Class: Clacky::Server::HttpServer

Inherits:

Object

• Object
• Clacky::Server::HttpServer

Defined in:

lib/clacky/server/http_server.rb

Overview

HttpServer runs an embedded WEBrick HTTP server with WebSocket support.

Routes:

GET  /ws                     → WebSocket upgrade (all real-time communication)
*    /api/*                  → JSON REST API (sessions, tasks, schedules)
GET  /**                     → static files served from lib/clacky/web/ directory

Defined Under Namespace

Classes: WebSocketConnection

Constant Summary

WEB_ROOT =

File.expand_path("../web", __dir__)

DEFAULT_SOUL_MD =

Default SOUL.md written when the user skips the onboard conversation. A richer version is created by the Agent during the soul_setup phase.

<<~MD.freeze
  # Clacky — Agent Soul

  You are Clacky, a friendly and capable AI coding assistant and technical
  co-founder. You are sharp, concise, and proactive. You speak plainly and
  avoid unnecessary formality. You love helping people ship great software.

  ## Personality
  - Warm and encouraging, but direct and honest
  - Think step-by-step before acting; explain your reasoning briefly
  - Prefer doing over talking — use tools, write code, ship results
  - Adapt your language and tone to match the user's style

  ## Strengths
  - Full-stack software development (Ruby, Python, JS, and more)
  - Architectural thinking and code review
  - Debugging tricky problems with patience and creativity
  - Breaking big goals into small, executable steps
MD

DEFAULT_SOUL_MD_ZH =

Default SOUL.md for Chinese-language users.

<<~MD.freeze
  # Clacky — 助手灵魂

  你是 Clacky，一位友好、能干的 AI 编程助手和技术联合创始人。
  你思维敏锐、言简意赅、主动积极。你说话直接，不喜欢过度客套。
  你热爱帮助用户打造优秀的软件产品。

  **重要：始终用中文回复用户。**

  ## 性格特点
  - 热情鼓励，但直接诚实
  - 行动前先思考；简要说明你的推理过程
  - 重行动而非空谈 —— 善用工具，写代码，交付结果
  - 根据用户的风格调整语气和表达方式

  ## 核心能力
  - 全栈软件开发（Ruby、Python、JS 等）
  - 架构设计与代码审查
  - 耐心细致地调试复杂问题
  - 将大目标拆解为可执行的小步骤
MD

BRAND_HEARTBEAT_MUTEX =

Process-wide mutex guarding heartbeat trigger state. Used by #trigger_async_heartbeat! to ensure only one heartbeat Thread is in flight at a time, no matter how many concurrent /api/brand/status requests arrive from the Web UI poller.

Mutex.new

BRAND_DIST_REFRESH_MUTEX =

Mutex + inflight flag for async distribution refresh. Mirrors the heartbeat pattern above so the same guarantees hold: at most one refresh thread per process regardless of how many concurrent /api/brand/status polls arrive from the Web UI.

Mutex.new

@@brand_heartbeat_inflight =

Tracks whether a heartbeat Thread is currently running.

false

@@brand_dist_refresh_inflight =

false

Instance Method Summary

• #_dispatch_rest(req, res) ⇒ Object
• #api_brand_activate(req, res) ⇒ Object

  POST /api/brand/activate Body: { license_key: “XXXX-XXXX-XXXX-XXXX-XXXX” } Activates the license and persists the result to brand.yml.

• #api_brand_info(res) ⇒ Object

  GET /api/brand Returns brand metadata consumed by the WebUI on boot to dynamically replace branding strings.

• #api_brand_skill_install(slug, req, res) ⇒ Object

  POST /api/brand/skills/:name/install Downloads and installs (or updates) the given brand skill.

• #api_brand_skills(res) ⇒ Object

  POST /api/store/skills/:slug/install.

• #api_brand_status(res) ⇒ Object

  GET /api/brand/status Returns whether brand activation is needed.

• #api_browser_configure(req, res) ⇒ Object

  POST /api/browser/configure Called by browser-setup skill to write browser.yml and hot-reload the daemon.

• #api_browser_reload(res) ⇒ Object

  POST /api/browser/reload Called by browser-setup skill after writing browser.yml.

• #api_browser_status(res) ⇒ Object

  GET /api/browser/status Returns real daemon liveness from BrowserManager (not just yml read).

• #api_browser_toggle(res) ⇒ Object

  POST /api/browser/toggle.

• #api_change_session_working_dir(session_id, req, res) ⇒ Object
• #api_create_cron_task(req, res) ⇒ Object

  POST /api/cron-tasks — create task file + schedule in one step Body: { name, content, cron, enabled? }.

• #api_create_session(req, res) ⇒ Object
• #api_delete_channel(platform, res) ⇒ Object

  DELETE /api/channels/:platform Disables the platform (keeps credentials, sets enabled: false).

• #api_delete_cron_task(name, res) ⇒ Object

  DELETE /api/cron-tasks/:name — remove task file + schedule.

• #api_delete_session(session_id, res) ⇒ Object
• #api_export_session(session_id, res) ⇒ Object

  Export a session bundle as a .zip download containing: - session.json (always) - chunk-*.md (0..N archived conversation chunks) Useful for debugging — user clicks “download” in the WebUI status bar and we can ask them to attach the zip to a bug report.

• #api_get_config(res) ⇒ Object

  GET /api/config — return current model configurations.

• #api_get_version(res) ⇒ Object

  GET /api/version Returns current version and latest version from RubyGems (cached for 1 hour).

• #api_list_channels(res) ⇒ Object
• #api_list_cron_tasks(res) ⇒ Object

  GET /api/cron-tasks.

• #api_list_providers(res) ⇒ Object

  GET /api/providers — return built-in provider presets for quick setup.

• #api_list_sessions(req, res) ⇒ Object

  ── REST API ──────────────────────────────────────────────────────────────.

• #api_list_skills(res) ⇒ Object

  GET /api/skills — list all loaded skills with metadata.

• #api_onboard_complete(req, res) ⇒ Object

  POST /api/onboard/complete Called after key setup is done (soul_setup is optional/skipped).

• #api_onboard_skip_soul(req, res) ⇒ Object

  POST /api/onboard/skip-soul Writes a minimal SOUL.md so the soul_setup phase is not re-triggered on the next server start when the user chooses to skip the conversation.

• #api_onboard_status(res) ⇒ Object

  GET /api/onboard/status Phase “key_setup” → no API key configured yet Phase “soul_setup” → key configured, but ~/.clacky/agents/SOUL.md missing needs_onboard: false → fully set up.

• #api_open_file(req, res) ⇒ Object

  POST /api/open-file Opens a local file or directory using the OS default handler.

• #api_rename_session(session_id, req, res) ⇒ Object
• #api_restart(req, res) ⇒ Object

  POST /api/restart Re-execs the current process so the newly installed gem version is loaded.

• #api_run_cron_task(name, res) ⇒ Object

  POST /api/cron-tasks/:name/run — execute immediately.

• #api_save_channel(platform, req, res) ⇒ Object

  POST /api/channels/:platform Body: { fields… } (platform-specific credential fields) Saves credentials and optionally (re)starts the adapter.

• #api_save_config(req, res) ⇒ Object

  POST /api/config — save updated model list Body: { models: [ { id?, index, model, base_url, api_key, anthropic_format, type } ] } - id may be present for existing models (preserved) or absent for newly added models (a new id is generated).

• #api_session_messages(session_id, req, res) ⇒ Object

  GET /api/sessions/:id/messages?limit=20&before=1709123456.789 Replays conversation history for a session via the agent’s replay_history method.

• #api_session_skills(session_id, res) ⇒ Object

  GET /api/sessions/:id/skills — list user-invocable skills for a session, filtered by the session’s agent profile.

• #api_store_skills(res) ⇒ Object

  GET /api/brand/skills Fetches the brand skills list from the cloud, enriched with local installed version.

• #api_switch_session_model(session_id, req, res) ⇒ Object
• #api_test_channel(platform, req, res) ⇒ Object

  POST /api/channels/:platform/test Body: { fields… } (credentials to test — NOT saved) Tests connectivity using the provided credentials without persisting.

• #api_test_config(req, res) ⇒ Object

  POST /api/config/test — test connection for a single model config Body: { model, base_url, api_key, anthropic_format }.

• #api_toggle_skill(name, req, res) ⇒ Object

  PATCH /api/skills/:name/toggle — enable or disable a skill Body: { enabled: true/false }.

• #api_tool_browser(req, res) ⇒ Object

  GET /api/channels Returns current config and running status for all supported platforms.

• #api_update_cron_task(name, req, res) ⇒ Object

  PATCH /api/cron-tasks/:name — update content and/or cron/enabled Body: { content?, cron?, enabled? }.

• #api_upgrade_version(req, res) ⇒ Object

  POST /api/version/upgrade Upgrades openclacky in a background thread, streaming output via WebSocket broadcast.

• #api_upload_file(req, res) ⇒ Object

  POST /api/upload Accepts a multipart/form-data file upload (field name: “file”).

• #broadcast(session_id, event) ⇒ Object

  Broadcast an event to all clients subscribed to a session.

• #broadcast_all(event) ⇒ Object

  Broadcast an event to every connected client (regardless of session subscription).

• #broadcast_session_update(session_id) ⇒ Object

  Broadcast a session_update event to all clients so they can patch their local session list without needing a full session_list refresh.

• #build_session(name:, working_dir:, permission_mode: :confirm_all, profile: "general", source: :manual, model_override: nil) ⇒ Object

  Create a session in the registry and wire up Agent + WebUIController.

• #build_session_from_data(session_data, permission_mode: :confirm_all) ⇒ Object

  Restore a persisted session from saved session_data (from SessionManager).

• #create_default_session ⇒ Object

  Auto-restore persisted sessions (or create a fresh default) when the server starts.

• #default_working_dir ⇒ Object

  ── Helpers ───────────────────────────────────────────────────────────────.

• #deliver_confirmation(session_id, conf_id, result) ⇒ Object
• #dispatch(req, res) ⇒ Object

  ── Router ────────────────────────────────────────────────────────────────.

• #handle_user_message(session_id, content, files = []) ⇒ Object

  ── Session actions ───────────────────────────────────────────────────────.

• #handle_websocket(req, res) ⇒ Object

  Hijacks the TCP socket from WEBrick and upgrades it to WebSocket.

• #initialize(host: "127.0.0.1", port: 7070, agent_config:, client_factory:, brand_test: false, sessions_dir: nil, socket: nil, master_pid: nil) ⇒ HttpServer constructor

  A new instance of HttpServer.

• #interrupt_session(session_id) ⇒ Object
• #json_response(res, status, data) ⇒ Object
• #mask_api_key(key) ⇒ Object

  Mask API key for display: show first 8 + last 4 chars, middle replaced with ****.

• #not_found(res) ⇒ Object
• #on_ws_close(conn) ⇒ Object
• #on_ws_message(conn, raw) ⇒ Object
• #on_ws_open(conn) ⇒ Object
• #parse_json_body(req) ⇒ Object
• #start ⇒ Object
• #start_pending_task(session_id) ⇒ Object

  Start the pending task for a session.

• #subscribe(session_id, conn) ⇒ Object

  ── WebSocket subscription management ─────────────────────────────────────.

• #trigger_async_distribution_refresh! ⇒ Object

  Fire a public-distribution refresh in a background Thread.

• #trigger_async_heartbeat! ⇒ Object

  Fire a heartbeat in a background Thread without blocking the caller.

• #unsubscribe(conn) ⇒ Object
• #unsubscribe_all(session_id) ⇒ Object
• #websocket_upgrade?(req) ⇒ Boolean

  ── WebSocket ─────────────────────────────────────────────────────────────.

Constructor Details

#initialize(host: "127.0.0.1", port: 7070, agent_config:, client_factory:, brand_test: false, sessions_dir: nil, socket: nil, master_pid: nil) ⇒ HttpServer

Returns a new instance of HttpServer.

# File 'lib/clacky/server/http_server.rb', line 146

def initialize(host: "127.0.0.1", port: 7070, agent_config:, client_factory:, brand_test: false, sessions_dir: nil, socket: nil, master_pid: nil)
  @host           = host
  @port           = port
  @agent_config   = agent_config
  @client_factory = client_factory  # callable: -> { Clacky::Client.new(...) }
  @brand_test     = brand_test      # when true, skip remote API calls for license activation
  @inherited_socket = socket        # TCPServer socket passed from Master (nil = standalone mode)
  @master_pid       = master_pid    # Master PID so we can send USR1 on upgrade/restart
  # Capture the absolute path of the entry script and original ARGV at startup,
  # so api_restart can re-exec the correct binary even if cwd changes later.
  @restart_script = File.expand_path($0)
  @restart_argv   = ARGV.dup
  @session_manager = Clacky::SessionManager.new(sessions_dir: sessions_dir)
  @registry        = SessionRegistry.new(
    session_manager:  @session_manager,
    session_restorer: method(:build_session_from_data)
  )
  @ws_clients      = {}   # session_id => [WebSocketConnection, ...]
  @all_ws_conns    = []   # every connected WS client, regardless of session subscription
  @ws_mutex        = Mutex.new
  # Version cache: { latest: "x.y.z", checked_at: Time }
  @version_cache   = nil
  @version_mutex   = Mutex.new
  @scheduler       = Scheduler.new(
    session_registry: @registry,
    session_builder:  method(:build_session),
    task_runner:      method(:run_agent_task)
  )
  @channel_manager = Clacky::Channel::ChannelManager.new(
    session_registry:  @registry,
    session_builder:   method(:build_session),
    run_agent_task:    method(:run_agent_task),
    interrupt_session: method(:interrupt_session),
    channel_config:    Clacky::ChannelConfig.load
  )
  @browser_manager = Clacky::BrowserManager.instance
  @skill_loader    = Clacky::SkillLoader.new(working_dir: nil, brand_config: Clacky::BrandConfig.load)
  # Access key authentication:
  # - localhost (127.0.0.1 / ::1) is always trusted; auth is skipped entirely.
  # - Any other bind address requires CLACKY_ACCESS_KEY env var.
  @localhost_only      = local_host?(@host)
  @access_key          = @localhost_only ? nil : resolve_access_key
  @auth_failures       = {}
  @auth_failures_mutex = Mutex.new
  if @localhost_only
    Clacky::Logger.info("[HttpServer] Localhost mode — authentication disabled")
  else
    Clacky::Logger.info("[HttpServer] Public mode — access key authentication ENABLED")
  end
end

Instance Method Details

#_dispatch_rest(req, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 367

def _dispatch_rest(req, res)
  path   = req.path
  method = req.request_method

  case [method, path]
  when ["GET",    "/api/sessions"]      then api_list_sessions(req, res)
  when ["POST",   "/api/sessions"]      then api_create_session(req, res)
  when ["GET",    "/api/cron-tasks"]    then api_list_cron_tasks(res)
  when ["POST",   "/api/cron-tasks"]    then api_create_cron_task(req, res)
  when ["GET",    "/api/skills"]         then api_list_skills(res)
  when ["GET",    "/api/config"]        then api_get_config(res)
  when ["POST",   "/api/config"]        then api_save_config(req, res)
  when ["POST",   "/api/config/test"]   then api_test_config(req, res)
  when ["GET",    "/api/providers"]     then api_list_providers(res)
  when ["GET",    "/api/onboard/status"]    then api_onboard_status(res)
  when ["GET",    "/api/browser/status"]    then api_browser_status(res)
  when ["POST",   "/api/browser/configure"]  then api_browser_configure(req, res)
  when ["POST",   "/api/browser/reload"]    then api_browser_reload(res)
  when ["POST",   "/api/browser/toggle"]    then api_browser_toggle(res)
  when ["POST",   "/api/onboard/complete"]  then api_onboard_complete(req, res)
  when ["POST",   "/api/onboard/skip-soul"] then api_onboard_skip_soul(req, res)
  when ["GET",    "/api/store/skills"]          then api_store_skills(res)
  when ["GET",    "/api/brand/status"]      then api_brand_status(res)
  when ["POST",   "/api/brand/activate"]    then api_brand_activate(req, res)
  when ["DELETE", "/api/brand/license"]     then api_brand_deactivate(res)
  when ["GET",    "/api/brand/skills"]      then api_brand_skills(res)
  when ["GET",    "/api/brand"]             then api_brand_info(res)
  when ["GET",    "/api/creator/skills"]    then api_creator_skills(res)
  when ["GET",    "/api/channels"]          then api_list_channels(res)
  when ["POST",   "/api/tool/browser"]      then api_tool_browser(req, res)
  when ["POST",   "/api/upload"]            then api_upload_file(req, res)
  when ["POST",   "/api/open-file"]         then api_open_file(req, res)
  when ["GET",    "/api/version"]           then api_get_version(res)
  when ["POST",   "/api/version/upgrade"]   then api_upgrade_version(req, res)
  when ["POST",   "/api/restart"]           then api_restart(req, res)
  when ["PATCH",  "/api/sessions/:id/model"] then api_switch_session_model(req, res)
  when ["PATCH",  "/api/sessions/:id/working_dir"] then api_change_session_working_dir(req, res)
  else
    if method == "POST" && path.match?(%r{^/api/channels/[^/]+/test$})
      platform = path.sub("/api/channels/", "").sub("/test", "")
      api_test_channel(platform, req, res)
    elsif method == "POST" && path.start_with?("/api/channels/")
      platform = path.sub("/api/channels/", "")
      api_save_channel(platform, req, res)
    elsif method == "DELETE" && path.start_with?("/api/channels/")
      platform = path.sub("/api/channels/", "")
      api_delete_channel(platform, res)
    elsif method == "GET" && path.match?(%r{^/api/sessions/[^/]+/skills$})
      session_id = path.sub("/api/sessions/", "").sub("/skills", "")
      api_session_skills(session_id, res)
    elsif method == "GET" && path.match?(%r{^/api/sessions/[^/]+/export$})
      session_id = path.sub("/api/sessions/", "").sub("/export", "")
      api_export_session(session_id, res)
    elsif method == "GET" && path.match?(%r{^/api/sessions/[^/]+/messages$})
      session_id = path.sub("/api/sessions/", "").sub("/messages", "")
      api_session_messages(session_id, req, res)
    elsif method == "PATCH" && path.match?(%r{^/api/sessions/[^/]+$})
      session_id = path.sub("/api/sessions/", "")
      api_rename_session(session_id, req, res)
    elsif method == "PATCH" && path.match?(%r{^/api/sessions/[^/]+/model$})
      session_id = path.sub("/api/sessions/", "").sub("/model", "")
      api_switch_session_model(session_id, req, res)
    elsif method == "PATCH" && path.match?(%r{^/api/sessions/[^/]+/working_dir$})
      session_id = path.sub("/api/sessions/", "").sub("/working_dir", "")
      api_change_session_working_dir(session_id, req, res)
    elsif method == "DELETE" && path.start_with?("/api/sessions/")
      session_id = path.sub("/api/sessions/", "")
      api_delete_session(session_id, res)
    elsif method == "POST" && path.match?(%r{^/api/cron-tasks/[^/]+/run$})
      name = URI.decode_www_form_component(path.sub("/api/cron-tasks/", "").sub("/run", ""))
      api_run_cron_task(name, res)
    elsif method == "PATCH" && path.match?(%r{^/api/cron-tasks/[^/]+$})
      name = URI.decode_www_form_component(path.sub("/api/cron-tasks/", ""))
      api_update_cron_task(name, req, res)
    elsif method == "DELETE" && path.match?(%r{^/api/cron-tasks/[^/]+$})
      name = URI.decode_www_form_component(path.sub("/api/cron-tasks/", ""))
      api_delete_cron_task(name, res)
    elsif method == "PATCH" && path.match?(%r{^/api/skills/[^/]+/toggle$})
      name = URI.decode_www_form_component(path.sub("/api/skills/", "").sub("/toggle", ""))
      api_toggle_skill(name, req, res)
    elsif method == "POST" && path.match?(%r{^/api/brand/skills/[^/]+/install$})
      slug = URI.decode_www_form_component(path.sub("/api/brand/skills/", "").sub("/install", ""))
      api_brand_skill_install(slug, req, res)
    elsif method == "POST" && path.match?(%r{^/api/my-skills/[^/]+/publish$})
      name = URI.decode_www_form_component(path.sub("/api/my-skills/", "").sub("/publish", ""))
      api_publish_my_skill(name, req, res)
    else
      not_found(res)
    end
  end
end

#api_brand_activate(req, res) ⇒ Object

POST /api/brand/activate Body: { license_key: “XXXX-XXXX-XXXX-XXXX-XXXX” } Activates the license and persists the result to brand.yml.

# File 'lib/clacky/server/http_server.rb', line 800

def api_brand_activate(req, res)
  body = parse_json_body(req)
  key  = body["license_key"].to_s.strip

  if key.empty?
    json_response(res, 422, { ok: false, error: "license_key is required" })
    return
  end

  brand  = Clacky::BrandConfig.load
  result = @brand_test ? brand.activate_mock!(key) : brand.activate!(key)

  if result[:success]
    # Refresh skill_loader with the now-activated brand config so brand
    # skills are loadable from this point forward (e.g. after sync).
    @skill_loader = Clacky::SkillLoader.new(working_dir: nil, brand_config: brand)
    json_response(res, 200, {
      ok:            true,
      product_name:  result[:product_name] || brand.product_name,
      user_id:       result[:user_id] || brand.license_user_id,
      user_licensed: brand.user_licensed?
    })
  else
    json_response(res, 422, { ok: false, error: result[:message] })
  end
end

#api_brand_info(res) ⇒ Object

GET /api/brand Returns brand metadata consumed by the WebUI on boot to dynamically replace branding strings.

# File 'lib/clacky/server/http_server.rb', line 955

def api_brand_info(res)
  brand = Clacky::BrandConfig.load
  json_response(res, 200, brand.to_h)
end

#api_brand_skill_install(slug, req, res) ⇒ Object

POST /api/brand/skills/:name/install Downloads and installs (or updates) the given brand skill. Body may optionally contain { skill_info: … } from the frontend cache; otherwise we re-fetch to get the download_url.

