create-walle 0.3.0 → 0.3.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-walle",
-  "version": "0.3.0",
+  "version": "0.3.2",
   "description": "Set up Wall-E — your personal digital twin",
   "bin": {
     "create-walle": "bin/create-walle.js"

package/template/claude-task-manager/public/setup.html

@@ -243,13 +243,16 @@
           document.getElementById('api-key').value = '';
           document.getElementById('api-key').placeholder = '••••••••••••••• (from ' + (d.source || 'environment') + ')';
           document.getElementById('api-dot').className = 'status-dot ok';
-          okMsg.textContent = 'API key detected from ' + (d.source || 'environment') + '!';
+          okMsg.textContent = 'Detected: ' + (d.source || 'environment') + '!';
           okMsg.style.display = 'inline';
           const ownerVal = document.getElementById('owner-name').value.trim();
+          const saveBody = { owner_name: ownerVal };
+          if (d.gateway) saveBody.gateway = d.gateway;
+          else saveBody.api_key = d.key;
           await fetch('/api/setup/save', {
             method: 'POST',
             headers: { 'Content-Type': 'application/json' },
-            body: JSON.stringify({ owner_name: ownerVal, api_key: d.key }),
+            body: JSON.stringify(saveBody),
           });
         } else {
           errMsg.textContent = d.hint || 'No API key found. Enter one manually.';

package/template/claude-task-manager/server.js

@@ -107,6 +107,26 @@ const server = http.createServer((req, res) => {
     }
   }
 
+  // Slack OAuth callback (browser redirect — no auth token, must be before auth check)
+  if (url.pathname === '/api/slack/callback' && req.method === 'GET') {
+    try {
+      const slackMcp = require('../wall-e/tools/slack-mcp');
+      const code = url.searchParams.get('code');
+      const state = url.searchParams.get('state');
+      slackMcp.handleOAuthCallback(code, state).then(result => {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(result.html);
+      }).catch(err => {
+        res.writeHead(500, { 'Content-Type': 'text/html' });
+        res.end('<html><body>OAuth error: ' + err.message + '</body></html>');
+      });
+    } catch (e) {
+      res.writeHead(500, { 'Content-Type': 'text/html' });
+      res.end('<html><body>Slack module not available: ' + e.message + '</body></html>');
+    }
+    return;
+  }
+
   // API routes
   if (url.pathname.startsWith('/api/')) {
     if (!isLocalhost(req)) {
@@ -208,15 +228,26 @@ function handleApi(req, res, url) {
   if (url.pathname === '/api/setup/detect-key' && req.method === 'GET') {
     let key = '';
     let source = '';
+    let gateway = null; // For corporate/Portkey gateway setups
+
+    // 1. Check for corporate gateway setup (Portkey, cybertron, etc.)
+    if (process.env.ANTHROPIC_BASE_URL && process.env.ANTHROPIC_CUSTOM_HEADERS_B64) {
+      gateway = {
+        base_url: process.env.ANTHROPIC_BASE_URL,
+        auth_token: process.env.ANTHROPIC_AUTH_TOKEN || 'sk-ant-api03-unused',
+        custom_headers_b64: process.env.ANTHROPIC_CUSTOM_HEADERS_B64,
+      };
+      source = 'Claude Code gateway (' + process.env.ANTHROPIC_BASE_URL.replace(/https?:\/\//, '').split('/')[0] + ')';
+    }
 
-    // 1. Check process.env
-    if (process.env.ANTHROPIC_API_KEY && process.env.ANTHROPIC_API_KEY.startsWith('sk-ant-')) {
+    // 2. Check for direct API key in process.env
+    if (!gateway && process.env.ANTHROPIC_API_KEY && process.env.ANTHROPIC_API_KEY.startsWith('sk-ant-')) {
       key = process.env.ANTHROPIC_API_KEY;
       source = 'environment variable';
     }
 
