@venturewild/workspace 0.1.4 → 0.1.6

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@venturewild/workspace",
-  "version": "0.1.4",
+  "version": "0.1.6",
   "description": "Claude Code Web — Replit/Lovable-style chat-first browser UI that wraps the AI agent already installed on your machine.",
   "license": "MIT",
   "bin": {
@@ -42,7 +42,8 @@
     "@venturewild/workspace-daemon-win32-x64": "0.1.0",
     "@venturewild/workspace-daemon-darwin-x64": "0.1.0",
     "@venturewild/workspace-daemon-darwin-arm64": "0.1.0",
-    "@venturewild/workspace-daemon-linux-x64": "0.1.0"
+    "@venturewild/workspace-daemon-linux-x64": "0.1.0",
+    "@homebridge/node-pty-prebuilt-multiarch": "0.13.1"
   },
   "devDependencies": {
     "@vitejs/plugin-react": "^4.3.0",

package/server/src/agent-login.mjs

@@ -0,0 +1,146 @@
+// agent-login.mjs — drives an in-app "Sign in to Claude" so a non-technical user
+// never has to touch a terminal. See docs/user-experience.md (the cold-start gate)
+// + the 2026-06-01 CHANGELOG.
+//
+// WHY A PTY: `claude auth login` is an OAuth-via-browser flow. When spawned with
+// plain piped stdio (no TTY), Claude can't run its localhost callback server, so
+// the browser shows a code to paste back into the terminal — useless to us. A real
+// pseudo-terminal (node-pty) makes Claude behave exactly as it does in the user's
+// own terminal: it opens claude.ai, and the localhost callback auto-completes. The
+// user only ever interacts with the browser; the PTY runs server-side, headless.
+//
+// On success the credential lands in the OS store (macOS Keychain / Windows
+// ~/.claude/.credentials.json) — nothing for us to persist — and the existing
+// `claude auth status` readiness probe flips to `ready` (or `subscribe` for a
+// signed-in-but-no-plan account, which the gate then routes correctly).
+//
+// node-pty is loaded LAZILY + OPTIONALLY. If the prebuilt binary isn't available
+// on this platform, start() returns `{ status: 'unsupported' }` and the UI falls
+// back to the "run `claude auth login` in a new terminal" instruction — so adding
+// this never breaks the (no-sudo, no-native-dep) install path we proved on macOS.
+
+import { probeAgentReadiness } from './agent-readiness.mjs';
+
+// First http(s) URL in a chunk (Claude prints the OAuth URL it's opening).
+const URL_RE = /(https?:\/\/[^\s'"]+)/;
+// Claude asks for a pasted code only when the browser callback couldn't be reached
+// (shouldn't happen under a real PTY, but we handle it as a fallback).
+const CODE_HINT_RE = /paste.*code|enter the code|authoriz(at)?ion code|code:\s*$/i;
+
+let _ptyModPromise;
+async function defaultPtyLoader() {
+  if (!_ptyModPromise) {
+    _ptyModPromise = import('@homebridge/node-pty-prebuilt-multiarch')
+      .then((m) => m.default || m)
+      .catch(() => null); // not installed / no prebuilt for this platform
+  }
+  return _ptyModPromise;
+}
+
+// status: idle | starting | awaiting-browser | awaiting-code | success | error | unsupported
+export class ClaudeLoginSession {
+  constructor({ agent, openImpl, reprobeImpl, ptyLoader, env } = {}) {
+    this.agent = agent;
+    this.openImpl = openImpl || null;        // (url) => void — open the OAuth URL
+    this.ptyLoader = ptyLoader || defaultPtyLoader;
+    this.env = env || process.env;
+    this.reprobeImpl = reprobeImpl || (() => probeAgentReadiness(this.agent, undefined, this.env));
+    this.status = 'idle';
+    this.url = null;
+    this.error = null;
+    this.verdict = null;
+    this.proc = null;
+    this._buf = '';
+  }
+
+  async start() {
+    if (this.status === 'starting' || this.status === 'awaiting-browser' || this.status === 'awaiting-code') {
+      return this.snapshot(); // already in flight — idempotent
+    }
+    if (!this.agent || this.agent.id !== 'claude' || !this.agent.available) {
+      return this._fail('unsupported', 'Claude is not installed on this machine.');
+    }
+    const pty = await this.ptyLoader();
+    if (!pty || typeof pty.spawn !== 'function') {
+      return this._fail('unsupported', 'In-app sign-in is not available on this platform.');
+    }
+    const command = this.agent.resolvedPath || this.agent.binary;
+    this._reset();
+    this.status = 'starting';
+    try {
+      this.proc = pty.spawn(command, ['auth', 'login'], {
+        name: 'xterm-color',
+        cols: 100,
+        rows: 30,
+        cwd: process.cwd(),
+        env: { ...this.env },
+      });
+    } catch (e) {
+      return this._fail('error', `couldn't start sign-in: ${e?.message || e}`);
+    }
+    this.status = 'awaiting-browser';
+    this.proc.onData((d) => this._onData(String(d)));
+    this.proc.onExit((ev) => this._onExit(ev && typeof ev === 'object' ? ev.exitCode : ev));
+    return this.snapshot();
+  }
+
+  _onData(chunk) {
+    this._buf += chunk;
+    if (!this.url) {
+      const m = chunk.match(URL_RE) || this._buf.match(URL_RE);
+      if (m) {
+        this.url = m[1].replace(/[).,*'"]+$/, '');
+        if (this.openImpl) { try { this.openImpl(this.url); } catch { /* best-effort */ } }
+      }
+    }
+    if (CODE_HINT_RE.test(chunk) && this.status === 'awaiting-browser') {
+      this.status = 'awaiting-code';
+    }
+  }
+
+  async _onExit(exitCode) {
+    this.proc = null;
+    // `claude auth login` exits once the browser flow completes. The credential
+    // store is the source of truth — re-probe to confirm (and to learn whether
+    // they also have an active plan vs. need to subscribe).
+    let verdict;
+    try { verdict = await this.reprobeImpl(); } catch { verdict = { status: 'unknown' }; }
+    this.verdict = verdict;
+    if (verdict.status === 'ready' || verdict.status === 'subscribe') {
+      this.status = 'success';
+    } else if (exitCode === 0 && verdict.status !== 'login' && verdict.status !== 'missing') {
+      this.status = 'success';
+    } else {
+      this.status = 'error';
+      this.error = this.error || (exitCode === 0 ? 'sign-in did not complete' : `sign-in exited with code ${exitCode}`);
+    }
+  }
+
+  // Fallback only: relay a pasted code into the PTY if Claude ever asks for one.
+  submitCode(code) {
+    if (this.proc && this.status === 'awaiting-code' && code != null) {
+      try { this.proc.write(`${String(code).trim()}\r`); } catch { /* dead pty */ return false; }
+      this.status = 'awaiting-browser';
+      return true;
+    }
+    return false;
+  }
+
+  cancel() {
+    if (this.proc) { try { this.proc.kill(); } catch { /* already gone */ } this.proc = null; }
+    if (this.status !== 'success') this.status = 'idle';
+    return this.snapshot();
+  }
+
+  _reset() { this.url = null; this.error = null; this.verdict = null; this._buf = ''; }
+
+  _fail(status, message) {
+    this.status = status;
+    this.error = message;
+    return this.snapshot();
+  }
+
+  snapshot() {
+    return { status: this.status, url: this.url, error: this.error, verdict: this.verdict };
+  }
+}

package/server/src/index.mjs

@@ -26,6 +26,7 @@ import { InboxWatcher } from './inbox.mjs';
 import { ActivityBus } from './activity.mjs';
 import { loadIdentity, saveIdentity, markOnboarded, TONES } from './agent-identity.mjs';
 import { probeAgentReadiness } from './agent-readiness.mjs';
+import { ClaudeLoginSession } from './agent-login.mjs';
 import { ErrorReporter } from './error-reporter.mjs';
 import { DaemonBridge } from './daemon.mjs';
 import { DaemonSupervisor } from './daemon-supervisor.mjs';
@@ -578,6 +579,39 @@ export async function createServer(overrides = {}) {
     return c.json({ agent: agentTag(activeAgent), ...verdict });
   });
 
+  // In-app "Sign in to Claude" — drives `claude auth login` in a real PTY so the
+  // browser OAuth callback auto-completes and the user never touches a terminal.
+  // (See agent-login.mjs.) Degrades to `{status:'unsupported'}` if node-pty is
+  // absent, and the gate falls back to the terminal instruction. The OAuth URL is
+  // opened on this machine — the server runs locally, so it's the user's browser.
+  let _loginSession = null;
+  const openUrl = async (u) => {
+    try { const open = (await import('open')).default; await open(u); } catch { /* best-effort */ }
+  };
+  const emptyLoginSnap = { status: 'idle', url: null, error: null, verdict: null };
+  app.post('/api/agent/login/start', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    if (!_loginSession) _loginSession = new ClaudeLoginSession({ agent: activeAgent, openImpl: openUrl });
+    _loginSession.agent = activeAgent; // track the active agent if it changed
+    const snap = await _loginSession.start();
+    _readinessCache = null; // a sign-in is about to change auth state — don't serve stale
+    log('[onboarding]', `login start status=${snap.status}`);
+    return c.json(snap);
+  });
+  app.get('/api/agent/login/status', async (c) => {
+    const forbidden = require(c, 'chat');
+    if (forbidden) return forbidden;
+    return c.json(_loginSession ? _loginSession.snapshot() : emptyLoginSnap);
+  });
+  app.post('/api/agent/login/code', async (c) => {
+    const forbidden = require(c, 'chatWrite');
+    if (forbidden) return forbidden;
+    const body = await c.req.json().catch(() => ({}));
+    const ok = _loginSession ? _loginSession.submitCode(body.code) : false;
+    return c.json({ ok, ...(_loginSession ? _loginSession.snapshot() : emptyLoginSnap) });
+  });
+
   app.post('/api/agent/identity', async (c) => {
     const forbidden = require(c, 'chatWrite');
     if (forbidden) return forbidden;

