@atercates/claude-deck 0.2.1 → 0.2.3

package/README.md

@@ -30,13 +30,13 @@ claude-deck start
 For fresh installs without Node.js:
 
 ```bash
-curl -fsSL https://raw.githubusercontent.com/atercates/claude-deck/main/scripts/install.sh | bash
+curl -fsSL https://raw.githubusercontent.com/ATERCATES/claude-deck/main/scripts/install.sh | bash
 claude-deck start
 ```
 
 ### Desktop App
 
-Download native desktop apps from [Releases](https://github.com/atercates/claude-deck/releases):
+Download native desktop apps from [Releases](https://github.com/ATERCATES/claude-deck/releases):
 
 - macOS (Apple Silicon): `.dmg`
 - Linux: `.deb` or `.AppImage`
@@ -48,7 +48,7 @@ Download native desktop apps from [Releases](https://github.com/atercates/claude
 ### Manual Install
 
 ```bash
-git clone https://github.com/atercates/claude-deck
+git clone https://github.com/ATERCATES/claude-deck
 cd claude-deck
 npm install
 npm run dev  # http://localhost:3011
@@ -61,20 +61,6 @@ npm run dev  # http://localhost:3011
 - [ripgrep](https://github.com/BurntSushi/ripgrep) (for code search - auto-installed by installer script, or run `claude-deck update`)
 - At least one AI CLI: [Claude Code](https://github.com/anthropics/claude-code), [Codex](https://github.com/openai/codex), [OpenCode](https://github.com/anomalyco/opencode), [Gemini CLI](https://github.com/google-gemini/gemini-cli), [Aider](https://aider.chat/), or [Cursor CLI](https://cursor.com/cli)
 
-## Supported Agents
-
-| Agent       | Resume | Fork | Auto-Approve                     |
-| ----------- | ------ | ---- | -------------------------------- |
-| Claude Code | ✅     | ✅   | `--dangerously-skip-permissions` |
-| Codex       | ❌     | ❌   | `--approval-mode full-auto`      |
-| OpenCode    | ❌     | ❌   | Config file                      |
-| Gemini CLI  | ❌     | ❌   | `--yolomode`                     |
-| Aider       | ❌     | ❌   | `--yes`                          |
-| Cursor CLI  | ❌     | ❌   | N/A                              |
-| Amp         | ❌     | ❌   | `--dangerously-allow-all`        |
-| Pi          | ❌     | ❌   | N/A                              |
-| Oh My Pi    | ❌     | ❌   | N/A                              |
-
 ## Features
 
 - **Mobile-first** - Full functionality from your phone, not a dumbed-down responsive view
@@ -113,7 +99,7 @@ For configuration and advanced usage, see the [docs](https://www.runagentos.com/
 
 ## Related Projects
 
-- **[aTerm](https://github.com/atercates/aTerm)** - A Tauri-based desktop terminal workspace for AI-assisted coding. While ClaudeDeck is a mobile-first web UI, aTerm is a native desktop app with multi-pane layouts optimized for running AI coding agents (Claude Code, Aider, OpenCode) alongside shells, dev servers, and a built-in git panel. Choose ClaudeDeck for mobile access and browser-based workflows, or aTerm for a native desktop terminal experience.
+- **[aTerm](https://github.com/ATERCATES/aTerm)** - A Tauri-based desktop terminal workspace for AI-assisted coding. While ClaudeDeck is a mobile-first web UI, aTerm is a native desktop app with multi-pane layouts optimized for running AI coding agents (Claude Code, Aider, OpenCode) alongside shells, dev servers, and a built-in git panel. Choose ClaudeDeck for mobile access and browser-based workflows, or aTerm for a native desktop terminal experience.
 - **[LumifyHub](https://lumifyhub.io)** - Team collaboration platform with real-time chat and structured documentation. Useful alongside ClaudeDeck for coordinating multi-agent work across a team — share session context, document architectural decisions from coding sessions, and track progress across parallel agent workflows.
