@build-astron-co/nimbus 0.4.1 → 0.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (435) hide show
  1. package/CHANGELOG.md +268 -89
  2. package/README.md +26 -567
  3. package/dist/src/agent/compaction-agent.js +24 -12
  4. package/dist/src/agent/context-manager.js +2 -1
  5. package/dist/src/agent/expand-files.js +2 -1
  6. package/dist/src/agent/loop.js +71 -33
  7. package/dist/src/agent/permissions.js +4 -2
  8. package/dist/src/agent/system-prompt.js +34 -17
  9. package/dist/src/app.js +1 -1
  10. package/dist/src/auth/keychain.js +8 -4
  11. package/dist/src/auth/store.js +70 -107
  12. package/dist/src/cli/init.js +35 -19
  13. package/dist/src/cli/run.js +18 -10
  14. package/dist/src/cli/serve.js +4 -2
  15. package/dist/src/cli.js +52 -11
  16. package/dist/src/commands/alias.js +5 -3
  17. package/dist/src/commands/audit/index.js +2 -1
  18. package/dist/src/commands/aws-terraform.js +36 -18
  19. package/dist/src/commands/completions.js +1 -1
  20. package/dist/src/commands/config.js +3 -2
  21. package/dist/src/commands/connect-github.js +92 -0
  22. package/dist/src/commands/cost/index.js +3 -2
  23. package/dist/src/commands/deploy.js +15 -10
  24. package/dist/src/commands/doctor.js +9 -6
  25. package/dist/src/commands/drift/index.js +2 -1
  26. package/dist/src/commands/export.js +5 -3
  27. package/dist/src/commands/generate-terraform.js +110 -2
  28. package/dist/src/commands/import.js +3 -3
  29. package/dist/src/commands/incident.js +10 -5
  30. package/dist/src/commands/login.js +8 -93
  31. package/dist/src/commands/logs.js +16 -8
  32. package/dist/src/commands/onboarding.js +6 -4
  33. package/dist/src/commands/pipeline.js +6 -3
  34. package/dist/src/commands/plugin.js +3 -2
  35. package/dist/src/commands/profile.js +27 -14
  36. package/dist/src/commands/questionnaire.js +1 -1
  37. package/dist/src/commands/rollback.js +3 -2
  38. package/dist/src/commands/rollout.js +5 -3
  39. package/dist/src/commands/runbook.js +17 -10
  40. package/dist/src/commands/schedule.js +10 -5
  41. package/dist/src/commands/status.js +2 -1
  42. package/dist/src/commands/team-context.js +12 -7
  43. package/dist/src/commands/template.js +1 -1
  44. package/dist/src/commands/tf/index.js +6 -3
  45. package/dist/src/commands/upgrade.js +5 -3
  46. package/dist/src/commands/version.js +6 -3
  47. package/dist/src/commands/watch.js +6 -3
  48. package/dist/src/compat/sqlite.js +5 -3
  49. package/dist/src/config/mode-store.js +2 -1
  50. package/dist/src/config/profiles.js +4 -2
  51. package/dist/src/config/types.js +2 -1
  52. package/dist/src/engine/executor.js +8 -4
  53. package/dist/src/engine/planner.js +9 -5
  54. package/dist/src/llm/providers/anthropic.js +6 -3
  55. package/dist/src/llm/providers/ollama.js +1 -1
  56. package/dist/src/llm/router.js +22 -7
  57. package/dist/src/nimbus.js +1 -0
  58. package/dist/src/sessions/manager.js +6 -3
  59. package/dist/src/sharing/viewer.js +2 -1
  60. package/dist/src/tools/file-ops.js +1 -2
  61. package/dist/src/tools/schemas/devops.js +197 -108
  62. package/dist/src/tools/schemas/standard.js +1 -1
  63. package/dist/src/ui/App.js +25 -13
  64. package/dist/src/ui/FileDiffModal.js +22 -11
  65. package/dist/src/ui/HelpModal.js +2 -1
  66. package/dist/src/ui/InputBox.js +6 -3
  67. package/dist/src/ui/MessageList.js +40 -20
  68. package/dist/src/ui/TerminalPane.js +2 -1
  69. package/dist/src/ui/ToolCallDisplay.js +12 -6
  70. package/dist/src/ui/TreePane.js +2 -1
  71. package/dist/src/ui/ink/index.js +37 -21
  72. package/dist/src/version.js +1 -1
  73. package/dist/src/watcher/index.js +8 -4
  74. package/package.json +3 -5
  75. package/src/__tests__/alias.test.ts +0 -133
  76. package/src/__tests__/app.test.ts +0 -76
  77. package/src/__tests__/audit.test.ts +0 -877
  78. package/src/__tests__/circuit-breaker.test.ts +0 -116
  79. package/src/__tests__/cli-run.test.ts +0 -351
  80. package/src/__tests__/compat-sqlite.test.ts +0 -68
  81. package/src/__tests__/context-manager.test.ts +0 -632
  82. package/src/__tests__/context.test.ts +0 -242
  83. package/src/__tests__/devops-terminal-gaps.test.ts +0 -718
  84. package/src/__tests__/doctor.test.ts +0 -48
  85. package/src/__tests__/enterprise.test.ts +0 -401
  86. package/src/__tests__/export.test.ts +0 -236
  87. package/src/__tests__/gap-11-18-20.test.ts +0 -958
  88. package/src/__tests__/generator.test.ts +0 -433
  89. package/src/__tests__/helm-streaming.test.ts +0 -127
  90. package/src/__tests__/hooks.test.ts +0 -582
  91. package/src/__tests__/incident.test.ts +0 -179
  92. package/src/__tests__/init.test.ts +0 -487
  93. package/src/__tests__/intent-parser.test.ts +0 -229
  94. package/src/__tests__/llm-router.test.ts +0 -209
  95. package/src/__tests__/logs.test.ts +0 -107
  96. package/src/__tests__/loop-errors.test.ts +0 -244
  97. package/src/__tests__/lsp.test.ts +0 -293
  98. package/src/__tests__/modes.test.ts +0 -336
  99. package/src/__tests__/perf-optimizations.test.ts +0 -847
  100. package/src/__tests__/permissions.test.ts +0 -338
  101. package/src/__tests__/pipeline.test.ts +0 -50
  102. package/src/__tests__/polish-phase3.test.ts +0 -340
  103. package/src/__tests__/profile.test.ts +0 -237
  104. package/src/__tests__/rollback.test.ts +0 -83
  105. package/src/__tests__/runbook.test.ts +0 -219
  106. package/src/__tests__/schedule.test.ts +0 -206
