@toast-ninja/toast-cli 0.1.0

package/README.md

@@ -0,0 +1,100 @@
+# Toast CLI
+
+Minimal CLI for Toast Review CI workflows.
+
+See the [Review CI guide](https://github.com/toast-ninja/backend/blob/master/docs/review-ci.md)
+for prerequisites and the full try-it flow.
+
+## Install
+
+```bash
+npm install -g @toast-ninja/toast-cli
+```
+
+This installs the `toast` command.
+
+For local development from this repository:
+
+```bash
+npm install -g ./packages/toast-cli
+```
+
+## Review CI Auth
+
+```bash
+toast review-ci auth --repo toast-ninja/backend
+```
+
+The default auth flow opens a browser, completes GitHub auth through Toast, and
+stores a repo-scoped Toast token after the localhost callback returns.
+
+If browser auth is not available, use GitHub device auth explicitly:
+
+```bash
+toast review-ci auth --repo toast-ninja/backend --device
+```
+
+For automation or local debugging with an existing GitHub token:
+
+```bash
+toast review-ci auth --repo toast-ninja/backend --github-token "$GITHUB_TOKEN"
+```
+
+That token must be a user token that can prove active membership in the repo owner org. GitHub Actions' repository `GITHUB_TOKEN` is not a user login token; use `TOAST_TOKEN` in CI.
+
+## Review CI
+
+```bash
+toast review-ci wait \
+  --repo toast-ninja/backend \
+  --pr 1177 \
+  --head "$GITHUB_SHA" \
+  --timeout 20m \
+  --interval 10s
+```
+
+`wait` exits `0` only when Toast returns `acknowledged` for the exact head SHA. It exits `1` for actionable non-green states and `2` for auth, network, argument, or timeout errors.
+
+CI can also provide a token directly:
+
+```bash
+TOAST_TOKEN="$TOAST_TOKEN" toast review-ci status \
+  --repo toast-ninja/backend \
+  --pr 1177 \
+  --head "$GITHUB_SHA" \
+  --json
+```
+
+Use `next` to fetch the actionable Review CI payload, including unresolved
+thread/comment URLs when Toast has enough context:
+
+```bash
+toast review-ci next \
+  --repo toast-ninja/backend \
+  --pr 1177 \
+  --head "$GITHUB_SHA"
+```
+
+Install agent guidance for Codex-compatible skill directories:
+
+```bash
+toast review-ci instructions --install-codex
+```
+
+Or print the guidance:
+
+```bash
+toast review-ci instructions
+```
+
+## AI Agent Instructions
+
+Before using `gh` to rediscover review context, run:
+
+```bash
+toast review-ci next --repo OWNER/REPO --pr NUMBER --head HEAD_SHA
+```
+
+Fix every unresolved thread/comment listed by URL. Reply with what changed,
+resolve threads when requested, push the fix, then run `toast review-ci wait`
+for the exact head SHA before reporting completion.

package/bin/toast.js

@@ -0,0 +1,18 @@
+#!/usr/bin/env node
+
+const { main } = require('../src/cli')
+
+main({
+	argv: process.argv,
+	env: process.env,
+	stdout: process.stdout,
+	stderr: process.stderr,
+}).then(
+	exitCode => {
+		process.exitCode = exitCode
+	},
+	error => {
+		process.stderr.write(`${error.message}\n`)
+		process.exitCode = 2
+	},
+)

package/package.json

@@ -0,0 +1,23 @@
+{
+	"name": "@toast-ninja/toast-cli",
+	"version": "0.1.0",
+	"description": "Toast CLI for agent CI workflows",
+	"bin": {
+		"toast": "bin/toast.js"
+	},
+	"engines": {
+		"node": ">=18"
+	},
+	"license": "ISC",
+	"publishConfig": {
+		"access": "public"
+	},
+	"files": [
+		"bin",
+		"skills",
+		"src/cli.js",
+		"src/config-store.js",
+		"src/http.js",
+		"README.md"
+	]
+}

package/skills/review-ci/SKILL.md

@@ -0,0 +1,25 @@
+---
+name: toast-review-ci
+description: Use when addressing GitHub pull request review feedback in a repo that uses Toast Review CI.
+---
+
+# Toast Review CI
+
+Use Toast Review CI before rediscovering review context with `gh`.
+
+1. Run:
+
+```bash
+toast review-ci next --repo OWNER/REPO --pr NUMBER --head HEAD_SHA
+```
+
+2. Fix every `blocking_items` entry. Prefer the URL and body from Toast over a fresh GitHub search.
+3. Reply with what changed when a reply is requested. Include the relevant commit link if available.
+4. Resolve review threads when `suggested_reply_requirements.resolve_thread_required` is true.
+5. Push the fix, then wait on the exact new head:
+
+```bash
+toast review-ci wait --repo OWNER/REPO --pr NUMBER --head HEAD_SHA
+```
+
+Only report completion after Review CI returns `acknowledged`.

package/src/cli.js

@@ -0,0 +1,603 @@
+const childProcess = require('child_process')
+const crypto = require('crypto')
+const fs = require('fs')
+const http = require('http')
+const os = require('os')
+const path = require('path')
+const {
+	readConfig: defaultReadConfig,
+	writeConfig: defaultWriteConfig,
+} = require('./config-store')
+const { requestJson } = require('./http')
+
+const DEFAULT_API_URL = 'https://api.toast.ninja'
+const WAIT_STATUSES = new Set(['pending', 'degraded:reconciliation_incomplete'])
+const REVIEW_CI_SKILL_PATH = path.join(
+	__dirname,
+	'..',
+	'skills',
+	'review-ci',
+	'SKILL.md',
+)
+const REVIEW_CI_COMMANDS = new Set(['review-ci'])
+
+const sleepDefault = ms =>
+	new Promise(resolve => {
+		setTimeout(resolve, ms)
+	})
+
+const parseArgs = args => {
+	const options = {}
+	const positional = []
+
+	for (let index = 0; index < args.length; index += 1) {
+		const arg = args[index]
+
+		if (!arg.startsWith('--')) {
+			positional.push(arg)
+		} else {
+			const key = arg.slice(2)
+			const next = args[index + 1]
+
+			if (!next || next.startsWith('--')) {
+				options[key] = true
+			} else {
+				options[key] = next
+				index += 1
+			}
+		}
+	}
+
+	return { positional, options }
+}
+
+const parseRepo = repoFullName => {
+	const [owner, repo] = String(repoFullName || '').split('/')
+
+	if (!owner || !repo) throw new Error('--repo must be OWNER/REPO')
+
+	return { owner, repo, fullName: `${owner}/${repo}` }
+}
+
+const requireOption = (options, key) => {
+	if (!options[key]) throw new Error(`Missing --${key}`)
+
+	return options[key]
+}
+
+const normalizeApiUrl = apiUrl =>
+	String(apiUrl || DEFAULT_API_URL).replace(/\/+$/, '')
+
+const getApiUrl = ({ options, env, config }) =>
+	normalizeApiUrl(options['api-url'] || env.TOAST_API_URL || config.apiUrl)
+
+const getToken = ({ options, env, config }) =>
+	options.token || env.TOAST_TOKEN || config.token
+
+const toMillis = value => {
+	if (value instanceof Date) return value.getTime()
+
+	return Number(value)
+}
+
+const parseDurationMs = value => {
+	const match = String(value || '').match(/^(\d+)(ms|s|m)?$/)
+
+	if (!match) throw new Error(`Invalid duration: ${value}`)
+
+	const amount = Number.parseInt(match[1], 10)
+	const unit = match[2] || 'ms'
+
+	if (unit === 'm') return amount * 60 * 1000
+	if (unit === 's') return amount * 1000
+
+	return amount
+}
+
+const parseBrowserCallbackAuth = ({ requestUrl, expectedState }) => {
+	const callbackUrl = new URL(requestUrl, 'http://127.0.0.1')
+	const state = callbackUrl.searchParams.get('state')