package/server/src/service.mjs

@@ -7,11 +7,14 @@
 //
 // macOS (code-complete + unit-tested 2026-06-01; real-Mac reboot proof pending):
 // writes a `~/Library/LaunchAgents/<label>.plist` (RunAtLoad + KeepAlive +
-// ThrottleInterval) and registers it in the user's GUI domain via
-// `launchctl bootstrap gui/<uid>` (legacy `launchctl load -w` fallback). Runs as
-// the user, NO admin — macOS 13+ shows a one-time "Background item added" toast +
-// a Login Items toggle (consent, not admin). launchd provides crash-restart for
-// free; the supervisor still owns the singleton lock + child watchdog.
+// ThrottleInterval). Install does NOT start it now (no `launchctl bootstrap`) —
+// launchd auto-loads the plist at the NEXT login, mirroring the Windows HKCU\Run
+// model. (Starting it at install time would grab :5173 and collide with the
+// `wild-workspace` the user runs this session.) Uninstall uses `launchctl bootout`
+// to stop any instance loaded from a prior login. Runs as the user, NO admin —
+// macOS 13+ shows a one-time "Background item added" toast + a Login Items toggle
+// (consent, not admin). launchd provides crash-restart for free; the supervisor
+// still owns the singleton lock + child watchdog.
 //
 // Linux (systemd --user) is designed but not yet implemented — it returns a clear
 // "not yet" result so callers degrade gracefully (the user runs `wild-workspace`).
@@ -160,7 +163,7 @@ export function buildPlist({ node, cli, workspaceDir, outLog, errLog, label = LA
   ].join('\n');
 }
 
-async function macInstall({ node, cli, workspaceDir, port, version }, { dir, launchAgentsDir, execFileImpl, uid }) {
+async function macInstall({ node, cli, workspaceDir, port, version }, { dir, launchAgentsDir }) {
   fs.mkdirSync(dir, { recursive: true });
   fs.mkdirSync(launchAgentsDir, { recursive: true });
   const plist = plistPath(launchAgentsDir);
@@ -173,20 +176,15 @@ async function macInstall({ node, cli, workspaceDir, port, version }, { dir, lau
     JSON.stringify({ node, cli, workspaceDir, port, version, installedAt: new Date().toISOString() }, null, 2),
     'utf8',
   );
-  const domain = `gui/${uid}`;
-  const target = `${domain}/${LAUNCHD_LABEL}`;
-  // Clear any prior registration so a changed plist is picked up (launchd caches
-  // the loaded plist; bootout→bootstrap makes re-install idempotent).
-  try { await execFileImpl('launchctl', ['bootout', target]); } catch { /* not loaded */ }
-  let loadVerb = 'bootstrap';
-  try {
-    await execFileImpl('launchctl', ['bootstrap', domain, plist]);
-  } catch {
-    // Pre-Yosemite-style macOS without `bootstrap` — fall back to the legacy verb.
-    await execFileImpl('launchctl', ['load', '-w', plist]);
-    loadVerb = 'load';
-  }
-  return { installed: true, mechanism: 'LaunchAgent', launcher: plist, plist, label: LAUNCHD_LABEL, runValue: target, serviceJson, loadVerb };
+  // Deliberately do NOT `launchctl bootstrap` here. bootstrap + RunAtLoad would
+  // start the supervisor immediately, grabbing :5173 — then the `wild-workspace`
+  // the user runs *this session* collides on the port (createServer rejects on
+  // EADDRINUSE). Dropping the plist into ~/Library/LaunchAgents is enough:
+  // launchd auto-loads it at the NEXT login (RunAtLoad fires then). This mirrors
+  // the proven Windows HKCU\Run model, which also only fires at login — so the
+  // current session is the manual `wild-workspace`, and always-on takes over
+  // from the next login/reboot (which is also the cleanest B5 proof).
+  return { installed: true, mechanism: 'LaunchAgent', launcher: plist, plist, label: LAUNCHD_LABEL, runValue: plist, serviceJson, startsAtNextLogin: true };
 }
 
 async function macUninstall({ dir, launchAgentsDir, execFileImpl, killImpl, uid }) {
@@ -245,8 +243,6 @@ export async function installService(opts = {}, deps = {}) {
     return macInstall(opts, {
       dir: deps.dir || globalDir(),
       launchAgentsDir: deps.launchAgentsDir || defaultLaunchAgentsDir(),
-      execFileImpl: deps.execFileImpl || execFileP,
-      uid: deps.uid ?? currentUid(),
     });
   }
   return unsupported(platform, 'installed');