npm - @phenx-inc/ctlsurf - Versions diffs - 0.3.12 → 0.3.13 - Mend

@phenx-inc/ctlsurf 0.3.12 → 0.3.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/ctlsurf-worker.js +264 -3
package/out/headless/index.mjs +1 -1
package/out/headless/index.mjs.map +1 -1
package/package.json +1 -1

package/bin/ctlsurf-worker.js CHANGED Viewed

@@ -233,7 +233,16 @@ function detectMode(argv) {
 const mode = detectMode(args)
-if (mode === 'desktop') {
+// Validate the ctlsurf API key before launching — on install/update or when
+// the stored key is missing/rejected. A check failure never blocks launch.
+checkApiKey(mode).catch(() => {}).then(() => launch(mode))
+function launch(launchMode) {
+  if (launchMode === 'desktop') runDesktop()
+  else runTerminal()
+}
+function runDesktop() {
   let electronPath
   try {
     electronPath = require('electron')
@@ -278,8 +287,6 @@ if (mode === 'desktop') {
   } catch (err) {
     process.exit(err.status || 0)
   }
-} else {
-  runTerminal()
 }
 function installElectron() {
@@ -314,3 +321,257 @@ function runTerminal() {
     process.exit(err.status || 0)
   }
 }
+// ─── API key check (install/update or invalid key) ────────────────
+function getPkgVersion() {
+  try { return require(path.join(ROOT, 'package.json')).version || '0.0.0' }
+  catch { return '0.0.0' }
+}
+// settings.json locations. Terminal and desktop modes historically use
+// different dirs: src/main/settingsDir.ts gives 'ctlsurf-worker' for the
+// headless path, while desktop is Electron's userData under app name
+// 'ctlsurf' (see src/main/index.ts). We touch both so a key entered once
+// is consistent regardless of which mode launches next.
+function settingsPathForMode(m) {
+  const home = os.homedir()
+  if (m === 'desktop') {
+    if (process.platform === 'darwin') {
+      return path.join(home, 'Library', 'Application Support', 'ctlsurf', 'settings.json')
+    }
+    if (process.platform === 'win32') {
+      return path.join(process.env.APPDATA || path.join(home, 'AppData', 'Roaming'), 'ctlsurf', 'settings.json')
+    }
+    return path.join(process.env.XDG_CONFIG_HOME || path.join(home, '.config'), 'ctlsurf', 'settings.json')
+  }
+  if (process.platform === 'darwin') {
+    return path.join(home, 'Library', 'Application Support', 'ctlsurf-worker', 'settings.json')
+  }
+  return path.join(process.env.XDG_CONFIG_HOME || path.join(home, '.config'), 'ctlsurf-worker', 'settings.json')
+}
+function allSettingsPaths() {
+  return [settingsPathForMode('terminal'), settingsPathForMode('desktop')]
+}
+function defaultSettings() {
+  return {
+    activeProfile: 'production',
+    profiles: {
+      production: {
+        name: 'Production',
+        apiKey: '',
+        baseUrl: 'https://app.ctlsurf.com',
+        dataspacePageId: '',
+        trackTime: true,
+        idleTimeoutMin: 15,
+      },
+    },
+    logChat: false,
+  }
+}
+function readSettings(p) {
+  try { return JSON.parse(fs.readFileSync(p, 'utf-8')) }
+  catch { return null }
+}
+function writeSettings(p, data) {
+  try {
+    fs.mkdirSync(path.dirname(p), { recursive: true })
+    fs.writeFileSync(p, JSON.stringify(data, null, 2))
+    return true
+  } catch { return false }
+}
+// Normalize to the profiles shape, mirroring the orchestrator's legacy
+// migration so we never clobber a pre-profiles settings file.
+function normalizeSettings(s) {
+  if (s && s.profiles) return s
+  const base = defaultSettings()
+  if (s) {
+    base.profiles.production.apiKey = s.ctlsurfApiKey || ''
+    base.profiles.production.baseUrl = s.ctlsurfBaseUrl || base.profiles.production.baseUrl
