ccraft 1.0.0

package/src/utils/api-client.js

@@ -0,0 +1,253 @@
+/**
+ * API client for claude-craft server.
+ * Uses Node 18+ native fetch. No external dependencies.
+ */
+import { readFileSync, writeFileSync, mkdirSync } from 'fs';
+import { join } from 'path';
+import { homedir } from 'os';
+import { VERSION } from '../constants.js';
+
+const CONFIG_DIR = join(homedir(), '.claude-craft');
+const CONFIG_PATH = join(CONFIG_DIR, 'config.json');
+function getDefaultServerUrl() {
+  return process.env.CLAUDE_CRAFT_SERVER_URL || 'https://api.claude-craft.dev';
+}
+const TIMEOUT_MS = 30_000;
+
+export class ApiError extends Error {
+  constructor(message, code, statusCode = null) {
+    super(message);
+    this.name = 'ApiError';
+    this.code = code;
+    this.statusCode = statusCode;
+  }
+}
+
+/**
+ * Load stored config from ~/.claude-craft/config.json
+ */
+export function loadConfig() {
+  try {
+    return JSON.parse(readFileSync(CONFIG_PATH, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Save config to ~/.claude-craft/config.json
+ */
+export function saveConfig(config) {
+  mkdirSync(CONFIG_DIR, { recursive: true });
+  writeFileSync(CONFIG_PATH, JSON.stringify(config, null, 2) + '\n', 'utf8');
+}
+
+/**
+ * Call POST /api/generate on the server.
+ *
+ * @param {object} profile  - { role, intents }
+ * @param {object} analysis - Project analysis data
+ * @param {object} [options] - { preset }
+ * @returns {Promise<{ files, summary, mcpConfigs, serverVersion }>}
+ */
+export async function callGenerate(profile, analysis, options = {}) {
+  const config = loadConfig();
+  if (!config?.apiKey) {
+    throw new ApiError(
+      'No API key configured. Run: claude-craft auth <key>',
+      'NO_API_KEY',
+    );
+  }
+
+  const serverUrl = config.serverUrl || getDefaultServerUrl();
+  const url = `${serverUrl}/api/generate`;
+
+  let res;
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+
+    res = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${config.apiKey}`,
+        'X-Claude-Craft-Version': VERSION,
+        'X-Claude-Craft-Api-Version': '1',
+      },
+      body: JSON.stringify({ profile, analysis, options }),
+      signal: controller.signal,
+    });
+
+    clearTimeout(timeout);
+  } catch (err) {
+    if (err.name === 'AbortError') {
+      throw new ApiError(
+        'Request timed out. Check connection and ~/.claude-craft/config.json',
+        'TIMEOUT',
+      );
+    }
+    throw new ApiError(
+      'Could not reach server. Check connection and ~/.claude-craft/config.json',
+      'NETWORK_ERROR',
+    );
+  }
+
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({}));
+    switch (res.status) {
+      case 401:
+      case 403:
+        throw new ApiError(
+          body.error || 'API key invalid or expired. Run: claude-craft auth <new-key>',
+          'AUTH_ERROR',
+          res.status,
+        );
+      case 426:
+        throw new ApiError(
+          body.error || 'Client incompatible with server. Run: npm update -g claude-craft',
+          'VERSION_MISMATCH',
+          426,
+        );
+      case 400:
+        throw new ApiError(
+          `Bad request: ${body.error || 'unknown'}${body.details ? ' — ' + body.details.join(', ') : ''}`,
+          'BAD_REQUEST',
+          400,
+        );
+      default:
+        throw new ApiError(
+          body.error || 'Server error. Try again later.',
+          'SERVER_ERROR',
+          res.status,
+        );
+    }
+  }
+
+  return res.json();
+}
+
+/**
+ * Call POST /api/update on the server.
+ * Returns delta components (new files not already installed) + change summary.
+ *
+ * @param {object}   profile                - { role, intents, sourceControl, documentTools }
+ * @param {object}   currentAnalysis        - Freshly computed project analysis
+ * @param {object}   previousAnalysis       - Previously stored project analysis
+ * @param {string[]} installedRelativePaths - Relative file paths already on disk
+ * @returns {Promise<{ changes, guaranteed, candidates, prompts, mcpConfigs, summary, serverVersion }>}
+ */
+export async function callUpdate(profile, currentAnalysis, previousAnalysis, installedRelativePaths) {
+  const config = loadConfig();
+  if (!config?.apiKey) {
+    throw new ApiError(
+      'No API key configured. Run: claude-craft auth <key>',
+      'NO_API_KEY',
+    );
+  }
+
+  const serverUrl = config.serverUrl || getDefaultServerUrl();
+  const url = `${serverUrl}/api/update`;
+
+  let res;
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), TIMEOUT_MS);
+
+    res = await fetch(url, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/json',
+        'Authorization': `Bearer ${config.apiKey}`,
+        'X-Claude-Craft-Version': VERSION,
+        'X-Claude-Craft-Api-Version': '1',
+      },
+      body: JSON.stringify({ profile, currentAnalysis, previousAnalysis, installedRelativePaths }),
+      signal: controller.signal,
+    });
+
+    clearTimeout(timeout);
+  } catch (err) {
+    if (err.name === 'AbortError') {
+      throw new ApiError(
+        'Request timed out. Check connection and ~/.claude-craft/config.json',
+        'TIMEOUT',
+      );
+    }
+    throw new ApiError(
+      'Could not reach server. Check connection and ~/.claude-craft/config.json',
+      'NETWORK_ERROR',
+    );
+  }
+
+  if (!res.ok) {
+    const body = await res.json().catch(() => ({}));
+    switch (res.status) {
+      case 401:
+      case 403:
+        throw new ApiError(
+          body.error || 'API key invalid or expired. Run: claude-craft auth <new-key>',
+          'AUTH_ERROR',
+          res.status,
+        );
+      case 426:
+        throw new ApiError(
+          body.error || 'Client incompatible with server. Run: npm update -g claude-craft',
+          'VERSION_MISMATCH',
+          426,
+        );
+      case 400:
+        throw new ApiError(
+          `Bad request: ${body.error || 'unknown'}${body.details ? ' — ' + body.details.join(', ') : ''}`,
+          'BAD_REQUEST',
+          400,
+        );
+      default:
+        throw new ApiError(
+          body.error || 'Server error. Try again later.',
+          'SERVER_ERROR',
+          res.status,
+        );
+    }
+  }
+
+  return res.json();
+}
+
+/**
+ * Validate an API key against the server.
+ *
+ * @param {string} apiKey
+ * @param {string} [serverUrl]
+ * @returns {Promise<boolean>}
+ */
+export async function validateKey(apiKey, serverUrl) {
+  const url = `${serverUrl || getDefaultServerUrl()}/api/auth/validate`;
+
+  let res;
+  try {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), 10_000);
+
+    res = await fetch(url, {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({ apiKey }),
+      signal: controller.signal,
+    });
+
+    clearTimeout(timeout);
+  } catch {
+    throw new ApiError(
+      'Could not reach server to validate key.',
+      'NETWORK_ERROR',
+    );
+  }
+
+  if (!res.ok) {
+    return false;
+  }
+
+  const body = await res.json();
+  return body.valid === true;
+}

package/src/utils/api-file-writer.js

@@ -0,0 +1,197 @@
+/**
+ * API file writer — writes files from server response to disk.
+ *
+ * Handles two types:
+ *   - type: 'file'       → safeWriteFile(path, content)
+ *   - type: 'json-merge'  → accumulate, then mergeJsonFile
+ *
+ * Also handles MCP filtering (only selected MCPs) and API key injection.
+ */
+import { join } from 'path';
+import { ensureDir } from 'fs-extra/esm';
+import { safeWriteFile, mergeJsonFile } from './file-writer.js';
+import { generateSecurityGitignore } from './security.js';
+
+/**
+ * Write all files from the API response to disk.
