Move iOS app into repo with public-only Convex sync and proprietary licensing

.github/workflows/build-ghosttykit.yml

@@ -5,6 +5,7 @@ on:
     branches:
       - main
   pull_request:
+  workflow_dispatch:
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}

.github/workflows/ci.yml

@@ -49,6 +49,22 @@ jobs:
         with:
           go-version-file: daemon/remote/go.mod
 
+      - name: Install zig
+        run: |
+          set -euo pipefail
+          ZIG_REQUIRED="0.15.2"
+          if command -v zig >/dev/null 2>&1 && zig version 2>/dev/null | grep -q "^${ZIG_REQUIRED}"; then
+            echo "zig ${ZIG_REQUIRED} already installed"
+          else
+            echo "Installing zig ${ZIG_REQUIRED} from tarball"
+            curl -fSL "https://ziglang.org/download/${ZIG_REQUIRED}/zig-x86_64-linux-${ZIG_REQUIRED}.tar.xz" -o /tmp/zig.tar.xz
+            tar xf /tmp/zig.tar.xz -C /tmp
+            sudo mv /tmp/zig-x86_64-linux-${ZIG_REQUIRED}/zig /usr/local/bin/zig
+            sudo rm -rf /usr/local/lib/zig
+            sudo mv /tmp/zig-x86_64-linux-${ZIG_REQUIRED}/lib /usr/local/lib/zig
+            zig version
+          fi
+
       - name: Run remote daemon tests
         working-directory: daemon/remote
         run: go test ./...

.gitmodules

@@ -8,3 +8,7 @@
 [submodule "vendor/bonsplit"]
 	path = vendor/bonsplit
 	url = https://github.com/manaflow-ai/bonsplit.git
+[submodule "vendor/tls.zig"]
+	path = vendor/tls.zig
+	url = https://github.com/ianic/tls.zig
+	branch = zig-0.15.x

CLAUDE.md

@@ -16,6 +16,32 @@ After making code changes, always run the reload script with a tag to build the
 ./scripts/reload.sh --tag fix-zsh-autosuggestions
 ```
 
+### Cross-stack reloads (mac + iOS + daemon)
+
+iOS clients connect to mac-side `cmuxd-remote` over WebSocket. A code
+change in any one of mac swift, iOS swift, or zig daemon usually needs
+a reload of **every** affected surface. Defaulting to "only reload
+what I edited" leaves the user with stale binaries on the other side
+and produces phantom bug reports.
+
+| Edited | Mac reload | iOS reload | Notes |
+|--------|-----------|-----------|-------|
+| `Sources/**` (mac swift only) | yes | no | mac UI / control socket |
+| `daemon/remote/zig/**` | **yes** | **yes** | daemon respawns when mac launches; iOS connects over WS |
+| `ios/Sources/**` | no | **yes** | iOS UI / transport |
+| Shared RPC schema (json-rpc method names, params) | yes | yes | both sides parse the wire format |
+| `MobileDaemonBridgeInline` (mac), WS port hash, secret loader | yes | yes | iOS caches endpoint; stale port → silent connect failures |
+
+iOS reload runs from the worktree's `ios/` dir:
+
+```bash
+cd ios && ./scripts/reload.sh
+```
+
+When in doubt, reload both. End every applicable handoff stating
+exactly what was reloaded: `Reloaded mac (tag: pty-shared-size) +
+iOS simulator. iPhone unavailable.` Don't make the user infer it.
+
 By default, `reload.sh` builds but does **not** launch the app. The script prints the `.app` path so the user can cmd-click to open it. Pass `--launch` to kill any existing instance and open the app automatically:
 
 ```bash
@@ -187,7 +213,12 @@ The app has a **Debug** menu in the macOS menu bar (only in DEBUG builds). Use i
 - Only explicit focus-intent commands may mutate in-app focus/selection (`window.focus`, `workspace.select/next/previous/last`, `surface.focus`, `pane.focus/last`, browser focus commands, and v1 focus equivalents).
 - All non-focus commands should preserve current user focus context while still applying data/model changes.
 
