@orchagent/cli 0.2.11 → 0.2.12

package/dist/commands/workspace.js

@@ -0,0 +1,133 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerWorkspaceCommand = registerWorkspaceCommand;
+const config_1 = require("../lib/config");
+const api_1 = require("../lib/api");
+function registerWorkspaceCommand(program) {
+    const workspace = program
+        .command('workspace')
+        .description('Manage workspaces');
+    // List workspaces
+    workspace
+        .command('list')
+        .description('List all workspaces')
+        .action(async () => {
+        const config = await (0, config_1.getResolvedConfig)();
+        const fileConfig = await (0, config_1.loadConfig)();
+        const workspaces = await (0, api_1.listWorkspaces)(config);
+        if (workspaces.length === 0) {
+            process.stdout.write('No workspaces found.\n');
+            return;
+        }
+        const currentId = fileConfig.current_workspace;
+        for (const ws of workspaces) {
+            const isCurrent = ws.id === currentId || ws.slug === currentId;
+            const marker = isCurrent ? '* ' : '  ';
+            const type = ws.type === 'team' ? '(team)' : '(personal)';
+            const members = ws.type === 'team' ? ` - ${ws.member_count} members` : '';
+            process.stdout.write(`${marker}${ws.slug} - ${ws.name} ${type}${members}\n`);
+        }
+    });
+    // Switch workspace
+    workspace
+        .command('use <slug>')
+        .description('Switch to a different workspace')
+        .action(async (slug) => {
+        const config = await (0, config_1.getResolvedConfig)();
+        const workspaces = await (0, api_1.listWorkspaces)(config);
+        const target = workspaces.find(ws => ws.slug === slug || ws.id === slug);
+        if (!target) {
+            process.stderr.write(`Workspace "${slug}" not found.\n`);
+            process.exit(1);
+        }
+        const fileConfig = await (0, config_1.loadConfig)();
+        fileConfig.current_workspace = target.id;
+        await (0, config_1.saveConfig)(fileConfig);
+        process.stdout.write(`Switched to workspace: ${target.name} (${target.slug})\n`);
+    });
+    // Create workspace
+    workspace
+        .command('create <name>')
+        .description('Create a new team workspace')
+        .option('--slug <slug>', 'Workspace URL slug')
+        .action(async (name, options) => {
+        const config = await (0, config_1.getResolvedConfig)();
+        // Auto-generate slug from name if not provided
+        const slug = options.slug || name
+            .toLowerCase()
+            .replace(/\s+/g, '-')
+            .replace(/[^a-z0-9-]/g, '')
+            .replace(/-+/g, '-')
+            .slice(0, 30);
+        try {
+            const workspace = await (0, api_1.createWorkspace)(config, { name, slug });
+            // Switch to the new workspace
+            const fileConfig = await (0, config_1.loadConfig)();
+            fileConfig.current_workspace = workspace.id;
+            await (0, config_1.saveConfig)(fileConfig);
+            process.stdout.write(`Created workspace: ${workspace.name} (${workspace.slug})\n`);
+            process.stdout.write(`Switched to new workspace.\n`);
+        }
+        catch (err) {
+            process.stderr.write(`Failed to create workspace: ${err instanceof Error ? err.message : 'Unknown error'}\n`);
+            process.exit(1);
+        }
+    });
+    // Invite member
+    workspace
+        .command('invite <email>')
+        .description('Invite a member to the current workspace')
+        .option('--role <role>', 'Role: owner or member', 'member')
+        .action(async (email, options) => {
+        const config = await (0, config_1.getResolvedConfig)();
+        const fileConfig = await (0, config_1.loadConfig)();
+        if (!fileConfig.current_workspace) {
+            process.stderr.write('No workspace selected. Run `orch workspace use <slug>` first.\n');
+            process.exit(1);
+        }
+        const role = options.role;
+        if (role !== 'owner' && role !== 'member') {
+            process.stderr.write('Role must be "owner" or "member".\n');
+            process.exit(1);
+        }
+        try {
+            await (0, api_1.inviteToWorkspace)(config, fileConfig.current_workspace, { email, role });
+            process.stdout.write(`Invited ${email} as ${role}.\n`);
+        }
+        catch (err) {
+            process.stderr.write(`Failed to send invite: ${err instanceof Error ? err.message : 'Unknown error'}\n`);
+            process.exit(1);
+        }
+    });
+    // List members
+    workspace
+        .command('members')
+        .description('List members of the current workspace')
+        .action(async () => {
+        const config = await (0, config_1.getResolvedConfig)();
+        const fileConfig = await (0, config_1.loadConfig)();
+        if (!fileConfig.current_workspace) {
+            process.stderr.write('No workspace selected. Run `orch workspace use <slug>` first.\n');
+            process.exit(1);
+        }
+        try {
+            const { members, invites } = await (0, api_1.getWorkspaceMembers)(config, fileConfig.current_workspace);
+            process.stdout.write('Members:\n');
+            for (const member of members) {
+                const roleLabel = member.role === 'owner' ? '[owner]' : '[member]';
+                process.stdout.write(`  ${member.clerk_user_id} ${roleLabel}\n`);
+            }
+            if (invites.length > 0) {
+                process.stdout.write('\nPending invites:\n');
+                for (const invite of invites) {
+                    const expires = new Date(invite.expires_at).toLocaleDateString();
+                    process.stdout.write(`  ${invite.email} (${invite.role}) - expires ${expires}\n`);
+                }
+            }
+        }
+        catch (err) {
+            process.stderr.write(`Failed to list members: ${err instanceof Error ? err.message : 'Unknown error'}\n`);
+            process.exit(1);
+        }
+    });
+}

