auramaxx 0.0.1

package/server/cli/commands/lock.ts

@@ -0,0 +1,157 @@
+/**
+ * auramaxx lock — Lock vaults from CLI
+ */
+
+import {
+  bootstrapViaAuthRequest,
+  bootstrapViaSocket,
+  generateEphemeralKeypair,
+  type ProfileIssuanceSelection,
+} from '../../lib/credential-transport';
+import { getErrorMessage } from '../../lib/error';
+import { printHelp } from '../lib/theme';
+import { serverUrl } from '../lib/http';
+
+type JsonObject = Record<string, unknown>;
+
+function showHelp(): void {
+  printHelp('LOCK', 'npx auramaxx lock [all|vault <vaultId>] [options]', [
+    { name: 'all', desc: 'Lock all vaults and revoke active sessions (default)' },
+    { name: 'vault <vaultId>', desc: 'Lock a specific vault id' },
+  ], [
+    'Options:',
+    '  --token <token>             Bearer token (default: AURA_TOKEN or socket fallback)',
+    '  --profile <id>              /auth fallback profile when socket bootstrap is blocked',
+    '  --profile-version <v>       /auth fallback profile version',
+    '  --profile-overrides <json>  Tighten-only profile override JSON',
+    '  --json                      JSON output',
+    '',
+    'Examples:',
+    '  npx auramaxx lock',
+    '  npx auramaxx lock all',
+    '  npx auramaxx lock vault primary',
+  ]);
+}
+
+function getFlagValue(args: string[], flag: string): string | undefined {
+  const idx = args.indexOf(flag);
+  return idx >= 0 ? args[idx + 1] : undefined;
+}
+
+function parseProfileSelection(args: string[]): ProfileIssuanceSelection {
+  const profile = getFlagValue(args, '--profile');
+  const profileVersion = getFlagValue(args, '--profile-version');
+  const profileOverridesRaw = getFlagValue(args, '--profile-overrides');
+
+  let profileOverrides: JsonObject | undefined;
+  if (profileOverridesRaw) {
+    const parsed = JSON.parse(profileOverridesRaw) as unknown;
+    if (!parsed || typeof parsed !== 'object' || Array.isArray(parsed)) {
+      throw new Error('--profile-overrides must be a JSON object');
+    }
+    profileOverrides = parsed as JsonObject;
+  }
+
+  return {
+    ...(profile ? { profile } : {}),
+    ...(profileVersion ? { profileVersion } : {}),
+    ...(profileOverrides ? { profileOverrides } : {}),
+  };
+}
+
+async function resolveBearerToken(args: string[]): Promise<string> {
+  const explicit = getFlagValue(args, '--token') || process.env.AURA_TOKEN;
+  if (explicit) return explicit;
+
+  const selection = parseProfileSelection(args);
+  const keypair = generateEphemeralKeypair();
+
+  if (selection.profile) {
+    const result = await bootstrapViaAuthRequest(serverUrl(), 'cli-lock', keypair, {
+      ...selection,
+      noWait: true,
+      onStatus: (message) => console.error(message),
+    });
+    if (result.approveUrl) {
+      console.error(`Approve at: ${result.approveUrl}`);
+    }
+    console.error(`After approval, re-run with: AURA_TOKEN=<token> npx auramaxx lock ...`);
+    console.error(`Or use: npx auramaxx auth request --profile ${selection.profile} --raw-token`);
+    process.exit(1);
+  }
+
+  try {
+    return await bootstrapViaSocket('cli-lock', keypair);
+  } catch (socketErr) {
+    return bootstrapViaAuthRequest(serverUrl(), 'cli-lock', keypair, {
+      ...selection,
+      onStatus: (message) => console.error(message),
+    }).catch((authErr) => {
+      throw new Error(`${getErrorMessage(socketErr)}\n${getErrorMessage(authErr)}`);
+    });
+  }
+}
+
+async function postJson(path: string, token: string): Promise<Record<string, unknown>> {
+  const res = await fetch(`${serverUrl()}${path}`, {
+    method: 'POST',
+    headers: {
+      'Authorization': `Bearer ${token}`,
+      'Content-Type': 'application/json',
+    },
+    signal: AbortSignal.timeout(10_000),
+  });
+
+  const data = await res.json().catch(() => ({})) as Record<string, unknown>;
+  if (!res.ok) {
+    throw new Error(String(data.error || `HTTP ${res.status}`));
+  }
+  return data;
+}
+
+async function main(): Promise<void> {
