@skillrecordings/cli 0.1.0 → 0.2.0

package/src/index.ts

@@ -1,172 +0,0 @@
-#!/usr/bin/env bun
-import { closeDb } from '@skillrecordings/database'
-// Note: env is loaded via preload.ts before this file runs
-import { Command } from 'commander'
-import { registerAuthCommands } from './commands/auth/index'
-import { registerAxiomCommands } from './commands/axiom/index'
-import { registerDatasetCommands } from './commands/build-dataset'
-import { registerDbStatusCommand } from './commands/db-status'
-import { registerDeployCommands } from './commands/deploys'
-import { runEval } from './commands/eval'
-import { registerEvalLocalCommands } from './commands/eval-local/index'
-import { registerEvalPipelineCommands } from './commands/eval-pipeline/index'
-import { registerEvalPromptCommands } from './commands/eval-prompt'
-import { registerFaqClassifyCommands } from './commands/faq-classify'
-import { registerFaqClusterCommands } from './commands/faq-cluster'
-import { registerFaqExtractCommands } from './commands/faq-extract'
-import { registerFaqMineCommands } from './commands/faq-mine'
-import { registerFaqReviewCommands } from './commands/faq-review'
-import { registerFrontCommands } from './commands/front/index'
-import { health } from './commands/health'
-import { init } from './commands/init'
-import { registerEventsCommands } from './commands/inngest/events'
-import { registerRunsCommands } from './commands/inngest/runs'
-import { registerSignalCommand } from './commands/inngest/signal'
-import { registerKbCommands } from './commands/kb-sync'
-import { registerMemoryCommands } from './commands/memory/index'
-import { registerPipelineCommands } from './commands/pipeline'
-import { registerResponseCommands } from './commands/responses'
-import { registerToolsCommands } from './commands/tools'
-import { wizard } from './commands/wizard'
-
-const program = new Command()
-
-program
-  .name('skill')
-  .description('CLI tool for managing app integrations')
-  .version('0.0.0')
-
-program
-  .command('init')
-  .description('Initialize a new app integration (quick mode)')
-  .argument(
-    '[name]',
-    'Name of the integration (required in non-interactive mode)'
-  )
-  .option('--json', 'Output result as JSON (machine-readable)')
-  .action(init)
-
-program
-  .command('wizard')
-  .description('Interactive wizard for setting up a new property')
-  .option('--json', 'Output result as JSON (machine-readable)')
-  .action(wizard)
-
-program
-  .command('health')
-  .description('Test integration endpoint health')
-  .argument(
-    '[slug|url]',
-    'App slug (from database) or URL (e.g., https://totaltypescript.com)'
-  )
-  .option(
-    '-s, --secret <secret>',
-    'Webhook secret (required for direct URL mode)'
-  )
-  .option('-l, --list', 'List all registered apps')
-  .option('--json', 'Output result as JSON (machine-readable)')
-  .action(health)
-
-program
-  .command('eval')
-  .description('Run evals against a dataset')
-  .argument('<type>', 'Eval type (e.g., routing)')
-  .argument('<dataset>', 'Path to dataset JSON file')
-  .option('--json', 'Output result as JSON (machine-readable)')
-  .option(
-    '--min-precision <number>',
-    'Minimum precision threshold (default: 0.92)',
-    parseFloat
-  )
-  .option(
-    '--min-recall <number>',
-    'Minimum recall threshold (default: 0.95)',
-    parseFloat
-  )
-  .option(
-    '--max-fp-rate <number>',
-    'Maximum false positive rate (default: 0.03)',
-    parseFloat
-  )
-  .option(
-    '--max-fn-rate <number>',
-    'Maximum false negative rate (default: 0.02)',
-    parseFloat
-  )
-  .action((type, dataset, options) => {
-    const gates = {
-      ...(options.minPrecision !== undefined && {
-        minPrecision: options.minPrecision,
-      }),
-      ...(options.minRecall !== undefined && { minRecall: options.minRecall }),
-      ...(options.maxFpRate !== undefined && { maxFpRate: options.maxFpRate }),
-      ...(options.maxFnRate !== undefined && { maxFnRate: options.maxFnRate }),
-    }
-    runEval(type, dataset, {
-      json: options.json,
-      gates: Object.keys(gates).length > 0 ? gates : undefined,
-    })
-  })
-
-// Register Inngest commands
-registerEventsCommands(program)
-registerRunsCommands(program)
-registerSignalCommand(program)
-
-// Register Front commands
-registerFrontCommands(program)
-
-// Register Memory commands
-registerMemoryCommands(program)
-
-// Register Auth commands (encrypted secrets for CLI distribution)
-registerAuthCommands(program)
-
-// Register Response commands (for analysis)
-registerResponseCommands(program)
-
-// Register Tools commands (test agent tools)
-registerToolsCommands(program)
-
-// Register Dataset commands (eval dataset building)
-registerDatasetCommands(program)
-registerEvalPromptCommands(program)
-
-// Register Axiom commands (log querying)
-registerAxiomCommands(program)
-
-// Register eval-local commands (local eval environment)
-registerEvalLocalCommands(program)
-
-// Register eval-pipeline commands (step-by-step pipeline eval)
-registerEvalPipelineCommands(program)
-
-// Register pipeline commands (new step-based architecture)
-registerPipelineCommands(program)
-
-// Register deploy commands (Vercel status/logs/inspect)
-registerDeployCommands(program)
-
-// Register knowledge base commands (sync/stats)
-registerKbCommands(program)
-
-// Register FAQ mining commands (mine FAQ candidates from conversations)
-registerFaqMineCommands(program)
-registerDbStatusCommand(program)
-
-// Register FAQ clustering commands (production clustering from Phase 0)
-registerFaqClusterCommands(program)
-
-// Register FAQ classification commands (LLM topic classification)
-registerFaqClassifyCommands(program)
-
-// Register FAQ extraction commands (extract candidates from clusters)
-registerFaqExtractCommands(program)
-
-// Register FAQ review commands (human curation of FAQ candidates)
-registerFaqReviewCommands(program)
-
-// Parse and cleanup DB connections when done
-program.parseAsync().finally(async () => {
-  await closeDb()
-})

package/src/lib/crypto.ts

@@ -1,56 +0,0 @@
-import {
-  Decrypter,
-  Encrypter,
-  generateIdentity,
-  identityToRecipient,
-} from 'age-encryption'
-
-export interface Keypair {
-  publicKey: string
-  privateKey: string
-}
-
-/**
- * Generate an age keypair
- * @returns Keypair with publicKey (age1...) and privateKey (AGE-SECRET-KEY-1...)
- */
-export async function generateKeypair(): Promise<Keypair> {
-  const privateKey = await generateIdentity()
-  const publicKey = await identityToRecipient(privateKey)
-  return { publicKey, privateKey }
-}
-
-/**
- * Encrypt data with an age public key
- * @param data - String or Buffer to encrypt
- * @param recipientPublicKey - age public key (age1...)
- * @returns Encrypted data as Uint8Array
- */
-export async function encrypt(
-  data: string | Buffer,
-  recipientPublicKey: string
-): Promise<Uint8Array> {
-  const encrypter = new Encrypter()
-  encrypter.addRecipient(recipientPublicKey)
-
-  const input = typeof data === 'string' ? data : new TextDecoder().decode(data)
-  return encrypter.encrypt(input)
-}
-
-/**
- * Decrypt data with an age private key
- * @param encrypted - Encrypted data as Uint8Array or Buffer
- * @param privateKey - age private key (AGE-SECRET-KEY-1...)
- * @returns Decrypted data as string
- */
-export async function decrypt(
-  encrypted: Uint8Array | Buffer,
-  privateKey: string
-): Promise<string> {
-  const decrypter = new Decrypter()
-  decrypter.addIdentity(privateKey)
-
-  const input =
-    encrypted instanceof Buffer ? new Uint8Array(encrypted) : encrypted
-  return decrypter.decrypt(input, 'text')
-}

package/src/lib/env-loader.ts

@@ -1,206 +0,0 @@
-import { execSync } from 'node:child_process'
-import fs from 'node:fs/promises'
-import os from 'node:os'
-import path from 'node:path'
-import { config } from 'dotenv-flow'
-import { decrypt } from './crypto.js'
-
-/** 1Password reference for the age private key */
-const OP_AGE_KEY_REF = 'op://Support/skill-cli-age-key/private_key'
-
-/**
- * Load secrets from layered fallback:
- * 1. Local .env/.env.local files
- * 2. Encrypted .env.encrypted file (auto-fetches key from 1Password if ~/.op-token exists)
- * 3. Fail with clear instructions
- *
- * Injects secrets into process.env
- */
-export async function loadSecrets(): Promise<void> {
-  const cliDir = path.resolve(import.meta.dirname, '../..')
-
-  // Layer 1: Check for local .env files
-  const localEnvExists = await checkLocalEnv(cliDir)
-  if (localEnvExists) {
-    config({ path: cliDir, silent: true })
-    return
-  }
-
-  // Layer 2: Try encrypted fallback
-  const encryptedPath = path.join(cliDir, '.env.encrypted')
-  const encryptedExists = await fileExists(encryptedPath)
-
-  if (encryptedExists) {
-    // Try to get the private key - either from env or via 1Password
-    let privateKey = process.env.AGE_SECRET_KEY
-
-    if (!privateKey) {
-      // Attempt to load from 1Password via ~/.op-token
-      privateKey = await tryLoadKeyFrom1Password()
-    }
-
-    if (!privateKey) {
-      throw new Error(
-        'Found .env.encrypted but cannot decrypt.\n\n' +
-          'Options:\n' +
-          '1. Set AGE_SECRET_KEY env var with the private key\n' +
-          '2. Create ~/.op-token with 1Password service account token\n\n' +
-          'See docs/CLI-AUTH.md for setup instructions.'
-      )
-    }
-
-    try {
-      const encryptedData = await fs.readFile(encryptedPath)
-      const decrypted = await decrypt(encryptedData, privateKey)
-
-      // Parse decrypted env file format (KEY=VALUE lines)
-      parseAndInjectEnv(decrypted)
-      return
-    } catch (error) {
-      throw new Error(
-        `Failed to decrypt .env.encrypted: ${error instanceof Error ? error.message : String(error)}\n` +
-          'Check that the decryption key matches the encryption key.'
-      )
-    }
-  }
-
-  // Layer 3: Nothing found - fail with instructions
-  throw new Error(
-    'No environment configuration found.\n\n' +
-      'Options:\n' +
-      '1. Create .env.local in packages/cli/ with your secrets\n' +
-      '2. Set AGE_SECRET_KEY and use encrypted .env.encrypted\n' +
-      '3. Create ~/.op-token for automatic 1Password-based decryption\n\n' +
-      'See docs/CLI-AUTH.md for setup instructions.'
-  )
-}
-
-/**
- * Try to load the age private key from 1Password using ~/.op-token
- * Returns the key if successful, undefined otherwise
- */
-async function tryLoadKeyFrom1Password(): Promise<string | undefined> {
-  const opTokenPath = path.join(os.homedir(), '.op-token')
-
-  // Check if ~/.op-token exists
-  if (!(await fileExists(opTokenPath))) {
-    return undefined
-  }
-
-  try {
-    // Read and parse ~/.op-token (format: export VAR="value")
-    const tokenFileContent = await fs.readFile(opTokenPath, 'utf-8')
-    const token = parseOpTokenFile(tokenFileContent)
-
-    if (!token) {
-      return undefined
-    }
-
-    // Set the token in env for op CLI to use
-    process.env.OP_SERVICE_ACCOUNT_TOKEN = token
-
-    // Fetch the age private key from 1Password
-    const privateKey = execSync(`op read "${OP_AGE_KEY_REF}"`, {
-      encoding: 'utf-8',
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: process.env, // Explicit env pass required for token to be visible
-    }).trim()
-
-    return privateKey || undefined
-  } catch {
-    // Silently fail - caller will show appropriate error
-    return undefined
-  }
-}
-
-/**
- * Parse ~/.op-token file format: export OP_SERVICE_ACCOUNT_TOKEN="value"
- */
-function parseOpTokenFile(content: string): string | undefined {
-  const lines = content.split('\n')
-
-  for (const line of lines) {
-    const trimmed = line.trim()
-
-    // Match: export OP_SERVICE_ACCOUNT_TOKEN="value" or =value
-    const match = trimmed.match(
-      /^export\s+OP_SERVICE_ACCOUNT_TOKEN\s*=\s*["']?([^"'\s]+)["']?/
-    )
-    if (match?.[1]) {
-      return match[1]
-    }
-
-    // Also support bare assignment: OP_SERVICE_ACCOUNT_TOKEN=value
-    const bareMatch = trimmed.match(
-      /^OP_SERVICE_ACCOUNT_TOKEN\s*=\s*["']?([^"'\s]+)["']?/
-    )
-    if (bareMatch?.[1]) {
-      return bareMatch[1]
-    }
-  }
-
-  return undefined
-}
-
-/**
- * Check if any local .env files exist
- */
-async function checkLocalEnv(dir: string): Promise<boolean> {
-  const candidates = ['.env.local', '.env']
-  for (const file of candidates) {
-    if (await fileExists(path.join(dir, file))) {
-      return true
-    }
-  }
-  return false
-}
-
-/**
- * Check if a file exists
- */
-async function fileExists(filePath: string): Promise<boolean> {
-  try {
-    await fs.access(filePath)
-    return true
-  } catch {
-    return false
-  }
-}
-
-/**
- * Parse env file format (KEY=VALUE) and inject into process.env
- * Handles quoted values, comments, and empty lines
- */
-function parseAndInjectEnv(content: string): void {
-  const lines = content.split('\n')
-
-  for (const line of lines) {
-    const trimmed = line.trim()
-
-    // Skip comments and empty lines
-    if (!trimmed || trimmed.startsWith('#')) {
-      continue
-    }
-
-    const eqIndex = trimmed.indexOf('=')
-    if (eqIndex === -1) {
-      continue
-    }
-
-    const key = trimmed.slice(0, eqIndex).trim()
-    let value = trimmed.slice(eqIndex + 1).trim()
-
-    // Remove quotes if present
-    if (
-      (value.startsWith('"') && value.endsWith('"')) ||
-      (value.startsWith("'") && value.endsWith("'"))
-    ) {
-      value = value.slice(1, -1)
-    }
-
-    // Only set if not already defined (respect existing env vars)
-    if (key && process.env[key] === undefined) {
-      process.env[key] = value
-    }
-  }
-}

