notioncode 0.1.0 → 0.1.1

package/README.md

@@ -1,26 +1,28 @@
-# @nocodenotioncode
+# notioncode
 
-Run the Notion Code local companion without opening the Tauri desktop shell.
+Run the local companion runtime behind the `npx create notioncode` flow.
 
 ## Intended usage
 
 ```bash
-npx @nocodenotioncode start
+npx create notioncode
 ```
 
 Options:
 
 ```bash
-npx @nocodenotioncode install
-npx @nocodenotioncode doctor
-npx @nocodenotioncode start --with-local-ui
+npx notioncode install
+npx notioncode doctor
+npx notioncode start
 ```
 
 ## What it starts
 
 - localhost bridge on `127.0.0.1:3456`
-- optional local UI on `127.0.0.1:1420`
+- local UI on `http://127.0.0.1:1420` for non-Safari default browsers
+- local UI on `https://localhost:1420` when the default browser is Safari
 - browser handoff to `https://www.notioncode.live`
+- trusted localhost certificate provisioning with `mkcert` only when Safari-compatible HTTPS is needed
 
 ## Bridge binaries
 
@@ -33,6 +35,11 @@ Environment variables:
 - `NOCODE_CLOUD_URL`
 - `NOCODE_NO_OPEN=1`
 
+## Safari support
+
+When the system default browser is Safari, this package switches the local UI to `https://localhost:1420`.
+That path requires a trusted localhost certificate, so the setup flow will install or download `mkcert` and ask the OS to trust a local CA when needed.
+
 ## Current limitation
 
-This package is implemented inside the source tree and still expects local runtime assets from this repository. It is publication-ready in interface and metadata, but the final standalone distribution still needs packaged runtime assets for the agent sidecar.
+This package still expects local runtime assets from this repository. It is close to publication-ready in interface and metadata, but the final standalone distribution still needs packaged runtime assets for the agent sidecar.

package/bin/nocode-local.js

@@ -3,7 +3,7 @@
 import process from 'node:process';
 
 import { ensureBridgeBinary, buildLocalBridgeAsset } from '../lib/install.js';
-import { startLocalCompanion } from '../lib/start.js';
+import { runDoctor, startLocalCompanion } from '../lib/start.js';
 
 async function main() {
   const args = process.argv.slice(2);
@@ -14,13 +14,7 @@ async function main() {
   }
 
   if (command === 'doctor') {
-    const checks = [
-      ['node', process.version],
-      ['platform', `${process.platform}/${process.arch}`],
-    ];
-    for (const [label, detail] of checks) {
-      console.log(`[OK] ${label}: ${detail}`);
-    }
+    await runDoctor();
     return;
   }
 

