@docyrus/docyrus 0.0.76 → 0.0.77

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@docyrus/docyrus",
-  "version": "0.0.76",
+  "version": "0.0.77",
   "private": false,
   "description": "Docyrus API CLI",
   "main": "./main.js",

package/resources/pi-agent/extensions/docyrus-auth-tool.ts

@@ -0,0 +1,322 @@
+/**
+ * Docyrus authentication tool for the pi coding agent.
+ *
+ * Registers a single tool `authenticate_docyrus` that the agent can call to
+ * authenticate the Docyrus CLI in the current working directory.
+ *
+ * Two execution modes are supported, selected at call time:
+ *
+ * - Server desktop mode (DOCYRUS_DESKTOP_TOOLS=1):
+ *   The execute handler routes the call to the desktop client via
+ *   ctx.ui.input("authenticate_docyrus", paramsJson). The Electron host
+ *   detects the tool name, runs the OAuth2 device flow on behalf of the
+ *   user (in the same cwd) and replies with the authenticated profile.
+ *
+ * - TUI / non-desktop mode:
+ *   Pi owns the active terminal, so we cannot run `docyrus auth login`
+ *   inline. Instead the handler opens a new OS terminal window, runs
+ *   `docyrus auth login` interactively, and polls `docyrus auth who --json`
+ *   in the background until the user finishes (or times out).
+ */
+import { spawn } from "node:child_process";
+import { promisify } from "node:util";
+import { execFile as execFileCb } from "node:child_process";
+import { Type } from "typebox";
+import type { ExtensionAPI } from "@mariozechner/pi-coding-agent";
+
+const execFile = promisify(execFileCb);
+
+const TOOL_NAME = "authenticate_docyrus";
+const DESKTOP_TIMEOUT_MS = 5 * 60_000;
+const TUI_POLL_INTERVAL_MS = 2_000;
+const TUI_TIMEOUT_MS = 10 * 60_000;
+
+interface IAuthenticateInput {
+  scope?: string;
+  clientId?: string;
+}
+
+interface IAuthenticateResult {
+  authenticated: boolean;
+  apiBaseUrl?: string;
+  userId?: string;
+  email?: string;
+  tenantId?: string;
+  tenantName?: string;
+  tenantNo?: number;
+  scope?: string;
+}
+
+function toolResult(payload: unknown) {
+  const text = typeof payload === "string" ? payload : JSON.stringify(payload, null, 2);
+  return { content: [{ type: "text" as const, text }] };
+}
+
+function toolError(message: string) {
+  return { content: [{ type: "text" as const, text: message }], isError: true };
+}
+
+function readDocyrusCliEnvironment(env: NodeJS.ProcessEnv = process.env): {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+} {
+  const executable = env.DOCYRUS_CLI_EXECUTABLE?.trim();
+  const entryPath = env.DOCYRUS_CLI_ENTRY?.trim();
+  const rawScope = env.DOCYRUS_CLI_SCOPE?.trim();
+  const scope = rawScope === "global" ? "global" : "local";
+  if (!executable || !entryPath) {
+    throw new Error("Missing Docyrus CLI runtime env. Expected DOCYRUS_CLI_EXECUTABLE and DOCYRUS_CLI_ENTRY.");
+  }
+  return { executable, entryPath, scope };
+}
+
+function buildAuthLoginArgs(input: IAuthenticateInput, scope: "local" | "global"): string[] {
+  const args: string[] = [];
+  if (scope === "global") {
+    args.push("-g");
+  }
+  args.push("auth", "login");
+  if (input.scope?.trim()) {
+    args.push("--scope", input.scope.trim());
+  }
+  if (input.clientId?.trim()) {
+    args.push("--clientId", input.clientId.trim());
+  }
+  return args;
+}
+
+function buildAuthWhoArgs(scope: "local" | "global"): string[] {
+  const args: string[] = [];
+  if (scope === "global") {
+    args.push("-g");
+  }
+  args.push("auth", "who", "--json");
+  return args;
+}
+
+function shellQuote(value: string): string {
+  return `'${value.replace(/'/g, `'\\''`)}'`;
+}
+
+function spawnInteractiveTerminal(params: {
+  executable: string;
+  entryPath: string;
+  args: string[];
+  cwd: string;
+}): void {
+  const platform = process.platform;
+  const fullCommand = [params.executable, params.entryPath, ...params.args]
+    .map(shellQuote)
+    .join(" ");
+
+  if (platform === "darwin") {
+    const script = `cd ${shellQuote(params.cwd)} && ${fullCommand}`;
+    const osa = `tell application "Terminal"
+activate
+do script ${JSON.stringify(script)}
+end tell`;
+    spawn("osascript", ["-e", osa], { stdio: "ignore", detached: true }).unref();
+    return;
+  }
+
+  if (platform === "win32") {
+    const winCommand = `cd /d ${shellQuote(params.cwd)} && ${fullCommand}`;
+    spawn("cmd", ["/c", "start", "", "cmd", "/k", winCommand], {
+      stdio: "ignore",
+      detached: true,
+      windowsHide: false,
+    }).unref();
+    return;
+  }
+
+  const candidates = ["x-terminal-emulator", "gnome-terminal", "konsole", "xterm"];
+  const linuxCommand = `cd ${shellQuote(params.cwd)} && ${fullCommand}; echo; read -n1 -rsp 'Press any key to close...'`;
+  for (const candidate of candidates) {
+    try {
+      spawn(candidate, ["-e", "bash", "-c", linuxCommand], { stdio: "ignore", detached: true }).unref();
+      return;
+    }
+    catch {
+      // try next candidate
+    }
+  }
+  throw new Error("No supported terminal emulator was found. Run `docyrus auth login` manually in another terminal.");
+}
+
+async function readAuthWho(params: {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+  cwd: string;
+}): Promise<IAuthenticateResult | null> {
+  try {
+    const { stdout } = await execFile(
+      params.executable,
+      [params.entryPath, ...buildAuthWhoArgs(params.scope)],
+      { cwd: params.cwd },
+    );
+    const parsed = JSON.parse(stdout) as Record<string, unknown>;
