itwillsync 1.9.0 → 1.9.2

package/dist/hub/daemon.js

@@ -32,9 +32,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
   mod
 ));
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/constants.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/constants.js
 var require_constants = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/constants.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/constants.js"(exports, module) {
     "use strict";
     var BINARY_TYPES = ["nodebuffer", "arraybuffer", "fragments"];
     var hasBlob = typeof Blob !== "undefined";
@@ -55,9 +55,9 @@ var require_constants = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/buffer-util.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/buffer-util.js
 var require_buffer_util = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/buffer-util.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/buffer-util.js"(exports, module) {
     "use strict";
     var { EMPTY_BUFFER } = require_constants();
     var FastBuffer = Buffer[Symbol.species];
@@ -130,9 +130,9 @@ var require_buffer_util = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/limiter.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/limiter.js
 var require_limiter = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/limiter.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/limiter.js"(exports, module) {
     "use strict";
     var kDone = /* @__PURE__ */ Symbol("kDone");
     var kRun = /* @__PURE__ */ Symbol("kRun");
@@ -180,9 +180,9 @@ var require_limiter = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/permessage-deflate.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/permessage-deflate.js
 var require_permessage_deflate = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/permessage-deflate.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/permessage-deflate.js"(exports, module) {
     "use strict";
     var zlib = __require("zlib");
     var bufferUtil = require_buffer_util();
@@ -196,7 +196,7 @@ var require_permessage_deflate = __commonJS({
     var kBuffers = /* @__PURE__ */ Symbol("buffers");
     var kError = /* @__PURE__ */ Symbol("error");
     var zlibLimiter;
-    var PerMessageDeflate = class {
+    var PerMessageDeflate2 = class {
       /**
        * Creates a PerMessageDeflate instance.
        *
@@ -207,6 +207,9 @@ var require_permessage_deflate = __commonJS({
        *     acknowledge disabling of client context takeover
        * @param {Number} [options.concurrencyLimit=10] The number of concurrent
        *     calls to zlib
+       * @param {Boolean} [options.isServer=false] Create the instance in either
+       *     server or client mode
+       * @param {Number} [options.maxPayload=0] The maximum allowed message length
        * @param {(Boolean|Number)} [options.serverMaxWindowBits] Request/confirm the
        *     use of a custom server window size
        * @param {Boolean} [options.serverNoContextTakeover=false] Request/accept
@@ -217,15 +220,12 @@ var require_permessage_deflate = __commonJS({
        *     deflate
        * @param {Object} [options.zlibInflateOptions] Options to pass to zlib on
        *     inflate
-       * @param {Boolean} [isServer=false] Create the instance in either server or
-       *     client mode
-       * @param {Number} [maxPayload=0] The maximum allowed message length
        */
-      constructor(options, isServer, maxPayload) {
-        this._maxPayload = maxPayload | 0;
+      constructor(options) {
         this._options = options || {};
         this._threshold = this._options.threshold !== void 0 ? this._options.threshold : 1024;
-        this._isServer = !!isServer;
+        this._maxPayload = this._options.maxPayload | 0;
+        this._isServer = !!this._options.isServer;
         this._deflate = null;
         this._inflate = null;
         this.params = null;
@@ -534,7 +534,7 @@ var require_permessage_deflate = __commonJS({
         });
       }
     };
-    module.exports = PerMessageDeflate;
+    module.exports = PerMessageDeflate2;
     function deflateOnData(chunk) {
       this[kBuffers].push(chunk);
       this[kTotalLength] += chunk.length;
@@ -563,9 +563,9 @@ var require_permessage_deflate = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/validation.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/validation.js
 var require_validation = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/validation.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/validation.js"(exports, module) {
     "use strict";
     var { isUtf8 } = __require("buffer");
     var { hasBlob } = require_constants();
