npm - @tyvm/knowhow - Versions diffs - 0.0.108 → 0.0.109-dev.05fe5a0 - Mend

@tyvm/knowhow 0.0.108 → 0.0.109-dev.05fe5a0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (210) hide show

package/README.md +45 -0
package/package.json +9 -4
package/scripts/build-for-node.sh +10 -24
package/scripts/publish.sh +86 -0
package/src/agents/base/base.ts +10 -0
package/src/agents/tools/execCommand.ts +49 -6
package/src/agents/tools/index.ts +0 -1
package/src/agents/tools/list.ts +0 -2
package/src/chat/CliChatService.ts +10 -1
package/src/chat/modules/AgentModule.ts +61 -31
package/src/chat/modules/SessionsModule.ts +47 -3
package/src/chat/renderer/CompactRenderer.ts +20 -0
package/src/chat/renderer/ConsoleRenderer.ts +19 -0
package/src/chat/renderer/FancyRenderer.ts +19 -0
package/src/chat/renderer/types.ts +11 -0
package/src/cli.ts +91 -659
package/src/clients/anthropic.ts +17 -16
package/src/clients/index.ts +6 -5
package/src/clients/types.ts +19 -4
package/src/cloudWorker.ts +175 -113
package/src/commands/agent.ts +246 -0
package/src/commands/misc.ts +174 -0
package/src/commands/modules.ts +217 -0
package/src/commands/services.ts +77 -0
package/src/commands/workers.ts +168 -0
package/src/config.ts +37 -0
package/src/fileSync.ts +50 -17
package/src/index.ts +18 -0
package/src/logger.ts +197 -0
package/src/plugins/embedding.ts +11 -6
package/src/plugins/plugins.ts +0 -21
package/src/plugins/vim.ts +5 -16
package/src/processors/JsonCompressor.ts +6 -6
package/src/services/EventService.ts +61 -1
package/src/services/KnowhowClient.ts +34 -4
package/src/services/modules/index.ts +95 -51
package/src/services/modules/types.ts +6 -0
package/src/tunnel.ts +216 -0
package/src/types.ts +0 -1
package/src/worker.ts +105 -312
package/src/workers/auth/WsMiddleware.ts +99 -0
package/src/workers/auth/authMiddleware.ts +104 -0
package/src/workers/auth/types.ts +14 -2
package/src/workers/tools/index.ts +2 -0
package/src/workers/tools/reloadConfig.ts +84 -0
package/tests/services/WorkerReloadConfig.test.ts +141 -0
package/tests/unit/commands/github-credentials.test.ts +211 -0
package/tests/unit/modules/moduleLoading.test.ts +39 -37
package/tests/unit/plugins/pluginLoading.test.ts +0 -85
package/ts_build/package.json +9 -4
package/ts_build/src/agents/base/base.js +11 -0
package/ts_build/src/agents/base/base.js.map +1 -1
package/ts_build/src/agents/tools/execCommand.d.ts +1 -1
package/ts_build/src/agents/tools/execCommand.js +39 -5
package/ts_build/src/agents/tools/execCommand.js.map +1 -1
package/ts_build/src/agents/tools/index.d.ts +0 -1
package/ts_build/src/agents/tools/index.js +0 -1
package/ts_build/src/agents/tools/index.js.map +1 -1
package/ts_build/src/agents/tools/list.js +0 -2
package/ts_build/src/agents/tools/list.js.map +1 -1
package/ts_build/src/chat/CliChatService.js +13 -1
package/ts_build/src/chat/CliChatService.js.map +1 -1
package/ts_build/src/chat/modules/AgentModule.d.ts +1 -1
package/ts_build/src/chat/modules/AgentModule.js +43 -20
package/ts_build/src/chat/modules/AgentModule.js.map +1 -1
package/ts_build/src/chat/modules/SessionsModule.js +37 -3
package/ts_build/src/chat/modules/SessionsModule.js.map +1 -1
package/ts_build/src/chat/renderer/CompactRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/CompactRenderer.js +16 -0
package/ts_build/src/chat/renderer/CompactRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/ConsoleRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/ConsoleRenderer.js +16 -0
package/ts_build/src/chat/renderer/ConsoleRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/FancyRenderer.d.ts +4 -0
package/ts_build/src/chat/renderer/FancyRenderer.js +16 -0
package/ts_build/src/chat/renderer/FancyRenderer.js.map +1 -1
package/ts_build/src/chat/renderer/types.d.ts +2 -0
package/ts_build/src/cli.js +47 -519
package/ts_build/src/cli.js.map +1 -1
package/ts_build/src/clients/anthropic.d.ts +5 -5
package/ts_build/src/clients/anthropic.js +17 -16
package/ts_build/src/clients/anthropic.js.map +1 -1
package/ts_build/src/clients/index.js +2 -4
package/ts_build/src/clients/index.js.map +1 -1
package/ts_build/src/clients/types.d.ts +3 -2
package/ts_build/src/cloudWorker.d.ts +14 -0
package/ts_build/src/cloudWorker.js +105 -66
package/ts_build/src/cloudWorker.js.map +1 -1
package/ts_build/src/commands/agent.d.ts +6 -0
package/ts_build/src/commands/agent.js +229 -0
