sessix-server 0.2.5 → 0.2.7

package/dist/index.js

@@ -24,9 +24,9 @@ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__ge
 ));
 
 // src/index.ts
-var import_node_os6 = require("os");
-var import_node_fs2 = require("fs");
-var import_node_path5 = require("path");
+var import_node_os7 = require("os");
+var import_node_fs3 = require("fs");
+var import_node_path6 = require("path");
 
 // src/i18n/locales/zh.ts
 var zh = {
@@ -46,7 +46,10 @@ var zh = {
     autoDiscoveryHint: "     \u5982\u5728\u516C\u5171\u7F51\u7EDC\uFF0C\u5EFA\u8BAE\u5173\u95ED: SESSIX_AUTO_CONNECT=false npx sessix-server",
     autoDiscoveryOff: "  \u2139\uFE0F  \u81EA\u52A8\u53D1\u73B0\u5DF2\u5173\u95ED\uFF0C\u624B\u673A\u9700\u624B\u52A8\u8F93\u5165\u5730\u5740\u8FDE\u63A5",
     pairingOpen: "  \u{1F513} \u914D\u5BF9\u6A21\u5F0F\u5DF2\u5F00\u542F\uFF085 \u5206\u949F\u5185\u6709\u6548\uFF09\u2014 \u6309 p \u91CD\u65B0\u5F00\u542F",
+    pressT: "  \u{1F511} \u6309 t \u91CD\u7F6E Token\uFF08\u6CC4\u9732\u540E\u5237\u65B0\uFF09",
     pairingReopened: "\u{1F513} \u914D\u5BF9\u6A21\u5F0F\u5DF2\u91CD\u65B0\u5F00\u542F\uFF085 \u5206\u949F\uFF09",
+    tokenRegenerated: "\u{1F511} Token \u5DF2\u91CD\u7F6E\uFF0C\u6240\u6709\u5BA2\u6237\u7AEF\u5DF2\u65AD\u5F00\uFF0C\u8BF7\u91CD\u65B0\u626B\u7801\u914D\u5BF9",
+    tokenRegenerateFailed: "Token \u91CD\u7F6E\u5931\u8D25:",
     updateAvailable: "\u53D1\u73B0\u65B0\u7248\u672C v{{latest}}\uFF08\u5F53\u524D v{{current}}\uFF09\uFF0C\u8FD0\u884C\u4EE5\u4E0B\u547D\u4EE4\u66F4\u65B0\uFF1A",
     receivedSignal: "\u6536\u5230 {{signal}}\uFF0C\u6B63\u5728\u4F18\u96C5\u5173\u95ED...",
     goodbye: "\u6240\u6709\u670D\u52A1\u5DF2\u5173\u95ED\uFF0C\u518D\u89C1\uFF01",
@@ -75,7 +78,8 @@ var zh = {
     activityPushEnabled: "ActivityKit Push \u5DF2\u542F\u7528",
     activityPushFailed: "ActivityKit Push \u521D\u59CB\u5316\u5931\u8D25:",
     activityPushContinue: "\u7EE7\u7EED\u542F\u52A8\uFF08Live Activity \u540E\u53F0\u63A8\u9001\u4E0D\u53EF\u7528\uFF09",
-    noActiveLoginProcess: "\u6CA1\u6709\u6D3B\u8DC3\u7684\u767B\u5F55\u8FDB\u7A0B"
+    noActiveLoginProcess: "\u6CA1\u6709\u6D3B\u8DC3\u7684\u767B\u5F55\u8FDB\u7A0B",
+    tokenRegenerated: "Token \u5DF2\u91CD\u7F6E: {{token}}"
   },
   ws: {
     started: "WebSocket \u670D\u52A1\u5DF2\u542F\u52A8\uFF0C\u7AEF\u53E3 {{port}}",
@@ -152,7 +156,10 @@ var en = {
     autoDiscoveryHint: "     On public networks, disable with: SESSIX_AUTO_CONNECT=false npx sessix-server",
     autoDiscoveryOff: "  Auto-discovery disabled, phone must enter address manually",
     pairingOpen: "  \u{1F513} Pairing mode open (5 min) \u2014 press p to reopen",
+    pressT: "  \u{1F511} Press t to regenerate token (refresh after leak)",
     pairingReopened: "\u{1F513} Pairing mode reopened (5 min)",
+    tokenRegenerated: "\u{1F511} Token regenerated, all clients disconnected. Scan QR to re-pair",
+    tokenRegenerateFailed: "Token regeneration failed:",
     updateAvailable: "New version v{{latest}} available (current v{{current}}). Update with:",
     receivedSignal: "Received {{signal}}, graceful shutdown...",
     goodbye: "All services closed, goodbye!",
@@ -181,7 +188,8 @@ var en = {
     activityPushEnabled: "ActivityKit Push enabled",
     activityPushFailed: "ActivityKit Push init failed:",
     activityPushContinue: "Continuing startup (Live Activity background push unavailable)",
-    noActiveLoginProcess: "No active login process"
+    noActiveLoginProcess: "No active login process",
+    tokenRegenerated: "Token regenerated: {{token}}"
   },
   ws: {
     started: "WebSocket server started on port {{port}}",
@@ -287,40 +295,89 @@ function t(key, params) {
 }
 
 // src/server.ts
-var import_uuid4 = require("uuid");
+var import_uuid5 = require("uuid");
 var import_promises4 = require("fs/promises");
-var import_node_os5 = require("os");
-var import_node_path4 = require("path");
-var import_node_child_process2 = require("child_process");
+var import_node_os6 = require("os");
+var import_node_path5 = require("path");
+var import_node_child_process5 = require("child_process");
 var import_node_util = require("util");
 
 // src/providers/ProcessProvider.ts
-var import_child_process2 = require("child_process");
+var import_child_process = require("child_process");
 var import_readline = require("readline");
 var import_events = require("events");
-var import_node_os = require("os");
+var import_node_os2 = require("os");
 var import_uuid = require("uuid");
 
