@tanagram/cli 0.1.26 → 0.1.27

package/checker/llm_integration.go

@@ -10,7 +10,7 @@ import (
 )
 
 // CheckChangesWithLLM checks code changes against ALL policies using LLM
-func CheckChangesWithLLM(ctx context.Context, changes []git.ChangedLine, policies []parser.Policy) []Violation {
+func CheckChangesWithLLM(ctx context.Context, changes []git.ChangedLine, policies []parser.Policy, apiKey string) []Violation {
 	if len(policies) == 0 {
 		return []Violation{}
 	}
@@ -23,7 +23,7 @@ func CheckChangesWithLLM(ctx context.Context, changes []git.ChangedLine, policie
 
 	var allViolations []Violation
 	for file, fileChanges := range changesByFile {
-		violations := checkFileWithLLM(ctx, file, fileChanges, policies, policyMap)
+		violations := checkFileWithLLM(ctx, file, fileChanges, policies, policyMap, apiKey)
 		allViolations = append(allViolations, violations...)
 	}
 
@@ -49,12 +49,12 @@ func groupChangesByFile(changes []git.ChangedLine) map[string][]git.ChangedLine
 }
 
 // checkFileWithLLM checks a single file's changes using the LLM
-func checkFileWithLLM(ctx context.Context, file string, changes []git.ChangedLine, policies []parser.Policy, policyMap map[string]parser.Policy) []Violation {
+func checkFileWithLLM(ctx context.Context, file string, changes []git.ChangedLine, policies []parser.Policy, policyMap map[string]parser.Policy, apiKey string) []Violation {
 	// Format changes for LLM
 	codeChanges := formatChangesForLLM(changes)
 
 	// Call LLM to check violations
-	checks, err := CheckViolations(ctx, file, codeChanges, policies)
+	checks, err := CheckViolations(ctx, file, codeChanges, policies, apiKey)
 	if err != nil {
 		// Log error but don't fail the whole check
 		fmt.Printf("Warning: LLM check failed for %s: %v\n", file, err)

package/checker/matcher.go

@@ -26,14 +26,14 @@ type CheckResult struct {
 }
 
 // CheckChanges checks all changed lines against policies using LLM-based detection
-func CheckChanges(ctx context.Context, changes []git.ChangedLine, policies []parser.Policy) *CheckResult {
+func CheckChanges(ctx context.Context, changes []git.ChangedLine, policies []parser.Policy, apiKey string) *CheckResult {
 	result := &CheckResult{
 		Violations:   []Violation{},
 		TotalChecked: len(changes),
 	}
 
 	// Use LLM-based checking for all policies
-	llmViolations := CheckChangesWithLLM(ctx, changes, policies)
+	llmViolations := CheckChangesWithLLM(ctx, changes, policies, apiKey)
 	result.Violations = append(result.Violations, llmViolations...)
 
 	return result

package/checker/violation_checker.go

@@ -24,12 +24,12 @@ type ViolationCheckResponse struct {
 
 // CheckViolations uses LLM to check if code changes violate any policies
 // Returns a list of violation checks with policy names and reasons
-func CheckViolations(ctx context.Context, file string, codeChanges string, policies []parser.Policy) ([]ViolationCheck, error) {
+func CheckViolations(ctx context.Context, file string, codeChanges string, policies []parser.Policy, apiKey string) ([]ViolationCheck, error) {
 	if len(policies) == 0 {
 		return []ViolationCheck{}, nil
 	}
 
-	client, err := llm.NewClient()
+	client, err := llm.NewClient(apiKey)
 	if err != nil {
 		return nil, err
 	}

package/commands/run.go

@@ -9,6 +9,7 @@ import (
 	"time"
 
 	"github.com/tanagram/cli/checker"
+	"github.com/tanagram/cli/config"
 	"github.com/tanagram/cli/extractor"
 	"github.com/tanagram/cli/git"
 	"github.com/tanagram/cli/metrics"
@@ -71,6 +72,12 @@ func Run() error {
 
