@bonnard/agentops 0.1.1 → 0.2.0

package/dist/bin/agentops.mjs

@@ -1,26 +1,42 @@
 #!/usr/bin/env node
 import { Command } from "commander";
 import pc from "picocolors";
+import crypto from "node:crypto";
 import http from "node:http";
 import open from "open";
 import fs from "node:fs";
 import path from "node:path";
 import os from "node:os";
+import { execFileSync } from "node:child_process";
 //#region src/lib/credentials.ts
-const AGENTOPS_DIR = path.join(os.homedir(), ".agentops");
-const CREDENTIALS_PATH = path.join(AGENTOPS_DIR, "credentials.json");
-const CONFIG_PATH = path.join(AGENTOPS_DIR, "config.json");
+const AGENTOPS_DIR$1 = path.join(os.homedir(), ".agentops");
+const CREDENTIALS_PATH = path.join(AGENTOPS_DIR$1, "credentials.json");
+const CONFIG_PATH = path.join(AGENTOPS_DIR$1, "config.json");
 function ensureDir() {
-	if (!fs.existsSync(AGENTOPS_DIR)) fs.mkdirSync(AGENTOPS_DIR, { recursive: true });
+	if (!fs.existsSync(AGENTOPS_DIR$1)) fs.mkdirSync(AGENTOPS_DIR$1, {
+		recursive: true,
+		mode: 448
+	});
 }
 function saveCredentials(creds) {
 	ensureDir();
 	fs.writeFileSync(CREDENTIALS_PATH, JSON.stringify(creds, null, 2), { mode: 384 });
 }
+/** Validate that an unknown value has the shape of Credentials */
+function validateCredentials(data) {
+	if (!data || typeof data !== "object") return null;
+	const d = data;
+	if (typeof d.accessToken !== "string" || !d.accessToken) return null;
+	const user = d.user;
+	if (!user || typeof user.email !== "string" || typeof user.name !== "string") return null;
+	const org = d.org;
+	if (!org || typeof org.name !== "string" || typeof org.slug !== "string") return null;
+	return data;
+}
 function loadCredentials() {
 	try {
 		const raw = fs.readFileSync(CREDENTIALS_PATH, "utf-8");
-		return JSON.parse(raw);
+		return validateCredentials(JSON.parse(raw));
 	} catch {
 		return null;
 	}
@@ -32,7 +48,7 @@ function clearCredentials() {
 }
 function saveConfig(config) {
 	ensureDir();
-	fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2));
+	fs.writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2), { mode: 384 });
 }
 function loadConfig() {
 	try {
@@ -68,48 +84,87 @@ function getHeaders() {
 }
 //#endregion
 //#region src/commands/login.ts
-const CALLBACK_PORT = 9876;
+const CALLBACK_HOST = "127.0.0.1";
 async function loginCommand(options) {
 	const baseUrl = getBaseUrl(options.url);
 	console.log(pc.dim(`Server: ${baseUrl}`));
+	const expectedState = crypto.randomBytes(20).toString("hex");
 	let authRes;
+	let callbackPort;
 	try {
-		authRes = await fetch(`${baseUrl}/auth/url?redirect_uri=${encodeURIComponent(`http://localhost:${CALLBACK_PORT}/callback`)}`);
-	} catch {
-		console.error(pc.red(`Cannot reach server at ${baseUrl}`));
-		console.error(pc.dim("Check the URL and ensure the server is running."));
-		process.exit(1);
-		return;
-	}
-	if (!authRes.ok) {
-		console.error(pc.red(`Failed to get auth URL: ${authRes.status} ${await authRes.text()}`));
-		process.exit(1);
-	}
-	const { url: authUrl } = await authRes.json();
-	const { code, state } = await captureCallback(authUrl);
-	console.log(pc.dim("Exchanging code for tokens..."));
-	const callbackRes = await post("/auth/callback", {
-		code,
-		state
-	}, baseUrl);
-	if (!callbackRes.ok) {
-		const body = await callbackRes.text();
-		console.error(pc.red(`Authentication failed: ${body}`));
+		const { server, port } = await startCallbackServer();
+		callbackPort = port;
+		const redirectUri = `http://${CALLBACK_HOST}:${callbackPort}/callback`;
+		authRes = await fetch(`${baseUrl}/auth/url?redirect_uri=${encodeURIComponent(redirectUri)}&state=${encodeURIComponent(expectedState)}`);
+		if (!authRes.ok) {
+			server.close();
+			console.error(pc.red(`Failed to get auth URL: ${authRes.status} ${await authRes.text()}`));
+			process.exit(1);
+		}
+		const { url: authUrl } = await authRes.json();
