npm - @lifeaitools/clauth - Versions diffs - 1.5.22 → 1.5.23 - Mend

@lifeaitools/clauth 1.5.22 → 1.5.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli/commands/serve.js +70 -5
package/package.json +1 -1

package/cli/commands/serve.js CHANGED Viewed

@@ -847,10 +847,15 @@ function dashboardHtml(port, whitelist, isStaged = false) {
     <div class="mcp-setup-title">claude.ai MCP Integration</div>
     <div class="oauth-fields">
       <div class="mcp-row">
-        <span class="mcp-label">URL</span>
+        <span class="mcp-label">URL (all tools)</span>
         <span class="mcp-val" id="mcp-url">—</span>
         <button class="mcp-copy" onclick="copyMcp('mcp-url')">copy</button>
       </div>
+      <div class="mcp-row">
+        <span class="mcp-label">URL (GWS only)</span>
+        <span class="mcp-val" id="mcp-gws-url">—</span>
+        <button class="mcp-copy" onclick="copyMcp('mcp-gws-url')">copy</button>
+      </div>
       <div class="mcp-row">
         <span class="mcp-label">Client ID</span>
         <span class="mcp-val" id="mcp-client-id">—</span>
@@ -862,7 +867,10 @@ function dashboardHtml(port, whitelist, isStaged = false) {
         <button class="mcp-copy" onclick="copyMcp('mcp-client-secret')">copy</button>
       </div>
     </div>
-    <div style="font-size:.72rem;color:#64748b;margin-top:4px">Paste these into <a href="https://claude.ai/settings/integrations" target="_blank" style="color:#60a5fa">claude.ai Settings → Integrations</a></div>
+    <div style="display:flex;align-items:center;gap:8px;margin-top:6px">
+      <div style="font-size:.72rem;color:#64748b">Paste into <a href="https://claude.ai/settings/integrations" target="_blank" style="color:#60a5fa">claude.ai → Integrations</a></div>
+      <button class="mcp-copy" onclick="rollMcpCreds()" style="font-size:.7rem">Roll Credentials</button>
+    </div>
   </div>
   <div class="wizard-panel" id="wizard-panel">
@@ -1939,10 +1947,12 @@ async function toggleMcpSetup() {
     try {
       const m = await fetch(BASE + "/mcp-setup").then(r => r.json());
       document.getElementById("mcp-url").textContent = m.url || "(tunnel not running)";
+      document.getElementById("mcp-gws-url").textContent = m.gwsUrl || "(tunnel not running)";
       document.getElementById("mcp-client-id").textContent = m.clientId || "—";
       document.getElementById("mcp-client-secret").textContent = m.clientSecret || "—";
     } catch {
       document.getElementById("mcp-url").textContent = "(error fetching)";
+      document.getElementById("mcp-gws-url").textContent = "(error fetching)";
     }
   }
 }
@@ -1958,6 +1968,17 @@ function copyMcp(elId) {
   }).catch(() => {});
 }
+async function rollMcpCreds() {
+  if (!confirm("Roll MCP credentials? You will need to re-add connectors in claude.ai with the new credentials.")) return;
+  try {
+    const resp = await fetch(BASE + "/roll-mcp-creds", { method: "POST" }).then(r => r.json());
+    if (resp.client_id) {
+      document.getElementById("mcp-client-id").textContent = resp.client_id;
+      document.getElementById("mcp-client-secret").textContent = resp.client_secret;
+    }
+  } catch(e) { alert("Failed: " + e.message); }
+}
 // ── Tunnel Setup Wizard ─────────────────────
 let wizStep = null;
 let wizData = {};
@@ -2335,13 +2356,28 @@ async function wizShowMcpSetup(hostname) {
     <div style="margin-top:10px;font-size:.78rem;color:#64748b">
       Paste into <a class="wiz-link" href="https://claude.ai/settings/integrations" target="_blank">claude.ai → Settings → Integrations</a>
     </div>
+    <div style="margin-top:8px;font-size:.78rem;color:#64748b">
+      GWS connector: use <code style="color:#60a5fa">https://\${hostname}/gws</code> as URL (same Client ID/Secret)
+    </div>
   \`, [], [
