@lifeaitools/clauth 1.8.1 → 1.9.2

package/README.md

@@ -27,19 +27,37 @@ At the end it prints a **bootstrap token** — save it for the next step.
 
 ---
 
-## After Install — Register Your Machine
-
-```bash
-clauth setup
-```
+## After Install — Register Your Machine
+
+```bash
+clauth setup
+```
 
 Prompts for: machine label, password, bootstrap token (from `clauth install`).
 
-Then verify:
-```bash
-clauth test      # → PASS
-clauth status    # → 12 services, all NO KEY
-```
+Then verify:
+```bash
+clauth test      # → PASS
+clauth status    # → 12 services, all NO KEY
+```
+
+### Add A New Computer
+
+On an old computer where clauth is already registered:
+
+```bash
+clauth enroll --label "Dave-New-Laptop"
+```
+
+This creates a one-time enrollment code tied to the same `install_id` and writes
+a one-time PowerShell setup script. Move that script to the new computer and run
+it. The script installs clauth, enrolls the computer, installs startup, then
+deletes itself. Setup defaults the machine label to the computer name and only
+asks you to set the new computer's local clauth password.
+
+The enrollment code does not copy repo credentials into the script. It lets the
+new hardware-bound `machine_hash` join the shared Supabase Vault once. After the
+code is redeemed, it cannot be used again.
 
 ---
 
@@ -70,9 +88,10 @@ clauth get github
 ## Command Reference
 
 ```
-clauth install              Provision Supabase + install Claude skill
-clauth setup                Register this machine with the vault
-clauth status               All services + state
+clauth install              Provision Supabase + install Claude skill
+clauth setup                Register this machine with the vault
+clauth enroll               Create one-time code to add another computer
+clauth status               All services + state
 clauth search <query>       Find services by name, project, description, or redacted address
 clauth test                 Verify connection
 

package/cli/api.js

@@ -102,20 +102,38 @@ export async function test(password, machineHash, token, timestamp) {
   return authPost("test", password, machineHash, token, timestamp);
 }
 
-export async function changePassword(password, machineHash, token, timestamp, newSeedHash) {
-  return authPost("change-password", password, machineHash, token, timestamp, { new_hmac_seed_hash: newSeedHash });
-}
-
-export async function registerMachine(machineHash, seedHash, label, adminToken) {
-  return post("register-machine", {
-    machine_hash: machineHash,
-    hmac_seed_hash: seedHash,
-    label,
-    admin_token: adminToken
-  });
-}
-
-export default {
-  retrieve, write, enable, addService, updateService, removeService, revoke,
-  status, test, registerMachine, getBaseUrl, getAnonKey
-};
+export async function changePassword(password, machineHash, token, timestamp, newSeedHash) {
+  return authPost("change-password", password, machineHash, token, timestamp, { new_hmac_seed_hash: newSeedHash });
+}
+
+export async function createEnrollment(password, machineHash, token, timestamp, label, ttlMinutes, installId) {
+  const extra = {};
+  if (label) extra.label = label;
+  if (ttlMinutes) extra.ttl_minutes = ttlMinutes;
+  if (installId) extra.install_id = installId;
+  return authPost("create-enrollment", password, machineHash, token, timestamp, extra);
+}
+
+export async function registerMachine(machineHash, seedHash, label, adminToken, extras = {}) {
+  return post("register-machine", {
+    machine_hash: machineHash,
