@vividcodeai/embeddedcowork 0.0.8 → 0.0.10

package/bin/cli.js

@@ -0,0 +1,56 @@
+#!/usr/bin/env node
+const { spawn } = require("child_process")
+const path = require("path")
+const fs = require("fs")
+
+const platformMap = {
+  "darwin-x64": "@vividcodeai/embeddedcowork-darwin-x64",
+  "darwin-arm64": "@vividcodeai/embeddedcowork-darwin-arm64",
+  "win32-x64": "@vividcodeai/embeddedcowork-win32-x64",
+  "linux-x64": "@vividcodeai/embeddedcowork-linux-x64",
+}
+
+const key = `${process.platform}-${process.arch}`
+const pkgName = platformMap[key]
+
+if (!pkgName) {
+  console.error(`Unsupported platform: ${key}`)
+  console.error("Supported platforms: darwin-x64, darwin-arm64, win32-x64, linux-x64")
+  process.exit(1)
+}
+
+const binaryName = process.platform === "win32" ? "embeddedcowork-server.exe" : "embeddedcowork-server"
+
+function findBinary(startDir) {
+  let current = startDir
+  for (;;) {
+    const modules = path.join(current, "node_modules")
+    if (fs.existsSync(modules)) {
+      const candidate = path.join(modules, pkgName, "bin", binaryName)
+      if (fs.existsSync(candidate)) return candidate
+    }
+    const parent = path.dirname(current)
+    if (parent === current) return null
+    current = parent
+  }
+}
+
+const scriptDir = path.dirname(fs.realpathSync(__filename))
+const binPath = findBinary(scriptDir)
+
+if (!binPath) {
+  console.error(
+    `Failed to find binary for platform ${key}. Try reinstalling: npm install @vividcodeai/embeddedcowork`
+  )
+  process.exit(1)
+}
+
+const child = spawn(binPath, process.argv.slice(2), { stdio: "inherit" })
+child.on("exit", (code, signal) => {
+  if (signal === "SIGTERM" && code === null) {
+    process.exit(0)
+  }
+  process.exit(code ?? 1)
+})
+process.on("SIGTERM", () => child.kill("SIGTERM"))
+process.on("SIGINT", () => child.kill("SIGINT"))

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vividcodeai/embeddedcowork",
-  "version": "0.0.8",
+  "version": "0.0.10",
   "description": "EmbeddedCowork Server",
   "license": "MIT",
   "author": {
@@ -17,19 +17,26 @@
     "url": "https://github.com/vividcode-ai/EmbeddedCowork.git"
   },
   "type": "module",
-  "main": "dist/index.js",
   "bin": {
-    "embeddedCowork": "dist/bin.js"
+    "embeddedCowork": "bin/cli.js",
+    "embcowork": "bin/cli.js"
   },
   "scripts": {
     "build": "npm run build:ui && npm run prepare-ui && tsc -p tsconfig.json && node ./scripts/copy-auth-pages.mjs && npm run prepare-config",
     "build:standalone": "node ./scripts/build-standalone.mjs",
+    "build:platforms": "node ./scripts/build-platforms.mjs",
     "build:ui": "npm run build --prefix ../ui",
     "prepare-ui": "node ./scripts/copy-ui-dist.mjs",
     "prepare-config": "node ./scripts/copy-opencode-config.mjs",
     "dev": "cross-env EMBEDDEDCOWORK_DEV=1 EMBEDDEDCOWORK_SERVER_PASSWORD=embeddedcowork-dev CLI_UI_DEV_SERVER=http://localhost:3000 CLI_HTTPS=false CLI_HTTP=true tsx src/index.ts",
     "typecheck": "tsc --noEmit -p tsconfig.json"
   },
+  "optionalDependencies": {
+    "@vividcodeai/embeddedcowork-darwin-x64": "0.0.8",
+    "@vividcodeai/embeddedcowork-darwin-arm64": "0.0.8",
+    "@vividcodeai/embeddedcowork-win32-x64": "0.0.8",
+    "@vividcodeai/embeddedcowork-linux-x64": "0.0.8"
+  },
   "dependencies": {
     "@fastify/cors": "^11.2.0",
     "@fastify/reply-from": "^12.6.2",

package/dist/api-types.js

@@ -1 +0,0 @@
-export const WINDOWS_DRIVES_ROOT = "__drives__";

