fluxy-bot 0.2.32 → 0.2.33

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fluxy-bot",
-  "version": "0.2.32",
+  "version": "0.2.33",
   "description": "Self-hosted AI bot — run your own AI assistant from anywhere",
   "type": "module",
   "license": "MIT",

package/supervisor/chat/OnboardWizard.tsx

@@ -7,7 +7,6 @@ import { motion, AnimatePresence } from 'framer-motion';
 const PROVIDERS = [
   { id: 'anthropic', name: 'Claude', subtitle: 'by Anthropic', icon: '/icons/claude.png' },
   { id: 'openai', name: 'OpenAI Codex', subtitle: 'ChatGPT Plus / Pro', icon: '/icons/codex.png' },
-  { id: 'ollama', name: 'Ollama', subtitle: 'Run locally', icon: null },
 ] as const;
 
 const MODELS: Record<string, { id: string; label: string }[]> = {
@@ -24,12 +23,6 @@ const MODELS: Record<string, { id: string; label: string }[]> = {
     { id: 'gpt-5.3-codex:high', label: 'GPT-5.3 Codex High (Pro)' },
     { id: 'gpt-5.3-codex:xhigh', label: 'GPT-5.3 Codex Extra High (Pro)' },
   ],
-  ollama: [
-    { id: 'llama3.2', label: 'Llama 3.2' },
-    { id: 'mistral', label: 'Mistral' },
-    { id: 'codellama', label: 'Code Llama' },
-    { id: 'phi3', label: 'Phi-3' },
-  ],
 };
 
 const TOTAL_STEPS = 6; // 0..5
@@ -106,7 +99,6 @@ export default function OnboardWizard({ onComplete }: Props) {
   const [authState, setAuthState] = useState<Record<string, 'idle' | 'authenticating' | 'connected'>>({
     anthropic: 'idle',
     openai: 'idle',
-    ollama: 'connected',
   });
 
   // Anthropic/Claude-specific
@@ -120,9 +112,6 @@ export default function OnboardWizard({ onComplete }: Props) {
   const [openaiWaiting, setOpenaiWaiting] = useState(false);
   const [openaiError, setOpenaiError] = useState<string | undefined>();
 
-  // Ollama-specific
-  const [baseUrl, setBaseUrl] = useState('');
-
   // Bot name + Handle (step 2)
   const [botName, setBotName] = useState('');
   const [handleStatus, setHandleStatus] = useState<null | 'checking' | 'ready' | 'invalid'>(null);
@@ -478,7 +467,6 @@ export default function OnboardWizard({ onComplete }: Props) {
           provider,
           model,
           apiKey: '',
-          baseUrl: provider === 'ollama' ? baseUrl || undefined : undefined,
           whisperEnabled,
           whisperKey: whisperEnabled ? whisperKey : '',
           portalUser: portalUser.trim(),
@@ -1124,27 +1112,6 @@ export default function OnboardWizard({ onComplete }: Props) {
                   </div>
                 )}
 
-                {/* ── Auth flow: Ollama ── */}
-                {provider === 'ollama' && (
-                  <div className="space-y-2.5">
-                    <div className="bg-emerald-500/8 border border-emerald-500/15 rounded-lg px-3.5 py-2.5">
-                      <p className="text-emerald-400/90 text-[12px]">No authentication needed — Ollama runs locally.</p>
-                    </div>
-                    <div>
-                      <label className="text-[12px] text-white/40 font-medium mb-1.5 block">
-                        Base URL <span className="text-white/20">(optional)</span>
-                      </label>
-                      <input
-                        type="text"
-                        value={baseUrl}
-                        onChange={(e) => setBaseUrl(e.target.value)}
-                        placeholder="http://localhost:11434"
-                        className={inputSmCls}
-                      />
-                    </div>
-                  </div>
-                )}
-
                 {/* ── Model dropdown (after auth) ── */}
                 {isConnected && (
                   <>

