@openchamber/web 1.11.5 → 1.11.7

package/server/lib/git/service.test.js

@@ -1,23 +1,86 @@
-import { describe, expect, it } from 'vitest';
+import { execFileSync } from 'node:child_process';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+import { afterEach, describe, expect, it } from 'vitest';
+import simpleGit from 'simple-git';
 
-import { resolveBaseRefForLog, stageFiles, unstageFiles } from './service.js';
+import {
+  checkoutCommit,
+  cherryPick,
+  getStatus,
+  resetToCommit,
+  resolveBaseRefForLog,
+  revertCommit,
+  stageFiles,
+  unstageFiles,
+} from './service.js';
+
+// ---------------------------------------------------------------------------
+// Shared test infrastructure
+// ---------------------------------------------------------------------------
+
+const tempDirs = [];
+
+/** Create a temp dir and register it for afterEach cleanup. */
+const createTempDir = () => {
+  const dir = fs.mkdtempSync(path.join(os.tmpdir(), 'openchamber-git-service-'));
+  tempDirs.push(dir);
+  return dir;
+};
+
+const runGit = (cwd, args) =>
+  execFileSync('git', args, {
+    cwd,
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+
+const canRunGit = () => {
+  try {
+    execFileSync('git', ['--version'], { stdio: 'ignore' });
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+afterEach(() => {
+  for (const dir of tempDirs.splice(0)) {
+    fs.rmSync(dir, { recursive: true, force: true });
+  }
+});
+
+/**
+ * Create a temp repo using simple-git (for tests that need its assertion API).
+ * The dir is registered in tempDirs so afterEach handles cleanup automatically.
+ */
+async function createTempRepo() {
+  const tmpDir = createTempDir();
+  const git = simpleGit(tmpDir);
+  await git.init();
+  await git.addConfig('user.name', 'Test User', false, 'local');
+  await git.addConfig('user.email', 'test@example.com', false, 'local');
+  await git.raw(['symbolic-ref', 'HEAD', 'refs/heads/main']);
+  return { tmpDir, git };
+}
+
+// ---------------------------------------------------------------------------
+// resolveBaseRefForLog
+// ---------------------------------------------------------------------------
 
 describe('resolveBaseRefForLog', () => {
   it('returns the local ref unchanged when it exists, even if origin also exists', async () => {
-    // Both local 'main' and 'refs/remotes/origin/main' are present.
-    // The local ref takes precedence — callers that ask for 'main' get 'main'.
     const checkRef = async (ref) => ref === 'main' || ref === 'refs/remotes/origin/main';
     expect(await resolveBaseRefForLog('main', checkRef)).toBe('main');
   });
 
   it('falls back to origin/<from> when local ref cannot be resolved but origin can', async () => {
-    // Local 'main' is absent (e.g. user never checked it out), but origin/main exists.
     const checkRef = async (ref) => ref === 'refs/remotes/origin/main';
     expect(await resolveBaseRefForLog('main', checkRef)).toBe('origin/main');
   });
 
   it('returns the original ref when neither local nor origin ref can be resolved', async () => {
-    // Neither ref exists; return as-is so git surfaces a meaningful error.
     const checkRef = async () => false;
     expect(await resolveBaseRefForLog('nonexistent-branch', checkRef)).toBe('nonexistent-branch');
   });
@@ -38,12 +101,355 @@ describe('resolveBaseRefForLog', () => {
   });
 });
 
+// ---------------------------------------------------------------------------
+// git index path validation
+// ---------------------------------------------------------------------------
+
 describe('git index path validation', () => {
   it('rejects stage paths outside the repository before invoking git', async () => {
-    await expect(stageFiles('/repo', ['../secret.txt'])).rejects.toThrow('Path is outside repository: ../secret.txt');
+    await expect(stageFiles('/repo', ['../secret.txt'])).rejects.toThrow(
+      'Path is outside repository: ../secret.txt'
+    );
   });
 
