@robot-resources/cli-core 0.1.0

package/auth.mjs

@@ -0,0 +1,255 @@
+import { createHash, randomBytes } from 'node:crypto';
+import { createServer } from 'node:http';
+
+const SUPABASE_URL = 'https://tbnliojrqmcagojtvqpe.supabase.co';
+const SUPABASE_ANON_KEY =
+  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRibmxpb2pycW1jYWdvanR2cXBlIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzMyNjIxNzAsImV4cCI6MjA4ODgzODE3MH0.GKlpbVFgBbcV0OwxFZuOb-LfqtOu95ZiR33KNOONPI0';
+
+const PREFERRED_PORT = 54321;
+
+/**
+ * Generate PKCE code verifier + challenge
+ */
+function generatePKCE() {
+  const verifier = randomBytes(32)
+    .toString('base64url')
+    .slice(0, 64);
+  const challenge = createHash('sha256')
+    .update(verifier)
+    .digest('base64url');
+  return { verifier, challenge };
+}
+
+/**
+ * Build the Supabase OAuth URL for GitHub login
+ */
+export function buildAuthUrl(codeChallenge, callbackUrl) {
+  const params = new URLSearchParams({
+    provider: 'github',
+    redirect_to: callbackUrl,
+    flow_type: 'pkce',
+    code_challenge: codeChallenge,
+    code_challenge_method: 'S256',
+  });
+  return `${SUPABASE_URL}/auth/v1/authorize?${params}`;
+}
+
+const MAX_BODY = 8192;
+
+/**
+ * Create callback server. Returns { server, resultPromise, nonce }.
+ * resultPromise resolves with { type: 'code', code } or { type: 'token', access_token }.
+ * The nonce protects /receive-token from cross-origin requests.
+ */
+function createCallbackServer() {
+  let resolveResult, rejectResult;
+  const resultPromise = new Promise((resolve, reject) => {
+    resolveResult = resolve;
+    rejectResult = reject;
+  });
+
+  const nonce = randomBytes(16).toString('hex');
+  const tokenPath = `/receive-token/${nonce}`;
+
+  const timeout = setTimeout(() => {
+    server.close();
+    rejectResult(new Error('Login timed out after 120 seconds'));
+  }, 120_000);
+
+  const server = createServer((req, res) => {
+    const port = server.address()?.port ?? PREFERRED_PORT;
+    const url = new URL(req.url, `http://localhost:${port}`);
+
+    // Handle token/debug info posted from browser (nonce-protected)
+    if (url.pathname === tokenPath && req.method === 'POST') {
+      let body = '';
+      req.on('data', (chunk) => {
+        body += chunk;
+        if (body.length > MAX_BODY) {
+          req.destroy();
+          clearTimeout(timeout);
+          server.close();
+          rejectResult(new Error('Request body too large'));
+        }
+      });
+      req.on('end', () => {
+        res.writeHead(200);
+        res.end('ok');
+        clearTimeout(timeout);
+        server.close();
+
+        if (body.startsWith('NO_FRAGMENT:')) {
+          rejectResult(new Error('No tokens received from browser redirect'));
+        } else {
+          const params = new URLSearchParams(body);
+          const accessToken = params.get('access_token');
+          if (accessToken) {
+            resolveResult({ type: 'token', access_token: accessToken });
+          } else {
+            rejectResult(new Error('Unexpected callback data'));
+          }
+        }
+      });
+      return;
+    }
+
+    if (url.pathname === '/callback') {
+      const code = url.searchParams.get('code');
+
+      if (code) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(`
+          <html>
+            <body style="background:#0a0a0a;color:#ff6600;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
+              <div style="text-align:center">
+                <h1>&#9632; Robot Resources</h1>
+                <p style="color:#00ff41">Login successful. You can close this tab.</p>
+              </div>
+            </body>
+          </html>
+        `);
+        clearTimeout(timeout);
+        server.close();
+        resolveResult({ type: 'code', code });
+      } else {
+        // No code in query params — serve page that captures the full URL
+        // (fragment tokens, errors, etc.) and sends it back via nonce-protected endpoint
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(`
+          <html>
+            <body style="background:#0a0a0a;color:#ff6600;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
+              <div style="text-align:center">
+                <h1>&#9632; Robot Resources</h1>
+                <p id="msg">Completing login...</p>
+              </div>
+            </body>
+            <script>
+              const fullUrl = window.location.href;
+              const hash = window.location.hash.substring(1);
+              const payload = hash || 'NO_FRAGMENT:' + fullUrl;
+              fetch('${tokenPath}', { method: 'POST', body: payload })
+                .then(() => {
+                  if (hash && hash.includes('access_token')) {
+                    document.getElementById('msg').style.color = '#00ff41';
+                    document.getElementById('msg').textContent = 'Login successful. You can close this tab.';
+                  } else {
+                    document.getElementById('msg').style.color = '#ffaa00';
+                    document.getElementById('msg').textContent = 'Something went wrong. Check terminal.';
+                  }
+                });
+            </script>
+          </html>
+        `);
+      }
+      return;
+    }
+
+    // Reject all other paths
+    res.writeHead(404);
+    res.end();
+  });
+
+  server.on('error', (err) => {
+    clearTimeout(timeout);
+    rejectResult(new Error(`Could not start callback server: ${err.message}`));
+  });
+
+  return { server, resultPromise, nonce };
+}
+
+/**
+ * Exchange the auth code + PKCE verifier for a Supabase session.
+ */
+async function exchangeCodeForSession(code, codeVerifier) {
+  const res = await fetch(`${SUPABASE_URL}/auth/v1/token?grant_type=pkce`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      apikey: SUPABASE_ANON_KEY,
+    },
+    body: JSON.stringify({
+      auth_code: code,
+      code_verifier: codeVerifier,
+    }),
+  });
+
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Token exchange failed (${res.status}): ${body}`);
+  }
+
+  return res.json();
+}
+
+/**
+ * Try to listen on the preferred port, fall back to OS-assigned port.
+ */
+function listenWithFallback(server) {
+  return new Promise((resolve, reject) => {
+    server.once('error', (err) => {
+      if (err.code === 'EADDRINUSE') {
+        // Preferred port busy — let OS assign one
+        server.listen(0, '127.0.0.1', () => resolve(server.address().port));
+      } else {
+        reject(err);
+      }
+    });
+    server.listen(PREFERRED_PORT, '127.0.0.1', () => resolve(server.address().port));
+  });
+}
+
+/**
+ * Full OAuth flow with PKCE + implicit fallback.
+ * Returns { access_token, refresh_token, user }.
+ */
+export async function authenticate() {
+  const { verifier, challenge } = generatePKCE();
+
+  // Create server and wait for it to be listening
+  const { server, resultPromise } = createCallbackServer();
+
+  const port = await listenWithFallback(server);
+  const callbackUrl = `http://localhost:${port}/callback`;
+  const authUrl = buildAuthUrl(challenge, callbackUrl);
+
+  console.log(`\n  Auth URL: ${authUrl}\n`);
+
+  // Open browser
+  const { exec } = await import('node:child_process');
+  const openCmd =
+    process.platform === 'darwin' ? 'open' :
+    process.platform === 'win32' ? 'start' :
+    'xdg-open';
+
+  exec(`${openCmd} "${authUrl}"`);
+
+  console.log('  Waiting for GitHub authorization...\n');
+
+  // Wait for the callback
+  const result = await resultPromise;
+
+  if (result.type === 'code') {
+    // PKCE flow — exchange code for session
+    const session = await exchangeCodeForSession(result.code, verifier);
+    return {
+      access_token: session.access_token,
+      refresh_token: session.refresh_token,
+      user: session.user,
+    };
+  } else {
+    // Implicit flow fallback — we have the access_token directly
+    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
+      headers: {
+        apikey: SUPABASE_ANON_KEY,
+        Authorization: `Bearer ${result.access_token}`,
+      },
+    });
+    if (!res.ok) throw new Error('Failed to fetch user info');
+    const user = await res.json();
+    return {
+      access_token: result.access_token,
+      refresh_token: null,
+      user,
+    };
+  }
+}

package/config.mjs

@@ -0,0 +1,55 @@
+import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const CONFIG_DIR = join(homedir(), '.robot-resources');
+const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
+
+export function getConfigPath() {
+  return CONFIG_FILE;
+}
+
+export function getConfigDir() {
+  return CONFIG_DIR;
+}
+
+export function readConfig() {
+  try {
+    return JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'));
+  } catch {
+    return {};
+  }
+}
+
+export function writeConfig(data) {
+  mkdirSync(CONFIG_DIR, { recursive: true });
+  const existing = readConfig();
+  const merged = { ...existing, ...data };
+  writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n', { mode: 0o600 });
+  return merged;
+}
+
+export function readProviderKeys() {
+  const config = readConfig();
+  return config.provider_keys || {};
+}
+
+export function writeProviderKeys(keys) {
+  mkdirSync(CONFIG_DIR, { recursive: true });
+  const existing = readConfig();
+  const existingProviderKeys = existing.provider_keys || {};
+  const merged = {
+    ...existing,
+    provider_keys: { ...existingProviderKeys, ...keys },
+  };
+  writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n', { mode: 0o600 });
+  return merged;
+}
+
+export function clearConfig() {
+  try {
+    writeFileSync(CONFIG_FILE, '{}\n', { mode: 0o600 });
+  } catch {
+    // config file doesn't exist, that's fine
+  }
+}

package/index.mjs

@@ -0,0 +1,14 @@
+export { authenticate, buildAuthUrl } from './auth.mjs';
+export { readConfig, writeConfig, clearConfig, getConfigPath, getConfigDir } from './config.mjs';
+export { login, createApiKey } from './login.mjs';
+export {
+  findPython,
+  ensureVenv,
+  installRouter,
+  isRouterInstalled,
+  getVenvPython,
+  getVenvPip,
+  getVenvPythonPath,
+  MANAGED_VENV_DIR,
+  ROUTER_PIP_PACKAGE,
+} from './python-bridge.mjs';

package/login.mjs

@@ -0,0 +1,54 @@
+import { authenticate } from './auth.mjs';
+import { writeConfig, getConfigPath } from './config.mjs';
+
+const PLATFORM_URL = process.env.RR_PLATFORM_URL || 'https://api.robotresources.ai';
+
+/**
+ * Generate an API key via the platform API.
+ */
+export async function createApiKey(accessToken) {
+  const res = await fetch(`${PLATFORM_URL}/v1/keys`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${accessToken}`,
+    },
+    body: JSON.stringify({ name: `cli-${new Date().toISOString().slice(0, 10)}` }),
+  });
+
+  if (!res.ok) {
+    const body = await res.text();
+    throw new Error(`Failed to create API key (${res.status}): ${body}`);
+  }
+
+  const { data } = await res.json();
+  return data;
+}
+
+export async function login() {
+  console.log('\n  ██ Robot Resources — Login\n');
+  console.log('  Opening GitHub in your browser...');
+
+  try {
+    const { access_token, user } = await authenticate();
+
+    console.log(`  ✓ Authenticated as ${user.user_metadata?.user_name || user.email}`);
+    console.log('  Generating API key...');
+
+    const key = await createApiKey(access_token);
+
+    writeConfig({
+      api_key: key.key,
+      key_id: key.id,
+      key_name: key.name,
+      user_email: user.email,
+      user_name: user.user_metadata?.user_name || null,
+    });
+
+    console.log(`  ✓ API key saved to ${getConfigPath()}`);
+    console.log(`\n  You're all set. Router and Scraper will pick up the key automatically.\n`);
+  } catch (err) {
+    console.error(`\n  ✗ Login failed: ${err.message}\n`);
+    process.exit(1);
+  }
+}

package/package.json

@@ -0,0 +1,30 @@
+{
+  "name": "@robot-resources/cli-core",
+  "version": "0.1.0",
+  "description": "Shared CLI utilities — auth, config, login (internal)",
+  "type": "module",
+  "main": "./index.mjs",
+  "exports": {
+    ".": "./index.mjs",
+    "./auth.mjs": "./auth.mjs",
+    "./config.mjs": "./config.mjs",
+    "./login.mjs": "./login.mjs",
+    "./python-bridge.mjs": "./python-bridge.mjs"
+  },
+  "scripts": {
+    "test": "vitest",
+    "test:run": "vitest run"
+  },
+  "files": [
+    "*.mjs"
+  ],
+  "devDependencies": {
+    "vitest": "^1.2.0"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  }
+}

package/python-bridge.mjs

@@ -0,0 +1,115 @@
+import { execSync } from 'node:child_process';
+import { existsSync, mkdirSync } from 'node:fs';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+
+const VENV_DIR = join(homedir(), '.robot-resources', '.venv');
+const ROUTER_PACKAGE = 'robot-resources-router';
+
+const PYTHON_CANDIDATES = [
+  'python3.13', 'python3.12', 'python3.11', 'python3.10', 'python3', 'python',
+];
+
+/**
+ * Find a Python 3.10+ binary on the system.
+ * Returns { bin, version } or null if not found.
+ */
+export function findPython() {
+  for (const bin of PYTHON_CANDIDATES) {
+    try {
+      const output = execSync(`${bin} --version 2>&1`, { encoding: 'utf-8' }).trim();
+      const match = output.match(/Python (\d+)\.(\d+)/);
+      if (match) {
+        const [, major, minor] = match.map(Number);
+        if (major === 3 && minor >= 10) {
+          return { bin, version: `${major}.${minor}` };
+        }
+      }
+    } catch {
+      // binary not found, try next
+    }
+  }
+  return null;
+}
+
+/**
+ * Get the Python binary path inside the managed venv.
+ */
+export function getVenvPython() {
+  return process.platform === 'win32'
+    ? join(VENV_DIR, 'Scripts', 'python.exe')
+    : join(VENV_DIR, 'bin', 'python3');
+}
+
+/**
+ * Get the pip binary path inside the managed venv.
+ */
+export function getVenvPip() {
+  return process.platform === 'win32'
+    ? join(VENV_DIR, 'Scripts', 'pip.exe')
+    : join(VENV_DIR, 'bin', 'pip3');
+}
+
+/**
+ * Create a Python venv at ~/.robot-resources/.venv if it doesn't exist.
+ * Validates an existing venv and recreates if broken.
+ * Returns the path to the venv Python binary.
+ *
+ * @param {string} pythonBin — system Python binary to use for venv creation
+ */
+export function ensureVenv(pythonBin) {
+  const venvPython = getVenvPython();
+
+  if (existsSync(venvPython)) {
+    try {
+      execSync(`"${venvPython}" --version`, { stdio: 'pipe' });
+      return venvPython;
+    } catch {
+      // Broken venv — recreate below
+    }
+  }
+
+  mkdirSync(join(homedir(), '.robot-resources'), { recursive: true });
+  execSync(`"${pythonBin}" -m venv "${VENV_DIR}"`, { stdio: 'pipe' });
+  return venvPython;
+}
+
+/**
+ * Install (or upgrade) the router Python package into the managed venv.
+ *
+ * @param {object} [options]
+ * @param {'pipe'|'inherit'} [options.stdio='pipe'] — controls install output visibility
+ * @param {number} [options.timeout=120000] — pip install timeout in ms
+ */
+export function installRouter({ stdio = 'pipe', timeout = 120_000 } = {}) {
+  const pip = getVenvPip();
+  execSync(`"${pip}" install --upgrade "${ROUTER_PACKAGE}"`, { stdio, timeout });
+}
+
+/**
+ * Check if the router Python package is importable in the managed venv.
+ */
+export function isRouterInstalled() {
+  const venvPython = getVenvPython();
+  if (!existsSync(venvPython)) return false;
+
+  try {
+    execSync(`"${venvPython}" -c "import robot_resources"`, { stdio: 'pipe' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get the managed venv's Python path (convenience alias for service registration, etc.).
+ */
+export function getVenvPythonPath() {
+  return getVenvPython();
+}
+
+/** Expose the venv directory path for advanced use cases. */
+export const MANAGED_VENV_DIR = VENV_DIR;
+
+/** Expose the router pip package name. */
+export const ROUTER_PIP_PACKAGE = ROUTER_PACKAGE;

package/vitest.config.mjs

@@ -0,0 +1,9 @@
+import { defineConfig } from 'vitest/config';
+
+export default defineConfig({
+  test: {
+    globals: true,
+    environment: 'node',
+    include: ['test/**/*.test.mjs'],
+  },
+});