@telepat/rilo 0.1.0

package/src/config/keystore.js

@@ -0,0 +1,175 @@
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+import os from 'node:os';
+import path from 'node:path';
+
+const SERVICE_NAME = 'rilo';
+const SECRETS_FILE = '.secrets';
+
+let keytarClientPromise;
+
+async function getKeytarClient() {
+  if (keytarClientPromise !== undefined) {
+    return keytarClientPromise;
+  }
+
+  keytarClientPromise = (async () => {
+    try {
+      const imported = await import('keytar');
+      const candidate = imported.default ?? imported;
+      if (
+        candidate &&
+        typeof candidate === 'object' &&
+        typeof candidate.setPassword === 'function' &&
+        typeof candidate.getPassword === 'function' &&
+        typeof candidate.deletePassword === 'function'
+      ) {
+        return candidate;
+      }
+    } catch {
+      // keytar is optional; fall through to encrypted file storage
+    }
+    return null;
+  })();
+
+  return keytarClientPromise;
+}
+
+function getRiloDir() {
+  return path.join(os.homedir(), '.rilo');
+}
+
+function getFallbackPath() {
+  return path.join(getRiloDir(), SECRETS_FILE);
+}
+
+function getMachineKey() {
+  const username = process.env.USER ?? process.env.USERNAME ?? 'user';
+  return crypto
+    .createHash('sha256')
+    .update(`${process.platform}:${process.arch}:${username}`)
+    .digest();
+}
+
+function encrypt(value) {
+  const iv = crypto.randomBytes(16);
+  const key = getMachineKey();
+  const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+  const encrypted = Buffer.concat([cipher.update(value, 'utf8'), cipher.final()]);
+  return `${iv.toString('hex')}:${encrypted.toString('hex')}`;
+}
+
+function decrypt(value) {
+  const colonIdx = value.indexOf(':');
+  if (colonIdx === -1) throw new Error('Invalid encrypted payload');
+  const ivHex = value.slice(0, colonIdx);
+  const contentHex = value.slice(colonIdx + 1);
+  if (!ivHex || !contentHex) throw new Error('Invalid encrypted payload');
+  const iv = Buffer.from(ivHex, 'hex');
+  const content = Buffer.from(contentHex, 'hex');
+  const decipher = crypto.createDecipheriv('aes-256-cbc', getMachineKey(), iv);
+  const decrypted = Buffer.concat([decipher.update(content), decipher.final()]);
+  return decrypted.toString('utf8');
+}
+
+function readFallbackSecrets() {
+  const filePath = getFallbackPath();
+  if (!fs.existsSync(filePath)) return {};
+  try {
+    const raw = fs.readFileSync(filePath, 'utf8');
+    const decrypted = decrypt(raw);
+    const parsed = JSON.parse(decrypted);
+    if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) return parsed;
+  } catch {
+    // corrupt or from old format; treat as empty
+  }
+  return {};
+}
+
+let _warnedFallback = false;
+
+function writeFallbackSecrets(secrets) {
+  const filtered = Object.fromEntries(
+    Object.entries(secrets).filter(([, v]) => typeof v === 'string' && v.trim() !== '')
+  );
+
+  const filePath = getFallbackPath();
+  if (Object.keys(filtered).length === 0) {
+    if (fs.existsSync(filePath)) fs.unlinkSync(filePath);
+    return;
+  }
+
+  const dir = getRiloDir();
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+
+  if (!_warnedFallback) {
+    _warnedFallback = true;
+    console.warn(
+      '[rilo] Native OS keystore unavailable. ' +
+      'Secrets are stored in an AES-256 encrypted file (~/.rilo/.secrets). ' +
+      'For stronger security, install a keytar-compatible libsecret on your system.'
+    );
+  }
+
+  fs.writeFileSync(filePath, encrypt(JSON.stringify(filtered)), { encoding: 'utf8', mode: 0o600 });
+}
+
+/**
+ * Store a secret. Tries the OS native keystore first; falls back to
+ * an AES-256 encrypted file under ~/.rilo/.secrets.
