forge-remote 0.1.1 → 0.1.2

package/src/session-manager.js

@@ -226,6 +226,10 @@ async function handleSessionCommand(sessionId, commandDoc) {
         log.command("kill_session", sessionId.slice(0, 8));
         await killSession(sessionId);
         break;
+      case "retry_tunnel":
+        log.command("retry_tunnel", sessionId.slice(0, 8));
+        await retryTunnel(sessionId);
+        break;
       default:
         log.warn(`Unknown session command type: ${data.type}`);
     }
@@ -233,6 +237,17 @@ async function handleSessionCommand(sessionId, commandDoc) {
   } catch (e) {
     log.error(`Session command failed: ${e.message}`);
     await cmdRef.update({ status: "failed", error: e.message });
+
+    // Surface the error to the mobile app as a system message.
+    await db
+      .collection("sessions")
+      .doc(sessionId)
+      .collection("messages")
+      .add({
+        type: "system",
+        content: `Command failed: ${e.message}`,
+        timestamp: FieldValue.serverTimestamp(),
+      });
   }
 }
 
@@ -357,10 +372,32 @@ async function sendFollowUpPrompt(sessionId, prompt) {
     throw new Error("Session not found. It may have ended.");
   }
 
+  // If Claude is currently processing, interrupt it first.
   if (session.process) {
-    throw new Error(
-      "Claude is still processing. Wait for the current turn to finish.",
-    );
+    log.session(sessionId, "Interrupting current process for new prompt...");
+    const proc = session.process;
+    session.process = null; // Prevent the close handler from changing status.
+    try {
+      process.kill(-proc.pid, "SIGTERM");
+    } catch {
+      proc.kill("SIGTERM");
+    }
+    // Give it a moment to exit gracefully.
+    await new Promise((resolve) => {
+      const timeout = setTimeout(() => {
+        try {
+          process.kill(-proc.pid, "SIGKILL");
+        } catch {
+          proc.kill("SIGKILL");
+        }
+        resolve();
+      }, 3000);
+      proc.on("close", () => {
+        clearTimeout(timeout);
+        resolve();
+      });
+    });
+    log.session(sessionId, "Previous process interrupted.");
   }
 
   // Cancel any pending permission watcher — user is overriding with a prompt.
@@ -426,6 +463,9 @@ async function runClaudeProcess(sessionId, prompt) {
     cwd: session.projectPath,
     env: shellEnv,
     stdio: ["pipe", "pipe", "pipe"],
+    // Detach from relay's process group so Ctrl+C doesn't kill Claude directly.
+    // The relay's cleanup handler will SIGTERM it explicitly via shutdownAllSessions().
+    detached: true,
   });
 
   session.process = claudeProcess;
@@ -701,9 +741,13 @@ async function runClaudeProcess(sessionId, prompt) {
 async function stopSession(sessionId) {
   const session = activeSessions.get(sessionId);
 
-  // Kill running process if any.
+  // Kill running process (and its process group) if any.
   if (session?.process) {
-    session.process.kill("SIGTERM");
+    try {
+      process.kill(-session.process.pid, "SIGTERM");
+    } catch {
+      session.process.kill("SIGTERM");
+    }
   }
 
   // Cancel permission watcher if active.
@@ -731,6 +775,8 @@ async function stopSession(sessionId) {
     status: "completed",
     lastActivity: FieldValue.serverTimestamp(),
     durationSeconds: duration,
+    tunnelStatus: null,
+    tunnelError: null,
   });
 
   await db
@@ -773,12 +819,16 @@ async function killSession(sessionId) {
   stopCapturing(sessionId);
   capturingSessions.delete(sessionId);
 
-  // Force-kill running process.
+  // Force-kill running process (and its process group).
   if (session?.process) {
     log.warn(
       `Force-killing Claude process for session ${sessionId.slice(0, 8)}`,
     );
-    session.process.kill("SIGKILL");
+    try {
+      process.kill(-session.process.pid, "SIGKILL");
+    } catch {
+      session.process.kill("SIGKILL");
+    }
   }
 
   const db = getDb();
@@ -1165,16 +1215,24 @@ async function detectAndTunnelDevServer(sessionId, text) {
 
       log.info(`Dev server detected on port ${port} — creating tunnel...`);
 
+      const db = getDb();
+      const sessionRef = db.collection("sessions").doc(sessionId);
+
+      // Write pending status immediately so the app can show a spinner.
+      await sessionRef.update({
+        devServerPort: port,
+        tunnelStatus: "pending",
+        tunnelError: null,
+      });
+
       const tunnelUrl = await startTunnel(sessionId, port);
       if (tunnelUrl) {
-        // Store tunnel URL in Firestore session doc.
-        const db = getDb();
-        await db.collection("sessions").doc(sessionId).update({
+        await sessionRef.update({
           devServerUrl: tunnelUrl,
-          devServerPort: port,
+          tunnelStatus: "active",
+          tunnelError: null,
         });
 
-        // Notify in messages.
         await db
           .collection("sessions")
           .doc(sessionId)
@@ -1188,12 +1246,52 @@ async function detectAndTunnelDevServer(sessionId, text) {
         log.success(
           `[${sessionId.slice(0, 8)}] Preview: localhost:${port} → ${tunnelUrl}`,
         );
+      } else {
+        // Tunnel failed — surface error to the app.
+        await sessionRef.update({
+          tunnelStatus: "failed",
+          tunnelError: "Tunnel creation failed. Check relay logs for details.",
+        });
+
+        await db
+          .collection("sessions")
+          .doc(sessionId)
+          .collection("messages")
+          .add({
+            type: "system",
+            content: `Failed to create preview tunnel for port ${port}. Tap "Retry" in the Preview tab.`,
+            timestamp: FieldValue.serverTimestamp(),
+          });
       }
       return; // Only tunnel the first detected port.
     }
   }
 }
 
+/**
+ * Retry creating a tunnel for the session's detected dev server port.
+ * Called when the user taps "Retry" in the Preview tab.
+ */
+async function retryTunnel(sessionId) {
+  const db = getDb();
+  const sessionDoc = await db.collection("sessions").doc(sessionId).get();
+  if (!sessionDoc.exists) throw new Error("Session not found");
+
+  const data = sessionDoc.data();
+  const port = data.devServerPort;
+  if (!port) throw new Error("No dev server port recorded for this session");
+
+  // Stop any existing tunnel first.
+  await stopTunnel(sessionId);
+
+  // Clear the tunneled ports set so it doesn't skip this port.
+  const ported = tunneledPorts.get(sessionId);
+  if (ported) ported.delete(port);
+
+  // Re-detect and tunnel (uses the port directly).
+  await detectAndTunnelDevServer(sessionId, `http://localhost:${port}`);
+}
+
 // ---------------------------------------------------------------------------
 // Graceful shutdown — mark all active sessions as completed
 // ---------------------------------------------------------------------------
@@ -1212,9 +1310,13 @@ export async function shutdownAllSessions() {
     const session = activeSessions.get(sessionId);
     if (!session) continue;
 
-    // Kill running process.
+    // Kill running process (and its process group since we spawn detached).
     if (session.process) {
-      session.process.kill("SIGTERM");
+      try {
+        process.kill(-session.process.pid, "SIGTERM");
+      } catch {
+        session.process.kill("SIGTERM");
+      }
     }
 
     // Cancel permission watcher.

package/src/tunnel-manager.js

@@ -1,40 +1,68 @@
 import { spawn, execSync } from "child_process";
+import { createServer, request as httpRequest } from "http";
+import { connect } from "net";
 import * as log from "./logger.js";
+import {
+  getLocalCloudflaredPath,
+  isCloudflaredWorking,
+} from "./cloudflared-installer.js";
 
 /**
  * Manages localhost tunnels for dev server previews.
  *
  * Prefers `cloudflared` (no splash page, more reliable) and falls back
  * to `localtunnel` if cloudflared is not installed.
+ *
+ * A local proxy rewrites the Host header so Vite/Webpack/Next.js dev
+ * servers don't reject requests from the tunnel hostname.
  */
 
-const activeTunnels = new Map(); // sessionId → { process, port, url }
+const activeTunnels = new Map(); // sessionId → { process, port, url, proxy? }
 
