@promptcellar/pc 0.5.4 → 0.6.0

package/hooks/codex-capture.js

@@ -16,7 +16,7 @@
  */
 
 import { capturePrompt } from '../src/lib/api.js';
-import { getFullContext } from '../src/lib/context.js';
+import { getFullContext, collectContextFileContents } from '../src/lib/context.js';
 import { isLoggedIn, isVaultAvailable } from '../src/lib/config.js';
 import { encryptPrompt } from '../src/lib/crypto.js';
 import { requireVaultKey } from '../src/lib/keychain.js';
@@ -84,12 +84,14 @@ async function main() {
       process.exit(0);
     }
 
-    // Build base context once
-    const baseContext = getFullContext('codex');
-    if (event.cwd) {
-      baseContext.working_directory = event.cwd;
+    // Collect and encrypt context files once for the session
+    let encrypted_context_files, context_files_iv;
+    const contextFileContents = collectContextFileContents('codex', event.cwd || process.cwd());
+    if (contextFileContents) {
+      const enc = encryptPrompt(JSON.stringify(contextFileContents), vaultKey);
+      encrypted_context_files = enc.encrypted_content;
+      context_files_iv = enc.content_iv;
     }
-    baseContext.session_id = threadId;
 
     // Capture each new message
     for (const message of newMessages) {
@@ -98,12 +100,21 @@ async function main() {
         continue;
       }
 
-      const { encrypted_content, content_iv } = encryptPrompt(content.trim(), vaultKey);
+      const promptText = content.trim();
+      const context = getFullContext('codex', null, {
+        cwd: event.cwd || process.cwd(),
+        sessionId: threadId,
+        promptText,
+      });
+
+      const { encrypted_content, content_iv } = encryptPrompt(promptText, vaultKey);
 
       await capturePrompt({
-        ...baseContext,
+        ...context,
         encrypted_content,
-        content_iv
+        content_iv,
+        encrypted_context_files,
+        context_files_iv,
       });
     }
 

package/hooks/gemini-capture.js

@@ -16,7 +16,7 @@
  */
 
 import { capturePrompt } from '../src/lib/api.js';
-import { getFullContext } from '../src/lib/context.js';
+import { getFullContext, collectContextFileContents } from '../src/lib/context.js';
 import { isLoggedIn, isVaultAvailable } from '../src/lib/config.js';
 import { encryptPrompt } from '../src/lib/crypto.js';
 import { requireVaultKey } from '../src/lib/keychain.js';
@@ -72,15 +72,11 @@ async function main() {
     }
 
     // Build context
-    const context = getFullContext('gemini');
-
-    // Override with event data if available
-    if (event.cwd) {
-      context.working_directory = event.cwd;
-    }
-    if (event.session_id) {
-      context.session_id = event.session_id;
-    }
+    const context = getFullContext('gemini', null, {
+      cwd: event.cwd || process.cwd(),
+      sessionId: event.session_id,
+      promptText: content,
+    });
 
     const vaultKey = await requireVaultKey({ silent: true });
     if (!vaultKey) {
@@ -89,10 +85,20 @@ async function main() {
     }
     const { encrypted_content, content_iv } = encryptPrompt(content, vaultKey);
 
+    let encrypted_context_files, context_files_iv;
+    const contextFileContents = collectContextFileContents('gemini', event.cwd || process.cwd());
+    if (contextFileContents) {
+      const enc = encryptPrompt(JSON.stringify(contextFileContents), vaultKey);
+      encrypted_context_files = enc.encrypted_content;
+      context_files_iv = enc.content_iv;
+    }
+
     await capturePrompt({
       ...context,
       encrypted_content,
-      content_iv
+      content_iv,
+      encrypted_context_files,
+      context_files_iv,
     });
 
     respond();

package/hooks/prompt-capture.js

@@ -11,7 +11,7 @@
  */
 
 import { capturePrompt } from '../src/lib/api.js';
-import { getFullContext } from '../src/lib/context.js';
+import { getFullContext, collectContextFileContents } from '../src/lib/context.js';
 import { isLoggedIn, isVaultAvailable } from '../src/lib/config.js';
 import { encryptPrompt } from '../src/lib/crypto.js';
 import { requireVaultKey } from '../src/lib/keychain.js';
@@ -56,15 +56,11 @@ async function main() {
       process.exit(0);
     }
 
