tovuk 0.1.47

package/src/internal/auth.ts

@@ -0,0 +1,281 @@
+import { spawnSync } from 'node:child_process'
+import { chmodSync, existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs'
+import { homedir } from 'node:os'
+import path from 'node:path'
+import { DEFAULT_LOGIN_EXPIRES_SECONDS, DEFAULT_LOGIN_INTERVAL_SECONDS, SESSION_ACCOUNT, SESSION_DIR, SESSION_FILE, SESSION_LABEL, SESSION_SERVICE } from './constants.ts'
+import { agentError } from './errors.ts'
+import { apiRequest } from './api.ts'
+import { jsonObjectOrEmpty, numberField, stringField } from './json.ts'
+import { hasCommand, openUrl, progress, sleep } from './project.ts'
+import type { CliOptions, JsonObject, LoginPollResponse, LoginStartResponse } from './types.ts'
+
+type AliasSpec<Key extends string> = Readonly<{
+  field: Key
+  aliases: readonly string[]
+}>
+
+const LOGIN_START_STRING_FIELDS = [
+  { field: 'deviceCode', aliases: ['deviceCode', 'device_code'] },
+  { field: 'loginUrl', aliases: ['loginUrl', 'login_url'] },
+  { field: 'userCode', aliases: ['userCode', 'user_code'] }
+] as const
+
+const LOGIN_START_NUMBER_FIELDS = [
+  { field: 'expiresInSeconds', aliases: ['expiresInSeconds', 'expires_in_seconds'] },
+  { field: 'intervalSeconds', aliases: ['intervalSeconds', 'interval_seconds'] }
+] as const
+
+const LOGIN_POLL_STRING_FIELDS = [
+  { field: 'email', aliases: ['email'] },
+  { field: 'status', aliases: ['status'] },
+  { field: 'token', aliases: ['token'] }
+] as const
+
+const LOGIN_POLL_NUMBER_FIELDS = [
+  { field: 'intervalSeconds', aliases: ['intervalSeconds', 'interval_seconds'] }
+] as const
+
+async function login(cli: CliOptions): Promise<void> {
+  if (cli.token) {
+    writeSessionToken(cli.token)
+    console.log('saved Tovuk session token')
+    return
+  }
+
+  await loginAndStore(cli)
+}
+
+async function readOrLoginToken(cli: CliOptions): Promise<string> {
+  const token = readStoredToken(cli)
+  if (token) {
+    return token
+  }
+
+  return loginAndStore(cli)
+}
+
+async function loginAndStore(cli: CliOptions): Promise<string> {
+  const start = loginStartResponse(await apiRequest(cli, 'POST', '/v1/login/device', null, null))
+  if (!start.loginUrl) {
+    throw agentError('login_failed', 'Tovuk login did not return a browser URL.', 'Retry `npx tovuk login`. If it keeps failing, check Tovuk status.', cli.json)
+  }
+  openUrl(start.loginUrl)
+  progress(cli, 'opened browser login')
+  progress(cli, `waiting for browser login code ${start.userCode ?? 'TOVUK'}`)
+
+  const session = await pollLogin(cli, start)
+  if (!session.token) {
+    throw agentError('login_failed', 'Tovuk login did not return a session token.', 'Run `npx tovuk login` again and complete the browser login.', cli.json)
+  }
+
+  writeSessionToken(session.token)
+  progress(cli, `logged in as ${session.email ?? 'Tovuk user'}`)
+  return session.token
+}
+
+async function pollLogin(cli: CliOptions, start: LoginStartResponse): Promise<LoginPollResponse> {
+  if (!start.deviceCode) {
+    throw agentError('login_failed', 'Tovuk login did not return a device code.', 'Retry `npx tovuk login`. If it keeps failing, check Tovuk status.', cli.json)
+  }
+
+  const expiresMs = (start.expiresInSeconds ?? DEFAULT_LOGIN_EXPIRES_SECONDS) * 1000
+  const deadline = Date.now() + expiresMs
+  let intervalMs = (start.intervalSeconds ?? DEFAULT_LOGIN_INTERVAL_SECONDS) * 1000
+
+  while (Date.now() < deadline) {
+    await sleep(intervalMs)
+    const response = loginPollResponse(await apiRequest(cli, 'GET', `/v1/login/device/${encodeURIComponent(start.deviceCode)}`, null, null))