+	const error = callbackUrl.searchParams.get('error')
+
+	if (state !== expectedState) throw new Error('Invalid Review CI auth state')
+	if (error) throw new Error(`Review CI auth failed: ${error}`)
+
+	const auth = {
+		code: callbackUrl.searchParams.get('code'),
+		token: callbackUrl.searchParams.get('token'),
+		token_type: callbackUrl.searchParams.get('token_type'),
+		expires_in: Number(callbackUrl.searchParams.get('expires_in')),
+		github_login: callbackUrl.searchParams.get('github_login'),
+		repo: callbackUrl.searchParams.get('repo'),
+	}
+
+	if (auth.code) return { code: auth.code }
+
+	if (!auth.token || !auth.github_login || !auth.repo || !auth.expires_in) {
+		throw new Error('Review CI auth callback was missing credentials')
+	}
+
+	return auth
+}
+
+const createBrowserCallbackServerDefault = () =>
+	new Promise((resolve, reject) => {
+		const state = crypto.randomBytes(16).toString('hex')
+		let resolveCallback
+		let rejectCallback
+		const callbackPromise = new Promise((resolveAuth, rejectAuth) => {
+			resolveCallback = resolveAuth
+			rejectCallback = rejectAuth
+		})
+		const server = http.createServer((req, res) => {
+			if (req.method !== 'GET') {
+				res.statusCode = 405
+				res.end('Method Not Allowed')
+				return
+			}
+
+			try {
+				const auth = parseBrowserCallbackAuth({
+					requestUrl: req.url,
+					expectedState: state,
+				})
+
+				res.statusCode = 200
+				res.setHeader('Content-Type', 'text/plain; charset=utf-8')
+				res.end('Review CI authentication complete. You can close this tab.')
+				resolveCallback(auth)
+			} catch (error) {
+				res.statusCode = 400
+				res.setHeader('Content-Type', 'text/plain; charset=utf-8')
+				res.end(`Review CI authentication failed: ${error.message}`)
+				rejectCallback(error)
+			}
+		})
+
+		server.on('error', reject)
+		server.listen(0, '127.0.0.1', () => {
+			const address = server.address()
+
+			resolve({
+				state,
+				redirectUri: `http://127.0.0.1:${address.port}/callback`,
+				waitForCallback: () => callbackPromise,
+				close: () =>
+					new Promise(resolveClose => {
+						server.close(() => resolveClose())
+					}),
+			})
+		})
+	})
+
+const getBrowserOpenCommand = url => {
+	if (process.platform === 'darwin') return { command: 'open', args: [url] }
+	if (process.platform === 'win32') {
+		return { command: 'cmd', args: ['/c', 'start', '', url] }
+	}
+
+	return { command: 'xdg-open', args: [url] }
+}
+
+const openBrowserDefault = url =>
+	new Promise((resolve, reject) => {
+		const { command, args } = getBrowserOpenCommand(url)
+		const child = childProcess.spawn(command, args, {
+			detached: true,
+			stdio: 'ignore',
+		})
+
+		child.once('error', reject)
+		child.once('spawn', () => {
+			child.unref()
+			resolve()
+		})
+	})
+
+const buildReviewStateUrl = ({ apiUrl, repo, pullNumber, head, endpoint }) =>
+	`${apiUrl}/api/review-ci/repos/${encodeURIComponent(
+		repo.owner,
+	)}/${encodeURIComponent(repo.repo)}/pulls/${encodeURIComponent(
+		pullNumber,
+	)}/${endpoint}?head=${encodeURIComponent(head)}`
+
+const requestReviewState = async ({
+	options,
+	env,
+	config,
+	request,
+	endpoint = 'status',
+}) => {
+	const repo = parseRepo(requireOption(options, 'repo'))
+	const pullNumber = requireOption(options, 'pr')
+	const head = requireOption(options, 'head')
+	const apiUrl = getApiUrl({ options, env, config })
+	const token = getToken({ options, env, config })
+
+	if (!token)
+		throw new Error(
