aicodeman 0.9.3 → 0.9.5

package/dist/web/routes/ws-routes.d.ts

@@ -27,5 +27,6 @@
  */
 import { FastifyInstance } from 'fastify';
 import type { SessionPort } from '../ports/session-port.js';
-export declare function registerWsRoutes(app: FastifyInstance, ctx: SessionPort): void;
+import { type HostPolicy } from '../network-auth-policy.js';
+export declare function registerWsRoutes(app: FastifyInstance, ctx: SessionPort, getHostPolicy: () => HostPolicy): void;
 //# sourceMappingURL=ws-routes.d.ts.map

package/dist/web/routes/ws-routes.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"ws-routes.d.ts","sourceRoot":"","sources":["../../../src/web/routes/ws-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE1C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AA8B5D,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,WAAW,GAAG,IAAI,CAiJ7E"}
+{"version":3,"file":"ws-routes.d.ts","sourceRoot":"","sources":["../../../src/web/routes/ws-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE1C,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAC;AAE5D,OAAO,EAAgD,KAAK,UAAU,EAAE,MAAM,2BAA2B,CAAC;AA6B1G,wBAAgB,gBAAgB,CAAC,GAAG,EAAE,eAAe,EAAE,GAAG,EAAE,WAAW,EAAE,aAAa,EAAE,MAAM,UAAU,GAAG,IAAI,CA4J9G"}

package/dist/web/routes/ws-routes.js

@@ -26,6 +26,7 @@
  *     {"t":"z","c":N,"r":N} — resize terminal
  */
 import { MAX_INPUT_LENGTH } from '../../config/terminal-limits.js';
+import { isAllowedRequestHost, isAllowedRequestOrigin } from '../network-auth-policy.js';
 /** Micro-batch interval for terminal output (ms). Short enough for low latency,
  *  long enough to group Ink's rapid cursor-up redraw sequences into single frames. */
 const WS_BATCH_INTERVAL_MS = 8;
@@ -46,8 +47,18 @@ const DEC_2026_END = '\x1b[?2026l';
 const MAX_WS_PER_SESSION = 5;
 /** Track active WS connections per session for connection limiting. */
 const sessionWsCount = new Map();
-export function registerWsRoutes(app, ctx) {
+export function registerWsRoutes(app, ctx, getHostPolicy) {
     app.get('/ws/sessions/:id/terminal', { websocket: true }, (socket, req) => {
+        // Reject cross-site WebSocket hijacking (CSWSH) and DNS-rebinding before doing
+        // anything: the upgrade must come from an allowed Host and (when the browser
+        // sends one — it always does for WS) a same-site Origin. Writing to this socket
+        // injects keystrokes into a --dangerously-skip-permissions agent, so this gate
+        // matters even on the default no-password install. See security review H5.
+        const policy = getHostPolicy();
+        if (!isAllowedRequestHost(req.headers.host, policy) || !isAllowedRequestOrigin(req.headers.origin, policy)) {
+            socket.close(4003, 'Forbidden');
+            return;
+        }
         const { id } = req.params;
         const session = ctx.sessions.get(id);
         if (!session) {

package/dist/web/routes/ws-routes.js.map

@@ -1 +1 @@
-{"version":3,"file":"ws-routes.js","sourceRoot":"","sources":["../../../src/web/routes/ws-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AAEnE;sFACsF;AACtF,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAE/B,iFAAiF;AACjF,MAAM,wBAAwB,GAAG,KAAK,CAAC;AAEvC;iFACiF;AACjF,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,oFAAoF;AACpF,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;+EAG+E;AAC/E,MAAM,cAAc,GAAG,aAAa,CAAC;AACrC,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC,6FAA6F;AAC7F,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,uEAAuE;AACvE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEjD,MAAM,UAAU,gBAAgB,CAAC,GAAoB,EAAE,GAAgB;IACrE,GAAG,CAAC,GAAG,CAA6B,2BAA2B,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,MAAiB,EAAE,GAAG,EAAE,EAAE;QAC/G,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC1B,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,EAAE,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC;QAEzC,qDAAqD;QACrD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAE7B,mCAAmC;QACnC,IAAI,WAAW,GAAa,EAAE,CAAC;QAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,UAAU,GAAyC,IAAI,CAAC;QAE5D,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,UAAU,GAAG,IAAI,CAAC;YAClB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBACxD,WAAW,GAAG,EAAE,CAAC;gBACjB,SAAS,GAAG,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClC,WAAW,GAAG,EAAE,CAAC;YACjB,SAAS,GAAG,CAAC,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,cAAc,GAAG,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,6DAA6D;QAC7D,8DAA8D;QAC9D,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBACpC,IAAI,GAAG,CAAC,CAAC,KAAK,GAAG,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAC/C,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,gBAAgB;wBAAE,OAAO;oBAC5C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvB,CAAC;qBAAM,IACL,GAAG,CAAC,CAAC,KAAK,GAAG;oBACb,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvB,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvB,GAAG,CAAC,CAAC,IAAI,CAAC;oBACV,GAAG,CAAC,CAAC,IAAI,GAAG;oBACZ,GAAG,CAAC,CAAC,IAAI,CAAC;oBACV,GAAG,CAAC,CAAC,IAAI,GAAG,EACZ,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,CAAC,IAAY,EAAE,EAAE;YAClC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC;gBAAE,OAAO;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;YAEzB,0EAA0E;YAC1E,IAAI,SAAS,GAAG,wBAAwB,EAAE,CAAC;gBACzC,IAAI,UAAU,EAAE,CAAC;oBACf,YAAY,CAAC,UAAU,CAAC,CAAC;gBAC3B,CAAC;gBACD,UAAU,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,UAAU,GAAG,UAAU,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,eAAe,GAAG,GAAG,EAAE;YAC3B,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,cAAc,GAAG,GAAG,EAAE;YAC1B,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC;QAEF,0EAA0E;QAC1E,qDAAqD;QACrD,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QAC3C,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACnC,OAAO,CAAC,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;QAC7C,OAAO,CAAC,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAC3C,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAElC,wEAAwE;QACxE,0CAA0C;QAC1C,IAAI,WAAW,GAAyC,IAAI,CAAC;QAE7D,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACrB,IAAI,WAAW,EAAE,CAAC;gBAChB,YAAY,CAAC,WAAW,CAAC,CAAC;gBAC1B,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE;YACpC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC;gBAAE,OAAO;YACpC,MAAM,CAAC,IAAI,EAAE,CAAC;YACd,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,CAAC,EAAE,kBAAkB,CAAC,CAAC;QACzB,CAAC,EAAE,mBAAmB,CAAC,CAAC;QAExB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,aAAa,CAAC,YAAY,CAAC,CAAC;YAC5B,IAAI,WAAW;gBAAE,YAAY,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,UAAU;gBAAE,YAAY,CAAC,UAAU,CAAC,CAAC;YACzC,WAAW,GAAG,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAEnC,yCAAyC;YACzC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACf,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC5B,CAAC;iBAAM,CAAC;gBACN,cAAc,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}
+{"version":3,"file":"ws-routes.js","sourceRoot":"","sources":["../../../src/web/routes/ws-routes.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;GA0BG;AAKH,OAAO,EAAE,gBAAgB,EAAE,MAAM,iCAAiC,CAAC;AACnE,OAAO,EAAE,oBAAoB,EAAE,sBAAsB,EAAmB,MAAM,2BAA2B,CAAC;AAE1G;sFACsF;AACtF,MAAM,oBAAoB,GAAG,CAAC,CAAC;AAE/B,iFAAiF;AACjF,MAAM,wBAAwB,GAAG,KAAK,CAAC;AAEvC;iFACiF;AACjF,MAAM,mBAAmB,GAAG,MAAM,CAAC;AAEnC,oFAAoF;AACpF,MAAM,kBAAkB,GAAG,MAAM,CAAC;AAElC;;;+EAG+E;AAC/E,MAAM,cAAc,GAAG,aAAa,CAAC;AACrC,MAAM,YAAY,GAAG,aAAa,CAAC;AAEnC,6FAA6F;AAC7F,MAAM,kBAAkB,GAAG,CAAC,CAAC;AAE7B,uEAAuE;AACvE,MAAM,cAAc,GAAG,IAAI,GAAG,EAAkB,CAAC;AAEjD,MAAM,UAAU,gBAAgB,CAAC,GAAoB,EAAE,GAAgB,EAAE,aAA+B;IACtG,GAAG,CAAC,GAAG,CAA6B,2BAA2B,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,EAAE,CAAC,MAAiB,EAAE,GAAG,EAAE,EAAE;QAC/G,+EAA+E;QAC/E,6EAA6E;QAC7E,gFAAgF;QAChF,+EAA+E;QAC/E,2EAA2E;QAC3E,MAAM,MAAM,GAAG,aAAa,EAAE,CAAC;QAC/B,IAAI,CAAC,oBAAoB,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,GAAG,CAAC,OAAO,CAAC,MAAM,EAAE,MAAM,CAAC,EAAE,CAAC;YAC3G,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,WAAW,CAAC,CAAC;YAChC,OAAO;QACT,CAAC;QAED,MAAM,EAAE,EAAE,EAAE,GAAG,GAAG,CAAC,MAAM,CAAC;QAC1B,MAAM,OAAO,GAAG,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAErC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,mBAAmB,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,uCAAuC;QACvC,MAAM,YAAY,GAAG,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;QACjD,IAAI,YAAY,IAAI,kBAAkB,EAAE,CAAC;YACvC,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,sBAAsB,CAAC,CAAC;YAC3C,OAAO;QACT,CAAC;QACD,cAAc,CAAC,GAAG,CAAC,EAAE,EAAE,YAAY,GAAG,CAAC,CAAC,CAAC;QAEzC,qDAAqD;QACrD,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;QAE7B,mCAAmC;QACnC,IAAI,WAAW,GAAa,EAAE,CAAC;QAC/B,IAAI,SAAS,GAAG,CAAC,CAAC;QAClB,IAAI,UAAU,GAAyC,IAAI,CAAC;QAE5D,MAAM,UAAU,GAAG,GAAG,EAAE;YACtB,UAAU,GAAG,IAAI,CAAC;YAClB,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBACxD,WAAW,GAAG,EAAE,CAAC;gBACjB,SAAS,GAAG,CAAC,CAAC;gBACd,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,WAAW,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAClC,WAAW,GAAG,EAAE,CAAC;YACjB,SAAS,GAAG,CAAC,CAAC;YACd,MAAM,CAAC,IAAI,CAAC,gBAAgB,IAAI,CAAC,SAAS,CAAC,cAAc,GAAG,IAAI,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC;QACvF,CAAC,CAAC;QAEF,6DAA6D;QAC7D,8DAA8D;QAC9D,MAAM,CAAC,EAAE,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,EAAE;YAC3B,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;gBACpC,IAAI,GAAG,CAAC,CAAC,KAAK,GAAG,IAAI,OAAO,GAAG,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;oBAC/C,IAAI,GAAG,CAAC,CAAC,CAAC,MAAM,GAAG,gBAAgB;wBAAE,OAAO;oBAC5C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;gBACvB,CAAC;qBAAM,IACL,GAAG,CAAC,CAAC,KAAK,GAAG;oBACb,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvB,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;oBACvB,GAAG,CAAC,CAAC,IAAI,CAAC;oBACV,GAAG,CAAC,CAAC,IAAI,GAAG;oBACZ,GAAG,CAAC,CAAC,IAAI,CAAC;oBACV,GAAG,CAAC,CAAC,IAAI,GAAG,EACZ,CAAC;oBACD,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;gBAC/B,CAAC;YACH,CAAC;YAAC,MAAM,CAAC;gBACP,4BAA4B;YAC9B,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,2CAA2C;QAC3C,MAAM,UAAU,GAAG,CAAC,IAAY,EAAE,EAAE;YAClC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC;gBAAE,OAAO;YACpC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACvB,SAAS,IAAI,IAAI,CAAC,MAAM,CAAC;YAEzB,0EAA0E;YAC1E,IAAI,SAAS,GAAG,wBAAwB,EAAE,CAAC;gBACzC,IAAI,UAAU,EAAE,CAAC;oBACf,YAAY,CAAC,UAAU,CAAC,CAAC;gBAC3B,CAAC;gBACD,UAAU,EAAE,CAAC;gBACb,OAAO;YACT,CAAC;YAED,qCAAqC;YACrC,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,UAAU,GAAG,UAAU,CAAC,UAAU,EAAE,oBAAoB,CAAC,CAAC;YAC5D,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,eAAe,GAAG,GAAG,EAAE;YAC3B,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC;QAEF,MAAM,cAAc,GAAG,GAAG,EAAE;YAC1B,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC,EAAE,CAAC;gBAC5B,MAAM,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAC3B,CAAC;QACH,CAAC,CAAC;QAEF,0EAA0E;QAC1E,qDAAqD;QACrD,MAAM,aAAa,GAAG,GAAG,EAAE;YACzB,MAAM,CAAC,KAAK,CAAC,IAAI,EAAE,oBAAoB,CAAC,CAAC;QAC3C,CAAC,CAAC;QAEF,OAAO,CAAC,EAAE,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QACnC,OAAO,CAAC,EAAE,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;QAC7C,OAAO,CAAC,EAAE,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;QAC3C,OAAO,CAAC,EAAE,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;QAElC,wEAAwE;QACxE,0CAA0C;QAC1C,IAAI,WAAW,GAAyC,IAAI,CAAC;QAE7D,MAAM,CAAC,EAAE,CAAC,MAAM,EAAE,GAAG,EAAE;YACrB,IAAI,WAAW,EAAE,CAAC;gBAChB,YAAY,CAAC,WAAW,CAAC,CAAC;gBAC1B,WAAW,GAAG,IAAI,CAAC;YACrB,CAAC;QACH,CAAC,CAAC,CAAC;QAEH,MAAM,YAAY,GAAG,WAAW,CAAC,GAAG,EAAE;YACpC,IAAI,MAAM,CAAC,UAAU,KAAK,CAAC;gBAAE,OAAO;YACpC,MAAM,CAAC,IAAI,EAAE,CAAC;YACd,WAAW,GAAG,UAAU,CAAC,GAAG,EAAE;gBAC5B,MAAM,CAAC,SAAS,EAAE,CAAC;YACrB,CAAC,EAAE,kBAAkB,CAAC,CAAC;QACzB,CAAC,EAAE,mBAAmB,CAAC,CAAC;QAExB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,GAAG,EAAE;YACtB,aAAa,CAAC,YAAY,CAAC,CAAC;YAC5B,IAAI,WAAW;gBAAE,YAAY,CAAC,WAAW,CAAC,CAAC;YAC3C,IAAI,UAAU;gBAAE,YAAY,CAAC,UAAU,CAAC,CAAC;YACzC,WAAW,GAAG,EAAE,CAAC;YACjB,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;YACpC,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;YAC9C,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,cAAc,CAAC,CAAC;YAC5C,OAAO,CAAC,GAAG,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;YAEnC,yCAAyC;YACzC,MAAM,KAAK,GAAG,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC;YAC1C,IAAI,KAAK,IAAI,CAAC,EAAE,CAAC;gBACf,cAAc,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC5B,CAAC;iBAAM,CAAC;gBACN,cAAc,CAAC,GAAG,CAAC,EAAE,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC;YACpC,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC"}

package/dist/web/self-update.d.ts

@@ -0,0 +1,112 @@
+/**
+ * @fileoverview Server-side logic for the in-app self-updater.
+ *
+ * Powers App Settings → Updates. Codeman is installed as a git clone and run
+ * under systemd (Linux) or launchd (macOS); updating means `git checkout <release
+ * tag> && npm install && npm run build && restart-the-service`. The hard part is
+ * that the update restarts the very process performing it, so the actual work
+ * runs in a DETACHED `scripts/self-update.sh` that outlives the restart, writing
+ * progress to `dataPath('update-status.json')` which the browser polls across the
+ * connection drop.
+ *
+ * Channel: latest tagged RELEASE (tags look like `codeman@0.9.3`). Dirty trees
+ * are auto-stashed (stash left for the user). Detection is manual (a button).
+ *
+ * Split into PURE helpers (semver/tag parsing, reconcile decision) that are unit
+ * tested, and IO wrappers (`getInstallInfo`, `checkForUpdate`, `startUpdate`,
+ * `reconcileUpdateOnBoot`) that touch git/network/fs.
+ *
+ * Related: `src/types/update.ts`, `scripts/self-update.sh`, routes in
+ * `src/web/routes/system-routes.ts`.
+ *
+ * @module web/self-update
+ */
+import type { InstallInfo, SupervisorKind, UpdateCheckResult, UpdateStatus } from '../types/update.js';
+export declare function isInFlight(status: UpdateStatus | null | undefined): boolean;
+export interface ParsedVersion {
+    major: number;
+    minor: number;
+    patch: number;
+    /** Non-empty for prereleases like `0.9.3-rc1`. */
+    prerelease: string;
+}
+/**
+ * Parse a semver out of a release tag. Accepts `codeman@0.9.3`, `aicodeman@0.9.3`,
+ * `v0.9.3`, and bare `0.9.3` (with optional `-prerelease`). Returns null if no
+ * `X.Y.Z` is present.
+ */
+export declare function parseVersionFromTag(tag: string): ParsedVersion | null;
+/** Compare two parsed versions. Returns >0 if a>b, <0 if a<b, 0 if equal. A release outranks a prerelease of the same X.Y.Z. */
+export declare function compareVersions(a: ParsedVersion, b: ParsedVersion): number;
+/** True when `latest` is a strictly newer STABLE version than `current`. */
+export declare function isNewerStableVersion(current: string, latest: string): boolean;
+/**
+ * From a list of `refs/tags/...` (or bare tag names), pick the highest STABLE
+ * release tag we recognize. Skips prereleases and unrecognized tags.
+ */
+export declare function pickLatestStableTag(tagRefs: string[]): {
+    tag: string;
+    version: string;
+} | null;
+/** Tags must match this before they're ever passed to the shell. */
+export declare function isValidReleaseTag(tag: string): boolean;
+/** Derive `{owner, repo}` from a GitHub SSH or HTTPS remote URL. */
+export declare function parseGitHubRepo(remoteUrl: string): {
+    owner: string;
+    repo: string;
+} | null;
+/**
+ * PURE boot-time reconcile decision. Given the persisted status, the version the
+ * freshly-booted process is actually running, and `now`, return the status to
+ * persist — or null to leave it untouched.
+ *
+ * Rules (see plan "Hardening"):
+ * - Terminal phases → untouched.
+ * - Only the `restarting` marker (written right before the updater triggers our
+ *   restart) flips to completed/failed by comparing running version vs. target.
+ * - Other in-flight phases are owned by the still-running updater scope — leave
+ *   them alone so a normal/crash restart mid-update isn't misreported.
+ * - A backstop staleness guard fails any in-flight status older than the window.
+ */
+export declare function reconcileStatusDecision(status: UpdateStatus | null, runningVersion: string, now: number): UpdateStatus | null;
+/** Read the persisted status; tolerant of a missing/torn file (returns null). */
+export declare function readUpdateStatus(): UpdateStatus | null;
+/** Write the status atomically (temp + rename — readers never see a torn file). */
+export declare function writeUpdateStatusAtomic(status: UpdateStatus): void;
+/** Reconcile the status file on server boot (call once, early in start()). */
+export declare function reconcileUpdateOnBoot(now?: number): void;
+/**
+ * Resolve the repo root from this module's location. Compiled to
+ * `dist/web/self-update.js` (or `src/web/self-update.ts` under tsx) → two levels
+ * up is the package root that holds `package.json` and `.git`. Matches the
+ * `require('../../package.json')` resolution in `server.ts`.
+ */
+export declare function resolveInstallDir(): string;
+/**
+ * Detect which init system supervises us. Detection happens HERE (in the running
+ * server, which has a rich env) and the result is passed to the updater script —
+ * the detached child must not re-probe with a stripped-down environment.
