beeper · batuhan · May 4, 2026 · May 3, 2026 · May 3, 2026 · May 3, 2026
diff --git a/cmd/bbctl/authconfig.go b/cmd/bbctl/authconfig.go
@@ -24,15 +24,20 @@ var envs = map[string]string{
 }
 
 type EnvConfig struct {
-	ClusterID     string `json:"cluster_id"`
-	Username      string `json:"username"`
-	AccessToken   string `json:"access_token"`
-	BridgeDataDir string `json:"bridge_data_dir"`
-	DatabaseDir   string `json:"database_dir,omitempty"`
+	ClusterID      string `json:"cluster_id"`
+	Username       string `json:"username"`
+	AccessToken    string `json:"access_token"`
+	BridgeDataDir  string `json:"bridge_data_dir"`
+	DatabaseDir    string `json:"database_dir,omitempty"`
+	DesktopDataDir string `json:"desktop_data_dir,omitempty"`
 }
 
 func (ec *EnvConfig) HasCredentials() bool {
-	return strings.HasPrefix(ec.AccessToken, "syt_")
+	return strings.HasPrefix(ec.AccessToken, "syt_") || strings.HasPrefix(ec.AccessToken, "bat_")
-func (ec *EnvConfig) HasCredentials() bool {
-	return strings.HasPrefix(ec.AccessToken, "syt_")
-	return strings.HasPrefix(ec.AccessToken, "syt_") || strings.HasPrefix(ec.AccessToken, "bat_")
+func (ec *EnvConfig) HasCredentials() bool {
+	return ec.AccessToken != ""
+}
-func (ec *EnvConfig) HasCredentials() bool {
-	return strings.HasPrefix(ec.AccessToken, "syt_")
-	return strings.HasPrefix(ec.AccessToken, "syt_") || strings.HasPrefix(ec.AccessToken, "bat_")
+func (ec *EnvConfig) HasCredentials() bool {
+	return ec.AccessToken != ""
+}
+}
+
+func (ec *EnvConfig) UsesDesktopLogin() bool {
+	return ec.DesktopDataDir != ""
 }
 
