swarmkit 0.0.1 → 0.0.3

package/dist/hub/auth-flow.js

@@ -0,0 +1,118 @@
+import { createServer } from "node:http";
+import { URL } from "node:url";
+import { exchangeAuthCode, getHubUrl } from "./client.js";
+import { writeCredentials } from "./credentials.js";
+const CALLBACK_PORT_START = 9876;
+const CALLBACK_PORT_END = 9886;
+const CALLBACK_TIMEOUT_MS = 5 * 60 * 1000; // 5 minutes
+/**
+ * Run the login flow on a given port:
+ * 1. Start a local HTTP server to receive the OAuth callback
+ * 2. Wait for the auth code callback
+ * 3. Exchange the code for a JWT
+ * 4. Store credentials locally
+ */
+export async function runLoginFlow(port) {
+    const { code, shutdown } = await waitForCallback(port);
+    try {
+        const token = await exchangeAuthCode(code);
+        const hubUrl = getHubUrl();
+        writeCredentials({ token, apiUrl: hubUrl });
+        return { token, apiUrl: hubUrl };
+    }
+    finally {
+        await shutdown();
+    }
+}
+/** Build the URL the user should open in their browser */
+export function getLoginUrl(callbackPort) {
+    const callbackUrl = `http://localhost:${callbackPort}/callback`;
+    const hubBase = getHubUrl();
+    return `${hubBase}/auth/cli?return_to=${encodeURIComponent(callbackUrl)}`;
+}
+/** Find an available port in our range */
+export async function findAvailablePort() {
+    for (let port = CALLBACK_PORT_START; port <= CALLBACK_PORT_END; port++) {
+        const available = await isPortAvailable(port);
+        if (available)
+            return port;
+    }
+    throw new Error(`No available port found in range ${CALLBACK_PORT_START}-${CALLBACK_PORT_END}`);
+}
+function isPortAvailable(port) {
+    return new Promise((resolve) => {
+        const server = createServer();
+        server.once("error", () => resolve(false));
+        server.once("listening", () => {
+            server.close(() => resolve(true));
+        });
+        server.listen(port, "127.0.0.1");
+    });
+}
+/** Start a local server and wait for the OAuth callback with an auth code */
+function waitForCallback(port) {
+    return new Promise((resolve, reject) => {
+        const server = createServer((req, res) => {
+            if (!req.url?.startsWith("/callback")) {
+                res.writeHead(404);
+                res.end("Not found");
+                return;
+            }
+            const url = new URL(req.url, `http://localhost:${port}`);
+            const code = url.searchParams.get("code");
+            const error = url.searchParams.get("error");
+            if (error) {
+                res.writeHead(200, { "Content-Type": "text/html" });
+                res.end(errorPage(error));
+                clearTimeout(timer);
+                reject(new Error(`Authentication failed: ${error}`));
+                return;
+            }
+            if (!code) {
+                res.writeHead(400, { "Content-Type": "text/html" });
+                res.end(errorPage("No authorization code received"));
+                return;
+            }
+            res.writeHead(200, { "Content-Type": "text/html" });
+            res.end(successPage());
+            clearTimeout(timer);
+            resolve({
+                code,
+                shutdown: () => new Promise((res) => server.close(() => res())),
+            });
+        });
+        server.listen(port, "127.0.0.1");
+        const timer = setTimeout(() => {
+            server.close();
+            reject(new Error("Login timed out — no callback received within 5 minutes"));
+        }, CALLBACK_TIMEOUT_MS);
+    });
+}
+function successPage() {
+    return `<!DOCTYPE html>
+<html>
+<head><title>swarmkit — logged in</title></head>
+<body style="font-family: system-ui, sans-serif; text-align: center; padding: 60px 20px;">
+  <h1>Logged in to SwarmHub</h1>
+  <p>You can close this window and return to your terminal.</p>
+</body>
+</html>`;
+}
+function errorPage(message) {
+    return `<!DOCTYPE html>
+<html>
+<head><title>swarmkit — login failed</title></head>
+<body style="font-family: system-ui, sans-serif; text-align: center; padding: 60px 20px;">
+  <h1>Login Failed</h1>
+  <p>${escapeHtml(message)}</p>
+  <p>Please close this window and try again.</p>
+</body>
+</html>`;
+}
+function escapeHtml(str) {
+    return str
+        .replace(/&/g, "&amp;")
+        .replace(/</g, "&lt;")
+        .replace(/>/g, "&gt;")
+        .replace(/"/g, "&quot;");
+}

package/dist/hub/auth-flow.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/hub/auth-flow.test.js

@@ -0,0 +1,98 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { mkdirSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { randomUUID } from "node:crypto";
+import http from "node:http";
+// Mock homedir
+let testDir;
+vi.mock("node:os", async () => {
+    const actual = await import("node:os");
+    return {
+        ...actual,
+        homedir: () => testDir,
+    };
+});
+const { findAvailablePort, getLoginUrl, runLoginFlow } = await import("./auth-flow.js");
+beforeEach(() => {
+    testDir = join(tmpdir(), `swarmkit-auth-test-${randomUUID()}`);
+    mkdirSync(testDir, { recursive: true });
+});
+afterEach(() => {
+    rmSync(testDir, { recursive: true, force: true });
+    vi.restoreAllMocks();
+});
+/** Make an HTTP request without using fetch (to avoid mock interference) */
+function httpGet(url) {
+    return new Promise((resolve, reject) => {
+        http.get(url, (res) => {
+            let body = "";
+            res.on("data", (chunk) => (body += chunk));
+            res.on("end", () => resolve({ status: res.statusCode ?? 0, body }));
+        }).on("error", reject);
+    });
+}
+describe("findAvailablePort", () => {
+    it("returns a port number", async () => {
+        const port = await findAvailablePort();
+        expect(port).toBeGreaterThanOrEqual(9876);
+        expect(port).toBeLessThanOrEqual(9886);
+    });
+});
+describe("getLoginUrl", () => {
+    it("includes the callback URL as return_to", () => {
+        const url = getLoginUrl(9876);
+        expect(url).toContain("/auth/cli");
+        expect(url).toContain("return_to=");
+        expect(url).toContain(encodeURIComponent("http://localhost:9876/callback"));
+    });
+});
+describe("runLoginFlow", () => {
+    it("exchanges code received via callback", async () => {
+        // Mock the code exchange API call (called by runLoginFlow after receiving code)
+        vi.spyOn(globalThis, "fetch").mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({ token: "jwt-from-exchange" }),
+            headers: new Headers(),
+        });
+        const port = await findAvailablePort();
+        // Start the login flow (it will wait for a callback)
+        const loginPromise = runLoginFlow(port);
+        // Give the server a moment to start
+        await new Promise((resolve) => setTimeout(resolve, 50));
+        // Use http.get to hit local server (avoids mocked fetch)
+        const res = await httpGet(`http://localhost:${port}/callback?code=test-auth-code`);
+        expect(res.status).toBe(200);
+        const result = await loginPromise;
+        expect(result.token).toBe("jwt-from-exchange");
+        expect(result.apiUrl).toBe("https://hub.swarmkit.ai");
+    });
+    it("rejects on error callback", async () => {
+        const port = await findAvailablePort();
+        const loginPromise = runLoginFlow(port);
+        // Attach a no-op catch so Node doesn't flag the rejection as unhandled
+        // before our expect() call processes it
+        loginPromise.catch(() => { });
+        await new Promise((resolve) => setTimeout(resolve, 50));
+        await httpGet(`http://localhost:${port}/callback?error=access_denied`);
+        await expect(loginPromise).rejects.toThrow("access_denied");
+    });
+    it("returns 404 for non-callback paths", async () => {
+        // Mock fetch for the code exchange that will happen when we clean up
+        vi.spyOn(globalThis, "fetch").mockResolvedValue({
+            ok: true,
+            status: 200,
+            json: async () => ({ token: "cleanup" }),
+            headers: new Headers(),
+        });
+        const port = await findAvailablePort();
+        const loginPromise = runLoginFlow(port);
+        await new Promise((resolve) => setTimeout(resolve, 50));
+        const res = await httpGet(`http://localhost:${port}/other`);
+        expect(res.status).toBe(404);
+        // Clean up — send a valid callback to resolve the promise
+        await httpGet(`http://localhost:${port}/callback?code=cleanup`);
+        await loginPromise;
+    });
+});

