offwatch 0.5.8 → 0.5.10

package/src/prompts/server.ts

@@ -0,0 +1,221 @@
+import * as p from "@clack/prompts";
+import { isLoopbackHost, type BindMode } from "@paperclipai/shared";
+import type { AuthConfig, ServerConfig } from "../config/schema.js";
+import { parseHostnameCsv } from "../config/hostnames.js";
+import { buildCustomServerConfig, buildPresetServerConfig, inferConfiguredBind } from "../config/server-bind.js";
+
+const TAILNET_BIND_WARNING =
+  "No Tailscale address was detected during setup. The saved config will stay on loopback until Tailscale is available or PAPERCLIP_TAILNET_BIND_HOST is set.";
+
+function cancelled(): never {
+  p.cancel("Setup cancelled.");
+  process.exit(0);
+}
+
+export async function promptServer(opts?: {
+  currentServer?: Partial<ServerConfig>;
+  currentAuth?: Partial<AuthConfig>;
+}): Promise<{ server: ServerConfig; auth: AuthConfig }> {
+  const currentServer = opts?.currentServer;
+  const currentAuth = opts?.currentAuth;
+  const currentBind = inferConfiguredBind(currentServer);
+
+  const bindSelection = await p.select({
+    message: "Reachability",
+    options: [
+      {
+        value: "loopback" as const,
+        label: "Trusted local",
+        hint: "Recommended for first run: localhost only, no login friction",
+      },
+      {
+        value: "lan" as const,
+        label: "Private network",
+        hint: "Broad private bind for LAN, VPN, or legacy --tailscale-auth style access",
+      },
+      {
+        value: "tailnet" as const,
+        label: "Tailnet",
+        hint: "Private authenticated access using the machine's detected Tailscale address",
+      },
+      {
+        value: "custom" as const,
+        label: "Custom",
+        hint: "Choose exact auth mode, exposure, and host manually",
+      },
+    ],
+    initialValue: currentBind,
+  });
+
+  if (p.isCancel(bindSelection)) cancelled();
+  const bind = bindSelection as BindMode;
+
+  const portStr = await p.text({
+    message: "Server port",
+    defaultValue: String(currentServer?.port ?? 3100),
+    placeholder: "3100",
+    validate: (val) => {
+      const n = Number(val);
+      if (isNaN(n) || n < 1 || n > 65535 || !Number.isInteger(n)) {
+        return "Must be an integer between 1 and 65535";
+      }
+    },
+  });
+
+  if (p.isCancel(portStr)) cancelled();
+  const port = Number(portStr) || 3100;
+  const serveUi = currentServer?.serveUi ?? true;
+
+  if (bind === "loopback") {
+    return buildPresetServerConfig("loopback", {
+      port,
+      allowedHostnames: [],
+      serveUi,
+    });
+  }
+
+  if (bind === "lan" || bind === "tailnet") {
+    const allowedHostnamesInput = await p.text({
+      message: "Allowed private hostnames (comma-separated, optional)",
+      defaultValue: (currentServer?.allowedHostnames ?? []).join(", "),
+      placeholder:
+        bind === "tailnet"
+          ? "your-machine.tailnet.ts.net"
+          : "dotta-macbook-pro, host.docker.internal",
+      validate: (val) => {
+        try {
+          parseHostnameCsv(val);
+          return;
+        } catch (err) {
+          return err instanceof Error ? err.message : "Invalid hostname list";
+        }
+      },
+    });
+
+    if (p.isCancel(allowedHostnamesInput)) cancelled();
+
+    const preset = buildPresetServerConfig(bind, {
+      port,
+      allowedHostnames: parseHostnameCsv(allowedHostnamesInput),
+      serveUi,
+    });
+    if (bind === "tailnet" && isLoopbackHost(preset.server.host)) {
+      p.log.warn(TAILNET_BIND_WARNING);
+    }
+    return preset;
+  }
+
+  const deploymentModeSelection = await p.select({
+    message: "Auth mode",
+    options: [
