rechrome 1.5.0 → 1.7.0

package/serve.js

@@ -1,6 +1,6 @@
 import { file } from "bun";
-import { createHash } from "crypto";
-import { mkdirSync } from "fs";
+import { createHash, X509Certificate } from "crypto";
+import { mkdirSync, unlinkSync, accessSync, constants as fsConstants } from "fs";
 import { join, resolve, relative, isAbsolute } from "path";
 import {
   log,
@@ -11,12 +11,59 @@ import {
   PASSTHROUGH_ENV_KEYS,
 } from "./rech.js";
 
+const TAILSCALE_BIN = process.env.TAILSCALE_BIN || "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
+const CERT_RENEW_THRESHOLD_DAYS = 7;
+
+async function renewCertIfNeeded(certPath: string, keyPath: string): Promise<boolean> {
+  const certContent = await file(certPath).text().catch(() => null);
+  if (!certContent) return false;
+  try {
+    const cert = new X509Certificate(certContent);
+    const daysLeft = (new Date(cert.validTo).getTime() - Date.now()) / 86_400_000;
+    if (daysLeft > CERT_RENEW_THRESHOLD_DAYS) return false;
+    const domain = cert.subjectAltName?.match(/DNS:([^\s,]+)/)?.[1];
+    if (!domain) { log("TLS cert renewal: could not determine domain"); return false; }
+    log(`TLS cert expires in ${Math.floor(daysLeft)} days, renewing ${domain}...`);
+    const proc = Bun.spawn([TAILSCALE_BIN, "cert", "--cert-file", certPath, "--key-file", keyPath, domain], {
+      stdout: "pipe", stderr: "pipe",
+    });
+    const [status, stderr] = await Promise.all([proc.exited, new Response(proc.stderr).text()]);
+    if (status !== 0) { log(`TLS cert renewal failed: ${stderr.trim()}`); return false; }
+    log(`TLS cert renewed for ${domain}`);
+    return true;
+  } catch (e) {
+    log(`TLS cert check error: ${e}`);
+    return false;
+  }
+}
+
 export function isUnderDir(base: string, candidate: string): boolean {
   const absBase = resolve(base) + "/";
   const absCandidate = resolve(base, candidate);
   return absCandidate.startsWith(absBase);
 }
 
+async function resolveProfileDirectory(nameOrEmail: string): Promise<string> {
+  if (/^(Default|Profile \d+)$/i.test(nameOrEmail)) return nameOrEmail;
+  const home = process.env.HOME || "~";
+  const candidates = [
+    join(home, "Library/Application Support/Google/Chrome/Local State"),
+    join(home, ".config/google-chrome/Local State"),
+    join(home, "AppData/Local/Google/Chrome/User Data/Local State"),
+  ];
+  for (const statePath of candidates) {
+    const f = file(statePath);
+    if (!(await f.exists())) continue;
+    const data = JSON.parse(await f.text());
+    const cache: Record<string, any> = data?.profile?.info_cache ?? {};
+    for (const [dir, info] of Object.entries(cache)) {
+      if ([info.name, info.user_name, info.gaia_name].includes(nameOrEmail))
+        return dir;
+    }
+  }
+  return nameOrEmail;
+}
+
 export async function serve() {
   const url = await getOrCreateUrl();
   const { key, port } = parseUrl(url);
@@ -25,9 +72,26 @@ export async function serve() {
   mkdirSync(workDir, { recursive: true });
 
   const listenHost = process.env.RECH_HOST || "127.0.0.1";
+  const canRead = (p?: string) => { try { accessSync(p!, fsConstants.R_OK); return true; } catch { return false; } };
+  const certPath = canRead(process.env.RECH_TLS_CERT) ? process.env.RECH_TLS_CERT : undefined;
+  const keyPath = canRead(process.env.RECH_TLS_KEY) ? process.env.RECH_TLS_KEY : undefined;
+  if (certPath && keyPath) {
+    const renewed = await renewCertIfNeeded(certPath, keyPath);
+    if (renewed) { log("Restarting to load renewed TLS cert..."); process.exit(0); }
+    // Check daily; pm2 restarts cleanly after exit(0)
+    setInterval(async () => {
+      if (await renewCertIfNeeded(certPath, keyPath)) { log("Restarting to load renewed TLS cert..."); process.exit(0); }
+    }, 86_400_000);
+  }
+  const tls = certPath && keyPath ? { cert: Bun.file(certPath), key: Bun.file(keyPath) } : undefined;
   const server = Bun.serve({
     hostname: listenHost,
     port,
+    tls,
+    error(err) {
+      log(`unhandled error: ${err.message}`);
+      return Response.json({ status: 1, stdout: "", stderr: err.message }, { status: 500 });
+    },
     async fetch(req) {
       const reqUrl = new URL(req.url);
 