+ * @param {string} key   - account/key name (e.g. 'replicateApiToken')
+ * @param {string} value - secret value
+ */
+export async function setSecret(key, value) {
+  const client = await getKeytarClient();
+  if (client) {
+    try {
+      await client.setPassword(SERVICE_NAME, key, value);
+      return;
+    } catch {
+      // fall through
+    }
+  }
+  const current = readFallbackSecrets();
+  current[key] = value;
+  writeFallbackSecrets(current);
+}
+
+/**
+ * Retrieve a secret. Returns null if not stored.
+ * @param {string} key
+ * @returns {Promise<string|null>}
+ */
+export async function getSecret(key) {
+  const client = await getKeytarClient();
+  if (client) {
+    try {
+      const value = await client.getPassword(SERVICE_NAME, key);
+      if (value != null) return value;
+    } catch {
+      // fall through
+    }
+  }
+  return readFallbackSecrets()[key] ?? null;
+}
+
+/**
+ * Delete a stored secret.
+ * @param {string} key
+ */
+export async function deleteSecret(key) {
+  const client = await getKeytarClient();
+  if (client) {
+    try {
+      await client.deletePassword(SERVICE_NAME, key);
+    } catch {
+      // ignore keychain errors; continue to clean up file fallback
+    }
+  }
+  const current = readFallbackSecrets();
+  delete current[key];
+  writeFallbackSecrets(current);
+}
+
+// Exported for testing
+export { readFallbackSecrets, writeFallbackSecrets, encrypt, decrypt, getMachineKey };

package/src/config/models.js

@@ -0,0 +1,281 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const CONFIG_DIR = path.dirname(fileURLToPath(import.meta.url));
+const MODELS_DIR = path.resolve(CONFIG_DIR, '../../models');
+
+export const MODELS = {
+  deepseek: 'deepseek-ai/deepseek-v3',
+  keyframe: 'prunaai/z-image-turbo',
+  flux: 'black-forest-labs/flux-2-pro',
+  fluxSchnell: 'black-forest-labs/flux-schnell',
+  nanoBananaPro: 'google/nano-banana-pro',
+  seedream4: 'bytedance/seedream-4',
+  video: 'wan-video/wan-2.2-i2v-fast',
+  klingVideo3: 'kwaivgi/kling-v3-video',
+  pixverseV56: 'pixverse/pixverse-v5.6',
+  veo31: 'google/veo-3.1',
+  veo31Fast: 'google/veo-3.1-fast',
+  tts: 'minimax/speech-02-turbo',
+  chatterboxTurbo: 'resemble-ai/chatterbox-turbo',
+  kokoro82m: 'jaaari/kokoro-82m'
+};
+
+export const MODEL_CATEGORIES = {
+  textToText: 'textToText',
+  textToSpeech: 'textToSpeech',
+  textToImage: 'textToImage',
+  imageTextToVideo: 'imageTextToVideo'
+};
+
+export const DEFAULT_MODEL_SELECTIONS = {
+  [MODEL_CATEGORIES.textToText]: MODELS.deepseek,
+  [MODEL_CATEGORIES.textToSpeech]: MODELS.tts,
+  [MODEL_CATEGORIES.textToImage]: MODELS.keyframe,
+  [MODEL_CATEGORIES.imageTextToVideo]: MODELS.video
+};
+
+export const MODEL_SELECTION_KEYS = Object.keys(DEFAULT_MODEL_SELECTIONS);
+export const MODEL_OPTION_KEYS = [...MODEL_SELECTION_KEYS];
+
+const MODEL_METADATA_FILES = {
+  [MODELS.deepseek]: 'deepseek-ai__deepseek-v3.json',
+  [MODELS.keyframe]: 'prunaai__z-image-turbo.json',
+  [MODELS.flux]: 'black-forest-labs__flux-2-pro.json',
+  [MODELS.fluxSchnell]: 'black-forest-labs__flux-schnell.json',
+  [MODELS.nanoBananaPro]: 'google__nano-banana-pro.json',
+  [MODELS.seedream4]: 'bytedance__seedream-4.json',
+  [MODELS.video]: 'wan-video__wan-2.2-i2v-fast.json',
+  [MODELS.klingVideo3]: 'kwaivgi__kling-v3-video.json',
+  [MODELS.pixverseV56]: 'pixverse__pixverse-v5.6.json',
+  [MODELS.veo31]: 'google__veo-3.1.json',
+  [MODELS.veo31Fast]: 'google__veo-3.1-fast.json',
+  [MODELS.tts]: 'minimax__speech-02-turbo.json',
+  [MODELS.chatterboxTurbo]: 'resemble-ai__chatterbox-turbo.json',
