@dmsdc-ai/aigentry-telepty 0.1.67 → 0.1.68

package/cli.js

@@ -15,6 +15,7 @@ const { attachInteractiveTerminal, getTerminalSize } = require('./interactive-te
 const { getRuntimeInfo } = require('./runtime-info');
 const { formatHostLabel, groupSessionsByHost, pickSessionTarget } = require('./session-routing');
 const { runInteractiveSkillInstaller } = require('./skill-installer');
+const crossMachine = require('./cross-machine');
 const args = process.argv.slice(2);
 let pendingTerminalInputError = null;
 let simulatedPromptErrorInjected = false;
@@ -208,30 +209,16 @@ function getDiscoveryHosts() {
     .filter(Boolean);
   extraHosts.forEach((host) => hosts.add(host));
 
-  // Also include relay peers for cross-machine session discovery
+  // Include relay peers for cross-machine session discovery
   const relayPeers = String(process.env.TELEPTY_RELAY_PEERS || '')
     .split(',')
     .map((host) => host.trim())
     .filter(Boolean);
   relayPeers.forEach((host) => hosts.add(host));
 
-  if (REMOTE_HOST && REMOTE_HOST !== '127.0.0.1') {
-    return Array.from(hosts);
-  }
-
-  try {
-    const tsStatus = execSync('tailscale status --json', { encoding: 'utf8', stdio: ['pipe', 'pipe', 'ignore'] });
-    const tsData = JSON.parse(tsStatus);
-    if (tsData && tsData.Peer) {
-      for (const peer of Object.values(tsData.Peer)) {
-        if (peer.Online && peer.TailscaleIPs && peer.TailscaleIPs.length > 0) {
-          hosts.add(peer.TailscaleIPs[0]);
-        }
-      }
-    }
-  } catch (e) {
-    // Tailscale not available or not running, ignore
-  }
+  // Include SSH tunnel-connected peers
+  const connectedHosts = crossMachine.getConnectedHosts();
+  connectedHosts.forEach((host) => hosts.add(host));
 
   return Array.from(hosts);
 }
@@ -242,7 +229,7 @@ async function discoverSessions(options = {}) {
   const allSessions = [];
 
   if (!options.silent) {
-    process.stdout.write('\x1b[36m🔍 Discovering active sessions across your Tailnet...\x1b[0m\n');
+    process.stdout.write('\x1b[36m🔍 Discovering active sessions across connected machines...\x1b[0m\n');
   }
 
   await Promise.all(hosts.map(async (host) => {
@@ -1874,6 +1861,85 @@ Discuss the following topic from your project's perspective. Engage with other s
     return;
   }
 
