Update app.js

app.js

@@ -1,294 +1,405 @@
-import express from 'express';
-import bodyParser from 'body-parser';
-import cors from 'cors';
-import { StateManager } from './stateManager.js';
-import { AIEngine } from './aiEngine.js';
-import fs from 'fs';
+require('dotenv').config();
+const express = require('express');
+const admin = require('firebase-admin');
+const jwt = require('jsonwebtoken');
+const { v4: uuidv4 } = require('uuid');
+const axios = require('axios');
+const bodyParser = require('body-parser');
 
 const app = express();
-const PORT = process.env.PORT || 7860;
-
-// Load prompts
-const sysPrompts = JSON.parse(fs.readFileSync('./prompts.json', 'utf8'));
+app.use(bodyParser.json());
+
+// ---------------------------------------------------------
+// 1. STATE MANAGEMENT (In-Memory DB)
+// ---------------------------------------------------------
+
+// Store temporary "proj_" redemption keys.
+// Structure: { "proj_xyz": { uid: "...", projectId: "...", expiresAt: timestamp } }
+const tempKeys = new Map();
+
+// Store JWT Secrets (Hydrated Cache).
+// Structure: { "uid:projectId": { secret: "...", lastAccessed: timestamp } }
+const activeSessions = new Map();
+
+let db = null; // Firebase DB Reference
+
+// ---------------------------------------------------------
+// 2. FIREBASE INITIALIZATION
+// ---------------------------------------------------------
+try {
+    if (process.env.FIREBASE_SERVICE_ACCOUNT_JSON) {
+        const serviceAccount = JSON.parse(process.env.FIREBASE_SERVICE_ACCOUNT_JSON);
+        if (admin.apps.length === 0) {
+            admin.initializeApp({
+                credential: admin.credential.cert(serviceAccount),
+                databaseURL: process.env.FIREBASE_DB_URL || "https://your-firebase-project.firebaseio.com"
+            });
+        }
+        db = admin.database();
+        console.log("🔥 Firebase Connected & StateManager Linked");
+    } else {
+        console.warn("⚠️ Memory-Only mode (No Firebase JSON provided).");
+    }
+} catch (e) {
+    console.error("Firebase Init Error:", e);
+}
 
-app.use(cors());
-app.use(bodyParser.json({ limit: '50mb' }));
+// ---------------------------------------------------------
+// 3. HELPER FUNCTIONS & MIDDLEWARE
+// ---------------------------------------------------------
 
-const validateRequest = (req, res, next) => {
-    const { userId, projectId } = req.body;
-    if (!userId || !projectId) return res.status(400).json({ error: "Missing ID" });
-    next();
-};
+// Middleware to verify Firebase ID Token (for /key and /nullify)
+// Includes a Debug Bypass variable
+const verifyFirebaseUser = async (req, res, next) => {
+    const debugMode = process.env.DEBUG_NO_AUTH === 'true'; // Set to true in .env for testing without valid tokens
 
-// Helper to extract PM's isolated instruction
-function extractWorkerPrompt(text) {
-    const match = text.match(/WORKER_PROMPT:\s*(.*)/s);
-    return match ? match[1].trim() : null;
-}
+    if (debugMode) {
+        req.user = { uid: "debug_user_001" };
+        return next();
+    }
 
-// Helper to format context for the AI
-function formatContext({ hierarchyContext, scriptContext, logContext }) {
-    let out = "";
-    if (scriptContext) out += `\n[TARGET SCRIPT]: ${scriptContext.targetName}\n[SOURCE PREVIEW]: ${scriptContext.scriptSource.substring(0, 500)}...`;
-    if (logContext) out += `\n[LAST LOGS]: ${logContext.logs}`;
-    return out;
-}
+    const authHeader = req.headers.authorization;
+    if (!authHeader || !authHeader.startsWith('Bearer ')) {
+        return res.status(401).json({ error: 'Missing Bearer token' });
+    }
 
