sleev 0.0.0 → 0.0.10

package/dist/apps/opencode.js

@@ -0,0 +1,158 @@
+// OpenCode setup owns credential discovery and provider selection for config patching.
+import { readFile } from 'node:fs/promises';
+import { emitKeypressEvents } from 'node:readline';
+import { PROVIDERS } from '../providers.js';
+import { field, line, note, prompt, success } from '../terminal.js';
+import { openCodeAuthPath, openCodeJsoncPath, openCodePath, patchOpenCodeConfig, resolveOpenCodePath, unpatchOpenCodeConfig, } from './opencode-config.js';
+export async function setupOpenCode(auth, input = process.stdin, output = process.stdout, options = {}) {
+    const path = options.configPath ?? (await resolveOpenCodePath());
+    const available = await availableOpenCodeProviders(options.authPath);
+    if (available.length === 0) {
+        note(output, 'Skipping OpenCode setup because no supported OpenCode credentials were found');
+        return null;
+    }
+    const providers = await selectOpenCodeProviders(available, input, output);
+    if (providers.length === 0)
+        return null;
+    const results = [];
+    for (const provider of providers) {
+        results.push(await patchOpenCode(auth, path, provider.id));
+    }
+    success(output, 'Configured OpenCode');
+    field(output, 'providers', providers.map((provider) => provider.label).join(', '));
+    field(output, 'config', path);
+    return results[0] ?? null;
+}
+export async function availableOpenCodeProviders(path = openCodeAuthPath()) {
+    const auth = await readAuth(path);
+    return openCodeProviders().filter((provider) => provider.id in auth);
+}
+export async function patchOpenCode(auth, path, provider = 'openai') {
+    const target = await patchOpenCodeConfig(auth, path, provider);
+    return { path: target, provider };
+}
+export async function unpatchOpenCode(path) {
+    await unpatchOpenCodeConfig(path);
+}
+export { openCodeAuthPath, openCodeJsoncPath, openCodePath, resolveOpenCodePath };
+async function selectOpenCodeProviders(providers, input, output) {
+    if (providers.length === 1) {
+        const provider = providers[0];
+        if (!provider)
+            return [];
+        note(output, `Using OpenCode credential: ${provider.label}`);
+        return [provider];
+    }
+    if (!canSelect(input)) {
+        note(output, 'Skipping OpenCode setup because this terminal is not interactive');
+        return [];
+    }
+    return selectTty(providers, input, output);
+}
+function selectTty(providers, input, output) {
+    return new Promise((resolve, reject) => {
+        let cursor = 0;
+        let selected = new Set();
+        let rendered = false;
+        const render = () => {
+            if (rendered)
+                output.write(`\x1b[${providers.length + 2}A`);
+            output.write(`${prompt(output, 'choose the OpenCode credentials to patch')}\x1b[K\n`);
+            for (const [index, provider] of providers.entries()) {
+                const marker = index === cursor ? '>' : ' ';
+                const checked = selected.has(provider.id) ? 'x' : ' ';
+                output.write(`${marker} (${checked}) ${provider.label}\x1b[K\n`);
+            }
+            output.write('  space toggles, enter confirms\x1b[K\n');
+            rendered = true;
+        };
+        const cleanup = () => {
+            input.off('keypress', onKey);
+            input.setRawMode?.(false);
+            input.pause();
+            output.write('\x1b[?25h');
+        };
+        const done = () => {
+            cleanup();
+            line(output);
+            resolve(providers.filter((provider) => selected.has(provider.id)));
+        };
+        const cancel = () => {
+            cleanup();
+            line(output);
+            reject(new Error('Canceled.'));
+        };
+        const move = (delta) => {
+            cursor = (cursor + delta + providers.length) % providers.length;
+            render();
+        };
+        const toggle = () => {
+            const provider = providers[cursor];
+            if (!provider)
+                return;
+            const next = new Set(selected);
+            if (next.has(provider.id))
+                next.delete(provider.id);
+            else
+                next.add(provider.id);
+            selected = next;
+            render();
+        };
+        const onKey = (_chunk, key = {}) => {
+            if (key.ctrl && key.name === 'c') {
+                cancel();
+                return;
+            }
+            if (key.name === 'up' || key.name === 'k') {
+                move(-1);
+                return;
+            }
+            if (key.name === 'down' || key.name === 'j') {
+                move(1);
+                return;
+            }
+            if (key.name === 'space' || key.sequence === ' ') {
+                toggle();
+                return;
+            }
+            if (key.name === 'return' || key.name === 'enter')
+                done();
+        };
+        emitKeypressEvents(input);
+        input.setRawMode?.(true);
+        input.resume();
+        input.on('keypress', onKey);
+        output.write('\x1b[?25l');
+        render();
+    });
+}
+async function readAuth(path) {
+    try {
+        const raw = await readFile(path, 'utf8');
+        const parsed = JSON.parse(raw);
+        return object(parsed);
+    }
+    catch (err) {
+        if (code(err) === 'ENOENT')
+            return {};
+        throw err;
+    }
+}
+function openCodeProviders() {
+    return PROVIDERS;
+}
+function object(value) {
+    if (typeof value !== 'object' || value === null || Array.isArray(value))
+        return {};
+    return value;
+}
+function canSelect(input) {
+    const tty = input;
+    return tty.isTTY === true && typeof tty.setRawMode === 'function';
+}
+function code(err) {
+    if (typeof err !== 'object' || err === null || !('code' in err))
+        return undefined;
+    const value = err.code;
+    return typeof value === 'string' ? value : undefined;
+}

