@codexa/cli 9.0.34 → 9.0.36

package/commands/migrate.ts

@@ -0,0 +1,137 @@
+import { createClient, type Client } from "@libsql/client";
+import { initSchema } from "../db/schema";
+import { getDb } from "../db/connection";
+import { existsSync } from "fs";
+import { join } from "path";
+
+const TABLES_IN_ORDER = [
+  "specs",
+  "project",
+  "standards",
+  "product_context",
+  "lib_contexts",
+  "agent_lib_mappings",
+  "implementation_patterns",
+  "architectural_analyses",
+  "project_utilities",
+  "schema_migrations",
+  "context",
+  "tasks",
+  "decisions",
+  "artifacts",
+  "review",
+  "snapshots",
+  "knowledge",
+  "gate_bypasses",
+  "product_goals",
+  "product_features",
+  "knowledge_graph",
+  "reasoning_log",
+  "agent_performance",
+  "knowledge_acknowledgments",
+];
+
+interface MigrateOptions {
+  dbPath?: string;
+  dryRun?: boolean;
+}
+
+export async function migrateToTurso(options: MigrateOptions = {}): Promise<void> {
+  const localPath = options.dbPath || join(process.cwd(), ".codexa", "db", "workflow.db");
+
+  if (!existsSync(localPath)) {
+    console.error(`\nArquivo nao encontrado: ${localPath}`);
+    console.error("Use --db-path para especificar o caminho do workflow.db\n");
+    return;
+  }
+
+  console.log(`\n${"═".repeat(50)}`);
+  console.log("MIGRACAO: SQLite local → Turso");
+  console.log(`${"═".repeat(50)}\n`);
+  console.log(`Origem:  ${localPath}`);
+
+  // 1. Abrir DB local via @libsql/client file: mode
+  const localClient = createClient({ url: `file:${localPath}` });
+
+  // 2. Garantir que o schema remoto esta atualizado
+  console.log("Destino: inicializando schema no Turso...");
+  await initSchema();
+  const remoteClient = getDb();
+
+  const remoteUrl = process.env.CODEXA_DB_URL || "(config.json)";
+  console.log(`Destino: ${remoteUrl}\n`);
+
+  if (options.dryRun) {
+    console.log("[DRY RUN] Nenhum dado sera escrito.\n");
+  }
+
+  // 3. Para cada tabela, ler colunas do schema remoto
+  let totalRows = 0;
+  let totalTables = 0;
+
+  for (const table of TABLES_IN_ORDER) {
+    // Verificar se a tabela existe no local
+    const localTableCheck = await localClient.execute({
+      sql: "SELECT name FROM sqlite_master WHERE type='table' AND name=?",
+      args: [table],
+    });
+    if (localTableCheck.rows.length === 0) continue;
+
+    // Pegar colunas do schema remoto (as que importam)
+    const remoteColumns = await remoteClient.execute(`PRAGMA table_info(${table})`);
+    const columnNames = remoteColumns.rows.map((r: any) => r.name as string);
+
+    if (columnNames.length === 0) continue;
+
+    // Pegar colunas do local para saber quais existem nos dois
+    const localColumns = await localClient.execute(`PRAGMA table_info(${table})`);
+    const localColumnNames = new Set(localColumns.rows.map((r: any) => r.name as string));
+
+    // Usar apenas colunas que existem em ambos
+    const commonColumns = columnNames.filter((c) => localColumnNames.has(c));
+    if (commonColumns.length === 0) continue;
+
+    // Ler dados do local (apenas colunas comuns)
+    const selectSql = `SELECT ${commonColumns.map((c) => `"${c}"`).join(", ")} FROM "${table}"`;
+    const localData = await localClient.execute(selectSql);
+
+    if (localData.rows.length === 0) continue;
+
+    const count = localData.rows.length;
+    totalRows += count;
+    totalTables++;
+
+    if (options.dryRun) {
+      console.log(`  ${table}: ${count} registros`);
+      continue;
+    }
+
+    // Inserir no remoto em batches (max 20 statements por batch)
+    const placeholders = commonColumns.map(() => "?").join(", ");
+    const insertSql = `INSERT OR IGNORE INTO "${table}" (${commonColumns.map((c) => `"${c}"`).join(", ")}) VALUES (${placeholders})`;
+
+    const BATCH_SIZE = 20;
+    for (let i = 0; i < localData.rows.length; i += BATCH_SIZE) {
+      const batch = localData.rows.slice(i, i + BATCH_SIZE);
+      await remoteClient.batch(
+        batch.map((row: any) => ({
+          sql: insertSql,
+          args: commonColumns.map((col) => row[col] ?? null),
+        })),
+        "write"
+      );
+    }
+
+    console.log(`  ${table}: ${count} registros migrados`);
+  }
+
+  localClient.close();
+
+  console.log(`\n${"─".repeat(50)}`);
+  if (options.dryRun) {
+    console.log(`[DRY RUN] ${totalRows} registros em ${totalTables} tabelas seriam migrados.`);
+  } else {
+    console.log(`Migracao concluida: ${totalRows} registros em ${totalTables} tabelas.`);
+  }
+  console.log();
+}

package/db/connection.ts

@@ -10,31 +10,70 @@ const TURSO_API = "https://api.turso.tech/v1";
 const CONFIG_PATH = () => join(process.cwd(), ".codexa", "config.json");
 
 // ═══════════════════════════════════════════════════════════════
-// Resolucao de DB URL: env → config local → provisionar via API
+// Config: database URL + database token (cached locally)
+//
+// Tokens no Turso:
+//   TURSO_API_TOKEN  → Platform API (criar/gerenciar DBs)
+//   TURSO_AUTH_TOKEN → Conexao ao DB (libSQL protocol)
+//
+// O auto-provisioning usa TURSO_API_TOKEN para criar o DB e
+// mintar um database token, que e salvo no config.json junto
+// com a URL. Depois disso, so TURSO_AUTH_TOKEN e necessario
+// (ou o token do config).
 // ═══════════════════════════════════════════════════════════════
 
-function resolveDbUrl(): string {
-  // 1. Override explicito via env var
-  if (process.env.CODEXA_DB_URL) return process.env.CODEXA_DB_URL;
+interface CodexaConfig {
+  database?: string;
+  token?: string;
+}
 
-  // 2. Cache local (.codexa/config.json)
+function loadConfig(): CodexaConfig {
   const configPath = CONFIG_PATH();
   if (existsSync(configPath)) {
     try {
-      const config = JSON.parse(readFileSync(configPath, "utf-8"));
-      if (config.database) return config.database;
-    } catch { /* config invalido, continuar */ }
+      return JSON.parse(readFileSync(configPath, "utf-8"));
+    } catch { /* config invalido */ }
   }
+  return {};
+}
+
+function saveConfig(config: CodexaConfig): void {
+  try {
+    const configPath = CONFIG_PATH();
+    const dir = dirname(configPath);
+    if (!existsSync(dir)) {
+      mkdirSync(dir, { recursive: true });
+    }
+    writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n");
+  } catch { /* falha ao salvar cache, nao e critico */ }
+}
+
+// ═══════════════════════════════════════════════════════════════
+// Resolucao: URL e token para conexao
+// ═══════════════════════════════════════════════════════════════
+
+function resolveDbUrl(): string {
+  if (process.env.CODEXA_DB_URL) return process.env.CODEXA_DB_URL;
+
+  const config = loadConfig();
+  if (config.database) return config.database;
 
-  // 3. Precisa provisionar — retorna placeholder que sera resolvido em ensureDatabase()
-  // Nao temos a URL real sem chamar a API (por causa da regiao no hostname)
   throw new NeedsProvisioningError();
 }
 
+function resolveDbToken(): string | undefined {
+  // 1. Env var explicita (sempre tem prioridade)
+  if (process.env.TURSO_AUTH_TOKEN) return process.env.TURSO_AUTH_TOKEN;
+
+  // 2. Token do config (mintado durante provisioning)
+  const config = loadConfig();
+  if (config.token) return config.token;
+
+  return undefined;
+}
+
 class NeedsProvisioningError extends Error {
-  constructor() {
-    super("DB_NEEDS_PROVISIONING");
-  }
+  constructor() { super("DB_NEEDS_PROVISIONING"); }
 }
 
 function deriveDbNameFromGit(): string {
@@ -50,84 +89,57 @@ function deriveDbNameFromGit(): string {
   return dirName.toLowerCase().replace(/[^a-z0-9-]/g, "-");
 }
 
