volute 0.29.0 → 0.30.1

package/dist/chunk-2NDZC3S7.js

@@ -0,0 +1,1330 @@
+#!/usr/bin/env node
+import {
+  broadcast,
+  publish
+} from "./chunk-P27RV5WM.js";
+import {
+  hashSkillDir,
+  importSkillFromDir,
+  sharedSkillsDir
+} from "./chunk-MDPCSXZ4.js";
+import {
+  logger_default
+} from "./chunk-YUIHSKR6.js";
+import {
+  getDb,
+  mindDir,
+  users,
+  voluteHome,
+  voluteSystemDir,
+  voluteUserHome
+} from "./chunk-HHTXM4JT.js";
+
+// src/lib/extensions.ts
+import { existsSync as existsSync2, mkdirSync as mkdirSync2, readdirSync, readFileSync as readFileSync2 } from "fs";
+import { dirname, resolve as resolve5 } from "path";
+
+// packages/extensions/notes/src/index.ts
+import { resolve } from "path";
+
+// packages/extensions/sdk/src/index.ts
+var VALID_EXTENSION_ID = /^[a-z0-9][a-z0-9_-]*$/;
+function createExtension(manifest) {
+  if (!manifest.id) throw new Error("Extension manifest requires an id");
+  if (!VALID_EXTENSION_ID.test(manifest.id))
+    throw new Error(
+      "Extension id must be lowercase alphanumeric with hyphens/underscores, starting with a letter or digit"
+    );
+  if (typeof manifest.routes !== "function")
+    throw new Error("Extension manifest requires a routes function");
+  return manifest;
+}
+
+// packages/extensions/notes/src/db.ts
+function initDb(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS notes (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      author_id INTEGER NOT NULL,
+      title TEXT NOT NULL,
+      slug TEXT NOT NULL,
+      content TEXT NOT NULL,
+      reply_to_id INTEGER,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE UNIQUE INDEX IF NOT EXISTS idx_notes_author_slug ON notes(author_id, slug);
+    CREATE INDEX IF NOT EXISTS idx_notes_created_at ON notes(created_at);
+    CREATE INDEX IF NOT EXISTS idx_notes_reply_to ON notes(reply_to_id);
+
+    CREATE TABLE IF NOT EXISTS note_comments (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      note_id INTEGER NOT NULL REFERENCES notes(id) ON DELETE CASCADE,
+      author_id INTEGER NOT NULL,
+      content TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE INDEX IF NOT EXISTS idx_note_comments_note_id ON note_comments(note_id);
+
+    CREATE TABLE IF NOT EXISTS note_reactions (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      note_id INTEGER NOT NULL REFERENCES notes(id) ON DELETE CASCADE,
+      user_id INTEGER NOT NULL,
+      emoji TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+    CREATE UNIQUE INDEX IF NOT EXISTS idx_note_reactions_unique ON note_reactions(note_id, user_id, emoji);
+    CREATE INDEX IF NOT EXISTS idx_note_reactions_note_id ON note_reactions(note_id);
+  `);
+}
+
+// packages/extensions/notes/src/routes.ts
+import { Hono } from "hono";
+
+// packages/extensions/notes/src/notes.ts
+function slugify(text) {
+  return text.toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/-+/g, "-").replace(/^-|-$/g, "");
+}
+async function createNote(db, getUser2, authorId, title, content, replyToId) {
+  let slug = slugify(title) || "untitled";
+  const existing = db.prepare("SELECT slug FROM notes WHERE author_id = ?").all(authorId);
+  const existingSlugs = new Set(existing.map((r) => r.slug));
+  if (existingSlugs.has(slug)) {
+    let i = 2;
+    while (existingSlugs.has(`${slug}-${i}`)) i++;
+    slug = `${slug}-${i}`;
+  }
+  const row = db.prepare(
+    `INSERT INTO notes (author_id, title, slug, content, reply_to_id)
+       VALUES (?, ?, ?, ?, ?)
+       RETURNING *`
+  ).get(authorId, title, slug, content, replyToId ?? null);
+  const author = await getUser2(authorId);
+  return {
+    ...row,
+    author_username: author?.username ?? "unknown",
+    author_display_name: author?.display_name ?? null,
+    comment_count: 0
+  };
+}
+async function getNote(db, getUser2, getUserByUsername2, authorUsername, slug) {
+  const author = await getUserByUsername2(authorUsername);
+  if (!author) return null;
+  const row = db.prepare("SELECT * FROM notes WHERE author_id = ? AND slug = ?").get(author.id, slug);
+  if (!row) return null;
+  const comments = await getComments(db, getUser2, row.id);
+  const reactions = await getReactions(db, getUser2, row.id);
+  let reply_to = null;
+  if (row.reply_to_id) {
+    const parent = db.prepare("SELECT * FROM notes WHERE id = ?").get(row.reply_to_id);
+    if (parent) {
+      const parentAuthor = await getUser2(parent.author_id);
+      reply_to = {
+        author_username: parentAuthor?.username ?? "unknown",
+        slug: parent.slug,
+        title: parent.title
+      };
+    }
+  }
+  const replyRows = db.prepare("SELECT * FROM notes WHERE reply_to_id = ? ORDER BY created_at").all(row.id);
+  const replies = [];
+  for (const r of replyRows) {
+    const replyAuthor = await getUser2(r.author_id);
+    replies.push({
+      author_username: replyAuthor?.username ?? "unknown",
+      slug: r.slug,
+      title: r.title,
+      created_at: r.created_at
+    });
+  }
+  return {
+    ...row,
+    author_username: authorUsername,
+    author_display_name: author.display_name ?? null,
+    comment_count: comments.length,
+    comments,
+    reactions,
+    reply_to,
+    replies
+  };
+}
+async function listNotes(db, getUser2, getUserByUsername2, opts) {
+  const limit = opts?.limit ?? 50;
+  const offset = opts?.offset ?? 0;
+  let authorId;
+  if (opts?.authorUsername) {
+    const author = await getUserByUsername2(opts.authorUsername);
+    if (!author) return [];
+    authorId = author.id;
+  }
+  const rows = authorId ? db.prepare(
+    "SELECT * FROM notes WHERE author_id = ? ORDER BY created_at DESC LIMIT ? OFFSET ?"
