refactor: extract HTTP handler and startup functions from server.js

- lib/http-handler.js: createHttpHandler factory (134L) for all HTTP routing
- lib/server-startup.js: createOnServerReady factory (117L) for server ready logic
- lib/server-startup2.js: createAutoImport, createDbRecovery, createPluginLoader (84L)
- Route registrations use _routes object with lazy getters for circular dep resolution
- server.js reduced from ~575L to 337L with all lib files ≤200L

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: lanmower

CHANGELOG.md

@@ -1,3 +1,11 @@
+## [Unreleased] - refactor: extract http handler + startup functions
+
+- Extract HTTP request handler to lib/http-handler.js (createHttpHandler factory, 134L)
+- Extract startup functions to lib/server-startup.js (createOnServerReady, 117L) and lib/server-startup2.js (createAutoImport, createDbRecovery, createPluginLoader, 84L)
+- server.js reduced from ~575L to 337L; all lib files ≤200L
+- Route registrations populate _routes object for lazy getter pattern in http-handler
+
+
 ## [Unreleased]
 
 ### Refactor

lib/http-handler.js

@@ -0,0 +1,133 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import crypto from 'crypto';
+
+export function createHttpHandler({ BASE_URL, expressApp, queries, sendJSON, serveFile, staticDir, messageQueues, wss, activeExecutions, getACPStatus, discoveredAgents, PKG_VERSION, RATE_LIMIT_MAX, rateLimitMap, convRoutes, messagesRoutes, sessionsRoutes, scriptsRoutes, runsRoutes, agentRoutes, oauthRoutes, agentActionsRoutes, authConfigRoutes, speechRoutes, utilRoutes, threadRoutes, handleGeminiOAuthCallback, handleCodexOAuthCallback, PORT }) {
+  return async function httpHandler(req, res) {
+    res.setHeader('Access-Control-Allow-Origin', '*');
+    res.setHeader('Access-Control-Allow-Methods', 'GET, POST, PUT, DELETE, OPTIONS');
+    res.setHeader('Access-Control-Allow-Headers', 'Content-Type, Authorization');
+    if (req.method === 'OPTIONS') { res.writeHead(200); res.end(); return; }
+    if (req.headers.upgrade && req.headers.upgrade.toLowerCase() === 'websocket') return;
+
+    const clientIp = req.headers['x-forwarded-for']?.split(',')[0]?.trim() || req.socket.remoteAddress;
+    const hits = (rateLimitMap.get(clientIp) || 0) + 1;
+    rateLimitMap.set(clientIp, hits);
+    res.setHeader('X-RateLimit-Limit', RATE_LIMIT_MAX);
+    res.setHeader('X-RateLimit-Remaining', Math.max(0, RATE_LIMIT_MAX - hits));
+    if (hits > RATE_LIMIT_MAX) { res.writeHead(429, { 'Retry-After': '60' }); res.end('Too Many Requests'); return; }
+
+    const _pwd = process.env.PASSWORD;
+    if (_pwd) {
+      const _auth = req.headers['authorization'] || '';
+      let _ok = false;
+      if (_auth.startsWith('Basic ')) {
+        try {
+          const _decoded = Buffer.from(_auth.slice(6), 'base64').toString('utf8');
+          const _ci = _decoded.indexOf(':');
+          if (_ci !== -1) { const _p = _decoded.slice(_ci + 1); try { _ok = _p.length === _pwd.length && crypto.timingSafeEqual(Buffer.from(_p), Buffer.from(_pwd)); } catch { _ok = false; } }
+        } catch (_) {}
+      }
+      if (!_ok) { res.writeHead(401, { 'WWW-Authenticate': 'Basic realm="agentgui"' }); res.end('Unauthorized'); return; }
+    }
+
+    const pathOnly = req.url.split('?')[0];
+    if (pathOnly.startsWith(BASE_URL + '/api/upload/') || pathOnly.startsWith(BASE_URL + '/files/')) return expressApp(req, res);
+
+    if (req.url === '/favicon.ico' || req.url === BASE_URL + '/favicon.ico') {
+      const svg = '<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100"><rect width="100" height="100" rx="20" fill="#3b82f6"/><text x="50" y="68" font-size="50" font-family="sans-serif" font-weight="bold" fill="white" text-anchor="middle">G</text></svg>';
+      res.writeHead(200, { 'Content-Type': 'image/svg+xml', 'Cache-Control': 'public, max-age=86400' });
+      res.end(svg); return;
+    }
+
+    if (req.url === '/') { res.writeHead(302, { Location: BASE_URL + '/' }); res.end(); return; }
+
+    let routePath = req.url;
+    if (req.url.startsWith(BASE_URL + '/')) { routePath = req.url.slice(BASE_URL.length); }
+    else if (req.url === BASE_URL) { routePath = '/'; }
+    else if (req.url.startsWith('/api/') || req.url.startsWith('/js/') || req.url.startsWith('/css/') ||
+             req.url.startsWith('/vendor/') || req.url.startsWith('/sync') || req.url === '/' ||
+             req.url.startsWith('/conversations/')) { routePath = req.url; }
+    else { res.writeHead(404); res.end('Not found'); return; }
+
+    routePath = routePath || '/';
+
+    try {
+      const pathOnly = routePath.split('?')[0];
+
+      if (pathOnly === '/oauth2callback' && req.method === 'GET') { await handleGeminiOAuthCallback(req, res, PORT); return; }
