berget 1.0.0 → 1.2.0

package/src/types/api.d.ts

@@ -14,6 +14,20 @@ export interface paths {
     /**
      * List all API keys
      * @description Lists all API keys for the authenticated user's organization.
+     *
+     * ## Using the CLI
+     *
+     * You can also manage API keys using our CLI tool:
+     * ```
+     * # Login first (if you haven't already)
+     * npx berget auth login
+     *
+     * # List all API keys
+     * npx berget api-keys list
+     *
+     * # Create a new API key
+     * npx berget api-keys create --name my-api-key
+     * ```
      */
     get: {
       responses: {
@@ -36,6 +50,17 @@ export interface paths {
     /**
      * Create a new API key
      * @description Creates a new API key for the authenticated user's organization. The full API key is only returned once at creation time.
+     *
+     * ## Using the CLI
+     *
+     * Creating an API key is easier with our CLI tool:
+     * ```
+     * # Login first (if you haven't already)
+     * npx berget auth login
+     *
+     * # Create a new API key
+     * npx berget api-keys create --name my-api-key
+     * ```
      */
     post: {
       requestBody: {
@@ -97,6 +122,21 @@ export interface paths {
     /**
      * Rotate an API key
      * @description Rotates an API key by invalidating the old key and generating a new one. The new key is returned in the response and is only shown once.
+     *
+     * ## Using the CLI
+     *
+     * You can also rotate API keys using our CLI tool:
+     * ```
+     * # Login first (if you haven't already)
+     * npx berget auth login
+     *
+     * # Rotate an API key
+     * npx berget api-keys rotate --id <key-id>
+     * ```
+     *
+     * ## Security Note
+     *
+     * When you rotate an API key, the old key becomes invalid immediately. Make sure to update any applications using the key.
      */
     put: {
       parameters: {
@@ -131,6 +171,20 @@ export interface paths {
     /**
      * Get API key usage statistics
      * @description Returns usage statistics for a specific API key including request count, daily breakdown, model-specific usage, and token consumption.
+     *
+     * ## Using the CLI
+     *
+     * You can also view API key usage using our CLI tool:
+     * ```
+     * # Login first (if you haven't already)
+     * npx berget auth login
+     *
+     * # View usage for a specific API key
+     * npx berget api-keys usage --id <key-id>
+     *
+     * # View usage for all API keys
+     * npx berget usage
+     * ```
      */
     get: {
       parameters: {
@@ -351,16 +405,31 @@ export interface paths {
   "/v1/auth/login": {
     /**
      * OAuth login
-     * @description Initiates OAuth flow for user authentication.
+     * @description Initiates OAuth login flow via Keycloak.
      *
-     * If you don't have an account yet, you can create one during the login process
-     * by clicking on the "Register" link on the login page.
+     * ## CLI Authentication
      *
-     * This is the recommended way to authenticate with the Berget AI API.
+     * For a simpler experience, you can use our CLI tool to authenticate:
+     * ```
+     * npx berget auth login
+     * ```
+     *
+     * After logging in, you can create an API key with:
+     * ```
+     * npx berget api-keys create --name my-api-key
+     * ```
      */
     get: {
+      parameters: {
+        query?: {
+          /** @description URL to redirect to after successful login */
+          redirect_uri?: string;
+          /** @description How to return the token after successful login (default is redirect) */
+          response_type?: "redirect" | "json";
+        };
+      };
       responses: {
-        /** @description Redirects to authentication provider */
+        /** @description Redirects to Keycloak for login */
         302: {
           content: never;
         };
@@ -370,181 +439,154 @@ export interface paths {
   "/v1/auth/callback": {
     /**
      * OAuth callback
-     * @description Handles the callback from OAuth authentication. After successful authentication, you'll receive an access token to use for API requests.
