@robbiesrobotics/alice-agents 1.5.2 → 1.5.4

package/bin/alice-cloud.cjs

@@ -0,0 +1,369 @@
+#!/usr/bin/env node
+/**
+ * alice-cloud - Zero-touch client onboarding CLI for A.L.I.C.E. | Control
+ * Usage: alice-cloud <command>
+ *   --non-interactive  Skip interactive prompts (use env vars)
+ *   ALICE_SUPABASE_TOKEN  Supabase access token (non-interactive mode)
+ */
+
+const path = require('path');
+const os = require('os');
+const fs = require('fs');
+const { spawn } = require('child_process');
+
+const CONFIG_DIR = path.join(os.homedir(), '.openclaw');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'alice-cloud.json');
+const API_BASE = 'https://alice.av3.ai/api/cloud';
+
+const NON_INTERACTIVE = process.argv.includes('--non-interactive') || process.env.ALICE_NON_INTERACTIVE === '1';
+const SUPABASE_TOKEN = process.env.ALICE_SUPABASE_TOKEN;
+
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf8'));
+    }
+  } catch (_) {}
+  return {};
+}
+
+function saveConfig(config) {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+
+async function sleep(ms) {
+  return new Promise((r) => setTimeout(r, ms));
+}
+
+function runCommand(cmd, args) {
+  return new Promise((resolve, reject) => {
+    const child = spawn(cmd, args, { shell: true });
+    let stdout = '', stderr = '';
+    child.stdout.on('data', (d) => { stdout += d; });
+    child.stderr.on('data', (d) => { stderr += d; });
+    child.on('close', (code) => {
+      if (code === 0) resolve(stdout);
+      else reject(new Error(stderr || `exit ${code}`));
+    });
+    child.on('error', reject);
+  });
+}
+
+// ── Login ──────────────────────────────────────────────────────────────────────
+async function login(args) {
+  const open = (await import('open')).default;
+  const got = (await import('got')).default;
+
+  // Non-interactive mode: use token from env
+  if (NON_INTERACTIVE) {
+    const token = SUPABASE_TOKEN;
+    if (!token) {
+      console.error('❌  ALICE_SUPABASE_TOKEN env var required for non-interactive login.');
+      process.exit(1);
+    }
+    try {
+      const res = await got(`${process.env.ALICE_SUPABASE_URL || 'https://xxxgvtwnlbtdgmlgccee.supabase.co'}/auth/v1/user`, {
+        headers: { Authorization: `Bearer ${token}` },
+        throwHttpErrors: false,
+      }).json();
+      const config = loadConfig();
+      config.supabaseToken = token;
+      config.user = res;
+      saveConfig(config);
+      console.log('✅  Logged in as', res.email || res.user_metadata?.user_name || 'unknown');
+      return;
+    } catch (err) {
+      console.error('❌  Token validation failed:', err.message);
+      process.exit(1);
+    }
+  }
+
+  console.log('🔐  A.L.I.C.E. Cloud login');
+  console.log('   Opening browser for Supabase OAuth…');
+
+  const supabaseUrl = process.env.ALICE_SUPABASE_URL || 'https://xxxgvtwnlbtdgmlgccee.supabase.co';
+  const redirectUri = `${API_BASE}/auth/callback`;
+  const oauthUrl = `${supabaseUrl}/auth/v1/authorize?provider=github&redirect_to=${encodeURIComponent(redirectUri)}`;
+
+  await open(oauthUrl);
+  console.log('   Browser opened. Complete login in your browser.');
+  console.log('   After login, paste your Supabase access token here:');
+  process.stdout.write('   > ');
+
+  return new Promise((resolve, reject) => {
+    let token = '';
+    process.stdin.setEncoding('utf8');
+    process.stdin.on('data', (d) => { token += d; });
+    process.stdin.on('end', async () => {
+      token = token.trim();
+      if (!token) { reject(new Error('No token provided')); return; }
+      try {
+        const res = await got(`${supabaseUrl}/auth/v1/user`, {
+          headers: { Authorization: `Bearer ${token}` },
+          throwHttpErrors: false,
+        }).json();
+        const config = loadConfig();
+        config.supabaseToken = token;
+        config.user = res;
+        saveConfig(config);
+        console.log('   ✅ Logged in as', res.email || res.user_metadata?.user_name || 'unknown');
+        resolve();
+      } catch (err) {
+        reject(new Error('Token validation failed: ' + err.message));
+      }
+    });
+  });
+}
+
+// ── Register ───────────────────────────────────────────────────────────────────
+async function detectGatewayUrl() {
+  const got = (await import('got')).default;
+  const candidates = ['https://localhost:18789', 'http://localhost:18789'];
+  for (const url of candidates) {
+    try {
+      await got.get(url, { throwHttpErrors: true, timeout: { request: 2000 }, retry: { limit: 0 } });
+      return url;
+    } catch (_) {}
+  }
+  return 'https://localhost:18789';
+}
+
+async function readGatewayToken() {
+  const cfg = path.join(os.homedir(), '.openclaw', 'openclaw.json');
+  try {
+    const data = JSON.parse(fs.readFileSync(cfg, 'utf8'));
+    return data.gateway?.auth?.token || '';
+  } catch (_) {}
+  return '';
+}
+
+async function getOpenClawVersion() {
+  try { return (await runCommand('openclaw', ['--version'])).trim(); } catch (_) {}
+  return 'unknown';
+}
+
+async function register(args) {
+  const got = (await import('got')).default;
+  const config = loadConfig();
+
+  if (!config.supabaseToken) {
+    console.error('❌  Not logged in. Run `alice-cloud login` first.');
+    process.exit(1);
+  }
+
+  const gatewayUrl = await detectGatewayUrl();
+  const gatewayToken = await readGatewayToken();
+  const hostname = os.hostname();
+  const version = await getOpenClawVersion();
+
+  console.log('🔗  Registering gateway with A.L.I.C.E. Cloud…');
+  console.log(`   Gateway URL : ${gatewayUrl}`);
+  console.log(`   Hostname    : ${hostname}`);
+  console.log(`   Version     : ${version}`);
+
+  let lastError;
+  for (let attempt = 1; attempt <= 3; attempt++) {
+    try {
+      const response = await got.post(`${API_BASE}/register`, {
+        json: { gatewayUrl, gatewayToken, hostname, version },
+        headers: { Authorization: `Bearer ${config.supabaseToken}` },
+        throwHttpErrors: true,
+      }).json();
+      config.registration = { gatewayUrl, hostname, version, registeredAt: new Date().toISOString() };
+      saveConfig(config);
+      console.log('   ✅ Gateway registered!');
+      return;
+    } catch (err) {
+      lastError = err;
+      const delay = attempt * 2000;
+      console.log(`   ⚠️  Attempt ${attempt} failed: ${err.message}. Retrying in ${delay}ms…`);
+      await sleep(delay);
+    }
+  }
+  console.error('❌  Registration failed after 3 attempts:', lastError.message);
+  process.exit(1);
+}
+
+// ── Status ─────────────────────────────────────────────────────────────────────
+async function status(args) {
+  const got = (await import('got')).default;
+  const config = loadConfig();
+
+  if (!config.supabaseToken) {
+    console.error('❌  Not logged in. Run `alice-cloud login` first.');
+    process.exit(1);
+  }
+
+  try {
+    const data = await got.get(`${API_BASE}/status`, {
+      headers: { Authorization: `Bearer ${config.supabaseToken}` },
+      throwHttpErrors: false,
+    }).json();
+
+    if (!data.registered) {
+      console.log('⚪  No gateway registered.');
+      console.log('   Run `alice-cloud register` to connect your gateway.');
+      return;
+    }
+
+    console.log('🟢  A.L.I.C.E. Cloud Status');
+    console.log(`   Gateway URL   : ${data.gatewayUrl}`);
+    console.log(`   Hostname      : ${data.hostname}`);
+    console.log(`   Status        : ${data.connected ? '🟢 Connected' : '🔴 Disconnected'}`);
+    console.log(`   Last heartbeat: ${data.lastHeartbeat ? new Date(data.lastHeartbeat).toLocaleString() : 'Never'}`);
+    console.log(`   Version      : ${data.version}`);
+  } catch (err) {
+    if (err.response?.statusCode === 401) {
+      console.error('❌  Session expired. Run `alice-cloud login` again.');
+    } else {
+      console.error('❌  Status check failed:', err.message);
+    }
+    process.exit(1);
+  }
+}
+
+// ── Unregister ─────────────────────────────────────────────────────────────────
+async function unregister(args) {
+  const got = (await import('got')).default;
+  const config = loadConfig();
+
+  if (!config.supabaseToken) {
+    console.error('❌  Not logged in. Run `alice-cloud login` first.');
+    process.exit(1);
+  }
+
+  console.log('🗑️  Unregistering gateway…');
+  try {
+    await got.delete(`${API_BASE}/status`, {
+      headers: { Authorization: `Bearer ${config.supabaseToken}` },
+      throwHttpErrors: false,
+    });
+    delete config.registration;
