From 111e78940a489df7909debb7290dab881f6738d8 Mon Sep 17 00:00:00 2001
From: decolua <decoluadt@example.com>
Date: Tue, 28 Apr 2026 10:20:31 +0700
Subject: [PATCH] Refactor cloudflared process management to improve
 port-specific termination and enhance tunnel management. Update Antigravity
 cloaking comments for clarity.

---
 open-sse/translator/index.js    | 14 ++++++++------
 src/lib/tunnel/cloudflared.js   | 21 ++++++++++++++++-----
 src/lib/tunnel/tunnelManager.js | 11 ++++++-----
 3 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/open-sse/translator/index.js b/open-sse/translator/index.js
index a018dc59..8903f14e 100644
--- a/open-sse/translator/index.js
+++ b/open-sse/translator/index.js
@@ -140,12 +140,14 @@ export function translateRequest(sourceFormat, targetFormat, model, body, stream
     }
   }
 
-  // Antigravity cloaking/tool stripping is intentionally disabled for GitHub Copilot.
-  // Keep the translated request intact; final provider-specific sanitization happens
-  // in the Antigravity executor.
-  if (provider === FORMATS.ANTIGRAVITY && clientTool === "github-copilot") {
-    // No-op
-  }
+  // Antigravity cloaking disabled
+  // if (provider === FORMATS.ANTIGRAVITY && body.userAgent !== FORMATS.ANTIGRAVITY) {
+  //   const { cloakedBody, toolNameMap } = AntigravityExecutor.cloakTools(result);
+  //   result = cloakedBody;
+  //   if (toolNameMap?.size > 0) {
+  //     result._toolNameMap = toolNameMap;
+  //   }
+  // }
 
   return result;
 }
diff --git a/src/lib/tunnel/cloudflared.js b/src/lib/tunnel/cloudflared.js
index 882fadb4..5a808802 100644
--- a/src/lib/tunnel/cloudflared.js
+++ b/src/lib/tunnel/cloudflared.js
@@ -360,7 +360,21 @@ export async function spawnQuickTunnel(localPort, onUrlUpdate) {
   });
 }
 
-export function killCloudflared() {
+// Kill cloudflared processes whose command line targets the given port (any host).
+// Boundary check ensures :20128 doesn't match :201280 or :202128.
+function killCloudflaredByPort(port) {
+  if (!port) return;
+  try {
+    if (IS_WINDOWS) {
+      const psCmd = `Get-CimInstance Win32_Process -Filter \\"Name='cloudflared.exe'\\" | Where-Object { $_.CommandLine -match ':${port}(\\D|$)' } | ForEach-Object { Stop-Process -Id $_.ProcessId -Force }`;
+      execSync(`powershell -NoProfile -Command "${psCmd}"`, { stdio: "ignore", windowsHide: true });
+    } else {
+      execSync(`pkill -f "cloudflared.*:${port}([^0-9]|$)" 2>/dev/null || true`, { stdio: "ignore", windowsHide: true });
+    }
+  } catch (e) { /* ignore */ }
+}
+
+export function killCloudflared(localPort) {
   if (cloudflaredProcess) {
     try {
       cloudflaredProcess.kill();
@@ -376,10 +390,7 @@ export function killCloudflared() {
     clearPid();
   }
 
-  // Kill any remaining cloudflared processes
-  try {
-    execSync("pkill -f cloudflared 2>/dev/null || true", { stdio: "ignore", windowsHide: true });
-  } catch (e) { /* ignore */ }
+  killCloudflaredByPort(localPort);
 }
 
 export function isCloudflaredRunning() {
diff --git a/src/lib/tunnel/tunnelManager.js b/src/lib/tunnel/tunnelManager.js
index b107a72e..56d08e44 100644
--- a/src/lib/tunnel/tunnelManager.js
+++ b/src/lib/tunnel/tunnelManager.js
@@ -1,7 +1,7 @@
 import crypto from "crypto";
 import { loadState, saveState, generateShortId } from "./state.js";
 import { spawnQuickTunnel, killCloudflared, isCloudflaredRunning, setUnexpectedExitHandler } from "./cloudflared.js";
-import { startFunnel, stopFunnel, stopDaemon, isTailscaleRunning, isTailscaleLoggedIn, startLogin, startDaemonWithPassword } from "./tailscale.js";
+import { startFunnel, stopFunnel, isTailscaleRunning, isTailscaleLoggedIn, startLogin, startDaemonWithPassword } from "./tailscale.js";
 import { getSettings, updateSettings } from "@/lib/localDb";
 import { getCachedPassword, loadEncryptedPassword, initDbHooks } from "@/mitm/manager";
 
@@ -16,6 +16,7 @@ let isReconnecting = false;
 let exitHandlerRegistered = false;
 let reconnectTimeoutId = null;
 let manualDisabled = false;
+let activeLocalPort = null;
 
 export function isTunnelManuallyDisabled() {
   return manualDisabled;
@@ -47,6 +48,7 @@ async function registerTunnelUrl(shortId, tunnelUrl) {
 
 export async function enableTunnel(localPort = 20128) {
   manualDisabled = false;
+  activeLocalPort = localPort;
 
   if (isCloudflaredRunning()) {
     const existing = loadState();
@@ -56,7 +58,7 @@ export async function enableTunnel(localPort = 20128) {
     }
   }
 
-  killCloudflared();
+  killCloudflared(localPort);
 
   const machineId = getMachineId();
   const existing = loadState();
@@ -125,7 +127,7 @@ export async function disableTunnel() {
   setUnexpectedExitHandler(null);
   exitHandlerRegistered = false;
 
-  killCloudflared();
+  killCloudflared(activeLocalPort);
 
   const state = loadState();
   if (state) {
@@ -192,9 +194,8 @@ export async function enableTailscale(localPort = 20128) {
 }
 
 export async function disableTailscale() {
+  // Only reset funnel — keep tailscaled daemon running to avoid breaking other apps using Tailscale
   stopFunnel();
-  const sudoPass = getCachedPassword() || await loadEncryptedPassword() || "";
-  await stopDaemon(sudoPass);
   await updateSettings({ tailscaleEnabled: false, tailscaleUrl: "" });
   return { success: true };
 }