npm - @quantiya/codevibe-claude-plugin - Versions diffs - 1.0.13 → 1.0.15 - Mend

@quantiya/codevibe-claude-plugin 1.0.13 → 1.0.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (439) hide show

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "codevibe-claude",
-  "version": "1.0.13",
+  "version": "1.0.15",
   "description": "Sync Claude Code sessions with iOS mobile app via AWS backend. Control Claude Code from your phone with real-time bidirectional synchronization.",
   "author": {
     "name": "CodeVibe Team"

package/node_modules/@quantiya/codevibe-core/README.md ADDED Viewed

@@ -0,0 +1,179 @@
+# @quantiya/codevibe-core
+Core library for CodeVibe plugins — shared keychain, crypto, AppSync, authentication, session lifecycle, and network-resilience functionality. Used by [`@quantiya/codevibe-claude-plugin`](https://www.npmjs.com/package/@quantiya/codevibe-claude-plugin), [`@quantiya/codevibe-gemini-plugin`](https://www.npmjs.com/package/@quantiya/codevibe-gemini-plugin), and [`@quantiya/codevibe-codex-plugin`](https://www.npmjs.com/package/@quantiya/codevibe-codex-plugin).
+**Current version:** `1.0.3`
+## Installation
+```bash
+npm install @quantiya/codevibe-core
+```
+## Features
+- **Keychain Management** — Secure storage for device keys and OAuth tokens using native keychain (macOS Keychain, Linux libsecret, Windows Credential Manager)
+- **Cryptographic Services** — E2E encryption using ECDH P-256 and AES-256-GCM, with dedicated helpers for event content, metadata, and binary attachments
+- **AppSync Client** — GraphQL API and WebSocket subscriptions for AWS AppSync, with automatic token refresh
+- **Two-phase WebSocket reconnection** — exponential backoff (1s→60s) for 10 attempts, then persistent 5-minute retry indefinitely. Survives laptop sleep, network drops, DNS blips, and extended outages without ever giving up.
+- **Session heartbeat system** — `startHeartbeat(sessionId)` sends `updateSession({ lastHeartbeatAt })` every 2 minutes so mobile clients can show desktop connectivity status (green/red dot with 5-minute staleness threshold)
+- **Centralized session lifecycle** — `resumeOrCreateSession()` is the single source of truth for session fingerprint matching, reuse, and per-device ECDH session key distribution. Used identically by all three plugins.
+- **WSL-aware networking** — auto-detects WSL via `/proc/sys/kernel/osrelease` and applies IPv4-first DNS ordering to work around broken WSL IPv6 stacks. Zero behavioral change on macOS, native Linux, and Windows.
+- **Diagnostic fetch wrapper** — `fetchWithDiagnostics()` unpacks undici's generic "fetch failed" errors into detailed platform-specific messages (DNS failures, TLS clock skew, corporate MITM proxies, etc.) so failures are debuggable without trawling logs.
+- **Cross-platform browser launcher** — `AuthService` opens the user's default browser during OAuth login via `wslview` → `cmd.exe` → `powershell.exe` → `xdg-open` fallback chain on Linux/WSL, native `open` on macOS, `cmd /c start` on Windows. Always prints the sign-in URL to stdout as a copy-paste fallback if automatic launching fails.
+- **Authentication CLI** — Browser-based OAuth login/logout commands (Sign in with Apple / Sign in with Google via Cognito)
+- **Prompt Parser** — Extracts numbered options from tmux pane snapshots so plugins can forward the exact options a CLI offers to mobile clients without hardcoding
+- **Shared TypeScript types** — Events, sessions, attachments, encryption structures used across all plugins
+## CLI Usage
+```bash
+# Sign in via browser (opens Cognito Hosted UI)
+codevibe login
+# Sign out
+codevibe logout
+# Check authentication status
+codevibe status
+# Reset device identity (destructive - old sessions become inaccessible)
+codevibe reset-device
+# Use specific environment
+codevibe --env development login
+```
+## API Usage
+### Keychain Manager
+```typescript
+import { keychainManager, DeviceIdentity } from '@quantiya/codevibe-core';
+// Get or create device identity (stored in native keychain)
+const identity = await keychainManager.getOrCreateDeviceIdentity();
+console.log(identity.deviceId, identity.publicKey);
+// Get OAuth tokens
+const tokens = await keychainManager.getTokens('production');
+if (tokens) {
+  console.log(tokens.email, tokens.userId);
+}
+```
+### Crypto Service
+```typescript
+import { cryptoService } from '@quantiya/codevibe-core';
+// Generate key pair
+const keyPair = cryptoService.generateKeyPair();
+// Generate session key
+const sessionKey = cryptoService.generateSessionKey();
+// Encrypt content
+const encrypted = cryptoService.encryptContent('Hello World', sessionKey);
+// Decrypt content
+const decrypted = cryptoService.decryptContent(encrypted, sessionKey);
+```
+### AppSync Client
+```typescript
+import { AppSyncClient, loadConfig } from '@quantiya/codevibe-core';
+// Load environment configuration
+loadConfig('production');
+// Create client
+const client = new AppSyncClient('production');
+// Authenticate with stored tokens
+const authenticated = await client.authenticateWithStoredTokens();
+if (!authenticated) {
+  console.log('Run "codevibe login" first');
+  process.exit(1);
+}
+// Create session
+const session = await client.createSession({
+  userId: client.getCurrentUserId(),
+  agentType: 'CLAUDE',
+  projectPath: '/path/to/project',
+});
+// Subscribe to events
+const unsubscribe = client.subscribeToEvents(session.sessionId, (event) => {
+  console.log('Event received:', event);
+});
+// Clean up
+unsubscribe();
+```
+### Auth Service
+```typescript
+import { authService, loadConfig } from '@quantiya/codevibe-core';
+// Set environment
+loadConfig('production');
+authService.setEnvironment('production');
+// Login (opens browser)
+const tokens = await authService.login();
+// Check status
+const status = await authService.getStatus();
+console.log(status.authenticated, status.tokens?.email);
+// Logout
+await authService.logout();
+```
+## Keychain Storage
+All sensitive data is stored in the native system keychain:
+- **Service Name:** `ai.quantiya.app.codevibe`
+- **Device Identity:** Stored as `device-identity` account
+- **Tokens:** Stored as `tokens-{environment}` accounts (e.g., `tokens-production`)
+This ensures:
+- Data persists across terminal sessions
+- Data is encrypted at rest by the OS
+- Data survives plugin reinstalls/updates
+- Device identity is shared across all CodeVibe plugins
+## Security
+- Device keys are ECDH P-256 key pairs
+- Session keys are 256-bit AES keys
+- Content is encrypted with AES-256-GCM
+- Session keys are encrypted per-device using ECDH
+- OAuth tokens are stored securely in native keychain
+## Development
+```bash
+# Install dependencies
+npm install
+# Build
+npm run build
+# Watch mode
+npm run watch
+# Local development with plugin
+npm link
+cd ../codevibe-claude-plugin
+npm link @quantiya/codevibe-core
+```
+## License
+MIT

