pal-explorer-cli 0.4.11 → 0.4.13

package/lib/commands/workspace.js

@@ -1,121 +1,121 @@
-import chalk from 'chalk';
-import config from '../utils/config.js';
-
-function genId() {
-  return Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
-}
-
-export default function workspaceCommand(program) {
-  const cmd = program
-    .command('workspace')
-    .description('manage workspaces (collections of shares)')
-    .addHelpText('after', `
-Examples:
-  $ pe workspace                          List all workspaces
-  $ pe workspace list                     List all workspaces
-  $ pe workspace create "My Project"      Create a workspace
-  $ pe workspace delete <id>              Delete a workspace
-  $ pe workspace add <wsId> <shareId>     Add share to workspace
-  $ pe workspace remove <wsId> <shareId>  Remove share from workspace
-`)
-    .action(() => {
-      printWorkspaces();
-    });
-
-  cmd
-    .command('list')
-    .description('list all workspaces')
-    .action(() => {
-      printWorkspaces();
-    });
-
-  cmd
-    .command('create <name>')
-    .description('create a new workspace')
-    .option('--description <desc>', 'Workspace description')
-    .action((name, opts) => {
-      const workspaces = config.get('workspaces') || [];
-      const ws = {
-        id: genId(),
-        name,
-        description: opts.description || '',
-        shares: [],
-        paths: [],
-        createdAt: new Date().toISOString(),
-      };
-      workspaces.push(ws);
-      config.set('workspaces', workspaces);
-      console.log(chalk.green(`\u2714 Workspace created: ${ws.name}`));
-      console.log(`  ID: ${chalk.white(ws.id)}`);
-    });
-
-  cmd
-    .command('delete <id>')
-    .description('delete a workspace')
-    .action((id) => {
-      const workspaces = config.get('workspaces') || [];
-      const ws = workspaces.find(w => w.id === id);
-      if (!ws) {
-        console.log(chalk.red('Workspace not found.'));
-        process.exitCode = 1;
-        return;
-      }
-      config.set('workspaces', workspaces.filter(w => w.id !== id));
-      console.log(chalk.green(`\u2714 Workspace "${ws.name}" deleted.`));
-    });
-
-  cmd
-    .command('add <workspaceId> <shareId>')
-    .description('add a share to a workspace')
-    .action((workspaceId, shareId) => {
-      const workspaces = config.get('workspaces') || [];
-      const ws = workspaces.find(w => w.id === workspaceId);
-      if (!ws) {
-        console.log(chalk.red('Workspace not found.'));
-        process.exitCode = 1;
-        return;
-      }
-      if (ws.shares.includes(shareId)) {
-        console.log(chalk.yellow('Share already in workspace.'));
-        return;
-      }
-      ws.shares.push(shareId);
-      config.set('workspaces', workspaces);
-      console.log(chalk.green(`\u2714 Share ${shareId} added to "${ws.name}".`));
-    });
-
-  cmd
-    .command('remove <workspaceId> <shareId>')
-    .description('remove a share from a workspace')
-    .action((workspaceId, shareId) => {
-      const workspaces = config.get('workspaces') || [];
-      const ws = workspaces.find(w => w.id === workspaceId);
-      if (!ws) {
-        console.log(chalk.red('Workspace not found.'));
-        process.exitCode = 1;
-        return;
-      }
-      if (!ws.shares.includes(shareId)) {
-        console.log(chalk.yellow('Share not in workspace.'));
-        return;
-      }
-      ws.shares = ws.shares.filter(id => id !== shareId);
-      config.set('workspaces', workspaces);
-      console.log(chalk.green(`\u2714 Share ${shareId} removed from "${ws.name}".`));
-    });
-}
-
-function printWorkspaces() {
-  const workspaces = config.get('workspaces') || [];
-  if (workspaces.length === 0) {
-    console.log(chalk.gray('No workspaces. Use `pe workspace create <name>` to create one.'));
-    return;
-  }
-  console.log('');
-  console.log(chalk.cyan('Workspaces:'));
-  for (const ws of workspaces) {
-    console.log(`  ${chalk.white(ws.id)}  ${chalk.yellow(ws.name)}`);
