ai-lens 0.3.0 → 0.5.0

package/.commithash

@@ -1 +1 @@
-b46a47e
+968235e

package/bin/ai-lens.js

@@ -30,28 +30,12 @@ switch (command) {
     console.log(`ai-lens v${version} (${commit})`);
     break;
   }
-  case 'admin': {
-    const sub = process.argv[3];
-    const { createInvite, listInvites } = await import('../cli/admin.js');
-    if (sub === 'create-invite') await createInvite();
-    else if (sub === 'list-invites') await listInvites();
-    else {
-      console.log('Usage: ai-lens admin <command>');
-      console.log('');
-      console.log('Commands:');
-      console.log('  create-invite  Create a team invite token');
-      console.log('  list-invites   List invite tokens');
-      process.exit(1);
-    }
-    break;
-  }
   default:
     console.log('Usage: ai-lens <command>');
     console.log('');
     console.log('Commands:');
     console.log('  init            Configure AI tool hooks for event capture');
     console.log('  remove          Remove AI Lens hooks and client files');
-    console.log('  admin           Admin commands (create-invite, list-invites)');
     console.log('  mcp             Start the MCP server (stdio transport)');
     console.log('  version         Show package version and commit hash');
     process.exit(command ? 1 : 0);

package/cli/init.js

@@ -25,8 +25,40 @@ function ask(question) {
   });
 }
 
-// Default transport credentials (same as client/config.js DEFAULT_AUTH_TOKEN)
-const TRANSPORT_AUTH = 'collector:secret-collector-token-2026-ai-lens';
+function getJson(url) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const isHttps = parsed.protocol === 'https:';
+    const requestFn = isHttps ? httpsRequest : httpRequest;
+    const options = {
+      hostname: parsed.hostname,
+      port: parsed.port || (isHttps ? 443 : 80),
+      path: parsed.pathname + (parsed.search || ''),
+      method: 'GET',
+      headers: { 'Accept': 'application/json' },
+      timeout: 15_000,
+    };
+    const req = requestFn(options, (res) => {
+      let buf = '';
+      res.on('data', (chunk) => { buf += chunk; });
+      res.on('end', () => {
+        try {
+          const json = JSON.parse(buf);
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            resolve(json);
+          } else {
+            reject(new Error(json.error || `Server responded ${res.statusCode}`));
+          }
+        } catch {
+          reject(new Error(`Server responded ${res.statusCode}: ${buf}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(new Error('Request timed out')); });
+    req.end();
+  });
+}
 
 function postJson(url, body) {
   return new Promise((resolve, reject) => {
@@ -42,7 +74,6 @@ function postJson(url, body) {
       headers: {
         'Content-Type': 'application/json',
         'Content-Length': Buffer.byteLength(data),
-        'Authorization': 'Basic ' + Buffer.from(TRANSPORT_AUTH).toString('base64'),
       },
       timeout: 15_000,
     };
@@ -69,6 +100,132 @@ function postJson(url, body) {
   });
 }
 
+function postForm(url, params) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const isHttps = parsed.protocol === 'https:';
+    const requestFn = isHttps ? httpsRequest : httpRequest;
+    const data = new URLSearchParams(params).toString();
+    const options = {
+      hostname: parsed.hostname,
+      port: parsed.port || (isHttps ? 443 : 80),
+      path: parsed.pathname,
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded',
+        'Content-Length': Buffer.byteLength(data),
+      },
+      timeout: 15_000,
+    };
+    const req = requestFn(options, (res) => {
+      let buf = '';
+      res.on('data', (chunk) => { buf += chunk; });
+      res.on('end', () => {
+        try {
+          resolve({ status: res.statusCode, data: JSON.parse(buf) });
+        } catch {
+          reject(new Error(`Server responded ${res.statusCode}: ${buf}`));
+        }
+      });
+    });
+    req.on('error', reject);
+    req.on('timeout', () => { req.destroy(); reject(new Error('Request timed out')); });
+    req.write(data);
+    req.end();
+  });
+}
+
+function sleep(ms) {
+  return new Promise(resolve => setTimeout(resolve, ms));
+}
+
+async function deviceCodeAuth(serverUrl) {
+  // 1. Fetch Auth0 config from server
+  let config;
+  try {
+    config = await getJson(`${serverUrl}/api/auth/config`);
+  } catch (err) {
+    throw new Error(`Could not fetch auth config from server: ${err.message}`);
+  }
+
+  if (!config.enabled || !config.domain || !config.cliClientId) {
+    throw new Error('Auth0 device code flow not configured on server (missing AUTH0_CLI_CLIENT_ID)');
+  }
+
+  const { domain, cliClientId, audience } = config;
+
+  // 2. Request device code
+  const codeParams = {
+    client_id: cliClientId,
+    scope: 'openid profile email',
+  };
+  if (audience) codeParams.audience = audience;
+
+  const codeResp = await postForm(`https://${domain}/oauth/device/code`, codeParams);
+  if (codeResp.status !== 200) {
+    throw new Error(`Device code request failed: ${JSON.stringify(codeResp.data)}`);
+  }
+
+  const {
+    device_code,
+    user_code,
+    verification_uri_complete,
+    verification_uri,
+    interval: pollInterval = 5,
+    expires_in,
+  } = codeResp.data;
+
+  // 3. Show URL + code
+  blank();
+  info('  Open this URL in your browser to authenticate:');
+  blank();
+  info(`    ${verification_uri_complete || verification_uri}`);
+  blank();
+  if (user_code) {
+    info(`  Code: ${user_code}`);
+    blank();
+  }
+  info(`  Waiting for browser login (expires in ${Math.floor(expires_in / 60)} min)...`);
+
+  // 4. Poll for token
+  let interval = pollInterval;
+  const deadline = Date.now() + expires_in * 1000;
+
+  while (Date.now() < deadline) {
+    await sleep(interval * 1000);
+
+    const tokenResp = await postForm(`https://${domain}/oauth/token`, {
+      grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+      client_id: cliClientId,
+      device_code,
+    });
+
+    if (tokenResp.status === 200 && tokenResp.data.id_token) {
+      // 5. Exchange JWT for personal token
+      const result = await postJson(`${serverUrl}/api/auth/device-token`, {
+        jwt: tokenResp.data.id_token,
+      });
+      return result;
+    }
+
+    const err = tokenResp.data.error;
+    if (err === 'authorization_pending') {
+      continue;
+    } else if (err === 'slow_down') {
+      interval += 5;
+      continue;
+    } else if (err === 'expired_token') {
+      throw new Error('Device code expired. Please try again.');
+    } else if (err === 'access_denied') {
+      throw new Error('Authentication was denied.');
+    } else {
+      throw new Error(`Unexpected token response: ${JSON.stringify(tokenResp.data)}`);
+    }
+  }
+
+  throw new Error('Device code expired. Please try again.');
+}
+
 export default async function init() {
   const { version, commit } = getVersionInfo();
   initLogger(`v${version} (${commit})`);
@@ -126,41 +283,17 @@ export default async function init() {
   }
   blank();
 
-  // Authentication (required)
+  // Authentication
   heading('Authentication');
   if (!currentConfig.authToken) {
-    info('Invite token is required. Get one from your team lead.');
-    // eslint-disable-next-line no-constant-condition
-    while (true) {
-      const inviteInput = await ask('Invite token: ');
-      if (!inviteInput) {
-        warn('  Invite token is required to continue.');
-        continue;
-      }
-      if (!inviteInput.startsWith('ailens_inv_')) {
-        warn('  Token must start with ailens_inv_. Try again.');
-        continue;
-      }
-      try {
-        let email, gitName;
-        try {
-          email = execSync('git config user.email', { encoding: 'utf-8' }).trim();
-          gitName = execSync('git config user.name', { encoding: 'utf-8' }).trim();
-        } catch {
-          error('  Could not read git identity. Set git config user.email and user.name first.');
-          return;
-        }
-        const result = await postJson(serverUrl + '/api/auth/accept-invite', {
-          token: inviteInput, email, name: gitName,
-        });
-        newConfig.authToken = result.token;
-        saveLensConfig(newConfig);
-        success(`  Authenticated! Team: ${result.team_id}`);
-        break;
-      } catch (err) {
-        error(`  Authentication failed: ${err.message}`);
-        info('  Try again.');
-      }
+    try {
+      const result = await deviceCodeAuth(serverUrl);
+      newConfig.authToken = result.token;
+      saveLensConfig(newConfig);
+      success(`  Authenticated as ${result.name} (${result.email})`);
+    } catch (err) {
+      error(`  Authentication failed: ${err.message}`);
+      return;
     }
   } else {
     success('  Already authenticated (token present)');

package/mcp-server/index.js

@@ -2,9 +2,21 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
 import { execSync } from "child_process";
+import { readFileSync } from "node:fs";
+import { join } from "node:path";
+import { homedir } from "node:os";
+
+function loadLensConfig() {
+  try {
+    return JSON.parse(readFileSync(join(homedir(), ".ai-lens", "config.json"), "utf-8"));
+  } catch {
+    return {};
+  }
+}
 
-const SERVER_URL = process.env.AI_LENS_SERVER_URL || "http://168.119.103.228:13300";
-const AUTH_TOKEN = process.env.AI_LENS_AUTH_TOKEN;
+const lensConfig = loadLensConfig();
+const SERVER_URL = process.env.AI_LENS_SERVER_URL || lensConfig.serverUrl || "http://168.119.103.228:13300";
+const AUTH_TOKEN = process.env.AI_LENS_AUTH_TOKEN || lensConfig.authToken;
 
 async function apiCall(path) {
   const headers = {};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-lens",
-  "version": "0.3.0",
+  "version": "0.5.0",
   "type": "module",
   "description": "Centralized session analytics for AI coding tools",
   "bin": {

package/cli/admin.js

@@ -1,120 +0,0 @@
-import { createInterface } from 'node:readline';
-import { request as httpRequest } from 'node:http';
-import { request as httpsRequest } from 'node:https';
-import { readLensConfig } from './hooks.js';
-
-function ask(question) {
-  const rl = createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise(resolve => {
-    rl.question(question, answer => {
-      rl.close();
-      resolve(answer.trim());
-    });
-  });
-}
-
-function adminRequest(method, url, body) {
-  const secret = process.env.AI_LENS_ADMIN_SECRET;
-  if (!secret) {
-    throw new Error('AI_LENS_ADMIN_SECRET env var is required');
-  }
-  return new Promise((resolve, reject) => {
-    const parsed = new URL(url);
-    const isHttps = parsed.protocol === 'https:';
-    const requestFn = isHttps ? httpsRequest : httpRequest;
-    const data = body ? JSON.stringify(body) : null;
-    const options = {
-      hostname: parsed.hostname,
-      port: parsed.port || (isHttps ? 443 : 80),
-      path: parsed.pathname + (parsed.search || ''),
-      method,
-      headers: {
-        'X-Admin-Secret': secret,
-        ...(data ? {
-          'Content-Type': 'application/json',
-          'Content-Length': Buffer.byteLength(data),
-        } : {}),
-      },
-      timeout: 15_000,
-    };
-    const req = requestFn(options, (res) => {
-      let buf = '';
-      res.on('data', (chunk) => { buf += chunk; });
-      res.on('end', () => {
-        try {
-          const json = JSON.parse(buf);
-          if (res.statusCode >= 200 && res.statusCode < 300) {
-            resolve(json);
-          } else {
-            reject(new Error(json.error || `Server responded ${res.statusCode}`));
-          }
-        } catch {
-          reject(new Error(`Server responded ${res.statusCode}: ${buf}`));
-        }
-      });
-    });
-    req.on('error', reject);
-    req.on('timeout', () => { req.destroy(); reject(new Error('Request timed out')); });
-    if (data) req.write(data);
-    req.end();
-  });
-}
-
-function getServerUrl() {
-  const config = readLensConfig();
-  return config.serverUrl || process.env.AI_LENS_SERVER_URL || 'http://localhost:3000';
-}
-
-export async function createInvite() {
-  const serverUrl = getServerUrl();
-  const teamId = await ask('Team ID: ');
-  if (!teamId) {
-    console.error('Team ID is required');
-    process.exit(1);
-  }
-  const label = await ask('Label (optional): ');
-  const maxUsesStr = await ask('Max uses (optional, Enter = unlimited): ');
-  const maxUses = maxUsesStr ? parseInt(maxUsesStr, 10) : undefined;
-
-  try {
-    const result = await adminRequest('POST', `${serverUrl}/api/auth/admin/invite-tokens`, {
-      team_id: teamId,
-      label: label || undefined,
-      max_uses: maxUses,
-    });
-    console.log('\nInvite token created:');
-    console.log(`  Token:    ${result.token}`);
-    console.log(`  Team:     ${result.team_id}`);
-    if (result.label) console.log(`  Label:    ${result.label}`);
-    if (result.max_uses) console.log(`  Max uses: ${result.max_uses}`);
-    console.log('\nShare this token with developers. They can use it during: npx ai-lens init');
-  } catch (err) {
-    console.error(`Error: ${err.message}`);
-    process.exit(1);
-  }
-}
-
-export async function listInvites() {
-  const serverUrl = getServerUrl();
-  const teamId = await ask('Team ID (optional, Enter = all): ');
-  const query = teamId ? `?team_id=${encodeURIComponent(teamId)}` : '';
-
-  try {
-    const tokens = await adminRequest('GET', `${serverUrl}/api/auth/admin/invite-tokens${query}`);
-    if (tokens.length === 0) {
-      console.log('No invite tokens found.');
-      return;
-    }
-    console.log(`\n${'ID'.padEnd(38)}${'Team'.padEnd(20)}${'Label'.padEnd(25)}${'Uses'.padEnd(10)}${'Created'}`);
-    console.log('-'.repeat(110));
-    for (const t of tokens) {
-      const uses = t.max_uses ? `${t.uses}/${t.max_uses}` : `${t.uses}`;
-      console.log(
-        `${t.id.padEnd(38)}${(t.team_id || '').padEnd(20)}${(t.label || '').padEnd(25)}${uses.padEnd(10)}${t.created_at}`,
-      );
-    }
-  } catch (err) {
-    console.error(`Error: ${err.message}`);
-    process.exit(1);
-  }
-}