-    const context = getFullContext('claude-code');
-
-    // Override with event data if available
-    if (event.cwd) {
-      context.working_directory = event.cwd;
-    }
-    if (event.session_id) {
-      context.session_id = event.session_id;
-    }
+    const context = getFullContext('claude-code', null, {
+      cwd: event.cwd || process.cwd(),
+      sessionId: event.session_id,
+      promptText: promptContent,
+    });
 
     const vaultKey = await requireVaultKey({ silent: true });
     if (!vaultKey) {
@@ -72,10 +68,20 @@ async function main() {
     }
     const { encrypted_content, content_iv } = encryptPrompt(promptContent, vaultKey);
 
+    let encrypted_context_files, context_files_iv;
+    const contextFileContents = collectContextFileContents('claude-code', event.cwd || process.cwd());
+    if (contextFileContents) {
+      const enc = encryptPrompt(JSON.stringify(contextFileContents), vaultKey);
+      encrypted_context_files = enc.encrypted_content;
+      context_files_iv = enc.content_iv;
+    }
+
     await capturePrompt({
       ...context,
       encrypted_content,
-      content_iv
+      content_iv,
+      encrypted_context_files,
+      context_files_iv,
     });
 
   } catch {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@promptcellar/pc",
-  "version": "0.5.4",
+  "version": "0.6.0",
   "description": "CLI for Prompt Cellar - sync prompts between your terminal and the cloud",
   "type": "module",
   "main": "src/index.js",
@@ -34,6 +34,7 @@
     "node": ">=18.0.0"
   },
   "dependencies": {
+    "@promptcellar/core": "*",
     "commander": "^12.0.0",
     "conf": "^12.0.0",
     "chalk": "^5.3.0",

package/src/commands/login.js

@@ -1,4 +1,3 @@
-import { randomBytes } from 'crypto';
 import ora from 'ora';
 import chalk from 'chalk';
 import {
@@ -8,121 +7,20 @@ import {
   isLoggedIn
 } from '../lib/config.js';
 import { generateTransferKeyPair, decryptTransfer } from '../lib/device-transfer.js';
-import { b64urlEncode } from '../lib/crypto.js';
 import { storeVaultKey } from '../lib/keychain.js';
+import {
+  setClientId,
+  requestDeviceCode,
+  pollForApproval,
+  exchangeTokenForApiKey,
+  finalizeDeviceLogin,
+} from '@promptcellar/core/auth';
+
+// Re-export auth functions so existing CLI tests can import from this module
+export { setClientId, requestDeviceCode, finalizeDeviceLogin };
 