package/ts_build/src/commands/agent.js.map +1 -0
package/ts_build/src/commands/misc.d.ts +10 -0
package/ts_build/src/commands/misc.js +197 -0
package/ts_build/src/commands/misc.js.map +1 -0
package/ts_build/src/commands/modules.d.ts +3 -0
package/ts_build/src/commands/modules.js +207 -0
package/ts_build/src/commands/modules.js.map +1 -0
package/ts_build/src/commands/services.d.ts +5 -0
package/ts_build/src/commands/services.js +87 -0
package/ts_build/src/commands/services.js.map +1 -0
package/ts_build/src/commands/workers.d.ts +6 -0
package/ts_build/src/commands/workers.js +168 -0
package/ts_build/src/commands/workers.js.map +1 -0
package/ts_build/src/config.d.ts +1 -0
package/ts_build/src/config.js +32 -0
package/ts_build/src/config.js.map +1 -1
package/ts_build/src/fileSync.d.ts +6 -0
package/ts_build/src/fileSync.js +37 -12
package/ts_build/src/fileSync.js.map +1 -1
package/ts_build/src/index.d.ts +1 -0
package/ts_build/src/index.js +17 -1
package/ts_build/src/index.js.map +1 -1
package/ts_build/src/logger.d.ts +21 -0
package/ts_build/src/logger.js +106 -0
package/ts_build/src/logger.js.map +1 -0
package/ts_build/src/plugins/embedding.js +4 -3
package/ts_build/src/plugins/embedding.js.map +1 -1
package/ts_build/src/plugins/plugins.d.ts +0 -2
package/ts_build/src/plugins/plugins.js +0 -11
package/ts_build/src/plugins/plugins.js.map +1 -1
package/ts_build/src/plugins/vim.js +3 -9
package/ts_build/src/plugins/vim.js.map +1 -1
package/ts_build/src/processors/JsonCompressor.js +4 -4
package/ts_build/src/processors/JsonCompressor.js.map +1 -1
package/ts_build/src/services/EventService.d.ts +6 -1
package/ts_build/src/services/EventService.js +29 -0
package/ts_build/src/services/EventService.js.map +1 -1
package/ts_build/src/services/KnowhowClient.d.ts +13 -1
package/ts_build/src/services/KnowhowClient.js +19 -2
package/ts_build/src/services/KnowhowClient.js.map +1 -1
package/ts_build/src/services/modules/index.d.ts +33 -0
package/ts_build/src/services/modules/index.js +67 -47
package/ts_build/src/services/modules/index.js.map +1 -1
package/ts_build/src/services/modules/types.d.ts +6 -0
package/ts_build/src/tunnel.d.ts +27 -0
package/ts_build/src/tunnel.js +112 -0
package/ts_build/src/tunnel.js.map +1 -0
package/ts_build/src/types.d.ts +0 -1
package/ts_build/src/types.js.map +1 -1
package/ts_build/src/worker.d.ts +1 -4
package/ts_build/src/worker.js +59 -227
package/ts_build/src/worker.js.map +1 -1
package/ts_build/src/workers/auth/WsMiddleware.d.ts +8 -0
package/ts_build/src/workers/auth/WsMiddleware.js +65 -0
package/ts_build/src/workers/auth/WsMiddleware.js.map +1 -0
package/ts_build/src/workers/auth/authMiddleware.d.ts +3 -0
package/ts_build/src/workers/auth/authMiddleware.js +60 -0
package/ts_build/src/workers/auth/authMiddleware.js.map +1 -0
package/ts_build/src/workers/auth/types.d.ts +8 -1
package/ts_build/src/workers/tools/index.d.ts +2 -0
package/ts_build/src/workers/tools/index.js +4 -1
package/ts_build/src/workers/tools/index.js.map +1 -1
package/ts_build/src/workers/tools/reloadConfig.d.ts +14 -0
package/ts_build/src/workers/tools/reloadConfig.js +48 -0
package/ts_build/src/workers/tools/reloadConfig.js.map +1 -0
package/ts_build/tests/services/WorkerReloadConfig.test.d.ts +1 -0
package/ts_build/tests/services/WorkerReloadConfig.test.js +86 -0
package/ts_build/tests/services/WorkerReloadConfig.test.js.map +1 -0
package/ts_build/tests/unit/commands/github-credentials.test.d.ts +1 -0
package/ts_build/tests/unit/commands/github-credentials.test.js +146 -0
package/ts_build/tests/unit/commands/github-credentials.test.js.map +1 -0
package/ts_build/tests/unit/modules/moduleLoading.test.js +20 -26
package/ts_build/tests/unit/modules/moduleLoading.test.js.map +1 -1
package/ts_build/tests/unit/plugins/pluginLoading.test.js +0 -65
package/ts_build/tests/unit/plugins/pluginLoading.test.js.map +1 -1
package/src/agents/tools/executeScript/README.md +0 -94
package/src/agents/tools/executeScript/definition.ts +0 -79
package/src/agents/tools/executeScript/examples/dependency-injection-validation.ts +0 -272
package/src/agents/tools/executeScript/examples/quick-test.ts +0 -74
package/src/agents/tools/executeScript/examples/serialization-test.ts +0 -321
package/src/agents/tools/executeScript/examples/test-runner.ts +0 -197
package/src/agents/tools/executeScript/index.ts +0 -98
