@aion0/forge 0.2.10 → 0.2.12

package/CLAUDE.md

@@ -1,44 +1,43 @@
 ## Project: Forge (@aion0/forge)
 
-### Dev Commands
+### Scripts
 ```bash
-# Development (hot-reload)
-pnpm dev
-
-# Production (local)
-pnpm build && pnpm start
-
-# Publish to npm (bump version in package.json first)
-npm login
-npm publish --access public --otp=<code>
-
-# Install globally from local source (for testing)
-npm install -g /Users/zliu/IdeaProjects/my-workflow
-
-# Install from npm
-npm install -g @aion0/forge
-
-# Run via npm global install
-forge-server                          # foreground (default port 3000)
-forge-server --dev                    # dev mode
-forge-server --background             # background, logs to ~/.forge/forge.log
-forge-server --stop                   # stop background server
-forge-server --restart                # stop + start (safe for remote)
-forge-server --rebuild                # force rebuild
-forge-server --port 4000              # custom web port
-forge-server --terminal-port 4001     # custom terminal port
-forge-server --dir ~/.forge-staging   # custom data directory
-
-# CLI
-forge                     # help
-forge password            # show today's login password
-forge tasks               # list tasks
+# ── Start ──
+./start.sh              # production (kill old processes → build → start)
+./start.sh dev           # development (hot-reload)
+forge server start              # production via npm link/install
+forge server start --dev        # dev mode
+forge server start --background # background, logs to ~/.forge/forge.log
+forge server stop               # stop background server
+forge server restart            # stop + start (safe for remote)
+forge server rebuild            # force rebuild
+forge server start --port 4000 --terminal-port 4001 --dir ~/.forge-staging
+forge server start --reset-terminal  # kill terminal server (loses tmux attach)
+forge --version                 # show version
+
+# ── Test ──
+./dev-test.sh            # test instance (port 4000, data ~/.forge-test)
+
+# ── Install ──
+./install.sh             # install from npm
+./install.sh --local     # install from local source (npm link + build)
+
+# ── Publish ──
+./publish.sh             # bump patch version, commit, tag
+./publish.sh minor       # bump minor
+./publish.sh 1.0.0       # explicit version
+npm login && npm publish --access public --otp=<code>
+
+# ── Monitor ──
+./check-forge-status.sh  # show process status + tmux sessions
+
+# ── CLI ──
+forge                    # help
+forge --version          # show version
+forge password           # show today's login password
+forge tasks              # list tasks
 forge task <project> "prompt"  # submit task
-
-# Terminal server runs on port 3001 (auto-started by Next.js)
-# Data directory: ~/.forge/
-# Config: ~/.forge/settings.yaml
-# Env: ~/.forge/.env.local
+forge watch <id>         # live stream task output
 ```
 
 ### Key Paths
@@ -46,7 +45,12 @@ forge task <project> "prompt"  # submit task
 - npm package: `@aion0/forge`
 - GitHub: `github.com/aiwatching/forge`
 
+### Architecture
+- `forge-server.mjs` starts: Next.js + terminal-standalone + telegram-standalone
+- `pnpm dev` / `start.sh dev` starts: Next.js (init.ts spawns terminal + telegram)
+- `FORGE_EXTERNAL_SERVICES=1` → init.ts skips spawning (forge-server manages them)
+
 ## Obsidian Vault
 Location: /Users/zliu/MyDocuments/obsidian-project/Projects/Bastion
 When I ask about my notes, use bash to search and read files from this directory.
-Example: find /Users/zliu/MyDocuments/obsidian-project -name "*.md" | head -20
+Example: find /Users/zliu/MyDocuments/obsidian-project -name "*.md" | head -20

package/README.md

@@ -1,73 +1,72 @@
 <p align="center">
-  <img src="app/icon.svg" width="80" height="80" alt="Forge">
+  <img src="app/icon.svg" width="80" height="80" alt="Forge - Self-hosted Vibe Coding Platform">
 </p>
 
 <h1 align="center">Forge</h1>
 
 <p align="center">
-  <strong>Self-hosted Vibe Coding platform — browser terminal, task orchestration, remote access</strong>
+  <strong>Self-hosted Vibe Coding platform for Claude Code — browser terminal, AI task orchestration, remote access from any device</strong>
 </p>
 
