { extractExports, inferFunctionParams, inferTypeFromName, buildTestSkeleton }

package/lib/tier-routing.js

@@ -1,48 +0,0 @@
-const FALLBACK_HIGH = /opus|gemini-.*-pro|deepseek\/deepseek-v4-pro|gpt-5|(^|\/)o[134]($|-|\/)/i
-const FALLBACK_MID = /deepseek\/deepseek-v4-flash|claude.*sonnet|gemini-.*-flash|gpt-4o(?!-mini)/i
-
-const BASE_EXPLORATORY = new Set([
-  "check", "find", "list", "search", "does", "verify", "look", "count",
-  "show", "get", "read", "grep", "scan", "detect", "inspect"
-])
-
-function classify(model, customRegex = null) {
-  const s = String(model || "").toLowerCase()
-  const highRe = customRegex?.high ? new RegExp(customRegex.high, "i") : FALLBACK_HIGH
-  const midRe = customRegex?.mid ? new RegExp(customRegex.mid, "i") : FALLBACK_MID
-  if (highRe.test(s)) return "high"
-  if (midRe.test(s)) return "mid"
-  return "budget"
-}
-
-function routeModel(prompt, currentTier, trinityCheap, trinityMedium, learnedExploratory = [], stressScore = 0) {
-  const firstWord = prompt.split(/\s+/)[0]?.toLowerCase() || ""
-
-  const exploratory = new Set([...BASE_EXPLORATORY, ...(learnedExploratory || [])])
-  const isExploratory = exploratory.has(firstWord)
-
-  if (isExploratory && trinityCheap) {
-    return { target: trinityCheap, reason: "exploratory_first_word", word: firstWord }
-  }
-
-  if (currentTier === "high" && trinityMedium) {
-    let target = trinityMedium
-
-    if (trinityCheap && stressScore > 0.5) {
-      target = trinityCheap
-      return { target, reason: "stress_aware_downgrade", stress_score: stressScore }
-    }
-
-    return { target, reason: "medium_fallback" }
-  }
-
-  return { target: trinityCheap || null, reason: "default_cheap" }
-}
-
-function isExploratoryPrompt(prompt, learnedExploratory = []) {
-  const firstWord = prompt.split(/\s+/)[0]?.toLowerCase() || ""
-  const exploratory = new Set([...BASE_EXPLORATORY, ...(learnedExploratory || [])])
-  return { is_exploratory: exploratory.has(firstWord), first_word: firstWord }
-}
-
-export { classify, routeModel, isExploratoryPrompt, BASE_EXPLORATORY }

