@wangyaoshen/remux 0.3.8-dev.29e114b

package/.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,47 @@
+---
+name: Bug report
+about: Report a regression or defect in the current Zellij-era product path
+title: "[bug] "
+labels: ["bug"]
+assignees: []
+---
+
+## Summary
+
+Describe the problem in one paragraph.
+
+## Affected Layer
+
+- [ ] backend gateway
+- [ ] zellij integration
+- [ ] web frontend
+- [ ] docs / devex
+- [ ] tests / CI
+
+## Environment
+
+- Remux version:
+- Node.js version:
+- Zellij version:
+- Browser / device:
+
+## Reproduction
+
+1.
+2.
+3.
+
+## Expected Behavior
+
+What should have happened?
+
+## Validation
+
+- [ ] `npm run typecheck`
+- [ ] `npm test`
+- [ ] `npm run build`
+
+## Notes
+
+Include logs, screenshots, or links when relevant.
+

package/.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,38 @@
+---
+name: Feature request
+about: Propose a feature aligned with the current Zellij-era roadmap
+title: "[feature] "
+labels: ["enhancement"]
+assignees: []
+---
+
+## Summary
+
+What capability should Remux gain?
+
+## Scope Bucket
+
+- [ ] v1 must ship
+- [ ] v1.5 optional
+- [ ] research / future
+
+## Surfaces
+
+- [ ] Inspect
+- [ ] Live
+- [ ] Control
+- [ ] gateway / runtime
+- [ ] docs / devex
+
+## User Outcome
+
+What becomes possible or easier after this lands?
+
+## Acceptance
+
+How will we know the work is done?
+
+## Risks / Dependencies
+
+What could block or complicate this?
+

package/.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,28 @@
+## Summary
+
+- what changed
+- why it changed
+
+## Area
+
+- [ ] backend gateway
+- [ ] zellij integration
+- [ ] web frontend
+- [ ] docs / devex
+- [ ] tests / CI
+
+## Validation
+
+- [ ] `npm run check:terminology`
+- [ ] `npm run typecheck`
+- [ ] `npm test`
+- [ ] `npm run build`
+
+## Acceptance Notes
+
+List the user-visible or maintainer-visible acceptance outcomes here.
+
+## Risk
+
+Call out migration risk, compatibility risk, or follow-up work.
+

package/.github/dependabot.yml

@@ -0,0 +1,33 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+      timezone: "UTC"
+    open-pull-requests-limit: 10
+    labels:
+      - "dependencies"
+    commit-message:
+      prefix: "deps"
+    groups:
+      npm-patch-minor:
+        update-types:
+          - "minor"
+          - "patch"
+
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:30"
+      timezone: "UTC"
+    open-pull-requests-limit: 5
+    labels:
+      - "dependencies"
+      - "ci"
+    commit-message:
+      prefix: "deps(ci)"

package/.github/workflows/ci.yml

@@ -0,0 +1,65 @@
+name: CI
+
+on:
+  push:
+    branches: [dev, main]
+  pull_request:
+    branches: [dev, main]
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        node-version: [20, 22]
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm run build
+      - run: pnpm test
+
+  swift-test:
+    runs-on: macos-15
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - run: cd packages/RemuxKit && swift build && swift test
+
+  # ── Dev prerelease: publish @dev tag on push to dev ──
+  prerelease:
+    if: github.ref == 'refs/heads/dev' && github.event_name == 'push'
+    needs: test
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm run build
+
+      - name: Set prerelease version
+        run: |
+          BASE=$(node -p "require('./package.json').version")
+          SHA=$(git rev-parse --short HEAD)
+          PREID="${BASE}-dev.${SHA}"
+          npm version "$PREID" --no-git-tag-version
+          echo "Publishing @wangyaoshen/remux@${PREID} to @dev tag"
+
+      - name: Publish @dev
+        run: pnpm publish --access public --no-git-checks --tag dev
+        continue-on-error: true
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.github/workflows/deploy.yml