 // src/utils/claudePath.ts
-var import_child_process = require("child_process");
+var import_node_child_process2 = require("child_process");
+var import_node_fs = require("fs");
+var import_node_path = require("path");
+var import_node_os = require("os");
+
+// src/utils/platform.ts
+var import_node_child_process = require("child_process");
+var isWindows = process.platform === "win32";
+function killProcessCrossPlatform(proc, timeoutMs = 3e3) {
+  return new Promise((resolve) => {
+    if (proc.exitCode !== null || proc.signalCode !== null) {
+      resolve();
+      return;
+    }
+    const onExit = () => {
+      clearTimeout(timer);
+      resolve();
+    };
+    proc.once("exit", onExit);
+    if (isWindows) {
+      if (proc.pid) {
+        (0, import_node_child_process.spawn)("taskkill", ["/PID", String(proc.pid), "/T", "/F"], { stdio: "ignore" });
+      }
+    } else {
+      proc.kill("SIGTERM");
+    }
+    const timer = setTimeout(() => {
+      if (proc.exitCode === null && proc.signalCode === null) {
+        if (!isWindows) {
+          proc.kill("SIGKILL");
+        }
+      }
+      resolve();
+    }, timeoutMs);
+  });
+}
+function isNormalExit(code, signal) {
+  if (code === 0) return true;
+  if (isWindows) {
+    return code === 1;
+  }
+  return code === 143 || signal === "SIGTERM";
+}
+
+// src/utils/claudePath.ts
 function findClaudePath() {
   try {
-    return (0, import_child_process.execSync)("which claude", { encoding: "utf-8" }).trim();
+    const cmd = isWindows ? "where claude" : "which claude";
+    return (0, import_node_child_process2.execSync)(cmd, { encoding: "utf-8" }).trim().split("\n")[0];
   } catch {
-    const candidates = [
-      `${process.env.HOME}/.local/bin/claude`,
-      "/usr/local/bin/claude",
-      "/opt/homebrew/bin/claude"
-    ];
-    for (const candidate of candidates) {
-      try {
-        (0, import_child_process.execSync)(`test -x "${candidate}"`);
-        return candidate;
-      } catch {
-      }
+  }
+  const candidates = isWindows ? [
+    (0, import_node_path.join)(process.env.LOCALAPPDATA ?? "", "Programs", "claude", "claude.exe"),
+    (0, import_node_path.join)((0, import_node_os.homedir)(), "AppData", "Local", "Programs", "claude", "claude.exe"),
+    (0, import_node_path.join)((0, import_node_os.homedir)(), ".claude", "local", "claude.exe")
+  ] : [
+    (0, import_node_path.join)((0, import_node_os.homedir)(), ".local", "bin", "claude"),
+    "/usr/local/bin/claude",
+    "/opt/homebrew/bin/claude"
+  ];
+  for (const candidate of candidates) {
+    try {
+      (0, import_node_fs.accessSync)(candidate, import_node_fs.constants.X_OK);
+      return candidate;
+    } catch {
     }
-    return "claude";
   }
+  return "claude";
 }
 
 // src/providers/ProcessProvider.ts
@@ -393,19 +450,7 @@ var ProcessProvider = class {
         entry.process.stdin?.end();
       } catch {
       }
-      entry.process.kill("SIGTERM");
-      await new Promise((resolve) => {
-        const timeout = setTimeout(() => {
-          if (entry.process.exitCode === null && entry.process.signalCode === null) {
-            entry.process.kill("SIGKILL");
-          }
-          resolve();
-        }, 3e3);
-        entry.process.once("exit", () => {
-          clearTimeout(timeout);
-          resolve();
-        });
-      });
+      await killProcessCrossPlatform(entry.process);
     }
     this.emittedQuestionToolUseIds.delete(sessionId);
     this.activeSessions.delete(sessionId);
@@ -435,7 +480,7 @@ var ProcessProvider = class {
           entry.process.stdin?.end();
         } catch {
         }
-        entry.process.kill("SIGTERM");
+        killProcessCrossPlatform(entry.process);
       }
     } else {
       console.log(`[ProcessProvider] Session ${sessionId}: process exited, respawning`);
@@ -517,7 +562,7 @@ var ProcessProvider = class {
     }
     const env = { ...process.env, SESSIX_SESSION_ID: sessionId };
     delete env.CLAUDECODE;
-    const proc = (0, import_child_process2.spawn)(CLAUDE_PATH, args, {
+    const proc = (0, import_child_process.spawn)(CLAUDE_PATH, args, {
       cwd: projectPath,
       env,
       stdio: ["pipe", "pipe", "pipe"]
@@ -663,7 +708,7 @@ var ProcessProvider = class {
       entry.session.lastActiveAt = Date.now();
       const alreadyHasResult = entry.session.status === "idle" || entry.session.status === "error";
       if (alreadyHasResult) return;
-      const isNormal = code === 0 || code === 143 || signal === "SIGTERM";
+      const isNormal = isNormalExit(code, signal);
       entry.session.status = isNormal ? "idle" : "error";
       if (!isNormal) {
         console.error(
@@ -729,8 +774,8 @@ ${context}`;
     return new Promise((resolve, reject) => {
       const env = { ...process.env };
       delete env.CLAUDECODE;
-      const proc = (0, import_child_process2.spawn)(CLAUDE_PATH, ["-p", prompt, "--output-format", "text"], {
-        cwd: (0, import_node_os.homedir)(),
+      const proc = (0, import_child_process.spawn)(CLAUDE_PATH, ["-p", prompt, "--output-format", "text"], {
+        cwd: (0, import_node_os2.homedir)(),
         env,
         stdio: ["pipe", "pipe", "pipe"]
       });
@@ -1501,6 +1546,13 @@ var WsBridge = class _WsBridge {
   getConnectionCount() {
     return this.wss.clients.size;
   }
+  /** 更新 token 并断开所有现有连接（token 刷新后需重新配对） */
+  updateToken(newToken) {
+    this.token = newToken;
+    for (const ws of this.wss.clients) {
+      ws.close(4001, "Token regenerated");
+    }
+  }
   /** 优雅关闭 WebSocket 服务 */
   close() {
     return new Promise((resolve, reject) => {
@@ -1622,15 +1674,15 @@ var WsBridge = class _WsBridge {
 
 // src/approval/ApprovalProxy.ts
 var import_node_http = __toESM(require("http"));
-var import_node_fs = __toESM(require("fs"));
-var import_node_path = __toESM(require("path"));
-var import_node_os2 = __toESM(require("os"));
+var import_node_fs2 = __toESM(require("fs"));
+var import_node_path2 = __toESM(require("path"));
+var import_node_os3 = __toESM(require("os"));
 var import_uuid3 = require("uuid");
 var ApprovalProxy = class _ApprovalProxy {
   server;
   token;
   port;
-  settingsPath = import_node_path.default.join(import_node_os2.default.homedir(), ".claude", "settings.json");
+  settingsPath = import_node_path2.default.join(import_node_os3.default.homedir(), ".claude", "settings.json");
   /** 待处理的审批请求：requestId -> { resolve, timer, request } */
   pendingApprovals = /* @__PURE__ */ new Map();
   /** 审批请求回调（通知外部推送到手机） */
@@ -1735,7 +1787,7 @@ var ApprovalProxy = class _ApprovalProxy {
   isToolInClaudeSettings(toolName, projectPath) {
     const checkPath = (filepath) => {
       try {
-        const raw = import_node_fs.default.readFileSync(filepath, "utf-8");
+        const raw = import_node_fs2.default.readFileSync(filepath, "utf-8");
         const settings = JSON.parse(raw);
         const allow = settings?.permissions?.allow ?? [];
         return allow.some((entry) => {
@@ -1749,24 +1801,24 @@ var ApprovalProxy = class _ApprovalProxy {
       }
     };
     if (projectPath) {
-      const projectSettingsPath = import_node_path.default.join(projectPath, ".claude", "settings.json");
+      const projectSettingsPath = import_node_path2.default.join(projectPath, ".claude", "settings.json");
       if (checkPath(projectSettingsPath)) return true;
     }
     return checkPath(this.settingsPath);
   }
   /** 将工具写入 settings.json permissions.allow（项目级或全局） */
   addToClaudeSettings(projectPath, toolName) {
-    const targetPath = projectPath ? import_node_path.default.join(projectPath, ".claude", "settings.json") : this.settingsPath;
+    const targetPath = projectPath ? import_node_path2.default.join(projectPath, ".claude", "settings.json") : this.settingsPath;
     try {
       if (projectPath) {
-        const dir = import_node_path.default.dirname(targetPath);
-        if (!import_node_fs.default.existsSync(dir)) {
-          import_node_fs.default.mkdirSync(dir, { recursive: true });
+        const dir = import_node_path2.default.dirname(targetPath);
+        if (!import_node_fs2.default.existsSync(dir)) {
+          import_node_fs2.default.mkdirSync(dir, { recursive: true });
         }
       }
       let settings = {};
       try {
-        settings = JSON.parse(import_node_fs.default.readFileSync(targetPath, "utf-8"));
+        settings = JSON.parse(import_node_fs2.default.readFileSync(targetPath, "utf-8"));
       } catch {
       }
       if (!settings.permissions) {
@@ -1780,7 +1832,7 @@ var ApprovalProxy = class _ApprovalProxy {
       const entry = `${toolName}(*)`;
       if (!allow.includes(entry)) {
         allow.push(entry);
-        import_node_fs.default.writeFileSync(targetPath, JSON.stringify(settings, null, 2), "utf-8");
+        import_node_fs2.default.writeFileSync(targetPath, JSON.stringify(settings, null, 2), "utf-8");
         const label = projectPath ? `${projectPath}/.claude/settings.json` : "~/.claude/settings.json";
         console.log(`[ApprovalProxy] ${t("approval.alwaysAllowWritten", { entry, label })}`);
       }
@@ -1940,6 +1992,10 @@ var ApprovalProxy = class _ApprovalProxy {
       });
     }
   }
+  /** 更新 token（token 刷新时调用） */
+  updateToken(newToken) {
+    this.token = newToken;
+  }
   /** 返回连接 token（仅本机访问） */
   handleToken(req, res) {
     const remoteAddress = req.socket.remoteAddress;
@@ -2004,11 +2060,12 @@ var ApprovalProxy = class _ApprovalProxy {
 
 // src/mdns/MdnsService.ts
 var import_bonjour_service = __toESM(require("bonjour-service"));
-var import_node_os3 = require("os");
+var import_node_os4 = require("os");
 function getLanAddresses() {
   const results = [];
-  for (const [name, addrs] of Object.entries((0, import_node_os3.networkInterfaces)())) {
-    if (name.startsWith("utun") || name.startsWith("lo")) continue;
+  for (const [name, addrs] of Object.entries((0, import_node_os4.networkInterfaces)())) {
+    if (name.startsWith("utun") || name === "lo") continue;
+    if (isWindows && (name.startsWith("vEthernet") || name.includes("Loopback"))) continue;
     for (const addr of addrs ?? []) {
       if (addr.family === "IPv4" && !addr.internal) {
         results.push(addr.address);
@@ -2110,72 +2167,62 @@ var MdnsService = class {
 
 // src/hooks/HookInstaller.ts
 var import_promises2 = require("fs/promises");
-var import_node_path2 = require("path");
-var import_node_os4 = require("os");
-var SESSIX_HOOKS_DIR = (0, import_node_path2.join)((0, import_node_os4.homedir)(), ".sessix", "hooks");
-var HOOK_SCRIPT_PATH = (0, import_node_path2.join)(SESSIX_HOOKS_DIR, "approval-hook.sh");
-var PERMISSION_ACCEPT_PATH = (0, import_node_path2.join)(SESSIX_HOOKS_DIR, "permission-accept.sh");
-var CLAUDE_SETTINGS_PATH = (0, import_node_path2.join)((0, import_node_os4.homedir)(), ".claude", "settings.json");
-var HOOK_COMMAND = "~/.sessix/hooks/approval-hook.sh";
-var PERMISSION_ACCEPT_COMMAND = "~/.sessix/hooks/permission-accept.sh";
-var HOOK_SCRIPT_TEMPLATE = `#!/bin/bash
-# Sessix Approval Hook
-# \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
-
-if [ -z "$SESSIX_SESSION_ID" ]; then
-  exit 0
-fi
-
-# \u4ECE stdin \u8BFB\u53D6 hook payload
-PAYLOAD=$(cat)
-
-# \u83B7\u53D6\u9879\u76EE\u8DEF\u5F84\uFF08\u5F53\u524D\u5DE5\u4F5C\u76EE\u5F55\uFF09
-PROJECT_PATH="$PWD"
-
-# \u53D1\u9001\u5BA1\u6279\u8BF7\u6C42\u5230 Sessix \u670D\u52A1\u5668\uFF08\u957F\u8F6E\u8BE2\uFF0C\u8D85\u65F6\u65F6\u95F4 > 300s\uFF09
-RESPONSE=$(curl -s -X POST "http://localhost:3746/hook/approval" \\
-  -H "Content-Type: application/json" \\
-  -d "{\\"sessionId\\": \\"$SESSIX_SESSION_ID\\", \\"projectPath\\": \\"$PROJECT_PATH\\", \\"payload\\": $PAYLOAD}" \\
-  --max-time 320 \\
-  2>/dev/null)
-
-if [ $? -ne 0 ] || [ -z "$RESPONSE" ]; then
-  # \u5982\u679C Sessix \u670D\u52A1\u5668\u4E0D\u53EF\u7528\uFF0C\u9ED8\u8BA4\u653E\u884C\uFF08exit 0 = \u6279\u51C6\uFF09
-  exit 0
-fi
+var import_node_path3 = require("path");
+var import_node_os5 = require("os");
+var SESSIX_HOOKS_DIR = (0, import_node_path3.join)((0, import_node_os5.homedir)(), ".sessix", "hooks");
+var HOOK_SCRIPT_PATH = (0, import_node_path3.join)(SESSIX_HOOKS_DIR, "approval-hook.js");
+var PERMISSION_ACCEPT_PATH = (0, import_node_path3.join)(SESSIX_HOOKS_DIR, "permission-accept.js");
+var CLAUDE_SETTINGS_PATH = (0, import_node_path3.join)((0, import_node_os5.homedir)(), ".claude", "settings.json");
+var HOOK_COMMAND = "node ~/.sessix/hooks/approval-hook.js";
+var PERMISSION_ACCEPT_COMMAND = "node ~/.sessix/hooks/permission-accept.js";
+var LEGACY_HOOK_COMMANDS = [
+  "~/.sessix/hooks/approval-hook.sh",
+  "~/.sessix/hooks/permission-accept.sh"
+];
+var HOOK_SCRIPT_TEMPLATE = `#!/usr/bin/env node
+// Sessix Approval Hook
+// \u4EC5\u5728 Sessix \u7BA1\u7406\u7684\u4F1A\u8BDD\u4E2D\u6FC0\u6D3B
 
-# \u89E3\u6790\u670D\u52A1\u5668\u54CD\u5E94
-DECISION=$(echo "$RESPONSE" | grep -o '\\"decision\\":\\"[^"]*\\"' | cut -d'"' -f4)
+const sessionId = process.env.SESSIX_SESSION_ID
+if (!sessionId) process.exit(0)
 
-if [ "$DECISION" = "allow" ]; then
-  # \u7528\u6237\u6279\u51C6\u6216\u670D\u52A1\u5668\u8D85\u65F6\u81EA\u52A8\u6279\u51C6
-  exit 0
-elif [ "$DECISION" = "deny" ]; then
-  # \u7528\u6237\u660E\u786E\u62D2\u7EDD
-  exit 1
-else
-  # \u672A\u77E5\u54CD\u5E94\uFF0C\u9ED8\u8BA4\u653E\u884C
-  exit 0
-fi
+let payload = ''
+process.stdin.on('data', (chunk) => { payload += chunk })
+process.stdin.on('end', async () => {
+  try {
+    const res = await fetch('http://localhost:3746/hook/approval', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        sessionId,
+        projectPath: process.cwd(),
+        payload: JSON.parse(payload),
+      }),
+      signal: AbortSignal.timeout(320000),
+    })
+    const data = await res.json()
+    process.exit(data.decision === 'deny' ? 1 : 0)
+  } catch {
+    // Sessix \u670D\u52A1\u5668\u4E0D\u53EF\u7528\uFF0C\u9ED8\u8BA4\u653E\u884C
+    process.exit(0)
+  }
+})
 `;
-var PERMISSION_ACCEPT_TEMPLATE = `#!/bin/bash
-# Sessix PermissionRequest \u515C\u5E95
-# \u81EA\u52A8\u63A5\u53D7\u6743\u9650\u8BF7\u6C42\uFF0C\u907F\u514D Sessix \u4F1A\u8BDD\u963B\u585E
+var PERMISSION_ACCEPT_TEMPLATE = `#!/usr/bin/env node
+// Sessix PermissionRequest \u515C\u5E95
+// \u81EA\u52A8\u63A5\u53D7\u6743\u9650\u8BF7\u6C42\uFF0C\u907F\u514D Sessix \u4F1A\u8BDD\u963B\u585E
 
