@01.software/cli 0.9.0 → 0.10.1

package/dist/index.js

@@ -128,7 +128,7 @@ ${entry}
 // src/lib/output.ts
 import pc from "picocolors";
 
-// src/lib/api-error.ts
+// src/lib/admin-error.ts
 var PERMISSION_CODES = [
   "tenant_mismatch",
   "account_suspended",
@@ -515,6 +515,40 @@ function failArg(label, value, expectedKind) {
     detail: { message, value, field: label }
   });
 }
+function stringifyValue(value) {
+  try {
+    return JSON.stringify(value);
+  } catch {
+    return String(value);
+  }
+}
+function formatSchemaIssues(label, issues) {
+  return issues.map((issue) => {
+    const path = issue.path.length > 0 ? issue.path.join(".") : label;
+    return `${path}: ${issue.message}`;
+  }).join("; ");
+}
+function parseWithSchema(value, label, schema) {
+  const parsed = schema.safeParse(value);
+  if (parsed.success) return parsed.data;
+  const issues = parsed.error.issues.map((issue) => ({
+    path: issue.path.map(String),
+    message: issue.message
+  }));
+  const message = `Invalid value for --${label}: ${formatSchemaIssues(label, issues)}`;
+  exitWithError({
+    type: "validation",
+    code: "invalid_argument",
+    field: label,
+    message,
+    detail: {
+      message,
+      value: stringifyValue(value),
+      field: label,
+      issues
+    }
+  });
+}
 function parseJson(value, label, options = {}) {
   let parsed;
   try {
@@ -736,15 +770,65 @@ function registerCrudCommands(program2, getClient2, getFormat2) {
 }
 
 // src/commands/order.ts
+import { z } from "zod";
+var idSchema = z.union([z.string().min(1), z.number()]).transform(String);
+var customerSnapshotSchema = z.object({
+  email: z.string().email("Invalid email format"),
+  name: z.string().optional(),
+  phone: z.string().optional()
+}).strict();
+var shippingAddressSchema = z.object({
+  postalCode: z.string().optional(),
+  address: z.string().optional(),
+  detailAddress: z.string().optional(),
+  deliveryMessage: z.string().optional(),
+  recipientName: z.string().optional(),
+  phone: z.string().optional()
+}).strict();
+var orderItemSchema = z.object({
+  product: idSchema,
+  variant: idSchema,
+  option: idSchema,
+  quantity: z.number().int().positive("quantity must be a positive integer"),
+  unitPrice: z.number().optional(),
+  totalPrice: z.number().optional()
+}).strict();
+var orderItemsSchema = z.array(orderItemSchema).min(1, "At least one order item is required").max(100, "Maximum 100 items per order");
+var orderStatusSchema = z.enum([
+  "pending",
+  "paid",
+  "failed",
+  "canceled",
+  "preparing",
+  "shipped",
+  "delivered",
+  "confirmed"
+]);
+var fulfillmentItemsSchema = z.array(
+  z.object({
+    orderItem: idSchema,
+    quantity: z.number().int().positive("quantity must be a positive integer")
+  }).strict()
+).min(1, "At least one fulfillment item is required").max(100, "Maximum 100 items per fulfillment");
 function registerOrderCommands(program2, getClient2, getFormat2) {
   const order = program2.command("order").description("Order management");
   order.command("create").description("Create a new order").option("--payment-id <id>", "Payment ID").requiredOption("--order-number <num>", "Order number").requiredOption("--email <email>", "Customer email").option("--customer <id>", "Customer ID").option("--name <name>", "Customer name").option("--phone <phone>", "Customer phone").requiredOption("--shipping-address <json>", "Shipping address (JSON)").requiredOption("--products <json>", "Order products array (JSON)").requiredOption("--total-amount <n>", "Total amount", parseFloat).option("--dry-run", "Validate inputs without executing").action(async (opts) => {
