claudeck 1.2.0 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (42) hide show
  1. package/README.md +64 -5
  2. package/cli.js +53 -4
  3. package/package.json +3 -2
  4. package/public/css/core/responsive.css +2 -2
  5. package/public/css/ui/file-picker.css +243 -17
  6. package/public/css/ui/messages.css +72 -9
  7. package/public/css/ui/toolbox.css +43 -0
  8. package/public/index.html +80 -745
  9. package/public/js/components/add-project-modal.js +27 -0
  10. package/public/js/components/agent-modal.js +73 -0
  11. package/public/js/components/agent-monitor-modal.js +19 -0
  12. package/public/js/components/bg-confirm-modal.js +22 -0
  13. package/public/js/components/chain-modal.js +52 -0
  14. package/public/js/components/cost-dashboard-modal.js +39 -0
  15. package/public/js/components/dag-editor-modal.js +55 -0
  16. package/public/js/components/file-picker-modal.js +45 -0
  17. package/public/js/components/linear-create-modal.js +43 -0
  18. package/public/js/components/mcp-modal.js +58 -0
  19. package/public/js/components/orchestrate-modal.js +40 -0
  20. package/public/js/components/permission-modal.js +30 -0
  21. package/public/js/components/prompt-modal.js +31 -0
  22. package/public/js/components/shortcuts-modal.js +45 -0
  23. package/public/js/components/status-bar.js +97 -0
  24. package/public/js/components/system-prompt-modal.js +29 -0
  25. package/public/js/components/telegram-modal.js +84 -0
  26. package/public/js/components/welcome-overlay.js +60 -0
  27. package/public/js/components/workflow-modal.js +41 -0
  28. package/public/js/core/api.js +10 -0
  29. package/public/js/core/dom.js +3 -2
  30. package/public/js/core/ws.js +7 -1
  31. package/public/js/features/attachments.js +226 -23
  32. package/public/js/features/projects.js +7 -0
  33. package/public/js/main.js +22 -0
  34. package/public/js/ui/shortcuts.js +4 -8
  35. package/public/login.html +470 -0
  36. package/public/offline.html +300 -168
  37. package/public/sw.js +10 -2
  38. package/server/agent-loop.js +1 -0
  39. package/server/auth.js +141 -0
  40. package/server/orchestrator.js +1 -0
  41. package/server/ws-handler.js +2 -0
  42. package/server.js +14 -3
package/server/orchestrator.js CHANGED
@@ -158,6 +158,7 @@ export async function runOrchestrator({
158
158
  abortController,
159
159
  maxTurns: 3, // Planner should just think, not use many tools
160
160
  executable: execPath,
161
+ settingSources: ["user", "project", "local"],
161
162
  };
162
163
 
163
164
  if (!useBypass && !usePlan) {
package/server/ws-handler.js CHANGED
@@ -421,6 +421,7 @@ export async function handleWorkflow(msg, { ws, sessionIds, activeQueries, pendi
421
421
  abortController,
422
422
  maxTurns: 30,
423
423
  executable: execPath,
424
+ settingSources: ["user", "project", "local"],
424
425
  };
425
426
 
426
427
  if (!useBypass && !usePlan) {
@@ -730,6 +731,7 @@ export async function handleChat(msg, { ws, sessionIds, activeQueries, pendingAp
730
731
  abortController,
731
732
  executable: execPath,
732
733
  stderr: (text) => stderrChunks.push(text),
734
+ settingSources: ["user", "project", "local"],
733
735
  };
734
736
  if (effectiveMaxTurns) opts.maxTurns = effectiveMaxTurns;
735
737
 
package/server.js CHANGED
@@ -34,17 +34,28 @@ import worktreesRouter from "./server/routes/worktrees.js";
34
34
  import skillsRouter from "./server/routes/skills.js";
35
35
  import { setupWebSocket } from "./server/ws-handler.js";
36
36
  import { setWss } from "./server/notification-logger.js";
37
+ import { authMiddleware, verifyWsClient, isAuthEnabled, getToken, loginHandler, statusHandler } from "./server/auth.js";
37
38
 
38
39
  const __filename = fileURLToPath(import.meta.url);
39
40
  const __dirname = dirname(__filename);
40
41
 
41
42
  const app = express();
42
43
  const server = createServer(app);
43
- const wss = new WebSocketServer({ server, path: "/ws" });
44
+ const wss = new WebSocketServer({ server, path: "/ws", verifyClient: verifyWsClient });
44
45
 
45
- app.use(express.static(join(__dirname, "public")));
46
+ // ── Middleware ordering: json → auth routes (unauthenticated) → auth middleware → static + API ──
46
47
  app.use(express.json());
47
48
 
49
+ // Auth endpoints (always accessible)
50
+ app.post("/api/auth/login", loginHandler);
51
+ app.get("/api/auth/status", statusHandler);
52
+ app.get("/login", (_req, res) => res.sendFile(join(__dirname, "public", "login.html")));
53
+
54
+ // Auth middleware — everything below is protected when auth is enabled
55
+ app.use(authMiddleware);
56
+
57
+ app.use(express.static(join(__dirname, "public")));
58
+
48
59
  // ── Web Push (VAPID) setup ──────────────────────────────────
49
60
  {
50
61
  let vapidPublic = process.env.VAPID_PUBLIC_KEY;
@@ -198,7 +209,7 @@ mountPluginRoutes(app, fullStackPluginsDir).then(() => {
198
209
  \x1b[1m\x1b[32m➜\x1b[0m \x1b[1mReady:\x1b[0m ${url}
199
210
  \x1b[2m➜ Port:\x1b[0m ${PORT}
200
211
  \x1b[2m➜ Data:\x1b[0m ~/.claudeck/
201
- `);
212
+ ${isAuthEnabled() ? ` \x1b[2m➜ Auth:\x1b[0m \x1b[33menabled\x1b[0m\n \x1b[2m➜ Token:\x1b[0m ${getToken()}\n` : ''}`);
202
213
  });
203
214
  });
204
215