npm - @obtoai/agent-bridge - Versions diffs - 0.1.0-beta.5 → 0.1.0-beta.6 - Mend

@obtoai/agent-bridge 0.1.0-beta.5 → 0.1.0-beta.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -4,9 +4,17 @@ A local daemon that lets coding agents — [Claude Code](https://claude.ai/code)
 You post a message on a thread from your phone or laptop. The daemon (running on your machine, no port forwarding required) receives it over a long-lived HTTPS stream, spawns or resumes a session for the agent that thread is bound to, and the response posts back to the bridge thread within seconds.
+**Three commands, you're driving Claude/Codex/opencode on your phone:**
+```bash
+npm install -g @obtoai/agent-bridge
+obto-bridge init     # creates a free account inline — no card, no invite
+obto-bridge start    # daemon connects, you're live
+```
 ## Status
-**Closed beta.** Need an invite? Email **support@obto.co** with your name and a short note about what you'd use it for. We'll provision an account and mail you credentials.
+**Public beta.** Self-serve, no card. `obto-bridge init` creates a free account inline — no waiting on an invite, no support email loop. A Pro tier with longer Hindsight memory retention is coming; until then everyone gets the same daemon features on the free tier.
 ## What you'll need
@@ -15,7 +23,6 @@ You post a message on a thread from your phone or laptop. The daemon (running on
   - **Claude** — Claude Code / the Claude Agent SDK, billed to your Anthropic account.
   - **Codex** — the `codex` CLI (`npm i -g @openai/codex`), signed in to your OpenAI/ChatGPT account.
   - **opencode** — `npm i -g opencode-ai` (the `opencode` CLI; the daemon bundles the `@opencode-ai/sdk`). Auth is your own provider key (Anthropic by default; override with env vars below).
-- An invite from `support@obto.co` (gives you an `accountId`, browser username/password, and an API token).
 ## Install
@@ -35,9 +42,15 @@ npx @obtoai/agent-bridge <command>
 obto-bridge init
 ```
-Walks you through a few questions: your account ID, API token, an agent name (to distinguish multiple machines on one account), a *fallback* agent (`claude`, `codex`, or `opencode` — used only for legacy events without an explicit agent), the project directory to work in, and whether to relay tool-permission requests via the bridge. (The server URL is a built-in default; advanced / self-hosted users can override it with the `BRIDGE_BASE_URL` env var.)
+`init` prompts for an email, a username (3-40 chars, lowercase + digits + `_`/`-`), and a password, then creates the account inline via `POST /api/bridge/register` and saves the returned token to `~/.obto-bridge/config.json` (mode 0600). It then asks for an agent name (so multiple machines on the same account don't collide), the project directory the daemon should work in, a *fallback* agent (`claude` / `codex` / `opencode` — used only for legacy events without an explicit agent), and whether to relay tool-permission requests via the bridge. Done — you can sign in to the web UI as `@username` with your password to start a thread.
+Already have a token from an earlier invite or another machine? Skip the registration step:
+```bash
+obto-bridge init --token obto_xxxxxxxx --account acc_xxxxxxxx
+```
-Config lands at `~/.obto-bridge/config.json` (mode 0600). Safe to commit your account ID; **never commit the `apiToken`**.
+The token is shown to you exactly once at registration time. **Save it.** If you lose it, rotate it from your account settings — it is not stored in readable form server-side. Safe to commit your `accountId`; **never commit the `apiToken`**. (Server URL is a built-in default; advanced / self-hosted users can override with the `BRIDGE_BASE_URL` env var.)
 ### Agents (claude / codex / opencode)

package/bin/obto-bridge.js CHANGED Viewed

@@ -14,7 +14,8 @@ const usage = () => {
   console.error('Usage: obto-bridge <command>');
   console.error('');
   console.error('Commands:');
-  console.error('  init           One-time setup: paste credentials, choose agent name + project dir.');
+  console.error('  init           Create a free account (or paste an existing token via --token/--account)');
+  console.error('                 and write ~/.obto-bridge/config.json.');
   console.error('  start          Run the daemon (foreground).');
   console.error('  status         Print active thread/session bindings.');
   console.error('  whoami         Verify config and show your account info from the server.');
@@ -22,10 +23,10 @@ const usage = () => {
   console.error('  logout         Wipe local credentials at ~/.obto-bridge/config.json.');
   console.error('');
   console.error('Flags:');
-  console.error('  --version, -v  Print the installed package version.');
-  console.error('  --help, -h     Show this help.');
-  console.error('');
-  console.error('Get an invite: support@obto.co');
+  console.error('  --version, -v          Print the installed package version.');
+  console.error('  --help, -h             Show this help.');
+  console.error('  --token <obto_…>       (init only) Skip self-serve register, use this token.');
+  console.error('  --account <acc_…>      (init only) Pair with --token for paste-in mode.');
 };
 const cmd = process.argv[2];

package/cli/init.js CHANGED Viewed

@@ -1,9 +1,17 @@
 'use strict';
-// `obto-bridge init` — interactive setup wizard. Prompts for credentials,
-// writes ~/.obto-bridge/config.json with mode 0600, then validates the token
-// against the server via GET /api/bridge/whoami so the user knows immediately
-// if anything is wrong.
+// `obto-bridge init` — interactive setup wizard.
+//
+// Default (>=0.1.0-beta.6): self-serve registration. Prompts for email,
+// username, password and POSTs to /api/bridge/register, which returns a
+// freshly-minted free-tier account + API token. No invite, no waiting.
+//
+// Legacy paste-in (for users with an existing token, e.g. from before
+// self-serve, or migrating across machines): `obto-bridge init --token <obto_…>
+// --account <acc_…>` skips the register step and uses the supplied creds.
+//
+// Either way the wizard writes ~/.obto-bridge/config.json with mode 0600 and
+// then validates the token against the server via GET /api/bridge/whoami.
 const fs = require('fs');
 const path = require('path');
@@ -19,6 +27,15 @@ const DEFAULTS = {
   relayPermissions: true,
 };
+// argv after `obto-bridge init` — for --token / --account paste-in mode.
+const argv = process.argv.slice(3);
+const flagValue = (name) => {
+  const i = argv.indexOf(name);
+  return i !== -1 && argv[i + 1] && !argv[i + 1].startsWith('--') ? argv[i + 1] : null;
+};
+const cliToken = flagValue('--token');
+const cliAccount = flagValue('--account');
 const loadExisting = () => {
   try { return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8')); }
   catch (_) { return {}; }
@@ -35,6 +52,32 @@ const ask = (rl, prompt, def) =>
     });
   });
+// Password echoes (readline + raw mode is gnarly to do portably). Users doing
+// scripted/headless deploys should set BRIDGE_API_TOKEN env directly instead.
+const askPassword = (rl, prompt) =>
+  new Promise((resolve) => {
+    rl.question(prompt + ': ', (answer) => resolve(answer));
+  });
+const registerSelfServe = async ({ baseUrl, originHost, email, username, password }) => {
+  const url = baseUrl.replace(/\/$/, '') + '/api/bridge/register';
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/x-www-form-urlencoded',
+      'OBTO-ORIGIN-HOST': originHost,
+    },
+    body: new URLSearchParams({ email, username, password }).toString(),
+    cache: 'no-store',
+    redirect: 'manual',
+  });
+  const text = await res.text();
+  let data;
+  try { data = JSON.parse(text); } catch (_) { data = { _rawBody: text }; }
+  return { status: res.status, ok: res.ok, data };
+};
 const validateAgainstServer = async (cfg) => {
   const url = cfg.baseUrl.replace(/\/$/, '') + '/api/bridge/whoami';
   const res = await fetch(url, {
@@ -55,25 +98,74 @@ const validateAgainstServer = async (cfg) => {
 const main = async () => {
   console.log('OBTO Agent Bridge — setup');
   console.log('-------------------------');
-  console.log('Need credentials? Email support@obto.co for an invite.');
   console.log('Config will be written to: ' + CONFIG_PATH);
   console.log('');
   const existing = loadExisting();
   const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  // Server base URL and OBTO-ORIGIN-HOST are constants of the platform, not
-  // per-user config — every daemon talks to the same bridge app. They are no
-  // longer prompted. Advanced / self-hosted users can still override them via
-  // the BRIDGE_BASE_URL / BRIDGE_ORIGIN_HOST env vars or by editing config.json.
   const baseUrl    = process.env.BRIDGE_BASE_URL    || existing.baseUrl    || DEFAULTS.baseUrl;
   const originHost = process.env.BRIDGE_ORIGIN_HOST || existing.originHost || DEFAULTS.originHost;
-  const accountId  = await ask(rl, 'Account ID (acc_…)',       existing.accountId  || '');
-  const apiToken   = await ask(rl, 'API token (obto_…)',       existing.apiToken   || '');
-  const agentId    = await ask(rl, 'Agent name (e.g. my-mac)', existing.agentId    || os.hostname().split('.')[0] || 'unnamed-agent');
+  let accountId = existing.accountId || '';
+  let apiToken = existing.apiToken || '';
+  // Pick the credential path. Order of precedence:
+  //   1. --token + --account flags (machine-paste, scripted).
+  //   2. Existing config from a prior init (carry over).
+  //   3. Self-serve registration via /api/bridge/register (default for new users).
+  const haveCliPaste = !!(cliToken && cliAccount);
+  const haveExisting = !!(existing.accountId && existing.apiToken);
+  if (haveCliPaste) {
+    apiToken = cliToken;
+    accountId = cliAccount;
+    console.log('Using credentials from --token / --account flags.');
+    console.log('');
+  } else if (haveExisting) {
+    console.log('Existing config found:');
+    console.log('  Account: ' + existing.accountId);
+    console.log('  Token:   ' + (existing.apiToken || '').slice(0, 10) + '…');
+    console.log('Reusing those credentials. To re-register from scratch, remove ' + CONFIG_PATH + ' first.');
+    console.log('');
+  } else {
+    console.log('Create a free account (no card needed):');
+    const email = await ask(rl, '  Email', '');
+    const username = await ask(rl, '  Username (3-40 chars: a-z, 0-9, _ or -)', '');
+    const password = await askPassword(rl, '  Password (min 8 chars)');
+    console.log('');
+    console.log('Creating account at ' + baseUrl + ' ...');
+    let r;
+    try {
+      r = await registerSelfServe({ baseUrl, originHost, email, username, password });
+    } catch (e) {
+      console.error('error: registration request failed: ' + (e && e.message ? e.message : e));
+      console.error('       (network problem? you can also paste an existing token via:');
+      console.error('        `obto-bridge init --token <obto_…> --account <acc_…>`)');
+      rl.close();
+      process.exit(1);
+    }
+    if (!r.ok || !r.data || !r.data.ok) {
+      const msg = (r.data && (r.data.error || r.data._rawBody)) || ('HTTP ' + r.status);
+      console.error('error: registration rejected: ' + msg);
+      rl.close();
+      process.exit(1);
+    }
+    accountId = r.data.accountId;
+    apiToken = r.data.apiToken;
+    console.log('  ✓ Free account created.');
+    console.log('    Account: ' + accountId);
+    console.log('    User:    @' + (r.data.basicAuthUser || username));
+    console.log('    Plan:    ' + (r.data.plan || 'free'));
+    console.log('    Sign in at ' + baseUrl + ' as @' + (r.data.basicAuthUser || username) + ' with the password you just set.');
+    console.log('');
+  }
+  const agentId    = await ask(rl, 'Agent name (e.g. my-mac)', existing.agentId || os.hostname().split('.')[0] || 'unnamed-agent');
   const projectDir = await ask(rl, 'Project working dir',      existing.projectDir || process.cwd());
-  const agentAns   = await ask(rl, 'Coding agent — claude or codex', existing.agent || 'claude');
-  const agent      = String(agentAns).trim().toLowerCase() === 'codex' ? 'codex' : 'claude';
+  const agentAns   = await ask(rl, 'Coding agent fallback — claude / codex / opencode', existing.agent || 'claude');
+  const agentLow   = String(agentAns).trim().toLowerCase();
+  const agent      = ['claude', 'codex', 'opencode'].indexOf(agentLow) !== -1 ? agentLow : 'claude';
   const relayAns   = await ask(rl, 'Relay permission requests via bridge? (y/n)', existing.relayPermissions !== false ? 'y' : 'n');
   const relayPermissions = String(relayAns).toLowerCase().startsWith('y');
@@ -138,7 +230,7 @@ const main = async () => {
   }
   if (result.status === 401) {
-    console.error('  ✗ Server rejected the API token (HTTP 401). Double-check that you pasted the full token from your invite email.');
+    console.error('  ✗ Server rejected the API token (HTTP 401). Re-run `obto-bridge init` to reset.');
     process.exit(2);
   }
   if (result.status === 403) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@obtoai/agent-bridge",
-  "version": "0.1.0-beta.5",
+  "version": "0.1.0-beta.6",
   "description": "Local consumer for the OBTO Agent Bridge. Receives bridge events over SSE and drives a coding agent (Claude Code or OpenAI Codex) on your machine.",
   "license": "Apache-2.0",
   "author": "OBTO Inc.",