@otto-assistant/bridge 0.4.96 → 0.4.100

package/dist/agent-model.e2e.test.js

@@ -417,7 +417,13 @@ describe('agent model resolution', () => {
             afterMessageIncludes: 'reply-context-ok',
             afterAuthorId: discord.botUserId,
         });
-        expect(await discord.thread(thread.id).text()).toMatchInlineSnapshot(`
+        const threadText = (await discord.thread(thread.id).text())
+            .split('\n')
+            .filter((line) => {
+            return !line.startsWith('⬦ info: Context cache discarded:');
+        })
+            .join('\n');
+        expect(threadText).toMatchInlineSnapshot(`
         "--- from: user (agent-model-tester)
         first message in thread
         Reply with exactly: reply-context-check

package/dist/anthropic-account-identity.js

@@ -0,0 +1,62 @@
+// Helpers for extracting and normalizing Anthropic OAuth account identity.
+const identityHintKeys = new Set(['user', 'profile', 'account', 'viewer']);
+const idKeys = ['user_id', 'userId', 'account_id', 'accountId', 'id', 'sub'];
+export function normalizeAnthropicAccountIdentity(identity) {
+    const email = typeof identity?.email === 'string' && identity.email.trim()
+        ? identity.email.trim().toLowerCase()
+        : undefined;
+    const accountId = typeof identity?.accountId === 'string' && identity.accountId.trim()
+        ? identity.accountId.trim()
+        : undefined;
+    if (!email && !accountId)
+        return undefined;
+    return {
+        ...(email ? { email } : {}),
+        ...(accountId ? { accountId } : {}),
+    };
+}
+function getCandidateFromRecord(record, path) {
+    const email = typeof record.email === 'string' ? record.email : undefined;
+    const accountId = idKeys
+        .map((key) => {
+        const value = record[key];
+        return typeof value === 'string' ? value : undefined;
+    })
+        .find((value) => {
+        return Boolean(value);
+    });
+    const normalized = normalizeAnthropicAccountIdentity({ email, accountId });
+    if (!normalized)
+        return undefined;
+    const hasIdentityHint = path.some((segment) => {
+        return identityHintKeys.has(segment);
+    });
+    return {
+        ...normalized,
+        score: (normalized.email ? 4 : 0) + (normalized.accountId ? 2 : 0) + (hasIdentityHint ? 2 : 0),
+    };
+}
+function collectIdentityCandidates(value, path = []) {
+    if (!value || typeof value !== 'object')
+        return [];
+    if (Array.isArray(value)) {
+        return value.flatMap((entry) => {
+            return collectIdentityCandidates(entry, path);
+        });
+    }
+    const record = value;
+    const nested = Object.entries(record).flatMap(([key, entry]) => {
+        return collectIdentityCandidates(entry, [...path, key]);
+    });
+    const current = getCandidateFromRecord(record, path);
+    return current ? [current, ...nested] : nested;
+}
+export function extractAnthropicAccountIdentity(value) {
+    const candidates = collectIdentityCandidates(value);
+    const best = candidates.sort((a, b) => {
+        return b.score - a.score;
+    })[0];
+    if (!best)
+        return undefined;
+    return normalizeAnthropicAccountIdentity(best);
+}

