@nordsym/apiclaw 2.1.0 → 2.2.1

package/src/cli.ts

@@ -1,370 +0,0 @@
-#!/usr/bin/env node
-/**
- * APIClaw Interactive CLI
- * Run with: npx @nordsym/apiclaw --cli
- */
-
-import * as readline from 'readline';
-import { ConvexHttpClient } from 'convex/browser';
-import { discoverAPIs, getAPIDetails, getCategories } from './discovery.js';
-import { executeAPICall, getConnectedProviders } from './execute.js';
-import { readSession, writeSession, clearSession, getMachineFingerprint } from './session.js';
-
-const CONVEX_URL = process.env.CONVEX_URL || 'https://brilliant-puffin-712.eu-west-1.convex.cloud';
-const convex = new ConvexHttpClient(CONVEX_URL);
-
-// Colors for terminal
-const colors = {
-  reset: '\x1b[0m',
-  bright: '\x1b[1m',
-  red: '\x1b[31m',
-  green: '\x1b[32m',
-  yellow: '\x1b[33m',
-  blue: '\x1b[34m',
-  magenta: '\x1b[35m',
-  cyan: '\x1b[36m',
-};
-
-function log(msg: string) {
-  console.log(msg);
-}
-
-function success(msg: string) {
-  console.log(`${colors.green}✓${colors.reset} ${msg}`);
-}
-
-function error(msg: string) {
-  console.log(`${colors.red}✗${colors.reset} ${msg}`);
-}
-
-function info(msg: string) {
-  console.log(`${colors.cyan}ℹ${colors.reset} ${msg}`);
-}
-
-interface WorkspaceContext {
-  sessionToken: string;
-  workspaceId: string;
-  email: string;
-  tier: string;
-  usageRemaining: number;
-}
-
-let workspaceContext: WorkspaceContext | null = null;
-
-async function validateSession(): Promise<boolean> {
-  const session = readSession();
-  if (!session) return false;
-  
-  try {
-    const result = await convex.query("workspaces:getWorkspaceStatus" as any, {
-      sessionToken: session.sessionToken,
-    }) as any;
-    
-    if (!result?.authenticated || result?.status !== 'active') {
-      clearSession();
-      return false;
-    }
-    
-    workspaceContext = {
-      sessionToken: session.sessionToken,
-      workspaceId: session.workspaceId,
-      email: result.email ?? '',
-      tier: result.tier ?? 'free',
-      usageRemaining: result.usageRemaining ?? 0,
-    };
-    return true;
-  } catch {
-    return false;
-  }
-}
-
-async function registerOwner(email: string): Promise<void> {
-  info(`Sending magic link to ${email}...`);
-  
-  try {
-    const fingerprint = getMachineFingerprint();
-    
-    // Use HTTP endpoint for magic link
-    const response = await fetch(`${CONVEX_URL.replace('.cloud', '.site')}/workspace/magic-link`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ email, fingerprint }),
-    });
-    
-    const result = await response.json() as { success?: boolean; token?: string; error?: string };
-    
-    if (result?.success && result?.token) {
-      success(`Magic link sent to ${email}`);
-      log(`\n📧 Check your email and click the link to authenticate.`);
-      
-      // Start polling for verification
-      log(`\n⏳ Waiting for you to click the link...`);
-      log(`   (Press Ctrl+C to cancel)\n`);
-      
-      await pollForVerification(result.token, fingerprint);
-    } else {
-      error(`Failed: ${result?.error || 'Unknown error'}`);
-    }
-  } catch (err) {
-    error(`Failed: ${err instanceof Error ? err.message : 'Unknown error'}`);
-  }
-}
-
-async function pollForVerification(token: string, fingerprint: string): Promise<void> {
-  const maxAttempts = 60; // 5 minutes
-  for (let i = 0; i < maxAttempts; i++) {
-    await new Promise(r => setTimeout(r, 5000)); // Poll every 5 seconds
-    
-    try {
-      const response = await fetch(`${CONVEX_URL.replace('.cloud', '.site')}/workspace/poll?token=${token}`);
-      const result = await response.json() as { 
-        verified?: boolean; 
-        sessionToken?: string; 
-        workspaceId?: string; 
-        email?: string;
-      };
-      
-      if (result?.verified && result?.sessionToken) {