@@ -764,12 +764,12 @@ var require_validation = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/receiver.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/receiver.js
 var require_receiver = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/receiver.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/receiver.js"(exports, module) {
     "use strict";
     var { Writable } = __require("stream");
-    var PerMessageDeflate = require_permessage_deflate();
+    var PerMessageDeflate2 = require_permessage_deflate();
     var {
       BINARY_TYPES,
       EMPTY_BUFFER,
@@ -936,7 +936,7 @@ var require_receiver = __commonJS({
           return;
         }
         const compressed = (buf[0] & 64) === 64;
-        if (compressed && !this._extensions[PerMessageDeflate.extensionName]) {
+        if (compressed && !this._extensions[PerMessageDeflate2.extensionName]) {
           const error = this.createError(
             RangeError,
             "RSV1 must be clear",
@@ -1180,7 +1180,7 @@ var require_receiver = __commonJS({
        * @private
        */
       decompress(data, cb) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         perMessageDeflate.decompress(data, this._fin, (err, buf) => {
           if (err) return cb(err);
           if (buf.length) {
@@ -1356,13 +1356,13 @@ var require_receiver = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/sender.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/sender.js
 var require_sender = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/sender.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/sender.js"(exports, module) {
     "use strict";
     var { Duplex } = __require("stream");
     var { randomFillSync } = __require("crypto");
-    var PerMessageDeflate = require_permessage_deflate();
+    var PerMessageDeflate2 = require_permessage_deflate();
     var { EMPTY_BUFFER, kWebSocket, NOOP } = require_constants();
     var { isBlob, isValidStatusCode } = require_validation();
     var { mask: applyMask, toBuffer } = require_buffer_util();
@@ -1646,7 +1646,7 @@ var require_sender = __commonJS({
        * @public
        */
       send(data, options, cb) {
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         let opcode = options.binary ? 2 : 1;
         let rsv1 = options.compress;
         let byteLength;
@@ -1770,7 +1770,7 @@ var require_sender = __commonJS({
           this.sendFrame(_Sender.frame(data, options), cb);
           return;
         }
-        const perMessageDeflate = this._extensions[PerMessageDeflate.extensionName];
+        const perMessageDeflate = this._extensions[PerMessageDeflate2.extensionName];
         this._bufferedBytes += options[kByteLength];
         this._state = DEFLATING;
         perMessageDeflate.compress(data, options.fin, (_, buf) => {
@@ -1844,9 +1844,9 @@ var require_sender = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/event-target.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/event-target.js
 var require_event_target = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/event-target.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/event-target.js"(exports, module) {
     "use strict";
     var { kForOnEventAttribute, kListener } = require_constants();
     var kCode = /* @__PURE__ */ Symbol("kCode");
@@ -2073,9 +2073,9 @@ var require_event_target = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/extension.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/extension.js
 var require_extension = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/extension.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/extension.js"(exports, module) {
     "use strict";
     var { tokenChars } = require_validation();
     function push(dest, name, elem) {
@@ -2208,11 +2208,11 @@ var require_extension = __commonJS({
       return offers;
     }
     function format(extensions) {
-      return Object.keys(extensions).map((extension) => {
-        let configurations = extensions[extension];
+      return Object.keys(extensions).map((extension2) => {
+        let configurations = extensions[extension2];
         if (!Array.isArray(configurations)) configurations = [configurations];
         return configurations.map((params) => {
-          return [extension].concat(
+          return [extension2].concat(
             Object.keys(params).map((k) => {
               let values = params[k];
               if (!Array.isArray(values)) values = [values];
@@ -2226,9 +2226,9 @@ var require_extension = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/websocket.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/websocket.js
