routstrd 0.2.6 → 0.2.9

package/src/utils/clients.ts

@@ -0,0 +1,304 @@
+import {
+  callDaemon,
+  loadConfig,
+  getDaemonBaseUrl,
+  ensureDaemonRunning,
+} from "./daemon-client";
+import {
+  parseSecretKey,
+  npubFromSecretKey,
+} from "./nip98";
+import { type RoutstrdConfig } from "./config";
+import { logger } from "./logger";
+import { CLIENT_INTEGRATIONS, CLIENT_CONFIGS } from "../integrations/registry";
+
+export function getNpubSuffix(config: RoutstrdConfig): string | null {
+  if (!config.daemonUrl || !config.nsec) return null;
+  try {
+    const secretKey = parseSecretKey(config.nsec);
+    const npub = npubFromSecretKey(secretKey);
+    return npub.slice(-7);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Add suffix to a client ID.
+ */
+export function addSuffixToId(id: string, suffix: string): string {
+  return `${id}-${suffix}`;
+}
+
+/**
+ * Remove suffix from a client ID if present.
+ */
+export function removeSuffixFromId(id: string, suffix: string): string {
+  const suffixStr = `-${suffix}`;
+  if (id.endsWith(suffixStr)) {
+    return id.slice(0, -suffixStr.length);
+  }
+  return id;
+}
+
+export interface ClientEntry {
+  clientId: string;
+  name: string;
+  apiKey: string;
+  createdAt: number;
+  lastUsed?: number | null;
+}
+
+export interface DaemonClient {
+  id: string;
+  name: string;
+  apiKey: string;
+  createdAt: number;
+  lastUsed?: number | null;
+}
+
+/**
+ * Read the clients list directly from the SDK store.
+ * Use this when running inside the daemon (local mode).
+ */
+export function getClientsFromStore(store: { getState(): any }): ClientEntry[] {
+  const state = store.getState();
+  const clientIds = state.clientIds || [];
+  return clientIds.map(
+    (c: {
+      clientId: string;
+      name: string;
+      apiKey: string;
+      createdAt: number;
+      lastUsed?: number | null;
+    }) => ({
+      clientId: c.clientId,
+      name: c.name,
+      apiKey: c.apiKey,
+      createdAt: c.createdAt,
+      lastUsed: c.lastUsed,
+    }),
+  );
+}
+
+/**
+ * Fetch the clients list from the daemon API.
+ * Use this when running remotely (CLI in remote mode).
+ */
+export async function getClientsList(): Promise<ClientEntry[]> {
+  const config = await loadConfig();
+  const result = await callDaemon("/clients");
+  const clients = (
+    result.output as
+      | {
+          clients?: Array<{
+            id: string;
+            name: string;
+            apiKey: string;
+            createdAt: number;
+            lastUsed?: number | null;
+          }>;
+        }
+      | undefined
+  )?.clients;
+
+  if (!clients) {
+    return [];
+  }
+
+  const suffix = config.daemonUrl ? getNpubSuffix(config) : null;
+
+  return clients
+    .filter((c) => !suffix || c.id.endsWith(`-${suffix}`))
+    .map((c) => ({
+      clientId: suffix ? removeSuffixFromId(c.id, suffix) : c.id,
+      name: c.name,
+      apiKey: c.apiKey,
+      createdAt: c.createdAt,
+      lastUsed: c.lastUsed,
+    }));
+}
+
+export async function addDaemonClient(
+  name: string,
+  clientId?: string,
+): Promise<{ message?: string; client: DaemonClient; created: boolean }> {
+  const existingClients = await getClientsList();
+  const existing = clientId
+    ? existingClients.find((c) => c.clientId === clientId)
+    : existingClients.find((c) => c.name === name);
+
+  if (existing) {
+    const client: DaemonClient = {
+      id: existing.clientId,
+      name: existing.name,
+      apiKey: existing.apiKey,
+      createdAt: existing.createdAt,
+      lastUsed: existing.lastUsed,
+    };
+    return { client, created: false };
+  }
+
+  // Derive id from name by replacing spaces with hyphens
+  const derivedId = name.replace(/\s+/g, "-").toLowerCase();
+
+  const result = await callDaemon("/clients/add", {
+    method: "POST",
+    body: { name, id: derivedId },
+  });
+
+
+  const output = result.output as
+    | { message?: string; client?: DaemonClient }
+    | undefined;
+
+  if (!output?.client?.apiKey) {
+    throw new Error(`Daemon did not return an API key for ${name}.`);
+  }
+
+  return { message: output.message, client: output.client, created: true };
+}
+
+export async function listClientsAction(): Promise<void> {
+  await ensureDaemonRunning();
+
+  const entries = await getClientsList();
+
+  const clients = entries.map((c) => ({
+    id: c.clientId,
+    name: c.name,
+    apiKey: c.apiKey,
+    createdAt: c.createdAt,
+    lastUsed: c.lastUsed,
+  }));
+
+  if (clients.length === 0) {
+    console.log("No clients found.");
+    return;
+  }
+
+  console.log(`Clients (${clients.length} total):\n`);
+  for (const client of clients) {
+    const createdAt = new Date(client.createdAt).toISOString();
+    const lastUsed = client.lastUsed
+      ? new Date(client.lastUsed).toISOString()
+      : "never";
+    console.log(`  ${client.id}`);
+    console.log(`    Name:     ${client.name}`);
+    console.log(`    API Key:  ${client.apiKey}`);
+    console.log(`    Created:  ${createdAt}`);
+    console.log("");
+  }
+}
+
+export async function deleteClientAction(id: string): Promise<void> {
+  await ensureDaemonRunning();
+
+  const config = await loadConfig();
+  const suffix = getNpubSuffix(config);
+  const resolvedId = suffix ? addSuffixToId(id, suffix) : id;
+
+  const result = await callDaemon("/clients/delete", {
+    method: "POST",
+    body: { id: resolvedId },
+  });
+
+  if (result.error) {
+    console.log(result.error);
+    process.exit(1);
+  }
+
+  const output = result.output as
+    | {
+        message: string;
+        id: string;
+      }
+    | undefined;
+
+  if (output) {
+    console.log(output.message);
+  }
+}
+
+export interface AddClientOptions {
+  name?: string;
+  opencode?: boolean;
+  openclaw?: boolean;
+  piAgent?: boolean;
+  claudeCode?: boolean;
+}
+
+export async function addClientAction(options: AddClientOptions): Promise<void> {
+  await ensureDaemonRunning();
+  const config = await loadConfig();
+
+  const integrationKeys: string[] = [];
+  if (options.opencode) integrationKeys.push("opencode");
+  if (options.openclaw) integrationKeys.push("openclaw");
+  if (options.piAgent) integrationKeys.push("pi-agent");
+  if (options.claudeCode) integrationKeys.push("claude-code");
+
+  if (integrationKeys.length > 0) {
+    for (const key of integrationKeys) {
+      const integrationFn = CLIENT_INTEGRATIONS[key];
+      const integrationConfig = CLIENT_CONFIGS[key];
+      if (!integrationFn || !integrationConfig) continue;
+
+      try {
+        const { client, created } = await addDaemonClient(
+          integrationConfig.name,
+          integrationConfig.clientId,
+        );
+        if (created) {
+          logger.log(`Created new API key for ${integrationConfig.name}`);
+        } else {
+          logger.log(`Using existing API key for ${integrationConfig.name}`);
+        }
+        await integrationFn(config, client.apiKey, integrationConfig);
+
+        console.log(`\n  ${integrationConfig.name}:`);
+        console.log(`    Client ID: ${client.id}`);
+        console.log(`    API Key:   ${client.apiKey}`);
+      } catch (error) {
+        logger.error(
+          `Failed to set up ${integrationConfig.name} integration:`,
+          error,
+        );
+        continue;
+      }
+    }
+
+    console.log(`\n  Access Routstr at: ${getDaemonBaseUrl(config)}/v1`);
+    return;
+  }
+
+  if (!options.name) {
+    console.error(
+      "error: required option '-n, --name <name>' not specified",
+    );
+    process.exit(1);
+  }
+
+  try {
+    const { message, client, created } = await addDaemonClient(options.name);
+
+    if (!created) {
+      console.log(`Client '${options.name}' already exists.`);
+      console.log(`\n  ID:     ${client.id}`);
+      console.log(`  Name:   ${client.name}`);
+      console.log(`  API Key: ${client.apiKey}`);
+      return;
+    }
+
+    if (message) {
+      console.log(message);
+    }
+    console.log(`\n  ID:     ${client.id}`);
+    console.log(`  Name:   ${client.name}`);
+    console.log(`  API Key: ${client.apiKey}`);
+    console.log(`\n  Access Routstr at: ${getDaemonBaseUrl(config)}/v1`);
+  } catch (error) {
+    console.log((error as Error).message);
+    process.exit(1);
+  }
+}

