neoagent 2.4.0 → 2.4.1-beta.6

package/flutter_app/lib/src/desktop_companion_io.dart

@@ -52,7 +52,8 @@ class DesktopCompanionManager extends ChangeNotifier {
 
   Future<void> bootstrap(SharedPreferences prefs) async {
     _enabled = prefs.getBool(desktopCompanionEnabledPrefsKey) ?? false;
-    _paused = prefs.getBool(desktopCompanionPausedPrefsKey) ?? false;
+    // Always start unpaused — paused state must not carry over across restarts.
+    _paused = false;
     _label =
         prefs.getString(desktopCompanionLabelPrefsKey)?.trim() ??
         _defaultLabel();
@@ -116,7 +117,6 @@ class DesktopCompanionManager extends ChangeNotifier {
 
   Future<void> setPaused(bool value, SharedPreferences prefs) async {
     _paused = value;
-    await prefs.setBool(desktopCompanionPausedPrefsKey, value);
     notifyListeners();
     if (_connected) {
       await _sendEvent('statusChanged', <String, Object?>{'paused': value});
@@ -387,10 +387,15 @@ class DesktopCompanionManager extends ChangeNotifier {
       case 'pauseControl':
         final paused = payload['paused'] != false;
         _paused = paused;
-        final prefs = await SharedPreferences.getInstance();
-        await prefs.setBool(desktopCompanionPausedPrefsKey, paused);
         notifyListeners();
         return <String, Object?>{'success': true, 'paused': _paused};
+      case 'executeCommand':
+        return _actions.executeShellCommand(
+          command: payload['command']?.toString() ?? '',
+          cwd: payload['cwd']?.toString(),
+          timeoutMs: (payload['timeout'] as num?)?.toInt(),
+          stdinInput: payload['stdin_input']?.toString(),
+        );
       case 'ping':
         return <String, Object?>{'pong': true};
       default:

package/flutter_app/macos/Runner/AppDelegate.swift

@@ -316,7 +316,18 @@ final class DesktopCompanionNativePlugin: NSObject {
   }
 
   private func isAccessibilityTrusted() -> Bool {
-    AXIsProcessTrusted()
+    if AXIsProcessTrusted() { return true }
+    // AXIsProcessTrusted() may cache false on macOS 14+ after a System Settings grant.
+    // Probe with a live AX read: .apiDisabled is the error returned when the process
+    // lacks accessibility permission (AXError has no .notTrusted case in the macOS SDK).
+    let sysElement = AXUIElementCreateSystemWide()
+    var value: CFTypeRef?
+    let status = AXUIElementCopyAttributeValue(
+      sysElement,
+      kAXFocusedApplicationAttribute as CFString,
+      &value
+    )
+    return status != .apiDisabled
   }
 
   private func resolveDisplayId(_ raw: String?) -> CGDirectDisplayID {

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "neoagent",
-  "version": "2.4.0",
+  "version": "2.4.1-beta.6",
   "description": "Proactive personal AI agent with no limits",
-  "license": "MIT",
+  "license": "AGPL-3.0-only",
   "main": "server/index.js",
   "engines": {
     "node": ">=20"

package/server/guest_agent.js

@@ -62,7 +62,18 @@ function isInsideAllowedRoots(targetPath) {
 }
 
 function requireToken(req, res, next) {
-  next();
+  if (!AUTH_TOKEN) {
+    // Token not configured in this environment — allow but unauthenticated.
+    // Pass NEOAGENT_VM_GUEST_TOKEN to the container to enforce auth.
+    return next();
+  }
+  const header = String(req.headers?.authorization || '').trim();
+  const prefix = 'Bearer ';
+  const provided = header.startsWith(prefix) ? header.slice(prefix.length).trim() : '';
+  if (!provided || provided !== AUTH_TOKEN) {
+    return res.status(401).json({ error: 'Unauthorized.' });
+  }
+  return next();
 }
 
 function sanitizeError(err) {

package/server/http/routes.js

@@ -67,6 +67,196 @@ function registerApiRoutes(app) {
     });
   });
 
