trucontext 0.1.0

package/src/auth.js

@@ -0,0 +1,197 @@
+// auth.js — PKCE Authorization Code flow for CLI login
+
+import { createHash, randomBytes } from 'crypto';
+import { createServer } from 'http';
+import open from 'open';
+import {
+  COGNITO_DOMAIN,
+  CLI_CLIENT_ID,
+  CALLBACK_PORT,
+  CALLBACK_URL,
+  getCredentials,
+  saveCredentials,
+} from './config.js';
+
+function base64url(buffer) {
+  return buffer.toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=+$/, '');
+}
+
+function generateCodeVerifier() {
+  return base64url(randomBytes(32));
+}
+
+function generateCodeChallenge(verifier) {
+  return base64url(createHash('sha256').update(verifier).digest());
+}
+
+/**
+ * Run the PKCE login flow:
+ * 1. Start localhost server
+ * 2. Open browser to Cognito authorize endpoint
+ * 3. Capture auth code from redirect
+ * 4. Exchange for tokens
+ * 5. Save credentials
+ */
+export async function performLogin({ provider } = {}) {
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = generateCodeChallenge(codeVerifier);
+  const state = base64url(randomBytes(16));
+
+  return new Promise((resolve, reject) => {
+    const server = createServer(async (req, res) => {
+      const url = new URL(req.url, `http://localhost:${CALLBACK_PORT}`);
+
+      if (url.pathname !== '/callback') {
+        res.writeHead(404);
+        res.end('Not found');
+        return;
+      }
+
+      const code = url.searchParams.get('code');
+      const returnedState = url.searchParams.get('state');
+      const error = url.searchParams.get('error');
+
+      if (error) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end('<html><body><h2>Login failed</h2><p>You can close this window.</p></body></html>');
+        server.close();
+        reject(new Error(`Auth error: ${error}`));
+        return;
+      }
+
+      if (returnedState !== state) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end('<html><body><h2>Invalid state</h2><p>Please try again.</p></body></html>');
+        server.close();
+        reject(new Error('State mismatch — possible CSRF attack'));
+        return;
+      }
+
+      try {
+        // Exchange auth code for tokens
+        const tokenRes = await fetch(`${COGNITO_DOMAIN}/oauth2/token`, {
+          method: 'POST',
+          headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+          body: new URLSearchParams({
+            grant_type: 'authorization_code',
+            client_id: CLI_CLIENT_ID,
+            code,
+            redirect_uri: CALLBACK_URL,
+            code_verifier: codeVerifier,
+          }),
+        });
+
+        const tokens = await tokenRes.json();
+
+        if (!tokenRes.ok || tokens.error) {
+          throw new Error(tokens.error_description || tokens.error || 'Token exchange failed');
+        }
+
+        // Decode ID token payload (no verification needed client-side)
+        const payload = JSON.parse(
+          Buffer.from(tokens.id_token.split('.')[1], 'base64').toString()
+        );
+
+        const creds = {
+          refreshToken: tokens.refresh_token,
+          idToken: tokens.id_token,
+          accessToken: tokens.access_token,
+          expiresAt: Date.now() + tokens.expires_in * 1000,
+          email: payload.email || payload['cognito:username'],
+          sub: payload.sub,
+        };
+
+        saveCredentials(creds);
+
+        res.writeHead(302, { Location: 'https://app.trucontext.ai' });
+        res.end();
+
+        server.close();
+        resolve(creds);
+      } catch (err) {
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(`<html><body><h2>Login failed</h2><p>${err.message}</p></body></html>`);
+        server.close();
+        reject(err);
+      }
+    });
+
+    server.listen(CALLBACK_PORT, () => {
+      const authorizeUrl = new URL(`${COGNITO_DOMAIN}/oauth2/authorize`);
+      authorizeUrl.searchParams.set('response_type', 'code');
+      authorizeUrl.searchParams.set('client_id', CLI_CLIENT_ID);
+      authorizeUrl.searchParams.set('redirect_uri', CALLBACK_URL);
+      authorizeUrl.searchParams.set('scope', 'email openid profile');
+      authorizeUrl.searchParams.set('code_challenge', codeChallenge);
+      authorizeUrl.searchParams.set('code_challenge_method', 'S256');
+      authorizeUrl.searchParams.set('state', state);
+
+      // Skip hosted UI and go straight to provider if specified
+      if (provider) {
+        authorizeUrl.searchParams.set('identity_provider', provider);
+      }
+
+      open(authorizeUrl.toString());
+    });
+
+    // Timeout after 2 minutes
+    setTimeout(() => {
+      server.close();
+      reject(new Error('Login timed out — no callback received within 2 minutes'));
+    }, 120000);
+  });
+}
+
+/**
+ * Refresh tokens using the stored refresh token.
+ * Returns the new ID token.
+ */
+export async function refreshTokens() {
+  const creds = getCredentials();
+  if (!creds?.refreshToken) {
+    throw new Error('Not logged in. Run: trucontext login');
+  }
+
+  const res = await fetch(`${COGNITO_DOMAIN}/oauth2/token`, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+    body: new URLSearchParams({
+      grant_type: 'refresh_token',
+      client_id: CLI_CLIENT_ID,
+      refresh_token: creds.refreshToken,
+    }),
+  });
+
+  const data = await res.json();
+
+  if (!res.ok || data.error) {
+    throw new Error(data.error_description || data.error || 'Token refresh failed. Run: trucontext login');
+  }
+
+  saveCredentials({
+    ...creds,
+    idToken: data.id_token,
+    accessToken: data.access_token,
+    expiresAt: Date.now() + data.expires_in * 1000,
+    // Cognito does NOT return a new refresh_token on refresh — keep the original
+  });
+
+  return data.id_token;
+}
+
+/**
+ * Get a valid ID token, refreshing if needed.
+ */
+export async function ensureFreshToken() {
+  const creds = getCredentials();
+  if (!creds) {
+    throw new Error('Not logged in. Run: trucontext login');
+  }
+
+  // Refresh if within 60 seconds of expiry
+  if (Date.now() > (creds.expiresAt || 0) - 60000) {
+    return await refreshTokens();
+  }
+
+  return creds.idToken;
+}

package/src/client.js

@@ -0,0 +1,77 @@
+// client.js — HTTP client for both API planes
+// Auto-refreshes JWT, attaches active app header.
+
+import { ensureFreshToken } from './auth.js';
+import { getActiveApp, DATA_PLANE_URL, CONTROL_PLANE_URL } from './config.js';
+
+async function request(baseUrl, method, path, body, retry = true) {
+  const token = await ensureFreshToken();
+  const activeApp = getActiveApp();
+
+  const headers = {
+    'Authorization': `Bearer ${token}`,
+    'Content-Type': 'application/json',
+  };
+  if (activeApp) {
+    headers['X-TruContext-App'] = activeApp;
+  }
+
+  const ac = new AbortController();
+  const timeout = setTimeout(() => ac.abort(), 15000);
+
+  try {
+    const res = await fetch(`${baseUrl}${path}`, {
+      method,
+      headers,
+      body: body ? JSON.stringify(body) : undefined,
+      signal: ac.signal,
+    });
+
+    // Retry once on 401 after refresh
+    if (res.status === 401 && retry) {
+      const newToken = await ensureFreshToken();
+      headers['Authorization'] = `Bearer ${newToken}`;
+      const retryRes = await fetch(`${baseUrl}${path}`, {
+        method,
+        headers,
+        body: body ? JSON.stringify(body) : undefined,
+        signal: ac.signal,
+      });
+      return handleResponse(retryRes);
+    }
+
+    return handleResponse(res);
+  } finally {
+    clearTimeout(timeout);
+  }
+}
+
+async function handleResponse(res) {
+  const text = await res.text();
+  let data;
+  try {
+    data = JSON.parse(text);
+  } catch {
+    data = { raw: text };
+  }
+
+  if (!res.ok) {
+    const msg = data?.error || data?.message || `HTTP ${res.status}`;
+    const err = new Error(msg);
+    err.status = res.status;
+    err.data = data;
+    throw err;
+  }
+
+  return data;
+}
+
+// --- Public API ---
+
+export function dataPlane(method, path, body) {
+  return request(DATA_PLANE_URL, method, path, body);
+}
+
+export function controlPlane(method, path, body) {
+  return request(CONTROL_PLANE_URL, method, path, body);
+}

package/src/commands/apps.js

@@ -0,0 +1,48 @@
+import chalk from 'chalk';
+import { controlPlane } from '../client.js';
+import { getActiveApp, setActiveApp } from '../config.js';
+
+export async function appsCommand() {
+  try {
+    const res = await controlPlane('GET', '/apps');
+    const apps = res.data?.apps || [];
+    const activeApp = getActiveApp();
+
+    if (apps.length === 0) {
+      console.log(chalk.yellow('No apps. Create one in the dashboard.'));
+      return;
+    }
+
+    for (const app of apps) {
+      const active = app.appId === activeApp ? chalk.green(' (active)') : '';
+      console.log(`${chalk.bold(app.name)}${active}`);
+      console.log(`  ${chalk.dim(app.appId)} — ${app.status}`);
+    }
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function useCommand(appId) {
+  try {
+    const res = await controlPlane('GET', '/apps');
+    const apps = res.data?.apps || [];
+    const app = apps.find(a => a.appId === appId || a.name.toLowerCase() === appId.toLowerCase());
+
+    if (!app) {
+      console.error(chalk.red(`App not found: ${appId}`));
+      console.log(chalk.dim('Available apps:'));
+      for (const a of apps) {
+        console.log(`  ${a.name} ${chalk.dim(a.appId)}`);
+      }
+      process.exit(1);
+    }
+
+    setActiveApp(app.appId);
+    console.log(chalk.green(`Active app: ${chalk.bold(app.name)} (${app.appId})`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}

package/src/commands/contexts.js

@@ -0,0 +1,56 @@
+import chalk from 'chalk';
+import { dataPlane } from '../client.js';
+
+export async function contextsListCommand() {
+  try {
+    const res = await dataPlane('GET', '/v1/contexts');
+    const contexts = res.data?.contexts || [];
+
+    if (contexts.length === 0) {
+      console.log(chalk.yellow('No contexts. Create one with: trucontext contexts create <name>'));
+      return;
+    }
+
+    for (const ctx of contexts) {
+      console.log(`${chalk.bold(ctx.name)} ${chalk.dim(ctx.contextId)}`);
+      if (ctx.metadata && Object.keys(ctx.metadata).length > 0) {
+        console.log(`  ${chalk.dim(JSON.stringify(ctx.metadata))}`);
+      }
+    }
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function contextsCreateCommand(name, options) {
+  try {
+    const body = { name };
+    if (options.metadata) {
+      try {
+        body.metadata = JSON.parse(options.metadata);
+      } catch {
+        console.error(chalk.red('Invalid metadata JSON'));
+        process.exit(1);
+      }
+    }
+
+    const res = await dataPlane('POST', '/v1/contexts', body);
+    const ctx = res.data;
+    console.log(chalk.green(`Created: ${chalk.bold(ctx.name)}`));
+    console.log(chalk.dim(`Context ID: ${ctx.contextId}`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function contextsDeleteCommand(contextId) {
+  try {
+    await dataPlane('DELETE', `/v1/contexts/${contextId}`);
+    console.log(chalk.green(`Deleted: ${contextId}`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}

package/src/commands/entities.js

@@ -0,0 +1,141 @@
+import chalk from 'chalk';
+import { dataPlane } from '../client.js';
+
+export async function entitiesListCommand(options) {
+  try {
+    const params = new URLSearchParams();
+    if (options.type) params.set('type', options.type);
+    if (options.limit) params.set('limit', options.limit);
+    const qs = params.toString();
+    const path = `/v1/entities${qs ? `?${qs}` : ''}`;
+
+    const res = await dataPlane('GET', path);
+    const entities = res.data?.entities || [];
+
+    if (entities.length === 0) {
+      console.log(chalk.yellow('No entities found.'));
+      return;
+    }
+
+    for (const e of entities) {
+      console.log(`${chalk.bold(e.entityId)} ${chalk.dim(`[${e.type}]`)}`);
+      if (e.recipe_id) console.log(`  recipe: ${chalk.dim(e.recipe_id)}`);
+      if (e.properties && Object.keys(e.properties).length > 0) {
+        console.log(`  properties: ${chalk.dim(JSON.stringify(e.properties))}`);
+      }
+      if (e.heartbeat_enabled !== undefined) console.log(`  heartbeat: ${chalk.dim(e.heartbeat_enabled)}`);
+      if (e.confidence !== undefined) console.log(`  confidence: ${chalk.dim(e.confidence)}`);
+      if (e.temporal !== undefined) console.log(`  temporal: ${chalk.dim(e.temporal)}`);
+    }
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function entitiesGetCommand(entityId) {
+  try {
+    const res = await dataPlane('GET', `/v1/entities/${entityId}`);
+    const e = res.data || res;
+
+    console.log(`${chalk.bold(e.entityId)} ${chalk.dim(`[${e.type}]`)}`);
+    if (e.recipe_id) console.log(`  recipe: ${chalk.dim(e.recipe_id)}`);
+    if (e.properties && Object.keys(e.properties).length > 0) {
+      console.log(`  properties: ${chalk.dim(JSON.stringify(e.properties))}`);
+    }
+    if (e.heartbeat_enabled !== undefined) console.log(`  heartbeat: ${chalk.dim(e.heartbeat_enabled)}`);
+    if (e.confidence !== undefined) console.log(`  confidence: ${chalk.dim(e.confidence)}`);
+    if (e.temporal !== undefined) console.log(`  temporal: ${chalk.dim(e.temporal)}`);
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function entitiesCreateCommand(options) {
+  try {
+    if (!options.id) {
+      console.error(chalk.red('--id is required'));
+      process.exit(1);
+    }
+    if (!options.type) {
+      console.error(chalk.red('--type is required'));
+      process.exit(1);
+    }
+
+    const body = {
+      entityId: options.id,
+      type: options.type,
+    };
+
+    if (options.properties) {
+      try {
+        body.properties = JSON.parse(options.properties);
+      } catch {
+        console.error(chalk.red('Invalid properties JSON'));
+        process.exit(1);
+      }
+    }
+
+    if (options.recipe) body.recipe_id = options.recipe;
+    if (options.heartbeat === false) body.heartbeat_enabled = false;
+    if (options.confidence !== undefined) body.confidence = parseFloat(options.confidence);
+    if (options.temporal !== undefined) body.temporal = options.temporal;
+
+    if (options.context?.length > 0) {
+      body.contexts = options.context.map(entry => {
+        const colonIdx = entry.indexOf(':');
+        if (colonIdx === -1) {
+          return { context_id: entry, relationship: 'ABOUT' };
+        }
+        return {
+          context_id: entry.slice(0, colonIdx),
+          relationship: entry.slice(colonIdx + 1),
+        };
+      });
+    }
+
+    const res = await dataPlane('POST', '/v1/entities', body);
+    const e = res.data || res;
+    console.log(chalk.green(`Created: ${chalk.bold(e.entityId || options.id)}`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function entitiesUpdateCommand(entityId, options) {
+  try {
+    const body = {};
+
+    if (options.properties) {
+      try {
+        body.properties = JSON.parse(options.properties);
+      } catch {
+        console.error(chalk.red('Invalid properties JSON'));
+        process.exit(1);
+      }
+    }
+
+    if (options.recipe) body.recipe_id = options.recipe;
+    if (options.heartbeat !== undefined) body.heartbeat_enabled = options.heartbeat;
+    if (options.confidence !== undefined) body.confidence = parseFloat(options.confidence);
+    if (options.temporal !== undefined) body.temporal = options.temporal;
+
+    await dataPlane('PUT', `/v1/entities/${entityId}`, body);
+    console.log(chalk.green(`Updated: ${entityId}`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
+export async function entitiesDeleteCommand(entityId) {
+  try {
+    await dataPlane('DELETE', `/v1/entities/${entityId}`);
+    console.log(chalk.green(`Deleted: ${entityId}`));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}

