ai-cli-online 2.1.0

package/server/dist/websocket.js

@@ -0,0 +1,304 @@
+import { WebSocket } from 'ws';
+import { buildSessionName, isValidSessionId, tokenToSessionName, hasSession, createSession, captureScrollback, resizeSession, } from './tmux.js';
+import { PtySession } from './pty.js';
+/**
+ * Binary protocol for hot-path messages (output/input/scrollback).
+ * Format: [1-byte type prefix][raw UTF-8 payload]
+ * JSON is kept for low-frequency control messages.
+ */
+const BIN_TYPE_OUTPUT = 0x01;
+const BIN_TYPE_INPUT = 0x02;
+const BIN_TYPE_SCROLLBACK = 0x03;
+const BIN_TYPE_SCROLLBACK_CONTENT = 0x04;
+/** Track active connections per session name to prevent duplicates */
+const activeConnections = new Map();
+/** Rate-limit failed WebSocket auth attempts per IP */
+const authFailures = new Map();
+const AUTH_FAIL_MAX = 5;
+const AUTH_FAIL_WINDOW_MS = 60_000;
+// Periodically prune expired entries to prevent unbounded memory growth
+setInterval(() => {
+    const now = Date.now();
+    for (const [ip, entry] of authFailures) {
+        if (now > entry.resetAt)
+            authFailures.delete(ip);
+    }
+}, 5 * 60_000);
+function isAuthRateLimited(ip) {
+    const now = Date.now();
+    const entry = authFailures.get(ip);
+    if (!entry || now > entry.resetAt)
+        return false;
+    return entry.count >= AUTH_FAIL_MAX;
+}
+function recordAuthFailure(ip) {
+    const now = Date.now();
+    const entry = authFailures.get(ip);
+    if (!entry || now > entry.resetAt) {
+        authFailures.set(ip, { count: 1, resetAt: now + AUTH_FAIL_WINDOW_MS });
+    }
+    else {
+        entry.count++;
+    }
+}
+/** Count active connections for a given token prefix */
+function countConnectionsForToken(tokenPrefix) {
+    let count = 0;
+    for (const [name, ws] of activeConnections) {
+        if (name.startsWith(tokenPrefix) && ws.readyState === WebSocket.OPEN) {
+            count++;
+        }
+    }
+    return count;
+}
+/** Get the set of session names with active open WebSocket connections */
+export function getActiveSessionNames() {
+    const names = new Set();
+    for (const [name, ws] of activeConnections) {
+        if (ws.readyState === WebSocket.OPEN) {
+            names.add(name);
+        }
+    }
+    return names;
+}
+/** Send a JSON control message (low-frequency: connected, error, pong) */
+function send(ws, msg) {
+    if (ws.readyState === WebSocket.OPEN) {
+        ws.send(JSON.stringify(msg));
+    }
+}
+/** Send binary data with a 1-byte type prefix (high-frequency hot path) */
+function sendBinary(ws, typePrefix, data) {
+    if (ws.readyState === WebSocket.OPEN) {
+        const byteLen = Buffer.byteLength(data, 'utf-8');
+        const buf = Buffer.allocUnsafe(1 + byteLen);
+        buf[0] = typePrefix;
+        buf.write(data, 1, byteLen, 'utf-8');
+        ws.send(buf);
+    }
+}
+/** Server-side keepalive: ping all clients every 30s, terminate if no pong */
+function startKeepAlive(wss) {
+    const KEEPALIVE_INTERVAL = 30_000;
+    setInterval(() => {
+        for (const ws of wss.clients) {
+            const alive = ws;
+            if (alive._isAlive === false) {
+                // No pong received since last ping — terminate
+                console.log('[WS] Keepalive: terminating unresponsive connection');
+                alive.terminate();
+                continue;
+            }
+            alive._isAlive = false;
+            alive.ping();
+        }
+    }, KEEPALIVE_INTERVAL);
+    wss.on('connection', (ws) => {
+        ws._isAlive = true;
+        ws.on('pong', () => {
+            ws._isAlive = true;
+        });
+    });
+}
+export function setupWebSocket(wss, authToken, defaultCwd, tokenCompare, maxConnections = 10) {
+    // Start server-side keepalive to detect dead connections
+    startKeepAlive(wss);
+    const compareToken = tokenCompare;
+    wss.on('connection', (ws, req) => {
+        // Disable Nagle algorithm for low-latency terminal I/O (eliminates up to 40ms delay per keystroke)
+        const socket = req.socket;
+        if (socket && typeof socket.setNoDelay === 'function') {
+            socket.setNoDelay(true);
+        }
+        const clientIp = req.socket.remoteAddress || 'unknown';
+        // Reject connections from IPs with too many recent auth failures
+        if (authToken && isAuthRateLimited(clientIp)) {
+            console.log(`[WS] Auth rate-limited IP: ${clientIp}`);
+            ws.close(4001, 'Too many auth failures');
+            return;
+        }
+        const url = new URL(req.url || '', `http://${req.headers.host}`);
+        const cols = 80;
+        const rows = 24;
+        const rawSessionId = url.searchParams.get('sessionId') || undefined;
+        const sessionId = rawSessionId && isValidSessionId(rawSessionId) ? rawSessionId : undefined;
+        if (rawSessionId && !sessionId) {
+            console.log(`[WS] Invalid sessionId rejected: ${rawSessionId}`);
+            ws.close(4004, 'Invalid sessionId');
+            return;
+        }
+        // First-message auth: wait for { type: 'auth', token } before setting up session.
+        // A 5-second timeout ensures unauthenticated connections don't linger.
+        let authenticated = !authToken; // skip auth if no token configured
+        let sessionName = '';
+        let ptySession = null;
+        let sessionInitializing = false; // guard against concurrent initSession calls
+        let lastScrollbackTime = 0; // throttle capture-scrollback requests
+        const SCROLLBACK_THROTTLE_MS = 2000;
+        const AUTH_TIMEOUT = 5000;
+        const authTimer = authToken
+            ? setTimeout(() => {
+                if (!authenticated) {
+                    console.log('[WS] Auth timeout — no auth message received');
+                    ws.close(4001, 'Auth timeout');
+                }
+            }, AUTH_TIMEOUT)
+            : null;
+        async function initSession(token) {
+            if (sessionInitializing || ptySession)
+                return; // prevent double init
+            sessionInitializing = true;
+            try {
+                sessionName = buildSessionName(token, sessionId);
+                // Connection limit per token
+                const tokenPrefix = tokenToSessionName(token) + '-';
+                if (countConnectionsForToken(tokenPrefix) >= maxConnections) {
+                    console.log(`[WS] Connection limit (${maxConnections}) reached for token`);
+                    ws.close(4005, 'Too many connections');
+                    return;
+                }
+                console.log(`[WS] Client connected, session: ${sessionName}, size: ${cols}x${rows}`);
+                // Kick duplicate connection for same session
+                const existing = activeConnections.get(sessionName);
+                if (existing && existing.readyState === WebSocket.OPEN) {
+                    console.log(`[WS] Kicking existing connection for session: ${sessionName}`);
+                    existing.close(4002, 'Replaced by new connection');
+                }
+                activeConnections.set(sessionName, ws);
+                // Check or create tmux session
+                const resumed = await hasSession(sessionName);
+                if (!resumed) {
+                    await createSession(sessionName, cols, rows, defaultCwd);
+                }
+                else {
+                    // resizeSession and captureScrollback are independent — run in parallel
+                    const [, scrollback] = await Promise.all([
+                        resizeSession(sessionName, cols, rows),
+                        captureScrollback(sessionName),
+                    ]);
+                    if (scrollback) {
+                        sendBinary(ws, BIN_TYPE_SCROLLBACK, scrollback);
+                    }
+                }
+                send(ws, { type: 'connected', resumed });
+                // Attach PTY to tmux session
