npm - voidforge-build - Versions diffs - 23.9.1 - Mend

voidforge-build 23.9.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (772) hide show

package/dist/.claude/agents/adolin-brand.md +40 -0
package/dist/.claude/agents/ahsoka-access-control.md +56 -0
package/dist/.claude/agents/alfred-dependencies.md +43 -0
package/dist/.claude/agents/alia-threat-detect.md +40 -0
package/dist/.claude/agents/anakin-dark-side.md +41 -0
package/dist/.claude/agents/aquaman-deep-dive.md +43 -0
package/dist/.claude/agents/aragorn-orchestration.md +39 -0
package/dist/.claude/agents/archer-greenfield.md +48 -0
package/dist/.claude/agents/armin-clever.md +39 -0
package/dist/.claude/agents/arwen-ui-polish.md +42 -0
package/dist/.claude/agents/ashitaka-tech-debt.md +39 -0
package/dist/.claude/agents/asuka-performance.md +39 -0
package/dist/.claude/agents/bail-organa-governance.md +37 -0
package/dist/.claude/agents/banner-database.md +44 -0
package/dist/.claude/agents/barton-smoke-test.md +59 -0
package/dist/.claude/agents/bashir-field-medic.md +63 -0
package/dist/.claude/agents/batgirl-detail.md +43 -0
package/dist/.claude/agents/batman-qa.md +73 -0
package/dist/.claude/agents/bayta-evals.md +41 -0
package/dist/.claude/agents/beast-boy-cross-env.md +43 -0
package/dist/.claude/agents/beerus-destroyer.md +39 -0
package/dist/.claude/agents/bel-riose-orchestration.md +40 -0
package/dist/.claude/agents/beru-subprocess.md +37 -0
package/dist/.claude/agents/bilbo-microcopy.md +43 -0
package/dist/.claude/agents/black-canary-monitoring.md +43 -0
package/dist/.claude/agents/bliss-ai-safety.md +40 -0
package/dist/.claude/agents/bo-katan-perimeter.md +40 -0
package/dist/.claude/agents/bombadil-forge-sync.md +62 -0
package/dist/.claude/agents/boromir-hubris.md +40 -0
package/dist/.claude/agents/breeze-platform-relations.md +40 -0
package/dist/.claude/agents/bucky-legacy.md +43 -0
package/dist/.claude/agents/bulma-engineering.md +40 -0
package/dist/.claude/agents/calcifer-daemon.md +39 -0
package/dist/.claude/agents/cara-dune-enforcement.md +37 -0
package/dist/.claude/agents/cassian-recon.md +37 -0
package/dist/.claude/agents/cc-persistent-process.md +39 -0
package/dist/.claude/agents/celeborn-design-system.md +40 -0
package/dist/.claude/agents/celebrimbor-forge-artist.md +62 -0
package/dist/.claude/agents/chakotay-bridge.md +47 -0
package/dist/.claude/agents/chani-worm-rider.md +61 -0
package/dist/.claude/agents/chewie-dependency-audit.md +41 -0
package/dist/.claude/agents/chrome-discovery.md +37 -0
package/dist/.claude/agents/constantine-cursed-code.md +59 -0
package/dist/.claude/agents/coulson-release.md +64 -0
package/dist/.claude/agents/crusher-diagnostics.md +48 -0
package/dist/.claude/agents/cyborg-system-integration.md +43 -0
package/dist/.claude/agents/dalinar-positioning.md +40 -0
package/dist/.claude/agents/daneel-model-migration.md +40 -0
package/dist/.claude/agents/data-tech-debt.md +48 -0
package/dist/.claude/agents/dax-legacy-wisdom.md +48 -0
package/dist/.claude/agents/deathstroke-adversarial.md +59 -0
package/dist/.claude/agents/denji-determination.md +39 -0
package/dist/.claude/agents/din-djarin-bounty.md +42 -0
package/dist/.claude/agents/dockson-treasury.md +67 -0
package/dist/.claude/agents/dori-integration-check.md +37 -0
package/dist/.claude/agents/dors-observability.md +40 -0
package/dist/.claude/agents/drax-exact-match.md +42 -0
package/dist/.claude/agents/ducem-token-economics.md +41 -0
package/dist/.claude/agents/duncan-relay.md +40 -0
package/dist/.claude/agents/duo-teardown.md +38 -0
package/dist/.claude/agents/ed-network-scan.md +38 -0
package/dist/.claude/agents/elrond-ux-strategy.md +39 -0
package/dist/.claude/agents/eowyn-delight.md +56 -0
package/dist/.claude/agents/erwin-strategy.md +39 -0
package/dist/.claude/agents/ezra-catches-missed.md +40 -0
package/dist/.claude/agents/ezri-session-analyst.md +45 -0
package/dist/.claude/agents/falcon-migration.md +43 -0
package/dist/.claude/agents/faramir-judgment.md +40 -0
package/dist/.claude/agents/faye-resourceful.md +39 -0
package/dist/.claude/agents/fenring-passive-monitor.md +37 -0
package/dist/.claude/agents/fern-protocol.md +37 -0
package/dist/.claude/agents/feyd-adversarial.md +41 -0
package/dist/.claude/agents/flash-rapid-test.md +43 -0
package/dist/.claude/agents/friday-automation.md +42 -0
package/dist/.claude/agents/frieren-long-term.md +39 -0
package/dist/.claude/agents/frodo-critical-path.md +40 -0
package/dist/.claude/agents/fury-initiative.md +65 -0
package/dist/.claude/agents/gaal-prompt-arch.md +41 -0
package/dist/.claude/agents/galadriel-frontend.md +69 -0
package/dist/.claude/agents/gamora-perf-assassin.md +43 -0
package/dist/.claude/agents/gandalf-setup-wizard.md +63 -0
package/dist/.claude/agents/gen-docs.md +37 -0
package/dist/.claude/agents/ghanima-paired-monitor.md +37 -0
package/dist/.claude/agents/gimli-performance.md +41 -0
package/dist/.claude/agents/giyu-silent-guard.md +39 -0
package/dist/.claude/agents/glorfindel-rendering.md +40 -0
package/dist/.claude/agents/gohan-hidden-power.md +39 -0
package/dist/.claude/agents/gojo-infinite-scale.md +39 -0
package/dist/.claude/agents/goku-scaling.md +39 -0
package/dist/.claude/agents/goldberry-change-detect.md +37 -0
package/dist/.claude/agents/gordon-escalation.md +42 -0
package/dist/.claude/agents/green-arrow-precision.md +43 -0
package/dist/.claude/agents/green-lantern-scenarios.md +43 -0
package/dist/.claude/agents/grogu-tiny-vulns.md +38 -0
package/dist/.claude/agents/groot-caching.md +43 -0
package/dist/.claude/agents/gurney-delivery.md +40 -0
package/dist/.claude/agents/haku-deploy-wizard.md +65 -0
package/dist/.claude/agents/haldir-boundaries.md +40 -0
package/dist/.claude/agents/han-vuln-hunter.md +40 -0
package/dist/.claude/agents/hange-experimentation.md +39 -0
package/dist/.claude/agents/harah-protocol.md +38 -0
package/dist/.claude/agents/hawkgirl-regression-sweep.md +43 -0
package/dist/.claude/agents/heero-mission-deploy.md +39 -0
package/dist/.claude/agents/hera-navigation.md +41 -0
package/dist/.claude/agents/hill-mission-control.md +43 -0
package/dist/.claude/agents/himmel-legacy.md +37 -0
package/dist/.claude/agents/hober-tool-schema.md +40 -0
package/dist/.claude/agents/hoid-copywriting.md +40 -0
package/dist/.claude/agents/howl-migration.md +39 -0
package/dist/.claude/agents/hughes-observability.md +37 -0
package/dist/.claude/agents/huntress-flaky-bugs.md +42 -0
package/dist/.claude/agents/irulan-historian.md +37 -0
package/dist/.claude/agents/jake-reporter.md +45 -0
package/dist/.claude/agents/janeway-novel-arch.md +48 -0
package/dist/.claude/agents/janov-context-eng.md +40 -0
package/dist/.claude/agents/jarvis-status.md +42 -0
package/dist/.claude/agents/jean-pragmatic.md +39 -0
package/dist/.claude/agents/jessica-voice.md +40 -0
package/dist/.claude/agents/jet-maintenance.md +39 -0
package/dist/.claude/agents/jin-disciplined-adv.md +39 -0
package/dist/.claude/agents/kaji-intelligence.md +39 -0
package/dist/.claude/agents/kaladin-organic-growth.md +40 -0
package/dist/.claude/agents/kallen-hard-deploy.md +39 -0
package/dist/.claude/agents/kanan-intuitive.md +41 -0
package/dist/.claude/agents/kaoru-harmony.md +37 -0
package/dist/.claude/agents/kaworu-solver.md +39 -0
package/dist/.claude/agents/kelsier-growth.md +64 -0
package/dist/.claude/agents/kenobi-security.md +70 -0
package/dist/.claude/agents/kim-api-design.md +49 -0
package/dist/.claude/agents/kira-pragmatic.md +48 -0
package/dist/.claude/agents/kishibe-hardening.md +39 -0
package/dist/.claude/agents/kohaku-rapid-response.md +36 -0
package/dist/.claude/agents/krillin-support.md +36 -0
package/dist/.claude/agents/kusanagi-devops.md +70 -0
package/dist/.claude/agents/la-forge-reliability.md +63 -0
package/dist/.claude/agents/lang-micro-changes.md +43 -0
package/dist/.claude/agents/legolas-precision.md +42 -0
package/dist/.claude/agents/leia-secrets.md +41 -0
package/dist/.claude/agents/lelouch-orchestration.md +39 -0
package/dist/.claude/agents/leto-ii-persistence.md +40 -0
package/dist/.claude/agents/leto-protection.md +40 -0