package/dist/apps.js

@@ -0,0 +1,148 @@
+// Interactive app selection for the post-login setup flow.
+import { constants } from 'node:fs';
+import { access } from 'node:fs/promises';
+import { delimiter, join } from 'node:path';
+import { emitKeypressEvents } from 'node:readline';
+import { HARNESSES } from './harnesses.js';
+import { line, note, prompt } from './terminal.js';
+export const APPS = HARNESSES;
+export async function selectApps(input = process.stdin, output = process.stdout, apps) {
+    const available = apps ?? (await detectApps());
+    if (available.length === 0) {
+        note(output, 'Skipping app setup because no supported local harnesses were detected');
+        return [];
+    }
+    if (canSelect(input, output))
+        return selectTty(available, input, output);
+    note(output, 'Skipping app setup because this terminal is not interactive');
+    return [];
+}
+export async function detectApps(env = process.env, platform = process.platform) {
+    const checks = await Promise.all(APPS.map(async (app) => ((await detected(app, env, platform)) ? app : null)));
+    return checks.filter((app) => app !== null);
+}
+export function appLabels(ids) {
+    if (ids.length === 0)
+        return 'none';
+    const labels = ids.map((id) => APPS.find((app) => app.id === id)?.label ?? id);
+    return labels.join(', ');
+}
+function selectTty(apps, input, output) {
+    return new Promise((resolve, reject) => {
+        const initial = new Set();
+        let cursor = 0;
+        let selected = initial;
+        let rendered = false;
+        const render = () => {
+            if (rendered)
+                output.write(`\x1b[${apps.length + 2}A`);
+            output.write(`${prompt(output, 'choose the apps you want to use Sleev with')}\x1b[K\n`);
+            for (const [index, app] of apps.entries()) {
+                const marker = index === cursor ? '>' : ' ';
+                const checked = selected.has(app.id) ? 'x' : ' ';
+                output.write(`${marker} (${checked}) ${app.label}\x1b[K\n`);
+            }
+            output.write('  space toggles, enter confirms\x1b[K\n');
+            rendered = true;
+        };
+        const cleanup = () => {
+            input.off('keypress', onKey);
+            input.setRawMode?.(false);
+            input.pause();
+            output.write('\x1b[?25h');
+        };
+        const done = () => {
+            cleanup();
+            line(output);
+            resolve(apps.filter((app) => selected.has(app.id)).map((app) => app.id));
+        };
+        const cancel = () => {
+            cleanup();
+            line(output);
+            reject(new Error('Canceled.'));
+        };
+        const move = (delta) => {
+            cursor = (cursor + delta + apps.length) % apps.length;
+            render();
+        };
+        const toggle = () => {
+            const app = apps[cursor];
+            if (!app)
+                return;
+            const next = new Set(selected);
+            if (next.has(app.id))
+                next.delete(app.id);
+            else
+                next.add(app.id);
+            selected = next;
+            render();
+        };
+        const toggleAll = () => {
+            selected = selected.size === apps.length ? new Set() : new Set(apps.map((app) => app.id));
+            render();
+        };
+        const onKey = (_chunk, key = {}) => {
+            if (key.ctrl && key.name === 'c') {
+                cancel();
+                return;
+            }
+            if (key.name === 'up' || key.name === 'k') {
+                move(-1);
+                return;
+            }
+            if (key.name === 'down' || key.name === 'j') {
+                move(1);
+                return;
+            }
+            if (key.name === 'space' || key.sequence === ' ') {
+                toggle();
+                return;
+            }
+            if (key.name === 'a' || key.sequence === 'a') {
+                toggleAll();
+                return;
+            }
+            if (key.name === 'return' || key.name === 'enter')
+                done();
+        };
+        emitKeypressEvents(input);
+        input.setRawMode?.(true);
+        input.resume();
+        input.on('keypress', onKey);
+        output.write('\x1b[?25l');
+        render();
+    });
+}
+function canSelect(input, output) {
+    const tty = input;
+    return tty.isTTY === true && typeof tty.setRawMode === 'function';
+}
+async function exists(command, env, platform) {
+    const path = env.PATH ?? '';
+    const dirs = path.split(delimiter).filter(Boolean);
+    const names = platform === 'win32' ? windowsNames(command, env) : [command];
+    const paths = dirs.flatMap((dir) => names.map((name) => join(dir, name)));
+    const checks = await Promise.all(paths.map((path) => executable(path)));
+    return checks.some(Boolean);
+}
+async function detected(app, env, platform) {
+    if (!(await exists(app.command, env, platform)))
+        return false;
+    if (!app.available)
+        return true;
+    return app.available();
+}
+function windowsNames(command, env) {
+    const ext = env.PATHEXT ?? '.COM;.EXE;.BAT;.CMD';
+    const exts = ext.split(';').filter(Boolean);
+    return [command, ...exts.map((item) => `${command}${item.toLowerCase()}`), ...exts.map((item) => `${command}${item.toUpperCase()}`)];
+}
+async function executable(path) {
+    try {
+        await access(path, constants.X_OK);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/auth/browser.js

@@ -0,0 +1,80 @@
+// Cross-platform browser opener used by the login flow.
+import { spawn } from 'node:child_process';
+import { existsSync, readFileSync } from 'node:fs';
+export async function openBrowser(url) {
+    const commands = browserCommands(url);
+    for (const command of commands) {
+        const opened = await open(command);
+        if (opened)
+            return true;
+    }
+    return false;
+}
+function open(command) {
+    return new Promise((resolve) => {
+        const child = spawn(command.command, command.args, {
+            stdio: 'ignore',
+            windowsHide: true,
+        });
+        const timer = setTimeout(() => finish(true), 3000);
+        let done = false;
+        const finish = (ok) => {
+            if (done)
+                return;
+            done = true;
+            clearTimeout(timer);
+            child.removeAllListeners('error');
+            child.removeAllListeners('close');
+            if (ok)
+                child.unref();
+            resolve(ok);
+        };
+        child.once('error', () => finish(false));
+        child.once('close', (code) => finish(code === 0));
+    });
+}
+export function browserCommands(url, context = {}) {
+    const platform = context.platform ?? process.platform;
+    if (platform === 'darwin')
+        return [{ command: 'open', args: [url] }];
+    if (platform === 'win32') {
+        return [
+            { command: 'rundll32', args: ['url.dll,FileProtocolHandler', url] },
+            { command: 'powershell', args: powershellArgs(url) },
+        ];
+    }
+    if (platform === 'linux' && isWsl(context)) {
+        return [
+            ...linuxCommands(url),
+            { command: 'wslview', args: [url] },
+            { command: 'powershell.exe', args: powershellArgs(url) },
+        ];
+    }
+    return linuxCommands(url);
+}
+function linuxCommands(url) {
+    return [
+        { command: 'sensible-browser', args: [url] },
+        { command: 'gio', args: ['open', url] },
+        { command: 'xdg-open', args: [url] },
+    ];
+}
+function powershellArgs(url) {
+    return ['-NoProfile', '-NonInteractive', '-ExecutionPolicy', 'Bypass', '-Command', `Start-Process '${ps(url)}'`];
+}
+function ps(value) {
+    return value.replace(/'/g, "''");
+}
+function isWsl(context) {
+    const env = context.env ?? process.env;
+    if (env.WSL_DISTRO_NAME || env.WSL_INTEROP)
+        return true;
+    const release = context.release ?? kernelRelease();
+    return release.toLowerCase().includes('microsoft') || release.toLowerCase().includes('wsl');
+}
+function kernelRelease() {
+    const path = '/proc/sys/kernel/osrelease';
+    if (!existsSync(path))
+        return '';
+    return readFileSync(path, 'utf8');
+}

