@codexa/cli 9.0.33 → 9.0.35

package/db/connection.ts

@@ -6,137 +6,243 @@ import { join, dirname } from "path";
 let client: Client | null = null;
 let dbProvisioned = false;
 
+const TURSO_API = "https://api.turso.tech/v1";
+const CONFIG_PATH = () => join(process.cwd(), ".codexa", "config.json");
+
 // ═══════════════════════════════════════════════════════════════
-// Resolucao de DB URL: env → config local → derivacao do git
+// Config: database URL + database token (cached locally)
+//
+// Tokens no Turso:
+//   TURSO_API_TOKEN  → Platform API (criar/gerenciar DBs)
+//   TURSO_AUTH_TOKEN → Conexao ao DB (libSQL protocol)
+//
+// O auto-provisioning usa TURSO_API_TOKEN para criar o DB e
+// mintar um database token, que e salvo no config.json junto
+// com a URL. Depois disso, so TURSO_AUTH_TOKEN e necessario
+// (ou o token do config).
 // ═══════════════════════════════════════════════════════════════
 
-function resolveDbUrl(): string {
-  // 1. Override explicito via env var
-  if (process.env.CODEXA_DB_URL) return process.env.CODEXA_DB_URL;
+interface CodexaConfig {
+  database?: string;
+  token?: string;
+}
 
-  // 2. Cache local (.codexa/config.json)
-  const configPath = join(process.cwd(), ".codexa", "config.json");
+function loadConfig(): CodexaConfig {
+  const configPath = CONFIG_PATH();
   if (existsSync(configPath)) {
     try {
-      const config = JSON.parse(readFileSync(configPath, "utf-8"));
-      if (config.database) return config.database;
-    } catch { /* config invalido, continuar */ }
+      return JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch { /* config invalido */ }
   }
+  return {};
+}
 
-  // 3. Derivar do git remote
-  const org = process.env.TURSO_ORG;
-  if (!org) {
-    throw new Error(
-      "Banco de dados nao configurado.\n\n" +
-      "Opcao 1 — Configurar automaticamente:\n" +
-      "  export TURSO_ORG=sua-org\n" +
-      "  export TURSO_AUTH_TOKEN=eyJ...\n" +
-      "  codexa init\n\n" +
-      "Opcao 2 — Configurar manualmente:\n" +
-      "  export CODEXA_DB_URL=libsql://seu-db.turso.io\n" +
-      "  export TURSO_AUTH_TOKEN=eyJ..."
-    );
-  }
+function saveConfig(config: CodexaConfig): void {
+  try {
+    const configPath = CONFIG_PATH();
+    const dir = dirname(configPath);
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  } catch { /* falha ao salvar cache, nao e critico */ }
+}
+
+// ═══════════════════════════════════════════════════════════════
+// Resolucao: URL e token para conexao
+// ═══════════════════════════════════════════════════════════════
 
-  const slug = deriveSlugFromGit();
-  const url = `libsql://codexa-${slug}-${org}.turso.io`;
+function resolveDbUrl(): string {
+  if (process.env.CODEXA_DB_URL) return process.env.CODEXA_DB_URL;
+
+  const config = loadConfig();
+  if (config.database) return config.database;
+
+  throw new NeedsProvisioningError();
+}
+
+function resolveDbToken(): string | undefined {
+  // 1. Env var explicita (sempre tem prioridade)
+  if (process.env.TURSO_AUTH_TOKEN) return process.env.TURSO_AUTH_TOKEN;
 
-  // Salvar no cache para proximas execucoes
-  saveConfig(configPath, url);
+  // 2. Token do config (mintado durante provisioning)
+  const config = loadConfig();
+  if (config.token) return config.token;
 
-  return url;
+  return undefined;
 }
 
-function deriveSlugFromGit(): string {
+class NeedsProvisioningError extends Error {
+  constructor() { super("DB_NEEDS_PROVISIONING"); }
+}
+
+function deriveDbNameFromGit(): string {
   try {
     const remote = execSync("git remote get-url origin", { encoding: "utf-8" }).trim();
-    // github.com/leandro/meu-saas.git → leandro--meu-saas
-    // git@github.com:leandro/meu-saas.git → leandro--meu-saas
     const match = remote.match(/[/:]([^/]+)\/([^/]+?)(?:\.git)?$/);
     if (match) {
-      return `${match[1]}--${match[2]}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+      return match[2].toLowerCase().replace(/[^a-z0-9-]/g, "-");
     }
   } catch { /* git nao disponivel */ }
 