package/dist/auth/auth-store.js

@@ -1,134 +0,0 @@
-import fs from "fs";
-import path from "path";
-import { hashPassword, verifyPassword } from "./password-hash";
-export class AuthStore {
-    constructor(authFilePath, logger) {
-        this.authFilePath = authFilePath;
-        this.logger = logger;
-        this.cachedFile = null;
-        this.overrideAuth = null;
-        this.bootstrapUsername = null;
-    }
-    getAuthFilePath() {
-        return this.authFilePath;
-    }
-    load() {
-        if (this.overrideAuth) {
-            return this.overrideAuth;
-        }
-        if (this.cachedFile) {
-            return this.cachedFile;
-        }
-        try {
-            if (!fs.existsSync(this.authFilePath)) {
-                return null;
-            }
-            const raw = fs.readFileSync(this.authFilePath, "utf-8");
-            const parsed = JSON.parse(raw);
-            if (!parsed || parsed.version !== 1) {
-                this.logger.warn({ authFilePath: this.authFilePath }, "Auth file has unsupported version");
-                return null;
-            }
-            this.cachedFile = parsed;
-            return parsed;
-        }
-        catch (error) {
-            this.logger.warn({ err: error, authFilePath: this.authFilePath }, "Failed to load auth file");
-            return null;
-        }
-    }
-    ensureInitialized(params) {
-        const password = params.password?.trim();
-        if (password) {
-            const now = new Date().toISOString();
-            const runtime = {
-                version: 1,
-                username: params.username,
-                password: hashPassword(password),
-                userProvided: true,
-                updatedAt: now,
-            };
-            this.overrideAuth = runtime;
-            this.cachedFile = null;
-            this.bootstrapUsername = null;
-            this.logger.debug({ authFilePath: this.authFilePath }, "Using runtime auth password override; ignoring auth file");
-            return;
-        }
-        const existing = this.load();
-        if (existing) {
-            if (existing.username !== params.username) {
-                // Keep existing username unless explicitly overridden later.
-                this.logger.debug({ existing: existing.username, requested: params.username }, "Auth username differs from requested");
-            }
-            this.bootstrapUsername = null;
-            return;
-        }
-        if (params.allowBootstrapWithoutPassword) {
-            this.bootstrapUsername = params.username;
-            this.logger.debug({ authFilePath: this.authFilePath }, "No auth file present; bootstrap-only mode enabled");
-            return;
-        }
-        throw new Error(`No server password configured. Create ${this.authFilePath} or start with --password / EMBEDDEDCOWORK_SERVER_PASSWORD.`);
-    }
-    validateCredentials(username, password) {
-        const auth = this.load();
-        if (!auth) {
-            return false;
-        }
-        if (username !== auth.username) {
-            return false;
-        }
-        return verifyPassword(password, auth.password);
-    }
-    setPassword(params) {
-        if (this.overrideAuth) {
-            throw new Error("Server password is provided via CLI/env and cannot be changed while running. Restart without --password / EMBEDDEDCOWORK_SERVER_PASSWORD to use auth.json.");
-        }
-        const current = this.load();
-        if (!current) {
-            if (!this.bootstrapUsername) {
-                throw new Error("Auth is not initialized");
-            }
-            const created = {
-                version: 1,
-                username: this.bootstrapUsername,
-                password: hashPassword(params.password),
-                userProvided: params.markUserProvided,
-                updatedAt: new Date().toISOString(),
-            };
-            this.persist(created);
-            this.bootstrapUsername = null;
-            return { username: created.username, passwordUserProvided: created.userProvided };
-        }
-        const next = {
-            ...current,
-            password: hashPassword(params.password),
-            userProvided: params.markUserProvided,
-            updatedAt: new Date().toISOString(),
-        };
-        this.persist(next);
-        return { username: next.username, passwordUserProvided: next.userProvided };
-    }
-    getStatus() {
-        const current = this.load();
-        if (current) {
-            return { username: current.username, passwordUserProvided: current.userProvided };
-        }
-        if (this.bootstrapUsername) {
-            return { username: this.bootstrapUsername, passwordUserProvided: false };
-        }
-        throw new Error("Auth is not initialized");
-    }
-    persist(auth) {
-        try {
-            fs.mkdirSync(path.dirname(this.authFilePath), { recursive: true });
-            fs.writeFileSync(this.authFilePath, JSON.stringify(auth, null, 2), "utf-8");
-            this.cachedFile = auth;
-            this.logger.debug({ authFilePath: this.authFilePath }, "Persisted auth file");
-        }
-        catch (error) {
-            this.logger.error({ err: error, authFilePath: this.authFilePath }, "Failed to persist auth file");
-            throw error;
-        }
-    }
-}

package/dist/auth/http-auth.js

@@ -1,37 +0,0 @@
-export function parseCookies(header) {
-    const result = {};
-    if (!header)
-        return result;
-    const parts = header.split(";");
-    for (const part of parts) {
-        const index = part.indexOf("=");
-        if (index < 0)
-            continue;
-        const key = part.slice(0, index).trim();
-        const value = part.slice(index + 1).trim();
-        if (!key)
-            continue;
-        result[key] = decodeURIComponent(value);
-    }
-    return result;
-}
-export function isLoopbackAddress(remoteAddress) {
-    if (!remoteAddress)
-        return false;
-    if (remoteAddress === "127.0.0.1" || remoteAddress === "::1")
-        return true;
-    if (remoteAddress === "::ffff:127.0.0.1")
-        return true;
-    return false;
-}
-export function wantsHtml(request) {
-    const accept = (request.headers["accept"] ?? "").toString().toLowerCase();
-    return accept.includes("text/html") || accept.includes("application/xhtml");
-}
-export function sendUnauthorized(request, reply) {
-    if (request.method === "GET" && !request.url.startsWith("/api/") && wantsHtml(request)) {
-        reply.redirect("/login");
-        return;
-    }
-    reply.code(401).send({ error: "Unauthorized" });
-}

package/dist/auth/manager.js

@@ -1,140 +0,0 @@
-import path from "path";
-import { AuthStore } from "./auth-store";
-import { TokenManager } from "./token-manager";
-import { SessionManager } from "./session-manager";
-import { isLoopbackAddress, parseCookies } from "./http-auth";
-export const BOOTSTRAP_TOKEN_STDOUT_PREFIX = "EMBEDDEDCOWORK_BOOTSTRAP_TOKEN:";
-export const DEFAULT_AUTH_USERNAME = "embeddedcowork";
-export const DEFAULT_AUTH_COOKIE_NAME = "embeddedcowork_session";
-export class AuthManager {
-    constructor(init, logger) {
-        this.init = init;
-        this.logger = logger;
-        this.sessionManager = new SessionManager();
-        this.cookieName = sanitizeCookieName(init.cookieName);
-        this.authEnabled = !Boolean(init.dangerouslySkipAuth);
-        if (!this.authEnabled) {
-            this.authStore = null;
-            this.tokenManager = null;
-            return;
-        }
-        const authFilePath = resolveAuthFilePath(init.configPath);
-        this.authStore = new AuthStore(authFilePath, logger.child({ component: "auth" }));
-        // Startup: password comes from CLI/env, auth.json, or bootstrap-only mode.
-        this.authStore.ensureInitialized({
-            username: init.username,
-            password: init.password,
-            allowBootstrapWithoutPassword: init.generateToken,
-        });
-        this.tokenManager = init.generateToken ? new TokenManager(60000) : null;
-    }
-    isAuthEnabled() {
-        return this.authEnabled;
-    }
-    getCookieName() {
-        return this.cookieName;
-    }
-    isTokenBootstrapEnabled() {
-        return Boolean(this.tokenManager);
-    }
-    issueBootstrapToken() {
-        if (!this.tokenManager)
-            return null;
-        return this.tokenManager.generate();
-    }
-    consumeBootstrapToken(token) {
-        if (!this.tokenManager)
-            return false;
-        return this.tokenManager.consume(token);
-    }
-    validateLogin(username, password) {
-        if (!this.authEnabled) {
-            return true;
-        }
-        return this.requireAuthStore().validateCredentials(username, password);
-    }
-    createSession(username) {
-        if (!this.authEnabled) {
-            return { id: "auth-disabled", createdAt: Date.now(), username: this.init.username };
-        }
-        return this.sessionManager.createSession(username);
-    }
-    getStatus() {
-        if (!this.authEnabled) {
-            return { username: this.init.username, passwordUserProvided: false };
-        }
-        return this.requireAuthStore().getStatus();
-    }
-    setPassword(password) {
-        if (!this.authEnabled) {
-            throw new Error("Internal authentication is disabled");
-        }
-        return this.requireAuthStore().setPassword({ password, markUserProvided: true });
-    }
-    isLoopbackRequest(request) {
-        return isLoopbackAddress(request.socket.remoteAddress);
-    }
-    getSessionFromRequest(request) {
-        return this.getSessionFromHeaders(request.headers);
-    }
-    getSessionFromHeaders(headers) {
-        if (!this.authEnabled) {
-            // When auth is disabled, treat all requests as authenticated.
-            // We still return a stable username so callers can display it.
-            return { username: this.init.username, sessionId: "auth-disabled" };
-        }
-        const cookieHeader = Array.isArray(headers.cookie) ? headers.cookie.join("; ") : headers.cookie;
-        const cookies = parseCookies(cookieHeader);
-        const sessionId = cookies[this.cookieName];
-        const session = this.sessionManager.getSession(sessionId);
-        if (!session)
-            return null;
-        return { username: session.username, sessionId: session.id };
-    }
-    setSessionCookie(reply, sessionId) {
-        reply.header("Set-Cookie", buildSessionCookie(this.cookieName, sessionId));
-    }
-    setSessionCookieWithOptions(reply, sessionId, options) {
-        reply.header("Set-Cookie", buildSessionCookie(this.cookieName, sessionId, options));
-    }
-    clearSessionCookie(reply) {
-        reply.header("Set-Cookie", buildSessionCookie(this.cookieName, "", { maxAgeSeconds: 0 }));
-    }
-    clearSessionCookieWithOptions(reply, options) {
-        reply.header("Set-Cookie", buildSessionCookie(this.cookieName, "", { maxAgeSeconds: 0, ...options }));
-    }
-    requireAuthStore() {
-        if (!this.authStore) {
-            throw new Error("Auth store is unavailable");
-        }
-        return this.authStore;
-    }
-}
-function sanitizeCookieName(value) {
-    const trimmed = value?.trim();
-    if (!trimmed) {
-        return DEFAULT_AUTH_COOKIE_NAME;
-    }
-    const sanitized = trimmed.replace(/[^A-Za-z0-9_-]/g, "_");
-    return sanitized.length > 0 ? sanitized : DEFAULT_AUTH_COOKIE_NAME;
-}
-function resolveAuthFilePath(configPath) {
-    const resolvedConfigPath = resolvePath(configPath);
-    return path.join(path.dirname(resolvedConfigPath), "auth.json");
-}
-function resolvePath(filePath) {
-    if (filePath.startsWith("~/")) {
-        return path.join(process.env.HOME ?? "", filePath.slice(2));
-    }
-    return path.resolve(filePath);
-}
-function buildSessionCookie(name, value, options) {
-    const parts = [`${name}=${encodeURIComponent(value)}`, "HttpOnly", "Path=/", "SameSite=Lax"];
-    if (options?.secure) {
-        parts.push("Secure");
-    }
-    if (options?.maxAgeSeconds !== undefined) {
-        parts.push(`Max-Age=${Math.max(0, Math.floor(options.maxAgeSeconds))}`);
-    }
-    return parts.join("; ");
-}

package/dist/auth/password-hash.js

@@ -1,32 +0,0 @@
-import crypto from "crypto";
-const DEFAULT_SCRYPT_PARAMS = {
-    N: 16384,
-    r: 8,
-    p: 1,
-    maxmem: 32 * 1024 * 1024,
-};
-export function hashPassword(password) {
-    const salt = crypto.randomBytes(16);
-    const params = DEFAULT_SCRYPT_PARAMS;
-    const keyLength = 64;
-    const derived = crypto.scryptSync(password, salt, keyLength, params);
-    return {
-        algorithm: "scrypt",
-        saltBase64: salt.toString("base64"),
-        hashBase64: Buffer.from(derived).toString("base64"),
-        keyLength,
-        params,
-    };
-}
-export function verifyPassword(password, record) {
-    if (record.algorithm !== "scrypt") {
-        return false;
-    }
-    const salt = Buffer.from(record.saltBase64, "base64");
-    const expected = Buffer.from(record.hashBase64, "base64");
-    const derived = crypto.scryptSync(password, salt, record.keyLength, record.params);
-    if (expected.length !== derived.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(expected, Buffer.from(derived));
-}

package/dist/auth/session-manager.js

@@ -1,17 +0,0 @@
-import crypto from "crypto";
-export class SessionManager {
-    constructor() {
-        this.sessions = new Map();
-    }
-    createSession(username) {
-        const id = crypto.randomBytes(32).toString("base64url");
-        const info = { id, createdAt: Date.now(), username };
-        this.sessions.set(id, info);
-        return info;
-    }
-    getSession(id) {
-        if (!id)
-            return undefined;
-        return this.sessions.get(id);
-    }
-}

package/dist/auth/token-manager.js

@@ -1,27 +0,0 @@
-import crypto from "crypto";
-export class TokenManager {
-    constructor(ttlMs) {
-        this.ttlMs = ttlMs;
-        this.token = null;
-    }
-    generate() {
-        const token = crypto.randomBytes(32).toString("base64url");
-        this.token = { token, createdAt: Date.now(), consumed: false };
-        return token;
-    }
-    consume(token) {
-        if (!this.token)
-            return false;
-        if (this.token.consumed)
-            return false;
-        if (Date.now() - this.token.createdAt > this.ttlMs)
-            return false;
-        if (token !== this.token.token)
-            return false;
-        this.token.consumed = true;
-        return true;
-    }
-    peek() {
-        return this.token?.token ?? null;
-    }
-}