package/dist/lib/auth-errors.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseAuthError = parseAuthError;
+const errors_1 = require("./errors");
+const AUTH_MESSAGES = {
+    400: 'Invalid authentication request. Please try again.',
+    401: 'Authentication failed. Run `orchagent login` again.',
+    403: 'Access denied. You may not have permission for this organization.',
+    429: 'Too many attempts. Wait a moment and try again.',
+    500: 'Server error. Please try again later.',
+    502: 'Server temporarily unavailable. Try again later.',
+};
+async function parseAuthError(response, context) {
+    try {
+        const json = await response.json();
+        const msg = json?.error?.message || json?.message;
+        if (msg && typeof msg === 'string' && msg.length < 200) {
+            return new errors_1.CliError(msg);
+        }
+    }
+    catch { }
+    const ctx = context === 'init'
+        ? 'Failed to start authentication'
+        : 'Failed to complete authentication';
+    const action = AUTH_MESSAGES[response.status] || 'Please try again.';
+    return new errors_1.CliError(`${ctx}: ${action}`);
+}

package/dist/lib/browser-auth.js

@@ -8,6 +8,7 @@ exports.startBrowserAuth = startBrowserAuth;
 const http_1 = __importDefault(require("http"));
 const open_1 = __importDefault(require("open"));
 const errors_1 = require("./errors");
+const auth_errors_1 = require("./auth-errors");
 const DEFAULT_PORT = 8374;
 const AUTH_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
 /**
@@ -26,8 +27,7 @@ async function browserAuthFlow(apiUrl, port = DEFAULT_PORT) {
         body: JSON.stringify({ redirect_port: port }),
     });
     if (!initResponse.ok) {
-        const error = await initResponse.json().catch(() => ({}));
-        throw new errors_1.CliError(error?.error?.message || `Failed to initialize auth: ${initResponse.statusText}`);
+        throw await (0, auth_errors_1.parseAuthError)(initResponse, 'init');
     }
     const { auth_url } = await initResponse.json();
     // Step 2: Start local server and wait for callback
@@ -39,8 +39,7 @@ async function browserAuthFlow(apiUrl, port = DEFAULT_PORT) {
         body: JSON.stringify({ token }),
     });
     if (!exchangeResponse.ok) {
-        const error = await exchangeResponse.json().catch(() => ({}));
-        throw new errors_1.CliError(error?.error?.message || `Failed to exchange token: ${exchangeResponse.statusText}`);
+        throw await (0, auth_errors_1.parseAuthError)(exchangeResponse, 'exchange');
     }
     const result = await exchangeResponse.json();
     // Step 4: Open browser (do this after server is ready but before waiting)
@@ -125,8 +124,7 @@ async function startBrowserAuth(apiUrl, port = DEFAULT_PORT) {
         body: JSON.stringify({ redirect_port: port }),
     });
     if (!initResponse.ok) {
-        const error = await initResponse.json().catch(() => ({}));
-        throw new errors_1.CliError(error?.error?.message || `Failed to initialize auth: ${initResponse.statusText}`);
+        throw await (0, auth_errors_1.parseAuthError)(initResponse, 'init');
     }
     const { auth_url } = await initResponse.json();
     // Step 2: Start local server to receive callback
@@ -148,8 +146,7 @@ async function startBrowserAuth(apiUrl, port = DEFAULT_PORT) {
         body: JSON.stringify({ token }),
     });
     if (!exchangeResponse.ok) {
-        const error = await exchangeResponse.json().catch(() => ({}));
-        throw new errors_1.CliError(error?.error?.message || `Failed to complete authentication: ${exchangeResponse.statusText}`);
+        throw await (0, auth_errors_1.parseAuthError)(exchangeResponse, 'exchange');
     }
     const result = await exchangeResponse.json();
     return {

package/dist/lib/doctor/checks/auth.js

@@ -0,0 +1,115 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkApiKeyPresent = checkApiKeyPresent;
