Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
58 commits
Select commit Hold shift + click to select a range
c2ac3f5
feat(web): add announcement homepage
icanvardar Apr 3, 2026
47b3f90
feat(web): add Cloudflare deployment config
icanvardar Apr 3, 2026
770874b
chore(tooling): migrate workspace to oxlint and oxfmt
icanvardar May 2, 2026
afb59f2
feat(core): add cli runtime and shared terminal packages
icanvardar May 2, 2026
fd0d5aa
chore(tsconfig): add shared bundler preset
icanvardar May 2, 2026
a6a6a6d
docs(roadmap): add backend blueprint and phase tracking
icanvardar May 2, 2026
2111c2e
docs(docs): migrate docs app to mintlify introduction scaffold
icanvardar May 2, 2026
2524112
fix(cli): avoid failing turbo dev by using explicit host dev command
icanvardar May 2, 2026
af8ea3a
feat(backend): add convex backend foundation with middleware and autu…
icanvardar May 3, 2026
8ee539f
ci: add turbo lint and format check workflow
icanvardar May 3, 2026
64898dc
feat(backend): add better-auth device authorization flow
icanvardar May 3, 2026
30de715
refactor(backend): simplify better-auth static options wiring
icanvardar May 3, 2026
917dff3
feat(cli): add device auth login, whoami, and logout commands
icanvardar May 3, 2026
ef9d26c
feat(session): add backend lifecycle, attach auth, and stale cleanup
icanvardar May 3, 2026
ce105d1
feat(relay): add authenticated relay transport and lifecycle hardening
icanvardar May 3, 2026
31d6198
docs(relay): add deployment and setup runbooks before mobile phase
icanvardar May 3, 2026
e7d058b
chore(env): add environment templates and refresh generated backend b…
icanvardar May 3, 2026
ea3c46f
chore(cli): format readme
icanvardar May 3, 2026
7233c7e
chore(relay): decouple runtime deps and align Fly config
icanvardar May 5, 2026
c54e203
refactor(env): standardize runtime mode on NODE_ENV
icanvardar May 5, 2026
d29b48b
feat(auth): wire better-auth web approval flow end to end
icanvardar May 5, 2026
7e63bb7
feat(relay): enforce share entitlement and harden Fly deploy path
icanvardar May 14, 2026
bfe31d8
feat(onboarding): add backend state model and web onboarding flow
icanvardar May 14, 2026
4fca3e0
feat(cli): enable default shell-host HUD with explicit opt-out
icanvardar May 14, 2026
1f3de27
ci(release): add CLI release pipeline and shared Homebrew sync
icanvardar May 14, 2026
a11b062
docs(onboarding): restructure Mintlify docs for launch and support
icanvardar May 14, 2026
f4450de
Merge branch 'feat/foundation-onboarding-release' into dev
icanvardar May 14, 2026
7dd6ff7
feat(web): switch landing flow to horizontal section narrative
icanvardar May 14, 2026
24e0930
ci(relay): add dry-run release validation and relay operations runbook
icanvardar May 14, 2026
730dbb8
docs(mobile): add integration contract and wire navigation
icanvardar May 14, 2026
ffca72a
test(cli): add host-attach e2e and update ci full lane
icanvardar Jun 19, 2026
621ca0d
feat(web): add hero video landing with copyable install
icanvardar Jun 19, 2026
3ccb051
chore(mobile): add wrapper-mobile submodule at apps/mobile
icanvardar Jun 19, 2026
f5b1889
style(logger): align readme behaviour table
icanvardar Jun 19, 2026
8eb109a
fix(ci): use grep instead of rg in release dry-run verify
icanvardar Jun 19, 2026
690034a
fix(terminal): load libc across linux glibc and musl
icanvardar Jun 19, 2026
ddeae42
fix(ci): match archive paths with leading ./ in dry-run verify
icanvardar Jun 19, 2026
575e949
chore: harden launch readiness gates
cursoragent Jun 19, 2026
50bb156
ci: skip convex dry run without deploy key
cursoragent Jun 19, 2026
f059413
fix(relay): buffer pre-auth frames to prevent socket close race
icanvardar Jun 19, 2026
8d37cb4
fix(cli): handle pty spawn failure without hanging shell-host
icanvardar Jun 19, 2026
8d219bf
fix(backend): avoid known default better-auth secret outside dev
icanvardar Jun 19, 2026
9ad6927
feat(backend): rate-limit unauthenticated device-auth endpoints
icanvardar Jun 19, 2026
9af72a0
fix(cli): verify release archive checksum during install
icanvardar Jun 19, 2026
f5fb843
test(relay): guard protocol copy against repo protocol drift
icanvardar Jun 19, 2026
dec34e7
chore(backend): refresh generated convex bindings and widen fmt ignore
icanvardar Jun 19, 2026
b1f1fbd
Merge remote-tracking branch 'origin/dev' into fix/security-correctne…
icanvardar Jun 19, 2026
3521fa7
chore(backend): regenerate convex bindings after dev merge
icanvardar Jun 19, 2026
bee317e
Merge pull request #2 from heycupola/fix/security-correctness-findings
icanvardar Jun 19, 2026
3ad45b8
fix(cli): re-emit prefix byte on armed timeout
icanvardar Jun 19, 2026
a38ae6f
fix(relay): complete attach and close viewers when session ends
icanvardar Jun 19, 2026
13b83b5
fix(cli): authorize port-only attach and lock session registry
icanvardar Jun 19, 2026
fa4c96f
fix(cli): sync shared state before issuing relay ticket
icanvardar Jun 19, 2026
9e19922
fix(cli): install into ~/.wrapper without nested bin dir
icanvardar Jun 19, 2026
33f9a46
fix(logger): default telemetry off until explicit consent
icanvardar Jun 19, 2026
9119303
fix(cli): read cli version from package.json
icanvardar Jun 19, 2026
72a0e29
ci(relay): set explicit concurrency mapping for fly deploy
icanvardar Jun 19, 2026
abd3faf
Merge pull request #3 from heycupola/fix/security-correctness-findings
icanvardar Jun 19, 2026
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions .env.example
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Workspace-level shared defaults
NODE_ENV="development"

# Convex
WRAPPER_CONVEX_URL="https://your-project.convex.cloud"
CONVEX_URL="https://your-project.convex.cloud"

# Web/auth origin
SITE_URL="http://localhost:3000"
WRAPPER_AUTH_ORIGIN="http://localhost:3000"

# Relay
WRAPPER_RELAY_URL="ws://localhost:8080"

# Billing entitlement (backend)
WRAPPER_AUTUMN_RELAY_SHARE_FEATURE_ID="can_share_relay"
94 changes: 94 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
name: CI

on:
pull_request:
push:
branches:
- main
- dev

concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true

jobs:
fast:
name: Fast lane (lint/format/types)
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.5"

- name: Install dependencies
run: bun install --frozen-lockfile --ignore-scripts

- name: Lint
run: bunx turbo run lint

- name: Format check
run: bunx turbo run format:check

- name: Type check
run: bunx turbo run check-types

full:
name: Full lane (unit + e2e + relay smoke)
runs-on: ubuntu-latest
needs: fast

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.5"

- name: Install dependencies
run: bun install --frozen-lockfile --ignore-scripts

- name: Test
run: bunx turbo run test

- name: Web production build
run: bun run --cwd apps/web build
env:
BETTER_AUTH_SECRET: ci-better-auth-secret
ENVIRONMENT: production
NEXT_PUBLIC_CONVEX_URL: https://example.convex.cloud
NEXT_PUBLIC_CONVEX_SITE_URL: https://example.convex.site

- name: Web Cloudflare bundle build
run: bun run --cwd apps/web build:cloudflare
env:
BETTER_AUTH_SECRET: ci-better-auth-secret
ENVIRONMENT: production
NEXT_PUBLIC_CONVEX_URL: https://example.convex.cloud
NEXT_PUBLIC_CONVEX_SITE_URL: https://example.convex.site

- name: Backend deploy dry run
run: |
if [ -z "$CONVEX_DEPLOY_KEY" ]; then
echo "::warning::CONVEX_DEPLOY_KEY is not configured; skipping Convex deploy dry-run."
exit 0
fi
bun run --cwd packages/backend deploy:dry-run
env:
BETTER_AUTH_SECRET: ci-better-auth-secret
CONVEX_DEPLOY_KEY: ${{ secrets.CONVEX_DEPLOY_KEY }}
ENVIRONMENT: production

- name: Relay smoke (local runtime)
run: |
CONVEX_URL="https://example.convex.cloud" bun run --cwd apps/relay start &
RELAY_PID=$!
trap "kill $RELAY_PID" EXIT
sleep 3
RELAY_URL="http://127.0.0.1:8080" bun run --cwd apps/relay smoke
34 changes: 34 additions & 0 deletions .github/workflows/fly-deploy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# See https://fly.io/docs/app-guides/continuous-deployment-with-github-actions/

name: Fly Deploy
on:
push:
branches:
- main
paths:
- "apps/relay/**"
- ".github/workflows/fly-deploy.yml"
workflow_dispatch:
jobs:
deploy:
name: Deploy relay app
runs-on: ubuntu-latest
concurrency:
group: deploy-relay-group
cancel-in-progress: false
env:
FLY_APP_NAME: wrapper-dry-pathway-1935
steps:
- uses: actions/checkout@v4
- uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.5"
- run: bun install --frozen-lockfile --ignore-scripts
- uses: superfly/flyctl-actions/setup-flyctl@master
- run: flyctl deploy --remote-only --config apps/relay/fly.toml --app "$FLY_APP_NAME"
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
- run: |
RELAY_URL="https://${FLY_APP_NAME}.fly.dev" bun run --cwd apps/relay smoke
env:
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }}
34 changes: 34 additions & 0 deletions .github/workflows/lint-format.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Lint and Format

on:
pull_request:
push:
branches:
- main
- dev

concurrency:
group: lint-format-${{ github.ref }}
cancel-in-progress: true

jobs:
lint-format:
runs-on: ubuntu-latest

steps:
- name: Checkout
uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.5"

- name: Install dependencies
run: bun install --frozen-lockfile

- name: Lint
run: bunx turbo run lint

- name: Format check
run: bunx turbo run format:check
161 changes: 161 additions & 0 deletions .github/workflows/release-cli.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,161 @@
name: Release CLI

on:
push:
branches: [main]
paths:
- "apps/cli/**"
- ".github/workflows/release-cli.yml"
- ".github/workflows/update-homebrew-tap.yml"
workflow_dispatch:

jobs:
check-version:
name: Check CLI Version Change
runs-on: ubuntu-latest
outputs:
version-changed: ${{ steps.check.outputs.changed }}
new-version: ${{ steps.check.outputs.version }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2

- name: Check if version changed
id: check
run: |
CURRENT=$(node -p "require('./apps/cli/package.json').version")
echo "version=$CURRENT" >> $GITHUB_OUTPUT

if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
exit 0
fi

git checkout HEAD~1 -- apps/cli/package.json 2>/dev/null || true
PREVIOUS=$(node -p "require('./apps/cli/package.json').version" 2>/dev/null || echo "0.0.0")
git checkout HEAD -- apps/cli/package.json

if [ "$CURRENT" != "$PREVIOUS" ]; then
echo "changed=true" >> $GITHUB_OUTPUT
else
echo "changed=false" >> $GITHUB_OUTPUT
fi

build-cli:
name: Build CLI (${{ matrix.platform }})
needs: check-version
if: needs.check-version.outputs.version-changed == 'true'
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
platform: darwin-arm64
target: bun-darwin-arm64
archive: wrapper-darwin-arm64.tar.gz
helper: wrapper-pty-helper-aarch64-macos-none
- os: macos-latest
platform: darwin-x64
target: bun-darwin-x64
archive: wrapper-darwin-x86_64.tar.gz
helper: wrapper-pty-helper-x86_64-macos-none
- os: ubuntu-latest
platform: linux-x64
target: bun-linux-x64
archive: wrapper-linux-x86_64.tar.gz
helper: wrapper-pty-helper-x86_64-linux-musl
runs-on: ${{ matrix.os }}

steps:
- uses: actions/checkout@v4

- name: Setup Bun
uses: oven-sh/setup-bun@v2
with:
bun-version: "1.3.5"

- name: Install dependencies
run: bun install --frozen-lockfile --ignore-scripts

- name: Build standalone binary
run: |
mkdir -p dist
bun build --compile --target="${{ matrix.target }}" apps/cli/index.ts --outfile dist/wrapper

- name: Package archive
run: |
mkdir -p staging/bin
cp dist/wrapper staging/bin/wrapper
chmod +x staging/bin/wrapper
cp "apps/cli/bin/${{ matrix.helper }}" "staging/bin/${{ matrix.helper }}"
tar -czf "dist/${{ matrix.archive }}" -C staging .

- name: Upload archive artifact
uses: actions/upload-artifact@v4
with:
name: cli-${{ matrix.platform }}
path: dist/${{ matrix.archive }}
if-no-files-found: error

release:
name: Create GitHub Release
needs: [check-version, build-cli]
if: needs.check-version.outputs.version-changed == 'true'
runs-on: ubuntu-latest
permissions:
contents: write
outputs:
sha_darwin_arm64: ${{ steps.shas.outputs.sha_darwin_arm64 }}
sha_darwin_x64: ${{ steps.shas.outputs.sha_darwin_x64 }}
sha_linux_x64: ${{ steps.shas.outputs.sha_linux_x64 }}
env:
VERSION: ${{ needs.check-version.outputs.new-version }}

steps:
- uses: actions/checkout@v4

- name: Download archives
uses: actions/download-artifact@v4
with:
pattern: cli-*
path: dist
merge-multiple: true

- name: Compute checksums
id: shas
run: |
echo "sha_darwin_arm64=$(sha256sum dist/wrapper-darwin-arm64.tar.gz | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
echo "sha_darwin_x64=$(sha256sum dist/wrapper-darwin-x86_64.tar.gz | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"
echo "sha_linux_x64=$(sha256sum dist/wrapper-linux-x86_64.tar.gz | cut -d' ' -f1)" >> "$GITHUB_OUTPUT"

- name: Write checksums file
run: |
cd dist
sha256sum wrapper-darwin-arm64.tar.gz wrapper-darwin-x86_64.tar.gz wrapper-linux-x86_64.tar.gz > checksums.txt
cat checksums.txt

- name: Create or update release
uses: softprops/action-gh-release@v2
with:
tag_name: v${{ env.VERSION }}
name: Wrapper v${{ env.VERSION }}
generate_release_notes: true
files: |
dist/wrapper-darwin-arm64.tar.gz
dist/wrapper-darwin-x86_64.tar.gz
dist/wrapper-linux-x86_64.tar.gz
dist/checksums.txt

update-homebrew:
name: Update Homebrew Tap
needs: [check-version, release]
if: needs.check-version.outputs.version-changed == 'true'
uses: ./.github/workflows/update-homebrew-tap.yml
with:
version: ${{ needs.check-version.outputs.new-version }}
sha_darwin_arm64: ${{ needs.release.outputs.sha_darwin_arm64 }}
sha_darwin_x64: ${{ needs.release.outputs.sha_darwin_x64 }}
sha_linux_x64: ${{ needs.release.outputs.sha_linux_x64 }}
secrets:
HOMEBREW_TAP_TOKEN: ${{ secrets.HOMEBREW_TAP_TOKEN }}
Loading
Loading