@lifeaitools/clauth 1.5.10 → 1.5.11

package/cli/commands/serve.js

@@ -2505,7 +2505,16 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
   // ── OAuth provider (self-contained for claude.ai MCP) ──────
   const oauthClients = new Map();   // client_id → { client_secret, redirect_uris, client_name }
   const oauthCodes = new Map();     // code → { client_id, redirect_uri, code_challenge, expires }
-  const oauthTokens = new Set();    // active access tokens
+
+  // Persist tokens to disk so daemon restarts don't invalidate claude.ai sessions
+  const TOKENS_FILE = path.join(os.tmpdir(), "clauth-oauth-tokens.json");
+  function loadTokens() {
+    try { return new Set(JSON.parse(fs.readFileSync(TOKENS_FILE, "utf8"))); } catch { return new Set(); }
+  }
+  function saveTokens(set) {
+    try { fs.writeFileSync(TOKENS_FILE, JSON.stringify([...set])); } catch {}
+  }
+  const oauthTokens = loadTokens(); // active access tokens — persisted across restarts
 
   // Pre-generate a stable client for claude.ai (shown at startup)
   const OAUTH_CLIENT_ID = crypto.randomBytes(16).toString("hex");
@@ -2998,6 +3007,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       oauthCodes.delete(body.code);
       const accessToken = crypto.randomBytes(32).toString("hex");
       oauthTokens.add(accessToken);
+      saveTokens(oauthTokens);
 
       const logMsg = `[${new Date().toISOString()}] OAuth: token issued for client ${stored.client_id}\n`;
       try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.10",
+  "version": "1.5.11",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {