reskill 1.11.2 → 1.12.0

package/README.md

@@ -208,9 +208,12 @@ Skills are installed to `.skills/` by default and can be integrated with any age
 Publish your skills to the registry for others to use:
 
 ```bash
-# Login to the registry
+# Interactive login (recommended for humans — guides you through token setup)
 reskill login
 
+# Non-interactive login (for CI/CD — pass token directly)
+reskill login --token <your-token>
+
 # Validate without publishing (dry run)
 reskill publish --dry-run
 

package/dist/cli/commands/login.d.ts

@@ -1,10 +1,23 @@
 /**
  * login command - Authenticate with a reskill registry
  *
- * Token-only login: requires a pre-generated token from Web UI.
- * Logs in to the registry and stores the token in ~/.reskillrc
+ * Supports two modes:
+ * 1. Interactive: prompts user to paste token (default when no --token flag)
+ * 2. Non-interactive: uses --token flag directly (for CI/CD)
+ *
+ * Tokens are stored in ~/.reskillrc per registry.
  */
 import { Command } from 'commander';
+/**
+ * Build the token settings page URL for a registry
+ */
+export declare function getTokenPageUrl(registry: string): string;
+/**
+ * Prompt user to paste their access token interactively.
+ * Shows a fixed-length mask on input for visual feedback without revealing token length.
+ * Retries on empty input, returns null only on explicit cancel (Ctrl+C).
+ */
+export declare function promptForToken(registry: string): Promise<string | null>;
 export declare const loginCommand: Command;
 export default loginCommand;
 //# sourceMappingURL=login.d.ts.map

package/dist/cli/commands/login.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAyFpC,eAAO,MAAM,YAAY,SAOH,CAAC;AAEvB,eAAe,YAAY,CAAC"}
+{"version":3,"file":"login.d.ts","sourceRoot":"","sources":["../../../src/cli/commands/login.ts"],"names":[],"mappings":"AAAA;;;;;;;;GAQG;AAEH,OAAO,EAAE,OAAO,EAAE,MAAM,WAAW,CAAC;AAmBpC;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGxD;AAiGD;;;;GAIG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CA6B7E;AA4ED,eAAO,MAAM,YAAY,SAOH,CAAC;AAEvB,eAAe,YAAY,CAAC"}

package/dist/cli/index.js

@@ -6899,32 +6899,146 @@ class AuthManager {
 /**
  * login command - Authenticate with a reskill registry
  *
- * Token-only login: requires a pre-generated token from Web UI.
- * Logs in to the registry and stores the token in ~/.reskillrc
+ * Supports two modes:
+ * 1. Interactive: prompts user to paste token (default when no --token flag)
+ * 2. Non-interactive: uses --token flag directly (for CI/CD)
+ *
+ * Tokens are stored in ~/.reskillrc per registry.
  */ // ============================================================================
+// Helpers
+// ============================================================================
+/**
+ * Build the token settings page URL for a registry
+ */ function getTokenPageUrl(registry) {
+    const base = registry.endsWith('/') ? registry.slice(0, -1) : registry;
+    return `${base}/skills/tokens`;
+}
+const MASK = '••••••••';
+const CANCELLED = Symbol('cancelled');
+/**
+ * Erase N characters behind the cursor and clear to end of line.
+ */ function eraseChars(count) {
+    process.stdout.write(`\x1b[${count}D\x1b[0K`);
+}
+/**
+ * Read a line from piped stdin (non-TTY).
+ */ function readFromPipe() {
+    return new Promise((resolve, reject)=>{
+        const chunks = [];
+        const onData = (chunk)=>chunks.push(chunk);
+        const onEnd = ()=>{
+            cleanup();
+            const value = Buffer.concat(chunks).toString().trim();
+            resolve(value || null);
+        };
+        const onError = (err)=>{
+            cleanup();
+            reject(err);
+        };
+        const cleanup = ()=>{
+            process.stdin.removeListener('data', onData);
+            process.stdin.removeListener('end', onEnd);
+            process.stdin.removeListener('error', onError);
+        };
+        process.stdin.on('data', onData);
+        process.stdin.on('end', onEnd);
+        process.stdin.on('error', onError);
+        process.stdin.resume();
+    });
+}
+/**
+ * Read token from TTY stdin in raw mode with fixed-length mask feedback.
