@ascendkit/cli 0.3.12 → 0.3.14

package/dist/cli.js

@@ -40,13 +40,14 @@ Services:
   survey           Surveys, questions, distribution, analytics
   journey          Lifecycle journeys, nodes, transitions
   email-identity   Email domains, sender identities, and DNS
-  env              Environment variable settings
+  vars             Environment variable settings
   webhook          Webhook endpoints and testing
   campaign         Email campaigns, scheduling, analytics
   import           Import users from external auth providers
 
 Project Management:
-  project          Projects and environment selection
+  project          Projects and project creation
+  env              List environments for a project
   environment      Active environment operations
   verify           Check all services in the active environment
 
@@ -57,10 +58,9 @@ const HELP_SECTION = {
 
 Commands:
   auth show
-  auth update [--providers <p1,p2,...>] [--email-verification <true|false>] [--waitlist <true|false>] [--password-reset <true|false>] [--session-duration <duration>]
+  auth update [--providers <p1,p2,...>] [--email-verification <true|false>] [--waitlist <true|false>] [--password-reset <true|false>] [--session-duration <duration>] [--allowed-domains <d1,d2,...>] [--block-personal-domains <true|false>]
   auth provider list
   auth provider set <p1,p2,...>
-  auth oauth open <provider>
   auth oauth set <provider> --client-id <id> [--client-secret <secret> | --client-secret-stdin]
   auth oauth remove <provider>
   auth user list
@@ -167,12 +167,18 @@ Commands:
   environment show
   environment update [<env-id>] [--name <name>] [--description <desc>]
   environment promote [<env-id>] --target <tier>`,
+    vars: `Usage: ascendkit vars <command>
+
+Commands:
+  vars list
+  vars set <key> <value>
+  vars remove <key>`,
     env: `Usage: ascendkit env <command>
 
 Commands:
-  env list
-  env set <key> <value>
-  env remove <key>`,
+  env list [--project <project-id>]
+
+Lists environments for a project. Uses the active project if --project is not specified.`,
     import: `Usage: ascendkit import <source> <action> [options]
 
 Sources:
@@ -201,8 +207,7 @@ only that phase (e.g. "import clerk run --users ..." imports only users, not set
 Commands:
   project list
   project create --name <name> [--description <description>] [--services <s1,s2,...>]
-  project show <project-id>
-  project env list <project-id>`,
+  project show <project-id>`,
 };
 function printSectionHelp(section) {
     if (!section)
@@ -294,6 +299,9 @@ function printAuthSettingsSummary(data) {
     if (data.sessionDuration) {
         console.log(`Session: ${data.sessionDuration}`);
     }
+    const allowedDomains = Array.isArray(data.allowedDomains) ? data.allowedDomains : [];
+    console.log(`Allowed domains: ${allowedDomains.length > 0 ? allowedDomains.join(", ") : "none"}`);
+    console.log(`Block personal domains: ${data.blockPersonalDomains ? "on" : "off"}`);
 }
 function printTemplateSummary(data, opts) {
     console.log(`Template: ${data.name} (${data.id})`);
@@ -309,7 +317,7 @@ function printTemplateSummary(data, opts) {
     }
     if (Array.isArray(data.unconfiguredVariables) && data.unconfiguredVariables.length > 0) {
         console.log(`\n⚠ Unconfigured variables: ${data.unconfiguredVariables.join(", ")}`);
-        console.log(`  Set values with: ascendkit env set <key> <value>`);
+        console.log(`  Set values with: ascendkit vars set <key> <value>`);
     }
     if (Array.isArray(data.relatedJourneys) && data.relatedJourneys.length > 0) {
         const refs = data.relatedJourneys.map((j) => `${j.name} (${j.id})`).join(", ");
@@ -636,7 +644,6 @@ async function run() {
                 table(projects, [
                     { key: "id", label: "ID" },
                     { key: "name", label: "Name", width: 30 },
-                    { key: "enabledServices", label: "Services", width: 30 },
                 ]);
             }
             else if (action === "show") {
@@ -646,9 +653,6 @@ async function run() {
                 }
                 printProjectSummary(await platform.showProject(args[2]));
             }
-            else if (action === "env") {
-                await runProjectEnvironment(args.slice(2));
-            }
             else if (action === "create") {
                 const flags = parseFlags(args.slice(2));
                 if (!flags.name) {
@@ -677,7 +681,7 @@ async function run() {
                 }
             }
             else {
-                console.error('Usage: ascendkit project list|create|show|env');
+                console.error('Usage: ascendkit project list|create|show');
                 return await exitCli(1);
             }
             return;
@@ -698,7 +702,10 @@ async function run() {
             await runEnvironment(action, args.slice(2));
             return;
         case "env":
-            await runKeystore(action, args.slice(2));
+            await runEnv(action, args.slice(2));
+            return;
+        case "vars":
+            await runVars(action, args.slice(2));
             return;
     }
     // Service commands (need environment key)
@@ -899,26 +906,24 @@ async function runImport(client, source, rest) {
 function flagsFromLegacy(args) {
     return parseFlags(args);
 }
-async function runProjectEnvironment(rest) {
-    const action = rest[0];
-    const target = rest[1];
-    switch (action) {
-        case "list":
-            if (!target) {
-                console.error("Usage: ascendkit project env list <project-id>");
-                return await exitCli(1);
-            }
-            table(await platform.listEnvironments(target), [
-                { key: "id", label: "ID" },
-                { key: "name", label: "Name", width: 20 },
-                { key: "tier", label: "Tier" },
-                { key: "publicKey", label: "Public Key" },
-            ]);
-            return;
-        default:
-            console.error("Usage: ascendkit project env list <project-id>");
-            return await exitCli(1);
+async function runEnv(action, rest) {
+    if (action !== "list") {
+        console.error("Usage: ascendkit env list [--project <project-id>]");
+        return await exitCli(1);
+    }
+    const flags = parseFlags(rest);
+    const projectId = flags.project || loadEnvContext()?.projectId;
+    if (!projectId) {
+        console.error("Provide --project <id> or run ascendkit set-env first.");
+        console.error("  List projects: ascendkit project list");
+        return await exitCli(1);
     }
+    table(await platform.listEnvironments(projectId), [
+        { key: "id", label: "ID" },
+        { key: "name", label: "Name", width: 20 },
+        { key: "tier", label: "Tier" },
+        { key: "publicKey", label: "Public Key" },
+    ]);
 }
 async function runEnvironment(action, rest) {
     const flags = parseFlags(rest);
@@ -997,7 +1002,7 @@ async function runEnvironment(action, rest) {
             return await exitCli(1);
     }
 }
-async function runKeystore(action, rest) {
