@dupecom/botcha-cloudflare 0.10.0 → 0.13.0

package/README.md

@@ -1,18 +1,19 @@
 # @dupecom/botcha-cloudflare
 
-> 🤖 **BOTCHA** - Prove you're a bot. Humans need not apply.
+> **BOTCHA** - Prove you're a bot. Humans need not apply.
 > 
-> **Cloudflare Workers Edition v0.2.0** - Production-ready with JWT & Rate Limiting
+> **Cloudflare Workers Edition v0.11.0** - Identity layer for AI agents
 
 Reverse CAPTCHA that verifies AI agents and blocks humans. Running at the edge.
 
-## 🚀 What's New in v0.2.0
+## What's New in v0.11.0
 
-- ✅ **JWT Token Authentication** - Secure token-based auth flow with 1-hour expiry
-- ✅ **Rate Limiting** - 100 challenges/hour/IP with proper headers
-- ✅ **KV Storage** - Challenge state stored in Cloudflare KV (prevents replay attacks)
-- ✅ **Versioned API** - New `/v1/*` endpoints with backward-compatible legacy routes
-- ✅ **Production Ready** - Enterprise-grade auth and security
+- **Agent Registry** - Persistent agent identities (POST /v1/agents/register)
+- **Email-tied apps** - Email verification, account recovery, secret rotation
+- **Dashboard** - Per-app metrics with agent-first auth (device code flow)
+- **JWT security** - 5-min access tokens, refresh tokens, audience claims, IP binding, revocation
+- **Multi-tenant** - Per-app isolation, scoped tokens, rate limiting
+- **Server-side SDKs** - @botcha/verify (TS) + botcha-verify (Python)
 
 ## Features
 

package/dist/agents.d.ts

@@ -0,0 +1,68 @@
+/**
+ * BOTCHA Agent Registry
+ *
+ * Agent registration and management:
+ * - Crypto-random agent IDs
+ * - KV storage for agent metadata
+ * - App-scoped agent lists
+ * - Fail-open design for resilience
+ */
+export type KVNamespace = {
+    get: (key: string, type?: 'text' | 'json' | 'arrayBuffer' | 'stream') => Promise<any>;
+    put: (key: string, value: string, options?: {
+        expirationTtl?: number;
+    }) => Promise<void>;
+    delete: (key: string) => Promise<void>;
+};
+/**
+ * Agent record stored in KV
+ */
+export interface Agent {
+    agent_id: string;
+    app_id: string;
+    name: string;
+    operator?: string;
+    version?: string;
+    created_at: number;
+}
+/**
+ * Generate a crypto-random agent ID
+ * Format: 'agent_' + 16 hex chars
+ *
+ * Example: agent_a1b2c3d4e5f6a7b8
+ */
+export declare function generateAgentId(): string;
+/**
+ * Create a new agent and add it to the app's agent list
+ *
+ * Stores in KV at:
+ * - `agent:{agent_id}` — Agent record
+ * - `agents:{app_id}` — Array of agent_ids for this app
+ *
+ * @param kv - KV namespace for storage
+ * @param app_id - Parent app that owns this agent
+ * @param data - Agent metadata (name, operator, version)
+ * @returns Agent record with generated agent_id
+ */
+export declare function createAgent(kv: KVNamespace, app_id: string, data: {
+    name: string;
+    operator?: string;
+    version?: string;
+}): Promise<Agent | null>;
+/**
+ * Get agent by agent_id
+ *
+ * @param kv - KV namespace
+ * @param agent_id - The agent ID to retrieve
+ * @returns Agent record or null if not found
+ */
+export declare function getAgent(kv: KVNamespace, agent_id: string): Promise<Agent | null>;
+/**
+ * List all agents for an app
+ *
+ * @param kv - KV namespace
+ * @param app_id - The app ID to list agents for
+ * @returns Array of agent records (empty array if none found)
+ */
+export declare function listAgents(kv: KVNamespace, app_id: string): Promise<Agent[]>;
+//# sourceMappingURL=agents.d.ts.map

package/dist/agents.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"agents.d.ts","sourceRoot":"","sources":["../src/agents.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAGH,MAAM,MAAM,WAAW,GAAG;IACxB,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,aAAa,GAAG,QAAQ,KAAK,OAAO,CAAC,GAAG,CAAC,CAAC;IACtF,GAAG,EAAE,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,CAAC,EAAE;QAAE,aAAa,CAAC,EAAE,MAAM,CAAA;KAAE,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;IACzF,MAAM,EAAE,CAAC,GAAG,EAAE,MAAM,KAAK,OAAO,CAAC,IAAI,CAAC,CAAC;CACxC,CAAC;AAIF;;GAEG;AACH,MAAM,WAAW,KAAK;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,OAAO,CAAC,EAAE,MAAM,CAAC;IACjB,UAAU,EAAE,MAAM,CAAC;CACpB;AAID;;;;;GAKG;AACH,wBAAgB,eAAe,IAAI,MAAM,CAOxC;AAID;;;;;;;;;;;GAWG;AACH,wBAAsB,WAAW,CAC/B,EAAE,EAAE,WAAW,EACf,MAAM,EAAE,MAAM,EACd,IAAI,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,MAAM,CAAA;CAAE,GAC1D,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAwCvB;AAED;;;;;;GAMG;AACH,wBAAsB,QAAQ,CAC5B,EAAE,EAAE,WAAW,EACf,QAAQ,EAAE,MAAM,GACf,OAAO,CAAC,KAAK,GAAG,IAAI,CAAC,CAcvB;AAED;;;;;;GAMG;AACH,wBAAsB,UAAU,CAC9B,EAAE,EAAE,WAAW,EACf,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,KAAK,EAAE,CAAC,CAsBlB"}

