fluxy-bot 0.1.0

package/supervisor/index.ts

@@ -0,0 +1,173 @@
+import http from 'http';
+import net from 'net';
+import fs from 'fs';
+import { WebSocketServer, WebSocket } from 'ws';
+import { loadConfig } from '../shared/config.js';
+import { createProvider, type AiProvider, type ChatMessage } from '../shared/ai.js';
+import { paths } from '../shared/paths.js';
+import { log } from '../shared/logger.js';
+import { startTunnel, stopTunnel } from './tunnel.js';
+import { spawnWorker, stopWorker, getWorkerPort, isWorkerAlive } from './worker.js';
+import { updateTunnelUrl, startHeartbeat, stopHeartbeat, disconnect } from '../shared/relay.js';
+
+const RECOVERING_HTML = `<!DOCTYPE html><html><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width,initial-scale=1"><title>Recovering</title>
+<style>body{background:#0a0a0f;color:#94a3b8;font-family:system-ui;display:flex;align-items:center;justify-content:center;height:100vh;margin:0}
+div{text-align:center}h1{font-size:18px;margin-bottom:8px;color:#e2e8f0}p{font-size:14px}a{color:#60a5fa}</style></head>
+<body><div><h1>Dashboard is restarting...</h1><p>Refreshing automatically. <a href="/fluxy">Talk to Fluxy</a></p></div>
+<script>setTimeout(()=>location.reload(),3000)</script></body></html>`;
+
+export async function startSupervisor() {
+  const config = loadConfig();
+  const workerPort = getWorkerPort(config.port);
+
+  // Fluxy's AI brain
+  let ai: AiProvider | null = null;
+  if (config.ai.provider && (config.ai.apiKey || config.ai.provider === 'ollama')) {
+    ai = createProvider(config.ai.provider, config.ai.apiKey, config.ai.baseUrl);
+  }
+
+  // Fluxy chat conversations (in-memory for now)
+  const conversations = new Map<WebSocket, ChatMessage[]>();
+
+  // HTTP server
+  const server = http.createServer((req, res) => {
+    // Fluxy routes — served directly, never proxied
+    if (req.url === '/fluxy' || req.url === '/fluxy/') {
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(fs.readFileSync(paths.fluxyHtml));
+      return;
+    }
+
+    // Everything else → proxy to worker
+    if (!isWorkerAlive()) {
+      res.writeHead(503, { 'Content-Type': 'text/html' });
+      res.end(RECOVERING_HTML);
+      return;
+    }
+
+    const proxy = http.request(
+      { host: '127.0.0.1', port: workerPort, path: req.url, method: req.method, headers: req.headers },
+      (proxyRes) => {
+        res.writeHead(proxyRes.statusCode!, proxyRes.headers);
+        proxyRes.pipe(res);
+      },
+    );
+
+    proxy.on('error', () => {
+      res.writeHead(503, { 'Content-Type': 'text/html' });
+      res.end(RECOVERING_HTML);
+    });
+
+    req.pipe(proxy);
+  });
+
+  // WebSocket: Fluxy chat + proxy worker WS
+  const fluxyWss = new WebSocketServer({ noServer: true });
+
+  fluxyWss.on('connection', (ws) => {
+    log.info('Fluxy chat connected');
+    conversations.set(ws, []);
+
+    ws.on('message', (raw) => {
+      const msg = JSON.parse(raw.toString());
+      if (msg.type !== 'message' || !msg.content) return;
+
+      const history = conversations.get(ws) || [];
+      history.push({ role: 'user', content: msg.content });
+
+      if (!ai) {
+        ws.send(JSON.stringify({ type: 'error', error: 'AI not configured. Set up your provider first.' }));
+        return;
+      }
+
+      ai.chat(
+        [{ role: 'system', content: 'You are Fluxy, a helpful AI assistant. You help users manage and customize their self-hosted bot.' }, ...history],
+        config.ai.model,
+        (token) => ws.send(JSON.stringify({ type: 'token', token })),
+        (full) => {
+          history.push({ role: 'assistant', content: full });
+          ws.send(JSON.stringify({ type: 'done' }));
+        },
+        (err) => ws.send(JSON.stringify({ type: 'error', error: err.message })),
+      );
+    });
+
+    ws.on('close', () => conversations.delete(ws));
+  });
+
+  server.on('upgrade', (req, socket: net.Socket, head) => {
+    if (req.url === '/fluxy/ws') {
+      fluxyWss.handleUpgrade(req, socket, head, (ws) => fluxyWss.emit('connection', ws, req));
+      return;
+    }
+
+    // Proxy WS upgrade to worker
+    const proxy = net.connect(workerPort, () => {
+      const headers = Object.entries(req.headers).map(([k, v]) => `${k}: ${v}`).join('\r\n');
+      proxy.write(`GET ${req.url} HTTP/1.1\r\n${headers}\r\n\r\n`);
+      if (head.length > 0) proxy.write(head);
+      socket.pipe(proxy).pipe(socket);
+    });
+
+    proxy.on('error', () => socket.destroy());
+    socket.on('error', () => proxy.destroy());
+  });
+
+  // Start
+  server.listen(config.port, () => {
+    log.ok(`Supervisor on http://localhost:${config.port}`);
+    log.ok(`Fluxy chat at http://localhost:${config.port}/fluxy`);
+  });
+
+  // Spawn worker
+  spawnWorker(workerPort);
+
+  // Tunnel
+  let tunnelUrl: string | null = null;
+  if (config.tunnel.enabled) {
+    try {
+      tunnelUrl = await startTunnel(config.port);
+      log.ok(`Tunnel: ${tunnelUrl}`);
+      console.log(`__TUNNEL_URL__=${tunnelUrl}`);
+
+      // Register tunnel URL with relay and start heartbeats
+      if (config.relay?.token) {
+        try {
+          await updateTunnelUrl(config.relay.token, tunnelUrl);
+          startHeartbeat(config.relay.token, tunnelUrl);
+          if (config.relay.url) {
+            log.ok(`Relay: ${config.relay.url}`);
+            console.log(`__RELAY_URL__=${config.relay.url}`);
+          }
+        } catch (err) {
+          log.warn(`Relay: ${err instanceof Error ? err.message : err}`);
+        }
+      }
+    } catch (err) {
+      log.warn(`Tunnel: ${err instanceof Error ? err.message : err}`);
+      console.log('__TUNNEL_FAILED__');
+    }
+  }
+
+  // Shutdown
+  const shutdown = async () => {
+    log.info('Shutting down...');
+    stopHeartbeat();
+    if (config.relay?.token) {
+      await disconnect(config.relay.token);
+    }
+    stopWorker();
+    stopTunnel();
+    server.close();
+    process.exit(0);
+  };
+  process.on('SIGINT', () => shutdown());
+  process.on('SIGTERM', () => shutdown());
+
+  return tunnelUrl;
+}
+
+startSupervisor().catch((err) => {
+  log.error('Fatal', err);
+  process.exit(1);
+});