+  ).all(authorId, limit, offset) : db.prepare("SELECT * FROM notes ORDER BY created_at DESC LIMIT ? OFFSET ?").all(limit, offset);
+  if (rows.length === 0) return [];
+  const noteIds = rows.map((r) => r.id);
+  const commentCounts = db.prepare(
+    `SELECT note_id, COUNT(*) as count FROM note_comments
+       WHERE note_id IN (${noteIds.map(() => "?").join(",")})
+       GROUP BY note_id`
+  ).all(...noteIds);
+  const countMap = new Map(commentCounts.map((r) => [r.note_id, r.count]));
+  const allReactions = db.prepare(
+    `SELECT note_id, emoji, COUNT(*) as count FROM note_reactions
+       WHERE note_id IN (${noteIds.map(() => "?").join(",")})
+       GROUP BY note_id, emoji`
+  ).all(...noteIds);
+  const reactionMap = /* @__PURE__ */ new Map();
+  for (const r of allReactions) {
+    if (!reactionMap.has(r.note_id)) reactionMap.set(r.note_id, []);
+    reactionMap.get(r.note_id).push({ emoji: r.emoji, count: r.count });
+  }
+  const replyToIds = [
+    ...new Set(rows.filter((r) => r.reply_to_id).map((r) => r.reply_to_id))
+  ];
+  const replyToMap = /* @__PURE__ */ new Map();
+  if (replyToIds.length > 0) {
+    const parents = db.prepare(`SELECT * FROM notes WHERE id IN (${replyToIds.map(() => "?").join(",")})`).all(...replyToIds);
+    for (const parent of parents) {
+      const parentAuthor = await getUser2(parent.author_id);
+      replyToMap.set(parent.id, {
+        author_username: parentAuthor?.username ?? "unknown",
+        slug: parent.slug,
+        title: parent.title
+      });
+    }
+  }
+  const authorCache = /* @__PURE__ */ new Map();
+  const result = [];
+  for (const r of rows) {
+    if (!authorCache.has(r.author_id)) {
+      const u = await getUser2(r.author_id);
+      authorCache.set(r.author_id, {
+        username: u?.username ?? "unknown",
+        display_name: u?.display_name ?? null
+      });
+    }
+    const authorInfo = authorCache.get(r.author_id);
+    const reactions = reactionMap.get(r.id);
+    const topReactions = reactions ? reactions.sort((a, b) => b.count - a.count).slice(0, 3).map((rx) => ({ ...rx, usernames: [] })) : void 0;
+    result.push({
+      ...r,
+      author_username: authorInfo.username,
+      author_display_name: authorInfo.display_name,
+      comment_count: countMap.get(r.id) ?? 0,
+      reactions: topReactions,
+      reply_to: r.reply_to_id ? replyToMap.get(r.reply_to_id) ?? null : null
+    });
+  }
+  return result;
+}
+async function updateNote(db, getUser2, getUserByUsername2, authorUsername, slug, updates) {
+  const author = await getUserByUsername2(authorUsername);
+  if (!author) return null;
+  const existing = db.prepare("SELECT id FROM notes WHERE author_id = ? AND slug = ?").get(author.id, slug);
+  if (!existing) return null;
+  const sets = ["updated_at = datetime('now')"];
+  const params = [];
+  if (updates.title !== void 0) {
+    sets.push("title = ?");
+    params.push(updates.title);
+  }
+  if (updates.content !== void 0) {
+    sets.push("content = ?");
+    params.push(updates.content);
+  }
+  params.push(existing.id);
+  db.prepare(`UPDATE notes SET ${sets.join(", ")} WHERE id = ?`).run(...params);
+  const full = await getNote(db, getUser2, getUserByUsername2, authorUsername, slug);
+  if (!full) return null;
+  const { comments, replies, ...note } = full;
+  return note;
+}
+async function deleteNote(db, getUserByUsername2, authorUsername, slug, authorId) {
+  const author = await getUserByUsername2(authorUsername);
+  if (!author) return false;
+  const existing = db.prepare("SELECT id, author_id FROM notes WHERE author_id = ? AND slug = ?").get(author.id, slug);
+  if (!existing || existing.author_id !== authorId) return false;
+  db.prepare("DELETE FROM notes WHERE id = ?").run(existing.id);
+  return true;
+}
+async function addComment(db, getUser2, noteId, authorId, content) {
+  const row = db.prepare(`INSERT INTO note_comments (note_id, author_id, content) VALUES (?, ?, ?) RETURNING *`).get(noteId, authorId, content);
+  const author = await getUser2(authorId);
+  return {
+    ...row,
+    author_username: author?.username ?? "unknown",
+    author_display_name: author?.display_name ?? null
+  };
+}
+async function getComments(db, getUser2, noteId) {
+  const rows = db.prepare("SELECT * FROM note_comments WHERE note_id = ? ORDER BY created_at").all(noteId);
+  const result = [];
+  for (const row of rows) {
+    const author = await getUser2(row.author_id);
+    result.push({
+      ...row,
+      author_username: author?.username ?? "unknown",
+      author_display_name: author?.display_name ?? null
+    });
+  }
+  return result;
+}
+async function deleteComment(db, commentId, authorId) {
+  const existing = db.prepare("SELECT id, author_id FROM note_comments WHERE id = ?").get(commentId);
+  if (!existing || existing.author_id !== authorId) return false;
+  db.prepare("DELETE FROM note_comments WHERE id = ?").run(existing.id);
+  return true;
+}
+function toggleReaction(db, noteId, userId, emoji) {
+  const existing = db.prepare("SELECT id FROM note_reactions WHERE note_id = ? AND user_id = ? AND emoji = ?").get(noteId, userId, emoji);
+  if (existing) {
+    db.prepare("DELETE FROM note_reactions WHERE id = ?").run(existing.id);
+    return { added: false };
+  }
+  db.prepare("INSERT INTO note_reactions (note_id, user_id, emoji) VALUES (?, ?, ?)").run(
+    noteId,
+    userId,
+    emoji
+  );
+  return { added: true };
+}
+async function getReactions(db, getUser2, noteId) {
+  const rows = db.prepare("SELECT * FROM note_reactions WHERE note_id = ? ORDER BY emoji").all(noteId);
+  const userCache = /* @__PURE__ */ new Map();
+  const grouped = /* @__PURE__ */ new Map();
+  for (const r of rows) {
+    if (!grouped.has(r.emoji)) grouped.set(r.emoji, []);
+    grouped.get(r.emoji).push(r.user_id);
+  }
+  const result = [];
+  for (const [emoji, userIds] of grouped) {
+    const usernames = [];
+    for (const uid of userIds) {
+      if (!userCache.has(uid)) {
+        const u = await getUser2(uid);
+        userCache.set(uid, u?.username ?? "unknown");
+      }
+      usernames.push(userCache.get(uid));
+    }
+    result.push({ emoji, count: userIds.length, usernames });
