@aitty/server 0.1.0

package/dist/cli-token.d.ts

@@ -0,0 +1,5 @@
+//#region src/cli-token.d.ts
+declare function createSessionToken(random?: () => Buffer): string;
+declare function isSessionTokenAuthorized(expectedToken: string, providedToken: string | null | undefined): boolean;
+//#endregion
+export { createSessionToken, isSessionTokenAuthorized };

package/dist/cli-token.js

@@ -0,0 +1,14 @@
+import { createHash, randomBytes, timingSafeEqual } from "node:crypto";
+//#region src/cli-token.ts
+function createSessionToken(random = () => randomBytes(16)) {
+	return random().toString("base64url");
+}
+function isSessionTokenAuthorized(expectedToken, providedToken) {
+	const providedValue = typeof providedToken === "string" ? providedToken : "";
+	return timingSafeEqual(digestSessionToken(expectedToken), digestSessionToken(providedValue));
+}
+function digestSessionToken(token) {
+	return createHash("sha256").update(token, "utf8").digest();
+}
+//#endregion
+export { createSessionToken, isSessionTokenAuthorized };

package/dist/frontend/browser-shell.d.ts

@@ -0,0 +1,34 @@
+import { NetworkPolicy } from "../network-policy.js";
+import { IncomingMessage, ServerResponse } from "node:http";
+import { AittyRuntimeKind, AittyTheme } from "@aitty/protocol";
+
+//#region src/frontend/browser-shell.d.ts
+type BrowserRuntimeKind = AittyRuntimeKind;
+interface BrowserShellOptions {
+  assets?: BrowserShellAsset[];
+  assetRoutes?: StaticRoute[];
+  shellHtml?: string | (() => string | Promise<string>);
+  theme?: AittyTheme;
+}
+interface BrowserShellDocumentOptions {
+  body: string;
+  lang?: string;
+  modulePreloads?: string[];
+  moduleScripts?: string[];
+  stylesheets?: string[];
+  theme?: AittyTheme;
+  title?: string;
+}
+interface BrowserShellAsset {
+  contentType?: string;
+  filePath: string;
+  pathname: string;
+}
+declare function createBrowserShellHtml(options: BrowserShellDocumentOptions): string;
+interface StaticRoute {
+  prefix: string;
+  rootPath: string;
+}
+declare function handleBrowserShellRequest(request: IncomingMessage, response: ServerResponse, token: string, runtimeKind?: BrowserRuntimeKind, policy?: NetworkPolicy, shellOptions?: BrowserShellOptions): Promise<void>;
+//#endregion
+export { BrowserRuntimeKind, BrowserShellDocumentOptions, BrowserShellOptions, createBrowserShellHtml, handleBrowserShellRequest };

package/dist/frontend/browser-shell.html

@@ -0,0 +1,218 @@
+<!doctype html>
+<html lang="en" data-theme="dark">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>aitty</title>
+    <link rel="stylesheet" href="/assets/terminal.css">
+    <link rel="modulepreload" href="/assets/terminal-app.js">
+    <style>
+      :root {
+        color-scheme: dark;
+        --shell-page-padding: clamp(14px, 2vw, 24px);
+        --shell-stage-padding: clamp(12px, 2vw, 20px);
+        --shell-bg-start: #111724;
+        --shell-bg-mid: #0d1117;
+        --shell-bg-end: #080b11;
+        --shell-bg-radial: rgba(246, 185, 103, 0.14);
+        --shell-bg: #0d1117;
+        --shell-copy: #edf2ff;
+        --shell-muted: #97a5bc;
+        --shell-loading-bg: rgba(7, 10, 16, 0.88);
+        --shell-loading-border: rgba(246, 185, 103, 0.2);
+        --shell-status-live: #d6dfef;
+        --shell-status-warning: #ffd9a6;
+        --shell-status-error: #ffb4aa;
+        --shell-disabled-outline: rgba(255, 255, 255, 0.04);
+        --shell-disabled-shadow: rgba(4, 7, 12, 0.28);
