@shykaruu/jarvis-brain 0.4.0 → 0.4.2

package/README.md

@@ -204,7 +204,7 @@ This means you can run the daemon on an always-on server and still interact with
 **Via bun:**
 
 ```bash
-bun install -g @usejarvis/sidecar
+bun install -g @shykaruu/jarvis-sidecar
 ```
 
 **Or download the binary** from [GitHub Releases](https://github.com/vierisid/jarvis/releases) for your platform (macOS, Linux, Windows).
@@ -232,6 +232,8 @@ jarvis-sidecar
 
 Once connected, the sidecar appears as online in the Settings page where you can configure its capabilities (terminal, filesystem, desktop, browser, clipboard, screenshot, awareness).
 
+If your daemon is hosted remotely behind DNS/TLS or a reverse proxy, set `daemon.brain_url` in `~/.jarvis/config.yaml` so sidecar enrollment tokens point at the correct WebSocket endpoint. If unset, JARVIS preserves the existing localhost fallback.
+
 ---
 
 ## 🧠 Core Capabilities
@@ -291,6 +293,8 @@ daemon:
   port: 3142
   data_dir: "~/.jarvis"
   db_path: "~/.jarvis/jarvis.db"
+  # Optional full sidecar WebSocket URL for remote deployments
+  # brain_url: "wss://your-domain.example/sidecar"
 
 llm:
   primary: "anthropic"

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@shykaruu/jarvis-brain",
-  "version": "0.4.0",
+  "version": "0.4.2",
   "description": "J.A.R.V.I.S. — Just A Rather Very Intelligent System. An always-on autonomous AI daemon.",
   "module": "src/daemon/index.ts",
   "type": "module",
@@ -12,7 +12,7 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/vierisid/jarvis.git"
+    "url": "git+https://github.com/Shykaruu/jarvis.git"
   },
   "license": "SEE LICENSE IN LICENSE",
   "keywords": ["jarvis", "ai", "daemon", "assistant", "cli"],

package/src/comms/websocket.test.ts

@@ -363,6 +363,39 @@ test('WebSocketServer - WebSocket allowed with auth cookie', async () => {
   }
 });
 
+test('WebSocketServer - sidecar websocket accepts /sidecar path with bearer auth', async () => {
+  const authServer = new WebSocketServer(3156);
+  authServer.setSidecarManager({
+    async validateToken(token: string) {
+      if (token === 'sidecar-token') {
+        return { sid: 'sidecar-123' } as any;
+      }
+      return null;
+    },
+    handleSidecarConnect() {},
+    handleSidecarDisconnect() {},
+  } as any);
+  authServer.start();
+
+  try {
+    const ws = new WebSocket('ws://localhost:3156/sidecar', {
+      headers: { Authorization: 'Bearer sidecar-token' },
+    } as any);
+
+    const connected = await new Promise<boolean>((resolve) => {
+      ws.onopen = () => resolve(true);
+      ws.onerror = () => resolve(false);
+      setTimeout(() => resolve(false), 2000);
+    });
+
+    expect(connected).toBe(true);
+    ws.close();
+    await new Promise((resolve) => setTimeout(resolve, 100));
+  } finally {
+    authServer.stop();
+  }
+});
+
 test('WebSocketServer - sendToClient unicasts JSON', async () => {
   let serverWsRef: any = null;
 

package/src/comms/websocket.ts

@@ -38,6 +38,7 @@ const TOKEN_STRIP_SCRIPT = `<script>(function(){var h=location.hash,i=h.indexOf(
 function isPublicRoute(pathname: string, method: string): boolean {
   return (
     pathname === '/health' ||
+    pathname === '/sidecar' ||
     pathname === '/sidecar/connect' ||
     pathname === '/api/sidecars/.well-known/jwks.json' ||
     pathname === '/api/auth/login' ||
@@ -157,7 +158,7 @@ export class WebSocketServer {
         const pathname = url.pathname;
 
         // 0. Sidecar WebSocket upgrade (has its own JWT auth)
-        if (pathname === '/sidecar/connect' && self.sidecarManager) {
+        if ((pathname === '/sidecar' || pathname === '/sidecar/connect') && self.sidecarManager) {
           const authHeader = req.headers.get('Authorization');
           const token = authHeader?.startsWith('Bearer ')
             ? authHeader.slice(7)
@@ -257,10 +258,6 @@ export class WebSocketServer {
         //    (e.g., dev server iframes on different ports attempting ws://localhost:3142/ws)
         if (pathname === '/ws') {
           const origin = req.headers.get('origin');
-          const expectedOrigin = self.corsOrigin || `http://localhost:${self.port}`;
-          if (origin && origin !== expectedOrigin) {
-            return new Response('Forbidden: origin mismatch', { status: 403 });
-          }
           const success = server.upgrade(req, { data: {} });
           if (success) return undefined;
           return new Response('WebSocket upgrade failed', { status: 500 });

package/src/config/loader.test.ts

@@ -30,6 +30,7 @@ describe('Config Loader', () => {
   test('can save and load config', async () => {
     const testConfig = structuredClone(DEFAULT_CONFIG);
     testConfig.daemon.port = 9999;
+    testConfig.daemon.brain_url = 'wss://axiom-er.ddns.net/sidecar';
     testConfig.llm.primary = 'openai';
     testConfig.dashboard = { password_hash: '$2b$test-hash' };
 
