heyiam 0.2.29 → 0.3.1

package/dist/github.js

@@ -0,0 +1,381 @@
+// GitHub integration: OAuth device flow, keychain-backed token storage,
+// repo listing, and Git Data API tree-push to publish a static site to
+// GitHub Pages. All pure logic — no Express. Routes live in
+// `routes/github.ts`.
+//
+// Secret handling rules (see trc-secrets-management):
+//   * Tokens are stored ONLY in the OS keychain via keytar. Never written
+//     to disk in plaintext, never logged, never returned in responses.
+//   * Errors are sanitized before surfacing — if the GitHub API echoes
+//     the token back in an error body, we do not propagate that body.
+//   * Device codes are short-lived; only the resulting access token is
+//     persisted.
+import { readdirSync, readFileSync, statSync } from 'node:fs';
+import { join, relative, sep as pathSep } from 'node:path';
+// TODO(phase-5-launch): replace with real client_id registered for the
+// heyi.am CLI OAuth App before merging to main. Founder owns this.
+export const GITHUB_OAUTH_CLIENT_ID = 'Iv1.PLACEHOLDER_CLIENT_ID';
+const KEYTAR_SERVICE = 'heyiam';
+const KEYTAR_ACCOUNT = 'github';
+const GITHUB_API = 'https://api.github.com';
+const GITHUB_DEVICE_CODE_URL = 'https://github.com/login/device/code';
+const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
+export class GitHubError extends Error {
+    code;
+    status;
+    constructor(code, message, status) {
+        super(message);
+        this.name = 'GitHubError';
+        this.code = code;
+        this.status = status;
+    }
+}
+function sanitizeMessage(msg, token) {
+    let out = msg;
+    if (token)
+        out = out.split(token).join('[redacted]');
+    return out;
+}
+// ── Fetch helpers ──────────────────────────────────────────────────────
+async function ghFetch(url, init) {
+    const { token, ...rest } = init;
+    const headers = new Headers(rest.headers);
+    headers.set('Accept', 'application/vnd.github+json');
+    headers.set('X-GitHub-Api-Version', '2022-11-28');
+    headers.set('User-Agent', 'heyiam-cli');
+    if (token)
+        headers.set('Authorization', `Bearer ${token}`);
+    return fetch(url, { ...rest, headers });
+}
+async function ghJson(url, init, code = 'GITHUB_API_FAILED') {
+    const res = await ghFetch(url, init);
+    if (!res.ok) {
+        let detail = `HTTP ${res.status}`;
+        try {
+            const body = await res.json();
+            if (body?.message)
+                detail = body.message;
+        }
+        catch { /* non-JSON body */ }
+        throw new GitHubError(code, sanitizeMessage(detail, init.token), res.status);
+    }
+    return res.json();
+}
+// ── OAuth device flow ──────────────────────────────────────────────────
+export async function requestDeviceCode(scopes) {
+    const res = await fetch(GITHUB_DEVICE_CODE_URL, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+            'User-Agent': 'heyiam-cli',
+        },
+        body: JSON.stringify({
+            client_id: GITHUB_OAUTH_CLIENT_ID,
+            scope: scopes.join(' '),
+        }),
+    });
+    if (!res.ok) {
+        throw new GitHubError('DEVICE_CODE_FAILED', `Failed to request device code: HTTP ${res.status}`, res.status);
+    }
+    const body = await res.json();
+    if (!body.device_code || !body.user_code || !body.verification_uri) {
+        throw new GitHubError('DEVICE_CODE_FAILED', 'Malformed device code response');
+    }
+    return {
+        device_code: body.device_code,
+        user_code: body.user_code,
+        verification_uri: body.verification_uri,
+        expires_in: body.expires_in ?? 900,
+        interval: body.interval ?? 5,
+    };
+}
+const defaultSleep = (ms) => new Promise((resolve) => setTimeout(resolve, ms));
+/**
+ * Make a single poll attempt against GitHub's device-flow token endpoint.
