@miraj181/ipingyou 2.1.3 โ 2.1.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -9
- package/package.json +1 -1
- package/src/cli.js +4 -0
- package/src/modes/host.js +18 -0
package/README.md
CHANGED
|
@@ -25,7 +25,7 @@ No firewalls to configure. No port forwarding. No plaintext leakage.
|
|
|
25
25
|
* ๐งญ **Approval Gate**: Require the Host to explicitly approve clients before they receive tunnel/key material.
|
|
26
26
|
* ๐ฆ **One-Time File Share**: Serve a single file/folder over SCP and revoke after use.
|
|
27
27
|
* ๐ **HTTP & TCP Exposure**: Share a local web app or any TCP service (DB/RDP/VNC) beyond SSH.
|
|
28
|
-
* ๐ **Shared Drop Folder**: Auto-prepared dropbox folder for safe file transfers (macOS friendly).
|
|
28
|
+
* ๐ **Shared Drop Folder**: Auto-prepared dropbox folder for safe file transfers (macOS friendly), removed on exit.
|
|
29
29
|
* ๐งพ **Live Session Logs**: Host/client/broker write ephemeral per-session logs with actions and request/response status, removed on exit.
|
|
30
30
|
|
|
31
31
|
---
|
|
@@ -60,22 +60,43 @@ securelink
|
|
|
60
60
|
|
|
61
61
|
## ๐ Zero-Knowledge Architecture
|
|
62
62
|
|
|
63
|
-
The public broker server exists solely to rendezvous connections. It is fundamentally a **"Dumb Pipe"**.
|
|
63
|
+
The public broker server exists solely to rendezvous connections and approvals. It is fundamentally a **"Dumb Pipe"**.
|
|
64
|
+
|
|
65
|
+
### Session Bootstrap & Data Path
|
|
64
66
|
|
|
65
67
|
```mermaid
|
|
66
68
|
graph LR
|
|
67
|
-
H[Host CLI] -->|AES-256-CBC Encrypted Payload| B((Broker Relay))
|
|
68
|
-
|
|
69
|
+
H[Host CLI] -->|AES-256-CBC Encrypted Session Payload| B((Broker Relay))
|
|
70
|
+
H -->|Host Auth Token for approvals and telemetry| B
|
|
71
|
+
B -->|Encrypted Session Payload| C[Client CLI]
|
|
69
72
|
C -->|Locally Decrypts Password| C
|
|
70
|
-
C -->|Direct Cloudflare SSH| H
|
|
73
|
+
C -->|Direct Cloudflare SSH/TCP| H
|
|
71
74
|
C -->|E2E AES-GCM WebSockets| H
|
|
72
75
|
```
|
|
73
76
|
|
|
74
|
-
1. **Host** starts up, spawns `cloudflared` tunnels for SSH and Chat,
|
|
75
|
-
2. **Host** encrypts the
|
|
77
|
+
1. **Host** starts up, spawns `cloudflared` tunnels for SSH/HTTP/TCP and Chat, then generates a random **AES-256 Session Password** plus a **host-only auth token**.
|
|
78
|
+
2. **Host** encrypts the session payload with the password and registers the ciphertext (plus the host token) with the Broker under a short UID.
|
|
76
79
|
3. **Client** runs `ipingyou connect`, enters the UID and Password.
|
|
77
|
-
4. **Client** fetches the ciphertext, decrypts it locally, and connects directly via SSH
|
|
78
|
-
5. On `Ctrl+C`, `tree-kill` initiates a graceful shutdown, revokes the UID from the broker, and
|
|
80
|
+
4. **Client** fetches the ciphertext, decrypts it locally, and connects directly via SSH or WebSockets.
|
|
81
|
+
5. On `Ctrl+C`, `tree-kill` initiates a graceful shutdown, revokes the UID from the broker, and removes session artifacts.
|
|
82
|
+
|
|
83
|
+
### Approval Gate Flow (Optional)
|
|
84
|
+
|
|
85
|
+
```mermaid
|
|
86
|
+
sequenceDiagram
|
|
87
|
+
participant C as Client CLI
|
|
88
|
+
participant B as Broker Relay
|
|
89
|
+
participant H as Host CLI
|
|
90
|
+
C->>B: approval-request encrypted metadata
|
|
91
|
+
H->>B: fetch approvals with x-host-token
|
|
92
|
+
H->>B: approve/deny with x-host-token
|
|
93
|
+
C->>B: poll approval status
|
|
94
|
+
B-->>C: approved/denied
|
|
95
|
+
```
|
|
96
|
+
|
|
97
|
+
1. **Client** submits encrypted approval metadata (username, host, intent) to the Broker.
|
|
98
|
+
2. **Host** lists and decides approvals using its host-only auth token; the Broker never shares this token with clients.
|
|
99
|
+
3. **Client** polls for approval status and proceeds only when approved.
