Land Phase 0 launch chain: SSH -> desktop Terminal -> claude -> phone
Phase 0 proven by hand (N=3) across multiple rooms. - scripts/gui-launch.sh: open a desktop Terminal via osascript so claude runs in the GUI session (login Keychain + real TTY), avoiding a long-lived token (D11). - scripts/launch-claude.sh: name the session `claude -n "<repo> - <topic>"` so Remote Control's phone conversation index is readable. - .env.example: bot credential schema (real .env stays gitignored). - AGENTS.md / ROADMAP.md: D11, Phase 0 results, Phase 1 carry-overs.
This commit is contained in:
Keysat
Executable
+47
@@ -0,0 +1,47 @@
|
||||
#!/bin/zsh -l
|
||||
# gui-launch.sh — matrix-bridge GUI launcher (Approach B: "open a real desktop terminal").
|
||||
#
|
||||
# Invoked over SSH by the bot: gui-launch.sh <repo_dir> <prompt...>
|
||||
#
|
||||
# Opens a Terminal.app window on the logged-in desktop that runs launch-claude.sh, so
|
||||
# `claude` runs INSIDE the GUI session: it gets the login Keychain (no long-lived token
|
||||
# needed) and a real TTY. Claude Code Remote Control then surfaces the session to the phone.
|
||||
#
|
||||
# Requires: the Mac logged into its desktop, and a one-time "Allow ssh to control
|
||||
# Terminal" Automation grant (System Settings > Privacy & Security > Automation).
|
||||
#
|
||||
# Layering: gui-launch.sh owns the GUI/session seam; launch-claude.sh owns the
|
||||
# environment seam (cd + exec claude). Keep that split.
|
||||
|
||||
script_dir="${0:A:h}"
|
||||
inner="$script_dir/launch-claude.sh"
|
||||
|
||||
repo_dir="$1"
|
||||
shift
|
||||
prompt="$*"
|
||||
|
||||
if [[ -z "$repo_dir" || -z "$prompt" ]]; then
|
||||
print -u2 "usage: gui-launch.sh <repo_dir> <prompt>"
|
||||
exit 2
|
||||
fi
|
||||
# Fail loud on a bad directory — never open a session in the wrong place (guardrail).
|
||||
if [[ ! -d "$repo_dir" ]]; then
|
||||
print -u2 "gui-launch: no such repo dir: $repo_dir"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Embed repo+prompt in a throwaway script via %q so user text NEVER crosses the
|
||||
# AppleScript string layer — only a safe mktemp path does. This sidesteps the
|
||||
# SSH -> osascript -> shell -> wrapper multi-shell quoting trap the spec warns about.
|
||||
launch_script="$(mktemp -t mb-launch)"
|
||||
{
|
||||
print -r -- '#!/bin/zsh -l'
|
||||
printf 'exec %q %q %q\n' "$inner" "$repo_dir" "$prompt"
|
||||
} >| "$launch_script"
|
||||
chmod +x "$launch_script"
|
||||
|
||||
# mktemp paths contain no spaces/quotes, so embedding the path directly is safe.
|
||||
osascript -e "tell application \"Terminal\" to do script \"$launch_script\"" \
|
||||
-e 'tell application "Terminal" to activate'
|
||||
|
||||
print -- "gui-launch: opened Terminal for $repo_dir"
|
||||
Reference in New Issue
Block a user