+    if (response.status === 'complete') {
+      return response
+    }
+    if (response.status === 'expired') {
+      throw agentError('login_expired', 'Tovuk login expired before it completed.', 'Run `npx tovuk login` again and finish the browser login in the newly opened tab.', cli.json)
+    }
+    intervalMs = Math.max(
+      DEFAULT_LOGIN_INTERVAL_SECONDS * 1000,
+      (response.intervalSeconds ?? DEFAULT_LOGIN_INTERVAL_SECONDS) * 1000
+    )
+  }
+
+  throw agentError('login_expired', 'Tovuk login expired before it completed.', 'Run `npx tovuk login` again and finish the browser login in the newly opened tab.', cli.json)
+}
+
+function readStoredToken(cli: CliOptions): string {
+  if (cli.token) {
+    return cli.token
+  }
+  if (process.env['TOVUK_TOKEN']) {
+    return process.env['TOVUK_TOKEN']
+  }
+
+  const keychainToken = readKeychainToken()
+  if (keychainToken) {
+    return keychainToken
+  }
+
+  const userToken = readTokenFile(userSessionPath())
+  if (userToken) {
+    return userToken
+  }
+
+  const homeToken = path.join(homedir(), SESSION_DIR, SESSION_FILE)
+  return readTokenFile(homeToken)
+}
+
+function writeSessionToken(token: string): void {
+  const cleanToken = token.trim()
+  if (!cleanToken) {
+    throw agentError('login_failed', 'Tovuk session token is empty.', 'Run `npx tovuk login` again and complete the browser login.', false)
+  }
+  if (writeKeychainToken(cleanToken)) {
+    return
+  }
+
+  writeTokenFile(userSessionPath(), cleanToken)
+}
+
+function readTokenFile(filePath: string): string {
+  if (!existsSync(filePath)) {
+    return ''
+  }
+  return readFileSync(filePath, 'utf8').trim()
+}
+
+function writeTokenFile(filePath: string, token: string): void {
+  const dir = path.dirname(filePath)
+  mkdirSync(dir, { recursive: true, mode: 0o700 })
+  writeFileSync(filePath, `${token}\n`, { mode: 0o600 })
+  chmodSync(filePath, 0o600)
+}
+
+function userSessionPath(): string {
+  if (process.platform === 'win32' && process.env['APPDATA']) {
+    return path.join(process.env['APPDATA'], 'Tovuk', SESSION_FILE)
+  }
+  const configHome = process.env['XDG_CONFIG_HOME'] ?? path.join(homedir(), '.config')
+  return path.join(configHome, 'tovuk', SESSION_FILE)
+}
+
+function readKeychainToken(): string {
+  if (process.platform === 'darwin') {
+    const result = spawnSync('security', ['find-generic-password', '-s', SESSION_SERVICE, '-a', SESSION_ACCOUNT, '-w'], {
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore']
+    })
+    return result.status === 0 ? result.stdout.trim() : ''
+  }
+
+  if (process.platform === 'linux' && hasCommand('secret-tool')) {
+    const result = spawnSync('secret-tool', ['lookup', 'service', SESSION_SERVICE, 'account', SESSION_ACCOUNT], {
+      encoding: 'utf8',
+      stdio: ['ignore', 'pipe', 'ignore']
+    })
+    return result.status === 0 ? result.stdout.trim() : ''
+  }
+
+  return ''
+}
+
+function writeKeychainToken(token: string): boolean {
+  if (process.platform === 'darwin') {
+    const result = spawnSync('security', [
+      'add-generic-password',
+      '-U',
+      '-s',
+      SESSION_SERVICE,
+      '-a',
+      SESSION_ACCOUNT,
+      '-l',
+      SESSION_LABEL,
+      '-w',
+      token
+    ], { stdio: 'ignore' })
+    return result.status === 0
+  }
+
+  if (process.platform === 'linux' && hasCommand('secret-tool')) {
+    const result = spawnSync('secret-tool', [
+      'store',
+      '--label',
+      SESSION_LABEL,
+      'service',
+      SESSION_SERVICE,
+      'account',
+      SESSION_ACCOUNT
+    ], {
+      input: token,
+      stdio: ['pipe', 'ignore', 'ignore']
+    })
+    return result.status === 0
+  }
+
+  return false
+}
+
+function loginStartResponse(value: Awaited<ReturnType<typeof apiRequest>>): LoginStartResponse {
+  const source = jsonObjectOrEmpty(value)
+  return {
+    ...stringAliasFields(source, LOGIN_START_STRING_FIELDS),
+    ...numberAliasFields(source, LOGIN_START_NUMBER_FIELDS)
+  }
+}
+
+function loginPollResponse(value: Awaited<ReturnType<typeof apiRequest>>): LoginPollResponse {
+  const source = jsonObjectOrEmpty(value)
+  return {
+    ...stringAliasFields(source, LOGIN_POLL_STRING_FIELDS),
+    ...numberAliasFields(source, LOGIN_POLL_NUMBER_FIELDS)
+  }
+}
+
+function stringAliasFields<Key extends string>(
+  source: JsonObject,
+  specs: readonly AliasSpec<Key>[]
+): Partial<Record<Key, string>> {
+  return aliasFields(source, specs, firstStringAlias, (value) => value !== '')
+}
+
+function numberAliasFields<Key extends string>(
+  source: JsonObject,
+  specs: readonly AliasSpec<Key>[]
+): Partial<Record<Key, number>> {
+  return aliasFields(source, specs, firstPositiveNumberAlias, (value) => value > 0)
+}
+
+function aliasFields<Key extends string, Value>(
+  source: JsonObject,
+  specs: readonly AliasSpec<Key>[],
+  read: (source: JsonObject, aliases: readonly string[]) => Value,
+  keep: (value: Value) => boolean
+): Partial<Record<Key, Value>> {
+  const response: Partial<Record<Key, Value>> = {}
+  for (const spec of specs) {
+    const value = read(source, spec.aliases)
+    if (keep(value)) {
+      response[spec.field] = value
+    }
+  }
+  return response
+}
+
+function firstStringAlias(source: JsonObject, aliases: readonly string[]): string {
+  for (const alias of aliases) {
+    const value = stringField(source, alias)
+    if (value) {
+      return value
+    }
+  }
+  return ''
+}
+
+function firstPositiveNumberAlias(source: JsonObject, aliases: readonly string[]): number {
+  for (const alias of aliases) {
+    const value = numberField(source, alias)
+    if (value > 0) {
+      return value
+    }
+  }
+  return 0
+}
+
+export { login, readOrLoginToken }

package/src/internal/checks.ts

@@ -0,0 +1,12 @@
+import type { DoctorCheck } from './types.ts'
+
+function doctorCheck(name: string, ok: boolean, success: string, failure: string, instruction: string): DoctorCheck {
+  return {
+    name,
+    ok,
+    message: ok ? success : failure,
+    agent_instruction: ok ? null : instruction
+  }
+}
+
+export { doctorCheck }

package/src/internal/commands.ts

@@ -0,0 +1,298 @@
+import { agentError } from './errors.ts'
+import { apiRequest, pageQuery, requireApp } from './api.ts'
+import { checkoutResponseFromJson, logsResponseFromJson } from './api-models.ts'
+import { readOrLoginToken } from './auth.ts'
+import { openUrl, printJson } from './project.ts'
+import type { ApiMethod, CliOptions, JsonObject, JsonValue } from './types.ts'
+
+interface LogsRequest {
+  route: string
+  target: string
+}
+
+type SubcommandHandler = (cli: CliOptions) => Promise<void>
+type SubcommandTable = Readonly<Record<string, SubcommandHandler>>
+type DomainMethod = Extract<ApiMethod, 'DELETE' | 'POST'>
+type DomainRoute = (app: string, domain: string) => string
+type DomainBody = (domain: string) => JsonObject | null
+type BillingAction = 'checkout' | 'portal'
+
+const ENV_COMMANDS: SubcommandTable = {
+  list: async (cli): Promise<void> => printJson(await appGet(cli, 'env')),
+  set: envSet,
+  delete: envDelete
+}
+