 type EnvConfigs map[string]*EnvConfig

diff --git a/cmd/bbctl/desktopauth.go b/cmd/bbctl/desktopauth.go
@@ -0,0 +1,186 @@
+package main
+
+import (
+	"context"
+	"database/sql"
+	"errors"
+	"fmt"
+	"net/url"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/urfave/cli/v2"
+	"go.mau.fi/util/dbutil"
+
+	"github.com/beeper/bridge-manager/api/beeperapi"
+
+	_ "go.mau.fi/util/dbutil/litestream"
+)
+
+func desktopLoginFlags() []cli.Flag {
+	return []cli.Flag{
+		&cli.StringFlag{
+			Name:    "profile",
+			EnvVars: []string{"BEEPER_PROFILE"},
+			Usage:   "Beeper Desktop profile name, equivalent to BEEPER_PROFILE in Desktop",
+		},
+		&cli.StringFlag{
+			Name:    "desktop-data-dir",
+			EnvVars: []string{"BBCTL_DESKTOP_DATA_DIR"},
+			Usage:   "Read credentials from this Beeper Desktop user data directory",
+		},
+	}
+}
+
+type DesktopAccount struct {
+	UserID      string
+	AccessToken string
+	Homeserver  string
+}
+
+func getDesktopDataDir(ctx *cli.Context) (string, error) {
+	if dataDir := ctx.String("desktop-data-dir"); dataDir != "" {
+		return dataDir, nil
+	}
+	return resolveDesktopDataDir(ctx.String("profile"))
+}
+
+func resolveDesktopDataDir(profile string) (string, error) {
+	appName := "BeeperTexts"
+	if profile != "" {
+		appName += "-" + profile
+	}
+	dataDir, err := os.UserConfigDir()
+	if err != nil {
+		return "", err
+	}
+	return filepath.Join(dataDir, appName), nil
+}
+
+func getLoginDesktopAccountDBPath(ctx *cli.Context) (string, error) {
+	dataDir, err := getDesktopDataDir(ctx)
+	if err != nil {
+		return "", fmt.Errorf("failed to resolve desktop data directory: %w", err)
+	}
+	return filepath.Join(dataDir, "account.db"), nil
+}
+
+func readDesktopAccount(ctx context.Context, dbPath string) (account *DesktopAccount, err error) {
+	dbURI := (&url.URL{
+		Scheme:   "file",
+		Path:     filepath.ToSlash(dbPath),
+		RawQuery: "mode=ro",
+	}).String()
+	db, err := dbutil.NewWithDialect(dbURI, "sqlite3-fk-wal")
+	if err != nil {
+		return nil, fmt.Errorf("failed to open desktop account database: %w", err)
+	}
+	defer func() {
+		if closeErr := db.Close(); closeErr != nil {
+			if err != nil {
+				err = fmt.Errorf("%w; failed to close desktop account database: %v", err, closeErr)
+			} else {
+				err = fmt.Errorf("failed to close desktop account database: %w", closeErr)
+			}
+		}
+	}()
+
+	var desktopAccount DesktopAccount
+	err = db.QueryRow(ctx, "SELECT user_id, access_token, homeserver FROM account LIMIT 1").
+		Scan(&desktopAccount.UserID, &desktopAccount.AccessToken, &desktopAccount.Homeserver)
+	if errors.Is(err, sql.ErrNoRows) {
+		return nil, fmt.Errorf("desktop account database has no logged-in account")
+	} else if err != nil {
+		return nil, fmt.Errorf("failed to read desktop account database: %w", err)
+	} else if desktopAccount.UserID == "" || desktopAccount.AccessToken == "" {
+		return nil, fmt.Errorf("desktop account database has incomplete credentials")
+	}
+	return &desktopAccount, nil
+}
+
+func desktopAccountHomeserverDomain(account *DesktopAccount) (string, error) {
+	if account.Homeserver == "" {
+		return "", nil
+	}
+	parsed, err := url.Parse(account.Homeserver)
+	if err != nil {
+		return "", fmt.Errorf("desktop account has invalid homeserver URL %q: %w", account.Homeserver, err)
+	}
+	return strings.TrimPrefix(parsed.Host, "matrix."), nil
-	parsed, err := url.Parse(account.Homeserver)
-	if err != nil {
-		return "", fmt.Errorf("desktop account has invalid homeserver URL %q: %w", account.Homeserver, err)
-	}
-	return strings.TrimPrefix(parsed.Host, "matrix."), nil
+	parsed, err := url.Parse(account.Homeserver)
+	if err != nil {
+		return "", fmt.Errorf("desktop account has invalid homeserver URL %q: %w", account.Homeserver, err)
+	}
+	host := parsed.Hostname()
+	if host == "" {
+		return "", fmt.Errorf("desktop account homeserver URL %q has no host", account.Homeserver)
+	}
+	return strings.TrimPrefix(host, "matrix."), nil
-	parsed, err := url.Parse(account.Homeserver)
-	if err != nil {
-		return "", fmt.Errorf("desktop account has invalid homeserver URL %q: %w", account.Homeserver, err)
-	}
-	return strings.TrimPrefix(parsed.Host, "matrix."), nil
+	parsed, err := url.Parse(account.Homeserver)
+	if err != nil {
+		return "", fmt.Errorf("desktop account has invalid homeserver URL %q: %w", account.Homeserver, err)
+	}
+	host := parsed.Hostname()
+	if host == "" {
+		return "", fmt.Errorf("desktop account homeserver URL %q has no host", account.Homeserver)
+	}
+	return strings.TrimPrefix(host, "matrix."), nil
+}
+
+func envForHomeserverDomain(domain string) string {
+	for env, envDomain := range envs {
+		if domain == envDomain {
+			return env
+		}
+	}
+	return ""
+}
+
+func configureDesktopLogin(ctx *cli.Context, account *DesktopAccount) (string, string, error) {
+	homeserver, err := desktopAccountHomeserverDomain(account)
+	if err != nil {
+		return "", "", err
+	}
+	env := ctx.String("env")
+	if homeserverEnv := envForHomeserverDomain(homeserver); homeserverEnv != "" {
+		env = homeserverEnv
+		homeserver = envs[env]
+	} else if homeserver == "" {
+		homeserver = ctx.String("homeserver")
+	}
+
+	whoami, err := beeperapi.Whoami(homeserver, account.AccessToken)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to verify desktop credentials with whoami: %w", err)
+	}
+
+	cfg := GetConfig(ctx)
+	envCfg := cfg.Environments.Get(env)
+	envCfg.ClusterID = whoami.UserInfo.BridgeClusterID
+	envCfg.Username = whoami.UserInfo.Username
+	envCfg.AccessToken = account.AccessToken
+	envCfg.BridgeDataDir = filepath.Join(UserDataDir, "bbctl", env)
+	dataDir, err := getDesktopDataDir(ctx)
+	if err != nil {
+		return "", "", fmt.Errorf("failed to resolve desktop data directory: %w", err)
+	}
+	envCfg.DesktopDataDir = dataDir
+	err = cfg.Save()
+	if err != nil {
+		return "", "", fmt.Errorf("failed to save config: %w", err)
+	}
+
+	return env, homeserver, nil
+}
+
+func loadDesktopLogin(ctx *cli.Context, envConfig *EnvConfig) error {
+	if envConfig.DesktopDataDir == "" {
+		return nil
+	}
+	dbPath := filepath.Join(envConfig.DesktopDataDir, "account.db")
+	account, err := readDesktopAccount(ctx.Context, dbPath)
+	if err != nil {
+		return err
+	}
+	homeserver, err := desktopAccountHomeserverDomain(account)
+	if err != nil {
+		return err
+	}
+	if homeserver == "" {
+		homeserver = ctx.String("homeserver")
+	}
+	whoami, err := beeperapi.Whoami(homeserver, account.AccessToken)
+	if err != nil {
+		return fmt.Errorf("failed to verify desktop credentials with whoami: %w", err)
+	}
+	envConfig.ClusterID = whoami.UserInfo.BridgeClusterID
+	envConfig.Username = whoami.UserInfo.Username
+	envConfig.AccessToken = account.AccessToken
+	if envConfig.BridgeDataDir == "" {
+		envConfig.BridgeDataDir = filepath.Join(UserDataDir, "bbctl", ctx.String("env"))
+	}
+	return nil
+}
diff --git a/cmd/bbctl/login-email.go b/cmd/bbctl/login-email.go
@@ -11,29 +11,85 @@ import (
 	"maunium.net/go/mautrix"
 