     try {
-      const shippingAddress = parseJson(
-        opts.shippingAddress,
-        "shipping-address"
+      const shippingAddress = parseWithSchema(
+        parseJson(opts.shippingAddress, "shipping-address"),
+        "shipping-address",
+        shippingAddressSchema
+      );
+      const orderItems = parseWithSchema(
+        parseJsonArray(opts.products, "products"),
+        "products",
+        orderItemsSchema
+      );
+      const totalAmount = parseWithSchema(
+        opts.totalAmount,
+        "total-amount",
+        z.number().nonnegative("totalAmount must be non-negative")
       );
-      const orderItems = parseJsonArray(opts.products, "products");
       const data = {
         pgPaymentId: opts.paymentId,
         orderNumber: opts.orderNumber,
@@ -756,7 +840,7 @@ function registerOrderCommands(program2, getClient2, getFormat2) {
         customer: opts.customer,
         shippingAddress,
         orderItems,
-        totalAmount: opts.totalAmount
+        totalAmount
       };
       if (opts.dryRun) {
         printResult(
@@ -787,7 +871,8 @@ function registerOrderCommands(program2, getClient2, getFormat2) {
   });
   order.command("update <orderNumber>").description("Update order status").requiredOption("--status <status>", "New status").option("--dry-run", "Validate inputs without executing").action(async (orderNumber, opts) => {
     try {
-      const data = { orderNumber, status: opts.status };
+      const status = parseWithSchema(opts.status, "status", orderStatusSchema);
+      const data = { orderNumber, status };
       if (opts.dryRun) {
         printResult(
           { dryRun: true, valid: true, action: "order update", data },
@@ -804,7 +889,11 @@ function registerOrderCommands(program2, getClient2, getFormat2) {
   });
   order.command("checkout").description("Convert a cart to an order").requiredOption("--cart-id <id>", "Cart ID").option("--payment-id <id>", "Payment ID (optional for free orders)").requiredOption("--order-number <num>", "Order number").requiredOption("--customer <json>", "Customer snapshot (JSON)").option("--dry-run", "Validate inputs without executing").action(async (opts) => {
     try {
-      const customerSnapshot = parseJson(opts.customer, "customer");
+      const customerSnapshot = parseWithSchema(
+        parseJson(opts.customer, "customer"),
+        "customer",
+        customerSnapshotSchema
+      );
       const data = {
         cartId: opts.cartId,
         pgPaymentId: opts.paymentId,
@@ -830,7 +919,11 @@ function registerOrderCommands(program2, getClient2, getFormat2) {
   });
   order.command("fulfill <orderNumber>").description("Create a fulfillment for an order").requiredOption("--items <json>", "Fulfillment items array (JSON)").option("--carrier <name>", "Shipping carrier").option("--tracking-number <num>", "Tracking number").option("--dry-run", "Validate inputs without executing").action(async (orderNumber, opts) => {
     try {
-      const items = parseJsonArray(opts.items, "items");
+      const items = parseWithSchema(
+        parseJsonArray(opts.items, "items"),
+        "items",
+        fulfillmentItemsSchema
+      );
       const data = {
         orderNumber,
         items,
@@ -857,6 +950,23 @@ function registerOrderCommands(program2, getClient2, getFormat2) {
 }
 
 // src/commands/return.ts
+import { z as z2 } from "zod";
+var idSchema2 = z2.union([z2.string().min(1), z2.number()]).transform(String);
+var returnReasonSchema = z2.enum(["change_of_mind", "defective", "wrong_delivery", "damaged", "other"]).optional();
+var returnItemsSchema = z2.array(
+  z2.object({