package/lib/certs.js

@@ -0,0 +1,332 @@
+import os from 'node:os';
+import path from 'node:path';
+import { chmodSync, createWriteStream, existsSync, mkdirSync } from 'node:fs';
+import { execFileSync } from 'node:child_process';
+import https from 'node:https';
+
+import { defaultCacheDir } from './platform.js';
+
+function appDataDir() {
+  return path.join(defaultCacheDir(), 'local-https');
+}
+
+function localBinDir() {
+  return path.join(appDataDir(), 'bin');
+}
+
+function ensureDir(dirPath) {
+  mkdirSync(dirPath, { recursive: true });
+}
+
+function pathEntries() {
+  return (process.env.PATH || '').split(path.delimiter).filter(Boolean);
+}
+
+function resolveCommand(command) {
+  const names = process.platform === 'win32' ? [command, `${command}.exe`, `${command}.cmd`] : [command];
+  const extraDirs = process.platform === 'darwin'
+    ? ['/opt/homebrew/bin', '/usr/local/bin', localBinDir()]
+    : process.platform === 'win32'
+      ? [
+          'C:\\ProgramData\\chocolatey\\bin',
+          path.join(os.homedir(), 'scoop', 'shims'),
+          localBinDir(),
+        ]
+      : [localBinDir()];
+
+  for (const dir of [...pathEntries(), ...extraDirs]) {
+    for (const name of names) {
+      const fullPath = path.join(dir, name);
+      if (existsSync(fullPath)) {
+        return fullPath;
+      }
+    }
+  }
+
+  return null;
+}
+
+function hasCommand(command) {
+  return Boolean(resolveCommand(command));
+}
+
+function runResolvedCommand(command, args, options = {}) {
+  const resolved = resolveCommand(command);
+  if (!resolved) {
+    throw new Error(`Command not found: ${command}`);
+  }
+
+  return execFileSync(resolved, args, {
+    stdio: 'inherit',
+    ...options,
+  });
+}
+
+function certificatePaths() {
+  const dir = path.join(appDataDir(), 'certs');
+  return {
+    dir,
+    certFile: path.join(dir, 'localhost.pem'),
+    keyFile: path.join(dir, 'localhost-key.pem'),
+  };
+}
+
+function hasCertificateFiles(paths) {
+  return existsSync(paths.certFile) && existsSync(paths.keyFile);
+}
+
+function mkcertInstallInstructions() {
+  if (process.platform === 'darwin') {
+    return ['brew install mkcert', 'mkcert -install'];
+  }
+
+  if (process.platform === 'win32') {
+    return ['choco install mkcert', 'mkcert -install'];
+  }
+
+  return ['install mkcert with your package manager', 'mkcert -install'];
+}
+
+function mkcertAssetMatcher() {
+  if (process.platform === 'darwin' && process.arch === 'arm64') {
+    return /darwin-arm64$/;
+  }
+  if (process.platform === 'darwin' && process.arch === 'x64') {
+    return /darwin-amd64$|darwin-x86_64$|darwin-x64$/;
+  }
+  if (process.platform === 'linux' && process.arch === 'x64') {
+    return /linux-amd64$|linux-x86_64$|linux-x64$/;
+  }
+  if (process.platform === 'win32' && process.arch === 'x64') {
+    return /windows-amd64\.exe$|windows-x86_64\.exe$|windows-x64\.exe$/;
+  }
+
+  throw new Error(`Unsupported platform for automatic mkcert download: ${process.platform}/${process.arch}`);
+}
+
+function requestJson(url) {
+  return new Promise((resolve, reject) => {
+    https
+      .get(
+        url,
+        {
+          headers: {
+            'User-Agent': 'notioncode-local',
+            Accept: 'application/vnd.github+json',
+          },
+        },
+        (response) => {
+          if ((response.statusCode || 0) >= 300 && (response.statusCode || 0) < 400 && response.headers.location) {
+            response.resume();
+            requestJson(response.headers.location).then(resolve, reject);
+            return;
+          }
+
+          if ((response.statusCode || 0) >= 400) {
+            response.resume();
+            reject(new Error(`GitHub API request failed with HTTP ${response.statusCode}`));
+            return;
+          }
+
+          let body = '';
+          response.setEncoding('utf8');
+          response.on('data', (chunk) => {
+            body += chunk;
+          });
+          response.on('end', () => {
+            try {
+              resolve(JSON.parse(body));
+            } catch (error) {
+              reject(error);
+            }
+          });
+        }
+      )
+      .on('error', reject);
+  });
+}
+
+function downloadFile(url, destination) {
+  return new Promise((resolve, reject) => {
+    https
+      .get(
+        url,
+        {
+          headers: {
+            'User-Agent': 'notioncode-local',
+            Accept: 'application/octet-stream',
+          },
+        },
+        (response) => {
+          if ((response.statusCode || 0) >= 300 && (response.statusCode || 0) < 400 && response.headers.location) {
+            response.resume();
+            downloadFile(response.headers.location, destination).then(resolve, reject);
+            return;
+          }
+
+          if ((response.statusCode || 0) >= 400) {
+            response.resume();