+    const data = (parsed.data ?? parsed) as Record<string, unknown> | undefined;
+    const ctx = (parsed.context ?? null) as Record<string, unknown> | null;
+    if (!data || typeof data !== "object") {
+      return null;
+    }
+
+    return {
+      authenticated: true,
+      userId: typeof data.id === "string" ? data.id : undefined,
+      email: typeof data.email === "string" ? data.email : undefined,
+      tenantId: ctx && typeof ctx.tenantId === "string" ? ctx.tenantId : undefined,
+      tenantName: ctx && typeof ctx.tenantName === "string" ? ctx.tenantName : undefined,
+      tenantNo: ctx && typeof ctx.tenantNo === "number" ? ctx.tenantNo : undefined,
+    };
+  }
+  catch {
+    return null;
+  }
+}
+
+async function pollUntilAuthenticated(params: {
+  executable: string;
+  entryPath: string;
+  scope: "local" | "global";
+  cwd: string;
+  signal?: AbortSignal;
+  baseline: IAuthenticateResult | null;
+}): Promise<IAuthenticateResult | null> {
+  const deadline = Date.now() + TUI_TIMEOUT_MS;
+  while (Date.now() < deadline) {
+    if (params.signal?.aborted) {
+      return null;
+    }
+    const profile = await readAuthWho(params);
+    if (profile && profile.userId
+      && (!params.baseline || params.baseline.userId !== profile.userId || params.baseline.tenantId !== profile.tenantId)) {
+      return profile;
+    }
+    await new Promise<void>((resolve) => {
+      const timer = setTimeout(resolve, TUI_POLL_INTERVAL_MS);
+      params.signal?.addEventListener("abort", () => {
+        clearTimeout(timer);
+        resolve();
+      }, { once: true });
+    });
+  }
+  return null;
+}
+
+async function executeDesktop(params: {
+  input: IAuthenticateInput;
+  ctx: { ui: { input: (title: string, placeholder?: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<string | undefined> } };
+  signal: AbortSignal | undefined;
+}) {
+  const paramsJson = JSON.stringify(params.input ?? {});
+  const resultJson = await params.ctx.ui.input(TOOL_NAME, paramsJson, {
+    signal: params.signal,
+    timeout: DESKTOP_TIMEOUT_MS,
+  });
+
+  if (!resultJson) {
+    return toolError("Desktop authentication was cancelled or timed out.");
+  }
+
+  try {
+    return toolResult(JSON.parse(resultJson));
+  }
+  catch {
+    return toolResult(resultJson);
+  }
+}
+
+async function executeTui(params: {
+  input: IAuthenticateInput;
+  ctx: {
+    cwd?: string;
+    hasUI: boolean;
+    ui: {
+      notify?: (message: string, level?: "info" | "warning" | "error") => void;
+      confirm?: (title: string, message: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<boolean>;
+    };
+  };
+  signal: AbortSignal | undefined;
+}) {
+  const env = readDocyrusCliEnvironment();
+  const cwd = params.ctx.cwd || process.cwd();
+  const baseline = await readAuthWho({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    scope: env.scope,
+    cwd,
+  });
+
+  const launchArgs = buildAuthLoginArgs(params.input ?? {}, env.scope);
+  spawnInteractiveTerminal({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    args: launchArgs,
+    cwd,
+  });
+
+  if (params.ctx.hasUI && params.ctx.ui.notify) {
+    params.ctx.ui.notify(
+      "Opened a new terminal to run `docyrus auth login`. Complete the device flow there; this tool will detect when login succeeds.",
+      "info",
+    );
+  }
+
+  const profile = await pollUntilAuthenticated({
+    executable: env.executable,
+    entryPath: env.entryPath,
+    scope: env.scope,
+    cwd,
+    signal: params.signal,
+    baseline,
+  });
+
+  if (!profile) {
+    return toolError("Timed out waiting for `docyrus auth login` to complete in the new terminal.");
+  }
+
+  return toolResult(profile);
+}
+
+export default function docyrusAuthTool(pi: ExtensionAPI): void {
+  pi.registerTool({
+    name: TOOL_NAME,
+    label: "Docyrus Authenticate",
+    description:
+      "Authenticate the Docyrus CLI in the current working directory. " +
+      "In the desktop app, the host runs the OAuth2 device flow automatically and returns the resulting profile. " +
+      "In a terminal session, a new terminal window is opened to run `docyrus auth login` interactively and the tool waits for it to finish.",
+    parameters: Type.Object({
+      scope: Type.Optional(Type.String({ description: "Optional OAuth2 scopes; defaults to the CLI's standard login scope." })),
+      clientId: Type.Optional(Type.String({ description: "Optional OAuth2 client id override." })),
+    }),
+    execute: async(
+      _toolCallId: string,
+      input: IAuthenticateInput,
+      signal: AbortSignal | undefined,
+      _onUpdate: unknown,
+      ctx: {
+        cwd?: string;
+        hasUI: boolean;
+        ui: {
+          input: (title: string, placeholder?: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<string | undefined>;
+          notify?: (message: string, level?: "info" | "warning" | "error") => void;
+          confirm?: (title: string, message: string, opts?: { signal?: AbortSignal; timeout?: number }) => Promise<boolean>;
+        };
+      },
+    ) => {
+      try {
+        if (process.env.DOCYRUS_DESKTOP_TOOLS === "1") {
+          return await executeDesktop({ input: input ?? {}, ctx, signal });
+        }
+        return await executeTui({ input: input ?? {}, ctx, signal });
+      }
+      catch (error: unknown) {
+        return toolError(error instanceof Error ? error.message : String(error));
+      }
+    },
+  });
+}

