@every-env/spiral-cli 0.2.0 → 1.0.0

package/src/api.ts

@@ -1,520 +1,128 @@
-import { type EventSourceMessage, createParser } from "eventsource-parser";
-import { getAuthToken, sanitizeError } from "./auth";
+import { getAuthToken, sanitizeError } from "./auth.js";
 import {
   ApiError,
-  type Conversation,
-  type Draft,
-  type DraftVersion,
-  type Message,
+  AuthenticationError,
   NetworkError,
-  type PatchOperation,
-  type ToolCall,
-  type Workspace,
+  type GenerateRequest,
+  type GenerateResponse,
+  type SessionQuotaResponse,
   type WritingStyle,
-} from "./types";
-
-// Use dev server in development, production backend otherwise
-const API_BASE =
-  process.env.SPIRAL_API_URL ||
-  (process.env.NODE_ENV === "development"
-    ? "http://localhost:8000"
-    : "https://spiral-next-backend-production.up.railway.app");
+  type Workspace,
+  type Conversation,
+  type Draft,
+  type UserProfile,
+} from "./types.js";
 
-const HEARTBEAT_TIMEOUT_MS = 20_000; // 20s (backend pings every 15s)
-const MAX_MESSAGE_LENGTH = 100_000; // Security: limit input size
+const BASE_URL =
+  process.env["SPIRAL_API_URL"] || "https://api.writewithspiral.com";
 
-export interface StreamCallbacks {
-  onChunk: (chunk: string) => void;
-  onThinking: (thought: string) => void;
-  onToolCall: (tool: ToolCall) => void;
-  onSessionName: (name: string) => void;
-  onRetry: (info: { attempt: number; max: number; message: string }) => void;
-  onModelDowngrade: (from: string, to: string) => void;
-  onComplete: (sessionId: string) => void;
-  onError: (error: Error) => void;
+interface FetchOptions extends RequestInit {
+  /** Skip auth header (for public endpoints like /prime). */
+  public?: boolean;
 }
 
-/**
- * Validate session ID format to prevent SSRF
- * @security Reject malformed session IDs
- */
-function isValidSessionId(id: string): boolean {
-  return /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(id);
-}
+async function apiFetch<T>(
+  path: string,
+  options: FetchOptions = {},
+): Promise<T> {
+  const { public: isPublic, ...fetchOptions } = options;
+  const url = `${BASE_URL}${path}`;
 
-export interface StreamChatOptions {
-  attachments?: Array<{ name: string; content: string; type: "text" | "binary" }>;
-  notes?: Array<{ content: string; feedback?: string }>;
-}
+  const headers: Record<string, string> = {
+    "Content-Type": "application/json",
+    ...((fetchOptions.headers as Record<string, string>) ?? {}),
+  };
 
-/**
- * Stream chat response from Spiral API
- * @param signal AbortSignal for cancellation
- */
-export async function streamChat(
-  message: string,
-  sessionId: string | null,
-  callbacks: StreamCallbacks,
-  signal?: AbortSignal,
-  options?: StreamChatOptions,
-): Promise<void> {
-  // Security: Validate inputs
-  if (message.length > MAX_MESSAGE_LENGTH) {
-    throw new ApiError(`Message too long (max ${MAX_MESSAGE_LENGTH} chars)`, 400);
-  }
-  if (sessionId && !isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
+  if (!isPublic) {
+    const token = getAuthToken();
+    headers["Authorization"] = `Bearer ${token}`;
   }
 
-  const token = await getAuthToken();
+  let res: Response;
+  try {
+    res = await fetch(url, { ...fetchOptions, headers });
+  } catch (err) {
+    throw new NetworkError(
+      `Failed to connect to Spiral API: ${sanitizeError(err)}`,
+    );
+  }
 
-  const formData = new FormData();
-  formData.append("user_message", message);
-  if (sessionId) {
-    formData.append("session_id", sessionId);
+  if (res.status === 401 || res.status === 403) {
+    throw new AuthenticationError(
+      "Invalid or expired API key. Run `spiral auth login` to re-authenticate.",
+    );
   }
 
-  // Add file attachments
-  if (options?.attachments && options.attachments.length > 0) {
-    for (const attachment of options.attachments) {
-      const content =
-        attachment.type === "binary"
-          ? Buffer.from(attachment.content, "base64")
-          : attachment.content;
-      const blob = new Blob([content], {
-        type: attachment.type === "text" ? "text/plain" : "application/octet-stream",
-      });
-      formData.append("files", blob, attachment.name);
-    }
+  if (res.status === 402) {
+    throw new ApiError(
+      "Session quota exceeded. Upgrade at app.writewithspiral.com/settings.",
+      402,
+    );
   }
 
-  // Add notes/scratchpad
-  if (options?.notes && options.notes.length > 0) {
-    formData.append("notes", JSON.stringify(options.notes));
+  if (res.status === 429) {
+    throw new ApiError("Rate limited. Please wait and try again.", 429);
   }
 
-  let response: Response;
-  try {
-    response = await fetch(`${API_BASE}/api/v1/team/stream`, {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        Accept: "text/event-stream",
-      },
-      body: formData,
-      signal,
-    });
-  } catch (error) {
-    if (signal?.aborted) return;
-    throw new NetworkError(`Connection failed: ${(error as Error).message}`);
+  if (res.status === 504) {
+    throw new ApiError("Request timed out. Try again or use --instant.", 504);
   }
 
-  // Parse error response body for better error messages
-  if (!response.ok) {
-    const errorText = await response.text().catch(() => "");
-    let errorMessage = `API error: ${response.status}`;
+  if (!res.ok) {
+    let detail = "";
     try {
-      const errorJson = JSON.parse(errorText);
-      errorMessage = errorJson.detail?.message || errorJson.detail || errorMessage;
+      const body = await res.json();
+      detail = body.detail || JSON.stringify(body);
     } catch {
-      /* use default message */
-    }
-    if (process.env.DEBUG) {
-      console.debug("API error response:", {
-        status: response.status,
-        url: `${API_BASE}/api/v1/team/stream`,
-        errorText: errorText.substring(0, 200),
-      });
+      detail = await res.text().catch(() => "Unknown error");
     }
-    throw new ApiError(sanitizeError(new Error(errorMessage), token), response.status, errorText);
+    throw new ApiError(`API error (${res.status}): ${detail}`, res.status);
   }
 
-  // Performance: Use array accumulation (O(n) vs O(n²) string concat)
-  let currentSessionId = sessionId || "";
-  let lastHeartbeat = Date.now();
-
-  // Heartbeat timeout detection
-  const heartbeatCheck = setInterval(() => {
-    if (Date.now() - lastHeartbeat > HEARTBEAT_TIMEOUT_MS) {
-      clearInterval(heartbeatCheck);
-      callbacks.onError(new NetworkError("Stream timeout: no heartbeat received"));
-    }
-  }, 5000);
-
-  const parser = createParser({
-    onEvent(event: EventSourceMessage) {
-      lastHeartbeat = Date.now(); // Reset heartbeat on any event
-
-      if (event.data === "[DONE]") {
-        return;
-      }
-
-      try {
-        const data = JSON.parse(event.data);
-
-        // Handle ALL event types from the SSE spec
-        switch (event.event) {
-          // Content events
-          case "RunResponseContent":
-          case "RunResponse":
-            if (data.content) callbacks.onChunk(data.content);
-            if (data.thinking) callbacks.onThinking(data.thinking);
-            if (data.reasoning_content) callbacks.onThinking(data.reasoning_content);
-            break;
-
-          // Session events
-          case "RunStarted":
-            currentSessionId = data.run_id || data.session_id || currentSessionId;
-            break;
-          case "SessionName":
-            callbacks.onSessionName(data.content || data.name || data.session_name);
-            break;
-
-          // Tool events
-          case "ToolCallStarted":
-            if (data.tools) {
-              for (const tool of data.tools) {
-                callbacks.onToolCall({ ...tool, status: "started" });
-              }
-            } else if (data.tool) {
-              const toolName = typeof data.tool === "string" ? data.tool : data.tool.tool_name;
-              callbacks.onToolCall({ tool_name: toolName, status: "started" });
-            }
-            break;
-          case "ToolCallArgumentsDelta":
-            callbacks.onToolCall({
-              tool_name: data.tool_name || "unknown",
-              tool_call_id: data.tool_call_id,
-              status: "arguments_delta",
-            });
-            break;
-          case "ToolCallArgumentsDone":
-            callbacks.onToolCall({
-              tool_name: data.tool_name || "unknown",
-              tool_call_id: data.tool_call_id,
-              status: "arguments_done",
-            });
-            break;
-          case "ToolCallCompleted":
-            if (data.tools) {
-              for (const tool of data.tools) {
-                callbacks.onToolCall({ ...tool, status: "completed" });
-              }
-            } else if (data.tool) {
-              const toolName = typeof data.tool === "string" ? data.tool : data.tool.tool_name;
-              callbacks.onToolCall({ tool_name: toolName, status: "completed" });
-            }
-            break;
-
-          // Completion
-          case "RunCompleted":
-            callbacks.onComplete(currentSessionId);
-            break;
-
-          // Handoff notification (agent switching)
-          case "HandoffNotification":
-            if (process.env.DEBUG) {
-              console.debug(`Agent handoff: ${data.from_agent} → ${data.to_agent}`);
-            }
-            break;
-
-          // Error handling events
-          case "retry_started":
-          case "retry_attempt":
-            try {
-              const retryData = typeof data.content === "string" ? JSON.parse(data.content) : data;
-              callbacks.onRetry({
-                attempt: retryData.retry_attempt || 1,
-                max: retryData.max_retries || 3,
-                message: retryData.message || "Retrying...",
-              });
-            } catch {
-              callbacks.onRetry({ attempt: 1, max: 3, message: "Retrying..." });
-            }
-            break;
-          case "retry_failed":
-            callbacks.onError(new ApiError(data.message || data.content || "Retry failed", 500));
-            break;
-          case "model_downgrade":
-            try {
-              const downgradeData =
-                typeof data.content === "string" ? JSON.parse(data.content) : data;
-              callbacks.onModelDowngrade(
-                downgradeData.from_model || "unknown",
-                downgradeData.to_model || "unknown",
-              );
-            } catch {
-              callbacks.onModelDowngrade("unknown", "unknown");
-            }
-            break;
-          case "Error":
-            callbacks.onError(
-              new ApiError(data.content || "Unknown error", data.status_code || 500),
-            );
-            break;
-        }
-      } catch (_parseError) {
-        // Log parse errors in debug mode (don't silently swallow)
-        if (process.env.DEBUG) {
-          console.debug("Skipping non-JSON SSE event:", event.data?.substring(0, 100));
-        }
-      }
-    },
-    onComment() {
-      lastHeartbeat = Date.now(); // Pings appear as comments
-    },
-    onError(error) {
-      if (process.env.DEBUG) {
-        console.debug("SSE parse error:", error);
-      }
-    },
-  });
-
-  const reader = response.body?.getReader();
-  if (!reader) throw new NetworkError("No response body");
-
-  const decoder = new TextDecoder();
-  try {
-    while (true) {
-      const { done, value } = await reader.read();
-      if (done) break;
-      if (signal?.aborted) break;
-      parser.feed(decoder.decode(value, { stream: true }));
-    }
-  } finally {
-    clearInterval(heartbeatCheck);
-    reader.releaseLock();
-    parser.reset(); // Clear internal buffers (per performance review)
+  const contentType = res.headers.get("content-type") ?? "";
+  if (contentType.includes("application/json")) {
+    return (await res.json()) as T;
   }
+  return (await res.text()) as unknown as T;
 }
 
-/**
- * Fetch conversations list
- * @note Uses /conversations not /sessions (architecture review fix)
- */
-export async function fetchConversations(): Promise<Conversation[]> {
-  const token = await getAuthToken();
+// ── Endpoints ──
 
-  const response = await fetch(`${API_BASE}/api/v1/conversations`, {
-    headers: { Authorization: `Bearer ${token}` },
+export async function generate(
+  req: GenerateRequest,
+): Promise<GenerateResponse> {
+  return apiFetch<GenerateResponse>("/api/v1/generate", {
+    method: "POST",
+    body: JSON.stringify(req),
   });
-
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch conversations: ${response.status}`, response.status);
-  }
-
-  const data = await response.json();
-  return data.sessions || [];
 }
 
-/**
- * Fetch conversation messages
- */
-export async function fetchMessages(conversationId: string): Promise<Message[]> {
-  if (!isValidSessionId(conversationId)) {
-    throw new ApiError("Invalid conversation ID format", 400);
-  }
-
-  const token = await getAuthToken();
-
-  const response = await fetch(
-    `${API_BASE}/api/v1/conversations/${encodeURIComponent(conversationId)}/messages`,
-    { headers: { Authorization: `Bearer ${token}` } },
-  );
-
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch messages: ${response.status}`, response.status);
-  }
-
-  const data = await response.json();
-  return data.messages || [];
+export async function getMe(): Promise<UserProfile> {
+  return apiFetch<UserProfile>("/api/v1/users/me");
 }
 
-/**
- * Get the current API base URL (for debugging)
- */
-export function getApiBaseUrl(): string {
-  return API_BASE;
+export async function getQuota(): Promise<SessionQuotaResponse> {
+  return apiFetch<SessionQuotaResponse>("/api/v1/billing/session-quota");
 }
 
-// ============================================================================
-// Draft API Methods
-// ============================================================================
-
-/**
- * Fetch all drafts for a session
- */
-export async function fetchSessionDrafts(sessionId: string): Promise<Draft[]> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(`${API_BASE}/api/v1/sessions/${sessionId}/drafts`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch drafts: ${response.status}`, response.status);
-  }
-  const data = await response.json();
-  // Backend returns array directly, not wrapped in {drafts: ...}
-  return Array.isArray(data) ? data : data.drafts || [];
+export async function getStyles(): Promise<WritingStyle[]> {
+  return apiFetch<WritingStyle[]>("/api/v1/writing-styles/");
 }
 
