bortexcode 1.3.0 → 1.5.0

package/README.md

@@ -94,14 +94,30 @@ For remote access without opening an inbound port, use the bortex.site relay:
 ```bash
 bortexcode remote-control --cloud --name "My Project"
 bortexcode --remote-cloud "My Project"
+bortexcode remote-control --cloud --remote-permission full
 ```
 
+Cloud Remote Control defaults to `balanced` permissions. It allows inspection,
+status commands, and common test/lint/build shell commands while blocking
+mutating commands such as file writes, patch apply, git stage/commit/discard,
+and arbitrary shell mutations. Use `--remote-permission read-only` for
+inspection-only sessions or `--remote-permission full` only for trusted sessions.
+
+The browser UI includes Cancel and Revoke controls. Cancel requests termination
+of the running command. Revoke invalidates the tokenized URL and stops the
+server-mode cloud session.
+
+Remote output streams live for shell commands and CLI output: stdout/stderr
+chunks appear in the browser while the command is still running, then the final
+result replaces the streaming buffer when the command completes.
+
 Inside the REPL:
 
 ```text
 /remote-control My Project
 /remote-control --lan
 /remote-control --cloud
+/remote-control --cloud --permission full
 /remote-control stop
 ```
 
@@ -129,6 +145,8 @@ Inside the REPL:
                     Use bortex.site relay instead of opening a local port
     --remote-relay <url>
                     Remote relay base URL
+    --remote-permission <mode>
+                    Remote permissions: read-only, balanced, full
     --remote-lan    Bind remote control to 0.0.0.0 for LAN/mobile access
     --remote-host <host>, --remote-port <port>
                     Remote control bind address
@@ -156,4 +174,5 @@ BORTEX_NO_UPDATE_CHECK=1
 BORTEX_REMOTE_HOST
 BORTEX_REMOTE_PORT
 BORTEX_REMOTE_RELAY_URL
+BORTEX_REMOTE_PERMISSION
 ```

package/bin/bortex.js

@@ -35,6 +35,7 @@ function parseArgs(argv) {
     remoteControlServerMode: false,
     remoteControlCloud: false,
     remoteControlRelayUrl: process.env.BORTEX_REMOTE_RELAY_URL || '',
+    remoteControlPermission: process.env.BORTEX_REMOTE_PERMISSION || 'balanced',
     remoteControlName: '',
     remoteControlHost: process.env.BORTEX_REMOTE_HOST || '127.0.0.1',
     remoteControlPort: Number(process.env.BORTEX_REMOTE_PORT || 0) || 0,
@@ -178,6 +179,19 @@ function parseArgs(argv) {
       opts.remoteControlRelayUrl = a.slice('--relay-url='.length);
       continue;
     }
+    if ((a === '--remote-permission' || a === '--permission') && argv[i + 1]) {
+      opts.remoteControlPermission = argv[i + 1];
+      i += 1;
+      continue;
+    }
+    if (a.startsWith('--remote-permission=')) {
+      opts.remoteControlPermission = a.slice('--remote-permission='.length);
+      continue;
+    }
+    if (a.startsWith('--permission=')) {
+      opts.remoteControlPermission = a.slice('--permission='.length);
+      continue;
+    }
     if (a === '--remote-lan') {
       opts.remoteControlHost = '0.0.0.0';
       continue;
@@ -251,6 +265,8 @@ function usage() {
   console.log('                      Use bortex.site relay instead of opening a local port');
   console.log('      --remote-relay <url>');
   console.log('                      Remote relay base URL (default: current --url)');
+  console.log('      --remote-permission <mode>');
+  console.log('                      Remote permissions: read-only, balanced, full');
   console.log('      --remote-lan    Bind remote control to 0.0.0.0 for LAN/mobile access');
   console.log('      --remote-host <host>, --remote-port <port>');
   console.log('                      Remote control bind address');
@@ -264,6 +280,7 @@ function usage() {
   console.log('  BORTEX_URL      Server URL');
   console.log('  BORTEX_API_KEY  API key');
   console.log('  BORTEX_REMOTE_RELAY_URL  Remote Control cloud relay URL');