-if [ -z "$SESSIX_SESSION_ID" ]; then
-  exit 0
-fi
+if (!process.env.SESSIX_SESSION_ID) process.exit(0)
 
-# \u8F93\u51FA JSON \u51B3\u7B56\uFF0C\u81EA\u52A8\u63A5\u53D7\u6743\u9650\u8BF7\u6C42
-echo '{"decision":"allow"}'
-exit 0
+process.stdout.write('{"decision":"allow"}\\n')
+process.exit(0)
 `;
 var HookInstaller = class {
   /**
    * 安装 hook
    *
    * 1. 创建 ~/.sessix/hooks/ 目录
-   * 2. 写入 approval-hook.sh 脚本
+   * 2. 写入 approval-hook.js 脚本
    * 3. 赋予执行权限
    * 4. 更新 Claude Code settings.json 添加 hook 配置
    */
@@ -2228,6 +2275,10 @@ var HookInstaller = class {
   async addHookToSettings() {
     let settings = await this.readClaudeSettings();
     let changed = false;
+    for (const cmd of LEGACY_HOOK_COMMANDS) {
+      this.removeHookCommand(settings, "PreToolUse", cmd);
+      this.removeHookCommand(settings, "PermissionRequest", cmd);
+    }
     if (!settings.hooks) {
       settings.hooks = {};
     }
@@ -2295,7 +2346,7 @@ var HookInstaller = class {
    * 写入 Claude Code settings.json
    */
   async writeClaudeSettings(settings) {
-    await (0, import_promises2.mkdir)((0, import_node_path2.join)((0, import_node_os4.homedir)(), ".claude"), { recursive: true });
+    await (0, import_promises2.mkdir)((0, import_node_path3.join)((0, import_node_os5.homedir)(), ".claude"), { recursive: true });
     await (0, import_promises2.writeFile)(CLAUDE_SETTINGS_PATH, JSON.stringify(settings, null, 2) + "\n", "utf-8");
   }
   /**
@@ -2304,11 +2355,11 @@ var HookInstaller = class {
   hasHookConfig(settings) {
     return this.hasPreToolUseConfig(settings) && this.hasPermissionRequestConfig(settings);
   }
-  /** 检查 PreToolUse 中是否有 approval-hook.sh */
+  /** 检查 PreToolUse 中是否有 approval-hook.js */
   hasPreToolUseConfig(settings) {
     return this.hasHookEntry(settings?.hooks?.PreToolUse, HOOK_COMMAND);
   }
-  /** 检查 PermissionRequest 中是否有 permission-accept.sh */
+  /** 检查 PermissionRequest 中是否有 permission-accept.js */
   hasPermissionRequestConfig(settings) {
     return this.hasHookEntry(settings?.hooks?.PermissionRequest, PERMISSION_ACCEPT_COMMAND);
   }
@@ -2322,7 +2373,7 @@ var HookInstaller = class {
 };
 
 // src/notification/NotificationService.ts
-var import_node_path3 = require("path");
+var import_node_path4 = require("path");
 var NotificationService = class {
   constructor(sessionManager, expoChannel = null) {
     this.sessionManager = sessionManager;
@@ -2418,7 +2469,7 @@ var NotificationService = class {
     const dangerLevel = this.getDangerLevel(request.toolName);
     const isDangerous = dangerLevel === "danger" || dangerLevel === "write";
     const categoryId = isDangerous ? "APPROVAL_DANGEROUS" : "APPROVAL_NORMAL";
-    const projectName = (0, import_node_path3.basename)(
+    const projectName = (0, import_node_path4.basename)(
       this.sessionManager.getActiveSessions().find((s) => s.id === request.sessionId)?.projectPath ?? ""
     );
     const pushTitle = isDangerous ? `\u26A0\uFE0F ${title}` : title;
@@ -2474,7 +2525,7 @@ var NotificationService = class {
   /** 从审批请求中提取操作目标的简短描述 */
   extractTarget(request) {
     const input = request.toolInput;
-    if (input.file_path) return (0, import_node_path3.basename)(String(input.file_path));
+    if (input.file_path) return (0, import_node_path4.basename)(String(input.file_path));
     if (input.command) return String(input.command).slice(0, 40);
     return request.description.slice(0, 40);
   }
@@ -2577,7 +2628,7 @@ var NotificationService = class {
   getSessionTitle(sessionId) {
     const session = this.sessionManager.getActiveSessions().find((s) => s.id === sessionId);
     if (!session) return "Unknown";
-    return session.summary ?? (0, import_node_path3.basename)(session.projectPath);
+    return session.summary ?? (0, import_node_path4.basename)(session.projectPath);
   }
   /** 获取会话的 YOLO 模式状态 */
   getYoloMode(sessionId) {
@@ -2585,9 +2636,9 @@ var NotificationService = class {
   }
 };
 
-// src/notification/MacNotificationChannel.ts
-var import_node_child_process = require("child_process");
-var MacNotificationChannel = class {
+// src/notification/DesktopNotificationChannel.ts
+var import_node_child_process3 = require("child_process");
+var DesktopNotificationChannel = class {
   isAvailable() {
     return process.platform === "darwin";
   }
@@ -2598,9 +2649,9 @@ var MacNotificationChannel = class {
     const sound = payload.sound ?? "Ping";
     const script = `display notification "${body}" with title "${title}" sound name "${sound}"`;
     return new Promise((resolve) => {
-      (0, import_node_child_process.execFile)("osascript", ["-e", script], (err) => {
+      (0, import_node_child_process3.execFile)("osascript", ["-e", script], (err) => {
         if (err) {
-          console.warn("[MacNotificationChannel] Send notification failed:", err.message);
+          console.warn("[DesktopNotificationChannel] Send notification failed:", err.message);
         }
         resolve();
       });
@@ -3213,6 +3264,9 @@ var PairingManager = class {
     this.close();
     return result;
   }
+  updateToken(newToken) {
+    this.token = newToken;
+  }
   getRemainingSeconds() {
     if (this._state !== "open") return 0;
     return Math.max(0, Math.ceil((this.deadline - Date.now()) / 1e3));
@@ -3226,11 +3280,11 @@ var PairingManager = class {
 };
 
 // src/auth/AuthManager.ts
+var import_child_process2 = require("child_process");
 var import_child_process3 = require("child_process");
-var import_child_process4 = require("child_process");
 var import_util = require("util");
 var import_events2 = require("events");
-var execFileAsync = (0, import_util.promisify)(import_child_process4.execFile);
+var execFileAsync = (0, import_util.promisify)(import_child_process3.execFile);
 var CLAUDE_PATH2 = findClaudePath();
 var LOGIN_TIMEOUT_MS = 5 * 60 * 1e3;
 var AuthManager = class extends import_events2.EventEmitter {
@@ -3261,7 +3315,7 @@ var AuthManager = class extends import_events2.EventEmitter {
     }
     this.clearLoginTimeout();
     this.urlSent = false;
-    const proc = (0, import_child_process3.spawn)(CLAUDE_PATH2, ["auth", "login"], {
+    const proc = (0, import_child_process2.spawn)(CLAUDE_PATH2, ["auth", "login"], {
       env: { ...process.env, BROWSER: "echo" },
       stdio: ["pipe", "pipe", "pipe"]
     });
@@ -3345,17 +3399,122 @@ var AuthManager = class extends import_events2.EventEmitter {
 
 // src/server.ts
 var import_promises5 = require("fs/promises");
+
+// src/terminal/TerminalExecutor.ts
+var import_node_child_process4 = require("child_process");
+var import_uuid4 = require("uuid");
+var EXEC_TIMEOUT_MS = 5 * 60 * 1e3;
+var TerminalExecutor = class {
+  processes = /* @__PURE__ */ new Map();
+  eventCallbacks = [];
+  onEvent(callback) {
+    this.eventCallbacks.push(callback);
+    return () => {
+      const idx = this.eventCallbacks.indexOf(callback);
+      if (idx !== -1) this.eventCallbacks.splice(idx, 1);
+    };
+  }
+  emit(event) {
+    for (const cb of this.eventCallbacks) {
+      try {
+        cb(event);
+      } catch (err) {
+        console.error("[TerminalExecutor] Event callback error:", err);
+      }
+    }
+  }
+  exec(sessionId, command, cwd) {
+    const execId = (0, import_uuid4.v4)();
+    const shell = isWindows ? "powershell" : "bash";
+    const args = isWindows ? ["-Command", command] : ["-c", command];
+    const proc = (0, import_node_child_process4.spawn)(shell, args, {
+      cwd,
+      stdio: ["ignore", "pipe", "pipe"],
+      env: { ...process.env }
+    });
+    this.processes.set(execId, proc);
+    proc.stdout?.on("data", (chunk) => {
+      this.emit({
+        type: "terminal_output",
+        sessionId,
+        execId,
+        stream: "stdout",
+        data: chunk.toString()
+      });
+    });
+    proc.stderr?.on("data", (chunk) => {
+      this.emit({
+        type: "terminal_output",
+        sessionId,
+        execId,
+        stream: "stderr",
+        data: chunk.toString()
+      });
+    });
+    proc.on("exit", (code, signal) => {
+      clearTimeout(timer);
+      this.processes.delete(execId);
+      this.emit({
+        type: "terminal_exit",
+        sessionId,
+        execId,
+        code,
+        signal
+      });
+    });
+    const timer = setTimeout(() => {
+      if (this.processes.has(execId)) {
+        killProcessCrossPlatform(proc);
+      }
+    }, EXEC_TIMEOUT_MS);
+    console.log(`[TerminalExecutor] exec ${execId}: ${command.substring(0, 100)} (cwd: ${cwd})`);
+    return execId;
+  }
+  kill(execId) {
+    const proc = this.processes.get(execId);
+    if (proc) {
+      killProcessCrossPlatform(proc);
+      console.log(`[TerminalExecutor] kill ${execId}`);
+    }
+  }
+  destroy() {
+    for (const [execId, proc] of this.processes) {
+      killProcessCrossPlatform(proc);
+      console.log(`[TerminalExecutor] cleanup ${execId}`);
+    }
+    this.processes.clear();
+    this.eventCallbacks.length = 0;
+  }
+};
+
+// src/server.ts
 var WS_PORT = 3745;
 var HTTP_PORT = 3746;
-var execAsync = (0, import_node_util.promisify)(import_node_child_process2.exec);
+var execAsync = (0, import_node_util.promisify)(import_node_child_process5.exec);
 async function killPortProcess(port) {
   try {
-    const { stdout } = await execAsync(`lsof -ti :${port}`);
-    const pids = stdout.trim().split("\n").filter((p) => p && /^\d+$/.test(p));
-    if (pids.length > 0) {
-      await execAsync(`kill -9 ${pids.join(" ")}`);
-      await new Promise((resolve) => setTimeout(resolve, 600));
+    if (isWindows) {
+      const { stdout } = await execAsync(
+        `netstat -ano | findstr :${port} | findstr LISTENING`
+      );
+      const pids = /* @__PURE__ */ new Set();
+      for (const line of stdout.trim().split("\n")) {
+        const parts = line.trim().split(/\s+/);
+        const pid = parts[parts.length - 1];
+        if (pid && /^\d+$/.test(pid) && pid !== "0") pids.add(pid);
+      }
+      for (const pid of pids) {
+        await execAsync(`taskkill /PID ${pid} /F`).catch(() => {
+        });
+      }
+    } else {
+      const { stdout } = await execAsync(`lsof -ti :${port}`);
+      const pids = stdout.trim().split("\n").filter((p) => p && /^\d+$/.test(p));
+      if (pids.length > 0) {
+        await execAsync(`kill -9 ${pids.join(" ")}`);
+      }
     }
+    await new Promise((resolve) => setTimeout(resolve, 600));
   } catch {
   }
 }
@@ -3373,8 +3532,8 @@ async function createWithRetry(label, port, factory) {
   }
 }
 async function start(opts = {}) {
-  const configDir = (0, import_node_path4.join)((0, import_node_os5.homedir)(), ".sessix");
-  const tokenFile = (0, import_node_path4.join)(configDir, "token");
+  const configDir = (0, import_node_path5.join)((0, import_node_os6.homedir)(), ".sessix");
+  const tokenFile = (0, import_node_path5.join)(configDir, "token");
   let token;
   if (opts.token !== void 0) {
     token = opts.token;
@@ -3386,7 +3545,7 @@ async function start(opts = {}) {
       try {
         token = (await (0, import_promises4.readFile)(tokenFile, "utf8")).trim();
       } catch {
-        token = (0, import_uuid4.v4)();
+        token = (0, import_uuid5.v4)();
         await (0, import_promises4.mkdir)(configDir, { recursive: true });
         await (0, import_promises4.writeFile)(tokenFile, token, "utf8");
       }
@@ -3394,10 +3553,24 @@ async function start(opts = {}) {
   }
   const provider = new ProcessProvider();
   const sessionManager = new SessionManager(provider);
+  const terminalExecutor = new TerminalExecutor();
+  const wsBridge = await createWithRetry(
+    "WsBridge",
+    WS_PORT,
+    () => WsBridge.create({ port: WS_PORT, token })
+  );
+  const unreadSessionIds = /* @__PURE__ */ new Set();
+  sessionManager.onEvent((event) => {
+    if (event.type === "status_change" && (event.status === "idle" || event.status === "error")) {
+      if (!wsBridge.isViewingSession(event.sessionId)) {
+        unreadSessionIds.add(event.sessionId);
+      }
+    }
+  });
   const expoChannel = new ExpoNotificationChannel();
   const notificationService = new NotificationService(sessionManager, expoChannel);
   notificationService.addChannel("expo", expoChannel, opts.enableExpoPush !== false);
-  notificationService.addChannel("mac", new MacNotificationChannel(), opts.enableMacNotification !== false);
+  notificationService.addChannel("mac", new DesktopNotificationChannel(), opts.enableMacNotification !== false);
   if (opts.activityPush) {
     try {
       const activityChannel = new ActivityPushChannel(opts.activityPush);
@@ -3408,11 +3581,6 @@ async function start(opts = {}) {
       console.log(`[Server] ${t("server.activityPushContinue")}`);
     }
   }
-  const wsBridge = await createWithRetry(
-    "WsBridge",
-    WS_PORT,
-    () => WsBridge.create({ port: WS_PORT, token })
-  );
   const sessionFileWatcher = new SessionFileWatcher((event) => {
     wsBridge.broadcast(event);
   });
@@ -3424,7 +3592,7 @@ async function start(opts = {}) {
   let mdnsService = null;
   const pairingManager = new PairingManager({
     token,
-    serverName: (0, import_node_os5.hostname)(),
+    serverName: (0, import_node_os6.hostname)(),
     version: "0.2.0",
     onStateChange: (state) => mdnsService?.updatePairingState(state)
   });
@@ -3441,7 +3609,6 @@ async function start(opts = {}) {
       });
     }
   });
-  const unreadSessionIds = /* @__PURE__ */ new Set();
   notificationService.setGlobalPendingCountProvider(
     () => approvalProxy.getPendingCount() + sessionManager.getAllPendingQuestions().length + unreadSessionIds.size
   );
@@ -3472,6 +3639,8 @@ async function start(opts = {}) {
       switch (event.type) {
         case "create_session": {
           await (0, import_promises4.mkdir)(event.projectPath, { recursive: true });
+          const resumeId = event.resumeSessionId ?? event.newSessionId;
+          if (resumeId) sessionFileWatcher.unwatch(resumeId);
           await sessionManager.createSession(
             event.projectPath,
             event.message,
@@ -3489,6 +3658,7 @@ async function start(opts = {}) {
           break;
         }
         case "send_message": {
+          sessionFileWatcher.unwatch(event.sessionId);
           await sessionManager.sendMessage(event.sessionId, event.message, event.permissionMode, event.images);
           wsBridge.broadcast({
             type: "session_list",
@@ -3577,6 +3747,10 @@ async function start(opts = {}) {
               code: "PROJECT_LIST_ERROR"
             });
           }
+          wsBridge.send(ws, {
+            type: "session_list",
+            sessions: sessionManager.getActiveSessions()
+          });
           break;
         }
         case "list_sessions": {
@@ -3671,6 +3845,20 @@ async function start(opts = {}) {
           notificationService.setSoundPreferences(event.preferences);
           break;
         }
+        case "terminal_exec": {
+          const activeSession = sessionManager.getActiveSessions().find((s) => s.id === event.sessionId);
+          const cwd = activeSession?.projectPath ?? sessionManager.getSessionProjectPath(event.sessionId);
+          if (!cwd) {
+            wsBridge.send(ws, { type: "error", code: "TERMINAL_EXEC_ERROR", message: "Session not found or no project path", sessionId: event.sessionId });
+            break;
+          }
+          terminalExecutor.exec(event.sessionId, event.command, cwd);
+          break;
+        }
+        case "terminal_kill": {
+          terminalExecutor.kill(event.execId);
+          break;
+        }
         case "register_activity_push_token": {
           notificationService.addActivityPushToken(event.sessionId, event.token);
           break;
@@ -3742,12 +3930,14 @@ async function start(opts = {}) {
   sessionManager.onEvent((event) => {
     wsBridge.broadcast(event);
     if (event.type === "status_change" && (event.status === "idle" || event.status === "error")) {
-      if (!wsBridge.isViewingSession(event.sessionId)) {
-        unreadSessionIds.add(event.sessionId);
+      if (unreadSessionIds.has(event.sessionId)) {
         broadcastUnreadSessions();
       }
     }
   });
+  terminalExecutor.onEvent((event) => {
+    wsBridge.broadcast(event);
+  });
   wsBridge.onDisconnect(() => {
     if (wsBridge.getConnectionCount() === 0 && approvalProxy.getPendingCount() > 0) {
       approvalProxy.approveAll(t("server.phoneDisconnected"));
@@ -3794,12 +3984,17 @@ async function start(opts = {}) {
   }));
   const startMdns = () => {
     if (mdnsService) return;
-    mdnsService = new MdnsService({
-      wsPort: WS_PORT,
-      httpPort: HTTP_PORT,
-      pairing: pairingManager.state
-    });
-    mdnsService.start();
+    try {
+      mdnsService = new MdnsService({
+        wsPort: WS_PORT,
+        httpPort: HTTP_PORT,
+        pairing: pairingManager.state
+      });
+      mdnsService.start();
+    } catch (err) {
+      console.warn(`[Server] mDNS failed to start (non-fatal): ${err.message}`);
+      mdnsService = null;
+    }
   };
   const stopMdns = () => {
     if (!mdnsService) return;
@@ -3842,6 +4037,7 @@ async function start(opts = {}) {
     await attempt(() => wsBridge.close(), "WebSocket");
     await attempt(() => approvalProxy.close(), "ApprovalProxy");
     await attempt(() => sessionManager.destroy(), "SessionManager");
+    await attempt(() => terminalExecutor.destroy(), "TerminalExecutor");
     await attempt(() => notificationService.destroy(), "NotificationService");
     await attempt(() => sessionFileWatcher.destroy(), "SessionFileWatcher");
     if (errors.length > 0) {
@@ -3850,7 +4046,7 @@ async function start(opts = {}) {
     }
     console.log(`[Server] ${t("server.shutdownComplete")}`);
   };
-  return {
+  const instance = {
     token,
     wsPort: WS_PORT,
     httpPort: HTTP_PORT,
@@ -3868,15 +4064,28 @@ async function start(opts = {}) {
       }
     },
     openPairing: (duration) => pairingManager.open(duration),
-    closePairing: () => pairingManager.close()
+    closePairing: () => pairingManager.close(),
+    regenerateToken: async () => {
+      const newToken = (0, import_uuid5.v4)();
+      await (0, import_promises4.mkdir)(configDir, { recursive: true });
+      await (0, import_promises4.writeFile)(tokenFile, newToken, "utf8");
+      instance.token = newToken;
+      wsBridge.updateToken(newToken);
+      approvalProxy.updateToken(newToken);
+      pairingManager.updateToken(newToken);
+      pairingManager.open();
+      console.log(`[Server] ${t("server.tokenRegenerated", { token: newToken })}`);
+      return newToken;
+    }
   };
+  return instance;
 }
 
