@insitue/claude-plugin 0.7.0 → 0.7.2

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "insitue",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "Drive a Claude Code session from the InSitue browser overlay. Pick an element in your app, claude reads the file and proposes the edit.",
   "mcpServers": {
     "insitue": {

package/CHANGELOG.md

@@ -1,5 +1,14 @@
 # @insitue/claude-plugin
 
+## 0.7.2
+
+- **Consistent slash commands.** Removed the duplicate MCP prompts for connect/login/logout, which Claude Code surfaced as differently-named `…insitue:<name> (MCP)` entries alongside the clean `/insitue:*` slash commands. Now there is one consistent surface: `/insitue:connect`, `/insitue:disconnect`, `/insitue:login`, `/insitue:logout` (from `commands/*.md`). On Claude Desktop, use the equivalent tools (`start_session`, `authenticate`+`complete_authentication`, `logout`).
+- **Docs:** the channels (preview) section now documents the `allowedChannelPlugins` org-policy escape hatch to drop the `--dangerously-load-development-channels` flag.
+
+## 0.7.1
+
+- **`/insitue:logout`.** New slash command (+ `logout` MCP tool + `npx @insitue/claude-plugin logout` CLI) that signs you out properly: it revokes this machine's token server-side, then clears the local credentials (`~/.insitue/auth.json`). Revoke is best-effort — your local creds are always cleared even if the network call fails. Pairs with the existing `/insitue:login`.
+
 ## 0.7.0
 
 - **Live picks without blocking the chat (channels, opt-in preview).** The MCP server now also PUSHES each pick as a Claude Code channel event (`notifications/claude/channel`). Start your session with `claude --dangerously-load-development-channels --channels plugin:insitue` and picks wake the idle agent instead of you waiting on a poll — the chat stays free for conversation the rest of the time. Plain `claude` + `/insitue:connect` is unchanged (8s poll fallback). The agent de-dupes by pick id, so the push + poll paths never double-handle a pick. Channels are a Claude Code research-preview feature (CLI-only); the flag is required during the preview.

package/README.md

@@ -201,6 +201,11 @@ channel listener falls back to the normal poll automatically.
 - This is a **Claude Code research-preview** feature. The flag
   `--dangerously-load-development-channels` is required during the
   preview period and may change or be renamed in a future release.
+- **Dropping the flag:** on Team/Enterprise, an admin can add `insitue`
+  to the `allowedChannelPlugins` org policy — then the channel runs with
+  just `claude --channels plugin:insitue` (no dangerous flag). Once
+  channels leave research preview / the plugin is on Anthropic's default
+  allowlist, the flag won't be needed at all.
 - It works only with the CLI (`claude`), not Claude Desktop.
 - The standard `/insitue:connect` workflow (plain `claude`, no
   extra flags) continues to work exactly as before via polling —

package/commands/logout.md

@@ -0,0 +1,28 @@
+---
+description: Sign out of InSitue Cloud — revokes this machine's token and clears local credentials.
+---
+
+# /insitue:logout
+
+Signs you out of InSitue Cloud. Revokes this machine's token server-side
+and removes local credentials from `~/.insitue/auth.json`.
+Even if the server-side revoke fails (network issue, expired token), local
+credentials are always cleared.
+
+## Your behaviour
+
+1. Call `mcp__insitue__logout` (no arguments).
+
+2. On `{ status: "ok", revoked: true }`:
+   Reply in one line: "Signed out of InSitue."
+
+3. On `{ status: "ok", revoked: false }`:
+   Reply in one line: "Signed out of InSitue. (Token revoke skipped — no token was stored or the server was unreachable, but local credentials have been cleared.)"
+
+4. On any unexpected error: relay the `message` field and suggest running
+   `/insitue:logout` again or clearing `~/.insitue/auth.json` manually.
+
+## Notes
+
+- Logout always clears local credentials, even when the network revoke fails.
+- To sign back in, run `/insitue:login`.

