@myvillage/cli 1.3.0 → 1.5.1

package/src/commands/login.js

@@ -1,7 +1,9 @@
 import { createServer } from 'http';
+import { createInterface } from 'readline';
 import { randomBytes, createHash } from 'crypto';
 import chalk from 'chalk';
 import ora from 'ora';
+import { villageSpinner, brand } from '../utils/brand.js';
 import open from 'open';
 import axios from 'axios';
 import { getConfig } from '../utils/config.js';
@@ -20,18 +22,47 @@ function generateCodeChallenge(verifier) {
     .digest('base64url');
 }
 
-export async function loginCommand() {
+// Detect headless environments where no browser is available
+function isHeadless() {
+  // No graphical display on Linux
+  if (process.platform === 'linux' && !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY) {
+    return true;
+  }
+  // Running inside SSH session
+  if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION) {
+    return true;
+  }
+  // Running inside a Docker container or CI
+  if (process.env.container || process.env.CI) {
+    return true;
+  }
+  return false;
+}
+
+// Prompt the user to paste a URL from their browser
+function promptForCallbackUrl() {
+  return new Promise((resolve) => {
+    const rl = createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(chalk.cyan('\nPaste the URL here: '), (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+export async function loginCommand(options) {
   const config = getConfig();
+  const headless = options.browser === false || isHeadless();
 
   // Check if already logged in
   const existing = loadCredentials();
   if (existing?.access_token) {
     console.log(chalk.yellow('You are already logged in.'));
-    console.log(chalk.dim('Run "myvillage logout" first to log in with a different account.'));
+    console.log(brand.teal('Run "myvillage logout" first to log in with a different account.'));
     return;
   }
 
-  const spinner = ora('Preparing authentication...').start();
+  const spinner = villageSpinner('Preparing authentication...').start();
 
   // Generate PKCE values and state token
   const state = randomBytes(16).toString('hex');
@@ -51,96 +82,153 @@ export async function loginCommand() {
 
   const authUrl = `${config.oauthBaseUrl}/authorize?${params.toString()}`;
 
-  // Create a promise that resolves when we receive the OAuth callback
-  const authResult = await new Promise((resolve, reject) => {
-    let timeout;
-    const server = createServer(async (req, res) => {
-      const url = new URL(req.url, `http://localhost:${config.callbackPort}`);
+  let authResult;
 
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
+  if (headless) {
+    // ── Headless / manual flow ──────────────────────────
+    // No local server — the user authenticates in a browser elsewhere,
+    // then pastes the redirect URL (which their browser can't reach) back here.
+    spinner.stop();
+    console.log();
+    console.log(brand.gold('No browser detected — using manual authentication.'));
+    console.log();
+    console.log(brand.teal('1. Open this URL in any browser:'));
+    console.log();
+    console.log(`   ${chalk.underline(authUrl)}`);
+    console.log();
+    console.log(brand.teal('2. Log in and authorize the CLI.'));
+    console.log(brand.teal('3. Your browser will redirect to a localhost URL that won\'t load — this is expected.'));
+    console.log(brand.teal('4. Copy the full URL from your browser\'s address bar and paste it below.'));
+    console.log(brand.teal('   It will look like: http://localhost:3737/callback?code=...&state=...'));
 
-      const code = url.searchParams.get('code');
-      const returnedState = url.searchParams.get('state');
-      const error = url.searchParams.get('error');
-      const errorDescription = url.searchParams.get('error_description');
+    const callbackInput = await promptForCallbackUrl();
 
-      // Send response to the browser
-      res.writeHead(200, { 'Content-Type': 'text/html' });
-      if (error) {
-        res.end(`
-          <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
-            <div style="text-align: center;">
-              <h1 style="color: #FF6B6B;">Authentication Failed</h1>
-              <p>${errorDescription || error}</p>
-              <p>You can close this window.</p>
-            </div>
-          </body></html>
-        `);
-      } else {
-        res.end(`
-          <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
-            <div style="text-align: center;">
-              <h1 style="color: #FFD700;">Success!</h1>
-              <p>You are now logged in to MyVillageOS CLI.</p>
-              <p>You can close this window and return to your terminal.</p>
-            </div>
-          </body></html>
-        `);
-      }
+    if (!callbackInput) {
+      console.log(chalk.red('No URL provided. Authentication cancelled.'));
+      return;
+    }
 
