@jhizzard/termdeck 0.3.4 → 0.3.6

package/README.md

@@ -137,7 +137,7 @@ Restart Claude Code. Six MCP tools appear: `memory_remember`, `memory_recall`, `
 
 ### Tier 3 — Add Rumen for async learning
 
-Rumen is a separate npm package — `@jhizzard/rumen@0.3.6` — that ships as a Supabase Edge Function designed to run on a 15-minute `pg_cron` schedule. It's the async reflection layer over Mnestra: it reads recent session memories, cross-references them with your entire historical corpus via hybrid search, synthesizes insights via Claude Haiku, and writes the results back into `rumen_insights` (a new table alongside Mnestra's `memory_items`). TermDeck's Flashback and Claude Code's `memory_recall` both automatically benefit because insights flow back into the same database.
+Rumen is a separate npm package — `@jhizzard/rumen@0.4.0` — that ships as a Supabase Edge Function designed to run on a 15-minute `pg_cron` schedule. It's the async reflection layer over Mnestra: it reads recent session memories, cross-references them with your entire historical corpus via hybrid search, synthesizes insights via Claude Haiku, and writes the results back into `rumen_insights` (a new table alongside Mnestra's `memory_items`). TermDeck's Flashback and Claude Code's `memory_recall` both automatically benefit because insights flow back into the same database.
 
 **Rumen is live.** First full-kickstart run against a production Mnestra store on 2026-04-15 19:47 UTC: **111 sessions processed, 111 insights generated** in one pass. Insights surfaced patterns like "the error detection regex in Flashback misses `No such file or directory` — same class of blind spot as X" and "Practice sessions exist as a separate model but frontend components were built and never wired into the schedule view." The cognitive loop is closed.
 
@@ -159,9 +159,9 @@ Honest limits, stated upfront so the skeptic has nothing to chase:
 
 - **Not magic.** It fires on pattern-matched status transitions from the PTY output analyzer (non-zero exits, `Error:` / `Traceback` / `panic:` / `command not found` / similar). If the analyzer misses your error class, no Flashback. Pattern tuning is an ongoing process.
 - **Not a replacement for reading docs.** It's the shortest path to a memory you already wrote. If the memory isn't there, the feature does nothing.
-- **Not fully local by default.** Tier 2+ reaches out to Supabase for storage and OpenAI for embeddings. Tier 1 is fully local. A fully-local Tier 2 (local Postgres + local embeddings) is on the Sprint 3 roadmap.
+- **Not fully local by default.** Tier 2+ reaches out to Supabase for storage and OpenAI for embeddings. Tier 1 is fully local. A fully-local Tier 2 (local Postgres + local embeddings) is on the roadmap.
 - **Not free forever.** Tier 2+ pays OpenAI fractions of a cent per memory for embeddings. Self-hosted embeddings via Ollama are on the roadmap.
-- **Not proven at scale.** v0.2.5, validated against 3,527 memories in one developer's production store. First full Rumen kickstart on 2026-04-15 processed 111 sessions into 111 insights in one pass. No multi-user data yet. Bug reports and issues welcome.
+- **Not proven at scale.** v0.3.5, validated against 3,527 memories in one developer's production store. First full Rumen kickstart on 2026-04-15 processed 111 sessions into 111 insights in one pass. No multi-user data yet. Bug reports and issues welcome.
 
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jhizzard/termdeck",
-  "version": "0.3.4",
+  "version": "0.3.6",
   "description": "Browser-based terminal multiplexer with metadata overlays, panel flashback memory recall, and AI-aware session management",
   "bin": {
     "termdeck": "./packages/cli/src/index.js"

package/packages/server/src/auth.js

@@ -156,9 +156,17 @@ function verifyWebSocketUpgrade(config, req) {
   return !!provided && provided === token;
 }
 
+// Whether a usable auth token is configured (via config.auth.token or the
+// TERMDECK_AUTH_TOKEN env var). Used by the bind guardrail in index.js to
+// decide whether binding to a non-localhost interface is permitted.
+function hasAuth(config) {
+  return !!getConfiguredToken(config);
+}
+
 module.exports = {
   createAuthMiddleware,
   verifyWebSocketUpgrade,
   getConfiguredToken,
+  hasAuth,
   loginPage
 };

package/packages/server/src/index.js

@@ -60,7 +60,7 @@ const { TranscriptWriter } = require('./transcripts');
 const { createHealthHandler } = require('./preflight');
 const { themes, statusColors } = require('./themes');
 const { loadConfig, addProject } = require('./config');
-const { createAuthMiddleware, verifyWebSocketUpgrade } = require('./auth');
+const { createAuthMiddleware, verifyWebSocketUpgrade, hasAuth } = require('./auth');
 
 function createServer(config) {
   const app = express();
@@ -852,10 +852,23 @@ if (require.main === module) {
     config.sessionLogs = { ...(config.sessionLogs || {}), enabled: true };
   }
 
-  const { server, transcriptWriter } = createServer(config);
   const port = config.port || 3000;
   const host = config.host || '127.0.0.1';
 
+  // Bind guardrail (Sprint 10 T1): refuse to start on a non-localhost
+  // interface unless an auth token is configured. Binding 0.0.0.0 without
+  // auth is equivalent to publishing a root shell on the LAN — fail closed.
+  if (host !== '127.0.0.1' && host !== 'localhost' && host !== '::1') {
+    if (!hasAuth(config)) {
+      console.error('[security] Refusing to bind to ' + host + ' without auth.token set.');
+      console.error('[security] Set auth.token in ~/.termdeck/config.yaml or TERMDECK_AUTH_TOKEN env var.');
+      console.error('[security] To bind locally only, remove the host setting or set host: 127.0.0.1');
+      process.exit(1);
+    }
+  }
+
+  const { server, transcriptWriter } = createServer(config);
+
   // Graceful shutdown — flush transcript buffer before exit
   let shutdownInProgress = false;
   async function handleShutdown(signal) {