clay-server 2.33.1 → 2.34.0-beta.10

package/lib/yoke/index.js

@@ -4,7 +4,6 @@
 var iface = require("./interface");
 var instructions = require("./instructions");
 var createClaudeAdapter = require("./adapters/claude").createClaudeAdapter;
-var createGeminiAdapter = require("./adapters/gemini").createGeminiAdapter;
 var createCodexAdapter = require("./adapters/codex").createCodexAdapter;
 
 /**
@@ -20,6 +19,7 @@ function wrapCreateQuery(adapter, defaultCwd) {
   var originalCreateQuery = adapter.createQuery.bind(adapter);
 
   adapter.createQuery = function(queryOpts) {
+    queryOpts = queryOpts || {};
     var projectDir = (queryOpts && queryOpts.cwd) || defaultCwd;
     var merged = instructions.scanAndMerge(projectDir, adapter.vendor);
 
@@ -48,15 +48,13 @@ function createAdapter(opts) {
   var adapter;
   if (vendor === "claude") {
     adapter = createClaudeAdapter(opts);
-  } else if (vendor === "gemini") {
-    adapter = createGeminiAdapter(opts);
   } else if (vendor === "codex") {
     adapter = createCodexAdapter(opts);
   } else {
     throw new Error("[YOKE] Unknown adapter vendor: " + vendor);
   }
   iface.validateAdapter(adapter);
-  wrapCreateQuery(adapter, opts.cwd);
+  wrapCreateQuery(adapter, opts && opts.cwd);
   return adapter;
 }
 
@@ -82,6 +80,18 @@ function checkAuth() {
   if (_authCache) return _authCache;
 
   var execSync = require("child_process").execSync;
+  var execFileSync = require("child_process").execFileSync;
+
+  function lookupBinary(name) {
+    try {
+      if (process.platform === "win32") {
+        return execFileSync("where", [name], { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim().split(/\r?\n/)[0] || null;
+      }
+      return execFileSync("which", [name], { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] }).trim().split(/\r?\n/)[0] || null;
+    } catch (e) {
+      return null;
+    }
+  }
 
   function parseClaudeAuthStatusJson(out) {
     if (!out) return null;
@@ -101,7 +111,31 @@ function checkAuth() {
     return false;
   }
 
+  function hasThirdPartyProviderAuth() {
+    // Claude Code supports third-party providers via env vars. When these are set,
+    // `claude auth status` reports "not logged in" because there is no OAuth session,
+    // but Claude Code itself authenticates directly through the provider.
+    var env = process.env;
+    if (env.CLAUDE_CODE_USE_BEDROCK === "1"
+        && (env.AWS_BEARER_TOKEN_BEDROCK
+            || env.AWS_ACCESS_KEY_ID
+            || env.AWS_PROFILE
+            || env.AWS_SESSION_TOKEN)) {
+      return "bedrock";
+    }
+    if (env.CLAUDE_CODE_USE_VERTEX === "1") return "vertex";
+    if (env.ANTHROPIC_API_KEY) return "api_key";
+    if (env.ANTHROPIC_AUTH_TOKEN) return "auth_token";
+    return null;
+  }
+
   function checkClaude() {
+    var provider = hasThirdPartyProviderAuth();
+    if (provider) {
+      console.log("[yoke] Claude auth via third-party provider: " + provider);
+      return true;
+    }
+
     try {
       var out = execSync("claude auth status --json", { timeout: 5000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
       var parsed = parseClaudeAuthStatusJson(out);
@@ -127,47 +161,52 @@ function checkAuth() {
   function resolveCodexBinary() {
     var fs = require("fs");
     var findCodexPath = require("./codex-app-server").findCodexPath;
-    var pathProbeCmd = process.platform === "win32" ? "where codex" : "which codex";
 
     try {
       var codexBin = findCodexPath();
       if (codexBin && fs.existsSync(codexBin)) return codexBin;
     } catch (e) {}
 
-    try {
-      var whichOut = execSync(pathProbeCmd, { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
-      var codexPath = whichOut.trim().split(/\r?\n/)[0];
-      if (codexPath) return codexPath;
-    } catch (e) {}
-
-    return null;
+    return lookupBinary("codex");
   }
 
   function checkCodex() {
     try {
       var codexBin = resolveCodexBinary();
       if (!codexBin) return false;
-      execSync('"' + codexBin + '" login status', { timeout: 5000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
+      execFileSync(codexBin, ["login", "status"], { timeout: 5000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
       return true;
     } catch (e) {
       return false;
     }
   }
 
-  _authCache = { claude: checkClaude(), codex: checkCodex(), gemini: false };
+  _authCache = { claude: checkClaude(), codex: checkCodex() };
   logAuthCheck(_authCache);
   return _authCache;
 }
 
