agent-cards-admin 0.3.13 → 0.3.14
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/package.json +1 -1
- package/dist/src/commands/wizard.d.ts.map +1 -1
- package/dist/src/commands/wizard.js +36 -19
- package/dist/src/commands/wizard.js.map +1 -1
- package/dist/src/lib/wizard/onboard.d.ts +24 -0
- package/dist/src/lib/wizard/onboard.d.ts.map +1 -0
- package/dist/src/lib/wizard/onboard.js +113 -0
- package/dist/src/lib/wizard/onboard.js.map +1 -0
- package/dist/src/lib/wizard/playbook.d.ts +8 -1
- package/dist/src/lib/wizard/playbook.d.ts.map +1 -1
- package/dist/src/lib/wizard/playbook.js +8 -7
- package/dist/src/lib/wizard/playbook.js.map +1 -1
- package/dist/src/lib/wizard/secrets.d.ts +11 -0
- package/dist/src/lib/wizard/secrets.d.ts.map +1 -0
- package/dist/src/lib/wizard/secrets.js +49 -0
- package/dist/src/lib/wizard/secrets.js.map +1 -0
- package/package.json +1 -1
package/dist/package.json
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wizard.d.ts","sourceRoot":"","sources":["../../../src/commands/wizard.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"wizard.d.ts","sourceRoot":"","sources":["../../../src/commands/wizard.ts"],"names":[],"mappings":"AAaA,MAAM,WAAW,aAAa;IAC5B,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,GAAG,CAAC,EAAE,OAAO,CAAC;CACf;AAED;;;;;GAKG;AACH,wBAAsB,aAAa,CAAC,IAAI,EAAE,aAAa,GAAG,OAAO,CAAC,IAAI,CAAC,CAwKtE"}
|
|
@@ -1,11 +1,13 @@
|
|
|
1
|
-
import { resolve } from 'path';
|
|
1
|
+
import { resolve, basename } from 'path';
|
|
2
2
|
import inquirer from 'inquirer';
|
|
3
3
|
import chalk from 'chalk';
|
|
4
4
|
import ora from 'ora';
|
|
5
|
-
import {
|
|
5
|
+
import { getApiUrl, getJwt } from '../lib/config.js';
|
|
6
6
|
import { detectRepo } from '../lib/wizard/detect.js';
|
|
7
7
|
import { INTEGRATION_PLAYBOOK, buildInitialPrompt } from '../lib/wizard/playbook.js';
|
|
8
8
|
import { runIntegrationAgent } from '../lib/wizard/agent.js';
|
|
9
|
+
import { ensureOnboarded } from '../lib/wizard/onboard.js';
|
|
10
|
+
import { writeAgentcardEnv } from '../lib/wizard/secrets.js';
|
|
9
11
|
const MODEL = 'claude-opus-4-8';
|
|
10
12
|
/**
|
|
11
13
|
* `agent-cards-admin wizard` — runs an AI agent (the Claude Agent SDK, on OUR
|
|
@@ -14,24 +16,22 @@ const MODEL = 'claude-opus-4-8';
|
|
|
14
16
|
* real card issues in SANDBOX.
|
|
15
17
|
*/
|
|
16
18
|
export async function wizardCommand(opts) {
|
|
17
|
-
await requireAuth();
|
|
18
19
|
const repoRoot = resolve(opts.path ?? process.cwd());
|
|
19
|
-
const
|
|
20
|
-
if (!jwt) {
|
|
21
|
-
console.log(chalk.red('Not logged in. Run: agent-cards-admin login'));
|
|
22
|
-
process.exit(1);
|
|
23
|
-
}
|
|
20
|
+
const appName = basename(repoRoot);
|
|
24
21
|
console.log();
|
|
25
22
|
console.log(chalk.bold('Agentcard integration wizard'));
|
|
26
|
-
console.log(chalk.dim('
|
|
27
|
-
|
|
28
|
-
// v1 always verifies against sandbox — make sure we're in sandbox mode.
|
|
29
|
-
if (getMode() !== 'sandbox') {
|
|
30
|
-
console.log(chalk.yellow('This wizard runs against SANDBOX. Switching mode to sandbox for this run.'));
|
|
31
|
-
setMode('sandbox');
|
|
32
|
-
}
|
|
33
|
-
// Detect the repo and show the partner what we found before they consent.
|
|
23
|
+
console.log(chalk.dim('Sets up your Agentcard account + credentials, then implements Connect with Agentcard (OAuth 2.1 + PKCE) + per-user cards via MCP.'));
|
|
24
|
+
// Detect the repo up front (also gives us the app name for provisioning).
|
|
34
25
|
const detection = detectRepo(repoRoot);
|
|
26
|
+
// Phase 1 — Onboard: account → org → confidential OAuth client → sandbox key.
|
|
27
|
+
// ensureOnboarded runs the signup/login flow first if there's no session yet.
|
|
28
|
+
const prov = await ensureOnboarded(appName);
|
|
29
|
+
console.log();
|
|
30
|
+
console.log(chalk.green('✓ Provisioned in sandbox.'));
|
|
31
|
+
console.log(chalk.dim(` org ${prov.orgName} · client ${prov.clientId} · key ${prov.apiKeyPrefix} · callback ${prov.redirectUri}`));
|
|
32
|
+
console.log();
|
|
33
|
+
// Phase 2 — Integrate. Show the repo + consent before writing ANY files (the env
|
|
34
|
+
// write below mutates the repo, so it must be gated by this consent too).
|
|
35
35
|
console.log(chalk.bold('Target repo: ') + repoRoot);
|
|
36
36
|
console.log(detection.summary);
|
|
37
37
|
console.log();
|
|
@@ -40,15 +40,28 @@ export async function wizardCommand(opts) {
|
|
|
40
40
|
{
|
|
41
41
|
type: 'confirm',
|
|
42
42
|
name: 'proceed',
|
|
43
|
-
message: chalk.yellow(`An AI agent will READ and MODIFY files in ${repoRoot} to add the Agentcard integration. Continue?`),
|
|
43
|
+
message: chalk.yellow(`An AI agent will READ and MODIFY files in ${repoRoot} to add the Agentcard integration (and write your AGENTCARD_* secrets to a local env file). Continue?`),
|
|
44
44
|
default: false,
|
|
45
45
|
},
|
|
46
46
|
]);
|
|
47
47
|
if (!proceed) {
|
|
48
|
-
console.log(chalk.dim('Aborted.
|
|
48
|
+
console.log(chalk.dim('Aborted. Credentials were provisioned in your Agentcard org, but no files in the repo were modified.'));
|
|
49
49
|
return;
|
|
50
50
|
}
|
|
51
51
|
}
|
|
52
|
+
const jwt = getJwt(); // ensureOnboarded guarantees a session
|
|
53
|
+
// Secret-vault: now that the user has consented to repo changes, write the
|
|
54
|
+
// provisioned credentials into the app's env so the agent never sees the secrets
|
|
55
|
+
// (its code reads process.env). Non-secret values may go in the prompt;
|
|
56
|
+
// AGENTCARD_OAUTH_CLIENT_SECRET / AGENTCARD_API_KEY never do.
|
|
57
|
+
const envFile = writeAgentcardEnv(repoRoot, {
|
|
58
|
+
AGENTCARD_API_URL: 'https://mcp.agentcard.sh',
|
|
59
|
+
AGENTCARD_PUBLIC_URL: prov.appBaseUrl,
|
|
60
|
+
AGENTCARD_OAUTH_CLIENT_ID: prov.clientId,
|
|
61
|
+
...(prov.clientSecret ? { AGENTCARD_OAUTH_CLIENT_SECRET: prov.clientSecret } : {}),
|
|
62
|
+
AGENTCARD_API_KEY: prov.apiKey,
|
|
63
|
+
});
|
|
64
|
+
console.log(chalk.green(`✓ Secrets written to ${chalk.bold(envFile)} (kept out of the AI prompt).`));
|
|
52
65
|
const gatewayUrl = `${getApiUrl()}/wizard`;
|
|
53
66
|
console.log();
|
|
54
67
|
console.log(chalk.dim(`Running the integration agent (on Agentcard's tokens via ${gatewayUrl}).`));
|
|
@@ -109,7 +122,11 @@ export async function wizardCommand(opts) {
|
|
|
109
122
|
jwt,
|
|
110
123
|
model: MODEL,
|
|
111
124
|
systemPromptAppend: INTEGRATION_PLAYBOOK,
|
|
112
|
-
initialPrompt: buildInitialPrompt(detection.summary
|
|
125
|
+
initialPrompt: buildInitialPrompt(detection.summary, {
|
|
126
|
+
clientId: prov.clientId,
|
|
127
|
+
redirectUri: prov.redirectUri,
|
|
128
|
+
envFile,
|
|
129
|
+
}),
|
|
113
130
|
onText: (text) => {
|
|
114
131
|
const t = text.trim();
|
|
115
132
|
if (t)
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"wizard.js","sourceRoot":"","sources":["../../../src/commands/wizard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,MAAM,MAAM,CAAC;
|
|
1
|
+
{"version":3,"file":"wizard.js","sourceRoot":"","sources":["../../../src/commands/wizard.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,MAAM,CAAC;AACzC,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,EAAE,SAAS,EAAE,MAAM,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,EAAE,UAAU,EAAE,MAAM,yBAAyB,CAAC;AACrD,OAAO,EAAE,oBAAoB,EAAE,kBAAkB,EAAE,MAAM,2BAA2B,CAAC;AACrF,OAAO,EAAE,mBAAmB,EAAE,MAAM,wBAAwB,CAAC;AAC7D,OAAO,EAAE,eAAe,EAAE,MAAM,0BAA0B,CAAC;AAC3D,OAAO,EAAE,iBAAiB,EAAE,MAAM,0BAA0B,CAAC;AAE7D,MAAM,KAAK,GAAG,iBAAiB,CAAC;AAOhC;;;;;GAKG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,IAAmB;IACrD,MAAM,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAEnC,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,GAAG,CAAC,mIAAmI,CAAC,CAC/I,CAAC;IAEF,0EAA0E;IAC1E,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IAEvC,8EAA8E;IAC9E,8EAA8E;IAC9E,MAAM,IAAI,GAAG,MAAM,eAAe,CAAC,OAAO,CAAC,CAAC;IAC5C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,2BAA2B,CAAC,CAAC,CAAC;IACtD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,OAAO,aAAa,IAAI,CAAC,QAAQ,UAAU,IAAI,CAAC,YAAY,eAAe,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;IACpI,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,iFAAiF;IACjF,0EAA0E;IAC1E,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAC/B,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;QACd,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACxC;gBACE,IAAI,EAAE,SAAS;gBACf,IAAI,EAAE,SAAS;gBACf,OAAO,EAAE,KAAK,CAAC,MAAM,CACnB,6CAA6C,QAAQ,uGAAuG,CAC7J;gBACD,OAAO,EAAE,KAAK;aACf;SACF,CAAC,CAAC;QACH,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sGAAsG,CAAC,CAAC,CAAC;YAC/H,OAAO;QACT,CAAC;IACH,CAAC;IAED,MAAM,GAAG,GAAG,MAAM,EAAG,CAAC,CAAC,uCAAuC;IAE9D,2EAA2E;IAC3E,iFAAiF;IACjF,wEAAwE;IACxE,8DAA8D;IAC9D,MAAM,OAAO,GAAG,iBAAiB,CAAC,QAAQ,EAAE;QAC1C,iBAAiB,EAAE,0BAA0B;QAC7C,oBAAoB,EAAE,IAAI,CAAC,UAAU;QACrC,yBAAyB,EAAE,IAAI,CAAC,QAAQ;QACxC,GAAG,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC,CAAC,EAAE,6BAA6B,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QAClF,iBAAiB,EAAE,IAAI,CAAC,MAAM;KAC/B,CAAC,CAAC;IACH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,wBAAwB,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,+BAA+B,CAAC,CAAC,CAAC;IAErG,MAAM,UAAU,GAAG,GAAG,SAAS,EAAE,SAAS,CAAC;IAC3C,