npm - @tryfridayai/cli - Versions diffs - 0.2.1 → 0.2.4 - Mend

@tryfridayai/cli 0.2.1 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/README.md +136 -0
package/package.json +3 -2
package/src/commands/chat/inputLine.js +510 -0
package/src/commands/chat/slashCommands.js +417 -133
package/src/commands/chat/smartAffordances.js +5 -0
package/src/commands/chat/welcomeScreen.js +56 -88
package/src/commands/chat.js +249 -113
package/src/commands/install.js +46 -16
package/src/commands/plugins.js +1 -10
package/src/commands/schedule.js +1 -10
package/src/commands/setup.js +49 -5
package/src/commands/uninstall.js +1 -10
package/src/resolveRuntime.js +31 -0
package/src/secureKeyStore.js +220 -0

package/src/commands/setup.js CHANGED Viewed

@@ -54,6 +54,50 @@ function ask(rl, question) {
   });
 }
+function askSecret(rl, prompt) {
+  return new Promise((resolve) => {
+    rl.pause();
+    rl.terminal = false;
+    process.stdout.write(prompt);
+    let input = '';
+    const wasRaw = process.stdin.isRaw;
+    if (process.stdin.isTTY) {
+      process.stdin.setRawMode(true);
+    }
+    process.stdin.resume();
+    const onData = (data) => {
+      const str = data.toString();
+      for (const char of str) {
+        if (char === '\r' || char === '\n') {
+          process.stdin.removeListener('data', onData);
+          if (process.stdin.isTTY) process.stdin.setRawMode(wasRaw || false);
+          process.stdout.write('\n');
+          rl.terminal = true;
+          rl.resume();
+          resolve(input);
+          return;
+        }
+        if (char === '\x03') {
+          process.stdin.removeListener('data', onData);
+          if (process.stdin.isTTY) process.stdin.setRawMode(wasRaw || false);
+          process.stdout.write('\n');
+          rl.terminal = true;
+          rl.resume();
+          resolve('');
+          return;
+        }
+        if (char === '\x7f' || char === '\b') {
+          if (input.length > 0) { input = input.slice(0, -1); process.stdout.write('\b \b'); }
+          continue;
+        }
+        input += char;
+        process.stdout.write('*');
+      }
+    };
+    process.stdin.on('data', onData);
+  });
+}
 function maskKey(key) {
   if (!key || key.length < 8) return '****';
   return key.slice(0, 7) + '...' + key.slice(-4);
@@ -78,7 +122,7 @@ export default async function setup(args) {
     console.log(`  Anthropic API key found: ${maskKey(existingKey)}`);
     const change = await ask(rl, '  Change it? (y/N): ');
     if (change.toLowerCase() === 'y') {
-      const key = await ask(rl, '  Paste your Anthropic API key: ');
+      const key = await askSecret(rl, '  Paste your Anthropic API key: ');
       if (key) {
         envVars.ANTHROPIC_API_KEY = key;
         config.anthropicApiKey = key;
@@ -89,7 +133,7 @@ export default async function setup(args) {
     console.log('  Friday uses Claude by Anthropic as its AI engine.');
     console.log('  Get a key at: https://console.anthropic.com/settings/keys');
     console.log('');
-    const key = await ask(rl, '  Paste your API key: ');
+    const key = await askSecret(rl, '  Paste your API key: ');
     if (!key) {
       console.log('  No key provided. You can set ANTHROPIC_API_KEY in your environment later.');
     } else {
@@ -148,19 +192,19 @@ export default async function setup(args) {
   console.log('  (Press Enter to skip any)');
   console.log('');
-  const openaiKey = await ask(rl, '  OpenAI API key (for image/video gen): ');
+  const openaiKey = await askSecret(rl, '  OpenAI API key (for image/video gen): ');
   if (openaiKey) {
     envVars.OPENAI_API_KEY = openaiKey;
     config.openaiApiKey = openaiKey;
   }
-  const googleKey = await ask(rl, '  Google AI API key (for Gemini/Imagen): ');
+  const googleKey = await askSecret(rl, '  Google AI API key (for Gemini/Imagen): ');
   if (googleKey) {
     envVars.GOOGLE_API_KEY = googleKey;
     config.googleApiKey = googleKey;
   }
-  const elevenKey = await ask(rl, '  ElevenLabs API key (for voice): ');
+  const elevenKey = await askSecret(rl, '  ElevenLabs API key (for voice): ');
   if (elevenKey) {
     envVars.ELEVENLABS_API_KEY = elevenKey;
     config.elevenlabsApiKey = elevenKey;

