@cryptiklemur/lattice 5.1.0 → 5.2.0

package/dist/server/daemon.js

@@ -404,12 +404,22 @@ export async function startDaemon(portOverride, tlsOverride) {
                 cert: readFileSync(certs.cert),
                 key: readFileSync(certs.key),
             };
-            log.server("TLS enabled");
+            log.server("TLS enabled (cert: %s)", certs.cert);
         }
         catch (err) {
             console.error("[lattice] Failed to load TLS certs, falling back to HTTP:", err);
         }
     }
+    if (tlsOptions) {
+        var certsDir = join(getLatticeHome(), "certs");
+        log.server("TLS cert: %s", join(certsDir, "cert.pem"));
+        log.server("To trust the self-signed cert:");
+        log.server("  Linux:  sudo cp %s /usr/local/share/ca-certificates/lattice.crt && sudo update-ca-certificates", join(certsDir, "cert.pem"));
+        log.server("  macOS:  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain %s", join(certsDir, "cert.pem"));
+        log.server("  Or use Tailscale HTTPS (no trust needed):");
+        log.server("  tailscale cert $(tailscale status --json | jq -r '.Self.DNSName' | sed 's/\\.$//')");
+        log.server("  Then copy: cp <hostname>.crt %s && cp <hostname>.key %s", join(certsDir, "cert.pem"), join(certsDir, "key.pem"));
+    }
     var protocol = tlsOptions ? "https" : "http";
     var httpServer = tlsOptions
         ? createHttpsServer(tlsOptions, app)
@@ -428,11 +438,11 @@ export async function startDaemon(portOverride, tlsOverride) {
         log.server("Vite dev server attached (middleware mode, HMR on same port)");
     }
     else if (clientDir && existsSync(clientDir)) {
-        app.use(express.static(clientDir));
+        app.use(express.static(clientDir, { dotfiles: "allow" }));
         app.get("/{*path}", function (_req, res) {
             var indexPath = join(clientDir, "index.html");
             if (existsSync(indexPath)) {
-                res.sendFile(indexPath);
+                res.sendFile(indexPath, { dotfiles: "allow" });
             }
             else {
                 res.status(404).send("Not found");

package/dist/server/index.js

@@ -141,6 +141,9 @@ switch (command) {
     case "config":
         runConfigInfo();
         break;
+    case "setup-tls":
+        await runSetupTls();
+        break;
     case "help":
     case "--help":
     case "-h":
@@ -269,6 +272,7 @@ function runHelp() {
     console.log("    logs       Tail the daemon log");
     console.log("    open       Open the UI in the browser");
     console.log("    config     Show configuration paths and settings");
+    console.log("    setup-tls  Set up HTTPS (Tailscale or self-signed)");
     console.log("    help       Show this help message");
     console.log("");
     console.log("  Options:");
@@ -281,6 +285,68 @@ function runHelp() {
     console.log("    DEBUG          Enable debug logging (e.g. DEBUG=lattice:*)");
     console.log("");
 }
+async function runSetupTls() {
+    var { execSync: exec } = await import("node:child_process");
+    var certsDir = join(getLatticeHome(), "certs");
+    var certPath = join(certsDir, "cert.pem");
+    var keyPath = join(certsDir, "key.pem");
+    console.log("[lattice] TLS Setup");
+    console.log("");
+    var hasTailscale = false;
+    try {
+        exec("tailscale version", { stdio: "ignore" });
+        hasTailscale = true;
+    }
+    catch { }
+    if (hasTailscale) {
+        console.log("  Tailscale detected. To use trusted Tailscale HTTPS certs:");
+        console.log("");
+        try {
+            var dnsName = exec("tailscale status --json", { encoding: "utf-8" });
+            var hostname = JSON.parse(dnsName).Self.DNSName.replace(/\.$/, "");
+            console.log("  1. Generate cert:");
+            console.log("     sudo tailscale cert --cert-file " + certPath + " --key-file " + keyPath + " " + hostname);
+            console.log("");
+            console.log("  2. Enable TLS and restart:");
+            console.log("     lattice restart --tls");
+            console.log("");
+            console.log("  3. Access at:");
+            console.log("     https://" + hostname + ":" + loadConfig().port);
+        }
+        catch {
+            console.log("  1. Run: sudo tailscale cert --cert-file " + certPath + " --key-file " + keyPath + " <your-hostname>.ts.net");
+            console.log("  2. Run: lattice restart --tls");
+        }
+    }
+    else {
+        console.log("  Tailscale not found. Using self-signed certificate.");
+        console.log("");
+    }
+    console.log("");
+    console.log("  ── Self-signed certificate ──");
+    console.log("");
+    if (existsSync(certPath)) {
+        console.log("  Cert exists: " + certPath);
+        console.log("  To regenerate: rm -rf " + certsDir + " && lattice restart --tls");
+    }
+    else {
+        console.log("  No cert yet. Run 'lattice restart --tls' to auto-generate one.");
+    }
+    console.log("");
+    console.log("  To trust the self-signed cert (removes browser warnings):");
+    console.log("");
+    console.log("  Linux:");
+    console.log("    sudo cp " + certPath + " /usr/local/share/ca-certificates/lattice.crt");
+    console.log("    sudo update-ca-certificates");
+    console.log("");
+    console.log("  macOS:");
+    console.log("    sudo security add-trusted-cert -d -r trustRoot \\");
+    console.log("      -k /Library/Keychains/System.keychain " + certPath);
+    console.log("");
+    console.log("  Windows (PowerShell as admin):");
+    console.log("    Import-Certificate -FilePath " + certPath + " -CertStoreLocation Cert:\\LocalMachine\\Root");
+    console.log("");
+}
 async function runRestart() {
     var pid = readPid();
     if (pid !== null && isDaemonRunning(pid)) {

package/dist/server/tls.js

@@ -1,6 +1,7 @@
-import { existsSync, mkdirSync } from "node:fs";
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
 import { join } from "node:path";
 import { spawnSync } from "node:child_process";
+import { networkInterfaces } from "node:os";
 import { getLatticeHome } from "./config.js";
 export function getCertsDir() {
     var certsDir = join(getLatticeHome(), "certs");
@@ -33,6 +34,20 @@ export function ensureCerts() {
         return { cert: certPath, key: keyPath };
     }
     console.log("[lattice] Generating self-signed TLS certificate...");
+    var sans = ["DNS:lattice", "DNS:localhost", "IP:127.0.0.1", "IP:::1"];
+    var ifaces = networkInterfaces();
+    for (var name in ifaces) {
+        var addrs = ifaces[name];
+        if (!addrs)
+            continue;
+        for (var i = 0; i < addrs.length; i++) {
+            if (!addrs[i].internal) {
+                sans.push("IP:" + addrs[i].address);
+            }
+        }
+    }
+    var extFile = join(certsDir, "openssl-san.cnf");
+    writeFileSync(extFile, "[req]\ndistinguished_name=dn\nx509_extensions=v3\nprompt=no\n[dn]\nCN=lattice\n[v3]\nsubjectAltName=" + sans.join(",") + "\n");
     var result = spawnSync("openssl", [
         "req", "-x509",
         "-newkey", "rsa:2048",
@@ -40,7 +55,7 @@ export function ensureCerts() {
         "-out", certPath,
         "-days", "365",
         "-nodes",
-        "-subj", "/CN=lattice",
+        "-config", extFile,
     ], { encoding: "utf-8" });
     if (result.status !== 0) {
         throw new Error("[lattice] Failed to generate TLS certificates: " + (result.stderr || result.error?.message || "unknown error"));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cryptiklemur/lattice",
-  "version": "5.1.0",
+  "version": "5.2.0",
   "description": "Multi-machine agentic dashboard for Claude Code. Monitor sessions, manage MCP servers and skills, orchestrate across mesh-networked nodes.",
   "license": "MIT",
   "author": "Aaron Scherer <me@aaronscherer.me>",