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,4DAA4D,UAAU,IAAI,CAAC,CAAC,CAAC;IACnG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAC,CAAC;IAClH,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,gEAAgE,CAAC,CAAC,CAAC;IACtI,OAAO,CAAC,GAAG,EAAE,CAAC;IAEd,+EAA+E;IAC/E,+EAA+E;IAC/E,2EAA2E;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAC7B,MAAM,OAAO,GAAG,GAAG,EAAE;QACnB,MAAM,CAAC,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,SAAS,CAAC,GAAG,IAAI,CAAC,CAAC;QACtD,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,CAAC,IAAI,MAAM,CAAC,CAAC,GAAG,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,EAAE,CAAC;IACpE,CAAC,CAAC;IACF,IAAI,MAAM,GAAG,aAAa,CAAC;IAC3B,IAAI,OAAO,GAAG,KAAK,CAAC;IACpB,MAAM,OAAO,GAAG,GAAG,CAAC,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,CAAC,KAAK,EAAE,CAAC;IAC9C,MAAM,MAAM,GAAG,WAAW,CAAC,GAAG,EAAE;QAC9B,OAAO,CAAC,IAAI,GAAG,GAAG,MAAM,IAAI,KAAK,CAAC,GAAG,CAAC,IAAI,OAAO,EAAE,GAAG,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;IACtG,CAAC,EAAE,IAAI,CAAC,CAAC;IACT,sDAAsD;IACtD,MAAM,GAAG,GAAG,CAAC,IAAY,EAAE,EAAE;QAC3B,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,CAAC;QAClB,OAAO,CAAC,KAAK,EAAE,CAAC;IAClB,CAAC,CAAC;IACF,4EAA4E;IAC5E,MAAM,UAAU,GAAG,CAAC,IAAY,EAAE,EAAE;QAClC,IAAI,CAAC,IAAI;YAAE,OAAO;QAClB,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC;IAEF,2EAA2E;IAC3E,kFAAkF;IAClF,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC;IAC5B,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,IAAI,OAAO,KAAK,CAAC,UAAU,KAAK,UAAU,CAAC;IAClF,MAAM,KAAK,GAAG,CAAC,CAAS,EAAE,EAAE;QAC1B,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACf,OAAO,GAAG,CAAC,OAAO,CAAC;YACnB,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,mBAAmB,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,WAAW,CAAC,CAAC,CAAC;QAC1E,CAAC;aAAM,IAAI,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC;YACtB,OAAO,CAAC,IAAI,EAAE,CAAC;YACf,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC,CAAC;YAC9C,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QACpB,CAAC;IACH,CAAC,CAAC;IACF,IAAI,UAAU,EAAE,CAAC;QACf,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,CAAC;QACvB,KAAK,CAAC,MAAM,EAAE,CAAC;QACf,KAAK,CAAC,EAAE,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;IAC1B,CAAC;IAED,IAAI,MAAM,CAAC;IACX,IAAI,CAAC;QACH,MAAM,GAAG,MAAM,mBAAmB,CAAC;YACjC,QAAQ;YACR,UAAU;YACV,GAAG;YACH,KAAK,EAAE,KAAK;YACZ,kBAAkB,EAAE,oBAAoB;YACxC,aAAa,EAAE,kBAAkB,CAAC,SAAS,CAAC,OAAO,EAAE;gBACnD,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,WAAW,EAAE,IAAI,CAAC,WAAW;gBAC7B,OAAO;aACR,CAAC;YACF,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;gBACf,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;gBACtB,IAAI,CAAC;oBAAE,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;gBAC3B,MAAM,GAAG,UAAU,CAAC;YACtB,CAAC;YACD,WAAW,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,MAAM,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,IAAI,IAAI,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;gBAC1D,GAAG,CAAC,GAAG,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,OAAO,CAAC,CAAC,CAAC,GAAG,GAAG,KAAK,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACxF,IAAI,OAAO;oBAAE,UAAU,CAAC,MAAM,CAAC,CAAC;YAClC,CAAC;YACD,SAAS,EAAE,CAAC,IAAI,EAAE,OAAO,EAAE,UAAU,EAAE,EAAE;gBACvC,IAAI,OAAO;oBAAE,GAAG,CAAC,GAAG,KAAK,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,KAAK,CAAC,GAAG,CAAC,GAAG,IAAI,SAAS,CAAC,EAAE,CAAC,CAAC;gBACrE,IAAI,OAAO,IAAI,UAAU;oBAAE,UAAU,CAAC,UAAU,CAAC,CAAC;gBAClD,MAAM,GAAG,UAAU,CAAC;YACtB,CAAC;SACF,CAAC,CAAC;IACL,CAAC;YAAS,CAAC;QACT,aAAa,CAAC,MAAM,CAAC,CAAC;QACtB,OAAO,CAAC,IAAI,EAAE,CAAC;QACf,IAAI,UAAU,EAAE,CAAC;YACf,KAAK,CAAC,GAAG,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;YACzB,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC;YACxB,KAAK,CAAC,KAAK,EAAE,CAAC;QAChB,CAAC;IACH,CAAC;IAED,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS,EAAE,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,+BAA+B,CAAC,CAAC,CAAC;IAC5D,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,4CAA4C,CAAC,CAAC,CAAC;IACvE,CAAC;IACD,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,OAAO,CAAC,GAAG,EAAE,CAAC;QACd,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAChC,CAAC;IACD,IAAI,OAAO,MAAM,CAAC,QAAQ,KAAK,QAAQ,EAAE,CAAC;QACxC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,QAAQ,SAAS,CAAC,CAAC,CAAC;IACzD,CAAC;IACD,OAAO,CAAC,GAAG,EAAE,CAAC;IACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yFAAyF,CAAC,CAAC,CAAC;IAElH,IAAI,MAAM,CAAC,OAAO,KAAK,SAAS;QAAE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AACpD,CAAC"}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Wizard onboarding (Phase 1) — provisions everything the integration needs on a
|
|
3
|
+
* user's FIRST interaction with the Agentcard admin tool, then hands the credentials
|
|
4
|
+
* to the integration (Phase 2). Idempotent where it can be: reuses the user's org;
|
|
5
|
+
* always mints a fresh confidential OAuth client (the client_secret is shown once and
|
|
6
|
+
* can't be re-fetched, so we can't "reuse" one) + a sandbox API key.
