@girardmedia/bootspring 1.2.0 → 2.0.3

package/core/api-client.js

@@ -8,16 +8,17 @@
 const https = require('https');
 const http = require('http');
 const auth = require('./auth');
+const session = require('./session');
 
 const API_BASE = process.env.BOOTSPRING_API_URL || 'https://api.bootspring.com';
-const API_VERSION = 'v1';
+const API_VERSION = 'v1'; // Note: auth routes don't use version prefix
 
 // Cache for API responses
 const cache = new Map();
 const CACHE_TTL = 60000; // 1 minute
 
 /**
- * Make an API request
+ * Make an API request (with version prefix)
  */
 async function request(method, path, data = null, options = {}) {
   const token = auth.getToken();
@@ -29,10 +30,15 @@ async function request(method, path, data = null, options = {}) {
   // Get device ID for request tracking
   const deviceId = auth.getDeviceId();
 
+  // Get project context for tracking
+  const project = session.getEffectiveProject();
+  const projectId = project?.id || null;
+
   const headers = {
     'Content-Type': 'application/json',
     'User-Agent': `bootspring-cli/${require('../package.json').version}`,
     'X-Device-Id': deviceId,
+    ...(projectId && { 'X-Project-Id': projectId }),
     ...options.headers
   };
 
@@ -110,6 +116,86 @@ async function request(method, path, data = null, options = {}) {
   });
 }
 
+/**
+ * Make a direct API request (without version prefix, for /api/projects etc.)
+ */
+async function directRequest(method, path, data = null, options = {}) {
+  const token = auth.getToken();
+  const apiKey = auth.getApiKey();
+  const url = new URL(`/api${path}`, API_BASE);
+  const isHttps = url.protocol === 'https:';
+  const httpModule = isHttps ? https : http;
+
+  const deviceId = auth.getDeviceId();
+  const project = session.getEffectiveProject();
+  const projectId = project?.id || null;
+
+  const headers = {
+    'Content-Type': 'application/json',
+    'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+    'X-Device-Id': deviceId,
+    ...(projectId && { 'X-Project-Id': projectId }),
+    ...options.headers
+  };
+
+  if (apiKey) {
+    headers['X-API-Key'] = apiKey;
+  } else if (token) {
+    headers['Authorization'] = `Bearer ${token}`;
+  }
+
+  return new Promise((resolve, reject) => {
+    const req = httpModule.request(url, {
+      method,
+      headers,
+      timeout: options.timeout || 30000
+    }, (res) => {
+      let body = '';
+      res.on('data', chunk => body += chunk);
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(body);
+          if (res.statusCode >= 400) {
+            const error = new Error(json.message || json.error || 'API Error');
+            error.status = res.statusCode;
+            error.code = json.error || json.code;
+            error.details = json.details;
+            reject(error);
+          } else {
+            resolve(json);
+          }
+        } catch {
+          if (res.statusCode >= 400) {
+            const error = new Error(body || 'API Error');
+            error.status = res.statusCode;
+            reject(error);
+          } else {
+            resolve(body);
+          }
+        }
+      });
+    });
+
+    req.on('error', (err) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new Error('Cannot connect to Bootspring API. Please check your internet connection.'));
+      } else {
+        reject(err);
+      }
+    });
+
+    req.on('timeout', () => {
+      req.destroy();
+      reject(new Error('Request timeout'));
+    });
+
+    if (data) {
+      req.write(JSON.stringify(data));
+    }
+    req.end();
+  });
+}
+
 /**
  * Clear the cache
  */
@@ -175,6 +261,93 @@ function requireAuth() {
  * API methods
  */
 const api = {
+  // Device Authorization Flow
+  async requestDeviceCode() {
+    const deviceContext = auth.getDeviceContext();
+    const url = new URL('/api/v1/auth/device', API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+
+    return new Promise((resolve, reject) => {
+      const req = httpModule.request(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+        },
+        timeout: 10000
+      }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body);
+            if (res.statusCode >= 400) {
+              const error = new Error(json.message || json.error || 'Failed to get device code');
+              error.status = res.statusCode;
+              error.code = json.error;
+              reject(error);
+            } else {
+              resolve(json);
+            }
+          } catch {
+            reject(new Error('Invalid response from API'));
+          }
+        });
+      });
+      req.on('error', reject);
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error('Request timeout'));
+      });
+      req.write(JSON.stringify({ device: deviceContext }));
+      req.end();
+    });
+  },
+
+  async pollDeviceToken(deviceCode) {
+    const url = new URL('/api/v1/auth/device/token', API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+
+    return new Promise((resolve, reject) => {
+      const req = httpModule.request(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+        },
+        timeout: 10000
+      }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body);
+            if (res.statusCode >= 400) {
+              const error = new Error(json.message || json.error || 'Authorization pending');
+              error.status = res.statusCode;
+              error.code = json.error;
+              error.details = json;
+              reject(error);
+            } else {
+              resolve(json);
+            }
+          } catch {
+            reject(new Error('Invalid response from API'));
+          }
+        });
+      });
+      req.on('error', reject);
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error('Request timeout'));
+      });
+      req.write(JSON.stringify({ device_code: deviceCode }));
+      req.end();
+    });
+  },
+
   // Auth
   async login(email, password) {
     const deviceContext = auth.getDeviceContext();
@@ -188,18 +361,25 @@ const api = {
   },
 
   async loginWithApiKey(apiKey) {
-    // Validate API key by calling /auth/me with the key
-    const url = new URL(`/api/${API_VERSION}/auth/me`, API_BASE);
+    // Validate API key by calling /api/keys/validate
+    const url = new URL('/api/keys/validate', API_BASE);
     const isHttps = url.protocol === 'https:';
     const httpModule = isHttps ? https : http;
+    const deviceContext = auth.getDeviceContext();
 
     return new Promise((resolve, reject) => {
+      const requestBody = JSON.stringify({
+        apiKey,
+        deviceFingerprint: deviceContext.deviceId,
+        deviceName: `CLI - ${deviceContext.hostname}`
+      });
+
       const req = httpModule.request(url, {
-        method: 'GET',
+        method: 'POST',
         headers: {
           'Content-Type': 'application/json',
           'User-Agent': `bootspring-cli/${require('../package.json').version}`,
-          'X-API-Key': apiKey
+          'Content-Length': Buffer.byteLength(requestBody)
         },
         timeout: 10000
       }, (res) => {
@@ -208,15 +388,33 @@ const api = {
         res.on('end', () => {
           try {
             const json = JSON.parse(body);
-            if (res.statusCode >= 400) {
-              const error = new Error(json.message || json.error || 'Invalid API key');
+            if (res.statusCode >= 400 || !json.valid) {
+              const error = new Error(json.error || 'Invalid API key');
               error.status = res.statusCode;
-              error.code = json.error || json.code;
+              error.code = json.error;
               reject(error);
             } else {
+              // Build user info from response
+              const user = {
+                tier: json.tier,
+                scopes: json.scopes
+              };
+
               // Save API key and user info
-              auth.loginWithApiKey(apiKey, json.user);
-              resolve(json);
+              auth.loginWithApiKey(apiKey, user);
+
+              // If key has a project, auto-set project context
+              if (json.project) {
+                session.setCurrentProject(json.project);
+                session.addRecentProject(json.project);
+              }
+
+              resolve({
+                user,
+                project: json.project,
+                device: json.device,
+                usage: json.usage
+              });
             }
           } catch {
             reject(new Error('Invalid response from API'));
@@ -229,6 +427,7 @@ const api = {
         req.destroy();
         reject(new Error('Request timeout'));
       });
+      req.write(requestBody);
       req.end();
     });
   },
@@ -250,6 +449,61 @@ const api = {
     return request('GET', '/auth/me');
   },
 
+  /**
+   * Validate an API key and get its associated project
+   * @param {string} apiKey - The API key to validate
+   * @returns {Promise<{valid: boolean, tier: string, project: object|null}>}
+   */
+  async validateApiKey(apiKey) {
+    const url = new URL('/api/keys/validate', API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+    const deviceContext = auth.getDeviceContext();
+
+    return new Promise((resolve, reject) => {
+      const requestBody = JSON.stringify({
+        apiKey,
+        deviceFingerprint: deviceContext.deviceId,
+        deviceName: `CLI - ${deviceContext.hostname}`
+      });
+
+      const req = httpModule.request(url, {
+        method: 'POST',
+        headers: {
+          'Content-Type': 'application/json',
+          'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+          'Content-Length': Buffer.byteLength(requestBody)
+        },
+        timeout: 10000
+      }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body);
+            if (res.statusCode >= 400 || !json.valid) {
+              const error = new Error(json.error || 'Invalid API key');
+              error.status = res.statusCode;
+              reject(error);
+            } else {
+              resolve(json);
+            }
+          } catch {
+            reject(new Error('Invalid response from API'));
+          }
+        });
+      });
+
+      req.on('error', reject);
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error('Request timeout'));
+      });
+      req.write(requestBody);
+      req.end();
+    });
+  },
+
   async refreshToken() {
     const refreshToken = auth.getRefreshToken();
     if (!refreshToken) {
@@ -287,6 +541,16 @@ const api = {
     return request('GET', `/agents/${encodeURIComponent(id)}`);
   },
 
+  /**
+   * Get agent context content (requires auth, tier-gated)
+   * @param {string} id - Agent ID
+   * @returns {Promise<{id, name, description, context, tier}>}
+   */
+  async getAgentContext(id) {
+    requireAuth();
+    return request('GET', `/agents/${encodeURIComponent(id)}/context`);
+  },
+
   async invokeAgent(id, projectContext, task) {
     requireAuth();
     return request('POST', `/agents/${encodeURIComponent(id)}/invoke`, {
@@ -301,36 +565,68 @@ const api = {
   },
 
   // Skills
+  /**
+   * List available skills with tier information
+   * @param {object} options - Filter options
+   * @returns {Promise<{skills: Array, categories: Array, userTier: string}>}
+   */
   async listSkills(options = {}) {
     requireAuth();
     const params = new URLSearchParams();
     if (options.category) params.append('category', options.category);
-    if (options.tag) params.append('tag', options.tag);
     if (options.search) params.append('search', options.search);
-    if (options.external) params.append('external', 'true');
 
     const query = params.toString();
     return request('GET', `/skills${query ? '?' + query : ''}`);
   },
 
+  /**
+   * Get skill content (requires auth, tier-gated)
+   * @param {string} skillId - Skill ID (e.g., 'api/route-handler')
+   * @returns {Promise<{id, name, content, tier}>}
+   */
+  async getSkillContent(skillId) {
+    requireAuth();
+    // Split skillId into parts for the API path
+    return request('GET', `/skills/${skillId}`);
+  },
+
+  /**
+   * @deprecated Use getSkillContent instead
+   */
   async getSkill(category, name) {
     requireAuth();
     return request('GET', `/skills/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
   },
 
-  async getExternalSkill(id) {
+  async searchSkills(query, options = {}) {
+    requireAuth();
+    const params = new URLSearchParams();
+    params.append('search', query);
+    if (options.category) params.append('category', options.category);
+    return request('GET', `/skills?${params.toString()}`);
+  },
+
+  // Templates (thin client - served from API)
+  /**
+   * List available templates in a category
+   * @param {string} category - Template category (business, legal, fundraising, etc.)
+   * @returns {Promise<{templates: Array}>}
+   */
+  async listTemplates(category) {
     requireAuth();
-    return request('GET', `/skills/external/${encodeURIComponent(id)}`);
+    return request('GET', `/templates/${encodeURIComponent(category)}`);
   },
 
-  async searchSkills(query, options = {}) {
+  /**
+   * Get template content
+   * @param {string} category - Template category
+   * @param {string} name - Template name/file
+   * @returns {Promise<{name, content, variables}>}
+   */
+  async getTemplate(category, name) {
     requireAuth();
-    return request('POST', '/skills/search', {
-      query,
-      categories: options.categories,
-      tags: options.tags,
-      includeExternal: options.includeExternal
-    });
+    return request('GET', `/templates/${encodeURIComponent(category)}/${encodeURIComponent(name)}`);
   },
 
   // Orchestrator
@@ -432,6 +728,222 @@ const api = {
   async getInvoices() {
     requireAuth();
     return request('GET', '/billing/invoices');
+  },
+
+  // Entitlements (v1)
+  async resolveEntitlements() {
+    requireAuth();
+    return request('GET', '/entitlements/resolve', null, { noCache: false });
+  },
+
+  // Usage Tracking (v1)
+  async trackUsage(type, metadata = {}) {
+    requireAuth();
+    return request('POST', '/track', { type, metadata });
+  },
+
+  // Telemetry Batch Upload (v1)
+  async uploadTelemetryBatch(events, batchInfo = {}) {
+    requireAuth();
+    const batchId = batchInfo.id || require('crypto').randomUUID();
+    return request('POST', '/events/batch', {
+      source: 'bootspring',
+      batch: {
+        index: batchInfo.index || 0,
+        total: batchInfo.total || 1,
+        id: batchId
+      },
+      events
+    }, {
+      headers: {
+        'X-Bootspring-Batch-Id': batchId
+      }
+    });
+  },
+
+  // Projects (from /api/auth/device/projects)
+  async listProjects() {
+    requireAuth();
+    // Projects endpoint is under auth, not v1
+    const url = new URL('/api/auth/device/projects', API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+    const apiKey = auth.getApiKey();
+    const token = auth.getToken();
+
+    return new Promise((resolve, reject) => {
+      const headers = {
+        'Content-Type': 'application/json',
+        'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+      };
+      if (apiKey) {
+        headers['X-API-Key'] = apiKey;
+      } else if (token) {
+        headers['Authorization'] = `Bearer ${token}`;
+      }
+
+      const req = httpModule.request(url, {
+        method: 'GET',
+        headers,
+        timeout: 10000
+      }, (res) => {
+        let body = '';
+        res.on('data', chunk => body += chunk);
+        res.on('end', () => {
+          try {
+            const json = JSON.parse(body);
+            if (res.statusCode >= 400) {
+              const error = new Error(json.message || json.error || 'Failed to list projects');
+              error.status = res.statusCode;
+              reject(error);
+            } else {
+              resolve(json);
+            }
+          } catch {
+            reject(new Error('Invalid response from API'));
+          }
+        });
+      });
+      req.on('error', reject);
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error('Request timeout'));
+      });
+      req.end();
+    });
+  },
+
+  // Project Members Management
+  async getProjectMembers(projectId) {
+    requireAuth();
+    return directRequest('GET', `/projects/${encodeURIComponent(projectId)}/members`);
+  },
+
+  async addProjectMember(projectId, email, role = 'member') {
+    requireAuth();
+    return directRequest('POST', `/projects/${encodeURIComponent(projectId)}/members`, {
+      email,
+      role
+    });
+  },
+
+  async updateProjectMember(projectId, userId, role) {
+    requireAuth();
+    return directRequest('PATCH', `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`, {
+      role
+    });
+  },
+
+  async removeProjectMember(projectId, userId) {
+    requireAuth();
+    return directRequest('DELETE', `/projects/${encodeURIComponent(projectId)}/members/${encodeURIComponent(userId)}`);
+  },
+
+  async transferProjectOwnership(projectId, newOwnerId) {
+    requireAuth();
+    return directRequest('POST', `/projects/${encodeURIComponent(projectId)}/transfer`, {
+      newOwnerId
+    });
+  },
+
+  async findSimilarProjects(name, repoUrl) {
+    requireAuth();
+    const params = new URLSearchParams();
+    if (name) params.set('name', name);
+    if (repoUrl) params.set('repo', repoUrl);
+    return directRequest('GET', `/projects/similar?${params.toString()}`);
+  },
+
+  // Preseed Documents
+  /**
+   * List preseed documents for a project
+   * @param {string} projectId - Project ID
+   * @returns {Promise<{documents: Array, count: number, storage: object}>}
+   */
+  async listPreseedDocuments(projectId) {
+    requireAuth();
+    return directRequest('GET', `/projects/${encodeURIComponent(projectId)}/preseed/documents`);
+  },
+
+  /**
+   * Get a single preseed document content
+   * @param {string} projectId - Project ID
+   * @param {string} documentName - Document name (e.g., 'VISION', 'PRD')
+   * @returns {Promise<{name: string, content: string, format: string}>}
+   */
+  async getPreseedDocument(projectId, documentName) {
+    requireAuth();
+    return directRequest('GET', `/projects/${encodeURIComponent(projectId)}/preseed/documents?name=${encodeURIComponent(documentName)}`);
+  },
+
+  /**
+   * Download preseed documents as ZIP
+   * @param {string} projectId - Project ID
+   * @returns {Promise<Buffer>} ZIP file buffer
+   */
+  async downloadPreseedZip(projectId) {
+    requireAuth();
+    const apiKey = auth.getApiKey();
+    const token = auth.getToken();
+    const url = new URL(`/api/projects/${encodeURIComponent(projectId)}/preseed/documents?format=zip`, API_BASE);
+    const isHttps = url.protocol === 'https:';
+    const httpModule = isHttps ? https : http;
+
+    return new Promise((resolve, reject) => {
+      const headers = {
+        'User-Agent': `bootspring-cli/${require('../package.json').version}`,
+      };
+      if (apiKey) {
+        headers['X-API-Key'] = apiKey;
+      } else if (token) {
+        headers['Authorization'] = `Bearer ${token}`;
+      }
+
+      const req = httpModule.request(url, {
+        method: 'GET',
+        headers,
+        timeout: 60000
+      }, (res) => {
+        if (res.statusCode >= 400) {
+          let body = '';
+          res.on('data', chunk => body += chunk);
+          res.on('end', () => {
+            try {
+              const json = JSON.parse(body);
+              const error = new Error(json.message || json.error || 'Failed to download preseed documents');
+              error.status = res.statusCode;
+              reject(error);
+            } catch {
+              reject(new Error(`HTTP ${res.statusCode}: ${body}`));
+            }
+          });
+          return;
+        }
+
+        const chunks = [];
+        res.on('data', chunk => chunks.push(chunk));
+        res.on('end', () => {
+          resolve(Buffer.concat(chunks));
+        });
+      });
+
+      req.on('error', reject);
+      req.on('timeout', () => {
+        req.destroy();
+        reject(new Error('Request timeout'));
+      });
+      req.end();
+    });
+  },
+
+  /**
+   * Get preseed wizard data for a project
+   * @param {string} projectId - Project ID
+   * @returns {Promise<{wizardData: object, progress: object}>}
+   */
+  async getPreseedWizard(projectId) {
+    requireAuth();
+    return directRequest('GET', `/projects/${encodeURIComponent(projectId)}/preseed/wizard`);
   }
 };
 
@@ -439,6 +951,7 @@ module.exports = {
   API_BASE,
   API_VERSION,
   request,
+  directRequest,
   clearCache,
   healthCheck,
   requireAuth,