@hienlh/ppm 0.7.26 → 0.7.28

package/src/cli/commands/restart.ts

@@ -1,11 +1,12 @@
 import { resolve } from "node:path";
 import { homedir } from "node:os";
-import { readFileSync, writeFileSync, existsSync, openSync } from "node:fs";
+import { readFileSync, writeFileSync, existsSync, openSync, unlinkSync } from "node:fs";
 
 const PPM_DIR = resolve(homedir(), ".ppm");
 const STATUS_FILE = resolve(PPM_DIR, "status.json");
 const PID_FILE = resolve(PPM_DIR, "ppm.pid");
 const RESTARTING_FLAG = resolve(PPM_DIR, ".restarting");
+const RESTART_RESULT = resolve(PPM_DIR, ".restart-result");
 
 /** Restart only the server process, keeping the tunnel alive */
 export async function restartServer(options: { config?: string }) {
@@ -42,21 +43,28 @@ export async function restartServer(options: { config?: string }) {
   // Write restarting flag so tunnel cleanup handler skips killing cloudflared
   writeFileSync(RESTARTING_FLAG, "");
 
+  // Clear previous result
+  try { unlinkSync(RESTART_RESULT); } catch {}
+
+  // Pre-restart message — user sees this before terminal dies (if running inside PPM)
+  console.log("\n  Restarting PPM server...");
+  console.log("  If you're using PPM terminal, wait a few seconds then reload the page.\n");
+
   // Generate a self-contained restart worker script.
-  // This runs as a detached process so it survives even if the current process
-  // (and the PPM server hosting its terminal) is killed.
+  // Runs as a detached process so it survives when the PPM server (and its terminals) die.
   const params = JSON.stringify({
     serverPid, port, host, serverScript,
     config: options.config ?? "",
     statusFile: STATUS_FILE,
     pidFile: PID_FILE,
     restartingFlag: RESTARTING_FLAG,
+    resultFile: RESTART_RESULT,
     ppmDir: PPM_DIR,
   });
 
   const workerPath = resolve(PPM_DIR, ".restart-worker.ts");
   writeFileSync(workerPath, `
-import { readFileSync, writeFileSync, openSync, unlinkSync, appendFileSync, existsSync } from "node:fs";
+import { readFileSync, writeFileSync, openSync, unlinkSync, appendFileSync } from "node:fs";
 import { createServer } from "node:net";
 
 const P = ${params};
@@ -66,6 +74,9 @@ async function main() {
     const ts = new Date().toISOString();
     try { appendFileSync(P.ppmDir + "/ppm.log", "[" + ts + "] [" + level + "] " + msg + "\\n"); } catch {}
   };
+  const writeResult = (ok: boolean, msg: string) => {
+    try { writeFileSync(P.resultFile, JSON.stringify({ ok, message: msg })); } catch {}
+  };
 
   // Kill old server
   try { process.kill(P.serverPid); log("INFO", "Restart: killed old server PID " + P.serverPid); } catch {}
@@ -115,12 +126,32 @@ async function main() {
     await Bun.sleep(300);
   }
 
+  // Check tunnel
+  let tunnelAlive = false;
+  let tunnelPid: number | undefined;
+  let shareUrl: string | undefined;
+  try {
+    const st = JSON.parse(readFileSync(P.statusFile, "utf-8"));
+    tunnelPid = st.tunnelPid;
+    shareUrl = st.shareUrl;
+    if (tunnelPid) { process.kill(tunnelPid, 0); tunnelAlive = true; }
+  } catch {}
+
   if (ready) {
-    log("INFO", "Restart complete — new server PID " + child.pid);
+    let msg = "Restart complete (PID: " + child.pid + ", port: " + P.port + ")";
+    if (shareUrl && tunnelPid) {
+      msg += tunnelAlive ? " — tunnel alive" : " — tunnel dead, run 'ppm stop && ppm start --share'";
+    }
+    log("INFO", msg);
+    writeResult(true, msg);
   } else {
     let alive = false;
     try { process.kill(child.pid, 0); alive = true; } catch {}
-    log("ERROR", "Restart failed — server " + (alive ? "not responding on port " + P.port : "crashed on startup"));
+    const msg = alive
+      ? "Server started but not responding on port " + P.port + ". Check: ppm logs"
+      : "Server crashed on startup. Check: ppm logs";
+    log("ERROR", msg);
+    writeResult(false, msg);
   }
 
   // Cleanup worker file
@@ -140,9 +171,27 @@ main();
   });
   worker.unref();
 
-  const { VERSION } = await import("../../version.ts");
-  console.log(`\n  PPM v${VERSION} restarting... (worker PID: ${worker.pid})`);
-  console.log(`  Server will restart in background. Check: ppm status\n`);
+  // Poll for result — if running from external terminal, we'll see the result.
+  // If running from PPM terminal, this process dies when server is killed — that's fine,
+  // the user already saw the pre-restart message above.
+  const pollStart = Date.now();
+  while (Date.now() - pollStart < 20000) {
+    await Bun.sleep(500);
+    if (existsSync(RESTART_RESULT)) {
+      try {
+        const result = JSON.parse(readFileSync(RESTART_RESULT, "utf-8"));
+        if (result.ok) {
+          console.log(`  ✓  ${result.message}`);
+        } else {
+          console.error(`  ✗  ${result.message}`);
+        }
+        unlinkSync(RESTART_RESULT);
+      } catch {}
+      process.exit(0);
+    }
+  }
 
