haoleme 0.3.2

Run commands with Haoleme monitoring and expose their status to the mobile app.

好了么

好了么 is a command monitor for Linux/macOS machines with Android and iOS apps.

The project has three parts:

• haoleme: a Python package that installs the hao command. Put hao before a command to record its status, output tail, exit code, and timestamps.
• android/: a native Android app for pairing, device switching, run history, console output, deletion, and finish notifications.
• ios/: a native SwiftUI iOS app that uses the same 好了么 Cloud account, devices, runs, pairing, and console APIs.

Python monitor

Install the local package in a virtual environment:

python3 -m venv .venv
.venv/bin/python -m pip install -e .

Or install the built wheel:

.venv/bin/python -m pip install dist/haoleme-0.1.0-py3-none-any.whl

Start the status server on the Linux machine:

hao server --host 0.0.0.0 --port 8765 --token change-this-token

Run commands through 好了么:

hao sleep 5
hao run -- bash -lc 'echo hello && sleep 2 && echo done'
hao status

The command name is intentionally short: hao.

Cloud sync

The recommended setup is cloud sync. The Linux machine does not need a public IP, ngrok, or port forwarding. The command runner uploads status to 好了么 Cloud, and the Android app reads the same account from the cloud API.

The default cloud relay is:

http://106.14.246.204

After deploying the Docker cloud server on Aliyun or the Cloudflare Worker in cloudflare/, log in once on each new machine:

pip install -U haoleme
hao login

The command prints a QR code and a 6-digit pair code. The cloud URL is built in and hidden from the normal UI. Pair codes expire after 5 minutes and are cancelled automatically when hao login exits without pairing. If the machine is already logged in, hao login asks before replacing the login. Press Enter to continue, or type n to cancel.

847291

Tap Scan in the Android app to scan the QR code with the built-in camera scanner, or scan it with the phone camera to open 好了么 and pair automatically. If QR scanning is unavailable, enter the 6-digit code; the app pairs automatically when all 6 digits are entered. After pairing, the app saves the cloud account, shows the paired device name, and normal commands sync automatically:

hao run -- python train.py
hao run -- sh -c 'for i in $(seq 1 10); do echo tick $i; sleep 1; done'

New pairings use end-to-end encryption for command text, working directory, and console output. 好了么 Cloud keeps the encrypted payload plus operational metadata such as device id, status, and timestamps, so filtering and online state still work while the sensitive run details are decrypted only in the app.

Each computer that runs hao login is bound as a device on the same phone account. Use names such as 我的 Mac, 服务器 A, or 实验机 B:

hao login --device "服务器 A"

The Android app shows an All device view plus one button for each paired computer, so you can switch between all runs and a single machine. Select one device and tap Rename, or long-press a device button, to rename it. Tap Revoke to disable that device's upload token without deleting old history.

Useful cloud commands:

hao heartbeat status
hao heartbeat start
hao heartbeat stop
hao cloud-status
hao cloud-logout

After login, hao starts a small background heartbeat automatically. The cloud marks a device online when it has been seen in the last 90 seconds; each device sends a heartbeat every 60 seconds with a device-specific 0-59 second startup offset to avoid synchronized traffic spikes.

Advanced/manual login is still available:

hao cloud-login --api-url https://your-haoleme-cloud.workers.dev --account ethan --token <TOKEN>

Cloud sync uses the app's account token as the account key. Anyone with that token can delete that account's run history and read unencrypted legacy records, so treat it like a password.

Deploy 好了么 Cloud with Docker

The Docker cloud server exposes the same API as the Cloudflare Worker and stores data in SQLite:

docker build -f Dockerfile.cloud -t haoleme-cloud .
docker run -d --name haoleme-cloud --restart unless-stopped \
  -p 80:8000 \
  -v /opt/haoleme-cloud-data:/data \
  haoleme-cloud

Check it:

curl http://106.14.246.204/health
docker inspect --format='{{json .State.Health}}' haoleme-cloud

For production, put a domain and HTTPS reverse proxy in front of it. Plain HTTP works for quick testing because the Android app allows cleartext traffic, but HTTPS is safer. Templates for systemd, daily backups, and Caddy HTTPS live in deploy/.

Useful operations:

haoleme-cloud health --db /opt/haoleme-cloud-data/haoleme-cloud.db
haoleme-cloud audit-permissions --db /opt/haoleme-cloud-data/haoleme-cloud.db
haoleme-cloud backup --db /opt/haoleme-cloud-data/haoleme-cloud.db --dir /opt/haoleme-cloud-data/backups --keep 30

/health reports database status, disk free space, version, and pairing policy. Cloud access logs are structured JSON; set HAOLEME_CLOUD_LOG=/path/to/cloud.log to write them to a file.

Production checklist

• Use a domain with HTTPS. deploy/Caddyfile.example reverse proxies HTTPS traffic to 127.0.0.1:8000.
• Enable daily SQLite backups with deploy/haoleme-cloud-backup.timer.
• Run haoleme-cloud audit-permissions after upgrades to verify account-scoped tables and write-scoped device tokens.
• Watch haoleme-cloud health from your server monitor.
• On client machines, use hao doctor, hao heartbeat status, and hao sync when debugging cloud sync.

