npm - @genex-ai/cli-demo - Versions diffs - 0.1.0 → 0.1.2 - Mend

@genex-ai/cli-demo 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/index.js +1015 -0
package/package.json +8 -4
package/src/commands/init.ts +0 -131
package/src/commands/publish.ts +0 -151
package/src/config.ts +0 -102
package/src/index.ts +0 -238
package/src/lib/auth.ts +0 -365
package/src/lib/copy-templates.ts +0 -81
package/src/lib/env.ts +0 -109
package/src/lib/project.ts +0 -109
package/src/lib/ssh.ts +0 -104
package/src/lib/store.ts +0 -102
package/src/utils/colors.ts +0 -25
package/src/utils/logger.ts +0 -40

package/src/lib/auth.ts DELETED Viewed

@@ -1,365 +0,0 @@
-import http from "node:http";
-import crypto from "node:crypto";
-import readline from "node:readline";
-import { spawn } from "node:child_process";
-import { URL } from "node:url";
-import type { AddressInfo } from "node:net";
-import type { Logger } from "../utils/logger.ts";
-export interface AuthorizeOptions {
-  log: Logger;
-  /** How long to wait for the redirect before giving up. Default 5 minutes. */
-  timeoutMs?: number;
-  /**
-   * Opens a URL in the user's browser and returns whether the attempt was made.
-   * `onError` is invoked if the launch fails asynchronously (e.g. the opener
-   * binary is missing). Injectable for testing; defaults to a cross-platform
-   * opener.
-   */
-  open?: (url: string, onError: () => void) => boolean;
-  /**
-   * Whether to also accept a token pasted into the terminal (handy over SSH or
-   * when the browser can't reach localhost). Defaults to true when stdin is a TTY.
-   */
-  interactive?: boolean;
-}
-const SUCCESS_HTML = `<!doctype html><html><head><meta charset="utf-8"><title>Genex</title>
-<style>body{font-family:system-ui,sans-serif;background:#0b0b0f;color:#eaeaea;display:grid;place-items:center;height:100vh;margin:0}
-.card{text-align:center;padding:2rem 3rem;border:1px solid #26262e;border-radius:14px;background:#13131a}
-h1{font-size:1.3rem;margin:0 0 .5rem}p{color:#9a9aa6;margin:0}</style></head>
-<body><div class="card"><h1>✓ Authorized</h1><p>You can close this tab and return to your terminal.</p></div></body></html>`;
-const ERROR_HTML = `<!doctype html><html><head><meta charset="utf-8"><title>Genex</title></head>
-<body style="font-family:system-ui,sans-serif"><h1>Authorization failed</h1>
-<p>No token was provided. Please return to your terminal and try again.</p></body></html>`;
-/**
- * Run the interactive authorization flow and resolve with the auth token.
- *
- * Spins up a temporary loopback HTTP server, opens the browser to the auth
- * site (passing the local `redirect_uri` and a CSRF `state`), and waits for the
- * site to hand the token back — either by redirecting to the callback with a
- * `?token=` query, or by POSTing `{ token }` (JSON or form-encoded) to it.
- *
- * If the browser can't be opened, the URL is printed for the user to open
- * manually. When `interactive`, a pasted token is also accepted as a fallback.
- */
-export async function authorize(
-  authBaseUrl: string,
-  options: AuthorizeOptions,
-): Promise<string> {
-  const {
-    log,
-    timeoutMs = 5 * 60 * 1000,
-    open = openBrowser,
-    interactive = Boolean(process.stdin.isTTY),
-  } = options;
-  const state = crypto.randomBytes(16).toString("hex");
-  const server = http.createServer();
-  return await new Promise<string>((resolve, reject) => {
-    let settled = false;
-    let timer: NodeJS.Timeout | undefined;
-    let rl: readline.Interface | undefined;
-    const cleanup = (): void => {
-      if (timer) clearTimeout(timer);
-      if (rl) rl.close();
-      server.close();
-    };
-    const succeed = (token: string): void => {
-      if (settled) return;
-      settled = true;
-      cleanup();
-      resolve(token);
-    };
-    const fail = (err: Error): void => {
-      if (settled) return;
-      settled = true;
-      cleanup();
-      reject(err);
-    };
-    server.on("request", (req, res) => {
-      handleCallback(req, res, state, log)
-        .then((token) => {
-          if (token) succeed(token);
