9remote 0.1.52 → 0.1.54

package/cli/utils/apiKey.js

@@ -3,38 +3,39 @@ import crypto from "crypto";
 const API_KEY_SECRET = process.env.API_KEY_SECRET || "9remote-api-key-secret";
 
 /**
- * Generate 6-char random keyId
+ * Generate 4-char random keyId
  */
 function generateKeyId() {
   const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
   let result = "";
-  for (let i = 0; i < 6; i++) {
+  for (let i = 0; i < 4; i++) {
     result += chars.charAt(Math.floor(Math.random() * chars.length));
   }
   return result;
 }
 
 /**
- * Generate CRC (8-char HMAC)
+ * Generate CRC (6-char HMAC)
  */
 function generateCrc(machineId, keyId) {
   return crypto
     .createHmac("sha256", API_KEY_SECRET)
     .update(machineId + keyId)
     .digest("hex")
-    .slice(0, 8);
+    .slice(0, 6);
 }
 
 /**
  * Generate API key with machineId embedded
- * Format: sk-{machineId}-{keyId}-{crc8}
- * @param {string} machineId - 16-char machine ID
+ * Format: sk-{machineId8}-{keyId4}-{crc6}
+ * @param {string} machineId - machine ID (uses first 8 chars)
  * @returns {{ key: string, keyId: string }}
  */
 export function generateApiKeyWithMachine(machineId) {
+  const shortId = machineId.slice(0, 8);
   const keyId = generateKeyId();
-  const crc = generateCrc(machineId, keyId);
-  const key = `sk-${machineId}-${keyId}-${crc}`;
+  const crc = generateCrc(shortId, keyId);
+  const key = `sk-${shortId}-${keyId}-${crc}`;
   return { key, keyId };
 }
 
@@ -61,6 +62,10 @@ export function parseApiKey(apiKey) {
   return null;
 }
 
+/**
+ * Verify API key CRC — supports both old (16+6+8) and new (8+4+6) format
+ */
+
 /**
  * Verify API key CRC
  * @param {string} apiKey

package/cli/utils/cloudflared.js

@@ -163,6 +163,112 @@ const LOG_IGNORE = [
   "Updated to new configuration"
 ];
 
