@obtoai/agent-bridge 0.1.0-beta.5 → 0.1.0-beta.7

package/README.md

@@ -4,9 +4,17 @@ A local daemon that lets coding agents — [Claude Code](https://claude.ai/code)
 
 You post a message on a thread from your phone or laptop. The daemon (running on your machine, no port forwarding required) receives it over a long-lived HTTPS stream, spawns or resumes a session for the agent that thread is bound to, and the response posts back to the bridge thread within seconds.
 
+**Three commands, you're driving Claude/Codex/opencode on your phone:**
+
+```bash
+npm install -g @obtoai/agent-bridge
+obto-bridge init     # creates a free account inline — no card, no invite
+obto-bridge start    # daemon connects, you're live
+```
+
 ## Status
 
-**Closed beta.** Need an invite? Email **support@obto.co** with your name and a short note about what you'd use it for. We'll provision an account and mail you credentials.
+**Public beta.** Self-serve, no card. `obto-bridge init` creates a free account inline — no waiting on an invite, no support email loop. A Pro tier with longer Hindsight memory retention is coming; until then everyone gets the same daemon features on the free tier.
 
 ## What you'll need
 
@@ -15,7 +23,6 @@ You post a message on a thread from your phone or laptop. The daemon (running on
   - **Claude** — Claude Code / the Claude Agent SDK, billed to your Anthropic account.
   - **Codex** — the `codex` CLI (`npm i -g @openai/codex`), signed in to your OpenAI/ChatGPT account.
   - **opencode** — `npm i -g opencode-ai` (the `opencode` CLI; the daemon bundles the `@opencode-ai/sdk`). Auth is your own provider key (Anthropic by default; override with env vars below).
-- An invite from `support@obto.co` (gives you an `accountId`, browser username/password, and an API token).
 