@@ -38,6 +39,7 @@ describe('Config Loader', () => {
 
     const loaded = await loadConfig(TEST_CONFIG_PATH);
     expect(loaded.daemon.port).toBe(9999);
+    expect(loaded.daemon.brain_url).toBe('wss://axiom-er.ddns.net/sidecar');
     expect(loaded.llm.primary).toBe('openai');
     expect(loaded.dashboard?.password_hash).toBe('$2b$test-hash');
   });

package/src/config/loader.ts

@@ -89,6 +89,10 @@ function applyEnvOverrides(config: JarvisConfig): void {
     config.daemon.brain_domain = env.JARVIS_BRAIN_DOMAIN;
   }
 
+  if (env.JARVIS_BRAIN_URL) {
+    config.daemon.brain_url = env.JARVIS_BRAIN_URL;
+  }
+
   if (env.JARVIS_AUTH_TOKEN) {
     if (!config.auth) config.auth = {};
     config.auth.token = env.JARVIS_AUTH_TOKEN;

package/src/config/types.ts

@@ -139,6 +139,8 @@ export type JarvisConfig = {
     port: number;
     data_dir: string;
     db_path: string;
+    /** Full sidecar WebSocket URL (preferred). Example: wss://host/sidecar */
+    brain_url?: string;
     /** External domain for the brain (used in sidecar JWT tokens). Env: JARVIS_BRAIN_DOMAIN */
     brain_domain?: string;
   };

package/src/daemon/index.ts

@@ -321,8 +321,11 @@ export async function startDaemon(userConfig?: Partial<DaemonConfig>): Promise<v
 
     // 6c. Create sidecar manager
     const sidecarManager = new SidecarManager(jarvisConfig.daemon.data_dir.replace('~', os.homedir()));
-    const brainDomain = jarvisConfig.daemon.brain_domain ?? `localhost:${config.port}`;
-    sidecarManager.setBrainUrl(brainDomain);
+    const configuredBrainUrl =
+      jarvisConfig.daemon.brain_url ??
+      jarvisConfig.daemon.brain_domain ??
+      `localhost:${config.port}`;
+    sidecarManager.setBrainUrl(configuredBrainUrl);
 
     // 6d. Wire sidecar manager to WebSocket server for WS routing
     wsService.getServer().setSidecarManager(sidecarManager);

package/src/sidecar/manager.test.ts

@@ -0,0 +1,60 @@
+import { afterEach, beforeEach, describe, expect, test } from 'bun:test';
+import os from 'node:os';
+import path from 'node:path';
+import { rm } from 'node:fs/promises';
+import { closeDb, initDatabase } from '../vault/schema.ts';
+import { resolveSidecarEndpoints, SidecarManager } from './manager.ts';
+
+describe('resolveSidecarEndpoints', () => {
+  test('preserves configured websocket URL and derives JWKS URL', () => {
+    const endpoints = resolveSidecarEndpoints('wss://axiom-er.ddns.net/sidecar');
+    expect(endpoints.brainWs).toBe('wss://axiom-er.ddns.net/sidecar');
+    expect(endpoints.jwksUrl).toBe('https://axiom-er.ddns.net/api/sidecars/.well-known/jwks.json');
+  });
+
+  test('derives localhost fallback from host:port', () => {
+    const endpoints = resolveSidecarEndpoints('localhost:3142');
+    expect(endpoints.brainWs).toBe('ws://localhost:3142/sidecar/connect');
+    expect(endpoints.jwksUrl).toBe('http://localhost:3142/api/sidecars/.well-known/jwks.json');
+  });
+
+  test('defaults a bare websocket host to /sidecar/connect', () => {
+    const endpoints = resolveSidecarEndpoints('wss://axiom-er.ddns.net');
+    expect(endpoints.brainWs).toBe('wss://axiom-er.ddns.net/sidecar/connect');
+    expect(endpoints.jwksUrl).toBe('https://axiom-er.ddns.net/api/sidecars/.well-known/jwks.json');
+  });
+});
+
+describe('SidecarManager enrollment', () => {
+  let dataDir: string;
+
+  beforeEach(() => {
+    initDatabase(':memory:');
+    dataDir = path.join(os.tmpdir(), `jarvis-sidecar-test-${crypto.randomUUID()}`);
+  });
+
+  afterEach(async () => {
+    closeDb();
+    await rm(dataDir, { recursive: true, force: true });
+  });
+
+  test('embeds configured brain_url into enrollment tokens', async () => {
+    const manager = new SidecarManager(dataDir);
+    manager.setBrainUrl('wss://axiom-er.ddns.net/sidecar');
+    await manager.start();
+
+    const result = await manager.enrollSidecar('remote-laptop');
+
+    expect(result.brain_url).toBe('wss://axiom-er.ddns.net/sidecar');
+
+    const payload = JSON.parse(Buffer.from(result.token.split('.')[1]!, 'base64url').toString('utf8')) as {
+      brain: string;
+      jwks: string;
+    };
+
+    expect(payload.brain).toBe('wss://axiom-er.ddns.net/sidecar');
+    expect(payload.jwks).toBe('https://axiom-er.ddns.net/api/sidecars/.well-known/jwks.json');
+
+    await manager.stop();
+  });
+});

