anyagent-bridge 0.5.0

package/client/index.html

@@ -0,0 +1,525 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="UTF-8" />
+<meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no" />
+<meta name="theme-color" content="#0d1117" />
+<title>AnyAgent Bridge</title>
+<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@xterm/xterm@5.5.0/css/xterm.min.css" />
+<style>
+  :root {
+    --bg: #0d1117;
+    --bar: #161b22;
+    --border: #30363d;
+    --fg: #c9d1d9;
+    --muted: #8b949e;
+    --accent: #2f81f7;
+    --green: #3fb950;
+    --red: #f85149;
+    --yellow: #d29922;
+  }
+  * { box-sizing: border-box; }
+  html, body {
+    margin: 0; padding: 0; height: 100%;
+    background: var(--bg); color: var(--fg);
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif;
+    overflow: hidden;
+  }
+  #app { display: flex; flex-direction: column; height: 100dvh; }
+
+  #bar {
+    display: flex; align-items: center; gap: 8px;
+    padding: 8px 10px;
+    background: var(--bar);
+    border-bottom: 1px solid var(--border);
+    flex-wrap: wrap;
+    flex: 0 0 auto;
+  }
+  #bar .title {
+    font-weight: 600; font-size: 14px; letter-spacing: .2px;
+    margin-right: 4px; white-space: nowrap;
+  }
+  #bar .title .dot { color: var(--accent); }
+  select, button, input {
+    font-family: inherit; font-size: 13px;
+    background: #0d1117; color: var(--fg);
+    border: 1px solid var(--border); border-radius: 6px;
+    padding: 6px 9px; outline: none;
+  }
+  select:focus, button:focus, input:focus { border-color: var(--accent); }
+  button {
+    cursor: pointer; background: #21262d; transition: background .15s, border-color .15s;
+  }
+  button:hover { background: #30363d; }
+  button.primary { background: var(--accent); border-color: var(--accent); color: #fff; font-weight: 600; }
+  button.primary:hover { background: #4493f8; }
+  button:disabled { opacity: .5; cursor: not-allowed; }
+
+  .spacer { flex: 1 1 auto; }
+
+  #status {
+    display: inline-flex; align-items: center; gap: 6px;
+    font-size: 12px; color: var(--muted); white-space: nowrap;
+  }
+  #status .led {
+    width: 9px; height: 9px; border-radius: 50%;
+    background: var(--muted); box-shadow: 0 0 0 0 rgba(0,0,0,0);
+  }
+  #status.connected .led { background: var(--green); box-shadow: 0 0 6px var(--green); }
+  #status.connecting .led { background: var(--yellow); box-shadow: 0 0 6px var(--yellow); }
+  #status.disconnected .led { background: var(--red); }
+
+  #termwrap {
+    flex: 1 1 auto; position: relative;
+    padding: 6px 4px 4px 8px; min-height: 0;
+    background: var(--bg);
+  }
+  #terminal { width: 100%; height: 100%; }
+
+  /* Token gate overlay */
+  #gate {
+    position: fixed; inset: 0; z-index: 50;
+    background: rgba(13,17,23,.96);
+    display: flex; align-items: center; justify-content: center;
+    padding: 20px;
+  }
+  #gate .card {
+    background: var(--bar); border: 1px solid var(--border);
+    border-radius: 12px; padding: 24px; width: 100%; max-width: 380px;
+    box-shadow: 0 12px 40px rgba(0,0,0,.5);
+  }
+  #gate h1 { margin: 0 0 4px; font-size: 18px; }
+  #gate h1 .dot { color: var(--accent); }
+  #gate p { margin: 0 0 16px; color: var(--muted); font-size: 13px; line-height: 1.5; }
+  #gate label { display: block; font-size: 12px; color: var(--muted); margin-bottom: 6px; }
+  #gate input { width: 100%; margin-bottom: 12px; }
+  #gate button { width: 100%; }
+  #gate .err { color: var(--red); font-size: 12px; margin: 0 0 10px; min-height: 16px; }
+  #gate .divider { display: flex; align-items: center; gap: 8px; color: var(--muted); font-size: 11px; margin: 14px 0 10px; }
+  #gate .divider::before, #gate .divider::after { content: ""; flex: 1; height: 1px; background: var(--border); }
+  #gate .oauthBtn { margin-bottom: 8px; background: #21262d; }
+  #gate .oauthBtn:hover { background: #30363d; }
+
+  @media (max-width: 640px) {
+    #bar .title { width: 100%; margin-bottom: 2px; }
+    select, button, input { font-size: 12px; padding: 7px 9px; }
+    #status { margin-left: auto; }
+  }
+</style>
+</head>
+<body>
+<div id="app">
+  <div id="bar">
+    <span class="title">AnyAgent<span class="dot">·</span>Bridge</span>
+    <select id="agentSel" title="Agent"></select>
+    <button id="startBtn">Start</button>
+    <select id="projectSel" title="Project" style="display:none"></select>
+    <span class="spacer"></span>
+    <span id="status" class="disconnected"><span class="led"></span><span id="statusText">disconnected</span></span>
+  </div>
+  <div id="termwrap"><div id="terminal"></div></div>
+</div>
+
+<div id="gate">
+  <div class="card">
+    <h1>AnyAgent<span class="dot">·</span>Bridge</h1>
+    <p id="gateMsg">Enter the access token printed in the server console to connect.</p>
+    <p class="err" id="gateErr"></p>
+    <label for="tokenInput">Access token</label>
+    <input id="tokenInput" type="password" autocomplete="off" autocapitalize="off" autocorrect="off" spellcheck="false" placeholder="paste token…" />
+    <div id="totpRow" style="display:none">
+      <label for="totpInput">2FA code</label>
+      <input id="totpInput" type="text" inputmode="numeric" autocomplete="one-time-code" spellcheck="false" placeholder="6-digit code" />
+    </div>
+    <button class="primary" id="gateBtn">Connect</button>
+    <div id="oauthRow" style="display:none">
+      <div class="divider">or</div>
+      <button class="oauthBtn" id="oauthGoogle" data-provider="google" style="display:none">Continue with Google</button>
+      <button class="oauthBtn" id="oauthGithub" data-provider="github" style="display:none">Continue with GitHub</button>
+    </div>
+  </div>
+</div>
+
+<script src="https://cdn.jsdelivr.net/npm/@xterm/xterm@5.5.0/lib/xterm.min.js"></script>
+<script src="https://cdn.jsdelivr.net/npm/@xterm/addon-fit@0.10.0/lib/addon-fit.min.js"></script>
+<script>
+(function () {
+  "use strict";
+
+  // ---------- DOM ----------
+  const $ = (id) => document.getElementById(id);
+  const gate = $("gate"), gateBtn = $("gateBtn"), gateErr = $("gateErr"), tokenInput = $("tokenInput");
+  const gateMsg = $("gateMsg"), totpRow = $("totpRow"), totpInput = $("totpInput");
+  const oauthRow = $("oauthRow"), oauthGoogle = $("oauthGoogle"), oauthGithub = $("oauthGithub");
+  const agentSel = $("agentSel"), startBtn = $("startBtn"), projectSel = $("projectSel");
+  const statusEl = $("status"), statusText = $("statusText");
+
+  // ---------- State ----------
+  let token = null;
+  let ws = null;
+  let term = null;
+  let fitAddon = null;
+  let connected = false;
+  let manualClose = false;
+  let reconnectTimer = null;
+  let reconnectDelay = 1000;        // backoff base
+  const MAX_RECONNECT_DELAY = 15000;
+  let pingTimer = null;
+
+  // ---------- Status UI ----------
+  function setStatus(state, text) {
+    statusEl.className = state;
+    statusText.textContent = text || state;
+  }
+
+  // ---------- Terminal ----------
+  function initTerminal() {
+    if (term) return;
+    term = new Terminal({
+      cursorBlink: true,
+      fontFamily: 'Menlo, Monaco, "Cascadia Code", "Courier New", monospace',
+      fontSize: window.innerWidth < 640 ? 12 : 13,
+      scrollback: 10000,
+      theme: {
+        background: "#0d1117",
+        foreground: "#c9d1d9",
+        cursor: "#2f81f7",
+        cursorAccent: "#0d1117",
+        selectionBackground: "#264f78",
+        black: "#484f58", red: "#ff7b72", green: "#3fb950", yellow: "#d29922",
+        blue: "#58a6ff", magenta: "#bc8cff", cyan: "#39c5cf", white: "#b1bac4",
+        brightBlack: "#6e7681", brightRed: "#ffa198", brightGreen: "#56d364",
+        brightYellow: "#e3b341", brightBlue: "#79c0ff", brightMagenta: "#d2a8ff",
+        brightCyan: "#56d4dd", brightWhite: "#f0f6fc"
+      }
+    });
+    fitAddon = new FitAddon.FitAddon();
+    term.loadAddon(fitAddon);
+    term.open($("terminal"));
+    safeFit();
+
+    // keystrokes -> server
+    term.onData((data) => {
+      send({ type: "input", data });
+    });
+
+    window.addEventListener("resize", onResize, { passive: true });
+    // Some mobile browsers need a delayed refit after the keyboard toggles
+    window.addEventListener("orientationchange", () => setTimeout(onResize, 300));
+  }
+
+  function safeFit() {
+    try { fitAddon && fitAddon.fit(); } catch (_) {}
+  }
+
+  let resizeRaf = null;
+  function onResize() {
+    if (resizeRaf) cancelAnimationFrame(resizeRaf);
+    resizeRaf = requestAnimationFrame(() => {
+      safeFit();
+      if (connected && term) {
+        send({ type: "resize", cols: term.cols, rows: term.rows });
+      }
+    });
+  }
+
+  // ---------- WebSocket ----------
+  function wsUrl() {
+    const proto = location.protocol === "https:" ? "wss:" : "ws:";
+    // With a JS-held session/static token, pass it as ?token=. For cookie-based
+    // sessions (OAuth) there is no JS token — the browser sends the session
+    // cookie on the upgrade automatically, so connect with no query.
+    const q = token ? `?token=${encodeURIComponent(token)}` : "";
+    return `${proto}//${location.host}/ws${q}`;
+  }
+
+  function connect() {
+    clearTimeout(reconnectTimer);
+    manualClose = false;
+    setStatus("connecting", "connecting…");
+
+    try {
+      ws = new WebSocket(wsUrl());
+    } catch (e) {
+      scheduleReconnect();
+      return;
+    }
+
+    ws.onopen = () => {
+      connected = true;
+      reconnectDelay = 1000;
+      setStatus("connected", "connected");
+      // initialize PTY with current geometry
+      send({ type: "init", cols: term ? term.cols : 80, rows: term ? term.rows : 24 });
+      startPing();
+    };
+
+    ws.onmessage = (ev) => {
+      let msg;
+      try { msg = JSON.parse(ev.data); } catch (_) { return; }
+      handle(msg);
+    };
+
+    ws.onclose = (ev) => {
+      connected = false;
+      stopPing();
+      if (manualClose) { setStatus("disconnected", "disconnected"); return; }
+      // 1008 / 4401-style auth failures: surface to the gate
+      if (ev.code === 1008 || ev.code === 4401) {
+        showGate("Authentication failed — check the token.");
+        return;
+      }
+      setStatus("disconnected", "reconnecting…");
+      scheduleReconnect();
+    };
+
+    ws.onerror = () => {
+      // onclose will follow; just reflect state
+      if (!connected) setStatus("disconnected", "connection error");
+    };
+  }
+
+  function scheduleReconnect() {
+    clearTimeout(reconnectTimer);
+    reconnectTimer = setTimeout(() => {
+      if (!manualClose) connect();
+    }, reconnectDelay);
+    reconnectDelay = Math.min(reconnectDelay * 1.7, MAX_RECONNECT_DELAY);
+  }
+
+  function send(obj) {
+    if (ws && ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify(obj));
+      return true;
+    }
+    return false;
+  }
+
+  function startPing() {
+    stopPing();
+    pingTimer = setInterval(() => send({ type: "ping" }), 25000);
+  }
+  function stopPing() {
+    if (pingTimer) { clearInterval(pingTimer); pingTimer = null; }
+  }
+
+  // ---------- Server -> client messages ----------