-        })
-        .catch((err: unknown) => {
-          // A single bad request must not abort a legitimate pending auth, but
-          // we must always end the response so the client isn't left hanging.
-          log.dim(`callback error: ${String(err)}`);
-          if (!res.writableEnded) {
-            res.writeHead(500);
-            res.end();
-          }
-        });
-    });
-    server.on("error", (err) => fail(err as Error));
-    // Port 0 → OS assigns a free ephemeral port on loopback.
-    server.listen(0, "127.0.0.1", () => {
-      const { port } = server.address() as AddressInfo;
-      const redirectUri = `http://127.0.0.1:${port}/callback`;
-      const authUrl = buildAuthUrl(authBaseUrl, redirectUri, state);
-      log.step("Opening your browser to authorize…");
-      log.dim(authUrl);
-      let warned = false;
-      const warnManual = (): void => {
-        if (warned || settled) return;
-        warned = true;
-        log.warn(
-          "Couldn't open a browser automatically. Open the URL above manually to continue.",
-        );
-      };
-      const opened = open(authUrl, warnManual);
-      if (!opened) warnManual();
-      if (interactive) {
-        rl = readline.createInterface({
-          input: process.stdin,
-          output: process.stdout,
-        });
-        rl.question(
-          "\nWaiting for the browser redirect… or paste your token here and press Enter:\n> ",
-          (answer) => {
-            const token = answer.trim();
-            if (token) succeed(token);
-          },
-        );
-      }
-      timer = setTimeout(() => {
-        fail(
-          new Error(
-            "Timed out waiting for authorization. Re-run the command to try again.",
-          ),
-        );
-      }, timeoutMs);
-    });
-  });
-}
-function buildAuthUrl(
-  authBaseUrl: string,
-  redirectUri: string,
-  state: string,
-): string {
-  const url = new URL(`${authBaseUrl}/cli/auth`);
-  url.searchParams.set("redirect_uri", redirectUri);
-  url.searchParams.set("state", state);
-  return url.toString();
-}
-/**
- * Handle a request to the loopback server. Returns the token when the callback
- * carried one (and the state matched), otherwise `null`.
- */
-async function handleCallback(
-  req: http.IncomingMessage,
-  res: http.ServerResponse,
-  expectedState: string,
-  log: Logger,
-): Promise<string | null> {
-  // Permit the auth site's https origin to POST to our loopback server.
-  res.setHeader("Access-Control-Allow-Origin", "*");
-  res.setHeader("Access-Control-Allow-Methods", "GET, POST, OPTIONS");
-  res.setHeader("Access-Control-Allow-Headers", "Content-Type");
-  const reqUrl = new URL(req.url ?? "/", "http://127.0.0.1");
-  if (req.method === "OPTIONS") {
-    res.writeHead(204);
-    res.end();
-    return null;
-  }
-  if (reqUrl.pathname !== "/callback") {
-    res.writeHead(404);
-    res.end();
-    return null;
-  }
-  let token: string | null = null;
-  let state: string | null = null;
-  if (req.method === "GET") {
-    token = reqUrl.searchParams.get("token");
-    state = reqUrl.searchParams.get("state");
-  } else if (req.method === "POST") {
-    let parsed: ParsedBody;
-    try {
-      parsed = await readBody(req);
-    } catch (err) {
-      // Malformed / oversized body — reject this request but keep waiting.
-      log.dim(`ignoring malformed callback body: ${String(err)}`);
-      res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
-      res.end(ERROR_HTML);
-      return null;
-    }
-    token = parsed.token;
-    state = parsed.state ?? reqUrl.searchParams.get("state");
-  } else {
-    res.writeHead(405);
-    res.end();
-    return null;
-  }
-  // Guard against cross-site request forgery on the loopback callback. The
-  // state is mandatory: a missing state (null) must fail just like a mismatch.
-  if (state !== expectedState) {
-    log.dim("ignoring callback with missing or mismatched state");
-    res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
-    res.end(ERROR_HTML);
-    return null;
-  }
-  if (!token) {
