npm - @promptcellar/pc - Versions diffs - 0.5.3 → 0.5.5 - Mend

@promptcellar/pc 0.5.3 → 0.5.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (20) hide show

package/hooks/codex-capture.js +9 -9
package/hooks/gemini-capture.js +5 -9
package/hooks/prompt-capture.js +5 -9
package/package.json +2 -1
package/src/commands/login.js +34 -115
package/src/commands/save.js +5 -2
package/src/lib/api.js +28 -47
package/src/lib/config.js +22 -2
package/src/lib/context.js +14 -59
package/src/lib/crypto.js +1 -39
package/src/lib/device-transfer.js +1 -43
package/src/lib/keychain.js +7 -2
package/tests/config.test.js +29 -0
package/tests/context.test.js +23 -0
package/tests/device-login.test.js +28 -0
package/tests/keychain.test.js +34 -1
package/README.md +0 -114
package/docs/plans/2026-01-30-wa-auth-integration-design.md +0 -118
package/docs/plans/2026-01-30-wa-auth-integration-plan.md +0 -776
package/docs/plans/2026-02-03-multi-prompt-capture-design.md +0 -501

package/hooks/codex-capture.js CHANGED Viewed

@@ -84,13 +84,6 @@ async function main() {
       process.exit(0);
     }
-    // Build base context once
-    const baseContext = getFullContext('codex');
-    if (event.cwd) {
-      baseContext.working_directory = event.cwd;
-    }
-    baseContext.session_id = threadId;
     // Capture each new message
     for (const message of newMessages) {
       const content = extractContent(message);
@@ -98,10 +91,17 @@ async function main() {
         continue;
       }
-      const { encrypted_content, content_iv } = encryptPrompt(content.trim(), vaultKey);
+      const promptText = content.trim();
+      const context = getFullContext('codex', null, {
+        cwd: event.cwd || process.cwd(),
+        sessionId: threadId,
+        promptText,
+      });
+      const { encrypted_content, content_iv } = encryptPrompt(promptText, vaultKey);
       await capturePrompt({
-        ...baseContext,
+        ...context,
         encrypted_content,
         content_iv
       });

package/hooks/gemini-capture.js CHANGED Viewed

@@ -72,15 +72,11 @@ async function main() {
     }
     // Build context
-    const context = getFullContext('gemini');
-    // Override with event data if available
-    if (event.cwd) {
-      context.working_directory = event.cwd;
-    }
-    if (event.session_id) {
-      context.session_id = event.session_id;
-    }
+    const context = getFullContext('gemini', null, {
+      cwd: event.cwd || process.cwd(),
+      sessionId: event.session_id,
+      promptText: content,
+    });
     const vaultKey = await requireVaultKey({ silent: true });
     if (!vaultKey) {

package/hooks/prompt-capture.js CHANGED Viewed

@@ -56,15 +56,11 @@ async function main() {
       process.exit(0);
     }
-    const context = getFullContext('claude-code');
-    // Override with event data if available
-    if (event.cwd) {
-      context.working_directory = event.cwd;
-    }
-    if (event.session_id) {
-      context.session_id = event.session_id;
-    }
+    const context = getFullContext('claude-code', null, {
+      cwd: event.cwd || process.cwd(),
+      sessionId: event.session_id,
+      promptText: promptContent,
+    });
     const vaultKey = await requireVaultKey({ silent: true });
     if (!vaultKey) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@promptcellar/pc",
-  "version": "0.5.3",
+  "version": "0.5.5",
   "description": "CLI for Prompt Cellar - sync prompts between your terminal and the cloud",
   "type": "module",
   "main": "src/index.js",
@@ -34,6 +34,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@promptcellar/core": "*",
     "commander": "^12.0.0",
     "conf": "^12.0.0",
     "chalk": "^5.3.0",