  107. package/src/__tests__/serve.test.ts +0 -275
  108. package/src/__tests__/sessions.test.ts +0 -322
  109. package/src/__tests__/sharing.test.ts +0 -340
  110. package/src/__tests__/snapshots.test.ts +0 -581
  111. package/src/__tests__/standalone-migration.test.ts +0 -199
  112. package/src/__tests__/state-db.test.ts +0 -334
  113. package/src/__tests__/status.test.ts +0 -158
  114. package/src/__tests__/stream-with-tools.test.ts +0 -778
  115. package/src/__tests__/subagents.test.ts +0 -176
  116. package/src/__tests__/system-prompt.test.ts +0 -248
  117. package/src/__tests__/terminal-gap-v2.test.ts +0 -395
  118. package/src/__tests__/terminal-parity.test.ts +0 -393
  119. package/src/__tests__/tf-apply.test.ts +0 -187
  120. package/src/__tests__/tool-converter.test.ts +0 -256
  121. package/src/__tests__/tool-schemas.test.ts +0 -602
  122. package/src/__tests__/tools.test.ts +0 -144
  123. package/src/__tests__/version-json.test.ts +0 -184
  124. package/src/__tests__/version.test.ts +0 -49
  125. package/src/__tests__/watch.test.ts +0 -129
  126. package/src/agent/compaction-agent.ts +0 -266
  127. package/src/agent/context-manager.ts +0 -499
  128. package/src/agent/context.ts +0 -427
  129. package/src/agent/deploy-preview.ts +0 -487
  130. package/src/agent/expand-files.ts +0 -108
  131. package/src/agent/index.ts +0 -68
  132. package/src/agent/loop.ts +0 -1998
  133. package/src/agent/modes.ts +0 -429
  134. package/src/agent/permissions.ts +0 -513
  135. package/src/agent/subagents/base.ts +0 -116
  136. package/src/agent/subagents/cost.ts +0 -51
  137. package/src/agent/subagents/explore.ts +0 -42
  138. package/src/agent/subagents/general.ts +0 -54
  139. package/src/agent/subagents/index.ts +0 -102
  140. package/src/agent/subagents/infra.ts +0 -59
  141. package/src/agent/subagents/security.ts +0 -69
  142. package/src/agent/system-prompt.ts +0 -990
  143. package/src/app.ts +0 -180
  144. package/src/audit/activity-log.ts +0 -290
  145. package/src/audit/compliance-checker.ts +0 -540
  146. package/src/audit/cost-tracker.ts +0 -318
  147. package/src/audit/index.ts +0 -23
  148. package/src/audit/security-scanner.ts +0 -641
  149. package/src/auth/guard.ts +0 -75
  150. package/src/auth/index.ts +0 -56
  151. package/src/auth/keychain.ts +0 -82
  152. package/src/auth/oauth.ts +0 -465
  153. package/src/auth/providers.ts +0 -470
  154. package/src/auth/sso.ts +0 -113
  155. package/src/auth/store.ts +0 -505
  156. package/src/auth/types.ts +0 -187
  157. package/src/build.ts +0 -141
  158. package/src/cli/index.ts +0 -16
  159. package/src/cli/init.ts +0 -1227
  160. package/src/cli/openapi-spec.ts +0 -356
  161. package/src/cli/run.ts +0 -628
  162. package/src/cli/serve-auth.ts +0 -80
  163. package/src/cli/serve.ts +0 -539
  164. package/src/cli/web.ts +0 -71
  165. package/src/cli.ts +0 -1728
  166. package/src/clients/core-engine-client.ts +0 -227
  167. package/src/clients/enterprise-client.ts +0 -334
  168. package/src/clients/generator-client.ts +0 -351
  169. package/src/clients/git-client.ts +0 -627
  170. package/src/clients/github-client.ts +0 -410
  171. package/src/clients/helm-client.ts +0 -504
  172. package/src/clients/index.ts +0 -80
  173. package/src/clients/k8s-client.ts +0 -497
  174. package/src/clients/llm-client.ts +0 -161
  175. package/src/clients/rest-client.ts +0 -130
  176. package/src/clients/service-discovery.ts +0 -38
  177. package/src/clients/terraform-client.ts +0 -482
  178. package/src/clients/tools-client.ts +0 -1843
  179. package/src/clients/ws-client.ts +0 -115
  180. package/src/commands/alias.ts +0 -100
  181. package/src/commands/analyze/index.ts +0 -352
  182. package/src/commands/apply/helm.ts +0 -473
  183. package/src/commands/apply/index.ts +0 -213
  184. package/src/commands/apply/k8s.ts +0 -454
  185. package/src/commands/apply/terraform.ts +0 -582
  186. package/src/commands/ask.ts +0 -167
  187. package/src/commands/audit/index.ts +0 -357
  188. package/src/commands/auth-cloud.ts +0 -407
  189. package/src/commands/auth-list.ts +0 -134
  190. package/src/commands/auth-profile.ts +0 -121
  191. package/src/commands/auth-refresh.ts +0 -187
  192. package/src/commands/auth-status.ts +0 -141
  193. package/src/commands/aws/ec2.ts +0 -501
  194. package/src/commands/aws/iam.ts +0 -397
  195. package/src/commands/aws/index.ts +0 -133
  196. package/src/commands/aws/lambda.ts +0 -396
  197. package/src/commands/aws/rds.ts +0 -439
  198. package/src/commands/aws/s3.ts +0 -439
  199. package/src/commands/aws/vpc.ts +0 -393
  200. package/src/commands/aws-discover.ts +0 -542
  201. package/src/commands/aws-terraform.ts +0 -755
  202. package/src/commands/azure/aks.ts +0 -376
  203. package/src/commands/azure/functions.ts +0 -253
  204. package/src/commands/azure/index.ts +0 -116
  205. package/src/commands/azure/storage.ts +0 -478
  206. package/src/commands/azure/vm.ts +0 -355
  207. package/src/commands/billing/index.ts +0 -256
  208. package/src/commands/chat.ts +0 -320
  209. package/src/commands/completions.ts +0 -268
  210. package/src/commands/config.ts +0 -372
  211. package/src/commands/cost/cloud-cost-estimator.ts +0 -266
  212. package/src/commands/cost/estimator.ts +0 -79
  213. package/src/commands/cost/index.ts +0 -810
  214. package/src/commands/cost/parsers/terraform.ts +0 -273
