@vibe-cafe/vibe-usage 0.8.3 → 0.9.0

package/README.md

@@ -4,30 +4,32 @@ Track your AI coding tool token usage and sync to [vibecafe.ai](https://vibecafe
 
 ## Quick Start
 
-Get your API key at [vibecafe.ai/usage](https://vibecafe.ai/usage), then copy the one-liner shown there:
-
-```bash
-npx @vibe-cafe/vibe-usage --key vbu_xxxxxxxxxxxx
-```
-
-Or run without a key and paste it interactively:
-
 ```bash
 npx @vibe-cafe/vibe-usage
 ```
 
-Either path will:
+That's it. The CLI opens [vibecafe.ai/usage/device](https://vibecafe.ai/usage/device) in your browser; sign in, confirm the verification code shown in your terminal, click 「确认链接」, and the CLI receives an API key automatically.
+
+After approval, it will:
 1. Save your API key to `~/.vibe-usage/config.json`
 2. Detect installed AI coding tools
 3. Run an initial sync of your usage data
 4. Prompt you to enable the background daemon for continuous syncing (recommended)
 
+### CI / Headless
+
+If you don't have a local browser (CI, remote SSH session, container), pre-issue a key at [vibecafe.ai/usage/setup](https://vibecafe.ai/usage/setup) and pass it on the command line:
+
+```bash
+npx @vibe-cafe/vibe-usage init --manual-key vbu_xxxxxxxxxxxx
+```
+
 ## Commands
 
 ```bash
-npx @vibe-cafe/vibe-usage              # Init (first run) or sync (subsequent runs)
-npx @vibe-cafe/vibe-usage --key <vbu_...>   # One-shot init with a pre-copied key
-npx @vibe-cafe/vibe-usage init         # Re-run setup
+npx @vibe-cafe/vibe-usage              # Init (first run, browser login) or sync (subsequent runs)
+npx @vibe-cafe/vibe-usage init         # Re-run setup via browser login
+npx @vibe-cafe/vibe-usage init --manual-key <vbu_...>   # Skip browser, use pre-issued key (CI/headless)
 npx @vibe-cafe/vibe-usage sync         # Manual sync
 npx @vibe-cafe/vibe-usage daemon       # Continuous sync (every 30m, foreground)
 npx @vibe-cafe/vibe-usage daemon install    # Install background service (systemd/launchd)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe-cafe/vibe-usage",
-  "version": "0.8.3",
+  "version": "0.9.0",
   "description": "Track your AI coding tool token usage and sync to vibecafe.ai",
   "type": "module",
   "bin": {

package/src/api.js

@@ -154,6 +154,64 @@ export function deleteAllData(apiUrl, apiKey, opts) {
   });
 }
 
+/**
+ * Start a device authorization flow.
+ * Returns the deviceCode (for polling) + userCode + URLs (for the user).
+ */
+export function requestDeviceCode(apiUrl, { clientName, hostname }) {
+  return _jsonRequest(apiUrl, '/api/usage/device/code', 'POST', { clientName, hostname }, 10_000);
+}
+
+/**
+ * One poll iteration. Resolves with one of:
+ *   { apiKey, apiUrl }                 — approved, key delivered
+ *   { error: 'authorization_pending' } — keep polling
+ *   { error: 'access_denied' }         — user pressed deny
+ *   { error: 'expired_token' }         — code expired or already consumed
+ *   { error: 'invalid_grant' | ... }   — unrecoverable
+ * Rejects only on network/server errors.
+ */
+export function pollDeviceCode(apiUrl, deviceCode) {
+  return _jsonRequest(apiUrl, '/api/usage/device/poll', 'POST', { deviceCode }, 15_000);
+}
+
+function _jsonRequest(apiUrl, path, method, body, timeoutMs) {
+  return new Promise((resolve, reject) => {
+    const url = new URL(path, apiUrl);
+    const mod = url.protocol === 'https:' ? https : http;
+    const raw = Buffer.from(JSON.stringify(body));
+
+    const req = mod.request(url, {
+      method,
+      timeout: timeoutMs,
+      headers: {
+        'Content-Type': 'application/json',
+        'Content-Length': raw.length,
+      },
+    }, (res) => {
+      let data = '';
+      res.on('data', (chunk) => { data += chunk; });
+      res.on('end', () => {
+        if (res.statusCode < 200 || res.statusCode >= 300) {
+          const err = new Error(`HTTP ${res.statusCode}: ${data}`);
+          err.statusCode = res.statusCode;
+          reject(err);
+          return;
+        }
+        try {
+          resolve(JSON.parse(data));
+        } catch {
+          reject(new Error(`Invalid JSON response: ${data}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(new Error(`Request timed out (${timeoutMs}ms)`)); });
+    req.write(raw);
+    req.end();
+  });
+}
+
 /**
  * GET user settings from the vibecafe API.
  * Returns null on any failure (network, auth, timeout) — caller should fail-safe.

package/src/index.js

@@ -108,7 +108,16 @@ function extractOption(args, name) {
 }
 
 export async function run(rawArgs) {
-  const { args, value: apiKey } = extractOption(rawArgs, 'key');
+  // --key and --manual-key both mean "skip device flow, take this vbu_ key".
+  // --manual-key is the documented name; --key is kept as a legacy alias so
+  // existing scripts/docs don't break when device flow becomes the default.
+  let stripped;
+  let apiKey;
+  ({ args: stripped, value: apiKey } = extractOption(rawArgs, 'manual-key'));
+  if (apiKey === undefined) {
+    ({ args: stripped, value: apiKey } = extractOption(stripped, 'key'));
+  }
+  const args = stripped;