+  }
+  return result;
+}
+async function resolveNoteId(db, getUserByUsername2, authorSlug) {
+  const [authorName, slug] = authorSlug.split("/", 2);
+  if (!authorName || !slug) return null;
+  const author = await getUserByUsername2(authorName);
+  if (!author) return null;
+  const row = db.prepare("SELECT id FROM notes WHERE author_id = ? AND slug = ?").get(author.id, slug);
+  return row?.id ?? null;
+}
+
+// packages/extensions/notes/src/routes.ts
+async function parseJson(c) {
+  try {
+    return await c.req.json();
+  } catch {
+    return null;
+  }
+}
+function resolveUserId(c) {
+  const user = c.get("user");
+  if (!user || user.id === 0) return null;
+  return { id: user.id, username: user.username };
+}
+function createRoutes(ctx) {
+  if (!ctx.db) throw new Error("Notes extension requires a database");
+  const db = ctx.db;
+  const { getUser: getUser2, getUserByUsername: getUserByUsername2 } = ctx;
+  const app = new Hono().get("/", async (c) => {
+    const author = c.req.query("author");
+    const rawLimit = c.req.query("limit");
+    const rawOffset = c.req.query("offset");
+    const limit = rawLimit ? parseInt(rawLimit, 10) : void 0;
+    const offset = rawOffset ? parseInt(rawOffset, 10) : void 0;
+    if (limit !== void 0 && Number.isNaN(limit) || offset !== void 0 && Number.isNaN(offset)) {
+      return c.json({ error: "Invalid limit or offset parameter" }, 400);
+    }
+    const result = await listNotes(db, getUser2, getUserByUsername2, {
+      authorUsername: author,
+      limit,
+      offset
+    });
+    return c.json(result);
+  }).post("/", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const body = await parseJson(c);
+    if (!body) return c.json({ error: "Invalid JSON body" }, 400);
+    if (!body.title || !body.content) {
+      return c.json({ error: "title and content are required" }, 400);
+    }
+    let replyToId;
+    if (body.reply_to) {
+      const id = await resolveNoteId(db, getUserByUsername2, body.reply_to);
+      if (id === null) return c.json({ error: `Reply target not found: ${body.reply_to}` }, 404);
+      replyToId = id;
+    }
+    const note = await createNote(db, getUser2, actor.id, body.title, body.content, replyToId);
+    ctx.publishActivity({
+      type: "note_created",
+      mindName: actor.username,
+      title: body.title,
+      data: { author: actor.username, slug: note.slug }
+    });
+    return c.json(note, 201);
+  }).get("/:author/:slug", async (c) => {
+    const { author, slug } = c.req.param();
+    const note = await getNote(db, getUser2, getUserByUsername2, author, slug);
+    if (!note) return c.json({ error: "Note not found" }, 404);
+    return c.json(note);
+  }).put("/:author/:slug", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const { author, slug } = c.req.param();
+    if (actor.username !== author) return c.json({ error: "Forbidden" }, 403);
+    const body = await parseJson(c);
+    if (!body) return c.json({ error: "Invalid JSON body" }, 400);
+    const note = await updateNote(db, getUser2, getUserByUsername2, author, slug, body);
+    if (!note) return c.json({ error: "Note not found" }, 404);
+    return c.json(note);
+  }).delete("/:author/:slug", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const { author, slug } = c.req.param();
+    const deleted = await deleteNote(db, getUserByUsername2, author, slug, actor.id);
+    if (!deleted) return c.json({ error: "Note not found or not authorized" }, 404);
+    return c.json({ ok: true });
+  }).post("/:author/:slug/reactions", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const { author, slug } = c.req.param();
+    const note = await getNote(db, getUser2, getUserByUsername2, author, slug);
+    if (!note) return c.json({ error: "Note not found" }, 404);
+    const body = await parseJson(c);
+    if (!body) return c.json({ error: "Invalid JSON body" }, 400);
+    if (!body.emoji) return c.json({ error: "emoji is required" }, 400);
+    const result = toggleReaction(db, note.id, actor.id, body.emoji);
+    const reactions = await getReactions(db, getUser2, note.id);
+    return c.json({ ...result, reactions });
+  }).post("/:author/:slug/comments", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const { author, slug } = c.req.param();
+    const note = await getNote(db, getUser2, getUserByUsername2, author, slug);
+    if (!note) return c.json({ error: "Note not found" }, 404);
+    const body = await parseJson(c);
+    if (!body) return c.json({ error: "Invalid JSON body" }, 400);
+    if (!body.content) return c.json({ error: "content is required" }, 400);
+    const comment = await addComment(db, getUser2, note.id, actor.id, body.content);
+    return c.json(comment, 201);
+  }).delete("/:author/:slug/comments/:id", async (c) => {
+    const actor = resolveUserId(c);
+    if (!actor) return c.json({ error: "Unauthorized" }, 401);
+    const commentId = parseInt(c.req.param("id"), 10);
+    if (Number.isNaN(commentId)) return c.json({ error: "Invalid comment ID" }, 400);
+    const deleted = await deleteComment(db, commentId, actor.id);
+    if (!deleted) return c.json({ error: "Comment not found or not authorized" }, 404);
+    return c.json({ ok: true });
+  }).get("/feed", async (c) => {
+    const rawFeedLimit = c.req.query("limit");
+    const limit = rawFeedLimit ? parseInt(rawFeedLimit, 10) : 8;
+    if (Number.isNaN(limit)) return c.json({ error: "Invalid limit parameter" }, 400);
+    const mind = c.req.query("mind");
+    const notes = await listNotes(db, getUser2, getUserByUsername2, {
+      limit,
+      ...mind ? { authorUsername: mind } : {}
+    });
+    return c.json(
+      notes.map((n) => ({
+        id: `note-${n.author_username}-${n.slug}`,
+        title: n.title,
+        url: `/minds/${n.author_username}/notes/${n.slug}`,
+        date: n.created_at,
+        author: n.author_username,
+        bodyHtml: n.content,
+        icon: '<svg viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><path d="M4 2h6l4 4v8H4V2z"/><path d="M10 2v4h4"/><path d="M6 9h6M6 12h4"/></svg>',
+        color: "yellow"
+      }))
+    );
+  });
+  return app;
+}
+
