grant/matrix-bridge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e5a751d4f43e018bc8f8920cc0aaaa7e5359632e
matrix-bridge/.env.example
T
Keysat 8ad1cd8465 Add headless "ask" mode: ?-prefixed message runs claude -p, answer posted back 
A message starting with `?` in a mapped room runs `claude -p` one-shot in that
repo on the Mac and posts the full answer back into the room — Matrix as a
request/response interface, not just a trigger. Non-`?` messages keep launching
interactive sessions as before.

New scripts/ask-claude.sh is a login-shell wrapper (so ~/.zprofile puts claude on
PATH) that exports CLAUDE_CODE_OAUTH_TOKEN from the Mac's .env and runs
`claude -p "$prompt" < /dev/null`, printing the answer to stdout. The bot adds a
`?`-dispatch with run_ask/ask: SSH stdout captured, 300s timeout, fail-loud, output
chunked under Matrix's event cap (no truncation).

Headless claude -p needs the long-lived token because a non-GUI SSH session can't
reach the login Keychain (reports "Not logged in") — the deliberate Approach A that
the interactive GUI-Terminal path (D11) avoided. Token is kept Mac-side only; the
Spark never runs claude. Sovereignty unchanged: claude -p uses the subscription, no
frontier API touches message payloads.

Proven live on the Spark; fresh-eyes reviewed before commit.
2026-06-15 19:50:36 -05:00

17 lines
924 B
Bash
Raw Blame History

# matrix-bridge bot credentials — COPY to .env (gitignored) and fill in real values.
# Never commit real values. The bot runs on the Spark; the real .env lives next to it there.
MATRIX_HOMESERVER=https://<your-synapse-host>
MATRIX_USER=@<bot>:<your-domain>
MATRIX_DEVICE_ID=matrix-bridge-bot
MATRIX_ACCESS_TOKEN=
# Optional — kept for recovery / re-minting a token. The bot authenticates with the access token,
# not the password (logging in every start would spawn a new device each time).
MATRIX_PASSWORD=
# Headless "ask" mode (the `?`-prefix path). Used MAC-SIDE by scripts/ask-claude.sh, NOT by the
# bot — a non-GUI SSH session can't reach the login Keychain, so `claude -p` needs this token to
# authenticate. Mint once on the Mac: `claude setup-token` (requires a Claude subscription), then
# paste the value here. Lives on the Mac; the Spark never runs claude, so it needs no copy.
CLAUDE_CODE_OAUTH_TOKEN=
Reference in New Issue View Git Blame Copy Permalink