@company-os/terminal-server 1.0.0 → 1.1.0

package/README.md

@@ -1,60 +1,46 @@
-# @company-os/terminal-server
+# @companyos/terminal-server
 
-Local terminal server for [CompanyOS](https://app.company-os.ai). Run it on your machine to get a live terminal alongside the chat panel in your browser.
+Local WebSocket server that spawns and manages pseudo-terminal (PTY) sessions for AI CLI tools (Claude Code, Codex, Gemini) and interactive shells.
 
-## Quick start
+## Depends On
 
-```bash
-npx @company-os/terminal-server
-```
+- `node-pty` -- pseudo-terminal spawning
+- `ws` -- WebSocket server
+- `zod` -- env var validation
 
-Then open [app.company-os.ai](https://app.company-os.ai), click the terminal toggle in chat, and click **Reconnect**.
+## Key Exports
 
-## Requirements
+- `SERVER_CONFIG` -- resolved server configuration (port, origins, max sessions, idle timeout)
+- `buildSpawnConfig` / `SpawnConfig` / `CreateMessage` -- PTY spawn configuration builder
+- `ServerMessage` / `ClientMessage` -- WebSocket protocol types
 
-- **Node.js 18+**
-- **C++ build toolchain** (required by `node-pty`):
-  - macOS: Xcode Command Line Tools (`xcode-select --install`)
-  - Windows: Visual Studio Build Tools (`npm install -g windows-build-tools`)
-  - Linux: `build-essential` (`sudo apt install build-essential`)
+## Endpoints
 
-## How it works
+| Path         | Method | Description                                      |
+|--------------|--------|--------------------------------------------------|
+| `/health`    | GET    | Server status and active session count            |
+| `/status`    | GET    | Claude CLI availability check                     |
+| `/sessions`  | GET    | Lists Claude Code sessions from `~/.claude/`      |
+| `/clis`      | GET    | Detected CLI tools (claude, codex, gemini)        |
+| `ws://`      | WS     | Terminal PTY session (create, input, resize, ping) |
 
-The server runs on `localhost:3002` and exposes a WebSocket endpoint. Your browser connects to `ws://localhost:3002` directly — CompanyOS never proxies or receives your shell access.
+## Scripts
 
-```
-Browser (app.company-os.ai)  ──ws://localhost:3002──►  terminal-server (your machine)
-                                                            │
-                                                            ▼
-                                                        PTY (shell)
-```
+| Script  | Command              | Description                 |
+|---------|----------------------|-----------------------------|
+| `dev`   | `npx tsx src/index.ts` | Run with ts-node (dev mode) |
+| `build` | `tsc -b`             | Compile TypeScript          |
+| `start` | `node dist/index.js` | Run compiled server         |
 
 ## Configuration
 
-| Environment variable | Default | Description |
-|---|---|---|
-| `TERMINAL_SERVER_PORT` | `3002` | Port to listen on |
-| `ALLOWED_ORIGINS` | `http://localhost:3000,http://localhost:3002,https://app.company-os.ai` | Comma-separated allowed origins |
-| `COMPANYOS_WORKSPACE_ROOT` | Current directory | Working directory for new shells |
+Environment variables (all optional with defaults):
 
-## Troubleshooting
-
-**Port 3002 is in use**
-
-```bash
-TERMINAL_SERVER_PORT=3003 npx @company-os/terminal-server
-```
-
-**node-pty fails to install**
-
-You're missing the C++ build toolchain. See Requirements above.
-
-**Browser says "Connect your terminal" but server is running**
-
-Check the server output — it prints the port it's listening on. If it's not 3002, the browser won't find it (it defaults to 3002).
-
-## Security model
-
-- Binds to **localhost only** — not accessible from the network
-- **Origin allowlist** — only connections from listed origins are accepted; missing origins are rejected
-- Your shell runs on your machine; CompanyOS servers never see your terminal traffic
+| Variable                          | Default | Description                    |
+|-----------------------------------|---------|--------------------------------|
+| `TERMINAL_SERVER_PORT`            | `3002`  | HTTP/WS listen port            |
+| `ALLOWED_ORIGINS`                 | (list)  | Comma-separated allowed origins |
+| `TERMINAL_SERVER_MAX_SESSIONS`    | `5`     | Max concurrent PTY sessions    |
+| `TERMINAL_SERVER_IDLE_TIMEOUT_MS` | `1800000` | Session idle timeout (30min) |
+| `TERMINAL_SERVER_TOKEN`           | (none)  | Auth token for WS connections  |
+| `COMPANYOS_WORKSPACE_ROOT`        | `$HOME` | Default working directory      |

package/dist/__tests__/auth.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=auth.test.d.ts.map

package/dist/__tests__/auth.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/auth.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/auth.test.js