+      if (pathOnly === '/codex-oauth2callback' && req.method === 'GET') { await handleCodexOAuthCallback(req, res, PORT); return; }
+
+      if (pathOnly === '/api/health' && req.method === 'GET') {
+        let dbStatus = { ok: true };
+        try { queries._db.prepare('SELECT 1').get(); } catch (e) { dbStatus = { ok: false, error: e.message }; }
+        const queueSizes = {};
+        for (const [k, v] of messageQueues) queueSizes[k] = v.length;
+        sendJSON(req, res, 200, { status: 'ok', version: PKG_VERSION, uptime: process.uptime(), agents: discoveredAgents.length, activeExecutions: activeExecutions.size, wsClients: wss.clients.size, memory: process.memoryUsage(), acp: getACPStatus(), db: dbStatus, queueSizes });
+        return;
+      }
+
+      const convHandler = convRoutes._match(req.method, pathOnly);
+      if (convHandler) { await convHandler(req, res); return; }
+      const messagesHandler = messagesRoutes._match(req.method, pathOnly);
+      if (messagesHandler) { await messagesHandler(req, res); return; }
+      const sessionsHandler = sessionsRoutes._match(req.method, pathOnly);
+      if (sessionsHandler) { await sessionsHandler(req, res); return; }
+      const scriptsHandler = scriptsRoutes._match(req.method, pathOnly);
+      if (scriptsHandler) { await scriptsHandler(req, res); return; }
+      const runsHandler = runsRoutes._match(req.method, pathOnly);
+      if (runsHandler) { await runsHandler(req, res); return; }
+      const agentHandler = agentRoutes._match(req.method, pathOnly);
+      if (agentHandler) { await agentHandler(req, res); return; }
+      const oauthHandler = oauthRoutes._match(req.method, pathOnly);
+      if (oauthHandler) { await oauthHandler(req, res); return; }
+      const agentActionsHandler = agentActionsRoutes._match(req.method, pathOnly);
+      if (agentActionsHandler) { await agentActionsHandler(req, res); return; }
+      const authConfigHandler = authConfigRoutes._match(req.method, pathOnly);
+      if (authConfigHandler) { await authConfigHandler(req, res); return; }
+      const speechHandler = speechRoutes._match(req.method, pathOnly);
+      if (speechHandler) { await speechHandler(req, res, pathOnly); return; }
+      const utilHandler = utilRoutes._match(req.method, pathOnly);
+      if (utilHandler) { await utilHandler(req, res); return; }
+      const threadHandler = threadRoutes._match(req.method, pathOnly);
+      if (threadHandler) { await threadHandler(req, res); return; }
+      if (routePath.startsWith('/api/image/')) {
+        const imagePath = routePath.slice('/api/image/'.length);
+        const decodedPath = decodeURIComponent(imagePath);
+        const expandedPath = decodedPath.startsWith('~') ? decodedPath.replace('~', os.homedir()) : decodedPath;
+        const normalizedPath = path.normalize(expandedPath);
+        const isWindows = os.platform() === 'win32';
+        const isAbsolute = isWindows ? /^[A-Za-z]:[\\\/]/.test(normalizedPath) : normalizedPath.startsWith('/');
+        if (!isAbsolute || normalizedPath.includes('..')) { res.writeHead(403); res.end('Forbidden'); return; }
+        try {
+          if (!fs.existsSync(normalizedPath)) { res.writeHead(404); res.end('Not found'); return; }
+          const ext = path.extname(normalizedPath).toLowerCase();
+          const mimeTypes = { '.png': 'image/png', '.jpg': 'image/jpeg', '.jpeg': 'image/jpeg', '.gif': 'image/gif', '.webp': 'image/webp', '.svg': 'image/svg+xml' };
+          const contentType = mimeTypes[ext] || 'application/octet-stream';
+          res.writeHead(200, { 'Content-Type': contentType, 'Cache-Control': 'no-cache' });
+          res.end(fs.readFileSync(normalizedPath));
+        } catch (err) { sendJSON(req, res, 400, { error: err.message }); }
+        return;
+      }
+
+      if (pathOnly.match(/^\/conversations\/[^\/]+$/)) { serveFile(path.join(staticDir, 'index.html'), res, req); return; }
+
+      let filePath = routePath === '/' ? '/index.html' : routePath;
+      filePath = path.join(staticDir, filePath);
+      const normalizedPath = path.normalize(filePath);
+      if (!normalizedPath.startsWith(staticDir)) { res.writeHead(403); res.end('Forbidden'); return; }
+
+      fs.stat(filePath, (err, stats) => {
+        if (err) { res.writeHead(404); res.end('Not found'); return; }
+        if (stats.isDirectory()) {
+          filePath = path.join(filePath, 'index.html');
+          fs.stat(filePath, (err2) => { if (err2) { res.writeHead(404); res.end('Not found'); return; } serveFile(filePath, res, req); });
+        } else { serveFile(filePath, res, req); }
+      });
+    } catch (e) {
+      console.error('Server error:', e.message);
+      sendJSON(req, res, 500, { error: e.message });
+    }
+  };
+}