+			'Missing Toast token. Run `toast review-ci auth` or set TOAST_TOKEN.',
+		)
+
+	const response = await request({
+		method: 'GET',
+		url: buildReviewStateUrl({ apiUrl, repo, pullNumber, head, endpoint }),
+		headers: {
+			Authorization: `Bearer ${token}`,
+		},
+	})
+
+	if (response.statusCode >= 400) {
+		throw new Error(`Review CI request failed with HTTP ${response.statusCode}`)
+	}
+
+	return response.body
+}
+
+const getReviewStateArgs = context => context.commandArgs || context.argv.slice(4)
+
+const writeReviewState = ({ state, stdout, asJson, includeBlockingItems }) => {
+	if (asJson) {
+		stdout.write(`${JSON.stringify(state, null, 2)}\n`)
+		return
+	}
+
+	stdout.write(
+		`Review CI ${state.status} head=${state.head || '<unknown>'} next=${
+			state.next_action
+		}\n`,
+	)
+
+	if (!includeBlockingItems || !state.blocking_items?.length) return
+
+	stdout.write('Blocking items:\n')
+	state.blocking_items.forEach((item, index) => {
+		const location = [item.path, item.line].filter(Boolean).join(':')
+		const reviewer = item.reviewer || '<unknown>'
+
+		stdout.write(
+			`${index + 1}. ${item.kind} ${item.url || '<no URL>'} reviewer=${reviewer}`,
+		)
+		if (location) stdout.write(` location=${location}`)
+		stdout.write('\n')
+	})
+}
+
+const handleStatus = async context => {
+	const config = context.readConfig()
+	const { options } = parseArgs(getReviewStateArgs(context))
+	const state = await requestReviewState({ ...context, config, options })
+
+	writeReviewState({ state, stdout: context.stdout, asJson: options.json })
+
+	return state.status === 'acknowledged' ? 0 : 1
+}
+
+const handleNext = async context => {
+	const config = context.readConfig()
+	const { options } = parseArgs(getReviewStateArgs(context))
+	const state = await requestReviewState({
+		...context,
+		config,
+		options,
+		endpoint: 'next',
+	})
+
+	writeReviewState({
+		state,
+		stdout: context.stdout,
+		asJson: options.json,
+		includeBlockingItems: true,
+	})
+
+	return state.status === 'acknowledged' ? 0 : 1
+}
+
+const handleWait = async context => {
+	const config = context.readConfig()
+	const { options } = parseArgs(getReviewStateArgs(context))
+	const timeoutMs = parseDurationMs(options.timeout || '20m')
+	const intervalMs = parseDurationMs(options.interval || '10s')
+	const startedAt = toMillis(context.now())
+	let elapsedMs = 0
+
+	while (elapsedMs <= timeoutMs) {
+		// eslint-disable-next-line no-await-in-loop
+		const state = await requestReviewState({ ...context, config, options })
+
+		if (state.status === 'acknowledged') {
+			writeReviewState({ state, stdout: context.stdout, asJson: options.json })
+			return 0
+		}
+
+		if (!WAIT_STATUSES.has(state.status)) {
+			writeReviewState({ state, stdout: context.stdout, asJson: options.json })
+			return 1
+		}
+
+		// eslint-disable-next-line no-await-in-loop
+		await context.sleep(intervalMs)
+		elapsedMs += intervalMs
+
+		if (toMillis(context.now()) - startedAt > timeoutMs) {
+			break
+		}
+	}
+
+	context.stderr.write('Timed out waiting for Review CI acknowledgement\n')
+	return 2
+}
+
+const completeLogin = ({ context, auth, apiUrl }) => {
+	const existingConfig = context.readConfig()
+	const expiresAt = new Date(
+		toMillis(context.now()) + auth.expires_in * 1000,
+	).toISOString()
+
+	context.writeConfig({
+		...existingConfig,
+		apiUrl,
+		repo: auth.repo,
+		token: auth.token,
+		githubLogin: auth.github_login,
+		expiresAt,
+	})
+	context.stdout.write(`Authenticated ${auth.github_login} for ${auth.repo}\n`)