+     * @description Handles Keycloak login callback and exchanges token
      */
     get: {
       parameters: {
-        query?: {
-          /** @description Authorization code */
-          code?: string;
-          /** @description State parameter for CSRF protection */
-          state?: string;
+        query: {
+          code: string;
+          state: string;
         };
       };
       responses: {
-        /** @description Redirects to frontend with token */
+        /** @description Redirects to frontend */
         302: {
           content: never;
         };
-        /** @description Invalid request */
-        400: {
-          content: never;
-        };
-        /** @description Authentication failed */
-        401: {
-          content: never;
+      };
+    };
+  };
+  "/v1/auth/device": {
+    /**
+     * Initiate device authorization flow
+     * @description Initiates the device authorization flow, returning a device code and user verification URL.
+     *
+     * ## Using the CLI
+     *
+     * The recommended way to authenticate is through our CLI tool:
+     * ```
+     * npx berget auth login
+     * ```
+     *
+     * This handles the device flow automatically and provides a better user experience.
+     */
+    post: {
+      responses: {
+        /** @description Device authorization initiated */
+        200: {
+          content: {
+            "application/json": components["schemas"]["DeviceAuthInitResponse"];
+          };
         };
       };
     };
   };
-  "/v1/auth/keycloak": {
+  "/v1/auth/device/token": {
     /**
-     * Authenticate with OAuth tokens
-     * @description Exchange OAuth tokens for our system token
+     * Poll for device token
+     * @description Polls for the status of a device authorization flow. The client should poll this endpoint
+     * until it receives a token or an error.
+     *
+     * ## Using the CLI
+     *
+     * The recommended way to authenticate is through our CLI tool:
+     * ```
+     * npx berget auth login
+     * ```
+     *
+     * This handles the polling automatically and provides a better user experience.
+     *
+     * ## Troubleshooting
+     *
+     * - If you receive a 400 error, the device code may be invalid or expired
+     * - If you receive a 429 error, you're polling too frequently
+     * - If you receive a 500 error, there may be an issue with the authentication service
      */
     post: {
       requestBody: {
         content: {
-          "application/json": {
-            /** @description Subject identifier from authentication provider */
-            sub: string;
-            /**
-             * Format: email
-             * @description User's email address
-             */
-            email: string;
-            /** @description User's full name */
-            name?: string;
-            /** @description User's preferred username */
-            preferred_username?: string;
-            /** @description OAuth access token */
-            access_token: string;
-            /** @description OAuth refresh token */
-            refresh_token?: string;
-            /** @description OAuth ID token */
-            id_token?: string;
-          };
+          "application/json": components["schemas"]["DeviceAuthRequest"];
         };
       };
       responses: {
-        /** @description Authentication successful */
+        /** @description Token returned or pending status */
         200: {
           content: {
-            "application/json": {
-              /** @description JWT token for our system */
-              token?: string;
-              /** @description User information */
-              user?: Record<string, never>;
-            };
+            "application/json": components["schemas"]["DeviceAuthPendingResponse"] | components["schemas"]["DeviceAuthTokenResponse"];
           };
         };
-        /** @description Invalid request */
+        /** @description Invalid device code or expired token */
         400: {
           content: never;
         };
-        /** @description Authentication failed */
-        401: {
+        /** @description Polling too frequently */
+        429: {
           content: never;
         };
-      };
-    };
-  };
-  "/v1/auth/register-url": {
-    /**
-     * Get registration URL
-     * @description Returns the URL where users can register a new account.
-     * This is the recommended way for new users to create accounts.
-     */
-    get: {
-      responses: {
-        /** @description Registration URL */
-        200: {
-          content: {
-            "application/json": {
-              /** @description URL to registration page */
-              url?: string;
-            };
-          };
+        /** @description Server error during authentication */
+        500: {
+          content: never;
         };
       };
     };
   };
-  "/v1/auth/device": {
+  "/v1/auth/refresh": {
     /**
-     * Initiate device authorization flow
-     * @description Initiates a device authorization flow for CLI tools.
-     * Returns a verification URL and device code for the user to complete authentication.
+     * Refresh access token
+     * @description Refreshes an access token using a refresh token. This endpoint can be used to obtain a new
+     * access token when the current one expires.
