mtrx-cli 0.1.0

package/src/matrx/cli/main.py

@@ -0,0 +1,510 @@
+from __future__ import annotations
+
+import argparse
+import html
+import http.server
+import os
+import subprocess
+import sys
+import threading
+import urllib.parse
+import webbrowser
+
+from matrx.cli.launcher import (
+    prepare_routed_setup,
+    build_launch_plan,
+    claude_credentials_path,
+    claude_oauth_available,
+    configured_route,
+    describe_launch_plan,
+    find_executable,
+    get_tool_config_status,
+    initialize_first_launch_route,
+    launch,
+    read_claude_oauth_token,
+    read_codex_access_token,
+    resolve_route,
+    validate_launch_plan,
+)
+from matrx.cli.state import (
+    ensure_app_url,
+    ensure_root_url,
+    ensure_v1_url,
+    get_workspace_binding,
+    load_state,
+    mask_secret,
+    save_state,
+)
+
+
+def main(argv: list[str] | None = None) -> int:
+    parser = _build_parser()
+    args, remainder = parser.parse_known_args(argv)
+
+    if args.command == "help":
+        parser.print_help()
+        return 0
+    if args.command == "login":
+        return _cmd_login(args)
+    if args.command == "use":
+        return _cmd_use(args)
+    if args.command == "status":
+        return _cmd_status()
+    if args.command == "doctor":
+        return _cmd_doctor()
+    if args.command in {"codex", "claude"}:
+        return _cmd_launch(args.command, args.route, remainder)
+
+    parser.print_help()
+    return 1
+
+
+def _build_parser() -> argparse.ArgumentParser:
+    parser = argparse.ArgumentParser(prog="mtrx")
+    subparsers = parser.add_subparsers(dest="command")
+
+    login = subparsers.add_parser("login")
+    login.add_argument("provider", choices=["matrx", "openai", "anthropic", "claude-code"])
+    login.add_argument("--key")
+    login.add_argument("--base-url")
+    login.add_argument("--app-url")
+    login.add_argument("--web", action="store_true")
+    login.add_argument("--import", dest="do_import", action="store_true")
+
+    use = subparsers.add_parser("use")
+    use.add_argument("tool", choices=["codex", "claude"])
+    use.add_argument("route", choices=["direct", "matrx"])
+
+    subparsers.add_parser("help")
+    subparsers.add_parser("status")
+    subparsers.add_parser("doctor")
+
+    codex = subparsers.add_parser("codex")
+    codex.add_argument("--route", choices=["direct", "matrx"])
+
+    claude = subparsers.add_parser("claude")
+    claude.add_argument("--route", choices=["direct", "matrx"])
+
+    return parser
+
+
+def _is_interactive_terminal() -> bool:
+    return sys.stdin.isatty() and sys.stdout.isatty()
+
+
+def _prompt_yes_no(prompt: str, *, default: bool = True) -> bool:
+    if not _is_interactive_terminal():
+        return default
+    suffix = "[Y/n]" if default else "[y/N]"
+    answer = input(f"{prompt} {suffix} ").strip().lower()
+    if not answer:
+        return default
+    return answer in {"y", "yes"}
+
+
+def _prompt_for_secret(prompt: str) -> str:
+    if not _is_interactive_terminal():
+        return ""
+    return input(f"{prompt}: ").strip()
+
+
+def _derive_callback_payload(params: dict[str, list[str]]) -> dict[str, str | None]:
+    def _one(name: str) -> str | None:
+        values = params.get(name) or []
+        if not values:
+            return None
+        value = values[0].strip()
+        return value or None
+
+    return {
+        "state": _one("state"),
+        "matrx_key": _one("matrx_key"),
+        "org_id": _one("org_id"),
+        "project_id": _one("project_id"),
+        "error": _one("error"),
+    }
+
+
+def _matrx_browser_callback_html(payload: dict[str, str | None]) -> bytes:
+    error = (payload.get("error") or "").strip()
+    if error:
+        escaped_error = html.escape(error)
+        body = (
+            "<html><body><h1>Matrx login failed.</h1>"
+            "<p>The browser-based handoff returned an error.</p>"
+            f"<pre>{escaped_error}</pre>"
+            "<p>You can close this window and return to the terminal.</p>"
+            "</body></html>"
+        )
+    else:
+        body = (
+            "<html><body><h1>Matrx login complete.</h1>"
+            "<p>You can close this window and return to the terminal.</p>"
+            "</body></html>"
+        )
+    return body.encode("utf-8")
+
+
+def _run_matrx_browser_login(
+    state: dict,
+    *,
+    requested_org_id: str | None = None,
+    requested_project_id: str | None = None,
+) -> dict[str, str | None]:
