npm - zoe-agent - Versions diffs - 0.3.1 - Mend

zoe-agent 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (267) hide show

package/CHANGELOG.md +154 -0
package/LICENSE +96 -0
package/README.md +568 -0
package/dist/adapters/cli/agent.d.ts +59 -0
package/dist/adapters/cli/agent.js +232 -0
package/dist/adapters/cli/bootstrap.d.ts +25 -0
package/dist/adapters/cli/bootstrap.js +204 -0
package/dist/adapters/cli/commands/build-registry.d.ts +14 -0
package/dist/adapters/cli/commands/build-registry.js +88 -0
package/dist/adapters/cli/commands/clear.d.ts +7 -0
package/dist/adapters/cli/commands/clear.js +10 -0
package/dist/adapters/cli/commands/compact.d.ts +13 -0
package/dist/adapters/cli/commands/compact.js +96 -0
package/dist/adapters/cli/commands/exit.d.ts +7 -0
package/dist/adapters/cli/commands/exit.js +9 -0
package/dist/adapters/cli/commands/gateway.d.ts +7 -0
package/dist/adapters/cli/commands/gateway.js +152 -0
package/dist/adapters/cli/commands/help.d.ts +9 -0
package/dist/adapters/cli/commands/help.js +12 -0
package/dist/adapters/cli/commands/models.d.ts +10 -0
package/dist/adapters/cli/commands/models.js +32 -0
package/dist/adapters/cli/commands/registry.d.ts +70 -0
package/dist/adapters/cli/commands/registry.js +111 -0
package/dist/adapters/cli/commands/settings-utils.d.ts +38 -0
package/dist/adapters/cli/commands/settings-utils.js +182 -0
package/dist/adapters/cli/commands/settings.d.ts +9 -0
package/dist/adapters/cli/commands/settings.js +395 -0
package/dist/adapters/cli/commands/skills.d.ts +7 -0
package/dist/adapters/cli/commands/skills.js +21 -0
package/dist/adapters/cli/config-loader.d.ts +27 -0
package/dist/adapters/cli/config-loader.js +48 -0
package/dist/adapters/cli/docker-utils.d.ts +37 -0
package/dist/adapters/cli/docker-utils.js +90 -0
package/dist/adapters/cli/index.d.ts +2 -0
package/dist/adapters/cli/index.js +88 -0
package/dist/adapters/cli/repl.d.ts +22 -0
package/dist/adapters/cli/repl.js +256 -0
package/dist/adapters/cli/setup.d.ts +19 -0
package/dist/adapters/cli/setup.js +613 -0
package/dist/adapters/cli/system-prompts.d.ts +56 -0
package/dist/adapters/cli/system-prompts.js +131 -0
package/dist/adapters/cli/tui/app.d.ts +58 -0
package/dist/adapters/cli/tui/app.js +314 -0
package/dist/adapters/cli/tui/components/assistant-message.d.ts +5 -0
package/dist/adapters/cli/tui/components/assistant-message.js +9 -0
package/dist/adapters/cli/tui/components/autocomplete.d.ts +19 -0
package/dist/adapters/cli/tui/components/autocomplete.js +75 -0
package/dist/adapters/cli/tui/components/command-palette.d.ts +15 -0
package/dist/adapters/cli/tui/components/command-palette.js +50 -0
package/dist/adapters/cli/tui/components/diff-viewer.d.ts +5 -0
package/dist/adapters/cli/tui/components/diff-viewer.js +109 -0
package/dist/adapters/cli/tui/components/error-message.d.ts +5 -0
package/dist/adapters/cli/tui/components/error-message.js +8 -0
package/dist/adapters/cli/tui/components/footer.d.ts +20 -0
package/dist/adapters/cli/tui/components/footer.js +19 -0
package/dist/adapters/cli/tui/components/goal-status.d.ts +12 -0
package/dist/adapters/cli/tui/components/goal-status.js +22 -0
package/dist/adapters/cli/tui/components/info-message.d.ts +5 -0
package/dist/adapters/cli/tui/components/info-message.js +8 -0
package/dist/adapters/cli/tui/components/logo-banner.d.ts +7 -0
package/dist/adapters/cli/tui/components/logo-banner.js +33 -0
package/dist/adapters/cli/tui/components/markdown.d.ts +9 -0
package/dist/adapters/cli/tui/components/markdown.js +92 -0
package/dist/adapters/cli/tui/components/message-area.d.ts +19 -0
package/dist/adapters/cli/tui/components/message-area.js +55 -0
package/dist/adapters/cli/tui/components/permission-prompt.d.ts +13 -0
package/dist/adapters/cli/tui/components/permission-prompt.js +32 -0
package/dist/adapters/cli/tui/components/prompt-area.d.ts +22 -0
package/dist/adapters/cli/tui/components/prompt-area.js +68 -0
package/dist/adapters/cli/tui/components/text-input.d.ts +27 -0
package/dist/adapters/cli/tui/components/text-input.js +142 -0
package/dist/adapters/cli/tui/components/tool-call-block.d.ts +11 -0
package/dist/adapters/cli/tui/components/tool-call-block.js +68 -0
package/dist/adapters/cli/tui/components/user-message.d.ts +5 -0
package/dist/adapters/cli/tui/components/user-message.js +8 -0
package/dist/adapters/cli/tui/diff/file-write-meta.d.ts +11 -0
package/dist/adapters/cli/tui/diff/file-write-meta.js +11 -0
package/dist/adapters/cli/tui/diff/line-diff.d.ts +17 -0
package/dist/adapters/cli/tui/diff/line-diff.js +44 -0
package/dist/adapters/cli/tui/feed-serializer.d.ts +29 -0
package/dist/adapters/cli/tui/feed-serializer.js +70 -0
package/dist/adapters/cli/tui/file-index.d.ts +8 -0
package/dist/adapters/cli/tui/file-index.js +41 -0
package/dist/adapters/cli/tui/hooks/use-agent.d.ts +54 -0
package/dist/adapters/cli/tui/hooks/use-agent.js +177 -0
package/dist/adapters/cli/tui/hooks/use-feed.d.ts +16 -0
package/dist/adapters/cli/tui/hooks/use-feed.js +25 -0
package/dist/adapters/cli/tui/hooks/use-file-watcher.d.ts +10 -0
package/dist/adapters/cli/tui/hooks/use-file-watcher.js +43 -0
package/dist/adapters/cli/tui/hooks/use-keybindings.d.ts +16 -0
package/dist/adapters/cli/tui/hooks/use-keybindings.js +25 -0
package/dist/adapters/cli/tui/hooks/use-theme.d.ts +8 -0
package/dist/adapters/cli/tui/hooks/use-theme.js +12 -0
package/dist/adapters/cli/tui/index.d.ts +19 -0
package/dist/adapters/cli/tui/index.js +206 -0
package/dist/adapters/cli/tui/ink-reset.d.ts +29 -0
package/dist/adapters/cli/tui/ink-reset.js +57 -0
package/dist/adapters/cli/tui/layout.d.ts +15 -0
package/dist/adapters/cli/tui/layout.js +15 -0
package/dist/adapters/cli/tui/logo/gradient.d.ts +11 -0
package/dist/adapters/cli/tui/logo/gradient.js +31 -0
package/dist/adapters/cli/tui/overlays/help-dialog.d.ts +4 -0
package/dist/adapters/cli/tui/overlays/help-dialog.js +26 -0
package/dist/adapters/cli/tui/overlays/model-selector.d.ts +14 -0
package/dist/adapters/cli/tui/overlays/model-selector.js +43 -0
package/dist/adapters/cli/tui/overlays/session-selector.d.ts +35 -0
package/dist/adapters/cli/tui/overlays/session-selector.js +162 -0
package/dist/adapters/cli/tui/overlays/settings-overlay.d.ts +24 -0
package/dist/adapters/cli/tui/overlays/settings-overlay.js +126 -0
package/dist/adapters/cli/tui/session-export.d.ts +21 -0
package/dist/adapters/cli/tui/session-export.js +63 -0
package/dist/adapters/cli/tui/theme.d.ts +23 -0
package/dist/adapters/cli/tui/theme.js +22 -0
package/dist/adapters/cli/tui/types.d.ts +52 -0
package/dist/adapters/cli/tui/types.js +12 -0
package/dist/adapters/sdk/agent.d.ts +20 -0
package/dist/adapters/sdk/agent.js +356 -0
package/dist/adapters/sdk/http.d.ts +43 -0
package/dist/adapters/sdk/http.js +61 -0
package/dist/adapters/sdk/index.d.ts +58 -0
package/dist/adapters/sdk/index.js +209 -0
package/dist/adapters/sdk/settings.d.ts +18 -0
package/dist/adapters/sdk/settings.js +57 -0
package/dist/adapters/sdk/tools.d.ts +7 -0
package/dist/adapters/sdk/tools.js +13 -0
package/dist/adapters/server/auth.d.ts +53 -0
package/dist/adapters/server/auth.js +168 -0
package/dist/adapters/server/index.d.ts +40 -0
package/dist/adapters/server/index.js +255 -0
package/dist/adapters/server/rest-gateway.d.ts +13 -0
package/dist/adapters/server/rest-gateway.js +218 -0
package/dist/adapters/server/rest.d.ts +37 -0
package/dist/adapters/server/rest.js +341 -0
package/dist/adapters/server/server-core.d.ts +55 -0
package/dist/adapters/server/server-core.js +121 -0
package/dist/adapters/server/session-store.d.ts +81 -0
package/dist/adapters/server/session-store.js +272 -0
package/dist/adapters/server/settings-handlers.d.ts +24 -0
package/dist/adapters/server/settings-handlers.js +360 -0
package/dist/adapters/server/standalone.d.ts +19 -0
package/dist/adapters/server/standalone.js +113 -0
package/dist/adapters/server/websocket.d.ts +26 -0
package/dist/adapters/server/websocket.js +68 -0
package/dist/adapters/server/ws-handlers.d.ts +32 -0
package/dist/adapters/server/ws-handlers.js +523 -0
package/dist/adapters/server/ws-types.d.ts +304 -0
package/dist/adapters/server/ws-types.js +7 -0
package/dist/core/agent-loop.d.ts +68 -0
package/dist/core/agent-loop.js +423 -0
package/dist/core/config.d.ts +115 -0
package/dist/core/config.js +189 -0
package/dist/core/errors.d.ts +58 -0
package/dist/core/errors.js +88 -0
package/dist/core/hooks.d.ts +35 -0
package/dist/core/hooks.js +49 -0
package/dist/core/index.d.ts +23 -0
package/dist/core/index.js +29 -0
package/dist/core/message-convert.d.ts +41 -0
package/dist/core/message-convert.js +94 -0
package/dist/core/middleware/auth.d.ts +24 -0
package/dist/core/middleware/auth.js +28 -0
package/dist/core/middleware/logging.d.ts +23 -0
package/dist/core/middleware/logging.js +28 -0
package/dist/core/middleware/rate-limit.d.ts +27 -0
package/dist/core/middleware/rate-limit.js +38 -0
package/dist/core/middleware/semantic-tools.d.ts +10 -0
package/dist/core/middleware/semantic-tools.js +43 -0
package/dist/core/middleware.d.ts +48 -0