+      {
+        value: "local_trusted",
+        label: "Local trusted",
+        hint: "No login required; only safe with loopback-only or similarly trusted access",
+      },
+      {
+        value: "authenticated",
+        label: "Authenticated",
+        hint: "Login required; supports both private-network and public deployments",
+      },
+    ],
+    initialValue: currentServer?.deploymentMode ?? "authenticated",
+  });
+
+  if (p.isCancel(deploymentModeSelection)) cancelled();
+  const deploymentMode = deploymentModeSelection as ServerConfig["deploymentMode"];
+
+  let exposure: ServerConfig["exposure"] = "private";
+  if (deploymentMode === "authenticated") {
+    const exposureSelection = await p.select({
+      message: "Exposure profile",
+      options: [
+        {
+          value: "private",
+          label: "Private network",
+          hint: "Private access only, with automatic URL handling",
+        },
+        {
+          value: "public",
+          label: "Public internet",
+          hint: "Internet-facing deployment with explicit public URL requirements",
+        },
+      ],
+      initialValue: currentServer?.exposure ?? "private",
+    });
+    if (p.isCancel(exposureSelection)) cancelled();
+    exposure = exposureSelection as ServerConfig["exposure"];
+  }
+
+  const defaultHost =
+    currentServer?.customBindHost ??
+    currentServer?.host ??
+    (deploymentMode === "local_trusted" ? "127.0.0.1" : "0.0.0.0");
+  const host = await p.text({
+    message: "Bind host",
+    defaultValue: defaultHost,
+    placeholder: defaultHost,
+    validate: (val) => {
+      if (!val.trim()) return "Host is required";
+      if (deploymentMode === "local_trusted" && !isLoopbackHost(val.trim())) {
+        return "Local trusted mode requires a loopback host such as 127.0.0.1";
+      }
+    },
+  });
+
+  if (p.isCancel(host)) cancelled();
+
+  let allowedHostnames: string[] = [];
+  if (deploymentMode === "authenticated" && exposure === "private") {
+    const allowedHostnamesInput = await p.text({
+      message: "Allowed private hostnames (comma-separated, optional)",
+      defaultValue: (currentServer?.allowedHostnames ?? []).join(", "),
+      placeholder: "dotta-macbook-pro, your-host.tailnet.ts.net",
+      validate: (val) => {
+        try {
+          parseHostnameCsv(val);
+          return;
+        } catch (err) {
+          return err instanceof Error ? err.message : "Invalid hostname list";
+        }
+      },
+    });
+
+    if (p.isCancel(allowedHostnamesInput)) cancelled();
+    allowedHostnames = parseHostnameCsv(allowedHostnamesInput);
+  }
+
+  let publicBaseUrl: string | undefined;
+  if (deploymentMode === "authenticated" && exposure === "public") {
+    const urlInput = await p.text({
+      message: "Public base URL",
+      defaultValue: currentAuth?.publicBaseUrl ?? "",
+      placeholder: "https://paperclip.example.com",
+      validate: (val) => {
+        const candidate = val.trim();
+        if (!candidate) return "Public base URL is required for public exposure";
+        try {
+          const url = new URL(candidate);
+          if (url.protocol !== "http:" && url.protocol !== "https:") {
+            return "URL must start with http:// or https://";
+          }
+          return;
+        } catch {
+          return "Enter a valid URL";
+        }
+      },
+    });
+    if (p.isCancel(urlInput)) cancelled();
+    publicBaseUrl = urlInput.trim().replace(/\/+$/, "");
+  }
+
+  return buildCustomServerConfig({
+    deploymentMode,
+    exposure,
+    host: host.trim(),
+    port,
+    allowedHostnames,
+    serveUi,
+    publicBaseUrl,
+  });
+}