-## Testing policy
+## Timing policy
+
+- Do not use sleep-based timing in application/runtime code when an event-, state-, or callback-driven mechanism is available.
+- Deterministic sleeps are acceptable in tests when they are the smallest practical verification tool.
+
+## E2E mac UI tests
 
 **Never run tests locally.** All tests (E2E, UI, python socket tests) run via GitHub Actions or on the VM.
 
@@ -272,3 +303,4 @@ Notes:
 - README download button points to `releases/latest/download/cmux-macos.dmg`.
 - Versioning: bump the minor version for updates unless explicitly asked otherwise.
 - Changelog: update `CHANGELOG.md`; docs changelog is rendered from it.
+

CLI/cmux.swift

@@ -1770,6 +1770,11 @@ struct CMUXCLI {
             return
         }
 
+        if command == "login" {
+            try runLogin(commandArgs: commandArgs, socketPath: resolvedSocketPath, explicitPassword: socketPasswordArg)
+            return
+        }
+
         if command == "claude-teams" {
             try runClaudeTeams(
                 commandArgs: commandArgs,
@@ -1922,6 +1927,41 @@ struct CMUXCLI {
             let response = try client.sendV2(method: "system.identify", params: params)
             print(jsonString(formatIDs(response, mode: idFormat)))
 
+        case "daemon-status", "daemon":
+            let subcommand = commandArgs.first?.lowercased() ?? "status"
+            if subcommand == "stop" {
+                let response = try client.sendV2(method: "daemon.stop")
+                if jsonOutput {
+                    print(jsonString(response))
+                } else {
+                    print("Daemon stopped.")
+                }
+            } else {
+                let response = try client.sendV2(method: "daemon.status")
+                if jsonOutput {
+                    print(jsonString(response))
+                } else {
+                    if let bridge = response["bridge"] as? [String: Any] {
+                        let status = bridge["status"] as? String ?? "unknown"
+                        let socketPath = bridge["socket_path"] as? String ?? "unknown"
+                        let syncCount = bridge["sync_count"] as? Int ?? 0
+                        let lastSync = bridge["last_sync"] as? String ?? "never"
+                        print("Bridge: \(status)")
+                        print("  Socket: \(socketPath)")
+                        print("  Syncs: \(syncCount)")
+                        print("  Last sync: \(lastSync)")
+                    }
+                    if let daemon = response["daemon"] as? [String: Any] {
+                        let running = daemon["running"] as? Bool ?? false
+                        let wsPort = daemon["ws_port"] as? Int
+                        let daemonSocket = daemon["socket_path"] as? String
+                        print("Daemon: \(running ? "running" : "stopped")")
+                        if let wsPort { print("  WebSocket port: \(wsPort)") }
+                        if let daemonSocket { print("  Socket: \(daemonSocket)") }
+                    }
+                }
+            }
+
         case "list-windows":
             let response = try sendV1Command("list_windows", client: client)
             if jsonOutput {
@@ -2949,6 +2989,189 @@ struct CMUXCLI {
         try activateApp()
     }
 
