dominds 1.25.18 → 1.26.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (38) hide show
  1. package/README.md +17 -0
  2. package/README.zh.md +17 -0
  3. package/dist/apps/runtime.d.ts +2 -4
  4. package/dist/apps-host/client.d.ts +2 -5
  5. package/dist/apps-host/ipc-types.d.ts +2 -5
  6. package/dist/apps-host/ipc-types.js +5 -1
  7. package/dist/bootstrap/rtws-cli.d.ts +0 -1
  8. package/dist/bootstrap/rtws-cli.js +9 -3
  9. package/dist/cli/cert.d.ts +2 -0
  10. package/dist/cli/cert.js +198 -0
  11. package/dist/cli/create.d.ts +1 -1
  12. package/dist/cli/create.js +1 -1
  13. package/dist/cli/read.js +1 -1
  14. package/dist/cli/tui.js +1 -1
  15. package/dist/cli/webui.d.ts +1 -1
  16. package/dist/cli/webui.js +35 -5
  17. package/dist/cli.d.ts +1 -0
  18. package/dist/cli.js +21 -16
  19. package/dist/docs/cli-usage.md +43 -7
  20. package/dist/docs/cli-usage.zh.md +43 -7
  21. package/dist/docs/dialog-persistence.md +1 -1
  22. package/dist/docs/dominds-terminology.md +2 -2
  23. package/dist/server/auth.d.ts +7 -0
  24. package/dist/server/auth.js +15 -4
  25. package/dist/server/certificates.d.ts +61 -0
  26. package/dist/server/certificates.js +418 -0
  27. package/dist/server/dominds-self-update-restart-helper.d.ts +15 -0
  28. package/dist/server/dominds-self-update-restart-helper.js +305 -0
  29. package/dist/server/dominds-self-update.js +162 -120
  30. package/dist/server/network-hosts.d.ts +5 -0
  31. package/dist/server/network-hosts.js +188 -0
  32. package/dist/server/server-core.d.ts +12 -1
  33. package/dist/server/server-core.js +26 -4
  34. package/dist/server/websocket-handler.d.ts +3 -2
  35. package/dist/server/websocket-handler.js +15 -8
  36. package/dist/server.d.ts +5 -0
  37. package/dist/server.js +105 -10
  38. package/package.json +3 -3
@@ -4,7 +4,7 @@ Chinese version: [中文版](./cli-usage.zh.md)
4
4
 
5
5
  The `dominds` CLI provides a unified entry point, but the **primary interaction experience is the Web UI** (the default `dominds` command). This guide focuses on the Web UI workflow.
6
6
 
7
- > Note: In this document, **rtws (runtime workspace)** refers to the runtime root directory Dominds uses (by default `process.cwd()`, switchable via `-C <dir>`).
7
+ > Note: In this document, **rtws (runtime workspace)** refers to the runtime root directory Dominds uses (by default `process.cwd()`, switchable via `-C <abs-dir>`; `-C` only accepts absolute paths).
8
8
 
9
9
  > Note: `dominds tui` / `dominds run` are currently reserved subcommand names and do not have a stable implementation yet. As a result, this guide does not document TUI options or detailed usage.
10
10
 
@@ -18,6 +18,7 @@ The `dominds` CLI provides a unified entry point, but the **primary interaction
18
18
  - [Web UI Interface](#web-ui-interface)
19
19
  - [Text User Interface (TUI) (Not Implemented Yet)](#text-user-interface-tui-not-implemented-yet)
20
20
  - [Minds Reader](#minds-reader)
21
+ - [Certificate Tools](#certificate-tools)
21
22
  - [rtws Creation](#rtws-creation)
22
23
  - [Usage Examples](#usage-examples)
23
24
  - [Dialog Storage](#dialog-storage)
@@ -32,6 +33,7 @@ The `dominds` package provides a unified CLI with subcommands:
32
33
  | `dominds` or `dominds webui` | Start Web UI (default, recommended) | Web UI |
33
34
  | `dominds tui` or `dominds run` | Terminal UI (planned; no stable implementation at the moment) | N/A |
34
35
  | `dominds read` | Read and inspect rtws/team minds configuration | CLI |
36
+ | `dominds cert` | Create and inspect local WebUI HTTPS certificates | CLI |
35
37
  | `dominds create` or `dominds new` | Create a new rtws (runtime workspace) from a template | CLI |
36
38
  | `dominds help` | Show help message | CLI |
37
39
  | `dominds --version` | Show version information | CLI |
@@ -49,11 +51,16 @@ dominds webui [options]
49
51
 
