npm - berget - Versions diffs - 2.2.6 → 2.2.7 - Mend

berget 2.2.6 → 2.2.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (144) hide show

package/.github/workflows/publish.yml +6 -6
package/.github/workflows/test.yml +11 -5
package/.husky/pre-commit +1 -0
package/.prettierignore +15 -0
package/.prettierrc +5 -3
package/CONTRIBUTING.md +38 -0
package/README.md +2 -148
package/dist/index.js +21 -21
package/dist/package.json +28 -2
package/dist/src/agents/app.js +28 -0
package/dist/src/agents/backend.js +25 -0
package/dist/src/agents/devops.js +34 -0
package/dist/src/agents/frontend.js +25 -0
package/dist/src/agents/fullstack.js +25 -0
package/dist/src/agents/index.js +61 -0
package/dist/src/agents/quality.js +70 -0
package/dist/src/agents/security.js +26 -0
package/dist/src/agents/types.js +2 -0
package/dist/src/client.js +54 -62
package/dist/src/commands/api-keys.js +132 -140
package/dist/src/commands/auth.js +9 -9
package/dist/src/commands/autocomplete.js +9 -9
package/dist/src/commands/billing.js +7 -9
package/dist/src/commands/chat.js +90 -92
package/dist/src/commands/clusters.js +12 -12
package/dist/src/commands/code/__tests__/auth-sync.test.js +348 -0
package/dist/src/commands/code/__tests__/fake-api-key-service.js +23 -0
package/dist/src/commands/code/__tests__/fake-auth-service.js +55 -0
package/dist/src/commands/code/__tests__/fake-command-runner.js +5 -7
package/dist/src/commands/code/__tests__/fake-file-store.js +9 -0
package/dist/src/commands/code/__tests__/fake-prompter.js +60 -18
package/dist/src/commands/code/__tests__/setup-flow.test.js +374 -107
package/dist/src/commands/code/adapters/clack-prompter.js +10 -0
package/dist/src/commands/code/adapters/fs-file-store.js +8 -3
package/dist/src/commands/code/adapters/spawn-command-runner.js +15 -11
package/dist/src/commands/code/auth-sync.js +283 -0
package/dist/src/commands/code/errors.js +4 -4
package/dist/src/commands/code/ports/auth-services.js +2 -0
package/dist/src/commands/code/setup.js +234 -93
package/dist/src/commands/code.js +139 -251
package/dist/src/commands/models.js +13 -15
package/dist/src/commands/users.js +6 -8
package/dist/src/constants/command-structure.js +116 -116
package/dist/src/services/api-key-service.js +43 -48
package/dist/src/services/auth-service.js +60 -299
package/dist/src/services/browser-auth.js +278 -0
package/dist/src/services/chat-service.js +78 -91
package/dist/src/services/cluster-service.js +6 -6
package/dist/src/services/collaborator-service.js +5 -8
package/dist/src/services/flux-service.js +5 -8
package/dist/src/services/helm-service.js +5 -8
package/dist/src/services/kubectl-service.js +7 -10
package/dist/src/utils/config-checker.js +5 -5
package/dist/src/utils/config-loader.js +25 -25
package/dist/src/utils/default-api-key.js +23 -23
package/dist/src/utils/env-manager.js +7 -7
package/dist/src/utils/error-handler.js +60 -61
package/dist/src/utils/logger.js +7 -7
package/dist/src/utils/markdown-renderer.js +2 -2
package/dist/src/utils/opencode-validator.js +17 -20
package/dist/src/utils/token-manager.js +38 -11
package/dist/tests/commands/chat.test.js +24 -24
package/dist/tests/commands/code.test.js +147 -147
package/dist/tests/utils/config-loader.test.js +114 -114
package/dist/tests/utils/env-manager.test.js +57 -57
package/dist/tests/utils/opencode-validator.test.js +33 -33
package/dist/vitest.config.js +1 -1
package/eslint.config.mjs +47 -0
package/index.ts +42 -48
package/package.json +28 -2
package/src/agents/app.ts +27 -0
