robot-resources 1.15.2 → 1.15.3

package/package.json

@@ -1,54 +1,12 @@
 {
   "name": "robot-resources",
-  "version": "1.15.2",
-  "description": "Robot Resources — AI agent tools. One command to install everything.",
-  "type": "module",
-  "bin": {
-    "robot-resources-setup": "./bin/setup.js"
-  },
-  "main": "./bin/setup.js",
+  "version": "1.15.3",
+  "main": "index.js",
   "scripts": {
-    "test": "vitest",
-    "test:run": "vitest run"
-  },
-  "files": [
-    "bin/",
-    "lib/",
-    "README.md"
-  ],
-  "dependencies": {
-    "@inquirer/prompts": "^7.0.0",
-    "@robot-resources/router": "*",
-    "@robot-resources/scraper": "*"
-  },
-  "devDependencies": {
-    "vitest": "^1.2.0"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  },
-  "keywords": [
-    "ai",
-    "agents",
-    "llm",
-    "router",
-    "scraper",
-    "mcp",
-    "cost-optimization",
-    "robot-resources"
-  ],
-  "license": "MIT",
-  "author": "Robot Resources Team",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/robot-resources/packages.git",
-    "directory": "packages/cli"
-  },
-  "homepage": "https://robotresources.ai",
-  "bugs": {
-    "url": "https://github.com/robot-resources/packages/issues"
+    "test": "echo \"Error: no test specified\" && exit 1"
   },
-  "publishConfig": {
-    "access": "public"
-  }
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "description": "Private — in active development. Not yet for public use."
 }

package/README.md

@@ -1,104 +0,0 @@
-# Robot Resources
-
-> Tools for AI agents and agentic software. Humans have HR. Agents have RR.
-
-Robot Resources builds tools for AI agents and any software that makes LLM API calls — chatbots, RAG pipelines, AI-powered apps, internal tools. Two products today: **Router** (smart model selection — picks the right model for each task, 60-90% cost savings as a side effect) and **Scraper** (token compression for web content, median 91% token reduction). Both run locally. Both free.
-
-## Quick Start
-
-```bash
-npx -y robot-resources
-```
-
-Detects your project shape (Node / Python / OpenClaw) and installs the right shim. No login, no API keys to enter, no signup. Router uses your existing provider keys — they never leave your machine.
-
-## Router
-
-Smart model selection. Classifies each prompt by task type (coding / reasoning / analysis / simple_qa / creative / general), filters by model capability, then within the qualifying set picks the cheapest. Routes the right model for the task — cost savings (60-90% across mixed workloads) follow from that, not the other way around. Hybrid classification: keyword fast-path (~5ms, ~70% of prompts) + LLM slow-path for ambiguous prompts (~200ms). Routes across Anthropic, OpenAI, and Google when the corresponding keys are present.
-
-Three ways to install on a dev machine:
-
-- **OpenClaw users** get an in-process plugin inside the OC gateway. Anthropic, OpenAI, and Google calls each route to their native upstream — no cross-shape body translation.
-- **Node projects** get an auto-attach shim (`NODE_OPTIONS=--require .../auto.cjs`). Every Anthropic, OpenAI, and Google SDK call from any Node process routes automatically. No code changes.
-- **Python projects** get a `.pth` auto-attach shim in your venv. Every `anthropic` / `openai` / `google.generativeai` SDK call routes automatically. No code changes.
-
-For runtimes that ignore `NODE_OPTIONS` / `.pth` (Bun, Deno, Vercel Edge, Go, Rust, etc.), call the HTTP API directly: `POST https://api.robotresources.ai/v1/route`. Authed by API key, 100 req/min, CORS open.
-
-For explicit control inside JS / Python code, use the routing-decision library:
-
-```bash
-npm install @robot-resources/router      # JS / TS
-pip install robot-resources              # Python (singular package name)
-```
-
-```js
-import { routePrompt } from '@robot-resources/router/routing';
-const decision = routePrompt('write a python function that reverses a string');
-// decision.selected_model → 'claude-haiku-4-5' (or similar — cheapest qualifying)
-```
-
-```python
-from robot_resources.router import route
-decision = route('write a python function that reverses a string')
-```
-
-Returns a routing decision; your code makes the actual LLM call with the selected model. Each request goes from your machine straight to the lab's API (`api.anthropic.com` / `api.openai.com` / `generativelanguage.googleapis.com`) using your existing key for that lab. Nothing is relayed through our infrastructure.
-
-## Scraper
-
-Token compression for web content. Fetches any URL, strips noise, returns clean markdown with token count. Median 91% token reduction per page (verified across 41 page types). Mozilla Readability extraction (0.97 F1). Content-aware token estimation calibrated per content type, ±15% of actual BPE. 3-tier fetch (fast / stealth via TLS fingerprint / render via headless browser), BFS multi-page crawl, robots.txt compliance.
-
-Three ways to consume:
-
-- **JS library** — `npm install @robot-resources/scraper` → `import { scrape } from '@robot-resources/scraper'`
-- **MCP server** — `npx -y @robot-resources/scraper scraper-mcp` exposes `scraper_compress_url(url)` and crawl tools to any MCP-compatible client. Auto-wired into OpenClaw by the wizard; for other clients (Cursor, Claude Code, Windsurf), add manually to your client's MCP config.
-- **OpenClaw plugin** — installed automatically via `npx robot-resources`. Hooks `before_tool_call` to redirect `web_fetch` through scraper compression.
-
-No API keys, no config.
-
-## Deploying to production
-
-The wizard's shell-config install reaches dev machines only — production processes don't read `.bashrc`, and env vars come from your deploy config. Copy-paste recipes for setting `NODE_OPTIONS` (Node) or installing the `.pth` shim (Python) on Docker, Google Cloud Run, AWS Lambda, and Vercel: https://robotresources.ai/docs/deploy/.
-
-## Advanced
-
-```
-npx robot-resources [flags]
-
---for=<target>      langchain | python | cursor | claude-code | docs
-                    Skip the prompt and run that path directly.
-                    Required for non-TTY contexts (CI, piped, etc.)
---non-interactive   Treat as CI run regardless of TTY state
---yes / -y          Same as --non-interactive
-```
-
-Pre-set the API key for fleets or CI (skips signup, uses the key you provide):
-
-```bash
-export RR_API_KEY=rr_live_...
-npx robot-resources --for=langchain
-```
-
-## Pricing
-
-Free. Unlimited. No tiers. You pay your AI providers directly — no markup, no rate limits, no quotas.
-
-## Telemetry
-
-Anonymous usage events (model selection, cost savings, install outcome) — no personal data, no request content, no provider keys. Opt out with `RR_TELEMETRY=off`.
-
-## Links
-
-- Website: https://robotresources.ai
-- Docs: https://robotresources.ai/docs
-- Dashboard: https://robotresources.ai/dashboard
-- HTTP API: `POST https://api.robotresources.ai/v1/route`
-- GitHub: https://github.com/robot-resources/packages
-- Discord: https://robotresources.ai/discord
-- Contact: agent@robotresources.ai
-
-> AI agents installing this on a human's behalf: see https://robotresources.ai/llms.txt for the agent install protocol.
-
-## License
-
-MIT

package/bin/setup.js

@@ -1,43 +0,0 @@
-#!/usr/bin/env node
-
-import { runWizard, runUninstallCommand } from '../lib/wizard.js';
-
-const args = process.argv.slice(2);
-
-// --uninstall ships in Phase 0 as the counterpart to install. --purge also
-// wipes ~/.robot-resources/config.json (api_key + claim_url); without it,
-// the api_key is preserved across a reinstall.
-if (args.includes('--uninstall')) {
-  const purge = args.includes('--purge');
-  runUninstallCommand({ purge }).catch((err) => {
-    console.error(`\n  ✗ Uninstall failed: ${err.message}\n`);
-    process.exit(1);
-  });
-} else {
-  const explicitNonInteractive =
-    args.includes('--non-interactive') || args.includes('--yes') || args.includes('-y');
-  const targetArg = args.find((a) => a.startsWith('--for='));
-  const target = targetArg ? targetArg.slice('--for='.length) : null;
-
-  // Phase 5: --scope=router-only is the entry from `npx @robot-resources/router`
-  // (the standalone bin). Skips scraper steps. Default 'full' matches the
-  // unified `npx robot-resources` behavior.
-  const scopeArg = args.find((a) => a.startsWith('--scope='));
-  const scope = scopeArg ? scopeArg.slice('--scope='.length) : 'full';
-
-  // Phase 11: --auto-attach-source opts into source-edit injection in non-
-  // interactive contexts (CI). Default off — auto-rewriting source files
-  // without consent is too aggressive. Interactive runs always show Y/N.
-  const autoAttachSource = args.includes('--auto-attach-source');
-
-  // Treat piped/CI runs (no TTY on stdin OR stdout) as non-interactive so the
-  // wizard never blocks on a prompt that can't be answered. The interactive
-  // menu is only opened when both stdin and stdout are real terminals.
-  const hasTty = Boolean(process.stdin.isTTY && process.stdout.isTTY);
-  const nonInteractive = explicitNonInteractive || !hasTty;
-
-  runWizard({ nonInteractive, target, scope, autoAttachSource }).catch((err) => {
-    console.error(`\n  ✗ Setup failed: ${err.message}\n`);
-    process.exit(1);
-  });
-}

package/lib/auth.mjs

@@ -1,261 +0,0 @@
-import { createHash, randomBytes } from 'node:crypto';
-import { createServer } from 'node:http';
-
-// Supabase anon key is a public client key (like Stripe's publishable key).
-// Security is enforced by Row Level Security policies, not key secrecy.
-// Override via env vars for alternative Supabase instances.
-const SUPABASE_URL =
-  process.env.SUPABASE_URL || 'https://tbnliojrqmcagojtvqpe.supabase.co';
-const SUPABASE_ANON_KEY =
-  process.env.SUPABASE_ANON_KEY ||
-  'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRibmxpb2pycW1jYWdvanR2cXBlIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzMyNjIxNzAsImV4cCI6MjA4ODgzODE3MH0.GKlpbVFgBbcV0OwxFZuOb-LfqtOu95ZiR33KNOONPI0';
-
-const PREFERRED_PORT = 54321;
-
-/**
- * Generate PKCE code verifier + challenge
- */
-function generatePKCE() {
-  const verifier = randomBytes(32)
-    .toString('base64url')
-    .slice(0, 64);
-  const challenge = createHash('sha256')
-    .update(verifier)
-    .digest('base64url');
-  return { verifier, challenge };
-}
-
-/**
- * Build the Supabase OAuth URL for GitHub login
- */
-export function buildAuthUrl(codeChallenge, callbackUrl) {
-  const params = new URLSearchParams({
-    provider: 'github',
-    redirect_to: callbackUrl,
-    flow_type: 'pkce',
-    code_challenge: codeChallenge,
-    code_challenge_method: 'S256',
-  });
-  return `${SUPABASE_URL}/auth/v1/authorize?${params}`;
-}
-
-const MAX_BODY = 8192;
-
-/**
- * Create callback server. Returns { server, resultPromise, nonce }.
- * resultPromise resolves with { type: 'code', code } or { type: 'token', access_token }.
- * The nonce protects /receive-token from cross-origin requests.
- */
-function createCallbackServer() {
-  let resolveResult, rejectResult;
-  const resultPromise = new Promise((resolve, reject) => {
-    resolveResult = resolve;
-    rejectResult = reject;
-  });
-
-  const nonce = randomBytes(16).toString('hex');
-  const tokenPath = `/receive-token/${nonce}`;
-
-  const timeout = setTimeout(() => {
-    server.close();
-    rejectResult(new Error('Login timed out after 120 seconds'));
-  }, 120_000);
-
-  const server = createServer((req, res) => {
-    const port = server.address()?.port ?? PREFERRED_PORT;
-    const url = new URL(req.url, `http://localhost:${port}`);
-
-    // Handle token/debug info posted from browser (nonce-protected)
-    if (url.pathname === tokenPath && req.method === 'POST') {
-      let body = '';
-      req.on('data', (chunk) => {
-        body += chunk;
-        if (body.length > MAX_BODY) {
-          req.destroy();
-          clearTimeout(timeout);
-          server.close();
-          rejectResult(new Error('Request body too large'));
-        }
-      });
-      req.on('end', () => {
-        res.writeHead(200);
-        res.end('ok');
-        clearTimeout(timeout);
-        server.close();
-
-        if (body.startsWith('NO_FRAGMENT:')) {
-          rejectResult(new Error('No tokens received from browser redirect'));
-        } else {
-          const params = new URLSearchParams(body);
-          const accessToken = params.get('access_token');
-          if (accessToken) {
-            resolveResult({ type: 'token', access_token: accessToken });
-          } else {
-            rejectResult(new Error('Unexpected callback data'));
-          }
-        }
-      });
-      return;
-    }
-
-    if (url.pathname === '/callback') {
-      const code = url.searchParams.get('code');
-
-      if (code) {
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end(`
-          <html>
-            <body style="background:#0a0a0a;color:#ff6600;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
-              <div style="text-align:center">
-                <h1>&#9632; Robot Resources</h1>
-                <p style="color:#00ff41">Login successful. You can close this tab.</p>
-              </div>
-            </body>
-          </html>
-        `);
-        clearTimeout(timeout);
-        server.close();
-        resolveResult({ type: 'code', code });
-      } else {
-        // No code in query params — serve page that captures the full URL
-        // (fragment tokens, errors, etc.) and sends it back via nonce-protected endpoint
-        res.writeHead(200, { 'Content-Type': 'text/html' });
-        res.end(`
-          <html>
-            <body style="background:#0a0a0a;color:#ff6600;font-family:monospace;display:flex;align-items:center;justify-content:center;height:100vh;margin:0">
-              <div style="text-align:center">
-                <h1>&#9632; Robot Resources</h1>
-                <p id="msg">Completing login...</p>
-              </div>
-            </body>
-            <script>
-              const fullUrl = window.location.href;
-              const hash = window.location.hash.substring(1);
-              const payload = hash || 'NO_FRAGMENT:' + fullUrl;
-              fetch('${tokenPath}', { method: 'POST', body: payload })
-                .then(() => {
-                  if (hash && hash.includes('access_token')) {
-                    document.getElementById('msg').style.color = '#00ff41';
-                    document.getElementById('msg').textContent = 'Login successful. You can close this tab.';
-                  } else {
-                    document.getElementById('msg').style.color = '#ffaa00';
-                    document.getElementById('msg').textContent = 'Something went wrong. Check terminal.';
-                  }
-                });
-            </script>
-          </html>
-        `);
-      }
-      return;
-    }
-
-    // Reject all other paths
-    res.writeHead(404);
-    res.end();
-  });
-
-  server.on('error', (err) => {
-    clearTimeout(timeout);
-    rejectResult(new Error(`Could not start callback server: ${err.message}`));
-  });
-
-  return { server, resultPromise, nonce };
-}
-
-/**
- * Exchange the auth code + PKCE verifier for a Supabase session.
- */
-async function exchangeCodeForSession(code, codeVerifier) {
-  const res = await fetch(`${SUPABASE_URL}/auth/v1/token?grant_type=pkce`, {
-    method: 'POST',
-    headers: {
-      'Content-Type': 'application/json',
-      apikey: SUPABASE_ANON_KEY,
-    },
-    body: JSON.stringify({
-      auth_code: code,
-      code_verifier: codeVerifier,
-    }),
-  });
-
-  if (!res.ok) {
-    const body = await res.text();
-    throw new Error(`Token exchange failed (${res.status}): ${body}`);
-  }
-
-  return res.json();
-}
-
-/**
- * Try to listen on the preferred port, fall back to OS-assigned port.
- */
-function listenWithFallback(server) {
-  return new Promise((resolve, reject) => {
-    server.once('error', (err) => {
-      if (err.code === 'EADDRINUSE') {
-        // Preferred port busy — let OS assign one
-        server.listen(0, '127.0.0.1', () => resolve(server.address().port));
-      } else {
-        reject(err);
-      }
-    });
-    server.listen(PREFERRED_PORT, '127.0.0.1', () => resolve(server.address().port));
-  });
-}
-
-/**
- * Full OAuth flow with PKCE + implicit fallback.
- * Returns { access_token, refresh_token, user }.
- */
-export async function authenticate() {
-  const { verifier, challenge } = generatePKCE();
-
-  // Create server and wait for it to be listening
-  const { server, resultPromise } = createCallbackServer();
-
-  const port = await listenWithFallback(server);
-  const callbackUrl = `http://localhost:${port}/callback`;
-  const authUrl = buildAuthUrl(challenge, callbackUrl);
-
-  console.log(`\n  Auth URL: ${authUrl}\n`);
-
-  // Open browser (use execFile to avoid shell injection)
-  const { execFile } = await import('node:child_process');
-  if (process.platform === 'win32') {
-    // 'start' is a cmd.exe builtin, not an executable — must invoke via cmd.exe
-    execFile('cmd.exe', ['/c', 'start', '""', authUrl]);
-  } else {
-    const openCmd = process.platform === 'darwin' ? 'open' : 'xdg-open';
-    execFile(openCmd, [authUrl]);
-  }
-
-  console.log('  Waiting for GitHub authorization...\n');
-
-  // Wait for the callback
-  const result = await resultPromise;
-
-  if (result.type === 'code') {
-    // PKCE flow — exchange code for session
-    const session = await exchangeCodeForSession(result.code, verifier);
-    return {
-      access_token: session.access_token,
-      refresh_token: session.refresh_token,
-      user: session.user,
-    };
-  } else {
-    // Implicit flow fallback — we have the access_token directly
-    const res = await fetch(`${SUPABASE_URL}/auth/v1/user`, {
-      headers: {
-        apikey: SUPABASE_ANON_KEY,
-        Authorization: `Bearer ${result.access_token}`,
-      },
-    });
-    if (!res.ok) throw new Error('Failed to fetch user info');
-    const user = await res.json();
-    return {
-      access_token: result.access_token,
-      refresh_token: null,
-      user,
-    };
-  }
-}

package/lib/config.mjs

@@ -1,55 +0,0 @@
-import { readFileSync, writeFileSync, mkdirSync } from 'node:fs';
-import { homedir } from 'node:os';
-import { join } from 'node:path';
-
-const CONFIG_DIR = join(homedir(), '.robot-resources');
-const CONFIG_FILE = join(CONFIG_DIR, 'config.json');
-
-export function getConfigPath() {
-  return CONFIG_FILE;
-}
-
-export function getConfigDir() {
-  return CONFIG_DIR;
-}
-
-export function readConfig() {
-  try {
-    return JSON.parse(readFileSync(CONFIG_FILE, 'utf-8'));
-  } catch {
-    return {};
-  }
-}
-
-export function writeConfig(data) {
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  const existing = readConfig();
-  const merged = { ...existing, ...data };
-  writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n', { mode: 0o600 });
-  return merged;
-}
-
-export function readProviderKeys() {
-  const config = readConfig();
-  return config.provider_keys || {};
-}
-
-export function writeProviderKeys(keys) {
-  mkdirSync(CONFIG_DIR, { recursive: true });
-  const existing = readConfig();
-  const existingProviderKeys = existing.provider_keys || {};
-  const merged = {
-    ...existing,
-    provider_keys: { ...existingProviderKeys, ...keys },
-  };
-  writeFileSync(CONFIG_FILE, JSON.stringify(merged, null, 2) + '\n', { mode: 0o600 });
-  return merged;
-}
-
-export function clearConfig() {
-  try {
-    writeFileSync(CONFIG_FILE, '{}\n', { mode: 0o600 });
-  } catch {
-    // config file doesn't exist, that's fine
-  }
-}