@blinkdotnew/cli 0.3.7 → 0.4.0

package/package.json

@@ -1,12 +1,38 @@
 {
   "name": "@blinkdotnew/cli",
-  "version": "0.3.7",
-  "description": "Blink platform CLI — deploy apps, manage databases, generate AI content",
+  "version": "0.4.0",
+  "description": "Blink CLI — full-stack cloud infrastructure from your terminal. Deploy, database, auth, storage, backend, domains, and more.",
   "bin": {
     "blink": "dist/cli.js"
   },
   "main": "./dist/cli.js",
   "type": "module",
+  "keywords": [
+    "blink",
+    "cli",
+    "deploy",
+    "hosting",
+    "backend",
+    "database",
+    "auth",
+    "storage",
+    "domains",
+    "ai",
+    "full-stack",
+    "infrastructure",
+    "cloud",
+    "vibe-coding",
+    "cursor",
+    "claude-code",
+    "codex"
+  ],
+  "homepage": "https://blink.new/docs/cli",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/blink-new/blink-sdk",
+    "directory": "packages/cli"
+  },
+  "license": "MIT",
   "scripts": {
     "build": "tsup",
     "dev": "node --loader tsx src/cli.ts",

package/src/cli.ts

@@ -17,6 +17,18 @@ import { registerProjectCommands } from './commands/project.js'
 import { registerAuthCommands } from './commands/auth.js'
 import { registerAgentCommands } from './commands/agent.js'
 import { registerSecretsCommands } from './commands/secrets.js'
+import { registerAuthConfigCommands } from './commands/auth-config.js'
+import { registerDomainsCommands } from './commands/domains.js'
+import { registerHostingCommands } from './commands/hosting.js'
+import { registerSecurityCommands } from './commands/security.js'
+import { registerEnvCommands } from './commands/env.js'
+import { registerBackendCommands } from './commands/backend.js'
+import { registerFunctionsCommands } from './commands/functions.js'
+import { registerInitCommands } from './commands/init.js'
+import { registerWorkspaceCommands } from './commands/workspace.js'
+import { registerVersionCommands } from './commands/versions.js'
+import { registerBillingCommands } from './commands/billing.js'
+import { registerTokenCommands } from './commands/tokens.js'
 
 const require = createRequire(import.meta.url)
 const pkg = require('../package.json') as { version: string }
@@ -109,6 +121,70 @@ LinkedIn (dedicated commands for the LinkedIn connector):
   $ blink linkedin unlike "urn:li:ugcPost:123"      Unlike a post
   Link LinkedIn at: blink.new/claw (Agent Integrations tab)
 
+Environment Variables (project secrets):
+  $ blink env list                             List env var names
+  $ blink env set STRIPE_KEY sk_live_xxx       Set an env var
+  $ blink env delete OLD_KEY                   Remove an env var
+  $ blink env push .env                        Bulk import from .env file
+  $ blink env pull > .env.local                Export as KEY=VALUE
+
+Backend (Hono server on CF Workers):
+  $ blink backend deploy ./backend             Deploy backend/ to Cloudflare Workers
+  $ blink backend status                       Check backend status + URL
+  $ blink backend logs                         Tail backend request logs
+  $ blink backend delete --yes                 Remove backend
+
+Auth Config (Blink Auth providers):
+  $ blink auth-config get                      Show auth configuration
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config byoc-set --provider google --client-id X --client-secret Y
+
+Domains:
+  $ blink domains list                         List custom domains
+  $ blink domains add myapp.com                Add a custom domain
+  $ blink domains verify <domain_id>           Verify DNS
+  $ blink domains search "myapp"               Search available domains
+  $ blink domains purchase myapp.com           Buy a domain
+
+Hosting:
+  $ blink hosting status                       Check hosting state + URLs
+  $ blink hosting activate                     Activate production hosting
+  $ blink hosting deactivate --yes             Deactivate hosting
+
+Security & CORS:
+  $ blink security get                         Show per-module auth policy
+  $ blink security set --module db --require-auth true
+  $ blink cors get                             Show allowed CORS origins
+  $ blink cors set --origins https://example.com
+
+Functions (legacy edge functions):
+  $ blink functions list                       List edge functions
+  $ blink functions logs index                 View function logs
+  $ blink functions delete old-fn --yes        Delete a function
+
+Versions:
+  $ blink versions list                        List saved versions
+  $ blink versions save --message "v1.0"       Save a snapshot
+  $ blink versions restore ver_xxx --yes       Restore to a version
+
+Workspace:
+  $ blink workspace list                       List workspaces
+  $ blink workspace create "My Team"           Create workspace
+  $ blink workspace members                    List members + roles
+
+Billing:
+  $ blink credits                              Check credit balance
+  $ blink usage                                Usage breakdown
+
+Tokens (Personal Access Tokens):
+  $ blink tokens list                          List PATs
+  $ blink tokens create --name "CI"            Create PAT (shown once!)
+  $ blink tokens revoke <id> --yes             Revoke a PAT
+
+Init:
+  $ blink init                                 Create project + link to current dir
+  $ blink init --name "My App"                 Create with custom name
+
 Agents (Claw — zero config on Fly machines, BLINK_AGENT_ID is already set):
   $ blink agent list                           List all agents in workspace
   $ blink agent status                         Show current agent details
@@ -118,7 +194,6 @@ Secrets (encrypted agent vault — values never shown):
   $ blink secrets list                         List secret key names
   $ blink secrets set GITHUB_TOKEN ghp_xxx     Add/update a secret
   $ blink secrets delete OLD_KEY               Remove a secret
-  $ blink secrets set --agent clw_other KEY v  Set secret on another agent (agent manager pattern)
 
 Tip — check full context (agent + project + auth):
   $ blink status
@@ -152,6 +227,18 @@ registerConnectorCommands(program)
 registerLinkedInCommands(program)
 registerPhoneCommands(program)
 registerSmsCommands(program)
+registerAuthConfigCommands(program)
+registerDomainsCommands(program)
+registerHostingCommands(program)
+registerSecurityCommands(program)
+registerEnvCommands(program)
+registerBackendCommands(program)
+registerFunctionsCommands(program)
+registerInitCommands(program)
+registerWorkspaceCommands(program)
+registerVersionCommands(program)
+registerBillingCommands(program)
+registerTokenCommands(program)
 
 program.command('use <project_id>')
   .description('Set active project for this shell session (alternative to blink link)')

package/src/commands/auth-config.ts

@@ -0,0 +1,129 @@
+import { Command } from 'commander'
+import { appRequest } from '../lib/api-app.js'
+import { requireToken } from '../lib/auth.js'
+import { requireProjectId } from '../lib/project.js'
+import { printJson, isJsonMode, withSpinner, printSuccess, printKv } from '../lib/output.js'
+import chalk from 'chalk'
+
+function printAuthConfig(auth: { mode?: string; providers?: Record<string, { enabled?: boolean }> }) {
+  printKv('Mode', auth.mode ?? 'redirect')
+  console.log()
+  console.log(chalk.bold('Providers:'))
+  for (const [name, cfg] of Object.entries(auth.providers ?? {})) {
+    const status = cfg.enabled ? chalk.green('enabled') : chalk.dim('disabled')
+    console.log(`  ${name.padEnd(12)} ${status}`)
+  }
+}
+
+export function registerAuthConfigCommands(program: Command) {
+  const authConfig = program.command('auth-config')
+    .description('Configure Blink Auth — providers, mode, and BYOC credentials')
+    .addHelpText('after', `
+Manage authentication settings for your Blink project.
+Configure OAuth providers (Google, GitHub, Microsoft, Apple, Email)
+and set managed/headless mode.
+
+Examples:
+  $ blink auth-config get                     Show current auth config
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --mode managed
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-remove --provider google
+`)
+
+  authConfig.command('get [project_id]')
+    .description('Show current auth configuration')
+    .addHelpText('after', `
+Examples:
+  $ blink auth-config get                Show auth config for linked project
+  $ blink auth-config get proj_xxx       Show auth config for specific project
+  $ blink auth-config get --json         Machine-readable output
+`)
+    .action(async (projectArg: string | undefined) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const result = await withSpinner('Loading auth config...', () =>
+        appRequest(`/api/projects/${projectId}/auth`)
+      )
+      if (isJsonMode()) return printJson(result)
+      const auth = result?.auth ?? result
+      printAuthConfig(auth)
+    })
+
+  authConfig.command('set [project_id]')
+    .description('Update auth provider or mode')
+    .option('--provider <name>', 'Provider to update (google/github/microsoft/apple/email)')
+    .option('--enabled <bool>', 'Enable or disable provider (true/false)')
+    .option('--mode <mode>', 'Auth mode (managed/headless)')
+    .addHelpText('after', `
+Examples:
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --provider email --enabled false
+  $ blink auth-config set --mode managed
+  $ blink auth-config set proj_xxx --provider github --enabled true
+`)
+    .action(async (projectArg: string | undefined, opts) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const current = await appRequest(`/api/projects/${projectId}/auth`)
+      const auth = current?.auth ?? current ?? {}
+      if (opts.mode) auth.mode = opts.mode
+      if (opts.provider && opts.enabled !== undefined) {
+        if (!auth.providers) auth.providers = {}
+        const existing = auth.providers[opts.provider]
+        const providerConfig = typeof existing === 'object' && existing ? existing : {}
+        auth.providers[opts.provider] = { ...providerConfig, enabled: opts.enabled === 'true' }
+      }
+      const result = await withSpinner('Updating auth config...', () =>
+        appRequest(`/api/projects/${projectId}/auth`, { method: 'PUT', body: auth })
+      )
+      if (isJsonMode()) return printJson(result)
+      printSuccess('Auth config updated')
+    })
+
+  registerByocCommands(authConfig)
+}
+
+function registerByocCommands(authConfig: Command) {
+  authConfig.command('byoc-set [project_id]')
+    .description('Set BYOC (Bring Your Own Credentials) for an OAuth provider')
+    .requiredOption('--provider <name>', 'Provider (google/github/microsoft/apple)')
+    .requiredOption('--client-id <id>', 'OAuth client ID')
+    .requiredOption('--client-secret <secret>', 'OAuth client secret')
+    .addHelpText('after', `
+Examples:
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-set proj_xxx --provider github --client-id xxx --client-secret yyy
+`)
+    .action(async (projectArg: string | undefined, opts) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const body = { provider: opts.provider, client_id: opts.clientId, client_secret: opts.clientSecret }
+      await withSpinner('Setting BYOC credentials...', () =>
+        appRequest(`/api/projects/${projectId}/auth/byoc`, { body })
+      )
+      if (isJsonMode()) return printJson({ status: 'ok', provider: opts.provider })
+      printSuccess(`BYOC credentials set for ${opts.provider}`)
+    })
+
+  authConfig.command('byoc-remove [project_id]')
+    .description('Remove BYOC credentials for an OAuth provider')
+    .requiredOption('--provider <name>', 'Provider (google/github/microsoft/apple)')
+    .addHelpText('after', `
+Examples:
+  $ blink auth-config byoc-remove --provider google
+  $ blink auth-config byoc-remove proj_xxx --provider github
+`)
+    .action(async (projectArg: string | undefined, opts) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      await withSpinner('Removing BYOC credentials...', () =>
+        appRequest(`/api/projects/${projectId}/auth/byoc`, {
+          method: 'DELETE',
+          body: { provider: opts.provider },
+        })
+      )
+      if (isJsonMode()) return printJson({ status: 'ok', provider: opts.provider })
+      printSuccess(`BYOC credentials removed for ${opts.provider}`)
+    })
+}

package/src/commands/backend.ts

@@ -0,0 +1,175 @@
+import { Command } from 'commander'
+import { appRequest } from '../lib/api-app.js'
+import { requireToken } from '../lib/auth.js'
+import { requireProjectId } from '../lib/project.js'
+import { printJson, printSuccess, printKv, printUrl, isJsonMode, withSpinner, printError } from '../lib/output.js'
+import { readdirSync, readFileSync, statSync } from 'node:fs'
+import { join, relative } from 'node:path'
+import chalk from 'chalk'
+
+const EXCLUDED_FILES = new Set(['package-lock.json', 'bun.lockb', 'yarn.lock', 'pnpm-lock.yaml'])
+
+function collectBackendFiles(dir: string): Array<{ path: string; source_code: string }> {
+  const files: Array<{ path: string; source_code: string }> = []
+  function walk(current: string) {
+    for (const entry of readdirSync(current, { withFileTypes: true })) {
+      if (entry.name === 'node_modules' || entry.name.startsWith('.')) continue
+      const fullPath = join(current, entry.name)
+      if (entry.isDirectory()) { walk(fullPath); continue }
+      if (EXCLUDED_FILES.has(entry.name)) continue
+      const ext = entry.name.split('.').pop()?.toLowerCase() ?? ''
+      if (!['ts', 'js', 'tsx', 'jsx', 'json'].includes(ext)) continue
+      files.push({
+        path: join('backend', relative(dir, fullPath)),
+        source_code: readFileSync(fullPath, 'utf-8'),
+      })
+    }
+  }
+  walk(dir)
+  return files
+}
+
+function resolveProjectAndDir(arg1?: string, arg2?: string): { projectId: string; dir: string } {
+  if (arg2) return { projectId: requireProjectId(arg1), dir: arg2 }
+  if (arg1?.startsWith('proj_')) return { projectId: requireProjectId(arg1), dir: 'backend' }
+  return { projectId: requireProjectId(), dir: arg1 ?? 'backend' }
+}
+
+export function registerBackendCommands(program: Command) {
+  const backend = program.command('backend')
+    .description('Manage backend (CF Workers for Platforms) for your project')
+    .addHelpText('after', `
+Deploy, monitor, and manage your project's backend worker.
+The backend is a Hono server running on Cloudflare Workers for Platforms.
+
+Examples:
+  $ blink backend deploy                   Deploy backend/ folder
+  $ blink backend deploy ./server          Deploy from custom dir
+  $ blink backend status                   Check deployment status
+  $ blink backend logs                     View recent logs
+  $ blink backend delete --yes             Remove backend worker
+`)
+
+  registerBackendDeploy(backend)
+  registerBackendStatus(backend)
+  registerBackendLogs(backend)
+  registerBackendDelete(backend)
+}
+
+function registerBackendDeploy(backend: Command) {
+  backend.command('deploy [project_id] [dir]')
+    .description('Deploy backend files to CF Workers for Platforms')
+    .addHelpText('after', `
+Reads all .ts/.js/.json files from the backend/ directory (or specified dir),
+bundles and deploys them as a Cloudflare Worker.
+
+Examples:
+  $ blink backend deploy                       Deploy backend/ for linked project
+  $ blink backend deploy ./server              Deploy from custom directory
+  $ blink backend deploy proj_xxx              Deploy backend/ for specific project
+  $ blink backend deploy proj_xxx ./api        Deploy ./api for specific project
+`)
+    .action(async (arg1?: string, arg2?: string) => {
+      requireToken()
+      const { projectId, dir } = resolveProjectAndDir(arg1, arg2)
+      if (!statSync(dir, { throwIfNoEntry: false })?.isDirectory()) {
+        printError(`Directory not found: ${dir}`, `Create a backend/ folder with index.ts`)
+        process.exit(1)
+      }
+      const files = collectBackendFiles(dir)
+      if (!files.length) {
+        printError(`No .ts/.js files found in ${dir}`)
+        process.exit(1)
+      }
+      if (!isJsonMode()) console.log(chalk.dim(`  ${files.length} file${files.length === 1 ? '' : 's'} in ${dir}`))
+      const result = await withSpinner('Deploying backend...', () =>
+        appRequest(`/api/v1/projects/${projectId}/backend/deploy`, { body: { files } })
+      )
+      if (isJsonMode()) return printJson(result)
+      printSuccess('Backend deployed')
+      if (result?.url) printUrl('URL', result.url)
+      printKv('Project', projectId)
+    })
+}
+
+function registerBackendStatus(backend: Command) {
+  backend.command('status [project_id]')
+    .description('Check backend deployment status')
+    .addHelpText('after', `
+Examples:
+  $ blink backend status
+  $ blink backend status proj_xxx
+  $ blink backend status --json
+`)
+    .action(async (projectArg?: string) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const result = await withSpinner('Checking status...', () =>
+        appRequest(`/api/v1/projects/${projectId}/backend/status`)
+      )
+      if (isJsonMode()) return printJson(result)
+      printKv('Project', projectId)
+      printKv('Enabled', result?.enabled ? 'yes' : 'no')
+      printKv('Tier', result?.tier ?? '-')
+      printKv('Requests', String(result?.requests_this_month ?? 0))
+      if (result?.enabled) printUrl('URL', `https://${projectId.slice(-8)}.backend.blink.new`)
+    })
+}
+
+function registerBackendLogs(backend: Command) {
+  backend.command('logs [project_id]')
+    .description('View recent backend logs')
+    .option('--minutes <n>', 'Minutes of logs to fetch', '30')
+    .option('--slug <name>', 'Function slug', 'index')
+    .addHelpText('after', `
+Examples:
+  $ blink backend logs                         Last 30 min of logs
+  $ blink backend logs --minutes 60            Last hour
+  $ blink backend logs proj_xxx --minutes 5
+  $ blink backend logs --json
+`)
+    .action(async (projectArg: string | undefined, opts) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const slug = opts.slug ?? 'index'
+      const since = new Date(Date.now() - parseInt(opts.minutes ?? '30') * 60 * 1000).toISOString()
+      const result = await withSpinner('Fetching logs...', () =>
+        appRequest(`/api/v1/projects/${projectId}/functions/${slug}/logs?since=${since}`)
+      )
+      if (isJsonMode()) return printJson(result)
+      const logs: Array<{ timestamp?: string; method?: string; path?: string; status_code?: number; latency_ms?: number; error?: string }> = result?.logs ?? result ?? []
+      if (!logs.length) { console.log(chalk.dim('(no logs)')); return }
+      for (const log of logs) {
+        const ts = log.timestamp ? chalk.dim(new Date(log.timestamp).toLocaleTimeString()) + ' ' : ''
+        const err = log.error ? chalk.red(`  ${log.error}`) : ''
+        console.log(`${ts}${log.method ?? ''} ${log.path ?? ''} ${log.status_code ?? ''} ${log.latency_ms ?? ''}ms${err}`)
+      }
+    })
+}
+
+function registerBackendDelete(backend: Command) {
+  backend.command('delete [project_id]')
+    .description('Delete the backend worker')
+    .option('--yes', 'Skip confirmation')
+    .addHelpText('after', `
+Examples:
+  $ blink backend delete --yes
+  $ blink backend delete proj_xxx --yes
+`)
+    .action(async (projectArg: string | undefined, opts) => {
+      requireToken()
+      const projectId = requireProjectId(projectArg)
+      const skipConfirm = opts.yes || process.argv.includes('--yes') || process.argv.includes('-y')
+      if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+        const { confirm } = await import('@clack/prompts')
+        const ok = await confirm({ message: `Delete backend for project ${projectId}? This cannot be undone.` })
+        if (!ok) { console.log('Cancelled.'); return }
+      }
+      // TODO: needs /api/v1/ route with PAT auth (Phase 1a)
+      await withSpinner('Deleting backend...', () =>
+        appRequest(`/api/project/${projectId}/backend`, { method: 'DELETE' })
+      )
+      if (isJsonMode()) return printJson({ status: 'ok', project_id: projectId })
+      printSuccess(`Backend deleted for ${projectId}`)
+    })
+}

package/src/commands/billing.ts

@@ -0,0 +1,56 @@
+import { Command } from 'commander'
+import { appRequest } from '../lib/api-app.js'
+import { requireToken } from '../lib/auth.js'
+import { printJson, printKv, isJsonMode, withSpinner } from '../lib/output.js'
+import chalk from 'chalk'
+
+function printUsage(data: { total?: number; breakdown?: Array<{ category: string; amount: number }> }) {
+  console.log()
+  printKv('Total', `${data.total ?? 0} credits used`)
+  const breakdown = data.breakdown ?? []
+  if (breakdown.length) {
+    console.log()
+    console.log(chalk.bold('Breakdown:'))
+    for (const item of breakdown) printKv(`  ${item.category}`, `${item.amount}`)
+  }
+  console.log()
+}
+
+export function registerBillingCommands(program: Command) {
+  program.command('credits')
+    .description('Check your credit balance and tier')
+    .addHelpText('after', `
+Examples:
+  $ blink credits
+  $ blink credits --json
+`)
+    .action(async () => {
+      requireToken()
+      const result = await withSpinner('Loading usage...', () =>
+        appRequest('/api/usage/summary?period=month')
+      )
+      if (isJsonMode()) return printJson(result)
+      const data = result ?? {}
+      console.log()
+      printKv('Used', `${data.total ?? 0} credits this month`)
+      console.log()
+    })
+
+  program.command('usage')
+    .description('Show usage summary for the current billing period')
+    .option('--period <granularity>', 'Period granularity: hour, day, week, month', 'day')
+    .addHelpText('after', `
+Examples:
+  $ blink usage
+  $ blink usage --period month
+  $ blink usage --json
+`)
+    .action(async (opts) => {
+      requireToken()
+      const result = await withSpinner('Loading usage...', () =>
+        appRequest(`/api/usage/summary?period=${opts.period}`)
+      )
+      if (isJsonMode()) return printJson(result)
+      printUsage(result)
+    })
+}