@equilateral_ai/mindmeld 3.2.0 → 3.3.1

package/scripts/init-project.js

@@ -12,14 +12,10 @@
  */
 
 const fs = require('fs').promises;
-const fsSync = require('fs');
 const path = require('path');
-const http = require('http');
 const https = require('https');
-const crypto = require('crypto');
 const { exec } = require('child_process');
 const { promisify } = require('util');
-const os = require('os');
 
 const execAsync = promisify(exec);
 
@@ -27,374 +23,15 @@ const execAsync = promisify(exec);
 // Configuration
 // ============================================================================
 
+const { AuthManager } = require('../src/core/AuthManager');
+const authManager = new AuthManager();
+
 const CONFIG = {
-  // Cognito settings (production)
-  cognito: {
-    domain: 'mindmeld-auth.auth.us-east-2.amazoncognito.com',
-    clientId: '1al1vftuoh55a8n08ea6kr8heq',
-    region: 'us-east-2'
-  },
   // API settings (production)
   api: {
     baseUrl: 'https://api.mindmeld.dev'
-  },
-  // Local callback ports (fixed range for security)
-  callbackPorts: [9876, 9877, 9878, 9879, 9880],
-  // Auth file location
-  authFile: path.join(os.homedir(), '.mindmeld', 'auth.json')
-};
-
-// ============================================================================
-// Authentication Module
-// ============================================================================
-
-/**
- * Load stored authentication
- */
-function loadAuth() {
-  try {
-    const data = fsSync.readFileSync(CONFIG.authFile, 'utf-8');
-    return JSON.parse(data);
-  } catch (error) {
-    // Expected: auth file doesn't exist yet
-    if (error.code !== 'ENOENT' && !(error instanceof SyntaxError)) {
-      console.error('Unexpected error loading auth:', error.message);
-    }
-    return null;
-  }
-}
-
-/**
- * Save authentication to disk
- */
-async function saveAuth(auth) {
-  const dir = path.dirname(CONFIG.authFile);
-  await fs.mkdir(dir, { recursive: true });
-  await fs.writeFile(CONFIG.authFile, JSON.stringify(auth, null, 2));
-}
-
-/**
- * Clear stored authentication
- */
-async function clearAuth() {
-  try {
-    await fs.unlink(CONFIG.authFile);
-  } catch (error) {
-    // Expected: file doesn't exist
-    if (error.code !== 'ENOENT') {
-      console.error('Unexpected error clearing auth:', error.message);
-    }
-  }
-}
-
-/**
- * Decode JWT payload (without verification - Cognito already verified)
- */
-function decodeJwt(token) {
-  const parts = token.split('.');
-  if (parts.length !== 3) throw new Error('Invalid JWT');
-  const payload = Buffer.from(parts[1], 'base64url').toString('utf-8');
-  return JSON.parse(payload);
-}
-
-/**
- * Check if token is expired (with 5 min buffer)
- */
-function isTokenExpired(expiresAt) {
-  return Date.now() > (expiresAt - 5 * 60 * 1000);
-}
-
-/**
- * Refresh tokens using refresh token
- */
-async function refreshTokens(refreshToken) {
-  const tokenUrl = `https://${CONFIG.cognito.domain}/oauth2/token`;
-
-  const params = new URLSearchParams({
-    grant_type: 'refresh_token',
-    client_id: CONFIG.cognito.clientId,
-    refresh_token: refreshToken
-  });
-
-  return new Promise((resolve, reject) => {
-    const req = https.request(tokenUrl, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded'
-      }
-    }, (res) => {
-      let data = '';
-      res.on('data', chunk => data += chunk);
-      res.on('end', () => {
-        if (res.statusCode !== 200) {
-          reject(new Error('Token refresh failed'));
-          return;
-        }
-        try {
-          const tokens = JSON.parse(data);
-          const decoded = decodeJwt(tokens.id_token);
-          resolve({
-            id_token: tokens.id_token,
-            access_token: tokens.access_token,
-            refresh_token: refreshToken, // Cognito doesn't return new refresh token
-            expires_at: Date.now() + (tokens.expires_in * 1000),
-            email: decoded.email
-          });
-        } catch (e) {
-          reject(e);
-        }
-      });
-    });
-
-    req.on('error', reject);
-    req.write(params.toString());
-    req.end();
-  });
-}
-
-/**
- * Find an available port from the allowed list
- */
-async function findAvailablePort() {
-  for (const port of CONFIG.callbackPorts) {
-    const available = await new Promise((resolve) => {
-      const server = http.createServer();
-      server.listen(port, '127.0.0.1');
-      server.on('listening', () => {
-        server.close();
-        resolve(true);
-      });
-      server.on('error', () => {
-        resolve(false);
-      });
-    });
-    if (available) return port;
-  }
-  throw new Error('No available ports for OAuth callback');
-}
-
-/**
- * Start local server to receive OAuth callback
- */
-function startCallbackServer(port, expectedState) {
-  return new Promise((resolve, reject) => {
-    const server = http.createServer((req, res) => {
-      const url = new URL(req.url, `http://localhost:${port}`);
-
-      if (url.pathname === '/callback') {
-        const code = url.searchParams.get('code');
-        const state = url.searchParams.get('state');
-        const error = url.searchParams.get('error');
-
-        if (error) {
-          res.writeHead(200, { 'Content-Type': 'text/html' });
-          res.end(`
-            <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
-              <h1>Authentication Failed</h1>
-              <p>Error: ${error}</p>
-              <p>You can close this window.</p>
-            </body></html>
-          `);
-          server.close();
-          reject(new Error(`OAuth error: ${error}`));