+// packages/extensions/notes/src/index.ts
+var assetsDir = resolve(import.meta.dirname, "../dist/ui");
+var skillsDir = resolve(import.meta.dirname, "../skills");
+var src_default = createExtension({
+  id: "notes",
+  name: "Notes",
+  version: "0.1.0",
+  description: "Public notes for sharing thoughts, reflections, and ideas",
+  routes: (ctx) => createRoutes(ctx),
+  initDb,
+  skillsDir,
+  standardSkill: true,
+  ui: {
+    assetsDir,
+    systemSection: { id: "notes", label: "Notes", urlPatterns: ["/notes", "/notes/:author/:slug"] },
+    mindSections: [{ id: "notes", label: "Notes" }],
+    feedSource: {
+      endpoint: "/api/ext/notes/feed"
+    }
+  }
+});
+
+// packages/extensions/pages/src/index.ts
+import { resolve as resolve3 } from "path";
+
+// packages/extensions/pages/src/routes.ts
+import { readFile, stat } from "fs/promises";
+import { extname, resolve as resolve2 } from "path";
+import { Hono as Hono2 } from "hono";
+var MIME_TYPES = {
+  ".html": "text/html",
+  ".js": "application/javascript",
+  ".css": "text/css",
+  ".json": "application/json",
+  ".svg": "image/svg+xml",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".jpeg": "image/jpeg",
+  ".gif": "image/gif",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2",
+  ".txt": "text/plain",
+  ".xml": "application/xml"
+};
+var _pagesWatcher = null;
+async function getPagesWatcher() {
+  if (_pagesWatcher) return _pagesWatcher;
+  const mod = await import("./pages-watcher-Z3PKNROC.js");
+  _pagesWatcher = mod;
+  return _pagesWatcher;
+}
+function createRoutes2(ctx) {
+  return new Hono2().get("/", async (c) => {
+    const pw = await getPagesWatcher();
+    const sites = await pw.getCachedSites();
+    const recentPages = await pw.getCachedRecentPages();
+    return c.json({ sites, recentPages });
+  }).get("/feed", async (c) => {
+    const pw = await getPagesWatcher();
+    let recentPages = await pw.getCachedRecentPages();
+    const mind = c.req.query("mind");
+    if (mind) recentPages = recentPages.filter((p) => p.mind === mind);
+    const rawLimit = c.req.query("limit");
+    const limit = rawLimit ? parseInt(rawLimit, 10) : 8;
+    return c.json(
+      recentPages.slice(0, limit).map((p) => ({
+        id: `page-${p.mind}-${p.file}`,
+        title: `${p.mind}/${p.file}`,
+        url: p.url ?? `/minds/${p.mind}/pages/${p.file}`,
+        date: p.modified,
+        author: p.mind,
+        bodyHtml: `<p>Page updated</p>`,
+        iframeUrl: `/ext/pages/public/${p.mind}/${p.file}`,
+        icon: '<svg viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><circle cx="8" cy="8" r="6"/><path d="M2 8h12M8 2c-2 2-2 10 0 12M8 2c2 2 2 10 0 12"/></svg>',
+        color: "purple"
+      }))
+    );
+  }).put("/publish/:name", async (c) => {
+    const user = ctx.resolveUser(c);
+    if (!user) return c.json({ error: "Unauthorized" }, 401);
+    const name = c.req.param("name");
+    if (user.role !== "admin" && user.username !== name) {
+      return c.json({ error: "Forbidden" }, 403);
+    }
+    const config = ctx.getSystemsConfig();
+    if (!config) return c.json({ error: "Not connected to volute.systems" }, 400);
+    const body = await c.req.text();
+    try {
+      const res = await fetch(`${config.apiUrl}/api/pages/publish/${name}`, {
+        method: "PUT",
+        headers: {
+          "Content-Type": "application/json",
+          Authorization: `Bearer ${config.apiKey}`
+        },
+        body
+      });
+      const data = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+      return c.json(data, res.status);
+    } catch (err) {
+      return c.json({ error: `Connection failed: ${err.message}` }, 502);
+    }
+  }).get("/status/:name", async (c) => {
+    const user = ctx.resolveUser(c);
+    if (!user) return c.json({ error: "Unauthorized" }, 401);
+    const name = c.req.param("name");
+    if (user.role !== "admin" && user.username !== name) {
+      return c.json({ error: "Forbidden" }, 403);
+    }
+    const config = ctx.getSystemsConfig();
+    if (!config) return c.json({ error: "Not connected to volute.systems" }, 400);
+    try {
+      const res = await fetch(`${config.apiUrl}/api/pages/status/${name}`, {
+        headers: { Authorization: `Bearer ${config.apiKey}` }
+      });
+      const data = await res.json().catch(() => ({ error: `HTTP ${res.status}` }));
+      return c.json(data, res.status);
+    } catch (err) {
+      return c.json({ error: `Connection failed: ${err.message}` }, 502);
+    }
+  });
+}
+var _voluteHome = null;
+async function getVoluteHome() {
+  if (_voluteHome) return _voluteHome();
+  const mod = await import("./registry-ODSALQQL.js");
+  _voluteHome = mod.voluteHome;
+  return _voluteHome();
+}
+function createPublicRoutes(ctx) {
+  return new Hono2().get("/:name/*", async (c) => {
+    const name = c.req.param("name");
+    let pagesRoot;
+    if (name === "_system") {
+      const home = await getVoluteHome();
+      pagesRoot = resolve2(home, "shared", "pages");
+    } else {
+      const mindDirPath = ctx.getMindDir(name);
+      if (!mindDirPath) return c.text("Not found", 404);
+      pagesRoot = resolve2(mindDirPath, "home", "public", "pages");
+    }
+    const prefix = `/public/${name}`;
+    const idx = c.req.path.indexOf(prefix);
+    const wildcard = idx >= 0 ? c.req.path.slice(idx + prefix.length) : "/";
+    const requestedPath = resolve2(pagesRoot, wildcard.slice(1));
+    if (requestedPath !== pagesRoot && !requestedPath.startsWith(pagesRoot + "/"))
+      return c.text("Forbidden", 403);
+    let fileStat = await stat(requestedPath).catch(() => null);
+    if (fileStat?.isDirectory()) {
+      const indexPath = resolve2(requestedPath, "index.html");
+      fileStat = await stat(indexPath).catch(() => null);
+      if (fileStat?.isFile()) {
+        const body = await readFile(indexPath);
+        return c.body(body, 200, { "Content-Type": "text/html" });
+      }
+      return c.text("Not found", 404);
+    }
+    if (fileStat?.isFile()) {
+      const ext = extname(requestedPath);
+      const mime = MIME_TYPES[ext] || "application/octet-stream";
+      const body = await readFile(requestedPath);
