autoreply 0.3.1

autoreply: Model Context Protocol server for Bluesky profile and post search functionality
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398

//! autoreply MCP Server & CLI (Rust)
//!
//! Dual-mode application:
//! - MCP Server Mode (default): Model Context Protocol server using stdio
//! - CLI Mode: Command-line utility for direct tool execution
//!
//! Implements two tools:
//! - `profile(account)` - Retrieve user profile information
//! - `search(account, query)` - Search posts within a user's repository

mod mcp;
mod error;
mod bluesky;
mod tools;
mod http;
mod cli;
mod car;
mod auth;

use anyhow::Result;
use clap::Parser;
use cli::{Cli, Commands};
use tracing::info;

#[tokio::main]
async fn main() -> Result<()> {
    // Detect mode: CLI if args present, MCP server otherwise
    let args: Vec<String> = std::env::args().collect();
    
    if args.len() > 1 {
        // CLI mode - parse arguments and execute
        run_cli_mode().await
    } else {
        // MCP server mode - default behavior
        run_mcp_mode().await
    }
}

/// Run in CLI mode
async fn run_cli_mode() -> Result<()> {
    let cli = Cli::parse();
    
    // Initialize logging based on verbosity flags
    let log_level = if cli.quiet {
        "error"
    } else if cli.verbose {
        "debug"
    } else {
        "info"
    };
    
    tracing_subscriber::fmt()
        .with_env_filter(log_level)
        .with_writer(std::io::stderr) // Log to stderr to keep stdout clean
        .init();

    // Execute command
    let result = match cli.command {
        Some(Commands::Profile(args)) => {
            execute_profile_cli(args).await
        }
        Some(Commands::Search(args)) => {
            execute_search_cli(args).await
        }
        Some(Commands::Login(args)) => {
            execute_login_cli(args).await
        }
        None => {
            eprintln!("Error: No command specified. Use --help for usage information.");
            std::process::exit(1);
        }
    };

    // Handle result and exit with appropriate code
    match result {
        Ok(output) => {
            println!("{}", output);
            Ok(())
        }
        Err(e) => {
            eprintln!("Error: {}", e);
            std::process::exit(get_exit_code(&e));
        }
    }
}

/// Execute profile command in CLI mode
async fn execute_profile_cli(args: cli::ProfileArgs) -> Result<String> {
    use tokio::time::{timeout, Duration};
    
    let result = timeout(Duration::from_secs(120), tools::profile::execute_profile(args)).await;
    
    match result {
        Ok(Ok(tool_result)) => {
            // Extract markdown text from ToolResult
            Ok(tool_result.content.first()
                .map(|c| c.text.clone())
                .unwrap_or_default())
        }
        Ok(Err(e)) => Err(anyhow::anyhow!(e.message())),
        Err(_) => Err(anyhow::anyhow!("Request exceeded 120 second timeout")),
    }
}

/// Execute search command in CLI mode
async fn execute_search_cli(args: cli::SearchArgs) -> Result<String> {
    use tokio::time::{timeout, Duration};
    
    let result = timeout(Duration::from_secs(120), tools::search::execute_search(args)).await;
    
    match result {
        Ok(Ok(tool_result)) => {
            // Extract markdown text from ToolResult
            Ok(tool_result.content.first()
                .map(|c| c.text.clone())
                .unwrap_or_default())
        }
        Ok(Err(e)) => Err(anyhow::anyhow!(e.message())),
        Err(_) => Err(anyhow::anyhow!("Request exceeded 120 second timeout")),
    }
}

/// Try OAuth login flow
async fn try_oauth_login(handle: &str, storage: &auth::CredentialStorage) -> Result<auth::Session> {
    use auth::{AtProtoOAuthManager, CallbackServer, CallbackResult, Credentials};
    
    info!("Starting atproto OAuth browser flow...");
    
    // Start local callback server first to get the port
    let callback_server = CallbackServer::new()
        .map_err(|e| anyhow::anyhow!("Failed to start callback server: {}", e))?;
    
    // Create OAuth manager and set the dynamic redirect_uri
    let mut oauth_manager = AtProtoOAuthManager::new()?;
    oauth_manager.set_redirect_uri(callback_server.callback_url());
    
    // Start the flow - this does identity resolution and PAR
    info!("Resolving handle and discovering authorization server...");
    let flow_state = oauth_manager.start_browser_flow(handle).await?;
    
    info!("OAuth callback server started on {}", callback_server.callback_url());
    info!("Authorization URL: {}", flow_state.auth_url);
    
    // Open browser
    if webbrowser::open(&flow_state.auth_url).is_ok() {
        info!("Opened browser for authorization");
    } else {
        eprintln!("\nPlease visit this URL in your browser:");
        eprintln!("{}\n", flow_state.auth_url);
    }
    
    // Wait for callback (5 minute timeout)
    info!("Waiting for authorization callback...");
    let callback_result = callback_server
        .wait_for_callback(std::time::Duration::from_secs(300))
        .await
        .map_err(|e| anyhow::anyhow!("OAuth callback failed: {}", e))?;
    
    // Handle callback result
    match callback_result {
        CallbackResult::Success { code, state } => {
            // Verify state matches
            if state != flow_state.state {
                return Err(anyhow::anyhow!("State parameter mismatch - possible CSRF attack"));
            }
            
            info!("Authorization successful, exchanging code for tokens...");
            
            // Exchange code for tokens
            let session = oauth_manager.complete_flow(&code, &flow_state).await?;
            
            info!("OAuth authentication successful!");
            
            // Store OAuth credentials using the refresh token
            // The refresh token is what we'd use to restore the session
            let oauth_credentials = Credentials::with_service(
                &session.did,           // Use DID as identifier for OAuth
                &session.refresh_jwt,   // Store refresh token as "password"
                &session.service,
            );
            storage.store_credentials_with_fallback(handle, oauth_credentials)?;
            
            Ok(session)
        }
        CallbackResult::Error { error, description } => {
            let desc = description.unwrap_or_else(|| "No description provided".to_string());
            Err(anyhow::anyhow!("OAuth authorization failed: {} - {}", error, desc))
        }
    }
}

/// Execute login command in CLI mode
async fn execute_login_cli(args: cli::LoginCommand) -> Result<String> {
    use auth::{Credentials, CredentialStorage, SessionManager};
    use std::io::{self, Write};
    
    let storage = CredentialStorage::new()?;
    
    // Handle subcommands first
    match args.command {
        Some(cli::LoginSubcommands::List) => {
            let accounts = storage.list_accounts()?;
            let default_account = storage.get_default_account()?;
            
            if accounts.is_empty() {
                return Ok("No accounts stored. Use 'autoreply login' to add an account.".to_string());
            }
            
            let mut output = format!("Authenticated accounts ({}):\n", accounts.len());
            for account in accounts {
                let marker = if Some(&account) == default_account.as_ref() {
                    " (default)"
                } else {
                    ""
                };
                output.push_str(&format!("  • @{}{}\n", account, marker));
            }
            
            return Ok(output);
        }
        Some(cli::LoginSubcommands::Default { handle }) => {
            // Verify account exists
            storage.get_credentials(&handle)?;
            
            // Set as default
            storage.set_default_account(&handle)?;
            
            return Ok(format!("✓ Set @{} as default account", handle));
        }
        Some(cli::LoginSubcommands::Delete { handle }) => {
            // Determine which account to delete
            let handle_to_delete = if let Some(h) = handle {
                h
            } else {
                // Use default account
                storage.get_default_account()?
                    .ok_or_else(|| anyhow::anyhow!("No default account set. Specify --handle"))?
            };
            
            // Remove credentials
            storage.remove_account(&handle_to_delete)?;
            
            return Ok(format!("✓ Deleted account @{}", handle_to_delete));
        }
        None => {
            // No subcommand means add/authenticate
        }
    }
    
    // Get handle - prompt if not provided
    let handle = if let Some(h) = args.handle {
        h
    } else {
        print!("Handle (e.g., alice.bsky.social): ");
        io::stdout().flush()?;
        let mut input = String::new();
        io::stdin().read_line(&mut input)?;
        input.trim().to_string()
    };
    
    if handle.is_empty() {
        return Err(anyhow::anyhow!("Handle is required"));
    }
    
    // Determine authentication method
    // If password is provided, use app password authentication
    // Otherwise, try OAuth first, fall back to app password on failure
    let session = if args.password.is_some() {
        // App password authentication explicitly requested
        let password = match args.password.as_deref() {
            Some("") | None => {
                // Prompt for password
                print!("App password: ");
                io::stdout().flush()?;
                let mut input = String::new();
                io::stdin().read_line(&mut input)?;
                input.trim().to_string()
            }
            Some(p) => p.to_string(),
        };
        
        if password.is_empty() {
            return Err(anyhow::anyhow!("Password is required for app password authentication"));
        }
        
        // Create credentials
        let credentials = if let Some(service) = args.service {
            Credentials::with_service(&handle, &password, service)
        } else {
            Credentials::new(&handle, &password)
        };
        
        // Authenticate
        info!("Authenticating with app password...");
        let manager = SessionManager::new()?;
        let session = manager.login(&credentials).await?;
        
        // Store credentials for app password method
        storage.store_credentials_with_fallback(&handle, credentials)?;
        
        session
    } else {
        // Try OAuth first (default)
        match try_oauth_login(&handle, &storage).await {
            Ok(session) => session,
            Err(oauth_error) => {
                // OAuth failed, fall back to app password
                tracing::warn!("OAuth authentication failed: {}", oauth_error);
                eprintln!("OAuth authentication failed: {}", oauth_error);
                eprintln!("Falling back to app password authentication...\n");
                
                // Prompt for password
                print!("App password: ");
                io::stdout().flush()?;
                let mut password = String::new();
                io::stdin().read_line(&mut password)?;
                let password = password.trim().to_string();
                
                if password.is_empty() {
                    return Err(anyhow::anyhow!("Password is required for app password authentication"));
                }
                
                // Create credentials
                let credentials = if let Some(service) = args.service {
                    Credentials::with_service(&handle, &password, service)
                } else {
                    Credentials::new(&handle, &password)
                };
                
                // Authenticate
                info!("Authenticating with app password...");
                let manager = SessionManager::new()?;
                let session = manager.login(&credentials).await?;
                
                // Store credentials
                storage.store_credentials_with_fallback(&handle, credentials)?;
                
                session
            }
        }
    };
    
    // Store session
    storage.store_session(&handle, session.clone())?;
    
    // Set as default if it's the first account
    let accounts = storage.list_accounts()?;
    if accounts.len() == 1 || storage.get_default_account()?.is_none() {
        storage.set_default_account(&handle)?;
    }
    
    let auth_method = if args.password.is_some() {
        "app password"
    } else {
        "OAuth (browser)"
    };
    
    Ok(format!(
        "✓ Successfully authenticated as @{}\n  DID: {}\n  Method: {}\n  Storage: {}",
        session.handle,
        session.did,
        auth_method,
        match storage.backend() {
            auth::StorageBackend::Keyring => "OS keyring",
            auth::StorageBackend::File => "file",
        }
    ))
}

/// Map AppError to exit code
fn get_exit_code(err: &anyhow::Error) -> i32 {
    let err_str = err.to_string().to_lowercase();
    
    if err_str.contains("invalid") || err_str.contains("usage") {
        1 // Invalid arguments or usage error
    } else if err_str.contains("network") || err_str.contains("connection") {
        2 // Network or API error
    } else if err_str.contains("not found") {
        3 // Not found error
    } else if err_str.contains("timeout") {
        4 // Timeout error
    } else {
        5 // Other application errors
    }
}

/// Run in MCP server mode
async fn run_mcp_mode() -> Result<()> {
    // Initialize logging
    tracing_subscriber::fmt::init();
    
    info!("Starting autoreply MCP Server");

    // Handle stdio MCP communication
    mcp::handle_stdio().await?;

    Ok(())
}