heyhank 0.1.0

package/server/terminal-manager.ts

@@ -0,0 +1,240 @@
+import type { ServerWebSocket } from "bun";
+import { existsSync } from "node:fs";
+import { randomUUID } from "node:crypto";
+import type { SocketData } from "./ws-bridge.js";
+
+/** Bun's PTY terminal handle exposed on proc when spawned with `terminal` option */
+interface BunTerminalHandle {
+  write(data: string): void;
+  resize(cols: number, rows: number): void;
+  close(): void;
+}
+
+interface TerminalInstance {
+  id: string;
+  cwd: string;
+  containerId?: string;
+  proc: ReturnType<typeof Bun.spawn>;
+  terminal: BunTerminalHandle;
+  browserSockets: Set<ServerWebSocket<SocketData>>;
+  cols: number;
+  rows: number;
+  orphanTimer: ReturnType<typeof setTimeout> | null;
+}
+
+function resolveShell(): string {
+  if (process.env.SHELL && existsSync(process.env.SHELL)) return process.env.SHELL;
+  if (existsSync("/bin/bash")) return "/bin/bash";
+  return "/bin/sh";
+}
+
+export class TerminalManager {
+  private instances = new Map<string, TerminalInstance>();
+
+  /** Spawn a terminal in the given directory (host or container). */
+  spawn(cwd: string, cols = 80, rows = 24, options?: { containerId?: string }): string {
+    const id = randomUUID();
+    const containerId = options?.containerId?.trim() || undefined;
+    const sockets = new Set<ServerWebSocket<SocketData>>();
+    const shell = resolveShell();
+    const cmd = containerId
+      ? [
+          "docker",
+          "exec",
+          "-i",
+          "-t",
+          "-w",
+          cwd,
+          containerId,
+          "sh",
+          "-lc",
+          "if command -v bash >/dev/null 2>&1; then exec bash -l; else exec sh -l; fi",
+        ]
+      : [shell, "-l"];
+
+    const proc = Bun.spawn(cmd, {
+      cwd: containerId ? undefined : cwd,
+      env: { ...process.env, TERM: "xterm-256color", CLAUDECODE: undefined },
+      terminal: {
+        cols,
+        rows,
+        data: (_terminal, data) => {
+          // Broadcast raw PTY output as binary to all connected browsers
+          for (const ws of sockets) {
+            try {
+              ws.sendBinary(data);
+            } catch {
+              // socket may have closed
+            }
+          }
+        },
+        exit: () => {
+          // PTY stream closed — get exit code from proc
+          const inst = this.instances.get(id);
+          if (inst) {
+            const exitMsg = JSON.stringify({ type: "exit", exitCode: proc.exitCode ?? 0 });
+            for (const ws of inst.browserSockets) {
+              try {
+                ws.send(exitMsg);
+              } catch {
+                // socket may have closed
+              }
+            }
+          }
+        },
+      },
+    });
+
+    // Extract the terminal handle from the proc — Bun attaches it when spawned with `terminal` option
+    const terminal = (proc as any).terminal as BunTerminalHandle;
+    this.instances.set(id, {
+      id,
+      cwd,
+      containerId,
+      proc,
+      terminal,
+      browserSockets: sockets,
+      cols,
+      rows,
+      orphanTimer: null,
+    });
+    console.log(
+      `[terminal] Spawned terminal ${id} in ${cwd}${containerId ? ` (container ${containerId.slice(0, 12)})` : ""} (${containerId ? "docker-shell" : shell}, ${cols}x${rows})`,
+    );
+
+    // Handle process exit
+    proc.exited.then((exitCode) => {
+      const inst = this.instances.get(id);
+      if (!inst) return;
+      console.log(`[terminal] Terminal ${id} exited with code ${exitCode}`);
+      this.cleanupInstance(id);
+    });
+
+    return id;
+  }
+
+  private getTerminalIdFromSocket(ws: ServerWebSocket<SocketData>): string | null {
+    const data = ws.data;
+    if (data.kind !== "terminal") return null;
+    return data.terminalId;
+  }
+
+  private cleanupInstance(terminalId: string): void {
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+    if (inst.orphanTimer) clearTimeout(inst.orphanTimer);
+    this.instances.delete(terminalId);
+  }
+
+  /** Handle a message from a browser WebSocket */
+  handleBrowserMessage(ws: ServerWebSocket<SocketData>, msg: string | Buffer): void {
+    const terminalId = this.getTerminalIdFromSocket(ws);
+    if (!terminalId) return;
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+    try {
+      const str = typeof msg === "string" ? msg : msg.toString();
+      const parsed = JSON.parse(str);
+      if (parsed.type === "input" && typeof parsed.data === "string") {
+        inst.terminal.write(parsed.data);
+      } else if (parsed.type === "resize" && typeof parsed.cols === "number" && typeof parsed.rows === "number") {
+        this.resize(terminalId, parsed.cols, parsed.rows);
+      }
+    } catch {
+      // Malformed message, ignore
+    }
+  }
+
+  /** Resize the PTY */
+  resize(terminalId: string, cols: number, rows: number): void {
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+    inst.cols = cols;
+    inst.rows = rows;
+    try {
+      inst.terminal.resize(cols, rows);
+    } catch {
+      // resize not available or failed
+    }
+  }
+
+  private killInstance(inst: TerminalInstance): void {
+    if (inst.orphanTimer) clearTimeout(inst.orphanTimer);
+    this.instances.delete(inst.id);
+
+    try {
+      inst.proc.kill();
+    } catch {
+      // process may have already exited
+    }
+
+    // SIGKILL fallback if SIGTERM doesn't work within 2 seconds
+    const pid = inst.proc.pid;
+    setTimeout(() => {
+      try {
+        process.kill(pid, 0); // check if still alive
+        inst.proc.kill(9); // SIGKILL
+      } catch {
+        // already dead, good
+      }
+    }, 2_000);
+
+    console.log(`[terminal] Killed terminal ${inst.id}`);
+  }
+
+  /** Kill one terminal instance. */
+  kill(terminalId: string): void {
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+    this.killInstance(inst);
+  }
+
+  /** Get current terminal info */
+  getInfo(terminalId?: string): { id: string; cwd: string; containerId?: string } | null {
+    if (terminalId) {
+      const inst = this.instances.get(terminalId);
+      if (!inst) return null;
+      return { id: inst.id, cwd: inst.cwd, containerId: inst.containerId };
+    }
+    const first = this.instances.values().next().value as TerminalInstance | undefined;
+    if (!first) return null;
+    return { id: first.id, cwd: first.cwd, containerId: first.containerId };
+  }
+
+  /** Attach a browser WebSocket to the terminal */
+  addBrowserSocket(ws: ServerWebSocket<SocketData>): void {
+    const terminalId = this.getTerminalIdFromSocket(ws);
+    if (!terminalId) return;
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+
+    // Cancel orphan kill timer if any
+    if (inst.orphanTimer) {
+      clearTimeout(inst.orphanTimer);
+      inst.orphanTimer = null;
+    }
+
+    inst.browserSockets.add(ws);
+  }
+
+  /** Remove a browser WebSocket from the terminal */
+  removeBrowserSocket(ws: ServerWebSocket<SocketData>): void {
+    const terminalId = this.getTerminalIdFromSocket(ws);
+    if (!terminalId) return;
+    const inst = this.instances.get(terminalId);
+    if (!inst) return;
+    inst.browserSockets.delete(ws);
+
+    // If no browsers remain, start a grace timer to kill the orphaned terminal
+    if (inst.browserSockets.size === 0) {
+      const id = inst.id;
+      inst.orphanTimer = setTimeout(() => {
+        const alive = this.instances.get(id);
+        if (alive && alive.browserSockets.size === 0) {
+          console.log(`[terminal] No browsers connected, killing orphaned terminal ${id}`);
+          this.kill(id);
+        }
+      }, 5_000);
+    }
+  }
+}

package/server/update-checker.ts

@@ -0,0 +1,192 @@
+import { readFileSync } from "node:fs";
+import { resolve, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+import { getSettings, type UpdateChannel } from "./settings-manager.js";
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+// Read current version from package.json
+const packageJsonPath = resolve(__dirname, "..", "package.json");
+const currentVersion: string = JSON.parse(
+  readFileSync(packageJsonPath, "utf-8"),
+).version;
+
+const NPM_REGISTRY_BASE = "https://registry.npmjs.org/heyhank";
+const CHECK_INTERVAL_MS = 60 * 60 * 1000; // 1 hour
+const INITIAL_DELAY_MS = 10_000; // 10 seconds after boot
+
+interface UpdateState {
+  currentVersion: string;
+  latestVersion: string | null;
+  lastChecked: number;
+  isServiceMode: boolean;
