berget 2.2.6 → 2.2.8

package/dist/src/commands/code/adapters/clack-prompter.js

@@ -22,15 +22,6 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.ClackPrompter = void 0;
 const p = __importStar(require("@clack/prompts"));
@@ -41,31 +32,33 @@ const unwrap = (v) => {
     return v;
 };
 class ClackPrompter {
+    async confirm(options) {
+        return unwrap(await p.confirm(options));
+    }
     intro(message) {
         p.intro(message);
     }
-    outro(message) {
-        p.outro(message);
+    async multiselect(options) {
+        return unwrap(await p.multiselect(options));
     }
     note(message, title) {
         p.note(message, title);
     }
+    outro(message) {
+        p.outro(message);
+    }
+    async select(options) {
+        return unwrap(await p.select(options));
+    }
     spinner() {
         const s = p.spinner();
         return {
-            start: (msg) => s.start(msg),
-            stop: (msg) => s.stop(msg),
+            start: (message) => s.start(message),
+            stop: (message) => s.stop(message),
         };
     }
-    select(opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return unwrap(yield p.select(opts));
-        });
-    }
-    confirm(opts) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return unwrap(yield p.confirm(opts));
-        });
+    async text(options) {
+        return unwrap(await p.text(options));
     }
 }
 exports.ClackPrompter = ClackPrompter;

package/dist/src/commands/code/adapters/fs-file-store.js

@@ -22,54 +22,40 @@ var __importStar = (this && this.__importStar) || function (mod) {
     __setModuleDefault(result, mod);
     return result;
 };
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.FsFileStore = void 0;
 const node_fs_1 = require("node:fs");
 const path = __importStar(require("node:path"));
 class FsFileStore {
-    exists(filePath) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                yield node_fs_1.promises.access(filePath);
-                return true;
-            }
-            catch (_a) {
-                return false;
-            }
-        });
+    async chmod(filePath, mode) {
+        await node_fs_1.promises.chmod(filePath, mode);
+    }
+    async exists(filePath) {
+        try {
+            await node_fs_1.promises.access(filePath);
+            return true;
+        }
+        catch {
+            return false;
+        }
     }
-    readFile(filePath) {
-        return __awaiter(this, void 0, void 0, function* () {
-            try {
-                return yield node_fs_1.promises.readFile(filePath, 'utf8');
-            }
-            catch (err) {
-                if (err.code === 'ENOENT')
-                    return null;
-                throw err;
-            }
-        });
+    async mkdir(dir) {
+        await node_fs_1.promises.mkdir(dir, { recursive: true });
     }
-    writeFile(filePath, content) {
-        return __awaiter(this, void 0, void 0, function* () {
-            const dir = path.dirname(filePath);
-            yield node_fs_1.promises.mkdir(dir, { recursive: true });
-            yield node_fs_1.promises.writeFile(filePath, content, 'utf8');
-        });
+    async readFile(filePath) {
+        try {
+            return await node_fs_1.promises.readFile(filePath, 'utf8');
+        }
+        catch (error) {
+            if (error.code === 'ENOENT')
+                return null;
+            throw error;
+        }
     }
-    mkdir(dir) {
-        return __awaiter(this, void 0, void 0, function* () {
-            yield node_fs_1.promises.mkdir(dir, { recursive: true });
-        });
+    async writeFile(filePath, content) {
+        const dir = path.dirname(filePath);
+        await node_fs_1.promises.mkdir(dir, { recursive: true });
+        await node_fs_1.promises.writeFile(filePath, content, 'utf8');
     }
 }
 exports.FsFileStore = FsFileStore;

package/dist/src/commands/code/adapters/spawn-command-runner.js

@@ -1,48 +1,38 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SpawnCommandRunner = void 0;
 const node_child_process_1 = require("node:child_process");
 class SpawnCommandRunner {
-    checkInstalled(binary) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return new Promise((resolve) => {
-                const child = (0, node_child_process_1.spawn)('which', [binary], { stdio: 'pipe' });
-                child.on('close', (code) => resolve(code === 0));
-                child.on('error', () => resolve(false));
-            });
+    async checkInstalled(binary) {
+        return new Promise((resolve) => {
+            const child = (0, node_child_process_1.spawn)('which', [binary], { stdio: 'pipe' });
+            child.on('close', (code) => resolve(code === 0));
+            child.on('error', () => resolve(false));
         });
     }
-    run(command, args, options) {
-        return __awaiter(this, void 0, void 0, function* () {
-            return new Promise((resolve, reject) => {
-                var _a, _b;
-                const child = (0, node_child_process_1.spawn)(command, args, {
-                    stdio: 'pipe',
-                    cwd: (options === null || options === void 0 ? void 0 : options.cwd) || process.cwd(),
-                });
-                let stdout = '';
-                let stderr = '';
-                (_a = child.stdout) === null || _a === void 0 ? void 0 : _a.on('data', (d) => { stdout += d.toString(); });
-                (_b = child.stderr) === null || _b === void 0 ? void 0 : _b.on('data', (d) => { stderr += d.toString(); });
-                child.on('close', (code) => {
-                    if (code === 0) {
-                        resolve(stdout);
-                    }
-                    else {
-                        reject(new Error(stderr.trim() || `Command failed with exit code ${code}`));
-                    }
-                });
-                child.on('error', (err) => reject(err));
+    async run(command, arguments_, options) {
+        return new Promise((resolve, reject) => {
+            const child = (0, node_child_process_1.spawn)(command, arguments_, {
+                cwd: options?.cwd || process.cwd(),
+                stdio: 'pipe',
+            });
+            let stdout = '';
+            let stderr = '';
+            child.stdout?.on('data', (d) => {
+                stdout += d.toString();
+            });
+            child.stderr?.on('data', (d) => {
+                stderr += d.toString();
+            });
+            child.on('close', (code) => {
+                if (code === 0) {
+                    resolve(stdout);
+                }
+                else {
+                    reject(new Error(stderr.trim() || `Command failed with exit code ${code}`));
+                }
             });
+            child.on('error', (error) => reject(error));
         });
     }
 }

package/dist/src/commands/code/auth-sync.js

@@ -0,0 +1,270 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.syncOAuthToTool = exports.syncApiKeyToTool = exports.readCliAuth = exports.isToolAuthenticated = exports.isTokenExpired = exports.hasBergetCodeSeat = exports.decodeJwtPayload = exports.configureAuth = void 0;
+const CLI_AUTH_PATH = (homeDir) => homeDir + '/.berget/auth.json';
+const TOOL_AUTH_PATHS = {
+    opencode: (homeDir) => homeDir + '/.local/share/opencode/auth.json',
+    pi: (homeDir) => homeDir + '/.pi/agent/auth.json',
+};
+const TOOL_API_KEY_TYPES = {
+    opencode: 'api',
+    pi: 'api_key',
+};
+async function configureAuth(deps, tool) {
+    const { apiKeyService, authService, files, homeDir, prompter } = deps;
+    const alreadyAuth = await isToolAuthenticated(files, homeDir, tool);
+    if (alreadyAuth) {
+        const choice = await prompter.select({
+            message: `Account is already connected to Berget AI (${tool === 'opencode' ? 'OpenCode' : 'Pi'}). How do you want to proceed?`,
+            options: [
+                { label: 'Keep existing authentication', value: 'keep' },
+                { label: 'Reconfigure — choose a different method', value: 'reconfigure' },
+            ],
+        });
+        if (choice === 'keep') {
+            return { authenticated: true };
+        }
+        // Fall through to reconfigure
+    }
+    else {
+        prompter.note('Authentication required to use Berget AI.', 'Connect your account');
+    }
+    // Try to reuse existing CLI tokens (from ~/.berget/auth.json)
+    let cliAuth = await readCliAuth(files, homeDir);
+    if (!cliAuth || isTokenExpired(cliAuth.expires_at)) {
+        // No valid tokens → full browser login
+        const s = prompter.spinner();
+        s.start('Waiting for browser login...');
+        const loginResult = await authService.loginInteractive();
+        if (!loginResult.success) {
+            s.stop('Login failed.');
+            prompter.note(`${loginResult.error || 'Login timed out or was cancelled.'}\n\nPlease run \`berget auth login\` manually, then run \`berget code setup\` again.`, 'Authentication Failed');
+            return { authenticated: false };
+        }
+        s.stop('Successfully logged in to Berget.');
+        const jwtExpiresAt = extractJwtExpiresAt(loginResult.accessToken);
+        if (jwtExpiresAt === 0) {
+            s.stop('Login succeeded but received invalid token.');
+            prompter.note('Please try logging in again or contact support.', 'Authentication Error');
+            return { authenticated: false };
+        }
+        cliAuth = {
+            access_token: loginResult.accessToken,
+            expires_at: jwtExpiresAt,
+            refresh_token: loginResult.refreshToken,
+        };
+    }
+    // Check Berget Code seat
+    const jwtPayload = decodeJwtPayload(cliAuth.access_token);
+    const hasSeat = jwtPayload ? hasBergetCodeSeat(cliAuth.access_token) : true;
+    // If we can't decode the JWT, sync OAuth anyway — the tokens are valid even if
+    // we can't verify the subscription role. Let the tool handle authorization.
+    if (!jwtPayload) {
+        const s = prompter.spinner();
+        s.start('Authenticating with Berget AI...');
+        await syncOAuthToTool(files, homeDir, tool, cliAuth);
+        s.stop('Authenticated.');
+        prompter.note('Warning: Could not verify Berget Code subscription status.\nIf you do not have a subscription, the tool may show an authorization error.', 'Authentication');
+        return { authenticated: true };
+    }
+    if (hasSeat) {
+        // Case B: Has seat — ask how to authenticate
+        const method = await prompter.select({
+            message: 'You have a Berget Code subscription. How do you want to authenticate?',
+            options: [
+                { label: 'Use my Berget Code subscription', value: 'subscription' },
+                { label: 'Use an API key instead', value: 'api_key' },
+            ],
+        });
+        if (method === 'subscription') {
+            const s = prompter.spinner();
+            s.start('Authenticating with Berget AI via subscription...');
+            await syncOAuthToTool(files, homeDir, tool, cliAuth);
+            s.stop('Authenticated.');
+            return { authenticated: true };
+        }
+        // Create API key instead
+        const s = prompter.spinner();
+        s.start('Creating API key...');
+        try {
+            const { key } = await apiKeyService.create({
+                description: 'Created by berget code setup',
+                name: `${tool === 'opencode' ? 'OpenCode' : 'Pi'} (created by berget CLI)`,
+            });
+            await syncApiKeyToTool(files, homeDir, tool, key);
+            s.stop('API key created and saved.');
+            return { authenticated: true };
+        }
+        catch {
+            s.stop('API key creation failed.');
+            prompter.note('Could not create API key. Please create one manually with `berget api-keys create`.', 'Error');
+            return { authenticated: false };
+        }
+    }
+    // No Berget Code seat — prompt for API key creation
+    const shouldCreate = await prompter.confirm({
+        initialValue: true,
+        message: 'You do not have a Berget Code subscription. Would you like to create a new API key?',
+    });
+    if (shouldCreate) {
+        const s = prompter.spinner();
+        s.start('Creating API key...');
+        try {
+            const { key } = await apiKeyService.create({
+                description: 'Created by berget code setup',
+                name: `${tool === 'opencode' ? 'OpenCode' : 'Pi'} (created by berget CLI)`,
+            });
+            await syncApiKeyToTool(files, homeDir, tool, key);
+            s.stop('API key created and saved.');
+            return { authenticated: true };
+        }
+        catch {
+            s.stop('API key creation failed.');
+            prompter.note('Could not create API key. Please create one manually with `berget api-keys create`.', 'Error');
+            return { authenticated: false };
+        }
+    }
+    // Case D: Declined
+    prompter.note('Authentication skipped. You\'ll need to set up authentication manually:\n1. Run: berget api-keys create --name "My Key"\n2. Set BERGET_API_KEY environment variable, or\n3. Run `berget auth login` and try again', 'Authentication');
+    return { authenticated: false };
+}
+exports.configureAuth = configureAuth;
+function decodeJwtPayload(token) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        const payload = Buffer.from(parts[1], 'base64url').toString('utf8');
+        return JSON.parse(payload);
+    }
+    catch {
+        return null;
+    }
+}
+exports.decodeJwtPayload = decodeJwtPayload;
+function hasBergetCodeSeat(accessToken) {
+    const payload = decodeJwtPayload(accessToken);
+    if (!payload || typeof payload !== 'object')
+        return false;
+    const p = payload;
+    const realmAccess = p.realm_access;
+    if (!realmAccess)
+        return false;
+    const roles = realmAccess.roles;
+    if (!Array.isArray(roles))
+        return false;
+    return roles.includes('berget_code_seat');
+}
+exports.hasBergetCodeSeat = hasBergetCodeSeat;
+function isTokenExpired(expiresAt) {
+    const now = Date.now();
+    const timeUntilExpiry = expiresAt - now;
+    const buffer = Math.min(30 * 1000, timeUntilExpiry * 0.1);
+    return now + buffer >= expiresAt;
+}
+exports.isTokenExpired = isTokenExpired;
+async function isToolAuthenticated(files, homeDir, tool) {
+    const content = await files.readFile(TOOL_AUTH_PATHS[tool](homeDir));
+    if (!content)
+        return false;
+    try {
+        const parsed = JSON.parse(content);
+        return typeof parsed.berget === 'object' && parsed.berget !== null;
+    }
+    catch {
+        return false;
+    }
+}
+exports.isToolAuthenticated = isToolAuthenticated;
+async function readCliAuth(files, homeDir) {
+    const content = await files.readFile(CLI_AUTH_PATH(homeDir));
+    if (!content)
+        return null;
+    try {
+        const parsed = JSON.parse(content);
+        if (parsed.access_token && parsed.refresh_token) {
+            // Extract the actual expiry time from the JWT token instead of using the stored expires_at
+            const jwtExpiresAt = extractJwtExpiresAt(parsed.access_token);
+            if (jwtExpiresAt === 0) {
+                // Invalid token, return null
+                return null;
+            }
+            return {
+                access_token: parsed.access_token,
+                expires_at: jwtExpiresAt,
+                refresh_token: parsed.refresh_token,
+            };
+        }
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+exports.readCliAuth = readCliAuth;
+async function syncApiKeyToTool(files, homeDir, tool, apiKey) {
+    const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+    let existing = {};
+    const content = await files.readFile(authPath);
+    if (content) {
+        try {
+            existing = JSON.parse(content);
+        }
+        catch {
+            existing = {};
+        }
+    }
+    const updated = {
+        ...existing,
+        berget: {
+            key: apiKey,
+            type: TOOL_API_KEY_TYPES[tool],
+        },
+    };
+    await files.writeFile(authPath, JSON.stringify(updated, null, 2) + '\n');
+    await files.chmod(authPath, 0o600);
+}
+exports.syncApiKeyToTool = syncApiKeyToTool;
+async function syncOAuthToTool(files, homeDir, tool, cliAuth) {
+    const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+    let existing = {};
+    const content = await files.readFile(authPath);
+    if (content) {
+        try {
+            existing = JSON.parse(content);
+        }
+        catch {
+            existing = {};
+        }
+    }
+    // Use the JWT's actual expiry time for consistency
+    const jwtExpiresAt = extractJwtExpiresAt(cliAuth.access_token);
+    const updated = {
+        ...existing,
+        berget: {
+            access: cliAuth.access_token,
+            expires: jwtExpiresAt,
+            refresh: cliAuth.refresh_token,
+            type: 'oauth',
+        },
+    };
+    await files.writeFile(authPath, JSON.stringify(updated, null, 2) + '\n');
+    await files.chmod(authPath, 0o600);
+}
+exports.syncOAuthToTool = syncOAuthToTool;
+function extractJwtExpiresAt(accessToken) {
+    try {
+        const parts = accessToken.split('.');
+        if (parts.length !== 3)
+            return 0;
+        const payload = Buffer.from(parts[1], 'base64url').toString('utf8');
+        const decoded = JSON.parse(payload);
+        if (typeof decoded.exp === 'number') {
+            return decoded.exp * 1000; // JWT exp is in seconds, convert to milliseconds
+        }
+    }
+    catch {
+        // If decoding fails, return 0 (treated as expired)
+    }
+    return 0;
+}

package/dist/src/commands/code/errors.js

@@ -1,14 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CommandFailedError = exports.CancelledError = exports.PrerequisiteError = void 0;
-class PrerequisiteError extends Error {
-    constructor(binary) {
-        super(`Required binary not found: ${binary}`);
-        this.binary = binary;
-        this.name = 'PrerequisiteError';
-    }
-}
-exports.PrerequisiteError = PrerequisiteError;
+exports.PrerequisiteError = exports.CommandFailedError = exports.CancelledError = void 0;
 class CancelledError extends Error {
     constructor() {
         super('Wizard cancelled');
@@ -17,6 +9,8 @@ class CancelledError extends Error {
 }
 exports.CancelledError = CancelledError;
 class CommandFailedError extends Error {
+    command;
+    exitCode;
     constructor(command, exitCode) {
         super(`Command "${command}" failed with exit code ${exitCode}`);
         this.command = command;
@@ -25,3 +19,12 @@ class CommandFailedError extends Error {
     }
 }
 exports.CommandFailedError = CommandFailedError;
+class PrerequisiteError extends Error {
+    binary;
+    constructor(binary) {
+        super(`Required binary not found: ${binary}`);
+        this.binary = binary;
+        this.name = 'PrerequisiteError';
+    }
+}
+exports.PrerequisiteError = PrerequisiteError;

package/dist/src/commands/code/ports/auth-services.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });