@plexor-dev/claude-code-plugin-staging 0.1.0-beta.1 → 0.1.0-beta.11

package/commands/plexor-setup.md

@@ -61,7 +61,7 @@ If user selected "Yes, I have Claude MAX":
   },
   "settings": {
     "enabled": true,
-    "apiUrl": "https://api.plexor.dev",
+    "apiUrl": "https://staging.api.plexor.dev",
     "mode": "balanced",
     "localCacheEnabled": true
   }
@@ -72,7 +72,7 @@ If user selected "Yes, I have Claude MAX":
 ```json
 {
   "env": {
-    "ANTHROPIC_BASE_URL": "https://api.plexor.dev/gateway/anthropic",
+    "ANTHROPIC_BASE_URL": "https://staging.api.plexor.dev/gateway/anthropic",
     "ANTHROPIC_AUTH_TOKEN": "[user's Plexor key]"
   }
 }
@@ -122,7 +122,7 @@ If user selected "No, I'll use a Plexor API key":
   },
   "settings": {
     "enabled": true,
-    "apiUrl": "https://api.plexor.dev",
+    "apiUrl": "https://staging.api.plexor.dev",
     "preferred_provider": "auto",
     "mode": "balanced",
     "localCacheEnabled": true
@@ -134,7 +134,7 @@ If user selected "No, I'll use a Plexor API key":
 ```json
 {
   "env": {
-    "ANTHROPIC_BASE_URL": "https://api.plexor.dev/gateway/anthropic",
+    "ANTHROPIC_BASE_URL": "https://staging.api.plexor.dev/gateway/anthropic",
     "ANTHROPIC_AUTH_TOKEN": "[user's Plexor key]"
   }
 }

package/commands/plexor-status.js

@@ -9,10 +9,9 @@ const fs = require('fs');
 const path = require('path');
 const https = require('https');
 
-const CONFIG_PATH = path.join(process.env.HOME, '.plexor', 'config.json');
-const SESSION_PATH = path.join(process.env.HOME, '.plexor', 'session.json');
-const CLAUDE_SETTINGS_PATH = path.join(process.env.HOME, '.claude', 'settings.json');
-const SESSION_TIMEOUT_MS = 30 * 60 * 1000; // 30 minutes
+// Import centralized constants with HOME directory validation
+const { HOME_DIR, CONFIG_PATH, SESSION_PATH, SESSION_TIMEOUT_MS } = require('../lib/constants');
+const CLAUDE_SETTINGS_PATH = path.join(HOME_DIR, '.claude', 'settings.json');
 
 /**
  * Check if Claude Code is actually routing through Plexor
@@ -35,6 +34,31 @@ function getRoutingStatus() {
   }
 }
 
+/**
+ * Detect partial routing state where URL points to Plexor but auth is missing/invalid
+ * This can cause confusing auth errors for users
+ * @returns {Object} { partial: boolean, issue: string|null }
+ */
+function detectPartialState() {
+  try {
+    const data = fs.readFileSync(CLAUDE_SETTINGS_PATH, 'utf8');
+    const settings = JSON.parse(data);
+    const baseUrl = settings.env?.ANTHROPIC_BASE_URL || '';
+    const authToken = settings.env?.ANTHROPIC_AUTH_TOKEN || '';
+    const isPlexorUrl = baseUrl.includes('plexor') || baseUrl.includes('staging.api');
+
+    if (isPlexorUrl && !authToken) {
+      return { partial: true, issue: 'Plexor URL set but no auth token' };
+    }
+    if (isPlexorUrl && !authToken.startsWith('plx_')) {
+      return { partial: true, issue: 'Plexor URL set but auth token is not a Plexor key' };
+    }
+    return { partial: false, issue: null };
+  } catch {
+    return { partial: false, issue: null };
+  }
+}
+
 function loadSessionStats() {
   try {
     const data = fs.readFileSync(SESSION_PATH, 'utf8');
@@ -49,13 +73,87 @@ function loadSessionStats() {
   }
 }
 
