rds_ssm_connect 1.7.5 → 1.7.7

package/.github/workflows/release.yml

@@ -28,10 +28,6 @@ jobs:
             rust_target: x86_64-unknown-linux-gnu
             sidecar_target: node22-linux-x64
             sidecar_triple: x86_64-unknown-linux-gnu
-          - platform: ubuntu-24.04-arm64
-            rust_target: aarch64-unknown-linux-gnu
-            sidecar_target: node22-linux-arm64
-            sidecar_triple: aarch64-unknown-linux-gnu
           - platform: windows-latest
             rust_target: x86_64-pc-windows-msvc
             sidecar_target: node22-win-x64
@@ -105,9 +101,16 @@ jobs:
         id: version
         run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_OUTPUT
 
+      - name: Download signature files from release
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          mkdir -p sigs
+          gh release download "v${{ steps.version.outputs.VERSION }}" --pattern '*.sig' --dir sigs || true
+
       - name: Generate latest.json
         run: |
-          node scripts/generate-update-json.js ${{ steps.version.outputs.VERSION }} https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION }}
+          node scripts/generate-update-json.js ${{ steps.version.outputs.VERSION }} https://github.com/${{ github.repository }}/releases/download/v${{ steps.version.outputs.VERSION }} sigs
 
       - name: Upload latest.json to release
         uses: softprops/action-gh-release@v1

package/README.md

@@ -22,17 +22,85 @@ Secure database tunneling to AWS RDS through SSM port forwarding via bastion hos
 
 ## Installation
 
-### Desktop App
+### macOS (Homebrew)
 
-Download the latest installer for your platform from [GitHub Releases](https://github.com/yarka-guru/connection_app/releases):
+```bash
+brew tap yarka-guru/tap
+brew install --cask rds-ssm-connect
+```
 
-| Platform | Format |
-|----------|--------|
-| macOS (Apple Silicon + Intel) | `.dmg` |
-| Windows | `.msi` / `.exe` |
-| Linux | `.deb` / `.AppImage` |
+This installs the desktop app along with `aws-vault` and `awscli` dependencies. You also need the [Session Manager Plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html):
 
