deskssh 0.0.2 → 0.1.0

package/dist/server.js

@@ -0,0 +1,851 @@
+import { createRequire } from 'node:module'; const require = createRequire(import.meta.url);
+
+// ../server/dist/gateway.js
+import { createServer } from "node:http";
+
+// ../server/dist/session-manager.js
+import { randomUUID } from "node:crypto";
+function toSessionInfo(entry) {
+  return {
+    sessionId: entry.id,
+    host: entry.host,
+    home: entry.home,
+    os: { family: entry.os.family, prettyName: entry.os.prettyName }
+  };
+}
+var SessionManager = class {
+  sessions = /* @__PURE__ */ new Map();
+  /** Register a session under a fresh opaque id. */
+  add(entry) {
+    const id = randomUUID();
+    const full = { ...entry, id };
+    this.sessions.set(id, full);
+    return full;
+  }
+  get(id) {
+    return this.sessions.get(id);
+  }
+  /** Close and forget a session. Returns true if it existed. */
+  remove(id) {
+    const entry = this.sessions.get(id);
+    if (!entry)
+      return false;
+    entry.close();
+    this.sessions.delete(id);
+    return true;
+  }
+  /** Recent transparency records for a session (for the UI). */
+  transparency(id) {
+    return this.sessions.get(id)?.log.list() ?? [];
+  }
+  /** Close every session (graceful shutdown). */
+  closeAll() {
+    for (const id of [...this.sessions.keys()])
+      this.remove(id);
+  }
+  get size() {
+    return this.sessions.size;
+  }
+};
+
+// ../core/dist/transparency/log.js
+var TransparencyLog = class {
+  entries = [];
+  listeners = /* @__PURE__ */ new Set();
+  nextId = 1;
+  /** Append a record, assigning it an id, and notify listeners. */
+  record(entry) {
+    const full = { ...entry, id: this.nextId++ };
+    this.entries.push(full);
+    for (const listener of this.listeners)
+      listener(full);
+    return full;
+  }
+  /** All records so far, in execution order. */
+  list() {
+    return this.entries;
+  }
+  /** Subscribe to new records; returns an unsubscribe function. */
+  subscribe(listener) {
+    this.listeners.add(listener);
+    return () => this.listeners.delete(listener);
+  }
+};
+function withTransparency(executor, log, host) {
+  return {
+    async exec(command) {
+      const startedAt = Date.now();
+      try {
+        const result = await executor.exec(command);
+        log.record({
+          command,
+          host,
+          startedAt,
+          durationMs: Date.now() - startedAt,
+          exitCode: result.exitCode
+        });
+        return result;
+      } catch (err) {
+        log.record({
+          command,
+          host,
+          startedAt,
+          durationMs: Date.now() - startedAt,
+          exitCode: void 0,
+          error: err instanceof Error ? err.message : String(err)
+        });
+        throw err;
+      }
+    }
+  };
+}
+
+// ../core/dist/contract/result.js
+function ok(value, raw) {
+  return { kind: "ok", value, raw };
+}
+function degraded(raw, reason) {
+  return { kind: "degraded", raw, reason };
+}
+function unsupported(reason) {
+  return { kind: "unsupported", reason };
+}
+async function runParsed(executor, command, parser) {
+  const { stdout, stderr, exitCode } = await executor.exec(command);
+  if (exitCode !== 0) {
+    const reason = stderr.trim() || `command exited with code ${String(exitCode)}`;
+    return { kind: "failed", raw: stderr || stdout, exitCode, reason };
+  }
+  try {
+    return ok(parser(stdout), stdout);
+  } catch (err) {
+    return degraded(stdout, err instanceof Error ? err.message : String(err));
+  }
+}
+
+// ../core/dist/adapters/os.js
+function parseOsRelease(raw) {
+  const out = {};
+  for (const line of raw.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#"))
+      continue;
+    const eq = trimmed.indexOf("=");
+    if (eq === -1)
+      continue;
+    const key = trimmed.slice(0, eq);
+    let value = trimmed.slice(eq + 1).trim();
