npm - fluxy-bot - Versions diffs - 0.5.56 → 0.5.58 - Mend

fluxy-bot 0.5.56 → 0.5.58

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -18,7 +18,7 @@ The relay gives users a permanent domain. The tunnel gives the relay a target. T
 ## Process Architecture
-When `fluxy start` runs, the CLI spawns a single supervisor process. The supervisor then spawns three child processes and manages their lifecycle:
+When `fluxy start` runs, the CLI spawns a single supervisor process. The supervisor then spawns child processes and manages their lifecycle:
 ```
 CLI (bin/cli.js)
@@ -31,11 +31,12 @@ Supervisor (supervisor/index.ts)        port 3000    HTTP server + WebSocket + r
   +-- Vite Dev Server                   port 3002    Serves workspace/client with HMR
   +-- Backend (workspace/backend/)      port 3004    User's custom Express server
   +-- cloudflared (tunnel)              --           Exposes port 3000 to the internet
+  +-- Scheduler (supervisor/scheduler)  --           PULSE + CRON job runner (in-process)
 ```
 Port allocation: base port (default 3000), worker = base+1, Vite = base+2, backend = base+4.
-All child processes auto-restart up to 3 times on crash. The supervisor catches SIGINT/SIGTERM and tears everything down gracefully.
+All child processes auto-restart up to 3 times on crash (reset counter if alive >30s). The supervisor catches SIGINT/SIGTERM and tears everything down gracefully.
 ---
@@ -45,10 +46,11 @@ The supervisor is a raw `http.createServer` (no Express) that routes every incom
 | Path | Target | Notes |
 |---|---|---|
+| `/fluxy/widget.js` | Direct file serve | Chat bubble script, no-cache |
+| `/sw.js`, `/fluxy/sw.js` | Embedded service worker | PWA + push notification support |
 | `/app/api/*` | Backend (port 3004) | Strips `/app/api` prefix before forwarding |
 | `/api/*` | Worker (port 3001) | Auth middleware checks Bearer token on mutations |
-| `/fluxy/*` | Static files from `dist-fluxy/` | Pre-built chat SPA, cached aggressively |
-| `/fluxy/widget.js` | Direct file serve | Chat bubble script injected into dashboard |
+| `/fluxy/*` | Static files from `dist-fluxy/` | Pre-built chat SPA. HTML: no-cache. Hashed assets: immutable, 1yr max-age |
 | Everything else | Vite dev server (port 3002) | Dashboard + HMR |
 WebSocket upgrades:
@@ -61,10 +63,14 @@ The supervisor also:
 - Runs the Claude Agent SDK when users send chat messages
 - Restarts the backend process when Claude edits workspace files
 - Broadcasts `app:hmr-update` to all connected dashboard clients after file changes
+- Watches `workspace/backend/` for `.ts/.js/.json` changes and auto-restarts the backend
+- Watches workspace root for `.env` changes (backend restart), `.restart` trigger, and `.update` trigger (deferred fluxy update)
+- Runs the PULSE/CRON scheduler
+- Serves an embedded service worker for PWA + push notifications
 ### Auth Middleware
-The supervisor validates Bearer tokens on `/api/*` POST/PUT/DELETE requests by calling the worker's `/api/portal/validate-token` endpoint. Token results are cached for 60 seconds. Auth-exempt routes (login, onboard, health) skip this check.
+The supervisor validates Bearer tokens on `/api/*` POST/PUT/DELETE requests by calling the worker's `/api/portal/validate-token` endpoint. Token results are cached for 60 seconds. Auth-exempt routes (login, onboard, health, push, auth endpoints) skip this check.
 The `/app/api/*` route has no auth -- the user's workspace backend handles its own authentication.
@@ -72,26 +78,35 @@ The `/app/api/*` route has no auth -- the user's workspace backend handles its o
 ## Worker (worker/index.ts)
-Express server on port 3001. Owns the database and all platform API logic. The supervisor never touches SQLite directly -- everything goes through HTTP.
+Express server on port 3001. Owns the database and all platform API logic. The supervisor never touches SQLite directly -- everything goes through HTTP. All API responses set `Cache-Control: no-store, no-cache, must-revalidate` to prevent stale responses through the relay/CDN.
 **Database:** `~/.fluxy/memory.db` (SQLite via better-sqlite3, WAL mode)
 Tables:
 - `conversations` -- chat sessions (id, title, model, session_id, timestamps)
-- `messages` -- individual messages (role, content, tokens, audio, attachments as JSON)
+- `messages` -- individual messages (role, content, tokens_in, tokens_out, model, audio_data, attachments as JSON)
 - `settings` -- key-value store (onboard config, provider, model, portal credentials, etc.)
 - `sessions` -- auth tokens with 7-day expiry
+- `push_subscriptions` -- Web Push endpoints with VAPID keys (endpoint, keys_p256dh, keys_auth)
+Auto-migrations add missing columns on startup (session_id, audio_data, attachments).
 Key endpoints:
-- `/api/conversations` -- CRUD for conversations and messages
+- `/api/conversations` -- CRUD for conversations and messages (paginated with `before` cursor)
 - `/api/settings` -- key-value read/write
-- `/api/onboard` -- saves wizard configuration (provider, model, portal password, whisper key)
-- `/api/onboard/status` -- returns current setup state
+- `/api/onboard` -- saves wizard configuration (provider, model, portal password, whisper key, names)
+- `/api/onboard/status` -- returns current setup state (names, portal, whisper, provider, handle)
 - `/api/portal/login` -- password auth (POST with JSON body or GET with Basic Auth header)
-- `/api/portal/validate-token` -- session token validation
-- `/api/whisper/transcribe` -- audio-to-text via OpenAI Whisper API
-- `/api/handle/*` -- register, change, release relay handles
-- `/api/context/current` and `/api/context/set` -- tracks which conversation is active
+- `/api/portal/validate-token` -- session token validation (POST or GET)
+- `/api/portal/verify-password` -- check password without creating session
+- `/api/whisper/transcribe` -- audio-to-text via OpenAI Whisper API (10MB limit)
+- `/api/handle/*` -- check availability, register, change relay handles
+- `/api/context/current`, `/api/context/set`, `/api/context/clear` -- tracks which conversation is active
+- `/api/auth/claude/*` -- Claude OAuth start, exchange, status
+- `/api/auth/codex/*` -- OpenAI OAuth start, cancel, status
+- `/api/push/*` -- VAPID public key, subscribe, unsubscribe, send notifications, status
+- `/api/files/*` -- static file serving from attachment storage
+- `/api/health` -- health check
 Portal passwords are hashed with scrypt (random 16-byte salt, stored as `salt:hash`).
