@mterminal/mtx 0.1.0

package/src/commands/keygen.ts

@@ -0,0 +1,29 @@
+import pc from 'picocolors'
+import { registerKey } from '../lib/api'
+import { generateKeyPair } from '../lib/sign'
+import { writeKey } from '../lib/keystore'
+import { loadConfig, updateConfig } from '../lib/config'
+
+export interface KeygenOptions {
+  name?: string
+  setActive?: boolean
+}
+
+export async function keygenCommand(opts: KeygenOptions = {}): Promise<void> {
+  const cfg = await loadConfig()
+  if (!cfg.apiKey) {
+    console.log(pc.red('not logged in. run `mtx login` first.'))
+    process.exit(1)
+  }
+  const { priv, pubB64 } = await generateKeyPair()
+  const res = await registerKey(
+    { endpoint: cfg.endpoint, apiKey: cfg.apiKey },
+    { pubkeyB64: pubB64, name: opts.name },
+  )
+  await writeKey(res.keyId, priv, pubB64)
+  if (opts.setActive !== false) {
+    await updateConfig({ activeKeyId: res.keyId })
+  }
+  console.log(pc.green(`registered key ${res.keyId}`))
+  console.log(`active key: ${res.keyId}`)
+}

package/src/commands/login.ts

@@ -0,0 +1,40 @@
+import pc from 'picocolors'
+import { deviceStart, devicePoll } from '../lib/api'
+import { loadConfig, updateConfig } from '../lib/config'
+
+const sleep = (ms: number) => new Promise((r) => setTimeout(r, ms))
+
+export async function loginCommand(): Promise<void> {
+  const cfg = await loadConfig()
+  console.log(pc.cyan(`endpoint: ${cfg.endpoint}`))
+  const start = await deviceStart({ endpoint: cfg.endpoint })
+  console.log()
+  console.log(`open ${pc.bold(start.verificationUri)} and enter code:`)
+  console.log(pc.bold(pc.yellow(start.userCode)))
+  console.log()
+
+  const deadline = Date.now() + start.expiresIn * 1000
+  let interval = Math.max(start.interval, 2)
+  while (Date.now() < deadline) {
+    await sleep(interval * 1000)
+    const poll = await devicePoll({ endpoint: cfg.endpoint }, start.deviceCode)
+    if (poll.status === 'authorized' && poll.apiKey) {
+      await updateConfig({
+        apiKey: poll.apiKey,
+        authorId: poll.authorId,
+        githubLogin: poll.githubLogin,
+      })
+      console.log(pc.green(`logged in as ${poll.githubLogin} (${poll.authorId})`))
+      return
+    }
+    if (poll.status === 'denied') {
+      console.log(pc.red('access denied'))
+      return
+    }
+    if (poll.status === 'expired') {
+      console.log(pc.red('device flow expired, try again'))
+      return
+    }
+  }
+  console.log(pc.red('timed out waiting for authorization'))
+}

package/src/commands/pack.ts

@@ -0,0 +1,53 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import pc from 'picocolors'
+import { pack } from '../lib/pack'
+import { loadConfig } from '../lib/config'
+import { readPrivKey } from '../lib/keystore'
+
+export interface PackCommandOptions {
+  cwd?: string
+  out?: string
+  build?: boolean
+}
+
+import { spawn } from 'node:child_process'
+
+function runNpmBuild(cwd: string): Promise<void> {
+  return new Promise((resolve, reject) => {
+    const child = spawn('npm', ['run', 'build'], { cwd, stdio: 'inherit' })
+    child.on('exit', (code) => {
+      if (code === 0) resolve()
+      else reject(new Error(`npm run build exited with ${code}`))
+    })
+    child.on('error', reject)
+  })
+}
+
+export async function packCommand(opts: PackCommandOptions = {}): Promise<string> {
+  const cwd = path.resolve(opts.cwd ?? process.cwd())
+  const cfg = await loadConfig()
+  if (!cfg.authorId || !cfg.activeKeyId) {
+    console.log(pc.red('not configured. run `mtx login` and `mtx keygen` first.'))
+    process.exit(1)
+  }
+
+  if (opts.build !== false) {
+    const pkgPath = path.join(cwd, 'package.json')
+    const pkg = JSON.parse(await fs.readFile(pkgPath, 'utf8')) as { scripts?: Record<string, string> }
+    if (pkg.scripts?.build) await runNpmBuild(cwd)
+  }
+
+  const priv = await readPrivKey(cfg.activeKeyId)
+  const result = await pack({
+    cwd,
+    authorId: cfg.authorId,
+    keyId: cfg.activeKeyId,
+    privKey: priv,
+  })
+
+  const out = path.resolve(opts.out ?? `${result.manifestId}-${result.version}.mtx`)
+  await fs.writeFile(out, result.buf)
+  console.log(pc.green(`packed ${result.manifestId}@${result.version} → ${out} (${result.buf.length} bytes)`))
+  return out
+}

