basic-memory 0.7.0__py3-none-any.whl → 0.16.1__py3-none-any.whl

basic_memory/cli/auth.py

@@ -0,0 +1,277 @@
+"""WorkOS OAuth Device Authorization for CLI."""
+
+import base64
+import hashlib
+import json
+import os
+import secrets
+import time
+import webbrowser
+
+import httpx
+from rich.console import Console
+
+from basic_memory.config import ConfigManager
+
+console = Console()
+
+
+class CLIAuth:
+    """Handles WorkOS OAuth Device Authorization for CLI tools."""
+
+    def __init__(self, client_id: str, authkit_domain: str):
+        self.client_id = client_id
+        self.authkit_domain = authkit_domain
+        app_config = ConfigManager().config
+        # Store tokens in data dir
+        self.token_file = app_config.data_dir_path / "basic-memory-cloud.json"
+        # PKCE parameters
+        self.code_verifier = None
+        self.code_challenge = None
+
+    def generate_pkce_pair(self) -> tuple[str, str]:
+        """Generate PKCE code verifier and challenge."""
+        # Generate code verifier (43-128 characters)
+        code_verifier = base64.urlsafe_b64encode(secrets.token_bytes(32)).decode("utf-8")
+        code_verifier = code_verifier.rstrip("=")
+
+        # Generate code challenge (SHA256 hash of verifier)
+        challenge_bytes = hashlib.sha256(code_verifier.encode("utf-8")).digest()
+        code_challenge = base64.urlsafe_b64encode(challenge_bytes).decode("utf-8")
+        code_challenge = code_challenge.rstrip("=")
+
+        return code_verifier, code_challenge
+
+    async def request_device_authorization(self) -> dict | None:
+        """Request device authorization from WorkOS with PKCE."""
+        device_auth_url = f"{self.authkit_domain}/oauth2/device_authorization"
+
+        # Generate PKCE pair
+        self.code_verifier, self.code_challenge = self.generate_pkce_pair()
+
+        data = {
+            "client_id": self.client_id,
+            "scope": "openid profile email offline_access",
+            "code_challenge": self.code_challenge,
+            "code_challenge_method": "S256",
+        }
+
+        try:
+            async with httpx.AsyncClient() as client:
+                response = await client.post(device_auth_url, data=data)
+
+                if response.status_code == 200:
+                    return response.json()
+                else:
+                    console.print(
+                        f"[red]Device authorization failed: {response.status_code} - {response.text}[/red]"
+                    )
+                    return None
+        except Exception as e:
+            console.print(f"[red]Device authorization error: {e}[/red]")
+            return None
+
+    def display_user_instructions(self, device_response: dict) -> None:
+        """Display user instructions for device authorization."""
+        user_code = device_response["user_code"]
+        verification_uri = device_response["verification_uri"]
+        verification_uri_complete = device_response.get("verification_uri_complete")
+
+        console.print("\n[bold blue]Authentication Required[/bold blue]")
+        console.print("\nTo authenticate, please visit:")
+        console.print(f"[bold cyan]{verification_uri}[/bold cyan]")
+        console.print(f"\nAnd enter this code: [bold yellow]{user_code}[/bold yellow]")
+
+        if verification_uri_complete:
+            console.print("\nOr for one-click access, visit:")
+            console.print(f"[bold green]{verification_uri_complete}[/bold green]")
+
+            # Try to open browser automatically
+            try:
+                console.print("\n[dim]Opening browser automatically...[/dim]")
+                webbrowser.open(verification_uri_complete)
+            except Exception:
+                pass  # Silently fail if browser can't be opened
+
+        console.print("\n[dim]Waiting for you to complete authentication in your browser...[/dim]")
+
+    async def poll_for_token(self, device_code: str, interval: int = 5) -> dict | None:
+        """Poll the token endpoint until user completes authentication."""
+        token_url = f"{self.authkit_domain}/oauth2/token"
+
+        data = {
+            "client_id": self.client_id,
+            "device_code": device_code,
+            "grant_type": "urn:ietf:params:oauth:grant-type:device_code",
+            "code_verifier": self.code_verifier,
+        }
+
+        max_attempts = 60  # 5 minutes with 5-second intervals
+        current_interval = interval
+
+        for _attempt in range(max_attempts):
+            try:
+                async with httpx.AsyncClient() as client:
+                    response = await client.post(token_url, data=data)
+
+                    if response.status_code == 200:
+                        return response.json()
+
+                    # Parse error response
+                    try:
+                        error_data = response.json()
+                        error = error_data.get("error")
+                    except Exception:
+                        error = "unknown_error"
+
+                    if error == "authorization_pending":
+                        # User hasn't completed auth yet, keep polling
+                        pass
+                    elif error == "slow_down":
+                        # Increase polling interval
+                        current_interval += 5
+                        console.print("[yellow]Slowing down polling rate...[/yellow]")
+                    elif error == "access_denied":
