@openchamber/web 1.11.5 → 1.11.6

package/dist/index.html

@@ -532,10 +532,10 @@
         pointer-events: none;
       }
     </style>
-    <script type="module" crossorigin src="/assets/main-VVcyjpiF.js"></script>
-    <link rel="modulepreload" crossorigin href="/assets/index-DHluop4D.js">
+    <script type="module" crossorigin src="/assets/main-Blhx9Fp5.js"></script>
+    <link rel="modulepreload" crossorigin href="/assets/index-B9LvUHdG.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-.bun-Bum-iBXX.js">
-    <link rel="stylesheet" crossorigin href="/assets/index-Bk9IWJe1.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-UcCH2KN9.css">
     <link rel="stylesheet" crossorigin href="/assets/vendor--V65Sl9C2.css">
   </head>
   <body class="h-full bg-background text-foreground">

package/dist/mini-chat.html

@@ -4,10 +4,10 @@
     <meta charset="UTF-8" />
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no, viewport-fit=cover" />
     <title>OpenChamber Mini Chat</title>
-    <script type="module" crossorigin src="/assets/miniChat-a9w7WM0c.js"></script>
-    <link rel="modulepreload" crossorigin href="/assets/index-DHluop4D.js">
+    <script type="module" crossorigin src="/assets/miniChat-CJ7-rZFl.js"></script>
+    <link rel="modulepreload" crossorigin href="/assets/index-B9LvUHdG.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-.bun-Bum-iBXX.js">
-    <link rel="stylesheet" crossorigin href="/assets/index-Bk9IWJe1.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-UcCH2KN9.css">
     <link rel="stylesheet" crossorigin href="/assets/vendor--V65Sl9C2.css">
   </head>
   <body class="h-full bg-background text-foreground">

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@openchamber/web",
-  "version": "1.11.5",
+  "version": "1.11.6",
   "private": false,
   "type": "module",
   "main": "./server/index.js",

package/server/index.js

@@ -14,6 +14,7 @@ import { createTunnelAuth } from './lib/opencode/tunnel-auth.js';
 import { createManagedTunnelConfigRuntime } from './lib/tunnels/managed-config.js';
 import { createTunnelProviderRegistry } from './lib/tunnels/registry.js';
 import { createCloudflareTunnelProvider } from './lib/tunnels/providers/cloudflare.js';
+import { createNgrokTunnelProvider } from './lib/tunnels/providers/ngrok.js';
 import { createRequestSecurityRuntime } from './lib/security/request-security.js';
 import {
   TUNNEL_MODE_MANAGED_LOCAL,
@@ -449,6 +450,7 @@ let activeTunnelController = null;
 let globalWatcherStartPromise = null;
 const tunnelProviderRegistry = createTunnelProviderRegistry([
   createCloudflareTunnelProvider(),
+  createNgrokTunnelProvider(),
 ]);
 tunnelProviderRegistry.seal();
 const tunnelAuthController = createTunnelAuth();

package/server/lib/cloudflare-tunnel.js

@@ -637,14 +637,12 @@ export async function startCloudflareTunnel({ originUrl, port }) {
 
 export function printTunnelWarning() {
   console.log(`
-⚠️  Cloudflare Quick Tunnel Limitations:
+⚠️  Quick Tunnel Limitations:
 
-   • Maximum 200 concurrent requests
-   • Server-Sent Events (SSE) are NOT supported
+   • Provider limits may apply
    • URLs are temporary and will expire when the tunnel stops
    • Password protection is required for tunnel access
 
