@kodiak-finance/orderly-devkit 1.0.2

package/src/commands/view.js

@@ -0,0 +1,76 @@
+const { heading, info, error, getErrorMessage } = require("../shared");
+const { MARKETPLACE_API_BASE_URL } = require("../internal/constants");
+
+module.exports = {
+  command: "view <id>",
+  describe: "View plugin details by ID from Marketplace",
+  builder: (yargs) => {
+    return yargs
+      .positional("id", {
+        type: "string",
+        describe:
+          "string; plugin ID used to fetch details from Marketplace (required)",
+        demandOption: true,
+      })
+      .option("json", {
+        type: "boolean",
+        describe:
+          "boolean; currently does not change output (the command always prints the full JSON payload)",
+        default: false,
+      })
+      .example(
+        "orderly view trading-plugin-id",
+        "Fetch and print plugin details",
+      )
+      .example(
+        "orderly view trading-plugin-id --json",
+        "Fetch and print plugin details as JSON (flag currently does not alter output)",
+      );
+  },
+  handler: async (argv) => {
+    heading("Marketplace Plugin Details");
+
+    const pluginId = String(argv.id || "").trim();
+    if (!pluginId) {
+      error("Plugin ID is required.");
+      process.exitCode = 1;
+      return;
+    }
+
+    const url = `${MARKETPLACE_API_BASE_URL}/plugins/${encodeURIComponent(pluginId)}`;
+
+    try {
+      // Use explicit Accept header for consistent JSON responses across API gateways.
+      const headers = new Headers({ Accept: "application/json" });
+
+      const response = await fetch(url, {
+        method: "GET",
+        headers,
+      });
+
+      const responseData = await response.json().catch(() => null);
+
+      if (response.status === 404) {
+        error(`Plugin not found: ${pluginId}`);
+        process.exitCode = 1;
+        return;
+      }
+
+      if (!response.ok) {
+        const serverMessage = getErrorMessage(responseData, response.status);
+        error(`Failed to fetch plugin: ${serverMessage}`);
+        process.exitCode = 1;
+        return;
+      }
+
+      // Always print full payload to avoid losing fields in formatted output.
+      console.log(JSON.stringify(responseData ?? {}, null, 2));
+    } catch (e) {
+      // Show the exact request target so operators can debug network/env issues quickly.
+      const cause = e?.message || String(e);
+      error(`Request failed while calling ${url}: ${cause}`);
+      info("Please verify network connectivity and API availability.");
+      process.exitCode = 1;
+    }
+  },
+};

package/src/commands/whoami.js

@@ -0,0 +1,19 @@
+const { heading, info, success, warn } = require("../shared");
+const { getEmail, isLoggedIn } = require("../internal/auth");
+
+module.exports = {
+  command: "whoami",
+  describe: "Display current logged in user",
+  handler: async () => {
+    heading("Current User");
+
+    if (!isLoggedIn()) {
+      warn("You are not logged in.");
+      info("Run 'orderly login' to authenticate.");
+      return;
+    }
+
+    const email = getEmail();
+    success(`Logged in as: ${email}`);
+  },
+};