  215. package/src/commands/cost/parsers/types.ts +0 -25
  216. package/src/commands/cost/pricing/aws.ts +0 -544
  217. package/src/commands/cost/pricing/azure.ts +0 -499
  218. package/src/commands/cost/pricing/gcp.ts +0 -396
  219. package/src/commands/cost/pricing/index.ts +0 -40
  220. package/src/commands/demo.ts +0 -250
  221. package/src/commands/deploy.ts +0 -260
  222. package/src/commands/doctor.ts +0 -1386
  223. package/src/commands/drift/index.ts +0 -787
  224. package/src/commands/explain.ts +0 -277
  225. package/src/commands/export.ts +0 -146
  226. package/src/commands/feedback.ts +0 -389
  227. package/src/commands/fix.ts +0 -324
  228. package/src/commands/fs/index.ts +0 -402
  229. package/src/commands/gcp/compute.ts +0 -325
  230. package/src/commands/gcp/functions.ts +0 -271
  231. package/src/commands/gcp/gke.ts +0 -438
  232. package/src/commands/gcp/iam.ts +0 -344
  233. package/src/commands/gcp/index.ts +0 -129
  234. package/src/commands/gcp/storage.ts +0 -284
  235. package/src/commands/generate-helm.ts +0 -1249
  236. package/src/commands/generate-k8s.ts +0 -1508
  237. package/src/commands/generate-terraform.ts +0 -1202
  238. package/src/commands/gh/index.ts +0 -863
  239. package/src/commands/git/index.ts +0 -1343
  240. package/src/commands/helm/index.ts +0 -1126
  241. package/src/commands/help.ts +0 -715
  242. package/src/commands/history.ts +0 -149
  243. package/src/commands/import.ts +0 -868
  244. package/src/commands/incident.ts +0 -166
  245. package/src/commands/index.ts +0 -367
  246. package/src/commands/init.ts +0 -1051
  247. package/src/commands/k8s/index.ts +0 -1137
  248. package/src/commands/login.ts +0 -716
  249. package/src/commands/logout.ts +0 -83
  250. package/src/commands/logs.ts +0 -167
  251. package/src/commands/onboarding.ts +0 -405
  252. package/src/commands/pipeline.ts +0 -186
  253. package/src/commands/plan/display.ts +0 -279
  254. package/src/commands/plan/index.ts +0 -599
  255. package/src/commands/plugin.ts +0 -398
  256. package/src/commands/preview.ts +0 -452
  257. package/src/commands/profile.ts +0 -342
  258. package/src/commands/questionnaire.ts +0 -1172
  259. package/src/commands/resume.ts +0 -47
  260. package/src/commands/rollback.ts +0 -315
  261. package/src/commands/rollout.ts +0 -88
  262. package/src/commands/runbook.ts +0 -346
  263. package/src/commands/schedule.ts +0 -236
  264. package/src/commands/status.ts +0 -252
  265. package/src/commands/team/index.ts +0 -346
  266. package/src/commands/team-context.ts +0 -220
  267. package/src/commands/template.ts +0 -233
  268. package/src/commands/tf/index.ts +0 -1093
  269. package/src/commands/upgrade.ts +0 -607
  270. package/src/commands/usage/index.ts +0 -134
  271. package/src/commands/version.ts +0 -174
  272. package/src/commands/watch.ts +0 -153
  273. package/src/compat/index.ts +0 -2
  274. package/src/compat/runtime.ts +0 -12
  275. package/src/compat/sqlite.ts +0 -177
  276. package/src/config/index.ts +0 -17
  277. package/src/config/manager.ts +0 -530
  278. package/src/config/mode-store.ts +0 -62
  279. package/src/config/profiles.ts +0 -84
  280. package/src/config/safety-policy.ts +0 -358
  281. package/src/config/schema.ts +0 -125
  282. package/src/config/types.ts +0 -609
  283. package/src/config/workspace-state.ts +0 -53
  284. package/src/context/context-db.ts +0 -199
  285. package/src/demo/index.ts +0 -349
  286. package/src/demo/scenarios/full-journey.ts +0 -229
  287. package/src/demo/scenarios/getting-started.ts +0 -127
  288. package/src/demo/scenarios/helm-release.ts +0 -341
  289. package/src/demo/scenarios/k8s-deployment.ts +0 -194
  290. package/src/demo/scenarios/terraform-vpc.ts +0 -170
  291. package/src/demo/types.ts +0 -92
  292. package/src/engine/cost-estimator.ts +0 -480
  293. package/src/engine/diagram-generator.ts +0 -256
  294. package/src/engine/drift-detector.ts +0 -902
  295. package/src/engine/executor.ts +0 -1066
  296. package/src/engine/index.ts +0 -76
  297. package/src/engine/orchestrator.ts +0 -636
  298. package/src/engine/planner.ts +0 -787
  299. package/src/engine/safety.ts +0 -743
  300. package/src/engine/verifier.ts +0 -770
  301. package/src/enterprise/audit.ts +0 -348
  302. package/src/enterprise/auth.ts +0 -270
  303. package/src/enterprise/billing.ts +0 -822
  304. package/src/enterprise/index.ts +0 -17
  305. package/src/enterprise/teams.ts +0 -443
  306. package/src/generator/best-practices.ts +0 -1608
  307. package/src/generator/helm.ts +0 -630
  308. package/src/generator/index.ts +0 -37
  309. package/src/generator/intent-parser.ts +0 -514
  310. package/src/generator/kubernetes.ts +0 -976
  311. package/src/generator/terraform.ts +0 -1875
  312. package/src/history/index.ts +0 -8
  313. package/src/history/manager.ts +0 -250
  314. package/src/history/types.ts +0 -34
  315. package/src/hooks/config.ts +0 -432
  316. package/src/hooks/engine.ts +0 -392
  317. package/src/hooks/index.ts +0 -4
  318. package/src/llm/auth-bridge.ts +0 -198
  319. package/src/llm/circuit-breaker.ts +0 -140
  320. package/src/llm/config-loader.ts +0 -201
  321. package/src/llm/cost-calculator.ts +0 -171
  322. package/src/llm/index.ts +0 -8
  323. package/src/llm/model-aliases.ts +0 -115
  324. package/src/llm/provider-registry.ts +0 -63
  325. package/src/llm/providers/anthropic.ts +0 -462
  326. package/src/llm/providers/bedrock.ts +0 -477
  327. package/src/llm/providers/google.ts +0 -405
  328. package/src/llm/providers/ollama.ts +0 -767
  329. package/src/llm/providers/openai-compatible.ts +0 -340
  330. package/src/llm/providers/openai.ts +0 -328
  331. package/src/llm/providers/openrouter.ts +0 -338
  332. package/src/llm/router.ts +0 -1104
  333. package/src/llm/types.ts +0 -232
  334. package/src/lsp/client.ts +0 -298
  335. package/src/lsp/languages.ts +0 -119
  336. package/src/lsp/manager.ts +0 -294
  337. package/src/mcp/client.ts +0 -402
  338. package/src/mcp/index.ts +0 -5
  339. package/src/mcp/manager.ts +0 -133
  340. package/src/nimbus.ts +0 -233
  341. package/src/plugins/index.ts +0 -27
  342. package/src/plugins/loader.ts +0 -334
  343. package/src/plugins/manager.ts +0 -376
  344. package/src/plugins/types.ts +0 -284
  345. package/src/scanners/cicd-scanner.ts +0 -258
  346. package/src/scanners/cloud-scanner.ts +0 -466
  347. package/src/scanners/framework-scanner.ts +0 -469
  348. package/src/scanners/iac-scanner.ts +0 -388
  349. package/src/scanners/index.ts +0 -539
  350. package/src/scanners/language-scanner.ts +0 -276
  351. package/src/scanners/package-manager-scanner.ts +0 -277
  352. package/src/scanners/types.ts +0 -172
  353. package/src/sessions/manager.ts +0 -472
  354. package/src/sessions/types.ts +0 -44
  355. package/src/sharing/sync.ts +0 -300
  356. package/src/sharing/viewer.ts +0 -163
  357. package/src/snapshots/index.ts +0 -2
  358. package/src/snapshots/manager.ts +0 -530
  359. package/src/state/artifacts.ts +0 -147
  360. package/src/state/audit.ts +0 -137
  361. package/src/state/billing.ts +0 -240
  362. package/src/state/checkpoints.ts +0 -117
  363. package/src/state/config.ts +0 -67
  364. package/src/state/conversations.ts +0 -14
  365. package/src/state/credentials.ts +0 -154
  366. package/src/state/db.ts +0 -58
  367. package/src/state/index.ts +0 -26
  368. package/src/state/messages.ts +0 -115
  369. package/src/state/projects.ts +0 -123
  370. package/src/state/schema.ts +0 -236
  371. package/src/state/sessions.ts +0 -147
  372. package/src/state/teams.ts +0 -200
  373. package/src/telemetry.ts +0 -108
  374. package/src/tools/aws-ops.ts +0 -952
  375. package/src/tools/azure-ops.ts +0 -579
  376. package/src/tools/file-ops.ts +0 -615
  377. package/src/tools/gcp-ops.ts +0 -625
  378. package/src/tools/git-ops.ts +0 -773
  379. package/src/tools/github-ops.ts +0 -799
  380. package/src/tools/helm-ops.ts +0 -943
  381. package/src/tools/index.ts +0 -17
  382. package/src/tools/k8s-ops.ts +0 -819
  383. package/src/tools/schemas/converter.ts +0 -184
  384. package/src/tools/schemas/devops.ts +0 -3502
  385. package/src/tools/schemas/index.ts +0 -73
  386. package/src/tools/schemas/standard.ts +0 -1148
  387. package/src/tools/schemas/types.ts +0 -735
  388. package/src/tools/spawn-exec.ts +0 -148
  389. package/src/tools/terraform-ops.ts +0 -862
  390. package/src/types/ambient.d.ts +0 -193
  391. package/src/types/config.ts +0 -83
  392. package/src/types/drift.ts +0 -116
  393. package/src/types/enterprise.ts +0 -335
  394. package/src/types/index.ts +0 -20
  395. package/src/types/plan.ts +0 -44
  396. package/src/types/request.ts +0 -65
  397. package/src/types/response.ts +0 -54
  398. package/src/types/service.ts +0 -51
  399. package/src/ui/App.tsx +0 -2114
  400. package/src/ui/DeployPreview.tsx +0 -174
  401. package/src/ui/FileDiffModal.tsx +0 -162
  402. package/src/ui/Header.tsx +0 -131
  403. package/src/ui/HelpModal.tsx +0 -57
  404. package/src/ui/InputBox.tsx +0 -503
  405. package/src/ui/MessageList.tsx +0 -1032
  406. package/src/ui/PermissionPrompt.tsx +0 -163
  407. package/src/ui/StatusBar.tsx +0 -277
  408. package/src/ui/TerminalPane.tsx +0 -84
  409. package/src/ui/ToolCallDisplay.tsx +0 -643
  410. package/src/ui/TreePane.tsx +0 -132
  411. package/src/ui/chat-ui.ts +0 -850
  412. package/src/ui/index.ts +0 -33
  413. package/src/ui/ink/index.ts +0 -1444
  414. package/src/ui/streaming.ts +0 -176
  415. package/src/ui/theme.ts +0 -104
  416. package/src/ui/types.ts +0 -75
  417. package/src/utils/analytics.ts +0 -72
  418. package/src/utils/cost-warning.ts +0 -27
  419. package/src/utils/env.ts +0 -46
  420. package/src/utils/errors.ts +0 -69
  421. package/src/utils/event-bus.ts +0 -38
  422. package/src/utils/index.ts +0 -24
  423. package/src/utils/logger.ts +0 -171
  424. package/src/utils/rate-limiter.ts +0 -121
  425. package/src/utils/service-auth.ts +0 -49
  426. package/src/utils/validation.ts +0 -53
  427. package/src/version.ts +0 -4
  428. package/src/watcher/index.ts +0 -214
  429. package/src/wizard/approval.ts +0 -383
  430. package/src/wizard/index.ts +0 -25
  431. package/src/wizard/prompts.ts +0 -338
  432. package/src/wizard/types.ts +0 -172
  433. package/src/wizard/ui.ts +0 -556
  434. package/src/wizard/wizard.ts +0 -304
  435. package/tsconfig.json +0 -24
@@ -1,641 +0,0 @@
1
- /**
2
- * Security Scanner - Scan codebase for common security issues.
3
- *
4
- * Walks a directory tree, applies regex-based patterns to detect hardcoded
5
- * secrets, open security groups, public S3 buckets, missing encryption,
6
- * exposed ports, SQL injection risks, and insecure HTTP URLs.
7
- *
8
- * Binary files and configurable exclusion directories are skipped.
9
- * Results are returned sorted by severity (CRITICAL first).