|
|
7
|
+
*
|
|
8
|
+
* Everything is provisioned in SANDBOX. The client_secret + api key it returns are
|
|
9
|
+
* written to the app's .env by the caller and never put in the LLM prompt.
|
|
10
|
+
*/
|
|
11
|
+
export interface Provisioning {
|
|
12
|
+
orgId: string;
|
|
13
|
+
orgName: string;
|
|
14
|
+
appBaseUrl: string;
|
|
15
|
+
redirectUri: string;
|
|
16
|
+
clientId: string;
|
|
17
|
+
clientSecret?: string;
|
|
18
|
+
apiKey: string;
|
|
19
|
+
apiKeyPrefix: string;
|
|
20
|
+
}
|
|
21
|
+
/** The fixed callback path the integration implements; the OAuth client is registered with it. */
|
|
22
|
+
export declare const CALLBACK_PATH = "/api/agentcard/callback";
|
|
23
|
+
export declare function ensureOnboarded(appName: string): Promise<Provisioning>;
|
|
24
|
+
//# sourceMappingURL=onboard.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"onboard.d.ts","sourceRoot":"","sources":["../../../../src/lib/wizard/onboard.ts"],"names":[],"mappings":"AAOA;;;;;;;;;GASG;AACH,MAAM,WAAW,YAAY;IAC3B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,WAAW,EAAE,MAAM,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,MAAM,EAAE,MAAM,CAAC;IACf,YAAY,EAAE,MAAM,CAAC;CACtB;AAoBD,kGAAkG;AAClG,eAAO,MAAM,aAAa,4BAA4B,CAAC;AAEvD,wBAAsB,eAAe,CAAC,OAAO,EAAE,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAuG5E"}
|
|
@@ -0,0 +1,113 @@
|
|
|
1
|
+
import inquirer from 'inquirer';
|
|
2
|
+
import ora from 'ora';
|
|
3
|
+
import chalk from 'chalk';
|
|
4
|
+
import { api } from '../api.js';
|
|
5
|
+
import { getJwt, getEmail, setMode, getApiUrl, clearAuth } from '../config.js';
|
|
6
|
+
import { login } from '../../commands/login.js';
|
|
7
|
+
/** The fixed callback path the integration implements; the OAuth client is registered with it. */
|
|
8
|
+
export const CALLBACK_PATH = '/api/agentcard/callback';
|
|
9
|
+
export async function ensureOnboarded(appName) {
|
|
10
|
+
// --- Step 1: account (signup / login) ---
|
|
11
|
+
// Validate any stored session first. Gate on a validity FLAG, not on getJwt() being
|
|
12
|
+
// falsy: a bare getJwt() can't tell a fresh token from an expired one, and a stale
|
|
13
|
+
// token exported via AGENT_CARDS_ADMIN_JWT can't be cleared (clearAuth only deletes
|
|
14
|
+
// the config-file token). When invalid we always run login(), which writes a fresh
|
|
15
|
+
// config token that takes precedence over the env var in getJwt().
|
|
16
|
+
let sessionValid = false;
|
|
17
|
+
const stored = getJwt();
|
|
18
|
+
if (stored) {
|
|
19
|
+
try {
|
|
20
|
+
const res = await fetch(`${getApiUrl()}/auth/me`, {
|
|
21
|
+
headers: { Authorization: `Bearer ${stored}` },
|
|
22
|
+
signal: AbortSignal.timeout(5_000),
|
|
23
|
+
});
|
|
24
|
+
if (res.status === 401 || res.status === 403) {
|
|
25
|
+
clearAuth();
|
|
26
|
+
}
|
|
27
|
+
else {
|
|
28
|
+
sessionValid = true; // usable (or a transient non-auth error the real call will surface)
|
|
29
|
+
}
|
|
30
|
+
}
|
|
31
|
+
catch {
|
|
32
|
+
sessionValid = true; // network blip — keep the token; the real call surfaces issues
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
if (!sessionValid) {
|
|
36
|
+
console.log(chalk.bold('\nStep 1 · Sign in to Agentcard'));
|
|
37
|
+
console.log(chalk.dim('First time? This creates your account via a magic link.'));
|
|
38
|
+
await login();
|
|
39
|
+
if (!getJwt()) {
|
|
40
|
+
console.log(chalk.red('Sign-in did not complete. Run the wizard again once you have clicked the magic link.'));
|
|
41
|
+
process.exit(1);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
else {
|
|
45
|
+
console.log(chalk.dim(`\nStep 1 · Signed in as ${getEmail() ?? 'your account'}.`));
|
|
46
|
+
}
|
|
47
|
+
// Everything below is provisioned in sandbox.
