diff --git a/.claude/rules/cli.md b/.claude/rules/cli.md index e0db51c154..11a1d68d81 100644 --- a/.claude/rules/cli.md +++ b/.claude/rules/cli.md @@ -29,10 +29,9 @@ bun run cli version ## Startup Behavior -1. Deletes `process.env.DATABASE_URL` (prevent target repo's DB from leaking in) -2. Loads `~/.archon/.env` with `override: true` -3. Smart Claude auth default: if no `CLAUDE_API_KEY` or `CLAUDE_CODE_OAUTH_TOKEN`, sets `CLAUDE_USE_GLOBAL_AUTH=true` -4. Imports all commands AFTER dotenv setup +1. Loads `~/.archon/.env` with `override: true` (Archon's config wins over any Bun-auto-loaded CWD vars) +2. Smart Claude auth default: if no `CLAUDE_API_KEY` or `CLAUDE_CODE_OAUTH_TOKEN`, sets `CLAUDE_USE_GLOBAL_AUTH=true` +3. Imports all commands AFTER dotenv setup ## WorkflowRunOptions Interface diff --git a/.claude/skills/release/SKILL.md b/.claude/skills/release/SKILL.md index 4b0e197282..57e7c4ba3a 100644 --- a/.claude/skills/release/SKILL.md +++ b/.claude/skills/release/SKILL.md @@ -97,13 +97,16 @@ Read the commit messages and the actual diffs (`git diff main..dev`) to understa - `pyproject.toml`: update `version = "x.y.z"` - `Cargo.toml`: update `version = "x.y.z"` -2. **Lockfile refresh** (stack-dependent): +2. **Workspace version sync** (monorepo only): + - If `scripts/sync-versions.sh` exists, run `bash scripts/sync-versions.sh` to sync all `packages/*/package.json` versions to match the root version. + +3. **Lockfile refresh** (stack-dependent): - `package.json` + `bun.lock`: run `bun install` - `package.json` + `package-lock.json`: run `npm install --package-lock-only` - `pyproject.toml` + `uv.lock`: run `uv lock --quiet` - `Cargo.toml`: run `cargo update --workspace` -3. **`CHANGELOG.md`** — prepend new version section: +4. **`CHANGELOG.md`** — prepend new version section: ```markdown ## [x.y.z] - YYYY-MM-DD @@ -141,8 +144,8 @@ Ask: "Does this look good? I'll commit and create the PR." Only after user approval: ```bash -# Stage version file, lockfile, and changelog -git add CHANGELOG.md +# Stage version file, workspace packages, lockfile, and changelog +git add packages/*/package.json CHANGELOG.md git commit -m "Release x.y.z" # Push dev diff --git a/CHANGELOG.md b/CHANGELOG.md index b259551bb7..f0a2c1e642 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,25 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [0.3.4] - 2026-04-10 + +Binary env loading fix and release infrastructure improvements. + +### Added + +- **Docs site redesign**: logo, dark theme, feature cards, and enhanced CSS (#1022) + +### Changed + +- **Server env loading for binary support**: removed redundant CWD `.env` stripping — `SUBPROCESS_ENV_ALLOWLIST` and the env-leak gate already prevent target repo credentials from reaching AI subprocesses. Server now loads `~/.archon/.env` with `override: true` for all keys (not just `DATABASE_URL`), skips the `import.meta.dir` `.env` path in binary mode, and defaults `CLAUDE_USE_GLOBAL_AUTH=true` when no explicit credentials are set (#1045) +- **Workspace version sync**: all `packages/*/package.json` versions now sync from the root `package.json` during releases via `scripts/sync-versions.sh` + +### Fixed + +- **`archon serve` crash in compiled binaries**: the CWD env stripping + baked `import.meta.dir` path caused all credentials to be lost, triggering `no_ai_credentials` exit on every startup +- **CLI `version` command reading stale version**: dev mode now reads from the monorepo root `package.json` instead of the CLI package's own version field +- **Release CI web build**: fixed `bun --filter` syntax and added missing `remark-gfm` transitive dependencies for Bun hoisting + ## [0.3.3] - 2026-04-10 Binary distribution improvements, new workflow node type, and a batch of bug fixes. diff --git a/package.json b/package.json index d34fcbe257..e7fa4d8e0f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "archon", - "version": "0.3.3", + "version": "0.3.4", "private": true, "workspaces": [ "packages/*" diff --git a/packages/adapters/package.json b/packages/adapters/package.json index fb07baaa8b..c5d86a6cd6 100644 --- a/packages/adapters/package.json +++ b/packages/adapters/package.json @@ -1,6 +1,6 @@ { "name": "@archon/adapters", - "version": "0.1.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "types": "./src/index.ts", diff --git a/packages/cli/package.json b/packages/cli/package.json index b5574f4ce2..95340386b1 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@archon/cli", - "version": "0.2.13", + "version": "0.3.4", "type": "module", "main": "./src/cli.ts", "bin": { diff --git a/packages/cli/src/cli.ts b/packages/cli/src/cli.ts index c32863d271..96c0209666 100755 --- a/packages/cli/src/cli.ts +++ b/packages/cli/src/cli.ts @@ -12,26 +12,13 @@ import { config } from 'dotenv'; import { resolve } from 'path'; import { existsSync } from 'fs'; -// Strip all vars that Bun may have auto-loaded from CWD's .env. -// Bun auto-loads .env relative to CWD before any user code runs. The CLI -// runs from target repos whose .env contains keys for that app (ANTHROPIC_API_KEY, -// DATABASE_URL, OPENAI_API_KEY, etc.) — none of which should affect Archon. -// Strategy: parse the CWD .env without applying it, then delete those keys. -const cwdEnvPath = resolve(process.cwd(), '.env'); -if (existsSync(cwdEnvPath)) { - const cwdEnvResult = config({ path: cwdEnvPath, processEnv: {} }); - // If parse fails, cwdEnvResult.parsed is undefined — safe to skip: - // Bun uses the same RFC-style parser, so a file dotenv cannot parse - // was also unparseable by Bun and contributed no keys to process.env. - if (cwdEnvResult.parsed) { - for (const key of Object.keys(cwdEnvResult.parsed)) { - Reflect.deleteProperty(process.env, key); - } - } -} - -// Load .env from global Archon config only (override: true so ~/.archon/.env -// always wins over any remaining Bun-auto-loaded vars) +// Load .env from global Archon config (override: true so ~/.archon/.env +// always wins over any Bun-auto-loaded CWD vars). +// +// Credential safety: target repo .env keys that Bun auto-loads from CWD +// cannot leak into AI subprocesses — SUBPROCESS_ENV_ALLOWLIST blocks them. +// The env-leak gate provides a second layer by scanning target repos before +// spawning. No CWD stripping needed. const globalEnvPath = resolve(process.env.HOME ?? '~', '.archon', '.env'); if (existsSync(globalEnvPath)) { const result = config({ path: globalEnvPath, override: true }); diff --git a/packages/cli/src/commands/version.ts b/packages/cli/src/commands/version.ts index 589a4bcd93..4855ba320c 100644 --- a/packages/cli/src/commands/version.ts +++ b/packages/cli/src/commands/version.ts @@ -30,7 +30,8 @@ interface PackageJson { * Get version for development mode (reads package.json) */ async function getDevVersion(): Promise<{ name: string; version: string }> { - const pkgPath = join(SCRIPT_DIR, '../../package.json'); + // Read root package.json (monorepo version), not the CLI package's own + const pkgPath = join(SCRIPT_DIR, '../../../../package.json'); let content: string; try { diff --git a/packages/core/package.json b/packages/core/package.json index 94205ee871..ad0d6418ae 100644 --- a/packages/core/package.json +++ b/packages/core/package.json @@ -1,6 +1,6 @@ { "name": "@archon/core", - "version": "0.2.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "types": "./src/index.ts", diff --git a/packages/docs-web/astro.config.mjs b/packages/docs-web/astro.config.mjs index 33bf174dab..cabfa83fd9 100644 --- a/packages/docs-web/astro.config.mjs +++ b/packages/docs-web/astro.config.mjs @@ -7,7 +7,17 @@ export default defineConfig({ starlight({ title: 'Archon', favicon: '/favicon.png', + logo: { + src: './src/assets/logo.png', + alt: 'Archon', + }, description: 'AI workflow engine — package your coding workflows as YAML, run them anywhere.', + head: [ + { + tag: 'script', + content: `if(!localStorage.getItem('starlight-theme')){localStorage.setItem('starlight-theme','dark');document.documentElement.dataset.theme='dark';}`, + }, + ], social: [{ icon: 'github', label: 'GitHub', href: 'https://github.com/coleam00/Archon' }], editLink: { baseUrl: 'https://github.com/coleam00/Archon/edit/main/packages/docs-web/', diff --git a/packages/docs-web/package.json b/packages/docs-web/package.json index 0d04c48237..9c23df8723 100644 --- a/packages/docs-web/package.json +++ b/packages/docs-web/package.json @@ -1,6 +1,6 @@ { "name": "@archon/docs-web", - "version": "0.2.12", + "version": "0.3.4", "private": true, "scripts": { "dev": "astro dev", diff --git a/packages/docs-web/src/content/docs/contributing/cli-internals.md b/packages/docs-web/src/content/docs/contributing/cli-internals.md index b644eb2246..2adaa99fa2 100644 --- a/packages/docs-web/src/content/docs/contributing/cli-internals.md +++ b/packages/docs-web/src/content/docs/contributing/cli-internals.md @@ -38,8 +38,8 @@ packages/cli/ │ ▼ ┌─────────────────────────────────────────────────────────────────┐ -│ cli.ts:15-31 Load environment │ -│ Suppresses cwd .env → loads ~/.archon/.env only │ +│ cli.ts Load environment │ +│ Loads ~/.archon/.env with override: true │ └─────────────────────────────────┬───────────────────────────────┘ │ ▼ diff --git a/packages/docs-web/src/content/docs/index.md b/packages/docs-web/src/content/docs/index.mdx similarity index 59% rename from packages/docs-web/src/content/docs/index.md rename to packages/docs-web/src/content/docs/index.mdx index 1afa35c68a..2e24bb19dd 100644 --- a/packages/docs-web/src/content/docs/index.md +++ b/packages/docs-web/src/content/docs/index.mdx @@ -4,6 +4,9 @@ description: AI workflow engine — package your coding workflows as YAML, run t template: splash hero: title: Archon + image: + file: ../../assets/logo.png + alt: Archon Logo tagline: Package your AI coding workflows as YAML. Run them anywhere — CLI, Web, Slack, Telegram, GitHub, Discord. actions: - text: Get Started @@ -16,6 +19,8 @@ hero: variant: minimal --- +import { Card, CardGrid } from '@astrojs/starlight/components'; + ## Install in seconds :::code-group @@ -42,8 +47,20 @@ docker run --rm -v "$PWD:/workspace" ghcr.io/coleam00/archon:latest workflow lis Archon is a **workflow engine for AI coding agents**. Define multi-step development workflows in YAML — code review, bug fixes, feature implementation, testing — and run them with a single command. -- **Repeatable**: Package your best AI coding patterns as shareable YAML workflows -- **Isolated**: Each workflow runs in its own git worktree — no conflicts, no mess -- **Portable**: Run from CLI, Web UI, Slack, Telegram, GitHub, or Discord -- **Composable**: Chain workflow nodes into DAGs with dependencies, loops, and conditional logic -- **Multi-provider**: Works with Claude Code SDK and Codex SDK + + + Package your best AI coding patterns as shareable YAML workflows + + + Each workflow runs in its own git worktree — no conflicts, no mess + + + Run from CLI, Web UI, Slack, Telegram, GitHub, or Discord + + + Chain nodes into DAGs with dependencies, loops, and conditional logic + + + Works with Claude Code SDK and Codex SDK + + diff --git a/packages/docs-web/src/content/docs/reference/cli.md b/packages/docs-web/src/content/docs/reference/cli.md index d51244380a..f2821a1b8b 100644 --- a/packages/docs-web/src/content/docs/reference/cli.md +++ b/packages/docs-web/src/content/docs/reference/cli.md @@ -362,12 +362,11 @@ When using `--branch`, workflows run inside the worktree directory. ## Environment -The CLI loads environment variables exclusively from `~/.archon/.env`. It does **not** load `.env` from the current working directory. This prevents conflicts when running Archon from target projects that have their own database configurations. +The CLI loads `~/.archon/.env` with `override: true`, so Archon's own config always wins over any env vars Bun auto-loads from the current working directory. Target repo env vars remain in `process.env` but cannot reach AI subprocesses — `SUBPROCESS_ENV_ALLOWLIST` blocks all non-whitelisted keys. On startup, the CLI: -1. Deletes any `DATABASE_URL` that Bun may have auto-loaded from the target repo's `.env` -2. Loads `~/.archon/.env` with `override: true` -3. Auto-enables global Claude auth if no explicit tokens are set +1. Loads `~/.archon/.env` with `override: true` (Archon's config wins over CWD vars) +2. Auto-enables global Claude auth if no explicit tokens are set ## Database diff --git a/packages/docs-web/src/content/docs/reference/configuration.md b/packages/docs-web/src/content/docs/reference/configuration.md index e636957b23..a1024c530c 100644 --- a/packages/docs-web/src/content/docs/reference/configuration.md +++ b/packages/docs-web/src/content/docs/reference/configuration.md @@ -296,21 +296,19 @@ Infrastructure configuration (database URL, platform tokens) is stored in `.env` | Component | Location | Purpose | |-----------|----------|---------| -| **CLI** | `~/.archon/.env` | Global infrastructure config (only source loaded) | -| **Server** | `/.env` | Platform tokens, database | +| **CLI** | `~/.archon/.env` | Global infrastructure config (only source, loaded with `override: true`) | +| **Server (dev)** | `/.env` + `~/.archon/.env` | Repo `.env` for platform tokens; `~/.archon/.env` overrides with `override: true` | +| **Server (binary)** | `~/.archon/.env` | Single source of truth (repo `.env` path is not available in compiled binaries) | -**Important**: The CLI loads `.env` **only** from `~/.archon/.env`. On startup, it explicitly deletes any `DATABASE_URL` that Bun may have auto-loaded from the current working directory's `.env`, then loads `~/.archon/.env` with `override: true`. This prevents conflicts when running Archon from target projects that have their own database configurations. +**How it works**: Both the CLI and server load `~/.archon/.env` with `override: true`, so Archon's own config always wins over any env vars Bun auto-loads from the current working directory. Target repo env vars remain in `process.env` but cannot reach AI subprocesses — `SUBPROCESS_ENV_ALLOWLIST` blocks all non-whitelisted keys. -**Best practice**: Use `~/.archon/.env` as the single source of truth. If running the server, symlink or copy to the archon repo: +**Best practice**: Use `~/.archon/.env` as the single source of truth: ```bash # Create global config mkdir -p ~/.archon cp .env.example ~/.archon/.env # Edit with your values - -# For server, symlink to repo -ln -s ~/.archon/.env .env ``` ## Docker Configuration diff --git a/packages/docs-web/src/content/docs/reference/security.md b/packages/docs-web/src/content/docs/reference/security.md index 14195a7374..26e26d169a 100644 --- a/packages/docs-web/src/content/docs/reference/security.md +++ b/packages/docs-web/src/content/docs/reference/security.md @@ -118,13 +118,14 @@ The GitHub and Gitea adapters verify webhook signatures to ensure payloads origi - The `.env.example` file in the repository contains placeholder values -- copy it and fill in real values. - Never commit `.env` files to git. The repository's `.gitignore` excludes them. -**CWD `.env` isolation:** -- When running inside a target repository, Bun auto-loads that repo's `.env` before any Archon code runs. Both the CLI and server strip every key parsed from the CWD `.env` at startup, then load only `~/.archon/.env` (which always wins via `override: true`). This prevents target-repo secrets (e.g. `ANTHROPIC_API_KEY`, `DATABASE_URL`, `OPENAI_API_KEY`) from bleeding into Archon or its subprocesses. -- Claude Code subprocesses receive only an explicit allowlist of env vars (system essentials, Claude auth, Archon runtime config, git identity, GitHub tokens). Per-codebase env vars configured via `codebase_env_vars` or `.archon/config.yaml` `env:` are merged on top of this filtered base. +**Subprocess env isolation:** +- Bun auto-loads `.env` from CWD before any Archon code runs. These vars remain in the server/CLI's `process.env` but **cannot reach AI subprocesses** — Claude Code subprocesses receive only an explicit allowlist of env vars (`SUBPROCESS_ENV_ALLOWLIST`: system essentials, Claude auth, Archon runtime config, git identity, GitHub tokens). Keys like `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`, and `DATABASE_URL` are not on the allowlist and are blocked. +- `~/.archon/.env` is loaded with `override: true`, so Archon's own config always wins over any Bun-auto-loaded CWD vars for overlapping keys. +- Per-codebase env vars configured via `codebase_env_vars` or `.archon/config.yaml` `env:` are merged on top of this filtered base at workflow execution time. ### Env-leak gate (target repo `.env` keys) -Archon scrubs its own environment, but **Bun auto-loads `.env` from the subprocess working directory** before any user code runs. That means a Claude or Codex subprocess started with `cwd=/path/to/target/repo` will re-inject any sensitive keys present in that repo's auto-loaded `.env` files — bypassing the allowlist above and silently billing the wrong API account. +Beyond the subprocess allowlist, Archon also scans target repos for sensitive keys **before spawning**. A Claude or Codex subprocess started with `cwd=/path/to/target/repo` inherits its own Bun auto-loaded `.env` — the env-leak gate catches this by scanning the target repo's `.env` files at registration and pre-spawn time. **What Archon scans:** auto-loaded filenames `.env`, `.env.local`, `.env.development`, `.env.production`, `.env.development.local`, `.env.production.local`. diff --git a/packages/docs-web/src/styles/custom.css b/packages/docs-web/src/styles/custom.css index 9a6c5b52cf..77f4be6413 100644 --- a/packages/docs-web/src/styles/custom.css +++ b/packages/docs-web/src/styles/custom.css @@ -5,3 +5,22 @@ --sl-font: 'Inter', -apple-system, BlinkMacSystemFont, sans-serif; --sl-font-mono: 'JetBrains Mono', ui-monospace, monospace; } + +[data-theme='dark'] { + --sl-color-bg: #0f1219; + --sl-color-bg-sidebar: #131825; + --sl-color-bg-nav: #0f1219; + --sl-color-hairline-light: #1e293b; +} + +/* !important needed: Starlight sets .hero padding/gap via inline styles */ +.hero { + padding-block: 2rem !important; + gap: 1rem !important; +} + +/* .sidebar-content is an internal Starlight class (not a public API) — re-test after Starlight upgrades */ +[data-theme='dark'] .sidebar-content a[aria-current='page'] { + background: linear-gradient(135deg, rgba(168, 85, 247, 0.15), rgba(59, 130, 246, 0.15)); + border-left-color: #a855f7; +} diff --git a/packages/git/package.json b/packages/git/package.json index 025de4d28e..4cf7f77bd7 100644 --- a/packages/git/package.json +++ b/packages/git/package.json @@ -1,6 +1,6 @@ { "name": "@archon/git", - "version": "0.1.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "types": "./src/index.ts", diff --git a/packages/isolation/package.json b/packages/isolation/package.json index 8da089dc64..a00ede1e19 100644 --- a/packages/isolation/package.json +++ b/packages/isolation/package.json @@ -1,6 +1,6 @@ { "name": "@archon/isolation", - "version": "0.1.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "types": "./src/index.ts", diff --git a/packages/paths/package.json b/packages/paths/package.json index fe958ad7f4..b2e13cad6a 100644 --- a/packages/paths/package.json +++ b/packages/paths/package.json @@ -1,6 +1,6 @@ { "name": "@archon/paths", - "version": "0.2.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "types": "./src/index.ts", diff --git a/packages/server/package.json b/packages/server/package.json index 7a7cc9dcbc..b0d59f6e11 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,6 +1,6 @@ { "name": "@archon/server", - "version": "0.2.0", + "version": "0.3.4", "type": "module", "main": "./src/index.ts", "scripts": { diff --git a/packages/server/src/index.ts b/packages/server/src/index.ts index 04633bc8ad..e2551e1049 100644 --- a/packages/server/src/index.ts +++ b/packages/server/src/index.ts @@ -3,52 +3,51 @@ * Multi-platform AI coding assistant (Telegram, Discord, Slack, GitHub, Gitea) */ -// Load environment variables FIRST — resolve to monorepo root .env -// Uses dotenv with explicit path so it works from any CWD (worktrees, packages/server/, etc.) +// Load environment variables FIRST — before any application imports. +// +// Credential safety: target repo `.env` keys (like CLAUDE_API_KEY) that Bun +// auto-loads from CWD cannot leak into AI subprocesses because +// SUBPROCESS_ENV_ALLOWLIST blocks them. The env-leak gate provides a second +// layer by scanning target repos before spawning. No CWD stripping needed. import { config } from 'dotenv'; import { resolve } from 'path'; import { existsSync } from 'fs'; - -// Strip all vars that Bun may have auto-loaded from CWD's .env. -// When the server is started from inside a target repo, Bun auto-loads that -// repo's .env (containing e.g. ANTHROPIC_API_KEY for the target app) before -// any user code runs. Strip those vars now so they don't bleed into server env -// or subprocess spawns. -const cwdEnvPath = resolve(process.cwd(), '.env'); -if (existsSync(cwdEnvPath)) { - const cwdEnvResult = config({ path: cwdEnvPath, processEnv: {} }); - // If parse fails, cwdEnvResult.parsed is undefined — safe to skip: - // Bun uses the same RFC-style parser, so a file dotenv cannot parse - // was also unparseable by Bun and contributed no keys to process.env. - if (cwdEnvResult.parsed) { - for (const key of Object.keys(cwdEnvResult.parsed)) { - Reflect.deleteProperty(process.env, key); - } +import { BUNDLED_IS_BINARY } from '@archon/paths'; + +// In dev/source mode, load the repo root .env (platform tokens, API keys, etc.) +// import.meta.dir is frozen at build time, so skip in compiled binaries. +const envPath = BUNDLED_IS_BINARY ? undefined : resolve(import.meta.dir, '..', '..', '..', '.env'); + +if (envPath) { + const dotenvResult = config({ path: envPath }); + if (dotenvResult.error) { + // Use console.error since logger depends on env vars (LOG_LEVEL) + console.error(`Failed to load .env from ${envPath}: ${dotenvResult.error.message}`); + console.error('Hint: Copy .env.example to .env and configure your credentials.'); } } -// Resolve from this file's location: packages/server/src/ → ../../.. → repo root -const envPath = resolve(import.meta.dir, '..', '..', '..', '.env'); -const dotenvResult = config({ path: envPath }); - -if (dotenvResult.error) { - // Use console.error since logger depends on env vars (LOG_LEVEL) - console.error(`Failed to load .env from ${envPath}: ${dotenvResult.error.message}`); - console.error('Hint: Copy .env.example to .env and configure your credentials.'); -} - -// Load ~/.archon/.env for infrastructure config (DATABASE_URL). -// The CLI loads this file with override: true, so both CLI and server -// resolve DATABASE_URL from the same source. We only override DATABASE_URL -// (not PORT, LOG_LEVEL, etc.) to avoid stomping on server-specific config. +// Load ~/.archon/.env with override — Archon's config always wins over any +// Bun-auto-loaded CWD vars. In binary mode this is the single source of truth. +// In dev mode it overrides CWD vars for keys like DATABASE_URL. const globalEnvPath = resolve(process.env.HOME ?? '~', '.archon', '.env'); if (existsSync(globalEnvPath)) { - const globalResult = config({ path: globalEnvPath, processEnv: {} }); - if (globalResult.parsed?.DATABASE_URL) { - process.env.DATABASE_URL = globalResult.parsed.DATABASE_URL; + const globalResult = config({ path: globalEnvPath, override: true }); + if (globalResult.error) { + console.error(`Failed to load .env from ${globalEnvPath}: ${globalResult.error.message}`); + console.error('Hint: Check for syntax errors in your ~/.archon/.env file.'); } } +// Smart default: use Claude Code's built-in OAuth if no explicit credentials +if ( + !process.env.CLAUDE_API_KEY && + !process.env.CLAUDE_CODE_OAUTH_TOKEN && + process.env.CLAUDE_USE_GLOBAL_AUTH === undefined +) { + process.env.CLAUDE_USE_GLOBAL_AUTH = 'true'; +} + import { OpenAPIHono } from '@hono/zod-openapi'; import { validationErrorHook } from './routes/openapi-defaults'; import { TelegramAdapter, GitHubAdapter, DiscordAdapter, SlackAdapter } from '@archon/adapters'; @@ -167,7 +166,7 @@ export async function startServer(opts: ServerOptions = {}): Promise { 'Or set CODEX_ID_TOKEN + CODEX_ACCESS_TOKEN in .env', 'See .env.example for all options', ], - envFile: envPath, + envFile: BUNDLED_IS_BINARY ? globalEnvPath : envPath, }, 'no_ai_credentials' ); diff --git a/packages/web/package.json b/packages/web/package.json index 7310bc54cb..172c7792f6 100644 --- a/packages/web/package.json +++ b/packages/web/package.json @@ -1,6 +1,6 @@ { "name": "@archon/web", - "version": "0.2.0", + "version": "0.3.4", "private": true, "type": "module", "scripts": { diff --git a/packages/workflows/package.json b/packages/workflows/package.json index bc0dac7720..13f7081efc 100644 --- a/packages/workflows/package.json +++ b/packages/workflows/package.json @@ -1,6 +1,6 @@ { "name": "@archon/workflows", - "version": "0.1.0", + "version": "0.3.4", "type": "module", "exports": { "./schemas/*": "./src/schemas/*.ts", diff --git a/scripts/sync-versions.sh b/scripts/sync-versions.sh new file mode 100755 index 0000000000..c91c7b863e --- /dev/null +++ b/scripts/sync-versions.sh @@ -0,0 +1,27 @@ +#!/usr/bin/env bash +# Sync all workspace package versions to match the root package.json version. +# Called by the release skill after bumping the root version. +# +# Usage: bash scripts/sync-versions.sh + +set -euo pipefail + +ROOT_VERSION=$(node -e "console.log(require('./package.json').version)") + +echo "Syncing workspace packages to v${ROOT_VERSION}..." + +for pkg in packages/*/package.json; do + current=$(node -e "console.log(require('./${pkg}').version)") + if [ "$current" != "$ROOT_VERSION" ]; then + # Use node for cross-platform JSON editing (no sed portability issues) + node -e " + const fs = require('fs'); + const pkg = JSON.parse(fs.readFileSync('${pkg}', 'utf8')); + pkg.version = '${ROOT_VERSION}'; + fs.writeFileSync('${pkg}', JSON.stringify(pkg, null, 2) + '\n'); + " + echo " ${pkg}: ${current} → ${ROOT_VERSION}" + fi +done + +echo "Done."