package/src/internal/auth.js

@@ -0,0 +1,222 @@
+const fs = require("fs");
+const path = require("path");
+const { MARKETPLACE_API_BASE_URL } = require("./constants");
+
+const AUTH_DIR = path.join(
+  process.env.HOME || process.env.USERPROFILE,
+  ".orderly",
+);
+const AUTH_FILE = path.join(AUTH_DIR, "auth.json");
+const DEFAULT_HTTP_TIMEOUT_MS = 15000;
+const HTTP_TIMEOUT_MS = Number.parseInt(
+  process.env.ORDERLY_HTTP_TIMEOUT_MS || `${DEFAULT_HTTP_TIMEOUT_MS}`,
+  10,
+);
+
+function ensureAuthDir() {
+  if (!fs.existsSync(AUTH_DIR)) {
+    fs.mkdirSync(AUTH_DIR, { recursive: true });
+  }
+}
+
+function readAuth() {
+  try {
+    if (fs.existsSync(AUTH_FILE)) {
+      return JSON.parse(fs.readFileSync(AUTH_FILE, "utf-8"));
+    }
+  } catch (e) {
+    // Ignore errors, return empty
+  }
+  return null;
+}
+
+function writeAuth(data) {
+  ensureAuthDir();
+  fs.writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2));
+}
+
+function saveToken(token, email = null) {
+  writeAuth({ token, email });
+}
+
+function saveOAuthToken(tokenData) {
+  // Use email if available, otherwise use username
+  writeAuth({
+    token: tokenData.token,
+    refreshToken: tokenData.refreshToken || null,
+    email: tokenData.email || null,
+    username: tokenData.username || null,
+    avatarUrl: tokenData.avatarUrl || null,
+    loginMethod: "github",
+    loginAt: new Date().toISOString(),
+  });
+}
+
+function getToken() {
+  const auth = readAuth();
+  return auth?.token || null;
+}
+
+function getEmail() {
+  const auth = readAuth();
+  // Prefer email, fall back to username
+  return auth?.email || auth?.username || null;
+}
+
+function getRefreshToken() {
+  const auth = readAuth();
+  return auth?.refreshToken || null;
+}
+
+/**
+ * Build a deterministic timeout budget for CLI HTTP calls.
+ * @returns {number}
+ */
+function getHttpTimeoutMs() {
+  if (Number.isFinite(HTTP_TIMEOUT_MS) && HTTP_TIMEOUT_MS > 0) {
+    return HTTP_TIMEOUT_MS;
+  }
+  return DEFAULT_HTTP_TIMEOUT_MS;
+}
+
+/**
+ * Execute fetch with timeout so CLI does not wait forever on stalled network.
+ * @param {string} url
+ * @param {RequestInit} init
+ * @param {number} timeoutMs
+ * @returns {Promise<Response>}
+ */
+async function fetchWithTimeout(url, init, timeoutMs) {
+  const controller = new AbortController();
+  const timeoutId = setTimeout(() => {
+    controller.abort(`Request timed out after ${timeoutMs}ms`);
+  }, timeoutMs);
+
+  try {
+    return await fetch(url, {
+      ...init,
+      signal: controller.signal,
+    });
+  } finally {
+    clearTimeout(timeoutId);
+  }
+}
+
+/**
+ * Rotate CLI tokens using refresh token and persist new credentials.
+ * @param {{ onAuthEvent?: (event: string, details?: Record<string, unknown>) => void }} options
+ */
+async function refreshCliToken(options = {}) {
