salvacybersec/CodeNomad
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(desktop): restore managed Node server startup (#348)

Browse Source 
## Summary
- revert the Bun standalone desktop packaging path and restore the
server's original `dist/bin.js` bootstrap flow
- add a managed Node runtime for Electron and Tauri that downloads only
the current platform/arch artifact into `~/.config/codenomad`
- update desktop startup and packaging scripts so packaged apps use the
managed runtime consistently, and clean up Electron's expected
navigation-abort log noise

## Testing
- npm run typecheck --workspace @neuralnomads/codenomad-electron-app
- cargo check
- npm run build --workspace @neuralnomads/codenomad
- npm run build:mac --workspace @neuralnomads/codenomad-electron-app
- launch
`packages/electron-app/release/mac-arm64/CodeNomad.app/Contents/MacOS/CodeNomad`
and verify the packaged server reaches ready with the managed Node
runtime
This commit is contained in:
Shantur Rathore
2026-04-26 13:20:47 +01:00
committed by GitHub
parent e708c565ef
commit fd57bd11a6
28 changed files with 1962 additions and 2348 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
.github/workflows/build-and-upload.yml vendored
View File

@@ -53,7 +53,7 @@ on:
# least-privilege (e.g. dev CI uses read-only; releases grant write).
env:
NODE_VERSION: 22
NODE_VERSION: 20
jobs:
build-macos:
@@ -372,7 +372,7 @@ jobs:
if [ "$attempt" -gt 1 ]; then
echo "Retrying Tauri CLI install (attempt $attempt)..."
fi
npm install @tauri-apps/cli@2.10.1 @tauri-apps/cli-darwin-x64@2.10.1 --no-save --no-audit --no-fund --workspaces=false
npm install @tauri-apps/cli@2.9.4 @tauri-apps/cli-darwin-x64@2.9.4 --no-save --no-audit --no-fund --workspaces=false
node -e "require('@tauri-apps/cli'); console.log('Tauri CLI loaded')" && exit 0
done
echo "Tauri CLI failed to load after retries" >&2
@@ -456,7 +456,7 @@ jobs:
if [ "$attempt" -gt 1 ]; then
echo "Retrying Tauri CLI install (attempt $attempt)..."
fi
npm install @tauri-apps/cli@2.10.1 @tauri-apps/cli-darwin-arm64@2.10.1 --no-save --no-audit --no-fund --workspaces=false
npm install @tauri-apps/cli@2.9.4 @tauri-apps/cli-darwin-arm64@2.9.4 --no-save --no-audit --no-fund --workspaces=false
node -e "require('@tauri-apps/cli'); console.log('Tauri CLI loaded')" && exit 0
done
echo "Tauri CLI failed to load after retries" >&2
@@ -542,7 +542,7 @@ jobs:
if [ "$attempt" -gt 1 ]; then
echo "Retrying Tauri CLI install (attempt $attempt)..."
fi
npm install @tauri-apps/cli@2.10.1 @tauri-apps/cli-win32-x64-msvc@2.10.1 --no-save --no-audit --no-fund --workspaces=false
npm install @tauri-apps/cli@2.9.4 @tauri-apps/cli-win32-x64-msvc@2.9.4 --no-save --no-audit --no-fund --workspaces=false
node -e "require('@tauri-apps/cli'); console.log('Tauri CLI loaded')" && exit 0
done
echo "Tauri CLI failed to load after retries" >&2
@@ -614,7 +614,6 @@ jobs:
sudo apt-get install -y \
build-essential \
pkg-config \
xdg-utils \
libgtk-3-dev \
libglib2.0-dev \
libwebkit2gtk-4.1-dev \
@@ -643,7 +642,6 @@ jobs:
if [ "$attempt" -gt 1 ]; then
echo "Retrying Tauri CLI install (attempt $attempt)..."
fi
# Tauri CLI 2.10.1 regresses Linux AppImage bundling in CI; keep Linux on the last known-good CLI.
npm install @tauri-apps/cli@2.9.4 @tauri-apps/cli-linux-x64-gnu@2.9.4 --no-save --no-audit --no-fund --workspaces=false
node -e "require('@tauri-apps/cli'); console.log('Tauri CLI loaded')" && exit 0
done
@@ -743,7 +741,6 @@ jobs:
sudo apt-get install -y \
build-essential \
pkg-config \
xdg-utils \
gcc-aarch64-linux-gnu \
g++-aarch64-linux-gnu \
libgtk-3-dev:arm64 \

2
.github/workflows/release-ui.yml vendored
View File

@@ -14,7 +14,7 @@ permissions:
contents: read
env:
NODE_VERSION: 22
NODE_VERSION: 20
jobs:
release-ui:

2
.github/workflows/reusable-release.yml vendored
View File

@@ -39,7 +39,7 @@ permissions:
contents: write
env:
NODE_VERSION: 22
NODE_VERSION: 20
jobs:
prepare-release:

1216
package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

40
packages/electron-app/electron/main/main.ts
View File

@@ -116,10 +116,20 @@ function loadLoadingScreen(window: BrowserWindow) {
: window.loadFile(target.source)
loader.catch((error) => {
if (isIgnorableNavigationError(error)) {
return
}
console.error("[cli] failed to load loading screen:", error)
})
}
return loader
function isIgnorableNavigationError(error: unknown): boolean {
if (!error || typeof error !== "object") {
return false
}
const code = "code" in error ? String((error as { code?: unknown }).code ?? "") : ""
return code === "ERR_ABORTED" || code === "ERR_FAILED"
}
function getAllowedRendererOrigins(window?: BrowserWindow | null): string[] {
@@ -294,7 +304,7 @@ function createWindow() {
showingLoadingScreen = true
currentCliUrl = null
clearWindowAllowedOrigin(window)
const loadingReady = loadLoadingScreen(window)
loadLoadingScreen(window)
if (process.env.NODE_ENV === "development") {
window.webContents.openDevTools({ mode: "detach" })
@@ -313,7 +323,11 @@ function createWindow() {
showingLoadingScreen = false
})
return loadingReady
if (pendingCliUrl) {
const url = pendingCliUrl
pendingCliUrl = null
startCliPreload(url)
}
}
function showLoadingScreen(force = false) {
@@ -384,6 +398,9 @@ function startCliPreload(url: string) {
})
view.webContents.loadURL(url).catch((error) => {
if (isIgnorableNavigationError(error)) {
return
}
console.error("[cli] failed to preload CLI view:", error)
if (preloadingView === view) {
destroyPreloadingView(view)
@@ -404,7 +421,12 @@ function finalizeCliSwap(url: string) {
currentCliUrl = url
setWindowAllowedOrigin(window, url)
pendingCliUrl = null
window.loadURL(url).catch((error) => console.error("[cli] failed to load CLI view:", error))
window.loadURL(url).catch((error) => {
if (isIgnorableNavigationError(error)) {
return
}
console.error("[cli] failed to load CLI view:", error)
})
}
function buildRemoteWindowTitle(name: string, baseUrl: string) {
@@ -620,8 +642,7 @@ app.whenReady().then(() => {
// ignore
}
const loadingReady = createWindow()
;(mainWindow as BrowserWindow & { __codenomadOpenRemoteWindow?: typeof openRemoteWindow }).__codenomadOpenRemoteWindow = openRemoteWindow
startCli()
if (isMac) {
session.defaultSession.setSpellCheckerEnabled(false)
@@ -638,11 +659,8 @@ app.whenReady().then(() => {
}
}
void loadingReady.finally(() => {
setTimeout(() => {
void startCli()
}, 0)
})
createWindow()
;(mainWindow as BrowserWindow & { __codenomadOpenRemoteWindow?: typeof openRemoteWindow }).__codenomadOpenRemoteWindow = openRemoteWindow
app.on("certificate-error", (event, _webContents, url, error, _certificate, callback) => {
if (isInsecureOriginAllowed(url)) {

283
packages/electron-app/electron/main/managed-node.ts Normal file
View File

@@ -0,0 +1,283 @@
import { dialog, app } from "electron"
import { createHash } from "node:crypto"
import fs from "node:fs"
import { createWriteStream } from "node:fs"
import { mkdir, mkdtemp, rename, rm, stat } from "node:fs/promises"
import https from "node:https"
import os from "node:os"
import path from "node:path"
import { pipeline } from "node:stream/promises"
import { spawn } from "node:child_process"
const MANAGED_NODE_VERSION = "v22.22.2"
const CONFIG_DIR = path.join(app.getPath("home"), ".config", "codenomad")
interface NodeArtifactSpec {
archiveName: string
archiveRoot: string
binaryRelativePath: string
url: string
}
function getNodeArtifactSpec(): NodeArtifactSpec {
const platform = process.platform
const arch = process.arch
if (platform === "darwin" && arch === "x64") {
return buildTarGzSpec("darwin-x64")
}
if (platform === "darwin" && arch === "arm64") {
return buildTarGzSpec("darwin-arm64")
}
if (platform === "linux" && arch === "x64") {
return buildTarGzSpec("linux-x64")
}
if (platform === "linux" && arch === "arm64") {
return buildTarGzSpec("linux-arm64")
}
if (platform === "win32" && arch === "x64") {
return buildZipSpec("win-x64", "node.exe")
}
if (platform === "win32" && arch === "arm64") {
return buildZipSpec("win-arm64", "node.exe")
}
throw new Error(`Managed Node runtime is not supported on ${platform}-${arch}.`)
}
function buildTarGzSpec(target: string): NodeArtifactSpec {
const archiveName = `node-${MANAGED_NODE_VERSION}-${target}.tar.gz`
return {
archiveName,
archiveRoot: archiveName.replace(/\.tar\.gz$/, ""),
binaryRelativePath: path.join("bin", "node"),
url: `https://nodejs.org/dist/${MANAGED_NODE_VERSION}/${archiveName}`,
}
}
function buildZipSpec(target: string, binaryName: string): NodeArtifactSpec {
const archiveName = `node-${MANAGED_NODE_VERSION}-${target}.zip`
return {
archiveName,
archiveRoot: archiveName.replace(/\.zip$/, ""),
binaryRelativePath: binaryName,
url: `https://nodejs.org/dist/${MANAGED_NODE_VERSION}/${archiveName}`,
}
}
function getRuntimePlatformDir(): string {
return `${process.platform}-${process.arch}`
}
function getManagedNodeRoot(): string {
return path.join(CONFIG_DIR, "node", MANAGED_NODE_VERSION, getRuntimePlatformDir())
}
function getManagedNodeBinaryPath(): string {
return path.join(getManagedNodeRoot(), getNodeArtifactSpec().binaryRelativePath)
}
function fileExists(filePath: string): boolean {
try {
return fs.existsSync(filePath)
} catch {
return false
}
}
async function fetchText(url: string): Promise<string> {
const response = await request(url)
return response.toString("utf-8")
}
function request(url: string): Promise<Buffer> {
return new Promise((resolve, reject) => {
const doRequest = (target: string) => {
https
.get(target, (response) => {
const statusCode = response.statusCode ?? 0
const redirect = response.headers.location
if (statusCode >= 300 && statusCode < 400 && redirect) {
response.resume()
doRequest(new URL(redirect, target).toString())
return
}
if (statusCode < 200 || statusCode >= 300) {
response.resume()
reject(new Error(`Request failed for ${target} with status ${statusCode}`))
return
}
const chunks: Buffer[] = []
response.on("data", (chunk) => chunks.push(Buffer.isBuffer(chunk) ? chunk : Buffer.from(chunk)))
response.on("end", () => resolve(Buffer.concat(chunks)))
response.on("error", reject)
})
.on("error", reject)
}
doRequest(url)
})
}
function downloadFile(url: string, destination: string): Promise<void> {
return new Promise((resolve, reject) => {
const doDownload = (target: string) => {
https
.get(target, (response) => {
const statusCode = response.statusCode ?? 0
const redirect = response.headers.location
if (statusCode >= 300 && statusCode < 400 && redirect) {
response.resume()
doDownload(new URL(redirect, target).toString())
return
}
if (statusCode < 200 || statusCode >= 300) {
response.resume()
reject(new Error(`Download failed for ${target} with status ${statusCode}`))
return
}
const output = createWriteStream(destination)
pipeline(response, output).then(() => resolve()).catch(reject)
})
.on("error", reject)
}
doDownload(url)
})
}
async function sha256File(filePath: string): Promise<string> {
const hash = createHash("sha256")
await new Promise<void>((resolve, reject) => {
const stream = fs.createReadStream(filePath)
stream.on("data", (chunk) => hash.update(chunk))
stream.on("end", () => resolve())
stream.on("error", reject)
})
return hash.digest("hex")
}
async function fetchExpectedSha256(archiveName: string): Promise<string> {
const checksums = await fetchText(`https://nodejs.org/dist/${MANAGED_NODE_VERSION}/SHASUMS256.txt`)
for (const line of checksums.split(/\r?\n/)) {
const trimmed = line.trim()
if (!trimmed) continue
const [checksum, fileName] = trimmed.split(/\s+/, 2)
if (fileName === archiveName) {
return checksum
}
}
throw new Error(`Unable to find checksum for ${archiveName}.`)
}
function runCommand(command: string, args: string[]): Promise<void> {
return new Promise((resolve, reject) => {
const child = spawn(command, args, { stdio: "ignore", shell: false })
child.on("error", reject)
child.on("exit", (code) => {
if (code === 0) {
resolve()
} else {
reject(new Error(`${command} ${args.join(" ")} exited with code ${code ?? 1}`))
}
})
})
}
async function extractArchive(archivePath: string, destination: string): Promise<void> {
if (archivePath.endsWith(".zip")) {
const command = process.platform === "win32" ? "powershell.exe" : "powershell"
await runCommand(command, [
"-NoProfile",
"-NonInteractive",
"-Command",
"Expand-Archive",
"-LiteralPath",
archivePath,
"-DestinationPath",
destination,
"-Force",
])
return
}
await runCommand("tar", ["-xzf", archivePath, "-C", destination])
}
async function promptForManagedNodeDownload(): Promise<boolean> {
const result = await dialog.showMessageBox({
type: "question",
buttons: ["Download", "Cancel"],
defaultId: 0,
cancelId: 1,
noLink: true,
title: "Download Node Runtime",
message: "CodeNomad needs its managed Node.js runtime to start the server.",
detail: `Download ${MANAGED_NODE_VERSION} for ${process.platform}-${process.arch} into ~/.config/codenomad?`,
})
return result.response === 0
}
async function installManagedNodeRuntime(): Promise<string> {
const spec = getNodeArtifactSpec()
const runtimeRoot = getManagedNodeRoot()
const runtimeParent = path.dirname(runtimeRoot)
await mkdir(runtimeParent, { recursive: true })
const tempRoot = await mkdtemp(path.join(runtimeParent, ".download-"))
const archivePath = path.join(tempRoot, spec.archiveName)
const extractRoot = path.join(tempRoot, "extract")
try {
await mkdir(extractRoot, { recursive: true })
const expectedSha = await fetchExpectedSha256(spec.archiveName)
await downloadFile(spec.url, archivePath)
const actualSha = await sha256File(archivePath)
if (actualSha !== expectedSha) {
throw new Error(`Checksum mismatch for ${spec.archiveName}.`)
}
await extractArchive(archivePath, extractRoot)
const extractedRoot = path.join(extractRoot, spec.archiveRoot)
const extractedBinary = path.join(extractedRoot, spec.binaryRelativePath)
if (!fileExists(extractedBinary)) {
throw new Error(`Managed Node binary missing after extraction: ${extractedBinary}`)
}
await rm(runtimeRoot, { recursive: true, force: true })
await rename(extractedRoot, runtimeRoot)
return path.join(runtimeRoot, spec.binaryRelativePath)
} finally {
await rm(tempRoot, { recursive: true, force: true }).catch(() => undefined)
}
}
export async function ensureManagedNodeBinary(): Promise<string> {
const binaryPath = getManagedNodeBinaryPath()
if (fileExists(binaryPath)) {
return binaryPath
}
const confirmed = await promptForManagedNodeDownload()
if (!confirmed) {
throw new Error("CodeNomad requires the managed Node.js runtime to start. Download was cancelled.")
}
const installedBinary = await installManagedNodeRuntime()
const installedStats = await stat(installedBinary)
if (!installedStats.isFile()) {
throw new Error(`Managed Node binary is invalid: ${installedBinary}`)
}
return installedBinary
}

92
packages/electron-app/electron/main/process-manager.ts
View File

@@ -7,6 +7,7 @@ import os from "os"
import path from "path"
import { fileURLToPath } from "url"
import { parse as parseYaml } from "yaml"
import { ensureManagedNodeBinary } from "./managed-node"
import { buildUserShellCommand, getUserShellEnv, supportsUserShell } from "./user-shell"
const nodeRequire = createRequire(import.meta.url)
@@ -38,8 +39,10 @@ interface StartOptions {
interface CliEntryResolution {
entry: string
runner: "node" | "tsx" | "standalone"
runner: "node" | "tsx"
runnerPath?: string
nodeBinaryPath: string
nodeArgs?: string[]
}
type ManagedChild = ChildProcess | UtilityProcess
@@ -148,14 +151,16 @@ export class CliProcessManager extends EventEmitter {
const listeningMode = this.resolveListeningMode()
const host = resolveHostForMode(listeningMode)
const args = this.buildCliArgs(options, host)
const cliEntry = this.resolveCliEntry(options)
const cliEntry = await this.resolveCliEntry(options)
let child: ManagedChild
if (this.shouldUsePackagedShellSupervisor(options, cliEntry)) {
if (this.shouldUsePackagedShellSupervisor(options)) {
const runtimePath = this.resolveShellNodeCommand()
const entryPath = this.resolveBundledProdEntry()
const supervisorPath = this.resolveCliSupervisorPath()
const shellEnv = supportsUserShell() ? getUserShellEnv() : { ...process.env }
const shellTarget = cliEntry.runner === "standalone" ? this.buildExecutableCommand(cliEntry.entry, args) : this.buildCommand(cliEntry, args)
const shellTarget = this.buildCommand(cliEntry, args)
const shellCommand = buildUserShellCommand(`exec ${shellTarget}`)
const supervisorPayload = JSON.stringify({
command: shellCommand.command,
@@ -164,13 +169,13 @@ export class CliProcessManager extends EventEmitter {
})
console.info(
`[cli] launching CodeNomad CLI (${options.dev ? "dev" : "prod"}) via utility supervisor using ${cliEntry.runner} at ${cliEntry.entry} (host=${host})`,
`[cli] launching CodeNomad CLI (${options.dev ? "dev" : "prod"}) via utility supervisor using node at ${runtimePath} (host=${host})`,
)
console.info(`[cli] utility supervisor: ${supervisorPath}`)
console.info(`[cli] shell command: ${shellCommand.command} ${shellCommand.args.join(" ")}`)
child = utilityProcess.fork(supervisorPath, [supervisorPayload], {
env: cliEntry.runner === "standalone" ? shellEnv : { ...shellEnv, ELECTRON_RUN_AS_NODE: "1" },
env: { ...shellEnv, ELECTRON_RUN_AS_NODE: "1" },
stdio: "pipe",
serviceName: "CodeNomad CLI Supervisor",
})
@@ -181,16 +186,10 @@ export class CliProcessManager extends EventEmitter {
)
const env = supportsUserShell() ? getUserShellEnv() : { ...process.env }
if (cliEntry.runner !== "standalone") {
env.ELECTRON_RUN_AS_NODE = "1"
}
env.ELECTRON_RUN_AS_NODE = "1"
const spawnDetails = supportsUserShell()
? buildUserShellCommand(
`${cliEntry.runner === "standalone" ? "" : "ELECTRON_RUN_AS_NODE=1 "}exec ${
cliEntry.runner === "standalone" ? this.buildExecutableCommand(cliEntry.entry, args) : this.buildCommand(cliEntry, args)
}`,
)
? buildUserShellCommand(`ELECTRON_RUN_AS_NODE=1 exec ${this.buildCommand(cliEntry, args)}`)
: this.buildDirectSpawn(cliEntry, args)
const detached = process.platform !== "win32"
@@ -568,11 +567,10 @@ export class CliProcessManager extends EventEmitter {
}
private buildCommand(cliEntry: CliEntryResolution, args: string[]): string {
if (cliEntry.runner === "standalone") {
return this.buildExecutableCommand(cliEntry.entry, args)
const parts = [JSON.stringify(cliEntry.nodeBinaryPath)]
for (const nodeArg of cliEntry.nodeArgs ?? []) {
parts.push(JSON.stringify(nodeArg))
}
const parts = [JSON.stringify(process.execPath)]
if (cliEntry.runner === "tsx" && cliEntry.runnerPath) {
parts.push(JSON.stringify(cliEntry.runnerPath))
}
@@ -581,33 +579,30 @@ export class CliProcessManager extends EventEmitter {
return parts.join(" ")
}
private buildExecutableCommand(command: string, args: string[]): string {
return [JSON.stringify(command), ...args.map((arg) => JSON.stringify(arg))].join(" ")
}
private buildDirectSpawn(cliEntry: CliEntryResolution, args: string[]) {
if (cliEntry.runner === "standalone") {
return { command: cliEntry.entry, args }
}
if (cliEntry.runner === "tsx") {
return { command: process.execPath, args: [cliEntry.runnerPath!, cliEntry.entry, ...args] }
return { command: cliEntry.nodeBinaryPath, args: [...(cliEntry.nodeArgs ?? []), cliEntry.runnerPath!, cliEntry.entry, ...args] }
}
return { command: process.execPath, args: [cliEntry.entry, ...args] }
return { command: cliEntry.nodeBinaryPath, args: [...(cliEntry.nodeArgs ?? []), cliEntry.entry, ...args] }
}
private resolveCliEntry(options: StartOptions): CliEntryResolution {
private async resolveCliEntry(options: StartOptions): Promise<CliEntryResolution> {
if (options.dev) {
const tsxPath = this.resolveTsx()
if (!tsxPath) {
throw new Error("tsx is required to run the CLI in development mode. Please install dependencies.")
}
const devEntry = this.resolveDevEntry()
return { entry: devEntry, runner: "tsx", runnerPath: tsxPath }
return { entry: devEntry, runner: "tsx", runnerPath: tsxPath, nodeBinaryPath: process.execPath }
}
return { entry: this.resolveStandaloneProdEntry(), runner: "standalone" }
return {
entry: this.resolveProdEntry(),
runner: "node",
nodeBinaryPath: await ensureManagedNodeBinary(),
nodeArgs: ["--experimental-specifier-resolution=node"],
}
}
private resolveTsx(): string | null {
@@ -647,12 +642,11 @@ export class CliProcessManager extends EventEmitter {
return entry
}
private resolveStandaloneProdEntry(): string {
const executableName = process.platform === "win32" ? "codenomad-server.exe" : "codenomad-server"
private resolveProdEntry(): string {
const candidates = [
path.join(process.resourcesPath, "server", "dist", executableName),
path.join(mainDirname, "../resources/server/dist", executableName),
path.resolve(process.cwd(), "..", "server", "dist", executableName),
path.join(process.resourcesPath, "server", "dist", "bin.js"),
path.join(mainDirname, "../resources/server/dist/bin.js"),
path.resolve(process.cwd(), "..", "server", "dist", "bin.js"),
]
for (const candidate of candidates) {
@@ -661,11 +655,11 @@ export class CliProcessManager extends EventEmitter {
}
}
throw new Error(`Unable to locate standalone CodeNomad server executable (${executableName}). Run npm run build:standalone --workspace @neuralnomads/codenomad.`)
throw new Error("Unable to locate the packaged CodeNomad server entrypoint (dist/bin.js). Rebuild the desktop bundle.")
}
private shouldUsePackagedShellSupervisor(options: StartOptions, cliEntry: CliEntryResolution): boolean {
return !options.dev && app.isPackaged && process.platform === "darwin" && cliEntry.runner !== "standalone"
private shouldUsePackagedShellSupervisor(options: StartOptions): boolean {
return false
}
private resolveCliSupervisorPath(): string {
@@ -683,6 +677,26 @@ export class CliProcessManager extends EventEmitter {
throw new Error("Unable to locate CodeNomad CLI supervisor script.")
}
private resolveShellNodeCommand(): string {
const configured = process.env.NODE_BINARY?.trim()
return configured && configured.length > 0 ? configured : "node"
}
private resolveBundledProdEntry(): string {
const candidates = [
path.join(process.resourcesPath, "server", "dist", "bin.js"),
path.join(mainDirname, "../resources/server/dist/bin.js"),
]
for (const candidate of candidates) {
if (existsSync(candidate)) {
return candidate
}
}
throw new Error("Unable to locate bundled CodeNomad CLI build in app resources.")
}
private describeUtilityProcessError(error: unknown): string {
if (error instanceof Error && error.message) {
return error.message

44
packages/electron-app/scripts/build.js
View File

@@ -1,7 +1,7 @@
#!/usr/bin/env node
import { spawn } from "child_process"
import { existsSync, readFileSync } from "fs"
import { existsSync } from "fs"
import path, { join } from "path"
import { fileURLToPath } from "url"
@@ -14,46 +14,6 @@ const npxCmd = process.platform === "win32" ? "npx.cmd" : "npx"
const nodeModulesPath = join(appDir, "node_modules")
const workspaceNodeModulesPath = join(workspaceRoot, "node_modules")
function getPlatformEsbuildPackage() {
const platformKey = `${process.platform}-${process.arch}`
const platformPackages = {
"linux-x64": "@esbuild/linux-x64",
"linux-arm64": "@esbuild/linux-arm64",
"darwin-arm64": "@esbuild/darwin-arm64",
"darwin-x64": "@esbuild/darwin-x64",
"win32-arm64": "@esbuild/win32-arm64",
"win32-x64": "@esbuild/win32-x64",
}
return platformPackages[platformKey] ?? null
}
async function ensureEsbuildPlatformBinary() {
const pkgName = getPlatformEsbuildPackage()
if (!pkgName) {
return
}
const platformPackagePath = join(workspaceNodeModulesPath, ...pkgName.split("/"))
if (existsSync(platformPackagePath)) {
return
}
let esbuildVersion = ""
try {
esbuildVersion = JSON.parse(readFileSync(join(workspaceNodeModulesPath, "esbuild", "package.json"), "utf-8")).version ?? ""
} catch {
// leave version empty; fallback install will use latest compatible
}
const packageSpec = esbuildVersion ? `${pkgName}@${esbuildVersion}` : pkgName
console.log("📦 Step 0/3: Restoring esbuild platform binary...\n")
await run(npmCmd, ["install", packageSpec, "--no-save", "--ignore-scripts", "--fund=false", "--audit=false"], {
cwd: workspaceRoot,
env: { NODE_PATH: workspaceNodeModulesPath },
})
}
const platforms = {
mac: {
args: ["--mac", "--x64", "--arm64"],
@@ -145,8 +105,6 @@ async function build(platform) {
console.log(`\n🔨 Building for: ${config.description}\n`)
try {
await ensureEsbuildPlatformBinary()
console.log("📦 Step 1/3: Building CLI dependency...\n")
await run(npmCmd, ["run", "build", "--workspace", "@neuralnomads/codenomad"], {
cwd: workspaceRoot,

76
packages/electron-app/scripts/prepare-resources.js
View File

@@ -16,7 +16,6 @@ const npmNodeExecPath = process.env.npm_node_execpath
const serverSources = ["dist", "public", "node_modules", "package.json"]
const serverDepsMarker = join(serverRoot, "node_modules", "fastify", "package.json")
const standaloneMarker = join(serverRoot, "dist", process.platform === "win32" ? "codenomad-server.exe" : "codenomad-server")
function log(message) {
console.log(`[prepare-resources] ${message}`)
@@ -30,34 +29,6 @@ function ensureServerBuild() {
}
}
function ensureStandaloneServerBuild() {
log("building standalone server executable")
const result = spawnSync(
"npm",
["run", "build:standalone", "--workspace", "@neuralnomads/codenomad"],
{
cwd: workspaceRoot,
stdio: "inherit",
env: {
...process.env,
PATH: `${join(workspaceRoot, "node_modules", ".bin")}${path.delimiter}${process.env.PATH ?? ""}`,
},
shell: process.platform === "win32",
},
)
if (result.status !== 0) {
if (result.error) {
throw result.error
}
throw new Error(`standalone server build exited with code ${result.status ?? 1}`)
}
if (!fs.existsSync(standaloneMarker)) {
throw new Error(`Standalone server executable missing after build: ${standaloneMarker}`)
}
}
function ensureServerDependencies() {
if (fs.existsSync(serverDepsMarker)) {
return
@@ -94,51 +65,6 @@ function ensureServerDependencies() {
}
}
function ensureEsbuildPlatformBinary() {
const platformKey = `${process.platform}-${process.arch}`
const platformPackages = {
"linux-x64": "@esbuild/linux-x64",
"linux-arm64": "@esbuild/linux-arm64",
"darwin-arm64": "@esbuild/darwin-arm64",
"darwin-x64": "@esbuild/darwin-x64",
"win32-arm64": "@esbuild/win32-arm64",
"win32-x64": "@esbuild/win32-x64",
}
const pkgName = platformPackages[platformKey]
if (!pkgName) {
return
}
const platformPackagePath = join(workspaceRoot, "node_modules", ...pkgName.split("/"))
if (fs.existsSync(platformPackagePath)) {
return
}
let esbuildVersion = ""
try {
esbuildVersion = JSON.parse(fs.readFileSync(join(workspaceRoot, "node_modules", "esbuild", "package.json"), "utf-8")).version ?? ""
} catch {
// leave version empty; fallback install will use latest compatible
}
const packageSpec = esbuildVersion ? `${pkgName}@${esbuildVersion}` : pkgName
log("installing esbuild platform binary (optional dep workaround)")
const result = spawnSync("npm", ["install", packageSpec, "--no-save", "--ignore-scripts", "--fund=false", "--audit=false"], {
cwd: workspaceRoot,
stdio: "inherit",
shell: process.platform === "win32",
})
if (result.status !== 0) {
if (result.error) {
throw result.error
}
throw new Error(`esbuild platform install exited with code ${result.status ?? 1}`)
}
}
function copyServerArtifacts() {
fs.rmSync(serverDest, { recursive: true, force: true })
fs.mkdirSync(serverDest, { recursive: true })
@@ -195,9 +121,7 @@ function stripNodeModuleBins() {
async function main() {
ensureServerBuild()
ensureStandaloneServerBuild()
ensureServerDependencies()
ensureEsbuildPlatformBinary()
copyServerArtifacts()
stripNodeModuleBins()
}

4
packages/opencode-config/package.json
View File

@@ -4,6 +4,6 @@
"private": true,
"license": "MIT",
"dependencies": {
"@opencode-ai/plugin": "1.14.19"
"@opencode-ai/plugin": "1.3.7"
}
}
}

1376
packages/server/package-lock.json generated
View File

File diff suppressed because it is too large Load Diff

12
packages/server/package.json
View File

@@ -18,7 +18,6 @@
},
"scripts": {
"build": "npm run build:ui && npm run prepare-ui && tsc -p tsconfig.json && node ./scripts/copy-auth-pages.mjs && npm run prepare-config",
"build:standalone": "node ./scripts/build-standalone.mjs",
"build:ui": "npm run build --prefix ../ui",
"prepare-ui": "node ./scripts/copy-ui-dist.mjs",
"prepare-config": "node ./scripts/copy-opencode-config.mjs",
@@ -26,16 +25,16 @@
"typecheck": "tsc --noEmit -p tsconfig.json"
},
"dependencies": {
"@fastify/cors": "^11.2.0",
"@fastify/reply-from": "^12.6.2",
"@fastify/static": "^9.1.1",
"@fastify/cors": "^8.5.0",
"@fastify/reply-from": "^9.8.0",
"@fastify/static": "^7.0.4",
"commander": "^12.1.0",
"fastify": "^5.8.5",
"fastify": "^4.28.1",
"fuzzysort": "^2.0.4",
"node-forge": "^1.3.3",
"openai": "^6.27.0",
"pino": "^9.4.0",
"undici": "^8.1.0",
"undici": "^6.19.8",
"yaml": "^2.4.2",
"yauzl": "^2.10.0",
"zod": "^3.23.8"
@@ -43,7 +42,6 @@
"devDependencies": {
"@types/node-forge": "^1.3.14",
"@types/yauzl": "^2.10.0",
"bun": "^1.3.13",
"cross-env": "^7.0.3",
"ts-node": "^10.9.2",
"tsx": "^4.20.6",