-  process.exit(0);
+  // Timeout — worker might still be running
+  console.error("  ⚠  Restart timed out. Check: ppm logs");
+  process.exit(1);
 }

package/src/lib/account-crypto.ts

@@ -1,4 +1,4 @@
-import { createCipheriv, createDecipheriv, randomBytes } from "node:crypto";
+import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "node:crypto";
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from "node:fs";
 import { resolve } from "node:path";
 import { homedir } from "node:os";
@@ -39,6 +39,57 @@ export function encrypt(plaintext: string): string {
   return `${iv.toString("hex")}:${tag.toString("hex")}:${enc.toString("hex")}`;
 }
 
+// ---------------------------------------------------------------------------
+// Password-based encryption for portable export (cross-machine)
+// ---------------------------------------------------------------------------
+
+interface EncryptedExport {
+  version: 1;
+  kdf: "scrypt";
+  salt: string;    // hex, 32 bytes
+  iv: string;      // hex, 12 bytes
+  authTag: string; // hex, 16 bytes
+  ciphertext: string; // base64
+}
+
+/** Encrypt payload with user password → portable encrypted JSON blob */
+export function encryptWithPassword(plaintext: string, password: string): string {
+  const salt = randomBytes(32);
+  const iv = randomBytes(12);
+  // scrypt N=16384 (r=8, p=1) → 16MB mem, ~50ms — secure & within Node/Bun default limits
+  const key = scryptSync(password, salt, 32, { N: 16384, r: 8, p: 1 });
+  const cipher = createCipheriv(ALGO, key, iv);
+  const enc = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+  const envelope: EncryptedExport = {
+    version: 1,
+    kdf: "scrypt",
+    salt: salt.toString("hex"),
+    iv: iv.toString("hex"),
+    authTag: cipher.getAuthTag().toString("hex"),
+    ciphertext: enc.toString("base64"),
+  };
+  return JSON.stringify(envelope);
+}
+
+/** Decrypt portable encrypted JSON blob with user password → plaintext */
+export function decryptWithPassword(blob: string, password: string): string {
+  let envelope: EncryptedExport;
+  try { envelope = JSON.parse(blob); } catch { throw new Error("Invalid backup format"); }
+  if (envelope.version !== 1 || envelope.kdf !== "scrypt") throw new Error("Unsupported backup version");
+  const salt = Buffer.from(envelope.salt, "hex");
+  const iv = Buffer.from(envelope.iv, "hex");
+  const authTag = Buffer.from(envelope.authTag, "hex");
+  const ciphertext = Buffer.from(envelope.ciphertext, "base64");
+  const key = scryptSync(password, salt, 32, { N: 16384, r: 8, p: 1 });
+  const decipher = createDecipheriv(ALGO, key, iv);
+  decipher.setAuthTag(authTag);
+  try {
+    return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf-8");
+  } catch {
+    throw new Error("Wrong password or corrupted backup");
+  }
+}
+
 /** Decrypt "iv:authTag:ciphertext" → plaintext */
 export function decrypt(encoded: string): string {
   const parts = encoded.split(":");

package/src/server/routes/accounts.ts

@@ -153,19 +153,28 @@ accountsRoutes.post("/oauth/refresh/:id", async (c) => {
   }
 });
 
-/** GET /api/accounts/export — download encrypted accounts backup */
-accountsRoutes.get("/export", (c) => {
-  const blob = accountService.exportEncrypted();
-  c.header("Content-Disposition", "attachment; filename=ppm-accounts-backup.json");
-  c.header("Content-Type", "application/json");
-  return c.body(blob);
+/** POST /api/accounts/export — download password-encrypted accounts backup */
+accountsRoutes.post("/export", async (c) => {
+  try {
+    const { password, accountIds } = await c.req.json() as { password: string; accountIds?: string[] };
+    if (!password) return c.json(err("Password required"), 400);
+    await accountService.refreshBeforeExport(accountIds);
+    const blob = accountService.exportEncrypted(password, accountIds);
+    c.header("Content-Disposition", "attachment; filename=ppm-accounts-backup.json");
+    c.header("Content-Type", "application/json");
+    return c.body(blob);
+  } catch (e) {
+    return c.json(err((e as Error).message), 400);
+  }
 });
 
