@reminix/cli 0.1.2 → 0.1.3

package/README.md

@@ -26,7 +26,7 @@ reminix --help
 
 ```bash
 # From the monorepo root
-cd reminix-cli
+cd cli
 
 # Install dependencies
 pnpm install

package/dist/commands/login.d.ts

@@ -0,0 +1,6 @@
+import { Command } from 'commander';
+/**
+ * Login command - authenticates user via browser
+ */
+export declare const loginCommand: Command;
+//# sourceMappingURL=login.d.ts.map

package/dist/commands/login.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAiBpC;;GAEG;AACH,eAAO,MAAM,YAAY,SAmDrB,CAAC"}

package/dist/commands/login.js

@@ -0,0 +1,65 @@
+import { Command } from 'commander';
+import open from 'open';
+import { createAuthServer, generateState } from '../lib/auth-server.js';
+import { saveCredentials, loadCredentials } from '../lib/credentials.js';
+/**
+ * Default web app URL - can be overridden with REMINIX_WEB_URL env var
+ */
+const DEFAULT_WEB_URL = 'https://reminix.com';
+/**
+ * Get the web app URL from environment or use default
+ */
+function getWebUrl() {
+    return process.env.REMINIX_WEB_URL || DEFAULT_WEB_URL;
+}
+/**
+ * Login command - authenticates user via browser
+ */
+export const loginCommand = new Command('login')
+    .description('Authenticate with Reminix')
+    .option('--no-browser', "Don't open browser automatically")
+    .action(async (options) => {
+    try {
+        // Check if already logged in
+        const existing = loadCredentials();
+        if (existing) {
+            console.log(`Already logged in as ${existing.email}`);
+            console.log('Run "reminix logout" first to switch accounts.');
+            return;
+        }
+        // Generate state for CSRF protection
+        const state = generateState();
+        // Start local auth server
+        console.log('Starting authentication...');
+        const { port, waitForCallback } = await createAuthServer(state);
+        // Build auth URL
+        const webUrl = getWebUrl();
+        const authUrl = `${webUrl}/cli/authorize?port=${port}&state=${state}`;
+        // Open browser or show URL
+        if (options.browser) {
+            console.log('Opening browser to log in...\n');
+            await open(authUrl);
+        }
+        else {
+            console.log('Open this URL in your browser to log in:\n');
+            console.log(`  ${authUrl}\n`);
+        }
+        console.log('Waiting for authentication...');
+        // Wait for callback
+        const result = await waitForCallback();
+        // Save credentials
+        saveCredentials(result.token, result.email);
+        console.log(`\n✓ Successfully logged in as ${result.email}!`);
+        process.exit(0);
+    }
+    catch (error) {
+        if (error instanceof Error) {
+            console.error(`\n✗ Login failed: ${error.message}`);
+        }
+        else {
+            console.error('\n✗ Login failed: Unknown error');
+        }
+        process.exit(1);
+    }
+});
+//# sourceMappingURL=login.js.map

package/dist/commands/login.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"login.js","sourceRoot":"","sources":["../../src/commands/login.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,IAAI,MAAM,MAAM,CAAC;AACxB,OAAO,EAAE,gBAAgB,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AACxE,OAAO,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAEzE;;GAEG;AACH,MAAM,eAAe,GAAG,qBAAqB,CAAC;AAE9C;;GAEG;AACH,SAAS,SAAS;IAChB,OAAO,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,eAAe,CAAC;AACxD,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,YAAY,GAAG,IAAI,OAAO,CAAC,OAAO,CAAC;KAC7C,WAAW,CAAC,2BAA2B,CAAC;KACxC,MAAM,CAAC,cAAc,EAAE,kCAAkC,CAAC;KAC1D,MAAM,CAAC,KAAK,EAAE,OAAO,EAAE,EAAE;IACxB,IAAI,CAAC;QACH,6BAA6B;QAC7B,MAAM,QAAQ,GAAG,eAAe,EAAE,CAAC;QACnC,IAAI,QAAQ,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,wBAAwB,QAAQ,CAAC,KAAK,EAAE,CAAC,CAAC;YACtD,OAAO,CAAC,GAAG,CAAC,gDAAgD,CAAC,CAAC;YAC9D,OAAO;QACT,CAAC;QAED,qCAAqC;QACrC,MAAM,KAAK,GAAG,aAAa,EAAE,CAAC;QAE9B,0BAA0B;QAC1B,OAAO,CAAC,GAAG,CAAC,4BAA4B,CAAC,CAAC;QAC1C,MAAM,EAAE,IAAI,EAAE,eAAe,EAAE,GAAG,MAAM,gBAAgB,CAAC,KAAK,CAAC,CAAC;QAEhE,iBAAiB;QACjB,MAAM,MAAM,GAAG,SAAS,EAAE,CAAC;QAC3B,MAAM,OAAO,GAAG,GAAG,MAAM,uBAAuB,IAAI,UAAU,KAAK,EAAE,CAAC;QAEtE,2BAA2B;QAC3B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO,CAAC,GAAG,CAAC,gCAAgC,CAAC,CAAC;YAC9C,MAAM,IAAI,CAAC,OAAO,CAAC,CAAC;QACtB,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC;YAC1D,OAAO,CAAC,GAAG,CAAC,KAAK,OAAO,IAAI,CAAC,CAAC;QAChC,CAAC;QAED,OAAO,CAAC,GAAG,CAAC,+BAA+B,CAAC,CAAC;QAE7C,oBAAoB;QACpB,MAAM,MAAM,GAAG,MAAM,eAAe,EAAE,CAAC;QAEvC,mBAAmB;QACnB,eAAe,CAAC,MAAM,CAAC,KAAK,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC;QAE5C,OAAO,CAAC,GAAG,CAAC,iCAAiC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC;QAC9D,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,KAAK,EAAE,CAAC;YAC3B,OAAO,CAAC,KAAK,CAAC,qBAAqB,KAAK,CAAC,OAAO,EAAE,CAAC,CAAC;QACtD,CAAC;aAAM,CAAC;YACN,OAAO,CAAC,KAAK,CAAC,iCAAiC,CAAC,CAAC;QACnD,CAAC;QACD,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/commands/logout.d.ts

@@ -0,0 +1,6 @@
+import { Command } from 'commander';
+/**
+ * Logout command - clears stored credentials
+ */
+export declare const logoutCommand: Command;
+//# sourceMappingURL=logout.d.ts.map

package/dist/commands/logout.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.d.ts","sourceRoot":"","sources":["../../src/commands/logout.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;GAEG;AACH,eAAO,MAAM,aAAa,SAUxB,CAAC"}

package/dist/commands/logout.js

@@ -0,0 +1,15 @@
+import { Command } from 'commander';
+import { clearCredentials, loadCredentials } from '../lib/credentials.js';
+/**
+ * Logout command - clears stored credentials
+ */
+export const logoutCommand = new Command('logout').description('Log out of Reminix').action(() => {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        console.log('Not logged in.');
+        return;
+    }
+    clearCredentials();
+    console.log(`✓ Logged out of ${credentials.email}`);
+});
+//# sourceMappingURL=logout.js.map

package/dist/commands/logout.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logout.js","sourceRoot":"","sources":["../../src/commands/logout.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAC;AAE1E;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC,CAAC,WAAW,CAAC,oBAAoB,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE;IAC/F,MAAM,WAAW,GAAG,eAAe,EAAE,CAAC;IAEtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,CAAC;QAC9B,OAAO;IACT,CAAC;IAED,gBAAgB,EAAE,CAAC;IACnB,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,CAAC,KAAK,EAAE,CAAC,CAAC;AACtD,CAAC,CAAC,CAAC"}

package/dist/commands/version.d.ts

@@ -1,2 +1,2 @@
-export declare const version = "0.1.2";
+export declare const version = "0.1.3";
 //# sourceMappingURL=version.d.ts.map

package/dist/commands/version.js

@@ -1,2 +1,2 @@
-export const version = '0.1.2';
+export const version = '0.1.3';
 //# sourceMappingURL=version.js.map

package/dist/commands/whoami.d.ts

@@ -0,0 +1,6 @@
+import { Command } from 'commander';
+/**
+ * Whoami command - shows current logged-in user
+ */
+export declare const whoamiCommand: Command;
+//# sourceMappingURL=whoami.d.ts.map

package/dist/commands/whoami.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.d.ts","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAGpC;;GAEG;AACH,eAAO,MAAM,aAAa,SAiBtB,CAAC"}

package/dist/commands/whoami.js

@@ -0,0 +1,21 @@
+import { Command } from 'commander';
+import { loadCredentials, getCredentialsDirPath } from '../lib/credentials.js';
+/**
+ * Whoami command - shows current logged-in user
+ */
+export const whoamiCommand = new Command('whoami')
+    .description('Show the currently logged-in user')
+    .option('--verbose', 'Show additional details')
+    .action((options) => {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        console.log("Not logged in. Run 'reminix login' to authenticate.");
+        process.exit(1);
+    }
+    console.log(credentials.email);
+    if (options.verbose) {
+        console.log(`\nToken created: ${credentials.createdAt}`);
+        console.log(`Credentials stored in: ${getCredentialsDirPath()}`);
+    }
+});
+//# sourceMappingURL=whoami.js.map

package/dist/commands/whoami.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"whoami.js","sourceRoot":"","sources":["../../src/commands/whoami.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,eAAe,EAAE,qBAAqB,EAAE,MAAM,uBAAuB,CAAC;AAE/E;;GAEG;AACH,MAAM,CAAC,MAAM,aAAa,GAAG,IAAI,OAAO,CAAC,QAAQ,CAAC;KAC/C,WAAW,CAAC,mCAAmC,CAAC;KAChD,MAAM,CAAC,WAAW,EAAE,yBAAyB,CAAC;KAC9C,MAAM,CAAC,CAAC,OAAO,EAAE,EAAE;IAClB,MAAM,WAAW,GAAG,eAAe,EAAE,CAAC;IAEtC,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,OAAO,CAAC,GAAG,CAAC,qDAAqD,CAAC,CAAC;QACnE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,KAAK,CAAC,CAAC;IAE/B,IAAI,OAAO,CAAC,OAAO,EAAE,CAAC;QACpB,OAAO,CAAC,GAAG,CAAC,oBAAoB,WAAW,CAAC,SAAS,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,0BAA0B,qBAAqB,EAAE,EAAE,CAAC,CAAC;IACnE,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/index.js

@@ -1,6 +1,9 @@
 #!/usr/bin/env node
 import { Command } from 'commander';
 import { version } from './commands/version.js';
+import { loginCommand } from './commands/login.js';
+import { logoutCommand } from './commands/logout.js';
+import { whoamiCommand } from './commands/whoami.js';
 const program = new Command();
 program
     .name('reminix')
@@ -10,5 +13,9 @@ program
     .action(() => {
     program.help();
 });
+// Add commands
+program.addCommand(loginCommand);
+program.addCommand(logoutCommand);
+program.addCommand(whoamiCommand);
 program.parse();
 //# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAEhD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,kDAAkD,CAAC;KAC/D,OAAO,CAAC,OAAO,EAAE,eAAe,EAAE,wBAAwB,CAAC;KAC3D,kBAAkB,EAAE;KACpB,MAAM,CAAC,GAAG,EAAE;IACX,OAAO,CAAC,IAAI,EAAE,CAAC;AACjB,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,EAAE,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";AAEA,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AACpC,OAAO,EAAE,OAAO,EAAE,MAAM,uBAAuB,CAAC;AAChD,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AACnD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AACrD,OAAO,EAAE,aAAa,EAAE,MAAM,sBAAsB,CAAC;AAErD,MAAM,OAAO,GAAG,IAAI,OAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,SAAS,CAAC;KACf,WAAW,CAAC,kDAAkD,CAAC;KAC/D,OAAO,CAAC,OAAO,EAAE,eAAe,EAAE,wBAAwB,CAAC;KAC3D,kBAAkB,EAAE;KACpB,MAAM,CAAC,GAAG,EAAE;IACX,OAAO,CAAC,IAAI,EAAE,CAAC;AACjB,CAAC,CAAC,CAAC;AAEL,eAAe;AACf,OAAO,CAAC,UAAU,CAAC,YAAY,CAAC,CAAC;AACjC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAClC,OAAO,CAAC,UAAU,CAAC,aAAa,CAAC,CAAC;AAElC,OAAO,CAAC,KAAK,EAAE,CAAC"}

package/dist/lib/auth-server.d.ts

@@ -0,0 +1,21 @@
+/**
+ * Result from the auth callback
+ */
+export interface AuthCallbackResult {
+    token: string;
+    state: string;
+    email: string;
+}
+/**
+ * Start the auth server and return both the port and the result promise
+ * This allows the caller to get the port immediately and wait for the result separately
+ */
+export declare function createAuthServer(expectedState: string, timeoutMs?: number): Promise<{
+    port: number;
+    waitForCallback: () => Promise<AuthCallbackResult>;
+}>;
+/**
+ * Generate a random state string for CSRF protection
+ */
+export declare function generateState(): string;
+//# sourceMappingURL=auth-server.d.ts.map

package/dist/lib/auth-server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-server.d.ts","sourceRoot":"","sources":["../../src/lib/auth-server.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,MAAM,WAAW,kBAAkB;IACjC,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;CACf;AA+ID;;;GAGG;AACH,wBAAgB,gBAAgB,CAC9B,aAAa,EAAE,MAAM,EACrB,SAAS,GAAE,MAAsB,GAChC,OAAO,CAAC;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,eAAe,EAAE,MAAM,OAAO,CAAC,kBAAkB,CAAC,CAAA;CAAE,CAAC,CA0F/E;AAED;;GAEG;AACH,wBAAgB,aAAa,IAAI,MAAM,CAItC"}

package/dist/lib/auth-server.js

@@ -0,0 +1,234 @@
+import * as http from 'node:http';
+/**
+ * HTML page shown after successful authentication
+ */
+const SUCCESS_HTML = `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Reminix CLI - Authenticated</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      color: #fff;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .checkmark {
+      width: 80px;
+      height: 80px;
+      margin: 0 auto 1.5rem;
+      background: #10b981;
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      animation: pop 0.3s ease-out;
+    }
+    .checkmark svg {
+      width: 40px;
+      height: 40px;
+      stroke: white;
+      stroke-width: 3;
+      fill: none;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin-bottom: 0.5rem;
+    }
+    p {
+      color: #94a3b8;
+      font-size: 1rem;
+    }
+    @keyframes pop {
+      0% { transform: scale(0); }
+      80% { transform: scale(1.1); }
+      100% { transform: scale(1); }
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="checkmark">
+      <svg viewBox="0 0 24 24">
+        <polyline points="20 6 9 17 4 12"></polyline>
+      </svg>
+    </div>
+    <h1>Authentication successful!</h1>
+    <p>You can close this tab and return to your terminal.</p>
+  </div>
+</body>
+</html>
+`;
+/**
+ * HTML page shown when there's an error
+ */
+const ERROR_HTML = `
+<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Reminix CLI - Error</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+      background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      color: #fff;
+    }
+    .container {
+      text-align: center;
+      padding: 2rem;
+    }
+    .error-icon {
+      width: 80px;
+      height: 80px;
+      margin: 0 auto 1.5rem;
+      background: #ef4444;
+      border-radius: 50%;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+    }
+    .error-icon svg {
+      width: 40px;
+      height: 40px;
+      stroke: white;
+      stroke-width: 3;
+      fill: none;
+    }
+    h1 {
+      font-size: 1.5rem;
+      font-weight: 600;
+      margin-bottom: 0.5rem;
+    }
+    p {
+      color: #94a3b8;
+      font-size: 1rem;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="error-icon">
+      <svg viewBox="0 0 24 24">
+        <line x1="18" y1="6" x2="6" y2="18"></line>
+        <line x1="6" y1="6" x2="18" y2="18"></line>
+      </svg>
+    </div>
+    <h1>Authentication failed</h1>
+    <p>Please try again from your terminal.</p>
+  </div>
+</body>
+</html>
+`;
+/**
+ * Start the auth server and return both the port and the result promise
+ * This allows the caller to get the port immediately and wait for the result separately
+ */
+export function createAuthServer(expectedState, timeoutMs = 5 * 60 * 1000) {
+    return new Promise((resolve, reject) => {
+        let callbackResolve;
+        let callbackReject;
+        const callbackPromise = new Promise((res, rej) => {
+            callbackResolve = res;
+            callbackReject = rej;
+        });
+        const server = http.createServer((req, res) => {
+            // Only handle GET requests to /callback
+            if (!req.url?.startsWith('/callback')) {
+                res.writeHead(404);
+                res.end('Not found');
+                return;
+            }
+            // Parse query parameters using WHATWG URL API
+            const parsedUrl = new URL(req.url, `http://localhost`);
+            const token = parsedUrl.searchParams.get('token') ?? undefined;
+            const state = parsedUrl.searchParams.get('state') ?? undefined;
+            const email = parsedUrl.searchParams.get('email') ?? undefined;
+            const error = parsedUrl.searchParams.get('error') ?? undefined;
+            // Handle error from web app
+            if (error) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(ERROR_HTML);
+                cleanup();
+                callbackReject(new Error(`Authentication failed: ${error}`));
+                return;
+            }
+            // Validate required parameters
+            if (!token || !state || !email) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(ERROR_HTML);
+                cleanup();
+                callbackReject(new Error('Missing token, state, or email in callback'));
+                return;
+            }
+            // Verify state matches (CSRF protection)
+            if (state !== expectedState) {
+                res.writeHead(200, { 'Content-Type': 'text/html' });
+                res.end(ERROR_HTML);
+                cleanup();
+                callbackReject(new Error('State mismatch - possible CSRF attack'));
+                return;
+            }
+            // Success!
+            res.writeHead(200, { 'Content-Type': 'text/html' });
+            res.end(SUCCESS_HTML);
+            cleanup();
+            callbackResolve({ token, state, email });
+        });
+        // Handle server errors
+        server.on('error', (err) => {
+            cleanup();
+            reject(err);
+        });
+        // Set up timeout
+        const timeoutId = setTimeout(() => {
+            cleanup();
+            callbackReject(new Error('Authentication timed out. Please try again.'));
+        }, timeoutMs);
+        // Cleanup function
+        function cleanup() {
+            clearTimeout(timeoutId);
+            server.close();
+        }
+        // Start server on random available port (port 0)
+        server.listen(0, '127.0.0.1', () => {
+            const address = server.address();
+            if (typeof address === 'object' && address) {
+                resolve({
+                    port: address.port,
+                    waitForCallback: () => callbackPromise,
+                });
+            }
+            else {
+                reject(new Error('Failed to start auth server'));
+            }
+        });
+    });
+}
+/**
+ * Generate a random state string for CSRF protection
+ */
+export function generateState() {
+    const array = new Uint8Array(32);
+    crypto.getRandomValues(array);
+    return Array.from(array, (byte) => byte.toString(16).padStart(2, '0')).join('');
+}
+//# sourceMappingURL=auth-server.js.map

package/dist/lib/auth-server.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-server.js","sourceRoot":"","sources":["../../src/lib/auth-server.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAWlC;;GAEG;AACH,MAAM,YAAY,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CAoEpB,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA+DlB,CAAC;AAEF;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAC9B,aAAqB,EACrB,YAAoB,CAAC,GAAG,EAAE,GAAG,IAAI;IAEjC,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;QACrC,IAAI,eAAqD,CAAC;QAC1D,IAAI,cAAsC,CAAC;QAE3C,MAAM,eAAe,GAAG,IAAI,OAAO,CAAqB,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YACnE,eAAe,GAAG,GAAG,CAAC;YACtB,cAAc,GAAG,GAAG,CAAC;QACvB,CAAC,CAAC,CAAC;QAEH,MAAM,MAAM,GAAG,IAAI,CAAC,YAAY,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;YAC5C,wCAAwC;YACxC,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,UAAU,CAAC,WAAW,CAAC,EAAE,CAAC;gBACtC,GAAG,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;gBACnB,GAAG,CAAC,GAAG,CAAC,WAAW,CAAC,CAAC;gBACrB,OAAO;YACT,CAAC;YAED,8CAA8C;YAC9C,MAAM,SAAS,GAAG,IAAI,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,kBAAkB,CAAC,CAAC;YACvD,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAC/D,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAC/D,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAC/D,MAAM,KAAK,GAAG,SAAS,CAAC,YAAY,CAAC,GAAG,CAAC,OAAO,CAAC,IAAI,SAAS,CAAC;YAE/D,4BAA4B;YAC5B,IAAI,KAAK,EAAE,CAAC;gBACV,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;gBACV,cAAc,CAAC,IAAI,KAAK,CAAC,0BAA0B,KAAK,EAAE,CAAC,CAAC,CAAC;gBAC7D,OAAO;YACT,CAAC;YAED,+BAA+B;YAC/B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,EAAE,CAAC;gBAC/B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;gBACV,cAAc,CAAC,IAAI,KAAK,CAAC,4CAA4C,CAAC,CAAC,CAAC;gBACxE,OAAO;YACT,CAAC;YAED,yCAAyC;YACzC,IAAI,KAAK,KAAK,aAAa,EAAE,CAAC;gBAC5B,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;gBACpB,OAAO,EAAE,CAAC;gBACV,cAAc,CAAC,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,WAAW;YACX,GAAG,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,cAAc,EAAE,WAAW,EAAE,CAAC,CAAC;YACpD,GAAG,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;YACtB,OAAO,EAAE,CAAC;YACV,eAAe,CAAC,EAAE,KAAK,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC,CAAC;QAC3C,CAAC,CAAC,CAAC;QAEH,uBAAuB;QACvB,MAAM,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,EAAE;YACzB,OAAO,EAAE,CAAC;YACV,MAAM,CAAC,GAAG,CAAC,CAAC;QACd,CAAC,CAAC,CAAC;QAEH,iBAAiB;QACjB,MAAM,SAAS,GAAG,UAAU,CAAC,GAAG,EAAE;YAChC,OAAO,EAAE,CAAC;YACV,cAAc,CAAC,IAAI,KAAK,CAAC,6CAA6C,CAAC,CAAC,CAAC;QAC3E,CAAC,EAAE,SAAS,CAAC,CAAC;QAEd,mBAAmB;QACnB,SAAS,OAAO;YACd,YAAY,CAAC,SAAS,CAAC,CAAC;YACxB,MAAM,CAAC,KAAK,EAAE,CAAC;QACjB,CAAC;QAED,iDAAiD;QACjD,MAAM,CAAC,MAAM,CAAC,CAAC,EAAE,WAAW,EAAE,GAAG,EAAE;YACjC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,EAAE,CAAC;YACjC,IAAI,OAAO,OAAO,KAAK,QAAQ,IAAI,OAAO,EAAE,CAAC;gBAC3C,OAAO,CAAC;oBACN,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,eAAe,EAAE,GAAG,EAAE,CAAC,eAAe;iBACvC,CAAC,CAAC;YACL,CAAC;iBAAM,CAAC;gBACN,MAAM,CAAC,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC,CAAC;YACnD,CAAC;QACH,CAAC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa;IAC3B,MAAM,KAAK,GAAG,IAAI,UAAU,CAAC,EAAE,CAAC,CAAC;IACjC,MAAM,CAAC,eAAe,CAAC,KAAK,CAAC,CAAC;IAC9B,OAAO,KAAK,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,QAAQ,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;AAClF,CAAC"}