-/**
- * 1. NEW PROJECT (Restored Full Logic)
- * Flow: PM (GDD) -> PM (Tasks) -> Worker (Task 1 Isolated)
- */
-app.post('/new/project', validateRequest, async (req, res) => {
-    const { userId, projectId, description } = req.body;
+    const idToken = authHeader.split('Bearer ')[1];
 
     try {
-        // 1. Generate GDD
-        const pmHistory = [];
-        const gddPrompt = `Create a comprehensive GDD for: ${description}`;
-        const gddResponse = await AIEngine.callPM(pmHistory, gddPrompt);
-        
-        pmHistory.push({ role: 'user', parts: [{ text: gddPrompt }] });
-        pmHistory.push({ role: 'model', parts: [{ text: gddResponse }] });
+        if (admin.apps.length > 0) {
+            const decodedToken = await admin.auth().verifyIdToken(idToken);
+            req.user = decodedToken;
+            next();
+        } else {
+            // Fallback for memory-only mode without validation
+            req.user = { uid: "memory_user" };
+            next();
+        }
+    } catch (error) {
+        return res.status(403).json({ error: 'Unauthorized', details: error.message });
+    }
+};
 
-        // 2. Generate Initial Task List & Extract First Prompt
-        const taskPrompt = "Based on the GDD, generate the first technical milestone.\nOutput format:\nTASK_NAME: <Name>\nWORKER_PROMPT: <Specific, isolated instructions for the worker>";
-        const taskResponse = await AIEngine.callPM(pmHistory, taskPrompt);
+// Helper to fetch Secret (Memory -> DB -> 404)
+async function getSessionSecret(uid, projectId) {
+    const cacheKey = `${uid}:${projectId}`;
 
-        pmHistory.push({ role: 'user', parts: [{ text: taskPrompt }] });
-        pmHistory.push({ role: 'model', parts: [{ text: taskResponse }] });
+    // 1. Check Memory
+    if (activeSessions.has(cacheKey)) {
+        const session = activeSessions.get(cacheKey);
+        session.lastAccessed = Date.now(); // Update access time for cleanup
+        return session.secret;
+    }
 
-        // 3. Extract the Isolated Prompt
-        const initialWorkerInstruction = extractWorkerPrompt(taskResponse) || `Initialize structure for: ${description}`;
+    // 2. Hydrate from DB
+    if (db) {
+        try {
+            const snapshot = await db.ref(`plugin_oauth/${uid}/${projectId}`).once('value');
+            if (snapshot.exists()) {
+                const secret = snapshot.val();
+                // Store in memory for next time
+                activeSessions.set(cacheKey, { secret, lastAccessed: Date.now() });
+                console.log(`💧 Hydrated secret for ${cacheKey} from DB`);
+                return secret;
+            }
+        } catch (err) {
+            console.error("DB Read Error:", err);
+        }
+    }
 
-        // 4. Initialize Worker (Fresh Scope)
-        const workerHistory = [];
-        const initialWorkerPrompt = `CONTEXT: None (New Project). \nINSTRUCTION: ${initialWorkerInstruction}`;
-        const workerResponse = await AIEngine.callWorker(workerHistory, initialWorkerPrompt);
+    // 3. Not found
+    return null;
+}
 
-        workerHistory.push({ role: 'user', parts: [{ text: initialWorkerPrompt }] });
-        workerHistory.push({ role: 'model', parts: [{ text: workerResponse }] });
+// ---------------------------------------------------------
+// 4. ENDPOINTS
+// ---------------------------------------------------------
 
-        // 5. Save State
-        await StateManager.updateProject(projectId, {
-            userId,
-            pmHistory,
-            workerHistory,
-            gdd: gddResponse,
-            failureCount: 0
-        });
+// Endpoint: /key
+// Generates a temporary 'proj_' token. Expects Firebase Auth.
+app.post('/key', verifyFirebaseUser, (req, res) => {
+    const { projectId } = req.body;
+    if (!projectId) return res.status(400).json({ error: 'projectId required' });
 
-        // Queue for Plugin
-        StateManager.queueCommand(projectId, workerResponse);
+    const key = `proj_${uuidv4().replace(/-/g, '')}`;
+    
+    // Store in memory (valid for 5 minutes)
+    tempKeys.set(key, {
+        uid: req.user.uid,
+        projectId: projectId,
+        createdAt: Date.now()
+    });
 
-        res.json({ success: true, message: "Project Initialized", gddPreview: gddResponse.substring(0, 200) });
+    console.log(`🔑 Generated Key for user ${req.user.uid}: ${key}`);
+    res.json({ key, expiresIn: 300 });
+});
 
-    } catch (err) {
-        console.error(err);
-        res.status(500).json({ error: "Initialization Failed" });
+// Endpoint: /redeem
+// Exchanges 'proj_' key for a JWT.
+app.post('/redeem', async (req, res) => {
+    const { key } = req.body;
+    
+    if (!key || !tempKeys.has(key)) {
+        return res.status(404).json({ error: 'Invalid or expired key' });
     }
-});
 
-/**
- * 2. FEEDBACK LOOP (Restored Escalation & Termination)
- */
-app.post('/project/feedback', async (req, res) => {
-    const { projectId, prompt, hierarchyContext, scriptContext, logContext, taskComplete } = req.body;
+    const data = tempKeys.get(key);
     
-    const project = await StateManager.getProject(projectId);
-    if (!project) return res.status(404).json({ error: "Project not found." });
-
-    // ==========================================
-    // A. TASK COMPLETE -> SCOPE SWITCH
-    // ==========================================
-    if (taskComplete) {
-        console.log(`[${projectId}] ✅ TASK COMPLETE.`);
-        
-        // 1. Report to PM
-        const summary = `Worker completed the previous task. Logs: ${logContext?.logs || "Clean"}. \nGenerate the NEXT task using 'WORKER_PROMPT:' format.`;
-        const pmResponse = await AIEngine.callPM(project.pmHistory, summary);
-        
-        project.pmHistory.push({ role: 'user', parts: [{ text: summary }] });
-        project.pmHistory.push({ role: 'model', parts: [{ text: pmResponse }] });
-
-        // 2. Get Next Instruction
-        const nextInstruction = extractWorkerPrompt(pmResponse);
-        if (!nextInstruction) {
-             await StateManager.updateProject(projectId, { pmHistory: project.pmHistory, status: "IDLE" });
-             return res.json({ success: true, message: "No further tasks generated. Project Idle." });
-        }
+    // Generate a unique secret for this session/project
+    const sessionSecret = uuidv4(); 
+    
+    // Create JWT
+    const token = jwt.sign(
+        { uid: data.uid, projectId: data.projectId }, 
+        sessionSecret, 
+        { expiresIn: '7d' } // Plugin token validity
+    );
 
-        // 3. NUKE WORKER (Scope Reset)
-        console.log(`[${projectId}] 🧹 Nuking Worker for next task.`);
-        const newWorkerHistory = [];
-        const newPrompt = `New Objective: ${nextInstruction}`;
-        const workerResponse = await AIEngine.callWorker(newWorkerHistory, newPrompt);
+    const cacheKey = `${data.uid}:${data.projectId}`;
 
-        newWorkerHistory.push({ role: 'user', parts: [{ text: newPrompt }] });
-        newWorkerHistory.push({ role: 'model', parts: [{ text: workerResponse }] });
+    // 1. Store in Memory
+    activeSessions.set(cacheKey, { secret: sessionSecret, lastAccessed: Date.now() });
 
-        await StateManager.updateProject(projectId, {
-            pmHistory: project.pmHistory,
-            workerHistory: newWorkerHistory,
-            failureCount: 0
-        });
+    // 2. Store in Firebase (Persist)
+    if (db) {
+        await db.ref(`plugin_oauth/${data.uid}/${data.projectId}`).set(sessionSecret);
+    }
 
-        // Clear Console Command + New Code
-        StateManager.queueCommand(projectId, "CLEAR_CONSOLE"); 
-        StateManager.queueCommand(projectId, workerResponse);
+    // Burn the redemption key (One-time use)
+    tempKeys.delete(key);
 
-        return res.json({ success: true, message: "Next Task Assigned" });
-    }
+    console.log(`🚀 Redeemed JWT for ${cacheKey}`);
+    res.json({ token });
+});
 
-    // ==========================================
-    // B. ERROR HANDLING & ESCALATION
-    // ==========================================
-    let isFailure = false;
-    if (logContext?.logs) {
-        const errs = ["Error", "Exception", "failed", "Stack Begin"];
-        if (errs.some(k => logContext.logs.includes(k))) {
-            isFailure = true;
-            project.failureCount = (project.failureCount || 0) + 1;
-        }
-    }
+// Endpoint: /poll
+// Verifies JWT using the stored secret and forwards to external server.
+app.post('/poll', async (req, res) => {
+    const { token, payload: clientPayload } = req.body;
 
-    // Prepare Prompt
-    const fullInput = `USER: ${prompt || "Automatic Feedback"}` + formatContext({ hierarchyContext, scriptContext, logContext });
+    if (!token) return res.status(400).json({ error: 'Token required' });
 
-    // --- ESCALATION LOGIC (Restored) ---
-    if (project.failureCount > 2) {
-        console.log(`[${projectId}] 🚨 Escalating to PM (Failures: ${project.failureCount})...`);
-        
-        // 1. Ask PM for solution
-        const pmPrompt = sysPrompts.pm_guidance_prompt.replace('{{LOGS}}', logContext?.logs);
-        const pmVerdict = await AIEngine.callPM(project.pmHistory, pmPrompt);
+    // Decode without verification first to find WHO it is
+    const decoded = jwt.decode(token);
+    if (!decoded || !decoded.uid || !decoded.projectId) {
+        return res.status(401).json({ error: 'Malformed token' });
+    }
 
-        // 2. CHECK: Did PM order termination?
-        if (pmVerdict.includes("[TERMINATE]")) {
-            console.log(`[${projectId}] 💀 PM TERMINATED WORKER.`);
-            
-            const fixInstruction = pmVerdict.replace("[TERMINATE]", "").trim();
-            
-            // Hard Reset
-            const resetHistory = [];
-            const resetPrompt = `[SYSTEM]: Previous worker terminated. \nNew Objective: ${fixInstruction}`;
-            const workerResp = await AIEngine.callWorker(resetHistory, resetPrompt);
-            
-            resetHistory.push({ role: 'user', parts: [{ text: resetPrompt }] });
-            resetHistory.push({ role: 'model', parts: [{ text: workerResp }] });
+    // Fetch secret (Memory -> DB -> 404)
+    const secret = await getSessionSecret(decoded.uid, decoded.projectId);
 
-            await StateManager.updateProject(projectId, { workerHistory: resetHistory, failureCount: 0 });
-            StateManager.queueCommand(projectId, "CLEAR_CONSOLE");
-            StateManager.queueCommand(projectId, workerResp);
-            
-            return res.json({ success: true, message: "Worker Terminated & Replaced." });
-        } 
-        else {
-            // 3. Just Guidance (Soft Fix)
-            console.log(`[${projectId}] 💡 PM Provided Guidance.`);
-            const injection = `[PM GUIDANCE]: ${pmVerdict} \n\nApply this fix now.`;
-            const workerResp = await AIEngine.callWorker(project.workerHistory, injection);
-            
-            project.workerHistory.push({ role: 'user', parts: [{ text: injection }] });
-            project.workerHistory.push({ role: 'model', parts: [{ text: workerResp }] });
-            
-            // Reset count slightly so we don't spam PM, but keep watch
-            await StateManager.updateProject(projectId, { workerHistory: project.workerHistory, failureCount: 0 });
-            await StateManager.queueCommand(projectId, workerResp);
-            
-            return res.json({ success: true, message: "PM Guidance Applied." });
-        }
+    if (!secret) {
+        return res.status(404).json({ error: 'Session revoked or not found' });
     }
 
