clay-server 2.10.0 → 2.11.0-beta.10

package/lib/server.js

@@ -7,8 +7,10 @@ var { pinPageHtml, setupPageHtml, adminSetupPageHtml, multiUserLoginPageHtml, sm
 var smtp = require("./smtp");
 var { createProjectContext } = require("./project");
 var users = require("./users");
+var dm = require("./dm");
 
 var { CONFIG_DIR } = require("./config");
+var { provisionLinuxUser } = require("./os-users");
 
 var https = require("https");
 
@@ -325,12 +327,16 @@ function createServer(opts) {
   var portNum = opts.port || 2633;
   var debug = opts.debug || false;
   var dangerouslySkipPermissions = opts.dangerouslySkipPermissions || false;
+  var osUsers = opts.osUsers || false;
   var lanHost = opts.lanHost || null;
   var onAddProject = opts.onAddProject || null;
+  var onCreateProject = opts.onCreateProject || null;
+  var onCloneProject = opts.onCloneProject || null;
   var onRemoveProject = opts.onRemoveProject || null;
   var onReorderProjects = opts.onReorderProjects || null;
   var onSetProjectTitle = opts.onSetProjectTitle || null;
   var onSetProjectIcon = opts.onSetProjectIcon || null;
+  var onProjectOwnerChanged = opts.onProjectOwnerChanged || null;
   var onGetServerDefaultEffort = opts.onGetServerDefaultEffort || null;
   var onSetServerDefaultEffort = opts.onSetServerDefaultEffort || null;
   var onGetProjectDefaultEffort = opts.onGetProjectDefaultEffort || null;
@@ -347,10 +353,13 @@ function createServer(opts) {
   var onSetPin = opts.onSetPin || null;
   var onSetKeepAwake = opts.onSetKeepAwake || null;
   var onShutdown = opts.onShutdown || null;
+  var onSetUpdateChannel = opts.onSetUpdateChannel || null;
   var onUpgradePin = opts.onUpgradePin || null;
   var onSetProjectVisibility = opts.onSetProjectVisibility || null;
   var onSetProjectAllowedUsers = opts.onSetProjectAllowedUsers || null;
   var onGetProjectAccess = opts.onGetProjectAccess || null;
+  var onUserProvisioned = opts.onUserProvisioned || null;
+  var onUserDeleted = opts.onUserDeleted || null;
 
   var authToken = pinHash || null;
   var realVersion = require("../package.json").version;
@@ -508,6 +517,14 @@ function createServer(opts) {
             res.end(JSON.stringify({ error: result.error }));
             return;
           }
+          // Auto-provision Linux account if OS users mode is enabled
+          if (osUsers && !result.user.linuxUser) {
+            var provision = provisionLinuxUser(result.user.username);
+            if (provision.ok) {
+              users.updateLinuxUser(result.user.id, provision.linuxUser);
+              if (onUserProvisioned) onUserProvisioned(result.user.id, provision.linuxUser);
+            }
+          }
           users.clearSetupCode();
           var session = createMultiUserSession(result.user.id, tlsOptions);
           res.writeHead(200, {
@@ -552,11 +569,13 @@ function createServer(opts) {
           }
           clearPinFailures(ip);
           var session = createMultiUserSession(user.id, tlsOptions);
+          var loginResp = { ok: true, user: { id: user.id, username: user.username, role: user.role } };
+          if (user.mustChangePin) loginResp.mustChangePin = true;
           res.writeHead(200, {
             "Set-Cookie": session.cookie,
             "Content-Type": "application/json",
           });
-          res.end(JSON.stringify({ ok: true, user: { id: user.id, username: user.username, role: user.role } }));
+          res.end(JSON.stringify(loginResp));
         } catch (e) {
           res.writeHead(400, { "Content-Type": "application/json" });
           res.end('{"error":"Invalid request"}');
@@ -726,6 +745,14 @@ function createServer(opts) {
             res.end(JSON.stringify({ error: result.error }));
             return;
           }
+          // Auto-provision Linux account if OS users mode is enabled
+          if (osUsers && !result.user.linuxUser) {
+            var provision = provisionLinuxUser(result.user.username);
+            if (provision.ok) {
+              users.updateLinuxUser(result.user.id, provision.linuxUser);
+              if (onUserProvisioned) onUserProvisioned(result.user.id, provision.linuxUser);
+            }
+          }
           users.markInviteUsed(data.inviteCode);
           var session = createMultiUserSession(result.user.id, tlsOptions);
           res.writeHead(200, {
@@ -934,6 +961,45 @@ function createServer(opts) {
       return;
     }
 
+    // Change own PIN (multi-user mode)
+    if (req.method === "PUT" && fullUrl === "/api/user/pin") {
+      if (!users.isMultiUser()) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end('{"error":"Not found"}');
+        return;
+      }
+      var mu = getMultiUserFromReq(req);
+      if (!mu) {
+        res.writeHead(401, { "Content-Type": "application/json" });
+        res.end('{"error":"unauthorized"}');
+        return;
+      }
+      var body = "";
+      req.on("data", function (chunk) { body += chunk; });
+      req.on("end", function () {
+        try {
+          var data = JSON.parse(body);
+          if (!data.newPin || typeof data.newPin !== "string" || !/^\d{6}$/.test(data.newPin)) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end('{"error":"PIN must be exactly 6 digits"}');
+            return;
+          }
+          var result = users.updateUserPin(mu.id, data.newPin);
+          if (result.error) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: result.error }));
+            return;
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end('{"ok":true}');
+        } catch (e) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Invalid request"}');
+        }
+      });
+      return;
+    }
+
     // --- Admin API endpoints (multi-user mode only) ---
 
     // List all users (admin only)
@@ -973,17 +1039,121 @@ function createServer(opts) {
         res.end('{"error":"Cannot remove yourself"}');
         return;
       }
+      // Look up the user before deletion to get linuxUser for deactivation
+      var targetUser = users.findUserById(targetUserId);
+      var targetLinuxUser = targetUser ? targetUser.linuxUser : null;
       var result = users.removeUser(targetUserId);
       if (result.error) {
         res.writeHead(404, { "Content-Type": "application/json" });
         res.end(JSON.stringify({ error: result.error }));
         return;
       }
+      // Deactivate the Linux account if applicable
+      if (onUserDeleted && targetLinuxUser) {
+        onUserDeleted(targetUserId, targetLinuxUser);
+      }
       res.writeHead(200, { "Content-Type": "application/json" });
       res.end('{"ok":true}');
       return;
     }
 
+    // Create user (admin only) — generates a temporary PIN that must be changed on first login
+    if (req.method === "POST" && fullUrl === "/api/admin/users") {
+      if (!users.isMultiUser()) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end('{"error":"Not found"}');
+        return;
+      }
+      var mu = getMultiUserFromReq(req);
+      if (!mu || mu.role !== "admin") {
+        res.writeHead(403, { "Content-Type": "application/json" });
+        res.end('{"error":"Admin access required"}');
+        return;
+      }
+      var body = "";
+      req.on("data", function (chunk) { body += chunk; });
+      req.on("end", function () {
+        try {
+          var data = JSON.parse(body);
+          if (!data.username || typeof data.username !== "string" || data.username.trim().length < 1) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end('{"error":"Username is required"}');
+            return;
+          }
+          var result = users.createUserByAdmin({
+            username: data.username.trim(),
+            displayName: data.displayName ? data.displayName.trim() : data.username.trim(),
+            email: data.email ? data.email.trim() : null,
+            role: data.role === "admin" ? "admin" : "user",
+          });
+          if (result.error) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: result.error }));
+            return;
+          }
+          // Auto-provision Linux account if OS users mode is enabled
+          if (osUsers && !result.user.linuxUser) {
+            var provision = provisionLinuxUser(result.user.username);
+            if (provision.ok) {
+              users.updateLinuxUser(result.user.id, provision.linuxUser);
+              if (onUserProvisioned) onUserProvisioned(result.user.id, provision.linuxUser);
+            }
+          }
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({
+            ok: true,
+            user: {
+              id: result.user.id,
+              username: result.user.username,
+              displayName: result.user.displayName,
+              role: result.user.role,
+            },
+            tempPin: result.tempPin,
+          }));
+        } catch (e) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Invalid request"}');
+        }
+      });
+      return;
+    }
+
+    // Set Linux user mapping (admin only, OS-level multi-user)
+    if (req.method === "PUT" && fullUrl.match(/^\/api\/admin\/users\/[^/]+\/linux-user$/)) {
+      if (!users.isMultiUser()) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end('{"error":"Not found"}');
+        return;
+      }
+      var mu = getMultiUserFromReq(req);
+      if (!mu || mu.role !== "admin") {
+        res.writeHead(403, { "Content-Type": "application/json" });
+        res.end('{"error":"Admin access required"}');
+        return;
+      }
+      var urlParts = fullUrl.split("/");
+      var targetUserId = urlParts[4]; // /api/admin/users/{userId}/linux-user
+      var body = "";
+      req.on("data", function(chunk) { body += chunk; });
+      req.on("end", function() {
+        try {
+          var parsed = JSON.parse(body);
+          var result = users.updateLinuxUser(targetUserId, parsed.linuxUser || null);
+          if (result.error) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(JSON.stringify({ error: result.error }));
+          } else {
+            res.writeHead(200, { "Content-Type": "application/json" });
+            res.end('{"ok":true}');
+          }
+        } catch (e) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Invalid request body"}');
+        }
+      });
+      return;
+    }
+
     // Create invite (admin only)
     if (req.method === "POST" && fullUrl === "/api/admin/invites") {
       if (!users.isMultiUser()) {
@@ -1275,6 +1445,53 @@ function createServer(opts) {
       return;
     }
 