@@ -0,0 +1,61 @@
+import { describe, it, expect, afterEach } from 'vitest';
+import { getAuthConfig, verifyToken, extractTokenFromRequest } from '../auth.js';
+describe('auth', () => {
+    const originalEnv = process.env.TERMINAL_SERVER_TOKEN;
+    afterEach(() => {
+        if (originalEnv === undefined) {
+            delete process.env.TERMINAL_SERVER_TOKEN;
+        }
+        else {
+            process.env.TERMINAL_SERVER_TOKEN = originalEnv;
+        }
+    });
+    describe('getAuthConfig', () => {
+        it('returns null token when env var is not set', () => {
+            delete process.env.TERMINAL_SERVER_TOKEN;
+            expect(getAuthConfig().token).toBeNull();
+        });
+        it('returns token from env var', () => {
+            process.env.TERMINAL_SERVER_TOKEN = 'test-secret-123';
+            expect(getAuthConfig().token).toBe('test-secret-123');
+        });
+        it('returns null for empty string', () => {
+            process.env.TERMINAL_SERVER_TOKEN = '';
+            expect(getAuthConfig().token).toBeNull();
+        });
+    });
+    describe('verifyToken', () => {
+        it('returns true for matching tokens', () => {
+            expect(verifyToken('abc123', 'abc123')).toBe(true);
+        });
+        it('returns false for non-matching tokens of same length', () => {
+            expect(verifyToken('abc123', 'xyz789')).toBe(false);
+        });
+        it('returns false for tokens of different lengths', () => {
+            expect(verifyToken('short', 'muchlongertoken')).toBe(false);
+        });
+        it('handles long hex tokens', () => {
+            const token = 'a'.repeat(64);
+            expect(verifyToken(token, token)).toBe(true);
+            expect(verifyToken(token, 'b'.repeat(64))).toBe(false);
+        });
+    });
+    describe('extractTokenFromRequest', () => {
+        function mockReq(url, host = 'localhost:3002') {
+            return { url, headers: { host } };
+        }
+        it('extracts token from query string', () => {
+            expect(extractTokenFromRequest(mockReq('/?token=mytoken'))).toBe('mytoken');
+        });
+        it('returns null when no token param', () => {
+            expect(extractTokenFromRequest(mockReq('/'))).toBeNull();
+        });
+        it('returns null for missing url', () => {
+            expect(extractTokenFromRequest({ headers: {} })).toBeNull();
+        });
+        it('handles url with path and other params', () => {
+            expect(extractTokenFromRequest(mockReq('/ws?foo=bar&token=secret&baz=1'))).toBe('secret');
+        });
+    });
+});
+//# sourceMappingURL=auth.test.js.map

package/dist/__tests__/auth.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.test.js","sourceRoot":"","sources":["../../src/__tests__/auth.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAc,SAAS,EAAE,MAAM,QAAQ,CAAC;AAErE,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,uBAAuB,EAAE,MAAM,YAAY,CAAC;AAEjF,QAAQ,CAAC,MAAM,EAAE,GAAG,EAAE;IACpB,MAAM,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAEtD,SAAS,CAAC,GAAG,EAAE;QACb,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;YAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;QAC3C,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,WAAW,CAAC;QAClD,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,eAAe,EAAE,GAAG,EAAE;QAC7B,EAAE,CAAC,4CAA4C,EAAE,GAAG,EAAE;YACpD,OAAO,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;YACzC,MAAM,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,4BAA4B,EAAE,GAAG,EAAE;YACpC,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,iBAAiB,CAAC;YACtD,MAAM,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QACxD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;YACvC,OAAO,CAAC,GAAG,CAAC,qBAAqB,GAAG,EAAE,CAAC;YACvC,MAAM,CAAC,aAAa,EAAE,CAAC,KAAK,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3C,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,aAAa,EAAE,GAAG,EAAE;QAC3B,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACrD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;YAC9D,MAAM,CAAC,WAAW,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACtD,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;YACvD,MAAM,CAAC,WAAW,CAAC,OAAO,EAAE,iBAAiB,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC9D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;YACjC,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC7B,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC7C,MAAM,CAAC,WAAW,CAAC,KAAK,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACzD,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACvC,SAAS,OAAO,CAAC,GAAW,EAAE,IAAI,GAAG,gBAAgB;YACnD,OAAO,EAAE,GAAG,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,EAAqB,CAAC;QACvD,CAAC;QAED,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,uBAAuB,CAAC,OAAO,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;QAC9E,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,kCAAkC,EAAE,GAAG,EAAE;YAC1C,MAAM,CAAC,uBAAuB,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QAC3D,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;YACtC,MAAM,CAAC,uBAAuB,CAAC,EAAE,OAAO,EAAE,EAAE,EAAqB,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;QACjF,CAAC,CAAC,CAAC;QAEH,EAAE,CAAC,wCAAwC,EAAE,GAAG,EAAE;YAChD,MAAM,CAAC,uBAAuB,CAAC,OAAO,CAAC,gCAAgC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QAC5F,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/spawn-config.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=spawn-config.test.d.ts.map

package/dist/__tests__/spawn-config.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"spawn-config.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/spawn-config.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/spawn-config.test.js

@@ -0,0 +1,79 @@
+import { describe, it, expect } from 'vitest';
+import { buildSpawnConfig } from '../spawn-config.js';
+import { getDefaultShell, getWorkingDirectory } from '../config.js';
+describe('buildSpawnConfig', () => {
+    it('uses default shell when no command specified', () => {
+        const config = buildSpawnConfig({ type: 'create', cwd: '/tmp' });
+        expect(config.command).toBe(getDefaultShell());
+        expect(config.args).toEqual([]);
+    });
+    it('uses specified command and args', () => {
+        const config = buildSpawnConfig({
+            type: 'create',
+            cwd: '/tmp',
+            command: 'claude',
+            args: ['--mcp-config', '/path/to/mcp.json'],
+        });
+        expect(config.command).toBe('claude');
+        expect(config.args).toEqual(['--mcp-config', '/path/to/mcp.json']);
+    });
+    it('uses specified command with empty args if none provided', () => {
+        const config = buildSpawnConfig({ type: 'create', command: 'codex' });
+        expect(config.command).toBe('codex');
+        expect(config.args).toEqual([]);
+    });
+    it('uses provided cwd', () => {
+        const config = buildSpawnConfig({ type: 'create', cwd: '/home/user/project' });
+        expect(config.cwd).toBe('/home/user/project');
+    });
+    it('falls back to working directory when no cwd provided', () => {
+        const config = buildSpawnConfig({ type: 'create' });
+        expect(config.cwd).toBe(getWorkingDirectory());
+    });
+    it('falls back to default shell when command is empty string', () => {
+        const config = buildSpawnConfig({ type: 'create', command: '' });
+        expect(config.command).toBe(getDefaultShell());
+    });
+    it('uses empty args array when args is undefined', () => {
+        const config = buildSpawnConfig({ type: 'create', args: undefined });
+        expect(config.args).toEqual([]);
+    });
+    it('adds --resume flag when resumeSessionId is provided', () => {
+        const config = buildSpawnConfig({
+            type: 'create',
+            command: 'claude',
+            resumeSessionId: 'abc-123',
+        });
+        expect(config.command).toBe('claude');
+        expect(config.args).toEqual(['--resume', 'abc-123']);
+    });
+    it('appends --resume to existing args', () => {
+        const config = buildSpawnConfig({
+            type: 'create',
+            command: 'claude',
+            args: ['--verbose'],
+            resumeSessionId: 'abc-123',
+        });
+        expect(config.args).toEqual(['--verbose', '--resume', 'abc-123']);
+    });
+    it('does not duplicate --resume if already in args', () => {
+        const config = buildSpawnConfig({
+            type: 'create',
+            command: 'claude',
+            args: ['--resume', 'existing-id'],
+            resumeSessionId: 'abc-123',
+        });
+        expect(config.args).toEqual(['--resume', 'existing-id']);
+    });
+    it('does not mutate original args array', () => {
+        const original = ['--verbose'];
+        buildSpawnConfig({
+            type: 'create',
+            command: 'claude',
+            args: original,
+            resumeSessionId: 'abc-123',
+        });
+        expect(original).toEqual(['--verbose']);
+    });
+});
+//# sourceMappingURL=spawn-config.test.js.map