 const DEFAULT_API_URL = 'https://prompts.weldedanvil.com';
 const DEFAULT_ACCOUNT_URL = 'https://account.weldedanvil.com';
-let clientId = 'prompts-prod';
-
-export function setClientId(id) { clientId = id; }
-
-export async function requestDeviceCode(accountUrl, transferPublicKey) {
-  const payload = { client_id: clientId };
-  if (transferPublicKey) {
-    payload.transfer_public_key = transferPublicKey;
-  }
-
-  const response = await fetch(`${accountUrl}/device/code`, {
-    method: 'POST',
-    headers: { 'Content-Type': 'application/json' },
-    body: JSON.stringify(payload),
-  });
-
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || 'Failed to request device code');
-  }
-
-  return response.json();
-}
-
-async function pollForApproval(accountUrl, deviceCode, expiresIn) {
-  const expiresAt = Date.now() + (expiresIn || 600) * 1000;
-  const interval = 5000;
-
-  while (Date.now() < expiresAt) {
-    await sleep(interval);
-
-    const response = await fetch(`${accountUrl}/device/poll`, {
-      method: 'POST',
-      headers: { 'Content-Type': 'application/json' },
-      body: JSON.stringify({ device_code: deviceCode }),
-    });
-
-    const data = await response.json();
-
-    if (data.status === 'approved' && data.access_token) {
-      return data;
-    }
-
-    if (data.status === 'expired') {
-      throw new Error('Authorization request expired. Please try again.');
-    }
-
-    if (data.status === 'rejected') {
-      const error = data.error || 'unknown';
-      if (error.startsWith('vault_missing')) {
-        throw new Error(`Vault error: ${error}`);
-      }
-      if (error === 'missing_transfer_key') {
-        throw new Error('Transfer key missing. Please try again.');
-      }
-      throw new Error(`Authorization rejected: ${error}`);
-    }
-
-    // status === 'pending' -- keep polling
-  }
-
-  throw new Error('Authorization request timed out. Please try again.');
-}
-
-async function exchangeTokenForApiKey(apiUrl, jwt, deviceName) {
-  const response = await fetch(`${apiUrl}/api/v1/auth/device-token`, {
-    method: 'POST',
-    headers: {
-      'Authorization': `Bearer ${jwt}`,
-      'Content-Type': 'application/json',
-    },
-    body: JSON.stringify({ device_name: deviceName }),
-  });
-
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || 'Failed to exchange token');
-  }
-
-  return response.json();
-}
-
-export async function finalizeDeviceLogin({
-  approval,
-  privateKeyPem,
-  apiUrl,
-  deviceName,
-  decryptTransferFn = decryptTransfer,
-  storeVaultKeyFn = storeVaultKey,
-  exchangeTokenForApiKeyFn = exchangeTokenForApiKey,
-}) {
-  if (!approval?.vault_transfer) {
-    throw new Error('Vault transfer missing. Please reauthorize.');
-  }
-
-  if (!approval?.access_token) {
-    throw new Error('Missing access token. Please reauthorize.');
-  }
-
-  let masterKeyB64;
-  if (approval.vault_transfer === 'cli_generate') {
-    // No browser extensions available — generate master key locally
-    masterKeyB64 = b64urlEncode(randomBytes(32));
-  } else {
-    masterKeyB64 = decryptTransferFn(approval.vault_transfer, privateKeyPem);
-  }
-  await storeVaultKeyFn(masterKeyB64);
-
-  return exchangeTokenForApiKeyFn(apiUrl, approval.access_token, deviceName);
-}
 
 export function persistLoginState({
   apiUrl,
@@ -151,10 +49,6 @@ function getDeviceName() {
   return `${osNames[os] || os} - ${hostname}`;
 }
 
-function sleep(ms) {
-  return new Promise(resolve => setTimeout(resolve, ms));
-}
-
 export async function login(options) {
   const apiUrl = options?.url || DEFAULT_API_URL;
   const accountUrl = options?.accountUrl || DEFAULT_ACCOUNT_URL;
@@ -199,6 +93,8 @@ export async function login(options) {
       privateKeyPem,
       apiUrl,
       deviceName,
+      decryptTransferFn: decryptTransfer,
+      storeVaultKeyFn: storeVaultKey,
     });
 
     // Step 5: Store credentials

package/src/commands/save.js

@@ -34,7 +34,10 @@ export async function save(options) {
     content = promptContent;
   }
 
-  const context = getFullContext(options.tool || 'manual', options.model);
+  const trimmedContent = content.trim();
+  const context = getFullContext(options.tool || 'manual', options.model, {
+    promptText: trimmedContent,
+  });
 
   const spinner = ora('Saving prompt...').start();
 
@@ -47,7 +50,7 @@ export async function save(options) {
       console.log(chalk.red(error.message));
       return;
     }
-    const { encrypted_content, content_iv } = encryptPrompt(content.trim(), vaultKey);
+    const { encrypted_content, content_iv } = encryptPrompt(trimmedContent, vaultKey);
 
     const result = await capturePrompt({
       encrypted_content,

package/src/lib/api.js

@@ -1,31 +1,31 @@
 import { getApiKey, getApiUrl } from './config.js';
-
-async function request(endpoint, options = {}) {
+import {
+  capturePrompt as coreCapturePrompt,
+  listCaptured as coreListCaptured,
+  getPrompt as coreGetPrompt,
+  healthCheck as coreHealthCheck,
+} from '@promptcellar/core/api';
+
+function requireAuth() {
   const apiKey = getApiKey();
   const apiUrl = getApiUrl();
+  if (!apiKey) throw new Error('Not logged in. Run: pc login');
+  return { apiKey, apiUrl };
+}
 