+const DOMAIN_COMMANDS: SubcommandTable = {
+  list: async (cli): Promise<void> => printJson(await appGet(cli, 'domains')),
+  add: domainMutation('POST', (app): string => `/v1/apps/${encodeURIComponent(app)}/domains`, (domain): JsonObject => ({ domain })),
+  verify: domainMutation('POST', (app, domain): string => `/v1/apps/${encodeURIComponent(app)}/domains/${encodeURIComponent(domain)}/verify`, (): null => null),
+  delete: domainMutation('DELETE', (app, domain): string => `/v1/apps/${encodeURIComponent(app)}/domains/${encodeURIComponent(domain)}`, (): null => null)
+}
+
+const SUPPORT_COMMANDS: SubcommandTable = {
+  list: supportList,
+  create: supportCreate,
+  resolve: supportResolve
+}
+
+async function logs(cli: CliOptions): Promise<void> {
+  const token = await readOrLoginToken(cli)
+  const request = logsRequest(cli)
+  const response = logsResponseFromJson(await apiRequest(cli, 'GET', request.route, token, null))
+  if (cli.json) {
+    printJson(response)
+    return
+  }
+  for (const line of response.lines) {
+    console.log(`[${line.timestamp}] ${line.stream}: ${line.message}`)
+  }
+  if (response.has_more && response.next_cursor) {
+    console.log(`next npx tovuk logs ${request.target} --cursor ${response.next_cursor}`)
+  }
+}
+
+function logsRequest(cli: CliOptions): LogsRequest {
+  const page = pageQuery(cli)
+  if (cli.build) {
+    return {
+      route: `/v1/builds/${encodeURIComponent(cli.build)}/logs${page}`,
+      target: `--build ${cli.build}`
+    }
+  }
+  if (cli.deploy) {
+    return {
+      route: `/v1/deploys/${encodeURIComponent(cli.deploy)}/logs${page}`,
+      target: `--deploy ${cli.deploy}`
+    }
+  }
+
+  const app = requireApp(cli)
+  return {
+    route: `/v1/apps/${encodeURIComponent(app)}/logs${page}`,
+    target: `--app ${app}`
+  }
+}
+
+async function apps(cli: CliOptions): Promise<void> {
+  await printAuthenticated(cli, '/v1/apps')
+}
+
+async function capabilities(cli: CliOptions): Promise<void> {
+  const response = await apiRequest(cli, 'GET', '/v1/capabilities', null, null)
+  printJson(response)
+}
+
+async function me(cli: CliOptions): Promise<void> {
+  await printAuthenticated(cli, '/v1/me')
+}
+
+async function usage(cli: CliOptions): Promise<void> {
+  await printAuthenticated(cli, '/v1/usage')
+}
+
+async function activity(cli: CliOptions): Promise<void> {
+  await printPagedAuthenticated(cli, '/v1/activity')
+}
+
+async function overview(cli: CliOptions): Promise<void> {
+  await printPagedAuthenticated(cli, appRoute(cli, 'overview'))
+}
+
+async function deploys(cli: CliOptions): Promise<void> {
+  await printAuthenticated(cli, appScopedCollectionRoute(cli, 'deploys'))
+}
+
+async function builds(cli: CliOptions): Promise<void> {
+  await printAuthenticated(cli, appScopedCollectionRoute(cli, 'builds'))
+}
+
+function appScopedCollectionRoute(cli: CliOptions, collection: 'builds' | 'deploys'): string {
+  const route = cli.app
+    ? `/v1/apps/${encodeURIComponent(cli.app)}/${collection}`
+    : `/v1/${collection}`
+  return `${route}${pageQuery(cli)}`
+}
+
+async function status(cli: CliOptions): Promise<void> {
+  printJson(await appGet(cli, 'status'))
+}
+
+async function inspect(cli: CliOptions): Promise<void> {
+  printJson(await appGet(cli, 'inspect'))
+}
+
+async function database(cli: CliOptions): Promise<void> {
+  printJson(await appGet(cli, 'database'))
+}
+
+async function envCommand(cli: CliOptions): Promise<void> {
+  await runSubcommand(cli, ENV_COMMANDS, 'list', 'Unknown env command.', 'Use `npx tovuk env list`, `env set`, or `env delete`.')