+  console.log('  BORTEX_REMOTE_PERMISSION Remote permissions: read-only, balanced, full');
 }
 
 function formatMs(ms) {
@@ -3931,8 +3948,31 @@ async function runToolRunCommand(opts, line) {
   });
 }
 
+let ACTIVE_REMOTE_CONTROL_EXECUTION_STATE = null;
+
+function terminateChildProcessTree(child) {
+  if (!child || !child.pid) return;
+  if (process.platform === 'win32') {
+    try {
+      spawnSync('taskkill', ['/PID', String(child.pid), '/T', '/F'], {
+        stdio: 'ignore',
+        windowsHide: true
+      });
+      return;
+    } catch (_err) {}
+  }
+  try { child.kill('SIGTERM'); } catch (_err) {}
+  setTimeout(() => {
+    try { child.kill('SIGKILL'); } catch (_err) {}
+  }, 1500).unref?.();
+}
+
 function runChild(command, args, { cwd, shell = false } = {}) {
   return new Promise((resolve) => {
+    const cancelState = ACTIVE_REMOTE_CONTROL_EXECUTION_STATE;
+    if (cancelState?.cancelRequested || cancelState?.revoked || cancelState?.active === false) {
+      return resolve({ ok: false, code: null, stdout: '', stderr: 'Canceled by remote request.' });
+    }
     const child = spawn(command, args, {
       cwd: cwd || process.cwd(),
       shell,
@@ -3941,10 +3981,45 @@ function runChild(command, args, { cwd, shell = false } = {}) {
     });
     let stdout = '';
     let stderr = '';
-    child.stdout.on('data', (c) => { stdout += String(c || ''); });
-    child.stderr.on('data', (c) => { stderr += String(c || ''); });
-    child.on('error', (err) => resolve({ ok: false, code: null, stdout, stderr: err.message }));
-    child.on('close', (code) => resolve({ ok: code === 0, code, stdout, stderr }));
+    let settled = false;
+    let canceled = false;
+    const emitChunk = (stream, text) => {
+      try {
+        if (cancelState && typeof cancelState.onChunk === 'function') {
+          cancelState.onChunk(stream, text);
+        }
+      } catch (_err) {}
+    };
+    const finish = (result) => {
+      if (settled) return;
+      settled = true;
+      if (cancelTimer) clearInterval(cancelTimer);
+      resolve(result);
+    };
+    const cancelTimer = cancelState ? setInterval(() => {
+      if (cancelState.cancelRequested || cancelState.revoked || cancelState.active === false) {
+        canceled = true;
+        terminateChildProcessTree(child);
+      }
+    }, 250) : null;
+    if (cancelTimer && typeof cancelTimer.unref === 'function') cancelTimer.unref();
+    child.stdout.on('data', (c) => {
+      const text = String(c || '');
+      stdout += text;
+      emitChunk('stdout', text);
+    });
+    child.stderr.on('data', (c) => {
+      const text = String(c || '');
+      stderr += text;
+      emitChunk('stderr', text);
+    });
+    child.on('error', (err) => finish({ ok: false, code: null, stdout, stderr: err.message }));
+    child.on('close', (code) => {
+      const finalStderr = canceled
+        ? `${stderr || ''}${stderr && !stderr.endsWith('\n') ? '\n' : ''}Canceled by remote request.`
+        : stderr;
+      finish({ ok: !canceled && code === 0, code, stdout, stderr: finalStderr });
+    });
   });
 }
 
@@ -4303,10 +4378,12 @@ function buildRemoteControlHtml(state) {
     const statusEl = document.getElementById('status');
     const promptEl = document.getElementById('prompt');
     const sendEl = document.getElementById('send');
-    let lastCount = -1;
+    let lastSignature = '';
     function renderLog(items) {
-      if (!Array.isArray(items) || items.length === lastCount) return;
-      lastCount = items.length;
+      if (!Array.isArray(items)) return;
+      const signature = items.map((item, index) => String(item.id || index) + ':' + String(item.ts || '') + ':' + String(item.text || '').length).join('|');
+      if (signature === lastSignature) return;
+      lastSignature = signature;
       logEl.innerHTML = items.map((item) => {
         const role = String(item.role || 'system');
         const text = String(item.text || '');
@@ -4352,17 +4429,21 @@ function buildRemoteControlHtml(state) {
 </html>`;
 }
 
-async function captureRemoteControlOutput(fn) {
+async function captureRemoteControlOutput(fn, onChunk) {
   let stdout = '';
   let stderr = '';
   const originalStdoutWrite = process.stdout.write;
   const originalStderrWrite = process.stderr.write;
   process.stdout.write = function patchedStdoutWrite(chunk, encoding, cb) {
-    stdout += Buffer.isBuffer(chunk) ? chunk.toString(typeof encoding === 'string' ? encoding : 'utf8') : String(chunk ?? '');
+    const text = Buffer.isBuffer(chunk) ? chunk.toString(typeof encoding === 'string' ? encoding : 'utf8') : String(chunk ?? '');
+    stdout += text;
+    try { if (typeof onChunk === 'function') onChunk('stdout', text); } catch (_err) {}
     return originalStdoutWrite.apply(process.stdout, arguments);
   };
   process.stderr.write = function patchedStderrWrite(chunk, encoding, cb) {
-    stderr += Buffer.isBuffer(chunk) ? chunk.toString(typeof encoding === 'string' ? encoding : 'utf8') : String(chunk ?? '');
+    const text = Buffer.isBuffer(chunk) ? chunk.toString(typeof encoding === 'string' ? encoding : 'utf8') : String(chunk ?? '');
+    stderr += text;
+    try { if (typeof onChunk === 'function') onChunk('stderr', text); } catch (_err) {}
     return originalStderrWrite.apply(process.stderr, arguments);
   };
   try {
@@ -4374,32 +4455,56 @@ async function captureRemoteControlOutput(fn) {
   return { stdout, stderr };
 }
 
-async function runRemoteControlPrompt(opts, text) {
+async function runRemoteControlPrompt(opts, text, onChunk) {
   const line = String(text || '').trim();
   if (!line) return { ok: false, output: 'Empty prompt.' };
+  const permission = assessRemoteControlPromptPermission(opts, line);
+  if (!permission.ok) {
+    return {
+      ok: false,
+      output: `Remote command blocked (${permission.mode}): ${permission.reason}.\nRestart with --remote-permission full only for a trusted session.`
+    };
+  }
   pushCliHistory(opts, `[remote] ${line}`);
   try { saveCliWorkspaceState(opts); } catch (_err) {}
-  const captured = await captureRemoteControlOutput(async () => {
-    if (line === '/exit' || line === '/quit') {
-      console.log('Remote clients cannot exit the local terminal process. Stop it locally with Ctrl+C.');
-      return;
-    }
-    const localResult = await handleLocalCommand(opts, line);
-    if (localResult.handled) return;
-    const localIntent = classifyLocalPromptIntent(line);
-    if (localIntent?.command) {
-      const intentResult = await handleLocalCommand(opts, localIntent.command);
-      if (intentResult.handled) return;
-    }
-    const naturalFileAction = await runNaturalLocalFileAction(opts, line);
-    if (naturalFileAction.handled) return;
-    if (opts.offline) {
-      console.log('Offline mode: use slash commands and local tools from this remote session.');
-      return;
-    }
-    const data = await askServer(opts, line);
-    printResponse(opts, data);
-  });
+  const previousRemoteExecution = ACTIVE_REMOTE_CONTROL_EXECUTION_STATE;
+  ACTIVE_REMOTE_CONTROL_EXECUTION_STATE = {
+    ...(opts._remoteControlExecutionState || {}),
+    onChunk
+  };
+  let captured;
+  try {
+    captured = await captureRemoteControlOutput(async () => {
+      if (line === '/exit' || line === '/quit') {
+        console.log('Remote clients cannot exit the local terminal process. Stop it locally with Ctrl+C.');
+        return;
+      }
+      const localResult = await handleLocalCommand(opts, line);
+      if (localResult.handled) return;
+      const localIntent = classifyLocalPromptIntent(line);
+      if (localIntent?.command) {
+        const intentPermission = assessRemoteControlPromptPermission(opts, localIntent.command);
+        if (!intentPermission.ok) {
+          console.log(`Remote inferred command blocked (${intentPermission.mode}): ${intentPermission.reason}.`);