+    base.profiles.production.dataspacePageId = s.ctlsurfDataspacePageId || ''
+    base.logChat = !!s.logChat
+  }
+  return base
+}
+function activeProfile(s) {
+  const id = s.activeProfile || 'production'
+  return s.profiles[id] || s.profiles.production
+}
+function maskKey(k) {
+  if (!k) return '(none)'
+  if (k.length <= 12) return k.slice(0, 3) + '…'
+  return k.slice(0, 8) + '…' + k.slice(-3)
+}
+// POST JSON, resolve with the HTTP status (0 on network failure/timeout).
+// Uses the http/https modules directly to avoid Node 18's experimental
+// fetch warning leaking into the launcher output.
+function httpPostJson(urlStr, headers, bodyObj, timeoutMs) {
+  return new Promise((resolve) => {
+    let u
+    try { u = new URL(urlStr) } catch { return resolve(0) }
+    const mod = u.protocol === 'http:' ? require('http') : require('https')
+    const body = JSON.stringify(bodyObj)
+    const req = mod.request(u, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': Buffer.byteLength(body),
+        ...headers,
+      },
+      timeout: timeoutMs,
+    }, (res) => {
+      res.resume()
+      resolve(res.statusCode || 0)
+    })
+    req.on('timeout', () => { req.destroy(); resolve(0) })
+    req.on('error', () => resolve(0))
+    req.write(body)
+    req.end()
+  })
+}
+// → 'ok' | 'unauthorized' | 'unreachable'
+async function validateKey(key, baseUrl) {
+  const url = String(baseUrl).replace(/\/+$/, '') + '/api/mcp'
+  const status = await httpPostJson(
+    url,
+    { Authorization: `Bearer ${key}` },
+    { jsonrpc: '2.0', method: 'ping', id: 1 },
+    10000,
+  )
+  if (status === 200) return 'ok'
+  if (status === 401 || status === 403) return 'unauthorized'
+  return 'unreachable'
+}
+function ask(question) {
+  return new Promise((resolve) => {
+    const readline = require('readline')
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout })
+    rl.question(question, (answer) => { rl.close(); resolve(answer || '') })
+  })
+}
+// Persist a key to every worker settings.json profile + the shell rc.
+function persistKey(key) {
+  for (const p of allSettingsPaths()) {
+    const s = normalizeSettings(readSettings(p))
+    activeProfile(s).apiKey = key
+    writeSettings(p, s)
+  }
+  console.log(`  ${G}✓${R} Saved to worker settings.`)
+  const home = os.homedir()
+  const rc = ['.zshrc', '.bashrc', '.bash_profile']
+    .map((f) => path.join(home, f))
+    .find((f) => fs.existsSync(f))
+  if (rc) {
+    try {
+      let content = fs.readFileSync(rc, 'utf-8')
+      content = content
+        .split('\n')
+        .filter((l) => !/^\s*export\s+CTLSURF_API_KEY=/.test(l))
+        .join('\n')
+      if (content && !content.endsWith('\n')) content += '\n'
+      content += `\n# ctlsurf worker API key\nexport CTLSURF_API_KEY="${key}"\n`
+      fs.writeFileSync(rc, content)
+      console.log(`  ${G}✓${R} Exported CTLSURF_API_KEY in ${rc}`)
+      console.log(`  ${D}Restart your shell or run: source ${rc}${R}`)
+    } catch {
+      console.log(`  ${Y}!${R} Could not update ${rc} — set CTLSURF_API_KEY manually.`)
+    }
+  }
+  console.log('')
+}
+// Prompt for a key, validate it, persist on success. Up to 3 attempts.
+async function promptForNewKey(baseUrl, optional) {
+  for (let attempt = 1; attempt <= 3; attempt++) {
+    const entered = (await ask(`  Enter ctlsurf API key: `)).trim()
+    if (!entered) {
+      console.log(optional ? '  Keeping existing key.\n' : '  Continuing without a key.\n')
+      return
+    }
+    process.stdout.write(`  Validating… `)
+    const result = await validateKey(entered, baseUrl)
+    if (result === 'ok') {
+      console.log(`${G}OK${R}`)
+      persistKey(entered)
+      return
+    }
+    if (result === 'unreachable') {
+      console.log(`${Y}server unreachable${R}`)
+      console.log(`  Saving anyway — the worker will retry the connection.`)
+      persistKey(entered)
+      return
+    }
+    console.log(`${Y}rejected${R}`)
+    if (attempt < 3) console.log(`  That key was not accepted. Try again.\n`)
+    else console.log(`  ${Y}Giving up after 3 attempts. Continuing.${R}\n`)
+  }
+}
+// Validate the stored key on launch; prompt on install/update or when the
+// key is missing/invalid. Never throws — launch must not be blocked.
+async function checkApiKey(m) {
+  if (!process.stdin.isTTY) return        // no terminal — can't prompt
+  if (args.includes('--skip-setup')) return
+  if (args.includes('--api-key')) return  // explicit override — trust it
+  const currentVersion = getPkgVersion()
+  const settings = normalizeSettings(readSettings(settingsPathForMode(m)))
+  const firstRun = !settings.lastVersion
+  const versionChanged = settings.lastVersion !== currentVersion
+  const profile = activeProfile(settings)
+  const baseUrl = profile.baseUrl || process.env.CTLSURF_BASE_URL || 'https://app.ctlsurf.com'
+  const currentKey = profile.apiKey || process.env.CTLSURF_API_KEY || ''
+  let reason = null  // 'missing' | 'invalid' | 'update'
+  if (!currentKey) {
+    reason = 'missing'
+  } else {
+    const result = await validateKey(currentKey, baseUrl)
+    if (result === 'unauthorized') reason = 'invalid'
+    else if (result === 'ok' && versionChanged) reason = 'update'
+    // 'unreachable' → offline; don't prompt, don't block launch
+  }
+  if (reason) {
+    console.log(`\n${B}  ctlsurf${R}  ${D}— API key check${R}\n`)
+    if (reason === 'missing') {
+      console.log(`  No ctlsurf API key is configured.`)
+      console.log(`  Get one from: ${B}https://app.ctlsurf.com/settings${R} ${D}(API Keys tab)${R}\n`)
+      await promptForNewKey(baseUrl, false)
+    } else if (reason === 'invalid') {
+      console.log(`  ${Y}Your ctlsurf API key was rejected${R} ${D}(${maskKey(currentKey)})${R}.`)
+      console.log(`  It may be revoked, expired, or for a different server.`)
+      console.log(`  Get a new one from: ${B}https://app.ctlsurf.com/settings${R} ${D}(API Keys tab)${R}\n`)
+      await promptForNewKey(baseUrl, false)
+    } else if (reason === 'update') {
+      console.log(firstRun
+        ? `  Welcome to ctlsurf v${currentVersion}.`
+        : `  ctlsurf was updated to v${currentVersion}.`)
+      console.log(`  ${G}Your API key is valid${R} ${D}(${maskKey(currentKey)})${R}.`)
+      const ans = (await ask(`  Replace it? ${D}(y/N)${R} `)).trim()
+      console.log('')
+      if (/^y(es)?$/i.test(ans)) await promptForNewKey(baseUrl, true)
+    }
+  }
+  // Record the version so the install/update prompt fires only once per
+  // release. Written to both mode paths to avoid a re-prompt on mode switch.
+  for (const p of allSettingsPaths()) {
+    const s = normalizeSettings(readSettings(p))
+    s.lastVersion = currentVersion
+    writeSettings(p, s)
+  }
+}

package/out/headless/index.mjs CHANGED Viewed

@@ -5471,7 +5471,7 @@ var require_package = __commonJS({
   "package.json"(exports, module) {
     module.exports = {
       name: "@phenx-inc/ctlsurf",
-      version: "0.3.12",
+      version: "0.3.13",
       description: "Agent-agnostic terminal and desktop app for ctlsurf \u2014 run Claude Code, Codex, or any coding agent with live session logging and remote control",
       main: "out/main/index.js",
       bin: {