+    auth_cfg = state.setdefault("auth", {}).setdefault("matrx", {})
+    api_root = ensure_root_url(auth_cfg.get("base_url"))
+    app_url = ensure_app_url(auth_cfg.get("app_url"), base_url=auth_cfg.get("base_url"))
+    nonce = os.urandom(12).hex()
+    result: dict[str, str | None] = {}
+    event = threading.Event()
+
+    class _CallbackHandler(http.server.BaseHTTPRequestHandler):
+        def do_GET(self):  # noqa: N802
+            parsed = urllib.parse.urlparse(self.path)
+            if parsed.path != "/callback":
+                self.send_response(404)
+                self.end_headers()
+                return
+
+            payload = _derive_callback_payload(urllib.parse.parse_qs(parsed.query))
+            result.update(payload)
+            event.set()
+            body = _matrx_browser_callback_html(payload)
+            self.send_response(200)
+            self.send_header("Content-Type", "text/html; charset=utf-8")
+            self.send_header("Content-Length", str(len(body)))
+            self.end_headers()
+            self.wfile.write(body)
+
+        def log_message(self, format, *args):  # noqa: A003
+            return
+
+    server = http.server.ThreadingHTTPServer(("127.0.0.1", 0), _CallbackHandler)
+    try:
+        thread = threading.Thread(target=server.serve_forever, daemon=True)
+        thread.start()
+        callback_url = f"http://127.0.0.1:{server.server_port}/callback"
+        params = {
+            "callback": callback_url,
+            "state": nonce,
+            "api_base": api_root,
+        }
+        if requested_org_id:
+            params["org_id"] = requested_org_id
+        if requested_project_id:
+            params["project_id"] = requested_project_id
+        login_url = f"{app_url}/cli-auth?{urllib.parse.urlencode(params)}"
+        print(f"Open this URL to complete Matrx login:\n  {login_url}")
+        webbrowser.open(login_url)
+        if not event.wait(timeout=300):
+            raise ValueError("Matrx web login timed out")
+    finally:
+        server.shutdown()
+        server.server_close()
+
+    if result.get("state") != nonce:
+        raise ValueError("Matrx web login returned an invalid state token")
+    if result.get("error"):
+        raise ValueError(f"Matrx web login failed: {result['error']}")
+    if not (result.get("matrx_key") or "").startswith("mx_"):
+        raise ValueError("Matrx web login did not return a valid Matrx key")
+    return result
+
+
+def _complete_matrx_login(state: dict) -> tuple[dict, bool]:
+    auth_cfg = state.setdefault("auth", {}).setdefault("matrx", {})
+    if _has_matrx_login(state, env=os.environ):
+        return state, False
+    if not _is_interactive_terminal():
+        raise ValueError("Login required. Run: mtrx login matrx --key mx_... or set MTRX_KEY")
+
+    print("Matrx login required.")
+    if _prompt_yes_no("Open the browser-based Matrx sign-in flow now?", default=True):
+        session = _run_matrx_browser_login(state)
+        auth_cfg["key"] = session["matrx_key"]
+        return state, True
+
+    manual_key = _prompt_for_secret("Paste your Matrx key")
+    if not manual_key:
+        raise ValueError("Matrx login cancelled")
+    if not manual_key.startswith("mx_"):
+        raise ValueError("Matrx key must start with mx_")
+    auth_cfg["key"] = manual_key
+    return state, True
+
+
+def _complete_codex_login() -> None:
+    if read_codex_access_token():
+        return
+    if not _is_interactive_terminal():
+        raise ValueError("Codex login required. Run: codex login")
+    print("Codex login required.")
+    if not _prompt_yes_no("Run `codex login` now?", default=True):
+        raise ValueError("Codex login cancelled")
+    executable = find_executable("codex") or "codex"
+    result = subprocess.run([executable, "login"], check=False)
+    if result.returncode != 0 or not read_codex_access_token():
+        raise ValueError("Codex login did not complete successfully")
+
+
+def _maybe_promote_direct_route(state: dict, tool: str, route: str | None) -> tuple[str | None, bool]:
+    if route is not None:
+        return route, False
+    if configured_route(state, tool) != "direct":
+        return route, False
+    if _has_matrx_login(state, env=os.environ):
+        return route, False
+    if not _is_interactive_terminal():
+        return route, False
+
+    print(f"`mtrx {tool}` is currently configured to use the direct route.")
