@ory/claude-code 0.1.2 → 0.1.3

package/README.md

@@ -2,99 +2,175 @@
 
 [Ory](https://ory.com) bundled into [Claude Code](https://docs.anthropic.com/en/docs/claude-code): skills and slash commands that scaffold Ory authentication into your codebase, a local Ory stack you can spin up in one command, and (when pointed at an Ory project) authentication, authorization, and audit for every tool Claude runs.
 
-## Install
+You don't need an Ory account or any prior Ory experience to start.
+
+## Prerequisites
 
-From inside Claude Code. Try these in order; the first that works is the simplest path:
+- [Claude Code](https://docs.anthropic.com/en/docs/claude-code) installed and signed in
+- Node.js **≥ 24**
+- [Docker](https://docs.docker.com/get-docker/) (only needed for the local Ory stack)
+- macOS or Linux. Windows works via WSL2.
+
+## Install
 
-**1. Anthropic's public plugin marketplace.** Find **Ory Agent Plugin** and install:
+Inside Claude Code:
 
 ```
 /plugin install ory-agent-plugin
 ```
 
-**2. The Ory-hosted marketplace:**
+That's it — skills, slash commands, hooks, and the Ory MCP server are now registered.
+
+<details>
+<summary>Alternative install paths</summary>
+
+If the public marketplace install above isn't available, either of these registers the same plugin:
 
 ```
+# Ory-hosted marketplace
 /plugin marketplace add ory/claude-plugins
 /plugin install ory-agent-plugin@ory-plugins
 ```
 
-**3. The Ory installer.** No prior `npm install` required:
-
 ```bash
+# Direct installer, no prior npm install required
 npx @ory/claude-code install            # current project
 npx @ory/claude-code install --global   # all projects (user scope)
 npx @ory/claude-code uninstall
 ```
 
-Every flow registers the same plugin: skills, slash commands, hooks, and the Ory MCP server.
+</details>
 
-## Developer experience
+## Quickstart (≈ 3 minutes)
 
-This plugin is a productivity layer for Ory itself. You don't need a real Ory project, an account, or any prior Ory experience to start using it.
+From any project where you'd like Ory authentication, inside Claude Code:
 
-### Skills for scaffolding Ory into your application
+1. **Start a local Ory instance.** Ask Claude *"start the local Ory stack"* or run:
+
+   ```
+   /ory:local-up
+   ```
+
+   A banner prints the seeded test user's email and password. Note them — you'll log in with them in step 3.
+
+2. **Scaffold Ory into your project.** Ask Claude *"add Ory auth to this app"* or run:
+
+   ```
+   /ory:auth-setup
+   ```
+
+   Claude installs Ory Elements, wires the SDK, generates the login / registration / recovery / verification / settings pages, and sets up session middleware. It targets the local stack from step 1, so no signup or API key is needed.
+
+3. **Sign in.** Start your app, visit the login page Claude added, and sign in with the seeded credentials. You now have a real Ory session backed by a real Ory stack — locally, offline, with zero configuration.
+
+That's the full Ory DX path. Stop here if you're just evaluating the plugin. Continue to [Agent security](#agent-security) when you're ready to enforce.
 
-Ask Claude to add Ory auth to your codebase, or invoke the slash commands directly. Each skill is a vetted, end-to-end playbook:
+## What's included
 
-- **`/ory:auth-setup`**: full project setup. Install the Ory CLI, create an Ory Network project, add Ory Elements, configure the SDK, build the auth pages, wire session middleware.
-- **`/ory:login-flow`**: login, registration, recovery, verification, and settings pages with Ory Elements. Next.js App Router and React SPA variants.
-- **`/ory:social-login`**: Google, GitHub, Apple, Microsoft, Discord, and other OIDC providers with Jsonnet data mappers.
-- **`/ory:local-dev`**: drive the local Ory stack (below) from within Claude to prototype and test against without a remote project.
+### Skills for scaffolding Ory into your application
+
+Each skill is a vetted, end-to-end playbook. Ask Claude in natural language or invoke the slash command directly:
 
-Skills are versioned with the plugin so guidance stays in sync as Ory APIs evolve.
+- **`/ory:auth-setup`** — full project setup. Install the Ory CLI, create an Ory Network project (or use the local one), add Ory Elements, configure the SDK, build the auth pages, wire session middleware.
+- **`/ory:login-flow`** — login, registration, recovery, verification, and settings pages with Ory Elements. Next.js App Router and React SPA variants.
+- **`/ory:social-login`** — Google, GitHub, Apple, Microsoft, Discord, and other OIDC providers with Jsonnet data mappers.
+- **`/ory:local-dev`** — drive the local Ory stack from within Claude to prototype and test without a remote project.
 
