@docyrus/docyrus 0.0.75 → 0.0.77

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@docyrus/docyrus",
-  "version": "0.0.75",
+  "version": "0.0.77",
   "private": false,
   "description": "Docyrus API CLI",
   "main": "./main.js",

package/resources/pi-agent/extensions/docyrus-auth-tool.ts

@@ -0,0 +1,322 @@
+/**
+ * Docyrus authentication tool for the pi coding agent.
+ *
+ * Registers a single tool `authenticate_docyrus` that the agent can call to
+ * authenticate the Docyrus CLI in the current working directory.
+ *
+ * Two execution modes are supported, selected at call time:
+ *
+ * - Server desktop mode (DOCYRUS_DESKTOP_TOOLS=1):
+ *   The execute handler routes the call to the desktop client via
+ *   ctx.ui.input("authenticate_docyrus", paramsJson). The Electron host
+ *   detects the tool name, runs the OAuth2 device flow on behalf of the
+ *   user (in the same cwd) and replies with the authenticated profile.
+ *
+ * - TUI / non-desktop mode:
+ *   Pi owns the active terminal, so we cannot run `docyrus auth login`
+ *   inline. Instead the handler opens a new OS terminal window, runs
+ *   `docyrus auth login` interactively, and polls `docyrus auth who --json`
+ *   in the background until the user finishes (or times out).
+ */
+import { spawn } from "node:child_process";
+import { promisify } from "node:util";
+import { execFile as execFileCb } from "node:child_process";
+import { Type } from "typebox";
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+const execFile = promisify(execFileCb);
+
+const TOOL_NAME = "authenticate_docyrus";
+const DESKTOP_TIMEOUT_MS = 5 * 60_000;
+const TUI_POLL_INTERVAL_MS = 2_000;
+const TUI_TIMEOUT_MS = 10 * 60_000;
+
+interface IAuthenticateInput {
+  scope?: string;
+  clientId?: string;
+}
+
+interface IAuthenticateResult {
+  authenticated: boolean;
+  apiBaseUrl?: string;
+  userId?: string;
+  email?: string;
+  tenantId?: string;
+  tenantName?: string;
+  tenantNo?: number;
+  scope?: string;
+}
+
+function toolResult(payload: unknown) {
+  const text = typeof payload === "string" ? payload : JSON.stringify(payload, null, 2);
+  return { content: [{ type: "text" as const, text }] };
+}
+
+function toolError(message: string) {
+  return { content: [{ type: "text" as const, text: message }], isError: true };
+}
+
+function readDocyrusCliEnvironment(env: NodeJS.ProcessEnv = process.env): {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+} {
+  const executable = env.DOCYRUS_CLI_EXECUTABLE?.trim();
+  const entryPath = env.DOCYRUS_CLI_ENTRY?.trim();
+  const rawScope = env.DOCYRUS_CLI_SCOPE?.trim();
+  const scope = rawScope === "global" ? "global" : "local";
+  if (!executable || !entryPath) {
+    throw new Error("Missing Docyrus CLI runtime env. Expected DOCYRUS_CLI_EXECUTABLE and DOCYRUS_CLI_ENTRY.");
+  }
+  return { executable, entryPath, scope };
+}
+
+function buildAuthLoginArgs(input: IAuthenticateInput, scope: "local" | "global"): string[] {
+  const args: string[] = [];
+  if (scope === "global") {
+    args.push("-g");
+  }
+  args.push("auth", "login");
+  if (input.scope?.trim()) {
+    args.push("--scope", input.scope.trim());
+  }
+  if (input.clientId?.trim()) {
+    args.push("--clientId", input.clientId.trim());
+  }
+  return args;
+}
+
+function buildAuthWhoArgs(scope: "local" | "global"): string[] {
+  const args: string[] = [];
+  if (scope === "global") {
+    args.push("-g");
+  }
+  args.push("auth", "who", "--json");
+  return args;
+}
+
+function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
+function spawnInteractiveTerminal(params: {
+  executable: string;
+  entryPath: string;
+  args: string[];
+  cwd: string;
+}): void {
+  const platform = process.platform;
+  const fullCommand = [params.executable, params.entryPath, ...params.args]
+    .map(shellQuote)
+    .join(" ");
+
+  if (platform === "darwin") {
+    const script = `cd ${shellQuote(params.cwd)} && ${fullCommand}`;
+    const osa = `tell application "Terminal"
+activate
+do script ${JSON.stringify(script)}
+end tell`;
+    spawn("osascript", ["-e", osa], { stdio: "ignore", detached: true }).unref();
+    return;
+  }
+
+  if (platform === "win32") {
+    const winCommand = `cd /d ${shellQuote(params.cwd)} && ${fullCommand}`;
+    spawn("cmd", ["/c", "start", "", "cmd", "/k", winCommand], {
+      stdio: "ignore",
+      detached: true,
+      windowsHide: false,
+    }).unref();
+    return;
+  }
+
+  const candidates = ["x-terminal-emulator", "gnome-terminal", "konsole", "xterm"];
+  const linuxCommand = `cd ${shellQuote(params.cwd)} && ${fullCommand}; echo; read -n1 -rsp 'Press any key to close...'`;
+  for (const candidate of candidates) {
+    try {
+      spawn(candidate, ["-e", "bash", "-c", linuxCommand], { stdio: "ignore", detached: true }).unref();
+      return;
+    }
+    catch {
+      // try next candidate
+    }
+  }
+  throw new Error("No supported terminal emulator was found. Run `docyrus auth login` manually in another terminal.");
+}
+
+async function readAuthWho(params: {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+  cwd: string;
+}): Promise<IAuthenticateResult | null> {
+  try {
+    const { stdout } = await execFile(
+      params.executable,
+      [params.entryPath, ...buildAuthWhoArgs(params.scope)],
+      { cwd: params.cwd },
+    );
+    const parsed = JSON.parse(stdout) as Record<string, unknown>;
+    const data = (parsed.data ?? parsed) as Record<string, unknown> | undefined;
+    const ctx = (parsed.context ?? null) as Record<string, unknown> | null;
+    if (!data || typeof data !== "object") {
+      return null;
+    }
+
+    return {
+      authenticated: true,
+      userId: typeof data.id === "string" ? data.id : undefined,
+      email: typeof data.email === "string" ? data.email : undefined,
+      tenantId: ctx && typeof ctx.tenantId === "string" ? ctx.tenantId : undefined,
+      tenantName: ctx && typeof ctx.tenantName === "string" ? ctx.tenantName : undefined,
+      tenantNo: ctx && typeof ctx.tenantNo === "number" ? ctx.tenantNo : undefined,
+    };
+  }
+  catch {
+    return null;
+  }
+}
+
+async function pollUntilAuthenticated(params: {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+  cwd: string;
+  signal?: AbortSignal;
+  baseline: IAuthenticateResult | null;
+}): Promise<IAuthenticateResult | null> {
+  const deadline = Date.now() + TUI_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    if (params.signal?.aborted) {
+      return null;
+    }
+    const profile = await readAuthWho(params);
+    if (profile && profile.userId
+      && (!params.baseline || params.baseline.userId !== profile.userId || params.baseline.tenantId !== profile.tenantId)) {
+      return profile;
+    }
+    await new Promise<void>((resolve) => {
+      const timer = setTimeout(resolve, TUI_POLL_INTERVAL_MS);
+      params.signal?.addEventListener("abort", () => {
+        clearTimeout(timer);
+        resolve();
+      }, { once: true });
+    });
+  }
+  return null;
+}
+
+async function executeDesktop(params: {
+  input: IAuthenticateInput;
+  ctx: { ui: { input: (title: string, placeholder?: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<string | undefined> } };
+  signal: AbortSignal | undefined;
+}) {
+  const paramsJson = JSON.stringify(params.input ?? {});
+  const resultJson = await params.ctx.ui.input(TOOL_NAME, paramsJson, {
+    signal: params.signal,
+    timeout: DESKTOP_TIMEOUT_MS,
+  });
+
+  if (!resultJson) {
+    return toolError("Desktop authentication was cancelled or timed out.");
+  }
+
+  try {
+    return toolResult(JSON.parse(resultJson));
+  }
+  catch {
+    return toolResult(resultJson);
+  }
+}
+
+async function executeTui(params: {
+  input: IAuthenticateInput;
+  ctx: {
+    cwd?: string;
+    hasUI: boolean;
+    ui: {
+      notify?: (message: string, level?: "info" | "warning" | "error") => void;
+      confirm?: (title: string, message: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<boolean>;
+    };
+  };
+  signal: AbortSignal | undefined;
+}) {
+  const env = readDocyrusCliEnvironment();
+  const cwd = params.ctx.cwd || process.cwd();
