otherwise-cli 0.1.0

package/src/storage/supabase.js

@@ -0,0 +1,364 @@
+/**
+ * Supabase Client for CLI Server
+ *
+ * Server-side Supabase client for validating auth tokens and
+ * storing messages with user context during WebSocket streaming.
+ *
+ * Note: This is optional - the frontend can communicate directly with Supabase.
+ * This module enables server-side validation and admin operations if needed.
+ */
+
+import { createClient } from "@supabase/supabase-js";
+
+// Environment variables for Supabase configuration
+const supabaseUrl = process.env.SUPABASE_URL;
+const supabaseServiceKey = process.env.SUPABASE_SERVICE_KEY;
+const supabaseAnonKey = process.env.SUPABASE_ANON_KEY;
+
+/**
+ * Service client - has admin privileges, use carefully
+ * Only initialize if service key is provided
+ */
+let serviceClient = null;
+if (supabaseUrl && supabaseServiceKey) {
+  serviceClient = createClient(supabaseUrl, supabaseServiceKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false,
+    },
+  });
+  console.log("[Supabase] Service client initialized");
+}
+
+/**
+ * Public client - uses anon key, respects RLS
+ */
+let publicClient = null;
+if (supabaseUrl && supabaseAnonKey) {
+  publicClient = createClient(supabaseUrl, supabaseAnonKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false,
+    },
+  });
+  console.log("[Supabase] Public client initialized");
+}
+
+/**
+ * Check if Supabase is configured
+ */
+export function isSupabaseConfigured() {
+  return !!(supabaseUrl && (supabaseServiceKey || supabaseAnonKey));
+}
+
+/**
+ * Get the service client (admin privileges)
+ */
+export function getServiceClient() {
+  return serviceClient;
+}
+
+/**
+ * Get the public client (respects RLS)
+ */
+export function getPublicClient() {
+  return publicClient;
+}
+
+/**
+ * Create a client authenticated as a specific user
+ * Used when we have the user's JWT from the frontend
+ * @param {string} accessToken - The user's JWT access token
+ * @returns {SupabaseClient} - Client authenticated as the user
+ */
+export function createUserClient(accessToken) {
+  if (!supabaseUrl || !supabaseAnonKey) {
+    throw new Error("Supabase not configured");
+  }
+
+  return createClient(supabaseUrl, supabaseAnonKey, {
+    auth: {
+      autoRefreshToken: false,
+      persistSession: false,
+    },
+    global: {
+      headers: {
+        Authorization: `Bearer ${accessToken}`,
+      },
+    },
+  });
+}
+
+/**
+ * Verify a JWT token and get the user
+ * @param {string} accessToken - The JWT to verify
+ * @returns {Promise<Object|null>} - User object or null if invalid
+ */
+export async function verifyToken(accessToken) {
+  if (!serviceClient) {
+    console.warn(
+      "[Supabase] Service client not available for token verification",
+    );
+    return null;
+  }
+
+  try {
+    const {
+      data: { user },
+      error,
+    } = await serviceClient.auth.getUser(accessToken);
+
+    if (error) {
+      console.error("[Supabase] Token verification failed:", error.message);
+      return null;
+    }
+
+    return user;
+  } catch (err) {
+    console.error("[Supabase] Token verification error:", err);
+    return null;
+  }
+}
+
+/**
+ * Get user from access token (alias for verifyToken)
+ */
+export const getUserFromToken = verifyToken;
+
+// ============================================
+// Chat Operations (Admin/Service Key)
+// ============================================
+
+/**
+ * Create a chat for a user (admin operation). Uses same id for local/cloud parity when id provided.
+ * If id is provided, uses upsert so frontend-created row is not duplicated (no error).
+ */
+export async function createChatForUser(userId, title, id = null) {
+  if (!serviceClient) {
+    throw new Error("Service client not available");
+  }
+
+  const row = id
+    ? { id, user_id: userId, title: title || "New Chat" }
+    : { user_id: userId, title: title || "New Chat" };
+  if (id) {
+    const { data, error } = await serviceClient
+      .from("chats")
+      .upsert(row, { onConflict: "id" })
+      .select()
+      .single();
+    if (error) throw error;
+    return data;
+  }
+  const { data, error } = await serviceClient
+    .from("chats")
+    .insert(row)
+    .select()
+    .single();
+  if (error) throw error;
+  return data;
+}
+
+/**
+ * Add a message to a chat (admin operation)
+ * @param {string} chatId - Supabase chat UUID
+ * @param {string} role - Message role
+ * @param {string} content - Message content
+ * @param {Object} metadata - Optional metadata
+ */
+export async function addMessageToChat(chatId, role, content, metadata = null) {
+  if (!serviceClient) {
+    throw new Error("Service client not available");
+  }
+
+  const { data, error } = await serviceClient
+    .from("messages")
+    .insert({ chat_id: chatId, role, content, metadata })
+    .select()
+    .single();
+
+  if (error) throw error;
+
+  // Update chat timestamp
+  await serviceClient
+    .from("chats")
+    .update({ updated_at: new Date().toISOString() })
+    .eq("id", chatId);
+
+  return data;
+}
+
+/**
+ * Update a chat in Supabase (e.g. title)
+ * @param {string} chatId - Supabase chat UUID
+ * @param {Object} updates - { title?, updated_at? }
+ */
+export async function updateChatInSupabase(chatId, updates) {
+  if (!serviceClient) {
+    throw new Error("Service client not available");
+  }
+  const updateData = { ...updates };
+  if (!updateData.updated_at) {
+    updateData.updated_at = new Date().toISOString();
+  }
+  const { error } = await serviceClient
+    .from("chats")
+    .update(updateData)
+    .eq("id", chatId);
+  if (error) throw error;
+}
+
+/**
+ * Get all chats for a user (admin operation)
+ * @param {string} userId - The user's UUID
+ */
+export async function getChatsForUser(userId) {
+  if (!serviceClient) {
+    throw new Error("Service client not available");
+  }
+
+  const { data, error } = await serviceClient
+    .from("chats")
+    .select("*")
+    .eq("user_id", userId)
+    .order("updated_at", { ascending: false });
+
+  if (error) throw error;
+  return data;
+}
+
+/**
+ * Get a chat with messages (admin operation)
+ * @param {number} chatId - Chat ID
+ */
+export async function getChatWithMessages(chatId) {
+  if (!serviceClient) {
+    throw new Error("Service client not available");
+  }
+
+  const { data, error } = await serviceClient
+    .from("chats")
+    .select(
+      `
+      *,
+      messages (
+        id,
+        role,
+        content,
+        metadata,
+        created_at
+      )
+    `,
+    )
+    .eq("id", chatId)
+    .single();
+
+  if (error) throw error;
+  return data;
+}
+
+/**
+ * Search chats in Supabase by title and message content (admin operation).
+ * @param {string} userId - User UUID
+ * @param {string} query  - Search string
+ * @param {number} limit  - Max results
+ * @returns {Array<{ chatId, title, updated_at, similarity, matchSource, snippet }>}
+ */
+export async function searchChatsInSupabase(userId, query, limit = 20) {
+  if (!serviceClient) throw new Error("Service client not available");
+  const trimmed = (query || "").trim();
+  if (!trimmed) return [];
+
+  const pattern = `%${trimmed}%`;
+
+  const [titleRes, msgRes] = await Promise.all([
+    serviceClient
+      .from("chats")
+      .select("id, title, updated_at")
+      .eq("user_id", userId)
+      .ilike("title", pattern)
+      .order("updated_at", { ascending: false })
+      .limit(limit),
+    serviceClient
+      .from("messages")
+      .select("chat_id, content, role")
+      .ilike("content", pattern)
+      .order("created_at", { ascending: false })
+      .limit(100),
+  ]);
+
+  if (titleRes.error) console.warn("[Supabase:searchChats] title error:", titleRes.error.message);
+  if (msgRes.error) console.warn("[Supabase:searchChats] msg error:", msgRes.error.message);
