opencode-bifrost 0.0.1

package/dist/manager.d.ts

@@ -0,0 +1,54 @@
+import type { BifrostConfig } from "./config";
+export type ConnectionState = "disconnected" | "connecting" | "connected" | "disconnecting";
+export type BifrostErrorCode = "UNREACHABLE" | "AUTH_FAILED" | "SOCKET_DEAD" | "COMMAND_FAILED" | "INVALID_STATE" | "TIMEOUT";
+export declare class BifrostError extends Error {
+    readonly code: BifrostErrorCode;
+    readonly name: "BifrostError";
+    constructor(message: string, code: BifrostErrorCode);
+}
+export interface ExecResult {
+    stdout: string;
+    stderr: string;
+    exitCode: number;
+}
+export interface ExecOptions {
+    timeout?: number;
+    maxOutputBytes?: number;
+}
+export declare class BifrostManager implements AsyncDisposable {
+    private _state;
+    private _config;
+    private _controlPath;
+    private _mutex;
+    /**
+     * Explicit Resource Management (ES2024)
+     * Enables: `await using manager = new BifrostManager()`
+     * Auto-disconnects when scope exits
+     */
+    [Symbol.asyncDispose](): Promise<void>;
+    get state(): ConnectionState;
+    get config(): BifrostConfig | null;
+    get controlPath(): string | null;
+    get socketDir(): string;
+    private withMutex;
+    loadConfig(configPath: string): void;
+    private ensureSocketDir;
+    private translateSSHError;
+    private getDestination;
+    connect(): Promise<void>;
+    disconnect(): Promise<void>;
+    /**
+     * Health check via ssh -O check
+     * Returns true if connection is alive
+     */
+    isConnected(): Promise<boolean>;
+    exec(command: string, options?: ExecOptions): Promise<ExecResult>;
+    private runSftp;
+    upload(localPath: string, remotePath: string): Promise<void>;
+    download(remotePath: string, localPath: string): Promise<void>;
+    ensureConnected(): Promise<void>;
+    private doConnect;
+    cleanup(): void;
+}
+export declare const bifrostManager: BifrostManager;
+//# sourceMappingURL=manager.d.ts.map

package/dist/manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"manager.d.ts","sourceRoot":"","sources":["../src/manager.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAG9C,MAAM,MAAM,eAAe,GACvB,cAAc,GACd,YAAY,GACZ,WAAW,GACX,eAAe,CAAC;AAEpB,MAAM,MAAM,gBAAgB,GACxB,aAAa,GACb,aAAa,GACb,aAAa,GACb,gBAAgB,GAChB,eAAe,GACf,SAAS,CAAC;AAEd,qBAAa,YAAa,SAAQ,KAAK;aAKnB,IAAI,EAAE,gBAAgB;IAJxC,SAAyB,IAAI,EAAG,cAAc,CAAU;gBAGtD,OAAO,EAAE,MAAM,EACC,IAAI,EAAE,gBAAgB;CAIzC;AAED,MAAM,WAAW,UAAU;IACzB,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;IACf,QAAQ,EAAE,MAAM,CAAC;CAClB;AAED,MAAM,WAAW,WAAW;IAC1B,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAqDD,qBAAa,cAAe,YAAW,eAAe;IACpD,OAAO,CAAC,MAAM,CAAmC;IACjD,OAAO,CAAC,OAAO,CAA8B;IAC7C,OAAO,CAAC,YAAY,CAAuB;IAC3C,OAAO,CAAC,MAAM,CAAoC;IAElD;;;;OAIG;IACG,CAAC,MAAM,CAAC,YAAY,CAAC,IAAI,OAAO,CAAC,IAAI,CAAC;IAI5C,IAAI,KAAK,IAAI,eAAe,CAE3B;IAED,IAAI,MAAM,IAAI,aAAa,GAAG,IAAI,CAEjC;IAED,IAAI,WAAW,IAAI,MAAM,GAAG,IAAI,CAE/B;IAED,IAAI,SAAS,IAAI,MAAM,CAEtB;YAEa,SAAS;IAavB,UAAU,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI;YAKtB,eAAe;IAkB7B,OAAO,CAAC,iBAAiB;IAiCzB,OAAO,CAAC,cAAc;IAOhB,OAAO,IAAI,OAAO,CAAC,IAAI,CAAC;IA4BxB,UAAU,IAAI,OAAO,CAAC,IAAI,CAAC;IAsCjC;;;OAGG;IACG,WAAW,IAAI,OAAO,CAAC,OAAO,CAAC;IAqB/B,IAAI,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,GAAE,WAAgB,GAAG,OAAO,CAAC,UAAU,CAAC;YAoD7D,OAAO;IAsCf,MAAM,CAAC,SAAS,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI5D,QAAQ,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAI9D,eAAe,IAAI,OAAO,CAAC,IAAI,CAAC;YAqCxB,SAAS;IAiCvB,OAAO,IAAI,IAAI;CAUhB;AAED,eAAO,MAAM,cAAc,gBAAuB,CAAC"}

