npm - @trekagent/claude - Versions diffs - 0.1.1 → 0.3.0 - Mend

@trekagent/claude 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -5,6 +5,11 @@ plugin** (skill + presence hooks + remote MCP server) from the Trek marketplace
 API token — so an agent starts reporting presence and working the ready-task frontier the moment
 you restart Claude Code.
+If no token is already available, `init` **opens your browser** so you can sign in or create an
+account and **pick a project** — the token (and the selected project) are then delivered straight
+back to the installer over a localhost loopback listener and written as `TREK_TOKEN` /
+`TREK_PROJECT_ID`. No copy-paste required.
 ## Usage
 ```bash
@@ -24,14 +29,30 @@ npx @trekagent/claude init --uninstall
 | --- | --- | --- |
 | `--project` | (default) | Project scope — write `./.claude/settings.local.json`. |
 | `--user` | | User scope — write `~/.claude/settings.local.json`. |
-| `--token <trk_...>` | `$TREK_TOKEN`, else prompt | Trek API token. |
+| `--token <trk_...>` | browser login | Trek API token (skips the browser flow). |
 | `--api-url <url>` | `https://api.trekagent.io` | Trek API base URL. |
+| `--cockpit-url <url>` | `https://console.trekagent.io` | Cockpit base URL used for browser login. |
 | `--project-id <uuid>` | `$TREK_PROJECT_ID` | Bind a default Trek project. |
 | `--marketplace <owner>/<repo>` | `trekagent/trek-claude-plugin` or `$TREK_MARKETPLACE` | GitHub repo hosting the plugin marketplace. |
+| `--login` | | Force a fresh browser login, ignoring any saved token. |
+| `--no-browser` | | Skip the browser flow and paste a token manually. |
 | `--uninstall` | | Remove the plugin + Trek env for the chosen scope. |
-If no token is provided via flag or env, `init` prompts for one (TTY) and points you at the
-cockpit **Settings → API tokens** page to mint one.
+### How the token is resolved
+`init` finds a token in this order:
+1. `--token <trk_...>` flag.
+2. `$TREK_TOKEN` environment variable.
+3. A `trk_` token already wired into project `./.claude/settings.local.json` or user
+   `~/.claude/settings.local.json` (skipped when `--login` is passed).
+4. **Browser login** (interactive terminals, unless `--no-browser`): opens the cockpit
+   `cli-auth` page, you sign in / sign up and select a project, and the token plus the chosen
+   project are delivered back automatically over a loopback listener bound to `127.0.0.1`. The
+   selected project is written as `TREK_PROJECT_ID` (an explicit `--project-id` still applies to
+   the non-browser paths).
+5. Manual paste prompt — the fallback for `--no-browser`, non-interactive shells, or if the
+   browser flow times out (3 min). Points you at **Settings → API tokens** in the cockpit.
 ## What `init` does

package/bin/cli.mjs CHANGED Viewed

@@ -4,22 +4,31 @@
 // Installs the Trek plugin (skill + presence hooks + remote MCP server) from the Trek
 // marketplace, then wires your API token so the MCP server and hooks authenticate.
 //
+// By default, if no token is already available, init opens your browser to sign in and
+// the token is created + delivered back automatically over a localhost loopback listener.
+//
 //   npx @trekagent/claude init                       # project scope (writes ./.claude/settings.local.json)
 //   npx @trekagent/claude init --user                # user scope  (writes ~/.claude/settings.local.json)
 //   npx @trekagent/claude init --token trk_... --api-url https://api.trekagent.io
+//   npx @trekagent/claude init --login               # force a fresh browser login
+//   npx @trekagent/claude init --no-browser          # skip browser, paste a token manually
 //   npx @trekagent/claude init --marketplace owner/repo   # override the marketplace source
 //   npx @trekagent/claude init --uninstall
 //
 // Pure Node, no deps. Idempotent: re-running never duplicates or clobbers your other settings.