package/server-loader.js

@@ -44601,6 +44601,21 @@ async function listAllTools(params) {
 
 // src/server/browserToolSchemas.ts
 var BROWSER_TOOL_PREFIX = "docyrus_browser_";
+var DESKTOP_AUTHENTICATE_TOOL_NAME = "authenticate_docyrus";
+var DESKTOP_TOOL_SCHEMAS = [
+  {
+    name: DESKTOP_AUTHENTICATE_TOOL_NAME,
+    description: "Authenticate the Docyrus CLI in the current working directory. The desktop app runs the OAuth2 device flow on behalf of the user and returns the authenticated profile (user, tenant, scope).",
+    source: "built-in",
+    inputSchema: {
+      type: "object",
+      properties: {
+        scope: { type: "string", description: "Optional OAuth2 scopes; defaults to the CLI's standard login scope." },
+        clientId: { type: "string", description: "Optional OAuth2 client id override." }
+      }
+    }
+  }
+];
 var BROWSER_TOOL_SCHEMAS = [
   {
     name: "docyrus_browser_navigate",
@@ -47391,14 +47406,15 @@ async function createAgentServer(params) {
         cwd: context.cwd
       });
       if (context.desktop) {
-        tools.push(...BROWSER_TOOL_SCHEMAS);
+        tools.push(...BROWSER_TOOL_SCHEMAS, ...DESKTOP_TOOL_SCHEMAS);
       }
       const builtInCount = tools.filter((t) => t.source === "built-in").length;
       const mcpCount = tools.filter((t) => t.source !== "built-in").length;
       return c.json({
         tools,
         summary: { builtIn: builtInCount, mcp: mcpCount, total: tools.length },
-        clientSideToolPrefixes: context.desktop ? [BROWSER_TOOL_PREFIX] : []
+        clientSideToolPrefixes: context.desktop ? [BROWSER_TOOL_PREFIX] : [],
+        clientSideToolNames: context.desktop ? [DESKTOP_AUTHENTICATE_TOOL_NAME] : []
       });
     } catch (error48) {
       const message = error48 instanceof Error ? error48.message : String(error48);
@@ -47649,6 +47665,8 @@ async function createAgentServer(params) {
       process.stderr.write(`  POST /api/extension-ui-response          \u2014 submit extension UI response
 `);
       process.stderr.write(`  Browser tools: docyrus_browser_* (client-side via extension_ui)
+`);
+      process.stderr.write(`  Auth tool:     authenticate_docyrus (client-side via extension_ui)
 `);
     }
     process.stderr.write(`  *    /api/cli/**                        \u2014 proxy any docyrus CLI command