-async function main() {
-  // Read config
-  let config;
+/**
+ * Validate API key format
+ * @param {string} key - API key to validate
+ * @returns {boolean} true if valid format
+ */
+function isValidApiKeyFormat(key) {
+  return key && typeof key === 'string' && key.startsWith('plx_') && key.length >= 20;
+}
+
+/**
+ * Load config file with integrity checking
+ * @returns {Object|null} config object or null if invalid
+ */
+function loadConfig() {
   try {
+    if (!fs.existsSync(CONFIG_PATH)) {
+      return null;
+    }
     const data = fs.readFileSync(CONFIG_PATH, 'utf8');
-    config = JSON.parse(data);
+    if (!data || data.trim() === '') {
+      return null;
+    }
+    const config = JSON.parse(data);
+    if (typeof config !== 'object' || config === null) {
+      return null;
+    }
+    return config;
   } catch (err) {
+    if (err instanceof SyntaxError) {
+      console.log('Config file is corrupted. Run /plexor-login to reconfigure.');
+    }
+    return null;
+  }
+}
+
+/**
+ * Check for environment mismatch between config and routing
+ */
+function checkEnvironmentMismatch(configApiUrl, routingBaseUrl) {
+  if (!configApiUrl || !routingBaseUrl) return null;
+
+  const configIsStaging = configApiUrl.includes('staging');
+  const routingIsStaging = routingBaseUrl.includes('staging');
+
+  if (configIsStaging !== routingIsStaging) {
+    return {
+      config: configIsStaging ? 'staging' : 'production',
+      routing: routingIsStaging ? 'staging' : 'production'
+    };
+  }
+  return null;
+}
+
+/**
+ * Check for state mismatch between config.json enabled flag and settings.json routing
+ * @param {boolean} configEnabled - enabled flag from config.json
+ * @param {boolean} routingActive - whether settings.json has Plexor routing configured
+ * @returns {Object|null} mismatch details or null if states are consistent
+ */
+function checkStateMismatch(configEnabled, routingActive) {
+  if (configEnabled && !routingActive) {
+    return {
+      type: 'config-enabled-routing-inactive',
+      message: 'Config shows enabled but Claude routing is not configured',
+      suggestion: 'Run /plexor-enabled true to sync and configure routing'
+    };
+  }
+  if (!configEnabled && routingActive) {
+    return {
+      type: 'config-disabled-routing-active',
+      message: 'Config shows disabled but Claude routing is active',
+      suggestion: 'Run /plexor-enabled false to sync and disable routing'
+    };
+  }
+  return null;
+}
+
+async function main() {
+  // Read config with integrity checking
+  const config = loadConfig();
+  if (!config) {
     console.log('Not configured. Run /plexor-login first.');
     process.exit(1);
   }
@@ -72,6 +170,13 @@ async function main() {
     process.exit(1);
   }
 
+  // Validate API key format
+  if (!isValidApiKeyFormat(apiKey)) {
+    console.log('Invalid API key format. Keys must start with "plx_" and be at least 20 characters.');
+    console.log('Run /plexor-login with a valid API key.');
+    process.exit(1);
+  }
+
   // Fetch user info and stats
   let user = { email: 'Unknown', tier: { name: 'Free', limits: {} } };
   let stats = { period: {}, summary: {} };
@@ -165,6 +270,30 @@ ${line(`└── Cost saved: $${sessionCostSaved}`)}
   const routingIndicator = routing.active ? '🟢 PLEXOR MODE: ON' : '🔴 PLEXOR MODE: OFF';
   const envLabel = routing.isStaging ? '(staging)' : '(production)';
 
