forge-remote 2.1.6 → 2.2.1

package/firestore.rules

@@ -115,24 +115,6 @@ service cloud.firestore {
       }
     }
 
-    // ---- Mobile AI requests (relay-via-Claude) ----
-    //
-    // The mobile app writes a request, the relay reads it, executes
-    // `claude -p` headlessly, and streams stdout into chunks/. The
-    // relay also flips status to 'completed' or 'failed' and may
-    // append an `error` field on failure.
-    match /mobile_ai_requests/{requestId} {
-      allow read: if isSignedIn();
-      allow create: if isSignedIn()
-                    && request.resource.data.ownerUid == request.auth.uid;
-      allow update: if isSignedIn();
-      allow delete: if isSignedIn();
-
-      match /chunks/{chunkId} {
-        allow read, create, delete: if isSignedIn();
-      }
-    }
-
     // ---- Pairing tokens ----
     match /pairingTokens/{tokenId} {
       allow read: if isSignedIn();
@@ -152,6 +134,20 @@ service cloud.firestore {
       allow update: if isSignedIn() && isValidSize();
     }
 
+    // ---- Forge Hall (RPG party / quests / inventory / battle history) ----
+    // BYOF: single-player. State is stored as a single doc at
+    //   forge_hall/state
+    // with subcollections for inventory items + battle history. The mobile
+    // app is the only writer; relay reads are read-only for now.
+    match /forge_hall/{docId} {
+      allow read: if isSignedIn();
+      allow write: if isSignedIn();
+
+      match /{subColl}/{subDoc} {
+        allow read, write: if isSignedIn();
+      }
+    }
+
     // ---- User profiles (for preferences) ----
     match /users/{userId} {
       allow read, write: if request.auth != null && request.auth.uid == userId;
@@ -161,63 +157,6 @@ service cloud.firestore {
       }
     }
 
-    // ---- Forge Remote Cloud (managed mode) — multi-tenant ----
-    //
-    // In Cloud Mode, every user lives under /users/{uid}/* and may only
-    // read/write their own subtree. Pairing codes are world-readable for
-    // the duration of pairing (10 min TTL enforced by the relay + GC fn),
-    // but only the desktop relay that created a code may write back the
-    // claim metadata, and only the matching user may set userUid.
-
-    match /users/{userId}/desktops/{desktopId} {
-      allow read, write: if isOwner(userId);
-
-      match /{sub=**} {
-        allow read, write: if isOwner(userId);
-      }
-    }
-
-    match /users/{userId}/sessions/{sessionId} {
-      allow read, write: if isOwner(userId);
-
-      match /{sub=**} {
-        allow read, write: if isOwner(userId);
-      }
-    }
-
-    match /users/{userId}/ai_credits/{docId} {
-      allow read: if isOwner(userId);
-      // Only Cloud Functions (admin SDK) write here.
-    }
-
-    // Cloud-mode mirror of mobile_ai_requests. Identical contract,
-    // scoped under the user's subtree.
-    match /users/{userId}/mobile_ai_requests/{requestId} {
-      allow read, write: if isOwner(userId);
-      match /chunks/{chunkId} {
-        allow read, write: if isOwner(userId);
-      }
-    }
-
-    match /pairing_codes/{code} {
-      // Anyone signed-in can read (so the desktop can listen for claim).
-      allow read: if isSignedIn();
-      // The relay writes the initial doc with admin SDK; we still allow
-      // create from clients during transition. The mobile app updates it
-      // once with userUid set to the caller.
-      allow create: if isSignedIn();
-      allow update: if isSignedIn()
-                    && request.resource.data.userUid == request.auth.uid
-                    && resource.data.userUid == null;
-      allow delete: if isSignedIn();
-    }
-
-    // Public read-only session replays (Phase 6).
-    match /shared_sessions/{shareId} {
-      allow read: if true;
-      allow create, update, delete: if false; // Cloud Function only.
-    }
-
     // Deny everything else by default.
     match /{document=**} {
       allow read, write: if false;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "forge-remote",
-  "version": "2.1.6",
-  "description": "Desktop relay for Forge Remote — mobile command center for AI coding agents",
+  "version": "2.2.1",
+  "description": "Desktop relay for Forge Remote — monitor and control Claude Code sessions from your phone",
   "type": "module",
   "license": "UNLICENSED",
   "author": "Daniel Wendel <daniel@ironforgeapps.com> (https://ironforgeapps.com)",
@@ -34,6 +34,7 @@
   ],
   "dependencies": {
     "chalk": "^5.4.0",
+    "chokidar": "^4.0.3",
     "commander": "^13.0.0",
     "firebase-admin": "^13.0.0",
     "localtunnel": "^2.0.2",

package/src/build-manager.js

@@ -2,7 +2,7 @@
 // Copyright (c) 2025-2026 Iron Forge Apps
 // Created by Daniel Wendel, CEO/Founder of Iron Forge Apps
 
