@gricha/perry 0.2.2 → 0.2.3

package/README.md

@@ -85,6 +85,14 @@ Open http://localhost:7391 (or your Tailscale host) and click "+" to create a wo
 
 Perry is designed for use within **secure private networks** like [Tailscale](https://tailscale.com). The web UI and API currently have no authentication - this is intentional for private network use where all devices are trusted.
 
+NOTE: Using this software can be dangerous, don't expose it on the network. Any user that can access perry's web server may be able to do serious damage to your system. Keep it closed in Tailscale network.
+
+Perry by default allows the API to interact with the host machine as well - while it's intended purpose is to manage docker containers, sometimes, for simplicity I run some of my jobs directly on my machine. This can be disabled. When you start perry, you can pass a `--no-host-access` flag.
+
+`perry agent run --no-host-access`
+
+This will ensure that perry can only stand up/tear down docker containers. While this reduces the attack surface, it is only as good as docker is as sandbox (and it may very well not be).
+
 ## Configuration
 
 Configure credentials and agent settings via Web UI → Settings or edit `~/.config/perry/config.json`:

package/dist/agent/file-watcher.js

@@ -0,0 +1,138 @@
+import { watch } from 'fs';
+import { access } from 'fs/promises';
+import { expandPath } from '../config/loader';
+const STANDARD_CREDENTIAL_FILES = [
+    '~/.gitconfig',
+    '~/.claude/.credentials.json',
+    '~/.codex/auth.json',
+    '~/.codex/config.toml',
+];
+export class FileWatcher {
+    watchers = new Map();
+    config;
+    syncCallback;
+    debounceMs;
+    debounceTimer = null;
+    pendingSync = false;
+    constructor(options) {
+        this.config = options.config;
+        this.syncCallback = options.syncCallback;
+        this.debounceMs = options.debounceMs ?? 500;
+        this.setupWatchers();
+    }
+    updateConfig(config) {
+        this.config = config;
+        this.rebuildWatchers();
+    }
+    stop() {
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+            this.debounceTimer = null;
+        }
+        for (const [filePath, watcher] of this.watchers) {
+            watcher.close();
+            console.log(`[file-watcher] Stopped watching: ${filePath}`);
+        }
+        this.watchers.clear();
+    }
+    collectWatchPaths() {
+        const paths = new Set();
+        for (const sourcePath of Object.values(this.config.credentials.files)) {
+            paths.add(expandPath(sourcePath));
+        }
+        for (const stdPath of STANDARD_CREDENTIAL_FILES) {
+            paths.add(expandPath(stdPath));
+        }
+        if (this.config.ssh?.global?.copy) {
+            for (const keyPath of this.config.ssh.global.copy) {
+                paths.add(expandPath(keyPath));
+            }
+        }
+        if (this.config.ssh?.workspaces) {
+            for (const wsConfig of Object.values(this.config.ssh.workspaces)) {
+                if (wsConfig.copy) {
+                    for (const keyPath of wsConfig.copy) {
+                        paths.add(expandPath(keyPath));
+                    }
+                }
+            }
+        }
+        return Array.from(paths);
+    }
+    async setupWatchers() {
+        const paths = this.collectWatchPaths();
+        for (const filePath of paths) {
+            await this.watchFile(filePath);
+        }
+    }
+    async watchFile(filePath) {
+        if (this.watchers.has(filePath)) {
+            return;
+        }
+        try {
+            await access(filePath);
+        }
+        catch {
+            return;
+        }
+        try {
+            const watcher = watch(filePath, (eventType) => {
+                if (eventType === 'change' || eventType === 'rename') {
+                    this.handleFileChange(filePath);
+                }
+            });
+            watcher.on('error', (err) => {
+                console.error(`[file-watcher] Error watching ${filePath}:`, err);
+                this.watchers.delete(filePath);
+            });
+            this.watchers.set(filePath, watcher);
+            console.log(`[file-watcher] Watching: ${filePath}`);
+        }
+        catch (err) {
+            console.error(`[file-watcher] Failed to watch ${filePath}:`, err);
+        }
+    }
+    handleFileChange(filePath) {
+        console.log(`[file-watcher] Change detected: ${filePath}`);
+        this.scheduleSync();
+    }
+    scheduleSync() {
+        if (this.debounceTimer) {
+            clearTimeout(this.debounceTimer);
+        }
+        this.pendingSync = true;
+        this.debounceTimer = setTimeout(async () => {
+            this.debounceTimer = null;
+            if (this.pendingSync) {
+                this.pendingSync = false;
+                try {
+                    console.log('[file-watcher] Triggering sync...');
+                    await this.syncCallback();
+                    console.log('[file-watcher] Sync completed');
+                }
+                catch (err) {
+                    console.error('[file-watcher] Sync failed:', err);
+                }
+            }
+        }, this.debounceMs);
+    }
+    rebuildWatchers() {
+        const newPaths = new Set(this.collectWatchPaths());
+        const currentPaths = new Set(this.watchers.keys());
+        for (const filePath of currentPaths) {
+            if (!newPaths.has(filePath)) {
+                const watcher = this.watchers.get(filePath);
+                if (watcher) {
+                    watcher.close();
+                    this.watchers.delete(filePath);
+                    console.log(`[file-watcher] Stopped watching: ${filePath}`);
+                }
+            }
+        }
+        for (const filePath of newPaths) {
+            if (!currentPaths.has(filePath)) {
+                this.watchFile(filePath);
+            }
+        }
+    }
+}

