@every-env/spiral-cli 0.2.0 → 1.0.0

package/src/config.ts

@@ -1,57 +1,41 @@
-// Local configuration store using `conf` package
 import Conf from "conf";
 
-// Draft stored locally (for tracking unsaved changes)
-export interface LocalDraft {
-  id: string;
-  sessionId: string;
-  title?: string;
-  localContent?: string; // Unsaved local changes
-  lastSyncedAt: string;
-}
-
-// Note item for scratchpad
-export interface NoteItem {
-  id: string;
-  content: string;
-  feedback?: string;
-  createdAt: string;
-}
-
-// User preferences
-export interface SpiralPreferences {
-  editor?: string; // Override $EDITOR
-  diffTool?: "inline" | "side-by-side";
-  toolCallVerbosity?: "minimal" | "normal" | "verbose";
-}
-
-// Auth credentials
-export interface AuthCredentials {
-  token: string; // Personal Access Token (PAT)
-  tokenPrefix: string; // For display (spiral_sk_abc...)
+interface AuthCredentials {
+  token: string;
+  tokenPrefix: string;
   createdAt: string;
 }
 
-// Main config schema
-export interface SpiralConfig {
-  currentWorkspaceId?: string;
-  currentStyleId?: string;
-  defaultModel?: string;
-  drafts: Record<string, LocalDraft>;
-  notes: NoteItem[];
-  preferences: SpiralPreferences;
+interface SpiralConfig {
   auth?: AuthCredentials;
 }
 
-// Initialize conf with defaults
-export const config = new Conf<SpiralConfig>({
+const config = new Conf<SpiralConfig>({
   projectName: "spiral-cli",
-  defaults: {
-    drafts: {},
-    notes: [],
-    preferences: {
-      diffTool: "inline",
-      toolCallVerbosity: "normal",
+  schema: {
+    auth: {
+      type: "object",
+      properties: {
+        token: { type: "string" },
+        tokenPrefix: { type: "string" },
+        createdAt: { type: "string" },
+      },
     },
   },
 });
+
+export function getStoredAuth(): AuthCredentials | undefined {
+  return config.get("auth");
+}
+
+export function storeAuth(token: string): void {
+  config.set("auth", {
+    token,
+    tokenPrefix: token.slice(0, 14) + "...",
+    createdAt: new Date().toISOString(),
+  });
+}
+
+export function clearAuth(): void {
+  config.delete("auth");
+}

package/src/output.ts

@@ -0,0 +1,162 @@
+import { Marked } from "marked";
+import { markedTerminal } from "marked-terminal";
+import chalk from "chalk";
+import ora, { type Ora } from "ora";
+import { theme } from "./theme.js";
+import type {
+  GenerateResponse,
+  DraftOutput,
+  WritingStyle,
+  Workspace,
+  Conversation,
+  Draft,
+  SessionQuotaResponse,
+} from "./types.js";
+
+const marked = new Marked(markedTerminal({ reflowText: true, width: 80 }));
+
+/** Output raw JSON to stdout. */
+export function outputJson(data: unknown): void {
+  console.log(JSON.stringify(data, null, 2));
+}
+
+/** Render markdown to terminal. */
+export function outputMarkdown(md: string): void {
+  const rendered = marked.parse(md) as string;
+  process.stdout.write(rendered);
+}
+
+/** Run an async operation with a spinner. */
+export async function withSpinner<T>(
+  label: string,
+  fn: (spinner: Ora) => Promise<T>,
+): Promise<T> {
+  const spinner = ora(label).start();
+  try {
+    const result = await fn(spinner);
+    spinner.stop();
+    return result;
+  } catch (err) {
+    spinner.stop();
+    throw err;
+  }
+}
+
+// ── Human-readable formatters ──
+
+export function formatDrafts(drafts: DraftOutput[]): void {
+  if (drafts.length === 0) {
+    console.log(theme.dim("No drafts."));
+    return;
+  }
+  for (let i = 0; i < drafts.length; i++) {
+    const d = drafts[i]!;
+    console.log(theme.heading(`\n── Draft ${i + 1} ──`));
+    if (d.title) console.log(theme.info(`Title: ${d.title}`));
+    if (d.url) console.log(theme.dim(`URL: ${d.url}`));
+    if (d.content) outputMarkdown(d.content);
+  }
+}
+
+export function formatGenerateResponse(resp: GenerateResponse): void {
+  if (resp.notice) console.log(theme.warning(resp.notice));
+
+  if (resp.status === "needs_input" && resp.messages) {
+    console.log(theme.heading("\nSpiral needs more info:\n"));
+    for (const msg of resp.messages) {
+      outputMarkdown(msg);
+    }
+    return;
+  }
+
+  if (resp.text) outputMarkdown(resp.text);
+  if (resp.drafts) formatDrafts(resp.drafts);
+
+  if (resp.style_used) {
+    console.log(theme.dim(`\nStyle: ${resp.style_used.name}`));
+  }
+  if (resp.quota_remaining !== undefined && resp.quota_remaining !== null) {
+    console.log(theme.dim(`Sessions remaining: ${resp.quota_remaining}`));
+  }
+}
+
+export function formatStyles(styles: WritingStyle[]): void {
+  if (styles.length === 0) {
+    console.log(theme.dim("No writing styles configured."));
+    return;
+  }
+  for (const s of styles) {
+    const desc = s.description ? theme.dim(s.description.slice(0, 60)) : "";
+    console.log(
+      `  ${theme.info(s.id.slice(0, 8))}  ${chalk.bold(s.name)}  ${desc}`,
+    );
+  }
+}
+
+export function formatWorkspaces(workspaces: Workspace[]): void {
+  if (workspaces.length === 0) {
+    console.log(theme.dim("No workspaces."));
+    return;
+  }
+  const personal = workspaces.filter((w) => w.is_personal);
+  const team = workspaces.filter((w) => !w.is_personal);
+
+  if (personal.length) {
+    console.log(theme.heading("\nPersonal"));
+    for (const w of personal) {
+      console.log(`  ${theme.info(w.id.slice(0, 8))}  ${w.name}`);
+    }
+  }
+  if (team.length) {
+    console.log(theme.heading("\nTeam"));
+    for (const w of team) {
+      console.log(`  ${theme.info(w.id.slice(0, 8))}  ${w.name}`);
+    }
+  }
+}
+
+export function formatConversations(conversations: Conversation[]): void {
+  if (conversations.length === 0) {
+    console.log(theme.dim("No sessions."));
+    return;
+  }
+  for (const c of conversations) {
+    const date = new Date(c.updated_at).toLocaleDateString();
+    console.log(
+      `  ${theme.info(c.session_id.slice(0, 8))}  ${c.session_name || theme.dim("(untitled)")}  ${theme.dim(date)}`,
+    );
+  }
+}
+
+export function formatSessionDrafts(drafts: Draft[]): void {
+  if (drafts.length === 0) {
+    console.log(theme.dim("No drafts in this session."));
+    return;
+  }
+  for (const d of drafts) {
+    const date = new Date(d.updated_at).toLocaleDateString();
+    console.log(
+      `  ${theme.info(d.id.slice(0, 8))}  ${d.title || theme.dim("(untitled)")}  ${theme.dim(date)}`,
+    );
+    if (d.content) {
+      const preview = d.content.replace(/\n/g, " ").slice(0, 80);
+      console.log(`  ${theme.dim(preview)}${d.content.length > 80 ? "..." : ""}`);
+    }
+  }
+}
+
+export function formatQuota(q: SessionQuotaResponse): void {
+  console.log(theme.heading("Session Quota"));
+  console.log(`  Plan:      ${chalk.bold(q.plan_tier)}`);
+  console.log(`  Used:      ${q.used} / ${q.total}`);
+  console.log(`  Remaining: ${q.remaining}`);
+  if (q.resets_at) {
+    console.log(`  Resets:    ${new Date(q.resets_at).toLocaleDateString()}`);
+  }
+  if (q.topup_available > 0) {
+    console.log(`  Top-ups:   ${q.topup_available} available`);
+  }
+  if (q.team_name) {
+    console.log(`  Team:      ${q.team_name}`);
+  }
+}