package/src/commands/login.js CHANGED Viewed

@@ -1,126 +1,45 @@
-import { randomBytes } from 'crypto';
 import ora from 'ora';
 import chalk from 'chalk';
 import {
+  normalizeAndValidateUrl,
   setApiKey, setApiUrl, setAccountUrl,
   setVaultAvailable,
   isLoggedIn
 } from '../lib/config.js';
 import { generateTransferKeyPair, decryptTransfer } from '../lib/device-transfer.js';
-import { b64urlEncode } from '../lib/crypto.js';
 import { storeVaultKey } from '../lib/keychain.js';
+import {
+  setClientId,
+  requestDeviceCode,
+  pollForApproval,
+  exchangeTokenForApiKey,
+  finalizeDeviceLogin,
+} from '@promptcellar/core/auth';
+// Re-export auth functions so existing CLI tests can import from this module
+export { setClientId, requestDeviceCode, finalizeDeviceLogin };
 const DEFAULT_API_URL = 'https://prompts.weldedanvil.com';
 const DEFAULT_ACCOUNT_URL = 'https://account.weldedanvil.com';
-let clientId = 'prompts-prod';
-export function setClientId(id) { clientId = id; }
-export async function requestDeviceCode(accountUrl, transferPublicKey) {
-  const payload = { client_id: clientId };
-  if (transferPublicKey) {
-    payload.transfer_public_key = transferPublicKey;
-  }
-  const response = await fetch(`${accountUrl}/device/code`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify(payload),
-  });
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || 'Failed to request device code');
-  }
-  return response.json();
-}
-async function pollForApproval(accountUrl, deviceCode, expiresIn) {
-  const expiresAt = Date.now() + (expiresIn || 600) * 1000;
-  const interval = 5000;
-  while (Date.now() < expiresAt) {
-    await sleep(interval);
-    const response = await fetch(`${accountUrl}/device/poll`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ device_code: deviceCode }),
-    });
-    const data = await response.json();
-    if (data.status === 'approved' && data.access_token) {
-      return data;
-    }
-    if (data.status === 'expired') {
-      throw new Error('Authorization request expired. Please try again.');
-    }
-    if (data.status === 'rejected') {
-      const error = data.error || 'unknown';
-      if (error.startsWith('vault_missing')) {
-        throw new Error(`Vault error: ${error}`);
-      }
-      if (error === 'missing_transfer_key') {
-        throw new Error('Transfer key missing. Please try again.');
-      }
-      throw new Error(`Authorization rejected: ${error}`);
-    }
-    // status === 'pending' -- keep polling
-  }
-  throw new Error('Authorization request timed out. Please try again.');
-}
-async function exchangeTokenForApiKey(apiUrl, jwt, deviceName) {
-  const response = await fetch(`${apiUrl}/api/v1/auth/device-token`, {
-    method: 'POST',
-    headers: {
-      'Authorization': `Bearer ${jwt}`,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({ device_name: deviceName }),
-  });
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || 'Failed to exchange token');
-  }
-  return response.json();
-}
-export async function finalizeDeviceLogin({
-  approval,
-  privateKeyPem,
+export function persistLoginState({
   apiUrl,
-  deviceName,
-  decryptTransferFn = decryptTransfer,
-  storeVaultKeyFn = storeVaultKey,
-  exchangeTokenForApiKeyFn = exchangeTokenForApiKey,
+  accountUrl,
+  apiKey,
+  vaultAvailable = true,
+  normalizeFn = normalizeAndValidateUrl,
+  setApiUrlFn = setApiUrl,
+  setAccountUrlFn = setAccountUrl,
+  setApiKeyFn = setApiKey,
+  setVaultAvailableFn = setVaultAvailable,
 }) {
-  if (!approval?.vault_transfer) {
-    throw new Error('Vault transfer missing. Please reauthorize.');
-  }
-  if (!approval?.access_token) {
-    throw new Error('Missing access token. Please reauthorize.');
-  }
-  let masterKeyB64;
-  if (approval.vault_transfer === 'cli_generate') {
-    // No browser extensions available — generate master key locally
-    masterKeyB64 = b64urlEncode(randomBytes(32));
-  } else {
-    masterKeyB64 = decryptTransferFn(approval.vault_transfer, privateKeyPem);
-  }
-  await storeVaultKeyFn(masterKeyB64);
+  const normalizedApiUrl = normalizeFn(apiUrl);
+  const normalizedAccountUrl = normalizeFn(accountUrl);
-  return exchangeTokenForApiKeyFn(apiUrl, approval.access_token, deviceName);
+  setApiUrlFn(normalizedApiUrl);
+  setAccountUrlFn(normalizedAccountUrl);
+  setApiKeyFn(apiKey);
+  setVaultAvailableFn(vaultAvailable);
 }
 function getDeviceName() {
@@ -130,10 +49,6 @@ function getDeviceName() {
   return `${osNames[os] || os} - ${hostname}`;
 }
-function sleep(ms) {
-  return new Promise(resolve => setTimeout(resolve, ms));
-}
 export async function login(options) {
   const apiUrl = options?.url || DEFAULT_API_URL;
   const accountUrl = options?.accountUrl || DEFAULT_ACCOUNT_URL;
@@ -178,13 +93,17 @@ export async function login(options) {
       privateKeyPem,
       apiUrl,
       deviceName,
+      decryptTransferFn: decryptTransfer,
+      storeVaultKeyFn: storeVaultKey,
     });
     // Step 5: Store credentials
-    setApiKey(result.api_key);
-    setApiUrl(apiUrl);
-    setAccountUrl(accountUrl);
-    setVaultAvailable(true);
+    persistLoginState({
+      apiUrl,
+      accountUrl,
+      apiKey: result.api_key,
+      vaultAvailable: true,
+    });
     spinner.succeed(chalk.green('Logged in successfully!'));
     console.log(`\nWelcome, ${chalk.cyan(result.email)}!`);

package/src/commands/save.js CHANGED Viewed

@@ -34,7 +34,10 @@ export async function save(options) {
     content = promptContent;
   }
-  const context = getFullContext(options.tool || 'manual', options.model);
+  const trimmedContent = content.trim();
+  const context = getFullContext(options.tool || 'manual', options.model, {
+    promptText: trimmedContent,
+  });
   const spinner = ora('Saving prompt...').start();
@@ -47,7 +50,7 @@ export async function save(options) {
       console.log(chalk.red(error.message));
       return;
     }
-    const { encrypted_content, content_iv } = encryptPrompt(content.trim(), vaultKey);
+    const { encrypted_content, content_iv } = encryptPrompt(trimmedContent, vaultKey);
     const result = await capturePrompt({
       encrypted_content,

package/src/lib/api.js CHANGED Viewed

@@ -1,31 +1,31 @@
 import { getApiKey, getApiUrl } from './config.js';
-async function request(endpoint, options = {}) {
+import {
+  capturePrompt as coreCapturePrompt,
+  listCaptured as coreListCaptured,
+  getPrompt as coreGetPrompt,
+  healthCheck as coreHealthCheck,
+} from '@promptcellar/core/api';
+function requireAuth() {
   const apiKey = getApiKey();
   const apiUrl = getApiUrl();
+  if (!apiKey) throw new Error('Not logged in. Run: pc login');
+  return { apiKey, apiUrl };
+}
-  if (!apiKey) {
-    throw new Error('Not logged in. Run: pc login');
-  }
-  const url = `${apiUrl}${endpoint}`;
-  const headers = {
-    'Authorization': `Bearer ${apiKey}`,
-    'Content-Type': 'application/json',
-    ...options.headers
-  };
-  const response = await fetch(url, {
-    ...options,
-    headers
-  });
+export async function capturePrompt(data) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreCapturePrompt(apiUrl, apiKey, data);
+}
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || `HTTP ${response.status}`);
-  }
+export async function listCaptured(options) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreListCaptured(apiUrl, apiKey, options);
+}
-  return response.json();
+export async function getPrompt(slug) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreGetPrompt(apiUrl, apiKey, slug);
 }
 export async function testConnection() {
@@ -37,35 +37,16 @@ export async function testConnection() {
   }
   try {
-    const response = await fetch(`${apiUrl}/health`);
-    if (response.ok) {
-      return { success: true };
-    }
-    return { success: false, error: 'Server not responding' };
+    await coreHealthCheck(apiUrl);
+    return { success: true };
   } catch (error) {
     return { success: false, error: error.message };
   }
 }
-export async function capturePrompt(data) {
-  return request('/api/v1/capture', {
-    method: 'POST',
-    body: JSON.stringify(data)
-  });
-}
-export async function listCaptured(options = {}) {
-  const params = new URLSearchParams();
-  if (options.page) params.set('page', options.page);
-  if (options.tool) params.set('tool', options.tool);
-  if (options.starred) params.set('starred', 'true');
-  const query = params.toString();
-  return request(`/api/v1/captured${query ? '?' + query : ''}`);
-}
-export async function getPrompt(slug) {
-  return request(`/api/v1/prompts/${slug}`);
+export async function healthCheck() {
+  const apiUrl = getApiUrl();
+  return coreHealthCheck(apiUrl);
 }
-export default { testConnection, capturePrompt, listCaptured, getPrompt };
+export default { testConnection, capturePrompt, listCaptured, getPrompt, healthCheck };