+  const { onAuthEvent } = options;
+  const auth = readAuth();
+  const refreshToken = auth?.refreshToken;
+  if (!refreshToken) {
+    onAuthEvent?.("refresh_missing");
+    return null;
+  }
+
+  try {
+    const refreshUrl = `${MARKETPLACE_API_BASE_URL}/auth/refresh-cli`;
+    onAuthEvent?.("refresh_started", { url: refreshUrl });
+    const response = await fetchWithTimeout(
+      refreshUrl,
+      {
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          Accept: "application/json",
+        },
+        body: JSON.stringify({ refreshToken }),
+      },
+      getHttpTimeoutMs(),
+    );
+
+    if (!response.ok) {
+      onAuthEvent?.("refresh_failed", { status: response.status });
+      return null;
+    }
+
+    const data = await response.json();
+    if (!data?.accessToken || !data?.refreshToken) {
+      onAuthEvent?.("refresh_invalid_payload");
+      return null;
+    }
+
+    writeAuth({
+      ...auth,
+      token: data.accessToken,
+      refreshToken: data.refreshToken,
+      refreshedAt: new Date().toISOString(),
+    });
+    onAuthEvent?.("refresh_succeeded");
+    return data.accessToken;
+  } catch (e) {
+    onAuthEvent?.("refresh_error", {
+      message: e?.message || String(e),
+    });
+    return null;
+  }
+}
+
+/**
+ * Send authenticated request and retry once after token refresh on 401.
+ * @param {{ onAuthEvent?: (event: string, details?: Record<string, unknown>) => void }} options
+ */
+async function authenticatedFetch(url, init = {}, options = {}) {
+  const { onAuthEvent } = options;
+  const token = getToken();
+  const timeoutMs = getHttpTimeoutMs();
+  if (!token) {
+    return fetchWithTimeout(url, init, timeoutMs);
+  }
+
+  const firstHeaders = new Headers(init.headers || {});
+  firstHeaders.set("Authorization", `Bearer ${token}`);
+  let response = await fetchWithTimeout(
+    url,
+    { ...init, headers: firstHeaders },
+    timeoutMs,
+  );
+  if (response.status !== 401) {
+    return response;
+  }
+
+  onAuthEvent?.("request_unauthorized", { status: response.status });
+  const nextToken = await refreshCliToken({ onAuthEvent });
+  if (!nextToken) {
+    return response;
+  }
+
+  const retryHeaders = new Headers(init.headers || {});
+  retryHeaders.set("Authorization", `Bearer ${nextToken}`);
+  onAuthEvent?.("request_retry_started");
+  response = await fetchWithTimeout(
+    url,
+    { ...init, headers: retryHeaders },
+    timeoutMs,
+  );
+  return response;
+}
+
+function isLoggedIn() {
+  const token = getToken();
+  return !!token;
+}
+
+function logout() {
+  if (fs.existsSync(AUTH_FILE)) {
+    fs.unlinkSync(AUTH_FILE);
+  }
+}
+
+module.exports = {
+  saveToken,
+  saveOAuthToken,
+  getToken,
+  getEmail,
+  getRefreshToken,
+  isLoggedIn,
+  logout,
+  authenticatedFetch,
+  refreshCliToken,
+};

