clay-server 2.16.0 → 2.17.0-beta.10

package/lib/public/sw.js

@@ -38,8 +38,11 @@ self.addEventListener("fetch", function (event) {
   // Only handle GET requests
   if (request.method !== "GET") return;
 
-  // Skip WebSocket upgrade requests and API/data endpoints
+  // Skip cross-origin requests (external images, fonts, etc.)
   var url = new URL(request.url);
+  if (url.origin !== self.location.origin) return;
+
+  // Skip WebSocket upgrade requests and API/data endpoints
   if (url.pathname.indexOf("/ws") !== -1) return;
   if (url.pathname.indexOf("/api/") !== -1) return;
 

package/lib/server.js

@@ -525,7 +525,7 @@ function createServer(opts) {
   var securityHeaders = {
     "X-Content-Type-Options": "nosniff",
     "X-Frame-Options": "DENY",
-    "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src * data: blob:; connect-src 'self' ws: wss: https://cdn.jsdelivr.net https://esm.sh https://api.dicebear.com https://api.open-meteo.com; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net;",
+    "Content-Security-Policy": "default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net; img-src * data: blob:; connect-src 'self' ws: wss: https://cdn.jsdelivr.net https://esm.sh https://api.dicebear.com https://api.open-meteo.com https://ipapi.co; font-src 'self' data: https://fonts.gstatic.com https://cdn.jsdelivr.net;",
   };
   if (tlsOptions) {
     securityHeaders["Strict-Transport-Security"] = "max-age=31536000; includeSubDomains";
@@ -1017,6 +1017,19 @@ function createServer(opts) {
       return;
     }
 
+    // PWA install guide (builtin cert mode, no CA step needed)
+    if (fullUrl === "/pwa" && req.method === "GET") {
+      var host = req.headers.host || "localhost";
+      var hostname = host.split(":")[0];
+      var protocol = tlsOptions ? "https" : "http";
+      var pwaUrl = protocol + "://" + hostname + ":" + portNum;
+      res.writeHead(200, {
+        "Content-Type": "text/html; charset=utf-8",
+      });
+      res.end(setupPageHtml(pwaUrl, pwaUrl, false, true));
+      return;
+    }
+
     // Global push endpoints (used by setup page)
     if (req.method === "GET" && fullUrl === "/api/vapid-public-key" && pushModule) {
       res.writeHead(200, { "Content-Type": "application/json" });
@@ -1086,7 +1099,7 @@ function createServer(opts) {
           res.end('{"error":"unauthorized"}');
           return;
         }
-        var profile = mu.profile || { name: "", lang: "en-US", avatarColor: "#7c3aed", avatarStyle: "thumbs", avatarSeed: "" };
+        var profile = mu.profile || { name: "", lang: "en-US", avatarColor: "#7c3aed", avatarStyle: "thumbs", avatarSeed: "", avatarCustom: "" };
         profile.username = mu.username;
         profile.userId = mu.id;
         profile.role = mu.role;
@@ -1094,7 +1107,7 @@ function createServer(opts) {
         res.end(JSON.stringify(profile));
         return;
       }
-      var profile = { name: "", lang: "en-US", avatarColor: "#7c3aed", avatarStyle: "thumbs", avatarSeed: "" };
+      var profile = { name: "", lang: "en-US", avatarColor: "#7c3aed", avatarStyle: "thumbs", avatarSeed: "", avatarCustom: "" };
       try {
         var raw = fs.readFileSync(profilePath, "utf8");
         var saved = JSON.parse(raw);
@@ -1103,7 +1116,18 @@ function createServer(opts) {
         if (saved.avatarColor) profile.avatarColor = saved.avatarColor;
         if (saved.avatarStyle) profile.avatarStyle = saved.avatarStyle;
         if (saved.avatarSeed) profile.avatarSeed = saved.avatarSeed;
+        if (saved.avatarCustom) profile.avatarCustom = saved.avatarCustom;
       } catch (e) { /* file doesn't exist yet */ }
+      // Check if custom avatar file exists
+      try {
+        var avatarFiles = fs.readdirSync(path.join(CONFIG_DIR, "avatars"));
+        for (var afi = 0; afi < avatarFiles.length; afi++) {
+          if (avatarFiles[afi].startsWith("default.")) {
+            profile.avatarCustom = "/api/avatar/default?v=" + fs.statSync(path.join(CONFIG_DIR, "avatars", avatarFiles[afi])).mtimeMs;
+            break;
+          }
+        }
+      } catch (e) {}
       res.writeHead(200, { "Content-Type": "application/json" });
       res.end(JSON.stringify(profile));
       return;
@@ -1123,6 +1147,8 @@ function createServer(opts) {
           }
           if (typeof data.avatarStyle === "string") profile.avatarStyle = data.avatarStyle.substring(0, 30);
           if (typeof data.avatarSeed === "string") profile.avatarSeed = data.avatarSeed.substring(0, 30);
+          if (typeof data.avatarCustom === "string") profile.avatarCustom = data.avatarCustom;
+          if (data.avatarCustom === null || data.avatarCustom === "") profile.avatarCustom = undefined;
           if (users.isMultiUser()) {
             var mu = getMultiUserFromReq(req);
             if (!mu) {
@@ -1151,6 +1177,196 @@ function createServer(opts) {
       return;
     }
 