@@ -55,22 +119,23 @@ export async function serve() {
       if (Array.isArray(body)) {
         args = body;
         const clientAddr = `${req.headers.get("x-forwarded-for") || server.requestIP(req)?.address || "unknown"}`;
-        sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 12);
+        sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 8);
         clientName = clientAddr;
         log(`session from client IP: ${clientAddr} -> ${sessionId}`);
       } else {
         args = body.args;
         const id = body.identity as
-          | { gitUrl?: string; hostname?: string; cwd?: string }
+          | { gitUrl?: string; hostname?: string; cwd?: string; profile?: string }
           | undefined;
-        const raw = id?.gitUrl || (id?.hostname && id?.cwd ? `${id.hostname}:${id.cwd}` : null);
+        const baseId = id?.gitUrl || (id?.hostname && id?.cwd ? `${id.hostname}:${id.cwd}` : null);
+        const raw = baseId && id?.profile ? `${baseId}@${id.profile}` : baseId;
         if (raw) {
-          sessionId = createHash("sha256").update(raw).digest("hex").slice(0, 12);
+          sessionId = createHash("sha256").update(raw).digest("hex").slice(0, 8);
           clientName = raw;
           log(`session from identity: ${raw} -> ${sessionId}`);
         } else {
           const clientAddr = `${req.headers.get("x-forwarded-for") || server.requestIP(req)?.address || "unknown"}`;
-          sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 12);
+          sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 8);
           clientName = clientAddr;
           log(`session from client IP fallback: ${clientAddr} -> ${sessionId}`);
         }
@@ -101,11 +166,15 @@ export async function serve() {
 
       log(`run: rech ${filteredArgs.join(" ")} (session=${namespacedSession})`);
 
-      // For open commands, check if this session already has tabs open
+      // For open commands, default to about:blank to avoid leaving connect.html visible
       const isOpenCmd = filteredArgs[0] === "open";
-      if (isOpenCmd) {
+      if (isOpenCmd && filteredArgs.length === 1)
+        filteredArgs.push("about:blank");
+
+      // bare `rech open` with no URL: warn if session already has tabs
+      if (isOpenCmd && filteredArgs.length === 1) {
         try {
-          const listProc = Bun.spawn([bin, ...binArgs, "tab-list", "--extension", `-s=${namespacedSession}`], {
+          const listProc = Bun.spawn([bin, ...binArgs, "tab-list", `-s=${namespacedSession}`], {
             cwd: workDir,
             stdin: "ignore",
             stdout: "pipe",
@@ -138,6 +207,14 @@ export async function serve() {
       }
       Object.assign(passthroughEnv, clientEnv);
 