 /**
  * Check which vendor binaries are installed (regardless of auth status).
+ *
+ * Result is cached at module scope because the check runs two execFileSync
+ * calls per invocation and is triggered once per project context on daemon
+ * startup. With N projects this used to cost ~2N synchronous subprocesses;
+ * caching collapses it to two total. The cache is invalidated alongside
+ * the auth cache (via invalidateAuthCache) since "just installed" is the
+ * same situation as "just logged in" from the daemon's perspective.
  */
+var _installedCache = null;
+
 function checkInstalled() {
+  if (_installedCache) return _installedCache;
+
   var fs = require("fs");
-  var execSync = require("child_process").execSync;
+  var execFileSync = require("child_process").execFileSync;
   var result = { claude: false, codex: false };
   try {
-    execSync("which claude", { timeout: 3000, stdio: ["pipe", "pipe", "pipe"] });
+    if (process.platform === "win32") execFileSync("where", ["claude"], { timeout: 3000, stdio: ["pipe", "pipe", "pipe"] });
+    else execFileSync("which", ["claude"], { timeout: 3000, stdio: ["pipe", "pipe", "pipe"] });
     result.claude = true;
   } catch (e) {}
   try {
@@ -177,53 +216,66 @@ function checkInstalled() {
       codexBin = findCodexPath();
       if (codexBin && fs.existsSync(codexBin)) {
         result.codex = true;
+        _installedCache = result;
         return result;
       }
     } catch (e) {}
 
-    var pathProbeCmd = process.platform === "win32" ? "where codex" : "which codex";
-    var whichOut = execSync(pathProbeCmd, { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
+    var whichOut = process.platform === "win32"
+      ? execFileSync("where", ["codex"], { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] })
+      : execFileSync("which", ["codex"], { timeout: 3000, encoding: "utf8", stdio: ["pipe", "pipe", "pipe"] });
     if (whichOut.trim()) result.codex = true;
   } catch (e) {}
+  _installedCache = result;
   return result;
 }
 
 function invalidateAuthCache() {
   _authCache = null;
+  _installedCache = null;
 }
 
 /**
  * Create adapters for all authenticated vendors.
- * Adapters are singletons shared across all projects (they are stateless factories).
- * The cwd is passed per-query, not per-adapter.
+ * Claude may be shared across projects, but Codex is instantiated per project
+ * so its app-server and bridge stay scoped to a single project slug.
  * Returns { adapters: { vendor: Adapter }, auth: { vendor: boolean } }
  */
-var _sharedAdapters = null;
-var _sharedAuth = null;
+var _sharedClaudeAdapter = null;
 
 function createAdapters(opts) {
-  if (_sharedAdapters) {
-    return { adapters: _sharedAdapters, auth: _sharedAuth };
-  }
-
-  var auth = checkAuth();
+  opts = opts || {};
+  // Gate adapter creation on binary installation, not OAuth auth status.
+  // Claude Code supports multiple auth modes (OAuth, Bedrock, Vertex, API key)
+  // that `claude auth status` does not always detect. Runtime auth failures are
+  // handled downstream via query-level error detection.
+  var installed = checkInstalled();
+  var auth = { claude: false, codex: false };
   var adapters = {};
-  var vendors = Object.keys(auth);
 
-  for (var i = 0; i < vendors.length; i++) {
-    var vendor = vendors[i];
-    if (!auth[vendor]) continue;
+  if (installed.claude) {
     try {
-      adapters[vendor] = createAdapter({ vendor: vendor, cwd: opts.cwd });
-      console.log("[yoke] Adapter created: " + vendor);
+      if (!_sharedClaudeAdapter) {
+        _sharedClaudeAdapter = createAdapter({ vendor: "claude", cwd: opts.cwd });
+      }
+      adapters.claude = _sharedClaudeAdapter;
+      auth.claude = true;
+      console.log("[yoke] Adapter created: claude");
     } catch (e) {
-      console.error("[yoke] Failed to create adapter for " + vendor + ":", e.message);
-      auth[vendor] = false;
+      console.error("[yoke] Failed to create adapter for claude:", e.message);
+    }
+  }
+
+  if (installed.codex) {
+    try {
+      adapters.codex = createAdapter({ vendor: "codex", cwd: opts.cwd, slug: opts.slug });
+      auth.codex = true;
+      console.log("[yoke] Adapter created: codex");
+    } catch (e) {
+      console.error("[yoke] Failed to create adapter for codex:", e.message);
     }
   }
 
-  _sharedAdapters = adapters;
-  _sharedAuth = auth;
   return { adapters: adapters, auth: auth };
 }
 