# File 'lib/clacky/server/http_server.rb', line 910

def api_brand_skill_install(slug, req, res)
  brand = Clacky::BrandConfig.load

  unless brand.activated?
    json_response(res, 403, { ok: false, error: "License not activated" })
    return
  end

  # Re-fetch the skills list to get the authoritative download_url
  if @brand_test
    all_skills = mock_brand_skills(brand)[:skills]
  else
    fetch_result = brand.fetch_brand_skills!
    unless fetch_result[:success]
      json_response(res, 422, { ok: false, error: fetch_result[:error] })
      return
    end
    all_skills = fetch_result[:skills]
  end

  skill_info = all_skills.find { |s| s["name"] == slug }
  unless skill_info
    json_response(res, 404, { ok: false, error: "Skill '#{slug}' not found in license" })
    return
  end

  # In brand-test mode use the mock installer which writes a real .enc file
  # so the full decrypt → load → invoke code-path is exercised end-to-end.
  result = @brand_test ? brand.install_mock_brand_skill!(skill_info) : brand.install_brand_skill!(skill_info)

  if result[:success]
    # Reload skills so the Agent can pick up the new skill immediately.
    # Re-create the loader with the current brand_config so brand skills are decryptable.
    @skill_loader = Clacky::SkillLoader.new(working_dir: nil, brand_config: brand)
    json_response(res, 200, { ok: true, name: result[:name], version: result[:version] })
  else
    json_response(res, 422, { ok: false, error: result[:error] })
  end
rescue StandardError, ScriptError => e
  json_response(res, 500, { ok: false, error: e.message })
end

#api_brand_skills(res) ⇒ Object

POST /api/store/skills/:slug/install

# File 'lib/clacky/server/http_server.rb', line 864

def api_brand_skills(res)
  brand = Clacky::BrandConfig.load

  unless brand.activated?
    json_response(res, 403, { ok: false, error: "License not activated" })
    return
  end

  if @brand_test
    # Return mock skills in brand-test mode instead of calling the remote API
    result = mock_brand_skills(brand)
  else
    result = brand.fetch_brand_skills!
  end

  if result[:success]
    json_response(res, 200, { ok: true, skills: result[:skills], expires_at: result[:expires_at] })
  else
    # Remote API failed — fall back to locally installed skills so the user
    # can still see and use what they already have. Surface a soft warning.
    local_skills = brand.installed_brand_skills.map do |name, meta|
      {
        "name"              => meta["name"] || name,
        "name_zh"           => meta["name_zh"].to_s,
        # Use locally cached description so it renders correctly offline
        "description"       => meta["description"].to_s,
        "description_zh"    => meta["description_zh"].to_s,
        "installed_version" => meta["version"],
        "needs_update"      => false
      }
    end
    json_response(res, 200, {
      ok:           true,
      skills:       local_skills,
      # warning_code lets the frontend render a localized message.
      # `warning` is kept for back-compat and as an English fallback.
      warning_code: "remote_unavailable",
      warning:      "Could not reach the license server. Showing locally installed skills only."
    })
  end
end

#api_brand_status(res) ⇒ Object

GET /api/brand/status Returns whether brand activation is needed. Mirrors the onboard/status pattern so the frontend can gate on it.

Response:

{ branded: false }                              → no brand, nothing to do
{ branded: true, needs_activation: true,
  product_name: "JohnAI" }                     → license key required
{ branded: true, needs_activation: false,
  product_name: "JohnAI", warning: "..." }     → activated, possible warning

# File 'lib/clacky/server/http_server.rb', line 722

def api_brand_status(res)
  brand = Clacky::BrandConfig.load

  unless brand.branded?
    json_response(res, 200, { branded: false })
    return
  end

  unless brand.activated?
    # Refresh public brand assets (logo, theme, homepage_url, support_*)
    # if due. This catches the common case of `install.sh --brand-name=X`
    # which writes only product_name + package_name — without this poll
    # the user would never see the brand's logo/theme until activation.
    # Completely asynchronous: we do NOT wait for the network round-trip.
    #
    # `distribution_refresh_pending` lets the Web UI know a refresh is
    # in flight, so it can re-poll /api/brand shortly and apply the
    # logo/theme without requiring the user to activate or refresh the
    # page first.
    refresh_pending = false
    if brand.distribution_refresh_due?
      trigger_async_distribution_refresh!
      refresh_pending = true
    end

    json_response(res, 200, {
      branded:                       true,
      needs_activation:              true,
      product_name:                  brand.product_name,
      test_mode:                     @brand_test,
      distribution_refresh_pending:  refresh_pending
    })
    return
  end

  # Send heartbeat asynchronously if interval has elapsed (once per day).
  #
  # We must NOT block this HTTP response on the heartbeat call: a slow or
  # unreachable license server would otherwise stall the Web UI's first
  # paint for up to ~92s (2 hosts × 2 attempts × 23s timeout). The fresh
  # expires_at / last_heartbeat will be picked up on the next /api/brand/status
  # poll, which is sufficient for a once-per-day check.
  if brand.heartbeat_due?
    trigger_async_heartbeat!
  else
    Clacky::Logger.debug("[Brand] api_brand_status: heartbeat not due yet")
  end

  Clacky::Logger.debug("[Brand] api_brand_status: expired=#{brand.expired?} grace_exceeded=#{brand.grace_period_exceeded?} expires_at=#{brand.license_expires_at&.iso8601 || "nil"}")

  warning = nil
  if brand.expired?
    warning = "Your #{brand.product_name} license has expired. Please renew to continue."
  elsif brand.grace_period_exceeded?
    warning = "License server unreachable for more than 3 days. Please check your connection."
  elsif brand.license_expires_at && !brand.expired?
    days_remaining = ((brand.license_expires_at - Time.now.utc) / 86_400).ceil
    if days_remaining <= 7
      warning = "Your #{brand.product_name} license expires in #{days_remaining} day#{"s" if days_remaining != 1}. Please renew soon."
    end
  end

  Clacky::Logger.debug("[Brand] api_brand_status: warning=#{warning.inspect}")

  json_response(res, 200, {
    branded:          true,
    needs_activation: false,
    product_name:     brand.product_name,
    warning:          warning,
    test_mode:        @brand_test,
    user_licensed:    brand.user_licensed?,
    license_user_id:  brand.license_user_id
  })
end

#api_browser_configure(req, res) ⇒ Object

POST /api/browser/configure Called by browser-setup skill to write browser.yml and hot-reload the daemon. Body: { chrome_version: “146” }

# File 'lib/clacky/server/http_server.rb', line 561

def api_browser_configure(req, res)
  body          = JSON.parse(req.body.to_s) rescue {}
  chrome_version = body["chrome_version"].to_s.strip
  return json_response(res, 422, { ok: false, error: "chrome_version is required" }) if chrome_version.empty?

  @browser_manager.configure(chrome_version: chrome_version)
  json_response(res, 200, { ok: true })
rescue StandardError => e
  json_response(res, 500, { ok: false, error: e.message })
end

#api_browser_reload(res) ⇒ Object

POST /api/browser/reload Called by browser-setup skill after writing browser.yml. Hot-reloads the MCP daemon with the new configuration.

# File 'lib/clacky/server/http_server.rb', line 575

def api_browser_reload(res)
  @browser_manager.reload
  json_response(res, 200, { ok: true })
rescue StandardError => e
  json_response(res, 500, { ok: false, error: e.message })
end

#api_browser_status(res) ⇒ Object

GET /api/browser/status Returns real daemon liveness from BrowserManager (not just yml read).

# File 'lib/clacky/server/http_server.rb', line 554

def api_browser_status(res)
  json_response(res, 200, @browser_manager.status)
end

#api_browser_toggle(res) ⇒ Object

POST /api/browser/toggle

# File 'lib/clacky/server/http_server.rb', line 583

def api_browser_toggle(res)
  enabled = @browser_manager.toggle
  json_response(res, 200, { ok: true, enabled: enabled })
rescue StandardError => e
  json_response(res, 500, { ok: false, error: e.message })
end

#api_change_session_working_dir(session_id, req, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2236

def api_change_session_working_dir(session_id, req, res)
  body = parse_json_body(req)
  new_dir = body["working_dir"].to_s.strip

  return json_response(res, 400, { error: "working_dir is required" }) if new_dir.empty?
  return json_response(res, 404, { error: "Session not found" }) unless @registry.ensure(session_id)

  # Expand ~ to home directory
  expanded_dir = File.expand_path(new_dir)
  
  # Validate directory exists
  unless Dir.exist?(expanded_dir)
    return json_response(res, 400, { error: "Directory does not exist: #{expanded_dir}" })
  end

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }
  
  # Change the agent's working directory
  agent.change_working_dir(expanded_dir)
  
  # Persist the change
  @session_manager.save(agent.to_session_data)
  
  # Broadcast update to all clients
  broadcast_session_update(session_id)
  
  json_response(res, 200, { ok: true, working_dir: expanded_dir })
rescue => e
  json_response(res, 500, { error: e.message })
end

#api_create_cron_task(req, res) ⇒ Object

POST /api/cron-tasks — create task file + schedule in one step Body: { name, content, cron, enabled? }

# File 'lib/clacky/server/http_server.rb', line 1620

def api_create_cron_task(req, res)
  body    = parse_json_body(req)
  name    = body["name"].to_s.strip
  content = body["content"].to_s
  cron    = body["cron"].to_s.strip
  enabled = body.key?("enabled") ? body["enabled"] : true

  return json_response(res, 422, { error: "name is required" })    if name.empty?
  return json_response(res, 422, { error: "content is required" }) if content.empty?
  return json_response(res, 422, { error: "cron is required" })    if cron.empty?

  fields = cron.strip.split(/\s+/)
  unless fields.size == 5
    return json_response(res, 422, { error: "cron must have 5 fields (min hour dom month dow)" })
  end

  @scheduler.create_cron_task(name: name, content: content, cron: cron, enabled: enabled)
  json_response(res, 201, { ok: true, name: name })
end

#api_create_session(req, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 487

def api_create_session(req, res)
  body = parse_json_body(req)
  name = body["name"]
  return json_response(res, 400, { error: "name is required" }) if name.nil? || name.strip.empty?

  # Optional agent_profile; defaults to "general" if omitted or invalid
  profile = body["agent_profile"].to_s.strip
  profile = "general" if profile.empty?

  # Optional source; defaults to :manual. Accept "system" for skill-launched sessions
  # (e.g. /onboard, /browser-setup, /channel-setup).
  raw_source = body["source"].to_s.strip
  source = %w[manual cron channel setup].include?(raw_source) ? raw_source.to_sym : :manual

  raw_dir = body["working_dir"].to_s.strip
  working_dir = raw_dir.empty? ? default_working_dir : File.expand_path(raw_dir)

  # Optional model override
  model_override = body["model"].to_s.strip
  model_override = nil if model_override.empty?

  # Create working directory if it doesn't exist
  # Allow multiple sessions in the same directory
  FileUtils.mkdir_p(working_dir)

  session_id = build_session(name: name, working_dir: working_dir, profile: profile, source: source, model_override: model_override)
  broadcast_session_update(session_id)
  json_response(res, 201, { session: @registry.session_summary(session_id) })
end

#api_delete_channel(platform, res) ⇒ Object

DELETE /api/channels/:platform Disables the platform (keeps credentials, sets enabled: false).