+    // Upload custom avatar image
+    if (req.method === "POST" && fullUrl === "/api/avatar") {
+      var chunks = [];
+      var totalSize = 0;
+      var maxSize = 2 * 1024 * 1024; // 2MB
+      req.on("data", function (chunk) {
+        totalSize += chunk.length;
+        if (totalSize <= maxSize) chunks.push(chunk);
+      });
+      req.on("end", function () {
+        if (totalSize > maxSize) {
+          res.writeHead(413, { "Content-Type": "application/json" });
+          res.end('{"error":"File too large (max 2MB)"}');
+          return;
+        }
+        var raw = Buffer.concat(chunks);
+        // Detect content type from magic bytes
+        var ct = null;
+        if (raw[0] === 0xFF && raw[1] === 0xD8) ct = "image/jpeg";
+        else if (raw[0] === 0x89 && raw[1] === 0x50) ct = "image/png";
+        else if (raw[0] === 0x47 && raw[1] === 0x49) ct = "image/gif";
+        else if (raw[0] === 0x52 && raw[1] === 0x49) ct = "image/webp";
+        if (!ct) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Unsupported image format"}');
+          return;
+        }
+        var ext = ct.split("/")[1] === "jpeg" ? "jpg" : ct.split("/")[1];
+        var avatarDir = path.join(CONFIG_DIR, "avatars");
+        fs.mkdirSync(avatarDir, { recursive: true });
+
+        var userId = "default";
+        if (users.isMultiUser()) {
+          var mu = getMultiUserFromReq(req);
+          if (!mu) {
+            res.writeHead(401, { "Content-Type": "application/json" });
+            res.end('{"error":"unauthorized"}');
+            return;
+          }
+          userId = mu.id;
+        }
+        var filename = userId + "." + ext;
+        // Remove old avatar files for this user
+        try {
+          var existing = fs.readdirSync(avatarDir);
+          for (var ei = 0; ei < existing.length; ei++) {
+            if (existing[ei].startsWith(userId + ".")) {
+              fs.unlinkSync(path.join(avatarDir, existing[ei]));
+            }
+          }
+        } catch (e) {}
+        fs.writeFileSync(path.join(avatarDir, filename), raw);
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true, avatar: "/api/avatar/" + userId + "?v=" + Date.now() }));
+      });
+      return;
+    }
+
+    // Serve custom avatar image
+    if (req.method === "GET" && fullUrl.startsWith("/api/avatar/")) {
+      var avatarUserId = fullUrl.split("/api/avatar/")[1].split("?")[0];
+      var avatarDir = path.join(CONFIG_DIR, "avatars");
+      try {
+        var files = fs.readdirSync(avatarDir);
+        var match = null;
+        for (var fi = 0; fi < files.length; fi++) {
+          if (files[fi].startsWith(avatarUserId + ".")) {
+            match = files[fi];
+            break;
+          }
+        }
+        if (match) {
+          var ext = match.split(".").pop();
+          var ctMap = { jpg: "image/jpeg", png: "image/png", gif: "image/gif", webp: "image/webp" };
+          res.writeHead(200, {
+            "Content-Type": ctMap[ext] || "application/octet-stream",
+            "Cache-Control": "public, max-age=31536000, immutable",
+          });
+          res.end(fs.readFileSync(path.join(avatarDir, match)));
+          return;
+        }
+      } catch (e) {}
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end('{"error":"not found"}');
+      return;
+    }
+
+    // Upload custom avatar for a mate
+    if (req.method === "POST" && fullUrl.startsWith("/api/mate-avatar/")) {
+      var mateIdFromUrl = fullUrl.split("/api/mate-avatar/")[1].split("?")[0];
+      if (!mateIdFromUrl) {
+        res.writeHead(400, { "Content-Type": "application/json" });
+        res.end('{"error":"Missing mate ID"}');
+        return;
+      }
+      var chunks = [];
+      var totalSize = 0;
+      var maxSize = 2 * 1024 * 1024; // 2MB
+      req.on("data", function (chunk) {
+        totalSize += chunk.length;
+        if (totalSize <= maxSize) chunks.push(chunk);
+      });
+      req.on("end", function () {
+        if (totalSize > maxSize) {
+          res.writeHead(413, { "Content-Type": "application/json" });
+          res.end('{"error":"File too large (max 2MB)"}');
+          return;
+        }
+        var raw = Buffer.concat(chunks);
+        var ct = null;
+        if (raw[0] === 0xFF && raw[1] === 0xD8) ct = "image/jpeg";
+        else if (raw[0] === 0x89 && raw[1] === 0x50) ct = "image/png";
+        else if (raw[0] === 0x47 && raw[1] === 0x49) ct = "image/gif";
+        else if (raw[0] === 0x52 && raw[1] === 0x49) ct = "image/webp";
+        if (!ct) {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end('{"error":"Unsupported image format"}');
+          return;
+        }
+        var userId = null;
+        if (users.isMultiUser()) {
+          var mu = getMultiUserFromReq(req);
+          if (!mu) {
+            res.writeHead(401, { "Content-Type": "application/json" });
+            res.end('{"error":"unauthorized"}');
+            return;
+          }
+          userId = mu.id;
+        }
+        var mateCtx = mates.buildMateCtx(userId);
+        var mate = mates.getMate(mateCtx, mateIdFromUrl);
+        if (!mate) {
+          res.writeHead(404, { "Content-Type": "application/json" });
+          res.end('{"error":"Mate not found"}');
+          return;
+        }
+        var ext = ct.split("/")[1] === "jpeg" ? "jpg" : ct.split("/")[1];
+        var avatarDir = path.join(CONFIG_DIR, "mate-avatars");
+        fs.mkdirSync(avatarDir, { recursive: true });
+        var filename = mateIdFromUrl + "." + ext;
+        // Remove old avatar files for this mate
+        try {
+          var existing = fs.readdirSync(avatarDir);
+          for (var ei = 0; ei < existing.length; ei++) {
+            if (existing[ei].startsWith(mateIdFromUrl + ".")) {
+              fs.unlinkSync(path.join(avatarDir, existing[ei]));
+            }
+          }
+        } catch (e) {}
+        fs.writeFileSync(path.join(avatarDir, filename), raw);
+        var avatarPath = "/api/mate-avatar/" + mateIdFromUrl + "?v=" + Date.now();
+        // Update mate profile with custom avatar URL
+        var profile = mate.profile || {};
+        profile.avatarCustom = avatarPath;
+        mates.updateMate(mateCtx, mateIdFromUrl, { profile: profile });
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true, avatar: avatarPath }));
+      });
+      return;
+    }
+
+    // Serve custom mate avatar image
+    if (req.method === "GET" && fullUrl.startsWith("/api/mate-avatar/")) {
+      var mateAvatarId = fullUrl.split("/api/mate-avatar/")[1].split("?")[0];
+      var mateAvatarDir = path.join(CONFIG_DIR, "mate-avatars");
+      try {
+        var files = fs.readdirSync(mateAvatarDir);
+        var match = null;
+        for (var fi = 0; fi < files.length; fi++) {
+          if (files[fi].startsWith(mateAvatarId + ".")) {
+            match = files[fi];
+            break;
+          }
+        }
+        if (match) {
+          var ext = match.split(".").pop();
+          var ctMap = { jpg: "image/jpeg", png: "image/png", gif: "image/gif", webp: "image/webp" };
+          res.writeHead(200, {
+            "Content-Type": ctMap[ext] || "application/octet-stream",
+            "Cache-Control": "public, max-age=31536000, immutable",
+          });
+          res.end(fs.readFileSync(path.join(mateAvatarDir, match)));
+          return;
+        }
+      } catch (e) {}
+      res.writeHead(404, { "Content-Type": "application/json" });
+      res.end('{"error":"not found"}');
+      return;
+    }
+
     // Change own PIN (multi-user mode)
     if (req.method === "PUT" && fullUrl === "/api/user/pin") {
       if (!users.isMultiUser()) {
@@ -2613,6 +2829,7 @@ function createServer(opts) {
             avatarStyle: p.avatarStyle || "thumbs",
             avatarSeed: p.avatarSeed || otherUser.username,
             avatarColor: p.avatarColor || "#7c3aed",
+            avatarCustom: p.avatarCustom || "",
           };
         }
       }
@@ -2675,6 +2892,7 @@ function createServer(opts) {
           avatarStyle: tp.avatarStyle || "thumbs",
           avatarSeed: tp.avatarSeed || targetUser.username,
           avatarColor: tp.avatarColor || "#7c3aed",
+          avatarCustom: tp.avatarCustom || "",
         } : null,
       }));
       return;
@@ -2746,6 +2964,7 @@ function createServer(opts) {
           avatarStyle: p.avatarStyle || "thumbs",
           avatarSeed: p.avatarSeed || u.username,
           avatarColor: p.avatarColor || "#7c3aed",
+          avatarCustom: p.avatarCustom || "",
         };
       });
       ws.send(JSON.stringify({
@@ -2913,6 +3132,7 @@ function createServer(opts) {
           username: u.username,
           avatarStyle: p.avatarStyle || "thumbs",
           avatarSeed: p.avatarSeed || u.username,
+          avatarCustom: p.avatarCustom || "",
         });
       });
     });
@@ -2946,6 +3166,7 @@ function createServer(opts) {
           avatarStyle: p.avatarStyle || "thumbs",
           avatarSeed: p.avatarSeed || u.username,
           avatarColor: p.avatarColor || "#7c3aed",
+          avatarCustom: p.avatarCustom || "",
         };
       });
       // Build per-user filtered lists, send individually

package/lib/sessions.js

@@ -315,7 +315,7 @@ function createSessionManager(opts) {
     return 0;
   }
 
-  function replayHistory(session, fromIndex, targetWs) {
+  function replayHistory(session, fromIndex, targetWs, transform) {
     var _send = (targetWs && sendTo) ? function (obj) { sendTo(targetWs, obj); } : send;
     var total = session.history.length;
     if (typeof fromIndex !== "number") {
@@ -329,7 +329,7 @@ function createSessionManager(opts) {
     _send({ type: "history_meta", total: total, from: fromIndex });
 
     for (var i = fromIndex; i < total; i++) {
-      _send(session.history[i]);
+      _send(transform ? transform(session.history[i]) : session.history[i]);
     }
 
     // Find the last result message in the full history for accurate context data
@@ -351,7 +351,7 @@ function createSessionManager(opts) {
     _send({ type: "history_done", lastUsage: lastUsage, lastModelUsage: lastModelUsage, lastCost: lastCost, lastStreamInputTokens: lastStreamInputTokens });
   }
 
-  function switchSession(localId, targetWs) {
+  function switchSession(localId, targetWs, transform) {
     var session = sessions.get(localId);
     if (!session) return;
 
@@ -374,7 +374,7 @@ function createSessionManager(opts) {
 
     _send({ type: "session_switched", id: localId, cliSessionId: session.cliSessionId || null, loop: session.loop || null });
     broadcastSessionList();
-    replayHistory(session, undefined, targetWs);
+    replayHistory(session, undefined, targetWs, transform);
 
     if (session.isProcessing) {
       _send({ type: "status", status: "processing" });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clay-server",
-  "version": "2.16.0",
+  "version": "2.17.0-beta.10",
   "description": "Web UI for Claude Code. Any device. Push notifications.",
   "bin": {
     "clay-server": "./bin/cli.js",

package/lib/themes/clay-light.json

@@ -1,10 +0,0 @@
-{
-  "name": "Clay Light",
-  "author": "Clay",
-  "variant": "light",
-  "base00": "F3EBE7", "base01": "EBE1DC", "base02": "D8CCC6", "base03": "A09590",
-  "base04": "786D67", "base05": "504541", "base06": "332925", "base07": "1A1412",
-  "base08": "C83520", "base09": "F74728", "base0A": "C08520", "base0B": "008F6B",
-  "base0C": "1C8575", "base0D": "3560B0", "base0E": "8C4E8E", "base0F": "A57C45",
-  "accent2": "2A26E5"
-}

package/lib/themes/clay.json

@@ -1,10 +0,0 @@
-{
-  "name": "Clay Dark",
-  "author": "Clay",
-  "variant": "dark",
-  "base00": "1F1B1B", "base01": "2A2525", "base02": "352F2F", "base03": "7D7370",
-  "base04": "A09590", "base05": "C2BAB4", "base06": "E5DED8", "base07": "FFFFFF",
-  "base08": "F74728", "base09": "FE7150", "base0A": "E5A040", "base0B": "09E5A3",
-  "base0C": "4EC9B0", "base0D": "6BA0E5", "base0E": "D085CC", "base0F": "D09558",
-  "accent2": "5857FC"
-}