neoagent 2.3.1-beta.102 → 2.3.1-beta.103

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/manager.js CHANGED
@@ -821,6 +821,8 @@ async function cmdLoginClaudeCode() {
821
821
  .update(codeVerifier)
822
822
  .digest('base64url');
823
823
 
824
+ const state = crypto.randomBytes(16).toString('hex');
825
+
824
826
  const authUrl = new URL('https://claude.ai/oauth/authorize');
825
827
  authUrl.searchParams.set('response_type', 'code');
826
828
  authUrl.searchParams.set('client_id', clientId);
@@ -828,6 +830,7 @@ async function cmdLoginClaudeCode() {
828
830
  authUrl.searchParams.set('scope', 'openid profile email offline_access');
829
831
  authUrl.searchParams.set('code_challenge', codeChallenge);
830
832
  authUrl.searchParams.set('code_challenge_method', 'S256');
833
+ authUrl.searchParams.set('state', state);
831
834
 
832
835
  console.log(`\n ${COLORS.cyan}Opening browser for Claude Code authorization...${COLORS.reset}`);
833
836
  console.log(` ${COLORS.dim}If the browser doesn't open, visit:${COLORS.reset}`);
@@ -850,6 +853,7 @@ async function cmdLoginClaudeCode() {
850
853
  try {
851
854
  const reqUrl = new NodeURL(req.url, `http://localhost:${redirectPort}`);
852
855
  const code = reqUrl.searchParams.get('code');
856
+ const returnedState = reqUrl.searchParams.get('state');
853
857
  const error = reqUrl.searchParams.get('error');
854
858
 
855
859
  if (error) {
@@ -861,6 +865,15 @@ async function cmdLoginClaudeCode() {
861
865
  return;
862
866
  }
863
867
 
868
+ if (returnedState && returnedState !== state) {
869
+ res.writeHead(200, { 'Content-Type': 'text/html' });
870
+ res.end('<html><body><h2>Authorization failed.</h2><p>State mismatch. You can close this tab.</p></body></html>');
871
+ clearTimeout(timeout);
872
+ server.close();
873
+ reject(new Error('OAuth state mismatch — possible CSRF attempt.'));
874
+ return;
875
+ }
876
+
864
877
  if (code) {
865
878
  res.writeHead(200, { 'Content-Type': 'text/html' });
866
879
  res.end('<html><body><h2>Authorization successful!</h2><p>You can close this tab and return to the terminal.</p></body></html>');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "neoagent",
3
- "version": "2.3.1-beta.102",
3
+ "version": "2.3.1-beta.103",
4
4
  "description": "Proactive personal AI agent with no limits",
5
5
  "license": "MIT",
6
6
  "main": "server/index.js",
@@ -1 +1 @@
1
- e8fb2753d39f91b30e2cefa61e11fab9
1
+ 11c4133ebb724b223b80ad380661a4c1
@@ -37,6 +37,6 @@ _flutter.buildConfig = {"engineRevision":"42d3d75a56efe1a2e9902f52dc8006099c45d9
37
37
 
38
38
  _flutter.loader.load({
39
39
  serviceWorkerSettings: {
40
- serviceWorkerVersion: "4130560553" /* Flutter's service worker is deprecated and will be removed in a future Flutter release. */
40
+ serviceWorkerVersion: "1865794536" /* Flutter's service worker is deprecated and will be removed in a future Flutter release. */
41
41
  }
42
42
  });
@@ -129338,7 +129338,7 @@ r===$&&A.b()
129338
129338
  o.push(A.ii(p,A.iY(!1,new A.a3(B.tM,A.dT(new A.cI(B.he,new A.a5V(r,p),p),p,p),p),!1,B.I,!0),p,p,0,0,0,p))}r=!1
129339
129339
  if(!s.ay)if(!s.ch){r=s.e
129340
129340
  r===$&&A.b()
129341
- r=B.b.t("mpabyxka-510c5db").length!==0&&r.b}if(r){r=s.d
129341
+ r=B.b.t("mpacm3gu-abb7f02").length!==0&&r.b}if(r){r=s.d
129342
129342
  r===$&&A.b()
129343
129343
  r=r.ag&&!r.V?84:0
129344
129344
  q=s.e
@@ -134146,7 +134146,7 @@ $S:236}
134146
134146
  A.Ys.prototype={}
134147
134147
  A.Rr.prototype={
134148
134148
  mT(a){var s=this
134149
- if(B.b.t("mpabyxka-510c5db").length===0||s.a!=null)return
134149
+ if(B.b.t("mpacm3gu-abb7f02").length===0||s.a!=null)return
134150
134150
  s.A5()
134151
134151
  s.a=A.q1(B.PP,new A.b58(s))},
134152
134152
  A5(){var s=0,r=A.l(t.H),q,p=2,o=[],n=this,m,l,k,j,i,h,g,f
@@ -134164,7 +134164,7 @@ if(!t.f.b(k)){s=1
134164
134164
  break}i=J.Z(k,"buildId")
134165
134165
  h=i==null?null:B.b.t(J.r(i))
134166
134166
  j=h==null?"":h
134167
- if(J.bm(j)===0||J.d(j,"mpabyxka-510c5db")){s=1
134167
+ if(J.bm(j)===0||J.d(j,"mpacm3gu-abb7f02")){s=1
134168
134168
  break}n.b=!0
134169
134169
  n.D()
134170
134170
  p=2
@@ -134181,7 +134181,7 @@ case 2:return A.i(o.at(-1),r)}})
134181
134181
  return A.k($async$A5,r)},
134182
134182
  vb(){var s=0,r=A.l(t.H),q,p=2,o=[],n=this,m,l,k,j,i,h,g,f,e,d,c,b,a,a0,a1
134183
134183
  var $async$vb=A.h(function(a2,a3){if(a2===1){o.push(a3)
134184
- s=p}for(;;)switch(s){case 0:if(B.b.t("mpabyxka-510c5db").length===0||n.c){s=1
134184
+ s=p}for(;;)switch(s){case 0:if(B.b.t("mpacm3gu-abb7f02").length===0||n.c){s=1
134185
134185
  break}n.c=!0
134186
134186
  n.D()
134187
134187
  p=4