botsync 0.1.0

package/dist/passphrase.d.ts

@@ -0,0 +1,31 @@
+/**
+ * passphrase.ts — Human-readable pairing codes via relay.
+ *
+ * Instead of encoding the full device ID into a massive base58 string,
+ * we now use a 4-word code like "castle-river-falcon-dawn". The device
+ * ID is stored temporarily on a Cloudflare Worker relay, and the code
+ * is the lookup key.
+ *
+ * Falls back to the old base58 encoding if the relay is unreachable
+ * (offline/airgap mode).
+ */
+export interface PassphraseData {
+    deviceId: string;
+    folders: string[];
+}
+/**
+ * Register a device ID with the relay and get a short code.
+ * Falls back to base58 encoding if the relay is unreachable.
+ */
+export declare function createCode(data: PassphraseData): Promise<{
+    code: string;
+    isRelay: boolean;
+}>;
+/**
+ * Resolve a pairing code to connection data.
+ * If it looks like a word code (contains dashes, all alpha), try the relay.
+ * Otherwise treat it as a base58 offline passphrase.
+ */
+export declare function resolveCode(code: string): Promise<PassphraseData>;
+export declare function encode(data: PassphraseData): string;
+export declare function decode(passphrase: string): PassphraseData;

package/dist/passphrase.js

@@ -0,0 +1,89 @@
+"use strict";
+/**
+ * passphrase.ts — Human-readable pairing codes via relay.
+ *
+ * Instead of encoding the full device ID into a massive base58 string,
+ * we now use a 4-word code like "castle-river-falcon-dawn". The device
+ * ID is stored temporarily on a Cloudflare Worker relay, and the code
+ * is the lookup key.
+ *
+ * Falls back to the old base58 encoding if the relay is unreachable
+ * (offline/airgap mode).
+ */
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createCode = createCode;
+exports.resolveCode = resolveCode;
+exports.encode = encode;
+exports.decode = decode;
+const base_x_1 = __importDefault(require("base-x"));
+const RELAY_URL = "https://relay.botsync.io";
+// Keep base58 as fallback for offline use
+const BASE58 = "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz";
+const bs58 = (0, base_x_1.default)(BASE58);
+/**
+ * Register a device ID with the relay and get a short code.
+ * Falls back to base58 encoding if the relay is unreachable.
+ */
+async function createCode(data) {
+    try {
+        const res = await fetch(`${RELAY_URL}/pair`, {
+            method: "POST",
+            headers: { "Content-Type": "application/json" },
+            body: JSON.stringify({ deviceId: data.deviceId }),
+            signal: AbortSignal.timeout(5000),
+        });
+        if (res.ok) {
+            const { code } = (await res.json());
+            return { code, isRelay: true };
+        }
+    }
+    catch {
+        // Relay unreachable — fall back to offline mode
+    }
+    // Offline fallback: base58 encode everything
+    const json = JSON.stringify(data);
+    const buf = Buffer.from(json, "utf-8");
+    return { code: bs58.encode(buf), isRelay: false };
+}
+/**
+ * Resolve a pairing code to connection data.
+ * If it looks like a word code (contains dashes, all alpha), try the relay.
+ * Otherwise treat it as a base58 offline passphrase.
+ */
+async function resolveCode(code) {
+    // Word codes contain dashes and only letters
+    const isWordCode = code.includes("-") && /^[a-z-]+$/.test(code);
+    if (isWordCode) {
+        const res = await fetch(`${RELAY_URL}/pair/${code}`, {
+            signal: AbortSignal.timeout(5000),
+        });
+        if (!res.ok) {
+            const body = (await res.json());
+            throw new Error(body.error || `Relay returned ${res.status}`);
+        }
+        const { deviceId } = (await res.json());
+        // Folders are always the standard set — no need to encode them
+        return {
+            deviceId,
+            folders: ["botsync-shared", "botsync-deliverables", "botsync-inbox"],
+        };
+    }
+    // Legacy base58 fallback
+    const buf = Buffer.from(bs58.decode(code));
+    const json = buf.toString("utf-8");
+    return JSON.parse(json);
+}
+// Keep old exports for backward compat during transition
+function encode(data) {
+    const json = JSON.stringify(data);
+    const buf = Buffer.from(json, "utf-8");
+    return bs58.encode(buf);
+}
+function decode(passphrase) {
+    const buf = Buffer.from(bs58.decode(passphrase));
+    const json = buf.toString("utf-8");
+    return JSON.parse(json);
+}

