@build-astron-co/nimbus 0.2.0 → 0.4.0

package/dist/src/commands/auth-list.js

@@ -0,0 +1,112 @@
+/**
+ * Auth List Command
+ *
+ * Display all available providers and their configuration status
+ *
+ * Usage: nimbus auth list
+ */
+import { logger } from '../utils';
+import { ui } from '../wizard';
+import { authStore, AuthStore, getProviderNames, getProviderInfo } from '../auth';
+/**
+ * Run the auth list command
+ */
+export async function authListCommand(options = {}) {
+    logger.info('Listing auth providers');
+    const providerNames = getProviderNames();
+    const status = authStore.getStatus();
+    const configuredProviders = new Set(status.providers.map(p => p.name));
+    // Build provider data
+    const providerData = providerNames.map(name => {
+        const info = getProviderInfo(name);
+        const credential = authStore.getProvider(name);
+        const isConfigured = configuredProviders.has(name);
+        const isDefault = status.defaultProvider === name;
+        return {
+            name,
+            displayName: info.displayName,
+            description: info.description,
+            isConfigured,
+            isDefault,
+            model: credential?.model || info.models.find(m => m.isDefault)?.id || info.models[0].id,
+            apiKey: credential?.apiKey,
+            baseUrl: credential?.baseUrl,
+            requiresApiKey: info.requiresApiKey,
+            apiKeyUrl: info.apiKeyUrl,
+        };
+    });
+    // JSON output mode
+    if (options.json) {
+        const safeOutput = providerData.map(p => ({
+            name: p.name,
+            displayName: p.displayName,
+            description: p.description,
+            isConfigured: p.isConfigured,
+            isDefault: p.isDefault,
+            model: p.model,
+            apiKey: p.apiKey ? AuthStore.maskApiKey(p.apiKey) : null,
+            baseUrl: p.baseUrl,
+            requiresApiKey: p.requiresApiKey,
+        }));
+        // Output sanitized JSON (API keys are already masked above)
+        ui.print(JSON.stringify(safeOutput, null, 2));
+        return;
+    }
+    // Human-readable table output
+    ui.newLine();
+    ui.section('LLM Providers');
+    // Build table data
+    const tableData = [];
+    for (const provider of providerData) {
+        const statusIcon = provider.isConfigured ? ui.color('✓', 'green') : ui.dim('—');
+        const statusText = provider.isConfigured ? 'Configured' : 'Not configured';
+        let apiKeyDisplay;
+        if (provider.isConfigured && provider.apiKey) {
+            apiKeyDisplay = AuthStore.maskApiKey(provider.apiKey);
+        }
+        else if (!provider.requiresApiKey) {
+            apiKeyDisplay = ui.dim('(not needed)');
+        }
+        else if (provider.isConfigured) {
+            apiKeyDisplay = ui.dim('(from env)');
+        }
+        else {
+            apiKeyDisplay = ui.dim('—');
+        }
+        const modelDisplay = provider.isConfigured ? provider.model : ui.dim(provider.model);
+        const defaultDisplay = provider.isDefault ? ui.color('★', 'yellow') : '';
+        tableData.push({
+            provider: `${statusIcon} ${provider.displayName}`,
+            status: statusText,
+            apiKey: apiKeyDisplay,
+            model: modelDisplay,
+            default: defaultDisplay,
+        });
+    }
+    // Display table
+    ui.table({
+        columns: [
+            { key: 'provider', header: 'Provider', width: 25 },
+            { key: 'status', header: 'Status', width: 15 },
+            { key: 'apiKey', header: 'API Key', width: 20 },
+            { key: 'model', header: 'Model', width: 30 },
+            { key: 'default', header: 'Default', width: 8 },
+        ],
+        data: tableData,
+    });
+    ui.newLine();
+    // Show hints for unconfigured providers
+    const unconfigured = providerData.filter(p => !p.isConfigured);
+    if (unconfigured.length > 0) {
+        ui.print(ui.dim('To configure a provider, run `nimbus login`'));
+        ui.newLine();
+        ui.print(ui.dim('API key URLs:'));
+        for (const provider of unconfigured) {
+            if (provider.apiKeyUrl) {
+                ui.print(ui.dim(`  ${provider.displayName}: ${provider.apiKeyUrl}`));
+            }
+        }
+        ui.newLine();
+    }
+}
+export default authListCommand;