package/dist/{chunk-B3HSTDGI.js → chunk-EDGPZTOV.js}

@@ -40,6 +40,21 @@ function saveAuth(patch) {
     mode: 384
   });
 }
+function clearAuth() {
+  const p = join(homedir(), ".insitue", "auth.json");
+  if (!existsSync(p)) return;
+  let existing = {};
+  try {
+    existing = JSON.parse(readFileSync(p, "utf8"));
+  } catch {
+  }
+  const cleared = {};
+  if (existing.host) cleared.host = existing.host;
+  writeFileSync(p, JSON.stringify(cleared, null, 2) + "\n", {
+    encoding: "utf8",
+    mode: 384
+  });
+}
 function saveProjectLink(projectDir, projectId) {
   const dir = join(projectDir, ".insitue");
   mkdirSync(dir, { recursive: true });
@@ -55,5 +70,6 @@ export {
   loadProjectId,
   resolveHost,
   saveAuth,
+  clearAuth,
   saveProjectLink
 };

package/dist/{chunk-IRPBZWNQ.js → chunk-ESW573VH.js}

@@ -56,11 +56,18 @@ var releaseIssue = (host, token, id) => call(
   "POST",
   `/api/v1/dev/issues/${encodeURIComponent(id)}/release`
 );
+var revokeToken = (host, token) => call(
+  host,
+  token,
+  "POST",
+  `/api/v1/dev/token/revoke`
+);
 
 export {
   CloudApiError,
   listIssues,
   claimIssue,
   resolveIssue,
-  releaseIssue
+  releaseIssue,
+  revokeToken
 };

package/dist/{chunk-KGRPDRYH.js → chunk-ZLNSDVTY.js}

@@ -1,7 +1,7 @@
 import {
   loadAuth,
   loadProjectId
-} from "./chunk-B3HSTDGI.js";
+} from "./chunk-EDGPZTOV.js";
 
 // src/diagnose.ts
 import { existsSync, readdirSync, readFileSync, statSync } from "fs";

package/dist/cloud/api.js

@@ -3,12 +3,14 @@ import {
   claimIssue,
   listIssues,
   releaseIssue,
-  resolveIssue
-} from "../chunk-IRPBZWNQ.js";
+  resolveIssue,
+  revokeToken
+} from "../chunk-ESW573VH.js";
 export {
   CloudApiError,
   claimIssue,
   listIssues,
   releaseIssue,
-  resolveIssue
+  resolveIssue,
+  revokeToken
 };

package/dist/cloud/config.js

@@ -1,11 +1,13 @@
 import {
+  clearAuth,
   loadAuth,
   loadProjectId,
   resolveHost,
   saveAuth,
   saveProjectLink
-} from "../chunk-B3HSTDGI.js";
+} from "../chunk-EDGPZTOV.js";
 export {
+  clearAuth,
   loadAuth,
   loadProjectId,
   resolveHost,

package/dist/cloud-cli.js

@@ -2,12 +2,16 @@ import {
   resolveProjectDir
 } from "./chunk-UNMH2DN4.js";
 import {
+  revokeToken
+} from "./chunk-ESW573VH.js";
+import {
+  clearAuth,
   loadAuth,
   loadProjectId,
   resolveHost,
   saveAuth,
   saveProjectLink
-} from "./chunk-B3HSTDGI.js";
+} from "./chunk-EDGPZTOV.js";
 import {
   detectGitRemote,
   pickProjectIdForRepo,
@@ -182,6 +186,18 @@ Run: npx @insitue/claude-plugin link <projectId>
   }
   return 1;
 }
+async function cmdLogout() {
+  const auth = loadAuth();
+  if (auth.token) {
+    try {
+      await revokeToken(resolveHost(auth), auth.token);
+    } catch {
+    }
+  }
+  clearAuth();
+  process.stdout.write("Signed out of InSitue.\n");
+  return 0;
+}
 function cmdWhoami() {
   const auth = loadAuth();
   const projectDir = resolveProjectDir();
@@ -200,5 +216,6 @@ Project: ${projectId ?? "(not linked)"}
 export {
   cmdLink,
   cmdLogin,
+  cmdLogout,
   cmdWhoami
 };

package/dist/diagnose.js

@@ -1,7 +1,7 @@
 import {
   diagnose
-} from "./chunk-KGRPDRYH.js";
-import "./chunk-B3HSTDGI.js";
+} from "./chunk-ZLNSDVTY.js";
+import "./chunk-EDGPZTOV.js";
 export {
   diagnose
 };