+}
+
+async function envDelete(cli: CliOptions): Promise<void> {
+  const name = requireCommandArg(cli, 'invalid_env', 'Environment variable name is required.', 'Use `npx tovuk env delete --app <app> KEY`.')
+  await printAuthenticatedMutation(cli, 'DELETE', appRoute(cli, `env/${encodeURIComponent(name)}`), null)
+}
+
+async function envSet(cli: CliOptions): Promise<void> {
+  const assignment = cli.args[1] ?? ''
+  const separator = assignment.indexOf('=')
+  if (separator <= 0) {
+    throw agentError('invalid_env', 'Environment assignment must be KEY=value.', 'Pass one uppercase shell-safe environment assignment, for example `API_KEY=value`.', cli.json)
+  }
+
+  const name = assignment.slice(0, separator)
+  const value = assignment.slice(separator + 1)
+  await printAuthenticatedMutation(cli, 'PUT', appRoute(cli, 'env'), { name, value })
+}
+
+async function domainsCommand(cli: CliOptions): Promise<void> {
+  await runSubcommand(cli, DOMAIN_COMMANDS, 'list', 'Unknown domains command.', 'Use `domains list`, `domains add`, `domains verify`, or `domains delete`.')
+}
+
+function domainMutation(method: DomainMethod, route: DomainRoute, body: DomainBody): SubcommandHandler {
+  return async (cli): Promise<void> => {
+    const domain = requireCommandArg(cli, 'missing_domain', 'Domain is required.', 'Use `npx tovuk domains add --app <app> api.example.com`.')
+    const app = requireApp(cli)
+    await printAuthenticatedMutation(cli, method, route(app, domain), body(domain))
+  }
+}
+
+async function billing(cli: CliOptions): Promise<void> {
+  const token = await readOrLoginToken(cli)
+  const action = billingAction(cli.args[0] ?? 'checkout', cli.json)
+  const route = action === 'portal' ? '/v1/billing/portal' : '/v1/billing/checkout'
+  const reason = cli.args.slice(1).join(' ').trim() || 'Upgrade to Tovuk Pro.'
+  const body: JsonObject | null = action === 'checkout'
+    ? { target_plan: 'pro', reason }
+    : null
+  const response = checkoutResponseFromJson(await apiRequest(cli, 'POST', route, token, body))
+  if (cli.json) {
+    printJson(response)
+    return
+  }
+  console.log(response.checkout.url)
+  openUrl(response.checkout.url)
+}
+
+function billingAction(value: string, json: boolean): BillingAction {
+  if (!value || value === 'checkout') {
+    return 'checkout'
+  }
+  if (value === 'portal') {
+    return 'portal'
+  }
+  throw agentError('unknown_billing_command', 'Unknown billing command.', 'Use `npx tovuk billing checkout --json` or `npx tovuk billing portal`.', json)
+}
+
+async function support(cli: CliOptions): Promise<void> {
+  await runSubcommand(cli, SUPPORT_COMMANDS, 'list', 'Unknown support command.', 'Use `npx tovuk support list --json` or `support create` with subject and details.')
+}
+
+async function supportList(cli: CliOptions): Promise<void> {
+  await printPagedAuthenticated(cli, '/v1/support/tickets')
+}
+
+async function supportCreate(cli: CliOptions): Promise<void> {
+  const subject = cli.args[1] ?? ''
+  const details = cli.args.slice(2).join(' ').trim()
+  if (!subject || !details) {
+    throw agentError(
+      'invalid_support_ticket',
+      'Support ticket subject and details are required.',
+      'Use `npx tovuk support create "Short subject" "Command, app id, build id, deploy id, and first actionable log line" --json`.',
+      cli.json
+    )
+  }
+
+  const token = await readOrLoginToken(cli)
+  const body = supportTicketBody(cli, subject, details)
+  const response = await apiRequest(cli, 'POST', '/v1/support/tickets', token, body)
+  printJson(response)
+}
+
+function supportTicketBody(cli: CliOptions, subject: string, details: string): JsonObject {
+  const body: JsonObject = { details, severity: cli.severity || 'normal', subject }
+  addOptionalField(body, 'app_id', cli.app)
+  addOptionalField(body, 'failing_command', cli.failingCommand)
+  addOptionalField(body, 'build_id', cli.build)
+  addOptionalField(body, 'deploy_id', cli.deploy)
+  addOptionalField(body, 'first_log_line', cli.firstLogLine)
+  return body
+}
+
+function addOptionalField(body: JsonObject, key: string, value: string): void {
+  if (value) {
+    body[key] = value
+  }
+}
+
+async function supportResolve(cli: CliOptions): Promise<void> {
+  const ticketId = requireCommandArg(
+    cli,
+    'invalid_support_ticket',
+    'Support ticket id is required.',
+    'Use `npx tovuk support resolve <ticket_id> --json` with an id from support list.'
+  )
+  await printAuthenticatedMutation(cli, 'POST', `/v1/support/tickets/${encodeURIComponent(ticketId)}/resolve`, null)
+}
+
+async function printAuthenticated(cli: CliOptions, route: string): Promise<void> {
+  const token = await readOrLoginToken(cli)
+  const response = await apiRequest(cli, 'GET', route, token, null)
+  printJson(response)
+}
+
+async function printPagedAuthenticated(cli: CliOptions, route: string): Promise<void> {
+  await printAuthenticated(cli, `${route}${pageQuery(cli)}`)
+}
+
+async function printAuthenticatedMutation(cli: CliOptions, method: ApiMethod, route: string, body: JsonObject | null): Promise<void> {
+  const token = await readOrLoginToken(cli)
+  printJson(await apiRequest(cli, method, route, token, body))
+}
+
+function appRoute(cli: CliOptions, suffix: string): string {
+  return `/v1/apps/${encodeURIComponent(requireApp(cli))}/${suffix}`
+}
+
+async function appGet(cli: CliOptions, kind: string): Promise<JsonValue | null> {
+  const token = await readOrLoginToken(cli)
+  return apiRequest(cli, 'GET', appRoute(cli, kind), token, null)
+}
+
+async function runSubcommand(cli: CliOptions, commands: SubcommandTable, defaultName: string, message: string, instruction: string): Promise<void> {
+  const command = commands[cli.args[0] ?? defaultName]
+  if (!command) {
+    throw agentError('unknown_command', message, instruction, cli.json)
+  }
+  await command(cli)
+}
+
+function requireCommandArg(cli: CliOptions, code: string, message: string, instruction: string): string {
+  const value = cli.args[1] ?? ''
+  if (!value) {
+    throw agentError(code, message, instruction, cli.json)
+  }
+  return value
+}
+
+export {
+  logs,
+  apps,
+  capabilities,
+  me,
+  usage,
+  activity,
+  overview,
+  deploys,
+  builds,
+  status,
+  inspect,
+  database,
+  envCommand,
+  domainsCommand,
+  billing,
+  support
+}