     \`<button class="btn-wiz-primary" onclick="window.open('https://claude.ai/settings/integrations','_blank');wizShowTest()">I've Added It — Test Now</button>\`,
+    \`<button class="btn-wiz-secondary" onclick="wizRollCreds()">Roll Credentials</button>\`,
     \`<button class="btn-wiz-secondary" onclick="wizShowTest()">Skip Test</button>\`,
     \`<button class="btn-wiz-secondary" onclick="closeSetupWizard()">Done</button>\`
   ]);
 }
+async function wizRollCreds() {
+  if (!confirm("Roll MCP credentials? Existing claude.ai connectors will need to be re-added with the new credentials.")) return;
+  try {
+    const resp = await apiFetch("/roll-mcp-creds", { method: "POST" });
+    if (resp?.client_id) {
+      document.getElementById("wiz-mcp-cid").textContent = resp.client_id;
+      document.getElementById("wiz-mcp-sec").textContent = resp.client_secret;
+    }
+  } catch(e) { alert("Failed to roll credentials: " + e.message); }
+}
 function wizCopy(elId, btn) {
   const val = document.getElementById(elId)?.textContent?.trim();
   if (!val) return;
@@ -2531,8 +2567,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     return creds;
   }
   const stableCreds = loadOrCreateCreds();
-  const OAUTH_CLIENT_ID = stableCreds.client_id;
-  const OAUTH_CLIENT_SECRET = stableCreds.client_secret;
+  let OAUTH_CLIENT_ID = stableCreds.client_id;
+  let OAUTH_CLIENT_SECRET = stableCreds.client_secret;
   oauthClients.set(OAUTH_CLIENT_ID, {
     client_id: OAUTH_CLIENT_ID, client_secret: OAUTH_CLIENT_SECRET,
     client_name: "claude.ai", redirect_uris: ["https://claude.ai/api/mcp/auth_callback"],
@@ -3327,13 +3363,42 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // GET /mcp-setup — OAuth credentials for claude.ai MCP setup (localhost only)
     if (method === "GET" && reqPath === "/mcp-setup") {
+      const base = tunnelUrl && tunnelUrl.startsWith("http") ? tunnelUrl : null;
       return ok(res, {
-        url: tunnelUrl && tunnelUrl.startsWith("http") ? `${tunnelUrl}/mcp` : null,
+        url: base ? `${base}/sse` : null,
+        gwsUrl: base ? `${base}/gws` : null,
         clientId: OAUTH_CLIENT_ID,
         clientSecret: OAUTH_CLIENT_SECRET,
       });
     }
+    // POST /roll-mcp-creds — generate new client ID/secret, invalidate all tokens
+    if (method === "POST" && reqPath === "/roll-mcp-creds") {
+      if (lockedGuard(res)) return;
+      const newId = crypto.randomBytes(16).toString("hex");
+      const newSecret = crypto.randomBytes(32).toString("hex");
+      // Update in-memory
+      oauthClients.delete(OAUTH_CLIENT_ID);
+      OAUTH_CLIENT_ID = newId;
+      OAUTH_CLIENT_SECRET = newSecret;
+      stableCreds.client_id = newId;
+      stableCreds.client_secret = newSecret;
+      try { fs.writeFileSync(CREDS_FILE, JSON.stringify(stableCreds)); } catch {}
+      // Register new client
+      oauthClients.set(newId, {
+        client_id: newId, client_secret: newSecret,
+        client_name: "claude.ai", redirect_uris: ["https://claude.ai/api/mcp/auth_callback"],
+        grant_types: ["authorization_code"], response_types: ["code"],
+        token_endpoint_auth_method: "client_secret_post",
+      });
+      // Invalidate all existing tokens
+      oauthTokens.clear();
+      saveTokens(oauthTokens);
+      const logMsg = `[${new Date().toISOString()}] OAuth: rolled credentials — new client ${newId.slice(0,8)}…, all tokens invalidated\n`;
+      try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
+      return ok(res, { client_id: newId, client_secret: newSecret, tokens_invalidated: true });
+    }
     // POST /tunnel — start or stop tunnel manually (action in body)
     if (method === "POST" && reqPath === "/tunnel") {
       if (lockedGuard(res)) return;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.22",
+  "version": "1.5.23",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {