@caoruhua/open-claude-remote 0.1.0

package/dist/api/health-routes.d.ts

@@ -0,0 +1,3 @@
+import { Router } from 'express';
+export declare function createHealthRoutes(): Router;
+//# sourceMappingURL=health-routes.d.ts.map

package/dist/api/health-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-routes.d.ts","sourceRoot":"","sources":["../../src/api/health-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,wBAAgB,kBAAkB,IAAI,MAAM,CAQ3C"}

package/dist/api/health-routes.js

@@ -0,0 +1,9 @@
+import { Router } from 'express';
+export function createHealthRoutes() {
+    const router = Router();
+    router.get('/health', (_req, res) => {
+        res.json({ status: 'ok' });
+    });
+    return router;
+}
+//# sourceMappingURL=health-routes.js.map

package/dist/api/health-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"health-routes.js","sourceRoot":"","sources":["../../src/api/health-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAEjC,MAAM,UAAU,kBAAkB;IAChC,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAClC,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/hook-routes.d.ts

@@ -0,0 +1,4 @@
+import { Router } from 'express';
+import { HookReceiver } from '../hooks/hook-receiver.js';
+export declare function createHookRoutes(hookReceiver: HookReceiver): Router;
+//# sourceMappingURL=hook-routes.d.ts.map

package/dist/api/hook-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook-routes.d.ts","sourceRoot":"","sources":["../../src/api/hook-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AAGzD,wBAAgB,gBAAgB,CAAC,YAAY,EAAE,YAAY,GAAG,MAAM,CAiCnE"}

package/dist/api/hook-routes.js

@@ -0,0 +1,32 @@
+import { Router } from 'express';
+import { logger } from '../logger/logger.js';
+export function createHookRoutes(hookReceiver) {
+    const router = Router();
+    router.post('/hook', async (req, res) => {
+        // Only accept from localhost
+        const ip = req.ip ?? req.socket.remoteAddress ?? '';
+        const isLocalhost = ip === '127.0.0.1' || ip === '::1' || ip === '::ffff:127.0.0.1';
+        if (!isLocalhost) {
+            logger.warn({ ip }, 'Hook request from non-localhost rejected');
+            res.status(403).json({ error: 'Forbidden' });
+            return;
+        }
+        const payload = req.body;
+        if (!payload || typeof payload !== 'object') {
+            res.status(400).json({ error: 'Invalid payload' });
+            return;
+        }
+        const result = hookReceiver.processHook(payload);
+        switch (result.type) {
+            case 'notification':
+                res.json({ ok: true, tool: result.notification.tool });
+                break;
+            case 'ignored':
+            default:
+                res.json({ ok: true, ignored: true });
+                break;
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=hook-routes.js.map

package/dist/api/hook-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"hook-routes.js","sourceRoot":"","sources":["../../src/api/hook-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAEpD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,MAAM,UAAU,gBAAgB,CAAC,YAA0B;IACzD,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACzD,6BAA6B;QAC7B,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa,IAAI,EAAE,CAAC;QACpD,MAAM,WAAW,GAAG,EAAE,KAAK,WAAW,IAAI,EAAE,KAAK,KAAK,IAAI,EAAE,KAAK,kBAAkB,CAAC;QACpF,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,EAAE,0CAA0C,CAAC,CAAC;YAChE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,WAAW,EAAE,CAAC,CAAC;YAC7C,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,GAAG,CAAC,IAAI,CAAC;QACzB,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;YAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;YACnD,OAAO;QACT,CAAC;QAED,MAAM,MAAM,GAAG,YAAY,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QAEjD,QAAQ,MAAM,CAAC,IAAI,EAAE,CAAC;YACpB,KAAK,cAAc;gBACjB,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,CAAC,YAAa,CAAC,IAAI,EAAE,CAAC,CAAC;gBACxD,MAAM;YACR,KAAK,SAAS,CAAC;YACf;gBACE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;gBACtC,MAAM;QACV,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/instance-routes.d.ts

@@ -0,0 +1,20 @@
+import { Router } from 'express';
+import type { InstanceInfo } from '@claude-remote/shared';
+import { AuthModule } from '../auth/auth-middleware.js';
+import { InstanceSpawner } from '../registry/instance-spawner.js';
+export interface CreateInstanceRequest {
+    /** 工作目录 */
+    cwd: string;
+    /** 实例名称（可选） */
+    name?: string;
+    /** Claude 额外参数（可选） */
+    claudeArgs?: string[];
+}
+export interface InstanceConfigResponse {
+    /** 预设工作目录列表 */
+    workspaces: string[];
+    /** Claude 参数 */
+    claudeArgs: string[];
+}
+export declare function createInstanceRoutes(authModule: AuthModule, listInstances: () => Promise<InstanceInfo[]>, currentInstanceId: string, spawner?: InstanceSpawner): Router;
+//# sourceMappingURL=instance-routes.d.ts.map

package/dist/api/instance-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"instance-routes.d.ts","sourceRoot":"","sources":["../../src/api/instance-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAGjC,OAAO,KAAK,EAAE,YAAY,EAAoB,MAAM,uBAAuB,CAAC;AAC5E,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,OAAO,EAAE,eAAe,EAAqB,MAAM,iCAAiC,CAAC;AAkCrF,MAAM,WAAW,qBAAqB;IACpC,WAAW;IACX,GAAG,EAAE,MAAM,CAAC;IACZ,eAAe;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,sBAAsB;IACtB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAED,MAAM,WAAW,sBAAsB;IACrC,eAAe;IACf,UAAU,EAAE,MAAM,EAAE,CAAC;IACrB,gBAAgB;IAChB,UAAU,EAAE,MAAM,EAAE,CAAC;CACtB;AAED,wBAAgB,oBAAoB,CAClC,UAAU,EAAE,UAAU,EACtB,aAAa,EAAE,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,EAC5C,iBAAiB,EAAE,MAAM,EACzB,OAAO,CAAC,EAAE,eAAe,GACxB,MAAM,CA4GR"}

package/dist/api/instance-routes.js

@@ -0,0 +1,128 @@
+import { Router } from 'express';
+import { existsSync } from 'node:fs';
+import { resolve, relative } from 'node:path';
+import { createAuthRoutes } from './auth-routes.js';
+import { loadUserConfig } from '../config.js';
+import { logger } from '../logger/logger.js';
+/**
+ * 检查 cwd 是否在允许的路径范围内
+ * 只允许白名单中的目录或其子目录
+ */
+function isCwdAllowed(absoluteCwd, allowedCwds) {
+    for (const allowed of allowedCwds) {
+        const absAllowed = resolve(allowed);
+        const rel = relative(absAllowed, absoluteCwd);
+        // rel 为空字符串表示路径相同，不以 '..' 开头表示是子目录
+        if (rel === '' || (rel && !rel.startsWith('..'))) {
+            return true;
+        }
+    }
+    return false;
+}
+/**
+ * 获取合并后的允许 cwd 白名单
+ * 来源：配置文件 workspaces + 已启动实例的 cwd（去重）
+ */
+async function getAllowedCwds(listInstances) {
+    const config = loadUserConfig();
+    const configWorkspaces = config.workspaces ?? [];
+    const instances = await listInstances();
+    const instanceCwds = instances.map(inst => inst.cwd);
+    return [...new Set([...configWorkspaces, ...instanceCwds])];
+}
+export function createInstanceRoutes(authModule, listInstances, currentInstanceId, spawner) {
+    const router = Router();
+    // 复用 auth 路由以支持 supertest 认证
+    router.use(createAuthRoutes(authModule));
+    router.get('/instances', authModule.requireAuth, async (_req, res) => {
+        const instances = await listInstances();
+        const result = instances.map(inst => ({
+            ...inst,
+            isCurrent: inst.instanceId === currentInstanceId,
+        }));
+        res.json(result);
+    });
+    /**
+     * GET /api/instances/config - 获取实例创建配置
+     * 返回合并后的工作目录白名单和默认参数
+     * 白名单 = 配置文件 workspaces + 已启动实例的 cwd（去重）
+     */
+    router.get('/instances/config', authModule.requireAuth, async (_req, res) => {
+        try {
+            const config = loadUserConfig();
+            const allowedCwds = await getAllowedCwds(listInstances);
+            const response = {
+                workspaces: allowedCwds,
+                claudeArgs: config.claudeArgs ?? [],
+            };
+            res.json(response);
+        }
+        catch (error) {
+            logger.error({ error }, 'Failed to get instance config');
+            res.status(500).json({ error: 'Failed to get instance config' });
+        }
+    });
+    /**
+     * POST /api/instances/create - 创建新实例
+     */
+    router.post('/instances/create', authModule.requireAuth, async (req, res) => {
+        try {
+            const { cwd, name, claudeArgs } = req.body;
+            // 参数验证
+            if (!cwd || typeof cwd !== 'string') {
+                res.status(400).json({ error: 'cwd is required and must be a string' });
+                return;
+            }
+            // 检查目录是否存在
+            const absoluteCwd = resolve(cwd);
+            if (!existsSync(absoluteCwd)) {
+                res.status(400).json({ error: `Directory does not exist: ${absoluteCwd}` });
+                return;
+            }
+            // 加载用户配置（用于 workspaces 白名单和默认参数）
+            const userConfig = loadUserConfig();
+            const allowedCwds = await getAllowedCwds(listInstances);
+            // 路径安全检查：cwd 必须在白名单中
+            if (!isCwdAllowed(absoluteCwd, allowedCwds)) {
+                logger.warn({ absoluteCwd, allowedCwds }, 'Cwd path not allowed');
+                res.status(403).json({
+                    error: 'Directory not allowed. Must be in allowed workspaces list.',
+                });
+                return;
+            }
+            // 检查 spawner 是否可用
+            if (!spawner) {
+                res.status(500).json({ error: 'Instance spawner not configured' });
+                return;
+            }
+            // 合并默认参数
+            const finalClaudeArgs = claudeArgs ?? userConfig.claudeArgs ?? [];
+            const spawnOptions = {
+                cwd: absoluteCwd,
+                name: name || undefined,
+                claudeArgs: finalClaudeArgs,
+                headless: true,
+            };
+            const result = await spawner.spawn(spawnOptions);
+            logger.info({
+                pid: result.pid,
+                cwd: absoluteCwd,
+                name: result.name,
+            }, 'Instance created via API');
+            res.json({
+                success: true,
+                instance: {
+                    pid: result.pid,
+                    cwd: result.cwd,
+                    name: result.name,
+                },
+            });
+        }
+        catch (error) {
+            logger.error({ error }, 'Failed to create instance');
+            res.status(500).json({ error: 'Failed to create instance' });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=instance-routes.js.map

package/dist/api/instance-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"instance-routes.js","sourceRoot":"","sources":["../../src/api/instance-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,UAAU,EAAE,MAAM,SAAS,CAAC;AACrC,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,WAAW,CAAC;AAG9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAEpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C;;;GAGG;AACH,SAAS,YAAY,CAAC,WAAmB,EAAE,WAAqB;IAC9D,KAAK,MAAM,OAAO,IAAI,WAAW,EAAE,CAAC;QAClC,MAAM,UAAU,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;QACpC,MAAM,GAAG,GAAG,QAAQ,CAAC,UAAU,EAAE,WAAW,CAAC,CAAC;QAC9C,mCAAmC;QACnC,IAAI,GAAG,KAAK,EAAE,IAAI,CAAC,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC,EAAE,CAAC;YACjD,OAAO,IAAI,CAAC;QACd,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,cAAc,CAC3B,aAA4C;IAE5C,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;IAChC,MAAM,gBAAgB,GAAG,MAAM,CAAC,UAAU,IAAI,EAAE,CAAC;IACjD,MAAM,SAAS,GAAG,MAAM,aAAa,EAAE,CAAC;IACxC,MAAM,YAAY,GAAG,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,CAAC,GAAG,gBAAgB,EAAE,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC;AAC9D,CAAC;AAkBD,MAAM,UAAU,oBAAoB,CAClC,UAAsB,EACtB,aAA4C,EAC5C,iBAAyB,EACzB,OAAyB;IAEzB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,6BAA6B;IAC7B,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,UAAU,CAAC,CAAC,CAAC;IAEzC,MAAM,CAAC,GAAG,CAAC,YAAY,EAAE,UAAU,CAAC,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;QACnE,MAAM,SAAS,GAAG,MAAM,aAAa,EAAE,CAAC;QACxC,MAAM,MAAM,GAAuB,SAAS,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACxD,GAAG,IAAI;YACP,SAAS,EAAE,IAAI,CAAC,UAAU,KAAK,iBAAiB;SACjD,CAAC,CAAC,CAAC;QACJ,GAAG,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;IACnB,CAAC,CAAC,CAAC;IAEH;;;;OAIG;IACH,MAAM,CAAC,GAAG,CAAC,mBAAmB,EAAE,UAAU,CAAC,WAAW,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE;QAC1E,IAAI,CAAC;YACH,MAAM,MAAM,GAAG,cAAc,EAAE,CAAC;YAChC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,CAAC;YAExD,MAAM,QAAQ,GAA2B;gBACvC,UAAU,EAAE,WAAW;gBACvB,UAAU,EAAE,MAAM,CAAC,UAAU,IAAI,EAAE;aACpC,CAAC;YACF,GAAG,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACrB,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,+BAA+B,CAAC,CAAC;YACzD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;QACnE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,mBAAmB,EAAE,UAAU,CAAC,WAAW,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;QAC1E,IAAI,CAAC;YACH,MAAM,EAAE,GAAG,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,GAAG,CAAC,IAA6B,CAAC;YAEpE,OAAO;YACP,IAAI,CAAC,GAAG,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE,CAAC;gBACpC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBACxE,OAAO;YACT,CAAC;YAED,WAAW;YACX,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC;YACjC,IAAI,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC5E,OAAO;YACT,CAAC;YAED,iCAAiC;YACjC,MAAM,UAAU,GAAG,cAAc,EAAE,CAAC;YACpC,MAAM,WAAW,GAAG,MAAM,cAAc,CAAC,aAAa,CAAC,CAAC;YAExD,qBAAqB;YACrB,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;gBAC5C,MAAM,CAAC,IAAI,CAAC,EAAE,WAAW,EAAE,WAAW,EAAE,EAAE,sBAAsB,CAAC,CAAC;gBAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;oBACnB,KAAK,EAAE,4DAA4D;iBACpE,CAAC,CAAC;gBACH,OAAO;YACT,CAAC;YAED,kBAAkB;YAClB,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,iCAAiC,EAAE,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,SAAS;YACT,MAAM,eAAe,GAAG,UAAU,IAAI,UAAU,CAAC,UAAU,IAAI,EAAE,CAAC;YAElE,MAAM,YAAY,GAAiB;gBACjC,GAAG,EAAE,WAAW;gBAChB,IAAI,EAAE,IAAI,IAAI,SAAS;gBACvB,UAAU,EAAE,eAAe;gBAC3B,QAAQ,EAAE,IAAI;aACf,CAAC;YAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAEjD,MAAM,CAAC,IAAI,CAAC;gBACV,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,GAAG,EAAE,WAAW;gBAChB,IAAI,EAAE,MAAM,CAAC,IAAI;aAClB,EAAE,0BAA0B,CAAC,CAAC;YAE/B,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,QAAQ,EAAE;oBACR,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,IAAI,EAAE,MAAM,CAAC,IAAI;iBAClB;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,MAAM,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,EAAE,2BAA2B,CAAC,CAAC;YACrD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;QAC/D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/push-routes.d.ts

