feat(cli): prompt for password on first launch

Author: pallyoung

docs/deployment/README.en.md

@@ -35,6 +35,17 @@ Why this is recommended:
 
 After the first launch, the app creates `auth.json` inside the app data directory.
 
+If you use the CLI defaults, the first launch starts with these values automatically:
+
+- `publicMode`: `true`
+- `rootPath`: `~/coder-studio-workspaces`
+- `bindHost`: `127.0.0.1`
+- `bindPort`: `41033`
+- `sessionIdleMinutes`: `15`
+- `sessionMaxHours`: `12`
+
+That means you do not need to preconfigure `rootPath`, `bindHost`, or `bindPort` just to get started. In the default case, setting the password is enough.
+
 Typical locations:
 
 - Linux: `~/.local/share/com.spencerkit.coderstudio/auth.json`
@@ -135,25 +146,35 @@ server {
 ## Deployment Steps
 
 1. Build the app: `pnpm tauri build`
-2. Start it once on the target machine so it generates `auth.json`
-3. Edit `auth.json`, or use the CLI, and set at least:
-   - `password`
-   - `rootPath`
-   - `bindHost`
-   - `bindPort`
-4. Restart the app
-5. Configure an HTTPS reverse proxy to `bindHost:bindPort`
-6. Open your domain and verify the login screen appears first
-
-Recommended CLI flow:
+2. Install the CLI on the target machine: `npm install -g @spencer-kit/coder-studio`
+3. Set the access passphrase
+4. Override `rootPath`, `bindHost`, or `bindPort` only if you need non-default values
+5. Start or restart the app
+6. Configure an HTTPS reverse proxy to `bindHost:bindPort`
+7. Open your domain and verify the login screen appears first
+
+Minimal setup:
+
+```bash
+printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
+coder-studio start
+```
+
+Notes:
+
+- if you accept the default workspace directory and bind address, the two commands above are enough
+- on an interactive terminal, the first `coder-studio start`, `coder-studio restart`, or `coder-studio open` also prompts for a passphrase if none is configured yet, then continues startup
+- non-interactive environments do not enter the prompt flow, so configure the passphrase first with `coder-studio config password set --stdin`
+
+Use this flow only when you want custom paths or bind settings:
 
 ```bash
 coder-studio config root set /srv/coder-studio/workspaces
 printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
 coder-studio config auth public-mode on
 coder-studio config set server.host 127.0.0.1
 coder-studio config set server.port 41033
-coder-studio restart
+coder-studio start
 ```
 
 ## Verification Checklist

docs/deployment/README.md

@@ -35,6 +35,17 @@
 
 应用首次启动后，会在 app data 目录生成 `auth.json`。
 
+如果你直接使用 CLI 默认配置，首次启动会自动带上这些默认值：
+
+- `publicMode`: `true`
+- `rootPath`: `~/coder-studio-workspaces`
+- `bindHost`: `127.0.0.1`
+- `bindPort`: `41033`
+- `sessionIdleMinutes`: `15`
+- `sessionMaxHours`: `12`
+
+也就是说，默认情况下你不需要先手动设置 `rootPath`、`bindHost` 或 `bindPort`；只要把密码设好，就可以先启动。
+
 常见位置：
 
 - Linux：`~/.local/share/com.spencerkit.coderstudio/auth.json`
@@ -135,25 +146,35 @@ server {
 ## 部署步骤
 
 1. 构建应用：`pnpm tauri build`
-2. 在目标机器上先启动一次应用，让它生成 `auth.json`
-3. 编辑 `auth.json`，或者直接使用 CLI，至少设置：
-   - `password`
-   - `rootPath`
-   - `bindHost`
-   - `bindPort`
-4. 重启应用
-5. 配置 HTTPS 反向代理到 `bindHost:bindPort`
-6. 打开你的域名，确认先出现登录页
-
-推荐直接使用 CLI：
+2. 在目标机器上安装 CLI：`npm install -g @spencer-kit/coder-studio`
+3. 设置访问口令
+4. 如有需要，再覆盖默认的 `rootPath`、`bindHost`、`bindPort`
+5. 启动或重启应用
+6. 配置 HTTPS 反向代理到 `bindHost:bindPort`
+7. 打开你的域名，确认先出现登录页
+
+最小可用配置：
+
+```bash
+printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
+coder-studio start
+```
+
+说明：
+
+- 如果你接受默认目录和默认监听地址，上面两条命令就够了
+- 交互式终端里首次执行 `coder-studio start`、`coder-studio restart` 或 `coder-studio open` 时，如果还没设置密码，CLI 也会先提示你输入并确认密码，然后再继续启动
+- 非交互环境下不会进入提示流程，这时应先执行 `coder-studio config password set --stdin`
+
+需要自定义目录或监听地址时，再使用：
 
 ```bash
 coder-studio config root set /srv/coder-studio/workspaces
 printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
 coder-studio config auth public-mode on
 coder-studio config set server.host 127.0.0.1
 coder-studio config set server.port 41033
-coder-studio restart
+coder-studio start
 ```
 
 ## 验证清单

docs/development/cli.en.md

@@ -342,19 +342,33 @@ The CLI exposes one config view, but it persists values into two files:
 - `root.path` is written into `auth.json` as the single-root `rootPath` field
 - legacy `allowedRoots` values are still read for compatibility, but CLI writes back only `rootPath`
 - `auth.password` is hidden in `show` and `get`
+- with the default configuration, the CLI uses:
+  - `server.host = 127.0.0.1`
+  - `server.port = 41033`
+  - `root.path = ~/coder-studio-workspaces`
+  - `auth.publicMode = true`
 - while the runtime is already running:
   - `root.path`, `auth.publicMode`, `auth.password`, and session lifetime settings are applied immediately
   - `server.host` and `server.port` are persisted immediately, but require `restart` before the bind address changes
 - changing `auth.password` or `auth.publicMode` clears current authenticated sessions
+- in an interactive terminal, if this is the first launch and `auth.password` is still missing, `start`, `restart`, and `open` prompt for a new passphrase and confirmation before continuing startup
+- in `--json`, CI, or other non-interactive environments, the prompt flow is skipped; configure the passphrase first with `coder-studio config password set --stdin`
 
 ### Common Examples
 
-Minimal public-mode setup:
+Start with the default configuration:
+
+```bash
+printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
+coder-studio start
+```
+
+Minimal setup when you want a custom workspace root:
 
 ```bash
 coder-studio config root set /srv/coder-studio/workspaces
 printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
-coder-studio config auth public-mode on
+coder-studio start
 ```
 
 Change the port and restart:

docs/development/cli.md

@@ -342,19 +342,33 @@ CLI 对外只暴露一套配置视图，但底层分成两个文件：
 - `root.path` 会以单根目录模型写入 `auth.json` 的 `rootPath`
 - 旧版本 `allowedRoots` 配置仍可读取，但 CLI 写回时只会写 `rootPath`
 - `auth.password` 在 `show` / `get` 中不会返回明文
+- 默认配置下，CLI 会使用：
+  - `server.host = 127.0.0.1`
+  - `server.port = 41033`
+  - `root.path = ~/coder-studio-workspaces`
+  - `auth.publicMode = true`
 - 运行时已经启动时：
   - `root.path`、`auth.publicMode`、`auth.password`、会话时长配置会即时写入并立即生效
   - `server.host`、`server.port` 会写入配置，但需要 `restart` 后才会真正改变监听地址
 - 修改 `auth.password` 或 `auth.publicMode` 时，当前活跃登录会话会被清空
+- 在交互式终端中，如果这是首次启动且 `auth.password` 仍未配置，`start`、`restart`、`open` 会先提示输入并确认密码，然后再继续启动
+- 在 `--json`、CI 或其他非交互环境中，不会进入提示流程；首次启动前请先执行 `coder-studio config password set --stdin`
 
 ### 常用示例
 
-设置公网模式的最小配置：
+使用默认配置直接启动：
+
+```bash
+printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
+coder-studio start
+```
+
+设置自定义目录时的最小配置：
 
 ```bash
 coder-studio config root set /srv/coder-studio/workspaces
 printf '%s' 'replace-this-passphrase' | coder-studio config password set --stdin
-coder-studio config auth public-mode on
+coder-studio start
 ```
 
 切换监听端口并重启：

packages/cli/src/lib/cli.mts

@@ -1,5 +1,7 @@
 // @ts-nocheck
 import fs from 'node:fs/promises';
+import path from 'node:path';
+import { emitKeypressEvents } from 'node:readline';
 import {
   generateCompletionScript,
   installCompletionScript,
@@ -41,6 +43,7 @@ import { readPackageVersion } from './state.mjs';
 const EXIT_SUCCESS = 0;
 const EXIT_FAILURE = 1;
 const EXIT_USAGE = 2;
+const RUNTIME_DB_FILENAME = 'coder-studio.db';
 
 class CliError extends Error {
   constructor(message, { exitCode = EXIT_FAILURE, helpTopic = null } = {}) {
@@ -575,6 +578,127 @@ async function readSecretFromStdin() {
   return Buffer.concat(chunks).toString('utf8').trimEnd();
 }
 
+async function pathExists(filePath) {
+  try {
+    await fs.access(filePath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function promptHiddenInput(label) {
+  if (!process.stdin.isTTY || !process.stdout.isTTY || typeof process.stdin.setRawMode !== 'function') {
+    throw new CliError('interactive password setup requires a TTY', { exitCode: EXIT_FAILURE });
+  }
+
+  const stdin = process.stdin;
+  const stdout = process.stdout;
+  const wasRaw = Boolean(stdin.isRaw);
+
+  emitKeypressEvents(stdin);
+  stdin.resume();
+  if (!wasRaw) {
+    stdin.setRawMode(true);
+  }
+
+  stdout.write(label);
+
+  return await new Promise((resolve, reject) => {
+    let value = '';
+
+    const cleanup = () => {
+      stdin.off('keypress', onKeypress);
+      if (!wasRaw) {
+        stdin.setRawMode(false);
+      }
+      stdout.write('\n');
+    };
+
+    const finish = (callback) => {
+      cleanup();
+      callback();
+    };
+
+    const onKeypress = (chunk, key = {}) => {
+      if (key.ctrl && (key.name === 'c' || key.name === 'd')) {
+        finish(() => reject(new CliError('initial password setup cancelled', { exitCode: EXIT_FAILURE })));
+        return;
+      }
+
+      if (key.name === 'return' || key.name === 'enter') {
+        finish(() => resolve(value));
+        return;
+      }
+
+      if (key.name === 'backspace' || key.name === 'delete') {
+        value = value.slice(0, -1);
+        return;
+      }
+
+      if (typeof chunk === 'string' && chunk.length > 0 && !key.ctrl && !key.meta) {
+        value += chunk;
+      }
+    };
+
+    stdin.on('keypress', onKeypress);
+  });
+}
+
+async function ensureInitialPasswordConfigured(context, flags) {
+  const status = await getStatus(context.options);
+  if (runtimeIsActive(status)) {
+    return context;
+  }
+
+  const needsPassword = context.config.values.auth.publicMode && !context.config.values.auth.passwordConfigured;
+  if (!needsPassword) {
+    return context;
+  }
+
+  const dbPath = path.join(context.config.paths.dataDir, RUNTIME_DB_FILENAME);
+  if (await pathExists(dbPath)) {
+    return context;
+  }
+
+  if (flags.json || !process.stdin.isTTY || !process.stdout.isTTY) {
+    throw new CliError(
+      'first launch requires configuring auth.password before start; run `coder-studio config password set --stdin` and retry',
+      { exitCode: EXIT_FAILURE },
+    );
+  }
+
+  console.log('First launch detected. Set an access password before starting Coder Studio.');
+
+  while (true) {
+    const password = await promptHiddenInput('New password: ');
+    if (!password.trim()) {
+      console.log('Password cannot be empty.');
+      continue;
+    }
+
+    const confirmation = await promptHiddenInput('Confirm password: ');
+    if (password !== confirmation) {
+      console.log('Passwords do not match. Try again.');
+      continue;
+    }
+
+    await updateLocalConfig(
+      { stateDir: context.config.paths.stateDir, dataDir: context.config.paths.dataDir },
+      { 'auth.password': password },
+    );
+
+    console.log('Password saved. Starting Coder Studio...');
+    return {
+      ...context,
+      config: await loadLocalConfig({
+        stateDir: context.config.paths.stateDir,
+        dataDir: context.config.paths.dataDir,
+      }),
+    };
+  }
+}
+
 async function applyConfigUpdate(context, key, rawValue, { unset = false } = {}) {
   const status = await getStatus(context.options);
   if (runtimeIsActive(status) && status.managed && isRuntimeConfigKey(key)) {
@@ -1049,10 +1173,12 @@ export async function runCli(argv = process.argv.slice(2)) {
       return await handleAuthCommand(positionals, flags, context);
     }
 
-    const context = await resolveCommandContext(flags);
-    const options = context.options;
+    let context = await resolveCommandContext(flags);
+    let options = context.options;
 
     if (command === 'start') {
+      context = await ensureInitialPasswordConfigured(context, flags);
+      options = context.options;
       const result = await startRuntime({
         ...options,
         foreground: Boolean(flags.foreground),
@@ -1084,6 +1210,8 @@ export async function runCli(argv = process.argv.slice(2)) {
     }
 
     if (command === 'restart') {
+      context = await ensureInitialPasswordConfigured(context, flags);
+      options = context.options;
       const result = await restartRuntime(options);
       if (flags.json) printJson(result);
       else {
@@ -1112,6 +1240,8 @@ export async function runCli(argv = process.argv.slice(2)) {
     }
 
     if (command === 'open') {
+      context = await ensureInitialPasswordConfigured(context, flags);
+      options = context.options;
       const result = await openRuntime(options);
       if (flags.json) printJson(result);
       else console.log(`opened: ${result.endpoint}`);