 
 ## License

package/app/api/auth/login/route.ts

@@ -0,0 +1,57 @@
+import { NextRequest, NextResponse } from "next/server";
+import { queries } from "@/lib/db";
+import {
+  verifyPassword,
+  verifyTotpCode,
+  createSession,
+  buildSessionCookie,
+  checkRateLimit,
+} from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  const ip =
+    request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+    request.headers.get("x-real-ip") ||
+    "unknown";
+
+  const rateCheck = checkRateLimit(ip);
+  if (!rateCheck.allowed) {
+    return NextResponse.json(
+      { error: "Too many login attempts. Try again later." },
+      {
+        status: 429,
+        headers: { "Retry-After": String(rateCheck.retryAfterSeconds) },
+      }
+    );
+  }
+
+  const body = await request.json();
+  const { username, password, totpCode } = body;
+
+  const INVALID = NextResponse.json(
+    { error: "Invalid credentials" },
+    { status: 401 }
+  );
+
+  if (!username || !password) return INVALID;
+
+  const user = queries.getUserByUsername(username);
+  if (!user) return INVALID;
+
+  const validPassword = await verifyPassword(password, user.password_hash);
+  if (!validPassword) return INVALID;
+
+  if (user.totp_secret) {
+    if (!totpCode) {
+      return NextResponse.json({ requiresTotp: true });
+    }
+    if (!verifyTotpCode(user.totp_secret, totpCode)) {
+      return INVALID;
+    }
+  }
+
+  const { token } = createSession(user.id);
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildSessionCookie(token));
+  return response;
+}

package/app/api/auth/logout/route.ts

@@ -0,0 +1,13 @@
+import { NextRequest, NextResponse } from "next/server";
+import { deleteSession, buildClearCookie, COOKIE_NAME } from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  const token = request.cookies.get(COOKIE_NAME)?.value;
+  if (token) {
+    deleteSession(token);
+  }
+
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildClearCookie());
+  return response;
+}

package/app/api/auth/session/route.ts

@@ -0,0 +1,29 @@
+import { NextRequest, NextResponse } from "next/server";
+import {
+  validateSession,
+  renewSession,
+  COOKIE_NAME,
+  hasUsers,
+} from "@/lib/auth";
+
+export async function GET(request: NextRequest) {
+  if (!hasUsers()) {
+    return NextResponse.json({ authenticated: false, needsSetup: true });
+  }
+
+  const token = request.cookies.get(COOKIE_NAME)?.value;
+  if (!token) {
+    return NextResponse.json({ authenticated: false }, { status: 401 });
+  }
+
+  const user = validateSession(token);
+  if (!user) {
+    return NextResponse.json({ authenticated: false }, { status: 401 });
+  }
+
+  renewSession(token);
+  return NextResponse.json({
+    authenticated: true,
+    username: user.username,
+  });
+}

package/app/api/auth/setup/route.ts

@@ -0,0 +1,67 @@
+import { NextRequest, NextResponse } from "next/server";
+import { randomBytes } from "crypto";
+import { queries } from "@/lib/db";
+import {
+  hashPassword,
+  verifyTotpCode,
+  createSession,
+  buildSessionCookie,
+  hasUsers,
+} from "@/lib/auth";
+
+export async function POST(request: NextRequest) {
+  if (hasUsers()) {
+    return NextResponse.json(
+      { error: "Setup already completed" },
+      { status: 403 }
+    );
+  }
+
+  const body = await request.json();
+  const { username, password, totpSecret, totpCode } = body;
+
+  if (
+    !username ||
+    typeof username !== "string" ||
+    username.length < 3 ||
+    username.length > 32 ||
+    !/^[a-zA-Z0-9_]+$/.test(username)
+  ) {
+    return NextResponse.json(
+      {
+        error:
+          "Username must be 3-32 characters, alphanumeric and underscore only",
+      },
+      { status: 400 }
+    );
+  }
+
+  if (!password || typeof password !== "string" || password.length < 8) {
+    return NextResponse.json(
+      { error: "Password must be at least 8 characters" },
+      { status: 400 }
+    );
+  }
+
+  if (totpSecret) {
+    if (!totpCode || !verifyTotpCode(totpSecret, totpCode)) {
+      return NextResponse.json(
+        {
+          error:
+            "Invalid TOTP code. Scan the QR code again and enter the current code.",
+        },
+        { status: 400 }
+      );
+    }
+  }
+
+  const id = randomBytes(16).toString("hex");
+  const passwordHash = await hashPassword(password);
+
+  queries.createUser(id, username, passwordHash, totpSecret || null);
+
+  const { token } = createSession(id);
+  const response = NextResponse.json({ ok: true });
+  response.headers.set("Set-Cookie", buildSessionCookie(token));
+  return response;
+}

package/app/api/projects/[id]/dev-servers/[dsId]/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { updateProjectDevServer, deleteProjectDevServer } from "@/lib/projects";
-import { queries, type ProjectDevServer } from "@/lib/db";
+import { queries } from "@/lib/db";
 
 interface RouteParams {
   params: Promise<{ id: string; dsId: string }>;

package/app/api/projects/[id]/repositories/[repoId]/route.ts

@@ -3,7 +3,7 @@ import {
   updateProjectRepository,
   deleteProjectRepository,
 } from "@/lib/projects";
-import { queries, type ProjectRepository } from "@/lib/db";
+import { queries } from "@/lib/db";
 
 interface RouteParams {