-// Detect which tunnel binary is available (checked once at startup).
+// Resolve cloudflared binary: local install → PATH → localtunnel fallback.
 let tunnelBackend = "none";
-try {
-  execSync("which cloudflared", { stdio: "pipe" });
+let cloudflaredBinary = null;
+
+const localCf = getLocalCloudflaredPath();
+if (localCf && isCloudflaredWorking(localCf)) {
   tunnelBackend = "cloudflared";
-  log.info("Tunnel backend: cloudflared");
-} catch {
+  cloudflaredBinary = localCf;
+  log.info(`Tunnel backend: cloudflared (local: ${localCf})`);
+} else {
   try {
-    execSync("which npx", { stdio: "pipe" });
-    tunnelBackend = "localtunnel";
-    log.info(
-      "Tunnel backend: localtunnel (install cloudflared for better experience)",
-    );
+    execSync("which cloudflared", { stdio: "pipe" });
+    tunnelBackend = "cloudflared";
+    cloudflaredBinary = "cloudflared";
+    log.info("Tunnel backend: cloudflared (from PATH)");
   } catch {
-    log.warn("No tunnel backend available — live preview will not work");
+    try {
+      execSync("which npx", { stdio: "pipe" });
+      tunnelBackend = "localtunnel";
+      log.info(
+        "Tunnel backend: localtunnel (install cloudflared for better experience)",
+      );
+    } catch {
+      log.warn("No tunnel backend available — live preview will not work");
+    }
   }
 }
 
 /**
  * Start a tunnel for a localhost port.
  * Returns the public tunnel URL, or null on failure.
+ *
+ * @param {string} sessionId
+ * @param {number} port
+ * @param {(status: 'pending'|'active'|'failed', error?: string) => Promise<void>} [statusCallback]
+ * @returns {Promise<string|null>}
  */
-export async function startTunnel(sessionId, port) {
+export async function startTunnel(sessionId, port, statusCallback) {
   if (tunnelBackend === "none") {
     log.warn("No tunnel backend available — skipping tunnel creation");
+    await statusCallback?.(
+      "failed",
+      "No tunnel backend installed. Run `forge-remote init` to install cloudflared.",
+    );
     return null;
   }
 
@@ -52,41 +80,195 @@ export async function startTunnel(sessionId, port) {
     await stopTunnel(sessionId);
   }
 
+  await statusCallback?.("pending");
   log.info(`Starting ${tunnelBackend} tunnel for localhost:${port}...`);
 
   if (tunnelBackend === "cloudflared") {
-    return startCloudflaredTunnel(sessionId, port);
+    return startCloudflaredTunnel(sessionId, port, statusCallback);
   }
-  return startLocaltunnel(sessionId, port);
+  return startLocaltunnel(sessionId, port, statusCallback);
+}
+
+/** Returns the active tunnel backend name. */
+export function getTunnelBackend() {
+  return tunnelBackend;
+}
+
+// ---------------------------------------------------------------------------
+// Host-rewriting proxy
+// ---------------------------------------------------------------------------
+
+/**
+ * Scrub headers that leak the tunnel hostname to the dev server.
+ * Vite checks req.headers.host — we must rewrite it to localhost.
+ */
+function scrubHeaders(headers, targetPort) {
+  const clean = {};
+  for (const [key, val] of Object.entries(headers)) {
+    const lower = key.toLowerCase();
+    // Strip all forwarded/tunnel/proxy headers that could leak the tunnel hostname.
+    if (
+      lower === "x-forwarded-host" ||
+      lower === "x-forwarded-for" ||
+      lower === "x-forwarded-proto" ||
+      lower === "x-real-ip" ||
+      lower === ":authority" ||
+      lower === "forwarded" ||
+      lower.startsWith("cf-")
+    ) {
+      continue;
+    }
+    clean[key] = val;
+  }
+  // Force Host to localhost so Vite's allowedHosts check passes.
+  clean.host = `localhost:${targetPort}`;
+  return clean;
+}
+
+/**
+ * Start a tiny local HTTP proxy that rewrites the Host header to localhost
+ * and strips Cloudflare forwarded headers. Also handles WebSocket upgrades
+ * (needed for Vite HMR). Returns the proxy port.
+ */
+function startHostProxy(targetPort) {
+  return new Promise((resolve, reject) => {
+    const proxy = createServer((clientReq, clientRes) => {
+      const scrubbed = scrubHeaders(clientReq.headers, targetPort);
+      log.info(
+        `[proxy] ${clientReq.method} ${clientReq.url} ` +
+          `Host: ${clientReq.headers.host} → ${scrubbed.host}`,
+      );
+
+      const opts = {
+        hostname: "127.0.0.1",
+        port: targetPort,
+        path: clientReq.url,
+        method: clientReq.method,
+        headers: scrubbed,
+      };
+
+      const proxyReq = httpRequest(opts, (proxyRes) => {
+        // Detect Vite's "Blocked request" to aid debugging.
+        if (proxyRes.statusCode === 403) {
+          let body = "";
+          proxyRes.on("data", (chunk) => (body += chunk));
+          proxyRes.on("end", () => {
+            if (body.includes("Blocked request")) {
+              log.error(
+                `[proxy] Vite STILL blocked the request (status 403). ` +
+                  `This means Host rewriting is not working as expected. ` +
+                  `Response: ${body.slice(0, 200)}`,
+              );
+            }
+            clientRes.writeHead(proxyRes.statusCode, proxyRes.headers);
+            clientRes.end(body);
+          });
+          return;
+        }
+        clientRes.writeHead(proxyRes.statusCode, proxyRes.headers);
+        proxyRes.pipe(clientRes, { end: true });
+      });
+
+      proxyReq.on("error", (err) => {
+        log.error(
+          `[proxy] Request to localhost:${targetPort} failed: ${err.message}`,
+        );
+        clientRes.writeHead(502);
+        clientRes.end(`Proxy error: ${err.message}`);
+      });
+
+      clientReq.pipe(proxyReq, { end: true });
+    });
+
+    // Handle WebSocket upgrades (Vite HMR needs this).
+    proxy.on("upgrade", (req, clientSocket, head) => {
+      const serverSocket = connect(targetPort, "127.0.0.1", () => {
+        // Rebuild the upgrade request with scrubbed headers.
+        const headers = scrubHeaders(req.headers, targetPort);
+        let reqStr = `${req.method} ${req.url} HTTP/1.1\r\n`;
+        for (const [key, val] of Object.entries(headers)) {
+          reqStr += `${key}: ${val}\r\n`;
+        }
+        reqStr += "\r\n";
+
+        serverSocket.write(reqStr);
+        if (head.length > 0) serverSocket.write(head);
+
+        serverSocket.pipe(clientSocket);
+        clientSocket.pipe(serverSocket);
+      });
+
+      serverSocket.on("error", () => clientSocket.destroy());
+      clientSocket.on("error", () => serverSocket.destroy());
+    });
+
+    // Listen on a random available port.
+    proxy.listen(0, "127.0.0.1", () => {
+      const proxyPort = proxy.address().port;
+      log.info(`Host-rewrite proxy: :${proxyPort} → localhost:${targetPort}`);
+      resolve({ server: proxy, port: proxyPort });
+    });
+
+    proxy.on("error", (err) => {
+      log.error(`Proxy failed to start: ${err.message}`);
+      reject(err);
+    });
+  });
 }
 