-    if (ws.description) console.log(`    ${chalk.gray(ws.description)}`);
-    console.log(`    Shares: ${chalk.white(ws.shares.length)}  Created: ${chalk.gray(ws.createdAt)}`);
-  }
-}
+import chalk from 'chalk';
+import config from '../utils/config.js';
+
+function genId() {
+  return Date.now().toString(36) + Math.random().toString(36).slice(2, 6);
+}
+
+export default function workspaceCommand(program) {
+  const cmd = program
+    .command('workspace')
+    .description('manage workspaces (collections of shares)')
+    .addHelpText('after', `
+Examples:
+  $ pal workspace                          List all workspaces
+  $ pal workspace list                     List all workspaces
+  $ pal workspace create "My Project"      Create a workspace
+  $ pal workspace delete <id>              Delete a workspace
+  $ pal workspace add <wsId> <shareId>     Add share to workspace
+  $ pal workspace remove <wsId> <shareId>  Remove share from workspace
+`)
+    .action(() => {
+      printWorkspaces();
+    });
+
+  cmd
+    .command('list')
+    .description('list all workspaces')
+    .action(() => {
+      printWorkspaces();
+    });
+
+  cmd
+    .command('create <name>')
+    .description('create a new workspace')
+    .option('--description <desc>', 'Workspace description')
+    .action((name, opts) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = {
+        id: genId(),
+        name,
+        description: opts.description || '',
+        shares: [],
+        paths: [],
+        createdAt: new Date().toISOString(),
+      };
+      workspaces.push(ws);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Workspace created: ${ws.name}`));
+      console.log(`  ID: ${chalk.white(ws.id)}`);
+    });
+
+  cmd
+    .command('delete <id>')
+    .description('delete a workspace')
+    .action((id) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === id);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      config.set('workspaces', workspaces.filter(w => w.id !== id));
+      console.log(chalk.green(`\u2714 Workspace "${ws.name}" deleted.`));
+    });
+
+  cmd
+    .command('add <workspaceId> <shareId>')
+    .description('add a share to a workspace')
+    .action((workspaceId, shareId) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === workspaceId);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      if (ws.shares.includes(shareId)) {
+        console.log(chalk.yellow('Share already in workspace.'));
+        return;
+      }
+      ws.shares.push(shareId);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Share ${shareId} added to "${ws.name}".`));
+    });
+
+  cmd
+    .command('remove <workspaceId> <shareId>')
+    .description('remove a share from a workspace')
+    .action((workspaceId, shareId) => {
+      const workspaces = config.get('workspaces') || [];
+      const ws = workspaces.find(w => w.id === workspaceId);
+      if (!ws) {
+        console.log(chalk.red('Workspace not found.'));
+        process.exitCode = 1;
+        return;
+      }
+      if (!ws.shares.includes(shareId)) {
+        console.log(chalk.yellow('Share not in workspace.'));
+        return;
+      }
+      ws.shares = ws.shares.filter(id => id !== shareId);
+      config.set('workspaces', workspaces);
+      console.log(chalk.green(`\u2714 Share ${shareId} removed from "${ws.name}".`));
+    });
+}
+
+function printWorkspaces() {
+  const workspaces = config.get('workspaces') || [];
+  if (workspaces.length === 0) {
+    console.log(chalk.gray('No workspaces. Use `pal workspace create <name>` to create one.'));
+    return;
+  }
+  console.log('');
+  console.log(chalk.cyan('Workspaces:'));
+  for (const ws of workspaces) {
+    console.log(`  ${chalk.white(ws.id)}  ${chalk.yellow(ws.name)}`);
+    if (ws.description) console.log(`    ${chalk.gray(ws.description)}`);
+    console.log(`    Shares: ${chalk.white(ws.shares.length)}  Created: ${chalk.gray(ws.createdAt)}`);
+  }
+}