package/dist/__tests__/spawn-config.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"spawn-config.test.js","sourceRoot":"","sources":["../../src/__tests__/spawn-config.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,gBAAgB,EAAE,MAAM,oBAAoB,CAAC;AACtD,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC;AAEpE,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,MAAM,EAAE,CAAC,CAAC;QACjE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;QAC/C,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,GAAG,EAAE;QACzC,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,IAAI,EAAE,QAAQ;YACd,GAAG,EAAE,MAAM;YACX,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,CAAC,cAAc,EAAE,mBAAmB,CAAC;SAC5C,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE,mBAAmB,CAAC,CAAC,CAAC;IACrE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yDAAyD,EAAE,GAAG,EAAE;QACjE,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,CAAC,CAAC;QACtE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mBAAmB,EAAE,GAAG,EAAE;QAC3B,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,CAAC;QAC/E,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sDAAsD,EAAE,GAAG,EAAE;QAC9D,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC;QACpD,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,mBAAmB,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0DAA0D,EAAE,GAAG,EAAE;QAClE,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,EAAE,EAAE,CAAC,CAAC;QACjE,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,eAAe,EAAE,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,gBAAgB,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC;QACrE,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qDAAqD,EAAE,GAAG,EAAE;QAC7D,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,QAAQ;YACjB,eAAe,EAAE,SAAS;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACvD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,mCAAmC,EAAE,GAAG,EAAE;QAC3C,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,CAAC,WAAW,CAAC;YACnB,eAAe,EAAE,SAAS;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,CAAC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,GAAG,EAAE;QACxD,MAAM,MAAM,GAAG,gBAAgB,CAAC;YAC9B,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,CAAC,UAAU,EAAE,aAAa,CAAC;YACjC,eAAe,EAAE,SAAS;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,OAAO,CAAC,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC,CAAC;IAC3D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,QAAQ,GAAG,CAAC,WAAW,CAAC,CAAC;QAC/B,gBAAgB,CAAC;YACf,IAAI,EAAE,QAAQ;YACd,OAAO,EAAE,QAAQ;YACjB,IAAI,EAAE,QAAQ;YACd,eAAe,EAAE,SAAS;SAC3B,CAAC,CAAC;QACH,MAAM,CAAC,QAAQ,CAAC,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/__tests__/validation.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=validation.test.d.ts.map

package/dist/__tests__/validation.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.test.d.ts","sourceRoot":"","sources":["../../src/__tests__/validation.test.ts"],"names":[],"mappings":""}

package/dist/__tests__/validation.test.js

@@ -0,0 +1,102 @@
+import { describe, it, expect } from "vitest";
+import { validateClientMessage, ALLOWED_COMMANDS } from "../validation.js";
+describe("command allowlist", () => {
+    it("allows known CLI commands", () => {
+        for (const cmd of ["claude", "codex", "gemini", "zsh", "bash", "fish", "sh"]) {
+            const result = validateClientMessage(JSON.stringify({ type: "create", command: cmd }));
+            expect(result.valid, `${cmd} should be allowed`).toBe(true);
+        }
+    });
+    it("allows create with no command (default shell)", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create" }));
+        expect(result.valid).toBe(true);
+    });
+    it("rejects unknown commands", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "rm" }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("not allowed");
+    });
+    it("rejects absolute paths", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "/usr/bin/python3" }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("path");
+    });
+    it("rejects commands with path separators", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "../evil" }));
+        expect(result.valid).toBe(false);
+    });
+    it("exports ALLOWED_COMMANDS set", () => {
+        expect(ALLOWED_COMMANDS).toBeInstanceOf(Set);
+        expect(ALLOWED_COMMANDS.has("claude")).toBe(true);
+        expect(ALLOWED_COMMANDS.has("rm")).toBe(false);
+    });
+});
+describe("cwd validation", () => {
+    it("accepts absolute paths", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", cwd: "/home/user/project" }));
+        expect(result.valid).toBe(true);
+    });
+    it("rejects relative paths", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", cwd: "relative/path" }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("absolute path");
+    });
+    it("rejects path traversal", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", cwd: "/home/user/../etc" }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("..");
+    });
+    it("allows create with no cwd", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create" }));
+        expect(result.valid).toBe(true);
+    });
+});
+describe("shell args sanitization", () => {
+    it("rejects -c for shell commands", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "bash", args: ["-c", "rm -rf /"] }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("-c");
+        expect(result.error).toContain("bash");
+    });
+    it("rejects -e for shell commands", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "zsh", args: ["-e", "evil"] }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("-e");
+    });
+    it("rejects --execute for shell commands", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "sh", args: ["--execute", "evil"] }));
+        expect(result.valid).toBe(false);
+        expect(result.error).toContain("--execute");
+    });
+    it("allows -c for non-shell commands like claude", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "claude", args: ["-c", "continue"] }));
+        expect(result.valid).toBe(true);
+    });
+    it("allows safe args for shell commands", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "create", command: "bash", args: ["--norc"] }));
+        expect(result.valid).toBe(true);
+    });
+});
+describe("existing validation", () => {
+    it("rejects invalid JSON", () => {
+        const result = validateClientMessage("not json");
+        expect(result.valid).toBe(false);
+    });
+    it("rejects unknown message types", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "unknown" }));
+        expect(result.valid).toBe(false);
+    });
+    it("validates ping messages", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "ping" }));
+        expect(result.valid).toBe(true);
+    });
+    it("validates input messages", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "input", data: "hello" }));
+        expect(result.valid).toBe(true);
+    });
+    it("validates resize messages", () => {
+        const result = validateClientMessage(JSON.stringify({ type: "resize", cols: 80, rows: 24 }));
+        expect(result.valid).toBe(true);
+    });
+});
+//# sourceMappingURL=validation.test.js.map

