@newpeak/barista-cli 0.1.0

package/src/core/auth/token-manager.ts

@@ -0,0 +1,183 @@
+import keytar from 'keytar';
+import * as crypto from 'crypto';
+import * as fs from 'fs';
+import * as path from 'path';
+import * as os from 'os';
+import { TokenContext } from '../../types/index.js';
+
+const SERVICE_NAME = 'barista-cli';
+const ENCRYPTION_ALGORITHM = 'aes-256-gcm';
+const FALLBACK_FILE_NAME = '.barista-tokens';
+
+interface StoredToken {
+  service: string;
+  environment: string;
+  tenant?: string;
+  token: string;
+  updatedAt: string;
+}
+
+class TokenManager {
+  private fallbackDir: string;
+  private fallbackFilePath: string;
+
+  constructor() {
+    this.fallbackDir = path.join(os.homedir(), '.barista');
+    this.fallbackFilePath = path.join(this.fallbackDir, FALLBACK_FILE_NAME);
+  }
+
+  async getToken(context: TokenContext): Promise<string | null> {
+    const account = this.buildAccount(context);
+
+    try {
+      const token = await keytar.getPassword(SERVICE_NAME, account);
+      if (token) return token;
+    } catch (keytarError) {
+      console.warn('[TokenManager] Keytar not available, using fallback storage');
+    }
+
+    return this.getTokenFromFallback(context);
+  }
+
+  async setToken(context: TokenContext, token: string): Promise<void> {
+    const account = this.buildAccount(context);
+
+    try {
+      await keytar.setPassword(SERVICE_NAME, account, token);
+      await this.removeFromFallback(context);
+      return;
+    } catch (keytarError) {
+      console.warn('[TokenManager] Keytar failed, using fallback storage');
+    }
+
+    await this.setTokenToFallback(context, token);
+  }
+
+  async deleteToken(context: TokenContext): Promise<boolean> {
+    const account = this.buildAccount(context);
+
+    let deleted = false;
+    try {
+      deleted = await keytar.deletePassword(SERVICE_NAME, account);
+    } catch (keytarError) {
+      // Ignore keytar errors, try fallback
+    }
+
+    const fallbackDeleted = await this.removeFromFallback(context);
+    return deleted || fallbackDeleted;
+  }
+
+  async findAllTokens(): Promise<Array<{ account: string; password: string }>> {
+    try {
+      const credentials = await keytar.findCredentials(SERVICE_NAME);
+      if (credentials.length > 0) return credentials;
+    } catch (keytarError) {
+      // Ignore keytar errors
+    }
+
+    return this.getAllFromFallback();
+  }
+
+  private buildAccount(context: TokenContext): string {
+    const parts: string[] = [context.service, context.environment];
+    if (context.tenant) {
+      parts.push(context.tenant);
+    }
+    return parts.join(':');
+  }
+
+  private getMachineId(): Buffer {
+    const machineId = os.hostname() + os.platform() + os.arch() + os.homedir();
+    return crypto.createHash('sha256').update(machineId).digest();
+  }
+
+  private encrypt(text: string): string {
+    const key = this.getMachineId();
+    const iv = crypto.randomBytes(16);
+    const cipher = crypto.createCipheriv(ENCRYPTION_ALGORITHM, key, iv);
+    let encrypted = cipher.update(text, 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+    const authTag = cipher.getAuthTag();
+    return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
+  }
+
+  private decrypt(encryptedText: string): string {
+    const parts = encryptedText.split(':');
+    if (parts.length !== 3) throw new Error('Invalid encrypted data format');
+    const iv = Buffer.from(parts[0], 'hex');
+    const authTag = Buffer.from(parts[1], 'hex');
+    const encrypted = parts[2];
+    const key = this.getMachineId();
+    const decipher = crypto.createDecipheriv(ENCRYPTION_ALGORITHM, key, iv);
+    decipher.setAuthTag(authTag);
+    let decrypted = decipher.update(encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+    return decrypted;
+  }
+
+  private async getFallbackTokens(): Promise<Record<string, StoredToken>> {
+    try {
+      if (!fs.existsSync(this.fallbackFilePath)) {
+        return {};
+      }
+      const encryptedData = fs.readFileSync(this.fallbackFilePath, 'utf8');
+      const decrypted = this.decrypt(encryptedData);
+      return JSON.parse(decrypted);
+    } catch {
+      return {};
+    }
+  }
+
+  private async saveFallbackTokens(tokens: Record<string, StoredToken>): Promise<void> {
+    if (!fs.existsSync(this.fallbackDir)) {
+      fs.mkdirSync(this.fallbackDir, { recursive: true });
+    }
+    const json = JSON.stringify(tokens);
+    const encrypted = this.encrypt(json);
+    fs.writeFileSync(this.fallbackFilePath, encrypted, { mode: 0o600 });
+  }
+
+  private async getTokenFromFallback(context: TokenContext): Promise<string | null> {
+    const tokens = await this.getFallbackTokens();
+    const key = this.buildAccount(context);
+    const stored = tokens[key];
+    if (stored) {
+      return stored.token;
+    }
+    return null;
+  }
+
+  private async setTokenToFallback(context: TokenContext, token: string): Promise<void> {
+    const tokens = await this.getFallbackTokens();
+    const key = this.buildAccount(context);
+    tokens[key] = {
+      service: context.service,
+      environment: context.environment,
+      tenant: context.tenant,
+      token,
+      updatedAt: new Date().toISOString(),
+    };
+    await this.saveFallbackTokens(tokens);
+  }
+
+  private async removeFromFallback(context: TokenContext): Promise<boolean> {
+    const tokens = await this.getFallbackTokens();
+    const key = this.buildAccount(context);
+    if (tokens[key]) {
+      delete tokens[key];
+      await this.saveFallbackTokens(tokens);
+      return true;
+    }
+    return false;
+  }
+
+  private async getAllFromFallback(): Promise<Array<{ account: string; password: string }>> {
+    const tokens = await this.getFallbackTokens();
+    return Object.entries(tokens).map(([account, stored]) => ({
+      account,
+      password: stored.token,
+    }));
+  }
+}
+
+export const tokenManager = new TokenManager();

