@caphub/cli 0.1.1 → 0.1.3

package/README.md

@@ -16,10 +16,16 @@ npx @caphub/cli help
 
 ## Auth
 
-Store your API key once:
+Open the website approval flow:
 
 ```bash
-caphub auth login --api-key csk_live_...
+caphub auth login
+```
+
+For headless/cloud agents, put the key in the platform secret manager and expose it as:
+
+```bash
+CAPHUB_API_KEY=csk_live_...
 ```
 
 ## Discovery

package/bin/caphub.js

@@ -3,6 +3,7 @@
 import { mkdirSync, readFileSync, writeFileSync } from "node:fs";
 import os from "node:os";
 import { dirname, resolve } from "node:path";
+import { spawn } from "node:child_process";
 import { fileURLToPath } from "node:url";
 
 const __dirname = dirname(fileURLToPath(import.meta.url));
@@ -23,7 +24,8 @@ commands:
   help                  explain the platform and command layout
   help <capability>     show capability-specific help from the API
   capabilities          list live capabilities with short descriptions
-  auth login            save api key locally for future runs
+  auth                  show current login state
+  auth login            open website login flow; stores api key locally after approval
   auth whoami           verify the current api key against the API
   auth logout           remove stored api key from local config
   <capability> <json>   run a capability directly, e.g. search or search-ideas
@@ -31,18 +33,20 @@ commands:
 agent workflow:
   1. caphub capabilities
   2. caphub help <capability>
-  3. caphub auth login --api-key csk_live_...
+  3. caphub auth login
   4. caphub <capability> '<json>'
 
 recovery:
-  no api key            caphub auth login --api-key csk_live_...
+  no api key            caphub auth login
   invalid api key       generate a new key in https://caphub.io/dashboard/
   insufficient credits  top up in https://caphub.io/dashboard/
   bad json              caphub help <capability>
   capability unknown    caphub capabilities
 
 examples:
+  caphub auth
   caphub capabilities
+  caphub auth login
   caphub auth login --api-key csk_live_...
   caphub help search
   caphub search '{"queries":["site:github.com awesome ai agents"]}'
@@ -93,6 +97,27 @@ function fail(message) {
   process.exit(1);
 }
 
+function openUrl(url) {
+  if (process.env.CAPHUB_NO_OPEN === "1") return false;
+
+  const command = process.platform === "darwin"
+    ? "open"
+    : process.platform === "win32"
+      ? "cmd"
+      : "xdg-open";
+  const args = process.platform === "win32"
+    ? ["/c", "start", "", url]
+    : [url];
+
+  try {
+    const child = spawn(command, args, { detached: true, stdio: "ignore" });
+    child.unref();
+    return true;
+  } catch {
+    return false;
+  }
+}
+
 function readStdin() {
   return new Promise((resolveInput) => {
     let data = "";
@@ -145,7 +170,7 @@ function buildRecoveryHints(error, context = {}) {
   const status = Number(error?.status || 0);
 
   if (status === 401 || message.includes("missing x-api-key header")) {
-    hints.push("login: caphub auth login --api-key csk_live_...");
+    hints.push("login: caphub auth login");
   }
 
   if (status === 403 || message.includes("invalid api key")) {
@@ -191,6 +216,10 @@ function failWithHints(message, error, context = {}) {
   fail(lines.join("\n"));
 }
 
+function sleep(ms) {
+  return new Promise((resolveWait) => setTimeout(resolveWait, ms));
+}
+
 function printCapabilities(payload) {
   const lines = [
     "caphub capabilities",
@@ -230,7 +259,7 @@ function printCapabilityHelp(payload) {
     ...(payload.notes_for_agents || []).map((note) => `- ${note}`),
     "",
     "common recovery:",
-    "- auth missing: caphub auth login --api-key csk_live_...",
+    "- auth missing: caphub auth login",
     "- auth invalid: generate a new key in https://caphub.io/dashboard/",
     "- low credits: top up in https://caphub.io/dashboard/",
     `- bad payload: caphub help ${payload.capability}`,
@@ -264,8 +293,94 @@ async function commandAuth(args) {
   const sub = args[0];
   const config = readConfig();
 