+	context.stdout.write(
+		'Agent setup: run `toast review-ci instructions --install-codex` to install Review CI guidance.\n',
+	)
+}
+
+const exchangeGithubToken = async ({ context, options, apiUrl, repo }) => {
+	const githubToken =
+		options['github-token'] === true
+			? context.env.GITHUB_TOKEN
+			: options['github-token']
+
+	if (!githubToken) throw new Error('Missing --github-token')
+
+	const response = await context.request({
+		method: 'POST',
+		url: `${apiUrl}/api/review-ci/auth/github`,
+		body: {
+			repo: repo.fullName,
+			github_access_token: githubToken,
+		},
+	})
+
+	if (response.statusCode >= 400) {
+		throw new Error(`Login failed with HTTP ${response.statusCode}`)
+	}
+
+	return response.body
+}
+
+const runDeviceLogin = async ({ context, apiUrl, repo }) => {
+	const startResponse = await context.request({
+		method: 'POST',
+		url: `${apiUrl}/api/review-ci/auth/github/device/start`,
+		body: {
+			repo: repo.fullName,
+		},
+	})
+
+	if (startResponse.statusCode >= 400) {
+		throw new Error(`Device login failed with HTTP ${startResponse.statusCode}`)
+	}
+
+	const device = startResponse.body
+	const intervalMs = Number(device.interval || 5) * 1000
+	let elapsedMs = 0
+
+	context.stdout.write(
+		`Open ${device.verification_uri} and enter code ${device.user_code}\n`,
+	)
+
+	while (elapsedMs <= Number(device.expires_in || 900) * 1000) {
+		// eslint-disable-next-line no-await-in-loop
+		const completeResponse = await context.request({
+			method: 'POST',
+			url: `${apiUrl}/api/review-ci/auth/github/device/complete`,
+			body: {
+				repo: repo.fullName,
+				device_code: device.device_code,
+			},
+		})
+
+		if (completeResponse.statusCode === 200) return completeResponse.body
+
+		if (completeResponse.body?.error !== 'authorization_pending') {
+			throw new Error(`Device login failed with HTTP ${completeResponse.statusCode}`)
+		}
+
+		// eslint-disable-next-line no-await-in-loop
+		await context.sleep(intervalMs)
+		elapsedMs += intervalMs
+	}
+
+	throw new Error('Device login timed out')
+}
+
+const runBrowserLogin = async ({ context, apiUrl, repo }) => {
+	const callback = await context.createBrowserCallbackServer()
+
+	try {
+		const startResponse = await context.request({
+			method: 'POST',
+			url: `${apiUrl}/api/review-ci/auth/github/browser/start`,
+			body: {
+				repo: repo.fullName,
+				owner: repo.owner,
+				repository: repo.repo,
+				redirect_uri: callback.redirectUri,
+				state: callback.state,
+			},
+		})
+
+		if (startResponse.statusCode >= 400) {
+			throw new Error(`Browser login failed with HTTP ${startResponse.statusCode}`)
+		}
+
+		const authorizationUrl =
+			startResponse.body?.authorization_url || startResponse.body?.browser_url
+
+		if (!authorizationUrl) {
+			throw new Error('Browser login did not return an authorization URL')
+		}
+
+		context.stdout.write('Opening browser for Review CI authentication...\n')
+		await context.openBrowser(authorizationUrl)
+
+		const callbackAuth = await Promise.race([
+			callback.waitForCallback(),
+			context
+				.sleep(Number(startResponse.body?.expires_in || 600) * 1000)
+				.then(() => {
+					throw new Error('Browser login timed out')
+				}),
+		])
+
+		if (!callbackAuth.code) return callbackAuth
+
+		const completeResponse = await context.request({
+			method: 'POST',
+			url: `${apiUrl}/api/review-ci/auth/github/browser/complete`,
+			body: {
+				code: callbackAuth.code,
+			},
+		})
+