+  // Check for environment mismatch
+  const envMismatch = checkEnvironmentMismatch(apiUrl, routing.baseUrl);
+  const mismatchWarning = envMismatch
+    ? `  ⚠ Warning: Config uses ${envMismatch.config} but routing is ${envMismatch.routing}\n`
+    : '';
+
+  if (mismatchWarning) {
+    console.log(mismatchWarning);
+  }
+
+  // Check for partial routing state (Plexor URL without valid auth)
+  const partialState = detectPartialState();
+  if (partialState.partial) {
+    console.log(`  ⚠ PARTIAL STATE DETECTED: ${partialState.issue}`);
+    console.log(`    Run /plexor-login to fix, or /plexor-logout to disable routing\n`);
+  }
+
+  // Check for state mismatch between config enabled flag and routing status
+  const stateMismatch = checkStateMismatch(enabled, routing.active);
+  if (stateMismatch) {
+    console.log(`  ⚠ State mismatch: ${stateMismatch.message}`);
+    console.log(`  └─ ${stateMismatch.suggestion}\n`);
+  }
+
   console.log(`  ┌─────────────────────────────────────────────┐
 ${line(routingIndicator + (routing.active ? ' ' + envLabel : ''))}
   ├─────────────────────────────────────────────┤
@@ -192,7 +321,8 @@ ${line('Settings')}
 ${line(`├── Optimization: ${optEnabled}`)}
 ${line(`├── Local cache: ${cacheEnabled}`)}
 ${line(`├── Mode: ${mode}`)}
-${line(`└── Provider routing: ${provider}`)}
+${line(`├── Provider routing: ${provider}`)}
+${line(`└── Endpoint: ${routing.baseUrl ? routing.baseUrl.replace('https://', '').substring(0, 30) : 'not configured'}`)}
   └─────────────────────────────────────────────┘
 
   Dashboard: ${dashboardUrl}
@@ -201,7 +331,13 @@ ${line(`└── Provider routing: ${provider}`)}
 
 function fetchJson(apiUrl, endpoint, apiKey) {
   return new Promise((resolve, reject) => {
-    const url = new URL(`${apiUrl}${endpoint}`);
+    let url;
+    try {
+      url = new URL(`${apiUrl}${endpoint}`);
+    } catch {
+      reject(new Error('Invalid API URL'));
+      return;
+    }
 
     const options = {
       hostname: url.hostname,
@@ -217,18 +353,48 @@ function fetchJson(apiUrl, endpoint, apiKey) {
       let data = '';
       res.on('data', chunk => data += chunk);
       res.on('end', () => {
+        // Check HTTP status code first
+        if (res.statusCode === 401) {
+          reject(new Error('Invalid API key'));
+          return;
+        }
+        if (res.statusCode === 403) {
+          reject(new Error('Access denied'));
+          return;
+        }
+        if (res.statusCode >= 500) {
+          reject(new Error('Server error'));
+          return;
+        }
+        if (res.statusCode !== 200) {
+          reject(new Error(`HTTP ${res.statusCode}`));
+          return;
+        }
+
+        // Check for empty response
+        if (!data || data.trim() === '') {
+          reject(new Error('Empty response'));
+          return;
+        }
+
+        // Parse JSON
         try {
-          resolve(JSON.parse(data));
+          const parsed = JSON.parse(data);
+          if (parsed === null) {
+            reject(new Error('Null response'));
+            return;
+          }
+          resolve(parsed);
         } catch {
-          reject(new Error('Invalid response'));
+          reject(new Error('Invalid JSON response'));
         }
       });
     });
 
-    req.on('error', reject);
+    req.on('error', (err) => reject(new Error(`Connection failed: ${err.message}`)));
     req.setTimeout(5000, () => {
       req.destroy();
-      reject(new Error('Timeout'));
+      reject(new Error('Request timeout'));
     });
     req.end();
   });

package/commands/plexor-uninstall.js

@@ -0,0 +1,274 @@
+#!/usr/bin/env node
+
+/**
+ * Plexor Uninstall Command (STAGING)
+ *
+ * Comprehensive cleanup before npm uninstall.
+ *
+ * CRITICAL: npm's preuninstall hook does NOT run for global package uninstalls.
+ * Users MUST run this command BEFORE running npm uninstall -g.
+ *
+ * This command:
+ * 1. Removes Plexor routing from ~/.claude/settings.json
+ * 2. Removes slash command .md files from ~/.claude/commands/
+ * 3. Removes plugin directory ~/.claude/plugins/plexor/
+ * 4. Optionally removes ~/.plexor/ config directory
+ */
+
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+// Get home directory, handling sudo case
+function getHomeDir() {
+  if (process.env.SUDO_USER) {
+    const platform = os.platform();
+    if (platform === 'darwin') {
+      return path.join('/Users', process.env.SUDO_USER);
+    } else if (platform === 'linux') {
+      return path.join('/home', process.env.SUDO_USER);
+    }
+  }
+  return process.env.HOME || process.env.USERPROFILE || os.homedir();
+}
+
+const HOME_DIR = getHomeDir();
+const CLAUDE_DIR = path.join(HOME_DIR, '.claude');
+const CLAUDE_COMMANDS_DIR = path.join(CLAUDE_DIR, 'commands');
+const CLAUDE_PLUGINS_DIR = path.join(CLAUDE_DIR, 'plugins', 'plexor');
+const PLEXOR_CONFIG_DIR = path.join(HOME_DIR, '.plexor');
+
+// All Plexor slash command files
+const PLEXOR_COMMANDS = [
+  'plexor-enabled.md',
+  'plexor-login.md',
+  'plexor-logout.md',
+  'plexor-setup.md',
+  'plexor-status.md',
+  'plexor-uninstall.md',
+  'plexor-mode.md',
+  'plexor-provider.md',
+  'plexor-settings.md',
+  'plexor-config.md'
+];
+
+/**
+ * Load settings manager if available
+ */
+function loadSettingsManager() {
+  // Try plugin dir first (installed location)
+  try {
+    const pluginLib = path.join(CLAUDE_PLUGINS_DIR, 'lib', 'settings-manager.js');
+    if (fs.existsSync(pluginLib)) {
+      const lib = require(pluginLib);
+      return lib.settingsManager;
+    }
+  } catch {
+    // Continue to fallback
+  }
+
+  // Try package lib (during npm lifecycle)
+  try {
+    const lib = require('../lib/settings-manager');
+    return lib.settingsManager;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Disable Plexor routing in Claude settings manually
+ * Fallback when settings-manager is not available
+ */
+function disableRoutingManually() {
+  const settingsPath = path.join(CLAUDE_DIR, 'settings.json');
+
+  try {
+    if (!fs.existsSync(settingsPath)) {
+      return { success: true, message: 'Settings file does not exist' };
+    }
+
+    const data = fs.readFileSync(settingsPath, 'utf8');
+    if (!data || data.trim() === '') {
+      return { success: true, message: 'Settings file is empty' };
+    }
+
+    const settings = JSON.parse(data);
+
+    if (!settings.env) {
+      return { success: true, message: 'No env block in settings' };
+    }
+
+    // Check if Plexor routing is active
+    const baseUrl = settings.env.ANTHROPIC_BASE_URL || '';
+    const isPlexorRouting = baseUrl.includes('plexor') || baseUrl.includes('staging.api');
+
+    if (!isPlexorRouting) {
+      return { success: true, message: 'Plexor routing not active' };
+    }
+
+    // Remove Plexor env vars
+    delete settings.env.ANTHROPIC_BASE_URL;
+    delete settings.env.ANTHROPIC_AUTH_TOKEN;
+
+    // Clean up empty env block
+    if (Object.keys(settings.env).length === 0) {
+      delete settings.env;
+    }
+
+    // Atomic write
+    const crypto = require('crypto');
+    const tempId = crypto.randomBytes(8).toString('hex');
+    const tempPath = path.join(CLAUDE_DIR, `.settings.${tempId}.tmp`);
+
+    fs.writeFileSync(tempPath, JSON.stringify(settings, null, 2), { mode: 0o600 });
+    fs.renameSync(tempPath, settingsPath);
+
+    return { success: true, message: 'Routing disabled' };
+  } catch (err) {
+    return { success: false, message: err.message };
+  }
+}
+
+/**
+ * Remove slash command files
+ */
+function removeSlashCommands() {
+  let removed = 0;
+  let restored = 0;
+
+  for (const cmd of PLEXOR_COMMANDS) {
+    const cmdPath = path.join(CLAUDE_COMMANDS_DIR, cmd);
+    const backupPath = cmdPath + '.backup';
+
+    try {
+      if (fs.existsSync(cmdPath)) {
+        fs.unlinkSync(cmdPath);
+        removed++;
+
+        // Restore backup if exists
+        if (fs.existsSync(backupPath)) {
+          fs.renameSync(backupPath, cmdPath);
+          restored++;
+        }
+      }
+    } catch {
+      // Continue with other files
+    }
+  }
+
+  return { removed, restored };
+}
+
+/**
+ * Remove plugin directory
+ */
+function removePluginDirectory() {
+  try {
+    if (fs.existsSync(CLAUDE_PLUGINS_DIR)) {
+      fs.rmSync(CLAUDE_PLUGINS_DIR, { recursive: true, force: true });
+      return true;
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+
+/**
+ * Remove config directory
+ */
+function removeConfigDirectory() {
+  try {
+    if (fs.existsSync(PLEXOR_CONFIG_DIR)) {
+      fs.rmSync(PLEXOR_CONFIG_DIR, { recursive: true, force: true });
+      return true;
+    }
+  } catch {
+    return false;
+  }
+  return false;
+}
+
+function main() {
+  const args = process.argv.slice(2);
+  const removeConfig = args.includes('--remove-config') || args.includes('-c');
+  const quiet = args.includes('--quiet') || args.includes('-q');
+
+  if (!quiet) {
+    console.log('');
+    console.log('  Plexor Uninstall (STAGING) - Cleaning up...');
+    console.log('');
+  }
+
+  // 1. Remove routing from ~/.claude/settings.json
+  let routingResult;
+  const settingsManager = loadSettingsManager();
+
+  if (settingsManager) {
+    try {
+      const success = settingsManager.disablePlexorRouting();
+      routingResult = { success, message: success ? 'Routing disabled via manager' : 'Already clean' };
+    } catch (err) {
+      routingResult = disableRoutingManually();
+    }
+  } else {
+    routingResult = disableRoutingManually();
+  }
+
+  if (!quiet) {
+    console.log(routingResult.success
+      ? '  ✓ Removed Plexor routing from Claude settings'
+      : `  ✗ Failed to remove routing: ${routingResult.message}`);
+  }
+
+  // 2. Remove slash command .md files
+  const cmdResult = removeSlashCommands();
+  if (!quiet) {
+    console.log(`  ✓ Removed ${cmdResult.removed} slash command files`);
+    if (cmdResult.restored > 0) {
+      console.log(`  ✓ Restored ${cmdResult.restored} backed-up files`);
+    }
+  }
+
+  // 3. Remove plugin directory
+  const pluginRemoved = removePluginDirectory();
+  if (!quiet) {
+    console.log(pluginRemoved
+      ? '  ✓ Removed plugin directory'
+      : '  ○ Plugin directory not found (already clean)');
+  }
+
+  // 4. Optionally remove config directory
+  if (removeConfig) {
+    const configRemoved = removeConfigDirectory();
+    if (!quiet) {
+      console.log(configRemoved
+        ? '  ✓ Removed ~/.plexor config directory'
+        : '  ○ Config directory not found');
+    }
+  }
+
+  // Show next steps
+  if (!quiet) {
+    console.log('');
+    console.log('  ┌─────────────────────────────────────────────────────────────────┐');
+    console.log('  │  Cleanup complete! Now run:                                     │');
+    console.log('  │                                                                 │');
+    console.log('  │    npm uninstall -g @plexor-dev/claude-code-plugin-staging      │');
+    console.log('  │                                                                 │');
+    console.log('  └─────────────────────────────────────────────────────────────────┘');
+    console.log('');
+    console.log('  Your Claude Code is ready to work normally again.');
+    console.log('');
+
+    if (!removeConfig) {
+      console.log('  Note: ~/.plexor/ config directory was preserved.');
+      console.log('  To also remove it: plexor-uninstall --remove-config');
+      console.log('  Or manually: rm -rf ~/.plexor');
+      console.log('');
+    }
+  }
+}
+
+main();