package/dist/hub/client.d.ts

@@ -0,0 +1,51 @@
+export interface HubUser {
+    id: string;
+    email: string;
+    name: string;
+    avatar_url: string | null;
+    bio: string | null;
+}
+export interface Hive {
+    id: string;
+    name: string;
+    slug: string;
+    owner_type: "user" | "organization";
+    owner_id: string;
+    status: HiveStatus;
+    tier: HiveTier;
+    endpoint_url: string | null;
+    image_version: string;
+    health_status: "healthy" | "unhealthy" | "unknown";
+    created_at: string;
+    updated_at: string;
+}
+export type HiveStatus = "provisioning" | "running" | "stopped" | "suspended" | "waking" | "error" | "destroyed" | "destroy_failed";
+export type HiveTier = "free" | "starter" | "pro" | "enterprise";
+export interface CreateHiveOptions {
+    name: string;
+    tier?: HiveTier;
+}
+export declare class HubApiError extends Error {
+    readonly statusCode: number;
+    constructor(statusCode: number, message: string);
+}
+/** Get the SwarmHub base URL (serves both API at /v1 and frontend) */
+export declare function getHubUrl(): string;
+/** Exchange a temporary auth code for a JWT token */
+export declare function exchangeAuthCode(code: string): Promise<string>;
+/** Refresh an existing JWT token */
+export declare function refreshToken(): Promise<string>;
+/** Get the current authenticated user */
+export declare function getMe(): Promise<HubUser>;
+/** Create a new hive */
+export declare function createHive(options: CreateHiveOptions): Promise<Hive>;
+/** List all hives for the authenticated user */
+export declare function listHives(): Promise<Hive[]>;
+/** Get a single hive by slug */
+export declare function getHive(slug: string): Promise<Hive>;
+/** Start a stopped hive */
+export declare function startHive(slug: string): Promise<Hive>;
+/** Stop a running hive */
+export declare function stopHive(slug: string): Promise<Hive>;
+/** Destroy a hive permanently */
+export declare function destroyHive(slug: string): Promise<Hive>;