+  [MODELS.kokoro82m]: 'jaaari__kokoro-82m.json'
+};
+
+export const MODEL_IDS_BY_CATEGORY = {
+  [MODEL_CATEGORIES.textToText]: [MODELS.deepseek],
+  [MODEL_CATEGORIES.textToSpeech]: [MODELS.tts, MODELS.chatterboxTurbo, MODELS.kokoro82m],
+  [MODEL_CATEGORIES.textToImage]: [MODELS.keyframe, MODELS.flux, MODELS.fluxSchnell, MODELS.nanoBananaPro, MODELS.seedream4],
+  [MODEL_CATEGORIES.imageTextToVideo]: [MODELS.video, MODELS.klingVideo3, MODELS.pixverseV56, MODELS.veo31, MODELS.veo31Fast]
+};
+
+export function toNullableNumber(value) {
+  if (value === null || value === undefined || value === '') {
+    return null;
+  }
+  const parsed = Number.parseFloat(value);
+  return Number.isFinite(parsed) ? parsed : null;
+}
+
+export function normalizePricing(pricing = {}) {
+  return {
+    usdPerSecond: toNullableNumber(pricing.usdPerSecond),
+    usdPer1kInputTokens: toNullableNumber(pricing.usdPer1kInputTokens),
+    usdPer1kOutputTokens: toNullableNumber(pricing.usdPer1kOutputTokens)
+  };
+}
+
+export function readModelMetadata(modelId) {
+  const fileName = MODEL_METADATA_FILES[modelId];
+  if (!fileName) {
+    return {
+      modelId,
+      pricing: normalizePricing({})
+    };
+  }
+
+  const filePath = path.join(MODELS_DIR, fileName);
+  try {
+    const raw = fs.readFileSync(filePath, 'utf8');
+    const parsed = JSON.parse(raw);
+    return {
+      ...parsed,
+      modelId: parsed.modelId || modelId,
+      pricing: normalizePricing(parsed.pricing || {})
+    };
+  } catch {
+    return {
+      modelId,
+      pricing: normalizePricing({})
+    };
+  }
+}
+
+export const MODEL_METADATA = Object.fromEntries(
+  Object.values(MODELS).map((modelId) => [modelId, readModelMetadata(modelId)])
+);
+
+export const SUPPORTED_MODEL_IDS = Object.keys(MODEL_METADATA);
+
+export const MODEL_PRICING = Object.fromEntries(
+  Object.entries(MODEL_METADATA).map(([modelId, metadata]) => [modelId, normalizePricing(metadata.pricing || {})])
+);
+
+function isPlainObject(value) {
+  return value !== null && typeof value === 'object' && !Array.isArray(value);
+}
+
+function getSafeInputOptions(metadata = {}) {
+  const inputOptions = isPlainObject(metadata.inputOptions) ? metadata.inputOptions : {};
+  const userConfigurable = Array.isArray(inputOptions.userConfigurable)
+    ? inputOptions.userConfigurable.filter((entry) => typeof entry === 'string' && entry.trim())
+    : [];
+  const pipelineManaged = Array.isArray(inputOptions.pipelineManaged)
+    ? inputOptions.pipelineManaged.filter((entry) => typeof entry === 'string' && entry.trim())
+    : [];
+  const fields = isPlainObject(inputOptions.fields) ? inputOptions.fields : {};
+
+  return {
+    userConfigurable,
+    pipelineManaged,
+    fields
+  };
+}
+
+export function getModelInputOptions(modelId) {
+  return getSafeInputOptions(MODEL_METADATA[modelId]);
+}
+
+export function resolveModelInputOptionsForCategory(category, modelSelections = {}) {
+  const modelId = resolveModelForCategory(category, modelSelections);
+  return getModelInputOptions(modelId);
+}
+
+export function resolveDefaultModelOptionsForCategory(category, modelSelections = {}) {
+  const inputOptions = resolveModelInputOptionsForCategory(category, modelSelections);
+  const defaults = {};
+
+  for (const optionKey of inputOptions.userConfigurable) {
+    const field = inputOptions.fields[optionKey];
+    if (field && Object.prototype.hasOwnProperty.call(field, 'default')) {
+      defaults[optionKey] = field.default;
+    }
+  }
+
+  return defaults;
+}
+
+export function getDefaultProjectModelOptions(modelSelections = {}) {