+    hmac_seed_hash: seedHash,
+    label,
+    admin_token: adminToken,
+    ...extras
+  });
+}
+
+export async function redeemEnrollment(machineHash, seedHash, label, enrollmentCode) {
+  return post("redeem-enrollment", {
+    machine_hash: machineHash,
+    hmac_seed_hash: seedHash,
+    label,
+    enrollment_code: enrollmentCode
+  });
+}
+
+export default {
+  retrieve, write, enable, addService, updateService, removeService, revoke,
+  status, test, createEnrollment, registerMachine, redeemEnrollment, getBaseUrl, getAnonKey
+};

package/cli/commands/codevelop.js

@@ -45,6 +45,14 @@ function getRequestPath() {
   return path.join(getClauthAppDir(), "codevelop-request.json");
 }
 
+function getAdhocStatePath() {
+  return path.join(getClauthAppDir(), "codevelop-channel-active.json");
+}
+
+function getAdhocChannelsPath() {
+  return path.join(getClauthAppDir(), "codevelop-channels.json");
+}
+
 function cmdValue(value) {
   return String(value ?? "").replace(/%/g, "%%").replace(/"/g, "'");
 }
@@ -430,6 +438,271 @@ function normalizeOptionalPeer(peer) {
   return value;
 }
 
+function normalizeAdhocId(value, label) {
+  const text = String(value || "").trim().toLowerCase();
+  if (!text) throw new Error(`${label} is required`);
+  const normalized = text.replace(/[^a-z0-9_.-]+/g, "-").replace(/^-+|-+$/g, "");
+  if (!normalized) throw new Error(`${label} must contain letters, numbers, dots, underscores, or hyphens`);
+  if (normalized.length > 64) throw new Error(`${label} is too long; keep it under 64 characters`);
+  return normalized;
+}
+
+function normalizeOptionalAdhocId(value) {
+  const text = String(value || "").trim();
+  return text ? normalizeAdhocId(text, "peer") : null;
+}
+
+function getCodevelopBaseUrl(opts = {}) {
+  const port = Number(opts.port || DEFAULT_PORT);
+  if (RESERVED_PORTS.has(port)) throw new Error(`Refusing to use reserved clauth port ${port}`);
+  return opts.baseUrl || process.env.CODEVELOP_BASE_URL || `http://127.0.0.1:${port}`;
+}
+
+async function ensureCodevelopReachable(opts = {}) {
+  const baseUrl = getCodevelopBaseUrl(opts);
+  if (await testPing(baseUrl)) return { baseUrl, startedClauthPid: null };
+  if (!asBool(opts.startIsolatedClauth)) {
+    throw new Error(`clauth is not reachable at ${baseUrl}. Re-run with --start-isolated-clauth.`);
+  }
+  const port = Number(opts.port || DEFAULT_PORT);
+  const startedClauthPid = startIsolatedClauth(port);
+  if (!(await waitForPing(baseUrl))) throw new Error(`isolated clauth did not become ready at ${baseUrl}`);
+  return { baseUrl, startedClauthPid };
+}
+
+function writeAdhocState(state) {
+  const appDir = getClauthAppDir();
+  fs.mkdirSync(appDir, { recursive: true });
+  fs.writeFileSync(getAdhocStatePath(), `${JSON.stringify({
+    ...state,
+    updated_at: new Date().toISOString(),
+  }, null, 2)}\n`, "utf8");
+}
+
+function readAdhocState() {
+  const statePath = getAdhocStatePath();
+  if (!fs.existsSync(statePath)) return null;
+  return readJsonFile(statePath);
+}
+
+function readAdhocChannels() {
+  const channelsPath = getAdhocChannelsPath();
+  if (!fs.existsSync(channelsPath)) return {};
+  const parsed = readJsonFile(channelsPath);
+  return parsed && typeof parsed === "object" ? parsed : {};
+}
+
+function writeAdhocChannels(channels) {
+  const appDir = getClauthAppDir();
+  fs.mkdirSync(appDir, { recursive: true });
+  fs.writeFileSync(getAdhocChannelsPath(), `${JSON.stringify(channels, null, 2)}\n`, "utf8");
+}
+
+async function getCodevelopStatus(baseUrl, sessionId) {