+ *
+ * Returns:
+ * - token string on valid input + Enter
+ * - empty string on empty Enter (no input)
+ * - CANCELLED symbol on Ctrl+C
+ */ function readFromTTY() {
+    return new Promise((resolve)=>{
+        let input = '';
+        let masked = false;
+        process.stdin.setRawMode(true);
+        process.stdin.resume();
+        process.stdin.setEncoding('utf8');
+        const finish = (value)=>{
+            process.stdin.setRawMode(false);
+            process.stdin.pause();
+            process.stdin.removeAllListeners('data');
+            process.stdout.write('\n');
+            resolve(value);
+        };
+        process.stdin.on('data', (data)=>{
+            for (const ch of data){
+                if ('\r' === ch || '\n' === ch) return finish(input.trim());
+                if ('\x03' === ch) return finish(CANCELLED);
+                if ('\x7f' === ch || '\b' === ch) {
+                    // Fixed-length mask can't represent per-char deletion — clear all to let user retry
+                    if (input.length > 0) {
+                        input = '';
+                        if (masked) {
+                            eraseChars(MASK.length);
+                            masked = false;
+                        }
+                    }
+                    continue;
+                }
+                if (ch >= ' ') {
+                    input += ch;
+                    if (!masked) {
+                        process.stdout.write(MASK);
+                        masked = true;
+                    }
+                }
+            }
+        });
+    });
+}
+/**
+ * Prompt user to paste their access token interactively.
+ * Shows a fixed-length mask on input for visual feedback without revealing token length.
+ * Retries on empty input, returns null only on explicit cancel (Ctrl+C).
+ */ async function promptForToken(registry) {
+    const tokenPageUrl = getTokenPageUrl(registry);
+    logger_logger.newline();
+    logger_logger.log(`  Registry: ${registry}`);
+    logger_logger.newline();
+    logger_logger.log('  To get your access token:');
+    logger_logger.log(`    1. Open ${tokenPageUrl}`);
+    logger_logger.log('    2. Login and generate an API token');
+    logger_logger.log('    3. Copy the token and paste it below');
+    logger_logger.newline();
+    if (!process.stdin.isTTY) return readFromPipe();
+    while(true){
+        process.stdout.write('  Paste your access token: ');
+        const result = await readFromTTY();
+        if (result === CANCELLED) return null;
+        if (result.length > 0) return result;
+        logger_logger.warn('  Token cannot be empty. Please try again.');
+    }
+}
+// ============================================================================
 // Main Action
 // ============================================================================
 async function loginAction(options) {
     const registry = resolveRegistry(options.registry);
     const authManager = new AuthManager();
-    // Token is required (no email/password login)
-    if (!options.token) {
-        logger_logger.error('Token is required');
-        logger_logger.newline();
-        logger_logger.log('To get a token:');
-        logger_logger.log('  1. Visit the Registry Web UI');
-        logger_logger.log('  2. Login and generate an API token');
-        logger_logger.log('  3. Run: reskill login --registry <url> --token <token>');
-        process.exit(1);
+    let token;
+    if (options.token) token = options.token;
+    else {
+        const prompted = await promptForToken(registry);
+        if (!prompted) {
+            logger_logger.warn('Login cancelled');
+            process.exit(0);
+        }
+        token = prompted;
     }
-    await loginWithToken(options.token, registry, authManager);
+    await loginWithToken(token, registry, authManager);
 }
 /**
  * Login with a pre-generated token from Web UI
  */ async function loginWithToken(token, registry, authManager) {
     logger_logger.log(`Verifying token with ${registry}...`);
     logger_logger.newline();
-    // Verify token by calling login-cli endpoint
     const client = new RegistryClient({
         registry,
         token
@@ -6935,7 +7049,6 @@ async function loginAction(options) {
             logger_logger.error(response.error || 'Token verification failed');
             process.exit(1);
         }
-        // Save token with handle and email
         authManager.setToken(token, registry, response.user.email, response.user.handle);
         logger_logger.log('✓ Token verified and saved!');
         logger_logger.newline();
@@ -6956,7 +7069,7 @@ async function loginAction(options) {
 // ============================================================================
 // Command Definition
 // ============================================================================
-const loginCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('login').description('Authenticate with a reskill registry').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-t, --token <token>', 'API token from Web UI (required)').action(loginAction);
+const loginCommand = new __WEBPACK_EXTERNAL_MODULE_commander__.Command('login').description('Authenticate with a reskill registry').option('-r, --registry <url>', 'Registry URL (or set RESKILL_REGISTRY env var, or defaults.publishRegistry in skills.json)').option('-t, --token <token>', 'API token from Web UI (skips interactive prompt)').action(loginAction);
 /**
  * logout command - Log out from a reskill registry
  *

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "reskill",
-  "version": "1.11.2",
+  "version": "1.12.0",
   "description": "AI Skills Package Manager - Git-based skills management for AI agents",
   "type": "module",
   "main": "./dist/index.js",