opencode-account-manager 0.4.1

package/docs/BLUEPRINT.md

@@ -0,0 +1,476 @@
+# OpenCode Account Manager - Blueprint v0.4.0
+
+## Overview
+
+Technical specification for the **Encrypted Export/Import** feature.
+
+---
+
+## 1. Architecture
+
+```
+┌─────────────────────────────────────────────────────────────────────────┐
+│                              TUI Layer                                   │
+├─────────────────────────────────────────────────────────────────────────┤
+│  Dashboard.tsx                                                           │
+│    ├── ExportModal.tsx (format selection → folder → password → save)    │
+│    ├── ImportModal.tsx (file selection → password → preview → import)   │
+│    └── Components:                                                       │
+│        ├── FileBrowser.tsx (folder/file selection UI)                   │
+│        ├── PasswordInput.tsx (masked password input)                    │
+│        └── FormatSelector.tsx (encrypted vs plain)                      │
+├─────────────────────────────────────────────────────────────────────────┤
+│                              Core Layer                                  │
+├─────────────────────────────────────────────────────────────────────────┤
+│  crypto.ts          - AES-256-GCM encryption/decryption                 │
+│  config-store.ts    - Persist user preferences (last folder, etc.)      │
+│  accounts.ts        - Extended with encrypt/decrypt functions           │
+│  types.ts           - New types for encrypted files                     │
+└─────────────────────────────────────────────────────────────────────────┘
+```
+
+---
+
+## 2. File Specifications
+
+### 2.1 Encrypted Export File (.ocam)
+
+**Extension:** `.ocam` (OpenCode Account Manager)
+
+**Structure:**
+```typescript
+interface EncryptedExportFile {
+  // Header (not encrypted)
+  version: 1;
+  format: "encrypted";
+  algorithm: "aes-256-gcm";
+  
+  // Encryption parameters
+  salt: string;      // 32 bytes, hex encoded (for key derivation)
+  iv: string;        // 12 bytes, hex encoded (initialization vector)
+  authTag: string;   // 16 bytes, hex encoded (authentication tag)
+  
+  // Encrypted payload
+  data: string;      // Encrypted JSON, hex encoded
+  
+  // Metadata (not encrypted)
+  exportedAt: number;     // Unix timestamp ms
+  accountCount: number;   // Number of accounts (for display)
+  exportedFrom: string;   // App identifier
+}
+```
+
+**Example:**
+```json
+{
+  "version": 1,
+  "format": "encrypted",
+  "algorithm": "aes-256-gcm",
+  "salt": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
+  "iv": "1234567890abcdef12345678",
+  "authTag": "fedcba0987654321fedcba0987654321",
+  "data": "encrypted_hex_data_here...",
+  "exportedAt": 1707123456789,
+  "accountCount": 5,
+  "exportedFrom": "opencode-account-manager"
+}
+```
+
+### 2.2 Plain Export File (.json)
+
+Keep existing format for backward compatibility:
+```typescript
+interface PortableExportFile {
+  version: number;
+  exportedAt: number;
+  exportedFrom: "opencode-account-manager";
+  accounts: Account[];
+}
+```
+
+### 2.3 App Config File
+
+**Location:** `%APPDATA%/opencode/ocam-config.json` (Windows)
+            `~/.config/opencode/ocam-config.json` (Linux/Mac)
+
+```typescript
+interface AppConfig {
+  lastExportFolder?: string;
+  lastImportFolder?: string;
+  defaultExportFormat?: "encrypted" | "plain";
+  recentFolders?: string[];  // Max 5 recent folders
+}
+```
+
+---
+
+## 3. Encryption Specification
+
+### 3.1 Algorithm: AES-256-GCM
+
+- **Key Derivation:** scrypt (N=16384, r=8, p=1)
+- **Key Length:** 256 bits (32 bytes)
+- **Salt Length:** 256 bits (32 bytes, random)
+- **IV Length:** 96 bits (12 bytes, random)
+- **Auth Tag:** 128 bits (16 bytes)
+
+### 3.2 Encryption Flow
+
+```
+Password (user input)
+    │
+    ▼
+┌───────────────────────────────────────┐
+│  scrypt(password, salt, N=16384)      │
+│  Output: 32-byte key                  │
+└───────────────────────────────────────┘
+    │
+    ▼
+┌───────────────────────────────────────┐
+│  AES-256-GCM.encrypt(                 │
+│    key: derived_key,                  │
+│    iv: random_12_bytes,               │
+│    plaintext: JSON.stringify(data),   │
+│    aad: none                          │
+│  )                                    │
+│  Output: ciphertext + authTag         │
+└───────────────────────────────────────┘
+    │
+    ▼
+{ salt, iv, authTag, data: ciphertext }
+```
+
+### 3.3 Decryption Flow
+
+```
+{ salt, iv, authTag, data } + Password
+    │
+    ▼
+┌───────────────────────────────────────┐
+│  scrypt(password, salt, N=16384)      │
+│  Output: 32-byte key                  │
+└───────────────────────────────────────┘
+    │
+    ▼
+┌───────────────────────────────────────┐
+│  AES-256-GCM.decrypt(                 │
+│    key: derived_key,                  │
+│    iv: iv,                            │
+│    ciphertext: data,                  │
+│    authTag: authTag                   │
+│  )                                    │
+│  Output: plaintext (or throw error)   │
+└───────────────────────────────────────┘
+    │
+    ▼
+JSON.parse(plaintext) → Account[]
+```
+
+---
+
+## 4. UI Components
+
+### 4.1 ExportModal
+
+**States:**
+1. `format-select` - Choose encrypted or plain
+2. `folder-select` - Choose destination folder
+3. `password-input` - Enter password (only for encrypted)
+4. `exporting` - Show progress
+5. `success` - Show result
+6. `error` - Show error message
+
+**Props:**
+```typescript
+interface ExportModalProps {
+  accounts: Account[];
+  onComplete: (filePath: string) => void;
+  onCancel: () => void;
+}
+```
+
+### 4.2 ImportModal
+
+**States:**
+1. `file-select` - Choose file to import
+2. `password-input` - Enter password (only for .ocam)
+3. `preview` - Show accounts to import with conflict info
+4. `importing` - Show progress
+5. `success` - Show result
+6. `error` - Show error message
+
+**Props:**
+```typescript
+interface ImportModalProps {
+  existingAccounts: Account[];
+  onComplete: (imported: number, overwritten: number) => void;
+  onCancel: () => void;
+}
+```
+
+### 4.3 FileBrowser
+
+**Features:**
+- Quick locations (Current Dir, Desktop, Documents, Recent)
+- Folder navigation with arrow keys
+- Text input for pasting path
+- Filter by extension (for import)
+- Show file metadata (size, date, encrypted/plain)
+
+**Props:**
+```typescript
+interface FileBrowserProps {
+  mode: "folder" | "file";
+  initialPath?: string;
+  extensions?: string[];  // e.g., [".ocam", ".json"]
+  onSelect: (path: string) => void;
+  onCancel: () => void;
+}
+```
+
+### 4.4 PasswordInput
+
+**Features:**
+- Masked input (show dots)
+- Optional confirmation field (for export)
+- Password mismatch warning
+- Enter to submit, Escape to cancel
+
+**Props:**
+```typescript
+interface PasswordInputProps {
+  mode: "single" | "confirm";
+  title?: string;
+  warning?: string;
+  onSubmit: (password: string) => void;
+  onCancel: () => void;
+}
+```
+
+---
+
+## 5. User Flows
+
+### 5.1 Export Flow
+
+```
+[E] pressed
+    │
+    ▼
+┌─────────────────────────────────┐
+│  Select export format:          │
+│  [1] Encrypted (.ocam)          │
+│  [2] Plain JSON                 │
+└─────────────────────────────────┘
+    │
+    ├─── [1] ──────────────────────────────────────┐
+    │                                              │
+    ▼                                              ▼
+┌─────────────────────────────────┐    ┌─────────────────────────────────┐
+│  Select folder                  │    │  Select folder                  │
+│  (FileBrowser mode="folder")    │    │  (FileBrowser mode="folder")    │
+└─────────────────────────────────┘    └─────────────────────────────────┘
+    │                                              │
+    ▼                                              ▼
+┌─────────────────────────────────┐    ┌─────────────────────────────────┐
+│  Enter password                 │    │  Save file                      │
+│  (PasswordInput mode="confirm") │    │  filename: accounts-{date}.json │
+└─────────────────────────────────┘    └─────────────────────────────────┘
+    │                                              │
+    ▼                                              ▼
+┌─────────────────────────────────┐    ┌─────────────────────────────────┐
+│  Encrypt & Save                 │    │  Success message                │
+│  filename: accounts-{date}.ocam │    └─────────────────────────────────┘
+└─────────────────────────────────┘
+    │
+    ▼
+┌─────────────────────────────────┐
+│  Success message                │
+└─────────────────────────────────┘
+```
+
+### 5.2 Import Flow
+
+```
+[I] pressed
+    │
+    ▼
+┌─────────────────────────────────┐
+│  Select file                    │
+│  (FileBrowser mode="file")      │
+│  extensions: [".ocam", ".json"] │
+└─────────────────────────────────┘
+    │
+    ├─── .ocam ────────────────────────────────────┐
+    │                                              │
+    ▼                                              ▼
+┌─────────────────────────────────┐    ┌─────────────────────────────────┐
+│  Enter password                 │    │  .json file                     │
+│  (PasswordInput mode="single")  │    │  Parse directly                 │
+└─────────────────────────────────┘    └─────────────────────────────────┘
+    │                                              │
+    ├─── Wrong password ───┐                       │
+    │                      ▼                       │
+    │    ┌─────────────────────────────────┐       │
+    │    │  Error: Invalid password        │       │
+    │    │  [Try again] [Cancel]           │       │
+    │    └─────────────────────────────────┘       │
+    │                                              │
+    ▼                                              ▼
+┌─────────────────────────────────────────────────────────────┐
+│  Preview accounts                                           │
+│  Show: email, exists? (will overwrite)                      │
+│  [Enter] Import  [Esc] Cancel                               │
+└─────────────────────────────────────────────────────────────┘
+    │
+    ▼
+┌─────────────────────────────────┐
+│  Import accounts (overwrite)    │
+└─────────────────────────────────┘
+    │
+    ▼
+┌─────────────────────────────────┐
+│  Success: X imported, Y new     │
+└─────────────────────────────────┘
+```
+
+---
+
+## 6. Implementation Checklist
+
+### Core Layer
+- [ ] `src/core/crypto.ts`
+  - [ ] `generateSalt(): string`
+  - [ ] `generateIV(): string`
+  - [ ] `deriveKey(password: string, salt: string): Buffer`
+  - [ ] `encrypt(data: object, password: string): EncryptedData`
+  - [ ] `decrypt(encrypted: EncryptedData, password: string): object`
+
+- [ ] `src/core/config-store.ts`
+  - [ ] `getConfigPath(): string`
+  - [ ] `readConfig(): AppConfig`
+  - [ ] `writeConfig(config: AppConfig): void`
+  - [ ] `updateLastExportFolder(folder: string): void`
+  - [ ] `updateLastImportFolder(folder: string): void`
+  - [ ] `getRecentFolders(): string[]`
+
+- [ ] `src/core/types.ts`
+  - [ ] `EncryptedExportFile` interface
+  - [ ] `AppConfig` interface
+  - [ ] Update `PortableExportFile.exportedFrom`
+
+- [ ] `src/core/accounts.ts`
+  - [ ] `encryptAndExport(accounts: Account[], password: string): EncryptedExportFile`
+  - [ ] `decryptAndImport(file: EncryptedExportFile, password: string): Account[]`
+  - [ ] `isEncryptedFile(data: unknown): boolean`
+
+### TUI Layer
+- [ ] `src/tui/components/PasswordInput.tsx`
+  - [ ] Masked input display
+  - [ ] Confirm mode (two fields)
+  - [ ] Mismatch warning
+  - [ ] Enter/Escape handling
+
+- [ ] `src/tui/components/FileBrowser.tsx`
+  - [ ] Quick locations list
+  - [ ] Folder navigation
+  - [ ] Text input for path
+  - [ ] File filtering by extension
+  - [ ] File metadata display
+
+- [ ] `src/tui/components/ExportModal.tsx`
+  - [ ] Format selection step
+  - [ ] Folder selection step
+  - [ ] Password input step
+  - [ ] Export execution
+  - [ ] Success/Error display
+
+- [ ] `src/tui/components/ImportModal.tsx`
+  - [ ] File selection step
+  - [ ] Password input step (if encrypted)
+  - [ ] Preview with conflict detection
+  - [ ] Import execution
+  - [ ] Success/Error display
+
+- [ ] `src/tui/Dashboard.tsx`
+  - [ ] Modal state management
+  - [ ] Export handler
+  - [ ] Import handler
+
+- [ ] `src/tui/components/Menu.tsx`
+  - [ ] Update export action
+  - [ ] Update import action
+
+- [ ] `src/tui/components/index.ts`
+  - [ ] Export new components
+
+---
+
+## 7. Testing
+
+### Manual Test Cases
+
+1. **Export Encrypted**
+   - Export 5 accounts with password "test123"
+   - Verify .ocam file created
+   - Verify file content is encrypted (not readable)
+
+2. **Import Encrypted**
+   - Import the exported .ocam file
+   - Enter correct password → success
+   - Enter wrong password → error with retry option
+
+3. **Export Plain**
+   - Export 5 accounts as plain JSON
+   - Verify .json file created
+   - Verify accounts are readable in file
+
+4. **Import Plain**
+   - Import a plain .json file
+   - No password required
+   - Accounts imported successfully
+
+5. **Overwrite Existing**
+   - Export 3 accounts
+   - Modify 1 account locally
+   - Import the file
+   - Verify the account is overwritten
+
+6. **Remember Folder**
+   - Export to custom folder
+   - Close and reopen app
+   - Export again → should show last folder as recent
+
+---
+
+## 8. Security Considerations
+
+1. **Password not stored** - Never save password to disk
+2. **Memory cleanup** - Clear password from memory after use
+3. **Auth tag verification** - Detect tampered files
+4. **No password hints** - Don't store any password metadata
+5. **Salt per file** - Each export uses unique salt
+6. **Warning on plain export** - Show security warning
+
+---
+
+## 9. Error Handling
+
+| Error | User Message |
+|-------|--------------|
+| Wrong password | "Invalid password. Please try again." |
+| Corrupted file | "File is corrupted or invalid format." |
+| File not found | "File not found: {path}" |
+| Permission denied | "Cannot write to folder: {path}" |
+| Disk full | "Not enough disk space." |
+| Invalid JSON | "Invalid file format." |
+
+---
+
+## 10. Dependencies
+
+No new npm packages required. Using Node.js built-in:
+- `crypto` - AES-256-GCM, scrypt
+- `fs` - File operations
+- `path` - Path manipulation
+- `os` - Home directory, platform detection

package/docs/ROADMAP.md

@@ -0,0 +1,74 @@
+# OpenCode Account Manager - Roadmap
+
+## Version History
+
+### v0.1.0 - Initial Release
+- [x] Basic TUI dashboard
+- [x] View accounts from antigravity-auth plugin
+- [x] Show rate limit status per account
+- [x] Import from Antigravity Manager folder
+
+### v0.2.0 - Account Management
+- [x] Select mode with keyboard navigation
+- [x] Enable/Disable selected accounts
+- [x] Delete selected accounts
+- [x] Export selected accounts to JSON
+- [x] Per-model rate limit display (claude, gemini, etc.)
+
+### v0.3.0 - OpenCode Dashboard
+- [x] Rename to opencode-account-manager
+- [x] Read opencode.json config
+- [x] Display all AI providers with model counts
+- [x] Display MCP servers with enabled/disabled status
+- [x] Tab navigation between sections (Providers, Accounts, MCP)
+- [x] Collapsible sections
+
+### v0.4.0 - Encrypted Export/Import (Current)
+- [ ] **Encrypted Export** - AES-256-GCM with password protection
+- [ ] **Plain JSON Export** - Keep original format as option
+- [ ] **File Browser UI** - Browse folders, quick locations, paste path
+- [ ] **Import from File** - Select .ocam or .json files
+- [ ] **Password Input** - Masked input with confirmation
+- [ ] **Remember Preferences** - Last export/import folder saved
+- [ ] **Overwrite Mode** - Replace existing accounts on import
+
+---
+
+## Future Ideas (Backlog)
+
+### v0.5.0 - Enhanced Security
+- [ ] Password strength indicator
+- [ ] Auto-lock after inactivity
+- [ ] Encrypted storage for config
+
+### v0.6.0 - Cloud Sync
+- [ ] Sync accounts to cloud storage (Google Drive, Dropbox)
+- [ ] Multi-device sync
+- [ ] Conflict resolution
+
+### v0.7.0 - Account Health
+- [ ] Check if refresh tokens are still valid
+- [ ] Auto-refresh expired tokens
+- [ ] Health check on startup
+
+### v0.8.0 - MCP Management
+- [ ] Enable/Disable MCP servers from TUI
+- [ ] Add new MCP servers
+- [ ] View MCP server logs
+
+### v0.9.0 - Provider Management
+- [ ] Add/Edit custom providers
+- [ ] Test provider connection
+- [ ] Model usage statistics
+
+### v1.0.0 - Stable Release
+- [ ] Full documentation
+- [ ] npm publish
+- [ ] Windows/Mac/Linux installers
+- [ ] Integration tests
+
+---
+
+## Contributing
+
+See [BLUEPRINT.md](./BLUEPRINT.md) for technical architecture and implementation details.

package/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "opencode-account-manager",
+  "version": "0.4.1",
+  "description": "TUI Dashboard for OpenCode - View providers, MCP servers, and plugin accounts",
+  "main": "dist/cli.js",
+  "bin": {
+    "ocam": "./dist/cli.js",
+    "opencode-account-manager": "./dist/cli.js"
+  },
+  "scripts": {
+    "build": "npx tsc",
+    "dev": "npx tsc -w",
+    "start": "node dist/cli.js",
+    "dashboard": "node dist/cli.js dashboard"
+  },
+  "keywords": [
+    "opencode",
+    "antigravity",
+    "account-manager",
+    "dashboard",
+    "tui",
+    "mcp",
+    "providers"
+  ],
+  "author": "",
+  "license": "MIT",
+  "devDependencies": {
+    "@types/node": "^20.10.0",
+    "@types/react": "^17.0.0",
+    "typescript": "^5.3.0"
+  },
+  "dependencies": {
+    "chalk": "^4.1.2",
+    "commander": "^11.1.0",
+    "ink": "^3.2.0",
+    "react": "^17.0.2"
+  }
+}