package/middleware/auth.js

@@ -1,75 +0,0 @@
-import crypto from "node:crypto";
-import { getDb } from "../lib/db.js";
-const MASTER_KEY = process.env.VIBEOS_API_MASTER_KEY;
-export function authMiddleware(fastify) {
-    fastify.addHook("onRequest", async (request, reply) => {
-        if (request.url.startsWith("/health") || request.url.startsWith("/favicon")) {
-            return;
-        }
-        if (request.url.startsWith("/admin/")) {
-            const authHeader = request.headers["authorization"];
-            if (!authHeader || !authHeader.startsWith("Bearer ")) {
-                return reply.code(401).send({ error: "unauthorized", message: "Missing or invalid Authorization header" });
-            }
-            const providedKey = authHeader.slice(7);
-            const keyBuffer = Buffer.from(providedKey);
-            const expectedBuffer = Buffer.from(MASTER_KEY);
-            if (keyBuffer.length !== expectedBuffer.length || !crypto.timingSafeEqual(keyBuffer, expectedBuffer)) {
-                return reply.code(403).send({ error: "forbidden", message: "Invalid master key" });
-            }
-            request.adminAuth = true;
-            return;
-        }
-        if (request.url.startsWith("/api/v1/")) {
-            const authHeader = request.headers["authorization"];
-            if (!authHeader || !authHeader.startsWith("Bearer ")) {
-                return reply.code(401).send({ error: "unauthorized", message: "Missing or invalid Authorization header" });
-            }
-            const providedToken = authHeader.slice(7);
-            const db = getDb();
-            const tokenRow = db.prepare(`
-        SELECT t.id, t.token, t.seat_id, t.status, t.expires_at, t.label,
-               s.status as seat_status
-        FROM api_tokens t
-        JOIN seats s ON t.seat_id = s.id
-        WHERE t.token = ?
-      `).get(providedToken);
-            if (!tokenRow) {
-                return reply.code(401).send({ error: "unauthorized", message: "Invalid API token" });
-            }
-            if (tokenRow.status === "revoked") {
-                return reply.code(403).send({
-                    error: "forbidden",
-                    message: "API token has been revoked",
-                    code: "TOKEN_REVOKED"
-                });
-            }
-            if (tokenRow.status === "expired") {
-                return reply.code(403).send({
-                    error: "forbidden",
-                    message: "API token has expired",
-                    code: "TOKEN_EXPIRED"
-                });
-            }
-            if (tokenRow.seat_status !== "active") {
-                return reply.code(403).send({
-                    error: "forbidden",
-                    message: "License seat is not active. Contact support.",
-                    code: "SEAT_INACTIVE"
-                });
-            }
-            if (tokenRow.expires_at && new Date(tokenRow.expires_at) < new Date()) {
-                db.prepare("UPDATE api_tokens SET status = 'expired', revoked_at = datetime('now') WHERE id = ?").run(tokenRow.id);
-                return reply.code(403).send({
-                    error: "forbidden",
-                    message: "API token has expired",
-                    code: "TOKEN_EXPIRED"
-                });
-            }
-            db.prepare("UPDATE api_tokens SET last_used_at = datetime('now') WHERE id = ?").run(tokenRow.id);
-            request.tokenId = tokenRow.id;
-            request.seatId = tokenRow.seat_id;
-            request.tokenLabel = tokenRow.label;
-        }
-    });
-}

package/middleware/auth.ts

@@ -1,87 +0,0 @@
-import crypto from "node:crypto"
-import { getDb } from "../lib/db.js"
-
-const MASTER_KEY = process.env.VIBEOS_API_MASTER_KEY
-
-export function authMiddleware(fastify: any) {
-  fastify.addHook("onRequest", async (request: any, reply: any) => {
-    if (request.url.startsWith("/health") || request.url.startsWith("/favicon")) {
-      return
-    }
-
-    if (request.url.startsWith("/admin/")) {
-      const authHeader = request.headers["authorization"]
-      if (!authHeader || !authHeader.startsWith("Bearer ")) {
-        return reply.code(401).send({ error: "unauthorized", message: "Missing or invalid Authorization header" })
-      }
-      const providedKey = authHeader.slice(7)
-      const keyBuffer = Buffer.from(providedKey)
-      const expectedBuffer = Buffer.from(MASTER_KEY)
-      if (keyBuffer.length !== expectedBuffer.length || !crypto.timingSafeEqual(keyBuffer, expectedBuffer)) {
-        return reply.code(403).send({ error: "forbidden", message: "Invalid master key" })
-      }
-      request.adminAuth = true
-      return
-    }
-
-    if (request.url.startsWith("/api/v1/")) {
-      const authHeader = request.headers["authorization"]
-      if (!authHeader || !authHeader.startsWith("Bearer ")) {
-        return reply.code(401).send({ error: "unauthorized", message: "Missing or invalid Authorization header" })
-      }
-      const providedToken = authHeader.slice(7)
-
-      const db = getDb()
-      const tokenRow = db.prepare(`
-        SELECT t.id, t.token, t.seat_id, t.status, t.expires_at, t.label,
-               s.status as seat_status
-        FROM api_tokens t
-        JOIN seats s ON t.seat_id = s.id
-        WHERE t.token = ?
-      `).get(providedToken)
-
-      if (!tokenRow) {
-        return reply.code(401).send({ error: "unauthorized", message: "Invalid API token" })
-      }
-
-      if (tokenRow.status === "revoked") {
-        return reply.code(403).send({
-          error: "forbidden",
-          message: "API token has been revoked",
-          code: "TOKEN_REVOKED"
-        })
-      }
-
-      if (tokenRow.status === "expired") {
-        return reply.code(403).send({
-          error: "forbidden",
-          message: "API token has expired",
-          code: "TOKEN_EXPIRED"
-        })
-      }
-
-      if (tokenRow.seat_status !== "active") {
-        return reply.code(403).send({
-          error: "forbidden",
-          message: "License seat is not active. Contact support.",
-          code: "SEAT_INACTIVE"
-        })
-      }
-
-      if (tokenRow.expires_at && new Date(tokenRow.expires_at) < new Date()) {
-        db.prepare("UPDATE api_tokens SET status = 'expired', revoked_at = datetime('now') WHERE id = ?").run(tokenRow.id)
-        return reply.code(403).send({
-          error: "forbidden",
-          message: "API token has expired",
-          code: "TOKEN_EXPIRED"
-        })
-      }
-
-      db.prepare("UPDATE api_tokens SET last_used_at = datetime('now') WHERE id = ?").run(tokenRow.id)
-
-      request.tokenId = tokenRow.id
-      request.seatId = tokenRow.seat_id
-      request.tokenLabel = tokenRow.label
-    }
-  })
-}