package/supervisor/tunnel.ts

@@ -0,0 +1,62 @@
+import { spawn, execSync, type ChildProcess } from 'child_process';
+import fs from 'fs';
+import os from 'os';
+import { paths } from '../shared/paths.js';
+import { log } from '../shared/logger.js';
+
+let proc: ChildProcess | null = null;
+
+function findBinary(): string | null {
+  try { execSync('which cloudflared', { stdio: 'ignore' }); return 'cloudflared'; } catch {}
+  if (fs.existsSync(paths.cloudflared)) return paths.cloudflared;
+  return null;
+}
+
+export async function installCloudflared(): Promise<string> {
+  const existing = findBinary();
+  if (existing) return existing;
+
+  const dir = paths.cloudflared.replace(/\/[^/]+$/, '');
+  fs.mkdirSync(dir, { recursive: true });
+
+  const p = os.platform(), a = os.arch();
+  const base = 'https://github.com/cloudflare/cloudflared/releases/latest/download';
+
+  let url: string;
+  if (p === 'darwin') url = `${base}/cloudflared-darwin-${a === 'arm64' ? 'arm64' : 'amd64'}.tgz`;
+  else if (a === 'arm64' || a === 'aarch64') url = `${base}/cloudflared-linux-arm64`;
+  else if (a.startsWith('arm')) url = `${base}/cloudflared-linux-arm`;
+  else url = `${base}/cloudflared-linux-amd64`;
+
+  log.info('Installing cloudflared...');
+  if (url.endsWith('.tgz')) execSync(`curl -fsSL "${url}" | tar xz -C "${dir}"`, { stdio: 'ignore' });
+  else execSync(`curl -fsSL -o "${paths.cloudflared}" "${url}"`, { stdio: 'ignore' });
+  fs.chmodSync(paths.cloudflared, 0o755);
+  log.ok('cloudflared installed');
+  return paths.cloudflared;
+}
+
+export function startTunnel(port: number): Promise<string> {
+  return new Promise(async (resolve, reject) => {
+    const bin = await installCloudflared();
+    const timeout = setTimeout(() => reject(new Error('Tunnel timeout')), 30_000);
+
+    proc = spawn(bin, ['tunnel', '--url', `http://localhost:${port}`, '--no-autoupdate'], {
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+
+    const onData = (d: Buffer) => {
+      const m = d.toString().match(/https:\/\/[^\s]+\.trycloudflare\.com/);
+      if (m) { clearTimeout(timeout); resolve(m[0]); }
+    };
+
+    proc.stdout?.on('data', onData);
+    proc.stderr?.on('data', onData);
+    proc.on('error', (e) => { clearTimeout(timeout); reject(e); });
+  });
+}
+
+export function stopTunnel(): void {
+  proc?.kill();
+  proc = null;
+}