-    res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
-    res.end(ERROR_HTML);
-    return null;
-  }
-  res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
-  res.end(SUCCESS_HTML);
-  return token;
-}
-interface ParsedBody {
-  token: string | null;
-  state: string | null;
-}
-async function readBody(req: http.IncomingMessage): Promise<ParsedBody> {
-  const chunks: Buffer[] = [];
-  let total = 0;
-  const MAX = 1024 * 1024; // 1 MB cap — tokens are tiny; reject anything huge.
-  for await (const chunk of req) {
-    const buf = chunk as Buffer;
-    total += buf.length;
-    if (total > MAX) {
-      throw new Error("request body too large");
-    }
-    chunks.push(buf);
-  }
-  const raw = Buffer.concat(chunks).toString("utf8").trim();
-  if (!raw) return { token: null, state: null };
-  const contentType = req.headers["content-type"] ?? "";
-  if (contentType.includes("application/json")) {
-    try {
-      const obj = JSON.parse(raw) as Record<string, unknown>;
-      return {
-        token: typeof obj.token === "string" ? obj.token : null,
-        state: typeof obj.state === "string" ? obj.state : null,
-      };
-    } catch {
-      return { token: null, state: null };
-    }
-  }
-  // Fall back to form-encoded (application/x-www-form-urlencoded).
-  const params = new URLSearchParams(raw);
-  return {
-    token: params.get("token"),
-    state: params.get("state"),
-  };
-}
-/**
- * Best-effort cross-platform browser opener. Returns false if we couldn't even
- * launch the platform's open command.
- */
-export function openBrowser(url: string, onError: () => void = () => {}): boolean {
-  let command: string;
-  let args: string[];
-  // Respect an explicit opener override (the conventional BROWSER variable, or
-  // our own GENEX_BROWSER which takes precedence). Tokenized like a shell
-  // command so both arguments (`open -a Safari`) and quoted paths containing
-  // spaces (`"/Applications/My Browser.app/.../My Browser"`) work. The URL is
-  // appended as the final argument.
-  const custom = (process.env.GENEX_BROWSER || process.env.BROWSER)?.trim();
-  const customParts = custom ? tokenizeCommand(custom) : [];
-  if (customParts.length > 0) {
-    command = customParts[0] as string;
-    args = [...customParts.slice(1), url];
-  } else {
-    switch (process.platform) {
-      case "darwin":
-        command = "open";
-        args = [url];
-        break;
-      case "win32":
-        command = "cmd";
-        // `start` needs an empty title arg so a quoted URL isn't taken as one.
-        args = ["/c", "start", "", url];
-        break;
-      default:
-        command = "xdg-open";
-        args = [url];
-        break;
-    }
-  }
-  try {
-    const child = spawn(command, args, {
-      stdio: "ignore",
-      detached: true,
-    });
-    // If the binary is missing, 'error' fires asynchronously — surface it so the
-    // caller can tell the user to open the URL manually, but don't let the
-    // unhandled error crash the process.
-    child.on("error", () => onError());
-    child.unref();
-    return true;
-  } catch {
-    return false;
-  }
-}
-/**
- * Split a command string into argv, honoring single/double quotes so that
- * arguments and quoted paths-with-spaces both survive. This is a deliberately
- * small tokenizer — not a full shell parser (no escapes, globs, or variable
- * expansion) — which is all an opener command needs.
- */
-export function tokenizeCommand(input: string): string[] {
-  const tokens: string[] = [];
-  let current = "";
-  let quote: '"' | "'" | null = null;
-  let inToken = false;
-  for (const ch of input) {
-    if (quote) {
-      if (ch === quote) quote = null;
-      else current += ch;
-    } else if (ch === '"' || ch === "'") {
-      quote = ch;
-      inToken = true;
-    } else if (/\s/.test(ch)) {
-      if (inToken) {
-        tokens.push(current);
-        current = "";
-        inToken = false;
-      }
-    } else {
-      current += ch;
-      inToken = true;
-    }
-  }
-  if (inToken) tokens.push(current);
-  return tokens;
-}