+    // Set project owner (admin only)
+    if (req.method === "PUT" && /^\/api\/admin\/projects\/[a-z0-9_-]+\/owner$/.test(fullUrl)) {
+      if (!users.isMultiUser()) {
+        res.writeHead(404, { "Content-Type": "application/json" });
+        res.end('{"error":"Not found"}');
+        return;
+      }
+      var mu = getMultiUserFromReq(req);
+      if (!mu || mu.role !== "admin") {
+        res.writeHead(403, { "Content-Type": "application/json" });
+        res.end('{"error":"Admin access required"}');
+        return;
+      }
+      var projSlug = fullUrl.split("/")[4];
+      var body = "";
+      req.on("data", function (chunk) { body += chunk; });
+      req.on("end", function () {
+        try {
+          var data = JSON.parse(body);
+          var targetCtx = projects.get(projSlug);
+          if (!targetCtx) {
+            res.writeHead(404, { "Content-Type": "application/json" });
+            res.end('{"error":"Project not found"}');
+            return;
+          }
+          var ownerId = data.userId || null;
+          targetCtx.setProjectOwner(ownerId);
+          if (onProjectOwnerChanged) {
+            onProjectOwnerChanged(projSlug, ownerId);
+          }
+          // Broadcast to project clients
+          var ownerName = null;
+          if (ownerId) {
+            var ownerUser = users.findUserById(ownerId);
+            ownerName = ownerUser ? (ownerUser.displayName || ownerUser.username) : ownerId;
+          }
+          targetCtx.send({ type: "project_owner_changed", ownerId: ownerId, ownerName: ownerName });
+          res.writeHead(200, { "Content-Type": "application/json" });
+          res.end('{"ok":true}');
+        } catch (e) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Invalid request"}');
+        }
+      });
+      return;
+    }
+
     // Set project allowed users (admin only)
     if (req.method === "PUT" && /^\/api\/admin\/projects\/[a-z0-9_-]+\/users$/.test(fullUrl)) {
       if (!users.isMultiUser()) {
@@ -1363,8 +1580,10 @@ function createServer(opts) {
         res.end('{"error":"unauthorized"}');
         return;
       }
+      var meResp = { multiUser: true, smtpEnabled: smtp.isSmtpConfigured(), emailLoginEnabled: smtp.isEmailLoginEnabled(), user: { id: mu.id, username: mu.username, email: mu.email || null, displayName: mu.displayName, role: mu.role } };
+      if (mu.mustChangePin) meResp.mustChangePin = true;
       res.writeHead(200, { "Content-Type": "application/json" });
-      res.end(JSON.stringify({ multiUser: true, smtpEnabled: smtp.isSmtpConfigured(), emailLoginEnabled: smtp.isEmailLoginEnabled(), user: { id: mu.id, username: mu.username, email: mu.email || null, displayName: mu.displayName, role: mu.role } }));
+      res.end(JSON.stringify(meResp));
       return;
     }
 
@@ -1574,6 +1793,11 @@ function createServer(opts) {
     var qsIdx = req.url.indexOf("?");
     var projectUrlWithQS = qsIdx >= 0 ? projectUrl + req.url.substring(qsIdx) : projectUrl;
 
+    // Attach user info for project HTTP handler (OS-level isolation)
+    if (users.isMultiUser()) {
+      req._clayUser = getMultiUserFromReq(req);
+    }
+
     // Try project HTTP handler first (APIs)
     var origUrl = req.url;
     req.url = projectUrlWithQS;
@@ -1784,16 +2008,18 @@ function createServer(opts) {
   }
 
   // --- Project management ---
-  function addProject(cwd, slug, title, icon) {
+  function addProject(cwd, slug, title, icon, projectOwnerId) {
     if (projects.has(slug)) return false;
     var ctx = createProjectContext({
       cwd: cwd,
       slug: slug,
       title: title || null,
       icon: icon || null,
+      projectOwnerId: projectOwnerId || null,
       pushModule: pushModule,
       debug: debug,
       dangerouslySkipPermissions: dangerouslySkipPermissions,
+      osUsers: osUsers,
       currentVersion: currentVersion,
       lanHost: lanHost,
       getProjectCount: function () { return projects.size; },
@@ -1874,10 +2100,13 @@ function createServer(opts) {
       onPresenceChange: broadcastPresenceChange,
       onProcessingChanged: broadcastProcessingChange,
       onAddProject: onAddProject,
+      onCreateProject: onCreateProject,
+      onCloneProject: onCloneProject,
       onRemoveProject: onRemoveProject,
       onReorderProjects: onReorderProjects,
       onSetProjectTitle: onSetProjectTitle,
       onSetProjectIcon: onSetProjectIcon,
+      onProjectOwnerChanged: onProjectOwnerChanged,
       onGetServerDefaultEffort: onGetServerDefaultEffort,
       onSetServerDefaultEffort: onSetServerDefaultEffort,
       onGetProjectDefaultEffort: onGetProjectDefaultEffort,
@@ -1893,13 +2122,103 @@ function createServer(opts) {
       onGetDaemonConfig: onGetDaemonConfig,
       onSetPin: onSetPin,
       onSetKeepAwake: onSetKeepAwake,
+      onSetUpdateChannel: onSetUpdateChannel,
+      updateChannel: onGetDaemonConfig ? (onGetDaemonConfig().updateChannel || "stable") : "stable",
       onShutdown: onShutdown,
+      onDmMessage: handleDmMessage,
     });
     projects.set(slug, ctx);
     ctx.warmup();
     return true;
   }
 
+  // --- DM message handler (server-level, cross-project) ---
+  function handleDmMessage(ws, msg) {
+    if (!users.isMultiUser() || !ws._clayUser) return;
+    var userId = ws._clayUser.id;
+
+    if (msg.type === "dm_list") {
+      var dmList = dm.getDmList(userId);
+      // Enrich with user info
+      for (var i = 0; i < dmList.length; i++) {
+        var otherUser = users.findUserById(dmList[i].otherUserId);
+        if (otherUser) {
+          var p = otherUser.profile || {};
+          dmList[i].otherUser = {
+            id: otherUser.id,
+            displayName: p.name || otherUser.displayName || otherUser.username,
+            username: otherUser.username,
+            avatarStyle: p.avatarStyle || "thumbs",
+            avatarSeed: p.avatarSeed || otherUser.username,
+            avatarColor: p.avatarColor || "#7c3aed",
+          };
+        }
+      }
+      ws.send(JSON.stringify({ type: "dm_list", dms: dmList }));
+      return;
+    }
+
+    if (msg.type === "dm_open") {
+      if (!msg.targetUserId) return;
+      var result = dm.openDm(userId, msg.targetUserId);
+      var targetUser = users.findUserById(msg.targetUserId);
+      var tp = targetUser ? (targetUser.profile || {}) : {};
+      ws.send(JSON.stringify({
+        type: "dm_history",
+        dmKey: result.dmKey,
+        messages: result.messages,
+        targetUser: targetUser ? {
+          id: targetUser.id,
+          displayName: tp.name || targetUser.displayName || targetUser.username,
+          username: targetUser.username,
+          avatarStyle: tp.avatarStyle || "thumbs",
+          avatarSeed: tp.avatarSeed || targetUser.username,
+          avatarColor: tp.avatarColor || "#7c3aed",
+        } : null,
+      }));
+      return;
+    }
+
+    if (msg.type === "dm_typing") {
+      // Relay typing indicator to DM partner
+      var dmKey = msg.dmKey;
+      if (!dmKey) return;
+      var parts = dmKey.split(":");
+      if (parts.indexOf(userId) === -1) return;
+      var targetId = parts[0] === userId ? parts[1] : parts[0];
+      projects.forEach(function (ctx) {
+        ctx.forEachClient(function (otherWs) {
+          if (otherWs === ws) return;
+          if (!otherWs._clayUser || otherWs._clayUser.id !== targetId) return;
+          if (otherWs.readyState !== 1) return;
+          otherWs.send(JSON.stringify({ type: "dm_typing", dmKey: dmKey, userId: userId, typing: !!msg.typing }));
+        });
+      });
+      return;
+    }
+
+    if (msg.type === "dm_send") {
+      if (!msg.dmKey || !msg.text) return;
+      // Verify sender is a participant
+      var parts = msg.dmKey.split(":");
+      if (parts.indexOf(userId) === -1) return;
+      var message = dm.sendMessage(msg.dmKey, userId, msg.text);
+      // Send confirmation to sender
+      ws.send(JSON.stringify({ type: "dm_message", dmKey: msg.dmKey, message: message }));
+      // Broadcast to target user's connections across all projects
+      var targetId = parts[0] === userId ? parts[1] : parts[0];
+      projects.forEach(function (ctx) {
+        ctx.forEachClient(function (otherWs) {
+          if (otherWs === ws) return;
+          if (!otherWs._clayUser || otherWs._clayUser.id !== targetId) return;
+          if (otherWs.readyState !== 1) return;
+          otherWs.send(JSON.stringify({ type: "dm_message", dmKey: msg.dmKey, message: message }));
+        });
+      });
+      return;
+    }
+  }
+
   function removeProject(slug) {
     var ctx = projects.get(slug);
     if (!ctx) return false;
@@ -1989,6 +2308,18 @@ function createServer(opts) {
         return;
       }
       var serverUsers = getServerUsers();
+      var allUsers = users.getAllUsers().map(function (u) {
+        var p = u.profile || {};
+        return {
+          id: u.id,
+          displayName: p.name || u.displayName || u.username,
+          username: u.username,
+          role: u.role,
+          avatarStyle: p.avatarStyle || "thumbs",
+          avatarSeed: p.avatarSeed || u.username,
+          avatarColor: p.avatarColor || "#7c3aed",
+        };
+      });
       // Build per-user filtered lists, send individually
       var sentUsers = {};
       projects.forEach(function (ctx) {
@@ -2014,6 +2345,7 @@ function createServer(opts) {
             projects: filteredProjects,
             projectCount: projects.size,
             serverUsers: serverUsers,
+            allUsers: allUsers,
           });
           sentUsers[key] = msgStr;
           ws.send(msgStr);

package/lib/sessions.js

@@ -508,6 +508,31 @@ function createSessionManager(opts) {
     return results;
   }
 
+  function migrateSessionTitles(getSDK, migrateCwd) {
+    var toMigrate = [];
+    sessions.forEach(function(s) {
+      if (s.cliSessionId && s.title && s.title !== "New Session" && s.title !== "Resumed session") {
+        toMigrate.push({ cliSessionId: s.cliSessionId, title: s.title });
+      }
+    });
+    if (toMigrate.length === 0) return;
+    getSDK().then(function(sdkMod) {
+      var chain = Promise.resolve();
+      for (var i = 0; i < toMigrate.length; i++) {
+        (function(item) {
+          chain = chain.then(function() {
+            return sdkMod.renameSession(item.cliSessionId, item.title, { dir: migrateCwd }).catch(function(e) {
+              console.error("[session] Migration failed for " + item.cliSessionId + ":", e.message);
+            });
+          });
+        })(toMigrate[i]);
+      }
+      chain.then(function() {
+        console.log("[session] Migrated " + toMigrate.length + " session title(s) to SDK format");
+      });
+    }).catch(function() {});
+  }
+
   return {
     get activeSessionId() { return activeSessionId; },
     get nextLocalId() { return nextLocalId; },
@@ -532,6 +557,7 @@ function createSessionManager(opts) {
     replayHistory: replayHistory,
     searchSessions: searchSessions,
     setResolveLoopInfo: setResolveLoopInfo,
+    migrateSessionTitles: migrateSessionTitles,
     setSessionVisibility: function (localId, visibility) {
       var session = sessions.get(localId);
       if (!session) return { error: "Session not found" };

package/lib/terminal-manager.js

@@ -16,10 +16,10 @@ function createTerminalManager(opts) {
   var nextId = 1;
   var terminals = new Map(); // id -> terminal session
 
-  function create(cols, rows) {
+  function create(cols, rows, osUserInfo) {
     if (terminals.size >= MAX_TERMINALS) return null;
 
-    var pty = createTerminal(cwd, cols, rows);
+    var pty = createTerminal(cwd, cols, rows, osUserInfo);
     if (!pty) return null;
 
     var id = nextId++;

package/lib/terminal.js

@@ -5,18 +5,34 @@ try {
   pty = null;
 }
 
-function createTerminal(cwd, cols, rows) {
+function createTerminal(cwd, cols, rows, osUserInfo) {
   if (!pty) return null;
 
   var shell = process.env.SHELL
     || (process.platform === "win32" ? process.env.COMSPEC || "cmd.exe" : "/bin/bash");
-  var term = pty.spawn(shell, [], {
+
+  // OS-level user isolation: spawn terminal as the mapped Linux user
+  var termEnv = Object.assign({}, process.env, { TERM: "xterm-256color" });
+  var spawnOpts = {
     name: "xterm-256color",
     cols: cols || 80,
     rows: rows || 24,
     cwd: cwd,
-    env: Object.assign({}, process.env, { TERM: "xterm-256color" }),
-  });
+    env: termEnv,
+  };
+
+  if (osUserInfo) {
+    spawnOpts.uid = osUserInfo.uid;
+    spawnOpts.gid = osUserInfo.gid;
+    // Use the target user's shell and home
+    termEnv.HOME = osUserInfo.home;
+    termEnv.USER = osUserInfo.user;
+    termEnv.LOGNAME = osUserInfo.user;
+    // Use target user's shell if available
+    if (osUserInfo.shell) shell = osUserInfo.shell;
+  }
+
+  var term = pty.spawn(shell, [], spawnOpts);
 
   return term;
 }

package/lib/updater.js

@@ -21,9 +21,10 @@ var sym = {
 
 function log(s) { console.log("  " + s); }
 
-function fetchLatestVersion() {
+function fetchVersion(channel) {
+  var tag = channel === "beta" ? "beta" : "latest";
   return new Promise(function (resolve) {
-    var req = https.get("https://registry.npmjs.org/clay-server/latest", function (res) {
+    var req = https.get("https://registry.npmjs.org/clay-server/" + tag, function (res) {
       var data = "";
       res.on("data", function (chunk) { data += chunk; });
       res.on("end", function () {
@@ -42,22 +43,48 @@ function fetchLatestVersion() {
   });
 }
 
+function fetchLatestVersion() {
+  return fetchVersion("stable");
+}
+
+function parseVersion(v) {
+  var dashIdx = v.indexOf("-");
+  var base = dashIdx === -1 ? v : v.substring(0, dashIdx);
+  var pre = dashIdx === -1 ? null : v.substring(dashIdx + 1);
+  var parts = base.split(".").map(Number);
+  var preNum = null;
+  if (pre) {
+    var m = pre.match(/\.(\d+)$/);
+    preNum = m ? parseInt(m[1], 10) : 0;
+  }
+  return { parts: parts, pre: pre, preNum: preNum };
+}
+
 function isNewer(latest, current) {
   if (!latest || !current) return false;
-  var lp = latest.split(".").map(Number);
-  var cp = current.split(".").map(Number);
+  var l = parseVersion(latest);
+  var c = parseVersion(current);
+  // Compare base version (major.minor.patch)
   for (var i = 0; i < 3; i++) {
-    var l = lp[i] || 0;
-    var c = cp[i] || 0;
-    if (l > c) return true;
-    if (l < c) return false;
+    var lv = l.parts[i] || 0;
+    var cv = c.parts[i] || 0;
+    if (lv > cv) return true;
+    if (lv < cv) return false;
+  }
+  // Bases are equal: stable (no pre-release) beats pre-release
+  if (!l.pre && c.pre) return true;
+  if (l.pre && !c.pre) return false;
+  // Both pre-release with same base: compare pre-release number
+  if (l.pre && c.pre) {
+    return l.preNum > c.preNum;
   }
   return false;
 }
 
-function performUpdate() {
+function performUpdate(channel) {
+  var tag = channel === "beta" ? "beta" : "latest";
   try {
-    execSync("npm install -g clay-server@latest", { stdio: "pipe" });
+    execSync("npm install -g clay-server@" + tag, { stdio: "pipe" });
     return true;
   } catch (e) {
     return false;
@@ -94,4 +121,4 @@ async function checkAndUpdate(currentVersion, skipUpdate) {
   return false;
 }
 
-module.exports = { checkAndUpdate, fetchLatestVersion, isNewer };
+module.exports = { checkAndUpdate, fetchLatestVersion, fetchVersion, isNewer };