claude-remote-cli 0.1.1

package/server/auth.js

@@ -0,0 +1,58 @@
+const bcrypt = require('bcrypt');
+const crypto = require('crypto');
+
+const SALT_ROUNDS = 10;
+const MAX_ATTEMPTS = 5;
+const LOCKOUT_DURATION_MS = 15 * 60 * 1000; // 15 minutes
+
+const attemptMap = new Map(); // ip -> { count, lockedUntil }
+
+async function hashPin(pin) {
+  return bcrypt.hash(pin, SALT_ROUNDS);
+}
+
+async function verifyPin(pin, hash) {
+  return bcrypt.compare(pin, hash);
+}
+
+function isRateLimited(ip) {
+  const entry = attemptMap.get(ip);
+  if (!entry) return false;
+
+  if (entry.lockedUntil) {
+    if (Date.now() < entry.lockedUntil) {
+      return true;
+    }
+    attemptMap.delete(ip);
+  }
+
+  return false;
+}
+
+function recordFailedAttempt(ip) {
+  const entry = attemptMap.get(ip) || { count: 0, lockedUntil: null };
+  entry.count += 1;
+
+  if (entry.count >= MAX_ATTEMPTS) {
+    entry.lockedUntil = Date.now() + LOCKOUT_DURATION_MS;
+  }
+
+  attemptMap.set(ip, entry);
+}
+
+function clearRateLimit(ip) {
+  attemptMap.delete(ip);
+}
+
+function generateCookieToken() {
+  return crypto.randomBytes(32).toString('hex');
+}
+
+module.exports = {
+  hashPin,
+  verifyPin,
+  recordFailedAttempt,
+  isRateLimited,
+  clearRateLimit,
+  generateCookieToken,
+};

package/server/config.js

@@ -0,0 +1,25 @@
+const fs = require('fs');
+
+const DEFAULTS = {
+  host: '0.0.0.0',
+  port: 3456,
+  cookieTTL: '24h',
+  repos: [],
+  claudeCommand: 'claude',
+  claudeArgs: [],
+};
+
+function loadConfig(configPath) {
+  if (!fs.existsSync(configPath)) {
+    throw new Error(`Config file not found: ${configPath}`);
+  }
+  const raw = fs.readFileSync(configPath, 'utf8');
+  const parsed = JSON.parse(raw);
+  return { ...DEFAULTS, ...parsed };
+}
+
+function saveConfig(configPath, config) {
+  fs.writeFileSync(configPath, JSON.stringify(config, null, 2), 'utf8');
+}
+
+module.exports = { DEFAULTS, loadConfig, saveConfig };

package/server/index.js

@@ -0,0 +1,306 @@
+'use strict';
+
+const http = require('http');
+const path = require('path');
+const readline = require('readline');
+
+const express = require('express');
+const cookieParser = require('cookie-parser');
+
+const { loadConfig, saveConfig, DEFAULTS } = require('./config');
+const auth = require('./auth');
+const sessions = require('./sessions');
+const { setupWebSocket } = require('./ws');
+
+// When run via CLI bin, config lives in ~/.config/claude-remote-cli/
+// When run directly (development), fall back to local config.json
+const CONFIG_PATH = process.env.CLAUDE_REMOTE_CONFIG || path.join(__dirname, '..', 'config.json');
+
+function parseTTL(ttl) {
+  if (typeof ttl !== 'string') return 24 * 60 * 60 * 1000;
+  const match = ttl.match(/^(\d+)([smhd])$/);
+  if (!match) return 24 * 60 * 60 * 1000;
+  const value = parseInt(match[1], 10);
+  switch (match[2]) {
+    case 's': return value * 1000;
+    case 'm': return value * 60 * 1000;
+    case 'h': return value * 60 * 60 * 1000;
+    case 'd': return value * 24 * 60 * 60 * 1000;
+    default:  return 24 * 60 * 60 * 1000;
+  }
+}
+
+function promptPin(question) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+async function main() {
+  let config;
+  try {
+    config = loadConfig(CONFIG_PATH);
+  } catch (_) {
+    config = { ...DEFAULTS };
+    saveConfig(CONFIG_PATH, config);
+  }
+
+  // CLI flag overrides
+  if (process.env.CLAUDE_REMOTE_PORT) config.port = parseInt(process.env.CLAUDE_REMOTE_PORT, 10);
+  if (process.env.CLAUDE_REMOTE_HOST) config.host = process.env.CLAUDE_REMOTE_HOST;
+
+  if (!config.pinHash) {
+    const pin = await promptPin('Set up a PIN for claude-remote-cli:');
+    config.pinHash = await auth.hashPin(pin);
+    saveConfig(CONFIG_PATH, config);
+    console.log('PIN set successfully.');
+  }
+
+  const authenticatedTokens = new Set();
+
+  const app = express();
+  app.use(express.json());
+  app.use(cookieParser());
+  app.use(express.static(path.join(__dirname, '..', 'public')));
+
+  function requireAuth(req, res, next) {
+    const token = req.cookies && req.cookies.token;
+    if (!token || !authenticatedTokens.has(token)) {
+      return res.status(401).json({ error: 'Unauthorized' });
+    }
+    next();
+  }
+
+  // POST /auth
+  app.post('/auth', async (req, res) => {
+    const ip = req.ip || req.connection.remoteAddress;
+    if (auth.isRateLimited(ip)) {
+      return res.status(429).json({ error: 'Too many attempts. Try again later.' });
+    }
+
+    const { pin } = req.body;
+    if (!pin) {
+      return res.status(400).json({ error: 'PIN required' });
+    }
+
+    const valid = await auth.verifyPin(pin, config.pinHash);
+    if (!valid) {
+      auth.recordFailedAttempt(ip);
+      return res.status(401).json({ error: 'Invalid PIN' });
+    }
+
+    auth.clearRateLimit(ip);
+    const token = auth.generateCookieToken();
+    authenticatedTokens.add(token);
+
+    const ttlMs = parseTTL(config.cookieTTL);
+    setTimeout(() => authenticatedTokens.delete(token), ttlMs);
+
+    res.cookie('token', token, {
+      httpOnly: true,
+      sameSite: 'strict',
+      maxAge: ttlMs,
+    });
+
+    return res.json({ ok: true });
+  });
+
+  // GET /sessions
+  app.get('/sessions', requireAuth, (req, res) => {
+    res.json(sessions.list());
+  });
+
+  // GET /repos — scan root dirs for repos
+  app.get('/repos', requireAuth, (req, res) => {
+    const fs = require('fs');
+    const roots = config.rootDirs || [];
+    const repos = [];
+    for (const rootDir of roots) {
+      try {
+        const entries = fs.readdirSync(rootDir, { withFileTypes: true });
+        for (const entry of entries) {
+          if (!entry.isDirectory() || entry.name.startsWith('.')) continue;
+          const fullPath = path.join(rootDir, entry.name);
+          const hasGit = fs.existsSync(path.join(fullPath, '.git'));
+          if (hasGit) {
+            repos.push({ name: entry.name, path: fullPath, root: rootDir });
+          }
+        }
+      } catch (_) {
+        // skip unreadable dirs
+      }
+    }
+    // Also include legacy manually-added repos
+    if (config.repos) {
+      for (const repo of config.repos) {
+        if (!repos.some((r) => r.path === repo.path)) {
+          repos.push(repo);
+        }
+      }
+    }
+    res.json(repos);
+  });
+
+  // GET /worktrees?repo=<path> — list worktrees; omit repo to scan all repos in all rootDirs
+  app.get('/worktrees', requireAuth, (req, res) => {
+    const fs = require('fs');
+    const repoParam = req.query.repo;
+    const roots = config.rootDirs || [];
+    const worktrees = [];
+
+    // Build list of repos to scan
+    const reposToScan = [];
+    if (repoParam) {
+      // Single repo mode (used by new session dialog)
+      const root = roots.find(function (r) { return repoParam.startsWith(r); }) || '';