package/dist/.claude/agents/levi-deploy.md +40 -0
package/dist/.claude/agents/liet-kynes-deep-system.md +40 -0
package/dist/.claude/agents/lift-social-media.md +40 -0
package/dist/.claude/agents/loki-chaos.md +58 -0
package/dist/.claude/agents/lucius-config.md +43 -0
package/dist/.claude/agents/luke-audit-journey.md +41 -0
package/dist/.claude/agents/manhunter-shapeshifting.md +43 -0
package/dist/.claude/agents/marsh-competitive-intel.md +41 -0
package/dist/.claude/agents/maul-red-team.md +57 -0
package/dist/.claude/agents/merry-pair-review.md +40 -0
package/dist/.claude/agents/mikasa-protection.md +39 -0
package/dist/.claude/agents/miles-teg-perf.md +40 -0
package/dist/.claude/agents/milim-load-test.md +39 -0
package/dist/.claude/agents/misato-operations.md +39 -0
package/dist/.claude/agents/mob-capacity.md +39 -0
package/dist/.claude/agents/mohiam-authentication.md +40 -0
package/dist/.claude/agents/mon-mothma-security-mgmt.md +41 -0
package/dist/.claude/agents/mugen-chaos.md +39 -0
package/dist/.claude/agents/mule-adversarial-ai.md +41 -0
package/dist/.claude/agents/mustang-cleanup.md +39 -0
package/dist/.claude/agents/nanami-structured-ops.md +39 -0
package/dist/.claude/agents/nausicaa-resources.md +39 -0
package/dist/.claude/agents/navani-technical-seo.md +40 -0
package/dist/.claude/agents/nebula-optimization.md +43 -0
package/dist/.claude/agents/nightwing-regression.md +59 -0
package/dist/.claude/agents/nobara-direct-fix.md +39 -0
package/dist/.claude/agents/nog-solutions.md +48 -0
package/dist/.claude/agents/nori-asset-scanner.md +37 -0
package/dist/.claude/agents/obrien-root-cause.md +48 -0
package/dist/.claude/agents/odo-structural-anomaly.md +48 -0
package/dist/.claude/agents/okoye-data-integrity.md +43 -0
package/dist/.claude/agents/olivier-hardening.md +39 -0
package/dist/.claude/agents/oracle-static-analysis.md +59 -0
package/dist/.claude/agents/ori-prompt-crafter.md +37 -0
package/dist/.claude/agents/padme-data-protection.md +42 -0
package/dist/.claude/agents/paris-route-planner.md +47 -0
package/dist/.claude/agents/parker-connections.md +43 -0
package/dist/.claude/agents/paul-orchestration.md +40 -0
package/dist/.claude/agents/picard-architecture.md +64 -0
package/dist/.claude/agents/piccolo-tactics.md +39 -0
package/dist/.claude/agents/pike-bold-decisions.md +48 -0
package/dist/.claude/agents/pippin-discovery.md +40 -0
package/dist/.claude/agents/plo-koon-edge-cases.md +37 -0
package/dist/.claude/agents/power-chaotic.md +39 -0
package/dist/.claude/agents/qui-gon-subtle-vulns.md +40 -0
package/dist/.claude/agents/radagast-edge-cases.md +41 -0
package/dist/.claude/agents/raoden-conversion.md +41 -0
package/dist/.claude/agents/raven-deep-analysis.md +43 -0
package/dist/.claude/agents/red-hood-aggressive.md +47 -0
package/dist/.claude/agents/rei-dangerous-tasks.md +39 -0
package/dist/.claude/agents/reigen-debugger.md +39 -0
package/dist/.claude/agents/rengoku-intense-monitor.md +39 -0
package/dist/.claude/agents/rex-infrastructure.md +41 -0
package/dist/.claude/agents/rhodes-production.md +43 -0
package/dist/.claude/agents/riker-review.md +62 -0
package/dist/.claude/agents/rimuru-adapter.md +39 -0
package/dist/.claude/agents/riza-backup.md +39 -0
package/dist/.claude/agents/robin-apprentice.md +42 -0
package/dist/.claude/agents/rocket-scrappy.md +43 -0
package/dist/.claude/agents/rogers-api-design.md +43 -0
package/dist/.claude/agents/romanoff-integrations.md +44 -0
package/dist/.claude/agents/sabine-unconventional.md +40 -0
package/dist/.claude/agents/salvor-model-selection.md +42 -0
package/dist/.claude/agents/samwise-accessibility.md +43 -0
package/dist/.claude/agents/sarene-outreach.md +40 -0
package/dist/.claude/agents/sasha-resources.md +37 -0
package/dist/.claude/agents/scotty-infrastructure.md +48 -0
package/dist/.claude/agents/seldon-ai.md +67 -0
package/dist/.claude/agents/senku-provisioning.md +40 -0
package/dist/.claude/agents/sentaro-scheduling.md +37 -0
package/dist/.claude/agents/seven-optimization.md +48 -0
package/dist/.claude/agents/shallan-creative.md +40 -0
package/dist/.claude/agents/sheeana-transport.md +40 -0
package/dist/.claude/agents/shuri-innovation.md +43 -0
package/dist/.claude/agents/silver-surfer-herald.md +90 -0
package/dist/.claude/agents/siona-evasion.md +41 -0
package/dist/.claude/agents/sisko-campaign.md +68 -0
package/dist/.claude/agents/spike-routing.md +40 -0
package/dist/.claude/agents/spock-schema.md +62 -0
package/dist/.claude/agents/starfire-brute-force.md +43 -0
package/dist/.claude/agents/stark-backend.md +71 -0
package/dist/.claude/agents/steris-budget.md +41 -0
package/dist/.claude/agents/stilgar-channel-security.md +40 -0
package/dist/.claude/agents/strange-service-arch.md +44 -0
package/dist/.claude/agents/sung-workers.md +39 -0
package/dist/.claude/agents/superman-strength-test.md +43 -0
package/dist/.claude/agents/suzaku-execution.md +39 -0
package/dist/.claude/agents/szeth-compliance.md +40 -0
package/dist/.claude/agents/tanjiro-persistent.md +39 -0
package/dist/.claude/agents/tchalla-quality.md +43 -0
package/dist/.claude/agents/thanos-gauntlet.md +68 -0
package/dist/.claude/agents/theoden-rally.md +40 -0
package/dist/.claude/agents/thor-queues.md +44 -0
package/dist/.claude/agents/thufir-protocol-parsing.md +40 -0
package/dist/.claude/agents/todo-brute-force.md +39 -0
package/dist/.claude/agents/torres-site-scanner.md +47 -0
package/dist/.claude/agents/totoro-guardian.md +39 -0
package/dist/.claude/agents/tpol-disciplined.md +48 -0
package/dist/.claude/agents/treebeard-deliberation.md +41 -0
package/dist/.claude/agents/troi-prd-compliance.md +64 -0
package/dist/.claude/agents/trunks-rollback.md +39 -0
package/dist/.claude/agents/tuvok-deep-current.md +63 -0
package/dist/.claude/agents/uhura-integration.md +47 -0
package/dist/.claude/agents/valkyrie-recovery.md +43 -0
package/dist/.claude/agents/vegeta-monitoring.md +39 -0
package/dist/.claude/agents/veldora-dormant.md +37 -0
package/dist/.claude/agents/vin-analytics.md +41 -0
package/dist/.claude/agents/vision-data-analysis.md +43 -0
package/dist/.claude/agents/wanda-seldon-validation.md +38 -0
package/dist/.claude/agents/wanda-state.md +43 -0
package/dist/.claude/agents/wax-paid-ads.md +40 -0
package/dist/.claude/agents/wayne-ab-testing.md +40 -0
package/dist/.claude/agents/whis-precision.md +39 -0
package/dist/.claude/agents/windu-input-validation.md +41 -0
package/dist/.claude/agents/winry-maintenance.md +39 -0
package/dist/.claude/agents/wonder-woman-truth.md +43 -0
package/dist/.claude/agents/wong-documentation.md +58 -0
package/dist/.claude/agents/worf-security-arch.md +49 -0
package/dist/.claude/agents/yoda-auth.md +57 -0
package/dist/.claude/agents/yueh-trust-verify.md +40 -0
package/dist/.claude/agents/zatanna-impossible.md +43 -0
package/dist/.claude/agents/zechs-rival.md +39 -0
package/dist/.claude/agents/zenitsu-alerts.md +37 -0
package/dist/.claude/commands/ai.md +84 -0
package/dist/.claude/commands/architect.md +107 -0
package/dist/.claude/commands/assemble.md +223 -0
package/dist/.claude/commands/assess.md +86 -0
package/dist/.claude/commands/blueprint.md +135 -0
package/dist/.claude/commands/build.md +138 -0
package/dist/.claude/commands/campaign.md +224 -0
package/dist/.claude/commands/cultivation.md +184 -0
package/dist/.claude/commands/current.md +128 -0
package/dist/.claude/commands/dangerroom.md +74 -0
package/dist/.claude/commands/debrief.md +180 -0
package/dist/.claude/commands/deploy.md +108 -0
package/dist/.claude/commands/devops.md +160 -0
package/dist/.claude/commands/engage.md +135 -0
package/dist/.claude/commands/gauntlet.md +179 -0
package/dist/.claude/commands/git.md +104 -0
package/dist/.claude/commands/grow.md +160 -0
package/dist/.claude/commands/imagine.md +126 -0
package/dist/.claude/commands/portfolio.md +51 -0
package/dist/.claude/commands/prd.md +113 -0
package/dist/.claude/commands/qa.md +130 -0
package/dist/.claude/commands/review.md +9 -0
package/dist/.claude/commands/security.md +9 -0
package/dist/.claude/commands/sentinel.md +90 -0
package/dist/.claude/commands/test.md +114 -0