package/src/commands/uninstall.js CHANGED Viewed

@@ -3,17 +3,8 @@
  */
 import readline from 'readline';
-import { createRequire } from 'module';
 import path from 'path';
-const require = createRequire(import.meta.url);
-let runtimeDir;
-try {
-  const runtimePkg = require.resolve('friday-runtime/package.json');
-  runtimeDir = path.dirname(runtimePkg);
-} catch {
-  runtimeDir = path.resolve(path.dirname(new URL(import.meta.url).pathname), '..', '..', '..', 'runtime');
-}
+import { runtimeDir } from '../resolveRuntime.js';
 const DIM = '\x1b[2m';
 const RESET = '\x1b[0m';

package/src/resolveRuntime.js ADDED Viewed

@@ -0,0 +1,31 @@
+/**
+ * resolveRuntime.js — Locate the friday-runtime package directory.
+ *
+ * Tries three strategies in order:
+ *   1. import.meta.resolve('friday-runtime/stdio')  — uses exports map
+ *   2. createRequire().resolve('friday-runtime/package.json') — CJS fallback
+ *   3. Monorepo relative path — for local development
+ */
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { createRequire } from 'module';
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+let _runtimeDir;
+try {
+  const stdioUrl = import.meta.resolve('friday-runtime/stdio');
+  _runtimeDir = path.dirname(fileURLToPath(stdioUrl));
+} catch {
+  try {
+    const require = createRequire(import.meta.url);
+    const runtimePkg = require.resolve('friday-runtime/package.json');
+    _runtimeDir = path.dirname(runtimePkg);
+  } catch {
+    _runtimeDir = path.resolve(__dirname, '..', '..', 'runtime');
+  }
+}
+export const runtimeDir = _runtimeDir;

package/src/secureKeyStore.js ADDED Viewed

@@ -0,0 +1,220 @@
+/**
+ * SecureKeyStore - Secure storage for API keys using system keychain
+ *
+ * Uses keytar to store API keys in macOS Keychain, Windows Credential Manager,
+ * or Linux libsecret. Keys are NEVER stored in plain text files.
+ *
+ * This ensures API keys are:
+ * 1. Encrypted at rest by the OS
+ * 2. Protected by user authentication
+ * 3. Never exposed in environment variables or config files
+ */
+import os from 'os';
+import path from 'path';
+import fs from 'fs';
+const KEYTAR_SERVICE = 'FridayAI-APIKeys';
+const METADATA_FILE = '.api-keys-metadata.json';
+// API key configuration
+const API_KEYS = {
+  ANTHROPIC_API_KEY: {
+    label: 'Anthropic',
+    unlocks: 'Chat (Claude)',
+    envKey: 'ANTHROPIC_API_KEY',
+  },
+  OPENAI_API_KEY: {
+    label: 'OpenAI',
+    unlocks: 'Chat, Images, Voice, Video',
+    envKey: 'OPENAI_API_KEY',
+  },
+  GOOGLE_API_KEY: {
+    label: 'Google AI',
+    unlocks: 'Chat, Images, Voice, Video',
+    envKey: 'GOOGLE_API_KEY',
+  },
+  ELEVENLABS_API_KEY: {
+    label: 'ElevenLabs',
+    unlocks: 'Premium Voice',
+    envKey: 'ELEVENLABS_API_KEY',
+  },
+};
+let keytarModule = null;
+let keytarInitialized = false;
+async function getKeytar() {
+  if (keytarInitialized) return keytarModule;
+  try {
+    const module = await import('keytar');
+    keytarModule = module.default ?? module;
+    keytarInitialized = true;
+    return keytarModule;
+  } catch (error) {
+    console.error('[SecureKeyStore] keytar not available:', error.message);
+    keytarInitialized = true;
+    return null;
+  }
+}
+function getMetadataPath() {
+  const configDir = process.env.FRIDAY_CONFIG_DIR || path.join(os.homedir(), '.friday');
+  if (!fs.existsSync(configDir)) {
+    fs.mkdirSync(configDir, { recursive: true });
+  }
+  return path.join(configDir, METADATA_FILE);
+}
+function loadMetadata() {
+  const metadataPath = getMetadataPath();
+  try {
+    if (fs.existsSync(metadataPath)) {
+      return JSON.parse(fs.readFileSync(metadataPath, 'utf8'));
+    }
+  } catch {
+    // Ignore errors
+  }
+  return { keys: {} };
+}
+function saveMetadata(metadata) {
+  const metadataPath = getMetadataPath();
+  fs.writeFileSync(metadataPath, JSON.stringify(metadata, null, 2), 'utf8');
+}
+/**
+ * Store an API key securely in the system keychain
+ * @param {string} keyName - The key name (e.g., 'ANTHROPIC_API_KEY')
+ * @param {string} value - The API key value
+ * @returns {Promise<boolean>} - True if successful
+ */
+export async function setApiKey(keyName, value) {
+  const keytar = await getKeytar();
+  if (!keytar) {
+    throw new Error('Secure storage not available. Please ensure keytar is installed.');
+  }
+  await keytar.setPassword(KEYTAR_SERVICE, keyName, value);
+  // Update metadata (without storing the actual value)
+  const metadata = loadMetadata();
+  metadata.keys[keyName] = {
+    configured: true,
+    updatedAt: new Date().toISOString(),
+    // Store masked preview for UI display
+    preview: '*'.repeat(Math.max(0, value.length - 4)) + value.slice(-4),
+  };
+  saveMetadata(metadata);
+  return true;
+}
+/**
+ * Get an API key from the system keychain
+ * @param {string} keyName - The key name (e.g., 'ANTHROPIC_API_KEY')
+ * @returns {Promise<string|null>} - The API key value or null if not found
+ */
+export async function getApiKey(keyName) {
+  const keytar = await getKeytar();
+  if (!keytar) {
+    return null;
+  }
+  return await keytar.getPassword(KEYTAR_SERVICE, keyName);
+}
+/**
+ * Delete an API key from the system keychain
+ * @param {string} keyName - The key name (e.g., 'ANTHROPIC_API_KEY')
+ * @returns {Promise<boolean>} - True if deleted
+ */
+export async function deleteApiKey(keyName) {
+  const keytar = await getKeytar();
+  if (!keytar) {
+    return false;
+  }
+  await keytar.deletePassword(KEYTAR_SERVICE, keyName);
+  // Update metadata
+  const metadata = loadMetadata();
+  delete metadata.keys[keyName];
+  saveMetadata(metadata);
+  return true;
+}
+/**
+ * Get all configured API keys (values loaded from keychain)
+ * @returns {Promise<Object>} - Object with key names as keys and values
+ */
+export async function getAllApiKeys() {
+  const keytar = await getKeytar();
+  const keys = {};
+  if (!keytar) {
+    return keys;
+  }
+  for (const keyName of Object.keys(API_KEYS)) {
+    const value = await keytar.getPassword(KEYTAR_SERVICE, keyName);
+    if (value) {
+      keys[keyName] = value;
+    }
+  }
+  return keys;
+}
+/**
+ * Load API keys into process.env (for internal use by providers only)
+ * This should ONLY be called during server initialization,
+ * AFTER the sensitive env filtering is in place.
+ * @returns {Promise<void>}
+ */
+export async function loadApiKeysToEnv() {
+  const keys = await getAllApiKeys();
+  for (const [keyName, value] of Object.entries(keys)) {
+    // Only set if not already set (env vars take precedence)
+    if (!process.env[keyName]) {
+      process.env[keyName] = value;
+    }
+  }
+}
+/**
+ * Check which API keys are configured (without loading values)
+ * @returns {Object} - Object with key names and their configuration status
+ */
+export function getConfiguredKeys() {
+  const metadata = loadMetadata();
+  const result = {};
+  for (const [keyName, config] of Object.entries(API_KEYS)) {
+    const keyMeta = metadata.keys[keyName];
+    result[keyName] = {
+      ...config,
+      configured: !!keyMeta?.configured,
+      preview: keyMeta?.preview || null,
+    };
+  }
+  return result;
+}
+/**
+ * Check if secure storage is available
+ * @returns {Promise<boolean>}
+ */
+export async function isSecureStorageAvailable() {
+  const keytar = await getKeytar();
+  return !!keytar;
+}
+export { API_KEYS };