-    // ==========================================
-    // C. STANDARD WORKER LOOP
-    // ==========================================
+    // Verify signature
     try {
-        const response = await AIEngine.callWorker(project.workerHistory, fullInput);
+        jwt.verify(token, secret);
         
-        project.workerHistory.push({ role: 'user', parts: [{ text: fullInput }] });
-        project.workerHistory.push({ role: 'model', parts: [{ text: response }] });
+        // If valid, post to external server
+        const externalUrl = process.env.EXTERNAL_SERVER_URL || 'https://httpbin.org/post'; // Default for testing
         
-        await StateManager.updateProject(projectId, { 
-            workerHistory: project.workerHistory,
-            failureCount: project.failureCount 
-        });
-        
-        await StateManager.queueCommand(projectId, response);
-        res.json({ success: true });
+        try {
+            const response = await axios.post(externalUrl, {
+                user: decoded.uid,
+                project: decoded.projectId,
+                data: clientPayload
+            });
+            return res.json({ status: 'success', externalResponse: response.data });
+        } catch (extError) {
+            return res.status(502).json({ error: 'External server error' });
+        }
 
     } catch (err) {
-        console.error("AI Error:", err);
-        res.status(500).json({ error: "AI Failed" });
+        return res.status(403).json({ error: 'Invalid Token Signature' });
     }
 });
 
-/**
- * 3. HUMAN OVERRIDE (God Mode)
- */
-app.post('/human/override', validateRequest, async (req, res) => {
-    const { projectId, instruction, pruneHistory } = req.body;
-    const project = await StateManager.getProject(projectId);
-    
-    const overrideMsg = `[SYSTEM OVERRIDE]: ${instruction}`;
-    
-    // Optional: Prune the argument if they are stuck
-    if (pruneHistory && project.workerHistory.length >= 2) {
-        project.workerHistory.pop(); // last model
-        project.workerHistory.pop(); // last user
+// Endpoint: /cleanup
+// Memory management: Clears old JWT secrets from RAM that haven't been used recently.
+// Does NOT delete from Firebase.
+app.post('/cleanup', (req, res) => {
+    const THRESHOLD = 1000 * 60 * 60; // 1 Hour
+    const now = Date.now();
+    let cleanedCount = 0;
+
+    for (const [key, value] of activeSessions.entries()) {
+        if (now - value.lastAccessed > THRESHOLD) {
+            activeSessions.delete(key);
+            cleanedCount++;
+        }
     }
 
-    const response = await AIEngine.callWorker(project.workerHistory, overrideMsg);
-    project.workerHistory.push({ role: 'user', parts: [{ text: overrideMsg }] });
-    project.workerHistory.push({ role: 'model', parts: [{ text: response }] });
+    // Also clean old temp keys (older than 10 mins)
+    for (const [key, value] of tempKeys.entries()) {
+        if (now - value.createdAt > (1000 * 60 * 10)) {
+            tempKeys.delete(key);
+        }
+    }
 
-    await StateManager.updateProject(projectId, { workerHistory: project.workerHistory });
-    await StateManager.queueCommand(projectId, response);
-    res.json({ success: true, message: "Override Executed" });
+    console.log(`🧹 Garbage Collection: Removed ${cleanedCount} cached sessions.`);
+    res.json({ message: `Cleaned ${cleanedCount} cached sessions from memory.` });
 });
 