-          return;
-        }
-
-        if (state !== expectedState) {
-          res.writeHead(400, { 'Content-Type': 'text/html' });
-          res.end(`
-            <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
-              <h1>Authentication Failed</h1>
-              <p>Invalid state parameter (possible CSRF attack)</p>
-              <p>You can close this window.</p>
-            </body></html>
-          `);
-          server.close();
-          reject(new Error('Invalid state parameter'));
-          return;
-        }
-
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end(`
-          <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
-            <h1>Authentication Successful!</h1>
-            <p>You can close this window and return to your terminal.</p>
-          </body></html>
-        `);
-        server.close();
-        resolve(code);
-      } else {
-        res.writeHead(404);
-        res.end('Not found');
-      }
-    });
-
-    server.listen(port, '127.0.0.1');
-
-    // Timeout after 5 minutes
-    setTimeout(() => {
-      server.close();
-      reject(new Error('Authentication timed out'));
-    }, 5 * 60 * 1000);
-  });
-}
-
-/**
- * Exchange authorization code for tokens
- */
-async function exchangeCodeForTokens(code, codeVerifier, port) {
-  const tokenUrl = `https://${CONFIG.cognito.domain}/oauth2/token`;
-  const redirectUri = `http://localhost:${port}/callback`;
-
-  const params = new URLSearchParams({
-    grant_type: 'authorization_code',
-    client_id: CONFIG.cognito.clientId,
-    code: code,
-    redirect_uri: redirectUri,
-    code_verifier: codeVerifier
-  });
-
-  return new Promise((resolve, reject) => {
-    const req = https.request(tokenUrl, {
-      method: 'POST',
-      headers: {
-        'Content-Type': 'application/x-www-form-urlencoded'
-      }
-    }, (res) => {
-      let data = '';
-      res.on('data', chunk => data += chunk);
-      res.on('end', () => {
-        if (res.statusCode !== 200) {
-          reject(new Error(`Token exchange failed: ${data}`));
-          return;
-        }
-        try {
-          const tokens = JSON.parse(data);
-          const decoded = decodeJwt(tokens.id_token);
-          resolve({
-            id_token: tokens.id_token,
-            access_token: tokens.access_token,
-            refresh_token: tokens.refresh_token,
-            expires_at: Date.now() + (tokens.expires_in * 1000),
-            email: decoded.email
-          });
-        } catch (e) {
-          reject(e);
-        }
-      });
-    });
-
-    req.on('error', reject);
-    req.write(params.toString());
-    req.end();
-  });
-}
-
-/**
- * Open browser for authentication
- */
-async function openBrowser(url) {
-  const platform = process.platform;
-  let command;
-
-  if (platform === 'darwin') {
-    command = `open "${url}"`;
-  } else if (platform === 'win32') {
-    command = `start "" "${url}"`;
-  } else {
-    command = `xdg-open "${url}"`;
-  }
-
-  try {
-    await execAsync(command);
-    return true;
-  } catch (error) {
-    // Expected: browser command not available on some systems
-    if (error.code !== 'ENOENT' && !error.message.includes('spawn')) {
-      console.error('Unexpected error opening browser:', error.message);
-    }
-    return false;
-  }
-}
-
-/**
- * Full browser authentication flow (PKCE)
- */
-async function browserAuth() {
-  // Generate PKCE challenge
-  const codeVerifier = crypto.randomBytes(32).toString('base64url');
-  const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
-  const state = crypto.randomBytes(16).toString('hex');
-
-  // Find available port
-  const port = await findAvailablePort();
-  const redirectUri = `http://localhost:${port}/callback`;
-
-  // Build Cognito authorization URL
-  const authUrl = `https://${CONFIG.cognito.domain}/login?` + new URLSearchParams({
-    client_id: CONFIG.cognito.clientId,
-    response_type: 'code',
-    scope: 'openid email profile',
-    redirect_uri: redirectUri,
-    state: state,
-    code_challenge: codeChallenge,
-    code_challenge_method: 'S256'
-  }).toString();
-
-  // Start callback server
-  const codePromise = startCallbackServer(port, state);
-
-  // Open browser
-  console.log('\n🔐 Opening browser for authentication...');
-  console.log(`   Callback server listening on port ${port}`);
-
-  const opened = await openBrowser(authUrl);
-
-  if (!opened) {
-    console.log('\n   Could not open browser automatically.');
   }
-
-  console.log('\n   If login page doesn\'t appear, paste this URL in your browser:\n');
-  console.log(`   ${authUrl}\n`);
-
-  console.log('   Waiting for authentication (5 minute timeout)...\n');
-
-  // Wait for callback
-  const code = await codePromise;
-
-  // Exchange code for tokens
-  const tokens = await exchangeCodeForTokens(code, codeVerifier, port);
-  await saveAuth(tokens);
-
-  return tokens;
-}
-
-/**
- * Ensure user is authenticated (main entry point)
- */
-async function ensureAuth() {
-  let auth = loadAuth();
-
-  // Check if we have valid tokens
-  if (auth?.id_token && !isTokenExpired(auth.expires_at)) {
-    return auth;
-  }
-
-  // Try silent refresh
-  if (auth?.refresh_token) {
-    try {
-      console.log('🔄 Refreshing authentication...');
-      const newAuth = await refreshTokens(auth.refresh_token);
-      await saveAuth(newAuth);
-      return newAuth;
-    } catch (e) {
-      console.log('   Refresh failed, need to re-authenticate.\n');
-    }
-  }
-
-  // Full browser auth
-  return await browserAuth();
-}
+};
 