10
- */
11
-
12
- import * as fs from 'node:fs';
13
- import * as path from 'node:path';
14
-
15
- // ---------------------------------------------------------------------------
16
- // Types
17
- // ---------------------------------------------------------------------------
18
-
19
- /** Severity level for a security finding */
20
- export type Severity = 'CRITICAL' | 'HIGH' | 'MEDIUM' | 'LOW';
21
-
22
- /** A single security finding produced by the scanner */
23
- export interface SecurityFinding {
24
- /** Unique identifier for this finding */
25
- id: string;
26
- /** Severity level */
27
- severity: Severity;
28
- /** Short title describing the issue */
29
- title: string;
30
- /** Detailed description of the issue */
31
- description: string;
32
- /** File where the issue was found */
33
- file?: string;
34
- /** Line number within the file */
35
- line?: number;
36
- /** Actionable recommendation to fix the issue */
37
- recommendation: string;
38
- }
39
-
40
- /** Aggregate result of a security scan */
41
- export interface ScanResult {
42
- /** All findings discovered during the scan */
43
- findings: SecurityFinding[];
44
- /** Total number of files inspected */
45
- scannedFiles: number;
46
- /** Wall-clock duration of the scan in milliseconds */
47
- scanDuration: number;
48
- /** Timestamp when the scan completed */
49
- timestamp: Date;
50
- }
51
-
52
- /** Options controlling which files and directories are scanned */
53
- export interface ScanOptions {
54
- /** Root directory to scan */
55
- dir: string;
56
- /** File glob patterns to include (e.g. ['*.ts', '*.tf']). If omitted, all text files are scanned. */
57
- patterns?: string[];
58
- /** Directory names to skip (defaults to node_modules, .git, dist) */
59
- exclude?: string[];
60
- /** Maximum number of files to scan (defaults to 1000) */
61
- maxFiles?: number;
62
- }
63
-
64
- // ---------------------------------------------------------------------------
65
- // Severity ordering (for sort)
66
- // ---------------------------------------------------------------------------
67
-
68
- const SEVERITY_ORDER: Record<Severity, number> = {
69
- CRITICAL: 0,
70
- HIGH: 1,
71
- MEDIUM: 2,
72
- LOW: 3,
73
- };
74
-
75
- // ---------------------------------------------------------------------------
76
- // Detection rules
77
- // ---------------------------------------------------------------------------
78
-
79
- interface DetectionRule {
80
- id: string;
81
- severity: Severity;
82
- title: string;
83
- description: string;
84
- recommendation: string;
85
- pattern: RegExp;
86
- /** Optional: only apply to files matching these extensions */
87
- fileExtensions?: string[];
88
- }
89
-
90
- const DETECTION_RULES: DetectionRule[] = [
91
- // -- Hardcoded secrets --
92
- {
93
- id: 'SEC-001',
94
- severity: 'CRITICAL',
95
- title: 'Hardcoded API key or secret',
96
- description:
97
- 'A potential API key, secret, password, or token is hardcoded in the source code. ' +
98
- 'Hardcoded credentials can be extracted from version control history.',
99
- recommendation:
100
- 'Move the secret to an environment variable or a secrets manager (e.g. AWS Secrets Manager, HashiCorp Vault).',
101
- pattern:
102
- /(?:api[_-]?key|api[_-]?secret|secret[_-]?key|access[_-]?key|auth[_-]?token|private[_-]?key)\s*[:=]\s*['"][^'"]{8,}['"]/i,
103
- },
104
- {
105
- id: 'SEC-002',
106
- severity: 'CRITICAL',
107
- title: 'Hardcoded password',
108
- description:
109
- 'A password value appears to be hardcoded in the source. This is a critical risk ' +
110
- 'if the file is committed to version control.',
111
- recommendation:
112
- 'Use environment variables or a secrets manager instead of embedding passwords in code.',
113
- pattern: /(?:password|passwd|pwd)\s*[:=]\s*['"][^'"]{4,}['"]/i,
114
- },
115
- {
116
- id: 'SEC-003',
117
- severity: 'CRITICAL',
118
- title: 'Hardcoded bearer or authorization token',
119
- description:
120
- 'An authorization header or bearer token is hardcoded, allowing credential theft from source.',
121
- recommendation: 'Inject tokens at runtime via environment variables or a credential helper.',
122
- pattern: /(?:bearer\s+[A-Za-z0-9\-._~+/]+=*|authorization['"]\s*:\s*['"][^'"]{10,}['"])/i,
123
- },
124
- {
125
- id: 'SEC-004',
126
- severity: 'HIGH',
127
- title: 'AWS access key ID detected',
128
- description:
129
- 'A string matching the AWS access key ID format (AKIA...) was found. If valid, ' +
130
- 'it grants access to AWS resources.',
131
- recommendation:
132
- 'Rotate the key immediately and store credentials via AWS IAM roles or environment variables.',
133
- pattern: /AKIA[0-9A-Z]{16}/,
134
- },
135
- {
136
- id: 'SEC-005',
137
- severity: 'HIGH',
138
- title: 'Private key material detected',
139
- description: 'A PEM-encoded private key header was found in source code.',
140
- recommendation: 'Store private keys outside the repository in a secure secrets store.',
141
- pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----/,
142
- },
143
-
144
- // -- Terraform-specific --
145
- {
146
- id: 'TF-001',
147
- severity: 'HIGH',
148
- title: 'Open security group (0.0.0.0/0)',
149
- description:
150
- 'A Terraform security group rule allows traffic from any IP address (0.0.0.0/0). ' +
151
- 'This exposes services to the entire internet.',
152
- recommendation: 'Restrict CIDR blocks to known IP ranges required for your use case.',
153
- pattern: /cidr_blocks\s*=\s*\[?\s*["']0\.0\.0\.0\/0["']/,
154
- fileExtensions: ['.tf', '.tf.json'],
155
- },
156
- {
157
- id: 'TF-002',
158
- severity: 'HIGH',
159
- title: 'Public S3 bucket ACL',
160
- description:
161
- 'An S3 bucket is configured with a public ACL (public-read or public-read-write). ' +
162
- 'This makes the bucket contents accessible to anyone on the internet.',
163
- recommendation: 'Set acl to "private" and use bucket policies for fine-grained access control.',
164
- pattern: /acl\s*=\s*["']public-read(?:-write)?["']/,
165