package/node_modules/@quantiya/codevibe-core/bin/codevibe.js ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+//
+// codevibe CLI entry point
+// @quantiya/codevibe-core
+//
+require('../dist/index').runAuthCli(process.argv);

package/node_modules/@quantiya/codevibe-core/dist/appsync/appsync-client.d.ts ADDED Viewed

@@ -0,0 +1,132 @@
+import { CreateEventInput, CreateSessionInput, UpdateSessionInput, UpdateEventStatusInput, Event, Session, EventSource, DeviceKey } from '../types';
+/**
+ * Download URL response
+ */
+export interface DownloadUrlResponse {
+    downloadUrl: string;
+    expiresAt: string;
+}
+/**
+ * AppSync GraphQL client with WebSocket subscriptions
+ */
+export declare class AppSyncClient {
+    private authenticated;
+    private currentUserId;
+    private currentEmail;
+    private tokens;
+    private activeSubscriptions;
+    private environment;
+    constructor();
+    /**
+     * Get the current authenticated user ID
+     */
+    getCurrentUserId(): string;
+    /**
+     * Get the current authenticated user email
+     */
+    getCurrentUserEmail(): string | null;
+    /**
+     * Authenticate using stored OAuth tokens from keychain
+     */
+    authenticateWithStoredTokens(): Promise<boolean>;
+    /**
+     * Refresh expired tokens
+     */
+    private refreshTokens;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Sign out
+     */
+    signOut(): void;
+    /**
+     * Make a GraphQL request
+     */
+    private graphqlRequest;
+    /**
+     * Create a session
+     */
+    createSession(input: CreateSessionInput): Promise<Session>;
+    /**
+     * Update a session
+     */
+    updateSession(input: UpdateSessionInput): Promise<Session>;
+    /**
+     * Get a session
+     */
+    getSession(sessionId: string): Promise<Session | null>;
+    /**
+     * Create an event
+     */
+    createEvent(input: CreateEventInput): Promise<Event>;
+    /**
+     * Update event status
+     */
+    updateEventStatus(input: UpdateEventStatusInput): Promise<Event>;
+    /**
+     * List events for a session
+     */
+    listEvents(sessionId: string, source?: EventSource, limit?: number): Promise<Event[]>;
+    /**
+     * List user device keys
+     */
+    listUserDeviceKeys(): Promise<DeviceKey[]>;
+    /**
+     * Register device key
+     */
+    registerDeviceKey(deviceId: string, publicKey: string, platform: string, deviceName: string): Promise<void>;
+    /**
+     * Get attachment download URL
+     */
+    getAttachmentDownloadUrl(s3Key: string): Promise<DownloadUrlResponse>;
+    /**
+     * Subscribe to events for a session
+     */
+    subscribeToEvents(sessionId: string, onEvent: (event: Event) => void, onError?: (error: Error) => void): () => void;
+    /**
+     * Build WebSocket URL
+     */
+    private buildRealtimeUrl;
+    /**
+     * Create WebSocket subscription
+     */
+    private createSubscription;
+    /**
+     * Send subscription start message
+     */
+    private sendSubscriptionStart;
+    /**
+     * Reset keep-alive timer
+     */
+    private resetKeepAliveTimer;
+    /**
+     * Handle subscription error with two-phase reconnection:
+     * Phase 1 (urgent): Exponential backoff for first N attempts
+     * Phase 2 (persistent): Fixed interval retry indefinitely
+     */
+    private handleSubscriptionError;
+    /**
+     * Cleanup subscription state
+     */
+    private cleanupSubscriptionState;
+    private heartbeatTimers;
+    /**
+     * Start periodic heartbeat for a session.
+     * Updates lastHeartbeatAt on the session every intervalMs (default 2 minutes).
+     */
+    startHeartbeat(sessionId: string, intervalMs?: number): void;
+    /**
+     * Stop heartbeat for a session.
+     */
+    stopHeartbeat(sessionId: string): void;
+    /**
+     * Send a single heartbeat update.
+     */
+    private sendHeartbeat;
+    /**
+     * Cleanup all subscriptions and heartbeats
+     */
+    cleanupSubscriptions(): void;
+}

package/node_modules/@quantiya/codevibe-core/dist/appsync/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { AppSyncClient, DownloadUrlResponse } from './appsync-client';
2	+ export { queries, mutations, subscriptions } from './queries';

package/node_modules/@quantiya/codevibe-core/dist/appsync/queries.d.ts ADDED Viewed

@@ -0,0 +1,16 @@
+export declare const queries: {
+    getSession: string;
+    listEvents: string;
+    listUserDeviceKeys: string;
+};
+export declare const mutations: {
+    createSession: string;
+    updateSession: string;
+    createEvent: string;
+    updateEventStatus: string;
+    registerDeviceKey: string;
+    getAttachmentDownloadUrl: string;
+};
+export declare const subscriptions: {
+    onEventCreated: string;
+};

package/node_modules/@quantiya/codevibe-core/dist/auth/auth-cli.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+#!/usr/bin/env node
+/**
+ * Main CLI entry point
+ */
+export declare function runAuthCli(argv: string[]): Promise<void>;

package/node_modules/@quantiya/codevibe-core/dist/auth/auth-service.d.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import { TokenData } from '../types';
+/**
+ * Authentication service for OAuth flows
+ */
+export declare class AuthService {
+    private static instance;
+    private constructor();
+    static getInstance(): AuthService;
+    /**
+     * Open URL in the user's default browser. Cross-platform: macOS, Linux,
+     * WSL, Windows. Always prints the URL to stdout first as a fallback —
+     * if no browser-opening command is available, the user can copy-paste.
+     *
+     * On WSL, prefers opening the Windows host browser via WSL interop
+     * (wslview → cmd.exe → powershell.exe) before falling back to xdg-open.
+     */
+    private openBrowser;
+    /**
+     * Returns the list of browser-opening commands to try in order, based on
+     * the current platform. On WSL, returns WSL interop commands first so the
+     * Windows browser opens (which is what users actually want on WSL).
+     */
+    private getBrowserCommands;
+    /**
+     * Detect whether we're running inside WSL (1 or 2). Returns false on
+     * any non-Linux platform or if /proc/sys/kernel/osrelease is not readable.
+     */
+    private isRunningInWSL;
+    /**
+     * Try each browser-opening command in order. Advances to the next fallback on:
+     *   - Spawn failure (ENOENT / the command not being installed)
+     *   - Synchronous throw from spawn()
+     *   - Runtime failure where the command spawns but exits with a non-zero
+     *     code (e.g. wslview when WSL interop is disabled, xdg-open when no
+     *     default browser is registered, cmd.exe failing to launch start)
+     *   - Process terminated by signal
+     *
+     * Stays on the current command when:
+     *   - Process exits with code 0 (success)
+     *   - Process is still running after 3 seconds (assumed success — opener
+     *     is doing real work like launching a slow app, not hung)
+     *
+     * If all attempts exhaust, logs at debug level — the user still has the
+     * sign-in URL printed to stdout as a copy-paste fallback.
+     */
+    private tryBrowserCommand;
+    /**
+     * Generate state for CSRF protection
+     */
+    private generateState;
+    /**
+     * Build authorization URL
+     */
+    private buildAuthUrl;
+    /**
+     * Exchange authorization code for tokens
+     */
+    private exchangeCodeForTokens;
+    /**
+     * Decode JWT payload
+     */
+    private decodeJwt;
+    /**
+     * Refresh tokens
+     */
+    refreshTokens(refreshToken: string): Promise<{
+        accessToken: string;
+        idToken: string;
+        expiresIn: number;
+    }>;
+    /**
+     * Login via OAuth browser flow
+     */
+    login(): Promise<TokenData | null>;
+    /**
+     * Logout
+     */
+    logout(): Promise<boolean>;
+    /**
+     * Get current auth status
+     */
+    getStatus(): Promise<{
+        authenticated: boolean;
+        tokens?: TokenData;
+    }>;
+}
+export declare const authService: AuthService;

package/node_modules/@quantiya/codevibe-core/dist/auth/fetch-helpers.d.ts ADDED Viewed

@@ -0,0 +1,11 @@
+/**
+ * Wraps fetch() and rewrites "fetch failed" errors to include the underlying
+ * cause and a user-actionable diagnostic tip when possible. Non-network errors
+ * and HTTP error responses (non-2xx) are not affected — the caller still
+ * handles response.ok checks themselves.
+ *
+ * @param url The URL to fetch
+ * @param init Standard fetch init options
+ * @param context Optional short label (e.g. "token exchange") for the error message
+ */
+export declare function fetchWithDiagnostics(url: string, init?: any, context?: string): Promise<Response>;

package/node_modules/@quantiya/codevibe-core/dist/auth/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { AuthService, authService } from './auth-service';
2	+ export { runAuthCli } from './auth-cli';

package/node_modules/@quantiya/codevibe-core/dist/config/config.d.ts ADDED Viewed

@@ -0,0 +1,53 @@
+/**
+ * Environment type
+ */
+export type Environment = 'development' | 'production';
+/**
+ * Configuration interface
+ */
+export interface Config {
+    environment: Environment;
+    aws: {
+        region: string;
+        appsyncUrl: string;
+        cognitoUserPoolId: string;
+        cognitoClientId: string;
+        cognitoDomain: string;
+    };
+    keychain: {
+        serviceName: string;
+    };
+    server: {
+        port: number;
+        host: string;
+        dynamicPort: boolean;
+    };
+    claude: {
+        command: string;
+        defaultTimeout: number;
+    };
+    codex: {
+        command: string;
+        defaultTimeout: number;
+        sessionsDir: string;
+        approvalTimeoutMs: number;
+    };
+    gemini: {
+        command: string;
+        defaultTimeout: number;
+        transcriptDir: string;
+    };
+}
+/**
+ * Get environment from process.env.ENVIRONMENT, defaults to 'production'
+ */
+export declare function getEnvironment(): Environment;
+/**
+ * Load configuration for specific environment
+ * If no environment specified, uses process.env.ENVIRONMENT or defaults to 'production'
+ */
+export declare function loadConfig(environment?: Environment): Config;
+/**
+ * Get current configuration (auto-initializes if not already loaded)
+ */
+export declare function getConfig(): Config;

package/node_modules/@quantiya/codevibe-core/dist/config/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { loadConfig, getConfig, getEnvironment } from './config';
2	+ export type { Config, Environment } from './config';

package/node_modules/@quantiya/codevibe-core/dist/crypto/crypto-service.d.ts ADDED Viewed

@@ -0,0 +1,118 @@
+import { EncryptedSessionKey, KeyPair } from '../types';
+/**
+ * Error class for cryptographic operations
+ */
+export declare class CryptoError extends Error {
+    constructor(message: string);
+}
+/**
+ * Current encryption version for future algorithm upgrades
+ */
+export declare const ENCRYPTION_VERSION = 1;
+/**
+ * Service for end-to-end encryption operations
+ */
+export declare class CryptoService {
+    private static instance;
+    private constructor();
+    static getInstance(): CryptoService;
+    /**
+     * Generate a new ECDH P-256 key pair
+     * @returns Object with privateKey (base64), publicKey (base64 raw)
+     */
+    generateKeyPair(): KeyPair;
+    /**
+     * Generate a random 256-bit session key
+     * @returns Base64-encoded session key
+     */
+    generateSessionKey(): string;
+    /**
+     * Derive a shared secret using ECDH and HKDF
+     * @param privateKeyBase64 Our private key (base64)
+     * @param publicKeyBase64 Other party's public key (base64)
+     * @returns 256-bit derived key as Buffer
+     */
+    deriveSharedKey(privateKeyBase64: string, publicKeyBase64: string): Buffer;
+    /**
+     * Encrypt a session key for a target device using ECDH
+     * @param sessionKeyBase64 The session key to encrypt (base64)
+     * @param targetPublicKeyBase64 Target device's public key (base64)
+     * @returns EncryptedSessionKey containing encrypted key and ephemeral public key
+     */
+    encryptSessionKey(sessionKeyBase64: string, targetPublicKeyBase64: string): Omit<EncryptedSessionKey, 'deviceId'>;
+    /**
+     * Decrypt a session key using our private key
+     * @param encryptedSessionKey The encrypted session key data
+     * @param privateKeyBase64 Our device's private key (base64)
+     * @returns Decrypted session key (base64)
+     */
+    decryptSessionKey(encryptedSessionKey: EncryptedSessionKey, privateKeyBase64: string): string;
+    /**
+     * Encrypt content using AES-256-GCM
+     * @param content String content to encrypt
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Base64-encoded ciphertext (nonce + ciphertext + tag)
+     */
+    encryptContent(content: string, sessionKeyBase64: string): string;
+    /**
+     * Decrypt content using AES-256-GCM
+     * @param encryptedContent Base64-encoded ciphertext
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted string content
+     */
+    decryptContent(encryptedContent: string, sessionKeyBase64: string): string;
+    /**
+     * Encrypt JSON-serializable metadata
+     * @param metadata Object to encrypt
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Base64-encoded encrypted JSON
+     */
+    encryptMetadata(metadata: Record<string, any>, sessionKeyBase64: string): string;
+    /**
+     * Decrypt encrypted metadata
+     * @param encryptedMetadata Base64-encoded encrypted JSON
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted object
+     */
+    decryptMetadata(encryptedMetadata: string, sessionKeyBase64: string): Record<string, any>;
+    /**
+     * Encrypt binary data using AES-256-GCM
+     * @param data Binary data to encrypt (Buffer)
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Encrypted data (Buffer containing nonce + ciphertext + tag)
+     */
+    encryptData(data: Buffer, sessionKeyBase64: string): Buffer;
+    /**
+     * Decrypt binary data using AES-256-GCM
+     * @param encryptedData Encrypted data (Buffer containing nonce + ciphertext + tag)
+     * @param sessionKeyBase64 Session key (base64)
+     * @returns Decrypted binary data (Buffer)
+     */
+    decryptData(encryptedData: Buffer, sessionKeyBase64: string): Buffer;
+    /**
+     * Encrypt data using AES-256-GCM
+     * @param data Data to encrypt
+     * @param key Symmetric key (32 bytes)
+     * @returns Combined nonce + ciphertext + tag
+     */
+    private encrypt;
+    /**
+     * Decrypt data using AES-256-GCM
+     * @param data Combined nonce + ciphertext + tag
+     * @param key Symmetric key (32 bytes)
+     * @returns Decrypted data
+     */
+    private decrypt;
+    /**
+     * Serialize a private key for storage
+     */
+    serializePrivateKey(privateKeyBase64: string): string;
+    /**
+     * Deserialize a private key from storage
+     */
+    deserializePrivateKey(base64: string): string;
+}
+/**
+ * Export singleton instance
+ */
+export declare const cryptoService: CryptoService;

package/node_modules/@quantiya/codevibe-core/dist/crypto/index.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ export { CryptoService, cryptoService, CryptoError, ENCRYPTION_VERSION } from './crypto-service';

package/node_modules/@quantiya/codevibe-core/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+export { KeychainManager, keychainManager, KeychainError } from './keychain';
+export { CryptoService, cryptoService, CryptoError, ENCRYPTION_VERSION } from './crypto';
+export { AppSyncClient, DownloadUrlResponse } from './appsync';
+export { queries, mutations, subscriptions } from './appsync';
+export { AuthService, authService } from './auth';
+export { runAuthCli } from './auth';
+export { loadConfig, getConfig, getEnvironment } from './config';
+export type { Config, Environment } from './config';
+export { Logger, logger, createLogger } from './logger';
+export { parseInteractivePrompt, normalizeSnapshot, } from './prompt-parser';
+export type { ParsedInteractivePrompt, PromptKind, InteractivePromptOption, } from './prompt-parser';
+export { resumeOrCreateSession, prepareSessionEncryption } from './session';
+export type { ResumeOrCreateSessionInput, ResumeOrCreateSessionResult } from './session';
+export * from './types';