@co0ontty/wand 1.10.0 → 1.14.2

package/dist/server.js

@@ -1,6 +1,7 @@
+import crypto from "node:crypto";
 import express from "express";
-import { readdir, readFile, stat } from "node:fs/promises";
-import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { createReadStream, existsSync, readFileSync, writeFileSync } from "node:fs";
+import { mkdir, readdir, readFile, stat } from "node:fs/promises";
 import { createServer as createHttpServer } from "node:http";
 import { createServer as createHttpsServer } from "node:https";
 import { exec, spawn } from "node:child_process";
@@ -11,7 +12,7 @@ import { WebSocketServer } from "ws";
 import { ensureAvatarSeed, getAvatarSvg } from "./avatar.js";
 import { createSession, revokeSession, setAuthStorage, validateSession } from "./auth.js";
 import { ensureCertificates } from "./cert.js";
-import { isExecutionMode, resolveConfigDir, saveConfig } from "./config.js";
+import { isExecutionMode, normalizeCardDefaults, resolveConfigDir, saveConfig } from "./config.js";
 import { ProcessManager } from "./process-manager.js";
 import { StructuredSessionManager } from "./structured-session-manager.js";
 import { generatePwaManifest, generateServiceWorker } from "./pwa.js";
@@ -65,6 +66,65 @@ function compareSemver(a, b) {
     }
     return 0;
 }
+let cachedGitHubApk = null;
+let gitHubApkCacheTs = 0;
+const GITHUB_APK_CACHE_TTL = 10 * 60 * 1000; // 10 minutes
+async function fetchGitHubLatestApk(forceRefresh = false) {
+    const now = Date.now();
+    if (!forceRefresh && cachedGitHubApk && (now - gitHubApkCacheTs < GITHUB_APK_CACHE_TTL)) {
+        return cachedGitHubApk;
+    }
+    try {
+        const apiUrl = PKG_REPO_URL.replace("github.com", "api.github.com/repos") + "/releases/latest";
+        const resp = await fetch(apiUrl, {
+            headers: { "Accept": "application/vnd.github.v3+json", "User-Agent": "wand-server" },
+            signal: AbortSignal.timeout(10000),
+        });
+        if (!resp.ok)
+            return cachedGitHubApk ?? null;
+        const release = await resp.json();
+        const apkAsset = release.assets.find(a => a.name.toLowerCase().endsWith(".apk"));
+        if (!apkAsset)
+            return cachedGitHubApk ?? null;
+        const version = extractAndroidApkVersion(release.tag_name) ?? release.tag_name.replace(/^v/, "");
+        cachedGitHubApk = {
+            version,
+            downloadUrl: apkAsset.browser_download_url,
+            fileName: apkAsset.name,
+            size: apkAsset.size,
+        };
+        gitHubApkCacheTs = now;
+        return cachedGitHubApk;
+    }
+    catch {
+        return cachedGitHubApk ?? null;
+    }
+}
+async function resolveLatestApkVersion(configDir, config) {
+    // Priority 1: local APK file
+    const localApk = await resolveAndroidApkAsset(configDir, config);
+    if (localApk && localApk.version) {
+        return {
+            version: localApk.version,
+            downloadUrl: localApk.downloadUrl,
+            fileName: localApk.fileName,
+            size: localApk.size,
+            source: "local",
+        };
+    }
+    // Priority 2: GitHub Release
+    const ghApk = await fetchGitHubLatestApk();
+    if (ghApk) {
+        return {
+            version: ghApk.version,
+            downloadUrl: ghApk.downloadUrl,
+            fileName: ghApk.fileName,
+            size: ghApk.size,
+            source: "github",
+        };
+    }
+    return null;
+}
 function isExternalAvatarSource(value) {
     return /^(https?:|data:)/i.test(value);
 }
@@ -238,9 +298,99 @@ function readSessionCookie(req) {
     const match = cookie.split(";").map((part) => part.trim()).find((part) => part.startsWith("wand_session="));
     return match?.slice("wand_session=".length);
 }
+// ── App connection token helpers ──
+function generateAppToken(password, secret) {
+    return crypto.createHmac("sha256", secret).update(password).digest("hex");
+}
+function verifyAppToken(token, password, secret) {
+    const expected = generateAppToken(password, secret);
+    return crypto.timingSafeEqual(Buffer.from(token, "hex"), Buffer.from(expected, "hex"));
+}