package/dist/agent/router.js

@@ -3,7 +3,7 @@ import * as z from 'zod';
 import os_module from 'os';
 import { promises as fs } from 'fs';
 import path from 'path';
-import { HOST_WORKSPACE_NAME } from '../shared/types';
+import { HOST_WORKSPACE_NAME } from '../shared/client-types';
 import { getDockerVersion, execInContainer } from '../docker';
 import { saveAgentConfig } from '../config/loader';
 import { setSessionName, getSessionNamesForWorkspace, deleteSessionName, } from '../sessions/metadata';
@@ -222,6 +222,7 @@ export function createRouter(ctx) {
         const newConfig = { ...currentConfig, credentials: input };
         ctx.config.set(newConfig);
         await saveAgentConfig(newConfig, ctx.configDir);
+        ctx.triggerAutoSync();
         return input;
     });
     const getScripts = os.output(ScriptsSchema).handler(async () => {
@@ -235,6 +236,7 @@ export function createRouter(ctx) {
         const newConfig = { ...currentConfig, scripts: input };
         ctx.config.set(newConfig);
         await saveAgentConfig(newConfig, ctx.configDir);
+        ctx.triggerAutoSync();
         return input;
     });
     const getAgents = os.output(CodingAgentsSchema).handler(async () => {
@@ -248,6 +250,7 @@ export function createRouter(ctx) {
         const newConfig = { ...currentConfig, agents: input };
         ctx.config.set(newConfig);
         await saveAgentConfig(newConfig, ctx.configDir);
+        ctx.triggerAutoSync();
         return input;
     });
     const getSSHSettings = os.output(SSHSettingsSchema).handler(async () => {
@@ -266,6 +269,7 @@ export function createRouter(ctx) {
         const newConfig = { ...currentConfig, ssh: input };
         ctx.config.set(newConfig);
         await saveAgentConfig(newConfig, ctx.configDir);
+        ctx.triggerAutoSync();
         return input;
     });
     const listSSHKeys = os.output(z.array(SSHKeyInfoSchema)).handler(async () => {