+  app.get('/api/system/health-check', requireAuth, async (req, res) => {
+    const userId = req.session?.userId;
+    const runtimeManager = req.app?.locals?.runtimeManager;
+    const desktopRegistry = req.app?.locals?.desktopCompanionRegistry;
+    const extensionRegistry = req.app?.locals?.browserExtensionRegistry;
+    const results = [];
+
+    // 1. Backend connectivity — trivially true if we got here.
+    results.push({ id: 'backend', label: 'Backend server', passed: true, detail: 'Reachable' });
+
+    // 2. Cloud VM runtime availability.
+    const runtimeValidation = getRuntimeValidation(runtimeManager);
+    const runtimeReady = Boolean(runtimeValidation?.ready);
+    results.push({
+      id: 'vm_runtime',
+      label: 'Cloud VM runtime',
+      passed: runtimeReady,
+      detail: runtimeReady ? 'Available' : String(runtimeValidation?.issues?.[0] || 'Not configured'),
+    });
+
+    // 3. Cloud VM CLI execution — actually run a command.
+    if (runtimeManager && typeof runtimeManager.executeCommand === 'function') {
+      try {
+        const cmdResult = await runtimeManager.executeCommand(userId, 'echo "health_check_ok"', { timeout: 15000 });
+        const exitOk = cmdResult?.exitCode === 0;
+        const outputOk = String(cmdResult?.stdout || '').includes('health_check_ok');
+        results.push({
+          id: 'vm_cli',
+          label: 'Cloud VM — command execution',
+          passed: exitOk && outputOk,
+          detail: exitOk && outputOk
+            ? 'Commands running'
+            : `Exit ${cmdResult?.exitCode ?? '?'}: ${String(cmdResult?.stderr || cmdResult?.stdout || '').slice(0, 120)}`,
+        });
+      } catch (err) {
+        results.push({ id: 'vm_cli', label: 'Cloud VM — command execution', passed: false, detail: String(err?.message || err).slice(0, 120) });
+      }
+    } else {
+      results.push({ id: 'vm_cli', label: 'Cloud VM — command execution', passed: false, detail: 'VM runtime unavailable' });
+    }
+
+    // 4. Desktop companion (macOS app / remote device) connectivity + permissions.
+    if (desktopRegistry) {
+      try {
+        const desktopStatus = desktopRegistry.getStatus(userId);
+        const connected = Boolean(desktopStatus?.connected);
+        results.push({
+          id: 'desktop_connected',
+          label: 'Desktop companion',
+          passed: connected,
+          detail: connected
+            ? `${desktopStatus.onlineCount} device${desktopStatus.onlineCount !== 1 ? 's' : ''} connected`
+            : 'No device connected — open the desktop app',
+        });
+
+        if (connected && Array.isArray(desktopStatus?.devices)) {
+          const onlineDevice = desktopStatus.devices.find((d) => d.online && !d.revokedAt);
+          const perms = onlineDevice?.permissions || {};
+          const screenOk = Boolean(perms.screenCapture || perms.screen_capture);
+          const inputOk = Boolean(perms.accessibility || perms.inputControl || perms.input_control);
+          results.push({
+            id: 'desktop_screen',
+            label: 'Desktop — screen capture',
+            passed: screenOk,
+            detail: screenOk ? 'Granted' : 'Not granted — open System Settings › Privacy › Screen Recording',
+          });
+          results.push({
+            id: 'desktop_input',
+            label: 'Desktop — input control',
+            passed: inputOk,
+            detail: inputOk ? 'Granted' : 'Not granted — open System Settings › Privacy › Accessibility',
+          });
+        }
+      } catch (err) {
+        results.push({ id: 'desktop_connected', label: 'Desktop companion', passed: false, detail: String(err?.message || err).slice(0, 120) });
+      }
+    }
+
+    // 5. Chrome extension connectivity.
+    if (extensionRegistry) {
+      try {
+        const extStatus = extensionRegistry.getStatus(userId);
+        const extConnected = Boolean(extStatus?.connected);
+        results.push({
+          id: 'chrome_extension',
+          label: 'Chrome extension',
+          passed: extConnected,
+          detail: extConnected ? 'Connected' : 'Not connected — install the NeoAgent extension in Chrome',
+        });
+      } catch (err) {
+        results.push({ id: 'chrome_extension', label: 'Chrome extension', passed: false, detail: String(err?.message || err).slice(0, 120) });
+      }
+    }
+
+    const allPassed = results.every((r) => r.passed);
+    res.json({ passed: allPassed, results });
+  });
+
+  // Targeted runtime self-tests — one check per endpoint so the UI can embed
+  // results inline next to the relevant settings control.
+
+  app.get('/api/system/test/cli', requireAuth, async (req, res) => {
+    const userId = req.session?.userId;