package/commands/plexor-uninstall.md

@@ -0,0 +1,30 @@
+---
+name: plexor-uninstall
+description: Clean up Plexor integration before uninstalling
+---
+
+Runs comprehensive cleanup to prepare for npm uninstall.
+
+**IMPORTANT**: Run this command BEFORE `npm uninstall -g @plexor-dev/claude-code-plugin-staging`
+
+npm's preuninstall hook does NOT run for global package uninstalls, so this command
+must be run manually to ensure proper cleanup.
+
+This removes:
+- Plexor routing from Claude settings (~/.claude/settings.json)
+- Slash command files from ~/.claude/commands/
+- Plugin directory ~/.claude/plugins/plexor/
+
+Options:
+- `--remove-config` or `-c`: Also remove ~/.plexor/ config directory
+
+After running this command, run:
+```bash
+npm uninstall -g @plexor-dev/claude-code-plugin-staging
+```
+
+$ARGUMENTS: $ARGUMENTS
+
+```bash
+node ~/.claude/plugins/plexor/commands/plexor-uninstall.js $ARGUMENTS 2>&1 || plexor-uninstall $ARGUMENTS 2>&1
+```

package/hooks/intercept.js

@@ -106,9 +106,9 @@ try {
   const saveSession = (s) => {
     try {
       const dir = path.dirname(SESSION_PATH);
-      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+      if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
       s.last_activity = Date.now();
-      fs.writeFileSync(SESSION_PATH, JSON.stringify(s, null, 2));
+      fs.writeFileSync(SESSION_PATH, JSON.stringify(s, null, 2), { mode: 0o600 });
     } catch {}
   };
 

package/hooks/track-response.js

@@ -85,10 +85,10 @@ try {
     save(session) {
       try {
         if (!fs.existsSync(PLEXOR_DIR)) {
-          fs.mkdirSync(PLEXOR_DIR, { recursive: true });
+          fs.mkdirSync(PLEXOR_DIR, { recursive: true, mode: 0o700 });
         }
         session.last_activity = Date.now();
-        fs.writeFileSync(this.sessionPath, JSON.stringify(session, null, 2));
+        fs.writeFileSync(this.sessionPath, JSON.stringify(session, null, 2), { mode: 0o600 });
       } catch {}
     }
 

package/lib/config.js

@@ -56,7 +56,7 @@ class ConfigManager {
         }
       };
 
-      fs.writeFileSync(this.configPath, JSON.stringify(updated, null, 2));
+      fs.writeFileSync(this.configPath, JSON.stringify(updated, null, 2), { mode: 0o600 });
       return true;
     } catch {
       return false;

package/lib/constants.js

@@ -4,7 +4,23 @@
 
 const path = require('path');
 
-const PLEXOR_DIR = path.join(process.env.HOME || process.env.USERPROFILE || '', '.plexor');
+/**
+ * Get the user's home directory with proper validation
+ * @returns {string} Home directory path
+ * @throws {Error} If HOME is not set or empty
+ */
+function getHomeDir() {
+  const home = process.env.HOME || process.env.USERPROFILE;
+  if (!home || home.trim() === '') {
+    console.error('Error: HOME environment variable is not set.');
+    console.error('       Please set HOME to your user directory before running Plexor commands.');
+    process.exit(1);
+  }
+  return home;
+}
+
+const HOME_DIR = getHomeDir();
+const PLEXOR_DIR = path.join(HOME_DIR, '.plexor');
 const CONFIG_PATH = path.join(PLEXOR_DIR, 'config.json');
 const SESSION_PATH = path.join(PLEXOR_DIR, 'session.json');
 const CACHE_PATH = path.join(PLEXOR_DIR, 'cache.json');
@@ -16,6 +32,8 @@ const DEFAULT_API_URL = 'https://staging.api.plexor.dev';
 const DEFAULT_TIMEOUT = 5000;
 
 module.exports = {
+  getHomeDir,
+  HOME_DIR,
   PLEXOR_DIR,
   CONFIG_PATH,
   SESSION_PATH,