package/dist/__tests__/validation.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"validation.test.js","sourceRoot":"","sources":["../../src/__tests__/validation.test.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,QAAQ,EAAE,EAAE,EAAE,MAAM,EAAE,MAAM,QAAQ,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,gBAAgB,EAAE,MAAM,kBAAkB,CAAC;AAE3E,QAAQ,CAAC,mBAAmB,EAAE,GAAG,EAAE;IACjC,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,KAAK,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,CAAC;YAC7E,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,GAAG,EAAE,CAAC,CAAC,CAAC;YACvF,MAAM,CAAC,MAAM,CAAC,KAAK,EAAE,GAAG,GAAG,oBAAoB,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+CAA+C,EAAE,GAAG,EAAE;QACvD,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;QACxF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,aAAa,CAAC,CAAC;IAChD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,kBAAkB,EAAE,CAAC,CAAC,CAAC;QACtG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,uCAAuC,EAAE,GAAG,EAAE;QAC/C,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC7F,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,GAAG,EAAE;QACtC,MAAM,CAAC,gBAAgB,CAAC,CAAC,cAAc,CAAC,GAAG,CAAC,CAAC;QAC7C,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAClD,MAAM,CAAC,gBAAgB,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,oBAAoB,EAAE,CAAC,CAAC,CAAC;QACpG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,eAAe,EAAE,CAAC,CAAC,CAAC;QAC/F,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,CAAC;IAClD,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wBAAwB,EAAE,GAAG,EAAE;QAChC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,GAAG,EAAE,mBAAmB,EAAE,CAAC,CAAC,CAAC;QACnG,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC,CAAC,CAAC;QACzE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,yBAAyB,EAAE,GAAG,EAAE;IACvC,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACpH,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;IACzC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QAC/G,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,GAAG,EAAE;QAC9C,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,WAAW,EAAE,MAAM,CAAC,EAAE,CAAC,CAAC,CAAC;QACrH,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QACjC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC;IAC9C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8CAA8C,EAAE,GAAG,EAAE;QACtD,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,IAAI,EAAE,UAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QACtH,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,GAAG,EAAE;QAC7C,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;QAC5G,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,EAAE,CAAC,sBAAsB,EAAE,GAAG,EAAE;QAC9B,MAAM,MAAM,GAAG,qBAAqB,CAAC,UAAU,CAAC,CAAC;QACjD,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,+BAA+B,EAAE,GAAG,EAAE;QACvC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC;QAC1E,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yBAAyB,EAAE,GAAG,EAAE;QACjC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;QACvE,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0BAA0B,EAAE,GAAG,EAAE;QAClC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC,CAAC,CAAC;QACvF,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,GAAG,EAAE;QACnC,MAAM,MAAM,GAAG,qBAAqB,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC;QAC7F,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAClC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/auth.d.ts

@@ -0,0 +1,8 @@
+import type { IncomingMessage } from 'node:http';
+export interface AuthConfig {
+    token: string | null;
+}
+export declare function getAuthConfig(): AuthConfig;
+export declare function verifyToken(provided: string, expected: string): boolean;
+export declare function extractTokenFromRequest(req: IncomingMessage): string | null;
+//# sourceMappingURL=auth.d.ts.map

package/dist/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAIjD,MAAM,WAAW,UAAU;IACzB,KAAK,EAAE,MAAM,GAAG,IAAI,CAAC;CACtB;AAED,wBAAgB,aAAa,IAAI,UAAU,CAE1C;AAED,wBAAgB,WAAW,CAAC,QAAQ,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,OAAO,CAGvE;AAED,wBAAgB,uBAAuB,CAAC,GAAG,EAAE,eAAe,GAAG,MAAM,GAAG,IAAI,CAO3E"}

package/dist/auth.js

@@ -0,0 +1,21 @@
+import { timingSafeEqual } from 'node:crypto';
+import { URL } from 'node:url';
+import { getAuthToken } from './config.js';
+export function getAuthConfig() {
+    return { token: getAuthToken() };
+}
+export function verifyToken(provided, expected) {
+    if (provided.length !== expected.length)
+        return false;
+    return timingSafeEqual(Buffer.from(provided), Buffer.from(expected));
+}
+export function extractTokenFromRequest(req) {
+    try {
+        const url = new URL(req.url ?? '', `http://${req.headers.host ?? 'localhost'}`);
+        return url.searchParams.get('token');
+    }
+    catch {
+        return null;
+    }
+}
+//# sourceMappingURL=auth.js.map

package/dist/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../src/auth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAE9C,OAAO,EAAE,GAAG,EAAE,MAAM,UAAU,CAAC;AAC/B,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAM3C,MAAM,UAAU,aAAa;IAC3B,OAAO,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,UAAU,WAAW,CAAC,QAAgB,EAAE,QAAgB;IAC5D,IAAI,QAAQ,CAAC,MAAM,KAAK,QAAQ,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACtD,OAAO,eAAe,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,MAAM,UAAU,uBAAuB,CAAC,GAAoB;IAC1D,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,IAAI,EAAE,EAAE,UAAU,GAAG,CAAC,OAAO,CAAC,IAAI,IAAI,WAAW,EAAE,CAAC,CAAC;QAChF,OAAO,GAAG,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACvC,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC"}

package/dist/config.d.ts

@@ -0,0 +1,25 @@
+export declare const SERVER_CONFIG: {
+    readonly defaultPort: number;
+    readonly allowedOrigins: string[];
+    readonly maxSessions: number;
+    readonly idleTimeoutMs: number;
+};
+export declare const PTY_CONFIG: {
+    readonly termName: "xterm-256color";
+    readonly cols: 80;
+    readonly rows: 24;
+};
+export declare function getDefaultShell(): string;
+export declare function getWorkingDirectory(): string;
+export declare function generateSessionId(): string;
+export declare function getAuthToken(): string | null;
+export interface CliInfo {
+    id: string;
+    label: string;
+    command: string;
+    detected: boolean;
+    resumeSupported: boolean;
+    installCommand: string;
+}
+export declare function detectClis(): CliInfo[];
+//# sourceMappingURL=config.d.ts.map

package/dist/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAsBA,eAAO,MAAM,aAAa;;;;;CAKhB,CAAC;AAEX,eAAO,MAAM,UAAU;;;;CAIb,CAAC;AAEX,wBAAgB,eAAe,IAAI,MAAM,CAKxC;AAED,wBAAgB,mBAAmB,IAAI,MAAM,CAU5C;AAED,wBAAgB,iBAAiB,IAAI,MAAM,CAE1C;AAED,wBAAgB,YAAY,IAAI,MAAM,GAAG,IAAI,CAG5C;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,OAAO,CAAC;IAClB,eAAe,EAAE,OAAO,CAAC;IACzB,cAAc,EAAE,MAAM,CAAC;CACxB;AAWD,wBAAgB,UAAU,IAAI,OAAO,EAAE,CAWtC"}