package/dist/security.d.ts

@@ -0,0 +1,8 @@
+export interface ValidationResult {
+    valid: boolean;
+    error?: string;
+}
+export declare function validatePath(path: string, fieldName: string): ValidationResult;
+export declare function validateCommand(command: string): ValidationResult;
+export declare function escapeShellArg(arg: string): string;
+//# sourceMappingURL=security.d.ts.map

package/dist/security.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"security.d.ts","sourceRoot":"","sources":["../src/security.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AA+BD,wBAAgB,YAAY,CAAC,IAAI,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,gBAAgB,CAmC9E;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,gBAAgB,CAsBjE;AAED,wBAAgB,cAAc,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAElD"}

package/dist/tools/connect.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_connect: ToolDefinition;
+//# sourceMappingURL=connect.d.ts.map

package/dist/tools/connect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../src/tools/connect.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAGrE,eAAO,MAAM,eAAe,EAAE,cA8B5B,CAAC"}

package/dist/tools/disconnect.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_disconnect: ToolDefinition;
+//# sourceMappingURL=disconnect.d.ts.map

package/dist/tools/disconnect.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"disconnect.d.ts","sourceRoot":"","sources":["../../src/tools/disconnect.ts"],"names":[],"mappings":"AAAA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAGrE,eAAO,MAAM,kBAAkB,EAAE,cA0B/B,CAAC"}

package/dist/tools/download.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_download: ToolDefinition;
+//# sourceMappingURL=download.d.ts.map

package/dist/tools/download.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"download.d.ts","sourceRoot":"","sources":["../../src/tools/download.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAIrE,eAAO,MAAM,gBAAgB,EAAE,cA6C7B,CAAC"}

package/dist/tools/exec.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_exec: ToolDefinition;
+//# sourceMappingURL=exec.d.ts.map

package/dist/tools/exec.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"exec.d.ts","sourceRoot":"","sources":["../../src/tools/exec.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAIrE,eAAO,MAAM,YAAY,EAAE,cA8DzB,CAAC"}

package/dist/tools/status.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_status: ToolDefinition;
+//# sourceMappingURL=status.d.ts.map

package/dist/tools/status.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"status.d.ts","sourceRoot":"","sources":["../../src/tools/status.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAIrE,eAAO,MAAM,cAAc,EAAE,cA2C3B,CAAC"}

package/dist/tools/upload.d.ts

@@ -0,0 +1,3 @@
+import { type ToolDefinition } from "@opencode-ai/plugin/tool";
+export declare const bifrost_upload: ToolDefinition;
+//# sourceMappingURL=upload.d.ts.map

package/dist/tools/upload.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload.d.ts","sourceRoot":"","sources":["../../src/tools/upload.ts"],"names":[],"mappings":"AACA,OAAO,EAAQ,KAAK,cAAc,EAAE,MAAM,0BAA0B,CAAC;AAIrE,eAAO,MAAM,cAAc,EAAE,cAkD3B,CAAC"}

