npm - clay-server - Versions diffs - 2.8.2 → 2.9.0 - Mend

clay-server 2.8.2 → 2.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (27) hide show

package/README.md +2 -0
package/bin/cli.js +122 -2
package/lib/config.js +20 -1
package/lib/daemon.js +40 -0
package/lib/pages.js +670 -27
package/lib/project.js +267 -16
package/lib/public/app.js +74 -14
package/lib/public/css/admin.css +576 -0
package/lib/public/css/icon-strip.css +1 -0
package/lib/public/css/menus.css +16 -11
package/lib/public/css/overlays.css +2 -4
package/lib/public/css/sidebar.css +49 -0
package/lib/public/css/title-bar.css +45 -1
package/lib/public/index.html +38 -8
package/lib/public/modules/admin.js +631 -0
package/lib/public/modules/markdown.js +9 -5
package/lib/public/modules/profile.js +21 -0
package/lib/public/modules/project-settings.js +4 -1
package/lib/public/modules/server-settings.js +13 -0
package/lib/public/modules/sidebar.js +111 -5
package/lib/public/style.css +1 -0
package/lib/push.js +6 -0
package/lib/server.js +1075 -27
package/lib/sessions.js +127 -41
package/lib/smtp.js +221 -0
package/lib/users.js +459 -0
package/package.json +2 -1

package/README.md CHANGED Viewed

@@ -276,6 +276,8 @@ If you are using claude-relay, let us know how you are using it in Discussions:
 This is an independent project and is not affiliated with Anthropic. Claude is a trademark of Anthropic.
+Clay is provided "as is" without warranty of any kind. Users are responsible for ensuring their use of this software complies with all applicable terms of service of the underlying AI providers (e.g., Anthropic, OpenAI) and any other third-party services. Features such as multi-user mode are experimental and may involve sharing access to API-backed services — please review your provider's usage policies regarding account sharing, acceptable use, and any applicable rate limits or restrictions before enabling such features. The authors assume no liability for any misuse or violations arising from the use of this software.
 ## License
 MIT

package/bin/cli.js CHANGED Viewed

@@ -28,6 +28,7 @@ if (_isDev) process.env.CLAY_DEV = "1";
 var { loadConfig, saveConfig, configPath, socketPath, logPath, ensureConfigDir, isDaemonAlive, isDaemonAliveAsync, generateSlug, clearStaleConfig, loadClayrc, saveClayrc, readCrashInfo } = require("../lib/config");
 var { sendIPCCommand } = require("../lib/ipc");
 var { generateAuthToken } = require("../lib/server");
+var { enableMultiUser, hasAdmin, isMultiUser } = require("../lib/users");
 function openUrl(url) {
   try {
@@ -56,6 +57,7 @@ var dangerouslySkipPermissions = false;
 var headlessMode = false;
 var watchMode = false;
 var host = null;
+var multiUserMode = false;
 for (var i = 0; i < args.length; i++) {
   if (args[i] === "-p" || args[i] === "--port") {
@@ -100,6 +102,8 @@ for (var i = 0; i < args.length; i++) {
     autoYes = true;
   } else if (args[i] === "--dangerously-skip-permissions") {
     dangerouslySkipPermissions = true;
+  } else if (args[i] === "--multi-user") {
+    multiUserMode = true;
   } else if (args[i] === "-h" || args[i] === "--help") {
     console.log("Usage: clay-server [-p|--port <port>] [--host <address>] [--no-https] [--no-update] [--debug] [-y|--yes] [--pin <pin>] [--shutdown] [--restart]");
     console.log("       clay-server --add <path>     Add a project to the running daemon");
@@ -120,6 +124,7 @@ for (var i = 0; i < args.length; i++) {
     console.log("  --remove <path>    Remove a project directory");
     console.log("  --list             List all registered projects");
     console.log("  --headless         Start daemon and exit immediately (implies --yes)");
+    console.log("  --multi-user       Enable multi-user mode (generates setup code)");
     console.log("  --dangerously-skip-permissions");
     console.log("                     Bypass all permission prompts");
     process.exit(0);
@@ -258,6 +263,34 @@ if (listMode) {
   return;
 }
+// --- Handle --multi-user before anything else ---
+if (multiUserMode) {
+  var muResult = enableMultiUser();
+  if (muResult.alreadyEnabled && muResult.hasAdmin) {
+    console.log("");
+    console.log("Multi-user mode is already enabled and an admin account exists.");
+    console.log("No changes made.");
+    console.log("");
+  } else if (muResult.setupCode) {
+    console.log("");
+    console.log("\x1b[33m⚠ Experimental Feature\x1b[0m");
+    console.log("");
+    console.log("  Multi-user mode is experimental and may change in future releases.");
+    console.log("  Sharing access to AI-powered tools may be subject to your provider's");
+    console.log("  terms of service. Please review the applicable usage policies before");
+    console.log("  granting access to other users.");
+    console.log("");
+    console.log("\x1b[32mMulti-user mode enabled.\x1b[0m");
+    console.log("");
+    console.log("Setup code:  \x1b[1m" + muResult.setupCode + "\x1b[0m");
+    console.log("");
+    console.log("Open Clay in your browser and enter this code to create the admin account.");
+    console.log("The code is single-use and will be cleared once the admin is set up.");
+    console.log("");
+  }
+  process.exit(0);
+}
 var cwd = process.cwd();
 // --- ANSI helpers ---
@@ -1312,6 +1345,15 @@ async function forkDaemon(pin, keepAwake, extraProjects, addCwd) {
   var allProjects = [];
   var usedSlugs = [];
+  // Load previous config to preserve per-project settings (visibility, allowedUsers)
+  var prevConfig = loadConfig();
+  var prevProjectMap = {};
+  if (prevConfig && prevConfig.projects) {
+    for (var pi = 0; pi < prevConfig.projects.length; pi++) {
+      prevProjectMap[prevConfig.projects[pi].path] = prevConfig.projects[pi];
+    }
+  }
   // Only include cwd if explicitly requested
   if (addCwd) {
     var slug = generateSlug(cwd, []);
@@ -1326,6 +1368,11 @@ async function forkDaemon(pin, keepAwake, extraProjects, addCwd) {
         break;
       }
     }
+    // Restore access settings from previous config
+    if (prevProjectMap[cwd]) {
+      if (prevProjectMap[cwd].visibility) cwdEntry.visibility = prevProjectMap[cwd].visibility;
+      if (prevProjectMap[cwd].allowedUsers) cwdEntry.allowedUsers = prevProjectMap[cwd].allowedUsers;
+    }
     allProjects.push(cwdEntry);
     usedSlugs.push(slug);
   }
@@ -1338,7 +1385,13 @@ async function forkDaemon(pin, keepAwake, extraProjects, addCwd) {
       if (!fs.existsSync(rp.path)) continue; // skip missing directories
       var rpSlug = generateSlug(rp.path, usedSlugs);
       usedSlugs.push(rpSlug);
-      allProjects.push({ path: rp.path, slug: rpSlug, title: rp.title || undefined, icon: rp.icon || undefined, addedAt: rp.addedAt || Date.now() });
+      var rpEntry = { path: rp.path, slug: rpSlug, title: rp.title || undefined, icon: rp.icon || undefined, addedAt: rp.addedAt || Date.now() };
+      // Restore access settings from previous config
+      if (prevProjectMap[rp.path]) {
+        if (prevProjectMap[rp.path].visibility) rpEntry.visibility = prevProjectMap[rp.path].visibility;
+        if (prevProjectMap[rp.path].allowedUsers) rpEntry.allowedUsers = prevProjectMap[rp.path].allowedUsers;
+      }
+      allProjects.push(rpEntry);
     }
   }
@@ -1429,6 +1482,15 @@ async function devMode(pin, keepAwake, existingPinHash) {
   var slug = generateSlug(cwd, []);
   var cwdDevEntry = { path: cwd, slug: slug, addedAt: Date.now() };
+  // Load previous config to preserve per-project settings (visibility, allowedUsers)
+  var prevDevConfig = loadConfig();
+  var prevDevProjectMap = {};
+  if (prevDevConfig && prevDevConfig.projects) {
+    for (var pdi = 0; pdi < prevDevConfig.projects.length; pdi++) {
+      prevDevProjectMap[prevDevConfig.projects[pdi].path] = prevDevConfig.projects[pdi];
+    }
+  }
   // Restore previous projects
   var rc = loadClayrc();
   var restorable = (rc.recentProjects || []).filter(function (p) {
@@ -1443,13 +1505,24 @@ async function devMode(pin, keepAwake, existingPinHash) {
       break;
     }
   }
+  // Restore access settings for cwd from previous config
+  if (prevDevProjectMap[cwd]) {
+    if (prevDevProjectMap[cwd].visibility) cwdDevEntry.visibility = prevDevProjectMap[cwd].visibility;
+    if (prevDevProjectMap[cwd].allowedUsers) cwdDevEntry.allowedUsers = prevDevProjectMap[cwd].allowedUsers;
+  }
   var allProjects = [cwdDevEntry];
   var usedSlugs = [slug];
   for (var ri = 0; ri < restorable.length; ri++) {
     var rp = restorable[ri];
     var rpSlug = generateSlug(rp.path, usedSlugs);
     usedSlugs.push(rpSlug);
-    allProjects.push({ path: rp.path, slug: rpSlug, title: rp.title || undefined, icon: rp.icon || undefined, addedAt: rp.addedAt || Date.now() });
+    var rpDevEntry = { path: rp.path, slug: rpSlug, title: rp.title || undefined, icon: rp.icon || undefined, addedAt: rp.addedAt || Date.now() };
+    // Restore access settings from previous config
+    if (prevDevProjectMap[rp.path]) {
+      if (prevDevProjectMap[rp.path].visibility) rpDevEntry.visibility = prevDevProjectMap[rp.path].visibility;
+      if (prevDevProjectMap[rp.path].allowedUsers) rpDevEntry.allowedUsers = prevDevProjectMap[rp.path].allowedUsers;
+    }
+    allProjects.push(rpDevEntry);
   }
   var config = {
@@ -2222,7 +2295,13 @@ function showSettingsMenu(config, ip) {
     log(sym.bar + "  Tailscale    " + tsStatus);
     log(sym.bar + "  mkcert       " + mcStatus);
     log(sym.bar + "  HTTPS        " + tlsStatus);
+    var muEnabled = isMultiUser();
+    var muStatus = muEnabled
+      ? a.green + "Enabled" + a.reset
+      : a.dim + "Off" + a.reset;
     log(sym.bar + "  PIN          " + pinStatus);
+    log(sym.bar + "  Multi-user   " + muStatus);
     if (process.platform === "darwin") {
       log(sym.bar + "  Keep awake   " + awakeStatus);
     }
@@ -2239,6 +2318,11 @@ function showSettingsMenu(config, ip) {
     } else {
       items.push({ label: "Set PIN", value: "pin" });
     }
+    if (muEnabled) {
+      items.push({ label: "Multi-user mode (enabled)", value: "multi_user" });
+    } else {
+      items.push({ label: "Enable multi-user mode", value: "multi_user" });
+    }
     if (process.platform === "darwin") {
       items.push({ label: isAwake ? "Disable keep awake" : "Enable keep awake", value: "awake" });
     }
@@ -2280,6 +2364,42 @@ function showSettingsMenu(config, ip) {
         });
         break;
+      case "multi_user":
+        if (muEnabled && hasAdmin()) {
+          log(sym.bar);
+          log(sym.bar + "  " + a.dim + "Multi-user mode is already enabled and an admin account exists." + a.reset);
+          log(sym.bar + "  " + a.dim + "No changes made." + a.reset);
+          log(sym.bar);
+          promptSelect("Back?", [{ label: "Back", value: "back" }], function () {
+            showSettingsMenu(config, ip);
+          });
+        } else {
+          var muResult = enableMultiUser();
+          log(sym.bar);
+          log(sym.bar + "  " + a.yellow + sym.warn + " Experimental Feature" + a.reset);
+          log(sym.bar);
+          log(sym.bar + "  " + a.dim + "Multi-user mode is experimental and may change in future releases." + a.reset);
+          log(sym.bar + "  " + a.dim + "Sharing access to AI-powered tools may be subject to your provider's" + a.reset);
+          log(sym.bar + "  " + a.dim + "terms of service. Please review the applicable usage policies before" + a.reset);
+          log(sym.bar + "  " + a.dim + "granting access to other users." + a.reset);
+          log(sym.bar);
+          if (muResult.setupCode) {
+            log(sym.bar + "  " + a.green + "Multi-user mode enabled." + a.reset);
+            log(sym.bar);
+            log(sym.bar + "  Setup code:  " + a.bold + muResult.setupCode + a.reset);
+            log(sym.bar);
+            log(sym.bar + "  " + a.dim + "Open Clay in your browser and enter this code to create the admin account." + a.reset);
+            log(sym.bar + "  " + a.dim + "The code is single-use and will be cleared once the admin is set up." + a.reset);
+          } else {
+            log(sym.bar + "  " + a.dim + "Multi-user mode is already enabled." + a.reset);
+          }
+          log(sym.bar);
+          promptSelect("Back?", [{ label: "Back", value: "back" }], function () {
+            showSettingsMenu(config, ip);
+          });
+        }
+        break;
       case "logs":
         console.clear();
         log(a.bold + "Daemon logs" + a.reset + " " + a.dim + "(" + logPath() + ")" + a.reset);

package/lib/config.js CHANGED Viewed

@@ -89,8 +89,14 @@ function logPath() {
   return path.join(CONFIG_DIR, _devMode ? "daemon-dev.log" : "daemon.log");
 }
+function chmodSafe(filePath, mode) {
+  if (process.platform === "win32") return;
+  try { fs.chmodSync(filePath, mode); } catch (e) {}
+}
 function ensureConfigDir() {
   fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  chmodSafe(CONFIG_DIR, 0o700);
 }
 function loadConfig() {
@@ -106,7 +112,9 @@ function saveConfig(config) {
   ensureConfigDir();
   var tmpPath = configPath() + ".tmp";
   fs.writeFileSync(tmpPath, JSON.stringify(config, null, 2));
+  chmodSafe(tmpPath, 0o600);
   fs.renameSync(tmpPath, configPath());
+  chmodSafe(configPath(), 0o600);
 }
 function isPidAlive(pid) {
@@ -173,7 +181,17 @@ function generateSlug(projectPath, existingSlugs) {
 }
 function clearStaleConfig() {
-  try { fs.unlinkSync(configPath()); } catch (e) {}
+  // Clear pid from config instead of deleting the file (preserves project settings)
+  try {
+    var data = fs.readFileSync(configPath(), "utf8");
+    var cfg = JSON.parse(data);
+    cfg.pid = null;
+    var tmpPath = configPath() + ".tmp";
+    fs.writeFileSync(tmpPath, JSON.stringify(cfg, null, 2));
+    chmodSafe(tmpPath, 0o600);
+    fs.renameSync(tmpPath, configPath());
+    chmodSafe(configPath(), 0o600);
+  } catch (e) {}
   if (process.platform !== "win32") {
     try { fs.unlinkSync(socketPath()); } catch (e) {}
   }
@@ -316,4 +334,5 @@ module.exports = {
   saveClayrc: saveClayrc,
   syncClayrc: syncClayrc,
   removeFromClayrc: removeFromClayrc,
+  chmodSafe: chmodSafe,
 };

package/lib/daemon.js CHANGED Viewed

@@ -368,6 +368,12 @@ var relay = createServer({
     console.log("[daemon] PIN", pin ? "set" : "removed", "(web)");
     return { ok: true, pinEnabled: !!config.pinHash };
   },
+  onUpgradePin: function (newHash) {
+    config.pinHash = newHash;
+    relay.setAuthToken(newHash);
+    saveConfig(config);
+    console.log("[daemon] PIN hash auto-upgraded to scrypt");
+  },
   onSetKeepAwake: function (value) {
     var want = !!value;
     config.keepAwake = want;
@@ -393,6 +399,40 @@ var relay = createServer({
     console.log("[daemon] Restart requested via web UI");
     spawnAndRestart();
   },
+  onSetProjectVisibility: function (slug, visibility) {
+    for (var i = 0; i < config.projects.length; i++) {
+      if (config.projects[i].slug === slug) {
+        config.projects[i].visibility = visibility;
+        saveConfig(config);
+        console.log("[daemon] Set project visibility:", slug, "→", visibility);
+        return { ok: true };
+      }
+    }
+    return { error: "Project not found" };
+  },
+  onSetProjectAllowedUsers: function (slug, allowedUsers) {
+    for (var i = 0; i < config.projects.length; i++) {
+      if (config.projects[i].slug === slug) {
+        config.projects[i].allowedUsers = allowedUsers;
+        saveConfig(config);
+        console.log("[daemon] Set project allowed users:", slug, "→", allowedUsers.length, "users");
+        return { ok: true };
+      }
+    }
+    return { error: "Project not found" };
+  },
+  onGetProjectAccess: function (slug) {
+    for (var i = 0; i < config.projects.length; i++) {
+      if (config.projects[i].slug === slug) {
+        return {
+          slug: slug,
+          visibility: config.projects[i].visibility || "public",
+          allowedUsers: config.projects[i].allowedUsers || [],
+        };
+      }
+    }
+    return { error: "Project not found" };
+  },
 });
 // --- Register projects ---