 	// Auto-sync only the files that changed
 	if len(filesToSync) > 0 {
+		// Get API key once upfront before parallel processing
+		apiKey, err := config.GetAPIKey()
+		if err != nil {
+			return fmt.Errorf("failed to get API key: %w", err)
+		}
+
 		fmt.Printf("\nSyncing policies with LLM (processing %d changed file(s) in parallel)...\n", len(filesToSync))
 
 		syncStart := time.Now()
@@ -117,7 +124,7 @@ func Run() error {
 			go func(file string) {
 				defer wg.Done()
 				relPath, _ := filepath.Rel(gitRoot, file)
-				policies, err := extractor.ExtractPoliciesFromFile(ctx, file)
+				policies, err := extractor.ExtractPoliciesFromFile(ctx, file, apiKey)
 				results <- syncResult{file, relPath, policies, err}
 			}(file)
 		}
@@ -204,10 +211,16 @@ func Run() error {
 
 	fmt.Printf("Scanning %d changed lines...\n\n", len(diffResult.Changes))
 
+	// Get API key once upfront before checking
+	apiKey, err := config.GetAPIKey()
+	if err != nil {
+		return fmt.Errorf("failed to get API key: %w", err)
+	}
+
 	// Check changes against policies (both regex and LLM-based)
 	ctx := context.Background()
 	checkStart := time.Now()
-	result := checker.CheckChanges(ctx, diffResult.Changes, policies)
+	result := checker.CheckChanges(ctx, diffResult.Changes, policies, apiKey)
 	checkDuration := time.Since(checkStart)
 
 	// Track policy check results (similar to policy.execute.result in github-app)

package/commands/sync.go

@@ -8,6 +8,7 @@ import (
 	"sync"
 	"time"
 
+	"github.com/tanagram/cli/config"
 	"github.com/tanagram/cli/extractor"
 	"github.com/tanagram/cli/parser"
 	"github.com/tanagram/cli/storage"
@@ -15,6 +16,12 @@ import (
 
 // Sync manually syncs all instruction files to the cache
 func Sync() error {
+	// Get API key first before doing any work
+	apiKey, err := getAPIKey()
+	if err != nil {
+		return err
+	}
+
 	// Find git root
 	gitRoot, err := storage.FindGitRoot()
 	if err != nil {
@@ -103,7 +110,7 @@ func Sync() error {
 		go func(file string) {
 			defer wg.Done()
 			relPath, _ := filepath.Rel(gitRoot, file)
-			policies, err := extractor.ExtractPoliciesFromFile(ctx, file)
+			policies, err := extractor.ExtractPoliciesFromFile(ctx, file, apiKey)
 			results <- syncResult{file, relPath, policies, err}
 		}(file)
 	}
@@ -223,3 +230,12 @@ func FindInstructionFiles(gitRoot string) ([]string, error) {
 
 	return files, nil
 }
+
+// getAPIKey retrieves the API key once upfront before parallel processing
+func getAPIKey() (string, error) {
+	apiKey, err := config.GetAPIKey()
+	if err != nil {
+		return "", fmt.Errorf("failed to get API key: %w", err)
+	}
+	return apiKey, nil
+}