 // ---------------------------------------------------------------------------
 // Cloudflared (preferred — no splash page)
 // ---------------------------------------------------------------------------
 
-function startCloudflaredTunnel(sessionId, port) {
-  return new Promise((resolve) => {
-    const proc = spawn(
-      "cloudflared",
-      ["tunnel", "--url", `http://localhost:${port}`],
-      { stdio: ["pipe", "pipe", "pipe"] },
+async function startCloudflaredTunnel(sessionId, port, statusCallback) {
+  // Start a local proxy that rewrites Host header to localhost.
+  let proxy = null;
+  let tunnelPort = port;
+  try {
+    proxy = await startHostProxy(port);
+    tunnelPort = proxy.port;
+    log.info(
+      `Host-rewrite proxy active: cloudflared → :${tunnelPort} → localhost:${port}`,
+    );
+  } catch (err) {
+    log.warn(
+      `Could not start host-rewrite proxy (${err.message}) — ` +
+        `relying on --http-host-header flag only`,
     );
+  }
+
+  // --http-host-header tells cloudflared to rewrite the Host header
+  // to localhost before sending to our proxy/dev server.
+  // Belt-and-suspenders with the proxy approach.
+  const args = [
+    "tunnel",
+    "--url",
+    `http://127.0.0.1:${tunnelPort}`,
+    "--http-host-header",
+    `localhost:${port}`,
+  ];
+
+  return new Promise((resolve) => {
+    const proc = spawn(cloudflaredBinary, args, {
+      stdio: ["pipe", "pipe", "pipe"],
+    });
 
     let url = null;
     let stderrBuf = "";
 
-    const timeout = setTimeout(() => {
+    const timeout = setTimeout(async () => {
       if (!url) {
-        log.warn(
-          `cloudflared tunnel startup timed out after 30s for port ${port}`,
-        );
+        const msg = `cloudflared tunnel startup timed out after 30s for port ${port}`;
+        log.warn(msg);
         proc.kill("SIGTERM");
+        if (proxy) proxy.server.close();
+        await statusCallback?.("failed", msg);
         resolve(null);
       }
     }, 30_000);
 
     // cloudflared prints the URL to stderr, not stdout.
-    proc.stderr.on("data", (data) => {
+    proc.stderr.on("data", async (data) => {
       stderrBuf += data.toString();
       // Matches: https://some-random-name.trycloudflare.com
       const match = stderrBuf.match(
@@ -95,20 +277,25 @@ function startCloudflaredTunnel(sessionId, port) {
       if (match && !url) {
         url = match[0].trim();
         clearTimeout(timeout);
-        activeTunnels.set(sessionId, { process: proc, port, url });
+        activeTunnels.set(sessionId, { process: proc, port, url, proxy });
         log.success(`Tunnel active: localhost:${port} → ${url}`);
+        await statusCallback?.("active");
         resolve(url);
       }
     });
 
-    proc.on("error", (err) => {
+    proc.on("error", async (err) => {
       clearTimeout(timeout);
       log.error(`cloudflared failed to start: ${err.message}`);
+      if (proxy) proxy.server.close();
+      await statusCallback?.("failed", `cloudflared failed: ${err.message}`);
       resolve(null);
     });
 
     proc.on("close", (code) => {
       clearTimeout(timeout);
+      const entry = activeTunnels.get(sessionId);
+      if (entry?.proxy) entry.proxy.server.close();
       activeTunnels.delete(sessionId);
       if (code !== 0 && code !== null) {
         log.warn(`cloudflared process exited with code ${code}`);
@@ -122,7 +309,7 @@ function startCloudflaredTunnel(sessionId, port) {
 // Localtunnel (fallback)
 // ---------------------------------------------------------------------------
 
-function startLocaltunnel(sessionId, port) {
+function startLocaltunnel(sessionId, port, statusCallback) {
   return new Promise((resolve) => {
     const proc = spawn("npx", ["localtunnel", "--port", String(port)], {
       stdio: ["pipe", "pipe", "pipe"],
@@ -131,15 +318,17 @@ function startLocaltunnel(sessionId, port) {
     let url = null;
     let stdoutBuf = "";
 
-    const timeout = setTimeout(() => {
+    const timeout = setTimeout(async () => {
       if (!url) {
-        log.warn(`localtunnel startup timed out after 30s for port ${port}`);
+        const msg = `localtunnel startup timed out after 30s for port ${port}`;
+        log.warn(msg);
         proc.kill("SIGTERM");
+        await statusCallback?.("failed", msg);
         resolve(null);
       }
     }, 30_000);
 
-    proc.stdout.on("data", (data) => {
+    proc.stdout.on("data", async (data) => {
       stdoutBuf += data.toString();
       // localtunnel outputs: "your url is: https://xyz.loca.lt"
       const match = stdoutBuf.match(/your url is:\s*(https?:\/\/\S+)/i);
@@ -149,6 +338,7 @@ function startLocaltunnel(sessionId, port) {
 
         activeTunnels.set(sessionId, { process: proc, port, url });
         log.success(`Tunnel active: localhost:${port} → ${url}`);
+        await statusCallback?.("active");
         resolve(url);
       }
     });
@@ -158,9 +348,10 @@ function startLocaltunnel(sessionId, port) {
       if (msg) log.warn(`[tunnel] ${msg}`);
     });
 
-    proc.on("error", (err) => {
+    proc.on("error", async (err) => {
       clearTimeout(timeout);
       log.error(`localtunnel failed to start: ${err.message}`);
+      await statusCallback?.("failed", `localtunnel failed: ${err.message}`);
       resolve(null);
     });
 
@@ -186,6 +377,7 @@ export async function stopTunnel(sessionId) {
     `Stopping tunnel for session ${sessionId.slice(0, 8)} (port ${tunnel.port})`,
   );
   tunnel.process.kill("SIGTERM");
+  if (tunnel.proxy) tunnel.proxy.server.close();
   activeTunnels.delete(sessionId);
 }
 
@@ -196,6 +388,7 @@ export async function stopAllTunnels() {
   for (const [sessionId, tunnel] of activeTunnels) {
     log.info(`Cleanup: stopping tunnel for ${sessionId.slice(0, 8)}`);
     tunnel.process.kill("SIGTERM");
+    if (tunnel.proxy) tunnel.proxy.server.close();
   }
   activeTunnels.clear();
 }