+                try {
+                    ptySession = new PtySession(sessionName, cols, rows);
+                }
+                catch (err) {
+                    console.error(`[WS] Failed to attach PTY to session ${sessionName}:`, err);
+                    send(ws, { type: 'error', error: 'Failed to attach to terminal session' });
+                    ws.close(4003, 'PTY attach failed');
+                    return;
+                }
+                ptySession.onData((data) => {
+                    sendBinary(ws, BIN_TYPE_OUTPUT, data);
+                });
+                ptySession.onExit((code, signal) => {
+                    console.log(`[WS] PTY exited for session ${sessionName}, code: ${code}, signal: ${signal}`);
+                    if (ws.readyState === WebSocket.OPEN) {
+                        ws.close(1000, 'PTY exited');
+                    }
+                });
+            }
+            catch (err) {
+                console.error(`[WS] initSession failed for ${sessionName}:`, err);
+                ws.close(4003, 'Session init failed');
+            }
+            finally {
+                sessionInitializing = false;
+            }
+        }
+        // If no auth required, init immediately with default token
+        if (authenticated) {
+            initSession('default');
+        }
+        ws.on('message', async (raw, isBinary) => {
+            try {
+                // Binary hot-path: [1-byte type][payload]
+                if (isBinary && Buffer.isBuffer(raw) && raw.length >= 1) {
+                    if (!authenticated) {
+                        ws.close(4001, 'Auth required');
+                        return;
+                    }
+                    const typePrefix = raw[0];
+                    if (typePrefix === BIN_TYPE_INPUT) {
+                        const data = raw.subarray(1).toString('utf-8');
+                        ptySession?.write(data);
+                    }
+                    return;
+                }
+                // JSON control messages
+                const msg = JSON.parse(raw.toString());
+                // Handle auth message (must be first message when auth is enabled)
+                if (msg.type === 'auth') {
+                    if (authenticated)
+                        return; // already authenticated, ignore
+                    if (authTimer)
+                        clearTimeout(authTimer);
+                    if (!msg.token || !compareToken(msg.token, authToken)) {
+                        recordAuthFailure(clientIp);
+                        console.log(`[WS] Unauthorized — invalid token from ${clientIp}`);
+                        ws.close(4001, 'Unauthorized');
+                        return;
+                    }
+                    authenticated = true;
+                    await initSession(msg.token);
+                    return;
+                }
+                // All other messages require authentication
+                if (!authenticated) {
+                    ws.close(4001, 'Auth required');
+                    return;
+                }
+                switch (msg.type) {
+                    case 'input':
+                        // Legacy JSON input support (fallback)
+                        ptySession?.write(msg.data);
+                        break;
+                    case 'resize': {
+                        const c = Math.max(1, Math.min(500, Math.floor(msg.cols || 80)));
+                        const r = Math.max(1, Math.min(500, Math.floor(msg.rows || 24)));
+                        // PTY resize (sync) and tmux resize (async subprocess) are independent — run in parallel
+                        ptySession?.resize(c, r);
+                        resizeSession(sessionName, c, r);
+                        break;
+                    }
+                    case 'ping':
+                        send(ws, { type: 'pong', timestamp: Date.now() });
+                        break;
