berget 2.2.6 → 2.2.7

package/dist/src/commands/code/adapters/fs-file-store.js

@@ -50,10 +50,10 @@ class FsFileStore {
     readFile(filePath) {
         return __awaiter(this, void 0, void 0, function* () {
             try {
-                return yield node_fs_1.promises.readFile(filePath, 'utf8');
+                return yield node_fs_1.promises.readFile(filePath, "utf8");
             }
             catch (err) {
-                if (err.code === 'ENOENT')
+                if (err.code === "ENOENT")
                     return null;
                 throw err;
             }
@@ -63,7 +63,7 @@ class FsFileStore {
         return __awaiter(this, void 0, void 0, function* () {
             const dir = path.dirname(filePath);
             yield node_fs_1.promises.mkdir(dir, { recursive: true });
-            yield node_fs_1.promises.writeFile(filePath, content, 'utf8');
+            yield node_fs_1.promises.writeFile(filePath, content, "utf8");
         });
     }
     mkdir(dir) {
@@ -71,5 +71,10 @@ class FsFileStore {
             yield node_fs_1.promises.mkdir(dir, { recursive: true });
         });
     }
+    chmod(filePath, mode) {
+        return __awaiter(this, void 0, void 0, function* () {
+            yield node_fs_1.promises.chmod(filePath, mode);
+        });
+    }
 }
 exports.FsFileStore = FsFileStore;

package/dist/src/commands/code/adapters/spawn-command-runner.js

@@ -14,10 +14,10 @@ const node_child_process_1 = require("node:child_process");
 class SpawnCommandRunner {
     checkInstalled(binary) {
         return __awaiter(this, void 0, void 0, function* () {
-            return new Promise((resolve) => {
-                const child = (0, node_child_process_1.spawn)('which', [binary], { stdio: 'pipe' });
-                child.on('close', (code) => resolve(code === 0));
-                child.on('error', () => resolve(false));
+            return new Promise(resolve => {
+                const child = (0, node_child_process_1.spawn)("which", [binary], { stdio: "pipe" });
+                child.on("close", code => resolve(code === 0));
+                child.on("error", () => resolve(false));
             });
         });
     }
@@ -26,14 +26,18 @@ class SpawnCommandRunner {
             return new Promise((resolve, reject) => {
                 var _a, _b;
                 const child = (0, node_child_process_1.spawn)(command, args, {
-                    stdio: 'pipe',
+                    stdio: "pipe",
                     cwd: (options === null || options === void 0 ? void 0 : options.cwd) || process.cwd(),
                 });
-                let stdout = '';
-                let stderr = '';
-                (_a = child.stdout) === null || _a === void 0 ? void 0 : _a.on('data', (d) => { stdout += d.toString(); });
-                (_b = child.stderr) === null || _b === void 0 ? void 0 : _b.on('data', (d) => { stderr += d.toString(); });
-                child.on('close', (code) => {
+                let stdout = "";
+                let stderr = "";
+                (_a = child.stdout) === null || _a === void 0 ? void 0 : _a.on("data", d => {
+                    stdout += d.toString();
+                });
+                (_b = child.stderr) === null || _b === void 0 ? void 0 : _b.on("data", d => {
+                    stderr += d.toString();
+                });
+                child.on("close", code => {
                     if (code === 0) {
                         resolve(stdout);
                     }
@@ -41,7 +45,7 @@ class SpawnCommandRunner {
                         reject(new Error(stderr.trim() || `Command failed with exit code ${code}`));
                     }
                 });
-                child.on('error', (err) => reject(err));
+                child.on("error", err => reject(err));
             });
         });
     }

package/dist/src/commands/code/auth-sync.js

@@ -0,0 +1,283 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.configureAuth = exports.isTokenExpired = exports.syncApiKeyToTool = exports.syncOAuthToTool = exports.hasBergetCodeSeat = exports.decodeJwtPayload = exports.isToolAuthenticated = exports.readCliAuth = void 0;
+const CLI_AUTH_PATH = (homeDir) => homeDir + "/.berget/auth.json";
+const TOOL_AUTH_PATHS = {
+    opencode: (homeDir) => homeDir + "/.local/share/opencode/auth.json",
+    pi: (homeDir) => homeDir + "/.pi/agent/auth.json",
+};
+const TOOL_API_KEY_TYPES = {
+    opencode: "api",
+    pi: "api_key",
+};
+function extractJwtExpiresAt(accessToken) {
+    try {
+        const parts = accessToken.split(".");
+        if (parts.length !== 3)
+            return 0;
+        const payload = Buffer.from(parts[1], "base64url").toString("utf8");
+        const decoded = JSON.parse(payload);
+        if (typeof decoded.exp === "number") {
+            return decoded.exp * 1000; // JWT exp is in seconds, convert to milliseconds
+        }
+    }
+    catch (_a) {
+        // If decoding fails, return 0 (treated as expired)
+    }
+    return 0;
+}
+function readCliAuth(files, homeDir) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const content = yield files.readFile(CLI_AUTH_PATH(homeDir));
+        if (!content)
+            return null;
+        try {
+            const parsed = JSON.parse(content);
+            if (parsed.access_token && parsed.refresh_token) {
+                // Extract the actual expiry time from the JWT token instead of using the stored expires_at
+                const jwtExpiresAt = extractJwtExpiresAt(parsed.access_token);
+                if (jwtExpiresAt === 0) {
+                    // Invalid token, return null
+                    return null;
+                }
+                return {
+                    access_token: parsed.access_token,
+                    refresh_token: parsed.refresh_token,
+                    expires_at: jwtExpiresAt,
+                };
+            }
+            return null;
+        }
+        catch (_a) {
+            return null;
+        }
+    });
+}
+exports.readCliAuth = readCliAuth;
+function isToolAuthenticated(files, homeDir, tool) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const content = yield files.readFile(TOOL_AUTH_PATHS[tool](homeDir));
+        if (!content)
+            return false;
+        try {
+            const parsed = JSON.parse(content);
+            return typeof parsed.berget === "object" && parsed.berget !== null;
+        }
+        catch (_a) {
+            return false;
+        }
+    });
+}
+exports.isToolAuthenticated = isToolAuthenticated;
+function decodeJwtPayload(token) {
+    try {
+        const parts = token.split(".");
+        if (parts.length !== 3)
+            return null;
+        const payload = Buffer.from(parts[1], "base64url").toString("utf8");
+        return JSON.parse(payload);
+    }
+    catch (_a) {
+        return null;
+    }
+}
+exports.decodeJwtPayload = decodeJwtPayload;
+function hasBergetCodeSeat(accessToken) {
+    const payload = decodeJwtPayload(accessToken);
+    if (!payload || typeof payload !== "object")
+        return false;
+    const p = payload;
+    const realmAccess = p.realm_access;
+    if (!realmAccess)
+        return false;
+    const roles = realmAccess.roles;
+    if (!Array.isArray(roles))
+        return false;
+    return roles.includes("berget_code_seat");
+}
+exports.hasBergetCodeSeat = hasBergetCodeSeat;
+function syncOAuthToTool(files, homeDir, tool, cliAuth) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+        let existing = {};
+        const content = yield files.readFile(authPath);
+        if (content) {
+            try {
+                existing = JSON.parse(content);
+            }
+            catch (_a) {
+                existing = {};
+            }
+        }
+        // Use the JWT's actual expiry time for consistency
+        const jwtExpiresAt = extractJwtExpiresAt(cliAuth.access_token);
+        const updated = Object.assign(Object.assign({}, existing), { berget: {
+                type: "oauth",
+                access: cliAuth.access_token,
+                refresh: cliAuth.refresh_token,
+                expires: jwtExpiresAt,
+            } });
