teleportation-cli 1.0.0 → 1.0.2

package/.claude/hooks/user_prompt_submit.mjs

@@ -9,6 +9,15 @@
 import { stdin, stdout, exit, env } from 'node:process';
 import { tmpdir } from 'os';
 import { join } from 'path';
+import { appendFile } from 'fs/promises';
+
+const HOOK_LOG = '/tmp/teleportation-hook.log';
+const log = async (msg) => {
+  const ts = new Date().toISOString();
+  try {
+    await appendFile(HOOK_LOG, `[${ts}] [UserPromptSubmit] ${msg}\n`);
+  } catch {}
+};
 
 const readStdin = () => new Promise((resolve, reject) => {
   let data = '';
@@ -18,6 +27,12 @@ const readStdin = () => new Promise((resolve, reject) => {
   stdin.on('error', reject);
 });
 
+const fetchJson = async (url, opts) => {
+  const res = await fetch(url, opts);
+  if (!res.ok) throw new Error(`HTTP ${res.status}`);
+  return res.json();
+};
+
 (async () => {
   let input = {};
   try {
@@ -31,6 +46,45 @@ const readStdin = () => new Promise((resolve, reject) => {
 
   const { session_id, prompt } = input;
 
+  // Clear away mode only on actual user activity (prompt submit), not on tool attempts.
+  // Also support /away and /back here in case they are handled as prompts.
+  if (session_id && prompt && typeof prompt === 'string') {
+    const trimmed = prompt.trim();
+    const lowered = trimmed.toLowerCase();
+
+    let desiredAway = null;
+    if (lowered === '/away' || lowered === 'teleportation away') desiredAway = true;
+    else if (lowered === '/back' || lowered === 'teleportation back') desiredAway = false;
+    else if (trimmed.length > 0) desiredAway = false;
+
+    if (desiredAway !== null) {
+      try {
+        const { loadConfig } = await import('./config-loader.mjs');
+        const config = await loadConfig();
+
+        const RELAY_API_URL = env.RELAY_API_URL || config.relayApiUrl || '';
+        const RELAY_API_KEY = env.RELAY_API_KEY || config.relayApiKey || '';
+
+        if (RELAY_API_URL && RELAY_API_KEY) {
+          await fetchJson(`${RELAY_API_URL}/api/sessions/${session_id}/daemon-state`, {
+            method: 'PATCH',
+            headers: {
+              'Content-Type': 'application/json',
+              'Authorization': `Bearer ${RELAY_API_KEY}`
+            },
+            body: JSON.stringify({ is_away: desiredAway })
+          });
+        }
+      } catch (e) {
+        // Always log failures to hook log file for debugging (not just in DEBUG mode)
+        log(`Failed to update away state: ${e.message}`);
+        if (env.DEBUG) {
+          console.error(`[UserPromptSubmit] Failed to update away state: ${e.message}`);
+        }
+      }
+    }
+  }
+
   // Check if user is running /model command
   if (prompt && typeof prompt === 'string') {
     const trimmed = prompt.trim().toLowerCase();
@@ -85,6 +139,63 @@ const readStdin = () => new Promise((resolve, reject) => {
     }
   }
 
+  // Log user message to timeline (skip special commands that are already logged differently)
+  if (session_id && prompt && typeof prompt === 'string') {
+    const trimmed = prompt.trim();
+    const lowered = trimmed.toLowerCase();
+
+    // Skip special commands - they are handled above or have their own logging
+    const isSpecialCommand =
+      lowered === '/away' || lowered === 'teleportation away' ||
+      lowered === '/back' || lowered === 'teleportation back' ||
+      lowered === '/model' || lowered.startsWith('/model ');
+
+    if (!isSpecialCommand && trimmed.length > 0) {
+      try {
+        const { loadConfig } = await import('./config-loader.mjs');
+        const config = await loadConfig();
+        const RELAY_API_URL = env.RELAY_API_URL || config.relayApiUrl || '';
+        const RELAY_API_KEY = env.RELAY_API_KEY || config.relayApiKey || '';
+
+        if (RELAY_API_URL && RELAY_API_KEY) {
+          // Truncate prompt to 2000 chars for storage efficiency
+          const MAX_PROMPT_LENGTH = 2000;
+          const truncatedPrompt = trimmed.length > MAX_PROMPT_LENGTH
+            ? trimmed.substring(0, MAX_PROMPT_LENGTH)
+            : trimmed;
+
+          await fetch(`${RELAY_API_URL}/api/timeline`, {
+            method: 'POST',
+            headers: {
+              'Content-Type': 'application/json',
+              'Authorization': `Bearer ${RELAY_API_KEY}`
+            },
+            body: JSON.stringify({
+              session_id,
+              type: 'user_message',
+              data: {
+                prompt: truncatedPrompt,
+                full_length: trimmed.length,
+                truncated: trimmed.length > MAX_PROMPT_LENGTH,
+                timestamp: Date.now()
+              }
+            })
+          });
+
+          if (env.DEBUG) {
+            log(`Logged user_message to timeline for session ${session_id}`);
+          }
+        }
+      } catch (e) {
+        // Non-critical - log error but don't block prompt submission
+        log(`Failed to log user message to timeline: ${e.message}`);
+        if (env.DEBUG) {
+          console.error(`[UserPromptSubmit] Failed to log user message: ${e.message}`);
+        }
+      }
+    }
+  }
+
   // Always suppress output from this hook
   try { stdout.write(JSON.stringify({ suppressOutput: true })); } catch {}
   return exit(0);

package/README.md

@@ -10,13 +10,29 @@ Teleportation enables developers to approve Claude Code actions remotely from an
 