package/src/types.ts

@@ -1,8 +1,9 @@
-// Error types for proper error handling
+// ── Error classes ──
+
 export class SpiralCliError extends Error {
   constructor(
     message: string,
-    public readonly exitCode: number = 1,
+    public exitCode: number = 1,
   ) {
     super(message);
     this.name = "SpiralCliError";
@@ -10,8 +11,8 @@ export class SpiralCliError extends Error {
 }
 
 export class AuthenticationError extends SpiralCliError {
-  constructor(message: string) {
-    super(message, 2); // Exit code 2 for auth errors
+  constructor(message: string = "Authentication required") {
+    super(message, 2);
     this.name = "AuthenticationError";
   }
 }
@@ -19,152 +20,121 @@ export class AuthenticationError extends SpiralCliError {
 export class ApiError extends SpiralCliError {
   constructor(
     message: string,
-    public readonly status: number,
-    public readonly body?: unknown,
+    public statusCode?: number,
   ) {
-    super(message, 3); // Exit code 3 for API errors
+    super(message, 3);
     this.name = "ApiError";
   }
 }
 
 export class NetworkError extends SpiralCliError {
-  constructor(message: string) {
-    super(message, 4); // Exit code 4 for network errors
+  constructor(message: string = "Network error") {
+    super(message, 4);
     this.name = "NetworkError";
   }
 }
 
-// SSE Event types (aligned with apps/web/src/types/sse.ts)
-export interface ToolCall {
-  tool_name: string;
-  tool_call_id?: string;
-  call_id?: string;
-  tool_args?: Record<string, unknown>;
-  result?: unknown;
-  error?: string;
-  status: "started" | "arguments_delta" | "arguments_done" | "completed";
-}
-
-export interface StreamEvent {
-  type: "content" | "thinking" | "tool_call" | "session_name" | "retry" | "complete" | "error";
-  content?: string;
-  thinking?: string;
-  toolCall?: ToolCall;
-  sessionId?: string;
-  sessionName?: string;
-  retryInfo?: { attempt: number; maxRetries: number; message: string };
-  model?: string;
-}
-
-// Output formatters for agent-native support
-export interface OutputFormatter {
-  content(text: string): void;
-  thinking(text: string): void;
-  error(error: Error): void;
-  complete(sessionId: string): void;
-}
+// ── API request/response types ──
 
-// Conversation types from API
-export interface Conversation {
-  session_id: string;
-  user_id: string;
-  session_name: string | null;
-  workspace_id: string | null;
-  created_at: string;
-  updated_at: string;
+export interface GenerateRequest {
+  prompt?: string;
+  style_id?: string;
+  workspace_id?: string;
+  session_id?: string;
+  mode?: "interactive" | "instant";
+  responses?: string;
+  num_drafts?: number;
 }
 
-export interface Message {
+export interface DraftOutput {
   id: string;
-  role: string;
-  content: string;
-  thinking?: string;
-  created_at: string;
-  updated_at?: string;
-  is_complete?: boolean;
-  model?: string;
-  provider?: string;
+  title: string | null;
+  content: string | null;
+  url: string | null;
 }
 
-// Draft types (from backend)
-export interface Draft {
+export interface StyleInfo {
   id: string;
-  session_id: string;
-  user_id: string;
-  title?: string;
-  content: string;
-  content_hash: string;
-  current_version_id?: string;
-  created_at: string;
-  updated_at: string;
-}
-
-export interface DraftVersion {
-  id: string;
-  draft_id: string;
-  content: string;
-  content_hash: string;
-  created_by: "user" | "llm";
-  parent_version_id?: string;
-  created_at: string;
+  name: string;
 }
 
-// Suggestion types (parsed from responses)
-export interface Suggestion {
-  id: string;
-  targetDraftId: string;
-  before: string;
-  after: string;
-  rationale?: string;
-  range?: [number, number];
-  status: "pending" | "applied" | "dismissed";
+export interface GenerateResponse {
+  session_id: string;
+  status: "needs_input" | "complete";
+  messages?: string[];
+  drafts?: DraftOutput[];
+  text?: string;
+  style_used?: StyleInfo;
+  notice?: string;
+  quota_remaining?: number;
+}
+
+export interface SessionQuotaResponse {
+  total: number;
+  used: number;
+  remaining: number;
+  plan_tier: string;
+  is_limited: boolean;
+  resets_at: string | null;
+  topup_available: number;
+  allowance_total: number | null;
+  subscription_type: string;
+  subscription_id: string | null;
+  team_id: string | null;
+  team_name: string | null;
+  personal_paused: boolean;
+  personal_pause_reason: string | null;
+  is_every_bundle_customer: boolean;
+  subscription_status: string | null;
+  current_period_end: string | null;
+  cancel_at_period_end: boolean;
+  subscription_quantity: number;
 }
 
-// Writing style types
 export interface WritingStyle {
   id: string;
   name: string;
-  description?: string;
-  usage_context?: string;
-  guide?: string;
-  summary?: string;
+  description: string;
+  usage_context: string;
+  summary: string | null;
+  analysis_status: string;
+  guide: string | null;
+  voice_guide: string | null;
+  last_used_at: string | null;
+  approved_examples_count: number;
+  access_type: string;
+  workspace_id: string | null;
 }
 
-// Workspace types
 export interface Workspace {
   id: string;
   name: string;
-  icon?: string;
-  icon_color?: string;
-  description?: string;
-  workspace_type: "PERSONAL" | "TEAM";
-  owner_id: string;
-  team_id?: string;
+  description: string | null;
+  workspace_type: string;
+  is_personal: boolean;
+  icon: string | null;
+  icon_color: string | null;
 }
 
-// Attachment types
-export interface Attachment {
-  name: string;
-  content: string; // Text content or base64 for binary
-  type: "text" | "binary";
-  size: number;
-  mimeType?: string;
+export interface Conversation {
+  session_id: string;
+  session_name: string;
+  workspace_id: string | null;
+  created_at: string;
+  updated_at: string;
 }
 
-// Patch operation for draft updates
-export interface PatchOperation {
-  type: "replace" | "insert" | "delete";
-  range?: [number, number];
-  content?: string;
+export interface Draft {
+  id: string;
+  title: string;
+  content: string;
+  created_at: string;
+  updated_at: string;
 }
 
-// Tool call update for visualization
-export interface ToolCallUpdate {
-  callId: string;
-  toolName: string;
-  status: "started" | "arguments_delta" | "arguments_done" | "completed" | "error";
-  args?: Record<string, unknown>;
-  result?: unknown;
-  error?: string;
-  formattedCalls?: string[];
+export interface UserProfile {
+  id: string;
+  email: string;
+  name: string | null;
+  profile_image_url: string | null;
 }

package/src/attachments/index.ts

@@ -1,174 +0,0 @@
-// File attachment handling with security mitigations
-// See plan: Path traversal and symlink security risks identified
-
-import { lstatSync } from "node:fs";
-import { resolve } from "node:path";
-import ora from "ora";
-import type { Attachment } from "../types";
-
-const MAX_FILE_SIZE = 10 * 1024 * 1024; // 10MB
-const MAX_TOTAL_SIZE = 50 * 1024 * 1024; // 50MB total
-const MAX_FILES = 5;
-
-// SECURITY: Paths that should never be accessed
-const SENSITIVE_PATHS = ["/etc", "/var", "/root", "/private"];
-const HOME = process.env.HOME || "";
-if (HOME) {
-  SENSITIVE_PATHS.push(`${HOME}/.ssh`, `${HOME}/.gnupg`, `${HOME}/.aws`);
-}
-
-// Known text file extensions
-const TEXT_EXTENSIONS = new Set([
-  ".txt",
-  ".md",
-  ".json",
-  ".yaml",
-  ".yml",
-  ".xml",
-  ".html",
-  ".css",
-  ".js",
-  ".ts",
-  ".tsx",
-  ".jsx",
-  ".py",
-  ".rb",
-  ".go",
-  ".rs",
-  ".java",
-  ".c",
-  ".cpp",
-  ".h",
-  ".sh",
-  ".bash",
-  ".zsh",
-  ".sql",
-  ".csv",
-  ".log",
-  ".env",
-  ".gitignore",
-  ".toml",
-  ".ini",
-  ".conf",
-  ".markdown",
-  ".rst",
-]);
-
-/**
- * Validate and sanitize file path
- * @security Prevents path traversal, blocks sensitive paths, rejects symlinks
- */
-function sanitizePath(inputPath: string): string {
-  const resolved = resolve(inputPath);
-
-  // Block path traversal
-  if (inputPath.includes("..")) {
-    throw new Error(`Path traversal attempt: ${inputPath}`);
-  }
-
-  // Block sensitive paths
-  for (const sensitive of SENSITIVE_PATHS) {
-    if (resolved.startsWith(sensitive)) {
-      throw new Error(`Access to sensitive path denied: ${inputPath}`);
-    }
-  }
-
-  // Block symlinks (could point anywhere)
-  try {
-    const stat = lstatSync(resolved);
-    if (stat.isSymbolicLink()) {
-      throw new Error(`Symlinks not allowed: ${inputPath}`);
-    }
-  } catch (e) {
-    if ((e as NodeJS.ErrnoException).code !== "ENOENT") throw e;
-  }
-
-  return resolved;
-}
-
-/**
- * Process file attachments for sending with messages
- */
-export async function processAttachments(
-  filePaths: string[],
-  options: { quiet?: boolean } = {},
-): Promise<Attachment[]> {
-  if (filePaths.length > MAX_FILES) {
-    throw new Error(`Too many files. Maximum ${MAX_FILES} files allowed.`);
-  }
-
-  const spinner = options.quiet ? null : ora("Processing attachments...").start();
-  const attachments: Attachment[] = [];
-  let totalSize = 0;
-
-  for (const filePath of filePaths) {
-    // SECURITY: Sanitize path before access
-    const safePath = sanitizePath(filePath);
-    const file = Bun.file(safePath);
-
-    if (!(await file.exists())) {
-      throw new Error(`File not found: ${filePath}`);
-    }
-
-    const size = file.size;
-
-    if (size > MAX_FILE_SIZE) {
-      throw new Error(
-        `File too large: ${filePath} (${(size / 1024 / 1024).toFixed(1)}MB). Max ${MAX_FILE_SIZE / 1024 / 1024}MB.`,
-      );
-    }
-
-    totalSize += size;
-    if (totalSize > MAX_TOTAL_SIZE) {
-      throw new Error(`Total attachment size exceeds ${MAX_TOTAL_SIZE / 1024 / 1024}MB limit.`);
-    }
-
-    const fileName = filePath.split("/").pop() || filePath;
-    const ext = `.${fileName.split(".").pop()?.toLowerCase() || ""}`;
-
-    // Determine if text or binary
-    const isText = TEXT_EXTENSIONS.has(ext);
-    const mimeType = file.type || (isText ? "text/plain" : "application/octet-stream");
-
-    if (spinner) {
-      spinner.text = `Processing ${fileName}...`;
-    }
-
-    let content: string;
-    if (isText) {
-      content = await file.text();
-    } else {
-      const buffer = await file.arrayBuffer();
-      content = Buffer.from(buffer).toString("base64");
-    }
-
-    attachments.push({
-      name: fileName,
-      content,
-      type: isText ? "text" : "binary",
-      size,
-      mimeType,
-    });
-  }
-
-  spinner?.succeed(`Processed ${attachments.length} file(s)`);
-
-  return attachments;
-}
-
-/**
- * Format attachments summary for display
- */
-export function formatAttachmentsSummary(attachments: Attachment[]): string {
-  if (attachments.length === 0) return "";
-
-  const totalSize = attachments.reduce((sum, a) => sum + a.size, 0);
-  const sizeStr =
-    totalSize < 1024
-      ? `${totalSize}B`
-      : totalSize < 1024 * 1024
-        ? `${(totalSize / 1024).toFixed(1)}KB`
-        : `${(totalSize / 1024 / 1024).toFixed(1)}MB`;
-
-  return `${attachments.length} file(s), ${sizeStr} total`;
-}