@nairon-ai/aegis 0.2.0

package/src/cli/commands/deploy.ts

@@ -0,0 +1,106 @@
+import { execFileSync, spawnSync } from "node:child_process";
+import { resolve } from "node:path";
+import { defineCommand } from "citty";
+import { consola } from "consola";
+import { findPackageRoot } from "../paths.js";
+import { loadConfig, saveConfig } from "../state.js";
+
+export const deployCommand = defineCommand({
+	meta: { name: "deploy", description: "Build and deploy the Aegis Worker" },
+	async run() {
+		await runDeploy();
+	},
+});
+
+export async function runDeploy(): Promise<void> {
+	const packageRoot = findPackageRoot(import.meta.url);
+	const config = loadConfig();
+	const flueBin = resolve(packageRoot, "node_modules/.bin/flue");
+	const wranglerBin = resolve(packageRoot, "node_modules/.bin/wrangler");
+
+	consola.start("Building Flue Worker...");
+	execFileSync(flueBin, ["build", "--target", "cloudflare"], {
+		cwd: packageRoot,
+		stdio: "inherit",
+	});
+
+	pushSecrets(toSecrets(config), packageRoot, wranglerBin);
+
+	consola.start("Deploying with Wrangler...");
+	const output = execFileSync(
+		wranglerBin,
+		["deploy", "--config", resolve(packageRoot, "dist/wrangler.jsonc")],
+		{
+			cwd: packageRoot,
+			stdio: "pipe",
+			encoding: "utf-8",
+		},
+	);
+	consola.log(output);
+	const match = output.match(/https:\/\/[^\s]+\.workers\.dev/);
+	if (match) {
+		config.workerUrl = match[0];
+		saveConfig(config);
+		pushSecrets({ AEGIS_WORKER_URL: match[0] }, packageRoot, wranglerBin);
+		consola.success(`Saved Worker URL: ${match[0]}`);
+	} else {
+		consola.success("Deploy complete.");
+	}
+}
+
+function pushSecrets(
+	secrets: Record<string, string | undefined>,
+	packageRoot: string,
+	wranglerBin: string,
+): void {
+	consola.start("Pushing Cloudflare secrets...");
+	const wranglerConfig = resolve(packageRoot, "wrangler.jsonc");
+	for (const [key, value] of Object.entries(secrets)) {
+		if (!value) continue;
+		const result = spawnSync(wranglerBin, ["secret", "put", key, "--config", wranglerConfig], {
+			cwd: packageRoot,
+			input: value,
+			stdio: ["pipe", "pipe", "pipe"],
+			encoding: "utf-8",
+		});
+		if (result.status !== 0) {
+			throw new Error(`Failed to set ${key}: ${result.stderr || result.stdout}`);
+		}
+	}
+	consola.success("Secrets pushed");
+}
+
+function toSecrets(config: ReturnType<typeof loadConfig>): Record<string, string | undefined> {
+	return {
+		AEGIS_WORKER_URL: config.workerUrl,
+		MONITORED_REPO: config.monitoredRepo,
+		BASE_BRANCH: config.baseBranch,
+		AUTOMATION_MODE: config.automationMode,
+		CONTEXT_PROFILE: config.contextProfile,
+		READY_LABEL: config.readyLabel,
+		BUG_LABEL: config.bugLabel,
+		GITHUB_APP_ID: config.githubAppId,
+		GITHUB_APP_PRIVATE_KEY: config.githubAppPrivateKey,
+		GITHUB_INSTALLATION_ID: config.githubInstallationId,
+		GITHUB_WEBHOOK_SECRET: config.githubWebhookSecret,
+		GITHUB_TOKEN: config.githubToken,
+		LINEAR_API_KEY: config.linearApiKey,
+		LINEAR_WEBHOOK_SECRET: config.linearWebhookSecret,
+		LINEAR_TEAM_ID: config.linearTeamId,
+		LINEAR_PROJECT_ID: config.linearProjectId,
+		LINEAR_READY_STATUS: config.linearReadyStatus,
+		LINEAR_IN_PROGRESS_STATUS: config.linearInProgressStatus,
+		LINEAR_NEEDS_INFO_STATUS: config.linearNeedsInfoStatus,
+		LINEAR_BLOCKED_STATUS: config.linearBlockedStatus,
+		LINEAR_BUG_LABEL: config.linearBugLabel,
+		TELEGRAM_BOT_TOKEN: config.telegramBotToken,
+		TELEGRAM_CHAT_ID: config.telegramChatId,
+		TELEGRAM_WEBHOOK_SECRET: config.telegramWebhookSecret,
+		DATABASE_URL: config.databaseUrl,
+		VERCEL_TOKEN: config.vercelToken,
+		VERCEL_PROJECT_ID: config.vercelProjectId,
+		VERCEL_TEAM_ID: config.vercelTeamId,
+		AGENT_MODEL: config.agentModel,
+		OPENAI_API_KEY: config.openaiApiKey,
+	};
+}

package/src/cli/commands/init.ts

@@ -0,0 +1,119 @@
+import { existsSync, mkdirSync, writeFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { defineCommand } from "citty";
+import { consola } from "consola";
+import { PROJECT_AEGIS_DIR } from "../paths.js";
+
+const ENV_EXAMPLE = `# Required
+MONITORED_REPO=KeyLead-Team/keylead
+BASE_BRANCH=main
+AGENT_MODEL=openai/gpt-5.1
+OPENAI_API_KEY=sk-...
+
+# Labels / automation
+READY_LABEL=ready to implement
+BUG_LABEL=bug
+AUTOMATION_MODE=plan-first
+CONTEXT_PROFILE=minimal
+MAX_CONCURRENT_RUNS=1
+
+# GitHub auth: use either GitHub App fields or GITHUB_TOKEN
+GITHUB_APP_ID=
+GITHUB_APP_PRIVATE_KEY=
+GITHUB_INSTALLATION_ID=
+GITHUB_WEBHOOK_SECRET=
+GITHUB_TOKEN=
+
+# Linear optional
+LINEAR_API_KEY=
+LINEAR_WEBHOOK_SECRET=
+LINEAR_TEAM_ID=
+LINEAR_PROJECT_ID=
+LINEAR_READY_STATUS=Ready to Implement
+LINEAR_IN_PROGRESS_STATUS=In Progress
+LINEAR_NEEDS_INFO_STATUS=Needs Info
+LINEAR_BLOCKED_STATUS=Blocked
+LINEAR_BUG_LABEL=bug
+
+# Telegram optional
+TELEGRAM_BOT_TOKEN=
+TELEGRAM_CHAT_ID=
+TELEGRAM_WEBHOOK_SECRET=
+
+# Production context optional. Prefer read-only DB access.
+DATABASE_URL=
+VERCEL_TOKEN=
+VERCEL_PROJECT_ID=
+VERCEL_TEAM_ID=
+
+# Filled by aegis deploy
+AEGIS_WORKER_URL=
+`;
+
+const README = `# Aegis
+
+This directory configures Aegis for this repository.
+
+## First Run
+
+\`\`\`bash
+npx @nairon-ai/aegis setup
+npx @nairon-ai/aegis pickup --dry-run
+npx @nairon-ai/aegis deploy
+\`\`\`
+
+For the first test, use:
+
+- \`AUTOMATION_MODE=plan-first\`
+- \`CONTEXT_PROFILE=minimal\`
+- \`MAX_CONCURRENT_RUNS=1\`
+
+Create these labels in GitHub:
+
+- \`bug\`
+- \`ready to implement\`
+
+Then create a tiny test bug issue with both labels.
+
+## Webhook URLs
+
+After deploy, add these webhooks where needed:
+
+\`\`\`text
+GitHub:  https://YOUR_WORKER.workers.dev/webhook/github
+Linear:  https://YOUR_WORKER.workers.dev/webhook/linear
+Telegram: https://YOUR_WORKER.workers.dev/webhook/telegram
+\`\`\`
+
+Keep \`.aegis/.env\` out of git.
+`;
+
+export const initCommand = defineCommand({
+	meta: { name: "init", description: "Scaffold .aegis config in this repo" },
+	async run() {
+		runInit();
+	},
+});
+
+export function runInit(): void {
+	mkdirSync(PROJECT_AEGIS_DIR, { recursive: true });
+	writeIfMissing(resolve(PROJECT_AEGIS_DIR, ".gitignore"), ".env\nlogs/\n");
+	writeIfMissing(resolve(PROJECT_AEGIS_DIR, ".env.example"), ENV_EXAMPLE);
+	writeIfMissing(resolve(PROJECT_AEGIS_DIR, "README.md"), README);
+	consola.success("Created .aegis/");
+	consola.log("\nNext:");
+	consola.log("  1. npx @nairon-ai/aegis setup");
+	consola.log("  2. create GitHub labels: bug, ready to implement");
+	consola.log("  3. create a tiny test bug issue");
+	consola.log("  4. npx @nairon-ai/aegis pickup --dry-run");
+	consola.log("  5. npx @nairon-ai/aegis deploy");
+	consola.log("");
+}
+
+function writeIfMissing(path: string, contents: string): void {
+	if (existsSync(path)) {
+		consola.info(`Skipped existing ${path}`);
+		return;
+	}
+	writeFileSync(path, contents);
+}