-        // Save the real session
-        writeSession(
-          result.sessionToken,
-          result.workspaceId || '',
-          result.email || ''
-        );
-        
-        success(`Authenticated as ${result.email}!`);
-        
-        // Reload workspace context
-        await validateSession();
-        return;
-      }
-    } catch {
-      // Continue polling
-    }
-    
-    // Show progress dot
-    process.stdout.write('.');
-  }
-  
-  log('\n');
-  error('Verification timed out. Please try again.');
-}
-
-async function showStatus(): Promise<void> {
-  const valid = await validateSession();
-  
-  log(`\n${colors.bright}APIClaw Status${colors.reset}`);
-  log(`${'─'.repeat(40)}`);
-  
-  if (valid && workspaceContext) {
-    success(`Authenticated as ${workspaceContext.email}`);
-    log(`   Tier: ${workspaceContext.tier}`);
-    log(`   Remaining calls: ${workspaceContext.usageRemaining}`);
-  } else {
-    error(`Not authenticated`);
-    log(`   Run: ${colors.cyan}register <email>${colors.reset}`);
-  }
-  log('');
-}
-
-async function discover(query: string): Promise<void> {
-  info(`Searching for: "${query}"`);
-  
-  try {
-    const results = discoverAPIs(query, { maxResults: 5 });
-    
-    if (!results || results.length === 0) {
-      log(`No APIs found for "${query}"`);
-      return;
-    }
-    
-    log(`\n${colors.bright}Found ${results.length} APIs:${colors.reset}\n`);
-    
-    // Get connected providers for Direct Call detection
-    const connected = getConnectedProviders().map(p => p.provider.toLowerCase());
-    
-    for (const result of results) {
-      const api = result.provider;
-      const isDirectCall = connected.includes(api.id?.toLowerCase() || api.name.toLowerCase().replace(/\s+/g, '_'));
-      const directCallBadge = isDirectCall ? `${colors.green}[Direct Call]${colors.reset}` : '';
-      log(`${colors.cyan}${api.name}${colors.reset} ${directCallBadge}`);
-      log(`   ${api.description}`);
-      log(`   Category: ${api.category}`);
-      log(`   Pricing: ${api.pricing?.model || 'See docs'}`);
-      log('');
-    }
-  } catch (err) {
-    error(`Search failed: ${err instanceof Error ? err.message : 'Unknown error'}`);
-  }
-}
-
-async function listConnected(): Promise<void> {
-  try {
-    const providers = getConnectedProviders();
-    
-    log(`\n${colors.bright}Direct Call Providers (no API key needed):${colors.reset}\n`);
-    
-    for (const p of providers) {
-      log(`${colors.cyan}${p.provider}${colors.reset}`);
-      log(`   Actions: ${p.actions?.join(', ') || 'See docs'}`);
-      log('');
-    }
-  } catch (err) {
-    error(`Failed: ${err instanceof Error ? err.message : 'Unknown error'}`);
-  }
-}
-
-async function callApi(provider: string, action: string, params: Record<string, any>): Promise<void> {
-  if (!workspaceContext) {
-    error('Not authenticated. Run: register <email>');
-    return;
-  }
-  
-  info(`Calling ${provider}.${action}...`);
-  
-  try {
-    const result = await executeAPICall(
-      provider,
-      action,
-      params,
-      workspaceContext.workspaceId
-    );
-    
-    log(`\n${colors.bright}Result:${colors.reset}\n`);
-    log(JSON.stringify(result, null, 2));
-    log('');
-  } catch (err) {
-    error(`Call failed: ${err instanceof Error ? err.message : 'Unknown error'}`);
-  }
-}
-
-function showHelp(): void {
-  log(`
-${colors.bright}🦞 APIClaw CLI${colors.reset}
-
-${colors.cyan}Commands:${colors.reset}
-  register <email>      Send magic link to authenticate
-  status                Check authentication status
-  discover <query>      Search for APIs by capability
-  list                  Show Direct Call providers
-  call <provider> <action> <json-params>
-                        Call an API (e.g., call brave_search search {"q":"test"})