+                    case 'capture-scrollback': {
+                        // Throttle to prevent abuse (subprocess spawning is expensive)
+                        const now = Date.now();
+                        if (now - lastScrollbackTime < SCROLLBACK_THROTTLE_MS)
+                            break;
+                        lastScrollbackTime = now;
+                        const content = await captureScrollback(sessionName);
+                        // Normalize newlines server-side to avoid client main-thread regex on large strings
+                        const normalized = content.replace(/\n/g, '\r\n');
+                        sendBinary(ws, BIN_TYPE_SCROLLBACK_CONTENT, normalized);
+                        break;
+                    }
+                }
+            }
+            catch {
+                // Ignore malformed messages
+            }
+        });
+        ws.on('close', () => {
+            if (authTimer)
+                clearTimeout(authTimer);
+            if (sessionName) {
+                console.log(`[WS] Client disconnected, session: ${sessionName}`);
+                if (activeConnections.get(sessionName) === ws) {
+                    activeConnections.delete(sessionName);
+                }
+            }
+            ptySession?.kill();
+            ptySession = null;
+        });
+        ws.on('error', (err) => {
+            console.error(`[WS] Error${sessionName ? ` for session ${sessionName}` : ''}:`, err);
+        });
+    });
+}

package/server/package.json

@@ -0,0 +1,32 @@
+{
+  "name": "ai-cli-online-server",
+  "version": "2.0.0",
+  "description": "CLI-Online Backend Server",
+  "main": "dist/index.js",
+  "type": "module",
+  "scripts": {
+    "dev": "tsx watch src/index.ts",
+    "build": "tsc",
+    "start": "node dist/index.js"
+  },
+  "dependencies": {
+    "better-sqlite3": "^12.6.2",
+    "ai-cli-online-shared": "*",
+    "dotenv": "^16.3.1",
+    "express": "^4.18.2",
+    "express-rate-limit": "^8.2.1",
+    "helmet": "^8.1.0",
+    "multer": "^2.0.2",
+    "node-pty": "^1.1.0",
+    "ws": "^8.16.0"
+  },
+  "devDependencies": {
+    "@types/better-sqlite3": "^7.6.13",
+    "@types/express": "^4.17.21",
+    "@types/multer": "^2.0.0",
+    "@types/node": "^20.10.0",
+    "@types/ws": "^8.5.10",
+    "tsx": "^4.7.0",
+    "typescript": "^5.9.3"
+  }
+}

package/shared/dist/types.d.ts

@@ -0,0 +1,40 @@
+export interface FileEntry {
+    name: string;
+    type: 'file' | 'directory';
+    size: number;
+    modifiedAt: string;
+}
+export type ClientMessage = {
+    type: 'auth';
+    token: string;
+} | {
+    type: 'input';
+    data: string;
+} | {
+    type: 'resize';
+    cols: number;
+    rows: number;
+} | {
+    type: 'ping';
+} | {
+    type: 'capture-scrollback';
+};
+export type ServerMessage = {
+    type: 'output';
+    data: string;
+} | {
+    type: 'scrollback';
+    data: string;
+} | {
+    type: 'scrollback-content';
+    data: string;
+} | {
+    type: 'connected';
+    resumed: boolean;
+} | {
+    type: 'error';
+    error: string;
+} | {
+    type: 'pong';
+    timestamp: number;
+};

package/shared/dist/types.js

@@ -0,0 +1 @@
+export {};

package/shared/package.json

@@ -0,0 +1,20 @@
+{
+  "name": "ai-cli-online-shared",
+  "version": "2.0.0",
+  "description": "Shared types for CLI-Online",
+  "type": "module",
+  "main": "dist/types.js",
+  "types": "dist/types.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/types.d.ts",
+      "import": "./dist/types.js"
+    }
+  },
+  "scripts": {
+    "build": "tsc"
+  },
+  "devDependencies": {
+    "typescript": "^5.9.3"
+  }
+}

package/start.sh

@@ -0,0 +1,39 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+PROJECT_DIR="$(cd "$(dirname "$0")" && pwd)"
+PORT="${PORT:-3001}"
+
+echo "================================"
+echo "  AI-CLI-Online 启动脚本"
+echo "================================"
+
+# 1. 清理占用端口的旧进程
+if fuser "$PORT/tcp" >/dev/null 2>&1; then
+  echo "[清理] 端口 $PORT 被占用，正在终止旧进程..."
+  fuser -k "$PORT/tcp" >/dev/null 2>&1 || true
+  sleep 1
+  # 如果 SIGTERM 没杀掉，强制 kill
+  if fuser "$PORT/tcp" >/dev/null 2>&1; then
+    echo "[清理] 旧进程未响应，强制终止..."
+    fuser -k -9 "$PORT/tcp" >/dev/null 2>&1 || true
+    sleep 1
+  fi
+  echo "[清理] 旧进程已终止"
+else
+  echo "[清理] 端口 $PORT 空闲，无需清理"
+fi
+
+# 2. 清理残留的 node 子进程（仅限本项目）
+pkill -f "node.*ai-cli-online.*dist/index.js" 2>/dev/null || true
+
+# 3. 构建项目
+echo "[构建] 编译 server 和 web..."
+cd "$PROJECT_DIR"
+npm run build 2>&1
+echo "[构建] 完成"
+
+# 4. 启动服务（从 server/ 目录启动，确保 dotenv 能读取 server/.env）
+echo "[启动] 启动服务 (端口: $PORT)..."
+cd "$PROJECT_DIR/server"
+exec node dist/index.js

package/web/dist/assets/index-79TY7o1G.css

@@ -0,0 +1,32 @@
+/**
+ * Copyright (c) 2014 The xterm.js authors. All rights reserved.
+ * Copyright (c) 2012-2013, Christopher Jeffrey (MIT License)
+ * https://github.com/chjj/term.js
+ * @license MIT
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ *
+ * Originally forked from (with the author's permission):
+ *   Fabrice Bellard's javascript vt100 for jslinux:
+ *   http://bellard.org/jslinux/
+ *   Copyright (c) 2011 Fabrice Bellard
+ *   The original design remains. The terminal itself
+ *   has been extended to include xterm CSI codes, among
+ *   other features.
+ */.xterm{cursor:text;position:relative;user-select:none;-ms-user-select:none;-webkit-user-select:none}.xterm.focus,.xterm:focus{outline:none}.xterm .xterm-helpers{position:absolute;top:0;z-index:5}.xterm .xterm-helper-textarea{padding:0;border:0;margin:0;position:absolute;opacity:0;left:-9999em;top:0;width:0;height:0;z-index:-5;white-space:nowrap;overflow:hidden;resize:none}.xterm .composition-view{background:#000;color:#fff;display:none;position:absolute;white-space:nowrap;z-index:1}.xterm .composition-view.active{display:block}.xterm .xterm-viewport{background-color:#000;overflow-y:scroll;cursor:default;position:absolute;right:0;left:0;top:0;bottom:0}.xterm .xterm-screen{position:relative}.xterm .xterm-screen canvas{position:absolute;left:0;top:0}.xterm-char-measure-element{display:inline-block;visibility:hidden;position:absolute;top:0;left:-9999em;line-height:normal}.xterm.enable-mouse-events{cursor:default}.xterm.xterm-cursor-pointer,.xterm .xterm-cursor-pointer{cursor:pointer}.xterm.column-select.focus{cursor:crosshair}.xterm .xterm-accessibility:not(.debug),.xterm .xterm-message{position:absolute;left:0;top:0;bottom:0;right:0;z-index:10;color:transparent;pointer-events:none}.xterm .xterm-accessibility-tree:not(.debug) *::selection{color:transparent}.xterm .xterm-accessibility-tree{font-family:monospace;-webkit-user-select:text;user-select:text;white-space:pre}.xterm .xterm-accessibility-tree>div{transform-origin:left;width:fit-content}.xterm .live-region{position:absolute;left:-9999px;width:1px;height:1px;overflow:hidden}.xterm-dim{opacity:1!important}.xterm-underline-1{text-decoration:underline}.xterm-underline-2{text-decoration:double underline}.xterm-underline-3{text-decoration:wavy underline}.xterm-underline-4{text-decoration:dotted underline}.xterm-underline-5{text-decoration:dashed underline}.xterm-overline{text-decoration:overline}.xterm-overline.xterm-underline-1{text-decoration:overline