+function encodeConnectCode(url, token) {
+    return Buffer.from(`${url}#${token}`).toString("base64");
+}
+function decodeConnectCode(code) {
+    try {
+        const decoded = Buffer.from(code, "base64").toString("utf8");
+        const hashIdx = decoded.lastIndexOf("#");
+        if (hashIdx < 1)
+            return null;
+        const url = decoded.substring(0, hashIdx);
+        const token = decoded.substring(hashIdx + 1);
+        if (!url.startsWith("http") || token.length < 16)
+            return null;
+        return { url, token };
+    }
+    catch {
+        return null;
+    }
+}
 function normalizeMode(input, fallback) {
     return isExecutionMode(input) ? input : fallback;
 }
+function resolveAndroidApkDir(configDir, config) {
+    const configuredDir = config.android?.apkDir?.trim();
+    if (!configuredDir) {
+        return path.join(configDir, "android");
+    }
+    return path.isAbsolute(configuredDir) ? configuredDir : path.resolve(configDir, configuredDir);
+}
+function extractAndroidApkVersion(fileName) {
+    const nameWithoutExt = fileName.replace(/\.apk$/i, "");
+    const match = nameWithoutExt.match(/(\d+\.\d+\.\d+(?:[-+][A-Za-z0-9.-]+)?)/);
+    return match ? match[1] : null;
+}
+async function resolveAndroidApkAsset(configDir, config) {
+    if (config.android?.enabled !== true)
+        return null;
+    const apkDir = resolveAndroidApkDir(configDir, config);
+    await mkdir(apkDir, { recursive: true });
+    const configuredFile = config.android?.currentApkFile?.trim();
+    if (configuredFile) {
+        const filePath = path.join(apkDir, path.basename(configuredFile));
+        try {
+            const fileStat = await stat(filePath);
+            if (!fileStat.isFile())
+                return null;
+            return {
+                fileName: path.basename(filePath),
+                filePath,
+                size: fileStat.size,
+                updatedAt: fileStat.mtime.toISOString(),
+                version: extractAndroidApkVersion(path.basename(filePath)),
+                downloadUrl: "/android/download",
+                source: "local",
+            };
+        }
+        catch {
+            return null;
+        }
+    }
+    const entries = await readdir(apkDir, { withFileTypes: true });
+    const apkFiles = entries.filter((entry) => entry.isFile() && entry.name.toLowerCase().endsWith(".apk"));
+    if (apkFiles.length === 0)
+        return null;
+    const candidates = await Promise.all(apkFiles.map(async (entry) => {
+        const filePath = path.join(apkDir, entry.name);
+        const fileStat = await stat(filePath);
+        return {
+            entry,
+            filePath,
+            fileStat,
+        };
+    }));
+    candidates.sort((a, b) => b.fileStat.mtimeMs - a.fileStat.mtimeMs);
+    const selected = candidates[0];
+    return {
+        fileName: selected.entry.name,
+        filePath: selected.filePath,
+        size: selected.fileStat.size,
+        updatedAt: selected.fileStat.mtime.toISOString(),
+        version: extractAndroidApkVersion(selected.entry.name),
+        downloadUrl: "/android/download",
+        source: "local",
+    };
+}
 async function listPathSuggestions(input, fallbackCwd) {
     const normalizedInput = input.trim();
     const baseInput = normalizedInput || fallbackCwd;
@@ -415,13 +565,26 @@ export async function startServer(config, configPath) {
             res.status(429).json({ error: "登录尝试次数过多，请在 15 分钟后再试。" });
             return;
         }
-        const { password } = req.body;
+        const { password, appToken } = req.body;
         const dbPassword = storage.getPassword();
         const effectivePassword = dbPassword ?? config.password;
-        if (password !== effectivePassword) {
-            recordFailedLogin(clientIp);
-            res.status(401).json({ error: "密码错误，请重试。" });
-            return;
+        // App token login — derived from password, so password change invalidates it
+        let authenticated = false;
+        if (appToken) {
+            try {
+                authenticated = verifyAppToken(appToken, effectivePassword, config.appSecret ?? "");