+            reject(new Error(`mkcert download failed with HTTP ${response.statusCode}`));
+            return;
+          }
+
+          const output = createWriteStream(destination, { mode: 0o755 });
+          response.pipe(output);
+          output.on('finish', () => {
+            output.close(() => resolve(destination));
+          });
+          output.on('error', reject);
+        }
+      )
+      .on('error', reject);
+  });
+}
+
+async function installStandaloneMkcert() {
+  ensureDir(localBinDir());
+
+  const latestRelease = await requestJson('https://api.github.com/repos/FiloSottile/mkcert/releases/latest');
+  const matcher = mkcertAssetMatcher();
+  const asset = Array.isArray(latestRelease.assets)
+    ? latestRelease.assets.find((entry) => typeof entry?.name === 'string' && matcher.test(entry.name))
+    : null;
+
+  if (!asset?.browser_download_url) {
+    throw new Error(`Could not find a mkcert download for ${process.platform}/${process.arch}.`);
+  }
+
+  const targetName = process.platform === 'win32' ? 'mkcert.exe' : 'mkcert';
+  const targetPath = path.join(localBinDir(), targetName);
+  console.log(`[notioncode] Downloading mkcert to ${targetPath} ...`);
+  await downloadFile(asset.browser_download_url, targetPath);
+  if (process.platform !== 'win32') {
+    chmodSync(targetPath, 0o755);
+  }
+  return targetPath;
+}
+
+function installMkcertIfPossible() {
+  if (hasCommand('mkcert')) {
+    return;
+  }
+
+  if (process.platform === 'darwin' && hasCommand('brew')) {
+    console.log('[notioncode] Installing mkcert with Homebrew...');
+    runResolvedCommand('brew', ['install', 'mkcert']);
+    if (!hasCommand('mkcert')) {
+      throw new Error('Homebrew completed, but mkcert is still not available on PATH.');
+    }
+    return;
+  }
+
+  if (process.platform === 'win32' && hasCommand('choco')) {
+    console.log('[notioncode] Installing mkcert with Chocolatey...');
+    runResolvedCommand('choco', ['install', 'mkcert', '-y']);
+    if (!hasCommand('mkcert')) {
+      throw new Error('Chocolatey completed, but mkcert is still not available on PATH.');
+    }
+    return;
+  }
+
+  if (process.platform === 'win32' && hasCommand('scoop')) {
+    console.log('[notioncode] Installing mkcert with Scoop...');
+    runResolvedCommand('scoop', ['install', 'mkcert']);
+    if (!hasCommand('mkcert')) {
+      throw new Error('Scoop completed, but mkcert is still not available on PATH.');
+    }
+    return;
+  }
+
+  console.log('[notioncode] No package-manager mkcert installation path was detected. Falling back to a direct mkcert download...');
+  throw new Error('__DOWNLOAD_MKCERT__');
+}
+
+async function ensureMkcertAvailable() {
+  try {
+    installMkcertIfPossible();
+  } catch (error) {
+    if (error instanceof Error && error.message === '__DOWNLOAD_MKCERT__') {
+      return installStandaloneMkcert();
+    }
+
+    throw error;
+  }
+}
+
+async function waitForMkcertOnPath() {
+  const resolved = resolveCommand('mkcert');
+  if (!resolved) {
+    throw new Error('mkcert installation completed, but the binary is still unavailable.');
+  }
+  return resolved;
+}
+
+async function ensureMkcertReady() {
+  await ensureMkcertAvailable();
+  return waitForMkcertOnPath();
+}
+
+async function installMkcertAndTrust() {
+  await ensureMkcertReady();
+}
+
+async function installTrustedLocalCa() {
+  await installMkcertAndTrust();
+
+  console.log(
+    '[notioncode] NotionCode needs to install a local certificate authority so Safari can trust https://localhost:1420.'
+  );
+  console.log(
+    '[notioncode] Your OS may ask for approval or your system password because this updates the local trust store.'
+  );
+  runResolvedCommand('mkcert', ['-install']);
+}
+
+function generateTrustedLocalhostCert(paths) {
+  console.log('[notioncode] Generating trusted localhost certificate...');
+  runResolvedCommand('mkcert', [
+    '-cert-file',
+    paths.certFile,
+    '-key-file',
+    paths.keyFile,
+    'localhost',
+    '127.0.0.1',
+    '::1',
+  ]);
+}
+
+export async function ensureTrustedLocalhostCert() {
+  const paths = certificatePaths();
+  ensureDir(paths.dir);
+
+  await installTrustedLocalCa();
+
+  if (!hasCertificateFiles(paths)) {
+    generateTrustedLocalhostCert(paths);
+  }
+
+  return {
+    certFile: paths.certFile,
+    keyFile: paths.keyFile,
+    certDir: paths.dir,
+    appDataDir: appDataDir(),
+    localBinDir: localBinDir(),
+  };
+}
+
+export function diagnoseTrustedLocalhostCert() {
+  const paths = certificatePaths();
+
+  return {
+    appDataDir: appDataDir(),
+    certDir: paths.dir,
+    certFile: paths.certFile,
+    keyFile: paths.keyFile,
+    mkcertInstalled: hasCommand('mkcert'),
+    mkcertPath: resolveCommand('mkcert'),
+    brewInstalled: hasCommand('brew'),
+    brewPath: resolveCommand('brew'),
+    certExists: existsSync(paths.certFile),
+    keyExists: existsSync(paths.keyFile),
+  };
+}

package/lib/install.js

@@ -1,4 +1,4 @@
-import { chmodSync, copyFileSync, createWriteStream, existsSync, mkdirSync } from 'node:fs';
+import { chmodSync, copyFileSync, createWriteStream, existsSync, mkdirSync, readFileSync } from 'node:fs';
 import path from 'node:path';
 import os from 'node:os';
 import { pipeline } from 'node:stream/promises';
@@ -7,11 +7,24 @@ import { fileURLToPath } from 'node:url';
 
 import { commandForPlatform, defaultCacheDir, resolvePlatformTarget } from './platform.js';
 
-const DEFAULT_VERSION = '0.1.0';
 const DEFAULT_ASSET_BASE =
   process.env.NOCODE_COMPANION_ASSET_BASE_URL ||
   'https://github.com/tadkt/nocode/releases/download';
 
+function packageVersion() {
+  try {
+    const packageJsonPath = path.join(packageRootDir(), 'package.json');
+    const packageJson = JSON.parse(readFileSync(packageJsonPath, 'utf8'));
+    return typeof packageJson.version === 'string' && packageJson.version.trim()
+      ? packageJson.version.trim()
+      : '0.1.0';
+  } catch {
+    return '0.1.0';
+  }
+}
+
+const DEFAULT_VERSION = packageVersion();
+
 function packageRootDir() {
   return path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..');
 }

package/lib/start.js

@@ -1,14 +1,20 @@
+import http from 'node:http';
+import https from 'node:https';
 import path from 'node:path';
 import { spawn, spawnSync } from 'node:child_process';
 import { existsSync } from 'node:fs';
 import { fileURLToPath } from 'node:url';
 import { setTimeout as sleep } from 'node:timers/promises';
 
+import defaultBrowserId from 'default-browser-id';
+
 import { commandForPlatform } from './platform.js';
 import { ensureBridgeBinary } from './install.js';
+import { diagnoseTrustedLocalhostCert, ensureTrustedLocalhostCert } from './certs.js';
 
 const BRIDGE_HEALTH_URL = 'http://127.0.0.1:3456/healthz';
 const LOCAL_UI_URL = 'http://127.0.0.1:1420/';
+const LOCAL_UI_HTTPS_URL = 'https://localhost:1420/';
 const CLOUD_URL = process.env.NOCODE_CLOUD_URL || 'https://www.notioncode.live';
 
 function packageRootDir() {
@@ -44,10 +50,34 @@ function spawnLogged(cmd, args, options = {}) {
   });
 }
 
+function requestReady(url, options = {}) {
+  const target = new URL(url);
+  const client = target.protocol === 'https:' ? https : http;
+
+  return new Promise((resolve, reject) => {
+    const request = client.request(
+      target,
+      {
+        method: 'GET',
+        ...(target.protocol === 'https:' ? { rejectUnauthorized: options.rejectUnauthorized !== false } : {}),
+      },
+      (response) => {
+        response.resume();
+        resolve(response.statusCode >= 200 && response.statusCode < 400);
+      }
+    );
+
+    request.on('error', reject);
+    request.setTimeout(2_000, () => {
+      request.destroy(new Error(`Timed out waiting for ${url}`));
+    });
+    request.end();
+  });
+}
+
 async function isReady(url) {
   try {
-    const response = await fetch(url, { method: 'GET' });
-    return response.ok;
+    return await requestReady(url);
   } catch {
     return false;
   }
@@ -58,9 +88,9 @@ async function waitFor(url, timeoutMs, label) {
   let lastError = null;
   while (Date.now() < deadline) {
     try {
-      const response = await fetch(url, { method: 'GET' });
-      if (response.ok) return;
-      lastError = new Error(`${label} returned ${response.status}`);
+      const ready = await requestReady(url);
+      if (ready) return;
+      lastError = new Error(`${label} returned a non-ready response`);
     } catch (error) {
       lastError = error;
     }
@@ -69,6 +99,26 @@ async function waitFor(url, timeoutMs, label) {
   throw lastError || new Error(`${label} did not become ready.`);
 }
 
+async function verifyTrustedBridge(url) {
+  const deadline = Date.now() + 10_000;
+  let lastError = null;
+
+  while (Date.now() < deadline) {
+    try {
+      const ready = await requestReady(url, { rejectUnauthorized: true });
+      if (ready) {
+        return;
+      }
+      lastError = new Error(`Trusted bridge check returned a non-ready response for ${url}`);
+    } catch (error) {
+      lastError = error;
+    }
+    await sleep(300);
+  }
+
+  throw lastError || new Error(`Timed out verifying trusted bridge at ${url}`);
+}
+
 function openBrowser(url) {
   if (process.env.NOCODE_NO_OPEN === '1') return;
   if (process.platform === 'darwin') {
@@ -82,6 +132,73 @@ function openBrowser(url) {
   spawn(commandForPlatform('xdg-open'), [url], { stdio: 'ignore', detached: true }).unref();
 }
 