underline}.xterm-overline.xterm-underline-2{text-decoration:overline double underline}.xterm-overline.xterm-underline-3{text-decoration:overline wavy underline}.xterm-overline.xterm-underline-4{text-decoration:overline dotted underline}.xterm-overline.xterm-underline-5{text-decoration:overline dashed underline}.xterm-strikethrough{text-decoration:line-through}.xterm-screen .xterm-decoration-container .xterm-decoration{z-index:6;position:absolute}.xterm-screen .xterm-decoration-container .xterm-decoration.xterm-decoration-top-layer{z-index:7}.xterm-decoration-overview-ruler{z-index:8;position:absolute;top:0;right:0;pointer-events:none}.xterm-decoration-top{z-index:2;position:relative}.xterm .xterm-scrollable-element>.scrollbar{cursor:default}.xterm .xterm-scrollable-element>.scrollbar>.scra{cursor:pointer;font-size:11px!important}.xterm .xterm-scrollable-element>.visible{opacity:1;background:#0000;transition:opacity .1s linear;z-index:11}.xterm .xterm-scrollable-element>.invisible{opacity:0;pointer-events:none}.xterm .xterm-scrollable-element>.invisible.fade{transition:opacity .8s linear}.xterm .xterm-scrollable-element>.shadow{position:absolute;display:none}.xterm .xterm-scrollable-element>.shadow.top{display:block;top:0;left:3px;height:3px;width:100%;box-shadow:var(--vscode-scrollbar-shadow, #000) 0 6px 6px -6px inset}.xterm .xterm-scrollable-element>.shadow.left{display:block;top:3px;left:0;height:100%;width:3px;box-shadow:var(--vscode-scrollbar-shadow, #000) 6px 0 6px -6px inset}.xterm .xterm-scrollable-element>.shadow.top-left-corner{display:block;top:0;left:0;height:3px;width:3px}.xterm .xterm-scrollable-element>.shadow.top.left{box-shadow:var(--vscode-scrollbar-shadow, #000) 6px 0 6px -6px inset}@font-face{font-family:JetBrains Mono;src:url(/fonts/JetBrainsMono-Regular.woff2) format("woff2");font-weight:400;font-style:normal;font-display:swap}@font-face{font-family:JetBrains Mono;src:url(/fonts/JetBrainsMono-Bold.woff2) format("woff2");font-weight:700;font-style:normal;font-display:swap}@font-face{font-family:Maple Mono CN;src:url(/fonts/MapleMono-CN-Regular.woff2) format("woff2");font-weight:400;font-style:normal;font-display:swap}@font-face{font-family:Maple Mono CN;src:url(/fonts/MapleMono-CN-Bold.woff2) format("woff2");font-weight:700;font-style:normal;font-display:swap}*{margin:0;padding:0;box-sizing:border-box}html,body,#root{width:100%;height:100%;overflow:hidden;background-color:#1a1b26;font-family:Maple Mono CN,JetBrains Mono,Menlo,Monaco,Courier New,monospace;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale;text-rendering:optimizeLegibility}body.resizing-panes,body.resizing-panes *{cursor:col-resize!important;-webkit-user-select:none!important;user-select:none!important}.session-sidebar{transition:width .2s ease;overflow:hidden;flex-shrink:0}body.resizing-panes-v,body.resizing-panes-v *{cursor:row-resize!important;-webkit-user-select:none!important;user-select:none!important}button{transition:all .15s ease;font-family:inherit}button:hover{filter:brightness(1.2)}button:active{transform:scale(.97)}::-webkit-scrollbar{width:6px;height:6px}::-webkit-scrollbar-track{background:transparent}::-webkit-scrollbar-thumb{background:#292e42;border-radius:3px}::-webkit-scrollbar-thumb:hover{background:#414868}::selection{background:#7aa2f74d;color:#c0caf5}input:focus-visible,button:focus-visible{outline:1px solid #7aa2f7;outline-offset:1px}.header-btn{background:none;border:1px solid #292e42;color:#7aa2f7;padding:2px 10px;border-radius:5px;cursor:pointer;font-size:13px;line-height:1.4;transition:all .15s ease}.header-btn:hover{background:#7aa2f71a;border-color:#7aa2f7}.header-btn--muted{color:#565f89;font-size:12px}.header-btn--muted:hover{color:#a9b1d6;border-color:#565f89;background:#565f891a}.pane-btn{background:none;border:none;color:#565f89;cursor:pointer;font-size:14px;line-height:1;padding:2px 4px;border-radius:3px;transition:all .15s ease}.pane-btn:hover{color:#7aa2f7;background:#7aa2f71a}.pane-btn--danger:hover{color:#f7768e;background:#f7768e1a}.login-input{transition:border-color .2s ease,box-shadow .2s ease}.login-input:focus{border-color:#7aa2f7!important;box-shadow:0 0 0 3px #7aa2f726}.login-card{box-shadow:0 8px 32px #0006,0 0 0 1px #7aa2f714;transition:box-shadow .3s ease}.login-submit{transition:all .2s ease}.login-submit:not(:disabled):hover{filter:brightness(1.1);box-shadow:0 4px 12px #7aa2f74d}.md-editor-textarea{flex:1;min-width:0;resize:none;border:none;outline:none;padding:8px 12px;font-family:Maple Mono CN,JetBrains Mono,Menlo,Monaco,Courier New,monospace;font-size:13px;line-height:1.5;color:#a9b1d6;background-color:#1a1b26;-moz-tab-size:2;tab-size:2}.md-editor-textarea::placeholder{color:#414868;font-style:italic}.md-editor-divider{height:4px;background:#292e42;cursor:row-resize;flex-shrink:0;transition:background .15s ease}.md-editor-divider:hover{background:#7aa2f7}.pane-btn--active{color:#7aa2f7}.plan-panel-body{display:flex;flex-direction:row;flex:1;min-height:0;overflow:hidden}.plan-renderer{overflow:hidden;padding:0;min-width:0;-webkit-user-select:text;user-select:text}.plan-divider-h{width:4px;background:#292e42;cursor:col-resize;flex-shrink:0;transition:background .15s ease}.plan-divider-h:hover{background:#7aa2f7}.plan-editor-wrap{flex:1;display:flex;flex-direction:column;min-width:0;overflow:hidden}.plan-filename-input{background:#1a1b26;border:1px solid #292e42;color:#a9b1d6;padding:2px 6px;border-radius:3px;font-family:inherit;font-size:11px;width:120px;outline:none;transition:border-color .15s ease}.plan-filename-input:focus{border-color:#7aa2f7}body.resizing-panes-h,body.resizing-panes-h *{cursor:col-resize!important;-webkit-user-select:none!important;user-select:none!important}.md-preview{color:#a9b1d6;font-size:13px;line-height:1.6;word-wrap:break-word}.md-preview h1{color:#7aa2f7;font-size:1.4em;margin:.6em 0 .3em;padding-bottom:.2em;border-bottom:1px solid #292e42}.md-preview h2{color:#bb9af7;font-size:1.2em;margin:.5em 0 .3em}.md-preview h3{color:#7dcfff;font-size:1.05em;margin:.4em 0 .2em}.md-preview p{margin:.4em 0}.md-preview code{background:#24283b;color:#c0caf5;padding:1px 4px;border-radius:3px;font-size:.9em;font-family:Maple Mono CN,JetBrains Mono,monospace}.md-preview pre{background:#24283b;border:1px solid #292e42;border-radius:4px;padding:10px 12px;overflow-x:auto;margin:.5em 