   it('rejects unstage paths outside the repository before invoking git', async () => {
-    await expect(unstageFiles('/repo', ['../secret.txt'])).rejects.toThrow('Path is outside repository: ../secret.txt');
+    await expect(unstageFiles('/repo', ['../secret.txt'])).rejects.toThrow(
+      'Path is outside repository: ../secret.txt'
+    );
+  });
+});
+
+// ---------------------------------------------------------------------------
+// getStatus
+// ---------------------------------------------------------------------------
+
+describe('getStatus', () => {
+  it('handles repositories without upstream tracking', async () => {
+    if (!canRunGit()) return;
+
+    const repo = createTempDir();
+    runGit(repo, ['init', '-b', 'main']);
+    runGit(repo, ['config', 'user.email', 'test@example.com']);
+    runGit(repo, ['config', 'user.name', 'Test User']);
+    fs.writeFileSync(path.join(repo, 'README.md'), '# Test\n');
+    runGit(repo, ['add', 'README.md']);
+    runGit(repo, ['commit', '-m', 'Initial commit']);
+
+    await expect(getStatus(repo)).resolves.toMatchObject({ current: 'main' });
+  });
+});
+
+// ---------------------------------------------------------------------------
+// checkoutCommit
+// ---------------------------------------------------------------------------
+
+describe('checkoutCommit', () => {
+  it('checks out a valid commit and puts the repo in detached HEAD state', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    const result = await checkoutCommit(tmpDir, firstCommit.commit);
+    expect(result).toEqual({ success: true });
+
+    const status = await git.status();
+    expect(status.detached).toBe(true);
+  });
+
+  it('throws an error for an invalid/nonexistent hash', async () => {
+    const { tmpDir } = await createTempRepo();
+    await expect(checkoutCommit(tmpDir, 'invalidhash123')).rejects.toThrow();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// cherryPick
+// ---------------------------------------------------------------------------
+
+describe('cherryPick', () => {
+  it('cherry-picks a commit that applies cleanly', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'line1\nline2\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Initial commit');
+
+    await git.checkoutBranch('feature', 'HEAD');
+    await fs.promises.writeFile(filePath, 'line1\nline2\nline3\n', 'utf8');
+    await git.add('file.txt');
+    const featureCommit = await git.commit('Add line3');
+
+    await git.checkout('main');
+    const result = await cherryPick(tmpDir, featureCommit.commit);
+    expect(result).toEqual({ success: true, conflict: false });
+
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('line1\nline2\nline3\n');
+  });
+
+  it('returns conflict info when cherry-picking a conflicting commit', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'line1\nline2\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Initial commit');
+
+    await git.checkoutBranch('feature', 'HEAD');
+    await fs.promises.writeFile(filePath, 'line1\nfeature-line2\n', 'utf8');
+    await git.add('file.txt');
+    const featureCommit = await git.commit('Change line2 in feature');
+
+    await git.checkout('main');
+    await fs.promises.writeFile(filePath, 'line1\nmain-line2\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Change line2 in main');
+
+    const result = await cherryPick(tmpDir, featureCommit.commit);
+    expect(result.success).toBe(false);
+    expect(result.conflict).toBe(true);
+    expect(Array.isArray(result.conflictFiles)).toBe(true);
+    expect(result.conflictFiles.length).toBeGreaterThan(0);
+  });
+
+  it('throws for an invalid/nonexistent hash', async () => {
+    const { tmpDir } = await createTempRepo();
+    await expect(cherryPick(tmpDir, 'deadbeef00000000')).rejects.toThrow();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// revertCommit
+// ---------------------------------------------------------------------------
+
+describe('revertCommit', () => {
+  it('reverts a commit and stages the revert changes', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'line1\nline2\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Initial commit');
+
+    await fs.promises.writeFile(filePath, 'line1\nline2\nline3\n', 'utf8');
+    await git.add('file.txt');
+    const changeCommit = await git.commit('Add line3');
+
+    const result = await revertCommit(tmpDir, changeCommit.commit);
+    expect(result).toEqual({ success: true, conflict: false });
+
+    const status = await git.status();
+    expect(status.staged.length).toBeGreaterThan(0);
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('line1\nline2\n');
+  });
+
+  it('returns conflict info when reverting causes a conflict', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'line1\nline2\nline3\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Initial commit');
+
+    await fs.promises.writeFile(filePath, 'line1\nchanged-a\nline3\n', 'utf8');
+    await git.add('file.txt');
+    const commitA = await git.commit('Change line2 to changed-a');
+
+    await fs.promises.writeFile(filePath, 'line1\nchanged-b\nline3\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Change line2 to changed-b');
+
+    const result = await revertCommit(tmpDir, commitA.commit);
+    expect(result.success).toBe(false);
+    expect(result.conflict).toBe(true);
+    expect(Array.isArray(result.conflictFiles)).toBe(true);
+    expect(result.conflictFiles.length).toBeGreaterThan(0);
+  });
+
+  it('throws for an invalid/nonexistent hash', async () => {
+    const { tmpDir } = await createTempRepo();
