@schuttdev/gigai 0.1.0-beta.7 → 0.1.0-beta.9

package/dist/{chunk-OWDYY3IG.js → chunk-OMGUT7RM.js}

@@ -1,10 +1,12 @@
 #!/usr/bin/env node
 
-// ../server/dist/chunk-RZTCSUFS.mjs
+// ../server/dist/chunk-KF32K7J3.mjs
 import { nanoid } from "nanoid";
 var AuthStore = class {
   pairingCodes = /* @__PURE__ */ new Map();
   sessions = /* @__PURE__ */ new Map();
+  boundOrgs = /* @__PURE__ */ new Map();
+  // serverFingerprint -> orgUuid
   cleanupInterval;
   constructor() {
     this.cleanupInterval = setInterval(() => this.cleanup(), 6e4);
@@ -47,6 +49,13 @@ var AuthStore = class {
     }
     return session;
   }
+  // Org binding (bind-on-first-use for wildcard tokens)
+  bindOrg(fingerprint, orgUuid) {
+    this.boundOrgs.set(fingerprint, orgUuid);
+  }
+  getBoundOrg(fingerprint) {
+    return this.boundOrgs.get(fingerprint);
+  }
   // Cleanup
   cleanup() {
     const now = Date.now();

package/dist/{dist-X77HZGDE.js → dist-CU5WVKG2.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   AuthStore
-} from "./chunk-OWDYY3IG.js";
+} from "./chunk-OMGUT7RM.js";
 import {
   generatePairingCode,
   validateAndPair
@@ -11,6 +11,7 @@ import {
   GigaiConfigSchema,
   GigaiError,
   decrypt,
+  encrypt,
   generateEncryptionKey
 } from "./chunk-4XUWD3DZ.js";
 
@@ -45,6 +46,7 @@ import { writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
 import { resolve as resolve4, join as join3 } from "path";
 import { execFile } from "child_process";
 import { promisify } from "util";
+import { randomBytes as randomBytes2 } from "crypto";
 import { input as input2 } from "@inquirer/prompts";
 import { readFile as readFile4, writeFile as writeFile3 } from "fs/promises";
 import { resolve as resolve5 } from "path";
@@ -61,7 +63,16 @@ function connectWithToken(store, encryptedToken, orgUuid, encryptionKey, session
   } catch {
     throw new GigaiError(ErrorCode.TOKEN_DECRYPT_FAILED, "Failed to decrypt token");
   }
-  if (decrypted.orgUuid !== orgUuid) {
+  if (decrypted.orgUuid === "*") {
+    const bound = store.getBoundOrg(decrypted.serverFingerprint);
+    if (bound) {
+      if (bound !== orgUuid) {
+        throw new GigaiError(ErrorCode.ORG_MISMATCH, "Organization UUID mismatch");
+      }
+    } else {
+      store.bindOrg(decrypted.serverFingerprint, orgUuid);
+    }
+  } else if (decrypted.orgUuid !== orgUuid) {
     throw new GigaiError(ErrorCode.ORG_MISMATCH, "Organization UUID mismatch");
   }
   return store.createSession(orgUuid, sessionTtlSeconds);
@@ -1042,20 +1053,27 @@ This skill gives you access to tools running on the user's machine via the gigai
 - All tool execution happens on the user's machine, not in this container
 `;
   await writeFile2(join3(skillDir, "SKILL.md"), skillMd);
+  const tokenPayload = {
+    orgUuid: "*",
+    serverFingerprint: randomBytes2(16).toString("hex"),
+    createdAt: Date.now()
+  };
+  const encryptedToken = encrypt(tokenPayload, encryptionKey);
   const skillConfig = {
     server: serverUrl,
-    token: "<PASTE_ENCRYPTED_TOKEN_HERE>"
+    token: JSON.stringify(encryptedToken)
   };
-  await writeFile2(join3(skillDir, "config.json"), JSON.stringify(skillConfig, null, 2) + "\n");
+  await writeFile2(join3(skillDir, "config.json"), JSON.stringify(skillConfig, null, 2) + "\n", { mode: 384 });
   console.log(`  Skill template written to: ${skillDir}/`);
   const store = new AuthStore();
   const code = generatePairingCode(store, config.auth.pairingTtlSeconds);
   console.log(`
-  Pairing code: ${code}`);
-  console.log(`  Expires in ${config.auth.pairingTtlSeconds / 60} minutes.`);
+  Pairing code: ${code} (expires in ${config.auth.pairingTtlSeconds / 60} min)`);
+  store.destroy();
   console.log(`
   Start the server with: gigai server start${httpsConfig ? "" : " --dev"}`);
-  store.destroy();
+  console.log(`  Then upload gigai-skill/ contents to your Claude Project.`);
+  console.log(`  The token will bind to the first org UUID that connects.`);
 }
 async function loadConfigFile(path) {
   const configPath = resolve5(path ?? "gigai.config.json");
@@ -1168,7 +1186,7 @@ async function unwrapTool(name) {
 }
 async function generateServerPairingCode(configPath) {
   const { config } = await loadConfigFile(configPath);
-  const { AuthStore: AuthStore2 } = await import("./store-Y4V3TOYJ-GKOB6ANA.js");
+  const { AuthStore: AuthStore2 } = await import("./store-XDNMGPYX-5CGK2GXY.js");
   const { generatePairingCode: generatePairingCode2 } = await import("./pairing-IGMDVOIZ-RA7GNFU7.js");
   const store = new AuthStore2();
   const code = generatePairingCode2(store, config.auth.pairingTtlSeconds);

