mrmd-server 0.1.0

package/README.md

@@ -0,0 +1,230 @@
+# mrmd-server
+
+Run mrmd in any browser. Access your notebooks from anywhere.
+
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    Your VPS / Cloud Server                   │
+│                                                             │
+│   ┌─────────────────────────────────────────────────────┐   │
+│   │                    mrmd-server                       │   │
+│   │  • HTTP API (full electronAPI equivalent)           │   │
+│   │  • Static file serving                              │   │
+│   │  • WebSocket for real-time events                   │   │
+│   │  • Token authentication                             │   │
+│   └─────────────────────────────────────────────────────┘   │
+│                                                             │
+└─────────────────────────────────────────────────────────────┘
+                          │
+                          │  https://your-server.com?token=xxx
+                          │
+              ┌───────────┴───────────┬─────────────────┐
+              │                       │                 │
+          ┌───▼───┐              ┌────▼────┐       ┌────▼────┐
+          │Laptop │              │  Phone  │       │ Collab  │
+          └───────┘              └─────────┘       └─────────┘
+```
+
+## Features
+
+- **Same UI as Electron** - Uses the exact same index.html from mrmd-electron
+- **Access from anywhere** - Phone, tablet, any browser
+- **Real-time collaboration** - Yjs sync works over WebSocket
+- **Token authentication** - Secure access with shareable links
+- **Portable compute** - Move your disk to a GPU server when needed
+
+## Quick Start
+
+```bash
+# Install
+cd mrmd-packages/mrmd-server
+npm install
+
+# Start server in your project directory
+npx mrmd-server ./my-notebooks
+
+# Output:
+#   mrmd-server
+#   ──────────────────────────────────────────────────────
+#   Server:     http://0.0.0.0:8080
+#   Project:    /home/you/my-notebooks
+#   Token:      abc123xyz...
+#
+#   Access URL:
+#   http://localhost:8080?token=abc123xyz...
+```
+
+## Usage
+
+### Basic Usage
+
+```bash
+# Start in current directory
+mrmd-server
+
+# Start in specific directory
+mrmd-server ./my-project
+
+# Custom port
+mrmd-server -p 3000 ./my-project
+
+# With specific token
+mrmd-server -t my-secret-token ./my-project
+
+# No auth (local development only!)
+mrmd-server --no-auth ./my-project
+```
+
+### Remote Access
+
+1. Start mrmd-server on your VPS:
+   ```bash
+   mrmd-server -p 8080 /home/you/notebooks
+   ```
+
+2. Set up HTTPS (recommended) with nginx or caddy:
+   ```nginx
+   server {
+       listen 443 ssl;
+       server_name notebooks.example.com;
+
+       location / {
+           proxy_pass http://localhost:8080;
+           proxy_http_version 1.1;
+           proxy_set_header Upgrade $http_upgrade;
+           proxy_set_header Connection "upgrade";
+       }
+   }
+   ```
+
+3. Access from anywhere:
+   ```
+   https://notebooks.example.com?token=YOUR_TOKEN
+   ```
+
+### Share with Collaborators
+
+Just share the URL with the token:
+```
+https://your-server.com?token=abc123xyz
+```
+
+Collaborators get:
+- Real-time collaborative editing (Yjs)
+- Code execution (via the server)
+- Same UI as local Electron app
+
+## Architecture
+
+mrmd-server provides an HTTP API that mirrors Electron's IPC interface:
+
+| Electron (IPC) | mrmd-server (HTTP) |
+|----------------|-------------------|
+| `electronAPI.project.get(path)` | `GET /api/project?path=...` |
+| `electronAPI.file.write(path, content)` | `POST /api/file/write` |
+| `electronAPI.session.forDocument(path)` | `POST /api/session/for-document` |
+| `ipcRenderer.on('project:changed', cb)` | WebSocket `/events` |
+
+The browser loads `http-shim.js` which creates a `window.electronAPI` object that makes HTTP calls instead of IPC calls. The existing UI code works unchanged.
+
+## API Reference
+
+### Authentication
+
+All API endpoints (except `/health` and `/auth/validate`) require authentication.
+
+Provide token via:
+- Query parameter: `?token=xxx`
+- Header: `Authorization: Bearer xxx`
+- Header: `X-Token: xxx`
+
+### Endpoints
+
+#### System
+- `GET /api/system/home` - Get home directory
+- `GET /api/system/recent` - Get recent files/venvs
+- `GET /api/system/ai` - Get AI server info
+- `POST /api/system/discover-venvs` - Start venv discovery
+
+#### Project
+- `GET /api/project?path=...` - Get project info
+- `POST /api/project` - Create project
+- `GET /api/project/nav?root=...` - Get navigation tree
+- `POST /api/project/watch` - Watch for changes
+- `POST /api/project/unwatch` - Stop watching
+
+#### Session
+- `GET /api/session` - List sessions
+- `POST /api/session` - Start session
+- `DELETE /api/session/:name` - Stop session
+- `POST /api/session/for-document` - Get/create session for document
+
+#### Bash
+- Same as Session, at `/api/bash/*`
+
+#### File
+- `GET /api/file/scan` - Scan for files
+- `POST /api/file/create` - Create file
+- `POST /api/file/create-in-project` - Create with FSML ordering
+- `POST /api/file/move` - Move/rename
+- `POST /api/file/reorder` - Drag-drop reorder
+- `DELETE /api/file?path=...` - Delete file
+- `GET /api/file/read?path=...` - Read file
+- `POST /api/file/write` - Write file
+
+#### Asset
+- `GET /api/asset` - List assets
+- `POST /api/asset/save` - Upload asset
+- `GET /api/asset/relative-path` - Calculate relative path
+- `GET /api/asset/orphans` - Find orphaned assets
+- `DELETE /api/asset` - Delete asset
+
+#### Runtime
+- `GET /api/runtime` - List runtimes
+- `DELETE /api/runtime/:id` - Kill runtime
+- `POST /api/runtime/:id/attach` - Attach to runtime
+
+### WebSocket Events
+
+Connect to `/events?token=xxx` to receive push events:
+
+```javascript
+const ws = new WebSocket('wss://server.com/events?token=xxx');
+ws.onmessage = (e) => {
+  const { event, data } = JSON.parse(e.data);
+  // event: 'project:changed', 'venv-found', 'sync-server-died', etc.
+};
+```
+
+## Security Considerations
+
+1. **Always use HTTPS** in production (use nginx/caddy as reverse proxy)
+2. **Keep tokens secret** - treat them like passwords
+3. **Use `--no-auth` only for local development**
+4. **Rotate tokens** if compromised
+
+## Limitations
+
+Some Electron features can't work in browser:
+
+| Feature | Browser Behavior |
+|---------|------------------|
+| `shell.showItemInFolder` | Returns path (can't open Finder) |
+| `shell.openPath` | Returns path (can't open local apps) |
+| Native titlebar | Standard browser chrome |
+| Offline | Requires server connection |
+
+## Development
+
+```bash
+# Run in dev mode
+npm run dev
+
+# The server will:
+# - Watch for file changes
+# - Auto-restart on changes
+```
+
+## License
+
+MIT

package/bin/cli.js

@@ -0,0 +1,161 @@
+#!/usr/bin/env node
+
+/**
+ * mrmd-server CLI
+ *
+ * Usage:
+ *   mrmd-server [options] [project-dir]
+ *
+ * Options:
+ *   -p, --port <port>     HTTP port (default: 8080)
+ *   -h, --host <host>     Bind host (default: 0.0.0.0)
+ *   -t, --token <token>   Auth token (auto-generated if not provided)
+ *   --no-auth             Disable authentication (dangerous!)
+ *   --help                Show help
+ */
+
+import { createServer } from '../src/server.js';
+import { spawn } from 'child_process';
+import path from 'path';
+import fs from 'fs/promises';
+
+function parseArgs(args) {
+  const options = {
+    port: 8080,
+    host: '0.0.0.0',
+    token: null,
+    noAuth: false,
+    projectDir: '.',
+  };
+
+  for (let i = 0; i < args.length; i++) {
+    const arg = args[i];
+
+    if (arg === '-p' || arg === '--port') {
+      options.port = parseInt(args[++i], 10);
+    } else if (arg === '-h' || arg === '--host') {
+      options.host = args[++i];
+    } else if (arg === '-t' || arg === '--token') {
+      options.token = args[++i];
+    } else if (arg === '--no-auth') {
+      options.noAuth = true;
+    } else if (arg === '--help') {
+      printHelp();
+      process.exit(0);
+    } else if (!arg.startsWith('-')) {
+      options.projectDir = arg;
+    }
+  }
+
+  return options;
+}
+
+function printHelp() {
+  console.log(`
+mrmd-server - Run mrmd in any browser
+
+Usage:
+  mrmd-server [options] [project-dir]
+
+Options:
+  -p, --port <port>     HTTP port (default: 8080)
+  -h, --host <host>     Bind host (default: 0.0.0.0)
+  -t, --token <token>   Auth token (auto-generated if not provided)
+  --no-auth             Disable authentication (DANGEROUS - local dev only)
+  --help                Show this help
+
+Examples:
+  mrmd-server                         Start in current directory
+  mrmd-server ./my-project            Start in specific directory
+  mrmd-server -p 3000 ./notebooks     Custom port
+  mrmd-server --no-auth               No auth (local dev only)
+
+Access:
+  Once started, access via the URL shown (includes token).
+  Share the URL with collaborators for real-time editing.
+`);
+}
+
+async function main() {
+  const args = process.argv.slice(2);
+  const options = parseArgs(args);
+
+  // Resolve project directory
+  options.projectDir = path.resolve(options.projectDir);
+
+  // Verify directory exists
+  try {
+    await fs.access(options.projectDir);
+  } catch {
+    console.error(`Error: Directory not found: ${options.projectDir}`);
+    process.exit(1);
+  }
+
+  // Find mrmd-electron for the UI
+  const packageDir = path.dirname(path.dirname(import.meta.url.replace('file://', '')));
+  const possibleElectronPaths = [
+    path.join(packageDir, '..', 'mrmd-electron'),
+    path.join(process.cwd(), '..', 'mrmd-electron'),
+    path.join(process.cwd(), 'mrmd-electron'),
+  ];
+
+  let electronDir = null;
+  for (const p of possibleElectronPaths) {
+    try {
+      await fs.access(path.join(p, 'index.html'));
+      electronDir = p;
+      break;
+    } catch {}
+  }
+
+  // Create and start server
+  const server = await createServer({
+    ...options,
+    electronDir,
+  });
+
+  // Handle shutdown
+  process.on('SIGINT', async () => {
+    console.log('\nShutting down...');
+    await server.stop();
+    process.exit(0);
+  });
+
+  process.on('SIGTERM', async () => {
+    await server.stop();
+    process.exit(0);
+  });
+
+  await server.start();
+
+  // Start mrmd-sync if available
+  try {
+    const syncPath = path.join(packageDir, '..', 'mrmd-sync', 'bin', 'cli.js');
+    await fs.access(syncPath);
+
+    console.log('  Starting mrmd-sync...');
+    const syncProc = spawn('node', [syncPath, '--port', '4444', options.projectDir], {
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+
+    syncProc.stdout.on('data', (data) => {
+      if (data.toString().includes('Server started')) {
+        console.log(`  Sync:       ws://localhost:4444`);
+      }
+    });
+
+    server.context.syncProcess = syncProc;
+  } catch {
+    console.log('  Sync:       (mrmd-sync not found, start manually)');
+  }
+
+  // Keep running
+  console.log('');
+  console.log('  Press Ctrl+C to stop');
+  console.log('');
+}
+
+main().catch((err) => {
+  console.error('Fatal error:', err);
+  process.exit(1);
+});

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "mrmd-server",
+  "version": "0.1.0",
+  "description": "HTTP server for mrmd - run mrmd in any browser, access from anywhere",
+  "type": "module",
+  "main": "src/index.js",
+  "bin": {
+    "mrmd-server": "./bin/cli.js"
+  },
+  "scripts": {
+    "start": "node bin/cli.js",
+    "dev": "node bin/cli.js --dev"
+  },
+  "keywords": [
+    "mrmd",
+    "markdown",
+    "notebook",
+    "server",
+    "remote",
+    "collaboration"
+  ],
+  "license": "MIT",
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "express": "^4.18.2",
+    "ws": "^8.16.0",
+    "cors": "^2.8.5",
+    "multer": "^1.4.5-lts.1",
+    "chokidar": "^3.6.0",
+    "fzf": "^0.5.2",
+    "mrmd-project": "*"
+  }
+}

package/src/api/asset.js

@@ -0,0 +1,283 @@
+/**
+ * Asset API routes
+ *
+ * Mirrors electronAPI.asset.*
+ */
+
+import { Router } from 'express';
+import path from 'path';
+import fs from 'fs/promises';
+import crypto from 'crypto';
+import multer from 'multer';
+
+// Configure multer for file uploads
+const upload = multer({
+  storage: multer.memoryStorage(),
+  limits: { fileSize: 50 * 1024 * 1024 }, // 50MB limit
+});
+
+/**
+ * Create asset routes
+ * @param {import('../server.js').ServerContext} ctx
+ */
+export function createAssetRoutes(ctx) {
+  const router = Router();
+
+  /**
+   * GET /api/asset?projectRoot=...
