popeye-cli 1.0.1 → 1.1.0

package/src/auth/keychain.ts

@@ -1,27 +1,68 @@
 /**
- * Keychain wrapper for secure credential storage
- * Uses keytar for cross-platform keychain access (macOS Keychain, Windows Credential Vault, Linux Secret Service)
+ * Credential storage module
+ * Uses file-based storage in ~/.popeye/ directory
+ * Falls back to environment variables
  */
 
-import * as keytar from 'keytar';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
 import { SERVICE_NAME, KEYCHAIN_ACCOUNTS, ENV_VARS } from '../config/defaults.js';
 
 /**
- * Get a credential from the system keychain
- * Falls back to environment variable if keychain is unavailable
+ * Get the credentials file path
+ */
+function getCredentialsPath(): string {
+  const popeyeDir = path.join(os.homedir(), '.popeye');
+
+  // Ensure directory exists
+  if (!fs.existsSync(popeyeDir)) {
+    fs.mkdirSync(popeyeDir, { mode: 0o700, recursive: true });
+  }
+
+  return path.join(popeyeDir, 'credentials.json');
+}
+
+/**
+ * Load credentials from file
+ */
+function loadCredentials(): Record<string, string> {
+  try {
+    const filePath = getCredentialsPath();
+    if (fs.existsSync(filePath)) {
+      const data = fs.readFileSync(filePath, 'utf-8');
+      return JSON.parse(data);
+    }
+  } catch {
+    // Ignore errors, return empty
+  }
+  return {};
+}
+
+/**
+ * Save credentials to file
+ */
+function saveCredentials(credentials: Record<string, string>): void {
+  const filePath = getCredentialsPath();
+  fs.writeFileSync(filePath, JSON.stringify(credentials, null, 2), {
+    mode: 0o600, // Owner read/write only
+  });
+}
+
+/**
+ * Get a credential from storage
+ * Falls back to environment variable if not found
  *
  * @param account - The account name (e.g., 'claude-cli', 'openai-api')
  * @returns The stored credential or null if not found
  */
 export async function getCredential(account: string): Promise<string | null> {
-  try {
-    const password = await keytar.getPassword(SERVICE_NAME, account);
-    if (password) {
-      return password;
-    }
-  } catch {
-    // Keychain unavailable, fall back to environment variables
-    console.warn(`Keychain unavailable for ${account}, checking environment variables`);
+  // First check file storage
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+
+  if (credentials[key]) {
+    return credentials[key];
   }
 
   // Fallback to environment variables
@@ -31,43 +72,47 @@ export async function getCredential(account: string): Promise<string | null> {
   if (account === KEYCHAIN_ACCOUNTS.CLAUDE) {
     return process.env[ENV_VARS.ANTHROPIC_KEY] || null;
   }
+  if (account === KEYCHAIN_ACCOUNTS.GEMINI) {
+    return process.env[ENV_VARS.GEMINI_KEY] || null;
+  }
 
   return null;
 }
 
 /**
- * Store a credential in the system keychain
+ * Store a credential
  *
  * @param account - The account name
  * @param password - The credential to store
  */
 export async function setCredential(account: string, password: string): Promise<void> {
-  try {
-    await keytar.setPassword(SERVICE_NAME, account, password);
-  } catch (error) {
-    throw new Error(
-      `Failed to store credential in keychain: ${error instanceof Error ? error.message : 'Unknown error'}`
-    );
-  }
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+  credentials[key] = password;
+  saveCredentials(credentials);
 }
 
 /**
- * Delete a credential from the system keychain
+ * Delete a credential from storage
  *
  * @param account - The account name
  * @returns True if the credential was deleted, false if it didn't exist
  */
 export async function deleteCredential(account: string): Promise<boolean> {
-  try {
-    return await keytar.deletePassword(SERVICE_NAME, account);
-  } catch (error) {
-    console.warn(`Failed to delete credential from keychain: ${error}`);
-    return false;
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+
+  if (credentials[key]) {
+    delete credentials[key];
+    saveCredentials(credentials);
+    return true;
   }
+
+  return false;
 }
 
 /**
- * Check if a credential exists in the keychain
+ * Check if a credential exists
  *
  * @param account - The account name
  * @returns True if the credential exists
@@ -119,12 +164,34 @@ export async function deleteOpenAICredential(): Promise<boolean> {
   return deleteCredential(KEYCHAIN_ACCOUNTS.OPENAI);
 }
 
+/**
+ * Get the Gemini API credential
+ */
+export async function getGeminiCredential(): Promise<string | null> {
+  return getCredential(KEYCHAIN_ACCOUNTS.GEMINI);
+}
+
+/**
+ * Set the Gemini API credential
+ */
+export async function setGeminiCredential(apiKey: string): Promise<void> {
+  return setCredential(KEYCHAIN_ACCOUNTS.GEMINI, apiKey);
+}
+
+/**
+ * Delete the Gemini API credential
+ */
+export async function deleteGeminiCredential(): Promise<boolean> {
+  return deleteCredential(KEYCHAIN_ACCOUNTS.GEMINI);
+}
+
 /**
  * Clear all stored credentials
  */
 export async function clearAllCredentials(): Promise<void> {
   await deleteClaudeCredential();
   await deleteOpenAICredential();
+  await deleteGeminiCredential();
 }
 
 /**

package/src/auth/openai.ts

@@ -3,15 +3,14 @@
  * Handles API key validation and storage
  */
 
+import * as readline from 'node:readline';
 import OpenAI from 'openai';
-import open from 'open';
 import {
   getOpenAICredential,
   setOpenAICredential,
   deleteOpenAICredential,
   maskCredential,
 } from './keychain.js';
-import { startAuthCallbackServer, findAvailablePort } from './server.js';
 
 /**
  * OpenAI authentication status
@@ -112,38 +111,32 @@ export async function checkOpenAIAuth(): Promise<OpenAIAuthStatus> {
 }
 
 /**
- * Launch the browser-based token entry popup
+ * Prompt for API key in the terminal
  *
  * @returns The entered API key or null if cancelled
  */
-export async function launchTokenEntryPopup(): Promise<string | null> {
-  try {
-    const port = await findAvailablePort(3000, 3100);
-
-    console.log('Opening browser for API key entry...\n');
-
-    // Start the token entry server
-    const authPromise = startAuthCallbackServer({
-      port,
-      type: 'openai',
-      timeout: 300000, // 5 minutes
+export async function promptForAPIKey(): Promise<string | null> {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
     });
 
-    // Open the browser
-    await open(`http://127.0.0.1:${port}`);
-
-    // Wait for the token
-    const result = await authPromise;
-
-    if (result.success && result.token) {
-      return result.token;
-    }
-
-    return null;
-  } catch (error) {
-    console.error(`Failed to launch token entry: ${error}`);
-    return null;
-  }
+    console.log('\nGet your API key from: https://platform.openai.com/api-keys\n');
+
+    rl.question('Enter your OpenAI API key (starts with sk-): ', (answer) => {
+      rl.close();
+      const key = answer.trim();
+      if (key && key.startsWith('sk-')) {
+        resolve(key);
+      } else if (key) {
+        console.log('\nWarning: Key does not start with "sk-", but trying anyway...');
+        resolve(key);
+      } else {
+        resolve(null);
+      }
+    });
+  });
 }
 
 /**
@@ -162,17 +155,17 @@ export async function authenticateOpenAI(): Promise<boolean> {
   console.log('OpenAI API key required.');
 
   try {
-    // Launch the token entry popup
-    const token = await launchTokenEntryPopup();
+    // Prompt for the API key
+    const apiKey = await promptForAPIKey();
 
-    if (!token) {
-      console.error('No API key provided');
+    if (!apiKey) {
+      console.error('\nNo API key provided');
       return false;
     }
 
     // Validate the token
-    console.log('Validating API key...');
-    const isValid = await validateOpenAIToken(token);
+    console.log('\nValidating API key...');
+    const isValid = await validateOpenAIToken(apiKey);
 
     if (!isValid) {
       console.error('Invalid OpenAI API key');
@@ -180,7 +173,7 @@ export async function authenticateOpenAI(): Promise<boolean> {
     }
 
     // Store the token
-    await setOpenAICredential(token);
+    await setOpenAICredential(apiKey);
     console.log('OpenAI API authenticated successfully!\n');
 
     return true;