npm - @insitue/claude-plugin - Versions diffs - 0.7.2 → 0.7.3 - Mend

@insitue/claude-plugin 0.7.2 → 0.7.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/.claude-plugin/plugin.json +1 -1
package/CHANGELOG.md +5 -0
package/dist/{chunk-RS3B7P4N.js → chunk-BZDEEE6O.js} +119 -1
package/dist/cloud/login.js +1 -1
package/dist/cloud-cli.js +25 -8
package/dist/mcp-server.js +21 -3
package/package.json +1 -1

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "insitue",
-  "version": "0.6.2",
+  "version": "0.6.3",
   "description": "Drive a Claude Code session from the InSitue browser overlay. Pick an element in your app, claude reads the file and proposes the edit.",
   "mcpServers": {
     "insitue": {

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,10 @@
 # @insitue/claude-plugin
+## 0.7.3
+- **Device-flow login for SSH/remote.** `/insitue:login` (+ `authenticate` tool) auto-detects an SSH session and uses a device flow: shows a verification URL + pairing code to approve in any browser; `complete_authentication` polls for the token. `login --device` forces it. Loopback stays the default locally.
+- **Project-scope awareness.** Persists the token scope; cloud errors guide you to re-login for the current project when scoped elsewhere.
 ## 0.7.2
 - **Consistent slash commands.** Removed the duplicate MCP prompts for connect/login/logout, which Claude Code surfaced as differently-named `…insitue:<name> (MCP)` entries alongside the clean `/insitue:*` slash commands. Now there is one consistent surface: `/insitue:connect`, `/insitue:disconnect`, `/insitue:login`, `/insitue:logout` (from `commands/*.md`). On Claude Desktop, use the equivalent tools (`start_session`, `authenticate`+`complete_authentication`, `logout`).