+    if (value.length >= 2 && (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'"))) {
+      value = value.slice(1, -1);
+    }
+    out[key] = value;
+  }
+  return out;
+}
+function familyFor(id, idLike) {
+  const haystack = `${id ?? ""} ${idLike ?? ""}`.toLowerCase();
+  if (/\b(debian|ubuntu|linuxmint|mint|raspbian|pop)\b/.test(haystack))
+    return "debian";
+  if (/\b(rhel|fedora|centos|rocky|almalinux)\b/.test(haystack))
+    return "rhel";
+  if (/\b(arch|manjaro)\b/.test(haystack))
+    return "arch";
+  return "unknown";
+}
+async function detectOs(executor) {
+  const { stdout: releaseRaw, exitCode: releaseCode } = await executor.exec("cat /etc/os-release 2>/dev/null");
+  const { stdout: unameRaw } = await executor.exec("uname -s 2>/dev/null");
+  const kernel = unameRaw.trim() || void 0;
+  if (releaseCode !== 0 || !releaseRaw.trim()) {
+    return { family: kernel ? "posix" : "unknown", kernel };
+  }
+  const fields = parseOsRelease(releaseRaw);
+  const id = fields["ID"];
+  const idLike = fields["ID_LIKE"];
+  const known = familyFor(id, idLike);
+  return {
+    family: known === "unknown" ? "posix" : known,
+    id,
+    idLike,
+    kernel,
+    prettyName: fields["PRETTY_NAME"]
+  };
+}
+
+// ../core/dist/adapters/shell.js
+function quote(arg) {
+  return `'${arg.replace(/'/g, `'\\''`)}'`;
+}
+
+// ../core/dist/adapters/debian.js
+var FIND_PRINTF = String.raw`%y\t%s\t%m\t%u\t%g\t%T@\t%f\n`;
+var STAT_PRINTF = String.raw`%F\t%s\t%a\t%U\t%G\t%Y\t%n`;
+function fileTypeFromFindCode(code) {
+  switch (code) {
+    case "f":
+      return "file";
+    case "d":
+      return "directory";
+    case "l":
+      return "symlink";
+    default:
+      return "other";
+  }
+}
+function fileTypeFromStatWord(word) {
+  if (word === "directory")
+    return "directory";
+  if (word === "symbolic link")
+    return "symlink";
+  if (word.endsWith("file"))
+    return "file";
+  return "other";
+}
+function epochSecondsToMs(value) {
+  return Math.round(parseFloat(value) * 1e3);
+}
+function parseFindLine(line) {
+  const parts = line.split("	");
+  if (parts.length < 7)
+    throw new Error(`Unexpected find output: ${line}`);
+  const [type, size, mode, owner, group, mtime] = parts;
+  const name = parts.slice(6).join("	");
+  return {
+    name,
+    type: fileTypeFromFindCode(type ?? ""),
+    size: Number.parseInt(size ?? "", 10) || 0,
+    mode: Number.parseInt(mode ?? "", 8) || 0,
+    owner: owner ?? "",
+    group: group ?? "",
+    mtime: epochSecondsToMs(mtime ?? "0")
+  };
+}
+function parseListDir(stdout) {
+  return stdout.split("\n").filter((line) => line.length > 0).map(parseFindLine);
+}
+function parseStat(stdout) {
+  const parts = stdout.split("	");
+  if (parts.length < 7)
+    throw new Error(`Unexpected stat output: ${stdout}`);
+  const [typeWord, size, mode, owner, group, mtime] = parts;
+  const fullPath = parts.slice(6).join("	");
+  const name = fullPath.replace(/\/+$/, "").split("/").pop() ?? fullPath;
+  return {
+    name,
+    type: fileTypeFromStatWord(typeWord ?? ""),
+    size: Number.parseInt(size ?? "", 10) || 0,
+    mode: Number.parseInt(mode ?? "", 8) || 0,
+    owner: owner ?? "",
+    group: group ?? "",
+    mtime: (Number.parseInt(mtime ?? "0", 10) || 0) * 1e3
+  };
+}
+function kvFromMeminfo(meminfo) {
+  const map = /* @__PURE__ */ new Map();
+  for (const line of meminfo.split("\n")) {
+    const match = /^(\w+):\s+(\d+)\s*kB$/.exec(line.trim());
+    if (match && match[1] && match[2])
+      map.set(match[1], Number.parseInt(match[2], 10) * 1024);
+  }
+  return map;
+}
+function parseSystemMetrics(stdout) {
+  const sections = /* @__PURE__ */ new Map();
+  let current = "";
+  const buffer = {};
+  for (const line of stdout.split("\n")) {
+    const marker = /^===(\w+)===$/.exec(line);
+    if (marker && marker[1]) {
+      current = marker[1];
+      buffer[current] = [];
