Add request logging, simplify queue output, bump to v1.0.0

Each request logs timestamp, method, path and user. Queue entries log
a single line on enqueue and on resolve. Drop the verbose approve/deny
curl instructions from queue output.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

.npmignore

@@ -0,0 +1,2 @@
+secrets.json
+filtered-secrets.json

README.md

@@ -21,10 +21,17 @@ A supervised action bridge between Claude Code and the host system. Claude reque
 
 ---
 
-## Setup
+## Install
 
 ```bash
+# Global install from Gitea
+npm install -g git+https://gitea.efforting.tech/mikael-lovqvists-claude-agent/claude-code-conduit.git
+
+# Or clone and link locally
+git clone git@git.efforting.tech:mikael-lovqvists-claude-agent/claude-code-conduit.git
+cd claude-code-conduit
 npm install
+npm link
 ```
 
 ### Generate secrets
@@ -52,24 +59,26 @@ The full `secrets.json` stays on the host. `agent-secrets.json` goes into the co
 ccc-server --secrets secrets.json
 ```
 
-Environment variables:
+Server environment variables:
 | Variable | Default | Description |
 |----------|---------|-------------|
 | `CONDUIT_PORT` | `3015` | Port to listen on |
+| `CONDUIT_BIND` | `127.0.0.1` | Address to bind to |
 | `CONDUIT_ROOT` | `/workspace` | Workspace root for path resolution |
 
 ### Client (container / agent)
 
 ```bash
-ccc-client --secrets agent-secrets.json --user agent '{"action": "list-actions"}'
+ccc-client --secrets agent-secrets.json --user agent --url http://192.168.2.99:3015 '{"action": "list-actions"}'
 ccc-client --secrets agent-secrets.json --user agent '{"action": "edit-file", "filename": "/workspace/foo.mjs"}'
 ```
 
-`--secrets` and `--user` can also be set via environment variables:
+`--secrets`, `--user`, and `--url` can also be set via environment variables:
 
 ```bash
 export CCC_SECRETS=/path/to/agent-secrets.json
 export CCC_USER=agent
+export CONDUIT_URL=http://192.168.2.99:3015
 ccc-client '{"action": "list-actions"}'
 ```
 
@@ -82,7 +91,7 @@ ccc-client '{"action": "edit-file",' '"filename": "/workspace/foo.mjs"}'
 ### Queue manager (host)
 
 ```bash
-ccc-queue --secrets secrets.json --user user
+ccc-queue --secrets secrets.json --user user --url http://192.168.2.99:3015
 ```
 
 Opens an interactive TUI showing pending actions:
@@ -101,7 +110,12 @@ Opens an interactive TUI showing pending actions:
   [y] approve  [n] deny  [r] refresh  [q] quit
 ```
 
-Supports `CCC_SECRETS` and `CCC_USER` env vars the same as the client.
+Client environment variables:
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `CCC_SECRETS` | — | Path to secrets file |
+| `CCC_USER` | — | Username to authenticate as |
+| `CONDUIT_URL` | `http://localhost:3015` | Server URL |
 
 ---
 

bin/ccc-queue.mjs

@@ -1,11 +1,12 @@
 #!/usr/bin/env node
 import blessed from 'blessed';
 import { load_client_config } from '../client/config.mjs';
-import { get_queue, resolve_queue_item } from '../client/index.mjs';
+import { create_conduit_client } from '../client/conduit.mjs';
 
 const POLL_INTERVAL = 2000;
 
-const { username, secret } = load_client_config(process.argv);
+const { username, secret, url } = load_client_config(process.argv);
+const client = create_conduit_client(username, secret, url);
 
 const screen = blessed.screen({
 	smartCSR: true,
@@ -25,6 +26,7 @@ const list_box = blessed.list({
 	keys: true,
 	vi: true,
 	mouse: true,
+	tags: true,
 	style: {
 		selected: { bg: 'blue', fg: 'white', bold: true },
 		border: { fg: 'cyan' },
@@ -118,7 +120,7 @@ function render_list() {
 
 async function refresh() {
 	try {
-		items = await get_queue(username, secret);
+		items = await client.get_queue();
 		render_list();
 		set_status(`Last refresh: ${new Date().toLocaleTimeString()}`);
 	} catch (err) {
@@ -135,7 +137,7 @@ async function decide(decision) {
 	}
 	set_status(`Sending ${decision} for ${item.id.slice(0, 8)}…`);
 	try {
-		await resolve_queue_item(item.id, decision, username, secret);
+		await client.resolve_queue_item(item.id, decision);
 		await refresh();
 	} catch (err) {
 		set_status(`Failed: ${err.message}`, true);

client/conduit.mjs

@@ -3,16 +3,16 @@
 
 import { sign_request } from "./auth.mjs";
 
-const BASE_URL = process.env.CONDUIT_URL || "http://localhost:3015";
+const DEFAULT_URL = 'http://localhost:3015';
 
-export function create_conduit_client(username, secret) {
+export function create_conduit_client(username, secret, base_url = process.env.CONDUIT_URL || DEFAULT_URL) {
 	function auth_headers(body_string) {
 		return sign_request(secret, username, body_string);
 	}
 
 	async function call_action(action, params = {}) {
 		const body_string = JSON.stringify({ action, ...params });
-		const res = await fetch(`${BASE_URL}/action`, {
+		const res = await fetch(`${base_url}/action`, {
 			method: "POST",
 			headers: { "Content-Type": "application/json", ...auth_headers(body_string) },
 			body: body_string,
@@ -25,11 +25,19 @@ export function create_conduit_client(username, secret) {
 	}
 
 	async function get_queue() {
-		const res = await fetch(`${BASE_URL}/queue`, {
-			headers: auth_headers(""),
+		const res = await fetch(`${base_url}/queue`, {
+			headers: auth_headers(''),
 		});
 		return res.json();
 	}
 
-	return { call_action, list_actions, get_queue };
+	async function resolve_queue_item(id, decision) {
+		const res = await fetch(`${base_url}/queue/${id}/${decision}`, {
+			method: 'POST',
+			headers: auth_headers(''),
+		});
+		return res.json();
+	}
+
+	return { call_action, list_actions, get_queue, resolve_queue_item };
 }

client/config.mjs

@@ -1,12 +1,15 @@
 // Resolve client config from CLI args or environment variables.
-// Precedence: CLI args > env vars > error
+// Precedence: CLI args > env vars > defaults
 //
 // Env vars:
-//   CCC_SECRETS  path to secrets file
-//   CCC_USER     username to authenticate as
+//   CCC_SECRETS   path to secrets file
+//   CCC_USER      username to authenticate as
+//   CONDUIT_URL   server URL
 
 import { readFileSync } from 'fs';
 
+const DEFAULT_URL = 'http://localhost:3015';
+
 function get_arg(argv, flag) {
 	const i = argv.indexOf(flag);
 	return i !== -1 ? argv[i + 1] : null;
@@ -15,6 +18,7 @@ function get_arg(argv, flag) {
 export function load_client_config(argv) {
 	const secrets_path = get_arg(argv, '--secrets') || process.env.CCC_SECRETS;
 	const username     = get_arg(argv, '--user')    || process.env.CCC_USER;
+	const url          = get_arg(argv, '--url')     || process.env.CONDUIT_URL || DEFAULT_URL;
 
 	if (!secrets_path) {
 		console.error('Secrets file required: --secrets <path> or CCC_SECRETS=<path>');
@@ -39,14 +43,14 @@ export function load_client_config(argv) {
 		process.exit(1);
 	}
 
-	return { username, secret: user_entry.secret };
+	return { username, secret: user_entry.secret, url };
 }
 
 export function get_remaining(argv) {
 	const result = [];
 	let i = 2;
 	while (i < argv.length) {
-		if (argv[i] === '--secrets' || argv[i] === '--user') {
+		if (argv[i] === '--secrets' || argv[i] === '--user' || argv[i] === '--url') {
 			i += 2;
 		} else {
 			result.push(argv[i]);

client/index.mjs

@@ -7,11 +7,9 @@
 import { sign_request } from './auth.mjs';
 import { load_client_config, get_remaining } from './config.mjs';
 
-const BASE_URL = process.env.CONDUIT_URL || 'http://localhost:3015';
-
-export async function call_action(payload, username, secret) {
+async function call_action(payload, username, secret, url) {
 	const body_string = JSON.stringify(payload);
-	const res = await fetch(`${BASE_URL}/action`, {
+	const res = await fetch(`${url}/action`, {
 		method: 'POST',
 		headers: { 'Content-Type': 'application/json', ...sign_request(secret, username, body_string) },
 		body: body_string,
@@ -20,23 +18,8 @@ export async function call_action(payload, username, secret) {
 	return { status: res.status, body };
 }
 
-export async function get_queue(username, secret) {
-	const res = await fetch(`${BASE_URL}/queue`, {
-		headers: sign_request(secret, username, ''),
-	});
-	return res.json();
-}
-
-export async function resolve_queue_item(id, decision, username, secret) {
-	const res = await fetch(`${BASE_URL}/queue/${id}/${decision}`, {
-		method: 'POST',
-		headers: sign_request(secret, username, ''),
-	});
-	return res.json();
-}
-
 async function main() {
-	const { username, secret } = load_client_config(process.argv);
+	const { username, secret, url } = load_client_config(process.argv);
 	const remaining = get_remaining(process.argv);
 
 	if (!remaining.length) {
@@ -52,7 +35,7 @@ async function main() {
 		process.exit(1);
 	}
 
-	const { status, body } = await call_action(payload, username, secret);
+	const { status, body } = await call_action(payload, username, secret, url);
 	console.log(JSON.stringify(body, null, 2));
 	process.exit(status >= 400 ? 1 : 0);
 }

package.json

@@ -1,6 +1,6 @@
 {
   "name": "claude-code-conduit",
-  "version": "0.1.0",
+  "version": "1.0.0",
   "description": "A supervised action bridge between Claude Code and the host system",
   "type": "module",
   "scripts": {

server/index.mjs

@@ -1,17 +1,22 @@
-import express from "express";
-import { actions } from "./actions.mjs";
-import { enqueue, get_entry, list_pending, resolve } from "./queue.mjs";
-import { load_secrets } from "./secrets.mjs";
-import { create_auth_middleware, check_can_approve } from "./auth.mjs";
-
-const PORT = process.env.CONDUIT_PORT || 3015;
+import express from 'express';
+import { actions } from './actions.mjs';
+import { enqueue, get_entry, list_pending, resolve } from './queue.mjs';
+import { load_secrets } from './secrets.mjs';
+import { create_auth_middleware, check_can_approve } from './auth.mjs';
 
 function get_arg(argv, flag) {
 	const i = argv.indexOf(flag);
 	return i !== -1 ? argv[i + 1] : null;
 }
 
-const secrets_path = get_arg(process.argv, "--secrets");
+function ts() {
+	return new Date().toLocaleTimeString();
+}
+
+const PORT = process.env.CONDUIT_PORT || 3015;
+const BIND = get_arg(process.argv, '--bind') || process.env.CONDUIT_BIND || '127.0.0.1';
+
+const secrets_path = get_arg(process.argv, '--secrets');
 let secrets;
 try {
 	secrets = load_secrets(secrets_path);
@@ -24,11 +29,16 @@ const { users } = secrets;
 const app = express();
 app.use(express.json({
 	verify: (req, _res, buf) => {
-		req.raw_body = buf.toString("utf8");
+		req.raw_body = buf.toString('utf8');
 	},
 }));
 app.use(create_auth_middleware(users));
 
+app.use((req, _res, next) => {
+	console.log(`[${ts()}] ${req.method} ${req.path} — ${req.conduit_user}`);
+	next();
+});
+
 function validate_params(action_def, params) {
 	const errors = [];
 	for (const p of action_def.params) {
@@ -40,7 +50,7 @@ function validate_params(action_def, params) {
 }
 
 // POST /action  — main entry point
-app.post("/action", async (req, res) => {
+app.post('/action', async (req, res) => {
 	const { action, ...params } = req.body ?? {};
 
 	if (!action) {
@@ -54,75 +64,77 @@ app.post("/action", async (req, res) => {
 
 	const errors = validate_params(def, params);
 	if (errors.length) {
-		return res.status(400).json({ error: "Invalid params", details: errors });
+		return res.status(400).json({ error: 'Invalid params', details: errors });
 	}
 
-	if (def.policy === "auto-deny") {
-		return res.status(403).json({ status: "denied", reason: "Policy: auto-deny" });
+	if (def.policy === 'auto-deny') {
+		return res.status(403).json({ status: 'denied', reason: 'Policy: auto-deny' });
 	}
 
-	if (def.policy === "auto-accept") {
+	if (def.policy === 'auto-accept') {
 		try {
 			const result = await def.handler(params);
-			return res.json({ status: "accepted", result });
+			return res.json({ status: 'accepted', result });
 		} catch (err) {
-			return res.status(500).json({ status: "error", error: err.message });
+			return res.status(500).json({ status: 'error', error: err.message });
 		}
 	}
 
-	if (def.policy === "queue") {
+	if (def.policy === 'queue') {
 		const id = enqueue(action, params, req.conduit_user);
-		return res.status(202).json({ status: "queued", id });
+		return res.status(202).json({ status: 'queued', id });
 	}
 });
 
 // GET /queue — list pending items
-app.get("/queue", (req, res) => {
+app.get('/queue', (req, res) => {
 	res.json(list_pending());
 });
 
 // POST /queue/:id/approve — user approves a queued action
-app.post("/queue/:id/approve", async (req, res) => {
+app.post('/queue/:id/approve', async (req, res) => {
 	const entry = get_entry(req.params.id);
 	if (!entry) {
-		return res.status(404).json({ error: "Not found" });
+		return res.status(404).json({ error: 'Not found' });
 	}
-	if (entry.status !== "pending") {
-		return res.status(409).json({ error: "Already resolved" });
+	if (entry.status !== 'pending') {
+		return res.status(409).json({ error: 'Already resolved' });
 	}
 	if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
-		return res.status(403).json({ error: "Not authorized to approve this entry" });
+		return res.status(403).json({ error: 'Not authorized to approve this entry' });
 	}
 
-	resolve(req.params.id, "approved");
+	entry.resolved_by = req.conduit_user;
+	resolve(req.params.id, 'approved');
 
 	const def = actions[entry.action];
 	try {
 		const result = await def.handler(entry.params);
-		res.json({ status: "approved", result });
+		res.json({ status: 'approved', result });
 	} catch (err) {
-		res.status(500).json({ status: "error", error: err.message });
+		res.status(500).json({ status: 'error', error: err.message });
 	}
 });
 
 // POST /queue/:id/deny — user denies a queued action
-app.post("/queue/:id/deny", (req, res) => {
+app.post('/queue/:id/deny', (req, res) => {
 	const entry = get_entry(req.params.id);
 	if (!entry) {
-		return res.status(404).json({ error: "Not found" });
+		return res.status(404).json({ error: 'Not found' });
 	}
-	if (entry.status !== "pending") {
-		return res.status(409).json({ error: "Already resolved" });
+	if (entry.status !== 'pending') {
+		return res.status(409).json({ error: 'Already resolved' });
 	}
 	if (!check_can_approve(users, req.conduit_user, entry.submitted_by)) {
-		return res.status(403).json({ error: "Not authorized to deny this entry" });
+		return res.status(403).json({ error: 'Not authorized to deny this entry' });
 	}
 
-	resolve(req.params.id, "denied");
-	res.json({ status: "denied" });
+	entry.resolved_by = req.conduit_user;
+	resolve(req.params.id, 'denied');
+	res.json({ status: 'denied' });
 });
 
-app.listen(PORT, () => {
-	console.log(`claude-code-conduit server running on port ${PORT}`);
-	console.log(`Workspace root: ${process.env.CONDUIT_ROOT || "/workspace"}`);
+app.listen(PORT, BIND, () => {
+	console.log(`claude-code-conduit server running on ${BIND}:${PORT}`);
+	console.log(`Workspace root: ${process.env.CONDUIT_ROOT || '/workspace'}`);
 });

server/queue.mjs

@@ -1,7 +1,11 @@
-import { randomUUID } from "crypto";
+import { randomUUID } from 'crypto';
 
 const pending = new Map();
 
+function ts() {
+	return new Date().toLocaleTimeString();
+}
+
 export function enqueue(action, params, submitted_by) {
 	const id = randomUUID();
 	const entry = {
@@ -9,16 +13,11 @@ export function enqueue(action, params, submitted_by) {
 		action,
 		params,
 		submitted_by,
-		status: "pending",
+		status: 'pending',
 		created_at: new Date().toISOString(),
 	};
 	pending.set(id, entry);
-	console.log(`\n[QUEUE] New request #${id.slice(0, 8)}`);
-	console.log(`  Action:       ${action}`);
-	console.log(`  Params:       ${JSON.stringify(params)}`);
-	console.log(`  Submitted by: ${submitted_by}`);
-	console.log(`  Approve: POST /queue/${id}/approve`);
-	console.log(`  Deny:    POST /queue/${id}/deny\n`);
+	console.log(`[${ts()}] [QUEUE] ${submitted_by} requested '${action}' (${id.slice(0, 8)}) — params: ${JSON.stringify(params)}`);
 	return id;
 }
 
@@ -27,7 +26,7 @@ export function get_entry(id) {
 }
 
 export function list_pending() {
-	return [...pending.values()].filter((e) => e.status === "pending");
+	return [...pending.values()].filter((e) => e.status === 'pending');
 }
 
 export function resolve(id, decision) {
@@ -35,7 +34,8 @@ export function resolve(id, decision) {
 	if (!entry) {
 		return null;
 	}
-	entry.status = decision; // "approved" | "denied"
+	entry.status = decision; // 'approved' | 'denied'
 	entry.resolved_at = new Date().toISOString();
+	console.log(`[${ts()}] [QUEUE] ${id.slice(0, 8)} ${decision} by ${entry.resolved_by ?? 'unknown'}`);
 	return entry;
 }