+                        console.print("[red]Authentication was denied by user[/red]")
+                        return None
+                    elif error == "expired_token":
+                        console.print("[red]Device code has expired. Please try again.[/red]")
+                        return None
+                    else:
+                        console.print(f"[red]Token polling error: {error}[/red]")
+                        return None
+
+            except Exception as e:
+                console.print(f"[red]Token polling request error: {e}[/red]")
+
+            # Wait before next poll
+            await self._async_sleep(current_interval)
+
+        console.print("[red]Authentication timeout. Please try again.[/red]")
+        return None
+
+    async def _async_sleep(self, seconds: int) -> None:
+        """Async sleep utility."""
+        import asyncio
+
+        await asyncio.sleep(seconds)
+
+    def save_tokens(self, tokens: dict) -> None:
+        """Save tokens to project root as .bm-auth.json."""
+        token_data = {
+            "access_token": tokens["access_token"],
+            "refresh_token": tokens.get("refresh_token"),
+            "expires_at": int(time.time()) + tokens.get("expires_in", 3600),
+            "token_type": tokens.get("token_type", "Bearer"),
+        }
+
+        with open(self.token_file, "w") as f:
+            json.dump(token_data, f, indent=2)
+
+        # Secure the token file
+        os.chmod(self.token_file, 0o600)
+
+        console.print(f"[green]Tokens saved to {self.token_file}[/green]")
+
+    def load_tokens(self) -> dict | None:
+        """Load tokens from .bm-auth.json file."""
+        if not self.token_file.exists():
+            return None
+
+        try:
+            with open(self.token_file) as f:
+                return json.load(f)
+        except (OSError, json.JSONDecodeError):
+            return None
+
+    def is_token_valid(self, tokens: dict) -> bool:
+        """Check if stored token is still valid."""
+        expires_at = tokens.get("expires_at", 0)
+        # Add 60 second buffer for clock skew
+        return time.time() < (expires_at - 60)
+
+    async def refresh_token(self, refresh_token: str) -> dict | None:
+        """Refresh access token using refresh token."""
+        token_url = f"{self.authkit_domain}/oauth2/token"
+
+        data = {
+            "client_id": self.client_id,
+            "grant_type": "refresh_token",
+            "refresh_token": refresh_token,
+        }
+
+        try:
+            async with httpx.AsyncClient() as client:
+                response = await client.post(token_url, data=data)
+
+                if response.status_code == 200:
+                    return response.json()
+                else:
+                    console.print(
+                        f"[red]Token refresh failed: {response.status_code} - {response.text}[/red]"
+                    )
+                    return None
+        except Exception as e:
+            console.print(f"[red]Token refresh error: {e}[/red]")
+            return None
+
+    async def get_valid_token(self) -> str | None:
+        """Get valid access token, refresh if needed."""
+        tokens = self.load_tokens()
+        if not tokens:
+            return None
+
+        if self.is_token_valid(tokens):
+            return tokens["access_token"]
+
+        # Token expired - try to refresh if we have a refresh token
+        refresh_token = tokens.get("refresh_token")
+        if refresh_token:
+            console.print("[yellow]Access token expired, refreshing...[/yellow]")
+
+            new_tokens = await self.refresh_token(refresh_token)
+            if new_tokens:
+                # Save new tokens (may include rotated refresh token)
+                self.save_tokens(new_tokens)
+                console.print("[green]Token refreshed successfully[/green]")
+                return new_tokens["access_token"]
+            else:
+                console.print("[yellow]Token refresh failed. Please run 'login' again.[/yellow]")
+                return None
+        else:
+            console.print("[yellow]No refresh token available. Please run 'login' again.[/yellow]")
+            return None
+
+    async def login(self) -> bool:
+        """Perform OAuth Device Authorization login flow."""
+        console.print("[blue]Initiating authentication...[/blue]")
+
+        # Step 1: Request device authorization
+        device_response = await self.request_device_authorization()
+        if not device_response:
+            return False
+
+        # Step 2: Display user instructions
+        self.display_user_instructions(device_response)
+
+        # Step 3: Poll for token
+        device_code = device_response["device_code"]
+        interval = device_response.get("interval", 5)
+
+        tokens = await self.poll_for_token(device_code, interval)
+        if not tokens:
+            return False
+
+        # Step 4: Save tokens
+        self.save_tokens(tokens)
+
+        console.print("\n[green]Successfully authenticated with Basic Memory Cloud![/green]")
+        return True
+
+    def logout(self) -> None:
+        """Remove stored authentication tokens."""
+        if self.token_file.exists():
+            self.token_file.unlink()
+            console.print("[green]Logged out successfully[/green]")
+        else:
+            console.print("[yellow]No stored authentication found[/yellow]")