+/**
+ * Parse trycloudflare.com URL from cloudflared log output
+ */
+function parseQuickTunnelUrl(message) {
+  const regex = /https:\/\/([a-z0-9-]+)\.trycloudflare\.com/gi;
+  const candidates = [];
+  for (const match of message.matchAll(regex)) {
+    if (match[1] === "api") continue;
+    candidates.push(`https://${match[1]}.trycloudflare.com`);
+  }
+  return candidates.length ? candidates[candidates.length - 1] : null;
+}
+
+/**
+ * Spawn cloudflared quick tunnel (no account needed)
+ * @param {number} localPort - Local port to tunnel
+ * @param {Function} onUrlUpdate - Called when URL changes after initial connect
+ * @returns {Promise<{child, tunnelUrl}>}
+ */
+export async function spawnQuickTunnel(localPort, onUrlUpdate = null) {
+  const binaryPath = await ensureCloudflared();
+
+  // Use temp config to avoid conflicting with ~/.cloudflared/config.yml
+  const configDir = fs.mkdtempSync(path.join(os.tmpdir(), "9remote-quick-"));
+  const configPath = path.join(configDir, "config.yml");
+  fs.writeFileSync(configPath, "# quick-tunnel\n", "utf8");
+
+  let cleaned = false;
+  const cleanup = () => {
+    if (cleaned) return;
+    cleaned = true;
+    try { fs.rmSync(configDir, { recursive: true, force: true }); } catch { }
+  };
+
+  const child = spawn(
+    binaryPath,
+    ["tunnel", "--url", `http://localhost:${localPort}`, "--config", configPath, "--no-autoupdate"],
+    { detached: false, windowsHide: true, stdio: ["ignore", "pipe", "pipe"] }
+  );
+
+  fs.writeFileSync(PID_FILE, child.pid.toString());
+  isIntentionalShutdown = false;
+
+  return new Promise((resolve, reject) => {
+    let resolved = false;
+    let lastUrl = null;
+
+    const timeout = setTimeout(() => {
+      if (resolved) return;
+      resolved = true;
+      cleanup();
+      reject(new Error("Quick tunnel timed out after 90s"));
+    }, 90000);
+
+    const handleLog = (data) => {
+      const msg = data.toString();
+      const tunnelUrl = parseQuickTunnelUrl(msg);
+      if (!tunnelUrl) return;
+
+      if (!resolved) {
+        resolved = true;
+        lastUrl = tunnelUrl;
+        clearTimeout(timeout);
+        cleanup();
+        resolve({ child, tunnelUrl });
+        return;
+      }
+
+      // URL rotated after initial connect — notify caller
+      if (tunnelUrl !== lastUrl) {
+        lastUrl = tunnelUrl;
+        onUrlUpdate?.(tunnelUrl);
+      }
+    };
+
+    child.stdout.on("data", handleLog);
+    child.stderr.on("data", handleLog);
+
+    child.on("error", (err) => {
+      if (resolved) return;
+      resolved = true;
+      clearTimeout(timeout);
+      cleanup();
+      reject(err);
+    });
+
+    child.on("exit", (code) => {
+      cleanup();
+      if (!resolved) {
+        resolved = true;
+        clearTimeout(timeout);
+        reject(new Error(`cloudflared exited with code ${code}`));
+        return;
+      }
+      if (!isIntentionalShutdown && restartCallback) {
+        const now = Date.now();
+        restartTimes.push(now);
+        restartTimes = restartTimes.filter(t => t > now - RESTART_WINDOW_MS);
+        if (restartTimes.length <= MAX_RESTART_ATTEMPTS) {
+          setTimeout(() => restartCallback(localPort), 2000);
+        }
+      }
+    });
+  });
+}
+
 /**
  * Spawn cloudflared tunnel
  * @param {string} tunnelToken

package/cli/utils/permissions.js

@@ -0,0 +1,45 @@
+/**
+ * Shared permission check logic (macOS TCC).
+ * Used by both the server (index.js) and TUI (tui.js via API).
+ */
+
+import { exec } from "child_process";
+
+export const PERM_URLS = {
+  screenRecording: "x-apple.systempreferences:com.apple.preference.security?Privacy_ScreenCapture",
+  accessibility:   "x-apple.systempreferences:com.apple.preference.security?Privacy_Accessibility",
+};
+
+/**
+ * Check macOS permissions. Returns { screenRecording, accessibility }.
+ * On non-macOS always returns true for both.
+ * @returns {Promise<{screenRecording: boolean, accessibility: boolean}>}
+ */
+export function checkPermissions() {
+  return new Promise((resolve) => {
+    if (process.platform !== "darwin") {
+      resolve({ screenRecording: true, accessibility: true });
+      return;
+    }
+
+    let sr = false, ax = false, done = 0;
+    const finish = () => { if (++done === 2) resolve({ screenRecording: sr, accessibility: ax }); };
+
+    // Accessibility: attempt a real keystroke action — fails without permission
+    exec(`osascript -e 'tell application "System Events" to key code 0 using {}'`,
+      { timeout: 3000 }, (err) => { ax = !err; finish(); });
+
+    // Screen Recording: capture 1px — fails silently without permission
+    exec(`screencapture -x -R 0,0,1,1 /tmp/9remote_perm_check.png && rm -f /tmp/9remote_perm_check.png`,
+      { timeout: 5000 }, (err) => { sr = !err; finish(); });
+  });
+}
+
+/**
+ * Open System Preferences pane for a given permission type.
+ * @param {"screenRecording"|"accessibility"} type
+ */
+export function openPermissionPane(type) {
+  const url = PERM_URLS[type];
+  if (url && process.platform === "darwin") exec(`open "${url}"`, () => {});
+}

package/cli/utils/state.js

@@ -5,6 +5,7 @@ import os from "os";
 const STATE_DIR = path.join(os.homedir(), ".9remote");
 const STATE_FILE = path.join(STATE_DIR, "state.json");
 const KEYS_FILE = path.join(STATE_DIR, "keys.json");
+const CMD_FILE = path.join(STATE_DIR, "cmd.json");
 
 /**
  * Ensure state directory exists
@@ -71,6 +72,28 @@ export function loadKey() {
   }
 }
 
+// ==================== IPC CMD ====================
+
+/** Write a command for CLI to pick up */
+export function writeCmd(cmd) {
+  try {
+    ensureDir();
+    fs.writeFileSync(CMD_FILE, JSON.stringify({ cmd, ts: Date.now() }));
+  } catch {}
+}
+
+/** Read and clear pending command (returns null if none) */
+export function readAndClearCmd() {
+  try {
+    if (!fs.existsSync(CMD_FILE)) return null;
+    const data = JSON.parse(fs.readFileSync(CMD_FILE, "utf8"));
+    fs.unlinkSync(CMD_FILE);
+    return data.cmd;
+  } catch {
+    return null;
+  }
+}
+
 /**
  * Save single key to file (overwrites existing)
  */

package/cli/utils/tui.js

@@ -0,0 +1,250 @@
+/**
+ * Terminal UI utilities — native ESM, no external deps
+ * Provides: selectMenu(), renderProgress(), showBanner(), confirm()
+ */
+
+import readline from "readline";
+import http from "http";
+import { openPermissionPane } from "./permissions.js";
+
+export { openPermissionPane };
+
+// Brand color: orange #E68A6E
+const C = {
+  reset:  "\x1b[0m",
+  bold:   "\x1b[1m",
+  dim:    "\x1b[2m",
+  orange: "\x1b[38;2;230;138;110m",
+  green:  "\x1b[32m",
+  red:    "\x1b[31m",
+  yellow: "\x1b[33m",
+  cyan:   "\x1b[36m",
+  white:  "\x1b[37m",
+};
+
+const W = () => Math.min(44, process.stdout.columns || 44);
+
+// ── Banner ────────────────────────────────────────────────────────────────────
+
+export function showBanner(currentVersion, latestVersion = null) {
+  const w = W();
+  const inner = w - 2;
+
+  const line = (text = "") => {
+    const plain = text.replace(/\x1b\[[0-9;]*m/g, "");
+    const pad = Math.max(0, inner - plain.length);
+    return C.orange + "║" + C.reset + text + " ".repeat(pad) + C.orange + "║" + C.reset;
+  };
+
+  const center = (text, colorFn = (s) => s) => {
+    const plain = text.replace(/\x1b\[[0-9;]*m/g, "");
+    const lp = Math.floor((inner - plain.length) / 2);
+    const rp = inner - plain.length - lp;
+    return C.orange + "║" + C.reset + " ".repeat(lp) + colorFn(text) + " ".repeat(rp) + C.orange + "║" + C.reset;
+  };
+
+  console.log("");
+  console.log(C.orange + "╔" + "═".repeat(inner) + "╗" + C.reset);
+  console.log(line());
+  console.log(center(`🚀  9Remote v${currentVersion}`, (s) => C.bold + C.orange + s + C.reset));
+  console.log(center("Remote terminal access from anywhere", (s) => C.dim + s + C.reset));
+  console.log(line());
+
+  if (latestVersion) {
+    const notice = `⬆  New version v${latestVersion} available!`;
+    console.log(center(notice, (s) => C.yellow + C.bold + s + C.reset));
+    const hint = `Run: npm i -g 9remote@latest`;
+    console.log(center(hint, (s) => C.dim + s + C.reset));
+    console.log(line());
+  }
+
+  console.log(C.orange + "╚" + "═".repeat(inner) + "╝" + C.reset);
+  console.log("");
+}
+
+// ── Progress ──────────────────────────────────────────────────────────────────
+
+const STEPS = [
+  { label: "Preparing",       desc: "Checking dependencies" },
+  { label: "Connecting",      desc: "Creating session"      },
+  { label: "Starting tunnel", desc: "Spawning cloudflared"  },
+  { label: "Ready",           desc: "Tunnel is live"        },
+];
+
+let _progressLines = 0;
+
+export function renderProgress(activeIdx, redraw = false) {
+  if (redraw && _progressLines > 0) {
+    process.stdout.write(`\x1b[${_progressLines}A\x1b[0J`);
+  }
+
+  const lines = [];
+  STEPS.forEach((step, i) => {
+    if (i < activeIdx) {
+      lines.push(`  ${C.green}✓${C.reset} ${C.dim}${step.label}${C.reset}`);
+    } else if (i === activeIdx) {
+      lines.push(`  ${C.orange}●${C.reset} ${C.bold}${step.label}${C.reset}  ${C.dim}${step.desc}${C.reset}`);
+    } else {
+      lines.push(`  ${C.dim}○ ${step.label}${C.reset}`);
+    }
+  });
+
+  lines.forEach((l) => console.log(l));
+  _progressLines = lines.length;
+}
+
+export function resetProgress() {
+  _progressLines = 0;
+}
+
+// ── selectMenu ────────────────────────────────────────────────────────────────
+
+/**
+ * Interactive arrow-key menu. Clears full screen on each render.
+ * Mirrors 9router_cli pattern exactly: emitKeypressEvents → setRawMode → on("keypress") → resume.
+ * cleanup: setRawMode(false) → removeListener → pause.
+ * Subsequent readline.createInterface calls work because they resume stdin internally.
+ *
+ * @param {string} title
+ * @param {Array<{label: string}>} items
+ * @param {number} defaultIndex
+ * @param {string} headerContent — pre-built string shown above menu
+ * @param {(setRedraw: () => void) => void} onRedrawInit — receive a redraw trigger fn (for SSE updates)
+ * @returns {Promise<number>} selected index, -1 on ESC
+ */
+export function selectMenu(title, items, defaultIndex = 0, headerContent = "", onRedrawInit = null) {
+  return new Promise((resolve) => {
+    let selected = defaultIndex;
+    let isActive = true;
+    const isWin = process.platform === "win32";
+
+    const renderMenu = () => {
+      if (!isActive) return;
+      process.stdout.write("\x1b[2J\x1b[H");
+      // Support both static string and dynamic getter function
+      const header = typeof headerContent === "function" ? headerContent() : headerContent;
+      if (header) {
+        process.stdout.write(header + "\n");
+      }
+      process.stdout.write(`${C.dim}${title}${C.reset}\n\n`);
+      items.forEach((item, i) => {
+        const icon = i === selected ? (isWin ? ">" : "★") : (isWin ? " " : "☆");
+        if (i === selected) {
+          console.log(` \x1b[7m${C.bold}${icon} ${item.label}${C.reset}`);
+        } else {
+          console.log(`  ${icon} ${item.label}`);
+        }
+      });
+    };
+
+    const cleanup = () => {
+      if (!isActive) return;
+      isActive = false;
+      if (process.stdin.isTTY) {
+        try { process.stdin.setRawMode(false); } catch {}
+      }
+      process.stdin.removeListener("keypress", onKeypress);
+      process.stdin.pause();
+    };
+
+    const onKeypress = (str, key) => {
+      if (!isActive || !key) return;
+      if (key.name === "up") {
+        selected = (selected - 1 + items.length) % items.length;
+        renderMenu();
+      } else if (key.name === "down") {
+        selected = (selected + 1) % items.length;
+        renderMenu();
+      } else if (key.name === "return") {
+        cleanup();
+        resolve(selected);
+      } else if (key.name === "escape") {
+        cleanup();
+        resolve(-1);
+      } else if (key.ctrl && key.name === "c") {
+        cleanup();
+        process.exit(0);
+      }
+    };
+
+    // Exact same order as 9router_cli
+    process.stdin.removeAllListeners("keypress");
+    readline.emitKeypressEvents(process.stdin);
