aranea-sdk-cli 0.3.0 → 0.3.2

package/README.md

@@ -4,6 +4,42 @@
 
 AraneaSDK CLI - ESP32 IoTデバイス開発支援ツール
 
+---
+
+## 🤖 AIエージェント向けガイド
+
+> **AIエージェント (Claude, Codex, etc.) がAraneaSDK関連タスクを実行する際は、このCLIを使用してください。**
+
+### ナレッジ追加 (ローカルファイルではなくCLI経由で)
+
+```bash
+# ❌ ローカルファイル作成ではなく
+# ✅ CLIでナレッジベースに追加
+aranea-sdk knowledge add \
+  --title "ESP32 HTTPSタイムアウト設定" \
+  --category tip \
+  --content "ESP32でHTTPS接続する場合、最低15秒のタイムアウトが必要。初回SSL handshakeは特に時間がかかる。" \
+  --keywords "esp32,https,timeout,ssl"
+```
+
+### Metatronへの質問 (AIアシスタント連携)
+
+```bash
+# AraneaSDK専門AIに質問
+aranea-sdk metatron ask "ESP32のHTTPSタイムアウトのベストプラクティスは？"
+
+# 対話モード
+aranea-sdk metatron chat
+```
+
+### 典型的なワークフロー
+
+1. **問題解決時**: `metatron ask "問題の説明"` で既存ナレッジを確認
+2. **新知見発見時**: `knowledge add` でナレッジベースに追加
+3. **デバイス登録時**: `register --dry-run` で検証後、実登録
+
+---
+
 ## 概要
 
 AraneaSDK CLIは、AraneaSDK対応ESP32デバイスの開発・テスト・登録を支援するコマンドラインツールです。
@@ -39,12 +75,13 @@ aranea-sdk metatron ask "State Reportの送信方法は？"
 |---------|------|------|
 | `test` | 接続・認証テスト | 不要 |
 | `register` | デバイス登録 | 不要（テストテナント） |
-| `schema` | スキーマ取得・State Report検証 | 不要 |
+| `schema` | スキーマ取得・検証・プッシュ | push/promote時必要 |
 | `validate` | Type名検証 | 不要 |
 | `simulate` | 状態レポートシミュレーション | 不要 |
 | `mqtt` | コマンド送信・ACKモニタリング | **必要** |
 | `knowledge` | ナレッジベース管理 | **必要** |
 | `metatron` | AI対話アシスタント | **必要** |
+| `auth` | 認証トークン管理 | - |
 
 ---
 
@@ -166,11 +203,27 @@ aranea-sdk schema validate --file state.json --type aranea_ar-is04a
 | `list` | ✅ 実装済み | 登録済みスキーマ一覧 |
 | `get` | ✅ 実装済み | スキーマ詳細取得 |
 | `validate` | ✅ 実装済み | State Report 検証 |
-| `create` | 🔜 計画中 | スキーマ新規作成 |
-| `push` | 🔜 計画中 | 開発環境へプッシュ |
-| `promote` | 🔜 計画中 | 本番環境へ昇格 |
+| `validate-schema` | ✅ 実装済み | スキーマ定義の静的検証 |
+| `push` | ✅ 実装済み | 開発環境へプッシュ (認証必要) |
+| `promote` | ✅ 実装済み | 本番環境へ昇格 (認証必要、確認ステップあり) |
+| `info` | ✅ 実装済み | スキーマ詳細情報・リビジョン履歴 |
 | `rollback` | 🔜 計画中 | バージョンロールバック |
 
+### 環境切替 (v0.3.1)
+
+すべてのschemaサブコマンドで `--endpoint` オプションが使用可能です:
+
+```bash
+# デフォルト: staging
+aranea-sdk schema list
+
+# 明示的にproduction指定
+aranea-sdk schema list --endpoint production
+
+# 環境変数でも指定可能
+ARANEA_ENV=production aranea-sdk schema list
+```
+
 ---
 
 ## validate - Type名検証
@@ -339,6 +392,45 @@ aranea-sdk metatron examples
 
 ---
 
+## auth - 認証管理 (v0.3.1)
+
+Firebase Auth IDトークンを管理します。トークンは `~/.aranea-sdk/credentials.json` に保存されます。
+
+### 使用例
+
+```bash
+# ログイン (対話式)
+aranea-sdk auth login
+
+# メールアドレス指定でログイン
+aranea-sdk auth login --email dev@example.com
+
+# トークン情報表示
+aranea-sdk auth token
+
+# トークンのみ出力 (スクリプト用)
+aranea-sdk auth token --raw
+
+# トークン更新 (1時間で期限切れ)
+aranea-sdk auth refresh
+
+# ログアウト
+aranea-sdk auth logout
+```
+
+### トークンライフサイクル
+
+- IDトークンは **1時間** で期限切れ
+- `auth refresh` で新しいトークンを取得
+- `auth token --raw` でスクリプトからトークン取得可能
+
+```bash
+# 他コマンドでトークンを使用
+aranea-sdk metatron ask "質問" --token "$(aranea-sdk auth token --raw)"
+```
+
+---
+
 ## 対応デバイスType
 
 ### 新規 (aranea_ar-*)

package/dist/commands/auth.d.ts

@@ -0,0 +1,26 @@
+/**
+ * AraneaSDK CLI - Auth Command
+ *
+ * Firebase Auth token management for CLI operations
+ *
+ * Usage:
+ *   aranea-sdk auth login              # Interactive login
+ *   aranea-sdk auth token              # Show current token info
+ *   aranea-sdk auth refresh            # Refresh token
+ *   aranea-sdk auth logout             # Clear saved credentials
+ *
+ * Token Storage:
+ *   ~/.aranea-sdk/credentials.json
+ *
+ * Note: ID tokens expire after 1 hour. Use `auth refresh` to get a new token.
+ */
+import { Command } from 'commander';
+/**
+ * Get valid token, refreshing if necessary
+ * Exported for use by other commands
+ */
+export declare function getValidToken(): Promise<string | null>;
+/**
+ * Auth command
+ */
+export declare const authCommand: Command;

package/dist/commands/auth.js

@@ -0,0 +1,427 @@
+"use strict";
+/**
+ * AraneaSDK CLI - Auth Command
+ *
+ * Firebase Auth token management for CLI operations
+ *
+ * Usage:
+ *   aranea-sdk auth login              # Interactive login
+ *   aranea-sdk auth token              # Show current token info
+ *   aranea-sdk auth refresh            # Refresh token
+ *   aranea-sdk auth logout             # Clear saved credentials
+ *
+ * Token Storage:
+ *   ~/.aranea-sdk/credentials.json
+ *
+ * Note: ID tokens expire after 1 hour. Use `auth refresh` to get a new token.
+ */
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.authCommand = void 0;
+exports.getValidToken = getValidToken;
+const commander_1 = require("commander");
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const readline = __importStar(require("readline"));
+const chalk_1 = __importDefault(require("chalk"));
+// Firebase Auth REST API configuration
+const FIREBASE_API_KEY = 'AIzaSyChVMfLPZ9fL_LQBK2TtLbM2iONPhyU1NY'; // mobesorder project
+const AUTH_ENDPOINT = 'https://identitytoolkit.googleapis.com/v1';
+// Credentials storage
+const CONFIG_DIR = path.join(os.homedir(), '.aranea-sdk');
+const CREDENTIALS_FILE = path.join(CONFIG_DIR, 'credentials.json');
+/**
+ * Ensure config directory exists
+ */
+function ensureConfigDir() {
+    if (!fs.existsSync(CONFIG_DIR)) {
+        fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+    }
+}
+/**
+ * Load saved credentials
+ */
+function loadCredentials() {
+    try {
+        if (fs.existsSync(CREDENTIALS_FILE)) {
+            const data = fs.readFileSync(CREDENTIALS_FILE, 'utf8');
+            return JSON.parse(data);
+        }
+    }
+    catch (error) {
+        // Ignore parse errors
+    }
+    return null;
+}
+/**
+ * Save credentials to disk
+ */
+function saveCredentials(credentials) {
+    ensureConfigDir();
+    fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(credentials, null, 2), {
+        mode: 0o600,
+    });
+}
+/**
+ * Clear saved credentials
+ */
+function clearCredentials() {
+    if (fs.existsSync(CREDENTIALS_FILE)) {
+        fs.unlinkSync(CREDENTIALS_FILE);
+    }
+}
+/**
+ * Check if token is expired or about to expire (within 5 minutes)
+ */
+function isTokenExpired(credentials) {
+    const bufferMs = 5 * 60 * 1000; // 5 minutes buffer
+    return Date.now() >= credentials.expiresAt - bufferMs;
+}
+/**
+ * Format remaining time
+ */
+function formatRemainingTime(expiresAt) {
+    const remaining = expiresAt - Date.now();
+    if (remaining <= 0) {
+        return chalk_1.default.red('Expired');
+    }
+    const minutes = Math.floor(remaining / 60000);
+    const seconds = Math.floor((remaining % 60000) / 1000);
+    if (minutes > 30) {
+        return chalk_1.default.green(`${minutes}m ${seconds}s`);
+    }
+    else if (minutes > 5) {
+        return chalk_1.default.yellow(`${minutes}m ${seconds}s`);
+    }
+    else {
+        return chalk_1.default.red(`${minutes}m ${seconds}s`);
+    }
+}
+/**
+ * Prompt for password (hidden input)
+ */
+async function promptPassword(prompt) {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        // Hide password input
+        const stdin = process.stdin;
+        const wasRaw = stdin.isRaw || false;
+        process.stdout.write(prompt);
+        if (stdin.isTTY) {
+            stdin.setRawMode(true);
+        }
+        let password = '';
+        const onData = (char) => {
+            const c = char.toString();
+            switch (c) {
+                case '\n':
+                case '\r':
+                case '\u0004': // Ctrl+D
+                    if (stdin.isTTY) {
+                        stdin.setRawMode(wasRaw);
+                    }
+                    stdin.removeListener('data', onData);
+                    rl.close();
+                    process.stdout.write('\n');
+                    resolve(password);
+                    break;
+                case '\u0003': // Ctrl+C
+                    process.exit();
+                    break;
+                case '\u007F': // Backspace
+                    if (password.length > 0) {
+                        password = password.slice(0, -1);
+                        process.stdout.write('\b \b');
+                    }
+                    break;
+                default:
+                    password += c;
+                    process.stdout.write('*');
+                    break;
+            }
+        };
+        stdin.on('data', onData);
+    });
+}
+/**
+ * Prompt for email
+ */
+async function promptEmail() {
+    return new Promise((resolve) => {
+        const rl = readline.createInterface({
+            input: process.stdin,
+            output: process.stdout,
+        });
+        rl.question('Email: ', (answer) => {
+            rl.close();
+            resolve(answer.trim());
+        });
+    });
+}
+/**
+ * Login with email and password
+ */
+async function loginWithEmailPassword(email, password) {
+    const response = await fetch(`${AUTH_ENDPOINT}/accounts:signInWithPassword?key=${FIREBASE_API_KEY}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            email,
+            password,
+            returnSecureToken: true,
+        }),
+    });
+    if (!response.ok) {
+        const errorBody = await response.json();
+        const errorMessage = errorBody.error?.message || 'Login failed';
+        throw new Error(translateFirebaseError(errorMessage));
+    }
+    const data = (await response.json());
+    const expiresIn = parseInt(data.expiresIn, 10) * 1000; // Convert to ms
+    return {
+        idToken: data.idToken,
+        refreshToken: data.refreshToken,
+        email: data.email,
+        expiresAt: Date.now() + expiresIn,
+        localId: data.localId,
+    };
+}
+/**
+ * Refresh ID token
+ */
+async function refreshIdToken(refreshToken) {
+    const response = await fetch(`https://securetoken.googleapis.com/v1/token?key=${FIREBASE_API_KEY}`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: `grant_type=refresh_token&refresh_token=${encodeURIComponent(refreshToken)}`,
+    });
+    if (!response.ok) {
+        const errorBody = await response.json();
+        throw new Error(errorBody.error?.message || 'Token refresh failed');
+    }
+    const data = (await response.json());
+    const expiresIn = parseInt(data.expires_in, 10) * 1000;
+    // Load existing credentials to preserve email
+    const existing = loadCredentials();
+    return {
+        idToken: data.id_token,
+        refreshToken: data.refresh_token,
+        email: existing?.email || '',
+        expiresAt: Date.now() + expiresIn,
+        localId: data.user_id,