package/dist/anthropic-account-identity.test.js

@@ -0,0 +1,38 @@
+// Tests Anthropic OAuth account identity parsing and normalization.
+import { describe, expect, test } from 'vitest';
+import { extractAnthropicAccountIdentity, normalizeAnthropicAccountIdentity, } from './anthropic-account-identity.js';
+describe('normalizeAnthropicAccountIdentity', () => {
+    test('normalizes email casing and drops empty values', () => {
+        expect(normalizeAnthropicAccountIdentity({
+            email: '  User@Example.com ',
+            accountId: '  user_123  ',
+        })).toEqual({
+            email: 'user@example.com',
+            accountId: 'user_123',
+        });
+        expect(normalizeAnthropicAccountIdentity({ email: '   ' })).toBeUndefined();
+    });
+});
+describe('extractAnthropicAccountIdentity', () => {
+    test('prefers nested user profile identity from client_data responses', () => {
+        expect(extractAnthropicAccountIdentity({
+            organizations: [{ id: 'org_123', name: 'Workspace' }],
+            user: {
+                id: 'usr_123',
+                email: 'User@Example.com',
+            },
+        })).toEqual({
+            accountId: 'usr_123',
+            email: 'user@example.com',
+        });
+    });
+    test('falls back to profile-style payloads without email', () => {
+        expect(extractAnthropicAccountIdentity({
+            profile: {
+                user_id: 'usr_456',
+            },
+        })).toEqual({
+            accountId: 'usr_456',
+        });
+    });
+});

package/dist/anthropic-auth-plugin.js

@@ -23,6 +23,7 @@
  * - https://github.com/badlogic/pi-mono/blob/main/packages/ai/src/providers/anthropic.ts
  */
 import { loadAccountStore, rememberAnthropicOAuth, rotateAnthropicAccount, saveAccountStore, setAnthropicAuth, shouldRotateAuth, upsertAccount, withAuthStateLock, } from './anthropic-auth-state.js';
+import { extractAnthropicAccountIdentity, } from './anthropic-account-identity.js';
 // PKCE (Proof Key for Code Exchange) using Web Crypto API.
 // Reference: https://github.com/badlogic/pi-mono/blob/main/packages/ai/src/utils/oauth/pkce.ts
 function base64urlEncode(bytes) {
@@ -52,6 +53,8 @@ const CLIENT_ID = (() => {
 })();
 const TOKEN_URL = 'https://platform.claude.com/v1/oauth/token';
 const CREATE_API_KEY_URL = 'https://api.anthropic.com/api/oauth/claude_cli/create_api_key';
+const CLIENT_DATA_URL = 'https://api.anthropic.com/api/oauth/claude_cli/client_data';
+const PROFILE_URL = 'https://api.anthropic.com/api/oauth/profile';
 const CALLBACK_PORT = 53692;
 const CALLBACK_PATH = '/callback';
 const REDIRECT_URI = `http://localhost:${CALLBACK_PORT}${CALLBACK_PATH}`;
@@ -64,6 +67,7 @@ const CLAUDE_CODE_BETA = 'claude-code-20250219';
 const OAUTH_BETA = 'oauth-2025-04-20';
 const FINE_GRAINED_TOOL_STREAMING_BETA = 'fine-grained-tool-streaming-2025-05-14';
 const INTERLEAVED_THINKING_BETA = 'interleaved-thinking-2025-05-14';
+const TOAST_SESSION_HEADER = 'x-kimaki-session-id';
 const ANTHROPIC_HOSTS = new Set([
     'api.anthropic.com',
     'claude.ai',
@@ -227,6 +231,29 @@ async function createApiKey(accessToken) {
     const json = JSON.parse(responseText);
     return { type: 'success', key: json.raw_key };
 }
+async function fetchAnthropicAccountIdentity(accessToken) {
+    const urls = [CLIENT_DATA_URL, PROFILE_URL];
+    for (const url of urls) {
+        const responseText = await requestText(url, {
+            method: 'GET',
+            headers: {
+                Accept: 'application/json',
+                authorization: `Bearer ${accessToken}`,
+                'user-agent': process.env.OPENCODE_ANTHROPIC_USER_AGENT || `claude-cli/${CLAUDE_CODE_VERSION}`,
+                'x-app': 'cli',
+            },
+        }).catch(() => {
+            return undefined;
+        });
+        if (!responseText)
+            continue;
+        const parsed = JSON.parse(responseText);
+        const identity = extractAnthropicAccountIdentity(parsed);
+        if (identity)
+            return identity;
+    }
+    return undefined;
+}
 async function startCallbackServer(expectedState) {
     return new Promise((resolve, reject) => {
         let settle;
@@ -376,12 +403,13 @@ function buildAuthorizeHandler(mode) {
             if (mode === 'apikey') {
                 return createApiKey(creds.access);
             }
+            const identity = await fetchAnthropicAccountIdentity(creds.access);
             await rememberAnthropicOAuth({
                 type: 'oauth',
                 refresh: creds.refresh,
                 access: creds.access,
                 expires: creds.expires,
-            });
+            }, identity);
             return creds;
         };
         if (!isRemote) {
@@ -395,8 +423,7 @@ function buildAuthorizeHandler(mode) {
                             const result = await waitForCallback(auth.callbackServer);
                             return await finalize(result);
                         }
-                        catch (error) {
-                            console.error(`[anthropic-auth] ${error}`);
+                        catch {
                             return { type: 'failed' };
                         }
                     })();
@@ -414,8 +441,7 @@ function buildAuthorizeHandler(mode) {
                         const result = await waitForCallback(auth.callbackServer, input);
                         return await finalize(result);
                     }
-                    catch (error) {
-                        console.error(`[anthropic-auth] ${error}`);
+                    catch {
                         return { type: 'failed' };
                     }
                 })();
@@ -434,6 +460,8 @@ function sanitizeSystemText(text, onError) {
     const startIdx = text.indexOf(OPENCODE_IDENTITY);
     if (startIdx === -1)
         return text;
+    // to find the last heading to match readhttps://github.com/anomalyco/opencode/blob/dev/packages/opencode/src/session/prompt/anthropic.txt
+    // it contains the opencode injected prompt. you must keep the codeRefsMarker updated with that package
     const codeRefsMarker = '# Code References';
     const endIdx = text.indexOf(codeRefsMarker, startIdx);
     if (endIdx === -1) {
@@ -577,6 +605,12 @@ function wrapResponseStream(response, reverseToolNameMap) {
         headers: response.headers,
     });
 }
+function appendToastSessionMarker({ message, sessionId, }) {
+    if (!sessionId) {
+        return message;
+    }
+    return `${message} ${sessionId}`;
+}
 // --- Beta headers ---
 function getRequiredBetas(modelId) {
     const betas = [CLAUDE_CODE_BETA, OAUTH_BETA, FINE_GRAINED_TOOL_STREAMING_BETA];
@@ -624,7 +658,19 @@ async function getFreshOAuth(getAuth, client) {
         await setAnthropicAuth(refreshed, client);
         const store = await loadAccountStore();
         if (store.accounts.length > 0) {
-            upsertAccount(store, refreshed);
+            const identity = (() => {
+                const currentIndex = store.accounts.findIndex((account) => {
+                    return account.refresh === latest.refresh || account.access === latest.access;
+                });
+                const current = currentIndex >= 0 ? store.accounts[currentIndex] : undefined;
+                if (!current)
+                    return undefined;
+                return {
+                    ...(current.email ? { email: current.email } : {}),
+                    ...(current.accountId ? { accountId: current.accountId } : {}),
+                };
+            })();
+            upsertAccount(store, { ...refreshed, ...identity });
             await saveAccountStore(store);
         }
         return refreshed;
@@ -637,6 +683,12 @@ async function getFreshOAuth(getAuth, client) {
 // --- Plugin export ---
 const AnthropicAuthPlugin = async ({ client }) => {
     return {
+        'chat.headers': async (input, output) => {
+            if (input.model.providerID !== 'anthropic') {
+                return;
+            }
+            output.headers[TOAST_SESSION_HEADER] = input.sessionID;
+        },
         auth: {
             provider: 'anthropic',
             async loader(getAuth, provider) {
@@ -668,11 +720,6 @@ const AnthropicAuthPlugin = async ({ client }) => {
                                     .text()
                                     .catch(() => undefined)
                                 : undefined;
-                        const rewritten = rewriteRequestPayload(originalBody, (msg) => {
-                            client.tui.showToast({
-                                body: { message: msg, variant: 'error' },
-                            }).catch(() => { });
-                        });
                         const headers = new Headers(init?.headers);
                         if (input instanceof Request) {
                             input.headers.forEach((v, k) => {
@@ -680,9 +727,19 @@ const AnthropicAuthPlugin = async ({ client }) => {
                                     headers.set(k, v);
                             });
                         }
+                        const sessionId = headers.get(TOAST_SESSION_HEADER) ?? undefined;
+                        const rewritten = rewriteRequestPayload(originalBody, (msg) => {
+                            client.tui.showToast({
+                                body: {
+                                    message: appendToastSessionMarker({ message: msg, sessionId }),
+                                    variant: 'error',
+                                },
+                            }).catch(() => { });
+                        });
                         const betas = getRequiredBetas(rewritten.modelId);
                         const runRequest = async (auth) => {
                             const requestHeaders = new Headers(headers);
+                            requestHeaders.delete(TOAST_SESSION_HEADER);
                             requestHeaders.set('accept', 'application/json');
                             requestHeaders.set('anthropic-beta', mergeBetas(requestHeaders.get('anthropic-beta'), betas));
                             requestHeaders.set('anthropic-dangerous-direct-browser-access', 'true');
@@ -711,7 +768,10 @@ const AnthropicAuthPlugin = async ({ client }) => {
                                     // Show toast notification so Discord thread shows the rotation
                                     client.tui.showToast({
                                         body: {
-                                            message: `Switching from account ${rotated.fromLabel} to account ${rotated.toLabel}`,
+                                            message: appendToastSessionMarker({
+                                                message: `Switching from account ${rotated.fromLabel} to account ${rotated.toLabel}`,
+                                                sessionId,
+                                            }),
                                             variant: 'info',
                                         },
                                     }).catch(() => { });

package/dist/anthropic-auth-state.js

@@ -1,6 +1,7 @@
 import * as fs from 'node:fs/promises';
 import { homedir } from 'node:os';
 import path from 'node:path';
+import { normalizeAnthropicAccountIdentity, } from './anthropic-account-identity.js';
 const AUTH_LOCK_STALE_MS = 30_000;
 const AUTH_LOCK_RETRY_MS = 100;
 async function readJson(filePath, fallback) {
@@ -80,6 +81,8 @@ export function normalizeAccountStore(input) {
             typeof account.refresh === 'string' &&
             typeof account.access === 'string' &&
             typeof account.expires === 'number' &&
+            (typeof account.email === 'undefined' || typeof account.email === 'string') &&
+            (typeof account.accountId === 'undefined' || typeof account.accountId === 'string') &&
             typeof account.addedAt === 'number' &&
             typeof account.lastUsed === 'number')
         : [];
@@ -96,8 +99,13 @@ export async function saveAccountStore(store) {
 }
 /** Short label for an account: first 8 + last 4 chars of refresh token. */
 export function accountLabel(account, index) {
+    const accountWithIdentity = account;
+    const identity = accountWithIdentity.email || accountWithIdentity.accountId;
     const r = account.refresh;
     const short = r.length > 12 ? `${r.slice(0, 8)}...${r.slice(-4)}` : r;
+    if (identity) {
+        return index !== undefined ? `#${index + 1} (${identity})` : identity;
+    }
     return index !== undefined ? `#${index + 1} (${short})` : short;
 }
 function findCurrentAccountIndex(store, auth) {
@@ -116,14 +124,29 @@ function findCurrentAccountIndex(store, auth) {
     return store.activeIndex;
 }
 export function upsertAccount(store, auth, now = Date.now()) {
+    const authWithIdentity = auth;
+    const identity = normalizeAnthropicAccountIdentity({
+        email: authWithIdentity.email,
+        accountId: authWithIdentity.accountId,
+    });
     const index = store.accounts.findIndex((account) => {
-        return account.refresh === auth.refresh || account.access === auth.access;
+        if (account.refresh === auth.refresh || account.access === auth.access) {
+            return true;
+        }
+        if (identity?.accountId && account.accountId === identity.accountId) {
+            return true;
+        }
+        if (identity?.email && account.email === identity.email) {
+            return true;
+        }
+        return false;
     });
     const nextAccount = {
         type: 'oauth',
         refresh: auth.refresh,
         access: auth.access,
         expires: auth.expires,
+        ...identity,
         addedAt: now,
         lastUsed: now,
     };
@@ -139,14 +162,16 @@ export function upsertAccount(store, auth, now = Date.now()) {
         ...existing,
         ...nextAccount,
         addedAt: existing.addedAt,
+        email: nextAccount.email || existing.email,
+        accountId: nextAccount.accountId || existing.accountId,
     };
     store.activeIndex = index;
     return index;
 }
-export async function rememberAnthropicOAuth(auth) {
+export async function rememberAnthropicOAuth(auth, identity) {
     await withAuthStateLock(async () => {
         const store = await loadAccountStore();
-        upsertAccount(store, auth);
+        upsertAccount(store, { ...auth, ...normalizeAnthropicAccountIdentity(identity) });
         await saveAccountStore(store);
     });
 }

package/dist/{anthropic-auth-plugin.test.js → anthropic-auth-state.test.js}

@@ -1,9 +1,9 @@
-// Tests for Anthropic OAuth multi-account persistence and rotation.
+// Tests Anthropic OAuth account persistence, deduplication, and rotation.
 import { mkdtemp, readFile, rm, mkdir, writeFile } from 'node:fs/promises';
 import { tmpdir } from 'node:os';
 import path from 'node:path';
 import { afterEach, beforeEach, describe, expect, test } from 'vitest';
-import { authFilePath, loadAccountStore, rememberAnthropicOAuth, removeAccount, rotateAnthropicAccount, saveAccountStore, shouldRotateAuth, } from './anthropic-auth-state.js';
+import { accountLabel, authFilePath, loadAccountStore, rememberAnthropicOAuth, removeAccount, rotateAnthropicAccount, saveAccountStore, shouldRotateAuth, } from './anthropic-auth-state.js';
 const firstAccount = {
     type: 'oauth',
     refresh: 'refresh-first',
@@ -45,6 +45,25 @@ describe('rememberAnthropicOAuth', () => {
             expires: 3,
         });
     });
+    test('deduplicates new tokens by email or account ID', async () => {
+        await rememberAnthropicOAuth(firstAccount, {
+            email: 'user@example.com',
+            accountId: 'usr_123',
+        });
+        await rememberAnthropicOAuth(secondAccount, {
+            email: 'User@example.com',
+            accountId: 'usr_123',
+        });
+        const store = await loadAccountStore();
+        expect(store.accounts).toHaveLength(1);
+        expect(store.accounts[0]).toMatchObject({
+            refresh: 'refresh-second',
+            access: 'access-second',
+            email: 'user@example.com',
+            accountId: 'usr_123',
+        });
+        expect(accountLabel(store.accounts[0])).toBe('user@example.com');
+    });
 });
 describe('rotateAnthropicAccount', () => {
     test('rotates to the next stored account and syncs auth state', async () => {

package/dist/cli-parsing.test.js

@@ -22,8 +22,8 @@ function createCliForIdParsing() {
         .command('add-project', 'Add a project')
         .option('-g, --guild <guildId>', 'Discord guild/server ID');
     cli.command('task delete <id>', 'Delete task');
-    cli.command('anthropic-accounts list', 'List stored Anthropic accounts').hidden();
-    cli.command('anthropic-accounts remove <index>', 'Remove stored Anthropic account').hidden();
+    cli.command('anthropic-accounts list', 'List stored Anthropic accounts');
+    cli.command('anthropic-accounts remove <indexOrEmail>', 'Remove stored Anthropic account');
     return cli;
 }
 describe('goke CLI ID parsing', () => {
@@ -113,13 +113,16 @@ describe('goke CLI ID parsing', () => {
         expect(result.args[0]).toBe(taskId);
         expect(typeof result.args[0]).toBe('string');
     });
-    test('hidden anthropic account commands still parse', () => {
+    test('anthropic account remove parses index and email as strings', () => {
         const cli = createCliForIdParsing();
-        const result = cli.parse(['node', 'kimaki', 'anthropic-accounts', 'remove', '2'], { run: false });
-        expect(result.args[0]).toBe('2');
-        expect(typeof result.args[0]).toBe('string');
+        const indexResult = cli.parse(['node', 'kimaki', 'anthropic-accounts', 'remove', '2'], { run: false });
+        const emailResult = cli.parse(['node', 'kimaki', 'anthropic-accounts', 'remove', 'user@example.com'], { run: false });
+        expect(indexResult.args[0]).toBe('2');
+        expect(typeof indexResult.args[0]).toBe('string');
+        expect(emailResult.args[0]).toBe('user@example.com');
+        expect(typeof emailResult.args[0]).toBe('string');
     });
-    test('hidden anthropic account commands are excluded from help output', () => {
+    test('anthropic account commands are included in help output', () => {
         const stdout = {
             text: '',
             write(data) {
@@ -128,10 +131,10 @@ describe('goke CLI ID parsing', () => {
         };
         const cli = goke('kimaki', { stdout: stdout });
         cli.command('send', 'Send a message');
-        cli.command('anthropic-accounts list', 'List stored Anthropic accounts').hidden();
+        cli.command('anthropic-accounts list', 'List stored Anthropic accounts');
         cli.help();
         cli.parse(['node', 'kimaki', '--help'], { run: false });
         expect(stdout.text).toContain('send');
-        expect(stdout.text).not.toContain('anthropic-accounts');
+        expect(stdout.text).toContain('anthropic-accounts');
     });
 });

package/dist/cli-send-thread.e2e.test.js

@@ -257,14 +257,11 @@ describe('kimaki send --channel thread creation', () => {
                 return m.author.id === discord.botUserId && m.id !== starterMessage.id;
             });
             const allContent = botReplies.map((m) => {
-                return m.content.slice(0, 200);
+                return m.content;
             });
-            expect(allContent).toMatchInlineSnapshot(`
-          [
-            "✗ opencode session error: Command not found: "hello-test". Available commands: init, review, goke, security-review, jitter, proxyman, gitchamber, event-sourcing-state, usecomputer, spiceflow, batch, x",
-            "✗ OpenCode API error: Command not found: "hello-test". Available commands: init, review, goke, security-review, jitter, proxyman, gitchamber, event-sourcing-state, usecomputer, spiceflow, batch, x-art",
-          ]
-        `);
+            expect(allContent.some((content) => {
+                return content.includes('Command not found: "hello-test"');
+            })).toBe(true);
         }
         finally {
             store.setState({ registeredUserCommands: prevCommands });

package/dist/cli.js

@@ -41,7 +41,7 @@ const cliLogger = createLogger(LogPrefix.CLI);
 // We derive REST base from this URL by swapping ws/wss to http/https.
 // These are hardcoded because they're deploy-time constants for the gateway infrastructure.
 const KIMAKI_GATEWAY_PROXY_URL = process.env.KIMAKI_GATEWAY_PROXY_URL ||
-    'wss://discord-gateway.kimaki.xyz';
+    'wss://discord-gateway.kimaki.dev';
 const KIMAKI_GATEWAY_PROXY_REST_BASE_URL = getGatewayProxyRestBaseUrl({
     gatewayUrl: KIMAKI_GATEWAY_PROXY_URL,
 });
@@ -662,7 +662,8 @@ async function resolveCredentials({ forceRestartOnboarding, forceGateway, gatewa
                 options: [
                     {
                         value: 'gateway',
-                        label: 'Gateway (pre-built Kimaki bot — no setup needed)',
+                        disabled: true,
+                        label: 'Gateway (pre-built Kimaki bot, currently disabled because of Discord verification process. will be re-enabled soon)',
                     },
                     {
                         value: 'self_hosted',
@@ -2224,7 +2225,6 @@ cli
 });
 cli
     .command('anthropic-accounts list', 'List stored Anthropic OAuth accounts used for automatic rotation')
-    .hidden()
     .action(async () => {
     const store = await loadAccountStore();
     console.log(`Store: ${accountsFilePath()}`);
@@ -2239,16 +2239,29 @@ cli
     process.exit(0);
 });
 cli
-    .command('anthropic-accounts remove <index>', 'Remove a stored Anthropic OAuth account from the rotation pool')
-    .hidden()
-    .action(async (index) => {
-    const value = Number(index);
-    if (!Number.isInteger(value) || value < 1) {
-        cliLogger.error('Usage: kimaki anthropic-accounts remove <index>');
+    .command('anthropic-accounts remove <indexOrEmail>', 'Remove a stored Anthropic OAuth account from the rotation pool by index or email')
+    .action(async (indexOrEmail) => {
+    const value = Number(indexOrEmail);
+    const store = await loadAccountStore();
+    const resolvedIndex = (() => {
+        if (Number.isInteger(value) && value >= 1) {
+            return value - 1;
+        }
+        const email = indexOrEmail.trim().toLowerCase();
+        if (!email) {
+            return -1;
+        }
+        return store.accounts.findIndex((account) => {
+            return account.email?.toLowerCase() === email;
+        });
+    })();
+    if (resolvedIndex < 0) {
+        cliLogger.error('Usage: kimaki anthropic-accounts remove <index-or-email>');
         process.exit(EXIT_NO_RESTART);
     }
-    await removeAccount(value - 1);
-    cliLogger.log(`Removed Anthropic account ${value}`);
+    const removed = store.accounts[resolvedIndex];
+    await removeAccount(resolvedIndex);
+    cliLogger.log(`Removed Anthropic account ${removed ? accountLabel(removed, resolvedIndex) : indexOrEmail}`);
     process.exit(0);
 });
 cli
@@ -2682,7 +2695,7 @@ cli
         port,
         tunnelId: options.tunnelId,
         localHost: options.host,
-        baseDomain: 'kimaki.xyz',
+        baseDomain: 'kimaki.dev',
         serverUrl: options.server,
         command: command.length > 0 ? command : undefined,
         kill: options.kill,

package/dist/commands/screenshare.js

@@ -21,7 +21,7 @@ const activeSessions = new Map();
 const VNC_PORT = 5900;
 const MAX_SESSION_MINUTES = 30;
 const MAX_SESSION_MS = MAX_SESSION_MINUTES * 60 * 1000;
-const TUNNEL_BASE_DOMAIN = 'kimaki.xyz';
+const TUNNEL_BASE_DOMAIN = 'kimaki.dev';
 const SCREENSHARE_TUNNEL_ID_BYTES = 16;
 // Public noVNC client — we point it at our tunnel URL
 export function buildNoVncUrl({ tunnelHost }) {

package/dist/commands/screenshare.test.js

@@ -11,9 +11,9 @@ describe('screenshare security defaults', () => {
         }
     });
     test('builds a secure noVNC URL', () => {
-        const url = new URL(buildNoVncUrl({ tunnelHost: '0123456789abcdef-tunnel.kimaki.xyz' }));
+        const url = new URL(buildNoVncUrl({ tunnelHost: '0123456789abcdef-tunnel.kimaki.dev' }));
         expect(url.origin).toBe('https://novnc.com');
-        expect(url.searchParams.get('host')).toBe('0123456789abcdef-tunnel.kimaki.xyz');
+        expect(url.searchParams.get('host')).toBe('0123456789abcdef-tunnel.kimaki.dev');
         expect(url.searchParams.get('port')).toBe('443');
         expect(url.searchParams.get('encrypt')).toBe('1');
     });