-### CLI
+```bash
+brew install --cask session-manager-plugin
+```
+
+Or download the `.dmg` directly from [GitHub Releases](https://github.com/yarka-guru/connection_app/releases).
+
+### Linux
+
+#### Option A: Homebrew
+
+```bash
+# Install Homebrew if not already installed
+/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
+echo 'eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"' >> ~/.bashrc
+eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)"
+
+# Install the app (includes aws-vault and awscli as dependencies)
+brew tap yarka-guru/tap
+brew install yarka-guru/tap/rds-ssm-connect
+
+# Install Session Manager Plugin (ARM64)
+curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_arm64/session-manager-plugin.deb" -o session-manager-plugin.deb
+sudo dpkg -i session-manager-plugin.deb
+# For x86_64, replace ubuntu_arm64 with ubuntu_64bit
+
+# Make brew tools visible to the desktop app
+echo 'export PATH="/home/linuxbrew/.linuxbrew/bin:$PATH"' | sudo tee /etc/profile.d/linuxbrew.sh
+# Log out and back in for this to take effect
+```
+
+#### Option B: Direct .deb install
+
+```bash
+# 1. Download and install the app
+# ARM64:
+wget https://github.com/yarka-guru/connection_app/releases/latest/download/RDS.SSM.Connect_1.7.5_arm64.deb
+sudo dpkg -i RDS.SSM.Connect_1.7.5_arm64.deb
+# x86_64:
+# wget https://github.com/yarka-guru/connection_app/releases/latest/download/RDS.SSM.Connect_1.7.5_amd64.deb
+# sudo dpkg -i RDS.SSM.Connect_1.7.5_amd64.deb
+
+# 2. Install aws-vault
+# ARM64:
+wget https://github.com/99designs/aws-vault/releases/latest/download/aws-vault-linux-arm64 -O aws-vault
+# x86_64:
+# wget https://github.com/99designs/aws-vault/releases/latest/download/aws-vault-linux-amd64 -O aws-vault
+chmod +x aws-vault && sudo mv aws-vault /usr/local/bin/
+
+# 3. Install AWS CLI
+# ARM64:
+curl "https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip" -o awscliv2.zip
+# x86_64:
+# curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o awscliv2.zip
+unzip awscliv2.zip && sudo ./aws/install
+
+# 4. Install Session Manager Plugin
+# ARM64:
+curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_arm64/session-manager-plugin.deb" -o session-manager-plugin.deb
+# x86_64:
+# curl "https://s3.amazonaws.com/session-manager-downloads/plugin/latest/ubuntu_64bit/session-manager-plugin.deb" -o session-manager-plugin.deb
+sudo dpkg -i session-manager-plugin.deb
+```
+
+### Windows
+
+Download the `.msi` or `.exe` installer from [GitHub Releases](https://github.com/yarka-guru/connection_app/releases).
+
+Prerequisites must be installed separately: [aws-vault](https://github.com/99designs/aws-vault), [AWS CLI](https://aws.amazon.com/cli/), [Session Manager Plugin](https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-working-with-install-plugin.html).
+
+### CLI (all platforms)
 
 ```bash
 npm install -g rds_ssm_connect
@@ -141,7 +209,7 @@ src/
 ## Publishing
 
 - **npm**: Published automatically via GitHub Actions when a release is created
-- **Desktop**: Multi-platform builds (macOS ARM64/x64, Linux x64, Windows x64) via `tauri-action` on git tags
+- **Desktop**: Multi-platform builds (macOS ARM64/x64, Linux ARM64/x64, Windows x64) via `tauri-action` on git tags
 
 ## License
 

package/connect.js

@@ -3,13 +3,14 @@
 import { exec } from 'node:child_process'
 import { EventEmitter } from 'node:events'
 import fs from 'node:fs/promises'
+import net from 'node:net'
 import os from 'node:os'
 import path from 'node:path'
 import { promisify } from 'node:util'
 import { PROJECT_CONFIGS } from './envPortMapping.js'
 
 // Package info for version checking
-const packageJson = { name: 'rds_ssm_connect', version: '1.6.2' }
+const packageJson = { name: 'rds_ssm_connect', version: '1.7.7' }
 
 const execAsync = promisify(exec)
 
@@ -22,6 +23,9 @@ const RETRY_CONFIG = {
   BASTION_WAIT_RETRY_DELAY_MS: 15000,
   PORT_FORWARDING_MAX_RETRIES: 2,
   SSM_AGENT_READY_WAIT_MS: 10000,
+  KEEPALIVE_INTERVAL_MS: 4 * 60 * 1000,
+  AUTO_RECONNECT_MAX_RETRIES: 50,
+  AUTO_RECONNECT_DELAY_MS: 3000,
 }
 
 // Version check configuration
@@ -119,6 +123,22 @@ async function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms))
 }
 
+// Keepalive: periodic TCP ping through the tunnel to prevent SSM idle timeout.
+// Each connection attempt generates traffic on the SSM WebSocket channel,
+// resetting the server-side idle timer (default 20 min).
+function startKeepalive(localPort) {
+  const timer = setInterval(() => {
+    const socket = new net.Socket()
+    socket.setTimeout(5000)
+    socket.connect(parseInt(localPort, 10), '127.0.0.1', () => {
+      socket.destroy()
+    })
+    socket.on('error', () => socket.destroy())
+    socket.on('timeout', () => socket.destroy())
+  }, RETRY_CONFIG.KEEPALIVE_INTERVAL_MS)
+  return () => clearInterval(timer)
+}
+
 async function terminateBastionInstance(ENV, instanceId, region) {
   const terminateCommand = `aws-vault exec ${ENV} -- aws ec2 terminate-instances --region ${region} --instance-ids ${instanceId}`