@@ -103,14 +118,22 @@ The workspace is a full-stack app template that Claude can freely modify. It liv
 ```
 workspace/
-  client/           React + Vite + Tailwind dashboard
-    src/App.tsx      Main app entry (error boundary, rebuild overlay, onboard iframe)
-    index.html       PWA manifest, service worker registration, widget script
+  client/             React + Vite + Tailwind dashboard
+    src/App.tsx        Main app entry (error boundary, rebuild overlay, onboard iframe)
+    index.html         PWA manifest, service worker registration, widget script
   backend/
-    index.ts         Express server template (reads .env, opens app.db)
-  .env               Environment variables for the backend
-  app.db             SQLite database for workspace data
-  files/             Attachment storage (audio, images, documents)
+    index.ts           Express server template (reads .env, opens app.db)
+  .env                 Environment variables for the backend
+  app.db               SQLite database for workspace data
+  MYSELF.md            Agent identity and personality
+  MYHUMAN.md           Everything the agent knows about the user
+  MEMORY.md            Long-term curated knowledge
+  PULSE.json           Periodic wake-up config (interval, quiet hours)
+  CRONS.json           Scheduled tasks with cron expressions
+  memory/              Daily notes (YYYY-MM-DD.md files, append-only)
+  skills/              Plugin directories with .claude-plugin/plugin.json
+  MCP.json             MCP server configuration (optional)
+  files/               Attachment storage (audio, images, documents)
 ```
 The backend runs on port 3004, accessed at `/app/api/*` through the supervisor proxy. The `/app/api` prefix is stripped before reaching the backend, so routes are defined as `/health` not `/app/api/health`.
@@ -121,6 +144,69 @@ The workspace is the only directory Claude is allowed to modify. The system prom
 ---
+## Agent Memory System
+The agent has no persistent memory between sessions except through files in the workspace:
+| File | Purpose |
+|---|---|
+| `MYSELF.md` | Agent identity, personality, operating manual. The agent's self-authored description of who it is. |
+| `MYHUMAN.md` | Profile of the user -- preferences, context, everything the agent has learned about them. |
+| `MEMORY.md` | Long-term curated knowledge. Distilled from daily notes into durable insights. |
+| `memory/YYYY-MM-DD.md` | Daily notes. Raw, append-only log of events and observations for that day. |
+All four are injected into the system prompt at query time by `fluxy-agent.ts`. The agent reads and writes these files itself -- there's no external process managing them.
+---
+## Scheduler (supervisor/scheduler.ts)
+The scheduler runs in-process within the supervisor, checking every 60 seconds.
+### PULSE
+Periodic wake-ups configured in `workspace/PULSE.json`:
+```json
+{ "enabled": true, "intervalMinutes": 30, "quietHours": { "start": "23:00", "end": "07:00" } }
+```
+When a pulse fires, the scheduler triggers the agent with a system-generated prompt. The agent can check in, review notes, or take proactive action. Quiet hours suppress pulses.
+### CRONS
+Scheduled tasks configured in `workspace/CRONS.json`:
+```json
+[{ "id": "...", "schedule": "0 9 * * *", "task": "Check the weather", "enabled": true, "oneShot": false }]
+```
+Uses `cron-parser` to match cron expressions against the current minute. One-shot crons are auto-removed after firing.
+When a cron or pulse fires:
+1. The scheduler calls `startFluxyAgentQuery` with the task
+2. It extracts `<Message>` blocks from the agent's response
+3. It sends push notifications for those messages
+4. If the agent used file tools (Write/Edit), the backend is restarted
+---
+## Skills & Plugins
+The agent auto-discovers skills in `workspace/skills/`. Each skill is a folder containing `.claude-plugin/plugin.json`. These are loaded as tool plugins when the agent starts a query.
+MCP servers can be configured in `workspace/MCP.json`. The agent loads them at query time and logs which servers are active.
+---
+## Web Push Notifications
+The worker generates VAPID keys on first boot and stores them in settings. The chat SPA requests notification permission, subscribes via the Push API, and sends the subscription endpoint + keys to the worker.
+When the scheduler (or any server-side event) needs to notify the user, it calls `POST /api/push/send` which fans out `web-push` notifications to all stored subscriptions. Expired subscriptions are auto-cleaned.
+---
 ## Fluxy Chat
 The chat UI is a standalone React SPA built separately (`vite.fluxy.config.ts` -> `dist-fluxy/`). It runs inside an iframe injected by `widget.js` on the dashboard.
@@ -132,15 +218,22 @@ If Claude introduces a bug that crashes the dashboard, the chat stays alive. The
 ### Widget (supervisor/widget.js)
 Vanilla JS that injects:
-- A floating video bubble (60px, bottom-right corner)
+- A floating video bubble (60px, bottom-right corner, with Safari fallback image)
 - A slide-out panel (480px wide, full screen on mobile) containing the iframe at `/fluxy/`
 - A backdrop for dismissal
+- Keyboard dismiss (Escape key)
 Communicates with the iframe via `postMessage`:
 - `fluxy:close` -- iframe requests panel close
 - `fluxy:install-app` -- iframe requests PWA install prompt
-- `fluxy:onboard-complete` -- iframe notifies onboarding finished
-- `fluxy:hmr-update` -- supervisor notifies dashboard of file changes (forwarded to parent)
+- `fluxy:show-ios-install` -- iframe requests iOS-specific install modal
+- `fluxy:onboard-complete` -- iframe notifies onboarding finished, reloads bubble
+- `fluxy:rebuilding` -- agent started modifying files, show rebuild overlay
+- `fluxy:rebuilt` -- rebuild complete, dashboard should reload
+- `fluxy:build-error` -- build failed, show error overlay
+- `fluxy:hmr-update` -- supervisor notifies dashboard of file changes
+Panel state persisted in localStorage (`fluxy_widget_open`) to survive HMR reloads. Bubble hidden during onboarding.