+   * List all assets in a project
+   * Mirrors: electronAPI.asset.list(projectRoot)
+   */
+  router.get('/', async (req, res) => {
+    try {
+      const projectRoot = req.query.projectRoot || ctx.projectDir;
+      const assetsDir = path.join(projectRoot, '_assets');
+
+      try {
+        const files = await fs.readdir(assetsDir);
+        const assets = [];
+
+        for (const file of files) {
+          if (file.startsWith('.')) continue;
+
+          const filePath = path.join(assetsDir, file);
+          const stat = await fs.stat(filePath);
+
+          assets.push({
+            name: file,
+            path: `_assets/${file}`,
+            size: stat.size,
+            modified: stat.mtime.toISOString(),
+          });
+        }
+
+        res.json(assets);
+      } catch (err) {
+        if (err.code === 'ENOENT') {
+          return res.json([]);
+        }
+        throw err;
+      }
+    } catch (err) {
+      console.error('[asset:list]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  /**
+   * POST /api/asset/save
+   * Save an asset (handles deduplication)
+   * Mirrors: electronAPI.asset.save(projectRoot, file, filename)
+   *
+   * Accepts multipart form data with 'file' field
+   * or JSON with 'file' as base64 or array of bytes
+   */
+  router.post('/save', upload.single('file'), async (req, res) => {
+    try {
+      const projectRoot = req.body.projectRoot || ctx.projectDir;
+      let filename = req.body.filename || req.file?.originalname || 'untitled';
+      let fileBuffer;
+
+      if (req.file) {
+        // Multipart upload
+        fileBuffer = req.file.buffer;
+      } else if (req.body.file) {
+        // JSON with base64 or array
+        if (typeof req.body.file === 'string') {
+          fileBuffer = Buffer.from(req.body.file, 'base64');
+        } else if (Array.isArray(req.body.file)) {
+          fileBuffer = Buffer.from(req.body.file);
+        } else {
+          return res.status(400).json({ error: 'Invalid file format' });
+        }
+      } else {
+        return res.status(400).json({ error: 'No file provided' });
+      }
+
+      const assetsDir = path.join(projectRoot, '_assets');
+      await fs.mkdir(assetsDir, { recursive: true });
+
+      // Compute hash for deduplication
+      const hash = crypto.createHash('sha256').update(fileBuffer).digest('hex').slice(0, 8);
+      const ext = path.extname(filename);
+      const base = path.basename(filename, ext);
+
+      // Check if identical file already exists
+      const existingFiles = await fs.readdir(assetsDir).catch(() => []);
+      for (const existing of existingFiles) {
+        if (existing.startsWith(hash + '-')) {
+          // Found duplicate
+          return res.json({
+            path: `_assets/${existing}`,
+            deduplicated: true,
+          });
+        }
+      }
+
+      // Save with hash prefix
+      const finalName = `${hash}-${base}${ext}`;
+      const finalPath = path.join(assetsDir, finalName);
+
+      await fs.writeFile(finalPath, fileBuffer);
+
+      res.json({
+        path: `_assets/${finalName}`,
+        deduplicated: false,
+      });
+    } catch (err) {
+      console.error('[asset:save]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  /**
+   * GET /api/asset/relative-path?assetPath=...&documentPath=...
