Migrate to XDG Base Directory Specification and add config file support (#398)

* Migrate from ~/.upterm to XDG Base Directory Specification (#371)

Replaces ~/.upterm with XDG-compliant directories for better cross-platform
support and automatic cleanup. Sockets now use XDG_RUNTIME_DIR (transient,
cleaned on logout/reboot) and logs use XDG_STATE_HOME (persistent across
sessions).

* Add config file support with XDG Base Directory Specification

Adds persistent configuration file support following XDG Base Directory
Specification. Config files are stored in XDG_CONFIG_HOME/upterm/config.yaml
and provide an alternative to command-line flags and environment variables.

Features:
- Configuration priority: flags > env vars > config file > defaults
- YAML format with comprehensive example template
- Three new commands:
  - `upterm config path`: Show config file location
  - `upterm config view`: View current config or example template
  - `upterm config edit`: Edit config in $VISUAL/$EDITOR with validation
- Auto-creates config directory and template on first edit
- Silent fail if config doesn't exist, warns on parse errors
- Follows CLI best practices for editor selection

Platform-specific config paths:
- Linux: ~/.config/upterm/config.yaml
- macOS: ~/Library/Application Support/upterm/config.yaml
- Windows: %LOCALAPPDATA%\upterm\config.yaml

All documentation and help text updated to reflect new configuration system.

* Standardize and improve CLI help text for consistency

Improves all command help text to follow CLI best practices and ensure
consistency across the entire CLI interface.

Changes:
- Break up long run-on sentences into clear, scannable paragraphs
- Standardize example format (remove inconsistent $ prefix usage)
- Improve short descriptions to be more descriptive
- Ensure all flag descriptions start with capital letter and end with period
- Restructure complex descriptions with numbered lists for clarity

Specific improvements:
- host: Restructured authentication explanation with numbered priority list
- session current: Split run-on sentence into clear paragraphs
- session: Enhanced short description from "Display session" to "Display and manage terminal sessions"
- upgrade: Removed inconsistent $ prefix from examples, added colons
- All flags: Standardized capitalization and punctuation

All documentation and man pages regenerated to reflect these improvements.

* Use generic XDG paths in generated documentation

Sets XDG environment variables to generic Linux paths during doc generation
to avoid hardcoding developer's machine-specific paths in committed docs.

Changes:
- Updated Makefile 'docs' target to set XDG env vars before running gendoc
- Added comment in gendoc explaining XDG env var requirement
- Regenerated all docs with generic paths:
  - Log file: /home/user/.local/state/upterm/upterm.log
  - Config file: /home/user/.config/upterm/config.yaml
  - Runtime dir: /run/user/1000/upterm

When users run the CLI, they still see their actual platform-specific paths.

* Set config file permissions to 0600 for security

Changes config file permissions from 0644 (world-readable) to 0600 (owner-only)
to protect security-sensitive information.

Security rationale:
- Config file may contain paths to private keys
- Config file may contain paths to authorized_keys
- Config file contains security settings (accept, read-only, hide-client-ip)
- Follows industry standard for config files (Docker, Kubernetes, SSH all use 0600)

The config file doesn't store actual secrets, but it contains security-sensitive
configuration that should not be world-readable.

Author: optimalone

Makefile

@@ -16,7 +16,7 @@ generate: proto
 docs:
 	rm -rf docs && mkdir docs
 	rm -rf etc && mkdir -p etc/man/man1 && mkdir -p etc/completion
-	go run cmd/gendoc/main.go
+	XDG_STATE_HOME=/home/user/.local/state XDG_CONFIG_HOME=/home/user/.config XDG_RUNTIME_DIR=/run/user/1000 go run cmd/gendoc/main.go
 
 .PHONY: proto
 proto:

cmd/gendoc/main.go

@@ -15,6 +15,9 @@ func main() {
 		_ = logger.Close()
 	}()
 
+	// Note: XDG environment variables should be set externally before running this command
+	// to generate docs with generic paths instead of machine-specific paths.
+	// See Makefile 'docs' target for proper environment variable setup.
 	rootCmd := command.Root()
 
