@rubytech/create-maxy 0.4.4 → 0.4.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rubytech/create-maxy",
-  "version": "0.4.4",
+  "version": "0.4.6",
   "description": "Install Maxy — your personal AI assistant",
   "bin": {
     "create-maxy": "./dist/index.js"

package/payload/maxy/app/api/onboarding/claude-auth/route.ts

@@ -1,8 +1,53 @@
 import { NextResponse } from 'next/server'
-import { spawn, execFileSync, type ChildProcess } from 'node:child_process'
+import { execFileSync } from 'node:child_process'
+import { loginAnthropic, type OAuthCredentials } from '@mariozechner/pi-ai'
+import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'node:fs'
+import { resolve } from 'node:path'
+import { homedir } from 'node:os'
 
-// Keep the login process alive — it polls Anthropic for completion
-let loginProcess: ChildProcess | null = null
+// --- Active OAuth session (same pattern as v1 gateway/server-methods/auth.ts) ---
+
+type OAuthSession = {
+  authUrl: string | null
+  codeResolver: ((code: string) => void) | null
+  codePromise: Promise<string> | null
+  completed: boolean
+  error: string | null
+  credentials: OAuthCredentials | null
+}
+
+let activeSession: OAuthSession | null = null
+
+function resetSession(): void {
+  activeSession = null
+}
+
+// --- Claude CLI credentials ---
+
+const CLAUDE_CREDS_PATH = resolve(homedir(), '.claude/.credentials.json')
+
+function writeClaudeCredentials(creds: OAuthCredentials): void {
+  const claudeDir = resolve(homedir(), '.claude')
+  mkdirSync(claudeDir, { recursive: true })
+
+  let data: Record<string, unknown> = {}
+  if (existsSync(CLAUDE_CREDS_PATH)) {
+    try {
+      data = JSON.parse(readFileSync(CLAUDE_CREDS_PATH, 'utf-8'))
+    } catch { /* start fresh */ }
+  }
+
+  data.claudeAiOauth = {
+    ...(typeof data.claudeAiOauth === 'object' && data.claudeAiOauth ? data.claudeAiOauth : {}),
+    accessToken: creds.access,
+    refreshToken: creds.refresh,
+    expiresAt: creds.expires,
+  }
+
+  writeFileSync(CLAUDE_CREDS_PATH, JSON.stringify(data, null, 2), { mode: 0o600 })
+}
+
+// --- Endpoints ---
 
 /**
  * GET /api/onboarding/claude-auth
@@ -26,68 +71,118 @@ export async function GET() {
 
 /**
  * POST /api/onboarding/claude-auth
- * Start the Claude Code OAuth login flow.
- * Returns the auth URL. The user visits it in their browser,
- * authenticates with Anthropic, and the process completes automatically
- * via PKCE polling. No code pasting needed.
+ * Three actions:
+ * - {} — start OAuth flow, returns authUrl
+ * - { code: "..." } — submit the auth code
+ * - { action: "wait" } — poll for completion
  */
-export async function POST() {
-  // Kill any existing login process
-  if (loginProcess) {
-    loginProcess.kill()
-    loginProcess = null
-  }
+export async function POST(req: Request) {
+  let body: { code?: string; action?: string } = {}
+  try {
+    body = await req.json()
+  } catch { /* empty body = start flow */ }
 
-  return new Promise<Response>((resolve) => {
-    // Don't suppress the browser — but on a headless Pi it won't open.
-    // We capture the auth URL from the output and present it in the web UI.
-    const child = spawn('claude', ['auth', 'login'], {
-      stdio: ['pipe', 'pipe', 'pipe'],
-      env: { ...process.env, BROWSER: '' },
-    })
+  // --- Submit code ---
+  if (body.code) {
+    if (!activeSession?.codeResolver) {
+      return NextResponse.json(
+        { error: 'No active OAuth session. Click "Sign in with Claude" to start again.' },
+        { status: 400 },
+      )
+    }
+
+    activeSession.codeResolver(body.code.trim())
+
+    return NextResponse.json({ message: 'Code received — verifying...' })
+  }
 
-    loginProcess = child
+  // --- Poll for completion ---
+  if (body.action === 'wait') {
+    if (!activeSession) {
+      return NextResponse.json({ completed: false, error: 'No active session.' })
+    }
 
-    let output = ''
-    let resolved = false
+    // Poll for up to 5 seconds
+    const start = Date.now()
+    while (Date.now() - start < 5000) {
+      if (activeSession.completed) {
+        if (activeSession.error) {
+          const error = activeSession.error
+          resetSession()
+          return NextResponse.json({ completed: true, authenticated: false, error })
+        }
 
-    function tryResolve() {
-      if (resolved) return
-      const match = output.match(/(https:\/\/claude\.ai\/oauth\/authorize[^\s]+)/)
-      if (match) {
-        resolved = true
-        // Remove code=true& from the URL — that triggers the fallback flow
-        // which shows an auth code. Without it, the flow completes automatically.
-        const autoUrl = match[1].replace(/code=true&?/, '').replace(/\?&/, '?')
-        resolve(NextResponse.json({ authUrl: autoUrl }))
+        resetSession()
+        return NextResponse.json({ completed: true, authenticated: true })
       }
+      await new Promise(r => setTimeout(r, 500))
     }
 
-    child.stdout?.on('data', (chunk: Buffer) => {
-      output += chunk.toString()
-      tryResolve()
-    })
+    return NextResponse.json({ completed: false })
+  }
 
-    child.stderr?.on('data', (chunk: Buffer) => {
-      output += chunk.toString()
-      tryResolve()
-    })
+  // --- Start OAuth flow ---
+  resetSession()
 
-    // The process stays alive — it polls Anthropic for auth completion.
-    // Don't kill it. It will exit on its own when auth succeeds.
-    child.on('exit', () => {
-      loginProcess = null
-    })
+  activeSession = {
+    authUrl: null,
+    codeResolver: null,
+    codePromise: null,
+    completed: false,
+    error: null,
+    credentials: null,
+  }
 
-    // Only timeout if we can't even get the URL
-    setTimeout(() => {
-      if (!resolved) {
-        resolved = true
-        resolve(NextResponse.json(
-          { error: 'Could not start auth flow. Is Claude Code installed?' },
-          { status: 500 },
-        ))
-      }
-    }, 15000)
+  // Set up code promise (resolved when user submits code via POST { code })
+  activeSession.codePromise = new Promise<string>((resolve) => {
+    activeSession!.codeResolver = resolve
   })
+
+  // Start OAuth flow in background (same as v1)
+  const oauthPromise = loginAnthropic(
+    // onAuthUrl — called when we have the URL
+    (url: string) => {
+      if (activeSession) {
+        activeSession.authUrl = url
+      }
+    },
+    // onPromptCode — called when the library needs the code
+    async (): Promise<string> => {
+      if (!activeSession?.codePromise) {
+        throw new Error('OAuth session expired')
+      }
+      return activeSession.codePromise
+    },
+  )
+
+  // Handle completion in background
+  oauthPromise
+    .then((credentials) => {
+      if (activeSession) {
+        activeSession.credentials = credentials
+        activeSession.completed = true
+        writeClaudeCredentials(credentials)
+      }
+    })
+    .catch((err) => {
+      if (activeSession) {
+        activeSession.error = err instanceof Error ? err.message : String(err)
+        activeSession.completed = true
+      }
+    })
+
+  // Wait for the auth URL to appear
+  await new Promise(r => setTimeout(r, 500))
+  if (!activeSession?.authUrl) {
+    await new Promise(r => setTimeout(r, 1500))
+  }
+
+  if (!activeSession?.authUrl) {
+    return NextResponse.json(
+      { error: 'Failed to start OAuth flow.' },
+      { status: 500 },
+    )
+  }
+
+  return NextResponse.json({ authUrl: activeSession.authUrl })
 }