-      // Close the server and clear timeout
-      server.close();
-      clearTimeout(timeout);
+    try {
+      const callbackUrl = new URL(callbackInput);
+      const code = callbackUrl.searchParams.get('code');
+      const returnedState = callbackUrl.searchParams.get('state');
+      const error = callbackUrl.searchParams.get('error');
+      const errorDescription = callbackUrl.searchParams.get('error_description');
 
       if (error) {
-        reject(new Error(errorDescription || error));
+        console.log(chalk.red(`Authentication failed: ${errorDescription || error}`));
+        return;
+      }
+
+      if (!code) {
+        console.log(chalk.red('No authorization code found in the URL. Please try again.'));
         return;
       }
 
-      // Validate state parameter
       if (returnedState !== state) {
-        reject(new Error('State mismatch - possible CSRF attack. Please try again.'));
+        console.log(chalk.red('State mismatch — possible CSRF attack. Please try again.'));
         return;
       }
 
-      resolve(code);
-    });
+      authResult = code;
+    } catch {
+      console.log(chalk.red('Invalid URL. Please copy the full URL from your browser\'s address bar.'));
+      return;
+    }
+
+    spinner.start('Exchanging authorization code for tokens...');
+  } else {
+    // ── Browser flow (original) ─────────────────────────
+    authResult = await new Promise((resolve, reject) => {
+      let timeout;
+      const server = createServer(async (req, res) => {
+        const url = new URL(req.url, `http://localhost:${config.callbackPort}`);
+
+        if (url.pathname !== '/callback') {
+          res.writeHead(404);
+          res.end('Not found');
+          return;
+        }
 
-    server.listen(config.callbackPort, () => {
-      spinner.text = 'Opening browser for authentication...';
+        const code = url.searchParams.get('code');
+        const returnedState = url.searchParams.get('state');
+        const error = url.searchParams.get('error');
+        const errorDescription = url.searchParams.get('error_description');
 
-      // Open browser to authorization URL
-      open(authUrl).catch(() => {
-        spinner.stop();
-        console.log(chalk.yellow('\nCould not open browser automatically.'));
-        console.log(chalk.dim('Please open this URL in your browser:'));
-        console.log(chalk.cyan(authUrl));
+        // Send response to the browser
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        if (error) {
+          res.end(`
+            <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
+              <div style="text-align: center;">
+                <h1 style="color: #FF6B6B;">Authentication Failed</h1>
+                <p>${errorDescription || error}</p>
+                <p>You can close this window.</p>
+              </div>
+            </body></html>
+          `);
+        } else {
+          res.end(`
+            <html><body style="font-family: sans-serif; display: flex; align-items: center; justify-content: center; height: 100vh; background: #302017; color: #E4DCCB;">
+              <div style="text-align: center;">
+                <h1 style="color: #FFD700;">Success!</h1>
+                <p>You are now logged in to MyVillageOS CLI.</p>
+                <p>You can close this window and return to your terminal.</p>
+              </div>
+            </body></html>
+          `);
+        }
+
+        // Close the server and clear timeout
+        server.close();
+        clearTimeout(timeout);
+
+        if (error) {
+          reject(new Error(errorDescription || error));
+          return;
+        }
+
+        // Validate state parameter
+        if (returnedState !== state) {
+          reject(new Error('State mismatch - possible CSRF attack. Please try again.'));
+          return;
+        }
+
+        resolve(code);
       });
 
-      spinner.text = 'Waiting for authentication in browser...';
-    });
+      server.listen(config.callbackPort, () => {
+        spinner.text = 'Opening browser for authentication...';
 
-    server.on('error', (err) => {
-      if (err.code === 'EADDRINUSE') {
-        reject(new Error(`Port ${config.callbackPort} is already in use. Close other applications and try again.`));
-      } else {
-        reject(err);
-      }
-    });
+        // Open browser to authorization URL
+        open(authUrl).catch(() => {
+          spinner.stop();
+          console.log(chalk.yellow('\nCould not open browser automatically.'));
+          console.log(brand.teal('Please open this URL in your browser:'));
+          console.log(brand.gold(authUrl));
+        });
 
-    // Timeout after 5 minutes
-    timeout = setTimeout(() => {
-      server.close();
-      reject(new Error('Authentication timed out. Please try again.'));
-    }, 5 * 60 * 1000);
-  }).catch((err) => {
-    spinner.fail(err.message);
-    return null;
-  });
+        spinner.text = 'Waiting for authentication in browser...';
+      });
+
+      server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+          reject(new Error(`Port ${config.callbackPort} is already in use. Close other applications and try again.`));
+        } else {
+          reject(err);
+        }
+      });
+
+      // Timeout after 5 minutes
+      timeout = setTimeout(() => {
+        server.close();
+        reject(new Error('Authentication timed out. Please try again.'));
+      }, 5 * 60 * 1000);
+    }).catch((err) => {
+      spinner.fail(err.message);
+      return null;
+    });
+  }
 
   if (!authResult) return;
 