+  checking: boolean;
+  updateInProgress: boolean;
+  channel: UpdateChannel;
+}
+
+const state: UpdateState = {
+  currentVersion,
+  latestVersion: null,
+  lastChecked: 0,
+  isServiceMode: false,
+  checking: false,
+  updateInProgress: false,
+  channel: "stable",
+};
+
+export function getUpdateState(): Readonly<UpdateState> {
+  return { ...state };
+}
+
+export function getCurrentVersion(): string {
+  return currentVersion;
+}
+
+/** Returns the npm registry URL for the given dist-tag. */
+function getRegistryUrl(channel: UpdateChannel): string {
+  const distTag = channel === "prerelease" ? "next" : "latest";
+  return `${NPM_REGISTRY_BASE}/${distTag}`;
+}
+
+export async function checkForUpdate(): Promise<void> {
+  if (state.checking) return;
+  state.checking = true;
+  try {
+    // Read channel from settings on each check so switching is immediate
+    const channel = getSettings().updateChannel;
+    if (channel !== state.channel) {
+      state.latestVersion = null; // avoid cross-channel stale comparison
+    }
+    state.channel = channel;
+    const url = getRegistryUrl(channel);
+
+    const res = await fetch(url, {
+      headers: { Accept: "application/json" },
+      signal: AbortSignal.timeout(10_000),
+    });
+    if (res.ok) {
+      const data = (await res.json()) as { version: string };
+      state.latestVersion = data.version;
+      state.lastChecked = Date.now();
+      if (isUpdateAvailable()) {
+        console.log(
+          `[update-checker] Update available (${channel}): ${currentVersion} -> ${state.latestVersion}`,
+        );
+      }
+    }
+  } catch (err) {
+    console.warn(
+      "[update-checker] Failed to check for updates:",
+      err instanceof Error ? err.message : String(err),
+    );
+  } finally {
+    state.checking = false;
+  }
+}
+
+export function setServiceMode(isService: boolean): void {
+  state.isServiceMode = isService;
+}
+
+export function setUpdateInProgress(inProgress: boolean): void {
+  state.updateInProgress = inProgress;
+}
+
+export function isUpdateAvailable(): boolean {
+  if (!state.latestVersion || !state.currentVersion) return false;
+  return isNewerVersion(state.latestVersion, state.currentVersion);
+}
+
+/**
+ * Parse a semver string into its components.
+ * Handles versions like "1.2.3", "1.2.3-preview.20260228120000.abc1234"
+ */
+function parseSemver(v: string): { major: number; minor: number; patch: number; prerelease: string[] } {
+  const [corePart, ...prereleaseParts] = v.split("-");
+  const prerelease = prereleaseParts.length > 0 ? prereleaseParts.join("-").split(".") : [];
+  const parts = corePart.split(".").map(Number);
+  return {
+    major: parts[0] || 0,
+    minor: parts[1] || 0,
+    patch: parts[2] || 0,
+    prerelease,
+  };
+}
+
+/**
+ * Compare two semver prerelease identifier arrays.
+ * Returns -1 if a < b, 0 if a == b, 1 if a > b.
+ * A version with no prerelease identifiers has higher precedence than one with.
+ */
+function comparePrereleaseArrays(a: string[], b: string[]): number {
+  // No prerelease on both = equal
+  if (a.length === 0 && b.length === 0) return 0;
+  // No prerelease > has prerelease (stable is newer than prerelease of same core version)
+  if (a.length === 0) return 1;
+  if (b.length === 0) return -1;
+
+  const maxLen = Math.max(a.length, b.length);
+  for (let i = 0; i < maxLen; i++) {
+    // Fewer fields = lower precedence
+    if (i >= a.length) return -1;
+    if (i >= b.length) return 1;
+
+    const aNum = Number(a[i]);
+    const bNum = Number(b[i]);
+    const aIsNum = !isNaN(aNum);
+    const bIsNum = !isNaN(bNum);
+
+    if (aIsNum && bIsNum) {
+      if (aNum > bNum) return 1;
+      if (aNum < bNum) return -1;
+    } else if (aIsNum) {
+      // Numeric identifiers have lower precedence than alphanumeric
+      return -1;
+    } else if (bIsNum) {
+      return 1;
+    } else {
+      // Both alphanumeric: compare lexically
+      if (a[i] > b[i]) return 1;
+      if (a[i] < b[i]) return -1;
+    }
+  }
+  return 0;
+}
+
+/**
+ * Prerelease-aware semver comparison: returns true if a > b.
+ * Handles both stable versions (1.2.3) and prerelease versions
+ * (1.2.3-preview.20260228120000.abc1234).
