oathbound 0.5.1 → 0.6.0

package/auth.ts

@@ -0,0 +1,151 @@
+import { createClient } from '@supabase/supabase-js';
+import {
+  mkdirSync, writeFileSync, readFileSync, unlinkSync, existsSync,
+} from 'node:fs';
+import { join } from 'node:path';
+import { homedir } from 'node:os';
+import { intro, outro, text, password, cancel, isCancel } from '@clack/prompts';
+import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
+
+const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';
+const SUPABASE_ANON_KEY = 'sb_publishable_T-rk0azNRqAMLLGCyadyhQ_ulk9685n';
+
+const AUTH_DIR = join(homedir(), '.oathbound');
+const AUTH_FILE = join(AUTH_DIR, 'auth.json');
+
+interface StoredSession {
+  access_token: string;
+  refresh_token: string;
+  expires_at: number;
+}
+
+function saveSession(session: StoredSession): void {
+  mkdirSync(AUTH_DIR, { recursive: true, mode: 0o700 });
+  writeFileSync(AUTH_FILE, JSON.stringify(session, null, 2), { mode: 0o600 });
+}
+
+function loadSession(): StoredSession | null {
+  if (!existsSync(AUTH_FILE)) return null;
+  try {
+    return JSON.parse(readFileSync(AUTH_FILE, 'utf-8'));
+  } catch {
+    return null;
+  }
+}
+
+function clearSession(): void {
+  if (existsSync(AUTH_FILE)) unlinkSync(AUTH_FILE);
+}
+
+export async function login(): Promise<void> {
+  intro(BRAND);
+
+  const email = await text({
+    message: 'Email:',
+    validate(value) {
+      if (!value.includes('@')) return 'Please enter a valid email';
+    },
+  });
+  if (isCancel(email)) { cancel('Login cancelled.'); process.exit(0); }
+
+  const pw = await password({ message: 'Password:' });
+  if (isCancel(pw)) { cancel('Login cancelled.'); process.exit(0); }
+
+  const spin = spinner('Signing in...');
+
+  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+    auth: { autoRefreshToken: false, persistSession: false },
+  });
+
+  const { data, error } = await supabase.auth.signInWithPassword({
+    email: email as string,
+    password: pw as string,
+  });
+
+  spin.stop();
+
+  if (error || !data.session) {
+    fail('Login failed', error?.message ?? 'No session returned');
+  }
+
+  saveSession({
+    access_token: data.session.access_token,
+    refresh_token: data.session.refresh_token,
+    expires_at: data.session.expires_at!,
+  });
+
+  // Get username for display
+  const { data: userRecord } = await supabase
+    .from('users')
+    .select('username')
+    .eq('user_id', data.user.id)
+    .single();
+
+  const displayName = userRecord?.username ?? data.user.email ?? 'unknown';
+  outro(`Logged in as ${BOLD}${displayName}${RESET}`);
+}
+
+export async function logout(): Promise<void> {
+  clearSession();
+  console.log(`\n${BRAND} ${GREEN}✓ Logged out${RESET}`);
+}
+
+export async function getAccessToken(): Promise<string> {
+  const session = loadSession();
+  if (!session) {
+    fail('Not logged in', 'Run: oathbound login');
+  }
+
+  // Token still valid (with 60s buffer) — use it directly
+  const now = Math.floor(Date.now() / 1000);
+  if (session.expires_at > now + 60) {
+    return session.access_token;
+  }
+
+  // Token expired or expiring soon — refresh
+  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+    auth: { autoRefreshToken: false, persistSession: false },
+  });
+
+  const { data, error } = await supabase.auth.setSession({
+    access_token: session.access_token,
+    refresh_token: session.refresh_token,
+  });
+
+  if (error || !data.session) {
+    clearSession();
+    fail('Session expired', 'Run: oathbound login');
+  }
+
+  saveSession({
+    access_token: data.session.access_token,
+    refresh_token: data.session.refresh_token,
+    expires_at: data.session.expires_at!,
+  });
+
+  return data.session.access_token;
+}
+
+export async function whoami(): Promise<void> {
+  const token = await getAccessToken();
+
+  const supabase = createClient(SUPABASE_URL, SUPABASE_ANON_KEY, {
+    global: { headers: { Authorization: `Bearer ${token}` } },
+    auth: { autoRefreshToken: false, persistSession: false },
+  });
+
+  const { data: { user }, error } = await supabase.auth.getUser();
+  if (error || !user) {
+    fail('Failed to get user', error?.message ?? 'Unknown error');
+  }
+
+  const { data: userRecord } = await supabase
+    .from('users')
+    .select('username')
+    .eq('user_id', user.id)
+    .single();
+
+  console.log(`\n${BRAND}`);
+  console.log(`  ${BOLD}Username:${RESET} ${userRecord?.username ?? 'not set'}`);
+  console.log(`  ${DIM}Email:${RESET}    ${user.email ?? 'unknown'}`);
+}

package/cli.ts

@@ -17,13 +17,15 @@ import {
 } from './config';
 import { checkForUpdate, isNewer } from './update';
 import { verify, verifyCheck, findSkillsDir } from './verify';
+import { login, logout, whoami } from './auth';
+import { push } from './push';
 
 // Re-exports for tests
 export { stripJsoncComments, writeOathboundConfig, mergeClaudeSettings, type MergeResult } from './config';
 export { isNewer } from './update';
 export { installDevDependency, type InstallResult, setup, addPrepareScript, type PrepareResult };
 
-const VERSION = '0.5.1';
+const VERSION = '0.6.0';
 
 // --- Supabase ---
 const SUPABASE_URL = 'https://mjnfqagwuewhgwbtrdgs.supabase.co';
@@ -329,6 +331,26 @@ if (subcommand === 'init') {
     process.stderr.write(`oathbound verify: ${msg}\n`);
     process.exit(1);
   });
+} else if (subcommand === 'login') {
+  login().catch((err: unknown) => {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Login failed', msg);
+  });
+} else if (subcommand === 'logout') {
+  logout().catch((err: unknown) => {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Logout failed', msg);
+  });
+} else if (subcommand === 'whoami') {
+  whoami().catch((err: unknown) => {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Failed', msg);
+  });
+} else if (subcommand === 'push') {
+  push(args[1]).catch((err: unknown) => {
+    const msg = err instanceof Error ? err.message : 'Unknown error';
+    fail('Push failed', msg);
+  });
 } else {
   const PULL_ALIASES = new Set(['pull', 'i', 'install']);
   const skillArg = args[1];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "oathbound",
-  "version": "0.5.1",
+  "version": "0.6.0",
   "description": "Install verified Claude Code skills from the Oath Bound registry",
   "license": "BUSL-1.1",
   "author": "Josh Anderson",
@@ -29,6 +29,8 @@
     "update.ts",
     "verify.ts",
     "content-hash.ts",
+    "auth.ts",
+    "push.ts",
     "bin/cli.cjs",
     "install.cjs"
   ],