+        --shell-disabled-overlay-start: rgba(6, 9, 14, 0.1);
+        --shell-disabled-overlay-end: rgba(6, 9, 14, 0.34);
+        --shell-disabled-hatch: rgba(255, 255, 255, 0.02);
+        --theme-term-bg: transparent;
+        --theme-term-fg: #edf2ff;
+        --theme-term-cursor: #f6b967;
+        --theme-term-color-0: #111724;
+        --theme-term-color-1: #ff7b72;
+        --theme-term-color-2: #8ddb8c;
+        --theme-term-color-3: #ffd580;
+        --theme-term-color-4: #7cc4ff;
+        --theme-term-color-5: #d2a8ff;
+        --theme-term-color-6: #77e0d2;
+        --theme-term-color-7: #edf2ff;
+        --theme-term-color-8: #5f6f86;
+        --theme-term-color-9: #ffa198;
+        --theme-term-color-10: #b0f2af;
+        --theme-term-color-11: #ffe4a8;
+        --theme-term-color-12: #a7d7ff;
+        --theme-term-color-13: #e1c0ff;
+        --theme-term-color-14: #9ff4ea;
+        --theme-term-color-15: #ffffff;
+      }
+
+      :root[data-theme="light"] {
+        color-scheme: light;
+        --shell-bg-start: #fff7eb;
+        --shell-bg-mid: #f4efe3;
+        --shell-bg-end: #ebe5d8;
+        --shell-bg-radial: rgba(223, 155, 74, 0.12);
+        --shell-bg: #f4efe3;
+        --shell-copy: #1f2a36;
+        --shell-muted: #5f6f7e;
+        --shell-loading-bg: rgba(255, 251, 244, 0.92);
+        --shell-loading-border: rgba(185, 110, 26, 0.16);
+        --shell-status-live: #304150;
+        --shell-status-warning: #8f5f16;
+        --shell-status-error: #b14a3a;
+        --shell-disabled-outline: rgba(40, 51, 63, 0.08);
+        --shell-disabled-shadow: rgba(145, 119, 82, 0.12);
+        --shell-disabled-overlay-start: rgba(255, 255, 255, 0.18);
+        --shell-disabled-overlay-end: rgba(221, 211, 196, 0.34);
+        --shell-disabled-hatch: rgba(49, 67, 84, 0.05);
+        --theme-term-bg: transparent;
+        --theme-term-fg: #24323f;
+        --theme-term-cursor: #b96e1a;
+        --theme-term-color-0: #f5eee1;
+        --theme-term-color-1: #ba3f2f;
+        --theme-term-color-2: #2f7d4b;
+        --theme-term-color-3: #a06a00;
+        --theme-term-color-4: #2d5f8d;
+        --theme-term-color-5: #8153ab;
+        --theme-term-color-6: #1d6c73;
+        --theme-term-color-7: #24323f;
+        --theme-term-color-8: #7a8894;
+        --theme-term-color-9: #d75b4f;
+        --theme-term-color-10: #4a9861;
+        --theme-term-color-11: #b98512;
+        --theme-term-color-12: #4f7eae;
+        --theme-term-color-13: #9871bf;
+        --theme-term-color-14: #2f8a90;
+        --theme-term-color-15: #0f1720;
+      }
+
+      * {
+        box-sizing: border-box;
+      }
+
+      body {
+        margin: 0;
+        min-height: 100dvh;
+        overflow-x: hidden;
+        overflow-y: auto;
+        background:
+          radial-gradient(circle at top, var(--shell-bg-radial), transparent 34%),
+          linear-gradient(160deg, var(--shell-bg-start) 0%, var(--shell-bg-mid) 48%, var(--shell-bg-end) 100%);
+        color: var(--shell-copy);
+        font-family: "Iosevka Term", "Menlo", "Consolas", monospace;
+      }
+
+      [hidden] {
+        display: none !important;
+      }
+
+      .shell {
+        width: 100%;
+        min-height: 100dvh;
+      }
+
+      .shell-stage {
+        position: relative;
+        min-width: 0;
+        min-height: 100dvh;
+        padding: var(--shell-stage-padding) var(--shell-page-padding) calc(var(--shell-stage-padding) * 2);
+      }
+
+      .terminal-loading,
+      .shell-status {
+        position: fixed;
+        right: var(--shell-page-padding);
+        z-index: 2;
+        max-width: min(360px, calc(100vw - (var(--shell-page-padding) * 2)));
+        padding: 8px 12px;
+        border-radius: 999px;
+        background: var(--shell-loading-bg);
+        border: 1px solid var(--shell-loading-border);
+        color: var(--shell-muted);
+        font-size: 12px;
+        letter-spacing: 0.06em;
+        pointer-events: none;
+        text-align: right;
+        transition:
+          opacity 120ms ease,
+          transform 120ms ease,
+          visibility 120ms ease;
+      }
+
+      .terminal-loading {
+        top: var(--shell-stage-padding);
+        text-transform: uppercase;
+      }
+
+      .shell-status {
+        top: var(--shell-stage-padding);
+      }
+
+      .shell[data-output="pending"] .shell-status {
+        top: calc(var(--shell-stage-padding) + 42px);
+      }
+
+      .shell[data-connection="open"][data-session-state="live"] .shell-status {
+        opacity: 0;
+        transform: translateY(-4px);
+        visibility: hidden;
+      }
+
+      .terminal-root {
+        min-height: calc(100dvh - (var(--shell-stage-padding) * 2));
+      }
+
+      .terminal-root[data-session-interactive="false"] {
+        cursor: not-allowed;
+        box-shadow:
+          inset 0 0 0 1px var(--shell-disabled-outline),
+          inset 0 18px 48px var(--shell-disabled-shadow);
+      }
+
+      .terminal-root[data-session-interactive="false"]::after {
+        content: "";
+        position: absolute;
+        inset: 0;
+        border-radius: inherit;
+        background:
+          linear-gradient(180deg, var(--shell-disabled-overlay-start), var(--shell-disabled-overlay-end)),
+          repeating-linear-gradient(
+            -45deg,
+            var(--shell-disabled-hatch),
+            var(--shell-disabled-hatch) 8px,
+            transparent 8px,
+            transparent 16px
+          );
+        pointer-events: none;
+      }
+
+      .shell[data-output="ready"] .shell-status {
+        color: var(--shell-status-live);
+      }
+
+      .shell[data-connection="reconnecting"] .shell-status,
+      .shell[data-session-state="superseded"] .shell-status {
+        color: var(--shell-status-warning);
+      }
+
+      .shell[data-session-state="shutdown"] .shell-status,
+      .shell[data-session-state="ended"] .shell-status,
+      .shell[data-connection="error"] .shell-status {
+        color: var(--shell-status-error);
+      }
+    </style>
+    <script type="module" src="/assets/terminal-app.js"></script>
+  </head>
+  <body>
+    <main class="shell" data-shell data-runtime="session" data-connection="connecting" data-output="pending" data-session-state="starting">
+      <section class="shell-stage">
+        <div class="terminal-loading" data-terminal-loading>Booting terminal...</div>
+        <div class="terminal-root" data-terminal-root role="application" aria-label="Terminal"></div>
+        <p class="shell-status" data-terminal-status aria-live="polite">Connecting to local session...</p>
+      </section>
+    </main>
+  </body>
+</html>

package/dist/frontend/browser-shell.js

@@ -0,0 +1,291 @@
+import { isSessionTokenAuthorized } from "../cli-token.js";
+import { isHostAllowed } from "../network-policy.js";
+import path from "node:path";
+import { AITTY_SESSION_PATH_PREFIX, createSessionInfoBody } from "@aitty/protocol";
+import { existsSync } from "node:fs";
+import { readFile } from "node:fs/promises";
+import { fileURLToPath } from "node:url";
+//#region src/frontend/browser-shell.ts
+const APP_ASSET_PREFIX = "/assets/";
+const SESSION_INFO_PATH = "/session-info";
+const APP_ASSET_ROOT = fileURLToPath(new URL("./", import.meta.url));
+const BROWSER_SHELL_TEMPLATE_PATH = fileURLToPath(new URL("./browser-shell.html", import.meta.url));
+let browserShellTemplatePromise;
+function loadBrowserShellTemplate() {
+	browserShellTemplatePromise ??= readFile(BROWSER_SHELL_TEMPLATE_PATH, "utf8");
+	return browserShellTemplatePromise;
+}
+async function renderBrowserShellTemplate(options = {}) {
+	const template = await resolveShellHtml(options);
+	const theme = normalizeHtmlAttribute(options.theme);
+	if (!theme) return template;
+	return template.replace("<html lang=\"en\" data-theme=\"dark\">", `<html lang="en" data-theme="${theme}">`);
+}
+function createBrowserShellHtml(options) {
+	const lang = normalizeHtmlAttribute(options.lang) ?? "en";
+	const theme = normalizeHtmlAttribute(options.theme) ?? "dark";
+	const title = escapeHtmlText(options.title ?? "aitty");
+	const stylesheets = (options.stylesheets ?? []).map((href) => {
+		return `    <link rel="stylesheet" href="${normalizeUrlAttribute(href)}">`;
+	});
+	const modulePreloads = (options.modulePreloads ?? []).map((href) => {
+		return `    <link rel="modulepreload" href="${normalizeUrlAttribute(href)}">`;
+	});
+	const moduleScripts = (options.moduleScripts ?? []).map((src) => {
+		return `    <script type="module" src="${normalizeUrlAttribute(src)}"><\/script>`;
+	});
+	return `<!doctype html>
+<html lang="${lang}" data-theme="${theme}">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+${[
+		`    <title>${title}</title>`,
+		...stylesheets,
+		...modulePreloads
+	].join("\n")}
+  </head>
+  <body>
+${indentHtml([options.body.trim(), ...moduleScripts].join("\n"), 4)}
+  </body>
+</html>
+`;
+}
+function buildUnauthorizedContent() {
+	return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>aitty · Unauthorized</title>
+    <style>
+      :root {
+        color-scheme: dark;
+        --unauthorized-bg: #0d1117;
+        --unauthorized-panel: rgba(12, 16, 24, 0.88);
+        --unauthorized-border: rgba(157, 176, 198, 0.18);
+        --unauthorized-copy: #edf2ff;
+        --unauthorized-muted: #97a5bc;
+        --unauthorized-accent: #f6b967;
+      }
+
+      * {
+        box-sizing: border-box;
+      }
+
+      body {
+        margin: 0;
+        min-height: 100dvh;
+        display: grid;
+        place-items: center;
+        padding: 24px;
+        background:
+          radial-gradient(circle at top, rgba(246, 185, 103, 0.14), transparent 34%),
+          linear-gradient(160deg, #111724 0%, #0d1117 48%, #080b11 100%);
+        color: var(--unauthorized-copy);
+        font-family: "Iosevka Term", "Menlo", "Consolas", monospace;
+      }
+
+      main {
+        width: min(560px, 100%);
+        padding: 28px;
+        border: 1px solid var(--unauthorized-border);
+        border-radius: 24px;
+        background: var(--unauthorized-panel);
+        box-shadow: 0 32px 72px rgba(0, 0, 0, 0.45);
+      }
+
+      p {
+        margin: 0 0 14px;
+        color: var(--unauthorized-muted);
+        line-height: 1.6;
+      }
+
+      p:last-child {
+        margin-bottom: 0;
+      }
+
+      .eyebrow {
+        margin-bottom: 10px;
