popeye-cli 1.0.1 → 1.2.0

package/src/auth/grok.ts

@@ -0,0 +1,255 @@
+/**
+ * xAI Grok API authentication module
+ * Handles API key validation and storage
+ */
+
+import * as readline from 'node:readline';
+import OpenAI from 'openai';
+import {
+  getCredential,
+  setCredential,
+  deleteCredential,
+  maskCredential,
+} from './keychain.js';
+import { ENV_VARS } from '../config/defaults.js';
+
+/**
+ * Grok API URL (OpenAI-compatible)
+ */
+export const GROK_API_URL = 'https://api.x.ai/v1';
+
+/**
+ * Keychain account for Grok
+ */
+const GROK_ACCOUNT = 'grok-api';
+
+/**
+ * Grok authentication status
+ */
+export interface GrokAuthStatus {
+  authenticated: boolean;
+  keyLastFour?: string;
+  error?: string;
+}
+
+/**
+ * Validate a Grok API key by making a test API call
+ *
+ * @param apiKey - The API key to validate
+ * @returns True if the key is valid
+ */
+export async function validateGrokToken(apiKey: string): Promise<boolean> {
+  try {
+    const client = new OpenAI({
+      apiKey,
+      baseURL: GROK_API_URL,
+    });
+
+    // Test the key by making a simple request
+    await client.chat.completions.create({
+      model: 'grok-3',
+      messages: [{ role: 'user', content: 'Say "OK"' }],
+      max_tokens: 5,
+    });
+
+    return true;
+  } catch (error) {
+    // Check for authentication errors
+    const errorMessage = error instanceof Error ? error.message : '';
+    if (
+      errorMessage.includes('401') ||
+      errorMessage.includes('Invalid API') ||
+      errorMessage.includes('Unauthorized')
+    ) {
+      return false;
+    }
+    // For other errors (e.g., rate limits), assume the key might be valid
+    console.warn('Could not fully validate Grok key:', error);
+    return true;
+  }
+}
+
+/**
+ * Get the Grok API credential
+ */
+export async function getGrokCredential(): Promise<string | null> {
+  // First check file storage
+  const stored = await getCredential(GROK_ACCOUNT);
+  if (stored) return stored;
+
+  // Fallback to environment variable
+  return process.env[ENV_VARS.GROK_KEY] || null;
+}
+
+/**
+ * Set the Grok API credential
+ */
+export async function setGrokCredential(apiKey: string): Promise<void> {
+  return setCredential(GROK_ACCOUNT, apiKey);
+}
+
+/**
+ * Delete the Grok API credential
+ */
+export async function deleteGrokCredential(): Promise<boolean> {
+  return deleteCredential(GROK_ACCOUNT);
+}
+
+/**
+ * Check if Grok is already authenticated
+ */
+export async function checkGrokAuth(): Promise<GrokAuthStatus> {
+  try {
+    const apiKey = await getGrokCredential();
+
+    if (!apiKey) {
+      return { authenticated: false };
+    }
+
+    // Validate the key
+    const isValid = await validateGrokToken(apiKey);
+
+    if (!isValid) {
+      return {
+        authenticated: false,
+        error: 'Stored API key is invalid',
+      };
+    }
+
+    return {
+      authenticated: true,
+      keyLastFour: maskCredential(apiKey),
+    };
+  } catch (error) {
+    return {
+      authenticated: false,
+      error: error instanceof Error ? error.message : 'Unknown error',
+    };
+  }
+}
+
+/**
+ * Prompt for API key in the terminal
+ *
+ * @returns The entered API key or null if cancelled
+ */
+export async function promptForGrokAPIKey(): Promise<string | null> {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+
+    console.log('\nGet your API key from: https://console.x.ai/\n');
+
+    rl.question('Enter your Grok API key: ', (answer) => {
+      rl.close();
+      const key = answer.trim();
+      if (key) {
+        resolve(key);
+      } else {
+        resolve(null);
+      }
+    });
+  });
+}
+
+/**
+ * Authenticate with Grok API
+ *
+ * @returns True if authentication was successful
+ */
+export async function authenticateGrok(): Promise<boolean> {
+  // Check if already authenticated
+  const existingAuth = await checkGrokAuth();
+  if (existingAuth.authenticated) {
+    console.log('Already authenticated with Grok API');
+    return true;
+  }
+
+  console.log('Grok API key required for AI reviews.');
+
+  try {
+    // Prompt for the API key
+    const apiKey = await promptForGrokAPIKey();
+
+    if (!apiKey) {
+      console.error('\nNo API key provided');
+      return false;
+    }
+
+    // Validate the token
+    console.log('\nValidating API key...');
+    const isValid = await validateGrokToken(apiKey);
+
+    if (!isValid) {
+      console.error('Invalid Grok API key');
+      return false;
+    }
+
+    // Store the token
+    await setGrokCredential(apiKey);
+    console.log('Grok API authenticated successfully!\n');
+
+    return true;
+  } catch (error) {
+    console.error(`Authentication error: ${error instanceof Error ? error.message : error}`);
+    return false;
+  }
+}
+
+/**
+ * Authenticate with a provided API key (for CLI --api-key option)
+ *
+ * @param apiKey - The API key to use
+ * @returns True if authentication was successful
+ */
+export async function authenticateGrokWithKey(apiKey: string): Promise<boolean> {
+  // Validate the token
+  const isValid = await validateGrokToken(apiKey);
+
+  if (!isValid) {
+    console.error('Invalid Grok API key');
+    return false;
+  }
+
+  // Store the token
+  await setGrokCredential(apiKey);
+  console.log('Grok API authenticated successfully!\n');
+
+  return true;
+}
+
+/**
+ * Logout from Grok API
+ * Removes stored credentials
+ */
+export async function logoutGrok(): Promise<void> {
+  const deleted = await deleteGrokCredential();
+  if (deleted) {
+    console.log('Grok API credentials removed.');
+  } else {
+    console.log('No Grok API credentials found.');
+  }
+}
+
+/**
+ * Get the Grok API key for API calls
+ */
+export async function getGrokToken(): Promise<string | null> {
+  return getGrokCredential();
+}
+
+/**
+ * Ensure Grok is authenticated
+ * Prompts for authentication if not already authenticated
+ */
+export async function ensureGrokAuth(): Promise<boolean> {
+  const status = await checkGrokAuth();
+
+  if (status.authenticated) {
+    return true;
+  }
+
+  return authenticateGrok();
+}

