termbeam 1.15.2 → 1.17.0

package/src/server/routes.js

@@ -34,7 +34,7 @@ function validateMagicBytes(buffer, contentType) {
   return true;
 }
 
-function setupRoutes(app, { auth, sessions, config, state }) {
+function setupRoutes(app, { auth, sessions, config, state, pushManager }) {
   const pageRateLimit = rateLimit({
     windowMs: 1 * 60 * 1000,
     max: 120,
@@ -101,23 +101,142 @@ function setupRoutes(app, { auth, sessions, config, state }) {
 
     try {
       const info = await checkForUpdate({ currentVersion: config.version, force });
-      const installInfo = detectInstallMethod();
-      state.updateInfo = { ...info, ...installInfo };
+      const { installCmd, installArgs, ...publicInstallInfo } = detectInstallMethod();
+      state.updateInfo = { ...info, ...publicInstallInfo };
       res.json(state.updateInfo);
     } catch (err) {
       log.warn(`Update check failed: ${err.message}`);
-      const installInfo = detectInstallMethod();
+      const { installCmd, installArgs, ...publicInstallInfo } = detectInstallMethod();
       const fallback = {
         current: config.version,
         latest: null,
         updateAvailable: false,
-        ...installInfo,
+        ...publicInstallInfo,
       };
       state.updateInfo = fallback;
       res.json(fallback);
     }
   });
 
+  // Trigger update — rate limited to 1 per 5 minutes
+  const updateTriggerLimit = rateLimit({
+    windowMs: 5 * 60 * 1000,
+    max: 1,
+    standardHeaders: true,
+    legacyHeaders: false,
+    handler: (_req, res) =>
+      res
+        .status(429)
+        .json({ error: 'Update already attempted recently. Try again in a few minutes.' }),
+  });
+
+  app.post('/api/update', auth.middleware, updateTriggerLimit, async (req, res) => {
+    const { detectInstallMethod } = require('../utils/update-check');
+    const { getUpdateState, executeUpdate, resetState } = require('../utils/update-executor');
+
+    const currentState = getUpdateState();
+    if (currentState.status !== 'idle' && currentState.status !== 'failed') {
+      return res.status(409).json({ error: 'Update already in progress', state: currentState });
+    }
+    // Reset state if retrying after a failure
+    if (currentState.status === 'failed') resetState();
+
+    const installInfo = detectInstallMethod();
+    if (!installInfo.canAutoUpdate) {
+      return res.status(400).json({
+        error: 'Auto-update not available for this installation method',
+        method: installInfo.method,
+        command: installInfo.command,
+        canAutoUpdate: false,
+      });
+    }
+
+    // Respond immediately — update runs in background
+    res.json({ status: 'updating', method: installInfo.method });
+
+    // Broadcast progress to WebSocket clients
+    const broadcastProgress = (updateStatus) => {
+      if (state.wss) {
+        const msg = JSON.stringify({ type: 'update-progress', ...updateStatus });
+        state.wss.clients.forEach((client) => {
+          if (client.readyState === 1) {
+            try {
+              client.send(msg);
+            } catch {
+              // Client may have disconnected
+            }
+          }
+        });
+      }
+    };
+
+    // Build the restart handler
+    const performRestart = async () => {
+      if (installInfo.restartStrategy === 'pm2') {
+        // PM2 restart — PM2 will bring the process back up
+        const { execFile: execFileCb } = require('child_process');
+        const serviceName = process.env.pm_id || 'termbeam';
+        broadcastProgress({
+          status: 'restarting',
+          phase: 'Restarting via PM2...',
+          restartStrategy: 'pm2',
+        });
+        // Give WS messages time to reach clients
+        await new Promise((r) => setTimeout(r, 1000));
+        // Use async execFile so WS messages can flush before the restart
+        execFileCb('pm2', ['restart', serviceName], { timeout: 10000, stdio: 'ignore' }, (err) => {
+          if (err) {
+            log.warn(`PM2 restart failed: ${err.message}`);
+            // Fall back to exit
+            sessions.shutdown();
+            process.exit(0);
+          }
+        });
+      } else {
+        // Exit strategy — clean shutdown, user must restart manually
+        broadcastProgress({
+          status: 'restarting',
+          phase: 'Update installed. Server shutting down...',
+          restartStrategy: 'exit',
+        });
+        // Close all WS connections with "Service Restart" close code
+        if (state.wss) {
+          state.wss.clients.forEach((client) => {
+            try {
+              client.close(1012, 'Server updated — please restart');
+            } catch {
+              // ignore
+            }
+          });
+        }
+        // Give WS close frames time to be sent
+        await new Promise((r) => setTimeout(r, 1000));
+        sessions.shutdown();
+        process.exit(0);
+      }
+    };
+
+    // Execute update in background (don't await in request handler)
+    executeUpdate({
+      currentVersion: config.version,
+      installCmd: installInfo.installCmd,
+      installArgs: installInfo.installArgs,
+      command: installInfo.command,
+      method: installInfo.method,
+      restartStrategy: installInfo.restartStrategy,
+      onProgress: broadcastProgress,
+      performRestart,
+    }).catch((err) => {
+      log.error(`Update execution error: ${err.message}`);
+    });
+  });
+
+  // Poll update status (fallback for when WS isn't connected)
+  app.get('/api/update/status', apiRateLimit, auth.middleware, (_req, res) => {
+    const { getUpdateState } = require('../utils/update-executor');
+    res.json(getUpdateState());
+  });
+
   // Share token auto-login middleware: validates ?ott= param, sets session cookie, redirects to clean URL
   function autoLogin(req, res, next) {
     const { ott } = req.query;
@@ -149,6 +268,9 @@ function setupRoutes(app, { auth, sessions, config, state }) {
   app.get('/terminal', pageRateLimit, autoLogin, auth.middleware, (_req, res) =>
     res.sendFile('index.html', { root: PUBLIC_DIR }),
   );
+  app.get('/code/:sessionId', pageRateLimit, autoLogin, auth.middleware, (_req, res) =>
+    res.sendFile('index.html', { root: PUBLIC_DIR }),
+  );
 
   // Share token — generates a temporary share token for the share button
   app.get('/api/share-token', auth.middleware, (req, res) => {
@@ -517,6 +639,105 @@ function setupRoutes(app, { auth, sessions, config, state }) {
     }
   });
 
+  // Recursive file tree for a session's CWD
+  app.get('/api/sessions/:id/file-tree', apiRateLimit, auth.middleware, (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const MAX_DEPTH = 5;
+    const MAX_ENTRIES = 2000;
+    const EXCLUDED = new Set([
+      'node_modules',
+      '.git',
+      '__pycache__',
+      'coverage',
+      '.next',
+      'dist',
+      'build',
+    ]);
+
+    let depth = 3;
+    if (typeof req.query.depth !== 'undefined') {
+      const parsedDepth = parseInt(req.query.depth, 10);
+      if (Number.isNaN(parsedDepth)) {
+        return res.status(400).json({ error: 'Invalid depth' });
+      }
+      depth = parsedDepth;
+    }
+    depth = Math.min(Math.max(depth, 1), MAX_DEPTH);
+    const rootDir = path.resolve(session.cwd);
+    let totalEntries = 0;
+
+    function buildTree(dir, currentDepth) {
+      let dirents;
+      try {
+        dirents = fs.readdirSync(dir, { withFileTypes: true });
+      } catch {
+        return [];
+      }
+
+      const entries = [];
+      const filtered = dirents
+        .filter((e) => {
+          if (e.name.startsWith('.')) return false;
+          if (EXCLUDED.has(e.name)) return false;
+          try {
+            return !fs.lstatSync(path.join(dir, e.name)).isSymbolicLink();
+          } catch {
+            return false;
+          }
+        })
+        .sort((a, b) => {
+          const aDir = a.isDirectory();
+          const bDir = b.isDirectory();
+          if (aDir !== bDir) return aDir ? -1 : 1;
+          return a.name.localeCompare(b.name);
+        });
+
+      for (const e of filtered) {
+        if (totalEntries >= MAX_ENTRIES) break;
+        totalEntries++;
+
+        const fullPath = path.join(dir, e.name);
+        const relativePath = path.relative(rootDir, fullPath);
+        const isDir = e.isDirectory();
+
+        if (isDir) {
+          const children = currentDepth < depth ? buildTree(fullPath, currentDepth + 1) : [];
+          entries.push({
+            name: e.name,
+            type: 'directory',
+            path: relativePath.replace(/\\/g, '/'),
+            children,
+          });
+        } else {
+          let size = 0;
+          try {
+            size = fs.statSync(fullPath).size;
+          } catch {
+            // ignore stat errors
+          }
+          entries.push({
+            name: e.name,
+            type: 'file',
+            path: relativePath.replace(/\\/g, '/'),
+            size,
+          });
+        }
+      }
+
+      return entries;
+    }
+
+    try {
+      const tree = buildTree(rootDir, 1);
+      res.json({ root: rootDir, tree });
+    } catch (err) {
+      log.warn(`File tree failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to build file tree' });
+    }
+  });
+
   // Download a file from within a session's CWD
   app.get('/api/sessions/:id/download', apiRateLimit, auth.middleware, (req, res) => {
     const session = sessions.get(req.params.id);
@@ -610,6 +831,95 @@ function setupRoutes(app, { auth, sessions, config, state }) {
     }
   });
 
+  // --- Git change endpoints ---
+
+  const { getDetailedStatus, getFileDiff, getFileBlame, getGitLog } = require('../utils/git');
+
+  function validateFilePath(file) {
+    if (!file || typeof file !== 'string') return false;
+    if (path.isAbsolute(file)) return false;
+    const normalized = path.normalize(file);
+    if (normalized.startsWith('..') || normalized.includes(`..${path.sep}`)) return false;
+    return true;
+  }
+
+  app.get('/api/sessions/:id/git/status', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    try {
+      const status = await getDetailedStatus(session.cwd);
+      res.json(status);
+    } catch (err) {
+      log.warn(`Git status failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get git status' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/diff', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const file = req.query.file;
+    if (!validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid or missing file parameter' });
+    }
+
+    const staged = req.query.staged === 'true';
+    const untracked = req.query.untracked === 'true';
+    let context;
+    if (req.query.context !== undefined) {
+      const parsed = parseInt(req.query.context, 10);
+      if (Number.isFinite(parsed)) {
+        context = Math.min(Math.max(parsed, 0), 99999);
+      }
+    }
+    try {
+      const diff = await getFileDiff(session.cwd, file, { staged, untracked, context });
+      res.json(diff);
+    } catch (err) {
+      log.warn(`Git diff failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get diff' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/blame', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const file = req.query.file;
+    if (!validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid or missing file parameter' });
+    }
+
+    try {
+      const blame = await getFileBlame(session.cwd, file);
+      res.json(blame);
+    } catch (err) {
+      log.warn(`Git blame failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get blame' });
+    }
+  });
+
+  app.get('/api/sessions/:id/git/log', apiRateLimit, auth.middleware, async (req, res) => {
+    const session = sessions.get(req.params.id);
+    if (!session) return res.status(404).json({ error: 'Session not found' });
+
+    const limit = Math.min(Math.max(parseInt(req.query.limit, 10) || 20, 1), 100);
+    const file = req.query.file;
+    if (file && !validateFilePath(file)) {
+      return res.status(400).json({ error: 'Invalid file parameter' });
+    }
+
+    try {
+      const logResult = await getGitLog(session.cwd, { limit, file: file || null });
+      res.json(logResult);
+    } catch (err) {
+      log.warn(`Git log failed: ${err.message}`);
+      res.status(500).json({ error: 'Failed to get git log' });
+    }
+  });
+
   // Directory listing for folder browser
   app.get('/api/dirs', apiRateLimit, auth.middleware, (req, res) => {
     log.debug(`Directory listing requested: ${req.query.q || config.cwd}`);
@@ -631,6 +941,41 @@ function setupRoutes(app, { auth, sessions, config, state }) {
       res.json({ base: dir, dirs: [], truncated: false });
     }
   });
+
+  // --- Push notification endpoints ---
+  if (pushManager) {
+    app.get('/api/push/vapid-key', apiRateLimit, auth.middleware, (_req, res) => {
+      const publicKey = pushManager.getPublicKey();
+      if (!publicKey) {
+        return res.status(503).json({ error: 'Push notifications not configured' });
+      }
+      res.json({ publicKey });
+    });
+
+    app.post('/api/push/subscribe', apiRateLimit, auth.middleware, (req, res) => {
+      const { subscription } = req.body || {};
+      if (
+        !subscription ||
+        !subscription.endpoint ||
+        !subscription.keys ||
+        !subscription.keys.p256dh ||
+        !subscription.keys.auth
+      ) {
+        return res.status(400).json({ error: 'Invalid subscription object' });
+      }
+      pushManager.subscribe(subscription);
+      res.json({ ok: true });
+    });
+
+    app.delete('/api/push/unsubscribe', apiRateLimit, auth.middleware, (req, res) => {
+      const { endpoint } = req.body || {};
+      if (!endpoint) {
+        return res.status(400).json({ error: 'Missing endpoint' });
+      }
+      pushManager.unsubscribe(endpoint);
+      res.json({ ok: true });
+    });
+  }
 }
 
 function cleanupUploadedFiles() {

package/src/server/sessions.js

@@ -101,6 +101,41 @@ const SESSION_COLORS = [
 class SessionManager {
   constructor() {
     this.sessions = new Map();
+    /** @type {((event: {sessionId: string, sessionName: string}) => void)|null} */
+    this.onCommandComplete = null;
+  }
+
+  /** Emit a command-complete notification (push + WS broadcast). */
+  _emitNotification(id, session) {
+    const notification = {
+      notificationType: 'command-complete',
+      sessionName: session.name,
+      timestamp: Date.now(),
+    };
+
+    // Send push notification (works even when app is closed)
+    if (this.onCommandComplete) {
+      this.onCommandComplete({ sessionId: id, sessionName: session.name });
+    }
+
+    // Broadcast to connected WebSocket clients
+    const notifMsg = JSON.stringify({ type: 'notification', ...notification });
+    let delivered = false;
+    for (const ws of session.clients) {
+      if (ws.readyState === 1) {
+        ws.send(notifMsg);
+        delivered = true;
+      }
+    }
+
+    // Only store as pending if no clients received it — prevents
+    // duplicate notification when user taps push and app reconnects
+    if (!delivered) {
+      session.pendingNotifications.push(notification);
+      if (session.pendingNotifications.length > 5) {
+        session.pendingNotifications = session.pendingNotifications.slice(-5);
+      }
+    }
   }
 
   create({
@@ -162,6 +197,7 @@ class SessionManager {
       createdAt: new Date().toISOString(),
       lastActivity: Date.now(),
       clients: new Set(),
+      pendingNotifications: [],
       scrollback: [],
       scrollbackBuf: '',
       hasHadClient: false,
@@ -175,6 +211,36 @@ class SessionManager {
       session.lastActivity = Date.now();
       session.scrollbackBuf += data;
 
+      // Silence-based notification: only active when the shell has a direct
+      // child process (session._hasDirectChild). This handles interactive
+      // agents (Copilot CLI, Claude Code) that stay running but spawn
+      // subtasks. When subtask output goes silent for 5 seconds after
+      // sustained activity, that's "task completed."
+      if (session._hasDirectChild) {
+        const now = Date.now();
+        if (!session._outputBurstStart) session._outputBurstStart = now;
+        session._outputBytes = (session._outputBytes || 0) + data.length;
+        clearTimeout(session._silenceTimer);
+
+        // Only fire after 5s silence following ≥1s activity with ≥100 bytes
+        const duration = now - session._outputBurstStart;
+        if (duration >= 1000 && session._outputBytes >= 100) {
+          session._silenceTimer = setTimeout(() => {
+            const cooldownOk =
+              !session._lastNotifyTime || Date.now() - session._lastNotifyTime >= 30000;
+            if (cooldownOk) {
+              session._lastNotifyTime = Date.now();
+              log.info(
+                `Command idle in "${session.name}" (${Math.round(duration / 1000)}s activity, ${session._outputBytes} bytes)`,
+              );
+              this._emitNotification(id, session);
+            }
+            session._outputBurstStart = null;
+            session._outputBytes = 0;
+          }, 5000);
+        }
+      }
+
       // Track alt screen mode so reconnecting clients can re-enter it.
       // Carry a small tail between chunks so split escape sequences are detected.
       const scanBuf = session._altScanTail + data;
@@ -219,7 +285,83 @@ class SessionManager {
       }
     });
 
+    // Monitor DIRECT child processes of the shell to detect command completion.
+    // Two notification triggers:
+    // 1. Direct child exits (e.g., `sleep 10` finishes, `copilot` quits)
+    // 2. Silence detection (in onData above) fires when output stops for 5s
+    //    while a child IS running (e.g., Copilot CLI agent finishes a task)
+    if (process.platform !== 'win32') {
+      const shellPid = ptyProcess.pid;
+      let prevChildren = new Set();
+      let childCheckCount = 0;
+      const POLL_INTERVAL = 2000;
+      const NOTIFY_COOLDOWN = 30000;
+
+      let pollInFlight = false;
+      const checkChildren = () => {
+        if (pollInFlight) return;
+        if (!this.sessions.has(id)) return;
+        pollInFlight = true;
+
+        const { exec } = require('child_process');
+
+        exec(
+          `ps -ax -o pid=,ppid= | awk -v p=${shellPid} '$2 == p { print $1 }'`,
+          { timeout: 2000 },
+          (err, stdout) => {
+            pollInFlight = false;
+            if (err) return;
+            const currentChildren = new Set(
+              (stdout || '')
+                .trim()
+                .split('\n')
+                .filter(Boolean)
+                .map((s) => s.trim()),
+            );
+            childCheckCount++;
+
+            // Update the flag used by silence detection in onData
+            session._hasDirectChild = currentChildren.size > 0;
+
+            // Skip initial checks — shell startup spawns profile/completion children
+            if (childCheckCount <= 3) {
+              prevChildren = currentChildren;
+              return;
+            }
+
+            // Check if any previously-seen direct child has exited
+            const exited = [...prevChildren].filter((pid) => !currentChildren.has(pid));
+
+            if (exited.length > 0 && prevChildren.size > 0) {
+              // Direct child exited — clear silence timer (prevent double notification)
+              clearTimeout(session._silenceTimer);
+              session._outputBurstStart = null;
+              session._outputBytes = 0;
+
+              const now = Date.now();
+              if (!session._lastNotifyTime || now - session._lastNotifyTime >= NOTIFY_COOLDOWN) {
+                session._lastNotifyTime = now;
+                log.info(
+                  `Command completed in "${session.name}" (PID ${exited.join(',')} exited, ${currentChildren.size} remaining)`,
+                );
+                this._emitNotification(id, session);
+              }
+            }
+
+            prevChildren = currentChildren;
+          },
+        );
+      };
+
+      session._childMonitor = setInterval(checkChildren, POLL_INTERVAL);
+      if (typeof session._childMonitor.unref === 'function') {
+        session._childMonitor.unref();
+      }
+    }
+
     ptyProcess.onExit(({ exitCode }) => {
+      clearInterval(session._childMonitor);
+      clearTimeout(session._silenceTimer);
       log.info(`Session "${name}" (${id}) exited (code ${exitCode})`);
       for (const ws of session.clients) {
         if (ws.readyState === 1) ws.send(JSON.stringify({ type: 'exit', code: exitCode }));
@@ -260,6 +402,7 @@ class SessionManager {
     if (!s) return false;
     log.info(`Session "${s.name}" deleted (id=${id})`);
     _gitCache.delete(id);
+    clearInterval(s._childMonitor);
     s.pty.kill();
     return true;
   }
@@ -289,6 +432,7 @@ class SessionManager {
     log.info(`Shutting down ${this.sessions.size} session(s)`);
     for (const [_id, s] of this.sessions) {
       try {
+        clearInterval(s._childMonitor);
         s.pty.kill();
       } catch (err) {
         log.warn(`Failed to kill session ${_id}: ${err.message}`);

package/src/server/websocket.js

@@ -82,10 +82,22 @@ function setupWebSocket(wss, { auth, sessions }) {
     }
 
     const pingInterval = setInterval(() => {
-      if (ws.readyState === 1) ws.ping();
-    }, 30000);
+      if (ws.readyState === 1) {
+        if (ws._pongPending) {
+          // Previous ping never got a pong — connection is dead
+          ws.terminate();
+          return;
+        }
+        ws._pongPending = true;
+        ws.ping();
+      }
+    }, 15000);
     if (typeof pingInterval.unref === 'function') pingInterval.unref();
 
+    ws.on('pong', () => {
+      ws._pongPending = false;
+    });
+
     let authenticated = !auth.password;
     let attached = null;
 
@@ -166,6 +178,13 @@ function setupWebSocket(wss, { auth, sessions }) {
             }
           }
           ws.send(JSON.stringify({ type: 'attached', sessionId: msg.sessionId }));
+          // Deliver any command-complete notifications that fired while disconnected
+          if (session.pendingNotifications.length > 0) {
+            for (const n of session.pendingNotifications) {
+              ws.send(JSON.stringify({ type: 'notification', ...n }));
+            }
+            session.pendingNotifications = [];
+          }
           log.info(`Client attached to session ${msg.sessionId}`);
           return;
         }