@seventysixty/codefacility-bridge 1.0.1

package/README.md

@@ -0,0 +1,59 @@
+# @codefacility/bridge
+
+Local bridge that lets the CodeFacility web app verify AI CLI tools installed on your machine.
+
+## Why it exists
+
+Browsers cannot run shell commands. This bridge runs as a tiny local HTTP server on `127.0.0.1:7325` — reachable only from your machine — and checks whether CLIs like `claude`, `codex`, and `gemini` are installed and authenticated.
+
+## Usage
+
+```bash
+npx @seventysixty/codefacility-bridge
+```
+
+Run this once in any terminal. Keep it running while you use CodeFacility. Stop it with `Ctrl+C`.
+
+## Security
+
+- **Loopback only** — binds to `127.0.0.1`, never `0.0.0.0`. External machines cannot connect.
+- **Origin allowlist** — only accepts HTTP requests from `codefacility.vercel.app` and `localhost` dev servers.
+- **No arbitrary execution** — the provider list and CLI commands are hardcoded. No user input is ever used to construct a shell command.
+- **`execFile` not `exec`** — no shell is spawned; shell injection is not possible.
+- **No dependencies** — uses only Node.js built-in modules.
+- **No writes, no outbound calls** — reads credential files and environment variables only.
+
+## API
+
+### `GET /health`
+```json
+{ "status": "ok", "version": "1.0.0" }
+```
+
+### `POST /cli-verify`
+```json
+// Request
+{ "provider": "anthropic" }
+
+// Response
+{ "installed": true, "authenticated": true, "version": "1.0.5" }
+{ "installed": true, "authenticated": false }
+{ "installed": false, "authenticated": false }
+```
+
+Supported provider IDs: `anthropic`, `openai`, `google`, `mistral`, `xai`
+
+## How authentication is detected
+
+The bridge checks two things (no API calls are made):
+
+1. **Credential files** — known config/credential file locations for each CLI
+2. **Environment variables** — e.g. `ANTHROPIC_API_KEY`, `OPENAI_API_KEY`
+
+| Provider | CLI | Credential paths checked |
+|----------|-----|--------------------------|
+| Anthropic | `claude` | `~/.claude/.credentials.json` |
+| OpenAI | `codex` | `~/.codex/config.json`, `OPENAI_API_KEY` |
+| Google | `gemini` | `~/.gemini/credentials.json`, `GOOGLE_API_KEY` |
+| Mistral | `mistral` | `~/.mistral/credentials.json`, `MISTRAL_API_KEY` |
+| xAI | `xai` | `~/.xai/credentials.json`, `XAI_API_KEY` |

package/index.js

@@ -0,0 +1,281 @@
+#!/usr/bin/env node
+'use strict'
+
+/**
+ * CodeFacility Local Bridge
+ *
+ * Runs on http://127.0.0.1:7325 — loopback only, never reachable externally.
+ *
+ * Security model:
+ *  - Binds to 127.0.0.1 only (OS enforces: no external connections possible)
+ *  - Validates Origin header against an explicit allowlist
+ *  - Only exposes two endpoints: /health and /cli-verify
+ *  - /cli-verify only accepts a hardcoded list of known provider IDs
+ *  - Uses execFile (not exec) so no shell injection is possible
+ *  - Caps request body at 1 KB
+ *  - All child processes time out after 5 seconds
+ *  - No file writes, no outbound network calls, no eval
+ */
+
+const http    = require('http')
+const { execFile } = require('child_process')
+const fs      = require('fs')
+const os      = require('os')
+const path    = require('path')
+
+const PORT = 7325
+const HOST = '127.0.0.1'
+
+// Only the CodeFacility web app may call this bridge.
+// Requests from any other origin are rejected.
+const ALLOWED_ORIGINS = new Set([
+  'https://codefacility.vercel.app',
+  'https://dev-agent-nu.vercel.app',
+  'http://localhost:5173',   // Vite dev server
+  'http://localhost:4173',   // Vite preview
+  'http://localhost:3000',
+])
+
+const HOME = os.homedir()
+
+// ── Provider definitions ─────────────────────────────────────────────────────
+// Each entry describes:
+//   command       — the CLI binary name (no user-supplied input ever used here)
+//   credPaths     — filesystem paths that indicate the user is authenticated
+//   envVars       — environment variables that indicate an API key is configured
+//
+// Only providers listed here can be checked. Any unknown provider ID is rejected.
+const PROVIDERS = {
+  anthropic: {
+    command: 'claude',
+    credPaths: [
+      path.join(HOME, '.claude', '.credentials.json'),
+      path.join(HOME, '.claude', 'credentials.json'),
+      path.join(HOME, '.config', 'claude', 'credentials.json'),
+      // Windows-specific
+      path.join(HOME, 'AppData', 'Roaming', 'claude', 'credentials.json'),
+    ],
+    envVars: ['ANTHROPIC_API_KEY'],
+  },
+  openai: {
+    command: 'codex',
+    credPaths: [
+      path.join(HOME, '.codex', 'config.json'),
+      path.join(HOME, '.config', 'codex', 'config.json'),
+      path.join(HOME, 'AppData', 'Roaming', 'codex', 'config.json'),
+    ],
+    envVars: ['OPENAI_API_KEY'],
+  },
+  google: {
+    command: 'gemini',
+    credPaths: [
+      path.join(HOME, '.gemini', 'credentials.json'),
+      path.join(HOME, '.config', 'gemini', 'credentials.json'),
+      path.join(HOME, 'AppData', 'Roaming', 'gemini', 'credentials.json'),
+      // gcloud application-default credentials also satisfy Gemini CLI
+      path.join(HOME, '.config', 'gcloud', 'application_default_credentials.json'),
+    ],
+    envVars: ['GOOGLE_API_KEY', 'GEMINI_API_KEY'],
+  },
+  mistral: {
+    command: 'mistral',
+    credPaths: [
+      path.join(HOME, '.mistral', 'credentials.json'),
+      path.join(HOME, '.config', 'mistral', 'credentials.json'),
+    ],
+    envVars: ['MISTRAL_API_KEY'],
+  },
+  xai: {
+    command: 'xai',
+    credPaths: [
+      path.join(HOME, '.xai', 'credentials.json'),
+    ],
+    envVars: ['XAI_API_KEY'],
+  },
+}
+
+// ── CLI helpers ──────────────────────────────────────────────────────────────
+
+function runVersion(command) {
+  return new Promise((resolve) => {
+    execFile(
+      command,
+      ['--version'],
+      {
+        timeout: 5000,
+        windowsHide: true,
+        // On Windows, CLI tools installed via npm are .cmd wrappers
+        shell: process.platform === 'win32',
+      },
+      (err, stdout, stderr) => {
+        if (err) {
+          resolve({ ok: false })
+          return
+        }
+        // Some CLIs print version to stderr, some to stdout
+        const raw = (stdout || stderr || '').trim()
+        const version = raw.split('\n')[0].trim()
+        resolve({ ok: true, version })
+      }
+    )
+  })
+}
+
+function credFileExists(credPaths) {
+  for (const credPath of credPaths) {
+    try {
+      const stat = fs.statSync(credPath)
+      // File must exist and have actual content (> 10 bytes)
+      if (stat.isFile() && stat.size > 10) {
+        // For JSON credential files, verify the content is parseable
+        // and contains at least one key — not just an empty object
+        try {
+          const content = fs.readFileSync(credPath, 'utf8')
+          const parsed = JSON.parse(content)
+          if (typeof parsed === 'object' && parsed !== null && Object.keys(parsed).length > 0) {
+            return true
+          }
+        } catch {
+          // Not JSON (e.g. TOML config) — size check is enough
+          return true
+        }
+      }
+    } catch {
+      // File doesn't exist or can't be read — try the next path
+    }
+  }
+  return false
+}
+
+function envVarSet(envVars) {
+  return envVars.some((v) => {
+    const val = process.env[v]
+    return typeof val === 'string' && val.trim().length > 8
+  })
+}
+
+async function checkProvider(providerId) {
+  const def = PROVIDERS[providerId]
+  if (!def) return { installed: false, authenticated: false }
+
+  const { ok, version } = await runVersion(def.command)
+  if (!ok) return { installed: false, authenticated: false }
+
+  const authenticated = credFileExists(def.credPaths) || envVarSet(def.envVars)
+  const result = { installed: true, authenticated }
+  if (version) result.version = version
+  return result
+}
+
+// ── HTTP server ──────────────────────────────────────────────────────────────
+
+function setCorsHeaders(res, origin) {
+  res.setHeader('Access-Control-Allow-Origin', origin)
+  res.setHeader('Access-Control-Allow-Methods', 'GET, POST, OPTIONS')
+  res.setHeader('Access-Control-Allow-Headers', 'Content-Type')
+  res.setHeader('Access-Control-Max-Age', '86400')
+  // Prevent the bridge response from being cached
+  res.setHeader('Cache-Control', 'no-store')
+}
+
+function send(res, status, body) {
+  res.writeHead(status, { 'Content-Type': 'application/json' })
+  res.end(JSON.stringify(body))
+}
+
+const server = http.createServer((req, res) => {
+  const origin = req.headers.origin || ''
+
+  // ── Origin check ──────────────────────────────────────────────────────────
+  // Reject anything that isn't our web app. Because we bind to 127.0.0.1 the
+  // OS already prevents external machines from connecting; the Origin check is
+  // a defence-in-depth measure against CSRF from malicious websites.
+  if (!ALLOWED_ORIGINS.has(origin)) {
+    res.writeHead(403)
+    res.end()
+    return
+  }
+
+  setCorsHeaders(res, origin)
+
+  // Pre-flight
+  if (req.method === 'OPTIONS') {
+    res.writeHead(204)
+    res.end()
+    return
+  }
+
+  const { pathname } = new URL(req.url, `http://${HOST}`)
+
+  // ── GET /health ───────────────────────────────────────────────────────────
+  if (req.method === 'GET' && pathname === '/health') {
+    send(res, 200, { status: 'ok', version: '1.0.0' })
+    return
+  }
+
+  // ── POST /cli-verify ──────────────────────────────────────────────────────
+  if (req.method === 'POST' && pathname === '/cli-verify') {
+    let body = ''
+
+    req.on('data', (chunk) => {
+      body += chunk
+      // Hard cap — no request should be larger than 1 KB
+      if (body.length > 1024) {
+        req.destroy()
+        send(res, 413, { error: 'Request too large' })
+      }
+    })
+
+    req.on('end', async () => {
+      let providerId
+      try {
+        const parsed = JSON.parse(body)
+        providerId = parsed.provider
+      } catch {
+        send(res, 400, { error: 'Invalid JSON' })
+        return
+      }
+
+      // Only allow known, hardcoded provider IDs — never use providerId to
+      // construct a command string
+      if (typeof providerId !== 'string' || !Object.hasOwn(PROVIDERS, providerId)) {
+        send(res, 400, { error: 'Unknown provider' })
+        return
+      }
+
+      try {
+        const result = await checkProvider(providerId)
+        send(res, 200, result)
+      } catch (err) {
+        // Never expose internal error details
+        send(res, 500, { error: 'Verification failed' })
+      }
+    })
+
+    return
+  }
+
+  // All other routes
+  res.writeHead(404)
+  res.end()
+})
+
+server.on('error', (err) => {
+  if (err.code === 'EADDRINUSE') {
+    console.error(`[codefacility-bridge] Port ${PORT} is already in use.`)
+    console.error('[codefacility-bridge] Is another instance of the bridge already running?')
+  } else {
+    console.error('[codefacility-bridge] Fatal error:', err.message)
+  }
+  process.exit(1)
+})
+
+server.listen(PORT, HOST, () => {
+  console.log(`[codefacility-bridge] Running on http://${HOST}:${PORT}`)
+  console.log('[codefacility-bridge] Only accepting connections from the CodeFacility web app.')
+  console.log('[codefacility-bridge] Press Ctrl+C to stop.')
+})
+
+// Graceful shutdown
+process.on('SIGINT',  () => { server.close(); process.exit(0) })
+process.on('SIGTERM', () => { server.close(); process.exit(0) })

package/package.json

@@ -0,0 +1,22 @@
+{
+  "name": "@seventysixty/codefacility-bridge",
+  "version": "1.0.1",
+  "description": "CodeFacility local bridge — verifies AI CLI installations on the user's machine",
+  "main": "index.js",
+  "bin": {
+    "codefacility-bridge": "index.js"
+  },
+  "scripts": {
+    "start": "node index.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": ["codefacility", "devagent", "bridge", "cli"],
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/scorponmars/DevAgent.git",
+    "directory": "localclient"
+  }
+}