@wipcomputer/wip-ldm-os 0.4.73-alpha.24 → 0.4.73-alpha.26

package/bin/ldm.js

@@ -2380,6 +2380,16 @@ async function cmdInstallCatalog() {
     ok('Boot hook updated (sessions, messages, updates now active)');
   }
 
+  // Deploy git pre-commit hook on every install (not just init)
+  const hooksDir = join(LDM_ROOT, 'hooks');
+  const preCommitDest = join(hooksDir, 'pre-commit');
+  const preCommitSrc = join(__dirname, '..', 'templates', 'hooks', 'pre-commit');
+  if (existsSync(preCommitSrc)) {
+    if (!existsSync(hooksDir)) mkdirSync(hooksDir, { recursive: true });
+    cpSync(preCommitSrc, preCommitDest);
+    chmodSync(preCommitDest, 0o755);
+  }
+
   console.log('');
   console.log(`  Updated ${updated}/${totalUpdates} extension(s).`);
   installLog(`ldm install complete: ${updated}/${totalUpdates} updated, ${healthFixes} health fix(es)`);
@@ -3865,6 +3875,145 @@ async function main() {
     process.exit(1);
   }
 
+  // ── ldm pair ────────────────────────────────────────────────────────
+  // Device pairing for Bridge Phase A.
+  // Links this machine to the user's Kaleidoscope account via passkey.
+  //
+  // Flow:
+  //   1. Generate a human-readable code (BLUE-FISH-4729)
+  //   2. POST the code to wip.computer/api/pair/request
+  //   3. User goes to wip.computer/pair on their phone, signs in with passkey, enters code
+  //   4. Poll GET /api/pair/status?code=X until approved or expired
+  //   5. Store the device token at ~/.ldm/auth/kaleidoscope.json
+  //
+  // The code is shown in the terminal. The user navigates to the pairing
+  // page themselves (CC does NOT open a URL, to prevent phishing).
+  // The code expires after 120 seconds.
+
+  async function cmdPair() {
+    const PAIR_API = process.env.LDM_PAIR_API || 'https://wip.computer';
+    const AUTH_DIR = join(LDM_ROOT, 'auth');
+    const TOKEN_PATH = join(AUTH_DIR, 'kaleidoscope.json');
+
+    // Check if already paired
+    if (existsSync(TOKEN_PATH)) {
+      try {
+        const existing = JSON.parse(readFileSync(TOKEN_PATH, 'utf8'));
+        if (existing.token) {
+          console.log('');
+          console.log(`  Already paired as ${existing.userName || 'unknown'}`);
+          console.log(`  Paired: ${existing.pairedAt || 'unknown'}`);
+          console.log(`  Token: ${existing.token.slice(0, 8)}...`);
+          console.log('');
+          console.log('  To re-pair, delete ~/.ldm/auth/kaleidoscope.json and run ldm pair again.');
+          console.log('');
+          return;
+        }
+      } catch {}
+    }
+
+    // Generate code
+    const words = [
+      'BLUE', 'RED', 'GREEN', 'GOLD', 'GRAY', 'PINK', 'DARK', 'WARM', 'COLD', 'WILD',
+      'FISH', 'BIRD', 'WOLF', 'BEAR', 'DEER', 'HAWK', 'FROG', 'LYNX', 'DOVE', 'CROW',
+    ];
+    const w1 = words[Math.floor(Math.random() * 10)];
+    const w2 = words[10 + Math.floor(Math.random() * 10)];
+    const num = String(Math.floor(1000 + Math.random() * 9000));
+    const code = `${w1}-${w2}-${num}`;
+
+    // Detect device name
+    const { hostname } = await import('node:os');
+    const deviceName = hostname() || 'unknown';
+
+    // Read agent ID from config
+    let agentId = 'cc-mini';
+    try {
+      const config = JSON.parse(readFileSync(join(LDM_ROOT, 'config.json'), 'utf8'));
+      const agents = config.agents || {};
