npm - limbo-ai - Versions diffs - 1.17.0 → 1.18.0 - Mend

limbo-ai 1.17.0 → 1.18.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli.js +162 -7
package/package.json +1 -1

package/cli.js CHANGED Viewed

@@ -152,7 +152,7 @@ function composeContent() {
       - /tmp:size=100M,noexec,nosuid,nodev
       - /home/limbo/.npm:size=50M,noexec,nosuid,nodev
     ports:
-      - "127.0.0.1:${PORT}:${PORT}"
+      - "${isServerEnvironment() ? '0.0.0.0' : '127.0.0.1'}:${PORT}:${PORT}"
     volumes:
       - limbo-data:/data
       - ${VAULT_DIR}:/data/vault
@@ -212,7 +212,7 @@ function composeContentHardened() {
       - /tmp:size=100M,noexec,nosuid,nodev
       - /home/limbo/.npm:size=50M,noexec,nosuid,nodev
     ports:
-      - "127.0.0.1:${PORT}:${PORT}"
+      - "${isServerEnvironment() ? '0.0.0.0' : '127.0.0.1'}:${PORT}:${PORT}"
     volumes:
       - limbo-data:/data
       - ${VAULT_DIR}:/data/vault
@@ -1001,6 +1001,140 @@ function ensureVolumePermissions() {
   ], { stdio: 'pipe' });
 }
+// ─── Server detection & Cloudflare tunnel for remote wizard access ──────────
+function isServerEnvironment() {
+  return !!(process.env.SSH_CONNECTION || process.env.SSH_CLIENT ||
+    (os.platform() === 'linux' && !process.env.DISPLAY));
+}
+function hasCloudflared() {
+  try { execSync('which cloudflared', { stdio: 'pipe' }); return true; } catch { return false; }
+}
+function installCloudflared() {
+  log('Installing cloudflared...');
+  const platform = os.platform();
+  try {
+    if (platform === 'linux') {
+      execSync('curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o /tmp/cloudflared && chmod +x /tmp/cloudflared && sudo mv /tmp/cloudflared /usr/local/bin/cloudflared', { stdio: 'pipe' });
+    } else if (platform === 'darwin') {
+      execSync('brew install cloudflared', { stdio: 'pipe' });
+    }
+    return true;
+  } catch {
+    warn('Could not install cloudflared automatically.');
+    return false;
+  }
+}
+function createSetupTunnel(port, tunnelDomain) {
+  if (!hasCloudflared() && !installCloudflared()) return null;
+  if (!hasCloudflared()) return null;
+  const tunnelId = crypto.randomBytes(4).toString('hex');
+  // Admin mode: branded subdomain (requires cloudflared login for the zone)
+  if (tunnelDomain) {
+    const tunnelName = `limbo-setup-${tunnelId}`;
+    const subdomain = `setup-${tunnelId}.${tunnelDomain}`;
+    try {
+      execSync(`cloudflared tunnel create ${tunnelName}`, { stdio: 'pipe', encoding: 'utf8' });
+      execSync(`cloudflared tunnel route dns ${tunnelName} ${subdomain}`, { stdio: 'pipe', encoding: 'utf8' });
+      const cfHome = path.join(os.homedir(), '.cloudflared');
+      const tunnelInfoRaw = execSync(`cloudflared tunnel info ${tunnelName} 2>&1`, { encoding: 'utf8', stdio: 'pipe' });
+      const tunnelUuid = tunnelInfoRaw.match(/([0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12})/)?.[1];
+      if (!tunnelUuid) throw new Error('Could not find tunnel UUID');
+      const credFile = path.join(cfHome, `${tunnelUuid}.json`);
+      const configPath = path.join(LIMBO_DIR, 'cloudflared-setup.yml');
+      fs.writeFileSync(configPath, [
+        `tunnel: ${tunnelUuid}`,
+        `credentials-file: ${credFile}`,
+        'ingress:',
+        `  - hostname: ${subdomain}`,
+        `    service: http://localhost:${port}`,
+        '  - service: http_status:404',
+      ].join('\n'));
+      const tunnelProc = spawn('cloudflared', ['tunnel', '--config', configPath, 'run'], {
+        detached: true, stdio: 'ignore',
+      });
+      tunnelProc.unref();
+      sleep(5000);
+      return { type: 'branded', url: `https://${subdomain}`, tunnelName, tunnelUuid, configPath, pid: tunnelProc.pid };
+    } catch (err) {
+      warn(`Could not create branded tunnel: ${err.message}`);
+      warn('Make sure you ran `cloudflared login` for this domain first.');
+      // Fall through to quick tunnel
+    }
+  }
+  // Default: quick tunnel (zero config, works for everyone)
+  try {
+    const logFile = path.join(LIMBO_DIR, 'cloudflared-setup.log');
+    const tunnelProc = spawn('cloudflared', ['tunnel', '--no-autoupdate', '--url', `http://localhost:${port}`], {
+      detached: true,
+      stdio: ['ignore', fs.openSync(logFile, 'w'), fs.openSync(logFile, 'a')],
+    });
+    tunnelProc.unref();
+    for (let i = 0; i < 15; i++) {
+      sleep(1000);
+      try {
+        const logs = fs.readFileSync(logFile, 'utf8');
+        const match = logs.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/);
+        if (match) return { type: 'quick', url: match[0], pid: tunnelProc.pid, logFile };
+      } catch {}
+    }
+    warn('Could not start cloudflare tunnel.');
+    return null;
+  } catch {
+    return null;
+  }
+}
+function teardownSetupTunnel(tunnel) {