package/src/commands/ingest.js

@@ -0,0 +1,59 @@
+import chalk from 'chalk';
+import { readFileSync, existsSync } from 'fs';
+import { basename } from 'path';
+import { dataPlane } from '../client.js';
+
+export async function ingestCommand(source, options) {
+  try {
+    let body;
+
+    if (existsSync(source)) {
+      const content = readFileSync(source);
+      const filename = basename(source);
+      const ext = filename.split('.').pop().toLowerCase();
+
+      const textExts = ['txt', 'md', 'csv', 'html', 'json'];
+      const isText = textExts.includes(ext);
+
+      body = {
+        content: isText ? content.toString('utf-8') : content.toString('base64'),
+        content_type: isText ? 'text/plain' : `application/${ext}`,
+        encoding: isText ? undefined : 'base64',
+        metadata: { original_filename: filename, source_medium: 'cli' },
+      };
+    } else {
+      body = {
+        content: source,
+        content_type: 'text/plain',
+        metadata: { source_medium: 'cli' },
+      };
+    }
+
+    if (options.confidence !== undefined) body.confidence = parseFloat(options.confidence);
+    if (options.temporal !== undefined) body.temporal = options.temporal;
+
+    // Build contexts array from --context flags: "entity-id:RELATIONSHIP"
+    if (options.context?.length > 0) {
+      body.contexts = options.context.map(entry => {
+        const colonIdx = entry.indexOf(':');
+        if (colonIdx === -1) {
+          return { context_id: entry, relationship: 'ABOUT' };
+        }
+        return {
+          context_id: entry.slice(0, colonIdx),
+          relationship: entry.slice(colonIdx + 1),
+        };
+      });
+    }
+
+    const res = await dataPlane('POST', '/v1/ingest', body);
+    console.log(chalk.green('Accepted'));
+    console.log(chalk.dim(`Content ID: ${res.contentId}`));
+    if (res.status === 'upload_required') {
+      console.log(chalk.yellow(`Large file — upload to: ${res.uploadUrl}`));
+    }
+  } catch (err) {
+    console.error(chalk.red(`Ingest failed: ${err.message}`));
+    process.exit(1);
+  }
+}

package/src/commands/init.js

@@ -0,0 +1,81 @@
+import chalk from 'chalk';
+import input from '@inquirer/input';
+import select from '@inquirer/select';
+import { controlPlane } from '../client.js';
+import { setActiveApp } from '../config.js';
+
+export async function initCommand(name, options) {
+  // Step 1: App name
+  if (!name) {
+    name = await input({ message: 'App name:' });
+  }
+
+  // Step 2: Description (required for schema generation)
+  let description = options.description;
+  if (!description) {
+    description = await input({
+      message: 'Describe your app (what data will it store, who uses it):',
+    });
+  }
+
+  // Step 3: Authorship model
+  const authorship = await select({
+    message: 'Who creates content in your app?',
+    choices: [
+      { name: 'Multiple users contribute content', value: 'multi', description: 'e.g. team wikis, social apps, collaboration tools' },
+      { name: 'Single author / personal use', value: 'single', description: 'e.g. personal notes, solo projects' },
+      { name: 'The app itself generates content', value: 'app', description: 'e.g. automated pipelines, bots, scrapers' },
+    ],
+  });
+
+  // Step 4: Create the app
+  console.log(chalk.dim(`\nCreating app "${name}"...`));
+
+  try {
+    const res = await controlPlane('POST', '/apps', { name, description });
+    const app = res.data;
+    setActiveApp(app.appId);
+
+    console.log(chalk.green(`App created: ${app.appId}`));
+
+    // Step 5: Generate schema
+    console.log(chalk.dim('Generating schema from description...'));
+
+    const schemaRes = await controlPlane('POST', '/schema/generate', {
+      description,
+      authorship_model: authorship,
+    });
+    const schema = schemaRes.data?.schema;
+
+    if (schema) {
+      // Step 6: Save schema to app
+      await controlPlane('PUT', `/apps/${app.appId}/schema`, schema);
+
+      console.log(chalk.green('Schema generated and saved.\n'));
+
+      // Show a summary
+      if (schema.entity_types) {
+        console.log(chalk.bold('Entity types:'));
+        for (const et of schema.entity_types) {
+          console.log(`  ${chalk.cyan(et.name)}  ${chalk.dim(et.description || '')}`);
+        }
+      }
+      if (schema.edge_types) {
+        console.log(chalk.bold('\nRelationships:'));
+        for (const edge of schema.edge_types) {
+          console.log(`  ${chalk.dim(edge.from)} ${chalk.yellow(`—${edge.name}→`)} ${chalk.dim(edge.to)}`);
+        }
+      }
+    } else {
+      console.log(chalk.yellow('Schema generation returned empty — you can generate one later:'));
+      console.log(chalk.cyan('  trucontext schema generate -d "your description"'));
+    }
+
+    console.log(chalk.dim(`\nReady to go:`));
+    console.log(chalk.cyan('  trucontext ingest <file>'));
+    console.log(chalk.cyan('  trucontext query "your question"'));
+  } catch (err) {
+    console.error(chalk.red(`Failed: ${err.message}`));
+    process.exit(1);
+  }
+}