bloby-bot 0.53.9 → 0.53.10

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bloby-bot",
-  "version": "0.53.9",
+  "version": "0.53.10",
   "releaseNotes": [
     "1. New Morphy animation system: config-driven sprites loaded from /morphy/*.json",
     "2. Swapped teleporting (splash) and headphones (bubble + chat) to the new format",

package/supervisor/chat/bloby-main.tsx

@@ -197,7 +197,7 @@ function BlobyApp() {
         const reg = await navigator.serviceWorker.ready;
         const subscription = await reg.pushManager.getSubscription();
         if (subscription) {
-          const res = await fetch(`/api/push/status?endpoint=${encodeURIComponent(subscription.endpoint)}`);
+          const res = await authFetch(`/api/push/status?endpoint=${encodeURIComponent(subscription.endpoint)}`);
           const data = await res.json();
           setPushState(data.subscribed ? 'subscribed' : 'unsubscribed');
         } else {

package/supervisor/chat/src/hooks/useChat.ts

@@ -1,5 +1,6 @@
 import { useCallback, useEffect, useState, useRef } from 'react';
 import type { WsClient } from '../lib/ws-client';
+import { authFetch } from '../lib/auth';
 
 export interface StoredAttachment {
   type: string;
@@ -45,7 +46,7 @@ export function useChat(ws: WsClient | null) {
   useEffect(() => {
     if (loaded.current) return;
     loaded.current = true;
-    fetch('/api/context/current')
+    authFetch('/api/context/current')
       .then((r) => r.json())
       .then((data) => {
         if (data.conversationId) {
@@ -58,7 +59,7 @@ export function useChat(ws: WsClient | null) {
   // Load messages when conversationId is set
   useEffect(() => {
     if (!conversationId) return;
-    fetch(`/api/conversations/${conversationId}`)
+    authFetch(`/api/conversations/${conversationId}`)
       .then((r) => {
         if (!r.ok) throw new Error('not found');
         return r.json();
@@ -105,7 +106,7 @@ export function useChat(ws: WsClient | null) {
       .catch(() => {
         // Conversation gone — clear
         setConversationId(null);
-        fetch('/api/context/clear', { method: 'POST' }).catch(() => {});
+        authFetch('/api/context/clear', { method: 'POST' }).catch(() => {});
       });
   }, [conversationId]);
 
@@ -114,7 +115,7 @@ export function useChat(ws: WsClient | null) {
   useEffect(() => {
     if (conversationId && conversationId !== prevConvId.current) {
       prevConvId.current = conversationId;
-      fetch('/api/context/set', {
+      authFetch('/api/context/set', {
         method: 'POST',
         headers: { 'Content-Type': 'application/json' },
         body: JSON.stringify({ conversationId }),
@@ -274,7 +275,7 @@ export function useChat(ws: WsClient | null) {
     setTools([]);
     prevConvId.current = null;
     loaded.current = false;
-    fetch('/api/context/clear', { method: 'POST' }).catch(() => {});
+    authFetch('/api/context/clear', { method: 'POST' }).catch(() => {});
   }, []);
 
   return { messages, streaming, streamBuffer, conversationId, tools, sendMessage, stopStreaming, clearContext };

package/supervisor/index.ts

@@ -406,10 +406,21 @@ export async function startSupervisor() {
   // The request handler is set up later via server.on('request')
   const server = http.createServer();
 
-  // Start Vite dev server — pass supervisor server so Vite attaches HMR WebSocket directly
+  // Start Vite dev server — pass supervisor server so Vite attaches HMR WebSocket directly.
+  // A Vite boot failure must NOT take down the supervisor (G1): chat is served independently and
+  // is the lifeline the user needs to ask the agent to fix things. On failure we fall back to a
+  // sentinel port — the dashboard proxy then serves the branded "Reconnecting" page (which polls
+  // and carries the chat widget) while chat, the worker API, channels, and the tunnel all still
+  // come up. Previously this throw reached the top-level catch → process.exit before chat listened.
   console.log('[supervisor] Starting Vite dev server...');
-  const vitePorts = await startViteDevServers(config.port, server);
-  console.log(`[supervisor] Vite ready — dashboard :${vitePorts.dashboard}`);
+  let vitePorts: { dashboard: number };
+  try {
+    vitePorts = await startViteDevServers(config.port, server);
+    console.log(`[supervisor] Vite ready — dashboard :${vitePorts.dashboard}`);
+  } catch (err) {
+    log.error(`Vite dev server failed to start — dashboard degraded, chat still available: ${err instanceof Error ? err.message : err}`);
+    vitePorts = { dashboard: -1 }; // sentinel → dashboard proxy serves RECOVERING_HTML
+  }
   console.log(`[supervisor] Upgrade listeners on server: ${server.listenerCount('upgrade')}`);
 
   // Ensure file storage dirs exist
@@ -504,36 +515,31 @@ export async function startSupervisor() {
     }
   }
 