+    if _prompt_yes_no(f"Switch {tool} to the Matrx route and continue with Matrx sign-in?", default=True):
+        state.setdefault("defaults", {})[tool] = "matrx"
+        return "matrx", True
+    return route, False
+
+
+def _cmd_login(args) -> int:
+    state = load_state()
+    provider = args.provider.replace("-", "_")
+
+    if provider == "claude_code":
+        if not args.do_import:
+            print("Use: mtrx login claude-code --import", file=sys.stderr)
+            return 1
+        token = read_claude_oauth_token()
+        if not token:
+            print(
+                f"No Claude OAuth token found at {claude_credentials_path()}",
+                file=sys.stderr,
+            )
+            return 1
+        state["auth"]["claude_code"]["oauth_token"] = token
+        path = save_state(state)
+        print(f"Saved Claude Code OAuth token metadata to {path}")
+        return 0
+
+    key = (args.key or "").strip()
+    if provider == "matrx":
+        if args.base_url:
+            state["auth"]["matrx"]["base_url"] = args.base_url.strip()
+        if args.app_url:
+            state["auth"]["matrx"]["app_url"] = args.app_url.strip()
+        elif not state["auth"]["matrx"].get("app_url"):
+            state["auth"]["matrx"]["app_url"] = ensure_app_url(
+                None,
+                base_url=state["auth"]["matrx"].get("base_url"),
+            )
+        if not key:
+            if not args.web and not _is_interactive_terminal():
+                print("--key is required for non-interactive Matrx login", file=sys.stderr)
+                return 1
+            try:
+                state, changed = _complete_matrx_login(state)
+            except ValueError as exc:
+                print(str(exc), file=sys.stderr)
+                return 1
+            if changed:
+                path = save_state(state)
+                print(f"Saved {args.provider} credentials to {path}")
+                print(f"Matrx base URL: {ensure_v1_url(state['auth']['matrx']['base_url'])}")
+                return 0
+            print("Matrx login did not change the current state", file=sys.stderr)
+            return 1
+
+    if not key:
+        print("--key is required for this login command", file=sys.stderr)
+        return 1
+
+    if provider == "matrx" and not key.startswith("mx_"):
+        print("Matrx key must start with mx_", file=sys.stderr)
+        return 1
+
+    state["auth"][provider]["key"] = key
+    path = save_state(state)
+    print(f"Saved {args.provider} credentials to {path}")
+    if provider == "matrx":
+        print(f"Matrx base URL: {ensure_v1_url(state['auth']['matrx']['base_url'])}")
+    return 0
+
+
+def _cmd_use(args) -> int:
+    state = load_state()
+    if not _has_matrx_login(state, env=os.environ):
+        print("Login required. Run: mtrx login matrx --key mx_...", file=sys.stderr)
+        return 1
+    state["defaults"][args.tool] = args.route
+    path = save_state(state)
+    print(f"Default route for {args.tool}: {args.route}")
+    print(f"Saved to {path}")
+    return 0
+
+
+def _cmd_status() -> int:
+    state = load_state()
+    auth = state["auth"]
+    print("Defaults:")
+    print(f"  codex: {_default_route_label(configured_route(state, 'codex'))}")
+    print(f"  claude: {_default_route_label(configured_route(state, 'claude'))}")
+    print("Auth:")
+    print(
+        "  matrx: "
+        f"{mask_secret(auth['matrx'].get('key'))} "
+        f"({ensure_v1_url(auth['matrx'].get('base_url'))})"
+    )
+    print(f"  matrx app: {ensure_app_url(auth['matrx'].get('app_url'), base_url=auth['matrx'].get('base_url'))}")
+    print(f"  openai: {mask_secret(auth['openai'].get('key'))}")
+    print(f"  anthropic: {mask_secret(auth['anthropic'].get('key'))}")
+    imported = "imported" if auth["claude_code"].get("oauth_token") else "not imported"
+    local = "present" if claude_oauth_available() else "missing"
+    print(f"  claude-code oauth: {imported}, local credentials: {local}")
+    print("Tool config:")
+    for tool in ("codex", "claude"):
+        config_status = get_tool_config_status(state, tool)
+        route = configured_route(state, tool)
+        if tool == "codex" and config_status["verified"] and not config_status["configured"]:
+            status_label = "runtime-only" if route == "matrx" else "clean"
+        elif config_status["configured"] and config_status["verified"]:
+            status_label = "configured+verified"
+        elif config_status["configured"]:
+            status_label = "configured"
+        else:
+            status_label = "not configured"
+        location = config_status["config_path"] or "unknown"
+        verified_at = config_status["last_verified_at"] or "-"
+        print(f"  {tool}: {status_label} ({location}, verified={verified_at})")
+    print("Executables:")
+    print(f"  codex: {find_executable('codex') or 'not found'}")
+    print(f"  claude: {find_executable('claude') or 'not found'}")
+    return 0
+
+
+def _cmd_doctor() -> int:
+    state = load_state()
+    failures = 0
+    env_matrx_key = (os.environ.get("MTRX_KEY") or "").strip()
