@ctrl-spc/cli 1.0.0 → 1.1.0

package/bin/ctrl-spc.js

@@ -0,0 +1,6 @@
+#!/usr/bin/env node
+
+import('../dist/index.js').catch((err) => {
+  console.error('Failed to load ctrl-spc:', err.message)
+  process.exit(1)
+})

package/dist/auth.js

@@ -0,0 +1,149 @@
+import http from 'node:http';
+import { randomUUID } from 'node:crypto';
+import { createSupabaseClient } from './supabase.js';
+import { getOrCreateMachineId, saveMachineState } from './session.js';
+const CALLBACK_HOST = '127.0.0.1';
+const CALLBACK_PORT = 54321;
+const CALLBACK_PATH = '/callback';
+const TOKEN_PATH = '/token';
+const AUTH_TIMEOUT_MS = 10 * 60 * 1000;
+const SIGN_IN_EXPIRED_MESSAGE = 'That sign-in link expired. Run `ctrl-spc setup` again to get a fresh one.';
+const SEND_EMAIL_FAILED_MESSAGE = "Couldn't send the sign-in email. Check your connection and try again.";
+export function buildRedirectUrl(state) {
+    const url = new URL(`http://${CALLBACK_HOST}:${CALLBACK_PORT}${CALLBACK_PATH}`);
+    url.searchParams.set('state', state);
+    return url.toString();
+}
+export function buildCallbackHtml(state) {
+    return `<!doctype html>
+<html lang="en">
+<head><meta charset="utf-8"><title>Control Space</title></head>
+<body>
+<p>Connecting...</p>
+<script>
+  const hash = new URLSearchParams(window.location.hash.slice(1));
+  const body = {
+    access_token: hash.get('access_token'),
+    refresh_token: hash.get('refresh_token'),
+    state: '${escapeJsString(state)}',
+  };
+  if (!body.access_token || !body.refresh_token) {
+    document.body.textContent = '${escapeJsString(SIGN_IN_EXPIRED_MESSAGE)}';
+  } else {
+    fetch('/token', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(body),
+    }).then((res) => {
+      document.body.textContent = res.ok
+        ? 'Connected - you can close this tab.'
+        : '${escapeJsString(SIGN_IN_EXPIRED_MESSAGE)}';
+    });
+  }
+</script>
+</body>
+</html>`;
+}
+export function isValidTokenCallback(body, expectedState) {
+    return typeof body.state === 'string' && body.state === expectedState;
+}
+export async function authenticate(email) {
+    const client = createSupabaseClient();
+    const state = randomUUID();
+    const redirectUrl = buildRedirectUrl(state);
+    return new Promise((resolve, reject) => {
+        let settled = false;
+        let timeout;
+        const server = http.createServer(async (req, res) => {
+            const url = new URL(req.url ?? '/', redirectUrl);
+            if (req.method === 'GET' && url.pathname === CALLBACK_PATH) {
+                if (url.searchParams.get('state') !== state) {
+                    res.writeHead(400, { 'Content-Type': 'text/plain' });
+                    res.end(SIGN_IN_EXPIRED_MESSAGE);
+                    return;
+                }
+                res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+                res.end(buildCallbackHtml(state));
+                return;
+            }
+            if (req.method === 'POST' && url.pathname === TOKEN_PATH) {
+                const body = await readJson(req);
+                if (!isValidTokenCallback(body, state)) {
+                    res.writeHead(400);
+                    res.end();
+                    return;
+                }
+                const accessToken = typeof body.access_token === 'string' ? body.access_token : null;
+                const refreshToken = typeof body.refresh_token === 'string' ? body.refresh_token : null;
+                if (!accessToken || !refreshToken) {
+                    res.writeHead(400);
+                    res.end();
+                    return;
+                }
+                const { error } = await client.auth.setSession({
+                    access_token: accessToken,
+                    refresh_token: refreshToken,
+                });
+                if (error) {
+                    res.writeHead(400);
+                    res.end();
+                    settle(() => reject(new Error(SIGN_IN_EXPIRED_MESSAGE)));
+                    return;
+                }
+                const machineId = getOrCreateMachineId();
+                const machineState = { machineId, accessToken, refreshToken };
+                saveMachineState(machineState);
+                res.writeHead(200);
+                res.end();
+                settle(() => resolve(machineState));
+                return;
+            }
+            res.writeHead(404);
+            res.end();
+        });
+        timeout = setTimeout(() => {
+            settle(() => reject(new Error(SIGN_IN_EXPIRED_MESSAGE)));
+        }, AUTH_TIMEOUT_MS);
+        server.on('error', () => {
+            settle(() => reject(new Error(SEND_EMAIL_FAILED_MESSAGE)));
+        });
+        server.listen(CALLBACK_PORT, CALLBACK_HOST, async () => {
+            const { error } = await client.auth.signInWithOtp({
+                email,
+                options: { emailRedirectTo: redirectUrl },
+            });
+            if (error) {
+                settle(() => reject(new Error(SEND_EMAIL_FAILED_MESSAGE)));
+            }
+        });
+        function settle(done) {
+            if (settled)
+                return;
+            settled = true;
+            clearTimeout(timeout);
+            server.close(() => done());
+        }
+    });
+}
+function readJson(req) {
+    return new Promise((resolve) => {
+        let body = '';
+        req.on('data', (chunk) => {
+            body += chunk.toString();
+            if (body.length > 10_000)
+                req.destroy();
+        });
+        req.on('end', () => {
+            try {
+                resolve(JSON.parse(body));
+            }
+            catch {
+                resolve({});
+            }
+        });
+        req.on('error', () => resolve({}));
+    });
+}
+function escapeJsString(value) {
+    return value.replace(/\\/g, '\\\\').replace(/'/g, "\\'");
+}

package/dist/daemon.js

@@ -0,0 +1,46 @@
+import { disconnect, heartbeat } from './devices.js';
+import { loadMachineState } from './session.js';
+export const HEARTBEAT_INTERVAL_MS = 30_000;
+const SESSION_WAIT_INTERVAL_MS = 5_000;
+export async function runDaemon() {
+    const state = await waitForMachineState();
+    let shuttingDown = false;
+    const shutdown = async () => {
+        if (shuttingDown)
+            return;
+        shuttingDown = true;
+        try {
+            await disconnect(state);
+        }
+        catch {
+            // Best effort: a hard kill is covered by heartbeat staleness.
+        }
+        process.exit(0);
+    };
+    process.once('SIGINT', () => void shutdown());
+    process.once('SIGTERM', () => void shutdown());
+    await writeHeartbeat(state);
+    while (true) {
+        await sleep(HEARTBEAT_INTERVAL_MS);
+        await writeHeartbeat(state);
+    }
+}
+export async function waitForMachineState() {
+    let state = loadMachineState();
+    while (!state) {
+        await sleep(SESSION_WAIT_INTERVAL_MS);
+        state = loadMachineState();
+    }
+    return state;
+}
+async function writeHeartbeat(state) {
+    try {
+        await heartbeat(state);
+    }
+    catch (err) {
+        process.stderr.write(`${err instanceof Error ? err.message : 'Heartbeat failed'}\n`);
+    }
+}
+function sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+}

package/dist/devices.js

@@ -0,0 +1,66 @@
+import { createHash } from 'node:crypto';
+import { createSupabaseClient } from './supabase.js';
+import { saveMachineState } from './session.js';
+const REGISTER_FAILED_MESSAGE = "Connected to your account but couldn't register this machine. Check your connection and re-run setup.";
+const SESSION_EXPIRED_MESSAGE = 'That sign-in link expired. Run `ctrl-spc setup` again to get a fresh one.';
+export function hashToken(token) {
+    return createHash('sha256').update(token).digest('hex');
+}
+export async function upsertDevice(state, label) {
+    const client = createSupabaseClient();
+    const activeState = await restoreSession(client, state);
+    const { data, error: userError } = await client.auth.getUser();
+    const user = data.user;
+    if (userError || !user) {
+        throw new Error(REGISTER_FAILED_MESSAGE);
+    }
+    const { error } = await client.from('devices').upsert({
+        id: activeState.machineId,
+        owner_id: user.id,
+        label,
+        token_hash: hashToken(activeState.refreshToken),
+        status: 'connected',
+        last_seen_at: new Date().toISOString(),
+    }, { onConflict: 'id' });
+    if (error) {
+        throw new Error(REGISTER_FAILED_MESSAGE);
+    }
+}
+export async function heartbeat(state) {
+    const client = createSupabaseClient();
+    const activeState = await restoreSession(client, state);
+    const { error } = await client
+        .from('devices')
+        .update({
+        last_seen_at: new Date().toISOString(),
+        status: 'connected',
+    })
+        .eq('id', activeState.machineId);
+    if (error) {
+        throw new Error(`Heartbeat failed: ${error.message}`);
+    }
+}
+export async function disconnect(state) {
+    const client = createSupabaseClient();
+    const activeState = await restoreSession(client, state);
+    const { error } = await client.from('devices').update({ status: 'disconnected' }).eq('id', activeState.machineId);
+    if (error) {
+        throw new Error(`Disconnect failed: ${error.message}`);
+    }
+}
+async function restoreSession(client, state) {
+    const { data, error } = await client.auth.setSession({
+        access_token: state.accessToken,
+        refresh_token: state.refreshToken,
+    });
+    if (error || !data.session) {
+        throw new Error(SESSION_EXPIRED_MESSAGE);
+    }
+    if (data.session.access_token !== state.accessToken ||
+        data.session.refresh_token !== state.refreshToken) {
+        state.accessToken = data.session.access_token;
+        state.refreshToken = data.session.refresh_token;
+        saveMachineState(state);
+    }
+    return state;
+}

package/dist/index.js

@@ -1,8 +1,20 @@
-#!/usr/bin/env node
-import "./chunk-K3NQKI34.js";
-
-// src/index.ts
-var CLI_NAME = "ctrl";
-export {
-  CLI_NAME
-};
+const [, , command] = process.argv;
+async function main() {
+    if (command === 'setup') {
+        const { runSetup } = await import('./setup.js');
+        await runSetup();
+        return;
+    }
+    if (command === 'daemon') {
+        const { runDaemon } = await import('./daemon.js');
+        await runDaemon();
+        return;
+    }
+    console.error('Usage: ctrl-spc <setup|daemon>');
+    process.exitCode = 1;
+}
+main().catch((err) => {
+    console.error(err instanceof Error ? err.message : 'Unexpected ctrl-spc error');
+    process.exit(1);
+});
+export {};

package/dist/launchd.js

@@ -0,0 +1,76 @@
+import { execFileSync } from 'node:child_process';
+import { existsSync, mkdirSync, writeFileSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { fileURLToPath } from 'node:url';
+import { ensureStateDir, getStatePaths } from './session.js';
+export const PLIST_LABEL = 'com.ctrl-spc.daemon';
+const INSTALL_FAILED_MESSAGE = "Couldn't install the background helper. Try again, or download the installer from the web app.";
+export function getPlistPath(home = homedir()) {
+    return join(home, 'Library', 'LaunchAgents', `${PLIST_LABEL}.plist`);
+}
+export function resolveBinPath(moduleUrl = import.meta.url) {
+    return fileURLToPath(new URL('../bin/ctrl-spc.js', moduleUrl));
+}
+export function buildPlist(nodePath, scriptPath, home = homedir()) {
+    const { daemonLogPath } = getStatePaths(home);
+    return `<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+  <key>Label</key>
+  <string>${escapeXml(PLIST_LABEL)}</string>
+  <key>ProgramArguments</key>
+  <array>
+    <string>${escapeXml(nodePath)}</string>
+    <string>${escapeXml(scriptPath)}</string>
+    <string>daemon</string>
+  </array>
+  <key>RunAtLoad</key>
+  <true/>
+  <key>KeepAlive</key>
+  <true/>
+  <key>StandardErrorPath</key>
+  <string>${escapeXml(daemonLogPath)}</string>
+  <key>StandardOutPath</key>
+  <string>${escapeXml(daemonLogPath)}</string>
+</dict>
+</plist>`;
+}
+export async function installDaemon() {
+    const home = homedir();
+    const launchAgentsDir = join(home, 'Library', 'LaunchAgents');
+    const plistPath = getPlistPath(home);
+    const uid = process.getuid?.();
+    if (uid === undefined) {
+        throw new Error(INSTALL_FAILED_MESSAGE);
+    }
+    ensureStateDir(home);
+    mkdirSync(launchAgentsDir, { recursive: true });
+    writeFileSync(plistPath, buildPlist(process.execPath, resolveBinPath(), home), 'utf8');
+    const domain = `gui/${uid}`;
+    try {
+        try {
+            execFileSync('launchctl', ['bootout', domain, plistPath], { stdio: 'pipe' });
+        }
+        catch {
+            // It is fine if the agent was not loaded yet.
+        }
+        execFileSync('launchctl', ['bootstrap', domain, plistPath], { stdio: 'pipe' });
+        execFileSync('launchctl', ['kickstart', '-k', `${domain}/${PLIST_LABEL}`], { stdio: 'pipe' });
+    }
+    catch {
+        throw new Error(INSTALL_FAILED_MESSAGE);
+    }
+}
+export function isDaemonInstalled(home = homedir()) {
+    return existsSync(getPlistPath(home));
+}
+function escapeXml(value) {
+    return value
+        .replace(/&/g, '&amp;')
+        .replace(/</g, '&lt;')
+        .replace(/>/g, '&gt;')
+        .replace(/"/g, '&quot;')
+        .replace(/'/g, '&apos;');
+}

package/dist/session.js

@@ -0,0 +1,43 @@
+import { chmodSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { randomUUID } from 'node:crypto';
+import { dirname, join } from 'node:path';
+import { homedir } from 'node:os';
+export function getStatePaths(home = homedir()) {
+    const stateDir = join(home, '.ctrl-spc');
+    return {
+        stateDir,
+        statePath: join(stateDir, 'machine.json'),
+        daemonLogPath: join(stateDir, 'daemon.log'),
+    };
+}
+export function ensureStateDir(home = homedir()) {
+    const { stateDir } = getStatePaths(home);
+    mkdirSync(stateDir, { recursive: true });
+    return stateDir;
+}
+export function loadMachineState(statePath = getStatePaths().statePath) {
+    try {
+        const parsed = JSON.parse(readFileSync(statePath, 'utf8'));
+        if (typeof parsed.machineId === 'string' &&
+            typeof parsed.accessToken === 'string' &&
+            typeof parsed.refreshToken === 'string') {
+            return {
+                machineId: parsed.machineId,
+                accessToken: parsed.accessToken,
+                refreshToken: parsed.refreshToken,
+            };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+export function saveMachineState(state, statePath = getStatePaths().statePath) {
+    mkdirSync(dirname(statePath), { recursive: true });
+    writeFileSync(statePath, JSON.stringify(state, null, 2), { mode: 0o600 });
+    chmodSync(statePath, 0o600);
+}
+export function getOrCreateMachineId(statePath = getStatePaths().statePath) {
+    return loadMachineState(statePath)?.machineId ?? randomUUID();
+}

