npm - @nordsym/apiclaw - Versions diffs - 1.3.3 → 1.3.4 - Mend

@nordsym/apiclaw 1.3.3 → 1.3.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/convex/_generated/api.d.ts +6 -0
package/convex/billing.ts +341 -0
package/convex/email.ts +276 -0
package/convex/http.ts +154 -0
package/convex/schema.ts +43 -0
package/convex/workspaces.ts +663 -0
package/dist/index.js +387 -4
package/dist/index.js.map +1 -1
package/dist/session.d.ts +29 -0
package/dist/session.d.ts.map +1 -0
package/dist/session.js +87 -0
package/dist/session.js.map +1 -0
package/docs/PRD-agent-first-billing.md +525 -0
package/landing/package-lock.json +21 -3
package/landing/package.json +2 -1
package/landing/src/app/api/stripe/webhook/route.ts +178 -0
package/landing/src/app/api/workspace-auth/magic-link/route.ts +84 -0
package/landing/src/app/api/workspace-auth/session/route.ts +73 -0
package/landing/src/app/api/workspace-auth/verify/route.ts +57 -0
package/landing/src/app/auth/verify/page.tsx +292 -0
package/landing/src/app/dashboard/layout.tsx +22 -0
package/landing/src/app/dashboard/page.tsx +692 -0
package/landing/src/app/dashboard/verify/page.tsx +108 -0
package/landing/src/app/login/page.tsx +204 -0
package/landing/src/app/upgrade/page.tsx +288 -0
package/landing/src/lib/stats.json +14 -15
package/landing/src/middleware.ts +50 -0
package/landing/tsconfig.tsbuildinfo +1 -1
package/package.json +1 -1
package/src/index.ts +434 -4
package/src/session.ts +103 -0

package/dist/session.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"session.js","sourceRoot":"","sources":["../src/session.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AACzB,OAAO,KAAK,IAAI,MAAM,MAAM,CAAC;AAC7B,OAAO,KAAK,EAAE,MAAM,IAAI,CAAC;AASzB,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,UAAU,CAAC,CAAC;AACxD,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,SAAS,CAAC,CAAC;AAEvD;;GAEG;AACH,SAAS,gBAAgB;IACvB,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;QAChC,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC7C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,WAAW;IACzB,IAAI,CAAC;QACH,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YACjC,OAAO,IAAI,CAAC;QACd,CAAC;QAED,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,YAAY,EAAE,MAAM,CAAC,CAAC;QACtD,MAAM,IAAI,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;QAEhD,2BAA2B;QAC3B,IAAI,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAC3D,OAAO,CAAC,KAAK,CAAC,6CAA6C,CAAC,CAAC;YAC7D,YAAY,EAAE,CAAC;YACf,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,IAAI,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;QACzD,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY,CAAC,YAAoB,EAAE,WAAmB,EAAE,KAAa;IACnF,IAAI,CAAC;QACH,gBAAgB,EAAE,CAAC;QAEnB,MAAM,IAAI,GAAgB;YACxB,YAAY;YACZ,WAAW;YACX,KAAK;YACL,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;SACtB,CAAC;QAEF,EAAE,CAAC,aAAa,CAAC,YAAY,EAAE,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;YAC5D,IAAI,EAAE,KAAK,EAAE,4BAA4B;SAC1C,CAAC,CAAC;QAEH,OAAO,CAAC,KAAK,CAAC,+BAA+B,KAAK,EAAE,CAAC,CAAC;IACxD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,kCAAkC,EAAE,KAAK,CAAC,CAAC;QACzD,MAAM,KAAK,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,YAAY;IAC1B,IAAI,CAAC;QACH,IAAI,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,EAAE,CAAC;YAChC,EAAE,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;YAC5B,OAAO,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC;QAC7C,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO,CAAC,KAAK,CAAC,mCAAmC,EAAE,KAAK,CAAC,CAAC;IAC5D,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,qBAAqB;IACnC,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC;IAC/B,MAAM,QAAQ,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC;IACxC,OAAO,GAAG,QAAQ,IAAI,QAAQ,EAAE,CAAC;AACnC,CAAC"}

package/docs/PRD-agent-first-billing.md ADDED Viewed

@@ -0,0 +1,525 @@
+# PRD: Agent-First Onboarding & Billing
+**Version:** 1.0
+**Date:** 2026-02-28
+**Author:** Symbot + Gustav
+**Status:** Draft
+---
+## Executive Summary
+APIClaw är för agenter. Onboarding ska därför drivas av agenter, inte människor.