package/src/core/config/manager.ts

@@ -0,0 +1,164 @@
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import yaml from 'yaml';
+import { Config, Context, Environment, Service } from '../../types/index.js';
+
+const DEFAULT_CONFIG: Config = {
+  defaults: {
+    env: 'dev',
+    tenant: 'default',
+    service: 'liberica',
+  },
+  environments: {
+    dev: {
+      liberica: {
+        baseUrl: 'https://{tenant}-dev.newpeaksh.com',
+        timeout: 30000,
+      },
+      arabica: {
+        baseUrl: 'https://arabica-dev.newpeaksh.com',
+        timeout: 30000,
+      },
+    },
+    test: {
+      liberica: {
+        baseUrl: 'https://{tenant}-test.newpeaksh.com',
+        timeout: 30000,
+      },
+      arabica: {
+        baseUrl: 'https://arabica-test.newpeaksh.com',
+        timeout: 30000,
+      },
+    },
+    'prod-cn': {
+      liberica: {
+        baseUrl: 'https://{tenant}.newpeaksh.com',
+        timeout: 60000,
+      },
+      arabica: {
+        baseUrl: 'https://www.newpeaksh.com',
+        timeout: 60000,
+      },
+    },
+    'prod-jp': {
+      liberica: {
+        baseUrl: 'https://{tenant}.newpeakjp.com',
+        timeout: 60000,
+      },
+      arabica: {
+        baseUrl: 'https://members.newpeakjp.com',
+        timeout: 60000,
+      },
+    },
+  },
+  output: {
+    format: 'table',
+    color: true,
+    timestamp: true,
+  },
+};
+
+class ConfigManager {
+  private config: Config | null = null;
+  private configPath: string;
+
+  constructor() {
+    const homeDir = os.homedir();
+    const baristaDir = path.join(homeDir, '.barista');
+    this.configPath = path.join(baristaDir, 'config.yaml');
+  }
+
+  async load(): Promise<void> {
+    try {
+      const configDir = path.dirname(this.configPath);
+      if (!fs.existsSync(configDir)) {
+        fs.mkdirSync(configDir, { recursive: true });
+      }
+
+      if (fs.existsSync(this.configPath)) {
+        const content = fs.readFileSync(this.configPath, 'utf-8');
+        this.config = yaml.parse(content) as Config;
+      } else {
+        this.config = { ...DEFAULT_CONFIG };
+        await this.save();
+      }
+    } catch (error) {
+      this.config = { ...DEFAULT_CONFIG };
+    }
+  }
+
+  async save(): Promise<void> {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    const configDir = path.dirname(this.configPath);
+    if (!fs.existsSync(configDir)) {
+      fs.mkdirSync(configDir, { recursive: true });
+    }
+    const content = yaml.stringify(this.config);
+    fs.writeFileSync(this.configPath, content, 'utf-8');
+  }
+
+  getConfig(): Config {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    return this.config;
+  }
+
+  getCurrentContext(): Context {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    return {
+      environment: this.config.defaults.env,
+      service: this.config.defaults.service,
+      tenant: this.config.defaults.tenant,
+    };
+  }
+
+  async setEnvironment(env: Environment): Promise<void> {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    if (!['dev', 'test', 'prod-cn', 'prod-jp'].includes(env)) {
+      throw new Error(`Invalid environment: ${env}`);
+    }
+    this.config.defaults.env = env;
+    await this.save();
+  }
+
+  async setTenant(tenant: string): Promise<void> {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    this.config.defaults.tenant = tenant;
+    await this.save();
+  }
+
+  async setService(service: Service): Promise<void> {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    this.config.defaults.service = service;
+    await this.save();
+  }
+
+  getEnvironmentUrl(service: Service, environment: Environment, tenant?: string): string {
+    if (!this.config) {
+      throw new Error('Config not loaded');
+    }
+    const envConfig = this.config.environments[environment];
+    if (!envConfig) {
+      throw new Error(`Environment not found: ${environment}`);
+    }
+    let url = service === 'liberica' ? envConfig.liberica.baseUrl : envConfig.arabica.baseUrl;
+    if (service === 'liberica') {
+      url = url.replace('{tenant}', tenant || this.config.defaults.tenant);
+    }
+    return url;
+  }
+}
+
+export const configManager = new ConfigManager();

