@lamalibre/portlama-agent 1.0.2 → 1.0.4

package/LICENSE.md

@@ -13,6 +13,7 @@ You may use, copy, modify, and distribute this software for any **noncommercial*
 Commercial use of this software requires a commercial license, available by contacting licence@codelama.com.tr.
 
 Commercial use includes, but is not limited to:
+
 - Using Portlama in a business to serve data to clients or partners
 - Deploying Portlama as part of a revenue-generating service or product
 - Using Portlama internally at a for-profit organization
@@ -85,7 +86,7 @@ The first time you are notified in writing that you have violated any of these t
 
 ### No Liability
 
-***As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim.***
+**_As far as the law allows, the software comes as is, without any warranty or condition, and the licensor will not be liable to you for any damages arising out of these terms or the use or nature of the software, under any kind of legal claim._**
 
 ### Definitions
 

package/README.md

@@ -15,17 +15,17 @@ connection details and an agent-scoped mTLS certificate.
 
 ## Commands
 
-| Command     | Description                              |
-| ----------- | ---------------------------------------- |
-| `setup`     | Install Chisel and configure the tunnel  |
-| `update`    | Update Chisel binary to latest version   |
-| `uninstall` | Remove Chisel, plist, and configuration  |
-| `status`    | Show tunnel connection status            |
-| `logs`      | Display recent tunnel logs               |
-| `sites`     | List all static sites                    |
-| `sites create <name>` | Create a new static site (admin cert only) |
-| `sites delete <name-or-id>` | Delete a static site (admin cert only) |
-| `deploy <name-or-id> <local-path>` | Deploy a local directory to a site |
+| Command                            | Description                                |
+| ---------------------------------- | ------------------------------------------ |
+| `setup`                            | Install Chisel and configure the tunnel    |
+| `update`                           | Update Chisel binary to latest version     |
+| `uninstall`                        | Remove Chisel, plist, and configuration    |
+| `status`                           | Show tunnel connection status              |
+| `logs`                             | Display recent tunnel logs                 |
+| `sites`                            | List all static sites                      |
+| `sites create <name>`              | Create a new static site (admin cert only) |
+| `sites delete <name-or-id>`        | Delete a static site (admin cert only)     |
+| `deploy <name-or-id> <local-path>` | Deploy a local directory to a site         |
 