package/src/services/script-execution/SandboxContext.ts +0 -282
package/src/services/script-execution/ScriptExecutor.ts +0 -441
package/src/services/script-execution/ScriptPolicy.ts +0 -194
package/src/services/script-execution/ScriptTracer.ts +0 -249
package/src/services/script-execution/types.ts +0 -134
package/ts_build/src/agents/tools/executeScript/definition.d.ts +0 -2
package/ts_build/src/agents/tools/executeScript/definition.js +0 -76
package/ts_build/src/agents/tools/executeScript/definition.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.d.ts +0 -18
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.js +0 -192
package/ts_build/src/agents/tools/executeScript/examples/dependency-injection-validation.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/quick-test.d.ts +0 -3
package/ts_build/src/agents/tools/executeScript/examples/quick-test.js +0 -64
package/ts_build/src/agents/tools/executeScript/examples/quick-test.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.d.ts +0 -15
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.js +0 -266
package/ts_build/src/agents/tools/executeScript/examples/serialization-test.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/examples/test-runner.d.ts +0 -4
package/ts_build/src/agents/tools/executeScript/examples/test-runner.js +0 -208
package/ts_build/src/agents/tools/executeScript/examples/test-runner.js.map +0 -1
package/ts_build/src/agents/tools/executeScript/index.d.ts +0 -28
package/ts_build/src/agents/tools/executeScript/index.js +0 -72
package/ts_build/src/agents/tools/executeScript/index.js.map +0 -1
package/ts_build/src/services/script-execution/SandboxContext.d.ts +0 -34
package/ts_build/src/services/script-execution/SandboxContext.js +0 -189
package/ts_build/src/services/script-execution/SandboxContext.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptExecutor.d.ts +0 -19
package/ts_build/src/services/script-execution/ScriptExecutor.js +0 -269
package/ts_build/src/services/script-execution/ScriptExecutor.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptPolicy.d.ts +0 -28
package/ts_build/src/services/script-execution/ScriptPolicy.js +0 -115
package/ts_build/src/services/script-execution/ScriptPolicy.js.map +0 -1
package/ts_build/src/services/script-execution/ScriptTracer.d.ts +0 -19
package/ts_build/src/services/script-execution/ScriptTracer.js +0 -186
package/ts_build/src/services/script-execution/ScriptTracer.js.map +0 -1
package/ts_build/src/services/script-execution/types.d.ts +0 -108
package/ts_build/src/services/script-execution/types.js +0 -3
package/ts_build/src/services/script-execution/types.js.map +0 -1

package/src/worker.ts CHANGED Viewed

@@ -1,12 +1,16 @@
 import os from "os";
 import { WebSocket } from "ws";
-import { createTunnelHandler, TunnelHandler } from "@tyvm/knowhow-tunnel";
+import { TunnelHandler } from "@tyvm/knowhow-tunnel";
 import { includedTools } from "./agents/tools/list";
 import { loadJwt } from "./login";
 import { services } from "./services";
 import { PasskeySetupService } from "./workers/auth/PasskeySetup";
 import { WorkerPasskeyAuthService } from "./workers/auth/WorkerPasskeyAuth";
-import { makeUnlockTool, makeLockTool } from "./workers/tools";
+import {
+  makeUnlockTool,
+  makeLockTool,
+  makeReloadConfigTool,
+} from "./workers/tools";
 import { McpServerService } from "./services/Mcp";
 import * as allTools from "./agents/tools";
 import workerTools from "./workers/tools";
@@ -14,6 +18,11 @@ import { wait } from "./utils";
 import { getConfig, updateConfig } from "./config";
 import { KNOWHOW_API_URL } from "./services/KnowhowClient";
 import { registerWorkerPath } from "./workerRegistry";
+import {
+  extractTunnelDomain,
+  resolveTunnelConfig,
+  connectTunnelWebSocket,
+} from "./tunnel";
 const API_URL = KNOWHOW_API_URL;
@@ -90,6 +99,7 @@ export async function worker(options?: {
   noSandbox?: boolean;
   passkey?: boolean;
   passkeyReset?: boolean;
+  allowedTools?: string[];
 }) {
   const config = await getConfig();
@@ -209,9 +219,9 @@ export async function worker(options?: {
     console.log(`🖥️  Using host mode (${sandboxSource})`);
   }
-  // Use the config we already loaded above
-  if (!config.worker || !config.worker.allowedTools) {
+  // If a tool list override was passed (e.g. from tunnel mode), skip the
+  // first-run config write and use it directly.
