@venturewild/workspace 0.5.0 → 0.5.2

package/server/src/account.mjs

@@ -1,114 +1,114 @@
-// Per-install bmo-sync account — the user's identity in the wild-* ecosystem.
-//
-// Distinct from `agent-identity.mjs` (which holds the agent's name/tone/color)
-// and from `secrets.mjs` (per-install partner/share tokens). An account binds
-// this installation to:
-//   - a `slug` (the `<slug>.venturewild.llc` namespace, claimed at signup)
-//   - an `email` (human identification — NOT used as a password)
-//   - an `accountId` (uuid)
-//   - an `accountToken` (long-random secret that proves ownership to
-//     `sync.venturewild.llc`; never sent to the browser)
-//
-// Persisted at `<dataDir>/account.json` (mode 0600). Absence means the user
-// has not run `wild-workspace login` yet; the server still works in localhost
-// mode but `<slug>.venturewild.llc` isn't configured.
-//
-// Login flow:
-//   1. User registers at `workspace.venturewild.llc` (landing).
-//   2. Landing displays a single opaque payload (base64url-encoded JSON).
-//   3. User runs `wild-workspace login <payload>`.
-//   4. We decode + persist here.
-
-import fs from 'node:fs';
-import path from 'node:path';
-
-const FILE = 'account.json';
-
-function accountPath(dataDir) {
-  return path.join(dataDir, FILE);
-}
-
-export function loadAccount(dataDir) {
-  try {
-    const parsed = JSON.parse(fs.readFileSync(accountPath(dataDir), 'utf8'));
-    return sanitize(parsed);
-  } catch {
-    return null;
-  }
-}
-
-function sanitize(raw) {
-  if (!raw || typeof raw !== 'object') return null;
-  const slug = typeof raw.slug === 'string' ? raw.slug.trim().toLowerCase() : '';
-  const email = typeof raw.email === 'string' ? raw.email.trim().toLowerCase() : '';
-  const accountId = typeof raw.accountId === 'string' ? raw.accountId.trim() : '';
-  const accountToken = typeof raw.accountToken === 'string' ? raw.accountToken.trim() : '';
-  if (!slug || !email || !accountId || !accountToken) return null;
-  return {
-    slug,
-    email,
-    accountId,
-    accountToken,
-    displayName: typeof raw.displayName === 'string' ? raw.displayName : null,
-    loggedInAt: Number(raw.loggedInAt) || Date.now(),
-  };
-}
-
-export function saveAccount(dataDir, account) {
-  const merged = sanitize({ loggedInAt: Date.now(), ...account });
-  if (!merged) throw new Error('account-invalid');
-  fs.mkdirSync(dataDir, { recursive: true });
-  fs.writeFileSync(accountPath(dataDir), JSON.stringify(merged, null, 2), {
-    mode: 0o600,
-  });
-  return merged;
-}
-
-export function clearAccount(dataDir) {
-  try {
-    fs.unlinkSync(accountPath(dataDir));
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-// Parse a single opaque token-blob the user pastes from the landing page.
-// The landing emits base64url(JSON({slug,email,accountId,token,displayName?})).
-// We accept either base64url or raw JSON for forward-compat / curl debugging.
-export function decodeLoginPayload(input) {
-  const raw = String(input || '').trim();
-  if (!raw) throw new Error('Empty login payload — paste the blob from your signup page.');
-  // 1. Try base64url decode.
-  const tryBase64 = () => {
-    let b = raw.replace(/-/g, '+').replace(/_/g, '/');
-    while (b.length % 4 !== 0) b += '=';
-    return Buffer.from(b, 'base64').toString('utf8');
-  };
-  // 2. Try raw JSON (if it starts with `{`).
-  let jsonText;
-  if (raw[0] === '{') {
-    jsonText = raw;
-  } else {
-    try {
-      jsonText = tryBase64();
-    } catch {
-      throw new Error('Login payload is not base64url-encoded JSON.');
-    }
-  }
-  let parsed;
-  try {
-    parsed = JSON.parse(jsonText);
-  } catch {
-    throw new Error('Login payload decoded but is not valid JSON.');
-  }
-  // Accept both `token` (what the landing emits) and `accountToken`.
-  if (parsed.token && !parsed.accountToken) parsed.accountToken = parsed.token;
-  if (!parsed.slug || !parsed.email || !parsed.accountId || !parsed.accountToken) {
-    throw new Error(
-      'Login payload is missing one or more required fields ' +
-        '(slug, email, accountId, token). Re-copy from the signup page?',
-    );
-  }
-  return parsed;
-}
+// Per-install bmo-sync account — the user's identity in the wild-* ecosystem.