package/config/config.go

@@ -0,0 +1,155 @@
+package config
+
+import (
+	"bufio"
+	"context"
+	"encoding/json"
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/anthropics/anthropic-sdk-go"
+	"github.com/anthropics/anthropic-sdk-go/option"
+)
+
+const (
+	configDir  = ".tanagram"
+	configFile = "config.json"
+)
+
+// Config represents the application configuration
+type Config struct {
+	AnthropicAPIKey string `json:"anthropic_api_key"`
+}
+
+// GetConfigPath returns the full path to the config file
+func GetConfigPath() (string, error) {
+	home, err := os.UserHomeDir()
+	if err != nil {
+		return "", fmt.Errorf("failed to get user home directory: %w", err)
+	}
+	return filepath.Join(home, configDir, configFile), nil
+}
+
+// Load reads the config from disk
+func Load() (*Config, error) {
+	configPath, err := GetConfigPath()
+	if err != nil {
+		return nil, err
+	}
+
+	// If config doesn't exist, return empty config
+	if _, err := os.Stat(configPath); os.IsNotExist(err) {
+		return &Config{}, nil
+	}
+
+	data, err := os.ReadFile(configPath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read config file: %w", err)
+	}
+
+	var cfg Config
+	if err := json.Unmarshal(data, &cfg); err != nil {
+		return nil, fmt.Errorf("failed to parse config file: %w", err)
+	}
+
+	return &cfg, nil
+}
+
+// Save writes the config to disk
+func Save(cfg *Config) error {
+	configPath, err := GetConfigPath()
+	if err != nil {
+		return err
+	}
+
+	// Ensure config directory exists
+	configDir := filepath.Dir(configPath)
+	if err := os.MkdirAll(configDir, 0755); err != nil {
+		return fmt.Errorf("failed to create config directory: %w", err)
+	}
+
+	data, err := json.MarshalIndent(cfg, "", "  ")
+	if err != nil {
+		return fmt.Errorf("failed to marshal config: %w", err)
+	}
+
+	if err := os.WriteFile(configPath, data, 0600); err != nil {
+		return fmt.Errorf("failed to write config file: %w", err)
+	}
+
+	return nil
+}
+
+// GetAPIKey retrieves the Anthropic API key from config
+// If not found, prompts the user and saves it to config
+func GetAPIKey() (string, error) {
+	// Check config file
+	cfg, err := Load()
+	if err != nil {
+		return "", fmt.Errorf("failed to load config: %w", err)
+	}
+
+	if cfg.AnthropicAPIKey != "" {
+		return cfg.AnthropicAPIKey, nil
+	}
+
+	// Prompt user for API key
+	fmt.Println("ANTHROPIC_API_KEY not found.")
+	fmt.Print("Please enter your Anthropic API key: ")
+
+	reader := bufio.NewReader(os.Stdin)
+	apiKey, err := reader.ReadString('\n')
+	if err != nil {
+		return "", fmt.Errorf("failed to read API key: %w", err)
+	}
+
+	apiKey = strings.TrimSpace(apiKey)
+	if apiKey == "" {
+		return "", fmt.Errorf("API key cannot be empty")
+	}
+
+	// Validate the API key before saving
+	fmt.Print("Validating API key... ")
+	if err := ValidateAPIKey(apiKey); err != nil {
+		fmt.Println("✗")
+		return "", fmt.Errorf("invalid API key: %w", err)
+	}
+	fmt.Println("✓")
+
+	// Save to config
+	cfg.AnthropicAPIKey = apiKey
+	if err := Save(cfg); err != nil {
+		return "", fmt.Errorf("failed to save config: %w", err)
+	}
+
+	configPath, _ := GetConfigPath()
+	fmt.Printf("API key saved to %s\n", configPath)
+
+	return apiKey, nil
+}
+
+// ValidateAPIKey checks if the API key is valid by making a test API call
+func ValidateAPIKey(apiKey string) error {
+	client := anthropic.NewClient(option.WithAPIKey(apiKey))
+
+	ctx := context.Background()
+	_, err := client.Messages.New(ctx, anthropic.MessageNewParams{
+		MaxTokens: 10,
+		Messages: []anthropic.MessageParam{
+			anthropic.NewUserMessage(anthropic.NewTextBlock("test")),
+		},
+		Model: anthropic.ModelClaudeHaiku4_5_20251001,
+	})
+
+	if err != nil {
+		// Check if it's an authentication error
+		if strings.Contains(err.Error(), "401") || strings.Contains(err.Error(), "authentication_error") {
+			return fmt.Errorf("authentication failed - please check your API key")
+		}
+		return err
+	}
+
+	return nil
+}

package/extractor/extractor.go

@@ -23,8 +23,8 @@ type ExtractorResponse struct {
 }
 
 // ExtractPolicies uses LLM to extract policies from instruction file content
-func ExtractPolicies(ctx context.Context, content string) ([]parser.Policy, error) {
-	client, err := llm.NewClient()
+func ExtractPolicies(ctx context.Context, content string, apiKey string) ([]parser.Policy, error) {
+	client, err := llm.NewClient(apiKey)
 	if err != nil {
 		return nil, err
 	}

package/extractor/file.go

@@ -11,7 +11,7 @@ import (
 )
 