-  // Fallback: nome da pasta atual
   const dirName = process.cwd().split(/[/\\]/).pop() || "unknown";
   return dirName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
 }
 
-function saveConfig(configPath: string, url: string): void {
-  try {
-    const dir = dirname(configPath);
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
+// ═══════════════════════════════════════════════════════════════
+// Turso Platform API helpers
+// ═══════════════════════════════════════════════════════════════
+
+function apiToken(): string {
+  const token = process.env.TURSO_API_TOKEN || process.env.TURSO_AUTH_TOKEN;
+  if (!token) {
+    throw new Error(
+      "Token Turso nao configurado.\n\n" +
+      "Para auto-provisioning:\n" +
+      "  export TURSO_API_TOKEN=<platform-api-token>\n" +
+      "  export TURSO_ORG=sua-org\n\n" +
+      "Gerar API token: turso auth api-tokens mint codexa\n" +
+      "Ou usar sessao CLI: export TURSO_API_TOKEN=$(turso auth token)"
+    );
+  }
+  return token;
+}
+
+function apiHeaders(): Record<string, string> {
+  return {
+    "Authorization": `Bearer ${apiToken()}`,
+    "Content-Type": "application/json",
+  };
+}
+
+async function apiFetchDatabase(org: string, dbName: string): Promise<string | null> {
+  const response = await fetch(
+    `${TURSO_API}/organizations/${org}/databases/${dbName}`,
+    { headers: apiHeaders() }
+  );
+
+  if (response.status === 404) return null;
+  if (response.status === 401 || response.status === 403) {
+    throwAuthError();
+  }
+  if (!response.ok) return null;
+
+  const data = await response.json() as any;
+  const hostname = data.database?.Hostname;
+  return hostname ? `libsql://${hostname}` : null;
+}
+
+async function apiCreateDatabase(org: string, dbName: string): Promise<string> {
+  const group = process.env.TURSO_GROUP || "default";
+
+  const response = await fetch(
+    `${TURSO_API}/organizations/${org}/databases`,
+    {
+      method: "POST",
+      headers: apiHeaders(),
+      body: JSON.stringify({ name: dbName, group }),
     }
-    writeFileSync(configPath, JSON.stringify({ database: url }, null, 2) + "\n");
-  } catch { /* falha ao salvar cache, nao e critico */ }
+  );
+
+  if (response.ok) {
+    console.log(`[codexa] Banco criado no Turso: ${dbName}`);
+    await new Promise((r) => setTimeout(r, 2000));
+    return (await apiFetchDatabase(org, dbName)) || `libsql://${dbName}-${org}.turso.io`;
+  }
+
+  if (response.status === 409) {
+    return (await apiFetchDatabase(org, dbName)) || `libsql://${dbName}-${org}.turso.io`;
+  }
+
+  if (response.status === 401 || response.status === 403) {
+    throwAuthError();
+  }
+
+  const body = await response.text();
+  throw new Error(`Falha ao criar banco (${response.status}): ${body}`);
+}
+
+async function apiMintDbToken(org: string, dbName: string): Promise<string> {
+  const response = await fetch(
+    `${TURSO_API}/organizations/${org}/databases/${dbName}/auth/tokens`,
+    { method: "POST", headers: apiHeaders() }
+  );
+
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(`Falha ao criar database token (${response.status}): ${body}`);
+  }
+
+  const data = await response.json() as any;
+  return data.jwt;
+}
+
+function throwAuthError(): never {
+  throw new Error(
+    "Turso Platform API rejeitou o token.\n\n" +
+    "Para auto-provisioning, use um Platform API token:\n" +
+    "  turso auth api-tokens mint codexa\n" +
+    "  export TURSO_API_TOKEN=<token-gerado>\n\n" +
+    "Ou se o banco ja existe, aponte direto:\n" +
+    "  export CODEXA_DB_URL=libsql://seu-db.region.turso.io\n" +
+    "  export TURSO_AUTH_TOKEN=<database-token>"
+  );
 }
 
 // ═══════════════════════════════════════════════════════════════
-// Provisioning: cria o DB no Turso se nao existir
-// Usa API-first (POST idempotente) para evitar bug de
-// compatibilidade Bun no @libsql/hrana-client (resp.body.cancel)
+// Provisioning: cria DB + minta token + salva config
 // ═══════════════════════════════════════════════════════════════
 
 export async function ensureDatabase(): Promise<void> {
   if (dbProvisioned) return;
 
-  const url = resolveDbUrl();
-
-  // Somente provisionar para URLs Turso (nao para file: ou :memory:)
-  if (!url.startsWith("libsql://")) {
+  // Se ja tem URL resolvida (env ou config), nada a fazer
+  try {
+    resolveDbUrl();
     dbProvisioned = true;
     return;
+  } catch (e) {
+    if (!(e instanceof NeedsProvisioningError)) throw e;
   }
 
-  const authToken = process.env.TURSO_AUTH_TOKEN;
+  // Precisa provisionar via Platform API
   const org = process.env.TURSO_ORG;
-  if (!authToken || !org) {
-    dbProvisioned = true;
-    return;
+  if (!org) {
+    throw new Error(
+      "Banco de dados nao configurado.\n\n" +
+      "Opcao 1 — Auto-provisioning:\n" +
+      "  export TURSO_ORG=sua-org\n" +
+      "  export TURSO_API_TOKEN=<platform-api-token>\n" +
+      "  codexa init\n\n" +
+      "Opcao 2 — Apontar para banco existente:\n" +
+      "  export CODEXA_DB_URL=libsql://seu-db.region.turso.io\n" +
+      "  export TURSO_AUTH_TOKEN=<database-token>"
+    );
   }
 
-  // Extrair nome do DB da URL: libsql://codexa-slug-org.turso.io → codexa-slug
-  const hostname = url.replace("libsql://", "").replace(".turso.io", "");
-  // O nome do DB no Turso e o hostname completo (sem .turso.io)
-  // Mas a API espera o nome curto. O hostname = name-org, entao name = hostname sem -org no final
-  const dbName = hostname.endsWith(`-${org}`)
-    ? hostname.slice(0, -(org.length + 1))
-    : hostname;
-
-  // API-first: tenta criar. 409 = ja existe (ok). 200 = criado.
-  // Isso evita o bug Bun no @libsql/hrana-client que ocorre quando
-  // tentamos conectar a um DB inexistente (resp.body?.cancel not a function)
-  const group = process.env.TURSO_GROUP || "default";
-  try {
-    const response = await fetch(
-      `https://api.turso.tech/v1/organizations/${org}/databases`,
-      {
-        method: "POST",
-        headers: {
-          "Authorization": `Bearer ${authToken}`,
-          "Content-Type": "application/json",
-        },
-        body: JSON.stringify({ name: dbName, group }),
-      }
-    );
+  const dbName = deriveDbNameFromGit();
 
-    if (response.ok) {
-      console.log(`[codexa] Banco criado no Turso: ${dbName}`);
-      // Aguardar um momento para o DB ficar disponivel
-      await new Promise((r) => setTimeout(r, 2000));
-    } else if (response.status === 409) {
-      // Ja existe — tudo certo
-    } else {
-      const body = await response.text();
-      console.error(`[codexa] Falha ao criar banco (${response.status}): ${body}`);
-    }
-  } catch (e: any) {
-    console.error(`[codexa] Erro ao provisionar banco: ${e.message}`);
+  // 1. Buscar ou criar o DB
+  let url = await apiFetchDatabase(org, dbName);
+  if (!url) {
+    url = await apiCreateDatabase(org, dbName);
   }
 
+  // 2. Mintar um database token para conexao
+  console.log(`[codexa] Gerando token de acesso...`);
+  const dbToken = await apiMintDbToken(org, dbName);
+
+  // 3. Salvar tudo no config (URL + token)
+  saveConfig({ database: url, token: dbToken });
+  console.log(`[codexa] Configuracao salva em .codexa/config.json`);
+
   dbProvisioned = true;
+
+  // 4. Resetar client para usar a nova URL/token
+  if (client) {
+    client.close();
+    client = null;
+  }
 }
 
 // ═══════════════════════════════════════════════════════════════
@@ -146,7 +252,7 @@ export async function ensureDatabase(): Promise<void> {
 export function getDb(): Client {
   if (!client) {
     const url = resolveDbUrl();
-    const authToken = process.env.TURSO_AUTH_TOKEN;
+    const authToken = resolveDbToken();
 
     client = createClient({
       url,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codexa/cli",
-  "version": "9.0.33",
+  "version": "9.0.35",
   "description": "Orchestrated workflow system for Claude Code - manages feature development through parallel subagents with structured phases, gates, and quality enforcement.",
   "type": "module",
   "bin": {