@papercraneai/cli 1.0.0

package/lib/cloud-client.js

@@ -0,0 +1,193 @@
+import axios from 'axios';
+import { getApiKey, getApiBaseUrl } from './config.js';
+
+/**
+ * Get cloud credentials for a specific provider and scope
+ * @param {string} provider - Provider name ('google', 'facebook', etc.)
+ * @param {string} instanceName - Instance name (defaults to 'Default')
+ * @returns {Promise<Object|null>} Credentials object or null if not found
+ */
+export async function fetchCloudCredentials(provider, instanceName = 'Default') {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    return null;
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  try {
+    const response = await axios.get(`${baseUrl}/api/sdk/credentials/${provider}/${instanceName}`, {
+      headers: {
+        'Authorization': `Bearer ${apiKey}`
+      }
+    });
+
+    return response.data.credentials || null;
+  } catch (error) {
+    // If 404 or credential not found, return null
+    if (error.response?.status === 404) {
+      return null;
+    }
+
+    // If unauthorized, throw specific error
+    if (error.response?.status === 401) {
+      throw new Error('Invalid or expired API key. Please run: papercrane login');
+    }
+
+    // Other errors
+    throw error;
+  }
+}
+
+/**
+ * List all cloud credentials
+ * @returns {Promise<Array>} Array of credential objects
+ */
+export async function listCloudCredentials() {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    return [];
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  try {
+    const response = await axios.get(`${baseUrl}/api/sdk/credentials`, {
+      headers: {
+        'Authorization': `Bearer ${apiKey}`
+      }
+    });
+
+    return response.data.credentials || [];
+  } catch (error) {
+    if (error.response?.status === 401) {
+      throw new Error('Invalid or expired API key. Please run: papercrane login');
+    }
+    throw error;
+  }
+}
+
+/**
+ * Validate the current API key by attempting to access the health endpoint
+ * @returns {Promise<boolean>} True if valid, false otherwise
+ */
+export async function validateApiKey() {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    return false;
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  try {
+    // Try to fetch a known integration to validate the key
+    // We expect either a 404 (integration not found, but key is valid)
+    // or a 200 (key is valid and integration exists)
+    // A 401 means the key is invalid
+    await axios.get(`${baseUrl}/api/sdk/credentials/google/Default`, {
+      headers: {
+        'Authorization': `Bearer ${apiKey}`
+      }
+    });
+
+    return true;
+  } catch (error) {
+    // If we get 401, the key is invalid
+    if (error.response?.status === 401) {
+      return false;
+    }
+    // 404 means the integration doesn't exist, but the key is valid
+    if (error.response?.status === 404) {
+      return true;
+    }
+    // Any other error, consider the key invalid
+    return false;
+  }
+}
+
+/**
+ * Refresh credentials for a specific provider (currently only supports airtable)
+ * @param {string} provider - Provider name (e.g., 'airtable')
+ * @param {string} instanceName - Instance name (defaults to 'Default')
+ * @returns {Promise<Object|null>} Fresh credentials object or null if failed
+ */
+export async function refreshCloudCredentials(provider, instanceName = 'Default') {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    return null;
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  try {
+    const response = await axios.post(`${baseUrl}/api/sdk/credentials/${provider}/${instanceName}/refresh`, {}, {
+      headers: {
+        'Authorization': `Bearer ${apiKey}`
+      }
+    });
+
+    return response.data.credentials || null;
+  } catch (error) {
+    if (error.response?.status === 404) {
+      return null;
+    }
+    if (error.response?.status === 401) {
+      throw new Error('Invalid or expired API key. Please run: papercrane login');
+    }
+    throw error;
+  }
+}
+
+/**
+ * Push local credentials to cloud (idempotent)
+ * @param {string} provider - Provider name ('google', 'facebook', etc.)
+ * @param {string} credentialId - Local credential UUID
+ * @param {Object} credentials - Credentials object to upload
+ * @param {string} scope - OAuth scope string
+ * @param {string} name - Optional name for the credential
+ * @returns {Promise<{cloud_id: string, status: string, message: string}>}
+ */
+export async function pushCredentials(provider, credentialId, credentials, scope, name) {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    throw new Error('Not logged in. Please run: papercrane login');
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  const response = await axios.post(`${baseUrl}/api/sdk/credentials/push`, {
+    provider,
+    credential_id: credentialId,
+    credentials,
+    scope,
+    name
+  }, {
+    headers: {
+      'Authorization': `Bearer ${apiKey}`,
+      'Content-Type': 'application/json'
+    }
+  });
+
+  return response.data;
+}
+
+/**
+ * Pull all credentials from cloud
+ * @returns {Promise<Array>} Array of credential objects with cloud_id
+ */
+export async function pullCredentials() {
+  const apiKey = await getApiKey();
+  if (!apiKey) {
+    throw new Error('Not logged in. Please run: papercrane login');
+  }
+
+  const baseUrl = await getApiBaseUrl();
+
+  const response = await axios.get(`${baseUrl}/api/sdk/credentials/pull`, {
+    headers: {
+      'Authorization': `Bearer ${apiKey}`
+    }
+  });
+
+  return response.data.credentials || [];
+}

package/lib/config.js

@@ -0,0 +1,97 @@
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+
+const PAPERCRANE_DIR = path.join(os.homedir(), '.papercrane');
+const CONFIG_FILE = path.join(PAPERCRANE_DIR, 'config.json');
+
+/**
+ * Ensures the config directory exists
+ */
+async function ensureConfigDir() {
+  await fs.mkdir(PAPERCRANE_DIR, { recursive: true });
+}
+
+/**
+ * Load configuration from disk
+ * @returns {Promise<Object>}
+ */
+export async function loadConfig() {
+  try {
+    await ensureConfigDir();
+    const content = await fs.readFile(CONFIG_FILE, 'utf-8');
+    return JSON.parse(content);
+  } catch (error) {
+    if (error.code === 'ENOENT') {
+      // Config file doesn't exist, return empty config
+      return {};
+    }
+    throw error;
+  }
+}
+
+/**
+ * Save configuration to disk
+ * @param {Object} config - Configuration object
+ */
+export async function saveConfig(config) {
+  await ensureConfigDir();
+  await fs.writeFile(CONFIG_FILE, JSON.stringify(config, null, 2));
+}
+
+/**
+ * Get the API key from config
+ * @returns {Promise<string|null>}
+ */
+export async function getApiKey() {
+  const config = await loadConfig();
+  return config.apiKey || null;
+}
+
+/**
+ * Set the API key in config
+ * @param {string} apiKey - The API key to store
+ */
+export async function setApiKey(apiKey) {
+  const config = await loadConfig();
+  config.apiKey = apiKey;
+  await saveConfig(config);
+}
+
+/**
+ * Get the API base URL from config
+ * @returns {Promise<string>}
+ */
+export async function getApiBaseUrl() {
+  const config = await loadConfig();
+  const url = config.apiBaseUrl || 'https://fly.papercrane.ai';
+  // Strip trailing slash to avoid double-slash issues when appending paths
+  return url.replace(/\/+$/, '');
+}
+
+/**
+ * Set the API base URL in config
+ * @param {string} url - The API base URL
+ */
+export async function setApiBaseUrl(url) {
+  const config = await loadConfig();
+  config.apiBaseUrl = url;
+  await saveConfig(config);
+}
+
+/**
+ * Check if user is logged in (has API key)
+ * @returns {Promise<boolean>}
+ */
+export async function isLoggedIn() {
+  const apiKey = await getApiKey();
+  return !!apiKey;
+}
+
+/**
+ * Clear all config (logout)
+ */
+export async function clearConfig() {
+  await ensureConfigDir();
+  await fs.writeFile(CONFIG_FILE, JSON.stringify({}, null, 2));
+}

package/lib/facebook-auth.js

@@ -0,0 +1,148 @@
+import axios from 'axios';
+import chalk from 'chalk';
+import { saveFacebookCredentials } from './storage.js';
+
+const DEVICE_LOGIN_URL = 'https://graph.facebook.com/v21.0/device/login';
+const DEVICE_STATUS_URL = 'https://graph.facebook.com/v21.0/device/login_status';
+
+/**
+ * Handles the Facebook Device Login Flow
+ * @param {string[]} scopes - Array of OAuth scopes to request (e.g., ['ads_read', 'ads_management'])
+ * @param {string} appId - Facebook App ID
+ * @param {string} clientToken - Facebook Client Token
+ */
+export async function handleFacebookAuth(scopes, appId, clientToken) {
+  console.log(chalk.bold('\n🔐 Starting Facebook Device Login...\n'));
+
+  // Prompt for App ID if not provided
+  if (!appId) {
+    console.log(chalk.yellow('Facebook App ID is required.'));
+    console.log(chalk.dim('You can find this in your Facebook App dashboard at:'));
+    console.log(chalk.dim('https://developers.facebook.com/apps/\n'));
+    throw new Error('App ID is required. Pass it as: papercrane facebook <scopes> --app-id YOUR_APP_ID');
+  }
+
+  // Prompt for Client Token if not provided
+  if (!clientToken) {
+    console.log(chalk.yellow('Facebook Client Token is required.'));
+    console.log(chalk.dim('You can find this in App Settings -> Advanced -> Client Token'));
+    console.log(chalk.dim('https://developers.facebook.com/apps/\n'));
+    throw new Error('Client Token is required. Pass it as: --client-token YOUR_CLIENT_TOKEN');
+  }
+
+  // Handle Ctrl+C gracefully
+  let cancelled = false;
+  const handleExit = () => {
+    cancelled = true;
+    console.log(chalk.yellow('\n\n⚠️  Authentication cancelled by user'));
+    process.exit(0);
+  };
+
+  process.on('SIGINT', handleExit);
+
+  try {
+    const scopeString = scopes.join(',');
+    const accessToken = `${appId}|${clientToken}`;
+
+    // Step 1: Request device code
+    console.log(chalk.cyan('📱 Requesting device code...'));
+    const deviceResponse = await axios.post(DEVICE_LOGIN_URL, null, {
+      params: {
+        access_token: accessToken,
+        scope: scopeString
+      }
+    });
+
+    const {
+      code,
+      user_code,
+      verification_uri,
+      expires_in,
+      interval
+    } = deviceResponse.data;
+
+    // Step 2: Display code to user
+    console.log(chalk.bold.green('\n✅ Device code received!\n'));
+    console.log(chalk.bold.cyan('━'.repeat(60)));
+    console.log(chalk.bold('\n  📋 To authenticate:\n'));
+    console.log(chalk.bold.yellow(`     1. Visit: ${chalk.underline(verification_uri)}`));
+    console.log(chalk.bold.yellow(`     2. Enter code: ${chalk.bold.white(user_code)}\n`));
+    console.log(chalk.bold.cyan('━'.repeat(60)));
+    console.log(chalk.dim(`\n⏱  Code expires in ${expires_in} seconds`));
+    console.log(chalk.cyan('\n⏳ Waiting for authorization...\n'));
+
+    // Step 3: Poll for authorization
+    const pollInterval = (interval || 5) * 1000; // Convert to milliseconds
+    const startTime = Date.now();
+    const expiresAt = startTime + (expires_in * 1000);
+
+    while (!cancelled && Date.now() < expiresAt) {
+      await new Promise(resolve => setTimeout(resolve, pollInterval));
+
+      try {
+        const statusResponse = await axios.post(DEVICE_STATUS_URL, null, {
+          params: {
+            access_token: accessToken,
+            code: code
+          }
+        });
+
+        const { access_token } = statusResponse.data;
+
+        if (access_token) {
+          console.log(chalk.green('\n✓ Authorization successful!'));
+          console.log(chalk.green('✓ Device Login tokens are valid for up to 60 days'));
+
+          // Save credentials (Device Login tokens are already long-lived)
+          console.log(chalk.cyan('💾 Saving credentials...'));
+          const credentials = {
+            access_token: access_token,
+            token_type: 'bearer',
+            // Device login doesn't return expires_in, but tokens last ~60 days
+            expires_in: 5184000 // 60 days in seconds
+          };
+          const filepath = await saveFacebookCredentials(credentials, appId, scopeString);
+          console.log(chalk.green(`✓ Credentials saved to: ${filepath}`));
+
+          console.log(chalk.bold.green('\n✅ Authentication completed successfully!\n'));
+          console.log(chalk.dim('Granted scopes:'));
+          console.log(chalk.dim(`  ${scopeString}\n`));
+          console.log(chalk.yellow('⚠️  Note: Facebook access tokens expire after ~60 days. Re-authenticate when needed.\n'));
+
+          process.removeListener('SIGINT', handleExit);
+          return;
+        }
+      } catch (error) {
+        // Check if it's an authorization_pending error (expected while waiting)
+        if (error.response?.data?.error?.code === 1349174) {
+          // Authorization pending - continue polling
+          continue;
+        }
+
+        // Check if it's a slow_down error
+        if (error.response?.data?.error?.code === 1349172) {
+          // Slow down - wait a bit longer
+          await new Promise(resolve => setTimeout(resolve, 5000));
+          continue;
+        }
+
+        // Other errors should be thrown
+        throw error;
+      }
+    }
+
+    // If we get here, the code expired
+    console.error(chalk.red('\n❌ Device code expired. Please try again.\n'));
+    process.exit(1);
+
+  } catch (error) {
+    process.removeListener('SIGINT', handleExit);
+
+    if (error.response) {
+      console.error(chalk.red('\n❌ Authentication failed:'));
+      console.error(chalk.red(`   ${JSON.stringify(error.response.data, null, 2)}`));
+    } else {
+      throw error;
+    }
+  }
+}

package/lib/facebook-callback-server.js

@@ -0,0 +1,105 @@
+import http from 'http';
+import { URL } from 'url';
+import chalk from 'chalk';
+
+/**
+ * Starts a local HTTP server to handle Facebook OAuth callback with token in URL fragment
+ * @param {number} port - Port to listen on (default: 8080)
+ * @returns {Promise<{access_token: string, server: http.Server, port: number}>}
+ */
+export function startFacebookCallbackServer(port = 8080) {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url, `http://localhost:${port}`);
+
+      // Handle the OAuth callback - serve HTML page
+      if (url.pathname === '/callback') {
+        res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+        res.end(`
+          <html>
+            <head><title>Facebook Authentication</title></head>
+            <body style="font-family: Arial, sans-serif; padding: 50px; text-align: center;">
+              <h1 style="color: #1877f2;">Authenticating with Facebook...</h1>
+              <p id="status">Processing...</p>
+              <script>
+                // Extract token from URL fragment
+                const hash = window.location.hash.substring(1);
+                const params = new URLSearchParams(hash);
+                const accessToken = params.get('access_token');
+                const error = params.get('error');
+
+                if (error) {
+                  document.getElementById('status').innerHTML =
+                    '<span style="color: #e74c3c;">❌ Authentication Failed: ' + error + '</span>';
+                  // Send error to server
+                  fetch('/complete?error=' + encodeURIComponent(error));
+                } else if (accessToken) {
+                  document.getElementById('status').innerHTML =
+                    '<span style="color: #27ae60;">✅ Authentication Successful!</span><br>' +
+                    '<p>You can close this window and return to the terminal.</p>';
+                  // Send token to server
+                  fetch('/complete?access_token=' + encodeURIComponent(accessToken));
+                } else {
+                  document.getElementById('status').innerHTML =
+                    '<span style="color: #e74c3c;">❌ No access token received</span>';
+                  fetch('/complete?error=no_token');
+                }
+              </script>
+            </body>
+          </html>
+        `);
+        return;
+      }
+
+      // Handle the completion endpoint (receives token from JavaScript)
+      if (url.pathname === '/complete') {
+        const accessToken = url.searchParams.get('access_token');
+        const error = url.searchParams.get('error');
+
+        if (error) {
+          res.writeHead(200);
+          res.end('OK');
+          reject(new Error(`OAuth error: ${error}`));
+          return;
+        }
+
+        if (accessToken) {
+          res.writeHead(200);
+          res.end('OK');
+          resolve({ access_token: accessToken, server, port });
+          return;
+        }
+
+        res.writeHead(400);
+        res.end('Missing parameters');
+      } else {
+        res.writeHead(404);
+        res.end('Not Found');
+      }
+    });
+
+    server.on('error', (err) => {
+      if (err.code === 'EADDRINUSE') {
+        reject(new Error(`Port ${port} is already in use. Please try again.`));
+      } else {
+        reject(err);
+      }
+    });
+
+    server.listen(port, '127.0.0.1', () => {
+      console.log(chalk.cyan(`\n🌐 Local server started on http://127.0.0.1:${port}`));
+    });
+  });
+}
+
+/**
+ * Stops the callback server
+ * @param {http.Server} server
+ */
+export function stopCallbackServer(server) {
+  return new Promise((resolve) => {
+    server.close(() => {
+      resolve();
+    });
+  });
+}