agent-yes 1.96.0 → 1.98.0

package/ts/share.ts

@@ -1,8 +1,9 @@
-// `ay serve --share` host peer: connect to the signaling server as a room host
-// and bridge each browser peer's WebRTC DataChannel to this machine's local
-// `ay serve` HTTP API. The browser (agent-yes.com) thus reaches local agents
-// peer-to-peer — no public port, no tunnel. See lab/ui/cf/worker.ts for the
-// signaling protocol and lab/ui/index.html for the browser side.
+// `ay serve --webrtc` host peer: connect to the signaling server as a room host
+// and bridge each browser peer's WebRTC DataChannel to this machine's `ay serve`
+// API handler, called in-process — no HTTP listener, no port, no tunnel. The
+// browser (agent-yes.com) thus reaches local agents peer-to-peer. See
+// lab/ui/cf/worker.ts for the signaling protocol and lab/ui/index.html for the
+// browser side.
 import { randomBytes } from "crypto";
 
 const SUB = "ay-signal-1";
@@ -15,8 +16,8 @@ export interface ShareOpts {
   url?: string;
   /** signaling host when minting (default s.agent-yes.com) */
   sighost?: string;
-  /** local ay-serve base URL the channel bridges to */
-  apiUrl: string;
+  /** the local ay-serve API handler the channel bridges to (called in-process) */
+  localFetch: (req: Request) => Promise<Response>;
   /** bearer token for the local ay-serve API */
   apiToken: string;
 }
@@ -157,15 +158,18 @@ export async function startShare(opts: ShareOpts): Promise<{ room: string; link:
     const ac = new AbortController();
     aborts.set(id, ac);
     try {
-      const res = await fetch(opts.apiUrl + p, {
-        method,
-        headers: {
-          Authorization: `Bearer ${opts.apiToken}`,
-          ...(body ? { "Content-Type": "application/json" } : {}),
-        },
-        body: body ?? undefined,
-        signal: ac.signal,
-      });
+      // The host part is a placeholder — the handler only routes on the path.
+      const res = await opts.localFetch(
+        new Request(`http://ay.local${p}`, {
+          method,
+          headers: {
+            Authorization: `Bearer ${opts.apiToken}`,
+            ...(body ? { "Content-Type": "application/json" } : {}),
+          },
+          body: body ?? undefined,
+          signal: ac.signal,
+        }),
+      );
       send(dc, { t: "res", id, status: res.status, ct: res.headers.get("content-type") ?? "" });
       const reader = res.body!.getReader();
       const dec = new TextDecoder();

package/ts/subcommands.ts

@@ -141,6 +141,7 @@ const SUBCOMMANDS = new Set([
   "restart",
   "note",
   "serve",
+  "setup",
   "remote",
   "help",
 ]);
@@ -190,6 +191,10 @@ export async function runSubcommand(argv: string[]): Promise<number | null> {
         const { cmdServe } = await import("./serve.ts");
         return cmdServe(rest);
       }
+      case "setup": {
+        const { cmdSetup } = await import("./setup.ts");
+        return cmdSetup(rest);
+      }
       case "remote": {
         const { cmdRemote } = await import("./remotes.ts");
         return cmdRemote(rest);
@@ -225,6 +230,7 @@ export function cmdHelp(): number {
       `  ay status <keyword>                 agent status snapshot\n` +
       `\n` +
       `Remote:\n` +
+      `  ay setup                            guided setup: pick a workspace, share to agent-yes.com\n` +
       `  ay serve [--port N]                 start HTTP API server (prints token)\n` +
       `  ay remote add <alias> http://<token>@<host>:<port>\n` +
       `  ay remote ls / rm <alias>           manage saved remotes\n` +

