@switchboard.spot/cli 0.2.0

package/lib/commands/auth.js

@@ -0,0 +1,369 @@
+/**
+ * Authentication commands: browser login, disabled register, logout, whoami.
+ */
+
+import { accountPublicRequest, accountRequest } from "../client.js";
+import { accountApiUrl, resolveAccountConfig, resolveConfig, saveConfig } from "../config.js";
+import { deleteAccountToken, setAccountToken } from "../credentialStore.js";
+import { emit, fail, globalFlags } from "../output.js";
+import crypto from "node:crypto";
+import http from "node:http";
+import { spawn } from "node:child_process";
+
+const BROWSER_AUTH_MESSAGE =
+  "Account authentication is browser-only. Run `switchboard auth login` and complete sign-in in your browser.";
+
+export function registerCommand(program) {
+  const auth = program.command("auth").description("Account authentication");
+
+  auth
+    .command("register")
+    .description("Account creation is browser-only; use auth login")
+    .option("--email <email>")
+    .option("--password <password>")
+    .action(async (opts, cmd) => {
+      const flags = globalFlags(cmd);
+      fail(
+        "Account registration is browser-only. Run `switchboard auth login` or sign up on the website.",
+        1,
+        flags.json,
+        "browser_auth_required",
+      );
+    });
+
+  auth
+    .command("login")
+    .description("Sign in through the browser and save session in the OS keychain")
+    .option("--email <email>")
+    .option("--password <password>")
+    .option("--timeout-seconds <seconds>", "Seconds to wait for browser login", "120")
+    .action(async (opts, cmd) => {
+      const flags = globalFlags(cmd);
+
+      if (opts.email || opts.password) {
+        fail(BROWSER_AUTH_MESSAGE, 1, flags.json, "browser_auth_required");
+      }
+
+      const timeoutSeconds = Number.parseInt(opts.timeoutSeconds, 10);
+      if (!Number.isFinite(timeoutSeconds) || timeoutSeconds <= 0) {
+        fail("timeout-seconds must be a positive integer", 1, flags.json);
+      }
+
+      const data = await browserLogin(flags, timeoutSeconds);
+      emit(
+        flags.json ? data : `Logged in as ${data.user.email}. Session saved in the OS keychain.`,
+        flags,
+      );
+    });
+
+  auth
+    .command("logout")
+    .description("Revoke current session and clear saved token")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      await revokeKeychainSession();
+      await deleteAccountToken();
+      saveConfig({
+        projectId: null,
+        apiKey: null,
+        endUserSession: null,
+      });
+      emit(flags.json ? { ok: true } : "Logged out.", flags);
+    });
+
+  auth
+    .command("whoami")
+    .description("Show current account profile")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("GET", "/me", { json: flags.json });
+      const config = await resolveAccountConfig();
+      if (flags.json) {
+        emit({ ...data, token_source: config.accountTokenSource }, flags);
+      } else {
+        console.log(`Email: ${data.user.email}`);
+        console.log(`Token source: ${config.accountTokenSource || "none"}`);
+        console.log(`Organization: ${data.organization.name}`);
+        if (data.project) {
+          console.log(`Default project: ${data.project.name} (${data.project.slug})`);
+        }
+      }
+    });
+}
+
+async function revokeKeychainSession() {
+  const config = await resolveAccountConfig();
+
+  if (!config.accountToken) {
+    return;
+  }
+
+  try {
+    await fetch(`${accountApiUrl(config)}/session`, {
+      method: "DELETE",
+      headers: {
+        Authorization: `Bearer ${config.accountToken}`,
+        Accept: "application/json",
+      },
+    });
+  } catch {
+    /* Local logout should still clear stale keychain credentials. */
+  }
+}
+
+/**
+ * Starts the loopback callback server, opens the browser handoff URL, and saves the exchanged session.
+ */
+async function browserLogin(flags, timeoutSeconds) {
+  const state = randomState();
+  const server = await startCallbackServer();
+  const callbackUrl = `http://127.0.0.1:${server.port}/callback`;
+  const loginUrl = browserStartUrl(resolveConfig().baseUrl, callbackUrl, state);
+
+  if (!flags.quiet) {
+    console.error("Opening browser for Switchboard login...");
+    console.error(`If the browser does not open, visit: ${loginUrl}`);
+  }
+
+  openBrowser(loginUrl);
+
+  try {
+    const callback = await waitForCallback(server, timeoutSeconds, flags.json);
+    const data = await exchangeCliLogin({
+      code: callback.code,
+      state: callback.state,
+      expectedState: state,
+      json: flags.json,
+    });
+
+    return data;
+  } finally {
+    server.close();
+  }
+}
+
+/**
+ * Exchanges a browser callback code after validating it belongs to this CLI process.
+ */
+export async function exchangeCliLogin({
+  code,
+  state,
+  expectedState,
+  json,
+  request = accountPublicRequest,
+  save = saveConfig,
+  credentials = { setAccountToken },
+}) {
+  if (!code) {
+    fail("Browser login did not return a code. Run `switchboard auth login` again.", 2, json);
+  }
+
+  if (state !== expectedState) {
+    fail("Browser login state did not match. Run `switchboard auth login` again.", 2, json);
+  }
+
+  const { data } = await request("POST", "/cli/exchange", {
+    body: { code, state },
+    json,
+  });
+
+  await credentials.setAccountToken(data.token);
+
+  save({
+    projectId: null,
+    apiKey: null,
