@atomicmail/agent-skill 0.1.0 → 0.2.1

package/esm/skill/scripts/signup.js

@@ -1,170 +0,0 @@
-#!/usr/bin/env node
-// Atomic Mail skill: signup / login.
-//
-// Performs the full PoW handshake against auth-service:
-//   POST /api/v1/challenge  -> { challengeJWT }
-//   solve scrypt PoW
-//   POST /api/v1/session    -> { sessionJWT, apiKey? }
-//   POST /api/v1/capability -> { capabilityJWT }
-//
-// Writes three files into --out-dir:
-//   credentials.json   stable account info + server config
-//   session.jwt        4h TTL, rotated by jmap_request when expired
-//   capability.jwt     2m TTL, rotated by jmap_request before each request
-import process from "node:process";
-import { parseArgs } from "node:util";
-import { DEFAULT_POW_SCRYPT_SALT_HEX } from "../../lib/src/consts.js";
-import { decodeJwtPayload, fetchCapability, performPoWAndSession, } from "./lib/auth.js";
-import { defaultFilesFromOutDir, writeCredentials, writeJwtFile, } from "./lib/credentials.js";
-const HELP = `Usage: atomic-mail-signup [OPTIONS]
-
-Register a new Atomic Mail account, or log in with an existing API key.
-Persists credentials to disk so subsequent atomic-mail-jmap invocations
-work without re-authentication.
-
-Options:
-  --auth-url URL       Auth-service base URL.
-                       [env: ATOMIC_MAIL_AUTH_URL]
-  --api-url URL        API-service base URL (stored for jmap_request).
-                       [env: ATOMIC_MAIL_API_URL]
-  --scrypt-salt SALT   Override PoW scrypt salt (defaults to the deployment
-                       constant). [env: ATOMIC_MAIL_SCRYPT_SALT]
-  --username NAME      Register a NEW account with this username. The server
-                       returns a freshly minted API key. Mutually exclusive
-                       with --api-key.
-  --api-key KEY        Log in with an existing API key. Mutually exclusive
-                       with --username.
-  --out-dir DIR        Directory to write credential files into.
-                       Default: current working directory.
-  --quiet              Suppress progress messages on stderr.
-  --help, -h           Show this help.
-
-Output files (in --out-dir):
-  credentials.json   { apiKey, inboxId, authUrl, apiUrl, scryptSalt }
-  session.jwt        Session JWT (4h TTL).
-  capability.jwt     Capability JWT (2m TTL).
-
-Exit codes:
-  0  success
-  1  network error, server rejection, or unexpected response shape
-  2  invalid CLI usage (missing/conflicting flags)
-
-Examples:
-  atomic-mail-signup --auth-url https://auth.example.com \\
-                     --api-url  https://api.example.com  \\
-                     --username  alice
-  atomic-mail-signup --api-key 11111111-2222-3333-4444-555555555555
-`;
-function fail(message, code = 1) {
-    process.stderr.write(`Error: ${message}\n`);
-    if (code === 2)
-        process.stderr.write("\nRun with --help for usage.\n");
-    process.exit(code);
-}
-function readArgs() {
-    let parsed;
-    try {
-        parsed = parseArgs({
-            args: process.argv.slice(2),
-            options: {
-                "auth-url": { type: "string" },
-                "api-url": { type: "string" },
-                "scrypt-salt": { type: "string" },
-                username: { type: "string" },
-                "api-key": { type: "string" },
-                "out-dir": { type: "string" },
-                quiet: { type: "boolean" },
-                help: { type: "boolean", short: "h" },
-            },
-            strict: true,
-            allowPositionals: false,
-        });
-    }
-    catch (err) {
-        fail(err.message, 2);
-    }
-    if (parsed.values.help) {
-        process.stdout.write(HELP);
-        process.exit(0);
-    }
-    const env = process.env;
-    const authUrl = parsed.values["auth-url"] ??
-        env.ATOMIC_MAIL_AUTH_URL ?? "";
-    const apiUrl = parsed.values["api-url"] ??
-        env.ATOMIC_MAIL_API_URL ?? "";
-    const scryptSalt = parsed.values["scrypt-salt"] ??
-        env.ATOMIC_MAIL_SCRYPT_SALT ?? DEFAULT_POW_SCRYPT_SALT_HEX;
-    const outDir = parsed.values["out-dir"] ?? ".";
-    if (!authUrl) {
-        fail("--auth-url is required (or set ATOMIC_MAIL_AUTH_URL).", 2);
-    }
-    if (!apiUrl) {
-        fail("--api-url is required (or set ATOMIC_MAIL_API_URL).", 2);
-    }
-    const username = parsed.values.username;
-    const apiKey = parsed.values["api-key"];
-    if (!!username === !!apiKey) {
-        fail("Provide exactly one of --username (new account) or --api-key (login).", 2);
-    }
-    return {
-        authUrl: authUrl.replace(/\/+$/, ""),
-        apiUrl: apiUrl.replace(/\/+$/, ""),
-        scryptSalt,
-        username,
-        apiKey,
-        outDir,
-        quiet: parsed.values.quiet === true,
-    };
-}
-async function main() {
-    const args = readArgs();
-    const files = defaultFilesFromOutDir(args.outDir);
-    const log = (msg) => {
-        if (!args.quiet)
-            process.stderr.write(msg + "\n");
-    };
-    log(args.username
-        ? `Registering new account "${args.username}"...`
-        : `Logging in with existing API key...`);
-    log(`Solving PoW + exchanging session against ${args.authUrl}...`);
-    const session = await performPoWAndSession({
-        authUrl: args.authUrl,
-        scryptSalt: args.scryptSalt,
-        username: args.username,
-        apiKey: args.apiKey,
-    });
-    const apiKey = session.apiKey ?? args.apiKey;
-    if (!apiKey) {
-        fail("Session response did not include an apiKey and none was provided. " +
-            "This indicates a server bug.");
-    }
-    log(`Fetching initial capability JWT...`);
-    const capabilityJWT = await fetchCapability(args.authUrl, session.sessionJWT);
-    const claims = decodeJwtPayload(capabilityJWT);
-    const inboxId = claims.inboxId;
-    if (typeof inboxId !== "string" || inboxId.length === 0) {
-        fail("Capability JWT did not contain an inboxId claim.");
-    }
-    await writeCredentials(files.credentialsFile, {
-        apiKey,
-        inboxId,
-        authUrl: args.authUrl,
-        apiUrl: args.apiUrl,
-        scryptSalt: args.scryptSalt,
-    });
-    await writeJwtFile(files.sessionFile, session.sessionJWT);
-    await writeJwtFile(files.capabilityFile, capabilityJWT);
-    log(`Wrote ${files.credentialsFile}`);
-    log(`Wrote ${files.sessionFile}`);
-    log(`Wrote ${files.capabilityFile}`);
-    process.stdout.write(JSON.stringify({
-        inboxId,
-        apiKey,
-        credentialsFile: files.credentialsFile,
-        sessionFile: files.sessionFile,
-        capabilityFile: files.capabilityFile,
-    }, null, 2) + "\n");
-}
-main().catch((err) => {
-    fail(err instanceof Error ? err.message : String(err));
-});