lib/server-startup.js

@@ -0,0 +1,116 @@
+import { JsonlWatcher } from './jsonl-watcher.js';
+
+export function createOnServerReady({ queries, broadcastSync, warmAssetCache, staticDir, toolManager, discoveredAgents, PORT, BASE_URL, watch, ownedSessionIds, resumeInterruptedStreams, activeExecutions, debugLog, installGMAgentConfigs, startACPTools, getACPStatus, execMachine, toolInstallMachine, getSpeech, ensureModelsDownloaded, performAutoImport, performAgentHealthCheck, pm2Manager, pm2Subscribers, recoverStaleSessions }) {
+  let jsonlWatcher = null;
+
+  function getJsonlWatcher() { return jsonlWatcher; }
+
+  function onServerReady() {
+    toolManager.clearStatusCache();
+    console.log(`GMGUI running on http://localhost:${PORT}${BASE_URL}/`);
+    console.log(`Agents: ${discoveredAgents.map(a => a.name).join(', ') || 'none'}`);
+    console.log(`Hot reload: ${watch ? 'on' : 'off'}`);
+
+    const deletedCount = queries.cleanupEmptyConversations();
+    if (deletedCount > 0) console.log(`Cleaned up ${deletedCount} empty conversation(s) on startup`);
+
+    recoverStaleSessions();
+    warmAssetCache(staticDir);
+
+    try { queries.cleanup(); console.log('[cleanup] Initial DB cleanup complete'); } catch (e) { console.error('[cleanup] Error:', e.message); }
+    setInterval(() => {
+      try { queries.cleanup(); console.log('[cleanup] Scheduled DB cleanup complete'); } catch (e) { console.error('[cleanup] Error:', e.message); }
+    }, 6 * 60 * 60 * 1000);
+
+    try {
+      jsonlWatcher = new JsonlWatcher({ broadcastSync, queries, ownedSessionIds });
+      jsonlWatcher.start();
+      console.log('[JSONL] Watcher started');
+    } catch (err) { console.error('[JSONL] Watcher failed to start:', err.message); }
+
+    resumeInterruptedStreams().catch(err => console.error('[RESUME] Startup error:', err.message));
+
+    setInterval(() => {
+      try {
+        const streaming = queries.getStreamingConversations();
+        let cleared = 0;
+        for (const c of streaming) { if (!activeExecutions.has(c.id)) { queries.setIsStreaming(c.id, false); cleared++; } }
+        if (cleared > 0) debugLog(`[HEALTH] Cleared ${cleared} stale streaming flag(s)`);
+      } catch (e) { debugLog(`[HEALTH] Error: ${e.message}`); }
+    }, 5 * 60 * 1000);
+
+    installGMAgentConfigs().catch(err => console.error('[GM-CONFIG] Startup error:', err.message));
+
+    startACPTools().then(() => {
+      console.log('[ACP] On-demand startup enabled (ACP tools start when first used)');
+      setTimeout(() => {
+        const acpStatus = getACPStatus();
+        for (const s of acpStatus) { if (s.healthy) { const agent = discoveredAgents.find(a => a.id === s.id); if (agent) agent.acpPort = s.port; } }
+        if (acpStatus.length > 0) console.log(`[ACP] Tools ready: ${acpStatus.filter(s => s.healthy).map(s => s.id + ':' + s.port).join(', ') || 'none healthy yet'}`);
+      }, 6000);
+    }).catch(err => console.error('[ACP] Startup error:', err.message));
+
+    const toolIds = ['cli-claude', 'cli-opencode', 'cli-gemini', 'cli-kilo', 'cli-codex', 'cli-agent-browser', 'gm-cc', 'gm-oc', 'gm-gc', 'gm-kilo'];
+    queries.initializeToolInstallations(toolIds.map(id => ({ id })));
+    console.log('[TOOLS] Starting background provisioning...');
+
+    const toolBroadcaster = (evt) => {
+      broadcastSync(evt);
+      if (evt.type === 'tool_install_complete' || evt.type === 'tool_update_complete') {
+        const d = evt.data || {};
+        queries.updateToolStatus(evt.toolId, { status: 'installed', version: d.version || null, installed_at: Date.now() });
+        queries.addToolInstallHistory(evt.toolId, evt.type.includes('update') ? 'update' : 'install', 'success', null);
+      } else if (evt.type === 'tool_install_failed' || evt.type === 'tool_update_failed') {
+        queries.updateToolStatus(evt.toolId, { status: 'failed', error_message: evt.data?.error });
+        queries.addToolInstallHistory(evt.toolId, evt.type.includes('update') ? 'update' : 'install', 'failed', evt.data?.error);
+      } else if (evt.type === 'tool_status_update') {
+        const d = evt.data || {};
+        if (d.installed) queries.updateToolStatus(evt.toolId, { status: 'installed', version: d.installedVersion || null, installed_at: Date.now() });
+      }
+    };
+
+    toolManager.autoProvision(toolBroadcaster)
+      .catch(err => console.error('[TOOLS] Auto-provision error:', err.message))
+      .then(() => {
+        const acpActors = ['opencode', 'kilo', 'codex'];
+        console.log(`[MACHINES] tool-install: ${toolInstallMachine.getMachineActors().size} actors, acp-server: ${acpActors.length} configured`);
+        console.log('[TOOLS] Starting periodic update checker...');
+        toolManager.startPeriodicUpdateCheck(toolBroadcaster);
+      });
+
+    ensureModelsDownloaded().then(async ok => {
+      if (ok) console.log('[MODELS] Speech models ready');
+      else console.log('[MODELS] Speech model download failed');
+      try { const { getVoices } = await getSpeech(); broadcastSync({ type: 'voice_list', voices: getVoices() }); }
+      catch (err) { debugLog('[VOICE] Failed to broadcast voices: ' + err.message); broadcastSync({ type: 'voice_list', voices: [] }); }
+    }).catch(async err => {
+      console.error('[MODELS] Download error:', err.message);
+      try { const { getVoices } = await getSpeech(); broadcastSync({ type: 'voice_list', voices: getVoices() }); }
+      catch (err2) { debugLog('[VOICE] Failed to broadcast voices: ' + err2.message); broadcastSync({ type: 'voice_list', voices: [] }); }
+    });
+
+    getSpeech().then(s => s.preloadTTS()).catch(e => debugLog('[TTS] Preload failed: ' + e.message));
+    performAutoImport();
+    setInterval(performAutoImport, 30000);
+    setInterval(performAgentHealthCheck, 30000);
+
+    const broadcastPM2 = (update) => {
+      const msg = JSON.stringify(update);
+      for (const client of pm2Subscribers) { if (client.readyState === 1) { try { client.send(msg); } catch (_) {} } }
+    };
+
+    const startPM2Monitoring = async () => {
+      try { await pm2Manager.connect(); await pm2Manager.startMonitoring(broadcastPM2); console.log('[PM2] Monitoring started'); }
+      catch (err) { console.log('[PM2] Not available:', err.message); broadcastPM2({ type: 'pm2_unavailable', reason: err.message, timestamp: Date.now() }); }
+    };
+
+    setTimeout(startPM2Monitoring, 2000);
+    setInterval(async () => {
+      if (!pm2Manager.connected && !pm2Manager.monitoring) {
+        try { const healed = await pm2Manager.heal(); if (healed.success) await pm2Manager.startMonitoring(broadcastPM2); } catch (_) {}
+      }
+    }, 30000);
+  }
+
+  return { onServerReady, getJsonlWatcher };
+}