+  if (!options?.allowedTools && (!config.worker || !config.worker.allowedTools)) {
     console.log(
       "Worker tools configured! Update knowhow.json to adjust which tools are allowed by the worker."
     );
@@ -229,7 +239,8 @@ export async function worker(options?: {
     return;
   }
-  let toolsToUse = Tools.getToolsByNames(config.worker.allowedTools);
+  const resolvedToolNames = options?.allowedTools ?? config.worker!.allowedTools;
+  let toolsToUse = Tools.getToolsByNames(resolvedToolNames);
   // If passkey auth is enabled, wrap all tool functions to check locked state
   // and register the unlock/lock auth tools
@@ -264,6 +275,22 @@ export async function worker(options?: {
     console.log("🔑 Auth tools registered: unlock, lock");
   }
+  // Register the reloadConfig tool so agents can hot-reload MCPs/config
+  // without restarting the worker process.
+  // Uses a closure over `toolsToUse` so the tool can update it in-place.
+  const { reloadConfig, reloadConfigDefinition } = makeReloadConfigTool(
+    Mcp,
+    Tools,
+    mcpServer,
+    (newTools) => {
+      toolsToUse = newTools;
+    }
+  );
+  Tools.addFunctions({ reloadConfig });
+  toolsToUse = [...toolsToUse, reloadConfigDefinition];
+  console.log("🔄 reloadConfig tool registered");
   mcpServer.createServer(clientName, clientVersion).withTools(toolsToUse);
   let connected = false;
@@ -272,31 +299,14 @@ export async function worker(options?: {
   let lastJwt: string | null = null;
   let unauthorizedJwt: string | null = null;
-  // Check if tunnel is enabled
-  const tunnelEnabled = config.worker?.tunnel?.enabled ?? false;
+  // Check if tunnel is enabled.
+  // When allowedTools is passed as an override (e.g. from `knowhow tunnel`),
+  // the tunnel is always forced on — that's the whole point of tunnel mode.
+  const tunnelEnabled = options?.allowedTools
+    ? true
+    : (config.worker?.tunnel?.enabled ?? false);
-  // Determine localHost based on environment
-  let tunnelLocalHost = config.worker?.tunnel?.localHost;
-  if (!tunnelLocalHost) {
-    // Auto-detect based on Docker environment
-    if (isInsideDocker) {
-      tunnelLocalHost = "host.docker.internal";
-      console.log(
-        "🐳 Docker detected: tunnel will use host.docker.internal to reach host services"
-      );
-    } else {
-      tunnelLocalHost = "127.0.0.1";
-    }
-  }
-  // Check for port mapping configuration
-  const portMapping = config.worker?.tunnel?.portMapping || {};
-  if (Object.keys(portMapping).length > 0) {
-    console.log("🔀 Port mapping configured:");
-    for (const [containerPort, hostPort] of Object.entries(portMapping)) {
-      console.log(`   Container port ${containerPort} → Host port ${hostPort}`);
-    }
-  }
+  const { tunnelLocalHost, portMapping } = resolveTunnelConfig(config, isInsideDocker);
   if (tunnelEnabled) {
     const tunnelPorts = config.worker?.tunnel?.allowedPorts || [];
@@ -313,31 +323,6 @@ export async function worker(options?: {
     );
   }
-  // Extract tunnel domain from API_URL
-  // e.g., "https://api.knowhow.tyvm.ai" -> "knowhow.tyvm.ai"
-  // e.g., "http://localhost:4000" -> "localhost:4000"
-  function extractTunnelDomain(apiUrl: string): {
-    domain: string;
-    useHttps: boolean;
-  } {
-    try {
-      const url = new URL(apiUrl);
-      const useHttps = url.protocol === "https:";
-      // For localhost, include port; for production, just use hostname
-      if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
-        return {
-          domain: `worker.${url.hostname}:${url.port || "80"}`,
-          useHttps,
-        };
-      }
-      return { domain: `worker.${url.hostname}`, useHttps };
-    } catch (err) {
-      console.error("Failed to parse API_URL for tunnel domain:", err);
-      return { domain: "worker.localhost:4000", useHttps: false }; // fallback
-    }
-  }
   async function connectWebSocket() {
     const jwt = await loadJwt();
     console.log(`Connecting to ${API_URL}`);
@@ -403,6 +388,38 @@ export async function worker(options?: {
             console.log(`✅ Worker ID recorded: ${parsed.workerId}`);
           }
         }
+        // Hot-reload: re-read config, reconnect MCPs, and rebuild the tool list
+        // without restarting the worker process.
