ticketlens 0.1.5 → 0.1.7

package/bin/ticketlens.mjs

@@ -26,6 +26,7 @@ import {
 } from '../skills/jtb/scripts/lib/help.mjs';
 import { createStyler } from '../skills/jtb/scripts/lib/ansi.mjs';
 import { readCliToken, saveCliToken, deleteCliToken } from '../skills/jtb/scripts/lib/cli-auth.mjs';
+import { browserLogin } from '../skills/jtb/scripts/lib/browser-login.mjs';
 import { syncProfiles, getApiBase, getConsoleBase } from '../skills/jtb/scripts/lib/sync.mjs';
 import { promptSecret, promptText } from '../skills/jtb/scripts/lib/prompt-helpers.mjs';
 
@@ -277,21 +278,48 @@ switch (command) {
 
   case 'login': {
     if (cmdArgs.includes('--help') || cmdArgs.includes('-h')) { printLoginHelp(); break; }
+
+    const useManual = cmdArgs.includes('--manual');
+
     (async () => {
       const s = createStyler({ isTTY: process.stderr.isTTY });
-      process.stderr.write(`\n  ${s.bold('TicketLens Login')}\n`);
-      process.stderr.write(`  ${s.dim('─'.repeat(44))}\n`);
-      process.stderr.write(`  ${s.dim(`Generate a CLI token at ${s.cyan(`${getConsoleBase()}/console/account`)}`)}\n`);
-      process.stderr.write(`  ${s.dim('then paste it below.')}\n\n`);
-
-      const token = await promptSecret(`CLI Token ${s.dim('(tl_…)')}:`, { stream: process.stderr });
-      if (!token.startsWith('tl_')) {
-        process.stderr.write(`  ${s.red('✖')} Token must start with ${s.dim('tl_')}\n`);
-        process.exitCode = 1;
-        return;
+
+      let token;
+
+      if (useManual) {
+        // ── manual paste flow (CI / headless environments) ──────────────────
+        process.stderr.write(`\n  ${s.bold('TicketLens Login')}\n`);
+        process.stderr.write(`  ${s.dim('─'.repeat(44))}\n`);
+        process.stderr.write(`  ${s.dim(`Generate a CLI token at ${s.cyan(`${getConsoleBase()}/console/account`)}`)}\n`);
+        process.stderr.write(`  ${s.dim('then paste it below.')}\n\n`);
+
+        token = await promptSecret(`CLI Token ${s.dim('(tl_…)')}:`, { stream: process.stderr });
+        if (!token.startsWith('tl_')) {
+          process.stderr.write(`  ${s.red('✖')} Token must start with ${s.dim('tl_')}\n`);
+          process.exitCode = 1;
+          return;
+        }
+      } else {
+        // ── browser flow (default) ────────────────────────────────────────
+        process.stderr.write(`\n  ${s.bold('TicketLens Login')}\n`);
+        process.stderr.write(`  ${s.dim('─'.repeat(44))}\n`);
+        process.stderr.write(`  Opening browser to authorize…\n\n`);
+        process.stderr.write(`  ${s.dim('○ Waiting for authorization (120s)…')}\n`);
+
+        try {
+          token = await browserLogin();
+        } catch (err) {
+          const cancelled = err.message === 'Authorization cancelled';
+          process.stderr.write(`\x1b[A\r\x1b[2K  ${s.red('✖')} ${cancelled ? 'Login cancelled.' : err.message}\n`);
+          if (!cancelled) {
+            process.stderr.write(`\n  ${s.dim(`Try ${s.cyan('ticketlens login --manual')} to paste a token instead.`)}\n\n`);
+          }
+          process.exitCode = cancelled ? 0 : 1;
+          return;
+        }
       }
 