+  return requestJson("GET", `${baseUrl}/codevelop/${encodeURIComponent(sessionId)}/status`);
+}
+
+async function findOrCreateAdhocChannel(opts = {}) {
+  const channel = normalizeAdhocId(opts.channel || opts.name || process.env.CODEVELOP_CHANNEL || "1", "channel");
+  const sessionName = `channel-${channel}`;
+  const { baseUrl, startedClauthPid } = await ensureCodevelopReachable(opts);
+  const channels = readAdhocChannels();
+  const existing = channels[channel];
+  if (existing?.session_id && existing?.base_url === baseUrl) {
+    try {
+      const session = await getCodevelopStatus(baseUrl, existing.session_id);
+      if (session.status !== "stopped") return { baseUrl, channel, session, created: false, startedClauthPid };
+    } catch {}
+  }
+
+  const session = await requestJson("POST", `${baseUrl}/codevelop/start`, {
+    name: sessionName,
+    repo: opts.repo || DEFAULT_REPO,
+    metadata: {
+      mode: "adhoc-channel",
+      channel,
+      created_by: opts.peer || process.env.CODEVELOP_PEER || null,
+    },
+  });
+  channels[channel] = {
+    channel,
+    session_id: session.session_id,
+    base_url: baseUrl,
+    name: sessionName,
+    created_at: new Date().toISOString(),
+    updated_at: new Date().toISOString(),
+  };
+  writeAdhocChannels(channels);
+  return { baseUrl, channel, session, created: true, startedClauthPid };
+}
+
+async function loadAdhocContext(opts = {}) {
+  if (opts.session && opts.peer) {
+    return {
+      baseUrl: getCodevelopBaseUrl(opts),
+      channel: normalizeAdhocId(opts.channel || opts.name || "custom", "channel"),
+      sessionId: opts.session,
+      peer: normalizeAdhocId(opts.peer, "peer"),
+    };
+  }
+
+  const state = readAdhocState();
+  const channel = opts.channel || state?.channel || process.env.CODEVELOP_CHANNEL;
+  const peer = opts.peer || opts.from || state?.peer || process.env.CODEVELOP_PEER;
+  if (!channel || !peer) {
+    throw new Error("No active ad hoc channel. Run: clauth codevelop join --channel 1 --peer codex-1");
+  }
+
+  if (opts.channel || opts.peer || !state?.session_id) {
+    const joined = await joinAdhocChannel({ ...opts, channel, peer, silent: true });
+    return {
+      baseUrl: joined.baseUrl,
+      channel: joined.channel,
+      sessionId: joined.session_id,
+      peer: joined.peer,
+    };
+  }
+
+  return {
+    baseUrl: opts.baseUrl || state.base_url || getCodevelopBaseUrl(opts),
+    channel: normalizeAdhocId(channel, "channel"),
+    sessionId: state.session_id,
+    peer: normalizeAdhocId(peer, "peer"),
+  };
+}
+
+function formatAdhocMessage(message) {
+  const body = message.task || message.message || message.summary || "";
+  return `[${message.turn_id}] ${message.from} -> ${message.to} ${message.type || "message"}: ${body}`;
+}
+
+async function joinAdhocChannel(opts = {}) {
+  const peer = normalizeAdhocId(opts.peer || opts.from || process.env.CODEVELOP_PEER, "peer");
+  const { baseUrl, channel, session, created, startedClauthPid } = await findOrCreateAdhocChannel(opts);
+  const sessionId = session.session_id;
+  const joined = await requestJson("POST", `${baseUrl}/codevelop/join`, {
+    session_id: sessionId,
+    peer_id: peer,
+    role: opts.role || "participant",
+    metadata: {
+      mode: "adhoc-channel",
+      channel,
+      cwd: process.cwd(),
+    },
+  });
+
+  writeAdhocState({
+    channel,
+    peer,
+    session_id: sessionId,
+    base_url: baseUrl,
+    state_path: getAdhocStatePath(),
+  });
+
+  if (!opts.silent) {
