codehost 0.1.1 → 0.3.1

package/src/cli/oxmgr.ts

@@ -1,16 +1,76 @@
-import { spawnSync } from "node:child_process";
+import { type SpawnSyncOptions, spawnSync } from "node:child_process";
+import { createRequire } from "node:module";
+import { healOxmgr } from "./oxmgr-heal";
 
-// Thin wrapper around the `oxmgr` process manager (https://npmjs.com/package/oxmgr).
-// `codehost serve -d` re-launches the foreground `serve` under oxmgr so it
-// survives the shell and restarts on failure.
+// Wrapper around the `oxmgr` process manager (https://npmjs.com/package/oxmgr),
+// used by `serve|dev|expose -d` to run the foreground command as a managed,
+// restart-on-failure daemon.
+//
+// oxmgr is a *dependency* of codehost, and we invoke it via the current runtime
+// (bun) using its resolved JS entry — never the bare `oxmgr` command. That
+// avoids the Windows failure where `spawnSync("oxmgr")` can't resolve a PATH
+// shim without the .exe/.cmd extension, and needs no Node and no global install.
 
+const require = createRequire(import.meta.url);
+
+/** Resolve oxmgr's JS CLI entry from codehost's own node_modules. */
+function oxmgrEntry(): string | null {
+  try {
+    return require.resolve("oxmgr/bin/oxmgr.js");
+  } catch {
+    return null;
+  }
+}
+
+/** Run the oxmgr CLI via bun. Returns the exit status (1 if unresolvable). */
+function ox(args: string[], opts: SpawnSyncOptions = {}): number {
+  const entry = oxmgrEntry();
+  if (!entry) return 1;
+  const r = spawnSync(process.execPath, [entry, ...args], opts);
+  return r.status ?? 1;
+}
+
+type OxmgrState = "ok" | "broken" | "missing";
+
+/** Probe oxmgr: "missing" = not installed; "broken" = installed but its binary
+ *  won't run (no vendored prebuilt yet, or a glibc/platform mismatch). */
+function probeOxmgr(): OxmgrState {
+  const entry = oxmgrEntry();
+  if (!entry) return "missing";
+  const r = spawnSync(process.execPath, [entry, "--version"], { encoding: "utf8" });
+  return r.status === 0 ? "ok" : "broken";
+}
+
+/** Quick non-repairing probe (used where we only need a yes/no). */
 export function hasOxmgr(): boolean {
-  const r = spawnSync("oxmgr", ["--version"], { stdio: "ignore" });
-  return r.status === 0;
+  return probeOxmgr() === "ok";
+}
+
+/**
+ * Ensure a runnable oxmgr, self-healing a broken/missing prebuilt (see
+ * oxmgr-heal.ts) — the common case under bunx/bun where install lifecycle
+ * scripts are skipped so oxmgr's binary was never downloaded. Returns true if
+ * oxmgr is usable afterwards.
+ */
+export async function ensureOxmgr(): Promise<boolean> {
+  const state = probeOxmgr();
+  if (state === "ok") return true;
+  if (state === "missing") {
+    console.error(MISSING_MSG);
+    return false;
+  }
+  if (await healOxmgr()) return probeOxmgr() === "ok";
+  console.error(BROKEN_MSG);
+  return false;
 }
 
 const MISSING_MSG =
-  "[codehost] oxmgr not found. Install it with `npm i -g oxmgr` (or `bun add -g oxmgr`), then retry with -d.";
+  "[codehost] oxmgr is not available. Reinstall codehost so its dependency is present " +
+  "(`bun add -g codehost` or `npm i -g codehost`), then retry with -d.";
+
+const BROKEN_MSG =
+  "[codehost] oxmgr is installed but its native binary couldn't be fetched/repaired " +
+  "automatically (check network access). Foreground `codehost serve` (without -d) still works.";
 