+    orderItem: idSchema2,
+    quantity: z2.number().int().positive("quantity must be a positive integer"),
+    restockAction: z2.enum(["return_to_stock", "discard"]).default("return_to_stock")
+  }).strict()
+).min(1, "At least one return item is required").max(100, "Too many return items");
+var returnStatusSchema = z2.enum([
+  "processing",
+  "approved",
+  "rejected",
+  "completed"
+]);
+var refundAmountSchema = z2.number().nonnegative("refundAmount must be non-negative");
 function registerReturnCommands(program2, getClient2, getFormat2) {
   const ret = program2.command("return").description("Return management");
   ret.command("create <orderNumber>").description("Create a return request").requiredOption("--products <json>", "Return products array (JSON)").requiredOption("--refund-amount <n>", "Refund amount", parseFloat).option(
@@ -864,12 +974,26 @@ function registerReturnCommands(program2, getClient2, getFormat2) {
     "Return reason (change_of_mind, defective, wrong_delivery, damaged, other)"
   ).option("--reason-detail <text>", "Detailed reason").option("--dry-run", "Validate inputs without executing").action(async (orderNumber, opts) => {
     try {
-      const returnItems = parseJsonArray(opts.products, "products");
+      const returnItems = parseWithSchema(
+        parseJsonArray(opts.products, "products"),
+        "products",
+        returnItemsSchema
+      );
+      const refundAmount = parseWithSchema(
+        opts.refundAmount,
+        "refund-amount",
+        refundAmountSchema
+      );
+      const reason = parseWithSchema(
+        opts.reason,
+        "reason",
+        returnReasonSchema
+      );
       const data = {
         orderNumber,
         returnItems,
-        refundAmount: opts.refundAmount,
-        reason: opts.reason,
+        refundAmount,
+        reason,
         reasonDetail: opts.reasonDetail
       };
       if (opts.dryRun) {
@@ -894,7 +1018,8 @@ function registerReturnCommands(program2, getClient2, getFormat2) {
     "New status (processing, approved, rejected, completed)"
   ).option("--dry-run", "Validate inputs without executing").action(async (returnId, opts) => {
     try {
-      const data = { returnId, status: opts.status };
+      const status = parseWithSchema(opts.status, "status", returnStatusSchema);
+      const data = { returnId, status };
       if (opts.dryRun) {
         printResult(
           { dryRun: true, valid: true, action: "return update", data },
@@ -911,13 +1036,27 @@ function registerReturnCommands(program2, getClient2, getFormat2) {
   });
   ret.command("refund <orderNumber>").description("Return with refund").requiredOption("--products <json>", "Return products array (JSON)").requiredOption("--refund-amount <n>", "Refund amount", parseFloat).requiredOption("--payment-id <id>", "Payment ID").option("--reason <reason>", "Return reason").option("--reason-detail <text>", "Detailed reason").option("--refund-receipt-url <url>", "Refund receipt URL").option("--dry-run", "Validate inputs without executing").action(async (orderNumber, opts) => {
     try {
-      const returnItems = parseJsonArray(opts.products, "products");
+      const returnItems = parseWithSchema(
+        parseJsonArray(opts.products, "products"),
+        "products",
+        returnItemsSchema
+      );
+      const refundAmount = parseWithSchema(
+        opts.refundAmount,
+        "refund-amount",
+        refundAmountSchema
+      );
+      const reason = parseWithSchema(
+        opts.reason,
+        "reason",
+        returnReasonSchema
+      );
       const data = {
         orderNumber,
         returnItems,
-        refundAmount: opts.refundAmount,
+        refundAmount,
         pgPaymentId: opts.paymentId,
-        reason: opts.reason,
+        reason,
         reasonDetail: opts.reasonDetail,
         refundReceiptUrl: opts.refundReceiptUrl
       };
@@ -1413,25 +1552,265 @@ function registerSchemaCommands(program2, getClient2, getFormat2) {
   });
 }
 
+// ../contracts/src/tenant/index.ts
+import { z as z3 } from "zod";
+var tenantFieldConfigStateSchema = z3.object({
+  hiddenFields: z3.array(z3.string()),
+  isHidden: z3.boolean()
+}).strict();
+var tenantContextQuerySchema = z3.object({
+  counts: z3.literal("true").optional()
+}).strict();
+var tenantContextToolInputSchema = z3.object({
+  includeCounts: z3.boolean().optional().default(false).describe(
+    "Include per-collection document counts and config status (bypasses cache, slower)"
+  )
+}).strict();
+var tenantContextResponseSchema = z3.object({
+  tenant: z3.object({
+    id: z3.string(),
+    name: z3.string(),
+    plan: z3.string(),
+    planSource: z3.string().optional(),
+    authoritative: z3.boolean().optional(),
+    capabilityVersion: z3.string().optional()
+  }).strict(),
+  features: z3.array(z3.string()),
+  collections: z3.object({
+    active: z3.array(z3.string()),
+    inactive: z3.array(z3.string())
+  }).strict(),
+  fieldConfigs: z3.record(z3.string(), tenantFieldConfigStateSchema),
+  counts: z3.record(z3.string(), z3.number()).optional(),
+  config: z3.object({
+    webhookConfigured: z3.boolean()
+  }).strict().optional()
+}).strict();
+var tenantFeatureProgressFeatureSchema = z3.enum(["ecommerce"]);
+var tenantFeatureProgressInputSchema = z3.object({
+  feature: tenantFeatureProgressFeatureSchema.describe(
+    "Feature to inspect for tenant implementation readiness"
+  ),
+  includeEvidence: z3.boolean().optional().default(false).describe("Include sanitized counts and static surface evidence")
+}).strict();
+var tenantFeatureProgressStatusSchema = z3.enum([
+  "ready",
+  "attention",
+  "blocked"
+]);
+var tenantFeatureProgressItemStateSchema = z3.enum([
+  "complete",
+  "incomplete",
+  "blocked",
+  "attention",
+  "optional",
+  "unknown",
+  "manual",
+  "not-applicable"
+]);
+var tenantFeatureProgressSeveritySchema = z3.enum([
+  "required",
+  "recommended",
+  "optional"
+]);
+var tenantFeatureProgressEvidenceValueSchema = z3.union([
+  z3.string(),
+  z3.number(),
+  z3.boolean(),
+  z3.null()
+]);
+var tenantFeatureProgressItemSchema = z3.object({
+  id: z3.string(),
+  title: z3.string(),
+  state: tenantFeatureProgressItemStateSchema,
+  severity: tenantFeatureProgressSeveritySchema,
+  summary: z3.string(),
+  evidence: z3.record(z3.string(), tenantFeatureProgressEvidenceValueSchema).optional()
+}).strict();
+var tenantFeatureProgressGroupSchema = z3.object({
+  id: z3.string(),
+  title: z3.string(),
+  summary: z3.string().optional(),
+  items: z3.array(tenantFeatureProgressItemSchema)
+}).strict();
+var tenantFeatureProgressResponseSchema = z3.object({
+  schemaVersion: z3.literal(1),
+  feature: tenantFeatureProgressFeatureSchema,
+  status: tenantFeatureProgressStatusSchema,
+  generatedAt: z3.string(),
+  tenant: z3.object({
+    id: z3.string(),
+    name: z3.string(),
+    plan: z3.string()
+  }).strict(),
+  capability: z3.object({
+    effectiveFeatures: z3.array(z3.string()),
+    planBlocked: z3.array(z3.string()),
+    closureAdded: z3.array(z3.string())
+  }).strict(),
+  summary: z3.object({
+    complete: z3.number().int().nonnegative(),
+    total: z3.number().int().nonnegative(),
+    blocking: z3.number().int().nonnegative(),
+    manual: z3.number().int().nonnegative(),
+    unknown: z3.number().int().nonnegative()
+  }).strict(),
+  groups: z3.array(tenantFeatureProgressGroupSchema)
+}).strict();
+var COLLECTION_SCHEMA_CONTRACT_VERSION = 1;
+var collectionSchemaEndpointParamsSchema = z3.object({
+  collectionSlug: z3.string().min(1, "collectionSlug is required")
+}).strict();
+var collectionFieldOptionSchema = z3.object({
+  label: z3.string(),
+  value: z3.string()
+}).strict();
+var collectionFieldSchema = z3.lazy(
+  () => z3.object({
+    name: z3.string(),
+    path: z3.string(),
+    type: z3.string(),
+    required: z3.literal(true).optional(),
+    unique: z3.literal(true).optional(),
+    hasMany: z3.literal(true).optional(),
+    relationTo: z3.union([z3.string(), z3.array(z3.string())]).optional(),
+    options: z3.array(collectionFieldOptionSchema).optional(),
+    hidden: z3.literal(true).optional(),
+    systemManaged: z3.literal(true).optional(),
+    writable: z3.boolean().optional(),
+    fields: z3.array(collectionFieldSchema).optional()
+  }).strict()
+);
+var collectionSchemaResponseSchema = z3.object({
+  contractVersion: z3.literal(COLLECTION_SCHEMA_CONTRACT_VERSION),
+  mode: z3.literal("effective"),
+  collection: z3.object({
+    slug: z3.string(),
+    timestamps: z3.boolean(),
+    alwaysActive: z3.boolean(),
+    feature: z3.string().nullable(),
+    systemFields: z3.array(z3.string()),
+    visibility: z3.object({
+      collectionHidden: z3.boolean(),
+      hiddenFields: z3.array(z3.string())
+    }).strict(),
+    fields: z3.array(collectionFieldSchema)
+  }).strict()
+}).strict();
+
+// src/commands/feature.ts
+function getApiUrl2() {
+  return (process.env.SOFTWARE_API_URL || process.env.NEXT_PUBLIC_SOFTWARE_API_URL || "https://api.01.software").replace(/\/$/, "");
+}
+function flattenProgress(progress) {
+  return progress.groups.flatMap(
+    (group) => group.items.map((item) => ({
+      group: group.title,
+      item: item.title,
+      state: item.state,
+      severity: item.severity,
+      summary: item.summary
+    }))
+  );
+}
+function registerFeatureCommands(program2, getClient2, getFormat2) {
+  const feature = program2.command("feature").description("Feature implementation progress checks");
+  feature.command("check <feature>").description("Check tenant implementation progress for a feature").option("--evidence", "Include sanitized evidence counts and surface flags").action(async (featureName, options) => {
+    try {
+      const input = parseWithSchema(
+        {
+          feature: featureName,
+          includeEvidence: Boolean(options.evidence)
+        },
+        "feature",
+        tenantFeatureProgressInputSchema
+      );
+      const client = getClient2();
+      const baseUrl = getApiUrl2();
+      const search = new URLSearchParams({ feature: input.feature });
+      if (input.includeEvidence) search.set("includeEvidence", "true");
+      const response = await fetch(
+        `${baseUrl}/api/tenants/feature-progress?${search.toString()}`,
+        {
+          headers: {
+            "X-Publishable-Key": client.publishableKey,
+            Authorization: `Bearer ${client.secretKey}`
+          }
+        }
+      );
+      if (!response.ok) {
+        const body = await response.json().catch(() => ({ error: response.statusText }));
+        const err = new Error(
+          body.error || `HTTP ${response.status}`
+        );
+        Object.assign(err, { status: response.status });
+        throw err;
+      }
+      const result = tenantFeatureProgressResponseSchema.parse(
+        await response.json()
+      );
+      const format = getFormat2();
+      printResult(