50
52
  # Common: choose port / rtws
51
53
  dominds webui -p 8080
52
- dominds webui -C ./my-rtws
54
+ dominds webui -C /path/to/my-rtws
53
55
 
54
56
  # Minds reader: inspect team configuration
55
57
  dominds read [options] [member-id]
56
58
 
59
+ # Certificate tools: create/inspect local HTTPS certificates
60
+ dominds cert create [--host <host>] [--days <days>] [--force]
61
+ dominds cert self-cert [--host <host>] [--days <days>] [--force]
62
+ dominds cert status --host <host> [--port <port>] [--origin]
63
+
57
64
  # rtws creation: scaffold a new runtime workspace
58
65
  dominds create <template> [directory]
59
66
  dominds new <template> [directory] # alias for create
@@ -83,7 +90,7 @@ Start the web-based user interface for the current rtws. This provides a graphic
83
90
 
84
91
  - `-p, --port <port>` - Port to listen on; a bare port binds strictly, suffix `+` tries higher ports, and suffix `-` tries lower ports (omitting `--port` is equivalent to `5666-`)
85
92
  - `-h, --host <host>` - Host to bind to (default: localhost)
86
- - `-C, --cwd <dir>` - Change to rtws directory before starting
93
+ - `-C, --cwd <abs-dir>` - Change to rtws directory before starting; absolute paths only
87
94
  - `--help` - Show help message
88
95
 
89
96
  **Examples:**
@@ -92,7 +99,7 @@ Start the web-based user interface for the current rtws. This provides a graphic
92
99
  dominds
93
100
  dominds webui -p 8080
94
101
  dominds webui -p 8080+
95
- dominds webui -C ./my-rtws
102
+ dominds webui -C /path/to/my-rtws
96
103
  ```
97
104
 
98
105
  **Common use cases:**
@@ -122,7 +129,7 @@ Read and inspect agent prompts/configuration for the rtws. This is commonly used
122
129
 
123
130
  **Options:**
124
131
 
125
- - `-C, --cwd <dir>` - Change to rtws directory before reading
132
+ - `-C, --cwd <abs-dir>` - Change to rtws directory before reading; absolute paths only
126
133
  - `--only-prompt` - Show only system prompts
127
134
  - `--only-mem` - Show only memory
128
135
  - `--help` - Show help message
@@ -132,11 +139,40 @@ Read and inspect agent prompts/configuration for the rtws. This is commonly used
132
139
  ```bash
133
140
  dominds read
134
141
  dominds read developer
135
- dominds read -C ./my-rtws
142
+ dominds read -C /path/to/my-rtws
136
143
  dominds read --only-prompt
137
144
  dominds read --only-mem
138
145
  ```
139
146
 
147
+ ### Certificate Tools
148
+
149
+ ```bash
150
+ dominds cert create [--host <host>] [--days <days>] [--force]
151
+ dominds cert self-cert [--host <host>] [--days <days>] [--force]
152
+ dominds cert status --host <host> [--port <port>] [--origin]
153
+ ```
154
+
155
+ Create or inspect local HTTPS certificates for the Dominds WebUI. Certificates live in `~/.dominds/certs/` and match DNS/IP hostnames, not ports; one certificate covers every WebUI port on that host.
156
+
157
+ **Options:**
158
+
159
+ - `--host <host>` - Certificate SAN hostname or IP; repeatable for certificate creation; defaults to one or more detected non-loopback LAN hosts
160
+ - `--days <days>` - Certificate validity in days (default: 3650, or 10 years)
161
+ - `--force` - Overwrite existing generated files
162
+ - `--port <port>` - Port used when formatting `status --origin`
163
+ - `--origin` - Print only the effective origin; HTTPS when a cert matches, HTTP otherwise
164
+
165
+ **Examples:**
166
+
167
+ ```bash
168
+ dominds cert create
169
+ dominds cert create --host 192.168.1.10 --host my-host.local
170
+ dominds cert status --host 0.0.0.0
171
+ dominds cert status --host 0.0.0.0 --port 5666 --origin
172
+ ```
173
+
174
+ `localhost`, `loopback`, `127.0.0.0/8`, `::1`, `0.0.0.0`, and `::` are not certificate hosts. `0.0.0.0` / `::` only mean bind-all; certificate matching uses detected non-loopback LAN hosts.
175
+
140
176
  ### rtws Creation
141
177
 
142
178
  ```bash
@@ -190,7 +226,7 @@ dominds
190
226
  dominds webui -p 8080
191
227
 