@@ -0,0 +1,65 @@
+name: Deploy
+
+on:
+  push:
+    branches: [main, dev]
+  workflow_dispatch:
+    inputs:
+      branch:
+        description: "Branch to deploy (main or dev)"
+        required: true
+        default: "dev"
+        type: choice
+        options: [main, dev]
+
+jobs:
+  deploy:
+    runs-on: [self-hosted, remux-deploy]
+    timeout-minutes: 10
+
+    steps:
+      - name: Resolve target
+        id: target
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            BRANCH="${{ inputs.branch }}"
+          else
+            BRANCH="${GITHUB_REF#refs/heads/}"
+          fi
+          echo "branch=$BRANCH" >> "$GITHUB_OUTPUT"
+          if [ "$BRANCH" = "main" ]; then
+            echo "app=remux-main" >> "$GITHUB_OUTPUT"
+            echo "worktree=$HOME/.remux/runtime-worktrees/runtime-main" >> "$GITHUB_OUTPUT"
+          else
+            echo "app=remux-dev" >> "$GITHUB_OUTPUT"
+            echo "worktree=$HOME/.remux/runtime-worktrees/runtime-dev" >> "$GITHUB_OUTPUT"
+          fi
+
+      - name: Pull latest code
+        working-directory: ${{ steps.target.outputs.worktree }}
+        run: |
+          git fetch origin ${{ steps.target.outputs.branch }}
+          git checkout --detach origin/${{ steps.target.outputs.branch }}
+
+      - name: Install dependencies
+        working-directory: ${{ steps.target.outputs.worktree }}
+        run: |
+          # Use the same Node.js that the launchd service runs (node@20)
+          # to ensure native modules (better-sqlite3, node-pty) are compiled
+          # for the correct NODE_MODULE_VERSION
+          export PATH="/opt/homebrew/opt/node@20/bin:$PATH"
+          node --version
+          pnpm install
+
+      - name: Build
+        working-directory: ${{ steps.target.outputs.worktree }}
+        run: |
+          export PATH="/opt/homebrew/opt/node@20/bin:$PATH"
+          pnpm run build
+
+      - name: Restart launchd service
+        run: |
+          SERVICE="com.remux.${{ steps.target.outputs.branch }}"
+          launchctl kickstart -k "gui/$(id -u)/${SERVICE}"
+          sleep 2
+          launchctl print "gui/$(id -u)/${SERVICE}" 2>&1 | head -5