package/src/index.ts

@@ -0,0 +1,37 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import { configManager } from './core/config/manager.js';
+import { createContextCommand } from './commands/context.js';
+import { createAuthCommand } from './commands/auth.js';
+import { createLibericaCommand } from './commands/liberica/index.js';
+import { createArabicaCommand } from './commands/arabica/index.js';
+
+async function main(): Promise<void> {
+  try {
+    await configManager.load();
+
+    const program = new Command();
+    program
+      .name('barista')
+      .description('Barista CLI - Bridge between AI agents and Liberica/Arabica')
+      .version('0.1.0')
+      .option('-e, --env <environment>', 'Target environment (dev|test|prod-cn|prod-jp)')
+      .option('-t, --tenant <tenant>', 'Target tenant (for Liberica)')
+      .option('--dry-run', 'Execute in dry-run mode')
+      .option('--json', 'Output as JSON')
+      .option('--debug', 'Enable debug mode');
+
+    program.addCommand(createContextCommand());
+    program.addCommand(createAuthCommand());
+    program.addCommand(createLibericaCommand());
+    program.addCommand(createArabicaCommand());
+
+    await program.parseAsync();
+  } catch (error) {
+    console.error('Error:', error instanceof Error ? error.message : error);
+    process.exit(1);
+  }
+}
+
+main();

package/src/types/employee.ts

@@ -0,0 +1,102 @@
+// Employee sex literal type
+export type EmployeeSex = 'M' | 'F';
+
+// Status flag literal type
+export type StatusFlag = 1 | 2;
+
+// Full Employee entity (from MasterEmployeeResponse)
+export interface Employee {
+  employeeId: string;
+  employeeCode: string;
+  employeeName: string;
+  employeeNo: string;
+  employeePhone?: string;
+  employeeEmail?: string;
+  employeeSex?: EmployeeSex;
+  employeeIdType?: string;
+  employeeIdNo?: string;
+  employeeJoinedDate?: string;
+  employeeLeaveDate?: string;
+  employeeBirthday?: string;
+  organizationId?: string;
+  orgCode?: string;
+  orgName?: string;
+  organizationManagerFlag?: string;
+  positionId?: string;
+  positionName?: string;
+  jobType?: string;
+  jobLevelNo?: string;
+  evaluator1?: string;
+  evaluator2?: string;
+  coach?: string;
+  employeeStatus?: string;
+  statusFlag: StatusFlag;
+  employeeBankAccount?: string;
+  employeeDepositBank?: string;
+  account?: string;
+  encryptPassword?: string;
+  showQrCode?: boolean;
+  qrCode?: string;
+}
+
+// Request for creating employee (add endpoint)
+export interface CreateEmployeeRequest {
+  employeeCode?: string;
+  employeeName: string;
+  employeeNo: string;
+  employeePhone?: string;
+  employeeEmail?: string;
+  employeeSex?: EmployeeSex;
+  employeeIdType?: string;
+  employeeIdNo?: string;
+  employeeJoinedDate?: string;
+  employeeLeaveDate?: string;
+  employeeBirthday?: string;
+  organizationId?: string;
+  positionId?: string;
+  jobType?: string;
+  jobLevelNo?: string;
+}
+
+// Request for updating employee (edit endpoint)
+export interface UpdateEmployeeRequest {
+  employeeId: string;
+  employeeName?: string;
+  employeePhone?: string;
+  employeeEmail?: string;
+  employeeJoinedDate?: string;
+  employeeLeaveDate?: string;
+  organizationId?: string;
+  positionId?: string;
+}
+
+// Query params for list/pagination
+export interface EmployeeQueryParams {
+  pageNo?: number;
+  pageSize?: number;
+  status?: StatusFlag;
+  organizationId?: number;
+  employeeCode?: string;
+  employeeName?: string;
+}
+
+// Paginated response wrapper (PageResult from Roses framework)
+export interface PageResult<T> {
+  totalRows: number;
+  pageSize: number;
+  pageNo: number;
+  rows: T[];
+}
+
+// List response type
+export interface EmployeeListResponse extends PageResult<Employee> {}
+
+// API response wrapper
+export interface EmployeeApiResponse {
+  success: boolean;
+  data?: Employee | EmployeeListResponse;
+  error?: {
+    code: string;
+    message: string;
+  };
+}

package/src/types/index.ts

@@ -0,0 +1,75 @@
+export interface APIResponse<T = unknown> {
+  success: boolean;
+  data?: T;
+  error?: {
+    code: string;
+    message: string;
+    details?: unknown;
+  };
+  // Backend error format (direct fields instead of nested error object)
+  code?: string;
+  message?: string;
+  meta?: {
+    requestId?: string;
+    timestamp?: string;
+    pagination?: {
+      page: number;
+      size: number;
+      total: number;
+      totalPages: number;
+    };
+  };
+}
+
+export interface CommandOptions {
+  env?: string;
+  tenant?: string;
+  dryRun?: boolean;
+  json?: boolean;
+  debug?: boolean;
+}
+
+export interface Context {
+  environment: Environment;
+  service: Service;
+  tenant: string;
+}
+
+export type Environment = 'dev' | 'test' | 'prod-cn' | 'prod-jp';
+export type Service = 'liberica' | 'arabica';
+
+export interface Config {
+  defaults: {
+    env: Environment;
+    tenant: string;
+    service: Service;
+  };
+  environments: Record<
+    Environment,
+    {
+      liberica: {
+        baseUrl: string;
+        timeout: number;
+      };
+      arabica: {
+        baseUrl: string;
+        timeout: number;
+      };
+    }
+  >;
+  output: {
+    format: 'table' | 'json';
+    color: boolean;
+    timestamp: boolean;
+  };
+}
+
+export interface TokenContext {
+  service: Service;
+  environment: Environment;
+  tenant?: string;
+}
+
+export * from './employee.js';
+export * from './org.js';
+export * from './position.js';

package/src/types/org.ts

@@ -0,0 +1,25 @@
+// Organization entity
+export interface Organization {
+  organizationId: number;
+  orgCode?: string;
+  orgName?: string;
+  parentId?: number;
+  orgLevel?: number;
+  sortNo?: number;
+  statusFlag?: number;
+}
+
+// API response for org list (generic id+name for reuse)
+export interface OrgListItem {
+  id: string;
+  name: string;
+}
+
+export interface OrgListResponse {
+  success: boolean;
+  data?: OrgListItem[];
+  error?: {
+    code: string;
+    message: string;
+  };
+}

package/src/types/position.ts

@@ -0,0 +1,24 @@
+// Position entity
+export interface Position {
+  positionId: string;
+  positionCode?: string;
+  positionName?: string;
+  jobType?: string;
+  jobLevelNo?: string;
+  statusFlag?: number;
+}
+
+// API response for position list (generic id+name for reuse)
+export interface PositionListItem {
+  id: string;
+  name: string;
+}
+
+export interface PositionListResponse {
+  success: boolean;
+  data?: PositionListItem[];
+  error?: {
+    code: string;
+    message: string;
+  };
+}

package/src/types/user.ts

@@ -0,0 +1,64 @@
+export type UserStatusFlag = 1 | 2;
+
+export interface User {
+  userId: string;
+  realName: string;
+  account: string;
+  email?: string;
+  employeeId?: string;
+  employeeNumber?: string;
+  employeeName?: string;
+  roleNameList?: string[];
+  statusFlag: UserStatusFlag;
+  createTime?: string;
+  readOnly?: boolean;
+}
+
+export interface CreateUserRequest {
+  realName: string;
+  account: string;
+  email?: string;
+  roleIdList: string[];
+  employeeId?: string;
+  employeeNumber?: string;
+  employeeCode?: string;
+  orgId?: string;
+  positionId?: string;
+  mainFlag?: boolean;
+}
+
+export interface UpdateUserRequest {
+  userId: string;
+  realName?: string;
+  email?: string;
+  roleIdList?: string[];
+  employeeId?: string;
+  statusFlag?: UserStatusFlag;
+}
+
+export interface UserQueryParams {
+  pageNo?: number;
+  pageSize?: number;
+  status?: UserStatusFlag;
+  account?: string;
+  realName?: string;
+  employeeId?: string;
+}
+
+export interface PageResult<T> {
+  totalRows: number;
+  pageSize: number;
+  pageNo: number;
+  rows: T[];
+}
+
+export interface UserListResponse extends PageResult<User> {}
+
+export interface UserApiResponse {
+  success: boolean;
+  data?: User | UserListResponse;
+  error?: {
+    code: string;
+    message: string;
+  };
+}