skalpel 2.0.15 → 2.0.17

package/dist/cli/index.js

@@ -1826,7 +1826,11 @@ var MAX_SIZE = 5 * 1024 * 1024;
 
 // src/proxy/ws-server.ts
 import { WebSocketServer } from "ws";
-var wss = new WebSocketServer({ noServer: true });
+var WS_SUBPROTOCOL = "skalpel-codex-v1";
+var wss = new WebSocketServer({
+  noServer: true,
+  handleProtocols: (protocols) => protocols.has(WS_SUBPROTOCOL) ? WS_SUBPROTOCOL : false
+});
 
 // src/proxy/server.ts
 var proxyStartTime = 0;
@@ -2150,8 +2154,8 @@ async function runWizard(options) {
     print11("  Welcome to Skalpel! Let's optimize your coding agent costs.");
     print11("  \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500");
     print11("");
-    const skalpelDir = path14.join(os9.homedir(), ".skalpel");
-    const configPath = path14.join(skalpelDir, "config.json");
+    const skalpelDir2 = path14.join(os9.homedir(), ".skalpel");
+    const configPath = path14.join(skalpelDir2, "config.json");
     let apiKey = "";
     if (isAuto && options?.apiKey) {
       apiKey = options.apiKey;
@@ -2190,7 +2194,7 @@ async function runWizard(options) {
       }
     }
     print11("");
-    fs13.mkdirSync(skalpelDir, { recursive: true });
+    fs13.mkdirSync(skalpelDir2, { recursive: true });
     const proxyConfig = loadConfig(configPath);
     proxyConfig.apiKey = apiKey;
     saveConfig(proxyConfig);
@@ -2395,15 +2399,15 @@ async function runUninstall(options) {
       }
     }
     print12("");
-    const skalpelDir = path15.join(os10.homedir(), ".skalpel");
-    if (fs14.existsSync(skalpelDir)) {
+    const skalpelDir2 = path15.join(os10.homedir(), ".skalpel");
+    if (fs14.existsSync(skalpelDir2)) {
       let shouldRemove = force;
       if (!force) {
         const removeDir = await ask("  Remove ~/.skalpel/ directory (contains config and logs)? (y/N): ");
         shouldRemove = removeDir.toLowerCase() === "y";
       }
       if (shouldRemove) {
-        fs14.rmSync(skalpelDir, { recursive: true, force: true });
+        fs14.rmSync(skalpelDir2, { recursive: true, force: true });
         print12("  [+] Removed ~/.skalpel/");
         removed.push("~/.skalpel/ directory");
       }
@@ -2457,6 +2461,311 @@ function clearNpxCache() {
   }
 }
 
+// src/cli/auth/callback-server.ts
+import * as http2 from "http";
+import * as net2 from "net";
+
+// src/cli/auth/session-storage.ts
+import * as fs15 from "fs";
+import * as os11 from "os";
+import * as path16 from "path";
+function sessionFilePath() {
+  return path16.join(os11.homedir(), ".skalpel", "session.json");
+}
+function skalpelDir() {
+  return path16.join(os11.homedir(), ".skalpel");
+}
+function isValidSession(value) {
+  if (!value || typeof value !== "object") return false;
+  const v = value;
+  if (typeof v.accessToken !== "string" || v.accessToken.length === 0) return false;
+  if (typeof v.refreshToken !== "string" || v.refreshToken.length === 0) return false;
+  if (typeof v.expiresAt !== "number" || !Number.isFinite(v.expiresAt)) return false;
+  if (!v.user || typeof v.user !== "object") return false;
+  const user = v.user;
+  if (typeof user.id !== "string" || user.id.length === 0) return false;
+  if (typeof user.email !== "string" || user.email.length === 0) return false;
+  return true;
+}
+async function readSession() {
+  const file = sessionFilePath();
+  try {
+    const raw = await fs15.promises.readFile(file, "utf-8");
+    const parsed = JSON.parse(raw);
+    if (!isValidSession(parsed)) return null;
+    return parsed;
+  } catch (err) {
+    if (err.code === "ENOENT") return null;
+    return null;
+  }
+}
+async function writeSession(session) {
+  if (!isValidSession(session)) {
+    throw new Error("writeSession: invalid session shape");
+  }
+  const dir = skalpelDir();
+  await fs15.promises.mkdir(dir, { recursive: true, mode: 448 });
+  const file = sessionFilePath();
+  const tmp = `${file}.tmp-${process.pid}-${Date.now()}`;
+  const json = JSON.stringify(session, null, 2);
+  await fs15.promises.writeFile(tmp, json, { mode: 384 });
+  try {
+    await fs15.promises.chmod(tmp, 384);
+  } catch {
+  }
+  await fs15.promises.rename(tmp, file);
+  try {
+    await fs15.promises.chmod(file, 384);
+  } catch {
+  }
+}
+async function deleteSession() {
+  const file = sessionFilePath();
+  try {
+    await fs15.promises.unlink(file);
+  } catch (err) {
+    if (err.code === "ENOENT") return;
+    throw err;
+  }
+}
+
+// src/cli/auth/callback-server.ts
+var MAX_BODY_BYTES = 16 * 1024;
+var DEFAULT_TIMEOUT_MS = 18e4;
+var DEFAULT_ALLOWED_ORIGINS = [
+  "https://app.skalpel.ai",
+  "https://skalpel.ai"
+];
+function allowedOrigins() {
+  const extras = [];
+  const webappUrl = process.env.SKALPEL_WEBAPP_URL;
+  if (webappUrl) {
+    try {
+      const u = new URL(webappUrl);
+      extras.push(`${u.protocol}//${u.host}`);
+    } catch {
+    }
+  }
+  return [...DEFAULT_ALLOWED_ORIGINS, ...extras];
+}
+function validatePort(port) {
+  if (!Number.isInteger(port) || port < 1024 || port > 65535) {
+    throw new Error(`Invalid port: ${port} (must be an integer in 1024-65535)`);
+  }
+}
+async function findOpenPort(preferred = 51732) {
+  if (preferred !== 0) validatePort(preferred);
+  const tryBind = (port) => new Promise((resolve2) => {
+    const server = net2.createServer();
+    server.once("error", () => {
+      server.close(() => resolve2(null));
+    });
+    server.listen(port, "127.0.0.1", () => {
+      const address = server.address();
+      const boundPort = address && typeof address === "object" ? address.port : null;
+      server.close(() => resolve2(boundPort));
+    });
+  });
+  const preferredResult = await tryBind(preferred);
+  if (preferredResult !== null) return preferredResult;
+  const fallback = await tryBind(0);
+  if (fallback !== null) return fallback;
+  throw new Error("findOpenPort: no open port available");
+}
+function buildCorsHeaders(origin) {
+  const allowed = allowedOrigins();
+  const selected = origin && allowed.includes(origin) ? origin : allowed[0];
+  return {
+    "Access-Control-Allow-Origin": selected,
+    "Access-Control-Allow-Methods": "POST, OPTIONS",
+    "Access-Control-Allow-Headers": "content-type",
+    "Access-Control-Max-Age": "600",
+    Vary: "Origin"
+  };
+}
+async function startCallbackServer(port, timeoutMsOrOptions = DEFAULT_TIMEOUT_MS, maxBodyBytesArg) {
+  validatePort(port);
+  const opts = typeof timeoutMsOrOptions === "number" ? { timeoutMs: timeoutMsOrOptions, maxBodyBytes: maxBodyBytesArg } : timeoutMsOrOptions ?? {};
+  const timeoutMs = opts.timeoutMs ?? DEFAULT_TIMEOUT_MS;
+  const maxBytes = opts.maxBodyBytes ?? MAX_BODY_BYTES;
+  return new Promise((resolve2, reject) => {
+    let settled = false;
+    let timer;
+    const server = http2.createServer((req, res) => {
+      const origin = req.headers.origin;
+      const corsHeaders = buildCorsHeaders(origin);
+      if (req.method === "OPTIONS") {
+        res.writeHead(204, corsHeaders);
+        res.end();
+        return;
+      }
+      if (req.method === "GET" && (req.url === "/callback" || req.url === "/")) {
+        res.writeHead(200, {
+          ...corsHeaders,
+          "Content-Type": "text/html; charset=utf-8"
+        });
+        res.end(
+          '<!doctype html><meta charset="utf-8"><title>Skalpel CLI</title><p>You can close this tab and return to your terminal.</p>'
+        );
+        return;
+      }
+      if (req.method !== "POST" || req.url !== "/callback") {
+        res.writeHead(404, corsHeaders);
+        res.end();
+        return;
+      }
+      const contentType = (req.headers["content-type"] || "").toLowerCase();
+      if (!contentType.includes("application/json")) {
+        res.writeHead(415, { ...corsHeaders, "Content-Type": "application/json" });
+        res.end(JSON.stringify({ error: "Unsupported Media Type" }));
+        return;
+      }
+      let total = 0;
+      const chunks = [];
+      let aborted = false;
+      req.on("data", (chunk) => {
