clawdex-mobile 5.0.6 → 5.0.7

package/README.md

@@ -38,7 +38,7 @@ npm install -g clawdex-mobile@latest
 clawdex init
 ```
 
-Then open the mobile app and connect using the printed bridge URL/token.
+Then open the mobile app and connect using the printed bridge URL/token or pairing QR.
 `clawdex init` now writes config, starts the bridge in the background, and returns you to the shell. Bridge logs go to `.bridge.log`.
 
 The npm package is bridge-only. It does not install Expo or the mobile source tree. On supported macOS, Linux, and Windows hosts it uses bundled bridge binaries, so normal startup does not compile Rust.

package/docs/setup-and-operations.md

@@ -28,7 +28,7 @@ After `clawdex init`, expected sequence:
 
 1. Secure config is written or reused
 2. The bridge starts in the background
-3. The wizard prints the bridge URL/token for manual mobile pairing
+3. The wizard prints the bridge URL, token, and pairing QR for mobile onboarding
 4. Bridge logs are written to `.bridge.log`
 
 Published npm releases bundle prebuilt bridge binaries for `darwin-arm64`, `darwin-x64`, `linux-x64`, `linux-arm64`, `linux-armv7l`, and `win32-x64`. On those hosts, normal bridge startup does not require a Rust compile.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clawdex-mobile",
-  "version": "5.0.6",
+  "version": "5.0.7",
   "description": "Private-network mobile bridge and CLI for Codex and OpenCode",
   "keywords": [
     "codex",

package/scripts/start-bridge-secure.js

@@ -59,6 +59,11 @@ function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
 
+function readNonEmptyEnv(env, key) {
+  const value = env[key];
+  return typeof value === "string" && value.trim() ? value.trim() : "";
+}
+
 function formatHostForUrl(host) {
   if (host.includes(":") && !host.startsWith("[")) {
     return `[${host}]`;
@@ -66,6 +71,27 @@ function formatHostForUrl(host) {
   return host;
 }
 
+function buildBridgeUrl(host, port) {
+  return `http://${formatHostForUrl(host)}:${port}`;
+}
+
+function shouldShowPairingQr(env) {
+  const raw = readNonEmptyEnv(env, "BRIDGE_SHOW_PAIRING_QR");
+  return raw ? raw.toLowerCase() !== "false" : true;
+}
+
+function printBridgeAccessDetails(env, endpoint) {
+  const bridgeUrl = buildBridgeUrl(endpoint.host, endpoint.port);
+  console.log(`Bridge URL: ${bridgeUrl}`);
+
+  const token = readNonEmptyEnv(env, "BRIDGE_AUTH_TOKEN");
+  if (token) {
+    console.log(`Bridge token: ${token}`);
+  }
+
+  return bridgeUrl;
+}
+
 function bridgePidFile(rootDir) {
   return path.join(rootDir, ".bridge.pid");
 }
@@ -317,8 +343,11 @@ async function spawnDetachedAndWait(command, args, options) {
     if (await probeHealth(healthUrl)) {
       console.log(`Bridge already running (pid ${existingPid}).`);
       console.log(`Logs: ${logPath}`);
-      console.log(`Bridge is healthy at http://${formatHostForUrl(host)}:${port}`);
-      printLatestPairingQr(logPath);
+      console.log("Bridge is healthy.");
+      printBridgeAccessDetails(env, { host, port });
+      if (shouldShowPairingQr(env)) {
+        printLatestPairingQr(logPath);
+      }
       return;
     }
   } else if (existingPid) {
@@ -362,9 +391,13 @@ async function spawnDetachedAndWait(command, args, options) {
 
   try {
     const endpoint = await waitForHealth(env, child.pid, healthTimeoutMs);
-    console.log(`Bridge is healthy at http://${formatHostForUrl(endpoint.host)}:${endpoint.port}`);
-    if (!(await waitForLatestPairingQr(logPath, logStartOffset))) {
-      console.log("Pairing QR not found in the new bridge startup log. Open logs if you need to inspect startup output.");
+    console.log("Bridge is healthy.");
+    printBridgeAccessDetails(env, endpoint);
+
+    if (shouldShowPairingQr(env) && !(await waitForLatestPairingQr(logPath, logStartOffset, 8000))) {
+      console.log(
+        "Pairing QR not found in the new bridge startup log. Bridge URL/token are above. Open logs if you need to inspect startup output."
+      );
     }
   } catch (error) {
     removePidFile(rootDir);

package/services/rust-bridge/Cargo.lock

@@ -149,7 +149,7 @@ dependencies = [
 
 [[package]]
 name = "codex-rust-bridge"
-version = "5.0.6"
+version = "5.0.7"
 dependencies = [
  "axum",
  "base64",

package/services/rust-bridge/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "codex-rust-bridge"
-version = "5.0.6"
+version = "5.0.7"
 edition = "2021"
 
 [dependencies]

package/services/rust-bridge/src/main.rs

@@ -2,7 +2,7 @@ use std::{
     collections::{HashMap, HashSet, VecDeque},
     env,
     hash::{Hash, Hasher},
-    io::SeekFrom,
+    io::{SeekFrom, Write},
     path::{Component, Path, PathBuf},
     process::Stdio,
     sync::{
@@ -5404,6 +5404,11 @@ fn build_token_only_pairing_payload(config: &BridgeConfig) -> Option<String> {
     )
 }
 
+fn flush_pairing_output() {
+    let _ = std::io::stdout().flush();
+    let _ = std::io::stderr().flush();
+}
+
 fn maybe_print_pairing_qr(config: &BridgeConfig) {
     if !config.show_pairing_qr {
         return;
@@ -5414,15 +5419,18 @@ fn maybe_print_pairing_qr(config: &BridgeConfig) {
         println!("Bridge pairing QR (scan from mobile onboarding):");
         if let Err(error) = qr2term::print_qr(payload.as_bytes()) {
             eprintln!("failed to render pairing QR: {error}");
+            flush_pairing_output();
             return;
         }
         println!("QR contains bridge URL + token for one-tap onboarding.");
         println!();
+        flush_pairing_output();
         return;
     }
 
     let Some(payload) = build_token_only_pairing_payload(config) else {
         eprintln!("bridge token QR skipped because BRIDGE_AUTH_TOKEN is not set");
+        flush_pairing_output();
         return;
     };
 
@@ -5430,6 +5438,7 @@ fn maybe_print_pairing_qr(config: &BridgeConfig) {
     println!("Bridge token QR fallback (scan from mobile onboarding):");
     if let Err(error) = qr2term::print_qr(payload.as_bytes()) {
         eprintln!("failed to render pairing QR: {error}");
+        flush_pairing_output();
         return;
     }
     println!(
@@ -5437,6 +5446,7 @@ fn maybe_print_pairing_qr(config: &BridgeConfig) {
         config.host
     );
     println!();
+    flush_pairing_output();
 }
 
 fn parse_bool_env(name: &str) -> bool {
@@ -9009,6 +9019,71 @@ mod tests {
         assert!(!constant_time_eq("secret-token", "secret-token-extra"));
     }
 
+    #[test]
+    fn build_pairing_payload_includes_url_and_token_for_connectable_host() {
+        let config = BridgeConfig {
+            host: "127.0.0.1".to_string(),
+            port: 8787,
+            workdir: PathBuf::from("/tmp/workdir"),
+            cli_bin: "codex".to_string(),
+            opencode_cli_bin: "opencode".to_string(),
+            active_engine: BridgeRuntimeEngine::Codex,
+            enabled_engines: vec![BridgeRuntimeEngine::Codex],
+            opencode_host: "127.0.0.1".to_string(),
+            opencode_port: 4090,
+            opencode_server_username: "opencode".to_string(),
+            opencode_server_password: Some("secret-token".to_string()),
+            auth_token: Some("secret-token".to_string()),
+            auth_enabled: true,
+            allow_insecure_no_auth: false,
+            allow_query_token_auth: false,
+            allow_outside_root_cwd: false,
+            disable_terminal_exec: false,
+            terminal_allowed_commands: HashSet::new(),
+            show_pairing_qr: true,
+        };
+
+        let payload = build_pairing_payload(&config).expect("pairing payload");
+        let parsed: Value = serde_json::from_str(&payload).expect("valid json");
+
+        assert_eq!(parsed["type"], "clawdex-bridge-pair");
+        assert_eq!(parsed["bridgeUrl"], "http://127.0.0.1:8787");
+        assert_eq!(parsed["bridgeToken"], "secret-token");
+    }
+
+    #[test]
+    fn build_pairing_payload_uses_token_only_fallback_for_unspecified_bind_host() {
+        let config = BridgeConfig {
+            host: "0.0.0.0".to_string(),
+            port: 8787,
+            workdir: PathBuf::from("/tmp/workdir"),
+            cli_bin: "codex".to_string(),
+            opencode_cli_bin: "opencode".to_string(),
+            active_engine: BridgeRuntimeEngine::Codex,
+            enabled_engines: vec![BridgeRuntimeEngine::Codex],
+            opencode_host: "127.0.0.1".to_string(),
+            opencode_port: 4090,
+            opencode_server_username: "opencode".to_string(),
+            opencode_server_password: Some("secret-token".to_string()),
+            auth_token: Some("secret-token".to_string()),
+            auth_enabled: true,
+            allow_insecure_no_auth: false,
+            allow_query_token_auth: false,
+            allow_outside_root_cwd: false,
+            disable_terminal_exec: false,
+            terminal_allowed_commands: HashSet::new(),
+            show_pairing_qr: true,
+        };
+
+        assert!(build_pairing_payload(&config).is_none());
+
+        let fallback = build_token_only_pairing_payload(&config).expect("token-only payload");
+        let parsed: Value = serde_json::from_str(&fallback).expect("valid json");
+
+        assert_eq!(parsed["type"], "clawdex-bridge-token");
+        assert_eq!(parsed["bridgeToken"], "secret-token");
+    }
+
     #[test]
     fn bridge_config_authorization_validates_header_and_query_token_paths() {
         let base = BridgeConfig {