+    workspace_binding = get_workspace_binding(state, cwd=os.environ.get("PWD") or os.getcwd()) or {}
+    workspace_matrx_key = (workspace_binding.get("matrx_key") or "").strip()
+
+    for tool in ("codex", "claude"):
+        found = find_executable(tool)
+        if found:
+            print(f"[ok] {tool} executable: {found}")
+        else:
+            print(f"[fail] {tool} executable not found")
+            failures += 1
+
+    matrx_key = (state["auth"]["matrx"].get("key") or "").strip()
+    if matrx_key:
+        print("[ok] Matrx key saved")
+    elif workspace_matrx_key:
+        print("[warn] No Matrx key saved (current workspace has a stored MATRX binding)")
+    elif env_matrx_key:
+        print("[warn] No Matrx key saved (current shell has MTRX_KEY override)")
+    else:
+        print("[warn] No Matrx key saved")
+    if env_matrx_key:
+        print("[ok] MTRX_KEY override present in current shell")
+    if workspace_matrx_key:
+        print("[ok] Workspace MATRX binding present in current repo")
+
+    openai_key = (state["auth"]["openai"].get("key") or "").strip()
+    if openai_key:
+        print("[ok] OpenAI fallback key saved")
+    else:
+        print("[warn] No OpenAI fallback key saved")
+
+    anthropic_key = (state["auth"]["anthropic"].get("key") or "").strip()
+    if anthropic_key:
+        print("[ok] Anthropic fallback key saved")
+    else:
+        print("[warn] No Anthropic fallback key saved")
+
+    if claude_oauth_available():
+        print(f"[ok] Local Claude OAuth found at {claude_credentials_path()}")
+    else:
+        print(f"[warn] Local Claude OAuth not found at {claude_credentials_path()}")
+
+    for tool in ("codex", "claude"):
+        route = configured_route(state, tool)
+        if route == "matrx" and not _has_matrx_login(state, env=os.environ):
+            print(f"[fail] Default {tool} route is matrx but no Matrx key is saved")
+            failures += 1
+        elif route is None:
+            print(f"[warn] Default {tool} route not chosen yet (first `mtrx {tool}` launch will initialize it to matrx)")
+        config_status = get_tool_config_status(state, tool)
+        if tool == "codex" and config_status["verified"] and not config_status["configured"]:
+            if route == "matrx":
+                print(f"[ok] {tool} uses runtime launch overrides; native config is clean at {config_status['config_path']}")
+            else:
+                print(f"[ok] {tool} native config is clean at {config_status['config_path']}")
+        elif config_status["configured"] and config_status["verified"]:
+            print(f"[ok] {tool} native config verified at {config_status['config_path']}")
+        elif config_status["configured"]:
+            print(f"[warn] {tool} native config written but not verified")
+        else:
+            print(f"[warn] {tool} native config not configured")
+
+    return 1 if failures else 0
+
+
+def _cmd_launch(tool: str, route: str | None, remainder: list[str]) -> int:
+    state = load_state()
+    route, promoted = _maybe_promote_direct_route(state, tool, route)
+    first_launch = route is None and configured_route(state, tool) is None
+    effective_route = resolve_route(state, tool, route)
+    try:
+        auth_changed = False
+        if effective_route == "matrx":
+            state, login_changed = _complete_matrx_login(state)
+            auth_changed = auth_changed or login_changed
+            if tool == "codex":
+                _complete_codex_login()
+        initialized = initialize_first_launch_route(state, tool, route)
+        state, changed = prepare_routed_setup(
+            state,
+            tool=tool,
+            route_override=route,
+            base_env=os.environ,
+        )
+        if initialized or changed or auth_changed or promoted:
+            save_state(state)
+        if initialized:
+            print(
+                f"First-time setup: default route for {tool} set to matrx. "
+                f"Use `mtrx use {tool} direct` to opt out.",
+            )
+        plan = build_launch_plan(
+            state,
+            tool=tool,
+            route_override=route,
+            passthrough_args=remainder,
+            base_env=os.environ,
+        )
+        validate_launch_plan(plan, state)
+        for line in describe_launch_plan(plan, state):
+            print(line)
+    except ValueError as exc:
+        print(str(exc), file=sys.stderr)
+        return 1
+    return launch(plan)
+
+
+def _has_matrx_login(state: dict, env: dict[str, str] | None = None) -> bool:
+    env = env or {}
+    env_key = (env.get("MTRX_KEY") or "").strip()
+    if env_key:
+        return True
+    workspace_binding = get_workspace_binding(state, cwd=env.get("PWD") or os.getcwd()) or {}
+    workspace_key = (workspace_binding.get("matrx_key") or "").strip()
+    if workspace_key:
+        return True
+    return bool((state.get("auth", {}).get("matrx", {}).get("key") or "").strip())
+
+
+def _default_route_label(route: str | None) -> str:
+    return route or "unset"
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())