+    };
+}
+/**
+ * Translate Firebase error messages to user-friendly Japanese
+ */
+function translateFirebaseError(errorCode) {
+    const translations = {
+        EMAIL_NOT_FOUND: 'メールアドレスが見つかりません',
+        INVALID_PASSWORD: 'パスワードが正しくありません',
+        INVALID_EMAIL: 'メールアドレスの形式が正しくありません',
+        USER_DISABLED: 'このアカウントは無効化されています',
+        TOO_MANY_ATTEMPTS_TRY_LATER: 'ログイン試行回数が多すぎます。しばらく待ってから再試行してください',
+        INVALID_LOGIN_CREDENTIALS: 'メールアドレスまたはパスワードが正しくありません',
+        TOKEN_EXPIRED: 'トークンの有効期限が切れています。再度ログインしてください',
+        INVALID_REFRESH_TOKEN: 'リフレッシュトークンが無効です。再度ログインしてください',
+    };
+    return translations[errorCode] || errorCode;
+}
+/**
+ * Get valid token, refreshing if necessary
+ * Exported for use by other commands
+ */
+async function getValidToken() {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        return null;
+    }
+    if (isTokenExpired(credentials)) {
+        try {
+            const newCredentials = await refreshIdToken(credentials.refreshToken);
+            saveCredentials(newCredentials);
+            return newCredentials.idToken;
+        }
+        catch {
+            return null;
+        }
+    }
+    return credentials.idToken;
+}
+/**
+ * Auth command
+ */
+exports.authCommand = new commander_1.Command('auth')
+    .description('Firebase Auth token management')
+    .addHelpText('after', `
+Token Lifecycle:
+  - ID tokens expire after 1 hour
+  - Use 'auth refresh' to get a new token
+  - Tokens are auto-saved to ~/.aranea-sdk/credentials.json
+
+Examples:
+  aranea-sdk auth login              # Interactive login
+  aranea-sdk auth token              # Show current token info
+  aranea-sdk auth refresh            # Refresh expired token
+  aranea-sdk auth logout             # Clear saved credentials
+`);
+// auth login
+exports.authCommand
+    .command('login')
+    .description('Login with email and password')
+    .option('-e, --email <email>', 'Email address')
+    .action(async (options) => {
+    console.log(chalk_1.default.cyan('\n=== AraneaSDK CLI Login ===\n'));
+    try {
+        // Get email
+        const email = options.email || (await promptEmail());
+        if (!email) {
+            console.error(chalk_1.default.red('Email is required'));
+            process.exit(1);
+        }
+        // Get password
+        const password = await promptPassword('Password: ');
+        if (!password) {
+            console.error(chalk_1.default.red('Password is required'));
+            process.exit(1);
+        }
+        console.log('\nLogging in...');
+        const credentials = await loginWithEmailPassword(email, password);
+        saveCredentials(credentials);
+        console.log(chalk_1.default.green('\n✓ Login successful!'));
+        console.log(`  Email: ${credentials.email}`);
+        console.log(`  User ID: ${credentials.localId}`);
+        console.log(`  Token expires: ${formatRemainingTime(credentials.expiresAt)}`);
+        console.log(`\nCredentials saved to: ${CREDENTIALS_FILE}`);
+        console.log(chalk_1.default.yellow('\nNote: ID tokens expire after 1 hour. Use "aranea-sdk auth refresh" to renew.'));
+    }
+    catch (error) {
+        console.error(chalk_1.default.red(`\n✖ Login failed: ${error.message}`));
+        process.exit(1);
+    }
+});
+// auth token
+exports.authCommand
+    .command('token')
+    .description('Show current token information')
+    .option('--raw', 'Output raw token value only')
+    .action(async (options) => {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        if (options.raw) {
+            process.exit(1);
+        }
+        console.log(chalk_1.default.yellow('\nNo saved credentials found.'));
+        console.log('Run "aranea-sdk auth login" to authenticate.');
+        process.exit(1);
+    }
+    if (options.raw) {
+        // Output just the token for scripting
+        if (isTokenExpired(credentials)) {
+            try {
+                const newCredentials = await refreshIdToken(credentials.refreshToken);
+                saveCredentials(newCredentials);
+                console.log(newCredentials.idToken);
+            }
+            catch {
+                process.exit(1);
+            }
+        }
+        else {
+            console.log(credentials.idToken);
+        }
+        return;
+    }
+    console.log(chalk_1.default.cyan('\n=== AraneaSDK CLI Token Info ===\n'));
+    console.log(`  Email:      ${credentials.email}`);
+    console.log(`  User ID:    ${credentials.localId}`);
+    console.log(`  Expires in: ${formatRemainingTime(credentials.expiresAt)}`);
+    console.log(`  Expires at: ${new Date(credentials.expiresAt).toLocaleString('ja-JP')}`);
+    if (isTokenExpired(credentials)) {
+        console.log(chalk_1.default.red('\n⚠ Token is expired or about to expire.'));
+        console.log('Run "aranea-sdk auth refresh" to get a new token.');
+    }
+    else {
+        console.log(chalk_1.default.green('\n✓ Token is valid'));
+    }
+    console.log(`\nToken (first 50 chars): ${credentials.idToken.substring(0, 50)}...`);
+});
+// auth refresh
+exports.authCommand
+    .command('refresh')
+    .description('Refresh the ID token')
+    .action(async () => {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        console.log(chalk_1.default.yellow('\nNo saved credentials found.'));
+        console.log('Run "aranea-sdk auth login" to authenticate.');
+        process.exit(1);
+    }
+    console.log('Refreshing token...');
+    try {
+        const newCredentials = await refreshIdToken(credentials.refreshToken);
+        saveCredentials(newCredentials);
+        console.log(chalk_1.default.green('\n✓ Token refreshed successfully!'));
+        console.log(`  Email: ${newCredentials.email}`);
+        console.log(`  Expires in: ${formatRemainingTime(newCredentials.expiresAt)}`);
+        console.log(`  Expires at: ${new Date(newCredentials.expiresAt).toLocaleString('ja-JP')}`);
+    }
+    catch (error) {
+        console.error(chalk_1.default.red(`\n✖ Token refresh failed: ${error.message}`));
+        console.log('You may need to run "aranea-sdk auth login" again.');
+        process.exit(1);
+    }
+});
+// auth logout
+exports.authCommand
+    .command('logout')
+    .description('Clear saved credentials')
+    .action(() => {
+    const credentials = loadCredentials();
+    if (!credentials) {
+        console.log(chalk_1.default.yellow('\nNo saved credentials found.'));
+        return;
+    }
+    clearCredentials();
+    console.log(chalk_1.default.green('\n✓ Credentials cleared.'));
+    console.log(`  Removed: ${CREDENTIALS_FILE}`);
+});

package/dist/commands/schema.d.ts

@@ -2,13 +2,17 @@
  * schema command
  *
  * Usage:
- *   aranea-sdk schema get --type "aranea_ar-is04a"
- *   aranea-sdk schema list
+ *   aranea-sdk schema list [--endpoint staging|production]
+ *   aranea-sdk schema get --type "aranea_ar-is04a" [--endpoint staging|production]
  *   aranea-sdk schema validate --type "aranea_ar-is04a" --file state.json
  *   aranea-sdk schema validate-schema --file schema.json
- *   aranea-sdk schema push --file schema.json [--token TOKEN]
- *   aranea-sdk schema promote --type "aranea_ar-is04a" [--token TOKEN]
- *   aranea-sdk schema info --type "aranea_ar-is04a"
+ *   aranea-sdk schema push --file schema.json [--token TOKEN] [--endpoint staging|production]
+ *   aranea-sdk schema promote --type "aranea_ar-is04a" [--token TOKEN] [--endpoint staging|production] [--confirm]
+ *   aranea-sdk schema info --type "aranea_ar-is04a" [--endpoint staging|production]
+ *
+ * Environment:
+ *   - Default: staging (for safety)
+ *   - Override: ARANEA_ENV=production or --endpoint production
  */
 import { Command } from 'commander';
 export declare const schemaCommand: Command;