@storyclaw/talenthub 0.3.3 → 0.3.5

package/dist/cli.js

@@ -23,7 +23,11 @@ program
     .name("talenthub")
     .description("Manage StoryClaw AI agents")
     .version(pkg.version);
-program.command("login").description("Authenticate with StoryClaw").action(login);
+program
+    .command("login")
+    .description("Authenticate with StoryClaw")
+    .option("-t, --token <token>", "Authenticate directly with an sc_token")
+    .action(login);
 program.command("logout").description("Remove stored credentials").action(logout);
 const agent = program.command("agent").description("Agent management commands");
 agent

package/dist/commands/login.d.ts

@@ -1 +1,3 @@
-export declare function login(): Promise<void>;
+export declare function login(options: {
+    token?: string;
+}): Promise<void>;

package/dist/commands/login.js

@@ -1,5 +1,5 @@
 import { execSync } from "node:child_process";
-import { readAuth, requestDeviceCode, pollForToken, writeAuth } from "../lib/auth.js";
+import { readAuth, requestDeviceCode, pollForToken, exchangeToken, verifyToken, writeAuth } from "../lib/auth.js";
 function openUrl(url) {
     try {
         const cmd = process.platform === "darwin"
@@ -13,7 +13,31 @@ function openUrl(url) {
         // Browser open is best-effort
     }
 }
-export async function login() {
+export async function login(options) {
+    if (options.token) {
+        try {
+            if (options.token.startsWith("th_")) {
+                console.log("Verifying token...");
+                const { user_id } = await verifyToken(options.token);
+                writeAuth({ token: options.token, user_id, expires_at: "" });
+                console.log(`✓ Logged in successfully.`);
+                console.log(`  User ID: ${user_id}`);
+            }
+            else {
+                // sc_token from web session — exchange for a CLI token
+                console.log("Exchanging token...");
+                const { access_token, user_id, expires_at } = await exchangeToken(options.token);
+                writeAuth({ token: access_token, user_id, expires_at });
+                console.log(`✓ Logged in successfully.`);
+                console.log(`  User ID: ${user_id}`);
+            }
+        }
+        catch (err) {
+            console.error(`✗ Login failed: ${err instanceof Error ? err.message : err}`);
+            process.exit(1);
+        }
+        return;
+    }
     const existing = readAuth();
     if (existing) {
         console.log("Already logged in.");

package/dist/lib/auth.d.ts

@@ -20,4 +20,14 @@ export type TokenResponse = {
     user_id: string;
     expires_at: string;
 };
+/**
+ * Exchange an sc_token (web session cookie) for a CLI-compatible th_* token.
+ */
+export declare function exchangeToken(scToken: string): Promise<TokenResponse>;
+/**
+ * Verify a th_* CLI token against the registry and return the user_id.
+ */
+export declare function verifyToken(token: string): Promise<{
+    user_id: string;
+}>;
 export declare function pollForToken(deviceCode: string, interval: number, maxWaitMs: number): Promise<TokenResponse>;

package/dist/lib/auth.js

@@ -48,6 +48,37 @@ export async function requestDeviceCode() {
     }
     return res.json();
 }
+/**
+ * Exchange an sc_token (web session cookie) for a CLI-compatible th_* token.
+ */
+export async function exchangeToken(scToken) {
+    const base = getRegistryBaseUrl();
+    const res = await fetchRetry(`${base}/api/talenthub/auth/token-exchange`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ token: scToken }),
+    });
+    if (!res.ok) {
+        const body = await res.json().catch(() => ({ error: "unknown" }));
+        throw new Error(`Token exchange failed (${res.status}): ${body.error ?? "unknown error"}`);
+    }
+    return res.json();
+}
+/**
+ * Verify a th_* CLI token against the registry and return the user_id.
+ */
+export async function verifyToken(token) {
+    const base = getRegistryBaseUrl();
+    const res = await fetchRetry(`${base}/api/talenthub/auth/me`, {
+        method: "GET",
+        headers: { Authorization: `Bearer ${token}` },
+    });
+    if (!res.ok) {
+        const body = await res.json().catch(() => ({ error: "unknown" }));
+        throw new Error(`Token verification failed (${res.status}): ${body.error ?? "unknown error"}`);
+    }
+    return res.json();
+}
 export async function pollForToken(deviceCode, interval, maxWaitMs) {
     const base = getRegistryBaseUrl();
     const deadline = Date.now() + maxWaitMs;

package/dist/lib/registry.js

@@ -1,12 +1,19 @@
-import { getRegistryBaseUrl } from "./auth.js";
+import { getRegistryBaseUrl, readAuth } from "./auth.js";
 import { fetchRetry } from "./fetch.js";
 function apiUrl(path) {
     const base = getRegistryBaseUrl().replace(/\/$/, "");
     return `${base}/api/talenthub/registry${path}`;
 }
+function authHeaders() {
+    const auth = readAuth();
+    if (auth?.token) {
+        return { Authorization: `Bearer ${auth.token}` };
+    }
+    return {};
+}
 export async function fetchCatalog() {
     const url = apiUrl("/catalog");
-    const res = await fetchRetry(url);
+    const res = await fetchRetry(url, { headers: authHeaders() });
     if (!res.ok) {
         throw new Error(`Failed to fetch catalog: ${res.status} ${res.statusText}`);
     }
@@ -14,7 +21,7 @@ export async function fetchCatalog() {
 }
 export async function fetchManifest(agentId) {
     const url = apiUrl(`/${agentId}`);
-    const res = await fetchRetry(url);
+    const res = await fetchRetry(url, { headers: authHeaders() });
     if (!res.ok) {
         throw new Error(`Agent "${agentId}" not found in registry (${res.status})`);
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@storyclaw/talenthub",
-  "version": "0.3.3",
+  "version": "0.3.5",
   "description": "CLI tool to manage StoryClaw AI agents",
   "type": "module",
   "bin": {