+        if (parsed?.type === "reloadConfig") {
+          console.log(
+            "🔄 Received reloadConfig — reloading MCPs, modules and tools..."
+          );
+          try {
+            // Re-read fresh config from disk
+            const freshConfig = await getConfig();
+            // Close all existing MCP connections
+            await Mcp.closeAll();
+            // Reconnect from fresh config and re-register tools
+            await Mcp.connectToConfigured(Tools);
+            // Rebuild the allowed tools list from fresh config
+            const allowedToolNames =
+              freshConfig.worker?.allowedTools ?? Tools.getToolNames();
+            toolsToUse = Tools.getToolsByNames(allowedToolNames);
+            // Update the MCP server with new tool list
+            mcpServer.withTools(toolsToUse);
+            console.log(
+              `✅ Config reloaded: ${toolsToUse.length} tools active`
+            );
+          } catch (err) {
+            console.error("❌ Failed to reload config:", err);
+          }
+        }
       } catch {
         // Not our message — ignore parse errors
       }
@@ -412,90 +429,40 @@ export async function worker(options?: {
     // Create separate WebSocket connection for tunnel if enabled
     let tunnelConnection: WebSocket | null = null;
     if (tunnelEnabled) {
-      tunnelConnection = new WebSocket(`${API_URL}/ws/tunnel`, {
+      tunnelConnection = connectTunnelWebSocket({
+        tunnelDomain,
+        tunnelUseHttps,
+        tunnelLocalHost,
+        portMapping,
+        config,
         headers,
-      });
-      tunnelConnection.on("open", () => {
-        console.log("Tunnel WebSocket connected");
-        // Get the allowedPorts configuration
-        const allowedPorts = config.worker?.tunnel?.allowedPorts || [];
-        // Create URL rewriter callback that returns the hostname (without protocol)
-        // The tunnel package will add the protocol based on the useHttps config
-        // This receives port and metadata from the tunnel request
-        const urlRewriter = (port: number, metadata?: any) => {
-          const workerId = metadata?.workerId;
-          const secret = metadata?.secret;
-          // Build the hostname/domain (without protocol) based on metadata
-          // The tunnel handler will add the protocol using the useHttps config
-          // Examples:
-          // - secret-p3000.worker.example.com
-          // - workerId-p3000.worker.example.com
-          const subdomain = secret
-            ? `${secret}-p${port}`
-            : `${workerId}-p${port}`;
-          // Return just the hostname - the tunnel package should add the protocol
-          // based on the useHttps configuration passed below
-          const replacementUrl = `${subdomain}.${tunnelDomain}`;
-          return replacementUrl;
-        };
-        const tunnelConfig = {
-          allowedPorts,
-          maxConcurrentStreams:
-            config.worker?.tunnel?.maxConcurrentStreams || 50,
-          tunnelUseHttps,
-          localHost: tunnelLocalHost,
-          urlRewriter,
-          enableUrlRewriting:
-            config.worker?.tunnel?.enableUrlRewriting !== false,
-          portMapping,
-          logLevel: "debug" as const,
-        };
-        // Initialize tunnel handler with the tunnel-specific WebSocket
-        // Pass useHttps flag so the tunnel package can add the correct protocol
-        tunnelHandler = createTunnelHandler(tunnelConnection!, tunnelConfig);
-        console.log("🌐 Tunnel handler initialized");
-        console.log(tunnelConfig);
-      });
-      tunnelConnection.on("close", (code, reason) => {
-        console.log(
-          `Tunnel WebSocket closed. Code: ${code}, Reason: ${reason.toString()}`
-        );
-        if (code === 1008) {
-          unauthorizedJwt = lastJwt;
-          console.error(
-            "❌ Tunnel received Unauthorized (1008). The JWT may be expired."
-          );
-          console.error("   Pausing reconnection until JWT changes...");
-        } else {
-          console.log(
-            "Tunnel connection will reconnect on next connection cycle..."
