@astralkit/cli 2.0.0

package/src/commands/init.js

@@ -0,0 +1,79 @@
+const chalk = require('chalk');
+const inquirer = require('inquirer');
+const { detectFramework, defaultConfig, writeProjectConfig, getProjectConfig, CONFIG_FILENAME } = require('../lib/config');
+const { validateFramework } = require('../lib/validators');
+
+async function initCommand(options) {
+  console.log(chalk.blue.bold('AstralKit — Project Setup'));
+  console.log();
+
+  // Validate --framework if provided
+  if (options.framework && !validateFramework(options.framework)) {
+    process.exit(1);
+  }
+
+  // Check if already initialized
+  const existing = getProjectConfig();
+  if (existing) {
+    console.log(chalk.yellow(`Found existing ${CONFIG_FILENAME} at ${existing._path}`));
+    const { overwrite } = await inquirer.prompt([{
+      type: 'confirm',
+      name: 'overwrite',
+      message: 'Overwrite existing config?',
+      default: false,
+    }]);
+    if (!overwrite) {
+      console.log(chalk.gray('Aborted.'));
+      return;
+    }
+  }
+
+  // Detect or ask for framework
+  let framework = options.framework;
+  if (!framework) {
+    const detected = detectFramework();
+    console.log(chalk.gray(`Detected framework: ${detected}`));
+
+    const { confirmed } = await inquirer.prompt([{
+      type: 'list',
+      name: 'confirmed',
+      message: 'Which framework are you using?',
+      choices: [
+        { name: `${detected} (detected)`, value: detected },
+        { name: 'HTML + Tailwind', value: 'html' },
+        { name: 'React', value: 'react' },
+        { name: 'Vue', value: 'vue' },
+        { name: 'Next.js', value: 'nextjs' },
+        { name: 'Angular', value: 'angular' },
+        { name: 'Svelte', value: 'svelte' },
+        { name: 'Astro', value: 'astro' },
+      ].filter((c, i, arr) => {
+        // Remove duplicate if detected matches a named option
+        if (i === 0) return true;
+        return c.value !== detected;
+      }),
+      default: detected,
+    }]);
+    framework = confirmed;
+  }
+
+  // Component directory
+  const componentDir = options.dir || 'src/components/ui';
+
+  // Write config
+  const config = defaultConfig(framework);
+  config.componentsDir = componentDir;
+  const configPath = writeProjectConfig(config);
+
+  console.log();
+  console.log(chalk.green('Created'), chalk.cyan(CONFIG_FILENAME));
+  console.log(chalk.gray(`  Framework: ${framework}`));
+  console.log(chalk.gray(`  Components: ${componentDir}/`));
+  console.log();
+  console.log(chalk.green('Next steps:'));
+  console.log(chalk.gray('  astralkit add button        Add a component'));
+  console.log(chalk.gray('  astralkit list              Browse components'));
+  console.log(chalk.gray('  astralkit login             Unlock pro components'));
+}
+
+module.exports = { initCommand };

package/src/commands/list.js

@@ -0,0 +1,64 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const { listComponents } = require('../lib/api');
+const { validateFramework } = require('../lib/validators');
+
+async function listCommand(options) {
+  // Validate --framework if provided
+  if (options.framework && !validateFramework(options.framework)) {
+    process.exit(1);
+  }
+
+  const spinner = ora('Fetching components...').start();
+
+  try {
+    const data = await listComponents({
+      category: options.category,
+      framework: options.framework,
+      pro: options.pro,
+      free: options.free,
+    });
+
+    spinner.stop();
+
+    if (!data.components || data.components.length === 0) {
+      console.log(chalk.yellow('No components found.'));
+      return;
+    }
+
+    // Group by category
+    const grouped = {};
+    for (const comp of data.components) {
+      const cat = comp.category || 'Uncategorized';
+      if (!grouped[cat]) grouped[cat] = [];
+      grouped[cat].push(comp);
+    }
+
+    console.log(chalk.blue.bold(`AstralKit Components (${data.components.length} total)`));
+    console.log();
+
+    for (const [category, components] of Object.entries(grouped)) {
+      console.log(chalk.white.bold(`  ${category}`));
+      for (const comp of components) {
+        const proTag = comp.is_pro ? chalk.magenta(' PRO') : '';
+        const frameworks = comp.supported_frameworks?.length
+          ? chalk.gray(` [${comp.supported_frameworks.join(', ')}]`)
+          : '';
+        console.log(`    ${chalk.cyan(comp.slug)}${proTag}${frameworks}`);
+        if (comp.short_description) {
+          console.log(`      ${chalk.gray(comp.short_description)}`);
+        }
+      }
+      console.log();
+    }
+
+    console.log(chalk.gray('Run'), chalk.cyan('astralkit add <component>'), chalk.gray('to install.'));
+
+  } catch (err) {
+    spinner.fail('Failed to list components.');
+    console.error(chalk.red(err.message));
+    process.exit(1);
+  }
+}
+
+module.exports = { listCommand };

package/src/commands/login.js

@@ -0,0 +1,157 @@
+const http = require('http');
+const crypto = require('crypto');
+const chalk = require('chalk');
+const ora = require('ora');
+const open = require('open');
+const { getAuth, saveAuth } = require('../lib/auth');
+const { API_BASE } = require('../lib/api');
+
+const DEFAULT_CALLBACK_PORT = 9876;
+
+async function loginCommand() {
+  console.log(chalk.blue.bold('AstralKit — Login'));
+  console.log();
+
+  // CI/CD shortcut: if ASTRALKIT_TOKEN is set, skip browser login
+  if (process.env.ASTRALKIT_TOKEN) {
+    const auth = getAuth();
+    if (auth.token) {
+      console.log(chalk.green('Authenticated via ASTRALKIT_TOKEN environment variable.'));
+    } else if (auth.expired) {
+      console.log(chalk.yellow('ASTRALKIT_TOKEN is expired. Please generate a new token.'));
+      process.exit(1);
+    } else {
+      console.log(chalk.red('ASTRALKIT_TOKEN is set but invalid.'));
+      process.exit(1);
+    }
+    return;
+  }
+
+  const callbackPort = parseInt(process.env.ASTRALKIT_LOGIN_PORT || String(DEFAULT_CALLBACK_PORT), 10);
+  if (isNaN(callbackPort) || callbackPort < 1024 || callbackPort > 65535) {
+    console.error(chalk.red('Invalid ASTRALKIT_LOGIN_PORT. Must be between 1024 and 65535.'));
+    process.exit(1);
+  }
+
+  // Generate CSRF state token
+  const state = crypto.randomBytes(32).toString('hex');
+
+  const spinner = ora('Waiting for browser authentication...').start();
+
+  try {
+    const token = await new Promise((resolve, reject) => {
+      const server = http.createServer((req, res) => {
+        const url = new URL(req.url, `http://localhost:${callbackPort}`);
+
+        // Restrict CORS to AstralKit domain only
+        const origin = req.headers['origin'] || '';
+        const allowedOrigin = API_BASE.startsWith('http://localhost')
+          ? origin // Allow localhost in development
+          : 'https://astralkit.com';
+
+        res.setHeader('Access-Control-Allow-Origin', allowedOrigin);
+        res.setHeader('Access-Control-Allow-Methods', 'POST, OPTIONS');
+        res.setHeader('Access-Control-Allow-Headers', 'Content-Type');
+
+        // Handle CORS preflight
+        if (req.method === 'OPTIONS') {
+          res.writeHead(204);
+          res.end();
+          return;
+        }
+
+        if (url.pathname === '/callback' && req.method === 'POST') {
+          let body = '';
+
+          // Limit request body size (1MB max)
+          let bodySize = 0;
+          req.on('data', (chunk) => {
+            bodySize += chunk.length;
+            if (bodySize > 1_048_576) {
+              res.writeHead(413);
+              res.end(JSON.stringify({ error: 'Request body too large' }));
+              server.close();
+              reject(new Error('Received oversized callback payload.'));
+              return;
+            }
+            body += chunk;
+          });
+
+          req.on('end', () => {
+            try {
+              const data = JSON.parse(body);
+
+              // Verify CSRF state token
+              if (data.state !== state) {
+                res.writeHead(403, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: 'State mismatch' }));
+                server.close();
+                reject(new Error('Authentication failed — state mismatch. Please try again.'));
+                return;
+              }
+
+              const token = data.token;
+              const email = data.email;
+              const plan = data.plan;
+
+              if (token) {
+                res.writeHead(200, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ ok: true }));
+                server.close();
+                resolve({ token, email, plan });
+              } else {
+                res.writeHead(400, { 'Content-Type': 'application/json' });
+                res.end(JSON.stringify({ error: 'Missing token' }));
+                server.close();
+                reject(new Error('Authentication failed — no token received.'));
+              }
+            } catch {
+              res.writeHead(400, { 'Content-Type': 'application/json' });
+              res.end(JSON.stringify({ error: 'Invalid request body' }));
+            }
+          });
+        } else {
+          res.writeHead(404);
+          res.end();
+        }
+      });
+
+      server.listen(callbackPort, () => {
+        const loginUrl = `${API_BASE}/cli-auth?callback=${encodeURIComponent(`http://localhost:${callbackPort}/callback`)}&state=${state}`;
+        open(loginUrl);
+      });
+
+      // Timeout after 5 minutes
+      setTimeout(() => {
+        server.close();
+        reject(new Error('Authentication timed out. Please try again.'));
+      }, 5 * 60 * 1000);
+
+      server.on('error', (err) => {
+        if (err.code === 'EADDRINUSE') {
+          reject(new Error(
+            `Port ${callbackPort} is in use. ` +
+            `Close the conflicting process or set ASTRALKIT_LOGIN_PORT to a different port.`
+          ));
+        } else {
+          reject(err);
+        }
+      });
+    });
+
+    // Save credentials
+    saveAuth(token);
+    spinner.succeed('Authenticated successfully!');
+    console.log(chalk.gray(`  Email: ${token.email || 'unknown'}`));
+    console.log(chalk.gray(`  Plan:  ${token.plan || 'free'}`));
+    console.log();
+    console.log(chalk.green('You can now install pro components:'));
+    console.log(chalk.cyan('  astralkit add pricing-table'));
+
+  } catch (err) {
+    spinner.fail(err.message);
+    process.exit(1);
+  }
+}
+
+module.exports = { loginCommand };

package/src/commands/search.js

@@ -0,0 +1,53 @@
+const chalk = require('chalk');
+const ora = require('ora');
+const { listComponents } = require('../lib/api');
+const { validateFramework } = require('../lib/validators');
+
+async function searchCommand(query, options) {
+  // Validate --framework if provided
+  if (options.framework && !validateFramework(options.framework)) {
+    process.exit(1);
+  }
+
+  const spinner = ora(`Searching for "${query}"...`).start();
+
+  try {
+    const data = await listComponents({
+      search: query,
+      framework: options.framework,
+    });
+
+    spinner.stop();
+
+    if (!data.components || data.components.length === 0) {
+      console.log(chalk.yellow(`No components found for "${query}".`));
+      return;
+    }
+
+    console.log(chalk.blue.bold(`Found ${data.components.length} component(s):`));
+    console.log();
+
+    for (const comp of data.components) {
+      const proTag = comp.is_pro ? chalk.magenta(' PRO') : '';
+      const cat = comp.category ? chalk.gray(` (${comp.category})`) : '';
+      console.log(`  ${chalk.cyan(comp.slug)}${proTag}${cat}`);
+      if (comp.short_description || comp.description) {
+        const desc = comp.short_description || comp.description;
+        console.log(`    ${chalk.gray(desc.length > 80 ? desc.slice(0, 80) + '...' : desc)}`);
+      }
+      if (comp.supported_frameworks?.length) {
+        console.log(`    ${chalk.gray(`Frameworks: ${comp.supported_frameworks.join(', ')}`)}`);
+      }
+      console.log();
+    }
+
+    console.log(chalk.gray('Run'), chalk.cyan('astralkit add <component>'), chalk.gray('to install.'));
+
+  } catch (err) {
+    spinner.fail('Search failed.');
+    console.error(chalk.red(err.message));
+    process.exit(1);
+  }
+}
+
+module.exports = { searchCommand };

package/src/commands/update.js

@@ -0,0 +1,123 @@
+const fs = require('fs');
+const path = require('path');
+const chalk = require('chalk');
+const ora = require('ora');
+const inquirer = require('inquirer');
+const { getComponent } = require('../lib/api');
+const { getProjectConfig, detectFramework } = require('../lib/config');
+const { validateSlug, validateFramework, isSafePath } = require('../lib/validators');
+
+async function updateCommand(componentSlug, options) {
+  // Validate inputs
+  if (!validateSlug(componentSlug)) process.exit(1);
+  if (!validateFramework(options.framework)) process.exit(1);
+
+  const config = getProjectConfig();
+  const framework = options.framework || config?.framework || detectFramework();
+  const componentsDir = options.dir || config?.componentsDir || 'src/components/ui';
+  const targetDir = path.resolve(process.cwd(), componentsDir, componentSlug);
+
+  // Check if component exists locally
+  if (!fs.existsSync(targetDir)) {
+    console.log(chalk.yellow(`Component "${componentSlug}" not found locally.`));
+    console.log(chalk.gray(`Run ${chalk.cyan(`astralkit add ${componentSlug}`)} to install it first.`));
+    return;
+  }
+
+  const spinner = ora(`Fetching latest ${componentSlug} (${framework})...`).start();
+
+  try {
+    const data = await getComponent(componentSlug, framework);
+
+    if (!data.files || data.files.length === 0) {
+      spinner.fail(`No ${framework} code available for "${componentSlug}".`);
+      return;
+    }
+
+    spinner.stop();
+
+    // Check which files have changes
+    const changedFiles = [];
+    const newFiles = [];
+
+    for (const remoteFile of data.files) {
+      const localPath = path.join(targetDir, remoteFile.path);
+
+      if (!fs.existsSync(localPath)) {
+        newFiles.push(remoteFile);
+        continue;
+      }
+
+      const localContent = fs.readFileSync(localPath, 'utf8');
+      if (localContent !== remoteFile.content) {
+        changedFiles.push(remoteFile);
+      }
+    }
+
+    if (changedFiles.length === 0 && newFiles.length === 0) {
+      console.log(chalk.green('Already up to date.'));
+      return;
+    }
+
+    // Show what will change
+    console.log(chalk.blue.bold(`Update: ${data.name || componentSlug}`));
+    console.log();
+
+    if (changedFiles.length > 0) {
+      console.log(chalk.yellow('Modified files:'));
+      for (const f of changedFiles) {
+        console.log(chalk.yellow(`  ~ ${f.path}`));
+      }
+    }
+    if (newFiles.length > 0) {
+      console.log(chalk.green('New files:'));
+      for (const f of newFiles) {
+        console.log(chalk.green(`  + ${f.path}`));
+      }
+    }
+    console.log();
+
+    // Confirm unless --force
+    if (!options.force) {
+      const { confirm } = await inquirer.prompt([{
+        type: 'confirm',
+        name: 'confirm',
+        message: `Update ${changedFiles.length + newFiles.length} file(s)? This will overwrite local changes.`,
+        default: false,
+      }]);
+
+      if (!confirm) {
+        console.log(chalk.gray('Aborted.'));
+        return;
+      }
+    }
+
+    // Write updated files (with path traversal protection)
+    const updateSpinner = ora('Updating files...').start();
+
+    for (const file of [...changedFiles, ...newFiles]) {
+      if (!isSafePath(targetDir, file.path)) {
+        console.log(chalk.red(`  Skipping suspicious file path: ${file.path}`));
+        continue;
+      }
+      const filePath = path.resolve(targetDir, file.path);
+      const fileDir = path.dirname(filePath);
+      if (!fs.existsSync(fileDir)) {
+        fs.mkdirSync(fileDir, { recursive: true });
+      }
+      fs.writeFileSync(filePath, file.content);
+    }
+
+    updateSpinner.succeed(`Updated ${chalk.cyan(data.name || componentSlug)}`);
+
+    for (const file of [...changedFiles, ...newFiles]) {
+      console.log(chalk.gray(`  ${file.path}`));
+    }
+  } catch (err) {
+    spinner.fail('Update failed.');
+    console.error(chalk.red(err.message));
+    process.exit(1);
+  }
+}
+
+module.exports = { updateCommand };

package/src/lib/api.js

@@ -0,0 +1,139 @@
+const path = require('path');
+const { getAuth } = require('./auth');
+
+const pkg = require(path.join(__dirname, '..', '..', 'package.json'));
+const CLI_VERSION = pkg.version;
+
+const DEFAULT_API_BASE = 'https://astralkit.com';
+const REQUEST_TIMEOUT_MS = 30_000;
+
+const API_BASE = (() => {
+  const override = process.env.ASTRALKIT_API_URL;
+  if (!override) return DEFAULT_API_BASE;
+
+  try {
+    const parsed = new URL(override);
+    if (parsed.protocol !== 'https:') {
+      console.warn(
+        '\x1b[33m⚠ ASTRALKIT_API_URL uses insecure protocol. ' +
+        'Auth tokens will be sent in plaintext. Use HTTPS in production.\x1b[0m'
+      );
+    }
+  } catch {
+    console.error('\x1b[31m✖ Invalid ASTRALKIT_API_URL. Falling back to default.\x1b[0m');
+    return DEFAULT_API_BASE;
+  }
+
+  return override;
+})();
+
+/**
+ * Make an authenticated API request to AstralKit.
+ */
+async function apiRequest(urlPath, options = {}) {
+  const url = `${API_BASE}${urlPath}`;
+  const auth = getAuth();
+
+  const headers = {
+    'Accept': 'application/json',
+    'User-Agent': `@astralkit/cli/${CLI_VERSION} node/${process.version}`,
+    'X-AstralKit-CLI': CLI_VERSION,
+    ...options.headers,
+  };
+
+  if (auth.token) {
+    headers['Authorization'] = `Bearer ${auth.token}`;
+  }
+
+  // Request timeout
+  const controller = new AbortController();
+  const timeout = setTimeout(() => controller.abort(), REQUEST_TIMEOUT_MS);
+
+  let response;
+  try {
+    response = await fetch(url, {
+      ...options,
+      headers,
+      signal: controller.signal,
+    });
+  } catch (err) {
+    clearTimeout(timeout);
+    if (err.name === 'AbortError') {
+      const error = new Error('Request timed out. Check your network connection and try again.');
+      error.code = 'TIMEOUT';
+      throw error;
+    }
+    if (err.code === 'ENOTFOUND' || err.cause?.code === 'ENOTFOUND') {
+      const error = new Error('Could not reach astralkit.com. Check your internet connection.');
+      error.code = 'NETWORK_ERROR';
+      throw error;
+    }
+    if (err.code === 'ECONNREFUSED' || err.cause?.code === 'ECONNREFUSED') {
+      const error = new Error('Connection refused. The AstralKit API may be temporarily down.');
+      error.code = 'NETWORK_ERROR';
+      throw error;
+    }
+    throw err;
+  } finally {
+    clearTimeout(timeout);
+  }
+
+  if (response.status === 401) {
+    const message = auth.expired
+      ? 'Session expired. Run `astralkit login` to re-authenticate.'
+      : 'Authentication required. Run `astralkit login` to authenticate.';
+    const err = new Error(message);
+    err.code = 'AUTH_REQUIRED';
+    throw err;
+  }
+
+  if (response.status === 403) {
+    const err = new Error('Pro subscription required for this component. Visit https://astralkit.com/pricing');
+    err.code = 'PRO_REQUIRED';
+    throw err;
+  }
+
+  if (!response.ok) {
+    const body = await response.text().catch(() => '');
+    const err = new Error(`API error ${response.status}: ${body || response.statusText}`);
+    err.code = 'API_ERROR';
+    throw err;
+  }
+
+  return response;
+}
+
+/**
+ * List components with optional filters.
+ */
+async function listComponents({ category, framework, pro, free, search } = {}) {
+  const params = new URLSearchParams();
+  if (category) params.set('category', category);
+  if (framework) params.set('framework', framework);
+  if (pro) params.set('pro', 'true');
+  if (free) params.set('free', 'true');
+  if (search) params.set('search', search);
+
+  const response = await apiRequest(`/api/cli/components?${params}`);
+  return response.json();
+}
+
+/**
+ * Get a single component's details + code files for installation.
+ */
+async function getComponent(slug, framework = 'html') {
+  const response = await apiRequest(
+    `/api/cli/components/${encodeURIComponent(slug)}?framework=${encodeURIComponent(framework)}`
+  );
+  return response.json();
+}
+
+/**
+ * Verify current authentication with the server.
+ */
+async function verifyAuth() {
+  const response = await apiRequest('/api/cli/whoami');
+  return response.json();
+}
+
+module.exports = { apiRequest, listComponents, getComponent, verifyAuth, API_BASE, CLI_VERSION };