   params: Promise<{ id: string; repoId: string }>;

package/app/api/sessions/[id]/fork/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { randomUUID } from "crypto";
-import { queries, type Session } from "@/lib/db";
+import { queries } from "@/lib/db";
 
 interface RouteParams {
   params: Promise<{ id: string }>;

package/app/api/sessions/[id]/pr/route.ts

@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { exec } from "child_process";
 import { promisify } from "util";
-import { queries, type Session } from "@/lib/db";
+import { queries } from "@/lib/db";
 
 const execAsync = promisify(exec);
 

package/app/api/sessions/[id]/preview/route.ts

@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { exec } from "child_process";
 import { promisify } from "util";
-import { queries, type Session } from "@/lib/db";
+import { queries } from "@/lib/db";
 
 const execAsync = promisify(exec);
 

package/app/api/sessions/[id]/route.ts

@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { exec } from "child_process";
 import { promisify } from "util";
-import { queries, type Session } from "@/lib/db";
+import { queries } from "@/lib/db";
 import { deleteWorktree, isClaudeDeckWorktree } from "@/lib/worktrees";
 import { releasePort } from "@/lib/ports";
 import { killWorker } from "@/lib/orchestration";
@@ -81,7 +81,10 @@ export async function PATCH(request: NextRequest, { params }: RouteParams) {
       }
 
       // If this is a worktree session, also rename the git branch
-      if (existing.worktree_path && isClaudeDeckWorktree(existing.worktree_path)) {
+      if (
+        existing.worktree_path &&
+        isClaudeDeckWorktree(existing.worktree_path)
+      ) {
         try {
           const currentBranch = await getCurrentBranch(existing.worktree_path);
           const newBranchName = generateBranchName(body.name);
@@ -174,7 +177,10 @@ export async function DELETE(request: NextRequest, { params }: RouteParams) {
     await queries.deleteSession(id);
 
     // Clean up worktree in background (non-blocking)
-    if (existing.worktree_path && isClaudeDeckWorktree(existing.worktree_path)) {
+    if (
+      existing.worktree_path &&
+      isClaudeDeckWorktree(existing.worktree_path)
+    ) {
       const worktreePath = existing.worktree_path; // Capture for closure
       runInBackground(async () => {
         const { exec } = await import("child_process");
@@ -196,7 +202,10 @@ export async function DELETE(request: NextRequest, { params }: RouteParams) {
     // Also cleanup worker worktrees in background
     if (workers.length > 0) {
       for (const worker of workers) {
-        if (worker.worktree_path && isClaudeDeckWorktree(worker.worktree_path)) {
+        if (
+          worker.worktree_path &&
+          isClaudeDeckWorktree(worker.worktree_path)
+        ) {
           const worktreePath = worker.worktree_path; // Capture for closure
           const workerId = worker.id; // Capture ID for task name
           runInBackground(async () => {

package/app/api/sessions/[id]/send-keys/route.ts

@@ -1,7 +1,7 @@
 import { NextRequest, NextResponse } from "next/server";
 import { exec } from "child_process";
 import { promisify } from "util";
-import { queries, type Session } from "@/lib/db";
+import { queries } from "@/lib/db";
 import { appendFileSync } from "fs";
 
 const execAsync = promisify(exec);

package/app/api/sessions/route.ts

@@ -1,6 +1,6 @@
 import { NextRequest, NextResponse } from "next/server";
 import { randomUUID } from "crypto";
-import { queries, type Session, type Group } from "@/lib/db";
+import { queries, type Session } from "@/lib/db";
 import { isValidAgentType, type AgentType } from "@/lib/providers";
 import { createWorktree } from "@/lib/worktrees";
 import { setupWorktree, type SetupResult } from "@/lib/env-setup";
@@ -88,7 +88,7 @@ export async function POST(request: NextRequest) {
     let branchName: string | null = null;
     let actualWorkingDirectory = workingDirectory;
     let port: number | null = null;
-    let setupResult: SetupResult | null = null;
+    const setupResult: SetupResult | null = null;
 
     if (useWorktree && featureName) {
       try {

package/app/login/page.tsx

@@ -0,0 +1,192 @@
+"use client";
+
+import { useState, useRef, useEffect } from "react";
+import { useRouter } from "next/navigation";
+import { Button } from "@/components/ui/button";
+import { Input } from "@/components/ui/input";
+import { Loader2, Lock, Eye, EyeOff } from "lucide-react";
+
+export default function LoginPage() {
+  const router = useRouter();
+  const [username, setUsername] = useState("");
+  const [password, setPassword] = useState("");
+  const [totpCode, setTotpCode] = useState("");
+  const [showPassword, setShowPassword] = useState(false);
+  const [error, setError] = useState("");
+  const [loading, setLoading] = useState(false);
+  const [step, setStep] = useState<"credentials" | "totp">("credentials");
+  const totpInputRef = useRef<HTMLInputElement>(null);
+
+  useEffect(() => {
+    if (step === "totp" && totpInputRef.current) {
+      totpInputRef.current.focus();
+    }
+  }, [step]);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    setError("");
+    setLoading(true);
+
+    try {