-function saveConfig(url: string): void {
-  try {
-    const configPath = CONFIG_PATH();
-    const dir = dirname(configPath);
-    if (!existsSync(dir)) {
-      mkdirSync(dir, { recursive: true });
-    }
-    writeFileSync(configPath, JSON.stringify({ database: url }, null, 2) + "\n");
-  } catch { /* falha ao salvar cache, nao e critico */ }
-}
+// ═══════════════════════════════════════════════════════════════
+// Turso Platform API helpers
+// ═══════════════════════════════════════════════════════════════
 
-function tursoHeaders(): Record<string, string> {
-  const authToken = process.env.TURSO_AUTH_TOKEN;
-  if (!authToken) {
+function apiToken(): string {
+  const token = process.env.TURSO_API_TOKEN || process.env.TURSO_AUTH_TOKEN;
+  if (!token) {
     throw new Error(
-      "TURSO_AUTH_TOKEN nao configurado.\n\n" +
-      "  export TURSO_AUTH_TOKEN=$(turso auth token)\n" +
-      "  export TURSO_ORG=sua-org"
+      "Token Turso nao configurado.\n\n" +
+      "Para auto-provisioning:\n" +
+      "  export TURSO_API_TOKEN=<platform-api-token>\n" +
+      "  export TURSO_ORG=sua-org\n\n" +
+      "Gerar API token: turso auth api-tokens mint codexa\n" +
+      "Ou usar sessao CLI: export TURSO_API_TOKEN=$(turso auth token)"
     );
   }
+  return token;
+}
+
+function apiHeaders(): Record<string, string> {
   return {
-    "Authorization": `Bearer ${authToken}`,
+    "Authorization": `Bearer ${apiToken()}`,
     "Content-Type": "application/json",
   };
 }
 
-// ═══════════════════════════════════════════════════════════════
-// Turso API: buscar hostname real do DB (inclui regiao)
-// GET /v1/organizations/{org}/databases/{name}
-// Retorna { database: { Hostname: "name-org.region.turso.io" } }
-// ═══════════════════════════════════════════════════════════════
-
-async function fetchDatabaseUrl(org: string, dbName: string): Promise<string | null> {
-  try {
-    const response = await fetch(
-      `${TURSO_API}/organizations/${org}/databases/${dbName}`,
-      { headers: tursoHeaders() }
-    );
-
-    if (response.status === 404) return null;
-
-    if (response.status === 401 || response.status === 403) {
-      const body = await response.text();
-      throw new Error(
-        `Autenticacao Turso falhou (${response.status}).\n` +
-        `  ${body}\n\n` +
-        "Verifique:\n" +
-        "  1. TURSO_AUTH_TOKEN esta correto e nao expirado\n" +
-        "  2. TURSO_ORG corresponde a sua organizacao no Turso\n\n" +
-        "  Gerar novo token: turso auth token"
-      );
-    }
-
-    if (!response.ok) return null;
+async function apiFetchDatabase(org: string, dbName: string): Promise<string | null> {
+  const response = await fetch(
+    `${TURSO_API}/organizations/${org}/databases/${dbName}`,
+    { headers: apiHeaders() }
+  );
 
-    const data = await response.json() as any;
-    const hostname = data.database?.Hostname;
-    if (hostname) return `libsql://${hostname}`;
-    return null;
-  } catch (e: any) {
-    if (e.message?.includes("Autenticacao Turso")) throw e;
-    return null;
+  if (response.status === 404) return null;
+  if (response.status === 401 || response.status === 403) {
+    throwAuthError();
   }
-}
+  if (!response.ok) return null;
 