 <p align="center">
-  <a href="https://www.npmjs.com/package/@aion0/forge"><img src="https://img.shields.io/npm/v/@aion0/forge" alt="npm"></a>
-  <a href="https://github.com/aiwatching/forge/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/@aion0/forge" alt="license"></a>
-  <a href="https://github.com/aiwatching/forge"><img src="https://img.shields.io/github/stars/aiwatching/forge?style=social" alt="stars"></a>
+  <a href="https://www.npmjs.com/package/@aion0/forge"><img src="https://img.shields.io/npm/v/@aion0/forge" alt="npm version"></a>
+  <a href="https://github.com/aiwatching/forge/blob/main/LICENSE"><img src="https://img.shields.io/npm/l/@aion0/forge" alt="MIT license"></a>
+  <a href="https://github.com/aiwatching/forge"><img src="https://img.shields.io/github/stars/aiwatching/forge?style=social" alt="GitHub stars"></a>
 </p>
 
 <p align="center">
-  <a href="#installation">Install</a> · <a href="#features">Features</a> · <a href="#quick-start">Quick Start</a> · <a href="#telegram-bot">Telegram</a> · <a href="#configuration">Config</a> · <a href="#roadmap">Roadmap</a>
+  <a href="#installation">Install</a> · <a href="#features">Features</a> · <a href="#quick-start">Quick Start</a> · <a href="#telegram-bot">Telegram</a> · <a href="#scripts">Scripts</a> · <a href="#configuration">Config</a> · <a href="#roadmap">Roadmap</a>
 </p>
 
 ---
 
-Forge turns [Claude Code](https://docs.anthropic.com/en/docs/claude-code) into a full web-based vibe coding platform. Open your browser, start coding with AI from anywhere — your iPad, phone, or any device with a browser.
+## What is Forge?
 
-**No API keys required.** Runs on your existing Claude Code CLI subscription. Your code stays on your machine.
+Forge is a self-hosted web platform that turns [Claude Code](https://docs.anthropic.com/en/docs/claude-code) into a remote-accessible vibe coding environment. It provides a persistent browser-based terminal (powered by tmux), background AI task orchestration, one-click Cloudflare Tunnel for remote access, and a Telegram bot for mobile control.
+
+**Use cases:**
+- Vibe code from your iPad, phone, or any browser — Claude Code runs on your machine, you access it from anywhere
+- Submit AI coding tasks that run in the background while you sleep
+- Chain multiple Claude Code instances into automated pipelines (design → implement → review → deploy)
+- Browse and search your Obsidian notes with an AI assistant
+
+**No API keys required.** Forge uses your existing Claude Code CLI subscription. Your code never leaves your machine.
 
 ## Features
 
-| Feature | Description |
+| Feature | What it does |
 |---------|-------------|
-| **Vibe Coding** | Browser-based tmux terminal. Multiple tabs, persistent sessions that survive refresh, browser close, and server restart |
-| **Remote Access** | One-click Cloudflare Tunnel — secure public URL, zero config, no account needed |
-| **Task Queue** | Submit tasks to Claude Code in the background. Live streaming output, cost tracking, session continuity |
-| **Docs Viewer** | Render Obsidian vaults / markdown directories with a dedicated Claude Console |
-| **Project Manager** | Browse projects, view files, git status, commit, push, pull — all from the browser |
-| **Demo Preview** | Preview local dev servers through the tunnel with a dedicated Cloudflare URL |
-| **Telegram Bot** | Submit tasks, check status, control tunnel, take notes — all from your phone |
-| **File Browser** | Code viewer with syntax highlighting, git changes, diff view, multi-repo support |
-| **YAML Workflows** | Define multi-step flows that chain Claude Code tasks together |
-| **CLI** | Full command-line interface for task management |
+| **Vibe Coding** | Browser-based tmux terminal with multiple tabs. Sessions persist across page refresh, browser close, and server restart. Access from any device via Cloudflare Tunnel. |
+| **AI Task Queue** | Submit prompts to Claude Code that run in the background. Live streaming output, cost tracking, session continuity across tasks. Supports `--dangerously-skip-permissions` for fully autonomous operation. |
+| **Pipeline Engine** | Define multi-step DAG workflows in YAML. Chain Claude Code tasks with dependencies, output passing between steps, conditional routing, and parallel execution. Visual drag-and-drop editor included. |
+| **Remote Access** | One-click Cloudflare Tunnel generates a secure public URL. Zero config, no Cloudflare account needed. Auto-health-check with reconnection. |
+| **Docs Viewer** | Render Obsidian vaults and markdown directories in the browser. Built-in Claude Console for AI-assisted note-taking and research. Image support. |
+| **Project Manager** | Browse project files, view code with syntax highlighting, git status/commit/push/pull, commit history — all from the browser. Multi-repo support. |
+| **Demo Preview** | Preview local dev servers (Vite, Next.js, etc.) through dedicated Cloudflare Tunnel URLs. Multiple simultaneous previews supported. |
+| **Telegram Bot** | Create tasks, check status, control tunnel, take notes, get AI session summaries — all from your phone. Whitelist-protected. |
+| **CLI** | Full command-line interface: `forge task`, `forge watch`, `forge status`, `forge password`, and more. |
+| **Monitor** | Real-time dashboard showing process status (Next.js, Terminal, Telegram, Tunnel), tmux sessions, and system uptime. |
 