+		console.log(pc.dim(`Listening on http://${CALLBACK_HOST}:${callbackPort}`));
+		console.log("Opening browser for authentication...");
+		console.log(pc.dim(`If the browser doesn't open, visit:\n${authUrl}`));
+		console.log();
+		open(authUrl).catch(() => {});
+		const { code, state } = await waitForCallback(server, expectedState);
+		console.log(pc.dim("Exchanging code for tokens..."));
+		const callbackRes = await post("/auth/callback", {
+			code,
+			state
+		}, baseUrl);
+		if (!callbackRes.ok) {
+			const body = await callbackRes.text();
+			console.error(pc.red(`Authentication failed: ${body}`));
+			process.exit(1);
+		}
+		const creds = validateCredentials(await callbackRes.json());
+		if (!creds) {
+			console.error(pc.red("Server returned an unexpected response format."));
+			process.exit(1);
+		}
+		saveCredentials(creds);
+		saveConfig({ url: baseUrl });
+		console.log();
+		console.log(pc.green("✓ Logged in successfully"));
+		console.log(`  ${pc.bold(creds.user.email)} (${creds.org.name})`);
+		console.log(`  Role: ${creds.user.role}`);
+		console.log();
+	} catch (err) {
+		const message = err instanceof Error ? err.message : String(err);
+		if (message.includes("Cannot reach server") || message.includes("ECONNREFUSED")) {
+			console.error(pc.red(`Cannot reach server at ${baseUrl}`));
+			console.error(pc.dim("Check the URL and ensure the server is running."));
+		} else console.error(pc.red(`Login failed: ${message}`));
 		process.exit(1);
 	}
-	const data = await callbackRes.json();
-	saveCredentials(data);
-	saveConfig({ url: baseUrl });
-	console.log();
-	console.log(pc.green("✓ Logged in successfully"));
-	console.log(`  ${pc.bold(data.user.email)} (${data.org.name})`);
-	console.log(`  Role: ${data.user.role}`);
-	console.log();
 }
-function captureCallback(authUrl) {
+function startCallbackServer() {
+	return new Promise((resolve, reject) => {
+		const server = http.createServer();
+		server.listen(0, CALLBACK_HOST, () => {
+			const addr = server.address();
+			if (!addr || typeof addr === "string") {
+				server.close();
+				reject(/* @__PURE__ */ new Error("Failed to get server address"));
+				return;
+			}
+			resolve({
+				server,
+				port: addr.port
+			});
+		});
+		server.on("error", reject);
+	});
+}
+function waitForCallback(server, expectedState) {
 	return new Promise((resolve, reject) => {
-		const server = http.createServer((req, res) => {
-			const url = new URL(req.url ?? "/", `http://localhost:${CALLBACK_PORT}`);
+		const timeout = setTimeout(() => {
+			server.close();
+			reject(/* @__PURE__ */ new Error("Login timed out after 5 minutes"));
+		}, 300 * 1e3);
+		server.on("request", (req, res) => {
+			const url = new URL(req.url ?? "/", `http://${CALLBACK_HOST}`);
 			if (url.pathname !== "/callback") {
 				res.writeHead(404);
 				res.end("Not found");
@@ -118,62 +173,182 @@ function captureCallback(authUrl) {
 			const code = url.searchParams.get("code");
 			const state = url.searchParams.get("state");
 			if (!code) {
-				const error = url.searchParams.get("error") ?? "No code received";
 				res.writeHead(400, { "Content-Type": "text/html" });
-				res.end(errorPage(error));
+				res.end(resultPage("Authentication Failed", "Check the terminal for details."));
+				clearTimeout(timeout);
+				server.close();
+				const errorMsg = url.searchParams.get("error") ?? "No authorization code received";
+				reject(new Error(errorMsg));
+				return;
+			}
+			if (state !== expectedState) {
+				res.writeHead(400, { "Content-Type": "text/html" });
+				res.end(resultPage("Authentication Failed", "Check the terminal for details."));
+				clearTimeout(timeout);
 				server.close();
-				reject(new Error(error));
+				reject(/* @__PURE__ */ new Error("State mismatch — possible CSRF attack. Try logging in again."));
 				return;
 			}
 			res.writeHead(200, { "Content-Type": "text/html" });
-			res.end(successPage());