 ## Installation
 
-### Method 1: Quick Install (curl)
+### Method 1: npm (Recommended)
+
+```bash
+# Install globally via npm
+npm install -g teleportation-cli
+
+# Verify installation
+teleportation --version
+```
+
+**Requirements:**
+- **Bun >=1.3.0** - [Install Bun](https://bun.sh/docs/installation)
+- **Claude Code CLI** - [Install Claude Code](https://claude.ai/code)
+
+> **Note:** While the package uses npm for distribution, it requires Bun as the runtime. Make sure to install Bun first.
+
+### Method 2: Quick Install (curl)
 
 ```bash
 curl -fsSL https://raw.githubusercontent.com/dundas/teleportation-private/main/scripts/install.sh | bash
 ```
 
-### Method 2: From Source (Recommended)
+### Method 3: From Source
 
 **Requirements:** Bun >=1.3.0
 
@@ -31,15 +47,10 @@ bun install
 bun link  # Makes 'teleportation' command available globally
 ```
 
-### Method 3: GitHub Releases
+### Method 4: GitHub Releases
 
 Download the latest release from [GitHub Releases](https://github.com/dundas/teleportation-private/releases/latest) and extract to `~/.teleportation/`.
 
-## Requirements
-
-- **Bun >=1.3.0** (JavaScript runtime)
-- **Claude Code CLI** installed
-
 ### Installing Bun
 
 ```bash
@@ -77,16 +88,19 @@ bun install
 ## Quick Start
 
 ```bash
-# 1. Enable hooks
+# 1. Install via npm
+npm install -g teleportation-cli
+
+# 2. Enable hooks
 teleportation on
 
-# 2. Authenticate with your account
+# 3. Authenticate with your account
 teleportation login
 
-# 3. Check status
+# 4. Check status
 teleportation status
 
-# 4. Start Claude Code - approvals will be routed to your phone!
+# 5. Start Claude Code - approvals will be routed to your phone!
 ```
 
 ## Usage
@@ -229,6 +243,16 @@ bun run dev:all
 - **Multi-tenant isolation**: Your data is isolated from other users
 - **Privacy-preserving**: Session existence not revealed to unauthorized users
 
+## Known Limitations
+
+### Session Registry Race Condition
+
+The remote session registry uses file-based storage (`~/.teleportation/remote-sessions/sessions.json`). There is a theoretical race condition if multiple processes attempt to register the same session ID simultaneously. The check for existing sessions and the save operation are not atomic.
+
+**Impact**: This is an acceptable limitation for the current single-user CLI use case.
+
+**Future mitigation**: Future versions may implement file locking (e.g., using `proper-lockfile` package) or migrate to a database (e.g., SQLite) for multi-user or concurrent scenarios.
+
 ## License
 
 MIT

package/lib/auth/claude-key-extractor.js

@@ -0,0 +1,196 @@
+/**
+ * Claude Code API Key Extractor
+ *
+ * Extracts the ANTHROPIC_API_KEY from the user's local Claude Code installation.
+ * Tries multiple methods to find the key.
+ */
+
+import { exec } from 'child_process';
+import { promisify } from 'util';
+import fs from 'fs/promises';
+import os from 'os';
+import path from 'path';
+
+const execAsync = promisify(exec);
+
+/**
+ * Try to get API key from macOS keychain
+ */
+async function getFromKeychain() {
+  try {
+    // Try common keychain entries for Claude/Anthropic
+    const services = [
+      'claude.ai',
+      'anthropic.com',
+      'Claude',
+      'Anthropic',
+      'claude-code',
+    ];
+
+    for (const service of services) {
+      try {
+        const { stdout } = await execAsync(`security find-generic-password -s "${service}" -w 2>/dev/null`);
+        if (stdout && stdout.trim().startsWith('sk-ant-')) {
+          return stdout.trim();
+        }
+      } catch {}
+    }
+
+    // Try finding by account name
+    const accounts = ['api-key', 'apikey', 'token'];
+    for (const acct of accounts) {
+      try {
+        const { stdout } = await execAsync(`security find-generic-password -a "${acct}" -w 2>/dev/null`);
+        if (stdout && stdout.trim().startsWith('sk-ant-')) {
+          return stdout.trim();
+        }
+      } catch {}
+    }
+
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Try to get API key from environment
+ */
+function getFromEnvironment() {
+  return process.env.ANTHROPIC_API_KEY ||
+         process.env.CLAUDE_API_KEY ||
+         process.env.CLAUDE_CODE_API_KEY ||
+         null;
+}
+
+/**
+ * Try to get API key from Claude Code config files
+ */
+async function getFromClaudeConfig() {
+  try {
+    const homeDir = os.homedir();
+    const configPaths = [
+      path.join(homeDir, '.claude', 'config.json'),
+      path.join(homeDir, '.claude', 'settings.json'),
+      path.join(homeDir, '.claude', 'credentials.json'),
+      path.join(homeDir, '.config', 'claude', 'config.json'),
+    ];
+
+    for (const configPath of configPaths) {
+      try {
+        const content = await fs.readFile(configPath, 'utf-8');
+        const config = JSON.parse(content);
+
+        // Check various possible key names
+        const key = config.apiKey ||
+                    config.anthropicApiKey ||
+                    config.ANTHROPIC_API_KEY ||
+                    config.api_key ||
+                    config.token;
+
+        if (key && key.startsWith('sk-ant-')) {
+          return key;
+        }
+      } catch {}
+    }
+
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Try to get API key from running Claude Code process environment
+ */
+async function getFromRunningProcess() {
+  try {
+    // Get PID of running claude process
+    const { stdout: pids } = await execAsync(`pgrep -f "claude" 2>/dev/null || echo ""`);
+
+    if (!pids.trim()) {
+      return null;
+    }
+
+    // Try to read environment from process
+    for (const pid of pids.trim().split('\n')) {
+      if (!pid) continue;
+
+      try {
+        // On macOS, we can try to read process environment via ps
+        const { stdout } = await execAsync(`ps eww ${pid} 2>/dev/null | grep -o "ANTHROPIC_API_KEY=[^ ]*" | cut -d= -f2`);
+        if (stdout && stdout.trim().startsWith('sk-ant-')) {
+          return stdout.trim();
+        }
+      } catch {}
+    }
+
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+
+/**
+ * Main function to extract Claude Code API key
+ * Tries multiple methods in order of reliability
+ *
+ * @returns {Promise<string|null>} API key if found, null otherwise
+ */
+export async function extractClaudeApiKey() {
+  console.log('[claude-key-extractor] Attempting to extract API key from local Claude Code installation...');
+
+  // Method 1: Check environment first (fastest)
+  let apiKey = getFromEnvironment();
+  if (apiKey) {
+    console.log('[claude-key-extractor] ✅ Found API key in environment variables');
+    return apiKey;
+  }
+
+  // Method 2: Check Claude Code config files
+  apiKey = await getFromClaudeConfig();
+  if (apiKey) {
+    console.log('[claude-key-extractor] ✅ Found API key in Claude Code config');
+    return apiKey;
+  }
+
+  // Method 3: Check macOS keychain
+  apiKey = await getFromKeychain();
+  if (apiKey) {
+    console.log('[claude-key-extractor] ✅ Found API key in macOS keychain');
+    return apiKey;
+  }
+
+  // Method 4: Try to read from running process
+  apiKey = await getFromRunningProcess();
+  if (apiKey) {
+    console.log('[claude-key-extractor] ✅ Found API key in running Claude Code process');
+    return apiKey;
+  }
+
+  console.log('[claude-key-extractor] ⚠️  Could not find API key');
+  console.log('[claude-key-extractor] Please set ANTHROPIC_API_KEY environment variable');
+  return null;
+}
+
+/**
+ * Get API key with fallback message
+ */
+export async function getClaudeApiKeyOrPrompt() {
+  const apiKey = await extractClaudeApiKey();
+
+  if (!apiKey) {
+    console.log('\n' + '='.repeat(60));
+    console.log('ANTHROPIC_API_KEY not found!');
+    console.log('='.repeat(60));
+    console.log('\nPlease set your API key using one of these methods:\n');
+    console.log('1. Environment variable:');
+    console.log('   export ANTHROPIC_API_KEY="sk-ant-..."');
+    console.log('\n2. Get your key from: https://console.anthropic.com/settings/keys');
+    console.log('\n3. If you\'re logged into Claude Code, try:');
+    console.log('   claude config show  # (if supported)');
+    console.log('='.repeat(60) + '\n');
+  }
+
+  return apiKey;
+}

package/lib/auth/credentials.js

@@ -27,8 +27,13 @@ async function getEncryptionKey(keyPath = DEFAULT_KEY_PATH) {
   // For Windows: use Credential Manager or fallback to file
   
   const platform = process.platform;
-  
-  if (platform === 'darwin') {
+
+  // Only attempt keychain when using the default key path. This allows tests and
+  // advanced callers to provide a custom key path without depending on keychain
+  // availability/behavior.
+  const shouldUseKeychain = keyPath === DEFAULT_KEY_PATH;
+
+  if (shouldUseKeychain && platform === 'darwin') {
     // macOS - try to use keychain
     try {
       const { execSync } = await import('child_process');