package/supervisor/worker.ts

@@ -0,0 +1,55 @@
+import { spawn, type ChildProcess } from 'child_process';
+import path from 'path';
+import { PKG_DIR } from '../shared/paths.js';
+import { log } from '../shared/logger.js';
+
+let child: ChildProcess | null = null;
+let restarts = 0;
+const MAX_RESTARTS = 3;
+
+export function getWorkerPort(basePort: number): number {
+  return basePort + 1;
+}
+
+export function spawnWorker(port: number): ChildProcess {
+  const workerPath = path.join(PKG_DIR, 'worker', 'index.ts');
+
+  child = spawn('node', ['--import', 'tsx/esm', workerPath], {
+    cwd: PKG_DIR,
+    stdio: ['ignore', 'pipe', 'pipe'],
+    env: { ...process.env, WORKER_PORT: String(port) },
+  });
+
+  child.stdout?.on('data', (d) => {
+    process.stdout.write(d);
+  });
+
+  child.stderr?.on('data', (d) => {
+    process.stderr.write(d);
+  });
+
+  child.on('exit', (code) => {
+    if (code !== 0 && code !== null) {
+      log.warn(`Worker crashed (code ${code})`);
+      if (restarts < MAX_RESTARTS) {
+        restarts++;
+        log.info(`Restarting worker (${restarts}/${MAX_RESTARTS})...`);
+        setTimeout(() => spawnWorker(port), 1000);
+      } else {
+        log.error('Worker failed too many times. Use Fluxy chat to debug.');
+      }
+    }
+  });
+
+  log.ok(`Worker spawned on port ${port}`);
+  return child;
+}
+
+export function stopWorker(): void {
+  child?.kill();
+  child = null;
+}
+
+export function isWorkerAlive(): boolean {
+  return child !== null && child.exitCode === null;
+}

package/tsconfig.json

@@ -0,0 +1,20 @@
+{
+  "compilerOptions": {
+    "target": "ES2022",
+    "module": "ESNext",
+    "moduleResolution": "bundler",
+    "esModuleInterop": true,
+    "strict": true,
+    "skipLibCheck": true,
+    "outDir": "dist",
+    "rootDir": ".",
+    "jsx": "react-jsx",
+    "types": [],
+    "paths": {
+      "@server/*": ["./server/*"],
+      "@client/*": ["./client/src/*"]
+    }
+  },
+  "include": ["server/**/*", "client/src/**/*", "vite.config.ts"],
+  "exclude": ["node_modules", "dist", "data"]
+}

package/vite.config.ts

@@ -0,0 +1,38 @@
+import { defineConfig } from 'vite';
+import react from '@vitejs/plugin-react';
+import { VitePWA } from 'vite-plugin-pwa';
+import path from 'path';
+
+export default defineConfig({
+  root: 'client',
+  resolve: {
+    alias: { '@': path.resolve(__dirname, 'client/src') },
+  },
+  build: {
+    outDir: '../dist',
+    emptyOutDir: true,
+  },
+  server: {
+    port: 5173,
+    proxy: {
+      '/api': 'http://localhost:3000',
+    },
+  },
+  plugins: [
+    react(),
+    VitePWA({
+      registerType: 'autoUpdate',
+      manifest: {
+        name: 'Fluxy',
+        short_name: 'Fluxy',
+        theme_color: '#212121',
+        background_color: '#212121',
+        display: 'standalone',
+        icons: [
+          { src: '/icons/icon-192.png', sizes: '192x192', type: 'image/png' },
+          { src: '/icons/icon-512.png', sizes: '512x512', type: 'image/png' },
+        ],
+      },
+    }),
+  ],
+});

