npm - berget - Versions diffs - 2.2.6 → 2.2.8 - Mend

berget 2.2.6 → 2.2.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (145) hide show

package/.github/workflows/publish.yml +2 -2
package/.github/workflows/test.yml +10 -4
package/.husky/pre-commit +1 -0
package/.prettierignore +15 -0
package/.prettierrc +7 -3
package/CONTRIBUTING.md +38 -0
package/README.md +2 -148
package/dist/index.js +10 -11
package/dist/package.json +30 -2
package/dist/src/agents/app.js +28 -0
package/dist/src/agents/backend.js +25 -0
package/dist/src/agents/devops.js +34 -0
package/dist/src/agents/frontend.js +25 -0
package/dist/src/agents/fullstack.js +25 -0
package/dist/src/agents/index.js +61 -0
package/dist/src/agents/quality.js +70 -0
package/dist/src/agents/security.js +26 -0
package/dist/src/agents/types.js +2 -0
package/dist/src/client.js +97 -117
package/dist/src/commands/api-keys.js +75 -90
package/dist/src/commands/auth.js +7 -16
package/dist/src/commands/autocomplete.js +1 -1
package/dist/src/commands/billing.js +6 -17
package/dist/src/commands/chat.js +68 -101
package/dist/src/commands/clusters.js +9 -18
package/dist/src/commands/code/__tests__/auth-sync.test.js +351 -0
package/dist/src/commands/code/__tests__/fake-api-key-service.js +13 -0
package/dist/src/commands/code/__tests__/fake-auth-service.js +47 -0
package/dist/src/commands/code/__tests__/fake-command-runner.js +21 -34
package/dist/src/commands/code/__tests__/fake-file-store.js +20 -33
package/dist/src/commands/code/__tests__/fake-prompter.js +83 -57
package/dist/src/commands/code/__tests__/setup-flow.test.js +359 -92
package/dist/src/commands/code/adapters/clack-prompter.js +15 -22
package/dist/src/commands/code/adapters/fs-file-store.js +26 -40
package/dist/src/commands/code/adapters/spawn-command-runner.js +27 -37
package/dist/src/commands/code/auth-sync.js +270 -0
package/dist/src/commands/code/errors.js +12 -9
package/dist/src/commands/code/ports/auth-services.js +2 -0
package/dist/src/commands/code/setup.js +387 -281
package/dist/src/commands/code.js +205 -332
package/dist/src/commands/index.js +5 -5
package/dist/src/commands/models.js +6 -17
package/dist/src/commands/users.js +5 -16
package/dist/src/constants/command-structure.js +104 -104
package/dist/src/services/api-key-service.js +132 -157
package/dist/src/services/auth-service.js +89 -342
package/dist/src/services/browser-auth.js +268 -0
package/dist/src/services/chat-service.js +371 -401
package/dist/src/services/cluster-service.js +47 -62
package/dist/src/services/collaborator-service.js +10 -25
package/dist/src/services/flux-service.js +14 -29
package/dist/src/services/helm-service.js +10 -25
package/dist/src/services/kubectl-service.js +16 -33
package/dist/src/utils/config-checker.js +3 -3
package/dist/src/utils/config-loader.js +95 -95
package/dist/src/utils/default-api-key.js +124 -134
package/dist/src/utils/env-manager.js +55 -66
package/dist/src/utils/error-handler.js +20 -21
package/dist/src/utils/logger.js +72 -65
package/dist/src/utils/markdown-renderer.js +27 -27
package/dist/src/utils/opencode-validator.js +63 -68
package/dist/src/utils/token-manager.js +74 -45
package/dist/tests/commands/chat.test.js +16 -25
package/dist/tests/commands/code.test.js +95 -104
package/dist/tests/utils/config-loader.test.js +48 -48
package/dist/tests/utils/env-manager.test.js +43 -52
package/dist/tests/utils/opencode-validator.test.js +22 -21
package/dist/vitest.config.js +1 -1
package/eslint.config.mjs +67 -0