-   For production use, set up a managed remote Cloudflare Tunnel:
-   https://developers.cloudflare.com/cloudflare-one/networks/connectors/cloudflare-tunnel/
+   For production use, set up a persistent provider tunnel or static domain.
 `);
 }

package/server/lib/ngrok-tunnel.js

@@ -0,0 +1,209 @@
+import { spawn, spawnSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+
+const DEFAULT_STARTUP_TIMEOUT_MS = 30000;
+const NGROK_API_URL = 'http://127.0.0.1:4040/api/tunnels';
+const NGROK_INSTALL_HELP = 'brew install ngrok';
+const NGROK_AUTHTOKEN_HELP = 'Run: ngrok config add-authtoken <your-ngrok-token>';
+
+async function searchPathFor(command) {
+  const pathValue = process.env.PATH || '';
+  const segments = pathValue.split(path.delimiter).filter(Boolean);
+  const WINDOWS_EXTENSIONS = process.platform === 'win32'
+    ? (process.env.PATHEXT || '.EXE;.CMD;.BAT;.COM')
+        .split(';')
+        .map((ext) => ext.trim().toLowerCase())
+        .filter(Boolean)
+        .map((ext) => (ext.startsWith('.') ? ext : `.${ext}`))
+    : [''];
+
+  for (const dir of segments) {
+    for (const ext of WINDOWS_EXTENSIONS) {
+      const fileName = process.platform === 'win32' ? `${command}${ext}` : command;
+      const candidate = path.join(dir, fileName);
+      try {
+        const stats = fs.statSync(candidate);
+        if (!stats.isFile()) {
+          continue;
+        }
+        if (process.platform !== 'win32') {
+          try {
+            fs.accessSync(candidate, fs.constants.X_OK);
+          } catch {
+            continue;
+          }
+        }
+        return candidate;
+      } catch {
+        continue;
+      }
+    }
+  }
+  return null;
+}
+
+export async function checkNgrokAvailable() {
+  const ngrokPath = await searchPathFor('ngrok');
+  if (ngrokPath) {
+    try {
+      const result = spawnSync(ngrokPath, ['version'], {
+        encoding: 'utf8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+        windowsHide: true,
+      });
+      if (result.status === 0) {
+        return { available: true, path: ngrokPath, version: result.stdout.trim() || result.stderr.trim() };
+      }
+    } catch {
+      // Ignore and report unavailable below.
+    }
+  }
+  return { available: false, path: null, version: null };
+}
+
+export async function checkNgrokAuthtokenConfigured(ngrokPath = null) {
+  if (typeof process.env.NGROK_AUTHTOKEN === 'string' && process.env.NGROK_AUTHTOKEN.trim().length > 0) {
+    return { configured: true, detail: 'NGROK_AUTHTOKEN is set.' };
+  }
+
+  const resolvedPath = ngrokPath || await searchPathFor('ngrok');
+  if (!resolvedPath) {
+    return { configured: false, detail: `ngrok is not installed. Install it with: ${NGROK_INSTALL_HELP}` };
+  }
+
+  try {
+    const result = spawnSync(resolvedPath, ['config', 'check'], {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+      windowsHide: true,
+    });
+    const output = `${result.stdout || ''}${result.stderr || ''}`.trim();
+    if (result.status === 0) {
+      return { configured: true, detail: output || 'ngrok config is valid.' };
+    }
+    return { configured: false, detail: output || NGROK_AUTHTOKEN_HELP };
+  } catch (error) {
+    return {
+      configured: false,
+      detail: error instanceof Error ? error.message : String(error),
+    };
+  }
+}
+
+export async function checkNgrokApiReachability({ fetchImpl = globalThis.fetch, timeoutMs = 5000 } = {}) {
