feat(kilo-chat): chat backend service (#2410)

* feat(kilo-chat): scaffold service with wrangler, vitest, drizzle

* feat(kilo-chat): add ULID generation utility

* feat(kilo-chat): add SSE formatting helpers

* feat(kilo-chat): add Drizzle schemas for ConversationDO and MembershipDO

* feat(kilo-chat): add dual auth middleware (JWT + API key)

* feat(kilo-chat): add MembershipDO with conversation index

Per-user/bot Durable Object storing a conversation membership list with
CRUD ops (add, list, update lastMessageId, remove). Includes vitest tests
and updated wrangler types.

* feat(kilo-chat): add ConversationDO with message CRUD

* feat(kilo-chat): add conversation routes (create, list, get)

Implements POST /v1/conversations, GET /v1/conversations, and GET /v1/conversations/:id behind auth middleware, with full integration test coverage.

* feat(kilo-chat): add message routes (create, list, edit, delete)

Implements POST /v1/messages, GET /v1/conversations/:id/messages,
PATCH /v1/messages/:id, and DELETE /v1/messages/:id with membership
checks, webhook queue enqueue for bot members, and MembershipDO
lastMessageId updates.

* feat(kilo-chat): add SSE events endpoint with fan-out and replay

- Add in-memory SSE client tracking and broadcast() to ConversationDO
- Broadcast message.created, message.updated, message.deleted events after each DB write
- Add fetch() handler on ConversationDO to handle /subscribe with member auth
- Support Last-Event-ID replay by querying messages with id > lastEventId
- Add alarm() keepalive that pings all connected clients every 30s
- Add /v1/conversations/:id/events route that forwards to DO's fetch handler
- Tests: access control (403/404), broadcast no-crash, streaming header checks, replay verification
- Streaming tests placed last in file to work around miniflare SQLite WAL isolated storage limitation

* feat(kilo-chat): add typing indicator endpoint with SSE broadcast

* feat(kilo-chat): add webhook queue delivery with HMAC signing

Implements the WEBHOOK_QUEUE consumer that delivers HMAC-SHA256 signed
payloads to the kiloclaw webhook endpoint, with per-message ack/retry
and graceful handling when secrets are not configured.

* fix(kilo-chat): resolve all oxlint errors

* refactor(kilo-chat): replace hand-rolled ULID with ulid package, use monotonicFactory for message IDs

* fix(kilo-chat): review fixes — webhook payload, timing-safe auth, SSE replay, writer cleanup

- Fix webhook queue message shape to match WebhookMessage type (was sending wrong fields)
- Use constant-time comparison for API key auth via crypto.subtle.timingSafeEqual
- SSE replay always sends message.created for missed messages (client never saw them)
- Close dead SSE writers on disconnect to prevent resource leaks
- Remove redundant callerKind guard in message creation

* fix(kilo-chat): review round 2 — timing-safe fix, server-controlled versioning, single webhook

- Remove redundant string-length check in timingSafeEqual (keep byte-length only)
- Server now controls message version (increments from current), not client-supplied
- Send one webhook per message (not one per bot member) since payloads are identical
- Allow version 0 in edit schema for stale clients

* fix(kilo-chat): harden webhook error path against body read failure

* refactor(kilo-chat): rename KILOCHAT_API_KEY to KILOCHAT_API_TOKEN to match kiloclaw

* feat(kilo-chat): add chat.kiloapps.io custom domain route

* fix(kilo-chat): bind NEXTAUTH_SECRET to NEXTAUTH_SECRET_PROD in secrets store

* fix(kiloclaw/kilo-chat): update plugin to send content blocks instead of flat text

Replace `text: string` with `content: ContentBlock[]` in CreateMessageParams and
EditMessageParams, wrap text strings in `[{ type: 'text', text }]` blocks at all
call sites (preview-stream and webhook deliver), and update all three test files
to match. Also change the e2e script SANDBOX_ID default to 'e2e-test-sandbox'.