+  const baseline = await readAuthWho({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    scope: env.scope,
+    cwd,
+  });
+
+  const launchArgs = buildAuthLoginArgs(params.input ?? {}, env.scope);
+  spawnInteractiveTerminal({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    args: launchArgs,
+    cwd,
+  });
+
+  if (params.ctx.hasUI && params.ctx.ui.notify) {
+    params.ctx.ui.notify(
+      "Opened a new terminal to run `docyrus auth login`. Complete the device flow there; this tool will detect when login succeeds.",
+      "info",
+    );
+  }
+
+  const profile = await pollUntilAuthenticated({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    scope: env.scope,
+    cwd,
+    signal: params.signal,
+    baseline,
+  });
+
+  if (!profile) {
+    return toolError("Timed out waiting for `docyrus auth login` to complete in the new terminal.");
+  }
+
+  return toolResult(profile);
+}
+
+export default function docyrusAuthTool(pi: ExtensionAPI): void {
+  pi.registerTool({
+    name: TOOL_NAME,
+    label: "Docyrus Authenticate",
+    description:
+      "Authenticate the Docyrus CLI in the current working directory. " +
+      "In the desktop app, the host runs the OAuth2 device flow automatically and returns the resulting profile. " +
+      "In a terminal session, a new terminal window is opened to run `docyrus auth login` interactively and the tool waits for it to finish.",
+    parameters: Type.Object({
+      scope: Type.Optional(Type.String({ description: "Optional OAuth2 scopes; defaults to the CLI's standard login scope." })),
+      clientId: Type.Optional(Type.String({ description: "Optional OAuth2 client id override." })),
+    }),
+    execute: async(
+      _toolCallId: string,
+      input: IAuthenticateInput,
+      signal: AbortSignal | undefined,
+      _onUpdate: unknown,
+      ctx: {
+        cwd?: string;
+        hasUI: boolean;
+        ui: {
+          input: (title: string, placeholder?: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<string | undefined>;
+          notify?: (message: string, level?: "info" | "warning" | "error") => void;
+          confirm?: (title: string, message: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<boolean>;
+        };
+      },
+    ) => {
+      try {
+        if (process.env.DOCYRUS_DESKTOP_TOOLS === "1") {
+          return await executeDesktop({ input: input ?? {}, ctx, signal });
+        }
+        return await executeTui({ input: input ?? {}, ctx, signal });
+      }
+      catch (error: unknown) {
+        return toolError(error instanceof Error ? error.message : String(error));
+      }
+    },
+  });
+}

package/server-loader.js

@@ -44601,6 +44601,21 @@ async function listAllTools(params) {
 
 // src/server/browserToolSchemas.ts
 var BROWSER_TOOL_PREFIX = "docyrus_browser_";
+var DESKTOP_AUTHENTICATE_TOOL_NAME = "authenticate_docyrus";
+var DESKTOP_TOOL_SCHEMAS = [
+  {
+    name: DESKTOP_AUTHENTICATE_TOOL_NAME,
+    description: "Authenticate the Docyrus CLI in the current working directory. The desktop app runs the OAuth2 device flow on behalf of the user and returns the authenticated profile (user, tenant, scope).",
+    source: "built-in",
+    inputSchema: {
+      type: "object",
+      properties: {
+        scope: { type: "string", description: "Optional OAuth2 scopes; defaults to the CLI's standard login scope." },
+        clientId: { type: "string", description: "Optional OAuth2 client id override." }
+      }
+    }
+  }
+];
 var BROWSER_TOOL_SCHEMAS = [
   {
     name: "docyrus_browser_navigate",
@@ -47028,6 +47043,67 @@ async function createAgentServer(params) {
       return c.json({ error: message }, 500);
     }
   });
+  app.post("/api/git/sync", async (c) => {
+    const cwd = context.cwd;
+    const body2 = await c.req.json().catch(() => ({}));
+    try {
+      let isRepo = false;
+      try {
+        const inside = (await gitExec(["rev-parse", "--is-inside-work-tree"], cwd)).trim();
+        isRepo = inside === "true";
+      } catch {
+        isRepo = false;
+      }
+      if (!isRepo) {
+        return c.json({ error: "Not a git repository", cwd }, 400);
+      }
+      const branch = body2.branch?.trim() || (await gitExec(["rev-parse", "--abbrev-ref", "HEAD"], cwd)).trim();
+      if (!branch || branch === "HEAD") {
+        return c.json({ error: "Cannot sync from a detached HEAD", cwd }, 409);
+      }
+      const remote = body2.remote?.trim() || "origin";
+      await gitExec(["add", "-A"], cwd);
+      const statusRaw = (await gitExec(["status", "--porcelain"], cwd)).trim();
+      const hasStaged = (await gitExec(["diff", "--cached", "--name-only"], cwd)).trim().length > 0;
+      let committed = false;
+      let commitHash;
+      const commitMessage = body2.message?.trim() || "chore: sync from docyrus coder";
+      if (hasStaged) {
+        await gitExec(["commit", "-m", commitMessage], cwd);
+        commitHash = (await gitExec(["rev-parse", "HEAD"], cwd)).trim();
+        committed = true;
+      }
+      let upstream;
+      try {
+        upstream = (await gitExec(["rev-parse", "--abbrev-ref", "--symbolic-full-name", "@{u}"], cwd)).trim();
+      } catch {
+        upstream = void 0;
+      }
+      const pushArgs = upstream ? ["push", remote, branch] : ["push", "--set-upstream", remote, branch];
+      const pushOutput = await gitExec(pushArgs, cwd);
+      return c.json({
+        ok: true,
+        cwd,
+        branch,
+        remote,
+        committed,
+        commit: committed ? { hash: commitHash, message: commitMessage } : null,
+        pushed: true,
+        upstreamSet: !upstream,
+        statusBeforeSync: statusRaw,
+        pushOutput
+      });
+    } catch (error48) {
+      const errAny = error48;
+      const stderr = errAny.stderr ? errAny.stderr.toString() : "";
+      const stdout = errAny.stdout ? errAny.stdout.toString() : "";
+      const message = errAny.message || String(error48);
+      return c.json({
+        error: stderr.trim() || message,
+        stdout: stdout.trim() || void 0
+      }, 500);
+    }
+  });
   app.get("/api/mcp/servers", async (c) => {
     try {
       const [config2, cache, provenance] = await Promise.all([
@@ -47330,14 +47406,15 @@ async function createAgentServer(params) {
         cwd: context.cwd
       });
       if (context.desktop) {
-        tools.push(...BROWSER_TOOL_SCHEMAS);
+        tools.push(...BROWSER_TOOL_SCHEMAS, ...DESKTOP_TOOL_SCHEMAS);
       }
       const builtInCount = tools.filter((t) => t.source === "built-in").length;
       const mcpCount = tools.filter((t) => t.source !== "built-in").length;
       return c.json({
         tools,
         summary: { builtIn: builtInCount, mcp: mcpCount, total: tools.length },
-        clientSideToolPrefixes: context.desktop ? [BROWSER_TOOL_PREFIX] : []
+        clientSideToolPrefixes: context.desktop ? [BROWSER_TOOL_PREFIX] : [],
+        clientSideToolNames: context.desktop ? [DESKTOP_AUTHENTICATE_TOOL_NAME] : []
       });
     } catch (error48) {
       const message = error48 instanceof Error ? error48.message : String(error48);
@@ -47549,6 +47626,10 @@ async function createAgentServer(params) {
     process.stderr.write(`  POST /api/env/stop                      \u2014 stop dev server
 `);
     process.stderr.write(`  GET  /api/git/diff                      \u2014 uncommitted file diffs
+`);
+    process.stderr.write(`  GET  /api/git/commits                   \u2014 recent commits
+`);
+    process.stderr.write(`  POST /api/git/sync                      \u2014 stage, commit, and push working tree
 `);
     process.stderr.write(`  GET  /api/mcp/servers                   \u2014 list MCP servers
 `);
@@ -47584,6 +47665,8 @@ async function createAgentServer(params) {
       process.stderr.write(`  POST /api/extension-ui-response          \u2014 submit extension UI response
 `);
       process.stderr.write(`  Browser tools: docyrus_browser_* (client-side via extension_ui)
+`);
+      process.stderr.write(`  Auth tool:     authenticate_docyrus (client-side via extension_ui)
 `);
     }
     process.stderr.write(`  *    /api/cli/**                        \u2014 proxy any docyrus CLI command