basic_memory/cli/commands/__init__.py

@@ -1,5 +1,16 @@
 """CLI commands for basic-memory."""
 
-from . import status, sync, db, import_memory_json, mcp
+from . import status, db, import_memory_json, mcp, import_claude_conversations
+from . import import_claude_projects, import_chatgpt, tool, project
 
-__all__ = ["status", "sync", "db", "import_memory_json", "mcp"]
+__all__ = [
+    "status",
+    "db",
+    "import_memory_json",
+    "mcp",
+    "import_claude_conversations",
+    "import_claude_projects",
+    "import_chatgpt",
+    "tool",
+    "project",
+]

basic_memory/cli/commands/cloud/__init__.py

@@ -0,0 +1,6 @@
+"""Cloud commands package."""
+
+# Import all commands to register them with typer
+from basic_memory.cli.commands.cloud.core_commands import *  # noqa: F401,F403
+from basic_memory.cli.commands.cloud.api_client import get_authenticated_headers, get_cloud_config  # noqa: F401
+from basic_memory.cli.commands.cloud.upload_command import *  # noqa: F401,F403

basic_memory/cli/commands/cloud/api_client.py

@@ -0,0 +1,112 @@
+"""Cloud API client utilities."""
+
+from typing import Optional
+
+import httpx
+import typer
+from rich.console import Console
+
+from basic_memory.cli.auth import CLIAuth
+from basic_memory.config import ConfigManager
+
+console = Console()
+
+
+class CloudAPIError(Exception):
+    """Exception raised for cloud API errors."""
+
+    def __init__(
+        self, message: str, status_code: Optional[int] = None, detail: Optional[dict] = None
+    ):
+        super().__init__(message)
+        self.status_code = status_code
+        self.detail = detail or {}
+
+
+class SubscriptionRequiredError(CloudAPIError):
+    """Exception raised when user needs an active subscription."""
+
+    def __init__(self, message: str, subscribe_url: str):
+        super().__init__(message, status_code=403, detail={"error": "subscription_required"})
+        self.subscribe_url = subscribe_url
+
+
+def get_cloud_config() -> tuple[str, str, str]:
+    """Get cloud OAuth configuration from config."""
+    config_manager = ConfigManager()
+    config = config_manager.config
+    return config.cloud_client_id, config.cloud_domain, config.cloud_host
+
+
+async def get_authenticated_headers() -> dict[str, str]:
+    """
+    Get authentication headers with JWT token.
+    handles jwt refresh if needed.
+    """
+    client_id, domain, _ = get_cloud_config()
+    auth = CLIAuth(client_id=client_id, authkit_domain=domain)
+    token = await auth.get_valid_token()
+    if not token:
+        console.print("[red]Not authenticated. Please run 'basic-memory cloud login' first.[/red]")
+        raise typer.Exit(1)
+
+    return {"Authorization": f"Bearer {token}"}
+
+
+async def make_api_request(
+    method: str,
+    url: str,
+    headers: Optional[dict] = None,
+    json_data: Optional[dict] = None,
+    timeout: float = 30.0,
+) -> httpx.Response:
+    """Make an API request to the cloud service."""
+    headers = headers or {}
+    auth_headers = await get_authenticated_headers()
+    headers.update(auth_headers)
+    # Add debug headers to help with compression issues
+    headers.setdefault("Accept-Encoding", "identity")  # Disable compression for debugging
+
+    async with httpx.AsyncClient(timeout=timeout) as client:
+        try:
+            response = await client.request(method=method, url=url, headers=headers, json=json_data)
+            response.raise_for_status()
+            return response
+        except httpx.HTTPError as e:
+            # Check if this is a response error with response details
+            if hasattr(e, "response") and e.response is not None:  # pyright: ignore [reportAttributeAccessIssue]
+                response = e.response  # type: ignore
+
+                # Try to parse error detail from response
+                error_detail = None
+                try:
+                    error_detail = response.json()
+                except Exception:
+                    # If JSON parsing fails, we'll handle it as a generic error
+                    pass
+
+                # Check for subscription_required error (403)
+                if response.status_code == 403 and isinstance(error_detail, dict):
+                    # Handle both FastAPI HTTPException format (nested under "detail")
+                    # and direct format
+                    detail_obj = error_detail.get("detail", error_detail)
+                    if (
+                        isinstance(detail_obj, dict)
+                        and detail_obj.get("error") == "subscription_required"
+                    ):
+                        message = detail_obj.get("message", "Active subscription required")
+                        subscribe_url = detail_obj.get(
+                            "subscribe_url", "https://basicmemory.com/subscribe"
+                        )
+                        raise SubscriptionRequiredError(
+                            message=message, subscribe_url=subscribe_url
+                        ) from e
+
+                # Raise generic CloudAPIError with status code and detail
+                raise CloudAPIError(
+                    f"API request failed: {e}",
+                    status_code=response.status_code,
+                    detail=error_detail if isinstance(error_detail, dict) else {},
+                ) from e
+
+            raise CloudAPIError(f"API request failed: {e}") from e