 ## Installation
 
-### npm (recommended)
-
 ```bash
 npm install -g @aion0/forge
-forge-server
+forge server start
 ```
 
+Open `http://localhost:3000` — a login password is printed in the console.
+
 ### From source
 
 ```bash
 git clone https://github.com/aiwatching/forge.git
 cd forge
 pnpm install
-pnpm dev
+./start.sh        # production
+./start.sh dev    # development with hot-reload
 ```
 
-### Options
-
-```bash
-forge-server              # Production (auto-builds if needed)
-forge-server --dev        # Development with hot-reload
-forge-server --background # Run in background, logs to ~/.forge/forge.log
-forge-server --stop       # Stop background server
-forge-server --rebuild    # Force rebuild
-```
-
-## Prerequisites
+### Prerequisites
 
 - **Node.js** >= 20
 - **tmux** — `brew install tmux` (macOS) / `apt install tmux` (Linux)
@@ -75,68 +74,133 @@ forge-server --rebuild    # Force rebuild
 
 ## Quick Start
 
-1. **Start Forge**
-
-   ```bash
-   forge-server
-   ```
-
-2. **Open browser** → `http://localhost:3000`
-
-3. **Log in** — password is auto-generated and printed in the console:
-
-   ```
-   [init] Login password: a7x9k2 (valid today)
-   ```
-
-   Forgot it? Run `forge password`
-
-4. **Configure projects** — Settings → add your project directories
-
-5. **Start vibe coding** — open a terminal tab, run `claude`, and go
+1. **Start Forge** — `forge server start` or `./start.sh`
+2. **Open browser** — `http://localhost:3000`
+3. **Log in** — set an admin password in Settings. Run `forge password` for info.
+4. **Configure** — Settings → add project directories and (optionally) Telegram bot token
+5. **Start coding** — Open a terminal tab, run `claude`, and vibe
 
 ## Remote Access
 
-Access Forge from anywhere — your phone, iPad, or another computer:
+Access Forge from anywhere — iPad, phone, coffee shop:
 
 1. Click the **tunnel button** in the header
-2. Forge auto-downloads `cloudflared` and creates a temporary public URL
-3. Open the URL on any device — protected by the daily login password
+2. A temporary Cloudflare URL is generated (no account needed)
+3. Open it on any device — requires admin password + session code (2FA)
 
-> The tunnel URL changes each time. Use the Telegram `/tunnel_password` command to get it on your phone.
+Health checks run every 60 seconds. If the tunnel drops, it auto-restarts and notifies you via Telegram.
 
 ## Telegram Bot
 
-Control Forge from your phone. Create a bot via [@BotFather](https://t.me/botfather), add the token in Settings.
+Mobile-first control for Forge. Create a bot via [@BotFather](https://t.me/botfather), add the token in Settings.
 
 | Command | Description |
 |---------|-------------|
 | `/task` | Create a task (interactive project picker) |
 | `/tasks` | List tasks with quick-action numbers |
-| `/peek` | AI summary of a Claude session |
+| `/sessions` | AI summary of Claude Code sessions |
 | `/docs` | Docs session summary or file search |
-| `/note` | Quick note — sent to Docs Claude |
-| `/tunnel_start` | Start Cloudflare Tunnel |
+| `/note` | Quick note — sent to Docs Claude for filing |
+| `/tunnel_start <admin_pw>` | Start Cloudflare Tunnel |
 | `/tunnel_stop` | Stop tunnel |
-| `/tunnel_password <pw>` | Get login password + tunnel URL |
+| `/tunnel_code <admin_pw>` | Get session code for remote login |
+| `/watch` | Monitor session / list watchers |
+
+Whitelist-protected — only configured Chat IDs can interact. Supports multiple users (comma-separated IDs).
+
+## Pipeline Engine
+
+Define multi-step AI workflows in YAML. Each step runs Claude Code autonomously, with outputs passed to downstream steps.
+
+```yaml
+name: feature-build
+description: "Design → Implement → Review"
+input:
+  requirement: "Feature description"
+vars:
+  project: my-app
+nodes:
+  architect:
+    project: "{{vars.project}}"
+    prompt: "Analyze: {{input.requirement}}. Output a design doc."
+    outputs:
+      - name: design
+        extract: result
+  implement:
+    project: "{{vars.project}}"
+    depends_on: [architect]
+    prompt: "Implement: {{nodes.architect.outputs.design}}"
+    outputs:
+      - name: diff
+        extract: git_diff
+  review:
+    depends_on: [implement]
+    project: "{{vars.project}}"
+    prompt: "Review: {{nodes.implement.outputs.diff}}"
+```
 
-Whitelist-protected — only configured Chat IDs can interact with the bot.
+Features: DAG execution, parallel nodes, conditional routing, loop protection, Telegram notifications per step, visual editor.
 
 ## CLI
 
+All commands are unified under `forge`:
+
 ```bash
+# Server management
+forge server start              # Start server (foreground)
+forge server start --background # Start in background
+forge server start --dev        # Development mode with hot-reload
+forge server start --port 4000  # Custom port
+forge server stop               # Stop server
+forge server restart            # Restart (safe for remote use)
+forge server rebuild            # Force rebuild
+
+# Tasks
 forge task <project> <prompt>   # Submit a task
-forge tasks [status]            # List tasks
-forge watch <id>                # Live stream output
-forge status <id>               # Task details + result
+forge tasks [status]            # List tasks (running|queued|done|failed)
+forge watch <id>                # Live stream task output
 forge cancel <id>               # Cancel a task
 forge retry <id>                # Retry a failed task
+
+# Workflows
 forge run <flow-name>           # Run a YAML workflow
-forge projects                  # List projects
+forge flows                     # List available workflows
+
+# Status & Info
+forge status                    # Show process status + tmux sessions
+forge status <id>               # Show task details
 forge password                  # Show login password
+forge projects                  # List configured projects
+forge -v                        # Show version
+
+# Package management
+forge upgrade                   # Update to latest npm version
+forge uninstall                 # Stop server + uninstall (data preserved in ~/.forge)
 ```
 
-Shortcuts: `t`=task, `ls`=tasks, `w`=watch, `s`=status, `f`=flows, `p`=projects, `pw`=password
+Shortcuts: `t`=task, `ls`=tasks, `w`=watch, `s`=status, `l`=log, `f`=flows, `p`=projects, `pw`=password
+
+### Server start options
+
+```bash
+forge server start --port 4000           # Custom web port (default: 3000)
+forge server start --terminal-port 4001  # Custom terminal port (default: 3001)
+forge server start --dir ~/.forge-test   # Custom data directory
+forge server start --background          # Run in background
+forge server start --reset-terminal      # Kill terminal server on start
+```
+
+### Development scripts
+
+```bash
+./start.sh              # kill old processes → build → start (production)
+./start.sh dev          # development with hot-reload
+./dev-test.sh           # test instance on port 4000 (separate data dir)
+./install.sh            # install from npm
+./install.sh --local    # install from local source
+./publish.sh            # bump version → commit → tag → ready to publish
+./check-forge-status.sh # show all forge processes + tmux sessions
+```
 
 ## Configuration
 
@@ -144,14 +208,16 @@ All data lives in `~/.forge/`:
 
 ```
 ~/.forge/
-├── .env.local            # Environment variables (optional)
+├── .env.local            # Environment variables (AUTH_SECRET, API keys)
 ├── settings.yaml         # Main configuration
-├── password.json         # Daily auto-generated password
-├── data.db               # SQLite database
+├── session-code.json     # Session code for remote login 2FA
+├── data.db               # SQLite database (tasks, sessions)
 ├── terminal-state.json   # Terminal tab layout
+├── tunnel-state.json     # Tunnel process state
 ├── preview.json          # Demo preview config
+├── pipelines/            # Pipeline execution state
 ├── flows/                # YAML workflow definitions
-└── bin/                  # Auto-downloaded binaries
+└── bin/                  # Auto-downloaded binaries (cloudflared)
 ```
 
