npm - commitshow - Versions diffs - 0.3.14 → 0.3.15 - Mend

commitshow 0.3.14 → 0.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/commands/login.js CHANGED Viewed

@@ -1,16 +1,125 @@
-// Device flow placeholder. Needs the /cli/link web page + token-exchange
-// Edge Function on the server side (V1 backend work · see CLAUDE.md §15-C.4
-// rollout). Until that lands, we fail fast with a clear message so the user
-// knows their audit/status commands still work read-only.
+// commitshow login — device-flow authorization.
+//
+// Default flow:
+//   1. POST /functions/v1/cli-link-init · receive { code, poll_token, verification_url }
+//   2. Print the code + URL · open the URL in the user's browser (unless --no-open)
+//   3. Poll /functions/v1/cli-link-poll every 2s until 'ok' (token returned),
+//      'expired', or timeout (10 min).
+//   4. Save the api_token + member info to ~/.commitshow/config.json
+//
+// --token mode: skip the browser handshake and accept a pre-minted JWT
+//   (useful for headless / CI environments).
+//
+// --no-open: don't auto-launch the browser, just print the URL.
+import { readConfig, writeConfig } from '../lib/config.js';
 import { c } from '../lib/colors.js';
-export async function login(_args) {
+const POLL_INTERVAL_MS = 2000;
+const POLL_TIMEOUT_MS = 10 * 60 * 1000;
+const DEFAULT_BASE_URL = 'https://tekemubwihsjdzittoqf.supabase.co';
+const DEFAULT_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRla2VtdWJ3aWhzamR6aXR0b3FmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzY0MzQ1NzUsImV4cCI6MjA5MjAxMDU3NX0.n2K-3lFVvlXQx-bV9evdNRSQCtG5oC4uQushxB2ja9Y';
+function baseUrl() {
+    return readConfig().base_url ?? DEFAULT_BASE_URL;
+}
+function tryOpen(url) {
+    // Best-effort cross-platform open. Failure is silent — user still has
+    // the URL printed and can copy/paste manually.
+    const cmd = process.platform === 'darwin' ? 'open'
+        : process.platform === 'win32' ? 'cmd'
+            : 'xdg-open';
+    const args = process.platform === 'win32' ? ['/c', 'start', '', url] : [url];
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const { spawn } = require('node:child_process');
+        spawn(cmd, args, { stdio: 'ignore', detached: true }).unref();
+    }
+    catch { /* ignore */ }
+}
+async function fetchUser(token) {
+    try {
+        const res = await fetch(`${baseUrl()}/auth/v1/user`, {
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok)
+            return null;
+        const j = await res.json();
+        return { id: j.id, email: j.email ?? null };
+    }
+    catch {
+        return null;
+    }
+}
+export async function login(args) {
+    const noOpen = args.includes('--no-open');
+    const tokenIdx = args.indexOf('--token');
+    const presetToken = tokenIdx >= 0 ? args[tokenIdx + 1] : null;
+    // Headless / CI path · skip the browser handshake.
+    if (presetToken) {
+        const user = await fetchUser(presetToken);
+        if (!user) {
+            console.error(c.scarlet('✗ Token rejected · invalid or expired.'));
+            return 1;
+        }
+        writeConfig({ ...readConfig(), token: presetToken, member_id: user.id, display_name: user.email ?? undefined });
+        console.log(c.gold('✓ Logged in · token saved to ~/.commitshow/config.json'));
+        return 0;
+    }
+    // 1. Init the device-flow.
+    let init;
+    try {
+        const res = await fetch(`${baseUrl()}/functions/v1/cli-link-init`, {
+            method: 'POST',
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${DEFAULT_ANON_KEY}`, 'Content-Type': 'application/json' },
+            body: '{}',
+        });
+        init = await res.json();
+        if (!res.ok || !init.code || !init.poll_token) {
+            console.error(c.scarlet(`✗ Init failed: ${init.error ?? `HTTP ${res.status}`}`));
+            return 1;
+        }
+    }
+    catch (e) {
+        console.error(c.scarlet(`✗ Init network error: ${e?.message ?? e}`));
+        return 1;
+    }
+    console.log('');
+    console.log(c.cream('  Authorize commitshow CLI to act on your account.'));
     console.log('');
-    console.log(c.cream('Login is not yet available in 0.1.'));
+    console.log(`  Verification code:  ${c.gold(init.code)}`);
+    console.log(`  Approve at:         ${init.verification_url}`);
     console.log('');
-    console.log(c.muted('  Read-only commands (audit, status, whoami) already work against public data.'));
-    console.log(c.muted('  Write commands (submit, re-audit, install) unlock once the device-flow'));
-    console.log(c.muted('  endpoint ships — tracked as a V1 item in the roadmap.'));
+    console.log(c.dim('  Waiting for approval (10 min timeout)…'));
     console.log('');
-    console.log(c.dim('  Sign in on the web for now → https://commit.show'));
+    if (!noOpen && init.verification_url)
+        tryOpen(init.verification_url);
+    // 2. Poll until approved / expired / timeout.
+    const deadline = Date.now() + POLL_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+        await new Promise(r => setTimeout(r, POLL_INTERVAL_MS));
+        try {
+            const res = await fetch(`${baseUrl()}/functions/v1/cli-link-poll`, {
+                method: 'POST',
+                headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${DEFAULT_ANON_KEY}`, 'Content-Type': 'application/json' },
+                body: JSON.stringify({ poll_token: init.poll_token }),
+            });
+            const resp = await res.json();
+            if (resp.status === 'ok' && resp.api_token) {
+                writeConfig({ ...readConfig(), token: resp.api_token, member_id: resp.user_id ?? undefined });
+                console.log(c.gold('  ✓ Authorized · token saved to ~/.commitshow/config.json'));
+                const user = await fetchUser(resp.api_token);
+                if (user?.email)
+                    writeConfig({ ...readConfig(), display_name: user.email });
+                return 0;
+            }
+            if (resp.status === 'expired' || resp.status === 'consumed') {
+                console.error(c.scarlet(`  ✗ ${resp.message ?? resp.status}`));
+                return 1;
+            }
+            // status === 'pending' · keep polling.
+        }
+        catch {
+            // transient · keep polling.
+        }
+    }
+    console.error(c.scarlet('  ✗ Timed out waiting for approval (10 min). Re-run commitshow login.'));
     return 1;
 }