-// ═══════════════════════════════════════════════════════════════
-// Turso API: criar DB e retornar hostname real
-// POST /v1/organizations/{org}/databases
-// ═══════════════════════════════════════════════════════════════
+  const data = await response.json() as any;
+  const hostname = data.database?.Hostname;
+  return hostname ? `libsql://${hostname}` : null;
+}
 
-async function createDatabase(org: string, dbName: string): Promise<string> {
+async function apiCreateDatabase(org: string, dbName: string): Promise<string> {
   const group = process.env.TURSO_GROUP || "default";
 
   const response = await fetch(
     `${TURSO_API}/organizations/${org}/databases`,
     {
       method: "POST",
-      headers: tursoHeaders(),
+      headers: apiHeaders(),
       body: JSON.stringify({ name: dbName, group }),
     }
   );
@@ -135,49 +147,56 @@ async function createDatabase(org: string, dbName: string): Promise<string> {
   if (response.ok) {
     console.log(`[codexa] Banco criado no Turso: ${dbName}`);
     await new Promise((r) => setTimeout(r, 2000));
-
-    // Buscar hostname real (a resposta do POST pode nao ter o formato completo)
-    const url = await fetchDatabaseUrl(org, dbName);
-    if (url) return url;
-
-    // Fallback: construir URL sem regiao (pode funcionar em algumas configs)
-    return `libsql://${dbName}-${org}.turso.io`;
+    return (await apiFetchDatabase(org, dbName)) || `libsql://${dbName}-${org}.turso.io`;
   }
 
   if (response.status === 409) {
-    // Ja existe — buscar hostname real
-    const url = await fetchDatabaseUrl(org, dbName);
-    if (url) return url;
-    return `libsql://${dbName}-${org}.turso.io`;
+    return (await apiFetchDatabase(org, dbName)) || `libsql://${dbName}-${org}.turso.io`;
   }
 
   if (response.status === 401 || response.status === 403) {
-    const body = await response.text();
-    throw new Error(
-      `Autenticacao Turso falhou (${response.status}).\n` +
-      `  ${body}\n\n` +
-      "Verifique:\n" +
-      "  1. TURSO_AUTH_TOKEN esta correto e nao expirado\n" +
-      "  2. TURSO_ORG corresponde a sua organizacao no Turso\n\n" +
-      "  Gerar novo token: turso auth token"
-    );
+    throwAuthError();
   }
 
   const body = await response.text();
+  throw new Error(`Falha ao criar banco (${response.status}): ${body}`);
+}
+
+async function apiMintDbToken(org: string, dbName: string): Promise<string> {
+  const response = await fetch(
+    `${TURSO_API}/organizations/${org}/databases/${dbName}/auth/tokens`,
+    { method: "POST", headers: apiHeaders() }
+  );
+
+  if (!response.ok) {
+    const body = await response.text();
+    throw new Error(`Falha ao criar database token (${response.status}): ${body}`);
+  }
+
+  const data = await response.json() as any;
+  return data.jwt;
+}
+
+function throwAuthError(): never {
   throw new Error(
-    `Falha ao criar banco no Turso (${response.status}): ${body}\n` +
-    `  DB: ${dbName} | Org: ${org} | Group: ${group}`
+    "Turso Platform API rejeitou o token.\n\n" +
+    "Para auto-provisioning, use um Platform API token:\n" +
+    "  turso auth api-tokens mint codexa\n" +
+    "  export TURSO_API_TOKEN=<token-gerado>\n\n" +
+    "Ou se o banco ja existe, aponte direto:\n" +
+    "  export CODEXA_DB_URL=libsql://seu-db.region.turso.io\n" +
+    "  export TURSO_AUTH_TOKEN=<database-token>"
   );
 }
 
 // ═══════════════════════════════════════════════════════════════
-// Provisioning: garante que o DB existe e resolve a URL real
+// Provisioning: cria DB + minta token + salva config
 // ═══════════════════════════════════════════════════════════════
 
 export async function ensureDatabase(): Promise<void> {
   if (dbProvisioned) return;
 
-  // Se ja tem URL resolvida (env ou config), apenas marcar como provisionado
+  // Se ja tem URL resolvida (env ou config), nada a fazer
   try {
     resolveDbUrl();
     dbProvisioned = true;
@@ -186,36 +205,40 @@ export async function ensureDatabase(): Promise<void> {
     if (!(e instanceof NeedsProvisioningError)) throw e;
   }
 
-  // Precisa provisionar via API
+  // Precisa provisionar via Platform API
   const org = process.env.TURSO_ORG;
   if (!org) {
     throw new Error(
       "Banco de dados nao configurado.\n\n" +
-      "Opcao 1 — Configurar automaticamente:\n" +
+      "Opcao 1 — Auto-provisioning:\n" +
       "  export TURSO_ORG=sua-org\n" +
-      "  export TURSO_AUTH_TOKEN=eyJ...\n" +
+      "  export TURSO_API_TOKEN=<platform-api-token>\n" +
       "  codexa init\n\n" +
-      "Opcao 2 — Configurar manualmente:\n" +
-      "  export CODEXA_DB_URL=libsql://seu-db.turso.io\n" +
-      "  export TURSO_AUTH_TOKEN=eyJ..."
+      "Opcao 2 — Apontar para banco existente:\n" +
+      "  export CODEXA_DB_URL=libsql://seu-db.region.turso.io\n" +
+      "  export TURSO_AUTH_TOKEN=<database-token>"
     );
   }
 
   const dbName = deriveDbNameFromGit();
 
-  // 1. Verificar se o DB ja existe
-  let url = await fetchDatabaseUrl(org, dbName);
-
-  // 2. Se nao existe, criar
+  // 1. Buscar ou criar o DB
+  let url = await apiFetchDatabase(org, dbName);
   if (!url) {
-    url = await createDatabase(org, dbName);
+    url = await apiCreateDatabase(org, dbName);
   }
 
-  // 3. Salvar no config para proximas execucoes
-  saveConfig(url);
+  // 2. Mintar um database token para conexao
+  console.log(`[codexa] Gerando token de acesso...`);
+  const dbToken = await apiMintDbToken(org, dbName);
+
+  // 3. Salvar tudo no config (URL + token)
+  saveConfig({ database: url, token: dbToken });
+  console.log(`[codexa] Configuracao salva em .codexa/config.json`);
+
   dbProvisioned = true;
 
-  // 4. Resetar client para usar a nova URL
+  // 4. Resetar client para usar a nova URL/token
   if (client) {
     client.close();
     client = null;
@@ -229,7 +252,7 @@ export async function ensureDatabase(): Promise<void> {
 export function getDb(): Client {
   if (!client) {
     const url = resolveDbUrl();
-    const authToken = process.env.TURSO_AUTH_TOKEN;
+    const authToken = resolveDbToken();
 
     client = createClient({
       url,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codexa/cli",
-  "version": "9.0.34",
+  "version": "9.0.36",
   "description": "Orchestrated workflow system for Claude Code - manages feature development through parallel subagents with structured phases, gates, and quality enforcement.",
   "type": "module",
   "bin": {

package/workflow.ts

@@ -41,6 +41,7 @@ import {
   architectCancel,
 } from "./commands/architect";
 import { teamSuggest } from "./commands/team";
+import { migrateToTurso } from "./commands/migrate";
 import { initSchema } from "./db/schema";
 import { closeDb, dbGet, dbRun, ensureDatabase, getResolvedDbUrl } from "./db/connection";
 import { execSync } from "child_process";
@@ -574,6 +575,15 @@ program
     console.log(`\nBanco de dados inicializado: ${url}\n`);
   });
 
+program
+  .command("migrate")
+  .description("Migra dados do SQLite local (.codexa/db/workflow.db) para o Turso")
+  .option("--db-path <path>", "Caminho do workflow.db local (padrao: .codexa/db/workflow.db)")
+  .option("--dry-run", "Simula a migracao sem escrever dados")
+  .action(async (options) => {
+    await migrateToTurso({ dbPath: options.dbPath, dryRun: options.dryRun });
+  });
+
 // ═══════════════════════════════════════════════════════════════
 // DISCOVER
 // ═══════════════════════════════════════════════════════════════