package/index.ts +35 -42
package/package.json +30 -2
package/src/agents/app.ts +27 -0
package/src/agents/backend.ts +24 -0
package/src/agents/devops.ts +33 -0
package/src/agents/frontend.ts +24 -0
package/src/agents/fullstack.ts +24 -0
package/src/agents/index.ts +73 -0
package/src/agents/quality.ts +69 -0
package/src/agents/security.ts +26 -0
package/src/agents/types.ts +17 -0
package/src/client.ts +118 -152
package/src/commands/api-keys.ts +241 -333
package/src/commands/auth.ts +22 -27
package/src/commands/autocomplete.ts +9 -9
package/src/commands/billing.ts +20 -24
package/src/commands/chat.ts +248 -338
package/src/commands/clusters.ts +27 -26
package/src/commands/code/__tests__/auth-sync.test.ts +482 -0
package/src/commands/code/__tests__/fake-api-key-service.ts +13 -0
package/src/commands/code/__tests__/fake-auth-service.ts +50 -0
package/src/commands/code/__tests__/fake-command-runner.ts +45 -42
package/src/commands/code/__tests__/fake-file-store.ts +32 -23
package/src/commands/code/__tests__/fake-prompter.ts +116 -77
package/src/commands/code/__tests__/setup-flow.test.ts +624 -268
package/src/commands/code/adapters/clack-prompter.ts +53 -39
package/src/commands/code/adapters/fs-file-store.ts +32 -27
package/src/commands/code/adapters/spawn-command-runner.ts +38 -29
package/src/commands/code/auth-sync.ts +329 -0
package/src/commands/code/errors.ts +18 -18
package/src/commands/code/ports/auth-services.ts +14 -0
package/src/commands/code/ports/command-runner.ts +8 -4
package/src/commands/code/ports/file-store.ts +5 -4
package/src/commands/code/ports/prompter.ts +24 -18
package/src/commands/code/setup.ts +570 -340
package/src/commands/code.ts +338 -539
package/src/commands/index.ts +20 -19
package/src/commands/models.ts +28 -32
package/src/commands/users.ts +15 -21
package/src/constants/command-structure.ts +134 -157
package/src/services/api-key-service.ts +105 -122
package/src/services/auth-service.ts +99 -345
package/src/services/browser-auth.ts +296 -0
package/src/services/chat-service.ts +265 -299
package/src/services/cluster-service.ts +42 -45
package/src/services/collaborator-service.ts +14 -19
package/src/services/flux-service.ts +23 -25
package/src/services/helm-service.ts +19 -21
package/src/services/kubectl-service.ts +17 -19
package/src/types/api.d.ts +1905 -1907
package/src/types/json.d.ts +2 -2
package/src/utils/config-checker.ts +10 -10
package/src/utils/config-loader.ts +162 -178
package/src/utils/default-api-key.ts +114 -125
package/src/utils/env-manager.ts +53 -57
package/src/utils/error-handler.ts +61 -56
package/src/utils/logger.ts +79 -73
package/src/utils/markdown-renderer.ts +31 -31
package/src/utils/opencode-validator.ts +85 -89
package/src/utils/token-manager.ts +108 -87
package/templates/agents/app.md +1 -0
package/templates/agents/backend.md +1 -0
package/templates/agents/devops.md +2 -0
package/templates/agents/frontend.md +1 -0
package/templates/agents/fullstack.md +1 -0
package/templates/agents/quality.md +45 -40
package/templates/agents/security.md +1 -0
package/tests/commands/chat.test.ts +53 -62
package/tests/commands/code.test.ts +265 -310
package/tests/utils/config-loader.test.ts +189 -188
package/tests/utils/env-manager.test.ts +110 -113
package/tests/utils/opencode-validator.test.ts +52 -56
package/tsconfig.json +4 -3
package/vitest.config.ts +3 -3
package/AGENTS.md +0 -374
package/TODO.md +0 -19

package/src/services/auth-service.ts CHANGED Viewed

@@ -1,397 +1,151 @@
-import {
-  createAuthenticatedClient,
-  saveAuthToken,
-  clearAuthToken,
-  apiClient,
-  API_BASE_URL,
-} from '../client'
-// We'll use dynamic import for 'open' to support ESM modules in CommonJS
-import chalk from 'chalk'
-import { handleError } from '../utils/error-handler'
-import { COMMAND_GROUPS, SUBCOMMANDS } from '../constants/command-structure'
-import * as http from 'http'
-import * as crypto from 'crypto'
-import * as url from 'url'
+import chalk from 'chalk';
-// Keycloak configuration based on environment
-const isStageMode = process.argv.includes('--stage')
-const isLocalMode = process.argv.includes('--local')
-const KEYCLOAK_URL = (isStageMode || isLocalMode)
-  ? 'https://keycloak.stage.berget.ai'
-  : 'https://keycloak.berget.ai'
-const KEYCLOAK_REALM = 'berget'
-const KEYCLOAK_CLIENT_ID = 'berget-code'
-const CALLBACK_PORT = 8787
-/**
- * Generate a random string for PKCE code_verifier
- */
-function generateCodeVerifier(): string {
-  return crypto.randomBytes(32).toString('base64url')
-}
+import { clearAuthToken, createAuthenticatedClient, saveAuthToken } from '../client';
+import { COMMAND_GROUPS, SUBCOMMANDS } from '../constants/command-structure';
+import { handleError } from '../utils/error-handler';
+import { BrowserAuth } from './browser-auth';
-/**
- * Generate code_challenge from code_verifier using S256 method
- */
-function generateCodeChallenge(verifier: string): string {
-  return crypto.createHash('sha256').update(verifier).digest('base64url')
-}
+// Keycloak configuration based on environment
+const isStageMode = process.argv.includes('--stage');
+const isLocalMode = process.argv.includes('--local');
+const KEYCLOAK_URL =
+  isStageMode || isLocalMode ? 'https://keycloak.stage.berget.ai' : 'https://keycloak.berget.ai';
+const KEYCLOAK_REALM = 'berget';
+const KEYCLOAK_CLIENT_ID = 'berget-code';
+const CALLBACK_PORT = 8787;
 /**
  * Service for authentication operations
  * Command group: auth
  */
 export class AuthService {
-  private static instance: AuthService
-  private client = createAuthenticatedClient()
   // Command group name for this service
-  public static readonly COMMAND_GROUP = COMMAND_GROUPS.AUTH
+  public static readonly COMMAND_GROUP = COMMAND_GROUPS.AUTH;
   // Subcommands for this service
-  public static readonly COMMANDS = SUBCOMMANDS.AUTH
+  public static readonly COMMANDS = SUBCOMMANDS.AUTH;
+  private static instance: AuthService;
   private constructor() {}
   public static getInstance(): AuthService {
     if (!AuthService.instance) {
-      AuthService.instance = new AuthService()
-    }
-    return AuthService.instance
-  }
-  public async whoami(): Promise<any> {
-    try {
-      // Create fresh client to ensure we have the latest token
-      const client = createAuthenticatedClient()
-      const { data: profile, error } = await client.GET('/v1/users/me')
-      if (error) {
-        return null
-      }
-      return profile
-    } catch (error) {
-      return null
+      AuthService.instance = new AuthService();
     }
+    return AuthService.instance;
   }
+  /**
+   * Browser-based PKCE login for interactive CLI use.
+   * Prints status to stdout/stderr. Use loginInteractive() when you need
+   * a silent, UI-agnostic result (e.g. inside the setup wizard).
+   */
   public async login(): Promise<boolean> {
     try {
-      // Clear any existing token to ensure a fresh login
-      clearAuthToken()
-      console.log(chalk.blue('Initiating login process...'))
-      // Generate PKCE code verifier and challenge
-      const codeVerifier = generateCodeVerifier()
-      const codeChallenge = generateCodeChallenge(codeVerifier)
-      const state = crypto.randomBytes(16).toString('hex')
-      const redirectUri = `http://localhost:${CALLBACK_PORT}/callback`
-      // Build authorization URL
-      const authUrl = new URL(
-        `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/auth`,
-      )
-      authUrl.searchParams.set('client_id', KEYCLOAK_CLIENT_ID)
-      authUrl.searchParams.set('response_type', 'code')
-      authUrl.searchParams.set('redirect_uri', redirectUri)
-      authUrl.searchParams.set('scope', 'openid email profile')
-      authUrl.searchParams.set('state', state)
-      authUrl.searchParams.set('code_challenge', codeChallenge)
-      authUrl.searchParams.set('code_challenge_method', 'S256')
-      // Create a promise that resolves when we receive the callback
-      const authResult = await new Promise<{
-        success: boolean
-        code?: string
-        error?: string
-      }>((resolve) => {
-        const server = http.createServer(async (req, res) => {
-          const parsedUrl = url.parse(req.url || '', true)
-          if (parsedUrl.pathname === '/callback') {
-            const receivedState = parsedUrl.query.state as string
-            const code = parsedUrl.query.code as string
-            const error = parsedUrl.query.error as string
-            const errorPage = (title: string, message: string) => `
-              <!DOCTYPE html>
-              <html lang="en">
-                <head>
-                  <meta charset="UTF-8">
-                  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-                  <title>Berget - Authentication Failed</title>
-                  <style>
-                    * { margin: 0; padding: 0; box-sizing: border-box; }
-                    body {
-                      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-                      display: flex;
-                      justify-content: center;
-                      align-items: center;
-                      min-height: 100vh;
-                      background: linear-gradient(135deg, #0f0f1a 0%, #1a1a2e 50%, #16213e 100%);
-                      color: #fff;
-                    }
-                    .container {
-                      text-align: center;
-                      padding: 3rem;
-                      max-width: 400px;
-                    }
-                    .icon {
-                      width: 80px;
-                      height: 80px;
-                      background: linear-gradient(135deg, #f87171 0%, #ef4444 100%);
-                      border-radius: 50%;
-                      display: flex;
-                      align-items: center;
-                      justify-content: center;
-                      margin: 0 auto 1.5rem;
-                      box-shadow: 0 4px 20px rgba(248, 113, 113, 0.3);
-                    }
-                    .icon svg {
-                      width: 40px;
-                      height: 40px;
-                      stroke: #fff;
-                      stroke-width: 3;
-                    }
-                    h1 {
-                      font-size: 1.5rem;
-                      font-weight: 600;
-                      margin-bottom: 0.75rem;
-                      color: #fff;
-                    }
-                    p {
-                      color: #94a3b8;
-                      font-size: 0.95rem;
-                      line-height: 1.5;
-                    }
-                    .brand {
-                      margin-top: 2rem;
-                      opacity: 0.5;
-                      font-size: 0.8rem;
-                      letter-spacing: 0.05em;
-                    }
-                  </style>
-                </head>
-                <body>
-                  <div class="container">
-                    <div class="icon">
-                      <svg viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                        <line x1="18" y1="6" x2="6" y2="18"></line>
-                        <line x1="6" y1="6" x2="18" y2="18"></line>
-                      </svg>
-                    </div>
-                    <h1>${title}</h1>
-                    <p>${message}</p>
-                    <div class="brand">BERGET</div>
-                  </div>
-                </body>
-              </html>
-            `
-            if (error) {
-              res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-              res.end(errorPage('Authentication Failed', String(parsedUrl.query.error_description || error)))
-              server.close()
-              resolve({ success: false, error })
-              return
-            }
-            if (receivedState !== state) {
-              res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-              res.end(errorPage('Authentication Failed', 'Invalid state parameter. Please try again.'))