Deploy 好了么 Cloud with Cloudflare Worker

The included Cloudflare Worker is a small relay service. It stores only command metadata and output tails in Cloudflare KV. The Python runner also keeps a local SQLite database at ~/.haoleme/haoleme.db, and the Android app caches the latest run list and console output locally so the previous results are visible when the app opens. Existing installs that already have ~/.reminder/reminder.db keep using it automatically so upgrades do not lose history.

cd cloudflare
npm create cloudflare@latest
npx wrangler kv namespace create RUNS

Copy the returned KV namespace id into cloudflare/wrangler.toml, then deploy:

npx wrangler deploy

Cloudflare Workers can run this kind of small personal relay on the free plan within their free usage limits. For many users, long logs, or heavy polling, use a paid plan or a small VPS.

The server exposes:

• GET /health
• GET /api/runs?limit=50
• GET /api/runs/{id}
• GET /api/events?since=<updatedAt>

By default the SQLite database lives at ~/.haoleme/haoleme.db. Set HAOLEME_HOME=/path/to/dir to change that location. REMINDER_HOME is still accepted for old deployments.

Direct public access

Direct public access is still supported for testing and compatibility. If you do not want cloud sync and do not have a public IP, use a Cloudflare quick tunnel:

hao public

This starts the local server and runs cloudflared tunnel --url http://127.0.0.1:8765. It prints a public https://*.trycloudflare.com URL and a token. Newer Android builds default to the built-in cloud pairing flow, so direct server entry is kept only for development and compatibility:

Server: https://example.trycloudflare.com
Token:  generated-token

If cloudflared is missing, install it first:

brew install cloudflared

Cloudflare quick tunnel URLs are random. If you need the same URL every time and do not own a domain, use ngrok's free Dev Domain:

brew install ngrok/ngrok/ngrok
ngrok config add-authtoken <YOUR_NGROK_AUTHTOKEN>
hao ngrok --domain <YOUR_DEV_DOMAIN>.ngrok-free.dev

Older Android builds with manual server entry can use:

Server: https://<YOUR_DEV_DOMAIN>.ngrok-free.dev
Token:  generated-token

If the Android app needs to connect to a server that already has a public IP or a public domain:

hao server --host 0.0.0.0 --port 8765 --token a-long-random-token

Then open TCP port 8765 in the cloud security group or firewall.

In the Android app:

Server: http://<public-ip>:8765
Token:  a-long-random-token

For real public use, prefer HTTPS through a reverse proxy or tunnel. Plain http://<public-ip>:8765 works for testing, but the token can be observed on an untrusted network.

Android app

Open the android/ directory in Android Studio.

Build a local APK with:

cd android
ANDROID_HOME=$HOME/Library/Android/sdk ANDROID_SDK_ROOT=$HOME/Library/Android/sdk gradle assembleRelease

For public releases, keep the Android signing key stable. An APK signed with a different key cannot be installed as an update over the existing app and may show a package conflict. The release build first reads signing settings from environment variables:

export HAOLEME_ANDROID_KEYSTORE=/absolute/path/to/haoleme-release.jks
export HAOLEME_ANDROID_KEYSTORE_PASSWORD=...
export HAOLEME_ANDROID_KEY_ALIAS=...
export HAOLEME_ANDROID_KEY_PASSWORD=...

If those variables are not set, the build uses the local compatibility keystore at android/app/build/manual/debug.keystore when present so development builds remain install-compatible with the current sideloaded APK. If that file is also missing, Gradle falls back to the normal Android debug key for local testing only.

For an emulator, the default server URL is:

http://10.0.2.2:8765

For a physical phone, start the server with --host 0.0.0.0, put the phone on the same network, then set the app server URL to:

http://<linux-machine-ip>:8765

If the server was started with --token, enter the same token in the app's Token field.

Tap Save to lock the Server and Token fields. Tap Unlock before editing them again.

Tap Delete on a run in the history list to delete it from the server.

Tap a run, or tap Console, to open the run's terminal output. Use Back to return to the main list.

App updates

Sideloaded APKs cannot discover updates by themselves unless the app can read a public version file. GitHub is not required. For mainland China, prefer a mirror such as Gitee, Aliyun OSS, Tencent COS, Qiniu, or Upyun, and keep GitHub as a fallback.

This app defaults to checking these sources in order:

http://106.14.246.204/downloads/update.json
https://gitee.com/hushuguo/reminder/raw/main/update.json
https://raw.githubusercontent.com/hushuguo/Haoleme/main/update.json

Create a public JSON file like update.json:

{
  "android": {
    "versionCode": 34,
    "versionName": "0.6.63",
    "apkUrl": "http://106.14.246.204/downloads/Haoleme-0.6.63.apk",
    "apkUrls": [
      "http://106.14.246.204/downloads/Haoleme-0.6.63.apk"
    ],
    "notes": "Donation QR saving now shows a visible confirmation, and public app links/docs use Haoleme branding."
  }
}

The update URLs are built into the app and are not shown to users. On startup, the app checks for updates in the background. If versionCode is higher than the installed APK, the app shows an update label with the new version in the top-right corner. Tap it to download the APK in-app with progress shown in the status area. If download or installation fails, the installed version is left untouched.

This prototype polls every 5 seconds while the app process is alive. A later version should move polling into a foreground service or push channel if you want reliable notifications while the app is fully backgrounded.