+      continue;
+    }
+    if (current)
+      (buffer[current] ??= []).push(line);
+  }
+  for (const [key, lines] of Object.entries(buffer))
+    sections.set(key, lines.join("\n"));
+  const uptime = sections.get("UPTIME")?.trim().split(/\s+/)[0];
+  const load2 = sections.get("LOAD")?.trim().split(/\s+/) ?? [];
+  const mem = kvFromMeminfo(sections.get("MEM") ?? "");
+  const total = mem.get("MemTotal") ?? 0;
+  const available = mem.get("MemAvailable") ?? 0;
+  if (uptime === void 0 || load2.length < 3)
+    throw new Error("Incomplete metrics output");
+  return {
+    uptimeSeconds: Math.round(parseFloat(uptime)),
+    loadAverage: [
+      parseFloat(load2[0] ?? "0"),
+      parseFloat(load2[1] ?? "0"),
+      parseFloat(load2[2] ?? "0")
+    ],
+    memory: {
+      totalBytes: total,
+      usedBytes: Math.max(0, total - available),
+      availableBytes: available
+    }
+  };
+}
+var METRICS_COMMAND = "echo ===UPTIME===; cat /proc/uptime; echo ===LOAD===; cat /proc/loadavg; echo ===MEM===; cat /proc/meminfo";
+var DebianAdapter = class {
+  exec;
+  constructor(exec) {
+    this.exec = exec;
+  }
+  listDir(path) {
+    const cmd = `find ${quote(path)} -maxdepth 1 -mindepth 1 -printf ${quote(FIND_PRINTF)}`;
+    return runParsed(this.exec, cmd, parseListDir);
+  }
+  stat(path) {
+    return runParsed(this.exec, `stat --printf ${quote(STAT_PRINTF)} ${quote(path)}`, parseStat);
+  }
+  async readFile(path) {
+    return runParsed(this.exec, `base64 -w0 ${quote(path)}`, (b64) => Uint8Array.from(Buffer.from(b64.trim(), "base64")));
+  }
+  async writeFile(path, contents) {
+    const b64 = Buffer.from(contents).toString("base64");
+    const cmd = `printf %s ${quote(b64)} | base64 -d > ${quote(path)}`;
+    const { stderr, exitCode } = await this.exec.exec(cmd);
+    if (exitCode !== 0) {
+      return { kind: "failed", raw: stderr, exitCode, reason: stderr.trim() || "write failed" };
+    }
+    return ok(void 0, "");
+  }
+  systemMetrics() {
+    return runParsed(this.exec, METRICS_COMMAND, parseSystemMetrics);
+  }
+  listProcesses() {
+    return Promise.resolve(unsupported("listProcesses is a post-v1 capability"));
+  }
+  listServices() {
+    return Promise.resolve(unsupported("listServices is a post-v1 capability"));
+  }
+};
+
+// ../core/dist/adapters/registry.js
+function createUnsupportedAdapter(reason) {
+  const fail = () => Promise.resolve(unsupported(reason));
+  return {
+    listDir: fail,
+    stat: fail,
+    readFile: fail,
+    writeFile: fail,
+    systemMetrics: fail,
+    listProcesses: fail,
+    listServices: fail
+  };
+}
+function selectAdapter(os, executor) {
+  if (os.family === "debian")
+    return new DebianAdapter(executor);
+  return createUnsupportedAdapter(`OS family "${os.family}" is not supported in v1 (Debian/Ubuntu/Mint only); see the host roadmap`);
+}
+
+// ../core/dist/session/ssh-session.js
+import { createHash } from "node:crypto";
+import { Client } from "ssh2";
+function fingerprint(key) {
+  return `SHA256:${createHash("sha256").update(key).digest("base64").replace(/=+$/, "")}`;
+}
+function keyAlgorithm(key) {
+  if (key.length < 4)
+    return "";
+  const len = key.readUInt32BE(0);
+  if (len <= 0 || key.length < 4 + len)
+    return "";
+  return key.subarray(4, 4 + len).toString("ascii");
+}
+var SshSession = class _SshSession {
+  options;
+  client = new Client();
+  currentState = "idle";
+  label;
+  constructor(options) {
+    this.options = options;
+    this.label = `${options.username}@${options.host}`;
+  }
+  /** Human-readable host label, e.g. "user@host", for the transparency log. */
+  get host() {
+    return this.label;
+  }
+  get state() {
+    return this.currentState;
+  }
+  /** Open and authenticate a session. Rejects on auth, host-key or network error. */
+  static connect(options) {
+    const session = new _SshSession(options);
