@codesummary/cli 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,280 @@
1
+ # CodeSummary CLI
2
+
3
+ Dependency-free Node CLI for submitting a local workspace to CodeSummary.
4
+ The hosted flow can log in with OAuth, create or link a private docs site,
5
+ upload a local source snapshot, and start knowledge updates from the repo
6
+ directory.
7
+
8
+ ## Install
9
+
10
+ Before npm publication, install from the private GitHub repo:
11
+
12
+ ```bash
13
+ npm install -g github:CodeSummaryAI/codesummary-cli
14
+ ```
15
+
16
+ After npm publication:
17
+
18
+ ```bash
19
+ npm install -g @codesummary/cli
20
+ ```
21
+
22
+ Then run it from a repo:
23
+
24
+ ```bash
25
+ codesummary login --api-url https://dashboard.codesummary.io
26
+ codesummary
27
+ ```
28
+
29
+ Bare `codesummary` is the normal workflow. It inspects the current repo and
30
+ guides the user through creating or updating the CodeSummary knowledge source.
31
+
32
+ ## Install Smoke
33
+
34
+ From this repo, verify the packaged binary path before release:
35
+
36
+ ```bash
37
+ npm test
38
+ npm run test:package
39
+ npm run release:check
40
+ ```
41
+
42
+ `test:package` runs `npm pack`, installs the tarball into a temporary project,
43
+ and verifies that the installed `codesummary` binary starts correctly inside a
44
+ repo workspace.
45
+
46
+ ## Commands
47
+
48
+ ```bash
49
+ codesummary
50
+ codesummary new ./my-service --api-url https://dashboard.codesummary.io
51
+ codesummary login --api-url https://dashboard.codesummary.io
52
+ codesummary config set apiUrl https://dashboard.codesummary.io
53
+ codesummary config get apiUrl
54
+ codesummary config clear apiUrl
55
+ codesummary link --site-token <csp_token> --api-url https://dashboard.codesummary.io --name my-repo
56
+ codesummary manifest
57
+ codesummary diff
58
+ codesummary export --output ./codesummary-export
59
+ codesummary export --output s3://my-bucket/path --include-archive
60
+ codesummary generate --provider codex --output ./docs
61
+ codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
62
+ codesummary configure --provider codex --output ./docs
63
+ codesummary generate
64
+ codesummary submit --depth standard
65
+ codesummary status
66
+ codesummary submit --depth standard --wait
67
+ codesummary version
68
+ codesummary update
69
+ ```
70
+
71
+ Bare `codesummary` starts the interactive hosted workflow. It inspects the
72
+ current directory, OAuth state, linked site, last submitted manifest, and local
73
+ diff, then offers the right action:
74
+
75
+ - fresh repo: create a private docs site and generate knowledge, or check setup without generation
76
+ - existing repo with changes: update knowledge, check setup without generation, or show the diff
77
+ - existing repo with no changes: refresh anyway, check setup without generation, or exit
78
+
79
+ `new` initializes a local CodeSummary workspace. It creates
80
+ `.codesummary/config.json`, stores the source name/API URL, and never deletes
81
+ existing files. If you point it at a non-empty directory, pass `--force` to
82
+ confirm you want to initialize that directory in place.
83
+
84
+ `config` manages persistent workspace defaults:
85
+
86
+ ```bash
87
+ codesummary config list
88
+ codesummary config set apiUrl https://dashboard.codesummary.io
89
+ codesummary config set sourceName my-service
90
+ codesummary config set depth standard
91
+ codesummary config set localGeneration.provider codex
92
+ codesummary config get sourceName
93
+ codesummary config clear depth
94
+ ```
95
+
96
+ Supported keys are `apiUrl`, `sourceName`, `depth`, `site.id`, `site.slug`,
97
+ `site.name`, `localGeneration.provider`, `localGeneration.output`,
98
+ `localGeneration.model`, and `localGeneration.apiKeyEnv`.
99
+
100
+ `link` verifies the token, records the existing site it belongs to, and stores
101
+ local settings in `.codesummary/config.json`. It does not create a new hosted
102
+ site. The token determines which existing site receives future draft knowledge
103
+ updates.
104
+
105
+ `submit` creates `.codesummary/manifest.json`, zips the current workspace, uploads it to
106
+ `/api/cli/submit`, links the source to the token's existing site, and enqueues a knowledge job.
107
+ The manifest is sent as separate metadata so CodeSummary can track file hashes
108
+ without relying on the uploaded source archive.
109
+ When the source is linked to an existing site, the backend also enqueues a site
110
+ draft update after the repo knowledge job completes.