+		if (completeResponse.statusCode >= 400) {
+			throw new Error(
+				`Browser login failed with HTTP ${completeResponse.statusCode}`,
+			)
+		}
+
+		return completeResponse.body
+	} finally {
+		await callback.close()
+	}
+}
+
+const handleAuth = async context => {
+	const config = context.readConfig()
+	const { options } = parseArgs(context.commandArgs || context.argv.slice(3))
+	const repo = parseRepo(requireOption(options, 'repo'))
+	const apiUrl = getApiUrl({ options, env: context.env, config })
+	let auth
+
+	if (options['github-token']) {
+		auth = await exchangeGithubToken({ context, options, apiUrl, repo })
+	} else if (options.device) {
+		auth = await runDeviceLogin({ context, apiUrl, repo })
+	} else {
+		auth = await runBrowserLogin({ context, apiUrl, repo })
+	}
+
+	completeLogin({ context, auth, apiUrl })
+
+	return 0
+}
+
+const readReviewCiSkill = () => fs.readFileSync(REVIEW_CI_SKILL_PATH, 'utf8')
+
+const getCodexSkillPath = env =>
+	path.join(
+		env.CODEX_HOME || path.join(os.homedir(), '.codex'),
+		'skills',
+		'toast-review-ci',
+		'SKILL.md',
+	)
+
+const installCodexSkill = ({ env, stdout }) => {
+	const skillPath = getCodexSkillPath(env)
+
+	fs.mkdirSync(path.dirname(skillPath), { recursive: true, mode: 0o700 })
+	fs.writeFileSync(skillPath, readReviewCiSkill(), { mode: 0o600 })
+	stdout.write(`Installed Review CI agent instructions to ${skillPath}\n`)
+}
+
+const handleInstructions = async context => {
+	const { options } = parseArgs(context.commandArgs || [])
+
+	if (options['install-codex']) {
+		installCodexSkill({ env: context.env, stdout: context.stdout })
+		return 0
+	}
+
+	context.stdout.write(readReviewCiSkill())
+	return 0
+}
+
+const printHelp = stdout => {
+	stdout.write(`Usage:
+  toast review-ci auth --repo OWNER/REPO [--device|--github-token TOKEN]
+  toast review-ci status --repo OWNER/REPO --pr NUMBER --head SHA
+  toast review-ci next --repo OWNER/REPO --pr NUMBER --head SHA
+  toast review-ci wait --repo OWNER/REPO --pr NUMBER --head SHA
+  toast review-ci instructions [--install-codex]
+`)
+}
+
+const handleReviewCiCommand = async (context, command) => {
+	if (command === 'auth') return handleAuth(context)
+	if (command === 'status') return handleStatus(context)
+	if (command === 'next') return handleNext(context)
+	if (command === 'wait') return handleWait(context)
+	if (command === 'instructions') return handleInstructions(context)
+
+	printHelp(context.stdout)
+	return command ? 2 : 0
+}
+
+const main = async ({
+	argv,
+	env = process.env,
+	request = requestJson,
+	readConfig = defaultReadConfig,
+	writeConfig = defaultWriteConfig,
+	sleep = sleepDefault,
+	now = () => new Date(),
+	createBrowserCallbackServer = createBrowserCallbackServerDefault,
+	openBrowser = openBrowserDefault,
+	stdout = process.stdout,
+	stderr = process.stderr,
+}) => {
+	const context = {
+		argv,
+		env,
+		request,
+		readConfig,
+		writeConfig,
+		sleep,
+		now,
+		createBrowserCallbackServer,
+		openBrowser,
+		stdout,
+		stderr,
+	}
+
+	try {
+		if (argv[2] === 'login') {
+			return await handleAuth({ ...context, commandArgs: argv.slice(3) })
+		}
+
+		if (REVIEW_CI_COMMANDS.has(argv[2])) {
+			return await handleReviewCiCommand(
+				{ ...context, commandArgs: argv.slice(4) },
+				argv[3],
+			)
+		}
+
+		printHelp(stdout)
+		return argv[2] ? 2 : 0
+	} catch (error) {
+		stderr.write(`${error.message}\n`)
+		return 2
+	}
+}
+
+module.exports = {
+	main,
+	parseDurationMs,
+}