package/dist/dispatcher.js

@@ -2,12 +2,12 @@
 
 // src/dispatcher.ts
 var CLI_SUBCOMMANDS = /* @__PURE__ */ new Set(["setup", "diagnose", "help", "--help", "-h"]);
-var CLOUD_SUBCOMMANDS = /* @__PURE__ */ new Set(["login", "link", "whoami"]);
+var CLOUD_SUBCOMMANDS = /* @__PURE__ */ new Set(["login", "link", "whoami", "logout"]);
 var first = process.argv[2];
 if (first && CLI_SUBCOMMANDS.has(first)) {
   await import("./setup-cli.js");
 } else if (first && CLOUD_SUBCOMMANDS.has(first)) {
-  const { cmdLogin, cmdLink, cmdWhoami } = await import("./cloud-cli.js");
+  const { cmdLogin, cmdLink, cmdWhoami, cmdLogout } = await import("./cloud-cli.js");
   const rest = process.argv.slice(3);
   let code;
   switch (first) {
@@ -20,6 +20,9 @@ if (first && CLI_SUBCOMMANDS.has(first)) {
     case "whoami":
       code = cmdWhoami();
       break;
+    case "logout":
+      code = await cmdLogout();
+      break;
     default:
       code = 0;
   }

package/dist/mcp-server.js

@@ -5,21 +5,23 @@ import {
 } from "./chunk-UNMH2DN4.js";
 import {
   diagnose
-} from "./chunk-KGRPDRYH.js";
+} from "./chunk-ZLNSDVTY.js";
 import {
   CloudApiError,
   claimIssue,
   listIssues,
   releaseIssue,
-  resolveIssue
-} from "./chunk-IRPBZWNQ.js";
+  resolveIssue,
+  revokeToken
+} from "./chunk-ESW573VH.js";
 import {
+  clearAuth,
   loadAuth,
   loadProjectId,
   resolveHost,
   saveAuth,
   saveProjectLink
-} from "./chunk-B3HSTDGI.js";
+} from "./chunk-EDGPZTOV.js";
 import {
   detectGitRemote,
   pickProjectIdForRepo,
@@ -928,6 +930,37 @@ server.registerTool(
     }
   }
 );
+server.registerTool(
+  "logout",
+  {
+    description: "Sign out of InSitue Cloud: best-effort revoke this machine's token server-side, then clear local credentials. Logout always clears local creds even if the revoke call fails (network error, 4xx, etc.).",
+    inputSchema: {}
+  },
+  async () => {
+    const cfg = loadAuth();
+    let revoked = false;
+    if (cfg.token) {
+      try {
+        await revokeToken(resolveHost(cfg), cfg.token);
+        revoked = true;
+      } catch {
+      }
+    }
+    clearAuth();
+    return {
+      content: [
+        {
+          type: "text",
+          text: JSON.stringify({
+            status: "ok",
+            revoked,
+            message: "Signed out of InSitue."
+          })
+        }
+      ]
+    };
+  }
+);
 function cloudSetup() {
   const auth = loadAuth();
   if (!auth.token) {
@@ -1121,47 +1154,6 @@ server.registerTool(
     }
   }
 );
-server.registerPrompt(
-  "connect",
-  {
-    title: "Connect to InSitue",
-    description: "Loads the operating instructions and begins the pick \u2192 edit loop."
-  },
-  () => ({
-    messages: [
-      {
-        role: "user",
-        content: { type: "text", text: loadInstructions() }
-      }
-    ]
-  })
-);
-server.registerPrompt(
-  "login",
-  {
-    title: "Sign in to InSitue",
-    description: "Browser-based sign-in to InSitue Cloud via PKCE. Opens your browser, confirms a pairing code, then saves credentials and auto-links the repo."
-  },
-  () => ({
-    messages: [
-      {
-        role: "user",
-        content: {
-          type: "text",
-          text: readPkgFile("commands/login.md") ?? loginInstructions()
-        }
-      }
-    ]
-  })
-);
-function loginInstructions() {
-  return `# Sign in to InSitue
-
-Call \`mcp__insitue__authenticate\` to start the browser sign-in flow.
-Show the user the returned URL and userCode, then call
-\`mcp__insitue__complete_authentication\` once they approve in the browser.
-Confirm the result with "Signed in as <login>" and linked project if any.`;
-}
 function readPkgFile(rel) {
   const here = dirname3(fileURLToPath2(import.meta.url));
   for (const base of [join3(here, ".."), here]) {

package/dist/setup-cli.js

@@ -4,8 +4,8 @@ import {
 } from "./chunk-UNMH2DN4.js";
 import {
   diagnose
-} from "./chunk-KGRPDRYH.js";
-import "./chunk-B3HSTDGI.js";
+} from "./chunk-ZLNSDVTY.js";
+import "./chunk-EDGPZTOV.js";
 
 // src/setup-cli.ts
 import {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@insitue/claude-plugin",
-  "version": "0.7.0",
+  "version": "0.7.2",
   "description": "Drive Claude (Code AND Desktop) from the InSitue browser overlay — pick an element in your app, claude reads the file and proposes the edit.",
   "keywords": [
     "insitue",