# File 'lib/clacky/server/http_server.rb', line 1483

def api_delete_channel(platform, res)
  platform = platform.to_sym
  config   = Clacky::ChannelConfig.load
  config.disable_platform(platform)
  config.save

  @channel_manager.reload_platform(platform, config)

  json_response(res, 200, { ok: true })
rescue StandardError => e
  json_response(res, 422, { ok: false, error: e.message })
end

#api_delete_cron_task(name, res) ⇒ Object

DELETE /api/cron-tasks/:name — remove task file + schedule

# File 'lib/clacky/server/http_server.rb', line 1659

def api_delete_cron_task(name, res)
  if @scheduler.delete_cron_task(name)
    json_response(res, 200, { ok: true })
  else
    json_response(res, 404, { error: "Cron task not found: #{name}" })
  end
end

#api_delete_session(session_id, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2268

def api_delete_session(session_id, res)
  # A session exists if it's either in the runtime registry OR on disk.
  # Old sessions that were never restored into memory this server run
  # (e.g. shown via "load more" in the WebUI list) are disk-only — we
  # must still be able to delete them. Previously this endpoint only
  # consulted @registry and returned 404 for disk-only sessions,
  # causing the "can't delete old sessions" bug.
  in_registry = @registry.exist?(session_id)
  on_disk     = !@session_manager.load(session_id).nil?

  unless in_registry || on_disk
    return json_response(res, 404, { error: "Session not found" })
  end

  # Registry delete is best-effort — only meaningful when the session
  # is actually live (cancels idle timer, interrupts the agent thread).
  # For disk-only sessions this is a no-op and returns false, which is
  # fine and no longer blocks the disk cleanup below.
  @registry.delete(session_id) if in_registry

  # Always physically remove the persisted session file (+ chunks).
  @session_manager.delete(session_id) if on_disk

  # Notify any still-connected clients (mainly matters when the
  # session was live, but harmless otherwise).
  broadcast(session_id, { type: "session_deleted", session_id: session_id })
  unsubscribe_all(session_id)

  json_response(res, 200, { ok: true })
end

#api_export_session(session_id, res) ⇒ Object

Export a session bundle as a .zip download containing:

- session.json          (always)
- chunk-*.md            (0..N archived conversation chunks)

Useful for debugging — user clicks “download” in the WebUI status bar and we can ask them to attach the zip to a bug report.

# File 'lib/clacky/server/http_server.rb', line 2304

def api_export_session(session_id, res)
  bundle = @session_manager.files_for(session_id)
  unless bundle
    return json_response(res, 404, { error: "Session not found" })
  end

  require "zip"

  short_id = bundle[:session][:session_id].to_s[0..7]
  # Build the zip entirely in memory — session files are small (< few MB).
  buffer = Zip::OutputStream.write_buffer do |zos|
    zos.put_next_entry("session.json")
    zos.write(File.binread(bundle[:json_path]))

    bundle[:chunks].each do |chunk_path|
      # Preserve original chunk filename so the ordering (chunk-1.md, chunk-2.md, ...) is clear.
      zos.put_next_entry(File.basename(chunk_path))
      zos.write(File.binread(chunk_path))
    end
  end
  buffer.rewind
  data = buffer.read

  filename = "clacky-session-#{short_id}.zip"
  res.status = 200
  res.content_type = "application/zip"
  res["Content-Disposition"] = %(attachment; filename="#{filename}")
  res["Access-Control-Allow-Origin"] = "*"
  # Force a fresh copy each time — debugging sessions get new chunks over time.
  res["Cache-Control"] = "no-store"
  res.body = data
rescue => e
  Clacky::Logger.error("Session export failed: #{e.message}") if defined?(Clacky::Logger)
  json_response(res, 500, { error: "Export failed: #{e.message}" })
end

#api_get_config(res) ⇒ Object

GET /api/config — return current model configurations

# File 'lib/clacky/server/http_server.rb', line 1970

def api_get_config(res)
  models = @agent_config.models.map.with_index do |m, i|
    {
      id:               m["id"],   # Stable runtime id — use this for switching
      index:            i,
      model:            m["model"],
      base_url:         m["base_url"],
      api_key_masked:   mask_api_key(m["api_key"]),
      anthropic_format: m["anthropic_format"] || false,
      type:             m["type"]
    }
  end
  # Filter out auto-injected models (like lite) from UI display
  models.reject! { |m| @agent_config.models[m[:index]]["auto_injected"] }
  json_response(res, 200, {
    models: models,
    current_index: @agent_config.current_model_index,
    current_id: @agent_config.current_model&.dig("id")
  })
end

#api_get_version(res) ⇒ Object

GET /api/version Returns current version and latest version from RubyGems (cached for 1 hour).

# File 'lib/clacky/server/http_server.rb', line 964

def api_get_version(res)
  current = Clacky::VERSION
  latest  = fetch_latest_version_cached
  json_response(res, 200, {
    current:      current,
    latest:       latest,
    needs_update: latest ? version_older?(current, latest) : false
  })
end

#api_list_channels(res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 1383

def api_list_channels(res)
  config   = Clacky::ChannelConfig.load
  running  = @channel_manager.running_platforms

  platforms = Clacky::Channel::Adapters.all.map do |klass|
    platform = klass.platform_id
    raw      = config.instance_variable_get(:@channels)[platform.to_s] || {}
    {
      platform:  platform,
      enabled:   !!raw["enabled"],
      running:   running.include?(platform),
      has_config: !config.platform_config(platform).nil?
    }.merge(platform_safe_fields(platform, config))
  end

  json_response(res, 200, { channels: platforms })
end

#api_list_cron_tasks(res) ⇒ Object

GET /api/cron-tasks

# File 'lib/clacky/server/http_server.rb', line 1614

def api_list_cron_tasks(res)
  json_response(res, 200, { cron_tasks: @scheduler.list_cron_tasks })
end

#api_list_providers(res) ⇒ Object

GET /api/providers — return built-in provider presets for quick setup

# File 'lib/clacky/server/http_server.rb', line 2117

def api_list_providers(res)
  providers = Clacky::Providers::PRESETS.map do |id, preset|
    {
      id:            id,
      name:          preset["name"],
      base_url:      preset["base_url"],
      default_model: preset["default_model"],
      models:        preset["models"] || [],
      website_url:   preset["website_url"]
    }
  end
  json_response(res, 200, { providers: providers })
end

#api_list_sessions(req, res) ⇒ Object

── REST API ──────────────────────────────────────────────────────────────

# File 'lib/clacky/server/http_server.rb', line 461

def api_list_sessions(req, res)
  query   = URI.decode_www_form(req.query_string.to_s).to_h
  limit   = [query["limit"].to_i.then { |n| n > 0 ? n : 20 }, 50].min
  before  = query["before"].to_s.strip.then  { |v| v.empty? ? nil : v }
  q       = query["q"].to_s.strip.then       { |v| v.empty? ? nil : v }
  date    = query["date"].to_s.strip.then    { |v| v.empty? ? nil : v }
  type    = query["type"].to_s.strip.then    { |v| v.empty? ? nil : v }
  # Backward-compat: ?source=<x> and ?profile=coding → type
  type ||= query["profile"].to_s.strip.then { |v| v.empty? ? nil : v }
  type ||= query["source"].to_s.strip.then  { |v| v.empty? ? nil : v }

  # Fetch one extra NON-PINNED row to detect has_more without a separate count query.
  # `registry.list` always returns ALL matching pinned rows first (on the
  # first page; `before` == nil), followed by non-pinned rows up to `limit+1`.
  # So has_more is determined by whether the non-pinned section overflowed.
  sessions = @registry.list(limit: limit + 1, before: before, q: q, date: date, type: type)

  # Split pinned vs non-pinned to apply has_more only to the non-pinned tail.
  pinned_part, non_pinned_part = sessions.partition { |s| s[:pinned] }
  has_more = non_pinned_part.size > limit
  non_pinned_part = non_pinned_part.first(limit)
  sessions = pinned_part + non_pinned_part

  json_response(res, 200, { sessions: sessions, has_more: has_more })
end

#api_list_skills(res) ⇒ Object

GET /api/skills — list all loaded skills with metadata

# File 'lib/clacky/server/http_server.rb', line 1689

def api_list_skills(res)
  @skill_loader.load_all  # refresh from disk on each request
  upload_meta = Clacky::BrandConfig.load_upload_meta
  shadowed    = @skill_loader.shadowed_by_local

  skills = @skill_loader.all_skills.reject(&:brand_skill).map do |skill|
    source = @skill_loader.loaded_from[skill.identifier]
    meta   = upload_meta[skill.identifier] || {}

    # Compute local modification time of SKILL.md for "has local changes" indicator
    skill_md_path = File.join(skill.directory.to_s, "SKILL.md")
    local_modified_at = File.exist?(skill_md_path) ? File.mtime(skill_md_path).utc.iso8601 : nil

    entry = {
      name:              skill.identifier,
      name_zh:           skill.name_zh,
      description:       skill.context_description,
      description_zh:    skill.description_zh,
      source:            source,
      enabled:           !skill.disabled?,
      invalid:           skill.invalid?,
      warnings:          skill.warnings,
      platform_version:  meta["platform_version"],
      uploaded_at:       meta["uploaded_at"],
      local_modified_at: local_modified_at,
      # true when this local skill is shadowing a same-named brand skill
      shadowing_brand:   shadowed.key?(skill.identifier)
    }
    entry[:invalid_reason] = skill.invalid_reason if skill.invalid?
    entry
  end
  json_response(res, 200, { skills: skills })
end

#api_onboard_complete(req, res) ⇒ Object

POST /api/onboard/complete Called after key setup is done (soul_setup is optional/skipped). Creates the default session if none exists yet, returns it.

# File 'lib/clacky/server/http_server.rb', line 593

def api_onboard_complete(req, res)
  create_default_session if @registry.list(limit: 1).empty?
  first_session = @registry.list(limit: 1).first
  json_response(res, 200, { ok: true, session: first_session })
end

#api_onboard_skip_soul(req, res) ⇒ Object

POST /api/onboard/skip-soul Writes a minimal SOUL.md so the soul_setup phase is not re-triggered on the next server start when the user chooses to skip the conversation.

# File 'lib/clacky/server/http_server.rb', line 602

def api_onboard_skip_soul(req, res)
  body = parse_json_body(req)
  lang = body["lang"].to_s.strip
  soul_content = lang == "zh" ? DEFAULT_SOUL_MD_ZH : DEFAULT_SOUL_MD

  agents_dir = File.expand_path("~/.clacky/agents")
  FileUtils.mkdir_p(agents_dir)
  soul_path = File.join(agents_dir, "SOUL.md")
  unless File.exist?(soul_path)
    File.write(soul_path, soul_content)
  end
  json_response(res, 200, { ok: true })
end

#api_onboard_status(res) ⇒ Object

GET /api/onboard/status Phase “key_setup” → no API key configured yet Phase “soul_setup” → key configured, but ~/.clacky/agents/SOUL.md missing needs_onboard: false → fully set up

# File 'lib/clacky/server/http_server.rb', line 544

def api_onboard_status(res)
  if !@agent_config.models_configured?
    json_response(res, 200, { needs_onboard: true, phase: "key_setup" })
  else
    json_response(res, 200, { needs_onboard: false })
  end
end

#api_open_file(req, res) ⇒ Object

POST /api/open-file Opens a local file or directory using the OS default handler. Used by the Web UI to handle file:// links — browsers block direct file:// navigation from http:// pages for security reasons.

# File 'lib/clacky/server/http_server.rb', line 1426

def api_open_file(req, res)
  path = parse_json_body(req)["path"]
  return json_response(res, 400, { error: "path is required" }) unless path && !path.empty?