package/dist/config.js

@@ -0,0 +1,77 @@
+import * as os from 'os';
+import { execFileSync } from 'child_process';
+import { z } from 'zod';
+const EnvSchema = z.object({
+    TERMINAL_SERVER_PORT: z.coerce.number().int().positive().default(3002),
+    ALLOWED_ORIGINS: z
+        .string()
+        .default('http://localhost:3000,http://localhost:3002,http://localhost:5173,https://app.company-os.ai')
+        .transform((s) => s.split(',')),
+    TERMINAL_SERVER_MAX_SESSIONS: z.coerce.number().int().positive().default(5),
+    TERMINAL_SERVER_IDLE_TIMEOUT_MS: z.coerce.number().int().nonnegative().default(1_800_000),
+    TERMINAL_SERVER_TOKEN: z.string().min(1).nullish().transform((v) => v ?? null),
+    COMPANYOS_WORKSPACE_ROOT: z.string().optional(),
+});
+function loadEnv() {
+    return EnvSchema.parse(process.env);
+}
+const env = loadEnv();
+export const SERVER_CONFIG = {
+    defaultPort: env.TERMINAL_SERVER_PORT,
+    allowedOrigins: env.ALLOWED_ORIGINS,
+    maxSessions: env.TERMINAL_SERVER_MAX_SESSIONS,
+    idleTimeoutMs: env.TERMINAL_SERVER_IDLE_TIMEOUT_MS,
+};
+export const PTY_CONFIG = {
+    termName: 'xterm-256color',
+    cols: 80,
+    rows: 24,
+};
+export function getDefaultShell() {
+    if (os.platform() === 'win32') {
+        return process.env.COMSPEC || 'cmd.exe';
+    }
+    return process.env.SHELL || '/bin/zsh';
+}
+export function getWorkingDirectory() {
+    if (env.COMPANYOS_WORKSPACE_ROOT)
+        return env.COMPANYOS_WORKSPACE_ROOT;
+    // Default to the repo root so embedded terminals pick up .mcp.json and CLAUDE.md
+    try {
+        return execFileSync('git', ['rev-parse', '--show-toplevel'], {
+            encoding: 'utf-8',
+            timeout: 2000,
+        }).trim();
+    }
+    catch { /* not in a git repo */ }
+    return os.homedir();
+}
+export function generateSessionId() {
+    return `session-${Date.now()}-${Math.random().toString(36).substring(2, 9)}`;
+}
+export function getAuthToken() {
+    const raw = process.env.TERMINAL_SERVER_TOKEN;
+    return raw && raw.length > 0 ? raw : null;
+}
+const CLI_REGISTRY = [
+    { id: "claude", label: "Claude Code", command: "claude", resumeSupported: true, installCommand: "npm install -g @anthropic-ai/claude-code" },
+    { id: "codex", label: "Codex", command: "codex", resumeSupported: true, installCommand: "npm install -g @openai/codex" },
+    { id: "gemini", label: "Gemini", command: "gemini", resumeSupported: false, installCommand: "npm install -g @google/gemini-cli" },
+    { id: "aider", label: "Aider", command: "aider", resumeSupported: false, installCommand: "pip install aider-chat" },
+];
+let cachedClis = null;
+export function detectClis() {
+    if (cachedClis)
+        return cachedClis;
+    cachedClis = CLI_REGISTRY.map((cli) => {
+        let detected = false;
+        try {
+            execFileSync('which', [cli.command], { encoding: 'utf-8', timeout: 2000 });
+            detected = true;
+        }
+        catch { /* not found */ }
+        return { ...cli, detected };
+    });
+    return cachedClis;
+}
+//# sourceMappingURL=config.js.map