   const command = args[0];
 
   switch (command) {
@@ -164,10 +173,9 @@ export async function run(rawArgs) {
   vibe-usage - Vibe Usage Tracker by VibeCafé
 
   Usage:
-    npx @vibe-cafe/vibe-usage              Init (first run) or sync
-    npx @vibe-cafe/vibe-usage --key <vbu_...>   One-shot init with a pre-copied key
-    npx @vibe-cafe/vibe-usage init         Set up API key (interactive)
-    npx @vibe-cafe/vibe-usage init --key <vbu_...>   Init with key, skip paste prompt
+    npx @vibe-cafe/vibe-usage              Init (first run, browser login) or sync
+    npx @vibe-cafe/vibe-usage init         Set up via browser login (default)
+    npx @vibe-cafe/vibe-usage init --manual-key <vbu_...>   Skip browser, use a pre-issued key (CI/headless)
     npx @vibe-cafe/vibe-usage sync         Manually sync usage data
     npx @vibe-cafe/vibe-usage daemon       Continuous sync (every 30m, foreground)
     npx @vibe-cafe/vibe-usage daemon install    Install background service (systemd/launchd)

package/src/init.js

@@ -2,11 +2,13 @@ import { createInterface } from 'node:readline';
 import { execFile } from 'node:child_process';
 import { hostname as osHostname, platform } from 'node:os';
 import { loadConfig, saveConfig } from './config.js';
-import { ingest } from './api.js';
+import { ingest, requestDeviceCode, pollDeviceCode } from './api.js';
 import { runSync } from './sync.js';
 import { detectInstalledTools } from './tools.js';
 import { bigHeader, success, failure, warn, arrow, link, dim, divider } from './output.js';
 
+const CLIENT_NAME = 'vibe-usage CLI';
+
 function prompt(question) {
   const rl = createInterface({ input: process.stdin, output: process.stdout });
   return new Promise((resolve) => {
@@ -49,6 +51,7 @@ export async function runInit(options = {}) {
   }
 
   const apiUrl = process.env.VIBE_USAGE_API_URL || 'https://vibecafe.ai';
+  const host = existing?.hostname || osHostname().replace(/\.local$/, '');
 
   let apiKey;
   if (providedKey) {
@@ -58,16 +61,8 @@ export async function runInit(options = {}) {
     }
     apiKey = providedKey;
   } else {
-    console.log(`${arrow('获取 API Key')} ${link(`${apiUrl}/usage`)}`);
-    console.log(dim('  浏览器会自动打开，登录后复制 Key 粘贴到下方。'));
-    console.log();
-    openBrowser(`${apiUrl}/usage`);
-
-    while (true) {
-      apiKey = await prompt('粘贴 API Key: ');
-      if (apiKey.startsWith('vbu_')) break;
-      console.log(warn('必须以 vbu_ 开头，请重试。'));
-    }
+    apiKey = await runDeviceFlow(apiUrl, host);
+    if (!apiKey) process.exit(1);
   }
 
   try {
@@ -84,7 +79,7 @@ export async function runInit(options = {}) {
   const config = {
     apiKey,
     apiUrl,
-    hostname: existing?.hostname || osHostname().replace(/\.local$/, ''),
+    hostname: host,
   };
   saveConfig(config);
 
@@ -119,3 +114,76 @@ export async function runInit(options = {}) {
     }
   }
 }
+
+async function runDeviceFlow(apiUrl, hostname) {
+  let device;
+  try {
+    device = await requestDeviceCode(apiUrl, { clientName: CLIENT_NAME, hostname });
+  } catch (err) {
+    console.error(failure(`无法连接 ${apiUrl}：${err.message}`));
+    return null;
+  }
+
+  console.log(`${arrow('登录确认')} ${link(device.verificationUriComplete)}`);
+  console.log(`  验证码: ${device.userCode}`);
+  console.log(dim('  浏览器会自动打开；如果没反应，请手动复制上方链接。'));
+  console.log();
+  openBrowser(device.verificationUriComplete);
+
+  const intervalMs = (device.interval || 5) * 1000;
+  const deadline = Date.now() + (device.expiresIn || 900) * 1000;
+
+  process.stdout.write(dim('等待审批…'));
+  const aborter = new AbortController();
+  const onSigint = () => { aborter.abort(); };
+  process.on('SIGINT', onSigint);
+  try {
+    while (Date.now() < deadline) {
+      if (aborter.signal.aborted) {
+        process.stdout.write('\n');
+        console.log(warn('已取消。'));
+        return null;
+      }
+      await sleep(intervalMs);
+      let res;
+      try {
+        res = await pollDeviceCode(apiUrl, device.deviceCode);
+      } catch (err) {
+        // Transient network blip — keep polling until deadline.
+        process.stdout.write(dim('.'));
+        continue;
+      }
+      if (res.apiKey) {
+        process.stdout.write('\n');
+        console.log(success('已批准，获取到 API Key。'));
+        return res.apiKey;
+      }
+      if (res.error === 'authorization_pending') {
+        process.stdout.write(dim('.'));
+        continue;
+      }
+      if (res.error === 'access_denied') {
+        process.stdout.write('\n');
+        console.error(failure('请求被拒绝。'));
+        return null;
+      }
+      if (res.error === 'expired_token') {
+        process.stdout.write('\n');
+        console.error(failure('验证码已过期，请重跑 init。'));
+        return null;
+      }
+      process.stdout.write('\n');
+      console.error(failure(`服务端返回未知错误：${res.error}`));
+      return null;
+    }
+    process.stdout.write('\n');
+    console.error(failure('验证码已过期，请重跑 init。'));
+    return null;
+  } finally {
+    process.removeListener('SIGINT', onSigint);
+  }
+}
+
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}