+  // telepty connect <target> [--name <name>] [--port <port>]
+  if (cmd === 'connect') {
+    const target = args[1];
+    if (!target) {
+      console.error('❌ Usage: telepty connect <user@host> [--name <name>] [--port <port>]');
+      process.exit(1);
+    }
+    const nameFlag = args.indexOf('--name');
+    const portFlag = args.indexOf('--port');
+    const options = {};
+    if (nameFlag !== -1 && args[nameFlag + 1]) options.name = args[nameFlag + 1];
+    if (portFlag !== -1 && args[portFlag + 1]) options.port = Number(args[portFlag + 1]);
+
+    process.stdout.write(`\x1b[36m🔗 Connecting to ${target}...\x1b[0m\n`);
+    const result = await crossMachine.connect(target, options);
+    if (result.success) {
+      console.log(`\x1b[32m✅ Connected to ${result.name}\x1b[0m`);
+      console.log(`   Machine ID: ${result.machineId}`);
+      console.log(`   Local port: ${result.localPort}`);
+      console.log(`   Version: ${result.version}`);
+      console.log(`\nSessions on ${result.name} are now discoverable via \x1b[36mtelepty list\x1b[0m`);
+    } else {
+      console.error(`\x1b[31m❌ ${result.error}\x1b[0m`);
+      process.exit(1);
+    }
+    return;
+  }
+
+  // telepty disconnect [<name> | --all]
+  if (cmd === 'disconnect') {
+    if (args[1] === '--all') {
+      const result = crossMachine.disconnectAll();
+      console.log(`\x1b[32m✅ Disconnected from ${result.disconnected.length} peer(s)\x1b[0m`);
+    } else if (args[1]) {
+      const result = crossMachine.disconnect(args[1]);
+      if (result.success) {
+        console.log(`\x1b[32m✅ Disconnected from ${result.name}\x1b[0m`);
+      } else {
+        console.error(`\x1b[31m❌ ${result.error}\x1b[0m`);
+      }
+    } else {
+      console.error('❌ Usage: telepty disconnect <name> | --all');
+      process.exit(1);
+    }
+    return;
+  }
+
+  // telepty peers [--remove <name>]
+  if (cmd === 'peers') {
+    if (args[1] === '--remove' && args[2]) {
+      crossMachine.removePeer(args[2]);
+      console.log(`\x1b[32m✅ Removed peer ${args[2]}\x1b[0m`);
+      return;
+    }
+
+    const active = crossMachine.listActivePeers();
+    const known = crossMachine.listKnownPeers();
+
+    console.log('\x1b[1mConnected Peers:\x1b[0m');
+    if (active.length === 0) {
+      console.log('  (none)');
+    } else {
+      for (const peer of active) {
+        console.log(`  \x1b[32m●\x1b[0m ${peer.name} (${peer.target}) → localhost:${peer.localPort} [${peer.machineId}]`);
+      }
+    }
+
+    const knownNames = Object.keys(known);
+    const disconnected = knownNames.filter(n => !active.find(a => a.name === n));
+    if (disconnected.length > 0) {
+      console.log('\n\x1b[1mKnown Peers (disconnected):\x1b[0m');
+      for (const name of disconnected) {
+        const p = known[name];
+        console.log(`  \x1b[90m○\x1b[0m ${name} (${p.target}) — last: ${p.lastConnected || 'never'}`);
+      }
+    }
+    return;
+  }
+
   if (cmd === 'listen' || cmd === 'monitor') {
     await ensureDaemonRunning();
     
@@ -1959,6 +2025,9 @@ Usage:
   telepty multicast <id1[@host],id2[@host]> "<prompt>"  Inject text into multiple specific sessions
   telepty broadcast "<prompt>"                   Inject text into ALL active sessions
   telepty rename <old_id[@host]> <new_id>        Rename a session (updates terminal title too)
+  telepty connect <user@host> [--name N] [--port P]  Connect to a remote machine via SSH tunnel
+  telepty disconnect <name> | --all              Disconnect from a remote machine
+  telepty peers [--remove <name>]                List connected and known peers
   telepty listen                                 Listen to the event bus and print JSON to stdout
   telepty monitor                                Human-readable real-time billboard of bus events
   telepty update                                 Update telepty to the latest version

