npm - @lifeaitools/clauth - Versions diffs - 1.5.6 → 1.5.8 - Mend

@lifeaitools/clauth 1.5.6 → 1.5.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/cli/commands/serve.js +56 -8
package/package.json +1 -1

package/cli/commands/serve.js CHANGED Viewed

@@ -739,6 +739,7 @@ function dashboardHtml(port, whitelist, isStaged = false) {
     <button class="btn-add" onclick="toggleAddService()">+ Add Service</button>
     <button class="btn-check" id="check-btn" onclick="checkAll()">⬤ Check All</button>
     <button class="btn-lock" onclick="lockVault()">🔒 Lock</button>
+    <button class="btn-stop" onclick="restartDaemon()" style="background:#1a2e1a;border:1px solid #166534;color:#86efac" title="Restart daemon — keeps vault unlocked">↺ Restart</button>
     <button class="btn-stop" onclick="stopDaemon()" style="background:#7f1d1d;border:1px solid #991b1b;color:#fca5a5" title="Stop daemon — password required on next start">⏹ Stop</button>
     <button class="btn-cancel" style="margin-left:auto" onclick="toggleChangePw()">Change Password</button>
   </div>
@@ -1131,6 +1132,17 @@ async function makeLive() {
   }
 }
+// ── Restart daemon (keeps boot.key — vault stays unlocked) ──
+async function restartDaemon() {
+  if (!confirm("Restart the daemon?\\n\\nThe vault will stay unlocked (boot.key kept).")) return;
+  const btn = document.querySelector('[onclick="restartDaemon()"]');
+  if (btn) { btn.disabled = true; btn.textContent = "↺ Restarting…"; }
+  try {
+    await fetch(BASE + "/restart", { method: "POST" });
+  } catch {}
+  document.getElementById("main-view").innerHTML = '<div style="text-align:center;padding:80px 20px"><div style="font-size:3rem;margin-bottom:16px">↺</div><div style="font-size:1.1rem;color:#86efac">Restarting…</div><div style="font-size:.85rem;color:#64748b;margin-top:8px">Page will reload automatically.</div></div>';
+}
 // ── Stop daemon (user-initiated — clears boot.key, requires password on restart) ──
 async function stopDaemon() {
   if (!confirm("Stop the daemon?\\n\\nCredentials will need to be re-entered on next start.")) return;
@@ -2988,9 +3000,23 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return res.end(JSON.stringify({ access_token: accessToken, token_type: "Bearer", expires_in: 86400 }));
     }
+    // ── MCP path helpers ──
+    const MCP_PATHS = ["/mcp", "/gws", "/clauth"];
+    const isMcpPath = MCP_PATHS.includes(reqPath);
+    function toolsForPath(p) {
+      if (p === "/gws")    return MCP_TOOLS.filter(t => t.name.startsWith("gws_"));
+      if (p === "/clauth") return MCP_TOOLS.filter(t => t.name.startsWith("clauth_"));
+      return MCP_TOOLS; // /mcp — all tools
+    }
+    function serverNameForPath(p) {
+      if (p === "/gws")    return "gws";
+      if (p === "/clauth") return "clauth";
+      return "clauth";
+    }
     // ── MCP OAuth-protected endpoint (for claude.ai web) ──
-    // POST /mcp — requires Bearer token; returns 401 to trigger OAuth flow
-    if (method === "POST" && reqPath === "/mcp") {
+    // POST /mcp|/gws|/clauth — requires Bearer token; returns 401 to trigger OAuth flow
+    if (method === "POST" && isMcpPath) {
       const authHeader = req.headers.authorization;
       if (!authHeader || !authHeader.startsWith("Bearer ")) {
         const base = oauthBase();
@@ -3012,8 +3038,8 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     }
     // ── MCP Streamable HTTP transport (2025-03-26 spec) ──
-    // POST /sse or POST /mcp — JSON-RPC over HTTP
-    if (method === "POST" && (reqPath === "/sse" || reqPath === "/mcp")) {
+    // POST /sse, /mcp, /gws, /clauth — JSON-RPC over HTTP
+    if (method === "POST" && (reqPath === "/sse" || isMcpPath)) {
       let body;
       try { body = await readBody(req); } catch {
         res.writeHead(400, { "Content-Type": "application/json", ...CORS });
@@ -3022,7 +3048,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       const id = body.id;
       const rpcMethod = body.method;
-      const logMsg = `[${new Date().toISOString()}] Streamable HTTP: ${rpcMethod} id=${id}\n`;
+      const logMsg = `[${new Date().toISOString()}] Streamable HTTP [${reqPath}]: ${rpcMethod} id=${id}\n`;
       try { fs.appendFileSync(LOG_FILE, logMsg); } catch {}
       // Notifications — no response needed
@@ -3034,7 +3060,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       if (rpcMethod === "initialize") {
         const result = {
           protocolVersion: "2025-03-26",
-          serverInfo: { name: "clauth", version: VERSION },
+          serverInfo: { name: serverNameForPath(reqPath), version: VERSION },
           capabilities: { tools: {} }
         };
         res.writeHead(200, { "Content-Type": "application/json", ...CORS });
@@ -3043,7 +3069,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       if (rpcMethod === "tools/list") {
         res.writeHead(200, { "Content-Type": "application/json", ...CORS });
-        return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: { tools: MCP_TOOLS } }));
+        return res.end(JSON.stringify({ jsonrpc: "2.0", id, result: { tools: toolsForPath(reqPath) } }));
       }
       if (rpcMethod === "tools/call") {
@@ -3272,6 +3298,28 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
       return ok(res, { status: tunnelStatus });
     }
+    // POST /restart — spawn fresh process then exit (keeps boot.key, vault stays unlocked)
+    if (method === "POST" && reqPath === "/restart") {
+      ok(res, { ok: true, message: "restarting" });
+      const { spawn } = await import("child_process");
+      const cliEntry = path.resolve(__dirname, "../index.js");
+      const childArgs = [cliEntry, "serve", "start", "--port", String(port)];
+      if (password) childArgs.push("--pw", password);
+      if (whitelist) childArgs.push("--services", whitelist.join(","));
+      if (tunnelHostname) childArgs.push("--tunnel", tunnelHostname);
+      const out = fs.openSync(LOG_FILE, "a");
+      const child = spawn(process.execPath, childArgs, {
+        detached: true,
+        stdio: ["ignore", out, out],
+        env: { ...process.env, __CLAUTH_DAEMON: "1" },
+      });
+      child.unref();
+      stopTunnel();
+      removePid();
+      setTimeout(() => process.exit(0), 300);
+      return;
+    }
     // GET|POST /shutdown (for daemon stop — programmatic, keeps boot.key)
     // Accept POST as well — older scripts and curl default to POST
     if ((method === "GET" || method === "POST") && reqPath === "/shutdown") {
@@ -4287,7 +4335,7 @@ function createServer(initPassword, whitelist, port, tunnelHostnameInit = null,
     // Don't count browser noise, MCP discovery probes, or OAuth probes as auth failures
     const isBenign = reqPath.startsWith("/.well-known/") || [
       "/favicon.ico", "/robots.txt", "/apple-touch-icon.png", "/apple-touch-icon-precomposed.png",
-      "/sse", "/mcp", "/message", "/register", "/authorize", "/token", "/shutdown",
+      "/sse", "/mcp", "/gws", "/clauth", "/message", "/register", "/authorize", "/token", "/shutdown", "/restart",
     ].includes(reqPath);
     if (isBenign) {
       res.writeHead(404, { "Content-Type": "application/json", ...CORS });

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lifeaitools/clauth",
-  "version": "1.5.6",
+  "version": "1.5.8",
   "description": "Hardware-bound credential vault for the LIFEAI infrastructure stack",
   "type": "module",
   "bin": {