npm - heyio - Versions diffs - 0.1.28 → 0.1.30 - Mend

heyio 0.1.28 → 0.1.30

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +34 -2
package/dist/api/auth.js +44 -0
package/dist/api/server.js +13 -1
package/dist/copilot/tools.js +1 -1
package/package.json +1 -1
package/web-dist/assets/index-C1TNt53a.js +74 -0
package/web-dist/assets/index-CKIUpauJ.css +1 -0
package/web-dist/index.html +2 -2
package/web-dist/assets/index-BLaCmNum.js +0 -31
package/web-dist/assets/index-DV0XWqMF.css +0 -1

package/README.md CHANGED Viewed

@@ -115,6 +115,9 @@ IO stores its configuration at `~/.io/config.json`. The setup wizard (`io setup`
 | `modelTiers.medium` | `string[]` | `["claude-sonnet-4.6", "gpt-5.5", "claude-opus-4.5"]` | Models for standard tasks (features, tests, reviews) |
 | `modelTiers.low` | `string[]` | `["claude-haiku-4.5", "gpt-5.4-mini"]` | Models for simple tasks (reads, formatting, lookups) |
 | `port` | `number` | `3170` | Port for the HTTP server (API + web frontend) |
+| `supabaseUrl` | `string` | — | Supabase project URL (enables web portal authentication) |
+| `supabaseAnonKey` | `string` | — | Supabase anon/public API key |
+| `authorizedEmail` | `string` | — | Email address allowed to access the web portal |
 Each `modelTiers` list is a ranked preference — IO picks the first available model at startup.
@@ -130,6 +133,9 @@ Each `modelTiers` list is a ranked preference — IO picks the first available m
   "selfEditEnabled": false,
   "defaultModel": "claude-sonnet-4.6",
   "port": 3170,
+  "supabaseUrl": "https://your-project.supabase.co",
+  "supabaseAnonKey": "eyJhbGciOiJIUzI1NiIs...",
+  "authorizedEmail": "you@example.com",
   "modelTiers": {
     "high": ["claude-opus-4.7", "claude-opus-4.6"],
     "medium": ["claude-sonnet-4.6", "gpt-5.5", "claude-opus-4.5"],
@@ -211,6 +217,29 @@ IO includes a Vue 3 web dashboard served directly from the daemon on the same po
 Access the web UI at `http://your-server:3170/` when running in daemon mode.
+### Authentication
+The web portal supports optional Supabase email authentication. When enabled, users must sign in with email and password before accessing the dashboard. Only the configured `authorizedEmail` is allowed access.
+**Setup:**
+1. Create a [Supabase](https://supabase.com) project (or use an existing one)
+2. Enable the **Email** auth provider in Supabase → Authentication → Providers
+3. Create your user account in Supabase → Authentication → Users
+4. Add the following to `~/.io/config.json`:
+```jsonc
+{
+  "supabaseUrl": "https://your-project.supabase.co",
+  "supabaseAnonKey": "eyJhbGciOiJIUzI1NiIs...",
+  "authorizedEmail": "you@example.com"
+}
+```
+5. Restart IO — the web portal will now require login
+> **Note:** Auth is completely optional. If `supabaseUrl` is not configured, the portal runs without authentication (open access).
 ## 🏗️ Project Structure
 ```
@@ -241,12 +270,15 @@ src/
 ├── tui/
 │   └── index.ts          # Terminal UI
 └── api/
+    ├── auth.ts           # Supabase JWT auth middleware
     └── server.ts         # Express HTTP + SSE + static frontend
 web/                        # Vue 3 frontend (built to web-dist/)
 ├── src/
-│   ├── views/            # ChatView, SquadsView, SkillsView, AgentActivityView
-│   ├── router/           # Vue Router config
+│   ├── lib/              # supabase.ts, api.ts (auth helpers)
+│   ├── stores/           # Pinia stores (chat, auth)
+│   ├── views/            # ChatView, SquadsView, SkillsView, AgentActivityView, LoginView
+│   ├── router/           # Vue Router config + auth guard
 │   └── main.ts           # App entry
 ├── vite.config.ts        # Vite config (builds to ../web-dist/)
 └── package.json

package/dist/api/auth.js ADDED Viewed

@@ -0,0 +1,44 @@
+import { config } from "../config.js";
+/**
+ * Express middleware that validates Supabase JWT tokens.