package/src/commands/publish.ts

@@ -0,0 +1,49 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import pc from 'picocolors'
+import { loadConfig } from '../lib/config'
+import { publishPackage } from '../lib/api'
+import { packCommand } from './pack'
+
+export interface PublishOptions {
+  file?: string
+  cwd?: string
+  build?: boolean
+}
+
+export async function publishCommand(opts: PublishOptions = {}): Promise<void> {
+  const cfg = await loadConfig()
+  if (!cfg.apiKey) {
+    console.log(pc.red('not logged in. run `mtx login` first.'))
+    process.exit(1)
+  }
+
+  let file: string
+  if (opts.file) {
+    file = path.resolve(opts.file)
+  } else {
+    file = await packCommand({ cwd: opts.cwd, build: opts.build })
+  }
+
+  const buf = new Uint8Array(await fs.readFile(file))
+  console.log(pc.cyan(`uploading ${path.basename(file)} (${buf.length} bytes)...`))
+  const result = await publishPackage(
+    { endpoint: cfg.endpoint, apiKey: cfg.apiKey },
+    buf,
+  )
+  if (result.ok) {
+    console.log(pc.green(`published ${result.id}@${result.version}`))
+    return
+  }
+  console.log(pc.red('publish failed:'))
+  for (const e of result.errors ?? []) {
+    console.log(pc.red(`  [${e.code}]`))
+    for (const issue of e.issues) {
+      const loc = issue.path
+        ? ` (${issue.path}${issue.line ? `:${issue.line}` : ''}${issue.col ? `:${issue.col}` : ''})`
+        : ''
+      console.log(`    - ${issue.message}${loc}`)
+    }
+  }
+  process.exit(1)
+}

package/src/commands/whoami.ts

@@ -0,0 +1,14 @@
+import pc from 'picocolors'
+import { loadConfig } from '../lib/config'
+
+export async function whoamiCommand(): Promise<void> {
+  const cfg = await loadConfig()
+  if (!cfg.apiKey) {
+    console.log(pc.yellow('not logged in'))
+    return
+  }
+  console.log(`author : ${cfg.authorId ?? '(unknown)'}`)
+  console.log(`login  : ${cfg.githubLogin ?? '(unknown)'}`)
+  console.log(`key    : ${cfg.activeKeyId ?? '(none)'}`)
+  console.log(`server : ${cfg.endpoint}`)
+}

package/src/commands/yank.ts

@@ -0,0 +1,13 @@
+import pc from 'picocolors'
+import { loadConfig } from '../lib/config'
+import { yankVersion } from '../lib/api'
+
+export async function yankCommand(id: string, version: string): Promise<void> {
+  const cfg = await loadConfig()
+  if (!cfg.apiKey) {
+    console.log(pc.red('not logged in'))
+    process.exit(1)
+  }
+  await yankVersion({ endpoint: cfg.endpoint, apiKey: cfg.apiKey }, id, version)
+  console.log(pc.green(`yanked ${id}@${version}`))
+}