+        yield files.writeFile(authPath, JSON.stringify(updated, null, 2) + "\n");
+        yield files.chmod(authPath, 0o600);
+    });
+}
+exports.syncOAuthToTool = syncOAuthToTool;
+function syncApiKeyToTool(files, homeDir, tool, apiKey) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+        let existing = {};
+        const content = yield files.readFile(authPath);
+        if (content) {
+            try {
+                existing = JSON.parse(content);
+            }
+            catch (_a) {
+                existing = {};
+            }
+        }
+        const updated = Object.assign(Object.assign({}, existing), { berget: {
+                type: TOOL_API_KEY_TYPES[tool],
+                key: apiKey,
+            } });
+        yield files.writeFile(authPath, JSON.stringify(updated, null, 2) + "\n");
+        yield files.chmod(authPath, 0o600);
+    });
+}
+exports.syncApiKeyToTool = syncApiKeyToTool;
+function isTokenExpired(expiresAt) {
+    const now = Date.now();
+    const timeUntilExpiry = expiresAt - now;
+    const buffer = Math.min(30 * 1000, timeUntilExpiry * 0.1);
+    return now + buffer >= expiresAt;
+}
+exports.isTokenExpired = isTokenExpired;
+function configureAuth(deps, tool) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const { prompter, files, authService, apiKeyService, homeDir } = deps;
+        const alreadyAuth = yield isToolAuthenticated(files, homeDir, tool);
+        if (alreadyAuth) {
+            const choice = yield prompter.select({
+                message: `Account is already connected to Berget AI (${tool === "opencode" ? "OpenCode" : "Pi"}). How do you want to proceed?`,
+                options: [
+                    { value: "keep", label: "Keep existing authentication" },
+                    { value: "reconfigure", label: "Reconfigure — choose a different method" },
+                ],
+            });
+            if (choice === "keep") {
+                return { authenticated: true };
+            }
+            // Fall through to reconfigure
+        }
+        else {
+            prompter.note("Authentication required to use Berget AI.", "Connect your account");
+        }
+        // Try to reuse existing CLI tokens (from ~/.berget/auth.json)
+        let cliAuth = yield readCliAuth(files, homeDir);
+        if (!cliAuth || isTokenExpired(cliAuth.expires_at)) {
+            // No valid tokens → full browser login
+            const s = prompter.spinner();
+            s.start("Waiting for browser login...");
+            const loginResult = yield authService.loginInteractive();
+            if (!loginResult.success) {
+                s.stop("Login failed.");
+                prompter.note(`${loginResult.error || "Login timed out or was cancelled."}\n\nPlease run \`berget auth login\` manually, then run \`berget code setup\` again.`, "Authentication Failed");
+                return { authenticated: false };
+            }
+            s.stop("Successfully logged in to Berget.");
+            const jwtExpiresAt = extractJwtExpiresAt(loginResult.accessToken);
+            if (jwtExpiresAt === 0) {
+                s.stop("Login succeeded but received invalid token.");
+                prompter.note("Please try logging in again or contact support.", "Authentication Error");
+                return { authenticated: false };
+            }
+            cliAuth = {
+                access_token: loginResult.accessToken,
+                refresh_token: loginResult.refreshToken,
+                expires_at: jwtExpiresAt,
+            };
+        }
+        // Check Berget Code seat
+        const jwtPayload = decodeJwtPayload(cliAuth.access_token);
+        const hasSeat = jwtPayload ? hasBergetCodeSeat(cliAuth.access_token) : true;
+        // If we can't decode the JWT, sync OAuth anyway — the tokens are valid even if
+        // we can't verify the subscription role. Let the tool handle authorization.
+        if (!jwtPayload) {
+            const s = prompter.spinner();
+            s.start("Authenticating with Berget AI...");
+            yield syncOAuthToTool(files, homeDir, tool, cliAuth);
+            s.stop("Authenticated.");
+            prompter.note("Warning: Could not verify Berget Code subscription status.\nIf you do not have a subscription, the tool may show an authorization error.", "Authentication");