+Agenten registrerar sin ägare via email → magic link → workspace aktivt → autobahn.
+Inga API-nycklar att kopiera. Inga dashboards att navigera. Agenten fixar allt.
+---
+## Problem Statement
+**Idag:**
+1. Människa måste skapa konto manuellt
+2. Människa måste kopiera API-nyckel
+3. Människa måste konfigurera agenten
+4. Friktion vid varje steg
+**Dessutom:**
+- Direct Call kostar NordSym pengar
+- Ingen revenue-modell aktiv
+- Abuse-risk utan identifiering
+---
+## Solution Overview
+### Core Concept: Agent-First Onboarding
+```
+Agent försöker använda APIClaw
+         │
+         ▼
+   Inget workspace?
+         │
+         ▼
+Agent: register_owner("email@example.com")
+         │
+         ▼
+   Magic link skickas
+         │
+         ▼
+   Människa klickar
+         │
+         ▼
+   Workspace aktivt
+         │
+         ▼
+   Agent kör fritt
+```
+### Billing Model: Free Tier → Pay-as-you-go
+```
+Tier 1: Anonymous     →  10 calls/dag (IP-limited)
+Tier 2: Free Account  →  50 calls totalt
+Tier 3: Paid          →  Unlimited, metered billing
+```
+---
+## Detailed Design
+### 1. Workspace Model
+Ett **workspace** är:
+- Kopplat till en email (ägaren)
+- Kan ha flera agenter
+- Har en usage-räknare
+- Har en betalmetod (efter free tier)
+```typescript
+// Convex schema addition
+workspaces: defineTable({
+  email: v.string(),
+  passwordHash: v.optional(v.string()),  // Optional, for dashboard login
+  status: v.string(),  // "pending" | "active" | "suspended"
+  tier: v.string(),  // "anonymous" | "free" | "paid"
+  usageCount: v.number(),
+  usageLimitReached: v.boolean(),
+  stripeCustomerId: v.optional(v.string()),
+  createdAt: v.number(),
+  updatedAt: v.number(),
+})
+  .index("by_email", ["email"])
+  .index("by_stripeCustomerId", ["stripeCustomerId"]),
+// Agent sessions (local token → workspace)
+agentSessions: defineTable({
+  workspaceId: v.id("workspaces"),
+  sessionToken: v.string(),  // Stored in ~/.apiclaw/session
+  fingerprint: v.string(),  // MCP client info
+  lastUsedAt: v.number(),
+  createdAt: v.number(),
+})
+  .index("by_sessionToken", ["sessionToken"])
+  .index("by_workspaceId", ["workspaceId"]),
+// Magic links
+workspaceMagicLinks: defineTable({
+  email: v.string(),
+  token: v.string(),
+  sessionFingerprint: v.optional(v.string()),  // Link back to requesting agent
+  expiresAt: v.number(),
+  usedAt: v.optional(v.number()),
+  createdAt: v.number(),
+})
+  .index("by_token", ["token"])
+  .index("by_email", ["email"]),
+```
+### 2. New MCP Tools
+#### `register_owner`
+Agent requests workspace creation for their owner.
+```typescript
+{
+  name: "register_owner",
+  description: "Register your owner's email to create a workspace. A magic link will be sent.",
+  inputSchema: {
+    type: "object",
+    properties: {
+      email: {
+        type: "string",
+        description: "Owner's email address"
+      }
+    },
+    required: ["email"]
+  }
+}
+// Response
+{
+  status: "magic_link_sent",
+  message: "Magic link sent to gustav@nordsym.com. Waiting for confirmation...",
+  workspaceId: "pending_abc123"
+}
+```
+#### `check_workspace_status`
+Agent checks if workspace is active.
+```typescript
+{
+  name: "check_workspace_status",
+  description: "Check if your workspace is active and ready to use.",
+  inputSchema: {
+    type: "object",
+    properties: {}
+  }
+}
+// Response (pending)
+{
+  status: "pending",
+  message: "Waiting for owner to click magic link.",
+  email: "gus***@nordsym.com"
+}
+// Response (active)
+{
+  status: "active",
+  tier: "free",
+  usageRemaining: 47,
+  workspaceId: "ws_abc123"
+}
+// Response (limit_reached)
+{
+  status: "limit_reached",
+  message: "Free tier exhausted. Owner needs to add payment method.",
+  upgradeUrl: "https://apiclaw.com/upgrade?ws=abc123"
+}
+```
+#### `remind_owner`
+Send reminder if owner hasn't clicked magic link.
+```typescript
+{
+  name: "remind_owner",
+  description: "Send a reminder email to your owner to complete registration.",
+  inputSchema: {
+    type: "object",
+    properties: {}
+  }
+}
+// Response
+{
+  status: "reminder_sent",
+  message: "Reminder sent. You can send another in 10 minutes."
+}
+```
+### 3. Session Management
+#### Local Session Storage
+When workspace is activated, agent receives a session token:
+```
+~/.apiclaw/session
+{
+  "sessionToken": "sess_abc123xyz",
+  "workspaceId": "ws_abc123",
+  "email": "gustav@nordsym.com",
+  "createdAt": 1709110800000
+}
+```
+#### Session Flow
+```
+Agent starts MCP server
+         │
+         ▼
+   Read ~/.apiclaw/session
+         │
+    ┌────┴────┐
+    │         │
+  Exists    Missing
+    │         │
+    ▼         ▼
+ Validate   Anonymous mode
+ with API   (10 calls/day)
+    │
+  ┌─┴─┐
+  │   │
+Valid Invalid
+  │   │
+  ▼   ▼
+ Use  Delete &
+      prompt for
+      register_owner
+```
+### 4. Magic Link Flow
+#### Email Template
+```
+Subject: Activate your APIClaw workspace
+An AI agent wants to connect to your APIClaw workspace.
+Click below to activate:
+[Activate Workspace]
+This link expires in 1 hour.
+---
+If you didn't expect this email, you can safely ignore it.
+```
+#### Click Handler (apiclaw.com/auth/verify)
+```
+1. Validate token (not expired, not used)
+2. Check if workspace exists for email
+   - Yes: Activate session, link agent
+   - No: Show "Set password (optional)" form, create workspace
+3. Mark magic link as used
+4. Create agent session
+5. Redirect to success page
+6. Agent polling detects activation → continues
+```
+### 5. Billing Integration
+#### Free Tier Exhaustion Flow
+```
+Agent: call_api("send_sms", {...})
+         │
+         ▼
+   Check workspace.usageCount
+         │
+    ┌────┴────┐
+    │         │
+  < 50      >= 50
+    │         │
+    ▼         ▼
+  Execute   Check tier
+    │         │
+    │    ┌────┴────┐
+    │    │         │
+    │  "free"    "paid"
+    │    │         │
+    │    ▼         ▼
+    │  Block    Execute
+    │    │
+    │    ▼
+    │  Send email to owner:
+    │  "Add payment to continue"
+    │    │
+    │    ▼
+    │  Return error to agent:
+    │  {
+    │    error: "usage_limit_reached",
+    │    message: "Free tier exhausted",
+    │    upgradeUrl: "https://..."