@@ -233,26 +285,19 @@ function createAdapters(opts) {
  * Returns the adapter or null.
  */
 async function lazyCreateAdapter(adapters, vendor, opts) {
-  if (_sharedAdapters && _sharedAdapters[vendor]) {
-    adapters[vendor] = _sharedAdapters[vendor];
-    return adapters[vendor];
-  }
+  opts = opts || {};
 
   // Force re-check since user may have logged in after server start
   invalidateAuthCache();
-  _sharedAdapters = null;
-  _sharedAuth = null;
-  var auth = checkAuth();
-  if (!auth[vendor]) return null;
+  var installed = checkInstalled();
+  if (!installed[vendor]) return null;
 
   try {
-    var ad = createAdapter({ vendor: vendor, cwd: opts.cwd });
+    var ad = createAdapter({ vendor: vendor, cwd: opts.cwd, slug: opts.slug });
     if (typeof ad.init === "function") {
       await ad.init(opts || {});
     }
     console.log("[yoke] Lazy adapter created: " + vendor);
-    if (_sharedAdapters) _sharedAdapters[vendor] = ad;
-    if (_sharedAuth) _sharedAuth[vendor] = true;
     adapters[vendor] = ad;
     return ad;
   } catch (e) {

package/lib/yoke/instructions.js

@@ -24,7 +24,6 @@ var KNOWN_FILES = [
 var NATIVE_FILES = {
   claude: ["CLAUDE.md"],
   codex: ["AGENTS.md"],
-  gemini: [],
 };
 
 // Scan projectDir for instruction files and return merged text.

package/lib/yoke/mcp-bridge-server.js

@@ -3,7 +3,8 @@
 // --------------------------------------------------
 // Codex spawns this as a native MCP server via config.mcp_servers["clay-tools"].
 // It implements the MCP protocol on stdio (JSON-RPC) and proxies tool
-// list/call requests to Clay's HTTP endpoint (/api/mcp-bridge).
+// list/call requests to Clay's project-scoped HTTP endpoint
+// (/p/{slug}/api/mcp-bridge) when a slug is provided.
 //
 // Usage: node mcp-bridge-server.js --port 2633 --slug my-project
 //
@@ -37,8 +38,10 @@ for (var i = 0; i < args.length; i++) {
 }
 
 var CLAY_PROTOCOL = clayTls ? "https" : "http";
-// Use global endpoint (not project-scoped) so bridge works regardless of which project was active at init
 var CLAY_BASE_URL = CLAY_PROTOCOL + "://127.0.0.1:" + clayPort;
+var CLAY_MCP_PATH = claySlug
+  ? ("/p/" + claySlug + "/api/mcp-bridge")
+  : "/api/mcp-bridge";
 
 // --- Auth ---
 var clayAuthToken = process.env.CLAY_AUTH_TOKEN || "";
@@ -91,8 +94,13 @@ function postJson(urlPath, body) {
       reject(err);
     });
 
-    // 30s timeout for tool calls
-    req.setTimeout(30000, function () {
+    // 10 min safety ceiling. ask_user_questions is stateless (returns
+    // immediately; the user's answer arrives on the next turn as a new
+    // user message), so no tool call should legitimately block long.
+    // The generous ceiling is just a belt-and-suspenders against slow
+    // browser automation or external MCP servers, not the primary
+    // mechanism for human-in-the-loop tools.
+    req.setTimeout(600000, function () {
       req.destroy(new Error("Request timed out"));
     });
 
@@ -103,7 +111,7 @@ function postJson(urlPath, body) {
 
 // --- Fetch tools from Clay ---
 function fetchTools() {
-  return postJson("/api/mcp-bridge", { action: "list_tools" }).then(function (resp) {
+  return postJson(CLAY_MCP_PATH, { action: "list_tools" }).then(function (resp) {
     if (resp.error) {
       log("Failed to fetch tools: " + resp.error);
       return [];
@@ -124,7 +132,7 @@ function fetchTools() {
 
 // --- Call a tool via Clay ---
 function callTool(serverName, toolName, args) {
-  return postJson("/api/mcp-bridge", {
+  return postJson(CLAY_MCP_PATH, {
     action: "call_tool",
     server: serverName,
     tool: toolName,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clay-server",
-  "version": "2.33.1",
+  "version": "2.34.0-beta.10",
   "description": "Self-hosted Claude Code in your browser. Multi-session, multi-user, push notifications.",
   "bin": {
     "clay-server": "./bin/cli.js",
@@ -37,7 +37,6 @@
   "author": "Chad",
   "dependencies": {
     "@anthropic-ai/claude-agent-sdk": "^0.2.112",
-    "@google/genai": "^1.49.0",
     "@lydell/node-pty": "^1.2.0-beta.3",
     "@openai/codex": "^0.121.0",
     "imapflow": "^1.3.1",