|
|
79
100
|
|
|
80
101
|
---
|
|
81
102
|
|
|
@@ -111,6 +132,8 @@ These alerts (e.g., "AI-detected potential code anomaly", "Shell access", "Netwo
|
|
|
111
132
|
| `ipingyou service install` | ๐ป Installs Host mode as an always-on background daemon. |
|
|
112
133
|
| `ipingyou service stop` | Stops and removes the background daemon. |
|
|
113
134
|
| `ipingyou service status` | Shows background daemon status. |
|
|
135
|
+
| `ipingyou allowlist` | Manage the AI command allowlist (list/add/remove). |
|
|
136
|
+
| `ipingyou history` | View session event logs from `~/.ipingyou/logs`. |
|
|
114
137
|
|
|
115
138
|
---
|
|
116
139
|
|
package/package.json
CHANGED
package/src/cli.js
CHANGED
|
@@ -122,6 +122,8 @@ function showRichHelp() {
|
|
|
122
122
|
console.log(` โข Cloudflare Tunnels punch through NAT/Firewalls securely.`);
|
|
123
123
|
console.log(` โข ${chalk.green('End-to-End Encryption')}: Tunnel URLs are AES-256 encrypted locally.`);
|
|
124
124
|
console.log(` โข The Broker never sees your plaintext URL, only ciphertext.`);
|
|
125
|
+
console.log(` โข ${chalk.green('Host Auth Token')}: Host-only token gates approvals & telemetry access.`);
|
|
126
|
+
console.log(` โข ${chalk.green('Approval Gate')}: Clients submit encrypted metadata; Host approves/denies.`);
|
|
125
127
|
console.log('');
|
|
126
128
|
|
|
127
129
|
console.log(chalk.bold.white(' ๐ฅ Advanced Features:'));
|
|
@@ -130,6 +132,8 @@ function showRichHelp() {
|
|
|
130
132
|
console.log(` โข ${chalk.green('E2E Chat Room')} : Real-time Web Crypto AES-GCM secure chat UI for Host & Clients.`);
|
|
131
133
|
console.log(` โข ${chalk.green('Daemonization')} : Run Host mode as a background service via PM2.`);
|
|
132
134
|
console.log(` โข ${chalk.green('Panic Kill-Switch')} : Instantly purge all processes, configurations, and traces.`);
|
|
135
|
+
console.log(` โข ${chalk.green('Shared Drop Folder')} : Session dropbox auto-removed on exit.`);
|
|
136
|
+
console.log(` โข ${chalk.green('Live Session Logs')} : Host/client/broker events written per session.`);
|
|
133
137
|
console.log('');
|
|
134
138
|
|
|
135
139
|
console.log(chalk.bold.white(' ๐ก Examples:'));
|
package/src/modes/host.js
CHANGED
|
@@ -193,6 +193,23 @@ async function prepareSharedDropFolder(uid) {
|
|
|
193
193
|
return dropPath;
|
|
194
194
|
}
|
|
195
195
|
|
|
196
|
+
async function cleanupSharedDropFolder(dropPath, uid) {
|
|
197
|
+
if (!dropPath) return;
|
|
198
|
+
const expectedPath = path.join(os.homedir(), `ipingyou-dropbox-${uid}`);
|
|
199
|
+
if (path.resolve(dropPath) !== path.resolve(expectedPath)) {
|
|
200
|
+
console.log(chalk.yellow(' Skipping drop folder cleanup (unexpected path).'));
|
|
201
|
+
return;
|
|
202
|
+
}
|
|
203
|
+
try {
|
|
204
|
+
const stat = await fs.promises.lstat(dropPath).catch(() => null);
|
|
205
|
+
if (!stat || !stat.isDirectory() || stat.isSymbolicLink()) return;
|
|
206
|
+
console.log(chalk.dim(' Removing shared drop folder...'));
|
|
207
|
+
await fs.promises.rm(dropPath, { recursive: true, force: true });
|
|
208
|
+
} catch (err) {
|
|
209
|
+
console.log(chalk.yellow(` Could not remove drop folder: ${err.message}`));
|
|
210
|
+
}
|
|
211
|
+
}
|
|
212
|
+
|
|
196
213
|
function showMacPrivacyPreflight(sharedDropPath) {
|
|
197
214
|
if (process.platform !== 'darwin') return;
|
|
198
215
|
|
|
@@ -953,6 +970,7 @@ export async function startHostMode() {
|
|
|
953
970
|
serviceConfig.sharedDropPath = await prepareSharedDropFolder(uid);
|
|
954
971
|
console.log(chalk.green(` โ Shared drop folder ready: ${serviceConfig.sharedDropPath}`));
|
|
955
972
|
showMacPrivacyPreflight(serviceConfig.sharedDropPath);
|
|
973
|
+
addCleanupHook(() => cleanupSharedDropFolder(serviceConfig.sharedDropPath, uid));
|
|
956
974
|
} catch (err) {
|
|
957
975
|
console.log(chalk.yellow(` โ ๏ธ Could not prepare shared drop folder: ${err.message}`));
|
|
958
976
|
}
|