-/**
- * 4. WORKER KILL (Manual Reassignment)
- */
-app.post('/worker/kill', validateRequest, async (req, res) => {
+// Endpoint: /nullify
+// Security Nuke: Removes session from Memory AND Firebase.
+app.post('/nullify', verifyFirebaseUser, async (req, res) => {
     const { projectId } = req.body;
-    // Logic: Just reset the history with a "Try again" prompt
-    const project = await StateManager.getProject(projectId);
-    
-    const rebootPrompt = "[SYSTEM]: Worker process restarted. Attempt the task again from scratch.";
-    const response = await AIEngine.callWorker([{ role: 'user', parts: [{ text: rebootPrompt }] }], rebootPrompt);
-    
-    await StateManager.updateProject(projectId, {
-        workerHistory: [{ role: 'user', parts: [{ text: rebootPrompt }] }], // Nuke history
-        workerHistory: [{ role: 'model', parts: [{ text: response }] }],
-        failureCount: 0
-    });
-    
-    StateManager.queueCommand(projectId, response);
-    res.json({ success: true, message: "Worker Killed & Restarted" });
-});
+    if (!projectId) return res.status(400).json({ error: 'projectId required' });
 
-/**
- * 5. PING (Plugin Polling)
- */
-app.post('/project/ping', async (req, res) => {
-    const { projectId } = req.body;
-    const command = await StateManager.popCommand(projectId);
-    
-    if (command) {
-        if (command.payload === "CLEAR_CONSOLE") {
-             res.json({ action: "CLEAR_LOGS" });
-        } else {
-            res.json({ 
-                action: command.type, 
-                target: command.payload, 
-                code: command.type === 'EXECUTE' ? command.payload : null 
-            });
+    const cacheKey = `${req.user.uid}:${projectId}`;
+
+    // 1. Remove from Memory
+    const existedInMemory = activeSessions.delete(cacheKey);
+
+    // 2. Remove from Firebase
+    if (db) {
+        try {
+            await db.ref(`plugin_oauth/${req.user.uid}/${projectId}`).remove();
+        } catch (e) {
+            return res.status(500).json({ error: 'Database error during nullify' });
         }
-    } else {
-        res.json({ action: "IDLE" });
     }
+
+    console.log(`☢️ NULLIFIED session for ${cacheKey}`);
+    res.json({ 
+        success: true, 
+        message: 'Session secrets purged from memory and database.',
+        wasCached: existedInMemory 
+    });
 });
 