+  return Object.fromEntries(
+    MODEL_OPTION_KEYS.map((category) => [category, resolveDefaultModelOptionsForCategory(category, modelSelections)])
+  );
+}
+
+export function resolveProjectModelOptions(modelOptions = {}, modelSelections = {}) {
+  const defaults = getDefaultProjectModelOptions(modelSelections);
+  const normalizedInput = isPlainObject(modelOptions) ? modelOptions : {};
+
+  return Object.fromEntries(
+    MODEL_OPTION_KEYS.map((category) => {
+      const candidate = normalizedInput[category];
+      if (!isPlainObject(candidate)) {
+        return [category, defaults[category]];
+      }
+      return [category, { ...defaults[category], ...candidate }];
+    })
+  );
+}
+
+export function isKnownModelId(modelId) {
+  return typeof modelId === 'string' && SUPPORTED_MODEL_IDS.includes(modelId);
+}
+
+export function resolveProjectModelSelections(modelSelections = {}) {
+  if (!modelSelections || typeof modelSelections !== 'object' || Array.isArray(modelSelections)) {
+    return {
+      ...DEFAULT_MODEL_SELECTIONS
+    };
+  }
+
+  const resolved = {
+    ...DEFAULT_MODEL_SELECTIONS
+  };
+
+  for (const key of MODEL_SELECTION_KEYS) {
+    const candidate = modelSelections[key];
+    if (typeof candidate === 'string' && candidate.trim()) {
+      resolved[key] = candidate.trim();
+    }
+  }
+
+  return resolved;
+}
+
+export function resolveModelForCategory(category, modelSelections = {}) {
+  if (!MODEL_SELECTION_KEYS.includes(category)) {
+    throw new Error(`Unknown model category: ${category}`);
+  }
+  return resolveProjectModelSelections(modelSelections)[category];
+}
+
+export function getSupportedModelIdsForCategory(category) {
+  if (!MODEL_SELECTION_KEYS.includes(category)) {
+    throw new Error(`Unknown model category: ${category}`);
+  }
+
+  return [...(MODEL_IDS_BY_CATEGORY[category] || [])];
+}
+
+export const DEFAULT_VIDEO_CONFIG = {
+  width: 720,
+  height: 1280,
+  fps: 16,
+  durationSec: 60,
+  shots: 12,
+  segmentDurationSec: 5,
+  renderSpecVersion: 2
+};
+
+export function resolveTargetDurationSec(config = {}) {
+  const value = config.targetDurationSec;
+  if (Number.isInteger(value) && value >= 5) {
+    return value;
+  }
+  return DEFAULT_VIDEO_CONFIG.durationSec;
+}
+
+export function resolveShotCount(config = {}) {
+  const targetDurationSec = resolveTargetDurationSec(config);
+  return Math.max(1, Math.ceil(targetDurationSec / DEFAULT_VIDEO_CONFIG.segmentDurationSec));
+}
+
+export const ASPECT_RATIO_PRESETS = {
+  '1:1': {
+    keyframeWidth: 1024,
+    keyframeHeight: 1024,
+    videoResolution: '720p'
+  },
+  '16:9': {
+    keyframeWidth: 1024,
+    keyframeHeight: 576,
+    videoResolution: '720p'
+  },
+  '9:16': {
+    keyframeWidth: 576,
+    keyframeHeight: 1024,
+    videoResolution: '720p'
+  }
+};
+
+export function resolveKeyframeSize(config = {}) {
+  const aspectRatio = config.aspectRatio || '9:16';
+  const preset = ASPECT_RATIO_PRESETS[aspectRatio] || ASPECT_RATIO_PRESETS['9:16'];
+
+  if (Number.isInteger(config.keyframeWidth) && Number.isInteger(config.keyframeHeight)) {
+    return {
+      width: config.keyframeWidth,
+      height: config.keyframeHeight,
+      key: `${config.keyframeWidth}x${config.keyframeHeight}`
+    };
+  }
+
+  return {
+    width: preset.keyframeWidth,
+    height: preset.keyframeHeight,
+    key: `${preset.keyframeWidth}x${preset.keyframeHeight}`
+  };
+}

package/src/config/settingsSchema.js

@@ -0,0 +1,214 @@
+/**
+ * Describes every setting that can be managed via `rilo settings`.