+  if (!sub) {
+    const apiKey = getApiKey();
+    if (!apiKey) {
+      process.stdout.write([
+        "caphub auth",
+        "",
+        "status: not logged in",
+        "",
+        "next:",
+        "  - caphub auth login",
+        "  - or for headless/cloud agents: caphub auth login --api-key csk_live_...",
+        "",
+      ].join("\n"));
+      return;
+    }
+
+    try {
+      const payload = await fetchJson(`${getApiUrl()}/v1/me`, { apiKey });
+      process.stdout.write([
+        "caphub auth",
+        "",
+        "status: logged in",
+        `email: ${payload.user.email}`,
+        `user_id: ${payload.user.id}`,
+        `credits_remaining: ${payload.total_usage.credits_remaining}`,
+        `total_credits_used: ${payload.total_usage.total_credits_used}`,
+        "",
+        "next:",
+        "  - caphub capabilities",
+        "  - caphub help search",
+        "",
+      ].join("\n"));
+      return;
+    } catch (error) {
+      failWithHints("stored credentials are not valid", error, { capability: "search" });
+    }
+  }
+
   if (sub === "login") {
-    const apiKey = parseFlag(args, "--api-key") || getApiKey();
+    const explicitApiKey = parseFlag(args, "--api-key");
+    if (!explicitApiKey && !args.includes("--api-key")) {
+      const apiUrl = getApiUrl();
+      const started = await fetchJson(`${apiUrl}/v1/auth/cli/start`, { method: "POST", body: {} });
+      const opened = openUrl(started.approval_url);
+      process.stdout.write([
+        "caphub auth login",
+        "",
+        opened
+          ? "Opened the browser approval page. If it did not open, use this URL:"
+          : "Open this URL in your browser and finish sign-in:",
+        started.approval_url,
+        "",
+        `code: ${started.code}`,
+        `expires_in_seconds: ${started.expires_in_seconds}`,
+        process.env.CAPHUB_NO_OPEN === "1" ? "browser_open: disabled by CAPHUB_NO_OPEN=1" : `browser_open: ${opened ? "attempted" : "failed"}`,
+        "",
+        "Waiting for website approval...",
+        "",
+      ].join("\n"));
+
+      const deadline = Date.now() + Number(started.expires_in_seconds || 600) * 1000;
+      const intervalMs = Number(started.poll_interval_seconds || 2) * 1000;
+      while (Date.now() < deadline) {
+        const polled = await fetchJson(`${apiUrl}/v1/auth/cli/poll`, {
+          method: "POST",
+          body: {
+            session_id: started.session_id,
+            poll_token: started.poll_token,
+          },
+        });
+
+        if (polled.status === "approved" && polled.api_key) {
+          writeConfig({
+            ...config,
+            api_key: polled.api_key,
+            api_url: apiUrl,
+          });
+          process.stdout.write(`${JSON.stringify({ ok: true, config_path: CONFIG_PATH, api_url: apiUrl }, null, 2)}\n`);
+          return;
+        }
+
+        await sleep(intervalMs);
+      }
+
+      fail("Error: login approval timed out.\n\nnext:\n  - rerun: caphub auth login\n  - or open https://caphub.io/dashboard/");
+    }
+
+    const apiKey = explicitApiKey || getApiKey();
     const apiUrl = parseFlag(args, "--api-url") || getApiUrl();
     if (!apiKey) fail("Error: auth login requires --api-key or CAPHUB_API_KEY.\n\nnext:\n  - caphub auth login --api-key csk_live_...");
     writeConfig({

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@caphub/cli",
-  "version": "0.1.1",
+  "version": "0.1.3",
   "description": "Root CLI for Caphub agent capabilities",
   "type": "module",
   "bin": {