+    const runtimeManager = req.app?.locals?.runtimeManager;
+    if (!runtimeManager || typeof runtimeManager.executeCommand !== 'function') {
+      return res.json({ passed: false, backendUsed: 'vm', detail: 'Runtime not configured on this server.' });
+    }
+    // Note: executeCommand always routes through the VM backend regardless of
+    // the cli_backend setting — desktop CLI routing is not yet implemented.
+    try {
+      const result = await runtimeManager.executeCommand(userId, 'echo "cli_test_ok"', { timeout: 15000 });
+      const exitOk = result?.exitCode === 0;
+      const outputOk = String(result?.stdout || '').includes('cli_test_ok');
+      return res.json({
+        passed: exitOk && outputOk,
+        backendUsed: 'vm',
+        detail: exitOk && outputOk
+          ? 'Command executed successfully'
+          : `Exit ${result?.exitCode ?? '?'}: ${String(result?.stderr || result?.stdout || '').slice(0, 120)}`,
+      });
+    } catch (err) {
+      return res.json({ passed: false, backendUsed: 'vm', detail: String(err?.message || err).slice(0, 120) });
+    }
+  });
+
+  app.get('/api/system/test/extension', requireAuth, (req, res) => {
+    const userId = req.session?.userId;
+    const extensionRegistry = req.app?.locals?.browserExtensionRegistry;
+    if (!extensionRegistry) {
+      return res.json({ passed: false, detail: 'Extension registry not available on this server.' });
+    }
+    try {
+      const status = extensionRegistry.getStatus(userId);
+      const connected = Boolean(status?.connected);
+      return res.json({
+        passed: connected,
+        detail: connected ? 'Extension is connected and live' : 'Extension is not connected',
+        tokenId: status?.activeTokenId || null,
+        meta: status?.connectedMeta || null,
+      });
+    } catch (err) {
+      return res.json({ passed: false, detail: String(err?.message || err).slice(0, 120) });
+    }
+  });
+
+  app.get('/api/system/test/desktop', requireAuth, (req, res) => {
+    const userId = req.session?.userId;
+    const desktopRegistry = req.app?.locals?.desktopCompanionRegistry;
+    if (!desktopRegistry) {
+      return res.json({ passed: false, detail: 'Desktop registry not available on this server.' });
+    }
+    try {
+      const status = desktopRegistry.getStatus(userId);
+      const connected = Boolean(status?.connected);
+      const devices = Array.isArray(status?.devices)
+        ? status.devices.filter((d) => d.online && !d.revokedAt)
+        : [];
+      const selected = status?.selectedDeviceId || null;
+      const activeDevice = selected
+        ? devices.find((d) => d.deviceId === selected)
+        : devices.length === 1 ? devices[0] : null;
+      const perms = activeDevice?.permissions || {};
+      const screenOk = Boolean(perms.screenCapture || perms.screen_capture);
+      const inputOk = Boolean(perms.accessibility || perms.inputControl || perms.input_control);
+      return res.json({
+        passed: connected,
+        connected,
+        onlineCount: devices.length,
+        selectedDeviceId: selected,
+        activeDevice: activeDevice ? {
+          deviceId: activeDevice.deviceId,
+          label: activeDevice.label || activeDevice.hostname || activeDevice.deviceId,
+          platform: activeDevice.platform || null,
+          paused: activeDevice.paused || false,
+          permissions: { screenCapture: screenOk, inputControl: inputOk },
+        } : null,
+        multipleOnline: devices.length > 1 && !activeDevice,
+        detail: !connected
+          ? 'No device connected'
+          : devices.length > 1 && !activeDevice
+            ? `${devices.length} devices online — select one in Desktop settings`
+            : activeDevice?.paused
+              ? `${activeDevice.label || 'Device'} is paused`
+              : `${activeDevice?.label || 'Device'} connected`,
+      });
+    } catch (err) {
+      return res.json({ passed: false, detail: String(err?.message || err).slice(0, 120) });
+    }
+  });
+
   app.get('/api/version', requireAuth, (req, res) => {
     res.json(getVersionInfo());
   });

package/server/public/.last_build_id

@@ -1 +1 @@
-18f90bb9a4d3bcea22e501f688e05b77
+9647cb1542fc26ae38d596b749b42002

package/server/public/flutter_bootstrap.js

@@ -37,6 +37,6 @@ _flutter.buildConfig = {"engineRevision":"4c525dac5ebe5971c5708ef73558ed8edcf4a3
 
 _flutter.loader.load({
   serviceWorkerSettings: {
-    serviceWorkerVersion: "1600220817" /* Flutter's service worker is deprecated and will be removed in a future Flutter release. */
+    serviceWorkerVersion: "14317349" /* Flutter's service worker is deprecated and will be removed in a future Flutter release. */
   }
 });