0}.md-preview pre code{background:none;padding:0;border-radius:0}.md-preview blockquote{border-left:3px solid #7aa2f7;padding:2px 12px;margin:.4em 0;color:#565f89}.md-preview ul,.md-preview ol{padding-left:1.5em;margin:.3em 0}.md-preview li{margin:.15em 0}.md-preview table{border-collapse:collapse;width:100%;margin:.5em 0;font-size:12px}.md-preview th,.md-preview td{border:1px solid #292e42;padding:4px 8px;text-align:left}.md-preview th{background:#24283b;color:#7aa2f7;font-weight:600}.md-preview a{color:#7aa2f7;text-decoration:none}.md-preview a:hover{text-decoration:underline}.md-preview hr{border:none;border-top:1px solid #292e42;margin:.6em 0}.slash-dropdown{flex-shrink:0;max-height:180px;overflow-y:auto;background:#1e2030;border-bottom:1px solid #292e42;z-index:10;font-size:12px}.slash-item{display:flex;align-items:center;gap:8px;padding:5px 10px;cursor:pointer;transition:background .1s ease}.slash-item:hover,.slash-item--active{background:#292e42}.slash-cmd{color:#7aa2f7;font-weight:600;min-width:120px;font-family:Maple Mono CN,JetBrains Mono,monospace}.slash-desc{color:#565f89;font-size:11px}.tab-bar{display:flex;align-items:center;padding:0 8px;height:28px;background:#1a1b26;border-top:1px solid #292e42;flex-shrink:0;overflow-x:auto;gap:2px}.tab-bar::-webkit-scrollbar{height:0}.tab-item{display:flex;align-items:center;gap:6px;padding:2px 10px;font-size:12px;color:#565f89;cursor:pointer;border-bottom:2px solid transparent;white-space:nowrap;transition:color .15s ease,border-color .15s ease,background .15s ease;border-radius:4px 4px 0 0;-webkit-user-select:none;user-select:none;flex-shrink:0}.tab-item:hover{color:#a9b1d6;background:#7aa2f70d}.tab-item--active{color:#c0caf5;border-bottom-color:#7aa2f7;background:#7aa2f714}.tab-item__name{max-width:150px;overflow:hidden;text-overflow:ellipsis}.tab-item__count{font-size:10px;color:#414868}.tab-item__close{font-size:14px;line-height:1;color:inherit;opacity:0;background:none;border:none;cursor:pointer;padding:0 2px;border-radius:3px;transition:opacity .1s ease}.tab-item:hover .tab-item__close{opacity:.5}.tab-item__close:hover{opacity:1!important;color:#f7768e;background:#f7768e1a}.tab-item__rename-input{background:transparent;border:1px solid #7aa2f7;color:#c0caf5;font-size:12px;font-family:inherit;padding:0 4px;border-radius:2px;outline:none;width:100px}.tab-bar-add{background:none;border:1px solid transparent;color:#565f89;font-size:16px;line-height:1;padding:2px 8px;border-radius:4px;cursor:pointer;margin-left:4px;flex-shrink:0}.tab-bar-add:hover{color:#7aa2f7;border-color:#292e42;background:#7aa2f71a}.pdf-renderer{height:100%;overflow-y:auto;padding:12px;background:#1a1b26}.pdf-renderer canvas{display:block;margin:0 auto 8px;max-width:100%}.doc-expanded-overlay{position:fixed;top:0;right:0;bottom:0;left:0;z-index:100;background:#1a1b26;display:flex;flex-direction:column}.doc-expanded-header{display:flex;align-items:center;justify-content:space-between;padding:0 12px;height:32px;flex-shrink:0;background:#16161e;border-bottom:1px solid #292e42}.md-editor-actions{display:flex;align-items:center;gap:8px;padding:4px 8px;flex-shrink:0;background:#16161e;border-top:1px solid #292e42}