package/package.json

@@ -0,0 +1,47 @@
+{
+  "name": "opencode-bifrost",
+  "version": "0.0.1",
+  "description": "OpenCode plugin for persistent SSH connections via ControlMaster multiplexing",
+  "author": "itsmylife44",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/itsmylife44/bifrost.git"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "type": "module",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js"
+    }
+  },
+  "scripts": {
+    "build": "bun build src/index.ts --outdir dist --format esm --target node && tsc --emitDeclarationOnly",
+    "typecheck": "tsc --noEmit",
+    "test": "bun test"
+  },
+  "dependencies": {
+    "@opencode-ai/plugin": "^1.1.53",
+    "zod": "^4.3.6"
+  },
+  "devDependencies": {
+    "bun-types": "latest",
+    "typescript": "^5.9.3"
+  },
+  "keywords": [
+    "opencode",
+    "opencode-plugin",
+    "plugin",
+    "ssh",
+    "controlmaster",
+    "ocx"
+  ],
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/src/config.ts

@@ -0,0 +1,151 @@
+import { z } from "zod";
+import { readFileSync, existsSync, statSync } from "fs";
+import { homedir } from "os";
+
+const SAFE_HOST_PATTERN = /^[a-zA-Z0-9][a-zA-Z0-9.\-]*[a-zA-Z0-9]$|^[a-zA-Z0-9]$/;
+const SAFE_USER_PATTERN = /^[a-zA-Z_][a-zA-Z0-9_\-]*$/;
+
+export const BifrostConfigSchema = z.object({
+  host: z
+    .string()
+    .min(1)
+    .max(253)
+    .refine(
+      (h) => SAFE_HOST_PATTERN.test(h),
+      { message: "Invalid host format. Use IP or hostname without special characters." }
+    )
+    .describe("IP address or hostname of the remote server"),
+  user: z
+    .string()
+    .default("root")
+    .refine(
+      (u) => SAFE_USER_PATTERN.test(u),
+      { message: "Invalid username format" }
+    )
+    .describe("SSH username for authentication"),
+  keyPath: z
+    .string()
+    .describe("Path to SSH private key (supports ~ expansion)"),
+  port: z
+    .number()
+    .int()
+    .positive()
+    .default(22)
+    .describe("SSH port number"),
+  connectTimeout: z
+    .number()
+    .int()
+    .positive()
+    .default(10)
+    .describe("Connection timeout in seconds"),
+  controlPersist: z
+    .string()
+    .default("15m")
+    .describe("ControlPersist value for SSH multiplexing"),
+  serverAliveInterval: z
+    .number()
+    .int()
+    .positive()
+    .default(30)
+    .describe("Keepalive interval in seconds"),
+});
+
+export type BifrostConfig = z.infer<typeof BifrostConfigSchema>;
+
+function expandTildePath(path: string): string {
+  if (path.startsWith("~")) {
+    return path.replace("~", homedir());
+  }
+  return path;
+}
+
+function validateKeyFile(keyPath: string): void {
+  const expandedPath = expandTildePath(keyPath);
+
+  if (!existsSync(expandedPath)) {
+    throw new Error(`Key file not found: ${expandedPath}`);
+  }
+
+  try {
+    const stats = statSync(expandedPath);
+    const mode = stats.mode;
+
+    // Check if world-readable (0o004)
+    if (mode & 0o004) {
+      throw new Error(
+        `Key file ${expandedPath} is world-readable. Fix with: chmod 600 ${expandedPath}`
+      );
+    }
+
+    // Check if group-readable (0o040)
+    if (mode & 0o040) {
+      throw new Error(
+        `Key file ${expandedPath} is group-readable. Fix with: chmod 600 ${expandedPath}`
+      );
+    }
+
+    // Must be a regular file
+    if (!stats.isFile()) {
+      throw new Error(`Key path ${expandedPath} is not a regular file`);
+    }
+  } catch (err) {
+    if (err instanceof Error && err.message.startsWith("Key")) {
+      throw err;
+    }
+    throw new Error(`Failed to check key file permissions: ${err}`);
+  }
+}
+
+export function parseConfig(configPath: string): BifrostConfig {
+  try {
+    if (!existsSync(configPath)) {
+      throw new Error(`Config file not found: ${configPath}`);
+    }
+
+    const rawContent = readFileSync(configPath, "utf-8");
+    const rawJson = JSON.parse(rawContent);
+
+    // Expand tilde in keyPath before validation
+    if (rawJson.keyPath) {
+      rawJson.keyPath = expandTildePath(rawJson.keyPath);
+    }
+
+    const config = BifrostConfigSchema.parse(rawJson);
+
+    // Validate key file after schema parsing
+    validateKeyFile(config.keyPath);
+
+    return config;
+  } catch (err) {
+    if (err instanceof Error) {
+      if (err.name === "ZodError") {
+        const pathMatches = err.message.match(/"path":\s*\[\s*"([^"]+)"/g);
+        if (pathMatches) {
+          const fields = pathMatches
+            .map((match) => {
+              const fieldMatch = match.match(/"([^"]+)"$/);
+              return fieldMatch ? fieldMatch[1] : null;
+            })
+            .filter((f) => f !== null) as string[];
+
+          const uniqueFields = Array.from(new Set(fields));
+          if (uniqueFields.length > 0) {
+            throw new Error(`Missing required field(s): ${uniqueFields.join(", ")}`);
+          }
+        }
+
+        throw new Error(`Invalid config: ${err.message}`);
+      }
+
+      if (err.message.startsWith("Key file") || err.message.startsWith("Failed to check")) {
+        throw err;
+      }
+
+      if (err instanceof SyntaxError) {
+        throw new Error(`JSON parse error: ${err.message}`);
+      }
+    }
+
+    throw err;
+  }
+}