+			res.end(resultPage("Authenticated", "You can close this tab and return to the terminal."));
+			clearTimeout(timeout);
 			server.close();
 			resolve({
 				code,
-				state: state ?? ""
+				state
 			});
 		});
-		server.listen(CALLBACK_PORT, () => {
-			console.log(pc.dim(`Listening on http://localhost:${CALLBACK_PORT}`));
-			console.log("Opening browser for authentication...");
-			console.log();
-			open(authUrl);
-		});
-		server.on("error", (err) => {
-			if (err.code === "EADDRINUSE") reject(/* @__PURE__ */ new Error(`Port ${CALLBACK_PORT} is in use. Close the process using it and try again.`));
-			else reject(err);
-		});
-		setTimeout(() => {
-			server.close();
-			reject(/* @__PURE__ */ new Error("Login timed out after 5 minutes"));
-		}, 300 * 1e3);
 	});
 }
-function successPage() {
+/** Static HTML page — never interpolate user/query data into this */
+function resultPage(title, message) {
 	return `<!DOCTYPE html>
 <html><head><title>AgentOps</title></head>
 <body style="font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#0a0a0a;color:#fafafa">
 <div style="text-align:center">
-<h1>Authenticated</h1>
-<p>You can close this tab and return to the terminal.</p>
+<h1>${title}</h1>
+<p>${message}</p>
 </div>
 </body></html>`;
 }
-function errorPage(error) {
-	return `<!DOCTYPE html>
-<html><head><title>AgentOps</title></head>
-<body style="font-family:system-ui;display:flex;justify-content:center;align-items:center;height:100vh;margin:0;background:#0a0a0a;color:#fafafa">
-<div style="text-align:center">
-<h1>Authentication Failed</h1>
-<p>${error}</p>
-</div>
-</body></html>`;
+//#endregion
+//#region src/commands/setup.ts
+const SUPPORTED_EDITORS = [
+	"cursor",
+	"claude",
+	"codex"
+];
+const AGENTOPS_DIR = path.join(os.homedir(), ".agentops");
+const SCRIPTS_DIR = path.join(AGENTOPS_DIR, "scripts");
+async function setupCommand(options) {
+	const creds = loadCredentials();
+	if (!creds) {
+		console.error(pc.red("Not logged in. Run: agentops login"));
+		process.exit(1);
+	}
+	const editor = options.editor?.toLowerCase();
+	if (!editor || !SUPPORTED_EDITORS.includes(editor)) {
+		console.error(pc.red(`Please specify an editor: --editor ${SUPPORTED_EDITORS.join(" | ")}`));
+		process.exit(1);
+	}
+	const baseUrl = getBaseUrl(options.url);
+	console.log(pc.dim(`Server: ${baseUrl}`));
+	console.log(`Logged in as ${pc.bold(creds.user.email)} (${creds.org.name})`);
+	console.log(`Setting up for ${pc.bold(editor)}...`);
+	console.log();
+	copyScripts();
+	fs.writeFileSync(path.join(AGENTOPS_DIR, "editor.json"), JSON.stringify({ editor }, null, 2), { mode: 384 });
+	switch (editor) {
+		case "cursor":
+			setupCursor();
+			break;
+		case "claude":
+			setupClaude();
+			break;
+		case "codex":
+			setupCodex();
+			break;
+	}
+	console.log(pc.dim("Running first sync..."));
+	try {
+		execFileSync("node", [path.join(SCRIPTS_DIR, "sync.mjs")], {
+			stdio: [
+				"pipe",
+				"pipe",
+				"inherit"
+			],
+			env: {
+				...process.env,
+				AGENTOPS_API_URL: baseUrl,
+				AGENTOPS_EDITOR: editor
+			}
+		});
+		console.log(pc.green("  Sync complete"));
+	} catch {
+		console.log(pc.yellow("  First sync failed — will retry on next session start"));
+	}
+	console.log();
+	console.log(pc.green("Setup complete."));
+	console.log(pc.dim("Skills will sync automatically on every session start."));
+}
+function copyScripts() {
+	fs.mkdirSync(SCRIPTS_DIR, {
+		recursive: true,
+		mode: 448
+	});
+	const source = [path.resolve(import.meta.dirname, "..", "..", "scripts", "sync.mjs"), path.resolve(import.meta.dirname, "..", "scripts", "sync.mjs")].find((p) => fs.existsSync(p));
+	if (!source) {
+		console.error(pc.red("Could not find sync.mjs script"));
+		process.exit(1);
+	}
+	fs.copyFileSync(source, path.join(SCRIPTS_DIR, "sync.mjs"));
+	console.log(pc.green("  Sync scripts installed to ~/.agentops/scripts/"));
+}
+function setupCursor() {
+	const cursorDir = path.join(os.homedir(), ".cursor");
+	const hooksPath = path.join(cursorDir, "hooks.json");
+	let hooks = {
+		version: 1,
+		hooks: {}
+	};
+	if (fs.existsSync(hooksPath)) try {
+		hooks = JSON.parse(fs.readFileSync(hooksPath, "utf-8"));
+	} catch {}
+	const hooksObj = hooks.hooks ?? {};
+	const syncCommand = `node "${path.join(SCRIPTS_DIR, "sync.mjs")}"`;
+	const filtered = (hooksObj.sessionStart ?? []).filter((h) => !h.command?.includes("agentops"));
+	filtered.push({
+		command: syncCommand,
+		timeout: 30
+	});
+	hooksObj.sessionStart = filtered;
+	hooks.hooks = hooksObj;
+	if (!hooks.version) hooks.version = 1;
+	fs.writeFileSync(hooksPath, JSON.stringify(hooks, null, 2));
+	fs.mkdirSync(path.join(cursorDir, "commands"), { recursive: true });
+	fs.mkdirSync(path.join(cursorDir, "rules"), { recursive: true });
+	console.log(pc.green("  Cursor hooks.json configured"));
+}
+function setupClaude() {
+	try {
+		execFileSync("claude", [
+			"plugin",
+			"add",
+			"https://github.com/bonnard-data/agentops-plugin"
+		], { stdio: "inherit" });
+		console.log(pc.green("  Claude Code plugin installed"));
+	} catch {
+		console.log(pc.yellow("  Claude Code plugin install failed (may already be installed)"));
+		console.log(pc.dim("  Install manually: claude plugin add https://github.com/bonnard-data/agentops-plugin"));
+	}
+}
+function setupCodex() {
+	const codexDir = path.join(os.homedir(), ".codex");
+	const hooksPath = path.join(codexDir, "hooks.json");
+	let hooks = {};
+	if (fs.existsSync(hooksPath)) try {
+		hooks = JSON.parse(fs.readFileSync(hooksPath, "utf-8"));
+	} catch {}
+	const hooksObj = hooks.hooks ?? {};
+	const syncCommand = `node "${path.join(SCRIPTS_DIR, "sync.mjs")}"`;
+	const filtered = (hooksObj.SessionStart ?? []).filter((h) => !h.command?.includes("agentops"));
+	filtered.push({
+		command: syncCommand,
+		timeout: 30
+	});
+	hooksObj.SessionStart = filtered;
+	hooks.hooks = hooksObj;
+	fs.mkdirSync(codexDir, { recursive: true });
+	fs.writeFileSync(hooksPath, JSON.stringify(hooks, null, 2));
+	fs.mkdirSync(path.join(os.homedir(), ".agents", "skills"), { recursive: true });
+	console.log(pc.green("  Codex hooks.json configured"));
 }
 //#endregion
 //#region src/bin/agentops.ts
 const program = new Command();
 program.name("agentops").description("AgentOps CLI — setup and manage your AI agent skills").version("0.1.0");
 program.command("login").description("Authenticate with AgentOps via your browser").option("--url <url>", "AgentOps server URL").action(loginCommand);
+program.command("setup").description("Configure an editor for AgentOps skill sync").requiredOption("--editor <editor>", "Editor to configure (cursor, claude, codex)").option("--url <url>", "AgentOps server URL").action(setupCommand);
 program.command("logout").description("Clear saved credentials").action(() => {
 	clearCredentials();
 	console.log(pc.green("✓ Logged out"));

package/package.json

@@ -1,12 +1,13 @@
 {
   "name": "@bonnard/agentops",
-  "version": "0.1.1",
+  "version": "0.2.0",
   "type": "module",
   "bin": {
     "agentops": "./dist/bin/agentops.mjs"
   },
   "files": [
-    "dist"
+    "dist",
+    "scripts"
   ],
   "repository": {
     "type": "git",
@@ -22,17 +23,17 @@
     "lint": "eslint ."
   },
   "dependencies": {
-    "commander": "^14.0.3",
-    "open": "^11.0.0",
-    "picocolors": "^1.1.1"
+    "commander": "14.0.3",
+    "open": "11.0.0",
+    "picocolors": "1.1.1"
   },
   "devDependencies": {
-    "@eslint/js": "^10.0.1",
-    "@types/node": "^22.15.0",
-    "eslint": "^10.0.1",
-    "tsdown": "^0.21.4",
-    "tsx": "^4.21.0",
-    "typescript": "^6.0.2",
-    "typescript-eslint": "^8.57.2"
+    "@eslint/js": "10.0.1",
+    "@types/node": "22.19.17",
+    "eslint": "10.2.0",
+    "tsdown": "0.21.7",
+    "tsx": "4.21.0",
+    "typescript": "6.0.2",
+    "typescript-eslint": "8.58.0"
   }
 }