@getlore/cli 0.2.0

package/dist/cli/helpers.d.ts

@@ -0,0 +1,30 @@
+/**
+ * CLI Helper Functions
+ *
+ * Shared utilities for CLI commands.
+ */
+import type { SourceDocument, Quote, Theme } from '../core/types.js';
+/**
+ * Build vector index for ingested sources
+ */
+export declare function buildIndex(dataDir: string, results: Array<{
+    source: SourceDocument;
+    notes: string;
+    transcript: string;
+    insights?: {
+        summary: string;
+        themes: Theme[];
+        quotes: Quote[];
+    };
+}>): Promise<void>;
+/**
+ * Save ingested sources to disk
+ */
+export declare function saveSourcesToDisk(sourcesDir: string, results: Array<{
+    source: SourceDocument;
+    insights?: {
+        summary: string;
+        themes: Theme[];
+        quotes: Quote[];
+    };
+}>): Promise<void>;

package/dist/cli/helpers.js

@@ -0,0 +1,119 @@
+/**
+ * CLI Helper Functions
+ *
+ * Shared utilities for CLI commands.
+ */
+import path from 'path';
+import { mkdir, writeFile } from 'fs/promises';
+import { initializeTables, storeSources, } from '../core/vector-store.js';
+import { generateEmbeddings, createSearchableText } from '../core/embedder.js';
+import { getExtensionRegistry } from '../extensions/registry.js';
+/**
+ * Build vector index for ingested sources
+ */
+export async function buildIndex(dataDir, results) {
+    const dbPath = path.join(dataDir, 'lore.lance');
+    // Initialize tables
+    await initializeTables(dbPath);
+    // Prepare source records
+    const sourceRecords = [];
+    // Collect all texts for batch embedding (source summaries only)
+    const textsToEmbed = [];
+    for (const result of results) {
+        const { source, insights } = result;
+        const summary = insights?.summary || source.content.substring(0, 500);
+        // Add summary for source embedding
+        textsToEmbed.push({
+            id: `source_${source.id}`,
+            text: createSearchableText({ type: 'summary', text: summary, project: source.projects[0] }),
+        });
+    }
+    // Generate embeddings in batch
+    console.log(`  Generating ${textsToEmbed.length} embeddings...`);
+    const embeddings = await generateEmbeddings(textsToEmbed.map((t) => t.text), undefined, {
+        onProgress: (completed, total) => {
+            process.stdout.write(`\r  Embeddings: ${completed}/${total}`);
+        },
+    });
+    console.log('');
+    // Map embeddings back
+    const embeddingMap = new Map();
+    for (let i = 0; i < textsToEmbed.length; i++) {
+        embeddingMap.set(textsToEmbed[i].id, embeddings[i]);
+    }
+    // Build records
+    for (const result of results) {
+        const { source, insights } = result;
+        const summary = insights?.summary || source.content.substring(0, 500);
+        const themes = insights?.themes || [];
+        // Source record
+        sourceRecords.push({
+            source: {
+                id: source.id,
+                title: source.title,
+                source_type: source.source_type,
+                content_type: source.content_type,
+                projects: JSON.stringify(source.projects),
+                tags: JSON.stringify(source.tags),
+                created_at: source.created_at,
+                summary,
+                themes_json: JSON.stringify(themes),
+                quotes_json: JSON.stringify([]),
+                has_full_content: true,
+                vector: [],
+            },
+            vector: embeddingMap.get(`source_${source.id}`) || [],
+        });
+    }
+    // Store in database
+    console.log(`  Storing ${sourceRecords.length} sources...`);
+    await storeSources(dbPath, sourceRecords);
+}
+/**
+ * Save ingested sources to disk
+ */
+export async function saveSourcesToDisk(sourcesDir, results) {
+    const dataDir = path.dirname(sourcesDir);
+    const dbPath = path.join(dataDir, 'lore.lance');
+    const extensionRegistry = await getExtensionRegistry({
+        logger: (message) => console.error(message),
+    });
+    for (const result of results) {
+        const sourceDir = path.join(sourcesDir, result.source.id);
+        await mkdir(sourceDir, { recursive: true });
+        // Save content
+        await writeFile(path.join(sourceDir, 'content.md'), result.source.content);
+        // Save metadata
+        const metadata = {
+            id: result.source.id,
+            title: result.source.title,
+            source_type: result.source.source_type,
+            content_type: result.source.content_type,
+            created_at: result.source.created_at,
+            imported_at: result.source.imported_at,
+            projects: result.source.projects,
+            tags: result.source.tags,
+            source_path: result.source.source_path,
+        };
+        await writeFile(path.join(sourceDir, 'metadata.json'), JSON.stringify(metadata, null, 2));
+        // Save insights if extracted
+        if (result.insights) {
+            await writeFile(path.join(sourceDir, 'insights.json'), JSON.stringify(result.insights, null, 2));
+        }
+        await extensionRegistry.runHook('onSourceCreated', {
+            id: result.source.id,
+            title: result.source.title,
+            source_type: result.source.source_type,
+            content_type: result.source.content_type,
+            created_at: result.source.created_at,
+            imported_at: result.source.imported_at,
+            projects: result.source.projects,
+            tags: result.source.tags,
+            source_path: result.source.source_path,
+        }, {
+            mode: 'cli',
+            dataDir,
+            dbPath,
+        });
+    }
+}