+            }
+            catch {
+                authenticated = false;
+            }
+        }
+        if (!authenticated) {
+            if (password !== effectivePassword) {
+                recordFailedLogin(clientIp);
+                res.status(401).json({ error: "密码错误，请重试。" });
+                return;
+            }
+            authenticated = true;
         }
         resetRateLimit(clientIp);
         const token = createSession();
@@ -447,6 +610,44 @@ export async function startServer(config, configPath) {
         storage.setPassword(password);
         res.json({ ok: true });
     });
+    // ── Android APK update & download (no auth required) ──
+    app.get("/api/android-apk-update", async (req, res) => {
+        const currentVersion = req.query.currentVersion?.trim();
+        if (!currentVersion) {
+            res.status(400).json({ error: "Missing currentVersion query parameter." });
+            return;
+        }
+        const latest = await resolveLatestApkVersion(configDir, config);
+        if (!latest) {
+            res.json({ updateAvailable: false, currentVersion, latestVersion: null, downloadUrl: null, source: null });
+            return;
+        }
+        const updateAvailable = compareSemver(latest.version, currentVersion) > 0;
+        res.json({
+            updateAvailable,
+            currentVersion,
+            latestVersion: latest.version,
+            downloadUrl: updateAvailable ? latest.downloadUrl : null,
+            fileName: updateAvailable ? latest.fileName : null,
+            size: updateAvailable ? latest.size : null,
+            source: latest.source,
+        });
+    });
+    app.get("/android/download", async (_req, res) => {
+        const androidApk = await resolveAndroidApkAsset(configDir, config);
+        if (config.android?.enabled !== true) {
+            res.status(404).json({ error: "Android APK 下载未启用。" });
+            return;
+        }
+        if (!androidApk) {
+            res.status(404).json({ error: "当前没有可下载的 APK 文件。" });
+            return;
+        }
+        res.setHeader("Content-Type", "application/vnd.android.package-archive");
+        res.setHeader("Content-Length", String(androidApk.size));
+        res.setHeader("Content-Disposition", `attachment; filename="${encodeURIComponent(androidApk.fileName)}"`);
+        createReadStream(androidApk.filePath).pipe(res);
+    });
     app.use("/api", requireAuth);
     // ── Config & Session info ──
     app.get("/api/config", async (_req, res) => {
@@ -459,18 +660,28 @@ export async function startServer(config, configPath) {
             commandPresets: config.commandPresets,
             structuredRunners: [{ label: "Claude Structured", runner: "claude-cli-print" }],
             structuredChatPersona,
+            cardDefaults: config.cardDefaults,
             updateAvailable: cachedUpdateInfo?.updateAvailable ?? false,
             latestVersion: cachedUpdateInfo?.latest ?? null,
             currentVersion: PKG_VERSION,
         });
     });
     // ── Settings endpoints ──
-    app.get("/api/settings", (_req, res) => {
+    app.get("/api/settings", async (_req, res) => {
         const certPaths = {
             keyPath: path.join(configDir, "server.key"),
             certPath: path.join(configDir, "server.crt"),
         };
         const { password: _pw, ...safeConfig } = config;
+        const localApk = await resolveAndroidApkAsset(configDir, config);
+        const ghApk = await fetchGitHubLatestApk();
+        const apkDir = resolveAndroidApkDir(configDir, config);
+        // Backward-compatible: pick best available for hasApk/version/downloadUrl
+        const resolvedApk = localApk
+            ? { hasApk: true, fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl, source: "local" }
+            : ghApk
+                ? { hasApk: true, fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, updatedAt: null, downloadUrl: ghApk.downloadUrl, source: "github" }
+                : null;
         res.json({
             version: PKG_VERSION,
             packageName: PKG_NAME,
@@ -480,8 +691,55 @@ export async function startServer(config, configPath) {