+    await expect(revertCommit(tmpDir, 'deadbeef00000000')).rejects.toThrow();
+  });
+});
+
+// ---------------------------------------------------------------------------
+// resetToCommit
+// ---------------------------------------------------------------------------
+
+describe('resetToCommit', () => {
+  it('soft reset moves HEAD without touching the working tree', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first\n', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    const result = await resetToCommit(tmpDir, firstCommit.commit, 'soft');
+    expect(result).toEqual({ success: true });
+
+    const log = await git.log();
+    expect(log.latest.hash).toBe(firstCommit.commit);
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('second\n');
+
+    const status = await git.status();
+    expect(status.staged.length).toBeGreaterThan(0);
+  });
+
+  it('mixed reset moves HEAD and unstages changes', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first\n', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    const result = await resetToCommit(tmpDir, firstCommit.commit, 'mixed');
+    expect(result).toEqual({ success: true });
+
+    const log = await git.log();
+    expect(log.latest.hash).toBe(firstCommit.commit);
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('second\n');
+
+    const status = await git.status();
+    expect(status.staged.length).toBe(0);
+    expect(status.modified.length).toBeGreaterThan(0);
+  });
+
+  it('hard reset with clean working tree succeeds', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first\n', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    const result = await resetToCommit(tmpDir, firstCommit.commit, 'hard');
+    expect(result).toEqual({ success: true });
+
+    const log = await git.log();
+    expect(log.latest.hash).toBe(firstCommit.commit);
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('first\n');
+
+    const status = await git.status();
+    expect(status.isClean()).toBe(true);
+  });
+
+  it('hard reset with dirty working tree without force throws', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first\n', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    await fs.promises.writeFile(filePath, 'dirty\n', 'utf8');
+
+    await expect(resetToCommit(tmpDir, firstCommit.commit, 'hard')).rejects.toThrow(
+      'Cannot hard reset: uncommitted changes in working tree'
+    );
+  });
+
+  it('hard reset with dirty working tree with force succeeds', async () => {
+    const { tmpDir, git } = await createTempRepo();
+    const filePath = path.join(tmpDir, 'file.txt');
+    await fs.promises.writeFile(filePath, 'first\n', 'utf8');
+    await git.add('file.txt');
+    const firstCommit = await git.commit('First commit');
+
+    await fs.promises.writeFile(filePath, 'second\n', 'utf8');
+    await git.add('file.txt');
+    await git.commit('Second commit');
+
+    await fs.promises.writeFile(filePath, 'dirty\n', 'utf8');
+
+    const result = await resetToCommit(tmpDir, firstCommit.commit, 'hard', true);
+    expect(result).toEqual({ success: true });
+
+    const log = await git.log();
+    expect(log.latest.hash).toBe(firstCommit.commit);
+    const content = await fs.promises.readFile(filePath, 'utf8');
+    expect(content).toBe('first\n');
+  });
+});
+
+// ---------------------------------------------------------------------------
+// hash validation
+// ---------------------------------------------------------------------------
+
+describe('hash validation', () => {
+  it('checkoutCommit rejects non-hex hash', async () => {
+    await expect(checkoutCommit('/tmp', '--hard')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('checkoutCommit rejects ref name', async () => {
+    await expect(checkoutCommit('/tmp', 'HEAD')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('checkoutCommit accepts valid 40-char hex format', async () => {
+    await expect(
+      checkoutCommit('/tmp', '1234567890abcdef1234567890abcdef12345678')
+    ).rejects.not.toThrow('Invalid commit hash');
+  });
+
+  it('cherryPick rejects non-hex hash', async () => {
+    await expect(cherryPick('/tmp', '--hard')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('cherryPick rejects ref name', async () => {
+    await expect(cherryPick('/tmp', 'HEAD')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('cherryPick accepts valid 40-char hex format', async () => {
+    await expect(
+      cherryPick('/tmp', '1234567890abcdef1234567890abcdef12345678')
+    ).rejects.not.toThrow('Invalid commit hash');
+  });
+
+  it('revertCommit rejects non-hex hash', async () => {
+    await expect(revertCommit('/tmp', '--hard')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('revertCommit rejects ref name', async () => {
+    await expect(revertCommit('/tmp', 'HEAD')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('revertCommit accepts valid 40-char hex format', async () => {
+    await expect(
+      revertCommit('/tmp', '1234567890abcdef1234567890abcdef12345678')
+    ).rejects.not.toThrow('Invalid commit hash');
+  });
+
+  it('resetToCommit rejects non-hex hash', async () => {
+    await expect(resetToCommit('/tmp', '--hard', 'soft')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('resetToCommit rejects ref name', async () => {
+    await expect(resetToCommit('/tmp', 'HEAD', 'soft')).rejects.toThrow('Invalid commit hash');
+  });
+
+  it('resetToCommit accepts valid 40-char hex format', async () => {
+    await expect(
+      resetToCommit('/tmp', '1234567890abcdef1234567890abcdef12345678', 'soft')
+    ).rejects.not.toThrow('Invalid commit hash');
   });
 });

