@plosson/agentio 0.3.1 → 0.3.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@plosson/agentio",
-  "version": "0.3.1",
+  "version": "0.3.2",
   "description": "CLI for LLM agents to interact with communication and tracking services",
   "type": "module",
   "license": "MIT",

package/src/auth/github-oauth.ts

@@ -1,30 +1,9 @@
-import { createServer, type Server } from 'http';
 import { URL } from 'url';
 import { GITHUB_OAUTH_CONFIG } from '../config/credentials';
+import { findAvailablePort, startOAuthCallbackServer, launchBrowser } from './oauth-server';
 
 const GITHUB_SCOPES = ['repo'];
 
-const PORT_RANGE_START = 3000;
-const PORT_RANGE_END = 3010;
-
-async function findAvailablePort(): Promise<number> {
-  for (let port = PORT_RANGE_START; port <= PORT_RANGE_END; port++) {
-    try {
-      await new Promise<void>((resolve, reject) => {
-        const server = createServer();
-        server.listen(port, () => {
-          server.close(() => resolve());
-        });
-        server.on('error', reject);
-      });
-      return port;
-    } catch {
-      continue;
-    }
-  }
-  throw new Error(`No available port found in range ${PORT_RANGE_START}-${PORT_RANGE_END}`);
-}
-
 export interface GitHubOAuthResult {
   accessToken: string;
 }
@@ -32,110 +11,54 @@ export interface GitHubOAuthResult {
 export async function performGitHubOAuthFlow(): Promise<GitHubOAuthResult> {
   const port = await findAvailablePort();
   const redirectUri = `http://localhost:${port}/callback`;
+  const state = Math.random().toString(36).substring(7);
 
   const authUrl = new URL('https://github.com/login/oauth/authorize');
   authUrl.searchParams.set('client_id', GITHUB_OAUTH_CONFIG.clientId);
   authUrl.searchParams.set('redirect_uri', redirectUri);
   authUrl.searchParams.set('scope', GITHUB_SCOPES.join(' '));
-  authUrl.searchParams.set('state', Math.random().toString(36).substring(7));
-
-  return new Promise((resolve, reject) => {
-    let server: Server;
-
-    const timeout = setTimeout(() => {
-      server?.close();
-      reject(new Error('OAuth flow timed out after 5 minutes'));
-    }, 5 * 60 * 1000);
-
-    server = createServer(async (req, res) => {
-      const url = new URL(req.url || '', `http://localhost:${port}`);
-
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
-
-      const code = url.searchParams.get('code');
-      const error = url.searchParams.get('error');
-      const errorDescription = url.searchParams.get('error_description');
-
-      if (error) {
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Failed</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error(`GitHub OAuth error: ${error} - ${errorDescription || 'Unknown error'}`));
-        return;
-      }
+  authUrl.searchParams.set('state', state);
 
-      if (!code) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Missing Authorization Code</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('Missing authorization code in OAuth callback'));
-        return;
-      }
-
-      try {
-        // Exchange code for access token
-        const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
-          method: 'POST',
-          headers: {
-            Accept: 'application/json',
-            'Content-Type': 'application/json',
-          },
-          body: JSON.stringify({
-            client_id: GITHUB_OAUTH_CONFIG.clientId,
-            client_secret: GITHUB_OAUTH_CONFIG.clientSecret,
-            code,
-            redirect_uri: redirectUri,
-          }),
-        });
-
-        const tokenData = await tokenResponse.json() as {
-          access_token?: string;
-          error?: string;
-          error_description?: string;
-        };
-
-        if (tokenData.error || !tokenData.access_token) {
-          throw new Error(tokenData.error_description || tokenData.error || 'Failed to get access token');
-        }
-
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Successful!</h1><p>You can close this window and return to the terminal.</p></body></html>');
-
-        clearTimeout(timeout);
-        server.close();
+  // Start callback server and browser in parallel
+  const callbackPromise = startOAuthCallbackServer({
+    port,
+    serviceName: 'GitHub',
+    expectedState: state,
+  });
 