+  if (!tunnel) return;
+  try { process.kill(tunnel.pid); } catch {}
+  if (tunnel.type === 'branded') {
+    try { execSync(`cloudflared tunnel delete -f ${tunnel.tunnelName}`, { stdio: 'pipe' }); } catch {}
+    try { fs.unlinkSync(tunnel.configPath); } catch {}
+  }
+  if (tunnel.logFile) try { fs.unlinkSync(tunnel.logFile); } catch {}
+}
+function installGlobalAlias() {
+  // Create a `limbo` shell wrapper so users don't have to type `npx limbo-ai` every time.
+  // Tries /usr/local/bin first (macOS, Linux with sudo), falls back to ~/.local/bin (no sudo).
+  const wrapper = '#!/bin/sh\nexec npx limbo-ai "$@"\n';
+  const candidates = [
+    path.join(os.homedir(), '.local', 'bin', 'limbo'),
+    '/usr/local/bin/limbo',
+  ];
+  for (const target of candidates) {
+    try {
+      // Skip if already installed and current
+      if (fs.existsSync(target)) {
+        const existing = fs.readFileSync(target, 'utf8');
+        if (existing.includes('limbo-ai')) return;
+      }
+      const dir = path.dirname(target);
+      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+      fs.writeFileSync(target, wrapper, { mode: 0o755 });
+      log(`Installed ${c.bold}limbo${c.reset} command → ${target}`);
+      return;
+    } catch {
+      // Permission denied — try next candidate
+    }
+  }
+  // Silent failure — not critical, user can still use npx limbo-ai
+}
 function isOomError(stderr) {
   return typeof stderr === 'string' && (
     stderr.includes('heap out of memory') ||
@@ -1393,8 +1527,18 @@ function extractWizardUrl(maxAttempts = 15) {
   return null;
 }
-function printWizardUrl(url) {
-  const displayUrl = url.replace('0.0.0.0', '127.0.0.1');
+function printWizardUrl(url, tunnel) {
+  // Extract token from the original URL
+  const tokenMatch = url.match(/[?&]token=([^&\s]+)/);
+  const token = tokenMatch ? tokenMatch[1] : '';
+  let displayUrl;
+  if (tunnel) {
+    displayUrl = `${tunnel.url}/?token=${token}`;
+  } else {
+    displayUrl = url.replace('0.0.0.0', '127.0.0.1');
+  }
   console.log(`
 ${c.green}${c.bold}╔════════════════════════════════════════════════════════╗${c.reset}
 ${c.green}${c.bold}║            Setup wizard is ready!                      ║${c.reset}
@@ -1403,14 +1547,15 @@ ${c.green}${c.bold}╚═══════════════════
   Open this URL to complete setup:
   ${c.cyan}${c.bold}${displayUrl}${c.reset}
+${tunnel ? `
+  ${c.green}🔒 Secured via Cloudflare (${tunnel.type === 'branded' ? tunnel.url.replace('https://', '') : 'HTTPS tunnel'})${c.reset}` : ''}
   The wizard will guide you through provider, API key, and model selection.
   Once complete, Limbo will restart and be ready to use.
   ${c.dim}Logs: limbo logs | Stop: limbo stop${c.reset}
 `);
   // Auto-open on macOS
-  if (os.platform() === 'darwin') {
+  if (os.platform() === 'darwin' && !tunnel) {
     try { execSync(`open "${displayUrl}"`, { stdio: 'pipe' }); } catch {}
   }
 }
@@ -1472,6 +1617,7 @@ async function cmdStart() {
   const flagApiKey = parseFlag('--api-key');
   const flagModel = parseFlag('--model');
   const flagLang = parseFlag('--language') || 'en';
+  const flagTunnelDomain = parseFlag('--tunnel-domain');
   if (flagProvider) {
     const validProviders = ['openai', 'anthropic', 'openrouter'];
@@ -1570,7 +1716,13 @@ async function cmdStart() {
   const wizardUrl = extractWizardUrl();
   if (wizardUrl) {
-    printWizardUrl(wizardUrl);
+    // On servers, create a secure tunnel for remote access
+    let tunnel = null;
+    if (isServerEnvironment()) {
+      log('Server environment detected — creating secure tunnel...');
+      tunnel = createSetupTunnel(PORT, flagTunnelDomain);
+    }
+    printWizardUrl(wizardUrl, tunnel);
   } else {
     // Fallback: container may have started without setup mode (e.g. config already inside volume)
     console.log(`
@@ -1623,6 +1775,8 @@ async function startContainerWithConfig(cfg, existingEnv, alreadyHasEnv) {
   console.log(`\n  ${c.yellow}⚠  ${t(cfg.language, 'securityNotice')}${c.reset}\n`);
+  installGlobalAlias();
   printSuccess({
     language: cfg.language,
     telegramEnabled: mergedEnv.TELEGRAM_ENABLED || cfg.telegramEnabled || 'false',
@@ -1708,6 +1862,7 @@ ${c.bold}Flags:${c.reset}
   --api-key <key>      API key for headless install
   --model <name>       Model name (optional, uses provider default)
   --language <code>    Language: en, es (default: en)
+  --tunnel-domain <d>  Admin: use branded subdomain for setup tunnel (e.g. limbo.tomasward.com)
 ${c.bold}Data directory:${c.reset} ${LIMBO_DIR}
 `);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "limbo-ai",
-  "version": "1.17.0",
+  "version": "1.18.0",
   "description": "Your personal AI memory agent — install and manage Limbo via npx",
   "type": "commonjs",
   "bin": {