package/src/index.ts

@@ -0,0 +1,53 @@
+import { cac } from 'cac'
+import { initCommand } from './commands/init'
+import { loginCommand } from './commands/login'
+import { keygenCommand } from './commands/keygen'
+import { packCommand } from './commands/pack'
+import { publishCommand } from './commands/publish'
+import { yankCommand } from './commands/yank'
+import { whoamiCommand } from './commands/whoami'
+
+const VERSION = '0.1.0'
+
+export async function run(argv: string[]): Promise<void> {
+  const cli = cac('mtx')
+
+  cli
+    .command('init [name]', 'scaffold a new extension')
+    .action(async (name?: string) => initCommand(name))
+
+  cli.command('login', 'authenticate via github device flow').action(async () => loginCommand())
+
+  cli
+    .command('keygen', 'generate and register a new ed25519 keypair')
+    .option('--name <name>', 'human-readable name for the key')
+    .action(async (opts: { name?: string }) => keygenCommand({ name: opts.name }))
+
+  cli
+    .command('pack', 'build and bundle the extension into a .mtx file')
+    .option('--out <file>', 'output file path')
+    .option('--no-build', 'skip npm run build')
+    .action(async (opts: { out?: string; build?: boolean }) =>
+      packCommand({ out: opts.out, build: opts.build }),
+    )
+
+  cli
+    .command('publish', 'pack and upload to the marketplace')
+    .option('--file <file>', 'use an existing .mtx file instead of packing')
+    .option('--no-build', 'skip npm run build when packing')
+    .action(async (opts: { file?: string; build?: boolean }) =>
+      publishCommand({ file: opts.file, build: opts.build }),
+    )
+
+  cli
+    .command('yank <id> <version>', 'mark a published version as yanked')
+    .action(async (id: string, version: string) => yankCommand(id, version))
+
+  cli.command('whoami', 'show current login info').action(async () => whoamiCommand())
+
+  cli.help()
+  cli.version(VERSION)
+
+  cli.parse(['node', 'mtx', ...argv], { run: false })
+  await cli.runMatchedCommand()
+}