package/src/utils/config.ts

@@ -12,6 +12,8 @@ export interface RoutstrdConfig {
   provider: string | null;
   cocodPath: string | null;
   mode?: "xcashu" | "apikeys";
+  daemonUrl?: string;
+  nsec?: string;
 }
 
 export const DEFAULT_CONFIG: RoutstrdConfig = {

package/src/utils/daemon-client.ts

@@ -1,10 +1,16 @@
 import { existsSync } from "fs";
+import { startDaemon } from "../start-daemon";
 import {
   CONFIG_FILE,
   DEFAULT_CONFIG,
-  LOGS_DIR,
   type RoutstrdConfig,
 } from "./config";
+import {
+  createNIP98Authorization,
+  parseSecretKey,
+  npubFromSecretKey,
+  type HttpMethod,
+} from "./nip98";
 
 export interface CommandResponse {
   output?: unknown;
@@ -23,17 +29,44 @@ export async function loadConfig(): Promise<RoutstrdConfig> {
   return DEFAULT_CONFIG;
 }
 
+export function getDaemonBaseUrl(config: RoutstrdConfig): string {
+  return (
+    config.daemonUrl?.replace(/\/$/, "") || `http://localhost:${config.port}`
+  );
+}
+
 export async function callDaemon(
   path: string,
-  options: { method?: "GET" | "POST"; body?: object } = {},
+  options: { method?: "GET" | "POST" | "DELETE"; body?: object } = {},
 ): Promise<CommandResponse> {
   const { method = "GET", body } = options;
   const config = await loadConfig();
+  const baseUrl = getDaemonBaseUrl(config);
+  const url = `${baseUrl}${path}`;
+
+  const bodyString = body ? JSON.stringify(body) : undefined;
+  const bodyBytes = bodyString
+    ? new TextEncoder().encode(bodyString)
+    : undefined;
+
+  let authorization: string | undefined;
+  if (config.daemonUrl && config.nsec) {
+    const secretKey = parseSecretKey(config.nsec);
+    authorization = await createNIP98Authorization(
+      secretKey,
+      url,
+      method as HttpMethod,
+      bodyBytes,
+    );
+  }
 
-  const response = await fetch(`http://localhost:${config.port}${path}`, {
+  const response = await fetch(url, {
     method,
-    headers: body ? { "Content-Type": "application/json" } : {},
-    body: body ? JSON.stringify(body) : undefined,
+    headers: {
+      ...(authorization ? { Authorization: authorization } : {}),
+      ...(bodyString ? { "Content-Type": "application/json" } : {}),
+    },
+    body: bodyString,
   });
 
   if (!response.ok) {
@@ -47,36 +80,46 @@ export async function callDaemon(
 export async function isDaemonRunning(): Promise<boolean> {
   try {
     const config = await loadConfig();
-    const response = await fetch(`http://localhost:${config.port}/health`);
+    const baseUrl = getDaemonBaseUrl(config);
+    const url = `${baseUrl}/health`;
+
+    let authorization: string | undefined;
+    if (config.daemonUrl && config.nsec) {
+      const secretKey = parseSecretKey(config.nsec);
+      authorization = await createNIP98Authorization(secretKey, url, "GET");
+    }
+
+    const response = await fetch(url, {
+      headers: authorization ? { Authorization: authorization } : {},
+    });
     return response.ok;
   } catch {
     return false;
   }
 }
 
-export async function startDaemonProcess(): Promise<void> {
-  // Ensure logs directory exists (logger handles date-based files)
-  if (!existsSync(LOGS_DIR)) {
-    await Bun.$`mkdir -p ${LOGS_DIR}`;
+export function getUserNpub(config: RoutstrdConfig): string | null {
+  if (!config.nsec) return null;
+  try {
+    const secretKey = parseSecretKey(config.nsec);
+    return npubFromSecretKey(secretKey);
+  } catch {
+    return null;
   }
+}
 
-  const proc = Bun.spawn(["bun", "run", `${import.meta.dir}/../daemon/index.ts`], {
-    stdout: "inherit",
-    stderr: "inherit",
-    stdin: "ignore",
-    detached: true,
-  });
-
-  proc.unref();
-
-  for (let i = 0; i < 50; i++) {
-    await new Promise((resolve) => setTimeout(resolve, 100));
-    if (await isDaemonRunning()) {
-      return;
-    }
-  }
+export function getNpubSuffix(config: RoutstrdConfig): string | null {
+  const npub = getUserNpub(config);
+  if (!npub) return null;
+  return npub.slice(-7);
+}
 
-  throw new Error("Daemon failed to start within 5 seconds");
+export async function startDaemonProcess(): Promise<void> {
+  const config = await loadConfig();
+  await startDaemon({
+    port: String(config.port || 8008),
+    provider: config.provider || undefined,
+  });
 }
 
 export async function ensureDaemonRunning(): Promise<void> {
@@ -84,6 +127,11 @@ export async function ensureDaemonRunning(): Promise<void> {
     return;
   }
 
+  const config = await loadConfig();
+  if (config.daemonUrl) {
+    throw new Error(`Daemon is not reachable at ${config.daemonUrl}`);
+  }
+
   console.log("Starting daemon...");
   await startDaemonProcess();
 }
@@ -117,11 +165,14 @@ export async function handleDaemonCommand(
     return result;
   } catch (error) {
     const message = (error as Error).message;
-    if (message?.includes("fetch failed") || message?.includes("Connection refused")) {
+    if (
+      message?.includes("fetch failed") ||
+      message?.includes("Connection refused")
+    ) {
       console.error("Daemon is not running and failed to auto-start");
       process.exit(1);
     }
     console.error(message);
     process.exit(1);
   }
-}
+}

package/src/utils/nip98.ts

@@ -0,0 +1,102 @@
+import { finalizeEvent, getPublicKey, nip19, type EventTemplate } from "nostr-tools";
+
+const NIP98_KIND = 27235;
+
+export type HttpMethod = "GET" | "POST" | "DELETE";
+
+export function hexToBytes(hex: string): Uint8Array {
+  const normalized = hex.trim().toLowerCase();
+  if (!/^[a-f0-9]{64}$/.test(normalized)) {
+    throw new Error("Expected a 64-char hex private key or an nsec private key.");
+  }
+
+  const bytes = new Uint8Array(32);
+  for (let i = 0; i < bytes.length; i++) {
+    bytes[i] = Number.parseInt(normalized.slice(i * 2, i * 2 + 2), 16);
+  }
+  return bytes;
+}
+
+export function parseSecretKey(value: string): Uint8Array {
+  const trimmed = value.trim();
+  if (!trimmed) {
+    throw new Error("Missing Nostr private key.");
+  }
+
+  if (trimmed.toLowerCase().startsWith("nsec1")) {
+    const decoded = nip19.decode(trimmed);
+    if (decoded.type !== "nsec" || !(decoded.data instanceof Uint8Array)) {
+      throw new Error("Invalid nsec private key.");
+    }
+    return decoded.data;
+  }
+
+  return hexToBytes(trimmed);
+}
+
+async function sha256Hex(data: Uint8Array): Promise<string> {
+  const digest = await crypto.subtle.digest("SHA-256", new Uint8Array(data));
+  return [...new Uint8Array(digest)]
+    .map((byte) => byte.toString(16).padStart(2, "0"))
+    .join("");
+}
+
+function base64EncodeUtf8(value: string): string {
+  return btoa(String.fromCharCode(...new TextEncoder().encode(value)));
+}
+
+export function normalizeNostrPubkey(value: string): string | null {
+  const trimmed = value.trim();
+  if (!trimmed) return null;
+
+  if (/^[a-f0-9]{64}$/i.test(trimmed)) {
+    return trimmed.toLowerCase();
+  }
+
+  if (trimmed.toLowerCase().startsWith("npub1")) {
+    try {
+      const decoded = nip19.decode(trimmed);
+      if (decoded.type === "npub" && typeof decoded.data === "string") {
+        return decoded.data.toLowerCase();
+      }
+    } catch {
+      return null;
+    }
+  }
+
+  return null;
+}
+
+export function npubFromPubkey(pubkey: string): string {
+  return nip19.npubEncode(pubkey.toLowerCase());
+}
+
+export function npubFromSecretKey(secretKey: Uint8Array): string {
+  return npubFromPubkey(getPublicKey(secretKey));
+}
+
+export async function createNIP98Authorization(
+  secretKey: Uint8Array,
+  url: string,
+  method: HttpMethod,
+  body?: Uint8Array,
+): Promise<string> {
+  const tags = [
+    ["u", url],
+    ["method", method.toUpperCase()],
+  ];
+
+  if (body && body.byteLength > 0) {
+    tags.push(["payload", await sha256Hex(body)]);
+  }
+
+  const template: EventTemplate = {
+    kind: NIP98_KIND,
+    created_at: Math.round(Date.now() / 1000),
+    content: "",
+    tags,
+  };
+
+  const signed = finalizeEvent(template, secretKey);
+  return `Nostr ${base64EncodeUtf8(JSON.stringify(signed))}`;
+}

package/src/utils/process-lock.ts

@@ -0,0 +1,136 @@
+import { randomUUID } from "crypto";
+import { mkdir, readFile, rm, stat, writeFile } from "fs/promises";
+import { dirname } from "path";
+
+export interface CrossProcessLockOptions {
+  /** How long to wait while another process holds the lock. */
+  acquireTimeoutMs?: number;
+  /** How often to retry acquiring the lock. */
+  retryIntervalMs?: number;
+  /** Treat locks older than this as stale even if their PID cannot be checked. */
+  staleAfterMs?: number;
+  /** Optional logger used when removing stale locks. */
+  log?: (message: string) => void;
+}
+
+interface LockOwner {
+  pid: number;
+  createdAt: number;
+  token?: string;
+}
+
+function delay(ms: number): Promise<void> {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+
+function isProcessRunning(pid: number): boolean {
+  if (!Number.isFinite(pid) || pid <= 0) {
+    return false;
+  }
+
+  try {
+    process.kill(pid, 0);
+    return true;
+  } catch (error) {
+    const code = (error as NodeJS.ErrnoException).code;
+    return code === "EPERM";
+  }
+}
+
+async function readLockOwner(lockDir: string): Promise<LockOwner | null> {
+  try {
+    const raw = await readFile(`${lockDir}/owner.json`, "utf8");
+    const parsed = JSON.parse(raw) as Partial<LockOwner>;
+    if (
+      typeof parsed.pid === "number" &&
+      typeof parsed.createdAt === "number"
+    ) {
+      return {
+        pid: parsed.pid,
+        createdAt: parsed.createdAt,
+        token: typeof parsed.token === "string" ? parsed.token : undefined,
+      };
+    }
+  } catch {
+    // The lock may have been created but not fully written yet.
+  }
+  return null;
+}
+
+async function isLockStale(
+  lockDir: string,
+  staleAfterMs: number,
+): Promise<boolean> {
+  const owner = await readLockOwner(lockDir);
+  if (owner) {
+    return !isProcessRunning(owner.pid) || Date.now() - owner.createdAt > staleAfterMs;
+  }
+
+  try {
+    const info = await stat(lockDir);
+    return Date.now() - info.mtimeMs > staleAfterMs;
+  } catch {
+    return false;
+  }
+}
+
+export async function acquireCrossProcessLock(
+  lockDir: string,
+  options: CrossProcessLockOptions = {},
+): Promise<() => Promise<void>> {
+  const acquireTimeoutMs = options.acquireTimeoutMs ?? 120_000;
+  const retryIntervalMs = options.retryIntervalMs ?? 100;
+  const staleAfterMs = options.staleAfterMs ?? 120_000;
+  const deadline = Date.now() + acquireTimeoutMs;
+
+  await mkdir(dirname(lockDir), { recursive: true });
+
+  while (true) {
+    try {
+      await mkdir(lockDir);
+      const token = randomUUID();
+      const owner: LockOwner = { pid: process.pid, createdAt: Date.now(), token };
+      await writeFile(`${lockDir}/owner.json`, JSON.stringify(owner), "utf8");
+      let released = false;
+      return async () => {
+        if (released) return;
+        released = true;
+
+        const currentOwner = await readLockOwner(lockDir);
+        if (currentOwner?.token === token) {
+          await rm(lockDir, { recursive: true, force: true });
+        }
+      };
+    } catch (error) {
+      const code = (error as NodeJS.ErrnoException).code;
+      if (code !== "EEXIST") {
+        throw error;
+      }
+
+      if (await isLockStale(lockDir, staleAfterMs)) {
+        options.log?.(`Removing stale lock at ${lockDir}`);
+        await rm(lockDir, { recursive: true, force: true });
+        continue;
+      }
+
+      if (Date.now() >= deadline) {
+        throw new Error(`Timed out waiting to acquire lock ${lockDir}`);
+      }
+
+      await delay(retryIntervalMs);
+    }
+  }
+}
+
+export async function withCrossProcessLock<T>(
+  lockDir: string,
+  fn: () => Promise<T>,
+  options: CrossProcessLockOptions = {},
+): Promise<T> {
+  const release = await acquireCrossProcessLock(lockDir, options);
+  try {
+    return await fn();
+  } finally {
+    await release();
+  }
+}