package/dist/syncthing.d.ts

@@ -0,0 +1,80 @@
+/**
+ * syncthing.ts — Syncthing lifecycle manager.
+ *
+ * Handles everything about the Syncthing binary and daemon:
+ * - Downloading the right binary for the current platform
+ * - Generating the initial config.xml with sane defaults
+ * - Starting/stopping the daemon as a background process
+ * - REST API wrapper for runtime configuration
+ *
+ * We generate config.xml from a template string rather than parsing XML.
+ * This is intentional — Syncthing's config format is stable, and template
+ * generation is way simpler than XML manipulation for an MVP.
+ */
+/**
+ * Get the path to the Syncthing binary.
+ * Checks: 1) our cached binary, 2) system PATH, 3) needs download.
+ */
+export declare function getSyncthingBin(): string;
+/**
+ * Download the Syncthing binary for the current platform.
+ * Extracts from the GitHub release and stores in ~/.botsync/bin/.
+ *
+ * Skips download if we already have a binary OR one exists on the system PATH.
+ * macOS releases are .zip, Linux releases are .tar.gz.
+ */
+export declare function downloadSyncthing(): Promise<void>;
+/**
+ * Generate the Syncthing config.xml with our desired settings.
+ *
+ * Key decisions:
+ * - GUI disabled: agents don't need a web UI, and it avoids port conflicts
+ * - Global discovery disabled: we pair explicitly via passphrase, no phone-home
+ * - Local discovery enabled: allows finding peers on the same LAN without relay
+ * - Relaying disabled: MVP keeps it simple, direct connections only
+ * - Random API port: avoids conflicts with other Syncthing instances
+ */
+export declare function generateConfig(apiKey: string, apiPort: number): string;
+/**
+ * Start the Syncthing daemon as a background process.
+ * Returns the child process PID.
+ *
+ * We detach the process and unref it so our CLI can exit while
+ * Syncthing keeps running. The PID is saved to disk so `botsync stop`
+ * can find and kill it later.
+ */
+export declare function startDaemon(): number;
+/**
+ * Make an API call to the local Syncthing REST API.
+ * All config changes go through this — Syncthing's REST API is the
+ * canonical way to modify a running instance's configuration.
+ */
+export declare function apiCall<T = unknown>(method: string, path: string, body?: unknown): Promise<T>;
+/**
+ * Get this device's Syncthing device ID.
+ * The device ID is derived from the TLS certificate Syncthing generates
+ * on first run — it's essentially a public key fingerprint.
+ */
+export declare function getDeviceId(): Promise<string>;
+/**
+ * Wait for Syncthing to become responsive.
+ * On first run, Syncthing needs a moment to generate its TLS cert and
+ * start the API server. We poll until it responds.
+ */
+export declare function waitForStart(maxRetries?: number): Promise<void>;
+/**
+ * Add a remote device to Syncthing's config.
+ * This is how we "pair" — we tell our Syncthing about the other device's ID.
+ */
+export declare function addDevice(deviceId: string): Promise<void>;
+/**
+ * Add a device to a specific shared folder.
+ * Both sides need to share the same folder IDs with each other's device IDs
+ * for sync to work.
+ */
+export declare function addDeviceToFolder(folderId: string, deviceId: string): Promise<void>;
+/**
+ * Stop the Syncthing daemon by reading the PID file and sending SIGTERM.
+ * Returns true if a process was stopped, false if nothing was running.
+ */
+export declare function stopDaemon(): boolean;