package/middleware/usage-logging.js

@@ -1,29 +0,0 @@
-import { getDb } from "../lib/db.js";
-export function usageLoggingMiddleware(fastify) {
-    fastify.addHook("onResponse", async (request, reply) => {
-        const urlPath = request.url.split("?")[0];
-        if (!urlPath.startsWith("/api/v1/") && !urlPath.startsWith("/admin/"))
-            return;
-        try {
-            const db = getDb();
-            const duration = request.hrtime ? Math.round(request.hrtime()[1] / 1e6) : 0;
-            const requestBody = request.body ? JSON.stringify(request.body).substring(0, 4096) : null;
-            const responseSize = reply.getHeader("content-length") || 0;
-            if (request.tokenId) {
-                db.prepare([
-                    "INSERT INTO usage_log (token_id, endpoint, request_body, response_size, latency_ms)",
-                    "VALUES (?, ?, ?, ?, ?)"
-                ].join(" ")).run(request.tokenId, urlPath, requestBody, responseSize, duration);
-            }
-            else if (request.adminAuth) {
-                db.prepare([
-                    "INSERT INTO admin_audit_log (method, endpoint, request_body, response_status, response_size, latency_ms)",
-                    "VALUES (?, ?, ?, ?, ?, ?)"
-                ].join(" ")).run(request.method, urlPath, requestBody, reply.statusCode, responseSize, duration);
-            }
-        }
-        catch (err) {
-            console.error("[vibeOS-api] usage logging error: " + err.message);
-        }
-    });
-}

package/middleware/usage-logging.ts

@@ -1,41 +0,0 @@
-import { getDb } from "../lib/db.js"
-
-export function usageLoggingMiddleware(fastify: any) {
-  fastify.addHook("onResponse", async (request: any, reply: any) => {
-    const urlPath = request.url.split("?")[0]
-    if (!urlPath.startsWith("/api/v1/") && !urlPath.startsWith("/admin/")) return
-
-    try {
-      const db = getDb()
-      const duration = request.hrtime ? Math.round(request.hrtime()[1] / 1e6) : 0
-      const requestBody = request.body ? JSON.stringify(request.body).substring(0, 4096) : null
-      const responseSize = reply.getHeader("content-length") || 0
-      if (request.tokenId) {
-        db.prepare([
-          "INSERT INTO usage_log (token_id, endpoint, request_body, response_size, latency_ms)",
-          "VALUES (?, ?, ?, ?, ?)"
-        ].join(" ")).run(
-          request.tokenId,
-          urlPath,
-          requestBody,
-          responseSize,
-          duration
-        )
-      } else if (request.adminAuth) {
-        db.prepare([
-          "INSERT INTO admin_audit_log (method, endpoint, request_body, response_status, response_size, latency_ms)",
-          "VALUES (?, ?, ?, ?, ?, ?)"
-        ].join(" ")).run(
-          request.method,
-          urlPath,
-          requestBody,
-          reply.statusCode,
-          responseSize,
-          duration
-        )
-      }
-    } catch (err: any) {
-      console.error("[vibeOS-api] usage logging error: " + err.message)
-    }
-  })
-}

package/nginx-vibetheog-api.conf

@@ -1,64 +0,0 @@
-limit_req_zone $binary_remote_addr zone=vibeos_api:10m rate=30r/s;
-
-server {
-    listen 80;
-    server_name api.vibetheog.com;
-
-    location /.well-known/acme-challenge/ {
-        root /var/www/certbot;
-    }
-
-
-    # Reject requests with spoofed or missing Host header (SMG3 fix)
-    if ($host !~* ^(api\.vibetheog\.com|localhost|127\.0\.0\.1)$) {
-        return 444;
-    }
-
-    location / {
-        return 301 https://$host$request_uri;
-    }
-}
-
-server {
-    listen 443 ssl http2;
-    server_name api.vibetheog.com;
-
-    ssl_certificate /etc/letsencrypt/live/vibetheog.com/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/vibetheog.com/privkey.pem;
-
-    client_max_body_size 10M;
-
-    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Frame-Options "DENY" always;
-    add_header X-XSS-Protection "1; mode=block" always;
-
-    limit_req zone=vibeos_api burst=50 nodelay;
-
-
-    # Reject requests with spoofed or missing Host header (SMG3 fix)
-    if ($host !~* ^(api\.vibetheog\.com|localhost|127\.0\.0\.1)$) {
-        return 444;
-    }
-
-    location / {
-        proxy_pass http://127.0.0.1:3000;
-        proxy_http_version 1.1;
-        proxy_set_header Upgrade $http_upgrade;
-        proxy_set_header Connection 'upgrade';
-        proxy_set_header Host $host;
-        proxy_set_header X-Real-IP $remote_addr;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Proto $scheme;
-        proxy_cache_bypass $http_upgrade;
-        proxy_read_timeout 30s;
-    }
-
-    location /health {
-        limit_req zone=vibeos_api burst=20 nodelay;
-        proxy_pass http://127.0.0.1:3000/health;
-        proxy_http_version 1.1;
-        proxy_set_header Host $host;
-        proxy_read_timeout 10s;
-    }
-}

