timmy-tower/artifacts/api-server/src/routes/index.ts

import { Router, type IRouter } from "express";
import healthRouter from "./health.js";
import jobsRouter from "./jobs.js";
import bootstrapRouter from "./bootstrap.js";
import sessionsRouter from "./sessions.js";
import demoRouter from "./demo.js";
import devRouter from "./dev.js";
import testkitRouter from "./testkit.js";
import { lnbitsService } from "../lib/lnbits.js";
import uiRouter from "./ui.js";
import nodeDiagnosticsRouter from "./node-diagnostics.js";
import metricsRouter from "./metrics.js";
import worldRouter from "./world.js";
import identityRouter from "./identity.js";
import estimateRouter from "./estimate.js";
import relayRouter from "./relay.js";
import adminRelayRouter from "./admin-relay.js";
import adminRelayQueueRouter from "./admin-relay-queue.js";
import geminiRouter from "./gemini.js";

const router: IRouter = Router();

router.use(healthRouter);
router.use(metricsRouter);
router.use(jobsRouter);
router.use(estimateRouter);
router.use(bootstrapRouter);
router.use(sessionsRouter);
router.use(identityRouter);
router.use(relayRouter);
router.use(adminRelayRouter);
router.use(adminRelayQueueRouter);
router.use(demoRouter);
router.use("/gemini", geminiRouter);
router.use(testkitRouter);
router.use(uiRouter);
router.use(nodeDiagnosticsRouter);
router.use(worldRouter);

// Mount dev routes when NOT in production OR when LNbits is in stub mode.
// Stub mode means there is no real Lightning backend — payments are simulated
// in-memory. The testkit relies on POST /dev/stub/pay/:hash to simulate payment
// confirmation, so we expose it whenever stub mode is active regardless of NODE_ENV.
// In real production with a live LNbits backend, stubMode is false, so these
// routes remain unexposed.
//
// OPERATIONAL TRADEOFF: Running the testkit against a live node with LNBITS_STUB=true
// (e.g. for CI without a real Lightning backend) will expose dev routes in that
// process. This is intentional — stub mode has no real funds, so the exposure
// is harmless. Never set LNBITS_STUB=true on a node with a real LNbits backend.
if (process.env.NODE_ENV !== "production" || lnbitsService.stubMode) {
  router.use(devRouter);
}

export default router;