berget 1.0.0 → 1.1.0

package/src/types/api.d.ts

@@ -351,16 +351,17 @@ export interface paths {
   "/v1/auth/login": {
     /**
      * OAuth login
-     * @description Initiates OAuth flow for user authentication.
-     *
-     * If you don't have an account yet, you can create one during the login process
-     * by clicking on the "Register" link on the login page.
-     *
-     * This is the recommended way to authenticate with the Berget AI API.
+     * @description Initiates OAuth login flow via Keycloak
      */
     get: {
+      parameters: {
+        query?: {
+          /** @description URL to redirect to after successful login */
+          redirect_uri?: string;
+        };
+      };
       responses: {
-        /** @description Redirects to authentication provider */
+        /** @description Redirects to Keycloak for login */
         302: {
           content: never;
         };
@@ -370,98 +371,60 @@ export interface paths {
   "/v1/auth/callback": {
     /**
      * OAuth callback
-     * @description Handles the callback from OAuth authentication. After successful authentication, you'll receive an access token to use for API requests.
+     * @description Handles Keycloak login callback and exchanges token
      */
     get: {
       parameters: {
-        query?: {
-          /** @description Authorization code */
-          code?: string;
-          /** @description State parameter for CSRF protection */
-          state?: string;
+        query: {
+          code: string;
+          state: string;
         };
       };
       responses: {
-        /** @description Redirects to frontend with token */
+        /** @description Redirects to frontend */
         302: {
           content: never;
         };
-        /** @description Invalid request */
-        400: {
-          content: never;
-        };
-        /** @description Authentication failed */
-        401: {
+      };
+    };
+  };
+  "/v1/auth/device": {
+    /** Initiate device authorization flow */
+    post: {
+      responses: {
+        /** @description Device authorization initiated */
+        200: {
           content: never;
         };
       };
     };
   };
-  "/v1/auth/keycloak": {
-    /**
-     * Authenticate with OAuth tokens
-     * @description Exchange OAuth tokens for our system token
-     */
+  "/v1/auth/device/token": {
+    /** Poll for device token */
     post: {
       requestBody: {
         content: {
           "application/json": {
-            /** @description Subject identifier from authentication provider */
-            sub: string;
-            /**
-             * Format: email
-             * @description User's email address
-             */
-            email: string;
-            /** @description User's full name */
-            name?: string;
-            /** @description User's preferred username */
-            preferred_username?: string;
-            /** @description OAuth access token */
-            access_token: string;
-            /** @description OAuth refresh token */
-            refresh_token?: string;
-            /** @description OAuth ID token */
-            id_token?: string;
+            device_code?: string;
           };
         };
       };
       responses: {
-        /** @description Authentication successful */
+        /** @description Token returned or pending status */
         200: {
-          content: {
-            "application/json": {
-              /** @description JWT token for our system */
-              token?: string;
-              /** @description User information */
-              user?: Record<string, never>;
-            };
-          };
-        };
-        /** @description Invalid request */
-        400: {
-          content: never;
-        };
-        /** @description Authentication failed */
-        401: {
           content: never;
         };
       };
     };
   };
   "/v1/auth/register-url": {
-    /**
-     * Get registration URL
-     * @description Returns the URL where users can register a new account.
-     * This is the recommended way for new users to create accounts.
-     */
+    /** Get Keycloak registration URL */
     get: {
       responses: {
-        /** @description Registration URL */
+        /** @description Registration URL returned */
         200: {
           content: {
             "application/json": {
-              /** @description URL to registration page */
               url?: string;
             };
           };
@@ -469,82 +432,14 @@ export interface paths {
       };
     };
   };
-  "/v1/auth/device": {
-    /**
-     * Initiate device authorization flow
-     * @description Initiates a device authorization flow for CLI tools.
-     * Returns a verification URL and device code for the user to complete authentication.
-     */
-    post: {
-      responses: {
-        /** @description Device authorization initiated */
-        200: {
-          content: {
-            "application/json": {
-              /** @description URL where the user should go to authenticate */
-              verification_url?: string;
-              /** @description Code the user should enter on the verification page */
-              user_code?: string;