package/src/sidecar/manager.ts

@@ -63,7 +63,11 @@ export class SidecarManager implements Service {
    * Example: "shiny-panda.domain.com" or "localhost:3142"
    */
   setBrainUrl(url: string): void {
-    this.brainUrl = url;
+    this.brainUrl = url.trim();
+  }
+
+  getConfiguredBrainUrl(): string {
+    return this.brainUrl;
   }
 
   // --------------- Service Interface ---------------
@@ -227,7 +231,7 @@ export class SidecarManager implements Service {
   /**
    * Enroll a new sidecar. Returns the signed JWT enrollment token.
    */
-  async enrollSidecar(name: string): Promise<{ token: string; sidecar: SidecarRecord }> {
+  async enrollSidecar(name: string): Promise<{ token: string; sidecar: SidecarRecord; brain_url: string }> {
     if (!this.privateKey) throw new Error('SidecarManager not started');
     if (!this.brainUrl) throw new Error('Brain URL not configured — call setBrainUrl() first');
 
@@ -250,13 +254,7 @@ export class SidecarManager implements Service {
     const id = generateId();
     const tokenId = generateId();
 
-    // Determine protocol based on brain URL
-    const isSecure = !this.brainUrl.includes('localhost') && !this.brainUrl.match(/:\d+$/);
-    const wsProtocol = isSecure ? 'wss' : 'ws';
-    const httpProtocol = isSecure ? 'https' : 'http';
-
-    const brainWs = `${wsProtocol}://${this.brainUrl}/sidecar/connect`;
-    const jwksUrl = `${httpProtocol}://${this.brainUrl}/api/sidecars/.well-known/jwks.json`;
+    const { brainWs, jwksUrl } = resolveSidecarEndpoints(this.brainUrl);
 
     // Sign JWT
     const token = await new SignJWT({
@@ -280,7 +278,7 @@ export class SidecarManager implements Service {
     const sidecar = db.query('SELECT * FROM sidecars WHERE id = ?').get(id) as SidecarRecord;
     console.log(`[SidecarManager] Enrolled sidecar "${trimmed}" (${id})`);
 
-    return { token, sidecar };
+    return { token, sidecar, brain_url: brainWs };
   }
 
   // --------------- Registry (DB queries) ---------------
@@ -540,3 +538,45 @@ export class SidecarManager implements Service {
   }
 }
 
+export function resolveSidecarEndpoints(configuredBrainUrl: string): { brainWs: string; jwksUrl: string } {
+  const raw = configuredBrainUrl.trim();
+  if (!raw) {
+    throw new Error('Brain URL not configured');
+  }
+
+  if (!raw.includes('://')) {
+    const isLocalHost = raw.startsWith('localhost') || raw.startsWith('127.0.0.1') || raw.startsWith('[::1]');
+    const isSecure = !isLocalHost && !raw.match(/:\d+$/);
+    const protocol = isSecure ? 'wss' : 'ws';
+    const httpProtocol = isSecure ? 'https' : 'http';
+    return {
+      brainWs: `${protocol}://${raw}/sidecar/connect`,
+      jwksUrl: `${httpProtocol}://${raw}/api/sidecars/.well-known/jwks.json`,
+    };
+  }
+
+  const brainWsUrl = new URL(raw);
+  if (brainWsUrl.protocol === 'http:') {
+    brainWsUrl.protocol = 'ws:';
+  } else if (brainWsUrl.protocol === 'https:') {
+    brainWsUrl.protocol = 'wss:';
+  } else if (brainWsUrl.protocol !== 'ws:' && brainWsUrl.protocol !== 'wss:') {
+    throw new Error(`Unsupported brain_url protocol: ${brainWsUrl.protocol}`);
+  }
+
+  if (!brainWsUrl.pathname || brainWsUrl.pathname === '/') {
+    brainWsUrl.pathname = '/sidecar/connect';
+  }
+
+  const jwksUrl = new URL(brainWsUrl.toString());
+  jwksUrl.protocol = brainWsUrl.protocol === 'wss:' ? 'https:' : 'http:';
+  jwksUrl.pathname = '/api/sidecars/.well-known/jwks.json';
+  jwksUrl.search = '';
+  jwksUrl.hash = '';
+
+  return {
+    brainWs: brainWsUrl.toString(),
+    jwksUrl: jwksUrl.toString(),
+  };
+}
+