package/cross-machine.js

@@ -0,0 +1,221 @@
+'use strict';
+
+const { spawn } = require('child_process');
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const PEERS_PATH = path.join(os.homedir(), '.telepty', 'peers.json');
+const BASE_LOCAL_PORT = 3849; // tunnels start at this port
+
+// In-memory active tunnels
+const activeTunnels = new Map(); // name -> { process, localPort, target, connectedAt, ... }
+
+function loadPeers() {
+  try {
+    if (!fs.existsSync(PEERS_PATH)) return { peers: {} };
+    return JSON.parse(fs.readFileSync(PEERS_PATH, 'utf8'));
+  } catch { return { peers: {} }; }
+}
+
+function savePeers(data) {
+  try {
+    fs.mkdirSync(path.dirname(PEERS_PATH), { recursive: true });
+    fs.writeFileSync(PEERS_PATH, JSON.stringify(data, null, 2));
+  } catch {}
+}
+
+function getNextLocalPort() {
+  const usedPorts = new Set([...activeTunnels.values()].map(t => t.localPort));
+  let port = BASE_LOCAL_PORT;
+  while (usedPorts.has(port)) port++;
+  return port;
+}
+
+/**
+ * Connect to a remote machine via SSH tunnel.
+ * @param {string} target - "user@host" or "host" (uses current user)
+ * @param {object} options - { name, port }
+ * @returns {Promise<object>} - { success, name, localPort, machineId, version } or { success: false, error }
+ */
+async function connect(target, options = {}) {
+  const remotePort = options.port || 3848;
+  const localPort = getNextLocalPort();
+
+  // Parse target
+  let sshTarget = target;
+  if (!target.includes('@')) {
+    sshTarget = `${os.userInfo().username}@${target}`;
+  }
+
+  const name = options.name || target.split('@').pop().split('.')[0]; // short hostname
+
+  // Check if already connected
+  if (activeTunnels.has(name)) {
+    const existing = activeTunnels.get(name);
+    return { success: false, error: `Already connected to ${name} on port ${existing.localPort}` };
+  }
+
+  // Create SSH tunnel
+  const tunnel = spawn('ssh', [
+    '-N',                                           // No remote command
+    '-L', `${localPort}:localhost:${remotePort}`,   // Local port forwarding
+    '-o', 'ServerAliveInterval=30',                 // Keep alive
+    '-o', 'ServerAliveCountMax=3',                  // Disconnect after 3 missed keepalives
+    '-o', 'ExitOnForwardFailure=yes',               // Fail if port forwarding fails
+    '-o', 'ConnectTimeout=10',                      // Connection timeout
+    '-o', 'StrictHostKeyChecking=accept-new',       // Auto-accept new host keys
+    sshTarget
+  ], {
+    stdio: ['ignore', 'pipe', 'pipe'],
+    detached: false
+  });
+
+  // Wait for tunnel to establish or fail
+  const result = await new Promise((resolve) => {
+    let stderr = '';
+    const timeout = setTimeout(() => {
+      // If process is still running after 5s, tunnel is up
+      if (!tunnel.killed && tunnel.exitCode === null) {
+        resolve({ success: true });
+      } else {
+        resolve({ success: false, error: stderr || 'Connection timeout' });
+      }
+    }, 5000);
+
+    tunnel.stderr.on('data', (data) => { stderr += data.toString(); });
+    tunnel.on('exit', (code) => {
+      clearTimeout(timeout);
+      if (code !== 0) {
+        resolve({ success: false, error: stderr || `SSH exited with code ${code}` });
+      }
+    });
+    tunnel.on('error', (err) => {
+      clearTimeout(timeout);
+      resolve({ success: false, error: err.message });
+    });
+  });
+
+  if (!result.success) {
+    tunnel.kill();
+    return result;
+  }
+
+  // Verify remote daemon is accessible through tunnel
+  try {
+    const res = await fetch(`http://127.0.0.1:${localPort}/api/meta`, {
+      signal: AbortSignal.timeout(3000)
+    });
+    if (!res.ok) throw new Error('Daemon not responding');
+    const meta = await res.json();
+
+    const peerInfo = {
+      process: tunnel,
+      localPort,
+      target: sshTarget,
+      name,
+      machineId: meta.machine_id || name,
+      version: meta.version || 'unknown',
+      connectedAt: new Date().toISOString()
+    };
+
+    activeTunnels.set(name, peerInfo);
+
+    // Persist peer for reconnection
+    const peers = loadPeers();
+    peers.peers[name] = {
+      target: sshTarget,
+      remotePort,
+      lastConnected: peerInfo.connectedAt,
+      machineId: peerInfo.machineId
+    };
+    savePeers(peers);
+
+    // Monitor tunnel health
+    tunnel.on('exit', () => {
+      console.log(`[PEER] SSH tunnel to ${name} disconnected`);
+      activeTunnels.delete(name);
+    });
+
+    return {
+      success: true,
+      name,
+      localPort,
+      machineId: peerInfo.machineId,
+      version: peerInfo.version
+    };
+  } catch (err) {
+    tunnel.kill();
+    return { success: false, error: `Remote daemon not accessible: ${err.message}` };
+  }
+}
+
+function disconnect(name) {
+  const tunnel = activeTunnels.get(name);
+  if (!tunnel) {
+    return { success: false, error: `Not connected to ${name}` };
+  }
+  tunnel.process.kill();
+  activeTunnels.delete(name);
+  return { success: true, name };
+}
+
+function disconnectAll() {
+  const names = [...activeTunnels.keys()];
+  names.forEach(name => disconnect(name));
+  return { disconnected: names };
+}
+
+function listActivePeers() {
+  return [...activeTunnels.entries()].map(([name, info]) => ({
+    name,
+    target: info.target,
+    localPort: info.localPort,
+    machineId: info.machineId,
+    connectedAt: info.connectedAt,
+    host: `127.0.0.1:${info.localPort}`
+  }));
+}
+
+function listKnownPeers() {
+  return loadPeers().peers;
+}
+
+/**
+ * Get all connected peer hosts for discovery.
+ * @returns {string[]} Array of "127.0.0.1:PORT" strings
+ */
+function getConnectedHosts() {
+  return [...activeTunnels.values()].map(t => `127.0.0.1:${t.localPort}`);
+}
+
+/**
+ * Get connected host for a specific peer.
+ * @param {string} name - Peer name
+ * @returns {string|null} "127.0.0.1:PORT" or null
+ */
+function getPeerHost(name) {
+  const tunnel = activeTunnels.get(name);
+  return tunnel ? `127.0.0.1:${tunnel.localPort}` : null;
+}
+
+function removePeer(name) {
+  disconnect(name); // disconnect if active
+  const peers = loadPeers();
+  delete peers.peers[name];
+  savePeers(peers);
+  return { success: true };
+}
+
+module.exports = {
+  connect,
+  disconnect,
+  disconnectAll,
+  listActivePeers,
+  listKnownPeers,
+  getConnectedHosts,
+  getPeerHost,
+  removePeer,
+  loadPeers,
+  PEERS_PATH
+};

