npm - @obtoai/agent-bridge - Versions diffs - 0.1.0-beta.6 → 0.1.0-beta.7 - Mend

@obtoai/agent-bridge 0.1.0-beta.6 → 0.1.0-beta.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -42,15 +42,15 @@ npx @obtoai/agent-bridge <command>
 obto-bridge init
 ```
-`init` prompts for an email, a username (3-40 chars, lowercase + digits + `_`/`-`), and a password, then creates the account inline via `POST /api/bridge/register` and saves the returned token to `~/.obto-bridge/config.json` (mode 0600). It then asks for an agent name (so multiple machines on the same account don't collide), the project directory the daemon should work in, a *fallback* agent (`claude` / `codex` / `opencode` — used only for legacy events without an explicit agent), and whether to relay tool-permission requests via the bridge. Done — you can sign in to the web UI as `@username` with your password to start a thread.
+`init` asks for one thing — your email. Username is derived from the email's local part (`divyansh.verma@gmail.com` → `divyansh-verma`); password is auto-generated as a strong 12-char string and **shown once** in stdout for you to save. It then creates the account inline via `POST /api/bridge/register`, saves the returned API token to `~/.obto-bridge/config.json` (mode 0600), and asks for an agent name (so multiple machines on the same account don't collide), the project directory the daemon should work in, a *fallback* agent (`claude` / `codex` / `opencode` — used only for legacy events without an explicit agent), and whether to relay tool-permission requests via the bridge. Sign in at `https://agent-bridge.obto.co/api/view` as `@username` with the generated password to start a thread.
-Already have a token from an earlier invite or another machine? Skip the registration step:
+Overrides:
-```bash
-obto-bridge init --token obto_xxxxxxxx --account acc_xxxxxxxx
-```
+- `obto-bridge init --username <name>` — pick your own username instead of the derived one.
+- `obto-bridge init --password <pwd>` — set your own password instead of auto-generating.
+- `obto-bridge init --token obto_xxxxxxxx --account acc_xxxxxxxx` — skip registration entirely (paste-in for existing users or scripted/headless setups).
-The token is shown to you exactly once at registration time. **Save it.** If you lose it, rotate it from your account settings — it is not stored in readable form server-side. Safe to commit your `accountId`; **never commit the `apiToken`**. (Server URL is a built-in default; advanced / self-hosted users can override with the `BRIDGE_BASE_URL` env var.)
+The API token is shown to you exactly once at registration time. **Save it.** If you lose it, rotate it from your account settings — it is not stored in readable form server-side. Safe to commit your `accountId`; **never commit the `apiToken`**. (Server URL is a built-in default; advanced / self-hosted users can override with the `BRIDGE_BASE_URL` env var.)
 ### Agents (claude / codex / opencode)

package/bin/obto-bridge.js CHANGED Viewed

@@ -25,6 +25,8 @@ const usage = () => {
   console.error('Flags:');
   console.error('  --version, -v          Print the installed package version.');
   console.error('  --help, -h             Show this help.');
+  console.error('  --username <name>      (init only) Override the username derived from email.');
+  console.error('  --password <pwd>       (init only) Set your password instead of auto-generating one.');
   console.error('  --token <obto_…>       (init only) Skip self-serve register, use this token.');
   console.error('  --account <acc_…>      (init only) Pair with --token for paste-in mode.');
 };

package/cli/init.js CHANGED Viewed

@@ -2,20 +2,22 @@
 // `obto-bridge init` — interactive setup wizard.
 //
-// Default (>=0.1.0-beta.6): self-serve registration. Prompts for email,
-// username, password and POSTs to /api/bridge/register, which returns a
-// freshly-minted free-tier account + API token. No invite, no waiting.
+// Default (>=0.1.0-beta.7): self-serve registration. Email is the only
+// required input; username is derived from the email's local part, and a
+// strong password is auto-generated and shown once. Posts to
+// /api/bridge/register, saves the returned API token to
+// ~/.obto-bridge/config.json (mode 0600).
 //
-// Legacy paste-in (for users with an existing token, e.g. from before
-// self-serve, or migrating across machines): `obto-bridge init --token <obto_…>
-// --account <acc_…>` skips the register step and uses the supplied creds.
-//
-// Either way the wizard writes ~/.obto-bridge/config.json with mode 0600 and
-// then validates the token against the server via GET /api/bridge/whoami.
+// Overrides:
+//   --username <name>    Use this instead of the derived username.
+//   --password <pwd>     Use this instead of an auto-generated password.
+//   --token <obto_…>     Skip registration entirely; paste an existing token.
+//   --account <acc_…>    Pair with --token for paste-in mode.
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const crypto = require('crypto');
 const readline = require('readline');
 const CONFIG_DIR = path.join(os.homedir(), '.obto-bridge');
@@ -27,7 +29,7 @@ const DEFAULTS = {
   relayPermissions: true,
 };
-// argv after `obto-bridge init` — for --token / --account paste-in mode.
+// argv after `obto-bridge init`.
 const argv = process.argv.slice(3);
 const flagValue = (name) => {
   const i = argv.indexOf(name);
@@ -35,6 +37,8 @@ const flagValue = (name) => {
 };
 const cliToken = flagValue('--token');
 const cliAccount = flagValue('--account');
+const cliUsername = flagValue('--username');
+const cliPassword = flagValue('--password');
 const loadExisting = () => {
   try { return JSON.parse(fs.readFileSync(CONFIG_PATH, 'utf8')); }
@@ -52,12 +56,25 @@ const ask = (rl, prompt, def) =>
     });
   });
-// Password echoes (readline + raw mode is gnarly to do portably). Users doing
-// scripted/headless deploys should set BRIDGE_API_TOKEN env directly instead.