package/dist/src/commands/auth-profile.js

@@ -0,0 +1,104 @@
+/**
+ * Auth Profile Commands
+ *
+ * CLI commands for managing authentication profiles and switching providers
+ */
+import { AuthStore } from '../auth/store';
+import { ui } from '../wizard/ui';
+/**
+ * List all configured providers
+ */
+async function authProfileListCommand() {
+    ui.header('Auth Profiles');
+    const authStore = new AuthStore();
+    const status = authStore.getStatus();
+    if (!status.hasProviders) {
+        ui.warning('No providers configured. Run "nimbus login" to set up authentication.');
+        return;
+    }
+    ui.table({
+        columns: [
+            { key: 'name', header: 'Provider' },
+            { key: 'model', header: 'Model' },
+            { key: 'default', header: 'Default' },
+            { key: 'validatedAt', header: 'Validated' },
+        ],
+        data: status.providers.map(p => ({
+            name: p.name,
+            model: p.model || '-',
+            default: p.isDefault ? 'Yes' : '',
+            validatedAt: p.validatedAt ? new Date(p.validatedAt).toLocaleDateString() : '-',
+        })),
+    });
+}
+/**
+ * Show the current default provider
+ */
+async function authProfileShowCommand() {
+    ui.header('Current Auth Profile');
+    const authStore = new AuthStore();
+    const defaultProvider = authStore.getDefaultProvider();
+    if (!defaultProvider) {
+        ui.warning('No default provider set. Run "nimbus login" to configure.');
+        return;
+    }
+    const status = authStore.getStatus();
+    const providerInfo = status.providers.find(p => p.name === defaultProvider);
+    ui.print(`  ${ui.color('Provider:', 'cyan')} ${defaultProvider}`);
+    if (providerInfo) {
+        ui.print(`  ${ui.color('Model:', 'cyan')} ${providerInfo.model || '-'}`);
+        ui.print(`  ${ui.color('Validated:', 'cyan')} ${providerInfo.validatedAt ? new Date(providerInfo.validatedAt).toLocaleDateString() : '-'}`);
+    }
+}
+/**
+ * Switch the default provider
+ */
+async function authProfileSwitchCommand(provider) {
+    ui.header(`Switch Auth Profile`);
+    const authStore = new AuthStore();
+    try {
+        authStore.setDefaultProvider(provider);
+        ui.success(`Default provider switched to "${provider}"`);
+        ui.info(`Persisted to ${authStore.getAuthPath()}`);
+    }
+    catch (error) {
+        ui.error(error.message);
+        ui.info('Available providers:');
+        const status = authStore.getStatus();
+        status.providers.forEach(p => {
+            ui.print(`  - ${p.name}${p.isDefault ? ' (current default)' : ''}`);
+        });
+    }
+}
+/**
+ * Main auth-profile command router
+ */
+export async function authProfileCommand(subcommand, args) {
+    const positionalArgs = [];
+    for (let i = 0; i < args.length; i++) {
+        const arg = args[i];
+        if (!arg.startsWith('-')) {
+            positionalArgs.push(arg);
+        }
+    }
+    switch (subcommand) {
+        case 'list':
+        case 'ls':
+            await authProfileListCommand();
+            break;
+        case 'show':
+            await authProfileShowCommand();
+            break;
+        case 'switch':
+            if (positionalArgs.length < 1) {
+                ui.error('Usage: nimbus auth-profile switch <provider>');
+                ui.info('Example: nimbus auth-profile switch openai');
+                return;
+            }
+            await authProfileSwitchCommand(positionalArgs[0]);
+            break;
+        default:
+            ui.error(`Unknown auth-profile subcommand: ${subcommand || '(none)'}`);
+            ui.info('Available commands: list, show, switch <provider>');
+    }
+}

package/dist/src/commands/auth-refresh.js

@@ -0,0 +1,161 @@
+/**
+ * Auth Refresh Command
+ *
+ * Re-validate and refresh cloud provider credentials:
+ * - AWS: re-run SSO login or warn about expired temporary credentials
+ * - GCP: re-run gcloud auth application-default login
+ * - Azure: re-run az login
+ *
+ * Usage: nimbus auth-refresh [--provider aws|gcp|azure]
+ */
+import { ui } from '../wizard';
+import { exec } from 'node:child_process';
+import { promisify } from 'node:util';
+const execAsync = promisify(exec);
+/** Check if AWS credentials are valid and not expired */
+async function checkAWSCredentials() {
+    try {
+        const { stdout } = await execAsync('aws sts get-caller-identity --output json', {
+            timeout: 10_000,
+        });
+        const identity = JSON.parse(stdout);
+        const isSso = identity.UserId?.includes(':') || false;
+        return {
+            valid: true,
+            message: `Account: ${identity.Account} | User: ${identity.UserId}`,
+            sso: isSso,
+        };
+    }
+    catch (e) {
+        const msg = e.message || String(e);
+        const isExpired = msg.includes('ExpiredToken') || msg.includes('expired') || msg.includes('token');
+        return { valid: false, message: isExpired ? 'Token expired' : msg, sso: false };
+    }
+}
+/** Refresh AWS SSO credentials */
+async function refreshAWS(options) {
+    ui.header('AWS Credentials');
+    const check = await checkAWSCredentials();
+    if (check.valid) {
+        ui.success(`Credentials valid: ${check.message}`);
+        return;
+    }
+    ui.warning(`Credentials invalid: ${check.message}`);
+    // G18: Guide user through AWS SSO login if SSO profile detected
+    const awsSsoProfile = process.env.AWS_PROFILE;
+    if (awsSsoProfile) {
+        ui.info(`AWS SSO profile detected: ${awsSsoProfile}`);
+        ui.info(`Run in another terminal: aws sso login --profile ${awsSsoProfile}`);
+        ui.info('Then press Enter here to retry...');
+        // Wait for user to press Enter
+        await new Promise(resolve => {
+            const readline = require('readline');
+            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+            rl.question('', () => { rl.close(); resolve(); });
+        });
+        // Retry the credentials check
+        try {
+            const { execFileSync } = await import('node:child_process');
+            execFileSync('aws', ['sts', 'get-caller-identity'], {
+                encoding: 'utf-8', timeout: 8000, stdio: ['pipe', 'pipe', 'pipe'],
+            });
+            ui.success('AWS credentials refreshed successfully.');
+            return;
+        }
+        catch {
+            ui.warning('AWS credentials still invalid. You may need to re-run aws sso login.');
+        }
+    }
+    // Determine refresh method
+    try {
+        // Check if SSO is configured
+        const { stdout: ssoCheck } = await execAsync('aws configure list-profiles 2>/dev/null || echo ""', { timeout: 5000 });
+        const profiles = ssoCheck.trim().split('\n').filter(Boolean);
+        if (profiles.length > 0) {
+            ui.info('Refreshing AWS SSO credentials...');
+            ui.info(`Run: aws sso login --profile ${profiles[0]}`);
+            ui.info('Or set a new profile: aws configure sso');
+        }
+        else {
+            ui.info('To refresh AWS credentials:');
+            ui.info('  1. aws configure  (for long-term credentials)');
+            ui.info('  2. aws sso configure  (for SSO)');
+            ui.info('  3. aws sts assume-role  (for role assumption)');
+        }
+    }
+    catch {
+        ui.info('To configure AWS credentials: aws configure');
+    }
+}
+/** Refresh GCP credentials */
+async function refreshGCP(_options) {
+    ui.header('GCP Credentials');
+    try {
+        const { stdout } = await execAsync('gcloud auth print-access-token 2>/dev/null', {
+            timeout: 5000,
+        });
+        if (stdout.trim().length > 10) {
+            try {
+                const { stdout: proj } = await execAsync('gcloud config get-value project 2>/dev/null', {
+                    timeout: 3000,
+                });
+                ui.success(`Credentials valid. Project: ${proj.trim() || '(not set)'}`);
+                return;
+            }
+            catch {
+                ui.success('Credentials valid');
+                return;
+            }
+        }
+    }
+    catch {
+        // Not valid
+    }
+    ui.warning('GCP credentials expired or not configured');
+    ui.info('To refresh: gcloud auth application-default login');
+    ui.info('For service accounts: gcloud auth activate-service-account --key-file=SA_KEY.json');
+}
+/** Refresh Azure credentials */
+async function refreshAzure(_options) {
+    ui.header('Azure Credentials');
+    try {
+        const { stdout } = await execAsync('az account show --output json 2>/dev/null', {
+            timeout: 10_000,
+        });
+        const account = JSON.parse(stdout);
+        ui.success(`Credentials valid. Subscription: ${account.name || account.id} (${account.state})`);
+        if (account.state !== 'Enabled') {
+            ui.warning('Subscription is not in Enabled state');
+        }
+        return;
+    }
+    catch {
+        // Not valid
+    }
+    ui.warning('Azure credentials expired or not configured');
+    ui.info('To refresh: az login');
+    ui.info('For service principals: az login --service-principal -u CLIENT_ID -p CLIENT_SECRET --tenant TENANT_ID');
+}
+/**
+ * Run the auth-refresh command
+ */
+export async function authRefreshCommand(options = {}) {
+    const provider = options.provider ?? 'all';
+    ui.header('Nimbus Auth Refresh');
+    ui.info('Checking and refreshing cloud provider credentials...');
+    ui.newLine();
+    if (provider === 'all' || provider === 'aws') {
+        await refreshAWS(options);
+        ui.newLine();
+    }
+    if (provider === 'all' || provider === 'gcp') {
+        await refreshGCP(options);
+        ui.newLine();
+    }
+    if (provider === 'all' || provider === 'azure') {
+        await refreshAzure(options);
+        ui.newLine();
+    }
+    ui.info('Tip: Run "nimbus doctor" for a full system check');
+}
+export default authRefreshCommand;

package/dist/src/commands/auth-status.js

@@ -0,0 +1,122 @@
+/**
+ * Auth Status Command
+ *
+ * Display current authentication status
+ *
+ * Usage: nimbus auth status
+ */
+import { logger } from '../utils';
+import { ui } from '../wizard';
+import { authStore, AuthStore, getProviderInfo } from '../auth';
+/**
+ * Run the auth status command
+ */
+export async function authStatusCommand(options = {}) {
+    logger.info('Checking auth status');
+    const status = authStore.getStatus();
+    // JSON output mode
+    if (options.json) {
+        // Build safe JSON output (no raw API keys)
+        const safeOutput = {
+            isConfigured: status.isConfigured,
+            identity: status.identity
+                ? {
+                    provider: status.identity.provider,
+                    username: status.identity.username,
+                    name: status.identity.name,
+                    authenticatedAt: status.identity.authenticatedAt,
+                }
+                : null,
+            providers: status.providers.map(p => ({
+                name: p.name,
+                model: p.model,
+                isDefault: p.isDefault,
+                validatedAt: p.validatedAt,
+            })),
+            defaultProvider: status.defaultProvider,
+        };
+        // Output sanitized JSON (no sensitive data included)
+        ui.print(JSON.stringify(safeOutput, null, 2));
+        return;
+    }
+    // Human-readable output
+    ui.newLine();
+    ui.section('Authentication Status');
+    // Overall status
+    if (status.isConfigured) {
+        ui.success('Nimbus is configured and ready to use');
+    }
+    else {
+        ui.warning('Nimbus is not configured. Run `nimbus login` to get started.');
+    }
+    ui.newLine();
+    // Identity section
+    ui.print(ui.bold('Identity'));
+    if (status.identity) {
+        const identity = status.identity;
+        ui.print(`  Provider:     GitHub`);
+        ui.print(`  Username:     ${identity.username}`);
+        if (identity.name) {
+            ui.print(`  Name:         ${identity.name}`);
+        }
+        ui.print(`  Signed in:    ${formatDate(identity.authenticatedAt)}`);
+    }
+    else {
+        ui.print(ui.dim('  Not signed in'));
+        ui.print(ui.dim('  Run `nimbus login` to sign in with GitHub'));
+    }
+    ui.newLine();
+    // Providers section
+    ui.print(ui.bold('LLM Providers'));
+    if (status.providers.length > 0) {
+        for (const provider of status.providers) {
+            const info = getProviderInfo(provider.name);
+            const defaultMarker = provider.isDefault ? ui.color(' (default)', 'green') : '';
+            ui.print(`  ${info.displayName}${defaultMarker}`);
+            ui.print(`    Model:      ${provider.model}`);
+            // Get the actual credential to show masked key
+            const credential = authStore.getProvider(provider.name);
+            if (credential?.apiKey) {
+                ui.print(`    API Key:    ${AuthStore.maskApiKey(credential.apiKey)}`);
+            }
+            else if (!info.requiresApiKey) {
+                ui.print(`    API Key:    ${ui.dim('(not required)')}`);
+            }
+            else {
+                ui.print(`    API Key:    ${ui.dim('(from environment)')}`);
+            }
+            if (credential?.baseUrl) {
+                ui.print(`    Base URL:   ${credential.baseUrl}`);
+            }
+            if (provider.validatedAt) {
+                ui.print(`    Validated:  ${formatDate(provider.validatedAt)}`);
+            }
+            ui.newLine();
+        }
+    }
+    else {
+        ui.print(ui.dim('  No providers configured'));
+        ui.print(ui.dim('  Run `nimbus login` to configure LLM providers'));
+        ui.newLine();
+    }
+    // Auth file location
+    ui.print(ui.dim(`Config: ${authStore.getAuthPath()}`));
+    ui.newLine();
+}
+/**
+ * Format ISO date string for display
+ */
+function formatDate(isoString) {
+    try {
+        const date = new Date(isoString);
+        // Check if date is valid (NaN check)
+        if (isNaN(date.getTime())) {
+            return isoString;
+        }
+        return date.toLocaleString();
+    }
+    catch {
+        return isoString;
+    }
+}
+export default authStatusCommand;