staklink 0.4.10 → 0.4.12

package/dist/proxy-server.cjs

@@ -60768,6 +60768,102 @@ async function NewRepo(url3) {
   }
   return new Repo(repoLocation);
 }
+function buildAuthenticatedUrl(remoteUrl, credentials) {
+  let url3 = remoteUrl;
+  switch (credentials.provider) {
+    case "github":
+      url3 = url3.replace(
+        "https://github.com/",
+        `https://${credentials.auth_data.token}@github.com/`
+      ).replace(
+        /https:\/\/.*@github\.com\//,
+        `https://${credentials.auth_data.token}@github.com/`
+      );
+      if (url3.startsWith("git@github.com:")) {
+        const repoPath = url3.replace("git@github.com:", "").replace(/\.git$/, "");
+        url3 = `https://${credentials.auth_data.token}@github.com/${repoPath}.git`;
+      }
+      break;
+    case "gitlab":
+      url3 = url3.replace(
+        "https://gitlab.com/",
+        `https://oauth2:${credentials.auth_data.token}@gitlab.com/`
+      ).replace(
+        /https:\/\/.*@gitlab\.com\//,
+        `https://oauth2:${credentials.auth_data.token}@gitlab.com/`
+      );
+      if (url3.startsWith("git@gitlab.com:")) {
+        const repoPath = url3.replace("git@gitlab.com:", "").replace(/\.git$/, "");
+        url3 = `https://oauth2:${credentials.auth_data.token}@gitlab.com/${repoPath}.git`;
+      }
+      break;
+    case "bitbucket":
+      url3 = url3.replace(
+        "https://bitbucket.org/",
+        `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/`
+      ).replace(
+        /https:\/\/.*@bitbucket\.org\//,
+        `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/`
+      );
+      if (url3.startsWith("git@bitbucket.org:")) {
+        const repoPath = url3.replace("git@bitbucket.org:", "").replace(/\.git$/, "");
+        url3 = `https://${credentials.auth_data.username}:${credentials.auth_data.token}@bitbucket.org/${repoPath}.git`;
+      }
+      break;
+  }
+  return url3;
+}
+async function setupGlobalGitCredentials(repoCwd, credentials) {
+  const run = (cmd) => exec4(cmd, {
+    cwd: repoCwd,
+    env: { ...process.env, GIT_TERMINAL_PROMPT: "0" }
+  });
+  const { stdout: origUrl } = await run(
+    "git config --get remote.origin.url"
+  );
+  let origName = null;
+  let origEmail = null;
+  try {
+    origName = (await run("git config --global user.name")).stdout.trim();
+  } catch {
+  }
+  try {
+    origEmail = (await run("git config --global user.email")).stdout.trim();
+  } catch {
+  }
+  const authUrl = buildAuthenticatedUrl(origUrl.trim(), credentials);
+  await run(`git remote set-url origin "${authUrl}"`);
+  await run(
+    `git config --global user.name "${credentials.auth_data.username}"`
+  );
+  await run(
+    `git config --global user.email "${credentials.auth_data.username}@users.noreply.github.com"`
+  );
+  const env2 = {
+    GH_TOKEN: credentials.auth_data.token,
+    GITHUB_TOKEN: credentials.auth_data.token
+  };
+  const teardown = async () => {
+    try {
+      await run(`git remote set-url origin "${origUrl.trim()}"`);
+      if (origName) {
+        await run(`git config --global user.name "${origName}"`);
+      } else {
+        await run("git config --global --unset user.name").catch(() => {
+        });
+      }
+      if (origEmail) {
+        await run(`git config --global user.email "${origEmail}"`);
+      } else {
+        await run("git config --global --unset user.email").catch(() => {
+        });
+      }
+    } catch (e) {
+      error("Error tearing down global git credentials:", e);
+    }
+  };
+  return { env: env2, teardown };
+}
 
 // src/proxy/sse.ts
 var SSEManager = class {
@@ -60814,7 +60910,7 @@ var SSEManager = class {
 var sseManager = new SSEManager();
 
 // src/proxy/version.ts
-var VERSION = "0.4.10";
+var VERSION = "0.4.12";
 