package/server/lib/ngrok-tunnel.js

@@ -0,0 +1,209 @@
+import { spawn, spawnSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+
+const DEFAULT_STARTUP_TIMEOUT_MS = 30000;
+const NGROK_API_URL = 'http://127.0.0.1:4040/api/tunnels';
+const NGROK_INSTALL_HELP = 'brew install ngrok';
+const NGROK_AUTHTOKEN_HELP = 'Run: ngrok config add-authtoken <your-ngrok-token>';
+
+async function searchPathFor(command) {
+  const pathValue = process.env.PATH || '';
+  const segments = pathValue.split(path.delimiter).filter(Boolean);
+  const WINDOWS_EXTENSIONS = process.platform === 'win32'
+    ? (process.env.PATHEXT || '.EXE;.CMD;.BAT;.COM')
+        .split(';')
+        .map((ext) => ext.trim().toLowerCase())
+        .filter(Boolean)
+        .map((ext) => (ext.startsWith('.') ? ext : `.${ext}`))
+    : [''];
+
+  for (const dir of segments) {
+    for (const ext of WINDOWS_EXTENSIONS) {
+      const fileName = process.platform === 'win32' ? `${command}${ext}` : command;
+      const candidate = path.join(dir, fileName);
+      try {
+        const stats = fs.statSync(candidate);
+        if (!stats.isFile()) {
+          continue;
+        }
+        if (process.platform !== 'win32') {
+          try {
+            fs.accessSync(candidate, fs.constants.X_OK);
+          } catch {
+            continue;
+          }
+        }
+        return candidate;
+      } catch {
+        continue;
+      }
+    }
+  }
+  return null;
+}
+
+export async function checkNgrokAvailable() {
+  const ngrokPath = await searchPathFor('ngrok');
+  if (ngrokPath) {
+    try {
+      const result = spawnSync(ngrokPath, ['version'], {
+        encoding: 'utf8',
+        stdio: ['pipe', 'pipe', 'pipe'],
+        windowsHide: true,
+      });
+      if (result.status === 0) {
+        return { available: true, path: ngrokPath, version: result.stdout.trim() || result.stderr.trim() };
+      }
+    } catch {
+      // Ignore and report unavailable below.
+    }
+  }
+  return { available: false, path: null, version: null };
+}
+
+export async function checkNgrokAuthtokenConfigured(ngrokPath = null) {
+  if (typeof process.env.NGROK_AUTHTOKEN === 'string' && process.env.NGROK_AUTHTOKEN.trim().length > 0) {
+    return { configured: true, detail: 'NGROK_AUTHTOKEN is set.' };
+  }
+
+  const resolvedPath = ngrokPath || await searchPathFor('ngrok');
+  if (!resolvedPath) {
+    return { configured: false, detail: `ngrok is not installed. Install it with: ${NGROK_INSTALL_HELP}` };
+  }
+
+  try {
+    const result = spawnSync(resolvedPath, ['config', 'check'], {
+      encoding: 'utf8',
+      stdio: ['pipe', 'pipe', 'pipe'],
+      windowsHide: true,
+    });
+    const output = `${result.stdout || ''}${result.stderr || ''}`.trim();
+    if (result.status === 0) {
+      return { configured: true, detail: output || 'ngrok config is valid.' };
+    }
+    return { configured: false, detail: output || NGROK_AUTHTOKEN_HELP };
+  } catch (error) {
+    return {
+      configured: false,
+      detail: error instanceof Error ? error.message : String(error),
+    };
+  }
+}
+
+export async function checkNgrokApiReachability({ fetchImpl = globalThis.fetch, timeoutMs = 5000 } = {}) {
+  if (typeof fetchImpl !== 'function') {
+    return { reachable: false, status: null, error: 'Fetch API is unavailable in this runtime.' };
+  }
+
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), timeoutMs);
+  try {
+    const response = await fetchImpl('https://api.ngrok.com/', {
+      method: 'GET',
+      signal: controller.signal,
+    });
