@bonginkan/maria 4.2.5 → 4.2.6

package/dist/bin/maria.cjs

@@ -7135,16 +7135,12 @@ var init_SecretManagerIntegration = __esm({
           const [version] = await this.client.accessSecretVersion({ name: name2 });
           const payload = version.payload?.data;
           if (!payload) {
-            console.error(`Secret ${secretName} has no payload`);
             return void 0;
           }
           const secret = payload.toString();
           this.cacheSecret(secretName, secret);
           return secret;
         } catch (error2) {
-          if (error2.code !== 5) {
-            console.error(`Failed to access secret ${secretName}:`, error2);
-          }
           return this.getFallbackFromEnv(provider);
         }
       }
@@ -7227,7 +7223,6 @@ var init_SecretManagerIntegration = __esm({
           this.cacheExpiry.delete(secretName);
           return true;
         } catch (error2) {
-          console.error(`Failed to create/update secret ${secretName}:`, error2);
           return false;
         }
       }
@@ -21846,7 +21841,7 @@ var init_package = __esm({
   "package.json"() {
     package_default = {
       name: "@bonginkan/maria",
-      version: "4.2.5",
+      version: "4.2.6",
       description: "\u{1F680} MARIA v4.2.0 - Enterprise AI Development Platform with 100% Command Availability. Features 74 production-ready commands with comprehensive fallback implementation, local LLM support, and zero external dependencies. Includes natural language coding, AI safety evaluation, intelligent evolution system, episodic memory with PII masking, and real-time monitoring dashboard. Built with TypeScript AST-powered code generation, OAuth2.0 + PKCE authentication, quantum-resistant cryptography, and enterprise-grade performance.",
       keywords: [
         "ai",
@@ -22854,42 +22849,203 @@ var init_TokenStorage = __esm({
   }
 });
 
+// src/services/cli-auth/AuthSecretManager.ts
+var import_secret_manager2, AuthSecretManager, authSecretManager;
+var init_AuthSecretManager = __esm({
+  "src/services/cli-auth/AuthSecretManager.ts"() {
+    import_secret_manager2 = require("@google-cloud/secret-manager");
+    AuthSecretManager = class {
+      client;
+      cache = /* @__PURE__ */ new Map();
+      cacheExpiry = /* @__PURE__ */ new Map();
+      CACHE_TTL = 36e5;
+      // 1 hour
+      projectId;
+      constructor() {
+        this.projectId = process.env.GCLOUD_PROJECT || "maria-code-470602";
+        this.client = new import_secret_manager2.SecretManagerServiceClient();
+      }
+      /**
+       * Get authentication configuration from Secret Manager
+       */
+      async getAuthConfig() {
+        const [authBase, apiBase, clientId] = await Promise.all([
+          this.getSecret("maria-auth-server-url").catch(() => null),
+          this.getSecret("maria-api-server-url").catch(() => null),
+          this.getSecret("maria-cli-client-id").catch(() => null)
+        ]);
+        return {
+          authBase: authBase || this.getAuthBaseUrlFallback(),
+          apiBase: apiBase || this.getApiBaseUrlFallback(),
+          clientId: clientId || process.env.MARIA_CLIENT_ID || "maria-cli"
+        };
+      }
+      /**
+       * Get a specific secret from Secret Manager
+       */
+      async getSecret(secretName) {
+        const cached = this.getCachedSecret(secretName);
+        if (cached) {
+          return cached;
+        }
+        try {
+          const name2 = `projects/${this.projectId}/secrets/${secretName}/versions/latest`;
+          const [version] = await this.client.accessSecretVersion({ name: name2 });
+          const payload = version.payload?.data;
+          if (!payload) {
+            return null;
+          }
+          const secret = payload.toString();
+          this.cacheSecret(secretName, secret);
+          return secret;
+        } catch (error2) {
+          return null;
+        }
+      }
+      /**
+       * Get all OAuth configuration secrets
+       */
+      async getOAuthSecrets() {
+        const secretNames = [
+          "google-client-id",
+          "google-client-secret",
+          "github-client-id",
+          "github-client-secret",
+          "nextauth-secret",
+          "firebase-project-id",
+          "session-keys"
+        ];
+        const results = await Promise.allSettled(
+          secretNames.map((name2) => this.getSecret(name2))
+        );
+        return {
+          googleClientId: results[0].status === "fulfilled" ? results[0].value || void 0 : void 0,
+          googleClientSecret: results[1].status === "fulfilled" ? results[1].value || void 0 : void 0,