+ *
+ * @param {Array<{relativePath: string, content: string, type: 'file'|'json-merge'}>} files
+ * @param {string} targetDir - Project root directory
+ * @param {object} [opts]
+ * @param {boolean} [opts.force] - Overwrite existing files
+ * @param {string[]} [opts.selectedMcpIds] - MCP IDs user selected (for filtering)
+ * @param {object} [opts.mcpKeys] - { mcpId: { KEY_NAME: 'value' } }
+ * @param {object} [opts.securityConfig] - { addSecurityGitignore: boolean }
+ * @param {object} [opts.detected] - Detection result (for security gitignore)
+ * @returns {Promise<Array<{path: string, status: string}>>}
+ */
+export async function writeApiFiles(files, targetDir, opts = {}) {
+  const results = [];
+
+  // Ensure base directories exist
+  const directories = [
+    '.claude/scripts',
+    '.claude/mcps',
+    '.claude/workflows',
+  ];
+  for (const dir of directories) {
+    await ensureDir(join(targetDir, dir));
+  }
+
+  // Separate json-merge files from regular files
+  const regularFiles = [];
+  const jsonMergeAccum = new Map(); // relativePath → [parsed objects]
+
+  for (const file of files) {
+    if (file.type === 'json-merge') {
+      const existing = jsonMergeAccum.get(file.relativePath) || [];
+      existing.push(JSON.parse(file.content));
+      jsonMergeAccum.set(file.relativePath, existing);
+    } else {
+      regularFiles.push(file);
+    }
+  }
+
+  // Write regular files
+  for (const file of regularFiles) {
+    const filePath = join(targetDir, file.relativePath);
+    const result = await safeWriteFile(filePath, file.content, { force: opts.force ?? true });
+    results.push(result);
+  }
+
+  // Process json-merge files — inject MCP keys and filter MCPs
+  for (const [relativePath, objects] of jsonMergeAccum) {
+    // Merge all objects for this path into one
+    let merged = {};
+    for (const obj of objects) {
+      merged = deepMerge(merged, obj);
+    }
+
+    // If this is settings.json and has mcpServers, filter to selected MCPs and inject keys
+    if (relativePath === '.claude/settings.json' && merged.mcpServers && opts.selectedMcpIds) {
+      const filtered = {};
+      for (const [id, serverConfig] of Object.entries(merged.mcpServers)) {
+        if (opts.selectedMcpIds.includes(id)) {
+          // Inject user-provided API keys
+          if (opts.mcpKeys && opts.mcpKeys[id]) {
+            serverConfig.env = { ...serverConfig.env, ...opts.mcpKeys[id] };
+          }
+          filtered[id] = serverConfig;
+        }
+      }
+      merged.mcpServers = filtered;
+    }
+
+    const filePath = join(targetDir, relativePath);
+    const result = await mergeJsonFile(filePath, merged, { force: opts.force ?? true });
+    results.push(result);
+  }
+
+  // Security gitignore (handled locally, not from server)
+  if (opts.securityConfig?.addSecurityGitignore) {
+    const { join: pathJoin } = await import('path');
+    const { pathExists, outputFile } = await import('fs-extra/esm');
+    const { readFileSync } = await import('fs');
+
+    const gitignorePath = pathJoin(targetDir, '.gitignore');
+    const securityBlock = generateSecurityGitignore(opts.detected || {});
+
+    if (await pathExists(gitignorePath)) {
+      const content = readFileSync(gitignorePath, 'utf8');
+      const existingLines = new Set(
+        content.split('\n').map((l) => l.trim()).filter(Boolean)
+      );
+
+      // Filter out lines that already exist in .gitignore (dedup)
+      const newLines = securityBlock
+        .split('\n')
+        .filter((line) => {
+          const trimmed = line.trim();
+          if (!trimmed || trimmed.startsWith('#')) return true; // keep comments & blanks
+          return !existingLines.has(trimmed);
+        });
+
+      if (newLines.some((l) => l.trim() && !l.trim().startsWith('#'))) {
+        let updated = content;
+        if (!updated.endsWith('\n')) updated += '\n';
+        updated += '\n' + newLines.join('\n');
+        await outputFile(gitignorePath, updated, 'utf8');
+        results.push({ path: gitignorePath, status: 'updated' });
+      } else {
+        results.push({ path: gitignorePath, status: 'skipped' });
+      }
+    } else {
+      await outputFile(gitignorePath, securityBlock, 'utf8');
+      results.push({ path: gitignorePath, status: 'created' });
+    }
+  }
+
+  return results;
+}
+
+/**
+ * Build a flat file list from a V3 API response.
+ *
+ * @param {object} apiResponse - V3 response with guaranteed.files and candidates.items
+ * @param {string[]|null} selectedCandidateIds - IDs selected by Claude, or null for all
+ * @returns {Array<{relativePath: string, content: string, type: string}>}
+ */
+export function buildFileList(apiResponse, selectedCandidateIds) {
+  const files = [...(apiResponse.guaranteed?.files || [])];
+
+  const candidates = apiResponse.candidates?.items || [];
+  const selectedSet = selectedCandidateIds ? new Set(selectedCandidateIds) : null;
+
+  for (const candidate of candidates) {
+    // Skip unselected candidates (null = include all)
+    if (selectedSet && !selectedSet.has(candidate.id)) continue;
+
+    if (Array.isArray(candidate.files) && candidate.files.length > 0) {
+      // Multi-file candidates (skills with references/)
+      for (const f of candidate.files) {
+        if (f && typeof f.relativePath === 'string' && typeof f.content === 'string') {
+          files.push(f);
+        }
+      }
+    } else if (candidate.file) {
+      // Single-file candidates
+      files.push(candidate.file);
+    } else if (candidate.category === 'mcp' && candidate.mcpConfig) {
+      // MCP candidates: generate json-merge entry for settings.json
+      const serverConfig = {};
+      if (candidate.mcpConfig.command) {
+        serverConfig.command = candidate.mcpConfig.command;
+        if (candidate.mcpConfig.args?.length) serverConfig.args = candidate.mcpConfig.args;
+      } else if (candidate.mcpConfig.url) {
+        serverConfig.url = candidate.mcpConfig.url;
+        serverConfig.type = candidate.mcpConfig.transport || 'url';
+      }
+      files.push({
+        relativePath: '.claude/settings.json',
+        content: JSON.stringify({ mcpServers: { [candidate.id]: serverConfig } }),
+        type: 'json-merge',
+      });
+    }
+  }
+
+  return files;
+}
+
+function deepMerge(target, source) {
+  const result = { ...target };
+  for (const key of Object.keys(source)) {
+    if (
+      source[key] &&
+      typeof source[key] === 'object' &&
+      !Array.isArray(source[key]) &&
+      target[key] &&
+      typeof target[key] === 'object' &&
+      !Array.isArray(target[key])
+    ) {
+      result[key] = deepMerge(target[key], source[key]);
+    } else {
+      result[key] = source[key];
+    }
+  }
+  return result;
+}

package/src/utils/bootstrap-runner.js

@@ -0,0 +1,148 @@
+import { spawn } from 'child_process';
+import { createInterface } from 'readline';
+import chalk from 'chalk';
+import { platformCmd } from './run-claude.js';
+
+const DEFAULT_TIMEOUT = 600_000; // 10 minutes — bootstrap is long-running
+
+/**
+ * Shorten a file path to the last two segments for concise log output.
+ */
+function shortenPath(p) {
+  if (!p) return '';
+  const segments = p.replace(/\\/g, '/').split('/');
+  return segments.length > 2 ? '\u2026/' + segments.slice(-2).join('/') : p;
+}
+
+/**
+ * Format a tool-use event into a concise, human-friendly log line.
+ */
+function formatToolLog(name, input) {
+  switch (name) {
+    case 'Read':
+      return `Reading ${shortenPath(input?.file_path)}`;
+    case 'Write':
+      return `Creating ${shortenPath(input?.file_path)}`;
+    case 'Edit':
+      return `Editing ${shortenPath(input?.file_path)}`;
+    case 'Bash': {
+      const cmd = input?.command || '';
+      return `Running ${chalk.cyan(cmd.length > 60 ? cmd.slice(0, 57) + '\u2026' : cmd)}`;
+    }
+    case 'Glob':
+      return `Searching for ${input?.pattern || 'files'}`;
+    case 'Grep':
+      return `Searching code for "${(input?.pattern || '').slice(0, 40)}"`;
+    case 'Agent':
+      return `Spawning ${input?.subagent_type || 'agent'}: ${(input?.description || '').slice(0, 50)}`;
+    case 'Skill':
+      return `Running /${input?.skill || 'skill'}`;
+    case 'TaskCreate':
+      return `Creating task: ${(input?.description || '').slice(0, 50)}`;
+    case 'TaskUpdate':
+      return `Updating task #${input?.task_id || '?'}`;
+    default:
+      return name;
+  }
+}
+
+/**
+ * Spawn `claude` CLI to run /bootstrap:auto in the target project directory.