package/dist/auth/command.js

@@ -0,0 +1,109 @@
+// Auth command flows for the CLI dispatcher.
+import { selectApps } from '../apps.js';
+import { authPath, clearAuth, createAuthFile, readAuth, writeAuth } from '../credentials/index.js';
+import { setupHarnesses, unpatchHarnesses } from '../harnesses.js';
+import { proxyUrl } from '../product.js';
+import { field, line, note, success } from '../terminal.js';
+import { login as browserLogin } from './login.js';
+import { validateAuth } from './validation.js';
+export function commandRuntime() {
+    return {
+        output: process.stdout,
+        authPath,
+        readAuth,
+        writeAuth,
+        clearAuth,
+        createAuthFile,
+        login: browserLogin,
+        validateAuth,
+        selectApps: () => selectApps(),
+        setupHarnesses,
+        unpatchHarnesses,
+    };
+}
+export async function loginCommand(options = {}, runtime = commandRuntime()) {
+    const path = runtime.authPath();
+    const existing = await readLocalAuth(path, runtime);
+    const local = existing ? canonicalAuth(existing) : null;
+    const state = local && !options.force ? await runtime.validateAuth(local) : 'invalid';
+    if (state === 'valid') {
+        note(runtime.output, 'Using existing valid local auth');
+    }
+    if (existing && options.force) {
+        note(runtime.output, 'Replacing existing local auth. The previous remote Sleeve token is not revoked');
+    }
+    if (existing && state === 'invalid' && !options.force) {
+        note(runtime.output, 'Existing local auth is expired or revoked. Creating a new token');
+    }
+    if (existing && state === 'unknown' && !options.force) {
+        note(runtime.output, 'Could not verify existing local auth. Creating a new token');
+    }
+    const useLocal = state === 'valid' && local;
+    const auth = useLocal ? local : runtime.createAuthFile(await runtime.login());
+    const changed = useLocal && existing?.proxyUrl !== auth.proxyUrl;
+    const written = useLocal && !changed ? { path } : await runtime.writeAuth(auth, path);
+    if (changed)
+        note(runtime.output, 'Updated local auth to use the current Sleev proxy');
+    line(runtime.output);
+    success(runtime.output, useLocal ? 'Already logged in' : 'Logged in');
+    field(runtime.output, 'credential', written.path);
+    field(runtime.output, 'proxy', auth.proxyUrl);
+    note(runtime.output, 'Keep auth.json private. It contains your live Sleeve token');
+    line(runtime.output);
+    const apps = await runtime.selectApps();
+    const harnesses = await runtime.setupHarnesses(auth, apps);
+    success(runtime.output, 'Setup complete');
+    field(runtime.output, 'applications configured to use sleev', harnesses.label);
+    return 0;
+}
+async function readLocalAuth(path, runtime) {
+    try {
+        return await runtime.readAuth(path);
+    }
+    catch (err) {
+        if (!recoverableAuthError(err))
+            throw err;
+        note(runtime.output, 'Replacing invalid local auth file');
+        return null;
+    }
+}
+export async function logoutCommand(runtime = commandRuntime()) {
+    const path = runtime.authPath();
+    const existing = await readLogoutAuth(path, runtime);
+    const cleanup = await runtime.unpatchHarnesses();
+    await runtime.clearAuth(path);
+    if (!existing) {
+        note(runtime.output, 'No local auth file found');
+        return 0;
+    }
+    success(runtime.output, 'Removed local auth');
+    field(runtime.output, 'removed', path);
+    note(runtime.output, 'Remote Sleeve token is not revoked and remains active');
+    if (cleanup.failures[0])
+        note(runtime.output, `Some harness config cleanup failed: ${cleanup.failures.join('; ')}`);
+    return 0;
+}
+function recoverableAuthError(err) {
+    if (err instanceof SyntaxError)
+        return true;
+    if (!(err instanceof Error))
+        return false;
+    return err.message.startsWith('Sleev auth ');
+}
+function canonicalAuth(auth) {
+    const proxy = proxyUrl();
+    if (auth.proxyUrl === proxy)
+        return auth;
+    return { ...auth, proxyUrl: proxy };
+}
+async function readLogoutAuth(path, runtime) {
+    try {
+        return await runtime.readAuth(path);
+    }
+    catch (err) {
+        if (!recoverableAuthError(err))
+            throw err;
+        note(runtime.output, 'Removing invalid local auth file');
+        return { version: 1, token: '', label: null, proxyUrl: '', createdAt: '' };
+    }
+}

package/dist/auth/index.js

@@ -0,0 +1,2 @@
+// Public auth module API.
+export { login } from './login.js';

package/dist/auth/login.js

@@ -0,0 +1,55 @@
+// Browser login orchestration for `sleev auth login`.
+import { randomBytes } from 'node:crypto';
+import { hostname } from 'node:os';
+import { webOrigin as defaultWebOrigin } from '../product.js';
+import { brand, field, line, note, step, success } from '../terminal.js';
+import { openBrowser } from './browser.js';
+import { startLoopback } from './loopback.js';
+const LOGIN_TIMEOUT_MS = 10 * 60 * 1000;
+export async function login(options = {}) {
+    const output = options.output ?? process.stdout;
+    brand(output);
+    return runHandoff({ ...options, mode: options.mode ?? 'signup', output });
+}
+async function runHandoff(options) {
+    const output = options.output;
+    const mode = options.mode;
+    const origin = options.webOrigin ?? defaultWebOrigin();
+    const opener = options.opener ?? openBrowser;
+    const state = randomBytes(32).toString('base64url');
+    const loopback = await startLoopback({
+        state,
+        webOrigin: origin,
+        timeoutMs: options.timeoutMs ?? LOGIN_TIMEOUT_MS,
+    });
+    const url = loginUrl(origin, mode, state, loopback.callback);
+    const action = mode === 'signup' ? 'create your account' : 'log in';
+    step(output, `Opening browser to ${action}`);
+    field(output, 'url', url);
+    try {
+        const opened = await opener(url);
+        if (!opened) {
+            note(output, 'Could not open a browser automatically. Open the URL above instead');
+        }
+        note(output, 'Waiting for the browser confirmation...');
+        const payload = await loopback.wait;
+        success(output, 'Browser login confirmed');
+        return {
+            token: payload.token,
+            label: payload.label,
+            proxyUrl: payload.proxyUrl,
+            createdAt: (options.now ?? (() => new Date()))().toISOString(),
+        };
+    }
+    finally {
+        await loopback.close();
+    }
+}
+function loginUrl(origin, mode, state, callback) {
+    const url = new URL('/cli/login', origin);
+    url.searchParams.set('mode', mode);
+    url.searchParams.set('state', state);
+    url.searchParams.set('callback', callback);
+    url.searchParams.set('device', hostname().slice(0, 80));
+    return url.toString();
+}