-    // 2. Try shell profile
-    if (!key) {
+    // 3. Try shell profile for direct API key
+    if (!gateway && !key) {
       try {
         const { execFileSync } = require('child_process');
         const shell = process.env.SHELL || '/bin/zsh';
@@ -225,8 +256,8 @@ function handleApi(req, res, url) {
       } catch {}
     }
 
-    // 3. Try Claude Code OAuth token from macOS Keychain
-    if (!key && process.platform === 'darwin') {
+    // 4. Try Claude Code OAuth token from macOS Keychain
+    if (!gateway && !key && process.platform === 'darwin') {
       try {
         const { execFileSync } = require('child_process');
         const credJson = execFileSync('security', ['find-generic-password', '-s', 'Claude Code-credentials', '-w'], { encoding: 'utf8', timeout: 3000 }).trim();
@@ -239,7 +270,6 @@ function handleApi(req, res, url) {
               key = oauth.accessToken;
               source = 'Claude Code (OAuth)';
             } else {
-              // Token expired — tell user to refresh
               res.writeHead(200, { 'Content-Type': 'application/json' });
               res.end(JSON.stringify({
                 found: false,
@@ -254,10 +284,10 @@ function handleApi(req, res, url) {
     }
 
     res.writeHead(200, { 'Content-Type': 'application/json' });
-    if (key) {
+    if (gateway) {
+      res.end(JSON.stringify({ found: true, gateway, source }));
+    } else if (key) {
       res.end(JSON.stringify({ found: true, key, source }));
-    } else if (process.env.ANTHROPIC_BASE_URL) {
-      res.end(JSON.stringify({ found: false, hint: 'Your environment uses an API gateway (' + process.env.ANTHROPIC_BASE_URL + '). You may not need a separate API key — try going to the dashboard.' }));
     } else {
       res.end(JSON.stringify({ found: false, hint: 'No API key found. Checked: environment variables, shell profile, Claude Code keychain. You can get a key at console.anthropic.com' }));
     }
@@ -281,6 +311,8 @@ function handleApi(req, res, url) {
         const apiKey = typeof data.api_key === 'string'
           ? data.api_key.replace(/[\r\n\s]/g, '').slice(0, 200)
           : '';
+        // Gateway config (corporate Portkey/cybertron setups)
+        const gw = data.gateway;
         if (apiKey && !/^sk-ant-/.test(apiKey)) {
           res.writeHead(400, { 'Content-Type': 'application/json' });
           res.end(JSON.stringify({ error: 'API key must start with sk-ant-' }));
@@ -288,22 +320,40 @@ function handleApi(req, res, url) {
         }
         const envPath = path.resolve(__dirname, '..', '.env');
         const lines = [];
-        // Read existing .env or start fresh
+        // Read existing .env, strip lines we're about to replace
+        const stripPatterns = [/^#?\s*WALLE_OWNER_NAME=/, /^#?\s*ANTHROPIC_API_KEY=/, /^#?\s*ANTHROPIC_BASE_URL=/, /^#?\s*ANTHROPIC_AUTH_TOKEN=/, /^#?\s*ANTHROPIC_CUSTOM_HEADERS_B64=/];
         try {
           const existing = fs.readFileSync(envPath, 'utf8');
           for (const line of existing.split('\n')) {
-            if (line.match(/^#?\s*ANTHROPIC_API_KEY=/) && apiKey) continue;
-            if (line.match(/^#?\s*WALLE_OWNER_NAME=/) && ownerName) continue;
-            lines.push(line);
+            const shouldStrip = (apiKey || gw) && stripPatterns.some(p => p.test(line));
+            if (!shouldStrip || (!apiKey && !gw)) lines.push(line);
+            else if (!ownerName || !line.match(/WALLE_OWNER_NAME/)) {
+              // Only strip if we have a replacement
+              if (stripPatterns.some(p => p.test(line))) continue;
+              lines.push(line);
+            }
+          }
+          // Also strip owner name line if we have a new one
+          if (ownerName) {
+            const idx = lines.findIndex(l => /^#?\s*WALLE_OWNER_NAME=/.test(l));
+            if (idx >= 0) lines.splice(idx, 1);
           }
         } catch { lines.push('# Wall-E configuration'); lines.push(''); }
-        // Add values after the header comment
+        // Add values
         if (ownerName) {
           const insertIdx = lines.findIndex(l => !l.startsWith('#') && l.trim() !== '') || lines.length;
           lines.splice(insertIdx, 0, `WALLE_OWNER_NAME=${ownerName}`);
           process.env.WALLE_OWNER_NAME = ownerName;
         }
-        if (apiKey) {
+        if (gw) {
+          // Gateway setup: save all three env vars
+          lines.push(`ANTHROPIC_BASE_URL=${gw.base_url}`);
+          lines.push(`ANTHROPIC_AUTH_TOKEN=${gw.auth_token}`);
+          lines.push(`ANTHROPIC_CUSTOM_HEADERS_B64=${gw.custom_headers_b64}`);
+          process.env.ANTHROPIC_BASE_URL = gw.base_url;
+          process.env.ANTHROPIC_AUTH_TOKEN = gw.auth_token;
+          process.env.ANTHROPIC_CUSTOM_HEADERS_B64 = gw.custom_headers_b64;
+        } else if (apiKey) {
           lines.push(`ANTHROPIC_API_KEY=${apiKey}`);
           process.env.ANTHROPIC_API_KEY = apiKey;
         }

package/template/wall-e/api-walle.js

@@ -213,13 +213,8 @@ function handleWalleApi(req, res, url) {
         jsonResponse(res, { ok: true, already: true });
         return true;
       }
-      // Start OAuth — browser opens server-side, resolve on callback
-      slackMcp.authenticate().then(token => {
-        console.log('[wall-e] Slack OAuth completed');
-      }).catch(err => {
-        console.error('[wall-e] Slack OAuth failed:', err.message);
-      });
-      // Tell client the flow started (browser will open)
+      // Start OAuth — opens browser, callback handled by CTM server route
+      slackMcp.authenticate();
       jsonResponse(res, { ok: true, pending: true });
     } catch (e) {
       jsonResponse(res, { error: e.message }, 500);

package/template/wall-e/tools/slack-mcp.js

@@ -6,9 +6,15 @@ const path = require('path');
 
 const SLACK_MCP_URL = 'https://mcp.slack.com/mcp';
 const CLIENT_ID = '1601185624273.8899143856786';
-const CALLBACK_PORT = 3118; // Must match the registered redirect_uri for this client ID
 const TOKEN_FILE = path.join(process.env.HOME, '.claude', 'wall-e-slack-token.json');
 
+// OAuth callback is handled by CTM server at /api/slack/callback
+// so it works on whatever port CTM is running on (no separate server needed).
+function getCallbackUrl() {
+  const port = process.env.CTM_PORT || '3456';
+  return `http://localhost:${port}/api/slack/callback`;
+}
+
 // ── Token persistence ──
 
 function loadToken() {
@@ -37,120 +43,109 @@ function generatePKCE() {
   return { verifier, challenge };
 }
 
+// Pending OAuth state (set during authenticate, consumed by handleOAuthCallback)
+let _pendingOAuth = null;
+
 /**
- * Start OAuth flow: opens browser, waits for callback.
- * Returns the access token.
+ * Start OAuth flow: opens browser, callback handled by CTM server.
+ * Returns immediately — the token is saved when CTM receives the callback.
  */
-async function authenticate() {
+function authenticate() {
   // Check if we already have a valid token
   const existing = loadToken();
   if (existing && existing.access_token) {
-    // TODO: check expiry if available
     return existing.access_token;
   }
 
   const { verifier, challenge } = generatePKCE();
   const state = crypto.randomBytes(16).toString('hex');
+  const redirectUri = getCallbackUrl();
 
-  return new Promise((resolve, reject) => {
-    const timeout = setTimeout(() => {
-      server.close();
-      reject(new Error('OAuth flow timed out (120s). Please try again.'));
-    }, 120000);
-
-    const server = http.createServer(async (req, res) => {
-      const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
-
-      const code = url.searchParams.get('code');
-      const returnedState = url.searchParams.get('state');
-
-      if (returnedState !== state) {
-        res.writeHead(400);
-        res.end('State mismatch. Please try again.');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('OAuth state mismatch'));
-        return;
-      }
-
-      if (!code) {
-        res.writeHead(400);
-        res.end('No authorization code received.');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('No authorization code'));
-        return;
-      }
-
-      try {
-        // Exchange code for token (MCP uses v2.user.access endpoint)
-        const tokenResp = await fetch('https://slack.com/api/oauth.v2.user.access', {
-          method: 'POST',
-          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
-          body: new URLSearchParams({
-            client_id: CLIENT_ID,
-            code,
-            code_verifier: verifier,
-            redirect_uri: `http://localhost:${CALLBACK_PORT}/callback`,
-          }),
-        });
-        const tokenData = await tokenResp.json();
-
-        if (!tokenData.ok) {
-          throw new Error(`Slack OAuth error: ${tokenData.error}`);
-        }
-
-        // Save token (v2.user.access returns tokens at top level, not nested under authed_user)
-        const tokenInfo = {
-          access_token: tokenData.access_token || tokenData.authed_user?.access_token,
-          refresh_token: tokenData.refresh_token,
-          team_id: tokenData.team?.id || tokenData.team_id,
-          team_name: tokenData.team?.name,
-          user_id: tokenData.user_id || tokenData.authed_user?.id,
-          scope: tokenData.scope || tokenData.authed_user?.scope,
-          obtained_at: new Date().toISOString(),
-        };
-        saveToken(tokenInfo);
-
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body style="font-family:system-ui;text-align:center;padding:40px"><h2>WALL-E connected to Slack!</h2><p>You can close this tab.</p></body></html>');
-
-        clearTimeout(timeout);
-        server.close();
-        resolve(tokenInfo.access_token);
-      } catch (err) {
-        res.writeHead(500);
-        res.end('Token exchange failed: ' + err.message);
-        clearTimeout(timeout);
-        server.close();
-        reject(err);
-      }
-    });
+  _pendingOAuth = { verifier, state, redirectUri, createdAt: Date.now() };
 
-    server.listen(CALLBACK_PORT, () => {
-      // Scopes from Slack MCP's .well-known/oauth-authorization-server
-      const scopes = 'search:read.public,search:read.private,search:read.mpim,search:read.im,search:read.files,search:read.users,chat:write,channels:history,groups:history,mpim:history,im:history,canvases:read,users:read,users:read.email';
-      const authUrl = `https://slack.com/oauth/v2_user/authorize?client_id=${CLIENT_ID}&scope=${encodeURIComponent(scopes)}&redirect_uri=${encodeURIComponent(`http://localhost:${CALLBACK_PORT}/callback`)}&state=${state}&code_challenge=${challenge}&code_challenge_method=S256`;
-      console.log('[slack-mcp] Opening browser for Slack OAuth...');
-      console.log('[slack-mcp] Auth URL:', authUrl);
-
-      // Open browser
-      const { execFile } = require('child_process');
-      execFile('open', [authUrl], (err) => {
-        if (err) console.error('[slack-mcp] Failed to open browser:', err.message);
-      });
-    });
+  const scopes = 'search:read.public,search:read.private,search:read.mpim,search:read.im,search:read.files,search:read.users,chat:write,channels:history,groups:history,mpim:history,im:history,canvases:read,users:read,users:read.email';
+  const authUrl = `https://slack.com/oauth/v2_user/authorize?client_id=${CLIENT_ID}&scope=${encodeURIComponent(scopes)}&redirect_uri=${encodeURIComponent(redirectUri)}&state=${state}&code_challenge=${challenge}&code_challenge_method=S256`;
 
-    server.on('error', (err) => {
-      clearTimeout(timeout);
-      reject(new Error(`OAuth server failed: ${err.message}`));
-    });
+  console.log('[slack-mcp] Opening browser for Slack OAuth...');
+  console.log('[slack-mcp] Callback URL:', redirectUri);
+
+  const { execFile } = require('child_process');
+  execFile('open', [authUrl], (err) => {
+    if (err) console.error('[slack-mcp] Failed to open browser:', err.message);
   });
+
+  return null; // Token not yet available — will be set by callback
+}
+
+/**
+ * Handle the OAuth callback from Slack (called by CTM server route).
+ * Returns { ok, html } or { error, html }.
+ */
+async function handleOAuthCallback(code, returnedState) {
+  if (!_pendingOAuth) {
+    return { error: 'No pending OAuth flow. Click "Connect" again.', html: errorPage('No pending OAuth flow. Go back and click Connect again.') };
+  }
+
+  // Expire after 10 minutes
+  if (Date.now() - _pendingOAuth.createdAt > 600000) {
+    _pendingOAuth = null;
+    return { error: 'OAuth flow expired.', html: errorPage('OAuth flow expired. Go back and click Connect again.') };
+  }
+
+  if (returnedState !== _pendingOAuth.state) {
+    _pendingOAuth = null;
+    return { error: 'State mismatch.', html: errorPage('OAuth state mismatch. Please try again.') };
+  }
+
+  if (!code) {
+    _pendingOAuth = null;
+    return { error: 'No code.', html: errorPage('No authorization code received from Slack.') };
+  }
+
+  try {
+    const tokenResp = await fetch('https://slack.com/api/oauth.v2.user.access', {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+      body: new URLSearchParams({
+        client_id: CLIENT_ID,
+        code,
+        code_verifier: _pendingOAuth.verifier,
+        redirect_uri: _pendingOAuth.redirectUri,
+      }),
+    });
+    const tokenData = await tokenResp.json();
+
+    _pendingOAuth = null;
+
+    if (!tokenData.ok) {
+      return { error: tokenData.error, html: errorPage('Slack OAuth error: ' + tokenData.error) };
+    }
+
+    const tokenInfo = {
+      access_token: tokenData.access_token || tokenData.authed_user?.access_token,
+      refresh_token: tokenData.refresh_token,
+      team_id: tokenData.team?.id || tokenData.team_id,
+      team_name: tokenData.team?.name,
+      user_id: tokenData.user_id || tokenData.authed_user?.id,
+      scope: tokenData.scope || tokenData.authed_user?.scope,
+      obtained_at: new Date().toISOString(),
+    };
+    saveToken(tokenInfo);
+
+    console.log('[slack-mcp] OAuth completed — team:', tokenInfo.team_name);
+    return { ok: true, html: successPage() };
+  } catch (err) {
+    _pendingOAuth = null;
+    return { error: err.message, html: errorPage('Token exchange failed: ' + err.message) };
+  }
+}
+
+function successPage() {
+  return '<html><body style="font-family:system-ui;text-align:center;padding:60px;background:#0d1117;color:#e6edf3"><h2 style="color:#3fb950">Wall-E connected to Slack!</h2><p style="color:#8b949e">You can close this tab and return to the setup page.</p></body></html>';
+}
+
+function errorPage(msg) {
+  return '<html><body style="font-family:system-ui;text-align:center;padding:60px;background:#0d1117;color:#e6edf3"><h2 style="color:#f85149">Slack Connection Failed</h2><p style="color:#8b949e">' + msg + '</p></body></html>';
 }
 
 // ── MCP HTTP client ──
@@ -287,4 +282,4 @@ if (require.main === module) {
   }
 }
 
-module.exports = { authenticate, callSlackMcp, listSlackTools, isAuthenticated, loadToken, clearToken };
+module.exports = { authenticate, handleOAuthCallback, callSlackMcp, listSlackTools, isAuthenticated, loadToken, clearToken };