+ * If auth is not configured (no supabaseUrl), all requests pass through.
+ */
+export function requireAuth(req, res, next) {
+    // Auth not configured — pass through
+    if (!config.supabaseUrl || !config.supabaseAnonKey) {
+        next();
+        return;
+    }
+    const authHeader = req.headers.authorization;
+    const queryToken = req.query.token;
+    const bearerToken = authHeader?.startsWith("Bearer ") ? authHeader.slice(7) : undefined;
+    const token = bearerToken ?? queryToken;
+    if (!token) {
+        res.status(401).json({ error: "Missing or invalid authorization" });
+        return;
+    }
+    // Verify token by calling Supabase's /auth/v1/user endpoint
+    fetch(`${config.supabaseUrl}/auth/v1/user`, {
+        headers: {
+            Authorization: `Bearer ${token}`,
+            apikey: config.supabaseAnonKey,
+        },
+    })
+        .then(async (resp) => {
+        if (!resp.ok) {
+            res.status(401).json({ error: "Invalid or expired token" });
+            return;
+        }
+        const user = (await resp.json());
+        // Check authorized email if configured
+        if (config.authorizedEmail && user.email !== config.authorizedEmail) {
+            res.status(403).json({ error: "Unauthorized user" });
+            return;
+        }
+        next();
+    })
+        .catch(() => {
+        res.status(500).json({ error: "Auth verification failed" });
+    });
+}
+//# sourceMappingURL=auth.js.map

package/dist/api/server.js CHANGED Viewed

@@ -7,6 +7,7 @@ import { listSkills } from "../copilot/skills.js";
 import { listSquads, createSquad } from "../store/squads.js";
 import { getAgentInfo } from "../copilot/agents.js";
 import { IO_VERSION } from "../paths.js";
+import { requireAuth } from "./auth.js";
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const WEB_DIST = path.resolve(__dirname, "../../web-dist");
 let messageHandler;
@@ -31,9 +32,20 @@ export async function startApiServer() {
     });
     // Build API router
     const api = express.Router();
+    // Public endpoints (no auth required)
     api.get("/health", (_req, res) => {
         res.json({ status: "ok" });
     });
+    api.get("/auth/config", (_req, res) => {
+        const authEnabled = !!(config.supabaseUrl && config.supabaseAnonKey);
+        res.json({
+            authEnabled,
+            supabaseUrl: config.supabaseUrl ?? null,
+            supabaseAnonKey: config.supabaseAnonKey ?? null,
+        });
+    });
+    // Apply auth middleware to all subsequent routes
+    api.use(requireAuth);
     api.get("/status", (_req, res) => {
         res.json({ version: IO_VERSION, uptime: process.uptime() });
     });
@@ -127,7 +139,7 @@ export async function startApiServer() {
     if (existsSync(WEB_DIST)) {
         app.use(express.static(WEB_DIST));
         // SPA fallback — serve index.html for any non-API route
-        app.get("*", (_req, res) => {
+        app.get("/{*splat}", (_req, res) => {
             res.sendFile(path.join(WEB_DIST, "index.html"));
         });
         console.log("[io] Web frontend enabled");

package/dist/copilot/tools.js CHANGED Viewed

@@ -292,7 +292,7 @@ export function createTools(deps) {
         skipPermission: true,
         parameters: z.object({
             key: z
-                .enum(["defaultModel", "telegramEnabled", "selfEditEnabled", "port"])
+                .enum(["defaultModel", "telegramEnabled", "selfEditEnabled", "port", "authorizedEmail"])
                 .describe("Config key to update"),
             value: z
                 .union([z.string(), z.number(), z.boolean()])

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "heyio",
-  "version": "0.1.28",
+  "version": "0.1.30",
   "description": "IO — a personal AI assistant built on the GitHub Copilot SDK",
   "bin": {
     "io": "dist/index.js"