@haystackeditor/cli 0.12.3 → 0.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -241,7 +241,7 @@ The `setup` wizard writes `.haystack.json` to your repos with discovered rules,
241
241
  ## How It Works
242
242
 
243
243
  1. Run `haystack setup` to configure your repos (or `haystack init` for local-only config)
244
- 2. Install the [Haystack GitHub App](https://haystackeditor.com/github-app)
244
+ 2. Install the [Haystack GitHub App](https://github.com/apps/haystack-code-reviewer-pr-hook/installations/new)
245
245
  3. When PRs are opened, Haystack automatically:
246
246
  - Analyzes the code for bugs, instruction drift, and rule violations
247
247
  - Reports results on the PR
@@ -8,7 +8,7 @@ import chalk from 'chalk';
8
8
  import { readFileSync, writeFileSync } from 'fs';
9
9
  import { resolve } from 'path';
10
10
  import { execSync } from 'child_process';
11
- import { loadToken } from './login.js';
11
+ import { resolveAuthContext } from '../utils/auth.js';
12
12
  import { AI_REVIEWER_SOURCES, AI_REVIEWER_DISPLAY_NAMES, AI_REVIEWER_BOT_USERNAMES } from '../types.js';
13
13
  const API_BASE = 'https://haystackeditor.com/api/preferences';
14
14
  const AGENTIC_TOOL_LABELS = {
@@ -64,12 +64,14 @@ function setPreference(key, value) {
64
64
  // API helpers (user-level preferences)
65
65
  // ============================================================================
66
66
  async function requireAuth() {
67
- const token = await loadToken();
68
- if (!token) {
69
- console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
67
+ try {
68
+ const authContext = await resolveAuthContext();
69
+ return authContext.token;
70
+ }
71
+ catch (err) {
72
+ console.error(chalk.red(`\n${err.message}\n`));
70
73
  process.exit(1);
71
74
  }
72
- return token;
73
75
  }
74
76
  async function apiRequest(method, token, body) {
75
77
  return fetch(API_BASE, {
@@ -13,7 +13,7 @@
13
13
  * https://github.com/owner/repo/pull/123 # GitHub URL
14
14
  */
15
15
  import chalk from 'chalk';
16
- import { loadToken } from './login.js';
16
+ import { resolveAuthContext } from '../utils/auth.js';
17
17
  import { parseRemoteUrl } from '../utils/git.js';
18
18
  // ============================================================================
19
19
  // PR identifier parsing (shared with triage — duplicated to avoid circular deps)
@@ -125,9 +125,12 @@ async function runOverride(identifier, type, commandName) {
125
125
  process.exit(1);
126
126
  }
127
127
  // Require auth
128
- const token = await loadToken();
129
- if (!token) {
130
- console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
128
+ let authContext;
129
+ try {
130
+ authContext = await resolveAuthContext({ owner: pr.owner, repo: pr.repo });
131
+ }
132
+ catch (err) {
133
+ console.error(chalk.red(`\n${err.message}\n`));
131
134
  process.exit(1);
132
135
  }
133
136
  const prLabel = `${pr.owner}/${pr.repo}#${pr.prNumber}`;
@@ -139,7 +142,7 @@ async function runOverride(identifier, type, commandName) {
139
142
  // Get PR HEAD SHA
140
143
  let headSha;
141
144
  try {
142
- headSha = await getPRHeadSha(pr.owner, pr.repo, pr.prNumber, token);
145
+ headSha = await getPRHeadSha(pr.owner, pr.repo, pr.prNumber, authContext.token);
143
146
  }
144
147
  catch (err) {
145
148
  console.error(chalk.red(`\n${err.message}\n`));
@@ -147,7 +150,7 @@ async function runOverride(identifier, type, commandName) {
147
150
  }
148
151
  // Post the override
149
152
  try {
150
- await postUserOverride(repoFullName, pr.prNumber, headSha, type, token);
153
+ await postUserOverride(repoFullName, pr.prNumber, headSha, type, authContext.token);
151
154
  }
152
155
  catch (err) {
153
156
  console.error(chalk.red(`\n${err.message}\n`));
@@ -182,16 +185,19 @@ export async function undismissCommand(identifier) {
182
185
  console.error(chalk.red(`\n${err.message}\n`));
183
186
  process.exit(1);
184
187
  }
185
- const token = await loadToken();
186
- if (!token) {
187
- console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
188
+ let authContext;
189
+ try {
190
+ authContext = await resolveAuthContext({ owner: pr.owner, repo: pr.repo });
191
+ }
192
+ catch (err) {
193
+ console.error(chalk.red(`\n${err.message}\n`));
188
194
  process.exit(1);
189
195
  }
190
196
  const prLabel = `${pr.owner}/${pr.repo}#${pr.prNumber}`;
191
197
  const repoFullName = `${pr.owner}/${pr.repo}`;
192
198
  console.log(chalk.dim(`\nClearing overrides for ${prLabel}...`));
193
199
  try {
194
- await deleteUserOverrides(repoFullName, pr.prNumber, token);
200
+ await deleteUserOverrides(repoFullName, pr.prNumber, authContext.token);
195
201
  }
196
202
  catch (err) {
197
203
  console.error(chalk.red(`\n${err.message}\n`));
@@ -1,9 +1,8 @@
1
1
  /**
2
2
  * Login command - GitHub OAuth device flow
3
3
  */
4
- /**
5
- * Load token from disk
6
- */
7
- export declare function loadToken(): Promise<string | null>;
8
4
  export declare function loginCommand(): Promise<void>;
9
- export declare function logoutCommand(): Promise<void>;
5
+ export declare function logoutCommand(login?: string): Promise<void>;
6
+ export declare function whoamiCommand(): Promise<void>;
7
+ export declare function authListCommand(): Promise<void>;
8
+ export declare function authUseCommand(login: string): Promise<void>;
@@ -2,12 +2,12 @@
2
2
  * Login command - GitHub OAuth device flow
3
3
  */
4
4
  import chalk from 'chalk';
5
- import * as fs from 'fs/promises';
6
5
  import * as path from 'path';
7
6
  import * as os from 'os';
7
+ import { getActiveLogin, getRepoDefaultAccount, listStoredAccounts, removeAccount, saveAuthenticatedToken, setActiveAccount, } from '../utils/auth.js';
8
+ import { parseRemoteUrl } from '../utils/git.js';
8
9
  const GITHUB_CLIENT_ID = 'Ov23liW3JE38D3gZWa85'; // Haystack GitHub OAuth App
9
10
  const CONFIG_DIR = path.join(os.homedir(), '.haystack');
10
- const TOKEN_FILE = path.join(CONFIG_DIR, 'credentials.json');
11
11
  /**
12
12
  * Start device flow and get user code
13
13
  */
@@ -68,66 +68,15 @@ async function pollForToken(deviceCode, interval) {
68
68
  throw new Error(`OAuth error: ${data.error}`);
69
69
  }
70
70
  }
71
- /**
72
- * Save token to disk
73
- */
74
- async function saveToken(token) {
75
- await fs.mkdir(CONFIG_DIR, { recursive: true });
76
- const credentials = {
77
- github_token: token,
78
- created_at: new Date().toISOString(),
79
- };
80
- await fs.writeFile(TOKEN_FILE, JSON.stringify(credentials, null, 2), {
81
- mode: 0o600, // Owner read/write only
82
- });
83
- }
84
- /**
85
- * Load token from disk
86
- */
87
- export async function loadToken() {
88
- try {
89
- const content = await fs.readFile(TOKEN_FILE, 'utf-8');
90
- const credentials = JSON.parse(content);
91
- return credentials.github_token;
92
- }
93
- catch {
94
- return null;
95
- }
96
- }
97
- /**
98
- * Verify token is valid by calling GitHub API
99
- */
100
- async function verifyToken(token) {
101
- try {
102