package/dist/.claude/commands/thumper.md +116 -0
package/dist/.claude/commands/treasury.md +117 -0
package/dist/.claude/commands/ux.md +132 -0
package/dist/.claude/commands/vault.md +198 -0
package/dist/.claude/commands/void.md +148 -0
package/dist/CHANGELOG.md +2621 -0
package/dist/CLAUDE.md +292 -0
package/dist/HOLOCRON.md +859 -0
package/dist/VERSION.md +149 -0
package/dist/docs/NAMING_REGISTRY.md +479 -0
package/dist/docs/methods/AI_INTELLIGENCE.md +276 -0
package/dist/docs/methods/ASSEMBLER.md +142 -0
package/dist/docs/methods/BACKEND_ENGINEER.md +165 -0
package/dist/docs/methods/BUILD_JOURNAL.md +214 -0
package/dist/docs/methods/BUILD_PROTOCOL.md +436 -0
package/dist/docs/methods/CAMPAIGN.md +569 -0
package/dist/docs/methods/CONTEXT_MANAGEMENT.md +189 -0
package/dist/docs/methods/DEEP_CURRENT.md +184 -0
package/dist/docs/methods/DEVOPS_ENGINEER.md +297 -0
package/dist/docs/methods/FIELD_MEDIC.md +265 -0
package/dist/docs/methods/FORGE_ARTIST.md +108 -0
package/dist/docs/methods/FORGE_KEEPER.md +270 -0
package/dist/docs/methods/GAUNTLET.md +364 -0
package/dist/docs/methods/GROWTH_STRATEGIST.md +466 -0
package/dist/docs/methods/HEARTBEAT.md +168 -0
package/dist/docs/methods/MCP_INTEGRATION.md +139 -0
package/dist/docs/methods/MUSTER.md +152 -0
package/dist/docs/methods/PRD_GENERATOR.md +186 -0
package/dist/docs/methods/PRODUCT_DESIGN_FRONTEND.md +252 -0
package/dist/docs/methods/QA_ENGINEER.md +360 -0
package/dist/docs/methods/RELEASE_MANAGER.md +145 -0
package/dist/docs/methods/SECURITY_AUDITOR.md +328 -0
package/dist/docs/methods/SUB_AGENTS.md +375 -0
package/dist/docs/methods/SYSTEMS_ARCHITECT.md +180 -0
package/dist/docs/methods/TESTING.md +359 -0
package/dist/docs/methods/THUMPER.md +175 -0
package/dist/docs/methods/TIME_VAULT.md +120 -0
package/dist/docs/methods/TREASURY.md +184 -0
package/dist/docs/methods/TROUBLESHOOTING.md +265 -0
package/dist/docs/patterns/README.md +52 -0
package/dist/docs/patterns/ad-billing-adapter.ts +537 -0
package/dist/docs/patterns/ad-platform-adapter.ts +421 -0
package/dist/docs/patterns/ai-classifier.ts +195 -0
package/dist/docs/patterns/ai-eval.ts +272 -0
package/dist/docs/patterns/ai-orchestrator.ts +341 -0
package/dist/docs/patterns/ai-router.ts +194 -0
package/dist/docs/patterns/ai-tool-schema.ts +237 -0
package/dist/docs/patterns/api-route.ts +241 -0
package/dist/docs/patterns/backtest-engine.ts +499 -0
package/dist/docs/patterns/browser-review.ts +292 -0
package/dist/docs/patterns/combobox.tsx +300 -0
package/dist/docs/patterns/component.tsx +262 -0
package/dist/docs/patterns/daemon-process.ts +338 -0
package/dist/docs/patterns/data-pipeline.ts +297 -0
package/dist/docs/patterns/database-migration.ts +466 -0
package/dist/docs/patterns/e2e-test.ts +629 -0
package/dist/docs/patterns/error-handling.ts +312 -0
package/dist/docs/patterns/execution-safety.ts +601 -0
package/dist/docs/patterns/financial-transaction.ts +366 -0
package/dist/docs/patterns/funding-plan.ts +462 -0
package/dist/docs/patterns/game-entity.ts +137 -0
package/dist/docs/patterns/game-loop.ts +113 -0
package/dist/docs/patterns/game-state.ts +143 -0
package/dist/docs/patterns/job-queue.ts +225 -0
package/dist/docs/patterns/kongo-integration.ts +164 -0
package/dist/docs/patterns/middleware.ts +363 -0
package/dist/docs/patterns/mobile-screen.tsx +139 -0
package/dist/docs/patterns/mobile-service.ts +167 -0
package/dist/docs/patterns/multi-tenant.ts +382 -0
package/dist/docs/patterns/oauth-token-lifecycle.ts +223 -0
package/dist/docs/patterns/outbound-rate-limiter.ts +260 -0
package/dist/docs/patterns/prompt-template.ts +195 -0
package/dist/docs/patterns/revenue-source-adapter.ts +311 -0
package/dist/docs/patterns/service.ts +224 -0
package/dist/docs/patterns/sse-endpoint.ts +118 -0
package/dist/docs/patterns/stablecoin-adapter.ts +511 -0
package/dist/docs/patterns/third-party-script.ts +68 -0
package/dist/scripts/thumper/gom-jabbar.sh +241 -0
package/dist/scripts/thumper/relay.sh +610 -0
package/dist/scripts/thumper/scan.sh +359 -0
package/dist/scripts/thumper/thumper.sh +190 -0
package/dist/scripts/thumper/water-rings.sh +76 -0
package/dist/scripts/vault-read.d.ts +11 -0
package/dist/scripts/vault-read.js +89 -0
package/dist/scripts/voidforge.d.ts +21 -0
package/dist/scripts/voidforge.js +614 -0
package/dist/wizard/api/auth.d.ts +5 -0
package/dist/wizard/api/auth.js +139 -0
package/dist/wizard/api/blueprint.d.ts +34 -0
package/dist/wizard/api/blueprint.js +161 -0
package/dist/wizard/api/cloud-providers.d.ts +16 -0
package/dist/wizard/api/cloud-providers.js +363 -0
package/dist/wizard/api/credentials.d.ts +1 -0
package/dist/wizard/api/credentials.js +265 -0
package/dist/wizard/api/danger-room.d.ts +24 -0
package/dist/wizard/api/danger-room.js +274 -0
package/dist/wizard/api/deploy.d.ts +4 -0
package/dist/wizard/api/deploy.js +164 -0
package/dist/wizard/api/prd.d.ts +1 -0
package/dist/wizard/api/prd.js +363 -0
package/dist/wizard/api/project.d.ts +1 -0
package/dist/wizard/api/project.js +241 -0
package/dist/wizard/api/projects-data.d.ts +5 -0
package/dist/wizard/api/projects-data.js +234 -0
package/dist/wizard/api/projects-list.d.ts +5 -0
package/dist/wizard/api/projects-list.js +227 -0
package/dist/wizard/api/projects.d.ts +7 -0
package/dist/wizard/api/projects.js +273 -0
package/dist/wizard/api/provision-status.d.ts +5 -0
package/dist/wizard/api/provision-status.js +47 -0
package/dist/wizard/api/provision-steps.d.ts +21 -0
package/dist/wizard/api/provision-steps.js +44 -0
package/dist/wizard/api/provision-validate.d.ts +22 -0
package/dist/wizard/api/provision-validate.js +164 -0
package/dist/wizard/api/provision.d.ts +2 -0
package/dist/wizard/api/provision.js +239 -0
package/dist/wizard/api/terminal.d.ts +25 -0
package/dist/wizard/api/terminal.js +246 -0
package/dist/wizard/api/users.d.ts +6 -0
package/dist/wizard/api/users.js +244 -0
package/dist/wizard/api/war-room.d.ts +16 -0
package/dist/wizard/api/war-room.js +70 -0
package/dist/wizard/danger-room.config.json +5 -0
package/dist/wizard/lib/ad-platform-core.d.ts +6 -0
package/dist/wizard/lib/ad-platform-core.js +1 -0
package/dist/wizard/lib/adapters/index.d.ts +52 -0
package/dist/wizard/lib/adapters/index.js +38 -0
package/dist/wizard/lib/adapters/sandbox-bank.d.ts +17 -0
package/dist/wizard/lib/adapters/sandbox-bank.js +77 -0
package/dist/wizard/lib/adapters/sandbox.d.ts +39 -0
package/dist/wizard/lib/adapters/sandbox.js +174 -0
package/dist/wizard/lib/adapters/stripe.d.ts +19 -0
package/dist/wizard/lib/adapters/stripe.js +143 -0
package/dist/wizard/lib/adapters/types.d.ts +9 -0
package/dist/wizard/lib/adapters/types.js +10 -0
package/dist/wizard/lib/agent-memory.d.ts +36 -0
package/dist/wizard/lib/agent-memory.js +114 -0
package/dist/wizard/lib/agent-registry.d.ts +21 -0
package/dist/wizard/lib/agent-registry.js +105 -0
package/dist/wizard/lib/anomaly-detection.d.ts +59 -0
package/dist/wizard/lib/anomaly-detection.js +122 -0
package/dist/wizard/lib/anthropic.d.ts +21 -0
package/dist/wizard/lib/anthropic.js +105 -0
package/dist/wizard/lib/asset-scanner.d.ts +23 -0
package/dist/wizard/lib/asset-scanner.js +107 -0
package/dist/wizard/lib/audit-log.d.ts +23 -0
package/dist/wizard/lib/audit-log.js +70 -0
package/dist/wizard/lib/autonomy-controller.d.ts +76 -0
package/dist/wizard/lib/autonomy-controller.js +184 -0
package/dist/wizard/lib/body-parser.d.ts +2 -0
package/dist/wizard/lib/body-parser.js +36 -0
package/dist/wizard/lib/build-analytics.d.ts +39 -0
package/dist/wizard/lib/build-analytics.js +91 -0
package/dist/wizard/lib/build-step.d.ts +21 -0
package/dist/wizard/lib/build-step.js +104 -0
package/dist/wizard/lib/campaign-proposer.d.ts +39 -0
package/dist/wizard/lib/campaign-proposer.js +181 -0
package/dist/wizard/lib/campaign-state-machine.d.ts +63 -0
package/dist/wizard/lib/campaign-state-machine.js +114 -0
package/dist/wizard/lib/ci-generator.d.ts +14 -0
package/dist/wizard/lib/ci-generator.js +187 -0
package/dist/wizard/lib/claude-merge.d.ts +38 -0
package/dist/wizard/lib/claude-merge.js +115 -0