+      // Resolve profile name/email → directory name
+      if (passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY) {
+        const resolved = await resolveProfileDirectory(passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY);
+        if (resolved !== passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY)
+          log(`profile resolved: "${passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY}" → "${resolved}"`);
+        passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY = resolved;
+      }
+
       const childEnv: Record<string, string | undefined> = {
         PATH: process.env.PATH,
         HOME: process.env.HOME,
@@ -146,8 +223,30 @@ export async function serve() {
         XDG_RUNTIME_DIR: process.env.XDG_RUNTIME_DIR,
         ...(clientName ? { PLAYWRIGHT_MCP_CLIENT_NAME: clientName } : {}),
         ...passthroughEnv,
+        // Enable extension bridge when credentials are present
+        ...(passthroughEnv.PLAYWRIGHT_MCP_EXTENSION_ID && passthroughEnv.PLAYWRIGHT_MCP_EXTENSION_TOKEN
+          ? { PLAYWRIGHT_MCP_EXTENSION: "1" }
+          : {}),
       };
-      const proc = Bun.spawn([bin, ...binArgs, ...filteredArgs, "--extension", `-s=${namespacedSession}`], {
+      // For open commands: clean up stale sockets so a closed browser can be reopened
+      if (isOpenCmd) {
+        const tmpDir = (process.env.TMPDIR || "/tmp").replace(/\/$/, "");
+        const playwrightTmpDir = `${tmpDir}/playwright-cli`;
+        try {
+          const { readdirSync } = await import("fs");
+          for (const sub of readdirSync(playwrightTmpDir)) {
+            const subDir = `${playwrightTmpDir}/${sub}`;
+            for (const f of readdirSync(subDir)) {
+              if (f.startsWith(namespacedSession)) {
+                const sockPath = `${subDir}/${f}`;
+                try { unlinkSync(sockPath); log(`Removed stale socket: ${sockPath}`); } catch {}
+              }
+            }
+          }
+        } catch {}
+      }
+
+      const proc = Bun.spawn([bin, ...binArgs, ...filteredArgs, `-s=${namespacedSession}`], {
         cwd: workDir,
         stdin: "ignore",
         stdout: "pipe",
@@ -171,7 +270,7 @@ export async function serve() {
         timeout.then(() => [1, "", ""] as [number, string, string]),
       ]).catch(
         () => [1, "", `Command timed out after ${TIMEOUT / 1000}s\n`] as [number, string, string],
-      );
+      ) as [number, string, string];
 
       log(`exit: ${status}${stdout.trim() ? ` | ${stdout.trim().slice(0, 200)}` : ""}`);
 
@@ -209,6 +308,6 @@ export async function serve() {
     },
   });
 
-  log(`serving on http://${server.hostname}:${server.port}`);
+  log(`serving on ${tls ? "https" : "http"}://${server.hostname}:${server.port}`);
   log(`Connection URL set (use .env.local to view)`);
 }

package/serve.ts

@@ -1,6 +1,6 @@
 import { file } from "bun";
-import { createHash } from "crypto";
-import { mkdirSync } from "fs";
+import { createHash, X509Certificate } from "crypto";
+import { mkdirSync, unlinkSync, accessSync, constants as fsConstants } from "fs";
 import { join, resolve, relative, isAbsolute } from "path";
 import {
   log,
@@ -11,12 +11,59 @@ import {
   PASSTHROUGH_ENV_KEYS,
 } from "./rech.ts";
 
+const TAILSCALE_BIN = process.env.TAILSCALE_BIN || "/Applications/Tailscale.app/Contents/MacOS/Tailscale";
+const CERT_RENEW_THRESHOLD_DAYS = 7;
+
+async function renewCertIfNeeded(certPath: string, keyPath: string): Promise<boolean> {
+  const certContent = await file(certPath).text().catch(() => null);
+  if (!certContent) return false;
+  try {
+    const cert = new X509Certificate(certContent);
+    const daysLeft = (new Date(cert.validTo).getTime() - Date.now()) / 86_400_000;
+    if (daysLeft > CERT_RENEW_THRESHOLD_DAYS) return false;
+    const domain = cert.subjectAltName?.match(/DNS:([^\s,]+)/)?.[1];
+    if (!domain) { log("TLS cert renewal: could not determine domain"); return false; }
+    log(`TLS cert expires in ${Math.floor(daysLeft)} days, renewing ${domain}...`);
+    const proc = Bun.spawn([TAILSCALE_BIN, "cert", "--cert-file", certPath, "--key-file", keyPath, domain], {
+      stdout: "pipe", stderr: "pipe",
+    });
+    const [status, stderr] = await Promise.all([proc.exited, new Response(proc.stderr).text()]);
+    if (status !== 0) { log(`TLS cert renewal failed: ${stderr.trim()}`); return false; }
+    log(`TLS cert renewed for ${domain}`);
+    return true;
+  } catch (e) {
+    log(`TLS cert check error: ${e}`);
+    return false;
+  }
+}
+
 export function isUnderDir(base: string, candidate: string): boolean {
   const absBase = resolve(base) + "/";
   const absCandidate = resolve(base, candidate);
   return absCandidate.startsWith(absBase);
 }
 