 ## Install
 
@@ -35,9 +42,15 @@ npx @obtoai/agent-bridge <command>
 obto-bridge init
 ```
 
-Walks you through a few questions: your account ID, API token, an agent name (to distinguish multiple machines on one account), a *fallback* agent (`claude`, `codex`, or `opencode` — used only for legacy events without an explicit agent), the project directory to work in, and whether to relay tool-permission requests via the bridge. (The server URL is a built-in default; advanced / self-hosted users can override it with the `BRIDGE_BASE_URL` env var.)
+`init` asks for one thing — your email. Username is derived from the email's local part (`divyansh.verma@gmail.com` → `divyansh-verma`); password is auto-generated as a strong 12-char string and **shown once** in stdout for you to save. It then creates the account inline via `POST /api/bridge/register`, saves the returned API token to `~/.obto-bridge/config.json` (mode 0600), and asks for an agent name (so multiple machines on the same account don't collide), the project directory the daemon should work in, a *fallback* agent (`claude` / `codex` / `opencode` — used only for legacy events without an explicit agent), and whether to relay tool-permission requests via the bridge. Sign in at `https://agent-bridge.obto.co/api/view` as `@username` with the generated password to start a thread.
+
+Overrides:
+
+- `obto-bridge init --username <name>` — pick your own username instead of the derived one.
+- `obto-bridge init --password <pwd>` — set your own password instead of auto-generating.
+- `obto-bridge init --token obto_xxxxxxxx --account acc_xxxxxxxx` — skip registration entirely (paste-in for existing users or scripted/headless setups).
 
-Config lands at `~/.obto-bridge/config.json` (mode 0600). Safe to commit your account ID; **never commit the `apiToken`**.
+The API token is shown to you exactly once at registration time. **Save it.** If you lose it, rotate it from your account settings — it is not stored in readable form server-side. Safe to commit your `accountId`; **never commit the `apiToken`**. (Server URL is a built-in default; advanced / self-hosted users can override with the `BRIDGE_BASE_URL` env var.)
 
 ### Agents (claude / codex / opencode)
 

package/bin/obto-bridge.js

@@ -14,7 +14,8 @@ const usage = () => {
   console.error('Usage: obto-bridge <command>');
   console.error('');
   console.error('Commands:');
-  console.error('  init           One-time setup: paste credentials, choose agent name + project dir.');
+  console.error('  init           Create a free account (or paste an existing token via --token/--account)');
+  console.error('                 and write ~/.obto-bridge/config.json.');
   console.error('  start          Run the daemon (foreground).');
   console.error('  status         Print active thread/session bindings.');
   console.error('  whoami         Verify config and show your account info from the server.');
@@ -22,10 +23,12 @@ const usage = () => {
   console.error('  logout         Wipe local credentials at ~/.obto-bridge/config.json.');
   console.error('');
   console.error('Flags:');
-  console.error('  --version, -v  Print the installed package version.');
-  console.error('  --help, -h     Show this help.');
-  console.error('');
-  console.error('Get an invite: support@obto.co');
+  console.error('  --version, -v          Print the installed package version.');
+  console.error('  --help, -h             Show this help.');
+  console.error('  --username <name>      (init only) Override the username derived from email.');
+  console.error('  --password <pwd>       (init only) Set your password instead of auto-generating one.');
+  console.error('  --token <obto_…>       (init only) Skip self-serve register, use this token.');
+  console.error('  --account <acc_…>      (init only) Pair with --token for paste-in mode.');
 };
 
 const cmd = process.argv[2];

package/cli/init.js

@@ -1,13 +1,23 @@
 'use strict';
 
-// `obto-bridge init` — interactive setup wizard. Prompts for credentials,
-// writes ~/.obto-bridge/config.json with mode 0600, then validates the token
-// against the server via GET /api/bridge/whoami so the user knows immediately
-// if anything is wrong.
+// `obto-bridge init` — interactive setup wizard.
+//
+// Default (>=0.1.0-beta.7): self-serve registration. Email is the only
+// required input; username is derived from the email's local part, and a
+// strong password is auto-generated and shown once. Posts to
+// /api/bridge/register, saves the returned API token to
+// ~/.obto-bridge/config.json (mode 0600).
+//
+// Overrides:
+//   --username <name>    Use this instead of the derived username.
+//   --password <pwd>     Use this instead of an auto-generated password.
