npm - wispy-cli - Versions diffs - 2.7.17 → 2.7.18 - Mend

wispy-cli 2.7.17 → 2.7.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/wispy.mjs CHANGED Viewed

@@ -133,6 +133,9 @@ Usage:
   wispy doctor                 Check system health
   wispy browser [tabs|attach|navigate|screenshot|doctor]
                                Browser control via local-browser-bridge
+  wispy auth                   Show auth status for all providers
+  wispy auth <provider>        Re-authenticate a specific provider
+  wispy auth --reset           Clear all saved credentials
   wispy secrets [list|set|delete|get]
                                Manage encrypted secrets & API keys
   wispy tts "<text>"           Text-to-speech (OpenAI or macOS say)
@@ -240,6 +243,191 @@ if (command === "setup") {
   process.exit(0);
 }
+// ── Auth ──────────────────────────────────────────────────────────────────────
+if (command === "auth") {
+  try {
+    const { loadConfig, saveConfig, PROVIDERS, WISPY_DIR } = await import(join(rootDir, "core/config.mjs"));
+    const { AuthManager } = await import(join(rootDir, "core/auth.mjs"));
+    const { readdir, unlink } = await import("node:fs/promises");
+    const { existsSync } = await import("node:fs");
+    const path = await import("node:path");
+    const bold   = (s) => `\x1b[1m${s}\x1b[0m`;
+    const dim    = (s) => `\x1b[2m${s}\x1b[0m`;
+    const green  = (s) => `\x1b[32m${s}\x1b[0m`;
+    const yellow = (s) => `\x1b[33m${s}\x1b[0m`;
+    const red    = (s) => `\x1b[31m${s}\x1b[0m`;
+    const cyan   = (s) => `\x1b[36m${s}\x1b[0m`;
+    const sub = args[1];
+    // ── wispy auth --reset ───────────────────────────────────────────────────
+    if (sub === "--reset") {
+      const { confirm } = await import("@inquirer/prompts");
+      const yes = await confirm({
+        message: "Clear ALL saved credentials (API keys + tokens)?",
+        default: false,
+      });
+      if (yes) {
+        const config = await loadConfig();
+        delete config.providers;
+        delete config.apiKey;
+        delete config.provider;
+        await saveConfig(config);
+        // Remove auth token files
+        const authDir = path.join(WISPY_DIR, "auth");
+        if (existsSync(authDir)) {
+          const files = await readdir(authDir);
+          for (const f of files) {
+            await unlink(path.join(authDir, f)).catch(() => {});
+          }
+        }
+        console.log(green("✓ All credentials cleared."));
+      } else {
+        console.log(dim("Cancelled."));
+      }
+      process.exit(0);
+    }
+    const config = await loadConfig();
+    const authMgr = new AuthManager(WISPY_DIR);
+    // ── wispy auth <provider> ────────────────────────────────────────────────
+    if (sub && !sub.startsWith("-")) {
+      const provKey = sub;
+      const providerInfo = PROVIDERS?.[provKey];
+      if (!providerInfo) {
+        console.error(`Unknown provider: ${provKey}`);
+        console.log(dim("Run `wispy auth` (no args) to see configured providers."));
+        process.exit(1);
+      }
+      console.log(`\n  Re-authenticating ${bold(providerInfo.label ?? provKey)}...\n`);
+      if (provKey === "github-copilot") {
+        const { githubDeviceFlow } = await import(join(rootDir, "core/oauth-flows.mjs"));
+        const result = await githubDeviceFlow();
+        if (result?.access_token) {
+          await authMgr.saveToken("github-copilot", {
+            type: "oauth",
+            accessToken: result.access_token,
+            provider: "github-copilot",
+          });
+          if (!config.providers) config.providers = {};
+          config.providers["github-copilot"] = { model: providerInfo.defaultModel ?? "gpt-4o", auth: "oauth" };
+          await saveConfig(config);
+          console.log(green("  ✅ GitHub Copilot authenticated!"));
+        } else {
+          console.error(red("  ✗ Authentication failed"));
+          process.exit(1);
+        }
+      } else {
+        // Standard API key re-auth
+        const { openUrl } = await import(join(rootDir, "core/onboarding.mjs"));
+        const { select, password } = await import("@inquirer/prompts");
+        if (providerInfo.signupUrl) {
+          try {
+            const choice = await select({
+              message: `How would you like to authenticate with ${providerInfo.label ?? provKey}?`,
+              choices: [
+                { name: `Open ${providerInfo.label ?? provKey} in browser → paste API key`, value: "browser" },
+                { name: "Paste API key directly", value: "paste" },
+                { name: "Cancel", value: "cancel" },
+              ],
+            });
+            if (choice === "cancel") { console.log(dim("Cancelled.")); process.exit(0); }
+            if (choice === "browser") {
+              console.log(`\n  Opening ${providerInfo.label ?? provKey} in your browser...`);
+              await openUrl(providerInfo.signupUrl);
+              console.log(dim(`  → ${providerInfo.signupUrl}`));
+              console.log(dim(`  Copy your API key and paste it below.\n`));
+            }
+          } catch {
+            // non-interactive, fall through
+          }
+        }
+        const key = await password({
+          message: `  🔑 ${providerInfo.label ?? provKey} API key:`,
+          mask: "*",
+        });
+        if (!key?.trim()) { console.log(dim("  No key provided. Exiting.")); process.exit(0); }
+        process.stdout.write("  Validating...");
+        const { validateApiKey } = await import(join(rootDir, "core/onboarding.mjs")).catch(() => ({ validateApiKey: null }));
+        let validated = false;
+        if (validateApiKey) {
+          const result = await validateApiKey(provKey, key.trim());
+          if (result.ok) {
+            console.log(green(" ✅ Connected!"));
+            validated = true;
+          } else {
+            console.log(yellow(` ⚠ ${result.error ?? "Could not validate"} — saving anyway.`));
+          }
+        } else {
+          console.log(dim(" (validation skipped)"));
+        }
+        if (!config.providers) config.providers = {};
+        config.providers[provKey] = {
+          ...(config.providers[provKey] ?? {}),
+          apiKey: key.trim(),
+        };
+        await saveConfig(config);
+        console.log(green(`  ✅ ${providerInfo.label ?? provKey} credentials updated.`));
+      }
+      process.exit(0);
+    }
+    // ── wispy auth (status) ──────────────────────────────────────────────────
+    console.log(`\n  ${bold("Auth Status")}\n`);
+    const configuredProviders = config.providers ? Object.keys(config.providers) : [];
+    if (config.provider && !configuredProviders.includes(config.provider)) {
+      configuredProviders.push(config.provider);
+    }
+    if (configuredProviders.length === 0) {
+      console.log(dim("  No providers configured. Run `wispy setup` to get started.\n"));
+    } else {
+      for (const provKey of configuredProviders) {
+        const provInfo = PROVIDERS?.[provKey];
+        const label = provInfo?.label ?? provKey;
+        const provConfig = config.providers?.[provKey] ?? {};
+        const hasKey = !!(provConfig.apiKey || provKey === "ollama" || provKey === "vllm");
+        const isOAuth = provConfig.auth === "oauth";
+        const token = authMgr.loadToken(provKey);
+        const hasToken = !!token;
+        let status;
+        if (isOAuth || hasToken) {
+          const expired = authMgr.isExpired?.(provKey) ?? false;
+          status = expired ? yellow("⚠ token expired") : green("✅ OAuth/token");
+        } else if (hasKey) {
+          status = green("✅ API key set");
+        } else {
+          status = red("✗ no credentials");
+        }
+        const model = provConfig.model ?? provInfo?.defaultModel ?? "";
+        console.log(`  ${cyan(label.padEnd(30))} ${status}${model ? dim(` (${model})`) : ""}`);
+      }
+      console.log("");
+      console.log(dim("  Run `wispy auth <provider>` to re-authenticate a specific provider."));
+      console.log(dim("  Run `wispy auth --reset` to clear all credentials.\n"));
+    }
+  } catch (err) {
+    console.error("Auth error:", err.message);
+    process.exit(1);
+  }
+  process.exit(0);
+}
 // ── Config ────────────────────────────────────────────────────────────────────
 if (command === "config") {

package/core/oauth-flows.mjs ADDED Viewed

@@ -0,0 +1,102 @@
+/**
+ * core/oauth-flows.mjs — OAuth/device flow handlers for various providers
+ *
+ * Provides:
+ *   - startCallbackServer()  — localhost HTTP server for OAuth redirect flows
+ *   - githubDeviceFlow()     — re-exported from auth.mjs for convenience
+ *   - browserKeyFlow()       — generic "open browser + wait for paste" flow
+ */
+import { createServer } from "node:http";
+// ──────────────────────────────────────────────────────────────────────────────
+// Localhost callback server for OAuth redirect flows
+// ──────────────────────────────────────────────────────────────────────────────
+/**
+ * Starts a temporary HTTP server on localhost that waits for an OAuth redirect.
+ * Resolves with { code, token, params } when the browser hits the callback URL.
+ * Rejects after 120 seconds if no callback is received.
+ *
+ * @param {number} [port=9876] - Port to listen on
+ * @returns {Promise<{ code: string|null, token: string|null, params: Record<string,string> }>}
+ */
+export async function startCallbackServer(port = 9876) {
+  return new Promise((resolve, reject) => {
+    let resolved = false;
+    const server = createServer((req, res) => {
+      const url = new URL(req.url, `http://127.0.0.1:${port}`);
+      const code = url.searchParams.get("code");
+      const token =
+        url.searchParams.get("token") || url.searchParams.get("key");
+      res.writeHead(200, { "Content-Type": "text/html" });
+      res.end(`
+        <html><body style="font-family:system-ui;text-align:center;padding:60px">
+          <h2>✓ Wispy connected!</h2>
+          <p>You can close this tab and return to your terminal.</p>
+          <script>window.close()</script>
+        </body></html>
+      `);
+      if (!resolved) {
+        resolved = true;
+        server.close();
+        resolve({ code, token, params: Object.fromEntries(url.searchParams) });
+      }
+    });
+    server.listen(port, "127.0.0.1");
+    // Timeout after 120 seconds
+    setTimeout(() => {
+      if (!resolved) {
+        resolved = true;
+        server.close();
+        reject(new Error("Authentication timed out (120s)"));
+      }
+    }, 120_000);
+  });
+}
+// ──────────────────────────────────────────────────────────────────────────────
+// GitHub OAuth device flow (re-export from auth.mjs)
+// ──────────────────────────────────────────────────────────────────────────────
+export { githubDeviceFlow } from "./auth.mjs";
+// ──────────────────────────────────────────────────────────────────────────────
+// Generic "open browser, wait for paste" flow with optional validation
+// ──────────────────────────────────────────────────────────────────────────────
+/**
+ * Opens the provider's signup URL in the browser, then prompts the user to
+ * paste their API key. Optionally validates the key via validateFn.
+ *
+ * @param {{ label: string, signupUrl?: string }} providerInfo
+ * @param {((key: string) => Promise<{ ok: boolean, error?: string, model?: string }>)|null} [validateFn]
+ * @returns {Promise<{ valid: boolean, key?: string, error?: string }>}
+ */
+export async function browserKeyFlow(providerInfo, validateFn = null) {
+  const { openUrl } = await import("./onboarding.mjs");
+  if (providerInfo.signupUrl) {
+    await openUrl(providerInfo.signupUrl);
+  }
+  const { password } = await import("@inquirer/prompts");
+  const key = await password({
+    message: `  Paste your ${providerInfo.label} API key:`,
+    mask: "*",
+  });
+  if (!key?.trim()) return { valid: false, error: "No key provided" };
+  if (validateFn) {
+    const result = await validateFn(key.trim());
+    return { ...result, key: key.trim() };
+  }
+  return { valid: true, key: key.trim() };
+}

package/core/onboarding.mjs CHANGED Viewed

@@ -50,6 +50,24 @@ const cyan   = (s) => `\x1b[36m${s}\x1b[0m`;
 const yellow = (s) => `\x1b[33m${s}\x1b[0m`;
 const red    = (s) => `\x1b[31m${s}\x1b[0m`;
+// ──────────────────────────────────────────────────────────────────────────────
+// openUrl — cross-platform browser opener
+// ──────────────────────────────────────────────────────────────────────────────
+export async function openUrl(url) {
+  const { exec } = await import("node:child_process");
+  const { promisify } = await import("node:util");
+  const run = promisify(exec);
+  try {
+    if (process.platform === "darwin") await run(`open "${url}"`);
+    else if (process.platform === "linux") await run(`xdg-open "${url}"`);
+    else if (process.platform === "win32") await run(`start "${url}"`);
+    return true;
+  } catch {
+    return false;
+  }
+}
 // ──────────────────────────────────────────────────────────────────────────────
 // Provider registry (display order for wizard)
 // ──────────────────────────────────────────────────────────────────────────────
@@ -115,7 +133,7 @@ const SECURITY_LEVELS = {
 // API key validation
 // ──────────────────────────────────────────────────────────────────────────────
-async function validateApiKey(provider, key) {
+export async function validateApiKey(provider, key) {
   if (provider === "ollama") return { ok: true, model: "llama3.2" };
   try {
     if (provider === "google") {
@@ -540,8 +558,35 @@ export class OnboardingWizard {
       // ── Standard API key flow ────────────────────────────────────────────
       console.log("");
+      // Ask user how they want to authenticate
+      let skipProvider = false;
       if (info?.signupUrl) {
-        console.log(dim(`  Get a key at: ${info.signupUrl}`));
+        try {
+          const authChoice = await select({
+            message: `How would you like to authenticate with ${info?.label ?? provKey}?`,
+            choices: [
+              { name: `Open ${info?.label ?? provKey} in browser → paste API key`, value: "browser" },
+              { name: "Paste API key directly (I already have one)", value: "paste" },
+              { name: "Skip this provider", value: "skip" },
+            ],
+          });
+          if (authChoice === "browser") {
+            console.log(`\n  Opening ${info.label} in your browser...`);
+            await openUrl(info.signupUrl);
+            console.log(dim(`  → ${info.signupUrl}`));
+            console.log(dim(`  Copy your API key and paste it below.\n`));
+          } else if (authChoice === "skip") {
+            skipProvider = true;
+          }
+        } catch {
+          // if select fails (non-interactive), fall through to direct paste
+        }
+      }
+      if (skipProvider) {
+        console.log(dim(`  Skipping ${provKey}.`));
+        continue;
       }
       let validated = false;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "wispy-cli",
-  "version": "2.7.17",
+  "version": "2.7.18",
   "description": "🌿 Wispy — AI workspace assistant with trustworthy execution (harness, receipts, approvals, diffs)",
   "license": "MIT",
   "author": "Minseo & Poropo",