* feat: add secure Tailscale Serve integration support
- Add --enable-tailscale-serve flag to bind server to localhost
- Implement Tailscale identity header authentication
- Add security validations for localhost origin and proxy headers
- Create TailscaleServeService to manage tailscale serve process
- Fix dev script to properly pass arguments through pnpm
- Add comprehensive auth middleware tests for all auth methods
- Ensure secure integration with Tailscale's reverse proxy
* refactor: use isFromLocalhostAddress helper for Tailscale auth
- Extract localhost checking logic into dedicated helper function
- Makes the code clearer and addresses review feedback
- Maintains the same security checks for Tailscale authentication
* feat(web): Add Tailscale Serve integration support
- Add TailscaleServeService to manage background tailscale serve process
- Add --enable-tailscale-serve and --use-tailscale-serve flags
- Force localhost binding when Tailscale Serve is enabled
- Enhance auth middleware to support Tailscale identity headers
- Add isFromLocalhostAddress helper for secure localhost validation
- Fix dev script to properly pass CLI arguments through pnpm
- Add comprehensive auth middleware tests (17 tests)
- Use 'tailscale serve reset' for thorough cleanup
The server now automatically manages the Tailscale Serve proxy process,
providing secure HTTPS access through Tailscale networks without manual
configuration.
* feat(mac): Add Tailscale Serve toggle in Remote Access settings
- Add 'Enable Tailscale Serve Integration' toggle in RemoteAccessSettingsView
- Pass --use-tailscale-serve flag from both BunServer and DevServerManager
- Show HTTPS URL when Tailscale Serve is enabled, HTTP when disabled
- Fix URL copy bug in ServerInfoSection for Tailscale addresses
- Update authentication documentation with new integration mode
- Server automatically restarts when toggle is changed
The macOS app now provides a user-friendly toggle to enable secure
Tailscale Serve integration without manual configuration.
* fix(security): Remove dangerous --allow-tailscale-auth flag
- Remove --allow-tailscale-auth flag that allowed header spoofing
- Remove --use-tailscale-serve alias for consistency
- Keep only --enable-tailscale-serve which safely manages everything
- Update all references in server.ts to use enableTailscaleServe
- Update macOS app to use --enable-tailscale-serve flag
- Update documentation to remove manual setup mode
The --allow-tailscale-auth flag was dangerous because it allowed users to
enable Tailscale header authentication while binding to network interfaces,
which would allow anyone on the network to spoof the Tailscale headers.
Now there's only one safe way to use Tailscale integration: --enable-tailscale-serve,
which forces localhost binding and manages the proxy automatically.
* fix: address PR feedback from Peter and Cursor
- Fix Promise hang bug in TailscaleServeService when process exits with code 0
- Move tailscaleServeEnabled string to AppConstants.UserDefaultsKeys
- Create TailscaleURLHelper for URL construction logic
- Add Linux support to TailscaleServeService with common Tailscale paths
- Update all references to use centralized constants
- Fix code formatting issues
* feat: Add Tailscale Serve status monitoring and error visibility
* fix: Correct pass-through argument logic for boolean flags and duplicates
- Track processed argument indices instead of checking if arg already exists in serverArgs
- Add set of known boolean flags that don't take values
- Allow duplicate arguments to be passed through
- Only treat non-dash arguments as values for non-boolean flags
This fixes issues where:
1. Boolean flags like --verbose were incorrectly consuming the next argument
2. Duplicate flags couldn't be passed through to the server
* fix: Resolve promise hanging and orphaned processes in Tailscale serve
- Add settled flag to prevent multiple promise resolutions
- Handle exit code 0 as a failure case during startup
- Properly terminate child process in cleanup method
- Add timeout for graceful shutdown before force killing
This fixes:
1. Promise hanging when tailscale serve exits with code 0
2. Orphaned processes when startup fails or cleanup is called
---------
Co-authored-by: Peter Steinberger <steipete@gmail.com>
- Rename terminal test bundle to generic test bundle (test.js)
- Create organized test structure in src/client/test/
- Move test HTML files to src/client/assets/test/
- Fix terminal-test component API usage and styling
- Fix Monaco editor worker loading issues by disabling workers
- Use AMD loader approach for Monaco initialization
- Apply Tailwind classes instead of inline CSS
The test infrastructure now supports isolated component testing with
individual HTML pages for each component. Monaco editor works with
syntax highlighting using the default vs-dark theme.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Add Monaco Editor (v0.52.2) as dependency
- Create MonacoEditor Lit component with normal and diff modes
- Support inline/side-by-side diff switching with responsive behavior
- Replace CodeMirror in file browser with Monaco
- Add /api/fs/diff-content endpoint for fetching original/modified content
- Update build system to use esbuild with Monaco plugin
- Add proper Monaco asset handling and bundling
- Style Monaco with VibeTunnel dark theme
Note: There are rendering artifacts that need to be addressed
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
- Rename index.ts to cli.ts as single entry point
- Merge app.ts and shutdown-state.ts into server.ts
- Update all imports and references to use new structure
- Update e2e tests and dev script to spawn via cli.ts
- Remove execution code from server.ts (only cli.ts executes)
- Clean up tsconfig.client.json exclude path
This creates a cleaner separation where cli.ts is the only entry
point that decides whether to run server or forward mode.
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