+        if (aborted) return;
+        total += chunk.length;
+        if (total > maxBytes) {
+          aborted = true;
+          res.writeHead(413, {
+            ...corsHeaders,
+            "Content-Type": "application/json",
+            Connection: "close"
+          });
+          res.end(JSON.stringify({ error: "Payload too large" }));
+          return;
+        }
+        chunks.push(chunk);
+      });
+      req.on("end", () => {
+        if (aborted) return;
+        const raw = Buffer.concat(chunks).toString("utf-8");
+        let parsed;
+        try {
+          parsed = JSON.parse(raw);
+        } catch {
+          res.writeHead(400, { ...corsHeaders, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Invalid JSON" }));
+          return;
+        }
+        if (!isValidSession(parsed)) {
+          res.writeHead(400, { ...corsHeaders, "Content-Type": "application/json" });
+          res.end(JSON.stringify({ error: "Invalid session shape" }));
+          if (!settled) {
+            settled = true;
+            if (timer) clearTimeout(timer);
+            server.close(() => reject(new Error("Invalid session received")));
+          }
+          return;
+        }
+        res.writeHead(200, { ...corsHeaders, "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true }));
+        if (!settled) {
+          settled = true;
+          if (timer) clearTimeout(timer);
+          server.close(() => resolve2(parsed));
+        }
+      });
+      req.on("error", () => {
+      });
+    });
+    server.once("error", (err) => {
+      if (settled) return;
+      settled = true;
+      if (timer) clearTimeout(timer);
+      reject(err);
+    });
+    server.listen(port, "127.0.0.1", () => {
+      timer = setTimeout(() => {
+        if (settled) return;
+        settled = true;
+        server.close(() => reject(new Error("Login timed out")));
+      }, timeoutMs);
+      if (timer.unref) timer.unref();
+    });
+  });
+}
+
+// src/cli/auth/browser.ts
+async function openUrl(url) {
+  if (!/^https?:\/\//i.test(url)) {
+    throw new Error(`openUrl: refusing to open non-http(s) URL: ${url}`);
+  }
+  try {
+    const mod = await import("open");
+    const opener = mod.default;
+    if (typeof opener !== "function") {
+      throw new Error("open package exports no default function");
+    }
+    await opener(url);
+    return { opened: true, fallback: false };
+  } catch {
+    console.log("");
+    console.log("  Could not open your browser automatically.");
+    console.log("  Please open this URL manually to continue:");
+    console.log("");
+    console.log(`    ${url}`);
+    console.log("");
+    return { opened: false, fallback: true };
+  }
+}
+
+// src/cli/login.ts
+var DEFAULT_WEBAPP_URL = "https://app.skalpel.ai";
+var DEFAULT_TIMEOUT_MS2 = 18e4;
+async function runLogin(options = {}) {
+  const webappUrl = options.webappUrl ?? process.env.SKALPEL_WEBAPP_URL ?? DEFAULT_WEBAPP_URL;
+  const preferredPort = options.preferredPort ?? 51732;
+  const timeoutMs = options.timeoutMs ?? DEFAULT_TIMEOUT_MS2;
+  const log = options.logger ?? console;
+  const _findPort = options.findOpenPort ?? findOpenPort;
+  const _startServer = options.startCallbackServer ?? startCallbackServer;
+  const _openUrl = options.openUrl ?? openUrl;
+  const _writeSession = options.writeSession ?? writeSession;
+  const port = await _findPort(preferredPort);
+  const authorizeUrl = `${webappUrl.replace(/\/$/, "")}/cli/authorize?port=${port}`;
+  log.log("");
+  log.log(`  Opening browser to ${authorizeUrl}`);
+  log.log("  Waiting for authentication (timeout 3 min)...");
+  log.log("");
+  const serverPromise = _startServer(port, timeoutMs);
+  try {
+    await _openUrl(authorizeUrl);
+  } catch {
+    log.log("  Browser launch failed. Please open the URL above manually.");
+  }
+  let session;
+  try {
+    session = await serverPromise;
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    log.error("");
+    log.error(`  Login failed: ${msg}`);
+    log.error("");
+    process.exitCode = 1;
+    throw err;
+  }
+  await _writeSession(session);
+  log.log("");
+  log.log(`  \u2713 Logged in as ${session.user.email}`);
+  log.log("");
+}
+
+// src/cli/logout.ts
+async function runLogout(options = {}) {
+  const log = options.logger ?? console;
+  const _readSession = options.readSession ?? readSession;
+  const _deleteSession = options.deleteSession ?? deleteSession;
+  const existing = await _readSession();
+  if (!existing) {
+    log.log("  Not logged in.");
+    return;
+  }
+  await _deleteSession();
+  log.log(`  \u2713 Logged out.`);
+}
+
 // src/cli/index.ts
 var require3 = createRequire2(import.meta.url);
 var pkg2 = require3("../../package.json");
@@ -2469,6 +2778,8 @@ program.command("replay").description("Replay saved request files").argument("<f
 program.command("start").description("Start the Skalpel proxy").action(runStart);
 program.command("stop").description("Stop the Skalpel proxy").action(runStop);
 program.command("status").description("Show proxy status").action(runStatus);
+program.command("login").description("Log in to your Skalpel account (opens browser)").action(() => runLogin());
+program.command("logout").description("Log out of your Skalpel account").action(() => runLogout());
 program.command("logs").description("View proxy logs").option("-n, --lines <count>", "Number of lines to show", "50").option("-f, --follow", "Follow log output").action(runLogs);
 program.command("config").description("View or edit proxy configuration").argument("[subcommand]", "path | set").argument("[args...]", "Arguments for subcommand").action(runConfig);
 program.command("update").description("Update Skalpel to the latest version").action(runUpdate);