+    endUserSession: null,
+  });
+
+  return sanitizeSession(data);
+}
+
+function sanitizeSession(data) {
+  const rest = { ...data };
+  delete rest.token;
+  return rest;
+}
+
+function randomState() {
+  return crypto.randomBytes(24).toString("base64url");
+}
+
+function browserStartUrl(baseUrl, callbackUrl, state) {
+  const url = new URL("/auth/cli/start", baseUrl.replace(/\/$/, ""));
+  url.searchParams.set("callback_url", callbackUrl);
+  url.searchParams.set("state", state);
+  return url.toString();
+}
+
+function startCallbackServer() {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer();
+
+    server.once("error", reject);
+    server.listen(0, "127.0.0.1", () => {
+      server.removeListener("error", reject);
+      resolve({
+        server,
+        port: server.address().port,
+        close: () => server.close(),
+      });
+    });
+  });
+}
+
+function waitForCallback(callbackServer, timeoutSeconds, json) {
+  const { server } = callbackServer;
+
+  return new Promise((resolve, reject) => {
+    const timeout = setTimeout(() => {
+      reject(
+        new Error(
+          "Timed out waiting for browser login. Run `switchboard auth login` again when you are ready.",
+        ),
+      );
+    }, timeoutSeconds * 1000);
+
+    server.on("request", (req, res) => {
+      const url = new URL(req.url, "http://127.0.0.1");
+
+      if (url.pathname !== "/callback") {
+        res.writeHead(404, { "content-type": "text/plain" });
+        res.end("Not found");
+        return;
+      }
+
+      clearTimeout(timeout);
+      const error = url.searchParams.get("error");
+      const code = url.searchParams.get("code");
+      const state = url.searchParams.get("state");
+
+      if (error) {
+        res.writeHead(400, { "content-type": "text/html" });
+        res.end(callbackPage("Switchboard CLI login failed", "Return to your terminal and run `switchboard auth login` again.", "error"));
+        reject(new Error(error));
+        return;
+      }
+
+      res.writeHead(200, { "content-type": "text/html" });
+      res.end(callbackPage("Switchboard CLI login complete", "Your terminal is signed in. You can close this tab.", "success"));
+      resolve({ code, state });
+    });
+  }).catch((error) => {
+    fail(error.message, 2, json, "browser_login_failed");
+  });
+}
+
+function callbackPage(title, message, tone) {
+  const accent = tone === "success" ? "#28d17c" : "#ff6b6b";
+  const mark = tone === "success" ? "✓" : "!";
+
+  return `<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1" />
+    <title>${escapeHtml(title)}</title>
+    <style>
+      :root {
+        color-scheme: dark;
+        font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+        background: #05070d;
+        color: #f7f7fb;
+      }
+      body {
+        min-height: 100vh;
+        margin: 0;
+        display: grid;
+        place-items: center;
+        background:
+          radial-gradient(circle at 20% 20%, rgba(68, 109, 255, 0.22), transparent 32rem),
+          radial-gradient(circle at 80% 10%, rgba(40, 209, 124, 0.16), transparent 26rem),
+          linear-gradient(135deg, #05070d 0%, #101526 100%);
+      }
+      main {
+        width: min(92vw, 34rem);
+        border: 1px solid rgba(255, 255, 255, 0.12);
+        border-radius: 1.5rem;
+        padding: 2rem;
+        background: rgba(10, 14, 27, 0.82);
+        box-shadow: 0 2rem 6rem rgba(0, 0, 0, 0.38);
+        text-align: center;
+        backdrop-filter: blur(18px);
+      }
+      .brand {
+        margin: 0 0 1.5rem;
+        color: rgba(247, 247, 251, 0.58);
+        font-size: 0.78rem;
+        font-weight: 700;
+        letter-spacing: 0.18em;
+        text-transform: uppercase;
+      }
+      .mark {
+        width: 3.5rem;
+        height: 3.5rem;
+        margin: 0 auto 1.25rem;
+        display: grid;
+        place-items: center;
+        border-radius: 999px;
+        background: ${accent};
+        color: #05070d;
+        font-size: 1.8rem;
+        font-weight: 900;
+        box-shadow: 0 0 2.5rem ${accent}55;
+      }
+      h1 {
+        margin: 0;
+        font-size: clamp(1.75rem, 5vw, 2.45rem);
+        line-height: 1.05;
+        letter-spacing: -0.04em;
+      }
+      p {
+        margin: 1rem auto 0;
+        max-width: 26rem;
+        color: rgba(247, 247, 251, 0.66);
+        font-size: 1rem;
+        line-height: 1.65;
+      }
+    </style>
+  </head>
+  <body>
+    <main>
+      <p class="brand">Switchboard CLI</p>
+      <div class="mark" aria-hidden="true">${mark}</div>
+      <h1>${escapeHtml(title)}</h1>
+      <p>${escapeHtml(message)}</p>
+    </main>
+  </body>
+</html>`;
+}
+
+function escapeHtml(value) {
+  return String(value)
+    .replaceAll("&", "&amp;")
+    .replaceAll("<", "&lt;")
+    .replaceAll(">", "&gt;")
+    .replaceAll('"', "&quot;");
+}
+
+function openBrowser(url) {
+  const command = browserOpenCommand();
+
+  if (!command) {
+    return;
+  }
+
+  const child = spawn(command.cmd, [...command.args, url], {
+    detached: true,
+    stdio: "ignore",
+  });
+
+  child.on("error", () => undefined);
+  child.unref();
+}
+
+function browserOpenCommand() {
+  if (process.platform === "darwin") return { cmd: "open", args: [] };
+  if (process.platform === "win32") return { cmd: "cmd", args: ["/c", "start", ""] };
+  if (process.platform === "linux") return { cmd: "xdg-open", args: [] };
+  return null;
+}

