@quantiya/codevibe-core 1.0.0

package/README.md

@@ -0,0 +1,178 @@
+# @quantiya/codevibe-core
+
+Core library for CodeVibe plugins - shared keychain, crypto, AppSync, and authentication functionality.
+
+## Installation
+
+### Development (Private GitHub repo)
+
+```bash
+npm install git+ssh://git@github.com:hendryyeh/quantiya-codevibe-core.git
+```
+
+### Production (npm public)
+
+```bash
+npm install @quantiya/codevibe-core
+```
+
+## Features
+
+- **Keychain Management** - Secure storage for device keys and OAuth tokens using native keychain (macOS Keychain, Linux libsecret, Windows Credential Manager)
+- **Cryptographic Services** - E2E encryption using ECDH P-256 and AES-256-GCM
+- **AppSync Client** - GraphQL API and WebSocket subscriptions for AWS AppSync
+- **Authentication CLI** - Browser-based OAuth login/logout commands
+- **Shared Types** - TypeScript interfaces for events, sessions, encryption
+
+## CLI Usage
+
+```bash
+# Sign in via browser (opens Cognito Hosted UI)
+codevibe login
+
+# Sign out
+codevibe logout
+
+# Check authentication status
+codevibe status
+
+# Reset device identity (destructive - old sessions become inaccessible)
+codevibe reset-device
+
+# Use specific environment
+codevibe --env development login
+```
+
+## API Usage
+
+### Keychain Manager
+
+```typescript
+import { keychainManager, DeviceIdentity } from '@quantiya/codevibe-core';
+
+// Get or create device identity (stored in native keychain)
+const identity = await keychainManager.getOrCreateDeviceIdentity();
+console.log(identity.deviceId, identity.publicKey);
+
+// Get OAuth tokens
+const tokens = await keychainManager.getTokens('production');
+if (tokens) {
+  console.log(tokens.email, tokens.userId);
+}
+```
+
+### Crypto Service
+
+```typescript
+import { cryptoService } from '@quantiya/codevibe-core';
+
+// Generate key pair
+const keyPair = cryptoService.generateKeyPair();
+
+// Generate session key
+const sessionKey = cryptoService.generateSessionKey();
+
+// Encrypt content
+const encrypted = cryptoService.encryptContent('Hello World', sessionKey);
+
+// Decrypt content
+const decrypted = cryptoService.decryptContent(encrypted, sessionKey);
+```
+
+### AppSync Client
+
+```typescript
+import { AppSyncClient, loadConfig } from '@quantiya/codevibe-core';
+
+// Load environment configuration
+loadConfig('production');
+
+// Create client
+const client = new AppSyncClient('production');
+
+// Authenticate with stored tokens
+const authenticated = await client.authenticateWithStoredTokens();
+if (!authenticated) {
+  console.log('Run "codevibe login" first');
+  process.exit(1);
+}
+
+// Create session
+const session = await client.createSession({
+  userId: client.getCurrentUserId(),
+  agentType: 'CLAUDE',
+  projectPath: '/path/to/project',
+});
+
+// Subscribe to events
+const unsubscribe = client.subscribeToEvents(session.sessionId, (event) => {
+  console.log('Event received:', event);
+});
+
+// Clean up
+unsubscribe();
+```
+
+### Auth Service
+
+```typescript
+import { authService, loadConfig } from '@quantiya/codevibe-core';
+
+// Set environment
+loadConfig('production');
+authService.setEnvironment('production');
+
+// Login (opens browser)
+const tokens = await authService.login();
+
+// Check status
+const status = await authService.getStatus();
+console.log(status.authenticated, status.tokens?.email);
+
+// Logout
+await authService.logout();
+```
+
+## Keychain Storage
+
+All sensitive data is stored in the native system keychain:
+
+- **Service Name:** `ai.quantiya.app.codevibe`
+- **Device Identity:** Stored as `device-identity` account
+- **Tokens:** Stored as `tokens-{environment}` accounts (e.g., `tokens-production`)
+
+This ensures:
+- Data persists across terminal sessions
+- Data is encrypted at rest by the OS
+- Data survives plugin reinstalls/updates
+- Device identity is shared across all CodeVibe plugins
+
+## Security
+
+- Device keys are ECDH P-256 key pairs
+- Session keys are 256-bit AES keys
+- Content is encrypted with AES-256-GCM
+- Session keys are encrypted per-device using ECDH
+- OAuth tokens are stored securely in native keychain
+
+## Development
+
+```bash
+# Install dependencies
+npm install
+
+# Build
+npm run build
+
+# Watch mode
+npm run watch
+
+# Local development with plugin
+npm link
+cd ../codevibe-claude-plugin
+npm link @quantiya/codevibe-core
+```
+
+## License
+
+MIT

package/bin/codevibe.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+//
+// codevibe CLI entry point
+// @quantiya/codevibe-core
+//
+
+require('../dist/auth/auth-cli').runAuthCli(process.argv);

package/dist/appsync/appsync-client.d.ts

@@ -0,0 +1,132 @@
+import { CreateEventInput, CreateSessionInput, UpdateSessionInput, UpdateEventStatusInput, Event, Session, EventSource, DeviceKey } from '../types';
+/**
+ * Download URL response
+ */
+export interface DownloadUrlResponse {
+    downloadUrl: string;
+    expiresAt: string;
+}
+/**
+ * AppSync GraphQL client with WebSocket subscriptions
+ */
+export declare class AppSyncClient {
+    private authenticated;
+    private currentUserId;
+    private currentEmail;
+    private tokens;
+    private activeSubscriptions;
+    private environment;
+    constructor();
+    /**
+     * Get the current authenticated user ID
+     */
+    getCurrentUserId(): string;
+    /**
+     * Get the current authenticated user email
+     */
+    getCurrentUserEmail(): string | null;
+    /**
+     * Authenticate using stored OAuth tokens from keychain
+     */
+    authenticateWithStoredTokens(): Promise<boolean>;
+    /**
+     * Refresh expired tokens
+     */
+    private refreshTokens;
+    /**
+     * Check if authenticated
+     */
+    isAuthenticated(): boolean;
+    /**
+     * Sign out
+     */
+    signOut(): void;
+    /**
+     * Make a GraphQL request
+     */
+    private graphqlRequest;
+    /**
+     * Create a session
+     */
+    createSession(input: CreateSessionInput): Promise<Session>;
+    /**
+     * Update a session
+     */
+    updateSession(input: UpdateSessionInput): Promise<Session>;
+    /**
+     * Get a session
+     */
+    getSession(sessionId: string): Promise<Session | null>;
+    /**
+     * Create an event
+     */
+    createEvent(input: CreateEventInput): Promise<Event>;
+    /**
+     * Update event status
+     */
+    updateEventStatus(input: UpdateEventStatusInput): Promise<Event>;
+    /**
+     * List events for a session
+     */
+    listEvents(sessionId: string, source?: EventSource, limit?: number): Promise<Event[]>;
+    /**
+     * List user device keys
+     */
+    listUserDeviceKeys(): Promise<DeviceKey[]>;
+    /**
+     * Register device key
+     */
+    registerDeviceKey(deviceId: string, publicKey: string, platform: string, deviceName: string): Promise<void>;
+    /**
+     * Get attachment download URL
+     */
+    getAttachmentDownloadUrl(s3Key: string): Promise<DownloadUrlResponse>;
+    /**
+     * Subscribe to events for a session
+     */
+    subscribeToEvents(sessionId: string, onEvent: (event: Event) => void, onError?: (error: Error) => void): () => void;
+    /**
+     * Build WebSocket URL
+     */
+    private buildRealtimeUrl;
+    /**
+     * Create WebSocket subscription
+     */
+    private createSubscription;
+    /**
+     * Send subscription start message
+     */
+    private sendSubscriptionStart;
+    /**
+     * Reset keep-alive timer
+     */
+    private resetKeepAliveTimer;
+    /**
+     * Handle subscription error with two-phase reconnection:
+     * Phase 1 (urgent): Exponential backoff for first N attempts
+     * Phase 2 (persistent): Fixed interval retry indefinitely
+     */
+    private handleSubscriptionError;
+    /**
+     * Cleanup subscription state
+     */
+    private cleanupSubscriptionState;
+    private heartbeatTimers;
+    /**
+     * Start periodic heartbeat for a session.
+     * Updates lastHeartbeatAt on the session every intervalMs (default 2 minutes).
+     */
+    startHeartbeat(sessionId: string, intervalMs?: number): void;
+    /**
+     * Stop heartbeat for a session.
+     */
+    stopHeartbeat(sessionId: string): void;
+    /**
+     * Send a single heartbeat update.
+     */
+    private sendHeartbeat;
+    /**
+     * Cleanup all subscriptions and heartbeats
+     */
+    cleanupSubscriptions(): void;
+}