  # On WSL the file may be specified as a Windows path (e.g. "C:/Users/…").
  # Convert it to the Linux-side path so File.exist? works.
  linux_path = Utils::EnvironmentDetector.win_to_linux_path(path)

  return json_response(res, 404, { error: "file not found" }) unless File.exist?(linux_path)

  result = Utils::EnvironmentDetector.open_file(linux_path)
  return json_response(res, 501, { error: "unsupported OS" }) if result.nil?
  json_response(res, 200, { ok: true })
rescue => e
  json_response(res, 500, { ok: false, error: e.message })
end

#api_rename_session(session_id, req, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2161

def api_rename_session(session_id, req, res)
  body = parse_json_body(req)
  new_name = body["name"]&.to_s&.strip
  pinned = body["pinned"]

  return json_response(res, 404, { error: "Session not found" }) unless @registry.ensure(session_id)

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }
  
  # Update name if provided
  if new_name && !new_name.empty?
    agent.rename(new_name)
  end
  
  # Update pinned status if provided
  if !pinned.nil?
    agent.pinned = pinned
  end
  
  # Save session data
  @session_manager.save(agent.to_session_data)
  
  # Broadcast update event
  update_data = { type: "session_updated", session_id: session_id }
  update_data[:name] = new_name if new_name && !new_name.empty?
  update_data[:pinned] = pinned unless pinned.nil?
  broadcast(session_id, update_data)
  
  response_data = { ok: true }
  response_data[:name] = new_name if new_name && !new_name.empty?
  response_data[:pinned] = pinned unless pinned.nil?
  json_response(res, 200, response_data)
rescue => e
  json_response(res, 500, { error: e.message })
end

#api_restart(req, res) ⇒ Object

POST /api/restart Re-execs the current process so the newly installed gem version is loaded. Uses the absolute script path captured at startup to avoid relative-path issues. Responds 200 first, then waits briefly for WEBrick to flush the response before exec.

# File 'lib/clacky/server/http_server.rb', line 1243

def api_restart(req, res)
  json_response(res, 200, { ok: true, message: "Restarting…" })

  Thread.new do
    sleep 0.5  # Let WEBrick flush the HTTP response

    if @master_pid
      # Worker mode: tell master to hot-restart, then exit cleanly.
      Clacky::Logger.info("[Restart] Sending USR1 to master (PID=#{@master_pid})")
      begin
        Process.kill("USR1", @master_pid)
      rescue Errno::ESRCH
        Clacky::Logger.warn("[Restart] Master PID=#{@master_pid} not found, falling back to exec.")
        standalone_exec_restart
      end
      exit(0)
    else
      # Standalone mode (no master): fall back to the original exec approach.
      standalone_exec_restart
    end
  end
end

#api_run_cron_task(name, res) ⇒ Object

POST /api/cron-tasks/:name/run — execute immediately

# File 'lib/clacky/server/http_server.rb', line 1668

def api_run_cron_task(name, res)
  unless @scheduler.list_tasks.include?(name)
    return json_response(res, 404, { error: "Cron task not found: #{name}" })
  end

  prompt       = @scheduler.read_task(name)
  session_name = "▶ #{name} #{Time.now.strftime("%H:%M")}"
  working_dir  = File.expand_path("~/clacky_workspace")
  FileUtils.mkdir_p(working_dir)

  session_id = build_session(name: session_name, working_dir: working_dir, permission_mode: :auto_approve)
  @registry.update(session_id, pending_task: prompt, pending_working_dir: working_dir)

  json_response(res, 202, { ok: true, session: @registry.session_summary(session_id) })
rescue => e
  json_response(res, 422, { error: e.message })
end

#api_save_channel(platform, req, res) ⇒ Object

POST /api/channels/:platform Body: { fields… } (platform-specific credential fields) Saves credentials and optionally (re)starts the adapter.

# File 'lib/clacky/server/http_server.rb', line 1446

def api_save_channel(platform, req, res)
  platform = platform.to_sym
  body     = parse_json_body(req)
  config   = Clacky::ChannelConfig.load

  fields = body.transform_keys(&:to_sym).reject { |k, _| k == :platform }
  fields = fields.transform_values { |v| v.is_a?(String) ? v.strip : v }

  # Record when the token was last updated so clients can detect re-login
  fields[:token_updated_at] = Time.now.to_i if platform == :weixin && fields.key?(:token)

  # Validate credentials against live API before persisting.
  # Merge with existing config so partial updates (e.g. allowed_users only) still validate correctly.
  klass = Clacky::Channel::Adapters.find(platform)
  if klass && klass.respond_to?(:test_connection)
    existing = config.platform_config(platform) || {}
    merged   = existing.merge(fields)
    result   = klass.test_connection(merged)
    unless result[:ok]
      json_response(res, 422, { ok: false, error: result[:error] || "Credential validation failed" })
      return
    end
  end

  config.set_platform(platform, **fields)
  config.save

  # Hot-reload: stop existing adapter for this platform (if running) and restart
  @channel_manager.reload_platform(platform, config)

  json_response(res, 200, { ok: true })
rescue StandardError => e
  json_response(res, 422, { ok: false, error: e.message })
end

#api_save_config(req, res) ⇒ Object

POST /api/config — save updated model list Body: { models: [ { id?, index, model, base_url, api_key, anthropic_format, type } ] }

• id may be present for existing models (preserved) or absent for newly added models (a new id is generated). Ids are runtime-only and stripped before writing to config.yml (see AgentConfig#to_yaml).

• api_key may be masked (“sk-ab12****…5678”) — keep existing key in that case

# File 'lib/clacky/server/http_server.rb', line 1997

def api_save_config(req, res)
  body = parse_json_body(req)
  return json_response(res, 400, { error: "Invalid JSON" }) unless body

  incoming = body["models"]
  return json_response(res, 400, { error: "models array required" }) unless incoming.is_a?(Array)

  # Build a quick id→existing-model lookup. Ids are the single source
  # of identity for models across save/reload cycles — no index-based
  # fallback (ids are stable; indexes are not). Live sessions' stored
  # @current_model_id stays valid as long as the id is still present
  # in the list after save.
  existing_by_id = {}
  @agent_config.models.each { |m| existing_by_id[m["id"]] = m if m["id"] }

  new_models = incoming.map do |m|
    # Lookup by id only. No id means a brand-new model — we mint one.
    existing = m["id"] && existing_by_id[m["id"]]

    # Resolve api_key with THREE cases (ordered, fail-safe):
    #   1. Incoming key is the masked placeholder ("sk-ab12****...5678")
    #      → user didn't retype; keep the stored key.
    #   2. Incoming key is missing/blank AND we have an existing model
    #      → the browser omitted api_key for non-edited rows; keep the
    #        stored key. This is the critical 0.9.37 fix — without it,
    #        saving one model silently wiped api_keys of all others,
    #        because the frontend only ever hydrates api_key for the
    #        row currently being edited (/api/config returns only
    #        api_key_masked, never api_key).
    #   3. Otherwise: user typed a new key (or this is a brand-new
    #      model); use the incoming value.
    incoming_key = m["api_key"].to_s
    api_key = if incoming_key.include?("****")
                existing&.dig("api_key").to_s
              elsif incoming_key.empty? && existing
                existing["api_key"].to_s
              else
                incoming_key
              end

    {
      "id"               => (existing && existing["id"]) || SecureRandom.uuid,
      "model"            => m["model"].to_s,
      "base_url"         => m["base_url"].to_s,
      "api_key"          => api_key,
      "anthropic_format" => m["anthropic_format"] || false,
      "type"             => m["type"]
    }.tap { |h| h.delete("type") if h["type"].nil? || h["type"].to_s.empty? }
  end

  # Replace @models in place — do NOT reassign the array, because every
  # live session holds a reference to the same array (Plan B shared
  # models). `replace` mutates in place so all sessions see the new list.
  @agent_config.models.replace(new_models)

  # Re-anchor current_model_index AND current_model_id to the model
  # still holding type: default.
  #
  # @current_model_id is the *primary* truth for AgentConfig#current_model
  # (see resolve_current_model_entry). If we leave the old id in place,
  # then every new session built via build_session → deep_copy inherits
  # the stale id and #current_model resolves to the pre-edit model —
  # even though we already moved the type:"default" marker. That's why,
  # before this fix, changing the default in the web UI only "took"
  # after a server restart (which re-runs initialize and re-seeds
  # @current_model_id from the type:"default" entry).
  if (new_default = new_models.find { |m| m["type"] == "default" })
    @agent_config.current_model_index = new_models.find_index { |m| m.equal?(new_default) }
    @agent_config.current_model_id    = new_default["id"]
  else
    # No default marker → keep behaviour but also clear the id so that
    # resolve_current_model_entry falls back to index-based lookup
    # instead of sticking to a possibly-deleted id.
    if @agent_config.current_model_index >= new_models.length
      @agent_config.current_model_index = [new_models.length - 1, 0].max
    end
    # Only clear the id if it no longer exists in the new list.
    still_exists = new_models.any? { |m| m["id"] == @agent_config.current_model_id }
    @agent_config.current_model_id = nil unless still_exists
  end

  @agent_config.save
  json_response(res, 200, { ok: true })
rescue => e
  json_response(res, 422, { error: e.message })
end

#api_session_messages(session_id, req, res) ⇒ Object

GET /api/sessions/:id/messages?limit=20&before=1709123456.789 Replays conversation history for a session via the agent’s replay_history method. Returns a list of UI events (same format as WS events) for the frontend to render.

# File 'lib/clacky/server/http_server.rb', line 2134

def api_session_messages(session_id, req, res)
  unless @registry.ensure(session_id)
    Clacky::Logger.warn("[messages] registry.ensure failed", session_id: session_id)
    return json_response(res, 404, { error: "Session not found" })
  end

  # Parse query params
  query   = URI.decode_www_form(req.query_string.to_s).to_h
  limit   = [query["limit"].to_i.then { |n| n > 0 ? n : 20 }, 100].min
  before  = query["before"]&.to_f

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }

  unless agent
    Clacky::Logger.warn("[messages] agent is nil", session_id: session_id)
    return json_response(res, 200, { events: [], has_more: false })
  end

  # Collect events emitted by replay_history via a lightweight collector UI
  collected = []
  collector = HistoryCollector.new(session_id, collected)
  result    = agent.replay_history(collector, limit: limit, before: before)

  json_response(res, 200, { events: collected, has_more: result[:has_more] })
end

#api_session_skills(session_id, res) ⇒ Object

GET /api/sessions/:id/skills — list user-invocable skills for a session, filtered by the session’s agent profile. Used by the frontend slash-command autocomplete so only skills valid for the current profile are suggested.

# File 'lib/clacky/server/http_server.rb', line 1726

def api_session_skills(session_id, res)
  unless @registry.ensure(session_id)
    json_response(res, 404, { error: "Session not found" })
    return
  end
  session = @registry.get(session_id)
  unless session
    json_response(res, 404, { error: "Session not found" })
    return
  end

  agent = session[:agent]
  unless agent
    json_response(res, 404, { error: "Agent not found" })
    return
  end

  agent.skill_loader.load_all
  profile = agent.agent_profile

  skills = agent.skill_loader.user_invocable_skills
  skills = skills.select { |s| s.allowed_for_agent?(profile.name) } if profile

  loader      = agent.skill_loader
  loaded_from = loader.loaded_from

            skill_data = skills.map do |skill|
    source_type = loaded_from[skill.identifier]
    {
      name:           skill.identifier,
      name_zh:        skill.name_zh,
      description:    skill.description || skill.context_description,
      description_zh: skill.description_zh,
      encrypted:      skill.encrypted?,
      source_type:    source_type
    }
  end

  json_response(res, 200, { skills: skill_data })
end

#api_store_skills(res) ⇒ Object

GET /api/brand/skills Fetches the brand skills list from the cloud, enriched with local installed version. Returns 200 with skill list, or 403 when license is not activated. If the remote API call fails, falls back to locally installed skills with a warning. GET /api/store/skills Returns the public skill store catalog from the OpenClacky Cloud API. Requires an activated license — uses HMAC auth with scope: “store” to fetch platform-wide published public skills (not filtered by the user’s own skills). Falls back to the hardcoded catalog when license is not activated or API is unavailable.