package/src/cli/commands/pickup.ts

@@ -0,0 +1,44 @@
+import { defineCommand } from "citty";
+import { consola } from "consola";
+import { scanReadyBugs } from "../../core/pickup.js";
+import { configFromCli } from "../../shared/config.js";
+import { formatReadyDecisionLine } from "../../shared/format.js";
+import { loadConfig } from "../state.js";
+
+export const pickupCommand = defineCommand({
+	meta: {
+		name: "pickup",
+		description: "Find GitHub/Linear bugs Aegis would pick up",
+	},
+	args: {
+		"dry-run": {
+			type: "boolean",
+			description: "Only report decisions; do not claim",
+			default: true,
+		},
+	},
+	async run({ args }) {
+		await runPickup({ dryRun: args.dryRun !== false });
+	},
+});
+
+export async function runPickup(_options: { dryRun: boolean }): Promise<void> {
+	const config = configFromCli(loadConfig());
+	if (!config.monitoredRepo) {
+		consola.error("MONITORED_REPO is missing. Run `aegis setup` first.");
+		return;
+	}
+	consola.start("Scanning ready bugs...\n");
+	const decisions = await scanReadyBugs(config);
+	if (!decisions.length) {
+		consola.info("No ready bugs found.");
+		return;
+	}
+	for (const decision of decisions) {
+		consola.log(`  ${formatReadyDecisionLine(decision.item, decision.decision)}`);
+		consola.log(`    ${decision.item.title}`);
+		consola.log(`    ${decision.item.url}`);
+	}
+	consola.log("");
+	consola.info("Dry run only. Deployed worker claims bugs on schedule or via POST /api/pickup.");
+}