+      const res = await fetch("/api/auth/login", {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          username,
+          password,
+          ...(step === "totp" ? { totpCode } : {}),
+        }),
+      });
+
+      const data = await res.json();
+
+      if (res.status === 429) {
+        setError(
+          `Too many attempts. Try again in ${data.retryAfterSeconds || 60}s.`
+        );
+        return;
+      }
+
+      if (data.requiresTotp) {
+        setStep("totp");
+        return;
+      }
+
+      if (!res.ok) {
+        setError(data.error || "Invalid credentials");
+        if (step === "totp") setTotpCode("");
+        return;
+      }
+
+      router.push("/");
+      router.refresh();
+    } catch {
+      setError("Connection error");
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  useEffect(() => {
+    if (step === "totp" && totpCode.length === 6) {
+      const form = document.getElementById("login-form") as HTMLFormElement;
+      form?.requestSubmit();
+    }
+  }, [totpCode, step]);
+
+  return (
+    <div className="bg-background flex min-h-screen items-center justify-center p-4">
+      <div className="border-border bg-card w-full max-w-sm rounded-xl border p-8 shadow-lg">
+        <div className="mb-8 text-center">
+          <div className="bg-primary/10 text-primary mx-auto mb-4 flex h-12 w-12 items-center justify-center rounded-full">
+            <Lock className="h-6 w-6" />
+          </div>
+          <h1 className="text-foreground text-2xl font-semibold">ClaudeDeck</h1>
+          <p className="text-muted-foreground mt-1 text-sm">
+            {step === "credentials"
+              ? "Sign in to continue"
+              : "Enter your 2FA code"}
+          </p>
+        </div>
+
+        <form id="login-form" onSubmit={handleSubmit} className="space-y-4">
+          {step === "credentials" ? (
+            <>
+              <div className="space-y-2">
+                <label
+                  htmlFor="username"
+                  className="text-foreground text-sm font-medium"
+                >
+                  Username
+                </label>
+                <Input
+                  id="username"
+                  type="text"
+                  value={username}
+                  onChange={(e) => setUsername(e.target.value)}
+                  autoComplete="username"
+                  autoFocus
+                  required
+                />
+              </div>
+              <div className="space-y-2">
+                <label
+                  htmlFor="password"
+                  className="text-foreground text-sm font-medium"
+                >
+                  Password
+                </label>
+                <div className="relative">
+                  <Input
+                    id="password"
+                    type={showPassword ? "text" : "password"}
+                    value={password}
+                    onChange={(e) => setPassword(e.target.value)}
+                    autoComplete="current-password"
+                    required
+                  />
+                  <button
+                    type="button"
+                    onClick={() => setShowPassword(!showPassword)}
+                    className="text-muted-foreground hover:text-foreground absolute top-1/2 right-3 -translate-y-1/2"
+                    tabIndex={-1}
+                  >
+                    {showPassword ? (
+                      <EyeOff className="h-4 w-4" />
+                    ) : (
+                      <Eye className="h-4 w-4" />
+                    )}
+                  </button>
+                </div>
+              </div>
+            </>
+          ) : (
+            <div className="space-y-2">
+              <label
+                htmlFor="totp"
+                className="text-foreground text-sm font-medium"
+              >
+                Authentication code
+              </label>
+              <Input
+                ref={totpInputRef}
+                id="totp"
+                type="text"
+                inputMode="numeric"
+                pattern="[0-9]*"
+                maxLength={6}
+                value={totpCode}
+                onChange={(e) => setTotpCode(e.target.value.replace(/\D/g, ""))}
+                placeholder="000000"
+                className="text-center text-2xl tracking-[0.5em]"
+                autoComplete="one-time-code"
+                required
+              />
+              <button
+                type="button"
+                onClick={() => {
+                  setStep("credentials");
+                  setTotpCode("");
+                  setError("");
+                }}
+                className="text-muted-foreground hover:text-foreground text-xs underline"
+              >
+                Back to login
+              </button>
+            </div>
+          )}
+
+          {error && (
+            <p className="text-destructive text-center text-sm">{error}</p>
+          )}
+
+          <Button type="submit" className="w-full" disabled={loading}>
+            {loading && <Loader2 className="h-4 w-4 animate-spin" />}
+            {step === "credentials" ? "Sign in" : "Verify"}
+          </Button>
+        </form>
+      </div>
+    </div>
+  );
+}