-/**
- * Fetch a single draft with full content
- */
-export async function fetchDraft(sessionId: string, draftId: string): Promise<Draft> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(
-    `${API_BASE}/api/v1/sessions/${sessionId}/drafts/${draftId}/nodes?mode=full`,
-    { headers: { Authorization: `Bearer ${token}` } },
-  );
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch draft: ${response.status}`, response.status);
-  }
-  return response.json();
+export async function getWorkspaces(): Promise<Workspace[]> {
+  return apiFetch<Workspace[]>("/api/v1/workspaces/");
 }
 
-/**
- * Update draft content
- */
-export async function updateDraft(
-  sessionId: string,
-  draftId: string,
-  content: string,
-  title?: string,
-): Promise<Draft> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(`${API_BASE}/api/v1/sessions/${sessionId}/drafts/${draftId}`, {
-    method: "PUT",
-    headers: {
-      Authorization: `Bearer ${token}`,
-      "Content-Type": "application/json",
-    },
-    body: JSON.stringify({ content, title }),
-  });
-  if (!response.ok) {
-    throw new ApiError(`Failed to update draft: ${response.status}`, response.status);
-  }
-  return response.json();
+export async function getConversations(): Promise<{
+  sessions: Conversation[];
+}> {
+  return apiFetch<{ sessions: Conversation[] }>("/api/v1/conversations");
 }
 
-/**
- * Fetch draft version history
- */
-export async function fetchDraftVersions(
-  sessionId: string,
-  draftId: string,
-): Promise<DraftVersion[]> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(
-    `${API_BASE}/api/v1/sessions/${sessionId}/drafts/${draftId}/versions`,
-    { headers: { Authorization: `Bearer ${token}` } },
-  );
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch versions: ${response.status}`, response.status);
-  }
-  const data = await response.json();
-  return data.versions || [];
+export async function getSessionDrafts(sessionId: string): Promise<Draft[]> {
+  return apiFetch<Draft[]>(`/api/v1/sessions/${sessionId}/drafts`);
 }
 
-/**
- * Restore a draft to a specific version
- */
-export async function restoreDraftVersion(
-  sessionId: string,
-  draftId: string,
-  versionId: string,
-): Promise<Draft> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(
-    `${API_BASE}/api/v1/sessions/${sessionId}/drafts/${draftId}/restore/${versionId}`,
-    {
-      method: "POST",
-      headers: { Authorization: `Bearer ${token}` },
-    },
-  );
-  if (!response.ok) {
-    throw new ApiError(`Failed to restore version: ${response.status}`, response.status);
-  }
-  return response.json();
-}
-
-/**
- * Apply patch operations to a draft
- */
-export async function applyDraftPatch(
-  sessionId: string,
-  draftId: string,
-  operations: PatchOperation[],
-): Promise<Draft> {
-  if (!isValidSessionId(sessionId)) {
-    throw new ApiError("Invalid session ID format", 400);
-  }
-  const token = await getAuthToken();
-  const response = await fetch(
-    `${API_BASE}/api/v1/sessions/${sessionId}/drafts/${draftId}/apply-patch`,
-    {
-      method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json",
-      },
-      body: JSON.stringify({ operations }),
-    },
-  );
-  if (!response.ok) {
-    throw new ApiError(`Failed to apply patch: ${response.status}`, response.status);
-  }
-  return response.json();
-}
-
-// ============================================================================
-// Writing Styles API
-// ============================================================================
-
-/**
- * Fetch all writing styles
- */
-export async function fetchWritingStyles(): Promise<WritingStyle[]> {
-  const token = await getAuthToken();
-  const response = await fetch(`${API_BASE}/api/v1/writing-styles/`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch writing styles: ${response.status}`, response.status);
-  }
-  const data = await response.json();
-  return data.styles || data || [];
-}
-
-// ============================================================================
-// Workspaces API
-// ============================================================================
-
-/**
- * Fetch all workspaces
- */
-export async function fetchWorkspaces(): Promise<Workspace[]> {
-  const token = await getAuthToken();
-  const response = await fetch(`${API_BASE}/api/v1/workspaces/`, {
-    headers: { Authorization: `Bearer ${token}` },
-  });
-  if (!response.ok) {
-    throw new ApiError(`Failed to fetch workspaces: ${response.status}`, response.status);
-  }
-  const data = await response.json();
-  return data.workspaces || data || [];
+export async function getPrime(): Promise<string> {
+  return apiFetch<string>("/api/v1/prime", { public: true });
 }