package/.github/workflows/publish.yml

@@ -0,0 +1,312 @@
+name: Publish
+
+# Triggered by release-please creating a tag, or manual tag push
+on:
+  push:
+    tags: ['v[0-9]+.[0-9]+.[0-9]+']
+
+jobs:
+  # ── npm publish (@latest) ────────────────────────────
+  npm:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22.x
+          registry-url: https://registry.npmjs.org
+          cache: pnpm
+      - run: pnpm install --frozen-lockfile
+      - run: pnpm run build
+      - run: pnpm test
+      - run: pnpm publish --access public --no-git-checks --provenance
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
+  # ── Docker image → ghcr.io ──────────────────────────
+  docker:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    steps:
+      - uses: actions/checkout@v4
+      - uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - uses: docker/metadata-action@v5
+        id: meta
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=raw,value=latest
+      - uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  # ── iOS → TestFlight ─────────────────────────────────
+  ios:
+    runs-on: macos-15
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Set up signing
+        env:
+          CERTIFICATES_P12: ${{ secrets.APPLE_CERTIFICATES_P12 }}
+          CERTIFICATES_PASSWORD: ${{ secrets.APPLE_CERTIFICATES_PASSWORD }}
+          API_KEY_P8: ${{ secrets.APP_STORE_CONNECT_API_KEY_P8 }}
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+        run: |
+          # Create temporary keychain
+          KEYCHAIN_PATH="$RUNNER_TEMP/signing.keychain-db"
+          KEYCHAIN_PASSWORD="$(openssl rand -hex 16)"
+          security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+          security set-keychain-settings -lut 21600 "$KEYCHAIN_PATH"
+          security unlock-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+
+          # Import certificates
+          echo "$CERTIFICATES_P12" | base64 --decode > "$RUNNER_TEMP/certs.p12"
+          security import "$RUNNER_TEMP/certs.p12" \
+            -P "$CERTIFICATES_PASSWORD" \
+            -A -t cert -f pkcs12 \
+            -k "$KEYCHAIN_PATH"
+          security set-key-partition-list -S apple-tool:,apple:,codesign: \
+            -s -k "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"
+
+          # Add keychain to search list
+          security list-keychains -d user -s "$KEYCHAIN_PATH" $(security list-keychains -d user | tr -d '"')
+
+          # Install Apple WWDR G3 intermediate cert
+          curl -sO https://www.apple.com/certificateauthority/AppleWWDRCAG3.cer
+          sudo security add-certificates -k /Library/Keychains/System.keychain AppleWWDRCAG3.cer
+
+          # Set up API key
+          mkdir -p ~/.private_keys
+          echo "$API_KEY_P8" | base64 --decode > ~/.private_keys/AuthKey_${API_KEY_ID}.p8
+
+          # Verify
+          security find-identity -v -p codesigning "$KEYCHAIN_PATH"
+
+      - name: Archive
+        env:
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          VERSION="${TAG#v}"
+
+          xcodebuild archive \
+            -project apps/ios/Remux.xcodeproj \
+            -scheme Remux \
+            -destination 'generic/platform=iOS' \
+            -archivePath "$RUNNER_TEMP/Remux.xcarchive" \
+            -allowProvisioningUpdates \
+            -authenticationKeyPath ~/.private_keys/AuthKey_${API_KEY_ID}.p8 \
+            -authenticationKeyID "$API_KEY_ID" \
+            -authenticationKeyIssuerID "$API_ISSUER_ID" \
+            CURRENT_PROJECT_VERSION="$(git rev-list --count HEAD)" \
+            MARKETING_VERSION="$VERSION" \
+            -quiet
+
+      - name: Export IPA
+        env:
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+        run: |
+          cat > "$RUNNER_TEMP/ExportOptions.plist" << 'PLIST'
+          <?xml version="1.0" encoding="UTF-8"?>
+          <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+          <plist version="1.0">
+          <dict>
+              <key>method</key>
+              <string>app-store-connect</string>
+              <key>signingStyle</key>
+              <string>automatic</string>
+              <key>uploadSymbols</key>
+              <true/>
+              <key>manageAppVersionAndBuildNumber</key>
+              <true/>
+          </dict>
+          </plist>
+          PLIST
+
+          xcodebuild -exportArchive \
+            -archivePath "$RUNNER_TEMP/Remux.xcarchive" \
+            -exportOptionsPlist "$RUNNER_TEMP/ExportOptions.plist" \
+            -exportPath "$RUNNER_TEMP/export" \
+            -allowProvisioningUpdates \
+            -authenticationKeyPath ~/.private_keys/AuthKey_${API_KEY_ID}.p8 \
+            -authenticationKeyID "$API_KEY_ID" \
+            -authenticationKeyIssuerID "$API_ISSUER_ID" \
+            -quiet
+
+      - name: Upload to TestFlight
+        env:
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+        run: |
+          IPA=$(find "$RUNNER_TEMP/export" -name "*.ipa" | head -1)
+          xcrun altool --upload-app --type ios \
+            --file "$IPA" \
+            --apiKey "$API_KEY_ID" \
+            --apiIssuer "$API_ISSUER_ID"
+
+      - name: Set export compliance
+        run: |
+          pip3 install PyJWT cryptography
+          python3 << 'PYEOF'
+          import jwt, time, json, urllib.request, os
+
+          with open(os.path.expanduser(f"~/.private_keys/AuthKey_{os.environ['API_KEY_ID']}.p8")) as f:
+              key = f.read()
+          token = jwt.encode(
+              {"iss": os.environ["API_ISSUER_ID"], "iat": int(time.time()),