+  if (typeof fetchImpl !== 'function') {
+    return { reachable: false, status: null, error: 'Fetch API is unavailable in this runtime.' };
+  }
+
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetchImpl('https://api.ngrok.com/', {
+      method: 'GET',
+      signal: controller.signal,
+    });
+    return { reachable: true, status: response.status, error: null };
+  } catch (error) {
+    return {
+      reachable: false,
+      status: null,
+      error: error instanceof Error ? error.message : String(error),
+    };
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+const spawnNgrok = (args, resolvedBinaryPath = 'ngrok') => spawn(resolvedBinaryPath, args, {
+  stdio: ['ignore', 'pipe', 'pipe'],
+  windowsHide: true,
+  env: process.env,
+  killSignal: 'SIGINT',
+});
+
+async function fetchNgrokPublicUrl(fetchImpl = globalThis.fetch) {
+  if (typeof fetchImpl !== 'function') {
+    return null;
+  }
+  try {
+    const response = await fetchImpl(NGROK_API_URL, { method: 'GET' });
+    if (!response.ok) {
+      return null;
+    }
+    const payload = await response.json();
+    const tunnels = Array.isArray(payload?.tunnels) ? payload.tunnels : [];
+    const httpsTunnel = tunnels.find((entry) => entry?.proto === 'https' && typeof entry?.public_url === 'string');
+    const fallbackTunnel = tunnels.find((entry) => typeof entry?.public_url === 'string');
+    return httpsTunnel?.public_url || fallbackTunnel?.public_url || null;
+  } catch {
+    return null;
+  }
+}
+
+export async function startNgrokQuickTunnel({ port }) {
+  const ngrokCheck = await checkNgrokAvailable();
+  if (!ngrokCheck.available) {
+    throw new Error(`ngrok is not installed. Install it with: ${NGROK_INSTALL_HELP}`);
+  }
+
+  const authtokenCheck = await checkNgrokAuthtokenConfigured(ngrokCheck.path);
+  if (!authtokenCheck.configured) {
+    throw new Error(`ngrok authtoken is not configured. ${NGROK_AUTHTOKEN_HELP}`);
+  }
+
+  if (!Number.isFinite(port)) {
+    throw new Error('A local port is required to start an ngrok tunnel');
+  }
+
+  const child = spawnNgrok(['http', String(port)], ngrokCheck.path);
+  let publicUrl = null;
+
+  child.stdout.on('data', () => {
+    // Keep stream drained; ngrok exposes the URL via its local API.
+  });
+
+  child.stderr.on('data', (chunk) => {
+    process.stderr.write(chunk.toString('utf8'));
+  });
+
+  child.on('error', (error) => {
+    console.error(`Ngrok error: ${error.message}`);
+  });
+
+  await new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      clearInterval(checkReady);
+      try { child.kill('SIGINT'); } catch { /* ignore */ }
+      reject(new Error('Ngrok tunnel URL not received within 30 seconds'));
+    }, DEFAULT_STARTUP_TIMEOUT_MS);
+
+    const checkReady = setInterval(async () => {
+      publicUrl = await fetchNgrokPublicUrl();
+      if (publicUrl) {
+        clearTimeout(timeout);
+        clearInterval(checkReady);
+        resolve(null);
+      }
+    }, 250);
+
+    child.once('exit', (code) => {
+      clearTimeout(timeout);
+      clearInterval(checkReady);
+      reject(new Error(`Ngrok exited while starting (code ${code ?? 'unknown'})`));
+    });
+  });
+
+  return {
+    mode: 'quick',
+    stop: () => {
+      try {
+        child.kill('SIGINT');
+      } catch {
+        // Ignore.
+      }
+    },
+    process: child,
+    getPublicUrl: () => publicUrl,
+  };
+}