+    // MARK: - Login (Stack Auth CLI flow)
+
+    private func runLogin(commandArgs: [String], socketPath: String, explicitPassword: String?) throws {
+        let noOpen = hasFlag(commandArgs, name: "--no-open")
+
+        // Resolve Stack Auth config from environment (mirrors AuthEnvironment.swift)
+        let env = ProcessInfo.processInfo.environment
+        let stackBaseURL = env["CMUX_STACK_BASE_URL"]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "https://api.stack-auth.com"
+        #if DEBUG
+        let devProjectID = "1467bed0-8522-45ee-a8d8-055de324118c"
+        let devClientKey = "pck_pt4nwry6sdskews2pxk4g2fbe861ak2zvaf3mqendspa0"
+        #else
+        let devProjectID = "8a877114-b905-47c5-8b64-3a2d90679577"
+        let devClientKey = "pck_pqghntgd942k1hg066m7htjakb8g4ybaj66hqj2g2frj0"
+        #endif
+        let projectID = env["CMUX_STACK_PROJECT_ID"]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? devProjectID
+        let clientKey = env["CMUX_STACK_PUBLISHABLE_CLIENT_KEY"]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? devClientKey
+
+        // Resolve the handler URL (where the browser opens).
+        let handlerOrigin: String
+        if let override = env["CMUX_AUTH_WWW_ORIGIN"]?.trimmingCharacters(in: .whitespacesAndNewlines),
+           !override.isEmpty {
+            handlerOrigin = override
+        } else {
+            #if DEBUG
+            let cmuxPort = env["CMUX_PORT"]?.trimmingCharacters(in: .whitespacesAndNewlines) ?? "3000"
+            handlerOrigin = "http://localhost:\(cmuxPort)"
+            #else
+            handlerOrigin = "https://cmux.com"
+            #endif
+        }
+
+        // Step 1: Initiate CLI auth session
+        let initURL = URL(string: "\(stackBaseURL)/api/v1/auth/cli")!
+        var initRequest = URLRequest(url: initURL)
+        initRequest.httpMethod = "POST"
+        initRequest.setValue("application/json", forHTTPHeaderField: "Content-Type")
+        initRequest.setValue(projectID, forHTTPHeaderField: "x-stack-project-id")
+        initRequest.setValue(clientKey, forHTTPHeaderField: "x-stack-publishable-client-key")
+        initRequest.setValue("client", forHTTPHeaderField: "x-stack-access-type")
+        initRequest.httpBody = try JSONSerialization.data(withJSONObject: [
+            "expires_in_millis": 7_200_000, // 2 hours
+        ])
+
+        let initResult = try syncHTTPRequest(initRequest)
+        guard let initJSON = initResult as? [String: Any],
+              let pollingCode = initJSON["polling_code"] as? String,
+              let loginCode = initJSON["login_code"] as? String else {
+            throw CLIError(message: "login: failed to initiate auth session")
+        }
+
+        // Step 2: Open browser (or print URL)
+        let confirmURL = "\(handlerOrigin)/handler/cli-auth-confirm?login_code=\(loginCode)"
+        if noOpen {
+            cliPrint("Open this URL to sign in:")
+            cliPrint(confirmURL)
+        } else {
+            cliPrint("Opening browser for sign-in...")
+            let proc = Process()
+            proc.executableURL = URL(fileURLWithPath: "/usr/bin/open")
+            // Open in Safari explicitly to avoid cmux's built-in browser intercepting
+            proc.arguments = ["-a", "Safari", confirmURL]
+            try proc.run()
+            proc.waitUntilExit()
+        }
+
+        // Step 3: Poll for completion
+        cliPrint("Waiting for sign-in to complete...")
+        let pollURL = URL(string: "\(stackBaseURL)/api/v1/auth/cli/poll")!
+        let pollBody = try JSONSerialization.data(withJSONObject: [
+            "polling_code": pollingCode,
+        ])
+
+        let startTime = Date()
+        let timeout: TimeInterval = 300 // 5 minutes
+        while Date().timeIntervalSince(startTime) < timeout {
+            Thread.sleep(forTimeInterval: 2.0)
+
+            var pollRequest = URLRequest(url: pollURL)
+            pollRequest.httpMethod = "POST"
+            pollRequest.setValue("application/json", forHTTPHeaderField: "Content-Type")
+            pollRequest.setValue(projectID, forHTTPHeaderField: "x-stack-project-id")
+            pollRequest.setValue(clientKey, forHTTPHeaderField: "x-stack-publishable-client-key")
+            pollRequest.setValue("client", forHTTPHeaderField: "x-stack-access-type")
+            pollRequest.httpBody = pollBody
+
+            guard let pollJSON = try? syncHTTPRequest(pollRequest) as? [String: Any],
+                  let status = pollJSON["status"] as? String else {
+                continue
+            }
+
+            switch status {
+            case "success":
+                guard let refreshToken = pollJSON["refresh_token"] as? String else {
+                    throw CLIError(message: "login: got success but no refresh token")
+                }
+                // Send token to the running app via socket
+                try seedTokenViaSocket(refreshToken: refreshToken, socketPath: socketPath, explicitPassword: explicitPassword)
+                cliPrint("OK Signed in successfully.")
+                return
+            case "expired":
+                throw CLIError(message: "login: session expired. Run `cmux login` again.")
