wmdev 0.2.1 → 0.2.2

package/bin/wmdev.js

@@ -126,7 +126,7 @@ process.on("SIGTERM", cleanup);
 
 // ── Start ────────────────────────────────────────────────────────────────────
 
-const backendEntry = join(PKG_ROOT, "backend", "src", "server.ts");
+const backendEntry = join(PKG_ROOT, "backend", "dist", "server.js");
 const staticDir = join(PKG_ROOT, "frontend", "dist");
 
 if (!existsSync(staticDir)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wmdev",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Web dashboard for workmux — browser UI with embedded terminals, PR monitoring, and CI integration",
   "type": "module",
   "repository": {
@@ -27,15 +27,14 @@
     "dev": "bash dev.sh",
     "start": "bun bin/wmdev.js",
     "build": "cd frontend && bun run build",
-    "prepublishOnly": "bun run build",
+    "build:backend": "bun build backend/src/server.ts --target=bun --outfile=backend/dist/server.js",
+    "prepublishOnly": "bun run build && bun run build:backend",
     "test": "bun run --cwd backend test && bun run --cwd frontend test",
     "test:coverage": "bun run --cwd backend test --coverage && bun run --cwd frontend test:coverage"
   },
   "files": [
     "bin/",
-    "backend/src/*.ts",
-    "backend/src/lib/",
-    "backend/tsconfig.json",
+    "backend/dist/",
     "frontend/dist/"
   ],
   "devDependencies": {

package/backend/src/config.ts

@@ -1,103 +0,0 @@
-import { join } from "node:path";
-import { parse as parseYaml } from "yaml";
-
-export interface ServiceConfig {
-  name: string;
-  portEnv: string;
-  portStart?: number;
-  portStep?: number;
-}
-
-export interface ProfileConfig {
-  name: string;
-  systemPrompt?: string;
-  envPassthrough?: string[];
-}
-
-export interface SandboxProfileConfig extends ProfileConfig {
-  image: string;
-  extraMounts?: { hostPath: string; guestPath?: string; writable?: boolean }[];
-}
-
-export interface LinkedRepoConfig {
-  repo: string;
-  alias: string;
-}
-
-export interface WmdevConfig {
-  services: ServiceConfig[];
-  profiles: {
-    default: ProfileConfig;
-    sandbox?: SandboxProfileConfig;
-  };
-  autoName: boolean;
-  linkedRepos: LinkedRepoConfig[];
-}
-
-const DEFAULT_CONFIG: WmdevConfig = {
-  services: [],
-  profiles: { default: { name: "default" } },
-  autoName: false,
-  linkedRepos: [],
-};
-
-/** Check if .workmux.yaml has auto_name configured. */
-function hasAutoName(dir: string): boolean {
-  try {
-    const filePath = join(gitRoot(dir), ".workmux.yaml");
-    const result = Bun.spawnSync(["cat", filePath], { stdout: "pipe", stderr: "pipe" });
-    const text = new TextDecoder().decode(result.stdout).trim();
-    if (!text) return false;
-    const parsed = parseYaml(text) as Record<string, unknown>;
-    const autoName = parsed.auto_name as Record<string, unknown> | undefined;
-    return !!autoName?.model;
-  } catch {
-    return false;
-  }
-}
-
-/** Resolve the git repository root from a directory. */
-export function gitRoot(dir: string): string {
-  const result = Bun.spawnSync(["git", "rev-parse", "--show-toplevel"], { stdout: "pipe", cwd: dir });
-  return new TextDecoder().decode(result.stdout).trim() || dir;
-}
-
-/** Load .wmdev.yaml from the git root, merging with defaults. */
-export function loadConfig(dir: string): WmdevConfig {
-  try {
-    const root = gitRoot(dir);
-    const filePath = join(root, ".wmdev.yaml");
-    const result = Bun.spawnSync(["cat", filePath], { stdout: "pipe" });
-    const text = new TextDecoder().decode(result.stdout).trim();
-    if (!text) return DEFAULT_CONFIG;
-    const parsed = parseYaml(text) as Record<string, unknown>;
-    const profiles = parsed.profiles as Record<string, unknown> | undefined;
-    const defaultProfile = profiles?.default as ProfileConfig | undefined;
-    const sandboxProfile = profiles?.sandbox as SandboxProfileConfig | undefined;
-    const autoName = hasAutoName(dir);
-    const linkedRepos: LinkedRepoConfig[] = Array.isArray(parsed.linkedRepos)
-      ? (parsed.linkedRepos as Array<Record<string, unknown>>)
-          .filter((r) => typeof r === "object" && r !== null && typeof r.repo === "string")
-          .map((r) => ({
-            repo: r.repo as string,
-            alias: typeof r.alias === "string" ? r.alias : (r.repo as string).split("/").pop()!,
-          }))
-      : [];
-    return {
-      services: Array.isArray(parsed.services) ? parsed.services as ServiceConfig[] : DEFAULT_CONFIG.services,
-      profiles: {
-        default: defaultProfile?.name ? defaultProfile : DEFAULT_CONFIG.profiles.default,
-        ...(sandboxProfile?.name && sandboxProfile?.image ? { sandbox: sandboxProfile } : {}),
-      },
-      autoName,
-      linkedRepos,
-    };
-  } catch {
-    return DEFAULT_CONFIG;
-  }
-}
-
-/** Expand ${VAR} placeholders in a template string using an env map. */
-export function expandTemplate(template: string, env: Record<string, string>): string {
-  return template.replace(/\$\{(\w+)\}/g, (_, key: string) => env[key] ?? "");
-}

