agent-office-cli 0.0.1

package/src/runtime/tmux.js

@@ -0,0 +1,152 @@
+const { spawnSync, spawn } = require("node:child_process");
+const crypto = require("node:crypto");
+const pty = require("node-pty");
+
+const AGENTOFFICE_TMUX_PREFIX = "agentoffice_";
+
+function tmuxPath() {
+  return process.env.TMUX_BIN || "tmux";
+}
+
+function runTmux(args, options = {}) {
+  return spawnSync(tmuxPath(), args, {
+    encoding: "utf8",
+    ...options
+  });
+}
+
+function assertTmuxOk(result, action) {
+  if (result.status === 0) {
+    return;
+  }
+  const message = (result.stderr || result.stdout || `${action} failed`).trim();
+  throw new Error(`tmux ${action} failed: ${message}`);
+}
+
+function shellQuote(value) {
+  return `'${String(value).replaceAll("'", `'\\''`)}'`;
+}
+
+function createTmuxSession({ sessionName, cwd, command, shell }) {
+  // Clean env: remove CLAUDECODE to prevent "nested session" detection
+  const cleanEnv = { ...process.env };
+  delete cleanEnv.CLAUDECODE;
+
+  const createResult = runTmux(["new-session", "-d", "-s", sessionName, "-c", cwd], {
+    env: cleanEnv
+  });
+  assertTmuxOk(createResult, "new-session");
+
+  const remainResult = runTmux(["set-option", "-t", sessionName, "remain-on-exit", "on"]);
+  assertTmuxOk(remainResult, "set-option remain-on-exit");
+
+  const launchCommand = `exec ${shell} -lc ${shellQuote(command)}`;
+  const sendLiteralResult = runTmux(["send-keys", "-t", `${sessionName}:0.0`, "-l", launchCommand]);
+  assertTmuxOk(sendLiteralResult, "send-keys literal");
+
+  const sendEnterResult = runTmux(["send-keys", "-t", `${sessionName}:0.0`, "Enter"]);
+  assertTmuxOk(sendEnterResult, "send-keys enter");
+}
+
+function listSessions() {
+  const result = runTmux(["list-sessions", "-F", "#{session_name}"]);
+  if (result.status !== 0) {
+    return [];
+  }
+  return (result.stdout || "")
+    .split("\n")
+    .map((line) => line.trim())
+    .filter(Boolean);
+}
+
+function listAgentOfficeSessions() {
+  return listSessions().filter((sessionName) => sessionName.startsWith(AGENTOFFICE_TMUX_PREFIX));
+}
+
+function sessionExists(sessionName) {
+  const result = runTmux(["has-session", "-t", sessionName]);
+  return result.status === 0;
+}
+
+function killSession(sessionName) {
+  const result = runTmux(["kill-session", "-t", sessionName]);
+  if (result.status !== 0) {
+    return false;
+  }
+  return true;
+}
+
+function describePane(sessionName) {
+  const result = runTmux([
+    "list-panes",
+    "-t",
+    sessionName,
+    "-F",
+    "#{pane_pid}\t#{pane_dead}\t#{pane_dead_status}\t#{pane_current_command}"
+  ]);
+
+  if (result.status !== 0) {
+    return null;
+  }
+
+  const line = (result.stdout || "").trim().split("\n")[0];
+  if (!line) {
+    return null;
+  }
+
+  const [pidText, deadText, deadStatusText, currentCommand] = line.split("\t");
+  return {
+    pid: Number(pidText || 0) || null,
+    dead: deadText === "1",
+    deadStatus: deadStatusText === "" ? null : Number(deadStatusText),
+    currentCommand: currentCommand || null
+  };
+}
+
+function capturePane(sessionName) {
+  return new Promise((resolve) => {
+    const proc = spawn(tmuxPath(), ["capture-pane", "-p", "-e", "-J", "-t", `${sessionName}:0.0`]);
+    let stdout = "";
+    proc.stdout.on("data", (chunk) => { stdout += chunk; });
+    proc.on("close", (code) => { resolve(code === 0 ? stdout : ""); });
+    proc.on("error", () => { resolve(""); });
+  });
+}
+
+function attachClient(sessionName, { cwd, cols = 120, rows = 32 } = {}) {
+  // Create a linked session that shares the same window group but with status bar
+  // disabled, so the tmux chrome does not leak into the xterm.js stream.
+  const webSession = `${sessionName}_wv_${crypto.randomBytes(3).toString("hex")}`;
+
+  const proc = pty.spawn(tmuxPath(), [
+    "new-session", "-t", sessionName, "-s", webSession,
+    ";", "set-option", "status", "off"
+  ], {
+    name: "xterm-256color",
+    cwd: cwd || process.cwd(),
+    env: process.env,
+    cols,
+    rows
+  });
+
+  // Expose the linked session name so callers can clean it up on disconnect.
+  proc.webTmuxSession = webSession;
+  return proc;
+}
+
+function localAttachCommand(sessionName) {
+  return `${tmuxPath()} attach-session -t ${sessionName}`;
+}
+
+module.exports = {
+  AGENTOFFICE_TMUX_PREFIX,
+  attachClient,
+  capturePane,
+  createTmuxSession,
+  describePane,
+  killSession,
+  listAgentOfficeSessions,
+  localAttachCommand,
+  sessionExists,
+  tmuxPath
+};

package/src/server.js

@@ -0,0 +1,208 @@
+const http = require("node:http");
+const path = require("node:path");
+const express = require("express");
+const { WebSocketServer } = require("ws");
+const { STATIC_DIR } = require("./web");
+const auth = require("./auth");
+
+function createAppServer({ host, port, store, ptyManager }) {
+  const app = express();
+  app.set("trust proxy", true);
+  app.use(express.json({ limit: "1mb" }));
+
+  const AUTH_WHITELIST = new Set([
+    "/api/auth/login",
+    "/api/auth/check",
+    "/api/auth/logout",
+    "/login.html",
+    "/register.html",
+    "/login.css"
+  ]);
+
+  function isWhitelisted(pathname) {
+    if (AUTH_WHITELIST.has(pathname)) {
+      return true;
+    }
+    return pathname.startsWith("/api/auth/");
+  }
+
+  function isAuthorizedRequest(req) {
+    const ip = req.ip || req.socket?.remoteAddress || "";
+    const isLocal = ip === "127.0.0.1" || ip === "::1" || ip === "::ffff:127.0.0.1";
+    if (isLocal) {
+      return true;
+    }
+    const cookieToken = auth.getTokenFromCookie(req);
+    return Boolean(cookieToken && auth.verifyToken(cookieToken));
+  }
+
+  function sendOfficeShell(res) {
+    res.sendFile(path.join(STATIC_DIR, "office.html"));
+  }
+
+  app.use((req, res, next) => {
+    if (isWhitelisted(req.path)) {
+      return next();
+    }
+
+    if (isAuthorizedRequest(req)) {
+      return next();
+    }
+
+    if (req.path.startsWith("/api/")) {
+      return res.status(401).json({ error: "unauthorized" });
+    }
+
+    return res.redirect("/login.html");
+  });
+
+  app.post("/api/auth/login", (req, res) => {
+    const ip = req.ip || req.connection?.remoteAddress || "";
+    const rateCheck = auth.checkRateLimit(ip);
+
+    if (!rateCheck.allowed) {
+      if (rateCheck.locked) {
+        return res.status(429).json({
+          error: "locked",
+          message: `Too many failed attempts. Locked for ${rateCheck.remainingSeconds}s.`,
+          remainingSeconds: rateCheck.remainingSeconds
+        });
+      }
+      return res.status(429).json({
+        error: "rate_limited",
+        message: "Too many attempts. Try again in a minute.",
+        remaining: 0
+      });
+    }
+
+    const token = String(req.body.token || "").trim();
+    if (!auth.verifyToken(token)) {
+      auth.recordAttempt(ip, false);
+      const afterCheck = auth.checkRateLimit(ip);
+      return res.status(401).json({
+        error: "invalid_token",
+        remaining: afterCheck.remaining
+      });
+    }
+
+    auth.recordAttempt(ip, true);
+    const secure = req.protocol === "https" || req.get("x-forwarded-proto") === "https";
+    auth.setAuthCookie(res, token, secure);
+    return res.json({ ok: true });
+  });
+
+  app.post("/api/auth/logout", (_req, res) => {
+    auth.clearAuthCookie(res);
+    res.json({ ok: true });
+  });
+
+  app.get("/api/auth/check", (req, res) => {
+    const cookieToken = auth.getTokenFromCookie(req);
+    const authenticated = cookieToken ? auth.verifyToken(cookieToken) : false;
+    res.json({ authenticated });
+  });
+
+  app.get("/", (_req, res) => {
+    sendOfficeShell(res);
+  });
+
+  app.get("/index.html", (_req, res) => {
+    sendOfficeShell(res);
+  });
+
+  app.use(express.static(STATIC_DIR, { index: false }));
+
+  app.get("/api/health", (_req, res) => {
+    res.json({ ok: true });
+  });
+
+  app.get("/api/sessions", (_req, res) => {
+    res.json({ sessions: store.listSessionSummaries() });
+  });
+
+  app.get("/api/sessions/:sessionId", (req, res) => {
+    const session = store.getSession(req.params.sessionId);
+    if (!session) {
+      res.status(404).json({ error: "session_not_found" });
+      return;
+    }
+    res.json(session);
+  });
+
+  app.post("/api/sessions/launch", (req, res) => {
+    const command = String(req.body.command || "").trim();
+    if (!command) {
+      res.status(400).json({ error: "missing_command" });
+      return;
+    }
+    const session = ptyManager.createManagedSession({
+      provider: req.body.provider || "generic",
+      title: req.body.title || command,
+      cwd: req.body.cwd || process.cwd(),
+      command,
+      transport: req.body.transport || null
+    });
+    res.json({ session });
+  });
+
+  app.post("/api/providers/claude/hook", (req, res) => {
+    const session = ptyManager.ingestClaudeHook(req.body || {});
+    res.json({ ok: true, sessionId: session?.sessionId ?? null });
+  });
+
+  app.get("*", (_req, res) => {
+    sendOfficeShell(res);
+  });
+
+  const server = http.createServer(app);
+  const wss = new WebSocketServer({ noServer: true });
+
+  server.on("upgrade", (request, socket, head) => {
+    const url = new URL(request.url, `http://${request.headers.host}`);
+    const pathname = url.pathname;
+
+    if (!pathname.startsWith("/ws/")) {
+      socket.destroy();
+      return;
+    }
+
+    const remoteIp = request.socket?.remoteAddress || "";
+    const isLocal = remoteIp === "127.0.0.1" || remoteIp === "::1" || remoteIp === "::ffff:127.0.0.1";
+    if (!isLocal) {
+      const cookieToken = auth.getTokenFromCookie(request);
+      if (!cookieToken || !auth.verifyToken(cookieToken)) {
+        socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+        socket.destroy();
+        return;
+      }
+    }
+
+    wss.handleUpgrade(request, socket, head, (ws) => {
+      ws.path = pathname;
+      wss.emit("connection", ws, request);
+    });
+  });
+
+  wss.on("connection", (ws) => {
+    if (ws.path === "/ws/events") {
+      ptyManager.registerEventsSocket(ws);
+      return;
+    }
+    if (ws.path.startsWith("/ws/terminal/")) {
+      const sessionId = decodeURIComponent(ws.path.split("/").pop());
+      ptyManager.registerTerminalSocket(sessionId, ws);
+      return;
+    }
+    ws.close();
+  });
+
+  server.listen(port, host, () => {
+    console.log(`AgentOffice listening on http://${host}:${port}`);
+  });
+
+  return server;
+}
+
+module.exports = {
+  createAppServer
+};