 ### Chat Protocol (WebSocket)
@@ -157,8 +250,10 @@ Server -> Client:
 - `bot:tool` -- tool invocation (name, status)
 - `bot:response` -- final complete response
 - `bot:error` -- error message
+- `bot:done` -- query complete, includes `usedFileTools` flag
 - `chat:conversation-created` -- new conversation ID assigned
 - `chat:sync` -- message from another connected client
+- `chat:state` -- stream state on reconnect (catches up missed tokens)
 - `chat:cleared` -- context was cleared
 - `app:hmr-update` -- file changes detected, dashboard should reload
@@ -166,6 +261,14 @@ Server -> Client:
 Auto-reconnects with exponential backoff (1s -> 8s cap). Queues messages during disconnection. Sends heartbeat pings every 25 seconds. Auth token passed as query parameter on connect.
+### PWA Support
+The chat SPA handles:
+- `beforeinstallprompt` for Android PWA install
+- iOS-specific install modal with step-by-step instructions
+- Standalone mode detection
+- Push notification subscription on first load
 ---
 ## Claude Agent SDK Integration (supervisor/fluxy-agent.ts)
@@ -177,6 +280,10 @@ When the configured provider is Anthropic, chat messages are routed through the
 - Max 50 turns per query
 - System prompt: Claude Code preset + custom addendum from `worker/prompts/fluxy-system-prompt.txt`
 - Sessions tracked in-memory (conversationId -> sessionId) for multi-turn context
+- Memory files (MYSELF.md, MYHUMAN.md, MEMORY.md, PULSE.json, CRONS.json) injected into system prompt
+- Skills auto-discovered from `workspace/skills/`
+- MCP servers loaded from `workspace/MCP.json`
+- File attachments encoded as base64 documents/images in the SDK prompt
 The agent has access to all Claude Code tools (Read, Write, Edit, Bash, Grep, Glob, etc.). After a query completes, the supervisor checks if Write or Edit tools were used. If so, it restarts the backend and broadcasts an HMR update.
@@ -212,7 +319,7 @@ Supervisor                         User's machine
 ### Cloudflare Tunnel (supervisor/tunnel.ts)
-- Auto-downloads `cloudflared` binary to `~/.fluxy/bin/` on first run
+- Auto-downloads `cloudflared` binary to `~/.fluxy/bin/` on first run (validates minimum 10MB file size)
 - Spawns: `cloudflared tunnel --url http://localhost:3000 --no-autoupdate`
 - Extracts tunnel URL from stdout (regex match for `*.trycloudflare.com`)
 - Health check: HEAD request to tunnel URL with 5s timeout
@@ -269,7 +376,7 @@ Multi-step wizard shown on first launch (inside the Fluxy chat iframe):
 1. **Welcome** -- intro screen
 2. **Provider** -- choose Claude (Anthropic) or OpenAI Codex
 3. **Model** -- select specific model (Opus, Sonnet, Haiku / GPT-5.x variants)
-4. **Auth** -- OAuth PKCE flow for Claude, or manual API key entry
+4. **Auth** -- OAuth PKCE flow for Claude or OpenAI, or manual API key entry
 5. **Handle** -- register a public username with the relay (checks availability in real time)
 6. **Portal** -- set username/password for remote access
 7. **Whisper** -- optional voice transcription setup with OpenAI key
@@ -279,14 +386,53 @@ Settings are saved via WebSocket (`settings:save` message) to bypass relay POST
 ---
+## CLI (bin/cli.js)
+The CLI is the user-facing entry point. Commands:
+| Command | Description |
+|---|---|
+| `fluxy init` | First-time setup: creates config, installs cloudflared, boots server, optionally installs systemd daemon |
+| `fluxy start` | Boot the supervisor (or detect existing daemon and show status) |
+| `fluxy status` | Health check via `/api/health`, shows uptime and relay URL |
+| `fluxy update` | Downloads latest from npm registry, updates code directories, rebuilds UI, restarts daemon |
+| `fluxy daemon` | Linux systemd management: install, start, stop, restart, status, logs, uninstall |
+The CLI spawns the supervisor via `node --import tsx/esm supervisor/index.ts` and waits for readiness markers on stdout (`__TUNNEL_URL__`, `__RELAY_URL__`, `__VITE_WARM__`, `__READY__`) with a 45-second timeout.
+On Linux, `fluxy daemon` generates a systemd unit file that runs the supervisor as a service with auto-restart on failure.
+---
+## Installation
+Two installation paths:
+**Via curl (production):**
+```
+curl -fsSL https://fluxy.bot/install | sh
+```
+The install script (`scripts/install.sh`) detects OS/arch, checks for Node.js >= 18 (or bundles Node 22.14.0), downloads the npm package, extracts to `~/.fluxy/`, and adds `fluxy` to PATH.
+**Via npm (development):**
+```
+npm install fluxy-bot
+```
+The `postinstall` script (`scripts/postinstall.js`) copies code directories to `~/.fluxy/`, runs `npm install --omit=dev` there, builds the chat UI if missing, and creates a `fluxy` symlink.
+Windows: `scripts/install.ps1` (PowerShell equivalent).