package/src/agents/backend.ts +24 -0
package/src/agents/devops.ts +33 -0
package/src/agents/frontend.ts +24 -0
package/src/agents/fullstack.ts +24 -0
package/src/agents/index.ts +71 -0
package/src/agents/quality.ts +69 -0
package/src/agents/security.ts +26 -0
package/src/agents/types.ts +17 -0
package/src/client.ts +125 -167
package/src/commands/api-keys.ts +261 -358
package/src/commands/auth.ts +24 -30
package/src/commands/autocomplete.ts +12 -12
package/src/commands/billing.ts +22 -27
package/src/commands/chat.ts +230 -323
package/src/commands/clusters.ts +33 -33
package/src/commands/code/__tests__/auth-sync.test.ts +481 -0
package/src/commands/code/__tests__/fake-api-key-service.ts +13 -0
package/src/commands/code/__tests__/fake-auth-service.ts +50 -0
package/src/commands/code/__tests__/fake-command-runner.ts +39 -42
package/src/commands/code/__tests__/fake-file-store.ts +32 -23
package/src/commands/code/__tests__/fake-prompter.ts +107 -69
package/src/commands/code/__tests__/setup-flow.test.ts +624 -270
package/src/commands/code/adapters/clack-prompter.ts +50 -38
package/src/commands/code/adapters/fs-file-store.ts +31 -27
package/src/commands/code/adapters/spawn-command-runner.ts +33 -29
package/src/commands/code/auth-sync.ts +329 -0
package/src/commands/code/errors.ts +15 -15
package/src/commands/code/ports/auth-services.ts +14 -0
package/src/commands/code/ports/command-runner.ts +8 -4
package/src/commands/code/ports/file-store.ts +5 -4
package/src/commands/code/ports/prompter.ts +24 -18
package/src/commands/code/setup.ts +545 -317
package/src/commands/code.ts +271 -473
package/src/commands/index.ts +19 -19
package/src/commands/models.ts +32 -37
package/src/commands/users.ts +15 -22
package/src/constants/command-structure.ts +119 -142
package/src/services/api-key-service.ts +96 -113
package/src/services/auth-service.ts +92 -339
package/src/services/browser-auth.ts +296 -0
package/src/services/chat-service.ts +246 -279
package/src/services/cluster-service.ts +29 -32
package/src/services/collaborator-service.ts +13 -18
package/src/services/flux-service.ts +16 -18
package/src/services/helm-service.ts +16 -18
package/src/services/kubectl-service.ts +12 -14
package/src/types/api.d.ts +924 -926
package/src/types/json.d.ts +3 -3
package/src/utils/config-checker.ts +10 -10
package/src/utils/config-loader.ts +110 -127
package/src/utils/default-api-key.ts +81 -93
package/src/utils/env-manager.ts +36 -40
package/src/utils/error-handler.ts +83 -78
package/src/utils/logger.ts +41 -41
package/src/utils/markdown-renderer.ts +11 -11
package/src/utils/opencode-validator.ts +51 -56
package/src/utils/token-manager.ts +84 -64
package/templates/agents/app.md +1 -0
package/templates/agents/backend.md +1 -0
package/templates/agents/devops.md +2 -0
package/templates/agents/frontend.md +1 -0
package/templates/agents/fullstack.md +1 -0
package/templates/agents/quality.md +45 -40
package/templates/agents/security.md +1 -0
package/tests/commands/chat.test.ts +60 -70
package/tests/commands/code.test.ts +330 -376
package/tests/utils/config-loader.test.ts +260 -260
package/tests/utils/env-manager.test.ts +127 -134
package/tests/utils/opencode-validator.test.ts +58 -63
package/tsconfig.json +2 -2
package/vitest.config.ts +3 -3
package/AGENTS.md +0 -374
package/TODO.md +0 -19

package/src/services/auth-service.ts CHANGED Viewed

@@ -1,40 +1,26 @@
-import {
-  createAuthenticatedClient,
-  saveAuthToken,
-  clearAuthToken,
-  apiClient,