package/src/lib/onepassword.ts

@@ -1,137 +0,0 @@
-import { execSync, spawn } from 'node:child_process'
-
-/**
- * 1Password Service Account integration for headless Linux environments
- *
- * Authenticates using OP_SERVICE_ACCOUNT_TOKEN environment variable.
- * Provides functions to read secrets and execute commands with injected secrets.
- */
-
-/**
- * Check if the `op` CLI is installed and available
- */
-export async function isOpAvailable(): Promise<boolean> {
-  try {
-    execSync('which op', { stdio: 'ignore' })
-    return true
-  } catch {
-    return false
-  }
-}
-
-/**
- * Check if OP_SERVICE_ACCOUNT_TOKEN is configured
- */
-export function isServiceAccountConfigured(): boolean {
-  return Boolean(process.env.OP_SERVICE_ACCOUNT_TOKEN)
-}
-
-/**
- * Read a secret from 1Password using a secret reference
- *
- * @param reference - Secret reference in format: op://vault/item/field
- * @returns The secret value
- * @throws Error if op CLI is not available, token is not configured, or read fails
- *
- * @example
- * const apiKey = await readSecret('op://Private/Stripe/api_key')
- */
-export async function readSecret(reference: string): Promise<string> {
-  if (!(await isOpAvailable())) {
-    throw new Error(
-      '1Password CLI not installed. Install from https://developer.1password.com/docs/cli/get-started/'
-    )
-  }
-
-  if (!isServiceAccountConfigured()) {
-    throw new Error(
-      'OP_SERVICE_ACCOUNT_TOKEN not set. Configure a service account token: https://developer.1password.com/docs/service-accounts/'
-    )
-  }
-
-  if (!reference.startsWith('op://')) {
-    throw new Error(
-      `Invalid secret reference format: ${reference}. Expected format: op://vault/item/field`
-    )
-  }
-
-  try {
-    const output = execSync(`op read "${reference}"`, {
-      encoding: 'utf-8',
-      stdio: ['ignore', 'pipe', 'pipe'],
-    })
-    return output.trim()
-  } catch (err) {
-    const message = err instanceof Error ? err.message : 'Unknown error'
-    throw new Error(`Failed to read secret from 1Password: ${message}`)
-  }
-}
-
-/**
- * Execute a command with secrets injected via `op run`
- *
- * The command runs with secrets referenced in the environment automatically resolved.
- * Use this when you need to run commands that require secrets in their environment.
- *
- * @param cmd - Command and arguments to execute
- * @returns stdout and stderr from the command
- * @throws Error if op CLI is not available, token is not configured, or execution fails
- *
- * @example
- * // Environment has STRIPE_KEY="op://Private/Stripe/api_key"
- * const { stdout } = await runWithSecrets(['node', 'script.js'])
- * // script.js will see STRIPE_KEY with the actual secret value
- */
-export async function runWithSecrets(
-  cmd: string[]
-): Promise<{ stdout: string; stderr: string }> {
-  if (!(await isOpAvailable())) {
-    throw new Error(
-      '1Password CLI not installed. Install from https://developer.1password.com/docs/cli/get-started/'
-    )
-  }
-
-  if (!isServiceAccountConfigured()) {
-    throw new Error(
-      'OP_SERVICE_ACCOUNT_TOKEN not set. Configure a service account token: https://developer.1password.com/docs/service-accounts/'
-    )
-  }
-
-  if (!cmd.length) {
-    throw new Error('Command array cannot be empty')
-  }
-
-  return new Promise((resolve, reject) => {
-    const child = spawn('op', ['run', '--', ...cmd], {
-      stdio: ['ignore', 'pipe', 'pipe'],
-      env: process.env,
-    })
-
-    let stdout = ''
-    let stderr = ''
-
-    child.stdout?.on('data', (data) => {
-      stdout += data.toString()
-    })
-
-    child.stderr?.on('data', (data) => {
-      stderr += data.toString()
-    })
-
-    child.on('close', (code) => {
-      if (code === 0) {
-        resolve({ stdout, stderr })
-      } else {
-        reject(
-          new Error(
-            `Command failed with exit code ${code}${stderr ? `: ${stderr}` : ''}`
-          )
-        )
-      }
-    })
-
-    child.on('error', (err) => {
-      reject(new Error(`Failed to spawn command: ${err.message}`))
-    })
-  })
-}