+      reposToScan.push({ path: repoParam, name: repoParam.split('/').filter(Boolean).pop(), root });
+    } else {
+      // Scan all repos in all roots
+      for (const rootDir of roots) {
+        try {
+          const entries = fs.readdirSync(rootDir, { withFileTypes: true });
+          for (const entry of entries) {
+            if (!entry.isDirectory() || entry.name.startsWith('.')) continue;
+            const fullPath = path.join(rootDir, entry.name);
+            if (fs.existsSync(path.join(fullPath, '.git'))) {
+              reposToScan.push({ path: fullPath, name: entry.name, root: rootDir });
+            }
+          }
+        } catch (_) {
+          // skip unreadable dirs
+        }
+      }
+    }
+
+    for (const repo of reposToScan) {
+      const worktreeDir = path.join(repo.path, '.claude', 'worktrees');
+      try {
+        const entries = fs.readdirSync(worktreeDir, { withFileTypes: true });
+        for (const entry of entries) {
+          if (!entry.isDirectory()) continue;
+          worktrees.push({
+            name: entry.name,
+            path: path.join(worktreeDir, entry.name),
+            repoName: repo.name,
+            repoPath: repo.path,
+            root: repo.root,
+          });
+        }
+      } catch (_) {
+        // no worktrees dir — that's fine
+      }
+    }
+
+    res.json(worktrees);
+  });
+
+  // GET /roots — list root directories
+  app.get('/roots', requireAuth, (req, res) => {
+    res.json(config.rootDirs || []);
+  });
+
+  // POST /roots — add a root directory
+  app.post('/roots', requireAuth, (req, res) => {
+    const { path: rootPath } = req.body;
+    if (!rootPath) {
+      return res.status(400).json({ error: 'path is required' });
+    }
+    if (!config.rootDirs) config.rootDirs = [];
+    if (config.rootDirs.includes(rootPath)) {
+      return res.status(409).json({ error: 'Root already exists' });
+    }
+    config.rootDirs.push(rootPath);
+    saveConfig(CONFIG_PATH, config);
+    res.status(201).json(config.rootDirs);
+  });
+
+  // DELETE /roots — remove a root directory
+  app.delete('/roots', requireAuth, (req, res) => {
+    const { path: rootPath } = req.body;
+    if (!rootPath || !config.rootDirs) {
+      return res.status(400).json({ error: 'path is required' });
+    }
+    config.rootDirs = config.rootDirs.filter((r) => r !== rootPath);
+    saveConfig(CONFIG_PATH, config);
+    res.json(config.rootDirs);
+  });
+
+  // POST /sessions
+  app.post('/sessions', requireAuth, (req, res) => {
+    const { repoPath, repoName, worktreePath, claudeArgs } = req.body;
+    if (!repoPath) {
+      return res.status(400).json({ error: 'repoPath is required' });
+    }
+
+    const name = repoName || repoPath.split('/').filter(Boolean).pop() || 'session';
+    const baseArgs = claudeArgs || config.claudeArgs || [];
+
+    // Compute root by matching repoPath against configured rootDirs
+    const roots = config.rootDirs || [];
+    const root = roots.find(function (r) { return repoPath.startsWith(r); }) || '';
+
+    let args, cwd, worktreeName;
+
+    if (worktreePath) {
+      // Resume existing worktree — run claude inside the worktree directory
+      args = [...baseArgs];
+      cwd = worktreePath;
+      worktreeName = worktreePath.split('/').pop();
+    } else {
+      // New worktree
+      worktreeName = 'mobile-' + name + '-' + Date.now().toString(36);
+      args = ['--worktree', worktreeName, ...baseArgs];
+      cwd = repoPath;
+    }
+
+    const session = sessions.create({
+      repoName: name,
+      repoPath: cwd,
+      root,
+      worktreeName,
+      displayName: worktreeName,
+      command: config.claudeCommand,
+      args,
+    });
+    return res.status(201).json(session);
+  });
+
+  // DELETE /sessions/:id
+  app.delete('/sessions/:id', requireAuth, (req, res) => {
+    try {
+      sessions.kill(req.params.id);
+      res.json({ ok: true });
+    } catch (_) {
+      res.status(404).json({ error: 'Session not found' });
+    }
+  });
+
+  // PATCH /sessions/:id — update displayName and send /rename through PTY
+  app.patch('/sessions/:id', requireAuth, (req, res) => {
+    const { displayName } = req.body;
+    if (!displayName) return res.status(400).json({ error: 'displayName is required' });
+    try {
+      const updated = sessions.updateDisplayName(req.params.id, displayName);
+      const session = sessions.get(req.params.id);
+      if (session && session.pty) {
+        session.pty.write('/rename "' + displayName.replace(/"/g, '\\"') + '"\r');
+      }
+      res.json(updated);
+    } catch (_) {
+      res.status(404).json({ error: 'Session not found' });
+    }
+  });
+
+  const server = http.createServer(app);
+  setupWebSocket(server, authenticatedTokens);
+
+  server.listen(config.port, config.host, () => {
+    console.log(`claude-remote-cli listening on ${config.host}:${config.port}`);
+  });
+}
+
+main().catch(console.error);

package/server/sessions.js

@@ -0,0 +1,104 @@
+'use strict';
+
+const pty = require('node-pty');
+const crypto = require('crypto');
+
+// In-memory registry: id -> {id, root, repoName, repoPath, worktreeName, displayName, pty, createdAt}
+const sessions = new Map();
+
+function create({ repoName, repoPath, root, worktreeName, displayName, command, args = [], cols = 80, rows = 24 }) {
+  const id = crypto.randomBytes(8).toString('hex');
+  const createdAt = new Date().toISOString();
+
+  // Strip CLAUDECODE env var to allow spawning claude inside a claude-managed server
+  const env = Object.assign({}, process.env);
+  delete env.CLAUDECODE;
+
+  const ptyProcess = pty.spawn(command, args, {
+    name: 'xterm-256color',
+    cols,
+    rows,
+    cwd: repoPath,
+    env,
+  });
+
+  // Scrollback buffer: stores all PTY output so we can replay on WebSocket (re)connect
+  const scrollback = [];
+  let scrollbackBytes = 0;
+  const MAX_SCROLLBACK = 256 * 1024; // 256KB max
+
+  const session = {
+    id,
+    root: root || '',
+    repoName: repoName || '',
+    repoPath,
+    worktreeName: worktreeName || '',
+    displayName: displayName || worktreeName || repoName || '',
+    pty: ptyProcess,
+    createdAt,
+    lastActivity: createdAt,
+    scrollback,
+  };
+  sessions.set(id, session);
+
+  ptyProcess.onData((data) => {
+    session.lastActivity = new Date().toISOString();
+    scrollback.push(data);
+    scrollbackBytes += data.length;
+    // Trim oldest entries if over limit
+    while (scrollbackBytes > MAX_SCROLLBACK && scrollback.length > 1) {
+      scrollbackBytes -= scrollback.shift().length;
+    }
+  });
+
+  ptyProcess.onExit(() => {
+    sessions.delete(id);
+  });
+
+  return { id, root: session.root, repoName: session.repoName, repoPath, worktreeName: session.worktreeName, displayName: session.displayName, pid: ptyProcess.pid, createdAt };
+}
+
+function get(id) {
+  return sessions.get(id);
+}
+
+function list() {
+  return Array.from(sessions.values())
+    .map(({ id, root, repoName, repoPath, worktreeName, displayName, createdAt, lastActivity }) => ({
+      id,
+      root,
+      repoName,
+      repoPath,
+      worktreeName,
+      displayName,
+      createdAt,
+      lastActivity,
+    }))
+    .sort((a, b) => b.lastActivity.localeCompare(a.lastActivity));
+}
+
+function updateDisplayName(id, displayName) {
+  const session = sessions.get(id);
+  if (!session) throw new Error('Session not found: ' + id);
+  session.displayName = displayName;
+  return { id, displayName };
+}
+
+function kill(id) {
+  const session = sessions.get(id);
+  if (!session) {
+    throw new Error(`Session not found: ${id}`);
+  }
+  session.pty.kill('SIGTERM');
+  sessions.delete(id);
+}
+
+function resize(id, cols, rows) {
+  const session = sessions.get(id);
+  if (!session) {
+    throw new Error(`Session not found: ${id}`);
+  }
+  session.pty.resize(cols, rows);
+}
+
+module.exports = { create, get, list, kill, resize, updateDisplayName };