-  API_BASE_URL,
-} from '../client'
-// We'll use dynamic import for 'open' to support ESM modules in CommonJS
-import chalk from 'chalk'
-import { handleError } from '../utils/error-handler'
-import { COMMAND_GROUPS, SUBCOMMANDS } from '../constants/command-structure'
-import * as http from 'http'
-import * as crypto from 'crypto'
-import * as url from 'url'
+import { createAuthenticatedClient, saveAuthToken, clearAuthToken } from "../client";
+import chalk from "chalk";
+import { handleError } from "../utils/error-handler";
+import { COMMAND_GROUPS, SUBCOMMANDS } from "../constants/command-structure";
+import { BrowserAuth } from "./browser-auth";
 // Keycloak configuration based on environment
-const isStageMode = process.argv.includes('--stage')
-const isLocalMode = process.argv.includes('--local')
-const KEYCLOAK_URL = (isStageMode || isLocalMode)
-  ? 'https://keycloak.stage.berget.ai'
-  : 'https://keycloak.berget.ai'
-const KEYCLOAK_REALM = 'berget'
-const KEYCLOAK_CLIENT_ID = 'berget-code'
-const CALLBACK_PORT = 8787
-/**
- * Generate a random string for PKCE code_verifier
- */
-function generateCodeVerifier(): string {
-  return crypto.randomBytes(32).toString('base64url')
-}
-/**
- * Generate code_challenge from code_verifier using S256 method
- */
-function generateCodeChallenge(verifier: string): string {
-  return crypto.createHash('sha256').update(verifier).digest('base64url')
+const isStageMode = process.argv.includes("--stage");
+const isLocalMode = process.argv.includes("--local");
+const KEYCLOAK_URL =
+  isStageMode || isLocalMode ? "https://keycloak.stage.berget.ai" : "https://keycloak.berget.ai";
+const KEYCLOAK_REALM = "berget";
+const KEYCLOAK_CLIENT_ID = "berget-code";
+const CALLBACK_PORT = 8787;
+function makeBrowserAuth(debug?: boolean): BrowserAuth {
+  return new BrowserAuth({
+    keycloakUrl: KEYCLOAK_URL,
+    realm: KEYCLOAK_REALM,
+    clientId: KEYCLOAK_CLIENT_ID,
+    callbackPort: CALLBACK_PORT,
+    debug,
+  });
 }
 /**
@@ -42,356 +28,123 @@ function generateCodeChallenge(verifier: string): string {
  * Command group: auth
  */
 export class AuthService {
-  private static instance: AuthService
-  private client = createAuthenticatedClient()
+  private static instance: AuthService;
   // Command group name for this service
-  public static readonly COMMAND_GROUP = COMMAND_GROUPS.AUTH
+  public static readonly COMMAND_GROUP = COMMAND_GROUPS.AUTH;
   // Subcommands for this service
-  public static readonly COMMANDS = SUBCOMMANDS.AUTH
+  public static readonly COMMANDS = SUBCOMMANDS.AUTH;
   private constructor() {}
   public static getInstance(): AuthService {
     if (!AuthService.instance) {
-      AuthService.instance = new AuthService()
+      AuthService.instance = new AuthService();
     }
-    return AuthService.instance
+    return AuthService.instance;
   }
   public async whoami(): Promise<any> {
     try {
       // Create fresh client to ensure we have the latest token
-      const client = createAuthenticatedClient()
-      const { data: profile, error } = await client.GET('/v1/users/me')
+      const client = createAuthenticatedClient();
+      const { data: profile, error } = await client.GET("/v1/users/me");
       if (error) {
-        return null
+        return null;
       }
-      return profile
-    } catch (error) {
-      return null
+      return profile;
+    } catch {
+      return null;
     }
   }
+  /**
+   * Browser-based PKCE login for interactive CLI use.