package/dist/hub/client.js

@@ -0,0 +1,107 @@
+import { readCredentials } from "./credentials.js";
+const DEFAULT_HUB_URL = "https://hub.swarmkit.ai";
+export class HubApiError extends Error {
+    statusCode;
+    constructor(statusCode, message) {
+        super(message);
+        this.statusCode = statusCode;
+        this.name = "HubApiError";
+    }
+}
+/** Get the SwarmHub base URL (serves both API at /v1 and frontend) */
+export function getHubUrl() {
+    return process.env.SWARMKIT_HUB_URL ?? readCredentials()?.apiUrl ?? DEFAULT_HUB_URL;
+}
+async function request(path, options = {}) {
+    const { method = "GET", body, token } = options;
+    const url = `${getHubUrl()}${path}`;
+    const headers = {
+        "Accept": "application/json",
+    };
+    if (token) {
+        headers["Authorization"] = `Bearer ${token}`;
+    }
+    else {
+        const creds = readCredentials();
+        if (creds?.token) {
+            headers["Authorization"] = `Bearer ${creds.token}`;
+        }
+    }
+    if (body !== undefined) {
+        headers["Content-Type"] = "application/json";
+    }
+    const response = await fetch(url, {
+        method,
+        headers,
+        body: body !== undefined ? JSON.stringify(body) : undefined,
+    });
+    if (!response.ok) {
+        let message;
+        try {
+            const err = (await response.json());
+            message = err.error ?? response.statusText;
+        }
+        catch {
+            message = response.statusText;
+        }
+        throw new HubApiError(response.status, message);
+    }
+    // Handle 204 No Content
+    if (response.status === 204) {
+        return undefined;
+    }
+    return (await response.json());
+}
+// ─── Auth ────────────────────────────────────────────────────────────────────
+/** Exchange a temporary auth code for a JWT token */
+export async function exchangeAuthCode(code) {
+    const result = await request("/v1/auth/code/exchange", {
+        method: "POST",
+        body: { code },
+    });
+    return result.token;
+}
+/** Refresh an existing JWT token */
+export async function refreshToken() {
+    const result = await request("/v1/auth/refresh", {
+        method: "POST",
+    });
+    return result.token;
+}
+// ─── User ────────────────────────────────────────────────────────────────────
+/** Get the current authenticated user */
+export async function getMe() {
+    return request("/v1/users/me");
+}
+// ─── Hives ───────────────────────────────────────────────────────────────────
+/** Create a new hive */
+export async function createHive(options) {
+    return request("/v1/hives", {
+        method: "POST",
+        body: {
+            name: options.name,
+            owner_type: "user",
+            tier: options.tier ?? "free",
+        },
+    });
+}
+/** List all hives for the authenticated user */
+export async function listHives() {
+    return request("/v1/hives");
+}
+/** Get a single hive by slug */
+export async function getHive(slug) {
+    return request(`/v1/hives/${encodeURIComponent(slug)}`);
+}
+/** Start a stopped hive */
+export async function startHive(slug) {
+    return request(`/v1/hives/${encodeURIComponent(slug)}/start`, { method: "POST" });
+}
+/** Stop a running hive */
+export async function stopHive(slug) {
+    return request(`/v1/hives/${encodeURIComponent(slug)}/stop`, { method: "POST" });
+}
+/** Destroy a hive permanently */
+export async function destroyHive(slug) {
+    return request(`/v1/hives/${encodeURIComponent(slug)}`, { method: "DELETE" });
+}

package/dist/hub/client.test.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/hub/client.test.js

@@ -0,0 +1,177 @@
+import { describe, it, expect, vi, beforeEach, afterEach } from "vitest";
+import { mkdirSync, rmSync } from "node:fs";
+import { join } from "node:path";
+import { tmpdir } from "node:os";
+import { randomUUID } from "node:crypto";
+// Mock homedir so credentials go to temp dir
+let testDir;
+vi.mock("node:os", async () => {
+    const actual = await import("node:os");
+    return {
+        ...actual,
+        homedir: () => testDir,
+    };
+});
+const { exchangeAuthCode, getMe, createHive, listHives, getHive, startHive, stopHive, destroyHive, getHubUrl, HubApiError, } = await import("./client.js");
+const { writeCredentials } = await import("./credentials.js");
+beforeEach(() => {
+    testDir = join(tmpdir(), `swarmkit-client-test-${randomUUID()}`);
+    mkdirSync(testDir, { recursive: true });
+});
+afterEach(() => {
+    rmSync(testDir, { recursive: true, force: true });
+    delete process.env.SWARMKIT_HUB_URL;
+    vi.restoreAllMocks();
+});
+function mockFetch(response, status = 200) {
+    return vi.spyOn(globalThis, "fetch").mockResolvedValue({
+        ok: status >= 200 && status < 300,
+        status,
+        statusText: status === 200 ? "OK" : "Error",
+        json: async () => response,
+        headers: new Headers(),
+    });
+}
+describe("getHubUrl", () => {
+    it("returns default when no credentials", () => {
+        expect(getHubUrl()).toBe("https://hub.swarmkit.ai");
+    });
+    it("returns stored url when logged in", () => {
+        writeCredentials({ token: "t", apiUrl: "https://hub.custom.com" });
+        expect(getHubUrl()).toBe("https://hub.custom.com");
+    });
+    it("prefers SWARMKIT_HUB_URL env var", () => {
+        process.env.SWARMKIT_HUB_URL = "http://localhost:4000";
+        writeCredentials({ token: "t", apiUrl: "https://hub.custom.com" });
+        expect(getHubUrl()).toBe("http://localhost:4000");
+        delete process.env.SWARMKIT_HUB_URL;
+    });
+});
+describe("exchangeAuthCode", () => {
+    it("sends code and returns token", async () => {
+        const fetchSpy = mockFetch({ token: "jwt-123" });
+        const token = await exchangeAuthCode("auth-code-abc");
+        expect(token).toBe("jwt-123");
+        expect(fetchSpy).toHaveBeenCalledWith("https://hub.swarmkit.ai/v1/auth/code/exchange", expect.objectContaining({
+            method: "POST",
+            body: JSON.stringify({ code: "auth-code-abc" }),
+        }));
+    });
+    it("throws HubApiError on failure", async () => {
+        mockFetch({ error: "Invalid code" }, 400);
+        await expect(exchangeAuthCode("bad")).rejects.toThrow(HubApiError);
+        await expect(exchangeAuthCode("bad")).rejects.toThrow("Invalid code");
+    });
+});
+describe("getMe", () => {
+    it("returns user profile", async () => {
+        writeCredentials({ token: "my-jwt", apiUrl: "https://hub.swarmkit.ai" });
+        const user = {
+            id: "usr_123",
+            email: "test@example.com",
+            name: "testuser",
+            avatar_url: null,
+            bio: null,
+        };
+        const fetchSpy = mockFetch(user);
+        const result = await getMe();
+        expect(result).toEqual(user);
+        // Check auth header was sent
+        const headers = fetchSpy.mock.calls[0][1]?.headers;
+        expect(headers["Authorization"]).toBe("Bearer my-jwt");
+    });
+    it("throws 401 when not authenticated", async () => {
+        mockFetch({ error: "Unauthorized" }, 401);
+        try {
+            await getMe();
+            expect.unreachable();
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(HubApiError);
+            expect(err.statusCode).toBe(401);
+        }
+    });
+});
+describe("hive operations", () => {
+    beforeEach(() => {
+        writeCredentials({ token: "jwt", apiUrl: "https://hub.swarmkit.ai" });
+    });
+    const sampleHive = {
+        id: "hive_abc",
+        name: "My Hive",
+        slug: "my-hive",
+        owner_type: "user",
+        owner_id: "usr_123",
+        status: "running",
+        tier: "free",
+        endpoint_url: "https://my-hive.swarmkit.ai",
+        image_version: "latest",
+        health_status: "healthy",
+        created_at: "2025-01-01T00:00:00Z",
+        updated_at: "2025-01-01T00:00:00Z",
+    };
+    it("createHive sends name and tier", async () => {
+        const fetchSpy = mockFetch({ ...sampleHive, status: "provisioning" }, 201);
+        const hive = await createHive({ name: "My Hive", tier: "starter" });
+        expect(hive.name).toBe("My Hive");
+        const body = JSON.parse(fetchSpy.mock.calls[0][1]?.body);
+        expect(body.name).toBe("My Hive");
+        expect(body.tier).toBe("starter");
+    });
+    it("listHives returns array", async () => {
+        mockFetch([sampleHive]);
+        const hives = await listHives();
+        expect(hives).toHaveLength(1);
+        expect(hives[0].slug).toBe("my-hive");
+    });
+    it("getHive returns single hive", async () => {
+        mockFetch(sampleHive);
+        const hive = await getHive("my-hive");
+        expect(hive.slug).toBe("my-hive");
+    });
+    it("getHive encodes slug", async () => {
+        const fetchSpy = mockFetch(sampleHive);
+        await getHive("my hive");
+        expect(fetchSpy.mock.calls[0][0]).toContain("my%20hive");
+    });
+    it("startHive sends POST", async () => {
+        const fetchSpy = mockFetch(sampleHive);
+        await startHive("my-hive");
+        expect(fetchSpy.mock.calls[0][1]?.method).toBe("POST");
+        expect(fetchSpy.mock.calls[0][0]).toContain("/my-hive/start");
+    });
+    it("stopHive sends POST", async () => {
+        const fetchSpy = mockFetch({ ...sampleHive, status: "stopped" });
+        const hive = await stopHive("my-hive");
+        expect(hive.status).toBe("stopped");
+        expect(fetchSpy.mock.calls[0][0]).toContain("/my-hive/stop");
+    });
+    it("destroyHive sends DELETE", async () => {
+        const fetchSpy = mockFetch({ ...sampleHive, status: "destroyed" });
+        const hive = await destroyHive("my-hive");
+        expect(hive.status).toBe("destroyed");
+        expect(fetchSpy.mock.calls[0][1]?.method).toBe("DELETE");
+    });
+    it("throws 404 for missing hive", async () => {
+        mockFetch({ error: "Not found" }, 404);
+        try {
+            await getHive("nonexistent");
+            expect.unreachable();
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(HubApiError);
+            expect(err.statusCode).toBe(404);
+        }
+    });
+    it("throws 403 for tier limit exceeded", async () => {
+        mockFetch({ error: "Hive limit reached for free tier" }, 403);
+        try {
+            await createHive({ name: "Another" });
+            expect.unreachable();
+        }
+        catch (err) {
+            expect(err).toBeInstanceOf(HubApiError);
+            expect(err.statusCode).toBe(403);
+        }
+    });
+});