package/payload/maxy/app/page.tsx

@@ -19,6 +19,7 @@ export default function AdminPage() {
   const [pinError, setPinError] = useState('')
   const [showPin, setShowPin] = useState(false)
   const [authUrl, setAuthUrl] = useState<string | null>(null)
+  const [authCode, setAuthCode] = useState('')
   const [authLoading, setAuthLoading] = useState(false)
   const [sessionKey, setSessionKey] = useState<string | null>(null)
   const [messages, setMessages] = useState<Message[]>([])
@@ -274,8 +275,6 @@ export default function AdminPage() {
         if (data.authUrl) {
           setAuthUrl(data.authUrl)
           window.open(data.authUrl, '_blank')
-          // Start polling for auth completion
-          pollForAuth()
         } else if (data.error) {
           setPinError(data.error)
         }
@@ -285,18 +284,45 @@ export default function AdminPage() {
       setAuthLoading(false)
     }
 
-    async function pollForAuth() {
-      for (let i = 0; i < 60; i++) { // Poll for up to 2 minutes
-        await new Promise(r => setTimeout(r, 2000))
-        try {
-          const res = await fetch('/api/onboarding/claude-auth')
-          const data = await res.json()
-          if (data.authenticated) {
-            setAppState('enter-pin')
-            return
+    async function submitCode(e: FormEvent) {
+      e.preventDefault()
+      if (!authCode.trim()) return
+      setAuthLoading(true)
+      setPinError('')
+      try {
+        // Submit the code
+        await fetch('/api/onboarding/claude-auth', {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/json' },
+          body: JSON.stringify({ code: authCode.trim() }),
+        })
+
+        // Poll for completion
+        for (let i = 0; i < 12; i++) {
+          const waitRes = await fetch('/api/onboarding/claude-auth', {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ action: 'wait' }),
+          })
+          const waitData = await waitRes.json()
+
+          if (waitData.completed) {
+            if (waitData.authenticated) {
+              setAppState('enter-pin')
+              return
+            } else {
+              setPinError(waitData.error || 'Authentication failed. Check the code and try again.')
+              setAuthLoading(false)
+              return
+            }
           }
-        } catch { /* keep polling */ }
+        }
+
+        setPinError('Timed out waiting for verification. Try again.')
+      } catch {
+        setPinError('Could not verify code.')
       }
+      setAuthLoading(false)
     }
 
     return (
@@ -318,15 +344,29 @@ export default function AdminPage() {
           ) : (
             <>
               <p className="chat-intro" style={{ fontSize: '14px', marginTop: 0 }}>
-                Complete sign-in on the Anthropic page. This screen will update automatically.
+                Sign in on the Anthropic page, then paste the code here.
               </p>
-              <span className="typing-indicator" style={{ margin: '16px auto' }}>
-                <span className="typing-dot" />
-                <span className="typing-dot" />
-                <span className="typing-dot" />
-              </span>
+              <form onSubmit={submitCode}>
+                <div className="pin-input-row">
+                  <input
+                    type="text"
+                    value={authCode}
+                    onChange={e => setAuthCode(e.target.value)}
+                    placeholder="Paste authentication code"
+                    className="chat-input"
+                    autoFocus
+                    autoComplete="off"
+                  />
+                  <button type="submit" className="chat-send" disabled={!authCode.trim() || authLoading}>
+                    <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" strokeWidth="2" strokeLinecap="round" strokeLinejoin="round">
+                      <line x1="5" y1="12" x2="19" y2="12" />
+                      <polyline points="12 5 19 12 12 19" />
+                    </svg>
+                  </button>
+                </div>
+              </form>
               <a href={authUrl} target="_blank" rel="noopener noreferrer" className="auth-retry-link">
-                Open sign-in page again
+                Try again
               </a>
             </>
           )}