+    return session.open().then(() => session);
+  }
+  open() {
+    this.currentState = "connecting";
+    const { host, port = 22, username, auth, verifyHostKey, timeoutMs = 2e4 } = this.options;
+    const config = {
+      host,
+      port,
+      username,
+      readyTimeout: timeoutMs,
+      hostVerifier: (key, verify) => {
+        const decide = verifyHostKey ? verifyHostKey({ algorithm: keyAlgorithm(key), fingerprint: fingerprint(key) }) : false;
+        Promise.resolve(decide).then(verify).catch(() => verify(false));
+      }
+    };
+    if (auth.kind === "password") {
+      config.password = auth.password;
+    } else {
+      config.privateKey = auth.privateKey;
+      if (auth.passphrase !== void 0)
+        config.passphrase = auth.passphrase;
+    }
+    return new Promise((resolve, reject) => {
+      this.client.on("ready", () => {
+        this.currentState = "connected";
+        resolve();
+      }).on("error", (err) => {
+        this.currentState = "error";
+        reject(err);
+      }).on("close", () => {
+        if (this.currentState !== "error")
+          this.currentState = "closed";
+      }).connect(config);
+    });
+  }
+  /** Run a command, capturing stdout/stderr and the exit code (FR-030 building block). */
+  exec(command) {
+    return new Promise((resolve, reject) => {
+      this.client.exec(command, (err, stream) => {
+        if (err)
+          return reject(err);
+        let stdout = "";
+        let stderr = "";
+        let exitCode = null;
+        stream.on("data", (chunk) => {
+          stdout += chunk.toString("utf8");
+        }).on("close", (code) => {
+          exitCode = typeof code === "number" ? code : null;
+          resolve({ stdout, stderr, exitCode });
+        });
+        stream.stderr.on("data", (chunk) => {
+          stderr += chunk.toString("utf8");
+        });
+      });
+    });
+  }
+  /** Open an interactive PTY/shell channel (Terminal app, FR-030/031). */
+  shell(window) {
+    return new Promise((resolve, reject) => {
+      this.client.shell(window ?? {}, (err, stream) => {
+        if (err)
+          return reject(err);
+        resolve(stream);
+      });
+    });
+  }
+  /** Open a PTY as a transport-agnostic {@link PtySession} (no ssh2 types leak). */
+  async openPty(cols = 80, rows = 24) {
+    const stream = await this.shell({ cols, rows, term: "xterm-256color" });
+    return {
+      onData: (listener) => {
+        stream.on("data", (chunk) => listener(chunk.toString("utf8")));
+      },
+      onClose: (listener) => {
+        stream.on("close", () => listener());
+      },
+      write: (data) => stream.write(data),
+      resize: (c, r) => stream.setWindow(r, c, 0, 0),
+      close: () => stream.close()
+    };
+  }
+  /** Open an SFTP channel (file manager / read-write capabilities). */
+  sftp() {
+    return new Promise((resolve, reject) => {
+      this.client.sftp((err, sftp) => {
+        if (err)
+          return reject(err);
+        resolve(sftp);
+      });
+    });
+  }
+  /** Close the session and release the connection. */
+  close() {
+    this.client.end();
+    this.currentState = "closed";
+  }
+};
+
+// ../server/dist/opener.js
+var HostKeyUnknownError = class extends Error {
+  fingerprint;
+  algorithm;
+  constructor(fingerprint2, algorithm) {
+    super("Host key not trusted");
+    this.fingerprint = fingerprint2;
+    this.algorithm = algorithm;
+    this.name = "HostKeyUnknownError";
+  }
+};
+var HostKeyMismatchError = class extends Error {
+  fingerprint;
+  expected;
+  constructor(fingerprint2, expected) {
+    super("Host key mismatch \u2014 possible man-in-the-middle");
+    this.fingerprint = fingerprint2;
+    this.expected = expected;
+    this.name = "HostKeyMismatchError";
+  }
+};
+function createSshOpener(store) {
+  return async (req) => {