package/dist/syncthing.js

@@ -0,0 +1,312 @@
+"use strict";
+/**
+ * syncthing.ts — Syncthing lifecycle manager.
+ *
+ * Handles everything about the Syncthing binary and daemon:
+ * - Downloading the right binary for the current platform
+ * - Generating the initial config.xml with sane defaults
+ * - Starting/stopping the daemon as a background process
+ * - REST API wrapper for runtime configuration
+ *
+ * We generate config.xml from a template string rather than parsing XML.
+ * This is intentional — Syncthing's config format is stable, and template
+ * generation is way simpler than XML manipulation for an MVP.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getSyncthingBin = getSyncthingBin;
+exports.downloadSyncthing = downloadSyncthing;
+exports.generateConfig = generateConfig;
+exports.startDaemon = startDaemon;
+exports.apiCall = apiCall;
+exports.getDeviceId = getDeviceId;
+exports.waitForStart = waitForStart;
+exports.addDevice = addDevice;
+exports.addDeviceToFolder = addDeviceToFolder;
+exports.stopDaemon = stopDaemon;
+const child_process_1 = require("child_process");
+const fs_1 = require("fs");
+const path_1 = require("path");
+const https_1 = require("https");
+const config_js_1 = require("./config.js");
+const SYNCTHING_VERSION = "2.0.15";
+/**
+ * Follow redirects for HTTPS GET — needed because GitHub releases
+ * redirect from the download URL to a CDN. Node's https.get doesn't
+ * follow redirects by default, which is frankly annoying.
+ */
+function httpsGetFollowRedirects(url) {
+    return new Promise((resolve, reject) => {
+        (0, https_1.get)(url, (res) => {
+            if (res.statusCode && res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
+                // Follow the redirect
+                httpsGetFollowRedirects(res.headers.location).then(resolve, reject);
+            }
+            else {
+                resolve(res);
+            }
+        }).on("error", reject);
+    });
+}
+/**
+ * Find an existing syncthing binary on the system PATH, or return null.
+ * Prefer system-installed syncthing over downloading — avoids duplication
+ * and works better when the user already has it (e.g., via Homebrew).
+ */
+function findSystemSyncthing() {
+    try {
+        const result = (0, child_process_1.execSync)("which syncthing", { encoding: "utf-8" }).trim();
+        if (result && (0, fs_1.existsSync)(result))
+            return result;
+    }
+    catch {
+        // Not found on PATH
+    }
+    return null;
+}
+/**
+ * Get the path to the Syncthing binary.
+ * Checks: 1) our cached binary, 2) system PATH, 3) needs download.
+ */
+function getSyncthingBin() {
+    if ((0, fs_1.existsSync)(config_js_1.SYNCTHING_BIN))
+        return config_js_1.SYNCTHING_BIN;
+    const system = findSystemSyncthing();
+    if (system)
+        return system;
+    return config_js_1.SYNCTHING_BIN; // Will need download
+}
+/**
+ * Download the Syncthing binary for the current platform.
+ * Extracts from the GitHub release and stores in ~/.botsync/bin/.
+ *
+ * Skips download if we already have a binary OR one exists on the system PATH.
+ * macOS releases are .zip, Linux releases are .tar.gz.
+ */
+async function downloadSyncthing() {
+    // Check if we already have a usable binary (cached or system)
+    if ((0, fs_1.existsSync)(config_js_1.SYNCTHING_BIN))
+        return;
+    if (findSystemSyncthing()) {
+        return; // Using system Syncthing
+    }
+    // Map Node's platform/arch to Syncthing's naming convention
+    const platform = process.platform === "darwin" ? "macos" : "linux";
+    const arch = process.arch === "arm64" ? "arm64" : "amd64";
+    const slug = `syncthing-${platform}-${arch}-v${SYNCTHING_VERSION}`;
+    // macOS uses .zip, Linux uses .tar.gz
+    const ext = process.platform === "darwin" ? "zip" : "tar.gz";
+    const url = `https://github.com/syncthing/syncthing/releases/download/v${SYNCTHING_VERSION}/${slug}.${ext}`;
+    // Download message handled by caller's UI
+    (0, fs_1.mkdirSync)(config_js_1.SYNCTHING_BIN_DIR, { recursive: true });
+    const archivePath = (0, path_1.join)(config_js_1.SYNCTHING_BIN_DIR, `syncthing.${ext}`);
+    // Use curl for downloads — it handles redirects, TLS, and retries
+    // better than Node's https.get, and every Mac/Linux has it.
+    (0, child_process_1.execSync)(`curl -fsSL -o "${archivePath}" "${url}"`, { stdio: "inherit" });
+    if (ext === "zip") {
+        // macOS: unzip, then move binary out
+        (0, child_process_1.execSync)(`unzip -o "${archivePath}" -d "${config_js_1.SYNCTHING_BIN_DIR}"`, { stdio: "ignore" });
+        const extracted = (0, path_1.join)(config_js_1.SYNCTHING_BIN_DIR, slug, "syncthing");
+        if ((0, fs_1.existsSync)(extracted)) {
+            (0, child_process_1.execSync)(`mv "${extracted}" "${config_js_1.SYNCTHING_BIN}"`);
+            // Clean up extracted directory
+            (0, child_process_1.execSync)(`rm -rf "${(0, path_1.join)(config_js_1.SYNCTHING_BIN_DIR, slug)}"`);
+        }
+    }
+    else {
+        // Linux: tar extract
+        const tar = await import("tar");
+        await tar.extract({
+            file: archivePath,
+            cwd: config_js_1.SYNCTHING_BIN_DIR,
+            strip: 1,
+            filter: (path) => path.endsWith("/syncthing"),
+        });
+    }
+    (0, fs_1.chmodSync)(config_js_1.SYNCTHING_BIN, 0o755);
+    // Clean up the archive
+    const { unlinkSync } = await import("fs");
+    unlinkSync(archivePath);
+    // Download complete — caller handles messaging
+}
+/**
+ * Generate the Syncthing config.xml with our desired settings.
+ *
+ * Key decisions:
+ * - GUI disabled: agents don't need a web UI, and it avoids port conflicts
+ * - Global discovery disabled: we pair explicitly via passphrase, no phone-home
+ * - Local discovery enabled: allows finding peers on the same LAN without relay
+ * - Relaying disabled: MVP keeps it simple, direct connections only
+ * - Random API port: avoids conflicts with other Syncthing instances
