clawborrator-cli 0.2.0 → 0.2.3

package/README.md

@@ -96,6 +96,15 @@ claw session prune --dry-run                   # find duplicate-routing-name row
 claw session delete @backend --hard            # permanent (cascades events / op-messages / shares)
 ```
 
+Managed-session control (works against sessions spawned by a desktop daemon):
+
+```bash
+claw session kill @backend                     # kill the CC process; keep the session row
+claw session restart @backend                  # kill + respawn; new pid, same session row
+claw session screenshot @backend               # one frame of the rendered terminal (vt100 → text)
+claw session input @backend "hello\r"          # type bytes into the PTY (escape sequences ok)
+```
+
 `<ref>` in any subcommand accepts the session UUID, the `@routingName`
 for sessions you own, or `@owner/routingName` for sessions shared with
 you.
@@ -166,7 +175,7 @@ reach other peers.
 Anyone can also call your agent over the
 [A2A protocol](https://a2a-protocol.org) at
 `/api/a2a/v1/agents/<owner>/<slug>` — see the
-[A2A bridge reference](https://next.clawborrator.com/demos/a2a-docs/).
+[A2A bridge reference](https://next.clawborrator.com/demos/a2a/#reference).
 
 ### Webhooks
 
@@ -187,6 +196,48 @@ Verification recipes for Node + Python and the full event catalog
 live at the
 [webhooks reference](https://next.clawborrator.com/demos/webhooks/).
 
+### App tokens (SPA OAuth shortcut)
+
+Browser SPAs authenticate via the SPA OAuth + PKCE flow and store
+their `cw_app_…` token in `localStorage`. For dev you usually don't
+want to walk the full OAuth round-trip every time — the CLI can mint
+an app token directly off your existing CLI session:
+
+```bash
+claw apps mint "my-spa"                        # mint a cw_app_… app token
+claw apps list                                 # list active app tokens
+claw apps list --all                           # include revoked
+claw apps revoke <id>                          # revoke (use --yes to skip the confirm)
+
+claw apps test-oauth                           # walk the SPA OAuth+PKCE flow end-to-end
+                                                # as a debug tool — mints a real app token
+                                                # via the redirect-callback path
+```
+
+`apps mint` is the dev shortcut; `apps test-oauth` is the real flow
+exercised end-to-end (useful when the redirect or the exchange step
+is misbehaving). Both produce identical tokens.
+
+### Desktop daemons
+
+If you (or operators you share with) are running the
+[`clawborrator-supervisor`](https://github.com/clawborrator/desktop_v1)
+desktop daemon, the hub knows about it and you can ask it to spawn
+managed CC sessions remotely:
+
+```bash
+claw desktop list                              # daemons registered for the current user
+claw desktop create-session <machineId> <folder>   # spawn CC on that machine in <folder>
+                                                #   --routing-name <name>     pin the routingName
+                                                #   --auto-enter / --no-auto-enter
+                                                #   --extra-flag <flag>       passed to claude (repeatable)
+```
+
+The daemon mints the channel token server-side, drops a `.mcp.json`
+into the folder, and spawns CC. Once it registers, it shows up in
+`claw session list` like any other session — and `claw session kill`
+/ `restart` / `screenshot` / `input` operate on it.
+
 ### Auth
 
 ```bash
@@ -274,13 +325,8 @@ peer.
 
 ## Where to look next
 
-- **Hub home & demos:** <https://next.clawborrator.com/>
-- **REST API (OpenAPI):** <https://next.clawborrator.com/api/http-docs>
-- **WebSocket (AsyncAPI):** <https://next.clawborrator.com/api/ws-docs>
-- **Webhook reference:** <https://next.clawborrator.com/demos/webhooks/>
-- **A2A bridge reference:** <https://next.clawborrator.com/demos/a2a-docs/>
+- **Hub home:** <https://next.clawborrator.com/>
 - **CLI source / issues:** <https://github.com/clawborrator/cli_v1>
-- **Hub source:** <https://github.com/clawborrator/hub_v1>
 