package/dist/wizard/lib/codegen/erd-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/erd-gen.js +98 -0
package/dist/wizard/lib/codegen/integrations.d.ts +18 -0
package/dist/wizard/lib/codegen/integrations.js +189 -0
package/dist/wizard/lib/codegen/openapi-gen.d.ts +15 -0
package/dist/wizard/lib/codegen/openapi-gen.js +79 -0
package/dist/wizard/lib/codegen/prisma-types.d.ts +15 -0
package/dist/wizard/lib/codegen/prisma-types.js +44 -0
package/dist/wizard/lib/codegen/seed-gen.d.ts +16 -0
package/dist/wizard/lib/codegen/seed-gen.js +128 -0
package/dist/wizard/lib/compliance.d.ts +51 -0
package/dist/wizard/lib/compliance.js +112 -0
package/dist/wizard/lib/correlation-engine.d.ts +59 -0
package/dist/wizard/lib/correlation-engine.js +152 -0
package/dist/wizard/lib/cost-estimator.d.ts +22 -0
package/dist/wizard/lib/cost-estimator.js +72 -0
package/dist/wizard/lib/cost-tracker.d.ts +27 -0
package/dist/wizard/lib/cost-tracker.js +37 -0
package/dist/wizard/lib/daemon-aggregator.d.ts +76 -0
package/dist/wizard/lib/daemon-aggregator.js +241 -0
package/dist/wizard/lib/daemon-core.d.ts +16 -0
package/dist/wizard/lib/daemon-core.js +39 -0
package/dist/wizard/lib/dashboard-data.d.ts +123 -0
package/dist/wizard/lib/dashboard-data.js +314 -0
package/dist/wizard/lib/dashboard-ws.d.ts +28 -0
package/dist/wizard/lib/dashboard-ws.js +117 -0
package/dist/wizard/lib/deep-current.d.ts +77 -0
package/dist/wizard/lib/deep-current.js +247 -0
package/dist/wizard/lib/deploy-coordinator.d.ts +40 -0
package/dist/wizard/lib/deploy-coordinator.js +86 -0
package/dist/wizard/lib/deploy-log.d.ts +28 -0
package/dist/wizard/lib/deploy-log.js +52 -0
package/dist/wizard/lib/desktop-notify.d.ts +27 -0
package/dist/wizard/lib/desktop-notify.js +98 -0
package/dist/wizard/lib/dns/cloudflare-dns.d.ts +35 -0
package/dist/wizard/lib/dns/cloudflare-dns.js +216 -0
package/dist/wizard/lib/dns/cloudflare-registrar.d.ts +31 -0
package/dist/wizard/lib/dns/cloudflare-registrar.js +148 -0
package/dist/wizard/lib/dns/types.d.ts +22 -0
package/dist/wizard/lib/dns/types.js +4 -0
package/dist/wizard/lib/document-discovery.d.ts +33 -0
package/dist/wizard/lib/document-discovery.js +145 -0
package/dist/wizard/lib/env-validator.d.ts +14 -0
package/dist/wizard/lib/env-validator.js +205 -0
package/dist/wizard/lib/env-writer.d.ts +13 -0
package/dist/wizard/lib/env-writer.js +26 -0
package/dist/wizard/lib/exec.d.ts +30 -0
package/dist/wizard/lib/exec.js +52 -0
package/dist/wizard/lib/experiment.d.ts +70 -0
package/dist/wizard/lib/experiment.js +169 -0
package/dist/wizard/lib/extensions.d.ts +20 -0
package/dist/wizard/lib/extensions.js +183 -0
package/dist/wizard/lib/financial/adapter-factory.d.ts +47 -0
package/dist/wizard/lib/financial/adapter-factory.js +225 -0
package/dist/wizard/lib/financial/billing/base.d.ts +6 -0
package/dist/wizard/lib/financial/billing/base.js +1 -0
package/dist/wizard/lib/financial/billing/google-billing.d.ts +56 -0
package/dist/wizard/lib/financial/billing/google-billing.js +298 -0
package/dist/wizard/lib/financial/billing/meta-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/meta-billing.js +243 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.d.ts +54 -0
package/dist/wizard/lib/financial/billing/tiktok-billing.js +260 -0
package/dist/wizard/lib/financial/campaign/base.d.ts +13 -0
package/dist/wizard/lib/financial/campaign/base.js +1 -0
package/dist/wizard/lib/financial/campaign/campaign-common.d.ts +21 -0
package/dist/wizard/lib/financial/campaign/campaign-common.js +58 -0
package/dist/wizard/lib/financial/campaign/google-api.d.ts +35 -0
package/dist/wizard/lib/financial/campaign/google-api.js +118 -0
package/dist/wizard/lib/financial/campaign/google-campaign.d.ts +38 -0
package/dist/wizard/lib/financial/campaign/google-campaign.js +186 -0
package/dist/wizard/lib/financial/campaign/meta-api.d.ts +28 -0
package/dist/wizard/lib/financial/campaign/meta-api.js +93 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.d.ts +32 -0
package/dist/wizard/lib/financial/campaign/meta-campaign.js +189 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.d.ts +45 -0
package/dist/wizard/lib/financial/campaign/sandbox-campaign.js +261 -0
package/dist/wizard/lib/financial/campaign/tiktok-api.d.ts +25 -0
package/dist/wizard/lib/financial/campaign/tiktok-api.js +81 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.d.ts +37 -0
package/dist/wizard/lib/financial/campaign/tiktok-campaign.js +155 -0
package/dist/wizard/lib/financial/funding-auto.d.ts +44 -0
package/dist/wizard/lib/financial/funding-auto.js +52 -0
package/dist/wizard/lib/financial/funding-policy.d.ts +60 -0
package/dist/wizard/lib/financial/funding-policy.js +179 -0
package/dist/wizard/lib/financial/platform-planner.d.ts +47 -0
package/dist/wizard/lib/financial/platform-planner.js +134 -0
package/dist/wizard/lib/financial/reconciliation-engine.d.ts +78 -0
package/dist/wizard/lib/financial/reconciliation-engine.js +193 -0
package/dist/wizard/lib/financial/registry.d.ts +22 -0
package/dist/wizard/lib/financial/registry.js +26 -0
package/dist/wizard/lib/financial/reporting.d.ts +96 -0
package/dist/wizard/lib/financial/reporting.js +198 -0
package/dist/wizard/lib/financial/stablecoin/base.d.ts +6 -0
package/dist/wizard/lib/financial/stablecoin/base.js +1 -0
package/dist/wizard/lib/financial/stablecoin/circle.d.ts +54 -0
package/dist/wizard/lib/financial/stablecoin/circle.js +367 -0
package/dist/wizard/lib/financial/stablecoin/mercury.d.ts +24 -0
package/dist/wizard/lib/financial/stablecoin/mercury.js +171 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.d.ts +47 -0
package/dist/wizard/lib/financial/stablecoin/sandbox-stablecoin.js +202 -0
package/dist/wizard/lib/financial/treasury-planner.d.ts +52 -0
package/dist/wizard/lib/financial/treasury-planner.js +128 -0
package/dist/wizard/lib/financial-core.d.ts +6 -0
package/dist/wizard/lib/financial-core.js +5 -0
package/dist/wizard/lib/financial-vault.d.ts +34 -0
package/dist/wizard/lib/financial-vault.js +200 -0
package/dist/wizard/lib/frontmatter.d.ts +30 -0
package/dist/wizard/lib/frontmatter.js +99 -0
package/dist/wizard/lib/gap-analysis.d.ts +37 -0
package/dist/wizard/lib/gap-analysis.js +218 -0
package/dist/wizard/lib/github.d.ts +22 -0
package/dist/wizard/lib/github.js +261 -0
package/dist/wizard/lib/headless-deploy.d.ts +14 -0
package/dist/wizard/lib/headless-deploy.js +452 -0
package/dist/wizard/lib/health-monitor.d.ts +15 -0
package/dist/wizard/lib/health-monitor.js +91 -0
package/dist/wizard/lib/health-poller.d.ts +9 -0
package/dist/wizard/lib/health-poller.js +123 -0
package/dist/wizard/lib/heartbeat-lifecycle.d.ts +71 -0
package/dist/wizard/lib/heartbeat-lifecycle.js +107 -0
package/dist/wizard/lib/heartbeat-scheduler.d.ts +26 -0
package/dist/wizard/lib/heartbeat-scheduler.js +155 -0
package/dist/wizard/lib/heartbeat.d.ts +22 -0
package/dist/wizard/lib/heartbeat.js +538 -0
package/dist/wizard/lib/herald.d.ts +28 -0
package/dist/wizard/lib/herald.js +167 -0
package/dist/wizard/lib/http-helpers.d.ts +9 -0
package/dist/wizard/lib/http-helpers.js +24 -0
package/dist/wizard/lib/image-gen.d.ts +56 -0
package/dist/wizard/lib/image-gen.js +159 -0
package/dist/wizard/lib/instance-sizing.d.ts +26 -0
package/dist/wizard/lib/instance-sizing.js +51 -0
package/dist/wizard/lib/kongo/analytics.d.ts +29 -0
package/dist/wizard/lib/kongo/analytics.js +179 -0
package/dist/wizard/lib/kongo/campaigns.d.ts +52 -0
package/dist/wizard/lib/kongo/campaigns.js +91 -0
package/dist/wizard/lib/kongo/client.d.ts +58 -0
package/dist/wizard/lib/kongo/client.js +221 -0
package/dist/wizard/lib/kongo/jobs.d.ts +57 -0
package/dist/wizard/lib/kongo/jobs.js +122 -0
package/dist/wizard/lib/kongo/pages.d.ts +60 -0
package/dist/wizard/lib/kongo/pages.js +150 -0
package/dist/wizard/lib/kongo/provisioner.d.ts +64 -0
package/dist/wizard/lib/kongo/provisioner.js +116 -0
package/dist/wizard/lib/kongo/seed.d.ts +49 -0
package/dist/wizard/lib/kongo/seed.js +237 -0
package/dist/wizard/lib/kongo/types.d.ts +323 -0
package/dist/wizard/lib/kongo/types.js +11 -0
package/dist/wizard/lib/kongo/variants.d.ts +57 -0