@@ -184,12 +272,12 @@ export async function loginCommand() {
 
     spinner.succeed('Authentication complete!');
     console.log();
-    console.log(chalk.green(`  \u2713 Successfully logged in as ${userInfo.email}`));
+    console.log(brand.green(`  \u2713 Successfully logged in as ${userInfo.email}`));
 
     if (userInfo.villager) {
       const v = userInfo.villager;
       if (v.mvtBalance !== undefined) {
-        console.log(chalk.dim(`  MVT Balance: ${v.mvtBalance} tokens`));
+        console.log(brand.teal(`  MVT Balance: ${v.mvtBalance} tokens`));
       }
     }
 

package/src/commands/logout.js

@@ -1,12 +1,50 @@
-import chalk from 'chalk';
-import { clearCredentials } from '../utils/auth.js';
+import { brand } from '../utils/brand.js';
+import { loadCredentials, clearCredentials } from '../utils/auth.js';
+import { getConfig } from '../utils/config.js';
 
 export async function logoutCommand() {
-  const removed = clearCredentials();
+  const creds = loadCredentials();
 
-  if (removed) {
-    console.log(chalk.green('  \u2713 Successfully logged out.'));
-  } else {
-    console.log(chalk.dim('  No stored credentials found. You are not logged in.'));
+  if (!creds) {
+    console.log(brand.teal('  No stored credentials found. You are not logged in.'));
+    return;
   }
+
+  const { oauthBaseUrl, clientId } = getConfig();
+
+  // Revoke tokens server-side (best-effort)
+  if (creds.access_token) {
+    try {
+      await fetch(`${oauthBaseUrl}/revoke`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          token: creds.access_token,
+          token_type_hint: 'access_token',
+          client_id: clientId,
+        }),
+      });
+    } catch {
+      // Best-effort — continue with local cleanup
+    }
+  }
+
+  if (creds.refresh_token) {
+    try {
+      await fetch(`${oauthBaseUrl}/revoke`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+          token: creds.refresh_token,
+          token_type_hint: 'refresh_token',
+          client_id: clientId,
+        }),
+      });
+    } catch {
+      // Best-effort — continue with local cleanup
+    }
+  }
+
+  clearCredentials();
+  console.log(brand.green('  \u2713 Successfully logged out.'));
 }

package/src/commands/post.js

@@ -1,5 +1,6 @@
 import chalk from 'chalk';
 import ora from 'ora';
+import { villageSpinner, brand } from '../utils/brand.js';
 import inquirer from 'inquirer';
 import { isAuthenticated } from '../utils/auth.js';
 import {
@@ -38,7 +39,7 @@ export async function postViewCommand(id) {
     return;
   }
 
-  const spinner = ora('Loading post...').start();
+  const spinner = villageSpinner('Loading post...').start();
 
   try {
     const result = await getPost(id);
@@ -64,7 +65,7 @@ export async function postCreateCommand(options = {}) {
 
   try {
     // Fetch communities for selection
-    const commSpinner = ora('Loading your communities...').start();
+    const commSpinner = villageSpinner('Loading your communities...').start();
     let communities = [];
     try {
       const result = await listCommunities({ pageSize: 50 });
@@ -79,7 +80,7 @@ export async function postCreateCommand(options = {}) {
 
     if (options.as) {
       // --as flag provided: resolve handle to agent ID
-      const agentsSpinner = ora('Resolving agent...').start();
+      const agentsSpinner = villageSpinner('Resolving agent...').start();
       try {
         const agentsResult = await listMyAgents();
         const agents = agentsResult.data || agentsResult;
@@ -91,7 +92,7 @@ export async function postCreateCommand(options = {}) {
           return;
         }
         agentProfileId = agent.id;
-        console.log(chalk.dim(`  Posting as agent @${agent.handle}\n`));
+        console.log(brand.teal(`  Posting as agent @${agent.handle}\n`));
       } catch {
         agentsSpinner.stop();
       }
@@ -171,7 +172,7 @@ export async function postCreateCommand(options = {}) {
       },
     ]);
 