-        resolve({
-          accessToken: tokenData.access_token,
-        });
-      } catch (err) {
-        res.writeHead(500);
-        res.end('Failed to exchange authorization code');
-        clearTimeout(timeout);
-        server.close();
-        reject(err);
-      }
-    });
+  console.error(`\nOpening browser for GitHub authorization...`);
+  console.error(`If browser doesn't open, visit:\n${authUrl.toString()}\n`);
+  launchBrowser(authUrl.toString());
+
+  // Wait for the callback with the authorization code
+  const { code } = await callbackPromise;
+
+  // Exchange code for access token
+  const tokenResponse = await fetch('https://github.com/login/oauth/access_token', {
+    method: 'POST',
+    headers: {
+      Accept: 'application/json',
+      'Content-Type': 'application/json',
+    },
+    body: JSON.stringify({
+      client_id: GITHUB_OAUTH_CONFIG.clientId,
+      client_secret: GITHUB_OAUTH_CONFIG.clientSecret,
+      code,
+      redirect_uri: redirectUri,
+    }),
+  });
 
-    server.listen(port, () => {
-      console.error(`\nOpening browser for GitHub authorization...`);
-      console.error(`If browser doesn't open, visit:\n${authUrl.toString()}\n`);
+  const tokenData = await tokenResponse.json() as {
+    access_token?: string;
+    error?: string;
+    error_description?: string;
+  };
 
-      // Open browser
-      const open = process.platform === 'darwin' ? 'open' :
-                   process.platform === 'win32' ? 'start' : 'xdg-open';
-      Bun.spawn([open, authUrl.toString()], { stdout: 'ignore', stderr: 'ignore' });
-    });
+  if (tokenData.error || !tokenData.access_token) {
+    throw new Error(tokenData.error_description || tokenData.error || 'Failed to get access token');
+  }
 
-    server.on('error', (err) => {
-      clearTimeout(timeout);
-      server?.close();
-      reject(err);
-    });
-  });
+  return {
+    accessToken: tokenData.access_token,
+  };
 }

package/src/auth/jira-oauth.ts

@@ -1,6 +1,6 @@
-import { createServer, type Server } from 'http';
 import { URL } from 'url';
 import { JIRA_OAUTH_CONFIG } from '../config/credentials';
+import { startOAuthCallbackServer, launchBrowser } from './oauth-server';
 
 const ATLASSIAN_AUTH_URL = 'https://auth.atlassian.com/authorize';
 const ATLASSIAN_TOKEN_URL = 'https://auth.atlassian.com/oauth/token';
@@ -114,8 +114,8 @@ export async function performJiraOAuthFlow(
   selectSite?: (sites: AtlassianSite[]) => Promise<AtlassianSite>
 ): Promise<JiraOAuthResult> {
   const redirectUri = `http://localhost:${OAUTH_PORT}/callback`;
-
   const state = Math.random().toString(36).substring(2);
+
   const authUrl = new URL(ATLASSIAN_AUTH_URL);
   authUrl.searchParams.set('audience', 'api.atlassian.com');
   authUrl.searchParams.set('client_id', JIRA_OAUTH_CONFIG.clientId);
@@ -125,107 +125,45 @@ export async function performJiraOAuthFlow(
   authUrl.searchParams.set('response_type', 'code');
   authUrl.searchParams.set('prompt', 'consent');
 