+    saveConfig(config);
+    console.log('   ✅ Gateway unregistered.');
+  } catch (err) {
+    if (err.response?.statusCode === 404) {
+      console.log('   ℹ️  No gateway was registered.');
+    } else {
+      console.error('❌  Unregister failed:', err.message);
+      process.exit(1);
+    }
+  }
+}
+
+// ── Watch (daemon) ─────────────────────────────────────────────────────────────
+async function checkGatewayUp(gatewayUrl) {
+  const got = (await import('got')).default;
+  try {
+    await got.get(gatewayUrl, { throwHttpErrors: true, timeout: { request: 3000 }, retry: { limit: 0 } });
+    return true;
+  } catch (_) {}
+  return false;
+}
+
+async function startHeartbeatLoop(config) {
+  const got = (await import('got')).default;
+  const gatewayUrl = config.registration?.gatewayUrl || 'https://localhost:18789';
+
+  async function heartbeat() {
+    try {
+      const isUp = await checkGatewayUp(gatewayUrl);
+      if (!isUp) {
+        console.log('[watch] Gateway down, attempting restart…');
+        try { await runCommand('openclaw', ['gateway', 'start']); await sleep(3000); } catch (_) {}
+      }
+      await got.post(`${API_BASE}/heartbeat`, {
+        json: { hostname: os.hostname(), connected: await checkGatewayUp(gatewayUrl), timestamp: new Date().toISOString() },
+        headers: { Authorization: `Bearer ${config.supabaseToken}` },
+        throwHttpErrors: false, timeout: { request: 10000 },
+      });
+      console.log(`[${new Date().toLocaleTimeString()}] heartbeat sent (gateway: ${isUp ? 'up' : 'down'})`);
+    } catch (err) {
+      console.error('[watch] heartbeat error:', err.message);
+    }
+  }
+
+  await heartbeat();
+  const interval = setInterval(heartbeat, 30_000);
+  process.on('SIGINT', () => { clearInterval(interval); process.exit(0); });
+  process.on('SIGTERM', () => { clearInterval(interval); process.exit(0); });
+}
+
+async function watch(args) {
+  const config = loadConfig();
+  if (!config.supabaseToken) {
+    console.error('❌  Not logged in. Run `alice-cloud login` first.');
+    process.exit(1);
+  }
+
+  if (args.daemon || process.argv.includes('--daemon')) {
+    const child = spawn(process.execPath, [__filename, 'watch', '--running'], {
+      detached: true, stdio: 'ignore', env: { ...process.env, ALICE_NON_INTERACTIVE: '1' },
+    });
+    child.unref();
+    console.log('🚀  alice-cloud watch started in background (PID:', child.pid, ')');
+    return;
+  }
+
+  console.log('👁️  A.L.I.C.E. Cloud watch daemon started');
+  console.log('   Press Ctrl+C to stop.');
+  await startHeartbeatLoop(config);
+}
+
+// ── Programmatic API exports ───────────────────────────────────────────────────
+// Allow ESM callers to import these via createRequire or spawn as child process.
+module.exports = {
+  login,
+  register,
+  status,
+  unregister,
+  watch,
+  loadConfig,
+  saveConfig,
+  detectGatewayUrl,
+  readGatewayToken,
+  API_BASE,
+  CONFIG_FILE,
+};
+
+// ── CLI dispatcher ─────────────────────────────────────────────────────────────
+// Only run as CLI when this file is the main module (not when required/imported)
+if (require.main === module) {
+  const commands = { login, register, status, unregister, watch };
+  const cmd = process.argv[2];
+
+  if (!cmd) {
+    console.log(`alice-cloud v1.0.1 — A.L.I.C.E. | Control Cloud CLI
+
+Usage: alice-cloud <command> [options]
+
+Commands:
+  login        Authenticate with Supabase
+  register     Register this gateway with A.L.I.C.E. Cloud
+  status       Show gateway connection status
+  unregister   Remove gateway registration
+  watch        Start background heartbeat daemon
+
+Options:
+  --non-interactive  Use env vars (ALICE_SUPABASE_TOKEN) instead of prompts
+
+Environment:
+  ALICE_SUPABASE_TOKEN   Supabase access token (for non-interactive mode)
+  ALICE_SUPABASE_URL     Supabase project URL (default: xxx project)
+
+Run 'alice-cloud <command> --help' for more options.`);
+    process.exit(0);
+  }
+
+  const handler = commands[cmd];
+  if (!handler) {
+    console.error(`Unknown command: ${cmd}`);
+    process.exit(1);
+  }
+
+  handler(process.argv.slice(3)).catch((err) => {
+    console.error('Error:', err.message);
+    process.exit(1);
+  });
+}

package/lib/installer.mjs

@@ -6,7 +6,14 @@ import { homedir } from 'node:os';
 import { configExists, mergeConfig, removeAliceAgents, detectAvailableModels } from './config-merger.mjs';
 import { scaffoldAll } from './workspace-scaffolder.mjs';
 import { readManifest, writeManifest } from './manifest.mjs';
-import { configureMissionControlCloud, getDefaultMissionControlSettings } from './mission-control.mjs';
+import {
+  configureMissionControlCloud,
+  getDefaultMissionControlSettings,
+  getCloudStatus,
+  isCloudAuthenticated,
+  isCloudRegistered,
+  configureCloudFromSupabase,
+} from './mission-control.mjs';
 import {
   promptInstallMode,
   promptUserInfo,
@@ -15,8 +22,10 @@ import {
   promptTier,
   promptLicenseKey,
   promptCloudAddon,
-  promptMissionControlToken,
-  promptMissionControlWorkerToken,
+  promptCloudSetup,
+  promptCloudReauth,
+  promptCloudHeartbeat,
+  promptCloudToken,
   confirm,
   choose,
   input,
@@ -470,11 +479,10 @@ function printSummaryWithOptions(mode, tier, agents, preset, userInfo, detectedM
     `${dim('Model:')}     ${green(modelLabel)}`,
     `${dim('User:')}      ${green(userInfo.name)}`,
     `${dim('Timezone:')}  ${green(userInfo.timezone)}`,
-    `${dim('Mission Control:')}  ${green(missionControl?.enabled ? 'cloud enabled' : 'local only')}`,
+    `${dim('Cloud:')}  ${green(missionControl?.enabled ? 'enabled' : 'local only')}`,
     ...(missionControl?.enabled
       ? [
           `${dim('Dashboard:')} ${green(missionControl.dashboardUrl)}`,
-          `${dim('Ingest:')}    ${green(missionControl.ingestUrl)}`,
         ]
       : []),
     '',
@@ -486,6 +494,75 @@ function printSummaryWithOptions(mode, tier, agents, preset, userInfo, detectedM
   console.log('');
 }
 
+/**
+ * Run inline cloud onboarding — opens browser, validates token, registers gateway.
+ * Uses alice-cloud CLI spawned as a child process (CJS ↔ ESM boundary).
+ */
+async function _runCloudOnboarding(auto, options, existingMissionControl) {
+  const { execSync: execSyncLocal, spawn: spawnLocal } = await import('node:child_process');
+  const aliceCloudBin = join(__dirname, '..', 'bin', 'alice-cloud.cjs');
+  const defaults = getDefaultMissionControlSettings();
+
+  try {
+    // Step 1: Login — open browser for Supabase OAuth
+    console.log('');
+    console.log(`  ${icons.pkg} ${bold('Setting up A.L.I.C.E. Cloud...')}`);
+    console.log(`     Opening your browser to sign in with GitHub...`);
+    console.log('');
+
+    // Spawn alice-cloud login as a child process
+    // In non-interactive mode, use env var for token
+    if (auto && options.cloudSupabaseToken) {
+      execSyncLocal(
+        `node ${JSON.stringify(aliceCloudBin)} login --non-interactive`,
+        {
+          stdio: 'inherit',
+          env: { ...process.env, ALICE_SUPABASE_TOKEN: options.cloudSupabaseToken, ALICE_NON_INTERACTIVE: '1' },
+        }
+      );
+    } else if (!auto) {
+      // Interactive: spawn login which opens browser and waits for token paste
+      execSyncLocal(`node ${JSON.stringify(aliceCloudBin)} login`, { stdio: 'inherit' });
+    }
+
+    // Step 2: Register gateway
+    if (isCloudAuthenticated()) {
+      console.log('');
+      console.log(`  ${icons.pkg} ${bold('Registering gateway with A.L.I.C.E. Cloud...')}`);
+      execSyncLocal(`node ${JSON.stringify(aliceCloudBin)} register`, { stdio: 'inherit' });
+      printStepDone('Cloud login and registration complete');
+
+      // Step 3: Ask about heartbeat daemon
+      const startHeartbeat = auto ? false : await promptCloudHeartbeat();
+      if (startHeartbeat) {
+        console.log(`  ${dim('Starting heartbeat daemon...')}`);
+        execSyncLocal(`node ${JSON.stringify(aliceCloudBin)} watch --daemon`, { stdio: 'inherit' });
+        printStepDone('Heartbeat daemon started');
+      }
+    } else {
+      printStepSkip('Cloud registration', 'login was skipped or failed — run `alice-cloud login` later');
+    }
+  } catch (err) {
+    console.log(`  ${icons.warn} ${yellow('Cloud setup encountered an issue: ' + (err.message || 'unknown error'))}`);
+    console.log(`  ${dim('You can complete setup later with:')} ${cyan('alice-cloud login && alice-cloud register')}`);
+  }
+
+  // Build missionControl object from whatever state we achieved
+  const cloudStatus = getCloudStatus();
+  return {
+    enabled: true,
+    provider: 'cloud',
+    dashboardUrl: existingMissionControl?.dashboardUrl || defaults.dashboardUrl,
+    ingestUrl: existingMissionControl?.ingestUrl || `${defaults.dashboardUrl}/api/v1/ingest`,
+    sourceNode: existingMissionControl?.sourceNode || defaults.sourceNode,
+    teamId: String(options.cloudTeamId || existingMissionControl?.teamId || '').trim(),
+    teamSlug: String(options.cloudTeamSlug || existingMissionControl?.teamSlug || '').trim(),
+    teamName: String(options.cloudTeamName || existingMissionControl?.teamName || '').trim(),
+    teamPlan: String(options.cloudTeamPlan || existingMissionControl?.teamPlan || '').trim(),
+    ...(cloudStatus.authenticated ? { hasIngestToken: true } : {}),
+  };
+}
+
 export async function runInstall(options = {}) {
   const auto = options.yes || false;
   const manifest = readManifest();
@@ -718,36 +795,61 @@ export async function runInstall(options = {}) {
       : cloudFlag ?? await promptCloudAddon();
 
     if (enableCloud) {
-      const defaults = getDefaultMissionControlSettings();
-      const dashboardUrl =
-        String(options.cloudDashboardUrl || existingMissionControl?.dashboardUrl || defaults.dashboardUrl).trim();
-      const ingestUrl =
-        String(options.cloudIngestUrl || existingMissionControl?.ingestUrl || `${dashboardUrl}/api/v1/ingest`).trim();
-      const ingestToken =
-        auto
-          ? String(options.cloudToken || '').trim()
-          : String(options.cloudToken || await promptMissionControlToken()).trim();
-      const workerToken =
-        auto
-          ? String(options.cloudWorkerToken || '').trim()
-          : String(options.cloudWorkerToken || await promptMissionControlWorkerToken(ingestToken)).trim();
-      const sourceNode =
-        String(options.cloudSourceNode || existingMissionControl?.sourceNode || defaults.sourceNode).trim();
-
-      missionControl = {
-        enabled: true,
-        provider: 'cloud',
-        dashboardUrl,
-        ingestUrl,
-        sourceNode,
-        teamId: String(options.cloudTeamId || existingMissionControl?.teamId || '').trim(),
-        teamSlug: String(options.cloudTeamSlug || existingMissionControl?.teamSlug || '').trim(),
-        teamName: String(options.cloudTeamName || existingMissionControl?.teamName || '').trim(),
-        teamPlan: String(options.cloudTeamPlan || existingMissionControl?.teamPlan || '').trim(),
-        hasIngestToken: !!ingestToken,
-        ingestToken,
-        workerToken,
-      };
+      const cloudStatus = getCloudStatus();
+
+      // Upgrade mode: show existing cloud status
+      if (mode === 'upgrade' && (cloudStatus.authenticated || existingMissionControl?.enabled)) {
+        console.log('');
+        console.log(`  ${icons.ok} ${green('A.L.I.C.E. Cloud is configured')}`);
+        if (cloudStatus.user) {
+          console.log(`     ${dim('User:')} ${cloudStatus.user}`);
+        }
+        if (cloudStatus.gatewayUrl) {
+          console.log(`     ${dim('Gateway:')} ${cloudStatus.gatewayUrl}`);
+        }
+        if (cloudStatus.registeredAt) {
+          console.log(`     ${dim('Registered:')} ${cloudStatus.registeredAt}`);
+        }
+        console.log('');
+
+        const reauth = auto ? false : await promptCloudReauth();
+        if (!reauth) {
+          // Keep existing config — use Supabase config if available, fall back to legacy
+          if (cloudStatus.authenticated) {
+            missionControl = {
+              enabled: true,
+              provider: 'cloud',
+              dashboardUrl: existingMissionControl?.dashboardUrl || 'https://alice.av3.ai',
+              ingestUrl: existingMissionControl?.ingestUrl || 'https://alice.av3.ai/api/v1/ingest',
+              sourceNode: existingMissionControl?.sourceNode || getDefaultMissionControlSettings().sourceNode,
+            };
+          } else {
+            missionControl = { ...existingMissionControl, enabled: true };
+          }
+        } else {
+          // Re-authenticate — run alice-cloud login inline
+          missionControl = await _runCloudOnboarding(auto, options, existingMissionControl);
+        }
+      } else {
+        // Fresh install — run cloud onboarding
+        const wantsSetup = auto ? true : await promptCloudSetup();
+
+        if (wantsSetup) {
+          missionControl = await _runCloudOnboarding(auto, options, existingMissionControl);
+        } else {
+          console.log('');
+          console.log(`  ${dim('You can set up cloud later with:')} ${cyan('alice-cloud login && alice-cloud register')}`);
+          console.log('');
+          // Cloud addon enabled but setup skipped — bridge installed, no auth yet
+          missionControl = {
+            enabled: true,
+            provider: 'cloud',
+            dashboardUrl: 'https://alice.av3.ai',
+            ingestUrl: 'https://alice.av3.ai/api/v1/ingest',
+            sourceNode: getDefaultMissionControlSettings().sourceNode,
+          };
+        }
+      }
     }
   }
 
@@ -790,12 +892,12 @@ export async function runInstall(options = {}) {
 
   if (missionControl?.enabled) {
     const missionControlResult = configureMissionControlCloud(missionControl);
-    printStepDone('Mission Control cloud', missionControlResult.summary.dashboardUrl);
+    printStepDone('A.L.I.C.E. Cloud', missionControlResult.summary.dashboardUrl);
     if (!missionControlResult.summary.hasIngestToken) {
-      printStepSkip('Cloud access token not set', 'bridge installed; add token later to enable authenticated ingest');
+      printStepSkip('Cloud authentication pending', 'run `alice-cloud login && alice-cloud register` to complete setup');
     }
   } else {
-    printStepSkip('Mission Control cloud', 'not enabled for this install');
+    printStepSkip('A.L.I.C.E. Cloud', 'not enabled for this install');
   }
 