+ */
+function generateConfig(apiKey, apiPort) {
+    // Build folder XML blocks from our standard folder list
+    const folderXml = config_js_1.FOLDERS.map((f) => `
+    <folder id="${f.id}" label="${f.id}" path="${f.path}" type="sendreceive" 
+            rescanIntervalS="10" fsWatcherEnabled="true" fsWatcherDelayS="1">
+        <filesystemType>basic</filesystemType>
+        <minDiskFree unit="%">1</minDiskFree>
+    </folder>`).join("\n");
+    return `<configuration version="37">
+${folderXml}
+
+    <gui enabled="true" tls="false" debugging="false">
+        <address>127.0.0.1:${apiPort}</address>
+        <apikey>${apiKey}</apikey>
+        <theme>default</theme>
+    </gui>
+
+    <options>
+        <listenAddress>default</listenAddress>
+        <globalAnnounceEnabled>true</globalAnnounceEnabled>
+        <localAnnounceEnabled>true</localAnnounceEnabled>
+        <relaysEnabled>true</relaysEnabled>
+        <startBrowser>false</startBrowser>
+        <natEnabled>true</natEnabled>
+        <urAccepted>-1</urAccepted>
+        <autoUpgradeIntervalH>0</autoUpgradeIntervalH>
+    </options>
+
+    <defaults>
+        <device>
+            <autoAcceptFolders>true</autoAcceptFolders>
+        </device>
+    </defaults>
+</configuration>
+`;
+}
+/**
+ * Start the Syncthing daemon as a background process.
+ * Returns the child process PID.
+ *
+ * We detach the process and unref it so our CLI can exit while
+ * Syncthing keeps running. The PID is saved to disk so `botsync stop`
+ * can find and kill it later.
+ */
+function startDaemon() {
+    (0, fs_1.mkdirSync)(config_js_1.SYNCTHING_CONFIG_DIR, { recursive: true });
+    const bin = getSyncthingBin();
+    const child = (0, child_process_1.spawn)(bin, [
+        "--no-browser",
+        "--no-upgrade",
+        `--home=${config_js_1.SYNCTHING_CONFIG_DIR}`,
+    ], {
+        detached: true,
+        stdio: "ignore", // Don't inherit our stdio — it's a background daemon
+    });
+    child.unref(); // Let the parent process exit without waiting
+    const pid = child.pid;
+    if (!pid)
+        throw new Error("Failed to start Syncthing daemon");
+    // Save PID so we can stop it later
+    (0, fs_1.writeFileSync)(config_js_1.PID_FILE, pid.toString());
+    return pid;
+}
+/**
+ * Make an API call to the local Syncthing REST API.
+ * All config changes go through this — Syncthing's REST API is the
+ * canonical way to modify a running instance's configuration.
+ */
+async function apiCall(method, path, body) {
+    const config = (0, config_js_1.readConfig)();
+    if (!config)
+        throw new Error("botsync not initialized. Run `botsync init` first.");
+    const url = `http://127.0.0.1:${config.apiPort}${path}`;
+    const headers = {
+        "X-API-Key": config.apiKey,
+        "Content-Type": "application/json",
+    };
+    const res = await fetch(url, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    if (!res.ok) {
+        const text = await res.text();
+        throw new Error(`Syncthing API error: ${res.status} ${text}`);
+    }
+    // Some endpoints return no body (204, etc.)
+    const text = await res.text();
+    if (!text)
+        return undefined;
+    return JSON.parse(text);
+}
+/**
+ * Get this device's Syncthing device ID.
+ * The device ID is derived from the TLS certificate Syncthing generates
+ * on first run — it's essentially a public key fingerprint.
+ */
+async function getDeviceId() {
+    const status = await apiCall("GET", "/rest/system/status");
+    return status.myID;
+}
+/**
+ * Wait for Syncthing to become responsive.
+ * On first run, Syncthing needs a moment to generate its TLS cert and
+ * start the API server. We poll until it responds.
+ */
+async function waitForStart(maxRetries = 30) {
+    for (let i = 0; i < maxRetries; i++) {
+        try {
+            await apiCall("GET", "/rest/system/status");
+            return; // It's alive!
+        }
+        catch {
+            // Not ready yet — wait and retry
+            await new Promise((r) => setTimeout(r, 1000));
+        }
+    }
+    throw new Error("Syncthing failed to start within 30 seconds");
+}
+/**
+ * Add a remote device to Syncthing's config.
+ * This is how we "pair" — we tell our Syncthing about the other device's ID.
+ */
+async function addDevice(deviceId) {
+    // Get current config, add the device, PUT it back
+    const config = await apiCall("GET", "/rest/config");
+    // Don't add if already present
+    const exists = config.devices.some((d) => d.deviceID === deviceId);
+    if (exists)
+        return;
+    config.devices.push({
+        deviceID: deviceId,
+    });
+    await apiCall("PUT", "/rest/config", config);
+}
+/**
+ * Add a device to a specific shared folder.
+ * Both sides need to share the same folder IDs with each other's device IDs
+ * for sync to work.
+ */
+async function addDeviceToFolder(folderId, deviceId) {
+    const config = await apiCall("GET", "/rest/config");
+    const folder = config.folders.find((f) => f.id === folderId);
+    if (!folder)
+        throw new Error(`Folder ${folderId} not found in config`);
+    // Don't add if already shared with this device
+    const exists = folder.devices?.some((d) => d.deviceID === deviceId);
+    if (exists)
+        return;
+    if (!folder.devices)
+        folder.devices = [];
+    folder.devices.push({ deviceID: deviceId });
+    await apiCall("PUT", "/rest/config", config);
+}
+/**
+ * Stop the Syncthing daemon by reading the PID file and sending SIGTERM.
+ * Returns true if a process was stopped, false if nothing was running.
+ */
+function stopDaemon() {
+    try {
+        const pid = parseInt((0, fs_1.readFileSync)(config_js_1.PID_FILE, "utf-8").trim(), 10);
+        process.kill(pid, "SIGTERM");
+        // Clean up PID file
+        const { unlinkSync } = require("fs");
+        unlinkSync(config_js_1.PID_FILE);
+        return true;
+    }
+    catch {
+        // No PID file or process already dead — that's fine
+        return false;
+    }
+}