-  return new Promise((resolve, reject) => {
-    let server: Server;
-
-    const timeout = setTimeout(() => {
-      server?.close();
-      reject(new Error('OAuth flow timed out after 5 minutes'));
-    }, 5 * 60 * 1000);
-
-    server = createServer(async (req, res) => {
-      const url = new URL(req.url || '', `http://localhost:${OAUTH_PORT}`);
-
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
-
-      const code = url.searchParams.get('code');
-      const error = url.searchParams.get('error');
-      const returnedState = url.searchParams.get('state');
-
-      if (error) {
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Failed</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error(`OAuth error: ${error}`));
-        return;
-      }
-
-      if (returnedState !== state) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>State Mismatch</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('OAuth state mismatch - possible CSRF attack'));
-        return;
-      }
-
-      if (!code) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Missing Authorization Code</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('Missing authorization code in OAuth callback'));
-        return;
-      }
-
-      try {
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Successful!</h1><p>You can close this window and return to the terminal.</p></body></html>');
-
-        clearTimeout(timeout);
-        server.close();
-
-        // Exchange code for tokens
-        const tokens = await exchangeCodeForTokens(code, JIRA_OAUTH_CONFIG.clientId, JIRA_OAUTH_CONFIG.clientSecret, redirectUri);
-
-        // Get accessible resources to find cloud ID
-        const sites = await getAccessibleResources(tokens.accessToken);
-
-        if (sites.length === 0) {
-          throw new Error('No accessible Jira sites found. Make sure your app has the correct permissions.');
-        }
-
-        // Let user select site if multiple, otherwise use the first one
-        let selectedSite: AtlassianSite;
-        if (sites.length === 1) {
-          selectedSite = sites[0];
-        } else if (selectSite) {
-          selectedSite = await selectSite(sites);
-        } else {
-          selectedSite = sites[0];
-        }
-
-        resolve({
-          accessToken: tokens.accessToken,
-          refreshToken: tokens.refreshToken,
-          expiryDate: Date.now() + tokens.expiresIn * 1000,
-          cloudId: selectedSite.id,
-          siteUrl: selectedSite.url,
-        });
-      } catch (err) {
-        reject(err);
-      }
-    });
-
-    server.listen(OAUTH_PORT, () => {
-      console.error(`\nOpening browser for Atlassian authorization...`);
-      console.error(`If browser doesn't open, visit:\n${authUrl.toString()}\n`);
-
-      // Open browser
-      const open = process.platform === 'darwin' ? 'open' :
-                   process.platform === 'win32' ? 'start' : 'xdg-open';
-      Bun.spawn([open, authUrl.toString()], { stdout: 'ignore', stderr: 'ignore' });
-    });
-
-    server.on('error', (err) => {
-      clearTimeout(timeout);
-      server?.close();
-      reject(err);
-    });
+  // Start callback server and browser in parallel
+  const callbackPromise = startOAuthCallbackServer({
+    port: OAUTH_PORT,
+    serviceName: 'Atlassian',
+    expectedState: state,
   });
+
+  console.error(`\nOpening browser for Atlassian authorization...`);
+  console.error(`If browser doesn't open, visit:\n${authUrl.toString()}\n`);
+  launchBrowser(authUrl.toString());
+
+  // Wait for the callback with the authorization code
+  const { code } = await callbackPromise;
+
+  // Exchange code for tokens
+  const tokens = await exchangeCodeForTokens(code, JIRA_OAUTH_CONFIG.clientId, JIRA_OAUTH_CONFIG.clientSecret, redirectUri);
+
+  // Get accessible resources to find cloud ID
+  const sites = await getAccessibleResources(tokens.accessToken);
+
+  if (sites.length === 0) {
+    throw new Error('No accessible Jira sites found. Make sure your app has the correct permissions.');
+  }
+
+  // Let user select site if multiple, otherwise use the first one
+  let selectedSite: AtlassianSite;
+  if (sites.length === 1) {
+    selectedSite = sites[0];
+  } else if (selectSite) {
+    selectedSite = await selectSite(sites);
+  } else {
+    selectedSite = sites[0];
+  }
+
+  return {
+    accessToken: tokens.accessToken,
+    refreshToken: tokens.refreshToken,
+    expiryDate: Date.now() + tokens.expiresIn * 1000,
+    cloudId: selectedSite.id,
+    siteUrl: selectedSite.url,
+  };
 }