+    │  }
+```
+#### Stripe Integration
+```typescript
+// When owner adds payment method
+1. Create Stripe Customer (if not exists)
+2. Attach PaymentMethod
+3. Update workspace.tier = "paid"
+4. Set up metered billing:
+   - Stripe Price: "API Calls" (usage-based)
+   - Report usage daily via Stripe Billing Meter
+// Monthly invoice
+- Stripe automatically generates invoice
+- Sum of all usage for the period
+- Charges saved payment method
+```
+### 6. Rate Limiting (Abuse Prevention)
+| Action | Limit | Window |
+|--------|-------|--------|
+| `register_owner` | 3 | per hour per IP |
+| `remind_owner` | 1 | per 10 minutes |
+| Anonymous API calls | 10 | per day per IP |
+| Free tier API calls | 50 | lifetime |
+| Paid tier API calls | 1000 | per minute |
+### 7. Dashboard (apiclaw.com/dashboard)
+Minimal dashboard for workspace owners:
+```
+┌─────────────────────────────────────────────────┐
+│  APIClaw Dashboard                              │
+│                                                 │
+│  Workspace: gustav@nordsym.com                  │
+│  Tier: Free (47/50 calls remaining)             │
+│                                                 │
+│  [Upgrade to Paid →]                            │
+│                                                 │
+│  ─────────────────────────────────────────────  │
+│                                                 │
+│  Connected Agents:                              │
+│  ┌─────────────────────────────────────────┐   │
+│  │ Claude Desktop (MacBook Air)            │   │
+│  │ Last used: 2 minutes ago                │   │
+│  │ Calls: 3                     [Revoke]   │   │
+│  └─────────────────────────────────────────┘   │
+│                                                 │
+│  ─────────────────────────────────────────────  │
+│                                                 │
+│  Usage This Month:                              │
+│  ├── SMS (46elks): 12 calls ($0.48)            │
+│  ├── Search (Brave): 31 calls ($0.00)          │
+│  └── LLM (OpenRouter): 4 calls ($0.12)         │
+│                                                 │
+│  Total: $0.60                                   │
+│                                                 │
+└─────────────────────────────────────────────────┘
+```
+---
+## Implementation Plan
+### Phase 1: Core Onboarding (Week 1)
+- [ ] Convex schema: workspaces, agentSessions, workspaceMagicLinks
+- [ ] MCP tools: register_owner, check_workspace_status
+- [ ] Magic link email (via Resend)
+- [ ] Verify endpoint (apiclaw.com/auth/verify)
+- [ ] Local session storage (~/.apiclaw/session)
+- [ ] Session validation in call_api
+### Phase 2: Billing (Week 2)
+- [ ] Stripe Customer creation
+- [ ] Payment method collection (apiclaw.com/upgrade)
+- [ ] Usage tracking per workspace
+- [ ] Free tier enforcement (50 calls)
+- [ ] Metered billing setup
+- [ ] "Limit reached" email
+### Phase 3: Dashboard (Week 3)
+- [ ] Dashboard UI (apiclaw.com/dashboard)
+- [ ] Magic link login
+- [ ] View connected agents
+- [ ] Revoke agent sessions
+- [ ] Usage breakdown
+- [ ] Billing history
+### Phase 4: Polish (Week 4)
+- [ ] Rate limiting
+- [ ] Reminder emails
+- [ ] Error handling improvements
+- [ ] Documentation update
+- [ ] npm publish with new tools
+---
+## Success Metrics
+| Metric | Target (Month 1) |
+|--------|------------------|
+| Workspaces created | 50 |
+| Agents connected | 100 |
+| Free → Paid conversion | 10% |
+| Monthly revenue | $500 |
+---
+## Open Questions
+1. **Pricing per call?**
+   - Option A: Flat rate (e.g., $0.01/call regardless of provider)
+   - Option B: Pass-through + margin (provider cost + 20%)
+   - Recommendation: Option B for transparency
+2. **Anonymous tier - keep or remove?**
+   - Pro: Lower friction for testing
+   - Con: Abuse vector, complicates logic
+   - Recommendation: Keep, but very limited (10 calls/day)
+3. **Password requirement?**
+   - Current: Optional (magic link always works)
+   - Alternative: Required after first login
+   - Recommendation: Keep optional
+---
+## Appendix: Email Templates
+### Magic Link Email
+```
+Subject: Activate your APIClaw workspace
+Hi,
+An AI agent wants to use APIClaw on your behalf. Click below to activate your workspace:
+[Activate Workspace]
+Once activated, your agent can:
+• Send SMS via 46elks/Twilio
+• Search the web via Brave
+• Generate speech via ElevenLabs
+• And 8 more providers...