+        color: var(--unauthorized-accent);
+        font-size: 12px;
+        letter-spacing: 0.18em;
+        text-transform: uppercase;
+      }
+
+      h1 {
+        margin: 0 0 12px;
+        font-size: clamp(28px, 5vw, 40px);
+        line-height: 1.1;
+      }
+
+      strong {
+        color: var(--unauthorized-copy);
+      }
+    </style>
+  </head>
+  <body>
+    <main>
+      <p class="eyebrow">Local session guard</p>
+      <h1>Unauthorized</h1>
+      <p>This browser session link is no longer valid.</p>
+      <p><strong>Relaunch the aitty session</strong> and open the fresh launch URL printed by the CLI.</p>
+      <p>This page never echoes session tokens, and no terminal content is available without a valid launch URL.</p>
+    </main>
+  </body>
+</html>
+`;
+}
+const STATIC_ROUTES = [{
+	prefix: APP_ASSET_PREFIX,
+	rootPath: APP_ASSET_ROOT
+}];
+async function handleBrowserShellRequest(request, response, token, runtimeKind = "pty", policy, shellOptions = {}) {
+	if (policy && !isHostAllowed(request.headers.host, policy)) {
+		sendText(response, 403, "Forbidden", "text/plain; charset=utf-8");
+		return;
+	}
+	const method = request.method ?? "GET";
+	if (method !== "GET" && method !== "HEAD") {
+		sendText(response, 405, "Method Not Allowed", "text/plain; charset=utf-8", { Allow: "GET, HEAD" });
+		return;
+	}
+	const requestUrl = new URL(request.url ?? "/", "http://127.0.0.1");
+	if (requestUrl.pathname === SESSION_INFO_PATH) {
+		if (!isSessionTokenAuthorized(token, requestUrl.searchParams.get("t"))) {
+			sendText(response, 403, method === "HEAD" ? "" : "Forbidden", "text/plain; charset=utf-8");
+			return;
+		}
+		sendText(response, 200, method === "HEAD" ? "" : createSessionInfoBody(runtimeKind), "application/json; charset=utf-8");
+		return;
+	}
+	if (requestUrl.pathname.startsWith(AITTY_SESSION_PATH_PREFIX)) {
+		if (!isSessionTokenAuthorized(token, requestUrl.searchParams.get("t"))) {
+			sendUnauthorizedShellPage(response, method);
+			return;
+		}
+		sendText(response, 200, method === "HEAD" ? "" : await renderBrowserShellTemplate(shellOptions), "text/html; charset=utf-8");
+		return;
+	}
+	if (!requestUrl.pathname.startsWith(APP_ASSET_PREFIX)) {
+		sendText(response, 404, "Not Found", "text/plain; charset=utf-8");
+		return;
+	}
+	const asset = resolveStaticAsset(requestUrl.pathname, shellOptions);
+	if (!asset) {
+		sendText(response, 404, "Not Found", "text/plain; charset=utf-8");
+		return;
+	}
+	let body;
+	try {
+		body = await readFile(asset.absolutePath);
+	} catch (error) {
+		if (isMissingStaticAssetError(error)) {
+			sendText(response, 404, "Not Found", "text/plain; charset=utf-8");
+			return;
+		}
+		throw error;
+	}
+	response.statusCode = 200;
+	response.setHeader("Content-Type", asset.contentType);
+	response.setHeader("Cache-Control", "no-store");
+	response.end(method === "HEAD" ? void 0 : body);
+}
+function sendUnauthorizedShellPage(response, method) {
+	sendText(response, 403, method === "HEAD" ? "" : buildUnauthorizedContent(), "text/html; charset=utf-8");
+}
+async function resolveShellHtml(options) {
+	if (typeof options.shellHtml === "string") return options.shellHtml;
+	if (typeof options.shellHtml === "function") return options.shellHtml();
+	return loadBrowserShellTemplate();
+}
+function resolveStaticAsset(pathname, shellOptions = {}) {
+	const exactAsset = resolveExactStaticAsset(pathname, shellOptions.assets);
+	if (exactAsset) return exactAsset;