package/server/ws.js

@@ -0,0 +1,100 @@
+'use strict';
+
+const { WebSocketServer } = require('ws');
+const sessions = require('./sessions');
+
+function parseCookies(cookieHeader) {
+  const cookies = {};
+  if (!cookieHeader) return cookies;
+  cookieHeader.split(';').forEach((part) => {
+    const idx = part.indexOf('=');
+    if (idx < 0) return;
+    const key = part.slice(0, idx).trim();
+    const val = part.slice(idx + 1).trim();
+    cookies[key] = decodeURIComponent(val);
+  });
+  return cookies;
+}
+
+function setupWebSocket(server, authenticatedTokens) {
+  const wss = new WebSocketServer({ noServer: true });
+
+  server.on('upgrade', (request, socket, head) => {
+    // Authenticate via cookie
+    const cookies = parseCookies(request.headers.cookie);
+    if (!authenticatedTokens.has(cookies.token)) {
+      socket.write('HTTP/1.1 401 Unauthorized\r\n\r\n');
+      socket.destroy();
+      return;
+    }
+
+    // Extract sessionId from URL /ws/:sessionId
+    const match = request.url && request.url.match(/^\/ws\/([a-f0-9]+)$/);
+    if (!match) {
+      socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
+      socket.destroy();
+      return;
+    }
+
+    const sessionId = match[1];
+    const session = sessions.get(sessionId);
+    if (!session) {
+      socket.write('HTTP/1.1 404 Not Found\r\n\r\n');
+      socket.destroy();
+      return;
+    }
+
+    wss.handleUpgrade(request, socket, head, (ws) => {
+      wss.emit('connection', ws, request, session);
+    });
+  });
+
+  wss.on('connection', (ws, request, session) => {
+    const ptyProcess = session.pty;
+
+    // Replay scrollback buffer so client sees all prior output
+    if (session.scrollback && session.scrollback.length > 0) {
+      for (const chunk of session.scrollback) {
+        ws.send(chunk);
+      }
+    }
+
+    // PTY output -> WebSocket
+    const dataHandler = ptyProcess.onData((data) => {
+      if (ws.readyState === ws.OPEN) {
+        ws.send(data);
+      }
+    });
+
+    // WebSocket input -> PTY
+    ws.on('message', (msg) => {
+      const str = msg.toString();
+      try {
+        const parsed = JSON.parse(str);
+        if (parsed.type === 'resize' && parsed.cols && parsed.rows) {
+          sessions.resize(session.id, parsed.cols, parsed.rows);
+          return;
+        }
+      } catch (_) {
+        // Not JSON — fall through to write
+      }
+      ptyProcess.write(str);
+    });
+
+    // Cleanup on WebSocket close
+    ws.on('close', () => {
+      dataHandler.dispose();
+    });
+
+    // Close WebSocket when PTY exits
+    ptyProcess.onExit(() => {
+      if (ws.readyState === ws.OPEN) {
+        ws.close(1000);
+      }
+    });
+  });
+
+  return wss;
+}
+
+module.exports = { setupWebSocket };