npm - moeba-claude-channel - Versions diffs - 0.0.9 → 0.0.10 - Mend

moeba-claude-channel 0.0.9 → 0.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/.claude-plugin/marketplace.json +5 -2
package/.claude-plugin/plugin.json +2 -2
package/dist/moeba-channel.js +132 -31
package/package.json +2 -2

package/.claude-plugin/marketplace.json CHANGED Viewed

@@ -7,9 +7,12 @@
   "plugins": [
     {
       "name": "moeba-channel",
-      "source": ".",
+      "source": {
+        "source": "npm",
+        "package": "moeba-claude-channel"
+      },
       "description": "Chat with Claude Code from the Moeba mobile app",
-      "version": "0.0.9"
+      "version": "0.0.8"
     }
   ]
 }

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,12 +1,12 @@
 {
   "name": "moeba-channel",
   "description": "Chat with Claude Code from the Moeba mobile app. Two-way bridge that lets you send messages from your phone and get responses from your Claude Code session.",
-  "version": "0.0.9",
+  "version": "0.0.8",
   "author": {
     "name": "Moeba",
     "email": "hello@moeba.co.za"
   },
   "homepage": "https://moeba.co.za",
-  "repository": "https://github.com/jaspergreen/moeba-claude-channel",
+  "repository": "https://github.com/moeba-co/moeba",
   "license": "MIT"
 }