111
+ `--no-generate` is a no-spend setup check: it stores manifest metadata and
112
+ source/site linkage, but does not retain the uploaded source archive.
113
+ The CLI stores the last submitted job id in `.codesummary/config.json`, so
114
+ `codesummary status` can check it without passing `--job-id`. Status responses
115
+ include both the repo job and the latest linked site job when a site update is
116
+ running.
117
+
118
+ After a successful submit, the CLI stores
119
+ `.codesummary/last-submitted-manifest.json`. `codesummary diff` compares the
120
+ current workspace against that baseline and reports added, changed, and removed
121
+ files without uploading anything. Use `--against <manifest.json>` to compare
122
+ against a specific baseline.
123
+
124
+ `export` creates a local or S3 bundle without calling CodeSummary hosted
125
+ infrastructure. By default it exports only manifest metadata and does not include
126
+ source contents. Pass `--include-archive` only when writing to infrastructure you
127
+ control.
128
+
129
+ ## Auth
130
+
131
+ Use OAuth for the normal developer workflow:
132
+
133
+ ```bash
134
+ codesummary login --api-url https://dashboard.codesummary.io
135
+ codesummary
136
+ ```
137
+
138
+ Product/site tokens with `write:knowledge` or `write:all` scope are still
139
+ supported for scripted or site-bound workflows.
140
+
141
+ ```bash
142
+ export CODESUMMARY_API_KEY=csp_...
143
+ export CODESUMMARY_API_URL=https://dashboard.codesummary.io
144
+ codesummary link --site-token "$CODESUMMARY_API_KEY" --api-url "$CODESUMMARY_API_URL" --name my-repo
145
+ codesummary submit --name my-repo --depth standard
146
+ codesummary status --wait
147
+ ```
148
+
149
+ ## Existing Site Updates
150
+
151
+ The intended hosted workflow is:
152
+
153
+ ```bash
154
+ codesummary login --api-url https://dashboard.codesummary.io
155
+ codesummary
156
+ ```
157
+
158
+ The local directory becomes a CLI CodeSummary source linked to the selected or
159
+ auto-created private site. Later runs update that same source and can enqueue a
160
+ site draft update when the source knowledge job completes. Publishing the site
161
+ is still a separate dashboard action.
162
+
163
+ Use `--depth standard` for the default update path. The CLI defaults to
164
+ `standard`; `deep` is available for a more expensive full-context pass.
165
+
166
+ ## Defaults
167
+
168
+ The archive excludes common build/cache folders and secret files:
169
+
170
+ - `.git`, `node_modules`, `.next`, `dist`, `build`, `coverage`
171
+ - `.codesummary`, `.env`, `.env.*`, `.npmrc`, `.yarnrc`
172
+
173
+ The manifest stores file paths, sizes, mtimes, and SHA-256 hashes. It does not
174
+ store file contents.
175
+
176
+ ## Local / BYO Output
177
+
178
+ For teams that do not want to upload source code to CodeSummary, export a bundle
179
+ locally:
180
+
181
+ ```bash
182
+ codesummary export --output ./codesummary-export
183
+ ```
184
+
185
+ The bundle contains:
186
+
187
+ - `codesummary-manifest.json`
188
+ - `codesummary-export.json`
189
+ - `README.md`
190
+
191
+ To include the excluded-source-filtered archive in your own storage, opt in:
192
+
193
+ ```bash
194
+ codesummary export --output s3://my-bucket/codesummary/my-repo --include-archive
195
+ ```
196
+
197
+ S3 output uses the local `aws s3 sync` command and your existing AWS credentials.
198
+
199
+ ## Local Inference
200
+
201
+ `generate` runs documentation inference locally. It does not upload source code
202
+ or provider credentials to CodeSummary.
203
+
204
+ Use the local Codex subscription/session:
205
+
206
+ ```bash
207
+ codesummary generate --provider codex --output ./docs
208
+ ```
209
+
210
+ Configure the workspace once, then omit flags:
211
+
212
+ ```bash
213
+ codesummary configure --provider codex --output ./docs
214
+ codesummary generate
215
+ ```
216
+
217
+ Bare `codesummary` is reserved for the hosted interactive workflow. Local
218
+ inference remains explicit with `codesummary generate` so it never spends local
219
+ provider credits by surprise.
220
+
221
+ Use a provider API key from your local environment:
222
+
223
+ ```bash
224
+ export OPENAI_API_KEY=sk-...
225
+ codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
226
+ codesummary configure --provider openai --api-key-env OPENAI_API_KEY --output ./docs
227
+
228
+ export ANTHROPIC_API_KEY=sk-ant-...