+    console.log(`CHANNEL=${channel}`);
+    console.log(`PEER=${peer}`);
+    console.log(`CODEVELOP_SESSION=${sessionId}`);
+    console.log(`BASE_URL=${baseUrl}`);
+    console.log(`CREATED=${created ? "yes" : "no"}`);
+    if (startedClauthPid) console.log(`CLAUTH_PID=${startedClauthPid}`);
+    console.log(`STATE=${getAdhocStatePath()}`);
+    console.log("");
+    console.log(`Send:  clauth codevelop say --message "hello"`);
+    console.log(`Read:  clauth codevelop read`);
+    console.log(`Watch: clauth codevelop watch`);
+  }
+
+  return { ...joined, baseUrl, channel, peer, session_id: sessionId };
+}
+
+async function listAdhocPeers(opts = {}) {
+  const ctx = await loadAdhocContext(opts);
+  const status = await requestJson("GET", `${ctx.baseUrl}/codevelop/${encodeURIComponent(ctx.sessionId)}/status`);
+  console.log(`channel ${ctx.channel} (${ctx.sessionId})`);
+  for (const peer of Object.values(status.peers || {})) {
+    console.log(`${peer.peer_id}\trole=${peer.role || "participant"}\tqueued=${peer.queued}\tstreams=${peer.streams}\tlast_seen=${peer.last_seen_at || ""}`);
+  }
+}
+
+async function sayAdhoc(opts = {}) {
+  const ctx = await loadAdhocContext(opts);
+  const message = opts.message || opts.task || opts.args?.join(" ") || "";
+  if (!String(message).trim()) throw new Error("--message is required for codevelop say");
+
+  const status = await requestJson("GET", `${ctx.baseUrl}/codevelop/${encodeURIComponent(ctx.sessionId)}/status`);
+  const explicitTo = normalizeOptionalAdhocId(opts.to);
+  const targets = explicitTo
+    ? [explicitTo]
+    : Object.keys(status.peers || {}).filter(peer => peer !== ctx.peer && peer !== "system");
+  if (!targets.length) {
+    throw new Error(`No other peers are in channel ${ctx.channel}. Have the other pane run: clauth codevelop join --channel ${ctx.channel} --peer claude-1`);
+  }
+
+  const sent = [];
+  for (const target of targets) {
+    const result = await requestJson("POST", `${ctx.baseUrl}/codevelop/send`, {
+      session_id: ctx.sessionId,
+      from: ctx.peer,
+      to: target,
+      type: "chat",
+      task: message,
+      message,
+      context: {
+        mode: "adhoc-channel",
+        channel: ctx.channel,
+      },
+    });
+    sent.push(result);
+  }
+
+  console.log(JSON.stringify({
+    channel: ctx.channel,
+    session_id: ctx.sessionId,
+    from: ctx.peer,
+    to: targets,
+    sent,
+  }, null, 2));
+}
+
+async function readAdhoc(opts = {}) {
+  const ctx = await loadAdhocContext(opts);
+  const inbox = await requestJson("POST", `${ctx.baseUrl}/codevelop/poll`, {
+    session_id: ctx.sessionId,
+    peer_id: ctx.peer,
+  });
+  if (asBool(opts.json)) {
+    console.log(JSON.stringify(inbox, null, 2));
+    return;
+  }
+  if (!inbox.count) {
+    console.log(`channel ${ctx.channel}: no messages for ${ctx.peer}`);
+    return;
+  }
+  for (const message of inbox.messages || []) console.log(formatAdhocMessage(message));
+}
+
+async function watchAdhoc(opts = {}) {
+  const ctx = await loadAdhocContext(opts);
+  const streamUrl = `${ctx.baseUrl}/codevelop/${encodeURIComponent(ctx.sessionId)}/${encodeURIComponent(ctx.peer)}/stream`;
+  const once = asBool(opts.once);
+  console.log(`Watching channel ${ctx.channel} as ${ctx.peer}`);
+  console.log(`stream ${streamUrl}`);
+
+  connectSse(streamUrl, {
+    onEvent: ({ event, data }) => {
+      if (event !== "message" && event !== "stop") return;
+      console.log(formatAdhocMessage(data || {}));
+      if (once) process.exit(0);
+    },