package/dist/wizard/lib/kongo/variants.js +88 -0
package/dist/wizard/lib/kongo/webhooks.d.ts +41 -0
package/dist/wizard/lib/kongo/webhooks.js +112 -0
package/dist/wizard/lib/marker.d.ts +28 -0
package/dist/wizard/lib/marker.js +79 -0
package/dist/wizard/lib/migrator.d.ts +35 -0
package/dist/wizard/lib/migrator.js +190 -0
package/dist/wizard/lib/natural-language-deploy.d.ts +30 -0
package/dist/wizard/lib/natural-language-deploy.js +186 -0
package/dist/wizard/lib/network.d.ts +22 -0
package/dist/wizard/lib/network.js +72 -0
package/dist/wizard/lib/oauth-core.d.ts +6 -0
package/dist/wizard/lib/oauth-core.js +5 -0
package/dist/wizard/lib/open-browser.d.ts +1 -0
package/dist/wizard/lib/open-browser.js +26 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.d.ts +209 -0
package/dist/wizard/lib/patterns/ad-billing-adapter.js +269 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.d.ts +200 -0
package/dist/wizard/lib/patterns/ad-platform-adapter.js +212 -0
package/dist/wizard/lib/patterns/daemon-process.d.ts +88 -0
package/dist/wizard/lib/patterns/daemon-process.js +271 -0
package/dist/wizard/lib/patterns/financial-transaction.d.ts +171 -0
package/dist/wizard/lib/patterns/financial-transaction.js +154 -0
package/dist/wizard/lib/patterns/funding-plan.d.ts +136 -0
package/dist/wizard/lib/patterns/funding-plan.js +200 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.d.ts +94 -0
package/dist/wizard/lib/patterns/oauth-token-lifecycle.js +139 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.d.ts +67 -0
package/dist/wizard/lib/patterns/outbound-rate-limiter.js +216 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.d.ts +96 -0
package/dist/wizard/lib/patterns/revenue-source-adapter.js +182 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.d.ts +218 -0
package/dist/wizard/lib/patterns/stablecoin-adapter.js +264 -0
package/dist/wizard/lib/prd-validator.d.ts +39 -0
package/dist/wizard/lib/prd-validator.js +137 -0
package/dist/wizard/lib/project-init.d.ts +24 -0
package/dist/wizard/lib/project-init.js +228 -0
package/dist/wizard/lib/project-registry.d.ts +86 -0
package/dist/wizard/lib/project-registry.js +359 -0
package/dist/wizard/lib/project-scope.d.ts +64 -0
package/dist/wizard/lib/project-scope.js +96 -0
package/dist/wizard/lib/project-vault.d.ts +47 -0
package/dist/wizard/lib/project-vault.js +221 -0
package/dist/wizard/lib/provision-manifest.d.ts +44 -0
package/dist/wizard/lib/provision-manifest.js +164 -0
package/dist/wizard/lib/provisioner-registry.d.ts +15 -0
package/dist/wizard/lib/provisioner-registry.js +34 -0
package/dist/wizard/lib/provisioners/aws-config.d.ts +36 -0
package/dist/wizard/lib/provisioners/aws-config.js +56 -0
package/dist/wizard/lib/provisioners/aws-ec2.d.ts +19 -0
package/dist/wizard/lib/provisioners/aws-ec2.js +241 -0
package/dist/wizard/lib/provisioners/aws-rds.d.ts +10 -0
package/dist/wizard/lib/provisioners/aws-rds.js +199 -0
package/dist/wizard/lib/provisioners/aws-vps.d.ts +6 -0
package/dist/wizard/lib/provisioners/aws-vps.js +231 -0
package/dist/wizard/lib/provisioners/cloudflare.d.ts +6 -0
package/dist/wizard/lib/provisioners/cloudflare.js +300 -0
package/dist/wizard/lib/provisioners/docker.d.ts +6 -0
package/dist/wizard/lib/provisioners/docker.js +75 -0
package/dist/wizard/lib/provisioners/http-client.d.ts +20 -0
package/dist/wizard/lib/provisioners/http-client.js +79 -0
package/dist/wizard/lib/provisioners/railway-config.d.ts +24 -0
package/dist/wizard/lib/provisioners/railway-config.js +220 -0
package/dist/wizard/lib/provisioners/railway-deploy.d.ts +19 -0
package/dist/wizard/lib/provisioners/railway-deploy.js +205 -0
package/dist/wizard/lib/provisioners/railway.d.ts +6 -0
package/dist/wizard/lib/provisioners/railway.js +45 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/caddyfile.js +54 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/deploy-vps.js +112 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.d.ts +11 -0
package/dist/wizard/lib/provisioners/scripts/docker-compose.js +91 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.d.ts +5 -0
package/dist/wizard/lib/provisioners/scripts/dockerfile.js +185 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/ecosystem-config.js +36 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.d.ts +14 -0
package/dist/wizard/lib/provisioners/scripts/provision-vps.js +202 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.d.ts +10 -0
package/dist/wizard/lib/provisioners/scripts/rollback-vps.js +67 -0
package/dist/wizard/lib/provisioners/self-deploy.d.ts +41 -0
package/dist/wizard/lib/provisioners/self-deploy.js +185 -0
package/dist/wizard/lib/provisioners/static-s3.d.ts +6 -0
package/dist/wizard/lib/provisioners/static-s3.js +235 -0
package/dist/wizard/lib/provisioners/types.d.ts +40 -0
package/dist/wizard/lib/provisioners/types.js +4 -0
package/dist/wizard/lib/provisioners/vercel.d.ts +6 -0
package/dist/wizard/lib/provisioners/vercel.js +287 -0
package/dist/wizard/lib/pty-manager.d.ts +42 -0
package/dist/wizard/lib/pty-manager.js +244 -0
package/dist/wizard/lib/rate-limiter-core.d.ts +5 -0
package/dist/wizard/lib/rate-limiter-core.js +5 -0
package/dist/wizard/lib/reconciliation.d.ts +43 -0
package/dist/wizard/lib/reconciliation.js +173 -0
package/dist/wizard/lib/revenue-types.d.ts +5 -0
package/dist/wizard/lib/revenue-types.js +1 -0
package/dist/wizard/lib/route-optimizer.d.ts +28 -0
package/dist/wizard/lib/route-optimizer.js +93 -0
package/dist/wizard/lib/s3-deploy.d.ts +19 -0
package/dist/wizard/lib/s3-deploy.js +156 -0
package/dist/wizard/lib/safety-tiers.d.ts +76 -0
package/dist/wizard/lib/safety-tiers.js +134 -0
package/dist/wizard/lib/sentry-generator.d.ts +15 -0
package/dist/wizard/lib/sentry-generator.js +116 -0
package/dist/wizard/lib/server-config.d.ts +13 -0
package/dist/wizard/lib/server-config.js +23 -0
package/dist/wizard/lib/service-install.d.ts +18 -0
package/dist/wizard/lib/service-install.js +182 -0
package/dist/wizard/lib/site-scanner.d.ts +80 -0
package/dist/wizard/lib/site-scanner.js +262 -0
package/dist/wizard/lib/ssh-deploy.d.ts +25 -0
package/dist/wizard/lib/ssh-deploy.js +225 -0
package/dist/wizard/lib/templates.d.ts +24 -0
package/dist/wizard/lib/templates.js +219 -0
package/dist/wizard/lib/totp.d.ts +35 -0
package/dist/wizard/lib/totp.js +277 -0
package/dist/wizard/lib/tower-auth.d.ts +43 -0
package/dist/wizard/lib/tower-auth.js +352 -0
package/dist/wizard/lib/tower-rate-limit.d.ts +14 -0
package/dist/wizard/lib/tower-rate-limit.js +61 -0
package/dist/wizard/lib/tower-session.d.ts +28 -0
package/dist/wizard/lib/tower-session.js +119 -0
package/dist/wizard/lib/treasury-backup.d.ts +23 -0
package/dist/wizard/lib/treasury-backup.js +127 -0
package/dist/wizard/lib/treasury-circuit-breakers.d.ts +28 -0
package/dist/wizard/lib/treasury-circuit-breakers.js +74 -0
package/dist/wizard/lib/treasury-handlers.d.ts +21 -0
package/dist/wizard/lib/treasury-handlers.js +281 -0
package/dist/wizard/lib/treasury-heartbeat.d.ts +18 -0
package/dist/wizard/lib/treasury-heartbeat.js +20 -0
package/dist/wizard/lib/treasury-io.d.ts +107 -0
package/dist/wizard/lib/treasury-io.js +254 -0
package/dist/wizard/lib/treasury-jobs.d.ts +14 -0
package/dist/wizard/lib/treasury-jobs.js +589 -0
package/dist/wizard/lib/treasury-migrator.d.ts +59 -0
package/dist/wizard/lib/treasury-migrator.js +227 -0
package/dist/wizard/lib/treasury-reader.d.ts +52 -0
package/dist/wizard/lib/treasury-reader.js +235 -0
package/dist/wizard/lib/updater.d.ts +29 -0
package/dist/wizard/lib/updater.js +203 -0
package/dist/wizard/lib/user-manager.d.ts +39 -0
package/dist/wizard/lib/user-manager.js +182 -0
package/dist/wizard/lib/vault.d.ts +26 -0
package/dist/wizard/lib/vault.js +161 -0
package/dist/wizard/router.d.ts +12 -0
package/dist/wizard/router.js +58 -0
package/dist/wizard/server.d.ts +18 -0
package/dist/wizard/server.js +427 -0
package/dist/wizard/ui/app.js +1357 -0
package/dist/wizard/ui/danger-room-prophecy.js +217 -0
package/dist/wizard/ui/danger-room.html +27 -0
package/dist/wizard/ui/danger-room.js +29 -0
package/dist/wizard/ui/deploy.html +181 -0
