npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@lifeaitools/clauth

v1.5.81

Published

Hardware-bound credential vault for the LIFEAI infrastructure stack

Downloads

5,353

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

lifeaiuserlifeaiuser

Keywords

lifeaicredentialsvaultcliprt

Readme

@lifeaitools/clauth

Hardware-bound credential vault for the LIFEAI stack. Your machine is the second factor. Keys live in Supabase Vault (AES-256). Nothing sensitive ever touches a config file.

Install

npm install -g @lifeaitools/clauth

Then provision your Supabase project:

clauth install

That's it. clauth install handles everything:

  • Creates all database tables
  • Deploys the auth-vault Edge Function
  • Generates HMAC salt + bootstrap token
  • Tests the connection end-to-end
  • Installs the Claude skill

At the end it prints a bootstrap token — save it for the next step.

After Install — Register Your Machine

clauth setup

Prompts for: machine label, password, bootstrap token (from clauth install).

Then verify:

clauth test      # → PASS
clauth status    # → 12 services, all NO KEY

What clauth install asks for

Two things from Supabase:

1. Project ref — the last segment of your Supabase project URL: https://supabase.com/dashboard/project/ your-ref-here

2. Personal Access Token (PAT): https://supabase.com/dashboard/account/tokens → Generate new token

This is not your anon key or service_role key — it is your account-level token.

Writing Your First Key

clauth write key github     # prompts for value
clauth enable github
clauth get github

Command Reference

clauth install              Provision Supabase + install Claude skill
clauth setup                Register this machine with the vault
clauth status               All services + state
clauth test                 Verify connection

clauth write key <service>  Store a credential
clauth write pw             Change password
clauth enable <svc|all>     Activate service
clauth disable <svc|all>    Suspend service
clauth get <service>        Retrieve a key

clauth add service <n>      Register new service
clauth remove service <n>   Remove service
clauth revoke <svc|all>     Delete key (destructive)

Built-in Services

github supabase-anon supabase-service supabase-db vercel namecheap neo4j anthropic r2 r2-bucket cloudflare rocketreach

How It Works

Machine fingerprint (BIOS UUID + OS install ID)
  + Your clauth password
  → HMAC-SHA256 token + 5-min timestamp window
  → Supabase Edge Function validates
  → Returns AES-256 encrypted key from Vault

Nothing stored locally. Password never persisted. Machine hash is one-way only.

Daemon Mode (clauth serve)

clauth runs as an HTTP daemon on http://127.0.0.1:52437. The daemon provides:

  • Web UI — unlock vault, manage services, configure mounts
  • REST APIGET /get/<service>, GET /ping, POST /restart, GET /shutdown
  • MCP server — Model Context Protocol for Claude Code and claude.ai
  • Cloudflare Tunnel — exposes MCP endpoints publicly for claude.ai connectors

Start: clauth serve start (starts locked, auto-opens browser for unlock).

Full daemon operations reference: see regen-root/.claude/rules/clauth.md.

MCP Server — 3 Namespaces, 27 Tools

clauth is the single MCP interface for all local tools. One process, namespaced paths:

| Path | Namespace | Tools | Description | |------|-----------|-------|-------------| | /clauth | clauth_* | 13 | Credential vault operations | | /gws | gws_* | 6 | Google Workspace (Gmail, Calendar, Drive) | | /fs | fs_* | 8 | Filesystem (read, write, grep, glob, delete, mkdir, mounts) | | /mcp | all | 27 | All namespaces combined (Claude Code) |

FS Tools (v1.5.38)

8 filesystem tools with path-jail security:

  • fs_read, fs_write, fs_list, fs_grep, fs_glob, fs_delete, fs_mkdir, fs_mounts
  • Uses node:fs/promises (async), @vscode/ripgrep (shipped binary), fast-glob
  • Permission flags per mount: r (read), w (write), d (delete)
  • Mount config stored as "fileserver" service type in vault — only configurable through web UI

GWS Tools

6 Google Workspace tools: gws_gmail_list, gws_gmail_read, gws_gmail_send, gws_gmail_draft, gws_calendar_list, gws_calendar_create

  • Calls gws CLI via execSync with shell: 'bash' (fixes Windows cmd.exe JSON quoting)

claude.ai Integration

Noauth Mode (v1.5.38)

claude.ai's OAuth proxy has a confirmed bug (anthropics/claude-code#46140, anthropics/claude-ai-mcp#136): it completes the token exchange but never sends the authenticated request.

Workaround: Noauth hosts — fresh domains where OAuth endpoints return 404. claude.ai connects directly (tunnel URL is the shared secret).

OAuth 2.1 (v1.5.36-37)

Full OAuth 2.1 protocol implementation is present for future use when Anthropic fixes the bug:

  • 401 gate with WWW-Authenticate header
  • Dynamic client registration (public client, no secret)
  • Mandatory PKCE S256
  • Cache-Control: no-store

Connector URLs

| Connector | URL | |-----------|-----| | clauth | https://clauth.regendevcorp.com/clauth | | gws | https://clauth.regendevcorp.com/gws | | fs | https://fs.regendevcorp.com/fs |

Dependencies (notable)

  • @vscode/ripgrep — shipped ripgrep binary for fs_grep
  • fast-glob — pattern matching for fs_glob

Testing

node test-tools.mjs    # 25 tool execution tests across all 3 namespaces

Tests actual MCP tool calls (not just OAuth + listing).

Releasing a New Version (maintainers)

# 1. Bump version in package.json
# 2. Commit and tag
git tag v1.5.38
git push && git push --tags
# GitHub Actions publishes automatically via Trusted Publishing

NEVER commit a version bump without tagging — the tag triggers npm CI.

Life before Profits. — LIFEAI / PRT

Support this project