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
 import { dirname, join } from 'node:path';
-import { homedir } from 'node:os';
+import { homedir, hostname } from 'node:os';
 import { createInterface } from 'node:readline';
-import { spawnSync } from 'node:child_process';
+import { spawnSync, spawn } from 'node:child_process';
+import { createServer } from 'node:http';
+import { randomUUID } from 'node:crypto';
 // --- defaults --------------------------------------------------------------
 const DEFAULT_API_URL = 'https://api.trekagent.io';
-const COCKPIT_SETTINGS_URL = 'https://console.trekagent.io/settings';
+const DEFAULT_COCKPIT_URL = 'https://console.trekagent.io';
+const COCKPIT_SETTINGS_URL = `${DEFAULT_COCKPIT_URL}/settings`;
+const LOGIN_TIMEOUT_MS = 180000; // 3 min to authorize in the browser
 const PLUGIN = 'trek';
 const MARKETPLACE = 'trek'; // the `name` in the marketplace's marketplace.json
 // GitHub org/repo hosting the plugin marketplace.
@@ -42,7 +51,7 @@ const warn = (s) => log(`  ${c.yellow('!!')}  ${s}`);
 // --- arg parsing -----------------------------------------------------------
 function parseArgs(argv) {
   const args = { _: [], flags: {} };
-  const bools = new Set(['user', 'project', 'uninstall', 'help', 'force']);
+  const bools = new Set(['user', 'project', 'uninstall', 'help', 'force', 'no-browser', 'login']);
   for (let i = 0; i < argv.length; i++) {
     const a = argv[i];
     if (a === '-h') { args.flags.help = true; continue; }
@@ -86,9 +95,152 @@ function claude(bin, args) {
 }
 // --- token -----------------------------------------------------------------
-async function resolveToken(flags) {
-  if (typeof flags.token === 'string' && flags.token) return flags.token;
-  if (process.env.TREK_TOKEN) { skip('using TREK_TOKEN from environment'); return process.env.TREK_TOKEN; }
+const looksLikeToken = (t) => typeof t === 'string' && t.startsWith('trk_');
+// Derive the cockpit base URL: explicit --cockpit-url wins, otherwise fall back
+// to the default cockpit (used both for the default api base and any custom one).
+function cockpitBase(flags) {
+  if (typeof flags['cockpit-url'] === 'string' && flags['cockpit-url']) {
+    return flags['cockpit-url'].replace(/\/+$/, '');
+  }
+  return DEFAULT_COCKPIT_URL;
+}
+// Reuse a token already wired into project or user settings.local.json.
+function detectExistingToken() {
+  const candidates = [
+    join(CWD, '.claude', 'settings.local.json'),
+    join(homedir(), '.claude', 'settings.local.json'),
+  ];
+  for (const path of candidates) {
+    const cur = readJson(path);
+    const tok = cur && cur.env && cur.env.TREK_TOKEN;
+    if (looksLikeToken(tok)) return { token: tok, path };
+  }
+  return null;
+}
+// Open a URL in the user's default browser, cross-platform. Tolerates failure.
+function openBrowser(url) {
+  try {
+    let cmd, args;
+    if (process.platform === 'darwin') { cmd = 'open'; args = [url]; }
+    else if (process.platform === 'win32') { cmd = 'cmd'; args = ['/c', 'start', '', url]; }
+    else { cmd = 'xdg-open'; args = [url]; }
+    const child = spawn(cmd, args, { stdio: 'ignore', detached: true });
+    child.on('error', () => {});
+    child.unref();
+    return true;
+  } catch { return false; }
+}
+const SUCCESS_HTML = `<!doctype html><html><head><meta charset="utf-8"><title>Trek CLI connected</title>
+<style>body{font-family:-apple-system,Segoe UI,Roboto,sans-serif;background:#0b0d10;color:#e8eaed;
+display:flex;align-items:center;justify-content:center;height:100vh;margin:0}
+.card{text-align:center;max-width:30rem;padding:2rem}h1{font-size:1.4rem}p{color:#9aa0a6}</style></head>
+<body><div class="card"><h1>Trek CLI connected ✓</h1>
+<p>You can close this tab and return to your terminal.</p></div></body></html>`;
+const errorHtml = (msg) => `<!doctype html><html><head><meta charset="utf-8"><title>Trek CLI</title>
+<style>body{font-family:-apple-system,Segoe UI,Roboto,sans-serif;background:#0b0d10;color:#e8eaed;
+display:flex;align-items:center;justify-content:center;height:100vh;margin:0}
+.card{text-align:center;max-width:30rem;padding:2rem}h1{font-size:1.4rem}p{color:#f28b82}</style></head>
+<body><div class="card"><h1>Trek CLI</h1><p>${String(msg).replace(/[<>&]/g, '')}</p></div></body></html>`;
+// Loopback browser-login flow. Resolves with { token, projectId } on success, or
+// null if it could not complete (timeout / browser failure / user error) so the
+// caller can fall back. The cockpit success callback contract is:
+//   success: http://127.0.0.1:<port>/callback?token=<trk_...>&project=<projectId>&state=<nonce>
+//   error:   http://127.0.0.1:<port>/callback?error=<msg>&state=<nonce>
+// Project selection is mandatory in the cockpit, so `project` is normally present.
