The problem
Current UX — v0.8.0
Settings — General
Sessions API Token

A 43-char URL-safe token masked in a single-line password input. No way to paste cleanly, no way to test, no feedback on whether it's correct. When empty, the Sessions section just shows a dim error string.

The token is generated by the server: python3 -c "import secrets; print(secrets.token_urlsafe(32))" — 43 chars of base64url. The user has to copy this from a terminal session and paste it into the Android app.
Option A — Clipboard paste + test connection Recommended
State 1 — Empty / prompt
Settings — General
Sessions API Token
43-character token generated on the server. Paste it here to enable the Claude Sessions section in the drawer.
No token configured
ℹ  Generate a token: secrets.token_urlsafe(32)
State 2 — Pasted, untested
Settings — General
Sessions API Token
Tap "Test" to verify the token connects to your server.
•••••••••••••••••••••••••••••••••••
State 3 — Testing…
Settings — General
Sessions API Token
•••••••••••••••••••••••••••••••••••
State 4a — Connected ✓
Settings — General
Sessions API Token
•••••••••••••••••••••••••••••••••••
✓  Connected — 3 sessions returned
Token saved. Sessions will update every 5s in the drawer.
State 4b — Auth failed ✗
Settings — General
Sessions API Token
•••••••••••••••••••••••••••••••••••
✗  401 Unauthorized — check token
Option B — QR code paired flow
3-step QR pairing
1
Open Settings → Sessions API Token → Pair via QR
Argus shows a "Waiting for QR…" overlay with a camera viewfinder.
2
On claude-server-evo, run the pairing command
argus-api pair prints a QR code in the terminal encoding argus-token://<token>.
3
Point camera at terminal — instant pair
Argus scans the QR, extracts the token, runs the test connection, and shows State 4a on success.
Camera viewfinder (mock)
Scanning…

More ergonomic for a 43-char token but adds server-side dependency (the argus-api pair command). Good for initial setup, but clipboard paste is faster for re-keying.

Option A vs B — tradeoffs
Criteria A: Paste+Test B: QR Pair
Zero server-side changes✗ needs pair cmd
No typing a 43-char token
Immediate feedback✓ test btn✓ on scan
Re-key on rotationEasy pasteNeed terminal open
Works when clipboard is messyDepends
Implementation effortLowMedium
Recommendation: Option A — clipboard paste + test connection. The "Show token" toggle lets the user verify before saving. The "Test" button gives instant confidence. Zero server changes needed. QR can be added in v0.9 as a convenience on top.
When the drawer shows a token error
The Sessions section collapses and shows: "Sessions API requires a token → Configure in Settings" as a tappable link. Deep-links directly to the token field within Settings.
Token field — show/hide states
Masked (default)
Sessions API Token
•••••••••••••••••••••••••••••••••••

inputType=textPassword + custom chip buttons. Border turns green after successful test. Clear button is destructive — requires confirmation.

Revealed
Sessions API Token
argus_d8fK2jLm9Nq3Rp7vXw1Yz4Ba6Ce0Gh5Ij
ⓘ  Token visible. Hide before sharing your screen.

Orange tint on the field when token is revealed. "Hide" replaces "Show". Info banner warns about screen sharing. Auto-hides after 30s of inactivity.