clay-server 2.27.0-beta.13 → 2.27.0-beta.14

package/lib/sdk-skill-discovery.js

@@ -0,0 +1,131 @@
+var fs = require("fs");
+var path = require("path");
+
+// Split shell command on operators (&&, ||, ;, |) while respecting quotes
+// and parentheses. Returns array of command segments.
+function splitShellSegments(cmd) {
+  var segments = [];
+  var current = "";
+  var inSingle = false;
+  var inDouble = false;
+  var parenDepth = 0;
+  var i = 0;
+  while (i < cmd.length) {
+    var ch = cmd[i];
+
+    // Handle escape
+    if (ch === "\\" && i + 1 < cmd.length && !inSingle) {
+      current += ch + cmd[i + 1];
+      i += 2;
+      continue;
+    }
+
+    // Quote tracking
+    if (ch === "'" && !inDouble) { inSingle = !inSingle; current += ch; i++; continue; }
+    if (ch === '"' && !inSingle) { inDouble = !inDouble; current += ch; i++; continue; }
+
+    // Inside quotes: no splitting
+    if (inSingle || inDouble) { current += ch; i++; continue; }
+
+    // Parentheses/subshell tracking
+    if (ch === "(" || ch === "$" && i + 1 < cmd.length && cmd[i + 1] === "(") {
+      parenDepth++;
+      current += ch;
+      i++;
+      continue;
+    }
+    if (ch === ")" && parenDepth > 0) {
+      parenDepth--;
+      current += ch;
+      i++;
+      continue;
+    }
+
+    // Inside subshell: no splitting
+    if (parenDepth > 0) { current += ch; i++; continue; }
+
+    // Check for operators: &&, ||, ;, |
+    if (ch === "&" && i + 1 < cmd.length && cmd[i + 1] === "&") {
+      segments.push(current);
+      current = "";
+      i += 2;
+      continue;
+    }
+    if (ch === "|" && i + 1 < cmd.length && cmd[i + 1] === "|") {
+      segments.push(current);
+      current = "";
+      i += 2;
+      continue;
+    }
+    if (ch === "|") {
+      segments.push(current);
+      current = "";
+      i++;
+      continue;
+    }
+    if (ch === ";") {
+      segments.push(current);
+      current = "";
+      i++;
+      continue;
+    }
+
+    current += ch;
+    i++;
+  }
+  if (current) segments.push(current);
+  return segments;
+}
+
+function attachSkillDiscovery(ctx) {
+  var cwd = ctx.cwd;
+
+  function discoverSkillDirs() {
+    var skills = {};
+    var dirs = [
+      path.join(require("./config").REAL_HOME, ".claude", "skills"),
+      path.join(cwd, ".claude", "skills"),
+    ];
+    for (var d = 0; d < dirs.length; d++) {
+      var base = dirs[d];
+      var entries;
+      try {
+        entries = fs.readdirSync(base, { withFileTypes: true });
+      } catch (e) {
+        continue; // directory doesn't exist
+      }
+      for (var i = 0; i < entries.length; i++) {
+        var entry = entries[i];
+        if (!entry.isDirectory() && !entry.isSymbolicLink()) continue;
+        var skillDir = path.join(base, entry.name);
+        var skillMd = path.join(skillDir, "SKILL.md");
+        try {
+          fs.accessSync(skillMd, fs.constants.R_OK);
+          // project skills override global skills with same name
+          skills[entry.name] = skillDir;
+        } catch (e) {
+          // no SKILL.md, skip
+        }
+      }
+    }
+    return skills;
+  }
+
+  function mergeSkills(sdkSkills, fsSkills) {
+    var merged = new Set();
+    if (Array.isArray(sdkSkills)) {
+      for (var i = 0; i < sdkSkills.length; i++) {
+        merged.add(sdkSkills[i]);
+      }
+    }
+    var fsNames = Object.keys(fsSkills);
+    for (var i = 0; i < fsNames.length; i++) {
+      merged.add(fsNames[i]);
+    }
+    return merged;
+  }
+
+  return { discoverSkillDirs: discoverSkillDirs, mergeSkills: mergeSkills };
+}
+
+module.exports = { splitShellSegments: splitShellSegments, attachSkillDiscovery: attachSkillDiscovery };

package/lib/users-auth.js

@@ -0,0 +1,146 @@
+var crypto = require("crypto");
+
+function attachAuth(deps) {
+  var loadUsers = deps.loadUsers;
+  var saveUsers = deps.saveUsers;
+  var findAdmin = deps.findAdmin;
+
+  // --- Multi-user mode ---
+
+  function isMultiUser() {
+    var data = loadUsers();
+    return !!data.multiUser;
+  }
+
+  function enableMultiUser() {
+    var data = loadUsers();
+    if (data.multiUser) {
+      // Already enabled -- check if admin exists
+      var admin = findAdmin(data);
+      if (admin) {
+        return { alreadyEnabled: true, hasAdmin: true, setupCode: null };
+      }
+      // Multi-user enabled but no admin -- regenerate setup code
+      var code = generateSetupCode();
+      data.setupCode = code;
+      saveUsers(data);
+      return { alreadyEnabled: true, hasAdmin: false, setupCode: code };
+    }
+    var code = generateSetupCode();
+    data.multiUser = true;
+    data.setupCode = code;
+    saveUsers(data);
+    return { alreadyEnabled: false, hasAdmin: false, setupCode: code };
+  }
+
+  function disableMultiUser() {
+    var data = loadUsers();
+    data.multiUser = false;
+    data.setupCode = null;
+    saveUsers(data);
+  }
+
+  // --- Setup code ---
+
+  function generateSetupCode() {
+    var chars = "abcdefghijkmnpqrstuvwxyz23456789"; // no ambiguous chars
+    var code = "";
+    var bytes = crypto.randomBytes(6);
+    for (var i = 0; i < 6; i++) {
+      code += chars[bytes[i] % chars.length];
+    }
+    return code;
+  }
+
+  function getSetupCode() {
+    var data = loadUsers();
+    if (data.setupCode) return data.setupCode;
+    // Defensive: if multi-user is on, no admin, and no code, auto-generate one
+    if (data.multiUser && !findAdmin(data)) {
+      var code = generateSetupCode();
+      data.setupCode = code;
+      saveUsers(data);
+      return code;
+    }
+    return null;
+  }
+
+  function clearSetupCode() {
+    var data = loadUsers();
+    data.setupCode = null;
+    saveUsers(data);
+  }
+
+  function validateSetupCode(code) {
+    var data = loadUsers();
+    if (!data.setupCode) return false;
+    return data.setupCode === code;
+  }
+
+  // --- Pin hashing ---
+
+  function hashPin(pin) {
+    return crypto.createHash("sha256").update("clay-user:" + pin).digest("hex");
+  }
+
+  // Generate a random 6-digit PIN
+  function generatePin() {
+    var digits = "";
+    var bytes = crypto.randomBytes(6);
+    for (var i = 0; i < 6; i++) {
+      digits += (bytes[i] % 10).toString();
+    }
+    return digits;
+  }
+
+  // --- Authentication ---
+
+  function authenticateUser(username, pin) {
+    var data = loadUsers();
+    var user = null;
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].username.toLowerCase() === username.toLowerCase()) {
+        user = data.users[i];
+        break;
+      }
+    }
+    if (!user) return null;
+    var pinH = hashPin(pin);
+    if (user.pinHash !== pinH) return null;
+    return user;
+  }
+
+  // --- Auth tokens ---
+
+  function generateUserAuthToken(userId) {
+    var token = crypto.randomBytes(32).toString("hex");
+    return userId + ":" + token;
+  }
+
+  function parseAuthCookie(cookieValue) {
+    if (!cookieValue) return null;
+    var idx = cookieValue.indexOf(":");
+    if (idx < 0) return null;
+    return {
+      userId: cookieValue.substring(0, idx),
+      token: cookieValue.substring(idx + 1),
+    };
+  }
+
+  return {
+    isMultiUser: isMultiUser,
+    enableMultiUser: enableMultiUser,
+    disableMultiUser: disableMultiUser,
+    generateSetupCode: generateSetupCode,
+    getSetupCode: getSetupCode,
+    clearSetupCode: clearSetupCode,
+    validateSetupCode: validateSetupCode,
+    hashPin: hashPin,
+    generatePin: generatePin,
+    authenticateUser: authenticateUser,
+    generateUserAuthToken: generateUserAuthToken,
+    parseAuthCookie: parseAuthCookie,
+  };
+}
+
+module.exports = { attachAuth: attachAuth };

package/lib/users-permissions.js

@@ -0,0 +1,118 @@
+// --- Per-user RBAC permissions (default values for regular users) ---
+var DEFAULT_PERMISSIONS = {
+  terminal: false,
+  fileBrowser: true,
+  createProject: true,
+  deleteProject: false,
+  skills: true,
+  sessionDelete: false,
+  scheduledTasks: false,
+  projectSettings: false,
+};
+
+var ALL_PERMISSIONS = {
+  terminal: true,
+  fileBrowser: true,
+  createProject: true,
+  deleteProject: true,
+  skills: true,
+  sessionDelete: true,
+  scheduledTasks: true,
+  projectSettings: true,
+};
+
+function attachPermissions(deps) {
+  var loadUsers = deps.loadUsers;
+  var saveUsers = deps.saveUsers;
+  var findUserById = deps.findUserById;
+
+  function getEffectivePermissions(user, osUsersMode) {
+    // OS-mode users with linuxUser are exempt from RBAC (OS handles isolation)
+    if (osUsersMode && user && user.linuxUser) return ALL_PERMISSIONS;
+    // Admin always has full permissions
+    if (user && user.role === "admin") return ALL_PERMISSIONS;
+    // Merge stored permissions with defaults (handles missing keys for forward-compat)
+    var stored = (user && user.permissions) || {};
+    var result = {};
+    var keys = Object.keys(DEFAULT_PERMISSIONS);
+    for (var i = 0; i < keys.length; i++) {
+      var k = keys[i];
+      result[k] = stored[k] !== undefined ? stored[k] : DEFAULT_PERMISSIONS[k];
+    }
+    return result;
+  }
+
+  function updateUserPermissions(userId, permissions) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        // Validate: only allow known permission keys with boolean values
+        var clean = {};
+        var keys = Object.keys(DEFAULT_PERMISSIONS);
+        for (var j = 0; j < keys.length; j++) {
+          var k = keys[j];
+          clean[k] = permissions[k] === true;
+        }
+        data.users[i].permissions = clean;
+        saveUsers(data);
+        return { ok: true, permissions: clean };
+      }
+    }
+    return { error: "User not found" };
+  }
+
+  // --- Project access helpers ---
+
+  function canAccessProject(userId, project) {
+    if (!project) return false;
+    // Public projects are accessible to all authenticated users
+    if (!project.visibility || project.visibility === "public") return true;
+    // Admin always has access
+    var user = findUserById(userId);
+    if (user && user.role === "admin") return true;
+    // Owner always has access to their own project
+    if (project.ownerId && project.ownerId === userId) return true;
+    // Private project -- check allowedUsers
+    var allowed = project.allowedUsers || [];
+    return allowed.indexOf(userId) >= 0;
+  }
+
+  function getAccessibleProjects(userId, projects) {
+    if (!projects) return [];
+    return projects.filter(function (p) {
+      return canAccessProject(userId, p);
+    });
+  }
+
+  // --- Session visibility helpers ---
+
+  function canAccessSession(userId, session, project) {
+    // Must have project access first
+    if (!canAccessProject(userId, project)) return false;
+    // Sessions without ownerId are legacy -- only admin can see them
+    if (!session.ownerId) {
+      var user = findUserById(userId);
+      return !!(user && user.role === "admin");
+    }
+    // Owner can always see their own sessions
+    if (session.ownerId === userId) return true;
+    // Shared sessions are visible to all project members (default)
+    if (!session.sessionVisibility || session.sessionVisibility === "shared") return true;
+    // Private sessions are only visible to the owner
+    return false;
+  }
+
+  return {
+    getEffectivePermissions: getEffectivePermissions,
+    updateUserPermissions: updateUserPermissions,
+    canAccessProject: canAccessProject,
+    getAccessibleProjects: getAccessibleProjects,
+    canAccessSession: canAccessSession,
+  };
+}
+
+module.exports = {
+  DEFAULT_PERMISSIONS: DEFAULT_PERMISSIONS,
+  ALL_PERMISSIONS: ALL_PERMISSIONS,
+  attachPermissions: attachPermissions,
+};

package/lib/users-preferences.js

@@ -0,0 +1,210 @@
+function attachPreferences(deps) {
+  var loadUsers = deps.loadUsers;
+  var saveUsers = deps.saveUsers;
+
+  // --- DM Favorites ---
+
+  function getDmFavorites(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        return data.users[i].dmFavorites || [];
+      }
+    }
+    return [];
+  }
+
+  function addDmFavorite(userId, targetUserId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].dmFavorites) data.users[i].dmFavorites = [];
+        if (data.users[i].dmFavorites.indexOf(targetUserId) === -1) {
+          data.users[i].dmFavorites.push(targetUserId);
+          saveUsers(data);
+        }
+        return data.users[i].dmFavorites;
+      }
+    }
+    return [];
+  }
+
+  function removeDmFavorite(userId, targetUserId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].dmFavorites) data.users[i].dmFavorites = [];
+        data.users[i].dmFavorites = data.users[i].dmFavorites.filter(function (id) {
+          return id !== targetUserId;
+        });
+        saveUsers(data);
+        return data.users[i].dmFavorites;
+      }
+    }
+    return [];
+  }
+
+  // --- DM Hidden (dismissed from strip) ---
+
+  function getDmHidden(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        return data.users[i].dmHidden || [];
+      }
+    }
+    return [];
+  }
+
+  function addDmHidden(userId, targetUserId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].dmHidden) data.users[i].dmHidden = [];
+        if (data.users[i].dmHidden.indexOf(targetUserId) === -1) {
+          data.users[i].dmHidden.push(targetUserId);
+          saveUsers(data);
+        }
+        return data.users[i].dmHidden;
+      }
+    }
+    return [];
+  }
+
+  function removeDmHidden(userId, targetUserId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].dmHidden) data.users[i].dmHidden = [];
+        data.users[i].dmHidden = data.users[i].dmHidden.filter(function (id) {
+          return id !== targetUserId;
+        });
+        saveUsers(data);
+        return data.users[i].dmHidden;
+      }
+    }
+    return [];
+  }
+
+  // --- Deleted built-in mate keys tracking ---
+
+  function getDeletedBuiltinKeys(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        return data.users[i].deletedBuiltinKeys || [];
+      }
+    }
+    return [];
+  }
+
+  function addDeletedBuiltinKey(userId, key) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].deletedBuiltinKeys) data.users[i].deletedBuiltinKeys = [];
+        if (data.users[i].deletedBuiltinKeys.indexOf(key) === -1) {
+          data.users[i].deletedBuiltinKeys.push(key);
+          saveUsers(data);
+        }
+        return;
+      }
+    }
+  }
+
+  function removeDeletedBuiltinKey(userId, key) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        if (!data.users[i].deletedBuiltinKeys) return;
+        data.users[i].deletedBuiltinKeys = data.users[i].deletedBuiltinKeys.filter(function (k) {
+          return k !== key;
+        });
+        saveUsers(data);
+        return;
+      }
+    }
+  }
+
+  // --- Per-user chat layout setting ---
+
+  function getChatLayout(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        return data.users[i].chatLayout || "channel";
+      }
+    }
+    return "channel";
+  }
+
+  function setChatLayout(userId, layout) {
+    var val = (layout === "bubble") ? "bubble" : "channel";
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        data.users[i].chatLayout = val;
+        saveUsers(data);
+        return { ok: true, chatLayout: val };
+      }
+    }
+    return { error: "User not found" };
+  }
+
+  // --- Per-user auto-continue setting ---
+
+  function getAutoContinue(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        return !!data.users[i].autoContinueOnRateLimit;
+      }
+    }
+    return false;
+  }
+
+  function setAutoContinue(userId, enabled) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        data.users[i].autoContinueOnRateLimit = !!enabled;
+        saveUsers(data);
+        return { ok: true, autoContinueOnRateLimit: !!enabled };
+      }
+    }
+    return { error: "User not found" };
+  }
+
+  // --- Mate onboarding ---
+
+  function setMateOnboarded(userId) {
+    var data = loadUsers();
+    for (var i = 0; i < data.users.length; i++) {
+      if (data.users[i].id === userId) {
+        data.users[i].mateOnboardingShown = true;
+        saveUsers(data);
+        return { ok: true };
+      }
+    }
+    return { error: "User not found" };
+  }
+
+  return {
+    getDmFavorites: getDmFavorites,
+    addDmFavorite: addDmFavorite,
+    removeDmFavorite: removeDmFavorite,
+    getDmHidden: getDmHidden,
+    addDmHidden: addDmHidden,
+    removeDmHidden: removeDmHidden,
+    getDeletedBuiltinKeys: getDeletedBuiltinKeys,
+    addDeletedBuiltinKey: addDeletedBuiltinKey,
+    removeDeletedBuiltinKey: removeDeletedBuiltinKey,
+    getChatLayout: getChatLayout,
+    setChatLayout: setChatLayout,
+    getAutoContinue: getAutoContinue,
+    setAutoContinue: setAutoContinue,
+    setMateOnboarded: setMateOnboarded,
+  };
+}
+
+module.exports = { attachPreferences: attachPreferences };