 var require_websocket = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/websocket.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/websocket.js"(exports, module) {
     "use strict";
     var EventEmitter3 = __require("events");
     var https = __require("https");
@@ -2238,7 +2238,7 @@ var require_websocket = __commonJS({
     var { randomBytes: randomBytes3, createHash: createHash2 } = __require("crypto");
     var { Duplex, Readable } = __require("stream");
     var { URL: URL2 } = __require("url");
-    var PerMessageDeflate = require_permessage_deflate();
+    var PerMessageDeflate2 = require_permessage_deflate();
     var Receiver2 = require_receiver();
     var Sender2 = require_sender();
     var { isBlob } = require_validation();
@@ -2446,8 +2446,8 @@ var require_websocket = __commonJS({
           this.emit("close", this._closeCode, this._closeMessage);
           return;
         }
-        if (this._extensions[PerMessageDeflate.extensionName]) {
-          this._extensions[PerMessageDeflate.extensionName].cleanup();
+        if (this._extensions[PerMessageDeflate2.extensionName]) {
+          this._extensions[PerMessageDeflate2.extensionName].cleanup();
         }
         this._receiver.removeAllListeners();
         this._readyState = _WebSocket.CLOSED;
@@ -2609,7 +2609,7 @@ var require_websocket = __commonJS({
           fin: true,
           ...options
         };
-        if (!this._extensions[PerMessageDeflate.extensionName]) {
+        if (!this._extensions[PerMessageDeflate2.extensionName]) {
           opts.compress = false;
         }
         this._sender.send(data || EMPTY_BUFFER, opts, cb);
@@ -2735,7 +2735,7 @@ var require_websocket = __commonJS({
       } else {
         try {
           parsedUrl = new URL2(address);
-        } catch (e) {
+        } catch {
           throw new SyntaxError(`Invalid URL: ${address}`);
         }
       }
@@ -2783,13 +2783,13 @@ var require_websocket = __commonJS({
       opts.path = parsedUrl.pathname + parsedUrl.search;
       opts.timeout = opts.handshakeTimeout;
       if (opts.perMessageDeflate) {
-        perMessageDeflate = new PerMessageDeflate(
-          opts.perMessageDeflate !== true ? opts.perMessageDeflate : {},
-          false,
-          opts.maxPayload
-        );
+        perMessageDeflate = new PerMessageDeflate2({
+          ...opts.perMessageDeflate,
+          isServer: false,
+          maxPayload: opts.maxPayload
+        });
         opts.headers["Sec-WebSocket-Extensions"] = format({
-          [PerMessageDeflate.extensionName]: perMessageDeflate.offer()
+          [PerMessageDeflate2.extensionName]: perMessageDeflate.offer()
         });
       }
       if (protocols.length) {
@@ -2932,19 +2932,19 @@ var require_websocket = __commonJS({
             return;
           }
           const extensionNames = Object.keys(extensions);
-          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate.extensionName) {
+          if (extensionNames.length !== 1 || extensionNames[0] !== PerMessageDeflate2.extensionName) {
             const message = "Server indicated an extension that was not requested";
             abortHandshake(websocket, socket, message);
             return;
           }
           try {
-            perMessageDeflate.accept(extensions[PerMessageDeflate.extensionName]);
+            perMessageDeflate.accept(extensions[PerMessageDeflate2.extensionName]);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Extensions header";
             abortHandshake(websocket, socket, message);
             return;
           }
-          websocket._extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+          websocket._extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
         }
         websocket.setSocket(socket, head, {
           allowSynchronousEvents: opts.allowSynchronousEvents,
@@ -3112,9 +3112,9 @@ var require_websocket = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/stream.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/stream.js
 var require_stream = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/stream.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/stream.js"(exports, module) {
     "use strict";
     var WebSocket2 = require_websocket();
     var { Duplex } = __require("stream");
@@ -3210,9 +3210,9 @@ var require_stream = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/subprotocol.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/subprotocol.js
