npm - rampup - Versions diffs - 0.1.0 - Mend

rampup 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/auth.js ADDED Viewed

@@ -0,0 +1,259 @@
+/**
+ * Ramp CLI Authentication
+ * Handles Firebase auth for CLI users
+ */
+import fs from 'fs/promises';
+import path from 'path';
+import os from 'os';
+import open from 'open';
+import http from 'http';
+const CONFIG_DIR = path.join(os.homedir(), '.ramp');
+const TOKEN_FILE = path.join(CONFIG_DIR, 'credentials.json');
+// Firebase config (same as web app)
+const FIREBASE_CONFIG = {
+  apiKey: 'AIzaSyBVUBNJXtlhuMAOMh-dcqZ-4MwDhgnQBWA',
+  authDomain: 'ramp-a2138.firebaseapp.com',
+  projectId: 'ramp-a2138',
+};
+/**
+ * Ensure config directory exists
+ */
+async function ensureConfigDir() {
+  try {
+    await fs.mkdir(CONFIG_DIR, { recursive: true });
+  } catch (err) {
+    if (err.code !== 'EEXIST') throw err;
+  }
+}
+/**
+ * Save credentials to disk
+ */
+async function saveCredentials(credentials) {
+  await ensureConfigDir();
+  await fs.writeFile(TOKEN_FILE, JSON.stringify(credentials, null, 2), 'utf8');
+  await fs.chmod(TOKEN_FILE, 0o600); // Only owner can read/write
+}
+/**
+ * Load saved credentials
+ */
+export async function loadCredentials() {
+  try {
+    const data = await fs.readFile(TOKEN_FILE, 'utf8');
+    return JSON.parse(data);
+  } catch (err) {
+    return null;
+  }
+}
+/**
+ * Clear saved credentials
+ */
+export async function clearCredentials() {
+  try {
+    await fs.unlink(TOKEN_FILE);
+  } catch (err) {
+    // Ignore if file doesn't exist
+  }
+}
+/**
+ * Check if token is expired
+ */
+function isTokenExpired(credentials) {
+  if (!credentials || !credentials.expiresAt) return true;
+  // Add 5 minute buffer
+  return Date.now() > credentials.expiresAt - 5 * 60 * 1000;
+}
+/**
+ * Refresh the ID token using refresh token
+ */
+async function refreshToken(refreshToken) {
+  const response = await fetch(
+    `https://securetoken.googleapis.com/v1/token?key=${FIREBASE_CONFIG.apiKey}`,
+    {
+      method: 'POST',
+      headers: { 'Content-Type': 'application/json' },
+      body: JSON.stringify({
+        grant_type: 'refresh_token',
+        refresh_token: refreshToken,
+      }),
+    }
+  );
+  if (!response.ok) {
+    throw new Error('Failed to refresh token');
+  }
+  const data = await response.json();
+  return {
+    idToken: data.id_token,
+    refreshToken: data.refresh_token,
+    expiresAt: Date.now() + parseInt(data.expires_in) * 1000,
+  };
+}
+/**
+ * Get a valid ID token, refreshing if necessary
+ */
+export async function getIdToken() {
+  const credentials = await loadCredentials();
+  if (!credentials) {
+    return null;
+  }
+  // Check if token needs refresh
+  if (isTokenExpired(credentials)) {
+    try {
+      const newCredentials = await refreshToken(credentials.refreshToken);
+      await saveCredentials({
+        ...credentials,
+        ...newCredentials,
+      });
+      return newCredentials.idToken;
+    } catch (err) {
+      // Refresh failed, user needs to login again
+      await clearCredentials();
+      return null;
+    }
+  }
+  return credentials.idToken;
+}
+/**
+ * Get user info from saved credentials
+ */
+export async function getUserInfo() {
+  const credentials = await loadCredentials();
+  if (!credentials) return null;
+  return {
+    email: credentials.email,
+    displayName: credentials.displayName,
+    uid: credentials.uid,
+  };
+}
+/**
+ * Login via browser OAuth flow
+ * Opens browser for Google sign-in, receives callback on local server
+ */
+export async function loginWithBrowser() {
+  return new Promise((resolve, reject) => {
+    const PORT = 9876;
+    // Create a simple HTTP server to receive the OAuth callback
+    const server = http.createServer(async (req, res) => {
+      const url = new URL(req.url, `http://localhost:${PORT}`);
+      if (url.pathname === '/callback') {
+        const idToken = url.searchParams.get('idToken');
+        const refreshToken = url.searchParams.get('refreshToken');
+        const email = url.searchParams.get('email');
+        const displayName = url.searchParams.get('displayName');
+        const uid = url.searchParams.get('uid');
+        const expiresIn = url.searchParams.get('expiresIn');
+        if (idToken && refreshToken) {
+          // Save credentials
+          await saveCredentials({
+            idToken,
+            refreshToken,
+            email,
+            displayName,
+            uid,
+            expiresAt: Date.now() + parseInt(expiresIn || '3600') * 1000,
+          });
+          // Send success page
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end(`
+            <!DOCTYPE html>
+            <html>
+            <head>
+              <title>Ramp - Login Successful</title>
+              <style>
+                body {
+                  font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+                  display: flex;
+                  justify-content: center;
+                  align-items: center;
+                  height: 100vh;
+                  margin: 0;
+                  background: linear-gradient(135deg, #1a1a2e 0%, #16213e 100%);
+                  color: white;
+                }
+                .container {
+                  text-align: center;
+                  padding: 40px;
+                }
+                h1 { color: #4ade80; margin-bottom: 10px; }
+                p { color: #94a3b8; }
+                .close-hint { margin-top: 20px; font-size: 14px; }
+              </style>
+            </head>
+            <body>
+              <div class="container">
+                <h1>✓ Login Successful</h1>
+                <p>Welcome, ${displayName || email}!</p>
+                <p class="close-hint">You can close this window and return to the terminal.</p>
+              </div>
+            </body>
+            </html>
+          `);
+          // Close server and resolve
+          server.close();
+          resolve({ email, displayName, uid });
+        } else {
+          res.writeHead(400, { 'Content-Type': 'text/html' });
+          res.end('<h1>Login Failed</h1><p>Missing credentials</p>');
+          server.close();
+          reject(new Error('Missing credentials in callback'));
+        }
+      } else if (url.pathname === '/') {
+        // Redirect to Firebase auth
+        res.writeHead(302, {
+          Location: `https://rampup.dev/cli-auth?redirect=http://localhost:${PORT}/callback`,
+        });
+        res.end();
+      } else {
+        res.writeHead(404);
+        res.end('Not found');
+      }
+    });
+    server.listen(PORT, async () => {
+      console.log(`\nOpening browser for authentication...`);
+      console.log(`If browser doesn't open, visit: http://localhost:${PORT}\n`);
+      try {
+        await open(`http://localhost:${PORT}`);
+      } catch (err) {
+        console.log(`Could not open browser automatically.`);
+      }
+    });
+    // Timeout after 5 minutes
+    setTimeout(() => {
+      server.close();
+      reject(new Error('Login timed out'));
+    }, 5 * 60 * 1000);
+  });
+}
+export default {
+  loadCredentials,
+  clearCredentials,
+  getIdToken,
+  getUserInfo,
+  loginWithBrowser,
+};