basic_memory/cli/commands/cloud/bisync_commands.py

@@ -0,0 +1,110 @@
+"""Cloud bisync utility functions for Basic Memory CLI."""
+
+from pathlib import Path
+
+from basic_memory.cli.commands.cloud.api_client import make_api_request
+from basic_memory.config import ConfigManager
+from basic_memory.ignore_utils import create_default_bmignore, get_bmignore_path
+from basic_memory.schemas.cloud import MountCredentials, TenantMountInfo
+
+
+class BisyncError(Exception):
+    """Exception raised for bisync-related errors."""
+
+    pass
+
+
+async def get_mount_info() -> TenantMountInfo:
+    """Get current tenant information from cloud API."""
+    try:
+        config_manager = ConfigManager()
+        config = config_manager.config
+        host_url = config.cloud_host.rstrip("/")
+
+        response = await make_api_request(method="GET", url=f"{host_url}/tenant/mount/info")
+
+        return TenantMountInfo.model_validate(response.json())
+    except Exception as e:
+        raise BisyncError(f"Failed to get tenant info: {e}") from e
+
+
+async def generate_mount_credentials(tenant_id: str) -> MountCredentials:
+    """Generate scoped credentials for syncing."""
+    try:
+        config_manager = ConfigManager()
+        config = config_manager.config
+        host_url = config.cloud_host.rstrip("/")
+
+        response = await make_api_request(method="POST", url=f"{host_url}/tenant/mount/credentials")
+
+        return MountCredentials.model_validate(response.json())
+    except Exception as e:
+        raise BisyncError(f"Failed to generate credentials: {e}") from e
+
+
+def convert_bmignore_to_rclone_filters() -> Path:
+    """Convert .bmignore patterns to rclone filter format.
+
+    Reads ~/.basic-memory/.bmignore (gitignore-style) and converts to
+    ~/.basic-memory/.bmignore.rclone (rclone filter format).
+
+    Only regenerates if .bmignore has been modified since last conversion.
+
+    Returns:
+        Path to converted rclone filter file
+    """
+    # Ensure .bmignore exists
+    create_default_bmignore()
+
+    bmignore_path = get_bmignore_path()
+    # Create rclone filter path: ~/.basic-memory/.bmignore -> ~/.basic-memory/.bmignore.rclone
+    rclone_filter_path = bmignore_path.parent / f"{bmignore_path.name}.rclone"
+
+    # Skip regeneration if rclone file is newer than bmignore
+    if rclone_filter_path.exists():
+        bmignore_mtime = bmignore_path.stat().st_mtime
+        rclone_mtime = rclone_filter_path.stat().st_mtime
+        if rclone_mtime >= bmignore_mtime:
+            return rclone_filter_path
+
+    # Read .bmignore patterns
+    patterns = []
+    try:
+        with bmignore_path.open("r", encoding="utf-8") as f:
+            for line in f:
+                line = line.strip()
+                # Keep comments and empty lines
+                if not line or line.startswith("#"):
+                    patterns.append(line)
+                    continue
+
+                # Convert gitignore pattern to rclone filter syntax
+                # gitignore: node_modules  → rclone: - node_modules/**
+                # gitignore: *.pyc        → rclone: - *.pyc
+                if "*" in line:
+                    # Pattern already has wildcard, just add exclude prefix
+                    patterns.append(f"- {line}")
+                else:
+                    # Directory pattern - add /** for recursive exclude
+                    patterns.append(f"- {line}/**")
+
+    except Exception:
+        # If we can't read the file, create a minimal filter
+        patterns = ["# Error reading .bmignore, using minimal filters", "- .git/**"]
+
+    # Write rclone filter file
+    rclone_filter_path.write_text("\n".join(patterns) + "\n")
+
+    return rclone_filter_path
+
+
+def get_bisync_filter_path() -> Path:
+    """Get path to bisync filter file.
+
+    Uses ~/.basic-memory/.bmignore (converted to rclone format).
+    The file is automatically created with default patterns on first use.
+
+    Returns:
+        Path to rclone filter file
+    """
+    return convert_bmignore_to_rclone_filters()