package/dist/setup.js

@@ -0,0 +1,45 @@
+import { hostname } from 'node:os';
+import { stdin as input, stdout as output } from 'node:process';
+import * as readline from 'node:readline/promises';
+const UNSUPPORTED_PLATFORM_MESSAGE = 'Automatic install supports macOS and Windows. (Linux support coming soon.)';
+const SEND_EMAIL_FAILED_MESSAGE = "Couldn't send the sign-in email. Check your connection and try again.";
+export async function runSetup() {
+    if (process.platform !== 'darwin' && process.platform !== 'win32') {
+        exitWithMessage(UNSUPPORTED_PLATFORM_MESSAGE);
+        return;
+    }
+    const email = await promptForEmail();
+    if (!email) {
+        exitWithMessage(SEND_EMAIL_FAILED_MESSAGE);
+        return;
+    }
+    const { authenticate } = await import('./auth.js');
+    const { upsertDevice } = await import('./devices.js');
+    const installer = process.platform === 'darwin'
+        ? await import('./launchd.js')
+        : await import('./windows-service.js');
+    console.log('Check your email for a sign-in link to connect this machine.');
+    try {
+        const state = await authenticate(email);
+        await upsertDevice(state, hostname());
+        await installer.installDaemon();
+    }
+    catch (err) {
+        exitWithMessage(err instanceof Error ? err.message : SEND_EMAIL_FAILED_MESSAGE);
+        return;
+    }
+    console.log('Connected - you can close this terminal. Your machine now shows as connected in the web app.');
+}
+async function promptForEmail() {
+    const rl = readline.createInterface({ input, output });
+    try {
+        return (await rl.question('Enter your Control Space email: ')).trim();
+    }
+    finally {
+        rl.close();
+    }
+}
+function exitWithMessage(message) {
+    console.log(message);
+    process.exitCode = 1;
+}

package/dist/supabase.js

@@ -0,0 +1,12 @@
+import { createClient } from '@supabase/supabase-js';
+export const SUPABASE_URL = 'https://dxlxlphkypjjyqfgpood.supabase.co';
+export const SUPABASE_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6ImR4bHhscGhreXBqanlxZmdwb29kIiwicm9sZSI6ImFub24iLCJpYXQiOjE3ODAwNzcxMjEsImV4cCI6MjA5NTY1MzEyMX0.s0RkrQUqGRN45Q0lcBb_LkVEqYdYc0FKuVupzKKJrtQ';
+export function createSupabaseClient() {
+    return createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+        auth: {
+            autoRefreshToken: false,
+            detectSessionInUrl: false,
+            persistSession: false,
+        },
+    });
+}

package/dist/windows-service.js

@@ -0,0 +1,7 @@
+const WINDOWS_UNSUPPORTED_MESSAGE = 'Automatic Windows service install is not available in this build. macOS launchd setup is available today.';
+export async function installDaemon() {
+    throw new Error(WINDOWS_UNSUPPORTED_MESSAGE);
+}
+export function isDaemonInstalled() {
+    return false;
+}

package/package.json

@@ -1,38 +1,31 @@
 {
   "name": "@ctrl-spc/cli",
-  "version": "1.0.0",
+  "version": "1.1.0",
+  "description": "Control Space CLI - machine setup and background daemon",
   "type": "module",
-  "bin": {
-    "ctrl": "./dist/cli.js"
-  },
-  "main": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": {
-      "types": "./dist/index.d.ts",
-      "import": "./dist/index.js"
-    }
-  },
   "files": [
-    "dist"
+    "bin/",
+    "dist/"
   ],
-  "engines": {
-    "node": ">=22"
+  "bin": {
+    "ctrl-spc": "bin/ctrl-spc.js"
   },
   "publishConfig": {
     "access": "public"
   },
+  "scripts": {
+    "build": "tsc",
+    "test": "vitest run"
+  },
   "dependencies": {
-    "smol-toml": "^1.6.1"
+    "@supabase/supabase-js": "^2.108.2"
   },
   "devDependencies": {
-    "@types/node": "^22.19.19",
-    "@ctrl-spc/shared": "0.0.0"
+    "@types/node": "^24.13.2",
+    "typescript": "~6.0.2",
+    "vitest": "^4.1.9"
   },
-  "scripts": {
-    "build": "tsup",
-    "typecheck": "tsc --noEmit",
-    "lint": "eslint .",
-    "test": "vitest run --passWithNoTests"
+  "engines": {
+    "node": ">=20"
   }
-}
+}

package/dist/chunk-K3NQKI34.js

@@ -1,10 +0,0 @@
-#!/usr/bin/env node
-var __defProp = Object.defineProperty;
-var __export = (target, all) => {
-  for (var name in all)
-    __defProp(target, name, { get: all[name], enumerable: true });
-};
-
-export {
-  __export
-};

package/dist/cli.d.ts

@@ -1,3 +0,0 @@
-declare function run(argv: readonly string[]): Promise<number>;
-
-export { run };