@staff0rd/assist 0.62.0 → 0.63.0

package/README.md

@@ -57,7 +57,7 @@ After installation, the `assist` command will be available globally.
 - `assist backlog add` - Add a new backlog item interactively
 - `assist backlog start <id>` - Set a backlog item to in-progress
 - `assist backlog done <id>` - Set a backlog item to done
-- `assist roam auth` - Configure Roam API credentials (saved to ~/.assist.yml)
+- `assist roam auth` - Authenticate with Roam via OAuth (opens browser, saves tokens to ~/.assist.yml)
 - `assist run <name>` - Run a configured command from assist.yml
 - `assist run add` - Add a new run configuration to assist.yml
 - `assist config set <key> <value>` - Set a config value (e.g. commit.push true)

package/dist/index.js

@@ -6,7 +6,7 @@ import { Command } from "commander";
 // package.json
 var package_default = {
   name: "@staff0rd/assist",
-  version: "0.62.0",
+  version: "0.63.0",
   type: "module",
   main: "dist/index.js",
   bin: {
@@ -112,7 +112,10 @@ var assistConfigSchema = z.strictObject({
   }).optional(),
   roam: z.strictObject({
     clientId: z.string(),
-    clientSecret: z.string()
+    clientSecret: z.string(),
+    accessToken: z.string().optional(),
+    refreshToken: z.string().optional(),
+    tokenExpiresAt: z.number().optional()
   }).optional(),
   run: z.array(runConfigSchema).optional(),
   transcript: transcriptConfigSchema.optional()
@@ -4111,9 +4114,9 @@ function addChildMoves(moves, children, newDir, parentBase) {
   for (const child of children)
     moves.push(childMoveData(child, newDir, parentBase));
 }
-function checkDirConflict(result, label, dir) {
+function checkDirConflict(result, label2, dir) {
   if (!fs20.existsSync(dir)) return false;
-  result.warnings.push(`Skipping ${label}: directory ${dir} already exists`);
+  result.warnings.push(`Skipping ${label2}: directory ${dir} already exists`);
   return true;
 }
 function getBaseName(filePath) {
@@ -4266,8 +4269,8 @@ function askQuestion(rl, question) {
 }
 
 // src/commands/transcript/configure.ts
-function buildPrompt(label, current) {
-  return current ? `${label} [${current}]: ` : `${label}: `;
+function buildPrompt(label2, current) {
+  return current ? `${label2} [${current}]: ` : `${label2}: `;
 }
 function printExisting(existing) {
   console.log("Current configuration:");
@@ -4618,10 +4621,10 @@ function logSkipped(relativeDir, mdFile) {
   console.log(`Skipping (already exists): ${join18(relativeDir, mdFile)}`);
   return "skipped";
 }
-function ensureDirectory(dir, label) {
+function ensureDirectory(dir, label2) {
   if (!existsSync19(dir)) {
     mkdirSync5(dir, { recursive: true });
-    console.log(`Created ${label}: ${dir}`);
+    console.log(`Created ${label2}: ${dir}`);
   }
 }
 function processCues(content) {
@@ -4860,28 +4863,203 @@ function registerVerify(program2) {
 }
 