package/dist/config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.js","sourceRoot":"","sources":["../src/config.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,EAAE,YAAY,EAAE,MAAM,eAAe,CAAC;AAC7C,OAAO,EAAE,CAAC,EAAE,MAAM,KAAK,CAAC;AAExB,MAAM,SAAS,GAAG,CAAC,CAAC,MAAM,CAAC;IACzB,oBAAoB,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC;IACtE,eAAe,EAAE,CAAC;SACf,MAAM,EAAE;SACR,OAAO,CAAC,6FAA6F,CAAC;SACtG,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjC,4BAA4B,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC;IAC3E,+BAA+B,EAAE,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,GAAG,EAAE,CAAC,WAAW,EAAE,CAAC,OAAO,CAAC,SAAS,CAAC;IACzF,qBAAqB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,IAAI,IAAI,CAAC;IAC9E,wBAAwB,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,EAAE;CAChD,CAAC,CAAC;AAEH,SAAS,OAAO;IACd,OAAO,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;AACtC,CAAC;AAED,MAAM,GAAG,GAAG,OAAO,EAAE,CAAC;AAEtB,MAAM,CAAC,MAAM,aAAa,GAAG;IAC3B,WAAW,EAAE,GAAG,CAAC,oBAAoB;IACrC,cAAc,EAAE,GAAG,CAAC,eAAe;IACnC,WAAW,EAAE,GAAG,CAAC,4BAA4B;IAC7C,aAAa,EAAE,GAAG,CAAC,+BAA+B;CAC1C,CAAC;AAEX,MAAM,CAAC,MAAM,UAAU,GAAG;IACxB,QAAQ,EAAE,gBAAgB;IAC1B,IAAI,EAAE,EAAE;IACR,IAAI,EAAE,EAAE;CACA,CAAC;AAEX,MAAM,UAAU,eAAe;IAC7B,IAAI,EAAE,CAAC,QAAQ,EAAE,KAAK,OAAO,EAAE,CAAC;QAC9B,OAAO,OAAO,CAAC,GAAG,CAAC,OAAO,IAAI,SAAS,CAAC;IAC1C,CAAC;IACD,OAAO,OAAO,CAAC,GAAG,CAAC,KAAK,IAAI,UAAU,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,mBAAmB;IACjC,IAAI,GAAG,CAAC,wBAAwB;QAAE,OAAO,GAAG,CAAC,wBAAwB,CAAC;IACtE,iFAAiF;IACjF,IAAI,CAAC;QACH,OAAO,YAAY,CAAC,KAAK,EAAE,CAAC,WAAW,EAAE,iBAAiB,CAAC,EAAE;YAC3D,QAAQ,EAAE,OAAO;YACjB,OAAO,EAAE,IAAI;SACd,CAAC,CAAC,IAAI,EAAE,CAAC;IACZ,CAAC;IAAC,MAAM,CAAC,CAAC,uBAAuB,CAAC,CAAC;IACnC,OAAO,EAAE,CAAC,OAAO,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,IAAI,CAAC,GAAG,EAAE,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,SAAS,CAAC,CAAC,EAAE,CAAC,CAAC,EAAE,CAAC;AAC/E,CAAC;AAED,MAAM,UAAU,YAAY;IAC1B,MAAM,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC;IAC9C,OAAO,GAAG,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC;AAC5C,CAAC;AAWD,MAAM,YAAY,GAAqC;IACrD,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,aAAa,EAAE,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,IAAI,EAAG,cAAc,EAAE,0CAA0C,EAAE;IAC7I,EAAE,EAAE,EAAE,OAAO,EAAG,KAAK,EAAE,OAAO,EAAQ,OAAO,EAAE,OAAO,EAAG,eAAe,EAAE,IAAI,EAAG,cAAc,EAAE,8BAA8B,EAAE;IACjI,EAAE,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,QAAQ,EAAO,OAAO,EAAE,QAAQ,EAAE,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,mCAAmC,EAAE;IACtI,EAAE,EAAE,EAAE,OAAO,EAAG,KAAK,EAAE,OAAO,EAAQ,OAAO,EAAE,OAAO,EAAG,eAAe,EAAE,KAAK,EAAE,cAAc,EAAE,wBAAwB,EAAE;CAC5H,CAAC;AAEF,IAAI,UAAU,GAAqB,IAAI,CAAC;AAExC,MAAM,UAAU,UAAU;IACxB,IAAI,UAAU;QAAE,OAAO,UAAU,CAAC;IAClC,UAAU,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QACpC,IAAI,QAAQ,GAAG,KAAK,CAAC;QACrB,IAAI,CAAC;YACH,YAAY,CAAC,OAAO,EAAE,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;YAC3E,QAAQ,GAAG,IAAI,CAAC;QAClB,CAAC;QAAC,MAAM,CAAC,CAAC,eAAe,CAAC,CAAC;QAC3B,OAAO,EAAE,GAAG,GAAG,EAAE,QAAQ,EAAE,CAAC;IAC9B,CAAC,CAAC,CAAC;IACH,OAAO,UAAU,CAAC;AACpB,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import { SERVER_CONFIG } from './config.js';
+export { SERVER_CONFIG };
+export { buildSpawnConfig } from './spawn-config.js';
+export type { CreateMessage, SpawnConfig } from './spawn-config.js';
+export type { ServerMessage, ClientMessage } from './types.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAUA,OAAO,EAAE,aAAa,EAA6C,MAAM,aAAa,CAAC;AA2fvF,OAAO,EAAE,aAAa,EAAE,CAAC;AACzB,OAAO,EAAE,gBAAgB,EAAE,MAAM,mBAAmB,CAAC;AACrD,YAAY,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AACpE,YAAY,EAAE,aAAa,EAAE,aAAa,EAAE,MAAM,YAAY,CAAC"}