+            return { authenticated: true };
+        }
+        if (hasSeat) {
+            // Case B: Has seat — ask how to authenticate
+            const method = yield prompter.select({
+                message: "You have a Berget Code subscription. How do you want to authenticate?",
+                options: [
+                    { value: "subscription", label: "Use my Berget Code subscription" },
+                    { value: "api_key", label: "Use an API key instead" },
+                ],
+            });
+            if (method === "subscription") {
+                const s = prompter.spinner();
+                s.start("Authenticating with Berget AI via subscription...");
+                yield syncOAuthToTool(files, homeDir, tool, cliAuth);
+                s.stop("Authenticated.");
+                return { authenticated: true };
+            }
+            // Create API key instead
+            const s = prompter.spinner();
+            s.start("Creating API key...");
+            try {
+                const { key } = yield apiKeyService.create({
+                    name: `${tool === "opencode" ? "OpenCode" : "Pi"} (created by berget CLI)`,
+                    description: "Created by berget code setup",
+                });
+                yield syncApiKeyToTool(files, homeDir, tool, key);
+                s.stop("API key created and saved.");
+                return { authenticated: true };
+            }
+            catch (_a) {
+                s.stop("API key creation failed.");
+                prompter.note("Could not create API key. Please create one manually with `berget api-keys create`.", "Error");
+                return { authenticated: false };
+            }
+        }
+        // No Berget Code seat — prompt for API key creation
+        const shouldCreate = yield prompter.confirm({
+            message: "You do not have a Berget Code subscription. Would you like to create a new API key?",
+            initialValue: true,
+        });
+        if (shouldCreate) {
+            const s = prompter.spinner();
+            s.start("Creating API key...");
+            try {
+                const { key } = yield apiKeyService.create({
+                    name: `${tool === "opencode" ? "OpenCode" : "Pi"} (created by berget CLI)`,
+                    description: "Created by berget code setup",
+                });
+                yield syncApiKeyToTool(files, homeDir, tool, key);
+                s.stop("API key created and saved.");
+                return { authenticated: true };
+            }
+            catch (_b) {
+                s.stop("API key creation failed.");
+                prompter.note("Could not create API key. Please create one manually with `berget api-keys create`.", "Error");
+                return { authenticated: false };
+            }
+        }
+        // Case D: Declined
+        prompter.note('Authentication skipped. You\'ll need to set up authentication manually:\n1. Run: berget api-keys create --name "My Key"\n2. Set BERGET_API_KEY environment variable, or\n3. Run `berget auth login` and try again', "Authentication");
+        return { authenticated: false };
+    });
+}
+exports.configureAuth = configureAuth;

package/dist/src/commands/code/errors.js

@@ -5,14 +5,14 @@ class PrerequisiteError extends Error {
     constructor(binary) {
         super(`Required binary not found: ${binary}`);
         this.binary = binary;
-        this.name = 'PrerequisiteError';
+        this.name = "PrerequisiteError";
     }
 }
 exports.PrerequisiteError = PrerequisiteError;
 class CancelledError extends Error {
     constructor() {
-        super('Wizard cancelled');
-        this.name = 'CancelledError';
+        super("Wizard cancelled");
+        this.name = "CancelledError";
     }
 }
 exports.CancelledError = CancelledError;
@@ -21,7 +21,7 @@ class CommandFailedError extends Error {
         super(`Command "${command}" failed with exit code ${exitCode}`);
         this.command = command;
         this.exitCode = exitCode;
-        this.name = 'CommandFailedError';
+        this.name = "CommandFailedError";
     }
 }
 exports.CommandFailedError = CommandFailedError;

package/dist/src/commands/code/ports/auth-services.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });