@aexol/spectral 0.2.3 → 0.2.6

package/dist/cli.js

@@ -79,40 +79,9 @@ function resolvePiBin() {
 function resolveAexolExtensionPath() {
     return resolve(__dirname, "extensions", "aexol-mcp.js");
 }
-/**
- * Resolve the entry point of the bundled pi-mcp-adapter extension.
- *
- * pi-mcp-adapter declares its extension entry via `"pi": { "extensions":
- * ["./index.ts"] }` — it does NOT export a `main` or `exports` field. We
- * therefore walk up node_modules ourselves, locate the package directory, and
- * return the absolute path to `index.ts`.
- *
- * Returns null if the package is not installed (graceful degradation).
- */
-function resolveMcpAdapterPath() {
-    const rel = "node_modules/pi-mcp-adapter/package.json";
-    let dir = __dirname;
-    const root = "/";
-    for (let i = 0; i < 20; i++) {
-        const pkgPath = resolve(dir, rel);
-        try {
-            const raw = readFileSync(pkgPath, "utf8");
-            const pkg = JSON.parse(raw);
-            const extRel = pkg.pi?.extensions?.[0];
-            if (extRel) {
-                return resolve(dirname(pkgPath), extRel);
-            }
-            break; // package found but no pi.extensions — shouldn't happen
-        }
-        catch {
-            // package.json not readable at this level, keep walking up
-        }
-        const parent = dirname(dir);
-        if (parent === dir || parent === root)
-            break;
-        dir = parent;
-    }
-    return null;
+/** Absolute path to the bundled pi-mcp-adapter extension, sitting next to this file in dist/. */
+function resolveMcpExtensionPath() {
+    return resolve(__dirname, "mcp", "index.js");
 }
 // ---- Branded helpers ---------------------------------------------------------
 function printVersion() {
@@ -124,8 +93,9 @@ function printHeader() {
         TAGLINE,
         "",
         "Subcommands:",
-        "  spectral login    Authenticate with the Aexol MCP backend",
-        "  spectral logout   Remove stored Aexol credentials",
+        "  spectral login         Authenticate with a team API key",
+        "  spectral login --oauth Authorize via browser (Aexol Studio OAuth)",
+        "  spectral logout        Remove stored Aexol credentials",
         "  spectral serve    Connect this machine to the Aexol relay backend",
         "  spectral bind     Link this directory to an Aexol Studio project",
         "  spectral unbind   Remove the Aexol Studio project binding",
@@ -193,6 +163,11 @@ async function main() {
     // Subcommands. Dynamic import keeps the cold-start path light when users
     // are just running pi.
     if (first === "login") {
+        if (args[1] === "--oauth") {
+            const { runLoginOAuth } = await import("./commands/login-oauth.js");
+            await runLoginOAuth();
+            process.exit(0);
+        }
         const { runLogin } = await import("./commands/login.js");
         await runLogin();
         process.exit(0);
@@ -231,20 +206,14 @@ async function main() {
         process.stderr.write(`spectral: bundled Aexol MCP extension not found at ${aexolExtPath}. This is a packaging bug.\n`);
         process.exit(1);
     }
-    // Inject the bundled pi-mcp-adapter extension for standard MCP server
-    // support (stdio + SSE/HTTP transports, lazy loading, OAuth, /mcp panel).
-    // Graceful: if the package is missing, we continue without standard MCP.
-    const mcpAdapterPath = resolveMcpAdapterPath();
-    if (mcpAdapterPath) {
-        process.stderr.write(`[spectral] Standard MCP adapter loaded: ${mcpAdapterPath}\n`);
-    }
-    else {
-        process.stderr.write("[spectral] pi-mcp-adapter not found; standard MCP servers disabled.\n");
-    }
-    const extFlags = ["--extension", aexolExtPath];
-    if (mcpAdapterPath) {
-        extFlags.push("--extension", mcpAdapterPath);
+    // Bundled pi-mcp-adapter extension for standard MCP server support
+    // (stdio + SSE/HTTP transports, lazy loading, OAuth, /mcp panel).
+    const mcpExtPath = resolveMcpExtensionPath();
+    if (!existsSync(mcpExtPath)) {
+        process.stderr.write(`spectral: bundled MCP extension not found at ${mcpExtPath}. This is a packaging bug.\n`);
+        process.exit(1);
     }
+    const extFlags = ["--extension", aexolExtPath, "--extension", mcpExtPath];
     const finalArgs = [...extFlags, ...args];
     delegateToPi(finalArgs);
 }

package/dist/commands/login-oauth.js

@@ -0,0 +1,116 @@
+/**
+ * `spectral login --oauth` — browser-based OAuth login for CLI machine ownership.
+ *
+ * Flow:
+ *   1. Start a temporary HTTP server on a random localhost port.
+ *   2. Open the browser to `https://studio.aexol.ai/cli-auth?port=<PORT>`.
+ *   3. Wait for the browser to redirect to `http://localhost:<PORT>?token=<JWT>`.
+ *   4. Save the token to `~/.spectral/config.json` as `userJwt`.
+ *   5. Shutdown the HTTP server and exit.
+ *
+ * On failure (timeout, network error, user closes browser), the server shuts
+ * down after a configurable timeout (default 120s).
+ */
+import { createServer } from "node:http";
+import pc from "picocolors";
+import { DEFAULT_API_URL, getConfigFile, readConfig, writeConfig, } from "../config.js";
+const DEFAULT_BACKEND_URL = "https://studio.aexol.ai";
+const CALLBACK_TIMEOUT_MS = 120_000; // 2 minutes
+/**
+ * Start a temporary HTTP server to receive the OAuth callback.
+ * Returns the port and a promise that resolves with the JWT token.
+ */
+function listenForCallback(timeoutMs) {
+    return new Promise((resolve, reject) => {
+        const server = createServer();
+        const timeout = setTimeout(() => {
+            server.close();
+            reject(new Error(`Timed out after ${timeoutMs / 1000}s waiting for browser authorization.`));
+        }, timeoutMs);
+        server.on("request", (req, res) => {
+            const url = new URL(req.url ?? "/", `http://localhost`);
+            const token = url.searchParams.get("token");
+            if (token) {
+                clearTimeout(timeout);
+                res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+                res.end("<html><body><h1>✓ Authorized</h1><p>You can close this tab and return to your terminal.</p></body></html>");
+                resolve({ token, server });
+            }
+            else {
+                res.writeHead(400, { "Content-Type": "text/plain" });
+                res.end("Missing token parameter.");
+            }
+        });
+        server.on("error", (err) => {
+            clearTimeout(timeout);
+            server.close();
+            reject(new Error(`Failed to start local server: ${err.message}`));
+        });
+        server.listen(0, "127.0.0.1", () => {
+            // Port 0 lets the OS assign an ephemeral port — we read it from the server.
+        });
+    });
+}
+/** Derive the landing base URL from the backend URL. */
+function deriveLandingUrl(backendUrl) {
+    const env = process.env.SPECTRAL_LANDING_URL;
+    if (env)
+        return env;
+    // If using local dev backend, use local dev landing
+    if (backendUrl.includes("localhost") || backendUrl.includes("127.0.0.1")) {
+        return "http://localhost:3000";
+    }
+    return DEFAULT_BACKEND_URL;
+}
+export async function runLoginOAuth() {
+    process.stdout.write(pc.bold("Spectral login (OAuth)\n"));
+    process.stdout.write(pc.dim(`Opens a browser to authorize the CLI. The JWT is stored at ${getConfigFile()}.\n\n`));
+    // Load existing config to get backendUrl
+    const existingCfg = await readConfig();
+    const landingUrl = deriveLandingUrl(existingCfg?.apiUrl ?? process.env.SPECTRAL_MCP_URL ?? DEFAULT_API_URL);
+    // Start the callback listener FIRST (port must be known before opening the browser)
+    let server;
+    let token;
+    try {
+        const result = await listenForCallback(CALLBACK_TIMEOUT_MS);
+        server = result.server;
+        const addr = server.address();
+        const port = addr.port;
+        // Open browser to the CLI auth page
+        const authUrl = `${landingUrl}/cli-auth?port=${port}`;
+        process.stdout.write(pc.dim(`Opening browser: ${authUrl}\n`));
+        const { exec } = await import("node:child_process");
+        const platform = process.platform;
+        const openCmd = platform === "darwin"
+            ? `open "${authUrl}"`
+            : platform === "win32"
+                ? `start "" "${authUrl}"`
+                : `xdg-open "${authUrl}"`;
+        exec(openCmd, (err) => {
+            if (err) {
+                process.stderr.write(pc.yellow(`⚠ Could not open browser automatically. Please visit:\n  ${authUrl}\n`));
+            }
+        });
+        // Wait for the token
+        process.stdout.write(pc.dim("Waiting for authorization...\n"));
+        token = result.token;
+    }
+    catch (err) {
+        const msg = err instanceof Error ? err.message : String(err);
+        process.stderr.write(pc.red(`✗ ${msg}\n`));
+        process.exit(1);
+    }
+    finally {
+        server?.close();
+    }
+    // Save the token. Preserve existing config (especially teamApiKey).
+    const cfg = existingCfg ?? {
+        apiUrl: process.env.SPECTRAL_MCP_URL ?? DEFAULT_API_URL,
+        teamApiKey: "",
+    };
+    cfg.userJwt = token;
+    await writeConfig(cfg);
+    process.stdout.write(pc.green("✓ CLI authorized.\n"));
+    process.stdout.write(pc.dim(`Saved user JWT to ${getConfigFile()}\n`));
+    process.stdout.write(pc.dim("Run `spectral serve` to register your machine with owner info.\n"));
+}

package/dist/commands/serve.js

@@ -154,6 +154,7 @@ export async function runServe(opts = {}) {
         registration = await ensureMachineRegistered({
             backendUrl,
             apiKey: cfg.teamApiKey,
+            userJwt: cfg.userJwt,
             machineNameOverride: opts.machineName,
             version,
             fetchImpl: opts.fetchImpl,

package/dist/config.js

@@ -59,7 +59,11 @@ export async function readConfig() {
         if (typeof parsed.apiUrl === "string" &&
             typeof parsed.teamApiKey === "string" &&
             parsed.teamApiKey.length > 0) {
-            return { apiUrl: parsed.apiUrl, teamApiKey: parsed.teamApiKey };
+            return {
+                apiUrl: parsed.apiUrl,
+                teamApiKey: parsed.teamApiKey,
+                userJwt: typeof parsed.userJwt === "string" ? parsed.userJwt : undefined,
+            };
         }
         return null;
     }

package/dist/mcp/agent-dir.js

@@ -0,0 +1,18 @@
+import { homedir } from "node:os";
+import { join, resolve } from "node:path";
+export function getAgentDir() {
+    const configured = process.env.PI_CODING_AGENT_DIR?.trim();
+    if (!configured) {
+        return join(homedir(), ".pi", "agent");
+    }
+    if (configured === "~") {
+        return homedir();
+    }
+    if (configured.startsWith("~/")) {
+        return resolve(homedir(), configured.slice(2));
+    }
+    return resolve(configured);
+}
+export function getAgentPath(...segments) {
+    return join(getAgentDir(), ...segments);
+}