package/backend/src/docker.ts

@@ -1,432 +0,0 @@
-/**
- * Docker container lifecycle for sandbox worktrees.
- *
- * Replaces workmux's `-S` sandbox flag with direct `docker run -p` management.
- * Containers run as root with published ports (no socat needed).
- */
-
-import { access, constants, stat } from "node:fs/promises";
-import { type SandboxProfileConfig, type ServiceConfig } from "./config";
-import { log } from "./lib/log";
-import { loadRpcSecret } from "./rpc-secret";
-
-const DOCKER_RUN_TIMEOUT_MS = 60_000;
-
-/** Check if a path (file or directory) exists on the host. */
-async function pathExists(p: string): Promise<boolean> {
-  try { await stat(p); return true; } catch { return false; }
-}
-
-/**
- * Sanitise a branch name into a Docker-safe segment.
- * Docker container names must match [a-zA-Z0-9][a-zA-Z0-9_.\-]*.
- * The "wm-" prefix (3) and "-<13-digit-ts>" suffix (14) consume 17 chars,
- * leaving 46 for the branch segment (total ≤ 63).
- */
-function sanitiseBranchForName(branch: string): string {
-  const s = branch
-    .replace(/[^a-zA-Z0-9_.-]/g, "-")
-    .replace(/-{2,}/g, "-")
-    .replace(/^[^a-zA-Z0-9]+/, "")
-    .replace(/-+$/, "")
-    .slice(0, 46);
-  return s || "x";
-}
-
-/** Container naming: wm-{sanitised-branch}-{timestamp} */
-function containerName(branch: string): string {
-  return `wm-${sanitiseBranchForName(branch)}-${Date.now()}`;
-}
-
-/** Return true if s is a valid port number string (integer 1–65535). */
-function isValidPort(s: string): boolean {
-  const n = Number(s);
-  return Number.isInteger(n) && n >= 1 && n <= 65535;
-}
-
-/** Return true if s is a valid environment variable key. */
-function isValidEnvKey(s: string): boolean {
-  return /^[A-Za-z_][A-Za-z0-9_]*$/.test(s);
-}
-
-export interface LaunchContainerOpts {
-  branch: string;
-  wtDir: string;
-  mainRepoDir: string;
-  sandboxConfig: SandboxProfileConfig;
-  services: ServiceConfig[];
-  env: Record<string, string>;
-}
-
-function buildWorkmuxStub(): string {
-  return `#!/usr/bin/env python3
-import sys, json, os, urllib.request
-
-cmd = sys.argv[1] if len(sys.argv) > 1 else ""
-args = sys.argv[2:]
-host = os.environ.get("WORKMUX_RPC_HOST", "host.docker.internal")
-port = os.environ.get("WORKMUX_RPC_PORT", "5111")
-token = os.environ.get("WORKMUX_RPC_TOKEN", "")
-branch = os.environ.get("WORKMUX_BRANCH", "")
-
-payload = {"command": cmd, "args": args, "branch": branch}
-data = json.dumps(payload).encode()
-req = urllib.request.Request(
-    f"http://{host}:{port}/rpc/workmux",
-    data=data,
-    headers={"Content-Type": "application/json", "Authorization": f"Bearer {token}"}
-)
-try:
-    with urllib.request.urlopen(req, timeout=30) as resp:
-        result = json.loads(resp.read())
-        if result.get("ok"):
-            print(result.get("output", ""))
-        else:
-            print(result.get("error", "RPC failed"), file=sys.stderr)
-            sys.exit(1)
-except Exception as e:
-    print(f"workmux rpc error: {e}", file=sys.stderr)
-    sys.exit(1)
-`;
-}
-
-/**
- * Build the `docker run` argument list from the given options.
- *
- * This is a pure function — all I/O (path existence checks, env reads) must
- * be resolved by the caller and passed in as parameters.
- *
- * @param opts          - Launch options (branch, dirs, config, env).
- * @param existingPaths - Set of host paths confirmed to exist; used to decide
- *                        which credential mounts to include.
- * @param home          - Resolved home directory (e.g. Bun.env.HOME ?? "/root").
- * @param name          - Pre-generated container name.
- */
-export function buildDockerRunArgs(
-  opts: LaunchContainerOpts,
-  existingPaths: Set<string>,
-  home: string,
-  name: string,
-  rpcSecret: string,
-  rpcPort: string,
-  sshAuthSock: string | undefined,
-  hostUid: number,
-  hostGid: number,
-): string[] {
-  const { wtDir, mainRepoDir, sandboxConfig, services, env } = opts;
-
-  const args: string[] = [
-    "docker", "run", "-d",
-    "--name", name,
-    "-w", wtDir,
-    "--add-host", "host.docker.internal:host-gateway",
-    // Run as the host user so files created in mounted dirs (.git, worktree)
-    // are owned by the right UID/GID instead of root.
-    "--user", `${hostUid}:${hostGid}`,
-  ];
-
-  // Publish service ports bound to loopback only to avoid exposing dev services
-  // on external interfaces. Skip invalid or duplicate port values.
-  const seenPorts = new Set<string>();
-  for (const svc of services) {
-    const port = env[svc.portEnv];
-    if (!port) continue;
-    if (!isValidPort(port)) {
-      log.warn(`[docker] skipping invalid port for ${svc.portEnv}: ${JSON.stringify(port)}`);
-      continue;
-    }
-    if (seenPorts.has(port)) continue;
-    seenPorts.add(port);
-    args.push("-p", `127.0.0.1:${port}:${port}`);
-  }
-
-  // Core env vars — defined first so passthrough cannot override them.
-  const reservedKeys = new Set([
-    "HOME", "TERM", "IS_SANDBOX", "SSH_AUTH_SOCK",
-    "GIT_CONFIG_COUNT", "GIT_CONFIG_KEY_0", "GIT_CONFIG_VALUE_0",
-    "GIT_CONFIG_KEY_1", "GIT_CONFIG_VALUE_1",
-  ]);
-  args.push("-e", "HOME=/root");
-  args.push("-e", "TERM=xterm-256color");
-  args.push("-e", "IS_SANDBOX=1");
-
-  // Git safe.directory config so git works in mounted worktrees.
-  args.push("-e", "GIT_CONFIG_COUNT=2");
-  args.push("-e", `GIT_CONFIG_KEY_0=safe.directory`);
-  args.push("-e", `GIT_CONFIG_VALUE_0=${wtDir}`);
-  args.push("-e", `GIT_CONFIG_KEY_1=safe.directory`);
-  args.push("-e", `GIT_CONFIG_VALUE_1=${mainRepoDir}`);
-
-  // Pass through host env vars listed in sandboxConfig.
-  if (sandboxConfig.envPassthrough) {
-    for (const key of sandboxConfig.envPassthrough) {
-      if (!isValidEnvKey(key)) {
-        log.warn(`[docker] skipping invalid envPassthrough key: ${JSON.stringify(key)}`);
-        continue;
-      }
-      if (reservedKeys.has(key)) continue;
-      const val = Bun.env[key];
-      if (val !== undefined) {
-        args.push("-e", `${key}=${val}`);
-      }
-    }
-  }
-
-  // Pass through .env.local vars; skip reserved keys and invalid key names.
-  for (const [key, val] of Object.entries(env)) {
-    if (!isValidEnvKey(key)) {
-      log.warn(`[docker] skipping invalid .env.local key: ${JSON.stringify(key)}`);
-      continue;
-    }
-    if (reservedKeys.has(key)) continue;
-    args.push("-e", `${key}=${val}`);
-  }
-
-  // Core mounts.
-  args.push("-v", `${wtDir}:${wtDir}`);
-  args.push("-v", `${mainRepoDir}/.git:${mainRepoDir}/.git`);
-  args.push("-v", `${mainRepoDir}:${mainRepoDir}:ro`);
-
-  // Claude config mounts.
-  args.push("-v", `${home}/.claude:/root/.claude`);
-  args.push("-v", `${home}/.claude.json:/root/.claude.json`);
-
-  // Compute which guest paths are already covered by extraMounts so credential
-  // mounts for the same path can be skipped (extraMounts win).
-  const extraMountGuestPaths = new Set<string>();
-  if (sandboxConfig.extraMounts) {
-    for (const mount of sandboxConfig.extraMounts) {
-      const hostPath = mount.hostPath.replace(/^~/, home);
-      if (!hostPath.startsWith("/")) continue;
-      extraMountGuestPaths.add(mount.guestPath ?? hostPath);
-    }
-  }
-
-  // Git/GitHub credential mounts (read-only, only if they exist on host and
-  // are not overridden by an extraMount for the same guest path).
-  const credentialMounts = [
-    { hostPath: `${home}/.gitconfig`, guestPath: "/root/.gitconfig" },
-    { hostPath: `${home}/.ssh`, guestPath: "/root/.ssh" },
-    { hostPath: `${home}/.config/gh`, guestPath: "/root/.config/gh" },
-  ];
-  for (const { hostPath, guestPath } of credentialMounts) {
-    if (extraMountGuestPaths.has(guestPath)) continue;
-    if (existingPaths.has(hostPath)) {
-      args.push("-v", `${hostPath}:${guestPath}:ro`);
-    }
-  }
-
-  // SSH agent forwarding — mount the socket so git+ssh works with
-  // passphrase-protected keys and hardware tokens.  Use --mount instead
-  // of -v because Docker's -v tries to mkdir socket paths and fails.
-  if (sshAuthSock && existingPaths.has(sshAuthSock)) {
-    args.push("--mount", `type=bind,source=${sshAuthSock},target=${sshAuthSock}`);
-    args.push("-e", `SSH_AUTH_SOCK=${sshAuthSock}`);
-  }
-
-  // Extra mounts from config; require absolute host paths after ~ expansion.
-  if (sandboxConfig.extraMounts) {
-    for (const mount of sandboxConfig.extraMounts) {
-      const hostPath = mount.hostPath.replace(/^~/, home);
-      if (!hostPath.startsWith("/")) {
-        log.warn(`[docker] skipping extra mount with non-absolute host path: ${JSON.stringify(hostPath)}`);
-        continue;
-      }
-      const guestPath = mount.guestPath ?? hostPath;
-      const suffix = mount.writable ? "" : ":ro";
-      args.push("-v", `${hostPath}:${guestPath}${suffix}`);
-    }
-  }
-
-  // RPC env vars so workmux stub inside the container can reach the host.
-  args.push("-e", `WORKMUX_RPC_HOST=host.docker.internal`);
-  args.push("-e", `WORKMUX_RPC_PORT=${rpcPort}`);
-  args.push("-e", `WORKMUX_RPC_TOKEN=${rpcSecret}`);
-  args.push("-e", `WORKMUX_BRANCH=${opts.branch}`);
-
-  // Image + command.
-  args.push(sandboxConfig.image, "sleep", "infinity");
-
-  return args;
-}
-
-/**
- * Launch a sandbox container for a worktree. Returns the container name.
- * If a container for this branch is already running, returns its name without launching a second one.
- */
-export async function launchContainer(opts: LaunchContainerOpts): Promise<string> {
-  const { branch } = opts;
-
-  // Idempotency: reuse an already-running container for this branch.
-  const existing = await findContainer(branch);
-  if (existing) {
-    log.info(`[docker] reusing existing container ${existing} for branch ${branch}`);
-    return existing;
-  }
-
-  if (!opts.sandboxConfig.image) {
-    throw new Error("sandboxConfig.image is required but was empty");
-  }
-
-  const name = containerName(branch);
-  const home = Bun.env.HOME ?? "/root";
-  const rpcSecret = await loadRpcSecret();
-  const rpcPort = Bun.env.DASHBOARD_PORT ?? "5111";
-
-  // Resolve which credential paths exist on the host before building args.
-  // Only forward SSH_AUTH_SOCK if the socket is world-accessible so the
-  // Docker daemon (separate process) can bind-mount it.
-  let sshAuthSock = Bun.env.SSH_AUTH_SOCK;
-  if (sshAuthSock) {
-    try {
-      const st = await stat(sshAuthSock);
-      // eslint-disable-next-line no-bitwise
-      if (!st.isSocket() || (st.mode & 0o007) === 0) {
-        log.debug(`[docker] skipping SSH_AUTH_SOCK (not world-accessible): ${sshAuthSock}`);
-        sshAuthSock = undefined;
-      }
-    } catch {
-      sshAuthSock = undefined;
-    }
-  }
-  const credentialHostPaths = [
-    `${home}/.gitconfig`,
-    `${home}/.ssh`,
-    `${home}/.config/gh`,
-    ...(sshAuthSock ? [sshAuthSock] : []),
-  ];
-  const existingPaths = new Set<string>();
-  await Promise.all(credentialHostPaths.map(async (p) => {
-    if (await pathExists(p)) existingPaths.add(p);
-  }));
-
-  const args = buildDockerRunArgs(opts, existingPaths, home, name, rpcSecret, rpcPort, sshAuthSock, process.getuid!(), process.getgid!());
-
-  log.info(`[docker] launching container: ${name}`);
-  const proc = Bun.spawn(args, { stdout: "pipe", stderr: "pipe" });
-
-  // Race process exit against a hard timeout so a hung daemon or slow image
-  // pull does not block the server indefinitely.
-  const timeout = Bun.sleep(DOCKER_RUN_TIMEOUT_MS).then(() => {
-    proc.kill();
-    return "timeout" as const;
-  });
-
-  const [exitResult, stderr, containerId] = await Promise.all([
-    Promise.race([proc.exited, timeout]),
-    new Response(proc.stderr).text(),
-    new Response(proc.stdout).text(),
-  ]);
-
-  if (exitResult === "timeout") {
-    await Bun.spawn(["docker", "rm", "-f", name], { stdout: "ignore", stderr: "ignore" }).exited;
-    throw new Error(`docker run timed out after ${DOCKER_RUN_TIMEOUT_MS / 1000}s`);
-  }
-
-  if (exitResult !== 0) {
-    // Clean up any stopped container docker may have left behind.
-    await Bun.spawn(["docker", "rm", "-f", name], { stdout: "ignore", stderr: "ignore" }).exited;
-    throw new Error(`docker run failed (exit ${exitResult}): ${stderr}`);
-  }
-
-  log.info(`[docker] container ${name} ready (id=${containerId.trim().slice(0, 12)})`);
-
-  // Inject workmux stub so agents inside the container can call host-side workmux.
-  const stub = buildWorkmuxStub();
-  const injectProc = Bun.spawn(
-    ["docker", "exec", "-u", "root", "-i", name, "sh", "-c",
-     "cat > /usr/local/bin/workmux && chmod +x /usr/local/bin/workmux"],