+    if (process.stdin.isTTY) {
+      try { process.stdin.setRawMode(true); } catch { resolve(-1); return; }
+    }
+    process.stdin.on("keypress", onKeypress);
+    process.stdin.resume();
+    renderMenu();
+
+    // Allow external code (SSE) to trigger a re-render without disrupting navigation
+    if (onRedrawInit) onRedrawInit(renderMenu);
+  });
+}
+
+// ── confirm ───────────────────────────────────────────────────────────────────
+
+/**
+ * Yes/no prompt. Uses readline.createInterface which resumes stdin internally.
+ * Works after selectMenu.cleanup() which pauses stdin.
+ */
+export function confirm(message) {
+  return new Promise((resolve) => {
+    // Ensure clean state
+    if (process.stdin.isTTY) { try { process.stdin.setRawMode(false); } catch {} }
+    process.stdin.removeAllListeners("keypress");
+
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(`${message} (y/N): `, (answer) => {
+      rl.close();
+      resolve(answer.trim().toLowerCase() === "y");
+    });
+  });
+}
+
+// ── SSE client ───────────────────────────────────────────────────────────────
+
+/**
+ * Subscribe to server SSE stream. Calls onEvent(type, data) for each event.
+ * Returns a cleanup function to close the connection.
+ * @param {number} port
+ * @param {(type: string, data: object) => void} onEvent
+ * @returns {() => void} cleanup
+ */
+export function subscribeSSE(port, onEvent) {
+  let req = null;
+  let closed = false;
+
+  const connect = () => {
+    if (closed) return;
+    req = http.get(`http://localhost:${port}/api/ui/events`, (res) => {
+      let buf = "";
+      res.on("data", (chunk) => {
+        buf += chunk.toString();
+        const lines = buf.split("\n");
+        buf = lines.pop(); // keep incomplete line
+        let eventData = "";
+        for (const line of lines) {
+          if (line.startsWith("data: ")) {
+            eventData = line.slice(6);
+          } else if (line === "" && eventData) {
+            try {
+              const parsed = JSON.parse(eventData);
+              onEvent(parsed.type, parsed);
+            } catch {}
+            eventData = "";
+          }
+        }
+      });
+      res.on("end", () => {
+        if (!closed) setTimeout(connect, 2000); // reconnect
+      });
+    });
+    req.on("error", () => {
+      if (!closed) setTimeout(connect, 2000); // reconnect on error
+    });
+  };
+
+  connect();
+  return () => { closed = true; req?.destroy(); };
+}

package/cli/utils/updateChecker.js

@@ -86,6 +86,28 @@ export async function checkForUpdates() {
   }
 }
 
+/**
+ * Check if a newer version exists — returns { current, latest } or null.
+ * Silent fail, no auto-update, no spinner.
+ */
+export async function checkLatestVersion() {
+  try {
+    const currentVersion = getCurrentVersion();
+    if (!currentVersion) return null;
+    const response = await fetch(NPM_REGISTRY_URL, {
+      signal: AbortSignal.timeout(UPDATE_CHECK_TIMEOUT)
+    });
+    if (!response.ok) return null;
+    const { version: latestVersion } = await response.json();
+    if (latestVersion && isNewerVersion(currentVersion, latestVersion)) {
+      return { current: currentVersion, latest: latestVersion };
+    }
+    return null;
+  } catch {
+    return null;
+  }
+}
+
 /**
  * Check and auto-update if new version available
  * Returns true if update started (process will exit), false otherwise