+//   --token <obto_…>     Skip registration entirely; paste an existing token.
+//   --account <acc_…>    Pair with --token for paste-in mode.
 
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const crypto = require('crypto');
 const readline = require('readline');
 
 const CONFIG_DIR = path.join(os.homedir(), '.obto-bridge');
@@ -19,6 +29,17 @@ const DEFAULTS = {
   relayPermissions: true,
 };
 
+// argv after `obto-bridge init`.
+const argv = process.argv.slice(3);
+const flagValue = (name) => {
+  const i = argv.indexOf(name);
+  return i !== -1 && argv[i + 1] && !argv[i + 1].startsWith('--') ? argv[i + 1] : null;
+};
+const cliToken = flagValue('--token');
+const cliAccount = flagValue('--account');
+const cliUsername = flagValue('--username');
+const cliPassword = flagValue('--password');
+
 const loadExisting = () => {
   try { return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8')); }
   catch (_) { return {}; }
@@ -35,6 +56,45 @@ const ask = (rl, prompt, def) =>
     });
   });
 
+// Derive a basicAuthUser-shaped username from email's local part. Mirrors
+// the server-side derivation in registerSubmit so the username we sign in
+// with matches what we display to the user inline.
+const deriveUsername = (email) => {
+  const local = String(email || '').split('@')[0].toLowerCase();
+  let u = local.replace(/[^a-z0-9_-]+/g, '-').replace(/-+/g, '-').replace(/^-+|-+$/g, '').slice(0, 40);
+  if (u.length < 3) u = 'user-' + crypto.randomBytes(3).toString('hex');
+  return u;
+};
+
+// 12-char password, no ambiguous chars (0/O, 1/l/I), grouped as 4-4-4
+// for readability and easy copy-paste. Backed by crypto.randomBytes.
+const generatePassword = () => {
+  const chars = 'abcdefghjkmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
+  const bytes = crypto.randomBytes(12);
+  let out = '';
+  for (let i = 0; i < 12; i++) out += chars[bytes[i] % chars.length];
+  return out.slice(0, 4) + '-' + out.slice(4, 8) + '-' + out.slice(8, 12);
+};
+
+const registerSelfServe = async ({ baseUrl, originHost, email, username, password }) => {
+  const url = baseUrl.replace(/\/$/, '') + '/api/bridge/register';
+  const res = await fetch(url, {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/x-www-form-urlencoded',
+      'OBTO-ORIGIN-HOST': originHost,
+    },
+    body: new URLSearchParams({ email, username, password }).toString(),
+    cache: 'no-store',
+    redirect: 'manual',
+  });
+  const text = await res.text();
+  let data;
+  try { data = JSON.parse(text); } catch (_) { data = { _rawBody: text }; }
+  return { status: res.status, ok: res.ok, data };
+};
+
 const validateAgainstServer = async (cfg) => {
   const url = cfg.baseUrl.replace(/\/$/, '') + '/api/bridge/whoami';
   const res = await fetch(url, {
@@ -55,25 +115,92 @@ const validateAgainstServer = async (cfg) => {
 const main = async () => {
   console.log('OBTO Agent Bridge — setup');
   console.log('-------------------------');
-  console.log('Need credentials? Email support@obto.co for an invite.');
   console.log('Config will be written to: ' + CONFIG_PATH);
   console.log('');
 
   const existing = loadExisting();
   const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
 
-  // Server base URL and OBTO-ORIGIN-HOST are constants of the platform, not
-  // per-user config — every daemon talks to the same bridge app. They are no
-  // longer prompted. Advanced / self-hosted users can still override them via
-  // the BRIDGE_BASE_URL / BRIDGE_ORIGIN_HOST env vars or by editing config.json.
   const baseUrl    = process.env.BRIDGE_BASE_URL    || existing.baseUrl    || DEFAULTS.baseUrl;
   const originHost = process.env.BRIDGE_ORIGIN_HOST || existing.originHost || DEFAULTS.originHost;
-  const accountId  = await ask(rl, 'Account ID (acc_…)',       existing.accountId  || '');
-  const apiToken   = await ask(rl, 'API token (obto_…)',       existing.apiToken   || '');
-  const agentId    = await ask(rl, 'Agent name (e.g. my-mac)', existing.agentId    || os.hostname().split('.')[0] || 'unnamed-agent');
+
+  let accountId = existing.accountId || '';
+  let apiToken = existing.apiToken || '';
+
+  // Pick the credential path. Precedence:
+  //   1. --token + --account flags (machine paste-in, scripted).
+  //   2. Existing config from a prior init.
+  //   3. Self-serve registration via /api/bridge/register (default).
+  const haveCliPaste = !!(cliToken && cliAccount);
+  const haveExisting = !!(existing.accountId && existing.apiToken);
+
+  let registeredUser = '';
+  let registeredPassword = '';
+
+  if (haveCliPaste) {
+    apiToken = cliToken;
+    accountId = cliAccount;
+    console.log('Using credentials from --token / --account flags.');
+    console.log('');
+  } else if (haveExisting) {
+    console.log('Existing config found:');
+    console.log('  Account: ' + existing.accountId);
+    console.log('  Token:   ' + (existing.apiToken || '').slice(0, 10) + '…');
+    console.log('Reusing those credentials. To re-register from scratch, remove ' + CONFIG_PATH + ' first.');
+    console.log('');
+  } else {
+    console.log('Create a free account (no card needed):');
+    const email = await ask(rl, '  Email', '');
+    if (!email || email.indexOf('@') === -1) {
+      console.error('error: a valid email is required.');
+      rl.close();
+      process.exit(1);
+    }
+    const username = cliUsername || deriveUsername(email);
+    const password = cliPassword || generatePassword();
+    console.log('');
+    console.log('  Username: @' + username + (cliUsername ? '' : '   (derived from email)'));
+    if (!cliPassword) {
+      console.log('  Password: ' + password + '   (auto-generated)');
+      console.log('');
+      console.log('  ⚠ SAVE THIS PASSWORD — you will need it to sign in to the web UI.');
+      console.log('    It is shown once here and never again. Reset later from your account page.');
+    }
+    console.log('');
+    console.log('Creating account at ' + baseUrl + ' ...');
+    let r;
+    try {
+      r = await registerSelfServe({ baseUrl, originHost, email, username, password });
+    } catch (e) {
+      console.error('error: registration request failed: ' + (e && e.message ? e.message : e));
+      console.error('       (network problem? you can also paste an existing token via:');
+      console.error('        `obto-bridge init --token <obto_…> --account <acc_…>`)');
+      rl.close();
+      process.exit(1);
+    }
+    if (!r.ok || !r.data || !r.data.ok) {
+      const msg = (r.data && (r.data.error || r.data._rawBody)) || ('HTTP ' + r.status);
+      console.error('error: registration rejected: ' + msg);
+      console.error('       (username taken? rerun with `obto-bridge init --username <different>`)');
+      rl.close();
+      process.exit(1);
+    }
+    accountId = r.data.accountId;
+    apiToken = r.data.apiToken;
+    registeredUser = r.data.basicAuthUser || username;
+    registeredPassword = password;
+    console.log('  ✓ Free account created.');
+    console.log('    Account: ' + accountId);
+    console.log('    User:    @' + registeredUser);
+    console.log('    Plan:    ' + (r.data.plan || 'free'));
+    console.log('');
+  }
+
+  const agentId    = await ask(rl, 'Agent name (e.g. my-mac)', existing.agentId || os.hostname().split('.')[0] || 'unnamed-agent');
   const projectDir = await ask(rl, 'Project working dir',      existing.projectDir || process.cwd());
-  const agentAns   = await ask(rl, 'Coding agent — claude or codex', existing.agent || 'claude');
-  const agent      = String(agentAns).trim().toLowerCase() === 'codex' ? 'codex' : 'claude';
+  const agentAns   = await ask(rl, 'Coding agent fallback — claude / codex / opencode', existing.agent || 'claude');
+  const agentLow   = String(agentAns).trim().toLowerCase();
+  const agent      = ['claude', 'codex', 'opencode'].indexOf(agentLow) !== -1 ? agentLow : 'claude';
   const relayAns   = await ask(rl, 'Relay permission requests via bridge? (y/n)', existing.relayPermissions !== false ? 'y' : 'n');
   const relayPermissions = String(relayAns).toLowerCase().startsWith('y');
 
@@ -133,12 +260,17 @@ const main = async () => {
     const a = result.parsed.account;
     console.log('  ✓ Authenticated as @' + a.basicAuthUser + ' (' + a.accountId + ', status: ' + a.status + ')');
     console.log('');
-    console.log('Next:  obto-bridge start');
+    // The OBTO platform's root URL bounces unauthenticated users to /login.bto;
+    // /api/view is the canonical bridge entry point that serves either the
+    // sign-in form (unauthenticated) or the threads UI (authenticated).
+    const signInUrl = baseUrl.replace(/\/$/, '') + '/api/view';
+    console.log('Sign in at ' + signInUrl + ' as @' + a.basicAuthUser + (registeredPassword ? ' (password above)' : '') + '.');
+    console.log('Run:    obto-bridge start');
     return;
   }
 
   if (result.status === 401) {
-    console.error('  ✗ Server rejected the API token (HTTP 401). Double-check that you pasted the full token from your invite email.');
+    console.error('  ✗ Server rejected the API token (HTTP 401). Re-run `obto-bridge init` to reset.');
     process.exit(2);
   }
   if (result.status === 403) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@obtoai/agent-bridge",
-  "version": "0.1.0-beta.5",
+  "version": "0.1.0-beta.7",
   "description": "Local consumer for the OBTO Agent Bridge. Receives bridge events over SSE and drives a coding agent (Claude Code or OpenAI Codex) on your machine.",
   "license": "Apache-2.0",
   "author": "OBTO Inc.",