+          githubClientId: results[2].status === "fulfilled" ? results[2].value || void 0 : void 0,
+          githubClientSecret: results[3].status === "fulfilled" ? results[3].value || void 0 : void 0,
+          nextAuthSecret: results[4].status === "fulfilled" ? results[4].value || void 0 : void 0,
+          firebaseProjectId: results[5].status === "fulfilled" ? results[5].value || void 0 : void 0,
+          sessionKeys: results[6].status === "fulfilled" ? results[6].value || void 0 : void 0
+        };
+      }
+      /**
+       * Cache a secret value
+       */
+      cacheSecret(name2, value) {
+        this.cache.set(name2, value);
+        this.cacheExpiry.set(name2, Date.now() + this.CACHE_TTL);
+      }
+      /**
+       * Get cached secret if not expired
+       */
+      getCachedSecret(name2) {
+        const expiry = this.cacheExpiry.get(name2);
+        if (!expiry || Date.now() > expiry) {
+          this.cache.delete(name2);
+          this.cacheExpiry.delete(name2);
+          return null;
+        }
+        return this.cache.get(name2) || null;
+      }
+      /**
+       * Clear all cached secrets
+       */
+      clearCache() {
+        this.cache.clear();
+        this.cacheExpiry.clear();
+      }
+      /**
+       * Fallback for auth base URL
+       */
+      getAuthBaseUrlFallback() {
+        if (process.env.MARIA_AUTH_MODE === "local") {
+          return "http://localhost:3001";
+        }
+        if (process.env.MARIA_AUTH_BASE) {
+          return process.env.MARIA_AUTH_BASE;
+        }
+        const cloudRunUrl = "https://auth-server-i227ftjidq-uc.a.run.app";
+        return cloudRunUrl;
+      }
+      /**
+       * Fallback for API base URL
+       */
+      getApiBaseUrlFallback() {
+        if (process.env.MARIA_AUTH_MODE === "local") {
+          return "http://localhost:3000/api";
+        }
+        if (process.env.MARIA_API_BASE) {
+          return process.env.MARIA_API_BASE;
+        }
+        const cloudRunApiUrl = "https://maria-code-i227ftjidq-uc.a.run.app";
+        return cloudRunApiUrl;
+      }
+    };
+    authSecretManager = new AuthSecretManager();
+  }
+});
+
 // src/services/cli-auth/AuthenticationManager.ts
 var import_crypto4, import_http, import_url, import_open, AuthenticationManager, authManager;
 var init_AuthenticationManager = __esm({
   "src/services/cli-auth/AuthenticationManager.ts"() {
     init_types();
     init_TokenStorage();
+    init_AuthSecretManager();
     import_crypto4 = __toESM(require("crypto"), 1);
     import_http = require("http");
     import_url = require("url");
     import_open = __toESM(require("open"), 1);
     AuthenticationManager = class {
       tokenStorage;
-      authBase;
-      apiBase;
-      clientId;
+      secretManager;
+      authBase = "";
+      apiBase = "";
+      clientId = "";
+      initialized = false;
+      initPromise = null;
       REFRESH_THRESHOLD = 5 * 60 * 1e3;
       // 5 minutes
       CLOCK_SKEW = 2 * 60 * 1e3;
       // 2 minutes clock skew tolerance
       constructor() {
         this.tokenStorage = new TokenStorage();
-        this.authBase = process.env.MARIA_AUTH_BASE || this.getAuthBaseUrl();
-        this.apiBase = process.env.MARIA_API_BASE || this.getApiBaseUrl();
-        this.clientId = process.env.MARIA_CLIENT_ID || "maria-cli";
+        this.secretManager = new AuthSecretManager();
+        this.initPromise = this.initialize();
+      }
+      /**
+       * Initialize configuration from Secret Manager
+       */
+      async initialize() {
+        try {
+          const config2 = await this.secretManager.getAuthConfig();
+          this.authBase = config2.authBase;
+          this.apiBase = config2.apiBase;
+          this.clientId = config2.clientId;
+          this.initialized = true;
+        } catch (error2) {
+          this.authBase = this.getAuthBaseUrl();
+          this.apiBase = this.getApiBaseUrl();
+          this.clientId = process.env.MARIA_CLIENT_ID || "maria-cli";
+          this.initialized = true;
+        }
+      }
+      /**
+       * Ensure the manager is initialized before use
+       */
+      async ensureInitialized() {
+        if (!this.initialized && this.initPromise) {
+          await this.initPromise;
+        }
       }
       getAuthBaseUrl() {
         if (process.env.MARIA_AUTH_MODE === "local") {
-          console.debug("Using local auth server (development mode)");
           return "http://localhost:3001";
         }
         const cloudRunUrl = "https://auth-server-i227ftjidq-uc.a.run.app";
         if (process.env.MARIA_USE_CUSTOM_DOMAIN === "true") {