-const askPassword = (rl, prompt) =>
-  new Promise((resolve) => {
-    rl.question(prompt + ': ', (answer) => resolve(answer));
-  });
+// Derive a basicAuthUser-shaped username from email's local part. Mirrors
+// the server-side derivation in registerSubmit so the username we sign in
+// with matches what we display to the user inline.
+const deriveUsername = (email) => {
+  const local = String(email || '').split('@')[0].toLowerCase();
+  let u = local.replace(/[^a-z0-9_-]+/g, '-').replace(/-+/g, '-').replace(/^-+|-+$/g, '').slice(0, 40);
+  if (u.length < 3) u = 'user-' + crypto.randomBytes(3).toString('hex');
+  return u;
+};
+// 12-char password, no ambiguous chars (0/O, 1/l/I), grouped as 4-4-4
+// for readability and easy copy-paste. Backed by crypto.randomBytes.
+const generatePassword = () => {
+  const chars = 'abcdefghjkmnpqrstuvwxyz23456789ABCDEFGHJKLMNPQRSTUVWXYZ';
+  const bytes = crypto.randomBytes(12);
+  let out = '';
+  for (let i = 0; i < 12; i++) out += chars[bytes[i] % chars.length];
+  return out.slice(0, 4) + '-' + out.slice(4, 8) + '-' + out.slice(8, 12);
+};
 const registerSelfServe = async ({ baseUrl, originHost, email, username, password }) => {
   const url = baseUrl.replace(/\/$/, '') + '/api/bridge/register';
@@ -110,13 +127,16 @@ const main = async () => {
   let accountId = existing.accountId || '';
   let apiToken = existing.apiToken || '';
-  // Pick the credential path. Order of precedence:
-  //   1. --token + --account flags (machine-paste, scripted).
-  //   2. Existing config from a prior init (carry over).
-  //   3. Self-serve registration via /api/bridge/register (default for new users).
+  // Pick the credential path. Precedence:
+  //   1. --token + --account flags (machine paste-in, scripted).
+  //   2. Existing config from a prior init.
+  //   3. Self-serve registration via /api/bridge/register (default).
   const haveCliPaste = !!(cliToken && cliAccount);
   const haveExisting = !!(existing.accountId && existing.apiToken);
+  let registeredUser = '';
+  let registeredPassword = '';
   if (haveCliPaste) {
     apiToken = cliToken;
     accountId = cliAccount;
@@ -131,8 +151,21 @@ const main = async () => {
   } else {
     console.log('Create a free account (no card needed):');
     const email = await ask(rl, '  Email', '');
-    const username = await ask(rl, '  Username (3-40 chars: a-z, 0-9, _ or -)', '');
-    const password = await askPassword(rl, '  Password (min 8 chars)');
+    if (!email || email.indexOf('@') === -1) {
+      console.error('error: a valid email is required.');
+      rl.close();
+      process.exit(1);
+    }
+    const username = cliUsername || deriveUsername(email);
+    const password = cliPassword || generatePassword();
+    console.log('');
+    console.log('  Username: @' + username + (cliUsername ? '' : '   (derived from email)'));
+    if (!cliPassword) {
+      console.log('  Password: ' + password + '   (auto-generated)');
+      console.log('');
+      console.log('  ⚠ SAVE THIS PASSWORD — you will need it to sign in to the web UI.');
+      console.log('    It is shown once here and never again. Reset later from your account page.');
+    }
     console.log('');
     console.log('Creating account at ' + baseUrl + ' ...');
     let r;
@@ -148,16 +181,18 @@ const main = async () => {
     if (!r.ok || !r.data || !r.data.ok) {
       const msg = (r.data && (r.data.error || r.data._rawBody)) || ('HTTP ' + r.status);
       console.error('error: registration rejected: ' + msg);
+      console.error('       (username taken? rerun with `obto-bridge init --username <different>`)');
       rl.close();
       process.exit(1);
     }
     accountId = r.data.accountId;
     apiToken = r.data.apiToken;
+    registeredUser = r.data.basicAuthUser || username;
+    registeredPassword = password;
     console.log('  ✓ Free account created.');
     console.log('    Account: ' + accountId);
-    console.log('    User:    @' + (r.data.basicAuthUser || username));
+    console.log('    User:    @' + registeredUser);
     console.log('    Plan:    ' + (r.data.plan || 'free'));
-    console.log('    Sign in at ' + baseUrl + ' as @' + (r.data.basicAuthUser || username) + ' with the password you just set.');
     console.log('');
   }
@@ -225,7 +260,12 @@ const main = async () => {
     const a = result.parsed.account;
     console.log('  ✓ Authenticated as @' + a.basicAuthUser + ' (' + a.accountId + ', status: ' + a.status + ')');
     console.log('');
-    console.log('Next:  obto-bridge start');
+    // The OBTO platform's root URL bounces unauthenticated users to /login.bto;
+    // /api/view is the canonical bridge entry point that serves either the
+    // sign-in form (unauthenticated) or the threads UI (authenticated).
+    const signInUrl = baseUrl.replace(/\/$/, '') + '/api/view';
+    console.log('Sign in at ' + signInUrl + ' as @' + a.basicAuthUser + (registeredPassword ? ' (password above)' : '') + '.');
+    console.log('Run:    obto-bridge start');
     return;
   }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@obtoai/agent-bridge",
-  "version": "0.1.0-beta.6",
+  "version": "0.1.0-beta.7",
   "description": "Local consumer for the OBTO Agent Bridge. Receives bridge events over SSE and drives a coding agent (Claude Code or OpenAI Codex) on your machine.",
   "license": "Apache-2.0",
   "author": "OBTO Inc.",