@agentuity/cli 0.1.0 → 0.1.2

package/src/cmd/build/webanalytics-generator.ts

@@ -0,0 +1,205 @@
+/**
+ * Web analytics beacon code generator
+ * Generates src/generated/webanalytics.ts with the analytics beacon script
+ */
+
+import { join } from 'node:path';
+import type { Logger, AnalyticsConfig } from '../../types';
+
+interface GenerateWebAnalyticsOptions {
+	rootDir: string;
+	logger: Logger;
+	analytics?: boolean | AnalyticsConfig;
+}
+
+/**
+ * Generate the web analytics files (webanalytics.ts and analytics-config.ts)
+ */
+export async function generateWebAnalyticsFile(
+	options: GenerateWebAnalyticsOptions
+): Promise<void> {
+	const { rootDir, logger, analytics } = options;
+
+	const srcDir = join(rootDir, 'src');
+	const generatedDir = join(srcDir, 'generated');
+	const analyticsPath = join(generatedDir, 'webanalytics.ts');
+	const configPath = join(generatedDir, 'analytics-config.ts');
+
+	logger.trace(`Generating web analytics files...`);
+
+	const analyticsEnabled = analytics !== false;
+	const analyticsConfig: AnalyticsConfig = typeof analytics === 'object' ? analytics : {};
+
+	// Generate the analytics config file with resolved values
+	const configCode = generateAnalyticsConfigCode(analyticsEnabled, analyticsConfig);
+	await Bun.write(configPath, configCode);
+
+	// Generate the webanalytics file
+	const code = analyticsEnabled ? getEnabledAnalyticsCode() : getDisabledAnalyticsCode();
+	await Bun.write(analyticsPath, code);
+
+	logger.trace(`Generated web analytics files at %s`, generatedDir);
+}
+
+function generateAnalyticsConfigCode(enabled: boolean, config: AnalyticsConfig): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+export interface AnalyticsConfig {
+	enabled: boolean;
+	requireConsent: boolean;
+	trackClicks: boolean;
+	trackScroll: boolean;
+	trackOutboundLinks: boolean;
+	trackForms: boolean;
+	trackWebVitals: boolean;
+	trackErrors: boolean;
+	trackSPANavigation: boolean;
+	sampleRate: number;
+	excludePatterns: string[];
+	globalProperties: Record<string, unknown>;
+}
+
+export const analyticsConfig: AnalyticsConfig = {
+	enabled: ${enabled && config.enabled !== false},
+	requireConsent: ${config.requireConsent ?? false},
+	trackClicks: ${config.trackClicks ?? true},
+	trackScroll: ${config.trackScroll ?? true},
+	trackOutboundLinks: ${config.trackOutboundLinks ?? true},
+	trackForms: ${config.trackForms ?? false},
+	trackWebVitals: ${config.trackWebVitals ?? true},
+	trackErrors: ${config.trackErrors ?? true},
+	trackSPANavigation: ${config.trackSPANavigation ?? true},
+	sampleRate: ${config.sampleRate ?? 1},
+	excludePatterns: ${JSON.stringify(config.excludePatterns ?? [])},
+	globalProperties: ${JSON.stringify(config.globalProperties ?? {})},
+};
+`;
+}
+
+function getDisabledAnalyticsCode(): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+import { createRouter } from '@agentuity/runtime';
+import type { AnalyticsConfig } from './analytics-config';
+
+// Analytics disabled
+export function injectAnalytics(html: string, _config: AnalyticsConfig): string {
+	return html;
+}
+
+export function registerAnalyticsRoutes(_app: ReturnType<typeof createRouter>): void {}
+`;
+}
+
+function getEnabledAnalyticsCode(): string {
+	return `// @generated
+// Auto-generated by Agentuity
+// DO NOT EDIT - This file is regenerated on every build
+
+import type { Context } from 'hono';
+import {
+	createRouter,
+	createWebSessionMiddleware,
+	getOrganizationId,
+	getProjectId,
+	isDevMode as runtimeIsDevMode,
+} from '@agentuity/runtime';
+import type { AnalyticsConfig } from './analytics-config';
+
+// Inject analytics config and script into HTML
+// Note: Only static config is injected (org, project, devmode, tracking options)
+// Session and thread IDs are read from cookies by the beacon script
+export function injectAnalytics(html: string, analyticsConfig: AnalyticsConfig): string {
+	if (!analyticsConfig.enabled) return html;
+
+	const orgId = getOrganizationId() || '';
+	const projectId = getProjectId() || '';
+	const isDevmode = runtimeIsDevMode();
+
+	// Only include static config - session/thread come from cookies
+	const pageConfig = {
+		...analyticsConfig,
+		orgId,