+ *
+ * type: 'number' | 'string' | 'secure'
+ *   - 'secure'  => stored in the OS keystore / encrypted file (never in config.json)
+ *   - 'number'  => parsed as an integer
+ *   - 'string'  => stored as-is
+ *
+ * envNames: the env var names that map to this setting (first has priority).
+ *           The env.js module already resolves these in order, so we only list
+ *           them here for display and documentation purposes.
+ *
+ * configKey: the camelCase key written to ~/.rilo/config.json (public settings only).
+ *
+ * keystoreKey: the account name used with keytar / encrypted file (secure settings only).
+ */
+export const SETTINGS = [
+  // ── Secure settings (stored in keystore) ──────────────────────────────────
+  {
+    id: 'replicateApiToken',
+    label: 'Replicate API Token',
+    description: 'Your Replicate API key (replicate.com/account/api-tokens).',
+    type: 'secure',
+    keystoreKey: 'replicateApiToken',
+    envNames: ['RILO_REPLICATE_API_TOKEN', 'REPLICATE_API_TOKEN'],
+    default: ''
+  },
+  {
+    id: 'apiBearerToken',
+    label: 'API Bearer Token',
+    description: 'Bearer token for authenticating requests to the rilo HTTP API.',
+    type: 'secure',
+    keystoreKey: 'apiBearerToken',
+    envNames: ['RILO_API_BEARER_TOKEN', 'API_BEARER_TOKEN'],
+    default: ''
+  },
+
+  // ── Public settings (stored in ~/.rilo/config.json) ───────────────────────
+  {
+    id: 'maxRetries',
+    label: 'Max Retries',
+    description: 'Number of times to retry a failed prediction before giving up.',
+    type: 'number',
+    configKey: 'maxRetries',
+    envNames: ['MAX_RETRIES'],
+    default: 2,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 0) return 'Must be a non-negative integer.';
+      return true;
+    }
+  },
+  {
+    id: 'retryDelayMs',
+    label: 'Retry Delay (ms)',
+    description: 'Milliseconds to wait between retries.',
+    type: 'number',
+    configKey: 'retryDelayMs',
+    envNames: ['RETRY_DELAY_MS'],
+    default: 2500,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 0) return 'Must be a non-negative integer.';
+      return true;
+    }
+  },
+  {
+    id: 'predictionPollIntervalMs',
+    label: 'Poll Interval (ms)',
+    description: 'How often (ms) to poll Replicate for prediction status.',
+    type: 'number',
+    configKey: 'predictionPollIntervalMs',
+    envNames: ['PREDICTION_POLL_INTERVAL_MS'],
+    default: 1500,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 100) return 'Must be an integer ≥ 100.';
+      return true;
+    }
+  },
+  {
+    id: 'predictionMaxWaitMs',
+    label: 'Max Prediction Wait (ms)',
+    description: 'Maximum time (ms) to wait for a single prediction to complete.',
+    type: 'number',
+    configKey: 'predictionMaxWaitMs',
+    envNames: ['PREDICTION_MAX_WAIT_MS'],
+    default: 600000,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 1000) return 'Must be an integer ≥ 1000.';
+      return true;
+    }
+  },
+  {
+    id: 'downloadTimeoutMs',
+    label: 'Download Timeout (ms)',
+    description: 'Timeout (ms) for downloading generated media files.',
+    type: 'number',
+    configKey: 'downloadTimeoutMs',
+    envNames: ['DOWNLOAD_TIMEOUT_MS'],
+    default: 20000,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 1000) return 'Must be an integer ≥ 1000.';
+      return true;
+    }
+  },
+  {
+    id: 'downloadMaxBytes',
+    label: 'Download Max Size (bytes)',
+    description: 'Maximum allowed size in bytes for a downloaded file.',
+    type: 'number',
+    configKey: 'downloadMaxBytes',
+    envNames: ['DOWNLOAD_MAX_BYTES'],
+    default: 104857600,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 1) return 'Must be a positive integer.';
+      return true;
+    }
+  },
+  {
+    id: 'downloadAllowedHosts',
+    label: 'Download Allowed Hosts',
+    description: 'Comma-separated list of hostnames allowed for media downloads.',
+    type: 'string',
+    configKey: 'downloadAllowedHosts',
+    envNames: ['DOWNLOAD_ALLOWED_HOSTS'],
+    default: 'replicate.delivery,replicate.com',
+    validate(v) {
+      if (!v || !v.trim()) return 'Must not be empty.';
+      return true;
+    }
+  },
+  {
+    id: 'apiDefaultLogsLimit',
+    label: 'Default Logs Limit',
+    description: 'Default number of log entries returned by the API.',
+    type: 'number',
+    configKey: 'apiDefaultLogsLimit',
+    envNames: ['API_DEFAULT_LOGS_LIMIT'],
+    default: 100,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 1) return 'Must be a positive integer.';
+      return true;
+    }
+  },
+  {
+    id: 'apiMaxLogsLimit',
+    label: 'Max Logs Limit',
+    description: 'Hard cap on log entries returned by the API.',
+    type: 'number',
+    configKey: 'apiMaxLogsLimit',
+    envNames: ['API_MAX_LOGS_LIMIT'],
+    default: 1000,
+    validate(v) {
+      const n = Number(v);
+      if (!Number.isInteger(n) || n < 1) return 'Must be a positive integer.';
+      return true;
+    }
+  },
+  {
+    id: 'ffmpegBin',
+    label: 'ffmpeg Binary',
+    description: 'Path or command name for the ffmpeg binary.',
+    type: 'string',
+    configKey: 'ffmpegBin',
+    envNames: ['FFMPEG_BIN'],
+    default: 'ffmpeg',
+    validate(v) {
+      if (!v || !v.trim()) return 'Must not be empty.';
+      return true;
+    }
+  },
+  {
+    id: 'ffprobeBin',
+    label: 'ffprobe Binary',
+    description: 'Path or command name for the ffprobe binary.',
+    type: 'string',
+    configKey: 'ffprobeBin',
+    envNames: ['FFPROBE_BIN'],
+    default: 'ffprobe',
+    validate(v) {
+      if (!v || !v.trim()) return 'Must not be empty.';
+      return true;
+    }
+  },
+  {
+    id: 'ffsubsyncBin',
+    label: 'ffsubsync Binary',
+    description: 'Path or command name for the ffsubsync binary (optional subtitle tool).',
+    type: 'string',
+    configKey: 'ffsubsyncBin',
+    envNames: ['FFSUBSYNC_BIN'],
+    default: 'ffsubsync',
+    validate(v) {
+      if (!v || !v.trim()) return 'Must not be empty.';
+      return true;
+    }
+  }
+];
+
+/** Lookup by id */
+export function getSettingById(id) {
+  return SETTINGS.find((s) => s.id === id) ?? null;
+}
+
+/** Settings stored in keystore */
+export const SECURE_SETTINGS = SETTINGS.filter((s) => s.type === 'secure');
+
+/** Settings stored in ~/.rilo/config.json */
+export const PUBLIC_SETTINGS = SETTINGS.filter((s) => s.type !== 'secure');