+    const hostPort = `${req.host}:${req.port ?? 22}`;
+    const known = store.get(hostPort);
+    let presented;
+    let rejection;
+    const session = await SshSession.connect({
+      host: req.host,
+      port: req.port ?? 22,
+      username: req.username,
+      auth: req.auth,
+      verifyHostKey: ({ fingerprint: fingerprint2, algorithm }) => {
+        presented = { fingerprint: fingerprint2, algorithm };
+        if (known) {
+          if (fingerprint2 === known)
+            return true;
+          rejection = "mismatch";
+          return false;
+        }
+        if (req.trustFingerprint && req.trustFingerprint === fingerprint2)
+          return true;
+        rejection = "unknown";
+        return false;
+      }
+    }).catch((err) => {
+      if (rejection === "unknown" && presented) {
+        throw new HostKeyUnknownError(presented.fingerprint, presented.algorithm);
+      }
+      if (rejection === "mismatch" && presented && known) {
+        throw new HostKeyMismatchError(presented.fingerprint, known);
+      }
+      throw err;
+    });
+    if (presented && !known)
+      store.add(hostPort, presented.fingerprint);
+    const log = new TransparencyLog();
+    const executor = withTransparency(session, log, session.host);
+    const os = await detectOs(executor);
+    const adapter = selectAdapter(os, executor);
+    const home = (await executor.exec('echo "$HOME"')).stdout.trim() || "/";
+    return {
+      host: session.host,
+      home,
+      os,
+      adapter,
+      log,
+      openPty: (cols, rows) => session.openPty(cols, rows),
+      close: () => session.close()
+    };
+  };
+}
+
+// ../server/dist/known-hosts.js
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+var InMemoryKnownHosts = class {
+  map = /* @__PURE__ */ new Map();
+  get(hostPort) {
+    return this.map.get(hostPort);
+  }
+  add(hostPort, fingerprint2) {
+    this.map.set(hostPort, fingerprint2);
+  }
+};
+var FileKnownHosts = class {
+  path;
+  map;
+  constructor(path = join(homedir(), ".deskssh", "known_hosts.json")) {
+    this.path = path;
+    this.map = new Map(Object.entries(load(path)));
+  }
+  get(hostPort) {
+    return this.map.get(hostPort);
+  }
+  add(hostPort, fingerprint2) {
+    this.map.set(hostPort, fingerprint2);
+    mkdirSync(dirname(this.path), { recursive: true });
+    writeFileSync(this.path, JSON.stringify(Object.fromEntries(this.map), null, 2), {
+      mode: 384
+    });
+  }
+};
+function load(path) {
+  if (!existsSync(path))
+    return {};
+  try {
+    const parsed = JSON.parse(readFileSync(path, "utf8"));
+    return typeof parsed === "object" && parsed !== null ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+
+// ../server/dist/terminal.js
+import { WebSocketServer } from "ws";
+var TERMINAL_PATH = "/api/terminal";
+function attachTerminal(server, manager) {
+  const wss = new WebSocketServer({ noServer: true });
+  server.on("upgrade", (req, socket, head) => {
+    const url = new URL(req.url ?? "/", "http://localhost");
+    if (url.pathname !== TERMINAL_PATH)
+      return;
+    const sessionId = url.searchParams.get("sessionId") ?? "";
+    const entry = manager.get(sessionId);
+    if (!entry?.openPty) {
+      socket.destroy();
+      return;
+    }
+    wss.handleUpgrade(req, socket, head, (ws) => bridge(ws, entry.openPty));
+  });
+  return wss;
+}
+function bridge(ws, openPty) {
+  void openPty(80, 24).then((pty) => {
+    pty.onData((chunk) => {
+      if (ws.readyState === ws.OPEN)
+        ws.send(JSON.stringify({ type: "output", data: chunk }));
+    });
+    pty.onClose(() => ws.close());
+    ws.on("message", (raw) => {
+      let msg;
+      try {
+        msg = JSON.parse(raw.toString("utf8"));
+      } catch {
+        return;
+      }
+      if (msg.type === "input")
+        pty.write(msg.data);
+      else if (msg.type === "resize")
+        pty.resize(msg.cols, msg.rows);