package/src/internal/constants.js

@@ -0,0 +1,80 @@
+// Known interceptor targets from the plugin system
+const INTERCEPTOR_TARGETS = [
+  "Trading.Layout.Desktop",
+  "Trading.Layout.Mobile",
+  "Trading.OrderEntry.TypeTabs",
+  "Trading.OrderEntry.BuySellSwitch",
+  "Trading.OrderEntry.Available",
+  "Trading.OrderEntry.QuantitySlider",
+  "Trading.OrderEntry.SubmitSection",
+  "OrderBook.Desktop.Asks",
+  "OrderBook.Desktop.Bids",
+  "Deposit.DepositForm",
+  "Deposit.WithdrawForm",
+  "Account.AccountMenu",
+  "Layout.MainMenus",
+  "Table.EmptyDataIdentifier",
+];
+
+// Module types supported
+const MODULE_TYPES = ["page", "component", "hook", "utils", "module"];
+
+const MARKETPLACE_API_BASE_URL =
+  process.env.ORDERLY_API_URL ||
+  "https://orderly-plugin-marketplace-server.vercel.app";
+const MARKETPLACE_WEB_BASE_URL =
+  process.env.ORDERLY_WEB_URL ||
+  "https://orderly-plugin-marketplace.vercel.app";
+
+const MARKETPLACE_API_PLUGINS_URL = `${MARKETPLACE_API_BASE_URL}/plugins`;
+const MARKETPLACE_API_MY_PLUGINS_URL = `${MARKETPLACE_API_BASE_URL}/my-plugins`;
+/**
+ * Build plugin self-status endpoint for author-owned status updates.
+ * @param {string} pluginId
+ * @returns {string}
+ */
+function getMarketplaceApiPluginSelfStatusUrl(pluginId) {
+  return `${MARKETPLACE_API_PLUGINS_URL}/${encodeURIComponent(pluginId)}/self-status`;
+}
+/**
+ * Build plugin detail endpoint for plugin-level operations.
+ * @param {string} pluginId
+ * @returns {string}
+ */
+function getMarketplaceApiPluginUrl(pluginId) {
+  return `${MARKETPLACE_API_PLUGINS_URL}/${encodeURIComponent(pluginId)}`;
+}
+
+const CLI_CALLBACK_PORT = 9876;
+const CLI_LOGIN_TIMEOUT_MS = 3 * 60 * 1000; // 3 minutes
+const MARKETPLACE_WEB_LOGIN_URL = `${MARKETPLACE_WEB_BASE_URL}/cli/login`;
+
+/** GitHub shorthand for https://github.com/OrderlyNetwork/orderly-skills (Vercel skills CLI). */
+const ORDERLY_SKILLS_REPO = "OrderlyNetwork/orderly-skills";
+
+/** Default skill IDs from orderly-skills README (install all four non-interactively). */
+const ORDERLY_PLUGIN_SKILL_NAMES = [
+  "orderly-plugin-create",
+  "orderly-plugin-write",
+  "orderly-plugin-add",
+  "orderly-plugin-submit",
+];
+
+/** Default MCP server key in mcpServers (matches @orderly.network/sdk-docs install --name default). */
+const DEFAULT_ORDERLY_SDK_DOCS_MCP_NAME = "orderly-sdk-docs";
+
+module.exports = {
+  INTERCEPTOR_TARGETS,
+  MODULE_TYPES,
+  MARKETPLACE_API_BASE_URL,
+  MARKETPLACE_API_PLUGINS_URL,
+  MARKETPLACE_API_MY_PLUGINS_URL,
+  getMarketplaceApiPluginUrl,
+  getMarketplaceApiPluginSelfStatusUrl,
+  CLI_CALLBACK_PORT,
+  CLI_LOGIN_TIMEOUT_MS,
+  MARKETPLACE_WEB_LOGIN_URL,
+  ORDERLY_SKILLS_REPO,
+  ORDERLY_PLUGIN_SKILL_NAMES,
+  DEFAULT_ORDERLY_SDK_DOCS_MCP_NAME,
+};