package/src/test-agent-local.ts

@@ -1,115 +0,0 @@
-#!/usr/bin/env bun
-/**
- * Local test script for support agent
- *
- * Usage:
- *   cd packages/cli && bun ../../scripts/test-agent-local.ts
- *
- * Tests that the agent can access appConfig through experimental_context,
- * specifically the instructor_teammate_id for assignToInstructor tool.
- */
-
-import { runSupportAgent } from '@skillrecordings/core/agent'
-import { database } from '@skillrecordings/database'
-import { IntegrationClient } from '@skillrecordings/sdk/client'
-
-async function main() {
-  const appSlug = process.argv[2] || 'total-typescript'
-  const testMessage =
-    process.argv[3] ||
-    'Hey Matt, just wanted to say your TypeScript course is amazing!'
-
-  console.log('='.repeat(60))
-  console.log('SUPPORT AGENT LOCAL TEST')
-  console.log('='.repeat(60))
-  console.log(`App: ${appSlug}`)
-  console.log(`Message: ${testMessage}`)
-  console.log('')
-
-  // Fetch app from database
-  const app = await database.query.AppsTable.findFirst({
-    where: (apps, { eq }) => eq(apps.slug, appSlug),
-  })
-
-  if (!app) {
-    console.error(`❌ App not found: ${appSlug}`)
-    process.exit(1)
-  }
-
-  console.log('App Config:')
-  console.log(
-    `  instructor_teammate_id: ${app.instructor_teammate_id || '(not set)'}`
-  )
-  console.log(`  stripe_account_id: ${app.stripe_account_id || '(not set)'}`)
-  console.log(`  integration_base_url: ${app.integration_base_url}`)
-  console.log('')
-
-  // Create integration client
-  const integrationClient = new IntegrationClient({
-    baseUrl: app.integration_base_url,
-    webhookSecret: app.webhook_secret,
-  })
-
-  console.log('Running agent...')
-  console.log('-'.repeat(60))
-
-  try {
-    const result = await runSupportAgent({
-      message: testMessage,
-      conversationHistory: [],
-      customerContext: {
-        email: '[EMAIL]',
-      },
-      appId: appSlug,
-      model: 'anthropic/claude-haiku-4-5',
-      integrationClient,
-      appConfig: {
-        instructor_teammate_id: app.instructor_teammate_id || undefined,
-        stripeAccountId: app.stripe_account_id || undefined,
-      },
-    })
-
-    console.log('')
-    console.log('RESULT:')
-    console.log('-'.repeat(60))
-    console.log(`Response: ${result.response || '(no response)'}`)
-    console.log(`Requires Approval: ${result.requiresApproval}`)
-    console.log(`Auto-sent: ${result.autoSent || false}`)
-    console.log('')
-    console.log('Tool Calls:')
-    for (const tc of result.toolCalls) {
-      console.log(`  - ${tc.name}(${JSON.stringify(tc.args)})`)
-      console.log(`    Result: ${JSON.stringify(tc.result)}`)
-    }
-
-    // Check if assignToInstructor was called and succeeded
-    const assignCall = result.toolCalls.find(
-      (tc) => tc.name === 'assignToInstructor'
-    )
-    if (assignCall) {
-      const assignResult = assignCall.result as {
-        assigned?: boolean
-        error?: string
-      }
-      if (assignResult?.assigned) {
-        console.log('')
-        console.log(
-          '✅ assignToInstructor SUCCEEDED - context was passed correctly!'
-        )
-      } else if (assignResult?.error) {
-        console.log('')
-        console.log(`❌ assignToInstructor FAILED: ${assignResult.error}`)
-        console.log(
-          '   This might indicate experimental_context is not being passed correctly.'
-        )
-      }
-    }
-  } catch (error) {
-    console.error('❌ Agent error:', error)
-    process.exit(1)
-  }
-
-  process.exit(0)
-}
-
-main()

package/tsconfig.json

@@ -1,11 +0,0 @@
-{
-  "extends": "@repo/typescript-config/base.json",
-  "compilerOptions": {
-    "outDir": "dist",
-    "module": "ESNext",
-    "target": "ESNext",
-    "moduleResolution": "bundler"
-  },
-  "include": ["src"],
-  "exclude": ["node_modules", "dist"]
-}