 // src/commands/roam/auth.ts
+import { randomBytes } from "crypto";
 import chalk49 from "chalk";
-import enquirer6 from "enquirer";
-async function auth() {
-  const { clientId } = await enquirer6.prompt({
-    type: "input",
-    name: "clientId",
-    message: "Client ID:",
-    validate: (value) => value.trim().length > 0 || "Client ID is required"
+
+// src/lib/openBrowser.ts
+import { execSync as execSync23 } from "child_process";
+function tryExec(commands) {
+  for (const cmd of commands) {
+    try {
+      execSync23(cmd);
+      return true;
+    } catch {
+    }
+  }
+  return false;
+}
+function openBrowser(url) {
+  const platform = detectPlatform();
+  const quoted = JSON.stringify(url);
+  const commands = [];
+  switch (platform) {
+    case "macos":
+      commands.push(
+        `open -a "Google Chrome" ${quoted}`,
+        `open -a "Microsoft Edge" ${quoted}`,
+        `open -a "Safari" ${quoted}`
+      );
+      break;
+    case "linux":
+      commands.push(
+        `google-chrome ${quoted}`,
+        `chromium-browser ${quoted}`,
+        `microsoft-edge ${quoted}`
+      );
+      break;
+    case "windows":
+      commands.push(`start chrome ${quoted}`, `start msedge ${quoted}`);
+      break;
+    case "wsl":
+      commands.push(`wslview ${quoted}`);
+      break;
+  }
+  if (!tryExec(commands)) {
+    console.log(`Open this URL in Chrome, Edge, or Safari:
+${url}`);
+  }
+}
+
+// src/commands/roam/waitForCallback.ts
+import { createServer } from "http";
+function respondHtml(res, status, title) {
+  res.writeHead(status, { "Content-Type": "text/html" });
+  res.end(
+    `<html><body><h1>${title}</h1><p>You can close this tab.</p></body></html>`
+  );
+}
+function extractCode(url, expectedState) {
+  const error = url.searchParams.get("error");
+  if (error) throw new Error(`Authorization denied: ${error}`);
+  const state = url.searchParams.get("state");
+  if (state !== expectedState)
+    throw new Error("State mismatch \u2014 possible CSRF attack");
+  const code = url.searchParams.get("code");
+  if (!code) throw new Error("No authorization code received");
+  return code;
+}
+function waitForCallback(port, expectedState) {
+  return new Promise((resolve3, reject) => {
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new Error("Authorization timed out after 120 seconds"));
+    }, 12e4);
+    const server = createServer((req, res) => {
+      const url = new URL(req.url ?? "/", `http://localhost:${port}`);
+      if (url.pathname !== "/callback") {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+      clearTimeout(timeout);
+      try {
+        const code = extractCode(url, expectedState);
+        respondHtml(res, 200, "Authorization successful!");
+        server.close();
+        resolve3(code);
+      } catch (err) {
+        respondHtml(res, 400, err.message);
+        server.close();
+        reject(err);
+      }
+    });
+    server.listen(port);
+  });
+}
+
+// src/commands/roam/authorizeInBrowser.ts
+var PORT = 14523;
+var REDIRECT_URI = `http://localhost:${PORT}/callback`;
+var SCOPES = "user:read meetings:read transcript:read user:read.email";
+function buildAuthorizeUrl(clientId, state) {
+  const params = new URLSearchParams({
+    client_id: clientId,
+    redirect_uri: REDIRECT_URI,
+    response_type: "code",
+    scope: SCOPES,
+    state
+  });
+  return `https://ro.am/oauth/authorize?${params}`;
+}
+async function authorizeInBrowser(clientId, state) {
+  openBrowser(buildAuthorizeUrl(clientId, state));
+  const code = await waitForCallback(PORT, state);
+  return { code, redirectUri: REDIRECT_URI };
+}
+
+// src/commands/roam/exchangeToken.ts
+async function exchangeToken(params) {
+  const body = new URLSearchParams({
+    grant_type: "authorization_code",
+    code: params.code,
+    client_id: params.clientId,
+    client_secret: params.clientSecret,
+    redirect_uri: params.redirectUri
+  });
+  const response = await fetch("https://ro.am/oauth/token", {
+    method: "POST",
+    headers: { "Content-Type": "application/x-www-form-urlencoded" },
+    body: body.toString()
   });
-  const { clientSecret } = await enquirer6.prompt({
+  if (!response.ok) {
+    const text = await response.text();
+    throw new Error(`Token exchange failed (${response.status}): ${text}`);
+  }
+  return response.json();
+}
+
+// src/commands/roam/promptCredentials.ts
+import enquirer6 from "enquirer";
+function censor(value) {
+  const visible = value.slice(-4);
+  return `${"*".repeat(value.length - 4)}${visible}`;
+}
+function label(name, existing) {
+  return existing ? `${name} (${censor(existing)})` : name;
+}
+async function promptField(name, existing) {
+  const { value } = await enquirer6.prompt({
     type: "input",
-    name: "clientSecret",
-    message: "Client Secret:",
-    validate: (value) => value.trim().length > 0 || "Client Secret is required"
+    name: "value",
+    message: `${label(name, existing)}:`,
+    validate: (v) => v.trim().length > 0 || !!existing || `${name} is required`
   });
+  return value.trim() || existing || "";
+}
+async function promptCredentials(existing) {
+  const clientId = await promptField("Client ID", existing?.clientId);
+  const clientSecret = await promptField(
+    "Client Secret",
+    existing?.clientSecret
+  );
+  if (!clientId || !clientSecret) {
+    throw new Error("Client ID and Client Secret are required");
+  }
+  return { clientId, clientSecret };
+}
+
+// src/commands/roam/auth.ts
+async function auth() {
   const config = loadGlobalConfig();
+  const { clientId, clientSecret } = await promptCredentials(config.roam);
+  config.roam = { ...config.roam, clientId, clientSecret };
+  saveGlobalConfig(config);
+  const state = randomBytes(16).toString("hex");
+  console.log(
+    chalk49.yellow("\nEnsure this Redirect URI is set in your Roam OAuth app:")
+  );
+  console.log(chalk49.white("http://localhost:14523/callback\n"));
+  console.log(chalk49.blue("Opening browser for authorization..."));
+  console.log(chalk49.dim("Waiting for authorization callback..."));
+  const { code, redirectUri } = await authorizeInBrowser(clientId, state);
+  console.log(chalk49.dim("Exchanging code for tokens..."));
+  const tokens = await exchangeToken({
+    code,
+    clientId,
+    clientSecret,
+    redirectUri
+  });
   config.roam = {
-    clientId: clientId.trim(),
-    clientSecret: clientSecret.trim()
+    clientId,
+    clientSecret,
+    accessToken: tokens.access_token,
+    refreshToken: tokens.refresh_token,
+    tokenExpiresAt: Date.now() + tokens.expires_in * 1e3
   };
   saveGlobalConfig(config);
-  console.log(chalk49.green("Roam credentials saved to ~/.assist.yml"));
+  console.log(
+    chalk49.green("Roam credentials and tokens saved to ~/.assist.yml")
+  );
 }
 
 // src/commands/roam/registerRoam.ts
@@ -5109,7 +5287,7 @@ function syncCommands(claudeDir, targetBase) {
 }
 
 // src/commands/update.ts
-import { execSync as execSync23 } from "child_process";
+import { execSync as execSync24 } from "child_process";
 import * as path30 from "path";
 import { fileURLToPath as fileURLToPath4 } from "url";
 var __filename3 = fileURLToPath4(import.meta.url);
@@ -5119,7 +5297,7 @@ function getInstallDir() {
 }
 function isGitRepo(dir) {
   try {
-    execSync23("git rev-parse --is-inside-work-tree", {
+    execSync24("git rev-parse --is-inside-work-tree", {
       cwd: dir,
       stdio: "pipe"
     });
@@ -5130,7 +5308,7 @@ function isGitRepo(dir) {
 }
 function isGlobalNpmInstall(dir) {
   try {
-    const globalPrefix = execSync23("npm prefix -g", { stdio: "pipe" }).toString().trim();
+    const globalPrefix = execSync24("npm prefix -g", { stdio: "pipe" }).toString().trim();
     return dir.startsWith(globalPrefix);
   } catch {
     return false;
@@ -5141,16 +5319,16 @@ async function update() {
   console.log(`Assist is installed at: ${installDir}`);
   if (isGitRepo(installDir)) {
     console.log("Detected git repo installation, pulling latest...");
-    execSync23("git pull", { cwd: installDir, stdio: "inherit" });
+    execSync24("git pull", { cwd: installDir, stdio: "inherit" });
     console.log("Building...");
-    execSync23("npm run build", { cwd: installDir, stdio: "inherit" });
+    execSync24("npm run build", { cwd: installDir, stdio: "inherit" });
     console.log("Syncing commands...");
-    execSync23("assist sync", { stdio: "inherit" });
+    execSync24("assist sync", { stdio: "inherit" });
   } else if (isGlobalNpmInstall(installDir)) {
     console.log("Detected global npm installation, updating...");
-    execSync23("npm i -g @staff0rd/assist@latest", { stdio: "inherit" });
+    execSync24("npm i -g @staff0rd/assist@latest", { stdio: "inherit" });
     console.log("Syncing commands...");
-    execSync23("assist sync", { stdio: "inherit" });
+    execSync24("assist sync", { stdio: "inherit" });
   } else {
     console.error(
       "Could not determine installation method. Expected a git repo or global npm install."

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@staff0rd/assist",
-	"version": "0.62.0",
+	"version": "0.63.0",
 	"type": "module",
 	"main": "dist/index.js",
 	"bin": {