+  const args = process.argv.slice(2);
+  const subcommand = args[0] || 'all';
+
+  if (subcommand === '--help' || subcommand === '-h') {
+    showHelp();
+    process.exit(0);
+  }
+
+  try {
+    const json = args.includes('--json');
+    const token = await resolveBearerToken(args);
+
+    let data: Record<string, unknown>;
+    if (subcommand === 'all') {
+      data = await postJson('/lock', token);
+    } else if (subcommand === 'vault') {
+      const vaultId = args[1];
+      if (!vaultId) {
+        throw new Error('Usage: npx auramaxx lock vault <vaultId>');
+      }
+      data = await postJson(`/lock/${encodeURIComponent(vaultId)}`, token);
+    } else {
+      // Default shorthand: `lock <vaultId>` locks that vault; `lock` already handled above.
+      data = await postJson(`/lock/${encodeURIComponent(subcommand)}`, token);
+    }
+
+    if (json) {
+      console.log(JSON.stringify(data, null, 2));
+    } else {
+      console.log(String((data as { message?: unknown }).message || 'Lock request completed.'));
+    }
+
+    process.exit((data as { success?: unknown }).success === false ? 1 : 0);
+  } catch (error) {
+    console.error(`Lock command failed: ${getErrorMessage(error)}`);
+    process.exit(1);
+  }
+}
+
+if (import.meta.url === `file://${process.argv[1]}`) {
+  main().catch((error) => {
+    console.error(`Lock command failed: ${getErrorMessage(error)}`);
+    process.exit(1);
+  });
+}

package/server/cli/commands/mcp.ts

@@ -0,0 +1,285 @@
+/**
+ * auramaxx mcp — Start the MCP server (stdio transport)
+ *
+ * Spawned by MCP clients (Codex CLI, Claude Code/Desktop, Cursor, VS Code, Windsurf, etc.) via config:
+ *   { "command": "npx", "args": ["auramaxx", "mcp"], "env": { "AURA_TOKEN": "<token>" } }
+ *
+ * Flags:
+ *   --install  Auto-detect local client MCP config entries (does not start server)
+ *   --run      Start MCP server after processing install/setup flags
+ *   --setup    Install MCP config entries, then start MCP server
+ */
+
+import fs from 'fs';
+import path from 'path';
+import os from 'os';
+import { spawnSync } from 'child_process';
+import { getErrorMessage } from '../../lib/error';
+
+const args = process.argv.slice(2);
+
+const shouldInstall = args.includes('--install') || args.includes('--setup');
+const shouldRun = args.includes('--run') || args.includes('--setup') || !shouldInstall;
+
+if (shouldInstall) {
+  installMcpConfigs();
+}
+if (shouldRun) {
+  // The MCP server runs on import — connects stdio transport and registers tools
+  import('../../mcp/server.js');
+}
+
+interface IdeTarget {
+  name: string;
+  configPath: string;
+  global: boolean;
+}
+
+type InstallStatus = 'configured' | 'already-configured' | 'not-found' | 'error';
+
+interface InstallResult {
+  status: InstallStatus;
+  detail?: string;
+}
+
+function installMcpConfigs(): void {
+  const home = os.homedir();
+  const walletBase = process.env.WALLET_SERVER_URL?.trim() || undefined;
+
+  const targets: IdeTarget[] = [
+    {
+      name: 'Claude Code',
+      configPath: path.join(process.cwd(), '.mcp.json'),
+      global: false,
+    },
+    {
+      name: 'Claude Desktop',
+      configPath: path.join(home, 'Library', 'Application Support', 'Claude', 'claude_desktop_config.json'),
+      global: true,
+    },
+    {
+      name: 'Cursor',
+      configPath: path.join(home, '.cursor', 'mcp.json'),
+      global: true,
+    },
+    {
+      name: 'VS Code',
+      configPath: path.join(process.cwd(), '.vscode', 'mcp.json'),
+      global: false,
+    },
+    {
+      name: 'Windsurf',
+      configPath: path.join(home, '.windsurf', 'mcp.json'),
+      global: true,
+    },
+  ];
+
+  console.log('\n  AuraMaxx MCP Installer');
+  console.log('  ───────────────────────\n');
+
+  let updated = 0;
+  let skipped = 0;
+  let notFound = 0;
+  let errors = 0;
+
+  for (const target of targets) {
+    const configDir = path.dirname(target.configPath);
+
+    // Only touch configs for IDEs that are actually present.