package/dist/core/auth.d.ts

@@ -0,0 +1,62 @@
+/**
+ * Lore - Supabase Auth Session Management
+ *
+ * Stores auth session in ~/.config/lore/auth.json.
+ * Uses its own unauthenticated Supabase client (publishable key only) for the auth flow,
+ * separate from the vector-store singleton.
+ */
+export interface AuthSession {
+    access_token: string;
+    refresh_token: string;
+    expires_at: number;
+    user: {
+        id: string;
+        email: string;
+    };
+}
+export declare function getAuthFilePath(): string;
+export declare function loadAuthSession(): Promise<AuthSession | null>;
+export declare function saveAuthSession(session: AuthSession): Promise<void>;
+export declare function clearAuthSession(): Promise<void>;
+export declare function sendOTP(email: string): Promise<{
+    error?: string;
+}>;
+export declare function verifyOTP(email: string, token: string): Promise<{
+    session?: AuthSession;
+    error?: string;
+}>;
+/**
+ * Extract session from a magic link URL (Supabase sends these for new signups).
+ * Parses the access_token and refresh_token from the URL fragment/query.
+ */
+export declare function sessionFromMagicLink(url: string): Promise<{
+    session?: AuthSession;
+    error?: string;
+}>;
+/**
+ * Get a valid session, auto-refreshing if near expiry (within 5 minutes).
+ * Returns null if no session or refresh fails.
+ */
+export declare function getValidSession(): Promise<AuthSession | null>;
+/**
+ * Quick check: is there a valid (or refreshable) auth session?
+ */
+export declare function isAuthenticated(): Promise<boolean>;
+/**
+ * Start a temporary local HTTP server to catch the Supabase magic link redirect.
+ * The magic link redirects to http://localhost:3000/#access_token=...
+ * This server serves an HTML page that extracts the fragment and POSTs it back.
+ *
+ * Tries the configured redirect port (default 3000), then falls back to
+ * alternatives if that port is occupied.
+ *
+ * Returns a promise that resolves with the auth session when the callback is received,
+ * or null if it times out / all ports fail.
+ */
+export declare function waitForMagicLinkCallback(options: {
+    timeoutMs?: number;
+    onListening?: (port: number) => void;
+}): {
+    promise: Promise<AuthSession | null>;
+    abort: () => void;
+};