package/push.ts

@@ -0,0 +1,118 @@
+import { existsSync, statSync } from 'node:fs';
+import { join, basename, resolve } from 'node:path';
+import { intro, outro } from '@clack/prompts';
+import { BRAND, GREEN, DIM, BOLD, RESET, fail, spinner } from './ui';
+import { getAccessToken } from './auth';
+import { collectFiles } from './content-hash';
+
+const API_BASE = process.env.OATHBOUND_API_URL ?? 'https://oathbound.ai';
+
+export async function push(pathArg?: string): Promise<void> {
+  intro(BRAND);
+
+  // Resolve skill directory
+  const skillDir = resolveSkillDir(pathArg);
+  console.log(`${DIM}   directory: ${skillDir}${RESET}`);
+
+  // Read and validate SKILL.md exists
+  if (!existsSync(join(skillDir, 'SKILL.md'))) {
+    fail('No SKILL.md found', `Expected at ${join(skillDir, 'SKILL.md')}`);
+  }
+
+  // Collect files
+  const rawFiles = collectFiles(skillDir);
+
+  // Parse SKILL.md frontmatter to extract metadata
+  const skillMdFile = rawFiles.find(f => f.path === 'SKILL.md');
+  if (!skillMdFile) fail('SKILL.md not found in collected files');
+
+  const meta = parseFrontmatter(skillMdFile.content.toString('utf-8'));
+  if (!meta.name) fail('SKILL.md frontmatter missing: name');
+  if (!meta.description) fail('SKILL.md frontmatter missing: description');
+  if (!meta.license) fail('SKILL.md frontmatter missing: license');
+
+  // Build files array with root dir prefix (API expects rootDir/path format)
+  const files = rawFiles.map(f => ({
+    path: `${meta.name}/${f.path}`,
+    content: f.content.toString('utf-8'),
+  }));
+
+  console.log(`${DIM}   name: ${meta.name}${RESET}`);
+  console.log(`${DIM}   license: ${meta.license}${RESET}`);
+  console.log(`${DIM}   ${files.length} file(s)${RESET}`);
+
+  // Authenticate
+  const token = await getAccessToken();
+
+  // Push to API
+  const spin = spinner('Pushing...');
+
+  const response = await fetch(`${API_BASE}/api/skills`, {
+    method: 'POST',
+    headers: {
+      'Content-Type': 'application/json',
+      Authorization: `Bearer ${token}`,
+    },
+    body: JSON.stringify({
+      name: meta.name,
+      description: meta.description,
+      license: meta.license,
+      compatibility: meta.compatibility || null,
+      allowedTools: meta['allowed-tools'] || null,
+      files,
+    }),
+  });
+
+  spin.stop();
+
+  if (!response.ok) {
+    const body = await response.json().catch(() => ({ error: 'Unknown error' }));
+    const details = Array.isArray(body.details)
+      ? '\n' + body.details.map((d: string) => `   - ${d}`).join('\n')
+      : '';
+    fail(`Push failed (${response.status})`, `${body.error}${details}`);
+  }
+
+  const result = await response.json();
+
+  outro(`${GREEN}✓ Published ${BOLD}${result.namespace}/${result.name}${RESET}`);
+  if (result.suiObjectId) {
+    console.log(`${DIM}   on-chain: ${result.suiObjectId}${RESET}`);
+  }
+}
+
+function resolveSkillDir(pathArg?: string): string {
+  if (pathArg) {
+    const resolved = resolve(pathArg);
+    if (!existsSync(resolved) || !statSync(resolved).isDirectory()) {
+      fail('Invalid path', `${resolved} is not a directory`);
+    }
+    return resolved;
+  }
+
+  // No path given — check if cwd has a SKILL.md
+  if (existsSync(join(process.cwd(), 'SKILL.md'))) {
+    return process.cwd();
+  }
+
+  fail(
+    'No skill directory found',
+    'Run from within a skill directory or pass a path: oathbound push ./my-skill',
+  );
+}
+
+/** Lightweight frontmatter parser (mirrors frontend/lib/skill-validator.ts) */
+function parseFrontmatter(content: string): Record<string, string> {
+  const match = content.match(/^---\s*\n([\s\S]*?)\n---\s*\n/);
+  if (!match) return {};
+
+  const meta: Record<string, string> = {};
+  for (const line of match[1].split('\n')) {
+    const idx = line.indexOf(':');
+    if (idx === -1) continue;
+    const key = line.slice(0, idx).trim();
+    const value = line.slice(idx + 1).trim();
+    if (key) meta[key] = value;
+  }
+  return meta;
+}

package/ui.ts

@@ -12,12 +12,16 @@ export const BRAND = `${TEAL}${BOLD}🛡️ oathbound${RESET}`;
 
 export function usage(exitCode = 1): never {
   console.log(`
-${BOLD}oathbound${RESET} — install and verify skills
+${BOLD}oathbound${RESET} — install, verify, and publish skills
 
 ${DIM}Usage:${RESET}
   oathbound init                ${DIM}Setup wizard — configure project${RESET}
   oathbound pull <namespace/skill-name>
   oathbound install <namespace/skill-name>
+  oathbound push [path]         ${DIM}Publish a skill to the registry${RESET}
+  oathbound login               ${DIM}Authenticate with oathbound.ai${RESET}
+  oathbound logout              ${DIM}Clear stored credentials${RESET}
+  oathbound whoami              ${DIM}Show current user${RESET}
   oathbound verify              ${DIM}SessionStart hook — verify all skills${RESET}
   oathbound verify --check      ${DIM}PreToolUse hook — check skill integrity${RESET}