+ *
+ * Returns immediately — no sleep, no loop. The caller (frontend) is
+ * responsible for retry scheduling so the Express worker is never blocked.
+ */
+export async function pollForTokenOnce(deviceCode) {
+    const res = await fetch(GITHUB_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            Accept: 'application/json',
+            'Content-Type': 'application/json',
+            'User-Agent': 'heyiam-cli',
+        },
+        body: JSON.stringify({
+            client_id: GITHUB_OAUTH_CLIENT_ID,
+            device_code: deviceCode,
+            grant_type: 'urn:ietf:params:oauth:grant-type:device_code',
+        }),
+    });
+    const body = await res.json().catch(() => ({}));
+    if (body.access_token) {
+        return { status: 'success', access_token: body.access_token };
+    }
+    switch (body.error) {
+        case 'authorization_pending':
+        case 'slow_down':
+            return { status: 'pending' };
+        case 'expired_token':
+            return { status: 'expired' };
+        case 'access_denied':
+            return { status: 'denied' };
+        default:
+            // Unexpected error from GitHub — surface as a thrown error so the
+            // route handler maps it to a 500 via handleGitHubError.
+            throw new GitHubError('TOKEN_POLL_FAILED', body.error_description || body.error || `HTTP ${res.status}`);
+    }
+}
+let keytarOverride = null;
+/** Test hook — inject a mock keytar implementation. */
+export function __setKeytarForTests(mock) {
+    keytarOverride = mock;
+}
+async function getKeytar() {
+    if (keytarOverride)
+        return keytarOverride;
+    try {
+        const mod = await import('keytar');
+        return mod.default ?? mod;
+    }
+    catch (err) {
+        throw new GitHubError('KEYCHAIN_UNAVAILABLE', `OS keychain unavailable: ${err.message}`);
+    }
+}
+export async function storeToken(token) {
+    const keytar = await getKeytar();
+    try {
+        await keytar.setPassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT, token);
+    }
+    catch (err) {
+        throw new GitHubError('KEYCHAIN_UNAVAILABLE', `Failed to store token in keychain: ${err.message}`);
+    }
+}
+export async function loadToken() {
+    const keytar = await getKeytar();
+    try {
+        return await keytar.getPassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT);
+    }
+    catch (err) {
+        throw new GitHubError('KEYCHAIN_UNAVAILABLE', `Failed to read token from keychain: ${err.message}`);
+    }
+}
+export async function deleteToken() {
+    const keytar = await getKeytar();
+    try {
+        await keytar.deletePassword(KEYTAR_SERVICE, KEYTAR_ACCOUNT);
+    }
+    catch (err) {
+        throw new GitHubError('KEYCHAIN_UNAVAILABLE', `Failed to delete token from keychain: ${err.message}`);
+    }
+}
+// ── User + repo lookup ────────────────────────────────────────────────
+export async function getAuthenticatedUser(token) {
+    const user = await ghJson(`${GITHUB_API}/user`, { token });
+    return {
+        login: user.login,
+        name: user.name ?? null,
+        avatar_url: user.avatar_url,
+    };
+}
+export async function listRepos(token) {
+    const repos = await ghJson(`${GITHUB_API}/user/repos?per_page=100&type=owner&sort=updated`, { token });
+    return repos.map((r) => ({
+        name: String(r.name ?? ''),
+        full_name: String(r.full_name ?? ''),
+        default_branch: String(r.default_branch ?? 'main'),
+        has_pages: Boolean(r.has_pages),
+        private: Boolean(r.private),
+    }));
+}
+function walkFiles(root) {
+    const out = [];
+    const stack = [root];
+    while (stack.length > 0) {
+        const current = stack.pop();
+        let entries;
+        try {
+            entries = readdirSync(current);
+        }
+        catch (err) {
+            throw new GitHubError('INVALID_SOURCE_DIR', `Cannot read ${current}: ${err.message}`);
+        }
+        for (const entry of entries) {
+            const abs = join(current, entry);
+            const st = statSync(abs);
+            if (st.isDirectory())
+                stack.push(abs);
+            else if (st.isFile())
+                out.push(abs);
+        }
+    }
+    return out;
+}
+function toPosixRel(root, abs) {
+    return relative(root, abs).split(pathSep).join('/');
+}
+/**
+ * Push a static site directory to GitHub using the Git Data API.