package/src/auth/index.ts

@@ -1,16 +1,20 @@
 /**
  * Authentication orchestration module
- * Coordinates authentication for both Claude CLI and OpenAI API
+ * Coordinates authentication for Claude CLI, OpenAI API, Gemini API, and Grok API
  */
 
 import { checkClaudeCLIAuth, authenticateClaude, logoutClaude, type ClaudeAuthStatus } from './claude.js';
 import { checkOpenAIAuth, authenticateOpenAI, logoutOpenAI, type OpenAIAuthStatus } from './openai.js';
-import { clearAllCredentials } from './keychain.js';
+import { checkGeminiAuth, authenticateGemini, logoutGemini, type GeminiAuthStatus } from './gemini.js';
+import { checkGrokAuth, authenticateGrok, logoutGrok, type GrokAuthStatus } from './grok.js';
+import { clearAllCredentials, deleteCredential } from './keychain.js';
 import type { AuthStatus } from '../types/index.js';
 
 // Re-export individual auth modules
 export * from './claude.js';
 export * from './openai.js';
+export * from './gemini.js';
+export * from './grok.js';
 export * from './keychain.js';
 export * from './server.js';
 
@@ -20,22 +24,30 @@ export * from './server.js';
 export interface CombinedAuthStatus {
   claude: ClaudeAuthStatus;
   openai: OpenAIAuthStatus;
+  gemini: GeminiAuthStatus;
+  grok: GrokAuthStatus;
   fullyAuthenticated: boolean;
+  hasArbitrator: boolean;
 }
 