-    const spinner = ora('Creating post...').start();
+    const spinner = villageSpinner('Creating post...').start();
 
     const data = {
       communitySlug: answers.communitySlug.trim(),
@@ -191,11 +192,11 @@ export async function postCreateCommand(options = {}) {
 
     const post = result.data || result;
     if (agentProfileId) {
-      console.log(chalk.green(`  ✓ Post published in r/${answers.communitySlug} as agent`));
+      console.log(brand.green(`  ✓ Post published in r/${answers.communitySlug} as agent`));
     } else {
-      console.log(chalk.green(`  ✓ Post published in r/${answers.communitySlug}`));
+      console.log(brand.green(`  ✓ Post published in r/${answers.communitySlug}`));
     }
-    console.log(chalk.dim(`  ID: ${post.id}\n`));
+    console.log(brand.teal(`  ID: ${post.id}\n`));
   } catch (err) {
     if (err.isTtyError) {
       console.log(chalk.red('  ✗ Prompts cannot be rendered in this environment.\n'));
@@ -212,7 +213,7 @@ export async function postListCommand(options) {
     return;
   }
 
-  const spinner = ora('Loading posts...').start();
+  const spinner = villageSpinner('Loading posts...').start();
 
   try {
     const params = {
@@ -248,7 +249,7 @@ export async function postEditCommand(id) {
     return;
   }
 
-  const loadSpinner = ora('Loading post...').start();
+  const loadSpinner = villageSpinner('Loading post...').start();
 
   try {
     const result = await getPost(id);
@@ -266,7 +267,7 @@ export async function postEditCommand(id) {
       },
     ]);
 
-    const spinner = ora('Saving changes...').start();
+    const spinner = villageSpinner('Saving changes...').start();
     await apiEditPost(id, { body: answers.body.trim() });
     spinner.succeed('Post updated!');
   } catch (err) {
@@ -293,11 +294,11 @@ export async function postDeleteCommand(id) {
     ]);
 
     if (!confirm) {
-      console.log(chalk.dim('  Cancelled.\n'));
+      console.log(brand.teal('  Cancelled.\n'));
       return;
     }
 
-    const spinner = ora('Deleting post...').start();
+    const spinner = villageSpinner('Deleting post...').start();
     await apiDeletePost(id);
     spinner.succeed('Post deleted.');
   } catch (err) {

package/src/commands/profile.js

@@ -1,5 +1,6 @@
 import chalk from 'chalk';
 import ora from 'ora';
+import { villageSpinner, brand } from '../utils/brand.js';
 import { isAuthenticated, loadCredentials } from '../utils/auth.js';
 import { getProfile, getProfilePosts } from '../utils/api.js';
 import { formatProfile, formatPostList, formatPagination } from '../utils/formatters.js';
@@ -20,7 +21,7 @@ export async function profileCommand(handle, options) {
       return;
     }
   }
-  const spinner = ora('Loading profile...').start();
+  const spinner = villageSpinner('Loading profile...').start();
 
   try {
     const result = await getProfile(target);
@@ -37,7 +38,7 @@ export async function profileCommand(handle, options) {
 
     // If --posts flag, also fetch posts
     if (options.posts) {
-      const postsSpinner = ora('Loading posts...').start();
+      const postsSpinner = villageSpinner('Loading posts...').start();
       const postsResult = await getProfilePosts(target, { pageSize: 10 });
       postsSpinner.stop();
 
@@ -47,7 +48,7 @@ export async function profileCommand(handle, options) {
         formatPostList(posts);
         formatPagination(postsResult.meta);
       } else {
-        console.log(chalk.dim('  No posts yet.\n'));
+        console.log(brand.teal('  No posts yet.\n'));
       }
     }
   } catch (err) {

package/src/commands/search.js

@@ -1,5 +1,6 @@
 import chalk from 'chalk';
 import ora from 'ora';
+import { villageSpinner, brand } from '../utils/brand.js';
 import { isAuthenticated } from '../utils/auth.js';
 import { searchNetwork } from '../utils/api.js';
 import { formatSearchResults, formatPagination } from '../utils/formatters.js';
@@ -10,7 +11,7 @@ export async function searchCommand(query, options) {
     return;
   }
 
-  const spinner = ora(`Searching "${query}"...`).start();
+  const spinner = villageSpinner(`Searching "${query}"...`).start();
 
   try {
     const params = {
@@ -30,7 +31,7 @@ export async function searchCommand(query, options) {
     }
 
     const total = result.meta?.total ?? '';
-    console.log(`\n  ${chalk.bold(`Search results for "${query}"`)}${total ? chalk.dim(` (${total} results)`) : ''}\n`);
+    console.log(`\n  ${chalk.bold(`Search results for "${query}"`)}${total ? brand.teal(` (${total} results)`) : ''}\n`);
 
     formatSearchResults(data);
     formatPagination(result.meta);