+// ---------------------------------------------------------
+// 5. EMBEDDED HTML DEBUGGER
+// ---------------------------------------------------------
+app.get('/', (req, res) => {
+    res.send(`
+    <!DOCTYPE html>
+    <html lang="en">
+    <head>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        <title>Roblox Plugin Auth Server</title>
+        <style>
+            body { font-family: monospace; background: #1e1e1e; color: #d4d4d4; padding: 20px; max-width: 800px; margin: 0 auto; }
+            .container { background: #252526; padding: 20px; border-radius: 8px; border: 1px solid #333; }
+            input, button { padding: 10px; margin: 5px 0; width: 100%; box-sizing: border-box; background: #3c3c3c; border: 1px solid #555; color: white; }
+            button { background: #0e639c; cursor: pointer; font-weight: bold; }
+            button:hover { background: #1177bb; }
+            button.danger { background: #a51d2d; }
+            label { display: block; margin-top: 10px; color: #9cdcfe; }
+            pre { background: #000; padding: 10px; border: 1px solid #444; overflow-x: auto; white-space: pre-wrap; }
+            .status { margin-top: 20px; padding: 10px; border-left: 4px solid #0e639c; background: #2d2d2d; }
+        </style>
+    </head>
+    <body>
+        <h1>🔌 Plugin Auth Debugger</h1>
+        
+        <div class="container">
+            <h3>1. Configuration</h3>
+            <label>Firebase ID Token (leave empty if DEBUG_NO_AUTH=true)</label>
+            <input type="text" id="fbToken" placeholder="eyJhbG...">
+            
+            <label>Project ID</label>
+            <input type="text" id="projId" value="roblox_world_1">
+
+            <hr style="border-color:#444">
+
+            <h3>2. Generate Key (/key)</h3>
+            <button onclick="generateKey()">Generate PROJ_ Key</button>
+            <pre id="keyResult">Waiting...</pre>
+
+            <h3>3. Redeem Token (/redeem)</h3>
+            <label>Key to Redeem</label>
+            <input type="text" id="redeemKeyInput">
+            <button onclick="redeemKey()">Redeem for JWT</button>
+            <pre id="jwtResult">Waiting...</pre>
+
+            <h3>4. Poll External (/poll)</h3>
+            <label>JWT Token</label>
+            <input type="text" id="jwtInput">
+            <button onclick="poll()">Poll External Server</button>
+            <pre id="pollResult">Waiting...</pre>
+
+            <h3>5. Management</h3>
+            <div style="display:flex; gap:10px;">
+                <button onclick="cleanup()">Memory Cleanup</button>
+                <button class="danger" onclick="nullify()">Nullify (Nuke)</button>
+            </div>
+            <pre id="mgmtResult">Waiting...</pre>
+        </div>
+
+        <script>
+            const baseUrl = '';
+
+            async function generateKey() {
+                const token = document.getElementById('fbToken').value;
+                const projectId = document.getElementById('projId').value;
+                
+                const headers = {};
+                if(token) headers['Authorization'] = 'Bearer ' + token;
+
+                const res = await fetch(baseUrl + '/key', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json', ...headers },
+                    body: JSON.stringify({ projectId })
+                });
+                const data = await res.json();
+                document.getElementById('keyResult').innerText = JSON.stringify(data, null, 2);
+                if(data.key) document.getElementById('redeemKeyInput').value = data.key;
+            }
+
+            async function redeemKey() {
+                const key = document.getElementById('redeemKeyInput').value;
+                const res = await fetch(baseUrl + '/redeem', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ key })
+                });
+                const data = await res.json();
+                document.getElementById('jwtResult').innerText = JSON.stringify(data, null, 2);
+                if(data.token) document.getElementById('jwtInput').value = data.token;
+            }
+
+            async function poll() {
+                const token = document.getElementById('jwtInput').value;
+                const res = await fetch(baseUrl + '/poll', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json' },
+                    body: JSON.stringify({ token, payload: { msg: "Hello from Roblox" } })
+                });
+                const data = await res.json();
+                document.getElementById('pollResult').innerText = JSON.stringify(data, null, 2);
+            }
+
+            async function cleanup() {
+                const res = await fetch(baseUrl + '/cleanup', { method: 'POST' });
+                const data = await res.json();
+                document.getElementById('mgmtResult').innerText = JSON.stringify(data, null, 2);
+            }
+
+            async function nullify() {
+                const token = document.getElementById('fbToken').value;
+                const projectId = document.getElementById('projId').value;
+                
+                const headers = {};
+                if(token) headers['Authorization'] = 'Bearer ' + token;
+
+                const res = await fetch(baseUrl + '/nullify', {
+                    method: 'POST',
+                    headers: { 'Content-Type': 'application/json', ...headers },
+                    body: JSON.stringify({ projectId })
+                });
+                const data = await res.json();
+                document.getElementById('mgmtResult').innerText = JSON.stringify(data, null, 2);
+            }
+        </script>
+    </body>
+    </html>
+    `);
+});
+
+const PORT = process.env.PORT || 7860;
 app.listen(PORT, () => {
-    console.log(`AI Backend Running on ${PORT}`);
+    console.log(`🚀 Server running on http://localhost:${PORT}`);
 });