package/src/lib/api.test.ts

@@ -0,0 +1,138 @@
+import { afterEach, describe, expect, it, vi } from 'vitest'
+import {
+  deviceStart,
+  devicePoll,
+  devAuthorize,
+  registerKey,
+  publishPackage,
+  yankVersion,
+  search,
+} from './api'
+
+afterEach(() => {
+  vi.unstubAllGlobals()
+})
+
+function stubFetch(
+  handler: (url: string, init?: RequestInit) => Response | Promise<Response>,
+): void {
+  const fn = vi.fn(async (input: unknown, init?: RequestInit) => {
+    const url = typeof input === 'string' ? input : String(input)
+    return handler(url, init)
+  })
+  vi.stubGlobal('fetch', fn)
+}
+
+function jsonResponse(body: unknown, status = 200): Response {
+  return new Response(JSON.stringify(body), {
+    status,
+    headers: { 'content-type': 'application/json' },
+  })
+}
+
+describe('api', () => {
+  it('deviceStart hits /v1/auth/device/start', async () => {
+    stubFetch((url) => {
+      expect(url).toBe('https://api.example.com/v1/auth/device/start')
+      return jsonResponse({
+        deviceCode: 'd',
+        userCode: 'u',
+        verificationUri: 'https://x',
+        expiresIn: 300,
+        interval: 5,
+      })
+    })
+    const r = await deviceStart({ endpoint: 'https://api.example.com' })
+    expect(r.deviceCode).toBe('d')
+  })
+
+  it('devicePoll posts deviceCode body', async () => {
+    stubFetch((url, init) => {
+      expect(url).toBe('https://api.example.com/v1/auth/device/poll')
+      expect(JSON.parse(String(init?.body))).toEqual({ deviceCode: 'd' })
+      return jsonResponse({ status: 'authorized', apiKey: 'mtx_x', authorId: 'gh-1' })
+    })
+    const r = await devicePoll({ endpoint: 'https://api.example.com' }, 'd')
+    expect(r.apiKey).toBe('mtx_x')
+  })
+
+  it('devAuthorize sends deviceCode + githubLogin', async () => {
+    stubFetch((url, init) => {
+      expect(url).toBe('https://api.example.com/v1/auth/device/dev-authorize')
+      expect(JSON.parse(String(init?.body))).toEqual({
+        deviceCode: 'd',
+        githubLogin: 'me',
+      })
+      return jsonResponse({ ok: true })
+    })
+    await devAuthorize({ endpoint: 'https://api.example.com' }, 'd', 'me')
+  })
+
+  it('registerKey requires apiKey and posts pubkey', async () => {
+    await expect(
+      registerKey({ endpoint: 'https://x' }, { pubkeyB64: 'aaa' }),
+    ).rejects.toThrow(/apiKey/)
+    stubFetch((_, init) => {
+      const auth = (init?.headers as Record<string, string>).authorization
+      expect(auth).toBe('Bearer mtx_xx')
+      return jsonResponse({ keyId: 'gh-1:key1' })
+    })
+    const r = await registerKey(
+      { endpoint: 'https://x', apiKey: 'mtx_xx' },
+      { pubkeyB64: 'aaa' },
+    )
+    expect(r.keyId).toBe('gh-1:key1')
+  })
+
+  it('publishPackage uploads multipart and returns PublishResult', async () => {
+    stubFetch(async (url, init) => {
+      expect(url).toBe('https://x/v1/publish')
+      expect(init?.body).toBeInstanceOf(FormData)
+      return jsonResponse({ ok: true, id: 'demo', version: '1.0.0' })
+    })
+    const r = await publishPackage(
+      { endpoint: 'https://x', apiKey: 'mtx_yy' },
+      new Uint8Array([1, 2, 3]),
+    )
+    expect(r.ok).toBe(true)
+    expect(r.id).toBe('demo')
+  })
+
+  it('publishPackage returns policy errors as-is', async () => {
+    stubFetch(() =>
+      jsonResponse(
+        { ok: false, errors: [{ code: 'manifest', issues: [{ message: 'bad' }] }] },
+        400,
+      ),
+    )
+    const r = await publishPackage(
+      { endpoint: 'https://x', apiKey: 'mtx_yy' },
+      new Uint8Array([1]),
+    )
+    expect(r.ok).toBe(false)
+    expect(r.errors?.[0]?.code).toBe('manifest')
+  })
+
+  it('yankVersion calls the right path', async () => {
+    stubFetch((url) => {
+      expect(url).toBe('https://x/v1/extensions/foo/yank/1.0.0')
+      return jsonResponse({ ok: true })
+    })
+    await yankVersion({ endpoint: 'https://x', apiKey: 'mtx_z' }, 'foo', '1.0.0')
+  })
+
+  it('search appends query params', async () => {
+    stubFetch((url) => {
+      expect(url).toBe('https://x/v1/extensions?q=foo&category=ai')
+      return jsonResponse({ items: [], total: 0, page: 0, pageSize: 20 })
+    })
+    await search({ endpoint: 'https://x' }, { q: 'foo', category: 'ai' })
+  })
+
+  it('throws on non-2xx with error field', async () => {
+    stubFetch(() => jsonResponse({ error: 'not found' }, 404))
+    await expect(
+      search({ endpoint: 'https://x' }, { q: 'foo' }),
+    ).rejects.toThrow(/HTTP 404/)
+  })
+})