package/dist/{chunk-RS3B7P4N.js → chunk-BZDEEE6O.js} RENAMED Viewed

@@ -34,7 +34,113 @@ function openBrowserUrl(url) {
   } catch {
   }
 }
-async function startLogin(opts) {
+function isRemoteSession() {
+  return !!(process.env["SSH_CONNECTION"] || process.env["SSH_TTY"]);
+}
+async function startDeviceFlow(opts) {
+  const { host, label, repo, openBrowser = true } = opts;
+  const { verifier, challenge } = genPkce();
+  const startRes = await fetch(`${host}/api/v1/cli/authorize/start`, {
+    method: "POST",
+    headers: { "content-type": "application/json" },
+    body: JSON.stringify({
+      code_challenge: challenge,
+      code_challenge_method: "S256",
+      ...label ? { label } : {},
+      ...repo ? { repo } : {}
+    })
+  });
+  if (!startRes.ok) {
+    const text = await startRes.text().catch(() => "");
+    throw new Error(`authorize/start failed: HTTP ${startRes.status} ${text}`);
+  }
+  const startJson = await startRes.json();
+  const { request_id: requestId, user_code: userCode, expires_in } = startJson;
+  const verificationUrl = `${host}/cli/authorize?request_id=${encodeURIComponent(requestId)}`;
+  if (openBrowser) {
+    openBrowserUrl(verificationUrl);
+  }
+  let cancelled = false;
+  let cancelFn = null;
+  function cancel() {
+    cancelled = true;
+    if (cancelFn) cancelFn();
+  }
+  function wait() {
+    return new Promise((resolve, reject) => {
+      const timeoutMs = Math.min((expires_in ?? 600) * 1e3, 6e5);
+      let pollIntervalMs = 5e3;
+      let timer;
+      let settled = false;
+      const overallTimeout = setTimeout(() => {
+        if (settled) return;
+        settled = true;
+        if (timer) clearTimeout(timer);
+        reject(new Error("timed out waiting for device approval (10 min)"));
+      }, timeoutMs);
+      cancelFn = () => {
+        if (settled) return;
+        settled = true;
+        if (timer) clearTimeout(timer);
+        clearTimeout(overallTimeout);
+        reject(new Error("cancelled"));
+      };
+      const poll = async () => {
+        if (settled || cancelled) return;
+        try {
+          const tokenRes = await fetch(`${host}/api/v1/cli/token`, {
+            method: "POST",
+            headers: { "content-type": "application/json" },
+            body: JSON.stringify({
+              request_id: requestId,
+              code_verifier: verifier
+            })
+          });
+          if (tokenRes.ok) {
+            if (settled) return;
+            settled = true;
+            clearTimeout(overallTimeout);
+            const tokenJson = await tokenRes.json();
+            resolve({
+              token: tokenJson.token,
+              host: tokenJson.host,
+              login: tokenJson.login,
+              projectId: tokenJson.projectId ?? null
+            });
+            return;
+          }
+          let errBody = {};
+          try {
+            errBody = await tokenRes.json();
+          } catch {
+          }
+          const errCode = errBody.error ?? "";
+          if (errCode === "authorization_pending") {
+          } else if (errCode === "slow_down") {
+            pollIntervalMs = Math.min(pollIntervalMs + 5e3, 3e4);
+          } else {
+            if (settled) return;
+            settled = true;
+            clearTimeout(overallTimeout);
+            reject(
+              new Error(
+                errCode === "invalid_grant" ? "sign-in failed: token request rejected (invalid_grant). The request may have expired." : `sign-in failed: ${errCode || `HTTP ${tokenRes.status}`}`
+              )
+            );
+            return;
+          }
+        } catch {
+        }
+        if (!settled && !cancelled) {
+          timer = setTimeout(() => void poll(), pollIntervalMs);
+        }
+      };
+      timer = setTimeout(() => void poll(), pollIntervalMs);
+    });
+  }
+  return { authorizeUrl: verificationUrl, userCode, port: 0, wait, cancel };
+}
+async function startLoopbackFlow(opts) {
   const { host, label, repo, openBrowser = true } = opts;
   const { verifier, challenge } = genPkce();
   const state = toBase64Url(randomBytes(16));
@@ -157,6 +263,18 @@ async function startLogin(opts) {
   }
   return { authorizeUrl, userCode, port, wait, cancel };
 }
+async function startLogin(opts) {
+  const { mode, ...rest } = opts;
+  const effectiveMode = (() => {
+    if (mode === "device") return "device";
+    if (mode === "loopback") return "loopback";
+    return isRemoteSession() ? "device" : "loopback";
+  })();
+  if (effectiveMode === "device") {
+    return startDeviceFlow(rest);
+  }
+  return startLoopbackFlow(rest);
+}
 function parseRemoteToOwnerName(remote) {
   remote = remote.trim();
   const sshMatch = remote.match(

package/dist/cloud/login.js CHANGED Viewed

@@ -3,7 +3,7 @@ import {
   genPkce,
   pickProjectIdForRepo,
   startLogin
-} from "../chunk-RS3B7P4N.js";
+} from "../chunk-BZDEEE6O.js";
 export {
   detectGitRemote,
   genPkce,