+               "exp": int(time.time()) + 1200, "aud": "appstoreconnect-v1"},
+              key, algorithm="ES256",
+              headers={"kid": os.environ["API_KEY_ID"], "typ": "JWT"})
+
+          # Find latest build
+          req = urllib.request.Request(
+              f"https://api.appstoreconnect.apple.com/v1/builds?filter[app]=6761521429&sort=-uploadedDate&limit=1",
+              headers={"Authorization": f"Bearer {token}"})
+          data = json.loads(urllib.request.urlopen(req).read())
+          build_id = data["data"][0]["id"]
+
+          # Set usesNonExemptEncryption = false
+          body = json.dumps({"data": {"type": "builds", "id": build_id,
+                            "attributes": {"usesNonExemptEncryption": False}}}).encode()
+          req = urllib.request.Request(
+              f"https://api.appstoreconnect.apple.com/v1/builds/{build_id}",
+              data=body, method="PATCH",
+              headers={"Authorization": f"Bearer {token}", "Content-Type": "application/json"})
+          urllib.request.urlopen(req)
+          print(f"✓ Export compliance set for build {build_id}")
+          PYEOF
+        env:
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+
+      - name: Clean up keychain
+        if: always()
+        run: security delete-keychain "$RUNNER_TEMP/signing.keychain-db" 2>/dev/null || true
+
+  # ── macOS app (.dmg) → signed + notarized + GitHub Release ──
+  # Runs on self-hosted runner (Mac Mini) which has Developer ID cert installed
+  macos:
+    runs-on: [self-hosted, remux-deploy]
+    permissions:
+      contents: write
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Verify signing identity
+        run: |
+          security find-identity -v -p codesigning | grep "Developer ID Application"
+
+      - name: Build GhosttyKit xcframework (if needed)
+        run: |
+          XCFW="vendor/ghostty/macos/GhosttyKit.xcframework"
+          if [ ! -d "$XCFW" ] || [ ! -f "$XCFW/Info.plist" ]; then
+            cd vendor/ghostty
+            zig build -Demit-xcframework=true -Dxcframework-target=native -Doptimize=ReleaseFast
+          fi
+
+      - name: Build, sign, and notarize DMG
+        env:
+          API_KEY_ID: ${{ secrets.APP_STORE_CONNECT_API_KEY_ID }}
+          API_ISSUER_ID: ${{ secrets.APP_STORE_CONNECT_ISSUER_ID }}
+          TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          VERSION="${TAG#v}"
+
+          # Build .app and DMG
+          bash scripts/build-dmg.sh "$VERSION"
+
+          # Sign with Developer ID + hardened runtime + timestamp
+          codesign --force --deep --options runtime --timestamp \
+            --sign "Developer ID Application: Yaoshen Wang ($TEAM_ID)" \
+            "build/Remux.app"
+
+          # Rebuild DMG with signed app
+          DMG="build/Remux-${VERSION}-arm64.dmg"
+          rm -f "$DMG"
+          hdiutil create -volname "Remux" \
+            -srcfolder build/Remux.app \
+            -ov -format UDZO "$DMG"
+          codesign --force --timestamp \
+            --sign "Developer ID Application: Yaoshen Wang ($TEAM_ID)" "$DMG"
+
+          # Notarize
+          xcrun notarytool submit "$DMG" \
+            --key ~/.private_keys/AuthKey_${API_KEY_ID}.p8 \
+            --key-id "$API_KEY_ID" \
+            --issuer "$API_ISSUER_ID" \
+            --wait
+
+          xcrun stapler staple "$DMG"
+
+      - name: Upload DMG to GitHub Release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          VERSION="${TAG#v}"
+          DMG="build/Remux-${VERSION}-arm64.dmg"
+
+          if [ -f "$DMG" ]; then
+            gh release upload "$TAG" "$DMG" --clobber
+            echo "✓ Uploaded $DMG to release $TAG"
+          fi
+
+  # ── Update Homebrew tap ─────────────────────────────
+  homebrew:
+    needs: [npm, macos]
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Update Homebrew formula and cask
+        env:
+          GH_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
+        run: |
+          TAG="${GITHUB_REF#refs/tags/}"
+          VERSION="${TAG#v}"
+
+          git clone https://x-access-token:${GH_TOKEN}@github.com/yaoshenwang/homebrew-tap /tmp/tap
+          cd /tmp/tap
+
+          # Update cask version
+          sed -i "s/version \".*\"/version \"${VERSION}\"/" Casks/remux-app.rb
+
+          # Update formula URL
+          sed -i "s|remux-.*\.tgz|remux-${VERSION}.tgz|" Formula/remux.rb
+
+          # Compute sha256 for npm tarball
+          NPM_SHA=$(curl -sL "https://registry.npmjs.org/@wangyaoshen/remux/-/remux-${VERSION}.tgz" | sha256sum | cut -d' ' -f1)
+          sed -i "s/sha256 \".*\"/sha256 \"${NPM_SHA}\"/" Formula/remux.rb
+
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+          git add -A
+          git diff --cached --quiet || git commit -m "Update to v${VERSION}"
+          git push origin main

package/.github/workflows/release-please.yml

@@ -0,0 +1,21 @@
+name: Release Please
+
+on:
+  push:
+    branches: [main]
+
+permissions:
+  contents: write
+  pull-requests: write
+
+jobs:
+  release-please:
+    runs-on: ubuntu-latest
+    outputs:
+      release_created: ${{ steps.release.outputs.release_created }}
+      tag_name: ${{ steps.release.outputs.tag_name }}
+    steps:
+      - uses: googleapis/release-please-action@v4
+        id: release
+        with:
+          release-type: node

package/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "vendor/ghostty"]
+	path = vendor/ghostty
+	url = https://github.com/ghostty-org/ghostty.git

package/.nvmrc

@@ -0,0 +1 @@
+25

package/.release-please-manifest.json

@@ -0,0 +1,3 @@
+{
+  ".": "0.3.6"
+}