Add Tailscale share command#89
Conversation
|
No actionable comments were generated in the recent review. 🎉 ℹ️ Recent review info⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: 📒 Files selected for processing (2)
✅ Files skipped from review due to trivial changes (1)
🚧 Files skipped from review as they are similar to previous changes (1)
📝 WalkthroughWalkthroughAdds a ChangesTailscale Share Command
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes Possibly related PRs
Poem
🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 14a5e814cc
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if (tailscaleServeTargets(target)) { | ||
| execFileSync("tailscale", ["serve", "clear", "https:443"], { stdio: "ignore" }); |
There was a problem hiding this comment.
Use the matching off command for Serve cleanup
When a share session exits, this cleanup never removes the background Tailscale Serve/Funnel entry because tailscale serve clear only accepts a Tailscale Service name (svc:...), while this code passes https:443 after creating a normal port share with tailscale serve|funnel --bg <target>. The error is swallowed, so the Funnel/Serve config persists and can unexpectedly expose whatever later binds to the same local port; Tailscale's documented disable path for these shares is rerunning the same serve/funnel mode/port with off, not clear <service>.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Actionable comments posted: 3
🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.
Inline comments:
In `@packages/serve-sim/README.md`:
- Line 127: The documentation for the serve-sim share command incorrectly shows
[device] in singular form, but the command actually accepts multiple devices as
variadic arguments. Update the notation in the README from `serve-sim share
[device]` to `serve-sim share [devices...]` to accurately reflect the CLI
contract and match the actual implementation that accepts multiple device
arguments.
In `@packages/serve-sim/src/index.ts`:
- Around line 1870-1873: The execFileSync call to "tailscale status --json" can
block indefinitely if the tailscale daemon is unresponsive, causing the process
to hang during cleanup operations. Add a timeout option (in milliseconds) to the
options object passed to execFileSync in this invocation. Set a reasonable
timeout value that allows the command to complete under normal circumstances
while preventing indefinite blocking. Apply the same timeout hardening to all
other tailscale subprocess calls in the file (mentioned at lines 1946, 1892, and
1909-1912) to ensure consistent protection against unresponsive daemon states.
- Around line 1942-1945: The target URL construction for Tailscale does not
properly handle IPv6 addresses. When shareHost is an IPv6 address (which will
contain colons), the current string interpolation in the target variable
assignment produces an invalid URL like http://::1:port instead of the RFC 3986
compliant http://[::1]:port. Modify the target URL construction to detect if
shareHost contains colons (indicating an IPv6 address) and wrap it in brackets
before inserting it into the URL. This ensures IPv6 literals are properly
formatted as per the standard.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: defaults
Review profile: CHILL
Plan: Pro Plus
Run ID: d4ac17f9-4cd9-4315-aae8-b67236f6e591
📒 Files selected for processing (2)
packages/serve-sim/README.mdpackages/serve-sim/src/index.ts
|
Addressed the review feedback in
Validation run:
CodeRabbit is now green and there are no active unresolved review threads. |
Summary
serve-sim share [device...]to start the normal preview server and expose it through Tailscale Serve--publicfor FunnelTesting
bun run typecheckbun run lintbun run --filter serve-sim buildSummary by CodeRabbit
New Features
serve-sim shareCLI command to enable remote access to the preview server via Tailscale, supporting private tailnet Serve and public Funnel modes (including an optional--publicflag).Documentation
serve-sim shareand added security guidance about exposed video and browser controls.