+      for (const [id, agent] of Object.entries(agents)) {
+        if (agent.harness === 'claude-code') { agentId = id; break; }
+      }
+    } catch {}
+
+    console.log('');
+    console.log('  Pairing code:');
+    console.log('');
+    console.log(`    ${code}`);
+    console.log('');
+    console.log('  Go to wip.computer/pair on your phone.');
+    console.log('  Sign in with your passkey. Enter the code.');
+    console.log('');
+    console.log('  Waiting for approval...');
+
+    // Register the code with the server
+    try {
+      const registerRes = await fetch(`${PAIR_API}/api/pair/request`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ code, deviceName, agentId }),
+      });
+      if (!registerRes.ok) {
+        const err = await registerRes.text();
+        console.error(`  x Failed to register pairing code: ${err}`);
+        process.exit(1);
+      }
+    } catch (err) {
+      console.error(`  x Cannot reach ${PAIR_API}: ${err.message}`);
+      console.error('  Make sure the server is running.');
+      process.exit(1);
+    }
+
+    // Poll for approval (every 2 seconds, up to 120 seconds)
+    const maxAttempts = 60;
+    for (let i = 0; i < maxAttempts; i++) {
+      await new Promise(r => setTimeout(r, 2000));
+
+      try {
+        const statusRes = await fetch(`${PAIR_API}/api/pair/status?code=${encodeURIComponent(code)}`);
+        const data = await statusRes.json();
+
+        if (data.status === 'approved' && data.token) {
+          // Store token
+          mkdirSync(AUTH_DIR, { recursive: true });
+          writeFileSync(TOKEN_PATH, JSON.stringify({
+            token: data.token,
+            userId: data.userId,
+            userName: data.userName,
+            deviceName,
+            agentId,
+            pairedAt: new Date().toISOString(),
+            server: PAIR_API,
+          }, null, 2) + '\n');
+
+          console.log('');
+          console.log(`  ✓ Paired as ${data.userName || 'User'} (${deviceName} / ${agentId})`);
+          console.log(`  Token stored at ~/.ldm/auth/kaleidoscope.json`);
+          console.log('');
+          return;
+        }
+
+        if (statusRes.status === 404 || statusRes.status === 410) {
+          console.error('');
+          console.error('  x Code expired. Run ldm pair again.');
+          console.error('');
+          process.exit(1);
+        }
+
+        // Still pending. Keep polling.
+        process.stdout.write('.');
+      } catch {
+        // Network error. Keep trying.
+        process.stdout.write('x');
+      }
+    }
+
+    console.error('');
+    console.error('  x Timed out waiting for approval. Run ldm pair again.');
+    console.error('');
+    process.exit(1);
+  }
+
   if (command === '--version' || command === '-v') {
     console.log(PKG_VERSION);
     process.exit(0);
@@ -3917,6 +4066,9 @@ async function main() {
     case 'backup':
       await cmdBackup();
       break;
+    case 'pair':
+      await cmdPair();
+      break;
     default:
       console.error(`  Unknown command: ${command}`);
       console.error(`  Run: ldm --help`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ldm-os",
-  "version": "0.4.73-alpha.24",
+  "version": "0.4.73-alpha.26",
   "type": "module",
   "description": "LDM OS: identity, memory, and sovereignty infrastructure for AI agents",
   "engines": {