192
228
  # 3) Start in a specific rtws
193
- dominds webui -C ./my-rtws
229
+ dominds webui -C /path/to/my-rtws
194
230
 
195
231
  # 4) Inspect current team/rtws configuration
196
232
  dominds read
@@ -4,7 +4,7 @@
4
4
 
5
5
  `dominds` 提供统一的命令行入口,但**主要交互界面是 Web UI**(默认命令 `dominds`)。本文档以 Web UI 工作流为主。
6
6
 
7
- > 注:本文统一使用 **rtws(运行时工作区)** 表示 Dominds 运行时使用的根目录(默认等于 `process.cwd()`,可通过 `-C <dir>` 切换)。
7
+ > 注:本文统一使用 **rtws(运行时工作区)** 表示 Dominds 运行时使用的根目录(默认等于 `process.cwd()`,可通过 `-C <abs-dir>` 切换;`-C` 只接受绝对路径)。
8
8
 
9
9
  > 说明:`dominds tui` / `dominds run` 相关功能目前尚未提供稳定实现(子命令名保留用于未来规划),因此本指南不再展开 TUI 的命令选项与用法细节。
10
10
 
@@ -18,6 +18,7 @@
18
18
  - [Web UI 界面](#web-ui-界面)
19
19
  - [文本用户界面 (TUI)(尚未实现)](#文本用户界面-tui尚未实现)
20
20
  - [Minds 阅读器](#minds-阅读器)
21
+ - [证书工具](#证书工具)
21
22
  - [rtws 创建](#rtws-创建)
22
23
  - [使用示例](#使用示例)
23
24
  - [对话存储](#对话存储)
@@ -32,6 +33,7 @@
32
33
  | `dominds` 或 `dominds webui` | 启动 Web UI(默认、推荐) | Web UI |
33
34
  | `dominds tui` 或 `dominds run` | 终端界面(规划中;当前版本暂不提供稳定) | N/A |
34
35
  | `dominds read` | 读取/分析团队 minds 配置 | CLI |
36
+ | `dominds cert` | 创建/检查本机 WebUI HTTPS 证书 | CLI |
35
37
  | `dominds create` 或 `dominds new` | 从模板创建新 rtws(运行时工作区) | CLI |
36
38
  | `dominds help` | 显示帮助消息 | CLI |
37
39
  | `dominds --version` | 显示版本信息 | CLI |
@@ -49,11 +51,16 @@ dominds webui [options]
49
51
 
50
52
  # 常用:指定端口 / rtws
51
53
  dominds webui -p 8080
52
- dominds webui -C ./my-rtws
54
+ dominds webui -C /path/to/my-rtws
53
55
 
54
56
  # Minds 阅读器:分析团队配置
55
57
  dominds read [options] [member-id]
56
58
 
59
+ # 证书工具:创建/检查本机 HTTPS 证书
60
+ dominds cert create [--host <host>] [--days <days>] [--force]
61
+ dominds cert self-cert [--host <host>] [--days <days>] [--force]
62
+ dominds cert status --host <host> [--port <port>] [--origin]
63
+
57
64
  # rtws 创建:搭建新项目/运行时工作区
58
65
  dominds create <template> [directory]
59
66
  dominds new <template> [directory] # create 的别名
@@ -83,7 +90,7 @@ dominds webui [options]
83
90
 
84
91
  - `-p, --port <port>` - 监听端口;裸端口严格绑定,后缀 `+` 向更大端口自动尝试,后缀 `-` 向更小端口自动尝试(未指定时等价于 `5666-`)
85
92
  - `-h, --host <host>` - 绑定的主机(默认:localhost)
86
- - `-C, --cwd <dir>` - 启动前更改 rtws 目录
93
+ - `-C, --cwd <abs-dir>` - 启动前更改 rtws 目录;只接受绝对路径
87
94
  - `--help` - 显示帮助消息
88
95
 
89
96
  **示例:**
@@ -99,7 +106,7 @@ dominds webui -p 8080
99
106
  dominds webui -p 8080+
100
107
 
101
108
  # 在特定 rtws 启动 Web UI
102
- dominds webui -C ./my-rtws
109
+ dominds webui -C /path/to/my-rtws
103
110
  ```
104
111
 
105
112
  **常见用途:**
@@ -129,7 +136,7 @@ dominds read [options] [member-id]
129
136
 
130
137
  **选项:**
131
138
 
132
- - `-C, --cwd <dir>` - 读取前更改 rtws 目录
139
+ - `-C, --cwd <abs-dir>` - 读取前更改 rtws 目录;只接受绝对路径
133
140
  - `--only-prompt` - 仅显示系统提示词
134
141
  - `--only-mem` - 仅显示内存
135
142
  - `--help` - 显示帮助消息
@@ -139,11 +146,40 @@ dominds read [options] [member-id]
139
146
  ```bash
140
147
  dominds read
141
148
  dominds read developer
142
- dominds read -C ./my-rtws
149
+ dominds read -C /path/to/my-rtws
143
150
  dominds read --only-prompt
144
151
  dominds read --only-mem
145
152
  ```
146
153
 
154
+ ### 证书工具
155
+
156
+ ```bash
157
+ dominds cert create [--host <host>] [--days <days>] [--force]
158
+ dominds cert self-cert [--host <host>] [--days <days>] [--force]
159
+ dominds cert status --host <host> [--port <port>] [--origin]
160
+ ```
161
+
162
+ 创建或检查 Dominds WebUI 的本机 HTTPS 证书。证书保存在 `~/.dominds/certs/`,按 DNS/IP 主机名匹配,不绑定端口;同一张证书可覆盖该主机上的所有 WebUI 端口。
163
+
164
+ **选项:**
165
+
166
+ - `--host <host>` - 证书 SAN 主机名或 IP;创建证书时可重复指定;未指定时使用检测到的一个或多个非 loopback LAN 主机
167
+ - `--days <days>` - 证书有效天数(默认:3650,即 10 年)
168
+ - `--force` - 覆盖已有的同名生成文件
169
+ - `--port <port>` - `status --origin` 输出 URL 时使用的端口
170
+ - `--origin` - 仅输出有效访问 origin;找到证书时输出 HTTPS,否则输出 HTTP
171
+
172
+ **示例:**
173
+
174
+ ```bash
175
+ dominds cert create
176
+ dominds cert create --host 192.168.1.10 --host my-host.local
177
+ dominds cert status --host 0.0.0.0
178
+ dominds cert status --host 0.0.0.0 --port 5666 --origin
179
+ ```
180
+
181
+ `localhost`、`loopback`、`127.0.0.0/8`、`::1`、`0.0.0.0`、`::` 不会作为 HTTPS 证书主机。`0.0.0.0` / `::` 只表示绑定所有地址,匹配证书时会使用检测到的非 loopback LAN 主机。
182
+
147
183
  ### rtws 创建
148
184
 
149
185
  ```bash
@@ -204,7 +240,7 @@ dominds
204
240
  dominds webui -p 8080
205
241
 
206
242
  # 3) 在特定 rtws 启动
207
- dominds webui -C ./my-rtws
243
+ dominds webui -C /path/to/my-rtws
208
244
 