-  help                  Show this help
-  exit                  Quit
-
-${colors.cyan}Examples:${colors.reset}
-  discover send SMS
-  discover image generation
-  list
-  call brave_search search {"q":"hello world"}
-`);
-}
-
-function parseCallCommand(args: string): { provider: string; action: string; params: Record<string, any> } | null {
-  // Format: provider action {json}
-  const match = args.match(/^(\S+)\s+(\S+)\s+(.+)$/);
-  if (!match) return null;
-  
-  try {
-    const params = JSON.parse(match[3]);
-    return { provider: match[1], action: match[2], params };
-  } catch {
-    return null;
-  }
-}
-
-export async function startCLI(): Promise<void> {
-  log(`
-${colors.bright}🦞 APIClaw CLI v1.1.5${colors.reset}
-━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
-
-Type ${colors.cyan}help${colors.reset} for commands, ${colors.cyan}exit${colors.reset} to quit.
-`);
-
-  // Check session on startup
-  const valid = await validateSession();
-  if (valid && workspaceContext) {
-    success(`Authenticated as ${workspaceContext.email}`);
-  } else {
-    info(`Not authenticated. Run: ${colors.cyan}register <email>${colors.reset}`);
-  }
-  log('');
-
-  const rl = readline.createInterface({
-    input: process.stdin,
-    output: process.stdout,
-    prompt: `${colors.red}apiclaw${colors.reset}> `,
-  });
-
-  rl.prompt();
-
-  rl.on('line', async (line) => {
-    const input = line.trim();
-    const [cmd, ...args] = input.split(/\s+/);
-    const argsStr = args.join(' ');
-
-    switch (cmd.toLowerCase()) {
-      case '':
-        break;
-        
-      case 'help':
-      case '?':
-        showHelp();
-        break;
-        
-      case 'exit':
-      case 'quit':
-      case 'q':
-        log('Bye! 🦞');
-        process.exit(0);
-        break;
-        
-      case 'register':
-        if (!argsStr) {
-          error('Usage: register <email>');
-        } else {
-          await registerOwner(argsStr);
-        }
-        break;
-        
-      case 'status':
-        await showStatus();
-        break;
-        
-      case 'discover':
-      case 'search':
-        if (!argsStr) {
-          error('Usage: discover <query>');
-        } else {
-          await discover(argsStr);
-        }
-        break;
-        
-      case 'list':
-      case 'connected':
-        await listConnected();
-        break;
-        
-      case 'call':
-        const parsed = parseCallCommand(argsStr);
-        if (!parsed) {
-          error('Usage: call <provider> <action> {"param":"value"}');
-          log('Example: call brave_search search {"q":"hello"}');
-        } else {
-          await callApi(parsed.provider, parsed.action, parsed.params);
-        }
-        break;
-        
-      default:
-        error(`Unknown command: ${cmd}`);
-        log(`Type ${colors.cyan}help${colors.reset} for available commands.`);
-    }
-
-    rl.prompt();
-  });
-
-  rl.on('close', () => {
-    log('\nBye! 🦞');
-    process.exit(0);
-  });
-}

package/src/confirmation.ts

@@ -1,296 +0,0 @@
-/**
- * APIClaw Confirmation System
- * For actions that cost money or have side effects
- * 
- * Flow:
- * 1. Agent calls action → gets preview + token
- * 2. Agent shows preview to user
- * 3. User confirms → agent calls confirm with token
- * 4. APIClaw executes the actual action
- */
-
-import { randomBytes } from 'crypto';
-
-export interface PendingAction {
-  token: string;
-  provider: string;
-  action: string;
-  params: Record<string, any>;
-  preview: Record<string, any>;
-  createdAt: number;
-  expiresAt: number;
-  userId?: string;
-}
-
-// In-memory store for pending confirmations (in production, use Redis)
-const pendingActions = new Map<string, PendingAction>();
-
-// Actions that require confirmation before execution
-export const CONFIRMATION_REQUIRED: Record<string, string[]> = {
-  // Invoicing - costs money per send
-  coaccept: ['send_invoice', 'send_reminder'],
-  
-  // SMS - costs money per message
-  '46elks': ['send_sms'],
-  twilio: ['send_sms'],
-  
-  // Email sends (less critical but still good to confirm)
-  resend: ['send_email'],
-};
-
-// Token expiry time (5 minutes)
-const TOKEN_EXPIRY_MS = 5 * 60 * 1000;
-
-/**
- * Check if an action requires confirmation (hardcoded list only)
- * For dynamic providers, use requiresConfirmationAsync
- */
-export function requiresConfirmation(provider: string, action: string): boolean {
-  const actions = CONFIRMATION_REQUIRED[provider];
-  return actions?.includes(action) ?? false;
-}
-
-/**
- * Check if a dynamic provider action requires confirmation
- * This is imported dynamically to avoid circular deps
- */
-export async function requiresConfirmationAsync(
-  provider: string, 
-  action: string
-): Promise<{ required: boolean; estimatedCost?: string; isDynamic?: boolean }> {
-  // First check hardcoded list
-  if (requiresConfirmation(provider, action)) {
-    return { required: true, isDynamic: false };
-  }
-  
-  // Then check dynamic provider config
-  try {
-    const { getDynamicConfirmationConfig } = await import('./execute-dynamic.js');
-    const config = await getDynamicConfirmationConfig(provider, action);
-    if (config.required) {
-      return { 
-        required: true, 
-        estimatedCost: config.estimatedCost,
-        isDynamic: true 
-      };
-    }
-  } catch (e) {
-    // Dynamic config not available, that's ok
-  }
-  
-  return { required: false };
-}
-
-/**
- * Generate a confirmation token and store the pending action
- */
-export function createPendingAction(
-  provider: string,
-  action: string,
-  params: Record<string, any>,
-  preview: Record<string, any>,
-  userId?: string
-): PendingAction {
-  // Clean up expired tokens
-  cleanupExpired();
-
-  const token = randomBytes(16).toString('hex');
-  const now = Date.now();
-
-  const pending: PendingAction = {
-    token,
-    provider,
-    action,
-    params,
-    preview,
-    createdAt: now,
-    expiresAt: now + TOKEN_EXPIRY_MS,
-    userId,
-  };
-
-  pendingActions.set(token, pending);
-  return pending;
-}
-
-/**
- * Get a pending action by token (and validate it)
- */
-export function getPendingAction(token: string): PendingAction | null {
-  const pending = pendingActions.get(token);
-  
-  if (!pending) {
-    return null;
-  }
-
-  if (Date.now() > pending.expiresAt) {
-    pendingActions.delete(token);
-    return null;
-  }
-
-  return pending;
-}
-
-/**
- * Consume a pending action (use it and remove from store)
- */
-export function consumePendingAction(token: string): PendingAction | null {
-  const pending = getPendingAction(token);
-  
-  if (pending) {
-    pendingActions.delete(token);
-  }
-
-  return pending;
-}
-
-/**
- * Clean up expired tokens
- */
-function cleanupExpired(): void {
-  const now = Date.now();
-  for (const [token, pending] of pendingActions.entries()) {
-    if (now > pending.expiresAt) {
-      pendingActions.delete(token);
-    }
-  }
-}
-
-/**
- * Generate a human-readable preview for an action
- */
-export function generatePreview(
-  provider: string,
-  action: string,
-  params: Record<string, any>
-): Record<string, any> {
-  // Provider-specific preview generators
-  switch (provider) {
-    case 'coaccept':
-      return generateCoAcceptPreview(action, params);
-    case '46elks':
-    case 'twilio':
-      return generateSMSPreview(params);
-    case 'resend':
-      return generateEmailPreview(params);
-    default:
-      return { action, params };
-  }
-}
-
-function generateCoAcceptPreview(action: string, params: Record<string, any>): Record<string, any> {
-  if (action === 'send_invoice') {
-    const items = params.items || [];
-    const totalAmount = items.reduce((sum: number, item: any) => sum + (item.amount || 0), 0);
-    
-    return {
-      type: 'invoice',
-      recipient: {
-        name: params.recipient_name,
-        email: params.recipient_email,
-        org_number: params.recipient_org_nr,
-      },
-      amount: {
-        subtotal: totalAmount,
-        vat_rate: params.vat_rate || 25,
-        vat_amount: totalAmount * ((params.vat_rate || 25) / 100),
-        total: totalAmount * (1 + (params.vat_rate || 25) / 100),
-        currency: params.currency || 'SEK',
-      },
-      due_date: params.due_date,
-      items: items.map((item: any) => ({
-        description: item.description,
-        quantity: item.quantity || 1,
-        unit_price: item.unit_price || item.amount,
-        amount: item.amount,
-      })),
-      payment_method: 'SMS + Swish/Card (CoAccept)',
-      estimated_cost: '~2-5 SEK per invoice',
-    };
-  }
-  
-  return { action, params };
-}
-
-function generateSMSPreview(params: Record<string, any>): Record<string, any> {
-  const messageLength = (params.message || '').length;
-  const segments = Math.ceil(messageLength / 160);
-  
-  return {
-    type: 'sms',
-    to: params.to,
-    from: params.from || 'NordSym',
-    message: params.message,
-    message_length: messageLength,
-    segments,
-    estimated_cost: `~${(segments * 0.35).toFixed(2)} SEK`,
-  };
-}
-
-function generateEmailPreview(params: Record<string, any>): Record<string, any> {
-  return {
-    type: 'email',
-    to: params.to,
-    from: params.from || 'noreply@nordsym.com',
-    subject: params.subject,
-    preview: (params.message || params.html || '').substring(0, 200) + '...',
-  };
-}
-
-/**
- * Validate params before creating preview
- * Returns { valid: true } or { valid: false, errors: [...] }
- */
-export function validateParams(
-  provider: string,
-  action: string,
-  params: Record<string, any>
-): { valid: boolean; errors?: string[] } {
-  const errors: string[] = [];
-
-  switch (provider) {
-    case 'coaccept':
-      if (action === 'send_invoice') {
-        if (!params.recipient_name) errors.push('Missing: recipient_name');
-        if (!params.recipient_email) errors.push('Missing: recipient_email');
-        if (!params.items || !Array.isArray(params.items) || params.items.length === 0) {
-          errors.push('Missing: items (at least one invoice item required)');
-        }
-        if (!params.due_date) errors.push('Missing: due_date (YYYY-MM-DD)');
-        
-        // Validate email format
-        if (params.recipient_email && !params.recipient_email.includes('@')) {
-          errors.push('Invalid: recipient_email format');
-        }
-        
-        // Validate due date is not in past
-        if (params.due_date) {
-          const dueDate = new Date(params.due_date);
-          const today = new Date();
-          today.setHours(0, 0, 0, 0);
-          if (dueDate < today) {
-            errors.push('Invalid: due_date cannot be in the past');
-          }
-        }
-      }
-      break;
-
-    case '46elks':
-    case 'twilio':
-      if (!params.to) errors.push('Missing: to (phone number)');
-      if (!params.message) errors.push('Missing: message');
-      
-      // Validate phone format (basic check)
-      if (params.to && !params.to.startsWith('+')) {
-        errors.push('Invalid: phone number must start with + (e.g., +46701234567)');
-      }
-      break;
-
-    case 'resend':
-      if (!params.to) errors.push('Missing: to (email address)');
-      if (!params.subject) errors.push('Missing: subject');
-      if (!params.message && !params.html) errors.push('Missing: message or html content');
-      break;
-  }
-
-  return errors.length > 0 ? { valid: false, errors } : { valid: true };
-}