package/src/prompts/storage.ts

@@ -0,0 +1,146 @@
+import * as p from "@clack/prompts";
+import type { StorageConfig } from "../config/schema.js";
+import { resolveDefaultStorageDir, resolvePaperclipInstanceId } from "../config/home.js";
+
+function defaultStorageBaseDir(): string {
+  return resolveDefaultStorageDir(resolvePaperclipInstanceId());
+}
+
+export function defaultStorageConfig(): StorageConfig {
+  return {
+    provider: "local_disk",
+    localDisk: {
+      baseDir: defaultStorageBaseDir(),
+    },
+    s3: {
+      bucket: "paperclip",
+      region: "us-east-1",
+      endpoint: undefined,
+      prefix: "",
+      forcePathStyle: false,
+    },
+  };
+}
+
+export async function promptStorage(current?: StorageConfig): Promise<StorageConfig> {
+  const base = current ?? defaultStorageConfig();
+
+  const provider = await p.select({
+    message: "Storage provider",
+    options: [
+      {
+        value: "local_disk" as const,
+        label: "Local disk (recommended)",
+        hint: "best for single-user local deployments",
+      },
+      {
+        value: "s3" as const,
+        label: "S3 compatible",
+        hint: "for cloud/object storage backends",
+      },
+    ],
+    initialValue: base.provider,
+  });
+
+  if (p.isCancel(provider)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  if (provider === "local_disk") {
+    const baseDir = await p.text({
+      message: "Local storage base directory",
+      defaultValue: base.localDisk.baseDir || defaultStorageBaseDir(),
+      placeholder: defaultStorageBaseDir(),
+      validate: (value) => {
+        if (!value || value.trim().length === 0) return "Storage base directory is required";
+      },
+    });
+
+    if (p.isCancel(baseDir)) {
+      p.cancel("Setup cancelled.");
+      process.exit(0);
+    }
+
+    return {
+      provider: "local_disk",
+      localDisk: {
+        baseDir: baseDir.trim(),
+      },
+      s3: base.s3,
+    };
+  }
+
+  const bucket = await p.text({
+    message: "S3 bucket",
+    defaultValue: base.s3.bucket || "paperclip",
+    placeholder: "paperclip",
+    validate: (value) => {
+      if (!value || value.trim().length === 0) return "Bucket is required";
+    },
+  });
+
+  if (p.isCancel(bucket)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  const region = await p.text({
+    message: "S3 region",
+    defaultValue: base.s3.region || "us-east-1",
+    placeholder: "us-east-1",
+    validate: (value) => {
+      if (!value || value.trim().length === 0) return "Region is required";
+    },
+  });
+
+  if (p.isCancel(region)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  const endpoint = await p.text({
+    message: "S3 endpoint (optional for compatible backends)",
+    defaultValue: base.s3.endpoint ?? "",
+    placeholder: "https://s3.amazonaws.com",
+  });
+
+  if (p.isCancel(endpoint)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  const prefix = await p.text({
+    message: "Object key prefix (optional)",
+    defaultValue: base.s3.prefix ?? "",
+    placeholder: "paperclip/",
+  });
+
+  if (p.isCancel(prefix)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  const forcePathStyle = await p.confirm({
+    message: "Use S3 path-style URLs?",
+    initialValue: base.s3.forcePathStyle ?? false,
+  });
+
+  if (p.isCancel(forcePathStyle)) {
+    p.cancel("Setup cancelled.");
+    process.exit(0);
+  }
+
+  return {
+    provider: "s3",
+    localDisk: base.localDisk,
+    s3: {
+      bucket: bucket.trim(),
+      region: region.trim(),
+      endpoint: endpoint.trim() || undefined,
+      prefix: prefix.trim(),
+      forcePathStyle,
+    },
+  };
+}
+

package/src/telemetry.ts

@@ -0,0 +1,49 @@
+import path from "node:path";
+import {
+  TelemetryClient,
+  resolveTelemetryConfig,
+  loadOrCreateState,
+  trackInstallStarted,
+  trackInstallCompleted,
+  trackCompanyImported,
+} from "../../packages/shared/src/telemetry/index.js";
+import { resolvePaperclipInstanceRoot } from "./config/home.js";
+import { readConfig } from "./config/store.js";
+import { cliVersion } from "./version.js";
+
+let client: TelemetryClient | null = null;
+
+export function initTelemetry(fileConfig?: { enabled?: boolean }): TelemetryClient | null {
+  if (client) return client;
+
+  const config = resolveTelemetryConfig(fileConfig);
+  if (!config.enabled) return null;
+
+  const stateDir = path.join(resolvePaperclipInstanceRoot(), "telemetry");
+  client = new TelemetryClient(config, () => loadOrCreateState(stateDir, cliVersion), cliVersion);
+  return client;
+}
+
+export function initTelemetryFromConfigFile(configPath?: string): TelemetryClient | null {
+  try {
+    return initTelemetry(readConfig(configPath)?.telemetry);
+  } catch {
+    return initTelemetry();
+  }
+}
+
+export function getTelemetryClient(): TelemetryClient | null {
+  return client;
+}
+
+export async function flushTelemetry(): Promise<void> {
+  if (client) {
+    await client.flush();
+  }
+}
+
+export {
+  trackInstallStarted,
+  trackInstallCompleted,
+  trackCompanyImported,
+};