+async function resolveProfileDirectory(nameOrEmail: string): Promise<string> {
+  if (/^(Default|Profile \d+)$/i.test(nameOrEmail)) return nameOrEmail;
+  const home = process.env.HOME || "~";
+  const candidates = [
+    join(home, "Library/Application Support/Google/Chrome/Local State"),
+    join(home, ".config/google-chrome/Local State"),
+    join(home, "AppData/Local/Google/Chrome/User Data/Local State"),
+  ];
+  for (const statePath of candidates) {
+    const f = file(statePath);
+    if (!(await f.exists())) continue;
+    const data = JSON.parse(await f.text());
+    const cache: Record<string, any> = data?.profile?.info_cache ?? {};
+    for (const [dir, info] of Object.entries(cache)) {
+      if ([info.name, info.user_name, info.gaia_name].includes(nameOrEmail))
+        return dir;
+    }
+  }
+  return nameOrEmail;
+}
+
 export async function serve() {
   const url = await getOrCreateUrl();
   const { key, port } = parseUrl(url);
@@ -25,9 +72,26 @@ export async function serve() {
   mkdirSync(workDir, { recursive: true });
 
   const listenHost = process.env.RECH_HOST || "127.0.0.1";
+  const canRead = (p?: string) => { try { accessSync(p!, fsConstants.R_OK); return true; } catch { return false; } };
+  const certPath = canRead(process.env.RECH_TLS_CERT) ? process.env.RECH_TLS_CERT : undefined;
+  const keyPath = canRead(process.env.RECH_TLS_KEY) ? process.env.RECH_TLS_KEY : undefined;
+  if (certPath && keyPath) {
+    const renewed = await renewCertIfNeeded(certPath, keyPath);
+    if (renewed) { log("Restarting to load renewed TLS cert..."); process.exit(0); }
+    // Check daily; pm2 restarts cleanly after exit(0)
+    setInterval(async () => {
+      if (await renewCertIfNeeded(certPath, keyPath)) { log("Restarting to load renewed TLS cert..."); process.exit(0); }
+    }, 86_400_000);
+  }
+  const tls = certPath && keyPath ? { cert: Bun.file(certPath), key: Bun.file(keyPath) } : undefined;
   const server = Bun.serve({
     hostname: listenHost,
     port,
+    tls,
+    error(err) {
+      log(`unhandled error: ${err.message}`);
+      return Response.json({ status: 1, stdout: "", stderr: err.message }, { status: 500 });
+    },
     async fetch(req) {
       const reqUrl = new URL(req.url);
 
@@ -55,22 +119,23 @@ export async function serve() {
       if (Array.isArray(body)) {
         args = body;
         const clientAddr = `${req.headers.get("x-forwarded-for") || server.requestIP(req)?.address || "unknown"}`;
-        sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 12);
+        sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 8);
         clientName = clientAddr;
         log(`session from client IP: ${clientAddr} -> ${sessionId}`);
       } else {
         args = body.args;
         const id = body.identity as
-          | { gitUrl?: string; hostname?: string; cwd?: string }
+          | { gitUrl?: string; hostname?: string; cwd?: string; profile?: string }
           | undefined;
-        const raw = id?.gitUrl || (id?.hostname && id?.cwd ? `${id.hostname}:${id.cwd}` : null);
+        const baseId = id?.gitUrl || (id?.hostname && id?.cwd ? `${id.hostname}:${id.cwd}` : null);
+        const raw = baseId && id?.profile ? `${baseId}@${id.profile}` : baseId;
         if (raw) {
-          sessionId = createHash("sha256").update(raw).digest("hex").slice(0, 12);
+          sessionId = createHash("sha256").update(raw).digest("hex").slice(0, 8);
           clientName = raw;
           log(`session from identity: ${raw} -> ${sessionId}`);
         } else {
           const clientAddr = `${req.headers.get("x-forwarded-for") || server.requestIP(req)?.address || "unknown"}`;
-          sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 12);
+          sessionId = createHash("sha256").update(clientAddr).digest("hex").slice(0, 8);
           clientName = clientAddr;
           log(`session from client IP fallback: ${clientAddr} -> ${sessionId}`);
         }
@@ -101,11 +166,15 @@ export async function serve() {
 
       log(`run: rech ${filteredArgs.join(" ")} (session=${namespacedSession})`);
 