 // node_modules/uuid/dist/esm/stringify.js
 var byteToHex = [];
@@ -141036,16 +141132,23 @@ async function handleBranchDiff(req, res) {
           action = "modify";
         }
         let content = "";
-        const binaryContent = await binaryDiffContent(repo, filePath, action);
-        if (binaryContent !== null) {
-          content = binaryContent;
+        if (action === "delete") {
         } else {
-          try {
-            content = await repo.execCommand(
-              `git diff ${diffBase} -- "${filePath}"`
-            );
-          } catch (error88) {
-            warn(`Error getting branch diff for ${filePath}:`, error88);
+          const binaryContent = await binaryDiffContent(
+            repo,
+            filePath,
+            action
+          );
+          if (binaryContent !== null) {
+            content = binaryContent;
+          } else {
+            try {
+              content = await repo.execCommand(
+                `git diff ${diffBase} -- "${filePath}"`
+              );
+            } catch (error88) {
+              warn(`Error getting branch diff for ${filePath}:`, error88);
+            }
           }
         }
         results.push({
@@ -141412,10 +141515,12 @@ ${diff.trim()}`);
         }
       }
     }
-    const response = { success: true, commits, branches };
+    const hasPrErrors = Object.keys(prErrors).length > 0;
+    const success3 = !(createPR && hasPrErrors);
+    const response = { success: success3, commits, branches };
     if (createPR) {
       response.prs = prs;
-      if (Object.keys(prErrors).length > 0) {
+      if (hasPrErrors) {
         response.prErrors = prErrors;
       }
     }
@@ -141525,6 +141630,152 @@ async function handleCreateRepo(req, res) {
     });
   }
 }
+function buildPushPrompt(opts) {
+  const lines = [
+    `You are in the git repo at: ${opts.repoPath}`,
+    "",
+    "Perform the following git operations. If any step fails, diagnose the problem and fix it (resolve merge conflicts, pull and rebase, etc). Be resilient - the goal is to get code pushed successfully.",
+    "",
+    "1. Check the current branch. If you are on main or master, create a new feature branch and switch to it. Otherwise stay on the current branch.",
+    "2. Check git status. If there are uncommitted changes, stage them (git add .) and commit with a short descriptive message. If everything is already committed, skip this step.",
+    "3. Push the current branch to origin. If the push is rejected (non-fast-forward, remote has new work, etc), pull with rebase and try again. If there are merge conflicts during rebase, resolve them sensibly and continue."
+  ];
+  if (opts.createPR) {
+    let step = 4;
+    lines.push(
+      `${step}. Create a pull request from the current branch to "${opts.baseBranch}" using the gh CLI. The PR title should be derived from the commit message. If a PR already exists for this branch, skip creation.`
+    );
+    if (opts.label) {
+      step++;
+      lines.push(
+        `${step}. Add the label "${opts.label}" to the PR.`
+      );
+    }
+    step++;
+    lines.push(
+      `${step}. Ensure the PR branch is up to date with "${opts.baseBranch}". Run: git fetch origin ${opts.baseBranch} && git merge origin/${opts.baseBranch}. If there are conflicts, resolve them, commit, and push again. This is equivalent to GitHub's "Update branch" button.`
+    );
+    if (opts.autoMerge) {
+      step++;
+      lines.push(
+        `${step}. Enable auto-merge (squash) on the PR using: gh pr merge <number> --auto --squash --delete-branch`
+      );
+    }
+  }
+  lines.push(
+    "",
+    "IMPORTANT:",
+    "- Do NOT ask for confirmation. Just do it.",
+    "- If push fails, try pulling with rebase first. If that fails with conflicts, resolve them and continue.",
+    "- Output the PR URL if you created one.",
+    "- Output the branch name you ended up on.",
+    "- Output the commit hash after pushing."
+  );
+  return lines.join("\n");
+}
+async function handleAgentPush(req, res) {
+  const request_id = startReq();
+  try {
+    const code = req.body;
+    const repos = getReposWithChangedFiles(code);
+    const createPR = req.query.pr === "true";
+    const autoMerge = req.query.automerge === "true";
+    const label = req.query.label;
+    if (!repos.length) {
+      finishReq(request_id, {
+        success: true,
+        commits: [],
+        branches: {}
+      });
+      res.json({ request_id, status: "pending" });
+      return;
+    }
+    if (!code.git_credentials?.auth_data?.token) {
+      failReq(request_id, new Error("git_credentials with token required"));
+      res.json({ request_id, status: "pending" });
+      return;
+    }
+    const apiKey = code.apiKey || process.env.ANTHROPIC_API_KEY || "";
+    (async () => {
+      const results = { commits: [], prs: {}, branches: {} };
+      for (const r of repos) {
+        const repo = await NewRepo(r.url);
+        const repoPath = repo.printcwd();
+        const repoName = getRepoNameFromUrl(r.url);
+        const baseBranch = r.base_branch || "main";
+        const { env: credEnv, teardown } = await setupGlobalGitCredentials(
+          repoPath,
+          code.git_credentials
+        );
+        try {
+          const prompt = buildPushPrompt({
+            repoPath,
+            createPR,
+            autoMerge,
+            label,
+            baseBranch
+          });
+          log(`=> agent/push prompt for ${repoName}:
+${prompt}`);
+          const prevGhToken = process.env.GH_TOKEN;
+          const prevGithubToken = process.env.GITHUB_TOKEN;
+          process.env.GH_TOKEN = credEnv.GH_TOKEN;
+          process.env.GITHUB_TOKEN = credEnv.GITHUB_TOKEN;
+          const agentFn = chooseAgent("goose");
+          let result;
+          try {
+            result = await agentFn({
+              prompt,
+              apiKey,
+              cwd: repoPath,
+              session: code.session,
+              model: code.model
+            });
+          } finally {
+            if (prevGhToken !== void 0) {
+              process.env.GH_TOKEN = prevGhToken;
+            } else {
+              delete process.env.GH_TOKEN;
+            }
+            if (prevGithubToken !== void 0) {
+              process.env.GITHUB_TOKEN = prevGithubToken;
+            } else {
+              delete process.env.GITHUB_TOKEN;
+            }
+          }
+          const output = typeof result === "string" ? result : result.output;
+          results.commits.push(output);
+          const branchMatch = output.match(
+            /(?:on branch|switched to|branch)\s+[`'"]?([^\s`'"]+)/i
+          );
+          if (branchMatch) {
+            results.branches[repoName] = branchMatch[1];
+          }
+          const prMatch = output.match(
+            /https:\/\/github\.com\/[^\s]+\/pull\/\d+/
+          );
+          if (prMatch) {
+            results.prs[repoName] = prMatch[0];
+          }
+        } finally {
+          await teardown();
+        }
+      }
+      finishReq(request_id, {
+        success: true,
+        ...results
+      });
+    })().catch((error88) => {
+      error("agent/push error:", error88);
+      failReq(request_id, error88);
+    });
+    res.json({ request_id, status: "pending" });
+  } catch (e) {
+    error("agent/push setup error:", e);
+    failReq(request_id, e);
+    res.json({ request_id, status: "pending" });
+  }
+}
 