   await runCommand(terminateCommand)
@@ -487,7 +507,9 @@ async function getProfilesForProjectKey(projectKey) {
   return getProfilesForProject(allProfiles, projectConfig, PROJECT_CONFIGS)
 }
 
-// Connect to RDS through bastion - returns connection info and control object
+// Connect to RDS through bastion - returns connection info and control object.
+// Includes keepalive (prevents SSM idle timeout) and auto-reconnect
+// (transparently reconnects on the same port if session drops unexpectedly).
 async function connect(projectKey, profile, options = {}) {
   const projectConfig = PROJECT_CONFIGS[projectKey]
   if (!projectConfig) {
@@ -498,6 +520,9 @@ async function connect(projectKey, profile, options = {}) {
   // Use provided localPort or fall back to computed port from profile
   const localPort = options.localPort || getLocalPort(profile, projectConfig)
 
+  let manualDisconnect = false
+  let stopKeepalive = null
+
   // Emit status updates
   const emit = (event, data) => {
     ipcEmitter.emit(event, data)
@@ -510,12 +535,12 @@ async function connect(projectKey, profile, options = {}) {
   const credentials = await getConnectionCredentials(profile, projectConfig)
 
   emit('status', { message: 'Finding bastion instance...' })
-  const instanceId = await findBastionInstance(profile, region)
+  let currentInstanceId = await findBastionInstance(profile, region)
 
   emit('status', { message: 'Getting RDS endpoint...' })
-  const rdsEndpoint = await getRdsEndpoint(profile, projectConfig)
+  let currentRdsEndpoint = await getRdsEndpoint(profile, projectConfig)
 
-  if (!rdsEndpoint || rdsEndpoint === 'None') {
+  if (!currentRdsEndpoint || currentRdsEndpoint === 'None') {
     throw new Error('Failed to find the RDS endpoint.')
   }
 
@@ -528,29 +553,104 @@ async function connect(projectKey, profile, options = {}) {
     username: credentials.username,
     password: credentials.password,
     database,
-    rdsEndpoint,
-    instanceId,
+    rdsEndpoint: currentRdsEndpoint,
+    instanceId: currentInstanceId,
   }
 
   emit('credentials', connectionInfo)
   emit('status', { message: 'Starting port forwarding...' })
 
-  // Start port forwarding
-  const portForwardingPromise = startPortForwardingWithConfig(
-    profile,
-    instanceId,
-    rdsEndpoint,
-    localPort,
-    rdsPort,
-    region,
-    0,
-    RETRY_CONFIG.PORT_FORWARDING_MAX_RETRIES,
-  )
+  // Auto-reconnect session management loop.
+  // Keeps the tunnel alive on the SAME local port. Only exits on
+  // manual disconnect or after exhausting reconnection attempts.
+  const portForwardingPromise = (async () => {
+    let reconnectCount = 0
+
+    while (!manualDisconnect) {
+      try {
+        stopKeepalive = startKeepalive(localPort)
+
+        await startPortForwardingWithConfig(
+          profile,
+          currentInstanceId,
+          currentRdsEndpoint,
+          localPort,
+          rdsPort,
+          region,
+          0,
+          RETRY_CONFIG.PORT_FORWARDING_MAX_RETRIES,
+        )
+
+        // Session ended — clean up keepalive
+        stopKeepalive?.()
+        stopKeepalive = null
+
+        if (manualDisconnect) break
+
+        // Unexpected disconnect (idle timeout, network issue) — auto-reconnect
+        reconnectCount++
+        if (reconnectCount > RETRY_CONFIG.AUTO_RECONNECT_MAX_RETRIES) {
+          throw new Error('Maximum auto-reconnection attempts reached.')
+        }
+
+        emit('status', {
+          message: `Session ended. Reconnecting... (${reconnectCount})`,
+        })
+        await sleep(RETRY_CONFIG.AUTO_RECONNECT_DELAY_MS)
+
+        if (manualDisconnect) break
+
+        // Re-discover infrastructure (bastion may have been replaced by ASG)
+        emit('status', { message: 'Finding bastion instance...' })
+        currentInstanceId = await findBastionInstance(profile, region)
+
+        emit('status', { message: 'Getting RDS endpoint...' })
+        currentRdsEndpoint = await getRdsEndpoint(profile, projectConfig)
+
+        if (!currentRdsEndpoint || currentRdsEndpoint === 'None') {
+          throw new Error(
+            'Failed to find the RDS endpoint during reconnection.',
+          )
+        }
+
+        emit('status', { message: 'Reconnecting port forwarding...' })
+      } catch (error) {
+        stopKeepalive?.()
+        stopKeepalive = null
+
+        if (manualDisconnect) break
+
+        reconnectCount++
+        if (reconnectCount > RETRY_CONFIG.AUTO_RECONNECT_MAX_RETRIES) {
+          throw error
+        }
+
+        emit('status', {
+          message: `Connection error. Retrying... (${reconnectCount}/${RETRY_CONFIG.AUTO_RECONNECT_MAX_RETRIES})`,
+        })
+        await sleep(RETRY_CONFIG.AUTO_RECONNECT_DELAY_MS * 2)
+
+        if (manualDisconnect) break
+
+        try {
+          currentInstanceId = await findBastionInstance(profile, region)
+          currentRdsEndpoint = await getRdsEndpoint(profile, projectConfig)
+          if (!currentRdsEndpoint || currentRdsEndpoint === 'None') {
