termbeam 1.15.1 → 1.16.0

package/src/server/push.js

@@ -0,0 +1,118 @@
+const webpush = require('web-push');
+const { getOrCreateVapidKeys } = require('../utils/vapid');
+const log = require('../utils/logger');
+
+class PushManager {
+  constructor(configDir) {
+    this.configDir = configDir;
+    this.subscriptions = new Map(); // endpoint -> subscription object
+    this.vapidKeys = null;
+  }
+
+  /**
+   * Initialize VAPID keys and configure web-push.
+   * Call once during server start.
+   */
+  async init() {
+    this.vapidKeys = getOrCreateVapidKeys(this.configDir);
+    webpush.setVapidDetails(
+      this.vapidKeys.subject,
+      this.vapidKeys.publicKey,
+      this.vapidKeys.privateKey,
+    );
+    log.info('Push notification manager initialized');
+  }
+
+  /**
+   * Register a push subscription.
+   * @param {{ endpoint: string, keys: { p256dh: string, auth: string } }} subscription
+   */
+  subscribe(subscription) {
+    if (!this.vapidKeys) {
+      log.warn('Push subscription rejected — VAPID not initialized');
+      return;
+    }
+    this.subscriptions.set(subscription.endpoint, subscription);
+    log.info(`Push subscription registered (${this.subscriptions.size} total)`);
+  }
+
+  /**
+   * Remove a push subscription by endpoint.
+   * @param {string} endpoint
+   */
+  unsubscribe(endpoint) {
+    const removed = this.subscriptions.delete(endpoint);
+    if (removed) {
+      log.debug(`Push subscription removed (${this.subscriptions.size} total)`);
+    }
+  }
+
+  /**
+   * Send a push notification to all registered subscriptions.
+   * Removes subscriptions that return 410 Gone or 404 Not Found.
+   * @param {{ title: string, body: string, tag?: string, sessionId?: string }} payload
+   */
+  async notify(payload) {
+    if (this.subscriptions.size === 0) {
+      log.debug('Push: no subscriptions registered, skipping notification');
+      return;
+    }
+
+    if (!this.vapidKeys) {
+      log.debug('Push: VAPID not initialized, skipping');
+      return;
+    }
+
+    log.info(`Push: sending to ${this.subscriptions.size} subscription(s): ${payload.title}`);
+
+    const body = JSON.stringify(payload);
+    const stale = [];
+
+    const results = await Promise.allSettled(
+      [...this.subscriptions.entries()].map(async ([endpoint, sub]) => {
+        try {
+          await webpush.sendNotification(sub, body, {
+            TTL: 300,
+            urgency: 'normal',
+          });
+          log.debug(`Push sent successfully to ${endpoint.slice(0, 50)}...`);
+          sub._failCount = 0;
+        } catch (err) {
+          if (err.statusCode === 410 || err.statusCode === 404) {
+            stale.push(endpoint);
+            log.debug(`Removing stale push subscription (${err.statusCode})`);
+          } else {
+            sub._failCount = (sub._failCount || 0) + 1;
+            log.warn(
+              `Push notification failed (attempt ${sub._failCount}): ${err.message}` +
+                (err.statusCode ? ` (HTTP ${err.statusCode})` : '') +
+                (err.body ? ` — ${String(err.body).slice(0, 200)}` : ''),
+            );
+            if (sub._failCount >= 5) {
+              stale.push(endpoint);
+              log.warn(`Push subscription removed after ${sub._failCount} consecutive failures`);
+            }
+          }
+        }
+      }),
+    );
+
+    for (const endpoint of stale) {
+      this.subscriptions.delete(endpoint);
+    }
+
+    log.debug(
+      `Push notifications sent: ${results.length} attempted, ${stale.length} stale removed`,
+    );
+  }
+
+  /**
+   * Return the VAPID public key for frontend subscription.
+   * @returns {string}
+   */
+  getPublicKey() {
+    return this.vapidKeys ? this.vapidKeys.publicKey : null;
+  }
+}
+
+module.exports = { PushManager };

package/src/server/routes.js

@@ -34,7 +34,7 @@ function validateMagicBytes(buffer, contentType) {
   return true;
 }
 
-function setupRoutes(app, { auth, sessions, config, state }) {
+function setupRoutes(app, { auth, sessions, config, state, pushManager }) {
   const pageRateLimit = rateLimit({
     windowMs: 1 * 60 * 1000,
     max: 120,
@@ -149,6 +149,9 @@ function setupRoutes(app, { auth, sessions, config, state }) {
   app.get('/terminal', pageRateLimit, autoLogin, auth.middleware, (_req, res) =>
     res.sendFile('index.html', { root: PUBLIC_DIR }),
   );
+  app.get('/code/:sessionId', pageRateLimit, autoLogin, auth.middleware, (_req, res) =>
+    res.sendFile('index.html', { root: PUBLIC_DIR }),
+  );
 
   // Share token — generates a temporary share token for the share button
   app.get('/api/share-token', auth.middleware, (req, res) => {
@@ -517,6 +520,105 @@ function setupRoutes(app, { auth, sessions, config, state }) {
     }
   });
 
+  // Recursive file tree for a session's CWD
+  app.get('/api/sessions/:id/file-tree', apiRateLimit, auth.middleware, (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const MAX_DEPTH = 5;
+    const MAX_ENTRIES = 2000;
+    const EXCLUDED = new Set([
+      'node_modules',
+      '.git',
+      '__pycache__',
+      'coverage',
+      '.next',
+      'dist',
+      'build',
+    ]);
+
+    let depth = 3;
+    if (typeof req.query.depth !== 'undefined') {
+      const parsedDepth = parseInt(req.query.depth, 10);
+      if (Number.isNaN(parsedDepth)) {
+        return res.status(400).json({ error: 'Invalid depth' });
+      }
+      depth = parsedDepth;
+    }
+    depth = Math.min(Math.max(depth, 1), MAX_DEPTH);
+    const rootDir = path.resolve(session.cwd);
+    let totalEntries = 0;
+
+    function buildTree(dir, currentDepth) {
+      let dirents;
+      try {
+        dirents = fs.readdirSync(dir, { withFileTypes: true });
+      } catch {
+        return [];
+      }
+
+      const entries = [];
+      const filtered = dirents
+        .filter((e) => {
+          if (e.name.startsWith('.')) return false;
+          if (EXCLUDED.has(e.name)) return false;
+          try {
+            return !fs.lstatSync(path.join(dir, e.name)).isSymbolicLink();
+          } catch {
+            return false;
+          }
+        })
+        .sort((a, b) => {
+          const aDir = a.isDirectory();
+          const bDir = b.isDirectory();
+          if (aDir !== bDir) return aDir ? -1 : 1;
+          return a.name.localeCompare(b.name);
+        });
+
+      for (const e of filtered) {
+        if (totalEntries >= MAX_ENTRIES) break;
+        totalEntries++;
+
+        const fullPath = path.join(dir, e.name);
+        const relativePath = path.relative(rootDir, fullPath);
+        const isDir = e.isDirectory();
+
+        if (isDir) {
+          const children = currentDepth < depth ? buildTree(fullPath, currentDepth + 1) : [];
+          entries.push({
+            name: e.name,
+            type: 'directory',
+            path: relativePath.replace(/\\/g, '/'),
+            children,
+          });
+        } else {
+          let size = 0;
+          try {
+            size = fs.statSync(fullPath).size;
+          } catch {
+            // ignore stat errors
+          }
+          entries.push({
+            name: e.name,
+            type: 'file',
+            path: relativePath.replace(/\\/g, '/'),
+            size,
+          });
+        }
+      }
+
+      return entries;
+    }
+
+    try {
+      const tree = buildTree(rootDir, 1);
+      res.json({ root: rootDir, tree });
+    } catch (err) {
+      log.warn(`File tree failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to build file tree' });
+    }
+  });
+
   // Download a file from within a session's CWD
   app.get('/api/sessions/:id/download', apiRateLimit, auth.middleware, (req, res) => {
     const session = sessions.get(req.params.id);
@@ -610,6 +712,95 @@ function setupRoutes(app, { auth, sessions, config, state }) {
     }
   });
 
