@controlvector/cv-agent 1.7.1 → 1.8.0

package/dist/bundle.cjs

@@ -3665,6 +3665,92 @@ async function validateToken(hubUrl, token) {
     return null;
   }
 }
+var DEVICE_CLIENT_ID = "cv-agent-cli";
+var DEVICE_SCOPES = "repo:read repo:write profile offline_access";
+var POLL_INTERVAL_MS = 5e3;
+var MAX_POLL_ATTEMPTS = 180;
+async function deviceAuthFlow(hubUrl, appUrl) {
+  const authRes = await fetch(`${hubUrl}/oauth/device/authorize`, {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: new URLSearchParams({
+      client_id: DEVICE_CLIENT_ID,
+      scope: DEVICE_SCOPES
+    })
+  });
+  if (!authRes.ok) {
+    const err = await authRes.json().catch(() => ({}));
+    throw new Error(err.error_description || `Device auth failed: ${authRes.status}`);
+  }
+  const auth = await authRes.json();
+  console.log(source_default.bold("  \u250C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2510"));
+  console.log(source_default.bold("  \u2502     CV-Hub Device Authorization          \u2502"));
+  console.log(source_default.bold("  \u251C\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2524"));
+  console.log(source_default.bold("  \u2502                                          \u2502"));
+  console.log(source_default.bold("  \u2502  Open this URL in your browser:          \u2502"));
+  console.log(source_default.bold(`  \u2502  ${source_default.cyan(auth.verification_uri).padEnd(51)}\u2502`));
+  console.log(source_default.bold("  \u2502                                          \u2502"));
+  console.log(source_default.bold("  \u2502  Then enter this code:                   \u2502"));
+  console.log(source_default.bold(`  \u2502          ${source_default.white.bold(auth.user_code)}                       \u2502`));
+  console.log(source_default.bold("  \u2502                                          \u2502"));
+  console.log(source_default.bold(`  \u2502  ${source_default.gray(`Expires in ${Math.floor(auth.expires_in / 60)} minutes`).padEnd(51)}\u2502`));
+  console.log(source_default.bold("  \u2514\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2518"));
+  console.log();
+  try {
+    const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
+    (0, import_node_child_process.execSync)(`${openCmd} "${auth.verification_uri_complete}" 2>/dev/null`, { timeout: 5e3 });
+    console.log(source_default.gray("  Browser opened. Waiting for authorization..."));
+  } catch {
+    console.log(source_default.gray("  Open the URL above in your browser."));
+  }
+  let interval = Math.max(auth.interval * 1e3, POLL_INTERVAL_MS);
+  const expireTime = Date.now() + auth.expires_in * 1e3;
+  for (let attempt = 0; attempt < MAX_POLL_ATTEMPTS; attempt++) {
+    await new Promise((r) => setTimeout(r, interval));
+    if (Date.now() > expireTime) {
+      throw new Error("Authorization timed out");
+    }
+    const remaining = Math.ceil((expireTime - Date.now()) / 1e3);
+    const mins = Math.floor(remaining / 60);
+    const secs = remaining % 60;
+    process.stdout.write(`\r  Waiting for authorization... (${mins}:${secs.toString().padStart(2, "0")} remaining) `);
+    const tokenRes = await fetch(`${hubUrl}/oauth/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/x-www-form-urlencoded" },
+      body: new URLSearchParams({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        device_code: auth.device_code,
+        client_id: DEVICE_CLIENT_ID
+      })
+    });
+    const tokenData = await tokenRes.json();
+    if (tokenData.access_token) {
+      process.stdout.write("\r" + " ".repeat(60) + "\r");
+      let uname = "user";
+      try {
+        const userRes = await fetch(`${hubUrl}/oauth/userinfo`, {
+          headers: { Authorization: `Bearer ${tokenData.access_token}` }
+        });
+        if (userRes.ok) {
+          const userInfo = await userRes.json();
+          uname = userInfo.preferred_username || userInfo.name || "user";
+        }
+      } catch {
+      }
+      return { token: tokenData.access_token, username: uname };
+    }
+    if (tokenData.error === "slow_down") {
+      interval += 5e3;
+    } else if (tokenData.error === "access_denied") {
+      process.stdout.write("\r" + " ".repeat(60) + "\r");
+      throw new Error("Authorization denied by user");
+    } else if (tokenData.error === "expired_token") {
+      process.stdout.write("\r" + " ".repeat(60) + "\r");
+      throw new Error("Authorization expired");
+    }
+  }
+  throw new Error("Authorization timed out");
+}
 function checkBinary(cmd) {
   try {
     return (0, import_node_child_process.execSync)(`${cmd} 2>&1`, { encoding: "utf8", timeout: 5e3 }).trim().split("\n")[0];
@@ -3724,38 +3810,20 @@ async function runSetup() {
   if (!token) {
     console.log("  Let's connect you to CV-Hub.");
     console.log();
-    const autoName = `${(0, import_node_os2.hostname)()}-${(/* @__PURE__ */ new Date()).toISOString().slice(0, 10)}`;
-    const tokenUrl = `${appUrl}/settings/tokens/new?name=${encodeURIComponent(autoName)}&scopes=agent,repo`;
-    console.log(source_default.gray(`  Opening: ${tokenUrl}`));
     try {
-      const openCmd = process.platform === "darwin" ? "open" : process.platform === "win32" ? "start" : "xdg-open";
-      (0, import_node_child_process.execSync)(`${openCmd} "${tokenUrl}" 2>/dev/null`, { timeout: 5e3 });
-    } catch {
-      console.log(source_default.gray("  (Could not open browser \u2014 copy the URL above)"));
-    }
-    console.log();
-    const readline = await import("node:readline");
-    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    token = await new Promise((resolve) => {
-      rl.question("  Paste your token here: ", (answer) => {
-        rl.close();
-        resolve(answer.trim());
-      });
-    });
-    if (!token) {
-      console.log(source_default.red("  No token provided. Run cva setup again."));
-      process.exit(1);
-    }
-    const user = await validateToken(hubUrl, token);
-    if (!user) {
-      console.log(source_default.red("  Token validation failed. Check your token and try again."));
+      const deviceResult = await deviceAuthFlow(hubUrl, appUrl);
+      token = deviceResult.token;
+      username = deviceResult.username;
+      console.log(source_default.green("  \u2713") + ` Authenticated as ${source_default.bold(username)}`);
+      writeSharedCreds({ hub_url: hubUrl, token, username, created_at: (/* @__PURE__ */ new Date()).toISOString() });
+      await writeCredentialField("CV_HUB_PAT", token);
+      await writeCredentialField("CV_HUB_API", hubUrl);
+    } catch (err) {
+      console.log(source_default.red(`  Authentication failed: ${err.message}`));
+      console.log(source_default.gray("  You can retry with: cva setup"));
+      console.log(source_default.gray("  Or manually: cva auth login --token <your-pat>"));
       process.exit(1);
     }
-    username = user;
-    console.log(source_default.green("  \u2713") + ` Authenticated as ${source_default.bold(user)}`);
-    writeSharedCreds({ hub_url: hubUrl, token, username, created_at: (/* @__PURE__ */ new Date()).toISOString() });
-    await writeCredentialField("CV_HUB_PAT", token);
-    await writeCredentialField("CV_HUB_API", hubUrl);
   }
   console.log();
   console.log("  Claude.ai MCP connector:");
@@ -3827,6 +3895,20 @@ async function runSetup() {
       }
     } catch {
     }
+    try {
+      const credStorePath = (0, import_node_path.join)((0, import_node_os2.homedir)(), ".git-credentials");
+      const credLine = `https://${username}:${token}@${gitHost}`;
+      let existing = "";
+      try {
+        existing = (0, import_node_fs.readFileSync)(credStorePath, "utf-8");
+      } catch {
+      }
+      if (!existing.includes(gitHost)) {
+        (0, import_node_fs.writeFileSync)(credStorePath, existing + credLine + "\n", { mode: 384 });
+      }
+      (0, import_node_child_process.execSync)(`git config --global credential.helper store`, { stdio: "pipe" });
+    } catch {
+    }
     try {
       (0, import_node_child_process.execSync)("git log --oneline -1", { cwd, stdio: "pipe" });
       const status = (0, import_node_child_process.execSync)("git status --porcelain", { cwd, encoding: "utf8" }).trim();
@@ -6070,7 +6152,7 @@ function statusCommand() {
 
 // src/index.ts
 var program2 = new Command();
-program2.name("cva").description('CV-Hub Agent \u2014 bridges Claude Code with CV-Hub task dispatch.\n\nRun "cva setup" to get started.').version(true ? "1.7.1" : "1.6.0");
+program2.name("cva").description('CV-Hub Agent \u2014 bridges Claude Code with CV-Hub task dispatch.\n\nRun "cva setup" to get started.').version(true ? "1.8.0" : "1.6.0");
 program2.addCommand(setupCommand());
 program2.addCommand(agentCommand());
 program2.addCommand(authCommand());