package/dist/agents.js

@@ -0,0 +1,123 @@
+/**
+ * BOTCHA Agent Registry
+ *
+ * Agent registration and management:
+ * - Crypto-random agent IDs
+ * - KV storage for agent metadata
+ * - App-scoped agent lists
+ * - Fail-open design for resilience
+ */
+// ============ CRYPTO UTILITIES ============
+/**
+ * Generate a crypto-random agent ID
+ * Format: 'agent_' + 16 hex chars
+ *
+ * Example: agent_a1b2c3d4e5f6a7b8
+ */
+export function generateAgentId() {
+    const bytes = new Uint8Array(8); // 8 bytes = 16 hex chars
+    crypto.getRandomValues(bytes);
+    const hexString = Array.from(bytes)
+        .map(b => b.toString(16).padStart(2, '0'))
+        .join('');
+    return `agent_${hexString}`;
+}
+// ============ AGENT MANAGEMENT ============
+/**
+ * Create a new agent and add it to the app's agent list
+ *
+ * Stores in KV at:
+ * - `agent:{agent_id}` — Agent record
+ * - `agents:{app_id}` — Array of agent_ids for this app
+ *
+ * @param kv - KV namespace for storage
+ * @param app_id - Parent app that owns this agent
+ * @param data - Agent metadata (name, operator, version)
+ * @returns Agent record with generated agent_id
+ */
+export async function createAgent(kv, app_id, data) {
+    try {
+        const agent_id = generateAgentId();
+        const agent = {
+            agent_id,
+            app_id,
+            name: data.name,
+            operator: data.operator,
+            version: data.version,
+            created_at: Date.now(),
+        };
+        // Get existing agent list for this app (if any)
+        let agentIds = [];
+        try {
+            const existingList = await kv.get(`agents:${app_id}`, 'text');
+            if (existingList) {
+                agentIds = JSON.parse(existingList);
+            }
+        }
+        catch (error) {
+            console.warn(`Failed to fetch existing agent list for app ${app_id}, starting fresh:`, error);
+            // Fail-open: Continue with empty list
+        }
+        // Add new agent_id to the list
+        agentIds.push(agent_id);
+        // Store agent record and updated list in parallel
+        await Promise.all([
+            kv.put(`agent:${agent_id}`, JSON.stringify(agent)),
+            kv.put(`agents:${app_id}`, JSON.stringify(agentIds)),
+        ]);
+        return agent;
+    }
+    catch (error) {
+        console.error(`Failed to create agent for app ${app_id}:`, error);
+        // Fail-open: Return null instead of throwing
+        return null;
+    }
+}
+/**
+ * Get agent by agent_id
+ *
+ * @param kv - KV namespace
+ * @param agent_id - The agent ID to retrieve
+ * @returns Agent record or null if not found
+ */
+export async function getAgent(kv, agent_id) {
+    try {
+        const data = await kv.get(`agent:${agent_id}`, 'text');
+        if (!data) {
+            return null;
+        }
+        return JSON.parse(data);
+    }
+    catch (error) {
+        console.error(`Failed to get agent ${agent_id}:`, error);
+        // Fail-open: Return null instead of throwing
+        return null;
+    }
+}
+/**
+ * List all agents for an app
+ *
+ * @param kv - KV namespace
+ * @param app_id - The app ID to list agents for
+ * @returns Array of agent records (empty array if none found)
+ */
+export async function listAgents(kv, app_id) {
+    try {
+        // Get the list of agent IDs for this app
+        const agentIdsData = await kv.get(`agents:${app_id}`, 'text');
+        if (!agentIdsData) {
+            return [];
+        }
+        const agentIds = JSON.parse(agentIdsData);
+        // Fetch all agent records in parallel
+        const agentPromises = agentIds.map(agent_id => getAgent(kv, agent_id));
+        const agents = await Promise.all(agentPromises);
+        // Filter out any null results (failed fetches) and return
+        return agents.filter((agent) => agent !== null);
+    }
+    catch (error) {
+        console.error(`Failed to list agents for app ${app_id}:`, error);
+        // Fail-open: Return empty array instead of throwing
+        return [];
+    }
+}

package/dist/analytics.js

@@ -30,10 +30,10 @@ export async function logAnalyticsEvent(analytics, event) {
             event.solveTimeMs || 0,
             event.responseTimeMs || 0,
         ];
+        // IMPORTANT: Analytics Engine only supports a SINGLE index.
+        // Multiple indexes silently drops the data point.
         const indexes = [
             event.eventType,
-            event.challengeType || 'none',
-            event.endpoint || 'unknown',
         ];
         analytics.writeDataPoint({
             blobs,

package/dist/dashboard/api.js

@@ -472,8 +472,15 @@ function formatTimeBucket(timestamp, period) {
     }
 }
 // ============ MOCK DATA (when CF_API_TOKEN not configured) ============
-function renderMockOverview(_period) {
-    return `<div class="dashboard-grid">
+function renderSampleBanner() {
+    return `<div class="sample-banner">Sample data — analytics will appear here once production traffic flows</div>`;
+}
+function renderSampleLegend(title, period) {
+    return `${title} (${period})<span class="sample-tag">SAMPLE</span>`;
+}
+function renderMockOverview(period) {
+    return `${renderSampleBanner()}
+  <div class="dashboard-grid">
     ${renderStatCard('1,247', 'Challenges Generated')}
     ${renderStatCard('1,089', 'Verifications')}
     ${renderStatCard('94%', 'Success Rate', 'text-success')}
@@ -482,7 +489,7 @@ function renderMockOverview(_period) {
     ${renderStatCard('0', 'Errors')}
   </div>`;
 }
-function renderMockVolume(_period) {
+function renderMockVolume(period) {
     const items = [
         { name: '00:00', value: 42, maxValue: 89 },
         { name: '04:00', value: 15, maxValue: 89 },
@@ -492,11 +499,11 @@ function renderMockVolume(_period) {
         { name: '20:00', value: 55, maxValue: 89 },
     ];
     return `<fieldset>
-    <legend>Request Volume (sample)</legend>
+    <legend>${renderSampleLegend('Request Volume', period)}</legend>
     ${renderBarChart(items)}
   </fieldset>`;
 }
-function renderMockTypes(_period) {
+function renderMockTypes(period) {
     const items = [
         { name: 'hybrid (412 ok / 18 fail)', value: 430, maxValue: 430 },
         { name: 'speed (389 ok / 12 fail)', value: 401, maxValue: 430 },
@@ -504,13 +511,13 @@ function renderMockTypes(_period) {
         { name: 'standard (22 ok / 5 fail)', value: 27, maxValue: 430 },
     ];
     return `<fieldset>
-    <legend>Challenge Types (sample)</legend>
+    <legend>${renderSampleLegend('Challenge Types', period)}</legend>
     ${renderBarChart(items)}
   </fieldset>`;
 }
-function renderMockPerformance(_period) {
+function renderMockPerformance(period) {
     return `<fieldset>
-    <legend>Performance (sample)</legend>
+    <legend>${renderSampleLegend('Performance', period)}</legend>
     <table>
       <thead>
         <tr>
@@ -525,13 +532,13 @@ function renderMockPerformance(_period) {
     </table>
   </fieldset>`;
 }
-function renderMockErrors(_period) {
+function renderMockErrors(period) {
     return `<fieldset>
-    <legend>Errors & Rate Limits (sample)</legend>
-    <div class="alert alert-success">No errors or rate limits (sample data)</div>
+    <legend>${renderSampleLegend('Errors & Rate Limits', period)}</legend>
+    <div class="alert alert-success">No errors or rate limits</div>
   </fieldset>`;
 }
-function renderMockGeo(_period) {
+function renderMockGeo(period) {
     const items = [
         { name: 'US', value: 523, maxValue: 523 },
         { name: 'DE', value: 189, maxValue: 523 },
@@ -540,7 +547,7 @@ function renderMockGeo(_period) {
         { name: 'FR', value: 67, maxValue: 523 },
     ];
     return `<fieldset>
-    <legend>Top Countries (sample)</legend>
+    <legend>${renderSampleLegend('Top Countries', period)}</legend>
     ${renderBarChart(items)}
   </fieldset>`;
 }

package/dist/dashboard/auth.d.ts

@@ -30,6 +30,14 @@ type Bindings = {
 type Variables = {
     dashboardAppId?: string;
 };
+/**
+ * Generate a 1-hour dashboard session JWT for the given app_id.
+ */
+export declare function generateSessionToken(appId: string, jwtSecret: string): Promise<string>;
+/**
+ * Set the dashboard session cookie on a response context.
+ */
+export declare function setSessionCookie(c: Context, token: string): void;
 /**
  * Middleware: Require dashboard authentication.
  *
@@ -117,13 +125,16 @@ export declare function handleDeviceCodeVerify(c: Context<{
     success: true;
     code: string;
     login_url: string;
+    magic_link: string;
     expires_in: number;
     instructions: string;
 }, import("hono/utils/http-status").ContentfulStatusCode, "json">)>;
 /**
  * GET /dashboard/code
+ * GET /dashboard/code/:code
  *
  * Renders the device code redemption page for humans.
+ * Supports pre-filled codes from URL path or query params.
  */
 export declare function renderDeviceCodePage(c: Context<{
     Bindings: Bindings;

package/dist/dashboard/auth.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/dashboard/auth.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAMvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAKjD,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAsCF;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAmChG,CAAC;AAIF;;;;;GAKG;AACH,wBAAsB,4BAA4B,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEA2CpF;AAgDD;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEAwBjF;AAID;;;;GAIG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEAEjF;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEA2B9E;AAID;;;;GAIG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBAkE5E;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAqB9E;AAID;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAyBnE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAGpE;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA2BxE;AAID;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA0HvE"}
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/dashboard/auth.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;;;;;GAkBG;AAEH,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAMvD,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,eAAe,CAAC;AAKjD,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,IAAI,EAAE,WAAW,CAAC;IAClB,SAAS,CAAC,EAAE,sBAAsB,CAAC;IACnC,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAGF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAIF;;GAEG;AACH,wBAAsB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAc5F;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAQhE;AAID;;;;;;;;;GASG;AACH,eAAO,MAAM,oBAAoB,EAAE,iBAAiB,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAC;IAAC,SAAS,EAAE,SAAS,CAAA;CAAE,CAmChG,CAAC;AAIF;;;;;GAKG;AACH,wBAAsB,4BAA4B,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEA2CpF;AAgDD;;;;;GAKG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEAwBjF;AAID;;;;GAIG;AACH,wBAAsB,yBAAyB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;oEAEjF;AAED;;;;;GAKG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC;;;;;;;;;;;oEA4B9E;AAID;;;;;;GAMG;AACH,wBAAsB,oBAAoB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA2E5E;AAED;;;;GAIG;AACH,wBAAsB,sBAAsB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAqB9E;AAID;;;;;GAKG;AACH,wBAAsB,WAAW,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAyBnE;AAED;;GAEG;AACH,wBAAsB,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFAGpE;AAID;;;;;;;;;;;;GAYG;AACH,wBAAsB,gBAAgB,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,gFA2BxE;AAID;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CAAC,CAAC,EAAE,OAAO,CAAC;IAAE,QAAQ,EAAE,QAAQ,CAAA;CAAE,CAAC,qBA6HvE"}

package/dist/dashboard/auth.js

@@ -10,7 +10,7 @@ import { LoginLayout, Card, Divider } from './layout';
 /**
  * Generate a 1-hour dashboard session JWT for the given app_id.
  */
-async function generateSessionToken(appId, jwtSecret) {
+export async function generateSessionToken(appId, jwtSecret) {
     const encoder = new TextEncoder();
     const secretKey = encoder.encode(jwtSecret);
     return new SignJWT({
@@ -28,7 +28,7 @@ async function generateSessionToken(appId, jwtSecret) {
 /**
  * Set the dashboard session cookie on a response context.
  */
-function setSessionCookie(c, token) {
+export function setSessionCookie(c, token) {
     setCookie(c, 'botcha_session', token, {
         path: '/dashboard',
         httpOnly: true,
@@ -216,21 +216,31 @@ export async function handleDeviceCodeVerify(c) {
         success: true,
         code,
         login_url: `${baseUrl}/dashboard/code`,
+        magic_link: `${baseUrl}/go/${code}`,
         expires_in: 600,
-        instructions: `Tell your human: Visit ${baseUrl}/dashboard/code and enter code: ${code}`,
+        instructions: `Give your human this link: ${baseUrl}/go/${code} (or visit ${baseUrl}/dashboard/code and enter code: ${code})`,
     });
 }
 // ============ DEVICE CODE REDEMPTION (human-facing) ============
 /**
  * GET /dashboard/code
+ * GET /dashboard/code/:code
  *
  * Renders the device code redemption page for humans.
+ * Supports pre-filled codes from URL path or query params.
  */
 export async function renderDeviceCodePage(c) {
     const url = new URL(c.req.url);
     const error = url.searchParams.get('error');
-    const prefill = url.searchParams.get('code') || '';
     const emailSent = url.searchParams.get('email_sent') === '1';
+    // Get prefill code from URL path or query params
+    const pathCode = c.req.param('code')?.toUpperCase() || '';
+    const queryCode = url.searchParams.get('code') || '';
+    let prefill = pathCode || queryCode;
+    // Strip BOTCHA- prefix if present (form only needs the suffix)
+    if (prefill.startsWith('BOTCHA-')) {
+        prefill = prefill.slice(7);
+    }
     const errorMap = {
         invalid: 'Invalid or expired code. Ask your agent for a new one.',
         missing: 'Please enter a device code.',
@@ -392,10 +402,10 @@ export async function renderLoginPage(c) {
       document.querySelector('form').submit();
     }
   `;
-    return c.html(_jsxs(LoginLayout, { title: "Dashboard Login - BOTCHA", children: [_jsx("div", { class: "ascii-logo", children: ` ____   ___ _____ ____ _   _   _
-| __ ) / _ \\_   _/ ___| | | | / \\
-|  _ \\| | | || || |   | |_| |/ _ \\
-| |_) | |_| || || |___|  _  / ___ \\
-|____/ \\___/ |_| \\____|_| |_/_/   \\_\\
-    >_ prove you're a bot` }), _jsxs(Card, { title: "Device Code", badge: "agent required", children: [_jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Your AI agent can generate a login code for you." }), _jsxs("a", { href: "/dashboard/code", class: "button btn", children: ["Enter Device Code ", '>'] }), _jsxs("div", { class: "hint", children: ["Agent: ", _jsx("code", { children: "POST /v1/auth/device-code" }), " then solve the challenge."] })] }), _jsx(Divider, { text: "or" }), _jsx("form", { method: "post", action: "/dashboard/email-login", children: _jsxs(Card, { title: "Email Login", badge: "returning users", children: [error === 'email_missing' && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Enter the email you used when creating your app. We'll send a login code to your inbox." }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "email", children: "Email" }), _jsx("input", { type: "email", id: "email", name: "email", placeholder: "you@example.com", required: true, autocomplete: "email" })] }), _jsxs("button", { type: "submit", children: ["Email Me a Code ", '>'] })] }) }), _jsx(Divider, { text: "or sign in with credentials" }), _jsx("form", { method: "post", action: "/dashboard/login", children: _jsxs(Card, { title: "App Credentials", children: [error && error !== 'email_missing' && errorMap[error] && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsxs("div", { id: "create-result", children: [_jsx("div", { class: "warning", children: "Save these credentials now. The secret will not be shown again." }), _jsxs("div", { class: "credentials-box", children: [_jsx("span", { class: "label", children: "app_id: " }), _jsx("span", { class: "value", id: "new-app-id" }), _jsx("br", {}), _jsx("span", { class: "label", children: "secret: " }), _jsx("span", { class: "value", id: "new-app-secret" })] }), _jsxs("button", { type: "button", onclick: "fillAndLogin()", style: "width: 100%; margin-bottom: 1rem;", children: ["Login With New Credentials ", '>'] })] }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "app_id", children: "App ID" }), _jsx("input", { type: "text", id: "app_id", name: "app_id", placeholder: "app_...", required: true, autocomplete: "username" })] }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "app_secret", children: "App Secret" }), _jsx("input", { type: "password", id: "app_secret", name: "app_secret", placeholder: "sk_...", required: true, autocomplete: "current-password" })] }), _jsxs("div", { style: "display: flex; gap: 0.75rem; align-items: center;", children: [_jsxs("button", { type: "submit", children: ["Login ", '>'] }), _jsxs("button", { type: "button", id: "create-btn", class: "btn-secondary", onclick: "createApp()", children: ["Create App ", '>'] })] })] }) }), _jsx("script", { dangerouslySetInnerHTML: { __html: CREATE_APP_SCRIPT } })] }));
+    return c.html(_jsxs(LoginLayout, { title: "Dashboard Login - BOTCHA", children: [_jsx("a", { href: "/", class: "ascii-logo", children: `██████╗  ██████╗ ████████╗ ██████╗██╗  ██╗ █████╗
+██╔══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔══██╗
+██████╔╝██║   ██║   ██║   ██║     ███████║███████║
+██╔══██╗██║   ██║   ██║   ██║     ██╔══██║██╔══██║
+██████╔╝╚██████╔╝   ██║   ╚██████╗██║  ██║██║  ██║
+╚═════╝  ╚═════╝    ╚═╝    ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝` }), _jsxs("p", { class: "text-muted", style: "text-align: center; font-size: 0.75rem; margin: -1rem 0 2rem;", children: ['>', "_\u00A0prove you're a bot"] }), _jsxs(Card, { title: "Device Code", badge: "agent required", children: [_jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Your AI agent can generate a login code for you." }), _jsxs("a", { href: "/dashboard/code", class: "button btn", children: ["Enter Device Code ", '>'] }), _jsxs("div", { class: "hint", children: ["Agent: ", _jsx("code", { children: "POST /v1/auth/device-code" }), " then solve the challenge."] })] }), _jsx(Divider, { text: "or" }), _jsx("form", { method: "post", action: "/dashboard/email-login", children: _jsxs(Card, { title: "Email Login", badge: "returning users", children: [error === 'email_missing' && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsx("p", { class: "text-muted mb-2", style: "font-size: 0.75rem;", children: "Enter the email you used when creating your app. We'll send a login code to your inbox." }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "email", children: "Email" }), _jsx("input", { type: "email", id: "email", name: "email", placeholder: "you@example.com", required: true, autocomplete: "email" })] }), _jsxs("button", { type: "submit", children: ["Email Me a Code ", '>'] })] }) }), _jsx(Divider, { text: "or sign in with credentials" }), _jsx("form", { method: "post", action: "/dashboard/login", children: _jsxs(Card, { title: "App Credentials", children: [error && error !== 'email_missing' && errorMap[error] && (_jsx("div", { class: "error-message", children: errorMap[error] })), _jsxs("div", { id: "create-result", children: [_jsx("div", { class: "warning", children: "Save these credentials now. The secret will not be shown again." }), _jsxs("div", { class: "credentials-box", children: [_jsx("span", { class: "label", children: "app_id: " }), _jsx("span", { class: "value", id: "new-app-id" }), _jsx("br", {}), _jsx("span", { class: "label", children: "secret: " }), _jsx("span", { class: "value", id: "new-app-secret" })] }), _jsxs("button", { type: "button", onclick: "fillAndLogin()", style: "width: 100%; margin-bottom: 1rem;", children: ["Login With New Credentials ", '>'] })] }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "app_id", children: "App ID" }), _jsx("input", { type: "text", id: "app_id", name: "app_id", placeholder: "app_...", required: true, autocomplete: "username" })] }), _jsxs("div", { class: "form-group", children: [_jsx("label", { for: "app_secret", children: "App Secret" }), _jsx("input", { type: "password", id: "app_secret", name: "app_secret", placeholder: "sk_...", required: true, autocomplete: "current-password" })] }), _jsxs("div", { style: "display: flex; gap: 0.75rem; align-items: center;", children: [_jsxs("button", { type: "submit", children: ["Login ", '>'] }), _jsxs("button", { type: "button", id: "create-btn", class: "btn-secondary", onclick: "createApp()", children: ["Create App ", '>'] })] })] }) }), _jsx("script", { dangerouslySetInnerHTML: { __html: CREATE_APP_SCRIPT } })] }));
 }

package/dist/dashboard/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dashboard/index.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAqB5B,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IAChD,WAAW,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IACjD,IAAI,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IAC1C,SAAS,CAAC,EAAE,OAAO,cAAc,EAAE,sBAAsB,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,QAAA,MAAM,SAAS;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AA+D3E,eAAe,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/dashboard/index.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAqB5B,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IAChD,WAAW,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IACjD,IAAI,EAAE,OAAO,eAAe,EAAE,WAAW,CAAC;IAC1C,SAAS,CAAC,EAAE,OAAO,cAAc,EAAE,sBAAsB,CAAC;IAC1D,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;IACvB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,aAAa,CAAC,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB,CAAC;AAEF,QAAA,MAAM,SAAS;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AAgE3E,eAAe,SAAS,CAAC"}

package/dist/dashboard/index.js

@@ -26,6 +26,7 @@ dashboard.post('/email-login', handleEmailLogin);
 dashboard.get('/logout', handleLogout);
 // Device code pages (human enters code here)
 dashboard.get('/code', renderDeviceCodePage);
+dashboard.get('/code/:code', renderDeviceCodePage); // Pre-filled code from URL
 dashboard.post('/code', handleDeviceCodeRedeem);
 // ============ PROTECTED ROUTES (auth required) ============
 // Apply auth middleware to all routes below

package/dist/dashboard/landing.d.ts

@@ -0,0 +1,20 @@
+/**
+ * BOTCHA Landing Pages (JSX)
+ *
+ * Two views at GET /:
+ *   - LandingPage: ultra-minimal — one prompt to copy-paste to your agent
+ *   - VerifiedLandingPage: for humans whose agent solved the challenge
+ *
+ * Design: the human's only job is to copy one prompt, paste it into their
+ * agent, and click the link the agent gives back. That's it.
+ */
+import type { FC } from 'hono/jsx';
+export declare const LandingPage: FC<{
+    version: string;
+    error?: string;
+}>;
+export declare const VerifiedLandingPage: FC<{
+    version: string;
+    solveTime?: number;
+}>;
+//# sourceMappingURL=landing.d.ts.map

package/dist/dashboard/landing.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"landing.d.ts","sourceRoot":"","sources":["../../src/dashboard/landing.tsx"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,MAAM,UAAU,CAAC;AAsCnC,eAAO,MAAM,WAAW,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAgI/D,CAAC;AAyBF,eAAO,MAAM,mBAAmB,EAAE,EAAE,CAAC;IAAE,OAAO,EAAE,MAAM,CAAC;IAAC,SAAS,CAAC,EAAE,MAAM,CAAA;CAAE,CAoF3E,CAAC"}

package/dist/dashboard/landing.js

@@ -0,0 +1,85 @@
+import { jsx as _jsx, jsxs as _jsxs } from "hono/jsx/jsx-runtime";
+import { LandingLayout } from './layout';
+import { Card } from './layout';
+const BOTCHA_ASCII = `██████╗  ██████╗ ████████╗ ██████╗██╗  ██╗ █████╗
+██╔══██╗██╔═══██╗╚══██╔══╝██╔════╝██║  ██║██╔══██╗
+██████╔╝██║   ██║   ██║   ██║     ███████║███████║
+██╔══██╗██║   ██║   ██║   ██║     ██╔══██║██╔══██║
+██████╔╝╚██████╔╝   ██║   ╚██████╗██║  ██║██║  ██║
+╚═════╝  ╚═════╝    ╚═╝    ╚═════╝╚═╝  ╚═╝╚═╝  ╚═╝`;
+const AGENT_PROMPT = `Run: curl -s https://botcha.ai -H 'Accept: application/json' — then follow the instructions in the response to verify yourself and get me access.`;
+// Clipboard copy icon (Lucide-style, 16x16)
+const COPY_ICON = `<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="square" stroke-linejoin="miter"><rect x="9" y="9" width="13" height="13" rx="0"/><path d="M5 15H4a1 1 0 0 1-1-1V4a1 1 0 0 1 1-1h10a1 1 0 0 1 1 1v1"/></svg>`;
+const CHECK_ICON = `<svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2.5" stroke-linecap="square" stroke-linejoin="miter"><polyline points="20 6 9 17 4 12"/></svg>`;
+const COPY_SCRIPT = `
+function copyPrompt() {
+  var text = document.getElementById('agent-prompt').textContent.trim();
+  navigator.clipboard.writeText(text).then(function() {
+    var label = document.getElementById('copy-label');
+    var icon = document.getElementById('copy-icon');
+    var txt = document.getElementById('copy-text');
+    label.style.color = 'var(--green)';
+    icon.innerHTML = '${CHECK_ICON.replace(/'/g, "\\'")}';
+    txt.textContent = 'Copied — now paste into your agent';
+    setTimeout(function() {
+      label.style.color = 'var(--text-muted)';
+      icon.innerHTML = '${COPY_ICON.replace(/'/g, "\\'")}';
+      txt.textContent = 'Click to copy';
+    }, 2500);
+  });
+}
+`;
+// ============ UNVERIFIED LANDING PAGE ============
+export const LandingPage = ({ version, error }) => {
+    return (_jsxs(LandingLayout, { version: version, children: [_jsx("a", { href: "/", class: "ascii-logo", children: BOTCHA_ASCII }), _jsxs("p", { class: "text-muted", style: "text-align: center; font-size: 0.75rem; margin: -1rem 0 0.5rem;", children: ['>', "_\u00A0prove you're a bot"] }), _jsx("p", { class: "landing-tagline", children: "This site is for AI agents. Bring yours." }), _jsx("p", { class: "text-muted", style: "font-size: 0.6875rem; text-transform: uppercase; letter-spacing: 0.15em; text-align: center; margin: 2rem 0 0.625rem;", children: "Paste this into your AI agent" }), _jsx("div", { class: "card", style: "margin-bottom: 1.5rem;", children: _jsx("div", { class: "card-body", children: _jsxs("button", { id: "prompt-btn", onclick: "copyPrompt()", type: "button", class: "card-inner", style: "display: block; width: 100%; padding: 1.5rem; border: none; border-radius: 0; cursor: pointer; font-family: var(--font); text-align: left; text-transform: none; letter-spacing: normal; box-shadow: none; transition: background 0.2s;", children: [_jsx("code", { id: "agent-prompt", style: "font-size: 1.125rem; font-weight: 700; color: var(--accent); line-height: 1.5; display: block; background: none; border: none; padding: 0;", children: AGENT_PROMPT }), _jsxs("span", { id: "copy-label", style: "display: flex; align-items: center; gap: 0.375rem; margin-top: 1rem; font-size: 0.6875rem; font-weight: 500; color: var(--text-muted); text-transform: uppercase; letter-spacing: 0.1em; transition: color 0.2s;", children: [_jsx("span", { id: "copy-icon", style: "display: flex; transition: color 0.2s;", dangerouslySetInnerHTML: { __html: COPY_ICON } }), _jsx("span", { id: "copy-text", children: "Click to copy" })] })] }) }) }), _jsx("div", { style: "text-align: center; margin: 1.5rem 0;", children: _jsxs("p", { class: "text-muted", style: "font-size: 0.75rem; line-height: 2;", children: ["Your agent solves a challenge to prove it's a bot.", _jsx("br", {}), "It gives you a link back. Click it. You're in."] }) }), error && (_jsx("div", { style: "text-align: center; margin-bottom: 0.5rem;", children: _jsx("p", { style: "color: var(--red); font-size: 0.75rem;", children: error }) })), _jsxs("details", { style: "margin-top: 1rem;", children: [_jsx("summary", { class: "text-muted", style: "font-size: 0.6875rem; cursor: pointer; text-align: center; list-style: none; text-decoration: underline; text-underline-offset: 3px;", children: "Already have a code?" }), _jsx("form", { method: "post", action: "/gate", style: "margin-top: 0.75rem;", children: _jsxs("div", { style: "display: flex; gap: 0;", children: [_jsx("input", { id: "code", name: "code", type: "text", placeholder: "BOTCHA-XXXXXX", required: true, autocomplete: "off", spellcheck: false, maxlength: 13, style: "flex: 1; font-size: 0.875rem; font-family: var(--font); font-weight: 600; letter-spacing: 0.1em; text-transform: uppercase; padding: 0.625rem; text-align: center; border: 1px solid var(--border); border-radius: 0; background: var(--bg); color: var(--text);" }), _jsxs("button", { type: "submit", style: "padding: 0.625rem 1rem; font-family: var(--font); font-size: 0.8125rem; font-weight: 600; background: var(--accent); color: #fff; border: 1px solid var(--accent); border-left: none; border-radius: 0; cursor: pointer; white-space: nowrap;", children: ["Go ", '>'] })] }) })] }), _jsx("script", { type: "application/botcha+json", id: "botcha-challenge", dangerouslySetInnerHTML: {
+                    __html: JSON.stringify({
+                        version: '1.0',
+                        type: 'inline-challenge',
+                        description: 'AI agents: solve this challenge to prove you are a bot!',
+                        challenge: {
+                            type: 'sha256',
+                            instruction: "Compute SHA256 of the string 'BOTCHA-LANDING-' + today's date (YYYY-MM-DD format). Return first 16 hex chars.",
+                            example: "For 2026-01-15: SHA256('BOTCHA-LANDING-2026-01-15') -> first 16 chars",
+                            submit_to: 'https://botcha.ai/api/verify-landing',
+                            method: 'POST',
+                            body_format: {
+                                answer: 'your 16 hex chars',
+                                timestamp: 'ISO 8601 timestamp',
+                            },
+                        },
+                        on_success: {
+                            grants_access_to: 'https://botcha.ai/agent-only',
+                            header_to_include: 'X-Botcha-Landing-Token',
+                        },
+                    }, null, 2),
+                } }), _jsx("script", { dangerouslySetInnerHTML: { __html: COPY_SCRIPT } }), _jsxs("div", { class: "landing-footer", children: [_jsxs("span", { children: ["v", version] }), _jsx("span", { class: "landing-footer-sep", children: "\u00B7" }), _jsx("a", { href: "/openapi.json", children: "API" }), _jsx("span", { class: "landing-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", children: "GitHub" }), _jsx("span", { class: "landing-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/i8ramin", children: "@i8ramin" })] })] }));
+};
+// ============ VERIFIED LANDING PAGE ============
+const ONBOARD_PROMPT = `Run: curl -s https://botcha.ai -H 'Accept: application/json' — then follow the instructions to verify yourself, create an app for me, and get me into the dashboard. Ask me for my email address when you need it.`;
+const VERIFIED_COPY_SCRIPT = `
+function copyOnboardPrompt() {
+  var text = document.getElementById('onboard-prompt').textContent.trim();
+  navigator.clipboard.writeText(text).then(function() {
+    var label = document.getElementById('onboard-label');
+    var icon = document.getElementById('onboard-icon');
+    var txt = document.getElementById('onboard-text');
+    label.style.color = 'var(--green)';
+    icon.innerHTML = '${CHECK_ICON.replace(/'/g, "\\'")}';
+    txt.textContent = 'Copied — now paste into your agent';
+    setTimeout(function() {
+      label.style.color = 'var(--text-muted)';
+      icon.innerHTML = '${COPY_ICON.replace(/'/g, "\\'")}';
+      txt.textContent = 'Click to copy';
+    }, 2500);
+  });
+}
+`;
+export const VerifiedLandingPage = ({ version, solveTime }) => {
+    return (_jsxs(LandingLayout, { version: version, children: [_jsx("a", { href: "/", class: "ascii-logo", children: BOTCHA_ASCII }), _jsxs("p", { class: "text-muted", style: "text-align: center; font-size: 0.75rem; margin: -1rem 0 0.5rem;", children: ['>', "_\u00A0verified"] }), _jsxs("p", { class: "landing-tagline", style: "color: var(--green);", children: ["Your agent proved it's a bot", solveTime ? ` in ${solveTime}ms` : '', ". Welcome."] }), _jsx("p", { class: "text-muted", style: "font-size: 0.6875rem; text-transform: uppercase; letter-spacing: 0.15em; text-align: center; margin: 2rem 0 0.625rem;", children: "Set up your account \u2014 paste this to your agent" }), _jsx("div", { class: "card", style: "margin-bottom: 1.5rem;", children: _jsx("div", { class: "card-body", children: _jsxs("button", { id: "onboard-btn", onclick: "copyOnboardPrompt()", type: "button", class: "card-inner", style: "display: block; width: 100%; padding: 1.5rem; border: none; border-radius: 0; cursor: pointer; font-family: var(--font); text-align: left; text-transform: none; letter-spacing: normal; box-shadow: none; transition: background 0.2s;", children: [_jsx("code", { id: "onboard-prompt", style: "font-size: 1rem; font-weight: 700; color: var(--accent); line-height: 1.5; display: block; background: none; border: none; padding: 0;", children: ONBOARD_PROMPT }), _jsxs("span", { id: "onboard-label", style: "display: flex; align-items: center; gap: 0.375rem; margin-top: 1rem; font-size: 0.6875rem; font-weight: 500; color: var(--text-muted); text-transform: uppercase; letter-spacing: 0.1em; transition: color 0.2s;", children: [_jsx("span", { id: "onboard-icon", style: "display: flex; transition: color 0.2s;", dangerouslySetInnerHTML: { __html: COPY_ICON } }), _jsx("span", { id: "onboard-text", children: "Click to copy" })] })] }) }) }), _jsx("div", { style: "text-align: center; margin: 1.5rem 0;", children: _jsxs("p", { class: "text-muted", style: "font-size: 0.75rem; line-height: 2;", children: ["Your agent will ask for your email, create your app,", _jsx("br", {}), "and give you a link to your dashboard. You just click it."] }) }), _jsxs(Card, { title: "For developers", children: [_jsx("p", { class: "text-muted", style: "font-size: 0.8125rem; line-height: 1.7; margin-bottom: 0.75rem;", children: "Protect your own APIs so only verified AI agents can access them:" }), _jsx("pre", { children: _jsx("code", { children: `# Client SDK (for your agent)
+npm install @dupecom/botcha     # TypeScript
+pip install botcha              # Python
+
+# Server SDK (protect your APIs)
+npm install @botcha/verify      # Express/Hono
+pip install botcha-verify       # FastAPI/Django` }) }), _jsxs("div", { class: "landing-links", style: "margin-top: 1rem;", children: [_jsx("a", { href: "/openapi.json", class: "landing-link", children: "OpenAPI" }), _jsx("a", { href: "/ai.txt", class: "landing-link", children: "ai.txt" }), _jsx("a", { href: "https://github.com/dupe-com/botcha", class: "landing-link", children: "GitHub" }), _jsx("a", { href: "https://www.npmjs.com/package/@dupecom/botcha", class: "landing-link", children: "npm" }), _jsx("a", { href: "https://pypi.org/project/botcha/", class: "landing-link", children: "PyPI" })] })] }), _jsx("script", { dangerouslySetInnerHTML: { __html: VERIFIED_COPY_SCRIPT } }), _jsxs("div", { class: "landing-footer", children: [_jsxs("span", { children: ["v", version] }), _jsx("span", { class: "landing-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://botcha.ai", children: "botcha.ai" }), _jsx("span", { class: "landing-footer-sep", children: "\u00B7" }), _jsx("a", { href: "https://github.com/i8ramin", children: "@i8ramin" })] })] }));
+};

package/dist/dashboard/layout.d.ts

@@ -44,4 +44,11 @@ export declare const DashboardLayout: FC<PropsWithChildren<{
 export declare const LoginLayout: FC<PropsWithChildren<{
     title?: string;
 }>>;
+/**
+ * Landing page layout — wider than LoginLayout, includes SEO meta tags.
+ * Used for the public landing page at GET /
+ */
+export declare const LandingLayout: FC<PropsWithChildren<{
+    version: string;
+}>>;
 //# sourceMappingURL=layout.d.ts.map

package/dist/dashboard/layout.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"layout.d.ts","sourceRoot":"","sources":["../../src/dashboard/layout.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAKtD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBzF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE,EAAE,CAAC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAExC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmCrF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBjE,CAAC"}
+{"version":3,"file":"layout.d.ts","sourceRoot":"","sources":["../../src/dashboard/layout.tsx"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,EAAE,EAAE,iBAAiB,EAAE,MAAM,UAAU,CAAC;AAKtD;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,IAAI,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmBzF,CAAC;AAEF;;GAEG;AACH,eAAO,MAAM,OAAO,EAAE,EAAE,CAAC;IAAE,IAAI,EAAE,MAAM,CAAA;CAAE,CAExC,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,eAAe,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAmCrF,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,WAAW,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAsBjE,CAAC;AAEF;;;GAGG;AACH,eAAO,MAAM,aAAa,EAAE,EAAE,CAAC,iBAAiB,CAAC;IAAE,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAoDpE,CAAC"}