package/dist/wizard/ui/deploy.js +616 -0
package/dist/wizard/ui/favicon.svg +11 -0
package/dist/wizard/ui/index.html +407 -0
package/dist/wizard/ui/lobby.html +235 -0
package/dist/wizard/ui/lobby.js +843 -0
package/dist/wizard/ui/login.html +111 -0
package/dist/wizard/ui/login.js +199 -0
package/dist/wizard/ui/project.html +285 -0
package/dist/wizard/ui/project.js +324 -0
package/dist/wizard/ui/rollback.js +107 -0
package/dist/wizard/ui/styles.css +1040 -0
package/dist/wizard/ui/tower.html +177 -0
package/dist/wizard/ui/tower.js +445 -0
package/dist/wizard/ui/war-room-prophecy.js +217 -0
package/dist/wizard/ui/war-room.html +27 -0
package/dist/wizard/ui/war-room.js +29 -0
package/package.json +60 -0

package/dist/wizard/api/provision.js ADDED Viewed

@@ -0,0 +1,239 @@
+import { randomUUID } from 'node:crypto';
+import { join } from 'node:path';
+import { realpath } from 'node:fs/promises';
+import { addRoute } from '../router.js';
+import { getSessionPassword } from './credentials.js';
+import { parseJsonBody } from '../lib/body-parser.js';
+import { provisioners, GITHUB_LINKED_TARGETS, GITHUB_OPTIONAL_TARGETS } from '../lib/provisioner-registry.js';
+import { createManifest, updateManifestStatus } from '../lib/provision-manifest.js';
+import { provisionDns } from '../lib/dns/cloudflare-dns.js';
+import { registerDomain } from '../lib/dns/cloudflare-registrar.js';
+import { prepareGithub } from '../lib/github.js';
+import { sshDeploy } from '../lib/ssh-deploy.js';
+import { s3Deploy } from '../lib/s3-deploy.js';
+import { runBuildStep, getBuildOutputDir } from '../lib/build-step.js';
+import { emitCostEstimate } from '../lib/cost-estimator.js';
+import { sendJson } from '../lib/http-helpers.js';
+import { provisionRuns, activeProvisionRun, setActiveProvisionRun, scopeCredentials, loadCredentials, stripSecrets, buildCleanupCredentials, } from './provision-validate.js';
+import { runPostProvisionSteps } from './provision-steps.js';
+// Barrel imports — load split route files
+import './provision-validate.js';
+import './provision-status.js';
+const HOSTNAME_RE = /^[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?(\.[a-z0-9]([a-z0-9-]{0,61}[a-z0-9])?)+$/i;
+// POST /api/provision/start — SSE stream provisioning events
+addRoute('POST', '/api/provision/start', async (req, res) => {
+    const password = getSessionPassword();
+    if (!password) {
+        sendJson(res, 401, { error: 'Vault is locked.' });
+        return;
+    }
+    // Parse and validate BEFORE acquiring the lock (IG-R2)
+    const body = await parseJsonBody(req);
+    if (body.hostname && !HOSTNAME_RE.test(body.hostname)) {
+        sendJson(res, 400, { error: 'Invalid hostname format. Expected something like: myapp.example.com' });
+        return;
+    }
+    if (!body.projectDir || !body.projectName || !body.deployTarget) {
+        sendJson(res, 400, { error: 'projectDir, projectName, and deployTarget are required' });
+        return;
+    }
+    if (!body.projectDir.startsWith('/') || body.projectDir.includes('..')) {
+        sendJson(res, 400, { error: 'projectDir must be an absolute path with no ".." segments' });
+        return;
+    }
+    try {
+        body.projectDir = await realpath(body.projectDir);
+    }
+    catch {
+        sendJson(res, 400, { error: 'Could not resolve project directory path' });
+        return;
+    }
+    const provisioner = provisioners[body.deployTarget];
+    if (!provisioner) {
+        sendJson(res, 400, { error: `Unknown deploy target: ${body.deployTarget}` });
+        return;
+    }
+    // Load credentials BEFORE lock (IG-R3)
+    let allCredentials;
+    try {
+        allCredentials = await loadCredentials(password);
+    }
+    catch {
+        sendJson(res, 500, { error: 'Failed to load credentials from vault' });
+        return;
+    }
+    const scopedCreds = scopeCredentials(allCredentials, body.deployTarget);
+    const runId = randomUUID();
+    const ctx = {
+        runId, projectDir: body.projectDir, projectName: body.projectName,
+        deployTarget: body.deployTarget, framework: (body.framework || 'express').toLowerCase(),
+        database: body.database || 'none', cache: body.cache || 'none',
+        instanceType: body.instanceType || 't3.micro', hostname: body.hostname || '',
+        credentials: scopedCreds,
+    };
+    const errors = await provisioner.validate(ctx);
+    if (errors.length > 0) {
+        sendJson(res, 400, { error: errors.join('; ') });
+        return;
+    }
+    if (activeProvisionRun) {
+        sendJson(res, 429, { error: 'A provisioning run is already in progress. Wait for it to complete.' });
+        return;
+    }
+    setActiveProvisionRun(runId);
+    // Start SSE stream
+    res.writeHead(200, { 'Content-Type': 'text/event-stream', 'Cache-Control': 'no-cache', 'Connection': 'keep-alive' });
+    let clientDisconnected = false;
+    function sseWrite(chunk) {
+        if (clientDisconnected || res.writableEnded)
+            return;
+        try {
+            res.write(chunk);
+        }
+        catch {
+            clientDisconnected = true;
+        }
+    }
+    function sseEnd() {
+        if (clientDisconnected || res.writableEnded)
+            return;
+        try {
+            res.end();
+        }
+        catch { /* already closed */ }
+    }
+    const abortController = new AbortController();
+    ctx.abortSignal = abortController.signal;
+    req.on('close', () => { clientDisconnected = true; abortController.abort(); clearInterval(keepaliveTimer); });
+    const keepaliveTimer = setInterval(() => { sseWrite(': keepalive\n\n'); }, 15000);
+    let eventId = 0;
+    const emit = (event) => { eventId++; sseWrite(`id: ${eventId}\ndata: ${JSON.stringify(event)}\n\n`); };
+    const region = allCredentials['aws-region'] || 'us-east-1';
+    await createManifest(runId, body.deployTarget, region, body.projectName);
+    const sharedOutputs = {};
+    try {
+        // ── GitHub pre-step (ADR-011) ───────────────────────────
+        const hasGithub = allCredentials['github-token'];
+        const needsGithub = GITHUB_LINKED_TARGETS.includes(body.deployTarget);
+        const wantsGithub = GITHUB_OPTIONAL_TARGETS.includes(body.deployTarget);
+        if (hasGithub && (needsGithub || wantsGithub)) {
+            const ghResult = await prepareGithub(runId, allCredentials['github-token'], allCredentials['github-owner'] || null, body.projectName, body.projectDir, emit, abortController.signal, ctx.framework, body.deployTarget);
+            if (ghResult.success) {
+                sharedOutputs['GITHUB_REPO_URL'] = ghResult.repoUrl;
+                sharedOutputs['GITHUB_OWNER'] = ghResult.owner;
+                sharedOutputs['GITHUB_REPO_NAME'] = ghResult.repoName;
+            }
+            else if (needsGithub) {
+                emit({ step: 'github-warning', status: 'error', message: `GitHub setup failed — ${body.deployTarget} project will be created without auto-deploy. Push manually later.`, detail: ghResult.error });
+            }
+        }
+        else if (!hasGithub && needsGithub) {
+            emit({ step: 'github-skip', status: 'skipped', message: `No GitHub token in vault. ${body.deployTarget} project will be created without auto-deploy. Add GitHub credentials for CI/CD.` });
+        }
+        if (sharedOutputs['GITHUB_OWNER']) {
+            ctx.credentials['_github-owner'] = sharedOutputs['GITHUB_OWNER'];
+            ctx.credentials['_github-repo-name'] = sharedOutputs['GITHUB_REPO_NAME'];
+        }
+        emitCostEstimate(body.deployTarget, ctx.instanceType, ctx.database, ctx.cache, emit);
+        const result = await provisioner.provision(ctx, emit);
+        for (const [k, v] of Object.entries(sharedOutputs)) {
+            result.outputs[k] = v;
+        }
+        // ── Pre-deploy build step (ADR-016) ─────────────────────
+        if (result.success && body.deployTarget !== 'docker') {
+            const buildResult = await runBuildStep(body.projectDir, ctx.framework, emit, abortController.signal);