package/src/lib/config.js CHANGED Viewed

@@ -50,8 +50,28 @@ export function getApiUrl() {
   return config.get('apiUrl');
 }
+export function normalizeAndValidateUrl(rawUrl) {
+  if (typeof rawUrl !== 'string' || !rawUrl.trim()) {
+    throw new Error('URL is required');
+  }
+  let url;
+  try {
+    url = new URL(rawUrl);
+  } catch {
+    throw new Error('Invalid URL');
+  }
+  if (!['http:', 'https:'].includes(url.protocol)) {
+    throw new Error('URL must be http or https');
+  }
+  const isLocalhost = ['localhost', '127.0.0.1'].includes(url.hostname);
+  if (url.protocol !== 'https:' && !isLocalhost) {
+    throw new Error('URL must use https');
+  }
+  return url.origin;
+}
 export function setApiUrl(url) {
-  config.set('apiUrl', url);
+  config.set('apiUrl', normalizeAndValidateUrl(url));
 }
 export function getCaptureLevel() {
@@ -79,7 +99,7 @@ export function getAccountUrl() {
 }
 export function setAccountUrl(url) {
-  config.set('accountUrl', url);
+  config.set('accountUrl', normalizeAndValidateUrl(url));
 }
 export function isVaultAvailable() {

package/src/lib/context.js CHANGED Viewed

@@ -1,69 +1,24 @@
-import { execFileSync } from 'child_process';
 import { getCaptureLevel, getSessionId } from './config.js';
+import {
+  getGitContext as coreGitContext,
+  getFullContext as coreFullContext,
+} from '@promptcellar/core/context';
-function execGit(...args) {
-  try {
-    return execFileSync('git', args, { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-  } catch {
-    return null;
-  }
-}
+export { sanitizeGitRemote } from '@promptcellar/core/context';
 export function getGitContext() {
-  const level = getCaptureLevel();
-  // Minimal: no git context
-  if (level === 'minimal') {
-    return {};
-  }
-  const context = {};
-  // Standard: repo name and branch
-  const topLevel = execGit('rev-parse', '--show-toplevel');
-  if (topLevel) {
-    context.git_repo = topLevel.split('/').pop();
-    context.git_branch = execGit('rev-parse', '--abbrev-ref', 'HEAD');
-  }
-  // Rich: add remote URL and commit hash
-  if (level === 'rich' && topLevel) {
-    context.git_remote_url = execGit('remote', 'get-url', 'origin');
-    context.git_commit = execGit('rev-parse', 'HEAD');
-  }
-  return context;
+  return coreGitContext(process.cwd(), getCaptureLevel());
 }
-export function getFullContext(tool, model) {
-  const level = getCaptureLevel();
-  const sessionId = getSessionId();
-  const context = {
+export function getFullContext(tool, model, overrides = {}) {
+  return coreFullContext({
     tool,
-    captured_at: new Date().toISOString()
-  };
-  // Minimal: just tool and timestamp
-  if (level === 'minimal') {
-    return context;
-  }
-  // Standard: add working directory and model
-  context.working_directory = process.cwd();
-  if (model) {
-    context.model = model;
-  }
-  // Add git context
-  Object.assign(context, getGitContext());
-  // Rich: add session ID
-  if (level === 'rich') {
-    context.session_id = sessionId;
-  }
-  return context;
+    model,
+    captureLevel: getCaptureLevel(),
+    sessionId: getSessionId(),
+    cwd: process.cwd(),
+    ...overrides,
+  });
 }
 export default { getGitContext, getFullContext };

package/src/lib/crypto.js CHANGED Viewed

@@ -1,39 +1 @@
-import { createCipheriv, randomBytes } from 'crypto';
-function b64urlEncode(buffer) {
-  return Buffer.from(buffer)
-    .toString('base64')
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=+$/, '');
-}
-function b64urlDecode(str) {
-  let base64 = str.replace(/-/g, '+').replace(/_/g, '/');
-  while (base64.length % 4) base64 += '=';
-  return Buffer.from(base64, 'base64');
-}
-export function encryptPrompt(plaintext, keyBase64url) {
-  const key = b64urlDecode(keyBase64url);
-  if (key.length !== 32) {
-    throw new Error('Invalid vault key length');
-  }
-  const iv = randomBytes(12);
-  const cipher = createCipheriv('aes-256-gcm', key, iv);
-  const encoded = Buffer.from(plaintext, 'utf8');
-  const encrypted = Buffer.concat([cipher.update(encoded), cipher.final()]);
-  const authTag = cipher.getAuthTag();
-  // AES-GCM ciphertext = encrypted + authTag (WebCrypto format)
-  const ciphertext = Buffer.concat([encrypted, authTag]);
-  return {
-    encrypted_content: b64urlEncode(ciphertext),
-    content_iv: b64urlEncode(iv),
-  };
-}
-export { b64urlEncode, b64urlDecode };
+export { encryptPrompt, decryptPrompt, b64urlEncode, b64urlDecode } from '@promptcellar/core/crypto';