+          return;
+        }
+        const intentResult = await handleLocalCommand(opts, localIntent.command);
+        if (intentResult.handled) return;
+      }
+      if (!permission.skipNaturalActions) {
+        const naturalFileAction = await runNaturalLocalFileAction(opts, line);
+        if (naturalFileAction.handled) return;
+      }
+      if (opts.offline) {
+        console.log('Offline mode: use slash commands and local tools from this remote session.');
+        return;
+      }
+      const data = await askServer(opts, line);
+      printResponse(opts, data);
+    }, onChunk);
+  } finally {
+    ACTIVE_REMOTE_CONTROL_EXECUTION_STATE = previousRemoteExecution;
+  }
   const output = `${captured.stdout || ''}${captured.stderr || ''}`.trim();
   return { ok: true, output: output || '(no output)' };
 }
@@ -4412,6 +4517,7 @@ async function startRemoteControlServer(opts, overrides = {}) {
 
   const http = require('http');
   const crypto = require('crypto');
+  opts.remoteControlPermission = getRemoteControlPermissionMode(opts, overrides);
   const host = String(overrides.host || opts.remoteControlHost || '127.0.0.1').trim() || '127.0.0.1';
   const port = Math.max(0, Math.min(65535, Number(overrides.port ?? opts.remoteControlPort ?? 0) || 0));
   const token = crypto.randomBytes(24).toString('hex');
@@ -4424,10 +4530,37 @@ async function startRemoteControlServer(opts, overrides = {}) {
     cwd: opts.cwd,
     startedAt: Date.now(),
     busy: false,
-    log: []
+    log: [],
+    nextLogId: 1
   };
   const appendLog = (role, text) => {
-    state.log.push({ role, text: String(text || ''), ts: Date.now() });
+    state.log.push({ id: state.nextLogId++, role, text: String(text || ''), ts: Date.now() });
+    if (state.log.length > 200) state.log.splice(0, state.log.length - 200);
+  };
+  const appendStreamChunk = (streamKey, text, commandId) => {
+    const chunk = String(text || '');
+    if (!chunk) return;
+    let item = null;
+    for (let i = state.log.length - 1; i >= 0; i -= 1) {
+      const candidate = state.log[i];
+      if (candidate?.streaming && candidate.commandId === commandId) {
+        item = candidate;
+        break;
+      }
+    }
+    if (!item) {
+      item = {
+        id: state.nextLogId++,
+        role: streamKey === 'stderr' ? 'system' : 'assistant',
+        text: '',
+        ts: Date.now(),
+        streaming: true,
+        commandId
+      };
+      state.log.push(item);
+    }
+    item.text = `${item.text || ''}${chunk}`.slice(-20000);
+    item.ts = Date.now();
     if (state.log.length > 200) state.log.splice(0, state.log.length - 200);
   };
   appendLog('system', `Remote Control started for ${state.cwd}`);
@@ -4480,8 +4613,17 @@ async function startRemoteControlServer(opts, overrides = {}) {
         const text = String(payload.text || payload.prompt || '').trim();
         if (!text) return sendJson(res, 400, { ok: false, error: 'empty prompt' });
         appendLog('user', text);
-        const result = await runRemoteControlPrompt(opts, text);
-        appendLog('assistant', result.output || '(no output)');
+        const commandId = state.nextLogId;
+        const result = await runRemoteControlPrompt(opts, text, (stream, chunk) => appendStreamChunk(stream, chunk, commandId));
+        const streamLog = state.log.find((item) => item?.streaming && item.commandId === commandId);
+        if (streamLog) {
+          streamLog.streaming = false;
+          streamLog.role = result.ok ? 'assistant' : 'system';
+          streamLog.text = result.output || streamLog.text || '(no output)';
+          streamLog.ts = Date.now();
+        } else {
+          appendLog('assistant', result.output || '(no output)');
+        }
         return sendJson(res, result.ok ? 200 : 500, { ok: !!result.ok, output: result.output || '' });
       } catch (err) {
         appendLog('system', `Error: ${err.message}`);