package/dist/core/middleware.js +38 -0
package/dist/core/permission.d.ts +25 -0
package/dist/core/permission.js +50 -0
package/dist/core/provider-config.d.ts +129 -0
package/dist/core/provider-config.js +273 -0
package/dist/core/provider-env.d.ts +39 -0
package/dist/core/provider-env.js +142 -0
package/dist/core/provider-resolver.d.ts +12 -0
package/dist/core/provider-resolver.js +12 -0
package/dist/core/session-store.d.ts +75 -0
package/dist/core/session-store.js +245 -0
package/dist/core/settings-manager.d.ts +57 -0
package/dist/core/settings-manager.js +359 -0
package/dist/core/settings-schema.d.ts +38 -0
package/dist/core/settings-schema.js +171 -0
package/dist/core/skill-catalog.d.ts +6 -0
package/dist/core/skill-catalog.js +17 -0
package/dist/core/skill-invoker.d.ts +127 -0
package/dist/core/skill-invoker.js +182 -0
package/dist/core/stream-accumulator.d.ts +21 -0
package/dist/core/stream-accumulator.js +51 -0
package/dist/core/stream-manager.d.ts +58 -0
package/dist/core/stream-manager.js +212 -0
package/dist/core/tool-executor.d.ts +84 -0
package/dist/core/tool-executor.js +256 -0
package/dist/core/types.d.ts +259 -0
package/dist/core/types.js +11 -0
package/dist/gateway/gateway.d.ts +52 -0
package/dist/gateway/gateway.js +537 -0
package/dist/gateway/index.d.ts +21 -0
package/dist/gateway/index.js +31 -0
package/dist/gateway/openapi-importer.d.ts +15 -0
package/dist/gateway/openapi-importer.js +66 -0
package/dist/gateway/semantic-scorer.d.ts +7 -0
package/dist/gateway/semantic-scorer.js +24 -0
package/dist/gateway/settings-adapter.d.ts +49 -0
package/dist/gateway/settings-adapter.js +137 -0
package/dist/gateway/tool-factory.d.ts +9 -0
package/dist/gateway/tool-factory.js +414 -0
package/dist/gateway/types.d.ts +68 -0
package/dist/gateway/types.js +7 -0
package/dist/models-catalog.js +46 -0
package/dist/providers/anthropic.d.ts +22 -0
package/dist/providers/anthropic.js +148 -0
package/dist/providers/factory.d.ts +10 -0
package/dist/providers/factory.js +25 -0
package/dist/providers/openai.d.ts +15 -0
package/dist/providers/openai.js +71 -0
package/dist/providers/types.d.ts +48 -0
package/dist/providers/types.js +1 -0
package/dist/skills/args.d.ts +37 -0
package/dist/skills/args.js +99 -0
package/dist/skills/index.d.ts +11 -0
package/dist/skills/index.js +23 -0
package/dist/skills/loader.d.ts +3 -0
package/dist/skills/loader.js +59 -0
package/dist/skills/parser.d.ts +7 -0
package/dist/skills/parser.js +152 -0
package/dist/skills/registry.d.ts +13 -0
package/dist/skills/registry.js +74 -0
package/dist/skills/resolver.d.ts +19 -0
package/dist/skills/resolver.js +116 -0
package/dist/skills/types.d.ts +74 -0
package/dist/skills/types.js +50 -0
package/dist/tools/browser.d.ts +2 -0
package/dist/tools/browser.js +68 -0
package/dist/tools/core.d.ts +20 -0
package/dist/tools/core.js +244 -0
package/dist/tools/email.d.ts +2 -0
package/dist/tools/email.js +61 -0
package/dist/tools/image.d.ts +2 -0
package/dist/tools/image.js +257 -0
package/dist/tools/index.d.ts +2 -0
package/dist/tools/index.js +88 -0
package/dist/tools/interface.d.ts +22 -0
package/dist/tools/interface.js +1 -0
package/dist/tools/notify.d.ts +2 -0
package/dist/tools/notify.js +100 -0
package/dist/tools/prompt-optimizer.d.ts +2 -0
package/dist/tools/prompt-optimizer.js +65 -0
package/dist/tools/screenshot.d.ts +2 -0
package/dist/tools/screenshot.js +184 -0
package/dist/tools/search.d.ts +2 -0
package/dist/tools/search.js +78 -0
package/dist/tools/todos.d.ts +10 -0
package/dist/tools/todos.js +50 -0
package/package.json +119 -0
package/skills/docker-ops/SKILL.md +329 -0
package/skills/k8s-deploy/SKILL.md +397 -0
package/skills/log-analyzer/SKILL.md +331 -0
package/skills/speckit-analyze/SKILL.md +260 -0
package/skills/speckit-checklist/SKILL.md +374 -0
package/skills/speckit-clarify/SKILL.md +286 -0
package/skills/speckit-constitution/SKILL.md +157 -0
package/skills/speckit-implement/SKILL.md +224 -0
package/skills/speckit-plan/SKILL.md +171 -0
package/skills/speckit-specify/SKILL.md +346 -0
package/skills/speckit-tasks/SKILL.md +215 -0
package/skills/speckit-taskstoissues/SKILL.md +107 -0

package/dist/adapters/server/session-store.js ADDED Viewed

@@ -0,0 +1,272 @@
+/**
+ * Zoe Server — Server-side Session Management
+ *
+ * Wraps a PersistenceBackend for server-specific needs:
+ *  - TTL-based session expiration
+ *  - Per-API-key concurrency limits
+ *  - Periodic cleanup of stale sessions
+ *
+ * Raw storage is delegated to a PersistenceBackend (default: file-based).