+---
 ## Data Locations
 | Path | Contents |
 |---|---|
 | `~/.fluxy/config.json` | Port, username, AI provider, relay token, tunnel URL |
-| `~/.fluxy/memory.db` | SQLite -- conversations, messages, settings, sessions |
+| `~/.fluxy/memory.db` | SQLite -- conversations, messages, settings, sessions, push subscriptions |
 | `~/.fluxy/bin/cloudflared` | Cloudflare tunnel binary |
-| `~/.fluxy/workspace/` | User's workspace copy (client, backend, .env, app.db, files/) |
+| `~/.fluxy/workspace/` | User's workspace copy (client, backend, memory files, skills, config) |
+| `~/.codex/codedeck-auth.json` | OpenAI OAuth tokens |
 | `~/.claude/.credentials.json` | Claude OAuth tokens (Linux/Windows) |
 | macOS Keychain `Claude Code-credentials` | Claude OAuth tokens (macOS, source of truth) |
@@ -297,39 +443,52 @@ Settings are saved via WebSocket (`settings:save` message) to bypass relay POST
 ### Sacred (never modified by the agent)
 ```
-bin/cli.js                          CLI entry point, startup sequence, update logic
+bin/cli.js                          CLI entry point, startup sequence, update logic, daemon management
 supervisor/
   index.ts                          HTTP server, request routing, WebSocket handler, process orchestration
   worker.ts                         Worker process spawn/stop/restart
   backend.ts                        Backend process spawn/stop/restart
   tunnel.ts                         Cloudflare tunnel lifecycle, health watchdog
   vite-dev.ts                       Vite dev server startup for dashboard HMR
-  fluxy-agent.ts                    Claude Agent SDK wrapper, session management
+  fluxy-agent.ts                    Claude Agent SDK wrapper, session management, memory injection
+  scheduler.ts                      PULSE + CRON scheduler, 60s tick, push notification dispatch
   file-saver.ts                     Attachment storage (audio, images, documents)
   widget.js                         Chat bubble + panel injected into dashboard
   chat/
-    fluxy-main.tsx                  Chat SPA entry -- auth, WS connection, message routing
+    fluxy-main.tsx                  Chat SPA entry -- auth, WS connection, push subscription, PWA
     onboard-main.tsx                Onboard SPA entry
     OnboardWizard.tsx               Multi-step setup wizard
     ARCHITECTURE.md                 Network topology and relay workaround docs
     src/
-      hooks/useFluxyChat.ts         Chat state management, message protocol, streaming
+      hooks/useChat.ts              Base chat state management
+      hooks/useFluxyChat.ts         Fluxy-specific chat: DB persistence, sync, pagination, streaming
       lib/ws-client.ts              WebSocket client with reconnect + queue
       lib/auth.ts                   Token storage and auth fetch wrapper
-      components/Chat/              InputBar, MessageBubble, MessageList
+      components/Chat/
+        ChatView.tsx                Main chat container
+        InputBar.tsx                Text input, file/camera attachments, voice recording
+        MessageBubble.tsx           Markdown rendering, syntax highlighting, attachments
+        MessageList.tsx             Paginated message history with infinite scroll
+        AudioBubble.tsx             Audio player for voice messages
+        ImageLightbox.tsx           Image viewer modal
+        TypingIndicator.tsx         "Bot is typing..." animation
       components/LoginScreen.tsx    Portal login UI
 worker/
   index.ts                          Express API server -- all platform endpoints
-  db.ts                             SQLite schema, CRUD operations
+  db.ts                             SQLite schema, CRUD operations, migrations
   claude-auth.ts                    Claude OAuth PKCE flow, token refresh, Keychain integration
-  codex-auth.ts                     OpenAI OAuth flow
+  codex-auth.ts                     OpenAI OAuth PKCE flow, local callback server on port 1455
   prompts/fluxy-system-prompt.txt   System prompt that constrains the agent
 shared/
   config.ts                         Load/save ~/.fluxy/config.json
   paths.ts                          All path constants (PKG_DIR, DATA_DIR, WORKSPACE_DIR)
   relay.ts                          Relay API client (register, heartbeat, disconnect, tunnel update)
-  ai.ts                             AI provider abstraction (Anthropic, OpenAI, Ollama)
-  logger.ts                         Colored console logging
+  ai.ts                             AI provider abstraction (Anthropic, OpenAI, Ollama) with streaming
+  logger.ts                         Colored console logging with timestamps
+scripts/
+  install.sh                        User-facing install script (curl-piped), Node bundling
+  install.ps1                       Windows PowerShell installer
+  postinstall.js                    npm postinstall: copies files to ~/.fluxy/, builds UI, creates symlink
 ```
 ### Workspace (agent-modifiable)
@@ -345,7 +504,15 @@ workspace/
     index.ts                        Express server template with .env loading and SQLite
   .env                              Environment variables
   app.db                            Workspace SQLite database
-  files/                            Uploaded file storage
+  MYSELF.md                         Agent identity and personality
+  MYHUMAN.md                        User profile (agent-maintained)
+  MEMORY.md                         Long-term curated knowledge
+  PULSE.json                        Periodic wake-up configuration
+  CRONS.json                        Scheduled task definitions
+  memory/                           Daily notes (YYYY-MM-DD.md)
+  skills/                           Plugin directories (.claude-plugin/plugin.json)
+  MCP.json                          MCP server configuration (optional)
+  files/                            Uploaded file storage (audio/, images/, documents/)
 ```
 ---
@@ -369,3 +536,6 @@ Zero configuration. No Cloudflare account needed. The tradeoff is the URL change
 **Why two Vite configs?**
 `vite.config.ts` builds the workspace dashboard (user-facing app). `vite.fluxy.config.ts` builds the Fluxy chat SPA. They're separate apps with separate entry points, bundled independently. The chat is pre-built at publish time; the dashboard runs as a dev server with HMR.
+**Why memory files instead of a database for agent memory?**
+Files are the natural interface for the Claude Agent SDK -- it can read and write them with its built-in tools. No custom tool needed, no API integration. The agent manages its own memory with the same tools it uses to edit code.

package/bin/cli.js CHANGED Viewed

@@ -4,6 +4,7 @@ import { spawn, execSync, spawnSync } from 'child_process';
 import fs from 'fs';
 import path from 'path';
 import os from 'os';
+import readline from 'readline';
 import { fileURLToPath } from 'url';
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
@@ -239,7 +240,7 @@ function finalMessage(tunnelUrl, relayUrl) {
   ${c.blue}${c.bold}${link(tunnelUrl)}${c.reset}
   ${c.dim}(cmd+click or ctrl+click to open)${c.reset}`);
-  if (relayUrl) {
+  if (relayUrl && relayUrl !== tunnelUrl) {
     console.log(`
   ${c.bold}${c.white}Your permanent URL:${c.reset}
@@ -283,7 +284,7 @@ function createConfig() {
       port: 3000,
       username: '',
       ai: { provider: '', model: '', apiKey: '' },
-      tunnel: { enabled: true },
+      tunnel: { mode: 'quick' },
       relay: { token: '', tier: '', url: '' },
     };
     fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
@@ -444,12 +445,15 @@ async function init() {
   const isLinux = os.platform() === 'linux';
   const hasSystemd = isLinux && (() => { try { execSync('systemctl --version', { stdio: 'ignore' }); return true; } catch { return false; } })();
+  const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+  const tunnelMode = config.tunnel?.mode || 'quick';
+  const hasTunnel = tunnelMode !== 'off';
   const steps = [
     'Creating config',
-    'Installing cloudflared',
+    ...(hasTunnel ? ['Installing cloudflared'] : []),
     'Starting server',
-    'Connecting tunnel',
-    'Verifying connection',
+    ...(hasTunnel ? ['Connecting tunnel', 'Verifying connection'] : []),
     'Preparing dashboard',
     ...(hasSystemd ? ['Setting up auto-start daemon'] : []),
   ];
@@ -461,16 +465,18 @@ async function init() {
   stepper.advance();
   // Cloudflared
-  await installCloudflared();
-  stepper.advance();
+  if (hasTunnel) {
+    await installCloudflared();
+    stepper.advance();
+  }
   // Server + Tunnel
   stepper.advance();
-  const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
   let result;
   try {
     result = await bootServer({
       onTunnelUp: (url) => {
+        if (!hasTunnel) return;
         stepper.advance();  // Connecting tunnel done
         // Show the direct URL while waiting for the custom domain to become reachable
         if (config.relay?.url) {
@@ -481,6 +487,7 @@ async function init() {
         }
       },
       onReady: () => {
+        if (!hasTunnel) return;
         stepper.setInfo([]);
         stepper.advance();  // Verifying connection done
       },
@@ -557,11 +564,14 @@ async function start() {
   banner();
+  const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+  const tunnelMode = config.tunnel?.mode ?? (config.tunnel?.enabled === false ? 'off' : 'quick');
+  const hasTunnel = tunnelMode !== 'off';
   const steps = [
     'Loading config',
     'Starting server',
-    'Connecting tunnel',
-    'Verifying connection',
+    ...(hasTunnel ? ['Connecting tunnel', 'Verifying connection'] : []),
     'Preparing dashboard',
     ...(needsDaemon ? ['Setting up auto-start daemon'] : []),
   ];
@@ -571,11 +581,11 @@ async function start() {
   stepper.advance(); // config exists
   stepper.advance(); // starting
-  const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
   let result;
   try {
     result = await bootServer({
       onTunnelUp: (url) => {
+        if (!hasTunnel) return;
         stepper.advance();  // Connecting tunnel done
         if (config.relay?.url) {
           stepper.setInfo([
@@ -585,6 +595,7 @@ async function start() {
         }
       },
       onReady: () => {
+        if (!hasTunnel) return;
         stepper.setInfo([]);
         stepper.advance();  // Verifying connection done
       },
@@ -654,8 +665,11 @@ async function status() {
   if (healthOk) {
     console.log(`\n  ${c.blue}●${c.reset} Fluxy is running${daemonRunning ? ` ${c.dim}(daemon)${c.reset}` : ''}`);
     if (uptime != null) console.log(`  ${c.dim}Uptime: ${uptime}s${c.reset}`);
+    if (config?.tunnelUrl) {
+      console.log(`  ${c.dim}Tunnel: ${c.reset}${c.blue}${link(config.tunnelUrl)}${c.reset}`);
+    }
     if (config?.relay?.url) {
-      console.log(`  ${c.dim}URL: ${c.reset}${c.pink}${link(config.relay.url)}${c.reset}`);
+      console.log(`  ${c.dim}Relay: ${c.reset}${c.pink}${link(config.relay.url)}${c.reset}`);
     }
     console.log(`  ${c.dim}Config: ${CONFIG_PATH}${c.reset}\n`);
   } else if (daemonRunning) {
@@ -975,6 +989,173 @@ async function daemon(sub) {
   }
 }
+// ── Tunnel management ──
+function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => rl.question(question, (answer) => { rl.close(); resolve(answer.trim()); }));
+}
+async function tunnel(sub) {
+  const action = sub || 'status';
+  switch (action) {
+    case 'setup': {
+      banner();
+      console.log(`\n  ${c.bold}${c.white}Named Tunnel Setup${c.reset}\n`);
+      // Step 1: Ensure cloudflared is installed
+      console.log(`  ${c.blue}⠋${c.reset}  Checking cloudflared...`);
+      await installCloudflared();
+      console.log(`  ${c.blue}✔${c.reset}  cloudflared ready\n`);
+      // Step 2: Login to Cloudflare
+      console.log(`  ${c.bold}${c.white}Step 1:${c.reset} Log in to Cloudflare\n`);
+      console.log(`  ${c.dim}This will open a browser window. Authorize the domain you want to use.${c.reset}\n`);
+      try {