 // ============================================================================
 // API Module
@@ -500,7 +137,7 @@ function parseArgs(args) {
     else if (arg === '--path' && args[i + 1]) { parsed.projectPath = args[++i]; }
     else if (arg === '--since' && args[i + 1]) { parsed.since = args[++i]; }
     else if (arg === '--commits' && args[i + 1]) { parsed.commits = parseInt(args[++i]); }
-    else if (['init', 'inject', 'harvest', 'logout', 'login', 'status'].includes(arg)) parsed.command = arg;
+    else if (!parsed.command && ['init', 'inject', 'harvest', 'logout', 'login', 'status', 'standards', 'open'].includes(arg)) parsed.command = arg;
     else if (!arg.startsWith('-') && !parsed.command) parsed.command = arg;
     else if (!arg.startsWith('-') && !parsed.projectPath) parsed.projectPath = arg;
   }
@@ -521,6 +158,8 @@ Commands:
   init [path]     Initialize project for MindMeld (requires login)
   inject          Generate context-aware standards for any AI tool
   harvest         Manually capture patterns from recent git history
+  standards       Configure which standards apply (opens browser)
+  open [page]     Open web app (dashboard, standards, review, settings, projects, knowledge, audit, reports)
   login           Authenticate with MindMeld
   logout          Clear stored authentication
   status          Show current authentication status
@@ -562,7 +201,7 @@ async function initProject(projectPath) {
 
   // 2. Authenticate
   console.log('\n');
-  const auth = await ensureAuth();
+  const auth = await authManager.ensureAuth();
   console.log(`✅ Authenticated as ${auth.email}\n`);
 
   // 2. Check subscription
@@ -596,7 +235,7 @@ async function initProject(projectPath) {
 
       if (checkoutResponse.success && checkoutResponse.data?.data?.url) {
         console.log('\n🛒 Opening checkout...');
-        await openBrowser(checkoutResponse.data.data.url);
+        await authManager.openBrowser(checkoutResponse.data.data.url);
         tier = await pollForSubscription(auth.id_token);
       } else {
         console.log(`\n⚠️  Could not create checkout: ${checkoutResponse.error}`);
@@ -653,6 +292,15 @@ async function initProject(projectPath) {
       // Project already exists, that's fine
       backendProjectId = projectId;
       console.log(`   Project already registered: ${projectId}\n`);
+    } else if (projectResponse.status === 402) {
+      // Project limit exceeded for tier
+      console.error(`\n⚠️  ${projectResponse.error || 'Project limit reached for your plan.'}`);
+      console.error('   Upgrade at https://app.mindmeld.dev/subscriptions\n');
+      const upgrade = await promptYesNo('   Open upgrade page? (y/n): ');
+      if (upgrade) {
+        await authManager.openApp('subscriptions');
+      }
+      process.exit(1);
     } else {
       console.log(`   Warning: Could not register project: ${projectResponse.error}`);
       console.log('   Continuing with local-only setup.\n');
@@ -846,10 +494,12 @@ async function configureClaudeHooks(projectPath) {
   const packageRoot = path.resolve(__dirname, '..');
   const sessionStartHook = path.join(packageRoot, 'hooks', 'session-start.js');
   const preCompactHook = path.join(packageRoot, 'hooks', 'pre-compact.js');
+  const sessionEndHook = path.join(packageRoot, 'hooks', 'session-end.js');
 
   try {
     await fs.access(sessionStartHook);
     await fs.access(preCompactHook);
+    await fs.access(sessionEndHook);
   } catch (error) {
     // Expected: hooks not found in package
     if (error.code !== 'ENOENT') {
@@ -874,6 +524,13 @@ async function configureClaudeHooks(projectPath) {
         command: `node "${preCompactHook}"`,
         timeout: 30
       }]
+    }],
+    SessionEnd: [{
+      hooks: [{
+        type: 'command',
+        command: `node "${sessionEndHook}"`,
+        timeout: 5
+      }]
     }]
   };
 
@@ -901,8 +558,11 @@ async function configureClaudeHooks(projectPath) {
   const hasPreCompact = (settings.hooks.PreCompact || []).some(h =>
     h.hooks?.some(hk => hk.command?.includes('mindmeld') || hk.command?.includes('pre-compact'))
   );
+  const hasSessionEnd = (settings.hooks.SessionEnd || []).some(h =>
+    h.hooks?.some(hk => hk.command?.includes('mindmeld') || hk.command?.includes('session-end'))
+  );
 
-  if (hasSessionStart && hasPreCompact) {
+  if (hasSessionStart && hasPreCompact && hasSessionEnd) {
     console.log('ℹ️  Claude Code hooks already configured');
     return;
   }
@@ -919,12 +579,19 @@ async function configureClaudeHooks(projectPath) {
       ...mindmeldHooks.PreCompact
     ];
   }
+  if (!hasSessionEnd) {
+    settings.hooks.SessionEnd = [
+      ...(settings.hooks.SessionEnd || []),
+      ...mindmeldHooks.SessionEnd
+    ];
+  }
 
   await fs.writeFile(settingsPath, JSON.stringify(settings, null, 2));
 
   console.log('✅ Claude Code hooks configured');
   console.log(`   SessionStart: ${sessionStartHook}`);
   console.log(`   PreCompact: ${preCompactHook}`);
+  console.log(`   SessionEnd: ${sessionEndHook}`);
 }
 
 // ============================================================================
@@ -932,7 +599,7 @@ async function configureClaudeHooks(projectPath) {
 // ============================================================================
 
 async function showStatus() {
-  const auth = loadAuth();
+  const auth = authManager.loadAuth();
 
   console.log('\n🎯 MindMeld Status\n');
 
@@ -944,22 +611,39 @@ async function showStatus() {
 
   console.log(`   Email: ${auth.email}`);
   console.log(`   Token expires: ${new Date(auth.expires_at).toLocaleString()}`);
-  console.log(`   Token status: ${isTokenExpired(auth.expires_at) ? 'Expired' : 'Valid'}`);
+  console.log(`   Token status: ${authManager.isTokenExpired(auth.expires_at) ? 'Expired' : 'Valid'}`);
   console.log(`   Refresh token: ${auth.refresh_token ? 'Present' : 'Missing'}`);
   console.log('');
 }
 
 async function logout() {
-  await clearAuth();
+  await authManager.clearAuth();
   console.log('\n✅ Logged out successfully.\n');
 }
 
 async function login() {
   console.log('\n🎯 MindMeld Login\n');
-  const auth = await browserAuth();
+  const auth = await authManager.browserAuth();
   console.log(`\n✅ Logged in as ${auth.email}\n`);
 }
 
+async function openWebApp(page) {
+  const validPages = ['dashboard', 'standards', 'review', 'settings', 'projects', 'knowledge', 'audit', 'reports'];
+  if (!validPages.includes(page)) {
+    console.error(`\nUnknown page: ${page}`);
+    console.error(`Valid pages: ${validPages.join(', ')}\n`);
+    process.exit(1);
+  }
+
+  const url = `${authManager.getAppBaseUrl()}/${page}`;
+  console.log(`\n🌐 Opening ${url}\n`);
+
+  const opened = await authManager.openApp(page);
+  if (!opened) {
+    console.log(`Could not open browser. Visit: ${url}\n`);
+  }
+}
+
 async function promptYesNo(question) {
   process.stdout.write(question);
 
@@ -1029,6 +713,16 @@ if (args.command === 'init') {
       console.error('\n❌ Error:', error.message);
       process.exit(1);
     });
+} else if (args.command === 'standards') {
+  // Delegate to standards.js
+  require('./standards');
+} else if (args.command === 'open') {
+  openWebApp(args.projectPath || 'dashboard')
+    .then(() => process.exit(0))
+    .catch(error => {
+      console.error('\n❌ Error:', error.message);
+      process.exit(1);
+    });
 } else {
   console.error(`Unknown command: ${args.command}`);
   console.error('Run "mindmeld --help" for usage.');