209
245
  # 4) 查看/核对当前团队配置
210
246
  dominds read
@@ -4,7 +4,7 @@ Chinese version: [中文版](./dialog-persistence.zh.md)
4
4
 
5
5
  This document describes the persistence layer and storage mechanisms for the Dominds dialog system, including file system conventions, data structures, and storage patterns.
6
6
 
7
- > Note: In this document, **rtws (runtime workspace)** refers to Dominds' runtime root directory (by default `process.cwd()`, switchable via `-C <dir>`).
7
+ > Note: In this document, **rtws (runtime workspace)** refers to Dominds' runtime root directory (by default `process.cwd()`, switchable via `-C <abs-dir>`; `-C` only accepts absolute paths).
8
8
 
9
9
  ## Current Implementation Status
10
10
 
@@ -264,8 +264,8 @@ Example / 示例(概念):
264
264
 
265
265
  ### rtws(运行时工作区)
266
266
 
267
- - EN: **rtws** (runtime workspace) is the directory Dominds treats as its runtime root (by default it is `process.cwd()`, and can be changed via `-C <dir>`). Files like `.minds/` and `.dialogs/` live under the rtws.
268
- - ZH: **rtws(运行时工作区)**是 Dominds 运行时使用的根目录(默认等于 `process.cwd()`,可通过 `-C <dir>` 切换)。诸如 `.minds/`、`.dialogs/` 等运行态目录均位于 rtws 下。
267
+ - EN: **rtws** (runtime workspace) is the directory Dominds treats as its runtime root (by default it is `process.cwd()`, and can be changed via `-C <abs-dir>`; `-C` only accepts absolute paths). Files like `.minds/` and `.dialogs/` live under the rtws.
268
+ - ZH: **rtws(运行时工作区)**是 Dominds 运行时使用的根目录(默认等于 `process.cwd()`,可通过 `-C <abs-dir>` 切换;`-C` 只接受绝对路径)。诸如 `.minds/`、`.dialogs/` 等运行态目录均位于 rtws 下。
269
269
 