+      return c.body(body, 200, { "Content-Type": mime });
+    }
+    return c.text("Not found", 404);
+  });
+}
+
+// packages/extensions/pages/src/index.ts
+var assetsDir2 = resolve3(import.meta.dirname, "../dist/ui");
+var skillsDir2 = resolve3(import.meta.dirname, "../skills");
+var _watcher = null;
+async function getWatcher() {
+  if (_watcher) return _watcher;
+  _watcher = await import("./pages-watcher-Z3PKNROC.js");
+  return _watcher;
+}
+var src_default2 = createExtension({
+  id: "pages",
+  name: "Pages",
+  version: "0.1.0",
+  description: "Publish and serve web pages from mind directories",
+  routes: (ctx) => createRoutes2(ctx),
+  publicRoutes: (ctx) => createPublicRoutes(ctx),
+  skillsDir: skillsDir2,
+  standardSkill: true,
+  ui: {
+    assetsDir: assetsDir2,
+    systemSection: {
+      id: "pages",
+      label: "Pages",
+      urlPatterns: ["/pages", "/pages/:site", "/pages/:site/:path"]
+    },
+    mindSections: [{ id: "pages", label: "Pages" }],
+    feedSource: {
+      endpoint: "/api/ext/pages/feed"
+    }
+  },
+  onDaemonStart: () => {
+    getWatcher().then((w) => w.startSystemWatcher()).catch(
+      (err) => console.error("[pages] failed to start system watcher:", err.message)
+    );
+  },
+  onDaemonStop: () => {
+    getWatcher().then((w) => w.stopAllWatchers()).catch((err) => console.error("[pages] failed to stop watchers:", err.message));
+  },
+  onMindStart: (mindName) => {
+    getWatcher().then((w) => w.startWatcher(mindName)).catch(
+      (err) => console.error(`[pages] failed to start watcher for ${mindName}:`, err.message)
+    );
+  },
+  onMindStop: (mindName) => {
+    getWatcher().then((w) => w.stopWatcher(mindName)).catch(
+      (err) => console.error(`[pages] failed to stop watcher for ${mindName}:`, err.message)
+    );
+  }
+});
+
+// src/lib/auth.ts
+import { compareSync, hashSync } from "bcryptjs";
+import { and, count, eq, inArray } from "drizzle-orm";
+var userSelectFields = {
+  id: users.id,
+  username: users.username,
+  role: users.role,
+  user_type: users.user_type,
+  display_name: users.display_name,
+  description: users.description,
+  avatar: users.avatar,
+  created_at: users.created_at
+};
+async function createUser(username, password) {
+  const db = await getDb();
+  const hash = hashSync(password, 10);
+  const [{ value }] = await db.select({ value: count() }).from(users).where(eq(users.user_type, "brain"));
+  const role = value === 0 ? "admin" : "pending";
+  const [result] = await db.insert(users).values({ username, password_hash: hash, role }).returning(userSelectFields);
+  return result;
+}
+async function verifyUser(username, password) {
+  const db = await getDb();
+  const row = await db.select().from(users).where(eq(users.username, username)).get();
+  if (!row) return null;
+  if (row.user_type === "mind") return null;
+  if (!compareSync(password, row.password_hash)) return null;
+  const { password_hash: _, ...user } = row;
+  return user;
+}
+async function getUser(id) {
+  const db = await getDb();
+  const row = await db.select(userSelectFields).from(users).where(eq(users.id, id)).get();
+  return row ?? null;
+}
+async function getUserByUsername(username) {
+  const db = await getDb();
+  const row = await db.select(userSelectFields).from(users).where(eq(users.username, username)).get();
+  return row ?? null;
+}
+async function listUsers() {
+  const db = await getDb();
+  return db.select(userSelectFields).from(users).orderBy(users.created_at).all();
+}
+async function listPendingUsers() {
+  const db = await getDb();
+  return db.select(userSelectFields).from(users).where(eq(users.role, "pending")).orderBy(users.created_at).all();
+}
+async function listUsersByType(userType) {
+  const db = await getDb();
+  return db.select(userSelectFields).from(users).where(eq(users.user_type, userType)).orderBy(users.created_at).all();
+}
+async function getOrCreateMindUser(mindName) {
+  const db = await getDb();
+  const existing = await db.select(userSelectFields).from(users).where(and(eq(users.username, mindName), eq(users.user_type, "mind"))).get();
+  if (existing) return existing;
+  try {
+    const [result] = await db.insert(users).values({
+      username: mindName,
+      password_hash: "!mind",
+      role: "user",
+      user_type: "mind"
+    }).returning(userSelectFields);
+    return result;
+  } catch (err) {
+    if (err instanceof Error && err.message.includes("UNIQUE constraint")) {
+      const retried = await db.select(userSelectFields).from(users).where(and(eq(users.username, mindName), eq(users.user_type, "mind"))).get();
+      if (retried) return retried;
+    }
+    throw err;
+  }
+}
+async function deleteMindUser(mindName) {
+  const db = await getDb();
+  await db.delete(users).where(and(eq(users.username, mindName), eq(users.user_type, "mind")));
+}
+async function changePassword(userId, currentPassword, newPassword) {
+  const db = await getDb();
+  const row = await db.select().from(users).where(eq(users.id, userId)).get();
+  if (!row) return false;
+  if (!compareSync(currentPassword, row.password_hash)) return false;
+  const hash = hashSync(newPassword, 10);
+  await db.update(users).set({ password_hash: hash }).where(eq(users.id, userId));
+  return true;
+}
+async function approveUser(id) {
+  const db = await getDb();
+  await db.update(users).set({ role: "user" }).where(and(eq(users.id, id), eq(users.role, "pending")));
+}
+async function countAdmins() {
+  const db = await getDb();
+  const [{ value }] = await db.select({ value: count() }).from(users).where(eq(users.role, "admin"));
+  return value;
+}
+async function setUserRole(id, role) {
+  const db = await getDb();
+  const target = await db.select({ id: users.id }).from(users).where(eq(users.id, id)).get();
+  if (!target) throw new Error("User not found");
+  await db.update(users).set({ role }).where(eq(users.id, id));
+}
+async function deleteUser(id) {
+  const db = await getDb();
+  const target = await db.select({ id: users.id }).from(users).where(and(eq(users.id, id), eq(users.user_type, "brain"))).get();
+  if (!target) throw new Error("User not found");
+  await db.delete(users).where(and(eq(users.id, id), eq(users.user_type, "brain")));