 	if err := doc.GenMarkdownTree(rootCmd, "./docs"); err != nil {

cmd/upterm/command/config.go

@@ -0,0 +1,250 @@
+package command
+
+import (
+	"fmt"
+	"os"
+	"os/exec"
+	"runtime"
+
+	"github.com/owenthereal/upterm/utils"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+)
+
+func configCmd() *cobra.Command {
+	configPath := utils.UptermConfigFilePath()
+	cmd := &cobra.Command{
+		Use:   "config",
+		Short: "Manage upterm configuration",
+		Long: fmt.Sprintf(`Manage upterm configuration file.
+
+Config file: %s
+
+This follows the XDG Base Directory Specification.
+
+Configuration priority (highest to lowest):
+  1. Command-line flags
+  2. Environment variables (UPTERM_ prefix)
+  3. Config file
+  4. Default values`, configPath),
+	}
+
+	cmd.AddCommand(configPathCmd())
+	cmd.AddCommand(configViewCmd())
+	cmd.AddCommand(configEditCmd())
+
+	return cmd
+}
+
+func configPathCmd() *cobra.Command {
+	configPath := utils.UptermConfigFilePath()
+	cmd := &cobra.Command{
+		Use:   "path",
+		Short: "Show the path to the config file",
+		Long: fmt.Sprintf(`Show the path to the config file.
+
+Config file: %s
+
+The config file is optional and created manually by users.`, configPath),
+		Example: `  # Show config file path:
+  upterm config path
+
+  # Create config file directory:
+  mkdir -p "$(dirname "$(upterm config path)")"`,
+		RunE: configPathRunE,
+	}
+
+	return cmd
+}
+
+func configViewCmd() *cobra.Command {
+	configPath := utils.UptermConfigFilePath()
+	cmd := &cobra.Command{
+		Use:   "view",
+		Short: "View the config file contents",
+		Long: fmt.Sprintf(`View the config file contents.
+
+Config file: %s
+
+If the config file exists, this command displays its contents. If it doesn't
+exist, this command shows an example config file that you can use as a template.`, configPath),
+		Example: `  # View current config:
+  upterm config view
+
+  # View and save as new config:
+  upterm config view > "$(upterm config path)"`,
+		RunE: configViewRunE,
+	}
+
+	return cmd
+}
+
+func configEditCmd() *cobra.Command {
+	configPath := utils.UptermConfigFilePath()
+	cmd := &cobra.Command{
+		Use:   "edit",
+		Short: "Edit the config file",
+		Long: fmt.Sprintf(`Edit the config file in your default editor.
+
+Config file: %s
+
+This command opens the config file in your editor (determined by $VISUAL, $EDITOR,
+or a sensible default). If the config file doesn't exist, it creates a template
+with example settings and comments.
+
+The config directory is created automatically if it doesn't exist.`, configPath),
+		Example: `  # Edit config file:
+  upterm config edit
+
+  # Use a specific editor:
+  EDITOR=nano upterm config edit`,
+		RunE: configEditRunE,
+	}
+
+	return cmd
+}
+
+func configPathRunE(c *cobra.Command, args []string) error {
+	configPath := utils.UptermConfigFilePath()
+	fmt.Println(configPath)
+	return nil
+}
+
+func configViewRunE(c *cobra.Command, args []string) error {
+	configPath := utils.UptermConfigFilePath()
+
+	// Check if file exists
+	if _, err := os.Stat(configPath); os.IsNotExist(err) {
+		// Show example config
+		fmt.Println("# Config file does not exist. Example config:")
+		fmt.Println()
+		fmt.Print(exampleConfig())
+		return nil
+	}
+
+	// Read and display file
+	content, err := os.ReadFile(configPath)
+	if err != nil {
+		return fmt.Errorf("failed to read config file: %w", err)
+	}
+
+	fmt.Print(string(content))
+	return nil
+}
+
+func configEditRunE(c *cobra.Command, args []string) error {
+	configPath := utils.UptermConfigFilePath()
+	configDir := utils.UptermConfigDir()
+
+	// Create config directory if it doesn't exist
+	if err := os.MkdirAll(configDir, 0755); err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
+	}
+
+	// Create example config if file doesn't exist
+	if _, err := os.Stat(configPath); os.IsNotExist(err) {
+		if err := os.WriteFile(configPath, []byte(exampleConfig()), 0600); err != nil {
+			return fmt.Errorf("failed to create config file: %w", err)
+		}
+	}
+
+	// Determine editor to use
+	editor := getEditor()
+
+	// Open editor
+	cmd := exec.Command(editor, configPath)
+	cmd.Stdin = os.Stdin
+	cmd.Stdout = os.Stdout
+	cmd.Stderr = os.Stderr
+
+	if err := cmd.Run(); err != nil {
+		return fmt.Errorf("failed to open editor: %w", err)
+	}
+
+	// Validate config after editing
+	if err := validateConfig(configPath); err != nil {
+		fmt.Fprintf(os.Stderr, "Warning: config file has syntax errors: %v\n", err)
+		fmt.Fprintf(os.Stderr, "Edit again with 'upterm config edit' or view with 'upterm config view'.\n")
+	}
+
+	return nil
+}
+
+// getEditor returns the editor to use, checking $VISUAL, $EDITOR, then defaults.
+func getEditor() string {
+	// Check $VISUAL first (for full-screen editors)
+	if editor := os.Getenv("VISUAL"); editor != "" {
+		return editor
+	}
+
+	// Check $EDITOR (for line editors)
+	if editor := os.Getenv("EDITOR"); editor != "" {
+		return editor
+	}
+
+	// Platform-specific defaults
+	switch runtime.GOOS {
+	case "windows":
+		return "notepad"
+	default:
+		// Unix-like systems: prefer nano for better UX, fall back to vi
+		if _, err := exec.LookPath("nano"); err == nil {
+			return "nano"
+		}
+		return "vi"
+	}
+}
+
+// validateConfig validates the config file by attempting to parse it.
+func validateConfig(path string) error {
+	v := viper.New()
+	v.SetConfigFile(path)
+	return v.ReadInConfig()
+}
+
+// exampleConfig returns an example config file with comments.
+func exampleConfig() string {
+	return `# Upterm Configuration File
+#
+# This file follows the XDG Base Directory Specification.
+# Settings here are overridden by environment variables (UPTERM_*) and command-line flags.
+#
+# Configuration priority (highest to lowest):
+#   1. Command-line flags
+#   2. Environment variables (UPTERM_* prefix)
+#   3. This config file
+#   4. Default values
+
+# Debug logging (default: false)
+# When enabled, writes debug-level logs to the log file.
+# debug: true
+
+# Default server address for hosting sessions (default: ssh://uptermd.upterm.dev:22)
+# Supported protocols: ssh, ws, wss
+# server: ssh://uptermd.upterm.dev:22
+
+# Force a specific command for clients (default: none)
+# When set, clients cannot run arbitrary commands.
+# Use YAML array syntax: ["command", "arg1", "arg2"]
+# force-command: ["/bin/bash", "-l"]
+
+# Path to authorized_keys file for client authentication (default: none)
+# authorized-keys: /path/to/authorized_keys
+
+# Paths to private key files (default: generates ephemeral key)
+# private-key:
+#   - /path/to/private/key1
+#   - /path/to/private/key2
+
+# Read-only mode (default: false)
+# When enabled, clients can view but not interact with the session.
+# read-only: false
+
+# Auto-accept clients without confirmation (default: false)
+# WARNING: Only use this in trusted environments.
+# accept: false
+
+# Hide client IP addresses from logs and display (default: false)
+# hide-client-ip: false
+`
+}

