vibegroup 0.1.0 → 0.1.2

package/.claude-plugin/marketplace.json

@@ -0,0 +1,18 @@
+{
+  "name": "vibegroup",
+  "owner": {
+    "name": "Terry Cruz Melo",
+    "email": "terry@cruz.pe"
+  },
+  "description": "vibegroup: let your Claude Code agents talk to each other across repos, machines, and networks.",
+  "plugins": [
+    {
+      "name": "vibegroup",
+      "source": "./plugin",
+      "description": "Ask peer Claude Code agents what they're working on, over an end-to-end-encrypted relay. Answers come from their live session via Claude Code Channels.",
+      "homepage": "https://vibegroup.sh",
+      "license": "MIT",
+      "keywords": ["claude-code", "channel", "mcp", "agents", "collaboration", "relay"]
+    }
+  ]
+}

package/dist/cli.js

@@ -65,6 +65,67 @@ function isLoggedIn(tokens) {
 }
 var init_auth = () => {};
 
+// package.json
+var package_default;
+var init_package = __esm(() => {
+  package_default = {
+    name: "vibegroup",
+    version: "0.1.2",
+    description: "Talk to your teammates' Claude Code agents — agent-to-agent collaboration for Claude Code over a shared channel.",
+    type: "module",
+    bin: {
+      vibegroup: "dist/cli.js"
+    },
+    files: [
+      "dist/cli.js",
+      "README.md",
+      "scripts/postinstall.mjs",
+      ".claude-plugin/marketplace.json",
+      "plugin/.claude-plugin",
+      "plugin/.mcp.json",
+      "plugin/dist",
+      "plugin/commands",
+      "plugin/hooks"
+    ],
+    engines: {
+      node: ">=18"
+    },
+    license: "UNLICENSED",
+    homepage: "https://vibegroup.sh",
+    bugs: {
+      url: "https://vibegroup.sh"
+    },
+    keywords: ["claude", "claude-code", "agents", "collaboration", "cli", "vibegroup"],
+    publishConfig: {
+      access: "public"
+    },
+    workspaces: ["packages/*", "plugin"],
+    scripts: {
+      "build:relay": "cd packages/relay && bun run build",
+      "build:plugin": "cd plugin && bun run build",
+      "build:cli": "bun run scripts/build-cli.ts",
+      "build:server": "cd packages/server && bun run build",
+      build: "bun run build:relay && bun run build:server && bun run build:plugin && bun run build:cli",
+      prepublishOnly: "bun run build:plugin && bun run build:cli",
+      postinstall: "node scripts/postinstall.mjs",
+      "test:cli": "bun test ./test/",
+      "test:protocol": "cd packages/protocol && bun test",
+      "test:relay": "cd packages/relay && bun test",
+      "test:server": "cd packages/server && bun test",
+      "test:plugin": "cd plugin && bun test",
+      test: "bun run test:cli && bun run test:protocol && bun run test:relay && bun run test:server && bun run test:plugin"
+    },
+    dependencies: {
+      "@inkjs/ui": "^2.0.0",
+      ink: "^7.1.0",
+      react: "^19.2.7"
+    },
+    devDependencies: {
+      "@types/react": "^19.2.17"
+    }
+  };
+});
+
 // src/lib/allowlist.ts
 function managedSettingsPath(plat = process.platform) {
   if (plat === "darwin")
@@ -81,6 +142,12 @@ function mergeManagedSettings(existing) {
   next.allowedChannelPlugins = has ? current : [...current, VIBEGROUP_ENTRY];
   return next;
 }
+function isAllowlisted(existing) {
+  if (!existing || existing.channelsEnabled !== true)
+    return false;
+  const current = Array.isArray(existing.allowedChannelPlugins) ? existing.allowedChannelPlugins : [];
+  return current.some((e) => e?.marketplace === "vibegroup" && e?.plugin === "vibegroup");
+}
 var VIBEGROUP_ENTRY;
 var init_allowlist = __esm(() => {
   VIBEGROUP_ENTRY = { marketplace: "vibegroup", plugin: "vibegroup" };
@@ -111,6 +178,25 @@ var init_allowlist2 = __esm(() => {
   init_allowlist();
 });
 
+// src/ui/runner.ts
+import { render } from "ink";
+function runInk(make) {
+  return new Promise((resolve) => {
+    let done = false;
+    let instance;
+    const finish = (code) => {
+      if (done)
+        return;
+      done = true;
+      instance?.unmount();
+      resolve(code);
+    };
+    instance = render(make(finish));
+    instance.waitUntilExit().then(() => finish(130));
+  });
+}
+var init_runner = () => {};
+
 // src/lib/workosAuth.ts
 async function json(res) {
   const text = await res.text();
@@ -191,18 +277,6 @@ async function register(ep, body, f) {
     claim: parseCeremony(data.claim)
   };
 }
-async function startClaim(ep, claimToken, email, f) {
-  const res = await f(ep.claimEndpoint, {
-    method: "POST",
-    headers: { "content-type": "application/json" },
-    body: JSON.stringify({ claim_token: claimToken, email })
-  });
-  const data = await json(res);
-  const ceremony = parseCeremony(data.claim_attempt) ?? parseCeremony(data.claim);
-  if (!ceremony)
-    throw new Error(`claim start failed: ${data.error ?? `HTTP ${res.status}`}`);
-  return ceremony;
-}
 async function pollClaim(tokenEndpoint, claimToken, f, nowMs = Date.now()) {
   const res = await f(tokenEndpoint, {
     method: "POST",
@@ -223,24 +297,7 @@ async function pollClaim(tokenEndpoint, claimToken, f, nowMs = Date.now()) {
       throw new Error(`claim poll failed: ${data.error ?? `HTTP ${res.status}`}`);
   }
 }
-async function exchangeAssertion(tokenEndpoint, assertion, resource, f, nowMs = Date.now()) {
-  const params = new URLSearchParams({ grant_type: JWT_BEARER_GRANT, assertion });
-  if (resource)
-    params.set("resource", resource);
-  const res = await f(tokenEndpoint, {
-    method: "POST",
-    headers: { "content-type": "application/x-www-form-urlencoded" },
-    body: params.toString()
-  });
-  const data = await json(res);
-  if (!res.ok || !data.access_token)
-    throw new Error(`assertion exchange failed: ${data.error ?? `HTTP ${res.status}`}`);
-  const tokens = tokensFromResponse(data, nowMs);
-  if (!tokens.identityAssertion)
-    tokens.identityAssertion = assertion;
-  return tokens;
-}
-var CLAIM_GRANT = "urn:workos:agent-auth:grant-type:claim", JWT_BEARER_GRANT = "urn:ietf:params:oauth:grant-type:jwt-bearer";
+var CLAIM_GRANT = "urn:workos:agent-auth:grant-type:claim";
 
 // src/lib/loginFlow.ts
 async function login(apiBase, f, hooks) {
@@ -250,116 +307,332 @@ async function login(apiBase, f, hooks) {
   emit({ type: "discovering", apiBase });
   const ep = await discover(apiBase, f);
   emit({ type: "discovered", endpoints: ep });
-  if (!await hooks.consent({ resource: ep.resource, scopes: ep.scopesSupported }))
+  const email = (await hooks.email())?.trim();
+  if (!email)
     return null;
-  emit({ type: "registering" });
-  const reg = await register(ep, { type: "anonymous" }, f);
-  if (!reg.identityAssertion)
-    throw new Error("register did not return a pre-claim assertion");
-  let tokens = await exchangeAssertion(ep.tokenEndpoint, reg.identityAssertion, ep.resource, f, now());
-  emit({ type: "registered", scopes: reg.preClaimScopes });
-  const email = hooks.emailFor ? await hooks.emailFor() : null;
-  if (email && reg.claimToken) {
-    const ceremony = await startClaim(ep, reg.claimToken, email, f);
-    emit({ type: "claim", ceremony });
-    if (hooks.waitForCode)
-      await hooks.waitForCode();
-    emit({ type: "polling" });
-    let interval = Math.max(1, ceremony.interval);
-    for (;; ) {
-      const r = await pollClaim(ep.tokenEndpoint, reg.claimToken, f, now());
-      if (r.status === "done") {
-        tokens = r.tokens;
-        emit({ type: "unlocked", scopes: reg.postClaimScopes });
-        return { tokens, claimed: true };
-      }
-      if (r.status === "expired")
-        break;
-      if (r.status === "slow_down")
-        interval += 5;
-      await sleep(interval * 1000);
+  emit({ type: "registering", email });
+  const reg = await register(ep, { type: "service_auth", login_hint: email }, f);
+  if (!reg.claim || !reg.claimToken)
+    throw new Error("service_auth did not return a claim ceremony");
+  emit({ type: "claim", ceremony: reg.claim });
+  emit({ type: "polling" });
+  let interval = Math.max(1, reg.claim.interval);
+  const deadline = now() + (hooks.timeoutMs ?? 10 * 60 * 1000);
+  for (;; ) {
+    const r = await pollClaim(ep.tokenEndpoint, reg.claimToken, f, now());
+    if (r.status === "done") {
+      emit({ type: "done" });
+      return { tokens: r.tokens, email };
     }
+    if (r.status === "expired")
+      throw new Error("the code expired — run `vibegroup login` again");
+    if (r.status === "slow_down")
+      interval += 5;
+    if (now() > deadline)
+      throw new Error("login timed out");
+    await sleep(interval * 1000);
   }
-  return { tokens, claimed: false };
 }
 var defaultSleep = (ms) => new Promise((r) => setTimeout(r, ms));
 var init_loginFlow = () => {};
 
+// src/ui/session.ts
+function jwtClaim(jwt, key) {
+  try {
+    return JSON.parse(Buffer.from(jwt.split(".")[1], "base64url").toString("utf8"))[key];
+  } catch {
+    return;
+  }
+}
+function sessionFromTokens(tokens, email) {
+  const sub = jwtClaim(tokens.accessToken, "sub");
+  const exp = jwtClaim(tokens.accessToken, "exp");
+  return {
+    ...tokens,
+    user: { id: typeof sub === "string" ? sub : email, email },
+    accessTokenExpiresAt: typeof exp === "number" ? new Date(exp * 1000).toISOString() : tokens.accessTokenExpiresAt
+  };
+}
+
+// src/lib/openBrowser.ts
+import { spawn } from "node:child_process";
+function openBrowser(url) {
+  const cmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "cmd" : "xdg-open";
+  const args = process.platform === "win32" ? ["/c", "start", "", url] : [url];
+  try {
+    spawn(cmd, args, { stdio: "ignore", detached: true }).unref();
+  } catch {}
+}
+var init_openBrowser = () => {};
+
+// src/ui/theme.ts
+var color;
+var init_theme = __esm(() => {
+  color = {
+    brand: "magenta",
+    accent: "cyan",
+    ok: "green",
+    warn: "yellow",
+    err: "red",
+    dim: "gray"
+  };
+});
+
+// src/ui/Login.tsx
+import { useEffect, useRef, useState } from "react";
+import { Box, Text } from "ink";
+import { Spinner, StatusMessage, TextInput, Alert, Badge } from "@inkjs/ui";
+import { jsx, jsxs } from "react/jsx-runtime";
+function Login({
+  apiBase,
+  initialEmail,
+  onExit
+}) {
+  const [phase, setPhase] = useState(initialEmail ? { t: "connecting" } : { t: "email" });
+  const opened = useRef(false);
+  const started = useRef(false);
+  const start = (email) => {
+    if (started.current)
+      return;
+    started.current = true;
+    setPhase({ t: "connecting" });
+    login(apiBase, fetch, {
+      email: async () => email,
+      onEvent: (e) => {
+        if (e.type === "registering")
+          setPhase({ t: "registering", email: e.email });
+        else if (e.type === "claim")
+          setPhase({ t: "waiting", code: e.ceremony.userCode, url: e.ceremony.verificationUri });
+      }
+    }).then((res) => {
+      if (!res) {
+        setPhase({ t: "error", message: "Login cancelled." });
+        setTimeout(() => onExit(1), 50);
+        return;
+      }
+      writeAuth(sessionFromTokens(res.tokens, res.email));
+      setPhase({ t: "done", email: res.email });
+      setTimeout(() => onExit(0), 500);
+    }).catch((err) => {
+      setPhase({ t: "error", message: err?.message ?? String(err) });
+      setTimeout(() => onExit(1), 800);
+    });
+  };
+  useEffect(() => {
+    if (initialEmail)
+      start(initialEmail);
+  }, []);
+  useEffect(() => {
+    if (phase.t === "waiting" && !opened.current) {
+      opened.current = true;
+      openBrowser(phase.url);
+    }
+  }, [phase]);
+  return /* @__PURE__ */ jsxs(Box, {
+    flexDirection: "column",
+    gap: 1,
+    paddingY: 1,
+    children: [
+      /* @__PURE__ */ jsxs(Text, {
+        children: [
+          /* @__PURE__ */ jsx(Text, {
+            color: color.brand,
+            bold: true,
+            children: "vibegroup"
+          }),
+          /* @__PURE__ */ jsx(Text, {
+            dimColor: true,
+            children: " · sign in"
+          })
+        ]
+      }),
+      phase.t === "email" && /* @__PURE__ */ jsxs(Box, {
+        flexDirection: "column",
+        children: [
+          /* @__PURE__ */ jsx(Text, {
+            children: "Email to sign in with:"
+          }),
+          /* @__PURE__ */ jsx(Box, {
+            marginTop: 1,
+            children: /* @__PURE__ */ jsx(TextInput, {
+              placeholder: "you@company.com",
+              onSubmit: (value) => {
+                const email = value.trim();
+                if (email)
+                  start(email);
+                else
+                  onExit(1);
+              }
+            })
+          })
+        ]
+      }),
+      phase.t === "connecting" && /* @__PURE__ */ jsx(Spinner, {
+        label: "Connecting to vibegroup…"
+      }),
+      phase.t === "registering" && /* @__PURE__ */ jsx(Spinner, {
+        label: `Registering ${phase.email}…`
+      }),
+      phase.t === "waiting" && /* @__PURE__ */ jsxs(Box, {
+        flexDirection: "column",
+        gap: 1,
+        children: [
+          /* @__PURE__ */ jsxs(Box, {
+            borderStyle: "round",
+            borderColor: color.accent,
+            paddingX: 1,
+            flexDirection: "column",
+            children: [
+              /* @__PURE__ */ jsx(Text, {
+                children: "Open this link, sign in, and enter the code:"
+              }),
+              /* @__PURE__ */ jsx(Box, {
+                marginY: 1,
+                children: /* @__PURE__ */ jsx(Badge, {
+                  color: "cyan",
+                  children: phase.code
+                })
+              }),
+              /* @__PURE__ */ jsx(Text, {
+                color: color.accent,
+                children: phase.url
+              }),
+              /* @__PURE__ */ jsx(Text, {
+                dimColor: true,
+                children: "(the code goes into that page — not back here)"
+              })
+            ]
+          }),
+          /* @__PURE__ */ jsx(Spinner, {
+            label: "Waiting for you to confirm in the browser…"
+          })
+        ]
+      }),
+      phase.t === "done" && /* @__PURE__ */ jsxs(StatusMessage, {
+        variant: "success",
+        children: [
+          "Signed in as ",
+          phase.email,
+          ". You're good to go!"
+        ]
+      }),
+      phase.t === "error" && /* @__PURE__ */ jsx(Alert, {
+        variant: "error",
+        children: phase.message
+      })
+    ]
+  });
+}
+var init_Login = __esm(() => {
+  init_loginFlow();
+  init_auth();
+  init_openBrowser();
+  init_theme();
+});
+
 // src/commands/login.ts
 var exports_login = {};
 __export(exports_login, {
   loginCommand: () => loginCommand
 });
-import { createInterface } from "node:readline/promises";
-async function ask(question) {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  try {
-    return (await rl.question(question)).trim();
-  } finally {
-    rl.close();
-  }
+import { createElement } from "react";
+async function loginCommand(rest, env = process.env) {
+  const base = apiBase(env);
+  return runInk((onExit) => createElement(Login, { apiBase: base, initialEmail: rest[0], onExit }));
 }
-async function confirm(question) {
-  return /^y(es)?$/i.test(await ask(`${question} [y/N] `));
-}
-function render(e) {
-  switch (e.type) {
-    case "discovering":
-      console.log(`
-• Checking ${e.apiBase}/auth.md for instructions`);
-      break;
-    case "discovered":
-      console.log("  └ Found agent_auth · anonymous registration supported · claim to unlock full access");
-      break;
-    case "registering":
-      console.log("• Registering with vibegroup");
-      break;
-    case "registered":
-      console.log("  └ 200 OK · registered, acting with limited access");
-      break;
-    case "claim":
-      console.log(`
-To unlock your account, sign in at vibegroup and enter this code: ${e.ceremony.userCode}`);
-      console.log(`${e.ceremony.verificationUri} — the code goes in there, not back to me.`);
-      break;
-    case "polling":
-      console.log(`
-Waiting for you to confirm…`);
-      break;
-    case "unlocked":
-      console.log("  └ Unlocked · full access");
-      break;
-  }
+var init_login = __esm(() => {
+  init_runner();
+  init_Login();
+  init_cli();
+});
+
+// src/commands/init.ts
+var exports_init = {};
+__export(exports_init, {
+  initCommand: () => initCommand
+});
+import { spawnSync } from "node:child_process";
+import { existsSync as existsSync3, readFileSync as readFileSync3 } from "node:fs";
+import { fileURLToPath } from "node:url";
+import { dirname as dirname2, join as join2 } from "node:path";
+function packageRoot() {
+  return join2(dirname2(fileURLToPath(import.meta.url)), "..");
 }
-async function loginCommand(env = process.env) {
-  const base = apiBase(env);
+function commandExists(cmd) {
+  return spawnSync(cmd, ["--version"], { stdio: "ignore" }).status === 0;
+}
+function pluginInstalled() {
+  const r = spawnSync("claude", ["plugin", "list"], { encoding: "utf8" });
+  return r.status === 0 && /vibegroup@vibegroup/.test(r.stdout ?? "");
+}
+function readManagedSettings() {
   try {
-    const result = await login(base, fetch, {
-      consent: ({ resource }) => confirm(`Allow agent to register for vibegroup (${resource}) on your behalf?`),
-      emailFor: async () => {
-        const email = await ask("Email to link your account (leave blank to stay anonymous): ");
-        return email || null;
-      },
-      onEvent: render
-    });
-    if (!result) {
-      console.log("Cancelled — nothing was registered.");
+    const p = managedSettingsPath();
+    if (existsSync3(p))
+      return JSON.parse(readFileSync3(p, "utf8"));
+  } catch {}
+  return null;
+}
+function writeAllowlistWithSudo() {
+  const path = managedSettingsPath();
+  const json2 = JSON.stringify(mergeManagedSettings(readManagedSettings()), null, 2);
+  const script = `mkdir -p "${dirname2(path)}" && cat > "${path}"`;
+  const r = spawnSync("sudo", ["sh", "-c", script], { input: json2, stdio: ["pipe", "inherit", "inherit"] });
+  return r.status === 0;
+}
+async function initCommand(rest, flags = {}, env = process.env) {
+  const dev = flags.dev === true;
+  console.log(`vibegroup setup
+`);
+  if (!commandExists("claude")) {
+    console.error("Claude Code (`claude`) is not on your PATH. Install it first: https://docs.claude.com/claude-code");
+    return 1;
+  }
+  if (pluginInstalled()) {
+    console.log("✓ Plugin already installed.");
+  } else {
+    console.log("• Installing the vibegroup plugin into Claude Code…");
+    spawnSync("claude", ["plugin", "marketplace", "add", packageRoot()], { stdio: "inherit" });
+    spawnSync("claude", ["plugin", "install", "vibegroup@vibegroup"], { stdio: "inherit" });
+    if (!pluginInstalled()) {
+      console.error("Plugin install did not complete. Try manually: claude plugin install vibegroup@vibegroup");
       return 1;
     }
-    writeAuth(result.tokens, env);
-    console.log(result.claimed ? `
-Logged in. You're good to go!` : "\nRegistered with limited access. Run `vibegroup login` again anytime to link your account and unlock full access.");
-    return 0;
-  } catch (err) {
-    console.error(`
-login failed: ${err.message}`);
-    return 1;
+    console.log("✓ Plugin installed.");
   }
+  if (dev) {
+    console.log("• Dev mode: skipping the channel allowlist (launch with `vibegroup claude --dev`).");
+  } else if (isAllowlisted(readManagedSettings())) {
+    console.log("✓ Channel already enabled.");
+  } else {
+    console.log(`
+• Enabling the vibegroup channel needs admin once (Claude Code gates channel plugins).`);
+    console.log(`  Writing ${managedSettingsPath()} — enter your password if prompted.`);
+    if (!writeAllowlistWithSudo()) {
+      console.error("  Could not write managed settings. Retry, or run `vibegroup init --dev` to skip it and use `vibegroup claude --dev`.");
+      return 1;
+    }
+    console.log("✓ Channel enabled.");
+  }
+  if (isLoggedIn(readAuth(env))) {
+    console.log("✓ Already signed in.");
+  } else {
+    console.log(`
+• Sign in to vibegroup:`);
+    const code = await loginCommand(rest, env);
+    if (code !== 0)
+      return code;
+  }
+  console.log(`
+✓ Setup complete. Next:`);
+  console.log('    vibegroup team create <slug> --name "<name>"   # if you need a team');
+  console.log("    vibegroup claude --team <slug>                 # launch a channel session");
+  return 0;
 }
-var init_login = __esm(() => {
-  init_loginFlow();
+var init_init = __esm(() => {
   init_auth();
-  init_cli();
+  init_allowlist();
+  init_login();
 });
 
 // src/lib/apiClient.ts
@@ -480,7 +753,7 @@ var init_team = __esm(() => {
 });
 
 // src/lib/claudeLaunch.ts
-import { spawnSync } from "node:child_process";
+import { spawnSync as spawnSync2 } from "node:child_process";
 function buildClaudeArgs(opts = {}) {
   const extra = opts.extraArgs ?? [];
   return opts.dangerously ? ["--dangerously-load-development-channels", CHANNEL_SPEC, ...extra] : ["--channels", CHANNEL_SPEC, ...extra];
@@ -489,7 +762,7 @@ function launchClaude(opts = {}, launcher = defaultLauncher) {
   return launcher("claude", buildClaudeArgs(opts), opts.env);
 }
 var CHANNEL_SPEC = "plugin:vibegroup@vibegroup", defaultLauncher = (cmd, args, env) => {
-  const r = spawnSync(cmd, args, { stdio: "inherit", env: env ? { ...process.env, ...env } : process.env });
+  const r = spawnSync2(cmd, args, { stdio: "inherit", env: env ? { ...process.env, ...env } : process.env });
   if (r.error)
     throw r.error;
   return r.status ?? 0;
@@ -620,9 +893,13 @@ async function run(argv, env = process.env) {
       const { allowlistPathCommand: allowlistPathCommand2 } = await Promise.resolve().then(() => (init_allowlist2(), exports_allowlist));
       return allowlistPathCommand2();
     }
+    case "init": {
+      const { initCommand: initCommand2 } = await Promise.resolve().then(() => (init_init(), exports_init));
+      return initCommand2(rest, flags, env);
+    }
     case "login": {
       const { loginCommand: loginCommand2 } = await Promise.resolve().then(() => (init_login(), exports_login));
-      return loginCommand2(env);
+      return loginCommand2(rest, env);
     }
     case "team": {
       const { teamCommand: teamCommand2 } = await Promise.resolve().then(() => (init_team(), exports_team));
@@ -647,12 +924,13 @@ async function run(argv, env = process.env) {
       return 1;
   }
 }
-var VERSION = "0.1.0", DEFAULT_API_BASE2 = "https://api.vibegroup.sh", HELP = `vibegroup — talk to your teammates' Claude Code agents.
+var VERSION, DEFAULT_API_BASE2 = "https://api.vibegroup.sh", HELP = `vibegroup — talk to your teammates' Claude Code agents.
 
 Usage: vibegroup <command> [options]
 
 Commands:
-  login                       Sign in / sign up (opens your browser)
+  init [email]                One-time setup: install the plugin, enable the channel, sign in
+  login [email]               Sign in / sign up (opens your browser, verifies email)
   logout                      Clear the cached session
   status                      Show your auth + connection status
   team create <slug> [--name] Create a team (a WorkOS org + a general room)
@@ -665,6 +943,8 @@ Commands:
 Run a command with --help for more.`;
 var init_cli = __esm(() => {
   init_auth();
+  init_package();
+  VERSION = package_default.version;
 });
 
 // src/bin.ts