package/dist/commands/whoami.js CHANGED Viewed

@@ -1,14 +1,56 @@
-import { readConfig } from '../lib/config.js';
+import { readConfig, writeConfig } from '../lib/config.js';
 import { c } from '../lib/colors.js';
-export async function whoami(_args) {
+const DEFAULT_BASE_URL = 'https://tekemubwihsjdzittoqf.supabase.co';
+const DEFAULT_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRla2VtdWJ3aWhzamR6aXR0b3FmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzY0MzQ1NzUsImV4cCI6MjA5MjAxMDU3NX0.n2K-3lFVvlXQx-bV9evdNRSQCtG5oC4uQushxB2ja9Y';
+async function verifyToken(token) {
+    try {
+        const res = await fetch(`${DEFAULT_BASE_URL}/auth/v1/user`, {
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok)
+            return null;
+        const j = await res.json();
+        return { id: j.id, email: j.email ?? null };
+    }
+    catch {
+        return null;
+    }
+}
+export async function whoami(args) {
     const cfg = readConfig();
-    if (!cfg.token || !cfg.display_name) {
+    // --logout · convenience flag · clears token from local config.
+    if (args.includes('--logout')) {
+        if (!cfg.token) {
+            console.log(c.dim('Already signed out.'));
+            return 0;
+        }
+        const next = { ...cfg };
+        delete next.token;
+        delete next.member_id;
+        delete next.display_name;
+        delete next.refresh_token;
+        writeConfig(next);
+        console.log(c.gold('✓ Signed out · token cleared from ~/.commitshow/config.json'));
+        return 0;
+    }
+    if (!cfg.token) {
         console.log(c.muted('Not signed in.'));
-        console.log(c.dim('  Read-only commands still work. Login coming in the next CLI release.'));
+        console.log(c.dim('  Run `commitshow login` to authorize a 90-day API token.'));
+        return 1;
+    }
+    // Verify the saved token is still valid (not expired or revoked).
+    const user = await verifyToken(cfg.token);
+    if (!user) {
+        console.log(c.scarlet('✗ Token rejected (expired or revoked).'));
+        console.log(c.dim('  Re-run `commitshow login`.'));
         return 1;
     }
-    console.log(c.cream(cfg.display_name));
-    if (cfg.member_id)
-        console.log(c.muted(`  ${cfg.member_id}`));
+    console.log('');
+    if (cfg.display_name)
+        console.log(`  ${c.cream(cfg.display_name)}`);
+    if (user.email && user.email !== cfg.display_name)
+        console.log(`  email:      ${user.email}`);
+    console.log(`  member id:  ${user.id}`);
+    console.log('');
     return 0;
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "commitshow",
-  "version": "0.3.14",
+  "version": "0.3.15",
   "description": "commit.show CLI — audit any vibe-coded project from your terminal.",
   "type": "module",
   "bin": {