+    onError: err => {
+      console.error(`watch error: ${err.message}`);
+      process.exitCode = 1;
+    },
+  });
+  await new Promise(() => {});
+}
+
 function inferFromPeer({ from, to, peer } = {}) {
   const explicit = normalizeOptionalPeer(from) || normalizeOptionalPeer(peer) || normalizeOptionalPeer(process.env.CODEVELOP_PEER);
   if (explicit) return explicit;
@@ -884,6 +1157,11 @@ export async function runCodevelop(opts = {}) {
     return;
   }
   if (action === "start") return startCodevelop(opts);
+  if (action === "join") return joinAdhocChannel(opts);
+  if (action === "say") return sayAdhoc(opts);
+  if (action === "read") return readAdhoc(opts);
+  if (action === "watch") return watchAdhoc(opts);
+  if (action === "who") return listAdhocPeers(opts);
   if (action === "launch-peer") return launchPeer(opts);
   if (action === "check-partner") return checkPartner(opts);
   if (action === "sync") return syncPartner(opts);
@@ -896,6 +1174,11 @@ export async function runCodevelop(opts = {}) {
   console.log(chalk.cyan("\nclauth codevelop\n"));
   console.log("  clauth codevelop install-terminal [--repo C:\\Dev\\regen-root]");
   console.log("  clauth codevelop start --port 53137 --start-isolated-clauth [--repo C:\\Dev\\regen-root]");
+  console.log("  clauth codevelop join --channel 1 --peer codex-1 [--start-isolated-clauth]");
+  console.log("  clauth codevelop say --message \"claude-1 look at this doc and report back\" [--to claude-1]");
+  console.log("  clauth codevelop read");
+  console.log("  clauth codevelop watch [--once]");
+  console.log("  clauth codevelop who");
   console.log("  clauth codevelop ask --to claude|codex --task \"...\" --wait");
   console.log("  clauth codevelop reply --from claude|codex --turn turn-0001 --summary \"...\" --evidence \"...\"");
   console.log("  clauth codevelop inbox --peer claude|codex");

package/cli/commands/install.js

@@ -127,10 +127,11 @@ export async function runInstall(opts = {}) {
 
       // Run migrations
       const s4 = ora('Running database migrations...').start();
-      const migrations = [
-        { name: '001_clauth_schema',  file: 'supabase/migrations/001_clauth_schema.sql'  },
-        { name: '002_vault_helpers',  file: 'supabase/migrations/002_vault_helpers.sql'  },
-      ];
+      const migrations = [
+        { name: '001_clauth_schema',  file: 'supabase/migrations/001_clauth_schema.sql'  },
+        { name: '002_vault_helpers',  file: 'supabase/migrations/002_vault_helpers.sql'  },
+        { name: '003_machine_enrollments', file: 'supabase/migrations/003_machine_enrollments.sql' },
+      ];
       for (const m of migrations) {
         const sql = readFileSync(join(ROOT, m.file), 'utf8');
         try {
@@ -251,10 +252,11 @@ export async function runInstall(opts = {}) {
 
   // ── Step 4: Run migrations ────────────────
   const s4 = ora('Running database migrations...').start();
-  const migrations = [
-    { name: '001_clauth_schema',  file: 'supabase/migrations/001_clauth_schema.sql'  },
-    { name: '002_vault_helpers',  file: 'supabase/migrations/002_vault_helpers.sql'  },
-  ];
+  const migrations = [
+    { name: '001_clauth_schema',  file: 'supabase/migrations/001_clauth_schema.sql'  },
+    { name: '002_vault_helpers',  file: 'supabase/migrations/002_vault_helpers.sql'  },
+    { name: '003_machine_enrollments', file: 'supabase/migrations/003_machine_enrollments.sql' },
+  ];
   for (const m of migrations) {
     const sql = readFileSync(join(ROOT, m.file), 'utf8');
     try {