package/lib/core/billing.js

@@ -35,6 +35,7 @@ export const PLANS = {
       vfsMount: false, explorerMenu: false, autoSync: false, deltaSync: false,
       batchTransfers: false, prioritySeeding: false, analytics90d: false,
       encryptedBackup: false, priorityRelay: false, customThemes: false, vanityHandle: false,
+      customAvatar: false, shareImages: false, customStatusText: false, invisibleStatus: false, autoAway: false,
     },
   },
   pro_monthly: {
@@ -49,6 +50,7 @@ export const PLANS = {
       vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
       batchTransfers: true, prioritySeeding: true, analytics90d: true,
       encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+      customAvatar: true, shareImages: true, customStatusText: true, invisibleStatus: true, autoAway: true,
     },
   },
   pro_annual: {
@@ -63,6 +65,7 @@ export const PLANS = {
       vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
       batchTransfers: true, prioritySeeding: true, analytics90d: true,
       encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+      customAvatar: true, shareImages: true, customStatusText: true, invisibleStatus: true, autoAway: true,
     },
   },
   enterprise: {
@@ -77,6 +80,7 @@ export const PLANS = {
       vfsMount: true, explorerMenu: true, autoSync: true, deltaSync: true,
       batchTransfers: true, prioritySeeding: true, analytics90d: true,
       encryptedBackup: true, priorityRelay: true, customThemes: true, vanityHandle: true,
+      customAvatar: true, shareImages: true, customStatusText: true, invisibleStatus: true, autoAway: true,
       oauth: true, sso: true, auditExport: true, dlpPolicies: true,
       retentionRules: true, brandedThemes: true, webhooks: true,
       dedicatedRelay: true, prioritySupport: true,
@@ -273,13 +277,20 @@ function downgradeToFree(reason) {
 let _revalidationPromise = null;
 
 export function getActivePlan() {
-  // BETA: all features unlocked — re-enable billing when ready
+  const data = getBillingData();
+  if (data && data.plan && PLANS[data.plan]) {
+    return {
+      id: data.plan,
+      ...PLANS[data.plan],
+      expiresAt: data.expiresAt,
+      source: 'license',
+    };
+  }
   return {
-    key: 'enterprise',
-    ...PLANS.enterprise,
+    id: 'free',
+    ...PLANS.free,
     expiresAt: null,
-    source: 'beta',
-    customerEmail: null,
+    source: 'default',
   };
 }
 

package/lib/core/dhtDiscovery.js

@@ -67,10 +67,17 @@ export class DHTDiscovery {
     });
   }
 
-  async publish(handle, publicKey, privateKey) {
+  async publish(handle, publicKey, privateKey, profile) {
     await this.ready;
     const { pk, sk } = extractKeyPair(privateKey);
-    const value = Buffer.from(JSON.stringify({ handle, publicKey, timestamp: Date.now() }));
+    const payload = { handle, publicKey, timestamp: Date.now() };
+    if (profile) {
+      if (profile.displayName) payload.dn = profile.displayName.slice(0, 50);
+      if (profile.presenceStatus) payload.ps = profile.presenceStatus;
+      if (profile.country) payload.co = profile.country.slice(0, 2);
+      if (profile.language) payload.la = profile.language.slice(0, 5);
+    }
+    const value = Buffer.from(JSON.stringify(payload));
 
     if (value.length > 1000) {
       throw new Error('DHT payload too large (max 1000 bytes for BEP 44)');

package/lib/core/discoveryClient.js

@@ -27,18 +27,24 @@ export function parseHandle(handle) {
 }
 
 export function getServers(role) {
-  if (role) {
-    const roleServers = getServersForRole(role);
-    if (roleServers.length > 0) return roleServers;
-    // fallback: return all servers (backward compat with servers that have no roles)
-  }
+  // User-configured discovery servers take highest precedence
   const settings = config.get('settings') || {};
   const servers = settings.discovery_servers;
   if (Array.isArray(servers) && servers.length > 0) return [...servers];
   if (typeof servers === 'string' && servers.trim()) return servers.split(',').map(s => s.trim()).filter(Boolean);
   const single = settings.discovery_url || process.env.PAL_DISCOVERY_URL;
   if (single) return [single];
-  return getBootstrapServers();
+
+  // Then try role-based servers (from addServerWithRoles)
+  if (role) {
+    const roleServers = getServersForRole(role);
+    if (roleServers.length > 0) return roleServers;
+  }
+  const bootstrap = getBootstrapServers();
+  if (!bootstrap.includes('http://138.2.142.188:7474')) {
+    bootstrap.unshift('http://138.2.142.188:7474');
+  }
+  return bootstrap;
 }
 
 export function getPrimaryServer() {
@@ -388,7 +394,7 @@ export async function pinServerKey(serverUrl) {
       const err = new Error(
         `Server key changed for ${serverUrl}! ` +
         `Pinned: ${keyFingerprint(existing)}, Current: ${keyFingerprint(publicKey)}. ` +
-        `Run 'pe server verify' to inspect and accept the new key.`
+        `Run 'pal server verify' to inspect and accept the new key.`
       );
       err.code = 'SERVER_KEY_CHANGED';
       err.pinnedKey = existing;

package/lib/core/extensions.js

@@ -47,6 +47,17 @@ const HIGH_RISK_PERMISSIONS = new Set([
 // Whether to require signatures on community extensions (default: true in production)
 const REQUIRE_SIGNATURE = config.get('extensionRequireSignature') ?? (process.env.NODE_ENV === 'production');
 
+// Extension command registry: { extName -> { cmdName -> handler } }
+const commandRegistry = new Map();
+
+// Command invocation rate limiting: { extName -> { count, resetTime } }
+const commandRateLimits = new Map();
+const COMMAND_RATE_LIMIT = 60; // per minute per extension
+const COMMAND_TIMEOUT = 30000; // 30 seconds
+
+// Valid context types for GUI actions
+const VALID_ACTION_CONTEXTS = new Set(['file', 'folder', 'share', 'toolbar', 'page']);
+
 const TIER_RANK = { free: 0, pro: 1, enterprise: 2 };
 
 function checkExtensionTier(manifest) {
@@ -192,6 +203,41 @@ function validateManifest(manifest) {
     }
   }
   if (manifest.hooks && manifest.hooks.length > 20) return 'Too many hooks (max 20)';
+
+  // Validate contributes.commands
+  if (manifest.contributes?.commands) {
+    const cmds = manifest.contributes.commands;
+    if (!Array.isArray(cmds)) return 'contributes.commands must be an array';
+    if (cmds.length > 10) return 'Too many contributed commands (max 10)';
+    for (const cmd of cmds) {
+      if (!cmd.name || typeof cmd.name !== 'string') return 'Command missing name';
+      if (!/^[a-z][a-z0-9- ]{0,29}$/.test(cmd.name)) return `Invalid command name: ${cmd.name}`;
+      if (!cmd.description) return `Command ${cmd.name} missing description`;
+      if (cmd.args && cmd.args.length > 5) return `Command ${cmd.name} has too many args (max 5)`;
+      if (cmd.options && cmd.options.length > 10) return `Command ${cmd.name} has too many options (max 10)`;
+      if (cmd.options) {
+        for (const opt of cmd.options) {
+          if (/^--(help|version)/.test(opt.flags)) return `Command ${cmd.name} cannot override --help/--version`;
+        }
+      }
+    }
+  }
+
+  // Validate contributes.actions
+  if (manifest.contributes?.actions) {
+    const actions = manifest.contributes.actions;
+    if (!Array.isArray(actions)) return 'contributes.actions must be an array';
+    if (actions.length > 20) return 'Too many contributed actions (max 20)';
+    for (const action of actions) {
+      if (!action.id || !/^[a-z][a-z0-9-]{0,49}$/.test(action.id)) return `Invalid action id: ${action.id}`;
+      if (!action.label) return `Action ${action.id} missing label`;
+      if (!action.context || !VALID_ACTION_CONTEXTS.has(action.context)) {
+        return `Action ${action.id} has invalid context (must be: ${[...VALID_ACTION_CONTEXTS].join(', ')})`;
+      }
+      if (!action.command) return `Action ${action.id} missing command reference`;
+    }
+  }
+
   return null;
 }
 