package/routes/admin.js

@@ -1,93 +0,0 @@
-import { getDb } from "../lib/db.js";
-import { randomBytes } from "node:crypto";
-function generateToken() {
-    return "vos_" + randomBytes(32).toString("hex");
-}
-export async function adminRoutes(fastify) {
-    fastify.post("/admin/seats", async (request, reply) => {
-        const { name, email } = request.body || {};
-        if (!name) {
-            return reply.code(400).send({ error: "name is required" });
-        }
-        const db = getDb();
-        const result = db.prepare("INSERT INTO seats (name, email) VALUES (?, ?)").run(name, email || null);
-        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(result.lastInsertRowid);
-        return { ok: true, seat };
-    });
-    fastify.get("/admin/seats", async (request, reply) => {
-        const db = getDb();
-        const seats = db.prepare("SELECT * FROM seats ORDER BY created_at DESC").all();
-        return { seats, count: seats.length };
-    });
-    fastify.patch("/admin/seats/:id", async (request, reply) => {
-        const { id } = request.params;
-        const { status } = request.body || {};
-        if (!status || !["active", "suspended", "cancelled"].includes(status)) {
-            return reply.code(400).send({ error: "valid status is required (active, suspended, cancelled)" });
-        }
-        const db = getDb();
-        const result = db.prepare("UPDATE seats SET status = ?, updated_at = datetime('now') WHERE id = ?").run(status, id);
-        if (result.changes === 0) {
-            return reply.code(404).send({ error: "seat not found" });
-        }
-        if (status !== "active") {
-            db.prepare("UPDATE api_tokens SET status = 'revoked', revoked_at = datetime('now') WHERE seat_id = ? AND status = 'active'").run(id);
-        }
-        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(id);
-        return { ok: true, seat };
-    });
-    fastify.post("/admin/tokens", async (request, reply) => {
-        const { seat_id, label, expires_at } = request.body || {};
-        if (!seat_id) {
-            return reply.code(400).send({ error: "seat_id is required" });
-        }
-        const db = getDb();
-        const seat = db.prepare("SELECT * FROM seats WHERE id = ?").get(seat_id);
-        if (!seat) {
-            return reply.code(404).send({ error: "seat not found" });
-        }
-        const token = generateToken();
-        const result = db.prepare("INSERT INTO api_tokens (token, seat_id, label, expires_at) VALUES (?, ?, ?, ?)").run(token, seat_id, label || null, expires_at || null);
-        const tokenRow = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(result.lastInsertRowid);
-        return { ok: true, token: tokenRow };
-    });
-    fastify.get("/admin/tokens", async (request, reply) => {
-        const db = getDb();
-        const tokens = db.prepare(`
-      SELECT t.*, s.name as seat_name, s.email as seat_email, s.status as seat_status
-      FROM api_tokens t
-      JOIN seats s ON t.seat_id = s.id
-      ORDER BY t.created_at DESC
-    `).all();
-        return { tokens, count: tokens.length };
-    });
-    fastify.patch("/admin/tokens/:id", async (request, reply) => {
-        const { id } = request.params;
-        const { status } = request.body || {};
-        if (!status || !["active", "revoked", "expired"].includes(status)) {
-            return reply.code(400).send({ error: "valid status is required (active, revoked, expired)" });
-        }
-        const db = getDb();
-        const update = status === "revoked"
-            ? "UPDATE api_tokens SET status = ?, revoked_at = datetime('now') WHERE id = ?"
-            : "UPDATE api_tokens SET status = ? WHERE id = ?";
-        const result = db.prepare(update).run(status, id);
-        if (result.changes === 0) {
-            return reply.code(404).send({ error: "token not found" });
-        }
-        const token = db.prepare("SELECT * FROM api_tokens WHERE id = ?").get(id);
-        return { ok: true, token };
-    });
-    fastify.get("/admin/usage", async (request, reply) => {
-        const { days: daysRaw } = request.query || {};
-        const days = Number(daysRaw);
-        if (daysRaw !== undefined && (isNaN(days) || !Number.isFinite(days) || !Number.isInteger(days) || days < 1 || days > 365)) {
-            return reply.code(400).send({ error: "days must be a positive integer between 1 and 365" });
-        }
-        const effectiveDays = days || 30;
-        const db = getDb();
-        const sql = "SELECT t.token, t.label, s.name as seat_name, COUNT(*) as request_count, AVG(l.latency_ms) as avg_latency_ms, MIN(l.created_at) as first_used, MAX(l.created_at) as last_used FROM usage_log l JOIN api_tokens t ON l.token_id = t.id JOIN seats s ON t.seat_id = s.id WHERE l.created_at >= datetime('now', ?) GROUP BY t.id ORDER BY request_count DESC";
-        const usage = db.prepare(sql).all("-" + effectiveDays + " days");
-        return { usage, count: usage.length, days: effectiveDays };
-    });
-}