 ### Sites Command
 
@@ -57,12 +57,12 @@ portlama-agent sites create docs --spa --auth
 portlama-agent sites create myblog --type custom --domain myblog.com
 ```
 
-| Flag | Default | Description |
-| ---- | ------- | ----------- |
-| `--type <managed\|custom>` | `managed` | Site type: managed subdomain or custom domain |
-| `--domain <fqdn>` | — | Custom domain (required when `--type custom`) |
-| `--spa` | off | Enable SPA mode (serve `index.html` for all routes) |
-| `--auth` | off | Enable Authelia protection |
+| Flag                       | Default   | Description                                         |
+| -------------------------- | --------- | --------------------------------------------------- |
+| `--type <managed\|custom>` | `managed` | Site type: managed subdomain or custom domain       |
+| `--domain <fqdn>`          | —         | Custom domain (required when `--type custom`)       |
+| `--spa`                    | off       | Enable SPA mode (serve `index.html` for all routes) |
+| `--auth`                   | off       | Enable Authelia protection                          |
 
 **Delete a site:**
 
@@ -102,10 +102,10 @@ portlama-agent deploy blog ./dist
 
 ## Requirements
 
-| Requirement | Details         |
-| ----------- | --------------- |
-| OS          | macOS           |
-| Node.js     | >= 20.0.0       |
+| Requirement | Details                         |
+| ----------- | ------------------------------- |
+| OS          | macOS                           |
+| Node.js     | >= 20.0.0                       |
 | Access      | User account (no root required) |
 
 ## How It Works

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lamalibre/portlama-agent",
-  "version": "1.0.2",
+  "version": "1.0.4",
   "description": "Mac agent for Portlama — installs Chisel tunnel client and manages launchd agent",
   "type": "module",
   "license": "SEE LICENSE IN LICENSE.md",
@@ -35,7 +35,8 @@
   "dependencies": {
     "chalk": "^5.3.0",
     "execa": "^9.0.0",
-    "listr2": "^8.0.0"
+    "listr2": "^8.0.0",
+    "ws": "^8.18.0"
   },
   "engines": {
     "node": ">=20.0.0"

package/src/commands/cp.js

@@ -0,0 +1,196 @@
+import { existsSync } from 'node:fs';
+import { stat } from 'node:fs/promises';
+import path from 'node:path';
+import chalk from 'chalk';
+import { assertMacOS } from '../lib/platform.js';
+import { requireAgentConfig } from '../lib/config.js';
+import { downloadRemoteFile, uploadRemoteFile } from '../lib/panel-api.js';
+
+/**
+ * Parse a cp argument to determine if it's a remote path (agent-label:/path)
+ * or a local path.
+ * @param {string} arg
+ * @returns {{ isRemote: boolean, agentLabel?: string, path: string }}
+ */
+function parseLocation(arg) {
+  // Match pattern: label:/path (label must be lowercase alphanumeric with hyphens, matching server validation)
+  const match = arg.match(/^([a-z0-9-]+):(.+)$/);
+  if (match) {
+    return { isRemote: true, agentLabel: match[1], path: match[2] };
+  }
+  return { isRemote: false, path: arg };
+}
+
+/**
+ * Run the file copy command.
+ * Supports download (remote → local) and upload (local → remote).
+ * @param {string[]} args
+ */
+export async function runCp(args) {
+  assertMacOS();
+  const config = await requireAgentConfig();
+
+  if (args.length < 2) {
+    printUsage();
+    process.exit(1);
+  }
+
+  const source = parseLocation(args[0]);
+  const dest = parseLocation(args[1]);
+
+  // Validate: exactly one side must be remote
+  if (source.isRemote && dest.isRemote) {
+    console.error(
+      chalk.red('\n  Cannot copy between two remote agents. One side must be a local path.\n'),
+    );
+    process.exit(1);
+  }
+
+  if (!source.isRemote && !dest.isRemote) {
+    console.error(
+      chalk.red(
+        '\n  Both paths are local. Use the system cp command for local copies.\n' +
+          '  For remote transfers, prefix with agent-label: (e.g. myagent:/path/to/file)\n',
+      ),
+    );
+    process.exit(1);
+  }
+
+  if (source.isRemote) {
+    await runDownload(config, source, dest);
+  } else {
+    await runUpload(config, source, dest);
+  }
+}
+
+/**
+ * Download a file from a remote agent.
+ * @param {object} config
+ * @param {{ agentLabel: string, path: string }} source
+ * @param {{ path: string }} dest
+ */
+async function runDownload(config, source, dest) {
+  const agentLabel = source.agentLabel;
+  const remotePath = source.path;
+  let localPath = path.resolve(dest.path);
+
+  // If dest is a directory, use the remote filename
+  try {