|
|
48
|
+
setMode('sandbox');
|
|
49
|
+
// --- Step 2: organization (reuse or create) ---
|
|
50
|
+
const { organizations } = await api('/orgs');
|
|
51
|
+
let org = organizations[0];
|
|
52
|
+
if (organizations.length > 1) {
|
|
53
|
+
const { picked } = await inquirer.prompt([
|
|
54
|
+
{
|
|
55
|
+
type: 'list',
|
|
56
|
+
name: 'picked',
|
|
57
|
+
message: 'Step 2 · Which organization is this app for?',
|
|
58
|
+
choices: organizations.map((o) => ({ name: `${o.name}${o.billingEmail ? ` (${o.billingEmail})` : ''}`, value: o.id })),
|
|
59
|
+
},
|
|
60
|
+
]);
|
|
61
|
+
org = organizations.find((o) => o.id === picked);
|
|
62
|
+
}
|
|
63
|
+
else if (!org) {
|
|
64
|
+
console.log(chalk.bold('\nStep 2 · Create your organization'));
|
|
65
|
+
const { name } = await inquirer.prompt([
|
|
66
|
+
{ type: 'input', name: 'name', message: 'Organization name:', default: appName, validate: (v) => v.trim().length > 0 || 'Required' },
|
|
67
|
+
]);
|
|
68
|
+
const spinner = ora('Creating organization…').start();
|
|
69
|
+
org = await api('/orgs', { method: 'POST', body: { name: name.trim(), billingEmail: getEmail() } });
|
|
70
|
+
spinner.succeed(chalk.green(`Organization "${org.name}" created`));
|
|
71
|
+
}
|
|
72
|
+
else {
|
|
73
|
+
console.log(chalk.dim(`Step 2 · Using organization "${org.name}".`));
|
|
74
|
+
}
|
|
75
|
+
// --- Step 3: OAuth client (confidential) ---
|
|
76
|
+
console.log(chalk.bold('\nStep 3 · Register a Connect-with-Agentcard client'));
|
|
77
|
+
const { appBaseUrl } = await inquirer.prompt([
|
|
78
|
+
{
|
|
79
|
+
type: 'input',
|
|
80
|
+
name: 'appBaseUrl',
|
|
81
|
+
message: `Your app's base URL (used for the OAuth callback ${CALLBACK_PATH}):`,
|
|
82
|
+
default: 'http://localhost:3000',
|
|
83
|
+
validate: (v) => /^https?:\/\/.+/.test(v.trim()) || 'Enter a URL like http://localhost:3000',
|
|
84
|
+
},
|
|
85
|
+
]);
|
|
86
|
+
const base = String(appBaseUrl).trim().replace(/\/+$/, '');
|
|
87
|
+
const redirectUri = `${base}${CALLBACK_PATH}`;
|
|
88
|
+
const spinner3 = ora('Creating confidential OAuth client…').start();
|
|
89
|
+
const client = await api(`/orgs/${org.id}/oauth-clients`, {
|
|
90
|
+
method: 'POST',
|
|
91
|
+
body: { name: `${appName} (wizard)`, redirectUris: [redirectUri], public: false },
|
|
92
|
+
});
|
|
93
|
+
spinner3.succeed(chalk.green(`OAuth client created (${client.clientId})`));
|
|
94
|
+
// --- Step 4: sandbox API key ---
|
|
95
|
+
console.log(chalk.bold('\nStep 4 · Create a sandbox API key'));
|
|
96
|
+
const spinner4 = ora('Creating sandbox API key…').start();
|
|
97
|
+
const key = await api(`/orgs/${org.id}/keys`, {
|
|
98
|
+
method: 'POST',
|
|
99
|
+
body: { name: `${appName} wizard key`, mode: 'sandbox' },
|
|
100
|
+
});
|
|
101
|
+
spinner4.succeed(chalk.green(`Sandbox API key created (${key.keyPrefix})`));
|
|
102
|
+
return {
|
|
103
|
+
orgId: org.id,
|
|
104
|
+
orgName: org.name,
|
|
105
|
+
appBaseUrl: base,
|
|
106
|
+
redirectUri,
|
|
107
|
+
clientId: client.clientId,
|
|
108
|
+
clientSecret: client.clientSecret,
|
|
109
|
+
apiKey: key.key,
|
|
110
|
+
apiKeyPrefix: key.keyPrefix,
|
|
111
|
+
};
|
|
112
|
+
}
|
|
113
|
+
//# sourceMappingURL=onboard.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"onboard.js","sourceRoot":"","sources":["../../../../src/lib/wizard/onboard.ts"],"names":[],"mappings":"AAAA,OAAO,QAAQ,MAAM,UAAU,CAAC;AAChC,OAAO,GAAG,MAAM,KAAK,CAAC;AACtB,OAAO,KAAK,MAAM,OAAO,CAAC;AAC1B,OAAO,EAAE,GAAG,EAAE,MAAM,WAAW,CAAC;AAChC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,MAAM,cAAc,CAAC;AAC/E,OAAO,EAAE,KAAK,EAAE,MAAM,yBAAyB,CAAC;AAyChD,kGAAkG;AAClG,MAAM,CAAC,MAAM,aAAa,GAAG,yBAAyB,CAAC;AAEvD,MAAM,CAAC,KAAK,UAAU,eAAe,CAAC,OAAe;IACnD,2CAA2C;IAC3C,oFAAoF;IACpF,mFAAmF;IACnF,oFAAoF;IACpF,mFAAmF;IACnF,mEAAmE;IACnE,IAAI,YAAY,GAAG,KAAK,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,EAAE,CAAC;IACxB,IAAI,MAAM,EAAE,CAAC;QACX,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,GAAG,SAAS,EAAE,UAAU,EAAE;gBAChD,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,MAAM,EAAE,EAAE;gBAC9C,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,KAAK,CAAC;aACnC,CAAC,CAAC;YACH,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,IAAI,GAAG,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC7C,SAAS,EAAE,CAAC;YACd,CAAC;iBAAM,CAAC;gBACN,YAAY,GAAG,IAAI,CAAC,CAAC,oEAAoE;YAC3F,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,YAAY,GAAG,IAAI,CAAC,CAAC,+DAA+D;QACtF,CAAC;IACH,CAAC;IACD,IAAI,CAAC,YAAY,EAAE,CAAC;QAClB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,iCAAiC,CAAC,CAAC,CAAC;QAC3D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,yDAAyD,CAAC,CAAC,CAAC;QAClF,MAAM,KAAK,EAAE,CAAC;QACd,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACd,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,sFAAsF,CAAC,CAAC,CAAC;YAC/G,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,2BAA2B,QAAQ,EAAE,IAAI,cAAc,GAAG,CAAC,CAAC,CAAC;