+            throw new Error('Failed to find RDS endpoint')
+          }
+        } catch (_innerError) {
+          // Will retry on next loop iteration
+        }
+      }
+    }
+  })()
 
   // Return connection control object
   return {
     connectionInfo,
     disconnect: () => {
+      manualDisconnect = true
+      stopKeepalive?.()
       // Kill all active child processes
       activeChildProcesses.forEach((child) => {
         if (child && !child.killed) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rds_ssm_connect",
-  "version": "1.7.5",
+  "version": "1.7.7",
   "type": "module",
   "repository": {
     "type": "git",

package/scripts/generate-update-json.js

@@ -6,8 +6,8 @@
  * This script generates the update manifest that needs to be uploaded
  * to GitHub releases for auto-updates to work.
  *
- * Usage: node scripts/generate-update-json.js <version> <release-url>
- * Example: node scripts/generate-update-json.js 1.7.0 https://github.com/yarka-guru/connection_app/releases/download/v1.7.0
+ * Usage: node scripts/generate-update-json.js <version> <release-url> [sigs-dir]
+ * Example: node scripts/generate-update-json.js 1.7.0 https://github.com/yarka-guru/connection_app/releases/download/v1.7.0 sigs
  */
 
 import fs from 'node:fs'
@@ -18,6 +18,7 @@ const __dirname = path.dirname(fileURLToPath(import.meta.url))
 
 const version = process.argv[2]
 const releaseUrl = process.argv[3]
+const sigsDir = process.argv[4] // Optional: directory containing .sig files downloaded from release
 
 if (!version || !releaseUrl) {
   process.exit(1)
@@ -30,7 +31,38 @@ const tauriConf = JSON.parse(
     'utf-8',
   ),
 )
-const productName = tauriConf.productName.replace(/\s+/g, '_')
+// Tauri uses dots for spaces in bundle filenames
+const productName = tauriConf.productName.replace(/\s+/g, '.')
+
+// Read signature from a .sig file (downloaded from release or local build)
+function readSig(assetFilename) {
+  const sigFilename = `${assetFilename}.sig`
+
+  // Try sigs directory first (CI: downloaded from release assets)
+  if (sigsDir) {
+    try {
+      return fs.readFileSync(path.join(sigsDir, sigFilename), 'utf-8').trim()
+    } catch {}
+  }
+
+  // Try local build output
+  const bundleDir = path.join(__dirname, '../src-tauri/target/release/bundle')
+  for (const subdir of ['macos', 'appimage', 'nsis']) {
+    try {
+      return fs
+        .readFileSync(path.join(bundleDir, subdir, sigFilename), 'utf-8')
+        .trim()
+    } catch {}
+  }
+
+  return ''
+}
+
+const macAarch64 = `${productName}_aarch64.app.tar.gz`
+const macX64 = `${productName}_x64.app.tar.gz`
+const linuxAmd64 = `${productName}_${version}_amd64.AppImage`
+const linuxAarch64 = `${productName}_${version}_aarch64.AppImage`
+const windowsX64 = `${productName}_${version}_x64-setup.exe`
 
 const updateManifest = {
   version: version,
@@ -38,24 +70,24 @@ const updateManifest = {
   pub_date: new Date().toISOString(),
   platforms: {
     'darwin-aarch64': {
-      url: `${releaseUrl}/${productName}_${version}_aarch64.app.tar.gz`,
-      signature: '',
+      url: `${releaseUrl}/${macAarch64}`,
+      signature: readSig(macAarch64),
     },
     'darwin-x86_64': {
-      url: `${releaseUrl}/${productName}_${version}_x64.app.tar.gz`,
-      signature: '',
+      url: `${releaseUrl}/${macX64}`,
+      signature: readSig(macX64),
     },
     'linux-x86_64': {
-      url: `${releaseUrl}/${productName}_${version}_amd64.AppImage.tar.gz`,
-      signature: '',
+      url: `${releaseUrl}/${linuxAmd64}`,
+      signature: readSig(linuxAmd64),
     },
     'linux-aarch64': {
-      url: `${releaseUrl}/${productName}_${version}_aarch64.AppImage.tar.gz`,
-      signature: '',
+      url: `${releaseUrl}/${linuxAarch64}`,
+      signature: readSig(linuxAarch64),
     },
     'windows-x86_64': {
-      url: `${releaseUrl}/${productName}_${version}_x64-setup.nsis.zip`,
-      signature: '',
+      url: `${releaseUrl}/${windowsX64}`,
+      signature: readSig(windowsX64),
     },
   },
 }

package/src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rds-ssm-connect"
-version = "1.7.5"
+version = "1.7.7"
 description = "Secure RDS connections through AWS SSM"
 authors = ["Iaroslav Pyrogov"]
 edition = "2024"

package/src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "RDS SSM Connect",
-  "version": "1.7.5",
+  "version": "1.7.7",
   "identifier": "com.rds-ssm-connect.desktop",
   "build": {
     "beforeDevCommand": "npm run dev:vite",
@@ -47,7 +47,7 @@
       "endpoints": [
         "https://github.com/yarka-guru/connection_app/releases/latest/download/latest.json"
       ],
-      "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IDI2MTFEQjk0MjUzRTgwQTEKUldTaGdENGxsTnNSSms1dTVvcWVKWUc2aFlOYVl5ODcvbVhiekVsVWxHbVlnRERSNjJsTHZPYkMK"
+      "pubkey": "dW50cnVzdGVkIGNvbW1lbnQ6IG1pbmlzaWduIHB1YmxpYyBrZXk6IEYxRjNDRkY1MkI1NTM2MzIKUldReU5sVXI5Yy96OGRNdjlHd3BqcTBkL0E4c2ZwUTRlL3VsZXVTdkNWRGxKL1A5ckNYNGdDNVoK"
     }
   }
 }