+            case "used":
+                throw CLIError(message: "login: session already used.")
+            case "waiting":
+                continue
+            default:
+                continue
+            }
+        }
+
+        throw CLIError(message: "login: timed out waiting for sign-in (5 minutes)")
+    }
+
+    private func cliPrint(_ message: String) {
+        fputs(message + "\n", stdout)
+        fflush(stdout)
+    }
+
+    private func syncHTTPRequest(_ request: URLRequest) throws -> Any {
+        let semaphore = DispatchSemaphore(value: 0)
+        var responseData: Data?
+        var responseError: Error?
+
+        let task = URLSession.shared.dataTask(with: request) { data, _, error in
+            responseData = data
+            responseError = error
+            semaphore.signal()
+        }
+        task.resume()
+        semaphore.wait()
+
+        if let error = responseError {
+            throw CLIError(message: "login: network error: \(error.localizedDescription)")
+        }
+        guard let data = responseData else {
+            throw CLIError(message: "login: empty response")
+        }
+        return try JSONSerialization.jsonObject(with: data)
+    }
+
+    private func seedTokenViaSocket(refreshToken: String, socketPath: String, explicitPassword: String?) throws {
+        let client = SocketClient(path: socketPath)
+        try client.connect()
+        defer { client.close() }
+        try? authenticateClientIfNeeded(client, explicitPassword: explicitPassword, socketPath: socketPath)
+        let result = try client.sendV2(method: "account.seed_tokens", params: [
+            "refresh_token": refreshToken,
+        ])
+        if let error = result["error"] as? [String: Any],
+           let message = error["message"] as? String {
+            throw CLIError(message: "login: app rejected token: \(message)")
+        }
+    }
+
+    private func storeAuthToken(refreshToken: String, projectID: String) throws {
+        // Use the same keychain service and account names as the app's KeychainStackTokenStore
+        let service = "com.cmuxterm.app.auth"
+        let account = "cmux-auth-refresh-token"
+        let tokenData = refreshToken.data(using: .utf8)!
+
+        // Delete existing
+        let deleteQuery: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: account,
+        ]
+        SecItemDelete(deleteQuery as CFDictionary)
+
+        // Add new
+        let addQuery: [String: Any] = [
+            kSecClass as String: kSecClassGenericPassword,
+            kSecAttrService as String: service,
+            kSecAttrAccount as String: account,
+            kSecValueData as String: tokenData,
+            kSecAttrAccessible as String: kSecAttrAccessibleWhenUnlocked,
+        ]
+        let status = SecItemAdd(addQuery as CFDictionary, nil)
+        guard status == errSecSuccess else {
+            throw CLIError(message: "login: failed to store token in keychain (error \(status))")
+        }
+    }
+
     private func runFeedback(
         commandArgs: [String],
         socketPath: String,
@@ -6696,6 +6919,20 @@ struct CMUXCLI {
     /// Return the help/usage text for a subcommand, or nil if the command is unknown.
     private func subcommandUsage(_ command: String) -> String? {
         switch command {
+        case "daemon", "daemon-status":
+            return """
+            Usage: cmux daemon [status|stop] [--json]
+
+            Show the sync daemon status (bridge connection, WebSocket port, sync count).
+
+            Subcommands:
+              status   Show daemon status (default)
+              stop     Stop the daemon process
+
+            The daemon syncs workspace state to iOS via WebSocket. It persists
+            across app restarts so terminal sessions survive upgrades. Use
+            'cmux daemon stop' to kill it explicitly.
+            """
         case "ping":
             return """
             Usage: cmux ping
@@ -6721,6 +6958,17 @@ struct CMUXCLI {
 
             Show top-level CLI usage and command list.
             """
+        case "login":
+            return """
+            Usage: cmux login [--no-open]
+
+            Sign in to your cmux account using browser-based authentication.
+            Opens a browser for sign-in, then polls until complete.
+            Tokens are stored in the system keychain.
+
+            Flags:
+              --no-open   Print the sign-in URL instead of opening the browser.
+            """
         case "welcome":
             return """
             Usage: cmux welcome
@@ -14319,6 +14567,7 @@ struct CMUXCLI {
           --password takes precedence, then CMUX_SOCKET_PASSWORD env var, then password saved in Settings.
 
         Commands:
+          login [--no-open]
           welcome
           shortcuts
           feedback [--email <email> --body <text> [--image <path> ...]]
@@ -14333,6 +14582,7 @@ struct CMUXCLI {
           capabilities
           rpc <method> [json-params]
           identify [--workspace <id|ref|index>] [--surface <id|ref|index>] [--no-caller]
+          daemon [status|stop]
           list-windows
           current-window
           new-window