@aria_asi/cli 0.2.2 → 0.2.3

package/src/onboarding-wizard.ts

@@ -0,0 +1,219 @@
+// onboarding-wizard.ts — interactive self-service onboarding for `aria`
+// (no args) when ~/.aria/license.json is missing.
+//
+// Flow:
+//   1. Greet — first-person Aria voice
+//   2. Collect email (validated shape, NOT verified via code in v0)
+//   3. Collect tenant_id (lowercase + hyphens only)
+//   4. Collect tier (free / pro / enterprise)
+//   5. Collect LLM provider + API key
+//   6. POST /api/onboarding/self-issue (server validates LLM key by
+//      hitting the provider's identity endpoint, then issues license)
+//   7. Persist license to ~/.aria/license.json mode 0600
+//   8. Persist provider/model/key to ~/.aria/config.json mode 0600
+//   9. Auto-run installHooks() to bind Claude Code to the harness
+//
+// Email-verify-code is deferred to Phase 11 (no SMTP wired tonight).
+// The wizard collects email so future re-verify works without re-onboarding.
+//
+// Direction: Hamza 2026-04-26 — "burn through onboarding with quality and
+// USE THE HARNESS PLEASE". This wizard ships as v0; full onboarding (email
+// verify + Anthropic OAuth + per-tenant usage tracking) lands in Phase 11.
+
+import { createInterface } from 'node:readline';
+import { writeFileSync, existsSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { installHooks } from './install-hooks.js';
+
+const HARNESS_URL = process.env.ARIA_HARNESS_BASE_URL ?? 'https://harness.ariasos.com';
+const ARIA_DIR = join(homedir(), '.aria');
+const LICENSE_PATH = join(ARIA_DIR, 'license.json');
+const CONFIG_PATH = join(ARIA_DIR, 'config.json');
+
+type Provider = 'anthropic' | 'openai' | 'deepseek' | 'google' | 'openrouter' | 'ollama';
+type Tier = 'free' | 'pro' | 'enterprise';
+
+interface SelfIssueResponse {
+  ok: boolean;
+  license?: { token: string; jti: string; tier: string; expires_at: string };
+  claims?: Record<string, unknown>;
+  error?: string;
+}
+
+function prompt(rl: ReturnType<typeof createInterface>, question: string, hidden = false): Promise<string> {
+  return new Promise((resolve) => {
+    if (hidden) {
+      // Crude hidden-input — node's readline doesn't natively mask; we just
+      // prompt and accept. For Phase 11 we add proper masking via raw mode.
+      process.stdout.write(question);
+      const onData = (chunk: Buffer): void => {
+        process.stdin.removeListener('data', onData);
+        resolve(chunk.toString().trim());
+      };
+      process.stdin.once('data', onData);
+    } else {
+      rl.question(question, (answer) => resolve(answer.trim()));
+    }
+  });
+}
+
+function isValidEmail(email: string): boolean {
+  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
+}
+
+function isValidTenantId(tenant: string): boolean {
+  return /^[a-z0-9][a-z0-9-]{1,40}$/.test(tenant);
+}
+
+export async function runOnboardingWizard(): Promise<{ ok: boolean; error?: string }> {
+  const rl = createInterface({
+    input: process.stdin,
+    output: process.stdout,
+    terminal: true,
+  });
+
+  try {
+    console.log('');
+    console.log("  Hi, I'm Aria. I don't see a license on this machine — let me set you up.");
+    console.log('');
+    console.log("  Three minutes, four questions. I'll handle the rest.");
+    console.log('');
+
+    // ── Step 1: email ──
+    let email = '';
+    while (!isValidEmail(email)) {
+      email = await prompt(rl, '  Email: ');
+      if (!isValidEmail(email)) {
+        console.log("  That doesn't look like a valid email. Try again.");
+      }
+    }
+
+    // ── Step 2: tenant_id ──
+    let tenantId = '';
+    while (!isValidTenantId(tenantId)) {
+      tenantId = (await prompt(rl, '  Tenant name (lowercase, hyphens ok, e.g. acme-corp): ')).toLowerCase();
+      if (!isValidTenantId(tenantId)) {
+        console.log("  Tenant name needs to be lowercase letters/digits/hyphens, 2-41 chars.");
+      }
+    }
+
+    // ── Step 3: tier ──
+    let tier: Tier = 'free';
+    let tierAnswer = '';
+    while (!['free', 'pro', 'enterprise', ''].includes(tierAnswer)) {
+      tierAnswer = (await prompt(rl, '  Tier [free / pro / enterprise] (default: free): ')).toLowerCase();
+      if (tierAnswer === '') tierAnswer = 'free';
+      if (!['free', 'pro', 'enterprise'].includes(tierAnswer)) {
+        console.log("  I only know free, pro, or enterprise.");