IACrF,CAAC;IAED,8CAA8C;IAC9C,OAAO,CAAC,SAAS,CAAC,CAAC;IAEnB,iDAAiD;IACjD,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,GAAG,CAA2B,OAAO,CAAC,CAAC;IACvE,IAAI,GAAG,GAAG,aAAa,CAAC,CAAC,CAAC,CAAC;IAC3B,IAAI,aAAa,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC7B,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACvC;gBACE,IAAI,EAAE,MAAM;gBACZ,IAAI,EAAE,QAAQ;gBACd,OAAO,EAAE,8CAA8C;gBACvD,OAAO,EAAE,aAAa,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,EAAE,IAAI,EAAE,GAAG,CAAC,CAAC,IAAI,GAAG,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,YAAY,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;aACvH;SACF,CAAC,CAAC;QACH,GAAG,GAAG,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,KAAK,MAAM,CAAE,CAAC;IACpD,CAAC;SAAM,IAAI,CAAC,GAAG,EAAE,CAAC;QAChB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;QAC/D,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;YACrC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,oBAAoB,EAAE,OAAO,EAAE,OAAO,EAAE,QAAQ,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,EAAE;SAC7I,CAAC,CAAC;QACH,MAAM,OAAO,GAAG,GAAG,CAAC,wBAAwB,CAAC,CAAC,KAAK,EAAE,CAAC;QACtD,GAAG,GAAG,MAAM,GAAG,CAAM,OAAO,EAAE,EAAE,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,YAAY,EAAE,QAAQ,EAAE,EAAE,EAAE,CAAC,CAAC;QACzG,OAAO,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,iBAAiB,GAAG,CAAC,IAAI,WAAW,CAAC,CAAC,CAAC;IACrE,CAAC;SAAM,CAAC;QACN,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,GAAG,CAAC,gCAAgC,GAAG,CAAC,IAAI,IAAI,CAAC,CAAC,CAAC;IACvE,CAAC;IAED,8CAA8C;IAC9C,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qDAAqD,CAAC,CAAC,CAAC;IAC/E,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,QAAQ,CAAC,MAAM,CAAC;QAC3C;YACE,IAAI,EAAE,OAAO;YACb,IAAI,EAAE,YAAY;YAClB,OAAO,EAAE,oDAAoD,aAAa,IAAI;YAC9E,OAAO,EAAE,uBAAuB;YAChC,QAAQ,EAAE,CAAC,CAAS,EAAE,EAAE,CAAC,gBAAgB,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC,IAAI,wCAAwC;SACrG;KACF,CAAC,CAAC;IACH,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,CAAC,IAAI,EAAE,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAC3D,MAAM,WAAW,GAAG,GAAG,IAAI,GAAG,aAAa,EAAE,CAAC;IAC9C,MAAM,QAAQ,GAAG,GAAG,CAAC,qCAAqC,CAAC,CAAC,KAAK,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,MAAM,GAAG,CAAc,SAAS,GAAG,CAAC,EAAE,gBAAgB,EAAE;QACrE,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,OAAO,WAAW,EAAE,YAAY,EAAE,CAAC,WAAW,CAAC,EAAE,MAAM,EAAE,KAAK,EAAE;KAClF,CAAC,CAAC;IACH,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,yBAAyB,MAAM,CAAC,QAAQ,GAAG,CAAC,CAAC,CAAC;IAE3E,kCAAkC;IAClC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,qCAAqC,CAAC,CAAC,CAAC;IAC/D,MAAM,QAAQ,GAAG,GAAG,CAAC,2BAA2B,CAAC,CAAC,KAAK,EAAE,CAAC;IAC1D,MAAM,GAAG,GAAG,MAAM,GAAG,CAAoB,SAAS,GAAG,CAAC,EAAE,OAAO,EAAE;QAC/D,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,EAAE,IAAI,EAAE,GAAG,OAAO,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE;KACzD,CAAC,CAAC;IACH,QAAQ,CAAC,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,4BAA4B,GAAG,CAAC,SAAS,GAAG,CAAC,CAAC,CAAC;IAE5E,OAAO;QACL,KAAK,EAAE,GAAG,CAAC,EAAE;QACb,OAAO,EAAE,GAAG,CAAC,IAAI;QACjB,UAAU,EAAE,IAAI;QAChB,WAAW;QACX,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,YAAY,EAAE,MAAM,CAAC,YAAY;QACjC,MAAM,EAAE,GAAG,CAAC,GAAG;QACf,YAAY,EAAE,GAAG,CAAC,SAAS;KAC5B,CAAC;AACJ,CAAC"}
|
|
@@ -14,5 +14,12 @@
|
|
|
14
14
|
*/
|
|
15
15
|
export declare const INTEGRATION_PLAYBOOK: string;
|
|
16
16
|
/** The initial user turn that kicks the agent off inside the partner's repo. */
|
|
17
|
-
|
|
17
|
+
/** Details of a confidential OAuth client the wizard already provisioned + pinned to env. */
|
|
18
|
+
export interface PinnedClient {
|
|
19
|
+
clientId: string;
|
|
20
|
+
redirectUri: string;
|
|
21
|
+
/** The env file the wizard wrote the secrets to (AGENTCARD_* are already set there). */
|
|
22
|
+
envFile: string;
|
|
23
|
+
}
|
|
24
|
+
export declare function buildInitialPrompt(detection: string, pinned?: PinnedClient): string;
|
|
18
25
|
//# sourceMappingURL=playbook.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"playbook.d.ts","sourceRoot":"","sources":["../../../../src/lib/wizard/playbook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,QA6HzB,CAAC;AAET,gFAAgF;AAChF,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,GAAG,MAAM,
|
|
1
|
+
{"version":3,"file":"playbook.d.ts","sourceRoot":"","sources":["../../../../src/lib/wizard/playbook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,eAAO,MAAM,oBAAoB,QA6HzB,CAAC;AAET,gFAAgF;AAChF,6FAA6F;AAC7F,MAAM,WAAW,YAAY;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,wFAAwF;IACxF,OAAO,EAAE,MAAM,CAAC;CACjB;AAED,wBAAgB,kBAAkB,CAAC,SAAS,EAAE,MAAM,EAAE,MAAM,CAAC,EAAE,YAAY,GAAG,MAAM,CA+BnF"}
|
|
@@ -138,9 +138,8 @@ When you finish, end your final message with a short summary that begins with
|
|
|
138
138
|
"INTEGRATION COMPLETE:" (or "INTEGRATION BLOCKED:" with the reason if you could
|
|
139
139
|
not proceed), then list the files you created or changed.