package/src/hooks.ts

@@ -0,0 +1 @@
+export const placeholder = true;

package/src/index.ts

@@ -0,0 +1,64 @@
+import type { Plugin } from "@opencode-ai/plugin";
+import { bifrostManager } from "./manager";
+import { bifrost_connect } from "./tools/connect";
+import { bifrost_exec } from "./tools/exec";
+import { bifrost_status } from "./tools/status";
+import { bifrost_disconnect } from "./tools/disconnect";
+import { bifrost_upload } from "./tools/upload";
+import { bifrost_download } from "./tools/download";
+
+const Bifrost: Plugin = async (ctx) => {
+  // Cleanup stale sockets on plugin init
+  bifrostManager.cleanup();
+
+  return {
+    tool: {
+      bifrost_connect,
+      bifrost_exec,
+      bifrost_status,
+      bifrost_disconnect,
+      bifrost_upload,
+      bifrost_download,
+    },
+    event: async (input) => {
+      // On session end → auto-disconnect
+      if (input.event.type === "session.deleted") {
+        await bifrostManager.disconnect();
+      }
+    },
+    "experimental.chat.system.transform": async (input, output) => {
+      output.system.push(`## Bifrost SSH Plugin — Remote Server Access
+
+You have access to a remote server via persistent SSH connection. The server is pre-configured in ~/.config/opencode/bifrost.json.
+
+### Available Tools
+- \`bifrost_connect\` — Establish persistent SSH connection (call once per session)
+- \`bifrost_exec\` — Execute any command on the remote server
+- \`bifrost_status\` — Check connection status
+- \`bifrost_disconnect\` — Close the connection
+- \`bifrost_upload\` — Upload a local file to the remote server
+- \`bifrost_download\` — Download a file from the remote server
+
+### When to Use
+Automatically use these tools when the user:
+- Mentions "server", "remote", "deploy", "production", "staging", "VPS", "Hetzner"
+- Asks to test something "on the server" or "remotely"
+- Wants to install, configure, or check something on the remote machine
+- Asks about server status, logs, or running processes
+- Wants to transfer files to/from the server
+
+### Workflow
+1. Call \`bifrost_connect\` to establish the connection (only needed once, it persists)
+2. Use \`bifrost_exec\` to run commands (e.g., \`bifrost_exec({command: "docker ps"})\`)
+3. Use \`bifrost_upload\`/\`bifrost_download\` for file transfers
+4. The connection auto-disconnects when the session ends
+
+### Important
+- Do NOT use raw \`ssh\` commands — always use bifrost tools
+- The connection is persistent — you don't need to reconnect for each command
+- If you get a connection error, try \`bifrost_connect\` again (it auto-reconnects)`);
+    },
+  };
+};
+
+export default Bifrost;