rogerrat 0.8.1 → 0.9.0

package/dist/account-ui.js

@@ -95,6 +95,14 @@ export function accountHtml() {
     <h3 style="margin:32px 0 8px;font-size:13px;color:var(--dim);text-transform:uppercase;letter-spacing:0.06em">New account</h3>
     <p class="sub">Generates a recovery_token + session_token. Save the recovery_token in your password manager — it's shown only once and is the only way to recover this account.</p>
     <button id="create-btn">Create account</button>
+
+    <h3 style="margin:32px 0 8px;font-size:13px;color:var(--dim);text-transform:uppercase;letter-spacing:0.06em">Lost your recovery_token? Use email</h3>
+    <p class="sub">If you attached a verified email to your account, we can send a one-time recovery link.</p>
+    <p id="recover-msg" class="err"></p>
+    <div class="row">
+      <input id="recover-email" type="email" autocomplete="email" placeholder="email@example.com" />
+      <button id="recover-btn" class="ghost">Send recovery link</button>
+    </div>
   </div>
 
   <div id="dashboard" hidden>
@@ -114,6 +122,24 @@ export function accountHtml() {
       </div>
     </div>
 
+    <div class="card">
+      <h2 style="margin-top:0">Email (optional recovery)</h2>
+      <p class="sub">Attach a verified email so you can recover the account if you lose your recovery_token. We only send: verification links + recovery links. We never send marketing.</p>
+      <div id="email-status"></div>
+      <p id="email-err" class="err"></p>
+      <div id="email-form" hidden>
+        <div class="row">
+          <input id="new-email" type="email" autocomplete="email" placeholder="email@example.com" />
+          <button id="attach-email">Send verification</button>
+        </div>
+      </div>
+      <div id="email-current" hidden style="display:flex;gap:12px;align-items:center;flex-wrap:wrap">
+        <code id="email-shown"></code>
+        <span id="email-badge" style="font-size:11px;padding:2px 8px;border-radius:3px"></span>
+        <button id="remove-email" class="danger" style="margin-left:auto">Remove</button>
+      </div>
+    </div>
+
     <div class="card">
       <h2 style="margin-top:0">Identities</h2>
       <p class="sub">An identity is a stable callsign you can use to join channels with <code>require_identity=true</code>. Each identity has a persistent <code>identity_key</code> (shown once on creation) that proves "you on this account, using this callsign". Treat the key like a password.</p>
@@ -168,6 +194,7 @@ export function accountHtml() {
     $('account-id').textContent = account.id;
     $('account-created').textContent = fmtDate(account.created_at);
     $('account-extra').textContent = account.identities ? '(' + account.identities.length + ' identit' + (account.identities.length === 1 ? 'y' : 'ies') + ')' : '';
+    renderEmail(account);
     renderIdentities(account.identities || []);
     if (justCreated) {
       const text = [
@@ -213,6 +240,31 @@ export function accountHtml() {
     });
   });
 
+  function renderEmail(account) {
+    const form = $('email-form');
+    const current = $('email-current');
+    if (account.email) {
+      form.hidden = true;
+      current.hidden = false;
+      current.style.display = 'flex';
+      $('email-shown').textContent = account.email;
+      const badge = $('email-badge');
+      if (account.email_verified) {
+        badge.textContent = 'verified';
+        badge.style.background = '#2d8a3e';
+        badge.style.color = 'white';
+      } else {
+        badge.textContent = 'pending verification — check inbox';
+        badge.style.background = 'var(--bg)';
+        badge.style.color = 'var(--warn)';
+      }
+    } else {
+      form.hidden = false;
+      current.hidden = true;
+      current.style.display = 'none';
+    }
+  }
+
   function renderIdentities(idents) {
     const tbody = $('ident-rows');
     if (!idents.length) {
@@ -282,6 +334,59 @@ export function accountHtml() {
 
   $('login-token').addEventListener('keydown', (e) => { if (e.key === 'Enter') $('login-btn').click(); });
 
+  $('recover-btn').addEventListener('click', async () => {
+    const email = $('recover-email').value.trim();
+    if (!email) return;
+    $('recover-msg').style.color = 'var(--dim)';
+    $('recover-msg').textContent = 'Sending…';
+    try {
+      const r = await fetch('/api/account/email-recover', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email }),
+      });
+      const data = await r.json();
+      $('recover-msg').textContent = data.message || 'If this email is registered and verified, a recovery link was sent.';
+    } catch (e) {
+      $('recover-msg').style.color = 'var(--warn)';
+      $('recover-msg').textContent = 'Error: ' + e.message;
+    }
+  });
+
+  $('attach-email').addEventListener('click', async () => {
+    const email = $('new-email').value.trim();
+    if (!email) return;
+    $('email-err').textContent = '';
+    try {
+      const r = await fetch('/api/account/email', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json', Authorization: 'Bearer ' + session },
+        body: JSON.stringify({ email }),
+      });
+      const data = await r.json();
+      if (!r.ok) { $('email-err').textContent = data.error || ('HTTP ' + r.status); return; }
+      $('new-email').value = '';
+      loadAccount();
+    } catch (e) {
+      $('email-err').textContent = 'Error: ' + e.message;
+    }
+  });
+
+  $('remove-email').addEventListener('click', async () => {
+    if (!confirm('Remove the email from this account? You will lose the email-recovery option until you attach + verify a new one.')) return;
+    $('email-err').textContent = '';
+    try {
+      const r = await fetch('/api/account/email', {
+        method: 'DELETE',
+        headers: { Authorization: 'Bearer ' + session },
+      });
+      if (!r.ok) { $('email-err').textContent = 'Failed: HTTP ' + r.status; return; }
+      loadAccount();
+    } catch (e) {
+      $('email-err').textContent = 'Error: ' + e.message;
+    }
+  });
+
   $('create-btn').addEventListener('click', async () => {
     try {
       const r = await fetch('/api/account', { method: 'POST' });

package/dist/accounts.js

@@ -35,7 +35,16 @@ function ensureLoaded() {
     try {
         if (existsSync(ACCOUNTS_PATH)) {
             const arr = JSON.parse(readFileSync(ACCOUNTS_PATH, "utf8"));
-            accounts = new Map(arr.map((r) => [r.id, r]));
+            accounts = new Map(arr.map((r) => [
+                r.id,
+                {
+                    id: r.id,
+                    recoveryHash: r.recoveryHash,
+                    createdAt: r.createdAt,
+                    email: typeof r.email === "string" ? r.email : undefined,
+                    emailVerifiedAt: typeof r.emailVerifiedAt === "number" ? r.emailVerifiedAt : undefined,
+                },
+            ]));
         }
         if (existsSync(IDENTITIES_PATH)) {
             identities = JSON.parse(readFileSync(IDENTITIES_PATH, "utf8"));
@@ -45,6 +54,19 @@ function ensureLoaded() {
         console.error("[accounts] load failed:", err);
     }
 }
+const EMAIL_RE = /^[^\s@]+@[^\s@]+\.[^\s@]{2,}$/;
+const CODE_TTL_MS = 60 * 60 * 1000; // 1 hour
+const pendingVerifications = new Map();
+const pendingRecoveries = new Map();
+function gcPending() {
+    const now = Date.now();
+    for (const [k, v] of pendingVerifications)
+        if (v.expiresAt < now)
+            pendingVerifications.delete(k);
+    for (const [k, v] of pendingRecoveries)
+        if (v.expiresAt < now)
+            pendingRecoveries.delete(k);
+}
 function persistAccounts() {
     ensureDir(dirname(ACCOUNTS_PATH));
     const tmp = `${ACCOUNTS_PATH}.tmp`;
@@ -96,7 +118,89 @@ export function verifySession(sessionToken) {
 export function getAccount(accountId) {
     ensureLoaded();
     const a = accounts.get(accountId);
-    return a ? { id: a.id, created_at: a.createdAt } : null;
+    if (!a)
+        return null;
+    return {
+        id: a.id,
+        created_at: a.createdAt,
+        email: a.email ?? null,
+        email_verified: !!a.emailVerifiedAt,
+    };
+}
+export function attachEmail(accountId, rawEmail) {
+    ensureLoaded();
+    const email = rawEmail.trim().toLowerCase();
+    if (!EMAIL_RE.test(email) || email.length > 254) {
+        return { error: "invalid email format" };
+    }
+    const account = accounts.get(accountId);
+    if (!account)
+        return { error: "account not found" };
+    account.email = email;
+    account.emailVerifiedAt = undefined;
+    persistAccounts();
+    const code = randomBytes(32).toString("base64url");
+    pendingVerifications.set(hash(code), { accountId, email, expiresAt: Date.now() + CODE_TTL_MS });
+    return { code, email };
+}
+export function verifyEmailCode(code) {
+    ensureLoaded();
+    gcPending();
+    const rec = pendingVerifications.get(hash(code));
+    if (!rec)
+        return { error: "invalid or expired verification link" };
+    const account = accounts.get(rec.accountId);
+    if (!account)
+        return { error: "account not found" };
+    for (const other of accounts.values()) {
+        if (other.id !== rec.accountId && other.email === rec.email && other.emailVerifiedAt) {
+            pendingVerifications.delete(hash(code));
+            account.email = undefined;
+            persistAccounts();
+            return { error: "this email is already verified on another account" };
+        }
+    }
+    account.email = rec.email;
+    account.emailVerifiedAt = Date.now();
+    persistAccounts();
+    pendingVerifications.delete(hash(code));
+    return { accountId: rec.accountId, email: rec.email };
+}
+export function removeEmail(accountId) {
+    ensureLoaded();
+    const account = accounts.get(accountId);
+    if (!account)
+        return false;
+    account.email = undefined;
+    account.emailVerifiedAt = undefined;
+    persistAccounts();
+    return true;
+}
+export function requestEmailRecovery(rawEmail) {
+    ensureLoaded();
+    const email = rawEmail.trim().toLowerCase();
+    if (!EMAIL_RE.test(email))
+        return null;
+    for (const a of accounts.values()) {
+        if (a.email === email && a.emailVerifiedAt) {
+            const code = randomBytes(32).toString("base64url");
+            pendingRecoveries.set(hash(code), { accountId: a.id, expiresAt: Date.now() + CODE_TTL_MS });
+            return { code, accountId: a.id };
+        }
+    }
+    return null;
+}
+export function confirmEmailRecovery(code) {
+    ensureLoaded();
+    gcPending();
+    const rec = pendingRecoveries.get(hash(code));
+    if (!rec)
+        return null;
+    const account = accounts.get(rec.accountId);
+    if (!account)
+        return null;
+    pendingRecoveries.delete(hash(code));
+    return { accountId: rec.accountId, session_token: issueSession(rec.accountId) };
 }
 export function listIdentities(accountId) {
     ensureLoaded();

package/dist/app.js

@@ -1,6 +1,7 @@
 import { randomUUID } from "node:crypto";
 import { Hono } from "hono";
-import { createAccount, createIdentity, deleteIdentity, getAccount, listIdentities, recoverAccount, verifyIdentity, verifySession, } from "./accounts.js";
+import { attachEmail, confirmEmailRecovery, createAccount, createIdentity, deleteIdentity, getAccount, listIdentities, recoverAccount, removeEmail, requestEmailRecovery, verifyEmailCode, verifyIdentity, verifySession, } from "./accounts.js";
+import { buildRecoveryEmail, buildVerifyEmail, emailEnabled, sendEmail } from "./email.js";
 import { accountHtml } from "./account-ui.js";
 import { adminHtml } from "./admin.js";
 import { getOrCreateChannel, listActiveChannels } from "./channel.js";
@@ -119,6 +120,110 @@ export function createApp(opts) {
             return c.json({ error: "identity not found" }, 404);
         return c.json({ ok: true });
     });
+    // ─── Email recovery (optional channel for "I lost my recovery_token") ───
+    const recoveryHits = new Map();
+    const RECOVERY_WINDOW_MS = 10 * 60 * 1000;
+    const RECOVERY_MAX_PER_WINDOW = 3;
+    function rateLimitRecover(c) {
+        const ip = c.req.header("cf-connecting-ip") ??
+            c.req.header("x-forwarded-for")?.split(",")[0]?.trim() ??
+            c.req.header("x-real-ip") ??
+            "unknown";
+        const now = Date.now();
+        const bucket = recoveryHits.get(ip);
+        if (!bucket || now - bucket.windowStart > RECOVERY_WINDOW_MS) {
+            recoveryHits.set(ip, { count: 1, windowStart: now });
+            return true;
+        }
+        if (bucket.count >= RECOVERY_MAX_PER_WINDOW)
+            return false;
+        bucket.count++;
+        return true;
+    }
+    app.post("/api/account/email", async (c) => {
+        const r = requireSession(c);
+        if (r instanceof Response)
+            return r;
+        if (!emailEnabled())
+            return c.json({ error: "email is not configured on this instance" }, 503);
+        let body = {};
+        try {
+            const raw = await c.req.json();
+            if (raw && typeof raw === "object")
+                body = raw;
+        }
+        catch {
+            /* empty */
+        }
+        const email = String(body.email ?? "");
+        if (!email)
+            return c.json({ error: "email required" }, 400);
+        const result = attachEmail(r.accountId, email);
+        if ("error" in result)
+            return c.json(result, 400);
+        try {
+            const msg = buildVerifyEmail(opts.publicOrigin, result.code, r.accountId);
+            await sendEmail(result.email, msg.subject, msg.text, msg.html);
+        }
+        catch (e) {
+            return c.json({ error: "failed to send verification email: " + e.message }, 502);
+        }
+        return c.json({ ok: true, email: result.email, verification_sent: true });
+    });
+    app.delete("/api/account/email", (c) => {
+        const r = requireSession(c);
+        if (r instanceof Response)
+            return r;
+        removeEmail(r.accountId);
+        return c.json({ ok: true });
+    });
+    app.get("/api/account/email-verify", (c) => {
+        const code = c.req.query("code") ?? "";
+        if (!code)
+            return c.html(verifyResultPage("Missing code parameter.", false));
+        const result = verifyEmailCode(code);
+        if ("error" in result)
+            return c.html(verifyResultPage(result.error, false));
+        return c.html(verifyResultPage(`Verified ${result.email} for account ${result.accountId}.`, true));
+    });
+    app.post("/api/account/email-recover", async (c) => {
+        if (!emailEnabled())
+            return c.json({ error: "email is not configured on this instance" }, 503);
+        if (!rateLimitRecover(c))
+            return c.json({ error: "too many requests, try again later" }, 429);
+        let body = {};
+        try {
+            const raw = await c.req.json();
+            if (raw && typeof raw === "object")
+                body = raw;
+        }
+        catch {
+            /* empty */
+        }
+        const email = String(body.email ?? "");
+        if (email) {
+            const result = requestEmailRecovery(email);
+            if (result) {
+                try {
+                    const msg = buildRecoveryEmail(opts.publicOrigin, result.code);
+                    await sendEmail(email, msg.subject, msg.text, msg.html);
+                }
+                catch (e) {
+                    console.error("[recover] failed to send email:", e);
+                }
+            }
+        }
+        return c.json({ ok: true, message: "If this email is registered and verified, a recovery link was sent." });
+    });
+    app.get("/api/account/email-recover-confirm", (c) => {
+        const code = c.req.query("code") ?? "";
+        if (!code)
+            return c.html(verifyResultPage("Missing code parameter.", false));
+        const result = confirmEmailRecovery(code);
+        if (!result)
+            return c.html(verifyResultPage("Invalid or expired recovery link.", false));
+        return c.html(recoveryAutoLoginPage(result.session_token));
+    });
     app.post("/api/channels", async (c) => {
         let body = {};
         try {
@@ -368,6 +473,26 @@ export function createApp(opts) {
     app.post("/mcp/:channelId", (c) => mcpHandler(c, c.req.param("channelId")));
     app.get("/mcp", (c) => c.json({ jsonrpc: "2.0", id: null, error: { code: -32000, message: "method not allowed; use POST" } }, 405));
     app.get("/mcp/:channelId", (c) => c.json({ jsonrpc: "2.0", id: null, error: { code: -32000, message: "method not allowed; use POST" } }, 405));
+    function verifyResultPage(message, success) {
+        const color = success ? "#2d8a3e" : "#d6541f";
+        const icon = success ? "✓" : "✗";
+        return `<!doctype html><html><head><meta charset="utf-8" /><title>rogerrat</title>
+<style>body{font-family:ui-monospace,Menlo,monospace;background:#f4ede0;color:#1a1a1a;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;line-height:1.5}
+.box{background:#fffaef;border:2px solid ${color};padding:32px;max-width:480px;text-align:center}
+.icon{font-size:48px;color:${color};margin-bottom:12px}
+a{color:#d6541f}</style></head><body>
+<div class="box"><div class="icon">${icon}</div><p>${message}</p>
+<p style="font-size:13px;color:#7a6f5f"><a href="/account">→ go to /account</a></p></div></body></html>`;
+    }
+    function recoveryAutoLoginPage(sessionToken) {
+        return `<!doctype html><html><head><meta charset="utf-8" /><title>rogerrat — recovered</title>
+<style>body{font-family:ui-monospace,Menlo,monospace;background:#f4ede0;color:#1a1a1a;display:flex;align-items:center;justify-content:center;min-height:100vh;margin:0;padding:24px;line-height:1.5}
+.box{background:#fffaef;border:2px solid #2d8a3e;padding:32px;max-width:480px;text-align:center}
+.icon{font-size:48px;color:#2d8a3e;margin-bottom:12px}</style></head><body>
+<div class="box"><div class="icon">✓</div><p>Recovered. Signing you in…</p></div>
+<script>sessionStorage.setItem('rogerrat_account_session', ${JSON.stringify(sessionToken)});setTimeout(function(){location.href='/account';}, 800);</script>
+</body></html>`;
+    }
     app.notFound((c) => c.text("not found", 404));
     app.onError((errInstance, c) => {
         console.error("[rogerrat] unhandled", errInstance);

package/dist/discovery.js

@@ -1,4 +1,4 @@
-const VERSION = "0.8.1";
+const VERSION = "0.9.0";
 export function llmsText(origin) {
     return `# RogerRat
 

package/dist/email.js

@@ -0,0 +1,67 @@
+const RESEND_API_KEY = process.env.RESEND_API_KEY;
+const RESEND_FROM = process.env.RESEND_FROM ?? "RogerRat <no-reply@rogerrat.chat>";
+export function emailEnabled() {
+    return !!RESEND_API_KEY;
+}
+export async function sendEmail(to, subject, text, html) {
+    if (!RESEND_API_KEY)
+        throw new Error("email is disabled on this instance (no RESEND_API_KEY)");
+    const r = await fetch("https://api.resend.com/emails", {
+        method: "POST",
+        headers: {
+            Authorization: `Bearer ${RESEND_API_KEY}`,
+            "Content-Type": "application/json",
+        },
+        body: JSON.stringify({
+            from: RESEND_FROM,
+            to: [to],
+            subject,
+            text,
+            ...(html ? { html } : {}),
+        }),
+    });
+    if (!r.ok) {
+        const body = await r.text();
+        throw new Error(`Resend ${r.status}: ${body}`);
+    }
+    return (await r.json());
+}
+export function buildVerifyEmail(origin, code, accountId) {
+    const url = `${origin}/api/account/email-verify?code=${encodeURIComponent(code)}`;
+    return {
+        subject: "Verify your email for RogerRat",
+        text: `Hello,
+
+You (or someone with your session_token) attached this email to RogerRat account ${accountId}.
+
+Click the link below to verify your email:
+${url}
+
+The link expires in 1 hour. If you didn't request this, you can ignore the email — nothing happens unless you click.
+
+— RogerRat`,
+        html: `<p>Hello,</p>
+<p>You (or someone with your session_token) attached this email to RogerRat account <strong>${accountId}</strong>.</p>
+<p><a href="${url}">Click here to verify your email</a></p>
+<p style="color:#7a6f5f;font-size:13px">The link expires in 1 hour. If you didn't request this, ignore this email — nothing happens unless you click.</p>
+<p style="color:#7a6f5f;font-size:13px">— RogerRat</p>`,
+    };
+}
+export function buildRecoveryEmail(origin, code) {
+    const url = `${origin}/api/account/email-recover-confirm?code=${encodeURIComponent(code)}`;
+    return {
+        subject: "RogerRat account recovery",
+        text: `Someone requested account recovery for this email on RogerRat.
+
+If it was you, click here to get a fresh session_token:
+${url}
+
+The link expires in 1 hour and can only be used once. If it wasn't you, ignore this email — nothing happens unless you click.
+
+— RogerRat`,
+        html: `<p>Someone requested account recovery for this email on RogerRat.</p>
+<p>If it was you, <a href="${url}">click here to get a fresh session_token</a>.</p>
+<p style="color:#7a6f5f;font-size:13px">The link expires in 1 hour and can only be used once. If it wasn't you, ignore this email — nothing happens unless you click.</p>
+<p style="color:#7a6f5f;font-size:13px">— RogerRat</p>`,
+    };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "rogerrat",
-  "version": "0.8.1",
+  "version": "0.9.0",
   "description": "Walkie-talkie MCP server for AI coding agents. Two Claudes (or Cursor, Cline, Claude Desktop) talk to each other over a hosted hub or your own localhost.",
   "keywords": [
     "mcp",