package/src/lib/api.ts

@@ -0,0 +1,118 @@
+import type {
+  DeviceFlowPollResult,
+  DeviceFlowStartResult,
+  KeyRegisterRequest,
+  KeyRegisterResponse,
+  PublishResult,
+  SearchResult,
+} from '@mterminal/marketplace-types'
+
+export interface ApiOptions {
+  endpoint: string
+  apiKey?: string
+}
+
+async function expectJson<T>(res: Response): Promise<T> {
+  const text = await res.text()
+  let json: unknown
+  try {
+    json = JSON.parse(text)
+  } catch {
+    throw new Error(`expected json response, got: ${text.slice(0, 200)}`)
+  }
+  if (!res.ok) {
+    const body = json as { error?: string; errors?: unknown }
+    throw new Error(`HTTP ${res.status}: ${body.error ?? JSON.stringify(json)}`)
+  }
+  return json as T
+}
+
+export async function deviceStart(opts: ApiOptions): Promise<DeviceFlowStartResult> {
+  const r = await fetch(`${opts.endpoint}/v1/auth/device/start`, { method: 'POST' })
+  return expectJson<DeviceFlowStartResult>(r)
+}
+
+export async function devicePoll(
+  opts: ApiOptions,
+  deviceCode: string,
+): Promise<DeviceFlowPollResult> {
+  const r = await fetch(`${opts.endpoint}/v1/auth/device/poll`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ deviceCode }),
+  })
+  return expectJson<DeviceFlowPollResult>(r)
+}
+
+export async function devAuthorize(
+  opts: ApiOptions,
+  deviceCode: string,
+  githubLogin: string,
+): Promise<void> {
+  const r = await fetch(`${opts.endpoint}/v1/auth/device/dev-authorize`, {
+    method: 'POST',
+    headers: { 'content-type': 'application/json' },
+    body: JSON.stringify({ deviceCode, githubLogin }),
+  })
+  await expectJson<{ ok: boolean }>(r)
+}
+
+export async function registerKey(
+  opts: ApiOptions,
+  body: KeyRegisterRequest,
+): Promise<KeyRegisterResponse> {
+  if (!opts.apiKey) throw new Error('apiKey required')
+  const r = await fetch(`${opts.endpoint}/v1/keys`, {
+    method: 'POST',
+    headers: {
+      'content-type': 'application/json',
+      authorization: `Bearer ${opts.apiKey}`,
+    },
+    body: JSON.stringify(body),
+  })
+  return expectJson<KeyRegisterResponse>(r)
+}
+
+export async function publishPackage(
+  opts: ApiOptions,
+  data: Uint8Array,
+): Promise<PublishResult> {
+  if (!opts.apiKey) throw new Error('apiKey required')
+  const fd = new FormData()
+  fd.append('package', new Blob([data], { type: 'application/zip' }), 'package.mtx')
+  const r = await fetch(`${opts.endpoint}/v1/publish`, {
+    method: 'POST',
+    headers: { authorization: `Bearer ${opts.apiKey}` },
+    body: fd,
+  })
+  const text = await r.text()
+  let json: unknown
+  try {
+    json = JSON.parse(text)
+  } catch {
+    throw new Error(`unexpected response: ${text.slice(0, 200)}`)
+  }
+  return json as PublishResult
+}
+
+export async function yankVersion(
+  opts: ApiOptions,
+  id: string,
+  version: string,
+): Promise<void> {
+  if (!opts.apiKey) throw new Error('apiKey required')
+  const r = await fetch(`${opts.endpoint}/v1/extensions/${id}/yank/${version}`, {
+    method: 'POST',
+    headers: { authorization: `Bearer ${opts.apiKey}` },
+  })
+  await expectJson<{ ok: boolean }>(r)
+}
+
+export async function search(
+  opts: ApiOptions,
+  query: Record<string, string>,
+): Promise<SearchResult> {
+  const qs = new URLSearchParams(query).toString()
+  const r = await fetch(`${opts.endpoint}/v1/extensions?${qs}`)
+  return expectJson<SearchResult>(r)
+}

package/src/lib/config.test.ts

@@ -0,0 +1,41 @@
+import { afterEach, beforeEach, describe, expect, it } from 'vitest'
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import os from 'node:os'
+
+describe('config', () => {
+  let tmpDir: string
+
+  beforeEach(async () => {
+    tmpDir = await fs.mkdtemp(path.join(os.tmpdir(), 'mtx-test-'))
+    process.env.MTX_HOME = tmpDir
+  })
+
+  afterEach(async () => {
+    delete process.env.MTX_HOME
+    await fs.rm(tmpDir, { recursive: true, force: true })
+  })
+
+  it('returns defaults when no config file exists', async () => {
+    const { loadConfig } = await import('./config')
+    const cfg = await loadConfig()
+    expect(cfg.endpoint).toBeTruthy()
+    expect(cfg.apiKey).toBeUndefined()
+  })
+
+  it('persists and reloads', async () => {
+    const { loadConfig, updateConfig } = await import('./config')
+    await updateConfig({ apiKey: 'mtx_test', authorId: 'gh-1', githubLogin: 'me' })
+    const cfg = await loadConfig()
+    expect(cfg.apiKey).toBe('mtx_test')
+    expect(cfg.authorId).toBe('gh-1')
+  })
+
+  it('writes config with mode 0600', async () => {
+    const { updateConfig, configPath } = await import('./config')
+    await updateConfig({ apiKey: 'mtx_test' })
+    const stat = await fs.stat(configPath())
+    const mode = stat.mode & 0o777
+    expect(mode).toBe(0o600)
+  })
+})