package/src/cli/commands/setup.ts

@@ -0,0 +1,217 @@
+import { existsSync, readFileSync } from "node:fs";
+import { resolve } from "node:path";
+import { defineCommand } from "citty";
+import { consola } from "consola";
+import type { AegisCliConfig } from "../../shared/types.js";
+import { resolveEnvFileForWrite } from "../paths.js";
+import { detectSetupState, printState, saveConfig } from "../state.js";
+
+export const setupCommand = defineCommand({
+	meta: { name: "setup", description: "Configure Aegis for a repo" },
+	async run() {
+		await runSetupWizard();
+	},
+});
+
+export async function runSetupWizard(): Promise<void> {
+	consola.log("\n  Aegis - AFK bug-fixing agent\n");
+	const state = detectSetupState();
+	printState(state);
+	const config = state.config;
+
+	await setupRepo(config);
+	await setupGitHub(config);
+	await setupLinear(config);
+	await setupAutomation(config);
+	await setupProductionContext(config);
+	await setupTelegram(config);
+	await setupWorker(config);
+
+	saveConfig(config);
+	consola.success(`Saved ${resolveEnvFileForWrite()}`);
+	consola.log("\nNext:");
+	consola.log("  1. Create labels in the monitored repo: bug, ready to implement");
+	consola.log("  2. Create a test GitHub issue with both labels");
+	consola.log("  3. npx @nairon-ai/aegis pickup --dry-run");
+	consola.log("  4. npx @nairon-ai/aegis deploy");
+	consola.log("  5. Add GitHub/Linear/Telegram webhook URLs after deploy");
+	consola.log("");
+}
+
+async function setupRepo(config: AegisCliConfig): Promise<void> {
+	config.monitoredRepo = await promptText(
+		"GitHub repo to monitor (owner/repo):",
+		config.monitoredRepo,
+	);
+	config.baseBranch = await promptText("Base branch:", config.baseBranch ?? "main");
+}
+
+async function setupGitHub(config: AegisCliConfig): Promise<void> {
+	consola.log("\nGitHub access");
+	consola.info(
+		"For the first test, a fine-grained token is fastest. For shared/team use, use a GitHub App.",
+	);
+	const method = (await consola.prompt("Auth method:", {
+		type: "select",
+		options: [
+			{ label: "GitHub App (recommended)", value: "app" },
+			{ label: "GitHub token (simpler local testing)", value: "token" },
+		],
+	})) as string;
+
+	if (method === "token") {
+		config.githubToken = await promptText(
+			"GitHub token with contents/issues/PR read-write access:",
+			config.githubToken,
+		);
+	} else {
+		config.githubAppId = await promptText("GitHub App ID:", config.githubAppId);
+		const keyPath = await promptText("Path to GitHub App private key .pem:", undefined);
+		if (keyPath) {
+			const resolved = resolve(keyPath.replace(/^~/, process.env.HOME ?? "~"));
+			if (existsSync(resolved)) {
+				config.githubAppPrivateKey = Buffer.from(readFileSync(resolved, "utf-8")).toString(
+					"base64",
+				);
+				consola.success("Loaded private key");
+			} else {
+				consola.warn(`File not found: ${resolved}`);
+			}
+		}
+		if (!config.githubAppPrivateKey) {
+			config.githubAppPrivateKey = Buffer.from(
+				await promptText("Paste GitHub App private key PEM:", config.githubAppPrivateKey),
+			).toString("base64");
+		}
+		config.githubInstallationId = await promptText(
+			"GitHub App installation ID:",
+			config.githubInstallationId,
+		);
+	}
+
+	const generateSecret = (await consola.prompt("Generate a GitHub webhook secret?", {
+		type: "confirm",
+		initial: !config.githubWebhookSecret,
+	})) as boolean;
+	config.githubWebhookSecret = generateSecret
+		? crypto.randomUUID()
+		: await promptText("GitHub webhook secret:", config.githubWebhookSecret);
+	if (config.githubWebhookSecret) {
+		consola.info("Use this same value when you add the GitHub App or repo webhook.");
+	}
+}
+
+async function setupLinear(config: AegisCliConfig): Promise<void> {
+	const enable = (await consola.prompt("Connect Linear too?", {
+		type: "confirm",
+		initial: Boolean(config.linearApiKey),
+	})) as boolean;
+	if (!enable) return;
+
+	config.linearApiKey = await promptText("Linear API key:", config.linearApiKey);
+	const generateSecret = (await consola.prompt("Generate a Linear webhook signing secret?", {
+		type: "confirm",
+		initial: !config.linearWebhookSecret,
+	})) as boolean;
+	config.linearWebhookSecret = generateSecret
+		? crypto.randomUUID()
+		: await promptText("Linear webhook signing secret:", config.linearWebhookSecret);
+	config.linearTeamId = await promptText("Linear team ID:", config.linearTeamId);
+	config.linearProjectId = await promptText(
+		"Linear project ID (optional):",
+		config.linearProjectId,
+	);
+	config.linearReadyStatus = await promptText(
+		"Linear ready status name:",
+		config.linearReadyStatus ?? "Ready to Implement",
+	);
+	config.linearInProgressStatus = await promptText(
+		"Linear in-progress status name:",
+		config.linearInProgressStatus ?? "In Progress",
+	);
+	config.linearNeedsInfoStatus = await promptText(
+		"Linear needs-info status name:",
+		config.linearNeedsInfoStatus ?? "Needs Info",
+	);
+	config.linearBlockedStatus = await promptText(
+		"Linear blocked status name:",
+		config.linearBlockedStatus ?? "Blocked",
+	);
+	config.linearBugLabel = await promptText("Linear bug label:", config.linearBugLabel ?? "bug");
+}
+
+async function setupAutomation(config: AegisCliConfig): Promise<void> {
+	config.readyLabel = await promptText(
+		"GitHub ready label:",
+		config.readyLabel ?? "ready to implement",
+	);
+	config.bugLabel = await promptText("GitHub bug label:", config.bugLabel ?? "bug");
+	config.automationMode = (await consola.prompt("Automation mode:", {
+		type: "select",
+		options: [
+			{ label: "Plan first, ask approval before patching", value: "plan-first" },
+			{ label: "Auto-implement only bugs labeled low-risk", value: "auto-low-risk" },
+		],
+		initial: config.automationMode ?? "plan-first",
+	})) as AegisCliConfig["automationMode"];
+	config.agentModel = await promptText("Flue model:", config.agentModel ?? "openai/gpt-5.1");
+	config.openaiApiKey = await promptText(
+		"OpenAI API key (if using an OpenAI model):",
+		config.openaiApiKey,
+	);
+}
+
+async function setupProductionContext(config: AegisCliConfig): Promise<void> {
+	const profile = (await consola.prompt("Context profile:", {
+		type: "select",
+		options: [
+			{ label: "Minimal: issue + repo", value: "minimal" },
+			{ label: "Production: add read-only DB and Vercel logs", value: "production" },
+		],
+		initial: config.contextProfile ?? "minimal",
+	})) as AegisCliConfig["contextProfile"];
+	config.contextProfile = profile;
+	if (profile !== "production") return;
+
+	consola.warn("Use a read-only DB user or replica. Do not give Aegis write access.");
+	config.databaseUrl = await promptText("Read-only DATABASE_URL (optional):", config.databaseUrl);
+	config.vercelToken = await promptText("Vercel API token (optional):", config.vercelToken);
+	config.vercelProjectId = await promptText(
+		"Vercel project ID (optional):",
+		config.vercelProjectId,
+	);
+	config.vercelTeamId = await promptText("Vercel team ID (optional):", config.vercelTeamId);
+}
+
+async function setupTelegram(config: AegisCliConfig): Promise<void> {
+	const enable = (await consola.prompt("Enable Telegram approval pings?", {
+		type: "confirm",
+		initial: Boolean(config.telegramBotToken),
+	})) as boolean;
+	if (!enable) return;
+
+	config.telegramBotToken = await promptText("Telegram bot token:", config.telegramBotToken);
+	config.telegramChatId = await promptText("Telegram chat ID:", config.telegramChatId);
+	const generateSecret = (await consola.prompt("Generate a Telegram webhook secret?", {
+		type: "confirm",
+		initial: !config.telegramWebhookSecret,
+	})) as boolean;
+	config.telegramWebhookSecret = generateSecret
+		? crypto.randomUUID()
+		: await promptText("Telegram webhook secret:", config.telegramWebhookSecret);
+}
+
+async function setupWorker(config: AegisCliConfig): Promise<void> {
+	config.workerUrl = await promptText(
+		"Deployed Worker URL (can fill after first deploy):",
+		config.workerUrl,
+	);
+}
+
+async function promptText(message: string, initial: string | undefined): Promise<string> {
+	const value = (await consola.prompt(message, {
+		type: "text",
+		initial,
+	})) as string;
+	return value?.trim() ?? "";
+}