 /** Process name oxmgr will track this server under. */
 export function daemonName(label: string): string {
@@ -24,41 +84,49 @@ export interface DaemonizeOptions {
   cwd: string;
 }
 
-/** Start the foreground serve under oxmgr. Returns false if oxmgr is missing. */
-export function startDaemon(opts: DaemonizeOptions): boolean {
-  if (!hasOxmgr()) {
-    console.error(MISSING_MSG);
-    return false;
-  }
+/** Start the foreground serve under oxmgr. Returns false if oxmgr is unusable. */
+export async function startDaemon(opts: DaemonizeOptions): Promise<boolean> {
+  if (!(await ensureOxmgr())) return false;
   // Replace any previous instance with the same name.
-  spawnSync("oxmgr", ["delete", opts.name], { stdio: "ignore" });
-
-  const r = spawnSync(
-    "oxmgr",
-    ["start", opts.command, "--name", opts.name, "--cwd", opts.cwd, "--restart", "on-failure"],
-    { stdio: "inherit" },
-  );
-  return r.status === 0;
+  ox(["delete", opts.name], { stdio: "ignore" });
+
+  const ok =
+    ox(
+      ["start", opts.command, "--name", opts.name, "--cwd", opts.cwd, "--restart", "on-failure"],
+      { stdio: "inherit" },
+    ) === 0;
+  if (ok) enableStartup();
+  return ok;
 }
 
-/** `codehost list` -> oxmgr's process table. */
-export function listDaemons(): number {
-  if (!hasOxmgr()) {
-    console.error(MISSING_MSG);
-    return 1;
+/**
+ * Best-effort: install oxmgr's platform service (systemd `--user` / launchd /
+ * Task Scheduler) so the daemon — and the codehost process it manages, whose
+ * metadata oxmgr persists — comes back when the user logs in again. Idempotent
+ * and non-fatal: hosts without an init system just get a hint.
+ */
+function enableStartup(): void {
+  const ok = ox(["service", "--system", "auto", "install"], { stdio: "pipe" }) === 0;
+  if (ok) {
+    console.log("[codehost] login auto-start enabled (oxmgr service installed)");
+  } else {
+    console.log(
+      "[codehost] note: couldn't auto-enable login startup here; run oxmgr's `startup` " +
+        "integration on a systemd/launchd host to make it persist across logins.",
+    );
   }
-  const r = spawnSync("oxmgr", ["list"], { stdio: "inherit" });
-  return r.status ?? 0;
+}
+
+/** `codehost list` -> oxmgr's process table. */
+export async function listDaemons(): Promise<number> {
+  if (!(await ensureOxmgr())) return 1;
+  return ox(["list"], { stdio: "inherit" });
 }
 
 /** `codehost stop <name>` -> stop + delete the oxmgr process. */
-export function stopDaemon(name: string): number {
-  if (!hasOxmgr()) {
-    console.error(MISSING_MSG);
-    return 1;
-  }
+export async function stopDaemon(name: string): Promise<number> {
+  if (!(await ensureOxmgr())) return 1;
   const full = name.startsWith("codehost-") ? name : daemonName(name);
-  spawnSync("oxmgr", ["stop", full], { stdio: "inherit" });
-  const r = spawnSync("oxmgr", ["delete", full], { stdio: "inherit" });
-  return r.status ?? 0;
+  ox(["stop", full], { stdio: "inherit" });
+  return ox(["delete", full], { stdio: "inherit" });
 }

package/src/cli/run-server.ts

@@ -0,0 +1,78 @@
+import { type PeerMeta, newPeerId } from "../shared/signaling";
+import { SignalingClient } from "../shared/signaling-client";
+import { RtcDaemon } from "./rtc-daemon";
+import { Tunnel } from "./tunnel";
+
+export interface LaunchResult {
+  /** Local port to tunnel to. */
+  port: number;
+  /** Stop the launched process, if any. */
+  stop?: () => void;
+  /**
+   * Prefix the Tunnel should strip before forwarding (so an arbitrary server
+   * that doesn't know about /vs/<peerId> still gets clean paths). Left undefined
+   * for VS Code, which is launched with --server-base-path and wants the prefix.
+   */
+  stripBasePath?: string;
+}
+
+export interface RunServerOptions {
+  token: string;
+  signal: string;
+  meta: PeerMeta;
+  /** One-line description for the startup log. */
+  label: string;
+  /** Prepare the local target to tunnel, given the /vs/<peerId> base path. */
+  launch: (basePath: string) => Promise<LaunchResult>;
+}
+
+/**
+ * Foreground server loop shared by `serve`, `dev`, and `expose`: register in the
+ * signaling room with the given meta and bridge each viewer's data channel to a
+ * local server (VS Code for serve/dev, an arbitrary port for expose). Never
+ * resolves.
+ */
+export async function runServer(opts: RunServerOptions): Promise<never> {
+  const peerId = newPeerId();
+  const basePath = `/vs/${peerId}`;
+
+  console.log(`[codehost] ${opts.label}`);
+  console.log(`[codehost] room token: ${opts.token}`);
+  console.log(`[codehost] signaling:  ${opts.signal}`);
+
+  const target = await opts.launch(basePath);
+
+  let rtc: RtcDaemon;
+  const client = new SignalingClient({
+    url: opts.signal,
+    token: opts.token,
+    role: "server",
+    peerId,
+    meta: opts.meta,
+    onOpen: () => console.log(`[codehost] registered as "${opts.meta.name}" (${peerId.slice(0, 8)})`),
+    onClose: () => console.log("[codehost] disconnected from signaling, reconnecting…"),
+    onSignal: (from, data) => rtc.handleSignal(from, data),
+  });
+
+  rtc = new RtcDaemon({
+    sendSignal: (to, data) => client.sendSignal(to, data),
+    onChannel: (viewerId, channel) => {
+      console.log(`[codehost] viewer ${viewerId.slice(0, 8)} connected; bridging to :${target.port}`);
+      new Tunnel(channel, target.port, target.stripBasePath);
+    },
+  });
+
+  client.connect();
+
+  const shutdown = () => {
+    console.log("\n[codehost] shutting down");
+    rtc.closeAll();
+    client.close();
+    target.stop?.();
+    process.exit(0);
+  };
+  process.on("SIGINT", shutdown);
+  process.on("SIGTERM", shutdown);
+
+  return new Promise<never>(() => {});
+}

package/src/cli/tunnel.ts

@@ -47,6 +47,13 @@ export class Tunnel {
   constructor(
     private channel: DataChannel,
     private vscodePort: number,
+    /**
+     * Prefix to strip from incoming paths before forwarding to the local server.
+     * VS Code is launched with --server-base-path /vs/<peerId> so it WANTS the
+     * prefix (left undefined). An arbitrary exposed server (`codehost expose`)
+     * doesn't know it, so we strip `/vs/<peerId>` before proxying.
+     */
+    private stripPrefix?: string,
   ) {
     this.origin = `http://127.0.0.1:${vscodePort}`;
     this.wsOrigin = `ws://127.0.0.1:${vscodePort}`;
@@ -58,6 +65,15 @@ export class Tunnel {
     this.channel.onClosed(() => this.closeAll());
   }
 
+  /** Map a tunneled path to the local server's path, stripping the base prefix. */
+  private localPath(path: string): string {
+    if (this.stripPrefix && path.startsWith(this.stripPrefix)) {
+      const rest = path.slice(this.stripPrefix.length);
+      return rest.startsWith("/") ? rest : `/${rest}`;
+    }
+    return path;
+  }
+
   private async onFrame(data: Uint8Array): Promise<void> {
     const { op, streamId, payload } = decodeFrame(data);
     switch (op) {
@@ -99,16 +115,26 @@ export class Tunnel {
 
     const { method, path, headers } = stream.head;
     const reqHeaders = new Headers();
+    let forwardedHost = "";
     for (const [k, v] of Object.entries(headers)) {
-      if (!HOP_BY_HOP.has(k.toLowerCase())) reqHeaders.set(k, v);
+      const lk = k.toLowerCase();
+      if (lk === "x-forwarded-host") {
+        forwardedHost = v;
+        continue;
+      }
+      if (!HOP_BY_HOP.has(lk)) reqHeaders.set(k, v);
     }
-    reqHeaders.set("host", `127.0.0.1:${this.vscodePort}`);
+    // Present the browser's public host to VS Code so its client-side
+    // remoteAuthority points at codehost.dev (routes resource URLs back through
+    // the tunnel), not the unreachable 127.0.0.1:<port>. Falls back to the local
+    // host if the SW didn't forward one.
+    reqHeaders.set("host", forwardedHost || `127.0.0.1:${this.vscodePort}`);
 
     const hasBody = method !== "GET" && method !== "HEAD" && stream.body.length > 0;
     const body = hasBody ? concat(stream.body) : undefined;
 
     try {
-      const res = await fetch(this.origin + path, {
+      const res = await fetch(this.origin + this.localPath(path), {
         method,
         headers: reqHeaders,
         body: body as BodyInit | undefined,
@@ -151,7 +177,7 @@ export class Tunnel {
   private openWs(streamId: number, info: { path: string; protocols?: string[] }): void {
     let ws: WebSocket;
     try {
-      ws = new WebSocket(this.wsOrigin + info.path, info.protocols);
+      ws = new WebSocket(this.wsOrigin + this.localPath(info.path), info.protocols);
     } catch (err) {
       void this.send(encodeJson(Op.WsOpenAck, streamId, { ok: false, error: String(err) }));
       return;

package/src/cli/vscode.ts

@@ -24,6 +24,10 @@ export interface LaunchOptions {
  */
 export async function launchVscode(opts: LaunchOptions): Promise<VscodeServer> {
   const port = opts.port && opts.port > 0 ? opts.port : await freePort();
+  // NB: no `--default-folder` — current VS Code `serve-web` (≥1.x) doesn't
+  // accept it and exits with "unexpected argument". The workspace is opened by
+  // the browser instead, via the `?folder=` query the page appends to the
+  // iframe URL (see src/web/discovery.tsx). `cwd` below still roots the server.
   const args = [
     "serve-web",
     "--host",
@@ -32,8 +36,6 @@ export async function launchVscode(opts: LaunchOptions): Promise<VscodeServer> {
     String(port),
     "--server-base-path",
     opts.basePath,
-    "--default-folder",
-    opts.dir,
     "--without-connection-token",
     "--accept-server-license-terms",
   ];

package/src/shared/repo.ts

@@ -0,0 +1,104 @@
+// Shared helpers for GitHub-shaped deep links and matching them to a daemon.
+// Used by the web resolver (src/web) and conceptually mirrors the daemon's
+// repo identity (src/cli/git.ts).
+
+import type { PeerInfo, PeerMeta } from "./signaling";
+
+export const DEFAULT_LAYOUT = "{owner}/{repo}/tree/{branch}";
+
+export interface RepoTarget {
+  provider: "gh";
+  owner: string;
+  name: string;
+  /** Branch from the deep link, if present. */
+  branch?: string;
+}
+
+/** A direct folder mount address: `/dev/<absolute-fs-path>`. */
+export interface DevTarget {
+  path: string;
+}
+
+export type DeepLink =
+  | { type: "repo"; target: RepoTarget }
+  | { type: "dev"; target: DevTarget }
+  | null;
+
+/**
+ * Parse a deep-link pathname:
+ *   /gh/<owner>/<repo>                  -> repo target (default branch)
+ *   /gh/<owner>/<repo>/tree/<branch>    -> repo target (branch; may contain slashes)
+ *   /dev/<fs-path>                      -> direct folder mount
+ * Anything else -> null (normal app).
+ */
+export function parseDeepLink(pathname: string): DeepLink {
+  const clean = pathname.replace(/\/+$/, "");
+  const gh = clean.match(/^\/gh\/([^/]+)\/([^/]+)(?:\/tree\/(.+))?$/);
+  if (gh) {
+    return {
+      type: "repo",
+      target: { provider: "gh", owner: gh[1], name: gh[2], branch: gh[3] },
+    };
+  }
+  const dev = clean.match(/^\/dev\/(.+)$/);
+  if (dev) {
+    return { type: "dev", target: { path: `/${dev[1].replace(/^\/+/, "")}` } };
+  }
+  return null;
+}
+
+/** Normalized repo key, e.g. "gh/owner/repo". */
+export function repoKey(t: Pick<RepoTarget, "owner" | "name">): string {
+  return `gh/${t.owner}/${t.name}`;
+}
+
+/** Fill a layout template from a repo target (default branch -> "main"). */
+export function fillLayout(layout: string, t: RepoTarget): string {
+  return layout
+    .replace(/\{owner\}/g, t.owner)
+    .replace(/\{repo\}/g, t.name)
+    .replace(/\{branch\}/g, t.branch || "main");
+}
+
+export interface Resolution {
+  peerId: string;
+  /** Folder to open via ?folder= (root kind); undefined opens the repo as-is. */
+  folder?: string;
+}
+
+/**
+ * Pick the best live server for a repo deep link. Prefers an exact `repo`
+ * daemon; otherwise falls back to a `root` daemon that can open the subfolder.
+ * Returns null if nothing matches.
+ */
+export function resolveRepoTarget(servers: PeerInfo[], target: RepoTarget): Resolution | null {
+  const key = repoKey(target);
+  const repoMatch = servers.find(
+    (s) => s.meta?.kind !== "root" && s.meta?.repo === key && branchOk(s.meta, target),
+  );
+  if (repoMatch) return { peerId: repoMatch.peerId };
+
+  const root = servers.find((s) => s.meta?.kind === "root");
+  if (root && root.meta) {
+    const folder = `${trimSlash(root.meta.cwd)}/${fillLayout(root.meta.layout || DEFAULT_LAYOUT, target)}`;
+    return { peerId: root.peerId, folder };
+  }
+  return null;
+}
+
+/** Pick a `dev`/repo server whose served cwd matches a /dev/<path> target. */
+export function resolveDevTarget(servers: PeerInfo[], target: DevTarget): Resolution | null {
+  const want = trimSlash(target.path);
+  const hit = servers.find((s) => s.meta && trimSlash(s.meta.cwd) === want);
+  return hit ? { peerId: hit.peerId } : null;
+}
+
+function branchOk(meta: PeerMeta, target: RepoTarget): boolean {
+  // No branch requested, or the server doesn't report one -> accept; else exact.
+  if (!target.branch || !meta.branch) return true;
+  return meta.branch === target.branch;
+}
+
+function trimSlash(p: string): string {
+  return p.replace(/\/+$/, "");
+}

package/src/shared/signaling.ts

@@ -4,14 +4,30 @@
 
 export type Role = "server" | "viewer";
 
-/** Metadata a `codehost serve` daemon advertises about itself. */
+/** Metadata a `codehost serve`/`dev` daemon advertises about itself. */
 export interface PeerMeta {
   /** Human label, defaults to hostname. */
   name: string;
-  /** Directory the VS Code instance is serving. */
+  /** Directory the VS Code instance is serving (the repo dir, or the root). */
   cwd: string;
   /** Hostname of the machine running the daemon. */
   host: string;
+  /**
+   * "repo": serves a single folder (`codehost dev`), git-identified when possible.
+   * "root": serves a workspace root (`codehost serve`) whose repos live under it.
+   * Absent is treated as "repo" for backward compatibility.
+   */
+  kind?: "repo" | "root";
+  /** repo kind: normalized identity, e.g. "gh/snomiao/codehost". */
+  repo?: string;
+  /** repo kind: current branch, e.g. "main". */
+  branch?: string;
+  /**
+   * root kind: on-disk layout of repos under `cwd`, as a template filled from a
+   * deep link — default "{owner}/{repo}/tree/{branch}". The opened folder is
+   * `cwd + "/" + fill(layout, target)`.
+   */
+  layout?: string;
 }
 
 export interface PeerInfo {

package/src/web/config.ts

@@ -3,19 +3,56 @@
 // (vite on :5173) it talks to `wrangler dev` on :8787. Override either with
 // localStorage key "codehost.signal".
 
+/** The signaling host for a given page host, e.g. signal.codehost.dev. */
+function signalHost(hostname: string): string {
+  return `signal.${hostname.replace(/^www\./, "")}`;
+}
+
 function defaultSignalUrl(): string {
-  if (typeof window === "undefined") return "wss://signal.codehost.dev";
-  const { hostname, protocol } = window.location;
+  // Read location off globalThis so this module also type-checks in the Service
+  // Worker build (webworker lib, no `window`). In a worker there's no signaling
+  // anyway; getSignalUrl is page-only and tree-shaken out of the SW bundle.
+  const loc = (globalThis as { location?: { hostname: string; protocol: string } }).location;
+  if (!loc) return "wss://signal.codehost.dev";
+  const { hostname, protocol } = loc;
   const isLocal = hostname === "localhost" || hostname === "127.0.0.1";
   if (isLocal) return "ws://localhost:8787";
   const wsProto = protocol === "https:" ? "wss:" : "ws:";
-  return `${wsProto}//signal.${hostname.replace(/^www\./, "")}`;
+  return `${wsProto}//${signalHost(hostname)}`;
 }
 
 export function getSignalUrl(): string {
-  if (typeof localStorage !== "undefined") {
-    const override = localStorage.getItem("codehost.signal");
-    if (override) return override;
-  }
+  const ls = (globalThis as { localStorage?: { getItem(k: string): string | null } }).localStorage;
+  const override = ls?.getItem("codehost.signal");
+  if (override) return override;
   return defaultSignalUrl();
 }
+
+// --- VS Code CDN proxy ---------------------------------------------------
+// Microsoft's VS Code product CDN sends no CORS headers, so the workbench's
+// cross-origin fetches (e.g. https://main.vscode-cdn.net/extensions/chat.json)
+// are blocked when VS Code runs inside our iframe. The Service Worker rewrites
+// those requests to the signaling Worker's /cdn route, which re-serves them
+// with Access-Control-Allow-Origin: *. See docs/vscode-cdn-proxy.md.
+
+/** Hostname suffix for the CDN we proxy. The Worker is the authoritative gate;
+ *  this lets the SW know which cross-origin requests to rewrite. */
+export const VSCODE_CDN_SUFFIX = ".vscode-cdn.net";
+
+export function isProxiableCdnHost(hostname: string): boolean {
+  return hostname.endsWith(VSCODE_CDN_SUFFIX);
+}
+
+/**
+ * HTTPS base of the signaling host for the current page, e.g.
+ * https://signal.codehost.dev. The SW rewrites blocked CDN requests to
+ * `${base}/cdn/<host>/<path>`. Derived from the live host (never hardcoded) so a
+ * self-hoster serving the page + Worker on their own domain is proxied by their
+ * own Worker at signal.<their-domain>.
+ */
+export function cdnProxyBase(hostname: string, protocol: string): string {
+  const isLocal = hostname === "localhost" || hostname === "127.0.0.1";
+  if (isLocal) return "http://localhost:8787";
+  const httpProto = protocol === "https:" ? "https:" : "http:";
+  return `${httpProto}//${signalHost(hostname)}`;
+}