package/entitlements.js ADDED Viewed

@@ -0,0 +1,123 @@
+/**
+ * Entitlement Service Client for CLI
+ * Checks and burns tokens before AI calls
+ */
+import { getIdToken } from './auth.js';
+const ENTITLEMENT_API_URL = process.env.ENTITLEMENT_API_URL ||
+  'https://entitlement-service.rian-19c.workers.dev';
+// Action costs mapping
+const ACTION_COSTS = {
+  'learn': { action: 'chat', credits: 1 },
+  'ask': { action: 'chat', credits: 1 },
+  'guide': { action: 'generate', credits: 2 },
+  'voice': { action: 'chat', credits: 2 },
+  'architect': { action: 'debug', credits: 3 },
+};
+/**
+ * Check and burn tokens for a CLI action
+ * Uses saved credentials from ~/.ramp/credentials.json
+ */
+export async function checkAndBurnTokens(action, idempotencyKey) {
+  // Get token from saved credentials (auto-refreshes if expired)
+  const token = await getIdToken();
+  // If no token, allow (user not logged in)
+  if (!token) {
+    return { allowed: true, reason: 'Not logged in - run `ramp login` for credit tracking' };
+  }
+  const mapping = ACTION_COSTS[action] || ACTION_COSTS['ask'];
+  try {
+    // Check tokens first
+    const checkResponse = await fetch(
+      `${ENTITLEMENT_API_URL}/tokens/check?product=ramp&action=${mapping.action}`,
+      {
+        headers: {
+          'Authorization': `Bearer ${token}`,
+          'Content-Type': 'application/json',
+        },
+      }
+    );
+    if (!checkResponse.ok) {
+      const error = await checkResponse.json().catch(() => ({}));
+      console.warn('[Entitlement] Check failed:', error.message || checkResponse.status);
+      return { allowed: true }; // Fail open
+    }
+    const checkResult = await checkResponse.json();
+    if (!checkResult.hasTokens) {
+      return {
+        allowed: false,
+        reason: `Insufficient credits. Need ${checkResult.required}, have ${checkResult.available}. Visit rampup.dev to add more.`,
+      };
+    }
+    // Burn tokens
+    const burnResponse = await fetch(`${ENTITLEMENT_API_URL}/tokens/burn`, {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify({
+        product: 'ramp',
+        action: mapping.action,
+        idempotencyKey,
+      }),
+    });
+    if (!burnResponse.ok) {
+      console.warn('[Entitlement] Burn failed, allowing request');
+      return { allowed: true };
+    }
+    const burnResult = await burnResponse.json();
+    return {
+      allowed: true,
+      burned: burnResult.burned,
+      balance: burnResult.newBalance,
+    };
+  } catch (error) {
+    console.warn('[Entitlement] Error:', error.message);
+    return { allowed: true }; // Fail open
+  }
+}
+/**
+ * Get current token balance
+ */
+export async function getTokenBalance() {
+  // Get token from saved credentials (auto-refreshes if expired)
+  const token = await getIdToken();
+  if (!token) {
+    return null;
+  }
+  try {
+    const response = await fetch(`${ENTITLEMENT_API_URL}/tokens`, {
+      headers: {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json',
+      },
+    });
+    if (!response.ok) {
+      return null;
+    }
+    return await response.json();
+  } catch (error) {
+    return null;
+  }
+}
+export default { checkAndBurnTokens, getTokenBalance };