// offending code· 3 files flaggedpatterns: 11
--- install scripts ---
### postinstall
node scripts/postinstall.mjs
### prepublishOnly
node scripts/build-frontend.mjs
--- package/package.json (excerpt) ---
{
"name": "totem-llm",
"version": "0.3.2",
"description": "Totem LLM – Your Private AI. Run a self-hosted AI assistant locally on Linux, macOS, or Windows.",
"main": "bin/totem-llm.js",
"type": "module",
"author": "Fred Terzi",
"license": "MIT",
"repository": {
"type": "git",
"url": "git+https://github.com/fred-terzi/totem-llm.git"
},
"bugs": {
"url": "https://github.com/fred-terzi/totem-llm/issues"
},
"homepage": "https://github.com/fred-terzi/totem-llm#readme",
"engines": {
"node": ">=18"
},
"bin": {
"totem-llm": "bin/totem-llm.js"
},
"files": [
"bin/",
"lib/",
"config/",
"scripts/postinstall.mjs",
"totem.features.cjs",
"server/",
"collector/"
],
"publishConfig": {
"access": "public"
},
"scripts": {
"test": "jest",
"lint": "cd server && yarn lint && cd ../frontend && yarn lint && cd ../collector && yarn lint",
"lint:ci": "cd server && yarn lint:check && cd ../frontend && yarn lint:check && cd ../collector && yarn lint:check",
"setup": "cd server && yarn && cd ../collector && yarn && cd ../frontend && yarn && cd .. && yarn setup:envs && yarn prisma:setup && echo \"Please run yarn dev:server, yarn dev:collector, and yarn dev:frontend in separate terminal tabs.\"",
"setup:envs": "node scripts/setup-envs.mjs",
"dev:server": "cd server && yarn dev",
"dev:collector": "cd collector && yarn dev",
"dev:frontend": "cd frontend && yarn dev",
"dev:all": "npx
--- package/totem.features.cjs (excerpt) ---
/**
* Totem LLM Feature Manifest
*
* This file reads feature definitions and profiles from config/totem.features.json.
* It is read by:
* - Vite at build time (baked into the frontend bundle as __TOTEM_FEATURES__)
* - The Node.js server at runtime (for API route gating)
*
* To select a profile, set the TOTEM_BUILD_PROFILE environment variable
* before building or running the server. Defaults to "npm" if unset.
*
* TOTEM_BUILD_PROFILE=source yarn build
*
* ─── Adding a new feature ─────────────────────────────────────────────────────
* 1. Add the key to `FEATURE_DEFINITIONS` in config/totem.features.json
* 2. Set `enabled: false` in any profile where it should be hidden.
* 3. Use `useFeatureFlag('yourKey')` in React components to gate UI.
* 4. Use `requireFeature('yourKey')` middleware on server routes to gate APIs.
*/
const path = require('path');
const fs = require('fs');
const os = require('os');
// User-editable config lives in the storage dir (~/totem-llm by default).
// Falls back to the bundled default shipped with the package.
const storageDir = process.env.TOTEM_STORAGE_DIR ?? path.join(os.homedir(), 'totem-llm');
const USER_CONFIG_PATH = path.join(storageDir, 'totem.features.json');
const DEFAULT_CONFIG_PATH = path.resolve(__dirname, 'config', 'totem.features.json');
const CONFIG_PATH = fs.existsSync(USER_CONFIG_PATH) ? USER_CONFIG_PATH : DEFAULT_CONFIG_PATH;
let FEATURE_DEFINITIONS, PROFILES;
try {
const config = JSON.parse(fs.re
--- package/server/index.js (excerpt) ---
process.env.NODE_ENV === "development"
? require("dotenv").config({ path: `.env.${process.env.NODE_ENV}` })
: require("dotenv").config();
const os = require("os");
const path = require("path");
const { mkdirSync } = require("fs");
if (!process.env.STORAGE_DIR) {
process.env.STORAGE_DIR = path.join(os.homedir(), "totem-llm");
}
// Ensure all required storage subdirectories exist
for (const sub of ["documents", "vector-cache", "models", "direct-uploads", "generated-files", "comkey", "tmp", "assets"]) {
mkdirSync(path.join(process.env.STORAGE_DIR, sub), { recursive: true });
}
require("./utils/logger")();
const express = require("express");
const bodyParser = require("body-parser");
const cors = require("cors");
const { reqBody } = require("./utils/http");
const { systemEndpoints } = require("./endpoints/system");
const { workspaceEndpoints } = require("./endpoints/workspaces");
const { chatEndpoints } = require("./endpoints/chat");
const { embeddedEndpoints } = require("./endpoints/embed");
const { embedManagementEndpoints } = require("./endpoints/embedManagement");
const { getVectorDbClass } = require("./utils/helpers");
const { adminEndpoints } = require("./endpoints/admin");
const { modelRouterEndpoints } = require("./endpoints/modelRouter");
const { inviteEndpoints } = require("./endpoints/invite");
const { utilEndpoints } = require("./endpoints/utils");
const { developerEndpoints } = require("./endpoints/api");
const { extensionEndpoints } = require("./endpoints/
--- dynamic destinations ---
→ api.minimax.io (via hostname-var)
→ api.moonshot.ai (via hostname-var)
→ api.z.ai (via hostname-var)
→ api.sambanova.ai (via hostname-var)