+    // Do not create new IDE directories implicitly.
+    if (!fs.existsSync(configDir)) {
+      console.log(`  ${target.name}: not found (${configDir} not found)`);
+      notFound++;
+      continue;
+    }
+
+    // Read existing config or start fresh. If the file is malformed, skip it
+    // instead of overwriting user data with {}.
+    let config: Record<string, unknown> = {};
+    if (fs.existsSync(target.configPath)) {
+      try {
+        const raw = fs.readFileSync(target.configPath, 'utf-8');
+        config = JSON.parse(raw);
+      } catch (error) {
+        const message = getErrorMessage(error);
+        console.log(`  ${target.name}: skipped (invalid JSON in ${target.configPath}: ${message})`);
+        errors++;
+        continue;
+      }
+    }
+
+    // Check if canonical entry already exists
+    if (
+      config.mcpServers !== undefined &&
+      (typeof config.mcpServers !== 'object' || config.mcpServers === null || Array.isArray(config.mcpServers))
+    ) {
+      console.log(`  ${target.name}: skipped (mcpServers must be an object in ${target.configPath})`);
+      errors++;
+      continue;
+    }
+
+    const mcpServers = (config.mcpServers || {}) as Record<string, unknown>;
+    const existingEntry = isPlainObject(mcpServers.auramaxx) ? mcpServers.auramaxx as Record<string, unknown> : undefined;
+    const nextEntry = buildJsonMcpEntry(existingEntry, walletBase);
+    if (existingEntry && sameJson(existingEntry, nextEntry)) {
+      console.log(`  ${target.name}: already configured`);
+      skipped++;
+      continue;
+    }
+
+    // Merge canonical entry.
+    mcpServers.auramaxx = nextEntry;
+    config.mcpServers = mcpServers;
+
+    fs.writeFileSync(target.configPath, JSON.stringify(config, null, 2) + '\n');
+    console.log(`  ${target.name}: configured (${target.configPath})`);
+    updated++;
+  }
+
+  const codexResult = installCodexMcp(home, walletBase);
+  if (codexResult.status === 'configured') {
+    const detail = codexResult.detail ? ` (${codexResult.detail})` : '';
+    console.log(`  Codex CLI: configured (${path.join(home, '.codex', 'config.toml')})${detail}`);
+    updated++;
+  } else if (codexResult.status === 'already-configured') {
+    console.log('  Codex CLI: already configured');
+    skipped++;
+  } else if (codexResult.status === 'not-found') {
+    const detail = codexResult.detail ? ` (${codexResult.detail})` : '';
+    console.log(`  Codex CLI: not found${detail}`);
+    notFound++;
+  } else {
+    const detail = codexResult.detail ? ` (${codexResult.detail})` : '';
+    console.log(`  Codex CLI: skipped due to error${detail}`);
+    errors++;
+  }
+
+  console.log('');
+  console.log(`  Done: ${updated} updated, ${skipped} already configured, ${notFound} not found, ${errors} skipped due to errors`);
+  console.log('');
+}
+
+function buildJsonMcpEntry(existing: Record<string, unknown> | undefined, walletBase: string | undefined): Record<string, unknown> {
+  const next: Record<string, unknown> = isPlainObject(existing) ? { ...existing } : {};
+  next.command = 'npx';
+  next.args = ['auramaxx', 'mcp'];
+
+  const env = isPlainObject(existing?.env) ? { ...(existing?.env as Record<string, unknown>) } : {};
+  if (walletBase) {
+    env.WALLET_SERVER_URL = walletBase;