+   * Get relative path from document to asset
+   * Mirrors: electronAPI.asset.relativePath(assetPath, documentPath)
+   */
+  router.get('/relative-path', async (req, res) => {
+    try {
+      const { assetPath, documentPath } = req.query;
+
+      if (!assetPath || !documentPath) {
+        return res.status(400).json({ error: 'assetPath and documentPath required' });
+      }
+
+      // Calculate relative path from document to asset
+      const docDir = path.dirname(documentPath);
+      const relativePath = path.relative(docDir, assetPath);
+
+      res.json({ relativePath });
+    } catch (err) {
+      console.error('[asset:relativePath]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  /**
+   * GET /api/asset/orphans?projectRoot=...
+   * Find orphaned assets
+   * Mirrors: electronAPI.asset.orphans(projectRoot)
+   */
+  router.get('/orphans', async (req, res) => {
+    try {
+      const projectRoot = req.query.projectRoot || ctx.projectDir;
+      const assetsDir = path.join(projectRoot, '_assets');
+
+      // Get all assets
+      let assetFiles;
+      try {
+        assetFiles = await fs.readdir(assetsDir);
+      } catch {
+        return res.json([]);
+      }
+
+      // Get all markdown files
+      const mdFiles = await scanMarkdownFiles(projectRoot);
+
+      // Read all markdown content and find referenced assets
+      const referencedAssets = new Set();
+      for (const mdFile of mdFiles) {
+        try {
+          const content = await fs.readFile(mdFile, 'utf-8');
+          // Find asset references (images, links)
+          const matches = content.matchAll(/!\[.*?\]\(([^)]+)\)|href="([^"]+)"/g);
+          for (const match of matches) {
+            const ref = match[1] || match[2];
+            if (ref && ref.includes('_assets/')) {
+              const assetName = path.basename(ref);
+              referencedAssets.add(assetName);
+            }
+          }
+        } catch {}
+      }
+
+      // Find orphans
+      const orphans = assetFiles.filter(f => !f.startsWith('.') && !referencedAssets.has(f));
+
+      res.json(orphans.map(f => `_assets/${f}`));
+    } catch (err) {
+      console.error('[asset:orphans]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  /**
+   * DELETE /api/asset?projectRoot=...&assetPath=...
+   * Delete an asset
+   * Mirrors: electronAPI.asset.delete(projectRoot, assetPath)
+   */
+  router.delete('/', async (req, res) => {
+    try {
+      const projectRoot = req.query.projectRoot || ctx.projectDir;
+      const assetPath = req.query.assetPath;
+
+      if (!assetPath) {
+        return res.status(400).json({ error: 'assetPath required' });
+      }
+
+      const fullPath = path.join(projectRoot, assetPath);
+
+      // Security check
+      if (!fullPath.startsWith(path.resolve(projectRoot))) {
+        return res.status(400).json({ error: 'Invalid path' });
+      }
+
+      await fs.unlink(fullPath);
+      res.json({ success: true });
+    } catch (err) {
+      console.error('[asset:delete]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  /**
+   * GET /api/asset/file/*
+   * Serve asset files (for image preview in browser)
+   */
+  router.get('/file/*', async (req, res) => {
+    try {
+      const assetPath = req.params[0];
+      const fullPath = path.join(ctx.projectDir, '_assets', assetPath);
+
+      // Security check
+      if (!fullPath.startsWith(path.resolve(ctx.projectDir))) {
+        return res.status(400).json({ error: 'Invalid path' });
+      }
+
+      res.sendFile(fullPath);
+    } catch (err) {
+      console.error('[asset:file]', err);
+      res.status(500).json({ error: err.message });
+    }
+  });
+
+  return router;
+}
+
+/**
+ * Recursively scan for markdown files
+ */
+async function scanMarkdownFiles(dir, maxDepth = 6, currentDepth = 0) {
+  if (currentDepth > maxDepth) return [];
+
+  const files = [];
+  const entries = await fs.readdir(dir, { withFileTypes: true });
+
+  for (const entry of entries) {
+    if (entry.name.startsWith('.')) continue;
+    if (entry.name === 'node_modules') continue;
+    if (entry.name === '_assets') continue;
+
+    const fullPath = path.join(dir, entry.name);
+
+    if (entry.isDirectory()) {
+      const subFiles = await scanMarkdownFiles(fullPath, maxDepth, currentDepth + 1);
+      files.push(...subFiles);
+    } else if (entry.name.endsWith('.md')) {
+      files.push(fullPath);
+    }
+  }
+
+  return files;
+}