agent-sh 0.15.0 → 0.15.2

package/src/cli/args.ts

@@ -0,0 +1,91 @@
+import { PACKAGE_VERSION } from "../utils/package-version.js";
+import type { AppConfig } from "../shell/host-types.js";
+
+const HELP_TEXT = `agent-sh — a shell-first terminal where AI is one keystroke away
+
+Usage: agent-sh [options]
+       agent-sh init [--force]            Scaffold ~/.agent-sh/ (settings, examples, AGENTS.md)
+       agent-sh install <spec> [--force] [--sync-deps] [--dev]
+                                          Install an extension (bundled name, file:, npm:, github:)
+                                          --sync-deps rewrites a stale agent-sh pin to the host version
+                                          --dev links the extension against the running host's core (local development)
+       agent-sh uninstall <name>          Remove an installed extension
+       agent-sh list                      List installed extensions
+       agent-sh auth login [provider]     Store an API key for a built-in provider
+       agent-sh auth logout <provider>    Remove a stored key
+       agent-sh auth list                 Show configured providers
+
+Provider Profiles:
+  --provider <name>   Use a provider from ~/.agent-sh/settings.json
+  --model <name>      Override default model
+
+Direct LLM API:
+  --api-key <key>     API key for OpenAI-compatible provider (or set OPENAI_API_KEY)
+  --base-url <url>    Base URL for API (or set OPENAI_BASE_URL)
+
+General Options:
+  --backend <name>    Agent backend to launch (e.g. ash, pi); overrides settings.defaultBackend for this session
+  --shell <path>      Shell to use (default: $SHELL or /bin/bash)
+  -e, --extensions    Extensions to load (comma-separated, repeatable)
+  -h, --help          Show this help
+  -V, --version       Print version and exit
+
+Environment Variables:
+  OPENAI_API_KEY     API key for LLM provider
+  OPENAI_BASE_URL    Base URL override (e.g., http://localhost:11434/v1 for Ollama)
+
+Examples:
+  # Use a configured provider
+  agent-sh --provider openai
+
+  # Direct API access
+  agent-sh --api-key "$KEY" --model gpt-4o
+
+  # Local model via Ollama
+  agent-sh --base-url http://localhost:11434/v1 --model llama3
+
+Inside the shell:
+  Type normally        Commands run in your real shell
+  > <query>           Ask the AI agent (it decides how to help)
+  > /help             Show available slash commands
+  Ctrl-C              Cancel agent response (or signal shell as usual)
+`;
+
+export function parseArgs(argv: string[], env: NodeJS.ProcessEnv = process.env): AppConfig {
+  let model: string | undefined;
+  let extensions: string[] | undefined;
+  let provider: string | undefined;
+  let backend: string | undefined;
+  let shell = env.SHELL || "/bin/bash";
+
+  let apiKey: string | undefined;
+  let baseURL: string | undefined;
+
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === "--model" && argv[i + 1]) {
+      model = argv[++i]!;
+    } else if (arg === "--api-key" && argv[i + 1]) {
+      apiKey = argv[++i]!;
+    } else if (arg === "--base-url" && argv[i + 1]) {
+      baseURL = argv[++i]!;
+    } else if (arg === "--provider" && argv[i + 1]) {
+      provider = argv[++i]!;
+    } else if (arg === "--backend" && argv[i + 1]) {
+      backend = argv[++i]!;
+    } else if (arg === "--shell" && argv[i + 1]) {
+      shell = argv[++i]!;
+    } else if ((arg === "--extensions" || arg === "-e") && argv[i + 1]) {
+      const exts = argv[++i]!.split(",").map((s) => s.trim());
+      extensions = extensions ? [...extensions, ...exts] : exts;
+    } else if (arg === "--version" || arg === "-V") {
+      console.log(PACKAGE_VERSION);
+      process.exit(0);
+    } else if (arg === "--help" || arg === "-h") {
+      console.log(HELP_TEXT);
+      process.exit(0);
+    }
+  }
+
+  return { shell, model, extensions, apiKey, baseURL, provider, backend };
+}

package/src/cli/auth/cli.ts

@@ -0,0 +1,244 @@
+import * as readline from "node:readline";
+import { palette as p } from "../../utils/palette.js";
+import {
+  KNOWN_PROVIDERS,
+  KEYS_PATH,
+  loadKeysFile,
+  saveKeysFile,
+  resolveApiKey,
+  listAllProvidersWithDiscovery,
+  findProvider as findProviderById,
+  type ProviderAuthInfo,
+} from "./keys.js";
+
+export async function runAuth(args: string[]): Promise<void> {
+  const sub = args[0];
+  if (!sub || sub === "--help" || sub === "-h") {
+    printHelp();
+    return;
+  }
+  if (sub === "login") {
+    await runLogin(args[1]);
+    return;
+  }
+  if (sub === "logout") {
+    runLogout(args[1]);
+    return;
+  }
+  if (sub === "list" || sub === "ls" || sub === "status") {
+    await runList();
+    return;
+  }
+  console.error(`agent-sh auth: unknown subcommand "${sub}"`);
+  printHelp();
+  process.exit(1);
+}
+
+function printHelp(): void {
+  const builtins = KNOWN_PROVIDERS.map((p) => p.id).join(" | ");
+  console.log(
+    `agent-sh auth — manage API keys for providers\n\n` +
+    `Usage:\n` +
+    `  agent-sh auth login [provider]   Store an API key (prompts if omitted)\n` +
+    `  agent-sh auth logout <provider>  Remove a stored key\n` +
+    `  agent-sh auth list               Show configured providers and key sources\n\n` +
+    `Built-in providers: ${builtins}\n` +
+    `Custom providers declared in settings.json are also accepted by id.\n\n` +
+    `Keys are stored in ${KEYS_PATH} (chmod 0600).\n` +
+    `Resolution order: settings.json > keys.json > env var.\n`,
+  );
+}
+
+async function runLogin(providerArg: string | undefined): Promise<void> {
+  let provider: ProviderAuthInfo | null;
+  if (providerArg) {
+    const id = providerArg.toLowerCase();
+    if (!/^[a-z0-9][a-z0-9_\-./:]*$/.test(id)) {
+      console.error(`agent-sh auth: invalid provider id "${providerArg}".`);
+      process.exit(1);
+    }
+    provider = findProviderById(id);
+    if (!provider) {
+      console.error(
+        `${p.warning}Note:${p.reset} no built-in or settings.json provider named "${id}". ` +
+        `Storing the key anyway — it will resolve once an extension or settings.json declares the provider.`,
+      );
+      provider = { id, label: id, unattached: true };
+    }
+  } else {
+    provider = await pickProvider();
+  }
+  if (!provider) process.exit(1);
+
+  const key = await promptSecret(`Enter ${provider.label} API key: `);
+  const trimmed = key.trim();
+  if (!trimmed) {
+    console.error("agent-sh auth: empty key, nothing saved.");
+    process.exit(1);
+  }
+  if (/\s/.test(trimmed)) {
+    console.error("agent-sh auth: key contains whitespace; aborting.");
+    process.exit(1);
+  }
+
+  const keys = { ...loadKeysFile() };
+  keys[provider.id] = trimmed;
+  saveKeysFile(keys);
+
+  const resolved = resolveApiKey(provider.id);
+  console.log(`${p.success}✓${p.reset} Saved ${provider.label} key to ${KEYS_PATH}`);
+  if (resolved.source !== "keys-file") {
+    console.log(
+      `${p.warning}Note:${p.reset} an existing ${sourceLabel(resolved.source, provider)} entry ` +
+      `takes precedence; the stored key is shadowed until you remove it.`,
+    );
+  }
+}
+
+function runLogout(providerArg: string | undefined): void {
+  if (!providerArg) {
+    console.error("Usage: agent-sh auth logout <provider>");
+    process.exit(1);
+  }
+  const id = providerArg.toLowerCase();
+  const keys = { ...loadKeysFile() };
+  if (!(id in keys)) {
+    console.log(`agent-sh auth: no stored key for ${id}.`);
+    return;
+  }
+  delete keys[id];
+  saveKeysFile(keys);
+  console.log(`${p.success}✓${p.reset} Removed ${id} key from ${KEYS_PATH}`);
+}
+
+async function runList(): Promise<void> {
+  const providers = await listAllProvidersWithDiscovery();
