@supatest/cli 0.0.2 → 0.0.3

package/dist/utils/token-storage.js

@@ -0,0 +1,242 @@
+/**
+ * CLI token storage with encryption and keychain support.
+ * Inspired by Gemini CLI's hybrid-token-storage pattern.
+ *
+ * Storage priority:
+ * 1. OS Keychain (if available)
+ * 2. Encrypted file (~/.supatest/token.json)
+ */
+import { existsSync, mkdirSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { decrypt, encrypt } from "./encryption";
+import { isKeychainAvailable, loadFromKeychain, removeFromKeychain, saveToKeychain, } from "./keychain-storage";
+const CONFIG_DIR = join(homedir(), ".supatest");
+const TOKEN_FILE = join(CONFIG_DIR, "token.json");
+const STORAGE_VERSION = 2;
+export { CONFIG_DIR, TOKEN_FILE };
+export var StorageType;
+(function (StorageType) {
+    StorageType["KEYCHAIN"] = "keychain";
+    StorageType["ENCRYPTED_FILE"] = "encrypted_file";
+})(StorageType || (StorageType = {}));
+// Track which storage is being used
+let activeStorageType = null;
+let storageInitPromise = null;
+function isV2Format(stored) {
+    return "version" in stored && stored.version === 2;
+}
+/**
+ * Ensure the config directory exists
+ */
+function ensureConfigDir() {
+    if (!existsSync(CONFIG_DIR)) {
+        mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+/**
+ * Initialize storage and determine which backend to use.
+ * Uses a singleton promise to avoid race conditions.
+ */
+async function initializeStorage() {
+    if (await isKeychainAvailable()) {
+        activeStorageType = StorageType.KEYCHAIN;
+    }
+    else {
+        activeStorageType = StorageType.ENCRYPTED_FILE;
+    }
+    return activeStorageType;
+}
+async function getStorageType() {
+    if (activeStorageType !== null) {
+        return activeStorageType;
+    }
+    if (!storageInitPromise) {
+        storageInitPromise = initializeStorage();
+    }
+    return storageInitPromise;
+}
+// ============================================================================
+// File-based storage (encrypted)
+// ============================================================================
+/**
+ * Save CLI token to encrypted file
+ */
+function saveTokenToFile(token, expiresAt) {
+    ensureConfigDir();
+    const payload = {
+        token,
+        expiresAt,
+        createdAt: new Date().toISOString(),
+    };
+    const stored = {
+        version: STORAGE_VERSION,
+        encryptedData: encrypt(JSON.stringify(payload)),
+    };
+    writeFileSync(TOKEN_FILE, JSON.stringify(stored, null, 2), { mode: 0o600 });
+}
+/**
+ * Load CLI token from file, decrypting if necessary
+ */
+function loadTokenFromFile() {
+    if (!existsSync(TOKEN_FILE)) {
+        return null;
+    }
+    try {
+        const data = readFileSync(TOKEN_FILE, "utf8");
+        const stored = JSON.parse(data);
+        if (isV2Format(stored)) {
+            return JSON.parse(decrypt(stored.encryptedData));
+        }
+        // Legacy plaintext format (version 1 or no version)
+        return stored;
+    }
+    catch (error) {
+        const err = error;
+        if (err.message?.includes("Invalid encrypted data format") ||
+            err.message?.includes("Unsupported state or unable to authenticate data")) {
+            // Token file corrupted, remove it
+            try {
+                unlinkSync(TOKEN_FILE);
+            }
+            catch {
+                // Ignore
+            }
+        }
+        return null;
+    }
+}
+/**
+ * Remove token file
+ */
+function removeTokenFile() {
+    if (existsSync(TOKEN_FILE)) {
+        unlinkSync(TOKEN_FILE);
+    }
+}
+// ============================================================================
+// Synchronous API (file-only, for backward compatibility)
+// ============================================================================
+/**
+ * Save CLI token to disk with AES-256-GCM encryption (sync, file-only)
+ */
+export function saveToken(token, expiresAt) {
+    saveTokenToFile(token, expiresAt);
+}
+/**
+ * Load CLI token from disk (sync, file-only)
+ */
+export function loadToken() {
+    const payload = loadTokenFromFile();
+    if (!payload) {
+        return null;
+    }
+    if (payload.expiresAt) {
+        const expiresAt = new Date(payload.expiresAt);
+        if (expiresAt < new Date()) {
+            console.warn("CLI token has expired. Please run 'supatest login' again.");
+            return null;
+        }
+    }
+    return payload.token;
+}
+/**
+ * Remove stored token (sync, file-only)
+ */
+export function removeToken() {
+    removeTokenFile();
+}
+/**
+ * Check if user is logged in (sync, file-only)
+ */
+export function isLoggedIn() {
+    return loadToken() !== null;
+}
+/**
+ * Get token info for display (sync, file-only)
+ */
+export function getTokenInfo() {
+    const payload = loadTokenFromFile();
+    if (!payload) {
+        return null;
+    }
+    return {
+        createdAt: payload.createdAt,
+        expiresAt: payload.expiresAt,