|
|
140
140
|
`.trim();
|
|
141
|
-
|
|
142
|
-
|
|
143
|
-
return [
|
|
141
|
+
export function buildInitialPrompt(detection, pinned) {
|
|
142
|
+
const lines = [
|
|
144
143
|
"Integrate Agentcard (the OAuth 2.1 + PKCE + MCP company integration described in",
|
|
145
144
|
"your system prompt) into this repository. Your working directory IS the repo root;",
|
|
146
145
|
"all file paths are relative to it. Use bash/grep to explore and the editor to make",
|
|
@@ -148,9 +147,11 @@ export function buildInitialPrompt(detection) {
|
|
|
148
147
|
'',
|
|
149
148
|
'What the wizard already detected about this repo:',
|
|
150
149
|
detection,
|
|
151
|
-
|
|
152
|
-
|
|
153
|
-
'OAuth
|
|
154
|
-
|
|
150
|
+
];
|
|
151
|
+
if (pinned) {
|
|
152
|
+
lines.push('', 'IMPORTANT — a CONFIDENTIAL OAuth client is ALREADY provisioned for this app. Do', 'NOT register a new client (no DCR). Use the pinned credentials, which the wizard', `has ALREADY written to ${pinned.envFile}:`, ' AGENTCARD_OAUTH_CLIENT_ID, AGENTCARD_OAUTH_CLIENT_SECRET, AGENTCARD_API_KEY,', ' AGENTCARD_PUBLIC_URL.', `The client_id is ${pinned.clientId} and its registered redirect_uri is`, `${pinned.redirectUri} — so implement the OAuth callback at EXACTLY that path`, `(${pinned.redirectUri.replace(/^https?:\/\/[^/]+/, '')}). Read every secret from`, 'process.env — NEVER hardcode or log AGENTCARD_OAUTH_CLIENT_SECRET / AGENTCARD_API_KEY.', 'Confidential client: send client_secret on BOTH the token exchange and refresh.');
|
|
153
|
+
}
|
|
154
|
+
lines.push('', 'Start with Step 0 (discovery) and Step 1/1b (scope the repo + mirror existing', 'OAuth/MCP patterns), then proceed through the playbook. Verify against SANDBOX.');
|
|
155
|
+
return lines.join('\n');
|
|
155
156
|
}
|
|
156
157
|
//# sourceMappingURL=playbook.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"playbook.js","sourceRoot":"","sources":["../../../../src/lib/wizard/playbook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6HnC,CAAC,IAAI,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"playbook.js","sourceRoot":"","sources":["../../../../src/lib/wizard/playbook.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AACH,MAAM,CAAC,MAAM,oBAAoB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;CA6HnC,CAAC,IAAI,EAAE,CAAC;AAWT,MAAM,UAAU,kBAAkB,CAAC,SAAiB,EAAE,MAAqB;IACzE,MAAM,KAAK,GAAG;QACZ,kFAAkF;QAClF,oFAAoF;QACpF,oFAAoF;QACpF,oDAAoD;QACpD,EAAE;QACF,mDAAmD;QACnD,SAAS;KACV,CAAC;IACF,IAAI,MAAM,EAAE,CAAC;QACX,KAAK,CAAC,IAAI,CACR,EAAE,EACF,iFAAiF,EACjF,kFAAkF,EAClF,0BAA0B,MAAM,CAAC,OAAO,GAAG,EAC3C,gFAAgF,EAChF,yBAAyB,EACzB,oBAAoB,MAAM,CAAC,QAAQ,qCAAqC,EACxE,GAAG,MAAM,CAAC,WAAW,yDAAyD,EAC9E,IAAI,MAAM,CAAC,WAAW,CAAC,OAAO,CAAC,mBAAmB,EAAE,EAAE,CAAC,2BAA2B,EAClF,wFAAwF,EACxF,iFAAiF,CAClF,CAAC;IACJ,CAAC;IACD,KAAK,CAAC,IAAI,CACR,EAAE,EACF,+EAA+E,EAC/E,iFAAiF,CAClF,CAAC;IACF,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC"}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Write the provisioned Agentcard credentials into the app's local env file so the
|
|
3
|
+
* agent never sees the secrets — it writes code that reads `process.env.AGENTCARD_*`,
|
|
4
|
+
* and we put the actual `client_secret` / API key here (secret-vault pattern).
|
|
5
|
+
*
|
|
6
|
+
* Picks the env file by the repo's convention: an existing .env.local / .env, else
|
|
7
|
+
* .env.local when a `.env.local.example` is present (Next.js style), else .env.
|
|
8
|
+
* Upserts each key (replaces an existing line, appends otherwise). Returns the file.
|
|
9
|
+
*/
|
|
10
|
+
export declare function writeAgentcardEnv(repoRoot: string, vars: Record<string, string>): string;
|
|
11
|
+
//# sourceMappingURL=secrets.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets.d.ts","sourceRoot":"","sources":["../../../../src/lib/wizard/secrets.ts"],"names":[],"mappings":"AAGA;;;;;;;;GAQG;AACH,wBAAgB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,MAAM,CAgCxF"}
|
|
@@ -0,0 +1,49 @@
|
|
|
1
|
+
import { readFileSync, writeFileSync, existsSync, chmodSync } from 'fs';
|
|
2
|
+
import { join } from 'path';
|
|
3
|
+
/**
|
|
4
|
+
* Write the provisioned Agentcard credentials into the app's local env file so the
|
|
5
|
+
* agent never sees the secrets — it writes code that reads `process.env.AGENTCARD_*`,
|
|
6
|
+
* and we put the actual `client_secret` / API key here (secret-vault pattern).
|
|
7
|
+
*
|
|
8
|
+
* Picks the env file by the repo's convention: an existing .env.local / .env, else
|
|
9
|
+
* .env.local when a `.env.local.example` is present (Next.js style), else .env.
|
|
10
|
+
* Upserts each key (replaces an existing line, appends otherwise). Returns the file.
|
|
11
|
+
*/
|
|
12
|
+
export function writeAgentcardEnv(repoRoot, vars) {
|
|
13
|
+
const pick = () => {
|
|
14
|
+
for (const f of ['.env.local', '.env', '.env.development.local']) {
|
|
15
|
+
if (existsSync(join(repoRoot, f)))
|
|
16
|
+
return f;
|
|
17
|
+
}
|
|
18
|
+
return existsSync(join(repoRoot, '.env.local.example')) ? '.env.local' : '.env';
|
|
19
|
+
};
|
|
20
|
+
const file = pick();
|
|
21
|
+
const path = join(repoRoot, file);
|
|
22
|
+
let content = existsSync(path) ? readFileSync(path, 'utf8') : '';
|
|
23
|
+
if (content && !content.endsWith('\n'))
|
|
24
|
+
content += '\n';
|
|
25
|
+
for (const [k, v] of Object.entries(vars)) {
|
|
26
|
+
if (v == null)
|
|
27
|
+
continue;
|
|
28
|
+
const line = `${k}=${v}`;
|
|
29
|
+
const re = new RegExp(`^${k}=.*$`, 'm');
|
|
30
|
+
if (re.test(content)) {
|
|
31
|
+
content = content.replace(re, line);
|
|
32
|
+
}
|
|
33
|
+
else {
|
|
34
|
+
content += `${line}\n`;
|
|
35
|
+
}
|
|
36
|
+
}
|
|
37
|
+
writeFileSync(path, content, { mode: 0o600 });
|
|
38
|
+
// `mode` on writeFileSync only applies when CREATING the file — an existing env
|
|
39
|
+
// file keeps its (often 0644) perms. We just wrote a client_secret + API key into
|
|
40
|
+
// it, so restrict it explicitly.
|
|
41
|
+
try {
|
|
42
|
+
chmodSync(path, 0o600);
|
|
43
|
+
}
|
|
44
|
+
catch {
|
|
45
|
+
// Best-effort (e.g. unusual filesystems); the secrets are still written.
|
|
46
|
+
}
|
|
47
|
+
return file;
|
|
48
|
+
}
|
|
49
|
+
//# sourceMappingURL=secrets.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"secrets.js","sourceRoot":"","sources":["../../../../src/lib/wizard/secrets.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,YAAY,EAAE,aAAa,EAAE,UAAU,EAAE,SAAS,EAAE,MAAM,IAAI,CAAC;AACxE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B;;;;;;;;GAQG;AACH,MAAM,UAAU,iBAAiB,CAAC,QAAgB,EAAE,IAA4B;IAC9E,MAAM,IAAI,GAAG,GAAW,EAAE;QACxB,KAAK,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,MAAM,EAAE,wBAAwB,CAAC,EAAE,CAAC;YACjE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;gBAAE,OAAO,CAAC,CAAC;QAC9C,CAAC;QACD,OAAO,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,oBAAoB,CAAC,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,MAAM,CAAC;IAClF,CAAC,CAAC;IACF,MAAM,IAAI,GAAG,IAAI,EAAE,CAAC;IACpB,MAAM,IAAI,GAAG,IAAI,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC;IAClC,IAAI,OAAO,GAAG,UAAU,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,YAAY,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IACjE,IAAI,OAAO,IAAI,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,IAAI,IAAI,CAAC;IAExD,KAAK,MAAM,CAAC,CAAC,EAAE,CAAC,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC;QAC1C,IAAI,CAAC,IAAI,IAAI;YAAE,SAAS;QACxB,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;QACzB,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;QACxC,IAAI,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAC;YACrB,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QACtC,CAAC;aAAM,CAAC;YACN,OAAO,IAAI,GAAG,IAAI,IAAI,CAAC;QACzB,CAAC;IACH,CAAC;IACD,aAAa,CAAC,IAAI,EAAE,OAAO,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,CAAC,CAAC;IAC9C,gFAAgF;IAChF,kFAAkF;IAClF,iCAAiC;IACjC,IAAI,CAAC;QACH,SAAS,CAAC,IAAI,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC;IAAC,MAAM,CAAC;QACP,yEAAyE;IAC3E,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC"}
|