package/src/utils/banner.ts

@@ -0,0 +1,24 @@
+import pc from "picocolors";
+
+const PAPERCLIP_ART = [
+  "██████╗  █████╗ ██████╗ ███████╗██████╗  ██████╗██╗     ██╗██████╗ ",
+  "██╔══██╗██╔══██╗██╔══██╗██╔════╝██╔══██╗██╔════╝██║     ██║██╔══██╗",
+  "██████╔╝███████║██████╔╝█████╗  ██████╔╝██║     ██║     ██║██████╔╝",
+  "██╔═══╝ ██╔══██║██╔═══╝ ██╔══╝  ██╔══██╗██║     ██║     ██║██╔═══╝ ",
+  "██║     ██║  ██║██║     ███████╗██║  ██║╚██████╗███████╗██║██║     ",
+  "╚═╝     ╚═╝  ╚═╝╚═╝     ╚══════╝╚═╝  ╚═╝ ╚═════╝╚══════╝╚═╝╚═╝     ",
+] as const;
+
+const TAGLINE = "Open-source orchestration for zero-human companies";
+
+export function printPaperclipCliBanner(): void {
+  const lines = [
+    "",
+    ...PAPERCLIP_ART.map((line) => pc.cyan(line)),
+    pc.blue("  ───────────────────────────────────────────────────────"),
+    pc.bold(pc.white(`  ${TAGLINE}`)),
+    "",
+  ];
+
+  console.log(lines.join("\n"));
+}

package/src/utils/net.ts

@@ -0,0 +1,18 @@
+import net from "node:net";
+
+export function checkPort(port: number): Promise<{ available: boolean; error?: string }> {
+  return new Promise((resolve) => {
+    const server = net.createServer();
+    server.once("error", (err: NodeJS.ErrnoException) => {
+      if (err.code === "EADDRINUSE") {
+        resolve({ available: false, error: `Port ${port} is already in use` });
+      } else {
+        resolve({ available: false, error: err.message });
+      }
+    });
+    server.once("listening", () => {
+      server.close(() => resolve({ available: true }));
+    });
+    server.listen(port, "127.0.0.1");
+  });
+}

package/src/utils/path-resolver.ts

@@ -0,0 +1,25 @@
+import fs from "node:fs";
+import path from "node:path";
+import { expandHomePrefix } from "../config/home.js";
+
+function unique(items: string[]): string[] {
+  return Array.from(new Set(items));
+}
+
+export function resolveRuntimeLikePath(value: string, configPath?: string): string {
+  const expanded = expandHomePrefix(value);
+  if (path.isAbsolute(expanded)) return path.resolve(expanded);
+
+  const cwd = process.cwd();
+  const configDir = configPath ? path.dirname(configPath) : null;
+  const workspaceRoot = configDir ? path.resolve(configDir, "..") : cwd;
+
+  const candidates = unique([
+    ...(configDir ? [path.resolve(configDir, expanded)] : []),
+    path.resolve(workspaceRoot, "server", expanded),
+    path.resolve(workspaceRoot, expanded),
+    path.resolve(cwd, expanded),
+  ]);
+
+  return candidates.find((candidate) => fs.existsSync(candidate)) ?? candidates[0];
+}

package/src/version.ts

@@ -0,0 +1,10 @@
+import { createRequire } from "node:module";
+
+type PackageJson = {
+  version?: string;
+};
+
+const require = createRequire(import.meta.url);
+const pkg = require("../package.json") as PackageJson;
+
+export const cliVersion = pkg.version ?? "0.0.0";

package/lib/downloader.js

@@ -1,112 +0,0 @@
-import got from "got";
-import fs from "fs";
-import fsa from "fs-extra";
-import * as os from "node:os";
-import tar from "tar";
-import stream from "node:stream";
-import { promisify } from "node:util";
-import path from "path";
-import { dirname } from "path";
-import { fileURLToPath } from "url";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-const debugMode = process.env.DEBUG != null;
-const pipeline = promisify(stream.pipeline);
-
-const pkg = JSON.parse(fs.readFileSync(__dirname + "/../package.json", "utf8"));
-const CLI_FILENAME = "offwatch";
-
-const logDebug = (message) => {
-  if (debugMode) {
-    console.debug(`[DEBUG] ${message}`);
-  }
-};
-
-const getPlatform = () => {
-  const platform = os.platform();
-  if (platform === "win32") return "win32-x64";
-  if (platform === "darwin") return "darwin-x64";
-  return "linux-x64";
-};
-
-const downloadRelease = async (versionDir) => {
-  logDebug(`downloadRelease(${versionDir})`);
-  const version = pkg.version;
-  const currentVersion = extractVersionParts(version);
-
-  const releases = (await got
-    .get(`https://api.github.com/repos/triss-smith/offwatch/releases`)
-    .json());
-
-  const matchingRelease = releases
-    .filter((release) => {
-      const releaseVersion = extractVersionParts(release.tag_name);
-      return (releaseVersion.major === currentVersion.major &&
-        releaseVersion.minor === currentVersion.minor);
-    })
-    .sort((a, b) => {
-      return Number(extractVersionParts(a.tag_name).patch) >
-        Number(extractVersionParts(b.tag_name).patch)
-        ? -1
-        : 1;
-    })[0] || releases[0];
-
-  if (!matchingRelease) {
-    throw new Error(`No matching release for ${currentVersion.major}.${currentVersion.minor}`);
-  }
-
-  const platform = getPlatform();
-  const asset = matchingRelease.assets.find((asset) => {
-    return asset.name.includes(platform);
-  });
-
-  if (!asset) {
-    throw new Error(`${platform} is not currently supported`);
-  }
-
-  try {
-    fsa.mkdirpSync(versionDir);
-  } catch (e) { }
-
-  const filePath = path.join(versionDir, CLI_FILENAME + ".mjs");
-  logDebug(`download(${asset.browser_download_url})`);
-
-  // For .js files, download to temp then rename
-  if (asset.name.endsWith(".js")) {
-    const tempPath = path.join(versionDir, asset.name);
-    await pipeline(got.stream(asset.browser_download_url), fs.createWriteStream(tempPath));
-    fs.renameSync(tempPath, filePath);
-  } else {
-    // For compressed files
-    const tarPath = path.join(versionDir, path.basename(asset.browser_download_url));
-    await pipeline(got.stream(asset.browser_download_url), fs.createWriteStream(tarPath));
-    await decompress(tarPath, filePath);
-  }
-};
-
-const decompress = async (tarPath, outPath) => {
-  logDebug(`decompress(${tarPath})`);
-  await pipeline(fs.createReadStream(tarPath), tar.x({
-    C: path.dirname(outPath),
-    strip: 1,
-  }));
-};
-
-export const loadCLIBinPath = async (cwd) => {
-  const versionDir = path.join(cwd, pkg.version);
-  const binPath = path.join(versionDir, CLI_FILENAME + ".mjs");
-  logDebug(`loadCLIBinPath: ${binPath}`);
-
-  if (!fs.existsSync(binPath)) {
-    await downloadRelease(versionDir);
-  }
-
-  logDebug(`returning ${binPath}`);
-
-  return binPath;
-};
-
-const extractVersionParts = (version) => {
-  const [major, minor, patch] = version.replace(/^v/, "").split(".");
-  return { major, minor, patch };
-};

package/postinstall.js

@@ -1,23 +0,0 @@
-import { loadCLIBinPath } from "./lib/downloader.js";
-import { dirname } from "path";
-import { fileURLToPath } from "url";
-
-const __dirname = dirname(fileURLToPath(import.meta.url));
-
-// Dumb check to see if dep. Want to skip this script if in workspace
-if (process.cwd().includes("node_modules")) {
-  if (process.env.DEBUG) {
-    console.debug(`[DEBUG] download CLI release`);
-  }
-  loadCLIBinPath(__dirname).then(
-    () => {
-      process.exit(0);
-    },
-    (err) => {
-      console.error(err);
-      process.exit(1);
-    }
-  );
-} else if (process.env.DEBUG) {
-  console.debug(`[DEBUG] skipping debug`);
-}