+ * Server metadata (apiKeyHash, lastActivityAt) lives in memory and in
+ * the `metadata` field of SessionData.
+ */
+import { createPersistenceBackend } from "../../core/session-store.js";
+// ── Defaults ───────────────────────────────────────────────────────────
+const DEFAULT_SESSION_TTL = 24 * 60 * 60 * 1000; // 24 hours
+const DEFAULT_INACTIVITY_TIMEOUT = 30 * 60 * 1000; // 30 minutes
+const DEFAULT_MAX_SESSIONS = 5;
+const DEFAULT_CLEANUP_INTERVAL = 5 * 60 * 1000; // 5 minutes
+// ── Helpers ────────────────────────────────────────────────────────────
+import * as crypto from "crypto";
+export function hashKey(key) {
+    return crypto.createHash("sha256").update(key).digest("hex").slice(0, 16);
+}
+// ── ServerSessionManager ───────────────────────────────────────────────
+export class ServerSessionManager {
+    sessions = new Map();
+    sessionTTL;
+    inactivityTimeout;
+    maxSessionsPerKey;
+    cleanupInterval;
+    backend;
+    cleanupTimer = null;
+    constructor(options) {
+        this.sessionTTL = options?.sessionTTL ?? DEFAULT_SESSION_TTL;
+        this.inactivityTimeout = options?.inactivityTimeout ?? DEFAULT_INACTIVITY_TIMEOUT;
+        this.maxSessionsPerKey = options?.maxSessionsPerKey ?? DEFAULT_MAX_SESSIONS;
+        this.cleanupInterval = options?.cleanupInterval ?? DEFAULT_CLEANUP_INTERVAL;
+        if (options?.backend) {
+            this.backend = options.backend;
+        }
+        else {
+            this.backend = createPersistenceBackend({
+                type: "file",
+                path: options?.sessionDir,
+            });
+        }
+    }
+    // ── Lifecycle ────────────────────────────────────────────────────────
+    /**
+     * Start the periodic cleanup timer.
+     */
+    startCleanup() {
+        if (this.cleanupTimer)
+            return;
+        this.cleanupTimer = setInterval(() => this.cleanup(), this.cleanupInterval);
+        // Prevent the timer from keeping the process alive
+        if (this.cleanupTimer.unref) {
+            this.cleanupTimer.unref();
+        }
+    }
+    /**
+     * Stop the periodic cleanup timer.
+     */
+    stopCleanup() {
+        if (this.cleanupTimer) {
+            clearInterval(this.cleanupTimer);
+            this.cleanupTimer = null;
+        }
+    }
+    // ── CRUD ─────────────────────────────────────────────────────────────
+    /**
+     * Create a new session. Enforces per-API-key session limits.
+     * Returns the new SessionData or throws if the limit is exceeded.
+     * Awaits persistence — callers should await to ensure backend errors propagate.
+     */
+    async createSession(apiKey, provider, model) {
+        const keyHash = hashKey(apiKey);
+        // Enforce per-key limit
+        const existing = this.getSessionsByKey(keyHash);
+        if (existing.length >= this.maxSessionsPerKey) {
+            throw new Error(`Maximum concurrent sessions (${this.maxSessionsPerKey}) reached for this API key.`);
+        }
+        const id = crypto.randomUUID();
+        const now = Date.now();
+        const session = {
+            id,
+            messages: [],
+            createdAt: now,
+            updatedAt: now,
+            lastActivityAt: now,
+            apiKeyHash: keyHash,
+            provider,
+            model,
+        };
+        this.sessions.set(id, session);
+        await this.persistSessionAsync(session);
+        return {
+            id: session.id,
+            messages: session.messages,
+            createdAt: session.createdAt,
+            updatedAt: session.updatedAt,
+            provider: session.provider,
+            model: session.model,
+        };
+    }
+    /**
+     * Get a session by its ID, verifying ownership via API key hash.
+     * Returns null if the session does not exist, has expired, or is not owned
+     * by the provided API key.
+     */
+    async getSession(id, apiKeyHash) {
+        let session = this.sessions.get(id);
+        if (!session) {
+            // Try loading from persistence backend
+            session = await this.loadSessionFromBackend(id);
+            if (!session)
+                return null;
+            this.sessions.set(id, session);
+        }
+        // Check expiration
+        if (this.isExpired(session)) {
+            this.deleteSession(id);
+            return null;
+        }
+        // Ownership verification — constant-time comparison to prevent timing attacks
+        if (!this.verifyOwnership(session, apiKeyHash)) {
+            return null;
+        }
+        return {
+            id: session.id,
+            messages: session.messages,
+            createdAt: session.createdAt,
+            updatedAt: session.updatedAt,
+            provider: session.provider,
+            model: session.model,
+        };
+    }
+    /**
+     * Add a message to an existing session.
+     * Updates the last-activity timestamp.
+     */
+    addMessage(sessionId, message) {
+        const session = this.sessions.get(sessionId);
+        if (!session)
+            return;
+        session.messages.push(message);
+        session.updatedAt = Date.now();
+        session.lastActivityAt = Date.now();
+        this.persistSession(session);
+    }
+    /**
+     * Delete a session by ID.
+     */
+    deleteSession(id) {
+        this.sessions.delete(id);
+        this.backend.delete(id).catch(() => {
+            // Best-effort — don't crash on delete errors
+        });
+    }
+    /**
+     * Get all active (non-expired) sessions.
+     */
+    getActiveSessions() {
+        const active = [];
+        for (const [id, session] of this.sessions) {
+            if (!this.isExpired(session)) {
+                active.push({
+                    id: session.id,
+                    messages: session.messages,
+                    createdAt: session.createdAt,
+                    updatedAt: session.updatedAt,
+                    provider: session.provider,
+                    model: session.model,
+                });
+            }
+        }
+        return active;
+    }
+    /**
+     * Remove expired sessions from memory and backend.
+     */
+    cleanup() {
+        for (const [id, session] of this.sessions) {
+            if (this.isExpired(session)) {
+                this.deleteSession(id);
+            }
+        }
+    }
+    // ── Internal helpers ─────────────────────────────────────────────────
+    getSessionsByKey(keyHash) {
+        const result = [];
+        for (const session of this.sessions.values()) {
+            if (session.apiKeyHash === keyHash && !this.isExpired(session)) {
+                result.push(session);
+            }
+        }
+        return result;
+    }
+    isExpired(session) {
+        const now = Date.now();
+        // Absolute TTL
+        if (now - session.createdAt > this.sessionTTL) {
+            return true;
+        }
+        // Inactivity timeout
+        if (now - session.lastActivityAt > this.inactivityTimeout) {
+            return true;
+        }
+        return false;
+    }
+    persistSession(session) {
+        const data = {
+            id: session.id,
+            messages: session.messages,
+            createdAt: session.createdAt,
+            updatedAt: session.updatedAt,
+            provider: session.provider,
+            model: session.model,
+            metadata: {
+                apiKeyHash: session.apiKeyHash,
+                lastActivityAt: session.lastActivityAt,
+            },
+        };
+        this.backend.save(session.id, data).catch(() => {
+            // Best-effort persistence — don't crash on write errors
+        });
+    }
+    async persistSessionAsync(session) {
+        const data = {
+            id: session.id,
+            messages: session.messages,
+            createdAt: session.createdAt,
+            updatedAt: session.updatedAt,
+            provider: session.provider,
+            model: session.model,
+            metadata: {
+                apiKeyHash: session.apiKeyHash,
+                lastActivityAt: session.lastActivityAt,
+            },
+        };
+        await this.backend.save(session.id, data);
+    }
+    async loadSessionFromBackend(id) {
+        try {
+            const data = await this.backend.load(id);
+            if (!data)
+                return null;
+            const metadata = data.metadata ?? {};
+            return {
+                id: data.id,
+                messages: data.messages,
+                createdAt: data.createdAt,
+                updatedAt: data.updatedAt,
+                provider: data.provider,
+                model: data.model,
+                apiKeyHash: metadata.apiKeyHash ?? "",
+                lastActivityAt: metadata.lastActivityAt ?? data.updatedAt,
+            };
+        }
+        catch (err) {
+            console.warn(`[session-store] Failed to load session ${id} from backend:`, err);
+            return null;
+        }
+    }
+    verifyOwnership(session, apiKeyHash) {
+        const a = Buffer.from(session.apiKeyHash, "utf-8");
+        const b = Buffer.from(apiKeyHash, "utf-8");
+        if (a.length !== b.length)
+            return false;
+        return crypto.timingSafeEqual(a, b);
+    }
+}

package/dist/adapters/server/settings-handlers.d.ts ADDED Viewed

@@ -0,0 +1,24 @@
+/**
+ * Zoe Server — Settings REST & WebSocket Handlers
+ *
+ * REST endpoints and WS message handlers for settings management.
+ */
+import type { IncomingMessage, ServerResponse } from 'http';
+import { SettingsManager } from '../../core/settings-manager.js';
+import type { WebSocket, ConnectionState } from './ws-types.js';
+export interface SettingsHandlerContext {
+    settingsManager: SettingsManager;
+    /** Get all connected WS clients (excluding sender) */
+    getOtherClients: (excludeWs?: WebSocket) => Array<{
+        ws: WebSocket;
+        state: ConnectionState;
+    }>;
+}
+export declare function handleGetSettings(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext, category?: string): Promise<void>;
+export declare function handlePatchSettings(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext, category?: string): Promise<void>;
+export declare function handleGetSettingsSchema(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext): Promise<void>;
+export declare function handlePostProvider(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext): Promise<void>;
+export declare function handlePatchProvider(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext, providerType: string): Promise<void>;
+export declare function handleDeleteProvider(req: IncomingMessage, res: ServerResponse, ctx: SettingsHandlerContext, providerType: string): Promise<void>;
+export declare function handleWsGetSettings(msg: any, ws: WebSocket, state: ConnectionState, ctx: SettingsHandlerContext): void;
+export declare function handleWsUpdateSettings(msg: any, ws: WebSocket, state: ConnectionState, ctx: SettingsHandlerContext): Promise<void>;

package/dist/adapters/server/settings-handlers.js ADDED Viewed

@@ -0,0 +1,360 @@
+/**
+ * Zoe Server — Settings REST & WebSocket Handlers
+ *
+ * REST endpoints and WS message handlers for settings management.
+ */
+import { SETTINGS_SCHEMA, SETTINGS_CATEGORIES } from '../../core/settings-schema.js';
+import { hasScope } from './auth.js';
+// ── Mutex ─────────────────────────────────────────────────────────────────
+class AsyncMutex {
+    queue = [];
+    locked = false;
+    async acquire() {
+        return new Promise((resolve) => {
+            const tryAcquire = () => {
+                if (!this.locked) {
+                    this.locked = true;
+                    resolve(() => {
+                        this.locked = false;
+                        if (this.queue.length > 0)
+                            this.queue.shift()();
+                    });
+                }
+                else {
+                    this.queue.push(tryAcquire);
+                }
+            };
+            tryAcquire();
+        });
+    }
+}
+const writeMutex = new AsyncMutex();
+// ── Helpers ───────────────────────────────────────────────────────────────
+function sendJSON(res, statusCode, data) {
+    const body = JSON.stringify(data);
+    res.writeHead(statusCode, {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body),
+    });
+    res.end(body);
+}
+function sendError(res, statusCode, code, message) {
+    sendJSON(res, statusCode, { error: { code, message } });
+}
+function requireScope(res, apiKey, scope) {
+    if (!apiKey || !hasScope(apiKey, scope)) {
+        sendError(res, 403, 'FORBIDDEN', `Requires ${scope} scope`);
+        return false;
+    }
+    return true;
+}
+function requireWsScope(state, scope) {
+    const apiKey = state.apiKey;
+    return !!apiKey && hasScope(apiKey, scope);
+}
+async function readBody(req) {
+    return new Promise((resolve, reject) => {
+        let data = '';
+        req.on('data', (chunk) => { data += chunk; });
+        req.on('end', () => {
+            try {
+                resolve(JSON.parse(data));
+            }
+            catch {
+                reject(new Error('Invalid JSON'));
+            }
+        });
+        req.on('error', reject);
+    });
+}
+const VALID_CATEGORIES = new Set(SETTINGS_CATEGORIES.map(c => c.key));
+const VALID_PROVIDER_TYPES = new Set(['openai', 'anthropic', 'glm', 'openai-compatible']);
+// ── REST Handlers ─────────────────────────────────────────────────────────
+export async function handleGetSettings(req, res, ctx, category) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'agent:read'))
+        return;
+    if (category) {
+        if (!VALID_CATEGORIES.has(category)) {
+            sendError(res, 404, 'NOT_FOUND', `Unknown category: ${category}`);
+            return;
+        }
+        const all = ctx.settingsManager.listByCategory();
+        sendJSON(res, 200, { [category]: all[category] ?? [] });
+        return;
+    }
+    const all = ctx.settingsManager.listByCategory();
+    sendJSON(res, 200, all);
+}
+export async function handlePatchSettings(req, res, ctx, category) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'admin'))
+        return;
+    const body = await readBody(req);
+    const updates = category ? { [category]: body } : body;
+    const applied = {};
+    const errors = [];
+    let requiresRestart = false;
+    const restartAffected = [];
+    const release = await writeMutex.acquire();
+    try {
+        for (const [cat, fields] of Object.entries(updates)) {
+            if (typeof fields !== 'object' || fields === null)
+                continue;
+            applied[cat] = {};
+            for (const [key, value] of Object.entries(fields)) {
+                const dotKey = category ? `${category}.${key}` : `${cat}.${key}`;
+                try {
+                    await ctx.settingsManager.set(dotKey, String(value));
+                    applied[cat][key] = ctx.settingsManager.get(dotKey).value;
+                    // Check restart requirement via schema
+                    const schema = SETTINGS_SCHEMA.get(dotKey);
+                    if (schema?.restartRequired) {
+                        requiresRestart = true;
+                        restartAffected.push(dotKey);
+                    }
+                }
+                catch (e) {
+                    errors.push({ field: dotKey, message: e.message });
+                }
+            }
+        }
+    }
+    finally {
+        release();
+    }
+    if (errors.length > 0) {
+        sendJSON(res, 422, {
+            error: { code: 'VALIDATION_ERROR', message: `${errors.length} field(s) failed validation`, details: errors },
+        });
+        return;
+    }
+    // Broadcast change notification
+    broadcastSettingsChange(ctx, Object.keys(updates), requiresRestart, restartAffected);
+    sendJSON(res, 200, { applied, requiresRestart, restartAffected });
+}
+export async function handleGetSettingsSchema(req, res, ctx) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'agent:read'))
+        return;
+    // Build a simple JSON schema from SETTINGS_SCHEMA
+    const properties = {};
+    for (const [dotKey, schema] of SETTINGS_SCHEMA) {
+        const prop = {};
+        if (schema.type === 'number')
+            prop.type = 'integer';
+        else if (schema.type === 'boolean')
+            prop.type = 'boolean';
+        else if (schema.type === 'enum') {
+            prop.type = 'string';
+            prop.enum = schema.enumValues;
+        }
+        else
+            prop.type = 'string';
+        if (schema.secret)
+            prop.writeOnly = true;
+        if (schema.default !== undefined)
+            prop.default = schema.default;
+        properties[dotKey] = prop;
+    }
+    sendJSON(res, 200, {
+        $schema: 'https://json-schema.org/draft/2020-12/schema',
+        title: 'Zoe Agent Settings',
+        type: 'object',
+        properties,
+    });
+}
+export async function handlePostProvider(req, res, ctx) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'admin'))
+        return;
+    const body = await readBody(req);
+    const providerType = body.type;
+    if (!providerType || !VALID_PROVIDER_TYPES.has(providerType)) {
+        sendError(res, 422, 'VALIDATION_ERROR', 'Invalid or missing provider type');
+        return;
+    }
+    // Check if already exists
+    const existingKey = `providers.${providerType === 'openai-compatible' ? 'openai-compat' : providerType}.apiKey`;
+    const existing = ctx.settingsManager.get(existingKey);
+    if (existing.value != null) {
+        sendError(res, 409, 'CONFLICT', `Provider "${providerType}" is already configured. Use PATCH to update.`);
+        return;
+    }
+    if (!body.apiKey) {
+        sendError(res, 422, 'VALIDATION_ERROR', 'apiKey is required');
+        return;
+    }
+    if (providerType === 'openai-compatible' && !body.baseUrl) {
+        sendError(res, 422, 'VALIDATION_ERROR', 'baseUrl is required for openai-compatible');
+        return;
+    }
+    const release = await writeMutex.acquire();
+    try {
+        await ctx.settingsManager.set(existingKey, body.apiKey);
+        if (body.model) {
+            const modelKey = `providers.${providerType === 'openai-compatible' ? 'openai-compat' : providerType}.model`;
+            await ctx.settingsManager.set(modelKey, body.model);
+        }
+        if (body.baseUrl && providerType === 'openai-compatible') {
+            await ctx.settingsManager.set('providers.openai-compat.baseUrl', body.baseUrl);
+        }
+    }
+    finally {
+        release();
+    }
+    broadcastSettingsChange(ctx, ['providers'], false, []);
+    sendJSON(res, 201, {
+        provider: { type: providerType, apiKey: ctx.settingsManager.get(existingKey).value },
+        requiresRestart: false,
+        restartAffected: [],
+    });
+}
+export async function handlePatchProvider(req, res, ctx, providerType) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'admin'))
+        return;
+    if (!VALID_PROVIDER_TYPES.has(providerType)) {
+        sendError(res, 404, 'NOT_FOUND', `Unknown provider type: ${providerType}`);
+        return;
+    }
+    const body = await readBody(req);
+    const prefix = `providers.${providerType === 'openai-compatible' ? 'openai-compat' : providerType}`;
+    const release = await writeMutex.acquire();
+    try {
+        if (body.apiKey)
+            await ctx.settingsManager.set(`${prefix}.apiKey`, body.apiKey);
+        if (body.model)
+            await ctx.settingsManager.set(`${prefix}.model`, body.model);
+        if (body.baseUrl && providerType === 'openai-compatible')
+            await ctx.settingsManager.set(`${prefix}.baseUrl`, body.baseUrl);
+    }
+    finally {
+        release();
+    }
+    broadcastSettingsChange(ctx, ['providers'], false, []);
+    const result = { type: providerType };
+    result.apiKey = ctx.settingsManager.get(`${prefix}.apiKey`).value;
+    if (providerType === 'openai-compatible')
+        result.baseUrl = ctx.settingsManager.get(`${prefix}.baseUrl`).value;
+    if (body.model)
+        result.model = body.model;
+    sendJSON(res, 200, { provider: result, requiresRestart: false, restartAffected: [] });
+}
+export async function handleDeleteProvider(req, res, ctx, providerType) {
+    const apiKey = req.apiKey;
+    if (!requireScope(res, apiKey, 'admin'))