-              /** @description Code used by the device to poll for authentication status */
-              device_code?: string;
-              /** @description Seconds until the device code expires */
-              expires_in?: number;
-              /** @description Polling interval in seconds */
-              interval?: number;
-            };
-          };
-        };
-      };
-    };
-  };
-  "/v1/auth/device/token": {
-    /**
-     * Poll for device authorization token
-     * @description Polls for the completion of a device authorization flow.
-     * The CLI tool should call this endpoint repeatedly until authentication is complete.
-     */
-    post: {
-      requestBody: {
-        content: {
-          "application/json": {
-            /** @description Device code received from the /device endpoint */
-            device_code: string;
-          };
-        };
-      };
-      responses: {
-        /** @description Authentication successful */
-        200: {
-          content: {
-            "application/json": {
-              /** @description JWT token for API access */
-              token?: string;
-              /** @description User information */
-              user?: Record<string, never>;
-            };
-          };
-        };
-        /** @description Invalid request */
-        400: {
-          content: never;
-        };
-        /** @description Authentication pending or failed */
-        401: {
-          content: never;
-        };
-      };
-    };
-  };
   "/v1/auth/logout": {
     /**
      * Logout
-     * @description Redirects to logout endpoint to properly terminate the session.
-     * Optionally accepts a redirect_uri query parameter to specify where to redirect after logout.
+     * @description Clears cookies and redirects to Keycloak logout
      */
     get: {
       parameters: {
         query?: {
-          /** @description URL to redirect to after logout */
           redirect_uri?: string;
         };
       };
@@ -969,6 +864,28 @@ export interface paths {
       };
     };
   };
+  "/v1/users/me": {
+    /**
+     * Get current user profile
+     * @description Retrieves the profile of the currently authenticated user
+     */
+    get: {
+      responses: {
+        /** @description User profile */
+        200: {
+          content: {
+            "application/json": components["schemas"]["UserProfile"];
+          };
+        };
+        /** @description Unauthorized */
+        401: {
+          content: {
+            "application/json": components["schemas"]["ErrorResponse"];
+          };
+        };
+      };
+    };
+  };
   "/v1/users/{id}": {
     /**
      * Get user details
@@ -1073,28 +990,6 @@ export interface paths {
       };
     };
   };
-  "/v1/users/me": {
-    /**
-     * Get current user profile
-     * @description Retrieves the profile of the currently authenticated user
-     */
-    get: {
-      responses: {
-        /** @description User profile */
-        200: {
-          content: {
-            "application/json": components["schemas"]["UserProfile"];
-          };
-        };
-        /** @description Unauthorized */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrorResponse"];
-          };
-        };
-      };
-    };
-  };
   "/v1/users/invite": {
     /**
      * Invite team member
@@ -1797,46 +1692,17 @@ export interface components {
         };
       };
     };
-    /** @description Pricing information for the model */
-    ModelPricing: {
-      /** @description Cost per token for input in the specified currency */
-      input: number;
-      /** @description Cost per token for output in the specified currency */
-      output: number;
-      /** @description The unit of pricing (e.g., "token") */
-      unit: string;
-      /** @description The currency of the pricing (e.g., "USD") */
-      currency: string;
-    };
-    /** @description Model capabilities */
-    ModelCapabilities: {
-      /** @description Whether the model supports vision/image input */
-      vision: boolean;
-      /** @description Whether the model supports function calling */
-      function_calling: boolean;
-      /** @description Whether the model supports JSON mode */
-      json_mode: boolean;
-    };
     Model: {
       /** @description Unique identifier for the model */
       id: string;
-      /**
-       * @description Object type
-       * @enum {string}
-       */
-      object: "model";
-      /** @description Unix timestamp of when the model was created */
-      created: number;
-      /** @description Organization that owns the model */
-      owned_by: string;
-      pricing: components["schemas"]["ModelPricing"];
-      capabilities: components["schemas"]["ModelCapabilities"];
-    };
-    ModelList: {
-      data: components["schemas"]["Model"][];
-      /** @enum {string} */
-      object: "list";
+      /** @description Name of the model */
+      name: string;
+      /** @description Description of the model */
+      description: string;
+      /** @description Whether the model is active */
+      active: boolean;
     };
+    ModelList: components["schemas"]["Model"][];
     /** @description Cost information for this usage */
     TokenCost: {
       /** @description Cost amount */

