@positronic/cli 0.0.56 → 0.0.58

package/dist/src/cli.js

@@ -160,6 +160,8 @@ import { ResourcesCommand } from './commands/resources.js';
 import { ScheduleCommand } from './commands/schedule.js';
 import { SecretCommand } from './commands/secret.js';
 import { PagesCommand } from './commands/pages.js';
+import { UsersCommand } from './commands/users.js';
+import { AuthCommand } from './commands/auth.js';
 import { readFileSync } from 'fs';
 import { fileURLToPath } from 'url';
 import { dirname, join } from 'path';
@@ -215,6 +217,7 @@ export function buildCli(options) {
     var scheduleCommand = new ScheduleCommand();
     var secretCommand = new SecretCommand();
     var pagesCommand = new PagesCommand();
+    var usersCommand = new UsersCommand();
     // Main CLI definition
     var cli = yargs(argv).scriptName('positronic').usage('Usage: $0 <command> [options]').version(version).alias('v', 'version').help('h').alias('h', 'help').wrap(null).strictCommands().exitProcess(exitProcess);
     // --- Project Management Commands (Global Mode Only) ---
@@ -864,6 +867,142 @@ export function buildCli(options) {
         }).demandCommand(1, 'You need to specify a subcommand');
         return yargsSecret;
     });
+    // --- User Management Commands ---
+    cli = cli.command('users', 'Manage users and SSH keys for authentication\n', function(yargsUsers) {
+        yargsUsers.command('list', 'List all users\n', {}, function() {
+            var element = usersCommand.list();
+            render(element);
+        }).command('create <name>', 'Create a new user\n', function(yargsCreate) {
+            return yargsCreate.positional('name', {
+                describe: 'Name of the user',
+                type: 'string',
+                demandOption: true
+            }).example('$0 users create admin', 'Create a user named admin');
+        }, function(argv) {
+            var element = usersCommand.create(argv);
+            render(element);
+        }).command('delete <id>', 'Delete a user\n', function(yargsDelete) {
+            return yargsDelete.positional('id', {
+                describe: 'ID of the user to delete',
+                type: 'string',
+                demandOption: true
+            }).option('force', {
+                describe: 'Skip confirmation prompt',
+                type: 'boolean',
+                alias: 'f',
+                default: false
+            }).example('$0 users delete abc123', 'Delete a user').example('$0 users delete abc123 --force', 'Delete without confirmation');
+        }, function(argv) {
+            var element = usersCommand.delete(argv);
+            render(element);
+        }).command('keys', 'Manage SSH keys for users\n', function(yargsKeys) {
+            return yargsKeys.command('list <user-id>', 'List keys for a user\n', function(yargsKeysList) {
+                return yargsKeysList.positional('user-id', {
+                    describe: 'User ID',
+                    type: 'string',
+                    demandOption: true
+                }).example('$0 users keys list abc123', 'List keys for a user');
+            }, function(argv) {
+                var element = usersCommand.keysList({
+                    id: argv.userId
+                });
+                render(element);
+            }).command('add <user-id> <pubkey-path>', 'Add an SSH public key to a user\n', function(yargsAdd) {
+                return yargsAdd.positional('user-id', {
+                    describe: 'User ID',
+                    type: 'string',
+                    demandOption: true
+                }).positional('pubkey-path', {
+                    describe: 'Path to the SSH public key file',
+                    type: 'string',
+                    demandOption: true
+                }).option('label', {
+                    describe: 'Label for the key (e.g., "laptop", "desktop")',
+                    type: 'string',
+                    alias: 'l'
+                }).example('$0 users keys add abc123 ~/.ssh/id_rsa.pub', 'Add RSA public key').example('$0 users keys add abc123 ~/.ssh/id_ed25519.pub --label laptop', 'Add key with label');
+            }, function(argv) {
+                var element = usersCommand.keysAdd({
+                    id: argv.userId,
+                    pubkeyPath: argv.pubkeyPath,
+                    label: argv.label
+                });
+                render(element);
+            }).command('remove <user-id> <fingerprint>', 'Remove a key from a user\n', function(yargsRemove) {
+                return yargsRemove.positional('user-id', {
+                    describe: 'User ID',
+                    type: 'string',
+                    demandOption: true
+                }).positional('fingerprint', {
+                    describe: 'Fingerprint of the key to remove',
+                    type: 'string',
+                    demandOption: true
+                }).option('force', {
+                    describe: 'Skip confirmation prompt',
+                    type: 'boolean',
+                    alias: 'f',
+                    default: false
+                }).example('$0 users keys remove abc123 SHA256:...', 'Remove a key');
+            }, function(argv) {
+                var element = usersCommand.keysRemove({
+                    id: argv.userId,
+                    fingerprint: argv.fingerprint,
+                    force: argv.force
+                });
+                render(element);
+            }).demandCommand(1, 'You need to specify a keys command (list, add, remove)');
+        }).demandCommand(1, 'You need to specify a users command (list, create, delete, keys)');
+        return yargsUsers;
+    });
+    // --- Auth Commands (Global Mode Only) ---
+    if (!isLocalDevMode) {
+        var authCommand = new AuthCommand();
+        cli = cli.command('auth', 'Manage authentication configuration\n', function(yargsAuth) {
+            yargsAuth.command('status', 'Show current auth configuration\n', function() {}, function() {
+                var element = authCommand.status();
+                render(element);
+            }).command('login', 'Configure SSH key for authentication\n', function(yargsLogin) {
+                return yargsLogin.option('path', {
+                    describe: 'Path to SSH private key',
+                    type: 'string',
+                    alias: 'p'
+                }).option('project', {
+                    describe: 'Set key for current project instead of global',
+                    type: 'boolean',
+                    default: false
+                }).example('$0 auth login', 'Interactive key selection').example('$0 auth login --path ~/.ssh/id_ed25519', 'Set key directly').example('$0 auth login --project', 'Set key for current project');
+            }, function(argv) {
+                var element = authCommand.login(argv);
+                render(element);
+            }).command('logout', 'Clear SSH key configuration\n', function(yargsLogout) {
+                return yargsLogout.option('project', {
+                    describe: 'Clear key for current project only',
+                    type: 'boolean',
+                    default: false
+                }).example('$0 auth logout', 'Clear global key configuration').example('$0 auth logout --project', 'Clear project-specific key');
+            }, function(argv) {
+                var element = authCommand.logout(argv);
+                render(element);
+            }).command('list', 'List available SSH keys\n', function() {}, function() {
+                var element = authCommand.list();
+                render(element);
+            }).command('format-jwk-key', 'Convert an SSH public key to JWK format for ROOT_PUBLIC_KEY\n', function(yargsFormatJwkKey) {
+                return yargsFormatJwkKey.option('pubkey', {
+                    describe: 'Path to SSH public key file',
+                    type: 'string',
+                    alias: 'p'
+                }).example('$0 auth format-jwk-key', 'Interactive public key selection').example('$0 auth format-jwk-key --pubkey ~/.ssh/id_ed25519.pub', 'Convert specific key');
+            }, function(argv) {
+                var element = authCommand.formatJwkKey(argv);
+                render(element);
+            }).command('$0', false, function() {}, function() {
+                // Default to status when just 'px auth' is run
+                var element = authCommand.status();
+                render(element);
+            });
+            return yargsAuth;
+        });
+    }
     cli = cli.epilogue('For more information, visit https://positronic.sh');
     return cli;
 }