+function browserLogin(flags) {
+  return new Promise((resolve) => {
+    const expectedState = randomUUID();
+    let settled = false;
+    let timer = null;
+    const finish = (result) => {
+      if (settled) return;
+      settled = true;
+      if (timer) clearTimeout(timer);
+      try { server.close(); } catch {}
+      resolve(result);
+    };
+    const server = createServer((req, res) => {
+      let url;
+      try { url = new URL(req.url, 'http://127.0.0.1'); }
+      catch { res.writeHead(204).end(); return; }
+      if (url.pathname !== '/callback') {
+        // favicon.ico and any other path: ignore.
+        res.writeHead(204).end();
+        return;
+      }
+      const token = url.searchParams.get('token');
+      const state = url.searchParams.get('state');
+      const error = url.searchParams.get('error');
+      const projectId = url.searchParams.get('project') || '';
+      // A mismatched state must NOT resolve — keep waiting.
+      if (state !== expectedState) {
+        res.writeHead(400, { 'content-type': 'text/html; charset=utf-8' });
+        res.end(errorHtml('Invalid state — this login request did not originate from this terminal.'));
+        return;
+      }
+      if (error) {
+        res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+        res.end(errorHtml(`Login failed: ${error}`));
+        warn(`browser login failed: ${error}`);
+        finish(null);
+        return;
+      }
+      if (looksLikeToken(token)) {
+        res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
+        res.end(SUCCESS_HTML);
+        finish({ token, projectId });
+        return;
+      }
+      // Hit /callback with no usable token — show an error but keep waiting.
+      res.writeHead(400, { 'content-type': 'text/html; charset=utf-8' });
+      res.end(errorHtml('No token received.'));
+    });
+    server.on('error', (err) => {
+      warn(`could not start local login listener: ${err.message}`);
+      finish(null);
+    });
+    server.listen(0, '127.0.0.1', () => {
+      const port = server.address().port;
+      const label = `Claude Code @ ${hostname()}`;
+      const base = cockpitBase(flags);
+      const authUrl = `${base}/cli-auth?port=${port}&state=${encodeURIComponent(expectedState)}&name=${encodeURIComponent(label)}`;
+      log();
+      log(`Opening your browser to sign in to Trek…`);
+      const opened = openBrowser(authUrl);
+      if (!opened) {
+        log(`Could not open a browser automatically. Open this URL to continue:`);
+        log(`  ${c.cyan(authUrl)}`);
+      } else {
+        log(c.dim(`  If it doesn't open, visit: ${authUrl}`));
+      }
+      log(`Waiting for you to authorize in the browser… ${c.dim('(Ctrl+C to cancel)')}`);
+      timer = setTimeout(() => {
+        warn('timed out waiting for browser login.');
+        finish(null);
+      }, LOGIN_TIMEOUT_MS);
+    });
+  });
+}
+// Manual paste fallback (also used for --no-browser and non-TTY).
+async function pasteToken() {
   log();
   log(`Trek needs an API token (${c.cyan('trk_...')}).`);
   log(`Mint one in the cockpit: ${c.cyan(COCKPIT_SETTINGS_URL)} (Settings → API tokens).`);
@@ -99,6 +251,30 @@ async function resolveToken(flags) {
   return tok;
 }
+// Resolve a token (and, where available, a project id) following this precedence.
+// Always returns { token, projectId }; projectId is '' for every path except a
+// successful browser login, where the cockpit's mandatory project selection is
+// delivered back over the loopback callback.