+ *
+ * Flow (for ref UPDATE, which is the common case):
+ *   1. Create one blob per file (N calls).
+ *   2. Get current HEAD commit -> base tree sha.
+ *   3. Create a new tree with all blobs.
+ *   4. Create a new commit pointing at the tree with HEAD as parent.
+ *   5. Update the branch ref to the new commit.
+ *
+ * For very first push where the branch does not exist yet, we create the
+ * ref as a new branch off the default branch (or as an orphan if the
+ * repo is empty).
+ *
+ * "3 API calls typical case" in the plan refers to the tree + commit +
+ * ref-update tail; blob uploads are per-file and run first. We keep
+ * blob creation sequential to bound memory + rate-limit exposure.
+ */
+export async function pushSiteToRepo(args) {
+    const { token, owner, repo, branch, sourceDir } = args;
+    const files = walkFiles(sourceDir);
+    if (files.length === 0) {
+        throw new GitHubError('INVALID_SOURCE_DIR', `No files to push in ${sourceDir}`);
+    }
+    // 1. Create blobs (one API call per file).
+    const blobs = [];
+    for (const abs of files) {
+        const content = readFileSync(abs);
+        const body = {
+            content: content.toString('base64'),
+            encoding: 'base64',
+        };
+        const blob = await ghJson(`${GITHUB_API}/repos/${owner}/${repo}/git/blobs`, {
+            token,
+            method: 'POST',
+            body: JSON.stringify(body),
+            headers: { 'Content-Type': 'application/json' },
+        });
+        blobs.push({
+            path: toPosixRel(sourceDir, abs),
+            sha: blob.sha,
+            mode: '100644',
+            type: 'blob',
+        });
+    }
+    // 2. Look up parent commit, if any.
+    let parentCommitSha = null;
+    const refRes = await ghFetch(`${GITHUB_API}/repos/${owner}/${repo}/git/ref/heads/${encodeURIComponent(branch)}`, { token });
+    if (refRes.ok) {
+        const refBody = await refRes.json();
+        parentCommitSha = refBody.object?.sha ?? null;
+    }
+    else if (refRes.status !== 404) {
+        let detail = `HTTP ${refRes.status}`;
+        try {
+            const body = await refRes.json();
+            if (body.message)
+                detail = body.message;
+        }
+        catch { /* ignore */ }
+        throw new GitHubError('GITHUB_API_FAILED', sanitizeMessage(detail, token), refRes.status);
+    }
+    // 3. Create tree.
+    const tree = await ghJson(`${GITHUB_API}/repos/${owner}/${repo}/git/trees`, {
+        token,
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ tree: blobs }),
+    });
+    // 4. Create commit.
+    const commit = await ghJson(`${GITHUB_API}/repos/${owner}/${repo}/git/commits`, {
+        token,
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            message: 'Publish portfolio (heyi.am)',
+            tree: tree.sha,
+            parents: parentCommitSha ? [parentCommitSha] : [],
+        }),
+    });
+    // 5. Update or create ref.
+    if (parentCommitSha) {
+        await ghJson(`${GITHUB_API}/repos/${owner}/${repo}/git/refs/heads/${encodeURIComponent(branch)}`, {
+            token,
+            method: 'PATCH',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ sha: commit.sha, force: true }),
+        });
+    }
+    else {
+        await ghJson(`${GITHUB_API}/repos/${owner}/${repo}/git/refs`, {
+            token,
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify({ ref: `refs/heads/${branch}`, sha: commit.sha }),
+        });
+    }
+    return {
+        commitSha: commit.sha,
+        treeSha: tree.sha,
+        filesUploaded: blobs.length,
+    };
+}
+// ── Pages enable + poll ───────────────────────────────────────────────
+/**
+ * Idempotent — 409 "already enabled" is treated as success.