 /**
- * Get the authentication status for both services
+ * Get the authentication status for all services
  */
 export async function getAuthStatus(): Promise<CombinedAuthStatus> {
-  const [claudeStatus, openaiStatus] = await Promise.all([
+  const [claudeStatus, openaiStatus, geminiStatus, grokStatus] = await Promise.all([
     checkClaudeCLIAuth(),
     checkOpenAIAuth(),
+    checkGeminiAuth(),
+    checkGrokAuth(),
   ]);
 
   return {
     claude: claudeStatus,
     openai: openaiStatus,
+    gemini: geminiStatus,
+    grok: grokStatus,
     fullyAuthenticated: claudeStatus.authenticated && openaiStatus.authenticated,
+    hasArbitrator: geminiStatus.authenticated || openaiStatus.authenticated || grokStatus.authenticated,
   };
 }
 
@@ -56,6 +68,14 @@ export async function getAuthStatusForDisplay(): Promise<AuthStatus> {
       keyLastFour: status.openai.keyLastFour,
       modelAccess: status.openai.modelAccess,
     },
+    gemini: {
+      authenticated: status.gemini.authenticated,
+      keyLastFour: status.gemini.keyLastFour,
+    },
+    grok: {
+      authenticated: status.grok.authenticated,
+      keyLastFour: status.grok.keyLastFour,
+    },
   };
 }
 
@@ -98,17 +118,21 @@ export async function ensureAuthenticated(): Promise<boolean> {
 /**
  * Authenticate a specific service
  *
- * @param service - The service to authenticate ('claude', 'openai', or 'all')
+ * @param service - The service to authenticate ('claude', 'openai', 'gemini', 'grok', or 'all')
  * @returns True if authentication was successful
  */
 export async function authenticateService(
-  service: 'claude' | 'openai' | 'all'
+  service: 'claude' | 'openai' | 'gemini' | 'grok' | 'all'
 ): Promise<boolean> {
   switch (service) {
     case 'claude':
       return authenticateClaude();
     case 'openai':
       return authenticateOpenAI();
+    case 'gemini':
+      return authenticateGemini();
+    case 'grok':
+      return authenticateGrok();
     case 'all':
       return ensureAuthenticated();
   }
@@ -117,9 +141,9 @@ export async function authenticateService(
 /**
  * Logout from a specific service or all services
  *
- * @param service - The service to logout from ('claude', 'openai', or 'all')
+ * @param service - The service to logout from ('claude', 'openai', 'gemini', 'grok', or 'all')
  */
-export async function logout(service: 'claude' | 'openai' | 'all'): Promise<void> {
+export async function logout(service: 'claude' | 'openai' | 'gemini' | 'grok' | 'all'): Promise<void> {
   switch (service) {
     case 'claude':
       await logoutClaude();
@@ -127,8 +151,16 @@ export async function logout(service: 'claude' | 'openai' | 'all'): Promise<void
     case 'openai':
       await logoutOpenAI();
       break;
+    case 'gemini':
+      await logoutGemini();
+      break;
+    case 'grok':
+      await logoutGrok();
+      break;
     case 'all':
       await clearAllCredentials();
+      // Also clear grok credential
+      await deleteCredential('grok-api');
       console.log('All credentials removed.');
       break;
   }
@@ -140,7 +172,7 @@ export async function logout(service: 'claude' | 'openai' | 'all'): Promise<void
  * @param service - The service to check
  * @returns True if the service is authenticated
  */
-export async function isAuthenticated(service: 'claude' | 'openai' | 'both'): Promise<boolean> {
+export async function isAuthenticated(service: 'claude' | 'openai' | 'gemini' | 'grok' | 'both' | 'all'): Promise<boolean> {
   const status = await getAuthStatus();
 
   switch (service) {
@@ -148,8 +180,14 @@ export async function isAuthenticated(service: 'claude' | 'openai' | 'both'): Pr
       return status.claude.authenticated;
     case 'openai':
       return status.openai.authenticated;
+    case 'gemini':
+      return status.gemini.authenticated;
+    case 'grok':
+      return status.grok.authenticated;
     case 'both':
       return status.fullyAuthenticated;
+    case 'all':
+      return status.fullyAuthenticated && status.gemini.authenticated;
   }
 }
 

package/src/auth/keychain.ts

@@ -1,27 +1,68 @@
 /**
- * Keychain wrapper for secure credential storage
- * Uses keytar for cross-platform keychain access (macOS Keychain, Windows Credential Vault, Linux Secret Service)
+ * Credential storage module
+ * Uses file-based storage in ~/.popeye/ directory
+ * Falls back to environment variables
  */
 
-import * as keytar from 'keytar';
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as os from 'node:os';
 import { SERVICE_NAME, KEYCHAIN_ACCOUNTS, ENV_VARS } from '../config/defaults.js';
 
 /**
- * Get a credential from the system keychain
- * Falls back to environment variable if keychain is unavailable
+ * Get the credentials file path
+ */
+function getCredentialsPath(): string {
+  const popeyeDir = path.join(os.homedir(), '.popeye');
+
+  // Ensure directory exists
+  if (!fs.existsSync(popeyeDir)) {
+    fs.mkdirSync(popeyeDir, { mode: 0o700, recursive: true });
+  }
+
+  return path.join(popeyeDir, 'credentials.json');
+}
+
+/**
+ * Load credentials from file
+ */
+function loadCredentials(): Record<string, string> {
+  try {
+    const filePath = getCredentialsPath();
+    if (fs.existsSync(filePath)) {
+      const data = fs.readFileSync(filePath, 'utf-8');
+      return JSON.parse(data);
+    }
+  } catch {
+    // Ignore errors, return empty
+  }
+  return {};
+}
+
+/**
+ * Save credentials to file
+ */
+function saveCredentials(credentials: Record<string, string>): void {
+  const filePath = getCredentialsPath();
+  fs.writeFileSync(filePath, JSON.stringify(credentials, null, 2), {
+    mode: 0o600, // Owner read/write only
+  });
+}
+
+/**
+ * Get a credential from storage
+ * Falls back to environment variable if not found
  *
  * @param account - The account name (e.g., 'claude-cli', 'openai-api')
  * @returns The stored credential or null if not found
  */
 export async function getCredential(account: string): Promise<string | null> {
-  try {
-    const password = await keytar.getPassword(SERVICE_NAME, account);
-    if (password) {
-      return password;
-    }
-  } catch {
-    // Keychain unavailable, fall back to environment variables
-    console.warn(`Keychain unavailable for ${account}, checking environment variables`);
+  // First check file storage
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+
+  if (credentials[key]) {
+    return credentials[key];
   }
 
   // Fallback to environment variables
@@ -31,43 +72,47 @@ export async function getCredential(account: string): Promise<string | null> {
   if (account === KEYCHAIN_ACCOUNTS.CLAUDE) {
     return process.env[ENV_VARS.ANTHROPIC_KEY] || null;
   }
+  if (account === KEYCHAIN_ACCOUNTS.GEMINI) {
+    return process.env[ENV_VARS.GEMINI_KEY] || null;
+  }
 
   return null;
 }
 
 /**
- * Store a credential in the system keychain
+ * Store a credential
  *
  * @param account - The account name
  * @param password - The credential to store
  */
 export async function setCredential(account: string, password: string): Promise<void> {
-  try {
-    await keytar.setPassword(SERVICE_NAME, account, password);
-  } catch (error) {
-    throw new Error(
-      `Failed to store credential in keychain: ${error instanceof Error ? error.message : 'Unknown error'}`
-    );
-  }
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+  credentials[key] = password;
+  saveCredentials(credentials);
 }
 
 /**
- * Delete a credential from the system keychain
+ * Delete a credential from storage
  *
  * @param account - The account name
  * @returns True if the credential was deleted, false if it didn't exist
  */
 export async function deleteCredential(account: string): Promise<boolean> {
-  try {
-    return await keytar.deletePassword(SERVICE_NAME, account);
-  } catch (error) {
-    console.warn(`Failed to delete credential from keychain: ${error}`);
-    return false;
+  const credentials = loadCredentials();
+  const key = `${SERVICE_NAME}:${account}`;
+
+  if (credentials[key]) {
+    delete credentials[key];
+    saveCredentials(credentials);
+    return true;
   }
+
+  return false;
 }
 
 /**
- * Check if a credential exists in the keychain
+ * Check if a credential exists
  *
  * @param account - The account name
  * @returns True if the credential exists
@@ -119,12 +164,34 @@ export async function deleteOpenAICredential(): Promise<boolean> {
   return deleteCredential(KEYCHAIN_ACCOUNTS.OPENAI);
 }
 