+    const destStat = await stat(localPath);
+    if (destStat.isDirectory()) {
+      const remoteBasename = path.basename(remotePath);
+      localPath = path.join(localPath, remoteBasename);
+    }
+  } catch {
+    // Path doesn't exist yet — that's fine, we'll create the file
+    // Ensure the parent directory exists
+    const parentDir = path.dirname(localPath);
+    if (!existsSync(parentDir)) {
+      console.error(chalk.red(`\n  Parent directory does not exist: ${parentDir}\n`));
+      process.exit(1);
+    }
+  }
+
+  console.log('');
+  console.log(chalk.dim(`  Downloading ${chalk.bold(agentLabel)}:${remotePath} → ${localPath}`));
+
+  try {
+    await downloadRemoteFile(
+      config.panelUrl,
+      config.p12Path,
+      config.p12Password,
+      agentLabel,
+      remotePath,
+      localPath,
+    );
+  } catch (err) {
+    console.error(chalk.red(`\n  Download failed: ${err.message}\n`));
+    process.exit(1);
+  }
+
+  console.log(`  ${chalk.green('✓')} Downloaded to ${chalk.cyan(localPath)}`);
+  console.log('');
+}
+
+/**
+ * Upload a local file to a remote agent.
+ * @param {object} config
+ * @param {{ path: string }} source
+ * @param {{ agentLabel: string, path: string }} dest
+ */
+async function runUpload(config, source, dest) {
+  const localPath = path.resolve(source.path);
+  const agentLabel = dest.agentLabel;
+  const remotePath = dest.path;
+
+  // Validate local file exists
+  if (!existsSync(localPath)) {
+    console.error(chalk.red(`\n  Local file not found: ${localPath}\n`));
+    process.exit(1);
+  }
+
+  let localStat;
+  try {
+    localStat = await stat(localPath);
+  } catch (err) {
+    console.error(chalk.red(`\n  Cannot read file: ${err.message}\n`));
+    process.exit(1);
+  }
+
+  if (!localStat.isFile()) {
+    console.error(
+      chalk.red('\n  Only single file transfers are currently supported.\n') +
+        chalk.dim(
+          '  To transfer a directory, archive it first (e.g. tar -czf archive.tar.gz dir/).\n',
+        ),
+    );
+    process.exit(1);
+  }
+
+  console.log('');
+  console.log(chalk.dim(`  Uploading ${localPath} → ${chalk.bold(agentLabel)}:${remotePath}`));
+
+  try {
+    await uploadRemoteFile(
+      config.panelUrl,
+      config.p12Path,
+      config.p12Password,
+      agentLabel,
+      remotePath,
+      localPath,
+    );
+  } catch (err) {
+    console.error(chalk.red(`\n  Upload failed: ${err.message}\n`));
+    process.exit(1);
+  }
+
+  console.log(`  ${chalk.green('✓')} Uploaded to ${chalk.cyan(`${agentLabel}:${remotePath}`)}`);
+  console.log('');
+}
+
+/**
+ * Print usage information.
+ */
+function printUsage() {
+  const c = chalk.cyan;
+  const d = chalk.dim;
+
+  console.error(`
+  ${chalk.bold('Usage:')}
+
+    ${c('portlama-agent cp')} ${d('<source> <destination>')}
+
+  ${chalk.bold('Download from agent:')}
+
+    ${c('portlama-agent cp myagent:/var/log/app.log ./app.log')}
+
+  ${chalk.bold('Upload to agent:')}
+
+    ${c('portlama-agent cp ./config.json myagent:/etc/app/config.json')}
+
+  ${chalk.bold('Notes:')}
+
+    Remote paths use the format: ${c('agent-label:/absolute/path')}
+    Only single file transfers are supported.
+`);
+}

package/src/commands/deploy.js

@@ -26,7 +26,7 @@ async function scanDirectory(dir, base = '') {
     const fullPath = path.join(dir, entry.name);
     const relPath = base ? path.join(base, entry.name) : entry.name;
     if (entry.isDirectory()) {
-      results.push(...await scanDirectory(fullPath, relPath));
+      results.push(...(await scanDirectory(fullPath, relPath)));
     } else if (entry.isFile()) {
       const s = await stat(fullPath);
       results.push({ relativePath: relPath, absolutePath: fullPath, size: s.size });
@@ -112,7 +112,9 @@ export async function runDeploy(args) {
       const ext = path.extname(f.relativePath) || '(no extension)';
       console.error(`    ${chalk.yellow(ext)}  ${f.relativePath}`);
     }
-    console.error(`\n  ${chalk.dim('Only static web assets are allowed. Remove these files and retry.')}\n`);
+    console.error(
+      `\n  ${chalk.dim('Only static web assets are allowed. Remove these files and retry.')}\n`,
+    );
     process.exit(1);
   }
 
@@ -160,12 +162,20 @@ export async function runDeploy(args) {
         title: 'Clearing remote files',
         task: async (_ctx, task) => {
           const { files: remoteFiles } = await fetchSiteFiles(
-            config.panelUrl, config.p12Path, config.p12Password, siteId, '.',
+            config.panelUrl,
+            config.p12Path,