   // Scaffold workspaces

package/lib/mission-control.mjs

@@ -179,3 +179,64 @@ export function getDefaultMissionControlSettings() {
 export function hasMissionControlBridgeInstalled() {
   return existsSync(join(OPENCLAW_HOME, 'extensions', BRIDGE_ID));
 }
+
+// ── Supabase-based cloud onboarding helpers ────────────────────────────────────
+
+const CLOUD_CONFIG_PATH = join(OPENCLAW_HOME, 'alice-cloud.json');
+
+export function readCloudConfig() {
+  return readJsonFile(CLOUD_CONFIG_PATH);
+}
+
+export function isCloudAuthenticated() {
+  const config = readCloudConfig();
+  return !!(config && config.supabaseToken);
+}
+
+export function isCloudRegistered() {
+  const config = readCloudConfig();
+  return !!(config && config.registration);
+}
+
+export function getCloudStatus() {
+  const config = readCloudConfig();
+  if (!config) return { authenticated: false, registered: false };
+  return {
+    authenticated: !!config.supabaseToken,
+    registered: !!config.registration,
+    user: config.user?.email || config.user?.user_metadata?.user_name || null,
+    gatewayUrl: config.registration?.gatewayUrl || null,
+    hostname: config.registration?.hostname || null,
+    registeredAt: config.registration?.registeredAt || null,
+  };
+}
+
+/**
+ * Configure cloud using Supabase auth (new flow).
+ * This preserves the existing bridge installation and MC config writing,
+ * and reads auth state from alice-cloud.json.
+ */
+export function configureCloudFromSupabase(input = {}) {
+  // Read alice-cloud.json for auth info
+  const cloudConfig = readCloudConfig() || {};
+
+  // Build settings — we still use the same bridge + MC config infrastructure,
+  // but tokens now come from Supabase auth rather than manual ingest tokens
+  const settingsInput = {
+    dashboardUrl: input.dashboardUrl || DEFAULT_DASHBOARD_URL,
+    sourceNode: input.sourceNode || hostname() || 'openclaw-local',
+    teamId: input.teamId || '',
+    teamSlug: input.teamSlug || '',
+    teamName: input.teamName || '',
+    teamPlan: input.teamPlan || '',
+    enabled: true,
+  };
+
+  // If we have a supabase token, use it as the ingest/worker token for bridge compatibility
+  if (cloudConfig.supabaseToken) {
+    settingsInput.ingestToken = cloudConfig.supabaseToken;
+    settingsInput.workerToken = cloudConfig.supabaseToken;
+  }
+
+  return configureMissionControlCloud(settingsInput);
+}

package/lib/prompter.mjs

@@ -128,27 +128,33 @@ export async function promptLicenseKey() {
 
 export async function promptCloudAddon() {
   console.log('');
-  console.log('  Mission Control Cloud add-on');
-  console.log('  Hosted dashboard, telemetry sync, and cloud memory for Pro users.');
+  console.log('  A.L.I.C.E. Cloud add-on');
+  console.log('  Remote monitoring, fleet management, and cloud sync for Pro users.');
   console.log('');
-  return confirm('  Enable the Mission Control Cloud add-on on this machine?', true);
+  return confirm('  Enable A.L.I.C.E. Cloud on this machine?', true);
 }
 
-export async function promptMissionControlToken() {
+export async function promptCloudSetup() {
   console.log('');
-  console.log('  Enter your Mission Control Ingest Token from your purchase email.');
-  console.log('  It looks like: mc_ingest_[64 hex chars]');
-  console.log('  You can find it in the "A.L.I.C.E. Pro License Delivered" email.');
-  console.log('  Press Enter to skip — you can add it later.');
+  console.log('  A.L.I.C.E. Cloud connects your local gateway to alice.av3.ai');
+  console.log('  for remote monitoring, fleet management, and cloud sync.');
   console.log('');
-  return input('  Mission Control Ingest Token', '');
+  return confirm('  Would you like to set up A.L.I.C.E. Cloud now?', true);
 }
 
-export async function promptMissionControlWorkerToken(ingestToken = '') {
-  if (!ingestToken) return '';
+export async function promptCloudReauth() {
   console.log('');
-  console.log('  Enter your Mission Control Worker Token from the same purchase email.');
-  console.log('  It looks like: mc_worker_[64 hex chars]');
+  return confirm('  Re-authenticate with A.L.I.C.E. Cloud?', false);
+}
+
+export async function promptCloudHeartbeat() {
+  return confirm('  Start the heartbeat daemon (keeps cloud connection alive)?', true);
+}
+
+export async function promptCloudToken() {
+  console.log('');
+  console.log('  After logging in via your browser, paste the access token here.');
+  console.log('  Press Enter to skip — you can run `alice-cloud login` later.');
   console.log('');
-  return input('  Mission Control Worker Token', '');
+  return input('  Access token', '');
 }

package/package.json

@@ -1,9 +1,10 @@
 {
   "name": "@robbiesrobotics/alice-agents",
-  "version": "1.5.2",
+  "version": "1.5.4",
   "description": "A.L.I.C.E. \u2014 31 AI agents for OpenClaw. One conversation, one team.",
   "bin": {
-    "alice-agents": "bin/alice-install.mjs"
+    "alice-agents": "bin/alice-install.mjs",
+    "alice-cloud": "bin/alice-cloud.cjs"
   },
   "type": "module",
   "engines": {