package/dist/src/commands/auth.js

@@ -0,0 +1,111 @@
+function _class_call_check(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
+function _defineProperties(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties(Constructor.prototype, protoProps);
+    if (staticProps) _defineProperties(Constructor, staticProps);
+    return Constructor;
+}
+function _define_property(obj, key, value) {
+    if (key in obj) {
+        Object.defineProperty(obj, key, {
+            value: value,
+            enumerable: true,
+            configurable: true,
+            writable: true
+        });
+    } else {
+        obj[key] = value;
+    }
+    return obj;
+}
+import React from 'react';
+import { AuthStatus } from '../components/auth-status.js';
+import { AuthLogin } from '../components/auth-login.js';
+import { AuthLogout } from '../components/auth-logout.js';
+import { AuthList } from '../components/auth-list.js';
+import { AuthFormatJwkKey } from '../components/auth-format-jwk-key.js';
+import { ProjectConfigManager } from './project-config-manager.js';
+export var AuthCommand = /*#__PURE__*/ function() {
+    "use strict";
+    function AuthCommand(configManager) {
+        _class_call_check(this, AuthCommand);
+        _define_property(this, "configManager", void 0);
+        this.configManager = configManager || new ProjectConfigManager();
+    }
+    _create_class(AuthCommand, [
+        {
+            /**
+   * Handles the 'px auth' or 'px auth status' command.
+   * Shows current auth configuration.
+   */ key: "status",
+            value: function status() {
+                return React.createElement(AuthStatus, {
+                    configManager: this.configManager
+                });
+            }
+        },
+        {
+            /**
+   * Handles the 'px auth login' command.
+   * Configure SSH key for authentication.
+   */ key: "login",
+            value: function login(param) {
+                var path = param.path, project = param.project;
+                return React.createElement(AuthLogin, {
+                    configManager: this.configManager,
+                    keyPath: path,
+                    forProject: project || false
+                });
+            }
+        },
+        {
+            /**
+   * Handles the 'px auth logout' command.
+   * Clear SSH key configuration.
+   */ key: "logout",
+            value: function logout(param) {
+                var project = param.project;
+                return React.createElement(AuthLogout, {
+                    configManager: this.configManager,
+                    forProject: project || false
+                });
+            }
+        },
+        {
+            /**
+   * Handles the 'px auth list' command.
+   * List available SSH keys.
+   */ key: "list",
+            value: function list() {
+                return React.createElement(AuthList, {
+                    configManager: this.configManager
+                });
+            }
+        },
+        {
+            /**
+   * Handles the 'px auth format-jwk-key' command.
+   * Convert an SSH public key to JWK format for ROOT_PUBLIC_KEY configuration.
+   */ key: "formatJwkKey",
+            value: function formatJwkKey(param) {
+                var pubkey = param.pubkey;
+                return React.createElement(AuthFormatJwkKey, {
+                    pubkeyPath: pubkey
+                });
+            }
+        }
+    ]);
+    return AuthCommand;
+}();

package/dist/src/commands/helpers.js

@@ -48,6 +48,13 @@ function _define_property(obj, key, value) {
     }
     return obj;
 }
+function _instanceof(left, right) {
+    if (right != null && typeof Symbol !== "undefined" && right[Symbol.hasInstance]) {
+        return !!right[Symbol.hasInstance](left);
+    } else {
+        return left instanceof right;
+    }
+}
 function _iterable_to_array_limit(arr, i) {
     var _i = arr == null ? null : typeof Symbol !== "undefined" && arr[Symbol.iterator] || arr["@@iterator"];
     if (_i == null) return;
@@ -220,13 +227,13 @@ import process from 'process';
 import * as fs from 'fs';
 import * as path from 'path';
 import * as os from 'os';
-import caz from 'caz';
 import { isText } from 'istextorbinary';
 import * as http from 'http';
 import * as https from 'https';
 import { URL } from 'url';
 import { createRequire } from 'module';
 import * as dotenv from 'dotenv';
+import { maybeSignRequest } from '../lib/request-signer.js';
 // API client configuration
 var apiBaseUrl = null;
 var isLocalDevMode = true;
@@ -259,6 +266,51 @@ var isLocalDevMode = true;
 // Singleton API client instance
 export var apiClient = {
     fetch: function(apiPath, options) {
+        return _async_to_generator(function() {
+            var baseUrl, port, fullUrl, requestOptions, method, existingHeaders, headersObj, signatureHeaders;
+            return _ts_generator(this, function(_state) {
+                if (apiBaseUrl) {
+                    baseUrl = apiBaseUrl;
+                } else {
+                    // Fallback to localhost (for backwards compatibility and testing)
+                    port = process.env.POSITRONIC_PORT || '8787';
+                    baseUrl = "http://localhost:".concat(port);
+                }
+                fullUrl = "".concat(baseUrl).concat(apiPath.startsWith('/') ? apiPath : '/' + apiPath);
+                // Sign requests when not in local dev mode
+                requestOptions = options || {};
+                if (!isLocalDevMode) {
+                    method = ((options === null || options === void 0 ? void 0 : options.method) || 'GET').toUpperCase();
+                    existingHeaders = (options === null || options === void 0 ? void 0 : options.headers) || {};
+                    headersObj = {};
+                    // Convert headers to plain object
+                    if (_instanceof(existingHeaders, Headers)) {
+                        existingHeaders.forEach(function(value, key) {
+                            headersObj[key] = value;
+                        });
+                    } else if (Array.isArray(existingHeaders)) {
+                        existingHeaders.forEach(function(param) {
+                            var _param = _sliced_to_array(param, 2), key = _param[0], value = _param[1];
+                            headersObj[key] = value;
+                        });
+                    } else {
+                        Object.assign(headersObj, existingHeaders);
+                    }
+                    signatureHeaders = maybeSignRequest(method, fullUrl, headersObj);
+                    requestOptions = _object_spread_props(_object_spread({}, options), {
+                        headers: _object_spread({}, headersObj, signatureHeaders)
+                    });
+                }
+                return [
+                    2,
+                    fetch(fullUrl, requestOptions)
+                ];
+            });
+        })();
+    },
+    /**
+   * Fetch without authentication - used for unauthenticated endpoints like /auth/setup
+   */ fetchUnauthenticated: function(apiPath, options) {
         return _async_to_generator(function() {
             var baseUrl, port, fullUrl;
             return _ts_generator(this, function(_state) {
@@ -270,6 +322,7 @@ export var apiClient = {
                     baseUrl = "http://localhost:".concat(port);
                 }
                 fullUrl = "".concat(baseUrl).concat(apiPath.startsWith('/') ? apiPath : '/' + apiPath);
+                // Don't sign the request - this is for unauthenticated endpoints
                 return [
                     2,
                     fetch(fullUrl, options)
@@ -280,7 +333,7 @@ export var apiClient = {
 };
 export function generateProject(projectName, projectDir) {
     return _async_to_generator(function() {
-        var devPath, newProjectTemplatePath, cazOptions, templateSourcePath, require, templatePackageJsonPath, copiedNewProjectPkg;
+        var devPath, newProjectTemplatePath, cazOptions, templateSourcePath, require, templatePackageJsonPath, copiedNewProjectPkg, cazModule, caz;
         return _ts_generator(this, function(_state) {
             switch(_state.label){
                 case 0:
@@ -294,8 +347,8 @@ export function generateProject(projectName, projectDir) {
                     _state.trys.push([
                         1,
                         ,
-                        3,
-                        4
+                        4,
+                        5
                     ]);
                     if (devPath) {
                         // Copying templates, why you ask?
@@ -339,19 +392,26 @@ export function generateProject(projectName, projectDir) {
                             claudemd: false
                         });
                     }
+                    return [
+                        4,
+                        import('caz')
+                    ];
+                case 2:
+                    cazModule = _state.sent();
+                    caz = cazModule.default;
                     return [
                         4,
                         caz.default(newProjectTemplatePath, projectDir, _object_spread_props(_object_spread({}, cazOptions), {
                             force: false
                         }))
                     ];
-                case 2:
+                case 3:
                     _state.sent();
                     return [
                         3,
-                        4
+                        5
                     ];
-                case 3:
+                case 4:
                     // Clean up the temporary copied new project package
                     if (devPath) {
                         fs.rmSync(newProjectTemplatePath, {
@@ -363,7 +423,7 @@ export function generateProject(projectName, projectDir) {
                     return [
                         7
                     ];
-                case 4:
+                case 5:
                     return [
                         2
                     ];

package/dist/src/commands/project-config-manager.js

@@ -191,6 +191,125 @@ export var ProjectConfigManager = /*#__PURE__*/ function() {
                     current: config.currentProject
                 };
             }
+        },
+        {
+            /**
+   * Get the resolved private key path following the priority order:
+   * 1. POSITRONIC_PRIVATE_KEY environment variable (highest)
+   * 2. Project-specific privateKeyPath (if project selected and has override)
+   * 3. Global defaultPrivateKeyPath from config
+   * 4. ~/.ssh/id_rsa fallback (lowest)
+   */ key: "getPrivateKeyPath",
+            value: function getPrivateKeyPath() {
+                // Priority 1: Environment variable
+                if (process.env.POSITRONIC_PRIVATE_KEY) {
+                    return process.env.POSITRONIC_PRIVATE_KEY;
+                }
+                var config = this.read();
+                // Priority 2: Project-specific key
+                if (config.currentProject) {
+                    var project = config.projects.find(function(p) {
+                        return p.name === config.currentProject;
+                    });
+                    if (project === null || project === void 0 ? void 0 : project.privateKeyPath) {
+                        return project.privateKeyPath;
+                    }
+                }
+                // Priority 3: Global default key
+                if (config.defaultPrivateKeyPath) {
+                    return config.defaultPrivateKeyPath;
+                }
+                // Priority 4: No configured key (return null, let caller use fallback)
+                return null;
+            }
+        },
+        {
+            /**
+   * Set the global default private key path
+   */ key: "setDefaultPrivateKeyPath",
+            value: function setDefaultPrivateKeyPath(keyPath) {
+                var config = this.read();
+                config.defaultPrivateKeyPath = keyPath;
+                this.write(config);
+                return {
+                    success: true
+                };
+            }
+        },
+        {
+            /**
+   * Set the private key path for a specific project
+   */ key: "setProjectPrivateKeyPath",
+            value: function setProjectPrivateKeyPath(projectName, keyPath) {
+                var config = this.read();
+                var project = config.projects.find(function(p) {
+                    return p.name === projectName;
+                });
+                if (!project) {
+                    return {
+                        success: false,
+                        error: 'Project "'.concat(projectName, '" not found')
+                    };
+                }
+                project.privateKeyPath = keyPath;
+                this.write(config);
+                return {
+                    success: true
+                };
+            }
+        },
+        {
+            /**
+   * Clear the global default private key path
+   */ key: "clearDefaultPrivateKeyPath",
+            value: function clearDefaultPrivateKeyPath() {
+                var config = this.read();
+                delete config.defaultPrivateKeyPath;
+                this.write(config);
+            }
+        },
+        {
+            /**
+   * Clear the private key path for a specific project
+   */ key: "clearProjectPrivateKeyPath",
+            value: function clearProjectPrivateKeyPath(projectName) {
+                var config = this.read();
+                var project = config.projects.find(function(p) {
+                    return p.name === projectName;
+                });
+                if (!project) {
+                    return {
+                        success: false,
+                        error: 'Project "'.concat(projectName, '" not found')
+                    };
+                }
+                delete project.privateKeyPath;
+                this.write(config);
+                return {
+                    success: true
+                };
+            }
+        },
+        {
+            /**
+   * Get the default private key path (global config only, no env var or project override)
+   */ key: "getDefaultPrivateKeyPath",
+            value: function getDefaultPrivateKeyPath() {
+                var config = this.read();
+                return config.defaultPrivateKeyPath;
+            }
+        },
+        {
+            /**
+   * Get the private key path for a specific project
+   */ key: "getProjectPrivateKeyPath",
+            value: function getProjectPrivateKeyPath(projectName) {
+                var config = this.read();
+                var project = config.projects.find(function(p) {
+                    return p.name === projectName;
+                });
+                return project === null || project === void 0 ? void 0 : project.privateKeyPath;
+            }
         }
     ]);
     return ProjectConfigManager;

package/dist/src/commands/users.js

@@ -0,0 +1,91 @@
+function _class_call_check(instance, Constructor) {
+    if (!(instance instanceof Constructor)) {
+        throw new TypeError("Cannot call a class as a function");
+    }
+}
+function _defineProperties(target, props) {
+    for(var i = 0; i < props.length; i++){
+        var descriptor = props[i];
+        descriptor.enumerable = descriptor.enumerable || false;
+        descriptor.configurable = true;
+        if ("value" in descriptor) descriptor.writable = true;
+        Object.defineProperty(target, descriptor.key, descriptor);
+    }
+}
+function _create_class(Constructor, protoProps, staticProps) {
+    if (protoProps) _defineProperties(Constructor.prototype, protoProps);
+    if (staticProps) _defineProperties(Constructor, staticProps);
+    return Constructor;
+}
+import React from 'react';
+import { UsersList } from '../components/users-list.js';
+import { UsersCreate } from '../components/users-create.js';
+import { UsersDelete } from '../components/users-delete.js';
+import { UsersKeysList } from '../components/users-keys-list.js';
+import { UsersKeysAdd } from '../components/users-keys-add.js';
+import { UsersKeysRemove } from '../components/users-keys-remove.js';
+export var UsersCommand = /*#__PURE__*/ function() {
+    "use strict";
+    function UsersCommand() {
+        _class_call_check(this, UsersCommand);
+    }
+    _create_class(UsersCommand, [
+        {
+            key: "list",
+            value: function list() {
+                return React.createElement(UsersList);
+            }
+        },
+        {
+            key: "create",
+            value: function create(param) {
+                var name = param.name;
+                return React.createElement(UsersCreate, {
+                    name: name
+                });
+            }
+        },
+        {
+            key: "delete",
+            value: function _delete(param) {
+                var id = param.id, force = param.force;
+                return React.createElement(UsersDelete, {
+                    userId: id,
+                    force: force
+                });
+            }
+        },
+        {
+            key: "keysList",
+            value: function keysList(param) {
+                var id = param.id;
+                return React.createElement(UsersKeysList, {
+                    userId: id
+                });
+            }
+        },
+        {
+            key: "keysAdd",
+            value: function keysAdd(param) {
+                var id = param.id, pubkeyPath = param.pubkeyPath, label = param.label;
+                return React.createElement(UsersKeysAdd, {
+                    userId: id,
+                    pubkeyPath: pubkeyPath,
+                    label: label
+                });
+            }
+        },
+        {
+            key: "keysRemove",
+            value: function keysRemove(param) {
+                var id = param.id, fingerprint = param.fingerprint, force = param.force;
+                return React.createElement(UsersKeysRemove, {
+                    userId: id,
+                    fingerprint: fingerprint,
+                    force: force
+                });
+            }
+        }
+    ]);
+    return UsersCommand;
+}();