+  } else {
+    delete env.WALLET_SERVER_URL;
+  }
+  if (Object.keys(env).length > 0) {
+    next.env = env;
+  } else {
+    delete next.env;
+  }
+
+  return next;
+}
+
+function installCodexMcp(home: string, walletBase: string | undefined): InstallResult {
+  const probe = spawnSync('codex', ['mcp', 'list'], {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  if (probe.error) {
+    const code = (probe.error as NodeJS.ErrnoException).code;
+    if (code === 'ENOENT') {
+      return { status: 'not-found', detail: 'codex not in PATH' };
+    }
+    return { status: 'error', detail: getErrorMessage(probe.error) };
+  }
+  if ((probe.status ?? 1) !== 0) {
+    return { status: 'error', detail: sanitizeCommandOutput(probe.stderr || probe.stdout) };
+  }
+
+  let needsUpdate = true;
+  const existing = spawnSync('codex', ['mcp', 'get', 'auramaxx', '--json'], {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  if (!existing.error && (existing.status ?? 1) === 0) {
+    try {
+      const parsed = JSON.parse(existing.stdout) as {
+        transport?: {
+          type?: string;
+          command?: string;
+          args?: unknown;
+          env?: Record<string, unknown> | null;
+        };
+      };
+      if (parsed.transport?.type === 'stdio' && parsed.transport?.command === 'npx') {
+        const args = Array.isArray(parsed.transport.args) ? parsed.transport.args : [];
+        const argsMatch = args.length === 2 && args[0] === 'auramaxx' && args[1] === 'mcp';
+        const env = parsed.transport.env || {};
+        const currentWalletBase = typeof env.WALLET_SERVER_URL === 'string' ? env.WALLET_SERVER_URL : undefined;
+        if (argsMatch && currentWalletBase === walletBase) {
+          needsUpdate = false;
+        }
+      }
+    } catch {
+      // Ignore parse failure and reconfigure.
+    }
+  } else if (existing.error) {
+    return { status: 'error', detail: getErrorMessage(existing.error) };
+  }
+
+  if (!needsUpdate) {
+    return { status: 'already-configured' };
+  }
+
+  const remove = spawnSync('codex', ['mcp', 'remove', 'auramaxx'], {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  if (remove.error) {
+    return { status: 'error', detail: getErrorMessage(remove.error) };
+  }
+  if ((remove.status ?? 0) !== 0) {
+    const stderr = remove.stderr || '';
+    const notFound = stderr.includes("No MCP server named 'auramaxx' found");
+    if (!notFound) {
+      return { status: 'error', detail: sanitizeCommandOutput(remove.stderr || remove.stdout) };
+    }
+  }
+
+  const addArgs = ['mcp', 'add', 'auramaxx'];
+  if (walletBase) {
+    addArgs.push('--env', `WALLET_SERVER_URL=${walletBase}`);
+  }
+  addArgs.push('--', 'npx', 'auramaxx', 'mcp');
+
+  const add = spawnSync('codex', addArgs, {
+    encoding: 'utf8',
+    stdio: ['ignore', 'pipe', 'pipe'],
+  });
+  if (add.error) {
+    return { status: 'error', detail: getErrorMessage(add.error) };
+  }
+  if ((add.status ?? 1) !== 0) {
+    return { status: 'error', detail: sanitizeCommandOutput(add.stderr || add.stdout) };
+  }
+
+  const detail = walletBase ? `WALLET_SERVER_URL=${walletBase}` : undefined;
+  return { status: 'configured', detail };
+}
+
+function isPlainObject(value: unknown): value is Record<string, unknown> {