             hasCert: existsSync(certPaths.keyPath) && existsSync(certPaths.certPath),
             updateAvailable: cachedUpdateInfo?.updateAvailable ?? false,
             latestVersion: cachedUpdateInfo?.latest ?? null,
+            androidApk: {
+                enabled: config.android?.enabled === true,
+                apkDir,
+                hasApk: resolvedApk?.hasApk ?? false,
+                fileName: resolvedApk?.fileName ?? null,
+                version: resolvedApk?.version ?? null,
+                size: resolvedApk?.size ?? null,
+                updatedAt: resolvedApk?.updatedAt ?? null,
+                downloadUrl: resolvedApk?.downloadUrl ?? null,
+                source: resolvedApk?.source ?? null,
+                local: localApk ? { fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl } : null,
+                github: ghApk ? { fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, downloadUrl: ghApk.downloadUrl } : null,
+            },
+        });
+    });
+    app.get("/api/android-apk", async (_req, res) => {
+        const localApk = await resolveAndroidApkAsset(configDir, config);
+        const ghApk = await fetchGitHubLatestApk();
+        const apkDir = resolveAndroidApkDir(configDir, config);
+        const resolvedApk = localApk
+            ? { hasApk: true, fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl, source: "local" }
+            : ghApk
+                ? { hasApk: true, fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, updatedAt: null, downloadUrl: ghApk.downloadUrl, source: "github" }
+                : null;
+        res.json({
+            enabled: config.android?.enabled === true,
+            apkDir,
+            hasApk: resolvedApk?.hasApk ?? false,
+            fileName: resolvedApk?.fileName ?? null,
+            version: resolvedApk?.version ?? null,
+            size: resolvedApk?.size ?? null,
+            updatedAt: resolvedApk?.updatedAt ?? null,
+            downloadUrl: resolvedApk?.downloadUrl ?? null,
+            source: resolvedApk?.source ?? null,
+            local: localApk ? { fileName: localApk.fileName, version: localApk.version, size: localApk.size, updatedAt: localApk.updatedAt, downloadUrl: localApk.downloadUrl } : null,
+            github: ghApk ? { fileName: ghApk.fileName, version: ghApk.version, size: ghApk.size, downloadUrl: ghApk.downloadUrl } : null,
         });
     });
+    app.get("/api/app-connect-code", requireAuth, (req, res) => {
+        const dbPassword = storage.getPassword();
+        const effectivePassword = dbPassword ?? config.password;
+        const protocol = useHttps ? "https" : "http";
+        const host = req.headers.host || `${config.host}:${config.port}`;
+        const serverUrl = `${protocol}://${host}`;
+        const appSecret = config.appSecret ?? "";
+        const token = generateAppToken(effectivePassword, appSecret);
+        const code = encodeConnectCode(serverUrl, token);
+        res.json({ code });
+    });
     app.post("/api/settings/config", async (req, res) => {
         const body = req.body;
         const allowedFields = ["host", "port", "https", "defaultMode", "defaultCwd", "shell", "language"];
@@ -521,14 +779,21 @@ export async function startServer(config, configPath) {
                 changed = true;
             }
         }
+        // Handle cardDefaults separately (nested object, no restart needed)
+        if (body.cardDefaults !== undefined) {
+            config.cardDefaults = normalizeCardDefaults(body.cardDefaults);
+            changed = true;
+        }
         if (!changed) {
             res.status(400).json({ error: "没有可更新的配置字段。" });
             return;
         }
+        // cardDefaults-only changes don't need restart
+        const restartRequired = allowedFields.some((f) => f in body && body[f] !== undefined);
         try {
             await saveConfig(configPath, config);
             const { password: _pw, ...safeConfig } = config;
-            res.json({ ok: true, config: safeConfig, restartRequired: true });
+            res.json({ ok: true, config: safeConfig, restartRequired });