+ */
+export function isNewerVersion(a: string, b: string): boolean {
+  const pa = parseSemver(a);
+  const pb = parseSemver(b);
+
+  // Compare major.minor.patch
+  if (pa.major !== pb.major) return pa.major > pb.major;
+  if (pa.minor !== pb.minor) return pa.minor > pb.minor;
+  if (pa.patch !== pb.patch) return pa.patch > pb.patch;
+
+  // Core versions are equal — compare prerelease
+  return comparePrereleaseArrays(pa.prerelease, pb.prerelease) > 0;
+}
+
+let intervalId: ReturnType<typeof setInterval> | null = null;
+
+export function startPeriodicCheck(): void {
+  if (intervalId) return;
+  setTimeout(() => {
+    checkForUpdate();
+  }, INITIAL_DELAY_MS);
+  intervalId = setInterval(() => {
+    checkForUpdate();
+  }, CHECK_INTERVAL_MS);
+}
+
+export function stopPeriodicCheck(): void {
+  if (intervalId) {
+    clearInterval(intervalId);
+    intervalId = null;
+  }
+}

package/server/usage-limits.ts

@@ -0,0 +1,225 @@
+import { execSync, execFileSync } from "node:child_process";
+import { existsSync, readFileSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+
+export interface UsageLimits {
+  five_hour: { utilization: number; resets_at: string | null } | null;
+  seven_day: { utilization: number; resets_at: string | null } | null;
+  extra_usage: {
+    is_enabled: boolean;
+    monthly_limit: number;
+    used_credits: number;
+    utilization: number | null;
+  } | null;
+}
+
+const OAUTH_TOKEN_URL = "https://platform.claude.com/v1/oauth/token";
+const OAUTH_CLIENT_ID = "9d1c250a-e61b-44d9-88ed-5944d1962f5e";
+
+// In-memory cache (60s TTL)
+const CACHE_DURATION_MS = 60 * 1000;
+let cache: { data: UsageLimits; timestamp: number } | null = null;
+
+interface OAuthCredentials {
+  accessToken: string;
+  refreshToken: string;
+  expiresAt: number;
+  [key: string]: unknown;
+}
+
+interface RawCredentials {
+  raw: string;
+  parsed: Record<string, unknown>;
+  oauth: OAuthCredentials;
+  sourcePath?: string;
+}
+
+// Credential file candidates - matches claude-container-auth.ts
+const CREDENTIAL_FILE_NAMES = [
+  ".credentials.json",
+  "auth.json",
+  ".auth.json",
+  "credentials.json",
+];
+
+function readCredentialsFromFile(): RawCredentials | null {
+  const home =
+    process.env.USERPROFILE || process.env.HOME || homedir() || "";
+  const claudeDir = join(home, ".claude");
+
+  for (const fileName of CREDENTIAL_FILE_NAMES) {
+    const credPath = join(claudeDir, fileName);
+    if (!existsSync(credPath)) continue;
+    try {
+      const raw = readFileSync(credPath, "utf-8");
+      const parsed = JSON.parse(raw);
+      if (!parsed?.claudeAiOauth?.accessToken) continue;
+      return { raw, parsed, oauth: parsed.claudeAiOauth, sourcePath: credPath };
+    } catch {
+      continue;
+    }
+  }
+  return null;
+}
+
+function readRawCredentials(): RawCredentials | null {
+  try {
+    // macOS: use Keychain via security command
+    if (process.platform === "darwin") {
+      const raw = execSync(
+        'security find-generic-password -s "Claude Code-credentials" -w',
+        { encoding: "utf-8", timeout: 5000, stdio: ["pipe", "pipe", "pipe"] },
+      ).trim();
+
+      const decoded = raw.startsWith("{")
+        ? raw
+        : Buffer.from(raw, "hex").toString("utf-8");
+
+      const parsed = JSON.parse(decoded);
+      if (!parsed?.claudeAiOauth?.accessToken) return null;
+      return { raw: decoded, parsed, oauth: parsed.claudeAiOauth };
+    }
+
+    // Windows, Linux, Docker, and other platforms: read from credential files
+    return readCredentialsFromFile();
+  } catch {
+    return null;
+  }
+}
+
+function writeCredentials(creds: Record<string, unknown>, sourcePath?: string): void {
+  try {
+    const json = JSON.stringify(creds);
+    if (process.platform === "darwin") {
+      execFileSync(
+        "security",
+        ["add-generic-password", "-U", "-s", "Claude Code-credentials", "-a", "Claude Code", "-w", json],
+        { timeout: 5000, stdio: ["pipe", "pipe", "pipe"] },
+      );
+    } else {
+      // Write back to the same file that was read, or default to .credentials.json
+      const credPath = sourcePath ?? join(
+        process.env.USERPROFILE || process.env.HOME || homedir() || "",
+        ".claude",
+        ".credentials.json",
+      );
+      writeFileSync(credPath, json, "utf-8");
+    }
+  } catch {
+    // best-effort
+  }
+}
+
+async function refreshAccessToken(refreshToken: string): Promise<{
+  accessToken: string;
+  refreshToken: string;
+  expiresIn: number;
+} | null> {
+  try {
+    const res = await fetch(OAUTH_TOKEN_URL, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "refresh_token",
+        refresh_token: refreshToken,
+        client_id: OAUTH_CLIENT_ID,
+      }),
+    });
+    if (!res.ok) return null;
+    const data = await res.json();
+    return {
+      accessToken: data.access_token,
+      refreshToken: data.refresh_token,
+      expiresIn: data.expires_in,
+    };
+  } catch {
+    return null;
+  }
+}
+
+export function getCredentials(): string | null {
+  const creds = readRawCredentials();
+  return creds?.oauth.accessToken ?? null;
+}
+
+async function getValidAccessToken(): Promise<string | null> {
+  const creds = readRawCredentials();
+  if (!creds) return null;
+
+  const { oauth } = creds;
+
+  // Token still valid (with 5min buffer)
+  if (oauth.expiresAt && Date.now() < oauth.expiresAt - 5 * 60 * 1000) {
+    return oauth.accessToken;
+  }
+
+  // Token expired - try to refresh
+  if (!oauth.refreshToken) return null;
+
+  const refreshed = await refreshAccessToken(oauth.refreshToken);
+  if (!refreshed) return null;
+
+  // Update stored credentials
+  creds.parsed.claudeAiOauth = {
+    ...oauth,
+    accessToken: refreshed.accessToken,
+    refreshToken: refreshed.refreshToken,
+    expiresAt: Date.now() + refreshed.expiresIn * 1000,
+  };
+  writeCredentials(creds.parsed, creds.sourcePath);
+
+  return refreshed.accessToken;
+}
+
+export async function fetchUsageLimits(
+  token: string,
+): Promise<UsageLimits | null> {
+  try {
+    const response = await fetch("https://api.anthropic.com/api/oauth/usage", {
+      method: "GET",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/json",
+        "User-Agent": "claude-code/2.1.39",
+        Authorization: `Bearer ${token}`,
+        "anthropic-beta": "oauth-2025-04-20",
+      },
+    });
+
+    if (!response.ok) return null;
+
+    const data = await response.json();
+    return {
+      five_hour: data.five_hour || null,
+      seven_day: data.seven_day || null,
+      extra_usage: data.extra_usage || null,
+    };
+  } catch {
+    return null;
+  }
+}
+
+export async function getUsageLimits(): Promise<UsageLimits> {
+  const empty: UsageLimits = {
+    five_hour: null,
+    seven_day: null,
+    extra_usage: null,
+  };
+  try {
+    if (cache && Date.now() - cache.timestamp < CACHE_DURATION_MS) {
+      return cache.data;
+    }
+
+    const token = await getValidAccessToken();
+    if (!token) return empty;
+
+    const limits = await fetchUsageLimits(token);
+    if (!limits) return empty;
+
+    cache = { data: limits, timestamp: Date.now() };
+    return limits;
+  } catch {
+    return empty;
+  }
+}

package/server/web-push.d.ts

@@ -0,0 +1,51 @@
+declare module "web-push" {
+  interface VapidKeys {
+    publicKey: string;
+    privateKey: string;
+  }
+
+  interface PushSubscription {
+    endpoint: string;
+    keys: {
+      p256dh: string;
+      auth: string;
+    };
+  }
+
+  interface SendOptions {
+    TTL?: number;
+    headers?: Record<string, string>;
+    vapidDetails?: {
+      subject: string;
+      publicKey: string;
+      privateKey: string;
+    };
+  }
+
+  interface SendResult {
+    statusCode: number;
+    body: string;
+    headers: Record<string, string>;
+  }
+
+  function generateVAPIDKeys(): VapidKeys;
+  function setVapidDetails(
+    subject: string,
+    publicKey: string,
+    privateKey: string,
+  ): void;
+  function sendNotification(
+    subscription: PushSubscription,
+    payload: string | Buffer | null,
+    options?: SendOptions,
+  ): Promise<SendResult>;
+
+  const webpush: {
+    generateVAPIDKeys: typeof generateVAPIDKeys;
+    setVapidDetails: typeof setVapidDetails;
+    sendNotification: typeof sendNotification;
+  };
+
+  export default webpush;
+  export { generateVAPIDKeys, setVapidDetails, sendNotification };
+}