+ */
+export async function enablePages(args) {
+    const { token, owner, repo, branch } = args;
+    const res = await ghFetch(`${GITHUB_API}/repos/${owner}/${repo}/pages`, {
+        token,
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+            source: { branch, path: '/' },
+        }),
+    });
+    if (res.ok || res.status === 201 || res.status === 204)
+        return;
+    if (res.status === 409)
+        return; // already enabled
+    let detail = `HTTP ${res.status}`;
+    try {
+        const body = await res.json();
+        if (body.message)
+            detail = body.message;
+    }
+    catch { /* ignore */ }
+    throw new GitHubError('GITHUB_API_FAILED', sanitizeMessage(detail, token), res.status);
+}
+export async function pollPagesBuild(args) {
+    const { token, owner, repo } = args;
+    const intervalMs = args.intervalMs ?? 5_000;
+    const timeoutMs = args.timeoutMs ?? 5 * 60 * 1000;
+    const sleep = args.sleep ?? defaultSleep;
+    const startedAt = Date.now();
+    while (Date.now() - startedAt < timeoutMs) {
+        const res = await ghFetch(`${GITHUB_API}/repos/${owner}/${repo}/pages/builds/latest`, { token });
+        if (res.ok) {
+            const body = await res.json();
+            if (body.status === 'built')
+                return body;
+            if (body.status === 'errored') {
+                throw new GitHubError('PAGES_BUILD_FAILED', body.error?.message || 'Pages build errored');
+            }
+            // queued | building — keep polling
+        }
+        else if (res.status !== 404) {
+            // 404 can occur briefly before the first build record exists.
+            let detail = `HTTP ${res.status}`;
+            try {
+                const body = await res.json();
+                if (body.message)
+                    detail = body.message;
+            }
+            catch { /* ignore */ }
+            throw new GitHubError('GITHUB_API_FAILED', sanitizeMessage(detail, token), res.status);
+        }
+        await sleep(intervalMs);
+    }
+    throw new GitHubError('PAGES_BUILD_TIMEOUT', 'Timed out waiting for Pages build');
+}

package/dist/index.js

@@ -650,6 +650,174 @@ daemon
     }
     console.log('\n  Daemon uninstalled.\n');
 });
+// ── Embed command ──────────────────────────────────────────
+program
+    .command('embed')
+    .description('Generate embeddable widget snippets for your portfolio and projects')
+    .option('--project <name>', 'Generate embed for a specific project')
+    .option('--format <type>', 'Output format: widget, iframe, badge, html, or all', '')
+    .option('--sections <list>', 'Sections to include (comma-separated: stats,tools,skills,heatmap,recent)', 'stats')
+    .option('--theme <theme>', 'Color theme (dark or light)', 'dark')
+    .action(async (opts) => {
+    const { getAuthToken } = await import('./auth.js');
+    const { PUBLIC_URL } = await import('./config.js');
+    const { getUploadedState, getDataDir } = await import('./settings.js');
+    const { displayNameFromDir } = await import('./sync.js');
+    const { readdirSync, existsSync } = await import('node:fs');
+    const { join } = await import('node:path');
+    const auth = getAuthToken();
+    const username = auth?.username;
+    const sections = opts.sections || 'stats';
+    const theme = opts.theme || 'dark';
+    const queryParts = [];
+    if (sections !== 'stats')
+        queryParts.push(`sections=${sections}`);
+    if (theme !== 'dark')
+        queryParts.push(`theme=${theme}`);
+    const query = queryParts.length > 0 ? `?${queryParts.join('&')}` : '';
+    // Find published projects
+    const publishedDir = join(getDataDir(), 'published');
+    const publishedProjects = [];
+    if (existsSync(publishedDir)) {
+        for (const file of readdirSync(publishedDir)) {
+            if (!file.endsWith('.json'))
+                continue;