+  console.log("Provider key status:\n");
+  const idWidth = Math.max(...providers.map((p) => p.id.length));
+  for (const info of providers) {
+    const resolved = resolveApiKey(info.id);
+    const padded = info.id.padEnd(idWidth);
+    const marker = info.custom
+      ? `  ${p.dim}custom${p.reset}`
+      : info.unattached
+      ? `  ${p.dim}unattached${p.reset}`
+      : "";
+    if (resolved.key) {
+      console.log(`  ${p.success}●${p.reset} ${padded}  ${p.dim}(${sourceLabel(resolved.source, info)})${p.reset}${marker}`);
+    } else if (info.noAuth) {
+      console.log(`  ${p.success}●${p.reset} ${padded}  ${p.dim}(no auth required)${p.reset}${marker}`);
+    } else {
+      console.log(`  ${p.muted}○${p.reset} ${padded}  ${p.dim}(not configured)${p.reset}${marker}`);
+    }
+  }
+  const example = providers[0]!.id;
+  console.log(`\n${p.muted}Login with:${p.reset} agent-sh auth login <id>   ${p.dim}(e.g. agent-sh auth login ${example})${p.reset}`);
+}
+
+async function pickProvider(): Promise<ProviderAuthInfo | null> {
+  if (!process.stdin.isTTY) {
+    console.error("agent-sh auth: no provider specified and stdin is not a TTY.");
+    return null;
+  }
+  const providers = await listAllProvidersWithDiscovery();
+  console.log("Select a provider:");
+  providers.forEach((info, i) => {
+    const resolved = resolveApiKey(info.id);
+    const tag = resolved.key
+      ? `${p.dim}(currently from ${sourceLabel(resolved.source, info)})${p.reset}`
+      : info.noAuth
+      ? `${p.dim}(no auth required)${p.reset}`
+      : `${p.dim}(not configured)${p.reset}`;
+    const labelStr = info.custom
+      ? `${p.dim}custom${p.reset}`
+      : info.unattached
+      ? `${p.dim}unattached${p.reset}`
+      : `${p.dim}${info.label}${p.reset}`;
+    console.log(`  ${i + 1}) ${info.id.padEnd(12)} ${labelStr}  ${tag}`);
+  });
+  const answer = await promptLine("Choice [1]: ");
+  const idx = answer.trim() === "" ? 0 : Number(answer.trim()) - 1;
+  if (!Number.isInteger(idx) || idx < 0 || idx >= providers.length) {
+    console.error("agent-sh auth: invalid selection.");
+    return null;
+  }
+  return providers[idx]!;
+}
+
+function promptLine(question: string): Promise<string> {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer);
+    });
+  });
+}
+
+function promptSecret(question: string): Promise<string> {
+  return new Promise((resolve) => {
+    if (!process.stdin.isTTY) {
+      let buf = "";
+      process.stdin.setEncoding("utf-8");
+      process.stdin.on("data", (chunk: string) => {
+        buf += chunk;
+        const nl = buf.indexOf("\n");
+        if (nl >= 0) {
+          process.stdin.pause();
+          resolve(buf.slice(0, nl).replace(/\r$/, ""));
+        }
+      });
+      return;
+    }
+
+    const stdin = process.stdin;
+    const stdout = process.stdout;
+    const wasRaw = stdin.isRaw;
+    stdout.write(question);
+    stdin.resume();
+    stdin.setRawMode(true);
+    stdin.setEncoding("utf-8");
+
+    let buf = "";
+    const finish = (value: string | null): void => {
+      stdout.write("\n");
+      stdin.removeListener("data", onData);
+      stdin.setRawMode(wasRaw);
+      stdin.pause();
+      if (value === null) process.exit(130);
+      resolve(value);
+    };
+    const onData = (ch: string): void => {
+      for (const c of ch) {
+        if (c === "\n" || c === "\r" || c === "\x04") {
+          finish(buf);
+          return;
+        }
+        if (c === "\x03") {
+          finish(null);
+          return;
+        }
+        if (c === "\x7f" || c === "\b") {
+          if (buf.length > 0) {
+            buf = buf.slice(0, -1);
+            stdout.write("\b \b");
+          }
+          continue;
+        }
+        if (c < " ") continue;
+        buf += c;
+        stdout.write("*");
+      }
+    };
+    stdin.on("data", onData);
+  });
+}
+
+function sourceLabel(source: string, info?: ProviderAuthInfo): string {
+  switch (source) {
+    case "settings": return "settings.json";
+    case "keys-file": return "keys.json";
+    case "env": return info ? `$${info.envVar}` : "env var";
+    default: return source;
+  }
+}

package/src/cli/auth/discover.ts

@@ -0,0 +1,52 @@
+/** Bootstrap a throwaway core to enumerate provider ids extensions
+ *  would register, so `auth list` shows ids the user hasn't keyed yet. */
+import * as path from "node:path";
+import { createCore } from "../../core/index.js";
+import { activateAgent } from "../../agent/index.js";
+import { loadExtensions } from "../../core/extension-loader.js";
+import { loadBuiltinExtensions } from "../../extensions/index.js";
+import { CONFIG_DIR, getSettings } from "../../core/settings.js";
+import type { AppConfig } from "../../shell/host-types.js";
+import type { ProviderRegistration } from "../../agent/host-types.js";
+
+const EXT_DIR = path.join(CONFIG_DIR, "extensions");
+const BARE_IMPORT_RE = /Cannot find (?:package|module) ['"]agent-sh\/[^'"]+['"]/;
+
+export interface DiscoveredProvider {
+  id: string;
+  noAuth?: boolean;
+}
+
+let cached: DiscoveredProvider[] | null = null;
+
+export async function discoverExtensionProviders(): Promise<DiscoveredProvider[]> {
+  if (cached) return cached;
+  const core = createCore({} as AppConfig);
+  const errors: string[] = [];
+  core.bus.on("ui:error", ({ message }) => { errors.push(message); });
+  try {
+    const ctx = core.extensionContext({ quit: () => {} });
+    activateAgent(ctx);
+    await loadBuiltinExtensions(ctx, getSettings().disabledBuiltins);
+    await loadExtensions(ctx).catch(() => {});
+    const { providers } = core.bus.emitPipe("agent:providers", { providers: [] as ProviderRegistration[] });
+    cached = providers.map((p) => ({ id: p.id, noAuth: p.noAuth }));
+    if (errors.length > 0) {
+      process.stderr.write(`\n[agent-sh] extension load errors during provider discovery:\n`);
+      for (const msg of errors) {
+        process.stderr.write(`  - ${msg}\n`);
+        if (BARE_IMPORT_RE.test(msg) && msg.includes(EXT_DIR)) {
+          process.stderr.write(
+            `      ↳ Single-file extensions can't runtime-import agent-sh modules from ${EXT_DIR}.\n` +
+            `        Use ctx.call(...) for runtime needs, or convert to a directory extension\n` +
+            `        with its own package.json + node_modules.\n`,
+          );
+        }
+      }
+      process.stderr.write(`\n`);
+    }
+    return cached;
+  } finally {
+    core.kill();
+  }
+}

package/src/cli/auth/keys.ts

@@ -0,0 +1,143 @@
+// Resolution order: settings.json → keys.json → env var.
+import * as fs from "node:fs";
+import * as path from "node:path";
+import { CONFIG_DIR, getSettings, expandEnvVars } from "../../core/settings.js";
+
+export const KEYS_PATH = path.join(CONFIG_DIR, "keys.json");
+
+export interface ProviderAuthInfo {
+  id: string;
+  label: string;
+  /** Conventional env var. Absent for user-declared providers. */
+  envVar?: string;
+  /** True for entries declared in settings.json (vs. a built-in). */
+  custom?: boolean;
+  /** True for ids only present in keys.json — likely owned by an extension
+   *  that registers a provider at runtime. */
+  unattached?: boolean;
+  /** Auth UI shows "no auth required" instead of "not configured". */
+  noAuth?: boolean;
+}
+
+export const KNOWN_PROVIDERS: ProviderAuthInfo[] = [
+  { id: "openai",     label: "OpenAI",     envVar: "OPENAI_API_KEY" },
+  { id: "openrouter", label: "OpenRouter", envVar: "OPENROUTER_API_KEY" },
+  { id: "deepseek",   label: "DeepSeek",   envVar: "DEEPSEEK_API_KEY" },
+];
+
+/** Built-ins + settings + keys.json. Sync, no extension load. */
+export function listAllProviders(): ProviderAuthInfo[] {
+  const out: ProviderAuthInfo[] = [...KNOWN_PROVIDERS];
+  const seen = new Set(out.map((p) => p.id));
+  const settingsProviders = getSettings().providers ?? {};
+  for (const id of Object.keys(settingsProviders)) {
+    if (seen.has(id)) continue;
+    out.push({ id, label: id, custom: true });
+    seen.add(id);
+  }
+  for (const id of Object.keys(loadKeysFile())) {
+    if (seen.has(id)) continue;
+    out.push({ id, label: id, unattached: true });
+    seen.add(id);
+  }
+  return out;
+}
+
+/** Augments listAllProviders with extension-registered ids. */
+export async function listAllProvidersWithDiscovery(): Promise<ProviderAuthInfo[]> {
+  const out = listAllProviders();
+  const byId = new Map(out.map((p) => [p.id, p] as const));
+  const { discoverExtensionProviders } = await import("./discover.js");
+  try {
+    for (const d of await discoverExtensionProviders()) {
+      const existing = byId.get(d.id);
+      if (existing) {
+        if (d.noAuth && !existing.noAuth) existing.noAuth = true;
+        continue;
+      }
+      const entry: ProviderAuthInfo = { id: d.id, label: d.id, custom: true, noAuth: d.noAuth };
+      out.push(entry);
+      byId.set(d.id, entry);
+    }
+  } catch {}
+  return out;
+}
+
+/** Resolve an id against known + settings entries only. Returns null for
+ *  unattached or unknown ids — callers decide whether to accept them. */
+export function findProvider(id: string): ProviderAuthInfo | null {
+  const lower = id.toLowerCase();
+  const known = KNOWN_PROVIDERS.find((p) => p.id === lower);
+  if (known) return known;
+  const settings = getSettings().providers ?? {};
+  if (lower in settings) return { id: lower, label: lower, custom: true };
+  return null;
+}
+
+export type KeySource = "settings" | "keys-file" | "env" | "none";
+
+export interface ResolvedKey {
+  key: string | null;
+  source: KeySource;
+}
+
+type KeysFile = Record<string, string>;
+
+let cached: KeysFile | null = null;
+
+export function loadKeysFile(): KeysFile {
+  if (cached) return cached;
+  try {
+    const raw = fs.readFileSync(KEYS_PATH, "utf-8");
+    const parsed = JSON.parse(raw) as unknown;
+    if (parsed && typeof parsed === "object" && !Array.isArray(parsed)) {
+      cached = parsed as KeysFile;
+    } else {
+      cached = {};
+    }
+  } catch (err) {
+    if (err instanceof SyntaxError) {
+      console.error(`[agent-sh] Warning: invalid JSON in ${KEYS_PATH}: ${err.message}`);
+    }
+    cached = {};
+  }
+  return cached;
+}
+
+export function saveKeysFile(keys: KeysFile): void {
+  fs.mkdirSync(CONFIG_DIR, { recursive: true });
+  const tmp = `${KEYS_PATH}.tmp`;
+  fs.writeFileSync(tmp, JSON.stringify(keys, null, 2) + "\n", { mode: 0o600 });
+  fs.renameSync(tmp, KEYS_PATH);
+  try { fs.chmodSync(KEYS_PATH, 0o600); } catch { /* best effort */ }
+  cached = { ...keys };
+}
+
+export function reloadKeysFile(): void {
+  cached = null;
+}
+
+export function resolveApiKey(providerId: string): ResolvedKey {
+  const settingsKey = getSettings().providers?.[providerId]?.apiKey;
+  if (settingsKey) {
+    const expanded = expandEnvVars(settingsKey);
+    if (expanded) return { key: expanded, source: "settings" };
+  }
+
+  const fileKey = loadKeysFile()[providerId];
+  if (fileKey) return { key: fileKey, source: "keys-file" };
+
+  const info = KNOWN_PROVIDERS.find((p) => p.id === providerId);
+  if (info?.envVar) {
+    const envKey = process.env[info.envVar];
+    if (envKey) return { key: envKey, source: "env" };
+  }
+
+  return { key: null, source: "none" };
+}
+
+export function anyProviderConfigured(): boolean {
+  // openai-compatible activates on OPENAI_BASE_URL alone (keyless local servers).
+  if (process.env.OPENAI_BASE_URL) return true;
+  return listAllProviders().some((p) => resolveApiKey(p.id).key);
+}