package/src/internal/login-server.js

@@ -0,0 +1,114 @@
+const http = require("http");
+const { MARKETPLACE_WEB_BASE_URL } = require("./constants");
+
+const SUCCESS_HTML = `<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"><title>Login Successful</title></head>
+<body style="display:flex;justify-content:center;align-items:center;height:100vh;margin:0;font-family:system-ui,sans-serif;background:#0f172a;color:#e2e8f0">
+  <div style="text-align:center">
+    <div style="font-size:48px;margin-bottom:16px">&#10003;</div>
+    <h1 style="margin:0 0 8px">Login Successful!</h1>
+    <p style="color:#94a3b8">You can close this tab and return to the CLI.</p>
+  </div>
+</body>
+</html>`;
+
+const ERROR_HTML = (msg) => `<!DOCTYPE html>
+<html>
+<head><meta charset="utf-8"><title>Login Failed</title></head>
+<body style="display:flex;justify-content:center;align-items:center;height:100vh;margin:0;font-family:system-ui,sans-serif;background:#0f172a;color:#e2e8f0">
+  <div style="text-align:center">
+    <div style="font-size:48px;margin-bottom:16px">&#10007;</div>
+    <h1 style="margin:0 0 8px">Login Failed</h1>
+    <p style="color:#f87171">${msg}</p>
+  </div>
+</body>
+</html>`;
+
+function setCorsHeaders(res) {
+  // Allow configured marketplace web origin and keep localhost fallback for local dev login pages.
+  const allowedOrigin = MARKETPLACE_WEB_BASE_URL || "http://localhost:3030";
+  res.setHeader("Access-Control-Allow-Origin", allowedOrigin);
+  res.setHeader("Access-Control-Allow-Methods", "GET, OPTIONS");
+  res.setHeader("Access-Control-Allow-Headers", "Content-Type");
+}
+
+function startCallbackServer({ port, state }) {
+  let resolveToken;
+  const waitForToken = new Promise((resolve) => {
+    resolveToken = resolve;
+  });
+
+  const server = http.createServer((req, res) => {
+    const url = new URL(req.url, `http://localhost:${port}`);
+
+    // Only handle /callback
+    if (url.pathname !== "/callback") {
+      res.writeHead(404, { "Content-Type": "text/plain" });
+      res.end("Not Found");
+      return;
+    }
+
+    // CORS preflight
+    if (req.method === "OPTIONS") {
+      setCorsHeaders(res);
+      res.writeHead(204);
+      res.end();
+      return;
+    }
+
+    // Only accept GET
+    if (req.method !== "GET") {
+      res.writeHead(405, { "Content-Type": "text/plain" });
+      res.end("Method Not Allowed");
+      return;
+    }
+
+    setCorsHeaders(res);
+
+    // Read token and state from URL query parameters
+    // Support both "token" and "access_token" for compatibility
+    const token =
+      url.searchParams.get("token") || url.searchParams.get("access_token");
+    const refreshToken = url.searchParams.get("refresh_token");
+    const receivedState = url.searchParams.get("state");
+    const username = url.searchParams.get("username");
+    const avatarUrl = url.searchParams.get("avatar_url");
+
+    // Validate CSRF state
+    if (!receivedState || receivedState !== state) {
+      res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(ERROR_HTML("Invalid state token. Please try again."));
+      return;
+    }
+
+    // Validate token
+    if (!token || typeof token !== "string") {
+      res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(ERROR_HTML("Missing token. Please try again."));
+      return;
+    }
+    if (!refreshToken || typeof refreshToken !== "string") {
+      res.writeHead(400, { "Content-Type": "text/html; charset=utf-8" });
+      res.end(ERROR_HTML("Missing refresh token. Please try again."));
+      return;
+    }
+
+    // Success — respond first, then resolve
+    res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+    res.end(SUCCESS_HTML);
+
+    resolveToken({
+      token,
+      refreshToken,
+      state: receivedState,
+      username,
+      avatarUrl: avatarUrl,
+    });
+    server.close();
+  });
+
+  return { server, waitForToken };
+}
+
+module.exports = { startCallbackServer };