+		projectId,
+		isDevmode,
+	};
+
+	const configScript = \`<script>window.__AGENTUITY_ANALYTICS__=\${JSON.stringify(pageConfig)};</script>\`;
+	// Session script sets cookies and window.__AGENTUITY_SESSION__ (dynamic, not cached)
+	const sessionScript = '<script src="/_agentuity/webanalytics/session.js" async></script>';
+	// Beacon script reads from __AGENTUITY_SESSION__ and sends events (static, cached)
+	const beaconScript = '<script src="/_agentuity/webanalytics/analytics.js" async></script>';
+	const injection = configScript + sessionScript + beaconScript;
+
+	// Inject before </head> or at start of <body>
+	if (html.includes('</head>')) {
+		return html.replace('</head>', injection + '</head>');
+	}
+	if (html.includes('<body')) {
+		return html.replace(/<body([^>]*)>/, \`<body$1>\${injection}\`);
+	}
+	return injection + html;
+}
+
+// The beacon script - minified for production
+export const BEACON_SCRIPT = \`(function(){
+var w=window,d=document,c=w.__AGENTUITY_ANALYTICS__;
+if(!c||!c.enabled)return;
+var q=[],t=null,sr=false,E='/_agentuity/webanalytics/collect',geo=null;
+function id(){return crypto.randomUUID?crypto.randomUUID():Date.now()+'-'+Math.random().toString(36).substr(2,9)}
+function base(type){var e={id:id(),timestamp:Date.now(),timezone_offset:new Date().getTimezoneOffset(),event_type:type,url:location.href,path:location.pathname,referrer:d.referrer||'',title:d.title||'',screen_width:screen.width||0,screen_height:screen.height||0,viewport_width:innerWidth||0,viewport_height:innerHeight||0,device_pixel_ratio:devicePixelRatio||1,user_agent:navigator.userAgent||'',language:navigator.language||''};if(geo){e.country=geo.country||'';e.region=geo.region||'';e.city=geo.city||'';e.timezone=geo.timezone||''}return e}
+fetch('https://agentuity.sh/location').then(function(r){return r.json()}).then(function(g){geo=g;try{sessionStorage.setItem('agentuity_geo',JSON.stringify(g))}catch(e){}}).catch(function(){try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}});try{var cached=sessionStorage.getItem('agentuity_geo');if(cached)geo=JSON.parse(cached)}catch(e){}
+function getSession(){return w.__AGENTUITY_SESSION__}
+function waitForSession(cb){var s=getSession();if(s){cb(s);return}var attempts=0,maxAttempts=50;var iv=setInterval(function(){s=getSession();if(s||++attempts>=maxAttempts){clearInterval(iv);cb(s)}},100)}
+function doFlush(s){if(!q.length)return;var events=q.splice(0);if(c.isDevmode){console.debug('[Agentuity Analytics]',events);return}var sid=s?s.sessionId:'',tid=s?s.threadId:'';var p={org_id:c.orgId,project_id:c.projectId,session_id:sid,thread_id:tid,visitor_id:localStorage.getItem('agentuity_vid')||'vid_'+id(),events:events};try{localStorage.setItem('agentuity_vid',p.visitor_id)}catch(e){}navigator.sendBeacon?navigator.sendBeacon(E,JSON.stringify(p)):fetch(E,{method:'POST',body:JSON.stringify(p),keepalive:true}).catch(function(){})}
+function flush(){if(sr){doFlush(getSession())}else{waitForSession(function(s){sr=true;doFlush(s)})}}
+function queue(e){if(c.sampleRate<1&&Math.random()>c.sampleRate)return;q.push(e);q.length>=10?flush():t||(t=setTimeout(function(){t=null;flush()},5000))}
+function pv(){var e=base('pageview');if(performance.getEntriesByType){var n=performance.getEntriesByType('navigation')[0];if(n){e.load_time=Math.round(n.loadEventEnd-n.startTime);e.dom_ready=Math.round(n.domContentLoadedEventEnd-n.startTime);e.ttfb=Math.round(n.responseStart-n.requestStart)}}queue(e)}
+w.addEventListener('visibilitychange',function(){d.visibilityState==='hidden'&&flush()});
+w.addEventListener('pagehide',flush);
+if(c.trackSPANavigation){var op=history.pushState,or=history.replaceState,cp=location.pathname;function ch(){var np=location.pathname;np!==cp&&(cp=np,pv())}history.pushState=function(){op.apply(this,arguments);ch()};history.replaceState=function(){or.apply(this,arguments);ch()};w.addEventListener('popstate',ch)}
+if(c.trackErrors){w.addEventListener('error',function(e){var ev=base('error');ev.event_name='js_error';ev.event_data=JSON.stringify({message:e.message||'Unknown',filename:e.filename||'',lineno:e.lineno||0});queue(ev)});w.addEventListener('unhandledrejection',function(e){var ev=base('error');ev.event_name='unhandled_rejection';ev.event_data=JSON.stringify({message:e.reason instanceof Error?e.reason.message:String(e.reason)});queue(ev)})}
+if(c.trackClicks){d.addEventListener('click',function(e){var t=e.target;if(!t)return;var a=t.closest('[data-analytics]');if(!a)return;var ev=base('click');ev.event_name=a.getAttribute('data-analytics');queue(ev)},true)}
+if(c.trackScroll){var ms=new Set(),mx=0;function gs(){var st=w.scrollY||d.documentElement.scrollTop,sh=d.documentElement.scrollHeight-d.documentElement.clientHeight;return sh<=0?100:Math.min(100,Math.round(st/sh*100))}w.addEventListener('scroll',function(){var dp=gs();if(dp>mx)mx=dp;[25,50,75,100].forEach(function(m){if(dp>=m&&!ms.has(m)){ms.add(m);var ev=base('scroll');ev.event_name='scroll_'+m;ev.scroll_depth=m;queue(ev)}})},{passive:true})}
+if(c.trackWebVitals!==false&&typeof PerformanceObserver!=='undefined'){var wvLcp=0,wvCls=0,wvInp=0,wvPath=location.pathname,wvSent={};function wvReset(){wvLcp=0;wvCls=0;wvInp=0;wvSent={}}function wvSend(){var p=wvPath;if(wvLcp>0&&!wvSent.lcp){wvSent.lcp=1;var ev=base('web_vital');ev.event_name='lcp';ev.lcp=Math.round(wvLcp);ev.path=p;queue(ev)}if(!wvSent.cls){wvSent.cls=1;var ev=base('web_vital');ev.event_name='cls';ev.cls=Math.round(wvCls*1000)/1000;ev.path=p;queue(ev)}if(wvInp>0&&!wvSent.inp){wvSent.inp=1;var ev=base('web_vital');ev.event_name='inp';ev.inp=Math.round(wvInp);ev.path=p;queue(ev)}flush()}try{var fcpObs=new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.name==='first-contentful-paint'){var ev=base('web_vital');ev.event_name='fcp';ev.fcp=Math.round(e.startTime);queue(ev);flush();fcpObs.disconnect()}})});fcpObs.observe({type:'paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){var entries=l.getEntries();if(entries.length)wvLcp=entries[entries.length-1].startTime}).observe({type:'largest-contentful-paint',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(!e.hadRecentInput&&e.value)wvCls+=e.value})}).observe({type:'layout-shift',buffered:true})}catch(e){}try{new PerformanceObserver(function(l){l.getEntries().forEach(function(e){if(e.duration&&e.duration>wvInp)wvInp=e.duration})}).observe({type:'event',buffered:true})}catch(e){}d.addEventListener('visibilitychange',function(){if(d.visibilityState==='hidden')wvSend()});w.addEventListener('pagehide',wvSend);if(c.trackSPANavigation){var wvOp=history.pushState,wvOr=history.replaceState;function wvNav(){var np=location.pathname;if(np!==wvPath){wvSend();wvPath=np;wvReset()}}history.pushState=function(){wvOp.apply(this,arguments);wvNav()};history.replaceState=function(){wvOr.apply(this,arguments);wvNav()};w.addEventListener('popstate',wvNav)}}
+d.readyState==='complete'?pv():w.addEventListener('load',pv);
+w.agentuityAnalytics={track:function(n,p){var e=base('custom');e.event_name=n;if(p)e.event_data=JSON.stringify(p);queue(e)},flush:flush};
+})()\`;
+
+// Serve analytics routes
+export function registerAnalyticsRoutes(app: ReturnType<typeof createRouter>): void {
+	// Dynamic thread config script - sets cookie and returns thread ID
+	// Web analytics only tracks thread ID, not session ID (to avoid polluting sessions table)
+	// This endpoint is NOT cached - it generates unique data per request
+	app.get('/_agentuity/webanalytics/session.js', createWebSessionMiddleware(), async (c: Context) => {
+		// Read from context (cookies aren't readable until the next request)
+		const threadId = c.get('_webThreadId') || '';
+
+		// Use JSON.stringify to safely escape threadId and prevent XSS/injection
+		const sessionData = JSON.stringify({ threadId });
+		const sessionScript = \`window.__AGENTUITY_SESSION__=\${sessionData};\`;
+
+		return new Response(sessionScript, {
+			headers: {
+				'Content-Type': 'application/javascript; charset=utf-8',
+				'Cache-Control': 'no-store, no-cache, must-revalidate',
+			},
+		});
+	});
+
+	// Static beacon script - can be cached
+	app.get('/_agentuity/webanalytics/analytics.js', async (c: Context) => {
+		return new Response(BEACON_SCRIPT, {
+			headers: {
+				'Content-Type': 'application/javascript; charset=utf-8',
+				'Cache-Control': 'public, max-age=3600',
+			},
+		});
+	});
+}
+`;
+}