+    });
+    ws.on("close", () => pty.close());
+  }).catch(() => ws.close());
+}
+
+// ../server/dist/static.js
+import { createReadStream, existsSync as existsSync2, statSync } from "node:fs";
+import { join as join2, normalize, extname } from "node:path";
+var MIME = {
+  ".html": "text/html; charset=utf-8",
+  ".js": "text/javascript; charset=utf-8",
+  ".css": "text/css; charset=utf-8",
+  ".json": "application/json; charset=utf-8",
+  ".svg": "image/svg+xml",
+  ".png": "image/png",
+  ".jpg": "image/jpeg",
+  ".ico": "image/x-icon",
+  ".woff": "font/woff",
+  ".woff2": "font/woff2"
+};
+function serveStatic(dir, urlPath, res) {
+  const rel = normalize(decodeURIComponent(urlPath)).replace(/^(\.\.[/\\])+/, "");
+  let filePath = join2(dir, rel);
+  if (!filePath.startsWith(dir))
+    return false;
+  if (!existsSync2(filePath) || statSync(filePath).isDirectory()) {
+    const indexPath = join2(dir, "index.html");
+    if (!existsSync2(indexPath))
+      return false;
+    filePath = indexPath;
+  }
+  res.writeHead(200, { "content-type": MIME[extname(filePath)] ?? "application/octet-stream" });
+  createReadStream(filePath).pipe(res);
+  return true;
+}
+
+// ../server/dist/gateway.js
+var MAX_BODY_BYTES = 1e6;
+var HttpError = class extends Error {
+  status;
+  constructor(status, message) {
+    super(message);
+    this.status = status;
+  }
+};
+function readJsonBody(req) {
+  return new Promise((resolve, reject) => {
+    let size = 0;
+    const chunks = [];
+    req.on("data", (chunk) => {
+      size += chunk.length;
+      if (size > MAX_BODY_BYTES) {
+        reject(new HttpError(413, "Request body too large"));
+        req.destroy();
+        return;
+      }
+      chunks.push(chunk);
+    });
+    req.on("end", () => {
+      const raw = Buffer.concat(chunks).toString("utf8");
+      if (!raw)
+        return resolve({});
+      try {
+        resolve(JSON.parse(raw));
+      } catch {
+        reject(new HttpError(400, "Invalid JSON body"));
+      }
+    });
+    req.on("error", reject);
+  });
+}
+function sendJson(res, status, body) {
+  const payload = JSON.stringify(body);
+  res.writeHead(status, {
+    "content-type": "application/json; charset=utf-8",
+    "content-length": Buffer.byteLength(payload)
+  });
+  res.end(payload);
+}
+function asString(obj, key) {
+  const value = obj[key];
+  if (typeof value !== "string" || value.length === 0) {
+    throw new HttpError(400, `Missing or invalid "${key}"`);
+  }
+  return value;
+}
+function createGateway(deps = {}) {
+  const manager = deps.manager ?? new SessionManager();
+  const opener = deps.opener ?? createSshOpener(new FileKnownHosts());
+  const server = createServer((req, res) => {
+    handle(req, res, manager, opener, deps.staticDir).catch((err) => {
+      const status = err instanceof HttpError ? err.status : 500;
+      const message = err instanceof Error ? err.message : "Internal error";
+      if (!res.headersSent)
+        sendJson(res, status, { error: message });
+    });
+  });
+  attachTerminal(server, manager);
+  return server;
+}
+async function handle(req, res, manager, opener, staticDir) {
+  const url = new URL(req.url ?? "/", "http://localhost");
+  const route = `${req.method ?? "GET"} ${url.pathname}`;
+  if (req.method === "GET" && !url.pathname.startsWith("/api/") && staticDir) {
+    if (serveStatic(staticDir, url.pathname, res))
+      return;
+  }
+  if (route === "GET /api/health")
+    return sendJson(res, 200, { ok: true });
+  if (route === "POST /api/connect") {
+    const body = await readJsonBody(req);
+    const auth = parseAuth(body["auth"]);
+    const request = {
+      host: asString(body, "host"),
+      port: body["port"] === void 0 ? void 0 : Number(body["port"]),
+      username: asString(body, "username"),
+      auth,
+      ...typeof body["trustFingerprint"] === "string" ? { trustFingerprint: body["trustFingerprint"] } : {}