-              server.close()
-              resolve({ success: false, error: 'Invalid state parameter' })
-              return
-            }
+      clearAuthToken();
-            res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' })
-            res.end(`
-              <!DOCTYPE html>
-              <html lang="en">
-                <head>
-                  <meta charset="UTF-8">
-                  <meta name="viewport" content="width=device-width, initial-scale=1.0">
-                  <title>Berget - Authentication Successful</title>
-                  <style>
-                    * { margin: 0; padding: 0; box-sizing: border-box; }
-                    body {
-                      font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, sans-serif;
-                      display: flex;
-                      justify-content: center;
-                      align-items: center;
-                      min-height: 100vh;
-                      background: linear-gradient(135deg, #0f0f1a 0%, #1a1a2e 50%, #16213e 100%);
-                      color: #fff;
-                    }
-                    .container {
-                      text-align: center;
-                      padding: 3rem;
-                      max-width: 400px;
-                    }
-                    .icon {
-                      width: 80px;
-                      height: 80px;
-                      background: linear-gradient(135deg, #4ade80 0%, #22c55e 100%);
-                      border-radius: 50%;
-                      display: flex;
-                      align-items: center;
-                      justify-content: center;
-                      margin: 0 auto 1.5rem;
-                      box-shadow: 0 4px 20px rgba(74, 222, 128, 0.3);
-                    }
-                    .icon svg {
-                      width: 40px;
-                      height: 40px;
-                      stroke: #fff;
-                      stroke-width: 3;
-                    }
-                    h1 {
-                      font-size: 1.5rem;
-                      font-weight: 600;
-                      margin-bottom: 0.75rem;
-                      color: #fff;
-                    }
-                    p {
-                      color: #94a3b8;
-                      font-size: 0.95rem;
-                      line-height: 1.5;
-                    }
-                    .brand {
-                      margin-top: 2rem;
-                      opacity: 0.5;
-                      font-size: 0.8rem;
-                      letter-spacing: 0.05em;
-                    }
-                  </style>
-                </head>
-                <body>
-                  <div class="container">
-                    <div class="icon">
-                      <svg viewBox="0 0 24 24" fill="none" stroke="currentColor">
-                        <polyline points="20 6 9 17 4 12"></polyline>
-                      </svg>
-                    </div>
-                    <h1>Authentication Successful</h1>
-                    <p>You can close this window and return to your terminal.</p>
-                    <div class="brand">BERGET</div>
-                  </div>
-                </body>
-              </html>
-            `)
-            server.close()
-            resolve({ success: true, code })
-          }
-        })
+      console.log(chalk.blue('Initiating login process...'));
-        server.listen(CALLBACK_PORT, () => {
-          if (process.argv.includes('--debug')) {
-            console.log(
-              chalk.dim(`Callback server listening on port ${CALLBACK_PORT}`),
-            )
-          }
-        })
+      const auth = makeBrowserAuth(process.argv.includes('--debug'));
+      const result = await auth.start();
-        // Set timeout for the server
-        setTimeout(() => {
-          server.close()
-          resolve({ success: false, error: 'Authentication timed out' })
-        }, 5 * 60 * 1000) // 5 minute timeout
-        // Open browser
-        ;(async () => {
-          try {
-            const open = await import('open').then((m) => m.default)
-            await open(authUrl.toString())
-            console.log(chalk.dim('Browser opened for authentication...'))
-          } catch {
-            console.log(chalk.cyan('\nPlease open this URL in your browser:'))
-            console.log(chalk.bold(authUrl.toString()))
-          }
-        })()
-      })
-      if (!authResult.success || !authResult.code) {
-        console.log(
-          chalk.red(`\nAuthentication failed: ${authResult.error || 'Unknown error'}`),
-        )
-        return false
-      }
-      // Exchange authorization code for tokens
-      console.log(chalk.dim('Exchanging authorization code for tokens...'))
-      const tokenUrl = `${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token`
-      const tokenResponse = await fetch(tokenUrl, {
-        method: 'POST',
-        headers: {
-          'Content-Type': 'application/x-www-form-urlencoded',
-        },
-        body: new URLSearchParams({
-          grant_type: 'authorization_code',
-          client_id: KEYCLOAK_CLIENT_ID,
-          code: authResult.code,
-          redirect_uri: redirectUri,
-          code_verifier: codeVerifier,
-        }).toString(),
-      })
-      if (!tokenResponse.ok) {
-        const errorText = await tokenResponse.text()
-        console.log(chalk.red(`\nFailed to exchange code for tokens: ${errorText}`))
-        return false
+      if (!result.success) {
+        console.log(chalk.red(`\nAuthentication failed: ${result.error || 'Unknown error'}`));
+        return false;
       }
-      const tokenData = (await tokenResponse.json()) as {
-        access_token: string
-        refresh_token: string
-        expires_in: number
-        refresh_expires_in?: number
-      }
-      // Save tokens
-      saveAuthToken(
-        tokenData.access_token,
-        tokenData.refresh_token,
-        tokenData.expires_in,
-      )
+      saveAuthToken(result.accessToken!, result.refreshToken!, result.expiresIn!);
       if (process.argv.includes('--debug')) {
-        console.log(chalk.yellow('DEBUG: Token data received:'))
+        console.log(chalk.yellow('DEBUG: Token data received:'));
         console.log(
           chalk.yellow(
             JSON.stringify(
               {
-                expires_in: tokenData.expires_in,
-                refresh_expires_in: tokenData.refresh_expires_in,
+                expires_in: result.expiresIn,
               },
               null,
               2,
             ),
           ),
-        )
+        );
       }
-      console.log(chalk.green('\n✓ Successfully logged in to Berget'))
+      console.log(chalk.green('\n✓ Successfully logged in to Berget'));
-      // Try to get user info
       try {
-        const profile = await this.whoami()
+        const profile = await this.whoami();
         if (profile?.email) {
-          console.log(chalk.green(`Logged in as ${profile.name || profile.email}`))
+          console.log(chalk.green(`Logged in as ${profile.name || profile.email}`));
         }
       } catch {
         // Ignore errors fetching profile
       }
-      console.log(chalk.cyan('\nNext steps:'))
-      console.log(chalk.cyan('  • Create an API key: berget api-keys create'))
-      console.log(chalk.cyan('  • Setup OpenCode: berget code init'))
+      console.log(chalk.cyan('\nNext steps:'));
+      console.log(chalk.cyan('  • Create an API key: berget api-keys create'));
+      console.log(chalk.cyan('  • Setup OpenCode: berget code init'));
+      return true;
+    } catch (error) {
+      handleError('Login failed', error);
+      return false;
+    }
+  }
+  /**
+   * Browser-based PKCE login for wizard / programmatic use.
+   * Does NOT print to stdout — returns tokens so callers can display
+   * their own UI (e.g. via clack/prompts).
+   */
+  public async loginInteractive(): Promise<{
+    accessToken?: string;
+    error?: string;
+    expiresIn?: number;
+    refreshToken?: string;
+    success: boolean;
+  }> {
+    try {
+      clearAuthToken();
+      const auth = makeBrowserAuth(process.argv.includes('--debug'));
+      const result = await auth.start();
+      if (result.success) {
+        saveAuthToken(result.accessToken!, result.refreshToken!, result.expiresIn!);
+      }
-      return true
+      return result;
     } catch (error) {
-      handleError('Login failed', error)
-      return false
+      return {
+        error: error instanceof Error ? error.message : String(error),
+        success: false,
+      };
+    }
+  }
+  public async whoami(): Promise<any> {
+    try {
+      // Create fresh client to ensure we have the latest token
+      const client = createAuthenticatedClient();
+      const { data: profile, error } = await client.GET('/v1/users/me');
+      if (error) {
+        return null;
+      }
+      return profile;
+    } catch {
+      return null;
     }
   }
 }
+function makeBrowserAuth(debug?: boolean): BrowserAuth {
+  return new BrowserAuth({
+    callbackPort: CALLBACK_PORT,
+    clientId: KEYCLOAK_CLIENT_ID,
+    debug,
+    keycloakUrl: KEYCLOAK_URL,
+    realm: KEYCLOAK_REALM,
+  });
+}