claude-rpc 0.17.0 → 0.17.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-rpc",
-  "version": "0.17.0",
+  "version": "0.17.2",
   "description": "Discord Rich Presence for Claude Code — live model, project, tokens, and lifetime stats driven by Claude Code's hook system.",
   "type": "module",
   "license": "MIT",

package/src/daemon.js

@@ -3,7 +3,7 @@ import { writeFileSync, readFileSync, existsSync, unlinkSync, watch, appendFileS
 import { basename, dirname } from 'node:path';
 import { Client } from './discord-ipc.js';
 import { readState, sweepStaleStateTmp } from './state.js';
-import { makeRotationCursor, pickFrames, selectFrame, resolveLargeImageKey } from './presence.js';
+import { makeRotationCursor, pickFrames, selectFrame, resolveLargeImageKey, shouldShowGithubButton } from './presence.js';
 import { buildVars, fillTemplate, framePasses, applyIdle, applyShipped, applyTrigger } from './format.js';
 import { scan, readAggregate, findLiveSessions, readSessionTokens } from './scanner.js';
 import { detectGithubUrl } from './git.js';
@@ -238,12 +238,12 @@ function buildActivity(opts = {}) {
   if (typeof config.activityType === 'number') activity.type = config.activityType;
 
   // Buttons: static configured set, optionally augmented with a per-project
-  // GitHub button when the current cwd has a github origin. Privacy mode
-  // suppresses the GitHub button entirely (else clicking it leaks the
-  // project name we're trying to hide).
-  const isPrivacyConstrained = state._privacy && state._privacy.visibility !== 'public';
+  // GitHub button when the current cwd has a github origin. Suppressed under any
+  // non-public privacy verdict (else the link leaks the project we're hiding),
+  // while stale, and when presence.githubButton is set to false (the explicit
+  // off switch — works even without the gh CLI that private-repo detection needs).
   const buttons = Array.isArray(p.buttons) ? p.buttons.slice() : [];
-  const gh = (!isPrivacyConstrained && state.status !== 'stale') ? detectGithubUrl(state.cwd) : null;
+  const gh = shouldShowGithubButton(p, state) ? detectGithubUrl(state.cwd) : null;
   if (gh && !buttons.some((b) => /github\.com/i.test(b.url || ''))) {
     buttons.unshift({ label: 'View on GitHub →', url: gh });
   }

package/src/default-config.js

@@ -204,6 +204,12 @@ export const DEFAULT_CONFIG = {
       },
     },
 
+    // Auto-prepend a "View on GitHub →" button when the cwd is a github repo.
+    // Set false to never show it — the privacy-safe off switch for machines
+    // without the `gh` CLI, where private repos can't be auto-detected and would
+    // otherwise have their link appear on the card.
+    githubButton: true,
+
     buttons: [
       // The card others see in Discord is the project's main distribution
       // surface — make the button a real call-to-action, not a bare repo link.

package/src/doctor.js

@@ -15,7 +15,8 @@ import {
   CLAUDE_HOME, CLAUDE_PROJECTS, CLAUDE_SETTINGS,
 } from './paths.js';
 import { findLiveSessions } from './scanner.js';
-import { resolveVisibility, listPrivateCwds } from './privacy.js';
+import { detectGithubUrl } from './git.js';
+import { resolveVisibility, listPrivateCwds, detectGithubPrivate } from './privacy.js';
 import { readClaudeCredentials, readUsageCache } from './usage.js';
 import { c, check as uiCheck } from './ui.js';
 
@@ -330,6 +331,18 @@ function checkPrivacy(cfg) {
     } else {
       check('private-list entries', 'pass', 'none');
     }
+    // Private-repo guard. The "View on GitHub →" button URL is read from
+    // .git/config (no gh needed), but auto-hiding a PRIVATE repo needs the gh
+    // CLI. On a github repo here where the button would show (public verdict,
+    // button enabled) and gh can't answer, a private repo's link could leak.
+    const ghUrl = detectGithubUrl(cwd);
+    if (ghUrl && visibility === 'public' && cfg?.presence?.githubButton !== false
+        && cfg?.privacy?.autoDetectGithubPrivate !== false
+        && detectGithubPrivate(cwd) === null) {
+      check('private-repo guard', 'warn',
+        'gh CLI unavailable — a private repo here can\'t be auto-detected, so its GitHub link may appear on the card',
+        'run `gh auth login`, set presence.githubButton:false, or `claude-rpc private` in private repos');
+    }
   } catch (e) {
     check('privacy check', 'warn', `lookup failed: ${e.message}`);
   }

package/src/format.js

@@ -448,11 +448,16 @@ export function buildVars(state, config, aggregate) {
   const usageWeeklyPct = usage?.weeklyPct ?? '';
   let usageStateLabel = '';
   if (usage) {
+    // The usage rotation frame's DETAILS line already shows "{usageWeeklyPct}%
+    // weekly", so this state line must NOT repeat weekly% — it complements with
+    // session% + reset day. (A weekly-only fallback lives below so the line
+    // isn't empty when session% is absent and we'd otherwise show nothing.)
     const bits = [];
     if (usage.sessionPct != null) bits.push(`session ${usage.sessionPct}%`);
-    if (usage.weeklyPct != null) bits.push(`weekly ${usage.weeklyPct}%`);
     const day = fmtResetDay(usage.weeklyResetsAt);
     if (day) bits.push(`resets ${day}`);
+    // Only fall back to weekly% when the line would otherwise be empty.
+    if (!bits.length && usage.weeklyPct != null) bits.push(`weekly ${usage.weeklyPct}%`);
     usageStateLabel = bits.join(' · ');
   }
 

package/src/presence.js

@@ -55,6 +55,19 @@ export function selectFrame(rawFrames, vars, status, cursor, intervalMs, framePa
   return frames[cursor.index % frames.length] || {};
 }
 
+// Should the daemon auto-add a "View on GitHub →" button for this cwd? The
+// button URL is read from .git/config (no `gh` needed), but private-repo
+// detection DOES need the gh CLI — so on a machine without gh a private repo
+// can't be detected and its link would leak onto the card. This is the explicit
+// kill switch (`presence.githubButton: false`), independent of gh; it also stays
+// suppressed while stale or under any non-public privacy verdict.
+export function shouldShowGithubButton(p, state) {
+  if (p.githubButton === false) return false;
+  if (!state || state.status === 'stale') return false;
+  if (state._privacy && state._privacy.visibility !== 'public') return false;
+  return true;
+}
+
 // Large-image key precedence (returns the TEMPLATE string; the caller fills it):
 //   1. statusAssets[status]          per-status art ("working" gif, etc.)
 //   2. modelAssets[fable|opus|sonnet|haiku|default]   per-model art, never stale

package/src/privacy.js

@@ -178,7 +178,7 @@ export function listVisibility() {
 
 // ── GitHub-private detection (best-effort, gh CLI) ──────────────────────
 
-function detectGithubPrivate(cwd) {
+export function detectGithubPrivate(cwd) {
   if (!cwd) return null;
   const cached = ghPrivateCache.get(cwd);
   if (cached && Date.now() - cached.ts < TTL_MS) return cached.value;

package/src/version.js

@@ -11,7 +11,7 @@ import { readFileSync } from 'node:fs';
 import { join } from 'node:path';
 import { ROOT } from './paths.js';
 
-const BAKED = '0.17.0';
+const BAKED = '0.17.2';
 
 function readPkgVersion() {
   try {