package/src/auth/oauth-server.ts

@@ -0,0 +1,149 @@
+import { createServer, type Server, type IncomingMessage, type ServerResponse } from 'http';
+import { URL } from 'url';
+
+const PORT_RANGE_START = 3000;
+const PORT_RANGE_END = 3010;
+const TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+
+/**
+ * Find an available port in the range 3000-3010.
+ */
+export async function findAvailablePort(): Promise<number> {
+  for (let port = PORT_RANGE_START; port <= PORT_RANGE_END; port++) {
+    try {
+      await new Promise<void>((resolve, reject) => {
+        const server = createServer();
+        server.listen(port, () => {
+          server.close(() => resolve());
+        });
+        server.on('error', reject);
+      });
+      return port;
+    } catch {
+      continue;
+    }
+  }
+  throw new Error(`No available port found in range ${PORT_RANGE_START}-${PORT_RANGE_END}`);
+}
+
+/**
+ * Launch the default browser to open a URL.
+ */
+export function launchBrowser(url: string): void {
+  const open = process.platform === 'darwin' ? 'open' :
+               process.platform === 'win32' ? 'start' : 'xdg-open';
+  Bun.spawn([open, url], { stdout: 'ignore', stderr: 'ignore' });
+}
+
+/**
+ * HTML templates for OAuth callback responses.
+ */
+export const OAuthHtml = {
+  success: '<html><body><h1>Authorization Successful!</h1><p>You can close this window and return to the terminal.</p></body></html>',
+  failed: '<html><body><h1>Authorization Failed</h1><p>You can close this window.</p></body></html>',
+  missingCode: '<html><body><h1>Missing Authorization Code</h1><p>You can close this window.</p></body></html>',
+  stateMismatch: '<html><body><h1>State Mismatch</h1><p>You can close this window.</p></body></html>',
+};
+
+export interface OAuthCallbackResult {
+  code: string;
+  state?: string;
+}
+
+export interface OAuthServerConfig {
+  port: number;
+  serviceName: string;
+  expectedState?: string;
+}
+
+/**
+ * Start an OAuth callback server that listens for the authorization code.
+ *
+ * @param config Configuration for the server
+ * @returns Promise that resolves with the authorization code
+ */
+export function startOAuthCallbackServer(
+  config: OAuthServerConfig
+): Promise<OAuthCallbackResult> {
+  const { port, serviceName, expectedState } = config;
+
+  return new Promise((resolve, reject) => {
+    let server: Server;
+
+    const timeout = setTimeout(() => {
+      server?.close();
+      reject(new Error('OAuth flow timed out after 5 minutes'));
+    }, TIMEOUT_MS);
+
+    const handleCallback = async (req: IncomingMessage, res: ServerResponse): Promise<void> => {
+      const url = new URL(req.url || '', `http://localhost:${port}`);
+
+      if (url.pathname !== '/callback') {
+        res.writeHead(404);
+        res.end('Not found');
+        return;
+      }
+
+      const code = url.searchParams.get('code');
+      const error = url.searchParams.get('error');
+      const errorDescription = url.searchParams.get('error_description');
+      const returnedState = url.searchParams.get('state');
+
+      if (error) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(OAuthHtml.failed);
+        clearTimeout(timeout);
+        server.close();
+        const errorMsg = errorDescription ? `${error} - ${errorDescription}` : error;
+        reject(new Error(`${serviceName} OAuth error: ${errorMsg}`));
+        return;
+      }
+
+      if (expectedState && returnedState !== expectedState) {
+        res.writeHead(400, { 'Content-Type': 'text/html' });
+        res.end(OAuthHtml.stateMismatch);
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error('OAuth state mismatch - possible CSRF attack'));
+        return;
+      }
+
+      if (!code) {
+        res.writeHead(400, { 'Content-Type': 'text/html' });
+        res.end(OAuthHtml.missingCode);
+        clearTimeout(timeout);
+        server.close();
+        reject(new Error('Missing authorization code in OAuth callback'));
+        return;
+      }
+
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(OAuthHtml.success);
+      clearTimeout(timeout);
+      server.close();
+      resolve({ code, state: returnedState || undefined });
+    };
+
+    server = createServer((req, res) => {
+      handleCallback(req, res).catch((err) => {
+        if (!res.headersSent) {
+          res.writeHead(500);
+          res.end('Internal server error');
+        }
+        clearTimeout(timeout);
+        server?.close();
+        reject(err);
+      });
+    });
+
+    server.listen(port, () => {
+      // Server is ready for callback
+    });
+
+    server.on('error', (err) => {
+      clearTimeout(timeout);
+      server?.close();
+      reject(err);
+    });
+  });
+}

package/src/auth/oauth.ts

@@ -1,7 +1,6 @@
-import { createServer, type Server } from 'http';
-import { URL } from 'url';
 import { google } from 'googleapis';
 import { GOOGLE_OAUTH_CONFIG } from '../config/credentials';
+import { findAvailablePort, startOAuthCallbackServer, launchBrowser } from './oauth-server';
 import type { OAuthTokens } from '../types/tokens';
 
 const GMAIL_SCOPES = [
@@ -18,26 +17,10 @@ const GCHAT_SCOPES = [
   'https://www.googleapis.com/auth/userinfo.email',           // get user email for profile naming
 ];
 
-const PORT_RANGE_START = 3000;
-const PORT_RANGE_END = 3010;
-
-async function findAvailablePort(): Promise<number> {
-  for (let port = PORT_RANGE_START; port <= PORT_RANGE_END; port++) {
-    try {
-      await new Promise<void>((resolve, reject) => {
-        const server = createServer();
-        server.listen(port, () => {
-          server.close(() => resolve());
-        });
-        server.on('error', reject);
-      });
-      return port;
-    } catch {
-      continue;
-    }
-  }
-  throw new Error(`No available port found in range ${PORT_RANGE_START}-${PORT_RANGE_END}`);
-}
+const SCOPES: Record<'gmail' | 'gchat', string[]> = {
+  gmail: GMAIL_SCOPES,
+  gchat: GCHAT_SCOPES,
+};
 
 export async function performOAuthFlow(
   service: 'gmail' | 'gchat'
@@ -51,7 +34,7 @@ export async function performOAuthFlow(
     redirectUri
   );
 