 ### Ory MCP server
 
-Bundled and registered automatically. It exposes the Ory CLI and the Ory Network REST API as MCP tools so Claude can manage identities, OAuth2 clients, projects, permission tuples, and configuration without ever leaving the chat. Useful for seeding test data, verifying a scaffolded integration, or running one-off admin tasks.
+Bundled and registered automatically. Exposes the Ory CLI and the Ory Network REST API as MCP tools so Claude can manage identities, OAuth2 clients, projects, permission tuples, and configuration without ever leaving the chat. Useful for seeding test data, verifying a scaffolded integration, or running one-off admin tasks.
 
-### Local Ory stack in one command
+### Local Ory stack
 
 ```
 /ory:local-up      # start a local Ory instance in Docker
 /ory:local-down    # tear it all down
 ```
 
-`local up` runs a local Ory instance in Docker, covering everything the plugin and your scaffolded application need. It also brings up a login UI on `:3000` and Jaeger on `:16686`, all reachable through `http://localhost:4000`. A test user identity is seeded and the credentials are printed for you. Use it to:
+`local-up` brings up Ory Identities, OAuth2, and Permissions, plus a login UI on `:3000` and Jaeger on `:16686`, all reachable through `http://localhost:4000`. A test user identity is seeded and the credentials are printed for you. Use it to:
 
 - **Learn Ory hands-on** without signing up for a hosted project.
-- **Prototype** flows (login, social, MFA, recovery, permission tuples) against a real Ory backend in your local dev loop.
+- **Prototype** flows (login, social, MFA, recovery, permission tuples) against a real Ory backend.
 - **Test** an auth integration end-to-end before pushing anything to a real environment.
 - **Develop** your application against the same identity, OAuth2, and permission surfaces you'll ship with.
 
-Point `ORY_PROJECT_URL` at `http://localhost:4000` (or run `npx -y -p @ory/claude-code ory-claude configure`) and the security features below run against the local stack.
+## Pointing at a real Ory project
 
-## Configure
+The Quickstart uses the local stack. If you have a hosted [Ory Network](https://console.ory.sh) project, point the plugin at it:
 
 ```bash
-npx -y -p @ory/claude-code ory-claude configure --project-url https://<id>.projects.oryapis.com --api-key ory_pat_...
+npx -y -p @ory/claude-code ory-claude configure \
+  --project-url https://<id>.projects.oryapis.com \
+  --api-key ory_pat_...
 ```
 
-Config is saved to `~/.config/ory-agent-plugins/config.json` and shared across every Ory agent plugin on the machine. Without it the plugin still loads cleanly and runs in **pass-through mode**: skills and commands work, but nothing is blocked.
+Config is saved to `~/.config/ory-agent-plugins/config.json` and shared across every Ory agent plugin on the machine.
+
+Without configuration the plugin still loads cleanly and runs in **pass-through mode**: skills and commands work, but nothing is blocked. You can stay in pass-through mode indefinitely if you only want the DX features.
+
+## Agent security
+
+Once the plugin is pointed at an Ory project (local or hosted), Claude's session and every tool call can be governed by Ory.
+
+- **Authentication.** Two identities. The human at the keyboard (the **user**) authenticates interactively via Ory Identities when `ORY_AUTH_GATE=1` is set. The Claude process (the **agent**) gets its own OAuth2 identity, self-registered via [Dynamic Client Registration (RFC 7591)](https://datatracker.ietf.org/doc/html/rfc7591) on first run. Sub-agents launched by the `Task` tool each receive their own typed identity.
+- **Authorization.** Before any tool runs, the plugin checks [Ory Permissions](https://www.ory.sh/docs/keto) (Zanzibar-style relation tuples) against the user's subject and blocks the call on `deny`. MCP tool calls additionally get a server-level check.
+- **Audit.** Every decision (allow, deny, fallback) is recorded as a structured trace span: NDJSON file output and/or OTLP/HTTP export to Jaeger, Honeycomb, Grafana, and similar collectors. The user → agent (and agent → subagent) delegation chain is written to Ory as relation tuples so *"agent X acting on behalf of user Y"* stays queryable after tokens expire.
+
+The plugin is **fail-open** on its own infrastructure failures (network errors, rate limits, missing config), so enforcement is only as strong as your tuples — grant explicit `invoke` relations for the tools each user should be able to run.
+
+### Enable enforcement
 