package/dist/hub/credentials.d.ts

@@ -0,0 +1,14 @@
+export interface HubCredentials {
+    /** JWT token from SwarmHub */
+    token: string;
+    /** SwarmHub API base URL that issued the token */
+    apiUrl: string;
+}
+/** Read stored SwarmHub credentials, or null if not logged in */
+export declare function readCredentials(): HubCredentials | null;
+/** Store SwarmHub credentials (written with 0600 permissions) */
+export declare function writeCredentials(credentials: HubCredentials): void;
+/** Remove stored SwarmHub credentials */
+export declare function deleteCredentials(): void;
+/** Check if the user is logged in to SwarmHub */
+export declare function isLoggedIn(): boolean;

package/dist/hub/credentials.js

@@ -0,0 +1,41 @@
+import { existsSync, readFileSync, unlinkSync, writeFileSync } from "node:fs";
+import { join } from "node:path";
+import { getConfigDir, ensureConfigDir } from "../config/global.js";
+function getCredentialsPath() {
+    return join(getConfigDir(), "credentials.json");
+}
+/** Read stored SwarmHub credentials, or null if not logged in */
+export function readCredentials() {
+    const path = getCredentialsPath();
+    if (!existsSync(path))
+        return null;
+    try {
+        const raw = readFileSync(path, "utf-8");
+        const parsed = JSON.parse(raw);
+        if (!parsed.token || !parsed.apiUrl)
+            return null;
+        return { token: parsed.token, apiUrl: parsed.apiUrl };
+    }
+    catch {
+        return null;
+    }
+}
+/** Store SwarmHub credentials (written with 0600 permissions) */
+export function writeCredentials(credentials) {
+    ensureConfigDir();
+    const path = getCredentialsPath();
+    writeFileSync(path, JSON.stringify(credentials, null, 2) + "\n", {
+        mode: 0o600,
+    });
+}
+/** Remove stored SwarmHub credentials */
+export function deleteCredentials() {
+    const path = getCredentialsPath();
+    if (existsSync(path)) {
+        unlinkSync(path);
+    }
+}
+/** Check if the user is logged in to SwarmHub */
+export function isLoggedIn() {
+    return readCredentials() !== null;
+}

package/dist/hub/credentials.test.d.ts

@@ -0,0 +1 @@
+export {};