+//
+// Distinct from `agent-identity.mjs` (which holds the agent's name/tone/color)
+// and from `secrets.mjs` (per-install partner/share tokens). An account binds
+// this installation to:
+//   - a `slug` (the `<slug>.venturewild.llc` namespace, claimed at signup)
+//   - an `email` (human identification — NOT used as a password)
+//   - an `accountId` (uuid)
+//   - an `accountToken` (long-random secret that proves ownership to
+//     `sync.venturewild.llc`; never sent to the browser)
+//
+// Persisted at `<dataDir>/account.json` (mode 0600). Absence means the user
+// has not run `wild-workspace login` yet; the server still works in localhost
+// mode but `<slug>.venturewild.llc` isn't configured.
+//
+// Login flow:
+//   1. User registers at `workspace.venturewild.llc` (landing).
+//   2. Landing displays a single opaque payload (base64url-encoded JSON).
+//   3. User runs `wild-workspace login <payload>`.
+//   4. We decode + persist here.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+const FILE = 'account.json';
+
+function accountPath(dataDir) {
+  return path.join(dataDir, FILE);
+}
+
+export function loadAccount(dataDir) {
+  try {
+    const parsed = JSON.parse(fs.readFileSync(accountPath(dataDir), 'utf8'));
+    return sanitize(parsed);
+  } catch {
+    return null;
+  }
+}
+
+function sanitize(raw) {
+  if (!raw || typeof raw !== 'object') return null;
+  const slug = typeof raw.slug === 'string' ? raw.slug.trim().toLowerCase() : '';
+  const email = typeof raw.email === 'string' ? raw.email.trim().toLowerCase() : '';
+  const accountId = typeof raw.accountId === 'string' ? raw.accountId.trim() : '';
+  const accountToken = typeof raw.accountToken === 'string' ? raw.accountToken.trim() : '';
+  if (!slug || !email || !accountId || !accountToken) return null;
+  return {
+    slug,
+    email,
+    accountId,
+    accountToken,
+    displayName: typeof raw.displayName === 'string' ? raw.displayName : null,
+    loggedInAt: Number(raw.loggedInAt) || Date.now(),
+  };
+}
+
+export function saveAccount(dataDir, account) {
+  const merged = sanitize({ loggedInAt: Date.now(), ...account });
+  if (!merged) throw new Error('account-invalid');
+  fs.mkdirSync(dataDir, { recursive: true });
+  fs.writeFileSync(accountPath(dataDir), JSON.stringify(merged, null, 2), {
+    mode: 0o600,
+  });
+  return merged;
+}
+
+export function clearAccount(dataDir) {
+  try {
+    fs.unlinkSync(accountPath(dataDir));
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+// Parse a single opaque token-blob the user pastes from the landing page.
+// The landing emits base64url(JSON({slug,email,accountId,token,displayName?})).
+// We accept either base64url or raw JSON for forward-compat / curl debugging.
+export function decodeLoginPayload(input) {
+  const raw = String(input || '').trim();
+  if (!raw) throw new Error('Empty login payload — paste the blob from your signup page.');
+  // 1. Try base64url decode.
+  const tryBase64 = () => {
+    let b = raw.replace(/-/g, '+').replace(/_/g, '/');
+    while (b.length % 4 !== 0) b += '=';
+    return Buffer.from(b, 'base64').toString('utf8');
+  };
+  // 2. Try raw JSON (if it starts with `{`).
+  let jsonText;
+  if (raw[0] === '{') {
+    jsonText = raw;
+  } else {
+    try {
+      jsonText = tryBase64();
+    } catch {
+      throw new Error('Login payload is not base64url-encoded JSON.');
+    }
+  }
+  let parsed;
+  try {
+    parsed = JSON.parse(jsonText);
+  } catch {
+    throw new Error('Login payload decoded but is not valid JSON.');
+  }
+  // Accept both `token` (what the landing emits) and `accountToken`.
+  if (parsed.token && !parsed.accountToken) parsed.accountToken = parsed.token;
+  if (!parsed.slug || !parsed.email || !parsed.accountId || !parsed.accountToken) {
+    throw new Error(
+      'Login payload is missing one or more required fields ' +
+        '(slug, email, accountId, token). Re-copy from the signup page?',
+    );
+  }
+  return parsed;
+}

package/server/src/agent-login.mjs

@@ -1,146 +1,146 @@
-// agent-login.mjs — drives an in-app "Sign in to Claude" so a non-technical user
-// never has to touch a terminal. See docs/user-experience.md (the cold-start gate)
-// + the 2026-06-01 CHANGELOG.
-//
-// WHY A PTY: `claude auth login` is an OAuth-via-browser flow. When spawned with
-// plain piped stdio (no TTY), Claude can't run its localhost callback server, so
-// the browser shows a code to paste back into the terminal — useless to us. A real
-// pseudo-terminal (node-pty) makes Claude behave exactly as it does in the user's
-// own terminal: it opens claude.ai, and the localhost callback auto-completes. The
-// user only ever interacts with the browser; the PTY runs server-side, headless.
-//
-// On success the credential lands in the OS store (macOS Keychain / Windows
-// ~/.claude/.credentials.json) — nothing for us to persist — and the existing
-// `claude auth status` readiness probe flips to `ready` (or `subscribe` for a
-// signed-in-but-no-plan account, which the gate then routes correctly).
-//
-// node-pty is loaded LAZILY + OPTIONALLY. If the prebuilt binary isn't available
-// on this platform, start() returns `{ status: 'unsupported' }` and the UI falls
-// back to the "run `claude auth login` in a new terminal" instruction — so adding
-// this never breaks the (no-sudo, no-native-dep) install path we proved on macOS.
-
-import { probeAgentReadiness } from './agent-readiness.mjs';
-
-// First http(s) URL in a chunk (Claude prints the OAuth URL it's opening).
-const URL_RE = /(https?:\/\/[^\s'"]+)/;
-// Claude asks for a pasted code only when the browser callback couldn't be reached
-// (shouldn't happen under a real PTY, but we handle it as a fallback).
-const CODE_HINT_RE = /paste.*code|enter the code|authoriz(at)?ion code|code:\s*$/i;
-
-let _ptyModPromise;
-export async function defaultPtyLoader() {
-  if (!_ptyModPromise) {
-    _ptyModPromise = import('@homebridge/node-pty-prebuilt-multiarch')
-      .then((m) => m.default || m)
-      .catch(() => null); // not installed / no prebuilt for this platform
-  }
-  return _ptyModPromise;
-}
-
-// status: idle | starting | awaiting-browser | awaiting-code | success | error | unsupported
-export class ClaudeLoginSession {
-  constructor({ agent, openImpl, reprobeImpl, ptyLoader, env } = {}) {
-    this.agent = agent;
-    this.openImpl = openImpl || null;        // (url) => void — open the OAuth URL
-    this.ptyLoader = ptyLoader || defaultPtyLoader;
-    this.env = env || process.env;
-    this.reprobeImpl = reprobeImpl || (() => probeAgentReadiness(this.agent, undefined, this.env));
-    this.status = 'idle';
-    this.url = null;
-    this.error = null;
-    this.verdict = null;
-    this.proc = null;
-    this._buf = '';
-  }
-
-  async start() {
-    if (this.status === 'starting' || this.status === 'awaiting-browser' || this.status === 'awaiting-code') {
-      return this.snapshot(); // already in flight — idempotent
-    }
-    if (!this.agent || this.agent.id !== 'claude' || !this.agent.available) {
-      return this._fail('unsupported', 'Claude is not installed on this machine.');
-    }
-    const pty = await this.ptyLoader();
-    if (!pty || typeof pty.spawn !== 'function') {
-      return this._fail('unsupported', 'In-app sign-in is not available on this platform.');
-    }
-    const command = this.agent.resolvedPath || this.agent.binary;
-    this._reset();
-    this.status = 'starting';
-    try {
-      this.proc = pty.spawn(command, ['auth', 'login'], {
-        name: 'xterm-color',
-        cols: 100,
-        rows: 30,
-        cwd: process.cwd(),
-        env: { ...this.env },
-      });
-    } catch (e) {
-      return this._fail('error', `couldn't start sign-in: ${e?.message || e}`);
-    }
-    this.status = 'awaiting-browser';
-    this.proc.onData((d) => this._onData(String(d)));
-    this.proc.onExit((ev) => this._onExit(ev && typeof ev === 'object' ? ev.exitCode : ev));
-    return this.snapshot();
-  }
-
-  _onData(chunk) {
-    this._buf += chunk;
-    if (!this.url) {
-      const m = chunk.match(URL_RE) || this._buf.match(URL_RE);
-      if (m) {
-        this.url = m[1].replace(/[).,*'"]+$/, '');
-        if (this.openImpl) { try { this.openImpl(this.url); } catch { /* best-effort */ } }
-      }
-    }
-    if (CODE_HINT_RE.test(chunk) && this.status === 'awaiting-browser') {
-      this.status = 'awaiting-code';
-    }
-  }
-
-  async _onExit(exitCode) {
-    this.proc = null;
-    // `claude auth login` exits once the browser flow completes. The credential
-    // store is the source of truth — re-probe to confirm (and to learn whether
-    // they also have an active plan vs. need to subscribe).
