@neuralnomads/codenomad-dev 0.16.0-dev-20260526-01d9e46b → 0.16.0-dev-20260527-cb3d4841

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +50 -4
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -32,9 +32,11 @@
32
32
  You can run CodeNomad directly without installing it:
33
33
 
34
34
  ```sh
35
- npx @neuralnomads/codenomad --launch
35
+ npx @neuralnomads/codenomad --password <your-password> --launch
36
36
  ```
37
37
 
38
+ > **Authentication required:** The server requires a password. Pass it via `--password`, the `CODENOMAD_SERVER_PASSWORD` environment variable, or create an `auth.json` file (see [Authentication](#authentication) below).
39
+
38
40
  To list all CLI options:
39
41
 
40
42
  ```sh
@@ -52,7 +54,7 @@ Or install it globally to use the `codenomad` command:
52
54
 
53
55
  ```sh
54
56
  npm install -g @neuralnomads/codenomad
55
- codenomad --launch
57
+ codenomad --password <your-password> --launch
56
58
  ```
57
59
 
58
60
  ### Install Locally (per-project)
@@ -61,7 +63,7 @@ If you prefer to install CodeNomad into a project and run the local binary:
61
63
 
62
64
  ```sh
63
65
  npm install @neuralnomads/codenomad
64
- npx codenomad --launch
66
+ npx codenomad --password <your-password> --launch
65
67
  ```
66
68
 
67
69
  (`npx codenomad ...` will use `./node_modules/.bin/codenomad` when present.)
@@ -102,7 +104,7 @@ You can configure the server using flags or environment variables:
102
104
  If you want the latest bleeding-edge builds (published as GitHub pre-releases), use the dev package:
103
105
 
104
106
  ```sh
105
- npx @neuralnomads/codenomad-dev --launch
107
+ npx @neuralnomads/codenomad-dev --password <your-password> --launch
106
108
  ```
107
109
 
108
110
  These environment variables control how CodeNomad checks for dev updates:
@@ -148,6 +150,14 @@ Certificates are valid for about 30 days and rotate automatically on startup whe
148
150
  codenomad --tlsSANs "localhost,127.0.0.1,my-hostname,192.168.1.10"
149
151
  ```
150
152
 
153
+ > **Browser warning:** Self-signed certificates trigger a "Your connection is not private" warning in browsers on first visit. This is expected and safe for local development (127.0.0.1 / localhost):
154
+ >
155
+ > 1. **Chrome/Brave/Edge:** Click **Advanced** → **Proceed to 127.0.0.1 (unsafe)**
156
+ > 2. **Firefox:** Click **Advanced** → **Accept the Risk and Continue**
157
+ > 3. **Alternative:** For local-only development without the warning, run with `--https=false --http=true`
158
+ >
159
+ > **Note:** Only accept self-signed certificates for localhost/127.0.0.1 that you control. For remote hosts, use proper TLS certificates.
160
+
151
161
  ### Authentication
152
162
 
153
163
  - Default behavior: CodeNomad requires a login (username/password) and stores a session cookie in the browser.
@@ -155,6 +165,42 @@ codenomad --tlsSANs "localhost,127.0.0.1,my-hostname,192.168.1.10"
155
165
  Use this only when access is already protected by another layer (SSO proxy, VPN, Coder workspace auth, etc.).
156
166
  If you bind to `0.0.0.0` while skipping auth, anyone who can reach the port can access the API.
157
167
 
168
+ #### Setting a password
169
+
170
+ **Practical setup options:**
171
+
172
+ 1. **Runtime password (every start):** Use `--password <your-password>` or set `CODENOMAD_SERVER_PASSWORD=<your-password>` environment variable
173
+ 2. **Persistent password (UI setup):** Launch with `--generate-token`, complete the local bootstrap flow in your browser, then set a password through the UI settings
174
+
175
+ The `--password` flag and `CODENOMAD_SERVER_PASSWORD` env var are **runtime credentials** — they must be provided on every server start and are not persisted to disk.
176
+
177
+ **Advanced: `auth.json` internals**
178
+
179
+ The `auth.json` file (`~/.config/codenomad/auth.json`) is automatically created and managed by CodeNomad when you set a password through the UI. You generally don't need to edit this file manually. For reference, it uses the following scrypt-based schema:
180
+
181
+ ```json
182
+ {
183
+ "version": 1,
184
+ "username": "codenomad",
185
+ "password": {
186
+ "algorithm": "scrypt",
187
+ "saltBase64": "<base64-salt>",
188
+ "hashBase64": "<base64-hash>",
189
+ "keyLength": 64,
190
+ "params": {
191
+ "N": 16384,
192
+ "r": 8,
193
+ "p": 1,
194
+ "maxmem": 33554432
195
+ }
196
+ },
197
+ "userProvided": true,
198
+ "updatedAt": "2026-05-18T12:00:00.000Z"
199
+ }
200
+ ```
201
+
202
+ Manual creation of this file is not recommended unless you have a helper to generate a valid scrypt `PasswordHashRecord`.
203
+
158
204
  ### Progressive Web App (PWA)
159
205
 
160
206
  When running as a server CodeNomad can also be installed as a PWA from any supported browser, giving you a native app experience just like the Electron installation but executing on the remote server instead.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@neuralnomads/codenomad-dev",
3
- "version": "0.16.0-dev-20260526-01d9e46b",
3
+ "version": "0.16.0-dev-20260527-cb3d4841",
4
4
  "description": "CodeNomad Server",
5
5
  "license": "MIT",
6
6
  "author": {