 var require_subprotocol = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/subprotocol.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/subprotocol.js"(exports, module) {
     "use strict";
     var { tokenChars } = require_validation();
     function parse(header) {
@@ -3255,17 +3255,17 @@ var require_subprotocol = __commonJS({
   }
 });
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/websocket-server.js
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/websocket-server.js
 var require_websocket_server = __commonJS({
-  "../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/lib/websocket-server.js"(exports, module) {
+  "../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/lib/websocket-server.js"(exports, module) {
     "use strict";
     var EventEmitter3 = __require("events");
     var http = __require("http");
     var { Duplex } = __require("stream");
     var { createHash: createHash2 } = __require("crypto");
-    var extension = require_extension();
-    var PerMessageDeflate = require_permessage_deflate();
-    var subprotocol = require_subprotocol();
+    var extension2 = require_extension();
+    var PerMessageDeflate2 = require_permessage_deflate();
+    var subprotocol2 = require_subprotocol();
     var WebSocket2 = require_websocket();
     var { CLOSE_TIMEOUT, GUID, kWebSocket } = require_constants();
     var keyRegex = /^[+/0-9A-Za-z]{22}==$/;
@@ -3488,7 +3488,7 @@ var require_websocket_server = __commonJS({
         let protocols = /* @__PURE__ */ new Set();
         if (secWebSocketProtocol !== void 0) {
           try {
-            protocols = subprotocol.parse(secWebSocketProtocol);
+            protocols = subprotocol2.parse(secWebSocketProtocol);
           } catch (err) {
             const message = "Invalid Sec-WebSocket-Protocol header";
             abortHandshakeOrEmitwsClientError(this, req, socket, 400, message);
@@ -3498,16 +3498,16 @@ var require_websocket_server = __commonJS({
         const secWebSocketExtensions = req.headers["sec-websocket-extensions"];
         const extensions = {};
         if (this.options.perMessageDeflate && secWebSocketExtensions !== void 0) {
-          const perMessageDeflate = new PerMessageDeflate(
-            this.options.perMessageDeflate,
-            true,
-            this.options.maxPayload
-          );
+          const perMessageDeflate = new PerMessageDeflate2({
+            ...this.options.perMessageDeflate,
+            isServer: true,
+            maxPayload: this.options.maxPayload
+          });
           try {
-            const offers = extension.parse(secWebSocketExtensions);
-            if (offers[PerMessageDeflate.extensionName]) {
-              perMessageDeflate.accept(offers[PerMessageDeflate.extensionName]);
-              extensions[PerMessageDeflate.extensionName] = perMessageDeflate;
+            const offers = extension2.parse(secWebSocketExtensions);
+            if (offers[PerMessageDeflate2.extensionName]) {
+              perMessageDeflate.accept(offers[PerMessageDeflate2.extensionName]);
+              extensions[PerMessageDeflate2.extensionName] = perMessageDeflate;
             }
           } catch (err) {
             const message = "Invalid or unacceptable Sec-WebSocket-Extensions header";
@@ -3578,10 +3578,10 @@ var require_websocket_server = __commonJS({
             ws._protocol = protocol;
           }
         }
-        if (extensions[PerMessageDeflate.extensionName]) {
-          const params = extensions[PerMessageDeflate.extensionName].params;
-          const value = extension.format({
-            [PerMessageDeflate.extensionName]: [params]
+        if (extensions[PerMessageDeflate2.extensionName]) {
+          const params = extensions[PerMessageDeflate2.extensionName].params;
+          const value = extension2.format({
+            [PerMessageDeflate2.extensionName]: [params]
           });
           headers.push(`Sec-WebSocket-Extensions: ${value}`);
           ws._extensions = extensions;
@@ -5874,11 +5874,11 @@ var require_nacl_fast = __commonJS({
 });
 
 // src/daemon.ts
-import { writeFileSync as writeFileSync4, mkdirSync as mkdirSync3, unlinkSync as unlinkSync2, existsSync as existsSync4, readdirSync, statSync } from "fs";
-import { homedir as homedir5 } from "os";
-import { join as join5, dirname as dirname3 } from "path";
+import { writeFileSync as writeFileSync5, mkdirSync as mkdirSync3, unlinkSync as unlinkSync3, existsSync as existsSync5, readdirSync, statSync } from "fs";
+import { homedir as homedir6 } from "os";
+import { join as join6, dirname as dirname3 } from "path";
 import { fileURLToPath } from "url";
-import { spawn as spawn2 } from "child_process";