-          console.debug("Attempting to use custom domain auth.maria-code.ai");
           return "https://auth.maria-code.ai";
         }
-        console.debug("Using Cloud Run URL for auth:", cloudRunUrl);
         return cloudRunUrl;
       }
       getApiBaseUrl() {
@@ -22906,6 +23062,7 @@ var init_AuthenticationManager = __esm({
        * Check if user is authenticated
        */
       async isAuthenticated() {
+        await this.ensureInitialized();
         try {
           const tokens = await this.tokenStorage.load();
           if (!tokens) return false;
@@ -22921,6 +23078,7 @@ var init_AuthenticationManager = __esm({
        * Require authenticated user (throws if not authenticated)
        */
       async requireUser() {
+        await this.ensureInitialized();
         if (!await this.isAuthenticated()) {
           throw new AuthenticationRequiredError(ERROR_MESSAGES.AUTH_REQUIRED);
         }
@@ -22930,6 +23088,7 @@ var init_AuthenticationManager = __esm({
        * Get current authenticated user
        */
       async getCurrentUser() {
+        await this.ensureInitialized();
         if (process.env.MARIA_AUTH_MODE === "local") {
           const tokens2 = await this.tokenStorage.load();
           if (!tokens2) {
@@ -22939,16 +23098,14 @@ var init_AuthenticationManager = __esm({
             id: "local-dev-user",
             email: "developer@localhost",
             name: "Local Developer",
-            plan: "ultra",
+            plan: "ULTRA",
             usage: {
               requests: Math.floor(Math.random() * 100),
               // Random usage for testing
               requestLimit: 999999,
-              requestsRemaining: 999999,
               resetAt: Date.now() + 30 * 24 * 60 * 60 * 1e3
             },
-            createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-            updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+            models: []
           };
         }
         const tokens = await this.getValidTokens();
@@ -22971,7 +23128,8 @@ var init_AuthenticationManager = __esm({
           if (!response2.ok) {
             throw new Error(`Failed to fetch user profile: ${response2.statusText}`);
           }
-          return await response2.json();
+          const userData = await response2.json();
+          return userData;
         } catch (error2) {
           if (error2 instanceof AuthenticationRequiredError || error2 instanceof QuotaExceededError) {
             throw error2;
@@ -22983,6 +23141,7 @@ var init_AuthenticationManager = __esm({
        * Login with OAuth2 PKCE flow
        */
       async login(options = {}) {
+        await this.ensureInitialized();
         try {
           if (await this.isAuthenticated() && !options.force) {
             const user2 = await this.getCurrentUser();
@@ -23042,16 +23201,14 @@ var init_AuthenticationManager = __esm({
           id: "local-dev-user",
           email: "developer@localhost",
           name: "Local Developer",
-          plan: "ultra",
+          plan: "ULTRA",
           // Give full access in dev mode
           usage: {
             requests: 0,
             requestLimit: 999999,
-            requestsRemaining: 999999,
             resetAt: Date.now() + 30 * 24 * 60 * 60 * 1e3
           },
-          createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-          updatedAt: (/* @__PURE__ */ new Date()).toISOString()
+          models: []
         };
         console.log("\u2705 Logged in as developer@localhost (Local Mode)");
         console.log("   Plan: Ultra (Development)");
@@ -23066,6 +23223,7 @@ var init_AuthenticationManager = __esm({
        * Logout and clean up
        */
       async logout(options = {}) {
+        await this.ensureInitialized();
         try {
           const tokens = await this.tokenStorage.load();
           if (tokens && !options.force) {
@@ -23087,6 +23245,7 @@ var init_AuthenticationManager = __esm({
        * Refresh authentication token
        */
       async refreshToken() {
+        await this.ensureInitialized();
         try {
           const tokens = await this.tokenStorage.load();
           if (!tokens?.refreshToken) return false;
@@ -23130,7 +23289,6 @@ var init_AuthenticationManager = __esm({
        */
       async checkPlanAccess(feature) {
         const user = await this.getCurrentUser();
-        const freeFeatures = ["chat", "code", "help", "status", "version"];
         const restrictedFeatures = ["image", "video", "voice", "advanced-search"];
         if (user.plan === "FREE" && restrictedFeatures.includes(feature)) {
           throw new PlanRestrictedError(ERROR_MESSAGES.PLAN_RESTRICTED);