package/dist/SUPPORTED_CLIS-G8izHOJP.js

@@ -1,8 +0,0 @@
-import "./ts-DkjQJTcB.js";
-import "./logger-B9h0djqx.js";
-import "./versionChecker-xqnqyGKE.js";
-import "./pidStore-DTzl6zeh.js";
-import "./globalPidIndex-yVd3mbsV.js";
-import { t as SUPPORTED_CLIS } from "./SUPPORTED_CLIS-B2FAlgXF.js";
-
-export { SUPPORTED_CLIS };

package/dist/pidStore-iJY3JFTn.js

@@ -1,5 +0,0 @@
-import "./logger-B9h0djqx.js";
-import { t as PidStore } from "./pidStore-DTzl6zeh.js";
-import "./globalPidIndex-yVd3mbsV.js";
-
-export { PidStore };

package/dist/serve-CuAPBK4y.js

@@ -1,425 +0,0 @@
-import "./ts-DkjQJTcB.js";
-import "./logger-B9h0djqx.js";
-import "./versionChecker-xqnqyGKE.js";
-import "./pidStore-DTzl6zeh.js";
-import "./globalPidIndex-yVd3mbsV.js";
-import { t as SUPPORTED_CLIS } from "./SUPPORTED_CLIS-B2FAlgXF.js";
-import "./remotes-C3xPRtfg.js";
-import { c as readNotes, f as snapshotStatus, l as renderRawLog, m as writeToIpc, o as listRecords, r as controlCodeFromName, u as resolveOne } from "./subcommands-CcOYsLYD.js";
-import yargs from "yargs";
-import { mkdir, readFile, writeFile } from "fs/promises";
-import { homedir } from "os";
-import path from "path";
-import { randomBytes, timingSafeEqual } from "crypto";
-
-//#region ts/serve.ts
-const DEFAULT_PORT = 7432;
-function agentYesHome() {
-	return process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes");
-}
-function tokenPath() {
-	return path.join(agentYesHome(), ".serve-token");
-}
-async function loadOrCreateToken(tokenFlag) {
-	if (tokenFlag) return tokenFlag;
-	try {
-		return (await readFile(tokenPath(), "utf-8")).trim();
-	} catch {
-		const token = randomBytes(20).toString("hex");
-		await mkdir(agentYesHome(), { recursive: true });
-		await writeFile(tokenPath(), token, { mode: 384 });
-		return token;
-	}
-}
-function checkAuth(req, expectedToken) {
-	const auth = req.headers.get("authorization") ?? "";
-	if (!auth.startsWith("Bearer ")) return false;
-	const provided = auth.slice(7);
-	const maxLen = Math.max(provided.length, expectedToken.length);
-	return timingSafeEqual(Buffer.from(provided.padEnd(maxLen, "\0")), Buffer.from(expectedToken.padEnd(maxLen, "\0"))) && provided.length === expectedToken.length;
-}
-const defaultOpts = (overrides = {}) => ({
-	all: false,
-	active: false,
-	json: true,
-	latest: true,
-	cwdScope: null,
-	...overrides
-});
-const DAEMON_NAME = "agent-yes";
-async function cmdServeDaemon(sub, args) {
-	const oxmgrBin = Bun.which("oxmgr");
-	if (!oxmgrBin) {
-		process.stderr.write("ay serve install: oxmgr not found\n  install with:  cargo install oxmgr\n             or: bun add -g oxmgr\n");
-		return 1;
-	}
-	if (sub === "install") {
-		const token = await loadOrCreateToken(void 0);
-		const serveCmd = [
-			"ay",
-			"serve",
-			...args
-		].join(" ");
-		const code = await Bun.spawn([
-			oxmgrBin,
-			"start",
-			serveCmd,
-			"--name",
-			DAEMON_NAME,
-			"--restart",
-			"always"
-		], { stdio: [
-			"ignore",
-			"inherit",
-			"inherit"
-		] }).exited;
-		if (code === 0) {
-			process.stdout.write(`\ninstalled '${DAEMON_NAME}' as a daemon via oxmgr\n`);
-			process.stdout.write(`token: ${token}\n\n`);
-			process.stdout.write(`  ay ls   ${token}@<host>:${DEFAULT_PORT}\n`);
-			process.stdout.write(`  ay remote add <alias> http://${token}@<host>:${DEFAULT_PORT}\n`);
-			process.stdout.write(`  ay serve logs                # view server logs\n`);
-			process.stdout.write(`  ay serve uninstall           # remove daemon\n`);
-		}
-		return code ?? 1;
-	}
-	if (sub === "uninstall") return await Bun.spawn([
-		oxmgrBin,
-		"delete",
-		DAEMON_NAME
-	], { stdio: [
-		"ignore",
-		"inherit",
-		"inherit"
-	] }).exited ?? 1;
-	if (sub === "logs") return await Bun.spawn([
-		oxmgrBin,
-		"logs",
-		DAEMON_NAME,
-		...args
-	], { stdio: [
-		"ignore",
-		"inherit",
-		"inherit"
-	] }).exited ?? 1;
-	return 1;
-}
-async function cmdServe(rest) {
-	if (rest.includes("-h") || rest.includes("--help")) {
-		process.stdout.write(`Usage: ay serve [options]
-
-Start an HTTP API server so remote machines can list/tail/send agents.
-
-Options:
-  --port N          Port to listen on (default: ${DEFAULT_PORT})\n  --host HOST       Interface to bind (default: 127.0.0.1; use 0.0.0.0 to expose)\n  --token TOKEN     Auth token (auto-generated and saved if omitted)\n  --share [URL]     Share over WebRTC to agent-yes.com (bare flag mints a room+link)\n  --allow-spawn     Let the shared console launch new agents (asks y/N per request)\n  --tls-cert FILE   TLS certificate PEM\n  --tls-key  FILE   TLS private key PEM\n\nSubcommands:\n  ay serve install    install as background daemon via oxmgr\n  ay serve uninstall  remove daemon\n  ay serve logs       view daemon logs\n\nOnce running, connect from another machine:\n  ay ls   <token>@<host>:${DEFAULT_PORT}\n  ay remote add <alias> http://<token>@<host>:${DEFAULT_PORT}\n`);
-		return 0;
-	}
-	const sub = rest[0];
-	if (sub === "install" || sub === "uninstall" || sub === "logs") return cmdServeDaemon(sub, rest.slice(1));
-	const argv = await yargs(rest).usage("Usage: ay serve [options]").option("port", {
-		type: "number",
-		default: DEFAULT_PORT,
-		description: "Port to listen on"
-	}).option("host", {
-		type: "string",
-		default: "127.0.0.1",
-		description: "Interface to bind (use 0.0.0.0 to expose)"
-	}).option("token", {
-		type: "string",
-		description: "Auth token (auto-generated if omitted)"
-	}).option("tls-cert", {
-		type: "string",
-		description: "TLS certificate file (PEM)"
-	}).option("tls-key", {
-		type: "string",
-		description: "TLS private key file (PEM)"
-	}).option("share", {
-		type: "string",
-		description: "Share over WebRTC: bare flag mints a room+link, or pass webrtc://room:token@host"
-	}).option("allow-spawn", {
-		type: "boolean",
-		default: false,
-		description: "Allow the shared console to spawn new agents (asks y/N per request on a TTY)"
-	}).help(false).version(false).exitProcess(false).parseAsync();
-	const port = argv.port ?? DEFAULT_PORT;
-	const host = argv.host ?? "127.0.0.1";
-	const tokenFlag = typeof argv.token === "string" ? argv.token : void 0;
-	const certPath = typeof argv["tls-cert"] === "string" ? argv["tls-cert"] : void 0;
-	const keyPath = typeof argv["tls-key"] === "string" ? argv["tls-key"] : void 0;
-	if (certPath && !keyPath || !certPath && keyPath) {
-		process.stderr.write("ay serve: --tls-cert and --tls-key must both be provided\n");
-		return 1;
-	}
-	const useHttps = !!(certPath && keyPath);
-	const scheme = useHttps ? "https" : "http";
-	if (host !== "127.0.0.1" && host !== "localhost") process.stderr.write("ay serve: warning: binding to non-loopback — ensure your network is trusted or use Tailscale/VPN\n");
-	const token = await loadOrCreateToken(tokenFlag);
-	const allowSpawn = argv["allow-spawn"] === true;
-	const spawnQueue = [];
-	let stdinWired = false;
-	const confirmSpawn = (cli, cwd, prompt) => {
-		if (!process.stdin.isTTY) return Promise.resolve(true);
-		if (!stdinWired) {
-			stdinWired = true;
-			process.stdin.setEncoding("utf8");
-			process.stdin.on("data", (d) => spawnQueue.shift()?.(/^y/i.test(d.trim())));
-			process.stdin.resume();
-		}
-		process.stdout.write(`\n⚠ console requests spawn:  ay ${cli}${prompt ? ` -- "${prompt.slice(0, 60)}"` : ""}\n   cwd: ${cwd}\n   allow? [y/N] `);
-		return new Promise((res) => spawnQueue.push(res));
-	};
-	const serverOpts = {
-		hostname: host,
-		port,
-		async fetch(req) {
-			if (!checkAuth(req, token)) return new Response("Unauthorized", { status: 401 });
-			const url = new URL(req.url);
-			const p = url.pathname;
-			if (req.method === "GET" && p === "/api/ls") {
-				const keyword = url.searchParams.get("keyword") ?? void 0;
-				const opts = defaultOpts({
-					all: url.searchParams.get("all") === "1",
-					active: url.searchParams.get("active") === "1"
-				});
-				try {
-					const records = await listRecords(keyword, opts);
-					return Response.json(records);
-				} catch (e) {
-					return new Response(e.message, { status: 500 });
-				}
-			}
-			if (req.method === "GET" && p === "/api/notes") {
-				const notes = await readNotes();
-				return Response.json(Object.fromEntries(notes));
-			}
-			const statusM = /^\/api\/status\/(.+)$/.exec(p);
-			if (req.method === "GET" && statusM) {
-				const keyword = decodeURIComponent(statusM[1]);
-				try {
-					const snap = await snapshotStatus(await resolveOne(keyword, defaultOpts({ all: true })));
-					return Response.json(snap);
-				} catch (e) {
-					return new Response(e.message, { status: 404 });
-				}
-			}
-			const readM = /^\/api\/read\/(.+)$/.exec(p);
-			if (req.method === "GET" && readM) {
-				const keyword = decodeURIComponent(readM[1]);
-				const mode = url.searchParams.get("mode") ?? "tail";
-				const n = parseInt(url.searchParams.get("n") ?? "96", 10) || 96;
-				try {
-					const record = await resolveOne(keyword, defaultOpts());
-					if (!record.log_file) return new Response(`pid ${record.pid}: no log_file`, { status: 404 });
-					const text = await renderRawLog(await readFile(record.log_file), {
-						mode,
-						n
-					});
-					return new Response(text, { headers: { "Content-Type": "text/plain; charset=utf-8" } });
-				} catch (e) {
-					return new Response(e.message, { status: 404 });
-				}
-			}
-			const tailM = /^\/api\/tail\/(.+)$/.exec(p);
-			if (req.method === "GET" && tailM) {
-				const keyword = decodeURIComponent(tailM[1]);
-				const raw = url.searchParams.get("raw") === "1";
-				try {
-					const record = await resolveOne(keyword, defaultOpts());
-					if (!record.log_file) return new Response(`pid ${record.pid}: no log_file`, { status: 404 });
-					const logPath = record.log_file;
-					const stream = new ReadableStream({ async start(ctrl) {
-						const enc = new TextEncoder();
-						const send = (text) => ctrl.enqueue(enc.encode(`data: ${JSON.stringify(text)}\n\n`));
-						const ping = () => ctrl.enqueue(enc.encode(": ping\n\n"));
-						const initBuf = await readFile(logPath).catch(() => Buffer.alloc(0));
-						if (raw) send(new TextDecoder().decode(initBuf.slice(Math.max(0, initBuf.length - 65536))));
-						else send(await renderRawLog(initBuf, {
-							mode: "tail",
-							n: 96
-						}));
-						let offset = initBuf.length;
-						let closed = false;
-						const heartbeat = setInterval(() => {
-							if (closed) {
-								clearInterval(heartbeat);
-								return;
-							}
-							ping();
-						}, 15e3);
-						const ansiRe = /\x1b\[[0-?]*[ -/]*[@-~]|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)|\x1b[@-Z\\-_]/g;
-						const ctrlRe = /[\x00-\x08\x0b\x0c\x0e-\x1f\x7f]/g;
-						const poller = setInterval(async () => {
-							if (closed) {
-								clearInterval(poller);
-								return;
-							}
-							try {
-								const full = await readFile(logPath);
-								if (full.length <= offset) return;
-								const chunk = full.slice(offset);
-								offset = full.length;
-								if (raw) send(new TextDecoder().decode(chunk));
-								else {
-									const text = new TextDecoder().decode(chunk).replace(ansiRe, "").replace(ctrlRe, "");
-									if (text.trim()) send(text.trimStart());
-								}
-							} catch {}
-						}, 300);
-						req.signal.addEventListener("abort", () => {
-							closed = true;
-							clearInterval(heartbeat);
-							clearInterval(poller);
-							try {
-								ctrl.close();
-							} catch {}
-						});
-					} });
-					return new Response(stream, { headers: {
-						"Content-Type": "text/event-stream",
-						"Cache-Control": "no-cache",
-						Connection: "keep-alive"
-					} });
-				} catch (e) {
-					return new Response(e.message, { status: 404 });
-				}
-			}
-			if (req.method === "POST" && p === "/api/send") {
-				let body;
-				try {
-					body = await req.json();
-				} catch {
-					return new Response("invalid JSON body", { status: 400 });
-				}
-				const { keyword, msg = "", code = "enter" } = body;
-				if (!keyword || typeof keyword !== "string") return new Response("missing keyword", { status: 400 });
-				try {
-					const record = await resolveOne(keyword, defaultOpts());
-					if (!record.fifo_file) return new Response(`pid ${record.pid}: no fifo_file`, { status: 409 });
-					const trailing = controlCodeFromName(code.toLowerCase());
-					if (msg && trailing) {
-						await writeToIpc(record.fifo_file, msg);
-						await new Promise((r) => setTimeout(r, 200));
-						await writeToIpc(record.fifo_file, trailing);
-					} else await writeToIpc(record.fifo_file, msg + trailing);
-					return Response.json({
-						ok: true,
-						pid: record.pid
-					});
-				} catch (e) {
-					return new Response(e.message, { status: 404 });
-				}
-			}
-			const resizeM = /^\/api\/resize\/(.+)$/.exec(p);
-			if (req.method === "POST" && resizeM) {
-				const keyword = decodeURIComponent(resizeM[1]);
-				let body;
-				try {
-					body = await req.json();
-				} catch {
-					return new Response("invalid JSON body", { status: 400 });
-				}
-				const cols = Math.max(1, Math.floor(Number(body.cols) || 0));
-				const rows = Math.max(1, Math.floor(Number(body.rows) || 0));
-				if (!cols || !rows) return new Response("missing cols/rows", { status: 400 });
-				try {
-					const record = await resolveOne(keyword, defaultOpts());
-					const ayHome = process.env.AGENT_YES_HOME ?? path.join(homedir(), ".agent-yes");
-					const winsizeDir = path.join(ayHome, "winsize");