-    { stdin: "pipe", stdout: "pipe", stderr: "pipe" },
-  );
-  const { stdin } = injectProc;
-  if (stdin) {
-    stdin.write(stub);
-    stdin.end();
-  }
-  const injectExit = await injectProc.exited;
-  if (injectExit !== 0) {
-    const injectStderr = await new Response(injectProc.stderr).text();
-    log.warn(`[docker] workmux stub injection failed for ${name}: ${injectStderr}`);
-  } else {
-    log.debug(`[docker] workmux stub injected into ${name}`);
-  }
-
-  return name;
-}
-
-/**
- * Find the most-recently-started running container for a branch.
- * Returns the container name, or null if none is running.
- * Throws if the Docker daemon cannot be reached.
- */
-export async function findContainer(branch: string): Promise<string | null> {
-  const sanitised = sanitiseBranchForName(branch);
-  const prefix = `wm-${sanitised}-`;
-  const proc = Bun.spawn(
-    ["docker", "ps", "--filter", `name=${prefix}`, "--format", "{{.Names}}"],
-    { stdout: "pipe", stderr: "pipe" },
-  );
-  const [exitCode, stdout, stderr] = await Promise.all([
-    proc.exited,
-    new Response(proc.stdout).text(),
-    new Response(proc.stderr).text(),
-  ]);
-
-  if (exitCode !== 0) {
-    throw new Error(`docker ps failed (exit ${exitCode}): ${stderr}`);
-  }
-
-  // Filter to exact prefix matches: the part after the prefix must be only
-  // the numeric timestamp. This prevents "main" from matching "main-v2" containers.
-  const names = stdout
-    .trim()
-    .split("\n")
-    .filter(Boolean)
-    .filter(n => n.startsWith(prefix) && /^\d+$/.test(n.slice(prefix.length)));
-
-  // docker ps lists containers newest-first; return the first match.
-  return names.at(0) ?? null;
-}
-
-/**
- * Remove all containers (running or stopped) for a branch.
- * Individual removal errors are logged but do not abort remaining removals.
- */
-export async function removeContainer(branch: string): Promise<void> {
-  const sanitised = sanitiseBranchForName(branch);
-  const prefix = `wm-${sanitised}-`;
-  const listProc = Bun.spawn(
-    ["docker", "ps", "-a", "--filter", `name=${prefix}`, "--format", "{{.Names}}"],
-    { stdout: "pipe", stderr: "pipe" },
-  );
-  const [listExit, listOut, listErr] = await Promise.all([
-    listProc.exited,
-    new Response(listProc.stdout).text(),
-    new Response(listProc.stderr).text(),
-  ]);
-
-  if (listExit !== 0) {
-    log.error(`[docker] removeContainer: docker ps failed for ${branch}: ${listErr}`);
-    return;
-  }
-
-  const names = listOut
-    .trim()
-    .split("\n")
-    .filter(Boolean)
-    .filter(n => n.startsWith(prefix) && /^\d+$/.test(n.slice(prefix.length)));
-
-  await Promise.all(
-    names.map(async (cname) => {
-      log.info(`[docker] removing container: ${cname}`);
-      const rmProc = Bun.spawn(["docker", "rm", "-f", cname], { stdout: "ignore", stderr: "pipe" });
-      const [rmExit, rmErr] = await Promise.all([
-        rmProc.exited,
-        new Response(rmProc.stderr).text(),
-      ]);
-      if (rmExit !== 0) {
-        log.error(`[docker] failed to remove container ${cname}: ${rmErr}`);
-      }
-    }),
-  );
-}