- fileExtensions: ['.tf', '.tf.json'],
166
- },
167
- {
168
- id: 'TF-003',
169
- severity: 'MEDIUM',
170
- title: 'S3 bucket missing server-side encryption',
171
- description:
172
- 'An aws_s3_bucket resource was found without an accompanying server_side_encryption_configuration block.',
173
- recommendation: 'Add a server_side_encryption_configuration block with AES256 or aws:kms.',
174
- pattern:
175
- /resource\s+["']aws_s3_bucket["']\s+["'][^"']+["']\s*\{(?:(?!server_side_encryption_configuration)[^}])*\}/s,
176
- fileExtensions: ['.tf'],
177
- },
178
- {
179
- id: 'TF-004',
180
- severity: 'MEDIUM',
181
- title: 'RDS instance missing encryption',
182
- description:
183
- 'An aws_db_instance resource does not have storage_encrypted = true, leaving data at rest unencrypted.',
184
- recommendation: 'Set storage_encrypted = true on all RDS instances.',
185
- pattern:
186
- /resource\s+["']aws_db_instance["']\s+["'][^"']+["']\s*\{(?:(?!storage_encrypted\s*=\s*true)[^}])*\}/s,
187
- fileExtensions: ['.tf'],
188
- },
189
- {
190
- id: 'TF-005',
191
- severity: 'HIGH',
192
- title: 'IAM policy with wildcard actions',
193
- description:
194
- 'An IAM policy grants "*" (all actions), violating the principle of least privilege.',
195
- recommendation: 'Restrict actions to only those required by the workload.',
196
- pattern: /["']Action["']\s*:\s*["']\*["']/,
197
- fileExtensions: ['.tf', '.json'],
198
- },
199
-
200
- // -- Docker / Compose --
201
- {
202
- id: 'DOCKER-001',
203
- severity: 'MEDIUM',
204
- title: 'Port bound to all interfaces (0.0.0.0)',
205
- description:
206
- 'A Docker Compose service binds a port to 0.0.0.0, exposing it on all network interfaces.',
207
- recommendation:
208
- 'Bind to 127.0.0.1 for local-only access, or use a reverse proxy for external traffic.',
209
- pattern: /["']?0\.0\.0\.0:\d+:\d+["']?/,
210
- fileExtensions: ['.yml', '.yaml'],
211
- },
212
-
213
- // -- SQL injection --
214
- {
215
- id: 'CODE-001',
216
- severity: 'HIGH',
217
- title: 'Potential SQL injection via string concatenation',
218
- description:
219
- 'A SQL query appears to be built with string concatenation or template literals that ' +
220
- 'include variable interpolation, which can lead to SQL injection.',
221
- recommendation:
222
- 'Use parameterized queries or prepared statements instead of string concatenation.',
223
- pattern:
224
- /(?:SELECT|INSERT|UPDATE|DELETE|DROP|CREATE|ALTER)\s+.*(?:\$\{|\+\s*(?:req|params|query|input|user|body)\b)/i,
225
- fileExtensions: ['.ts', '.js', '.mjs', '.cjs'],
226
- },
227
-
228
- // -- Insecure HTTP --
229
- {
230
- id: 'CODE-002',
231
- severity: 'LOW',
232
- title: 'Insecure HTTP URL',
233
- description:
234
- 'An http:// URL was found in configuration or source code. Data transmitted over ' +
235
- 'plain HTTP is vulnerable to interception.',
236
- recommendation: 'Use https:// to encrypt data in transit.',
237
- pattern: /["']http:\/\/(?!localhost|127\.0\.0\.1|0\.0\.0\.0|::1)[^'"]+["']/,
238
- fileExtensions: [
239
- '.ts',
240
- '.js',
241
- '.json',
242
- '.yml',
243
- '.yaml',
244
- '.tf',
245
- '.env',
246
- '.cfg',
247
- '.conf',
248
- '.toml',
249
- ],
250
- },
251
-
252
- // -- Disabled TLS verification --
253
- {
254
- id: 'CODE-003',
255
- severity: 'HIGH',
256
- title: 'TLS certificate verification disabled',
257
- description:
258
- 'TLS/SSL certificate verification is being disabled, making connections vulnerable ' +
259
- 'to man-in-the-middle attacks.',
260
- recommendation: 'Do not disable certificate verification in production environments.',
261
- pattern:
262
- /(?:rejectUnauthorized\s*:\s*false|NODE_TLS_REJECT_UNAUTHORIZED\s*=\s*['"]?0|verify\s*=\s*False|InsecureSkipVerify\s*:\s*true)/i,
263
- },
264
- ];
265
-
266
- // ---------------------------------------------------------------------------
267
- // File extensions considered "text" (non-binary)
268
- // ---------------------------------------------------------------------------
269
-
270
- const TEXT_EXTENSIONS = new Set([
271
- '.ts',
272
- '.tsx',
273
- '.js',
274
- '.jsx',
275
- '.mjs',
276
- '.cjs',
277
- '.json',
278
- '.yaml',
279
- '.yml',
280
- '.toml',
281
- '.cfg',
282
- '.conf',
283
- '.ini',
284
- '.tf',
285
- '.tfvars',
286
- '.hcl',
287
- '.sh',
288
- '.bash',
289
- '.zsh',
290
- '.py',
291
- '.rb',
292
- '.go',
293
- '.java',
294
- '.rs',
295
- '.c',
296
- '.cpp',
297
- '.h',
298
- '.md',
299
- '.txt',
300
- '.csv',
301
- '.sql',
302
- '.graphql',
303
- '.gql',
304
- '.env',
305
- '.env.example',
306
- '.env.local',
307
- '.xml',
308
- '.html',
309
- '.css',
310
- '.scss',
311
- '.less',
312
- '.dockerfile',
313
- '.dockerignore',
314
- '.gitignore',
315
- '.npmignore',
316
- '.tf.json',
317
- ]);
318
-
319
- /** Names that indicate a binary or generated file regardless of extension */
320
- const BINARY_NAMES = new Set([
321
- 'package-lock.json',
322
- 'bun.lock',
323
- 'bun.lockb',
324
- 'yarn.lock',
325
- 'pnpm-lock.yaml',
326
- ]);
327
-
328
- // ---------------------------------------------------------------------------
329
- // Helpers
330
- // ---------------------------------------------------------------------------
331
-
332
- const DEFAULT_EXCLUDES = [
333
- 'node_modules',
334
- '.git',
335
- 'dist',
336
- 'coverage',
337
- '.next',
338
- 'build',
339
- '__pycache__',
340
- ];
341
-
342
- /**
343
- * Determine whether a file should be scanned based on its extension and name.
344
- */
345
- function isTextFile(filePath: string): boolean {
346
- const basename = path.basename(filePath);
347
- if (BINARY_NAMES.has(basename)) {
348
- return false;
349
- }
350
-
351
- // Files without an extension (e.g. Dockerfile, Makefile) are treated as text
352
- const ext = path.extname(filePath).toLowerCase();
353
- if (ext === '') {
354
- return true;
355
- }
356
-
357
- return TEXT_EXTENSIONS.has(ext);
358
- }
359
-
360
- /**
361
- * Check whether a file matches the user-provided glob patterns (simple suffix matching).