 	"github.com/beeper/bridge-manager/api/beeperapi"
-	"github.com/beeper/bridge-manager/cli/interactive"
 )
 
 var loginCommand = &cli.Command{
 	Name:    "login",
 	Aliases: []string{"l"},
 	Usage:   "Log into the Beeper server",
-	Before:  interactive.Ask,
 	Action:  beeperLogin,
 	Flags: []cli.Flag{
-		interactive.Flag{Flag: &cli.StringFlag{
+		&cli.StringFlag{
 			Name:    "email",
 			EnvVars: []string{"BEEPER_EMAIL"},
 			Usage:   "The Beeper account email to log in with",
-		}, Survey: &survey.Input{
-			Message: "Email:",
-		}},
+		},
+		&cli.BoolFlag{
+			Name:    "no-desktop",
+			EnvVars: []string{"BBCTL_NO_DESKTOP_LOGIN"},
+			Usage:   "Skip checking for an existing Beeper Desktop login",
+		},
 	},
 }
 
+func init() {
+	loginCommand.Flags = append(loginCommand.Flags, desktopLoginFlags()...)
+}
+
+func maybeUseDesktopLogin(ctx *cli.Context) (bool, error) {
+	if ctx.Bool("no-desktop") {
+		return false, nil
+	}
+	dbPath, err := getLoginDesktopAccountDBPath(ctx)
+	if err != nil {
+		return false, err
+	}
+	account, err := readDesktopAccount(ctx.Context, dbPath)
+	if err != nil {
+		if ctx.IsSet("desktop-data-dir") {
+			return false, err
+		}
+		return false, nil
+	}
+
+	useDesktop := false
+	err = survey.AskOne(&survey.Confirm{
+		Message: fmt.Sprintf("Use Beeper Desktop login for %s?", account.UserID),
+		Default: true,
+	}, &useDesktop)
+	if err != nil {
+		return false, err
+	}
+	if !useDesktop {
+		return false, nil
+	}
+
+	env, homeserver, err := configureDesktopLogin(ctx, account)
+	if err != nil {
+		return false, err
+	}
+	fmt.Printf("Using Beeper Desktop login for %s in bbctl env %q (%s)\n", account.UserID, env, homeserver)
+	return true, nil
+}
+
 func beeperLogin(ctx *cli.Context) error {
+	didLogin, err := maybeUseDesktopLogin(ctx)
+	if err != nil {
+		return err
+	} else if didLogin {
+		return nil
+	}
+
 	homeserver := ctx.String("homeserver")
 	email := ctx.String("email")
+	if email == "" {
+		err = survey.AskOne(&survey.Input{
+			Message: "Email:",
+		}, &email)
+		if err != nil {
+			return err
+		}
+	}
 