package/src/lib/device-transfer.js CHANGED Viewed

@@ -1,43 +1 @@
-import { generateKeyPair, publicEncrypt, privateDecrypt, constants } from 'crypto';
-import { promisify } from 'util';
-import { b64urlEncode, b64urlDecode } from './crypto.js';
-const generateKeyPairAsync = promisify(generateKeyPair);
-/**
- * Generate an RSA-OAEP 2048 keypair for device-transfer envelope encryption.
- * Returns { publicKeySpkiB64url, privateKeyPem }.
- */
-export async function generateTransferKeyPair() {
-  const { publicKey, privateKey } = await generateKeyPairAsync('rsa', {
-    modulusLength: 2048,
-    publicKeyEncoding: { type: 'spki', format: 'der' },
-    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-  });
-  return {
-    publicKeySpkiB64url: b64urlEncode(publicKey),
-    privateKeyPem: privateKey,
-  };
-}
-/**
- * Decrypt a transfer payload encrypted with RSA-OAEP + SHA-256.
- * @param {string} ciphertextB64url - base64url-encoded ciphertext
- * @param {string} privateKeyPem    - PEM-encoded PKCS#8 private key
- * @returns {string} base64url-encoded master key
- */
-export function decryptTransfer(ciphertextB64url, privateKeyPem) {
-  const ciphertext = b64urlDecode(ciphertextB64url);
-  const plaintext = privateDecrypt(
-    {
-      key: privateKeyPem,
-      oaepHash: 'sha256',
-      padding: constants.RSA_PKCS1_OAEP_PADDING,
-    },
-    ciphertext,
-  );
-  return b64urlEncode(plaintext);
-}
+export { generateTransferKeyPair, decryptTransfer } from '@promptcellar/core/auth';

package/src/lib/keychain.js CHANGED Viewed

@@ -43,19 +43,24 @@ export async function storeVaultKey(keyB64url) {
   try {
     await keytar.setPassword(SERVICE, ACCOUNT, keyB64url);
     return;
-  } catch {
-    // Keychain unavailable — use file fallback
+  } catch (err) {
+    if (process.env.PC_VAULT_KEY_FALLBACK !== '1') {
+      throw err;
+    }
   }
   writeFallback(keyB64url);
 }
 export async function loadVaultKey() {
+  const envVaultKey = process.env.PC_VAULT_KEY;
+  if (envVaultKey) return envVaultKey;
   try {
     const val = await keytar.getPassword(SERVICE, ACCOUNT);
     if (val) return val;
   } catch {
     // Keychain unavailable — try file fallback
   }
+  if (process.env.PC_VAULT_KEY_FALLBACK !== '1') return null;
   return readFallback();
 }

package/tests/config.test.js ADDED Viewed

@@ -0,0 +1,29 @@
+import { describe, it } from 'node:test';
+import assert from 'node:assert/strict';
+import { normalizeAndValidateUrl } from '../src/lib/config.js';
+describe('normalizeAndValidateUrl', () => {
+  it('accepts https URLs', () => {
+    const url = normalizeAndValidateUrl('https://prompts.weldedanvil.com');
+    assert.equal(url, 'https://prompts.weldedanvil.com');
+  });
+  it('accepts localhost http URLs', () => {
+    const url = normalizeAndValidateUrl('http://localhost:3000');
+    assert.equal(url, 'http://localhost:3000');
+  });
+  it('rejects non-https for non-local hosts', () => {
+    assert.throws(
+      () => normalizeAndValidateUrl('http://example.com'),
+      /https/i,
+    );
+  });
+  it('rejects non-http schemes', () => {
+    assert.throws(
+      () => normalizeAndValidateUrl('ftp://example.com'),
+      /http/i,
+    );
+  });
+});