229
+ codesummary generate --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
230
+ codesummary configure --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
231
+ ```
232
+
233
+ Safe smoke test without inference:
234
+
235
+ ```bash
236
+ codesummary generate --provider mock --output ./docs
237
+ codesummary generate --provider codex --output ./docs --dry-run
238
+ ```
239
+
240
+ Local generation creates `.codesummary/manifest.json`, builds a local context
241
+ pack from non-secret text files, asks the selected local provider to return a
242
+ strict JSON document set, validates the result, and writes Markdown files to the
243
+ output directory.
244
+
245
+ Security model:
246
+
247
+ - Provider keys stay in local environment variables.
248
+ - `.codesummary/config.json` stores the provider choice and env var name, not the
249
+ provider key value.
250
+ - Codex mode uses the local Codex CLI/session; CodeSummary never sees that
251
+ credential.
252
+ - Source contents are sent only to the selected local provider.
253
+ - CodeSummary hosted infrastructure is not called by `generate`.
254
+ - Publishing or hosted site updates remain separate commands/flows.
255
+
256
+ ## Staging E2E
257
+
258
+ For CodeSummary maintainers, the current no-spend staging hosted-flow check is:
259
+
260
+ ```bash
261
+ codesummary login --api-url https://dashboard-staging.codesummary.io
262
+ codesummary whoami
263
+ codesummary diff
264
+ codesummary status
265
+ ```
266
+
267
+ For package/local CLI regressions:
268
+
269
+ ```bash
270
+ npm test
271
+ npm run test:package
272
+ ```
273
+
274
+ Staging defaults to mock generation, so a hosted generation run should complete
275
+ without provider spend but will only produce deterministic test docs. Do not run
276
+ provider-backed staging generation unless the operator explicitly approves the
277
+ credit spend.
278
+
279
+ The old `scripts/staging-e2e.sh` EC2/SSM flow is retired. Staging no longer has
280
+ that backend EC2 shape.
package/RELEASE.md ADDED
@@ -0,0 +1,48 @@
1
+ # CodeSummary CLI Release Checklist
2
+
3
+ The CLI release gate is intentionally local and no-spend. It does not call the
4
+ hosted generation pipeline or any model provider.
5
+
6
+ ## Required Checks
7
+
8
+ ```bash
9
+ npm test
10
+ npm run test:package
11
+ ```
12
+
13
+ `npm test` verifies command behavior and the interactive TTY flows against a
14
+ fake local dashboard server.
15
+
16
+ `npm run test:package` runs the install path users depend on:
17
+
18
+ 1. `npm pack`
19
+ 2. install the packed tarball into a clean temporary project
20
+ 3. execute the installed `codesummary` binary
21
+ 4. verify it can run inside a repo workspace and write `.codesummary/manifest.json`
22
+
23
+ ## Install Channels
24
+
25
+ Before npm publication, install from the private GitHub repo:
26
+
27
+ ```bash
28
+ npm install -g github:CodeSummaryAI/codesummary-cli
29
+ ```
30
+
31
+ After npm publication:
32
+
33
+ ```bash
34
+ npm install -g @codesummary/cli
35
+ ```
36
+
37
+ ## Staging Verification
38
+
39
+ Use staging only after the package checks pass:
40
+
41
+ ```bash
42
+ codesummary login --api-url https://dashboard-staging.codesummary.io
43
+ codesummary whoami
44
+ codesummary
45
+ ```
46
+
47
+ Staging generation is expected to use the no-spend mock path unless the operator
48
+ explicitly enables provider-backed generation.
package/ROADMAP.md ADDED
@@ -0,0 +1,242 @@
1
+ # CodeSummary CLI Roadmap
2
+
3
+ This document tracks the CLI/MCP direction separately from the dashboard and
4
+ backend deployment runbooks.
5
+
6
+ ## Product Goal
7
+
8
+ Make CodeSummary usable without making GitHub the center of the product.
9
+ GitHub remains an excellent source adapter, but the core abstraction is:
10
+
11
+ ```text
12
+ source -> manifest -> knowledge job -> docs / MCP / export
13
+ ```
14
+
15
+ The CLI should make that flow feel simple:
16
+
17
+ ```bash
18
+ codesummary login
19
+ codesummary
20
+ ```
21
+
22
+ ## Implemented Slice
23
+
24
+ The current staging-validated slice is hosted CLI ingestion:
25
+
26
+ 1. `codesummary new` initializes a safe local CodeSummary workspace without
27
+ deleting existing files.
