zencommit 0.1.0

package/scripts/platform.mjs

@@ -0,0 +1,34 @@
+import path from 'node:path';
+
+export function getPlatformId() {
+  const { platform, arch } = process;
+  if (platform === 'linux' && arch === 'x64') {
+    return 'linux-x64';
+  }
+  if (platform === 'darwin' && arch === 'x64') {
+    return 'darwin-x64';
+  }
+  if (platform === 'darwin' && arch === 'arm64') {
+    return 'darwin-arm64';
+  }
+  if (platform === 'win32' && arch === 'x64') {
+    return 'win32-x64';
+  }
+  throw new Error(`Unsupported platform: ${platform} ${arch}`);
+}
+
+export function getBinaryName() {
+  return process.platform === 'win32' ? 'zencommit.exe' : 'zencommit';
+}
+
+export function getAssetName(version) {
+  const platformId = getPlatformId();
+  const ext = process.platform === 'win32' ? '.exe' : '';
+  return `zencommit-${version}-${platformId}${ext}`;
+}
+
+export function getInstallPath(pkgRoot) {
+  const platformId = getPlatformId();
+  const binaryName = getBinaryName();
+  return path.join(pkgRoot, 'bin', platformId, binaryName);
+}

package/src/auth/secrets.ts

@@ -0,0 +1,234 @@
+export interface ProviderAuthConfig {
+  id: string;
+  name: string;
+  envKeys: string[];
+  required: boolean;
+  primaryEnvKey?: string;
+  providerIds?: string[];
+}
+
+const PROVIDER_AUTH_CONFIGS: ProviderAuthConfig[] = [
+  {
+    id: 'openai',
+    name: 'OpenAI',
+    envKeys: ['OPENAI_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'anthropic',
+    name: 'Anthropic',
+    envKeys: ['ANTHROPIC_API_KEY'],
+    required: true,
+    primaryEnvKey: 'ANTHROPIC_API_KEY',
+  },
+  {
+    id: 'google',
+    name: 'Google Generative AI',
+    envKeys: ['GOOGLE_GENERATIVE_AI_API_KEY', 'GEMINI_API_KEY'],
+    required: true,
+    primaryEnvKey: 'GOOGLE_GENERATIVE_AI_API_KEY',
+    providerIds: ['google-generative-ai', 'gemini'],
+  },
+  {
+    id: 'vertex',
+    name: 'Google Vertex AI',
+    envKeys: ['GOOGLE_VERTEX_API_KEY'],
+    required: false,
+    providerIds: ['google-vertex', 'google-vertex-ai'],
+  },
+  {
+    id: 'vertex-anthropic',
+    name: 'Google Vertex Anthropic',
+    envKeys: ['GOOGLE_VERTEX_API_KEY'],
+    required: false,
+    providerIds: ['google-vertex-anthropic'],
+  },
+  {
+    id: 'xai',
+    name: 'xAI Grok',
+    envKeys: ['XAI_API_KEY'],
+    required: true,
+    providerIds: ['xai-grok', 'grok'],
+  },
+  {
+    id: 'vercel',
+    name: 'Vercel',
+    envKeys: ['VERCEL_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'gateway',
+    name: 'Vercel AI Gateway',
+    envKeys: ['AI_GATEWAY_API_KEY'],
+    required: true,
+    providerIds: ['ai-gateway', 'vercel-ai-gateway'],
+  },
+  {
+    id: 'azure',
+    name: 'Azure OpenAI',
+    envKeys: ['AZURE_API_KEY'],
+    required: true,
+    providerIds: ['azure-openai'],
+  },
+  {
+    id: 'bedrock',
+    name: 'Amazon Bedrock',
+    envKeys: [
+      'AWS_ACCESS_KEY_ID',
+      'AWS_SECRET_ACCESS_KEY',
+      'AWS_SESSION_TOKEN',
+      'AWS_BEARER_TOKEN_BEDROCK',
+    ],
+    required: true,
+    providerIds: ['amazon-bedrock', 'aws-bedrock'],
+  },
+  {
+    id: 'groq',
+    name: 'Groq',
+    envKeys: ['GROQ_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'deepinfra',
+    name: 'DeepInfra',
+    envKeys: ['DEEPINFRA_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'mistral',
+    name: 'Mistral',
+    envKeys: ['MISTRAL_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'togetherai',
+    name: 'Together.ai',