basic_memory/cli/commands/cloud/cloud_utils.py

@@ -0,0 +1,101 @@
+"""Shared utilities for cloud operations."""
+
+from basic_memory.cli.commands.cloud.api_client import make_api_request
+from basic_memory.config import ConfigManager
+from basic_memory.schemas.cloud import (
+    CloudProjectList,
+    CloudProjectCreateRequest,
+    CloudProjectCreateResponse,
+)
+from basic_memory.utils import generate_permalink
+
+
+class CloudUtilsError(Exception):
+    """Exception raised for cloud utility errors."""
+
+    pass
+
+
+async def fetch_cloud_projects() -> CloudProjectList:
+    """Fetch list of projects from cloud API.
+
+    Returns:
+        CloudProjectList with projects from cloud
+    """
+    try:
+        config_manager = ConfigManager()
+        config = config_manager.config
+        host_url = config.cloud_host.rstrip("/")
+
+        response = await make_api_request(method="GET", url=f"{host_url}/proxy/projects/projects")
+
+        return CloudProjectList.model_validate(response.json())
+    except Exception as e:
+        raise CloudUtilsError(f"Failed to fetch cloud projects: {e}") from e
+
+
+async def create_cloud_project(project_name: str) -> CloudProjectCreateResponse:
+    """Create a new project on cloud.
+
+    Args:
+        project_name: Name of project to create
+
+    Returns:
+        CloudProjectCreateResponse with project details from API
+    """
+    try:
+        config_manager = ConfigManager()
+        config = config_manager.config
+        host_url = config.cloud_host.rstrip("/")
+
+        # Use generate_permalink to ensure consistent naming
+        project_path = generate_permalink(project_name)
+
+        project_data = CloudProjectCreateRequest(
+            name=project_name,
+            path=project_path,
+            set_default=False,
+        )
+
+        response = await make_api_request(
+            method="POST",
+            url=f"{host_url}/proxy/projects/projects",
+            headers={"Content-Type": "application/json"},
+            json_data=project_data.model_dump(),
+        )
+
+        return CloudProjectCreateResponse.model_validate(response.json())
+    except Exception as e:
+        raise CloudUtilsError(f"Failed to create cloud project '{project_name}': {e}") from e
+
+
+async def sync_project(project_name: str, force_full: bool = False) -> None:
+    """Trigger sync for a specific project on cloud.
+
+    Args:
+        project_name: Name of project to sync
+        force_full: If True, force a full scan bypassing watermark optimization
+    """
+    try:
+        from basic_memory.cli.commands.command_utils import run_sync
+
+        await run_sync(project=project_name, force_full=force_full)
+    except Exception as e:
+        raise CloudUtilsError(f"Failed to sync project '{project_name}': {e}") from e
+
+
+async def project_exists(project_name: str) -> bool:
+    """Check if a project exists on cloud.
+
+    Args:
+        project_name: Name of project to check
+
+    Returns:
+        True if project exists, False otherwise
+    """
+    try:
+        projects = await fetch_cloud_projects()
+        project_names = {p.name for p in projects.projects}
+        return project_name in project_names
+    except Exception:
+        return False