Workspace Endpoints for Ralph Server

[ethanshenley]

Workspace file access endpoints for Ralph server

Why?

The agent's workspace is the source of truth for everything it produces. Until now, the only way to browse that workspace was through the Gollum wiki viewer. These new endpoints give any HTTP client (the Gollum UI, custom dashboards, or future tools) direct read/write access to the live workspace, without requiring filesystem access or a separate process.

This could be important for the Gollum wiki workflow: users can now explore, edit, and manage workspace files through their own interfaces, and the /log endpoint exposes git history so clients can show what the agent has been doing without shelling out to git themselves. This adds a layer of accessibility for nightshift users.

Summary

• Add /files endpoint (GET/PUT/DELETE) for reading, writing, and deleting files within the configured workspace directory
• Add /tree endpoint (GET) for listing directory contents with dotfile filtering and directory-first sorting
• Add /log endpoint (GET) for querying git commit history in the workspace
• Path traversal protection on all workspace endpoints to prevent access outside the workspace root

Details

The Ralph daemon now serves as a file gateway for the workspace it manages. Clients can browse, read, create, and delete workspace files over HTTP without needing direct filesystem access. All file/tree endpoints validate that resolved paths stay within the workspace boundary and return 400 on traversal attempts, 404 on missing resources, and 501 if no workspace is configured. The limit param on /log is parsed and clamped to prevent injection.

Tests

• 12 new tests covering GET/PUT/DELETE /files and GET /tree
• Path traversal rejection on all read and write endpoints
• Missing path param → 400
• Nested file read/write with auto-created parent directories
• Dotfile filtering in /tree
• 404 for missing files and directories
• All passing