+    };
+    try {
+      const entry = manager.add(await opener(request));
+      return sendJson(res, 200, { status: "connected", ...toSessionInfo(entry) });
+    } catch (err) {
+      if (err instanceof HostKeyUnknownError) {
+        return sendJson(res, 200, {
+          status: "verify-host-key",
+          fingerprint: err.fingerprint,
+          algorithm: err.algorithm
+        });
+      }
+      if (err instanceof HostKeyMismatchError) {
+        return sendJson(res, 409, {
+          error: err.message,
+          fingerprint: err.fingerprint,
+          expected: err.expected
+        });
+      }
+      throw err;
+    }
+  }
+  if (route === "POST /api/disconnect") {
+    const body = await readJsonBody(req);
+    return sendJson(res, 200, { ok: manager.remove(asString(body, "sessionId")) });
+  }
+  if (route === "POST /api/listdir") {
+    const body = await readJsonBody(req);
+    const entry = requireSession(manager, body);
+    const path = typeof body["path"] === "string" && body["path"] ? body["path"] : entry.home;
+    const result = await entry.adapter.listDir(path);
+    return sendJson(res, 200, { path, result, transparency: entry.log.list() });
+  }
+  if (route === "POST /api/metrics") {
+    const body = await readJsonBody(req);
+    const entry = requireSession(manager, body);
+    return sendJson(res, 200, { result: await entry.adapter.systemMetrics() });
+  }
+  if (route === "POST /api/readfile") {
+    const body = await readJsonBody(req);
+    const entry = requireSession(manager, body);
+    const result = await entry.adapter.readFile(asString(body, "path"));
+    if (result.kind === "ok") {
+      return sendJson(res, 200, {
+        result: { kind: "ok", base64: Buffer.from(result.value).toString("base64") }
+      });
+    }
+    return sendJson(res, 200, { result });
+  }
+  if (route === "POST /api/writefile") {
+    const body = await readJsonBody(req);
+    const entry = requireSession(manager, body);
+    const bytes = Buffer.from(asString(body, "base64"), "base64");
+    const result = await entry.adapter.writeFile(asString(body, "path"), new Uint8Array(bytes));
+    return sendJson(res, 200, { result });
+  }
+  sendJson(res, 404, { error: `No route for ${route}` });
+}
+function requireSession(manager, body) {
+  const entry = manager.get(asString(body, "sessionId"));
+  if (!entry)
+    throw new HttpError(404, "Unknown session");
+  return entry;
+}
+function parseAuth(value) {
+  if (typeof value !== "object" || value === null)
+    throw new HttpError(400, 'Missing "auth"');
+  const auth = value;
+  if (auth["kind"] === "password" && typeof auth["password"] === "string") {
+    return { kind: "password", password: auth["password"] };
+  }
+  if (auth["kind"] === "privateKey" && typeof auth["privateKey"] === "string") {
+    return {
+      kind: "privateKey",
+      privateKey: auth["privateKey"],
+      ...typeof auth["passphrase"] === "string" ? { passphrase: auth["passphrase"] } : {}
+    };
+  }
+  throw new HttpError(400, 'Invalid "auth": expected password or privateKey');
+}
+
+// ../server/dist/index.js
+var SERVER_PACKAGE = "@deskssh/server";
+function startGateway(options = {}) {
+  const port = options.port ?? Number(process.env["PORT"] ?? 8717);
+  const host = options.host ?? process.env["HOST"] ?? "127.0.0.1";
+  const server = createGateway({ staticDir: options.staticDir });
+  server.listen(port, host, () => {
+    console.log(`DeskSSH listening on http://${host}:${String(port)}`);
+  });
+  return server;
+}
+if (import.meta.url === `file://${process.argv[1] ?? ""}`) {
+  startGateway();
+}
+export {
+  FileKnownHosts,
+  HostKeyMismatchError,
+  HostKeyUnknownError,
+  InMemoryKnownHosts,
+  SERVER_PACKAGE,
+  SessionManager,
+  createGateway,
+  createSshOpener,
+  startGateway,
+  toSessionInfo
+};