- auth/users.py: User store with Argon2id password hashing
- auth/sessions.py: Token-based session management with expiry
- server/app.py: aiohttp server with auth middleware and WebSocket
- console/client.py: SSH-style login console client
Server endpoints: /auth/login, /auth/logout, /auth/me, /health, /ws
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- SecureConsole with Argon2id password hashing
- Password stored in ~/.xml-pipeline/console.key
- Protected commands require password re-entry
- Attach/detach model with idle timeout
- Fallback to simple input for incompatible terminals
- @listener message injection into pump
- Boot handler no longer sends to old console
- Response handler prints to stdout with prompt refresh
Dependencies: argon2-cffi, prompt_toolkit
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