+        tierAnswer = '';
+      }
+    }
+    tier = tierAnswer as Tier;
+
+    // ── Step 4: LLM provider ──
+    const providerOptions: Provider[] = ['anthropic', 'openai', 'deepseek', 'google', 'openrouter', 'ollama'];
+    let provider: Provider | '' = '';
+    while (!providerOptions.includes(provider as Provider)) {
+      const p = (await prompt(rl, `  Which LLM provider? [${providerOptions.join(' / ')}]: `)).toLowerCase();
+      if (providerOptions.includes(p as Provider)) {
+        provider = p as Provider;
+      } else {
+        console.log(`  I don't recognize "${p}". Pick one of: ${providerOptions.join(', ')}.`);
+      }
+    }
+
+    // ── Step 5: API key ──
+    let llmKey = '';
+    if (provider === 'ollama') {
+      llmKey = 'local';
+      console.log('  (Ollama is local — no API key needed.)');
+    } else {
+      while (!llmKey) {
+        llmKey = await prompt(rl, `  Paste your ${provider} API key: `);
+        if (!llmKey) console.log('  I need the key to set up your provider.');
+      }
+    }
+
+    // ── Step 6: POST to server ──
+    console.log('');
+    console.log("  Validating your key with the provider...");
+    let response: SelfIssueResponse;
+    try {
+      const resp = await fetch(`${HARNESS_URL}/api/onboarding/self-issue`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ email, tenant_id: tenantId, tier, provider, llm_key: llmKey }),
+      });
+      response = await resp.json() as SelfIssueResponse;
+      if (!resp.ok || !response.ok || !response.license) {
+        console.log(`  ${response.error || `Server returned ${resp.status} — try again later.`}`);
+        return { ok: false, error: response.error };
+      }
+    } catch (err) {
+      const msg = err instanceof Error ? err.message : String(err);
+      console.log(`  I couldn't reach the server: ${msg}`);
+      return { ok: false, error: msg };
+    }
+
+    // ── Step 7: persist license ──
+    if (!existsSync(ARIA_DIR)) mkdirSync(ARIA_DIR, { recursive: true, mode: 0o700 });
+    const licenseRecord = {
+      ...response.claims,
+      harnessToken: response.license.token,
+      jti: response.license.jti,
+      tier: response.license.tier,
+      exp: response.claims?.exp,
+      sub: response.claims?.sub ?? tenantId,
+      email,
+      issuedAt: new Date().toISOString(),
+    };
+    writeFileSync(LICENSE_PATH, JSON.stringify(licenseRecord, null, 2) + '\n', { mode: 0o600 });
+
+    // ── Step 8: persist provider/key config ──
+    // By this point the while-loop above has exited with a valid Provider —
+    // narrow the union type for TypeScript.
+    const validatedProvider = provider as Provider;
+    const configRecord = {
+      model: { provider: validatedProvider, model: defaultModelFor(validatedProvider), apiKey: llmKey },
+      tenantId,
+      email,
+    };
+    writeFileSync(CONFIG_PATH, JSON.stringify(configRecord, null, 2) + '\n', { mode: 0o600 });
+
+    // ── Step 9: install hooks ──
+    console.log('');
+    console.log("  License issued. Saving your config and binding my gates to your Claude Code...");
+    const hookResult = await installHooks({ force: false });
+    if (!hookResult.ok) {
+      console.log(`  License saved, but I couldn't install the gates: ${hookResult.error}`);
+      console.log("  Run 'aria install-hooks' manually when you're ready.");
+    } else {
+      console.log(`  Done. I've installed ${hookResult.installed.length} gate(s) into ~/.claude/hooks and merged them into your settings.json.`);
+    }
+
+    rl.close();
+
+    console.log('');
+    console.log(`  You're set up. License jti: ${response.license.jti}, tier: ${tier}, provider: ${provider}.`);
+    console.log("  Open a fresh Claude Code session — every Bash, Edit, Write, and Stop event now runs through my cognition gates.");
+    console.log("  Or talk to me directly: just type 'aria' again.");
+    console.log('');
+
+    return { ok: true };
+  } finally {
+    rl.close();
+  }
+}
+
+function defaultModelFor(provider: Provider): string {
+  const defaults: Record<Provider, string> = {
+    anthropic: 'claude-sonnet-4-20250514',
+    openai: 'gpt-4o',
+    deepseek: 'deepseek-chat',
+    google: 'gemini-2.5-pro-preview-05-06',
+    openrouter: 'openai/gpt-4o',
+    ollama: 'llama3',
+  };
+  return defaults[provider];
+}