+        return;
+    if (!VALID_PROVIDER_TYPES.has(providerType)) {
+        sendError(res, 404, 'NOT_FOUND', `Unknown provider type: ${providerType}`);
+        return;
+    }
+    const prefix = `providers.${providerType === 'openai-compatible' ? 'openai-compat' : providerType}`;
+    // Check how many providers have keys configured
+    let configuredCount = 0;
+    for (const pType of ['openai', 'anthropic', 'glm', 'openai-compatible']) {
+        const p = `providers.${pType === 'openai-compatible' ? 'openai-compat' : pType}.apiKey`;
+        const val = ctx.settingsManager.get(p);
+        if (val.value != null)
+            configuredCount++;
+    }
+    if (configuredCount <= 1) {
+        sendError(res, 422, 'VALIDATION_ERROR', 'Cannot remove the last configured provider.');
+        return;
+    }
+    const release = await writeMutex.acquire();
+    try {
+        await ctx.settingsManager.reset(`${prefix}.apiKey`);
+        try {
+            await ctx.settingsManager.reset(`${prefix}.model`);
+        }
+        catch { /* may not exist */ }
+        try {
+            await ctx.settingsManager.reset(`${prefix}.baseUrl`);
+        }
+        catch { /* may not exist */ }
+    }
+    finally {
+        release();
+    }
+    broadcastSettingsChange(ctx, ['providers'], false, []);
+    sendJSON(res, 200, { removed: providerType, requiresRestart: false, restartAffected: [] });
+}
+// ── WS Handlers ───────────────────────────────────────────────────────────
+export function handleWsGetSettings(msg, ws, state, ctx) {
+    if (!requireWsScope(state, 'agent:read')) {
+        ws.send(JSON.stringify({ type: 'settings', id: msg.id, error: { code: 'FORBIDDEN', message: 'Requires agent:read scope' } }));
+        return;
+    }
+    const all = ctx.settingsManager.listByCategory();
+    const filtered = msg.category ? { [msg.category]: all[msg.category] ?? [] } : all;
+    ws.send(JSON.stringify({ type: 'settings', id: msg.id, settings: filtered }));
+}
+export async function handleWsUpdateSettings(msg, ws, state, ctx) {
+    if (!requireWsScope(state, 'admin')) {
+        ws.send(JSON.stringify({ type: 'settings_updated', id: msg.id, error: { code: 'FORBIDDEN', message: 'Requires admin scope' } }));
+        return;
+    }
+    const settings = msg.settings ?? {};
+    const applied = {};
+    const changedFields = [];
+    const errors = [];
+    let requiresRestart = false;
+    const restartAffected = [];
+    const release = await writeMutex.acquire();
+    try {
+        for (const [cat, fields] of Object.entries(settings)) {
+            if (typeof fields !== 'object' || fields === null)
+                continue;
+            applied[cat] = {};
+            for (const [key, value] of Object.entries(fields)) {
+                const dotKey = `${cat}.${key}`;
+                try {
+                    await ctx.settingsManager.set(dotKey, String(value));
+                    applied[cat][key] = ctx.settingsManager.get(dotKey).value;
+                    changedFields.push(dotKey);
+                    const schema = SETTINGS_SCHEMA.get(dotKey);
+                    if (schema?.restartRequired) {
+                        requiresRestart = true;
+                        restartAffected.push(dotKey);
+                    }
+                }
+                catch (e) {
+                    errors.push({ field: dotKey, message: e.message });
+                }
+            }
+        }
+    }
+    finally {
+        release();
+    }
+    if (errors.length > 0) {
+        ws.send(JSON.stringify({
+            type: 'settings_updated', id: msg.id,
+            error: { code: 'VALIDATION_ERROR', message: `${errors.length} field(s) failed validation`, details: errors },
+        }));
+        return;
+    }
+    // Respond to sender
+    ws.send(JSON.stringify({ type: 'settings_updated', id: msg.id, applied, requiresRestart, restartAffected }));
+    // Broadcast to others
+    broadcastSettingsChange(ctx, changedFields, requiresRestart, restartAffected, ws);
+}
+// ── Broadcast ─────────────────────────────────────────────────────────────
+function broadcastSettingsChange(ctx, changedFields, requiresRestart, restartAffected, excludeWs) {
+    const categories = new Set(changedFields.map(f => f.split('.')[0]));
+    const message = JSON.stringify({
+        type: 'settings_changed',
+        changedCategories: [...categories],
+        changedFields,
+        requiresRestart,
+        restartAffected,
+        timestamp: new Date().toISOString(),
+    });
+    for (const client of ctx.getOtherClients(excludeWs)) {
+        try {
+            client.ws.send(message);
+        }
+        catch { /* best-effort */ }
+    }
+}

package/dist/adapters/server/standalone.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+#!/usr/bin/env node
+/**
+ * Zoe Server — Standalone Entry Point
+ *
+ * Starts the Zoe remote server as a standalone process.
+ * Suitable as a Docker CMD/ENTRYPOINT or direct CLI invocation.
+ *
+ * Usage:
+ *   node dist/adapters/server/standalone.js
+ *   node dist/adapters/server/standalone.js --generate-api-key
+ *
+ * Environment variables:
+ *   ZOE_PORT / PORT     — Port to listen on (default: 7337)
+ *   ZOE_HOST            — Host to bind to (default: "0.0.0.0")
+ *   ZOE_SESSION_DIR     — Directory for session storage
+ *   ZOE_SESSION_TTL     — Session TTL in seconds (default: 86400)
+ *   ZOE_API_KEYS_FILE   — Path to API key store file
+ */
+export {};