99
packages/server/scripts/build-standalone.mjs
View File

@@ -1,99 +0,0 @@
#!/usr/bin/env node
import fs from "fs"
import path from "path"
import { spawnSync } from "child_process"
import { fileURLToPath } from "url"
const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const cliRoot = path.resolve(__dirname, "..")
const distDir = path.join(cliRoot, "dist")
const publicDir = path.join(cliRoot, "public")
const authPagesSourceDir = path.join(distDir, "server", "routes", "auth-pages")
const authPagesTargetDir = path.join(distDir, "auth-pages")
const explicitTarget = process.env.CODENOMAD_STANDALONE_TARGET?.trim()
const outputName = (explicitTarget?.includes("windows") || process.platform === "win32") ? "codenomad-server.exe" : "codenomad-server"
const outputPath = path.join(distDir, outputName)
const packageJsonPath = path.join(cliRoot, "package.json")
function resolveBunCommand() {
const executableName = process.platform === "win32" ? "bun.exe" : "bun"
const localBinName = process.platform === "win32" ? "bun.cmd" : "bun"
const candidates = [
path.join(cliRoot, "node_modules", ".bin", localBinName),
path.join(cliRoot, "..", "..", "node_modules", ".bin", localBinName),
path.join(cliRoot, "node_modules", "bun", "bin", executableName),
path.join(cliRoot, "..", "..", "node_modules", "bun", "bin", executableName),
]
for (const candidate of candidates) {
if (fs.existsSync(candidate)) {
return candidate
}
}
return "bun"
}
function fail(message) {
console.error(`[build-standalone] ${message}`)
process.exit(1)
}
function ensureArtifacts() {
const requiredPaths = [distDir, publicDir, authPagesSourceDir, packageJsonPath]
const missing = requiredPaths.filter((filePath) => !fs.existsSync(filePath))
if (missing.length > 0) {
fail(`Missing required build artifacts: ${missing.join(", ")}. Run npm run build first.`)
}
const bunResult = spawnSync(resolveBunCommand(), ["-v"], { cwd: cliRoot, encoding: "utf-8", shell: process.platform === "win32" })
if (bunResult.status !== 0) {
fail("Bun is required to build the standalone server executable. Install dependencies so the local Bun binary is available.")
}
}
function syncStandaloneAuthPages() {
fs.rmSync(authPagesTargetDir, { recursive: true, force: true })
fs.mkdirSync(path.dirname(authPagesTargetDir), { recursive: true })
fs.cpSync(authPagesSourceDir, authPagesTargetDir, { recursive: true })
}
function buildStandaloneExecutable() {
fs.rmSync(outputPath, { force: true })
const bunCommand = resolveBunCommand()
const args = ["build", "--compile"]
if (explicitTarget) {
args.push(`--target=${explicitTarget}`)
}
args.push(path.join(cliRoot, "src", "index.ts"), "--outfile", outputPath)
const result = spawnSync(bunCommand, args, {
cwd: cliRoot,
stdio: "inherit",
shell: process.platform === "win32",
})
if (result.status !== 0) {
if (result.error) {
throw result.error
}
throw new Error(`bun build --compile exited with code ${result.status ?? 1}`)
}
}
function main() {
ensureArtifacts()
syncStandaloneAuthPages()
buildStandaloneExecutable()
console.log(`[build-standalone] built ${outputPath}`)
}
try {
main()
} catch (error) {
console.error("[build-standalone] failed:", error)
process.exit(1)
}

73
packages/server/scripts/copy-opencode-config.mjs
View File

@@ -1,6 +1,6 @@
#!/usr/bin/env node
import { spawnSync } from "child_process"
import { cpSync, existsSync, mkdirSync, readdirSync, rmSync } from "fs"
import { cpSync, existsSync, mkdirSync, rmSync } from "fs"
import path from "path"
import { fileURLToPath } from "url"
@@ -14,67 +14,6 @@ const selfLinkDir = path.resolve(nodeModulesDir, "@codenomad", "opencode-config"
const npmExecPath = process.env.npm_execpath
const npmNodeExecPath = process.env.npm_node_execpath
function stripNodeModuleBins(rootDir) {
const root = path.join(rootDir, "node_modules")
if (!existsSync(root)) {
return 0
}
const stack = [root]
let removed = 0
while (stack.length > 0) {
const current = stack.pop()
if (!current) break
let entries
try {
entries = readdirSync(current, { withFileTypes: true })
} catch {
continue
}
for (const entry of entries) {
const full = path.join(current, entry.name)
if (entry.name === ".bin") {
rmSync(full, { recursive: true, force: true })
removed += 1
continue
}
if (entry.isDirectory()) {
stack.push(full)
}
}
}
return removed
}
function stripOptionalNativeAddons(rootDir) {
const nodeModulesRoot = path.join(rootDir, "node_modules")
if (!existsSync(nodeModulesRoot)) {
return 0
}
const removablePaths = [
path.join(nodeModulesRoot, "@msgpackr-extract"),
path.join(nodeModulesRoot, "msgpackr-extract"),
]
let removed = 0
for (const targetPath of removablePaths) {
if (!existsSync(targetPath)) {
continue
}
rmSync(targetPath, { recursive: true, force: true })
removed += 1
}
return removed
}
if (!existsSync(sourceDir)) {
console.error(`[copy-opencode-config] Missing source directory at ${sourceDir}`)
process.exit(1)
@@ -119,14 +58,4 @@ rmSync(targetDir, { recursive: true, force: true })
mkdirSync(path.dirname(targetDir), { recursive: true })
cpSync(sourceDir, targetDir, { recursive: true })
const removedBins = stripNodeModuleBins(targetDir)
if (removedBins > 0) {
console.log(`[copy-opencode-config] Removed ${removedBins} node_modules/.bin directories`)
}
const removedNativeAddons = stripOptionalNativeAddons(targetDir)
if (removedNativeAddons > 0) {
console.log(`[copy-opencode-config] Removed ${removedNativeAddons} optional native addon package paths`)
}
console.log(`[copy-opencode-config] Copied ${sourceDir} -> ${targetDir}`)

5
packages/server/src/index.ts
View File

@@ -29,14 +29,13 @@ import { SideCarManager } from "./sidecars/manager"
import { ClientConnectionManager } from "./clients/connection-manager"
import { PluginChannelManager } from "./plugins/channel"
import { VoiceModeManager } from "./plugins/voice-mode"
import { readServerPackageVersion, resolveServerPublicDir } from "./runtime-paths"
const require = createRequire(import.meta.url)
const packageJson = { version: readServerPackageVersion(import.meta.url) }
const packageJson = require("../package.json") as { version: string }
const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const DEFAULT_UI_STATIC_DIR = resolveServerPublicDir(import.meta.url)
const DEFAULT_UI_STATIC_DIR = path.resolve(__dirname, "../public")
interface CliOptions {
host: string

17
packages/server/src/opencode-config.ts
View File

@@ -1,11 +1,22 @@
import { existsSync } from "fs"
import path from "path"
import { fileURLToPath } from "url"
import { createLogger } from "./logger"
import { resolveOpencodeTemplateDir } from "./runtime-paths"
const log = createLogger({ component: "opencode-config" })
const templateDir = resolveOpencodeTemplateDir(import.meta.url)
const __filename = fileURLToPath(import.meta.url)
const __dirname = path.dirname(__filename)
const devTemplateDir = path.resolve(__dirname, "../../opencode-config")
const resourcesPath = (process as NodeJS.Process & { resourcesPath?: string }).resourcesPath
const prodTemplateDirs = [
resourcesPath ? path.resolve(resourcesPath, "opencode-config") : undefined,
path.resolve(__dirname, "opencode-config"),
].filter((dir): dir is string => Boolean(dir))
const isDevBuild = Boolean(process.env.CODENOMAD_DEV ?? process.env.CLI_UI_DEV_SERVER)
const isDevBuild = Boolean(process.env.CODENOMAD_DEV ?? process.env.CLI_UI_DEV_SERVER) || existsSync(devTemplateDir)
const templateDir = isDevBuild
? devTemplateDir
: prodTemplateDirs.find((dir) => existsSync(dir)) ?? prodTemplateDirs[0]
export function getOpencodeConfigDir(): string {
if (!existsSync(templateDir)) {

79
packages/server/src/runtime-paths.ts
View File

@@ -1,79 +0,0 @@
import fs from "fs"
import path from "path"
import { fileURLToPath } from "url"
function safeModuleDir(importMetaUrl: string): string | null {
try {
return path.dirname(fileURLToPath(importMetaUrl))
} catch {
return null
}
}
function firstExistingPath(candidates: Array<string | null | undefined>, predicate: (value: string) => boolean): string | null {
for (const candidate of candidates) {
if (!candidate) continue
if (predicate(candidate)) {
return candidate
}
}
return null
}
export function getPackagedDistDir(): string {
return path.dirname(process.execPath)
}
export function resolveServerPackageRoot(importMetaUrl: string): string {
const moduleDir = safeModuleDir(importMetaUrl)
const configuredRoot = process.env.CODENOMAD_SERVER_ROOT?.trim()
const candidates = [
configuredRoot ? path.resolve(configuredRoot) : null,
moduleDir ? path.resolve(moduleDir, "..") : null,
path.resolve(getPackagedDistDir(), ".."),
]
return (
firstExistingPath(candidates, (value) => fs.existsSync(path.join(value, "package.json"))) ??
candidates.find((value): value is string => Boolean(value)) ??
process.cwd()
)
}
export function resolveServerPublicDir(importMetaUrl: string): string {
const moduleDir = safeModuleDir(importMetaUrl)
const candidates = [moduleDir ? path.resolve(moduleDir, "../public") : null, path.join(resolveServerPackageRoot(importMetaUrl), "public")]
return firstExistingPath(candidates, (value) => fs.existsSync(value)) ?? candidates[candidates.length - 1]!
}
export function resolveAuthTemplatePath(importMetaUrl: string, fileName: string): string {
const moduleDir = safeModuleDir(importMetaUrl)
const distDir = getPackagedDistDir()
const candidates = [
moduleDir ? path.join(moduleDir, "auth-pages", fileName) : null,
path.join(distDir, "auth-pages", fileName),
path.join(distDir, "server", "routes", "auth-pages", fileName),
]
return firstExistingPath(candidates, (value) => fs.existsSync(value)) ?? candidates[0]!
}
export function resolveOpencodeTemplateDir(importMetaUrl: string): string {
const moduleDir = safeModuleDir(importMetaUrl)
const resourcesPath = (process as NodeJS.Process & { resourcesPath?: string }).resourcesPath
const candidates = [
moduleDir ? path.resolve(moduleDir, "../../opencode-config") : null,
resourcesPath ? path.resolve(resourcesPath, "opencode-config") : null,
moduleDir ? path.resolve(moduleDir, "opencode-config") : null,
path.join(getPackagedDistDir(), "opencode-config"),
]
return firstExistingPath(candidates, (value) => fs.existsSync(value)) ?? candidates[candidates.length - 1]!
}
export function readServerPackageVersion(importMetaUrl: string): string {
const packageJsonPath = path.join(resolveServerPackageRoot(importMetaUrl), "package.json")
const parsed = JSON.parse(fs.readFileSync(packageJsonPath, "utf-8")) as { version?: unknown }
return typeof parsed.version === "string" && parsed.version.trim().length > 0 ? parsed.version : "0.0.0"
}

172
packages/server/src/server/http-server.ts
View File

@@ -5,8 +5,6 @@ import replyFrom from "@fastify/reply-from"
import fs from "fs"
import { connect as connectTcp, type Socket } from "net"
import path from "path"
import { Readable } from "stream"
import { pipeline } from "stream/promises"
import { connect as connectTls, type TLSSocket } from "tls"
import { fetch } from "undici"
import type { Logger } from "../logger"
@@ -628,57 +626,57 @@ async function proxyWorkspaceRequest(args: {
logger.trace({ workspaceId, targetUrl, body: request.body }, "Instance proxy payload")
}
const headers = buildWorkspaceInstanceProxyHeaders(request.headers, instanceAuthHeader, directory)
return reply.from(targetUrl, {
rewriteRequestHeaders: (_originalRequest, headers) => {
if (instanceAuthHeader) {
headers.authorization = instanceAuthHeader
}
if (logger.isLevelEnabled("trace")) {
logger.trace(
{
workspaceId,
method: request.method,
targetUrl,
worktreeSlug,
directory,
contentType: request.headers["content-type"],
body: bodyToJson(request.body),
headers: redactProxyHeadersForLogs(headers),
},
"Proxy -> OpenCode request",
)
}
// OpenCode expects the *full* path; we send it via header to avoid query tampering.
const isNonASCII = /[^\x00-\x7F]/.test(directory)
const encodedDirectory = isNonASCII ? encodeURIComponent(directory) : directory
const init: any = {
method: request.method,
headers,
redirect: "manual",
}
// Overwrite any client-provided value (case-insensitive headers are normalized by Node).
;(headers as Record<string, unknown>)["x-opencode-directory"] = encodedDirectory
if (request.method !== "GET" && request.method !== "HEAD") {
const body = toProxyRequestBody(request.body)
if (body !== undefined) {
init.body = body
init.duplex = "half"
}
}
if (logger.isLevelEnabled("trace")) {
const outgoing: Record<string, unknown> = {}
for (const [key, value] of Object.entries(headers as Record<string, unknown>)) {
outgoing[key] = value
}
try {
const response = await fetch(targetUrl, init)
reply.code(response.status)
applyInstanceProxyResponseHeaders(reply, response)
// Redact sensitive headers.
for (const key of Object.keys(outgoing)) {
const lower = key.toLowerCase()
if (lower === "authorization" || lower === "cookie" || lower === "set-cookie") {
outgoing[key] = "<redacted>"
}
}
if (!response.body || request.method === "HEAD") {
reply.send()
return
}
logger.trace(
{
workspaceId,
method: request.method,
targetUrl,
worktreeSlug,
directory,
contentType: request.headers["content-type"],
body: bodyToJson(request.body),
headers: outgoing,
},
"Proxy -> OpenCode request",
)
}
reply.hijack()
reply.raw.writeHead(reply.statusCode, toOutgoingHeaders(reply.getHeaders()))
await pipeline(Readable.fromWeb(response.body as any), reply.raw)
} catch (error) {
logger.error({ err: error, workspaceId, targetUrl }, "Failed to proxy workspace request")
if (!reply.sent) {
reply.code(502).send({ error: "Workspace instance proxy failed" })
}
}
return headers
},
onError: (proxyReply, { error }) => {
logger.error({ err: error, workspaceId, targetUrl }, "Failed to proxy workspace request")
if (!proxyReply.sent) {
proxyReply.code(502).send({ error: "Workspace instance proxy failed" })
}
},
})
}
function extractOpencodeDirectoryOverride(pathSuffix: string | undefined): {
@@ -869,90 +867,12 @@ function isApiRequest(rawUrl: string | null | undefined) {
function buildProxyHeaders(headers: FastifyRequest["headers"]): Record<string, string> {
const result: Record<string, string> = {}
for (const [key, value] of Object.entries(headers ?? {})) {
const lower = key.toLowerCase()
if (!value || lower === "host" || isHopByHopHeader(lower)) continue
if (!value || key.toLowerCase() === "host") continue
result[key] = Array.isArray(value) ? value.join(",") : value
}
return result
}
function toProxyRequestBody(body: unknown): any {
if (body == null) {
return undefined
}
if (typeof (body as { pipe?: unknown }).pipe === "function") {
return body
}
if (typeof (body as { [Symbol.asyncIterator]?: unknown })[Symbol.asyncIterator] === "function") {
return body
}
if (Buffer.isBuffer(body) || typeof body === "string" || body instanceof Uint8Array) {
return body
}
return JSON.stringify(body)
}
function buildWorkspaceInstanceProxyHeaders(
headers: FastifyRequest["headers"],
instanceAuthHeader: string | undefined,
directory: string,
): Record<string, string> {
const next = buildProxyHeaders(headers)
if (instanceAuthHeader) {
next.authorization = instanceAuthHeader
}
const isNonASCII = /[^\x00-\x7F]/.test(directory)
next["x-opencode-directory"] = isNonASCII ? encodeURIComponent(directory) : directory
return next
}
function redactProxyHeadersForLogs(headers: Record<string, string>): Record<string, string> {
const outgoing = { ...headers }
for (const key of Object.keys(outgoing)) {
const lower = key.toLowerCase()
if (lower === "authorization" || lower === "cookie" || lower === "set-cookie") {
outgoing[key] = "<redacted>"
}
}
return outgoing
}
function applyInstanceProxyResponseHeaders(reply: FastifyReply, response: any) {
response.headers.forEach((value: string, key: string) => {
const lower = key.toLowerCase()
if (isHopByHopHeader(lower) || lower === "content-length" || lower === "content-encoding") {
return
}
reply.header(key, value)
})
}
function toOutgoingHeaders(headers: ReturnType<FastifyReply["getHeaders"]>): Record<string, string | string[]> {
const next: Record<string, string | string[]> = {}
for (const [key, value] of Object.entries(headers)) {
if (value === undefined) {
continue
}
next[key] = Array.isArray(value) ? value.map(String) : String(value)
}
return next
}
function isHopByHopHeader(name: string): boolean {
return new Set([
"connection",
"keep-alive",
"proxy-authenticate",
"proxy-authorization",
"te",
"trailer",
"transfer-encoding",
"upgrade",
]).has(name)
}
async function proxySideCarRequest(args: {
request: FastifyRequest
reply: FastifyReply

13
packages/server/src/server/routes/auth.ts
View File

@@ -3,7 +3,6 @@ import fs from "fs"
import { z } from "zod"
import type { AuthManager } from "../../auth/manager"
import { isLoopbackAddress } from "../../auth/http-auth"
import { resolveAuthTemplatePath } from "../../runtime-paths"
interface RouteDeps {
authManager: AuthManager
@@ -22,21 +21,21 @@ const PasswordSchema = z.object({
password: z.string().min(8),
})
const LOGIN_TEMPLATE_PATH = resolveAuthTemplatePath(import.meta.url, "login.html")
const TOKEN_TEMPLATE_PATH = resolveAuthTemplatePath(import.meta.url, "token.html")
const LOGIN_TEMPLATE_URL = new URL("./auth-pages/login.html", import.meta.url)
const TOKEN_TEMPLATE_URL = new URL("./auth-pages/token.html", import.meta.url)
let cachedLoginTemplate: string | null = null
let cachedTokenTemplate: string | null = null
function readTemplate(filePath: string, cache: string | null): string {
function readTemplate(url: URL, cache: string | null): string {
if (cache) return cache
const content = fs.readFileSync(filePath, "utf-8")
const content = fs.readFileSync(url, "utf-8")
return content
}
function getLoginHtml(defaultUsername: string): string {
if (!cachedLoginTemplate) {
cachedLoginTemplate = readTemplate(LOGIN_TEMPLATE_PATH, null)
cachedLoginTemplate = readTemplate(LOGIN_TEMPLATE_URL, null)
}
const escapedUsername = escapeHtml(defaultUsername)
@@ -45,7 +44,7 @@ function getLoginHtml(defaultUsername: string): string {
function getTokenHtml(): string {
if (!cachedTokenTemplate) {
cachedTokenTemplate = readTemplate(TOKEN_TEMPLATE_PATH, null)
cachedTokenTemplate = readTemplate(TOKEN_TEMPLATE_URL, null)
}
return cachedTokenTemplate

70
packages/server/src/workspaces/manager.ts
View File

@@ -21,70 +21,6 @@ import {
const STARTUP_STABILITY_DELAY_MS = 1500
function defaultShellPath(): string {
const configured = process.env.SHELL?.trim()
if (configured) {
return configured
}
return process.platform === "darwin" ? "/bin/zsh" : "/bin/bash"
}
function shellEscape(input: string): string {
if (!input) return "''"
return `'${input.replace(/'/g, `'\\''`)}'`
}
function wrapCommandForShell(command: string, shellPath: string): string {
const shellName = path.basename(shellPath).toLowerCase()
if (shellName.includes("bash")) {
return `if [ -f ~/.bashrc ]; then source ~/.bashrc >/dev/null 2>&1; fi; ${command}`
}
if (shellName.includes("zsh")) {
return `if [ -f ~/.zshrc ]; then source ~/.zshrc >/dev/null 2>&1; fi; ${command}`
}
return command
}
function buildShellArgs(shellPath: string, command: string): string[] {
const shellName = path.basename(shellPath).toLowerCase()
if (shellName.includes("zsh")) {
return ["-l", "-i", "-c", command]
}
return ["-l", "-c", command]
}
function resolveBinaryPathFromUserShell(identifier: string): string | null {
if (process.platform === "win32") {
return null
}
const shellPath = defaultShellPath()
const lookupCommand = wrapCommandForShell(`command -v ${shellEscape(identifier)}`, shellPath)
const result = spawnSync(shellPath, buildShellArgs(shellPath, lookupCommand), {
encoding: "utf8",
env: {
...process.env,
npm_config_prefix: undefined,
NPM_CONFIG_PREFIX: undefined,
},
})
if (result.status !== 0) {
return null
}
const resolved = String(result.stdout ?? "")
.split(/\r?\n/)
.map((line) => line.trim())
.find((line) => line.length > 0)
return resolved ?? null
}
interface WorkspaceManagerOptions {
rootDir: string
settings: SettingsService
@@ -330,12 +266,6 @@ export class WorkspaceManager {
this.options.logger.warn({ identifier, err: error }, "Failed to resolve binary path from system PATH")
}
const shellResolved = resolveBinaryPathFromUserShell(identifier)
if (shellResolved) {
this.options.logger.debug({ identifier, resolved: shellResolved }, "Resolved binary path from user shell")
return shellResolved
}
return identifier
}

109
packages/tauri-app/Cargo.lock generated
View File

@@ -47,6 +47,15 @@ version = "1.0.102"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
[[package]]
name = "arbitrary"
version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "c3d036a3c4ab069c7b410a2ce876bd74808d2d0888a82667669f8e783a898bf1"
dependencies = [
"derive_arbitrary",
]
[[package]]
name = "async-broadcast"
version = "0.7.2"
@@ -502,6 +511,7 @@ dependencies = [
"anyhow",
"base64 0.22.1",
"dirs 5.0.1",
"flate2",
"keepawake",
"libc",
"parking_lot",
@@ -511,6 +521,8 @@ dependencies = [
"serde",
"serde_json",
"serde_yaml",
"sha2",
"tar",
"tauri",
"tauri-build",
"tauri-plugin-dialog",
@@ -521,6 +533,7 @@ dependencies = [
"webkit2gtk",
"which",
"windows-sys 0.59.0",
"zip",
]
[[package]]
@@ -770,6 +783,17 @@ dependencies = [
"serde_core",
]
[[package]]
name = "derive_arbitrary"
version = "1.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1e567bd82dcff979e4b03460c307b3cdc9e96fde3d73bed1496d2bc75d9dd62a"
dependencies = [
"proc-macro2",
"quote",
"syn 2.0.117",
]
[[package]]
name = "derive_builder"
version = "0.20.2"
@@ -1119,6 +1143,17 @@ dependencies = [
"rustc_version",
]
[[package]]
name = "filetime"
version = "0.2.27"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f98844151eee8917efc50bd9e8318cb963ae8b297431495d3f758616ea5c57db"
dependencies = [
"cfg-if",
"libc",
"libredox",
]
[[package]]
name = "find-msvc-tools"
version = "0.1.9"
@@ -1212,6 +1247,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
dependencies = [
"futures-core",
"futures-sink",
]
[[package]]
@@ -2228,7 +2264,10 @@ version = "0.1.14"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "1744e39d1d6a9948f4f388969627434e31128196de472883b39f148769bfe30a"
dependencies = [
"bitflags 2.11.0",
"libc",
"plain",
"redox_syscall 0.7.4",
]
[[package]]
@@ -2709,7 +2748,7 @@ checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
dependencies = [
"cfg-if",
"libc",
"redox_syscall",
"redox_syscall 0.5.18",
"smallvec",
"windows-link 0.2.1",
]
@@ -2942,6 +2981,12 @@ version = "0.3.32"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "7edddbd0b52d732b21ad9a5fab5c704c14cd949e5e9a1ec5929a24fded1b904c"
[[package]]
name = "plain"
version = "0.2.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b4596b6d070b27117e987119b4dac604f3c58cfb0b191112e24771b2faeac1a6"
[[package]]
name = "plist"
version = "1.8.0"
@@ -3309,6 +3354,15 @@ dependencies = [
"bitflags 2.11.0",
]
[[package]]
name = "redox_syscall"
version = "0.7.4"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f450ad9c3b1da563fb6948a8e0fb0fb9269711c9c73d9ea1de5058c79c8d643a"
dependencies = [
"bitflags 2.11.0",
]
[[package]]
name = "redox_users"
version = "0.4.6"
@@ -3389,6 +3443,7 @@ dependencies = [
"base64 0.22.1",
"bytes",
"encoding_rs",
"futures-channel",
"futures-core",
"futures-util",
"h2",
@@ -3974,7 +4029,7 @@ dependencies = [
"objc2-foundation",
"objc2-quartz-core",
"raw-window-handle",
"redox_syscall",
"redox_syscall 0.5.18",
"tracing",
"wasm-bindgen",
"web-sys",
@@ -4189,6 +4244,17 @@ dependencies = [
"syn 2.0.117",
]
[[package]]
name = "tar"
version = "0.4.45"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "22692a6476a21fa75fdfc11d452fda482af402c008cdbaf3476414e122040973"
dependencies = [
"filetime",
"libc",
"xattr",
]
[[package]]
name = "target-lexicon"
version = "0.12.16"
@@ -6150,6 +6216,16 @@ version = "0.13.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "ea6fc2961e4ef194dcbfe56bb845534d0dc8098940c7e5c012a258bfec6701bd"
[[package]]
name = "xattr"
version = "1.6.1"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "32e45ad4206f6d2479085147f02bc2ef834ac85886624a23575ae137c8aa8156"
dependencies = [
"libc",
"rustix 1.1.4",
]
[[package]]
name = "xkeysym"
version = "0.2.1"
@@ -6320,12 +6396,41 @@ dependencies = [
"syn 2.0.117",
]
[[package]]
name = "zip"
version = "2.4.2"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "fabe6324e908f85a1c52063ce7aa26b68dcb7eb6dbc83a2d148403c9bc3eba50"
dependencies = [
"arbitrary",
"crc32fast",
"crossbeam-utils",
"displaydoc",
"flate2",
"indexmap 2.13.0",
"memchr",
"thiserror 2.0.18",
"zopfli",
]
[[package]]
name = "zmij"
version = "1.0.21"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
[[package]]
name = "zopfli"
version = "0.8.3"
source = "registry+https://github.com/rust-lang/crates.io-index"
checksum = "f05cd8797d63865425ff89b5c4a48804f35ba0ce8d125800027ad6017d2b5249"
dependencies = [
"bumpalo",
"crc32fast",
"log",
"simd-adler32",
]
[[package]]
name = "zvariant"
version = "5.10.0"

2
packages/tauri-app/package.json
View File

@@ -14,6 +14,6 @@
"build": "tauri build"
},
"devDependencies": {
"@tauri-apps/cli": "^2.10.1"
"@tauri-apps/cli": "^2.9.4"
}
}

53
packages/tauri-app/scripts/prebuild.js
View File

@@ -21,7 +21,6 @@ const serverDevInstallCommand =
const uiDevInstallCommand =
"npm install --workspace @codenomad/ui --include-workspace-root=false --install-strategy=nested --fund=false --audit=false"
const serverPrepareUiCommand = "npm run prepare-ui --workspace @neuralnomads/codenomad"
const serverStandaloneBuildCommand = "npm run build:standalone --workspace @neuralnomads/codenomad"
const envWithRootBin = {
...process.env,
@@ -78,15 +77,6 @@ function ensureServerBuild() {
}
}
function ensureStandaloneServerBuild() {
console.log("[prebuild] building standalone server executable...")
execSync(serverStandaloneBuildCommand, {
cwd: workspaceRoot,
stdio: "inherit",
env: envWithRootBin,
})
}
function ensureUiBuild() {
const loadingHtml = path.join(uiDist, "loading.html")
if (fs.existsSync(loadingHtml)) {
@@ -127,19 +117,15 @@ function ensureServerDevDependencies() {
}
function ensureServerDependencies() {
console.log("[prebuild] pruning server to production dependencies...")
execSync("npm prune --omit=dev --ignore-scripts --workspaces=false --fund=false --audit=false", {
if (fs.existsSync(braceExpansionPath)) {
return
}
console.log("[prebuild] ensuring server production dependencies...")
execSync(serverInstallCommand, {
cwd: serverRoot,
stdio: "inherit",
})
if (!fs.existsSync(braceExpansionPath)) {
console.log("[prebuild] restoring missing server production dependencies...")
execSync(serverInstallCommand, {
cwd: serverRoot,
stdio: "inherit",
})
}
}
function ensureUiDevDependencies() {
@@ -195,11 +181,14 @@ function ensureRollupPlatformBinary() {
function ensureEsbuildPlatformBinary() {
const platformKey = `${process.platform}-${process.arch}`
const platformPackages = {
"linux-x64": "@esbuild/linux-x64",
"linux-arm": "@esbuild/linux-arm",
"linux-arm64": "@esbuild/linux-arm64",
"linux-ia32": "@esbuild/linux-ia32",
"linux-x64": "@esbuild/linux-x64",
"darwin-arm64": "@esbuild/darwin-arm64",
"darwin-x64": "@esbuild/darwin-x64",
"win32-arm64": "@esbuild/win32-arm64",
"win32-ia32": "@esbuild/win32-ia32",
"win32-x64": "@esbuild/win32-x64",
}
@@ -208,26 +197,29 @@ function ensureEsbuildPlatformBinary() {
return
}
const platformPackagePath = path.join(workspaceRoot, "node_modules", ...pkgName.split("/"))
if (fs.existsSync(platformPackagePath)) {
const platformPackageName = pkgName.split("/").pop()
const platformPackagePaths = [
path.join(serverRoot, "node_modules", "@esbuild", platformPackageName),
path.join(workspaceRoot, "node_modules", "@esbuild", platformPackageName),
]
if (platformPackagePaths.some((packagePath) => fs.existsSync(packagePath))) {
return
}
let esbuildVersion = ""
try {
esbuildVersion = require(path.join(workspaceRoot, "node_modules", "esbuild", "package.json")).version
} catch {
for (const baseRoot of [serverRoot, workspaceRoot]) {
try {
esbuildVersion = require(path.join(workspaceRoot, "node_modules", "vite", "node_modules", "esbuild", "package.json")).version
} catch {
// leave version empty; fallback install will use latest compatible
esbuildVersion = require(path.join(baseRoot, "node_modules", "esbuild", "package.json")).version
break
} catch (error) {
// try the next install root; fallback install will use latest compatible
}
}
const packageSpec = esbuildVersion ? `${pkgName}@${esbuildVersion}` : pkgName
console.log("[prebuild] installing esbuild platform binary (optional dep workaround)...")
execSync(`npm install ${packageSpec} --no-save --ignore-scripts --fund=false --audit=false`, {
execSync(`npm install ${packageSpec} --no-save --ignore-scripts --package-lock=false --fund=false --audit=false`, {
cwd: workspaceRoot,
stdio: "inherit",
})
@@ -313,7 +305,6 @@ function copyUiLoadingAssets() {
ensureRollupPlatformBinary()
ensureEsbuildPlatformBinary()
ensureServerBuild()
ensureStandaloneServerBuild()
ensureServerDependencies()
ensureUiBuild()
syncServerUiBundle()

