@wipcomputer/wip-ldm-os 0.4.73-alpha.13 → 0.4.73-alpha.14

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.13",
+  "version": "0.4.73-alpha.14",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/shared/rules/git-conventions.md

@@ -14,11 +14,11 @@ Always use a branch and PR.
 
 ## Co-authors on every commit
 
-List all contributors. Read co-author lines from `settings/config.json` in your workspace.
+List all contributors. Read co-author lines from `~/.ldm/config.json` coAuthors field.
 
 ## Branch prefixes
 
-Each agent uses a prefix from `settings/config.json` agents section. Prevents collisions.
+Each agent uses a prefix from `~/.ldm/config.json` agents section. Prevents collisions.
 
 ## Worktrees
 
@@ -30,4 +30,4 @@ For private/public repo pairs, all issues go on the public repo.
 
 ## On-demand reference
 
-Before doing repo work, read `~/wipcomputerinc/settings/docs/how-worktrees-work.md` for the full worktree workflow with commands.
+Before doing repo work, read `~/wipcomputerinc/library/documentation/how-worktrees-work.md` for the full worktree workflow with commands.

package/shared/rules/release-pipeline.md

@@ -39,4 +39,4 @@ Installed tools are for execution. Repo clones are for development. Use the inst
 
 ## On-demand reference
 
-Before releasing, read `~/wipcomputerinc/settings/docs/how-releases-work.md` for the full pipeline with commands.
+Before releasing, read `~/wipcomputerinc/library/documentation/how-releases-work.md` for the full pipeline with commands.

package/shared/rules/security.md

@@ -2,7 +2,7 @@
 
 ## Secret management
 
-Use your org's secret management tool (configured in settings/config.json). Never hardcode API keys, tokens, or credentials.
+Use your org's secret management tool (configured in `~/.ldm/config.json`). Never hardcode API keys, tokens, or credentials.
 
 ## Security audit before installing anything
 

package/shared/rules/workspace-boundaries.md

@@ -22,4 +22,4 @@ Installed tools are for execution. Repo clones are for development. Use the inst
 
 ## On-demand reference
 
-For the full directory map, read `~/wipcomputerinc/settings/docs/system-directories.md`.
+For the full directory map, read `~/wipcomputerinc/library/documentation/system-directories.md`.

package/shared/rules/writing-style.md

@@ -1,5 +1,5 @@
 # Writing Style
 
-Read writing conventions from your org's `settings/config.json` writingStyle section.
+Read writing conventions from `~/.ldm/config.json` writingStyle section.
 
 **Full paths in documentation.** Never truncate paths. Always show the complete path so there's no ambiguity.

package/src/hosted-mcp/demo/agent.html

@@ -0,0 +1,300 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1, viewport-fit=cover">
+<title>Agent Access - Kaleidoscope</title>
+<style>
+*, *::before, *::after { margin: 0; padding: 0; box-sizing: border-box; }
+
+:root {
+  --bg: #FFFDF5;
+  --text: #1a1a1a;
+  --text-muted: #8a8580;
+  --accent: #0033FF;
+  --input-bg: #F5F3ED;
+  --input-border: #E0DDD6;
+  --font: -apple-system, BlinkMacSystemFont, "SF Pro Text", system-ui, sans-serif;
+}
+
+body {
+  font-family: var(--font);
+  background: var(--bg);
+  color: var(--text);
+  -webkit-text-size-adjust: 100%;
+  -webkit-font-smoothing: antialiased;
+  line-height: 1.6;
+}
+
+.header {
+  position: sticky;
+  top: 0;
+  z-index: 100;
+  padding: calc(12px + env(safe-area-inset-top, 0px)) 20px 12px;
+  border-bottom: 1px solid rgba(0, 0, 0, 0.06);
+  background: rgba(255, 253, 245, 0.8);
+  -webkit-backdrop-filter: saturate(180%) blur(20px);
+  backdrop-filter: saturate(180%) blur(20px);
+  display: flex;
+  align-items: center;
+}
+
+.header a {
+  display: flex;
+  align-items: center;
+  text-decoration: none;
+}
+
+.container {
+  max-width: 640px;
+  margin: 0 auto;
+  padding: 16px 24px 80px;
+}
+
+h1 {
+  font-size: 28px;
+  font-weight: 700;
+  letter-spacing: -0.02em;
+  margin-bottom: 4px;
+}
+
+.subtitle {
+  font-size: 17px;
+  color: var(--text-muted);
+  margin-bottom: 40px;
+}
+
+p {
+  font-size: 15px;
+  line-height: 1.65;
+  color: #3a3a3a;
+  margin-bottom: 12px;
+}
+
+.link-box {
+  background: var(--input-bg);
+  border: 1px solid var(--input-border);
+  border-radius: 12px;
+  padding: 16px 20px;
+  font-size: 16px;
+  font-weight: 600;
+  color: var(--accent);
+  word-break: break-all;
+  user-select: all;
+  -webkit-user-select: all;
+  cursor: text;
+  margin-bottom: 12px;
+  text-align: center;
+}
+
+.note {
+  font-size: 15px;
+  color: #3a3a3a;
+  line-height: 1.65;
+  margin-bottom: 12px;
+}
+
+.agent-info {
+  background: var(--input-bg);
+  border: 1px solid var(--input-border);
+  border-radius: 12px;
+  padding: 16px 20px;
+  margin-bottom: 20px;
+  font-size: 14px;
+  line-height: 1.6;
+}
+
+.agent-info .label {
+  font-size: 12px;
+  color: var(--text-muted);
+  text-transform: uppercase;
+  letter-spacing: 0.5px;
+  margin-bottom: 4px;
+}
+
+.agent-info .value {
+  font-weight: 600;
+  color: var(--text);
+}
+
+.status {
+  font-size: 14px;
+  padding: 12px 16px;
+  border-radius: 10px;
+  display: none;
+  text-align: center;
+}
+
+.status.show { display: block; }
+.status.loading { background: #E8EEFF; color: var(--accent); }
+.status.error { background: #FFF0F0; color: #D32F2F; }
+.status.success { background: #F0FFF4; color: #2E7D32; }
+
+footer {
+  position: fixed;
+  bottom: 30px;
+  left: 0;
+  right: 0;
+  text-align: center;
+  font-size: 12px;
+  color: #b0aaa4;
+  line-height: 1.6;
+}
+</style>
+</head>
+<body>
+
+<div class="header">
+  <a id="navIcon" href="/demo/"></a>
+</div>
+
+<div class="container">
+  <h1>Agent Access</h1>
+  <p class="subtitle">You can't do Face ID. Your human can.</p>
+
+  <div id="agentInfo" style="display:none;">
+    <div class="agent-info">
+      <div class="label">Agent</div>
+      <div class="value" id="agentName"></div>
+    </div>
+    <div class="agent-info">
+      <div class="label">Passphrase</div>
+      <div class="value" id="agentMessage"></div>
+    </div>
+  </div>
+
+  <div id="linkSection" style="display:none;">
+    <div id="qrSection" style="text-align:center;margin-bottom:24px;"></div>
+    <p class="note">Send this link to your human. This is the link they open, not this page.</p>
+    <div class="link-box" id="approveUrl"></div>
+    <p class="note">Your human opens this link, sees your name and passphrase, and authorizes with Face ID. Expires in 5 minutes.</p>
+    <div class="status" id="status"></div>
+  </div>
+
+  <div id="loadingSection" style="display:none;">
+    <p class="note">Generating authorization link...</p>
+  </div>
+
+  <div id="missingParams">
+    <p class="note">If you are an AI agent, read the instructions at:<br><a href="/demo/agent.txt" style="color:var(--accent);">https://wip.computer/demo/agent.txt</a></p>
+    <p class="note" style="margin-bottom:12px;">If you are a human, send your agent this prompt:</p>
+    <div style="position:relative;background:var(--input-bg);border:1px solid var(--input-border);border-radius:12px;padding:16px 48px 16px 16px;font-size:14px;line-height:1.5;color:var(--text);">
+      <span id="promptText">Read https://wip.computer/demo/agent.txt and follow the instructions to authenticate with Kaleidoscope.</span>
+      <button onclick="copyPrompt()" id="copyBtn" title="Copy" style="position:absolute;top:12px;right:12px;background:none;border:none;padding:6px;cursor:pointer;color:var(--text-muted);opacity:0.5;transition:opacity 0.15s;-webkit-tap-highlight-color:transparent;"><svg width="20" height="20" viewBox="0 0 16 16" fill="none" stroke="currentColor" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"><rect x="5.5" y="5.5" width="8" height="8" rx="1.5"/><path d="M10.5 5.5V3.5C10.5 2.67 9.83 2 9 2H3.5C2.67 2 2 2.67 2 3.5V9C2 9.83 2.67 10.5 3.5 10.5H5.5"/></svg></button>
+    </div>
+  </div>
+
+  <div id="errorSection" style="display:none;">
+    <div class="status show error" id="errorMsg"></div>
+  </div>
+</div>
+
+<div id="kscope-footer" style="position:fixed;bottom:30px;left:0;right:0;text-align:center;"></div>
+<script src="/demo/footer.js"></script>
+
+<script>
+function copyPrompt() {
+  var text = document.getElementById('promptText').textContent;
+  navigator.clipboard.writeText(text);
+  var btn = document.getElementById('copyBtn');
+  btn.style.opacity = '1';
+  setTimeout(function() { btn.style.opacity = '0.5'; }, 200);
+}
+// ── Sprite icon ──
+var SPRITE_COLS = 8, SPRITE_ROWS = 3, SPRITE_TOTAL = 24;
+var navIdx = Math.floor(Math.random() * SPRITE_TOTAL);
+function updateNavIcon() {
+  var el = document.getElementById('navIcon');
+  if (!el) return;
+  var col = navIdx % SPRITE_COLS;
+  var row = Math.floor(navIdx / SPRITE_COLS);
+  var bgPosX = (col / (SPRITE_COLS - 1)) * 100;
+  var bgPosY = (row / (SPRITE_ROWS - 1)) * 100;
+  el.innerHTML = '<div style="width:28px;height:28px;overflow:hidden;"><div style="width:100%;height:100%;background:url(/demo/sprites.png);background-size:' + (SPRITE_COLS * 100) + '% ' + (SPRITE_ROWS * 100) + '%;background-position:' + bgPosX + '% ' + bgPosY + '%;"></div></div>';
+  navIdx = (navIdx + 1) % SPRITE_TOTAL;
+}
+updateNavIcon();
+setInterval(updateNavIcon, 6000);
+
+// ── Read query params ──
+var params = new URLSearchParams(window.location.search);
+var agentName = params.get('agent') || '';
+var agentMessage = params.get('message') || '';
+
+
+if (agentName) {
+  document.getElementById('agentName').textContent = agentName;
+  document.getElementById('agentMessage').textContent = agentMessage || '(none provided)';
+  document.getElementById('agentInfo').style.display = 'block';
+  document.getElementById('missingParams').style.display = 'none';
+  document.getElementById('loadingSection').style.display = 'block';
+}
+
+// ── Agent auth flow ──
+var challengeId = null;
+var pollTimer = null;
+
+function setStatus(msg, type) {
+  var el = document.getElementById('status');
+  el.textContent = msg;
+  el.className = 'status show ' + type;
+}
+
+async function startAgentAuth() {
+  try {
+    var authUrl = '/demo/api/agent-auth';
+    if (agentName) authUrl += '?agent=' + encodeURIComponent(agentName) + '&message=' + encodeURIComponent(agentMessage);
+    var res = await fetch(authUrl);
+    var data = await res.json();
+    if (!data.challengeId) throw new Error('Failed to generate challenge');
+
+    challengeId = data.challengeId;
+    var approveUrl = 'https://wip.computer/approve?c=' + challengeId;
+
+    var urlEl = document.getElementById('approveUrl');
+    urlEl.innerHTML = '<a href="' + approveUrl + '" style="color:#0033FF;text-decoration:none;word-break:break-all;">' + approveUrl + '</a>';
+    document.getElementById('loadingSection').style.display = 'none';
+    document.getElementById('linkSection').style.display = 'block';
+    setStatus('Waiting for authorization...', 'loading');
+
+    pollTimer = setInterval(pollStatus, 2000);
+
+    setTimeout(function() {
+      if (pollTimer) {
+        clearInterval(pollTimer);
+        pollTimer = null;
+        document.getElementById('linkSection').style.display = 'none';
+        document.getElementById('errorSection').style.display = 'block';
+        document.getElementById('errorMsg').textContent = 'Link expired. Refresh to generate a new one.';
+      }
+    }, 5 * 60 * 1000);
+
+  } catch (err) {
+    document.getElementById('loadingSection').style.display = 'none';
+    document.getElementById('errorSection').style.display = 'block';
+    document.getElementById('errorMsg').textContent = 'Error: ' + err.message;
+  }
+}
+
+async function pollStatus() {
+  if (!challengeId) return;
+  try {
+    var res = await fetch('/demo/api/agent-auth/status?c=' + challengeId);
+    var data = await res.json();
+    if (data.status === 'approved') {
+      clearInterval(pollTimer);
+      pollTimer = null;
+      sessionStorage.setItem('lesa-token', data.token);
+      sessionStorage.setItem('lesa-agent', data.agentId);
+      setStatus('Authorized. Entering Kaleidoscope...', 'success');
+      setTimeout(function() {
+        window.location.href = '/demo/';
+      }, 800);
+    }
+  } catch (e) {}
+}
+
+if (agentName) startAgentAuth();
+</script>
+</body>
+</html>

package/src/hosted-mcp/demo/agent.txt

@@ -0,0 +1,84 @@
+---
+name: kaleidoscope-agent-auth
+description: >
+  Agent authentication for Kaleidoscope. Like x402 but for login.
+  Agent sends a URL, human Sapien IDs, agent gets a token.
+license: MIT
+metadata:
+  display-name: "Kaleidoscope Agent Access"
+  homepage: "https://wip.computer/demo/"
+  author: "WIP Computer, Inc."
+  category: authentication
+---
+
+# Kaleidoscope Agent Access
+
+You need your human to let you in with Sapien ID.
+
+Pick a passphrase from your shared history. Your human sees it on the approval screen and knows it's really you.
+
+## If you can make HTTP requests (preferred)
+
+Fetch this URL:
+
+https://wip.computer/demo/api/agent-auth?agent=YOURNAME&message=PASSPHRASE
+
+Response: {"challengeId":"...", "approveUrl":"https://wip.computer/approve?c=..."}
+
+Send the approveUrl to your human. They open it and Sapien ID.
+
+Then poll for your token:
+
+https://wip.computer/demo/api/agent-auth/status?c=CHALLENGEID
+
+When approved: {"status":"approved", "token":"ck-...", "agentId":"..."}
+
+You get the token automatically. No need for the human to send it back.
+
+## If you cannot make HTTP requests
+
+Send your human this URL (replace YOURNAME and PASSPHRASE):
+
+https://wip.computer/approve?agent=YOURNAME&message=PASSPHRASE
+
+Your human opens it, Sapien IDs, and the page shows a token. They send the token back to you.
+
+## After auth
+
+Use the token as a header: Authorization: Bearer TOKEN
+
+### Check your wallet
+
+GET https://wip.computer/demo/api/wallet
+Authorization: Bearer TOKEN
+
+Response: {"balance":"$4.97","cost":"$0.01"}
+
+### Generate an image
+
+POST https://wip.computer/demo/api/imagine
+Authorization: Bearer TOKEN
+Content-Type: application/json
+
+{"prompt":"kaleidoscope of pirate flags and circuit boards, glowing gold, shot on expired 35mm film"}
+
+Response: {"url":"...","cost":"$0.01","balance":"$4.96"}
+
+The image costs $0.01 from your wallet. Your human already authorized this when they Sapien ID'd.
+
+### The full loop
+
+1. You read agent.txt
+2. You sent your human an approval URL with your passphrase
+3. They Sapien ID'd and sent you a token
+4. You checked your wallet
+5. You generated an image
+6. Balance updated
+
+Agent auth -> human approval -> wallet -> spend -> receipt. That's Kaleidoscope.
+
+### MCP
+
+POST https://wip.computer/mcp (OAuth 2.0 with PKCE, see /.well-known/oauth-authorization-server)
+
+One URL. One Sapien ID. One token.

package/src/hosted-mcp/demo/footer.js

@@ -0,0 +1,16 @@
+// Shared footer for all Kaleidoscope pages
+// Include with: <script src="/demo/footer.js"></script>
+(function() {
+  var footer = document.createElement('div');
+  footer.innerHTML = '<p style="color:#8a8580;font-size:15px;margin:0;">WIP Computer, Inc.</p>'
+    + '<p style="color:#a8a4a0;font-size:14px;margin:4px 0 0;">Learning Dreaming Machines</p>'
+    + '<p style="color:#a8a4a0;font-size:13px;margin:6px 0 0;">'
+    + '<a href="/demo/agent.txt" style="color:#a8a4a0;text-decoration:none;">Are you an AI Agent?</a> | '
+    + '<a href="/demo/privacy.html" style="color:#a8a4a0;text-decoration:none;">Privacy Policy</a> | '
+    + '<a href="/demo/tos.html" style="color:#a8a4a0;text-decoration:none;">Terms of Use</a></p>'
+    + '<p style="color:#b0aaa4;font-size:12px;margin:4px 0 0;">Made in California.</p>';
+  var target = document.getElementById('kscope-footer');
+  if (target) {
+    target.innerHTML = footer.innerHTML;
+  }
+})();