+    };
+}
+// ============================================================================
+// Async API (hybrid: keychain with file fallback)
+// ============================================================================
+/**
+ * Save CLI token using best available storage (async, hybrid)
+ * Priority: Keychain > Encrypted File
+ */
+export async function saveTokenAsync(token, expiresAt) {
+    const storageType = await getStorageType();
+    if (storageType === StorageType.KEYCHAIN) {
+        const saved = await saveToKeychain(token, expiresAt);
+        if (saved) {
+            // Remove file-based token if keychain succeeds
+            removeTokenFile();
+            return;
+        }
+        // Fall through to file storage if keychain save fails
+    }
+    saveTokenToFile(token, expiresAt);
+}
+/**
+ * Load CLI token from best available storage (async, hybrid)
+ * Priority: Keychain > Encrypted File
+ */
+export async function loadTokenAsync() {
+    const storageType = await getStorageType();
+    // Try keychain first
+    if (storageType === StorageType.KEYCHAIN) {
+        const payload = await loadFromKeychain();
+        if (payload) {
+            if (payload.expiresAt && new Date(payload.expiresAt) < new Date()) {
+                console.warn("CLI token has expired. Please run 'supatest login' again.");
+                return null;
+            }
+            return payload.token;
+        }
+    }
+    // Fallback to file
+    return loadToken();
+}
+/**
+ * Remove token from all storage locations (async, hybrid)
+ */
+export async function removeTokenAsync() {
+    await removeFromKeychain();
+    removeTokenFile();
+}
+/**
+ * Check if user is logged in (async, hybrid)
+ */
+export async function isLoggedInAsync() {
+    return (await loadTokenAsync()) !== null;
+}
+/**
+ * Get token info for display (async, hybrid)
+ */
+export async function getTokenInfoAsync() {
+    const storageType = await getStorageType();
+    if (storageType === StorageType.KEYCHAIN) {
+        const payload = await loadFromKeychain();
+        if (payload) {
+            return {
+                createdAt: payload.createdAt,
+                expiresAt: payload.expiresAt,
+            };
+        }
+    }
+    return getTokenInfo();
+}
+/**
+ * Get the currently active storage type
+ */
+export async function getActiveStorageType() {
+    return getStorageType();
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@supatest/cli",
-  "version": "0.0.2",
+  "version": "0.0.3",
   "description": "Supatest CLI - AI-powered task automation for CI/CD",
   "type": "module",
   "bin": {
@@ -11,16 +11,6 @@
     "README.md",
     "LICENSE"
   ],
-  "scripts": {
-    "dev": "tsx src/index.ts",
-    "dev:bun": "bun run src/index.ts",
-    "build": "tsc && node scripts/make-executable.js",
-    "build:bun": "bun build src/index.ts --compile --external=@anthropic-ai/claude-agent-sdk --outfile dist/supatest-ai && node scripts/copy-claude-cli.js",
-    "type-check": "tsc --noEmit",
-    "clean:bundle": "rimraf dist",
-    "clean:node_modules": "rimraf node_modules",
-    "prepublishOnly": "pnpm build"
-  },
   "keywords": [
     "cli",
     "ai",
@@ -48,24 +38,54 @@
     "access": "public"
   },
   "dependencies": {
-    "@anthropic-ai/claude-agent-sdk": "^0.1.36",
-    "@anthropic-ai/sdk": "^0.68.0",
+    "@anthropic-ai/claude-agent-sdk": "^0.1.56",
+    "@anthropic-ai/sdk": "^0.71.0",
+    "@types/inquirer": "^9.0.0",
+    "ansi-escapes": "^7.0.0",
     "boxen": "^8.0.1",
     "chalk": "^5.3.0",
     "cli-highlight": "^2.1.11",
     "commander": "^12.1.0",
+    "diff": "^8.0.2",
+    "dotenv": "^16.6.1",
+    "highlight.js": "^11.11.1",
+    "ink": "npm:@jrichman/ink@6.4.5",
+    "ink-gradient": "^3.0.0",
+    "ink-spinner": "^5.0.0",
+    "inquirer": "^10.0.0",
+    "lowlight": "^3.3.0",
+    "marked": "^15.0.0",
     "marked-terminal": "^7.3.0",
     "ora": "^8.1.1",
     "patch-package": "^8.0.1",
     "postinstall-postinstall": "^2.1.0",
-    "strip-ansi": "^7.1.2"
+    "react": "^19.0.0",
+    "string-width": "^8.1.0",
+    "strip-ansi": "^7.1.2",
+    "wrap-ansi": "^9.0.2",
+    "shared": "0.0.1"
   },
   "devDependencies": {
     "@types/node": "^20.12.12",
+    "@types/react": "^19.0.0",
+    "nodemon": "^3.1.11",
     "tsx": "^4.10.0",
     "typescript": "^5.4.5"
   },
   "engines": {
     "node": ">=18.0.0"
+  },
+  "optionalDependencies": {
+    "keytar": "^7.9.0"
+  },
+  "scripts": {
+    "dev": "NODE_ENV=development tsx src/index.ts",
+    "dev:watch": "nodemon",
+    "dev:bun": "bun run src/index.ts",
+    "build": "tsc && node scripts/make-executable.js",
+    "build:bun": "bun build src/index.ts --compile --external=@anthropic-ai/claude-agent-sdk --outfile dist/supatest-ai && node scripts/copy-claude-cli.js",
+    "type-check": "tsc --noEmit",
+    "clean:bundle": "rimraf dist",
+    "clean:node_modules": "rimraf node_modules"
   }
-}
+}