+  return typeof value === 'object' && value !== null && !Array.isArray(value);
+}
+
+function sameJson(a: Record<string, unknown>, b: Record<string, unknown>): boolean {
+  return JSON.stringify(a) === JSON.stringify(b);
+}
+
+function sanitizeCommandOutput(text?: string): string | undefined {
+  if (!text) return undefined;
+  const cleaned = text
+    .split('\n')
+    .map((line) => line.trim())
+    .filter((line) => line.length > 0 && !line.startsWith('WARNING: proceeding, even though we could not update PATH'))
+    .join(' | ');
+  return cleaned || undefined;
+}

package/server/cli/commands/quickhack.ts

@@ -0,0 +1,86 @@
+import { execFileSync } from 'node:child_process';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+export const QUICKHACK_NAMES = [
+  'LASER_PENGUIN', 'MOON_TACO', 'NINJA_AVOCADO', 'ROBOT_MOCHI', 'COSMIC_WAFFLE',
+  'PIXEL_TIGER', 'NEON_POTATO', 'GHOST_RAMEN', 'SOLAR_BURRITO', 'WIZARD_NOODLE',
+];
+
+export const QUICKHACK_VALUES = [
+  'sk-live-rainbow-otter', 'ghp_plasma-squirrel', 'tok_midnight-boba', 'sec_hyper-lemur', 'key_quantum-kiwi',
+  'api_orbit-panda', 'cred_ember-fox', 'vault_velvet-wolf', 'safe_zen-koala', 'core_nova-hawk',
+];
+
+export interface QuickhackPlan {
+  name: string;
+  value: string;
+  setArgs: string[];
+  injectArgs: string[];
+}
+
+export const pickFrom = (items: string[], rng: () => number = Math.random): string => {
+  const idx = Math.max(0, Math.min(items.length - 1, Math.floor(rng() * items.length)));
+  return items[idx];
+};
+
+export const buildQuickhackPlan = (rng: () => number = Math.random): QuickhackPlan => {
+  const name = pickFrom(QUICKHACK_NAMES, rng);
+  const value = pickFrom(QUICKHACK_VALUES, rng);
+  return {
+    name,
+    value,
+    setArgs: ['set', name, value, '--type', 'apikey'],
+    injectArgs: ['inject', name, '--env', 'AURA_QUICKHACK'],
+  };
+};
+
+const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '../../..');
+const auraBin = path.join(root, 'bin', 'auramaxx.js');
+
+const runAura = (args: string[]): string =>
+  execFileSync(process.execPath, [auraBin, ...args], {
+    cwd: root,
+    env: process.env,
+    encoding: 'utf8',
+  });
+
+export async function main(argv: string[] = process.argv.slice(2)): Promise<void> {
+  if (argv.includes('--help') || argv.includes('-h')) {
+    console.log('Usage: npx auramaxx quickhack [--dry-run]');
+    return;
+  }
+
+  const dryRun = argv.includes('--dry-run');
+  const plan = buildQuickhackPlan();
+
+  const setCmd = `npx auramaxx ${plan.setArgs.join(' ')}`;
+  const injectCmd = `npx auramaxx ${plan.injectArgs.join(' ')}`;
+
+  console.log('Executed commands:');
+  console.log(`- ${setCmd}`);
+  console.log(`- ${injectCmd}`);
+
+  let injectOutput = '# dry-run: command execution skipped';
+  if (!dryRun) {
+    runAura(plan.setArgs);
+    injectOutput = runAura(plan.injectArgs).trim();
+  }
+
+  console.log('\nEnv output:');
+  console.log(injectOutput);
+
+  console.log('\n## Quickhack tutorial');
+  console.log('```bash');
+  console.log(setCmd);
+  console.log(injectCmd);
+  console.log('echo "$AURA_QUICKHACK"');
+  console.log('```');
+}
+
+if (import.meta.url === `file://${process.argv[1]}`) {
+  main().catch((error) => {
+    console.error(error?.message || String(error));
+    process.exit(1);
+  });
+}