package/src/internal/manifest.js

@@ -0,0 +1,189 @@
+const fs = require("fs");
+const path = require("path");
+const { execSync } = require("child_process");
+
+const MANIFEST_FILENAME = ".orderly-manifest.json";
+
+/**
+ * 从 git remote 获取 repoUrl
+ */
+function getRepoUrl() {
+  try {
+    // Use execSync with git command - safer approach
+    const remoteUrl = execSync("git remote get-url origin", {
+      encoding: "utf-8",
+      stdio: ["pipe", "pipe", "pipe"],
+      windowsHide: true,
+    }).trim();
+
+    // Convert git@github.com:user/repo.git to https://github.com/user/repo
+    if (remoteUrl.startsWith("git@")) {
+      return remoteUrl
+        .replace("git@", "")
+        .replace(":", "/")
+        .replace(".git", "");
+    }
+
+    // Remove .git suffix if present
+    return remoteUrl.replace(/\.git$/, "");
+  } catch (e) {
+    return null;
+  }
+}
+
+/**
+ * 从 package.json 读取 npmName
+ */
+function getNpmName(packageJsonPath) {
+  try {
+    const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf-8"));
+    return packageJson.name || null;
+  } catch (e) {
+    return null;
+  }
+}
+
+/**
+ * 生成 manifest 文件
+ * @param {string} pluginDir - 插件目录
+ * @param {Object} pluginInfo - 插件信息 (pluginId, tags, storybookUrl 等)
+ */
+function generateManifest(pluginDir, pluginInfo = {}) {
+  const packageJsonPath = path.join(pluginDir, "package.json");
+
+  if (!fs.existsSync(packageJsonPath)) {
+    throw new Error("package.json not found in plugin directory");
+  }
+
+  const manifest = {
+    npmName: getNpmName(packageJsonPath),
+    pluginId: pluginInfo.pluginId || null,
+    repoUrl: pluginInfo.repoUrl || getRepoUrl() || null,
+    tags: pluginInfo.tags || [],
+    storybookUrl: pluginInfo.storybookUrl || null,
+    storybookTooltip: pluginInfo.storybookTooltip || null,
+    usagePrompt: pluginInfo.usagePrompt || null,
+    createdAt: new Date().toISOString(),
+    updatedAt: new Date().toISOString(),
+  };
+
+  const manifestPath = path.join(pluginDir, MANIFEST_FILENAME);
+  fs.writeFileSync(manifestPath, JSON.stringify(manifest, null, 2));
+
+  return manifest;
+}
+
+/**
+ * 读取 manifest 文件
+ * @param {string} pluginDir - 插件目录
+ * @returns {Object|null} manifest 对象，如果不存在则返回 null
+ */
+function readManifest(pluginDir) {
+  const manifestPath = path.join(pluginDir, MANIFEST_FILENAME);
+
+  if (!fs.existsSync(manifestPath)) {
+    return null;
+  }
+
+  try {
+    return JSON.parse(fs.readFileSync(manifestPath, "utf-8"));
+  } catch (e) {
+    console.warn(
+      `Warning: Failed to parse ${MANIFEST_FILENAME}: ${e.message}. Ignoring corrupted manifest.`,
+    );
+    return null;
+  }
+}
+
+/**
+ * Resolve plugin metadata for submit: use `.orderly-manifest.json` when present,
+ * otherwise derive from `package.json` and git (manual plugins may skip the manifest).
+ * @param {string} pluginDir - Plugin root directory
+ * @returns {Object|null} Manifest-shaped object, or null if no manifest and no package.json
+ */
+function resolvePluginManifest(pluginDir) {
+  const fromFile = readManifest(pluginDir);
+  if (fromFile) {
+    return fromFile;
+  }
+
+  const packageJsonPath = path.join(pluginDir, "package.json");
+  if (!fs.existsSync(packageJsonPath)) {
+    return null;
+  }
+
+  return {
+    npmName: getNpmName(packageJsonPath),
+    pluginId: null,
+    repoUrl: getRepoUrl(),
+    tags: [],
+    storybookUrl: null,
+    storybookTooltip: null,
+    usagePrompt: null,
+    coverImages: [],
+  };
+}
+
+/**
+ * 更新 manifest 文件中的字段
+ * @param {string} pluginDir - 插件目录
+ * @param {Object} updates - 要更新的字段
+ */
+function updateManifest(pluginDir, updates) {
+  const manifestPath = path.join(pluginDir, MANIFEST_FILENAME);
+  const manifest = readManifest(pluginDir);
+
+  if (!manifest) {
+    throw new Error(
+      "Manifest file not found. Run 'orderly create plugin' first.",
+    );
+  }
+
+  const updatedManifest = {
+    ...manifest,
+    ...updates,
+    updatedAt: new Date().toISOString(),
+  };
+
+  fs.writeFileSync(manifestPath, JSON.stringify(updatedManifest, null, 2));
+
+  return updatedManifest;
+}
+
+/**
+ * 检查 manifest 是否包含必需的提交字段
+ * @param {string} pluginDir - 插件目录
+ * @returns {{ valid: boolean, missing: string[] }}
+ */
+function validateManifest(pluginDir) {
+  const manifest = readManifest(pluginDir);
+  const missing = [];
+
+  if (!manifest) {
+    return { valid: false, missing: ["manifest file not found"] };
+  }
+
+  if (!manifest.npmName) {
+    missing.push("npmName (from package.json)");
+  }
+
+  if (!manifest.repoUrl) {
+    missing.push("repoUrl (configure git remote or run in git repository)");
+  }
+
+  return {
+    valid: missing.length === 0,
+    missing,
+  };
+}
+
+module.exports = {
+  MANIFEST_FILENAME,
+  getRepoUrl,
+  getNpmName,
+  generateManifest,
+  readManifest,
+  resolvePluginManifest,
+  updateManifest,
+  validateManifest,
+};