package/supervisor/chat/fluxy-main.tsx

@@ -1,6 +1,6 @@
 import React, { useEffect, useRef, useState } from 'react';
 import ReactDOM from 'react-dom/client';
-import { ChevronRight, MoreVertical, Trash2, Wand2 } from 'lucide-react';
+import { ArrowLeft, MoreVertical, Trash2, Wand2 } from 'lucide-react';
 import { WsClient } from './src/lib/ws-client';
 import { useFluxyChat } from './src/hooks/useFluxyChat';
 import OnboardWizard from './OnboardWizard';
@@ -97,7 +97,7 @@ function FluxyApp() {
           className="flex items-center justify-center h-7 w-7 -ml-1 rounded-full text-muted-foreground hover:text-foreground hover:bg-white/[0.06] transition-colors"
           aria-label="Close chat"
         >
-          <ChevronRight className="h-5 w-5" />
+          <ArrowLeft className="h-5 w-5" />
         </button>
         <img src="/fluxy.png" alt={botName} className="h-5 w-auto" />
         <span className="text-sm font-semibold">{botName}</span>

package/worker/claude-auth.ts

@@ -93,57 +93,45 @@ export async function exchangeClaudeCode(codeInput: string): Promise<{ success:
   }
 }
 
-export function getClaudeAuthStatus(): { authenticated: boolean; error?: string } {
-  // Check credentials file
-  try {
-    if (fs.existsSync(CREDENTIALS_FILE)) {
-      const creds = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
-      if (creds.accessToken) {
-        if (creds.expiresAt && Date.now() >= creds.expiresAt) {
-          return { authenticated: false, error: 'Token expired' };
-        }
-        return { authenticated: true };
-      }
-    }
-  } catch {}
+export async function getClaudeAuthStatus(): Promise<{ authenticated: boolean; error?: string }> {
+  const oauth = readOAuthBlock();
+  if (!oauth) return { authenticated: false };
 
-  // macOS: check Keychain as fallback
-  if (process.platform === 'darwin') {
-    try {
-      const result = execFileSync('security', [
-        'find-generic-password', '-s', 'Claude Code-credentials', '-w',
-      ], { stdio: ['pipe', 'pipe', 'pipe'] }).toString().trim();
-      const parsed = JSON.parse(result);
-      if (parsed.claudeAiOauth?.accessToken) {
-        if (parsed.claudeAiOauth.expiresAt && Date.now() >= parsed.claudeAiOauth.expiresAt) {
-          return { authenticated: false, error: 'Token expired' };
-        }
-        return { authenticated: true };
-      }
-    } catch {}
+  if (oauth.accessToken && oauth.expiresAt && Date.now() < oauth.expiresAt) {
+    return { authenticated: true };
   }
 
-  // Legacy check
-  try {
-    const legacyPath = path.join(os.homedir(), '.claude.json');
-    if (fs.existsSync(legacyPath)) {
-      const config = JSON.parse(fs.readFileSync(legacyPath, 'utf-8'));
-      if (config.oauthAccessToken) return { authenticated: true };
-    }
-  } catch {}
+  // Token expired or missing — try refresh
+  if (oauth.refreshToken) {
+    const refreshed = await refreshClaudeToken(oauth.refreshToken);
+    if (refreshed) return { authenticated: true };
+  }
 
-  return { authenticated: false };
+  return { authenticated: false, error: 'Token expired' };
 }
 
 export function readClaudeAccessToken(): string | null {
+  const oauth = readOAuthBlock();
+  if (!oauth?.accessToken) return null;
+  if (oauth.expiresAt && Date.now() >= oauth.expiresAt) return null;
+  return oauth.accessToken;
+}
+
+/* ── Helpers ── */
+
+/**
+ * Read the OAuth block from credentials file or macOS Keychain.
+ * Handles both formats:
+ *   - Claude Code format: { claudeAiOauth: { accessToken, refreshToken, expiresAt, ... } }
+ *   - Legacy flat format:  { accessToken, refreshToken, expiresAt }
+ */
+function readOAuthBlock(): { accessToken?: string; refreshToken?: string; expiresAt?: number } | null {
   // Primary: credentials file
   try {
     if (fs.existsSync(CREDENTIALS_FILE)) {
       const creds = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
-      if (creds.accessToken) {
-        if (creds.expiresAt && Date.now() >= creds.expiresAt) return null;
-        return creds.accessToken;
-      }
+      const oauth = creds.claudeAiOauth || creds;
+      if (oauth.accessToken) return oauth;
     }
   } catch {}
 
@@ -154,45 +142,82 @@ export function readClaudeAccessToken(): string | null {
         'find-generic-password', '-s', 'Claude Code-credentials', '-w',
       ], { stdio: ['pipe', 'pipe', 'pipe'] }).toString().trim();
       const parsed = JSON.parse(result);
-      if (parsed.claudeAiOauth?.accessToken) {
-        if (parsed.claudeAiOauth.expiresAt && Date.now() >= parsed.claudeAiOauth.expiresAt) return null;
-        return parsed.claudeAiOauth.accessToken;
-      }
+      if (parsed.claudeAiOauth?.accessToken) return parsed.claudeAiOauth;
     } catch {}
   }
 
   return null;
 }
 
-/* ── Helpers ── */
+/**
+ * Refresh an expired token using the refresh_token grant.
+ * Returns true if refresh succeeded and new credentials were stored.
+ */
+async function refreshClaudeToken(refreshToken: string): Promise<boolean> {
+  try {
+    log.ok('Attempting Claude token refresh...');
+    const response = await fetch(OAUTH_CONFIG.TOKEN_URL, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        grant_type: 'refresh_token',
+        client_id: OAUTH_CONFIG.CLIENT_ID,
+        refresh_token: refreshToken,
+      }),
+    });
+
+    if (!response.ok) {
+      log.warn(`Claude token refresh failed: ${response.status}`);
+      return false;
+    }
+
+    const tokens = await response.json();
+    storeCredentials(tokens);
+    log.ok('Claude token refreshed successfully');
+    return true;
+  } catch (err: any) {
+    log.warn(`Claude token refresh error: ${err.message}`);
+    return false;
+  }
+}
 
 function storeCredentials(tokens: any): void {
   if (!fs.existsSync(CLAUDE_DIR)) {
     fs.mkdirSync(CLAUDE_DIR, { recursive: true });
   }
 
-  // Read existing credentials
-  let credentials: Record<string, any> = {};
+  // Read existing file to preserve other fields
+  let fileData: Record<string, any> = {};
   try {
     if (fs.existsSync(CREDENTIALS_FILE)) {
-      credentials = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
+      fileData = JSON.parse(fs.readFileSync(CREDENTIALS_FILE, 'utf-8'));
     }
   } catch {}
 
-  credentials.accessToken = tokens.access_token;
-  if (tokens.refresh_token) credentials.refreshToken = tokens.refresh_token;
+  // Build oauth block — merge with existing claudeAiOauth to preserve scopes etc.
+  const existing = fileData.claudeAiOauth || {};
+  const oauth: Record<string, any> = { ...existing };
+  oauth.accessToken = tokens.access_token;
+  if (tokens.refresh_token) oauth.refreshToken = tokens.refresh_token;
   if (tokens.expires_in) {
-    credentials.expiresAt = Date.now() + (tokens.expires_in - 300) * 1000;
+    oauth.expiresAt = Date.now() + (tokens.expires_in - 300) * 1000;
   }
 
-  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), 'utf-8');
+  // Write in Claude Code's format
+  fileData.claudeAiOauth = oauth;
+  // Remove legacy flat keys if they exist
+  delete fileData.accessToken;
+  delete fileData.refreshToken;
+  delete fileData.expiresAt;
+
+  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(fileData, null, 2), 'utf-8');
   try { fs.chmodSync(CREDENTIALS_FILE, 0o600); } catch {}
   log.ok('Claude credentials stored');
 
   // macOS: also write to Keychain
   if (process.platform === 'darwin') {
     try {
-      const keychainValue = JSON.stringify({ claudeAiOauth: credentials });
+      const keychainValue = JSON.stringify({ claudeAiOauth: oauth });
       try {
         execFileSync('security', ['delete-generic-password', '-s', 'Claude Code-credentials'], {
           stdio: ['pipe', 'pipe', 'pipe'],

package/worker/index.ts

@@ -109,8 +109,8 @@ app.post('/api/auth/claude/exchange', async (req, res) => {
   res.json(result);
 });
 
-app.get('/api/auth/claude/status', (_req, res) => {
-  res.json(getClaudeAuthStatus());
+app.get('/api/auth/claude/status', async (_req, res) => {
+  res.json(await getClaudeAuthStatus());
 });
 
 // ── Handle registration ──