tokrepo 3.3.1 → 3.3.2

package/bin/tokrepo.js

@@ -2,6 +2,7 @@
 
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
 const https = require('https');
 const http = require('http');
 const readline = require('readline');
@@ -23,7 +24,7 @@ const CONFIG_DIR = path.join(require('os').homedir(), '.tokrepo');
 const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
 const PROJECT_CONFIG = '.tokrepo.json';
 const DEFAULT_API = 'https://api.tokrepo.com';
-const CLI_VERSION = '3.3.0';
+const CLI_VERSION = '3.3.2';
 const VERSION_CHECK_FILE = path.join(require('os').homedir(), '.tokrepo', '.version-check');
 
 // ─── Helpers ───
@@ -291,6 +292,10 @@ function parseArgs(argv) {
     } else if (arg.startsWith('--tag=')) {
       if (!args.flags.tags) args.flags.tags = [];
       args.flags.tags.push(arg.split('=').slice(1).join('='));
+    } else if (arg === '--target' && i + 1 < argv.length) {
+      args.flags.target = argv[++i];
+    } else if (arg.startsWith('--target=')) {
+      args.flags.target = arg.split('=').slice(1).join('=');
     } else if (arg === '-y' || arg === '--yes') {
       args.flags.yes = true;
     } else if (!arg.startsWith('-')) {
@@ -414,6 +419,7 @@ async function saveAndVerifyToken(token) {
 
 function browserAuthFlow() {
   return new Promise((resolve) => {
+    const state = crypto.randomBytes(16).toString('hex');
     const server = http.createServer((req, res) => {
       // CORS headers for browser fetch
       res.setHeader('Access-Control-Allow-Origin', '*');
@@ -432,6 +438,11 @@ function browserAuthFlow() {
         req.on('end', () => {
           try {
             const data = JSON.parse(body);
+            if (!data.token || data.state !== state) {
+              res.writeHead(403);
+              res.end('Invalid authorization state');
+              return;
+            }
             res.writeHead(200, { 'Content-Type': 'application/json' });
             res.end(JSON.stringify({ ok: true }));
             server.close();
@@ -452,7 +463,7 @@ function browserAuthFlow() {
     // Listen on random port
     server.listen(0, '127.0.0.1', () => {
       const port = server.address().port;
-      const authUrl = `https://tokrepo.com/en/cli-auth?port=${port}`;
+      const authUrl = `https://tokrepo.com/en/cli-auth?port=${port}&state=${state}`;
 
       info(`Listening on http://127.0.0.1:${port}`);
       log(`  ${C.dim}If browser doesn't open, visit:${C.reset}`);
@@ -773,41 +784,175 @@ async function cmdSearch() {
 
 // ─── Install (smart pull with correct placement) ───
 
+function normalizeInstallTarget(target) {
+  if (!target) return '';
+  const normalized = String(target).trim().toLowerCase();
+  const aliases = {
+    gemini: 'gemini',
+    'gemini-cli': 'gemini',
+  };
+  return aliases[normalized] || normalized;
+}
+
+function validateInstallTarget(target) {
+  if (!target) return '';
+  const normalized = normalizeInstallTarget(target);
+  if (normalized !== 'gemini') {
+    error(`Unsupported install target: ${target}. Supported targets: gemini`);
+  }
+  return normalized;
+}
+
+function pickWritablePath(destPath, overwrite) {
+  if (!fs.existsSync(destPath)) return destPath;
+  if (overwrite) {
+    warn(`File exists: ${path.relative(process.cwd(), destPath)} (overwriting)`);
+    return destPath;
+  }
+
+  const dir = path.dirname(destPath);
+  const ext = path.extname(destPath);
+  const base = path.basename(destPath, ext);
+  let index = 2;
+  let candidate = path.join(dir, `${base}.${index}${ext}`);
+  while (fs.existsSync(candidate)) {
+    index++;
+    candidate = path.join(dir, `${base}.${index}${ext}`);
+  }
+  warn(`File exists: ${path.relative(process.cwd(), destPath)}; writing ${path.relative(process.cwd(), candidate)} instead. Use --yes to overwrite.`);
+  return candidate;
+}
+
+function formatGeminiContent(workflow, contents) {
+  const parts = [
+    `# ${workflow.title || 'TokRepo Asset'}`,
+    workflow.description ? workflow.description : '',
+    '<!-- Installed from TokRepo. Gemini CLI reads GEMINI.md as project instructions. -->',
+  ].filter(Boolean);
+
+  for (const item of contents) {
+    const title = item.name ? `## ${item.name}` : '## Instructions';
+    parts.push(`${title}\n\n${String(item.content || '').trim()}`);
+  }
+
+  return `${parts.join('\n\n').trim()}\n`;
+}
+
 async function cmdInstall() {
-  const target = process.argv[3];
+  const args = parseArgs(process.argv);
+  const target = args.positional[0];
   if (!target) {
-    error(`Usage: tokrepo install <name-or-uuid>
+    error(`Usage: tokrepo install <target> [--target gemini] [--yes]
 
 Examples:
-  tokrepo install awesome-cursor-rules
-  tokrepo install ca000374-f5d8-4d75-a30c-460fda0b6b0e
-  tokrepo install https://tokrepo.com/en/workflows/ca000374-...`);
+  tokrepo install awesome-cursor-rules                # by name
+  tokrepo install ca000374-f5d8-4d75-a30c-460fda0b6b0e  # by uuid
+  tokrepo install https://tokrepo.com/en/workflows/ca000374-...
+  tokrepo install pack/seo-geo                        # install whole theme pack
+  tokrepo install c4b18aeb --target gemini            # write .gemini/GEMINI.md`);
   }
 
   log(`\n${C.bold}tokrepo install${C.reset}\n`);
 
   const config = readConfig();
   const apiBase = config?.api || DEFAULT_API;
+  const installOpts = {
+    targetTool: validateInstallTarget(args.flags.target),
+    yes: Boolean(args.flags.yes),
+  };
+
+  // pack/<slug> dispatch — install entire theme pack
+  if (target.startsWith('pack/')) {
+    const slug = target.slice('pack/'.length).trim();
+    if (!slug) {
+      error('Pack slug is required, e.g. tokrepo install pack/seo-geo');
+    }
+    await installPack(slug, config, apiBase, installOpts);
+    return;
+  }
+
+  await installOneAsset(target, config, apiBase, installOpts);
+}
+
+// Install all assets in a theme pack — sequentially, continue past per-item errors
+async function installPack(slug, config, apiBase, opts) {
+  info(`Fetching pack ${C.bold}${slug}${C.reset}...`);
+  let pack;
+  try {
+    const data = await apiRequest('GET', `/api/v1/tokenboard/homepage/packs/${encodeURIComponent(slug)}`, null, config?.token, apiBase);
+    pack = data.pack;
+  } catch (e) {
+    error(`Pack not found: ${slug} (${e.message})`);
+  }
+
+  log(`\n  ${C.bold}${pack.icon} ${pack.title}${C.reset}`);
+  if (pack.description) log(`  ${C.dim}${pack.description.substring(0, 140)}${C.reset}`);
+  log(`  ${C.dim}${pack.items.length} asset(s) in this pack${C.reset}\n`);
+
+  let ok = 0, fail = 0;
+  for (let i = 0; i < pack.items.length; i++) {
+    const it = pack.items[i];
+    log(`${C.dim}[${i + 1}/${pack.items.length}]${C.reset}`);
+    try {
+      await installOneAsset(it.uuid, config, apiBase, { ...(opts || {}), silent: false, throwOnError: true });
+      ok++;
+    } catch (e) {
+      warn(`Skipped "${it.title}": ${e.message}`);
+      fail++;
+    }
+  }
+
+  log('');
+  if (fail === 0) {
+    success(`${ok} asset(s) installed from pack ${C.bold}${pack.title}${C.reset}`);
+  } else {
+    log(`  ${C.dim}${ok} ok, ${fail} failed${C.reset}`);
+  }
+  log(`  ${C.dim}Pack page: https://tokrepo.com/packs/${slug}${C.reset}\n`);
+}
+
+// Single asset install — extracted so `pack/` flow can reuse.
+// opts.throwOnError: pack flow wants to throw and continue; single-cli flow uses error() (which exits)
+async function installOneAsset(target, config, apiBase, opts) {
+  opts = opts || {};
+  const die = (msg) => { if (opts.throwOnError) throw new Error(msg); error(msg); };
 
   // Resolve target to UUID
   let uuid = target;
 
   // URL format
-  const urlMatch = target.match(/workflows\/([a-f0-9-]+)/);
+  const urlMatch = target.match(/workflows\/([^/?#]+)/);
   if (urlMatch) {
+    // URL may carry either UUID or slug-uuid8 — pass through to detail resolver below
     uuid = urlMatch[1];
   }
-  // UUID format check
-  else if (!/^[a-f0-9-]{36}$/.test(target)) {
+
+  // 已经是完整 UUID — 直接用
+  if (/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i.test(uuid)) {
+    // ok
+  }
+  // SEO slug 形态：结尾是 -<8 hex>，先尝试 /detail?slug= 直查，避免走 search 超时
+  else if (/-[a-f0-9]{8}$/i.test(uuid)) {
+    try {
+      const data = await apiRequest('GET', `/api/v1/tokenboard/workflows/detail?slug=${encodeURIComponent(uuid)}`, null, config?.token, apiBase);
+      if (data && data.workflow && data.workflow.uuid) {
+        uuid = data.workflow.uuid;
+      }
+    } catch (_) {
+      // 404 → 回落到 search
+    }
+  }
+
+  if (!/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/i.test(uuid)) {
     // Search by name (normalize separators for better matching)
-    const normalizedTarget = normalizeQuery(target);
+    const normalizedTarget = normalizeQuery(uuid);
     info(`Searching for "${normalizedTarget}"...`);
     try {
       const encoded = encodeURIComponent(normalizedTarget);
       const searchData = await apiRequest('GET', `/api/v1/tokenboard/workflows/list?keyword=${encoded}&page=1&page_size=5&sort_by=views`, null, config?.token, apiBase);
 
       if (!searchData.list || searchData.list.length === 0) {
-        error(`No asset found matching "${target}". Try: tokrepo search ${target}`);
+        die(`No asset found matching "${target}". Try: tokrepo search ${target}`);
       }
 
       // If title contains all query words, prefer it
@@ -821,7 +966,7 @@ Examples:
       uuid = chosen.uuid;
       info(`Found: ${C.bold}${chosen.title}${C.reset}`);
     } catch (e) {
-      error(`Search failed: ${e.message}`);
+      die(`Search failed: ${e.message}`);
     }
   }
 
@@ -834,7 +979,7 @@ Examples:
     workflow = data.workflow;
     files = data.workflow.files || [];
   } catch (e) {
-    error(`Fetch failed: ${e.message}`);
+    die(`Fetch failed: ${e.message}`);
   }
 
   log(`\n  ${C.bold}${workflow.title}${C.reset}`);
@@ -868,10 +1013,34 @@ Examples:
   }
 
   if (contents.length === 0) {
-    error('No installable content found in this asset.');
+    die('No installable content found in this asset.');
   }
 
   log('');
+  const targetTool = normalizeInstallTarget(opts.targetTool);
+
+  if (targetTool === 'gemini') {
+    const destDir = path.join(process.cwd(), '.gemini');
+    if (!fs.existsSync(destDir)) {
+      fs.mkdirSync(destDir, { recursive: true });
+    }
+    const destPath = pickWritablePath(path.join(destDir, 'GEMINI.md'), Boolean(opts.yes));
+    const resolvedDir = path.resolve(destDir);
+    const resolvedDest = path.resolve(destPath);
+    if (!resolvedDest.startsWith(resolvedDir + path.sep) && resolvedDest !== resolvedDir) {
+      die('Install path escaped .gemini directory.');
+    }
+    fs.writeFileSync(destPath, formatGeminiContent(workflow, contents));
+    const relPath = path.relative(process.cwd(), destPath);
+    success(`Installed: ${relPath}`);
+    if (path.basename(destPath) !== 'GEMINI.md') {
+      warn('Gemini CLI automatically reads GEMINI.md. Merge this file if you want it loaded by default.');
+    }
+    log('');
+    success(`1 file installed from ${C.bold}${workflow.title}${C.reset}`);
+    log(`  ${C.dim}Source: https://tokrepo.com/en/workflows/${uuid}${C.reset}\n`);
+    return;
+  }
 
   // Smart install based on asset type
   let installed = 0;
@@ -928,7 +1097,7 @@ Examples:
       }
     }
 
-    const destPath = path.join(destDir, fileName);
+    let destPath = path.join(destDir, fileName);
 
     // Path traversal guard: ensure resolved path stays inside destDir
     if (!path.resolve(destPath).startsWith(path.resolve(destDir) + path.sep) && path.resolve(destPath) !== path.resolve(destDir)) {
@@ -936,10 +1105,7 @@ Examples:
       continue;
     }
 
-    // Don't overwrite without warning
-    if (fs.existsSync(destPath)) {
-      warn(`File exists: ${path.relative(process.cwd(), destPath)} (overwriting)`);
-    }
+    destPath = pickWritablePath(destPath, Boolean(opts.yes));
 
     fs.writeFileSync(destPath, item.content);
 
@@ -1308,6 +1474,7 @@ ${C.bold}PUSH OPTIONS${C.reset}
 
 ${C.bold}INSTALL BEHAVIOR${C.reset}
   Skills   → .claude/skills/    (if .claude/ exists)
+  Gemini   → .gemini/GEMINI.md  (with --target gemini)
   Scripts  → current dir        (chmod +x)
   Configs  → project root
   MCP      → current dir        (.json)
@@ -1316,6 +1483,7 @@ ${C.bold}INSTALL BEHAVIOR${C.reset}
 ${C.bold}EXAMPLES${C.reset}
   tokrepo search "mcp server"                 # Find MCP configs
   tokrepo install ca000374-f5d8-...           # Install by UUID
+  tokrepo install c4b18aeb --target gemini    # Install for Gemini CLI
   tokrepo push --private my-rules.md          # Save one file privately
   tokrepo push --public skill.md              # Share one file publicly
   tokrepo push --private .                    # Push current dir as private

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tokrepo",
-  "version": "3.3.1",
+  "version": "3.3.2",
   "description": "AI assets for humans and agents — search, install, push. Like GitHub, for AI experience.",
   "bin": {
     "tokrepo": "bin/tokrepo.js"