+	for (const route of [...shellOptions.assetRoutes ?? [], ...STATIC_ROUTES]) {
+		if (!pathname.startsWith(route.prefix)) continue;
+		const relativePath = pathname.slice(route.prefix.length);
+		if (!relativePath) return null;
+		let decodedPath;
+		try {
+			decodedPath = decodeURIComponent(relativePath);
+		} catch {
+			return null;
+		}
+		const normalizedPath = path.posix.normalize(decodedPath);
+		if (normalizedPath === ".." || normalizedPath.startsWith("../") || normalizedPath.startsWith("/") || normalizedPath.includes("\\")) return null;
+		const absolutePath = resolveStaticAssetPath(route.rootPath, normalizedPath);
+		const rootWithSeparator = route.rootPath.endsWith(path.sep) ? route.rootPath : `${route.rootPath}${path.sep}`;
+		if (absolutePath !== route.rootPath && !absolutePath.startsWith(rootWithSeparator)) return null;
+		return {
+			absolutePath,
+			contentType: contentTypeForPath(absolutePath)
+		};
+	}
+	return null;
+}
+function resolveExactStaticAsset(pathname, assets) {
+	if (!assets) return null;
+	for (const asset of assets) {
+		if (asset.pathname !== pathname) continue;
+		return {
+			absolutePath: asset.filePath,
+			contentType: asset.contentType ?? contentTypeForPath(asset.filePath)
+		};
+	}
+	return null;
+}
+function resolveStaticAssetPath(rootPath, normalizedPath) {
+	const requestedPath = path.resolve(rootPath, normalizedPath);
+	if (existsSync(requestedPath)) return requestedPath;
+	if (rootPath === APP_ASSET_ROOT && normalizedPath.endsWith(".js")) {
+		const sourceModulePath = path.resolve(rootPath, `${normalizedPath.slice(0, -3)}.ts`);
+		if (existsSync(sourceModulePath)) return sourceModulePath;
+	}
+	return requestedPath;
+}
+function isMissingStaticAssetError(error) {
+	return error instanceof Error && "code" in error && [
+		"ENOENT",
+		"ENOTDIR",
+		"EISDIR"
+	].includes(String(error.code));
+}
+function contentTypeForPath(filePath) {
+	switch (path.extname(filePath).toLowerCase()) {
+		case ".css": return "text/css; charset=utf-8";
+		case ".html": return "text/html; charset=utf-8";
+		case ".js": return "text/javascript; charset=utf-8";
+		case ".json":
+		case ".map": return "application/json; charset=utf-8";
+		case ".wasm": return "application/wasm";
+		default: return "application/octet-stream";
+	}
+}
+function sendText(response, statusCode, body, contentType, headers = {}) {
+	response.statusCode = statusCode;
+	response.setHeader("Content-Type", contentType);
+	response.setHeader("Cache-Control", "no-store");
+	for (const [name, value] of Object.entries(headers)) response.setHeader(name, value);
+	response.end(body);
+}
+function normalizeHtmlAttribute(value) {
+	if (typeof value !== "string") return null;
+	const trimmed = value.trim();
+	if (!trimmed) return null;
+	return trimmed.replaceAll("&", "&amp;").replaceAll("\"", "&quot;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+}
+function normalizeUrlAttribute(value) {
+	const normalized = normalizeHtmlAttribute(value);
+	if (!normalized) throw new Error("Browser shell asset URLs must be non-empty strings");
+	return normalized;
+}
+function escapeHtmlText(value) {
+	return value.replaceAll("&", "&amp;").replaceAll("<", "&lt;").replaceAll(">", "&gt;");
+}
+function indentHtml(value, spaces) {
+	const indentation = " ".repeat(spaces);
+	return value.split("\n").map((line) => line ? `${indentation}${line}` : line).join("\n");
+}
+//#endregion
+export { createBrowserShellHtml, handleBrowserShellRequest };