+Your first 50 API calls are free.
+This link expires in 1 hour.
+—
+APIClaw
+The API layer for AI agents
+```
+### Free Tier Exhausted Email
+```
+Subject: Your APIClaw free tier is exhausted
+Hi,
+Your AI agent has used all 50 free API calls.
+To continue, add a payment method:
+[Add Payment Method]
+Pay-as-you-go pricing:
+• SMS: $0.04/message
+• Search: Free (included)
+• LLM: From $0.001/call
+• Full pricing: apiclaw.com/pricing
+—
+APIClaw
+```
+### Agent Connected Email
+```
+Subject: New agent connected to your workspace
+Hi,
+A new AI agent just connected to your APIClaw workspace:
+Device: Claude Desktop (MacBook Air)
+Time: February 28, 2026, 10:15 AM CET
+If this wasn't you, revoke access immediately:
+[View Connected Agents]
+—
+APIClaw
+```
+---
+*PRD created 2026-02-28 by Symbot*

package/landing/package-lock.json CHANGED Viewed

@@ -14,7 +14,8 @@
         "next": "^14.2.0",
         "react": "^18.2.0",
         "react-dom": "^18.2.0",
-        "recharts": "^3.7.0"
+        "recharts": "^3.7.0",
+        "stripe": "^20.4.0"
       },
       "devDependencies": {
         "@types/node": "^20",
@@ -924,7 +925,7 @@
       "version": "20.19.33",
       "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.33.tgz",
       "integrity": "sha512-Rs1bVAIdBs5gbTIKza/tgpMuG1k3U/UMJLWecIMxNdJFDMzcM5LOiLVRYh3PilWEYDIeUDv7bpiHPLPsbydGcw==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT",
       "dependencies": {
         "undici-types": "~6.21.0"
@@ -2539,6 +2540,23 @@
       "integrity": "sha512-2cBVCj6I4IOvEnjgO/hWqXjqBGsY+zwPmHl12Srk9IXSZ56Jwwmy+66XO5Iut/oQVR7t5ihYdLB0GMa4alEUcg==",
       "license": "MIT"
     },
+    "node_modules/stripe": {
+      "version": "20.4.0",
+      "resolved": "https://registry.npmjs.org/stripe/-/stripe-20.4.0.tgz",
+      "integrity": "sha512-F/aN1IQ9vHmlyLNi3DkiIbyzQb6gyBG0uYFd/VrEVQSc9BLtlgknPUx0EvzZdBMRLFuRaPFIFd7Mxwtg7Pbwzw==",
+      "license": "MIT",
+      "engines": {
+        "node": ">=16"
+      },
+      "peerDependencies": {
+        "@types/node": ">=16"
+      },
+      "peerDependenciesMeta": {
+        "@types/node": {
+          "optional": true
+        }
+      }
+    },
     "node_modules/styled-jsx": {
       "version": "5.1.1",
       "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.1.tgz",
@@ -2763,7 +2781,7 @@
       "version": "6.21.0",
       "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
       "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
-      "dev": true,
+      "devOptional": true,
       "license": "MIT"
     },
     "node_modules/unicode-trie": {

package/landing/package.json CHANGED Viewed

@@ -16,7 +16,8 @@
     "next": "^14.2.0",
     "react": "^18.2.0",
     "react-dom": "^18.2.0",
-    "recharts": "^3.7.0"
+    "recharts": "^3.7.0",
+    "stripe": "^20.4.0"
   },
   "devDependencies": {
     "@types/node": "^20",