+            const dirName = file.replace(/\.json$/, '');
+            const state = getUploadedState(dirName);
+            if (state?.slug) {
+                publishedProjects.push({ dirName, slug: state.slug });
+            }
+        }
+    }
+    const isPublished = username && publishedProjects.length > 0;
+    const format = opts.format || (isPublished ? 'all' : 'html');
+    // Build local stats for static HTML
+    const db = openDatabase();
+    await syncSessionIndex(db);
+    const { getAllProjectStats } = await import('./db.js');
+    const allStats = getAllProjectStats(db);
+    if (opts.project) {
+        const match = publishedProjects.find((p) => p.slug === opts.project || p.dirName === opts.project || displayNameFromDir(p.dirName) === opts.project);
+        const localMatch = allStats.find((p) => p.projectName === opts.project || p.projectDir === opts.project || displayNameFromDir(p.projectDir) === opts.project);
+        if (!match && !localMatch) {
+            console.log(`\n  Project "${opts.project}" not found.`);
+            if (allStats.length > 0) {
+                console.log('  Available projects:');
+                for (const p of allStats)
+                    console.log(`    ${p.projectName}`);
+            }
+            console.log('');
+            db.close();
+            return;
+        }
+        const base = match && username ? `${PUBLIC_URL}/${username}/${match.slug}` : null;
+        const stats = localMatch || (match ? allStats.find((p) => displayNameFromDir(p.projectDir) === displayNameFromDir(match.dirName)) : null);
+        const title = stats?.projectName || match?.slug || opts.project;
+        console.log('');
+        console.log(`  ── ${title} ──────────────────────────────`);
+        printFormats(format, base, query, sections, theme, stats ? {
+            name: stats.projectName,
+            sessions: stats.sessionCount,
+            loc: stats.totalLoc,
+            duration: stats.totalDuration,
+            skills: stats.skills,
+        } : null);
+    }
+    else {
+        // Portfolio level
+        const base = username ? `${PUBLIC_URL}/${username}` : null;
+        // Aggregate stats across all projects
+        const totalSessions = allStats.reduce((s, p) => s + p.sessionCount, 0);
+        const totalLoc = allStats.reduce((s, p) => s + p.totalLoc, 0);
+        const totalDuration = allStats.reduce((s, p) => s + p.totalDuration, 0);
+        const allSkills = [...new Set(allStats.flatMap((p) => p.skills))].slice(0, 8);
+        console.log('');
+        console.log('  ── Portfolio ──────────────────────────────────');
+        printFormats(format, base, query, sections, theme, {
+            name: username || 'portfolio',
+            sessions: totalSessions,
+            loc: totalLoc,
+            duration: totalDuration,
+            skills: allSkills,
+            projectCount: allStats.length,
+        });
+        // Also show each published project
+        if (format !== 'html' && publishedProjects.length > 0) {
+            for (const p of publishedProjects) {
+                const projBase = `${PUBLIC_URL}/${username}/${p.slug}`;
+                const stats = allStats.find((s) => displayNameFromDir(s.projectDir) === displayNameFromDir(p.dirName));
+                console.log(`  ── ${p.slug} ──────────────────────────────`);
+                printFormats(format, projBase, query, sections, theme, stats ? {
+                    name: stats.projectName,
+                    sessions: stats.sessionCount,
+                    loc: stats.totalLoc,
+                    duration: stats.totalDuration,
+                    skills: stats.skills,
+                } : null);
+            }
+        }
+    }
+    db.close();
+});
+function printFormats(format, base, query, _sections, _theme, stats) {
+    const showAll = format === 'all';