+            config.p12Password,
+            siteId,
+            '.',
           );
           for (const f of remoteFiles) {
             task.output = `Removing ${f.name}`;
             await deleteSiteFile(
-              config.panelUrl, config.p12Path, config.p12Password, siteId, f.name,
+              config.panelUrl,
+              config.p12Path,
+              config.p12Password,
+              siteId,
+              f.name,
             );
           }
         },
@@ -190,8 +200,11 @@ export async function runDeploy(args) {
               const batch = groupFiles.slice(i, i + 10);
               const uploadDir = dir === '.' ? '.' : dir;
               await uploadSiteFiles(
-                config.panelUrl, config.p12Path, config.p12Password,
-                siteId, uploadDir,
+                config.panelUrl,
+                config.p12Path,
+                config.p12Password,
+                siteId,
+                uploadDir,
                 batch.map((f) => f.absolutePath),
               );
               uploaded += batch.length;
@@ -208,7 +221,11 @@ export async function runDeploy(args) {
           let remoteCount = 0;
           const countRemote = async (dirPath) => {
             const { files: entries } = await fetchSiteFiles(
-              config.panelUrl, config.p12Path, config.p12Password, siteId, dirPath,
+              config.panelUrl,
+              config.p12Path,
+              config.p12Password,
+              siteId,
+              dirPath,
             );
             for (const entry of entries) {
               if (entry.type === 'directory') {
@@ -223,7 +240,9 @@ export async function runDeploy(args) {
           const localCount = files.length;
           if (remoteCount !== localCount) {
             task.output = `Warning: remote has ${remoteCount} files but ${localCount} were uploaded`;
-            throw new Error(`Verification failed: expected ${localCount} files on remote but found ${remoteCount}`);
+            throw new Error(
+              `Verification failed: expected ${localCount} files on remote but found ${remoteCount}`,
+            );
           }
           task.output = `${remoteCount} files verified`;
         },
@@ -246,6 +265,8 @@ export async function runDeploy(args) {
   // Print summary
   const totalSize = files.reduce((sum, f) => sum + f.size, 0);
   console.log('');
-  console.log(`  ${chalk.green('✓')} Deployed ${chalk.bold(String(files.length))} files (${formatBytes(totalSize)}) to ${chalk.cyan(`https://${siteFqdn}/`)}`);
+  console.log(
+    `  ${chalk.green('✓')} Deployed ${chalk.bold(String(files.length))} files (${formatBytes(totalSize)}) to ${chalk.cyan(`https://${siteFqdn}/`)}`,
+  );
   console.log('');
 }

package/src/commands/setup.js

@@ -7,6 +7,7 @@ import chalk from 'chalk';
 import { assertMacOS, CHISEL_BIN_DIR, LOGS_DIR } from '../lib/platform.js';
 import { loadAgentConfig, saveAgentConfig } from '../lib/config.js';
 import { fetchHealth, fetchPlist, fetchTunnels } from '../lib/panel-api.js';
+import { extractPemFromP12, cleanupPemFiles } from '../lib/ws-helpers.js';
 import { installChisel } from '../lib/chisel.js';
 import { rewritePlist, writePlistFile } from '../lib/plist.js';
 import { isAgentLoaded, unloadAgent, loadAgent, getAgentPid } from '../lib/launchctl.js';
@@ -58,10 +59,7 @@ export async function runSetup() {
   console.log(chalk.dim('    Panel → Certificates → Agent Certificates → Generate'));
   console.log('');
 
-  const panelUrl = await prompt(
-    'Panel URL (e.g. https://1.2.3.4:9292)',
-    existingConfig?.panelUrl,
-  );
+  const panelUrl = await prompt('Panel URL (e.g. https://1.2.3.4:9292)', existingConfig?.panelUrl);
   if (!panelUrl) {
     throw new Error('Panel URL is required.');
   }
@@ -98,19 +96,33 @@ export async function runSetup() {
   const tasks = new Listr(
     [
       {
-        title: 'Verifying panel connectivity',
+        title: 'Creating directories',
+        task: async () => {
+          await mkdir(CHISEL_BIN_DIR, { recursive: true });
+          await mkdir(LOGS_DIR, { recursive: true });
+        },
+      },
+      {
+        title: 'Extracting certificates from P12',
         task: async (_ctx, task) => {
-          const health = await fetchHealth(ctx.panelUrl, ctx.p12Path, ctx.p12Password);
-          task.output = `Panel is reachable (status: ${health.status || 'ok'})`;
+          const pem = await extractPemFromP12(ctx.p12Path, ctx.p12Password);
+          if (pem.caPath) {