+async function resolveToken(flags) {
+  // 1. explicit flag
+  if (typeof flags.token === 'string' && flags.token) return { token: flags.token, projectId: '' };
+  // 2. environment
+  if (process.env.TREK_TOKEN) { skip('using TREK_TOKEN from environment'); return { token: process.env.TREK_TOKEN, projectId: '' }; }
+  // 3. reuse an existing token from settings (unless --login forces re-auth)
+  if (!flags.login) {
+    const existing = detectExistingToken();
+    if (existing) { skip(`reusing TREK_TOKEN from ${rel(existing.path)}`); return { token: existing.token, projectId: '' }; }
+  }
+  // 4. browser login (interactive, unless --no-browser)
+  if (process.stdin.isTTY && !flags['no-browser']) {
+    const result = await browserLogin(flags);
+    if (result && looksLikeToken(result.token)) { ok('signed in via browser'); return { token: result.token, projectId: result.projectId || '' }; }
+    warn('falling back to manual token entry.');
+  }
+  // 5. manual paste fallback (also the --no-browser / non-TTY path)
+  return { token: await pasteToken(), projectId: '' };
+}
 // --- settings.local.json: merge env block ----------------------------------
 function writeTokenEnv(claudeDir, apiUrl, token, projectId) {
   const path = join(claudeDir, 'settings.local.json');
@@ -149,7 +325,7 @@ function installPlugin(bin, marketplaceRepo) {
 async function init(flags) {
   const userScope = !!flags.user;
   const apiUrl = (typeof flags['api-url'] === 'string' && flags['api-url']) || DEFAULT_API_URL;
-  const projectId = typeof flags['project-id'] === 'string' ? flags['project-id'] : process.env.TREK_PROJECT_ID || '';
+  const flagProjectId = typeof flags['project-id'] === 'string' ? flags['project-id'] : process.env.TREK_PROJECT_ID || '';
   const marketplaceRepo = (typeof flags.marketplace === 'string' && flags.marketplace) || DEFAULT_MARKETPLACE_REPO;
   log(c.bold(`\nTrek installer — ${userScope ? 'user' : 'project'} scope`));
@@ -165,7 +341,10 @@ async function init(flags) {
     installPlugin(bin, marketplaceRepo);
   }
-  const token = await resolveToken(flags);
+  const { token, projectId: browserProjectId } = await resolveToken(flags);
+  // The browser flow's mandatory project selection wins; otherwise fall back to
+  // the explicit --project-id / $TREK_PROJECT_ID resolution.
+  const projectId = browserProjectId || flagProjectId;
   const claudeDir = userScope ? join(homedir(), '.claude') : join(CWD, '.claude');
   writeTokenEnv(claudeDir, apiUrl, token, projectId);
   if (!userScope) ensureGitignore(CWD, ['.claude/settings.local.json']);
@@ -211,20 +390,26 @@ ${c.bold('Usage')}
 ${c.bold('Options')}
   --project              Project scope: write ./.claude/settings.local.json (default)
   --user                 User scope: write ~/.claude/settings.local.json
-  --token <trk_...>      Trek API token (else $TREK_TOKEN, else prompt)
+  --token <trk_...>      Trek API token (skips browser login)
   --api-url <url>        Trek API base URL (default ${DEFAULT_API_URL})
+  --cockpit-url <url>    Cockpit base URL for browser login (default ${DEFAULT_COCKPIT_URL})
   --project-id <uuid>    Bind a default Trek project (sets TREK_PROJECT_ID)
   --marketplace <o/r>    GitHub owner/repo of the plugin marketplace (else $TREK_MARKETPLACE)
+  --login                Force a fresh browser login (ignore any saved token)
+  --no-browser           Skip browser login; paste a token manually
   --uninstall            Remove the plugin + Trek env for the chosen scope
   -h, --help             Show this help
 ${c.bold('What init does')}
   1. claude plugin marketplace add trekagent/trek-claude-plugin
   2. claude plugin install ${PLUGIN}@${MARKETPLACE}
-  3. writes TREK_TOKEN / TREK_API_URL into .claude/settings.local.json (gitignored)
+  3. resolves a token (flag → env → saved → browser login → manual paste)
+  4. writes TREK_TOKEN / TREK_API_URL into .claude/settings.local.json (gitignored)
-The plugin ships the skill, presence hooks, and the remote MCP server; the token in
-settings.local.json is what makes them authenticate. Re-running is safe.
+By default, if no token is already available init opens your browser to sign in /
+create an account; the token is created and delivered back automatically over a
+localhost listener. The plugin ships the skill, presence hooks, and the remote MCP
+server; the token in settings.local.json is what makes them authenticate. Re-running is safe.
 `;
 async function main() {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@trekagent/claude",
-  "version": "0.1.1",
+  "version": "0.3.0",
   "description": "One-command installer for Trek: installs the Trek Claude Code plugin (skill + hooks + MCP) from the Trek marketplace and wires your API token.",
   "private": false,
   "type": "module",