+    envKeys: ['TOGETHER_AI_API_KEY'],
+    required: true,
+    providerIds: ['together.ai'],
+  },
+  {
+    id: 'cohere',
+    name: 'Cohere',
+    envKeys: ['COHERE_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'cerebras',
+    name: 'Cerebras',
+    envKeys: ['CEREBRAS_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'perplexity',
+    name: 'Perplexity',
+    envKeys: ['PERPLEXITY_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'openrouter',
+    name: 'OpenRouter',
+    envKeys: ['OPENROUTER_API_KEY'],
+    required: true,
+    providerIds: ['open-router'],
+  },
+  {
+    id: 'openai-compatible',
+    name: 'OpenAI Compatible',
+    envKeys: ['OPENAI_COMPATIBLE_API_KEY'],
+    required: true,
+  },
+  {
+    id: 'gitlab',
+    name: 'GitLab',
+    envKeys: ['GITLAB_TOKEN'],
+    required: true,
+    providerIds: ['gitlab-ai', 'gitlab-duo'],
+  },
+];
+
+const ENV_KEY_ALIASES: Record<string, string[]> = {
+  GOOGLE_GENERATIVE_AI_API_KEY: ['GEMINI_API_KEY'],
+};
+
+const SECRET_SERVICE = 'zencommit';
+
+export const getSecretLabel = (envKey: string): string => `${SECRET_SERVICE}:${envKey}`;
+
+const toSecretOptions = (envKey: string): { service: string; name: string } => ({
+  service: SECRET_SERVICE,
+  name: envKey,
+});
+
+export const setSecret = async (envKey: string, value: string): Promise<void> => {
+  await Bun.secrets.set(toSecretOptions(envKey), value);
+};
+
+export const getSecret = async (envKey: string): Promise<string | null> => {
+  const value = await Bun.secrets.get(toSecretOptions(envKey));
+  if (!value) {
+    return null;
+  }
+  return value;
+};
+
+export const deleteSecret = async (envKey: string): Promise<void> => {
+  await Bun.secrets.delete(toSecretOptions(envKey));
+};
+
+const PROVIDER_AUTH_INDEX: Map<string, ProviderAuthConfig> = new Map(
+  PROVIDER_AUTH_CONFIGS.flatMap((config) => {
+    const aliases = config.providerIds ?? [];
+    return [config.id, ...aliases].map((id) => [id.toLowerCase(), config]);
+  }),
+);
+
+export const getProviderAuthConfigs = (): ProviderAuthConfig[] => [...PROVIDER_AUTH_CONFIGS];
+
+export const resolveProviderAuth = (modelId: string): ProviderAuthConfig | null => {
+  const provider = modelId.split('/')[0];
+  if (!provider) {
+    return null;
+  }
+  return PROVIDER_AUTH_INDEX.get(provider.toLowerCase()) ?? null;
+};
+
+export const getKnownEnvKeys = (): string[] => {
+  const keys = new Set<string>();
+  for (const config of PROVIDER_AUTH_CONFIGS) {
+    for (const envKey of config.envKeys) {
+      keys.add(envKey);
+    }
+  }
+  return Array.from(keys).sort();
+};
+
+export const resolveRuntimeSecrets = async (envKeys: string[]): Promise<Record<string, string>> => {
+  const resolved: Record<string, string> = {};
+  for (const envKey of envKeys) {
+    const secret = await getSecret(envKey);
+    if (secret) {
+      resolved[envKey] = secret;
+      continue;
+    }
+    const envValue = process.env[envKey];
+    if (envValue) {
+      resolved[envKey] = envValue;
+      continue;
+    }
+    const aliases = ENV_KEY_ALIASES[envKey] ?? [];
+    for (const alias of aliases) {
+      const aliasSecret = await getSecret(alias);
+      if (aliasSecret) {
+        resolved[envKey] = aliasSecret;
+        break;
+      }
+      const aliasValue = process.env[alias];
+      if (aliasValue) {
+        resolved[envKey] = aliasValue;
+        break;
+      }
+    }
+  }
+  return resolved;
+};

