@fyresmith/hive-server 4.0.1 → 5.0.0

package/assets/template-vault/.obsidian/app.json

@@ -0,0 +1 @@
+{}

package/assets/template-vault/.obsidian/appearance.json

@@ -0,0 +1 @@
+{}

package/assets/template-vault/.obsidian/core-plugins.json

@@ -0,0 +1,33 @@
+{
+  "file-explorer": true,
+  "global-search": true,
+  "switcher": true,
+  "graph": true,
+  "backlink": true,
+  "canvas": true,
+  "outgoing-link": true,
+  "tag-pane": true,
+  "footnotes": false,
+  "properties": true,
+  "page-preview": true,
+  "daily-notes": true,
+  "templates": true,
+  "note-composer": true,
+  "command-palette": true,
+  "slash-command": false,
+  "editor-status": true,
+  "bookmarks": true,
+  "markdown-importer": false,
+  "zk-prefixer": false,
+  "random-note": false,
+  "outline": true,
+  "word-count": true,
+  "slides": false,
+  "audio-recorder": false,
+  "workspaces": false,
+  "file-recovery": true,
+  "publish": false,
+  "sync": true,
+  "bases": true,
+  "webviewer": false
+}

package/assets/template-vault/.obsidian/graph.json

@@ -0,0 +1,22 @@
+{
+  "collapse-filter": true,
+  "search": "",
+  "showTags": false,
+  "showAttachments": false,
+  "hideUnresolved": false,
+  "showOrphans": true,
+  "collapse-color-groups": true,
+  "colorGroups": [],
+  "collapse-display": true,
+  "showArrow": false,
+  "textFadeMultiplier": 0,
+  "nodeSizeMultiplier": 1,
+  "lineSizeMultiplier": 1,
+  "collapse-forces": true,
+  "centerStrength": 0.518713248970312,
+  "repelStrength": 10,
+  "linkStrength": 1,
+  "linkDistance": 250,
+  "scale": 1,
+  "close": true
+}

package/assets/template-vault/.obsidian/workspace.json

@@ -0,0 +1,206 @@
+{
+  "main": {
+    "id": "7b9f3c22c91d897c",
+    "type": "split",
+    "children": [
+      {
+        "id": "eea5e6133fb6313d",
+        "type": "tabs",
+        "children": [
+          {
+            "id": "20957127bee176ea",
+            "type": "leaf",
+            "state": {
+              "type": "markdown",
+              "state": {
+                "file": "Welcome.md",
+                "mode": "source",
+                "source": false
+              },
+              "icon": "lucide-file",
+              "title": "Welcome"
+            }
+          }
+        ]
+      },
+      {
+        "id": "3606ffb170dd4603",
+        "type": "tabs",
+        "children": [
+          {
+            "id": "457fdb78bef02573",
+            "type": "leaf",
+            "state": {
+              "type": "graph",
+              "state": {},
+              "icon": "lucide-git-fork",
+              "title": "Graph view"
+            }
+          }
+        ]
+      }
+    ],
+    "direction": "vertical"
+  },
+  "left": {
+    "id": "c93fdc6c295009fd",
+    "type": "split",
+    "children": [
+      {
+        "id": "0b2bc1cb1a6c5fdb",
+        "type": "tabs",
+        "children": [
+          {
+            "id": "332749683c18294c",
+            "type": "leaf",
+            "state": {
+              "type": "file-explorer",
+              "state": {
+                "sortOrder": "alphabetical",
+                "autoReveal": false
+              },
+              "icon": "lucide-folder-closed",
+              "title": "Files"
+            }
+          },
+          {
+            "id": "2824dbf53a5c4597",
+            "type": "leaf",
+            "state": {
+              "type": "search",
+              "state": {
+                "query": "",
+                "matchingCase": false,
+                "explainSearch": false,
+                "collapseAll": false,
+                "extraContext": false,
+                "sortOrder": "alphabetical"
+              },
+              "icon": "lucide-search",
+              "title": "Search"
+            }
+          },
+          {
+            "id": "9f275c920d60b878",
+            "type": "leaf",
+            "state": {
+              "type": "bookmarks",
+              "state": {},
+              "icon": "lucide-bookmark",
+              "title": "Bookmarks"
+            }
+          }
+        ]
+      }
+    ],
+    "direction": "horizontal",
+    "width": 300
+  },
+  "right": {
+    "id": "720628f43492de54",
+    "type": "split",
+    "children": [
+      {
+        "id": "e2e6ee489b84f739",
+        "type": "tabs",
+        "children": [
+          {
+            "id": "97a8f2230c937318",
+            "type": "leaf",
+            "state": {
+              "type": "backlink",
+              "state": {
+                "file": "Welcome.md",
+                "collapseAll": false,
+                "extraContext": false,
+                "sortOrder": "alphabetical",
+                "showSearch": false,
+                "searchQuery": "",
+                "backlinkCollapsed": false,
+                "unlinkedCollapsed": true
+              },
+              "icon": "links-coming-in",
+              "title": "Backlinks for Welcome"
+            }
+          },
+          {
+            "id": "2a344f218762d53a",
+            "type": "leaf",
+            "state": {
+              "type": "outgoing-link",
+              "state": {
+                "file": "Welcome.md",
+                "linksCollapsed": false,
+                "unlinkedCollapsed": true
+              },
+              "icon": "links-going-out",
+              "title": "Outgoing links from Welcome"
+            }
+          },
+          {
+            "id": "072e764fb5cc77fa",
+            "type": "leaf",
+            "state": {
+              "type": "tag",
+              "state": {
+                "sortOrder": "frequency",
+                "useHierarchy": true,
+                "showSearch": false,
+                "searchQuery": ""
+              },
+              "icon": "lucide-tags",
+              "title": "Tags"
+            }
+          },
+          {
+            "id": "f304846ef7927a68",
+            "type": "leaf",
+            "state": {
+              "type": "all-properties",
+              "state": {
+                "sortOrder": "frequency",
+                "showSearch": false,
+                "searchQuery": ""
+              },
+              "icon": "lucide-archive",
+              "title": "All properties"
+            }
+          },
+          {
+            "id": "de791fb3b1b7afdb",
+            "type": "leaf",
+            "state": {
+              "type": "outline",
+              "state": {
+                "file": "Welcome.md",
+                "followCursor": false,
+                "showSearch": false,
+                "searchQuery": ""
+              },
+              "icon": "lucide-list",
+              "title": "Outline of Welcome"
+            }
+          }
+        ]
+      }
+    ],
+    "direction": "horizontal",
+    "width": 300,
+    "collapsed": true
+  },
+  "left-ribbon": {
+    "hiddenItems": {
+      "switcher:Open quick switcher": false,
+      "graph:Open graph view": false,
+      "canvas:Create new canvas": false,
+      "daily-notes:Open today's daily note": false,
+      "templates:Insert template": false,
+      "command-palette:Open command palette": false,
+      "bases:Create new base": false
+    }
+  },
+  "active": "20957127bee176ea",
+  "lastOpenFiles": [
+    "Welcome.md"
+  ]
+}

package/assets/template-vault/Welcome.md

@@ -0,0 +1,5 @@
+This is your new *vault*.
+
+Make a note of something, [[create a link]], or try [the Importer](https://help.obsidian.md/Plugins/Importer)!
+
+When you're ready, delete this note and make the vault your own.

package/cli/commands/env.js

@@ -1,7 +1,7 @@
 import { section, success, fail } from '../output.js';
 import { EXIT } from '../constants.js';
 import { CliError } from '../errors.js';
-import { inferDomainFromRedirect, loadEnvFile, normalizeEnv, promptForEnv, redactEnv, validateEnvValues } from '../env-file.js';
+import { loadEnvFile, normalizeEnv, promptForEnv, redactEnv, validateEnvValues } from '../env-file.js';
 import { updateHiveConfig } from '../config.js';
 import { assertEnvFileExists, loadValidatedEnv, resolveContext } from '../core/context.js';
 
@@ -18,13 +18,13 @@ export function registerEnvCommands(program) {
       const { config, envFile } = await resolveContext(options);
       const existing = await loadEnvFile(envFile);
       const values = await promptForEnv({ envFile, existing, yes: options.yes });
-      const issues = validateEnvValues(values);
+      const issues = validateEnvValues(values, { requireVaultPath: false });
       if (issues.length > 0) {
         for (const issue of issues) fail(issue);
         throw new CliError('Env file has validation issues', EXIT.FAIL);
       }
 
-      const domain = inferDomainFromRedirect(values.DISCORD_REDIRECT_URI) || config.domain;
+      const domain = config.domain;
       await updateHiveConfig({ envFile, domain });
       success(`Env file ready at ${envFile}`);
     });
@@ -41,7 +41,7 @@ export function registerEnvCommands(program) {
 
       const existing = await loadEnvFile(envFile);
       const values = await promptForEnv({ envFile, existing, yes: options.yes });
-      const issues = validateEnvValues(values);
+      const issues = validateEnvValues(values, { requireVaultPath: false });
       if (issues.length > 0) {
         for (const issue of issues) fail(issue);
         throw new CliError('Env file has validation issues', EXIT.FAIL);

package/cli/commands/managed.js

@@ -19,14 +19,14 @@ async function resolveManagedInputs(options) {
   }
   return {
     vaultPath: env.VAULT_PATH,
-    ownerDiscordId: env.OWNER_DISCORD_ID,
+    hiveServerUrl: env.HIVE_SERVER_URL || '',
     envFile,
   };
 }
 
 function assertInitialized(state) {
   if (!state) {
-    throw new CliError('Managed vault is not initialized. Run pair/init flow first.', EXIT.FAIL);
+    throw new CliError('Managed vault is not initialized. Run hive setup or dashboard setup first.', EXIT.FAIL);
   }
 }
 
@@ -38,21 +38,19 @@ export function registerManagedCommands(program) {
     .description('Show managed vault status')
     .option('--env-file <path>', 'env file path')
     .action(async (options) => {
-      const { vaultPath, ownerDiscordId, envFile } = await resolveManagedInputs(options);
+      const { vaultPath, envFile } = await resolveManagedInputs(options);
       const state = await loadManagedState(vaultPath);
       section('Managed Status');
       console.log(`Env: ${envFile}`);
       if (!state) {
         console.log('Initialized: no');
-        console.log(`Configured owner: ${ownerDiscordId}`);
         return;
       }
-      const status = describeManagedStatus(state, ownerDiscordId);
+      const status = describeManagedStatus(state, state.ownerId);
       console.log('Initialized: yes');
+      console.log(`Vault Name: ${state.vaultName ?? '(not set)'}`);
       console.log(`Vault ID: ${status.vaultId}`);
-      console.log(`Owner: ${state.ownerDiscordId}`);
-      console.log(`Configured owner: ${ownerDiscordId}`);
-      console.log(`Owner matches env: ${state.ownerDiscordId === ownerDiscordId ? 'yes' : 'no'}`);
+      console.log(`Owner: ${state.ownerId}`);
       console.log(`Members: ${status.memberCount}`);
       console.log(`Invites: ${Object.keys(state.invites ?? {}).length}`);
     });
@@ -64,13 +62,20 @@ export function registerManagedCommands(program) {
     .description('Create a single-use invite code')
     .option('--env-file <path>', 'env file path')
     .action(async (options) => {
-      const { vaultPath, ownerDiscordId } = await resolveManagedInputs(options);
+      const { vaultPath, hiveServerUrl } = await resolveManagedInputs(options);
+      const state = await loadManagedState(vaultPath);
+      if (!state) {
+        throw new CliError('Managed vault is not initialized. Run hive setup or dashboard setup.', EXIT.FAIL);
+      }
       const created = await createInvite({
         vaultPath,
-        ownerDiscordId,
-        createdBy: ownerDiscordId,
+        createdBy: state.ownerId,
       });
       success(`Invite created: ${created.code}`);
+      if (hiveServerUrl) {
+        console.log(`Claim URL: ${hiveServerUrl}/auth/claim?code=${created.code}`);
+        console.log('Next: recipient opens claim URL, signs in, then downloads the Hive vault shell.');
+      }
     });
 
   invite
@@ -122,21 +127,21 @@ export function registerManagedCommands(program) {
         return;
       }
       for (const row of members) {
-        const ownerMark = row.id === state.ownerDiscordId ? ' (owner)' : '';
+        const ownerMark = row.id === state.ownerId ? ' (owner)' : '';
         console.log(`${row.id}${ownerMark}  @${row.username}  added ${row.addedAt}`);
       }
     });
 
   member
-    .command('remove <discordId>')
+    .command('remove <userId>')
     .description('Remove a paired member')
     .option('--env-file <path>', 'env file path')
-    .action(async (discordId, options) => {
+    .action(async (userId, options) => {
       const { vaultPath } = await resolveManagedInputs(options);
-      const result = await removeMember({ vaultPath, discordId });
+      const result = await removeMember({ vaultPath, userId });
       if (!result.removed) {
-        throw new CliError(`Member not found: ${discordId}`, EXIT.FAIL);
+        throw new CliError(`Member not found: ${userId}`, EXIT.FAIL);
       }
-      success(`Removed member: ${discordId}`);
+      success(`Removed member: ${userId}`);
     });
 }

package/cli/commands/root.js

@@ -1,15 +1,19 @@
 import { existsSync } from 'fs';
+import { platform } from 'os';
 import { HIVE_CONFIG_FILE, EXIT } from '../constants.js';
 import { CliError } from '../errors.js';
 import { loadHiveConfig } from '../config.js';
-import { section, info } from '../output.js';
+import { section, info, success } from '../output.js';
 import { cloudflaredServiceStatus } from '../tunnel.js';
 import { getHiveServiceStatus } from '../service.js';
-import { resolveContext, resolveServiceConfig } from '../core/context.js';
+import { resolveContext, resolveServiceConfig, loadValidatedEnv } from '../core/context.js';
+import { loadEnvFile, normalizeEnv, writeEnvFile } from '../env-file.js';
 import { runDoctorChecks } from '../flows/doctor.js';
 import { runSetupWizard } from '../flows/setup.js';
 import { runDownFlow, runLogsFlow, runUpFlow, runUpdateFlow } from '../flows/system.js';
 import { startHiveServer } from '../../index.js';
+import { run } from '../exec.js';
+import { randomBytes } from 'crypto';
 
 export function registerRootCommands(program) {
   program
@@ -69,6 +73,48 @@ export function registerRootCommands(program) {
       info(`Hive server started using env: ${envFile}`);
     });
 
+  program
+    .command('dashboard')
+    .description('Start/open the owner dashboard')
+    .option('--env-file <path>', 'env file path')
+    .action(async (options) => {
+      const { envFile } = await resolveContext(options);
+      const { env } = await loadValidatedEnv(envFile, { requireFile: false, requireVaultPath: false });
+
+      const port = String(env.PORT || '3000').trim();
+      const serverUrl = String(env.HIVE_SERVER_URL || '').trim() || `http://localhost:${port}`;
+      const dashboardUrl = `${serverUrl}/dashboard`;
+      const localUrl = `http://127.0.0.1:${port}`;
+      const useLocalRuntime = !String(env.HIVE_SERVER_URL || '').trim();
+
+      if (useLocalRuntime) {
+        if (!String(env.JWT_SECRET || '').trim()) {
+          const existing = await loadEnvFile(envFile);
+          const next = normalizeEnv(existing);
+          next.JWT_SECRET = randomBytes(32).toString('hex');
+          await writeEnvFile(envFile, next);
+          env.JWT_SECRET = next.JWT_SECRET;
+          info(`Generated JWT_SECRET in ${envFile}`);
+        }
+
+        const health = await fetch(`${localUrl}/health`).then((res) => res.ok).catch(() => false);
+        if (!health) {
+          await startHiveServer({ envFile, quiet: true, allowSetupMode: true });
+          info(`Hive server started using env: ${envFile}`);
+        }
+      }
+
+      console.log(`Dashboard: ${dashboardUrl}`);
+
+      const opener = platform() === 'win32' ? 'explorer' : platform() === 'darwin' ? 'open' : 'xdg-open';
+      try {
+        await run(opener, [dashboardUrl]);
+        success('Opened dashboard in browser');
+      } catch {
+        info('Could not open browser automatically. Visit the URL above.');
+      }
+    });
+
   program
     .command('status')
     .description('Quick status summary (service + tunnel + doctor-lite)')

package/cli/commands/tunnel.js

@@ -6,7 +6,6 @@ import {
   EXIT,
 } from '../constants.js';
 import { CliError } from '../errors.js';
-import { inferDomainFromRedirect } from '../env-file.js';
 import { loadHiveConfig, updateHiveConfig } from '../config.js';
 import { validateDomain } from '../checks.js';
 import { run } from '../exec.js';
@@ -23,7 +22,6 @@ import {
   parseInteger,
   requiredOrFallback,
   resolveContext,
-  setRedirectUriForDomain,
 } from '../core/context.js';
 
 export function registerTunnelCommands(program) {
@@ -47,10 +45,7 @@ export function registerTunnelCommands(program) {
         throw new CliError('Fix env file first (hive env check)', EXIT.FAIL);
       }
 
-      const domain = requiredOrFallback(
-        options.domain,
-        inferDomainFromRedirect(env.DISCORD_REDIRECT_URI) || config.domain
-      );
+      const domain = requiredOrFallback(options.domain, config.domain);
       if (!validateDomain(domain)) {
         throw new CliError(`Invalid domain: ${domain}`);
       }
@@ -72,13 +67,6 @@ export function registerTunnelCommands(program) {
         installService: Boolean(options.installService),
       });
 
-      const nextEnv = await setRedirectUriForDomain({
-        envFile,
-        env,
-        domain,
-        yes: Boolean(options.yes),
-      });
-
       await updateHiveConfig({
         envFile,
         domain,
@@ -88,9 +76,6 @@ export function registerTunnelCommands(program) {
         cloudflaredConfigFile,
       });
 
-      if (nextEnv.DISCORD_REDIRECT_URI !== env.DISCORD_REDIRECT_URI) {
-        success('Redirect URI synced for tunnel domain');
-      }
       success('Tunnel setup complete');
     });
 

package/cli/constants.js

@@ -1,24 +1,15 @@
 import { homedir } from 'os';
-import { dirname, join } from 'path';
-import { fileURLToPath } from 'url';
+import { join } from 'path';
 
-const __dirname = dirname(fileURLToPath(import.meta.url));
-
-export const SERVER_ROOT = join(__dirname, '..');
 export const HIVE_HOME = join(homedir(), '.hive');
 export const HIVE_CONFIG_FILE = join(HIVE_HOME, 'config.json');
 export const DEFAULT_ENV_FILE = join(HIVE_HOME, 'server', '.env');
-export const LEGACY_ENV_FILE = join(SERVER_ROOT, '.env');
 export const DEFAULT_DOMAIN = 'collab.example.com';
 export const DEFAULT_TUNNEL_NAME = 'hive';
 export const DEFAULT_CLOUDFLARED_CONFIG = join(homedir(), '.cloudflared', 'config.yml');
 export const DEFAULT_CLOUDFLARED_CERT = join(homedir(), '.cloudflared', 'cert.pem');
 
 export const REQUIRED_ENV_KEYS = [
-  'DISCORD_CLIENT_ID',
-  'DISCORD_CLIENT_SECRET',
-  'DISCORD_REDIRECT_URI',
-  'OWNER_DISCORD_ID',
   'JWT_SECRET',
   'VAULT_PATH',
   'PORT',

package/cli/core/context.js

@@ -6,8 +6,7 @@ import prompts from 'prompts';
 import { DEFAULT_ENV_FILE, EXIT } from '../constants.js';
 import { CliError } from '../errors.js';
 import { loadHiveConfig } from '../config.js';
-import { loadEnvFile, normalizeEnv, validateEnvValues, writeEnvFile } from '../env-file.js';
-import { success } from '../output.js';
+import { loadEnvFile, normalizeEnv, validateEnvValues } from '../env-file.js';
 import { getServiceDefaults } from '../service.js';
 
 export function parseInteger(value, key) {
@@ -80,31 +79,13 @@ export function assertEnvFileExists(envFile) {
   }
 }
 
-export async function loadValidatedEnv(envFile, { requireFile = true } = {}) {
+export async function loadValidatedEnv(envFile, { requireFile = true, requireVaultPath = true } = {}) {
   if (requireFile) {
     assertEnvFileExists(envFile);
   }
 
   const raw = await loadEnvFile(envFile);
   const env = normalizeEnv(raw);
-  const issues = validateEnvValues(env);
+  const issues = validateEnvValues(env, { requireVaultPath });
   return { env, issues };
 }
-
-export async function setRedirectUriForDomain({ envFile, env, domain, yes = false }) {
-  const expected = `https://${domain}/auth/callback`;
-  if (env.DISCORD_REDIRECT_URI === expected) return env;
-
-  const shouldUpdate = await promptConfirm(
-    `Set DISCORD_REDIRECT_URI to ${expected}?`,
-    yes,
-    true
-  );
-
-  if (!shouldUpdate) return env;
-
-  const next = { ...env, DISCORD_REDIRECT_URI: expected };
-  await writeEnvFile(envFile, next);
-  success(`Updated DISCORD_REDIRECT_URI -> ${expected}`);
-  return next;
-}

package/cli/env-file.js

@@ -1,5 +1,6 @@
 import dotenv from 'dotenv';
 import prompts from 'prompts';
+import { randomBytes } from 'crypto';
 import { access, mkdir, readFile, writeFile } from 'fs/promises';
 import { existsSync } from 'fs';
 import { dirname } from 'path';
@@ -57,19 +58,12 @@ export async function writeEnvFile(envFile, values) {
   await writeFile(envFile, serializeEnv(normalizeEnv(values)), 'utf-8');
 }
 
-export function inferDomainFromRedirect(redirectUri) {
-  if (!redirectUri) return null;
-  try {
-    const u = new URL(redirectUri);
-    return u.host;
-  } catch {
-    return null;
-  }
-}
-
-export function validateEnvValues(values) {
+export function validateEnvValues(values, { requireVaultPath = true } = {}) {
   const issues = [];
-  for (const key of REQUIRED_ENV_KEYS) {
+  const requiredKeys = requireVaultPath
+    ? REQUIRED_ENV_KEYS
+    : REQUIRED_ENV_KEYS.filter((key) => key !== 'VAULT_PATH');
+  for (const key of requiredKeys) {
     if (!String(values[key] ?? '').trim()) {
       issues.push(`Missing ${key}`);
     }
@@ -78,15 +72,6 @@ export function validateEnvValues(values) {
   const port = parseInt(values.PORT ?? '', 10);
   if (!Number.isInteger(port) || port <= 0) issues.push('PORT must be a positive integer');
 
-  try {
-    const uri = new URL(values.DISCORD_REDIRECT_URI ?? '');
-    if (!/^https?:$/.test(uri.protocol)) {
-      issues.push('DISCORD_REDIRECT_URI must use http or https');
-    }
-  } catch {
-    issues.push('DISCORD_REDIRECT_URI must be a valid URL');
-  }
-
   return issues;
 }
 
@@ -101,7 +86,14 @@ export async function ensureVaultPathReadable(pathValue) {
 }
 
 export async function promptForEnv({ envFile, existing, yes = false, preset = {} }) {
-  const current = normalizeEnv({ ...existing, ...preset });
+  const base = { ...existing, ...preset };
+
+  // Auto-generate secrets if not already set — never prompt for these
+  if (!String(base.JWT_SECRET ?? '').trim()) {
+    base.JWT_SECRET = randomBytes(32).toString('hex');
+  }
+
+  const current = normalizeEnv(base);
 
   if (yes) {
     await writeEnvFile(envFile, current);
@@ -109,19 +101,13 @@ export async function promptForEnv({ envFile, existing, yes = false, preset = {}
   }
 
   const questions = [
-    { name: 'DISCORD_CLIENT_ID', message: 'Discord Client ID' },
-    { name: 'DISCORD_CLIENT_SECRET', message: 'Discord Client Secret', secret: true },
-    { name: 'OWNER_DISCORD_ID', message: 'Managed vault owner Discord ID' },
-    { name: 'JWT_SECRET', message: 'JWT secret', secret: true },
-    { name: 'VAULT_PATH', message: 'Vault absolute path' },
     { name: 'PORT', message: 'HTTP port' },
-    { name: 'DISCORD_REDIRECT_URI', message: 'Discord redirect URI' },
   ];
 
   const answers = {};
   for (const q of questions) {
     const response = await prompts({
-      type: q.secret ? 'password' : 'text',
+      type: 'text',
       name: 'value',
       message: q.message,
       initial: current[q.name] ?? '',