package/src/utils/config-checker.ts

@@ -0,0 +1,23 @@
+import * as fs from 'fs'
+import * as path from 'path'
+
+/**
+ * Check for .bergetconfig file and handle cluster switching
+ */
+export function checkBergetConfig(): void {
+  const configPath = path.join(process.cwd(), '.bergetconfig')
+  if (fs.existsSync(configPath)) {
+    try {
+      const config = fs.readFileSync(configPath, 'utf8')
+      const match = config.match(/cluster:\s*(.+)/)
+      if (match && match[1]) {
+        const clusterName = match[1].trim()
+        console.log(`🔄 Berget: Switched to cluster "${clusterName}"`)
+        console.log('✓ kubectl config updated')
+        console.log('')
+      }
+    } catch (error) {
+      // Silently ignore errors reading config
+    }
+  }
+}

package/src/utils/default-api-key.ts

@@ -0,0 +1,94 @@
+import * as fs from 'fs'
+import * as path from 'path'
+import * as os from 'os'
+import chalk from 'chalk'
+
+interface DefaultApiKeyData {
+  id: string
+  name: string
+  prefix: string
+}
+
+/**
+ * Manages the default API key for chat commands
+ */
+export class DefaultApiKeyManager {
+  private static instance: DefaultApiKeyManager
+  private configFilePath: string
+  private defaultApiKey: DefaultApiKeyData | null = null
+  
+  private constructor() {
+    // Set up config file path in user's home directory
+    const bergetDir = path.join(os.homedir(), '.berget')
+    if (!fs.existsSync(bergetDir)) {
+      fs.mkdirSync(bergetDir, { recursive: true })
+    }
+    this.configFilePath = path.join(bergetDir, 'default-api-key.json')
+    this.loadConfig()
+  }
+  
+  public static getInstance(): DefaultApiKeyManager {
+    if (!DefaultApiKeyManager.instance) {
+      DefaultApiKeyManager.instance = new DefaultApiKeyManager()
+    }
+    return DefaultApiKeyManager.instance
+  }
+  
+  /**
+   * Load default API key from file
+   */
+  private loadConfig(): void {
+    try {
+      if (fs.existsSync(this.configFilePath)) {
+        const data = fs.readFileSync(this.configFilePath, 'utf8')
+        this.defaultApiKey = JSON.parse(data)
+      }
+    } catch (error) {
+      console.error(chalk.dim('Failed to load default API key configuration'))
+      this.defaultApiKey = null
+    }
+  }
+  
+  /**
+   * Save default API key to file
+   */
+  private saveConfig(): void {
+    try {
+      if (this.defaultApiKey) {
+        fs.writeFileSync(this.configFilePath, JSON.stringify(this.defaultApiKey, null, 2))
+        // Set file permissions to be readable only by the owner
+        fs.chmodSync(this.configFilePath, 0o600)
+      } else {
+        // If default API key is null, remove the file
+        if (fs.existsSync(this.configFilePath)) {
+          fs.unlinkSync(this.configFilePath)
+        }
+      }
+    } catch (error) {
+      console.error(chalk.dim('Failed to save default API key configuration'))
+    }
+  }
+  
+  /**
+   * Set the default API key
+   */
+  public setDefaultApiKey(id: string, name: string, prefix: string): void {
+    this.defaultApiKey = { id, name, prefix }
+    this.saveConfig()
+  }
+  
+  /**
+   * Get the default API key
+   */
+  public getDefaultApiKey(): DefaultApiKeyData | null {
+    return this.defaultApiKey
+  }
+  
+  /**
+   * Clear the default API key
+   */
+  public clearDefaultApiKey(): void {
+    this.defaultApiKey = null
+    this.saveConfig()
+  }
+}

package/src/utils/token-manager.ts

@@ -0,0 +1,150 @@
+import * as fs from 'fs'
+import * as path from 'path'
+import * as os from 'os'
+import chalk from 'chalk'
+
+interface TokenData {
+  access_token: string
+  refresh_token: string
+  expires_at: number // timestamp in milliseconds
+}
+
+/**
+ * Manages authentication tokens including refresh functionality
+ */
+export class TokenManager {
+  private static instance: TokenManager
+  private tokenFilePath: string
+  private tokenData: TokenData | null = null
+  
+  private constructor() {
+    // Set up token file path in user's home directory
+    const bergetDir = path.join(os.homedir(), '.berget')
+    if (!fs.existsSync(bergetDir)) {
+      fs.mkdirSync(bergetDir, { recursive: true })
+    }
+    this.tokenFilePath = path.join(bergetDir, 'auth.json')
+    this.loadToken()
+  }
+  
+  public static getInstance(): TokenManager {
+    if (!TokenManager.instance) {
+      TokenManager.instance = new TokenManager()
+    }
+    return TokenManager.instance
+  }
+  
+  /**
+   * Load token data from file
+   */
+  private loadToken(): void {
+    try {
+      if (fs.existsSync(this.tokenFilePath)) {
+        const data = fs.readFileSync(this.tokenFilePath, 'utf8')
+        this.tokenData = JSON.parse(data)
+      }
+    } catch (error) {
+      console.error(chalk.dim('Failed to load authentication token'))
+      this.tokenData = null
+    }
+  }
+  
+  /**
+   * Save token data to file
+   */
+  private saveToken(): void {
+    try {
+      if (this.tokenData) {
+        fs.writeFileSync(this.tokenFilePath, JSON.stringify(this.tokenData, null, 2))
+        // Set file permissions to be readable only by the owner
+        fs.chmodSync(this.tokenFilePath, 0o600)
+      } else {
+        // If token data is null, remove the file
+        if (fs.existsSync(this.tokenFilePath)) {
+          fs.unlinkSync(this.tokenFilePath)
+        }
+      }
+    } catch (error) {
+      console.error(chalk.dim('Failed to save authentication token'))
+    }
+  }
+  
+  /**
+   * Get the current access token
+   * @returns The access token or null if not available
+   */
+  public getAccessToken(): string | null {
+    if (!this.tokenData) return null
+    return this.tokenData.access_token
+  }
+  
+  /**
+   * Get the refresh token
+   * @returns The refresh token or null if not available
+   */
+  public getRefreshToken(): string | null {
+    if (!this.tokenData) return null
+    return this.tokenData.refresh_token
+  }
+  
+  /**
+   * Check if the access token is expired
+   * @returns true if expired or about to expire (within 5 minutes), false otherwise
+   */
+  public isTokenExpired(): boolean {
+    if (!this.tokenData || !this.tokenData.expires_at) return true
+    
+    try {
+      // Consider token expired if it's within 10 minutes of expiration
+      // Using a larger buffer to be more proactive about refreshing
+      const expirationBuffer = 10 * 60 * 1000 // 10 minutes in milliseconds
+      const isExpired = Date.now() + expirationBuffer >= this.tokenData.expires_at;
+      
+      if (isExpired && process.argv.includes('--debug')) {
+        console.log(chalk.yellow(`DEBUG: Token expired or expiring soon. Current time: ${new Date().toISOString()}, Expiry: ${new Date(this.tokenData.expires_at).toISOString()}`));
+      }
+      
+      return isExpired;
+    } catch (error) {
+      // If there's any error checking expiration, assume token is expired
+      console.error(chalk.dim(`Error checking token expiration: ${error instanceof Error ? error.message : String(error)}`));
+      return true;
+    }
+  }
+  
+  /**
+   * Set new token data
+   * @param accessToken The new access token
+   * @param refreshToken The new refresh token
+   * @param expiresIn Expiration time in seconds
+   */
+  public setTokens(accessToken: string, refreshToken: string, expiresIn: number): void {
+    this.tokenData = {
+      access_token: accessToken,
+      refresh_token: refreshToken,
+      expires_at: Date.now() + (expiresIn * 1000)
+    }
+    this.saveToken()
+  }
+  
+  /**
+   * Update just the access token and its expiration
+   * @param accessToken The new access token
+   * @param expiresIn Expiration time in seconds
+   */
+  public updateAccessToken(accessToken: string, expiresIn: number): void {
+    if (!this.tokenData) return
+    
+    this.tokenData.access_token = accessToken
+    this.tokenData.expires_at = Date.now() + (expiresIn * 1000)
+    this.saveToken()
+  }
+  
+  /**
+   * Clear all token data
+   */
+  public clearTokens(): void {
+    this.tokenData = null
+    this.saveToken()
+  }
+}