-/** POST /api/accounts/import — restore accounts from backup */
+/** POST /api/accounts/import — restore accounts from password-encrypted backup */
 accountsRoutes.post("/import", async (c) => {
   try {
-    const body = await c.req.text();
-    const count = accountService.importEncrypted(body);
+    const { data, password } = await c.req.json() as { data: string; password: string };
+    if (!data) return c.json(err("Backup data required"), 400);
+    if (!password) return c.json(err("Password required"), 400);
+    const count = accountService.importEncrypted(data, password);
     return c.json(ok({ imported: count }));
   } catch (e) {
     return c.json(err((e as Error).message), 400);

package/src/services/account.service.ts

@@ -1,5 +1,5 @@
 import { randomUUID, createHash, randomBytes } from "node:crypto";
-import { encrypt, decrypt } from "../lib/account-crypto.ts";
+import { encrypt, decrypt, encryptWithPassword, decryptWithPassword } from "../lib/account-crypto.ts";
 import {
   getAccounts,
   getAccountById,
@@ -57,6 +57,12 @@ export interface OAuthProfileData {
   };
 }
 
+/** Check if a token string looks like our encrypted format "iv:authTag:ciphertext" (all hex) */
+function looksEncrypted(value: string): boolean {
+  const parts = value.split(":");
+  return parts.length === 3 && parts.every((p) => /^[0-9a-f]+$/i.test(p));
+}
+
 const OAUTH_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
 const OAUTH_AUTH_URL = "https://claude.ai/oauth/authorize";
 const OAUTH_TOKEN_URL = "https://api.anthropic.com/v1/oauth/token";
@@ -506,14 +512,40 @@ class AccountService {
   // Export / Import encrypted backup
   // ---------------------------------------------------------------------------
 
-  exportEncrypted(): string {
-    // Export raw DB rows (tokens are already encrypted) as JSON
-    const rows = getAccounts();
-    return JSON.stringify(rows, null, 2);
+  /** Refresh all OAuth tokens before export so they're fresh on the target machine */
+  async refreshBeforeExport(accountIds?: string[]): Promise<void> {
+    const accounts = accountIds?.length
+      ? accountIds.map((id) => this.getWithTokens(id)).filter(Boolean) as AccountWithTokens[]
+      : this.list().map((a) => this.getWithTokens(a.id)).filter(Boolean) as AccountWithTokens[];
+    for (const acc of accounts) {
+      if (!acc.accessToken.startsWith("sk-ant-oat")) continue; // only OAuth tokens
+      if (!acc.expiresAt) continue;
+      try {
+        await this.refreshAccessToken(acc.id);
+      } catch {
+        // Best-effort — skip accounts whose refresh token is already invalid
+      }
+    }
+  }
+
+  exportEncrypted(password: string, accountIds?: string[]): string {
+    // Fetch requested accounts (or all), decrypt tokens, encrypt whole payload with user password
+    const rows = accountIds?.length
+      ? accountIds.map((id) => getAccountById(id)).filter(Boolean) as AccountRow[]
+      : getAccounts();
+    const portable = rows.map((row) => {
+      let accessToken = row.access_token;
+      let refreshToken = row.refresh_token;
+      try { accessToken = decrypt(accessToken); } catch { /* already plaintext or corrupt */ }
+      try { refreshToken = decrypt(refreshToken); } catch { /* already plaintext or corrupt */ }
+      return { ...row, access_token: accessToken, refresh_token: refreshToken };
+    });
+    return encryptWithPassword(JSON.stringify(portable), password);
   }
 
-  importEncrypted(json: string): number {
-    const rows = JSON.parse(json) as AccountRow[];
+  importEncrypted(blob: string, password: string): number {
+    const plaintext = decryptWithPassword(blob, password);
+    const rows = JSON.parse(plaintext) as AccountRow[];
     if (!Array.isArray(rows)) throw new Error("Invalid backup format");
     let count = 0;
     for (const row of rows) {
@@ -521,12 +553,17 @@ class AccountService {
       // Skip if account already exists (by id or email)
       if (getAccountById(row.id)) continue;
       if (row.email && this.list().some((a) => a.email === row.email)) continue;
+      // Re-encrypt with this machine's key
+      let accessToken = row.access_token;
+      let refreshToken = row.refresh_token;
+      if (!looksEncrypted(accessToken)) accessToken = encrypt(accessToken);
+      if (!looksEncrypted(refreshToken)) refreshToken = encrypt(refreshToken);
       insertAccount({
         id: row.id,
         label: row.label,
         email: row.email,
-        access_token: row.access_token,
-        refresh_token: row.refresh_token,
+        access_token: accessToken,
+        refresh_token: refreshToken,
         expires_at: row.expires_at,
         status: row.status ?? "active",
         cooldown_until: row.cooldown_until,

package/src/web/components/chat/usage-badge.tsx

@@ -295,7 +295,7 @@ export function UsageDetailPanel({ usage, visible, onClose, onReload, loading, l
         <div className="flex items-center gap-1">
           {onReload && (
             <button
-              onClick={() => { setRefreshing(true); onReload(); }}
+              onClick={() => { onReload(); loadAll(); }}
               disabled={loading || refreshing}
               className="text-xs text-text-subtle hover:text-text-primary px-1 disabled:opacity-50 cursor-pointer"
               title="Refresh"