-					await mkdir(winsizeDir, { recursive: true });
-					await writeFile(path.join(winsizeDir, String(record.pid)), `${cols} ${rows} ${Date.now()}\n`);
-					try {
-						process.kill(record.pid, "SIGWINCH");
-					} catch {}
-					return Response.json({
-						ok: true,
-						pid: record.pid,
-						cols,
-						rows
-					});
-				} catch (e) {
-					return new Response(e.message, { status: 404 });
-				}
-			}
-			if (req.method === "POST" && p === "/api/spawn") {
-				if (!allowSpawn) return new Response("spawning disabled — start: ay serve --share --allow-spawn", { status: 403 });
-				let body;
-				try {
-					body = await req.json();
-				} catch {
-					return new Response("invalid JSON body", { status: 400 });
-				}
-				const cli = String(body.cli ?? "claude");
-				if (!SUPPORTED_CLIS.includes(cli)) return new Response(`unsupported cli: ${cli}`, { status: 400 });
-				const cwd = typeof body.cwd === "string" && body.cwd ? body.cwd : process.cwd();
-				const prompt = String(body.prompt ?? "");
-				if (!await confirmSpawn(cli, cwd, prompt)) return new Response("denied by host", { status: 403 });
-				try {
-					const child = Bun.spawn([
-						"ay",
-						cli,
-						...prompt ? ["--", prompt] : []
-					], {
-						cwd,
-						stdin: "ignore",
-						stdout: "ignore",
-						stderr: "ignore"
-					});
-					child.unref();
-					return Response.json({
-						ok: true,
-						pid: child.pid,
-						cli,
-						cwd
-					});
-				} catch (e) {
-					return new Response(e.message, { status: 500 });
-				}
-			}
-			return new Response("Not Found", { status: 404 });
-		}
-	};
-	if (useHttps) serverOpts.tls = {
-		cert: Bun.file(certPath),
-		key: Bun.file(keyPath)
-	};
-	const server = Bun.serve(serverOpts);
-	process.stdout.write(`ay serve  ${scheme}://${host}:${port}\n`);
-	process.stdout.write(`token:    ${token}\n\n`);
-	process.stdout.write(`connect from another machine:\n`);
-	process.stdout.write(`  ay ls   ${token}@<host>:${port}\n`);
-	process.stdout.write(`  ay tail ${token}@<host>:${port}:<keyword>\n`);
-	process.stdout.write(`  ay send ${token}@<host>:${port}:<keyword> "message"\n\n`);
-	process.stdout.write(`save as alias:\n`);
-	process.stdout.write(`  ay remote add <alias> ${scheme}://${token}@<host>:${port}\n\n`);
-	if (!useHttps) process.stdout.write("for HTTPS: ay serve --tls-cert cert.pem --tls-key key.pem\n  openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'\n\n");
-	if (argv.share !== void 0) {
-		const shareUrl = typeof argv.share === "string" && argv.share.startsWith("webrtc://") ? argv.share : void 0;
-		try {
-			const { startShare } = await import("./share-DUhUA1Pi.js");
-			const { link } = await startShare({
-				url: shareUrl,
-				apiUrl: `http://127.0.0.1:${port}`,
-				apiToken: token
-			});
-			process.stdout.write(`\nshared over WebRTC — open this link (the token is eaten from the URL on open):\n  ${link}\n\n`);
-		} catch (e) {
-			process.stderr.write(`ay serve --share failed: ${e.message}\n`);
-		}
-	}
-	process.stdout.write(`(Ctrl-C to stop)\n`);
-	await new Promise((resolve) => {
-		process.on("SIGINT", () => {
-			server.stop();
-			resolve();
-		});
-		process.on("SIGTERM", () => {
-			server.stop();
-			resolve();
-		});
-	});
-	return 0;
-}
-
-//#endregion
-export { cmdServe };
-//# sourceMappingURL=serve-CuAPBK4y.js.map