10
packages/tauri-app/src-tauri/Cargo.toml
View File

@@ -5,16 +5,16 @@ edition = "2021"
license = "MIT"
[build-dependencies]
tauri-build = { version = "2.5.6", features = [] }
tauri-build = { version = "2.5.2", features = [] }
[dependencies]
tauri = { version = "2.10.1", features = [ "devtools"] }
tauri = { version = "2.5.2", features = [ "devtools"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
serde_yaml = "0.9"
base64 = "0.22"
rustls = { version = "0.23", features = ["ring"] }
reqwest = { version = "0.12", default-features = false, features = ["http2", "charset", "json", "stream", "rustls-tls"] }
reqwest = { version = "0.12", default-features = false, features = ["blocking", "http2", "charset", "json", "stream", "rustls-tls"] }
regex = "1"
parking_lot = "0.12"
anyhow = "1"
@@ -27,6 +27,10 @@ tauri-plugin-opener = "2"
tauri-plugin-global-shortcut = "2"
url = "2"
tauri-plugin-notification = "2"
flate2 = "1"
sha2 = "0.10"
tar = "0.4"
zip = { version = "2", default-features = false, features = ["deflate"] }
[target.'cfg(windows)'.dependencies]
windows-sys = { version = "0.59", features = ["Win32_Foundation", "Win32_Security_Cryptography", "Win32_UI_Shell", "Win32_Security", "Win32_System_JobObjects"] }

145
packages/tauri-app/src-tauri/src/cli_manager.rs
View File

@@ -1,3 +1,4 @@
use crate::managed_node::ensure_managed_node_binary;
use dirs::home_dir;
use parking_lot::Mutex;
use regex::Regex;
@@ -136,10 +137,6 @@ fn workspace_root() -> Option<PathBuf> {
})
}
fn launch_cwd() -> Option<PathBuf> {
std::env::current_dir().ok()
}
const SESSION_COOKIE_NAME_PREFIX: &str = "codenomad_session";
const CLI_STOP_GRACE_SECS: u64 = 30;
@@ -628,19 +625,16 @@ impl CliProcessManager {
log_line("development mode: will prefer tsx + source if present");
}
let cwd = launch_cwd();
let cwd = workspace_root();
if let Some(ref c) = cwd {
log_line(&format!("using cwd={}", c.display()));
}
let use_user_shell = supports_user_shell();
if resolution.runner == Runner::Tsx
&& !use_user_shell
&& which::which(&resolution.node_binary).is_err()
{
if !use_user_shell && which::which(&resolution.node_binary).is_err() {
return Err(anyhow::anyhow!(
"Node binary '{}' not found. CodeNomad development mode requires Node.js installed on the system, or set NODE_BINARY to a valid runtime path.",
"Node binary '{}' not found. CodeNomad desktop currently requires Node.js installed on the system, or set NODE_BINARY to a valid runtime path.",
resolution.node_binary
));
}
@@ -649,17 +643,13 @@ impl CliProcessManager {
log_line("spawning via user shell");
ShellCommandType::UserShell(build_shell_command_string(&resolution, &args)?)
} else {
log_line(if resolution.runner == Runner::Standalone {
"spawning directly with standalone executable"
log_line(if resolution.runner == Runner::Tsx {
"spawning directly with node + tsx"
} else {
"spawning directly with node"
});
ShellCommandType::Direct(DirectCommand {
program: if resolution.runner == Runner::Standalone {
resolution.entry.clone()
} else {
resolution.node_binary.clone()
},
program: resolution.node_binary.clone(),
args: resolution.runner_args(&args),
})
};
@@ -669,13 +659,11 @@ impl CliProcessManager {
log_line(&format!("spawn command: {} {:?}", cmd.shell, cmd.args));
let mut c = Command::new(&cmd.shell);
c.args(&cmd.args)
.env("ELECTRON_RUN_AS_NODE", "1")
.env_remove("npm_config_prefix")
.env_remove("NPM_CONFIG_PREFIX")
.stdout(Stdio::piped())
.stderr(Stdio::piped());
if resolution.runner != Runner::Standalone {
c.env("ELECTRON_RUN_AS_NODE", "1");
}
configure_spawn(&mut c);
if let Some(ref cwd) = cwd {
c.current_dir(cwd);
@@ -688,11 +676,9 @@ impl CliProcessManager {
log_line(&format!("spawn command: {} {:?}", cmd.program, cmd.args));
let mut c = Command::new(&cmd.program);
c.args(&cmd.args)
.env("ELECTRON_RUN_AS_NODE", "1")
.stdout(Stdio::piped())
.stderr(Stdio::piped());
if resolution.runner != Runner::Standalone {
c.env("ELECTRON_RUN_AS_NODE", "1");
}
configure_spawn(&mut c);
if let Some(ref cwd) = cwd {
c.current_dir(cwd);
@@ -943,7 +929,7 @@ impl CliProcessManager {
let mut locked = status.lock();
if locked.error.is_none() {
locked.error = Some(format!(
"Node binary '{}' not found in the desktop shell environment. CodeNomad development mode requires Node.js installed on the system, or set NODE_BINARY to a valid runtime path.",
"Node binary '{}' not found in the desktop shell environment. CodeNomad desktop currently requires Node.js installed on the system, or set NODE_BINARY to a valid runtime path.",
node_binary.trim()
));
}
@@ -1062,19 +1048,19 @@ struct CliEntry {
runner: Runner,
runner_path: Option<String>,
node_binary: String,
node_args: Vec<String>,
}
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
enum Runner {
Standalone,
Node,
Tsx,
}
impl CliEntry {
fn resolve(app: &AppHandle, dev: bool) -> anyhow::Result<Self> {
let node_binary = std::env::var("NODE_BINARY").unwrap_or_else(|_| "node".to_string());
if dev {
let node_binary = std::env::var("NODE_BINARY").unwrap_or_else(|_| "node".to_string());
if let Some(tsx_path) = resolve_tsx(app) {
if let Some(entry) = resolve_dev_entry(app) {
return Ok(Self {
@@ -1082,22 +1068,24 @@ impl CliEntry {
runner: Runner::Tsx,
runner_path: Some(tsx_path),
node_binary,
node_args: Vec::new(),
});
}
}
}
if let Some(entry) = resolve_standalone_entry(app) {
if let Some(entry) = resolve_prod_entry(app) {
return Ok(Self {
entry,
runner: Runner::Standalone,
runner: Runner::Node,
runner_path: None,
node_binary: String::new(),
node_binary: ensure_managed_node_binary(app)?,
node_args: vec!["--experimental-specifier-resolution=node".to_string()],
});
}
Err(anyhow::anyhow!(
"Unable to locate the packaged CodeNomad standalone server. Please rebuild the desktop bundle."
"Unable to locate the packaged CodeNomad server entrypoint (dist/bin.js). Please rebuild the desktop bundle."
))
}
@@ -1151,11 +1139,10 @@ impl CliEntry {
}
fn runner_args(&self, cli_args: &[String]) -> Vec<String> {
if self.runner == Runner::Standalone {
return cli_args.to_vec();
}
let mut args = VecDeque::new();
for arg in &self.node_args {
args.push_back(arg.clone());
}
if self.runner == Runner::Tsx {
if let Some(path) = &self.runner_path {
args.push_back(path.clone());
@@ -1227,37 +1214,24 @@ fn resolve_dev_entry(_app: &AppHandle) -> Option<String> {
first_existing(candidates)
}
fn resolve_standalone_entry(_app: &AppHandle) -> Option<String> {
let executable_name = if cfg!(windows) {
"codenomad-server.exe"
} else {
"codenomad-server"
};
fn resolve_prod_entry(_app: &AppHandle) -> Option<String> {
let base = workspace_root();
let mut candidates = vec![base
.as_ref()
.map(|p| p.join("packages/server/dist").join(executable_name))];
.map(|p| p.join("packages/server/dist/bin.js"))];
if let Ok(exe) = std::env::current_exe() {
if let Some(dir) = exe.parent() {
candidates.push(Some(
dir.join("resources/server/dist").join(executable_name),
));
candidates.push(Some(dir.join("resources/server/dist/bin.js")));
let resources = dir.join("../Resources");
candidates.push(Some(resources.join("server/dist").join(executable_name)));
candidates.push(Some(
resources
.join("resources/server/dist")
.join(executable_name),
));
candidates.push(Some(resources.join("server/dist/bin.js")));
candidates.push(Some(resources.join("resources/server/dist/bin.js")));
let linux_resource_roots = [dir.join("../lib/CodeNomad"), dir.join("../lib/codenomad")];
for root in linux_resource_roots {
candidates.push(Some(root.join("server/dist").join(executable_name)));
candidates.push(Some(
root.join("resources/server/dist").join(executable_name),
));
candidates.push(Some(root.join("server/dist/bin.js")));
candidates.push(Some(root.join("resources/server/dist/bin.js")));
}
}
}
@@ -1271,31 +1245,37 @@ fn build_shell_command_string(
) -> anyhow::Result<ShellCommand> {
let shell = default_shell();
let mut quoted: Vec<String> = Vec::new();
let command = if entry.runner == Runner::Standalone {
quoted.push(shell_escape(&entry.entry));
for arg in cli_args {
quoted.push(shell_escape(arg));
}
format!("exec {}", quoted.join(" "))
} else {
quoted.push(shell_escape(&entry.node_binary));
for arg in entry.runner_args(cli_args) {
quoted.push(shell_escape(&arg));
}
format!(
"if command -v {} >/dev/null 2>&1; then ELECTRON_RUN_AS_NODE=1 exec {}; else printf '%s%s\\n' '{}' {} >&2; exit 127; fi",
shell_escape(&entry.node_binary),
quoted.join(" "),
MISSING_NODE_PREFIX,
shell_escape(&entry.node_binary),
)
};
quoted.push(shell_escape(&entry.node_binary));
for arg in entry.runner_args(cli_args) {
quoted.push(shell_escape(&arg));
}
let command = format!(
"if [ -x {} ] || command -v {} >/dev/null 2>&1; then ELECTRON_RUN_AS_NODE=1 exec {}; else printf '%s%s\\n' '{}' {}; exit 127; fi",
shell_escape(&entry.node_binary),
shell_escape(&entry.node_binary),
quoted.join(" "),
MISSING_NODE_PREFIX,
shell_escape(&entry.node_binary),
);
let wrapped_command = wrap_command_for_shell(&command, &shell);
let args = build_shell_args(&shell, &wrapped_command);
log_line(&format!("user shell command: {} {:?}", shell, args));
Ok(ShellCommand { shell, args })
}
fn default_shell() -> String {
if let Ok(shell) = std::env::var("SHELL") {
if !shell.trim().is_empty() {
return shell;
}
}
if cfg!(target_os = "macos") {
"/bin/zsh".to_string()
} else {
"/bin/bash".to_string()
}
}
fn wrap_command_for_shell(command: &str, shell: &str) -> String {
let shell_name = std::path::Path::new(shell)
.file_name()
@@ -1320,19 +1300,6 @@ fn wrap_command_for_shell(command: &str, shell: &str) -> String {
command.to_string()
}
fn default_shell() -> String {
if let Ok(shell) = std::env::var("SHELL") {
if !shell.trim().is_empty() {
return shell;
}
}
if cfg!(target_os = "macos") {
"/bin/zsh".to_string()
} else {
"/bin/bash".to_string()
}
}
fn shell_escape(input: &str) -> String {
if input.is_empty() {
"''".to_string()
@@ -1354,8 +1321,8 @@ fn build_shell_args(shell: &str, command: &str) -> Vec<String> {
.unwrap_or("")
.to_lowercase();
if shell_name.contains("zsh") {
vec!["-l".into(), "-i".into(), "-c".into(), command.into()]
if shell_name.contains("zsh") || shell_name.contains("bash") {
vec!["-i".into(), "-l".into(), "-c".into(), command.into()]
} else {
vec!["-l".into(), "-c".into(), command.into()]
}

1
packages/tauri-app/src-tauri/src/main.rs
View File

@@ -3,6 +3,7 @@
#[allow(dead_code)]
mod cert_manager;
mod cli_manager;
mod managed_node;
#[cfg(target_os = "linux")]
mod linux_tls;

299
packages/tauri-app/src-tauri/src/managed_node.rs Normal file
View File

@@ -0,0 +1,299 @@
use anyhow::anyhow;
use dirs::home_dir;
use flate2::read::GzDecoder;
use reqwest::blocking::Client;
use sha2::{Digest, Sha256};
use std::fs::{self, File};
use std::io::{self, Read};
#[cfg(unix)]
use std::os::unix::fs::PermissionsExt;
use std::path::{Path, PathBuf};
use std::thread;
use std::time::{SystemTime, UNIX_EPOCH};
use tar::Archive;
use tauri::{AppHandle, Runtime};
use tauri_plugin_dialog::{DialogExt, MessageDialogButtons, MessageDialogKind};
use zip::ZipArchive;
const MANAGED_NODE_VERSION: &str = "v22.22.2";
struct NodeArtifactSpec {
archive_name: &'static str,
archive_root: &'static str,
binary_relative_path: &'static str,
}
pub fn ensure_managed_node_binary<R: Runtime>(app: &AppHandle<R>) -> anyhow::Result<String> {
let runtime_root = managed_node_root()?;
let spec = artifact_spec()?;
let binary_path = runtime_root.join(spec.binary_relative_path);
if binary_path.is_file() {
return Ok(binary_path.to_string_lossy().into_owned());
}
if !prompt_to_download(app) {
return Err(anyhow!(
"CodeNomad requires the managed Node.js runtime to start. Download was cancelled."
));
}
install_managed_node_runtime(&runtime_root, &spec)?;
if !binary_path.is_file() {
return Err(anyhow!(
"Managed Node binary missing after installation: {}",
binary_path.display()
));
}
#[cfg(unix)]
{
let mut permissions = fs::metadata(&binary_path)?.permissions();
permissions.set_mode(0o755);
fs::set_permissions(&binary_path, permissions)?;
}
Ok(binary_path.to_string_lossy().into_owned())
}
fn prompt_to_download<R: Runtime>(app: &AppHandle<R>) -> bool {
let app = app.clone();
thread::spawn(move || {
app.dialog()
.message(format!(
"CodeNomad needs its managed Node.js runtime to start the server. Download {} for {}-{} into ~/.config/codenomad?",
MANAGED_NODE_VERSION,
platform_label(),
rust_arch_label().unwrap_or("unknown")
))
.title("Download Node Runtime")
.buttons(MessageDialogButtons::OkCancelCustom(
"Download".into(),
"Cancel".into(),
))
.kind(MessageDialogKind::Info)
.blocking_show()
})
.join()
.unwrap_or(false)
}
fn managed_node_root() -> anyhow::Result<PathBuf> {
Ok(config_dir()?.join("node").join(MANAGED_NODE_VERSION).join(platform_dir_name()?))
}
fn config_dir() -> anyhow::Result<PathBuf> {
let home = home_dir().ok_or_else(|| anyhow!("Unable to resolve the user home directory."))?;
Ok(home.join(".config").join("codenomad"))
}
fn platform_dir_name() -> anyhow::Result<String> {
Ok(format!("{}-{}", platform_label(), rust_arch_label()?))
}
fn platform_label() -> &'static str {
match std::env::consts::OS {
"macos" => "darwin",
"windows" => "win32",
other => other,
}
}
fn rust_arch_label() -> anyhow::Result<&'static str> {
match std::env::consts::ARCH {
"x86_64" => Ok("x64"),
"aarch64" => Ok("arm64"),
other => Err(anyhow!("Managed Node runtime is not supported on architecture '{other}'.")),
}
}
fn artifact_spec() -> anyhow::Result<NodeArtifactSpec> {
let arch = rust_arch_label()?;
match (std::env::consts::OS, arch) {
("macos", "x64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-darwin-x64.tar.gz",
archive_root: "node-v22.22.2-darwin-x64",
binary_relative_path: "bin/node",
}),
("macos", "arm64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-darwin-arm64.tar.gz",
archive_root: "node-v22.22.2-darwin-arm64",
binary_relative_path: "bin/node",
}),
("linux", "x64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-linux-x64.tar.gz",
archive_root: "node-v22.22.2-linux-x64",
binary_relative_path: "bin/node",
}),
("linux", "arm64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-linux-arm64.tar.gz",
archive_root: "node-v22.22.2-linux-arm64",
binary_relative_path: "bin/node",
}),
("windows", "x64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-win-x64.zip",
archive_root: "node-v22.22.2-win-x64",
binary_relative_path: "node.exe",
}),
("windows", "arm64") => Ok(NodeArtifactSpec {
archive_name: "node-v22.22.2-win-arm64.zip",
archive_root: "node-v22.22.2-win-arm64",
binary_relative_path: "node.exe",
}),
(os, arch) => Err(anyhow!("Managed Node runtime is not supported on {os}-{arch}.")),
}
}
fn install_managed_node_runtime(runtime_root: &Path, spec: &NodeArtifactSpec) -> anyhow::Result<()> {
let runtime_parent = runtime_root
.parent()
.ok_or_else(|| anyhow!("Managed Node runtime path is invalid."))?;
fs::create_dir_all(runtime_parent)?;
let temp_root = runtime_parent.join(format!(
".download-{}-{}",
std::process::id(),
SystemTime::now()
.duration_since(UNIX_EPOCH)
.map(|duration| duration.as_millis())
.unwrap_or(0)
));
if temp_root.exists() {
fs::remove_dir_all(&temp_root).ok();
}
fs::create_dir_all(&temp_root)?;
let archive_path = temp_root.join(spec.archive_name);
let extract_root = temp_root.join("extract");
fs::create_dir_all(&extract_root)?;
let result = (|| {
let expected_sha = fetch_expected_sha(spec.archive_name)?;
download_file(spec.archive_name, &archive_path)?;
let actual_sha = sha256_file(&archive_path)?;
if actual_sha != expected_sha {
return Err(anyhow!("Checksum mismatch for {}.", spec.archive_name));
}
extract_archive(&archive_path, &extract_root)?;
let extracted_root = extract_root.join(spec.archive_root);
let extracted_binary = extracted_root.join(spec.binary_relative_path);
if !extracted_binary.is_file() {
return Err(anyhow!(
"Managed Node binary missing after extraction: {}",
extracted_binary.display()
));
}
if runtime_root.exists() {
fs::remove_dir_all(runtime_root)?;
}
fs::rename(&extracted_root, runtime_root)?;
Ok(())
})();
fs::remove_dir_all(&temp_root).ok();
result
}
fn fetch_expected_sha(archive_name: &str) -> anyhow::Result<String> {
let url = format!("https://nodejs.org/dist/{MANAGED_NODE_VERSION}/SHASUMS256.txt");
let response = Client::builder()
.build()?
.get(url)
.send()?
.error_for_status()?;
let body = response.text()?;
for line in body.lines() {
let trimmed = line.trim();
if trimmed.is_empty() {
continue;
}
let mut parts = trimmed.split_whitespace();
let checksum = parts.next();
let file_name = parts.next();
if let (Some(checksum), Some(file_name)) = (checksum, file_name) {
if file_name == archive_name {
return Ok(checksum.to_string());
}
}
}
Err(anyhow!("Unable to find checksum for {archive_name}."))
}
fn download_file(archive_name: &str, destination: &Path) -> anyhow::Result<()> {
let url = format!("https://nodejs.org/dist/{MANAGED_NODE_VERSION}/{archive_name}");
let mut response = Client::builder()
.build()?
.get(url)
.send()?
.error_for_status()?;
let mut output = File::create(destination)?;
io::copy(&mut response, &mut output)?;
Ok(())
}
fn sha256_file(path: &Path) -> anyhow::Result<String> {
let mut file = File::open(path)?;
let mut hasher = Sha256::new();
let mut buffer = [0_u8; 8192];
loop {
let read = file.read(&mut buffer)?;
if read == 0 {
break;
}
hasher.update(&buffer[..read]);
}
Ok(format!("{:x}", hasher.finalize()))
}
fn extract_archive(archive_path: &Path, destination: &Path) -> anyhow::Result<()> {
if archive_path.extension().and_then(|value| value.to_str()) == Some("zip") {
extract_zip(archive_path, destination)
} else {
extract_tar_gz(archive_path, destination)
}
}
fn extract_tar_gz(archive_path: &Path, destination: &Path) -> anyhow::Result<()> {
let file = File::open(archive_path)?;
let decoder = GzDecoder::new(file);
let mut archive = Archive::new(decoder);
archive.unpack(destination)?;
Ok(())
}
fn extract_zip(archive_path: &Path, destination: &Path) -> anyhow::Result<()> {
let file = File::open(archive_path)?;
let mut archive = ZipArchive::new(file)?;
for index in 0..archive.len() {
let mut entry = archive.by_index(index)?;
let relative_path = entry
.enclosed_name()
.map(|path| path.to_path_buf())
.ok_or_else(|| anyhow!("Zip archive contains an invalid path."))?;
let output_path = destination.join(relative_path);
if entry.is_dir() {
fs::create_dir_all(&output_path)?;
continue;
}
if let Some(parent) = output_path.parent() {
fs::create_dir_all(parent)?;
}
let mut output = File::create(&output_path)?;
io::copy(&mut entry, &mut output)?;
}
Ok(())
}

5
packages/tauri-app/src-tauri/tauri.conf.json
View File

@@ -43,6 +43,11 @@
"bundle": {
"active": true,
"linux": {
"appimage": {
"files": {
"/usr/share/applications/ai.neuralnomads.codenomad.client.desktop": "icons/linux/ai.neuralnomads.codenomad.client.desktop"
}
},
"deb": {
"files": {
"/usr/share/applications/ai.neuralnomads.codenomad.client.desktop": "icons/linux/ai.neuralnomads.codenomad.client.desktop",