-import { execSync, spawn } from "child_process";
+import { execSync, spawn, spawnSync } from "child_process";
 import path from "node:path";
 import {
   existsSync,
@@ -231,60 +231,88 @@ export async function runBuild(projectPath, platform, onOutput) {
         process.env.DEVELOPER_DIR ||
         "/Applications/Xcode.app/Contents/Developer",
     };
-    try {
-      const output = execSync(buildCmd, {
-        cwd: projectPath,
-        env: buildEnv,
-        timeout: 600000, // 10 minutes
-        encoding: "utf-8",
-        stdio: ["pipe", "pipe", "pipe"],
-        shell: shell,
-      });
+    // For iOS builds, run flutter clean first to avoid stale storyboard caches
+    const fullCmd =
+      platform === "ios"
+        ? `flutter clean > /dev/null 2>&1; ${buildCmd}`
+        : buildCmd;
+    const proc = spawn(shell, ["-l", "-c", fullCmd], {
+      cwd: projectPath,
+      env: buildEnv,
+      stdio: ["pipe", "pipe", "pipe"],
+    });
 
-      const duration = Math.round((Date.now() - startTime) / 1000);
-      const outputPath =
-        projectInfo.outputPaths[platform] ||
-        projectInfo.outputPaths.web ||
-        projectInfo.outputPaths.default ||
-        null;
+    // Timeout: 10 minutes max for any build
+    const buildTimeout = setTimeout(() => {
+      log.warn(`Build timed out after 10 minutes: ${buildCmd}`);
+      try {
+        proc.kill("SIGTERM");
+      } catch {}
+      setTimeout(() => {
+        try {
+          proc.kill("SIGKILL");
+        } catch {}
+      }, 5000);
+      reject(new Error(`Build timed out after 10 minutes`));
+    }, 600000);
 
-      // Stream output lines to callback
-      for (const line of output.split("\n")) {
+    proc.stdout.on("data", (data) => {
+      const text = data.toString();
+      for (const line of text.split("\n")) {
         const trimmed = line.trim();
         if (trimmed) {
           outputLines.push(trimmed);
           if (onOutput) onOutput(trimmed, "stdout");
         }
       }
+    });
 
-      log.info(`Build succeeded in ${duration}s`);
-      resolve({
-        success: true,
-        output: outputLines.join("\n"),
-        duration,
-        outputPath: outputPath ? path.resolve(projectPath, outputPath) : null,
-        framework: projectInfo.framework,
-        platform,
-      });
-    } catch (err) {
-      const duration = Math.round((Date.now() - startTime) / 1000);
-      const stderr = err.stderr?.toString() || "";
-      const stdout = err.stdout?.toString() || "";
-      const allOutput = (stdout + "\n" + stderr).trim();
-
-      // Stream output lines to callback
-      for (const line of allOutput.split("\n")) {
+    proc.stderr.on("data", (data) => {
+      const text = data.toString();
+      for (const line of text.split("\n")) {
         const trimmed = line.trim();
         if (trimmed) {
           outputLines.push(trimmed);
           if (onOutput) onOutput(trimmed, "stderr");
         }
       }
+    });
 
-      const tail = outputLines.slice(-15).join("\n");
-      log.error(`Build failed (exit code ${err.status}) after ${duration}s`);
-      reject(new Error(`Build failed (exit code ${err.status})\n${tail}`));
-    }
+    proc.on("error", (err) => {
+      clearTimeout(buildTimeout);
+      reject(new Error(`Build process error: ${err.message}`));
+    });
+
+    proc.on("close", (code) => {
+      clearTimeout(buildTimeout);
+      const duration = Math.round((Date.now() - startTime) / 1000);
+      const outputPath =
+        projectInfo.outputPaths[platform] ||
+        projectInfo.outputPaths.web ||
+        projectInfo.outputPaths.default ||
+        null;
+
+      if (code === 0) {
+        log.info(`Build succeeded in ${duration}s`);
+        resolve({
+          success: true,
+          output: outputLines.join("\n"),
+          duration,
+          outputPath: outputPath ? path.resolve(projectPath, outputPath) : null,
+          framework: projectInfo.framework,
+          platform,
+        });
+      } else {
+        const tail = outputLines.slice(-15).join("\n");
+        log.error(`Build failed (exit code ${code})`);
+        reject(new Error(`Build failed (exit code ${code})\n${tail}`));
+      }
+    });
+
+    proc.on("error", (err) => {
+      log.error(`Build process error: ${err.message}`);
+      reject(new Error(`Build process error: ${err.message}`));
+    });
   });
 }
 
@@ -698,6 +726,124 @@ export function startFirebaseLogin() {
   return { pid: proc.pid };
 }
 