-      // Validate against the API before saving
+      // ── verify token against API (both flows) ─────────────────────────
       process.stderr.write(`\n  ${s.dim('○ Verifying token…')}\n`);
       let res;
       try {
@@ -299,7 +327,7 @@ switch (command) {
           headers: { Authorization: `Bearer ${token}`, Accept: 'application/json' },
           signal: AbortSignal.timeout(15000),
         });
-      } catch (err) {
+      } catch {
         process.stderr.write(`\x1b[A\r\x1b[2K  ${s.red('✖')} Could not reach ${getApiBase()} — check your connection.\n`);
         process.exitCode = 1;
         return;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ticketlens",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "Jira CLI for developers — fetch ticket context, triage your queue, and stop tab-switching. Zero dependencies, all local.",
   "type": "module",
   "bin": {

package/skills/jtb/scripts/lib/browser-login.mjs

@@ -0,0 +1,121 @@
+import { createServer }     from 'node:http';
+import { randomBytes }       from 'node:crypto';
+import { spawn }             from 'node:child_process';
+import { hostname as osHostname } from 'node:os';
+import { getConsoleBase }    from './sync.mjs';
+
+const PORT_MIN    = 49152;
+const PORT_MAX    = 65535;
+const TIMEOUT_MS  = 120_000;
+
+export const generateState = () => randomBytes(16).toString('hex');
+
+export const pickPort = () =>
+  Math.floor(Math.random() * (PORT_MAX - PORT_MIN + 1)) + PORT_MIN;
+
+export function openBrowser(url) {
+  const cmd = process.platform === 'win32' ? 'cmd'
+            : process.platform === 'darwin' ? 'open'
+            : 'xdg-open';
+  const args = process.platform === 'win32' ? ['/c', 'start', '', url] : [url];
+  spawn(cmd, args, { detached: true, stdio: 'ignore' }).unref();
+}
+
+/**
+ * Start a one-shot local HTTP server that waits for the CLI auth callback.
+ * Resolves with the token string on success; rejects on state mismatch,
+ * missing/invalid token, or timeout.
+ */
+export function startLocalServer(port, expectedState, timeoutMs = TIMEOUT_MS) {
+  return new Promise((resolve, reject) => {
+    let settled = false;
+
+    const settle = (fn, value) => {
+      if (settled) return;
+      settled = true;
+      clearTimeout(timer);
+      server.close();
+      fn(value);
+    };
+
+    const server = createServer((req, res) => {
+      const url = new URL(req.url, `http://127.0.0.1:${port}`);
+
+      if (url.pathname !== '/callback') {
+        res.writeHead(404);
+        res.end();
+        return;
+      }
+
+      const token = url.searchParams.get('token') ?? '';
+      const state = url.searchParams.get('state') ?? '';
+      const error = url.searchParams.get('error') ?? '';
+
+      if (state !== expectedState) {
+        res.writeHead(400, { 'Content-Type': 'text/plain' });
+        res.end('State mismatch — authorization rejected.');
+        settle(reject, new Error('State mismatch'));
+        return;
+      }
+
+      if (error) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(
+          '<html><body style="font-family:sans-serif;text-align:center;padding:60px;background:#0d1117;color:#cdd9e5">'
+          + '<h2 style="color:#8b949e">Authorization cancelled</h2>'
+          + '<p style="color:#8b949e">You can close this tab.</p>'
+          + '</body></html>',
+        );
+        settle(reject, new Error('Authorization cancelled'));
+        return;
+      }
+
+      if (!token.startsWith('tl_')) {
+        res.writeHead(400, { 'Content-Type': 'text/plain' });
+        res.end('Invalid token received.');
+        settle(reject, new Error('Invalid token'));
+        return;
+      }
+
+      res.writeHead(200, { 'Content-Type': 'text/html' });
+      res.end(
+        '<html><body style="font-family:sans-serif;text-align:center;padding:60px;background:#0d1117;color:#cdd9e5">'
+        + '<h2 style="color:#3fb950">&#10003; Authorized</h2>'
+        + '<p style="color:#8b949e">You can close this tab and return to the terminal.</p>'
+        + '</body></html>',
+      );
+
+      settle(resolve, token);
+    });
+
+    server.on('error', (err) => settle(reject, err));
+
+    const timer = setTimeout(
+      () => settle(reject, new Error('Authorization timed out after 120 seconds')),
+      timeoutMs,
+    );
+
+    server.listen(port, '127.0.0.1');
+  });
+}
+
+/**
+ * Full browser login flow. Opens the authorize page in the default browser,
+ * waits for the callback, and returns the plaintext CLI token.
+ */
+export async function browserLogin() {
+  const state    = generateState();
+  const port     = pickPort();
+  const hostname = osHostname();
+
+  const consoleBase = getConsoleBase();
+  const url = `${consoleBase}/console/auth/cli`
+    + `?port=${port}`
+    + `&state=${encodeURIComponent(state)}`
+    + `&hostname=${encodeURIComponent(hostname)}`;
+
+  const tokenPromise = startLocalServer(port, state);
+  openBrowser(url);
+
+  return tokenPromise;
+}

package/skills/jtb/scripts/lib/help.mjs

@@ -219,29 +219,34 @@ export function printLoginHelp({ stream = process.stdout } = {}) {
   const s = createStyler({ isTTY: stream.isTTY });
   const lines = [
     '',
-    `  ${s.bold(s.brand('ticketlens'))} ${s.bold('login')}`,
+    `  ${s.bold(s.brand('ticketlens'))} ${s.bold('login')} ${s.dim('[--manual]')}`,
     '',
-    `  Connect the CLI to your TicketLens account using a CLI token.`,
-    `  Validates the token against the API before saving it locally.`,
+    `  Connect the CLI to your TicketLens account.`,
+    `  Opens a browser window to authorize — no copy-pasting required.`,
     '',
     `  ${s.bold('HOW IT WORKS')}`,
     '',
-    `    1. Generate a CLI token at ${s.cyan(`${s.dim('<console-url>')}/console/account`)}`,
-    `    2. Run ${s.cyan('ticketlens login')} and paste the token when prompted`,
-    `    3. Run ${s.cyan('ticketlens sync')} to pull your tracker connections`,
+    `    1. Run ${s.cyan('ticketlens login')} — your browser opens the authorize page`,
+    `    2. Click ${s.bold('Authorize TicketLens CLI')} while logged in to the Console`,
+    `    3. The terminal confirms login automatically`,
+    `    4. Run ${s.cyan('ticketlens sync')} to pull your tracker connections`,
     '',
     `  ${s.bold('OPTIONS')}`,
     '',
-    `    ${s.brand('-h')}, ${s.brand('--help')}   Show this help`,
+    `    ${s.brand('--manual')}            Paste a token instead of using the browser`,
+    `                       ${s.dim('Useful for CI, SSH sessions, or headless environments.')}`,
+    `                       ${s.dim(`Generate a token at ${s.cyan('<console-url>/console/account')}`)}`,
+    `    ${s.brand('-h')}, ${s.brand('--help')}         Show this help`,
     '',
     `  ${s.bold('EXAMPLES')}`,
     '',
-    `    ${s.dim('$')} ticketlens login`,
-    `    ${s.dim('$')} ticketlens sync        ${s.dim('# after login, pull connections')}`,
+    `    ${s.dim('$')} ticketlens login             ${s.dim('# opens browser (default)')}`,
+    `    ${s.dim('$')} ticketlens login --manual     ${s.dim('# paste token (CI / headless)')}`,
+    `    ${s.dim('$')} ticketlens sync               ${s.dim('# after login, pull connections')}`,
     '',
     `  ${s.bold('FILES')}`,
     '',
-    `    ${s.dim('Token saved to:')}  ~/.ticketlens/cli-token`,
+    `    ${s.dim('Token saved to:')}  ~/.ticketlens/cli-token  ${s.dim('(written by ticketlens login)')}`,
     '',
   ];
   stream.write(lines.join('\n') + '\n');