npm - vesper-wizard - Versions diffs - 2.0.3 → 2.0.4 - Mend

vesper-wizard 2.0.3 → 2.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/wizard.js +215 -13

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "vesper-wizard",
-  "version": "2.0.3",
+  "version": "2.0.4",
   "description": "Zero-friction setup wizard for Vesper — local MCP server, unified dataset API, and agent auto-config in 60 seconds",
   "bin": {
     "vesper-wizard": "wizard.js"

package/wizard.js CHANGED Viewed

@@ -10,6 +10,9 @@ const path = require('path');
 const os = require('os');
 const crypto = require('crypto');
 const { execSync, spawnSync } = require('child_process');
+const http = require('http');
+const https = require('https');
+const readline = require('readline');
 // ── Paths ────────────────────────────────────────────────────
 const HOME = os.homedir();
@@ -54,6 +57,171 @@ function yellow(text) { return `\x1b[33m${text}\x1b[0m`; }
 function red(text) { return `\x1b[31m${text}\x1b[0m`; }
 function magenta(text) { return `\x1b[35m${text}\x1b[0m`; }
+// ── Vesper API URL resolution ────────────────────────────────
+const VESPER_API_URL = process.env.VESPER_API_URL || '';
+const DEFAULT_VESPER_API_CANDIDATES = [
+  'http://localhost:3000',
+  'http://127.0.0.1:3000',
+  'https://vesper.dev',
+];
+// ── Device Auth Helpers ──────────────────────────────────────
+function httpJson(method, url, body) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const lib = parsed.protocol === 'https:' ? https : http;
+    const opts = {
+      method,
+      hostname: parsed.hostname,
+      port: parsed.port || (parsed.protocol === 'https:' ? 443 : 80),
+      path: parsed.pathname + parsed.search,
+      headers: { 'Content-Type': 'application/json' },
+    };
+    const req = lib.request(opts, (res) => {
+      let data = '';
+      res.on('data', (chunk) => (data += chunk));
+      res.on('end', () => {
+        try { resolve({ status: res.statusCode, body: JSON.parse(data) }); }
+        catch { resolve({ status: res.statusCode, body: data }); }
+      });
+    });
+    req.on('error', reject);
+    if (body) req.write(JSON.stringify(body));
+    req.end();
+  });
+}
+async function canReachDeviceAuth(baseUrl) {
+  try {
+    const res = await httpJson('POST', `${baseUrl}/api/auth/device/start`);
+    return res.status === 201 && !!res.body && !!res.body.code;
+  } catch {
+    return false;
+  }
+}
+async function resolveVesperApiBaseUrl() {
+  const candidates = VESPER_API_URL
+    ? [VESPER_API_URL]
+    : DEFAULT_VESPER_API_CANDIDATES;
+  for (const candidate of candidates) {
+    if (await canReachDeviceAuth(candidate)) {
+      return candidate;
+    }
+  }
+  return null;
+}
+function openBrowser(url) {
+  try {
+    if (process.platform === 'win32') {
+      spawnSync('cmd', ['/c', 'start', '', url], { stdio: 'ignore' });
+    } else if (process.platform === 'darwin') {
+      spawnSync('open', [url], { stdio: 'ignore' });
+    } else {
+      spawnSync('xdg-open', [url], { stdio: 'ignore' });
+    }
+  } catch { /* browser open is best-effort */ }
+}
+function askYesNo(question) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(`  ${question} ${dim('[Y/n]')} `, (answer) => {
+      rl.close();
+      resolve(!answer || answer.toLowerCase().startsWith('y'));
+    });
+  });
+}
+async function deviceAuthFlow() {
+  console.log(`\n  ${cyan('■')} ${bold('Device Authentication')}`);
+  console.log(`  ${dim('Link your CLI to a Vesper account for cloud features\n')}`);
+  const resolvedApiBaseUrl = await resolveVesperApiBaseUrl();
+  if (!resolvedApiBaseUrl) {
+    console.log(`  ${red('✗')} ${red('Could not reach any Vesper auth endpoint.')}`);
+    console.log(`      ${dim('Tried:')} ${dim((VESPER_API_URL ? [VESPER_API_URL] : DEFAULT_VESPER_API_CANDIDATES).join(', '))}`);
+    console.log(`      ${dim('If your landing app is running locally, start it on http://localhost:3000 or set VESPER_API_URL.')}`);
+    console.log(`      ${dim('Falling back to local-only mode.\n')}`);
+    return null;
+  }
+  console.log(`  ${dim('Auth endpoint:')} ${dim(resolvedApiBaseUrl)}\n`);
+  // Step 1: Call /api/auth/device/start
+  process.stdout.write(`  ${dim('Requesting device code...')}`);
+  let startRes;
+  try {
+    startRes = await httpJson('POST', `${resolvedApiBaseUrl}/api/auth/device/start`);
+  } catch (err) {
+    console.log(` ${red('✗')}`);
+    console.log(`      ${red('Could not reach Vesper API at')} ${dim(resolvedApiBaseUrl)}`);
+    console.log(`      ${dim('Falling back to local-only mode.\n')}`);
+    return null;
+  }
+  if (startRes.status !== 201 || !startRes.body.code) {
+    console.log(` ${red('✗')}`);
+    console.log(`      ${red('Unexpected response:')} ${dim(JSON.stringify(startRes.body))}`);
+    return null;
+  }
+  const { code, loginUrl } = startRes.body;
+  console.log(` ${green('✓')}\n`);
+  // Step 2: Display code and open browser
+  console.log(`  ┌───────────────────────────────────────────────┐`);
+  console.log(`  │                                               │`);
+  console.log(`  │   ${bold('Your device code:')}  ${cyan(bold(code))}              │`);
+  console.log(`  │                                               │`);
+  console.log(`  │   ${dim('Open this URL to sign in:')}                   │`);
+  console.log(`  │   ${cyan(loginUrl.padEnd(41))}│`);
+  console.log(`  │                                               │`);
+  console.log(`  └───────────────────────────────────────────────┘\n`);
+  openBrowser(loginUrl);
+  console.log(`  ${dim('Browser opened automatically.')}`);
+  console.log(`  ${dim('Waiting for you to sign in...')}\n`);
+  // Step 3: Poll until confirmed or expired
+  const POLL_INTERVAL = 3000; // 3 seconds
+  const MAX_POLLS = 200;      // 10 min max (200 × 3s)
+  let polls = 0;
+  const spinner = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+  while (polls < MAX_POLLS) {
+    polls++;
+    const frame = spinner[polls % spinner.length];
+    process.stdout.write(`\r  ${cyan(frame)} Polling... (${polls})`);
+    try {
+      const pollRes = await httpJson('GET', `${resolvedApiBaseUrl}/api/auth/device/poll?code=${code}`);
+      if (pollRes.body.status === 'confirmed' && pollRes.body.apiKey) {
+        process.stdout.write(`\r  ${green('✓')} Device authenticated!            \n`);
+        console.log(`      ${dim('Email:')} ${pollRes.body.email || 'linked'}`);
+        return pollRes.body.apiKey;
+      }
+      if (pollRes.body.status === 'expired') {
+        process.stdout.write(`\r  ${red('✗')} Device code expired.             \n`);
+        console.log(`      ${dim('Run the wizard again to get a new code.')}`);
+        return null;
+      }
+    } catch {
+      // Network hiccup — keep polling
+    }
+    await new Promise((r) => setTimeout(r, POLL_INTERVAL));
+  }
+  process.stdout.write(`\r  ${red('✗')} Timed out waiting for authentication.\n`);
+  return null;
+}
 function printBanner() {
   console.log(`
 ${dim('─────────────────────────────────────────────────')}
@@ -182,21 +350,50 @@ async function main() {
   ensureDir(path.join(VESPER_DIR, 'datasets'));
   console.log(` ${green('✓')}`);
-  // ─── Step 2: Generate local API key ────────────────────────
-  process.stdout.write(`  ${dim('[')}${cyan('2/6')}${dim(']')} Generating local API key...`);
+  // ─── Step 2: Authenticate (device flow or local key) ──────
+  console.log(`\n  ${dim('[')}${cyan('2/6')}${dim(']')} Authentication`);
   const existing = readToml(CONFIG_TOML);
-  const localKey = existing.api_key || generateLocalKey();
-  const configData = { ...existing, api_key: localKey };
-  writeToml(CONFIG_TOML, configData);
-  console.log(` ${green('✓')}`);
-  console.log(`      ${dim('Key:')} ${dim(localKey.slice(0, 20) + '...')}  ${dim('→')} ${dim(CONFIG_TOML)}`);
+  let localKey = existing.api_key || '';
+  let authMode = existing.auth_mode || '';
+  // If already has a cloud key, skip
+  if (localKey && !localKey.startsWith('vesper_sk_local_')) {
+    console.log(`      ${green('✓')} Cloud API key already configured`);
+    console.log(`      ${dim('Key:')} ${dim(localKey.slice(0, 24) + '...')}  ${dim('→')} ${dim(CONFIG_TOML)}`);
+  } else {
+    // Offer device auth
+    const wantsDevice = await askYesNo(`${cyan('→')} Link to a Vesper account? (enables cloud sync & team features)`);
+    if (wantsDevice) {
+      const cloudKey = await deviceAuthFlow();
+      if (cloudKey) {
+        localKey = cloudKey;
+        authMode = 'cloud';
+      } else {
+        // Fall back to local key
+        if (!localKey) localKey = generateLocalKey();
+        authMode = 'local_unified';
+        console.log(`\n      ${yellow('⚠')} Using local-only key. Run the wizard again anytime to link an account.`);
+      }
+    } else {
+      if (!localKey) localKey = generateLocalKey();
+      authMode = 'local_unified';
+      console.log(`      ${green('✓')} Local-only key generated`);
+    }
+    const configData = { ...existing, api_key: localKey, auth_mode: authMode };
+    writeToml(CONFIG_TOML, configData);
+    console.log(`      ${dim('Key:')} ${dim(localKey.slice(0, 24) + '...')}  ${dim('→')} ${dim(CONFIG_TOML)}`);
+  }
   // ─── Step 3: Local vault initialization ────────────────────
   process.stdout.write(`\n  ${dim('[')}${cyan('3/6')}${dim(']')} Initializing local credentials vault...`);
-  configData.auth_mode = configData.auth_mode || 'local_unified';
-  writeToml(CONFIG_TOML, configData);
+  const vaultData = readToml(CONFIG_TOML);
+  if (!vaultData.auth_mode) vaultData.auth_mode = 'local_unified';
+  writeToml(CONFIG_TOML, vaultData);
   console.log(` ${green('✓')}`);
-  console.log(`      ${dim('Mode:')} ${dim('single local Vesper key (no external keys required)')}`);
+  console.log(`      ${dim('Mode:')} ${dim(vaultData.auth_mode === 'cloud' ? 'cloud (linked to Vesper account)' : 'single local Vesper key (no external keys required)')}`);
   // ─── Step 4: Install @vespermcp/mcp-server ─────────────────
   console.log(`\n  ${dim('[')}${cyan('4/6')}${dim(']')} Installing Vesper MCP server...`);
@@ -251,19 +448,24 @@ async function main() {
   console.log(`      ${configuredAgents.length > 0 ? green('✓') : yellow('⚠')} MCP agents            ${dim(configuredAgents.length + ' configured')}`);
   // ─── Final Summary ─────────────────────────────────────────
+  const finalConfig = readToml(CONFIG_TOML);
+  const isCloud = finalConfig.auth_mode === 'cloud';
   console.log(`
 ${dim('═════════════════════════════════════════════════')}
   ${green(bold('✓ Vesper is ready!'))}
-  ${bold('Your local API key:')}
-  ${cyan(localKey)}
+  ${bold(isCloud ? 'Your cloud API key:' : 'Your local API key:')}
+  ${cyan(finalConfig.api_key || localKey)}
+  ${bold('Auth mode:')}
+  ${dim(isCloud ? '☁  Cloud (linked to Vesper account)' : '🔑 Local-only (key never leaves your machine)')}
   ${bold('Config file:')}
   ${dim(CONFIG_TOML)}
   ${bold('What just happened:')}
-  ${dim('1.')} Generated a local API key (never leaves your machine)
+  ${dim('1.')} ${isCloud ? 'Linked to your Vesper cloud account' : 'Generated a local API key (never leaves your machine)'}
   ${dim('2.')} Initialized local credentials vault
   ${dim('3.')} Auto-configured MCP for ${configuredAgents.length > 0 ? configuredAgents.join(', ') : 'detected agents'}
   ${dim('4.')} Vesper server ready on stdio transport