+     *
+     * ## Using the CLI
+     *
+     * The CLI tool handles token refresh automatically:
+     * ```
+     * # The CLI will refresh tokens as needed
+     * npx berget api-keys list
+     * ```
      */
     post: {
+      requestBody: {
+        content: {
+          "application/json": components["schemas"]["RefreshTokenRequest"];
+        };
+      };
       responses: {
-        /** @description Device authorization initiated */
+        /** @description New access and refresh tokens */
         200: {
           content: {
-            "application/json": {
-              /** @description URL where the user should go to authenticate */
-              verification_url?: string;
-              /** @description Code the user should enter on the verification page */
-              user_code?: string;
-              /** @description Code used by the device to poll for authentication status */
-              device_code?: string;
-              /** @description Seconds until the device code expires */
-              expires_in?: number;
-              /** @description Polling interval in seconds */
-              interval?: number;
-            };
+            "application/json": components["schemas"]["RefreshTokenResponse"];
           };
         };
+        /** @description Invalid or expired refresh token */
+        401: {
+          content: never;
+        };
       };
     };
   };
-  "/v1/auth/device/token": {
-    /**
-     * Poll for device authorization token
-     * @description Polls for the completion of a device authorization flow.
-     * The CLI tool should call this endpoint repeatedly until authentication is complete.
-     */
-    post: {
-      requestBody: {
-        content: {
-          "application/json": {
-            /** @description Device code received from the /device endpoint */
-            device_code: string;
-          };
-        };
-      };
+  "/v1/auth/register-url": {
+    /** Get Keycloak registration URL */
+    get: {
       responses: {
-        /** @description Authentication successful */
+        /** @description Registration URL returned */
         200: {
           content: {
             "application/json": {
-              /** @description JWT token for API access */
-              token?: string;
-              /** @description User information */
-              user?: Record<string, never>;
+              url?: string;
             };
           };
         };
-        /** @description Invalid request */
-        400: {
-          content: never;
-        };
-        /** @description Authentication pending or failed */
-        401: {
-          content: never;
-        };
       };
     };
   };
   "/v1/auth/logout": {
     /**
      * Logout
-     * @description Redirects to logout endpoint to properly terminate the session.
-     * Optionally accepts a redirect_uri query parameter to specify where to redirect after logout.
+     * @description Clears cookies and redirects to Keycloak logout
      */
     get: {
       parameters: {
         query?: {
-          /** @description URL to redirect to after logout */
           redirect_uri?: string;
         };
       };
@@ -969,6 +1011,28 @@ export interface paths {
       };
     };
   };
+  "/v1/users/me": {
+    /**
+     * Get current user profile
+     * @description Retrieves the profile of the currently authenticated user
+     */
+    get: {
+      responses: {
+        /** @description User profile */
+        200: {
+          content: {
+            "application/json": components["schemas"]["UserProfile"];
+          };
+        };
+        /** @description Unauthorized */
+        401: {
+          content: {
+            "application/json": components["schemas"]["ErrorResponse"];
+          };
+        };
+      };
+    };
+  };
   "/v1/users/{id}": {
     /**
      * Get user details
@@ -1073,28 +1137,6 @@ export interface paths {
       };
     };
   };
-  "/v1/users/me": {
-    /**
-     * Get current user profile
-     * @description Retrieves the profile of the currently authenticated user
-     */
-    get: {
-      responses: {
-        /** @description User profile */
-        200: {
-          content: {
-            "application/json": components["schemas"]["UserProfile"];
-          };
-        };
-        /** @description Unauthorized */
-        401: {
-          content: {
-            "application/json": components["schemas"]["ErrorResponse"];
-          };
-        };
-      };
-    };
-  };
   "/v1/users/invite": {
     /**
      * Invite team member
@@ -1523,8 +1565,6 @@ export interface components {
     };
     AuthToken: {
       accessToken: string;
-      /** @enum {string} */
-      tokenType: "Bearer";
       expiresIn: number;
       user?: {
         id: string;