package/src/cmd/cloud/deploy.ts

@@ -370,25 +370,7 @@ export const deploySubcommand = createSubcommand({
 							}
 						},
 					},
-					{
-						label: 'Create Deployment',
-						run: async () => {
-							if (useExistingDeployment) {
-								return stepSkipped('using pre-created deployment');
-							}
-							try {
-								deployment = await projectDeploymentCreate(
-									apiClient,
-									project.projectId,
-									project.deployment
-								);
-								return stepSuccess();
-							} catch (ex) {
-								const _ex = ex as { message?: string };
-								return stepError(_ex.message ?? String(_ex), ex as Error);
-							}
-						},
-					},
+
 					{
 						label: 'Build, Verify and Package',
 						run: async () => {

package/src/cmd/dev/index.ts

@@ -18,6 +18,8 @@ import { typecheck } from '../build/typecheck';
 import { createFileWatcher } from './file-watcher';
 import { regenerateSkillsAsync } from './skills';
 import { prepareDevLock, releaseLockSync } from './dev-lock';
+import { checkAndUpgradeDependencies } from '../../utils/dependency-checker';
+import { ErrorCode } from '../../errors';
 
 const DEFAULT_PORT = 3500;
 const MIN_PORT = 1024;
@@ -214,6 +216,16 @@ export const command = createCommand({
 		// This is a fallback for cases where the lockfile was corrupted
 		await killLingeringGravityProcesses(logger);
 
+		// Check and upgrade @agentuity/* dependencies if needed
+		const upgradeResult = await checkAndUpgradeDependencies(rootDir, logger);
+		if (upgradeResult.failed.length > 0) {
+			devLock.release();
+			tui.fatal(
+				`Failed to upgrade dependencies: ${upgradeResult.failed.join(', ')}`,
+				ErrorCode.BUILD_FAILED
+			);
+		}
+
 		try {
 			// Setup devmode and gravity (if using public URL)
 			const useMockService = process.env.DEVMODE_SYNC_SERVICE_MOCK === 'true';

package/src/cmd/project/auth/shared.ts

@@ -122,7 +122,8 @@ export async function selectOrCreateDatabase(options: {
 export const AUTH_DEPENDENCIES = {
 	'@agentuity/auth': 'latest',
 	'better-auth': '^1.4.9',
-	'drizzle-orm': '^0.44.0',
+	'drizzle-orm': '^0.45.0',
+	'drizzle-kit': '^0.31.0',
 } as const;
 
 /**

package/src/cmd/project/template-flow.ts

@@ -196,7 +196,7 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 			return;
 		}
 		selectedTemplate = found;
-	} else if (skipPrompts) {
+	} else if (skipPrompts || templates.length === 1) {
 		selectedTemplate = templates[0];
 	} else {
 		let maxLength = 15;
@@ -246,8 +246,8 @@ export async function runCreateFlow(options: CreateFlowOptions): Promise<void> {
 		logger,
 	});
 
-	// Re-display template selection after spinners clear it
-	if (!skipPrompts) {
+	// Re-display template selection after spinners clear it (only if user actually selected)
+	if (!skipPrompts && templates.length > 1) {
 		const { symbols, tuiColors } = tui;
 		console.log(`${tuiColors.completed(symbols.completed)}  Select a template:`);
 		console.log(`${tuiColors.secondary(symbols.bar)}  ${tuiColors.muted(selectedTemplate.name)}`);

package/src/tui.ts

@@ -67,14 +67,16 @@ export const ICONS = {
 } as const;
 
 /**
- * Check if we should treat stdout as a TTY (real TTY or FORCE_COLOR set by fork wrapper)
- * Returns false in CI environments since CI terminals don't support cursor control sequences
+ * Check if we should treat the terminal as TTY-like for interactive output
+ * (real TTY on stdout or stderr, or FORCE_COLOR set by fork wrapper).
+ * Returns false in CI environments since CI terminals often don't support
+ * cursor control sequences reliably.
  */
 export function isTTYLike(): boolean {
 	if (process.env.CI) {
 		return false;
 	}
-	return process.stdout.isTTY || process.env.FORCE_COLOR === '1';
+	return !!process.stdout.isTTY || !!process.stderr.isTTY || process.env.FORCE_COLOR === '1';
 }
 
 /**
@@ -1120,8 +1122,9 @@ export async function spinner<T>(
 	const outputOptions = getOutputOptions();
 	const noProgress = outputOptions ? shouldDisableProgress(outputOptions) : false;
 
-	// If no TTY or progress disabled, just execute the callback without animation
-	if (!process.stderr.isTTY || noProgress) {
+	// If no interactive TTY-like environment or progress disabled, just execute
+	// the callback without animation
+	if (!isTTYLike() || noProgress) {
 		try {
 			const result =
 				options.type === 'progress'

package/src/utils/dependency-checker.ts

@@ -57,12 +57,6 @@ export async function checkAndUpgradeDependencies(
 		failed: [],
 	};
 
-	// Skip in CI/non-interactive environments
-	if (!process.stdin.isTTY) {
-		logger.debug('Skipping dependency check in non-interactive environment');
-		return result;
-	}
-
 	const packageJsonPath = join(projectDir, 'package.json');
 	const cliVersion = getVersion();
 

package/src/version-check.ts

@@ -139,10 +139,10 @@ async function updateCheckTimestamp(config: Config | null, logger: Logger): Prom
  */
 async function performUpgrade(logger: Logger): Promise<void> {
 	try {
-		// Run upgrade command (it will validate, download, install, etc.)
+		// Run upgrade command with --force since user already confirmed via prompt
 		// Use process.execPath to get the actual binary path (not Bun.main which is virtual)
 		logger.info('Starting upgrade...');
-		await $`${process.execPath} upgrade`.quiet();
+		await $`${process.execPath} upgrade --force`.quiet();
 
 		// If we got here, the upgrade succeeded
 		// Re-run the original command with the new binary