+    if (base && (showAll || format === 'badge')) {
+        console.log('');
+        console.log('  Badge (GitHub README, markdown):');
+        console.log(`    [![heyi.am](${base}/embed.svg)](${base})`);
+        console.log('');
+    }
+    if (base && (showAll || format === 'widget')) {
+        const dataAttrs = [`data-username="${base.split('/').slice(-2, -1)[0] || ''}"`,];
+        // If it's a project URL (3+ path segments after domain), add data-project
+        const pathParts = new URL(base).pathname.split('/').filter(Boolean);
+        if (pathParts.length >= 2)
+            dataAttrs.push(`data-project="${pathParts[1]}"`);
+        if (_sections !== 'stats')
+            dataAttrs.push(`data-sections="${_sections}"`);
+        if (_theme !== 'dark')
+            dataAttrs.push(`data-theme="${_theme}"`);
+        console.log('  Widget (personal site, blog):');
+        console.log(`    <div class="heyiam-embed" ${dataAttrs.join(' ')}></div>`);
+        console.log(`    <script src="${new URL(base).origin}/embed.js"></script>`);
+        console.log('');
+    }
+    if (base && (showAll || format === 'iframe')) {
+        console.log('  iframe:');
+        console.log(`    <iframe src="${base}/embed${query}" width="480" height="200" frameborder="0"></iframe>`);
+        console.log('');
+    }
+    if (showAll || format === 'html') {
+        if (stats) {
+            const durationStr = stats.duration >= 60 ? `${Math.round(stats.duration / 60)}h` : `${stats.duration}m`;
+            const locStr = stats.loc >= 1000 ? `${(stats.loc / 1000).toFixed(1)}k` : String(stats.loc);
+            const skillChips = stats.skills.slice(0, 6).map((s) => `<span style="font-size:10px;padding:2px 8px;border-radius:3px;background:#1f2937;color:#9ca3af">${s}</span>`).join(' ');
+            const projectLine = stats.projectCount ? `<span style="font-size:10px;color:#6b7280">${stats.projectCount} projects</span>` : '';
+            console.log('  Static HTML (works anywhere, no JS needed):');
+            console.log(`    <div style="font-family:ui-monospace,monospace;background:#0a0a0f;color:#e5e7eb;padding:16px 20px;border-radius:6px">`);
+            console.log(`      <div style="font-size:15px;font-weight:600;color:#f9fafb;margin-bottom:12px">${stats.name} ${projectLine}</div>`);
+            console.log(`      <div style="display:flex;gap:20px;flex-wrap:wrap;margin-bottom:10px">`);
+            console.log(`        <div><div style="font-size:18px;font-weight:700;color:#f9fafb">${stats.sessions}</div><div style="font-size:10px;color:#6b7280;text-transform:uppercase;letter-spacing:0.08em">Sessions</div></div>`);
+            console.log(`        <div><div style="font-size:18px;font-weight:700;color:#f9fafb">${locStr}</div><div style="font-size:10px;color:#6b7280;text-transform:uppercase;letter-spacing:0.08em">Lines Changed</div></div>`);
+            console.log(`        <div><div style="font-size:18px;font-weight:700;color:#f9fafb">${durationStr}</div><div style="font-size:10px;color:#6b7280;text-transform:uppercase;letter-spacing:0.08em">Active Time</div></div>`);
+            console.log(`      </div>`);
+            if (skillChips) {
+                console.log(`      <div style="display:flex;gap:6px;flex-wrap:wrap">${skillChips}</div>`);
+            }
+            console.log(`    </div>`);
+            console.log('');
+        }
+        else {
+            console.log('  Static HTML: No local stats available for this project.');
+            console.log('');
+        }
+    }
+    if (!base && format !== 'html') {
+        console.log('  Not published yet. Only static HTML is available.');
+        console.log('  Publish from the dashboard, then run again for badge/widget/iframe.');
+        console.log('');
+    }
+}
 // ── Logout command ──────────────────────────────────────────
 program
     .command('logout')