@dubeyvishal/orbital-cli 1.0.3 → 1.0.5

package/server/src/lib/credentialStore.js

@@ -0,0 +1,47 @@
+const ORBITAL_KEYTAR_SERVICE = "orbital-cli";
+const ORBITAL_API_KEY_ACCOUNT = "api-key";
+
+const loadKeytar = async () => {
+  try {
+    const mod = await import("keytar");
+    return mod?.default ?? mod;
+  } catch (err) {
+    const wrapped = new Error(
+      "keytar is not available. Install it and ensure your OS keychain is supported."
+    );
+    wrapped.cause = err;
+    wrapped.code = "ORBITAL_KEYTAR_NOT_AVAILABLE";
+    throw wrapped;
+  }
+};
+
+export const getCredentialServiceName = () => ORBITAL_KEYTAR_SERVICE;
+export const getApiKeyAccountName = () => ORBITAL_API_KEY_ACCOUNT;
+
+export const getStoredApiKey = async () => {
+  const keytar = await loadKeytar();
+  const value = await keytar.getPassword(
+    ORBITAL_KEYTAR_SERVICE,
+    ORBITAL_API_KEY_ACCOUNT
+  );
+  return typeof value === "string" ? value.trim() : "";
+};
+
+export const storeApiKey = async (apiKey) => {
+  const trimmed = typeof apiKey === "string" ? apiKey.trim() : "";
+  if (!trimmed) throw new Error("API key is required");
+
+  const keytar = await loadKeytar();
+  await keytar.setPassword(
+    ORBITAL_KEYTAR_SERVICE,
+    ORBITAL_API_KEY_ACCOUNT,
+    trimmed
+  );
+  return true;
+};
+
+export const deleteStoredApiKey = async () => {
+  const keytar = await loadKeytar();
+  await keytar.deletePassword(ORBITAL_KEYTAR_SERVICE, ORBITAL_API_KEY_ACCOUNT);
+  return true;
+};

package/server/src/lib/orbitalConfig.js

@@ -3,42 +3,190 @@ import fsPromises from "fs/promises";
 import os from "os";
 import path from "path";
 
+import { getStoredApiKey, storeApiKey } from "./credentialStore.js";
+
 export const ORBITAL_CONFIG_DIR = path.join(os.homedir(), ".orbital");
 export const ORBITAL_CONFIG_FILE = path.join(ORBITAL_CONFIG_DIR, "config.json");
 
+const normalizeOrbitalConfig = (value) => {
+  if (!value || typeof value !== "object" || Array.isArray(value)) return {};
+
+  const next = { ...value };
+
+  // Legacy metadata (no longer written).
+  if ("updatedAt" in next) delete next.updatedAt;
+
+  // The Gemini API key is no longer stored on disk.
+  if ("gemini_api_key" in next) delete next.gemini_api_key;
+  if ("geminiApiKey" in next) delete next.geminiApiKey;
+
+  return next;
+};
+
 export const readOrbitalConfigSync = () => {
   try {
     if (!fs.existsSync(ORBITAL_CONFIG_FILE)) return {};
     const raw = fs.readFileSync(ORBITAL_CONFIG_FILE, "utf-8");
     const parsed = JSON.parse(raw);
-    return parsed && typeof parsed === "object" ? parsed : {};
+    return normalizeOrbitalConfig(parsed);
   } catch {
     return {};
   }
 };
 
-export const getGeminiApiKeySync = () => {
-  const config = readOrbitalConfigSync();
-  const key = config?.geminiApiKey;
-  return typeof key === "string" ? key.trim() : "";
+const readOrbitalConfigRawSync = () => {
+  try {
+    if (!fs.existsSync(ORBITAL_CONFIG_FILE)) return {};
+    const raw = fs.readFileSync(ORBITAL_CONFIG_FILE, "utf-8");
+    const parsed = JSON.parse(raw);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed)
+      ? parsed
+      : {};
+  } catch {
+    return {};
+  }
 };
 
-export const setGeminiApiKey = async (apiKey) => {
-  const trimmed = typeof apiKey === "string" ? apiKey.trim() : "";
-  if (!trimmed) throw new Error("API key is required");
+export const readOrbitalConfig = async () => {
+  try {
+    if (!fs.existsSync(ORBITAL_CONFIG_FILE)) return {};
+    const raw = await fsPromises.readFile(ORBITAL_CONFIG_FILE, "utf-8");
+    const parsed = JSON.parse(raw);
+    return normalizeOrbitalConfig(parsed);
+  } catch {
+    return {};
+  }
+};
 
+export const writeOrbitalConfig = async (nextConfig) => {
   await fsPromises.mkdir(ORBITAL_CONFIG_DIR, { recursive: true });
 
-  const nextConfig = {
-    geminiApiKey: trimmed,
-    updatedAt: new Date().toISOString(),
-  };
-
-  await fsPromises.writeFile(
-    ORBITAL_CONFIG_FILE,
-    JSON.stringify(nextConfig, null, 2),
-    "utf-8",
+  const normalized = normalizeOrbitalConfig(nextConfig);
+  const tmpFile = path.join(
+    ORBITAL_CONFIG_DIR,
+    `config.json.${process.pid}.${Date.now()}.tmp`
   );
 
+  await fsPromises.writeFile(tmpFile, JSON.stringify(normalized, null, 2), "utf-8");
+  try {
+    await fsPromises.rename(tmpFile, ORBITAL_CONFIG_FILE);
+  } catch (err) {
+    // Windows cannot rename over an existing file.
+    await fsPromises.unlink(ORBITAL_CONFIG_FILE).catch(() => {});
+    await fsPromises.rename(tmpFile, ORBITAL_CONFIG_FILE);
+  }
+
   return true;
 };
+
+export const updateOrbitalConfig = async (patch = {}) => {
+  const current = await readOrbitalConfig();
+  const nextConfig = normalizeOrbitalConfig({ ...current, ...patch });
+  await writeOrbitalConfig(nextConfig);
+  return nextConfig;
+};
+
+const getGeminiApiKeyFromEnvSync = () => {
+  return typeof process.env.GOOGLE_GENERATIVE_AI_API_KEY === "string"
+    ? process.env.GOOGLE_GENERATIVE_AI_API_KEY.trim()
+    : "";
+};
+
+const getLegacyGeminiApiKeyFromConfigSync = () => {
+  const config = readOrbitalConfigRawSync();
+  const key =
+    (typeof config?.gemini_api_key === "string" && config.gemini_api_key.trim()) ||
+    (typeof config?.geminiApiKey === "string" && config.geminiApiKey.trim()) ||
+    "";
+  return key;
+};
+
+const removeLegacyGeminiApiKeyFromConfig = async () => {
+  const currentRaw = readOrbitalConfigRawSync();
+  if (!currentRaw || typeof currentRaw !== "object") return false;
+  if (!("gemini_api_key" in currentRaw) && !("geminiApiKey" in currentRaw)) return false;
+
+  const next = { ...currentRaw };
+  if ("gemini_api_key" in next) delete next.gemini_api_key;
+  if ("geminiApiKey" in next) delete next.geminiApiKey;
+  await writeOrbitalConfig(next);
+  return true;
+};
+
+export const hydrateGeminiApiKeyEnv = async () => {
+  const already = getGeminiApiKeyFromEnvSync();
+  if (already) return already;
+
+  // Primary: OS credential manager via keytar.
+  try {
+    const fromKeytar = await getStoredApiKey();
+    if (fromKeytar) {
+      process.env.GOOGLE_GENERATIVE_AI_API_KEY = fromKeytar;
+      return fromKeytar;
+    }
+  } catch {
+    // ignore here; requireGeminiApiKey will surface a helpful error
+  }
+
+  // One-time migration: if the key exists in legacy ~/.orbital/config.json,
+  // move it into keytar and remove it from disk.
+  const legacy = getLegacyGeminiApiKeyFromConfigSync();
+  if (legacy) {
+    await storeApiKey(legacy);
+    await removeLegacyGeminiApiKeyFromConfig().catch(() => {});
+    process.env.GOOGLE_GENERATIVE_AI_API_KEY = legacy;
+    return legacy;
+  }
+
+  return "";
+};
+
+export const getGeminiApiKeySync = () => getGeminiApiKeyFromEnvSync();
+
+export const getGeminiApiKey = async () => {
+  const fromEnv = getGeminiApiKeyFromEnvSync();
+  if (fromEnv) return fromEnv;
+  return await hydrateGeminiApiKeyEnv();
+};
+
+export const hasGeminiApiKeySync = () => Boolean(getGeminiApiKeyFromEnvSync());
+
+export const requireGeminiApiKeySync = () => {
+  const apiKey = getGeminiApiKeyFromEnvSync();
+  if (!apiKey) {
+    const err = new Error(
+      "Gemini API key not set. Run: orbital set-key <API_KEY>"
+    );
+    err.code = "ORBITAL_GEMINI_API_KEY_NOT_SET";
+    throw err;
+  }
+  return apiKey;
+};
+
+export const requireGeminiApiKey = async () => {
+  const apiKey = await getGeminiApiKey();
+  if (!apiKey) {
+    const err = new Error(
+      "Gemini API key not set. Run: orbital set-key <API_KEY>"
+    );
+    err.code = "ORBITAL_GEMINI_API_KEY_NOT_SET";
+    throw err;
+  }
+  return apiKey;
+};
+
+export const setGeminiApiKey = async (apiKey) => {
+  const trimmed = typeof apiKey === "string" ? apiKey.trim() : "";
+  if (!trimmed) throw new Error("API key is required");
+
+  await storeApiKey(trimmed);
+  // Ensure any legacy on-disk key is removed.
+  await removeLegacyGeminiApiKeyFromConfig().catch(() => {});
+
+  process.env.GOOGLE_GENERATIVE_AI_API_KEY = trimmed;
+  return true;
+};
+
+// Back-compat exports (no longer reads from config specifically).
+export const requireGeminiApiKeyFromConfigSync = requireGeminiApiKeySync;
+

package/server/src/lib/token.js

@@ -1,18 +1,14 @@
 
-import chalk from "chalk"
-import fs from "fs/promises";
-import os from "os";
-import path from "path";
+import chalk from "chalk";
+import { ORBITAL_CONFIG_FILE, readOrbitalConfig, updateOrbitalConfig } from "./orbitalConfig.js";
 
-
-export const CONFIG_DIR = path.join(os.homedir(), ".better-auth");
-export const TOKEN_FILE = path.join(CONFIG_DIR, "token.json");
+export const TOKEN_FILE = ORBITAL_CONFIG_FILE;
 
 export const getStoredToken = async ()=>{
     try{
-        const data = await fs.readFile(TOKEN_FILE , "utf-8");
-        const token = JSON.parse(data);
-        return token ;
+        const config = await readOrbitalConfig();
+        const token = config?.auth;
+        return token || null;
     }
     catch(error){
         return null ;
@@ -22,8 +18,6 @@ export const getStoredToken = async ()=>{
 
 export const storeToken = async(token)=>{
     try{
-        await fs.mkdir(CONFIG_DIR , { recursive : true });
-
         const tokenData = {
             access_token : token.access_token,
             refresh_token : token.refresh_token ,
@@ -35,7 +29,7 @@ export const storeToken = async(token)=>{
             created_at : new Date().toISOString() ,
         };
 
-        await fs.writeFile(TOKEN_FILE , JSON.stringify(tokenData , null , 2), "utf-8");
+        await updateOrbitalConfig({ auth: tokenData });
         return true ;
     }
     catch(err){
@@ -46,7 +40,7 @@ export const storeToken = async(token)=>{
 
 export const clearStoredToken = async ()=>{
     try{
-        await fs.unlink(TOKEN_FILE);
+        await updateOrbitalConfig({ auth: null });
         return true ;
     }
     catch(err){

package/server/src/middleware/auth.js

@@ -0,0 +1,39 @@
+import prisma from "../db/prisma.js";
+
+const parseAuthHeader = (value) => {
+  if (!value || typeof value !== "string") return null;
+  const [scheme, credentials] = value.split(" ");
+  if (!scheme || !credentials) return null;
+  if (scheme.toLowerCase() !== "bearer") return null;
+  return credentials;
+};
+
+export const requireApiAuth = async (req, res, next) => {
+  try {
+    const token = parseAuthHeader(req.headers.authorization);
+    if (!token) {
+      return res.status(401).json({ error: "Missing or invalid Authorization header" });
+    }
+
+    const session = await prisma.session.findUnique({
+      where: { token },
+      include: { user: true },
+    });
+
+    if (!session || !session.user) {
+      return res.status(401).json({ error: "Invalid session" });
+    }
+
+    if (session.expiresAt && session.expiresAt.getTime() <= Date.now()) {
+      return res.status(401).json({ error: "Session expired" });
+    }
+
+    req.user = session.user;
+    req.session = session;
+    req.accessToken = token;
+
+    return next();
+  } catch (error) {
+    return next(error);
+  }
+};

package/server/src/middleware/errorHandler.js

@@ -0,0 +1,11 @@
+export const errorHandler = (err, req, res, _next) => {
+  const statusCode = Number(err?.statusCode || err?.status || 500);
+  const message = err?.message || "Internal server error";
+
+  if (process.env.NODE_ENV !== "production") {
+    // eslint-disable-next-line no-console
+    console.error(err);
+  }
+
+  res.status(statusCode).json({ error: message });
+};

package/server/src/routes/authRoutes.js

@@ -0,0 +1,14 @@
+import { Router } from "express";
+
+const router = Router();
+
+router.get("/github/client-id", (req, res) => {
+  const clientId = process.env.GITHUB_CLIENT_ID;
+  if (!clientId) {
+    return res.status(500).json({ error: "GitHub client ID is not configured" });
+  }
+
+  return res.json({ client_id: clientId });
+});
+
+export default router;

package/server/src/routes/cliRoutes.js

@@ -0,0 +1,18 @@
+import { Router } from "express";
+import { requireApiAuth } from "../middleware/auth.js";
+import { addMessage, getMe, getMessages, initConversation, updateTitle } from "../controllers/cliController.js";
+import { generateAgentPlan, respond } from "../controllers/aiController.js";
+
+const router = Router();
+
+router.use(requireApiAuth);
+
+router.get("/me", getMe);
+router.post("/conversations/init", initConversation);
+router.post("/messages", addMessage);
+router.get("/messages", getMessages);
+router.patch("/conversations/:id/title", updateTitle);
+router.post("/ai/respond", respond);
+router.post("/ai/agent", generateAgentPlan);
+
+export default router;

package/server/src/services/aiService.js

@@ -0,0 +1,10 @@
+import { AIService } from "../cli/ai/googleService.js";
+
+let cachedService;
+
+export const getAIService = () => {
+  if (!cachedService) {
+    cachedService = new AIService();
+  }
+  return cachedService;
+};

package/server/src/services/chatService.js

@@ -0,0 +1 @@
+export { ChatService } from "../service/chatService.js";

package/server/src/types/express.d.ts

@@ -0,0 +1,19 @@
+export {}; 
+
+declare global {
+  namespace Express {
+    interface Request {
+      user?: {
+        id: string;
+        name?: string | null;
+        email?: string | null;
+        image?: string | null;
+      };
+      session?: {
+        id: string;
+        expiresAt?: Date | null;
+      };
+      accessToken?: string;
+    }
+  }
+}