+ */
+export declare function detectSupervisor(): SupervisorKind;
+/** Inspect the running install: kind, dir, branch, dirtiness, supervisor, version. */
+export declare function getInstallInfo(): InstallInfo;
+/** Check the configured remote for a newer release than the running version. */
+export declare function checkForUpdate(): Promise<UpdateCheckResult>;
+export type StartUpdateResult = {
+    ok: true;
+    updateId: string;
+    toTag: string;
+    toVersion: string | null;
+} | {
+    ok: false;
+    code: 'disabled' | 'not-git' | 'in-flight' | 'up-to-date' | 'bad-tag' | 'error';
+    message: string;
+};
+/**
+ * Validate, snapshot the current commit, write the initial status, and spawn the
+ * detached updater. Returns immediately — progress is reported via the status file.
+ */
+export declare function startUpdate(): Promise<StartUpdateResult>;
+/** Current status for the polling endpoint; null collapses to an explicit idle. */
+export declare function getUpdateStatusForApi(): UpdateStatus;
+//# sourceMappingURL=self-update.d.ts.map

package/dist/web/self-update.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"self-update.d.ts","sourceRoot":"","sources":["../../src/web/self-update.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;;;;;GAsBG;AAWH,OAAO,KAAK,EACV,WAAW,EAEX,cAAc,EACd,iBAAiB,EAEjB,YAAY,EACb,MAAM,oBAAoB,CAAC;AA4B5B,wBAAgB,UAAU,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,GAAG,SAAS,GAAG,OAAO,CAE3E;AAMD,MAAM,WAAW,aAAa;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,kDAAkD;IAClD,UAAU,EAAE,MAAM,CAAC;CACpB;AAED;;;;GAIG;AACH,wBAAgB,mBAAmB,CAAC,GAAG,EAAE,MAAM,GAAG,aAAa,GAAG,IAAI,CASrE;AAED,gIAAgI;AAChI,wBAAgB,eAAe,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,EAAE,aAAa,GAAG,MAAM,CAS1E;AAED,4EAA4E;AAC5E,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAM7E;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,GAAG;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAkB9F;AAED,oEAAoE;AACpE,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAEtD;AAED,oEAAoE;AACpE,wBAAgB,eAAe,CAAC,SAAS,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,IAAI,EAAE,MAAM,CAAA;CAAE,GAAG,IAAI,CAIzF;AAED;;;;;;;;;;;;GAYG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,YAAY,GAAG,IAAI,EAC3B,cAAc,EAAE,MAAM,EACtB,GAAG,EAAE,MAAM,GACV,YAAY,GAAG,IAAI,CA4BrB;AAMD,iFAAiF;AACjF,wBAAgB,gBAAgB,IAAI,YAAY,GAAG,IAAI,CAOtD;AAED,mFAAmF;AACnF,wBAAgB,uBAAuB,CAAC,MAAM,EAAE,YAAY,GAAG,IAAI,CAIlE;AAED,8EAA8E;AAC9E,wBAAgB,qBAAqB,CAAC,GAAG,SAAa,GAAG,IAAI,CAI5D;AAmBD;;;;;GAKG;AACH,wBAAgB,iBAAiB,IAAI,MAAM,CAK1C;AASD;;;;GAIG;AACH,wBAAgB,gBAAgB,IAAI,cAAc,CAajD;AAMD,sFAAsF;AACtF,wBAAgB,cAAc,IAAI,WAAW,CAmB5C;AAyCD,gFAAgF;AAChF,wBAAsB,cAAc,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAgDjE;AAMD,MAAM,MAAM,iBAAiB,GACzB;IAAE,EAAE,EAAE,IAAI,CAAC;IAAC,QAAQ,EAAE,MAAM,CAAC;IAAC,KAAK,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,GAAG,IAAI,CAAA;CAAE,GACvE;IAAE,EAAE,EAAE,KAAK,CAAC;IAAC,IAAI,EAAE,UAAU,GAAG,SAAS,GAAG,WAAW,GAAG,YAAY,GAAG,SAAS,GAAG,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC;AAwDpH;;;GAGG;AACH,wBAAsB,WAAW,IAAI,OAAO,CAAC,iBAAiB,CAAC,CAwE9D;AAED,mFAAmF;AACnF,wBAAgB,qBAAqB,IAAI,YAAY,CAWpD"}