-          );
-        }
-        // Cleanup tunnel handler
-        if (tunnelHandler) {
-          tunnelHandler.cleanup();
-          tunnelHandler = null;
-        }
-        tunnelWs = null;
-        // Mark as disconnected to trigger reconnection
-        // The tunnel websocket is separate but we should reconnect both
-        connected = false;
-      });
-      tunnelConnection.on("error", (error) => {
-        console.error("Tunnel WebSocket error:", error);
-        // Mark as disconnected on error to trigger reconnection
-        connected = false;
+        authService,
+        onOpen: (handler) => {
+          tunnelHandler = handler;
+        },
+        onClose: (code, _reason) => {
+          if (code === 1008) {
+            unauthorizedJwt = lastJwt;
+            console.error(
+              "❌ Tunnel received Unauthorized (1008). The JWT may be expired."
+            );
+            console.error("   Pausing reconnection until JWT changes...");
+          } else {
+            console.log(
+              "Tunnel connection will reconnect on next connection cycle..."
+            );
+          }
+          if (tunnelHandler) {
+            tunnelHandler.cleanup();
+            tunnelHandler = null;
+          }
+          tunnelWs = null;
+          // The tunnel websocket is separate but we should reconnect both
+          connected = false;
+        },
+        onError: (_error) => {
+          connected = false;
+        },
       });
       tunnelWs = tunnelConnection;
@@ -578,177 +545,3 @@ export async function worker(options?: {
     await wait(5000);
   }
 }
-/**
- * Run tunnel-only mode: connects to the Knowhow tunnel WebSocket without
- * registering any MCP tools. Useful for users who only want the web tunnel
- * feature to expose local ports to the cloud.
- */
-export async function tunnel(options?: {
-  share?: boolean;
-  unshare?: boolean;
-}) {
-  const config = await getConfig();
-  const isInsideDocker = process.env.KNOWHOW_DOCKER === "true";
-  // Determine localHost based on environment
-  let tunnelLocalHost = config.worker?.tunnel?.localHost;
-  if (!tunnelLocalHost) {
-    if (isInsideDocker) {
-      tunnelLocalHost = "host.docker.internal";
-      console.log(
-        "🐳 Docker detected: tunnel will use host.docker.internal to reach host services"
-      );
-    } else {
-      tunnelLocalHost = "127.0.0.1";
-    }
-  }
-  // Check for port mapping configuration
-  const portMapping = config.worker?.tunnel?.portMapping || {};
-  if (Object.keys(portMapping).length > 0) {
-    console.log("🔀 Port mapping configured:");
-    for (const [containerPort, hostPort] of Object.entries(portMapping)) {
-      console.log(`   Container port ${containerPort} → Host port ${hostPort}`);
-    }
-  }
-  const tunnelPorts = config.worker?.tunnel?.allowedPorts || [];
-  if (tunnelPorts.length === 0) {
-    console.warn(
-      "⚠️  No allowedPorts configured. Add worker.tunnel.allowedPorts to knowhow.json"
-    );
-  } else {
-    console.log(`🌐 Tunnel mode for ports: ${tunnelPorts.join(", ")}`);
-  }
-  // Extract tunnel domain from API_URL
-  function extractTunnelDomain(apiUrl: string): {
-    domain: string;
-    useHttps: boolean;
-  } {
-    try {
-      const url = new URL(apiUrl);
-      const useHttps = url.protocol === "https:";
-      if (url.hostname === "localhost" || url.hostname === "127.0.0.1") {
-        return {
-          domain: `worker.${url.hostname}:${url.port || "80"}`,
-          useHttps,
-        };
-      }
-      return { domain: `worker.${url.hostname}`, useHttps };
-    } catch (err) {
-      console.error("Failed to parse API_URL for tunnel domain:", err);
-      return { domain: "worker.localhost:4000", useHttps: false };
-    }
-  }
-  let connected = false;
-  let tunnelHandler: TunnelHandler | null = null;
-  let lastJwt: string | null = null;
-  let unauthorizedJwt: string | null = null;
-  async function connectTunnel() {
-    const jwt = await loadJwt();
-    lastJwt = jwt;
-    console.log(`Connecting tunnel to ${API_URL}`);
-    const dir = process.cwd();
-    const homedir = os.homedir();
-    const hostname = process.env.WORKER_HOSTNAME || os.hostname();
-    const root =
-      process.env.WORKER_ROOT ||
-      (dir === homedir ? "~" : dir.replace(homedir, "~"));
-    const headers: Record<string, string> = {
-      Authorization: `Bearer ${jwt}`,
-      "User-Agent": `knowhow-tunnel/1.0.0/${hostname}`,
-      Root: root,
-    };
-    if (options?.share) {
-      headers.Shared = "true";
-      console.log("🔓 Tunnel shared with organization");
-    } else if (options?.unshare) {
-      headers.Shared = "false";
-      console.log("🔒 Tunnel is now private (unshared)");
-    } else {
-      console.log("🔒 Tunnel is private (only you can use it)");
-    }
-    const { domain: tunnelDomain, useHttps: tunnelUseHttps } =
-      extractTunnelDomain(API_URL);
-    const tunnelConnection = new WebSocket(`${API_URL}/ws/tunnel`, { headers });
-    tunnelConnection.on("open", () => {
-      console.log("🌐 Tunnel WebSocket connected");
-      connected = true;
-      const allowedPorts = config.worker?.tunnel?.allowedPorts || [];
-      const urlRewriter = (port: number, metadata?: any) => {
-        const workerId = metadata?.workerId;
-        const secret = metadata?.secret;
-        const subdomain = secret ? `${secret}-p${port}` : `${workerId}-p${port}`;
-        return `${subdomain}.${tunnelDomain}`;
-      };
-      const tunnelConfig = {
-        allowedPorts,
-        maxConcurrentStreams: config.worker?.tunnel?.maxConcurrentStreams || 50,
-        tunnelUseHttps,
-        localHost: tunnelLocalHost,
-        urlRewriter,
-        enableUrlRewriting: config.worker?.tunnel?.enableUrlRewriting !== false,
-        portMapping,
-        logLevel: "debug" as const,
-      };
-      tunnelHandler = createTunnelHandler(tunnelConnection, tunnelConfig);
-      console.log("🌐 Tunnel handler initialized");
-      console.log(tunnelConfig);
-    });
-    tunnelConnection.on("close", (code, reason) => {
-      console.log(`Tunnel WebSocket closed. Code: ${code}, Reason: ${reason.toString()}`);
-      if (code === 1008) {
-        unauthorizedJwt = lastJwt;
-        console.error("❌ Tunnel received Unauthorized (1008). The JWT may be expired.");
-        console.error("   Run 'knowhow login' to refresh your token, then restart.");
-        console.error("   Pausing reconnection until JWT changes...");
-      } else {
-        console.log("Tunnel connection will reconnect on next cycle...");
-      }
-      if (tunnelHandler) {
-        tunnelHandler.cleanup();
-        tunnelHandler = null;
-      }
-      connected = false;
-    });
-    tunnelConnection.on("error", (error) => {
-      console.error("Tunnel WebSocket error:", error);
-      connected = false;
-    });
-    return tunnelConnection;
-  }
-  while (true) {
-    if (!connected) {
-      if (unauthorizedJwt !== null) {
-        const currentJwt = await loadJwt().catch(() => null);
-        if (currentJwt === unauthorizedJwt) {
-          await wait(5000);
-          continue;
-        }
-        console.log("🔄 JWT has changed, attempting to reconnect tunnel...");
-        unauthorizedJwt = null;
-      }
-      console.log("Attempting to connect tunnel...");
-      await connectTunnel();
-    }
-    await wait(5000);
-  }
-}

package/src/workers/auth/WsMiddleware.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import { WebSocket } from "ws";
+import EventEmitter from "events";
+/**
+ * A middleware function that intercepts raw WebSocket messages before
+ * they reach the transport/handler layer.
+ *
+ * - Call next() to pass the message through.
+ * - Call next(err) to abort (the socket will be closed with code 1008 + reason).
+ * - Sending a reply directly on ws is allowed (e.g. for auth challenges).
+ */
+export type WsMiddlewareFn = (
+  ws: WebSocket,
+  data: Buffer | string,
+  next: (err?: Error) => void
+) => void | Promise<void>;
+export class WsMiddlewareStack {
+  private fns: WsMiddlewareFn[] = [];
+  use(fn: WsMiddlewareFn): this {
+    this.fns.push(fn);
+    return this;
+  }
+  /**
+   * Attach all middleware to a WebSocket, intercepting every "message" event.
+   * Once a message passes all middleware, onMessage is called.
+   * Use this for MCP transports where you control the message handler directly.
+   */
+  attach(ws: WebSocket, onMessage: (data: Buffer | string) => void): void {
+    ws.on("message", async (data: Buffer | string) => {
+      let i = 0;
+      const next = async (err?: Error): Promise<void> => {
+        if (err) {
+          console.error("WS middleware rejected message:", err.message);
+          ws.close(1008, err.message);
+          return;
+        }
+        const fn = this.fns[i++];
+        if (fn) {
+          await fn(ws, data, next);
+        } else {
+          onMessage(data);
+        }
+      };
+      await next();
+    });
+  }
+  /**
+   * Wrap a WebSocket so ALL incoming messages pass through this middleware
+   * before being dispatched to any subsequently-registered "message" listeners.
+   *
+   * Call this BEFORE any other code attaches "message" handlers (e.g. before
+   * initTunnelHandler). Uses Node.js EventEmitter ordering: our listener runs
+   * first because it was registered first.
+   *
+   * After wrapSocket(), any subsequent ws.on("message", handler) calls are
+   * redirected to an inner EventEmitter that only receives messages that have
+   * passed all middleware. This ensures the tunnel handler's listener is
+   * automatically gated by the middleware.