package/src/hosted-mcp/.env.example

@@ -0,0 +1,3 @@
+# Kaleidoscope server environment
+# Copy to .env and fill in values. Never commit .env itself.
+DATABASE_URL=postgresql://kaleidoscope:YOUR_PASSWORD@localhost:5432/kaleidoscope

package/src/hosted-mcp/demo/footer.js

@@ -1,16 +1,74 @@
 // Shared footer for all Kaleidoscope pages
-// Include with: <script src="/demo/footer.js"></script>
+// Include with: <div id="kscope-footer"></div><script src="/demo/footer.js"></script>
 (function() {
-  var footer = document.createElement('div');
-  footer.innerHTML = '<p style="color:#8a8580;font-size:15px;margin:0;">WIP Computer, Inc.</p>'
-    + '<p style="color:#a8a4a0;font-size:14px;margin:4px 0 0;">Learning Dreaming Machines</p>'
-    + '<p style="color:#a8a4a0;font-size:13px;margin:6px 0 0;">'
-    + '<a href="/demo/agent.txt" style="color:#a8a4a0;text-decoration:none;">Are you an AI Agent?</a> | '
-    + '<a href="/demo/privacy.html" style="color:#a8a4a0;text-decoration:none;">Privacy Policy</a> | '
-    + '<a href="/demo/tos.html" style="color:#a8a4a0;text-decoration:none;">Terms of Use</a></p>'
-    + '<p style="color:#b0aaa4;font-size:12px;margin:4px 0 0;">Made in California.</p>';
-  var target = document.getElementById('kscope-footer');
-  if (target) {
-    target.innerHTML = footer.innerHTML;
+  var container = document.getElementById('kscope-footer');
+  if (!container) return;
+
+  var mobile = navigator.maxTouchPoints > 0 && window.innerWidth < 768;
+
+  // Desktop: fixed at bottom. Mobile: in page flow (below fold).
+  if (mobile) {
+    container.style.cssText = 'background:#FFFDF5;padding:16px 0;';
+  } else {
+    container.style.cssText = 'position:fixed;bottom:0;left:0;right:0;background:#FFFDF5;padding:16px 0;';
   }
+
+  var inner = document.createElement('div');
+  inner.style.cssText = 'max-width:980px;margin:0 auto;padding:0 24px;border-top:1px solid rgba(0,0,0,0.06);padding-top:16px;text-align:left;font-size:13px;color:#a8a4a0;line-height:1.6;';
+
+  // On mobile, copyright and links on separate lines (like Apple)
+  if (mobile) {
+    inner.innerHTML = '<p style="margin:0;">WIP Computer, Inc.</p>'
+      + '<p style="margin:2px 0 0;">Learning Dreaming Machines</p>'
+      + '<p style="margin:8px 0 0;">Copyright &copy; 2026 WIP Computer, Inc. All rights reserved.</p>'
+      + '<p style="margin:4px 0 0;">'
+      + '<a href="/legal/privacy/en-ww/" style="color:#a8a4a0;text-decoration:none;">Privacy Policy</a> &nbsp;|&nbsp; '
+      + '<a href="/legal/internet-services/terms/site.html" style="color:#a8a4a0;text-decoration:none;">Terms of Use</a></p>'
+      + '<p style="margin:4px 0 0;">'
+      + '<a href="/agent.txt" style="color:#a8a4a0;text-decoration:none;">Are you an AI Agent?</a></p>'
+      + '<p style="margin:4px 0 0;">Made in California.</p>';
+  } else {
+    inner.innerHTML = '<p style="margin:0;">WIP Computer, Inc.</p>'
+      + '<p style="margin:2px 0 0;">Learning Dreaming Machines</p>'
+      + '<p style="margin:8px 0 0;">Copyright &copy; 2026 WIP Computer, Inc. All rights reserved. &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;'
+      + '<a href="/legal/privacy/en-ww/" style="color:#a8a4a0;text-decoration:none;">Privacy Policy</a> &nbsp;|&nbsp; '
+      + '<a href="/legal/internet-services/terms/site.html" style="color:#a8a4a0;text-decoration:none;">Terms of Use</a></p>'
+      + '<p style="margin:4px 0 0;">'
+      + '<a href="/agent.txt" style="color:#a8a4a0;text-decoration:none;">Are you an AI Agent?</a> &nbsp;|&nbsp; '
+      + '<a id="localPasskeysToggle" onclick="toggleLocalPasskeys()" style="color:#a8a4a0;text-decoration:none;cursor:pointer;display:inline-flex;align-items:center;gap:4px;vertical-align:middle;">'
+      + '<span id="passkeys-dot" style="display:inline-block;width:8px;height:8px;border-radius:50%;"></span> '
+      + '<span id="passkeys-label">Local passkeys off</span></a></p>'
+      + '<p style="margin:4px 0 0;">Made in California.</p>';
+  }
+
+  container.appendChild(inner);
+
+  // Local passkeys toggle
+  if (!window.isLocalPasskeysOn) {
+    window.isLocalPasskeysOn = function() { return localStorage.getItem('localPasskeys') === 'on'; };
+  }
+  if (!window.toggleLocalPasskeys) {
+    window.toggleLocalPasskeys = function() {
+      var on = isLocalPasskeysOn();
+      localStorage.setItem('localPasskeys', on ? 'off' : 'on');
+      updatePasskeysDot();
+    };
+  }
+  if (!window.updatePasskeysDot) {
+    window.updatePasskeysDot = function() {
+      var dot = document.getElementById('passkeys-dot');
+      var label = document.getElementById('passkeys-label');
+      if (!dot) return;
+      if (isLocalPasskeysOn()) {
+        dot.style.background = '#2E7D32';
+        dot.style.opacity = '1';
+        if (label) label.textContent = 'Local passkeys on';
+      } else {
+        dot.style.background = '#D32F2F';
+        dot.style.opacity = '0.4';
+        if (label) label.textContent = 'Local passkeys off';
+      }
+    };
+  }
+  updatePasskeysDot();
 })();

package/src/hosted-mcp/demo/index.html

@@ -68,7 +68,10 @@ html, body {
   color: var(--text);
   -webkit-text-size-adjust: 100%;
   -webkit-font-smoothing: antialiased;
-  overflow: hidden;
+}
+
+@media (min-width: 768px) {
+  html, body { overflow: hidden; }
 }
 
 /* ── Login Page ── */
@@ -78,8 +81,8 @@ html, body {
   flex-direction: column;
   align-items: center;
   justify-content: center;
-  height: 100vh;
-  height: 100dvh;
+  min-height: 100vh;
+  min-height: 100dvh;
   padding: 24px;
   padding-top: calc(24px + env(safe-area-inset-top, 0px));
   overflow-y: auto;
@@ -553,19 +556,20 @@ html, body {
     
     
     <div class="login-buttons">
-      <button class="btn btn-primary" id="createBtn" onclick="doCreateAccount()">Look Inside</button>
+      <button class="btn btn-primary" id="createBtn" onclick="doCreateAccount()">Enter the Kaleidoscope</button>
     </div>
-    <div style="margin-top:12px;">
-      <input type="text" id="handleInput" name="kaleidoscope-handle" placeholder="What does Lēsa call you? (optional)" autocapitalize="none" autocorrect="off" autocomplete="off" spellcheck="false" data-1p-ignore="true" data-lpignore="true" onfocus="setTimeout(function(){document.getElementById('handleInput').scrollIntoView({behavior:'smooth',block:'center'})},300)" style="width:100%;padding:16px 18px;border:1px solid #E0DDD6;border-radius:12px;font-size:18px;font-family:var(--font);background:#F5F3ED;color:#1a1a1a;outline:none;text-align:center;" />
+    <div id="handleInputWrap" style="margin-top:12px;">
+      <input type="text" id="handleInput" name="kaleidoscope-handle" placeholder="What should Lēsa call you? (optional)" autocapitalize="none" autocorrect="off" autocomplete="off" spellcheck="false" data-1p-ignore="true" data-lpignore="true" onfocus="setTimeout(function(){document.getElementById('handleInput').scrollIntoView({behavior:'smooth',block:'center'})},300)" style="width:100%;padding:16px 18px;border:1px solid #E0DDD6;border-radius:12px;font-size:18px;font-family:var(--font);background:#F5F3ED;color:#1a1a1a;outline:none;text-align:center;" />
     </div>
-    <div style="margin-top:20px;text-align:center;">
+    <p style="color:#b0aaa4;font-size:13px;font-style:italic;margin:16px 0 0;text-align:center;opacity:0.8;">Use your phone to securely create your account</p>
+    <div style="margin-top:12px;text-align:center;">
       <a id="signInBtn" onclick="doSignIn()" style="color:var(--accent);font-size:16px;cursor:pointer;text-decoration:none;">Already have an account? Sign in.</a>
     </div>
     <div class="login-status" id="loginStatus" style="position:absolute;left:0;right:0;margin-top:16px;text-align:center;"></div>
   </div>
-  <div id="kscope-footer" style="position:fixed;bottom:30px;left:0;right:0;text-align:center;"></div>
-  <script src="/demo/footer.js"></script>
 </div>
+<div id="kscope-footer"></div>
+<script src="/demo/footer.js"></script>
 
 <!-- ── CHAT PAGE ── -->
 <div class="chat-page" id="chatPage">
@@ -1229,6 +1233,14 @@ if (sessionStorage.getItem('lesa-token')) {
   showChat();
 }
 
+// If user has an account (created at /login), show sign-in mode
+if (localStorage.getItem('kscope-has-account') && !sessionStorage.getItem('lesa-token')) {
+  document.getElementById('createBtn').textContent = 'Enter the Kaleidoscope';
+  document.getElementById('createBtn').onclick = function() { doSignIn(); };
+  document.getElementById('handleInputWrap').style.display = 'none';
+  document.getElementById('signInBtn').parentElement.style.display = 'none';
+}
+
 // Handle send (not used in demo flow, but wired up)
 function handleSend() {
   var input = document.getElementById('chatInput');