+            task.output = `mTLS CA certificate saved to ${pem.caPath}`;
+          } else {
+            task.output = 'No CA certificate found in P12';
+          }
+          // Clean up temporary PEM cert/key files — they are only needed transiently
+          await cleanupPemFiles(pem);
         },
         rendererOptions: { persistentOutput: true },
       },
       {
-        title: 'Creating directories',
-        task: async () => {
-          await mkdir(CHISEL_BIN_DIR, { recursive: true });
-          await mkdir(LOGS_DIR, { recursive: true });
+        title: 'Verifying panel connectivity',
+        task: async (_ctx, task) => {
+          const health = await fetchHealth(ctx.panelUrl, ctx.p12Path, ctx.p12Password);
+          task.output = `Panel is reachable (status: ${health.status || 'ok'})`;
         },
+        rendererOptions: { persistentOutput: true },
       },
       {
         title: 'Installing Chisel',
@@ -179,9 +191,7 @@ export async function runSetup() {
             if (loaded) {
               task.output = 'Agent loaded (process starting...)';
             } else {
-              throw new Error(
-                'Agent failed to load. Check logs with: portlama-agent logs',
-              );
+              throw new Error('Agent failed to load. Check logs with: portlama-agent logs');
             }
           }
         },
@@ -230,30 +240,66 @@ function printSetupSummary(ctx) {
 
   console.log('');
   console.log(c('  ╔══════════════════════════════════════════════════════════╗'));
-  console.log(c('  ║') + `  ${g.bold('Portlama Agent installed successfully!')}` + ' '.repeat(17) + c('║'));
+  console.log(
+    c('  ║') + `  ${g.bold('Portlama Agent installed successfully!')}` + ' '.repeat(17) + c('║'),
+  );
   console.log(c('  ╠══════════════════════════════════════════════════════════╣'));
 
   if (ctx.domain) {
-    console.log(c('  ║') + `  ${b('Domain:')}  ${c(ctx.domain)}` + ' '.repeat(Math.max(0, 46 - ctx.domain.length)) + c('║'));
+    console.log(
+      c('  ║') +
+        `  ${b('Domain:')}  ${c(ctx.domain)}` +
+        ' '.repeat(Math.max(0, 46 - ctx.domain.length)) +
+        c('║'),
+    );
   }
 
-  console.log(c('  ║') + `  ${b('Chisel:')}  ${ctx.chiselVersion}` + ' '.repeat(Math.max(0, 46 - (ctx.chiselVersion || '').length)) + c('║'));
-  console.log(c('  ║') + `  ${b('Tunnels:')} ${ctx.tunnels.length} configured` + ' '.repeat(33) + c('║'));
+  console.log(
+    c('  ║') +
+      `  ${b('Chisel:')}  ${ctx.chiselVersion}` +
+      ' '.repeat(Math.max(0, 46 - (ctx.chiselVersion || '').length)) +
+      c('║'),
+  );
+  console.log(
+    c('  ║') + `  ${b('Tunnels:')} ${ctx.tunnels.length} configured` + ' '.repeat(33) + c('║'),
+  );
   console.log(c('  ║') + ' '.repeat(58) + c('║'));
 
   if (ctx.tunnels.length > 0) {
     for (const t of ctx.tunnels) {
       const line = `${t.subdomain} → localhost:${t.port}`;
-      console.log(c('  ║') + `    ${d('•')} ${line}` + ' '.repeat(Math.max(0, 54 - line.length)) + c('║'));
+      console.log(
+        c('  ║') + `    ${d('•')} ${line}` + ' '.repeat(Math.max(0, 54 - line.length)) + c('║'),
+      );
     }
     console.log(c('  ║') + ' '.repeat(58) + c('║'));
   }
 
   console.log(c('  ║') + `  ${b('Commands:')}` + ' '.repeat(47) + c('║'));
-  console.log(c('  ║') + `    ${d('portlama-agent status')}    ${d('— check agent health')}` + ' '.repeat(11) + c('║'));
-  console.log(c('  ║') + `    ${d('portlama-agent logs')}      ${d('— stream chisel logs')}` + ' '.repeat(11) + c('║'));
-  console.log(c('  ║') + `    ${d('portlama-agent update')}    ${d('— refresh tunnel config')}` + ' '.repeat(8) + c('║'));
-  console.log(c('  ║') + `    ${d('portlama-agent uninstall')} ${d('— remove everything')}` + ' '.repeat(12) + c('║'));
+  console.log(
+    c('  ║') +
+      `    ${d('portlama-agent status')}    ${d('— check agent health')}` +
+      ' '.repeat(11) +
+      c('║'),
+  );
+  console.log(
+    c('  ║') +
+      `    ${d('portlama-agent logs')}      ${d('— stream chisel logs')}` +
+      ' '.repeat(11) +
+      c('║'),
+  );
+  console.log(
+    c('  ║') +
+      `    ${d('portlama-agent update')}    ${d('— refresh tunnel config')}` +
+      ' '.repeat(8) +
+      c('║'),
+  );
+  console.log(
+    c('  ║') +
+      `    ${d('portlama-agent uninstall')} ${d('— remove everything')}` +
+      ' '.repeat(12) +
+      c('║'),
+  );
   console.log(c('  ║') + ' '.repeat(58) + c('║'));
   console.log(c('  ╚══════════════════════════════════════════════════════════╝'));
   console.log('');