berget 2.2.7 → 2.2.8

package/dist/src/commands/code/auth-sync.js

@@ -1,99 +1,150 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.configureAuth = exports.isTokenExpired = exports.syncApiKeyToTool = exports.syncOAuthToTool = exports.hasBergetCodeSeat = exports.decodeJwtPayload = exports.isToolAuthenticated = exports.readCliAuth = void 0;
-const CLI_AUTH_PATH = (homeDir) => homeDir + "/.berget/auth.json";
+exports.syncOAuthToTool = exports.syncApiKeyToTool = exports.readCliAuth = exports.isToolAuthenticated = exports.isTokenExpired = exports.hasBergetCodeSeat = exports.decodeJwtPayload = exports.configureAuth = void 0;
+const CLI_AUTH_PATH = (homeDir) => homeDir + '/.berget/auth.json';
 const TOOL_AUTH_PATHS = {
-    opencode: (homeDir) => homeDir + "/.local/share/opencode/auth.json",
-    pi: (homeDir) => homeDir + "/.pi/agent/auth.json",
+    opencode: (homeDir) => homeDir + '/.local/share/opencode/auth.json',
+    pi: (homeDir) => homeDir + '/.pi/agent/auth.json',
 };
 const TOOL_API_KEY_TYPES = {
-    opencode: "api",
-    pi: "api_key",
+    opencode: 'api',
+    pi: 'api_key',
 };
-function extractJwtExpiresAt(accessToken) {
-    try {
-        const parts = accessToken.split(".");
-        if (parts.length !== 3)
-            return 0;
-        const payload = Buffer.from(parts[1], "base64url").toString("utf8");
-        const decoded = JSON.parse(payload);
-        if (typeof decoded.exp === "number") {
-            return decoded.exp * 1000; // JWT exp is in seconds, convert to milliseconds
+async function configureAuth(deps, tool) {
+    const { apiKeyService, authService, files, homeDir, prompter } = deps;
+    const alreadyAuth = await isToolAuthenticated(files, homeDir, tool);
+    if (alreadyAuth) {
+        const choice = await prompter.select({
+            message: `Account is already connected to Berget AI (${tool === 'opencode' ? 'OpenCode' : 'Pi'}). How do you want to proceed?`,
+            options: [
+                { label: 'Keep existing authentication', value: 'keep' },
+                { label: 'Reconfigure — choose a different method', value: 'reconfigure' },
+            ],
+        });
+        if (choice === 'keep') {
+            return { authenticated: true };
         }
+        // Fall through to reconfigure
     }
-    catch (_a) {
-        // If decoding fails, return 0 (treated as expired)
+    else {
+        prompter.note('Authentication required to use Berget AI.', 'Connect your account');
     }
-    return 0;
-}
-function readCliAuth(files, homeDir) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const content = yield files.readFile(CLI_AUTH_PATH(homeDir));
-        if (!content)
-            return null;
+    // Try to reuse existing CLI tokens (from ~/.berget/auth.json)
+    let cliAuth = await readCliAuth(files, homeDir);
+    if (!cliAuth || isTokenExpired(cliAuth.expires_at)) {
+        // No valid tokens → full browser login
+        const s = prompter.spinner();
+        s.start('Waiting for browser login...');
+        const loginResult = await authService.loginInteractive();
+        if (!loginResult.success) {
+            s.stop('Login failed.');
+            prompter.note(`${loginResult.error || 'Login timed out or was cancelled.'}\n\nPlease run \`berget auth login\` manually, then run \`berget code setup\` again.`, 'Authentication Failed');
+            return { authenticated: false };
+        }
+        s.stop('Successfully logged in to Berget.');
+        const jwtExpiresAt = extractJwtExpiresAt(loginResult.accessToken);
+        if (jwtExpiresAt === 0) {
+            s.stop('Login succeeded but received invalid token.');
+            prompter.note('Please try logging in again or contact support.', 'Authentication Error');
+            return { authenticated: false };
+        }
+        cliAuth = {
+            access_token: loginResult.accessToken,
+            expires_at: jwtExpiresAt,
+            refresh_token: loginResult.refreshToken,
+        };
+    }
+    // Check Berget Code seat
+    const jwtPayload = decodeJwtPayload(cliAuth.access_token);
+    const hasSeat = jwtPayload ? hasBergetCodeSeat(cliAuth.access_token) : true;
+    // If we can't decode the JWT, sync OAuth anyway — the tokens are valid even if
+    // we can't verify the subscription role. Let the tool handle authorization.
+    if (!jwtPayload) {
+        const s = prompter.spinner();
+        s.start('Authenticating with Berget AI...');
+        await syncOAuthToTool(files, homeDir, tool, cliAuth);
+        s.stop('Authenticated.');
+        prompter.note('Warning: Could not verify Berget Code subscription status.\nIf you do not have a subscription, the tool may show an authorization error.', 'Authentication');
+        return { authenticated: true };
+    }
+    if (hasSeat) {
+        // Case B: Has seat — ask how to authenticate
+        const method = await prompter.select({
+            message: 'You have a Berget Code subscription. How do you want to authenticate?',
+            options: [
+                { label: 'Use my Berget Code subscription', value: 'subscription' },
+                { label: 'Use an API key instead', value: 'api_key' },
+            ],
+        });
+        if (method === 'subscription') {
+            const s = prompter.spinner();
+            s.start('Authenticating with Berget AI via subscription...');
+            await syncOAuthToTool(files, homeDir, tool, cliAuth);
+            s.stop('Authenticated.');
+            return { authenticated: true };
+        }
+        // Create API key instead
+        const s = prompter.spinner();
+        s.start('Creating API key...');
         try {
-            const parsed = JSON.parse(content);
-            if (parsed.access_token && parsed.refresh_token) {
-                // Extract the actual expiry time from the JWT token instead of using the stored expires_at
-                const jwtExpiresAt = extractJwtExpiresAt(parsed.access_token);
-                if (jwtExpiresAt === 0) {
-                    // Invalid token, return null
-                    return null;
-                }
-                return {
-                    access_token: parsed.access_token,
-                    refresh_token: parsed.refresh_token,
-                    expires_at: jwtExpiresAt,
-                };
-            }
-            return null;
+            const { key } = await apiKeyService.create({
+                description: 'Created by berget code setup',
+                name: `${tool === 'opencode' ? 'OpenCode' : 'Pi'} (created by berget CLI)`,
+            });
+            await syncApiKeyToTool(files, homeDir, tool, key);
+            s.stop('API key created and saved.');
+            return { authenticated: true };
         }
-        catch (_a) {
-            return null;
+        catch {
+            s.stop('API key creation failed.');
+            prompter.note('Could not create API key. Please create one manually with `berget api-keys create`.', 'Error');
+            return { authenticated: false };
         }
+    }
+    // No Berget Code seat — prompt for API key creation
+    const shouldCreate = await prompter.confirm({
+        initialValue: true,
+        message: 'You do not have a Berget Code subscription. Would you like to create a new API key?',
     });
-}
-exports.readCliAuth = readCliAuth;
-function isToolAuthenticated(files, homeDir, tool) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const content = yield files.readFile(TOOL_AUTH_PATHS[tool](homeDir));
-        if (!content)
-            return false;
+    if (shouldCreate) {
+        const s = prompter.spinner();
+        s.start('Creating API key...');
         try {
-            const parsed = JSON.parse(content);
-            return typeof parsed.berget === "object" && parsed.berget !== null;
+            const { key } = await apiKeyService.create({
+                description: 'Created by berget code setup',
+                name: `${tool === 'opencode' ? 'OpenCode' : 'Pi'} (created by berget CLI)`,
+            });
+            await syncApiKeyToTool(files, homeDir, tool, key);
+            s.stop('API key created and saved.');
+            return { authenticated: true };
         }
-        catch (_a) {
-            return false;
+        catch {
+            s.stop('API key creation failed.');
+            prompter.note('Could not create API key. Please create one manually with `berget api-keys create`.', 'Error');
+            return { authenticated: false };
         }
-    });
+    }
+    // Case D: Declined
+    prompter.note('Authentication skipped. You\'ll need to set up authentication manually:\n1. Run: berget api-keys create --name "My Key"\n2. Set BERGET_API_KEY environment variable, or\n3. Run `berget auth login` and try again', 'Authentication');
+    return { authenticated: false };
 }
-exports.isToolAuthenticated = isToolAuthenticated;
+exports.configureAuth = configureAuth;
 function decodeJwtPayload(token) {
     try {
-        const parts = token.split(".");
+        const parts = token.split('.');
         if (parts.length !== 3)
             return null;
-        const payload = Buffer.from(parts[1], "base64url").toString("utf8");
+        const payload = Buffer.from(parts[1], 'base64url').toString('utf8');
         return JSON.parse(payload);
     }
-    catch (_a) {
+    catch {
         return null;
     }
 }
 exports.decodeJwtPayload = decodeJwtPayload;
 function hasBergetCodeSeat(accessToken) {
     const payload = decodeJwtPayload(accessToken);
-    if (!payload || typeof payload !== "object")
+    if (!payload || typeof payload !== 'object')
         return false;
     const p = payload;
     const realmAccess = p.realm_access;
@@ -102,57 +153,9 @@ function hasBergetCodeSeat(accessToken) {
     const roles = realmAccess.roles;
     if (!Array.isArray(roles))
         return false;
-    return roles.includes("berget_code_seat");
+    return roles.includes('berget_code_seat');
 }
 exports.hasBergetCodeSeat = hasBergetCodeSeat;
-function syncOAuthToTool(files, homeDir, tool, cliAuth) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const authPath = TOOL_AUTH_PATHS[tool](homeDir);
-        let existing = {};
-        const content = yield files.readFile(authPath);
-        if (content) {
-            try {
-                existing = JSON.parse(content);
-            }
-            catch (_a) {
-                existing = {};
-            }
-        }
-        // Use the JWT's actual expiry time for consistency
-        const jwtExpiresAt = extractJwtExpiresAt(cliAuth.access_token);
-        const updated = Object.assign(Object.assign({}, existing), { berget: {
-                type: "oauth",
-                access: cliAuth.access_token,
-                refresh: cliAuth.refresh_token,
-                expires: jwtExpiresAt,
-            } });
-        yield files.writeFile(authPath, JSON.stringify(updated, null, 2) + "\n");
-        yield files.chmod(authPath, 0o600);
-    });
-}
-exports.syncOAuthToTool = syncOAuthToTool;
-function syncApiKeyToTool(files, homeDir, tool, apiKey) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const authPath = TOOL_AUTH_PATHS[tool](homeDir);
-        let existing = {};
-        const content = yield files.readFile(authPath);
-        if (content) {
-            try {
-                existing = JSON.parse(content);
-            }
-            catch (_a) {
-                existing = {};
-            }
-        }
-        const updated = Object.assign(Object.assign({}, existing), { berget: {
-                type: TOOL_API_KEY_TYPES[tool],
-                key: apiKey,
-            } });
-        yield files.writeFile(authPath, JSON.stringify(updated, null, 2) + "\n");
-        yield files.chmod(authPath, 0o600);
-    });
-}
-exports.syncApiKeyToTool = syncApiKeyToTool;
 function isTokenExpired(expiresAt) {
     const now = Date.now();
     const timeUntilExpiry = expiresAt - now;
@@ -160,124 +163,108 @@ function isTokenExpired(expiresAt) {
     return now + buffer >= expiresAt;
 }
 exports.isTokenExpired = isTokenExpired;
-function configureAuth(deps, tool) {
-    return __awaiter(this, void 0, void 0, function* () {
-        const { prompter, files, authService, apiKeyService, homeDir } = deps;
-        const alreadyAuth = yield isToolAuthenticated(files, homeDir, tool);
-        if (alreadyAuth) {
-            const choice = yield prompter.select({
-                message: `Account is already connected to Berget AI (${tool === "opencode" ? "OpenCode" : "Pi"}). How do you want to proceed?`,
-                options: [
-                    { value: "keep", label: "Keep existing authentication" },
-                    { value: "reconfigure", label: "Reconfigure — choose a different method" },
-                ],
-            });
-            if (choice === "keep") {
-                return { authenticated: true };
-            }
-            // Fall through to reconfigure
-        }
-        else {
-            prompter.note("Authentication required to use Berget AI.", "Connect your account");
-        }
-        // Try to reuse existing CLI tokens (from ~/.berget/auth.json)
-        let cliAuth = yield readCliAuth(files, homeDir);
-        if (!cliAuth || isTokenExpired(cliAuth.expires_at)) {
-            // No valid tokens → full browser login
-            const s = prompter.spinner();
-            s.start("Waiting for browser login...");
-            const loginResult = yield authService.loginInteractive();
-            if (!loginResult.success) {
-                s.stop("Login failed.");
-                prompter.note(`${loginResult.error || "Login timed out or was cancelled."}\n\nPlease run \`berget auth login\` manually, then run \`berget code setup\` again.`, "Authentication Failed");
-                return { authenticated: false };
-            }
-            s.stop("Successfully logged in to Berget.");
-            const jwtExpiresAt = extractJwtExpiresAt(loginResult.accessToken);
+async function isToolAuthenticated(files, homeDir, tool) {
+    const content = await files.readFile(TOOL_AUTH_PATHS[tool](homeDir));
+    if (!content)
+        return false;
+    try {
+        const parsed = JSON.parse(content);
+        return typeof parsed.berget === 'object' && parsed.berget !== null;
+    }
+    catch {
+        return false;
+    }
+}
+exports.isToolAuthenticated = isToolAuthenticated;
+async function readCliAuth(files, homeDir) {
+    const content = await files.readFile(CLI_AUTH_PATH(homeDir));
+    if (!content)
+        return null;
+    try {
+        const parsed = JSON.parse(content);
+        if (parsed.access_token && parsed.refresh_token) {
+            // Extract the actual expiry time from the JWT token instead of using the stored expires_at
+            const jwtExpiresAt = extractJwtExpiresAt(parsed.access_token);
             if (jwtExpiresAt === 0) {
-                s.stop("Login succeeded but received invalid token.");
-                prompter.note("Please try logging in again or contact support.", "Authentication Error");
-                return { authenticated: false };
+                // Invalid token, return null
+                return null;
             }
-            cliAuth = {
-                access_token: loginResult.accessToken,
-                refresh_token: loginResult.refreshToken,
+            return {
+                access_token: parsed.access_token,
                 expires_at: jwtExpiresAt,
+                refresh_token: parsed.refresh_token,
             };
         }
-        // Check Berget Code seat
-        const jwtPayload = decodeJwtPayload(cliAuth.access_token);
-        const hasSeat = jwtPayload ? hasBergetCodeSeat(cliAuth.access_token) : true;
-        // If we can't decode the JWT, sync OAuth anyway — the tokens are valid even if
-        // we can't verify the subscription role. Let the tool handle authorization.
-        if (!jwtPayload) {
-            const s = prompter.spinner();
-            s.start("Authenticating with Berget AI...");
-            yield syncOAuthToTool(files, homeDir, tool, cliAuth);
-            s.stop("Authenticated.");
-            prompter.note("Warning: Could not verify Berget Code subscription status.\nIf you do not have a subscription, the tool may show an authorization error.", "Authentication");
-            return { authenticated: true };
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+exports.readCliAuth = readCliAuth;
+async function syncApiKeyToTool(files, homeDir, tool, apiKey) {
+    const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+    let existing = {};
+    const content = await files.readFile(authPath);
+    if (content) {
+        try {
+            existing = JSON.parse(content);
         }
-        if (hasSeat) {
-            // Case B: Has seat — ask how to authenticate
-            const method = yield prompter.select({
-                message: "You have a Berget Code subscription. How do you want to authenticate?",
-                options: [
-                    { value: "subscription", label: "Use my Berget Code subscription" },
-                    { value: "api_key", label: "Use an API key instead" },
-                ],
-            });
-            if (method === "subscription") {
-                const s = prompter.spinner();
-                s.start("Authenticating with Berget AI via subscription...");
-                yield syncOAuthToTool(files, homeDir, tool, cliAuth);
-                s.stop("Authenticated.");
-                return { authenticated: true };
-            }
-            // Create API key instead
-            const s = prompter.spinner();
-            s.start("Creating API key...");
-            try {
-                const { key } = yield apiKeyService.create({
-                    name: `${tool === "opencode" ? "OpenCode" : "Pi"} (created by berget CLI)`,
-                    description: "Created by berget code setup",
-                });
-                yield syncApiKeyToTool(files, homeDir, tool, key);
-                s.stop("API key created and saved.");
-                return { authenticated: true };
-            }
-            catch (_a) {
-                s.stop("API key creation failed.");
-                prompter.note("Could not create API key. Please create one manually with `berget api-keys create`.", "Error");
-                return { authenticated: false };
-            }
+        catch {
+            existing = {};
         }
-        // No Berget Code seat — prompt for API key creation
-        const shouldCreate = yield prompter.confirm({
-            message: "You do not have a Berget Code subscription. Would you like to create a new API key?",
-            initialValue: true,
-        });
-        if (shouldCreate) {
-            const s = prompter.spinner();
-            s.start("Creating API key...");
-            try {
-                const { key } = yield apiKeyService.create({
-                    name: `${tool === "opencode" ? "OpenCode" : "Pi"} (created by berget CLI)`,
-                    description: "Created by berget code setup",
-                });
-                yield syncApiKeyToTool(files, homeDir, tool, key);
-                s.stop("API key created and saved.");
-                return { authenticated: true };
-            }
-            catch (_b) {
-                s.stop("API key creation failed.");
-                prompter.note("Could not create API key. Please create one manually with `berget api-keys create`.", "Error");
-                return { authenticated: false };
-            }
+    }
+    const updated = {
+        ...existing,
+        berget: {
+            key: apiKey,
+            type: TOOL_API_KEY_TYPES[tool],
+        },
+    };
+    await files.writeFile(authPath, JSON.stringify(updated, null, 2) + '\n');
+    await files.chmod(authPath, 0o600);
+}
+exports.syncApiKeyToTool = syncApiKeyToTool;
+async function syncOAuthToTool(files, homeDir, tool, cliAuth) {
+    const authPath = TOOL_AUTH_PATHS[tool](homeDir);
+    let existing = {};
+    const content = await files.readFile(authPath);
+    if (content) {
+        try {
+            existing = JSON.parse(content);
         }
-        // Case D: Declined
-        prompter.note('Authentication skipped. You\'ll need to set up authentication manually:\n1. Run: berget api-keys create --name "My Key"\n2. Set BERGET_API_KEY environment variable, or\n3. Run `berget auth login` and try again', "Authentication");
-        return { authenticated: false };
-    });
+        catch {
+            existing = {};
+        }
+    }
+    // Use the JWT's actual expiry time for consistency
+    const jwtExpiresAt = extractJwtExpiresAt(cliAuth.access_token);
+    const updated = {
+        ...existing,
+        berget: {
+            access: cliAuth.access_token,
+            expires: jwtExpiresAt,
+            refresh: cliAuth.refresh_token,
+            type: 'oauth',
+        },
+    };
+    await files.writeFile(authPath, JSON.stringify(updated, null, 2) + '\n');
+    await files.chmod(authPath, 0o600);
+}
+exports.syncOAuthToTool = syncOAuthToTool;
+function extractJwtExpiresAt(accessToken) {
+    try {
+        const parts = accessToken.split('.');
+        if (parts.length !== 3)
+            return 0;
+        const payload = Buffer.from(parts[1], 'base64url').toString('utf8');
+        const decoded = JSON.parse(payload);
+        if (typeof decoded.exp === 'number') {
+            return decoded.exp * 1000; // JWT exp is in seconds, convert to milliseconds
+        }
+    }
+    catch {
+        // If decoding fails, return 0 (treated as expired)
+    }
+    return 0;
 }
-exports.configureAuth = configureAuth;

package/dist/src/commands/code/errors.js

@@ -1,27 +1,30 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CommandFailedError = exports.CancelledError = exports.PrerequisiteError = void 0;
-class PrerequisiteError extends Error {
-    constructor(binary) {
-        super(`Required binary not found: ${binary}`);
-        this.binary = binary;
-        this.name = "PrerequisiteError";
-    }
-}
-exports.PrerequisiteError = PrerequisiteError;
+exports.PrerequisiteError = exports.CommandFailedError = exports.CancelledError = void 0;
 class CancelledError extends Error {
     constructor() {
-        super("Wizard cancelled");
-        this.name = "CancelledError";
+        super('Wizard cancelled');
+        this.name = 'CancelledError';
     }
 }
 exports.CancelledError = CancelledError;
 class CommandFailedError extends Error {
+    command;
+    exitCode;
     constructor(command, exitCode) {
         super(`Command "${command}" failed with exit code ${exitCode}`);
         this.command = command;
         this.exitCode = exitCode;
-        this.name = "CommandFailedError";
+        this.name = 'CommandFailedError';
     }
 }
 exports.CommandFailedError = CommandFailedError;
+class PrerequisiteError extends Error {
+    binary;
+    constructor(binary) {
+        super(`Required binary not found: ${binary}`);
+        this.binary = binary;
+        this.name = 'PrerequisiteError';
+    }
+}
+exports.PrerequisiteError = PrerequisiteError;