ai-or-die 0.1.67 → 0.1.68

package/README.md

@@ -112,9 +112,12 @@ Download from [Releases](https://github.com/animeshkundu/ai-or-die/releases) —
 ## Usage
 
 ```bash
-# Default — opens browser with secure token
+# Default — prints the URL (with secure token); does NOT auto-open a browser
 ai-or-die
 
+# Open the browser automatically on start
+ai-or-die --open
+
 # Custom port
 ai-or-die --port 8080
 
@@ -146,11 +149,11 @@ ai-or-die --stt
 | `--disable-auth` | Disable authentication | `false` |
 | `--tunnel` | Enable Microsoft Dev Tunnel | `false` |
 | `--tunnel-allow-anonymous` | Allow anonymous tunnel access | `false` |
-| `--https` | Enable HTTPS | `false` |
+| `--https` | Enable HTTPS (auto-generates a self-signed cert if `--cert`/`--key` not given) | `false` |
 | `--cert <path>` | SSL certificate file | |
 | `--key <path>` | SSL private key file | |
 | `--dev` | Verbose logging | `false` |
-| `--no-open` | Don't auto-open browser | `false` |
+| `--open` | Open the browser on start (never on supervised restart) | `false` |
 | `--plan <type>` | Subscription plan (`pro`, `max5`, `max20`) | `max20` |
 | `--stt` | Enable local speech-to-text | `false` |
 | `--stt-endpoint <url>` | External STT endpoint (OpenAI-compatible) | |
@@ -190,11 +193,13 @@ ai-or-die is an installable progressive web app. Open Settings → Install in th
 
 **Browser support**: Chrome / Edge / Samsung Internet support one-tap install. Firefox desktop does not have native install — use the browser menu to pin the tab. Safari iOS uses Share → Add to Home Screen.
 
-**Installing on LAN devices**: Browsers refuse to install PWAs over an HTTPS origin whose certificate isn't trusted by the device. The auto-generated cert from `--https` is self-signed, so a phone or tablet connecting to `https://<your-mac-ip>:7777` will see the in-app Install panel say *"Not available in this browser."* even though the browser supports install. Three ways around this:
+**Installing on LAN devices**: Browsers refuse to install PWAs over an HTTPS origin whose certificate isn't trusted by the device, and public CAs (Let's Encrypt etc.) won't issue certs for a LAN IP or `localhost`. The `--https` self-signed cert therefore triggers a browser warning, and the in-app Install panel will say *"Not available in this browser."* on a LAN IP. Ways to get an installable origin:
+
+1. **On the host machine itself** — just open **`http://localhost:<port>`**. `localhost` is a secure context, so the PWA installs with **no cert and no setup** (no `--https` needed).
+2. **On other devices** — use **`--tunnel`** *(recommended)*: Microsoft Dev Tunnels gives a public URL with a real publicly-trusted cert, so any device installs the PWA with **no per-device setup and no admin**.
+3. **Bring your own trusted cert** via `--cert` / `--key` (e.g. a cert for a hostname your devices already trust).
 
-1. **Use `--tunnel`** *(easiest)* — Microsoft Dev Tunnels gives you a public URL with a real Let's Encrypt cert. Devices install via the public URL with no setup.
-2. **Trust the self-signed cert** on each device — copy `~/.ai-or-die/certs/server.cert` to the device and install it as a trusted root in the OS certificate store.
-3. **Provide a CA-signed cert** via `--cert` / `--key`. [mkcert](https://github.com/FiloSottile/mkcert) is a low-friction option for development.
+See [docs/history/pwa-install-lan-self-signed-cert.md](docs/history/pwa-install-lan-self-signed-cert.md) for the underlying browser-policy reasoning.
 
 See [docs/history/pwa-install-lan-self-signed-cert.md](docs/history/pwa-install-lan-self-signed-cert.md) for the device-by-device procedure and the underlying browser-policy reasoning.
 

package/bin/ai-or-die.js

@@ -20,7 +20,7 @@ program
   .description('ai-or-die — Universal AI coding terminal')
   .version(require('../package.json').version)
   .option('-p, --port <number>', 'port to run the server on', '7777')
-  .option('--no-open', 'do not automatically open browser')
+  .option('--open', 'open the browser on start (default: off; never on supervised restart)')
   .option('--auth <token>', 'authentication token for secure access')
   .option('--disable-auth', 'disable authentication (not recommended for production)')
   .option('--https', 'enable HTTPS (auto-generates self-signed cert if --cert/--key not provided)')
@@ -38,8 +38,11 @@ program
   .option('--stt', 'enable local speech-to-text (downloads ~670MB Parakeet V3 model on first use)')
   .option('--stt-endpoint <url>', 'use external STT endpoint (OpenAI-compatible)')
   .option('--stt-model-dir <path>', 'custom directory for STT model files')
-  .option('--stt-threads <number>', 'CPU threads for STT inference (default: auto, max 4)')
-  .parse();
+  .option('--stt-threads <number>', 'CPU threads for STT inference (default: auto, max 4)');
+
+// Auto-open is OFF by default and opt-in via --open. Legacy callers may still pass
+// --no-open (the old opt-out flag); filter it out so it parses harmlessly as a no-op.
+program.parse(process.argv.filter((arg) => arg !== '--no-open'));
 
 const options = program.opts();
 
@@ -131,7 +134,11 @@ async function main() {
       console.log('   For LAN access, restart with \x1b[1m--https\x1b[0m or \x1b[1m--tunnel\x1b[0m.');
     }
 
-    // Dev tunnel or browser open
+    // Dev tunnel or browser open.
+    // Auto-open only when explicitly requested (--open) AND this is the first launch,
+    // never on a supervised restart (the supervisor sets AOD_SUPERVISOR_RESTART on respawn),
+    // so crash/memory restarts don't spawn a new browser tab each time.
+    const shouldOpen = !!options.open && !process.env.AOD_SUPERVISOR_RESTART;
     let tunnel = null;
     if (options.tunnel) {
       const { TunnelManager } = require('../src/tunnel-manager');
@@ -141,12 +148,12 @@ async function main() {
         dev: options.dev,
         onUrl: (tunnelUrl) => {
           console.log(`\n  \x1b[1m\x1b[32mTunnel ready:\x1b[0m \x1b[1m\x1b[4m${tunnelUrl}\x1b[0m\n`);
-          if (open && options.open) open(tunnelUrl).catch(() => {});
+          if (open && shouldOpen) open(tunnelUrl).catch(() => {});
         }
       });
       app.setTunnelManager(tunnel);
       await tunnel.start();
-    } else if (options.open) {
+    } else if (shouldOpen) {
       try { if (open) await open(url); } catch (error) {
         console.warn('  Could not automatically open browser:', error.message);
       }

package/bin/supervisor.js

@@ -45,6 +45,7 @@ const forwardedArgs = process.argv.slice(2);
 
 let child = null;
 let shuttingDown = false;
+let spawnCount = 0;
 let crashTimestamps = [];
 let pendingRestartTimer = null;
 
@@ -110,9 +111,18 @@ function startServer() {
   pendingRestartTimer = null;
   const nodeArgs = ['--expose-gc', serverScript, ...forwardedArgs];
 
+  // Mark every spawn after the first as a supervised restart, so the child suppresses
+  // browser auto-open (--open) on crash/memory restarts and only opens on first launch.
+  const isRestart = spawnCount > 0;
+  spawnCount += 1;
+
   child = spawn(process.execPath, nodeArgs, {
     stdio: ['inherit', 'inherit', 'inherit', 'ipc'],
-    env: { ...process.env, SUPERVISED: '1' }
+    env: {
+      ...process.env,
+      SUPERVISED: '1',
+      ...(isRestart ? { AOD_SUPERVISOR_RESTART: '1' } : {})
+    }
   });
 
   // Flush a queued supervisor_warning into the new child's IPC channel.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-or-die",
-  "version": "0.1.67",
+  "version": "0.1.68",
   "description": "Universal AI coding terminal — Claude, Copilot, Gemini & more in your browser",
   "main": "src/server.js",
   "bin": {

package/src/public/app.js

@@ -3756,6 +3756,14 @@ class ClaudeCodeWebInterface {
             case 'dismissed':
                 statusText.textContent = 'Install was cancelled. Reload the page to try again.';
                 break;
+            case 'unavailable':
+                // Chromium-family browser in a secure context, but beforeinstallprompt
+                // hasn't fired yet (engagement-gated, or already consumed). The app can't
+                // trigger install itself, but the browser's own menu can — and the
+                // beforeinstallprompt listener stays active, so this upgrades to 'available'
+                // if the event fires later.