-      // For open commands, check if this session already has tabs open
+      // For open commands, default to about:blank to avoid leaving connect.html visible
       const isOpenCmd = filteredArgs[0] === "open";
-      if (isOpenCmd) {
+      if (isOpenCmd && filteredArgs.length === 1)
+        filteredArgs.push("about:blank");
+
+      // bare `rech open` with no URL: warn if session already has tabs
+      if (isOpenCmd && filteredArgs.length === 1) {
         try {
-          const listProc = Bun.spawn([bin, ...binArgs, "tab-list", "--extension", `-s=${namespacedSession}`], {
+          const listProc = Bun.spawn([bin, ...binArgs, "tab-list", `-s=${namespacedSession}`], {
             cwd: workDir,
             stdin: "ignore",
             stdout: "pipe",
@@ -138,6 +207,14 @@ export async function serve() {
       }
       Object.assign(passthroughEnv, clientEnv);
 
+      // Resolve profile name/email → directory name
+      if (passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY) {
+        const resolved = await resolveProfileDirectory(passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY);
+        if (resolved !== passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY)
+          log(`profile resolved: "${passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY}" → "${resolved}"`);
+        passthroughEnv.PLAYWRIGHT_MCP_PROFILE_DIRECTORY = resolved;
+      }
+
       const childEnv: Record<string, string | undefined> = {
         PATH: process.env.PATH,
         HOME: process.env.HOME,
@@ -146,8 +223,30 @@ export async function serve() {
         XDG_RUNTIME_DIR: process.env.XDG_RUNTIME_DIR,
         ...(clientName ? { PLAYWRIGHT_MCP_CLIENT_NAME: clientName } : {}),
         ...passthroughEnv,
+        // Enable extension bridge when credentials are present
+        ...(passthroughEnv.PLAYWRIGHT_MCP_EXTENSION_ID && passthroughEnv.PLAYWRIGHT_MCP_EXTENSION_TOKEN
+          ? { PLAYWRIGHT_MCP_EXTENSION: "1" }
+          : {}),
       };
-      const proc = Bun.spawn([bin, ...binArgs, ...filteredArgs, "--extension", `-s=${namespacedSession}`], {
+      // For open commands: clean up stale sockets so a closed browser can be reopened
+      if (isOpenCmd) {
+        const tmpDir = (process.env.TMPDIR || "/tmp").replace(/\/$/, "");
+        const playwrightTmpDir = `${tmpDir}/playwright-cli`;
+        try {
+          const { readdirSync } = await import("fs");
+          for (const sub of readdirSync(playwrightTmpDir)) {
+            const subDir = `${playwrightTmpDir}/${sub}`;
+            for (const f of readdirSync(subDir)) {
+              if (f.startsWith(namespacedSession)) {
+                const sockPath = `${subDir}/${f}`;
+                try { unlinkSync(sockPath); log(`Removed stale socket: ${sockPath}`); } catch {}
+              }
+            }
+          }
+        } catch {}
+      }
+
+      const proc = Bun.spawn([bin, ...binArgs, ...filteredArgs, `-s=${namespacedSession}`], {
         cwd: workDir,
         stdin: "ignore",
         stdout: "pipe",
@@ -171,7 +270,7 @@ export async function serve() {
         timeout.then(() => [1, "", ""] as [number, string, string]),
       ]).catch(
         () => [1, "", `Command timed out after ${TIMEOUT / 1000}s\n`] as [number, string, string],
-      );
+      ) as [number, string, string];
 
       log(`exit: ${status}${stdout.trim() ? ` | ${stdout.trim().slice(0, 200)}` : ""}`);
 
@@ -209,6 +308,6 @@ export async function serve() {
     },
   });
 
-  log(`serving on http://${server.hostname}:${server.port}`);
+  log(`serving on ${tls ? "https" : "http"}://${server.hostname}:${server.port}`);
   log(`Connection URL set (use .env.local to view)`);
 }