+  // --- Git change endpoints ---
+
+  const { getDetailedStatus, getFileDiff, getFileBlame, getGitLog } = require('../utils/git');
+
+  function validateFilePath(file) {
+    if (!file || typeof file !== 'string') return false;
+    if (path.isAbsolute(file)) return false;
+    const normalized = path.normalize(file);
+    if (normalized.startsWith('..') || normalized.includes(`..${path.sep}`)) return false;
+    return true;
+  }
+
+  app.get('/api/sessions/:id/git/status', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    try {
+      const status = await getDetailedStatus(session.cwd);
+      res.json(status);
+    } catch (err) {
+      log.warn(`Git status failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get git status' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/diff', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const file = req.query.file;
+    if (!validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid or missing file parameter' });
+    }
+
+    const staged = req.query.staged === 'true';
+    const untracked = req.query.untracked === 'true';
+    let context;
+    if (req.query.context !== undefined) {
+      const parsed = parseInt(req.query.context, 10);
+      if (Number.isFinite(parsed)) {
+        context = Math.min(Math.max(parsed, 0), 99999);
+      }
+    }
+    try {
+      const diff = await getFileDiff(session.cwd, file, { staged, untracked, context });
+      res.json(diff);
+    } catch (err) {
+      log.warn(`Git diff failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get diff' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/blame', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const file = req.query.file;
+    if (!validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid or missing file parameter' });
+    }
+
+    try {
+      const blame = await getFileBlame(session.cwd, file);
+      res.json(blame);
+    } catch (err) {
+      log.warn(`Git blame failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get blame' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/log', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const limit = Math.min(Math.max(parseInt(req.query.limit, 10) || 20, 1), 100);
+    const file = req.query.file;
+    if (file && !validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid file parameter' });
+    }
+
+    try {
+      const logResult = await getGitLog(session.cwd, { limit, file: file || null });
+      res.json(logResult);
+    } catch (err) {
+      log.warn(`Git log failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get git log' });
+    }
+  });
+
   // Directory listing for folder browser
   app.get('/api/dirs', apiRateLimit, auth.middleware, (req, res) => {
     log.debug(`Directory listing requested: ${req.query.q || config.cwd}`);
@@ -631,6 +822,41 @@ function setupRoutes(app, { auth, sessions, config, state }) {
       res.json({ base: dir, dirs: [], truncated: false });
     }
   });
+
+  // --- Push notification endpoints ---
+  if (pushManager) {
+    app.get('/api/push/vapid-key', apiRateLimit, auth.middleware, (_req, res) => {
+      const publicKey = pushManager.getPublicKey();
+      if (!publicKey) {
+        return res.status(503).json({ error: 'Push notifications not configured' });
+      }
+      res.json({ publicKey });
+    });
+
+    app.post('/api/push/subscribe', apiRateLimit, auth.middleware, (req, res) => {
+      const { subscription } = req.body || {};
+      if (
+        !subscription ||
+        !subscription.endpoint ||
+        !subscription.keys ||
+        !subscription.keys.p256dh ||
+        !subscription.keys.auth
+      ) {
+        return res.status(400).json({ error: 'Invalid subscription object' });
+      }
+      pushManager.subscribe(subscription);
+      res.json({ ok: true });
+    });
+
+    app.delete('/api/push/unsubscribe', apiRateLimit, auth.middleware, (req, res) => {
+      const { endpoint } = req.body || {};
+      if (!endpoint) {
+        return res.status(400).json({ error: 'Missing endpoint' });
+      }
+      pushManager.unsubscribe(endpoint);
+      res.json({ ok: true });
+    });
+  }
 }
 
 function cleanupUploadedFiles() {

package/src/server/sessions.js

@@ -101,6 +101,41 @@ const SESSION_COLORS = [
 class SessionManager {
   constructor() {
     this.sessions = new Map();
+    /** @type {((event: {sessionId: string, sessionName: string}) => void)|null} */
+    this.onCommandComplete = null;
+  }
+
+  /** Emit a command-complete notification (push + WS broadcast). */
+  _emitNotification(id, session) {
+    const notification = {
+      notificationType: 'command-complete',
+      sessionName: session.name,
+      timestamp: Date.now(),
+    };
+
+    // Send push notification (works even when app is closed)
+    if (this.onCommandComplete) {
+      this.onCommandComplete({ sessionId: id, sessionName: session.name });
+    }
+
+    // Broadcast to connected WebSocket clients
+    const notifMsg = JSON.stringify({ type: 'notification', ...notification });
+    let delivered = false;
+    for (const ws of session.clients) {
+      if (ws.readyState === 1) {
+        ws.send(notifMsg);
+        delivered = true;
+      }
+    }
+
+    // Only store as pending if no clients received it — prevents
+    // duplicate notification when user taps push and app reconnects
+    if (!delivered) {
+      session.pendingNotifications.push(notification);
+      if (session.pendingNotifications.length > 5) {
+        session.pendingNotifications = session.pendingNotifications.slice(-5);
+      }
+    }
   }
 
   create({
@@ -162,6 +197,7 @@ class SessionManager {
       createdAt: new Date().toISOString(),
       lastActivity: Date.now(),
       clients: new Set(),
+      pendingNotifications: [],
       scrollback: [],
       scrollbackBuf: '',
       hasHadClient: false,
@@ -175,6 +211,36 @@ class SessionManager {
       session.lastActivity = Date.now();
       session.scrollbackBuf += data;
 
+      // Silence-based notification: only active when the shell has a direct
+      // child process (session._hasDirectChild). This handles interactive
+      // agents (Copilot CLI, Claude Code) that stay running but spawn
+      // subtasks. When subtask output goes silent for 5 seconds after
+      // sustained activity, that's "task completed."
+      if (session._hasDirectChild) {
+        const now = Date.now();
+        if (!session._outputBurstStart) session._outputBurstStart = now;
+        session._outputBytes = (session._outputBytes || 0) + data.length;
+        clearTimeout(session._silenceTimer);
+
+        // Only fire after 5s silence following ≥1s activity with ≥100 bytes
+        const duration = now - session._outputBurstStart;
+        if (duration >= 1000 && session._outputBytes >= 100) {
+          session._silenceTimer = setTimeout(() => {
+            const cooldownOk =
+              !session._lastNotifyTime || Date.now() - session._lastNotifyTime >= 30000;
+            if (cooldownOk) {
+              session._lastNotifyTime = Date.now();
+              log.info(
+                `Command idle in "${session.name}" (${Math.round(duration / 1000)}s activity, ${session._outputBytes} bytes)`,
+              );
+              this._emitNotification(id, session);
+            }
+            session._outputBurstStart = null;
+            session._outputBytes = 0;
+          }, 5000);
+        }
+      }
+
       // Track alt screen mode so reconnecting clients can re-enter it.
       // Carry a small tail between chunks so split escape sequences are detected.
       const scanBuf = session._altScanTail + data;
@@ -219,7 +285,83 @@ class SessionManager {
       }
     });
 
+    // Monitor DIRECT child processes of the shell to detect command completion.
+    // Two notification triggers:
+    // 1. Direct child exits (e.g., `sleep 10` finishes, `copilot` quits)
+    // 2. Silence detection (in onData above) fires when output stops for 5s
+    //    while a child IS running (e.g., Copilot CLI agent finishes a task)
+    if (process.platform !== 'win32') {
+      const shellPid = ptyProcess.pid;
+      let prevChildren = new Set();
+      let childCheckCount = 0;
+      const POLL_INTERVAL = 2000;
+      const NOTIFY_COOLDOWN = 30000;
+
+      let pollInFlight = false;
+      const checkChildren = () => {
+        if (pollInFlight) return;
+        if (!this.sessions.has(id)) return;
+        pollInFlight = true;
+
+        const { exec } = require('child_process');
+
+        exec(
+          `ps -ax -o pid=,ppid= | awk -v p=${shellPid} '$2 == p { print $1 }'`,
+          { timeout: 2000 },
+          (err, stdout) => {
+            pollInFlight = false;
+            if (err) return;
+            const currentChildren = new Set(
+              (stdout || '')
+                .trim()
+                .split('\n')
+                .filter(Boolean)
+                .map((s) => s.trim()),
+            );
+            childCheckCount++;
+
+            // Update the flag used by silence detection in onData
+            session._hasDirectChild = currentChildren.size > 0;
+
+            // Skip initial checks — shell startup spawns profile/completion children
+            if (childCheckCount <= 3) {
+              prevChildren = currentChildren;
+              return;
+            }
+
+            // Check if any previously-seen direct child has exited
+            const exited = [...prevChildren].filter((pid) => !currentChildren.has(pid));
+
+            if (exited.length > 0 && prevChildren.size > 0) {
+              // Direct child exited — clear silence timer (prevent double notification)
+              clearTimeout(session._silenceTimer);
+              session._outputBurstStart = null;
+              session._outputBytes = 0;
+
+              const now = Date.now();
+              if (!session._lastNotifyTime || now - session._lastNotifyTime >= NOTIFY_COOLDOWN) {
+                session._lastNotifyTime = now;
+                log.info(
+                  `Command completed in "${session.name}" (PID ${exited.join(',')} exited, ${currentChildren.size} remaining)`,
+                );
+                this._emitNotification(id, session);
+              }
+            }
+
+            prevChildren = currentChildren;
+          },
+        );
+      };
+
+      session._childMonitor = setInterval(checkChildren, POLL_INTERVAL);
+      if (typeof session._childMonitor.unref === 'function') {
+        session._childMonitor.unref();
+      }
+    }
+
     ptyProcess.onExit(({ exitCode }) => {
+      clearInterval(session._childMonitor);
+      clearTimeout(session._silenceTimer);
       log.info(`Session "${name}" (${id}) exited (code ${exitCode})`);
       for (const ws of session.clients) {
         if (ws.readyState === 1) ws.send(JSON.stringify({ type: 'exit', code: exitCode }));
@@ -260,6 +402,7 @@ class SessionManager {
     if (!s) return false;
     log.info(`Session "${s.name}" deleted (id=${id})`);
     _gitCache.delete(id);
+    clearInterval(s._childMonitor);
     s.pty.kill();
     return true;
   }
@@ -289,6 +432,7 @@ class SessionManager {
     log.info(`Shutting down ${this.sessions.size} session(s)`);
     for (const [_id, s] of this.sessions) {
       try {
+        clearInterval(s._childMonitor);
         s.pty.kill();
       } catch (err) {
         log.warn(`Failed to kill session ${_id}: ${err.message}`);

package/src/server/websocket.js

@@ -82,10 +82,22 @@ function setupWebSocket(wss, { auth, sessions }) {
     }
 
     const pingInterval = setInterval(() => {
-      if (ws.readyState === 1) ws.ping();
-    }, 30000);
+      if (ws.readyState === 1) {
+        if (ws._pongPending) {
+          // Previous ping never got a pong — connection is dead
+          ws.terminate();
+          return;
+        }
+        ws._pongPending = true;
+        ws.ping();
+      }
+    }, 15000);
     if (typeof pingInterval.unref === 'function') pingInterval.unref();
 
+    ws.on('pong', () => {
+      ws._pongPending = false;
+    });
+
     let authenticated = !auth.password;
     let attached = null;
 
@@ -166,6 +178,13 @@ function setupWebSocket(wss, { auth, sessions }) {
             }
           }
           ws.send(JSON.stringify({ type: 'attached', sessionId: msg.sessionId }));
+          // Deliver any command-complete notifications that fired while disconnected
+          if (session.pendingNotifications.length > 0) {
+            for (const n of session.pendingNotifications) {
+              ws.send(JSON.stringify({ type: 'notification', ...n }));
+            }
+            session.pendingNotifications = [];
+          }
           log.info(`Client attached to session ${msg.sessionId}`);
           return;
         }