@anyship/cli 0.3.0 → 0.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -21,23 +21,20 @@ never hand-pick files.
21
21
 
22
22
  ### `anyship login`
23
23
 
24
- Run **`anyship login`** with no arguments and it opens your browser to sign in
25
- (OAuth) the same login you use for the anyship connector, no key required. It
26
- stores the resulting token in `~/.anyship/config.json` (mode `0600`), refreshing
27
- it automatically. This is the common path now that most people connect with
28
- browser login.
29
-
30
- Prefer an API key (CI, scripts)? Pass one and it's validated + stored instead:
24
+ An **`anyship_sk_…` API key is the only credential there is no browser/OAuth
25
+ login.** `anyship login` takes your key, validates it against the control plane,
26
+ and stores it in `~/.anyship/config.json` (mode `0600`), so `deploy` and `mcp`
27
+ authenticate automatically afterward. Grab the key from the anyship dashboard.
31
28
 
32
29
  ```bash
33
- anyship login # browser login (OAuth) no key
34
- anyship login --key anyship_sk_… # or an API key: echo $KEY | anyship login --with-token
30
+ anyship login --key anyship_sk_… # validate + store the key
31
+ echo $KEY | anyship login --with-token # or pipe it (CI / scripts no key in shell history)
35
32
  anyship logout # remove stored credentials
36
33
  ```
37
34
 
38
- `deploy` and `mcp` then authenticate automatically. If neither a key nor a stored
39
- token is present, `deploy` triggers the browser login on first use; the `mcp`
40
- server uses only stored auth (run `anyship login` once first).
35
+ If no key is present, `login` errors telling you to supply one it never opens a
36
+ browser. (OAuth exists only for **dashboard** sign-in Google/GitHub never for
37
+ the CLI, MCP, or deploy.)
41
38
 
42
39
  ### `anyship deploy [path]`
43
40
 
@@ -60,7 +57,7 @@ other tool (`list_projects`, `deployment_status`, `add_domain`, `logs`, …) is
60
57
  proxied to the control plane. Add it to Claude Code:
61
58
 
62
59
  ```bash
63
- anyship login
60
+ anyship login --key anyship_sk_…
64
61
  claude mcp add anyship -- npx -y @anyship/cli mcp
65
62
  ```
66
63
 
@@ -69,14 +66,15 @@ files and never handles your API key.
69
66
 
70
67
  ## Configuration
71
68
 
72
- Auth resolves in this order an **API key** if you have one, otherwise **OAuth**:
69
+ The `anyship_sk_…` API key is the only credential. It resolves in this order (first
70
+ hit wins); if none is found, the command fails loudly rather than falling back to
71
+ any other account:
73
72
 
74
73
  1. `--key` flag
75
74
  2. `ANYSHIP_API_KEY` env
76
- 3. a stored API key (`~/.anyship/config.json`)
77
- 4. an `mcp_servers.anyship` entry in `~/.codex/config.toml`
78
- 5. a stored **OAuth token** (`~/.anyship/config.json`, auto-refreshed)
79
- 6. otherwise → browser login (interactive commands only)
75
+ 3. a stored key (`~/.anyship/config.json`, written by `anyship login`)
76
+ 4. the anyship MCP-connector key from an existing client config — `~/.codex/config.toml`
77
+ or `~/.claude.json` (so configuring the connector is enough for the CLI too)
80
78
 
81
- The control-plane URL comes from `--api`, `ANYSHIP_API_URL`, the stored config, or
82
- the default. Requires Node.js 18+.
79
+ There is no OAuth token and no browser-login fallback. The control-plane URL comes
80
+ from `--api`, `ANYSHIP_API_URL`, the stored config, or the default. Requires Node.js 18+.
package/package.json CHANGED
@@ -1,10 +1,10 @@
1
1
  {
2
2
  "name": "@anyship/cli",
3
- "version": "0.3.0",
3
+ "version": "0.3.1",
4
4
  "description": "anyship CLI — deploy a local project directory, run a local MCP server for AI agents, and log in.",
5
5
  "type": "module",
6
6
  "bin": {
7
- "anyship": "./bin/anyship.mjs"
7
+ "anyship": "bin/anyship.mjs"
8
8
  },
9
9
  "exports": {
10
10
  ".": "./src/index.mjs"
@@ -16,8 +16,16 @@ import { resolve } from "node:path";
16
16
  const PROTOCOL_VERSION = "2025-06-18";
17
17
  const SERVER_INFO = { name: "anyship", version: "0.1.0" };
18
18
 
19
+ // The AUTH paragraph is load-bearing — keep it this explicit. This server runs
20
+ // from the CLI, which already holds the credential, so an agent should never
21
+ // think about auth; past agents mistook a generic "requires authentication"
22
+ // prompt for an OAuth step and stalled. Shut that down here, permanently.
19
23
  const SERVER_INSTRUCTIONS = [
20
- "anyship deploys a web app to a live URL. To deploy a project on disk, call `deploy` with the project name and the directory path — anyship gathers every file that isn't gitignored (via git), uploads it, detects the stack, and builds. You never select, list, or exclude files, and you never handle an API key: this server is already authenticated.",
24
+ "anyship deploys a web app to a live URL. To deploy a project on disk, call `deploy` with the project name and the directory path — anyship gathers every file that isn't gitignored (via git), uploads it, detects the stack, and builds. You never select, list, or exclude files.",
25
+ "",
26
+ "DEPLOY is deterministic; you are not — run the one call and trust it, and do NOT reason about, verify, or optimize any part of it. This tool does 100% of the work. Do NOT: choose which subdirectory to send, run a build yourself, generate or read config files, hunt for a 'web root'/output dir, dry-run to inspect files, or judge size. Point it at the project's top-level directory and let anyship handle detection, build, and what to serve. If a deploy fails, read its error — don't predict failures beforehand.",
27
+ "",
28
+ "AUTH — you do not deal with this, at all. This server runs from the anyship CLI, which already holds the credential, so it is authenticated for you. Treat auth as an invisible, solved detail: there is NO OAuth and NO sign-in flow, and no token for you to obtain, paste, or ask anyone for (the only credential is an `anyship_sk_` API key the CLI supplies automatically). Never tell the user to \"authorize\" / \"connect\" / \"sign in\", never ask for auth codes, tokens, or callback URLs, and never report auth (or a client's generic \"requires authentication\" prompt) as a reason you can't deploy. Just call the tools. The ONE exception: if a tool actually returns `not authenticated`, the whole fix is one shell command the user runs once — `anyship login --key anyship_sk_…` — then retry.",
21
29
  "",
22
30
  "Point `deploy` at the project's web root — the folder holding index.html / package.json (defaults to the current directory).",
23
31
  "",