package/lib/commands/billing.js

@@ -0,0 +1,87 @@
+/**
+ * Developer billing commands.
+ */
+
+import { accountRequest } from "../client.js";
+import { emit, globalFlags, printList } from "../output.js";
+
+export function registerBillingCommands(program) {
+  const billing = program.command("billing").description("Developer billing");
+
+  billing
+    .command("status")
+    .description("Show developer billing status")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("GET", "/billing", { json: flags.json });
+      emit(flags.json ? data : JSON.stringify(data, null, 2), flags);
+    });
+
+  billing
+    .command("ledger")
+    .description("List prepaid wallet ledger entries")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("GET", "/billing/ledger", {
+        json: flags.json,
+      });
+      if (flags.json) {
+        emit(data, flags);
+      } else {
+        printList("Ledger:", data.data || [], (entry) =>
+          `  ${entry.id} ${entry.entry_type} ${entry.amount_micros}`,
+        );
+      }
+    });
+
+  billing
+    .command("top-up")
+    .description("Add prepaid wallet funds")
+    .requiredOption("--amount-micros <micros>", "Amount in micros", parseInt)
+    .option("--idempotency-key <key>")
+    .action(async (opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const body = { amount_micros: opts.amountMicros };
+      if (opts.idempotencyKey) body.idempotency_key = opts.idempotencyKey;
+
+      const { data } = await accountRequest("POST", "/billing/top_up", {
+        body,
+        json: flags.json,
+      });
+      emit(flags.json ? data : `Created top-up ${data.id}`, flags);
+    });
+
+  billing
+    .command("prepaid")
+    .description("Update prepaid wallet settings")
+    .option("--monthly-auto-refill-micros <micros>", "Monthly auto-refill amount", parseInt)
+    .option("--outage-protection <enabled>", "true or false")
+    .option("--outage-threshold-micros <micros>", "Outage refill threshold", parseInt)
+    .option("--outage-refill-micros <micros>", "Outage refill amount", parseInt)
+    .option("--outage-monthly-cap-micros <micros>", "Outage monthly cap", parseInt)
+    .action(async (opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const body = {};
+      if (opts.monthlyAutoRefillMicros != null) {
+        body.prepaid_monthly_auto_refill_micros = opts.monthlyAutoRefillMicros;
+      }
+      if (opts.outageProtection != null) {
+        body.prepaid_outage_protection_enabled = opts.outageProtection === "true";
+      }
+      if (opts.outageThresholdMicros != null) {
+        body.prepaid_outage_threshold_micros = opts.outageThresholdMicros;
+      }
+      if (opts.outageRefillMicros != null) {
+        body.prepaid_outage_refill_micros = opts.outageRefillMicros;
+      }
+      if (opts.outageMonthlyCapMicros != null) {
+        body.prepaid_outage_monthly_cap_micros = opts.outageMonthlyCapMicros;
+      }
+
+      const { data } = await accountRequest("PATCH", "/billing/prepaid", {
+        body,
+        json: flags.json,
+      });
+      emit(flags.json ? data : "Updated prepaid settings", flags);
+    });
+}