-  const scopes = service === 'gmail' ? GMAIL_SCOPES : service === 'gchat' ? GCHAT_SCOPES : [];
+  const scopes = SCOPES[service];
 
   const authUrl = oauth2Client.generateAuthUrl({
     access_type: 'offline',
@@ -59,83 +42,27 @@ export async function performOAuthFlow(
     prompt: 'consent',
   });
 
-  return new Promise((resolve, reject) => {
-    let server: Server;
-
-    const timeout = setTimeout(() => {
-      server?.close();
-      reject(new Error('OAuth flow timed out after 5 minutes'));
-    }, 5 * 60 * 1000);
-
-    server = createServer(async (req, res) => {
-      const url = new URL(req.url || '', `http://localhost:${port}`);
-
-      if (url.pathname !== '/callback') {
-        res.writeHead(404);
-        res.end('Not found');
-        return;
-      }
-
-      const code = url.searchParams.get('code');
-      const error = url.searchParams.get('error');
-
-      if (error) {
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Failed</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error(`OAuth error: ${error}`));
-        return;
-      }
-
-      if (!code) {
-        res.writeHead(400, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Missing Authorization Code</h1><p>You can close this window.</p></body></html>');
-        clearTimeout(timeout);
-        server.close();
-        reject(new Error('Missing authorization code in OAuth callback'));
-        return;
-      }
-
-      try {
-        const { tokens } = await oauth2Client.getToken(code);
-
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end('<html><body><h1>Authorization Successful!</h1><p>You can close this window and return to the terminal.</p></body></html>');
-
-        clearTimeout(timeout);
-        server.close();
+  // Start callback server and browser in parallel
+  const callbackPromise = startOAuthCallbackServer({
+    port,
+    serviceName: 'Google',
+  });
 
-        resolve({
-          access_token: tokens.access_token!,
-          refresh_token: tokens.refresh_token || undefined,
-          expiry_date: tokens.expiry_date || undefined,
-          token_type: tokens.token_type || 'Bearer',
-          scope: tokens.scope || undefined,
-        });
-      } catch (err) {
-        res.writeHead(500);
-        res.end('Failed to exchange authorization code');
-        clearTimeout(timeout);
-        server.close();
-        reject(err);
-      }
-    });
+  console.error(`\nOpening browser for authorization...`);
+  console.error(`If browser doesn't open, visit:\n${authUrl}\n`);
+  launchBrowser(authUrl);
 
-    server.listen(port, () => {
-      console.error(`\nOpening browser for authorization...`);
-      console.error(`If browser doesn't open, visit:\n${authUrl}\n`);
+  // Wait for the callback with the authorization code
+  const { code } = await callbackPromise;
 
-      // Open browser
-      const open = process.platform === 'darwin' ? 'open' :
-                   process.platform === 'win32' ? 'start' : 'xdg-open';
-      Bun.spawn([open, authUrl], { stdout: 'ignore', stderr: 'ignore' });
-    });
+  // Exchange code for tokens using Google's OAuth client
+  const { tokens } = await oauth2Client.getToken(code);
 
-    server.on('error', (err) => {
-      clearTimeout(timeout);
-      server?.close();
-      reject(err);
-    });
-  });
+  return {
+    access_token: tokens.access_token!,
+    refresh_token: tokens.refresh_token || undefined,
+    expiry_date: tokens.expiry_date || undefined,
+    token_type: tokens.token_type || 'Bearer',
+    scope: tokens.scope || undefined,
+  };
 }

package/src/commands/config.ts

@@ -3,27 +3,13 @@ import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from 'crypt
 import { readFile, writeFile } from 'fs/promises';
 import { existsSync } from 'fs';
 import { join } from 'path';
-import { createInterface } from 'readline';
 import { loadConfig, saveConfig, setEnv, unsetEnv, listEnv } from '../config/config-manager';
 import { getAllCredentials, setAllCredentials } from '../auth/token-store';
 import { CliError, handleError } from '../utils/errors';
+import { confirm } from '../utils/stdin';
 import type { Config } from '../types/config';
 import type { StoredCredentials } from '../types/tokens';
 
-async function confirm(message: string): Promise<boolean> {
-  const rl = createInterface({
-    input: process.stdin,
-    output: process.stderr,
-  });
-
-  return new Promise((resolve) => {
-    rl.question(`${message} [y/N] `, (answer) => {
-      rl.close();
-      resolve(answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes');
-    });
-  });
-}
-
 const ALGORITHM = 'aes-256-gcm';
 
 interface ExportedData {