package/dist/cloud-cli.js CHANGED Viewed

@@ -16,7 +16,7 @@ import {
   detectGitRemote,
   pickProjectIdForRepo,
   startLogin
-} from "./chunk-RS3B7P4N.js";
+} from "./chunk-BZDEEE6O.js";
 // src/cloud-cli.ts
 import { hostname } from "os";
@@ -55,14 +55,14 @@ async function cmdLogin(argv) {
     );
     return 0;
   }
+  const mode = flags.has("device") ? "device" : flags.has("loopback") ? "loopback" : "auto";
   const auth = loadAuth();
   const host = resolveHost(auth);
   const projectDir = resolveProjectDir();
   const repo = detectGitRemote(projectDir.dir);
-  process.stdout.write("Opening your browser to sign in to InSitue\u2026\n");
   let flow;
   try {
-    flow = await startLogin({ host, label: hostname(), ...repo ? { repo } : {} });
+    flow = await startLogin({ host, label: hostname(), mode, ...repo ? { repo } : {} });
   } catch (err) {
     process.stderr.write(
       `error: could not start login: ${err.message}
@@ -70,20 +70,33 @@ async function cmdLogin(argv) {
     );
     return 1;
   }
-  process.stdout.write(
-    `
+  if (mode === "device" || mode === "auto" && flow.port === 0) {
+    process.stdout.write(
+      `
+Open this URL in any browser to approve:
+  ${flow.authorizeUrl}
+Confirm the code matches: ${flow.userCode}
+Waiting for approval\u2026
+`
+    );
+  } else {
+    process.stdout.write("Opening your browser to sign in to InSitue\u2026\n");
+    process.stdout.write(
+      `
   Browser URL: ${flow.authorizeUrl}
   Pairing code (confirm your browser shows this): ${flow.userCode}
 Waiting for approval\u2026
 `
-  );
+    );
+  }
   let result;
   try {
     result = await flow.wait();
   } catch (err) {
     const msg = err.message ?? String(err);
-    if (msg === "timeout") {
+    if (msg === "timeout" || msg.startsWith("timed out")) {
       process.stderr.write("error: timed out waiting for browser approval\n");
     } else {
       process.stderr.write(`error: ${msg}
@@ -91,9 +104,13 @@ Waiting for approval\u2026
     }
     return 1;
   }
-  saveAuth({ token: result.token, host: result.host, login: result.login });
+  saveAuth({ token: result.token, host: result.host, login: result.login, projectId: result.projectId });
   process.stdout.write(`Signed in as ${result.login}.
 `);
+  if (result.projectId) {
+    process.stdout.write(`Token scoped to project ${result.projectId}.
+`);
+  }
   const projectDir2 = resolveProjectDir();
   let linkedProjectId = result.projectId ?? null;
   if (!linkedProjectId && repo) {

package/dist/mcp-server.js CHANGED Viewed

@@ -26,7 +26,7 @@ import {
   detectGitRemote,
   pickProjectIdForRepo,
   startLogin
-} from "./chunk-RS3B7P4N.js";
+} from "./chunk-BZDEEE6O.js";
 // src/mcp-server.ts
 import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
@@ -826,10 +826,11 @@ server.registerTool(
   }
 );
 var pendingLoginFlow = null;
+var pendingLoginIsDevice = false;
 server.registerTool(
   "authenticate",
   {
-    description: "Start a browser-based InSitue sign-in (PKCE). Opens your browser to the InSitue consent page and returns a `userCode` to visually confirm. After approving in the browser, call `complete_authentication` to finish.",
+    description: "Start an InSitue sign-in (PKCE). Auto-detects the best method: on SSH or headless environments uses device-flow (returns a URL + code for you to open in any browser); on a local machine opens your browser directly. After approving in the browser, call `complete_authentication` to finish.",
     inputSchema: {}
   },
   async () => {
@@ -839,9 +840,26 @@ server.registerTool(
     const flow = await startLogin({
       host,
       label: hostname(),
+      mode: "auto",
       ...repo ? { repo } : {}
     });
     pendingLoginFlow = flow;
+    pendingLoginIsDevice = flow.port === 0;
+    if (pendingLoginIsDevice) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: JSON.stringify({
+              status: "device",
+              verificationUrl: flow.authorizeUrl,
+              userCode: flow.userCode,
+              message: "Open the URL in any browser, confirm the code, then I'll finish."
+            })
+          }
+        ]
+      };
+    }
     return {
       content: [
         {
@@ -894,7 +912,7 @@ server.registerTool(
           ]
         };
       }
-      saveAuth({ token: result.token, host: result.host, login: result.login });
+      saveAuth({ token: result.token, host: result.host, login: result.login, projectId: result.projectId });
       let linkedProjectId = result.projectId ?? null;
       let linked = false;
       if (!linkedProjectId) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@insitue/claude-plugin",
-  "version": "0.7.2",
+  "version": "0.7.3",
   "description": "Drive Claude (Code AND Desktop) from the InSitue browser overlay — pick an element in your app, claude reads the file and proposes the edit.",
   "keywords": [
     "insitue",