-  const AUTH_EXEMPT_ROUTES = [
-    'POST /api/portal/login',
-    'GET /api/portal/login',
-    'POST /api/portal/validate-token',
-    'GET /api/portal/validate-token',
-    'GET /api/onboard/status',
+  // SECURITY MODEL — public allowlist (secure by default). When a portal password is set, EVERY
+  // /api/* route requires a valid Bearer token EXCEPT the ones listed here (the pre-login surface:
+  // login/onboarding/health/non-secret config). A new /api route is therefore GATED by default —
+  // it can only leak if someone explicitly adds it here. (Previously the gate skipped ALL GET/HEAD,
+  // so every data read — conversations, context, wallet, devices — was readable with no token.)
+  // Note: /api/agent/* (agent secret) and /api/channels/* are intercepted + returned BEFORE this
+  // gate, so they're unaffected; the channel entries below are belt-and-suspenders.
+  const PUBLIC_PRELOGIN_ROUTES = [
     'GET /api/health',
-    // NOTE: 'POST /api/onboard' is intentionally NOT blanket-exempt. It is gated in the
-    // request handler below: open on genuine first run (no portal_pass yet), token-required
-    // afterward. Re-onboard from the dashboard uses the internal x-internal WS path.
+    'GET /api/onboard/status',
+    'GET /api/settings',                 // secrets already stripped (worker denylist); widget + onboard read flags pre-login
     'GET /api/push/vapid-public-key',
-    'GET /api/push/status',
-    'POST /api/auth/claude/start',
-    'POST /api/auth/claude/exchange',
-    'GET /api/auth/claude/status',
-    'POST /api/auth/codex/start',
-    'POST /api/auth/codex/cancel',
-    'GET /api/auth/codex/status',
-    'GET /api/auth/pi/providers',
-    'GET /api/auth/pi/status',
-    'POST /api/auth/pi/test',
-    'POST /api/auth/pi/save',
-    'DELETE /api/auth/pi',
-    'POST /api/auth/pi/completion',
-    'POST /api/portal/totp/setup',
-    'POST /api/portal/totp/verify-setup',
-    'POST /api/portal/totp/disable',
-    'GET /api/portal/totp/status',
+    'GET /api/portal/login',
+    'POST /api/portal/login',
+    'GET /api/portal/validate-token',
+    'POST /api/portal/validate-token',
     'GET /api/portal/login/totp',
-    'POST /api/portal/devices/revoke',
+    'GET /api/portal/totp/status',
+    'POST /api/portal/totp/setup',        // self-protected in-handler (Bearer OR password OR first-run)
+    'POST /api/portal/totp/verify-setup', // self-protected in-handler
+    'POST /api/portal/totp/disable',      // self-protected (requires password + valid code)
+    'POST /api/portal/verify-password',   // verifies the password itself — cannot require a token
+    // NOTE: 'POST /api/onboard' is NOT public — gated below: open only on genuine first run
+    // (no portal_pass yet), token-required afterward. Dashboard re-onboard uses the x-internal WS path.
+    // Channel onboarding (also intercepted earlier; kept for completeness/safety):
     'GET /api/channels/status',
     'GET /api/channels/whatsapp/qr',
     'GET /api/channels/whatsapp/qr-page',
@@ -546,12 +552,23 @@ export async function startSupervisor() {
     'POST /api/channels/send',
     'POST /api/channels/alexa/handle',
   ];
+  // Method-specific public PREFIXES — onboarding namespaces with sub-paths / params that carry no
+  // private chat data: provider OAuth setup/status (all of /api/auth/*), and handle availability
+  // (GET /api/handle/* only — handle register/change are POSTs and stay gated).
+  const PUBLIC_PRELOGIN_PREFIXES = [
+    'POST /api/auth/',
+    'GET /api/auth/',
+    'DELETE /api/auth/',
+    'GET /api/handle/',
+  ];
 
-  function isExemptRoute(method: string, url: string): boolean {
+  function isPublicRoute(method: string, url: string): boolean {
+    const m = method === 'HEAD' ? 'GET' : method; // a HEAD to a public GET route is public
     const path = url.split('?')[0];
-    return AUTH_EXEMPT_ROUTES.some((r) => {
-      const [m, p] = r.split(' ');
-      return method === m && path === p;
+    if (PUBLIC_PRELOGIN_ROUTES.includes(`${m} ${path}`)) return true;
+    return PUBLIC_PRELOGIN_PREFIXES.some((r) => {
+      const sp = r.indexOf(' ');
+      return m === r.slice(0, sp) && path.startsWith(r.slice(sp + 1));
     });
   }
 
@@ -1728,9 +1745,11 @@ mint();
       const isInternal = req.headers['x-internal'] === internalSecret;
 
       if (!isInternal) {
-        // Auth check for mutation routes (POST/PUT/DELETE) — GET/HEAD are read-only, skip auth
+        // Require a token for EVERY /api route except the public pre-login allowlist. This now
+        // covers GET data reads (conversations, context, wallet, devices, push status) that
+        // previously skipped auth and leaked over the public relay.
         const method = req.method || 'GET';
-        if (method !== 'GET' && method !== 'HEAD' && !isExemptRoute(method, req.url || '')) {
+        if (!isPublicRoute(method, req.url || '')) {
           // POST /api/onboard is open only on genuine first run (no portal_pass yet). Read the
           // setting DIRECTLY rather than the 30s-cached isAuthRequired() so the gate closes the
           // instant onboarding sets a password — no stale-cache window for a takeover. The
@@ -1848,6 +1867,14 @@ mint();
       return;
     }
 
+    // Vite failed to boot (sentinel port) → serve the recovering page directly instead of
+    // proxying to a dead port. Chat (/bloby/*) is served earlier, so the lifeline stays up.
+    if (vitePorts.dashboard < 0) {
+      res.writeHead(503, { 'Content-Type': 'text/html', 'Cache-Control': 'no-store, no-cache, must-revalidate' });
+      res.end(RECOVERING_HTML);
+      return;
+    }
+
     // Everything else → proxy to dashboard Vite dev server
     console.log(`[supervisor] → dashboard Vite :${vitePorts.dashboard} | ${req.method} ${(req.url || '').split('?')[0]}`);
     const GUARD_TAG = '<script defer src="/bloby/workspace-guard.js"></script>';
@@ -2788,14 +2815,36 @@ mint();
     }, 1000);
   }
 
-  // Watch backend/ for code changes
-  const backendWatcher = fs.watch(backendDir, { recursive: true }, (_event, filename) => {
-    if (!filename || !filename.match(/\.(ts|js|json)$/)) return;
-    scheduleBackendRestart(`Backend file changed: ${filename}`);
-  });
+  // Self-healing file watchers. Two failure modes the audit flagged, both of which would hurt G3
+  // (auto-heal) or G1 (chat): (a) fs.watch throws synchronously if its target is missing — at boot
+  // that reached the top-level catch → process.exit before chat listened; (b) a watcher 'error'
+  // event (EMFILE under load, the watched inode removed during a workspace swap) has no listener,
+  // so it crashes the supervisor AND leaves a silently-dead watcher (auto-heal stops with no
+  // signal). Fix: ensure the dir exists, attach an 'error' listener, and re-arm with backoff.
+  let backendWatcher: fs.FSWatcher | null = null;
+  let workspaceWatcher: fs.FSWatcher | null = null;
+
+  function armBackendWatcher() {
+    try {
+      fs.mkdirSync(backendDir, { recursive: true }); // fs.watch throws if the target is missing
+      const w = fs.watch(backendDir, { recursive: true }, (_event, filename) => {
+        if (!filename || !filename.toString().match(/\.(ts|js|json)$/)) return;
+        scheduleBackendRestart(`Backend file changed: ${filename}`);
+      });
+      w.on('error', (err: any) => {
+        log.warn(`[watcher] backend watcher error: ${err?.message || err} — re-arming in 2s`);
+        try { w.close(); } catch {}
+        backendWatcher = null;
+        setTimeout(armBackendWatcher, 2000);
+      });
+      backendWatcher = w;
+    } catch (err: any) {
+      log.warn(`[watcher] backend watcher failed to arm: ${err?.message || err} — retry in 5s`);
+      setTimeout(armBackendWatcher, 5000);
+    }
+  }
 
-  // Watch workspace root for .env, dependency, and .restart/.update changes
-  const workspaceWatcher = fs.watch(workspaceDir, (_event, filename) => {
+  function onWorkspaceChange(_event: fs.WatchEventType, filename: string | Buffer | null) {
     if (!filename) return;
     if (filename === '.env') {
       scheduleBackendRestart('.env changed');
@@ -2832,7 +2881,26 @@ mint();
         runDeferredUpdate();
       }
     }
-  });
+  }
+
+  function armWorkspaceWatcher() {
+    try {
+      const w = fs.watch(workspaceDir, onWorkspaceChange);
+      w.on('error', (err: any) => {
+        log.warn(`[watcher] workspace watcher error: ${err?.message || err} — re-arming in 2s`);
+        try { w.close(); } catch {}
+        workspaceWatcher = null;
+        setTimeout(armWorkspaceWatcher, 2000);
+      });
+      workspaceWatcher = w;
+    } catch (err: any) {
+      log.warn(`[watcher] workspace watcher failed to arm: ${err?.message || err} — retry in 5s`);
+      setTimeout(armWorkspaceWatcher, 5000);
+    }
+  }
+
+  armBackendWatcher();
+  armWorkspaceWatcher();
 
   // Tunnel
   let tunnelUrl: string | null = null;
@@ -2994,8 +3062,8 @@ mint();
     log.info('Shutting down...');
     await channelManager.disconnectAll();
     stopScheduler();
-    backendWatcher.close();
-    workspaceWatcher.close();
+    backendWatcher?.close();
+    workspaceWatcher?.close();
     if (backendRestartTimer) clearTimeout(backendRestartTimer);
     if (watchdogInterval) clearInterval(watchdogInterval);
     stopHeartbeat();