package/worker/claude-auth.ts

@@ -0,0 +1,224 @@
+/**
+ * Claude OAuth PKCE flow for Anthropic subscription authentication.
+ * Adapted from CodeDeck's ClaudeOAuthService for server-side Node.js.
+ *
+ * User signs in at claude.ai, receives a code, pastes it back.
+ * Credentials stored in ~/.claude/.credentials.json + macOS Keychain.
+ */
+
+import crypto from 'crypto';
+import { execFileSync } from 'child_process';
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { log } from '../shared/logger.js';
+
+const OAUTH_CONFIG = {
+  AUTHORIZE_URL: 'https://claude.ai/oauth/authorize',
+  TOKEN_URL: 'https://console.anthropic.com/v1/oauth/token',
+  REDIRECT_URI: 'https://console.anthropic.com/oauth/code/callback',
+  CLIENT_ID: '9d1c250a-e61b-44d9-88ed-5944d1962f5e',
+  SCOPES: 'org:create_api_key user:profile user:inference',
+};
+
+const CLAUDE_DIR = path.join(os.homedir(), '.claude');
+const CREDENTIALS_FILE = path.join(CLAUDE_DIR, '.credentials.json');
+
+let codeVerifier: string | null = null;
+
+/* ── Public API ── */
+
+export function startClaudeOAuth(): { success: boolean; authUrl?: string; error?: string } {
+  // Generate PKCE
+  codeVerifier = crypto.randomBytes(32).toString('base64url');
+  const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+
+  const params = new URLSearchParams({
+    code: 'true',
+    client_id: OAUTH_CONFIG.CLIENT_ID,
+    response_type: 'code',
+    redirect_uri: OAUTH_CONFIG.REDIRECT_URI,
+    scope: OAUTH_CONFIG.SCOPES,
+    code_challenge: codeChallenge,
+    code_challenge_method: 'S256',
+    state: codeVerifier, // state = verifier (OpenClaw legacy flow)
+  });
+
+  const authUrl = `${OAUTH_CONFIG.AUTHORIZE_URL}?${params.toString()}`;
+  log.ok('Claude OAuth flow started');
+  return { success: true, authUrl };
+}
+
+export async function exchangeClaudeCode(codeInput: string): Promise<{ success: boolean; error?: string }> {
+  if (!codeVerifier) {
+    return { success: false, error: 'OAuth flow not started. Click "Authenticate" first.' };
+  }
+
+  // Parse code — might be "code#state" or just "code"
+  const parts = codeInput.trim().split('#');
+  const code = parts[0].trim();
+  const state = parts[1]?.trim() || codeVerifier;
+
+  if (!code) {
+    return { success: false, error: 'Invalid code. Please copy the full code from the page.' };
+  }
+
+  try {
+    // Token exchange uses JSON body (not form-urlencoded)
+    const payload = {
+      grant_type: 'authorization_code',
+      client_id: OAUTH_CONFIG.CLIENT_ID,
+      code,
+      state,
+      redirect_uri: OAUTH_CONFIG.REDIRECT_URI,
+      code_verifier: codeVerifier,
+    };
+
+    const response = await fetch(OAUTH_CONFIG.TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify(payload),
+    });
+
+    if (!response.ok) {
+      return { success: false, error: `Authentication failed (${response.status}). Please try again.` };
+    }
+
+    const tokens = await response.json();
+    storeCredentials(tokens);
+    codeVerifier = null;
+    return { success: true };
+  } catch (err: any) {
+    return { success: false, error: err.message };
+  }
+}
+
+export function getClaudeAuthStatus(): { authenticated: boolean; error?: string } {
+  // Check credentials file
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      const creds = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+      if (creds.accessToken) {
+        if (creds.expiresAt && Date.now() >= creds.expiresAt) {
+          return { authenticated: false, error: 'Token expired' };
+        }
+        return { authenticated: true };
+      }
+    }
+  } catch {}
+
+  // macOS: check Keychain as fallback
+  if (process.platform === 'darwin') {
+    try {
+      const result = execFileSync('security', [