         }
         catch (error) {
             res.status(500).json({ error: getErrorMessage(error, "保存配置失败。") });
@@ -878,7 +1143,7 @@ export async function startServer(config, configPath) {
         })()
         : createHttpServer(app);
     const wss = new WebSocketServer({ server, path: "/ws" });
-    const wsManager = new WsBroadcastManager(wss);
+    const wsManager = new WsBroadcastManager(wss, () => config.cardDefaults ?? {});
     wsManager.setup((id) => structuredSessions.get(id) ?? processes.get(id));
     // Wire process events to WebSocket broadcast
     processes.on("process", (event) => {

package/dist/structured-session-manager.d.ts

@@ -16,6 +16,8 @@ export declare class StructuredSessionManager {
     constructor(storage: WandStorage, config: WandConfig);
     setEventEmitter(emitEvent: (event: ProcessEvent) => void): void;
     list(): SessionSnapshot[];
+    /** Return lightweight snapshots for the session list (no output/messages). */
+    listSlim(): SessionSnapshot[];
     get(id: string): SessionSnapshot | null;
     createSession(options: CreateStructuredSessionOptions): SessionSnapshot;
     sendMessage(id: string, input: string): Promise<SessionSnapshot>;

package/dist/structured-session-manager.js

@@ -80,6 +80,16 @@ export class StructuredSessionManager {
             .map(withSummary)
             .sort((a, b) => b.startedAt.localeCompare(a.startedAt));
     }
+    /** Return lightweight snapshots for the session list (no output/messages). */
+    listSlim() {
+        return Array.from(this.sessions.values())
+            .map((s) => {
+            const enriched = withSummary(s);
+            const { output: _o, messages: _m, ...slim } = enriched;
+            return { ...slim, output: "" };
+        })
+            .sort((a, b) => b.startedAt.localeCompare(a.startedAt));
+    }
     get(id) {
         const s = this.sessions.get(id);
         return s ? withSummary(s) : null;

package/dist/types.d.ts

@@ -47,6 +47,23 @@ export interface StructuredChatPersonaConfig {
     user?: StructuredChatPersonaRoleConfig;
     assistant?: StructuredChatPersonaRoleConfig;
 }
+export interface CardExpandDefaults {
+    /** Edit/Write/MultiEdit diff cards (default: false) */
+    editCards?: boolean;
+    /** Read/Glob/Grep/WebFetch/WebSearch inline tools (default: false) */
+    inlineTools?: boolean;
+    /** Bash terminal output (default: false) */
+    terminal?: boolean;
+    /** Thinking blocks (default: false) */
+    thinking?: boolean;
+    /** Tool groups (default: false) */
+    toolGroup?: boolean;
+}
+export interface AndroidApkConfig {
+    enabled?: boolean;
+    apkDir?: string;
+    currentApkFile?: string;
+}
 export interface WandConfig {
     host: string;
     port: number;
@@ -64,6 +81,11 @@ export interface WandConfig {
     shortcutLogMaxBytes?: number;
     /** Preferred response language for Claude (e.g. "中文", "English"). Empty string means no override. */
     language?: string;
+    /** Per-instance secret for app connection code encryption. Auto-generated on first run. */
+    appSecret?: string;
+    android?: AndroidApkConfig;
+    /** Default expand/collapse state for card types in structured chat view */
+    cardDefaults?: CardExpandDefaults;
 }
 interface WorktreeInfo {
     branch: string;
@@ -167,6 +189,10 @@ export interface ToolResultBlock {
         [key: string]: unknown;
     }>;
     is_error?: boolean;
+    /** When true, content has been truncated for transport. Client should fetch full content via API. */
+    _truncated?: boolean;
+    /** Original content size in bytes, provided when truncated. */
+    _originalSize?: number;
 }
 export type ContentBlock = TextBlock | ThinkingBlock | ToolUseBlock | ToolResultBlock;
 export interface ConversationTurn {
@@ -247,6 +273,8 @@ export interface SessionSnapshot {
     };
     /** 会话摘要：从首条用户消息或当前任务提取 */
     summary?: string;
+    /** 当前正在执行的任务标题（用于会话列表展示） */
+    currentTaskTitle?: string;
 }
 export type SessionLifecycleState = "initializing" | "running" | "idle" | "thinking" | "waiting-input" | "archived";
 export interface SessionLifecycle {