362
- */
363
- function matchesPatterns(filePath: string, patterns: string[]): boolean {
364
- if (patterns.length === 0) {
365
- return true;
366
- }
367
- const basename = path.basename(filePath);
368
- const ext = path.extname(filePath).toLowerCase();
369
-
370
- return patterns.some(p => {
371
- // Handle "*.ext" patterns
372
- if (p.startsWith('*.')) {
373
- return ext === p.slice(1).toLowerCase() || ext === p.slice(1);
374
- }
375
- // Exact filename match
376
- return basename === p;
377
- });
378
- }
379
-
380
- /**
381
- * Check whether a detection rule applies to a given file extension.
382
- */
383
- function ruleAppliesToFile(rule: DetectionRule, filePath: string): boolean {
384
- if (!rule.fileExtensions) {
385
- return true;
386
- }
387
- const ext = path.extname(filePath).toLowerCase();
388
- return rule.fileExtensions.includes(ext);
389
- }
390
-
391
- /**
392
- * Recursively collect file paths from a directory, respecting exclusions and limits.
393
- */
394
- function collectFiles(
395
- dir: string,
396
- exclude: Set<string>,
397
- patterns: string[],
398
- maxFiles: number,
399
- collected: string[] = []
400
- ): string[] {
401
- if (collected.length >= maxFiles) {
402
- return collected;
403
- }
404
-
405
- let entries: fs.Dirent[];
406
- try {
407
- entries = fs.readdirSync(dir, { withFileTypes: true });
408
- } catch {
409
- // Permission denied or unreadable directory -- skip silently
410
- return collected;
411
- }
412
-
413
- for (const entry of entries) {
414
- if (collected.length >= maxFiles) {
415
- break;
416
- }
417
-
418
- if (entry.isDirectory()) {
419
- if (exclude.has(entry.name)) {
420
- continue;
421
- }
422
- collectFiles(path.join(dir, entry.name), exclude, patterns, maxFiles, collected);
423
- } else if (entry.isFile()) {
424
- const fullPath = path.join(dir, entry.name);
425
- if (isTextFile(fullPath) && matchesPatterns(fullPath, patterns)) {
426
- collected.push(fullPath);
427
- }
428
- }
429
- }
430
-
431
- return collected;
432
- }
433
-
434
- // ---------------------------------------------------------------------------
435
- // Public API
436
- // ---------------------------------------------------------------------------
437
-
438
- /**
439
- * Scan a directory tree for common security issues.
440
- *
441
- * Walks through files in `options.dir`, applies regex-based detection rules,
442
- * and returns all findings sorted by severity (CRITICAL first).
443
- *
444
- * @param options - Configuration controlling which files are scanned
445
- * @returns Scan result containing findings, file count, and timing information
446
- */
447
- export async function scanSecurity(options: ScanOptions): Promise<ScanResult> {
448
- const startTime = Date.now();
449
-
450
- const excludeSet = new Set(options.exclude ?? DEFAULT_EXCLUDES);
451
- const patterns = options.patterns ?? [];
452
- const maxFiles = options.maxFiles ?? 1000;
453
-
454
- // Collect files to scan
455
- const files = collectFiles(options.dir, excludeSet, patterns, maxFiles);
456
-
457
- const findings: SecurityFinding[] = [];
458
-
459
- for (const filePath of files) {
460
- let content: string;
461
- try {
462
- content = fs.readFileSync(filePath, 'utf-8');
463
- } catch {
464
- // Unreadable file -- skip
465
- continue;
466
- }
467
-
468
- const lines = content.split('\n');
469
- const relativePath = path.relative(options.dir, filePath);
470
-
471
- for (const rule of DETECTION_RULES) {
472
- if (!ruleAppliesToFile(rule, filePath)) {
473
- continue;
474
- }
475
-
476
- // For multiline patterns (dotAll flag), match against the whole file
477
- if (rule.pattern.flags.includes('s')) {
478
- if (rule.pattern.test(content)) {
479
- findings.push({
480
- id: `${rule.id}-${crypto.randomUUID().slice(0, 8)}`,
481
- severity: rule.severity,
482
- title: rule.title,
483
- description: rule.description,
484
- file: relativePath,
485
- recommendation: rule.recommendation,
486
- });
487
- }
488
- continue;
489
- }
490
-
491
- // Line-by-line matching for single-line patterns
492
- for (let i = 0; i < lines.length; i++) {
493
- if (rule.pattern.test(lines[i])) {
494
- findings.push({
495
- id: `${rule.id}-${crypto.randomUUID().slice(0, 8)}`,
496
- severity: rule.severity,
497
- title: rule.title,
498
- description: rule.description,
499
- file: relativePath,
500
- line: i + 1,
501
- recommendation: rule.recommendation,
502
- });
503
- }
504
- }
505
- }
506
- }
507
-
508
- // Sort by severity (CRITICAL first), then by file path
509
- findings.sort((a, b) => {
510
- const severityDiff = SEVERITY_ORDER[a.severity] - SEVERITY_ORDER[b.severity];
511
- if (severityDiff !== 0) {
512
- return severityDiff;
513
- }
514
- return (a.file ?? '').localeCompare(b.file ?? '');
515
- });
516
-
517
- return {
518
- findings,
519
- scannedFiles: files.length,
520
- scanDuration: Date.now() - startTime,
521
- timestamp: new Date(),
522
- };
523
- }
524
-
525
- /**
526
- * Format an array of security findings as a human-readable report string.
527
- *
528
- * Each finding is displayed with a severity indicator, title, file location,
529
- * description, and recommendation.