package/dist/core/auth.js

@@ -0,0 +1,330 @@
+/**
+ * Lore - Supabase Auth Session Management
+ *
+ * Stores auth session in ~/.config/lore/auth.json.
+ * Uses its own unauthenticated Supabase client (publishable key only) for the auth flow,
+ * separate from the vector-store singleton.
+ */
+import { readFile, writeFile, mkdir, unlink } from 'fs/promises';
+import { existsSync } from 'fs';
+import path from 'path';
+import http from 'http';
+import { createClient } from '@supabase/supabase-js';
+import { getLoreConfigDir, loadLoreConfig } from './config.js';
+// ============================================================================
+// Paths
+// ============================================================================
+const AUTH_FILE = path.join(getLoreConfigDir(), 'auth.json');
+export function getAuthFilePath() {
+    return AUTH_FILE;
+}
+// ============================================================================
+// Session Persistence
+// ============================================================================
+export async function loadAuthSession() {
+    if (!existsSync(AUTH_FILE)) {
+        return null;
+    }
+    try {
+        const content = await readFile(AUTH_FILE, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+export async function saveAuthSession(session) {
+    await mkdir(getLoreConfigDir(), { recursive: true });
+    await writeFile(AUTH_FILE, JSON.stringify(session, null, 2) + '\n', { mode: 0o600 });
+}
+export async function clearAuthSession() {
+    if (existsSync(AUTH_FILE)) {
+        await unlink(AUTH_FILE);
+    }
+}
+// ============================================================================
+// Auth Client (unauthenticated, publishable key only)
+// ============================================================================
+async function getAuthClient() {
+    const config = await loadLoreConfig();
+    const url = config.supabaseUrl;
+    const key = config.supabasePublishableKey;
+    if (!url || !key) {
+        throw new Error('Supabase configuration is missing. This should not happen — please reinstall Lore.');
+    }
+    return createClient(url, key);
+}
+// ============================================================================
+// OTP Flow
+// ============================================================================
+export async function sendOTP(email) {
+    const client = await getAuthClient();
+    const { error } = await client.auth.signInWithOtp({ email });
+    if (error) {
+        return { error: error.message };
+    }
+    return {};
+}
+export async function verifyOTP(email, token) {
+    const client = await getAuthClient();
+    // Try 'magiclink' first (for returning users), then 'email', then 'signup' (for new users)
+    const types = ['magiclink', 'email', 'signup'];
+    for (const type of types) {
+        const { data, error } = await client.auth.verifyOtp({
+            email,
+            token,
+            type,
+        });
+        if (!error && data.session && data.user) {
+            return { session: toAuthSession(data.session, data.user, email) };
+        }
+    }
+    // All types failed — return the last error
+    return { error: 'Token has expired or is invalid. Request a new code with \'lore login\'.' };
+}
+/**
+ * Extract session from a magic link URL (Supabase sends these for new signups).
+ * Parses the access_token and refresh_token from the URL fragment/query.
+ */
+export async function sessionFromMagicLink(url) {
+    try {
+        // Supabase magic links put tokens in the fragment: .../#access_token=...&refresh_token=...
+        const fragment = url.includes('#') ? url.split('#')[1] : url.split('?')[1];
+        if (!fragment) {
+            return { error: 'Could not parse magic link URL' };
+        }
+        const params = new URLSearchParams(fragment);
+        const accessToken = params.get('access_token');
+        const refreshToken = params.get('refresh_token');
+        if (!accessToken || !refreshToken) {
+            return { error: 'Magic link URL missing access_token or refresh_token' };
+        }
+        // Use the tokens to set the session in the Supabase client
+        const client = await getAuthClient();
+        const { data, error } = await client.auth.setSession({
+            access_token: accessToken,
+            refresh_token: refreshToken,
+        });
+        if (error) {
+            return { error: error.message };
+        }
+        if (!data.session || !data.user) {
+            return { error: 'No session returned from magic link' };
+        }
+        return { session: toAuthSession(data.session, data.user) };
+    }
+    catch (err) {
+        return { error: `Failed to parse magic link: ${err}` };
+    }
+}
+// ============================================================================
+// Helpers
+// ============================================================================
+function toAuthSession(session, user, fallbackEmail) {
+    const authSession = {
+        access_token: session.access_token,
+        refresh_token: session.refresh_token,
+        expires_at: session.expires_at || 0,
+        user: {
+            id: user.id,
+            email: user.email || fallbackEmail || '',
+        },
+    };
+    // Fire-and-forget save (caller can also save explicitly)
+    saveAuthSession(authSession);
+    return authSession;
+}
+// ============================================================================
+// Session Validation & Refresh
+// ============================================================================
+/**
+ * Get a valid session, auto-refreshing if near expiry (within 5 minutes).
+ * Returns null if no session or refresh fails.
+ */
+export async function getValidSession() {
+    const session = await loadAuthSession();
+    if (!session)
+        return null;
+    const now = Math.floor(Date.now() / 1000);
+    const bufferSeconds = 5 * 60; // 5 minutes
+    // Session still valid and not near expiry
+    if (session.expires_at > now + bufferSeconds) {
+        return session;
+    }
+    // Try to refresh
+    try {
+        const client = await getAuthClient();
+        const { data, error } = await client.auth.refreshSession({
+            refresh_token: session.refresh_token,
+        });
+        if (error || !data.session || !data.user) {
+            // Refresh failed — session is expired
+            return null;
+        }
+        const refreshed = {
+            access_token: data.session.access_token,
+            refresh_token: data.session.refresh_token,
+            expires_at: data.session.expires_at || 0,
+            user: {
