@ian2018cs/agenthub 0.1.34 → 0.1.36

package/dist/assets/{vendor-icons-CX_nKP5H.js → vendor-icons-CDkQcAKw.js}

@@ -348,4 +348,4 @@ import{a as s}from"./vendor-react-BeVl62c0.js";/**
  *
  * This source code is licensed under the ISC license.
  * See the LICENSE file in the root directory of this source tree.
- */const C1=[["path",{d:"M4 14a1 1 0 0 1-.78-1.63l9.9-10.2a.5.5 0 0 1 .86.46l-1.92 6.02A1 1 0 0 0 13 10h7a1 1 0 0 1 .78 1.63l-9.9 10.2a.5.5 0 0 1-.86-.46l1.92-6.02A1 1 0 0 0 11 14z",key:"1xq2db"}]],G2=e("zap",C1);export{Y1 as $,Z1 as A,S1 as B,T1 as C,O1 as D,W1 as E,a2 as F,o2 as G,T2 as H,s2 as I,I1 as J,y2 as K,r2 as L,M2 as M,E2 as N,P2 as O,m2 as P,l2 as Q,g2 as R,f2 as S,A2 as T,U2 as U,A1 as V,B2 as W,D2 as X,S2 as Y,G2 as Z,K1 as _,t2 as a,c2 as a0,H2 as a1,v2 as a2,C2 as a3,R1 as a4,i2 as a5,n2 as a6,F1 as a7,z2 as a8,V1 as a9,d2 as aa,k2 as ab,e2 as b,U1 as c,j2 as d,P1 as e,E1 as f,G1 as g,u2 as h,$2 as i,q2 as j,D1 as k,B1 as l,N2 as m,x2 as n,p2 as o,h2 as p,L2 as q,X1 as r,J1 as s,Q1 as t,_2 as u,V2 as v,Z2 as w,b2 as x,w2 as y,F2 as z};
+ */const C1=[["path",{d:"M4 14a1 1 0 0 1-.78-1.63l9.9-10.2a.5.5 0 0 1 .86.46l-1.92 6.02A1 1 0 0 0 13 10h7a1 1 0 0 1 .78 1.63l-9.9 10.2a.5.5 0 0 1-.86-.46l1.92-6.02A1 1 0 0 0 11 14z",key:"1xq2db"}]],G2=e("zap",C1);export{K1 as $,F2 as A,S1 as B,T1 as C,O1 as D,W1 as E,a2 as F,c2 as G,Z1 as H,s2 as I,T2 as J,I1 as K,r2 as L,M2 as M,y2 as N,E2 as O,m2 as P,P2 as Q,g2 as R,f2 as S,A2 as T,U2 as U,l2 as V,A1 as W,D2 as X,B2 as Y,G2 as Z,S2 as _,t2 as a,Y1 as a0,H2 as a1,v2 as a2,C2 as a3,R1 as a4,i2 as a5,n2 as a6,F1 as a7,z2 as a8,V1 as a9,d2 as aa,k2 as ab,e2 as b,U1 as c,j2 as d,P1 as e,E1 as f,G1 as g,u2 as h,$2 as i,q2 as j,D1 as k,B1 as l,N2 as m,x2 as n,p2 as o,h2 as p,L2 as q,X1 as r,J1 as s,Q1 as t,_2 as u,V2 as v,Z2 as w,b2 as x,w2 as y,o2 as z};

package/dist/index.html

@@ -25,16 +25,16 @@
     
     <!-- Prevent zoom on iOS -->
     <meta name="format-detection" content="telephone=no" />
-    <script type="module" crossorigin src="/assets/index-Dtp8bFzY.js"></script>
+    <script type="module" crossorigin src="/assets/index-IiiL0NTz.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/vendor-react-BeVl62c0.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-codemirror-C_VWDoZS.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-utils-00TdZexr.js">
-    <link rel="modulepreload" crossorigin href="/assets/vendor-icons-CX_nKP5H.js">
+    <link rel="modulepreload" crossorigin href="/assets/vendor-icons-CDkQcAKw.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-katex-DK8hFnhL.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-markdown-VwNYkg_0.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-syntax-CdGaPJRS.js">
     <link rel="modulepreload" crossorigin href="/assets/vendor-xterm-CvdiG4-n.js">
-    <link rel="stylesheet" crossorigin href="/assets/index-Cuc7jDbP.css">
+    <link rel="stylesheet" crossorigin href="/assets/index-BFl_Dhvn.css">
   </head>
   <body>
     <div id="root"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ian2018cs/agenthub",
-  "version": "0.1.34",
+  "version": "0.1.36",
   "description": "A web-based UI for AI Agents",
   "type": "module",
   "main": "server/index.js",

package/server/cli.js

@@ -153,11 +153,12 @@ Usage:
   cloudcli [command] [options]
 
 Commands:
-  start          Start the Claude Code UI server (default)
-  status         Show configuration and data locations
-  update         Update to the latest version
-  help           Show this help information
-  version        Show version information
+  start                 Start the Claude Code UI server (default)
+  status                Show configuration and data locations
+  update                Update to the latest version
+  invalidate-sessions   Invalidate all user sessions (force re-login)
+  help                  Show this help information
+  version               Show version information
 
 Options:
   -p, --port <port>           Set server port (default: 3001)
@@ -247,6 +248,41 @@ async function updatePackage() {
     }
 }
 