-    let verdict;
-    try { verdict = await this.reprobeImpl(); } catch { verdict = { status: 'unknown' }; }
-    this.verdict = verdict;
-    if (verdict.status === 'ready' || verdict.status === 'subscribe') {
-      this.status = 'success';
-    } else if (exitCode === 0 && verdict.status !== 'login' && verdict.status !== 'missing') {
-      this.status = 'success';
-    } else {
-      this.status = 'error';
-      this.error = this.error || (exitCode === 0 ? 'sign-in did not complete' : `sign-in exited with code ${exitCode}`);
-    }
-  }
-
-  // Fallback only: relay a pasted code into the PTY if Claude ever asks for one.
-  submitCode(code) {
-    if (this.proc && this.status === 'awaiting-code' && code != null) {
-      try { this.proc.write(`${String(code).trim()}\r`); } catch { /* dead pty */ return false; }
-      this.status = 'awaiting-browser';
-      return true;
-    }
-    return false;
-  }
-
-  cancel() {
-    if (this.proc) { try { this.proc.kill(); } catch { /* already gone */ } this.proc = null; }
-    if (this.status !== 'success') this.status = 'idle';
-    return this.snapshot();
-  }
-
-  _reset() { this.url = null; this.error = null; this.verdict = null; this._buf = ''; }
-
-  _fail(status, message) {
-    this.status = status;
-    this.error = message;
-    return this.snapshot();
-  }
-
-  snapshot() {
-    return { status: this.status, url: this.url, error: this.error, verdict: this.verdict };
-  }
-}
+// agent-login.mjs — drives an in-app "Sign in to Claude" so a non-technical user
+// never has to touch a terminal. See docs/user-experience.md (the cold-start gate)
+// + the 2026-06-01 CHANGELOG.
+//
+// WHY A PTY: `claude auth login` is an OAuth-via-browser flow. When spawned with
+// plain piped stdio (no TTY), Claude can't run its localhost callback server, so
+// the browser shows a code to paste back into the terminal — useless to us. A real
+// pseudo-terminal (node-pty) makes Claude behave exactly as it does in the user's
+// own terminal: it opens claude.ai, and the localhost callback auto-completes. The
+// user only ever interacts with the browser; the PTY runs server-side, headless.
+//
+// On success the credential lands in the OS store (macOS Keychain / Windows
+// ~/.claude/.credentials.json) — nothing for us to persist — and the existing
+// `claude auth status` readiness probe flips to `ready` (or `subscribe` for a
+// signed-in-but-no-plan account, which the gate then routes correctly).
+//
+// node-pty is loaded LAZILY + OPTIONALLY. If the prebuilt binary isn't available
+// on this platform, start() returns `{ status: 'unsupported' }` and the UI falls
+// back to the "run `claude auth login` in a new terminal" instruction — so adding
+// this never breaks the (no-sudo, no-native-dep) install path we proved on macOS.
+
+import { probeAgentReadiness } from './agent-readiness.mjs';
+
+// First http(s) URL in a chunk (Claude prints the OAuth URL it's opening).
+const URL_RE = /(https?:\/\/[^\s'"]+)/;
+// Claude asks for a pasted code only when the browser callback couldn't be reached
+// (shouldn't happen under a real PTY, but we handle it as a fallback).
+const CODE_HINT_RE = /paste.*code|enter the code|authoriz(at)?ion code|code:\s*$/i;
+
+let _ptyModPromise;
+export async function defaultPtyLoader() {
+  if (!_ptyModPromise) {
+    _ptyModPromise = import('@homebridge/node-pty-prebuilt-multiarch')
+      .then((m) => m.default || m)
+      .catch(() => null); // not installed / no prebuilt for this platform
+  }
+  return _ptyModPromise;
+}
+
+// status: idle | starting | awaiting-browser | awaiting-code | success | error | unsupported
+export class ClaudeLoginSession {
+  constructor({ agent, openImpl, reprobeImpl, ptyLoader, env } = {}) {
+    this.agent = agent;
+    this.openImpl = openImpl || null;        // (url) => void — open the OAuth URL
+    this.ptyLoader = ptyLoader || defaultPtyLoader;
+    this.env = env || process.env;
+    this.reprobeImpl = reprobeImpl || (() => probeAgentReadiness(this.agent, undefined, this.env));
+    this.status = 'idle';
+    this.url = null;
+    this.error = null;
+    this.verdict = null;
+    this.proc = null;
+    this._buf = '';
+  }
+
+  async start() {
+    if (this.status === 'starting' || this.status === 'awaiting-browser' || this.status === 'awaiting-code') {
+      return this.snapshot(); // already in flight — idempotent
+    }
+    if (!this.agent || this.agent.id !== 'claude' || !this.agent.available) {
+      return this._fail('unsupported', 'Claude is not installed on this machine.');
+    }
+    const pty = await this.ptyLoader();
+    if (!pty || typeof pty.spawn !== 'function') {
+      return this._fail('unsupported', 'In-app sign-in is not available on this platform.');
+    }
+    const command = this.agent.resolvedPath || this.agent.binary;
+    this._reset();
+    this.status = 'starting';
+    try {
+      this.proc = pty.spawn(command, ['auth', 'login'], {
+        name: 'xterm-color',
+        cols: 100,
+        rows: 30,
+        cwd: process.cwd(),
+        env: { ...this.env },
+      });
+    } catch (e) {
+      return this._fail('error', `couldn't start sign-in: ${e?.message || e}`);
+    }
+    this.status = 'awaiting-browser';
+    this.proc.onData((d) => this._onData(String(d)));
+    this.proc.onExit((ev) => this._onExit(ev && typeof ev === 'object' ? ev.exitCode : ev));
+    return this.snapshot();
+  }
+
+  _onData(chunk) {
+    this._buf += chunk;
+    if (!this.url) {
+      const m = chunk.match(URL_RE) || this._buf.match(URL_RE);
+      if (m) {
+        this.url = m[1].replace(/[).,*'"]+$/, '');
+        if (this.openImpl) { try { this.openImpl(this.url); } catch { /* best-effort */ } }
+      }
+    }
+    if (CODE_HINT_RE.test(chunk) && this.status === 'awaiting-browser') {
+      this.status = 'awaiting-code';
+    }
+  }
+
+  async _onExit(exitCode) {
+    this.proc = null;
+    // `claude auth login` exits once the browser flow completes. The credential
+    // store is the source of truth — re-probe to confirm (and to learn whether
+    // they also have an active plan vs. need to subscribe).
+    let verdict;
+    try { verdict = await this.reprobeImpl(); } catch { verdict = { status: 'unknown' }; }
+    this.verdict = verdict;
+    if (verdict.status === 'ready' || verdict.status === 'subscribe') {
+      this.status = 'success';
+    } else if (exitCode === 0 && verdict.status !== 'login' && verdict.status !== 'missing') {
+      this.status = 'success';
+    } else {
+      this.status = 'error';
+      this.error = this.error || (exitCode === 0 ? 'sign-in did not complete' : `sign-in exited with code ${exitCode}`);
+    }
+  }
+
+  // Fallback only: relay a pasted code into the PTY if Claude ever asks for one.
+  submitCode(code) {
+    if (this.proc && this.status === 'awaiting-code' && code != null) {
+      try { this.proc.write(`${String(code).trim()}\r`); } catch { /* dead pty */ return false; }
+      this.status = 'awaiting-browser';
+      return true;
+    }
+    return false;
+  }
+
+  cancel() {
+    if (this.proc) { try { this.proc.kill(); } catch { /* already gone */ } this.proc = null; }
+    if (this.status !== 'success') this.status = 'idle';
+    return this.snapshot();
+  }
+
+  _reset() { this.url = null; this.error = null; this.verdict = null; this._buf = ''; }
+
+  _fail(status, message) {
+    this.status = status;
+    this.error = message;
+    return this.snapshot();
+  }
+
+  snapshot() {
+    return { status: this.status, url: this.url, error: this.error, verdict: this.verdict };
+  }
+}