cmd/upterm/command/host.go

@@ -54,11 +54,16 @@ func hostCmd() *cobra.Command {
 	cmd := &cobra.Command{
 		Use:   "host",
 		Short: "Host a terminal session",
-		Long: `Host a terminal session via a reverse SSH tunnel to the Upterm server, linking the IO of the host
-and client to a command's IO. Authentication against the Upterm server defaults to using private key files located
-at ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519, and ~/.ssh/id_rsa. If no private key file is found, it resorts
-to reading private keys from the SSH Agent. Absence of private keys in files or SSH Agent generates an on-the-fly
-private key. To authorize client connections, specify a authorized_key file with public keys using --authorized-keys.`,
+		Long: `Host a terminal session via a reverse SSH tunnel to the Upterm server.
+
+The session links the host and client IO to a command's IO. Authentication with the
+Upterm server uses private keys in this order:
+  1. Private key files: ~/.ssh/id_dsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ed25519, ~/.ssh/id_rsa
+  2. SSH Agent keys
+  3. Auto-generated ephemeral key (if no keys found)
+
+To authorize client connections, use --authorized-keys to specify an authorized_keys file
+containing client public keys.`,
 		Example: `  # Host a terminal session running $SHELL, attaching client's IO to the host's:
   upterm host
 
@@ -97,7 +102,7 @@ private key. To authorize client connections, specify a authorized_key file with
 	cmd.PersistentFlags().StringSliceVar(&flagSourceHutUsers, "srht-user", nil, "Authorize specified SourceHut users by allowing their public keys to connect.")
 	cmd.PersistentFlags().BoolVar(&flagAccept, "accept", false, "Automatically accept client connections without prompts.")
 	cmd.PersistentFlags().BoolVarP(&flagReadOnly, "read-only", "r", false, "Host a read-only session, preventing client interaction.")
-	cmd.PersistentFlags().BoolVar(&flagHideClientIP, "hide-client-ip", false, "Hide client IP addresses from output (auto-enabled in CI environments)")
+	cmd.PersistentFlags().BoolVar(&flagHideClientIP, "hide-client-ip", false, "Hide client IP addresses from output (auto-enabled in CI environments).")
 
 	return cmd
 }