+        'find-generic-password', '-s', 'Claude Code-credentials', '-w',
+      ], { stdio: ['pipe', 'pipe', 'pipe'] }).toString().trim();
+      const parsed = JSON.parse(result);
+      if (parsed.claudeAiOauth?.accessToken) {
+        if (parsed.claudeAiOauth.expiresAt && Date.now() >= parsed.claudeAiOauth.expiresAt) {
+          return { authenticated: false, error: 'Token expired' };
+        }
+        return { authenticated: true };
+      }
+    } catch {}
+  }
+
+  // Legacy check
+  try {
+    const legacyPath = path.join(os.homedir(), '.claude.json');
+    if (fs.existsSync(legacyPath)) {
+      const config = JSON.parse(fs.readFileSync(legacyPath, 'utf-8'));
+      if (config.oauthAccessToken) return { authenticated: true };
+    }
+  } catch {}
+
+  return { authenticated: false };
+}
+
+export function readClaudeAccessToken(): string | null {
+  // Primary: credentials file
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      const creds = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+      if (creds.accessToken) {
+        if (creds.expiresAt && Date.now() >= creds.expiresAt) return null;
+        return creds.accessToken;
+      }
+    }
+  } catch {}
+
+  // macOS Keychain fallback
+  if (process.platform === 'darwin') {
+    try {
+      const result = execFileSync('security', [
+        'find-generic-password', '-s', 'Claude Code-credentials', '-w',
+      ], { stdio: ['pipe', 'pipe', 'pipe'] }).toString().trim();
+      const parsed = JSON.parse(result);
+      if (parsed.claudeAiOauth?.accessToken) {
+        if (parsed.claudeAiOauth.expiresAt && Date.now() >= parsed.claudeAiOauth.expiresAt) return null;
+        return parsed.claudeAiOauth.accessToken;
+      }
+    } catch {}
+  }
+
+  return null;
+}
+
+/* ── Helpers ── */
+
+function storeCredentials(tokens: any): void {
+  if (!fs.existsSync(CLAUDE_DIR)) {
+    fs.mkdirSync(CLAUDE_DIR, { recursive: true });
+  }
+
+  // Read existing credentials
+  let credentials: Record<string, any> = {};
+  try {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+      credentials = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+    }
+  } catch {}
+
+  credentials.accessToken = tokens.access_token;
+  if (tokens.refresh_token) credentials.refreshToken = tokens.refresh_token;
+  if (tokens.expires_in) {
+    credentials.expiresAt = Date.now() + (tokens.expires_in - 300) * 1000;
+  }
+
+  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
+  try { fs.chmodSync(CREDENTIALS_FILE, 0o600); } catch {}
+  log.ok('Claude credentials stored');
+
+  // macOS: also write to Keychain
+  if (process.platform === 'darwin') {
+    try {
+      const keychainValue = JSON.stringify({ claudeAiOauth: credentials });
+      try {
+        execFileSync('security', ['delete-generic-password', '-s', 'Claude Code-credentials'], {
+          stdio: ['pipe', 'pipe', 'pipe'],
+        });
+      } catch {} // OK if entry doesn't exist
+      execFileSync('security', [
+        'add-generic-password',
+        '-s', 'Claude Code-credentials',
+        '-a', os.userInfo().username,
+        '-w', keychainValue,
+      ], { stdio: ['pipe', 'pipe', 'pipe'] });
+    } catch {}
+  }
+
+  // Legacy fallback (~/.claude.json)
+  try {
+    const legacyPath = path.join(os.homedir(), '.claude.json');
+    let legacyConfig: Record<string, any> = {};
+    try {
+      if (fs.existsSync(legacyPath)) {
+        legacyConfig = JSON.parse(fs.readFileSync(legacyPath, 'utf-8'));
+      }
+    } catch {}
+    legacyConfig.oauthAccessToken = tokens.access_token;
+    legacyConfig.hasCompletedOnboarding = true;
+    fs.writeFileSync(legacyPath, JSON.stringify(legacyConfig, null, 2), 'utf-8');
+    try { fs.chmodSync(legacyPath, 0o600); } catch {}
+  } catch {}
+}