Adds shared-secret HMAC-SHA256 authentication to peer sync endpoints. Sync requests now include X-Clare-Timestamp + X-Clare-Signature headers covering ts/method/path/body. Server validates against local sync_secret and rejects with 401 on mismatch, missing headers, or >300s skew. - config.py: new sync_secret field (auto-generated on first run) and PeerConfig list (back-compat: plain-string peers still parse) - sync.py: signs outbound peer + loopback requests; sync_peer takes PeerConfig and local_secret - web/api.py: require_sync_auth dependency on /sync/* routes; /health remains unauthenticated; when sync_secret is unset, sync stays open for back-compat with fresh installs - tests: 10 new auth tests cover valid/tampered/expired/missing/no-secret paths plus full two-Clare convergence with matched secrets |
||
|---|---|---|
| scripts | ||
| src/clare | ||
| tests | ||
| .gitignore | ||
| CLAUDE.md | ||
| DESIGN.md | ||
| INFRA.md | ||
| pyproject.toml | ||
| README.md | ||
Clare
Project manager for the Claude agent fleet. Sits on top of rclaude — Clare owns the fleet's work (projects, tasks, assignments, priorities); rclaude owns each agent's session (tmux, ssh, send-keys).
clare (project manager) — projects · tasks · assignments · prioritization · web
│
▼
rclaude (transport) — send · list · resume · triage · tmux+ssh primitives
│
▼
claude agents on hosts
Install
Requires Python 3.13+ and uv.
cd ~/Code/@projects/@clare
uv venv
uv pip install -e ".[dev]"
./scripts/install.sh # symlinks `clare` into ~/.local/bin
Quick start
clare init # first run: generates machine_id + DB
clare project new "wozniak-cleanup" --goal "remove dead code paths"
clare task add wozniak-cleanup "scan for dead exports" --prio 1
clare pull # refresh fleet view from rclaude
clare assign <task-id> <session-uuid> # bind a task to a live claude session
clare status # rolled-up dashboard
clare broadcast wozniak-cleanup --yes -- "please start"
clare web # FastAPI dashboard at http://127.0.0.1:8765
Architecture
Event-sourced single-machine SQLite at ~/.local/share/clare/clare.db. Every write produces an append-only events row with a hybrid-logical-clock timestamp; projection tables (projects, tasks, assignments, sessions, updates, groups) are rebuilt from events. The HLC + event substrate is in place so a future Push B can add peer-to-peer sync without schema migration.
See DESIGN.md for full rationale.
Status
Push A (this scaffold): single-machine. CLI + web dashboard + pull loop. Sync deferred.
Push B (next): httpx peer pull/push, /api/sync/events endpoints, multi-machine integration tests.