- const response = await fetch('https://api.github.com/user', {
103
- headers: {
104
- 'Authorization': `Bearer ${token}`,
105
- 'User-Agent': 'Haystack-CLI',
106
- },
107
- });
108
- if (!response.ok) {
109
- return null;
110
- }
111
- return response.json();
112
- }
113
- catch {
114
- return null;
115
- }
116
- }
117
71
  export async function loginCommand() {
118
- console.log(chalk.bold('\nHaystack Login\n'));
119
- // Check if already logged in
120
- const existingToken = await loadToken();
121
- if (existingToken) {
122
- const user = await verifyToken(existingToken);
123
- if (user) {
124
- console.log(chalk.green(`Already logged in as ${chalk.bold(user.login)}`));
125
- console.log(chalk.dim('Run `haystack logout` to sign out.\n'));
126
- return;
127
- }
128
- }
129
- console.log('Authenticating with GitHub...\n');
130
72
  try {
73
+ console.log(chalk.bold('\nHaystack Login\n'));
74
+ const activeLogin = await getActiveLogin();
75
+ if (activeLogin) {
76
+ console.log(chalk.dim(`Current active account: ${chalk.bold(activeLogin)}`));
77
+ console.log(chalk.dim('This login will add or refresh a saved account and make it active.\n'));
78
+ }
79
+ console.log('Authenticating with GitHub...\n');
131
80
  // Start device flow
132
81
  const deviceFlow = await startDeviceFlow();
133
82
  console.log(chalk.yellow('Open this URL in your browser:\n'));
@@ -138,25 +87,100 @@ export async function loginCommand() {
138
87
  // Poll for token
139
88
  const token = await pollForToken(deviceFlow.device_code, deviceFlow.interval);
140
89
  // Verify and save
141
- const user = await verifyToken(token);
142
- if (!user) {
143
- throw new Error('Failed to verify token');
144
- }
145
- await saveToken(token);
90
+ const user = await saveAuthenticatedToken(token);
146
91
  console.log(chalk.green(`\nLogged in as ${chalk.bold(user.login)}`));
147
- console.log(chalk.dim('Credentials saved to ~/.haystack/credentials.json\n'));
92
+ console.log(chalk.dim(`Credentials saved to ${path.join(CONFIG_DIR, 'credentials.json')}\n`));
148
93
  }
149
94
  catch (error) {
150
95
  console.error(chalk.red(`\nLogin failed: ${error.message}\n`));
151
96
  process.exit(1);
152
97
  }
153
98
  }
154
- export async function logoutCommand() {
99
+ export async function logoutCommand(login) {
155
100
  try {
156
- await fs.unlink(TOKEN_FILE);
157
- console.log(chalk.green('\nLogged out successfully.\n'));
101
+ const removedLogin = await removeAccount(login);
102
+ if (!removedLogin) {
103
+ console.log(chalk.yellow('\nNot logged in.\n'));
104
+ return;
105
+ }
106
+ console.log(chalk.green(`\nRemoved saved account ${chalk.bold(removedLogin)}.`));
107
+ const nextActive = await getActiveLogin();
108
+ if (nextActive) {
109
+ console.log(chalk.dim(`Active account is now ${chalk.bold(nextActive)}.\n`));
110
+ }
111
+ else {
112
+ console.log(chalk.dim('No saved Haystack accounts remain.\n'));
113
+ }
158
114
  }
159
- catch {
160
- console.log(chalk.yellow('\nNot logged in.\n'));
115
+ catch (error) {
116
+ console.error(chalk.red(`\n${error.message}\n`));
117
+ process.exit(1);
118
+ }
119
+ }
120
+ export async function whoamiCommand() {
121
+ try {
122
+ const accounts = await listStoredAccounts();
123
+ if (accounts.length === 0) {
124
+ console.log(chalk.yellow('\nNot logged in.\n'));
125
+ return;
126
+ }
127
+ const active = accounts.find((account) => account.isActive);
128
+ if (!active) {
129
+ console.log(chalk.yellow('\nNo active Haystack account is configured.\n'));
130
+ return;
131
+ }
132
+ console.log(chalk.bold('\nHaystack Account\n'));
133
+ console.log(` ${chalk.dim('Active:')} ${chalk.bold(active.login)}`);
134
+ console.log(` ${chalk.dim('Saved:')} ${accounts.length} account(s)`);
135
+ let remote = null;
136
+ try {
137
+ remote = parseRemoteUrl('origin');
138
+ }
139
+ catch {
140
+ remote = null;
141
+ }
142
+ if (remote) {
143
+ const repoDefault = await getRepoDefaultAccount(remote.owner, remote.repo);
144
+ if (repoDefault) {
145
+ console.log(` ${chalk.dim('Repo:')} ${remote.owner}/${remote.repo} -> ${repoDefault}`);
146
+ }
147
+ }
148
+ console.log('');
149
+ }
150
+ catch (error) {
151
+ console.error(chalk.red(`\n${error.message}\n`));
152
+ process.exit(1);
153
+ }
154
+ }
155
+ export async function authListCommand() {
156
+ try {
157
+ const accounts = await listStoredAccounts();
158
+ if (accounts.length === 0) {
159
+ console.log(chalk.yellow('\nNo saved Haystack accounts.\n'));
160
+ return;
161
+ }
162
+ console.log(chalk.bold('\nSaved Haystack Accounts\n'));
163
+ for (const account of accounts) {
164
+ const marker = account.isActive ? chalk.green('✓') : ' ';
165
+ const repoDefaultNote = account.repoDefaultCount > 0
166
+ ? chalk.dim(` (${account.repoDefaultCount} repo default${account.repoDefaultCount === 1 ? '' : 's'})`)
167
+ : '';
168
+ console.log(` ${marker} ${chalk.bold(account.login)}${repoDefaultNote}`);
169
+ }
170
+ console.log('');
171
+ }
172
+ catch (error) {
173
+ console.error(chalk.red(`\n${error.message}\n`));
174
+ process.exit(1);
175
+ }
176
+ }
177
+ export async function authUseCommand(login) {
178
+ try {
179
+ await setActiveAccount(login);
180
+ console.log(chalk.green(`\nActive Haystack account set to ${chalk.bold(login)}.\n`));
181
+ }
182
+ catch (error) {
183
+ console.error(chalk.red(`\n${error.message}\n`));
184
+ process.exit(1);
161
185
  }
162
186
  }
@@ -11,7 +11,7 @@
11
11
  * https://github.com/owner/repo/pull/123 # GitHub URL
12
12
  */
13
13
  import chalk from 'chalk';
14
- import { loadToken } from './login.js';
14
+ import { resolveAuthContext } from '../utils/auth.js';
15
15
  import { parseRemoteUrl } from '../utils/git.js';
16
16
  // ============================================================================
17
17
  // PR identifier parsing
@@ -120,11 +120,15 @@ export async function prStatusCommand(identifier, options) {
120
120
  console.error(chalk.red(`\n${err.message}\n`));
121
121
  process.exit(1);
122
122
  }
123
- const token = await loadToken();
124
- if (!token) {
125
- console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
123
+ let authContext;
124
+ try {
125
+ authContext = await resolveAuthContext({ owner: pr.owner, repo: pr.repo });
126
+ }
127
+ catch (err) {
128
+ console.error(chalk.red(`\n${err.message}\n`));
126
129
  process.exit(1);
127
130
  }
131
+ const token = authContext.token;
128
132
  const prLabel = `${pr.owner}/${pr.repo}#${pr.prNumber}`;
129
133
  if (!options.json) {
130
134
  console.log(chalk.dim(`\nFetching status for ${prLabel}...\n`));
@@ -13,7 +13,7 @@
13
13
  * https://github.com/owner/repo/pull/123 # GitHub URL
14
14
  */
15
15
  import chalk from 'chalk';
16
- import { loadToken } from './login.js';
16
+ import { resolveAuthContext } from '../utils/auth.js';
17
17
  import { parseRemoteUrl } from '../utils/git.js';
18
18
  import { ensureHaystackLabels, addLabelsToIssue, requestReviewers, } from '../utils/github-api.js';
19
19
  // ============================================================================
@@ -59,18 +59,20 @@ export async function requestReviewCommand(identifier, reviewer) {
59
59
  console.error(chalk.red(`\n${err.message}\n`));
60
60
  process.exit(1);
61
61
  }
62
- // Require auth
63
- const token = await loadToken();
64
- if (!token) {
65
- console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
62
+ let authContext;
63
+ try {
64
+ authContext = await resolveAuthContext({ owner: pr.owner, repo: pr.repo });
65
+ }
66
+ catch (err) {
67
+ console.error(chalk.red(`\n${err.message}\n`));
66
68
  process.exit(1);
67
69
  }
68
70
  const prLabel = `${pr.owner}/${pr.repo}#${pr.prNumber}`;
69
71
  console.log(chalk.dim(`\nRequesting review for ${prLabel}...`));
70
72
  // Ensure the label exists in the repo, then add it to the PR
71
73
  try {
72
- await ensureHaystackLabels(pr.owner, pr.repo, ['haystack:needs-review']);
73
- await addLabelsToIssue(pr.owner, pr.repo, pr.prNumber, ['haystack:needs-review']);
74
+ await ensureHaystackLabels(pr.owner, pr.repo, ['haystack:needs-review'], authContext.token);
75
+ await addLabelsToIssue(pr.owner, pr.repo, pr.prNumber, ['haystack:needs-review'], authContext.token);
74
76
  }
75
77
  catch (err) {
76
78
  console.error(chalk.red(`\nFailed to add label: ${err.message}\n`));
@@ -79,7 +81,7 @@ export async function requestReviewCommand(identifier, reviewer) {
79
81
  // Request specific reviewer if provided
80
82
  if (reviewer) {
81
83
  try {
82
- await requestReviewers(pr.owner, pr.repo, pr.prNumber, [reviewer]);
84
+ await requestReviewers(pr.owner, pr.repo, pr.prNumber, [reviewer], authContext.token);
83
85
  console.log(chalk.green(`\n Review requested from ${reviewer} on ${prLabel}`));
84
86
  }
85
87
  catch (err) {
@@ -16,7 +16,7 @@ import inquirer from 'inquirer';
16
16
  import { execFileSync, execSync } from 'child_process';
17
17
  import { mkdirSync } from 'fs';
18
18
  import { basename, join } from 'path';
19
- import { loadToken } from './login.js';
19
+ import { resolveAuthContext } from '../utils/auth.js';
20
20
  import { hooksInstall } from './hooks.js';
21
21
  import { findGitRoot } from '../utils/hooks.js';
22
22
  import { trackError, trackSetupEvent } from '../utils/telemetry.js';
@@ -473,11 +473,15 @@ async function stepConfirm(selectedRepos, rules, signals, policies, token) {
473
473
  export async function setupCommand() {
474
474
  console.log(chalk.cyan('\n Haystack Setup Wizard\n'));
475
475
  // Step 0: Check login
476
- const token = await loadToken();
477
- if (!token) {
478
- console.log(chalk.yellow(' Not logged in. Run `haystack login` first.\n'));
476
+ let authContext;
477
+ try {
478
+ authContext = await resolveAuthContext();
479
+ }
480
+ catch (err) {
481
+ console.log(chalk.yellow(` ${err.message}\n`));
479
482
  process.exit(1);
480
483
  }
484
+ const token = authContext.token;
481
485
  // Verify token
482
486
  const userResponse = await fetch(`${GITHUB_API}/user`, {
483
487
  headers: {
@@ -10,6 +10,7 @@
10
10
  * - --force: skip triage checks
11
11
  */
12
12
  export interface SubmitOptions {
13
+ account?: string;
13
14
  title?: string;
14
15
  body?: string;
15
16
  bodyFile?: string;
@@ -20,5 +21,7 @@ export interface SubmitOptions {
20
21
  wait?: boolean;
21
22
  autoFix?: boolean;
22
23
  autoMerge?: boolean;
24
+ maxTurns?: number;
25
+ triageTimeout?: number;
23
26
  }
24
27
  export declare function submitCommand(options: SubmitOptions): Promise<void>;