 <details>
@@ -166,9 +232,13 @@ claudePath: claude
 tunnelAutoStart: false
 telegramBotToken: ""
 telegramChatId: ""              # Comma-separated for multiple users
-telegramTunnelPassword: ""
+telegramTunnelPassword: ""      # Admin password (encrypted)
 notifyOnComplete: true
 notifyOnFailure: true
+taskModel: default              # default / sonnet / opus / haiku
+pipelineModel: default
+telegramModel: sonnet
+skipPermissions: false          # Add --dangerously-skip-permissions to terminal claude invocations
 ```
 
 </details>
@@ -190,45 +260,41 @@ AUTH_SECRET=<random-string>
 ## Architecture
 
 ```
-┌──────────────────────────────────────────────────┐
-│  Web Dashboard (Next.js 16 + React 19)           │
-│  ┌─────────┐ ┌──────┐ ┌────────┐ ┌───────────┐  │
-│  │  Vibe   │ │ Docs │ │Projects│ │Demo       │  │
-│  │ Coding  │ │      │ │        │ │Preview    │  │
-│  └─────────┘ └──────┘ └────────┘ └───────────┘  │
-├──────────────────────────────────────────────────┤
-│  API Layer (Next.js Route Handlers)              │
-├───────────┬───────────┬──────────────────────────┤
-│  Claude   │  Task     │  Telegram Bot            │
-│  Code     │  Runner   │  + Notifications         │
-│  Process  │  (Queue)  │                          │
-├───────────┴───────────┴──────────────────────────┤
-│  SQLite · Terminal Server · Cloudflare Tunnel    │
-└──────────────────────────────────────────────────┘
+forge-server.mjs (single process)
+├── Next.js (web dashboard + API)
+│   ├── Vibe Coding (xterm.js + tmux)
+│   ├── Docs Viewer (markdown + Claude Console)
+│   ├── Project Manager (files + git)
+│   ├── Task Queue (background Claude Code)
+│   ├── Pipeline Engine (DAG workflows)
+│   ├── Demo Preview (tunnel proxy)
+│   └── Monitor (process status)
+├── terminal-standalone.ts (WebSocket → tmux)
+├── telegram-standalone.ts (Telegram Bot API polling)
+└── cloudflared (Cloudflare Tunnel, on demand)
 ```
 
 ## Tech Stack
 
 | Layer | Technology |
 |-------|-----------|
-| Frontend | Next.js 16, React 19, Tailwind CSS 4, xterm.js |
+| Frontend | Next.js 16, React 19, Tailwind CSS 4, xterm.js, ReactFlow |
 | Backend | Next.js Route Handlers, SQLite (better-sqlite3) |
 | Terminal | node-pty, tmux, WebSocket |
-| Auth | NextAuth v5 (daily rotating password + OAuth) |
+| Auth | NextAuth v5 (admin password + session code 2FA + OAuth) |
 | Tunnel | Cloudflare cloudflared (zero-config) |
 | Bot | Telegram Bot API |
+| Pipeline | YAML-based DAG engine with visual editor |
 
 ## Troubleshooting
 
 <details>
 <summary><strong>macOS: "fork failed: Device not configured"</strong></summary>
 
-PTY device limit exhausted. Increase it:
+PTY device limit exhausted:
 
 ```bash
 sudo sysctl kern.tty.ptmx_max=2048
-
-# Permanent
 echo 'kern.tty.ptmx_max=2048' | sudo tee -a /etc/sysctl.conf
 ```
 
@@ -237,7 +303,7 @@ echo 'kern.tty.ptmx_max=2048' | sudo tee -a /etc/sysctl.conf
 <details>
 <summary><strong>Session cookie invalid after restart</strong></summary>
 
-Fix the AUTH_SECRET so it persists:
+Fix AUTH_SECRET so it persists across restarts:
 
 ```bash
 echo "AUTH_SECRET=$(openssl rand -hex 32)" >> ~/.forge/.env.local
@@ -245,13 +311,25 @@ echo "AUTH_SECRET=$(openssl rand -hex 32)" >> ~/.forge/.env.local
 
 </details>
 
+<details>
+<summary><strong>Orphan processes after Ctrl+C</strong></summary>
+
+Use `./start.sh` or `forge server start` which clean up old processes on start. Or manually:
+
+```bash
+./check-forge-status.sh  # see what's running
+pkill -f 'telegram-standalone|terminal-standalone|next-server|cloudflared'
+```
+
+</details>
+
 ## Roadmap
 