package/dist/ui.d.ts

@@ -0,0 +1,47 @@
+/**
+ * ui.ts — Pretty terminal output for botsync.
+ *
+ * Inspired by Claude Code's minimal, elegant CLI style:
+ * - 2-space indent on everything
+ * - Muted colors, not a rainbow
+ * - Box-drawing for important info (passphrases)
+ * - Spinners for async waits
+ * - Clean status tables with alignment
+ *
+ * Uses chalk@4 (CJS-compatible) and ora@5 (CJS-compatible).
+ */
+import { Ora } from "ora";
+/** The botsync diamond header — printed once at the top of every command. */
+export declare function header(): void;
+/** A step that completed successfully. */
+export declare function stepDone(label: string): void;
+/** A step that failed. */
+export declare function stepFail(label: string): void;
+/** Print an info line (indented, dimmed). */
+export declare function info(text: string): void;
+/** Print a blank line. */
+export declare function gap(): void;
+/**
+ * Display the passphrase in a box so it visually pops.
+ * The box auto-sizes to the passphrase length (with wrapping for long ones).
+ */
+export declare function passphraseBox(passphrase: string, command: string): void;
+/** Start a spinner. Returns the ora instance so the caller can stop it. */
+export declare function spinner(text: string): Ora;
+/** Print the "paired" success message. */
+export declare function paired(deviceId: string): void;
+/** Print connection success for the join side. */
+export declare function connected(deviceId: string): void;
+/** Print the status table. */
+export declare function statusTable(peers: number, deviceId: string, folders: Array<{
+    name: string;
+    synced: boolean;
+    state: string;
+    lastChange?: string;
+}>): void;
+/** Stopped message. */
+export declare function stopped(): void;
+/** Not running message. */
+export declare function notRunning(): void;
+/** Error message. */
+export declare function error(msg: string): void;