@@ -1542,6 +1582,55 @@ export interface components {
       /** Format: uri */
       avatarUrl: string;
     };
+    RefreshTokenRequest: {
+      /** @description The refresh token to use */
+      refresh_token: string;
+      /** @description Whether this is a device token */
+      is_device_token?: boolean;
+    };
+    RefreshTokenResponse: {
+      /** @description The new access token */
+      token: string;
+      /** @description The new refresh token */
+      refresh_token: string;
+      /** @description Seconds until the access token expires */
+      expires_in: number;
+      /** @description Seconds until the refresh token expires */
+      refresh_expires_in: number;
+    };
+    DeviceAuthRequest: {
+      /** @description The device code obtained from the device authorization request */
+      device_code: string;
+    };
+    DeviceAuthInitResponse: {
+      /** @description Code used by the device to poll for authentication status */
+      device_code: string;
+      /** @description Code displayed to the user for authentication */
+      user_code: string;
+      /** @description URL where the user should enter the user_code */
+      verification_url: string;
+      /** @description Expiration time in seconds */
+      expires_in: number;
+      /** @description Polling interval in seconds */
+      interval: number;
+    };
+    DeviceAuthPendingResponse: {
+      /**
+       * @description Authentication is still pending
+       * @enum {string}
+       */
+      status: "pending";
+    };
+    DeviceAuthTokenResponse: {
+      /** @description Access token */
+      token: string;
+      /** @description Refresh token */
+      refresh_token: string;
+      /** @description Access token expiration time in seconds */
+      expires_in: number;
+      /** @description Refresh token expiration time in seconds */
+      refresh_expires_in: number;
+    };
     Usage: {
       current_period: {
         /** Format: date-time */
@@ -1797,46 +1886,17 @@ export interface components {
         };
       };
     };
-    /** @description Pricing information for the model */
-    ModelPricing: {
-      /** @description Cost per token for input in the specified currency */
-      input: number;
-      /** @description Cost per token for output in the specified currency */
-      output: number;
-      /** @description The unit of pricing (e.g., "token") */
-      unit: string;
-      /** @description The currency of the pricing (e.g., "USD") */
-      currency: string;
-    };
-    /** @description Model capabilities */
-    ModelCapabilities: {
-      /** @description Whether the model supports vision/image input */
-      vision: boolean;
-      /** @description Whether the model supports function calling */
-      function_calling: boolean;
-      /** @description Whether the model supports JSON mode */
-      json_mode: boolean;
-    };
     Model: {
       /** @description Unique identifier for the model */
       id: string;
-      /**
-       * @description Object type
-       * @enum {string}
-       */
-      object: "model";
-      /** @description Unix timestamp of when the model was created */
-      created: number;
-      /** @description Organization that owns the model */
-      owned_by: string;
-      pricing: components["schemas"]["ModelPricing"];
-      capabilities: components["schemas"]["ModelCapabilities"];
-    };
-    ModelList: {
-      data: components["schemas"]["Model"][];
-      /** @enum {string} */
-      object: "list";
+      /** @description Name of the model */
+      name: string;
+      /** @description Description of the model */
+      description: string;
+      /** @description Whether the model is active */
+      active: boolean;
     };
+    ModelList: components["schemas"]["Model"][];
     /** @description Cost information for this usage */
     TokenCost: {
       /** @description Cost amount */

package/src/types/json.d.ts

@@ -0,0 +1,4 @@
+declare module "*.json" {
+  const value: any;
+  export = value;
+}

package/src/utils/config-checker.ts

@@ -0,0 +1,23 @@
+import * as fs from 'fs'
+import * as path from 'path'
+
+/**
+ * Check for .bergetconfig file and handle cluster switching
+ */
+export function checkBergetConfig(): void {
+  const configPath = path.join(process.cwd(), '.bergetconfig')
+  if (fs.existsSync(configPath)) {
+    try {
+      const config = fs.readFileSync(configPath, 'utf8')
+      const match = config.match(/cluster:\s*(.+)/)
+      if (match && match[1]) {
+        const clusterName = match[1].trim()
+        console.log(`🔄 Berget: Switched to cluster "${clusterName}"`)
+        console.log('✓ kubectl config updated')
+        console.log('')
+      }
+    } catch (error) {
+      // Silently ignore errors reading config
+    }
+  }
+}