-- [ ] **Multi-Agent Workflow** — DAG-based pipelines where multiple Claude Code instances collaborate ([design doc](docs/roadmap-multi-agent-workflow.md))
-- [ ] Pipeline UI — DAG visualization with real-time node status
+- [ ] **Multi-Agent Collaboration** — Real-time message channels between concurrent Claude Code instances ([design doc](docs/roadmap-multi-agent-workflow.md))
 - [ ] Additional bot platforms — Discord, Slack
 - [ ] Excalidraw rendering in Docs viewer
-- [ ] Multi-model chat (Anthropic, OpenAI, Google, xAI)
+- [ ] Multi-model chat with API keys (Anthropic, OpenAI, Google, xAI)
+- [ ] Plugin system for custom integrations
 
 ## Contributing
 

package/app/api/settings/route.ts

@@ -1,15 +1,62 @@
 import { NextResponse } from 'next/server';
-import { loadSettings, saveSettings, type Settings } from '@/lib/settings';
+import { loadSettings, loadSettingsMasked, saveSettings, type Settings } from '@/lib/settings';
 import { restartTelegramBot } from '@/lib/init';
+import { SECRET_FIELDS } from '@/lib/crypto';
+import { verifyAdmin } from '@/lib/password';
 
 export async function GET() {
-  return NextResponse.json(loadSettings());
+  return NextResponse.json(loadSettingsMasked());
 }
 
 export async function PUT(req: Request) {
-  const body = await req.json() as Settings;
-  saveSettings(body);
-  // Restart Telegram bot in case token/chatId changed
+  const body = await req.json();
+
+  // Handle secret field updates separately
+  if (body._secretUpdate) {
+    const { field, adminPassword, newValue } = body._secretUpdate as {
+      field: string;
+      adminPassword: string;
+      newValue: string;
+    };
+
+    // Validate field name
+    if (!SECRET_FIELDS.includes(field as any)) {
+      return NextResponse.json({ ok: false, error: 'Invalid field' }, { status: 400 });
+    }
+
+    // Verify admin password
+    if (!verifyAdmin(adminPassword)) {
+      return NextResponse.json({ ok: false, error: 'Wrong password' }, { status: 403 });
+    }
+
+    // Update the specific field
+    const current = loadSettings();
+    (current as any)[field] = newValue;
+    saveSettings(current);
+
+    // Restart Telegram bot if token changed
+    if (field === 'telegramBotToken') {
+      restartTelegramBot();
+    }
+
+    return NextResponse.json({ ok: true });
+  }
+
+  // Normal settings update — strip masked secrets so we don't overwrite with placeholder
+  const settings = loadSettings();
+  const updated = body as Settings;
+
+  for (const field of SECRET_FIELDS) {
+    // Keep existing encrypted value if frontend sent masked placeholder
+    if (updated[field] === '••••••••' || updated[field] === '') {
+      updated[field] = settings[field];
+    }
+  }
+
+  // Remove internal fields
+  delete (updated as any)._secretStatus;
+
+  saveSettings(updated);
   restartTelegramBot();
   return NextResponse.json({ ok: true });
 }

package/app/api/tunnel/route.ts

@@ -1,18 +1,26 @@
 import { NextResponse } from 'next/server';
 import { startTunnel, stopTunnel, getTunnelStatus } from '@/lib/cloudflared';
+import { verifyAdmin } from '@/lib/password';
 
 export async function GET() {
   return NextResponse.json(getTunnelStatus());
 }
 
 export async function POST(req: Request) {
-  const { action } = await req.json() as { action: 'start' | 'stop' };
+  const body = await req.json() as { action: 'start' | 'stop'; password?: string };
 
-  if (action === 'stop') {
+  if (body.action === 'start') {
+    if (!body.password || !verifyAdmin(body.password)) {
+      return NextResponse.json({ ok: false, error: 'Wrong password' }, { status: 403 });
+    }
+    const result = await startTunnel();
+    return NextResponse.json({ ok: !result.error, ...getTunnelStatus() });
+  }
+
+  if (body.action === 'stop') {
     stopTunnel();
     return NextResponse.json({ ok: true, ...getTunnelStatus() });
   }
 
-  const result = await startTunnel();
-  return NextResponse.json({ ok: !result.error, ...getTunnelStatus() });
+  return NextResponse.json({ ok: false, error: 'Invalid action' }, { status: 400 });
 }