+        spawnSync('cloudflared', ['tunnel', 'login'], { stdio: 'inherit' });
+      } catch {
+        // Try local binary
+        if (fs.existsSync(CF_PATH)) {
+          spawnSync(CF_PATH, ['tunnel', 'login'], { stdio: 'inherit' });
+        } else {
+          console.log(`\n  ${c.red}✗${c.reset}  cloudflared login failed.\n`);
+          process.exit(1);
+        }
+      }
+      console.log('');
+      // Step 3: Ask for tunnel name
+      const tunnelName = (await ask(`  ${c.bold}Tunnel name${c.reset} ${c.dim}(default: fluxy)${c.reset}: `)) || 'fluxy';
+      // Step 4: Create tunnel
+      console.log(`\n  ${c.blue}⠋${c.reset}  Creating tunnel "${tunnelName}"...`);
+      let createOutput;
+      try {
+        createOutput = execSync(`cloudflared tunnel create ${tunnelName}`, { encoding: 'utf-8' });
+      } catch {
+        try {
+          createOutput = execSync(`${CF_PATH} tunnel create ${tunnelName}`, { encoding: 'utf-8' });
+        } catch (err) {
+          console.log(`\n  ${c.red}✗${c.reset}  Failed to create tunnel. It may already exist.`);
+          console.log(`  ${c.dim}Try: cloudflared tunnel list${c.reset}\n`);
+          process.exit(1);
+        }
+      }
+      // Parse UUID from output (format: "Created tunnel <name> with id <uuid>")
+      const uuidMatch = createOutput.match(/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/i);
+      if (!uuidMatch) {
+        console.log(`\n  ${c.red}✗${c.reset}  Could not parse tunnel UUID from output.`);
+        console.log(`  ${c.dim}${createOutput}${c.reset}\n`);
+        process.exit(1);
+      }
+      const tunnelUuid = uuidMatch[1];
+      console.log(`  ${c.blue}✔${c.reset}  Tunnel created: ${c.dim}${tunnelUuid}${c.reset}\n`);
+      // Step 5: Ask for domain
+      const domain = await ask(`  ${c.bold}Your domain${c.reset} ${c.dim}(e.g. bot.mydomain.com)${c.reset}: `);
+      if (!domain) {
+        console.log(`\n  ${c.red}✗${c.reset}  Domain is required for named tunnels.\n`);
+        process.exit(1);
+      }
+      // Step 6: Generate cloudflared config YAML
+      const config = fs.existsSync(CONFIG_PATH) ? JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8')) : {};
+      const port = config.port || 3000;
+      const cfHome = path.join(os.homedir(), '.cloudflared');
+      const cfConfigPath = path.join(DATA_DIR, 'cloudflared-config.yml');
+      const yamlContent = `tunnel: ${tunnelUuid}
+credentials-file: ${path.join(cfHome, `${tunnelUuid}.json`)}
+ingress:
+  - service: http://localhost:${port}
+`;
+      fs.mkdirSync(DATA_DIR, { recursive: true });
+      fs.writeFileSync(cfConfigPath, yamlContent);
+      console.log(`\n  ${c.blue}✔${c.reset}  Config written to ${c.dim}${cfConfigPath}${c.reset}`);
+      // Step 7: Update fluxy config
+      config.tunnel = {
+        mode: 'named',
+        name: tunnelName,
+        domain: domain,
+        configPath: cfConfigPath,
+      };
+      fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+      console.log(`  ${c.blue}✔${c.reset}  Fluxy config updated\n`);
+      // Step 8: Print DNS instructions
+      console.log(`  ${c.dim}─────────────────────────────────${c.reset}\n`);
+      console.log(`  ${c.bold}${c.white}Tunnel created!${c.reset}\n`);
+      console.log(`  ${c.white}To connect your domain, add a CNAME record pointing to:${c.reset}\n`);
+      console.log(`  ${c.pink}${c.bold}${tunnelUuid}.cfargotunnel.com${c.reset}\n`);
+      console.log(`  ${c.dim}Or run: cloudflared tunnel route dns ${tunnelName} ${domain}${c.reset}\n`);
+      // Step 9: Offer restart if daemon is running
+      if (os.platform() === 'linux' && isServiceInstalled() && isServiceActive()) {
+        const restart = await ask(`  ${c.bold}Restart daemon now?${c.reset} ${c.dim}(Y/n)${c.reset}: `);
+        if (!restart || restart.toLowerCase() === 'y') {
+          try {
+            const cmd = needsSudo() ? `sudo systemctl restart ${SERVICE_NAME}` : `systemctl restart ${SERVICE_NAME}`;
+            execSync(cmd, { stdio: 'ignore' });
+            console.log(`\n  ${c.blue}✔${c.reset}  Daemon restarted.\n`);
+          } catch {
+            console.log(`\n  ${c.yellow}⚠${c.reset}  Restart failed. Try ${c.pink}fluxy daemon restart${c.reset}\n`);
+          }
+        }
+      } else {
+        console.log(`  ${c.dim}Run ${c.reset}${c.pink}fluxy start${c.reset}${c.dim} to launch with the named tunnel.${c.reset}\n`);
+      }
+      break;
+    }
+    case 'status': {
+      if (!fs.existsSync(CONFIG_PATH)) {
+        console.log(`\n  ${c.dim}No config found. Run ${c.reset}${c.pink}fluxy init${c.reset}${c.dim} first.${c.reset}\n`);
+        return;
+      }
+      const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+      const mode = config.tunnel?.mode ?? (config.tunnel?.enabled === false ? 'off' : 'quick');
+      console.log(`\n  ${c.bold}${c.white}Tunnel Configuration${c.reset}\n`);
+      console.log(`  ${c.dim}Mode:${c.reset}    ${c.bold}${mode}${c.reset}`);
+      if (mode === 'named') {
+        if (config.tunnel?.name) console.log(`  ${c.dim}Name:${c.reset}    ${config.tunnel.name}`);
+        if (config.tunnel?.domain) console.log(`  ${c.dim}Domain:${c.reset}  ${c.pink}${config.tunnel.domain}${c.reset}`);
+        if (config.tunnel?.configPath) console.log(`  ${c.dim}Config:${c.reset}  ${config.tunnel.configPath}`);
+      }
+      if (config.tunnelUrl) {
+        console.log(`  ${c.dim}URL:${c.reset}     ${c.blue}${link(config.tunnelUrl)}${c.reset}`);
+      }
+      console.log('');
+      break;
+    }
+    case 'reset': {
+      if (!fs.existsSync(CONFIG_PATH)) {
+        console.log(`\n  ${c.dim}No config found. Run ${c.reset}${c.pink}fluxy init${c.reset}${c.dim} first.${c.reset}\n`);
+        return;
+      }
+      const config = JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf-8'));
+      config.tunnel = { mode: 'quick' };
+      delete config.tunnelUrl;
+      fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+      console.log(`\n  ${c.blue}✔${c.reset}  Tunnel mode reset to ${c.bold}quick${c.reset} (random trycloudflare.com URL).\n`);
+      if (os.platform() === 'linux' && isServiceInstalled() && isServiceActive()) {
+        console.log(`  ${c.dim}Restart the daemon to apply: ${c.reset}${c.pink}fluxy daemon restart${c.reset}\n`);
+      }
+      break;
+    }
+    default:
+      console.log(`\n  ${c.red}✗${c.reset}  Unknown tunnel command: ${action}`);
+      console.log(`  ${c.dim}Available: setup, status, reset${c.reset}\n`);
+      process.exit(1);
+  }
+}
 // ── Route ──
 switch (command) {
@@ -983,6 +1164,7 @@ switch (command) {
   case 'status':  status(); break;
   case 'update':  update(); break;
   case 'daemon':  daemon(subcommand); break;
+  case 'tunnel':  tunnel(subcommand); break;
   default:
     fs.existsSync(CONFIG_PATH) ? start() : init();
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "fluxy-bot",
-  "version": "0.5.56",
+  "version": "0.5.58",
   "releaseNotes": [
     "Fixed some bugs to iOs ",
     "2. ",

package/shared/config.ts CHANGED Viewed

@@ -10,7 +10,12 @@ export interface BotConfig {
     apiKey: string;
     baseUrl?: string;
   };
-  tunnel: { enabled: boolean };
+  tunnel: {
+    mode: 'off' | 'quick' | 'named';
+    name?: string;
+    domain?: string;
+    configPath?: string;
+  };
   relay: {
     token: string;
     tier: string;
@@ -23,13 +28,21 @@ const DEFAULTS: BotConfig = {
   port: 3000,
   username: '',
   ai: { provider: '', model: '', apiKey: '' },
-  tunnel: { enabled: true },
+  tunnel: { mode: 'quick' },
   relay: { token: '', tier: '', url: '' },
 };
 export function loadConfig(): BotConfig {
   if (!fs.existsSync(paths.config)) throw new Error('No config. Run `fluxy init`.');
-  return JSON.parse(fs.readFileSync(paths.config, 'utf-8'));
+  const config = JSON.parse(fs.readFileSync(paths.config, 'utf-8'));
+  // Backward compat: migrate old { enabled: boolean } → { mode }
+  if ('enabled' in config.tunnel && !('mode' in config.tunnel)) {
+    config.tunnel = { mode: config.tunnel.enabled ? 'quick' : 'off' };
+    saveConfig(config);
+  }
+  return config;
 }
 export function saveConfig(config: BotConfig): void {

package/supervisor/index.ts CHANGED Viewed

@@ -8,7 +8,7 @@ import { createProvider, type AiProvider, type ChatMessage } from '../shared/ai.
 import { paths } from '../shared/paths.js';
 import { PKG_DIR } from '../shared/paths.js';
 import { log } from '../shared/logger.js';
-import { startTunnel, stopTunnel, isTunnelAlive, restartTunnel } from './tunnel.js';
+import { startTunnel, stopTunnel, isTunnelAlive, restartTunnel, startNamedTunnel, restartNamedTunnel } from './tunnel.js';
 import { spawnWorker, stopWorker, getWorkerPort, isWorkerAlive } from './worker.js';
 import { spawnBackend, stopBackend, getBackendPort, isBackendAlive, resetBackendRestarts } from './backend.js';
 import { updateTunnelUrl, startHeartbeat, stopHeartbeat, disconnect } from '../shared/relay.js';
@@ -663,6 +663,9 @@ export async function startSupervisor() {
   server.listen(config.port, () => {
     log.ok(`Supervisor on http://localhost:${config.port}`);
     log.ok(`Fluxy chat at http://localhost:${config.port}/fluxy`);
+    if (config.tunnel.mode === 'off') {
+      console.log('__READY__');
+    }
   });
   // Track whether an agent query is active — file watcher defers to bot:done during turns
@@ -673,14 +676,15 @@ export async function startSupervisor() {
   // Run fluxy update in a separate systemd scope so it survives daemon stop/restart
   function runDeferredUpdate() {
     const cliPath = path.join(PKG_DIR, 'bin', 'cli.js');
+    const user = os.userInfo().username;
     log.info('Deferred update triggered — running fluxy update via systemd-run...');
     try {
       const child = cpSpawn('sudo', [
         'systemd-run', '--quiet',
         '--unit=fluxy-update',
+        '--uid=' + user,
         '--setenv=HOME=' + os.homedir(),
-        '--setenv=FLUXY_NODE_PATH=' + process.execPath,
-        '--setenv=FLUXY_REAL_HOME=' + os.homedir(),
+        '--setenv=PATH=' + process.env.PATH,
         process.execPath, cliPath, 'update',
       ], { detached: true, stdio: 'ignore' });
       child.unref();
@@ -758,7 +762,8 @@ export async function startSupervisor() {
   // Tunnel
   let tunnelUrl: string | null = null;
-  if (config.tunnel.enabled) {
+  if (config.tunnel.mode === 'quick') {
     try {
       tunnelUrl = await startTunnel(config.port);
       log.ok(`Tunnel: ${tunnelUrl}`);
@@ -769,8 +774,6 @@ export async function startSupervisor() {
       saveConfig(config);
       // Wait for the tunnel to be reachable before telling the relay about it.
-      // This prevents the relay from proxying traffic to a tunnel that isn't ready,
-      // which would cause 502s for users on the custom domain.
       let tunnelReady = false;
       log.info(`Readiness probe: waiting for tunnel ${tunnelUrl}`);
       for (let i = 0; i < 30; i++) {
@@ -813,9 +816,49 @@ export async function startSupervisor() {
     }
   }
+  if (config.tunnel.mode === 'named') {
+    try {
+      await startNamedTunnel(config.tunnel.configPath!, config.tunnel.name!);
+      tunnelUrl = `https://${config.tunnel.domain}`;
+      log.ok(`Named tunnel: ${tunnelUrl}`);
+      console.log(`__TUNNEL_URL__=${tunnelUrl}`);
+      config.tunnelUrl = tunnelUrl;
+      saveConfig(config);
+      // Readiness probe against the user's domain
+      let tunnelReady = false;
+      log.info(`Readiness probe: waiting for tunnel ${tunnelUrl}`);
+      for (let i = 0; i < 30; i++) {
+        try {
+          const res = await fetch(tunnelUrl + `/api/health?_cb=${Date.now()}`, {
+            signal: AbortSignal.timeout(3000),
+            headers: { 'Cache-Control': 'no-cache, no-store' },
+          });
+          log.info(`Readiness probe #${i + 1}: ${res.status}`);
+          if (res.status !== 502 && res.status !== 503) {
+            tunnelReady = true;
+            break;
+          }
+        } catch (err) {
+          log.info(`Readiness probe #${i + 1}: ${err instanceof Error ? err.message : 'error'}`);
+        }
+        await new Promise(r => setTimeout(r, 1000));
+      }
+      if (!tunnelReady) {
+        log.warn('Named tunnel readiness probe timed out');
+      }
+      console.log('__READY__');
+    } catch (err) {
+      log.warn(`Named tunnel: ${err instanceof Error ? err.message : err}`);
+      console.log('__TUNNEL_FAILED__');
+    }
+  }
   // Tunnel watchdog — detects sleep/wake + periodic health checks
   let watchdogInterval: ReturnType<typeof setInterval> | null = null;
-  if (tunnelUrl && config.relay?.token) {
+  if (tunnelUrl) {
     let lastTick = Date.now();
     let healthCounter = 0;
@@ -829,36 +872,46 @@ export async function startSupervisor() {
         if (!alive) {
           log.warn('Tunnel dead, restarting...');
           try {
-            const newUrl = await restartTunnel(config.port);
-            // Wait for the new tunnel to be reachable before updating the relay
-            log.info(`Waiting for new tunnel to become reachable: ${newUrl}`);
-            let tunnelReady = false;
-            for (let i = 0; i < 30; i++) {
-              try {
-                const res = await fetch(newUrl + `/api/health?_cb=${Date.now()}`, {
-                  signal: AbortSignal.timeout(3000),
-                  headers: { 'Cache-Control': 'no-cache, no-store' },
-                });
-                if (res.status !== 502 && res.status !== 503) {
-                  tunnelReady = true;
-                  log.info(`Tunnel reachable after ${i + 1} probes`);
-                  break;
-                }
-              } catch {}
-              await new Promise(r => setTimeout(r, 1000));
-            }
-            if (!tunnelReady) {
-              log.warn('Tunnel readiness probe timed out — updating relay anyway');
-            }
+            if (config.tunnel.mode === 'named') {
+              // Named tunnel: restart process, URL doesn't change
+              await restartNamedTunnel(config.tunnel.configPath!, config.tunnel.name!);
+              log.ok(`Named tunnel restored: ${tunnelUrl}`);
+            } else {
+              // Quick tunnel: restart and get new URL
+              const newUrl = await restartTunnel(config.port);
+              // Wait for the new tunnel to be reachable before updating the relay
+              log.info(`Waiting for new tunnel to become reachable: ${newUrl}`);
+              let tunnelReady = false;
+              for (let i = 0; i < 30; i++) {
+                try {
+                  const res = await fetch(newUrl + `/api/health?_cb=${Date.now()}`, {
+                    signal: AbortSignal.timeout(3000),
+                    headers: { 'Cache-Control': 'no-cache, no-store' },
+                  });
+                  if (res.status !== 502 && res.status !== 503) {
+                    tunnelReady = true;
+                    log.info(`Tunnel reachable after ${i + 1} probes`);
+                    break;
+                  }
+                } catch {}
+                await new Promise(r => setTimeout(r, 1000));
+              }
+              if (!tunnelReady) {
+                log.warn('Tunnel readiness probe timed out — updating relay anyway');
+              }
+              tunnelUrl = newUrl;
+              config.tunnelUrl = newUrl;
+              saveConfig(config);
-            tunnelUrl = newUrl;
-            config.tunnelUrl = newUrl;
-            saveConfig(config);
-            stopHeartbeat();
-            startHeartbeat(config.relay!.token!, newUrl);
-            await updateTunnelUrl(config.relay!.token!, newUrl);
-            log.ok(`Tunnel restored: ${newUrl}`);
+              if (config.relay?.token) {
+                stopHeartbeat();
+                startHeartbeat(config.relay.token, newUrl);
+                await updateTunnelUrl(config.relay.token, newUrl);
+              }
+              log.ok(`Tunnel restored: ${newUrl}`);
+            }
           } catch (err) {
             log.error(`Tunnel restart failed: ${err instanceof Error ? err.message : err}`);
           }

package/supervisor/tunnel.ts CHANGED Viewed

@@ -81,6 +81,36 @@ export function startTunnel(port: number): Promise<string> {
   });
 }
+export async function startNamedTunnel(configPath: string, name: string): Promise<void> {
+  const bin = await installCloudflared();
+  proc = spawn(bin, ['tunnel', '--config', configPath, 'run', name], {
+    stdio: ['ignore', 'pipe', 'pipe'],
+    windowsHide: true,
+  });
+  proc.stdout?.on('data', (d: Buffer) => log.info(`[named-tunnel] ${d.toString().trim()}`));
+  proc.stderr?.on('data', (d: Buffer) => log.info(`[named-tunnel] ${d.toString().trim()}`));
+  proc.on('error', (e) => log.error(`Named tunnel error: ${e.message}`));
+  proc.on('exit', (code) => { if (code !== 0) log.warn(`Named tunnel exited with code ${code}`); });
+}
+export async function startTunnelForMode(
+  mode: 'off' | 'quick' | 'named',
+  port: number,
+  configPath?: string,
+  name?: string,
+): Promise<string | null> {
+  if (mode === 'off') return null;
+  if (mode === 'named') {
+    if (!configPath || !name) throw new Error('Named tunnel requires configPath and name');
+    await startNamedTunnel(configPath, name);
+    return null; // URL is known from config.tunnel.domain
+  }
+  // mode === 'quick'
+  return startTunnel(port);
+}
 export function stopTunnel(): void {
   proc?.kill();
   proc = null;
@@ -99,3 +129,8 @@ export async function restartTunnel(port: number): Promise<string> {
   stopTunnel();
   return startTunnel(port);
 }
+export async function restartNamedTunnel(configPath: string, name: string): Promise<void> {
+  stopTunnel();
+  await startNamedTunnel(configPath, name);
+}