+async function runVars(action, rest) {
     const ctx = loadEnvContext();
     if (!ctx) {
         console.error("No environment set. Run: ascendkit set-env <public-key>");
@@ -1013,7 +1018,7 @@ async function runKeystore(action, rest) {
             const key = rest[0];
             const value = rest[1];
             if (!key || value === undefined) {
-                console.error("Usage: ascendkit env set <key> <value>");
+                console.error("Usage: ascendkit vars set <key> <value>");
                 return await exitCli(1);
             }
             vars[key] = value;
@@ -1024,7 +1029,7 @@ async function runKeystore(action, rest) {
         case "remove": {
             const key = rest[0];
             if (!key) {
-                console.error("Usage: ascendkit env remove <key>");
+                console.error("Usage: ascendkit vars remove <key>");
                 return await exitCli(1);
             }
             if (!(key in vars)) {
@@ -1063,8 +1068,8 @@ async function runKeystore(action, rest) {
             return;
         }
         default:
-            console.error(`Unknown env command: ${action}`);
-            console.error("Usage: ascendkit env list|set|remove");
+            console.error(`Unknown vars command: ${action}`);
+            console.error("Usage: ascendkit vars list|set|remove");
             return await exitCli(1);
     }
 }
@@ -1094,7 +1099,15 @@ async function runAuth(client, action, rest) {
             }
             if (flags["session-duration"])
                 params.sessionDuration = flags["session-duration"];
-            printAuthSettingsSummary(await auth.updateSettings(client, params));
+            if (flags["allowed-domains"] !== undefined) {
+                const raw = flags["allowed-domains"].trim();
+                params.allowedDomains = raw === "" ? [] : raw.split(",").map((d) => d.trim()).filter(Boolean);
+            }
+            if (flags["block-personal-domains"] !== undefined)
+                params.blockPersonalDomains = flags["block-personal-domains"] === "true";
+            const updated = await auth.updateSettings(client, params);
+            console.log("Updated.\n");
+            printAuthSettingsSummary(updated);
             break;
         }
         case "provider":
@@ -1117,8 +1130,8 @@ async function runAuth(client, action, rest) {
             }
             break;
         case "oauth": {
-            const oauthAction = rest[0] === "open" || rest[0] === "set" || rest[0] === "remove" ? rest[0] : "open";
-            const provider = oauthAction === "open" && rest[0] !== "open" ? rest[0] : rest[1];
+            const oauthAction = rest[0];
+            const provider = rest[1];
             if (oauthAction === "set") {
                 if (!provider || !flags["client-id"]) {
                     console.error("Usage: ascendkit auth oauth set <provider> --client-id <id> [--client-secret <secret> | --client-secret-stdin]");
@@ -1149,7 +1162,7 @@ async function runAuth(client, action, rest) {
                 const appUrl = (variables.APP_URL ?? "").trim();
                 if (!appUrl) {
                     console.error("Set APP_URL for this environment first. AscendKit uses APP_URL to generate the redirect URI for custom OAuth credentials.");
-                    console.error("Use: ascendkit env set APP_URL https://your-app.com");
+                    console.error("Use: ascendkit vars set APP_URL https://your-app.com");
                     return await exitCli(1);
                 }
                 await auth.updateOAuthCredentials(client, provider, flags["client-id"], clientSecret);
@@ -1164,15 +1177,8 @@ async function runAuth(client, action, rest) {
                 console.log(`Removed OAuth credentials for ${provider}.`);
             }
             else {
-                if (!provider) {
-                    console.error("Usage: ascendkit auth oauth open <provider>");
-                    return await exitCli(1);
-                }
-                const portalUrl = process.env.ASCENDKIT_PORTAL_URL ?? "http://localhost:3000";
-                const url = auth.getOAuthSetupUrl(portalUrl, provider, client.currentPublicKey ?? undefined);
-                console.log(`Opening browser to configure ${provider} OAuth credentials...`);
-                console.log(url);
-                openBrowser(url);
+                console.error("Usage: ascendkit auth oauth set|remove <provider>");
+                return await exitCli(1);
             }
             break;
         }
@@ -1549,7 +1555,7 @@ function runStatus() {
     }
     else {
         console.log("  No environment set. Run: ascendkit set-env <public-key>");
-        console.log("  List environments: ascendkit project env list <project-id>");
+        console.log("  List environments: ascendkit env list --project <project-id>");
     }
     console.log();
 }

package/dist/commands/auth.d.ts

@@ -8,6 +8,8 @@ export interface UpdateSettingsParams {
         requireUsername?: boolean;
     };
     sessionDuration?: string;
+    allowedDomains?: string[];
+    blockPersonalDomains?: boolean;
 }
 export declare function getSettings(client: AscendKitClient): Promise<unknown>;
 export declare function updateSettings(client: AscendKitClient, params: UpdateSettingsParams): Promise<unknown>;

package/dist/commands/auth.js

@@ -9,6 +9,10 @@ export async function updateSettings(client, params) {
         body.features = params.features;
     if (params.sessionDuration !== undefined)
         body.sessionDuration = params.sessionDuration;
+    if (params.allowedDomains !== undefined)
+        body.allowedDomains = params.allowedDomains;
+    if (params.blockPersonalDomains !== undefined)
+        body.blockPersonalDomains = params.blockPersonalDomains;
     return client.managedPut("/api/auth/settings", body);
 }
 export async function updateProviders(client, providers) {

package/dist/tools/auth.js

@@ -13,6 +13,11 @@ function formatAuthSettings(data) {
     ];
     if (data.sessionDuration)
         lines.push(`Session: ${data.sessionDuration}`);
+    const allowedDomains = Array.isArray(data.allowedDomains) ? data.allowedDomains : [];
+    if (allowedDomains.length > 0)
+        lines.push(`Allowed domains: ${allowedDomains.join(", ")}`);
+    if (data.blockPersonalDomains)
+        lines.push("Block personal domains: on");
     return lines.join("\n");
 }
 export function registerAuthTools(server, client) {
@@ -42,6 +47,24 @@ export function registerAuthTools(server, client) {
         const data = await auth.updateSettings(client, params);
         return { content: [{ type: "text", text: formatAuthSettings(data) }] };
     });
+    server.tool("auth_domain_restrictions", "Configure email domain restrictions for signups. Set an allowlist of specific domains, or block personal email providers (gmail, yahoo, etc.), or both. Allowlist takes precedence when both are set.", {
+        allowedDomains: z
+            .array(z.string())
+            .optional()
+            .describe('Allowed email domains for signup, e.g. ["company.com", "partner.org"]. Pass empty array to clear.'),
+        blockPersonalDomains: z
+            .boolean()
+            .optional()
+            .describe("Block signups from common personal email providers (gmail, yahoo, hotmail, etc.)"),
+    }, async (params) => {
+        const body = {};
+        if (params.allowedDomains !== undefined)
+            body.allowedDomains = params.allowedDomains;
+        if (params.blockPersonalDomains !== undefined)
+            body.blockPersonalDomains = params.blockPersonalDomains;
+        const data = await client.managedPut("/api/auth/settings", body);
+        return { content: [{ type: "text", text: formatAuthSettings(data) }] };
+    });
     server.tool("auth_provider_set", "Set which auth providers are enabled for the project. Credentials and magic-link are mutually exclusive. Social-only login (e.g. [\"google\"]) is valid. At least one provider required.", {
         providers: z
             .array(z.string())

package/dist/tools/platform.js

@@ -206,7 +206,7 @@ export function registerPlatformTools(server, client) {
             };
         }
     });
-    server.tool("env_list", "List environment variable values for the active environment. Uses the shared .ascendkit environment context by default.", {
+    server.tool("vars_list", "List environment variable values for the active environment. Uses the shared .ascendkit environment context by default.", {
         projectId: z.string().optional().describe("Optional project ID override (defaults to active environment project)"),
         envId: z.string().optional().describe("Optional environment ID override (defaults to active environment)"),
     }, async (params) => {
@@ -235,7 +235,7 @@ export function registerPlatformTools(server, client) {
             return { content: [{ type: "text", text: message }], isError: true };
         }
     });
-    server.tool("env_replace", "Replace the full environment variable map for the active environment. Pass the full key-value map.", {
+    server.tool("vars_replace", "Replace the full environment variable map for the active environment. Pass the full key-value map.", {
         projectId: z.string().optional().describe("Optional project ID override (defaults to active environment project)"),
         envId: z.string().optional().describe("Optional environment ID override (defaults to active environment)"),
         variables: z.record(z.string()).describe("Key-value map of environment variables"),
@@ -265,7 +265,7 @@ export function registerPlatformTools(server, client) {
             };
         }
     });
-    server.tool("env_set", "Set a single environment variable for the active environment.", {
+    server.tool("vars_set", "Set a single environment variable for the active environment.", {
         projectId: z.string().optional().describe("Optional project ID override (defaults to active environment project)"),
         envId: z.string().optional().describe("Optional environment ID override (defaults to active environment)"),
         key: z.string().describe("Environment variable key"),
@@ -291,7 +291,7 @@ export function registerPlatformTools(server, client) {
             return { content: [{ type: "text", text: message }], isError: true };
         }
     });
-    server.tool("env_remove", "Remove a single environment variable from the active environment.", {
+    server.tool("vars_remove", "Remove a single environment variable from the active environment.", {
         projectId: z.string().optional().describe("Optional project ID override (defaults to active environment project)"),
         envId: z.string().optional().describe("Optional environment ID override (defaults to active environment)"),
         key: z.string().describe("Environment variable key to remove"),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@ascendkit/cli",
-  "version": "0.3.12",
+  "version": "0.3.14",
   "description": "AscendKit CLI and MCP server",
   "author": "ascendkit.dev",
   "license": "MIT",