@cloudverse/aix-cli 1.0.0 → 1.1.0

package/dist/auth.d.ts

@@ -0,0 +1,18 @@
+interface StoredTokens {
+    access_token: string;
+    refresh_token: string;
+    expires_at: number;
+    org_id: string;
+    api_url: string;
+}
+export declare function saveTokens(data: {
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+    org_id: string;
+    api_url: string;
+}): void;
+export declare function loadTokens(): StoredTokens | null;
+export declare function clearTokens(): void;
+export declare function refreshIfNeeded(): Promise<void>;
+export {};

package/dist/auth.js

@@ -0,0 +1,75 @@
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { request, setTokenOverride } from './http.js';
+function getConfigDir() {
+    const dir = path.join(os.homedir(), '.aix');
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { mode: 0o700, recursive: true });
+    }
+    return dir;
+}
+function getTokenPath() {
+    return path.join(getConfigDir(), 'tokens.json');
+}
+export function saveTokens(data) {
+    const tokens = {
+        access_token: data.access_token,
+        refresh_token: data.refresh_token,
+        expires_at: Date.now() + data.expires_in * 1000,
+        org_id: data.org_id,
+        api_url: data.api_url,
+    };
+    const tokenPath = getTokenPath();
+    fs.writeFileSync(tokenPath, JSON.stringify(tokens, null, 2), { mode: 0o600 });
+}
+export function loadTokens() {
+    const tokenPath = getTokenPath();
+    if (!fs.existsSync(tokenPath))
+        return null;
+    try {
+        const raw = fs.readFileSync(tokenPath, 'utf-8');
+        const tokens = JSON.parse(raw);
+        if (!tokens.access_token || !tokens.refresh_token)
+            return null;
+        setTokenOverride(tokens.access_token);
+        return tokens;
+    }
+    catch {
+        return null;
+    }
+}
+export function clearTokens() {
+    const tokenPath = getTokenPath();
+    if (fs.existsSync(tokenPath)) {
+        fs.unlinkSync(tokenPath);
+    }
+    setTokenOverride(null);
+}
+export async function refreshIfNeeded() {
+    const tokens = loadTokens();
+    if (!tokens)
+        return;
+    const bufferMs = 60 * 1000;
+    if (tokens.expires_at > Date.now() + bufferMs) {
+        return;
+    }
+    try {
+        const res = await request('POST', '/api/auth/device/refresh', {
+            refresh_token: tokens.refresh_token,
+        });
+        if (res.ok && res.data.access_token) {
+            saveTokens({
+                access_token: res.data.access_token,
+                refresh_token: res.data.refresh_token,
+                expires_in: res.data.expires_in,
+                org_id: res.data.org_id || tokens.org_id,
+                api_url: tokens.api_url,
+            });
+            setTokenOverride(res.data.access_token);
+        }
+    }
+    catch {
+        // Refresh failed silently - existing token may still work
+    }
+}

package/dist/http.d.ts

@@ -1,3 +1,4 @@
+export declare function setTokenOverride(token: string | null): void;
 export interface HttpConfig {
     baseUrl: string;
     token: string | null;

package/dist/http.js

@@ -1,8 +1,12 @@
-const DEFAULT_BASE_URL = 'http://localhost:5000';
+const DEFAULT_BASE_URL = 'https://aix.cloudverse.ai';
+let tokenOverride = null;
+export function setTokenOverride(token) {
+    tokenOverride = token;
+}
 export function getConfig() {
     return {
         baseUrl: (process.env.AIX_API_URL || DEFAULT_BASE_URL).replace(/\/$/, ''),
-        token: process.env.AIX_TOKEN || null,
+        token: tokenOverride || process.env.AIX_TOKEN || null,
     };
 }
 export async function request(method, path, body) {

package/dist/index.js

@@ -1,12 +1,122 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
-import { request, exitWithError } from './http.js';
+import { request, exitWithError, getConfig } from './http.js';
 import { formatDecision, formatExplanation, formatHealth, formatPolicy, formatCatalogStatus } from './formatters.js';
+import { loadTokens, saveTokens, clearTokens, refreshIfNeeded } from './auth.js';
 const program = new Command();
 program
     .name('aix')
     .description('AIX Brain Decision Engine CLI — decision-only surface')
     .version('1.0.0');
+program
+    .command('login')
+    .description('Authenticate with AIX via browser-based device login')
+    .option('--api-url <url>', 'AIX server URL (default: https://aix.cloudverse.ai)')
+    .action(async (opts) => {
+    const config = getConfig();
+    const baseUrl = opts.apiUrl || config.baseUrl;
+    console.log('\n\x1b[1mAIX Device Login\x1b[0m');
+    console.log('─'.repeat(50));
+    const startRes = await request('POST', '/api/auth/device/start', {
+        cli_version: '1.0.0',
+    });
+    if (!startRes.ok) {
+        exitWithError('Failed to start device login', JSON.stringify(startRes.data, null, 2));
+    }
+    const { device_code, user_code, verification_uri, verification_uri_complete, interval, expires_in } = startRes.data;
+    console.log(`\n  Your verification code:\n`);
+    console.log(`    \x1b[1m\x1b[36m${user_code}\x1b[0m\n`);
+    console.log(`  Opening browser to:\n`);
+    console.log(`    \x1b[4m${verification_uri_complete}\x1b[0m\n`);
+    const openBrowser = async (url) => {
+        const { exec } = await import('child_process');
+        const platform = process.platform;
+        const cmd = platform === 'darwin' ? 'open'
+            : platform === 'win32' ? 'start'
+                : 'xdg-open';
+        exec(`${cmd} "${url}"`, (err) => {
+            if (err) {
+                console.log(`  \x1b[33mCould not open browser automatically.\x1b[0m`);
+                console.log(`  Please open the URL above manually.\n`);
+            }
+        });
+    };
+    await openBrowser(verification_uri_complete);
+    console.log(`  Waiting for approval (expires in ${Math.floor(expires_in / 60)} minutes)...\n`);
+    const deadline = Date.now() + expires_in * 1000;
+    let pollInterval = interval * 1000;
+    while (Date.now() < deadline) {
+        await new Promise(r => setTimeout(r, pollInterval));
+        const pollRes = await request('POST', '/api/auth/device/poll', { device_code });
+        if (pollRes.data.status === 'authorization_pending') {
+            process.stdout.write('.');
+            continue;
+        }
+        if (pollRes.data.status === 'slow_down') {
+            pollInterval = pollRes.data.interval * 1000;
+            continue;
+        }
+        if (pollRes.data.status === 'ok') {
+            console.log('\n');
+            saveTokens({
+                access_token: pollRes.data.access_token,
+                refresh_token: pollRes.data.refresh_token,
+                expires_in: pollRes.data.expires_in,
+                org_id: pollRes.data.org_id,
+                api_url: baseUrl,
+            });
+            console.log('  \x1b[32m✓ Login successful!\x1b[0m');
+            console.log(`  Org:    ${pollRes.data.org_id}`);
+            console.log(`  Server: ${baseUrl}`);
+            console.log('\n  Token saved. You can now use \x1b[1maix decide\x1b[0m and other commands.\n');
+            return;
+        }
+        if (pollRes.data.status === 'expired') {
+            console.log('\n');
+            exitWithError('Login expired. Please try again.');
+        }
+        if (pollRes.data.status === 'access_denied') {
+            console.log('\n');
+            exitWithError('Login was denied.');
+        }
+        exitWithError('Unexpected response', JSON.stringify(pollRes.data, null, 2));
+    }
+    console.log('\n');
+    exitWithError('Login timed out. Please try again.');
+});
+program
+    .command('logout')
+    .description('Clear saved authentication tokens')
+    .action(() => {
+    clearTokens();
+    console.log('\n  \x1b[32m✓ Logged out.\x1b[0m Tokens cleared.\n');
+});
+program
+    .command('whoami')
+    .description('Show current authentication status')
+    .action(async () => {
+    const tokens = loadTokens();
+    if (!tokens) {
+        console.log('\n  Not logged in. Run \x1b[1maix login\x1b[0m to authenticate.\n');
+        return;
+    }
+    console.log('\n\x1b[1mAIX Auth Status\x1b[0m');
+    console.log('─'.repeat(50));
+    console.log(`  Org:     ${tokens.org_id}`);
+    console.log(`  Server:  ${tokens.api_url}`);
+    const expiresAt = tokens.expires_at ? new Date(tokens.expires_at) : null;
+    if (expiresAt) {
+        const remaining = expiresAt.getTime() - Date.now();
+        if (remaining > 0) {
+            const mins = Math.floor(remaining / 60000);
+            console.log(`  Token:   valid (${mins}m remaining)`);
+        }
+        else {
+            console.log('  Token:   expired (will auto-refresh on next command)');
+        }
+    }
+    console.log('');
+});
 program
     .command('decide')
     .description('Request a routing decision from the AIX Brain')
@@ -22,6 +132,7 @@ program
     .option('--intent-json <path>', 'Path to JSON file with full request payload')
     .option('--format <string>', 'Output format: pretty | json', 'pretty')
     .action(async (opts) => {
+    await refreshIfNeeded();
     let payload;
     if (opts.intentJson) {
         const fs = await import('fs');
@@ -76,6 +187,7 @@ program
     .description('Get explanation and trace for a past decision')
     .option('--format <string>', 'Output format: pretty | json', 'pretty')
     .action(async (decisionId, opts) => {
+    await refreshIfNeeded();
     const res = await request('GET', `/api/brain/decisions/${decisionId}`);
     if (!res.ok) {
         exitWithError(`Failed to fetch decision (HTTP ${res.status})`, JSON.stringify(res.data, null, 2));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@cloudverse/aix-cli",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "AIX Brain Decision Engine CLI - decision-only surface for AI workload routing",
   "type": "module",
   "bin": {