package/src/config-store.js

@@ -0,0 +1,38 @@
+const fs = require('fs')
+const os = require('os')
+const path = require('path')
+
+const getConfigPath = (env = process.env) => {
+	if (env.TOAST_CONFIG_PATH) return env.TOAST_CONFIG_PATH
+
+	const configHome =
+		env.TOAST_CONFIG_HOME ||
+		env.XDG_CONFIG_HOME ||
+		path.join(os.homedir(), '.config')
+
+	return path.join(configHome, 'toast', 'config.json')
+}
+
+const readConfig = (env = process.env) => {
+	const configPath = getConfigPath(env)
+
+	if (!fs.existsSync(configPath)) return {}
+
+	return JSON.parse(fs.readFileSync(configPath, 'utf8'))
+}
+
+const writeConfig = (config, env = process.env) => {
+	const configPath = getConfigPath(env)
+
+	fs.mkdirSync(path.dirname(configPath), { recursive: true, mode: 0o700 })
+	fs.writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`, {
+		mode: 0o600,
+	})
+	fs.chmodSync(configPath, 0o600)
+}
+
+module.exports = {
+	getConfigPath,
+	readConfig,
+	writeConfig,
+}

package/src/http.js

@@ -0,0 +1,74 @@
+const http = require('http')
+const https = require('https')
+
+const DEFAULT_TIMEOUT_MS = 30000
+
+const requestJson = ({
+	method = 'GET',
+	url,
+	headers = {},
+	body,
+	timeoutMs = DEFAULT_TIMEOUT_MS,
+}) =>
+	new Promise((resolve, reject) => {
+		const target = new URL(url)
+		const payload = body === undefined ? undefined : JSON.stringify(body)
+		const client = target.protocol === 'http:' ? http : https
+		const request = client.request(
+			target,
+			{
+				method,
+				headers: {
+					Accept: 'application/json',
+					'User-Agent': '@toast-ninja/toast-cli',
+					...(payload
+						? {
+								'Content-Type': 'application/json',
+								'Content-Length': Buffer.byteLength(payload),
+							}
+						: {}),
+					...headers,
+				},
+			},
+			response => {
+				let responseBody = ''
+
+				response.setEncoding('utf8')
+				response.on('data', chunk => {
+					responseBody += chunk
+				})
+				response.on('end', () => {
+					let parsedBody = null
+
+					if (responseBody) {
+						try {
+							parsedBody = JSON.parse(responseBody)
+						} catch (e) {
+							parsedBody = responseBody
+						}
+					}
+
+					resolve({
+						statusCode: response.statusCode,
+						body: parsedBody,
+						headers: response.headers,
+					})
+				})
+			},
+		)
+
+		request.on('error', reject)
+		request.setTimeout(timeoutMs, () => {
+			const error = new Error(`Request timed out after ${timeoutMs}ms`)
+			error.code = 'ETIMEDOUT'
+			request.destroy(error)
+		})
+
+		if (payload) request.write(payload)
+		request.end()
+	})
+
+module.exports = {
+	DEFAULT_TIMEOUT_MS,
+	requestJson,
+}