+}
+async function updateUserProfile(userId, profile) {
+  const db = await getDb();
+  const target = await db.select({ id: users.id }).from(users).where(eq(users.id, userId)).get();
+  if (!target) throw new Error("User not found");
+  await db.update(users).set(profile).where(eq(users.id, userId));
+}
+async function syncMindProfile(mindName, config) {
+  const user = await getOrCreateMindUser(mindName);
+  const newProfile = {
+    display_name: config.displayName ?? null,
+    description: config.description ?? null,
+    avatar: config.avatar ?? null
+  };
+  const changed = user.display_name !== newProfile.display_name || user.description !== newProfile.description || user.avatar !== newProfile.avatar;
+  if (!changed) return;
+  const db = await getDb();
+  await db.update(users).set(newProfile).where(eq(users.id, user.id));
+  broadcast({ type: "profile_updated", mind: mindName, summary: `${mindName} profile updated` });
+}
+async function migrateMindRoles() {
+  const db = await getDb();
+  await db.update(users).set({ role: "user" }).where(and(eq(users.user_type, "mind"), inArray(users.role, ["mind", "agent"])));
+}
+
+// src/lib/systems-config.ts
+import {
+  existsSync,
+  mkdirSync,
+  readFileSync,
+  renameSync,
+  unlinkSync,
+  writeFileSync
+} from "fs";
+import { resolve as resolve4 } from "path";
+var DEFAULT_API_URL = "https://volute.systems";
+function configPath() {
+  return resolve4(voluteSystemDir(), "systems.json");
+}
+function migrateIfNeeded() {
+  const target = configPath();
+  if (existsSync(target)) return;
+  const oldPaths = [
+    resolve4(voluteUserHome(), "systems.json"),
+    resolve4(voluteHome(), "systems.json")
+  ];
+  for (const old of oldPaths) {
+    if (old !== target && existsSync(old)) {
+      try {
+        mkdirSync(voluteSystemDir(), { recursive: true });
+        renameSync(old, target);
+      } catch {
+      }
+      return;
+    }
+  }
+}
+function readSystemsConfig() {
+  migrateIfNeeded();
+  const path = configPath();
+  if (!existsSync(path)) return null;
+  const raw = readFileSync(path, "utf-8");
+  let data;
+  try {
+    data = JSON.parse(raw);
+  } catch {
+    console.error(
+      `Warning: ${path} contains invalid JSON. Run "volute systems logout" and re-login.`
+    );
+    return null;
+  }
+  if (!data.apiKey || !data.system) return null;
+  return {
+    apiKey: data.apiKey,
+    system: data.system,
+    apiUrl: data.apiUrl || DEFAULT_API_URL
+  };
+}
+function writeSystemsConfig(config) {
+  mkdirSync(voluteSystemDir(), { recursive: true });
+  writeFileSync(configPath(), `${JSON.stringify(config, null, 2)}
+`, { mode: 384 });
+}
+function deleteSystemsConfig() {
+  try {
+    unlinkSync(configPath());
+    return true;
+  } catch (err) {
+    if (err.code === "ENOENT") return false;
+    throw err;
+  }
+}
+
+// src/lib/extensions.ts
+var VALID_EXTENSION_ID2 = /^[a-z0-9][a-z0-9_-]*$/;
+var loaded = [];
+function extensionsBaseDir() {
+  return resolve5(voluteHome(), "extensions");
+}
+function extensionDataDir(id) {
+  return resolve5(voluteSystemDir(), "extension-data", id);
+}
+function extensionsConfigPath() {
+  return resolve5(voluteHome(), "system", "extensions.json");
+}
+function readExtensionsConfig() {
+  const configPath2 = extensionsConfigPath();
+  if (!existsSync2(configPath2)) return [];
+  try {
+    const data = JSON.parse(readFileSync2(configPath2, "utf-8"));
+    return Array.isArray(data) ? data : [];
+  } catch (err) {
+    logger_default.warn("failed to read extensions config, ignoring installed extensions", {
+      path: configPath2,
+      error: err.message
+    });
+    return [];
+  }
+}
+var _LibsqlDatabase = null;
+async function getLibsqlDatabase() {
+  if (_LibsqlDatabase) return _LibsqlDatabase;
+  const mod = await import("libsql");
+  _LibsqlDatabase = mod.default ?? mod;
+  return _LibsqlDatabase;
+}
+async function openExtensionDb(_id, dataDir) {
+  const dbPath = resolve5(dataDir, "data.db");
+  const Database = await getLibsqlDatabase();
+  return new Database(dbPath);
+}
+async function migrateNotesFromCoreDb(extDb) {
+  const coreDbPath = process.env.VOLUTE_DB_PATH || resolve5(voluteSystemDir(), "volute.db");
+  if (!existsSync2(coreDbPath)) return;
+  const existing = extDb.prepare("SELECT COUNT(*) as c FROM notes").get();
+  if (existing.c > 0) return;
+  const Database = await getLibsqlDatabase();
+  const coreDb = new Database(coreDbPath);
+  try {
+    const tableExists = coreDb.prepare("SELECT name FROM sqlite_master WHERE type='table' AND name='notes'").get();
+    if (!tableExists) return;
+    const coreNotes = coreDb.prepare(
+      "SELECT id, author_id, title, slug, content, reply_to_id, created_at, updated_at FROM notes ORDER BY id"
+    ).all();
+    if (coreNotes.length === 0) return;
+    logger_default.info(`migrating ${coreNotes.length} notes from core DB to extension DB`);
+    const coreComments = coreDb.prepare("SELECT id, note_id, author_id, content, created_at FROM note_comments ORDER BY id").all();
+    const coreReactions = coreDb.prepare("SELECT id, note_id, user_id, emoji, created_at FROM note_reactions ORDER BY id").all();
+    extDb.exec("BEGIN TRANSACTION");
+    try {
+      for (const note of coreNotes) {
+        extDb.prepare(
+          "INSERT OR IGNORE INTO notes (id, author_id, title, slug, content, reply_to_id, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?, ?, ?)"
+        ).run(
+          note.id,
+          note.author_id,
+          note.title,
+          note.slug,
+          note.content,
+          note.reply_to_id,
+          note.created_at,
+          note.updated_at
+        );
+      }
+      for (const comment of coreComments) {
+        extDb.prepare(
+          "INSERT OR IGNORE INTO note_comments (id, note_id, author_id, content, created_at) VALUES (?, ?, ?, ?, ?)"
+        ).run(comment.id, comment.note_id, comment.author_id, comment.content, comment.created_at);
+      }
+      for (const reaction of coreReactions) {
+        extDb.prepare(
+          "INSERT OR IGNORE INTO note_reactions (id, note_id, user_id, emoji, created_at) VALUES (?, ?, ?, ?, ?)"