270
270
  - EN: Wording rule: when the meaning is **rtws**, prefer writing “rtws (runtime workspace)” (or just “rtws” after the first mention) rather than the ambiguous generic “workspace”.
271
271
  - ZH: 用词规则:当语义指向 **rtws** 时,优先写“rtws(运行时工作区)”(或在已定义后只写“rtws”),避免在对外提示/文档中只写“工作区”从而与其他语境的 workspace/workdir 混淆。
@@ -37,7 +37,14 @@ export declare function isAuthEnabled(auth: AuthConfig): auth is Extract<AuthCon
37
37
  export declare function getHttpAuthCheck(req: IncomingMessage, auth: AuthConfig): AuthCheckResult;
38
38
  export declare function getHttpAuthCheckAllowUrlParam(req: IncomingMessage, auth: AuthConfig, requestUrl: URL): AuthCheckResult;
39
39
  export declare function getWebSocketAuthCheck(req: IncomingMessage, auth: AuthConfig): AuthCheckResult;
40
+ export type ServerUrlScheme = 'http' | 'https';
41
+ export declare function formatServerOrigin(params: {
42
+ scheme: ServerUrlScheme;
43
+ host: string;
44
+ port: number;
45
+ }): string;
40
46
  export declare function formatAutoAuthUrl(params: {
47
+ scheme?: ServerUrlScheme;
41
48
  host: string;
42
49
  port: number;
43
50
  authKey: string;
@@ -53,6 +53,7 @@ exports.isAuthEnabled = isAuthEnabled;
53
53
  exports.getHttpAuthCheck = getHttpAuthCheck;
54
54
  exports.getHttpAuthCheckAllowUrlParam = getHttpAuthCheckAllowUrlParam;
55
55
  exports.getWebSocketAuthCheck = getWebSocketAuthCheck;
56
+ exports.formatServerOrigin = formatServerOrigin;
56
57
  exports.formatAutoAuthUrl = formatAutoAuthUrl;
57
58
  const crypto = __importStar(require("crypto"));
58
59
  function computeAuthConfig(params) {
@@ -129,14 +130,24 @@ function getWebSocketAuthCheck(req, auth) {
129
130
  ? { kind: 'ok' }
130
131
  : { kind: 'unauthorized', reason: 'invalid' };
131
132
  }
133
+ function formatServerOrigin(params) {
134
+ const visibleHost = normalizeHostForUrl(params.host, params.scheme);
135
+ return `${params.scheme}://${visibleHost}:${params.port}`;
136
+ }
132
137
  function formatAutoAuthUrl(params) {
133
- const visibleHost = normalizeHostForUrl(params.host);
134
- return `http://${visibleHost}:${params.port}/?auth=${encodeURIComponent(params.authKey)}`;
138
+ return `${formatServerOrigin({
139
+ scheme: params.scheme ?? 'http',
140
+ host: params.host,
141
+ port: params.port,
142
+ })}/?auth=${encodeURIComponent(params.authKey)}`;
135
143
  }
136
- function normalizeHostForUrl(host) {
144
+ function normalizeHostForUrl(host, scheme) {
137
145
  // Binding to 0.0.0.0/:: is common, but not a browsable "host".
138
- if (host === '0.0.0.0' || host === '::')
146
+ // For HTTPS, preserve the certificate-matched bind host to avoid creating a hostname mismatch.
147
+ if (scheme === 'http' && (host === '0.0.0.0' || host === '::'))
139
148
  return 'localhost';
149
+ if (host.includes(':') && !host.startsWith('['))
150
+ return `[${host}]`;
140
151
  return host;
141
152
  }
142
153
  function generateAuthKey() {
@@ -0,0 +1,61 @@
1
+ export declare const DEFAULT_SELF_SIGNED_CERT_DAYS = 3650;
2
+ export type HttpsCertificateMaterial = {
3
+ cert: string;
4
+ key: string;
5
+ certPath: string;
6
+ keyPath: string;
7
+ matchedHost: string;
8
+ matchedHostPriority: number;
9
+ validTo: Date;
10
+ };
11
+ export type CertificateLookupEndpoint = Readonly<{
12
+ bindHost: string;
13
+ urlHost: string;
14
+ }>;
15
+ export type CertificateLookupDiagnostic = {
16
+ level: 'warn';
17
+ code: 'invalid_cert_file' | 'missing_key_file' | 'invalid_key_pair' | 'expired_or_not_yet_valid';
18
+ message: string;
19
+ certPath: string;
20
+ keyPath?: string;
21
+ } | {
22
+ level: 'warn';
23
+ code: 'multiple_matching_certs';
24
+ message: string;
25
+ host: string;
26
+ certPaths: readonly string[];
27
+ };
28
+ export type CertificateLookupResult = {
29
+ kind: 'found';
30
+ certsDirAbs: string;
31
+ endpoint: CertificateLookupEndpoint;
32
+ certificate: HttpsCertificateMaterial;
33
+ diagnostics: readonly CertificateLookupDiagnostic[];
34
+ } | {
35
+ kind: 'not_found';
36
+ certsDirAbs: string;
37
+ endpoint: CertificateLookupEndpoint;
38
+ diagnostics: readonly CertificateLookupDiagnostic[];
39
+ };
40
+ export type CreatedSelfSignedCertificate = {
41
+ host: string;
42
+ hosts: readonly string[];
43
+ days: number;
44
+ certsDirAbs: string;
45
+ certPath: string;
46
+ keyPath: string;
47
+ metadataPath: string;
48
+ };
49
+ export declare function getDefaultDomindsCertsDir(): string;
50
+ export declare function findAutoHttpsCertificateForHost(params: {
51
+ host: string;
52
+ certsDirAbs?: string;
53
+ now?: Date;
54
+ }): Promise<CertificateLookupResult>;
55
+ export declare function createSelfSignedCertificate(params: {
56
+ host?: string;
57
+ altHosts?: readonly string[];
58
+ days?: number;
59
+ certsDirAbs?: string;
60
+ force?: boolean;
61
+ }): Promise<CreatedSelfSignedCertificate>;