+/**
+ * Get the Gemini API credential
+ */
+export async function getGeminiCredential(): Promise<string | null> {
+  return getCredential(KEYCHAIN_ACCOUNTS.GEMINI);
+}
+
+/**
+ * Set the Gemini API credential
+ */
+export async function setGeminiCredential(apiKey: string): Promise<void> {
+  return setCredential(KEYCHAIN_ACCOUNTS.GEMINI, apiKey);
+}
+
+/**
+ * Delete the Gemini API credential
+ */
+export async function deleteGeminiCredential(): Promise<boolean> {
+  return deleteCredential(KEYCHAIN_ACCOUNTS.GEMINI);
+}
+
 /**
  * Clear all stored credentials
  */
 export async function clearAllCredentials(): Promise<void> {
   await deleteClaudeCredential();
   await deleteOpenAICredential();
+  await deleteGeminiCredential();
 }
 
 /**

package/src/auth/openai.ts

@@ -3,15 +3,14 @@
  * Handles API key validation and storage
  */
 
+import * as readline from 'node:readline';
 import OpenAI from 'openai';
-import open from 'open';
 import {
   getOpenAICredential,
   setOpenAICredential,
   deleteOpenAICredential,
   maskCredential,
 } from './keychain.js';
-import { startAuthCallbackServer, findAvailablePort } from './server.js';
 
 /**
  * OpenAI authentication status
@@ -112,38 +111,32 @@ export async function checkOpenAIAuth(): Promise<OpenAIAuthStatus> {
 }
 
 /**
- * Launch the browser-based token entry popup
+ * Prompt for API key in the terminal
  *
  * @returns The entered API key or null if cancelled
  */
-export async function launchTokenEntryPopup(): Promise<string | null> {
-  try {
-    const port = await findAvailablePort(3000, 3100);
-
-    console.log('Opening browser for API key entry...\n');
-
-    // Start the token entry server
-    const authPromise = startAuthCallbackServer({
-      port,
-      type: 'openai',
-      timeout: 300000, // 5 minutes
+export async function promptForAPIKey(): Promise<string | null> {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
     });
 
-    // Open the browser
-    await open(`http://127.0.0.1:${port}`);
-
-    // Wait for the token
-    const result = await authPromise;
-
-    if (result.success && result.token) {
-      return result.token;
-    }
-
-    return null;
-  } catch (error) {
-    console.error(`Failed to launch token entry: ${error}`);
-    return null;
-  }
+    console.log('\nGet your API key from: https://platform.openai.com/api-keys\n');
+
+    rl.question('Enter your OpenAI API key (starts with sk-): ', (answer) => {
+      rl.close();
+      const key = answer.trim();
+      if (key && key.startsWith('sk-')) {
+        resolve(key);
+      } else if (key) {
+        console.log('\nWarning: Key does not start with "sk-", but trying anyway...');
+        resolve(key);
+      } else {
+        resolve(null);
+      }
+    });
+  });
 }
 
 /**
@@ -162,17 +155,17 @@ export async function authenticateOpenAI(): Promise<boolean> {
   console.log('OpenAI API key required.');
 
   try {
-    // Launch the token entry popup
-    const token = await launchTokenEntryPopup();
+    // Prompt for the API key
+    const apiKey = await promptForAPIKey();
 
-    if (!token) {
-      console.error('No API key provided');
+    if (!apiKey) {
+      console.error('\nNo API key provided');
       return false;
     }
 
     // Validate the token
-    console.log('Validating API key...');
-    const isValid = await validateOpenAIToken(token);
+    console.log('\nValidating API key...');
+    const isValid = await validateOpenAIToken(apiKey);
 
     if (!isValid) {
       console.error('Invalid OpenAI API key');
@@ -180,7 +173,7 @@ export async function authenticateOpenAI(): Promise<boolean> {
     }
 
     // Store the token
-    await setOpenAICredential(token);
+    await setOpenAICredential(apiKey);
     console.log('OpenAI API authenticated successfully!\n');
 
     return true;