+        ).run(
+          reaction.id,
+          reaction.note_id,
+          reaction.user_id,
+          reaction.emoji,
+          reaction.created_at
+        );
+      }
+      extDb.exec("COMMIT");
+    } catch (txErr) {
+      extDb.exec("ROLLBACK");
+      throw txErr;
+    }
+    logger_default.info(
+      `migrated ${coreNotes.length} notes, ${coreComments.length} comments, ${coreReactions.length} reactions`
+    );
+  } catch (err) {
+    logger_default.error("failed to migrate notes from core DB", logger_default.errorData(err));
+  } finally {
+    coreDb.close();
+  }
+}
+async function buildContext(manifest, dataDir, authMw) {
+  let db = null;
+  if (manifest.initDb) {
+    const realDb = await openExtensionDb(manifest.id, dataDir);
+    try {
+      manifest.initDb(realDb);
+    } catch (err) {
+      realDb.close();
+      throw new Error(`initDb failed for extension ${manifest.id}: ${err.message}`);
+    }
+    if (manifest.id === "notes") {
+      await migrateNotesFromCoreDb(realDb);
+    }
+    db = realDb;
+  }
+  return {
+    db,
+    authMiddleware: authMw,
+    resolveUser: (c) => {
+      const user = c.get("user");
+      if (!user || typeof user !== "object") return null;
+      return user;
+    },
+    getUser: async (id) => getUser(id),
+    getUserByUsername: async (username) => getUserByUsername(username),
+    publishActivity: (event) => {
+      publish(event).catch(
+        (err) => logger_default.error(`extension ${manifest.id}: failed to publish activity`, logger_default.errorData(err))
+      );
+    },
+    getMindDir: (name) => {
+      try {
+        const dir = mindDir(name);
+        return existsSync2(dir) ? dir : null;
+      } catch (err) {
+        logger_default.warn(
+          `extension ${manifest.id}: failed to resolve mind dir for ${name}`,
+          logger_default.errorData(err)
+        );
+        return null;
+      }
+    },
+    getSystemsConfig: () => readSystemsConfig(),
+    dataDir
+  };
+}
+async function loadExtension(manifest, app, authMw) {
+  if (!VALID_EXTENSION_ID2.test(manifest.id)) {
+    logger_default.error(`invalid extension ID "${manifest.id}", skipping (must match ${VALID_EXTENSION_ID2})`);
+    return;
+  }
+  const dataDir = extensionDataDir(manifest.id);
+  mkdirSync2(dataDir, { recursive: true });
+  const context = await buildContext(manifest, dataDir, authMw);
+  const routesApp = manifest.routes(context);
+  const extApiPath = `/api/ext/${manifest.id}`;
+  app.use(extApiPath, authMw);
+  app.use(`${extApiPath}/*`, authMw);
+  app.route(extApiPath, routesApp);
+  if (manifest.publicRoutes) {
+    const publicApp = manifest.publicRoutes(context);
+    app.route(`/ext/${manifest.id}/public`, publicApp);
+  }
+  let resolvedAssetsDir = manifest.ui?.assetsDir ?? "";
+  if (resolvedAssetsDir && !existsSync2(resolvedAssetsDir)) {
+    let searchDir = dirname(new URL(import.meta.url).pathname);
+    for (let i = 0; i < 5; i++) {
+      const candidate = resolve5(searchDir, "packages", "extensions", manifest.id, "dist", "ui");
+      if (existsSync2(candidate)) {
+        resolvedAssetsDir = candidate;
+        break;
+      }
+      searchDir = dirname(searchDir);
+    }
+  }
+  if (resolvedAssetsDir && existsSync2(resolvedAssetsDir)) {
+    const assetsDir3 = resolvedAssetsDir;
+    const { readFile: readFile2, stat: fsStat } = await import("fs/promises");
+    const { extname: ext } = await import("path");
+    const mimeTypes = {
+      ".html": "text/html",
+      ".js": "application/javascript",
+      ".css": "text/css",
+      ".json": "application/json",
+      ".svg": "image/svg+xml",
+      ".png": "image/png",
+      ".jpg": "image/jpeg",
+      ".ico": "image/x-icon",
+      ".woff": "font/woff",
+      ".woff2": "font/woff2"
+    };
+    const prefix = `/ext/${manifest.id}`;
+    const indexPath = resolve5(assetsDir3, "index.html");
+    const serveExtAssets = async (c) => {
+      const urlPath = new URL(c.req.url).pathname;
+      const relativePath = urlPath.slice(prefix.length).replace(/^\//, "") || "index.html";
+      const filePath = resolve5(assetsDir3, relativePath);
+      if (filePath !== assetsDir3 && !filePath.startsWith(assetsDir3 + "/"))
+        return c.text("Forbidden", 403);
+      const s = await fsStat(filePath).catch(() => null);
+      if (s?.isFile()) {
+        const mime = mimeTypes[ext(filePath)] || "application/octet-stream";
+        const body = await readFile2(filePath);
+        return c.body(body, 200, { "Content-Type": mime });
+      }
+      if (existsSync2(indexPath)) {
+        const body = await readFile2(indexPath, "utf-8");
+        return c.html(body);
+      }
+      return c.text("Not found", 404);
+    };
+    app.get(`${prefix}/*`, serveExtAssets);
+    app.get(prefix, serveExtAssets);
+  }
+  const skillsDir3 = resolveSkillsDir(manifest);
+  if (skillsDir3) {
+    let entries;
+    try {
+      entries = readdirSync(skillsDir3, { withFileTypes: true });
+    } catch (err) {
+      logger_default.error(`failed to read skills dir for extension ${manifest.id}`, logger_default.errorData(err));
+      entries = [];
+    }
+    for (const entry of entries) {
+      if (!entry.isDirectory()) continue;
+      try {
+        const skillPath = resolve5(skillsDir3, entry.name);
+        const sourceHash = hashSkillDir(skillPath);
+        const destDir = resolve5(sharedSkillsDir(), entry.name);
+        if (existsSync2(destDir)) {
+          const destHash = hashSkillDir(destDir);
+          if (sourceHash === destHash) continue;
+        }
+        await importSkillFromDir(skillPath, `ext:${manifest.id}`);
+        logger_default.info(`synced skill "${entry.name}" for extension: ${manifest.id}`);
+      } catch (err) {
+        logger_default.error(
+          `failed to sync skill "${entry.name}" for extension ${manifest.id}`,
+          logger_default.errorData(err)
+        );
+      }
+    }
+  }
+  if (manifest.standardSkill && !manifest.skillsDir) {
+    logger_default.warn(`extension ${manifest.id}: standardSkill is true but no skillsDir declared`);
+  }
+  loaded.push({ manifest, context });
+  logger_default.info(`loaded extension: ${manifest.id} v${manifest.version}`);
+}
+function resolveSkillsDir(manifest) {
+  if (!manifest.skillsDir) return null;
+  let searchDir = dirname(new URL(import.meta.url).pathname);
+  for (let i = 0; i < 5; i++) {
+    const candidate = resolve5(searchDir, "packages", "extensions", manifest.id, "skills");
+    if (existsSync2(candidate)) return candidate;
+    searchDir = dirname(searchDir);
+  }
+  if (existsSync2(manifest.skillsDir)) return manifest.skillsDir;
+  logger_default.warn(`skills dir not found for extension ${manifest.id}: ${manifest.skillsDir}`);
+  return null;
+}
+function discoverBuiltinExtensions() {
+  return [src_default, src_default2];
+}
+async function discoverInstalledExtensions() {
+  const manifests = [];
+  const packages = readExtensionsConfig();
+  const npmDir = resolve5(voluteHome(), "extensions", "_npm");
+  const { createRequire } = await import("module");
+  for (const pkg of packages) {
+    try {
+      let resolved = pkg;
+      const npmPkgDir = resolve5(npmDir, "node_modules", pkg);
+      if (existsSync2(npmPkgDir)) {
+        const require2 = createRequire(resolve5(npmDir, "noop.js"));
+        resolved = require2.resolve(pkg);
+      }
+      const mod = await import(resolved);
+      const manifest = mod.default ?? mod.extension ?? mod;
+      if (!validateManifest(manifest, `package ${pkg}`)) continue;
+      manifests.push(manifest);
+    } catch (err) {
+      logger_default.error(`failed to load extension package: ${pkg}`, logger_default.errorData(err));
+    }
+  }
+  return manifests;
+}
+function validateManifest(manifest, source) {
+  if (!manifest || typeof manifest !== "object") {
+    logger_default.warn(`extension from ${source} does not export a valid manifest`);
+    return false;
+  }
+  const m = manifest;
+  if (!m.id || typeof m.id !== "string") {
+    logger_default.warn(`extension from ${source} is missing a valid id`);
+    return false;
+  }
+  if (!VALID_EXTENSION_ID2.test(m.id)) {
+    logger_default.warn(`extension from ${source} has invalid id "${m.id}"`);
+    return false;
+  }
+  if (typeof m.routes !== "function") {
+    logger_default.warn(`extension from ${source} is missing a routes function`);
+    return false;
+  }
+  if (!m.name || typeof m.name !== "string") {
+    logger_default.warn(`extension "${m.id}" from ${source} is missing a name`);
+    return false;
+  }
+  if (!m.version || typeof m.version !== "string") {
+    logger_default.warn(`extension "${m.id}" from ${source} is missing a version`);
+    return false;
+  }
+  return true;
+}
+async function discoverLocalExtensions() {
+  const baseDir = extensionsBaseDir();
+  if (!existsSync2(baseDir)) return [];
+  const manifests = [];
+  let entries;
+  try {
+    entries = readdirSync(baseDir, { withFileTypes: true }).filter((d) => d.isDirectory() && d.name !== "_npm").map((d) => d.name);
+  } catch (err) {
+    logger_default.error("failed to read local extensions directory", logger_default.errorData(err));
+    return [];
+  }
+  for (const dir of entries) {
+    const extDir = resolve5(baseDir, dir);
+    const candidates = [resolve5(extDir, "src", "index.js"), resolve5(extDir, "index.js")];
+    const entryPoint = candidates.find((p) => existsSync2(p));
+    if (!entryPoint) continue;
+    try {
+      const mod = await import(entryPoint);
+      const manifest = mod.default ?? mod.extension ?? mod;
+      if (!validateManifest(manifest, `local dir ${extDir}`)) continue;
+      manifests.push(manifest);
+      logger_default.info(`discovered local extension: ${manifest.id} from ${extDir}`);
+    } catch (err) {
+      logger_default.error(`failed to load local extension from ${extDir}`, logger_default.errorData(err));
+    }
+  }
+  return manifests;
+}
+async function loadAllExtensions(app, authMw) {
+  const builtins = discoverBuiltinExtensions();
+  const installed = await discoverInstalledExtensions();
+  const local = await discoverLocalExtensions();
+  const all = [...builtins, ...installed, ...local];
+  const seen = /* @__PURE__ */ new Set();
+  for (const manifest of all) {
+    if (seen.has(manifest.id)) {
+      logger_default.warn(`duplicate extension ID: ${manifest.id}, skipping`);
+      continue;
+    }
+    seen.add(manifest.id);
+    try {
+      await loadExtension(manifest, app, authMw);
+    } catch (err) {
+      logger_default.error(`failed to load extension: ${manifest.id}`, logger_default.errorData(err));
+    }
+  }
+}
+function getLoadedExtensions() {
+  return loaded.map(({ manifest }) => ({
+    id: manifest.id,
+    name: manifest.name,
+    version: manifest.version,
+    description: manifest.description,
+    systemSection: manifest.ui?.systemSection,
+    mindSections: manifest.ui?.mindSections,
+    feedSource: manifest.ui?.feedSource
+  }));
+}
+function getExtensionStandardSkills() {
+  const skills = [];
+  for (const { manifest } of loaded) {
+    if (!manifest.standardSkill) continue;
+    const dir = resolveSkillsDir(manifest);
+    if (!dir) continue;
+    try {
+      for (const entry of readdirSync(dir, { withFileTypes: true })) {
+        if (entry.isDirectory()) skills.push(entry.name);
+      }
+    } catch (err) {
+      logger_default.warn(`failed to read skills dir for extension ${manifest.id}`, logger_default.errorData(err));
+    }
+  }
+  return skills;
+}
+function notifyExtensionsDaemonStart() {
+  for (const { manifest } of loaded) {
+    try {
+      manifest.onDaemonStart?.();
+    } catch (err) {
+      logger_default.error(`extension ${manifest.id}: onDaemonStart failed`, logger_default.errorData(err));
+    }
+  }
+}
+function notifyExtensionsDaemonStop() {
+  for (const { manifest, context } of loaded) {
+    try {
+      manifest.onDaemonStop?.();
+    } catch (err) {
+      logger_default.error(`extension ${manifest.id}: onDaemonStop failed`, logger_default.errorData(err));
+    }
+    try {
+      context.db?.close();
+    } catch (err) {
+      logger_default.warn(`extension ${manifest.id}: failed to close db`, logger_default.errorData(err));
+    }
+  }
+  loaded.length = 0;
+}
+function notifyExtensionsMindStart(mindName) {
+  for (const { manifest } of loaded) {
+    try {
+      manifest.onMindStart?.(mindName);
+    } catch (err) {
+      logger_default.error(`extension ${manifest.id}: onMindStart failed for ${mindName}`, logger_default.errorData(err));
+    }
+  }
+}
+function notifyExtensionsMindStop(mindName) {
+  for (const { manifest } of loaded) {
+    try {
+      manifest.onMindStop?.(mindName);
+    } catch (err) {
+      logger_default.error(`extension ${manifest.id}: onMindStop failed for ${mindName}`, logger_default.errorData(err));
+    }
+  }
+}
+
+export {
+  createUser,
+  verifyUser,
+  getUser,
+  getUserByUsername,
+  listUsers,
+  listPendingUsers,
+  listUsersByType,
+  getOrCreateMindUser,
+  deleteMindUser,
+  changePassword,
+  approveUser,
+  countAdmins,
+  setUserRole,
+  deleteUser,
+  updateUserProfile,
+  syncMindProfile,
+  migrateMindRoles,
+  readSystemsConfig,
+  writeSystemsConfig,
+  deleteSystemsConfig,
+  loadAllExtensions,
+  getLoadedExtensions,
+  getExtensionStandardSkills,
+  notifyExtensionsDaemonStart,
+  notifyExtensionsDaemonStop,
+  notifyExtensionsMindStart,
+  notifyExtensionsMindStop
+};