package/src/cli/commands/status.ts

@@ -0,0 +1,24 @@
+import { defineCommand } from "citty";
+import { consola } from "consola";
+import { detectSetupState, printState } from "../state.js";
+
+export const statusCommand = defineCommand({
+	meta: { name: "status", description: "Show Aegis setup status" },
+	async run() {
+		await runStatus();
+	},
+});
+
+export async function runStatus(): Promise<void> {
+	const state = detectSetupState();
+	consola.log("\n  Aegis Status");
+	printState(state);
+	if (state.config.monitoredRepo) consola.log(`  Repo: ${state.config.monitoredRepo}`);
+	if (state.config.workerUrl) consola.log(`  Worker: ${state.config.workerUrl}`);
+	consola.log("");
+	if (state.isUsable) {
+		consola.success("Aegis can scan GitHub issues.");
+	} else {
+		consola.warn("Run `aegis setup` before pickup/deploy.");
+	}
+}

package/src/cli/index.ts

@@ -0,0 +1,38 @@
+#!/usr/bin/env node
+
+import { defineCommand, runMain } from "citty";
+import { deployCommand } from "./commands/deploy.js";
+import { initCommand } from "./commands/init.js";
+import { pickupCommand } from "./commands/pickup.js";
+import { setupCommand } from "./commands/setup.js";
+import { statusCommand } from "./commands/status.js";
+
+const main = defineCommand({
+	meta: {
+		name: "aegis",
+		version: "0.2.0",
+		description: "Aegis - self-hosted AFK bug-fixing agent",
+	},
+	default: "menu",
+	subCommands: {
+		init: initCommand,
+		setup: setupCommand,
+		pickup: pickupCommand,
+		status: statusCommand,
+		deploy: deployCommand,
+		menu: defineCommand({
+			meta: { name: "menu", description: "Open the interactive menu", hidden: true },
+			async run() {
+				const { detectSetupState, runInteractiveMenu } = await import("./state.js");
+				if (!detectSetupState().isUsable) {
+					const { runSetupWizard } = await import("./commands/setup.js");
+					await runSetupWizard();
+					return;
+				}
+				await runInteractiveMenu();
+			},
+		}),
+	},
+});
+
+runMain(main);

package/src/cli/paths.ts

@@ -0,0 +1,29 @@
+import { existsSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+
+export const PROJECT_AEGIS_DIR = resolve(process.cwd(), ".aegis");
+export const PROJECT_AEGIS_ENV_FILE = resolve(PROJECT_AEGIS_DIR, ".env");
+export const LEGACY_ENV_FILE = resolve(process.cwd(), ".env.local");
+
+export function resolveEnvFileForRead(): string | undefined {
+	if (existsSync(PROJECT_AEGIS_ENV_FILE)) return PROJECT_AEGIS_ENV_FILE;
+	if (existsSync(LEGACY_ENV_FILE)) return LEGACY_ENV_FILE;
+	return undefined;
+}
+
+export function resolveEnvFileForWrite(): string {
+	if (existsSync(PROJECT_AEGIS_DIR)) return PROJECT_AEGIS_ENV_FILE;
+	return LEGACY_ENV_FILE;
+}
+
+export function findPackageRoot(fromUrl: string): string {
+	let current = dirname(fileURLToPath(fromUrl));
+	while (current !== dirname(current)) {
+		if (existsSync(resolve(current, "package.json")) && existsSync(resolve(current, ".flue"))) {
+			return current;
+		}
+		current = dirname(current);
+	}
+	throw new Error("Could not find the installed Aegis package root");
+}