+                statusText.textContent = 'If no install button appears, use your browser menu → "Install this site as an app".';
+                break;
             default:
                 statusText.textContent = 'Not available in this browser.';
                 break;

package/src/public/index.html

@@ -16,7 +16,10 @@
     <meta name="format-detection" content="telephone=no">
     
     <!-- Web App Manifest -->
-    <link rel="manifest" href="/manifest.json">
+    <!-- crossorigin=use-credentials: send the session cookie with the manifest (and its icon)
+         fetches so they are not redirected to an auth page behind a credentialed proxy/tunnel
+         (e.g. Microsoft devtunnel), which otherwise 404s the manifest and breaks installability. -->
+    <link rel="manifest" href="/manifest.json" crossorigin="use-credentials">
     
     <!-- Icons for various platforms -->
     <link rel="icon" type="image/png" sizes="32x32" href="/icon-32.png">

package/src/public/manifest.json

@@ -37,7 +37,7 @@
     }
   ],
   "categories": ["developer", "productivity", "utilities"],
-  "lang": "en-US",
+  "lang": "en-IN",
   "dir": "ltr",
   "prefer_related_applications": false,
   "shortcuts": [

package/src/public/voice-handler.js

@@ -135,7 +135,7 @@ SpeechRecognitionRecorder.prototype.start = function () {
     var recognition = new SpeechRecognitionCtor();
     recognition.continuous = true;
     recognition.interimResults = false;
-    recognition.lang = 'en-US';
+    recognition.lang = 'en-IN';
 
     self._recognition = recognition;
     self._resultText = '';

package/src/server.js

@@ -913,34 +913,11 @@ class ClaudeCodeWebServer {
       fallthrough: false,
     }));
 
-    // PWA Icon routes - generate ai-or-die brain/terminal icon dynamically
-    const iconSizes = [16, 32, 144, 180, 192, 512];
-    iconSizes.forEach(size => {
-      this.app.get(`/icon-${size}.png`, (req, res) => {
-        const s = size;
-        const r = s * 0.1;
-        const svg = `
-          <svg width="${s}" height="${s}" viewBox="0 0 100 100" xmlns="http://www.w3.org/2000/svg">
-            <rect width="100" height="100" fill="#1a1a1a" rx="${r > 1 ? 10 : 0}"/>
-            <path d="M50 18 C28 18 18 32 18 48 C18 58 24 66 32 70 L32 74 C32 78 36 80 40 78 L44 76"
-                  fill="none" stroke="#ff6b00" stroke-width="3.5" stroke-linecap="round" opacity="0.6"/>
-            <path d="M50 18 C72 18 82 32 82 48 C82 58 76 66 68 70 L68 74 C68 78 64 80 60 78 L56 76"
-                  fill="none" stroke="#ff6b00" stroke-width="3.5" stroke-linecap="round" opacity="0.6"/>
-            <circle cx="38" cy="38" r="3" fill="#ff6b00" opacity="0.5"/>
-            <circle cx="62" cy="38" r="3" fill="#ff6b00" opacity="0.5"/>
-            <circle cx="50" cy="28" r="2.5" fill="#ff6b00" opacity="0.4"/>
-            <text x="50" y="62" text-anchor="middle" dominant-baseline="middle"
-                  font-family="'JetBrains Mono',monospace" font-size="28" font-weight="700" fill="#ff6b00">
-              &gt;_
-            </text>
-          </svg>
-        `;
-        const svgBuffer = Buffer.from(svg);
-        res.setHeader('Content-Type', 'image/svg+xml');
-        res.setHeader('Cache-Control', 'public, max-age=31536000');
-        res.send(svgBuffer);
-      });
-    });
+    // PWA icons are static PNG files in src/public/ (icon-<size>.png), served by
+    // express.static above (or the SEA asset middleware). They are real PNGs so the
+    // served Content-Type matches the manifest's declared `image/png` — required for
+    // Chromium installability and iOS apple-touch-icon. Regenerate with
+    // `node scripts/generate-pwa-icons.js`.
 
     // PWA Screenshot routes - serve pre-built branded screenshots
     this.app.get('/screenshot-wide.png', (req, res) => {
@@ -3022,7 +2999,11 @@ class ClaudeCodeWebServer {
         cert = fs.readFileSync(this.certFile);
         key = fs.readFileSync(this.keyFile);
       } else {
-        // Auto-generate self-signed cert for LAN use
+        // Auto-generate self-signed cert for LAN use.
+        // Note: a self-signed cert is not a trusted "secure context", so on a LAN IP the
+        // browser warns and the PWA can't be installed. For an installable trusted origin
+        // use --tunnel (public cert, no admin) or access the app on http://localhost (a
+        // secure context with no cert needed).
         const { ensureCert } = require('./utils/self-signed-cert');
         const certInfo = ensureCert();
         cert = certInfo.cert;
@@ -3034,6 +3015,7 @@ class ClaudeCodeWebServer {
         }
         console.log(`        Cached at: ${certInfo.certPath}`);
         console.log('        Browsers will show a security warning on first visit.');
+        console.log('        For a trusted, installable origin use \x1b[1m--tunnel\x1b[0m.');
       }
       server = https.createServer({ cert, key }, this.app);
     } else {