@@ -353,6 +399,18 @@ function buildContext(manifest) {
       mode: globalThis.__palMode || 'cli',
     },
     store: createStore(manifest.name),
+    commands: {
+      register(name, handler) {
+        const declaredCmds = manifest.contributes?.commands || [];
+        if (!declaredCmds.some(c => c.name === name)) {
+          throw new Error(`Command "${name}" not declared in manifest contributes.commands`);
+        }
+        if (typeof handler !== 'function') throw new Error(`Command handler must be a function`);
+        const extName = manifest.bundled ? `@palexplorer/${manifest.name}` : manifest.name;
+        if (!commandRegistry.has(extName)) commandRegistry.set(extName, new Map());
+        commandRegistry.get(extName).set(name, handler);
+      },
+    },
   };
 
   if (perms.has('identity:read')) {
@@ -601,6 +659,15 @@ function buildSandboxContext(manifest) {
         new Notification(title, { body });
       }
     },
+    registerCommand(name, handler) {
+      const declaredCmds = manifest.contributes?.commands || [];
+      if (!declaredCmds.some(c => c.name === name)) {
+        throw new Error(`Command "${name}" not declared in manifest contributes.commands`);
+      }
+      if (typeof handler !== 'function') throw new Error(`Command handler must be a function`);
+      if (!commandRegistry.has(manifest.name)) commandRegistry.set(manifest.name, new Map());
+      commandRegistry.get(manifest.name).set(name, handler);
+    },
   };
 }
 
@@ -642,7 +709,7 @@ async function loadExtension(extPath, manifest) {
   const currentHash = computeIntegrityHash(extPath, manifest);
   if (storedHash && storedHash !== currentHash) {
     console.error(`[extensions] SECURITY: ${fullName} files modified since install. Refusing to load.`);
-    console.error(`[extensions] Run 'pe ext remove ${manifest.name} && pe ext install ...' to reinstall.`);
+    console.error(`[extensions] Run 'pal ext remove ${manifest.name} && pal ext install ...' to reinstall.`);
     return;
   }
 
@@ -979,6 +1046,76 @@ function getExtension(name) {
   return loadedExtensions.get(name);
 }
 
+function getContributedCommands() {
+  const extensions = getInstalledExtensions();
+  const result = [];
+  for (const ext of extensions) {
+    if (!ext.enabled) continue;
+    if (!ext.contributes?.commands?.length) continue;
+    const fullName = ext.bundled ? `@palexplorer/${ext.name}` : ext.name;
+    result.push({
+      extension: fullName,
+      commands: ext.contributes.commands.map(cmd => ({
+        name: cmd.name,
+        description: cmd.description,
+        args: cmd.args || [],
+        options: cmd.options || [],
+      })),
+    });
+  }
+  return result;
+}
+
+function getContributedActions() {
+  const extensions = getInstalledExtensions();
+  const actions = [];
+  for (const ext of extensions) {
+    if (!ext.enabled) continue;
+    if (!ext.contributes?.actions?.length) continue;
+    const fullName = ext.bundled ? `@palexplorer/${ext.name}` : ext.name;
+    for (const action of ext.contributes.actions) {
+      actions.push({
+        id: action.id,
+        label: action.label,
+        icon: action.icon || null,
+        context: action.context,
+        command: action.command,
+        extension: fullName,
+        minLevel: action.minLevel || null,
+      });
+    }
+  }
+  return actions;
+}
+
+async function invokeExtensionCommand(extName, cmdName, args, opts) {
+  // Rate limiting
+  const now = Date.now();
+  let limit = commandRateLimits.get(extName);
+  if (!limit || now > limit.resetTime) {
+    limit = { count: 0, resetTime: now + 60000 };
+    commandRateLimits.set(extName, limit);
+  }
+  limit.count++;
+  if (limit.count > COMMAND_RATE_LIMIT) {
+    throw new Error(`Rate limit exceeded for extension ${extName} (max ${COMMAND_RATE_LIMIT}/min)`);
+  }
+
+  const extCommands = commandRegistry.get(extName);
+  if (!extCommands || !extCommands.has(cmdName)) {
+    throw new Error(`Command "${cmdName}" not registered by extension ${extName}`);
+  }
+
+  const handler = extCommands.get(cmdName);
+  const result = await Promise.race([
+    handler(args, opts),
+    new Promise((_, reject) => setTimeout(() => reject(new Error(`Command timeout (${COMMAND_TIMEOUT / 1000}s)`)), COMMAND_TIMEOUT)),
+  ]);
+
+  // Sanitize output — must be JSON-serializable
+  return JSON.parse(JSON.stringify(result ?? { ok: true }));
+}
+
 function getContributedPages() {
   const extensions = getInstalledExtensions();
   const pages = [];
@@ -1028,6 +1165,10 @@ export {
   loadedExtensions,
   getExtension,
   getContributedPages,
+  getContributedCommands,
+  getContributedActions,
+  invokeExtensionCommand,
+  commandRegistry,
   getInstalledExtensions,
   loadAllExtensions,
   loadExtension,

package/lib/core/identity.js

@@ -218,20 +218,51 @@ export function setIdentityHandle(handle) {
   return updated;
 }
 
+export const PRESENCE_STATUSES = ['online', 'away', 'dnd', 'invisible'];
+
+export const PROFILE_FIELDS = [
+  'avatar', 'bio', 'status', 'displayName',
+  'avatarHash', 'avatarMagnet',
+  'presenceStatus', 'statusText',
+  'age', 'gender', 'country', 'language', 'interests',
+];
+
 export function updateProfile(fields) {
   const identity = config.get('identity');
   if (!identity) return null;
 
-  const allowed = ['avatar', 'bio', 'status', 'displayName'];
   const updated = { ...identity };
-  for (const key of allowed) {
+  for (const key of PROFILE_FIELDS) {
     if (fields[key] !== undefined) updated[key] = fields[key];
   }
+  if (fields.presenceStatus && !PRESENCE_STATUSES.includes(fields.presenceStatus)) {
+    throw new Error(`Invalid presence status: ${fields.presenceStatus}`);
+  }
+  if (fields.interests) {
+    if (!Array.isArray(fields.interests)) throw new Error('Interests must be an array');
+    updated.interests = fields.interests.slice(0, 20).map(i => String(i).slice(0, 30));
+  }
+  if (fields.age !== undefined) {
+    const age = Number(fields.age);
+    if (fields.age !== null && (isNaN(age) || age < 0 || age > 150)) throw new Error('Invalid age');
+    updated.age = fields.age === null ? undefined : age;
+  }
   updated.updatedAt = new Date().toISOString();
   config.set('identity', updated);
   return updated;
 }
 
+export function getProfile() {
+  const identity = config.get('identity');
+  if (!identity) return null;
+  const profile = {};
+  for (const key of PROFILE_FIELDS) {
+    if (identity[key] !== undefined) profile[key] = identity[key];
+  }
+  profile.joinedAt = identity.createdAt;
+  return profile;
+}
+
 function keypairFromSeed(seed) {
   const publicKey = Buffer.alloc(sodium.crypto_sign_PUBLICKEYBYTES);
   const privateKey = Buffer.alloc(sodium.crypto_sign_SECRETKEYBYTES);