+function trimOutput(value) {
+  return typeof value === 'string' ? value.trim() : '';
+}
+
+function detectDefaultBrowser() {
+  if (process.env.NOCODE_DEFAULT_BROWSER?.trim()) {
+    return process.env.NOCODE_DEFAULT_BROWSER.trim();
+  }
+
+  try {
+    if (process.platform === 'darwin') {
+      const bundleId = defaultBrowserId();
+      if (bundleId) {
+        return trimOutput(bundleId);
+      }
+    }
+
+    if (process.platform === 'win32') {
+      const result = spawnSync(
+        'reg',
+        [
+          'query',
+          'HKCU\\Software\\Microsoft\\Windows\\Shell\\Associations\\UrlAssociations\\https\\UserChoice',
+          '/v',
+          'ProgId',
+        ],
+        { encoding: 'utf8' }
+      );
+      if (result.status === 0) {
+        return trimOutput(result.stdout);
+      }
+    }
+
+    const result = spawnSync('xdg-settings', ['get', 'default-web-browser'], {
+      encoding: 'utf8',
+    });
+    if (result.status === 0) {
+      return trimOutput(result.stdout);
+    }
+  } catch {
+    // Ignore detection failures and fall back to HTTP.
+  }
+
+  return '';
+}
+
+function isSafariDefaultBrowser(defaultBrowser) {
+  const normalized = defaultBrowser.toLowerCase();
+  return (
+    normalized.includes('com.apple.safari') ||
+    normalized.includes('safari.app') ||
+    normalized.includes('safari technology preview')
+  );
+}
+
+function shouldUseHttpsLocalUi() {
+  const explicit = process.env.NOCODE_LOCAL_UI_HTTPS?.trim().toLowerCase();
+  if (explicit === '1' || explicit === 'true' || explicit === 'https') {
+    return true;
+  }
+  if (explicit === '0' || explicit === 'false' || explicit === 'http') {
+    return false;
+  }
+
+  return isSafariDefaultBrowser(detectDefaultBrowser());
+}
+
 function hasLocalUiRepo() {
   const runtimeRoot = detectRuntimeRoot();
   return existsSync(path.join(runtimeRoot, 'package.json')) && existsSync(path.join(runtimeRoot, 'node_modules', 'vite', 'bin', 'vite.js'));
@@ -119,27 +236,44 @@ export async function startLocalCompanion(options = {}) {
   const requestedLocalUi = options.withLocalUi !== false;
   const shouldStartLocalUi = requestedLocalUi && hasLocalUiRepo();
   const useCargoBridge = hasCargoBridgeSource(runtimeRoot) && canUseCargo();
-  const bridgeExecutable = useCargoBridge ? null : await ensureBridgeBinary(options.version);
+  const useHttpsLocalUi =
+    typeof options.localUiHttps === 'boolean' ? options.localUiHttps : shouldUseHttpsLocalUi();
+  const localUiUrl = useHttpsLocalUi ? LOCAL_UI_HTTPS_URL : LOCAL_UI_URL;
+  const localUiHost = useHttpsLocalUi ? 'localhost' : '127.0.0.1';
+  let localHttps = null;
+
+  if (shouldStartLocalUi && useHttpsLocalUi) {
+    localHttps = await ensureTrustedLocalhostCert();
+  }
 
   ensureSidecarInstallIfRepoPresent();
 
   let vite = null;
   if (shouldStartLocalUi) {
-    if (await isReady(LOCAL_UI_URL)) {
-      console.log('[notioncode] Reusing existing local UI on http://127.0.0.1:1420 .');
+    if (await isReady(localUiUrl)) {
+      console.log(`[notioncode] Reusing existing local UI on ${localUiUrl} .`);
     } else {
-      console.log('[notioncode] Starting local UI on http://127.0.0.1:1420 ...');
-      vite = spawnLogged(commandForPlatform('node'), ['node_modules/vite/bin/vite.js', '--host', '127.0.0.1'], {
+      console.log(`[notioncode] Starting local UI on ${localUiUrl} ...`);
+      vite = spawnLogged(commandForPlatform('node'), ['node_modules/vite/bin/vite.js', '--host', localUiHost], {
         cwd: runtimeRoot,
         env: {
           VITE_SINGLE_USER_MODE: 'true',
+          NOCODE_LOCAL_UI_USE_HTTPS: useHttpsLocalUi ? '1' : '0',
+          NOCODE_LOCAL_UI_HOST: localUiHost,
+          ...(localHttps
+            ? {
+                NOCODE_LOCAL_UI_CERT_FILE: localHttps.certFile,
+                NOCODE_LOCAL_UI_KEY_FILE: localHttps.keyFile,
+              }
+            : {}),
         },
       });
     }
   }
 