# File 'lib/clacky/server/http_server.rb', line 847

def api_store_skills(res)
  brand  = Clacky::BrandConfig.load
  result = brand.fetch_store_skills!

  if result[:success]
    json_response(res, 200, { ok: true, skills: result[:skills] })
  else
    # License not activated or remote API unavailable — return empty list
    json_response(res, 200, {
      ok:      true,
      skills:  [],
      warning: result[:error] || "Could not reach the skill store."
    })
  end
end

#api_switch_session_model(session_id, req, res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2198

def api_switch_session_model(session_id, req, res)
  body = parse_json_body(req)
  model_id = body["model_id"].to_s.strip

  return json_response(res, 400, { error: "model_id is required" }) if model_id.empty?
  return json_response(res, 404, { error: "Session not found" }) unless @registry.ensure(session_id)

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }

  # With Plan B (shared @models reference), every session's AgentConfig
  # points at the same @models array as the global @agent_config. So
  # resolving the model by stable id here and in agent.switch_model_by_id
  # will always agree — no more index divergence after add/delete.
  target_model = @agent_config.models.find { |m| m["id"] == model_id }
  if target_model.nil?
    return json_response(res, 400, { error: "Model not found in configuration" })
  end

  # Switch to the model by id (unified interface with CLI)
  # Handles: config.switch_model_by_id + client rebuild + message_compressor rebuild
  success = agent.switch_model_by_id(model_id)

  unless success
    return json_response(res, 500, { error: "Failed to switch model" })
  end

  # Persist the change (saves to session file, NOT global config.yml)
  @session_manager.save(agent.to_session_data)

  # Broadcast update to all clients
  broadcast_session_update(session_id)

  json_response(res, 200, { ok: true, model_id: model_id, model: target_model["model"] })
rescue => e
  json_response(res, 500, { error: e.message })
end

#api_test_channel(platform, req, res) ⇒ Object

POST /api/channels/:platform/test Body: { fields… } (credentials to test — NOT saved) Tests connectivity using the provided credentials without persisting.

# File 'lib/clacky/server/http_server.rb', line 1499

def api_test_channel(platform, req, res)
  platform = platform.to_sym
  body     = parse_json_body(req)
  fields   = body.transform_keys(&:to_sym).reject { |k, _| k == :platform }

  klass = Clacky::Channel::Adapters.find(platform)
  unless klass
    json_response(res, 404, { ok: false, error: "Unknown platform: #{platform}" })
    return
  end

  result = klass.test_connection(fields)
  json_response(res, 200, result)
rescue StandardError => e
  json_response(res, 200, { ok: false, error: e.message })
end

#api_test_config(req, res) ⇒ Object

POST /api/config/test — test connection for a single model config Body: { model, base_url, api_key, anthropic_format }

# File 'lib/clacky/server/http_server.rb', line 2086

def api_test_config(req, res)
  body = parse_json_body(req)
  return json_response(res, 400, { error: "Invalid JSON" }) unless body

  api_key = body["api_key"].to_s
  # If masked, use the stored key from the matching model (by index or current)
  if api_key.include?("****")
    idx = body["index"]&.to_i || @agent_config.current_model_index
    api_key = @agent_config.models.dig(idx, "api_key").to_s
  end

  begin
    model = body["model"].to_s
    test_client = Clacky::Client.new(
      api_key,
      base_url:         body["base_url"].to_s,
      model:            model,
      anthropic_format: body["anthropic_format"] || false
    )
    result = test_client.test_connection(model: model)
    if result[:success]
      json_response(res, 200, { ok: true, message: "Connected successfully" })
    else
      json_response(res, 200, { ok: false, message: result[:error].to_s })
    end
  rescue => e
    json_response(res, 200, { ok: false, message: e.message })
  end
end

#api_toggle_skill(name, req, res) ⇒ Object

PATCH /api/skills/:name/toggle — enable or disable a skill Body: { enabled: true/false }

# File 'lib/clacky/server/http_server.rb', line 1769

def api_toggle_skill(name, req, res)
  body    = parse_json_body(req)
  enabled = body["enabled"]

  if enabled.nil?
    json_response(res, 422, { error: "enabled field required" })
    return
  end

  skill = @skill_loader.toggle_skill(name, enabled: enabled)
  json_response(res, 200, { ok: true, name: skill.identifier, enabled: !skill.disabled? })
rescue Clacky::AgentError => e
  json_response(res, 422, { error: e.message })
end

#api_tool_browser(req, res) ⇒ Object

GET /api/channels Returns current config and running status for all supported platforms. POST /api/tool/browser Executes a browser tool action via the shared BrowserManager daemon. Used by skill scripts (e.g. feishu_setup.rb) to reuse the server’s existing Chrome connection without spawning a second MCP daemon.

Request body: JSON with same params as the browser tool

{ "action": "snapshot", "interactive": true, ... }

Response: JSON result from the browser tool

# File 'lib/clacky/server/http_server.rb', line 1370

def api_tool_browser(req, res)
  params = parse_json_body(req)
  action = params["action"]
  return json_response(res, 400, { error: "action is required" }) if action.nil? || action.empty?

  tool   = Clacky::Tools::Browser.new
  result = tool.execute(**params.transform_keys(&:to_sym))

  json_response(res, 200, result)
rescue StandardError => e
  json_response(res, 500, { error: e.message })
end

#api_update_cron_task(name, req, res) ⇒ Object

PATCH /api/cron-tasks/:name — update content and/or cron/enabled Body: { content?, cron?, enabled? }

# File 'lib/clacky/server/http_server.rb', line 1642

def api_update_cron_task(name, req, res)
  body    = parse_json_body(req)
  content = body["content"]
  cron    = body["cron"]&.to_s&.strip
  enabled = body["enabled"]

  if cron && cron.split(/\s+/).size != 5
    return json_response(res, 422, { error: "cron must have 5 fields (min hour dom month dow)" })
  end

  @scheduler.update_cron_task(name, content: content, cron: cron, enabled: enabled)
  json_response(res, 200, { ok: true, name: name })
rescue => e
  json_response(res, 404, { error: e.message })
end

#api_upgrade_version(req, res) ⇒ Object

POST /api/version/upgrade Upgrades openclacky in a background thread, streaming output via WebSocket broadcast. If the user’s gem source is the official RubyGems, use ‘gem update`. Otherwise (e.g. Aliyun mirror) download the .gem from OSS CDN to bypass mirror lag.

# File 'lib/clacky/server/http_server.rb', line 978

def api_upgrade_version(req, res)
  json_response(res, 202, { ok: true, message: "Upgrade started" })

  Thread.new do
    begin
      if official_gem_source?
        upgrade_via_gem_update
      else
        upgrade_via_oss_cdn
      end
    rescue StandardError => e
      Clacky::Logger.error("[Upgrade] Exception: #{e.class}: #{e.message}\n#{e.backtrace.first(5).join("\n")}")
      broadcast_all(type: "upgrade_log", line: "\n✗ Error during upgrade: #{e.message}\n")
      broadcast_all(type: "upgrade_complete", success: false)
    end
  end
end

#api_upload_file(req, res) ⇒ Object

POST /api/upload Accepts a multipart/form-data file upload (field name: “file”). Runs the file through FileProcessor: saves original + generates structured preview (Markdown) for Office/ZIP files so the agent can read them directly.

# File 'lib/clacky/server/http_server.rb', line 1405

def api_upload_file(req, res)
  upload = parse_multipart_upload(req, "file")
  unless upload
    json_response(res, 400, { ok: false, error: "No file field found in multipart body" })
    return
  end

  saved = Clacky::Utils::FileProcessor.save(
    body:     upload[:data],
    filename: upload[:filename].to_s
  )

  json_response(res, 200, { ok: true, name: saved[:name], path: saved[:path] })
rescue => e
  json_response(res, 500, { ok: false, error: e.message })
end

#broadcast(session_id, event) ⇒ Object

Broadcast an event to all clients subscribed to a session. Dead connections (broken pipe / closed socket) are removed automatically.

# File 'lib/clacky/server/http_server.rb', line 2620

def broadcast(session_id, event)
  clients = @ws_mutex.synchronize { (@ws_clients[session_id] || []).dup }
  dead = clients.reject { |conn| conn.send_json(event) }
  return if dead.empty?

  @ws_mutex.synchronize do
    (@ws_clients[session_id] || []).reject! { |conn| dead.include?(conn) }
  end
end

#broadcast_all(event) ⇒ Object

Broadcast an event to every connected client (regardless of session subscription). Dead connections are removed automatically.

# File 'lib/clacky/server/http_server.rb', line 2632

def broadcast_all(event)
  clients = @ws_mutex.synchronize { @all_ws_conns.dup }
  dead = clients.reject { |conn| conn.send_json(event) }
  return if dead.empty?

  @ws_mutex.synchronize do
    @all_ws_conns.reject! { |conn| dead.include?(conn) }
    @ws_clients.each_value { |list| list.reject! { |conn| dead.include?(conn) } }
  end
end

#broadcast_session_update(session_id) ⇒ Object

Broadcast a session_update event to all clients so they can patch their local session list without needing a full session_list refresh.

# File 'lib/clacky/server/http_server.rb', line 2645

def broadcast_session_update(session_id)
  session = @registry.list(limit: 200).find { |s| s[:id] == session_id }
  return unless session

  broadcast_all(type: "session_update", session: session)
end

#build_session(name:, working_dir:, permission_mode: :confirm_all, profile: "general", source: :manual, model_override: nil) ⇒ Object

Create a session in the registry and wire up Agent + WebUIController. Returns the new session_id. Build a new agent session.

Parameters:

• name (String) —

  display name for the session

• working_dir (String) —

  working directory for the agent

• permission_mode (Symbol) (defaults to: :confirm_all) —

  :confirm_all (default, human present) or :auto_approve (unattended — suppresses request_user_feedback waits)

# File 'lib/clacky/server/http_server.rb', line 2665

def build_session(name:, working_dir:, permission_mode: :confirm_all, profile: "general", source: :manual, model_override: nil)
  session_id = Clacky::SessionManager.generate_id
  @registry.create(session_id: session_id)

  client = @client_factory.call
  config = @agent_config.deep_copy
  config.permission_mode = permission_mode
  
  # Apply model override if provided
  if model_override && config.current_model
    config.current_model["model"] = model_override
  end
  
  broadcaster = method(:broadcast)
  ui = WebUIController.new(session_id, broadcaster)
  agent = Clacky::Agent.new(client, config, working_dir: working_dir, ui: ui, profile: profile,
                            session_id: session_id, source: source)
  agent.rename(name) unless name.nil? || name.empty?
  idle_timer = build_idle_timer(session_id, agent)

  @registry.with_session(session_id) do |s|
    s[:agent]      = agent
    s[:ui]         = ui
    s[:idle_timer] = idle_timer
  end

  # Persist an initial snapshot so the session is immediately visible in registry.list
  # (which reads from disk). Without this, new sessions only appear after their first task.
  @session_manager.save(agent.to_session_data)

  session_id
end

#build_session_from_data(session_data, permission_mode: :confirm_all) ⇒ Object

Restore a persisted session from saved session_data (from SessionManager). The agent keeps its original session_id so the frontend URL hash stays valid across server restarts.