+   */
+  wrapSocket(ws: WebSocket): void {
+    const innerEmitter = new EventEmitter();
+    // Our listener runs first (registered before tunnel handler's listener).
+    ws.on("message", async (data: Buffer | string) => {
+      let i = 0;
+      const next = async (err?: Error): Promise<void> => {
+        if (err) {
+          console.error("WS middleware rejected message:", err.message);
+          ws.close(1008, err.message);
+          return;
+        }
+        const fn = this.fns[i++];
+        if (fn) {
+          await fn(ws, data, next);
+        } else {
+          // All middleware passed — dispatch to inner listeners
+          innerEmitter.emit("message", data);
+        }
+      };
+      await next();
+    });
+    // Redirect future ws.on("message", ...) calls to innerEmitter.
+    // This means createTunnelHandler()'s listener goes to innerEmitter,
+    // so it only receives messages that passed middleware.
+    const originalOn = ws.on.bind(ws);
+    (ws as any).on = (event: string, listener: (...args: any[]) => void) => {
+      if (event === "message") {
+        innerEmitter.on("message", listener);
+        return ws;
+      }
+      return originalOn(event, listener);
+    };
+  }
+}

package/src/workers/auth/authMiddleware.ts ADDED Viewed

@@ -0,0 +1,104 @@
+import { WebSocket } from "ws";
+import { WorkerPasskeyAuthService } from "./WorkerPasskeyAuth";
+import { WsMiddlewareFn } from "./WsMiddleware";
+/**
+ * WebSocket middleware that gates all messages behind passkey auth.
+ *
+ * This middleware is applied to the TUNNEL WebSocket only — NOT the worker
+ * MCP WebSocket. The MCP path keeps the existing unlock/lock tool-based approach.
+ *
+ * Auth protocol (out-of-band, not MCP):
+ *
+ *   Client → Worker:  { type: "auth:getChallenge" }
+ *   Worker → Client:  { type: "auth:challenge", challenge: "<base64url>", credentialId: "..." }
+ *   Client → Worker:  { type: "auth:response", challenge, signature, credentialId,
+ *                        authenticatorData, clientDataJSON }
+ *   Worker → Client:  { type: "auth:success", expiresAt: "<iso>" }
+ *                  or { type: "auth:failure", reason: "..." }
+ *
+ * While locked, all non-auth messages receive { type: "auth:locked" }.
+ * Once unlocked, isLocked() is re-checked on every message to enforce session expiry.
+ *
+ * The authService passed here is the SAME singleton used by the MCP unlock tool,
+ * so unlocking via either path opens both the tunnel and MCP tool access.
+ */
+export function makeAuthMiddleware(
+  authService: WorkerPasskeyAuthService
+): WsMiddlewareFn {
+  return async (ws: WebSocket, data: Buffer | string, next) => {
+    // Re-check on every message to enforce session expiry
+    if (!authService.isLocked()) {
+      return next();
+    }
+    // Parse the raw message
+    let parsed: any;
+    try {
+      const raw = typeof data === "string" ? data : data.toString("utf-8");
+      parsed = JSON.parse(raw);
+    } catch {
+      ws.send(
+        JSON.stringify({
+          type: "auth:locked",
+          message: "Worker is locked. Send { type: 'auth:getChallenge' } first.",
+        })
+      );
+      return; // don't call next()
+    }
+    // auth:getChallenge — issue a challenge
+    if (parsed.type === "auth:getChallenge") {
+      const challenge = authService.generateChallenge();
+      ws.send(
+        JSON.stringify({
+          type: "auth:challenge",
+          challenge,
+          credentialId: authService.getCredentialId(),
+          timestamp: Math.floor(Date.now() / 1000),
+        })
+      );
+      return;
+    }
+    // auth:response — verify the assertion
+    if (parsed.type === "auth:response") {
+      const result = await authService.unlock({
+        signature: parsed.signature,
+        credentialId: parsed.credentialId,
+        authenticatorData: parsed.authenticatorData,
+        clientDataJSON: parsed.clientDataJSON,
+        challenge: parsed.challenge,
+      });
+      if (result.success) {
+        const info = authService.getSessionInfo();
+        ws.send(
+          JSON.stringify({
+            type: "auth:success",
+            expiresAt: info.expiresAt,
+          })
+        );
+      } else {
+        ws.send(
+          JSON.stringify({
+            type: "auth:failure",
+            reason: result.reason ?? "unknown",
+          })
+        );
+      }
+      // Auth protocol message — don't pass to tunnel handler
+      return;
+    }
+    // Any other message while locked — block it
+    ws.send(
+      JSON.stringify({
+        type: "auth:locked",
+        message:
+          "Worker is locked. Send { type: 'auth:getChallenge' } to authenticate.",
+      })
+    );
+    // don't call next()
+  };
+}