   let bridge = null;
-  if (await isReady(BRIDGE_HEALTH_URL)) {
+  const bridgeAlreadyReady = await isReady(BRIDGE_HEALTH_URL);
+  if (bridgeAlreadyReady) {
     console.log('[notioncode] Reusing existing bridge on http://127.0.0.1:3456 .');
   } else {
     console.log('[notioncode] Starting local bridge on http://127.0.0.1:3456 ...');
@@ -150,6 +284,7 @@ export async function startLocalCompanion(options = {}) {
         { cwd: runtimeRoot }
       );
     } else {
+      const bridgeExecutable = await ensureBridgeBinary(options.version);
       bridge = spawnLogged(bridgeExecutable, [], {
         cwd: runtimeRoot,
         env: {
@@ -180,15 +315,65 @@ export async function startLocalCompanion(options = {}) {
   const bridgeTimeoutMs = useCargoBridge ? 180_000 : 15_000;
   await waitFor(BRIDGE_HEALTH_URL, bridgeTimeoutMs, 'Bridge');
   if (shouldStartLocalUi) {
-    await waitFor(LOCAL_UI_URL, 15_000, 'Local UI');
+    await waitFor(localUiUrl, 15_000, 'Local UI');
+    if (useHttpsLocalUi) {
+      try {
+        await verifyTrustedBridge(localUiUrl);
+      } catch (error) {
+        throw new Error(
+          `Safari-compatible local bridge could not be initialized.\n\nReason:\n  ${error instanceof Error ? error.message : String(error)}\n\nFix:\n  Install mkcert and trust the local certificate authority, then rerun:\n  mkcert -install\n  npx create notioncode`
+        );
+      }
+    }
   }
 
   console.log('[notioncode] Ready.');
   console.log(`[notioncode] Cloud UI: ${CLOUD_URL}`);
   if (shouldStartLocalUi) {
-    console.log(`[notioncode] Local UI: ${LOCAL_UI_URL}`);
+    console.log(`[notioncode] Local UI: ${localUiUrl}`);
   }
-  const entryUrl = shouldStartLocalUi ? LOCAL_UI_URL : CLOUD_URL;
+  const entryUrl = CLOUD_URL;
   console.log(`[notioncode] Opening: ${entryUrl}`);
   openBrowser(entryUrl);
 }
+
+export async function runDoctor() {
+  const certs = diagnoseTrustedLocalhostCert();
+  const defaultBrowser = detectDefaultBrowser();
+  const useHttpsLocalUi = shouldUseHttpsLocalUi();
+  const checks = [
+    ['node', process.version],
+    ['platform', `${process.platform}/${process.arch}`],
+    ['default browser', defaultBrowser || 'unknown'],
+    ['local UI scheme', useHttpsLocalUi ? 'https' : 'http'],
+    ['mkcert', certs.mkcertInstalled ? 'installed' : 'missing'],
+    ['localhost cert', certs.certExists ? certs.certFile : 'missing'],
+    ['localhost key', certs.keyExists ? certs.keyFile : 'missing'],
+  ];
+
+  for (const [label, detail] of checks) {
+    console.log(`[OK] ${label}: ${detail}`);
+  }
+
+  const bridgeReady = await isReady(BRIDGE_HEALTH_URL);
+  console.log(`[${bridgeReady ? 'OK' : 'WARN'}] bridge healthz: ${bridgeReady ? BRIDGE_HEALTH_URL : 'not reachable'}`);
+
+  const selectedLocalUiUrl = useHttpsLocalUi ? LOCAL_UI_HTTPS_URL : LOCAL_UI_URL;
+  const localUiReachable = await isReady(selectedLocalUiUrl);
+  console.log(
+    `[${localUiReachable ? 'OK' : 'WARN'}] selected local UI: ${
+      localUiReachable ? selectedLocalUiUrl : 'not reachable'
+    }`
+  );
+
+  if (useHttpsLocalUi && localUiReachable) {
+    try {
+      await verifyTrustedBridge(LOCAL_UI_HTTPS_URL);
+      console.log(`[OK] trusted TLS: ${LOCAL_UI_HTTPS_URL}`);
+    } catch (error) {
+      console.log(
+        `[WARN] trusted TLS: ${error instanceof Error ? error.message : String(error)}`
+      );
+    }
+  }
+}

package/package.json

@@ -1,9 +1,12 @@
 {
   "name": "notioncode",
-  "version": "0.1.0",
-  "description": "Run the Notion Code local companion bridge and open the cloud UI.",
+  "version": "0.1.1",
+  "description": "Local companion runtime used by the `npx create notioncode` setup flow.",
   "type": "module",
   "license": "MIT",
+  "dependencies": {
+    "default-browser-id": "^5.0.1"
+  },
   "bin": {
     "notioncode": "bin/nocode-local.js"
   },