+            if (!buildResult.success) {
+                emit({ step: 'build-fatal', status: 'error', message: 'Build failed — infrastructure was created, but code deploy will be skipped. Fix the build locally and deploy manually.', detail: buildResult.error });
+            }
+        }
+        // ── Deploy post-step (v3.8.0 Last Mile) ─────────────────
+        if (result.success && body.deployTarget === 'vps') {
+            const sshHost = result.outputs['SSH_HOST'];
+            if (sshHost) {
+                const deployResult = await sshDeploy(body.projectDir, sshHost, result.outputs['SSH_USER'] || 'ec2-user', result.outputs['SSH_KEY_PATH'] || '.ssh/deploy-key.pem', ctx.hostname || undefined, ctx.framework, emit, abortController.signal);
+                if (deployResult.deployUrl)
+                    result.outputs['DEPLOY_URL'] = deployResult.deployUrl;
+            }
+            else {
+                emit({ step: 'deploy-skip', status: 'skipped', message: 'No SSH host available — SSH deploy skipped' });
+            }
+        }
+        else if (result.success && body.deployTarget === 'static') {
+            const bucket = result.outputs['S3_BUCKET'], websiteUrl = result.outputs['S3_WEBSITE_URL'];
+            const awsKeyId = allCredentials['aws-access-key-id'], awsSecret = allCredentials['aws-secret-access-key'];
+            if (bucket && websiteUrl && awsKeyId && awsSecret) {
+                const s3Result = await s3Deploy(bucket, join(body.projectDir, getBuildOutputDir(ctx.framework)), allCredentials['aws-region'] || 'us-east-1', { accessKeyId: awsKeyId, secretAccessKey: awsSecret }, websiteUrl, emit);
+                if (s3Result.deployUrl)
+                    result.outputs['DEPLOY_URL'] = s3Result.deployUrl;
+            }
+            else {
+                emit({ step: 'deploy-skip', status: 'skipped', message: 'No S3 bucket available — upload skipped' });
+            }
+        }
+        else if (result.success && ['vercel', 'cloudflare', 'railway'].includes(body.deployTarget)) {
+            const deployUrl = result.outputs['DEPLOY_URL'] || result.outputs['VERCEL_DOMAIN'] || result.outputs['CF_PROJECT_URL'] || result.outputs['RAILWAY_DOMAIN'];
+            if (deployUrl && !result.outputs['DEPLOY_URL']) {
+                result.outputs['DEPLOY_URL'] = deployUrl.startsWith('http') ? deployUrl : `https://${deployUrl}`;
+            }
+        }
+        // Domain registration — pre-DNS step (non-fatal, irreversible)
+        const cfToken = allCredentials['cloudflare-api-token'], cfAccount = allCredentials['cloudflare-account-id'];
+        if (result.success && body.registerDomain && ctx.hostname && cfToken && cfAccount) {
+            const regResult = await registerDomain(cfToken, cfAccount, ctx.hostname, emit);
+            if (regResult.success) {
+                result.outputs['REGISTRAR_DOMAIN'] = regResult.domain || ctx.hostname;
+                if (regResult.expiresAt)
+                    result.outputs['REGISTRAR_EXPIRY'] = regResult.expiresAt;
+            }
+        }
+        else if (result.success && body.registerDomain && ctx.hostname && !cfAccount) {
+            emit({ step: 'registrar-skip', status: 'skipped', message: 'Domain registration requested but no Cloudflare Account ID in vault. Add it in Cloud Providers.' });
+        }
+        else if (result.success && body.registerDomain && ctx.hostname && !cfToken) {
+            emit({ step: 'registrar-skip', status: 'skipped', message: 'Domain registration requested but no Cloudflare API token in vault. Add Cloudflare credentials to enable registration.' });
+        }
+        // DNS post-provision step (non-fatal)
+        if (result.success && ctx.hostname && cfToken) {
+            const dnsResult = await provisionDns(runId, cfToken, ctx.hostname, body.deployTarget, result.outputs, emit);
+            if (dnsResult.records.length > 0) {
+                for (const record of dnsResult.records) {
+                    result.resources.push({ type: 'dns-record', id: `${dnsResult.zoneId}:${record.id}`, region: 'global' });
+                }
+                result.outputs['DNS_HOSTNAME'] = ctx.hostname;
+                result.outputs['DNS_ZONE_ID'] = dnsResult.zoneId;
+            }
+        }
+        else if (result.success && ctx.hostname && !cfToken) {
+            emit({ step: 'dns-skip', status: 'skipped', message: `Hostname "${ctx.hostname}" set but no Cloudflare token in vault. Add Cloudflare credentials to enable DNS wiring.` });
+        }
+        // Post-provision finalization (sentry, env-validator, health, deploy log)
+        if (result.success) {
+            await runPostProvisionSteps({
+                projectDir: body.projectDir, framework: ctx.framework, deployTarget: body.deployTarget,
+                projectName: body.projectName, hostname: ctx.hostname, region, runId,
+                outputs: result.outputs, resources: result.resources,
+                sentryDsn: allCredentials['sentry-dsn'], emit,
+            });
+        }
+        // Track for cleanup by run ID
+        if (result.resources.length > 0) {
+            const hasDns = result.resources.some(r => r.type === 'dns-record');
+            provisionRuns.set(runId, { resources: result.resources, credentials: buildCleanupCredentials(body.deployTarget, allCredentials, hasDns), target: body.deployTarget });
+        }
+        await updateManifestStatus(runId, result.success ? 'complete' : 'failed');
+        const safeResult = { ...result, outputs: stripSecrets(result.outputs) };
+        sseWrite(`data: ${JSON.stringify({ step: 'complete', status: result.success ? 'done' : 'error', message: result.success ? 'Provisioning complete' : result.error || 'Provisioning failed', result: safeResult, runId })}\n\n`);
+    }
+    catch (err) {
+        const errMsg = err.message;
+        console.error('Provisioning fatal error:', errMsg);
+        await updateManifestStatus(runId, 'failed');
+        sseWrite(`data: ${JSON.stringify({ step: 'fatal', status: 'error', message: 'Provisioning failed unexpectedly. Check that credentials are valid and try again.', detail: errMsg.replace(/[A-Za-z0-9+/=]{16,}/g, '***') })}\n\n`);
+    }
+    finally {
+        setActiveProvisionRun(null);
+        clearInterval(keepaliveTimer);
+        sseWrite('data: [DONE]\n\n');
+        sseEnd();
+    }
+});

package/dist/wizard/api/terminal.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Terminal API — WebSocket bridge between browser (xterm.js) and server (node-pty).
+ * Also REST endpoints for session management.
+ *
+ * WebSocket protocol:
+ *   Client → Server: raw keystrokes (text frames)
+ *   Server → Client: raw terminal output (text frames)
+ *   Client → Server: JSON control messages: { type: "resize", cols, rows }
+ *   Server → Client: JSON control messages: { type: "exit", code }
+ *
+ * Auth: vault password required in the WebSocket URL query string.
+ */
+import type { IncomingMessage } from 'node:http';
+import type { Duplex } from 'node:stream';
+/**
+ * Handle a WebSocket upgrade request for a terminal session.
+ * URL: /ws/terminal?session=<id>&token=<authToken>
+ *
+ * Auth flow: vault password → origin check → HMAC token → session existence.
+ * Then ws library handles the protocol handshake.
+ */
+export declare function handleTerminalUpgrade(req: IncomingMessage, socket: Duplex, head: Buffer, userSession?: {
+    username: string;
+    role: 'admin' | 'deployer' | 'viewer';
+}): void;

package/dist/wizard/api/terminal.js ADDED Viewed

@@ -0,0 +1,246 @@
+/**
+ * Terminal API — WebSocket bridge between browser (xterm.js) and server (node-pty).
+ * Also REST endpoints for session management.
+ *
+ * WebSocket protocol:
+ *   Client → Server: raw keystrokes (text frames)
+ *   Server → Client: raw terminal output (text frames)
+ *   Client → Server: JSON control messages: { type: "resize", cols, rows }
+ *   Server → Client: JSON control messages: { type: "exit", code }
+ *
+ * Auth: vault password required in the WebSocket URL query string.