+        format === "table" ? flattenProgress(result) : result,
+        format
+      );
+    } catch (error) {
+      exitWithError(error);
+    }
+  });
+}
+
 // src/commands/mcp.ts
 import { resolve, dirname } from "path";
 import { existsSync as existsSync2 } from "fs";
 import { spawn } from "child_process";
 import { fileURLToPath } from "url";
 var __dirname = dirname(fileURLToPath(import.meta.url));
-function findStdioEntry(baseDir = __dirname) {
-  const packaged = resolve(baseDir, "mcp/stdio.js");
-  if (existsSync2(packaged)) return packaged;
+function getStdioEntryCandidates(baseDir = __dirname) {
+  const candidates = [
+    {
+      label: "packaged CLI artifact",
+      path: resolve(baseDir, "mcp/stdio.js")
+    }
+  ];
   const roots = ["../../../..", "../../..", "../.."];
-  const entries = ["apps/mcp/dist/stdio.js", "apps/mcp/.xmcp/stdio.js"];
+  const entries = [
+    {
+      label: "monorepo build output",
+      path: "apps/mcp/dist/stdio.js"
+    },
+    {
+      label: "xmcp build output",
+      path: "apps/mcp/.xmcp/stdio.js"
+    }
+  ];
   for (const entry of entries) {
     for (const root of roots) {
-      const candidate = resolve(baseDir, root, entry);
-      if (existsSync2(candidate)) return candidate;
+      candidates.push({
+        label: entry.label,
+        path: resolve(baseDir, root, entry.path)
+      });
     }
   }
+  return candidates;
+}
+function findStdioEntry(baseDir = __dirname) {
+  for (const candidate of getStdioEntryCandidates(baseDir)) {
+    if (existsSync2(candidate.path)) return candidate.path;
+  }
   return null;
 }
+function formatMissingStdioEntryMessage(baseDir = __dirname) {
+  const checked = getStdioEntryCandidates(baseDir).map((candidate) => `  - ${candidate.label}: ${candidate.path}`).join("\n");
+  return [
+    "MCP stdio entry not found.",
+    "Checked:",
+    checked,
+    "Fix:",
+    "  - Monorepo checkout: run pnpm --filter mcp build.",
+    "  - Published CLI: reinstall or update @01.software/cli so dist/mcp/stdio.js is included."
+  ].join("\n");
+}
 function createMcpEnv(baseEnv, client) {
   const env = {
     ...baseEnv,
@@ -1442,15 +1821,21 @@ function createMcpEnv(baseEnv, client) {
   return env;
 }
 function registerMcpCommands(program2) {
-  program2.command("mcp").description("Start MCP server over stdio").action(() => {
+  program2.command("mcp").description("Start local MCP stdio server for trusted server-key workflows").addHelpText(
+    "after",
+    `
+Prerequisites:
+  Run 01 login, or set SOFTWARE_PUBLISHABLE_KEY and SOFTWARE_SECRET_KEY.
+  Local stdio exposes the full MCP tool surface; HTTP OAuth MCP uses the
+  narrower remote surface documented in the web integration guide.
+  In a monorepo checkout, build the stdio artifact first:
+    pnpm --filter mcp build
+`
+  ).action(() => {
     const client = resolveClient(program2.opts().apiKey);
     const stdioEntry = findStdioEntry();
     if (!stdioEntry) {
-      exitWithError(
-        new Error(
-          "MCP server not found. Ensure apps/mcp is built (pnpm --filter mcp build)."
-        )
-      );
+      exitWithError(new Error(formatMissingStdioEntryMessage()));
     }
     const child = spawn(process.execPath, [stdioEntry], {
       env: createMcpEnv(process.env, client),
@@ -1487,6 +1872,7 @@ registerCartCommands(program, getClient, getFormat);
 registerStockCommands(program, getClient, getFormat);
 registerTransactionCommands(program, getClient, getFormat);
 registerSchemaCommands(program, getClient, getFormat);
+registerFeatureCommands(program, getClient, getFormat);
 registerMcpCommands(program);
 registerAuthCommands(program);
 program.parse();