 // src/proxy/code_actions.ts
 var fs14 = __toESM(require("fs/promises"), 1);
@@ -142263,6 +142514,35 @@ async function startProxyServer() {
     }
     clearInterval(keepAliveInterval);
   });
+  app.get("/ide-auth", async (req, res) => {
+    const fallback = () => res.redirect(302, "/");
+    try {
+      const { token, expires } = req.query;
+      const password = process.env.CODE_SERVER_PASSWORD;
+      const port = process.env.CODE_SERVER_PORT || "8444";
+      if (!token || !expires || !password) return fallback();
+      const expiresNum = parseInt(expires, 10);
+      if (isNaN(expiresNum) || Math.floor(Date.now() / 1e3) > expiresNum) return fallback();
+      const crypto3 = await import("crypto");
+      const expected = crypto3.createHmac("sha256", password).update(`ide-auth:${expires}`).digest("hex");
+      const tA = Buffer.from(token);
+      const tB = Buffer.from(expected);
+      if (tA.length !== tB.length || !crypto3.timingSafeEqual(tA, tB)) return fallback();
+      const loginRes = await fetch(`http://localhost:${port}/login`, {
+        method: "POST",
+        headers: { "Content-Type": "application/x-www-form-urlencoded" },
+        body: new URLSearchParams({ password }).toString(),
+        redirect: "manual"
+      });
+      const setCookieHeader = loginRes.headers.get("set-cookie") || "";
+      const keyMatch = setCookieHeader.match(/(?:^|,)\s*key=([^;,]+)/);
+      if (!keyMatch) return fallback();
+      res.setHeader("Set-Cookie", `key=${keyMatch[1]}; Path=/; SameSite=Lax; HttpOnly`);
+      res.redirect(302, "/");
+    } catch {
+      fallback();
+    }
+  });
   app.use(requireAuth);
   app.post("/session", async (req, res) => {
     const { sessionId, webhookUrl, apiKey, searchApiKey, model, agent } = req.body;
@@ -142319,6 +142599,10 @@ async function startProxyServer() {
       system: req.body.system
     }))
   );
+  app.post("/agent/push", async (req, res) => {
+    log("===> POST /agent/push");
+    await handleAgentPush(req, res);
+  });
   app.post(
     "/repair",
     createAsyncAgentHandler(

package/dist/staklink-cli.cjs

@@ -10987,7 +10987,7 @@ var glob = Object.assign(glob_, {
 glob.glob = glob;
 
 // src/proxy/version.ts
-var VERSION = "0.4.10";
+var VERSION = "0.4.12";
 
 // src/deps.ts
 var import_child_process = require("child_process");

package/package.json

@@ -2,7 +2,7 @@
   "name": "staklink",
   "displayName": "staklink",
   "description": "staklink process manager",
-  "version": "0.4.10",
+  "version": "0.4.12",
   "type": "module",
   "publisher": "stakwork",
   "engines": {
@@ -108,6 +108,7 @@
     "ask-gemini": "ts-node ./src/scripts/ask-gemini.ts",
     "test-git": "ts-node ./src/test/test-git.ts",
     "test-pm2": "ts-node ./src/test/test-pm2.ts",
+    "test-ide-auth": "npx tsx ./src/test/test-ide-auth.ts",
     "try-parse": "ts-node ./src/scripts/try-parse.ts",
     "try-gemini": "ts-node ./src/try/try-gemini.ts",
     "try-cc": "ts-node ./src/try/try-cc.ts",