+ */
+import { createHmac, timingSafeEqual, randomBytes } from 'node:crypto';
+// SEC-R2-108: Per-boot random HMAC key — decoupled from vault password to prevent offline brute-force
+const TERMINAL_HMAC_KEY = randomBytes(32);
+import { WebSocketServer, WebSocket } from 'ws';
+import { access, realpath } from 'node:fs/promises';
+import { join } from 'node:path';
+import { addRoute } from '../router.js';
+import { getSessionPassword } from './credentials.js';
+import { getServerPort, getServerHost } from '../lib/server-config.js';
+import { parseJsonBody } from '../lib/body-parser.js';
+import { createSession, writeToSession, onSessionData, resizeSession, killSession, listSessions, } from '../lib/pty-manager.js';
+import { validateSession, parseSessionCookie, getClientIp, isRemoteMode, isLanMode } from '../lib/tower-auth.js';
+import { isPrivateOrigin } from '../lib/network.js';
+import { hasProjectAccess } from '../lib/user-manager.js';
+import { findByDirectory } from '../lib/project-registry.js';
+import { sendJson } from '../lib/http-helpers.js';
+// ── REST endpoints for session management ──────────────
+// GET /api/terminal/sessions — list active PTY sessions (filtered by project access)
+addRoute('GET', '/api/terminal/sessions', async (req, res) => {
+    const password = getSessionPassword();
+    if (!password) {
+        sendJson(res, 401, { error: 'Vault is locked.' });
+        return;
+    }
+    let allSessions = listSessions();
+    // In remote mode, filter sessions by user's project access
+    if (isRemoteMode()) {
+        const token = parseSessionCookie(req.headers.cookie);
+        const ip = getClientIp(req);
+        const userSession = token ? validateSession(token, ip) : null;
+        if (userSession && userSession.role !== 'admin') {
+            // Non-admins only see their own sessions
+            allSessions = allSessions.filter((s) => s.username === userSession.username);
+        }
+    }
+    sendJson(res, 200, { sessions: allSessions, count: allSessions.length });
+});
+// POST /api/terminal/sessions — create a new PTY session
+addRoute('POST', '/api/terminal/sessions', async (req, res) => {
+    const password = getSessionPassword();
+    if (!password) {
+        sendJson(res, 401, { error: 'Vault is locked.' });
+        return;
+    }
+    const body = await parseJsonBody(req);
+    if (!body.projectDir || !body.projectName) {
+        sendJson(res, 400, { error: 'projectDir and projectName are required' });
+        return;
+    }
+    // SEC-003/QA-002: Validate projectDir — absolute path, no traversal
+    if (!body.projectDir.startsWith('/') || body.projectDir.includes('..')) {
+        sendJson(res, 400, { error: 'projectDir must be an absolute path with no ".." segments' });
+        return;
+    }
+    // IG-R4: Resolve symlinks and use real path for all operations
+    try {
+        body.projectDir = await realpath(body.projectDir);
+    }
+    catch {
+        sendJson(res, 400, { error: 'Could not resolve project directory path' });
+        return;
+    }
+    // Verify this is a VoidForge project (CLAUDE.md exists)
+    try {
+        await access(join(body.projectDir, 'CLAUDE.md'));
+    }
+    catch {
+        sendJson(res, 400, { error: 'Not a VoidForge project — no CLAUDE.md found' });
+        return;
+    }
+    // Extract user context and check per-project access
+    let sessionUsername = '';
+    if (isRemoteMode()) {
+        const token = parseSessionCookie(req.headers.cookie);
+        const ip = getClientIp(req);
+        const userSession = token ? validateSession(token, ip) : null;
+        if (!userSession) {
+            sendJson(res, 401, { error: 'Authentication required' });
+            return;
+        }
+        sessionUsername = userSession.username;
+        // Check per-project access — deployer minimum for terminal
+        const project = await findByDirectory(body.projectDir);
+        if (!project) {
+            // Project not in registry — deny access (cannot verify permissions)
+            sendJson(res, 404, { error: 'Project not found in registry' });
+            return;
+        }
+        const projectAccess = await hasProjectAccess(userSession, project.id, 'deployer');
+        if (!projectAccess) {
+            sendJson(res, 404, { error: 'Project not found' });
+            return;
+        }
+    }
+    try {
+        const session = await createSession(body.projectDir, body.projectName, body.label || 'Shell', body.initialCommand, body.cols || 120, body.rows || 30, sessionUsername);
+        // SEC-001/SEC-002: Generate per-session auth token for WebSocket upgrade
+        const authToken = createHmac('sha256', TERMINAL_HMAC_KEY).update(session.id).digest('hex');
+        sendJson(res, 200, { session, authToken });
+    }
+    catch (err) {
+        sendJson(res, 400, { error: err.message });
+    }
+});
+// POST /api/terminal/sessions/:id/kill — kill a session (ownership check in remote mode)
+addRoute('POST', '/api/terminal/kill', async (req, res) => {
+    const password = getSessionPassword();
+    if (!password) {
+        sendJson(res, 401, { error: 'Vault is locked.' });
+        return;
+    }
+    const body = await parseJsonBody(req);
+    if (!body.sessionId) {
+        sendJson(res, 400, { error: 'sessionId is required' });
+        return;
+    }
+    // In remote mode, non-admins can only kill their own sessions
+    if (isRemoteMode()) {
+        const token = parseSessionCookie(req.headers.cookie);
+        const ip = getClientIp(req);
+        const userSession = token ? validateSession(token, ip) : null;
+        if (userSession && userSession.role !== 'admin') {
+            const sessions = listSessions();
+            const target = sessions.find((s) => s.id === body.sessionId);
+            if (!target || target.username !== userSession.username) {
+                sendJson(res, 404, { error: 'Session not found' });
+                return;
+            }
+        }
+    }
+    killSession(body.sessionId);
+    sendJson(res, 200, { killed: true });
+});
+// ── WebSocket upgrade handler (using 'ws' library) ─────
+/** Shared WebSocketServer instance — noServer mode lets us handle upgrade manually. */
+const wss = new WebSocketServer({ noServer: true });
+/**
+ * Handle a WebSocket upgrade request for a terminal session.
+ * URL: /ws/terminal?session=<id>&token=<authToken>
+ *
+ * Auth flow: vault password → origin check → HMAC token → session existence.
+ * Then ws library handles the protocol handshake.
+ */
+export function handleTerminalUpgrade(req, socket, head, userSession) {
+    void userSession;
+    const password = getSessionPassword();
+    if (!password) {
+        socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+        socket.destroy();
+        return;
+    }
+    // SEC-001: Origin validation
+    const origin = req.headers.origin || '';
+    const port = getServerPort();
+    const allowedOrigins = [`http://127.0.0.1:${port}`, `http://localhost:${port}`];
+    const remoteHost = getServerHost();
+    if (remoteHost) {
+        allowedOrigins.push(`https://${remoteHost}`);
+    }
+    // LAN mode: accept any private IP origin (matches CORS handler in server.ts)
+    const isAllowed = allowedOrigins.includes(origin)
+        || (isLanMode() && isPrivateOrigin(origin));
+    if (!origin || !isAllowed) {
+        console.log(`  PTY WS rejected: origin=${origin} allowed=${JSON.stringify(allowedOrigins)} lan=${isLanMode()}`);
+        socket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
+        socket.destroy();
+        return;
+    }
+    const url = new URL(req.url || '', 'http://localhost');
+    const sessionId = url.searchParams.get('session');
+    if (!sessionId) {
+        socket.write('HTTP/1.1 400 Bad Request\r\n\r\n');
+        socket.destroy();
+        return;
+    }
+    // SEC-002: Validate per-session auth token
+    const token = url.searchParams.get('token');
+    const expectedToken = createHmac('sha256', TERMINAL_HMAC_KEY).update(sessionId).digest('hex');
+    if (!token || token.length !== expectedToken.length || !timingSafeEqual(Buffer.from(token), Buffer.from(expectedToken))) {
+        socket.write('HTTP/1.1 403 Forbidden\r\n\r\n');
+        socket.destroy();
+        return;
+    }
+    // Verify session exists
+    const sessions = listSessions();
+    if (!sessions.find((s) => s.id === sessionId)) {
+        socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
+        socket.destroy();
+        return;
+    }
+    // Let the ws library handle the WebSocket handshake
+    wss.handleUpgrade(req, socket, head, (ws) => {
+        // Subscribe to PTY output → send to browser
+        const unsubscribe = onSessionData(sessionId, (data) => {
+            if (ws.readyState === WebSocket.OPEN) {
+                try {
+                    ws.send(data);
+                }
+                catch { /* client gone */ }
+            }
+        });
+        // Browser → PTY: keystrokes and control messages
+        ws.on('message', (raw) => {
+            const msg = typeof raw === 'string' ? raw : raw.toString('utf-8');
+            // JSON control messages (resize)
+            if (msg.startsWith('{')) {
+                try {
+                    const parsed = JSON.parse(msg);
+                    // IG-R2: Validate numeric types to prevent NaN propagation to node-pty
+                    if (parsed.type === 'resize' && typeof parsed.cols === 'number' && typeof parsed.rows === 'number'
+                        && Number.isFinite(parsed.cols) && Number.isFinite(parsed.rows)) {
+                        resizeSession(sessionId, parsed.cols, parsed.rows);
+                        return;
+                    }
+                }
+                catch { /* not JSON — treat as keystroke input */ }
+            }
+            // Regular input → PTY
+            try {
+                writeToSession(sessionId, msg);
+            }
+            catch {
+                ws.close();
+            }
+        });
+        ws.on('close', () => {
+            unsubscribe();
+            // Don't kill session — allow reconnection. Idle timeout handles cleanup.
+        });
+        ws.on('error', () => {
+            unsubscribe();
+        });
+    });
+}

package/dist/wizard/api/users.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+/**
+ * Users API — Multi-user management endpoints.
+ * All user management requires admin role.
+ * Invite completion is public (token-authenticated).
+ */
+export {};