package/dist/agent/run.js

@@ -1,7 +1,7 @@
 import { createServer } from 'http';
 import { RPCHandler } from '@orpc/server/node';
 import { loadAgentConfig, getConfigDir, ensureConfigDir } from '../config/loader';
-import { HOST_WORKSPACE_NAME } from '../shared/types';
+import { HOST_WORKSPACE_NAME } from '../shared/client-types';
 import { DEFAULT_AGENT_PORT } from '../shared/constants';
 import { WorkspaceManager } from '../workspace/manager';
 import { containerRunning, getContainerName } from '../docker';
@@ -13,6 +13,7 @@ import { createRouter } from './router';
 import { serveStatic } from './static';
 import { SessionsCacheManager } from '../sessions/cache';
 import { ModelCacheManager } from '../models/cache';
+import { FileWatcher } from './file-watcher';
 import { getTailscaleStatus, getTailscaleIdentity, startTailscaleServe, stopTailscaleServe, } from '../tailscale';
 import pkg from '../../package.json';
 const startTime = Date.now();
@@ -25,6 +26,23 @@ function createAgentServer(configDir, config, tailscale) {
     const workspaces = new WorkspaceManager(configDir, currentConfig);
     const sessionsCache = new SessionsCacheManager(configDir);
     const modelCache = new ModelCacheManager(configDir);
+    const syncAllRunning = async () => {
+        const allWorkspaces = await workspaces.list();
+        const running = allWorkspaces.filter((ws) => ws.status === 'running');
+        for (const ws of running) {
+            try {
+                await workspaces.sync(ws.name);
+                console.log(`[sync] Synced workspace: ${ws.name}`);
+            }
+            catch (err) {
+                console.error(`[sync] Failed to sync ${ws.name}:`, err);
+            }
+        }
+    };
+    const fileWatcher = new FileWatcher({
+        config: currentConfig,
+        syncCallback: syncAllRunning,
+    });
     const isWorkspaceRunning = async (name) => {
         if (name === HOST_WORKSPACE_NAME) {
             return currentConfig.allowHostAccess === true;
@@ -46,6 +64,11 @@ function createAgentServer(configDir, config, tailscale) {
         isHostAccessAllowed: () => currentConfig.allowHostAccess === true,
         getConfig: () => currentConfig,
     });
+    const triggerAutoSync = () => {
+        syncAllRunning().catch((err) => {
+            console.error('[sync] Auto-sync failed:', err);
+        });
+    };
     const router = createRouter({
         workspaces,
         config: {
@@ -53,6 +76,7 @@ function createAgentServer(configDir, config, tailscale) {
             set: (newConfig) => {
                 currentConfig = newConfig;
                 workspaces.updateConfig(newConfig);
+                fileWatcher.updateConfig(newConfig);
             },
         },
         configDir,
@@ -62,6 +86,7 @@ function createAgentServer(configDir, config, tailscale) {
         sessionsCache,
         modelCache,
         tailscale,
+        triggerAutoSync,
     });
     const rpcHandler = new RPCHandler(router);
     const server = createServer(async (req, res) => {
@@ -125,7 +150,7 @@ function createAgentServer(configDir, config, tailscale) {
             socket.destroy();
         }
     });
-    return { server, terminalServer, chatServer, opencodeServer };
+    return { server, terminalServer, chatServer, opencodeServer, fileWatcher };
 }
 async function getProcessUsingPort(port) {
     try {
@@ -189,7 +214,7 @@ export async function startAgent(options = {}) {
             httpsUrl: tailscaleServeActive ? `https://${tailscale.dnsName}` : undefined,
         }
         : undefined;
-    const { server, terminalServer, chatServer, opencodeServer } = createAgentServer(configDir, config, tailscaleInfo);
+    const { server, terminalServer, chatServer, opencodeServer, fileWatcher } = createAgentServer(configDir, config, tailscaleInfo);
     server.on('error', async (err) => {
         if (err.code === 'EADDRINUSE') {
             console.error(`[agent] Error: Port ${port} is already in use.`);
@@ -222,6 +247,7 @@ export async function startAgent(options = {}) {
     });
     const shutdown = async () => {
         console.log('[agent] Shutting down...');
+        fileWatcher.stop();
         if (tailscaleServeActive) {
             console.log('[agent] Stopping Tailscale Serve...');
             await stopTailscaleServe();