package/server/lib/opencode/core-routes.js

@@ -521,6 +521,7 @@ export const registerCommonRequestMiddleware = (app, dependencies) => {
       req.path.startsWith('/api/config/snippets') ||
       req.path.startsWith('/api/config/settings') ||
       req.path.startsWith('/api/config/skills') ||
+      req.path.startsWith('/api/config/plugins') ||
       req.path.startsWith('/api/projects') ||
       req.path.startsWith('/api/fs') ||
       req.path.startsWith('/api/git') ||

package/server/lib/opencode/feature-routes-runtime.js

@@ -9,6 +9,9 @@ import { registerSettingsUtilityRoutes } from './core-routes.js';
 import { registerProjectIconRoutes } from './project-icon-routes.js';
 import { registerScheduledTaskRoutes } from '../scheduled-tasks/routes.js';
 import { registerSkillRoutes } from './skill-routes.js';
+import { registerPluginRoutes } from './plugin-routes.js';
+import { getNpmInfo, clearCache as clearNpmCache } from './npm-registry.js';
+import { parseNpmSpec, parsePathSpec, isExactSemver } from './plugin-spec.js';
 import { registerOpenCodeRoutes } from './routes.js';
 
 export const createFeatureRoutesRuntime = (dependencies) => {
@@ -129,6 +132,17 @@ export const createFeatureRoutesRuntime = (dependencies) => {
       updateSnippet,
       deleteSnippet,
       expandSnippets,
+      listPluginEntries,
+      getPluginEntry,
+      createPluginEntry,
+      updatePluginEntry,
+      deletePluginEntry,
+      listPluginDirFiles,
+      readPluginDirFile,
+      writePluginDirFile,
+      deletePluginDirFile,
+      encodePluginId,
+      decodePluginId,
     } = await import('./index.js');
 
     registerConfigEntityRoutes(app, {
@@ -158,6 +172,27 @@ export const createFeatureRoutesRuntime = (dependencies) => {
       expandSnippets,
     });
 
+    registerPluginRoutes(app, {
+      resolveOptionalProjectDirectory,
+      refreshOpenCodeAfterConfigChange,
+      clientReloadDelayMs,
+      listPluginEntries,
+      getPluginEntry,
+      createPluginEntry,
+      updatePluginEntry,
+      deletePluginEntry,
+      listPluginDirFiles,
+      readPluginDirFile,
+      writePluginDirFile,
+      deletePluginDirFile,
+      encodePluginId,
+      decodePluginId,
+      getNpmInfo,
+      parseNpmSpec,
+      parsePathSpec,
+      isExactSemver,
+    });
+
     const {
       getSkillSources,
       discoverSkills,

package/server/lib/opencode/index.js

@@ -66,6 +66,22 @@ export {
   deleteMcpConfig,
 } from './mcp.js';
 
+export {
+  listPluginEntries,
+  getPluginEntry,
+  createPluginEntry,
+  updatePluginEntry,
+  deletePluginEntry,
+  listPluginDirFiles,
+  readPluginDirFile,
+  writePluginDirFile,
+  deletePluginDirFile,
+  encodePluginId,
+  decodePluginId,
+  parsePluginRaw,
+  serializePluginEntry,
+} from './plugins.js';
+
 export {
   listSnippets,
   getSnippet,
@@ -74,3 +90,6 @@ export {
   deleteSnippet,
   expandSnippets,
 } from './snippets.js';
+
+export { getNpmInfo, lookupNpmPackage, clearCache as clearNpmCache } from './npm-registry.js';
+export { parseNpmSpec, parsePathSpec, isExactSemver } from './plugin-spec.js';

package/server/lib/opencode/npm-registry.js

@@ -0,0 +1,157 @@
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+
+export const NPM_CACHE_TTL_MS = 3_600_000;
+export const NPM_FETCH_TIMEOUT_MS = 5_000;
+export const NPM_REGISTRY_BASE = 'https://registry.npmjs.org';
+
+/**
+ * @typedef {Object} NpmPackagePayload
+ * @property {true} ok
+ * @property {string|null} latest
+ * @property {string[]} versions
+ * @property {Record<string, string>} distTags
+ *
+ * @typedef {Object} NpmLookupError
+ * @property {false} ok
+ * @property {number|'network'} status
+ * @property {string} error
+ *
+ * @typedef {NpmPackagePayload | NpmLookupError} NpmLookupResult
+ * @typedef {{ forceRefresh?: boolean }} NpmInfoOptions
+ * @typedef {{ fetchedAt: number, payload: NpmLookupResult }} CacheEntry
+ */
+
+/** @type {Map<string, CacheEntry>} */
+const _cache = new Map();
+
+/** @type {Map<string, Promise<NpmLookupResult>>} */
+const _inFlight = new Map();
+
+/** @type {string | null} */
+let _userAgent = null;
+
+function _getPackageJsonPath() {
+  const __dirname = path.dirname(fileURLToPath(import.meta.url));
+  return path.resolve(__dirname, '..', '..', '..', '..', '..', 'package.json');
+}
+
+function _getUserAgent() {
+  if (_userAgent) return _userAgent;
+
+  try {
+    const pkg = JSON.parse(fs.readFileSync(_getPackageJsonPath(), 'utf8'));
+    _userAgent = `openchamber-server/${typeof pkg.version === 'string' ? pkg.version : '0.0.0'}`;
+  } catch {
+    _userAgent = 'openchamber-server/dev';
+  }
+
+  return _userAgent;
+}
+
+function encodeName(name) {
+  return encodeURIComponent(name).replace(/^%40/, '@');
+}
+
+function parseDistTags(value) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return {};
+  }
+
+  return Object.fromEntries(
+    Object.entries(value)
+      .filter((entry) => typeof entry[1] === 'string'),
+  );
+}
+
+function parseVersions(value) {
+  if (!value || typeof value !== 'object' || Array.isArray(value)) {
+    return [];
+  }
+
+  return Object.keys(value);
+}
+
+function cacheResult(name, payload) {
+  if (payload.ok || payload.status === 404) {
+    _cache.set(name, { fetchedAt: Date.now(), payload });
+  }
+}
+
+/**
+ * Fetch package metadata directly from the npm registry.
+ *
+ * @param {string} name npm package name
+ * @returns {Promise<NpmLookupResult>}
+ */
+export async function lookupNpmPackage(name) {
+  try {
+    const response = await fetch(`${NPM_REGISTRY_BASE}/${encodeName(name)}`, {
+      headers: {
+        'User-Agent': _getUserAgent(),
+        Accept: 'application/json',
+      },
+      signal: AbortSignal.timeout(NPM_FETCH_TIMEOUT_MS),
+    });
+
+    if (response.ok) {
+      const data = await response.json();
+      const distTags = parseDistTags(data?.['dist-tags']);
+      return {
+        ok: true,
+        latest: distTags.latest ?? null,
+        versions: parseVersions(data?.versions),
+        distTags,
+      };
+    }
+
+    if (response.status === 404) {
+      return { ok: false, status: 404, error: 'Package not found' };
+    }
+
+    return { ok: false, status: response.status, error: `Registry returned ${response.status}` };
+  } catch (error) {
+    return { ok: false, status: 'network', error: String(error?.message ?? error) };
+  }
+}
+
+/**
+ * Fetch package metadata with TTL cache and in-flight request deduplication.
+ *
+ * @param {string} name npm package name
+ * @param {NpmInfoOptions} [options]
+ * @returns {Promise<NpmLookupResult>}
+ */
+export async function getNpmInfo(name, options = {}) {
+  const { forceRefresh = false } = options;
+  const cached = _cache.get(name);
+  if (cached && !forceRefresh && Date.now() - cached.fetchedAt < NPM_CACHE_TTL_MS) {
+    return cached.payload;
+  }
+
+  const existing = _inFlight.get(name);
+  if (existing && !forceRefresh) {
+    return existing;
+  }
+
+  const lookup = (async () => {
+    const result = await lookupNpmPackage(name);
+    cacheResult(name, result);
+    return result;
+  })();
+
+  _inFlight.set(name, lookup);
+  try {
+    return await lookup;
+  } finally {
+    if (_inFlight.get(name) === lookup) {
+      _inFlight.delete(name);
+    }
+  }
+}
+
+export function clearCache() {
+  _cache.clear();
+  _inFlight.clear();
+}