 // src/index.ts
 var import_qrcode_terminal = __toESM(require("qrcode-terminal"));
 function getPackageVersion() {
   try {
-    const pkg = JSON.parse((0, import_node_fs2.readFileSync)((0, import_node_path5.join)(__dirname, "..", "package.json"), "utf8"));
+    const pkg = JSON.parse((0, import_node_fs3.readFileSync)((0, import_node_path6.join)(__dirname, "..", "package.json"), "utf8"));
     return pkg.version ?? "0.0.0";
   } catch {
     return "0.0.0";
@@ -3941,6 +4150,7 @@ async function main() {
   console.log(t("startup.waitingConnection"));
   console.log();
   console.log(t("startup.pairingOpen"));
+  console.log(t("startup.pressT"));
   console.log();
   fetchLatestVersion().then((latest) => {
     if (!latest || latest === PKG_VERSION) return;
@@ -3971,6 +4181,23 @@ async function main() {
         console.log(`
 ${t("startup.pairingReopened")}`);
       }
+      if (key === "t" || key === "T") {
+        server.regenerateToken().then((newToken) => {
+          console.log();
+          console.log(`  ${t("startup.tokenRegenerated")}`);
+          console.log(t("startup.token", { token: newToken }));
+          console.log();
+          const newQrUrl = buildQrUrl(getLocalIp(), server.wsPort, newToken);
+          console.log(t("startup.scanToPair"));
+          import_qrcode_terminal.default.generate(newQrUrl, { small: true }, (qr) => {
+            qr.split("\n").forEach((line) => console.log(`  ${line}`));
+          });
+          console.log();
+        }).catch((err) => {
+          console.error(`
+  ${t("startup.tokenRegenerateFailed")}`, err);
+        });
+      }
       if (key === "") {
         shutdown("SIGINT");
       }
@@ -3978,10 +4205,11 @@ ${t("startup.pairingReopened")}`);
   } else {
     process.on("SIGINT", () => shutdown("SIGINT"));
     process.on("SIGTERM", () => shutdown("SIGTERM"));
+    process.on("SIGHUP", () => shutdown("SIGHUP"));
   }
 }
 function getLocalIp() {
-  const interfaces = (0, import_node_os6.networkInterfaces)();
+  const interfaces = (0, import_node_os7.networkInterfaces)();
   for (const iface of Object.values(interfaces)) {
     for (const addr of iface ?? []) {
       if (addr.family === "IPv4" && !addr.internal) {
@@ -3989,7 +4217,7 @@ function getLocalIp() {
       }
     }
   }
-  return "<your-mac-ip>";
+  return "<your-ip>";
 }
 function buildQrUrl(ip, wsPort, token) {
   const base = `sessix://${ip}:${wsPort}`;