+// ---------------------------------------------------------------------------
+// Cloudflare Pages Deploy
+// ---------------------------------------------------------------------------
+
+import { homedir } from "os";
+import { join as joinPath } from "path";
+
+/** Read Cloudflare API token + account ID from ~/.forge-remote/config.json. */
+function getCloudflareCreds() {
+  const configPath = joinPath(homedir(), ".forge-remote", "config.json");
+  if (!existsSync(configPath)) {
+    throw new Error(
+      "Cloudflare not configured. Save your API token via the mobile app: " +
+        "Settings → Integrations → Cloudflare.",
+    );
+  }
+  const cfg = JSON.parse(readFileSync(configPath, "utf-8"));
+  const token = cfg.cloudflareApiToken;
+  const accountId = cfg.cloudflareAccountId;
+  if (!token) {
+    throw new Error(
+      "Cloudflare API token missing. Add it via the mobile app: " +
+        "Settings → Integrations → Cloudflare.",
+    );
+  }
+  return { token, accountId };
+}
+
+/** Persist Cloudflare creds to ~/.forge-remote/config.json. */
+export function saveCloudflareCreds({ token, accountId }) {
+  const configPath = joinPath(homedir(), ".forge-remote", "config.json");
+  let cfg = {};
+  if (existsSync(configPath)) {
+    cfg = JSON.parse(readFileSync(configPath, "utf-8"));
+  }
+  if (token !== undefined) cfg.cloudflareApiToken = token;
+  if (accountId !== undefined) cfg.cloudflareAccountId = accountId;
+  writeFileSync(configPath, JSON.stringify(cfg, null, 2));
+}
+
+/**
+ * Slugify a project name for Cloudflare Pages.
+ * Lowercase, alphanumeric + hyphens, max 58 chars (Pages limit).
+ */
+export function slugifyForCloudflarePages(name) {
+  let slug = (name || "")
+    .toLowerCase()
+    .replace(/[^a-z0-9-]+/g, "-")
+    .replace(/^-+|-+$/g, "")
+    .replace(/-{2,}/g, "-");
+  if (slug.length === 0) slug = "forge-remote-app";
+  if (slug.length > 58) slug = slug.slice(0, 58).replace(/-$/, "");
+  return slug;
+}
+
+/**
+ * Deploy a built static site to Cloudflare Pages via Wrangler.
+ *
+ * Uses spawnSync with array args (no shell) — no injection surface.
+ *
+ * @param {string} buildPath — absolute path to the built static directory
+ * @param {string} projectSlug — Cloudflare Pages project name (already slugified)
+ * @returns {Promise<{ url: string|null, output: string, projectSlug: string }>}
+ */
+export async function deployToCloudflarePages(buildPath, projectSlug) {
+  if (!existsSync(buildPath)) {
+    throw new Error(`Build path does not exist: ${buildPath}`);
+  }
+  const safeSlug = slugifyForCloudflarePages(projectSlug);
+  const { token, accountId } = getCloudflareCreds();
+
+  // npx fetches Wrangler on first use (~50MB cache); subsequent deploys are fast.
+  const args = [
+    "--yes",
+    "wrangler@latest",
+    "pages",
+    "deploy",
+    buildPath,
+    `--project-name=${safeSlug}`,
+    "--commit-dirty=true",
+  ];
+
+  log.info(
+    `Deploying to Cloudflare Pages (${safeSlug}): npx ${args.join(" ")}`,
+  );
+
+  const result = spawnSync("npx", args, {
+    timeout: 240_000,
+    encoding: "utf-8",
+    env: {
+      ...process.env,
+      CLOUDFLARE_API_TOKEN: token,
+      ...(accountId ? { CLOUDFLARE_ACCOUNT_ID: accountId } : {}),
+      WRANGLER_SEND_METRICS: "false",
+    },
+  });
+
+  if (result.error) throw result.error;
+  const stdout = result.stdout || "";
+  const stderr = result.stderr || "";
+  const combined = stdout + "\n" + stderr;
+
+  if (result.status !== 0) {
+    throw new Error(
+      `Wrangler exited with code ${result.status}: ${combined.slice(0, 500)}`,
+    );
+  }
+
+  // Parse deployment URL.
+  const aliasMatch = combined.match(/alias URL:\s+(https?:\/\/[^\s]+)/i);
+  const previewMatch = combined.match(/(https?:\/\/[a-z0-9-]+\.pages\.dev)/i);
+  const url =
+    aliasMatch?.[1] || previewMatch?.[1] || `https://${safeSlug}.pages.dev`;
+
+  log.info(`Cloudflare Pages deployed: ${url}`);
+  return { url, output: combined, projectSlug: safeSlug };
+}
+
 // ---------------------------------------------------------------------------
 // Helpers
 // ---------------------------------------------------------------------------