git-daemon 0.1.6 → 0.1.8

package/README.md

@@ -7,7 +7,7 @@ Git Daemon is a local Node.js service that exposes a small, authenticated HTTP A
 
 ## What it does
 
-- Clone, fetch, and read Git status using your system Git credentials
+- Clone, fetch, list branches, and read Git status using your system Git credentials
 - Stream long-running job logs via Server-Sent Events (SSE)
 - Open a repo in the OS file browser, terminal, or VS Code (with approvals)
 - Install dependencies with safer defaults (`--ignore-scripts` by default)
@@ -24,7 +24,7 @@ Git Daemon is a local Node.js service that exposes a small, authenticated HTTP A
 ## Requirements
 
 - Node.js (for running the daemon)
-- Git (for clone/fetch/status)
+- Git (for clone/fetch/branches/status)
 - Optional: `code` CLI for VS Code, `pnpm`/`yarn` for dependency installs
 
 ## Install
@@ -153,6 +153,14 @@ curl -N \
   http://127.0.0.1:8790/v1/jobs/<JOB_ID>/stream
 ```
 
+List branches (local + remote by default):
+
+```bash
+curl -H "Origin: https://app.example.com" \
+  -H "Authorization: Bearer <TOKEN>" \
+  "http://127.0.0.1:8790/v1/git/branches?repoPath=owner/repo"
+```
+
 ## Configuration
 
 Config is stored in OS-specific directories:
@@ -176,6 +184,10 @@ Key settings live in `config.json`:
 
 Tokens are stored (hashed) in `tokens.json`. Logs are written under the configured `logging.directory` with rotation.
 
+Approvals can be scoped per repo or origin-wide. To allow a capability for all repos
+from an origin, set `"repoPath": null` in an approvals entry. When a TTY is
+available, the daemon will prompt for approval on first use.
+
 ## Development
 
 Run tests:

package/config.schema.json

@@ -174,7 +174,11 @@
                 "format": "uri"
               },
               "repoPath": {
-                "type": "string"
+                "type": [
+                  "string",
+                  "null"
+                ],
+                "description": "Repo path to scope approvals. Null means all repos for the origin."
               },
               "capabilities": {
                 "type": "array",

package/design.md

@@ -20,6 +20,7 @@ The daemon exposes a **localhost HTTP API** guarded by:
 * Provide additional local dev actions:
 
   * `fetch`
+  * `branches`
   * `status`
   * open folder / terminal / VS Code
   * run dependency installation (`npm i` / pnpm / yarn)
@@ -275,6 +276,10 @@ Meta response fields (examples):
 
   * body: `{ repoPath, remote?: "origin", prune?: true }`
   * note: fetch updates remote tracking only; no merge/rebase is performed
+* `GET /v1/git/branches?repoPath=...&includeRemote=true` → branch list
+
+  * returns: `{ branches: [{ name, fullName, type: "local"|"remote", current, upstream? }] }`
+  * `includeRemote` defaults to `true` and includes remote tracking branches (e.g. `origin/main`)
 * `GET /v1/git/status?repoPath=...` → structured status
 
   * returns: `{ branch, ahead, behind, stagedCount, unstagedCount, untrackedCount, conflictsCount, clean }`
@@ -472,7 +477,7 @@ Recommended `errorCode` values:
 ## Future Extensions
 
 * Repo registry: “known repos” list for safer operations and better UX
-* `git pull`, `checkout`, `branch list`, `log` endpoints
+* `git pull`, `checkout`, `log` endpoints
 * Support multiple terminals/editors
 * Signed request challenge (HMAC) in addition to bearer token
 

package/openapi.yaml

@@ -182,6 +182,32 @@ paths:
           $ref: '#/components/responses/UnprocessableEntity'
         '500':
           $ref: '#/components/responses/InternalError'
+  /v1/git/branches:
+    get:
+      summary: List repository branches
+      parameters:
+        - $ref: '#/components/parameters/OriginHeader'
+        - $ref: '#/components/parameters/RepoPath'
+        - $ref: '#/components/parameters/IncludeRemote'
+      responses:
+        '200':
+          description: Repository branches
+          content:
+            application/json:
+              schema:
+                $ref: '#/components/schemas/GitBranchesResponse'
+        '401':
+          $ref: '#/components/responses/Unauthorized'
+        '403':
+          $ref: '#/components/responses/Forbidden'
+        '404':
+          $ref: '#/components/responses/NotFound'
+        '409':
+          $ref: '#/components/responses/Conflict'
+        '422':
+          $ref: '#/components/responses/UnprocessableEntity'
+        '500':
+          $ref: '#/components/responses/InternalError'
   /v1/git/status:
     get:
       summary: Get repository status
@@ -309,6 +335,13 @@ components:
       required: true
       schema:
         type: string
+    IncludeRemote:
+      name: includeRemote
+      in: query
+      required: false
+      schema:
+        type: boolean
+        default: true
   schemas:
     MetaResponse:
       type: object
@@ -548,6 +581,34 @@ components:
           minimum: 0
         clean:
           type: boolean
+    GitBranchesResponse:
+      type: object
+      required:
+        - branches
+      properties:
+        branches:
+          type: array
+          items:
+            $ref: '#/components/schemas/GitBranch'
+    GitBranch:
+      type: object
+      required:
+        - name
+        - fullName
+        - type
+        - current
+      properties:
+        name:
+          type: string
+        fullName:
+          type: string
+        type:
+          type: string
+          enum: [local, remote]
+        current:
+          type: boolean
+        upstream:
+          type: string
     OsOpenRequest:
       type: object
       required:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "git-daemon",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "private": false,
   "type": "commonjs",
   "main": "dist/daemon.js",

package/src/app.ts

@@ -3,7 +3,9 @@ import rateLimit from "express-rate-limit";
 import type { Logger } from "pino";
 import type { Request, Response, NextFunction } from "express";
 import { promises as fs } from "fs";
+import * as fsSync from "fs";
 import path from "path";
+import readline from "readline";
 import { createHttpLogger } from "./logger";
 import type { AppConfig, Capabilities } from "./types";
 import {
@@ -26,6 +28,7 @@ import {
   pairRequestSchema,
   gitCloneRequestSchema,
   gitFetchRequestSchema,
+  gitBranchesQuerySchema,
   gitStatusQuerySchema,
   osOpenRequestSchema,
   depsInstallRequestSchema,
@@ -39,6 +42,7 @@ import {
 import {
   cloneRepo,
   fetchRepo,
+  listRepoBranches,
   getRepoStatus,
   RepoNotFoundError,
   resolveRepoPath,
@@ -48,7 +52,8 @@ import { openTarget } from "./os";
 import type { TokenStore } from "./tokens";
 import type { PairingManager } from "./pairing";
 import type { JobManager } from "./jobs";
-import { requireApproval } from "./approvals";
+import { hasApproval, requireApproval } from "./approvals";
+import { saveConfig } from "./config";
 
 export type DaemonContext = {
   config: AppConfig;
@@ -332,6 +337,35 @@ export const createApp = (ctx: DaemonContext) => {
     },
   );
 
+  app.get(
+    "/v1/git/branches",
+    authGuard(ctx.tokenStore),
+    async (req, res, next) => {
+      try {
+        const payload = parseBody(gitBranchesQuerySchema, req.query);
+        const workspaceRoot = ensureWorkspaceRoot(ctx.config.workspaceRoot);
+        const includeRemote = payload.includeRemote !== "false";
+        const branches = await listRepoBranches(
+          workspaceRoot,
+          payload.repoPath,
+          {
+            includeRemote,
+          },
+        );
+        res.json({ branches });
+      } catch (err) {
+        if (
+          err instanceof RepoNotFoundError ||
+          err instanceof MissingPathError
+        ) {
+          next(repoNotFound());
+          return;
+        }
+        next(err);
+      }
+    },
+  );
+
   app.get(
     "/v1/git/status",
     authGuard(ctx.tokenStore),
@@ -365,8 +399,8 @@ export const createApp = (ctx: DaemonContext) => {
       );
 
       if (payload.target === "terminal") {
-        requireApproval(
-          ctx.config,
+        await ensureApproval(
+          ctx,
           origin,
           resolved,
           "open-terminal",
@@ -374,8 +408,8 @@ export const createApp = (ctx: DaemonContext) => {
         );
       }
       if (payload.target === "vscode") {
-        requireApproval(
-          ctx.config,
+        await ensureApproval(
+          ctx,
           origin,
           resolved,
           "open-vscode",
@@ -411,8 +445,8 @@ export const createApp = (ctx: DaemonContext) => {
         } catch {
           throw repoNotFound();
         }
-        requireApproval(
-          ctx.config,
+        await ensureApproval(
+          ctx,
           origin,
           resolved,
           "deps/install",
@@ -462,8 +496,22 @@ export const createApp = (ctx: DaemonContext) => {
     }
   });
 
-  app.use((err: unknown, _req: Request, res: Response, _next: NextFunction) => {
+  app.use((err: unknown, req: Request, res: Response, _next: NextFunction) => {
     if (err instanceof ApiError) {
+      if (err.status === 409) {
+        console.warn(
+          `[Git Daemon] 409 ${err.body.errorCode} ${req.method} ${req.originalUrl} origin=${req.headers.origin ?? ""}`,
+        );
+        ctx.logger.warn(
+          {
+            errorCode: err.body.errorCode,
+            method: req.method,
+            path: req.originalUrl,
+            origin: req.headers.origin,
+          },
+          "Request rejected with conflict",
+        );
+      }
       res.status(err.status).json(err.body);
       return;
     }
@@ -480,3 +528,86 @@ export const createApp = (ctx: DaemonContext) => {
 
   return app;
 };
+
+const ensureApproval = async (
+  ctx: DaemonContext,
+  origin: string,
+  repoPath: string,
+  capability: "open-terminal" | "open-vscode" | "deps/install",
+  workspaceRoot?: string | null,
+) => {
+  if (hasApproval(ctx.config, origin, repoPath, capability, workspaceRoot)) {
+    return;
+  }
+  const approved = await promptApproval(origin, repoPath, capability);
+  if (!approved) {
+    requireApproval(ctx.config, origin, repoPath, capability, workspaceRoot);
+    return;
+  }
+  upsertOriginApproval(ctx, origin, capability);
+  await saveConfig(ctx.configDir, ctx.config);
+};
+
+const createPromptInterface = () => {
+  if (process.stdin.isTTY && process.stdout.isTTY) {
+    return readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+  }
+  const ttyPath = process.platform === "win32" ? "CON" : "/dev/tty";
+  try {
+    const input = fsSync.createReadStream(ttyPath, { encoding: "utf8" });
+    const output = fsSync.createWriteStream(ttyPath);
+    return readline.createInterface({ input, output });
+  } catch {
+    return null;
+  }
+};
+
+const askQuestion = (rl: readline.Interface, question: string) =>
+  new Promise<string>((resolve) => {
+    rl.question(question, (answer) => resolve(answer));
+  });
+
+const promptApproval = async (
+  origin: string,
+  repoPath: string,
+  capability: string,
+) => {
+  const rl = createPromptInterface();
+  if (!rl) {
+    return false;
+  }
+  const answer = await askQuestion(