530
- *
531
- * @param findings - The findings to format
532
- * @returns Formatted multi-line report
533
- */
534
- export function formatFindings(findings: SecurityFinding[]): string {
535
- if (findings.length === 0) {
536
- return 'No security issues found.';
537
- }
538
-
539
- const severityIcon: Record<Severity, string> = {
540
- CRITICAL: '[CRITICAL]',
541
- HIGH: '[HIGH] ',
542
- MEDIUM: '[MEDIUM] ',
543
- LOW: '[LOW] ',
544
- };
545
-
546
- const lines: string[] = [
547
- `Security Scan Report - ${findings.length} finding(s)`,
548
- '='.repeat(60),
549
- '',
550
- ];
551
-
552
- const grouped: Record<Severity, SecurityFinding[]> = {
553
- CRITICAL: [],
554
- HIGH: [],
555
- MEDIUM: [],
556
- LOW: [],
557
- };
558
-
559
- for (const f of findings) {
560
- grouped[f.severity].push(f);
561
- }
562
-
563
- for (const severity of ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW'] as Severity[]) {
564
- const group = grouped[severity];
565
- if (group.length === 0) {
566
- continue;
567
- }
568
-
569
- lines.push(`--- ${severity} (${group.length}) ---`);
570
- lines.push('');
571
-
572
- for (const finding of group) {
573
- lines.push(` ${severityIcon[finding.severity]} ${finding.title}`);
574
- if (finding.file) {
575
- const loc = finding.line ? `${finding.file}:${finding.line}` : finding.file;
576
- lines.push(` Location: ${loc}`);
577
- }
578
- lines.push(` ${finding.description}`);
579
- lines.push(` Recommendation: ${finding.recommendation}`);
580
- lines.push('');
581
- }
582
- }
583
-
584
- // Summary counts
585
- const criticalCount = grouped.CRITICAL.length;
586
- const highCount = grouped.HIGH.length;
587
- const mediumCount = grouped.MEDIUM.length;
588
- const lowCount = grouped.LOW.length;
589
-
590
- lines.push('='.repeat(60));
591
- lines.push(
592
- `Summary: ${criticalCount} critical, ${highCount} high, ${mediumCount} medium, ${lowCount} low`
593
- );
594
-
595
- return lines.join('\n');
596
- }
597
-
598
- // ---------------------------------------------------------------------------
599
- // Gap 12: Secret masking for tool output
600
- // ---------------------------------------------------------------------------
601
-
602
- interface SecretPattern {
603
- pattern: RegExp;
604
- label: string;
605
- }
606
-
607
- /**
608
- * Patterns used to detect and redact secrets in tool output.
609
- * Applied in order; earlier patterns take precedence.
610
- */
611
- const SECRET_MASK_PATTERNS: SecretPattern[] = [
612
- { pattern: /AKIA[0-9A-Z]{16}/g, label: '[AWS_ACCESS_KEY]' },
613
- { pattern: /sk-ant-[a-zA-Z0-9\-]{40,}/g, label: '[ANTHROPIC_KEY]' },
614
- { pattern: /ghp_[a-zA-Z0-9]{36}/g, label: '[GITHUB_TOKEN]' },
615
- { pattern: /gho_[a-zA-Z0-9]{36}/g, label: '[GITHUB_OAUTH]' },
616
- { pattern: /sk-[a-zA-Z0-9]{40,}/g, label: '[OPENAI_KEY]' },
617
- { pattern: /AIza[0-9A-Za-z\-_]{35}/g, label: '[GOOGLE_API_KEY]' },
618
- { pattern: /Bearer [a-zA-Z0-9._\-]{20,}/g, label: 'Bearer [BEARER_TOKEN]' },
619
- { pattern: /password[=:\s]["']?[^\s"']{8,}/gi, label: 'password=[REDACTED]' },
620
- { pattern: /passwd[=:\s]["']?[^\s"']{8,}/gi, label: 'passwd=[REDACTED]' },
621
- { pattern: /token[=:\s]["']?[a-zA-Z0-9._\-]{20,}/gi, label: 'token=[REDACTED]' },
622
- { pattern: /secret[=:\s]["']?[a-zA-Z0-9._\-]{16,}/gi, label: 'secret=[REDACTED]' },
623
- { pattern: /-----BEGIN (?:RSA |EC |DSA )?PRIVATE KEY-----[\s\S]{0,2048}?-----END (?:RSA |EC |DSA )?PRIVATE KEY-----/g, label: '[PRIVATE_KEY_REDACTED]' },
624
- ];
625
-
626
- /**
627
- * Replace recognized secret patterns in a text string with safe placeholders.
628
- *
629
- * Applied to all tool output before it is shown in the TUI or stored in chat
630
- * history, preventing accidental leakage of credentials through the UI.
631
- *
632
- * @param text - Raw tool output string.
633
- * @returns The text with known secret patterns replaced by `[REDACTED]` labels.
634
- */
635
- export function maskSecrets(text: string): string {
636
- let masked = text;
637
- for (const { pattern, label } of SECRET_MASK_PATTERNS) {
638
- masked = masked.replace(pattern, label);
639
- }
640
- return masked;
641
- }
package/src/auth/guard.ts DELETED
@@ -1,75 +0,0 @@
1
- /**
2
- * Auth Guard - First-Run Detection
3
- * Detects when authentication is needed and triggers the login wizard
4
- */
5
-
6
- import { authStore } from './store';
7
-
8
- /**
9
- * Environment variable names for LLM provider API keys
10
- */
11
- const PROVIDER_ENV_VARS = [
12
- 'ANTHROPIC_API_KEY',
13
- 'OPENAI_API_KEY',
14
- 'GOOGLE_API_KEY',
15
- 'OPENROUTER_API_KEY',
16
- 'GROQ_API_KEY',
17
- 'TOGETHER_API_KEY',
18
- 'DEEPSEEK_API_KEY',
19
- 'FIREWORKS_API_KEY',
20
- 'PERPLEXITY_API_KEY',
21
- 'OLLAMA_BASE_URL', // Ollama doesn't need API key, just base URL
22
- 'AWS_ACCESS_KEY_ID', // Bedrock uses AWS IAM credentials
23
- ];
24
-
25
- /**
26
- * Check if any provider API key is available via environment variables
27
- */
28
- function hasEnvVarCredentials(): boolean {
29
- return PROVIDER_ENV_VARS.some(envVar => !!process.env[envVar]);
30
- }
31
-
32
- /**
33
- * Check if authentication is required
34
- * Returns true if no providers configured in auth.json AND no env vars set
35
- */
36
- export function requiresAuth(): boolean {
37
- // If auth.json has providers, auth is not required
38
- if (authStore.exists()) {
39
- return false;
40
- }
41
-
42
- // If any provider env var is set, auth is not required
43
- if (hasEnvVarCredentials()) {
44
- return false;
45
- }
46
-
47
- return true;
48
- }
49
-
50
- /**
51
- * Check if authentication is configured
52
- * Returns true if there are any providers configured (auth.json or env vars)
53
- */
54
- export function isAuthenticated(): boolean {
55
- return authStore.exists() || hasEnvVarCredentials();
56
- }
57
-
58
- /**
59
- * Get a human-readable auth status message
60
- */
61
- export function getAuthMessage(): string {
62
- if (!requiresAuth()) {
63
- const status = authStore.getStatus();
64
- const providerCount = status.providers.length;
65
- const defaultProvider = status.defaultProvider;
66
-
67
- if (status.hasIdentity) {
68
- return `Authenticated as ${status.identity?.username} with ${providerCount} provider(s). Default: ${defaultProvider}`;
69
- }
70
-
71
- return `Configured with ${providerCount} provider(s). Default: ${defaultProvider}`;
72
- }
73
-
74
- return 'Not authenticated. Run `nimbus login` to get started.';
75
- }