@@ -0,0 +1,5 @@
+import { Router } from 'express';
+import { AuthModule } from '../auth/auth-middleware.js';
+import { PushService } from '../push/push-service.js';
+export declare function createPushRoutes(authModule: AuthModule, pushService: PushService): Router;
+//# sourceMappingURL=push-routes.d.ts.map

package/dist/api/push-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"push-routes.d.ts","sourceRoot":"","sources":["../../src/api/push-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AACpD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AAGtD,wBAAgB,gBAAgB,CAAC,UAAU,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,GAAG,MAAM,CAgDzF"}

package/dist/api/push-routes.js

@@ -0,0 +1,45 @@
+import { Router } from 'express';
+import { logger } from '../logger/logger.js';
+export function createPushRoutes(authModule, pushService) {
+    const router = Router();
+    // Get VAPID public key (needed by frontend to subscribe)
+    router.get('/push/vapid-key', authModule.requireAuth, async (_req, res) => {
+        const key = await pushService.waitForVapidPublicKey(2000);
+        if (!key) {
+            res.status(503).json({ error: 'Push notifications not available' });
+            return;
+        }
+        res.json({ vapidPublicKey: key });
+    });
+    // Subscribe to push notifications
+    router.post('/push/subscribe', authModule.requireAuth, (req, res) => {
+        const { endpoint, keys } = req.body ?? {};
+        if (!endpoint || !keys?.p256dh || !keys?.auth) {
+            res.status(400).json({ error: 'Invalid subscription data' });
+            return;
+        }
+        // p256dh 是 65 字节的 ECDH 公钥，Base64 URL-safe 编码后约 87 字符
+        // 最小长度设为 64，允许不同编码的合理变化
+        const P256DH_MIN_LENGTH = 64;
+        if (keys.p256dh.length < P256DH_MIN_LENGTH) {
+            logger.warn({ p256dhLength: keys.p256dh.length }, 'Invalid p256dh key length');
+            res.status(400).json({ error: 'Invalid p256dh key format' });
+            return;
+        }
+        pushService.subscribe({ endpoint, keys });
+        logger.info({ endpoint }, 'Push subscription registered via API');
+        res.json({ ok: true });
+    });
+    // Unsubscribe from push notifications
+    router.delete('/push/subscribe', authModule.requireAuth, (req, res) => {
+        const { endpoint } = req.body ?? {};
+        if (!endpoint) {
+            res.status(400).json({ error: 'Missing endpoint' });
+            return;
+        }
+        const removed = pushService.unsubscribe(endpoint);
+        res.json({ ok: true, removed });
+    });
+    return router;
+}
+//# sourceMappingURL=push-routes.js.map

package/dist/api/push-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"push-routes.js","sourceRoot":"","sources":["../../src/api/push-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAqB,MAAM,SAAS,CAAC;AAGpD,OAAO,EAAE,MAAM,EAAE,MAAM,qBAAqB,CAAC;AAE7C,MAAM,UAAU,gBAAgB,CAAC,UAAsB,EAAE,WAAwB;IAC/E,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,yDAAyD;IACzD,MAAM,CAAC,GAAG,CAAC,iBAAiB,EAAE,UAAU,CAAC,WAAW,EAAE,KAAK,EAAE,IAAa,EAAE,GAAa,EAAE,EAAE;QAC3F,MAAM,GAAG,GAAG,MAAM,WAAW,CAAC,qBAAqB,CAAC,IAAI,CAAC,CAAC;QAC1D,IAAI,CAAC,GAAG,EAAE,CAAC;YACT,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kCAAkC,EAAE,CAAC,CAAC;YACpE,OAAO;QACT,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,cAAc,EAAE,GAAG,EAAE,CAAC,CAAC;IACpC,CAAC,CAAC,CAAC;IAEH,kCAAkC;IAClC,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,UAAU,CAAC,WAAW,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACrF,MAAM,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QAC1C,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,MAAM,IAAI,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC;YAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,qDAAqD;QACrD,wBAAwB;QACxB,MAAM,iBAAiB,GAAG,EAAE,CAAC;QAC7B,IAAI,IAAI,CAAC,MAAM,CAAC,MAAM,GAAG,iBAAiB,EAAE,CAAC;YAC3C,MAAM,CAAC,IAAI,CAAC,EAAE,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,EAAE,2BAA2B,CAAC,CAAC;YAC/E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;YAC7D,OAAO;QACT,CAAC;QAED,WAAW,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,IAAI,CAAC,EAAE,QAAQ,EAAE,EAAE,sCAAsC,CAAC,CAAC;QAClE,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,CAAC,CAAC;IACzB,CAAC,CAAC,CAAC;IAEH,sCAAsC;IACtC,MAAM,CAAC,MAAM,CAAC,iBAAiB,EAAE,UAAU,CAAC,WAAW,EAAE,CAAC,GAAY,EAAE,GAAa,EAAE,EAAE;QACvF,MAAM,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;QACpC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;YACpD,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,WAAW,CAAC,WAAW,CAAC,QAAQ,CAAC,CAAC;QAClD,GAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/router.d.ts