lib/server-startup2.js

@@ -0,0 +1,83 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import PluginLoader from './plugin-loader.js';
+
+export function createAutoImport({ queries, broadcastSync }) {
+  const importMtimeCache = new Map();
+
+  function hasIndexFilesChanged() {
+    const projectsDir = path.join(os.homedir(), '.claude', 'projects');
+    if (!fs.existsSync(projectsDir)) return false;
+    let changed = false;
+    try {
+      const dirs = fs.readdirSync(projectsDir);
+      for (const d of dirs) {
+        const indexPath = path.join(projectsDir, d, 'sessions-index.json');
+        try {
+          const stat = fs.statSync(indexPath);
+          const cached = importMtimeCache.get(indexPath);
+          if (!cached || cached < stat.mtimeMs) { importMtimeCache.set(indexPath, stat.mtimeMs); changed = true; }
+        } catch (_) {}
+      }
+    } catch (_) {}
+    return changed;
+  }
+
+  function performAutoImport() {
+    try {
+      if (!hasIndexFilesChanged()) return;
+      const imported = queries.importClaudeCodeConversations();
+      if (imported.length > 0) {
+        const importedCount = imported.filter(i => i.status === 'imported').length;
+        if (importedCount > 0) {
+          console.log(`[AUTO-IMPORT] Imported ${importedCount} new Claude Code conversations`);
+          broadcastSync({ type: 'conversations_updated', count: importedCount });
+        }
+      }
+    } catch (err) { console.error('[AUTO-IMPORT] Error:', err.message); }
+  }
+
+  return { performAutoImport };
+}
+
+export function createDbRecovery({ queries, debugLog }) {
+  function performDbRecovery() {
+    try {
+      const cleanedUp = queries.cleanupOrphanedSessions(7);
+      if (cleanedUp > 0) debugLog(`[RECOVERY] Cleaned up ${cleanedUp} orphaned sessions`);
+      const longRunning = queries.getSessionsProcessingLongerThan(120);
+      if (longRunning.length > 0) {
+        for (const session of longRunning) queries.markSessionIncomplete(session.id, 'Timeout: processing exceeded 2 hours');
+        debugLog(`[RECOVERY] Marked ${longRunning.length} long-running sessions as incomplete`);
+      }
+    } catch (err) { console.error('[RECOVERY] Error:', err.message); }
+  }
+
+  return { performDbRecovery };
+}
+
+export function createPluginLoader({ pluginsDir, expressApp, BASE_URL }) {
+  const pluginLoader = new PluginLoader(pluginsDir);
+
+  async function loadPluginExtensions() {
+    try {
+      await pluginLoader.loadAllPlugins({ router: expressApp, baseUrl: BASE_URL, logger: console, env: process.env });
+      const names = Array.from(pluginLoader.registry.keys());
+      if (names.length > 0) {
+        for (const name of names) {
+          const state = pluginLoader.get(name);
+          if (!state || !state.routes) continue;
+          for (const route of state.routes) {
+            const fullPath = BASE_URL + route.path;
+            const method = (route.method || 'GET').toLowerCase();
+            if (expressApp[method]) expressApp[method](fullPath, route.handler);
+          }
+        }
+        console.log(`[PLUGINS] Loaded extensions: ${names.join(', ')}`);
+      }
+    } catch (err) { console.error('[PLUGINS] Extension loading failed (non-fatal):', err.message); }
+  }
+
+  return { loadPluginExtensions };
+}