package/dist/auth/loopback.js

@@ -0,0 +1,134 @@
+// Temporary loopback server that receives the browser login handoff.
+import { createServer } from 'node:http';
+import { parseHandoff } from './schema.js';
+const MAX_BODY_BYTES = 16 * 1024;
+export async function startLoopback(options) {
+    let settled = false;
+    let finish = () => undefined;
+    let fail = () => undefined;
+    const wait = new Promise((resolve, reject) => {
+        finish = resolve;
+        fail = reject;
+    });
+    const server = createServer(async (req, res) => {
+        try {
+            await handleRequest(req, res, options, (payload) => {
+                if (settled)
+                    return;
+                settled = true;
+                finish(payload);
+            }, (err) => {
+                if (settled)
+                    return;
+                settled = true;
+                fail(err);
+            });
+        }
+        catch (err) {
+            sendJson(res, 400, { error: err instanceof Error ? err.message : 'Invalid request.' }, options.webOrigin);
+        }
+    });
+    await listen(server);
+    const address = server.address();
+    if (!address || typeof address === 'string') {
+        await closeServer(server);
+        throw new Error('Could not bind local login callback server.');
+    }
+    const timeout = setTimeout(() => {
+        if (settled)
+            return;
+        settled = true;
+        fail(new Error('Timed out waiting for browser login.'));
+        void closeServer(server);
+    }, options.timeoutMs);
+    wait.finally(() => clearTimeout(timeout)).catch(() => undefined);
+    return {
+        callback: `http://127.0.0.1:${address.port}/callback`,
+        wait,
+        close: () => closeServer(server),
+    };
+}
+async function handleRequest(req, res, options, accept, reject) {
+    if (req.method === 'OPTIONS') {
+        handleOptions(req, res, options.webOrigin);
+        return;
+    }
+    if (req.method !== 'POST' || req.url !== '/callback') {
+        sendJson(res, 404, { error: 'Not found.' }, options.webOrigin);
+        return;
+    }
+    if (!hasAllowedOrigin(req, options.webOrigin)) {
+        sendJson(res, 403, { error: 'Origin is not allowed.' }, options.webOrigin);
+        return;
+    }
+    const body = await readBody(req);
+    const payload = parseHandoff(JSON.parse(body));
+    if (payload.state !== options.state) {
+        sendJson(res, 403, { error: 'Login state did not match.' }, options.webOrigin);
+        return;
+    }
+    accept(payload);
+    sendJson(res, 200, { ok: true }, options.webOrigin);
+}
+function handleOptions(req, res, origin) {
+    if (!hasAllowedOrigin(req, origin)) {
+        sendJson(res, 403, { error: 'Origin is not allowed.' }, origin);
+        return;
+    }
+    writeCors(res, origin);
+    res.writeHead(204);
+    res.end();
+}
+function hasAllowedOrigin(req, origin) {
+    const actual = req.headers.origin;
+    return !actual || actual === origin;
+}
+function readBody(req) {
+    return new Promise((resolve, reject) => {
+        const chunks = [];
+        let size = 0;
+        req.on('data', (chunk) => {
+            size += chunk.length;
+            if (size > MAX_BODY_BYTES) {
+                reject(new Error('Login callback body is too large.'));
+                req.destroy();
+                return;
+            }
+            chunks.push(chunk);
+        });
+        req.once('end', () => resolve(Buffer.concat(chunks).toString('utf8')));
+        req.once('error', () => reject(new Error('Could not read login callback.')));
+    });
+}
+function sendJson(res, status, body, origin) {
+    if (res.writableEnded)
+        return;
+    writeCors(res, origin);
+    res.writeHead(status, { 'content-type': 'application/json; charset=utf-8' });
+    res.end(JSON.stringify(body));
+}
+function writeCors(res, origin) {
+    res.setHeader('access-control-allow-origin', origin);
+    res.setHeader('access-control-allow-methods', 'POST, OPTIONS');
+    res.setHeader('access-control-allow-headers', 'content-type');
+}
+function listen(server) {
+    return new Promise((resolve, reject) => {
+        server.once('error', reject);
+        server.listen(0, '127.0.0.1', () => {
+            server.removeListener('error', reject);
+            resolve();
+        });
+    });
+}
+function closeServer(server) {
+    if (!server.listening)
+        return Promise.resolve();
+    return new Promise((resolve, reject) => {
+        server.close((err) => {
+            if (err)
+                reject(err);
+            resolve();
+        });
+    });
+}