# File 'lib/clacky/server/http_server.rb', line 2701

def build_session_from_data(session_data, permission_mode: :confirm_all)
  original_id = session_data[:session_id]

  client = @client_factory.call
  config = @agent_config.deep_copy
  config.permission_mode = permission_mode
  broadcaster = method(:broadcast)
  ui = WebUIController.new(original_id, broadcaster)
  # Restore the agent profile from the persisted session; fall back to "general"
  # for sessions saved before the agent_profile field was introduced.
  profile = session_data[:agent_profile].to_s
  profile = "general" if profile.empty?
  agent = Clacky::Agent.from_session(client, config, session_data, ui: ui, profile: profile)
  idle_timer = build_idle_timer(original_id, agent)

  # Register session atomically with a fully-built agent so no concurrent
  # caller ever sees agent=nil for this session. The duplicate-restore guard
  # is handled upstream by SessionRegistry#ensure via @restoring.
  @registry.create(session_id: original_id)
  @registry.with_session(original_id) do |s|
    s[:agent]      = agent
    s[:ui]         = ui
    s[:idle_timer] = idle_timer
  end

  original_id
end

#create_default_session ⇒ Object

Auto-restore persisted sessions (or create a fresh default) when the server starts. Skipped when no API key is configured (onboard flow will handle it).

Strategy: load the most recent sessions from ~/.clacky/sessions/ for the current working directory and restore them into @registry so their IDs are stable across restarts (frontend hash stays valid). If no persisted sessions exist, fall back to creating a brand-new default session.

# File 'lib/clacky/server/http_server.rb', line 524

def create_default_session
  return unless @agent_config.models_configured?

  # Restore up to 5 sessions per source type from disk into the registry.
  @registry.restore_from_disk(n: 5)

  # If nothing was restored (no persisted sessions), create a fresh default.
  unless @registry.list(limit: 1).any?
    working_dir = default_working_dir
    FileUtils.mkdir_p(working_dir) unless Dir.exist?(working_dir)
    build_session(name: "Session 1", working_dir: working_dir)
  end
end

#default_working_dir ⇒ Object

── Helpers ───────────────────────────────────────────────────────────────

# File 'lib/clacky/server/http_server.rb', line 2654

def default_working_dir
  File.expand_path("~/clacky_workspace")
end

#deliver_confirmation(session_id, conf_id, result) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2525

def deliver_confirmation(session_id, conf_id, result)
  ui = nil
  @registry.with_session(session_id) { |s| ui = s[:ui] }
  ui&.deliver_confirmation(conf_id, result)
end

#dispatch(req, res) ⇒ Object

── Router ────────────────────────────────────────────────────────────────

# File 'lib/clacky/server/http_server.rb', line 329

def dispatch(req, res)
  path   = req.path
  method = req.request_method

  # Access key guard (skip for WebSocket upgrades)
  return unless check_access_key(req, res)

  # WebSocket upgrade — no timeout applied (long-lived connection)
  if websocket_upgrade?(req)
    handle_websocket(req, res)
    return
  end

  # Wrap all REST handlers in a timeout so a hung handler (e.g. infinite
  # recursion in chunk parsing) returns a proper 503 instead of an empty 200.
  #
  # Brand/license endpoints call PlatformHttpClient which retries across two
  # hosts with OPEN_TIMEOUT=8s per attempt × 2 attempts = up to ~16s on the
  # primary alone, before failing over to the fallback domain.  Give them a
  # generous 90s so retry + failover can complete without being cut short.
  timeout_sec = if path.start_with?("/api/brand")
    90
  elsif path == "/api/tool/browser"
    30
  else
    10
  end
  Timeout.timeout(timeout_sec) do
    _dispatch_rest(req, res)
  end
rescue Timeout::Error
  Clacky::Logger.warn("[HTTP 503] #{method} #{path} timed out after #{timeout_sec}s")
  json_response(res, 503, { error: "Request timed out" })
rescue => e
  Clacky::Logger.warn("[HTTP 500] #{e.class}: #{e.message}\n#{e.backtrace.first(5).join("\n")}")
  json_response(res, 500, { error: e.message })
end

#handle_user_message(session_id, content, files = []) ⇒ Object

── Session actions ───────────────────────────────────────────────────────

# File 'lib/clacky/server/http_server.rb', line 2488

def handle_user_message(session_id, content, files = [])
  return unless @registry.exist?(session_id)

  session = @registry.get(session_id)
  
  # If session is running, interrupt it first (mimics CLI behavior)
  if session[:status] == :running
    interrupt_session(session_id)
    # Wait briefly for the thread to catch the interrupt and update status
    # This ensures the agent loop exits cleanly before starting the new task
    sleep 0.1
  end

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }
  return unless agent

  # Auto-name the session from the first user message (before agent starts running).
  # Check messages.empty? only — agent.name may already hold a default placeholder
  # like "Session 1" assigned at creation time, so it's not a reliable signal.
  if agent.history.empty?
    auto_name = content.gsub(/\s+/, " ").strip[0, 30]
    auto_name += "…" if content.strip.length > 30
    agent.rename(auto_name)
    broadcast(session_id, { type: "session_renamed", session_id: session_id, name: auto_name })
  end

  # Broadcast user message through web_ui so channel subscribers (飞书/企微) receive it.
  web_ui = nil
  @registry.with_session(session_id) { |s| web_ui = s[:ui] }
  web_ui&.show_user_message(content, source: :web)

  # File references are now handled inside agent.run — injected as a system_injected
  # message after the user message, so replay_history skips them automatically.
  run_agent_task(session_id, agent) { agent.run(content, files: files) }
end

#handle_websocket(req, res) ⇒ Object

Hijacks the TCP socket from WEBrick and upgrades it to WebSocket.

# File 'lib/clacky/server/http_server.rb', line 2347

def handle_websocket(req, res)
  socket = req.instance_variable_get(:@socket)

  # Server handshake — parse the upgrade request
  handshake = WebSocket::Handshake::Server.new
  handshake << build_handshake_request(req)
  unless handshake.finished? && handshake.valid?
    Clacky::Logger.warn("WebSocket handshake invalid")
    return
  end

  # Send the 101 Switching Protocols response
  socket.write(handshake.to_s)

  version  = handshake.version
  incoming = WebSocket::Frame::Incoming::Server.new(version: version)
  conn     = WebSocketConnection.new(socket, version)

  on_ws_open(conn)

  begin
    buf = String.new("", encoding: "BINARY")
    loop do
      chunk = socket.read_nonblock(4096, buf, exception: false)
      case chunk
      when :wait_readable
        IO.select([socket], nil, nil, 30)
      when nil
        break  # EOF
      else
        incoming << chunk.dup
        while (frame = incoming.next)
          case frame.type
          when :text
            on_ws_message(conn, frame.data)
          when :binary
            on_ws_message(conn, frame.data)
          when :ping
            conn.send_raw(:pong, frame.data)
          when :close
            conn.send_raw(:close, "")
            break
          end
        end
      end
    end
  rescue IOError, Errno::ECONNRESET, Errno::EPIPE, Errno::EBADF
    # Client disconnected or socket became invalid
  ensure
    on_ws_close(conn)
    socket.close rescue nil
  end

  # Tell WEBrick not to send any response (we handled everything)
  res.instance_variable_set(:@header, {})
  res.status = -1
rescue => e
  Clacky::Logger.error("WebSocket handler error: #{e.class}: #{e.message}")
end

#interrupt_session(session_id) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2531

def interrupt_session(session_id)
  @registry.with_session(session_id) do |s|
    s[:idle_timer]&.cancel
    s[:thread]&.raise(Clacky::AgentInterrupted, "Interrupted by user")
  end
end

#json_response(res, status, data) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2747

def json_response(res, status, data)
  res.status       = status
  res.content_type = "application/json; charset=utf-8"
  res["Access-Control-Allow-Origin"] = "*"
  res.body = JSON.generate(data)
end

#mask_api_key(key) ⇒ Object

Mask API key for display: show first 8 + last 4 chars, middle replaced with ****

# File 'lib/clacky/server/http_server.rb', line 2741

def mask_api_key(key)
  return "" if key.nil? || key.empty?
  return key if key.length <= 12
  "#{key[0..7]}****#{key[-4..]}"
end

#not_found(res) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2810

def not_found(res)
  res.status = 404
  res.body   = "Not Found"
end

#on_ws_close(conn) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2481

def on_ws_close(conn)
  @ws_mutex.synchronize { @all_ws_conns.delete(conn) }
  unsubscribe(conn)
end

#on_ws_message(conn, raw) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2420

def on_ws_message(conn, raw)
  msg = JSON.parse(raw)
  type = msg["type"]

  case type
  when "subscribe"
    session_id = msg["session_id"]
    if @registry.ensure(session_id)
      conn.session_id = session_id
      subscribe(session_id, conn)
      conn.send_json(type: "subscribed", session_id: session_id)
      # If a shell command is still running, replay progress + buffered stdout
      # to the newly subscribed tab so it sees the live state it may have missed.
      @registry.with_session(session_id) { |s| s[:ui]&.replay_live_state }
    else
      conn.send_json(type: "error", message: "Session not found: #{session_id}")
    end

  when "message"
    session_id = msg["session_id"] || conn.session_id
    # Merge legacy images array into files as { data_url:, name:, mime_type: } entries
    raw_images = (msg["images"] || []).map do |data_url|
      { "data_url" => data_url, "name" => "image.jpg", "mime_type" => "image/jpeg" }
    end
    handle_user_message(session_id, msg["content"].to_s, (msg["files"] || []) + raw_images)

  when "confirmation"
    session_id = msg["session_id"] || conn.session_id
    deliver_confirmation(session_id, msg["id"], msg["result"])

  when "interrupt"
    session_id = msg["session_id"] || conn.session_id
    interrupt_session(session_id)

  when "list_sessions"
    # Initial load: newest 20 sessions regardless of source/profile.
    # Single unified query — frontend shows all in one time-sorted list.
    page = @registry.list(limit: 21)
    has_more = page.size > 20
    all_sessions = page.first(20)
    conn.send_json(type: "session_list", sessions: all_sessions, has_more: has_more)

  when "run_task"
    # Client sends this after subscribing to guarantee it's ready to receive
    # broadcasts before the agent starts executing.
    session_id = msg["session_id"] || conn.session_id
    start_pending_task(session_id)

  when "ping"
    conn.send_json(type: "pong")

  else
    conn.send_json(type: "error", message: "Unknown message type: #{type}")
  end
rescue JSON::ParserError => e
  conn.send_json(type: "error", message: "Invalid JSON: #{e.message}")
rescue => e
  Clacky::Logger.error("[on_ws_message] #{e.class}: #{e.message}\n#{e.backtrace.first(10).join("\n")}")
  conn.send_json(type: "error", message: e.message)
end

#on_ws_open(conn) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2415

def on_ws_open(conn)
  @ws_mutex.synchronize { @all_ws_conns << conn }
  # Client will send a "subscribe" message to bind to a session
end

#parse_json_body(req) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2754

def parse_json_body(req)
  return {} if req.body.nil? || req.body.empty?