package/src/tunnel.js

@@ -0,0 +1,224 @@
+const { WebSocket } = require("ws");
+const { toSessionSummary } = require("./core");
+
+const RECONNECT_BASE_MS = 1000;
+const RECONNECT_MAX_MS = 30000;
+
+function createTunnelClient({ key, relayUrl, localServerUrl }) {
+  let ws = null;
+  let reconnectDelay = RECONNECT_BASE_MS;
+  let stopped = false;
+  let authenticated = false;
+  let pendingStatusSummary = [];
+
+  function flushStatusSummary() {
+    if (!authenticated || !ws || ws.readyState !== WebSocket.OPEN) {
+      return;
+    }
+    ws.send(JSON.stringify({
+      type: "status:summary",
+      sessions: pendingStatusSummary
+    }));
+  }
+
+  function connect() {
+    if (stopped) {
+      return;
+    }
+
+    authenticated = false;
+    const url = `${relayUrl.replace(/^http/, "ws")}/upstream`;
+    ws = new WebSocket(url);
+
+    ws.on("open", () => {
+      reconnectDelay = RECONNECT_BASE_MS;
+      console.log("[tunnel] connected to relay, authenticating...");
+      ws.send(JSON.stringify({ type: "auth", key }));
+    });
+
+    ws.on("message", async (raw) => {
+      try {
+        const str = String(raw);
+
+        // Fast path: WS data forwarding uses "W:${connId}:${data}" prefix (no JSON parse)
+        if (str.startsWith("W:")) {
+          const connId = str.slice(2, 16);
+          const data = str.slice(17);
+          const localWs = localWsConnections.get(connId);
+          if (localWs && localWs.readyState === WebSocket.OPEN) {
+            localWs.send(data);
+          }
+          return;
+        }
+
+        const msg = JSON.parse(str);
+
+        if (msg.type === "auth:ok") {
+          authenticated = true;
+          console.log(`[tunnel] authenticated with relay: ${relayUrl} (userId=${msg.userId})`);
+          flushStatusSummary();
+          return;
+        }
+        if (msg.type === "auth:error") {
+          console.error(`[tunnel] authentication failed: ${msg.error || "invalid key"}`);
+          stopped = true;
+          ws.close();
+          return;
+        }
+
+        if (!authenticated) {
+          return;
+        }
+
+        await handleRelayMessage(msg);
+      } catch (err) {
+        console.error(`[tunnel] message error: ${err.message}`);
+      }
+    });
+
+    ws.on("close", (code) => {
+      if (stopped) {
+        return;
+      }
+      if (code === 4401) {
+        console.error("[tunnel] authentication rejected by relay. Not reconnecting.");
+        stopped = true;
+        return;
+      }
+      console.log(`[tunnel] disconnected (${code}). Reconnecting in ${reconnectDelay}ms...`);
+      setTimeout(() => {
+        reconnectDelay = Math.min(reconnectDelay * 2, RECONNECT_MAX_MS);
+        connect();
+      }, reconnectDelay);
+    });
+
+    ws.on("error", (err) => {
+      console.error(`[tunnel] ws error: ${err.message}`);
+    });
+  }
+
+  async function handleRelayMessage(msg) {
+    if (msg.type === "http:request") {
+      await handleHttpRequest(msg);
+      return;
+    }
+    if (msg.type === "ws:open") {
+      handleWsOpen(msg);
+      return;
+    }
+    if (msg.type === "ws:close") {
+      handleWsClose(msg);
+    }
+  }
+
+  async function handleHttpRequest(msg) {
+    try {
+      const fetchUrl = `${localServerUrl}${msg.path}`;
+      const fetchOptions = {
+        method: msg.method || "GET",
+        headers: { ...msg.headers, host: new URL(localServerUrl).host }
+      };
+      if (msg.body && msg.method !== "GET" && msg.method !== "HEAD") {
+        fetchOptions.body = msg.body;
+        fetchOptions.headers["content-type"] = fetchOptions.headers["content-type"] || "application/json";
+      }
+
+      const response = await fetch(fetchUrl, fetchOptions);
+      const body = await response.text();
+      const responseHeaders = {};
+      for (const [keyName, value] of response.headers) {
+        if (!["transfer-encoding", "connection", "content-encoding"].includes(keyName.toLowerCase())) {
+          responseHeaders[keyName] = value;
+        }
+      }
+
+      sendToRelay({
+        type: "http:response",
+        reqId: msg.reqId,
+        status: response.status,
+        headers: responseHeaders,
+        body
+      });
+    } catch (err) {
+      sendToRelay({
+        type: "http:response",
+        reqId: msg.reqId,
+        status: 502,
+        headers: {},
+        body: JSON.stringify({ error: err.message })
+      });
+    }
+  }
+
+  const localWsConnections = new Map();
+
+  function handleWsOpen(msg) {
+    const connId = msg.connId;
+    const localWsUrl = `${localServerUrl.replace(/^http/, "ws")}${msg.path}`;
+    const localWs = new WebSocket(localWsUrl);
+
+    localWsConnections.set(connId, localWs);
+
+    localWs.on("message", (data) => {
+      if (ws && ws.readyState === WebSocket.OPEN) {
+        // Fast path: prefix with connId, no JSON wrapping
+        ws.send(`W:${connId}:${String(data)}`);
+      }
+    });
+
+    localWs.on("close", () => {
+      localWsConnections.delete(connId);
+      sendToRelay({
+        type: "ws:close",
+        connId
+      });
+    });
+
+    localWs.on("error", () => {
+      localWsConnections.delete(connId);
+    });
+  }
+
+  function handleWsClose(msg) {
+    const localWs = localWsConnections.get(msg.connId);
+    if (localWs) {
+      localWsConnections.delete(msg.connId);
+      localWs.close();
+    }
+  }
+
+  function sendToRelay(payload) {
+    if (ws && ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify(payload));
+    }
+  }
+
+  function sendStatusSummary(sessions) {
+    pendingStatusSummary = sessions
+      .map((session) => toSessionSummary(session))
+      .filter(Boolean);
+    flushStatusSummary();
+  }
+
+  function stop() {
+    stopped = true;
+    for (const localWs of localWsConnections.values()) {
+      localWs.close();
+    }
+    localWsConnections.clear();
+    if (ws) {
+      ws.close();
+    }
+  }
+
+  connect();
+
+  return {
+    sendStatusSummary,
+    stop
+  };
+}
+
+module.exports = {
+  createTunnelClient
+};

package/src/web/index.js

@@ -0,0 +1,7 @@
+const path = require("node:path");
+
+const STATIC_DIR = path.join(__dirname, "public");
+
+module.exports = {
+  STATIC_DIR
+};