+exports.checkApiKeyValid = checkApiKeyValid;
+exports.runAuthChecks = runAuthChecks;
+const config_1 = require("../../config");
+const api_1 = require("../../api");
+/**
+ * Check if API key is configured (in config file or env var).
+ */
+async function checkApiKeyPresent() {
+    const config = await (0, config_1.getResolvedConfig)();
+    const fileConfig = await (0, config_1.loadConfig)();
+    if (config.apiKey) {
+        // Determine source of the API key
+        let source = 'unknown';
+        if (process.env.ORCHAGENT_API_KEY) {
+            source = 'ORCHAGENT_API_KEY environment variable';
+        }
+        else if (fileConfig.api_key) {
+            source = '~/.orchagent/config.json';
+        }
+        // Get key prefix for verbose output (mask most of the key)
+        const keyPrefix = config.apiKey.slice(0, 12) + '...';
+        return {
+            category: 'authentication',
+            name: 'api_key_present',
+            status: 'success',
+            message: 'API key configured',
+            details: { source, keyPrefix },
+        };
+    }
+    return {
+        category: 'authentication',
+        name: 'api_key_present',
+        status: 'error',
+        message: 'No API key configured',
+        fix: 'Run `orch login` or set ORCHAGENT_API_KEY environment variable',
+        details: { configured: false },
+    };
+}
+/**
+ * Check if API key is valid by calling the /org endpoint.
+ */
+async function checkApiKeyValid() {
+    const config = await (0, config_1.getResolvedConfig)();
+    if (!config.apiKey) {
+        return {
+            category: 'authentication',
+            name: 'api_key_valid',
+            status: 'error',
+            message: 'Cannot validate API key (not configured)',
+            details: { reason: 'no api key' },
+        };
+    }
+    try {
+        const org = await (0, api_1.getOrg)(config);
+        return {
+            category: 'authentication',
+            name: 'api_key_valid',
+            status: 'success',
+            message: `API key valid (logged in as: ${org.name})`,
+            details: {
+                orgName: org.name,
+                orgSlug: org.slug,
+                apiUrl: config.apiUrl,
+            },
+        };
+    }
+    catch (err) {
+        if (err instanceof api_1.ApiError) {
+            if (err.status === 401) {
+                return {
+                    category: 'authentication',
+                    name: 'api_key_valid',
+                    status: 'error',
+                    message: 'API key is invalid or expired',
+                    fix: 'Run `orch login` to get a new key',
+                    details: { error: err.message, status: err.status },
+                };
+            }
+            return {
+                category: 'authentication',
+                name: 'api_key_valid',
+                status: 'error',
+                message: `API key validation failed (${err.status})`,
+                fix: 'Check your network connection and try again',
+                details: { error: err.message, status: err.status },
+            };
+        }
+        return {
+            category: 'authentication',
+            name: 'api_key_valid',
+            status: 'error',
+            message: 'Could not validate API key',
+            fix: 'Check your network connection and try again',
+            details: { error: err instanceof Error ? err.message : 'unknown error' },
+        };
+    }
+}
+/**
+ * Run all auth checks.
+ */
+async function runAuthChecks() {
+    const results = [];
+    // First check if key is present
+    const keyPresent = await checkApiKeyPresent();
+    results.push(keyPresent);
+    // Only validate key if it's present
+    if (keyPresent.status === 'success') {
+        const keyValid = await checkApiKeyValid();
+        results.push(keyValid);
+    }
+    return results;
+}

package/dist/lib/doctor/checks/config.js

@@ -0,0 +1,119 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkConfigExists = checkConfigExists;
+exports.checkConfigPermissions = checkConfigPermissions;
+exports.runConfigChecks = runConfigChecks;
+const promises_1 = __importDefault(require("fs/promises"));
+const path_1 = __importDefault(require("path"));
+const os_1 = __importDefault(require("os"));
+const CONFIG_DIR = path_1.default.join(os_1.default.homedir(), '.orchagent');
+const CONFIG_PATH = path_1.default.join(CONFIG_DIR, 'config.json');
+/**
+ * Check if config file exists.
+ */
+async function checkConfigExists() {
+    try {
+        await promises_1.default.access(CONFIG_PATH);
+        return {
+            category: 'configuration',
+            name: 'config_exists',
+            status: 'success',
+            message: `Config file exists (~/.orchagent/config.json)`,
+            details: { path: CONFIG_PATH },
+        };
+    }
+    catch {
+        return {
+            category: 'configuration',
+            name: 'config_exists',
+            status: 'warning',
+            message: 'Config file not found',
+            fix: 'Run `orch login` to create config',
+            details: { path: CONFIG_PATH, exists: false },
+        };
+    }
+}
+/**
+ * Check config file permissions (should be 600 for security).
+ */
+async function checkConfigPermissions() {
+    try {
+        const stats = await promises_1.default.stat(CONFIG_PATH);
+        // On Windows, file permissions work differently
+        if (process.platform === 'win32') {
+            return {
+                category: 'configuration',
+                name: 'config_permissions',
+                status: 'success',
+                message: 'Config file permissions (Windows)',
+                details: { platform: 'win32', note: 'permissions check skipped on Windows' },
+            };
+        }
+        // Check if permissions are 600 (owner read/write only)
+        // mode & 0o777 gives us the permission bits
+        const mode = stats.mode & 0o777;
+        if (mode === 0o600) {
+            return {
+                category: 'configuration',
+                name: 'config_permissions',
+                status: 'success',
+                message: 'Config file permissions (600)',
+                details: { mode: mode.toString(8), expected: '600' },
+            };
+        }
+        // Check if it's too permissive (world or group readable)
+        const worldReadable = (mode & 0o004) !== 0;
+        const groupReadable = (mode & 0o040) !== 0;
+        if (worldReadable || groupReadable) {
+            return {
+                category: 'configuration',
+                name: 'config_permissions',
+                status: 'warning',
+                message: `Config file permissions too open (${mode.toString(8)})`,
+                fix: 'Run `chmod 600 ~/.orchagent/config.json`',
+                details: {
+                    mode: mode.toString(8),
+                    expected: '600',
+                    worldReadable,
+                    groupReadable,
+                },
+            };
+        }
+        return {
+            category: 'configuration',
+            name: 'config_permissions',
+            status: 'success',
+            message: `Config file permissions (${mode.toString(8)})`,
+            details: { mode: mode.toString(8), expected: '600' },
+        };
+    }
+    catch (err) {
+        if (err.code === 'ENOENT') {
+            // Config doesn't exist, skip permissions check
+            return {
+                category: 'configuration',
+                name: 'config_permissions',
+                status: 'warning',
+                message: 'Config file permissions (file not found)',
+                details: { error: 'file not found' },
+            };
+        }
+        return {
+            category: 'configuration',
+            name: 'config_permissions',
+            status: 'warning',
+            message: 'Could not check config permissions',
+            details: { error: err instanceof Error ? err.message : 'unknown error' },
+        };
+    }
+}
+/**
+ * Run all config checks.
+ */
+async function runConfigChecks() {
+    const results = await Promise.all([checkConfigExists(), checkConfigPermissions()]);
+    return results;
+}

package/dist/lib/doctor/checks/connectivity.js

@@ -0,0 +1,109 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.checkGatewayHealth = checkGatewayHealth;
+exports.runConnectivityChecks = runConnectivityChecks;
+const config_1 = require("../../config");
+const LATENCY_WARNING_MS = 2000;
+/**
+ * Check if gateway is reachable by pinging /health endpoint.
+ * Also measures response time.
+ */
+async function checkGatewayHealth() {
+    const config = await (0, config_1.getResolvedConfig)();
+    const healthUrl = `${config.apiUrl.replace(/\/$/, '')}/health`;
+    const startTime = Date.now();
+    try {
+        const response = await fetch(healthUrl, {
+            signal: AbortSignal.timeout(10000),
+        });
+        const latency = Date.now() - startTime;
+        if (!response.ok) {
+            return [
+                {
+                    category: 'connectivity',
+                    name: 'gateway_reachable',
+                    status: 'error',
+                    message: `Gateway returned ${response.status}`,
+                    fix: 'Check if OrchAgent API is operational at https://status.orchagent.io',
+                    details: {
+                        url: healthUrl,
+                        status: response.status,
+                        latency,
+                    },
+                },
+            ];
+        }
+        // Parse hostname for display
+        const apiHost = new URL(config.apiUrl).host;
+        const results = [
+            {
+                category: 'connectivity',
+                name: 'gateway_reachable',
+                status: 'success',
+                message: `Gateway reachable (${apiHost})`,
+                details: {
+                    url: healthUrl,
+                    status: response.status,
+                    host: apiHost,
+                },
+            },
+        ];
+        // Add latency check
+        if (latency > LATENCY_WARNING_MS) {
+            results.push({
+                category: 'connectivity',
+                name: 'response_time',
+                status: 'warning',
+                message: `Response time: ${latency}ms (high latency)`,
+                fix: 'High latency detected. Check network or try a different region.',
+                details: { latency, threshold: LATENCY_WARNING_MS },
+            });
+        }
+        else {
+            results.push({
+                category: 'connectivity',
+                name: 'response_time',
+                status: 'success',
+                message: `Response time: ${latency}ms`,
+                details: { latency, threshold: LATENCY_WARNING_MS },
+            });
+        }
+        return results;
+    }
+    catch (err) {
+        const latency = Date.now() - startTime;
+        const isTimeout = err instanceof Error && (err.name === 'AbortError' || err.name === 'TimeoutError');
+        if (isTimeout) {
+            return [
+                {
+                    category: 'connectivity',
+                    name: 'gateway_reachable',
+                    status: 'error',
+                    message: 'Gateway connection timed out',
+                    fix: 'Check network, firewall, or proxy settings',
+                    details: { url: healthUrl, error: 'timeout', latency },
+                },
+            ];
+        }
+        return [
+            {
+                category: 'connectivity',
+                name: 'gateway_reachable',
+                status: 'error',
+                message: 'Cannot reach gateway',
+                fix: 'Check network, firewall, or proxy settings',
+                details: {
+                    url: healthUrl,
+                    error: err instanceof Error ? err.message : 'unknown error',
+                    latency,
+                },
+            },
+        ];
+    }
+}
+/**
+ * Run all connectivity checks.
+ */
+async function runConnectivityChecks() {
+    return checkGatewayHealth();
+}