package/src/lib/config.ts

@@ -0,0 +1,54 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import os from 'node:os'
+
+export interface MtxConfig {
+  endpoint: string
+  authorId?: string
+  apiKey?: string
+  githubLogin?: string
+  activeKeyId?: string
+}
+
+export function configDir(): string {
+  return process.env.MTX_HOME ?? path.join(os.homedir(), '.mtx')
+}
+
+export function configPath(): string {
+  return path.join(configDir(), 'config.json')
+}
+
+export function defaultEndpoint(): string {
+  return process.env.MTX_ENDPOINT ?? 'https://marketplace.mterminal.dev'
+}
+
+export async function loadConfig(): Promise<MtxConfig> {
+  const file = configPath()
+  try {
+    const raw = await fs.readFile(file, 'utf8')
+    const parsed = JSON.parse(raw) as Partial<MtxConfig>
+    return {
+      endpoint: parsed.endpoint ?? defaultEndpoint(),
+      authorId: parsed.authorId,
+      apiKey: parsed.apiKey,
+      githubLogin: parsed.githubLogin,
+      activeKeyId: parsed.activeKeyId,
+    }
+  } catch {
+    return { endpoint: defaultEndpoint() }
+  }
+}
+
+export async function saveConfig(cfg: MtxConfig): Promise<void> {
+  const dir = configDir()
+  await fs.mkdir(dir, { recursive: true, mode: 0o700 })
+  const file = configPath()
+  await fs.writeFile(file, JSON.stringify(cfg, null, 2), { mode: 0o600 })
+}
+
+export async function updateConfig(patch: Partial<MtxConfig>): Promise<MtxConfig> {
+  const cfg = await loadConfig()
+  const next: MtxConfig = { ...cfg, ...patch }
+  await saveConfig(next)
+  return next
+}

package/src/lib/keystore.ts

@@ -0,0 +1,46 @@
+import fs from 'node:fs/promises'
+import path from 'node:path'
+import { configDir } from './config'
+
+export function keysDir(): string {
+  return path.join(configDir(), 'keys')
+}
+
+export interface KeyPaths {
+  privPath: string
+  pubPath: string
+}
+
+export function keyPaths(keyId: string): KeyPaths {
+  const safe = keyId.replace(/[^a-zA-Z0-9_:.-]/g, '_')
+  return {
+    privPath: path.join(keysDir(), `${safe}.priv`),
+    pubPath: path.join(keysDir(), `${safe}.pub`),
+  }
+}
+
+export async function writeKey(
+  keyId: string,
+  priv: Uint8Array,
+  pubB64: string,
+): Promise<KeyPaths> {
+  const dir = keysDir()
+  await fs.mkdir(dir, { recursive: true, mode: 0o700 })
+  const paths = keyPaths(keyId)
+  await fs.writeFile(paths.privPath, Buffer.from(priv).toString('base64'), {
+    mode: 0o600,
+  })
+  await fs.writeFile(paths.pubPath, pubB64, { mode: 0o600 })
+  return paths
+}
+
+export async function readPrivKey(keyId: string): Promise<Uint8Array> {
+  const { privPath } = keyPaths(keyId)
+  const raw = await fs.readFile(privPath, 'utf8')
+  return new Uint8Array(Buffer.from(raw.trim(), 'base64'))
+}
+
+export async function readPubKeyB64(keyId: string): Promise<string> {
+  const { pubPath } = keyPaths(keyId)
+  return (await fs.readFile(pubPath, 'utf8')).trim()
+}