+
+  const titleMatches = titleRes.data || [];
+  const msgMatches = msgRes.data || [];
+
+  const results = new Map();
+
+  for (const chat of titleMatches) {
+    results.set(chat.id, {
+      chatId: chat.id,
+      title: chat.title,
+      updated_at: chat.updated_at,
+      similarity: 0.9,
+      matchSource: "title",
+      snippet: chat.title,
+    });
+  }
+
+  for (const msg of msgMatches) {
+    const existing = results.get(msg.chat_id);
+    const idx = msg.content.toLowerCase().indexOf(trimmed.toLowerCase());
+    const start = Math.max(0, idx - 40);
+    const end = Math.min(msg.content.length, idx + trimmed.length + 40);
+    const snippet = (start > 0 ? "..." : "") + msg.content.slice(start, end) + (end < msg.content.length ? "..." : "");
+
+    if (existing) {
+      existing.similarity = Math.min(existing.similarity + 0.1, 1.0);
+      existing.matchSource = "title+content";
+      if (!existing.snippet || existing.matchSource === "title") existing.snippet = snippet;
+    } else {
+      results.set(msg.chat_id, {
+        chatId: msg.chat_id,
+        similarity: 0.6,
+        matchSource: "content",
+        snippet,
+      });
+    }
+  }
+
+  // Fill in title/updated_at for content-only matches
+  const contentOnlyIds = [...results.values()].filter((r) => !r.title).map((r) => r.chatId);
+  if (contentOnlyIds.length > 0) {
+    const { data: chatRows } = await serviceClient
+      .from("chats")
+      .select("id, title, updated_at")
+      .in("id", contentOnlyIds);
+    for (const row of chatRows || []) {
+      const r = results.get(row.id);
+      if (r) {
+        r.title = row.title;
+        r.updated_at = row.updated_at;
+      }
+    }
+  }
+
+  return [...results.values()]
+    .sort((a, b) => b.similarity - a.similarity)
+    .slice(0, limit);
+}
+
+export default {
+  isSupabaseConfigured,
+  getServiceClient,
+  getPublicClient,
+  createUserClient,
+  verifyToken,
+  getUserFromToken,
+  createChatForUser,
+  addMessageToChat,
+  updateChatInSupabase,
+  getChatsForUser,
+  getChatWithMessages,
+  searchChatsInSupabase,
+};

package/src/tunnel/cloudflare.js

@@ -0,0 +1,241 @@
+import { spawn, execSync } from 'child_process';
+import { existsSync, writeFileSync, readFileSync, mkdirSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+
+let tunnelProcess = null;
+
+/**
+ * Check if cloudflared is installed
+ */
+export function isCloudflaredInstalled() {
+  try {
+    execSync('cloudflared --version', { stdio: 'pipe' });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Get cloudflared installation instructions
+ */
+export function getInstallInstructions() {
+  const platform = process.platform;
+  
+  switch (platform) {
+    case 'darwin':
+      return 'Install cloudflared with: brew install cloudflared';
+    case 'linux':
+      return 'Install cloudflared from: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/';
+    case 'win32':
+      return 'Download cloudflared from: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/';
+    default:
+      return 'Install cloudflared from: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/downloads/';
+  }
+}
+
+/**
+ * Start a quick tunnel (temporary URL)
+ * @param {number} port - Local port to tunnel
+ * @returns {Promise<string>} - Public URL
+ */
+export function startQuickTunnel(port) {
+  return new Promise((resolve, reject) => {
+    if (!isCloudflaredInstalled()) {
+      reject(new Error(`cloudflared not installed. ${getInstallInstructions()}`));
+      return;
+    }
+
+    if (tunnelProcess) {
+      reject(new Error('Tunnel already running. Stop it first.'));
+      return;
+    }
+
+    console.log('[Tunnel] Starting quick tunnel...');
+    
+    tunnelProcess = spawn('cloudflared', ['tunnel', '--url', `http://localhost:${port}`], {
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+
+    let output = '';
+    let resolved = false;
+
+    // Look for the tunnel URL in output
+    const checkForUrl = (data) => {
+      output += data.toString();
+      const urlMatch = output.match(/https:\/\/[a-z0-9-]+\.trycloudflare\.com/);
+      if (urlMatch && !resolved) {
+        resolved = true;
+        resolve(urlMatch[0]);
+      }
+    };
+
+    tunnelProcess.stdout.on('data', checkForUrl);
+    tunnelProcess.stderr.on('data', checkForUrl);
+
+    tunnelProcess.on('error', (err) => {
+      tunnelProcess = null;
+      if (!resolved) reject(err);
+    });
+
+    tunnelProcess.on('close', (code) => {
+      tunnelProcess = null;
+      if (!resolved) {
+        reject(new Error(`Tunnel exited with code ${code}`));
+      }
+    });
+
+    // Timeout if URL not found in 30 seconds
+    setTimeout(() => {
+      if (!resolved) {
+        stopTunnel();
+        reject(new Error('Timeout waiting for tunnel URL'));
+      }
+    }, 30000);
+  });
+}
+
+/**
+ * Start a named tunnel with custom domain
+ * Requires prior setup: cloudflared tunnel login && cloudflared tunnel create <name>
+ * @param {string} tunnelName - Name of the configured tunnel
+ * @param {number} port - Local port to tunnel
+ * @param {string} hostname - Custom hostname
+ */
+export function startNamedTunnel(tunnelName, port, hostname) {
+  return new Promise((resolve, reject) => {
+    if (!isCloudflaredInstalled()) {
+      reject(new Error(`cloudflared not installed. ${getInstallInstructions()}`));
+      return;
+    }
+
+    if (tunnelProcess) {
+      reject(new Error('Tunnel already running. Stop it first.'));
+      return;
+    }
+
+    // Create config file
+    const configDir = join(homedir(), '.cloudflared');
+    const configPath = join(configDir, 'otherwise-config.yml');
+
+    if (!existsSync(configDir)) {
+      mkdirSync(configDir, { recursive: true });
+    }
+
+    const configContent = `
+tunnel: ${tunnelName}
+credentials-file: ${join(configDir, `${tunnelName}.json`)}
+
+ingress:
+  - hostname: ${hostname}
+    service: http://localhost:${port}
+  - service: http_status:404
+`;
+
+    writeFileSync(configPath, configContent);
+
+    console.log(`[Tunnel] Starting named tunnel: ${tunnelName}`);
+    
+    tunnelProcess = spawn('cloudflared', ['tunnel', '--config', configPath, 'run'], {
+      stdio: ['ignore', 'pipe', 'pipe'],
+    });
+
+    let started = false;
+
+    tunnelProcess.stdout.on('data', (data) => {
+      const output = data.toString();
+      console.log('[Tunnel]', output.trim());
+      if (output.includes('Registered tunnel connection') && !started) {
+        started = true;
+        resolve(`https://${hostname}`);
+      }
+    });
+
+    tunnelProcess.stderr.on('data', (data) => {
+      console.log('[Tunnel]', data.toString().trim());
+    });
+
+    tunnelProcess.on('error', (err) => {
+      tunnelProcess = null;
+      reject(err);
+    });
+
+    tunnelProcess.on('close', (code) => {
+      tunnelProcess = null;
+      if (!started) {
+        reject(new Error(`Tunnel exited with code ${code}`));
+      }
+    });
+
+    // Timeout if not started in 60 seconds
+    setTimeout(() => {
+      if (!started) {
+        stopTunnel();
+        reject(new Error('Timeout starting tunnel'));
+      }
+    }, 60000);
+  });
+}
+
+/**
+ * Stop the running tunnel
+ */
+export function stopTunnel() {
+  if (tunnelProcess) {
+    tunnelProcess.kill();
+    tunnelProcess = null;
+    console.log('[Tunnel] Stopped');
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Check if tunnel is running
+ */
+export function isTunnelRunning() {
+  return tunnelProcess !== null;
+}
+
+/**
+ * Setup instructions for custom domain tunnel
+ */
+export function getSetupInstructions() {
+  return `
+To set up a custom domain tunnel:
+
+1. Install cloudflared:
+   ${getInstallInstructions()}
+
+2. Login to Cloudflare:
+   cloudflared tunnel login
+
+3. Create a tunnel:
+   cloudflared tunnel create otherwise
+
+4. Add the tunnel ID to Otherwise config:
+   otherwise config set tunnel.name otherwise
+   otherwise config set tunnel.domain yourdomain.com
+
+5. In Cloudflare Dashboard:
+   - Go to your domain's DNS settings
+   - Add a CNAME record pointing to your-tunnel-id.cfargotunnel.com
+
+6. Start the tunnel:
+   otherwise deploy
+
+For quick testing without a custom domain:
+   otherwise deploy --quick
+`;
+}
+
+export default {
+  isCloudflaredInstalled,
+  getInstallInstructions,
+  startQuickTunnel,
+  startNamedTunnel,
+  stopTunnel,
+  isTunnelRunning,
+  getSetupInstructions,
+};