package/src/commands/auth.ts

@@ -0,0 +1,138 @@
+import { generateText } from 'ai';
+import { ConfigLoadError, resolveConfig } from '../config/load.js';
+import { getRepoRoot } from '../git/repo.js';
+import {
+  deleteSecret,
+  getKnownEnvKeys,
+  getSecret,
+  resolveProviderAuth,
+  setSecret,
+} from '../auth/secrets.js';
+import { promptForSecret, selectProviderKey } from '../ui/prompts.js';
+import { redactValue } from '../util/redact.js';
+import { logVerbose } from '../util/logger.js';
+import { resolveLanguageModel } from '../llm/providers.js';
+
+interface AuthArgs {
+  envKey?: string;
+  token?: string;
+}
+
+const validateEnvKey = (envKey: string): void => {
+  const supported = new Set(getKnownEnvKeys());
+  if (!supported.has(envKey)) {
+    throw new Error(`Unsupported env key: ${envKey}`);
+  }
+};
+
+const resolveModel = (modelId: string, openaiCompatible?: { baseUrl?: string; name?: string }) => {
+  try {
+    return resolveLanguageModel(modelId, { openaiCompatible });
+  } catch {
+    return null;
+  }
+};
+
+const verifyCredentials = async (
+  modelId: string,
+  timeoutMs = 5000,
+  openaiCompatible?: { baseUrl?: string; name?: string },
+): Promise<boolean> => {
+  const model = resolveModel(modelId, openaiCompatible);
+  if (!model) {
+    logVerbose(1, `auth verify: skipping unsupported model ${modelId}`);
+    return true;
+  }
+  try {
+    await Promise.race([
+      generateText({
+        model,
+        messages: [
+          { role: 'system', content: 'Reply with OK.' },
+          { role: 'user', content: 'OK' },
+        ],
+        maxTokens: 4,
+        temperature: 0,
+      }),
+      new Promise((_, reject) => setTimeout(() => reject(new Error('timeout')), timeoutMs)),
+    ]);
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+export const runAuthLogin = async (args: AuthArgs): Promise<void> => {
+  const envKey = args.envKey ?? (await selectProviderKey());
+  if (!envKey) {
+    process.exit(0);
+  }
+  logVerbose(1, `auth login: env key ${envKey}`);
+  try {
+    validateEnvKey(envKey);
+  } catch (error) {
+    console.error((error as Error).message);
+    process.exit(2);
+  }
+
+  const token = args.token ?? (await promptForSecret(envKey));
+  if (!token) {
+    process.exit(0);
+  }
+  logVerbose(2, `auth login: storing secret for ${envKey}`);
+
+  await setSecret(envKey, token);
+  process.env[envKey] = token;
+
+  try {
+    const repoRoot = await getRepoRoot();
+    const config = await resolveConfig(repoRoot);
+    const auth = resolveProviderAuth(config.ai.model);
+    if (auth && auth.envKeys.includes(envKey)) {
+      logVerbose(2, `auth login: verifying model ${config.ai.model}`);
+      const ok = await verifyCredentials(config.ai.model, 5000, config.ai.openaiCompatible);
+      if (!ok) {
+        console.warn('Stored secret but verification failed. Check your key and network.');
+      }
+    }
+  } catch (error) {
+    if (error instanceof ConfigLoadError) {
+      console.warn(`Config load failed; skipping verification: ${error.message}`);
+    } else {
+      console.warn('Verification skipped due to unexpected error.');
+    }
+  }
+
+  console.log(`Stored ${envKey} in Bun secrets.`);
+};
+
+export const runAuthLogout = async (args: AuthArgs): Promise<void> => {
+  const envKey = args.envKey ?? (await selectProviderKey());
+  if (!envKey) {
+    process.exit(0);
+  }
+  logVerbose(1, `auth logout: env key ${envKey}`);
+  try {
+    validateEnvKey(envKey);
+  } catch (error) {
+    console.error((error as Error).message);
+    process.exit(2);
+  }
+  await deleteSecret(envKey);
+  console.log(`Removed ${envKey} from Bun secrets.`);
+};
+
+export const runAuthStatus = async (): Promise<void> => {
+  const keys = getKnownEnvKeys();
+  logVerbose(1, `auth status: checking ${keys.length} keys`);
+  for (const envKey of keys) {
+    const secret = await getSecret(envKey);
+    if (secret) {
+      console.log(`${envKey}: stored (${redactValue(secret)})`);
+    } else if (process.env[envKey]) {
+      console.log(`${envKey}: set in environment`);
+    } else {
+      console.log(`${envKey}: missing`);
+    }
+  }
+};

package/src/commands/config.ts

@@ -0,0 +1,83 @@
+import { defaultConfig } from '../config/types.js';
+import { ConfigLoadError, resolveConfig, resolveConfigWithSources } from '../config/load.js';
+import { validateConfig } from '../config/validate.js';
+import { getRepoRoot } from '../git/repo.js';
+import { fileExists, writeJsonFile } from '../util/fs.js';
+import { redactObject } from '../util/redact.js';
+import { logVerbose } from '../util/logger.js';
+import path from 'node:path';
+
+export const runConfigPrint = async (): Promise<void> => {
+  try {
+    const repoRoot = await getRepoRoot();
+    logVerbose(1, `config print: repo root ${repoRoot ?? 'unknown'}`);
+    const { config, sourceMap } = await resolveConfigWithSources(repoRoot);
+    const redacted = redactObject(config);
+    console.log(JSON.stringify(redacted, null, 2));
+    console.log('\nSources:');
+    for (const [key, source] of Object.entries(sourceMap)) {
+      console.log(`${key}: ${source}`);
+    }
+  } catch (error) {
+    if (error instanceof ConfigLoadError) {
+      console.error(error.message);
+      process.exit(2);
+    }
+    throw error;
+  }
+};
+
+export const runConfigInit = async (): Promise<void> => {
+  const repoRoot = await getRepoRoot();
+  if (!repoRoot) {
+    console.error('Not inside a git repository.');
+    process.exit(3);
+  }
+  logVerbose(1, `config init: repo root ${repoRoot}`);
+  const configPath = path.join(repoRoot, 'zencommit.json');
+  if (await fileExists(configPath)) {
+    console.error('zencommit.json already exists.');
+    process.exit(2);
+  }
+  await writeJsonFile(configPath, defaultConfig);
+  console.log(`Wrote ${configPath}`);
+};
+
+export const runConfigValidate = async (): Promise<void> => {
+  try {
+    const repoRoot = await getRepoRoot();
+    logVerbose(1, `config validate: repo root ${repoRoot ?? 'unknown'}`);
+    const config = await resolveConfig(repoRoot);
+    const result = validateConfig(config);
+    if (result.valid) {
+      console.log('Config is valid.');
+      return;
+    }
+    console.error('Config validation failed:');
+    for (const error of result.errors) {
+      console.error(`- ${error.path}: ${error.message}`);
+    }
+    process.exit(2);
+  } catch (error) {
+    if (error instanceof ConfigLoadError) {
+      console.error(error.message);
+      process.exit(2);
+    }
+    throw error;
+  }
+};
+
+export const runConfigShowResolved = async (): Promise<void> => {
+  try {
+    const repoRoot = await getRepoRoot();
+    const config = await resolveConfig(repoRoot);
+    const redacted = redactObject(config);
+    console.log(JSON.stringify(redacted, null, 2));
+  } catch (error) {
+    if (error instanceof ConfigLoadError) {
+      console.error(error.message);
+      process.exit(2);
+    }
+    throw error;
+  }
+};