@@ -0,0 +1,19 @@
+import { Router } from 'express';
+import { AuthModule } from '../auth/auth-middleware.js';
+import { HookReceiver } from '../hooks/hook-receiver.js';
+import { PushService } from '../push/push-service.js';
+import { InstanceSpawner } from '../registry/instance-spawner.js';
+import type { SessionController } from '../session/session-controller.js';
+import type { InstanceInfo } from '@claude-remote/shared';
+export interface ApiRouterOptions {
+    authModule: AuthModule;
+    hookReceiver: HookReceiver;
+    getController: () => SessionController | null;
+    pushService?: PushService;
+    listInstances?: () => Promise<InstanceInfo[]>;
+    currentInstanceId?: string;
+    instanceSpawner?: InstanceSpawner;
+}
+export declare function createApiRouter(opts: ApiRouterOptions): Router;
+export declare function createApiRouter(authModule: AuthModule, hookReceiver: HookReceiver, getController: () => SessionController | null, pushService?: PushService): Router;
+//# sourceMappingURL=router.d.ts.map

package/dist/api/router.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../../src/api/router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAQjC,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AACxD,OAAO,EAAE,YAAY,EAAE,MAAM,2BAA2B,CAAC;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,yBAAyB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,MAAM,iCAAiC,CAAC;AAClE,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAE1D,MAAM,WAAW,gBAAgB;IAC/B,UAAU,EAAE,UAAU,CAAC;IACvB,YAAY,EAAE,YAAY,CAAC;IAC3B,aAAa,EAAE,MAAM,iBAAiB,GAAG,IAAI,CAAC;IAC9C,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,aAAa,CAAC,EAAE,MAAM,OAAO,CAAC,YAAY,EAAE,CAAC,CAAC;IAC9C,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,eAAe,CAAC,EAAE,eAAe,CAAC;CACnC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,gBAAgB,GAAG,MAAM,CAAC;AAChE,wBAAgB,eAAe,CAC7B,UAAU,EAAE,UAAU,EACtB,YAAY,EAAE,YAAY,EAC1B,aAAa,EAAE,MAAM,iBAAiB,GAAG,IAAI,EAC7C,WAAW,CAAC,EAAE,WAAW,GACxB,MAAM,CAAC"}

package/dist/api/router.js

@@ -0,0 +1,37 @@
+import { Router } from 'express';
+import { createHealthRoutes } from './health-routes.js';
+import { createAuthRoutes } from './auth-routes.js';
+import { createStatusRoutes } from './status-routes.js';
+import { createHookRoutes } from './hook-routes.js';
+import { createPushRoutes } from './push-routes.js';
+import { createInstanceRoutes } from './instance-routes.js';
+import { createConfigRoutes } from './config-routes.js';
+import { AuthModule } from '../auth/auth-middleware.js';
+export function createApiRouter(authModuleOrOpts, hookReceiver, getController, pushService) {
+    let opts;
+    if (authModuleOrOpts instanceof AuthModule) {
+        opts = {
+            authModule: authModuleOrOpts,
+            hookReceiver: hookReceiver,
+            getController: getController,
+            pushService,
+        };
+    }
+    else {
+        opts = authModuleOrOpts;
+    }
+    const router = Router();
+    router.use(createHealthRoutes());
+    router.use(createAuthRoutes(opts.authModule));
+    router.use(createStatusRoutes(opts.authModule, opts.getController));
+    router.use(createHookRoutes(opts.hookReceiver));
+    router.use(createConfigRoutes(opts.authModule));
+    if (opts.pushService) {
+        router.use(createPushRoutes(opts.authModule, opts.pushService));
+    }
+    if (opts.listInstances && opts.currentInstanceId) {
+        router.use(createInstanceRoutes(opts.authModule, opts.listInstances, opts.currentInstanceId, opts.instanceSpawner));
+    }
+    return router;
+}
+//# sourceMappingURL=router.js.map

package/dist/api/router.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"router.js","sourceRoot":"","sources":["../../src/api/router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AACpD,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AACxD,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAwBxD,MAAM,UAAU,eAAe,CAC7B,gBAA+C,EAC/C,YAA2B,EAC3B,aAA8C,EAC9C,WAAyB;IAEzB,IAAI,IAAsB,CAAC;IAC3B,IAAI,gBAAgB,YAAY,UAAU,EAAE,CAAC;QAC3C,IAAI,GAAG;YACL,UAAU,EAAE,gBAAgB;YAC5B,YAAY,EAAE,YAAa;YAC3B,aAAa,EAAE,aAAc;YAC7B,WAAW;SACZ,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,IAAI,GAAG,gBAAgB,CAAC;IAC1B,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,kBAAkB,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAC9C,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC;IACpE,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC;IAChD,MAAM,CAAC,GAAG,CAAC,kBAAkB,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC;IAEhD,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;QACrB,MAAM,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,CAAC,UAAU,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;IAClE,CAAC;IAED,IAAI,IAAI,CAAC,aAAa,IAAI,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACjD,MAAM,CAAC,GAAG,CAAC,oBAAoB,CAC7B,IAAI,CAAC,UAAU,EACf,IAAI,CAAC,aAAa,EAClB,IAAI,CAAC,iBAAiB,EACtB,IAAI,CAAC,eAAe,CACrB,CAAC,CAAC;IACL,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/api/status-routes.d.ts

@@ -0,0 +1,5 @@
+import { Router } from 'express';
+import type { SessionController } from '../session/session-controller.js';
+import { AuthModule } from '../auth/auth-middleware.js';
+export declare function createStatusRoutes(authModule: AuthModule, getController: () => SessionController | null): Router;
+//# sourceMappingURL=status-routes.d.ts.map

package/dist/api/status-routes.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-routes.d.ts","sourceRoot":"","sources":["../../src/api/status-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AACjC,OAAO,KAAK,EAAE,iBAAiB,EAAE,MAAM,kCAAkC,CAAC;AAC1E,OAAO,EAAE,UAAU,EAAE,MAAM,4BAA4B,CAAC;AAExD,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,UAAU,EAAE,aAAa,EAAE,MAAM,iBAAiB,GAAG,IAAI,GAAG,MAAM,CAgBhH"}

package/dist/api/status-routes.js

@@ -0,0 +1,17 @@
+import { Router } from 'express';
+export function createStatusRoutes(authModule, getController) {
+    const router = Router();
+    router.get('/status', authModule.requireAuth, (_req, res) => {
+        const controller = getController();
+        if (!controller) {
+            res.json({ status: 'not_started' });
+            return;
+        }
+        res.json({
+            status: controller.status,
+            connectedClients: controller.connectedClients,
+        });
+    });
+    return router;
+}
+//# sourceMappingURL=status-routes.js.map

package/dist/api/status-routes.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"status-routes.js","sourceRoot":"","sources":["../../src/api/status-routes.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,MAAM,SAAS,CAAC;AAIjC,MAAM,UAAU,kBAAkB,CAAC,UAAsB,EAAE,aAA6C;IACtG,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IAExB,MAAM,CAAC,GAAG,CAAC,SAAS,EAAE,UAAU,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;QAC1D,MAAM,UAAU,GAAG,aAAa,EAAE,CAAC;QACnC,IAAI,CAAC,UAAU,EAAE,CAAC;YAChB,GAAG,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC,CAAC;YACpC,OAAO;QACT,CAAC;QACD,GAAG,CAAC,IAAI,CAAC;YACP,MAAM,EAAE,UAAU,CAAC,MAAM;YACzB,gBAAgB,EAAE,UAAU,CAAC,gBAAgB;SAC9C,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/attach.d.ts

@@ -0,0 +1,9 @@
+export interface AttachOptions {
+    /** 目标实例端口或名称 */
+    target: string;
+}
+/**
+ * 执行 attach 命令。
+ */
+export declare function attachInstance(options: AttachOptions): Promise<void>;
+//# sourceMappingURL=attach.d.ts.map

package/dist/attach.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"attach.d.ts","sourceRoot":"","sources":["../src/attach.ts"],"names":[],"mappings":"AAkBA,MAAM,WAAW,aAAa;IAC5B,gBAAgB;IAChB,MAAM,EAAE,MAAM,CAAC;CAChB;AA+CD;;GAEG;AACH,wBAAsB,cAAc,CAAC,OAAO,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAgH1E"}

package/dist/attach.js

@@ -0,0 +1,155 @@
+/**
+ * claude-remote attach 命令实现
+ *
+ * 用法：
+ *   claude-remote attach <port|name>
+ *
+ * 连接到指定的实例，接管其终端输入输出。
+ */
+import { homedir } from 'node:os';
+import { resolve } from 'node:path';
+import { CLAUDE_REMOTE_DIR, REGISTRY_FILENAME } from '../shared-dist/index.js';
+import { existsSync, readFileSync } from 'node:fs';
+import { VirtualPtyManager } from './pty/virtual-pty.js';
+import { TerminalRelay } from './terminal/terminal-relay.js';
+import { getOrCreateSharedToken } from './registry/shared-token.js';
+/**
+ * 从注册表获取实例列表。
+ */
+function loadInstances(baseDir) {
+    const registryPath = resolve(baseDir, REGISTRY_FILENAME);
+    if (!existsSync(registryPath)) {
+        return [];
+    }
+    try {
+        const content = readFileSync(registryPath, 'utf-8');
+        const data = JSON.parse(content);
+        return data.instances ?? [];
+    }
+    catch {
+        return [];
+    }
+}
+/**
+ * 查找目标实例。
+ */
+function findInstance(target, instances) {
+    // 先按端口查找
+    const port = parseInt(target, 10);
+    if (!isNaN(port)) {
+        const byPort = instances.find(inst => inst.port === port);
+        if (byPort)
+            return byPort;
+    }
+    // 再按名称查找
+    const byName = instances.find(inst => inst.name === target);
+    return byName ?? null;
+}
+/**
+ * 检查进程是否存活
+ */
+function isProcessAlive(pid) {
+    try {
+        process.kill(pid, 0);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * 执行 attach 命令。
+ */
+export async function attachInstance(options) {
+    const { target } = options;
+    // 获取配置目录
+    const sharedConfigDir = resolve(homedir(), CLAUDE_REMOTE_DIR);
+    // 加载实例列表
+    const instances = loadInstances(sharedConfigDir);
+    // 过滤存活实例
+    const aliveInstances = instances.filter(inst => isProcessAlive(inst.pid));
+    if (aliveInstances.length === 0) {
+        console.error('没有发现存活实例');
+        process.exit(1);
+    }
+    // 查找目标实例
+    const instance = findInstance(target, aliveInstances);
+    if (!instance) {
+        console.error(`未找到实例: ${target}`);
+        console.error('可用实例:');
+        for (const inst of aliveInstances) {
+            console.error(`  - ${inst.name} (端口 ${inst.port})`);
+        }
+        process.exit(1);
+    }
+    console.log(`正在连接实例: ${instance.name} (端口 ${instance.port})...`);
+    // 获取共享 Token
+    const { token } = getOrCreateSharedToken(sharedConfigDir);
+    // 创建 VirtualPtyManager
+    const virtualPty = new VirtualPtyManager();
+    // 创建 TerminalRelay
+    const relay = new TerminalRelay(virtualPty);
+    // 幂等退出保护
+    let stopping = false;
+    const cleanup = () => {
+        if (stopping)
+            return;
+        stopping = true;
+        virtualPty.destroy();
+        relay.stop();
+    };
+    // 处理 PTY 输出 → stdout
+    virtualPty.on('data', (data) => {
+        process.stdout.write(data);
+    });
+    // 处理服务端 resize 通知 → 发送本地终端尺寸
+    // 当 WebApp 断开时，服务端广播 terminal_resize，让 attach 用真实尺寸响应
+    virtualPty.on('server_resize', () => {
+        const cols = process.stdout.columns ?? 80;
+        const rows = process.stdout.rows ?? 24;
+        virtualPty.resize(cols, rows);
+    });
+    // 处理连接关闭
+    virtualPty.on('exit', (_exitCode) => {
+        console.log('\n连接已关闭');
+        cleanup();
+        process.exit(0);
+    });
+    virtualPty.on('error', (err) => {
+        console.error('连接错误:', err.message);
+        cleanup();
+        process.exit(1);
+    });
+    // 连接到实例 - 使用 instance.host（回退为 localhost）
+    // 注意：instance.host 为 '0.0.0.0' 时表示监听所有接口，客户端应使用 localhost 连接
+    const host = instance.host && instance.host !== '0.0.0.0' ? instance.host : 'localhost';
+    const wsUrl = `ws://${host}:${instance.port}/ws`;
+    try {
+        await virtualPty.connect(wsUrl, token);
+    }
+    catch (err) {
+        console.error('连接失败:', err instanceof Error ? err.message : err);
+        cleanup();
+        process.exit(1);
+    }
+    // 同步终端大小
+    const cols = process.stdout.columns ?? 80;
+    const rows = process.stdout.rows ?? 24;
+    virtualPty.resize(cols, rows);
+    // 启动 TerminalRelay
+    relay.start();
+    console.log('已连接。按 Ctrl+C 两次退出。');
+    // 等待进程退出
+    await new Promise((resolve) => {
+        process.on('SIGINT', () => {
+            console.log('\n正在断开连接...');
+            cleanup();
+            resolve();
+        });
+        process.on('SIGTERM', () => {
+            cleanup();
+            resolve();
+        });
+    });
+}
+//# sourceMappingURL=attach.js.map

package/dist/attach.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"attach.js","sourceRoot":"","sources":["../src/attach.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AACH,OAAO,EAAE,OAAO,EAAE,MAAM,SAAS,CAAC;AAClC,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,uBAAuB,CAAC;AAE7E,OAAO,EAAE,UAAU,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AACnD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAC;AACzD,OAAO,EAAE,aAAa,EAAE,MAAM,8BAA8B,CAAC;AAC7D,OAAO,EAAE,sBAAsB,EAAE,MAAM,4BAA4B,CAAC;AAQpE;;GAEG;AACH,SAAS,aAAa,CAAC,OAAe;IACpC,MAAM,YAAY,GAAG,OAAO,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC;IACzD,IAAI,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;QAC9B,OAAO,EAAE,CAAC;IACZ,CAAC;IACD,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,YAAY,CAAC,YAAY,EAAE,OAAO,CAAC,CAAC;QACpD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACjC,OAAO,IAAI,CAAC,SAAS,IAAI,EAAE,CAAC;IAC9B,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,CAAC;IACZ,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,YAAY,CAAC,MAAc,EAAE,SAAyB;IAC7D,SAAS;IACT,MAAM,IAAI,GAAG,QAAQ,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,EAAE,CAAC;QACjB,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,IAAI,CAAC,CAAC;QAC1D,IAAI,MAAM;YAAE,OAAO,MAAM,CAAC;IAC5B,CAAC;IAED,SAAS;IACT,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,IAAI,CAAC,IAAI,KAAK,MAAM,CAAC,CAAC;IAC5D,OAAO,MAAM,IAAI,IAAI,CAAC;AACxB,CAAC;AAED;;GAEG;AACH,SAAS,cAAc,CAAC,GAAW;IACjC,IAAI,CAAC;QACH,OAAO,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;QACrB,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,KAAK,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,OAAsB;IACzD,MAAM,EAAE,MAAM,EAAE,GAAG,OAAO,CAAC;IAE3B,SAAS;IACT,MAAM,eAAe,GAAG,OAAO,CAAC,OAAO,EAAE,EAAE,iBAAiB,CAAC,CAAC;IAE9D,SAAS;IACT,MAAM,SAAS,GAAG,aAAa,CAAC,eAAe,CAAC,CAAC;IAEjD,SAAS;IACT,MAAM,cAAc,GAAG,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC,cAAc,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAE1E,IAAI,cAAc,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QAChC,OAAO,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC;QAC1B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,SAAS;IACT,MAAM,QAAQ,GAAG,YAAY,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;IAEtD,IAAI,CAAC,QAAQ,EAAE,CAAC;QACd,OAAO,CAAC,KAAK,CAAC,UAAU,MAAM,EAAE,CAAC,CAAC;QAClC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QACvB,KAAK,MAAM,IAAI,IAAI,cAAc,EAAE,CAAC;YAClC,OAAO,CAAC,KAAK,CAAC,OAAO,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;QACtD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,WAAW,QAAQ,CAAC,IAAI,QAAQ,QAAQ,CAAC,IAAI,MAAM,CAAC,CAAC;IAEjE,aAAa;IACb,MAAM,EAAE,KAAK,EAAE,GAAG,sBAAsB,CAAC,eAAe,CAAC,CAAC;IAE1D,uBAAuB;IACvB,MAAM,UAAU,GAAG,IAAI,iBAAiB,EAAE,CAAC;IAE3C,mBAAmB;IACnB,MAAM,KAAK,GAAG,IAAI,aAAa,CAAC,UAAU,CAAC,CAAC;IAE5C,SAAS;IACT,IAAI,QAAQ,GAAG,KAAK,CAAC;IAErB,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,IAAI,QAAQ;YAAE,OAAO;QACrB,QAAQ,GAAG,IAAI,CAAC;QAChB,UAAU,CAAC,OAAO,EAAE,CAAC;QACrB,KAAK,CAAC,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;IAEF,qBAAqB;IACrB,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,6BAA6B;IAC7B,sDAAsD;IACtD,UAAU,CAAC,EAAE,CAAC,eAAe,EAAE,GAAG,EAAE;QAClC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;QAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QACvC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAChC,CAAC,CAAC,CAAC;IAEH,SAAS;IACT,UAAU,CAAC,EAAE,CAAC,MAAM,EAAE,CAAC,SAAiB,EAAE,EAAE;QAC1C,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvB,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,UAAU,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAU,EAAE,EAAE;QACpC,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;QACpC,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC,CAAC,CAAC;IAEH,0CAA0C;IAC1C,6DAA6D;IAC7D,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,SAAS,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,WAAW,CAAC;IACxF,MAAM,KAAK,GAAG,QAAQ,IAAI,IAAI,QAAQ,CAAC,IAAI,KAAK,CAAC;IAEjD,IAAI,CAAC;QACH,MAAM,UAAU,CAAC,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO,CAAC,KAAK,CAAC,OAAO,EAAE,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC;QACjE,OAAO,EAAE,CAAC;QACV,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,SAAS;IACT,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;IAC1C,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;IACvC,UAAU,CAAC,MAAM,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC;IAE9B,mBAAmB;IACnB,KAAK,CAAC,KAAK,EAAE,CAAC;IAEd,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAElC,SAAS;IACT,MAAM,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE;QAClC,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;YACxB,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC3B,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;QAEH,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE;YACzB,OAAO,EAAE,CAAC;YACV,OAAO,EAAE,CAAC;QACZ,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/auth/auth-middleware.d.ts

@@ -0,0 +1,52 @@
+import { Request, Response, NextFunction } from 'express';
+export interface AuthModuleOptions {
+    token: string;
+    sessionTtlMs: number;
+    rateLimitPerMinute: number;
+    cookieName: string;
+}
+/**
+ * Authentication module managing token verification, session cookies, and rate limiting.
+ */
+export declare class AuthModule {
+    private readonly token;
+    private readonly sessionTtlMs;
+    private readonly cookieName;
+    private readonly sessions;
+    private readonly rateLimiter;
+    constructor(options: AuthModuleOptions);
+    /**
+     * Verify a token using timing-safe comparison.
+     */
+    verifyToken(candidate: string): boolean;
+    /**
+     * Create a new session and return the session ID.
+     */
+    createSession(ip: string): string;
+    /**
+     * Validate a session ID. Returns true if valid and not expired.
+     */
+    validateSession(sessionId: string): boolean;
+    /**
+     * Extract session ID from request cookies.
+     */
+    getSessionFromRequest(req: Request): string | null;
+    /**
+     * Extract session ID from a raw cookie header string.
+     */
+    getSessionFromCookieHeader(cookieHeader: string): string | null;
+    getCookieName(): string;
+    /**
+     * Express middleware that protects routes with session auth.
+     */
+    requireAuth: (req: Request, res: Response, next: NextFunction) => void;
+    /**
+     * Handle auth POST (verify token, create session, return cookie).
+     */
+    handleAuth: (req: Request, res: Response) => void;
+    /**
+     * Cleanup resources.
+     */
+    destroy(): void;
+}
+//# sourceMappingURL=auth-middleware.d.ts.map

package/dist/auth/auth-middleware.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-middleware.d.ts","sourceRoot":"","sources":["../../src/auth/auth-middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAO1D,MAAM,WAAW,iBAAiB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,YAAY,EAAE,MAAM,CAAC;IACrB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,UAAU,EAAE,MAAM,CAAC;CACpB;AAOD;;GAEG;AACH,qBAAa,UAAU;IACrB,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAS;IAC/B,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAS;IACtC,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAS;IACpC,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAwC;IACjE,OAAO,CAAC,QAAQ,CAAC,WAAW,CAAc;gBAE9B,OAAO,EAAE,iBAAiB;IAOtC;;OAEG;IACH,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAOvC;;OAEG;IACH,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,MAAM;IAOjC;;OAEG;IACH,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO;IAU3C;;OAEG;IACH,qBAAqB,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,GAAG,IAAI;IAKlD;;OAEG;IACH,0BAA0B,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,GAAG,IAAI;IAK/D,aAAa,IAAI,MAAM;IAIvB;;OAEG;IACH,WAAW,GAAI,KAAK,OAAO,EAAE,KAAK,QAAQ,EAAE,MAAM,YAAY,KAAG,IAAI,CAcnE;IAEF;;OAEG;IACH,UAAU,GAAI,KAAK,OAAO,EAAE,KAAK,QAAQ,KAAG,IAAI,CA+B9C;IAEF;;OAEG;IACH,OAAO,IAAI,IAAI;CAGhB"}