+ * Streams Claude's activity as a real-time log so the user can follow progress.
+ *
+ * Uses `--output-format stream-json` to capture tool-use events and display
+ * them as concise log lines (e.g. "Creating src/index.ts", "Running npm install").
+ *
+ * @param {string} targetDir   – Absolute path to the new project directory
+ * @param {string} description – User's project description (passed to /bootstrap:auto)
+ * @param {object} [opts]
+ * @param {number} [opts.timeout] – Hard timeout in ms (default: 600000)
+ * @returns {Promise<void>} Resolves on exit code 0, rejects otherwise
+ */
+export function runBootstrap(targetDir, description, opts = {}) {
+  const timeout = opts.timeout ?? DEFAULT_TIMEOUT;
+
+  const prompt = `/bootstrap:auto ${description}`;
+  const { file, args } = platformCmd('claude', [
+    '--dangerously-skip-permissions',
+    '-p',
+    prompt,
+    '--verbose',
+    '--output-format', 'stream-json',
+  ]);
+
+  return new Promise((resolve, reject) => {
+    const child = spawn(file, args, {
+      cwd: targetDir,
+      stdio: ['ignore', 'pipe', 'inherit'],
+      windowsHide: true,
+    });
+
+    let killed = false;
+    const toolBlocks = new Map(); // index → { name, chunks[] }
+
+    const timer = setTimeout(() => {
+      killed = true;
+      child.kill('SIGTERM');
+      setTimeout(() => {
+        try { child.kill('SIGKILL'); } catch {}
+      }, 5000);
+    }, timeout);
+
+    // Parse streaming JSON and surface tool-use events as log lines
+    const rl = createInterface({ input: child.stdout });
+
+    rl.on('line', (line) => {
+      if (!line.trim()) return;
+      let event;
+      try { event = JSON.parse(line); } catch { return; }
+
+      // ── High-level message events (Claude Code wrapper format) ──
+      if (event.type === 'assistant' && event.message?.content) {
+        for (const block of event.message.content) {
+          if (block.type === 'tool_use') {
+            console.log(chalk.dim(`  \u25b8 ${formatToolLog(block.name, block.input)}`));
+          }
+        }
+        return;
+      }
+
+      // ── Low-level streaming events (Anthropic API format) ───────
+      if (event.type === 'content_block_start' && event.content_block?.type === 'tool_use') {
+        toolBlocks.set(event.index, { name: event.content_block.name, chunks: [] });
+        return;
+      }
+      if (event.type === 'content_block_delta' && event.delta?.type === 'input_json_delta') {
+        const block = toolBlocks.get(event.index);
+        if (block) block.chunks.push(event.delta.partial_json);
+        return;
+      }
+      if (event.type === 'content_block_stop') {
+        const block = toolBlocks.get(event.index);
+        if (block) {
+          let input = {};
+          try { input = JSON.parse(block.chunks.join('')); } catch {}
+          console.log(chalk.dim(`  \u25b8 ${formatToolLog(block.name, input)}`));
+          toolBlocks.delete(event.index);
+        }
+        return;
+      }
+    });
+
+    child.on('error', (err) => {
+      clearTimeout(timer);
+      reject(new Error(`Failed to launch Claude CLI: ${err.message}`));
+    });
+
+    child.on('close', (code) => {
+      clearTimeout(timer);
+      if (killed) {
+        return reject(new Error('Bootstrap timed out after 10 minutes. You can re-run /bootstrap:auto manually inside the project.'));
+      }
+      if (code !== 0) {
+        return reject(new Error(`Bootstrap exited with code ${code}. You can re-run /bootstrap:auto manually inside the project.`));
+      }
+      resolve();
+    });
+  });
+}