bincode-cli 1.0.1

package/src/auth/bineric-login.ts

@@ -0,0 +1,506 @@
+import { Log } from "../util/log"
+import open from "open"
+import { Filesystem } from "../util/filesystem"
+import { Instance } from "../project/instance"
+import * as prompts from "@clack/prompts"
+import { UI } from "../cli/ui"
+import path from "path"
+import { Env } from "../env"
+
+const log = Log.create({ service: "auth.bineric-login" })
+
+const OAUTH_CALLBACK_PORT = 19877
+const OAUTH_CALLBACK_PATH = "/auth/bineric/callback"
+
+interface PendingAuth {
+  resolve: (data: { token: string }) => void
+  reject: (error: Error) => void
+  timeout: ReturnType<typeof setTimeout>
+  createdAt: number
+  isTimedOut?: boolean
+}
+
+export namespace BinericLogin {
+  let server: ReturnType<typeof Bun.serve> | undefined
+  const pendingAuths = new Map<string, PendingAuth>()
+
+  const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes
+  const GRACE_PERIOD_MS = 3 * 60 * 1000 // 3 minutes grace period after timeout
+
+  // Minimal HTML that immediately tries to close the window
+  // Shows nothing visible - just a blank page that closes itself
+  const HTML_SUCCESS = `<!DOCTYPE html>
+<html>
+<head>
+  <title>Login Complete</title>
+  <meta charset="utf-8">
+  <style>
+    body { 
+      margin: 0; 
+      padding: 0;
+      background: #1a1a2e; 
+      font-family: system-ui, -apple-system, sans-serif;
+    }
+    .msg {
+      display: none;
+      position: fixed;
+      top: 50%;
+      left: 50%;
+      transform: translate(-50%, -50%);
+      text-align: center;
+      color: #4ade80;
+      font-size: 1.2rem;
+    }
+    .msg.show { display: block; }
+  </style>
+</head>
+<body>
+  <div class="msg" id="msg">✓ Login successful. You can close this tab.</div>
+  <script>
+    (function() {
+      // Try to close immediately - multiple attempts
+      function tryClose() {
+        try { window.close(); } catch(e) {}
+        try { self.close(); } catch(e) {}
+        try { window.open('', '_self').close(); } catch(e) {}
+      }
+      
+      // Immediate attempts
+      tryClose();
+      setTimeout(tryClose, 50);
+      setTimeout(tryClose, 100);
+      setTimeout(tryClose, 200);
+      setTimeout(tryClose, 500);
+      
+      // After 600ms, if still open, show minimal message
+      setTimeout(function() {
+        document.getElementById('msg').classList.add('show');
+      }, 600);
+    })();
+  </script>
+</body>
+</html>`
+
+  const HTML_ERROR = (error: string) => `<!DOCTYPE html>
+<html>
+<head>
+  <title>Bineric - Login Failed</title>
+  <style>
+    body { font-family: system-ui, -apple-system, sans-serif; display: flex; justify-content: center; align-items: center; height: 100vh; margin: 0; background: #1a1a2e; color: #eee; }
+    .container { text-align: center; padding: 2rem; }
+    h1 { color: #f87171; margin-bottom: 1rem; }
+    p { color: #aaa; }
+    .error { color: #fca5a5; font-family: monospace; margin-top: 1rem; padding: 1rem; background: rgba(248,113,113,0.1); border-radius: 0.5rem; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <h1>Login Failed</h1>
+    <p>An error occurred during login.</p>
+    <div class="error">${error}</div>
+  </div>
+</body>
+</html>`
+
+  export async function ensureServer(): Promise<void> {
+    if (server) return
+
+    const running = await isPortInUse()
+    if (running) {
+      log.info("oauth callback server already running on another instance", { port: OAUTH_CALLBACK_PORT })
+      return
+    }
+
+    server = Bun.serve({
+      port: OAUTH_CALLBACK_PORT,
+      fetch(req) {
+        const url = new URL(req.url)
+
+        if (url.pathname !== OAUTH_CALLBACK_PATH) {
+          return new Response("Not found", { status: 404 })
+        }
+
+        const token = url.searchParams.get("token")
+        const state = url.searchParams.get("state")
+        const error = url.searchParams.get("error")
+        const errorDescription = url.searchParams.get("error_description")
+
+        log.info("received oauth callback", { hasToken: !!token, state, error })
+
+        // Enforce state parameter presence
+        if (!state) {
+          const errorMsg = "Missing required state parameter"
+          log.error("oauth callback missing state parameter", { url: url.toString() })
+          return new Response(HTML_ERROR(errorMsg), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        if (error) {
+          const errorMsg = errorDescription || error
+          if (pendingAuths.has(state)) {
+            const pending = pendingAuths.get(state)!
+            clearTimeout(pending.timeout)
+            pendingAuths.delete(state)
+            pending.reject(new Error(errorMsg))
+          }
+          return new Response(HTML_ERROR(errorMsg), {
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        if (!token) {
+          return new Response(HTML_ERROR("Missing token"), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        // Validate state parameter
+        if (!pendingAuths.has(state)) {
+          const errorMsg = "Invalid or expired state parameter. Please run the login command again."
+          log.error("oauth callback with invalid state", { state, pendingStates: Array.from(pendingAuths.keys()) })
+          return new Response(HTML_ERROR(errorMsg), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        const pending = pendingAuths.get(state)!
+        const now = Date.now()
+        const age = now - pending.createdAt
+        const isAfterTimeout = age > CALLBACK_TIMEOUT_MS
+        const isAfterGracePeriod = age > (CALLBACK_TIMEOUT_MS + GRACE_PERIOD_MS)
+
+        // If callback came after grace period, reject it
+        if (isAfterGracePeriod) {
+          const errorMsg = "Login session expired. Please run the login command again."
+          log.warn("oauth callback received after grace period", { state, age: Math.floor(age / 1000) + "s" })
+          pendingAuths.delete(state)
+          return new Response(HTML_ERROR(errorMsg), {
+            status: 400,
+            headers: { "Content-Type": "text/html" },
+          })
+        }
+
+        // If callback came after timeout but within grace period, accept it with warning
+        if (isAfterTimeout) {
+          log.warn("oauth callback received after timeout but within grace period", { 
+            state, 
+            timeoutAge: Math.floor((age - CALLBACK_TIMEOUT_MS) / 1000) + "s" 
+          })
+          // Still accept the token, but mark as timed out
+          pending.isTimedOut = true
+        }
+
+        clearTimeout(pending.timeout)
+        pendingAuths.delete(state)
+        
+        // Try to resolve, but if promise already rejected (timeout), that's ok
+        // The token will still be returned and can be saved
+        try {
+          pending.resolve({ token })
+        } catch (e) {
+          // Promise already rejected (timeout), but we still have the token
+          // This is handled in the login function
+          log.info("callback received after timeout, token available for manual save", { state })
+        }
+
+        return new Response(HTML_SUCCESS, {
+          headers: { "Content-Type": "text/html" },
+        })
+      },
+    })
+
+    log.info("oauth callback server started", { port: OAUTH_CALLBACK_PORT })
+  }
+
+  export function waitForCallback(state: string): Promise<{ token: string }> {
+    return new Promise((resolve, reject) => {
+      const timeout = setTimeout(() => {
+        if (pendingAuths.has(state)) {
+          const pending = pendingAuths.get(state)!
+          // Mark as timed out but don't reject yet - wait for grace period
+          pending.isTimedOut = true
+          log.warn("login timeout reached, but keeping state for grace period", { state })
+          
+          // Set another timeout for grace period
+          setTimeout(() => {
+            if (pendingAuths.has(state)) {
+              const pendingAfterGrace = pendingAuths.get(state)!
+              if (pendingAfterGrace.isTimedOut) {
+                // Grace period also expired, now reject
+                pendingAuths.delete(state)
+                clearTimeout(pendingAfterGrace.timeout)
+                pendingAfterGrace.reject(new Error("Login timeout - authorization took too long. Please run the login command again."))
+              }
+            }
+          }, GRACE_PERIOD_MS)
+        }
+      }, CALLBACK_TIMEOUT_MS)
+
+      pendingAuths.set(state, { 
+        resolve, 
+        reject, 
+        timeout, 
+        createdAt: Date.now() 
+      })
+    })
+  }
+
+  export async function isPortInUse(): Promise<boolean> {
+    return new Promise((resolve) => {
+      Bun.connect({
+        hostname: "127.0.0.1",
+        port: OAUTH_CALLBACK_PORT,
+        socket: {
+          open(socket) {
+            socket.end()
+            resolve(true)
+          },
+          error() {
+            resolve(false)
+          },
+          data() {},
+          close() {},
+        },
+      }).catch(() => {
+        resolve(false)
+      })
+    })
+  }
+
+  export async function stop(): Promise<void> {
+    if (server) {
+      server.stop()
+      server = undefined
+      log.info("oauth callback server stopped")
+    }
+
+    for (const [state, pending] of pendingAuths) {
+      clearTimeout(pending.timeout)
+      pending.reject(new Error("OAuth callback server stopped"))
+    }
+    pendingAuths.clear()
+  }
+
+  /**
+   * Check if Bineric provider has a token (CLI token) in bincode.json
+   */
+  export async function hasApiKey(): Promise<boolean> {
+    try {
+      const configFiles = ["bincode.jsonc", "bincode.json"]
+      for (const file of configFiles) {
+        const found = await Filesystem.findUp(file, Instance.directory, Instance.worktree)
+        for (const configPath of found) {
+          const config = await Bun.file(configPath).json().catch(() => null)
+          // Check for token (preferred) or apiKey (legacy)
+          const token = config?.provider?.Bineric?.options?.token
+          const apiKey = config?.provider?.Bineric?.options?.apiKey
+          
+          if (token && token.length > 10) {
+            return true
+          }
+          
+          // Legacy: check apiKey if token not found
+          if (apiKey && apiKey !== "not-needed" && apiKey.length > 10) {
+            return true
+          }
+        }
+      }
+      return false
+    } catch (error) {
+      log.error("error checking token/api key", { error })
+      return false
+    }
+  }
+
+  /**
+   * Get the base URL from environment variable, config file, or default
+   * Priority: BINERIC_API_URL env var > bincode.json config > default
+   */
+  export async function getBaseUrl(): Promise<string> {
+    // Check environment variable first
+    const envUrl = Env.get("BINERIC_API_URL")
+    if (envUrl && envUrl.trim()) {
+      return envUrl.trim()
+    }
+
+    try {
+      const configFiles = ["bincode.jsonc", "bincode.json"]
+      for (const file of configFiles) {
+        const found = await Filesystem.findUp(file, Instance.directory, Instance.worktree)
+        for (const configPath of found) {
+          const config = await Bun.file(configPath).json().catch(() => null)
+          const configUrl = config?.provider?.Bineric?.options?.baseURL
+          if (configUrl && configUrl.trim()) {
+            return configUrl.trim()
+          }
+        }
+      }
+      // No default - must be set via env var or config
+      throw new Error("BINERIC_API_URL environment variable or baseURL in bincode.json must be set")
+    } catch (error) {
+      log.error("error getting base url", { error })
+      throw new Error("BINERIC_API_URL environment variable or baseURL in bincode.json must be set")
+    }
+  }
+
+  export async function updateConfig(token: string): Promise<void> {
+    try {
+      const configFiles = ["bincode.jsonc", "bincode.json"]
+      let configPath: string | null = null
+      let config: any = null
+
+      // Find the config file
+      for (const file of configFiles) {
+        const found = await Filesystem.findUp(file, Instance.directory, Instance.worktree)
+        if (found.length > 0) {
+          configPath = found[0]
+          config = await Bun.file(configPath).json().catch(() => null)
+          if (config) break
+        }
+      }
+
+      // Get baseURL from env var - required
+      const defaultBaseURL = Env.get("BINERIC_API_URL")
+      if (!defaultBaseURL || !defaultBaseURL.trim()) {
+        throw new Error("BINERIC_API_URL environment variable must be set")
+      }
+
+      // If no config found, create one in the current directory
+      if (!config) {
+        configPath = path.join(Instance.directory, "bincode.json")
+        config = {
+          $schema: "https://bincode.ai/config.json",
+          enabled_providers: ["Bineric"],
+          provider: {
+            Bineric: {
+              name: "Bineric",
+              npm: "@ai-sdk/openai-compatible",
+              options: {
+                baseURL: defaultBaseURL,
+              },
+            },
+          },
+        }
+      }
+
+      // Update the config
+      if (!config.provider) {
+        config.provider = {}
+      }
+      if (!config.provider.Bineric) {
+        config.provider.Bineric = {
+          name: "Bineric",
+          npm: "@ai-sdk/openai-compatible",
+          options: {
+            baseURL: defaultBaseURL,
+          },
+        }
+      }
+      if (!config.provider.Bineric.options) {
+        config.provider.Bineric.options = {}
+      }
+
+      // Store token (contains API key and email)
+      config.provider.Bineric.options.token = token
+    
+      await Bun.write(configPath!, JSON.stringify(config, null, 2))
+      log.info("updated config with token", { configPath })
+    } catch (error) {
+      log.error("error updating config", { error })
+      throw error
+    }
+  }
+
+  export async function removeToken(): Promise<void> {
+    try {
+      const configFiles = ["bincode.jsonc", "bincode.json"]
+      let configPath: string | null = null
+      let config: any = null
+
+      for (const file of configFiles) {
+        const found = await Filesystem.findUp(file, Instance.directory, Instance.worktree)
+        if (found.length > 0) {
+          configPath = found[0]
+          config = await Bun.file(configPath).json().catch(() => null)
+          if (config) break
+        }
+      }
+
+      if (!config || !config.provider?.Bineric?.options) {
+        return
+      }
+
+      delete config.provider.Bineric.options.token
+      delete config.provider.Bineric.options.email
+      delete config.provider.Bineric.options.apiKey
+
+      await Bun.write(configPath!, JSON.stringify(config, null, 2))
+      log.info("removed token from config", { configPath })
+    } catch (error) {
+      log.error("error removing token", { error })
+      throw error
+    }
+  }
+
+  export async function login(baseUrl?: string): Promise<{ token: string }> {
+    // Get frontend URL from env var - required
+    const apiWebUrl = Env.get("BINERIC_FRONTEND_URL") || Env.get("NEXT_PUBLIC_APIWEB_URL")
+    if (!apiWebUrl || !apiWebUrl.trim()) {
+      throw new Error("BINERIC_FRONTEND_URL environment variable must be set for Bineric login")
+    }
+    const state = crypto.randomUUID()
+    const callbackUrl = `http://127.0.0.1:${OAUTH_CALLBACK_PORT}${OAUTH_CALLBACK_PATH}`
+    
+    const loginUrl = new URL(`${apiWebUrl}/auth/cli-login`)
+    loginUrl.searchParams.set("redirect_uri", callbackUrl)
+    loginUrl.searchParams.set("state", state)
+
+    await ensureServer()
+
+    prompts.log.info("Opening browser for login...")
+    prompts.log.info(`Login URL: ${loginUrl.toString()}`)
+    prompts.log.info("If browser doesn't open automatically, copy the URL above and open it in your browser")
+    
+    await open(loginUrl.toString())
+
+    const spinner = prompts.spinner()
+    spinner.start("Waiting for authorization...")
+    
+    // Set up timeout warning
+    const timeoutWarning = setTimeout(() => {
+      if (pendingAuths.has(state)) {
+        spinner.message("Still waiting... You can complete login in browser (3 more minutes)")
+      }
+    }, CALLBACK_TIMEOUT_MS)
+
+    try {
+      const { token } = await waitForCallback(state)
+      clearTimeout(timeoutWarning)
+      
+      if (!token) {
+        throw new Error("No token received from login")
+      }
+
+      spinner.stop("Login successful!")
+      return { token }
+    } catch (error) {
+      clearTimeout(timeoutWarning)
+      spinner.stop("Login timeout", 1)
+      
+      // Check if token was saved despite timeout (callback came in grace period)
+      const hasToken = await hasApiKey()
+      if (hasToken) {
+        prompts.log.success("Login completed after timeout. Token has been saved successfully!")
+        return { token: "saved" } // Return dummy token, actual token is already saved
+      }
+      
+      prompts.log.warn("Login timeout. If you complete login in browser now, you may need to run the login command again.")
+      throw error
+    }
+  }
+}
+

package/src/auth/index.ts

@@ -0,0 +1,70 @@
+import path from "path"
+import { Global } from "../global"
+import fs from "fs/promises"
+import z from "zod"
+
+export namespace Auth {
+  export const Oauth = z
+    .object({
+      type: z.literal("oauth"),
+      refresh: z.string(),
+      access: z.string(),
+      expires: z.number(),
+      enterpriseUrl: z.string().optional(),
+    })
+    .meta({ ref: "OAuth" })
+
+  export const Api = z
+    .object({
+      type: z.literal("api"),
+      key: z.string(),
+    })
+    .meta({ ref: "ApiAuth" })
+
+  export const WellKnown = z
+    .object({
+      type: z.literal("wellknown"),
+      key: z.string(),
+      token: z.string(),
+    })
+    .meta({ ref: "WellKnownAuth" })
+
+  export const Info = z.discriminatedUnion("type", [Oauth, Api, WellKnown]).meta({ ref: "Auth" })
+  export type Info = z.infer<typeof Info>
+
+  const filepath = path.join(Global.Path.data, "auth.json")
+
+  export async function get(providerID: string) {
+    const auth = await all()
+    return auth[providerID]
+  }
+
+  export async function all(): Promise<Record<string, Info>> {
+    const file = Bun.file(filepath)
+    const data = await file.json().catch(() => ({}) as Record<string, unknown>)
+    return Object.entries(data).reduce(
+      (acc, [key, value]) => {
+        const parsed = Info.safeParse(value)
+        if (!parsed.success) return acc
+        acc[key] = parsed.data
+        return acc
+      },
+      {} as Record<string, Info>,
+    )
+  }
+
+  export async function set(key: string, info: Info) {
+    const file = Bun.file(filepath)
+    const data = await all()
+    await Bun.write(file, JSON.stringify({ ...data, [key]: info }, null, 2))
+    await fs.chmod(file.name!, 0o600)
+  }
+
+  export async function remove(key: string) {
+    const file = Bun.file(filepath)
+    const data = await all()
+    delete data[key]
+    await Bun.write(file, JSON.stringify(data, null, 2))
+    await fs.chmod(file.name!, 0o600)
+  }
+}

package/src/bun/index.ts

@@ -0,0 +1,114 @@
+import z from "zod"
+import { Global } from "../global"
+import { Log } from "../util/log"
+import path from "path"
+import { NamedError } from "@bincode-ai/util/error"
+import { readableStreamToText } from "bun"
+import { createRequire } from "module"
+import { Lock } from "../util/lock"
+
+export namespace BunProc {
+  const log = Log.create({ service: "bun" })
+  const req = createRequire(import.meta.url)
+
+  export async function run(cmd: string[], options?: Bun.SpawnOptions.OptionsObject<any, any, any>) {
+    log.info("running", {
+      cmd: [which(), ...cmd],
+      ...options,
+    })
+    const result = Bun.spawn([which(), ...cmd], {
+      ...options,
+      stdout: "pipe",
+      stderr: "pipe",
+      env: {
+        ...process.env,
+        ...options?.env,
+        BUN_BE_BUN: "1",
+      },
+    })
+    const code = await result.exited
+    const stdout = result.stdout
+      ? typeof result.stdout === "number"
+        ? result.stdout
+        : await readableStreamToText(result.stdout)
+      : undefined
+    const stderr = result.stderr
+      ? typeof result.stderr === "number"
+        ? result.stderr
+        : await readableStreamToText(result.stderr)
+      : undefined
+    log.info("done", {
+      code,
+      stdout,
+      stderr,
+    })
+    if (code !== 0) {
+      throw new Error(`Command failed with exit code ${result.exitCode}`)
+    }
+    return result
+  }
+
+  export function which() {
+    return process.execPath
+  }
+
+  export const InstallFailedError = NamedError.create(
+    "BunInstallFailedError",
+    z.object({
+      pkg: z.string(),
+      version: z.string(),
+    }),
+  )
+
+  export async function install(pkg: string, version = "latest") {
+    // Use lock to ensure only one install at a time
+    using _ = await Lock.write("bun-install")
+
+    const mod = path.join(Global.Path.cache, "node_modules", pkg)
+    const pkgjson = Bun.file(path.join(Global.Path.cache, "package.json"))
+    const parsed = await pkgjson.json().catch(async () => {
+      const result = { dependencies: {} }
+      await Bun.write(pkgjson.name!, JSON.stringify(result, null, 2))
+      return result
+    })
+    if (parsed.dependencies[pkg] === version) return mod
+
+    // Build command arguments
+    const args = ["add", "--force", "--exact", "--cwd", Global.Path.cache, pkg + "@" + version]
+
+    // Let Bun handle registry resolution:
+    // - If .npmrc files exist, Bun will use them automatically
+    // - If no .npmrc files exist, Bun will default to https://registry.npmjs.org
+    // - No need to pass --registry flag
+    log.info("installing package using Bun's default registry resolution", {
+      pkg,
+      version,
+    })
+
+    await BunProc.run(args, {
+      cwd: Global.Path.cache,
+    }).catch((e) => {
+      throw new InstallFailedError(
+        { pkg, version },
+        {
+          cause: e,
+        },
+      )
+    })
+
+    // Resolve actual version from installed package when using "latest"
+    // This ensures subsequent starts use the cached version until explicitly updated
+    let resolvedVersion = version
+    if (version === "latest") {
+      const installedPkgJson = Bun.file(path.join(mod, "package.json"))
+      const installedPkg = await installedPkgJson.json().catch(() => null)
+      if (installedPkg?.version) {
+        resolvedVersion = installedPkg.version
+      }
+    }
+
+    parsed.dependencies[pkg] = resolvedVersion
+    await Bun.write(pkgjson.name!, JSON.stringify(parsed, null, 2))
+    return mod
+  }
+}