starred/opentui
1
0
Fork 0
mirror of https://github.com/anomalyco/opentui.git synced 2026-04-25 13:06:00 +03:00
Code Issues 255 Projects Releases 7 Packages Wiki Activity

[PR #636] feat(ssh): add @opentui/ssh package with stream-mode renderer migration #1459

New issue
Open
opened 2026-03-14 09:37:55 +03:00 by kerem · 0 comments
kerem commented 2026-03-14 09:37:55 +03:00
Owner
Copy link

📋 Pull Request Information

Original PR: https://github.com/anomalyco/opentui/pull/636
Author: @msmps
Created: 2/6/2026
Status: 🔄 Open

Base: mainHead: feat/ssh

📝 Commits (4)

  • 978af38 feat(ssh/core): add SSH package and migrate renderer to NativeSpanFeed stream output
  • 88b4f61 fix(ssh/core): address code review findings across SSH and renderer
  • 9c5234c fix(ssh/core): address reviewer findings in SSH and stream mode
  • 9639f9f feat(ssh): add allowAll() middleware for production-ready open servers

📊 Changes

29 files changed (+4282 additions, -239 deletions)

View changed files

📝 bun.lock (+77 -0)
📝 packages/core/src/console.ts (+8 -0)
📝 packages/core/src/renderer.ts (+333 -68)
📝 packages/core/src/testing/test-renderer.ts (+15 -4)
packages/core/src/tests/renderer.stream-mode.test.ts (+269 -0)
packages/core/src/tests/renderer.stream-validation.test.ts (+48 -0)
📝 packages/core/src/zig.ts (+16 -4)
📝 packages/core/src/zig/lib.zig (+22 -2)
📝 packages/core/src/zig/renderer.zig (+311 -137)
📝 packages/core/src/zig/tests/buffer_test.zig (+2 -2)
📝 packages/core/src/zig/tests/renderer_test.zig (+287 -22)
packages/ssh/README.md (+291 -0)
packages/ssh/examples/counter.ts (+109 -0)
packages/ssh/package.json (+40 -0)
packages/ssh/src/index.ts (+24 -0)
packages/ssh/src/middleware/index.ts (+172 -0)
packages/ssh/src/server.ts (+354 -0)
packages/ssh/src/session.ts (+207 -0)
packages/ssh/src/types.ts (+65 -0)
packages/ssh/src/utils/authorized-keys.ts (+36 -0)

...and 9 more files

📄 Description

@opentui/ssh + stream-mode renderer migration

Summary

  • Adds a new @opentui/ssh package for running OpenTUI apps over SSH with per-session renderer isolation.
  • Migrates core non-stdout transport from callback output to outputMode: "stream" backed by NativeSpanFeed in Zig.
  • Applies follow-up hardening from review: auth decision guarding, session admission race fixes, authorized_keys option safety, PTY dimension normalization, and renderer stdin teardown correction.

What This PR Includes

1) New package: @opentui/ssh

  • createSSHServer() with lifecycle events (listening, session, error, close).
  • SSHSession wrapper with stream output wiring, input forwarding, resize handling, and idempotent close.
  • Built-in middleware:
    • logging()
    • publicKey() (OpenSSH authorized_keys parsing/matching)
    • allowAll() (production-ready open server, no warnings)
    • devMode() (development-only, prints security warning)
  • Host key utilities and docs/examples/tests.

2) Core renderer stream architecture

  • outputMode: "stream" in @opentui/core with required onOutput, width, and height validation.
  • NativeSpanFeed/Zig integration for feed-backed output dispatch and backpressure-safe async delivery.
  • Renderer and test utilities updated for stream-mode creation and validation.

3) Reviewer follow-up fixes

  • Prevents auth double-decision races via guarded accept/reject flow in SSH auth handling.
  • Enforces maxSessions against active + pending session creation to close async admission race.
  • Normalizes invalid PTY dimensions (e.g. 0x0) to safe defaults before renderer creation.
  • Treats authorized_keys option-prefixed entries as unsupported and ignores them (with warning) to avoid silently weakening restrictions.
  • Fixes global process.stdin.pause() behavior so stream-only renderer teardown does not pause stdin.

Documentation and Testing

  • Expanded packages/ssh/README.md with middleware phases/order, auth/session patterns, and compatibility notes.
  • Added/expanded tests across:
    • packages/ssh/tests/* (server, middleware, authorized-keys, session, integration, host-key)
    • packages/core/src/tests/renderer.stream-mode.test.ts
    • packages/core/src/tests/renderer.stream-validation.test.ts

Manual Verification (SSH Counter Example)

  1. Start the example server:
    • cd packages/ssh
    • bun run example
  2. In another terminal, connect with SSH:
    • ssh -p 2222 localhost
  3. Validate behavior in one or more sessions:
    • + / - updates the counter
    • terminal resize updates displayed dimensions
    • q cleanly closes the session
  4. (If host key changed) clear stale host key entry:
    • ssh-keygen -R "[localhost]:2222"

Pilotty-Based Verification

1) Install Pilotty

npm install -g pilotty

Verify with pilotty --version.

2) Install the Pilotty OpenCode skill

npx skills add msmps/pilotty

3) AI-assisted review prompt

Use this in OpenCode to run the flow autonomously:

use pilotty to test out the ssh impl with the ssh counter example;
spawn concurrent sessions and validate

Expected validation flow: start server, open concurrent SSH sessions, verify per-session counter isolation, test resize propagation, and quit sessions cleanly.

Notes

  • publicKey() currently supports key matching only; OpenSSH option prefixes (from=, command=, no-pty, etc.) are intentionally not enforced yet and are ignored.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/anomalyco/opentui/pull/636 **Author:** [@msmps](https://github.com/msmps) **Created:** 2/6/2026 **Status:** 🔄 Open **Base:** `main` ← **Head:** `feat/ssh` --- ### 📝 Commits (4) - [`978af38`](https://github.com/anomalyco/opentui/commit/978af384d22e596ee3ce72709990d0e37acb0f5d) feat(ssh/core): add SSH package and migrate renderer to NativeSpanFeed stream output - [`88b4f61`](https://github.com/anomalyco/opentui/commit/88b4f61ed3b3ac0fe3c7172cfa7e14027859962e) fix(ssh/core): address code review findings across SSH and renderer - [`9c5234c`](https://github.com/anomalyco/opentui/commit/9c5234c1526e4aac6d168de2acede2aa4904a08e) fix(ssh/core): address reviewer findings in SSH and stream mode - [`9639f9f`](https://github.com/anomalyco/opentui/commit/9639f9f5262447b471538d5a2b1fd462443dcf7d) feat(ssh): add allowAll() middleware for production-ready open servers ### 📊 Changes **29 files changed** (+4282 additions, -239 deletions) <details> <summary>View changed files</summary> 📝 `bun.lock` (+77 -0) 📝 `packages/core/src/console.ts` (+8 -0) 📝 `packages/core/src/renderer.ts` (+333 -68) 📝 `packages/core/src/testing/test-renderer.ts` (+15 -4) ➕ `packages/core/src/tests/renderer.stream-mode.test.ts` (+269 -0) ➕ `packages/core/src/tests/renderer.stream-validation.test.ts` (+48 -0) 📝 `packages/core/src/zig.ts` (+16 -4) 📝 `packages/core/src/zig/lib.zig` (+22 -2) 📝 `packages/core/src/zig/renderer.zig` (+311 -137) 📝 `packages/core/src/zig/tests/buffer_test.zig` (+2 -2) 📝 `packages/core/src/zig/tests/renderer_test.zig` (+287 -22) ➕ `packages/ssh/README.md` (+291 -0) ➕ `packages/ssh/examples/counter.ts` (+109 -0) ➕ `packages/ssh/package.json` (+40 -0) ➕ `packages/ssh/src/index.ts` (+24 -0) ➕ `packages/ssh/src/middleware/index.ts` (+172 -0) ➕ `packages/ssh/src/server.ts` (+354 -0) ➕ `packages/ssh/src/session.ts` (+207 -0) ➕ `packages/ssh/src/types.ts` (+65 -0) ➕ `packages/ssh/src/utils/authorized-keys.ts` (+36 -0) _...and 9 more files_ </details> ### 📄 Description # `@opentui/ssh` + stream-mode renderer migration ## Summary - Adds a new `@opentui/ssh` package for running OpenTUI apps over SSH with per-session renderer isolation. - Migrates core non-stdout transport from callback output to `outputMode: "stream"` backed by `NativeSpanFeed` in Zig. - Applies follow-up hardening from review: auth decision guarding, session admission race fixes, authorized_keys option safety, PTY dimension normalization, and renderer stdin teardown correction. ## What This PR Includes ### 1) New package: `@opentui/ssh` - `createSSHServer()` with lifecycle events (`listening`, `session`, `error`, `close`). - `SSHSession` wrapper with stream output wiring, input forwarding, resize handling, and idempotent close. - Built-in middleware: - `logging()` - `publicKey()` (OpenSSH `authorized_keys` parsing/matching) - `allowAll()` (production-ready open server, no warnings) - `devMode()` (development-only, prints security warning) - Host key utilities and docs/examples/tests. ### 2) Core renderer stream architecture - `outputMode: "stream"` in `@opentui/core` with required `onOutput`, `width`, and `height` validation. - NativeSpanFeed/Zig integration for feed-backed output dispatch and backpressure-safe async delivery. - Renderer and test utilities updated for stream-mode creation and validation. ### 3) Reviewer follow-up fixes - Prevents auth double-decision races via guarded accept/reject flow in SSH auth handling. - Enforces `maxSessions` against active + pending session creation to close async admission race. - Normalizes invalid PTY dimensions (e.g. `0x0`) to safe defaults before renderer creation. - Treats `authorized_keys` option-prefixed entries as unsupported and ignores them (with warning) to avoid silently weakening restrictions. - Fixes global `process.stdin.pause()` behavior so stream-only renderer teardown does not pause stdin. ## Documentation and Testing - Expanded `packages/ssh/README.md` with middleware phases/order, auth/session patterns, and compatibility notes. - Added/expanded tests across: - `packages/ssh/tests/*` (server, middleware, authorized-keys, session, integration, host-key) - `packages/core/src/tests/renderer.stream-mode.test.ts` - `packages/core/src/tests/renderer.stream-validation.test.ts` ## Manual Verification (SSH Counter Example) 1. Start the example server: - `cd packages/ssh` - `bun run example` 2. In another terminal, connect with SSH: - `ssh -p 2222 localhost` 3. Validate behavior in one or more sessions: - `+` / `-` updates the counter - terminal resize updates displayed dimensions - `q` cleanly closes the session 4. (If host key changed) clear stale host key entry: - `ssh-keygen -R "[localhost]:2222"` ## Pilotty-Based Verification ### 1) Install Pilotty ```bash npm install -g pilotty ``` Verify with `pilotty --version`. ### 2) Install the Pilotty OpenCode skill ```bash npx skills add msmps/pilotty ``` ### 3) AI-assisted review prompt Use this in OpenCode to run the flow autonomously: ```text use pilotty to test out the ssh impl with the ssh counter example; spawn concurrent sessions and validate ``` Expected validation flow: start server, open concurrent SSH sessions, verify per-session counter isolation, test resize propagation, and quit sessions cleanly. ## Notes - `publicKey()` currently supports key matching only; OpenSSH option prefixes (`from=`, `command=`, `no-pty`, etc.) are intentionally not enforced yet and are ignored. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feat/native-span-feed-renderer
keymap-manager-2
skills
footer-resize
feature-docs
rgbaa-indexed-squashed
issue-799/work
fix/react-runtime-plugin-import
release-0.1.102
flicker-less
markdown-streaming
theme-queries
ehrmahgehrd
code-signing
keyboard-ctrl-x
fix/query-send-after-alt-screen
cli-render-api
default-alias
fix/windows-terminal-ctrl-backspace
issue-846/work
default-stdin-parser-timeout
target-fps
destroy-path
resize-harden
node-module-res
linters
example-overlay
minor-simplifications
system-locks
work/investigations-31-opencode-16470-light-mode-code-output
bg-alpha-blending
issue-661/work
monotonic-clock
fix/csi-timeout-flush
fix-csi-timeout-flush
fix/windows-test-support
span-stream-gate
tbv-refactor
scroll-into-view
speedup-tests
capslock-text
feat/ssh
issue-748-stdin-flood-regression
tests/fix-609-cases
fix-609
build-end-to-end-script
layout-scan-offsets
explore-gain-method
flaky-test
simd-grapheme-accounting
fix-wordwrap-splitting-words
markdown-leak
deno
fix-grapheme-clear
feat/windows-rawmode-workaround
fix/focus-restore-terminal-modes
yoga
fix(solid)-prop-initialization-before-insert
docs/skill
fix-github-io-links
fix-ci
fix/border-seg-fault-20260116174445
stdin-emoji-ime-pr-483
tmux-palette
osc8-link
fix/winterm-ctrl+c-rawmode
windows-debug
debug-double-key-events
add-review
bun-yoga-pr-356
fix-negative-y-segfault
win-testing
feat/migrate-input-20251107224958
bug/text-wrap-20251106163441
solid-invalidate-ref
debug-opencode-session-scrollbox
fix-text-not-updating
opencode
copilot/fix-143
scroll-area
kom-anchor-pos
anchor-positioning
keymap-7-snapshot
v0.1.103
keymap-6-snapshot
keymap-5-snapshot
keymap-4-snapshot
theme-again-2-snapshot
keymap-3-snapshot
keymap-2-snapshot
theme-again-1-snapshot
v0.1.102
v0.1.101
keymap-1-snapshot
theme-mode-1-snapshot
v0.1.100
v0.1.99
perf-3-snapshot
perf-2-snapshot
perf-1-snapshot
v0.1.98
v0.1.97
runtime-resolve-4-snapshot
runtime-resolve-3-snapshot
runtime-resolve-2-snapshot
v0.1.96
v0.1.95
runtime-resolve-1-snapshot
v0.1.94
slot-dedupe-1-snapshot
v0.1.93
pre-0193-3-snapshot
pre-0193-2-snapshot
pre-0193-1-snapshot
v0.1.92
slot-churn-2-snapshot
slot-churn-1-snapshot
v0.1.91
locks-2-snapshot
locks-1-snapshot
v0.1.90
v0.1.89
plugins-12-snapshot
plugins-11-snapshot
plugins-10-snapshot
v0.1.88
node-next-2-snapshot
node-next-snapshot
plugins-9-snapshot
plugins-8-snapshot
plugins-7-snapshot
plugins-6-snapshot
v0.1.87
plugins-5-snapshot
plugins-4-snapshot
plugins-3-snapshot
plugins-2-snapshot
plugins-1-snapshot
v0.1.86
v0.1.85
v0.1.84
v0.1.83
v0.1.82
v0.1.81
v0.1.80
v0.1.79
v0.1.78
v0.1.77
v0.1.76
v0.1.75
v0.1.74
v0.1.73
input-graphemes-snapshot
v0.1.72
v0.1.71
v0.1.70
tmux-palette-snapshot
react-unmount-snapshot
zig15-snapshot
v0.1.69
v0.1.68
v0.1.67
v0.1.66
v0.1.65
v0.1.64
v0.1.63
v0.1.62
v0.1.61
more-default-keybinds2-snapshot
more-default-keybinds-snapshot
v0.1.60
kitty-flags-snapshot
v0.1.59
v0.1.58
diff-fg-snapshot
v0.1.57-dry.1
v0.1.57
bun-yoga-4-snapshot
v0.1.56
v0.1.55
bun-yoga-3-snapshot
bun-yoga-2-snapshot
bun-yoga-1-snapshot
v0.1.54
v0.1.53
v0.1.52
v0.1.51
diff1-snapshot
v0.1.50
v0.1.49
v0.1.48
v0.1.47
v0.1.46
v0.1.45
v0.1.44
v0.1.43
react-test-utils-snapshot
v0.1.42
no-sync-snapshot
v0.1.41
v0.1.40
lazy-highlights-snapshot
v0.1.39
v0.1.38
v0.1.37
get-palette-snapshot
v0.1.36
v0.1.35
oc-snapshot
v0.1.34
v0.1.33
win-tswp-resolve-1-snapshot
v0.1.32
markdown-rendering-snapshot
unicode-fixes-snapshot
defrag-snapshot
tabstop-snapshot
oc-ta-5-snapshot
oc-ta-4-snapshot
v0.1.31
oc-ta-3-snapshot
oc-ta-2-snapshot
oc-ta-1-snapshot
v0.1.30
v0.1.29
v0.1.28
v0.1.27
suspend-resume-snapshot
scroll-accel-setter-snapshot
v0.1.26
find-descendant-snapshot
uggu-3-snapshot
uggu-2-snapshot
uggu-treetree-snapshot
second-tree-sitter-snapshot
inital-tree-sitter-snapshot
fix-orphaned-child-nodes-snapshot
prevent-default-2-snapshot
meta-ctrl-fix-snapshot
prevent-default-snapshot
new-use-timeline-snapshot
v0.1.25
improved-shutdown-sequence-snapshot
fix-stale-line-info-snapshot
fix-find-descendant-snapshot
bracketed-paste-snapshot
20250922152022-snapshot
graceful-shutdown-snapshot
flex-shrink-default-snapshot
yoga-fix-snapshot
text-wrap-snapshot
20250918170613-snapshot
20250917004658-snapshot
scrollbox-fix-1-snapshot
kitty-keyboard-snapshot
textnodes-snapshot
mem-improvements-snapshot
v0.1.19-snapshot5
v0.1.19-snapshot4
v0.1.19-snapshot3
v0.1.19-snapshot2
v0.1.19-snapshot
Labels
Clear labels   
bug

   
core

   
documentation

   
feature

   
good first issue

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
react

   
solid

   
tmux

   
windows
No labels
bug
core
documentation
feature
good first issue
help wanted
pull-request
question
react
solid
tmux
windows
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/opentui#1459
No description provided.