-## Agent security (Argus)
+1. **Turn on the user gate.** In your shell:
 
-Once the plugin is pointed at an Ory project (local or hosted), Claude's session and every tool call are governed by Ory.
+   ```bash
+   export ORY_AUTH_GATE=1
+   ```
 
-- **Authentication.** Two identities. The human at the keyboard (the **user**) authenticates interactively via Ory Identities when `ORY_AUTH_GATE=1`. The Claude process (the **agent**) gets its own OAuth2 identity, self-registered via Dynamic Client Registration on first run. Sub-agents launched by the `Task` tool each receive their own typed identity.
-- **Authorization.** Before any tool runs, the plugin checks Ory Permissions against the user's subject and blocks the call on `deny`. MCP tool calls additionally get a server-level check.
-- **Audit.** Every decision (allow, deny, fallback) is recorded as a structured trace span: NDJSON file output and/or OTLP/HTTP export to Jaeger, Honeycomb, Grafana, and similar collectors. The user-to-agent (and agent-to-subagent) delegation chain is written to Ory as Zanzibar tuples so "agent X acting on behalf of user Y" stays queryable after tokens expire.
+   The next Claude session opens a browser for PKCE login. Subsequent sessions reuse the persisted token until it expires.
 
-The plugin is **fail-open** on its own infrastructure failures (network errors, rate limits, missing config), so enforcement is only as strong as your tuples; grant explicit `invoke` relations for the tools each user should be able to run.
+2. **Grant yourself permission to use a tool.** Use the Ory MCP server from inside Claude (*"grant me invoke on the Bash tool"*) or the CLI directly:
 
-## CLI
+   ```bash
+   ory create relationship \
+     --namespace AgentTools \
+     --object Bash \
+     --relation invoke \
+     --subject-id <your-user-subject-id>
+   ```
+
+   Your subject id is printed at the start of every Claude session when `ORY_AGENT_DEBUG=true`.
+
+3. **See a denial.** Pick a tool you didn't grant (or remove the tuple) and ask Claude to use it. The hook blocks the call and Claude shows the denial reason. The decision is recorded as a `tool.block` trace span.
+
+## CLI reference
 
 ```
-npx -y -p @ory/claude-code ory-claude install | uninstall                [--global]
-npx -y -p @ory/claude-code ory-claude configure                           [--project-url <url>] [--api-key <key>] [--audit-only]
-npx -y -p @ory/claude-code ory-claude agent <status|unregister>           Manage the agent's OAuth2 identity
+npx -y -p @ory/claude-code ory-claude install | uninstall              [--global]
+npx -y -p @ory/claude-code ory-claude configure                         [--project-url <url>] [--api-key <key>] [--audit-only]
+npx -y -p @ory/claude-code ory-claude agent <status|unregister>         Manage the agent's OAuth2 identity
 npx -y -p @ory/claude-code ory-claude local <up|down|status|seed|logs|env|configure|reset>
 npx -y -p @ory/claude-code ory-claude status
 ```
 
+Highlights:
+
+- `agent status` — show the current persisted DCR identity for the agent.
+- `configure --audit-only` — record decisions without blocking; useful for a phased rollout.
+- `local seed` / `local env` — reseed the test user, or print env vars for pointing other tools at the local stack.
+
+## Troubleshooting
+
+- **`/ory:local-up` fails.** Make sure Docker is running and ports `3000`, `4000`, `4100`, and `16686` are free.
+- **PKCE login loops.** Clear persisted state with `npx -y -p @ory/claude-code ory-claude agent unregister` and retry.
+- **`npx` fetches an old version.** Force a fresh fetch: `npx -y -p @ory/claude-code@latest ory-claude …`.
+- **Need more signal.** Set `ORY_AGENT_DEBUG=true` and `ORY_AGENT_LOG_FILE=/tmp/ory.log` to capture structured logs.
+
 ## Links
 
-- [ory.com](https://ory.com)
+- [Ory documentation](https://www.ory.com/docs/)
+- [Ory Network console](https://console.ory.sh)
+- [Ory Elements](https://github.com/ory/elements)
+- [Claude Code documentation](https://docs.anthropic.com/en/docs/claude-code)
 
 ## License
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ory/claude-code",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Ory plugin for Claude Code: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call",
   "license": "Apache-2.0",
   "homepage": "https://ory.com",
@@ -72,7 +72,7 @@
     "!dist/**/*.tsbuildinfo"
   ],
   "dependencies": {
-    "@ory/argus": "0.1.2"
+    "@ory/argus": "0.1.3"
   },
   "engines": {
     "node": ">=24"