package/backend/src/env.ts

@@ -1,95 +0,0 @@
-import type { ServiceConfig } from "./config";
-
-/** Read key=value pairs from a worktree's .env.local file. */
-export async function readEnvLocal(wtDir: string): Promise<Record<string, string>> {
-  try {
-    const text = (await Bun.file(`${wtDir}/.env.local`).text()).trim();
-    const env: Record<string, string> = {};
-    for (const line of text.split("\n")) {
-      const match = line.match(/^(\w+)=(.*)$/);
-      if (match) env[match[1]] = match[2];
-    }
-    return env;
-  } catch {
-    return {};
-  }
-}
-
-/** Batch-write multiple key=value pairs to a worktree's .env.local (upsert each key). */
-export async function writeEnvLocal(wtDir: string, entries: Record<string, string>): Promise<void> {
-  const filePath = `${wtDir}/.env.local`;
-  let lines: string[] = [];
-  try {
-    const content = (await Bun.file(filePath).text()).trim();
-    if (content) lines = content.split("\n");
-  } catch {
-    // File doesn't exist yet
-  }
-
-  for (const [key, value] of Object.entries(entries)) {
-    const pattern = new RegExp(`^${key}=`);
-    const idx = lines.findIndex((l) => pattern.test(l));
-    if (idx >= 0) {
-      lines[idx] = `${key}=${value}`;
-    } else {
-      lines.push(`${key}=${value}`);
-    }
-  }
-
-  await Bun.write(filePath, lines.join("\n") + "\n");
-}
-
-/** Read .env.local from all worktree paths, optionally excluding one directory. */
-export async function readAllWorktreeEnvs(
-  worktreePaths: string[],
-  excludeDir?: string,
-): Promise<Record<string, string>[]> {
-  const results: Record<string, string>[] = [];
-  for (const p of worktreePaths) {
-    if (excludeDir && p === excludeDir) continue;
-    results.push(await readEnvLocal(p));
-  }
-  return results;
-}
-
-/**
- * Pure: compute port assignments for a new worktree.
- * Uses the first allocatable service as a reference to reverse-compute
- * occupied slot indices. Index 0 is reserved for main. Returns a map
- * of portEnv → port value for all services that have portStart set.
- */
-export function allocatePorts(
-  existingEnvs: Record<string, string>[],
-  services: ServiceConfig[],
-): Record<string, string> {
-  const allocatable = services.filter((s) => s.portStart != null);
-  if (allocatable.length === 0) return {};
-
-  // Use the first allocatable service to discover occupied slot indices
-  const ref = allocatable[0];
-  const refStart = ref.portStart!;
-  const refStep = ref.portStep ?? 1;
-
-  const occupied = new Set<number>();
-  for (const env of existingEnvs) {
-    const raw = env[ref.portEnv];
-    if (raw == null) continue;
-    const port = Number(raw);
-    if (!Number.isInteger(port) || port < refStart) continue;
-    const diff = port - refStart;
-    if (diff % refStep !== 0) continue;
-    occupied.add(diff / refStep);
-  }
-
-  // Find the first free slot starting from 1 (0 is reserved for main)
-  let slot = 1;
-  while (occupied.has(slot)) slot++;
-
-  const result: Record<string, string> = {};
-  for (const svc of allocatable) {
-    const start = svc.portStart!;
-    const step = svc.portStep ?? 1;
-    result[svc.portEnv] = String(start + slot * step);
-  }
-  return result;
-}

package/backend/src/http.ts

@@ -1,10 +0,0 @@
-export function jsonResponse(data: unknown, status = 200): Response {
-  return new Response(JSON.stringify(data), {
-    status,
-    headers: { "Content-Type": "application/json" },
-  });
-}
-
-export function errorResponse(message: string, status = 500): Response {
-  return jsonResponse({ error: message }, status);
-}

package/backend/src/lib/log.ts

@@ -1,14 +0,0 @@
-const DEBUG = Bun.env.WMDEV_DEBUG === "1";
-
-function ts(): string {
-  return new Date().toISOString().slice(11, 23);
-}
-
-export const log = {
-  info(msg: string): void { console.log(`[${ts()}] ${msg}`); },
-  debug(msg: string): void { if (DEBUG) console.log(`[${ts()}] ${msg}`); },
-  warn(msg: string): void { console.warn(`[${ts()}] ${msg}`); },
-  error(msg: string, err?: unknown): void {
-    err !== undefined ? console.error(`[${ts()}] ${msg}`, err) : console.error(`[${ts()}] ${msg}`);
-  },
-};