+    rl,
+    `Approve ${capability} for origin ${origin} (all repos)? [y/N] Requested path: ${repoPath} `,
+  );
+  rl.close();
+  const normalized = answer.trim().toLowerCase();
+  return normalized === "y" || normalized === "yes";
+};
+
+const upsertOriginApproval = (
+  ctx: DaemonContext,
+  origin: string,
+  capability: "open-terminal" | "open-vscode" | "deps/install",
+) => {
+  const existing = ctx.config.approvals.entries.find(
+    (entry) =>
+      entry.origin === origin &&
+      (entry.repoPath === null || entry.repoPath === "*"),
+  );
+  if (existing) {
+    if (!existing.capabilities.includes(capability)) {
+      existing.capabilities.push(capability);
+    }
+    return;
+  }
+  ctx.config.approvals.entries.push({
+    origin,
+    repoPath: null,
+    capabilities: [capability],
+    approvedAt: new Date().toISOString(),
+  });
+};

package/src/approvals.ts

@@ -13,10 +13,13 @@ export const hasApproval = (
     if (entry.origin !== origin || !entry.capabilities.includes(capability)) {
       return false;
     }
+    if (entry.repoPath === null || entry.repoPath === "*") {
+      return true;
+    }
     if (entry.repoPath === repoPath) {
       return true;
     }
-    if (workspaceRoot && !path.isAbsolute(entry.repoPath)) {
+    if (workspaceRoot && entry.repoPath && !path.isAbsolute(entry.repoPath)) {
       return path.resolve(workspaceRoot, entry.repoPath) === repoPath;
     }
     return false;

package/src/git.ts

@@ -15,6 +15,14 @@ export type GitStatus = {
   clean: boolean;
 };
 
+export type GitBranch = {
+  name: string;
+  fullName: string;
+  type: "local" | "remote";
+  current: boolean;
+  upstream?: string;
+};
+
 export class RepoNotFoundError extends Error {}
 
 export const cloneRepo = async (
@@ -76,6 +84,28 @@ export const getRepoStatus = async (
   return parseStatus(result.stdout);
 };
 
+export const listRepoBranches = async (
+  workspaceRoot: string,
+  repoPath: string,
+  options?: { includeRemote?: boolean },
+): Promise<GitBranch[]> => {
+  const resolved = await resolveRepoPath(workspaceRoot, repoPath);
+  const includeRemote = options?.includeRemote ?? true;
+  const { execa } = await import("execa");
+  const refs = ["refs/heads"];
+  if (includeRemote) {
+    refs.push("refs/remotes");
+  }
+  const result = await execa("git", [
+    "-C",
+    resolved,
+    "for-each-ref",
+    "--format=%(refname)\t%(refname:short)\t%(objectname)\t%(HEAD)\t%(upstream:short)",
+    ...refs,
+  ]);
+  return parseBranches(result.stdout);
+};
+
 export const resolveRepoPath = async (
   workspaceRoot: string,
   repoPath: string,
@@ -158,3 +188,32 @@ const parseStatus = (output: string): GitStatus => {
     clean,
   };
 };
+
+const parseBranches = (output: string): GitBranch[] => {
+  const branches: GitBranch[] = [];
+  const lines = output.split(/\r?\n/);
+  for (const line of lines) {
+    if (!line) {
+      continue;
+    }
+    const [fullName, shortName, , headFlag, upstream] = line.split("\t");
+    if (!fullName || !shortName) {
+      continue;
+    }
+    if (fullName.startsWith("refs/remotes/") && fullName.endsWith("/HEAD")) {
+      continue;
+    }
+    const type = fullName.startsWith("refs/heads/") ? "local" : "remote";
+    const branch: GitBranch = {
+      name: shortName,
+      fullName,
+      type,
+      current: headFlag === "*",
+    };
+    if (upstream) {
+      branch.upstream = upstream;
+    }
+    branches.push(branch);
+  }
+  return branches;
+};

package/src/types.ts

@@ -2,7 +2,7 @@ export type Capability = "open-terminal" | "open-vscode" | "deps/install";
 
 export type ApprovalEntry = {
   origin: string;
-  repoPath: string;
+  repoPath: string | null;
   capabilities: Capability[];
   approvedAt: string;
 };

package/src/validation.ts

@@ -56,6 +56,11 @@ export const gitStatusQuerySchema = z.object({
   repoPath: z.string().min(1).max(MAX_PATH_LENGTH),
 });
 
+export const gitBranchesQuerySchema = z.object({
+  repoPath: z.string().min(1).max(MAX_PATH_LENGTH),
+  includeRemote: z.enum(["true", "false"]).optional(),
+});
+
 export const osOpenRequestSchema = z.object({
   target: z.enum(["folder", "terminal", "vscode"]),
   path: z.string().min(1).max(MAX_PATH_LENGTH),

package/tests/app.test.ts

@@ -4,6 +4,7 @@ import path from "path";
 import os from "os";
 import { promises as fs } from "fs";
 import pino from "pino";
+import { execa } from "execa";
 import { createApp, type DaemonContext } from "../src/app";
 import { TokenStore } from "../src/tokens";
 import { PairingManager } from "../src/pairing";
@@ -13,6 +14,32 @@ import type { AppConfig } from "../src/types";
 const createTempDir = async () =>
   fs.mkdtemp(path.join(os.tmpdir(), "git-daemon-test-"));
 
+const runGit = async (cwd: string, args: string[]) => {
+  await execa("git", args, { cwd });
+};
+
+const setupRepoWithRemote = async (workspaceRoot: string) => {
+  const repoDir = path.join(workspaceRoot, "repo");
+  const remoteDir = path.join(workspaceRoot, "remote.git");
+  await fs.mkdir(repoDir, { recursive: true });
+  await runGit(repoDir, ["init", "-b", "main"]);
+  await runGit(repoDir, ["config", "user.email", "test@example.com"]);
+  await runGit(repoDir, ["config", "user.name", "Test User"]);
+  await fs.writeFile(path.join(repoDir, "README.md"), "hello");
+  await runGit(repoDir, ["add", "README.md"]);
+  await runGit(repoDir, ["commit", "-m", "init"]);
+  await runGit(workspaceRoot, ["init", "--bare", remoteDir]);
+  await runGit(repoDir, ["remote", "add", "origin", remoteDir]);
+  await runGit(repoDir, ["push", "-u", "origin", "main"]);
+  await runGit(repoDir, ["checkout", "-b", "feature"]);
+  await fs.writeFile(path.join(repoDir, "feature.txt"), "feature");
+  await runGit(repoDir, ["add", "feature.txt"]);
+  await runGit(repoDir, ["commit", "-m", "feature"]);
+  await runGit(repoDir, ["push", "-u", "origin", "feature"]);
+  await runGit(repoDir, ["fetch", "origin"]);
+  return { repoPath: "repo" };
+};
+
 const createConfig = (
   workspaceRoot: string | null,
   origin: string,
@@ -119,4 +146,38 @@ describe("Git Daemon API", () => {
     expect(res.status).toBe(422);
     expect(res.body.errorCode).toBe("invalid_repo_url");
   });
+
+  it("lists branches including remotes by default", async () => {
+    const workspaceRoot = await createTempDir();
+    const { repoPath } = await setupRepoWithRemote(workspaceRoot);
+    const { app, ctx } = await createContext(workspaceRoot, origin);
+    const { token } = await ctx.tokenStore.issueToken(origin, 30);
+
+    const res = await request(app)
+      .get("/v1/git/branches")
+      .query({ repoPath })
+      .set("Origin", origin)
+      .set("Host", "127.0.0.1")
+      .set("Authorization", `Bearer ${token}`);
+
+    expect(res.status).toBe(200);
+    const branches = res.body.branches as Array<{
+      name: string;
+      type: "local" | "remote";
+      current: boolean;
+    }>;
+    const names = branches.map((branch) => branch.name);
+    expect(names).toEqual(
+      expect.arrayContaining([
+        "main",
+        "feature",
+        "origin/main",
+        "origin/feature",
+      ]),
+    );
+    const current = branches.find((branch) => branch.current);
+    expect(current?.name).toBe("feature");
+    const originMain = branches.find((branch) => branch.name === "origin/main");
+    expect(originMain?.type).toBe("remote");
+  });
 });