package/dist/moeba-channel.js CHANGED Viewed

@@ -60,6 +60,35 @@ function saveCredentials(c) {
         mkdirSync(dir, { recursive: true });
     writeFileSync(CREDENTIALS_PATH, JSON.stringify(c, null, 2));
 }
+// Module-level credentials so the SSE loop and tool handlers always read the
+// freshest token after a refresh.
+let creds = null;
+// ---------------------------------------------------------------------------
+// Session token (JWT) expiry — the session token is short-lived (~30 days),
+// so we refresh it proactively rather than wedging on a dead token.
+// ---------------------------------------------------------------------------
+function decodeJwtExp(token) {
+    try {
+        const part = token.split('.')[1];
+        if (!part)
+            return null;
+        const json = Buffer.from(part.replace(/-/g, '+').replace(/_/g, '/'), 'base64').toString('utf-8');
+        const payload = JSON.parse(json);
+        return typeof payload.exp === 'number' ? payload.exp : null;
+    }
+    catch {
+        return null;
+    }
+}
+// True when the token expires within `skewSeconds`. Returns false if the token
+// has no decodable exp — in that case we let the server be the judge (the SSE
+// 401 handler is the backstop) rather than forcing a refresh on every connect.
+function isTokenExpired(token, skewSeconds = 300) {
+    const exp = decodeJwtExp(token);
+    if (exp === null)
+        return false;
+    return Date.now() / 1000 >= exp - skewSeconds;
+}
 // ---------------------------------------------------------------------------
 // OAuth flow — opens browser, receives Firebase token via localhost callback
 // ---------------------------------------------------------------------------
@@ -136,19 +165,109 @@ function authenticate() {
     });
 }
 // ---------------------------------------------------------------------------
+// Headless auth — API key + email (no browser). Used for first-run headless
+// setup and for unattended token refresh once the session token expires.
+// ---------------------------------------------------------------------------
+async function authenticateViaApiKey(apiKey, email) {
+    try {
+        const response = await fetch(`${MOEBA_API_URL}/channel/auth`, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ apiKey, email, projectName: PROJECT_NAME }),
+        });
+        if (!response.ok) {
+            console.error(`API key auth failed: ${await response.text()}`);
+            return null;
+        }
+        const data = (await response.json());
+        const newCreds = {
+            token: data.token,
+            email: data.email,
+            businessId: data.businessId,
+            agentId: data.agentId,
+            connectionId: data.connectionId,
+            agentApiKey: data.agentApiKey,
+            projectName: PROJECT_NAME,
+        };
+        saveCredentials(newCreds);
+        return newCreds;
+    }
+    catch (err) {
+        console.error(`API key auth error: ${err.message}`);
+        return null;
+    }
+}
+// Re-mint the short-lived session token when it expires. The agent API key
+// stored alongside it is long-lived and re-mints a token unattended, so a
+// configured channel self-heals with no user login, env vars, or browser.
+// Order: stored agent key → env API key (first-run) → browser OAuth.
+async function refreshCredentials(opts) {
+    // 1. Best path: the already-stored agent key is non-expiring and works
+    //    unattended inside the SSE reconnect loop.
+    if (creds?.agentApiKey && creds?.email) {
+        console.error('Refreshing Moeba session token via stored agent key...');
+        const refreshed = await authenticateViaApiKey(creds.agentApiKey, creds.email);
+        if (refreshed)
+            return refreshed;
+    }
+    // 2. Headless env credentials (e.g. first run before anything is cached).
+    const envApiKey = process.env.MOEBA_API_KEY;
+    const envEmail = process.env.MOEBA_EMAIL;
+    if (envApiKey && envEmail) {
+        console.error('Refreshing Moeba session token via API key...');
+        const refreshed = await authenticateViaApiKey(envApiKey, envEmail);
+        if (refreshed)
+            return refreshed;
+    }
+    // 3. Last resort: interactive browser OAuth.
+    if (opts.allowBrowser) {
+        console.error('Refreshing Moeba session token — opening browser...');
+        try {
+            return await authenticate();
+        }
+        catch (err) {
+            console.error(`Re-authentication failed: ${err.message}`);
+            return null;
+        }
+    }
+    console.error('Moeba session token expired and cannot refresh — reconnect with --login or set MOEBA_API_KEY + MOEBA_EMAIL.');
+    return null;
+}
+// ---------------------------------------------------------------------------
 // SSE client — connects to Moeba and receives messages
 // ---------------------------------------------------------------------------
-function connectSSE(c, mcp) {
-    const url = `${MOEBA_API_URL}/api/channel/events?connectionId=${c.connectionId}`;
+function connectSSE(mcp) {
     let reconnectDelay = 1000;
     async function connect() {
+        if (!creds) {
+            console.error('Moeba SSE: no credentials — not connecting.');
+            return;
+        }
         try {
+            // Proactively refresh a token that's expired/near-expiry so we don't
+            // burn a guaranteed-401 connect attempt.
+            if (isTokenExpired(creds.token)) {
+                const refreshed = await refreshCredentials({ allowBrowser: false });
+                if (refreshed)
+                    creds = refreshed;
+            }
+            const c = creds; // snapshot for the life of this connection
+            const url = `${MOEBA_API_URL}/api/channel/events?connectionId=${c.connectionId}`;
             console.error('Connecting to Moeba SSE...');
             const response = await fetch(url, {
                 headers: { Authorization: `Bearer ${c.token}` },
             });
             if (!response.ok) {
                 console.error(`SSE connection failed: ${response.status}`);
+                // 401/403 → the session token was rejected. Re-authenticate (headless
+                // only — we're past startup with no TTY) and reconnect promptly.
+                if (response.status === 401 || response.status === 403) {
+                    const refreshed = await refreshCredentials({ allowBrowser: false });
+                    if (refreshed) {
+                        creds = refreshed;
+                        reconnectDelay = 1000;
+                    }
+                }
                 scheduleReconnect();
                 return;
             }
@@ -244,43 +363,25 @@ async function main() {
     const loginMode = process.argv.includes('--login');
     const envApiKey = process.env.MOEBA_API_KEY;
     const envEmail = process.env.MOEBA_EMAIL;
-    let creds = loadCredentials();
+    creds = loadCredentials();
     if (!creds && envApiKey && envEmail) {
         // Mode B: headless auth via API key + email
         console.error(`Authenticating as ${envEmail} via API key...`);
-        try {
-            const response = await fetch(`${MOEBA_API_URL}/channel/auth`, {
-                method: 'POST',
-                headers: { 'Content-Type': 'application/json' },
-                body: JSON.stringify({ apiKey: envApiKey, email: envEmail, projectName: PROJECT_NAME }),
-            });
-            if (!response.ok) {
-                const err = await response.text();
-                console.error(`API key auth failed: ${err}`);
-            }
-            else {
-                const data = (await response.json());
-                creds = {
-                    token: data.token,
-                    email: data.email,
-                    businessId: data.businessId,
-                    agentId: data.agentId,
-                    connectionId: data.connectionId,
-                    agentApiKey: data.agentApiKey,
-                    projectName: PROJECT_NAME,
-                };
-                saveCredentials(creds);
-            }
-        }
-        catch (err) {
-            console.error(`API key auth error: ${err.message}`);
-        }
+        creds = await authenticateViaApiKey(envApiKey, envEmail);
     }
     else if (!creds && loginMode) {
         // Mode C: browser OAuth
         console.error('No Moeba credentials found — opening browser to sign in...');
         creds = await authenticate();
     }
+    // Refresh an expired/near-expiry cached token so we never connect with a
+    // dead JWT (the bug that silently killed message delivery + notifications).
+    if (creds && isTokenExpired(creds.token)) {
+        console.error('Cached Moeba session token is expired or near expiry — refreshing...');
+        const refreshed = await refreshCredentials({ allowBrowser: loginMode });
+        if (refreshed)
+            creds = refreshed;
+    }
     if (creds) {
         console.error(`Authenticated as ${creds.email} (project: ${PROJECT_NAME})`);
     }
@@ -396,7 +497,7 @@ IMPORTANT: The user is on a mobile app and CANNOT approve terminal permissions.
     await mcp.connect(new StdioServerTransport());
     // 5. Start SSE listener (only if authenticated)
     if (creds) {
-        connectSSE(creds, mcp);
+        connectSSE(mcp);
         console.error('Moeba channel ready — waiting for messages');
     }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "moeba-claude-channel",
-  "version": "0.0.9",
+  "version": "0.0.10",
   "description": "Claude Code channel for Moeba — chat with Claude Code from the Moeba app",
   "type": "module",
   "main": "dist/moeba-channel.js",
@@ -27,7 +27,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/jaspergreen/moeba-claude-channel"
+    "url": "https://github.com/moeba-co/moeba"
   },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.12.1"