+import { spawn as spawn3 } from "child_process";
 
 // src/auth.ts
 import { randomBytes, timingSafeEqual } from "crypto";
@@ -6276,6 +6276,10 @@ function createInternalApi(options) {
           res.end(JSON.stringify({ error: err.message }));
           return;
         }
+        if (options.windowsFirewall) {
+          options.windowsFirewall.addRule(`session-${session.id}`, data.port).catch(() => {
+          });
+        }
         res.writeHead(201);
         res.end(JSON.stringify({ session }));
         return;
@@ -6287,6 +6291,13 @@ function createInternalApi(options) {
           res.end(JSON.stringify({ error: "Session ID required" }));
           return;
         }
+        if (options.windowsFirewall) {
+          const session = registry.getById(id);
+          if (session) {
+            options.windowsFirewall.removeRule(`session-${session.id}`).catch(() => {
+            });
+          }
+        }
         const removed = registry.unregister(id);
         if (removed) {
           res.writeHead(200);
@@ -6352,8 +6363,8 @@ function createInternalApi(options) {
         }
         let memoryKB = 0;
         try {
-          const { execFileSync: execFileSync2 } = await import("child_process");
-          const output = execFileSync2("ps", ["-o", "rss=", "-p", String(session.pid)], {
+          const { execFileSync: execFileSync3 } = await import("child_process");
+          const output = execFileSync3("ps", ["-o", "rss=", "-p", String(session.pid)], {
             encoding: "utf-8",
             timeout: 2e3
           });
@@ -6406,10 +6417,13 @@ import { join as join3, extname } from "path";
 import { homedir as homedir3 } from "os";
 import { gzipSync } from "zlib";
 
-// ../../node_modules/.pnpm/ws@8.19.0/node_modules/ws/wrapper.mjs
+// ../../node_modules/.pnpm/ws@8.20.0/node_modules/ws/wrapper.mjs
 var import_stream = __toESM(require_stream(), 1);
+var import_extension = __toESM(require_extension(), 1);
+var import_permessage_deflate = __toESM(require_permessage_deflate(), 1);
 var import_receiver = __toESM(require_receiver(), 1);
 var import_sender = __toESM(require_sender(), 1);
+var import_subprotocol = __toESM(require_subprotocol(), 1);
 var import_websocket = __toESM(require_websocket(), 1);
 var import_websocket_server = __toESM(require_websocket_server(), 1);
 
@@ -6721,8 +6735,8 @@ function createDashboardServer(options) {
             }
             let memoryKB = 0;
             try {
-              const { execFileSync: execFileSync2 } = await import("child_process");
-              const output = execFileSync2("ps", ["-o", "rss=", "-p", String(session.pid)], {
+              const { execFileSync: execFileSync3 } = await import("child_process");
+              const output = execFileSync3("ps", ["-o", "rss=", "-p", String(session.pid)], {
                 encoding: "utf-8",
                 timeout: 2e3
               });
@@ -7322,24 +7336,191 @@ ${key}=${value}`);
   }
 };
 
+// src/windows-firewall.ts
+import { spawn as spawn2, execFileSync as execFileSync2 } from "child_process";
+import { writeFileSync as writeFileSync4, readFileSync as readFileSync4, unlinkSync as unlinkSync2, existsSync as existsSync4 } from "fs";
+import { join as join5 } from "path";
+import { homedir as homedir5 } from "os";
+var COMMAND_TIMEOUT_MS2 = 1e4;
+var SYNC_TIMEOUT_MS2 = 5e3;
+var RULE_PREFIX = "itwillsync";
+function getHubDir2() {
+  return process.env.ITWILLSYNC_CONFIG_DIR || join5(homedir5(), ".itwillsync");
+}
+var WindowsFirewall = class {
+  rules = /* @__PURE__ */ new Map();
+  flagFilePath;
+  isWindows;
+  constructor() {
+    this.isWindows = process.platform === "win32";
+    this.flagFilePath = join5(getHubDir2(), "firewall-rules.json");
+    if (this.isWindows) {
+      this.checkOrphanedRules();
+    }
+  }
+  async addRule(label, port) {
+    if (!this.isWindows) return { success: true };
+    const ruleName = `${RULE_PREFIX}-${label}`;
+    if (this.rules.has(ruleName)) return { success: true };
+    if (await this.ruleExists(ruleName)) {
+      this.rules.set(ruleName, port);
+      this.writeFlagFile();
+      return { success: true };
+    }
+    const result = await this.runNetsh([
+      "advfirewall",
+      "firewall",
+      "add",
+      "rule",
+      `name=${ruleName}`,
+      "dir=in",
+      "action=allow",
+      "protocol=TCP",
+      `localport=${port}`
+    ]);
+    if (result.exitCode === 0) {
+      this.rules.set(ruleName, port);
+      this.writeFlagFile();
+      return { success: true };
+    }
+    console.warn(
+      `  Warning: Could not add Windows Firewall rule for port ${port}.
+  Phone access may be blocked. Run as Administrator or add the rule manually:
+    netsh advfirewall firewall add rule name="${ruleName}" dir=in action=allow protocol=TCP localport=${port}`
+    );
+    return { success: false, error: result.stderr || "Failed to add firewall rule" };
+  }
+  async removeRule(label) {
+    if (!this.isWindows) return;
+    const ruleName = `${RULE_PREFIX}-${label}`;
+    await this.runNetsh([
+      "advfirewall",
+      "firewall",
+      "delete",
+      "rule",
+      `name=${ruleName}`
+    ]);
+    this.rules.delete(ruleName);
+    this.writeFlagFile();
+  }
+  cleanupSync() {
+    if (!this.isWindows || this.rules.size === 0) return;
+    for (const ruleName of this.rules.keys()) {
+      try {
+        execFileSync2("netsh", [
+          "advfirewall",
+          "firewall",
+          "delete",
+          "rule",
+          `name=${ruleName}`
+        ], { timeout: SYNC_TIMEOUT_MS2, stdio: "ignore" });
+      } catch {
+      }
+    }
+    this.rules.clear();
+    this.deleteFlagFile();
+  }
+  // --- Private helpers ---
+  async ruleExists(ruleName) {
+    const result = await this.runNetsh([
+      "advfirewall",
+      "firewall",
+      "show",
+      "rule",
+      `name=${ruleName}`
+    ]);
+    return result.exitCode === 0;
+  }
+  runNetsh(args) {
+    return new Promise((resolve) => {
+      const proc = spawn2("netsh", args, {
+        stdio: ["ignore", "ignore", "pipe"]
+      });
+      let stderr = "";
+      proc.stderr.on("data", (d) => {
+        stderr += d.toString();
+      });
+      const timer = setTimeout(() => {
+        proc.kill("SIGKILL");
+        resolve({ exitCode: 1, stderr: "Command timed out" });
+      }, COMMAND_TIMEOUT_MS2);
+      proc.on("close", (code) => {
+        clearTimeout(timer);
+        resolve({ exitCode: code ?? 1, stderr });
+      });
+      proc.on("error", (err) => {
+        clearTimeout(timer);
+        resolve({ exitCode: 1, stderr: err.message });
+      });
+    });
+  }
+  writeFlagFile() {
+    if (this.rules.size === 0) {
+      this.deleteFlagFile();
+      return;
+    }
+    const data = {
+      rules: Array.from(this.rules.entries()).map(([name, port]) => ({ name, port })),
+      createdAt: Date.now()
+    };
+    try {
+      writeFileSync4(this.flagFilePath, JSON.stringify(data, null, 2) + "\n", "utf-8");
+    } catch {
+    }
+  }
+  deleteFlagFile() {
+    try {
+      if (existsSync4(this.flagFilePath)) {
+        unlinkSync2(this.flagFilePath);
+      }
+    } catch {
+    }
+  }
+  checkOrphanedRules() {
+    try {
+      if (!existsSync4(this.flagFilePath)) return;
+      const raw = readFileSync4(this.flagFilePath, "utf-8");
+      const data = JSON.parse(raw);
+      if (data.rules && data.rules.length > 0) {
+        console.log("Cleaning up orphaned firewall rules...");
+        for (const rule of data.rules) {
+          try {
+            execFileSync2("netsh", [
+              "advfirewall",
+              "firewall",
+              "delete",
+              "rule",
+              `name=${rule.name}`
+            ], { timeout: SYNC_TIMEOUT_MS2, stdio: "ignore" });
+          } catch {
+          }
+        }
+      }
+      this.deleteFlagFile();
+    } catch {
+      this.deleteFlagFile();
+    }
+  }
+};
+
 // src/daemon.ts
 var HUB_EXTERNAL_PORT = 7962;
 var HUB_INTERNAL_PORT = 7963;
 var AUTO_SHUTDOWN_DELAY_MS = 3e4;
-function getHubDir2() {
-  return process.env.ITWILLSYNC_CONFIG_DIR || join5(homedir5(), ".itwillsync");
+function getHubDir3() {
+  return process.env.ITWILLSYNC_CONFIG_DIR || join6(homedir6(), ".itwillsync");
 }
 function getPidPath() {
-  return join5(getHubDir2(), "hub.pid");
+  return join6(getHubDir3(), "hub.pid");
 }
 function getHubConfigPath() {
-  return join5(getHubDir2(), "hub.json");
+  return join6(getHubDir3(), "hub.json");
 }
 function isValidToolName(tool) {
   return /^[a-zA-Z0-9._-]+$/.test(tool) && tool.length > 0 && tool.length <= 100;
 }
 function spawnSession(tool, cwd, cliEntryPath) {
-  const child = spawn2(process.execPath, [cliEntryPath, "--headless", "--", tool], {
+  const child = spawn3(process.execPath, [cliEntryPath, "--headless", "--", tool], {
     cwd,
     stdio: "ignore",
     detached: true,
@@ -7349,11 +7530,11 @@ function spawnSession(tool, cwd, cliEntryPath) {
   return child;
 }
 async function main() {
-  const hubDir = getHubDir2();
+  const hubDir = getHubDir3();
   mkdirSync3(hubDir, { recursive: true });
   const masterToken = generateToken();
   const startedAt = Date.now();
-  writeFileSync4(getPidPath(), String(process.pid), "utf-8");
+  writeFileSync5(getPidPath(), String(process.pid), "utf-8");
   const hubConfig = {
     masterToken,
     externalPort: HUB_EXTERNAL_PORT,
@@ -7361,22 +7542,24 @@ async function main() {
     pid: process.pid,
     startedAt
   };
-  writeFileSync4(getHubConfigPath(), JSON.stringify(hubConfig, null, 2) + "\n", "utf-8");
+  writeFileSync5(getHubConfigPath(), JSON.stringify(hubConfig, null, 2) + "\n", "utf-8");
   const sessionStore = new SessionStore();
   const registry = new SessionRegistry({ store: sessionStore });
   registry.startHealthChecks();
   const toolHistory = new ToolHistory();
   const sleepPrevention = new SleepPrevention();
-  const logsDir = join5(hubDir, "logs");
-  if (existsSync4(logsDir)) {
+  const windowsFirewall = new WindowsFirewall();
+  await windowsFirewall.addRule("hub", HUB_EXTERNAL_PORT);
+  const logsDir = join6(hubDir, "logs");
+  if (existsSync5(logsDir)) {
     const retentionMs = 30 * 864e5;
     const cutoff = Date.now() - retentionMs;
     try {
       for (const file of readdirSync(logsDir)) {
-        const filePath = join5(logsDir, file);
+        const filePath = join6(logsDir, file);
         try {
           const stat2 = statSync(filePath);
-          if (stat2.mtimeMs < cutoff) unlinkSync2(filePath);
+          if (stat2.mtimeMs < cutoff) unlinkSync3(filePath);
         } catch {
         }
       }
@@ -7384,11 +7567,12 @@ async function main() {
     }
   }
   const __dirname = dirname3(fileURLToPath(import.meta.url));
-  const dashboardPath = join5(__dirname, "dashboard");
-  const cliEntryPath = join5(__dirname, "..", "index.js");
+  const dashboardPath = join6(__dirname, "dashboard");
+  const cliEntryPath = join6(__dirname, "..", "index.js");
   const internalApi = createInternalApi({
     registry,
-    port: HUB_INTERNAL_PORT
+    port: HUB_INTERNAL_PORT,
+    windowsFirewall
   });
   const previewCollector = new PreviewCollector(registry);
   const dashboardServer = createDashboardServer({
@@ -7439,6 +7623,7 @@ async function main() {
   });
   scheduleShutdown();
   function cleanup() {
+    windowsFirewall.cleanupSync();
     sleepPrevention.cleanupSync();
     previewCollector.close();
     registry.stopHealthChecks();
@@ -7447,11 +7632,11 @@ async function main() {
     internalApi.close();
     dashboardServer.close();
     try {
-      unlinkSync2(getPidPath());
+      unlinkSync3(getPidPath());
     } catch {
     }
     try {
-      unlinkSync2(getHubConfigPath());
+      unlinkSync3(getHubConfigPath());
     } catch {
     }
   }