 	startLogin, err := beeperapi.StartLogin(homeserver)
 	if err != nil {
@@ -91,6 +147,7 @@ func doMatrixLogin(ctx *cli.Context, req *mautrix.ReqLogin, whoami *beeperapi.Re
 	envCfg.ClusterID = whoami.UserInfo.BridgeClusterID
 	envCfg.Username = whoami.UserInfo.Username
 	envCfg.AccessToken = resp.AccessToken
+	envCfg.DesktopDataDir = ""
 	envCfg.BridgeDataDir = filepath.Join(UserDataDir, "bbctl", ctx.String("env"))
 	err = cfg.Save()
 	if err != nil {

diff --git a/cmd/bbctl/logout.go b/cmd/bbctl/logout.go
@@ -22,16 +22,22 @@ var logoutCommand = &cli.Command{
 }
 
 func beeperLogout(ctx *cli.Context) error {
-	_, err := GetMatrixClient(ctx).Logout(ctx.Context)
-	if err != nil && !ctx.Bool("force") {
-		return fmt.Errorf("error logging out: %w", err)
+	envCfg := GetEnvConfig(ctx)
+	if !envCfg.UsesDesktopLogin() {
+		_, err := GetMatrixClient(ctx).Logout(ctx.Context)
+		if err != nil && !ctx.Bool("force") {
+			return fmt.Errorf("error logging out: %w", err)
+		}
 	}
 	cfg := GetConfig(ctx)
 	delete(cfg.Environments, ctx.String("env"))
-	err = cfg.Save()
-	if err != nil {
+	if err := cfg.Save(); err != nil {
 		return fmt.Errorf("error saving config: %w", err)
 	}
+	if envCfg.UsesDesktopLogin() {
+		fmt.Println("Logged out of bbctl successfully. Your Beeper Desktop session was not affected.")
+		return nil
+	}
 	fmt.Println("Logged out successfully")
 	return nil
 }
diff --git a/cmd/bbctl/main.go b/cmd/bbctl/main.go
@@ -81,6 +81,12 @@ func prepareApp(ctx *cli.Context) error {
 	envConfig := cfg.Environments.Get(env)
 	ctx.Context = context.WithValue(ctx.Context, contextKeyConfig, cfg)
 	ctx.Context = context.WithValue(ctx.Context, contextKeyEnvConfig, envConfig)
+	if envConfig.UsesDesktopLogin() && !isRecoveryCommand(ctx) {
+		err = loadDesktopLogin(ctx, envConfig)
+		if err != nil {
+			return fmt.Errorf("failed to use Beeper Desktop login: %w", err)
+		}
+	}
 	if envConfig.HasCredentials() {
 		if envConfig.Username == "" {
 			log.Printf("Fetching whoami to fill missing env config details")
@@ -95,6 +101,15 @@ func prepareApp(ctx *cli.Context) error {
 	return nil
 }
 
+func isRecoveryCommand(ctx *cli.Context) bool {
+	switch ctx.Args().First() {
+	case "login", "l", "login-password", "p", "logout":
+		return true
+	default:
+		return false
+	}
+}
+
 var app = &cli.App{
 	Name:  "bbctl",
 	Usage: "Manage self-hosted bridges for Beeper",

diff --git a/go.mod b/go.mod
@@ -24,7 +24,9 @@ require (
 	github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
 	github.com/mattn/go-colorable v0.1.14 // indirect
 	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-sqlite3 v1.14.34 // indirect
 	github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
+	github.com/petermattis/goid v0.0.0-20260113132338-7c7de50cc741 // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/tidwall/match v1.1.1 // indirect