npm - @ory/claude-code - Versions diffs - 0.6.1 → 0.7.0 - Mend

@ory/claude-code 0.6.1 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -20,19 +20,24 @@ Inside Claude Code:
 /plugin install ory-agent-plugin@ory
 ```
-Skills, slash commands, hooks, and the Ory MCP server are now registered. Verify with `/plugin list`.
+Then confirm everything landed:
+```bash
+npx -y -p @ory/claude-code ory-claude status
+```
+`status` is the single source of truth — it prints configuration, user and agent identity, per-tool permission coverage, hook + skill registration, and a tail of recent debug logs. Unconfigured fields show inline as `(unset)`.
 <details>
 <summary>Alternative install path (no Claude Code session required)</summary>
 ```bash
-# Direct installer — registers the marketplace and installs the plugin via the claude CLI.
 npx -y -p @ory/claude-code ory-claude install            # current project
 npx -y -p @ory/claude-code ory-claude install --global   # all projects (user scope)
 npx -y -p @ory/claude-code ory-claude uninstall
 ```
-The installer requires the `claude` CLI on `PATH`. After it finishes, run `ory-claude status` to confirm the plugin is registered.
+The installer requires the `claude` CLI on `PATH`.
 </details>
@@ -52,13 +57,13 @@ From any project where you'd like Ory authentication, inside Claude Code:
 3. **Sign in.** Start your app, visit the login page Claude added, and sign in with the seeded credentials. You now have a real Ory session backed by a real Ory stack — locally, offline, with zero configuration.
-4. **Turn on Ory login for the Claude session itself.** *(Optional but recommended.)* Out of the box the plugin only governs your *app*. To also attach an Ory identity to *Claude's* session — so every tool call is attributed to you, not a fallback `session:<id>` subject — set:
+4. **Turn on Ory login for the Claude session itself.** *(Optional but recommended.)* Out of the box the plugin only governs your *app*. To also attach an Ory identity to *Claude's* session — so every tool call is attributed to you, not a fallback `session:<id>` subject — opt in to the user-login flow:
    ```bash
-   export ORY_AUTH_GATE=1
+   export ORY_USER_LOGIN=1
    ```
-   Then restart Claude. On next session start, Claude opens an Ory login in your browser; sign in with the same seeded credentials from step 1. This is what makes `permissions enforce` (see [Agent security](#agent-security)) deny on the right identity later.
+   User login is off by default. With it on, the next Claude session opens an Ory login in your browser; sign in with the same seeded credentials from step 1, and the token is reused on subsequent sessions until it expires. This is what makes `permissions enforce` (see [Agent security](#agent-security)) deny on the right identity later.
 That's the full Ory DX path. Stop here if you're just evaluating the plugin. Continue to [Agent security](#agent-security) when you're ready to enforce.
@@ -114,7 +119,7 @@ Without any configuration the plugin still loads cleanly and runs in **pass-thro
 Once the plugin is pointed at an Ory project (local or hosted), Claude's session and every tool call can be governed by Ory.
-- **Authentication.** Two identities. The human at the keyboard (the **user**) authenticates interactively via Ory Identities when `ORY_AUTH_GATE=1` is set. The Claude process (the **agent**) gets its own OAuth2 identity, self-registered via [Dynamic Client Registration (RFC 7591)](https://datatracker.ietf.org/doc/html/rfc7591) on first run. Sub-agents launched by the `Task` tool each receive their own typed identity.
+- **Authentication.** Two identities. The human at the keyboard (the **user**) authenticates interactively via Ory Identities when user login is enabled (`ORY_USER_LOGIN=1`, off by default — browser PKCE flow on first session, persisted token thereafter). The Claude process (the **agent**) gets its own OAuth2 identity, self-registered via [Dynamic Client Registration (RFC 7591)](https://datatracker.ietf.org/doc/html/rfc7591) on first run. Sub-agents launched by the `Task` tool each receive their own typed identity.
 - **Authorization.** Before any tool runs, the plugin checks [Ory Permissions](https://www.ory.sh/docs/keto) (Zanzibar-style relations) against the user's subject and blocks the call on `deny`. MCP tool calls additionally get a server-level check.
 - **Audit.** Every decision (allow, deny, fallback) is recorded as a structured trace span: NDJSON file output and/or OTLP/HTTP export to Jaeger, Honeycomb, Grafana, and similar collectors. The user → agent (and agent → subagent) delegation chain is written to Ory as relations so *"agent X acting on behalf of user Y"* stays queryable after tokens expire.
@@ -124,10 +129,10 @@ The plugin is **fail-open** on its own infrastructure failures (network errors,
 With an Ory project configured, the plugin runs in **observe mode** by default: every tool call is checked against Ory Permissions, a deny is recorded as a `permission.observe_deny` audit span, and the tool runs anyway. This lets you see what *would* be blocked before turning on hard blocking. (Without a project configured, the plugin is in pass-through mode — no checks run at all.)
-1. **Turn on the user gate.** In your shell:
+1. **Turn on user login.** It's off by default. In your shell:
    ```bash
-   export ORY_AUTH_GATE=1
+   export ORY_USER_LOGIN=1
    ```
    The next Claude session opens a browser for PKCE login. Subsequent sessions reuse the persisted token until it expires.

package/dist/handlers.d.ts CHANGED Viewed

@@ -1,8 +1,8 @@
 import { OryAgentClient, ensureUserAuthenticated, ensureAgentIdentity, ensureSubAgentIdentity } from "@ory/argus";
 import type { ClaudeCodeHookInput, ClaudeCodeHookOutput } from "./types.js";
 export interface HandleHookEventDeps {
-    /** Test injection point for the user auth gate. */
-    authGate?: typeof ensureUserAuthenticated;
+    /** Test injection point for the user login flow. */
+    userLogin?: typeof ensureUserAuthenticated;
     /** Test injection point for the agent identity gate. */
     agentGate?: typeof ensureAgentIdentity;
     /** Test injection point for the sub-agent identity resolver. */

package/dist/handlers.js CHANGED Viewed

@@ -60,10 +60,10 @@ async function handleSessionStart(input, client, deps) {
     client.tracer.record("session.start", "ok", {
         attributes: { model: input.model, source: input.source },
     });
-    // Run the user auth gate (interactive PKCE on first session, refresh
-    // when needed). When ORY_AUTH_GATE is unset this is a no-op and we
+    // Run the user login (interactive PKCE on first session, refresh
+    // when needed). When ORY_USER_LOGIN is unset this is a no-op and we
     // fall through to the legacy verify path below.
-    const userGate = deps.authGate ?? argus_1.ensureUserAuthenticated;
+    const userGate = deps.userLogin ?? argus_1.ensureUserAuthenticated;
     const decision = await userGate(client, {
         binName: "ory-claude",
         harness: "claude-code",

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ory/claude-code",
-  "version": "0.6.1",
+  "version": "0.7.0",
   "description": "Ory plugin for Claude Code: scaffolding skills, a local Ory instance, and authentication, authorization, and audit for every tool call",
   "license": "Apache-2.0",
   "homepage": "https://github.com/ory/claude-plugins/tree/master/plugins/ory-agent-plugin",
@@ -75,7 +75,7 @@
     "!dist/**/*.tsbuildinfo"
   ],
   "dependencies": {
-    "@ory/argus": "0.6.1"
+    "@ory/argus": "0.7.0"
   },
   "engines": {
     "node": ">=22"