28
+ 2. `codesummary login` opens the dashboard OAuth flow and stores a refreshable
29
+ CLI token locally.
30
+ 3. `codesummary config get/set/clear` manages persistent workspace defaults.
31
+ 4. Bare `codesummary` inspects the current repo, linked site, previous
32
+ manifest, and local diff, then offers the appropriate action with an arrow
33
+ selector.
34
+ 5. `codesummary submit --wait` writes `.codesummary/manifest.json`, zips the
35
+ workspace, excludes local config/secrets, and posts the archive plus manifest
36
+ to `POST /api/cli/submit`.
37
+ 6. The dashboard creates or reuses a CLI/manual source with
38
+ `settings.source_adapter = "cli"`, links it to the token's existing site,
39
+ uploads the source archive, uploads the manifest JSON, and enqueues a repo
40
+ knowledge job.
41
+ 7. The worker processes the repo knowledge job, deletes the temporary source
42
+ archive, then enqueues `triggered_by = "cli-site-update"` for the linked
43
+ site when draft docs already exist.
44
+ 8. `codesummary status --wait` follows both the repo job and linked site job.
45
+ 9. `codesummary version` / `--version` and `codesummary update` provide the
46
+ expected global CLI lifecycle surface.
47
+
48
+ Publishing remains a separate dashboard action.
49
+
50
+ ## Mintlify CLI Parity
51
+
52
+ Mintlify's public CLI shape is:
53
+
54
+ ```text
55
+ mint new
56
+ mint login/logout/status
57
+ mint config get/set/clear
58
+ mint dev
59
+ mint validate / broken-links / a11y / score
60
+ mint export
61
+ mint version / update
62
+ ```
63
+
64
+ CodeSummary now matches the same lifecycle shape where the product model maps
65
+ cleanly:
66
+
67
+ - project initialization: `codesummary new`
68
+ - auth/session state: `codesummary login`, `codesummary logout`,
69
+ `codesummary whoami`
70
+ - persistent defaults: `codesummary config get/set/clear`
71
+ - default workflow: bare `codesummary`
72
+ - validation/diff before upload: `codesummary manifest`, `codesummary diff`
73
+ - export/local mode: `codesummary export`, `codesummary generate`
74
+ - CLI lifecycle: `codesummary version`, `codesummary update`
75
+
76
+ Intentional differences:
77
+
78
+ - `mint dev` previews a local docs project. CodeSummary docs are generated from
79
+ a source workspace and previewed in the hosted site/editor, so a `dev` command
80
+ should not be added until it can start a real local renderer or open a real
81
+ hosted draft preview.
82
+ - `mint validate`, `broken-links`, `a11y`, and `score` are docs-site checks.
83
+ CodeSummary should add equivalent commands after the renderer exposes a local
84
+ or hosted draft inspection API.
85
+ - `mint automations` maps more closely to future CodeSummary MCP/job tools than
86
+ to the initial source-ingestion CLI.
87
+
88
+ ## Staging Gate
89
+
90
+ All CLI workflow changes should be proven against staging before production:
91
+
92
+ - Dashboard staging: `https://dashboard-staging.codesummary.io`
93
+ - AWS profile: `codesummary-staging`
94
+ - Upload bucket: `codesummary-manual-uploads-staging`
95
+ - Source snapshot bucket: `codesummary-source-snapshots-staging`
96
+ - Docs bucket: `codesummary-docs-staging`
97
+ - Runtime: dashboard OpenNext/Lambda/CloudFront plus backend Lambda/SQS/Batch
98
+
99
+ Current staging worker mode:
100
+
101
+ ```text
102
+ CODESUMMARY_ENV=staging
103
+ CODESUMMARY_MOCK_GENERATION=true
104
+ ```
105
+
106
+ Mock generation proves upload, manifest storage, worker extraction, repo docs,
107
+ site draft updates, and job status without spending model-provider credits. A
108
+ real provider-backed staging run still requires a staging provider account/key
109
+ with available credits.
110
+
111
+ No-spend staging check:
112
+
113
+ ```bash
114
+ codesummary login --api-url https://dashboard-staging.codesummary.io
115
+ codesummary whoami
116
+ codesummary status
117
+ ```
118
+
119
+ Provider-backed staging generation should only be run after explicitly stating
120
+ that it will spend provider credits.
121
+
122
+ ## Next Hosted CLI Milestones
123
+
124
+ 1. Add a dashboard UI for minting CLI/site-write tokens with clearer copy.
125
+ 2. Add `codesummary sites` and `codesummary link --site <id>` so users can
126
+ choose among authorized sites instead of only relying on token scope.