+    return { reachable: true, status: response.status, error: null };
+  } catch (error) {
+    return {
+      reachable: false,
+      status: null,
+      error: error instanceof Error ? error.message : String(error),
+    };
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+const spawnNgrok = (args, resolvedBinaryPath = 'ngrok') => spawn(resolvedBinaryPath, args, {
+  stdio: ['ignore', 'pipe', 'pipe'],
+  windowsHide: true,
+  env: process.env,
+  killSignal: 'SIGINT',
+});
+
+async function fetchNgrokPublicUrl(fetchImpl = globalThis.fetch) {
+  if (typeof fetchImpl !== 'function') {
+    return null;
+  }
+  try {
+    const response = await fetchImpl(NGROK_API_URL, { method: 'GET' });
+    if (!response.ok) {
+      return null;
+    }
+    const payload = await response.json();
+    const tunnels = Array.isArray(payload?.tunnels) ? payload.tunnels : [];
+    const httpsTunnel = tunnels.find((entry) => entry?.proto === 'https' && typeof entry?.public_url === 'string');
+    const fallbackTunnel = tunnels.find((entry) => typeof entry?.public_url === 'string');
+    return httpsTunnel?.public_url || fallbackTunnel?.public_url || null;
+  } catch {
+    return null;
+  }
+}
+
+export async function startNgrokQuickTunnel({ port }) {
+  const ngrokCheck = await checkNgrokAvailable();
+  if (!ngrokCheck.available) {
+    throw new Error(`ngrok is not installed. Install it with: ${NGROK_INSTALL_HELP}`);
+  }
+
+  const authtokenCheck = await checkNgrokAuthtokenConfigured(ngrokCheck.path);
+  if (!authtokenCheck.configured) {
+    throw new Error(`ngrok authtoken is not configured. ${NGROK_AUTHTOKEN_HELP}`);
+  }
+
+  if (!Number.isFinite(port)) {
+    throw new Error('A local port is required to start an ngrok tunnel');
+  }
+
+  const child = spawnNgrok(['http', String(port)], ngrokCheck.path);
+  let publicUrl = null;
+
+  child.stdout.on('data', () => {
+    // Keep stream drained; ngrok exposes the URL via its local API.
+  });
+
+  child.stderr.on('data', (chunk) => {
+    process.stderr.write(chunk.toString('utf8'));
+  });
+
+  child.on('error', (error) => {
+    console.error(`Ngrok error: ${error.message}`);
+  });
+
+  await new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      clearInterval(checkReady);
+      try { child.kill('SIGINT'); } catch { /* ignore */ }
+      reject(new Error('Ngrok tunnel URL not received within 30 seconds'));
+    }, DEFAULT_STARTUP_TIMEOUT_MS);
+
+    const checkReady = setInterval(async () => {
+      publicUrl = await fetchNgrokPublicUrl();
+      if (publicUrl) {
+        clearTimeout(timeout);
+        clearInterval(checkReady);
+        resolve(null);
+      }
+    }, 250);
+
+    child.once('exit', (code) => {
+      clearTimeout(timeout);
+      clearInterval(checkReady);
+      reject(new Error(`Ngrok exited while starting (code ${code ?? 'unknown'})`));
+    });
+  });
+
+  return {
+    mode: 'quick',
+    stop: () => {
+      try {
+        child.kill('SIGINT');
+      } catch {
+        // Ignore.
+      }
+    },
+    process: child,
+    getPublicUrl: () => publicUrl,
+  };
+}

package/server/lib/opencode/core-routes.js

@@ -521,6 +521,7 @@ export const registerCommonRequestMiddleware = (app, dependencies) => {
       req.path.startsWith('/api/config/snippets') ||
       req.path.startsWith('/api/config/settings') ||
       req.path.startsWith('/api/config/skills') ||
+      req.path.startsWith('/api/config/plugins') ||
       req.path.startsWith('/api/projects') ||
       req.path.startsWith('/api/fs') ||
       req.path.startsWith('/api/git') ||