package/dist/lib/credentials.d.ts

@@ -0,0 +1,32 @@
+/**
+ * Credentials stored locally for CLI authentication
+ */
+export interface Credentials {
+    token: string;
+    email: string;
+    createdAt: string;
+}
+/**
+ * Save credentials to the local filesystem
+ * Creates the config directory if it doesn't exist
+ */
+export declare function saveCredentials(token: string, email: string): void;
+/**
+ * Load credentials from the local filesystem
+ * Returns null if no credentials exist or file is invalid
+ */
+export declare function loadCredentials(): Credentials | null;
+/**
+ * Clear stored credentials
+ * Removes the credentials file if it exists
+ */
+export declare function clearCredentials(): void;
+/**
+ * Check if user is logged in (has valid credentials)
+ */
+export declare function isLoggedIn(): boolean;
+/**
+ * Get the credentials directory path (for display purposes)
+ */
+export declare function getCredentialsDirPath(): string;
+//# sourceMappingURL=credentials.d.ts.map

package/dist/lib/credentials.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.d.ts","sourceRoot":"","sources":["../../src/lib/credentials.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;CACnB;AAqBD;;;GAGG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAmBlE;AAED;;;GAGG;AACH,wBAAgB,eAAe,IAAI,WAAW,GAAG,IAAI,CAoBpD;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,IAAI,CAMvC;AAED;;GAEG;AACH,wBAAgB,UAAU,IAAI,OAAO,CAEpC;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C"}

package/dist/lib/credentials.js

@@ -0,0 +1,86 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
+/**
+ * Get the path to the credentials directory
+ * Uses XDG_CONFIG_HOME if set, otherwise ~/.config/reminix
+ */
+function getCredentialsDir() {
+    const xdgConfigHome = process.env.XDG_CONFIG_HOME;
+    if (xdgConfigHome) {
+        return path.join(xdgConfigHome, 'reminix');
+    }
+    return path.join(os.homedir(), '.config', 'reminix');
+}
+/**
+ * Get the path to the credentials file
+ */
+function getCredentialsPath() {
+    return path.join(getCredentialsDir(), 'credentials.json');
+}
+/**
+ * Save credentials to the local filesystem
+ * Creates the config directory if it doesn't exist
+ */
+export function saveCredentials(token, email) {
+    const dir = getCredentialsDir();
+    const filePath = getCredentialsPath();
+    // Create directory if it doesn't exist
+    if (!fs.existsSync(dir)) {
+        fs.mkdirSync(dir, { recursive: true, mode: 0o700 }); // Only owner can access
+    }
+    const credentials = {
+        token,
+        email,
+        createdAt: new Date().toISOString(),
+    };
+    // Write credentials file with restricted permissions
+    fs.writeFileSync(filePath, JSON.stringify(credentials, null, 2), {
+        mode: 0o600, // Only owner can read/write
+    });
+}
+/**
+ * Load credentials from the local filesystem
+ * Returns null if no credentials exist or file is invalid
+ */
+export function loadCredentials() {
+    const filePath = getCredentialsPath();
+    if (!fs.existsSync(filePath)) {
+        return null;
+    }
+    try {
+        const content = fs.readFileSync(filePath, 'utf-8');
+        const credentials = JSON.parse(content);
+        // Basic validation
+        if (!credentials.token || !credentials.email) {
+            return null;
+        }
+        return credentials;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Clear stored credentials
+ * Removes the credentials file if it exists
+ */
+export function clearCredentials() {
+    const filePath = getCredentialsPath();
+    if (fs.existsSync(filePath)) {
+        fs.unlinkSync(filePath);
+    }
+}
+/**
+ * Check if user is logged in (has valid credentials)
+ */
+export function isLoggedIn() {
+    return loadCredentials() !== null;
+}
+/**
+ * Get the credentials directory path (for display purposes)
+ */
+export function getCredentialsDirPath() {
+    return getCredentialsDir();
+}
+//# sourceMappingURL=credentials.js.map

package/dist/lib/credentials.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"credentials.js","sourceRoot":"","sources":["../../src/lib/credentials.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAC9B,OAAO,KAAK,IAAI,MAAM,WAAW,CAAC;AAClC,OAAO,KAAK,EAAE,MAAM,SAAS,CAAC;AAW9B;;;GAGG;AACH,SAAS,iBAAiB;IACxB,MAAM,aAAa,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAClD,IAAI,aAAa,EAAE,CAAC;QAClB,OAAO,IAAI,CAAC,IAAI,CAAC,aAAa,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC;IACD,OAAO,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,OAAO,EAAE,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC;AAED;;GAEG;AACH,SAAS,kBAAkB;IACzB,OAAO,IAAI,CAAC,IAAI,CAAC,iBAAiB,EAAE,EAAE,kBAAkB,CAAC,CAAC;AAC5D,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe,CAAC,KAAa,EAAE,KAAa;IAC1D,MAAM,GAAG,GAAG,iBAAiB,EAAE,CAAC;IAChC,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,uCAAuC;IACvC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACxB,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC,wBAAwB;IAC/E,CAAC;IAED,MAAM,WAAW,GAAgB;QAC/B,KAAK;QACL,KAAK;QACL,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;KACpC,CAAC;IAEF,qDAAqD;IACrD,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE;QAC/D,IAAI,EAAE,KAAK,EAAE,4BAA4B;KAC1C,CAAC,CAAC;AACL,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,eAAe;IAC7B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC7B,OAAO,IAAI,CAAC;IACd,CAAC;IAED,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,IAAI,CAAC,KAAK,CAAC,OAAO,CAAgB,CAAC;QAEvD,mBAAmB;QACnB,IAAI,CAAC,WAAW,CAAC,KAAK,IAAI,CAAC,WAAW,CAAC,KAAK,EAAE,CAAC;YAC7C,OAAO,IAAI,CAAC;QACd,CAAC;QAED,OAAO,WAAW,CAAC;IACrB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,QAAQ,GAAG,kBAAkB,EAAE,CAAC;IAEtC,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,UAAU;IACxB,OAAO,eAAe,EAAE,KAAK,IAAI,CAAC;AACpC,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACnC,OAAO,iBAAiB,EAAE,CAAC;AAC7B,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@reminix/cli",
-  "version": "0.1.2",
+  "version": "0.1.3",
   "description": "Reminix CLI - Command-line interface for Reminix",
   "license": "Apache-2.0",
   "author": {
@@ -18,11 +18,11 @@
   "homepage": "https://reminix.com",
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/reminix-ai/reminix-cli.git",
+    "url": "git+https://github.com/reminix-ai/cli.git",
     "directory": "packages/cli"
   },
   "bugs": {
-    "url": "https://github.com/reminix-ai/reminix-cli/issues"
+    "url": "https://github.com/reminix-ai/cli/issues"
   },
   "engines": {
     "node": ">=20"
@@ -48,7 +48,8 @@
     "LICENSE"
   ],
   "dependencies": {
-    "commander": "^14.0.2"
+    "commander": "^14.0.2",
+    "open": "^11.0.0"
   },
   "devDependencies": {
     "@types/node": "^25.0.9",