127
+ 3. Add `codesummary publish` for explicit publish from CLI, guarded by a
128
+ separate `publish:docs` token scope.
129
+ 4. Done: add `codesummary diff` to show what changed since the last submitted
130
+ manifest or an explicit `--against` manifest.
131
+
132
+ ## Local-Only / BYO Output Mode
133
+
134
+ Some users will want CodeSummary as a local harness without hosted ingestion.
135
+ That should be a separate mode, not bolted onto hosted submit.
136
+
137
+ Implemented commands:
138
+
139
+ ```bash
140
+ codesummary export --output ./codesummary-export
141
+ codesummary export --output s3://my-bucket/path --include-archive
142
+ codesummary generate --provider codex --output ./docs
143
+ codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
144
+ codesummary generate --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
145
+ codesummary configure --provider codex --output ./docs
146
+ codesummary generate
147
+ ```
148
+
149
+ `export` creates a manifest bundle without using CodeSummary hosted
150
+ infrastructure. By default, it does not include source contents.
151
+ `--include-archive` is explicit opt-in for BYO local/S3 storage.
152
+
153
+ `generate` runs local inference. `codex` uses the user's local Codex
154
+ subscription/session through the Codex CLI. API-key providers read the key from a
155
+ local environment variable. CodeSummary does not receive the key and hosted
156
+ infrastructure is not called.
157
+
158
+ `configure` persists local generation defaults in `.codesummary/config.json`.
159
+ It stores provider choice, output directory, model, and API-key environment
160
+ variable name. It does not store provider key values. Bare `codesummary` is
161
+ reserved for the hosted interactive flow. Local generation stays explicit with
162
+ `codesummary generate` so local provider credits are never spent by surprise.
163
+
164
+ Design rules:
165
+
166
+ - no source archive upload to CodeSummary
167
+ - no hosted job unless the user explicitly selects hosted mode
168
+ - optional local export to markdown/json
169
+ - optional BYO S3 output using the user's AWS credentials
170
+ - optional BYO model key through environment variables
171
+
172
+ This mode should not require a CodeSummary API key unless hosted services are
173
+ used.
174
+
175
+ Remaining work:
176
+
177
+ - publish locally generated docs back to a linked CodeSummary site as generated
178
+ docs, without uploading raw source
179
+ - support direct S3 output for generated docs
180
+ - add richer file-planning and multi-pass generation for large repositories
181
+ - package the CLI as a closed-source distributable binary
182
+
183
+ ## MCP Workflow
184
+
185
+ MCP should stay thin. It should call the same public API paths that the CLI uses
186
+ instead of owning separate ingestion logic.
187
+
188
+ Candidate tools:
189
+
190
+ - `codesummary_link_site`
191
+ - `codesummary_submit_workspace`
192
+ - `codesummary_job_status`
193
+ - `codesummary_diff_manifest`
194
+ - `codesummary_publish_site`
195
+
196
+ The MCP server should return concrete job ids, site ids, source ids, and next
197
+ commands so coding agents can continue without guessing.
198
+
199
+ ## Manifests, Diffs, And Locks
200
+
201
+ Manifests should remain first-class:
202
+
203
+ - every submit sends file path, byte size, mtime, and sha256
204
+ - successful submits save `.codesummary/last-submitted-manifest.json`
205
+ - manifests are stored separately from temporary source archives
206
+ - source archives are temporary and should be deleted after worker processing
207
+ - manifests enable cheap diffing before upload
208
+
209
+ Concurrency rule:
210
+
211
+ - one active job per manual source
212
+ - later submits should return a clear conflict with the active job id
213
+ - future UX can offer `--replace-active` only if cancellation is implemented
214
+
215
+ ## Source Adapters
216
+
217
+ Target adapter model:
218
+
219
+ ```text
220
+ github
221
+ gitlab
222
+ bitbucket
223
+ azure_devops
224
+ cli
225
+ s3
226
+ local_export
227
+ api
228
+ ```
229
+
230
+ Sites should link to one or more sources through a stable source id. The source
231
+ adapter determines how content arrives; sites should not care whether a source
232
+ came from GitHub, CLI, S3, or another provider.
233
+
234
+ ## Security Defaults
235
+
236
+ - exclude `.codesummary`, `.env*`, npm/yarn auth files, git internals, build
237
+ caches, and dependency folders from uploads
238
+ - store product tokens only locally unless the user explicitly chooses hosted
239
+ auth storage
240
+ - never store source archives permanently in hosted mode
241
+ - keep manifests because they do not contain source contents
242
+ - separate knowledge-write, docs-read, and publish scopes