+   * Prints status to stdout/stderr. Use loginInteractive() when you need
+   * a silent, UI-agnostic result (e.g. inside the setup wizard).
+   */
   public async login(): Promise<boolean> {
     try {
-      // Clear any existing token to ensure a fresh login
-      clearAuthToken()
-      console.log(chalk.blue('Initiating login process...'))
-      // Generate PKCE code verifier and challenge
-      const codeVerifier = generateCodeVerifier()
-      const codeChallenge = generateCodeChallenge(codeVerifier)
-      const state = crypto.randomBytes(16).toString('hex')
+      clearAuthToken();
-      const redirectUri = `http://localhost:${CALLBACK_PORT}/callback`
-      // Build authorization URL
-      const authUrl = new URL(
-        `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/auth`,
-      )
-      authUrl.searchParams.set('client_id', KEYCLOAK_CLIENT_ID)
-      authUrl.searchParams.set('response_type', 'code')
-      authUrl.searchParams.set('redirect_uri', redirectUri)
-      authUrl.searchParams.set('scope', 'openid email profile')
-      authUrl.searchParams.set('state', state)
-      authUrl.searchParams.set('code_challenge', codeChallenge)
-      authUrl.searchParams.set('code_challenge_method', 'S256')
-      // Create a promise that resolves when we receive the callback
-      const authResult = await new Promise<{
-        success: boolean
-        code?: string
-        error?: string
-      }>((resolve) => {
-        const server = http.createServer(async (req, res) => {
-          const parsedUrl = url.parse(req.url || '', true)
-          if (parsedUrl.pathname === '/callback') {
-            const receivedState = parsedUrl.query.state as string
-            const code = parsedUrl.query.code as string
-            const error = parsedUrl.query.error as string
-            const errorPage = (title: string, message: string) => `
-              <!DOCTYPE html>
-              <html lang="en">
-                <head>
-                  <meta charset="UTF-8">
-                  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-                  <title>Berget - Authentication Failed</title>
-                  <style>
-                    * { margin: 0; padding: 0; box-sizing: border-box; }
-                    body {
-                      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-                      display: flex;
-                      justify-content: center;
-                      align-items: center;
-                      min-height: 100vh;
-                      background: linear-gradient(135deg, #0f0f1a 0%, #1a1a2e 50%, #16213e 100%);
-                      color: #fff;
-                    }
-                    .container {
-                      text-align: center;
-                      padding: 3rem;
-                      max-width: 400px;
-                    }
-                    .icon {
-                      width: 80px;
-                      height: 80px;
-                      background: linear-gradient(135deg, #f87171 0%, #ef4444 100%);
-                      border-radius: 50%;
-                      display: flex;
-                      align-items: center;
-                      justify-content: center;
-                      margin: 0 auto 1.5rem;
-                      box-shadow: 0 4px 20px rgba(248, 113, 113, 0.3);
-                    }
-                    .icon svg {
-                      width: 40px;
-                      height: 40px;
-                      stroke: #fff;
-                      stroke-width: 3;
-                    }
-                    h1 {
-                      font-size: 1.5rem;
-                      font-weight: 600;
-                      margin-bottom: 0.75rem;
-                      color: #fff;
-                    }
-                    p {
-                      color: #94a3b8;
-                      font-size: 0.95rem;
-                      line-height: 1.5;
-                    }
-                    .brand {
-                      margin-top: 2rem;
-                      opacity: 0.5;
-                      font-size: 0.8rem;
-                      letter-spacing: 0.05em;
-                    }
-                  </style>
-                </head>
-                <body>
-                  <div class="container">
-                    <div class="icon">
-                      <svg viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                        <line x1="18" y1="6" x2="6" y2="18"></line>
-                        <line x1="6" y1="6" x2="18" y2="18"></line>
-                      </svg>
-                    </div>
-                    <h1>${title}</h1>
-                    <p>${message}</p>
-                    <div class="brand">BERGET</div>
-                  </div>
-                </body>
-              </html>
-            `
-            if (error) {
-              res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-              res.end(errorPage('Authentication Failed', String(parsedUrl.query.error_description || error)))
-              server.close()
-              resolve({ success: false, error })
-              return
-            }
-            if (receivedState !== state) {
-              res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-              res.end(errorPage('Authentication Failed', 'Invalid state parameter. Please try again.'))
-              server.close()
-              resolve({ success: false, error: 'Invalid state parameter' })
-              return
-            }
-            res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-            res.end(`
-              <!DOCTYPE html>
-              <html lang="en">
-                <head>
-                  <meta charset="UTF-8">
-                  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-                  <title>Berget - Authentication Successful</title>
-                  <style>
-                    * { margin: 0; padding: 0; box-sizing: border-box; }
-                    body {
-                      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-                      display: flex;
-                      justify-content: center;
-                      align-items: center;
-                      min-height: 100vh;
-                      background: linear-gradient(135deg, #0f0f1a 0%, #1a1a2e 50%, #16213e 100%);
-                      color: #fff;
-                    }
-                    .container {
-                      text-align: center;
-                      padding: 3rem;
-                      max-width: 400px;
-                    }
-                    .icon {
-                      width: 80px;
-                      height: 80px;
-                      background: linear-gradient(135deg, #4ade80 0%, #22c55e 100%);
-                      border-radius: 50%;
-                      display: flex;
-                      align-items: center;
-                      justify-content: center;
-                      margin: 0 auto 1.5rem;
-                      box-shadow: 0 4px 20px rgba(74, 222, 128, 0.3);
-                    }
-                    .icon svg {
-                      width: 40px;
-                      height: 40px;
-                      stroke: #fff;
-                      stroke-width: 3;
-                    }
-                    h1 {
-                      font-size: 1.5rem;
-                      font-weight: 600;
-                      margin-bottom: 0.75rem;
-                      color: #fff;
-                    }
-                    p {
-                      color: #94a3b8;
-                      font-size: 0.95rem;
-                      line-height: 1.5;
-                    }
-                    .brand {
-                      margin-top: 2rem;
-                      opacity: 0.5;
-                      font-size: 0.8rem;
-                      letter-spacing: 0.05em;
-                    }
-                  </style>
-                </head>
-                <body>
-                  <div class="container">
-                    <div class="icon">
-                      <svg viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                        <polyline points="20 6 9 17 4 12"></polyline>
-                      </svg>
-                    </div>
-                    <h1>Authentication Successful</h1>
-                    <p>You can close this window and return to your terminal.</p>
-                    <div class="brand">BERGET</div>
-                  </div>
-                </body>
-              </html>
-            `)
-            server.close()
-            resolve({ success: true, code })
-          }
-        })
-        server.listen(CALLBACK_PORT, () => {
-          if (process.argv.includes('--debug')) {
-            console.log(
-              chalk.dim(`Callback server listening on port ${CALLBACK_PORT}`),
-            )
-          }
-        })
+      console.log(chalk.blue("Initiating login process..."));
-        // Set timeout for the server
-        setTimeout(() => {
-          server.close()
-          resolve({ success: false, error: 'Authentication timed out' })
-        }, 5 * 60 * 1000) // 5 minute timeout
+      const auth = makeBrowserAuth(process.argv.includes("--debug"));
+      const result = await auth.start();
-        // Open browser
-        ;(async () => {
-          try {
-            const open = await import('open').then((m) => m.default)
-            await open(authUrl.toString())
-            console.log(chalk.dim('Browser opened for authentication...'))
-          } catch {
-            console.log(chalk.cyan('\nPlease open this URL in your browser:'))
-            console.log(chalk.bold(authUrl.toString()))
-          }
-        })()
-      })
-      if (!authResult.success || !authResult.code) {
-        console.log(
-          chalk.red(`\nAuthentication failed: ${authResult.error || 'Unknown error'}`),
-        )
-        return false
+      if (!result.success) {
+        console.log(chalk.red(`\nAuthentication failed: ${result.error || "Unknown error"}`));
+        return false;
       }
-      // Exchange authorization code for tokens
-      console.log(chalk.dim('Exchanging authorization code for tokens...'))
-      const tokenUrl = `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token`
-      const tokenResponse = await fetch(tokenUrl, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-        },
-        body: new URLSearchParams({
-          grant_type: 'authorization_code',
-          client_id: KEYCLOAK_CLIENT_ID,
-          code: authResult.code,
-          redirect_uri: redirectUri,
-          code_verifier: codeVerifier,
-        }).toString(),
-      })
-      if (!tokenResponse.ok) {
-        const errorText = await tokenResponse.text()
-        console.log(chalk.red(`\nFailed to exchange code for tokens: ${errorText}`))
-        return false
-      }
+      saveAuthToken(result.accessToken!, result.refreshToken!, result.expiresIn!);
-      const tokenData = (await tokenResponse.json()) as {
-        access_token: string
-        refresh_token: string
-        expires_in: number
-        refresh_expires_in?: number
-      }
-      // Save tokens
-      saveAuthToken(
-        tokenData.access_token,
-        tokenData.refresh_token,
-        tokenData.expires_in,
-      )
-      if (process.argv.includes('--debug')) {
-        console.log(chalk.yellow('DEBUG: Token data received:'))
+      if (process.argv.includes("--debug")) {
+        console.log(chalk.yellow("DEBUG: Token data received:"));
         console.log(
           chalk.yellow(
             JSON.stringify(
               {
-                expires_in: tokenData.expires_in,
-                refresh_expires_in: tokenData.refresh_expires_in,
+                expires_in: result.expiresIn,
               },
               null,
-              2,
-            ),
-          ),
-        )
+              2
+            )
+          )
+        );
       }
-      console.log(chalk.green('\n✓ Successfully logged in to Berget'))
+      console.log(chalk.green("\n✓ Successfully logged in to Berget"));
-      // Try to get user info
       try {
-        const profile = await this.whoami()
+        const profile = await this.whoami();
         if (profile?.email) {
-          console.log(chalk.green(`Logged in as ${profile.name || profile.email}`))
+          console.log(chalk.green(`Logged in as ${profile.name || profile.email}`));
         }
       } catch {
         // Ignore errors fetching profile
       }
-      console.log(chalk.cyan('\nNext steps:'))
-      console.log(chalk.cyan('  • Create an API key: berget api-keys create'))
-      console.log(chalk.cyan('  • Setup OpenCode: berget code init'))
+      console.log(chalk.cyan("\nNext steps:"));
+      console.log(chalk.cyan("  • Create an API key: berget api-keys create"));
+      console.log(chalk.cyan("  • Setup OpenCode: berget code init"));
+      return true;
+    } catch (error) {
+      handleError("Login failed", error);
+      return false;
+    }
+  }
+  /**
+   * Browser-based PKCE login for wizard / programmatic use.
+   * Does NOT print to stdout — returns tokens so callers can display
+   * their own UI (e.g. via clack/prompts).
+   */
+  public async loginInteractive(): Promise<{
+    success: boolean;
+    accessToken?: string;
+    refreshToken?: string;
+    expiresIn?: number;
+    error?: string;
+  }> {
+    try {
+      clearAuthToken();
+      const auth = makeBrowserAuth(process.argv.includes("--debug"));
+      const result = await auth.start();
+      if (result.success) {
+        saveAuthToken(result.accessToken!, result.refreshToken!, result.expiresIn!);
+      }
-      return true
+      return result;
     } catch (error) {
-      handleError('Login failed', error)
-      return false
+      return {
+        success: false,
+        error: error instanceof Error ? error.message : String(error),
+      };
     }
   }
 }