 // ExtractPoliciesFromFile reads a file and extracts policies using LLM
-func ExtractPoliciesFromFile(ctx context.Context, filePath string) ([]parser.Policy, error) {
+func ExtractPoliciesFromFile(ctx context.Context, filePath string, apiKey string) ([]parser.Policy, error) {
 	content, err := os.ReadFile(filePath)
 	if err != nil {
 		return nil, fmt.Errorf("failed to read file: %w", err)
@@ -24,5 +24,5 @@ func ExtractPoliciesFromFile(ctx context.Context, filePath string) ([]parser.Pol
 		contentStr = parser.StripMDCFrontmatter(contentStr)
 	}
 
-	return ExtractPolicies(ctx, contentStr)
+	return ExtractPolicies(ctx, contentStr, apiKey)
 }

package/llm/client.go

@@ -3,7 +3,7 @@ package llm
 import (
 	"context"
 	"fmt"
-	"os"
+	"strings"
 
 	"github.com/anthropics/anthropic-sdk-go"
 	"github.com/anthropics/anthropic-sdk-go/option"
@@ -14,13 +14,8 @@ type Client struct {
 	client *anthropic.Client
 }
 
-// NewClient creates a new Anthropic API client
-func NewClient() (*Client, error) {
-	apiKey := os.Getenv("ANTHROPIC_API_KEY")
-	if apiKey == "" {
-		return nil, fmt.Errorf("ANTHROPIC_API_KEY environment variable not set. Please set it to use LLM-based policy extraction")
-	}
-
+// NewClient creates a new Anthropic API client with the provided API key
+func NewClient(apiKey string) (*Client, error) {
 	client := anthropic.NewClient(
 		option.WithAPIKey(apiKey),
 	)
@@ -40,6 +35,11 @@ func (c *Client) SendMessage(ctx context.Context, prompt string) (string, error)
 		Model: anthropic.ModelClaudeHaiku4_5_20251001,
 	})
 	if err != nil {
+		// Check for authentication errors
+		errStr := err.Error()
+		if strings.Contains(errStr, "401") || strings.Contains(errStr, "authentication_error") {
+			return "", fmt.Errorf("authentication failed - your API key is invalid or expired. Please run 'tanagram sync' to update your API key")
+		}
 		return "", fmt.Errorf("failed to send message: %w", err)
 	}
 

package/main.go

@@ -96,8 +96,6 @@ COMMANDS:
   run      Check git changes against policies (default)
   sync     Manually sync instruction files to cache
   list     Show all cached policies
-  welcome  Show interactive welcome screen with setup options
-  puzzle   Interactive tangram puzzle editor
   help     Show this help message
 
 EXAMPLES:
@@ -105,8 +103,6 @@ EXAMPLES:
   tanagram run          # Same as above
   tanagram sync         # Manually sync policies
   tanagram list         # View all cached policies
-  tanagram welcome      # Show interactive welcome screen
-  tanagram puzzle       # Launch tangram puzzle editor
 
 INSTRUCTION FILES:
   Tanagram looks for instruction files in your git repository:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanagram/cli",
-  "version": "0.1.26",
+  "version": "0.1.27",
   "description": "Tanagram - Catch sloppy code before it ships",
   "main": "index.js",
   "bin": {
@@ -35,6 +35,7 @@
     "bin/tanagram.js",
     "checker/",
     "commands/",
+    "config/",
     "extractor/",
     "fixtures/",
     "git/",