@@ -4545,6 +4687,81 @@ function getRemoteControlRelayBase(opts, overrides = {}) {
   return String(overrides.relayUrl || opts.remoteControlRelayUrl || opts.url || 'https://bortex.site').replace(/\/+$/, '');
 }
 
+function normalizeRemoteControlPermissionMode(value) {
+  const v = String(value || 'balanced').trim().toLowerCase();
+  if (['full', 'trusted', 'unsafe', 'yolo'].includes(v)) return 'full';
+  if (['read-only', 'readonly', 'read', 'safe', 'ro'].includes(v)) return 'read-only';
+  return 'balanced';
+}
+
+function getRemoteControlPermissionMode(opts, overrides = {}) {
+  return normalizeRemoteControlPermissionMode(overrides.permission || opts.remoteControlPermission || 'balanced');
+}
+
+function isReadOnlyRemoteSlashCommand(line) {
+  const [cmd, ...rest] = parseWords(line);
+  const lc = String(cmd || '').toLowerCase();
+  if (!lc.startsWith('/')) return false;
+  if ([
+    '/help', '/commands', '/menu', '/status', '/pwd', '/ls', '/tree', '/read',
+    '/diff', '/hunks', '/show-hunk', '/ssh-status', '/sys-status',
+    '/process-status', '/port-status', '/history'
+  ].includes(lc)) return true;
+  if (lc === '/llm-config') {
+    const sub = String(rest[0] || 'show').toLowerCase();
+    return !sub || ['show', 'status'].includes(sub);
+  }
+  if (lc === '/git') {
+    const sub = String(rest[0] || '').toLowerCase();
+    return ['status', 'diff', 'log', 'show', 'branch', 'rev-parse', 'remote'].includes(sub);
+  }
+  return false;
+}
+
+function isBalancedRemoteShellCommand(cmdText) {
+  const text = String(cmdText || '').trim();
+  const lower = text.toLowerCase();
+  if (!text) return false;
+  if (/[;&|`$<>]/.test(text)) return false;
+  if (/\b(rm|del|erase|rmdir|rd|move|mv|copy|cp|curl|wget|scp|ssh|chmod|chown|sudo|su|kill|pkill|taskkill|format|shutdown|reboot)\b/i.test(text)) return false;
+  if (/\b(git\s+(add|commit|reset|restore|checkout|switch|clean|stash|push|pull|merge|rebase|apply|am|cherry-pick))\b/i.test(text)) return false;
+  if (/^(npm|pnpm|yarn)\s+(test|run\s+(test|lint|build|check|typecheck)|exec\s+tsc)\b/i.test(text)) return true;
+  if (/^node\s+--check\s+\S+/i.test(text)) return true;
+  if (/^(git\s+(status|diff|log|show|branch|rev-parse)|rg|grep|findstr|ls|dir|pwd|cat|type)\b/i.test(text)) return true;
+  return false;
+}
+
+function isBalancedRemoteSlashCommand(line) {
+  if (isReadOnlyRemoteSlashCommand(line)) return true;
+  const [cmd, ...rest] = parseWords(line);
+  const lc = String(cmd || '').toLowerCase();
+  if (lc === '/sh') {
+    const cmdText = line.slice(line.indexOf('/sh') + 3).trim();
+    return isBalancedRemoteShellCommand(cmdText);
+  }
+  if (lc === '/agent') return true;
+  if (lc === '/ux') return true;
+  if (lc === '/remote-control' || lc === '/remote' || lc === '/rc') return true;
+  if (lc === '/agent-run') {
+    return rest.some((x) => String(x).toLowerCase() === '--dry');
+  }
+  return false;
+}
+
+function assessRemoteControlPromptPermission(opts, line) {
+  const mode = getRemoteControlPermissionMode(opts);
+  const text = String(line || '').trim();
+  if (!text) return { ok: false, mode, reason: 'empty prompt' };
+  if (mode === 'full') return { ok: true, mode };
+  if (!text.startsWith('/')) return { ok: true, mode, skipNaturalActions: true };
+  if (mode === 'read-only') {
+    if (isReadOnlyRemoteSlashCommand(text)) return { ok: true, mode, skipNaturalActions: true };
+    return { ok: false, mode, reason: 'read-only mode allows inspection commands only' };
+  }
+  if (isBalancedRemoteSlashCommand(text)) return { ok: true, mode, skipNaturalActions: true };
+  return { ok: false, mode, reason: 'balanced mode blocks mutating or unsafe remote commands' };
+}
+
 function remoteControlSleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -4590,7 +4807,7 @@ async function fetchRemoteControlJson(url, options = {}, timeoutMs = 30000) {
   }
 }
 
-async function postCloudRemoteHeartbeat(state) {
+async function postCloudRemoteHeartbeat(state, extra = {}) {
   const heartbeatUrl = withRemoteControlQuery(
     state.heartbeatUrl,
     state.baseUrl,
@@ -4599,7 +4816,7 @@ async function postCloudRemoteHeartbeat(state) {
   await fetchRemoteControlJson(heartbeatUrl, {
     method: 'POST',
     headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify({ cwd: state.cwd, version: CLI_VERSION })
+    body: JSON.stringify({ cwd: state.cwd, version: CLI_VERSION, ...extra })
   }, 12000);
 }
 
@@ -4620,6 +4837,107 @@ async function postCloudRemoteResult(state, commandId, result) {
   }, 35000);
 }
 
+async function postCloudRemoteChunk(state, commandId, stream, text) {
+  if (!state?.chunkUrl || !text) return;
+  const chunkUrl = withRemoteControlQuery(
+    state.chunkUrl,
+    state.baseUrl,
+    { agentToken: state.agentToken }
+  );
+  await fetchRemoteControlJson(chunkUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      commandId,
+      stream: stream === 'stderr' ? 'stderr' : 'stdout',
+      text: String(text || '')
+    })
+  }, 12000);
+}
+
+function createCloudRemoteChunkStreamer(state, commandId) {
+  const queue = [];
+  let timer = null;
+  let flushing = false;
+  const schedule = (ms = 250) => {
+    if (timer) return;
+    timer = setTimeout(() => {
+      timer = null;
+      flush().catch(() => {});
+    }, ms);
+    if (typeof timer.unref === 'function') timer.unref();
+  };
+  const flush = async () => {
+    if (flushing) return;
+    flushing = true;
+    if (timer) {
+      clearTimeout(timer);
+      timer = null;
+    }
+    try {
+      while (queue.length) {
+        const pending = queue.splice(0, queue.length);
+        const grouped = new Map();
+        for (const item of pending) {
+          const stream = item.stream === 'stderr' ? 'stderr' : 'stdout';
+          grouped.set(stream, `${grouped.get(stream) || ''}${item.text || ''}`);
+        }
+        for (const [stream, text] of grouped.entries()) {
+          if (!text) continue;
+          await postCloudRemoteChunk(state, commandId, stream, text).catch((err) => {
+            state.lastChunkError = err.message || String(err);
+          });
+        }
+      }
+    } finally {
+      flushing = false;
+    }
+  };
+  return {
+    push(stream, text) {
+      if (!text || !state.active) return;
+      queue.push({ stream, text: String(text || '') });
+      const queuedSize = queue.reduce((n, item) => n + String(item.text || '').length, 0);
+      schedule(queuedSize > 3000 ? 25 : 250);
+    },
+    flush
+  };
+}
+
+async function pollCloudRemoteControlControlLoop(state) {
+  while (state.active) {
+    try {
+      const controlUrl = withRemoteControlQuery(
+        state.controlUrl,
+        state.baseUrl,
+        { agentToken: state.agentToken }
+      );
+      const data = await fetchRemoteControlJson(controlUrl, { method: 'GET' }, 12000);
+      if (data.revoked) {
+        state.revoked = true;
+        state.cancelRequested = true;
+        state.active = false;
+        console.log('Cloud Remote Control revoked by remote client.');
+        break;
+      }
+      if (data.cancelRequested) {
+        state.cancelRequested = true;
+        state.cancelCommandId = data.cancelCommandId || null;
+      }
+      state.controlErrorCount = 0;
+    } catch (err) {
+      state.controlErrorCount = (state.controlErrorCount || 0) + 1;
+      if (/revoked|410/i.test(String(err.message || err))) {
+        state.revoked = true;
+        state.cancelRequested = true;
+        state.active = false;
+        break;
+      }
+    }
+    await remoteControlSleep(Math.min(3000, 1000 + (state.controlErrorCount || 0) * 250));
+  }
+}
+
 async function pollCloudRemoteControlLoop(opts, state) {
   let lastHeartbeatAt = 0;
   while (state.active) {
@@ -4631,6 +4949,17 @@ async function pollCloudRemoteControlLoop(opts, state) {
         { agentToken: state.agentToken, after: state.lastCommandId || 0 }
       );
       const data = await fetchRemoteControlJson(pollUrl, { method: 'GET' }, 35000);
+      if (data.revoked) {
+        state.revoked = true;
+        state.cancelRequested = true;
+        state.active = false;
+        console.log('Cloud Remote Control revoked by remote client.');
+        break;
+      }
+      if (data.cancelRequested) {
+        state.cancelRequested = true;
+        state.cancelCommandId = data.cancelCommandId || null;
+      }
       const commands = Array.isArray(data.commands) ? data.commands : [];
       state.lastSeenAt = Date.now();
       state.errorCount = 0;
@@ -4641,18 +4970,36 @@ async function pollCloudRemoteControlLoop(opts, state) {
         if (commandId > (state.lastCommandId || 0)) state.lastCommandId = commandId;
         const text = String(command?.text || command?.prompt || '').trim();
         if (!text) continue;
+        state.cancelRequested = false;
+        state.cancelCommandId = null;
         state.busy = true;
+        opts._remoteControlExecutionState = state;
+        const streamer = createCloudRemoteChunkStreamer(state, commandId);
         let result;
         try {
-          result = await runRemoteControlPrompt(opts, text);
+          result = await runRemoteControlPrompt(opts, text, (stream, chunk) => streamer.push(stream, chunk));
         } catch (err) {
           result = { ok: false, output: err.stack || err.message || String(err) };
         } finally {
+          await streamer.flush().catch(() => {});
           state.busy = false;
+          delete opts._remoteControlExecutionState;
+        }
+        if (state.cancelRequested && result.ok) {
+          result = { ok: false, output: 'Canceled by remote request.' };
         }
         await postCloudRemoteResult(state, commandId, result);
+        if (state.cancelRequested) {
+          state.cancelRequested = false;
+          state.cancelCommandId = null;
+        }
       }
 
+      if (!commands.length && state.cancelRequested && !state.busy) {
+        await postCloudRemoteHeartbeat(state, { cancelAck: true });
+        state.cancelRequested = false;
+        state.cancelCommandId = null;
+      }
       if (!commands.length && Date.now() - lastHeartbeatAt > 10000) {
         lastHeartbeatAt = Date.now();
         await postCloudRemoteHeartbeat(state);
@@ -4683,6 +5030,8 @@ async function startCloudRemoteControlSession(opts, overrides = {}) {
 
   const baseUrl = getRemoteControlRelayBase(opts, overrides);
   const name = getRemoteControlDisplayName(opts, overrides);
+  const permission = getRemoteControlPermissionMode(opts, overrides);
+  opts.remoteControlPermission = permission;
   const payload = {
     name,
     cwd: opts.cwd,
@@ -4690,7 +5039,8 @@ async function startCloudRemoteControlSession(opts, overrides = {}) {
     machine: os.hostname(),
     platform: process.platform,
     node: process.version,
-    mode: opts.agent ? 'agent' : 'chat'
+    mode: opts.agent ? 'agent' : 'chat',
+    permission
   };
   const data = await fetchRemoteControlJson(`${baseUrl}/api/bortex-code/remote/register`, {
     method: 'POST',
@@ -4712,11 +5062,14 @@ async function startCloudRemoteControlSession(opts, overrides = {}) {
     agentToken,
     clientToken: data.clientToken || '',
     name,
+    permission,
     cwd: opts.cwd,
     url: data.url || `${baseUrl}/bortex-code/remote?session=${encodeURIComponent(sessionId)}`,
     pollUrl: data.pollUrl || `${baseUrl}/api/bortex-code/remote/session/${encodeURIComponent(sessionId)}/poll`,
     resultUrl: data.resultUrl || `${baseUrl}/api/bortex-code/remote/session/${encodeURIComponent(sessionId)}/result`,
+    chunkUrl: data.chunkUrl || `${baseUrl}/api/bortex-code/remote/session/${encodeURIComponent(sessionId)}/chunk`,
     heartbeatUrl: data.heartbeatUrl || `${baseUrl}/api/bortex-code/remote/session/${encodeURIComponent(sessionId)}/heartbeat`,
+    controlUrl: data.controlUrl || `${baseUrl}/api/bortex-code/remote/session/${encodeURIComponent(sessionId)}/control`,
     lastCommandId: 0,
     startedAt: Date.now(),
     busy: false,
@@ -4729,9 +5082,13 @@ async function startCloudRemoteControlSession(opts, overrides = {}) {
   state.pollPromise = pollCloudRemoteControlLoop(opts, state).catch((err) => {
     if (state.active) console.error(`Cloud Remote Control stopped unexpectedly: ${err.message || String(err)}`);
   });
+  state.controlPromise = pollCloudRemoteControlControlLoop(state).catch((err) => {
+    if (state.active) console.error(`Cloud Remote Control control loop stopped unexpectedly: ${err.message || String(err)}`);
+  });
 
   console.log(`Cloud Remote Control active: ${state.name}`);
   console.log(`URL: ${state.url}`);
+  console.log(`Permission: ${state.permission}`);
   console.log('No inbound port required. Keep this process running.');
   console.log('Security: keep this tokenized URL private. Anyone with the URL can control this Bortex Code session.');
   return state;
@@ -4755,6 +5112,7 @@ function parseRemoteControlSlashArgs(rest = [], opts = {}) {
     host: opts.remoteControlHost || '127.0.0.1',
     port: Number(opts.remoteControlPort || 0) || 0,
     relayUrl: opts.remoteControlRelayUrl || '',
+    permission: opts.remoteControlPermission || 'balanced',
     cloud: false
   };
   const nameParts = [];
@@ -4785,6 +5143,19 @@ function parseRemoteControlSlashArgs(rest = [], opts = {}) {
       out.relayUrl = a.slice('--remote-relay='.length);
       continue;
     }
+    if ((a === '--permission' || a === '--remote-permission') && rest[i + 1]) {
+      out.permission = String(rest[i + 1]);
+      i += 1;
+      continue;
+    }
+    if (a.startsWith('--permission=')) {
+      out.permission = a.slice('--permission='.length);
+      continue;
+    }
+    if (a.startsWith('--remote-permission=')) {
+      out.permission = a.slice('--remote-permission='.length);
+      continue;
+    }
     if ((a === '--host' || a === '--remote-host') && rest[i + 1]) {
       out.host = String(rest[i + 1]);
       i += 1;
@@ -7605,20 +7976,21 @@ async function main() {
   }
 
   if (opts.remoteControlServerMode) {
+    let remoteState = null;
     if (opts.remoteControlCloud) {
-      await startCloudRemoteControlSession(opts, {
+      remoteState = await startCloudRemoteControlSession(opts, {
         name: opts.remoteControlName,
         relayUrl: opts.remoteControlRelayUrl
       });
     } else {
-      await startRemoteControlServer(opts, {
+      remoteState = await startRemoteControlServer(opts, {
         name: opts.remoteControlName,
         host: opts.remoteControlHost,
         port: opts.remoteControlPort
       });
     }
     console.log('Server mode: keep this process running. Press Ctrl+C to stop Remote Control.');
-    await new Promise((resolve) => {
+    const signalPromise = new Promise((resolve) => {
       let stopping = false;
       const stop = async () => {
         if (stopping) return;
@@ -7634,6 +8006,17 @@ async function main() {
       process.once('SIGINT', stop);
       process.once('SIGTERM', stop);
     });
+    const remoteDonePromises = [];
+    if (remoteState?.pollPromise) remoteDonePromises.push(remoteState.pollPromise);
+    if (remoteState?.controlPromise) remoteDonePromises.push(remoteState.controlPromise);
+    if (remoteDonePromises.length) {
+      await Promise.race([signalPromise, ...remoteDonePromises]);
+      if (opts.remoteControlCloudSession?.active) {
+        await stopCloudRemoteControlSession(opts);
+      }
+    } else {
+      await signalPromise;
+    }
     return;
   }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bortexcode",
-  "version": "1.3.0",
+  "version": "1.5.0",
   "description": "Bortex Code CLI - AI coding assistant powered by bortex.site",
   "homepage": "https://bortex.site",
   "license": "UNLICENSED",