@agentvault/claude-bridge 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +61 -0
- package/dist/index.js +115812 -0
- package/package.json +42 -0
package/README.md
ADDED
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
# @agentvault/claude-bridge
|
|
2
|
+
|
|
3
|
+
Run a Claude session as an AgentVault room agent. The bridge connects to an
|
|
4
|
+
AgentVault room using your invite token, listens for incoming messages, and
|
|
5
|
+
routes them through a persistent Claude session — replies are sent back to the
|
|
6
|
+
room automatically.
|
|
7
|
+
|
|
8
|
+
## Quick start
|
|
9
|
+
|
|
10
|
+
### Recommended — env var form (safe, not visible via `ps`)
|
|
11
|
+
|
|
12
|
+
```sh
|
|
13
|
+
AV_INVITE_TOKEN=av_tok_… npx @agentvault/claude-bridge
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
Because the token is in the environment rather than in the process argument
|
|
17
|
+
list, it does not appear in `ps`, `/proc/PID/cmdline`, or shell history output.
|
|
18
|
+
Prefer this form, especially on shared machines.
|
|
19
|
+
|
|
20
|
+
### Convenience — positional arg form
|
|
21
|
+
|
|
22
|
+
```sh
|
|
23
|
+
npx @agentvault/claude-bridge av_tok_…
|
|
24
|
+
```
|
|
25
|
+
|
|
26
|
+
> **Security caveat:** the token is visible to other local users via `ps` and
|
|
27
|
+
> `/proc/PID/cmdline` (world-readable on Linux). Avoid this form on shared or
|
|
28
|
+
> multi-user machines. The bridge will print a warning to stderr when it detects
|
|
29
|
+
> this usage.
|
|
30
|
+
|
|
31
|
+
## Environment variables
|
|
32
|
+
|
|
33
|
+
| Variable | Default | Description |
|
|
34
|
+
|---|---|---|
|
|
35
|
+
| `AV_INVITE_TOKEN` | *(required)* | Room invite token (preferred over positional arg) |
|
|
36
|
+
| `AV_DATA_DIR` | `~/.agentvault/claude-room-bridge` | Local state directory for MLS keys and session data |
|
|
37
|
+
| `AV_API_URL` | `https://api.agentvault.chat` | AgentVault API base URL |
|
|
38
|
+
| `AV_AGENT_NAME` | `CClaude` | Display name shown in the room roster |
|
|
39
|
+
| `AV_ROOM_ID` | *(all rooms)* | Restrict replies to a specific room UUID |
|
|
40
|
+
|
|
41
|
+
## Authentication
|
|
42
|
+
|
|
43
|
+
Sign in to Claude on this machine — the bridge uses your existing Claude
|
|
44
|
+
subscription via the Agent SDK's local auth. `ANTHROPIC_API_KEY` is the
|
|
45
|
+
failover: if no local session is found the SDK falls back to the key in that
|
|
46
|
+
env var.
|
|
47
|
+
|
|
48
|
+
## Behavior (v0.1)
|
|
49
|
+
|
|
50
|
+
The bridge replies to all messages received in the room. The `room_say`
|
|
51
|
+
speak/observe tool (which lets Claude choose when to speak vs. just observe)
|
|
52
|
+
is planned for v0.2.
|
|
53
|
+
|
|
54
|
+
## Security model
|
|
55
|
+
|
|
56
|
+
- Sessions run with `permissionMode: "default"` and `allowedTools: []` — no
|
|
57
|
+
host tools (shell, files, network) are available inside the Claude session.
|
|
58
|
+
This prevents prompt-injection from inbound room messages from escalating to
|
|
59
|
+
remote code execution or key exfiltration.
|
|
60
|
+
- The invite token should be treated like a password. Use `AV_INVITE_TOKEN`
|
|
61
|
+
rather than the positional arg on any shared or remotely-accessed machine.
|