package/lib/commands/doctor.js

@@ -0,0 +1,74 @@
+/**
+ * Production readiness checks for local or hosted Switchboard.
+ */
+
+import { accountRequest, healthCheck } from "../client.js";
+import { gatewayApiUrl, resolveAccountConfig, resolveConfig } from "../config.js";
+import { emit, globalFlags } from "../output.js";
+
+async function check(name, fn) {
+  try {
+    const result = await fn();
+    return { name, ok: true, ...result };
+  } catch (error) {
+    return { name, ok: false, error: error?.message || String(error) };
+  }
+}
+
+export function registerDoctorCommand(program) {
+  program
+    .command("doctor")
+    .description("Check health, auth, project, catalog, and gateway readiness")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const config = resolveConfig();
+      const accountConfig = await resolveAccountConfig(config);
+
+      const checks = [];
+
+      checks.push(
+        await check("health", async () => {
+          const result = await healthCheck(config);
+          return { status: result.status, data: result.data };
+        }),
+      );
+
+      checks.push(
+        await check("catalog", async () => {
+          const res = await fetch(`${gatewayApiUrl(config)}/catalog/models`);
+          const data = await res.json();
+          const status = res.status;
+          if (!res.ok) throw new Error(`HTTP ${status}`);
+          return { status, count: Array.isArray(data?.data) ? data.data.length : 0 };
+        }),
+      );
+
+      if (accountConfig.accountToken) {
+        checks.push(
+          await check("account", async () => {
+            const { status, data } = await accountRequest("GET", "/me", {
+              config: accountConfig,
+              json: true,
+            });
+            return {
+              status,
+              email: data?.user?.email || null,
+              tokenSource: accountConfig.accountTokenSource,
+            };
+          }),
+        );
+      } else {
+        checks.push({ name: "account", ok: false, error: "Run switchboard auth login" });
+      }
+
+      if (config.projectId) {
+        checks.push({ name: "project", ok: true, projectId: config.projectId });
+      } else {
+        checks.push({ name: "project", ok: false, error: "No project selected" });
+      }
+
+      const ok = checks.every((item) => item.ok);
+      emit({ object: "doctor_report", ok, baseUrl: config.baseUrl, checks }, flags);
+      if (!ok) process.exit(1);
+    });
+}

package/lib/commands/endUsers.js

@@ -0,0 +1,51 @@
+/**
+ * End-user management commands.
+ */
+
+import { accountRequest } from "../client.js";
+import { emit, globalFlags, printList } from "../output.js";
+
+export function registerEndUsersCommands(program) {
+  const endUsers = program
+    .command("end-users")
+    .description("Anonymous Pro-bono Embed end users");
+
+  endUsers
+    .command("list")
+    .description("List end users")
+    .action(async (_opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("GET", "/end_users", { json: flags.json });
+      if (flags.json) {
+        emit(data, flags);
+      } else {
+        printList("End users:", data.data || [], (u) =>
+          `  ${u.id} ${u.reference} — ${u.billing_status}`,
+        );
+      }
+    });
+
+  endUsers
+    .command("block <id>")
+    .description("Block an end user")
+    .action(async (id, _opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("PATCH", `/end_users/${id}`, {
+        body: { billing_status: "blocked" },
+        json: flags.json,
+      });
+      emit(flags.json ? data : `Blocked ${data.reference}`, flags);
+    });
+
+  endUsers
+    .command("unblock <id>")
+    .description("Unblock an end user")
+    .action(async (id, _opts, cmd) => {
+      const flags = globalFlags(cmd);
+      const { data } = await accountRequest("PATCH", `/end_users/${id}`, {
+        body: { billing_status: "active" },
+        json: flags.json,
+      });
+      emit(flags.json ? data : `Unblocked ${data.reference}`, flags);
+    });
+}