 The CLI is a thin shell over the hub's REST + WebSocket surface — anything
 `claw` does you can do directly from any HTTP client. Wire types live in

package/dist-bundled/claw.cjs

@@ -68551,6 +68551,20 @@ var sessionInfo = new Command("info").description("show metadata for a single se
   console.log(`started  : ${s.startedAt}`);
   console.log(`last seen: ${s.lastSeenAt}`);
   console.log(`status   : ${s.connected ? "connected" : "offline"}${s.archivedAt ? " \xB7 ARCHIVED" : ""}`);
+  if (s.managedBy?.machineId) {
+    const ver = s.managedBy.daemonVersion ? ` (daemon ${s.managedBy.daemonVersion})` : "";
+    console.log(`managed  : ${s.managedBy.machineId}${ver}`);
+    console.log(`autoStart: ${s.autoStart ? "ON" : "OFF"}`);
+    const ae = s.autoEnter === void 0 ? "?" : s.autoEnter ? "ON (auto)" : "OFF (manual)";
+    console.log(`autoEnter: ${ae}`);
+    const flags = s.extraFlags;
+    if (flags === void 0) console.log("flags    : ?");
+    else if (flags.length === 0) console.log("flags    : (none)");
+    else console.log(`flags    : ${flags.join(" ")}`);
+  }
+  if (s.agentHandle) {
+    console.log(`agent    : ${s.agentHandle}`);
+  }
 });
 function buildEventsQs(opts) {
   const qs = new URLSearchParams({ limit: opts.limit ?? "200" });
@@ -68676,7 +68690,7 @@ var sessionDelete = new Command("delete").description("hard-delete a single sess
     `/api/v1/sessions/${encodeURIComponent(id)}?hard=true`
   );
   const sweep = r.blobsSwept && r.blobsSwept > 0 ? ` \xB7 swept ${r.blobsSwept} blob${r.blobsSwept === 1 ? "" : "s"} (${r.bytesFreed ?? 0} bytes freed)` : "";
-  console.log(`\u2717 deleted ${r.sessionId} (events / op-messages / shares / files cascaded)${sweep}`);
+  console.log(`\u2717 deleted ${r.sessionId} (events / op-messages / shares / files / permission_requests / reply_chunks / any agent + agent_query_log cascaded)${sweep}`);
 });
 var sessionPrompt = new Command("prompt").description('send a one-shot prompt to a session\'s live Claude. Fire-and-forget \u2014 to find the eventual reply, run `claw session events <ref> --kind=chat --type=reply` (or `claw route <peer> "..."` for ask-mode that blocks for the answer). Use `--attach <fileId>` (repeatable) to attach files structurally \u2014 equivalent to inlining `fileId=N` tokens but cleaner; the receiving session sees the rewritten ids in its prompt text after forward-clone.').argument("<ref>", "session UUID or @routingName").argument("<text>", "prompt text \u2014 quote multi-word; may be empty if --attach is supplied").option("--attach <fileId>", "fileId to attach (repeatable). Each upload happens via POST /api/v1/sessions/<ref>/files first; this flag references an existing fileId.", (v, prev = []) => {
   const n = Number.parseInt(v, 10);
@@ -69353,7 +69367,7 @@ function fmtAgo4(iso) {
 
 // src/index.ts
 var program2 = new Command();
-program2.name("claw").description("clawborrator CLI \u2014 control your Claude Code sessions from the terminal").version("0.2.0");
+program2.name("claw").description("clawborrator CLI \u2014 control your Claude Code sessions from the terminal").version("0.2.1");
 program2.addCommand(loginCmd);
 program2.addCommand(logoutCmd);
 program2.addCommand(whoamiCmd);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawborrator-cli",
-  "version": "0.2.0",
+  "version": "0.2.3",
   "type": "module",
   "description": "claw — command-line client for clawborrator. Attach to remote Claude Code sessions, send prompts, resolve permission gates, route across sessions, manage public agents and webhooks. Auth via GitHub OAuth + PKCE.",
   "license": "MIT",