package/src/lib/copy-templates.ts DELETED Viewed

@@ -1,81 +0,0 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-export interface CopyResult {
-  /** Files written, as paths relative to the source root. */
-  copied: string[];
-  /** Files left untouched because they already existed at the destination. */
-  skipped: string[];
-}
-export interface CopyOptions {
-  /**
-   * Overwrite files that already exist at the destination. Defaults to `false`,
-   * which is the whole point of this helper: never clobber the user's files.
-   */
-  force?: boolean;
-}
-/**
- * Recursively copy everything from `srcDir` into `destDir`, merging into any
- * existing directory tree.
- *
- * Existing files at the destination are **never overwritten** unless
- * `force` is set — they are reported in `skipped` instead. Directories are
- * created as needed. Symlinks in the source are ignored for safety.
- */
-export async function copyTemplates(
-  srcDir: string,
-  destDir: string,
-  opts: CopyOptions = {},
-): Promise<CopyResult> {
-  const result: CopyResult = { copied: [], skipped: [] };
-  await walk(srcDir, srcDir, destDir, opts, result);
-  return result;
-}
-async function walk(
-  rootSrc: string,
-  src: string,
-  dest: string,
-  opts: CopyOptions,
-  result: CopyResult,
-): Promise<void> {
-  const entries = await fs.readdir(src, { withFileTypes: true });
-  for (const entry of entries) {
-    const srcPath = path.join(src, entry.name);
-    const destPath = path.join(dest, entry.name);
-    const rel = path.relative(rootSrc, srcPath);
-    if (entry.isDirectory()) {
-      // Create the directory up front so empty directories are mirrored too.
-      await fs.mkdir(destPath, { recursive: true });
-      await walk(rootSrc, srcPath, destPath, opts, result);
-      continue;
-    }
-    if (!entry.isFile()) {
-      // Skip symlinks, sockets, fifos, etc.
-      continue;
-    }
-    if (!opts.force && (await exists(destPath))) {
-      result.skipped.push(rel);
-      continue;
-    }
-    await fs.mkdir(path.dirname(destPath), { recursive: true });
-    await fs.copyFile(srcPath, destPath);
-    result.copied.push(rel);
-  }
-}
-async function exists(p: string): Promise<boolean> {
-  try {
-    await fs.access(p);
-    return true;
-  } catch {
-    return false;
-  }
-}

package/src/lib/env.ts DELETED Viewed

@@ -1,109 +0,0 @@
-import fs from "node:fs/promises";
-import path from "node:path";
-import { spawn } from "node:child_process";
-export type EnvWriteMode = "created" | "updated" | "appended";
-export interface EnvWriteResult {
-  mode: EnvWriteMode;
-  path: string;
-}
-/**
- * Set `KEY=value` in a `.env` file without disturbing the rest of it.
- *
- * - If the file does not exist, it is created (`created`).
- * - If the key already exists, its line is replaced in place (`updated`).
- * - Otherwise the assignment is appended to the end (`appended`).
- *
- * The file is written/owned at mode 0600 since it holds a secret. Values that
- * contain whitespace or shell-significant characters are double-quoted.
- */
-export async function writeEnvVar(
-  envPath: string,
-  key: string,
-  value: string,
-): Promise<EnvWriteResult> {
-  let content = "";
-  let existed = false;
-  try {
-    content = await fs.readFile(envPath, "utf8");
-    existed = true;
-  } catch {
-    // Missing file — we'll create it below.
-  }
-  const assignment = `${key}=${formatValue(value)}`;
-  // Match `KEY=...` (optionally preceded by `export `) on any line. The `g`
-  // flag ensures *every* occurrence is rewritten, so a file that already has
-  // duplicate entries for the key never keeps a stale value.
-  const keyPattern = new RegExp(
-    `^(\\s*export\\s+)?${escapeRegExp(key)}=.*$`,
-    "gm",
-  );
-  let next: string;
-  let mode: EnvWriteMode;
-  if (keyPattern.test(content)) {
-    next = content.replace(keyPattern, assignment);
-    mode = "updated";
-  } else {
-    let prefix = content;
-    if (prefix.length > 0 && !prefix.endsWith("\n")) prefix += "\n";
-    next = prefix + assignment + "\n";
-    mode = existed ? "appended" : "created";
-  }
-  // Create the parent dir if missing (e.g. ~/.genex on first run).
-  await fs.mkdir(path.dirname(envPath), { recursive: true });
-  await fs.writeFile(envPath, next, { mode: 0o600 });
-  await restrictFilePermissions(envPath);
-  return { mode, path: envPath };
-}
-/**
- * Restrict a secret file to the current user only.
- *
- * On POSIX this is a `chmod 0600`. On Windows, POSIX modes are ignored, so we
- * make a best-effort attempt to strip inherited ACLs and grant only the current
- * user via `icacls`. Every step is non-fatal — if it fails the token is still
- * written (see the Windows caveat in the README).
- */
-async function restrictFilePermissions(filePath: string): Promise<void> {
-  if (process.platform !== "win32") {
-    // writeFile's mode only applies on creation; enforce it for existing files too.
-    await fs.chmod(filePath, 0o600).catch(() => {});
-    return;
-  }
-  const user = process.env.USERNAME ?? process.env.USER;
-  if (!user) return;
-  await new Promise<void>((resolve) => {
-    try {
-      const child = spawn(
-        "icacls",
-        [filePath, "/inheritance:r", "/grant:r", `${user}:F`],
-        { stdio: "ignore" },
-      );
-      child.on("error", () => resolve());
-      child.on("close", () => resolve());
-    } catch {
-      resolve();
-    }
-  });
-}
-function formatValue(value: string): string {
-  if (/[\s#"'$`\\]/.test(value)) {
-    // Quote and escape backslashes/double-quotes for dotenv-style parsers.
-    return `"${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
-  }
-  return value;
-}
-function escapeRegExp(s: string): string {
-  return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}

package/src/lib/project.ts DELETED Viewed

@@ -1,109 +0,0 @@
-import crypto from "node:crypto";
-import type { Logger } from "../utils/logger.ts";
-import { c } from "../utils/colors.ts";
-import type { ProjectMetadata } from "./store.ts";
-export interface CreateProjectOptions {
-  /** API base URL (e.g. https://demo-api.glotech.world or http://localhost:3000). */
-  apiUrl: string;
-  /** Bearer token (from ~/.genex/env). */
-  token: string;
-  /** Desired project name (the API slugifies it). */
-  name: string;
-  /** OpenSSH PUBLIC key registered as the repo's write deploy key (required). */
-  deployKey: string;
-  /** Colyseus relay URL, stored in metadata for the game's connect(). */
-  colyseusUrl: string;
-  /** Auth/web origin, used to print the dashboard link. */
-  dashboardUrl: string;
-  log: Logger;
-}
-interface ProjectResponse {
-  project?: {
-    id: string;
-    slug: string;
-    title: string;
-    playUrl?: string | null;
-  };
-  sshUrl?: string;
-  error?: string;
-}
-/**
- * Create a draft project via `POST /api/projects { name, deployKey }`. Returns
- * the project metadata (incl. the `sshUrl` the agent pushes to) for the caller
- * to persist, or null on failure. Best-effort: a network/HTTP failure is logged
- * and returns null — it never aborts `genex init` (the token is already saved).
- */
-export async function createDraftProject(
-  opts: CreateProjectOptions,
-): Promise<ProjectMetadata | null> {
-  const { apiUrl, token, deployKey, colyseusUrl, dashboardUrl, log } = opts;
-  log.step("Creating your project…");
-  // Try the requested name, then one retry with a unique suffix on a slug clash.
-  const names = [opts.name, `${opts.name}-${randomSuffix()}`];
-  for (let i = 0; i < names.length; i++) {
-    const name = names[i] as string;
-    let res: Response;
-    try {
-      res = await fetch(`${apiUrl}/api/projects`, {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${token}`,
-        },
-        body: JSON.stringify({ name, deployKey }),
-      });
-    } catch (err) {
-      log.warn(`Couldn't reach the API at ${apiUrl} to create the project.`);
-      log.dim(`  ${String(err)}`);
-      return null;
-    }
-    if (res.status === 409 && i === 0) continue; // slug taken — retry suffixed
-    if (res.status === 401) {
-      log.warn("Not authorized to create the project (token rejected).");
-      return null;
-    }
-    if (res.status === 400) {
-      log.warn("The API rejected the deploy key (must be an OpenSSH public key).");
-      return null;
-    }
-    if (!res.ok) {
-      log.warn(`Couldn't create the project (HTTP ${res.status}).`);
-      return null;
-    }
-    const data = (await res.json().catch(() => null)) as ProjectResponse | null;
-    const project = data?.project;
-    if (!project || !data?.sshUrl) {
-      log.warn("Project created, but the API response was unexpected.");
-      return null;
-    }
-    log.success(`Created project ${c.cyan(project.slug)}.`);
-    if (project.playUrl) log.dim(`  play (after publish): ${project.playUrl}`);
-    log.dim(`  dashboard: ${dashboardUrl}/dashboard`);
-    return {
-      id: project.id,
-      slug: project.slug,
-      sshUrl: data.sshUrl,
-      apiUrl,
-      colyseusUrl,
-      playUrl: project.playUrl ?? undefined,
-      status: "draft",
-    };
-  }
-  log.warn("Couldn't create a project with a unique name. Try `--name <unique>`.");
-  return null;
-}
-function randomSuffix(): string {
-  return crypto.randomBytes(3).toString("hex");
-}