+                id: data.user.id,
+                email: data.user.email || session.user.email,
+            },
+        };
+        await saveAuthSession(refreshed);
+        return refreshed;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Quick check: is there a valid (or refreshable) auth session?
+ */
+export async function isAuthenticated() {
+    const session = await getValidSession();
+    return session !== null;
+}
+// ============================================================================
+// Magic Link Callback Server
+// ============================================================================
+const CALLBACK_HTML = `<!DOCTYPE html>
+<html><head><title>Lore Login</title>
+<style>
+  body { font-family: system-ui, sans-serif; display: flex; justify-content: center;
+         align-items: center; min-height: 100vh; margin: 0; background: #1a1a2e; color: #e0e0e0; }
+  .card { background: #16213e; padding: 2rem 3rem; border-radius: 12px; text-align: center;
+          box-shadow: 0 4px 24px rgba(0,0,0,0.3); }
+  h1 { color: #00d4aa; margin-bottom: 0.5rem; }
+  p { color: #a0a0b0; }
+</style></head>
+<body><div class="card">
+  <h1 id="title">Signing you in...</h1>
+  <p id="msg">Sending credentials to Lore CLI</p>
+</div>
+<script>
+  const hash = window.location.hash.substring(1);
+  if (hash) {
+    fetch('/callback', { method: 'POST', headers: {'Content-Type':'application/x-www-form-urlencoded'}, body: hash })
+      .then(r => r.json())
+      .then(d => {
+        document.getElementById('title').textContent = 'Signed in!';
+        document.getElementById('msg').textContent = d.email ? 'Logged in as ' + d.email + '. You can close this tab.' : 'You can close this tab.';
+      })
+      .catch(() => {
+        document.getElementById('title').textContent = 'Error';
+        document.getElementById('msg').textContent = 'Could not complete login. Try pasting the URL into the terminal.';
+      });
+  } else {
+    document.getElementById('title').textContent = 'No credentials found';
+    document.getElementById('msg').textContent = 'The magic link may have expired.';
+  }
+</script></body></html>`;
+/**
+ * Start a temporary local HTTP server to catch the Supabase magic link redirect.
+ * The magic link redirects to http://localhost:3000/#access_token=...
+ * This server serves an HTML page that extracts the fragment and POSTs it back.
+ *
+ * Tries the configured redirect port (default 3000), then falls back to
+ * alternatives if that port is occupied.
+ *
+ * Returns a promise that resolves with the auth session when the callback is received,
+ * or null if it times out / all ports fail.
+ */
+export function waitForMagicLinkCallback(options) {
+    const { timeoutMs = 120_000, onListening } = options;
+    // Must match the Supabase project's "Site URL" setting.
+    // We use an uncommon port to avoid clashing with dev servers.
+    // Configure in Supabase Dashboard > Auth > URL Configuration > Site URL:
+    //   http://localhost:54321
+    const portsToTry = [54321];
+    let server = null;
+    let timeout;
+    let resolved = false;
+    const promise = new Promise(async (resolve) => {
+        const finish = (session) => {
+            if (resolved)
+                return;
+            resolved = true;
+            clearTimeout(timeout);
+            server?.close();
+            resolve(session);
+        };
+        const handler = (req, res) => {
+            if (req.method === 'GET' && (req.url === '/' || req.url?.startsWith('/#'))) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(CALLBACK_HTML);
+                return;
+            }
+            if (req.method === 'POST' && req.url === '/callback') {
+                let body = '';
+                req.on('data', (chunk) => { body += chunk; });
+                req.on('end', async () => {
+                    try {
+                        const params = new URLSearchParams(body);
+                        const accessToken = params.get('access_token');
+                        const refreshToken = params.get('refresh_token');
+                        if (!accessToken || !refreshToken) {
+                            res.writeHead(400, { 'Content-Type': 'application/json' });
+                            res.end(JSON.stringify({ error: 'Missing tokens' }));
+                            return;
+                        }
+                        const client = await getAuthClient();
+                        const { data, error } = await client.auth.setSession({
+                            access_token: accessToken,
+                            refresh_token: refreshToken,
+                        });
+                        if (error || !data.session || !data.user) {
+                            res.writeHead(400, { 'Content-Type': 'application/json' });
+                            res.end(JSON.stringify({ error: error?.message || 'Session failed' }));
+                            return;
+                        }
+                        const session = toAuthSession(data.session, data.user);
+                        res.writeHead(200, { 'Content-Type': 'application/json' });
+                        res.end(JSON.stringify({ ok: true, email: session.user.email }));
+                        finish(session);
+                    }
+                    catch (err) {
+                        res.writeHead(500, { 'Content-Type': 'application/json' });
+                        res.end(JSON.stringify({ error: String(err) }));
+                    }
+                });
+                return;
+            }
+            res.writeHead(404);
+            res.end();
+        };
+        // Try each port until one works
+        for (const port of portsToTry) {
+            try {
+                server = await tryListen(handler, port);
+                onListening?.(port);
+                break;
+            }
+            catch {
+                // Port in use, try next
+                continue;
+            }
+        }
+        if (!server) {
+            // All ports occupied — fall back to manual flow
+            finish(null);
+            return;
+        }
+        timeout = setTimeout(() => finish(null), timeoutMs);
+    });
+    const abort = () => {
+        if (!resolved) {
+            resolved = true;
+            clearTimeout(timeout);
+            server?.close();
+        }
+    };
+    return { promise, abort };
+}
+function tryListen(handler, port) {
+    return new Promise((resolve, reject) => {
+        const s = http.createServer(handler);
+        s.on('error', reject);
+        s.listen(port, () => resolve(s));
+    });
+}

package/dist/core/config.d.ts

@@ -0,0 +1,41 @@
+/**
+ * Lore - Centralized Config Loader
+ *
+ * Loads configuration from ~/.config/lore/config.json with env var overrides.
+ * Resolution order: process.env > config.json > error
+ *
+ * Service key (SUPABASE_SERVICE_KEY) is env-only and never stored in config.
+ */
+export interface LoreConfig {
+    version: number;
+    supabase_url?: string;
+    supabase_publishable_key?: string;
+    /** @deprecated Use supabase_publishable_key instead */
+    supabase_anon_key?: string;
+    openai_api_key?: string;
+    anthropic_api_key?: string;
+    data_dir?: string;
+}
+export interface ResolvedConfig {
+    supabaseUrl?: string;
+    supabasePublishableKey?: string;
+    openaiApiKey?: string;
+    anthropicApiKey?: string;
+    dataDir?: string;
+}
+export declare function getLoreConfigPath(): string;
+export declare function getLoreConfigDir(): string;
+/**
+ * Load resolved config: process.env takes precedence over config.json.
+ */
+export declare function loadLoreConfig(): Promise<ResolvedConfig>;
+/**
+ * Save config to disk. Only saves non-sensitive keys.
+ * Service key (SUPABASE_SERVICE_KEY) is never stored.
+ */
+export declare function saveLoreConfig(config: Partial<LoreConfig>): Promise<void>;
+/**
+ * Bridge config values into process.env for backward compatibility.
+ * Only sets env vars that aren't already set (env takes precedence).
+ */
+export declare function bridgeConfigToEnv(): Promise<void>;

package/dist/core/config.js

@@ -0,0 +1,96 @@
+/**
+ * Lore - Centralized Config Loader
+ *
+ * Loads configuration from ~/.config/lore/config.json with env var overrides.
+ * Resolution order: process.env > config.json > error
+ *
+ * Service key (SUPABASE_SERVICE_KEY) is env-only and never stored in config.
+ */
+import { readFile, writeFile, mkdir } from 'fs/promises';
+import { existsSync } from 'fs';
+import path from 'path';
+import os from 'os';
+// ============================================================================
+// Hosted Service Defaults (public, safe to ship — RLS protects data)
+// ============================================================================
+const DEFAULT_SUPABASE_URL = 'https://lyuykpxsntxixsdrkjya.supabase.co';
+const DEFAULT_SUPABASE_PUBLISHABLE_KEY = 'sb_publishable_EXHW5HwqNmiiXkhZ7eYIqQ_l1xqfNpa';
+// ============================================================================
+// Paths
+// ============================================================================
+const CONFIG_DIR = path.join(os.homedir(), '.config', 'lore');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+export function getLoreConfigPath() {
+    return CONFIG_FILE;
+}
+export function getLoreConfigDir() {
+    return CONFIG_DIR;
+}
+// ============================================================================
+// Config Loading
+// ============================================================================
+/**
+ * Load config from disk. Returns null if config file doesn't exist.
+ */
+async function loadConfigFile() {
+    if (!existsSync(CONFIG_FILE)) {
+        return null;
+    }
+    try {
+        const content = await readFile(CONFIG_FILE, 'utf-8');
+        return JSON.parse(content);
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Load resolved config: process.env takes precedence over config.json.
+ */
+export async function loadLoreConfig() {
+    const file = await loadConfigFile();
+    return {
+        supabaseUrl: process.env.SUPABASE_URL || file?.supabase_url || DEFAULT_SUPABASE_URL,
+        supabasePublishableKey: process.env.SUPABASE_PUBLISHABLE_KEY || process.env.SUPABASE_ANON_KEY || file?.supabase_publishable_key || file?.supabase_anon_key || DEFAULT_SUPABASE_PUBLISHABLE_KEY,
+        openaiApiKey: process.env.OPENAI_API_KEY || file?.openai_api_key,
+        anthropicApiKey: process.env.ANTHROPIC_API_KEY || file?.anthropic_api_key,
+        dataDir: process.env.LORE_DATA_DIR || file?.data_dir,
+    };
+}
+/**
+ * Save config to disk. Only saves non-sensitive keys.
+ * Service key (SUPABASE_SERVICE_KEY) is never stored.
+ */
+export async function saveLoreConfig(config) {
+    await mkdir(CONFIG_DIR, { recursive: true });
+    // Merge with existing config
+    const existing = await loadConfigFile();
+    const merged = {
+        version: 1,
+        ...existing,
+        ...config,
+    };
+    await writeFile(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n');
+}
+/**
+ * Bridge config values into process.env for backward compatibility.
+ * Only sets env vars that aren't already set (env takes precedence).
+ */
+export async function bridgeConfigToEnv() {
+    const config = await loadLoreConfig();
+    if (config.supabaseUrl && !process.env.SUPABASE_URL) {
+        process.env.SUPABASE_URL = config.supabaseUrl;
+    }
+    if (config.supabasePublishableKey && !process.env.SUPABASE_PUBLISHABLE_KEY) {
+        process.env.SUPABASE_PUBLISHABLE_KEY = config.supabasePublishableKey;
+    }
+    if (config.openaiApiKey && !process.env.OPENAI_API_KEY) {
+        process.env.OPENAI_API_KEY = config.openaiApiKey;
+    }
+    if (config.anthropicApiKey && !process.env.ANTHROPIC_API_KEY) {
+        process.env.ANTHROPIC_API_KEY = config.anthropicApiKey;
+    }
+    if (config.dataDir && !process.env.LORE_DATA_DIR) {
+        process.env.LORE_DATA_DIR = config.dataDir;
+    }
+}