+// Invalidate all user sessions by writing a timestamp to the database
+async function invalidateSessions() {
+    loadEnvFile();
+    const dbPath = getDatabasePath();
+
+    if (!fs.existsSync(dbPath)) {
+        console.error(`${c.error('[ERROR]')} Database not found: ${dbPath}`);
+        console.log(`         Please start the server at least once to initialize the database.`);
+        process.exit(1);
+    }
+
+    try {
+        const { default: Database } = await import('better-sqlite3');
+        const db = new Database(dbPath);
+
+        const now = new Date().toISOString();
+        db.prepare(`
+            INSERT INTO system_settings (key, value, updated_at)
+            VALUES ('sessions_invalidated_before', ?, CURRENT_TIMESTAMP)
+            ON CONFLICT(key) DO UPDATE SET
+                value = excluded.value,
+                updated_at = excluded.updated_at
+        `).run(now);
+
+        db.close();
+
+        console.log(`${c.ok('[OK]')} All user sessions have been invalidated.`);
+        console.log(`       Users will need to log in again.`);
+        console.log(`       Invalidated at: ${c.dim(now)}`);
+    } catch (e) {
+        console.error(`${c.error('[ERROR]')} Failed to invalidate sessions: ${e.message}`);
+        process.exit(1);
+    }
+}
+
 // Start the server
 async function startServer() {
     // Check for updates silently on startup
@@ -317,6 +353,9 @@ async function main() {
         case 'update':
             await updatePackage();
             break;
+        case 'invalidate-sessions':
+            await invalidateSessions();
+            break;
         default:
             console.error(`\n❌ Unknown command: ${command}`);
             console.log('   Run "cloudcli help" for usage information.\n');

package/server/index.js

@@ -53,6 +53,7 @@ import projectsRoutes from './routes/projects.js';
 import adminRoutes from './routes/admin.js';
 import usageRoutes from './routes/usage.js';
 import skillsRoutes from './routes/skills.js';
+import mcpReposRoutes from './routes/mcp-repos.js';
 import settingsRoutes from './routes/settings.js';
 import { initializeDatabase, userDb } from './database/db.js';
 import { validateApiKey, authenticateToken, authenticateWebSocket } from './middleware/auth.js';
@@ -324,6 +325,9 @@ app.use('/api/admin/usage', usageRoutes);
 // Skills API Routes (protected)
 app.use('/api/skills', authenticateToken, skillsRoutes);
 
+// MCP Repos API Routes (protected)
+app.use('/api/mcp-repos', authenticateToken, mcpReposRoutes);
+
 // Settings API Routes (protected)
 app.use('/api/settings', authenticateToken, settingsRoutes);
 

package/server/middleware/auth.js

@@ -1,5 +1,5 @@
 import jwt from 'jsonwebtoken';
-import { userDb } from '../database/db.js';
+import { userDb, settingsDb } from '../database/db.js';
 
 // Get JWT secret from environment or use default (for development)
 const JWT_SECRET = process.env.JWT_SECRET || 'claude-ui-dev-secret-change-in-production';
@@ -46,6 +46,12 @@ const authenticateToken = async (req, res, next) => {
   try {
     const decoded = jwt.verify(token, JWT_SECRET);
 
+    // Check if token was issued before a global session invalidation
+    const invalidatedBefore = settingsDb.get('sessions_invalidated_before');
+    if (invalidatedBefore && decoded.iat * 1000 < new Date(invalidatedBefore).getTime()) {
+      return res.status(401).json({ error: 'Session has been invalidated. Please log in again.' });
+    }
+
     // Verify user still exists and is active
     const user = userDb.getUserById(decoded.userId);
     if (!user) {
@@ -103,6 +109,13 @@ const authenticateWebSocket = (token) => {
 
   try {
     const decoded = jwt.verify(token, JWT_SECRET);
+
+    // Check if token was issued before a global session invalidation
+    const invalidatedBefore = settingsDb.get('sessions_invalidated_before');
+    if (invalidatedBefore && decoded.iat * 1000 < new Date(invalidatedBefore).getTime()) {
+      return null;
+    }
+
     return decoded;
   } catch (error) {
     console.error('WebSocket token verification error:', error);

package/server/routes/auth.js

@@ -5,7 +5,7 @@ import { v4 as uuidv4 } from 'uuid';
 import { userDb, verificationDb, domainWhitelistDb, usageDb, settingsDb } from '../database/db.js';
 import { generateToken, authenticateToken, JWT_SECRET } from '../middleware/auth.js';
 import { initUserDirectories } from '../services/user-directories.js';
-import { initBuiltinSkills } from '../services/builtin-skills.js';
+import { initSystemRepoForUser } from '../services/system-repo.js';
 import { sendVerificationCode, isSmtpConfigured } from '../services/email.js';
 
 const router = express.Router();
@@ -126,8 +126,8 @@ router.post('/verify-code', async (req, res) => {
       // Initialize user directories
       await initUserDirectories(uuid);
     } else {
-      // Sync built-in skills for existing user (clean up dangling + add new)
-      await initBuiltinSkills(user.uuid);
+      // Ensure system repo is linked for existing user
+      await initSystemRepoForUser(user.uuid);
     }
 
     // Check if user is disabled