  JSON.parse(req.body)
rescue JSON::ParserError
  {}
end

#start ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 197

def start
  # Enable console logging for the server process so log lines are visible in the terminal.
  Clacky::Logger.console = true

  Clacky::Logger.info("[HttpServer PID=#{Process.pid}] start() mode=#{@inherited_socket ? 'worker' : 'standalone'} inherited_socket=#{@inherited_socket.inspect} master_pid=#{@master_pid.inspect}")

  # In standalone mode (no master), kill any stale server and manage our own PID file.
  # In worker mode the master owns the PID file; we just skip this block.
  if @inherited_socket.nil?
    kill_existing_server(@port)
    pid_file = File.join(Dir.tmpdir, "clacky-server-#{@port}.pid")
    File.write(pid_file, Process.pid.to_s)
    at_exit { File.delete(pid_file) if File.exist?(pid_file) }
  end

  # Expose server address and brand name to all child processes (skill scripts, shell commands, etc.)
  # so they can call back into the server without hardcoding the port,
  # and use the correct product name without re-reading brand.yml.
  ENV["CLACKY_SERVER_PORT"]  = @port.to_s
  ENV["CLACKY_SERVER_HOST"]  = (@host == "0.0.0.0" ? "127.0.0.1" : @host)
  product_name = Clacky::BrandConfig.load.product_name
  ENV["CLACKY_PRODUCT_NAME"] = (product_name.nil? || product_name.strip.empty?) ? "OpenClacky" : product_name

  # Override WEBrick's built-in signal traps via StartCallback,
  # which fires after WEBrick sets its own INT/TERM handlers.
  # This ensures Ctrl-C always exits immediately.
  #
  # When running as a worker under Master, DoNotListen: true prevents WEBrick
  # from calling bind() on its own — we inject the inherited socket instead.
  webrick_opts = {
    BindAddress:   @host,
    Port:          @port,
    Logger:        WEBrick::Log.new(File::NULL),
    AccessLog:     [],
    StartCallback: proc { }  # signal traps set below, after `server` is created
  }
  webrick_opts[:DoNotListen] = true if @inherited_socket
  Clacky::Logger.info("[HttpServer PID=#{Process.pid}] WEBrick DoNotListen=#{webrick_opts[:DoNotListen].inspect}")

  server = WEBrick::HTTPServer.new(**webrick_opts)

  # Override WEBrick's signal traps now that `server` is available.
  # On INT/TERM: call server.shutdown (graceful), with a 1s hard-kill fallback.
  # Also stop BrowserManager so the chrome-devtools-mcp node process is killed
  # before this worker exits — otherwise it becomes an orphan and holds port 7070.
  shutdown_once = false
  shutdown_proc = proc do
    next if shutdown_once
    shutdown_once = true
    Thread.new do
      sleep 2
      Clacky::Logger.warn("[HttpServer] Forced exit after graceful shutdown timeout.")
      exit!(0)
    end
    # Stop channel and browser managers in parallel to minimize shutdown time.
    t1 = Thread.new { @channel_manager.stop rescue nil }
    t2 = Thread.new { Clacky::BrowserManager.instance.stop rescue nil }
    t1.join(1.5)
    t2.join(1.5)
    server.shutdown rescue nil
  end
  trap("INT")  { shutdown_proc.call }
  trap("TERM") { shutdown_proc.call }

  if @inherited_socket
    server.listeners << @inherited_socket
    Clacky::Logger.info("[HttpServer PID=#{Process.pid}] injected inherited fd=#{@inherited_socket.fileno} listeners=#{server.listeners.map(&:fileno).inspect}")
  else
    Clacky::Logger.info("[HttpServer PID=#{Process.pid}] standalone, WEBrick listeners=#{server.listeners.map(&:fileno).inspect}")
  end

  # Mount API + WebSocket handler (takes priority).
  # Use a custom Servlet so that DELETE/PUT/PATCH requests are not rejected
  # by WEBrick's default method whitelist before reaching our dispatcher.
  dispatcher = self
  servlet_class = Class.new(WEBrick::HTTPServlet::AbstractServlet) do
    define_method(:do_GET)     { |req, res| dispatcher.send(:dispatch, req, res) }
    define_method(:do_POST)    { |req, res| dispatcher.send(:dispatch, req, res) }
    define_method(:do_PUT)     { |req, res| dispatcher.send(:dispatch, req, res) }
    define_method(:do_DELETE)  { |req, res| dispatcher.send(:dispatch, req, res) }
    define_method(:do_PATCH)   { |req, res| dispatcher.send(:dispatch, req, res) }
    define_method(:do_OPTIONS) { |req, res| dispatcher.send(:dispatch, req, res) }
  end
  server.mount("/api", servlet_class)
  server.mount("/ws",  servlet_class)

  # Mount static file handler for the entire web directory.
  # Use mount_proc so we can inject no-cache headers on every response,
  # preventing stale JS/CSS from being served after a gem update.
  #
  # Special case: GET / and GET /index.html are served with server-side
  # rendering — the {{BRAND_NAME}} placeholder is replaced before delivery
  # so the correct brand name appears on first paint with no JS flash.
  file_handler = WEBrick::HTTPServlet::FileHandler.new(server, WEB_ROOT,
                                                       FancyIndexing: false)
  index_html_path = File.join(WEB_ROOT, "index.html")

  server.mount_proc("/") do |req, res|
    if req.path == "/" || req.path == "/index.html"
      product_name = Clacky::BrandConfig.load.product_name || "OpenClacky"
      html = File.read(index_html_path).gsub("{{BRAND_NAME}}", product_name)
      res.status                = 200
      res["Content-Type"]       = "text/html; charset=utf-8"
      res["Cache-Control"]      = "no-store"
      res["Pragma"]             = "no-cache"
      res.body                  = html
    else
      file_handler.service(req, res)
      res["Cache-Control"] = "no-store"
      res["Pragma"]        = "no-cache"
    end
  end

  # Auto-create a default session on startup
  create_default_session

  # Start the background scheduler
  @scheduler.start
  puts "   Scheduler: #{@scheduler.schedules.size} task(s) loaded"

  # Start IM channel adapters (non-blocking — each platform runs in its own thread)
  @channel_manager.start

  # Start browser MCP daemon if browser.yml is configured (non-blocking)
  @browser_manager.start

  server.start
end

#start_pending_task(session_id) ⇒ Object

Start the pending task for a session. Called when the client sends “run_task” over WS — by that point the client has already subscribed, so every broadcast will be delivered.

# File 'lib/clacky/server/http_server.rb', line 2541

def start_pending_task(session_id)
  return unless @registry.exist?(session_id)

  session = @registry.get(session_id)
  prompt      = session[:pending_task]
  working_dir = session[:pending_working_dir]
  return unless prompt  # nothing pending

  # Clear the pending fields so a re-connect doesn't re-run
  @registry.update(session_id, pending_task: nil, pending_working_dir: nil)

  agent = nil
  @registry.with_session(session_id) { |s| agent = s[:agent] }
  return unless agent

  run_agent_task(session_id, agent) { agent.run(prompt) }
end

#subscribe(session_id, conn) ⇒ Object

── WebSocket subscription management ─────────────────────────────────────

# File 'lib/clacky/server/http_server.rb', line 2598

def subscribe(session_id, conn)
  @ws_mutex.synchronize do
    # Remove conn from any previous session subscription first,
    # so switching sessions never results in duplicate delivery.
    @ws_clients.each_value { |list| list.delete(conn) }
    @ws_clients[session_id] ||= []
    @ws_clients[session_id] << conn unless @ws_clients[session_id].include?(conn)
  end
end

#trigger_async_distribution_refresh! ⇒ Object

Fire a public-distribution refresh in a background Thread.

Used for installs that have a package_name configured via install.sh but haven’t activated a license yet — they would otherwise never see the brand logo / theme / homepage_url until activation. See BrandConfig#refresh_distribution! for the end-to-end flow.

Contract mirrors #trigger_async_heartbeat!:

* At most one refresh Thread in flight process-wide.
* Caller never waits — Web UI first paint is not blocked on network.
* All exceptions are swallowed; a refresh failure must not crash the
  server or leak through the web stack.

# File 'lib/clacky/server/http_server.rb', line 683

def trigger_async_distribution_refresh!
  BRAND_DIST_REFRESH_MUTEX.synchronize do
    if @@brand_dist_refresh_inflight
      Clacky::Logger.debug("[Brand] distribution refresh already in flight, skipping")
      return
    end
    @@brand_dist_refresh_inflight = true
  end

  Thread.new do
    Clacky::Logger.info("[Brand] async distribution refresh starting...")
    begin
      brand  = Clacky::BrandConfig.load
      result = brand.refresh_distribution!
      if result[:success]
        Clacky::Logger.info("[Brand] async distribution refresh OK")
      else
        Clacky::Logger.debug("[Brand] async distribution refresh skipped/failed — #{result[:message]}")
      end
    rescue StandardError => e
      Clacky::Logger.warn("[Brand] async distribution refresh raised: #{e.class}: #{e.message}")
    ensure
      BRAND_DIST_REFRESH_MUTEX.synchronize do
        @@brand_dist_refresh_inflight = false
      end
    end
  end
end

#trigger_async_heartbeat! ⇒ Object

Fire a heartbeat in a background Thread without blocking the caller.

Contract:

* Only one heartbeat Thread may be running at any moment across the
  whole process. If one is already in flight, this call is a no-op.
* The caller never waits: it returns immediately after (at most)
  spawning the Thread.
* The Thread rescues everything so a network failure cannot kill the
  server or leak an exception through the web stack.

# File 'lib/clacky/server/http_server.rb', line 642

def trigger_async_heartbeat!
  BRAND_HEARTBEAT_MUTEX.synchronize do
    if @@brand_heartbeat_inflight
      Clacky::Logger.debug("[Brand] heartbeat already in flight, skipping")
      return
    end
    @@brand_heartbeat_inflight = true
  end

  Thread.new do
    Clacky::Logger.info("[Brand] async heartbeat starting...")
    begin
      brand  = Clacky::BrandConfig.load
      result = brand.heartbeat!
      if result[:success]
        Clacky::Logger.info("[Brand] async heartbeat OK")
      else
        Clacky::Logger.warn("[Brand] async heartbeat failed — #{result[:message]}")
      end
    rescue StandardError => e
      Clacky::Logger.warn("[Brand] async heartbeat raised: #{e.class}: #{e.message}")
    ensure
      BRAND_HEARTBEAT_MUTEX.synchronize do
        @@brand_heartbeat_inflight = false
      end
    end
  end
end

#unsubscribe(conn) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2608

def unsubscribe(conn)
  @ws_mutex.synchronize do
    @ws_clients.each_value { |list| list.delete(conn) }
  end
end

#unsubscribe_all(session_id) ⇒ Object

# File 'lib/clacky/server/http_server.rb', line 2614

def unsubscribe_all(session_id)
  @ws_mutex.synchronize { @ws_clients.delete(session_id) }
end

#websocket_upgrade?(req) ⇒ Boolean

── WebSocket ─────────────────────────────────────────────────────────────

Returns:

• (Boolean)

# File 'lib/clacky/server/http_server.rb', line 2342

def websocket_upgrade?(req)
  req["Upgrade"]&.downcase == "websocket"
end