* fix(kilo-chat): add zod validation at all input boundaries

Author: iscekic

pnpm-lock.yaml

@@ -0,0 +1,7 @@
+import { defineConfig } from 'drizzle-kit';
+export default defineConfig({
+  out: './drizzle/conversation',
+  schema: './src/db/conversation-schema.ts',
+  dialect: 'sqlite',
+  driver: 'durable-sqlite',
+});

services/kilo-chat/drizzle-conversation.config.ts

@@ -0,0 +1,7 @@
+import { defineConfig } from 'drizzle-kit';
+export default defineConfig({
+  out: './drizzle/membership',
+  schema: './src/db/membership-schema.ts',
+  dialect: 'sqlite',
+  driver: 'durable-sqlite',
+});

services/kilo-chat/drizzle-membership.config.ts

@@ -0,0 +1,22 @@
+CREATE TABLE `conversation` (
+	`id` text PRIMARY KEY NOT NULL,
+	`title` text,
+	`created_by` text NOT NULL,
+	`created_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `members` (
+	`id` text PRIMARY KEY NOT NULL,
+	`kind` text NOT NULL,
+	`joined_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `messages` (
+	`id` text PRIMARY KEY NOT NULL,
+	`sender_id` text NOT NULL,
+	`content` text NOT NULL,
+	`in_reply_to_message_id` text,
+	`version` integer DEFAULT 1 NOT NULL,
+	`updated_at` integer,
+	`deleted` integer DEFAULT 0 NOT NULL
+);

services/kilo-chat/drizzle/conversation/0000_typical_lady_deathstrike.sql

@@ -0,0 +1,148 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "bccc296c-3003-4ee0-9589-b866db164844",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "tables": {
+    "conversation": {
+      "name": "conversation",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "created_by": {
+          "name": "created_by",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "members": {
+      "name": "members",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "kind": {
+          "name": "kind",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "messages": {
+      "name": "messages",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "sender_id": {
+          "name": "sender_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "content": {
+          "name": "content",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "in_reply_to_message_id": {
+          "name": "in_reply_to_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "version": {
+          "name": "version",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 1
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "deleted": {
+          "name": "deleted",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

services/kilo-chat/drizzle/conversation/meta/0000_snapshot.json

@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "sqlite",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "6",
+      "when": 1776174192890,
+      "tag": "0000_typical_lady_deathstrike",
+      "breakpoints": true
+    }
+  ]
+}

services/kilo-chat/drizzle/conversation/meta/_journal.json

@@ -0,0 +1,9 @@
+import journal from './meta/_journal.json';
+import m0000 from './0000_typical_lady_deathstrike.sql';
+
+export default {
+  journal,
+  migrations: {
+    m0000,
+  },
+};

services/kilo-chat/drizzle/conversation/migrations.js

@@ -0,0 +1,7 @@
+CREATE TABLE `conversations` (
+	`conversation_id` text PRIMARY KEY NOT NULL,
+	`conversation_title` text,
+	`last_message_id` text,
+	`last_read_message_id` text,
+	`joined_at` integer NOT NULL
+);

services/kilo-chat/drizzle/membership/0000_high_trish_tilby.sql

@@ -0,0 +1,63 @@
+{
+  "version": "6",
+  "dialect": "sqlite",
+  "id": "634e621f-31e6-4ad3-b897-1aadef274e84",
+  "prevId": "00000000-0000-0000-0000-000000000000",
+  "tables": {
+    "conversations": {
+      "name": "conversations",
+      "columns": {
+        "conversation_id": {
+          "name": "conversation_id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "conversation_title": {
+          "name": "conversation_title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_message_id": {
+          "name": "last_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "last_read_message_id": {
+          "name": "last_read_message_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "joined_at": {
+          "name": "joined_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    }
+  },
+  "views": {},
+  "enums": {},
+  "_meta": {
+    "schemas": {},
+    "tables": {},
+    "columns": {}
+  },
+  "internal": {
+    "indexes": {}
+  }
+}

services/kilo-chat/drizzle/membership/meta/0000_snapshot.json

@@ -0,0 +1,13 @@
+{
+  "version": "7",
+  "dialect": "sqlite",
+  "entries": [
+    {
+      "idx": 0,
+      "version": "6",
+      "when": 1776174193328,
+      "tag": "0000_high_trish_tilby",
+      "breakpoints": true
+    }
+  ]
+}