package/daemon.js

@@ -91,14 +91,12 @@ function verifyJwt(token) {
 function isAllowedPeer(ip) {
   if (!ip) return false;
   const cleanIp = ip.replace('::ffff:', '');
-  // Localhost always allowed
+  // Localhost always allowed (includes SSH tunnel traffic)
   if (cleanIp === '127.0.0.1' || ip === '::1') return true;
-  // Tailscale range (100.x.y.z)
-  if (cleanIp.startsWith('100.')) return true;
   // Peer allowlist
   if (PEER_ALLOWLIST.length > 0) return PEER_ALLOWLIST.includes(cleanIp);
   // No allowlist = allow all authenticated
-  return false;
+  return true;
 }
 
 // Authentication Middleware
@@ -106,7 +104,7 @@ app.use((req, res, next) => {
   const clientIp = req.ip;
 
   if (isAllowedPeer(clientIp)) {
-    return next(); // Trust local, Tailscale, and allowlisted peers
+    return next(); // Trust local and allowlisted peers (SSH tunnels arrive as localhost)
   }
 
   const token = req.headers['x-telepty-token'] || req.query.token;
@@ -438,10 +436,23 @@ app.get('/api/meta', (req, res) => {
     host: HOST,
     port: Number(PORT),
     machine_id: MACHINE_ID,
-    capabilities: ['sessions', 'wrapped-sessions', 'skill-installer', 'singleton-daemon', 'handoff-inbox', 'deliberation-threads']
+    capabilities: ['sessions', 'wrapped-sessions', 'skill-installer', 'singleton-daemon', 'handoff-inbox', 'deliberation-threads', 'cross-machine']
   });
 });
 
+// Peer management endpoint (for cross-machine module)
+app.get('/api/peers', (req, res) => {
+  try {
+    const crossMachine = require('./cross-machine');
+    res.json({
+      active: crossMachine.listActivePeers(),
+      known: crossMachine.listKnownPeers()
+    });
+  } catch {
+    res.json({ active: [], known: {} });
+  }
+});
+
 app.post('/api/sessions/multicast/inject', (req, res) => {
   const { session_ids, prompt } = req.body;
   if (!prompt) return res.status(400).json({ error: 'prompt is required' });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dmsdc-ai/aigentry-telepty",
-  "version": "0.1.67",
+  "version": "0.1.68",
   "main": "daemon.js",
   "bin": {
     "aigentry-telepty": "install.js",