package/dist/index.js

@@ -438,7 +438,7 @@ function runCitty() {
           dev: { type: "boolean", description: "Development mode (no HTTPS)" }
         },
         async run({ args }) {
-          const { startServer } = await import("./dist-X77HZGDE.js");
+          const { startServer } = await import("./dist-CU5WVKG2.js");
           const extraArgs = [];
           if (args.config) extraArgs.push("--config", args.config);
           if (args.dev) extraArgs.push("--dev");
@@ -449,7 +449,7 @@ function runCitty() {
       init: defineCommand({
         meta: { name: "init", description: "Interactive setup wizard" },
         async run() {
-          const { runInit } = await import("./dist-X77HZGDE.js");
+          const { runInit } = await import("./dist-CU5WVKG2.js");
           await runInit();
         }
       }),
@@ -459,7 +459,7 @@ function runCitty() {
           config: { type: "string", alias: "c", description: "Config file path" }
         },
         async run({ args }) {
-          const { generateServerPairingCode } = await import("./dist-X77HZGDE.js");
+          const { generateServerPairingCode } = await import("./dist-CU5WVKG2.js");
           await generateServerPairingCode(args.config);
         }
       }),
@@ -486,21 +486,21 @@ function runCitty() {
       cli: defineCommand({
         meta: { name: "cli", description: "Wrap a CLI command" },
         async run() {
-          const { wrapCli } = await import("./dist-X77HZGDE.js");
+          const { wrapCli } = await import("./dist-CU5WVKG2.js");
           await wrapCli();
         }
       }),
       mcp: defineCommand({
         meta: { name: "mcp", description: "Wrap an MCP server" },
         async run() {
-          const { wrapMcp } = await import("./dist-X77HZGDE.js");
+          const { wrapMcp } = await import("./dist-CU5WVKG2.js");
           await wrapMcp();
         }
       }),
       script: defineCommand({
         meta: { name: "script", description: "Wrap a script" },
         async run() {
-          const { wrapScript } = await import("./dist-X77HZGDE.js");
+          const { wrapScript } = await import("./dist-CU5WVKG2.js");
           await wrapScript();
         }
       }),
@@ -510,7 +510,7 @@ function runCitty() {
           path: { type: "positional", description: "Path to config file", required: true }
         },
         async run({ args }) {
-          const { wrapImport } = await import("./dist-X77HZGDE.js");
+          const { wrapImport } = await import("./dist-CU5WVKG2.js");
           await wrapImport(args.path);
         }
       })
@@ -522,7 +522,7 @@ function runCitty() {
       name: { type: "positional", description: "Tool name", required: true }
     },
     async run({ args }) {
-      const { unwrapTool } = await import("./dist-X77HZGDE.js");
+      const { unwrapTool } = await import("./dist-CU5WVKG2.js");
       await unwrapTool(args.name);
     }
   });

package/dist/{store-Y4V3TOYJ-GKOB6ANA.js → store-XDNMGPYX-5CGK2GXY.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   AuthStore
-} from "./chunk-OWDYY3IG.js";
+} from "./chunk-OMGUT7RM.js";
 export {
   AuthStore
 };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@schuttdev/gigai",
-  "version": "0.1.0-beta.7",
+  "version": "0.1.0-beta.9",
   "type": "module",
   "bin": {
     "gigai": "dist/index.js"