-  if (!apiKey) {
-    throw new Error('Not logged in. Run: pc login');
-  }
-
-  const url = `${apiUrl}${endpoint}`;
-  const headers = {
-    'Authorization': `Bearer ${apiKey}`,
-    'Content-Type': 'application/json',
-    ...options.headers
-  };
-
-  const response = await fetch(url, {
-    ...options,
-    headers
-  });
+export async function capturePrompt(data) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreCapturePrompt(apiUrl, apiKey, data);
+}
 
-  if (!response.ok) {
-    const data = await response.json().catch(() => ({}));
-    throw new Error(data.error || `HTTP ${response.status}`);
-  }
+export async function listCaptured(options) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreListCaptured(apiUrl, apiKey, options);
+}
 
-  return response.json();
+export async function getPrompt(slug) {
+  const { apiUrl, apiKey } = requireAuth();
+  return coreGetPrompt(apiUrl, apiKey, slug);
 }
 
 export async function testConnection() {
@@ -37,35 +37,16 @@ export async function testConnection() {
   }
 
   try {
-    const response = await fetch(`${apiUrl}/health`);
-    if (response.ok) {
-      return { success: true };
-    }
-    return { success: false, error: 'Server not responding' };
+    await coreHealthCheck(apiUrl);
+    return { success: true };
   } catch (error) {
     return { success: false, error: error.message };
   }
 }
 
-export async function capturePrompt(data) {
-  return request('/api/v1/capture', {
-    method: 'POST',
-    body: JSON.stringify(data)
-  });
-}
-
-export async function listCaptured(options = {}) {
-  const params = new URLSearchParams();
-  if (options.page) params.set('page', options.page);
-  if (options.tool) params.set('tool', options.tool);
-  if (options.starred) params.set('starred', 'true');
-
-  const query = params.toString();
-  return request(`/api/v1/captured${query ? '?' + query : ''}`);
-}
-
-export async function getPrompt(slug) {
-  return request(`/api/v1/prompts/${slug}`);
+export async function healthCheck() {
+  const apiUrl = getApiUrl();
+  return coreHealthCheck(apiUrl);
 }
 
-export default { testConnection, capturePrompt, listCaptured, getPrompt };
+export default { testConnection, capturePrompt, listCaptured, getPrompt, healthCheck };

package/src/lib/context.js

@@ -1,83 +1,29 @@
-import { execFileSync } from 'child_process';
 import { getCaptureLevel, getSessionId } from './config.js';
+import {
+  getGitContext as coreGitContext,
+  getFullContext as coreFullContext,
+  collectContextFileContents as coreCollectContextFileContents,
+} from '@promptcellar/core/context';
 
-function execGit(...args) {
-  try {
-    return execFileSync('git', args, { encoding: 'utf8', stdio: ['pipe', 'pipe', 'pipe'] }).trim();
-  } catch {
-    return null;
-  }
-}
-
-export function sanitizeGitRemote(remote) {
-  if (!remote) return remote;
-  try {
-    const url = new URL(remote);
-    url.username = '';
-    url.password = '';
-    url.search = '';
-    url.hash = '';
-    return `${url.origin}${url.pathname}`;
-  } catch {
-    return remote.replace(/\/\/[^@]+@/, '//');
-  }
-}
+export { sanitizeGitRemote } from '@promptcellar/core/context';
 
 export function getGitContext() {
-  const level = getCaptureLevel();
-
-  // Minimal: no git context
-  if (level === 'minimal') {
-    return {};
-  }
-
-  const context = {};
-
-  // Standard: repo name and branch
-  const topLevel = execGit('rev-parse', '--show-toplevel');
-  if (topLevel) {
-    context.git_repo = topLevel.split('/').pop();
-    context.git_branch = execGit('rev-parse', '--abbrev-ref', 'HEAD');
-  }
-
-  // Rich: add remote URL and commit hash
-  if (level === 'rich' && topLevel) {
-    context.git_remote_url = sanitizeGitRemote(execGit('remote', 'get-url', 'origin'));
-    context.git_commit = execGit('rev-parse', 'HEAD');
-  }
-
-  return context;
+  return coreGitContext(process.cwd(), getCaptureLevel());
 }
 
-export function getFullContext(tool, model) {
-  const level = getCaptureLevel();
-  const sessionId = getSessionId();
-
-  const context = {
+export function getFullContext(tool, model, overrides = {}) {
+  return coreFullContext({
     tool,
-    captured_at: new Date().toISOString()
-  };
-
-  // Minimal: just tool and timestamp
-  if (level === 'minimal') {
-    return context;
-  }
-
-  // Standard: add working directory and model
-  context.working_directory = process.cwd();
-  if (model) {
-    context.model = model;
-  }
-
-  // Add git context
-  Object.assign(context, getGitContext());
-
-  // Rich: add session ID
-  if (level === 'rich') {
-    context.session_id = sessionId;
-  }
+    model,
+    captureLevel: getCaptureLevel(),
+    sessionId: getSessionId(),
+    cwd: process.cwd(),
+    ...overrides,
+  });
+}
 
-  return context;
+export function collectContextFileContents(tool, cwd) {
+  return coreCollectContextFileContents({ tool, cwd });
 }
 
-export default { getGitContext, getFullContext };
+export default { getGitContext, getFullContext, collectContextFileContents };

package/src/lib/crypto.js

@@ -1,39 +1 @@
-import { createCipheriv, randomBytes } from 'crypto';
-
-function b64urlEncode(buffer) {
-  return Buffer.from(buffer)
-    .toString('base64')
-    .replace(/\+/g, '-')
-    .replace(/\//g, '_')
-    .replace(/=+$/, '');
-}
-
-function b64urlDecode(str) {
-  let base64 = str.replace(/-/g, '+').replace(/_/g, '/');
-  while (base64.length % 4) base64 += '=';
-  return Buffer.from(base64, 'base64');
-}
-
-export function encryptPrompt(plaintext, keyBase64url) {
-  const key = b64urlDecode(keyBase64url);
-  if (key.length !== 32) {
-    throw new Error('Invalid vault key length');
-  }
-
-  const iv = randomBytes(12);
-  const cipher = createCipheriv('aes-256-gcm', key, iv);
-
-  const encoded = Buffer.from(plaintext, 'utf8');
-  const encrypted = Buffer.concat([cipher.update(encoded), cipher.final()]);
-  const authTag = cipher.getAuthTag();
-
-  // AES-GCM ciphertext = encrypted + authTag (WebCrypto format)
-  const ciphertext = Buffer.concat([encrypted, authTag]);
-
-  return {
-    encrypted_content: b64urlEncode(ciphertext),
-    content_iv: b64urlEncode(iv),
-  };
-}
-
-export { b64urlEncode, b64urlDecode };
+export { encryptPrompt, decryptPrompt, b64urlEncode, b64urlDecode } from '@promptcellar/core/crypto';

package/src/lib/device-transfer.js

@@ -1,43 +1 @@
-import { generateKeyPair, publicEncrypt, privateDecrypt, constants } from 'crypto';
-import { promisify } from 'util';
-import { b64urlEncode, b64urlDecode } from './crypto.js';
-
-const generateKeyPairAsync = promisify(generateKeyPair);
-
-/**
- * Generate an RSA-OAEP 2048 keypair for device-transfer envelope encryption.
- * Returns { publicKeySpkiB64url, privateKeyPem }.
- */
-export async function generateTransferKeyPair() {
-  const { publicKey, privateKey } = await generateKeyPairAsync('rsa', {
-    modulusLength: 2048,
-    publicKeyEncoding: { type: 'spki', format: 'der' },
-    privateKeyEncoding: { type: 'pkcs8', format: 'pem' },
-  });
-
-  return {
-    publicKeySpkiB64url: b64urlEncode(publicKey),
-    privateKeyPem: privateKey,
-  };
-}
-
-/**
- * Decrypt a transfer payload encrypted with RSA-OAEP + SHA-256.
- * @param {string} ciphertextB64url - base64url-encoded ciphertext
- * @param {string} privateKeyPem    - PEM-encoded PKCS#8 private key
- * @returns {string} base64url-encoded master key
- */
-export function decryptTransfer(ciphertextB64url, privateKeyPem) {
-  const ciphertext = b64urlDecode(ciphertextB64url);
-
-  const plaintext = privateDecrypt(
-    {
-      key: privateKeyPem,
-      oaepHash: 'sha256',
-      padding: constants.RSA_PKCS1_OAEP_PADDING,
-    },
-    ciphertext,
-  );
-
-  return b64urlEncode(plaintext);
-}
+export { generateTransferKeyPair, decryptTransfer } from '@promptcellar/core/auth';