+  function handle(msg) {
+    switch (msg.type) {
+      case "ready":
+        // session established; nothing required, but resync size
+        if (connected && term) send({ type: "resize", cols: term.cols, rows: term.rows });
+        break;
+      case "output":
+        if (term && typeof msg.data === "string") term.write(msg.data);
+        break;
+      case "exit":
+        if (term) term.write("\r\n\x1b[33m[process exited]\x1b[0m\r\n");
+        break;
+      case "pong":
+        break;
+      case "error":
+        if (term) term.write(`\r\n\x1b[31m[error] ${msg.message || ""}\x1b[0m\r\n`);
+        if (/auth/i.test(msg.message || "")) showGate(msg.message);
+        break;
+      default:
+        // ignore unknown (forward-compat: detached, etc.)
+        break;
+    }
+  }
+
+  // ---------- REST: agents + projects ----------
+  async function api(path) {
+    // Always include cookies (cookie-based OAuth sessions); add the Bearer header
+    // too when we hold a JS token (static token / token-login session).
+    const headers = token ? { Authorization: "Bearer " + token } : {};
+    const res = await fetch(path, { credentials: "include", headers });
+    if (res.status === 401 || res.status === 403) {
+      const err = new Error("unauthorized"); err.unauthorized = true; throw err;
+    }
+    if (!res.ok) throw new Error("HTTP " + res.status);
+    return res.json();
+  }
+
+  async function loadAgents() {
+    let list = [];
+    try {
+      const data = await api("/api/agents");
+      list = Array.isArray(data) ? data : (data.agents || []);
+    } catch (e) {
+      if (e.unauthorized) throw e;
+      // leave empty; Start disabled
+    }
+    agentSel.innerHTML = "";
+    if (!list.length) {
+      const opt = document.createElement("option");
+      opt.textContent = "(no agents)"; opt.value = "";
+      agentSel.appendChild(opt);
+      startBtn.disabled = true;
+      return;
+    }
+    startBtn.disabled = false;
+    for (const a of list) {
+      const opt = document.createElement("option");
+      opt.value = a.id;
+      opt.textContent = a.name || a.id;
+      agentSel.appendChild(opt);
+    }
+  }
+
+  async function loadProjects() {
+    let list = [];
+    try {
+      const data = await api("/api/projects");
+      list = Array.isArray(data) ? data : (data.projects || []);
+    } catch (e) {
+      if (e.unauthorized) throw e;
+    }
+    if (!list.length) { projectSel.style.display = "none"; return; }
+    projectSel.innerHTML = "";
+    const none = document.createElement("option");
+    none.value = ""; none.textContent = "Project…";
+    projectSel.appendChild(none);
+    for (const p of list) {
+      const opt = document.createElement("option");
+      opt.value = p.path || p.name || "";
+      opt.textContent = p.name || p.path || "project";
+      projectSel.appendChild(opt);
+    }
+    projectSel.style.display = "";
+  }
+
+  // ---------- Start agent ----------
+  startBtn.addEventListener("click", () => {
+    const agentId = agentSel.value;
+    if (!agentId) return;
+    send({ type: "startAgent", agentId });
+    if (term) term.focus();
+  });
+
+  // ---------- Login gate ----------
+  function showGate(errMsg) {
+    setStatus("disconnected", "disconnected");
+    manualClose = true;
+    if (ws) { try { ws.close(); } catch (_) {} ws = null; }
+    gateErr.textContent = errMsg || "";
+    gate.style.display = "flex";
+    setTimeout(() => tokenInput.focus(), 50);
+  }
+
+  function hideGate() { gate.style.display = "none"; }
+
+  // Exchange a token (+ optional 2FA code) for a session (also sets an httpOnly
+  // session cookie). Returns { token } | { needTotp } | { error }.
+  async function tokenLogin(tokenValue, totpCode) {
+    let res, data;
+    try {
+      res = await fetch("/api/auth/login", {
+        method: "POST", credentials: "include",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ token: tokenValue, totp: totpCode || undefined })
+      });
+      data = await res.json().catch(() => ({}));
+    } catch (e) { return { error: "Network error — is the server running?" }; }
+    if (res.status === 429) return { error: (data && data.message) || "Too many attempts. Try later." };
+    if (data && data.needTotp) return { needTotp: true };
+    if (data && data.ok && data.token) return { token: data.token };
+    return { error: (data && (data.reason || data.message)) || "Invalid token." };
+  }
+
+  async function startSession() {
+    try { await loadAgents(); await loadProjects(); }
+    catch (e) { if (e.unauthorized) { showGate("Authentication failed."); return false; } }
+    hideGate(); initTerminal(); connect(); return true;
+  }
+
+  // Resume an existing cookie session (set by OAuth, or a prior token login).
+  async function cookieResume() {
+    try {
+      const res = await fetch("/api/auth/me", { credentials: "include" });
+      if (res.ok) { token = null; return await startSession(); }
+    } catch (_) {}
+    return false;
+  }
+
+  async function submitToken() {
+    const v = tokenInput.value.trim();
+    if (!v) { gateErr.textContent = "Token required."; return; }
+    const code = totpRow.style.display !== "none" ? totpInput.value.trim() : "";
+    gateBtn.disabled = true; gateErr.textContent = "";
+    const r = await tokenLogin(v, code);
+    gateBtn.disabled = false;
+    if (r.needTotp) {
+      totpRow.style.display = "";
+      gateMsg.textContent = "Two-factor required — enter your 6-digit code.";
+      setTimeout(() => totpInput.focus(), 30);
+      return;
+    }
+    if (r.error) { gateErr.textContent = r.error; return; }
+    token = r.token;
+    await startSession();
+  }
+
+  gateBtn.addEventListener("click", submitToken);
+  tokenInput.addEventListener("keydown", (e) => { if (e.key === "Enter") submitToken(); });
+  totpInput.addEventListener("keydown", (e) => { if (e.key === "Enter") submitToken(); });
+
+  function wireOauth(btn) {
+    btn.addEventListener("click", () => { window.location.href = "/api/auth/oauth/" + btn.dataset.provider + "/start"; });
+  }
+  wireOauth(oauthGoogle);
+  wireOauth(oauthGithub);
+
+  async function loadLoginConfig() {
+    try {
+      const res = await fetch("/api/auth/config", { credentials: "include" });
+      if (!res.ok) return;
+      const cfg = await res.json();
+      const o = (cfg.methods && cfg.methods.oauth) || {};
+      let any = false;
+      if (o.google) { oauthGoogle.style.display = ""; any = true; }
+      if (o.github) { oauthGithub.style.display = ""; any = true; }
+      if (any) oauthRow.style.display = "";
+    } catch (_) {}
+  }
+
+  // ---------- Bootstrap ----------
+  (async function boot() {
+    const params = new URLSearchParams(location.search);
+    const authError = params.get("auth_error");
+
+    await loadLoginConfig();
+
+    // 1) explicit ?token= bootstrap link from the server console
+    const t = params.get("token");
+    if (t) {
+      params.delete("token");
+      history.replaceState(null, "", location.pathname + (params.toString() ? "?" + params.toString() : ""));
+      tokenInput.value = t;
+      const r = await tokenLogin(t, "");
+      if (r.needTotp) {
+        showGate("");
+        totpRow.style.display = "";
+        gateMsg.textContent = "Two-factor required — enter your 6-digit code.";
+        setTimeout(() => totpInput.focus(), 30);
+        return;
+      }
+      if (r.token) { token = r.token; await startSession(); return; }
+      showGate(r.error || "Invalid token.");
+      return;
+    }
+
+    // 2) existing cookie session (OAuth return, or a remembered login)
+    if (await cookieResume()) {
+      if (authError) history.replaceState(null, "", location.pathname);
+      return;
+    }
+
+    // 3) otherwise, prompt
+    showGate(authError ? ("Login failed: " + authError) : "");
+    if (authError) history.replaceState(null, "", location.pathname);
+  })();
+})();
+</script>
+</body>
+</html>

package/config.example.json

@@ -0,0 +1,69 @@
+{
+  "host": "127.0.0.1",
+  "port": 3001,
+  "shell": null,
+  "auth": {
+    "token": null,
+    "sessionTtlHours": 12,
+    "sessionSecret": null,
+    "requireLogin": false,
+    "totp": { "enabled": true, "issuer": "AnyAgent Bridge", "label": "operator" },
+    "oauth": {
+      "enabled": false,
+      "callbackBaseUrl": null,
+      "claimFirstUser": true,
+      "google": { "clientId": null, "clientSecret": null, "allowedEmails": [] },
+      "github": { "clientId": null, "clientSecret": null, "allowedLogins": [] }
+    }
+  },
+  "agents": [
+    { "id": "claude", "name": "Claude Code", "command": "claude" },
+    { "id": "codex", "name": "Codex", "command": "codex" }
+  ],
+  "projects": [],
+  "allowedPaths": [],
+  "sessionTimeoutDays": 7,
+  "tunnel": {
+    "enabled": false,
+    "provider": "devtunnel",
+    "urlTimeoutMs": 30000,
+    "killGraceMs": 4000,
+    "restart": { "maxPerWindow": 5, "windowMs": 10000, "backoffMs": 5000, "backoffMaxMs": 60000 },
+
+    "devtunnel": { "tunnelId": null, "allowAnonymous": true, "extraArgs": [] },
+    "cloudflare-quick": { "extraArgs": [] },
+    "tailscale": { "extraArgs": [] },
+    "cloudflared-named": { "tunnelName": null, "hostname": null, "extraArgs": [] }
+  },
+
+  "safety": {
+    "enabled": false,
+    "trustProxy": false,
+
+    "sandbox": {
+      "enabled": false,
+      "image": null,
+      "network": "bridge",
+      "mountMode": "rw",
+      "workdir": "/workspace",
+      "shell": null,
+      "memory": "2g",
+      "cpus": "2",
+      "pidsLimit": 512,
+      "noNewPrivileges": true,
+      "readOnlyRootfs": false,
+      "dropAllCaps": false,
+      "runAsHostUser": false,
+      "envPassthrough": ["ANTHROPIC_API_KEY", "OPENAI_API_KEY"],
+      "onDockerMissing": "host",
+      "onMissingProject": "host",
+      "extraArgs": []
+    },
+
+    "killSwitch": { "enabled": true, "lockOnPanic": true, "stopTunnelOnPanic": true, "persistLock": true },
+
+    "audit": { "enabled": false, "dir": null, "includeReads": false, "maxFileBytes": 10485760, "retentionDays": 30 },
+
+    "redaction": { "liveStream": false, "auditAlways": true, "maxHoldBytes": 8192 }
+  }
+}