@codesummary/cli 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +280 -0
- package/RELEASE.md +48 -0
- package/ROADMAP.md +242 -0
- package/bin/codesummary.js +2103 -0
- package/package.json +33 -0
- package/scripts/package-smoke.sh +58 -0
package/README.md
ADDED
|
@@ -0,0 +1,280 @@
|
|
|
1
|
+
# CodeSummary CLI
|
|
2
|
+
|
|
3
|
+
Dependency-free Node CLI for submitting a local workspace to CodeSummary.
|
|
4
|
+
The hosted flow can log in with OAuth, create or link a private docs site,
|
|
5
|
+
upload a local source snapshot, and start knowledge updates from the repo
|
|
6
|
+
directory.
|
|
7
|
+
|
|
8
|
+
## Install
|
|
9
|
+
|
|
10
|
+
Before npm publication, install from the private GitHub repo:
|
|
11
|
+
|
|
12
|
+
```bash
|
|
13
|
+
npm install -g github:CodeSummaryAI/codesummary-cli
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
After npm publication:
|
|
17
|
+
|
|
18
|
+
```bash
|
|
19
|
+
npm install -g @codesummary/cli
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
Then run it from a repo:
|
|
23
|
+
|
|
24
|
+
```bash
|
|
25
|
+
codesummary login --api-url https://dashboard.codesummary.io
|
|
26
|
+
codesummary
|
|
27
|
+
```
|
|
28
|
+
|
|
29
|
+
Bare `codesummary` is the normal workflow. It inspects the current repo and
|
|
30
|
+
guides the user through creating or updating the CodeSummary knowledge source.
|
|
31
|
+
|
|
32
|
+
## Install Smoke
|
|
33
|
+
|
|
34
|
+
From this repo, verify the packaged binary path before release:
|
|
35
|
+
|
|
36
|
+
```bash
|
|
37
|
+
npm test
|
|
38
|
+
npm run test:package
|
|
39
|
+
npm run release:check
|
|
40
|
+
```
|
|
41
|
+
|
|
42
|
+
`test:package` runs `npm pack`, installs the tarball into a temporary project,
|
|
43
|
+
and verifies that the installed `codesummary` binary starts correctly inside a
|
|
44
|
+
repo workspace.
|
|
45
|
+
|
|
46
|
+
## Commands
|
|
47
|
+
|
|
48
|
+
```bash
|
|
49
|
+
codesummary
|
|
50
|
+
codesummary new ./my-service --api-url https://dashboard.codesummary.io
|
|
51
|
+
codesummary login --api-url https://dashboard.codesummary.io
|
|
52
|
+
codesummary config set apiUrl https://dashboard.codesummary.io
|
|
53
|
+
codesummary config get apiUrl
|
|
54
|
+
codesummary config clear apiUrl
|
|
55
|
+
codesummary link --site-token <csp_token> --api-url https://dashboard.codesummary.io --name my-repo
|
|
56
|
+
codesummary manifest
|
|
57
|
+
codesummary diff
|
|
58
|
+
codesummary export --output ./codesummary-export
|
|
59
|
+
codesummary export --output s3://my-bucket/path --include-archive
|
|
60
|
+
codesummary generate --provider codex --output ./docs
|
|
61
|
+
codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
|
|
62
|
+
codesummary configure --provider codex --output ./docs
|
|
63
|
+
codesummary generate
|
|
64
|
+
codesummary submit --depth standard
|
|
65
|
+
codesummary status
|
|
66
|
+
codesummary submit --depth standard --wait
|
|
67
|
+
codesummary version
|
|
68
|
+
codesummary update
|
|
69
|
+
```
|
|
70
|
+
|
|
71
|
+
Bare `codesummary` starts the interactive hosted workflow. It inspects the
|
|
72
|
+
current directory, OAuth state, linked site, last submitted manifest, and local
|
|
73
|
+
diff, then offers the right action:
|
|
74
|
+
|
|
75
|
+
- fresh repo: create a private docs site and generate knowledge, or check setup without generation
|
|
76
|
+
- existing repo with changes: update knowledge, check setup without generation, or show the diff
|
|
77
|
+
- existing repo with no changes: refresh anyway, check setup without generation, or exit
|
|
78
|
+
|
|
79
|
+
`new` initializes a local CodeSummary workspace. It creates
|
|
80
|
+
`.codesummary/config.json`, stores the source name/API URL, and never deletes
|
|
81
|
+
existing files. If you point it at a non-empty directory, pass `--force` to
|
|
82
|
+
confirm you want to initialize that directory in place.
|
|
83
|
+
|
|
84
|
+
`config` manages persistent workspace defaults:
|
|
85
|
+
|
|
86
|
+
```bash
|
|
87
|
+
codesummary config list
|
|
88
|
+
codesummary config set apiUrl https://dashboard.codesummary.io
|
|
89
|
+
codesummary config set sourceName my-service
|
|
90
|
+
codesummary config set depth standard
|
|
91
|
+
codesummary config set localGeneration.provider codex
|
|
92
|
+
codesummary config get sourceName
|
|
93
|
+
codesummary config clear depth
|
|
94
|
+
```
|
|
95
|
+
|
|
96
|
+
Supported keys are `apiUrl`, `sourceName`, `depth`, `site.id`, `site.slug`,
|
|
97
|
+
`site.name`, `localGeneration.provider`, `localGeneration.output`,
|
|
98
|
+
`localGeneration.model`, and `localGeneration.apiKeyEnv`.
|
|
99
|
+
|
|
100
|
+
`link` verifies the token, records the existing site it belongs to, and stores
|
|
101
|
+
local settings in `.codesummary/config.json`. It does not create a new hosted
|
|
102
|
+
site. The token determines which existing site receives future draft knowledge
|
|
103
|
+
updates.
|
|
104
|
+
|
|
105
|
+
`submit` creates `.codesummary/manifest.json`, zips the current workspace, uploads it to
|
|
106
|
+
`/api/cli/submit`, links the source to the token's existing site, and enqueues a knowledge job.
|
|
107
|
+
The manifest is sent as separate metadata so CodeSummary can track file hashes
|
|
108
|
+
without relying on the uploaded source archive.
|
|
109
|
+
When the source is linked to an existing site, the backend also enqueues a site
|
|
110
|
+
draft update after the repo knowledge job completes.
|
|
111
|
+
`--no-generate` is a no-spend setup check: it stores manifest metadata and
|
|
112
|
+
source/site linkage, but does not retain the uploaded source archive.
|
|
113
|
+
The CLI stores the last submitted job id in `.codesummary/config.json`, so
|
|
114
|
+
`codesummary status` can check it without passing `--job-id`. Status responses
|
|
115
|
+
include both the repo job and the latest linked site job when a site update is
|
|
116
|
+
running.
|
|
117
|
+
|
|
118
|
+
After a successful submit, the CLI stores
|
|
119
|
+
`.codesummary/last-submitted-manifest.json`. `codesummary diff` compares the
|
|
120
|
+
current workspace against that baseline and reports added, changed, and removed
|
|
121
|
+
files without uploading anything. Use `--against <manifest.json>` to compare
|
|
122
|
+
against a specific baseline.
|
|
123
|
+
|
|
124
|
+
`export` creates a local or S3 bundle without calling CodeSummary hosted
|
|
125
|
+
infrastructure. By default it exports only manifest metadata and does not include
|
|
126
|
+
source contents. Pass `--include-archive` only when writing to infrastructure you
|
|
127
|
+
control.
|
|
128
|
+
|
|
129
|
+
## Auth
|
|
130
|
+
|
|
131
|
+
Use OAuth for the normal developer workflow:
|
|
132
|
+
|
|
133
|
+
```bash
|
|
134
|
+
codesummary login --api-url https://dashboard.codesummary.io
|
|
135
|
+
codesummary
|
|
136
|
+
```
|
|
137
|
+
|
|
138
|
+
Product/site tokens with `write:knowledge` or `write:all` scope are still
|
|
139
|
+
supported for scripted or site-bound workflows.
|
|
140
|
+
|
|
141
|
+
```bash
|
|
142
|
+
export CODESUMMARY_API_KEY=csp_...
|
|
143
|
+
export CODESUMMARY_API_URL=https://dashboard.codesummary.io
|
|
144
|
+
codesummary link --site-token "$CODESUMMARY_API_KEY" --api-url "$CODESUMMARY_API_URL" --name my-repo
|
|
145
|
+
codesummary submit --name my-repo --depth standard
|
|
146
|
+
codesummary status --wait
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
## Existing Site Updates
|
|
150
|
+
|
|
151
|
+
The intended hosted workflow is:
|
|
152
|
+
|
|
153
|
+
```bash
|
|
154
|
+
codesummary login --api-url https://dashboard.codesummary.io
|
|
155
|
+
codesummary
|
|
156
|
+
```
|
|
157
|
+
|
|
158
|
+
The local directory becomes a CLI CodeSummary source linked to the selected or
|
|
159
|
+
auto-created private site. Later runs update that same source and can enqueue a
|
|
160
|
+
site draft update when the source knowledge job completes. Publishing the site
|
|
161
|
+
is still a separate dashboard action.
|
|
162
|
+
|
|
163
|
+
Use `--depth standard` for the default update path. The CLI defaults to
|
|
164
|
+
`standard`; `deep` is available for a more expensive full-context pass.
|
|
165
|
+
|
|
166
|
+
## Defaults
|
|
167
|
+
|
|
168
|
+
The archive excludes common build/cache folders and secret files:
|
|
169
|
+
|
|
170
|
+
- `.git`, `node_modules`, `.next`, `dist`, `build`, `coverage`
|
|
171
|
+
- `.codesummary`, `.env`, `.env.*`, `.npmrc`, `.yarnrc`
|
|
172
|
+
|
|
173
|
+
The manifest stores file paths, sizes, mtimes, and SHA-256 hashes. It does not
|
|
174
|
+
store file contents.
|
|
175
|
+
|
|
176
|
+
## Local / BYO Output
|
|
177
|
+
|
|
178
|
+
For teams that do not want to upload source code to CodeSummary, export a bundle
|
|
179
|
+
locally:
|
|
180
|
+
|
|
181
|
+
```bash
|
|
182
|
+
codesummary export --output ./codesummary-export
|
|
183
|
+
```
|
|
184
|
+
|
|
185
|
+
The bundle contains:
|
|
186
|
+
|
|
187
|
+
- `codesummary-manifest.json`
|
|
188
|
+
- `codesummary-export.json`
|
|
189
|
+
- `README.md`
|
|
190
|
+
|
|
191
|
+
To include the excluded-source-filtered archive in your own storage, opt in:
|
|
192
|
+
|
|
193
|
+
```bash
|
|
194
|
+
codesummary export --output s3://my-bucket/codesummary/my-repo --include-archive
|
|
195
|
+
```
|
|
196
|
+
|
|
197
|
+
S3 output uses the local `aws s3 sync` command and your existing AWS credentials.
|
|
198
|
+
|
|
199
|
+
## Local Inference
|
|
200
|
+
|
|
201
|
+
`generate` runs documentation inference locally. It does not upload source code
|
|
202
|
+
or provider credentials to CodeSummary.
|
|
203
|
+
|
|
204
|
+
Use the local Codex subscription/session:
|
|
205
|
+
|
|
206
|
+
```bash
|
|
207
|
+
codesummary generate --provider codex --output ./docs
|
|
208
|
+
```
|
|
209
|
+
|
|
210
|
+
Configure the workspace once, then omit flags:
|
|
211
|
+
|
|
212
|
+
```bash
|
|
213
|
+
codesummary configure --provider codex --output ./docs
|
|
214
|
+
codesummary generate
|
|
215
|
+
```
|
|
216
|
+
|
|
217
|
+
Bare `codesummary` is reserved for the hosted interactive workflow. Local
|
|
218
|
+
inference remains explicit with `codesummary generate` so it never spends local
|
|
219
|
+
provider credits by surprise.
|
|
220
|
+
|
|
221
|
+
Use a provider API key from your local environment:
|
|
222
|
+
|
|
223
|
+
```bash
|
|
224
|
+
export OPENAI_API_KEY=sk-...
|
|
225
|
+
codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
|
|
226
|
+
codesummary configure --provider openai --api-key-env OPENAI_API_KEY --output ./docs
|
|
227
|
+
|
|
228
|
+
export ANTHROPIC_API_KEY=sk-ant-...
|
|
229
|
+
codesummary generate --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
|
|
230
|
+
codesummary configure --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
|
|
231
|
+
```
|
|
232
|
+
|
|
233
|
+
Safe smoke test without inference:
|
|
234
|
+
|
|
235
|
+
```bash
|
|
236
|
+
codesummary generate --provider mock --output ./docs
|
|
237
|
+
codesummary generate --provider codex --output ./docs --dry-run
|
|
238
|
+
```
|
|
239
|
+
|
|
240
|
+
Local generation creates `.codesummary/manifest.json`, builds a local context
|
|
241
|
+
pack from non-secret text files, asks the selected local provider to return a
|
|
242
|
+
strict JSON document set, validates the result, and writes Markdown files to the
|
|
243
|
+
output directory.
|
|
244
|
+
|
|
245
|
+
Security model:
|
|
246
|
+
|
|
247
|
+
- Provider keys stay in local environment variables.
|
|
248
|
+
- `.codesummary/config.json` stores the provider choice and env var name, not the
|
|
249
|
+
provider key value.
|
|
250
|
+
- Codex mode uses the local Codex CLI/session; CodeSummary never sees that
|
|
251
|
+
credential.
|
|
252
|
+
- Source contents are sent only to the selected local provider.
|
|
253
|
+
- CodeSummary hosted infrastructure is not called by `generate`.
|
|
254
|
+
- Publishing or hosted site updates remain separate commands/flows.
|
|
255
|
+
|
|
256
|
+
## Staging E2E
|
|
257
|
+
|
|
258
|
+
For CodeSummary maintainers, the current no-spend staging hosted-flow check is:
|
|
259
|
+
|
|
260
|
+
```bash
|
|
261
|
+
codesummary login --api-url https://dashboard-staging.codesummary.io
|
|
262
|
+
codesummary whoami
|
|
263
|
+
codesummary diff
|
|
264
|
+
codesummary status
|
|
265
|
+
```
|
|
266
|
+
|
|
267
|
+
For package/local CLI regressions:
|
|
268
|
+
|
|
269
|
+
```bash
|
|
270
|
+
npm test
|
|
271
|
+
npm run test:package
|
|
272
|
+
```
|
|
273
|
+
|
|
274
|
+
Staging defaults to mock generation, so a hosted generation run should complete
|
|
275
|
+
without provider spend but will only produce deterministic test docs. Do not run
|
|
276
|
+
provider-backed staging generation unless the operator explicitly approves the
|
|
277
|
+
credit spend.
|
|
278
|
+
|
|
279
|
+
The old `scripts/staging-e2e.sh` EC2/SSM flow is retired. Staging no longer has
|
|
280
|
+
that backend EC2 shape.
|
package/RELEASE.md
ADDED
|
@@ -0,0 +1,48 @@
|
|
|
1
|
+
# CodeSummary CLI Release Checklist
|
|
2
|
+
|
|
3
|
+
The CLI release gate is intentionally local and no-spend. It does not call the
|
|
4
|
+
hosted generation pipeline or any model provider.
|
|
5
|
+
|
|
6
|
+
## Required Checks
|
|
7
|
+
|
|
8
|
+
```bash
|
|
9
|
+
npm test
|
|
10
|
+
npm run test:package
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
`npm test` verifies command behavior and the interactive TTY flows against a
|
|
14
|
+
fake local dashboard server.
|
|
15
|
+
|
|
16
|
+
`npm run test:package` runs the install path users depend on:
|
|
17
|
+
|
|
18
|
+
1. `npm pack`
|
|
19
|
+
2. install the packed tarball into a clean temporary project
|
|
20
|
+
3. execute the installed `codesummary` binary
|
|
21
|
+
4. verify it can run inside a repo workspace and write `.codesummary/manifest.json`
|
|
22
|
+
|
|
23
|
+
## Install Channels
|
|
24
|
+
|
|
25
|
+
Before npm publication, install from the private GitHub repo:
|
|
26
|
+
|
|
27
|
+
```bash
|
|
28
|
+
npm install -g github:CodeSummaryAI/codesummary-cli
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
After npm publication:
|
|
32
|
+
|
|
33
|
+
```bash
|
|
34
|
+
npm install -g @codesummary/cli
|
|
35
|
+
```
|
|
36
|
+
|
|
37
|
+
## Staging Verification
|
|
38
|
+
|
|
39
|
+
Use staging only after the package checks pass:
|
|
40
|
+
|
|
41
|
+
```bash
|
|
42
|
+
codesummary login --api-url https://dashboard-staging.codesummary.io
|
|
43
|
+
codesummary whoami
|
|
44
|
+
codesummary
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
Staging generation is expected to use the no-spend mock path unless the operator
|
|
48
|
+
explicitly enables provider-backed generation.
|
package/ROADMAP.md
ADDED
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
# CodeSummary CLI Roadmap
|
|
2
|
+
|
|
3
|
+
This document tracks the CLI/MCP direction separately from the dashboard and
|
|
4
|
+
backend deployment runbooks.
|
|
5
|
+
|
|
6
|
+
## Product Goal
|
|
7
|
+
|
|
8
|
+
Make CodeSummary usable without making GitHub the center of the product.
|
|
9
|
+
GitHub remains an excellent source adapter, but the core abstraction is:
|
|
10
|
+
|
|
11
|
+
```text
|
|
12
|
+
source -> manifest -> knowledge job -> docs / MCP / export
|
|
13
|
+
```
|
|
14
|
+
|
|
15
|
+
The CLI should make that flow feel simple:
|
|
16
|
+
|
|
17
|
+
```bash
|
|
18
|
+
codesummary login
|
|
19
|
+
codesummary
|
|
20
|
+
```
|
|
21
|
+
|
|
22
|
+
## Implemented Slice
|
|
23
|
+
|
|
24
|
+
The current staging-validated slice is hosted CLI ingestion:
|
|
25
|
+
|
|
26
|
+
1. `codesummary new` initializes a safe local CodeSummary workspace without
|
|
27
|
+
deleting existing files.
|
|
28
|
+
2. `codesummary login` opens the dashboard OAuth flow and stores a refreshable
|
|
29
|
+
CLI token locally.
|
|
30
|
+
3. `codesummary config get/set/clear` manages persistent workspace defaults.
|
|
31
|
+
4. Bare `codesummary` inspects the current repo, linked site, previous
|
|
32
|
+
manifest, and local diff, then offers the appropriate action with an arrow
|
|
33
|
+
selector.
|
|
34
|
+
5. `codesummary submit --wait` writes `.codesummary/manifest.json`, zips the
|
|
35
|
+
workspace, excludes local config/secrets, and posts the archive plus manifest
|
|
36
|
+
to `POST /api/cli/submit`.
|
|
37
|
+
6. The dashboard creates or reuses a CLI/manual source with
|
|
38
|
+
`settings.source_adapter = "cli"`, links it to the token's existing site,
|
|
39
|
+
uploads the source archive, uploads the manifest JSON, and enqueues a repo
|
|
40
|
+
knowledge job.
|
|
41
|
+
7. The worker processes the repo knowledge job, deletes the temporary source
|
|
42
|
+
archive, then enqueues `triggered_by = "cli-site-update"` for the linked
|
|
43
|
+
site when draft docs already exist.
|
|
44
|
+
8. `codesummary status --wait` follows both the repo job and linked site job.
|
|
45
|
+
9. `codesummary version` / `--version` and `codesummary update` provide the
|
|
46
|
+
expected global CLI lifecycle surface.
|
|
47
|
+
|
|
48
|
+
Publishing remains a separate dashboard action.
|
|
49
|
+
|
|
50
|
+
## Mintlify CLI Parity
|
|
51
|
+
|
|
52
|
+
Mintlify's public CLI shape is:
|
|
53
|
+
|
|
54
|
+
```text
|
|
55
|
+
mint new
|
|
56
|
+
mint login/logout/status
|
|
57
|
+
mint config get/set/clear
|
|
58
|
+
mint dev
|
|
59
|
+
mint validate / broken-links / a11y / score
|
|
60
|
+
mint export
|
|
61
|
+
mint version / update
|
|
62
|
+
```
|
|
63
|
+
|
|
64
|
+
CodeSummary now matches the same lifecycle shape where the product model maps
|
|
65
|
+
cleanly:
|
|
66
|
+
|
|
67
|
+
- project initialization: `codesummary new`
|
|
68
|
+
- auth/session state: `codesummary login`, `codesummary logout`,
|
|
69
|
+
`codesummary whoami`
|
|
70
|
+
- persistent defaults: `codesummary config get/set/clear`
|
|
71
|
+
- default workflow: bare `codesummary`
|
|
72
|
+
- validation/diff before upload: `codesummary manifest`, `codesummary diff`
|
|
73
|
+
- export/local mode: `codesummary export`, `codesummary generate`
|
|
74
|
+
- CLI lifecycle: `codesummary version`, `codesummary update`
|
|
75
|
+
|
|
76
|
+
Intentional differences:
|
|
77
|
+
|
|
78
|
+
- `mint dev` previews a local docs project. CodeSummary docs are generated from
|
|
79
|
+
a source workspace and previewed in the hosted site/editor, so a `dev` command
|
|
80
|
+
should not be added until it can start a real local renderer or open a real
|
|
81
|
+
hosted draft preview.
|
|
82
|
+
- `mint validate`, `broken-links`, `a11y`, and `score` are docs-site checks.
|
|
83
|
+
CodeSummary should add equivalent commands after the renderer exposes a local
|
|
84
|
+
or hosted draft inspection API.
|
|
85
|
+
- `mint automations` maps more closely to future CodeSummary MCP/job tools than
|
|
86
|
+
to the initial source-ingestion CLI.
|
|
87
|
+
|
|
88
|
+
## Staging Gate
|
|
89
|
+
|
|
90
|
+
All CLI workflow changes should be proven against staging before production:
|
|
91
|
+
|
|
92
|
+
- Dashboard staging: `https://dashboard-staging.codesummary.io`
|
|
93
|
+
- AWS profile: `codesummary-staging`
|
|
94
|
+
- Upload bucket: `codesummary-manual-uploads-staging`
|
|
95
|
+
- Source snapshot bucket: `codesummary-source-snapshots-staging`
|
|
96
|
+
- Docs bucket: `codesummary-docs-staging`
|
|
97
|
+
- Runtime: dashboard OpenNext/Lambda/CloudFront plus backend Lambda/SQS/Batch
|
|
98
|
+
|
|
99
|
+
Current staging worker mode:
|
|
100
|
+
|
|
101
|
+
```text
|
|
102
|
+
CODESUMMARY_ENV=staging
|
|
103
|
+
CODESUMMARY_MOCK_GENERATION=true
|
|
104
|
+
```
|
|
105
|
+
|
|
106
|
+
Mock generation proves upload, manifest storage, worker extraction, repo docs,
|
|
107
|
+
site draft updates, and job status without spending model-provider credits. A
|
|
108
|
+
real provider-backed staging run still requires a staging provider account/key
|
|
109
|
+
with available credits.
|
|
110
|
+
|
|
111
|
+
No-spend staging check:
|
|
112
|
+
|
|
113
|
+
```bash
|
|
114
|
+
codesummary login --api-url https://dashboard-staging.codesummary.io
|
|
115
|
+
codesummary whoami
|
|
116
|
+
codesummary status
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
Provider-backed staging generation should only be run after explicitly stating
|
|
120
|
+
that it will spend provider credits.
|
|
121
|
+
|
|
122
|
+
## Next Hosted CLI Milestones
|
|
123
|
+
|
|
124
|
+
1. Add a dashboard UI for minting CLI/site-write tokens with clearer copy.
|
|
125
|
+
2. Add `codesummary sites` and `codesummary link --site <id>` so users can
|
|
126
|
+
choose among authorized sites instead of only relying on token scope.
|
|
127
|
+
3. Add `codesummary publish` for explicit publish from CLI, guarded by a
|
|
128
|
+
separate `publish:docs` token scope.
|
|
129
|
+
4. Done: add `codesummary diff` to show what changed since the last submitted
|
|
130
|
+
manifest or an explicit `--against` manifest.
|
|
131
|
+
|
|
132
|
+
## Local-Only / BYO Output Mode
|
|
133
|
+
|
|
134
|
+
Some users will want CodeSummary as a local harness without hosted ingestion.
|
|
135
|
+
That should be a separate mode, not bolted onto hosted submit.
|
|
136
|
+
|
|
137
|
+
Implemented commands:
|
|
138
|
+
|
|
139
|
+
```bash
|
|
140
|
+
codesummary export --output ./codesummary-export
|
|
141
|
+
codesummary export --output s3://my-bucket/path --include-archive
|
|
142
|
+
codesummary generate --provider codex --output ./docs
|
|
143
|
+
codesummary generate --provider openai --api-key-env OPENAI_API_KEY --output ./docs
|
|
144
|
+
codesummary generate --provider anthropic --api-key-env ANTHROPIC_API_KEY --output ./docs
|
|
145
|
+
codesummary configure --provider codex --output ./docs
|
|
146
|
+
codesummary generate
|
|
147
|
+
```
|
|
148
|
+
|
|
149
|
+
`export` creates a manifest bundle without using CodeSummary hosted
|
|
150
|
+
infrastructure. By default, it does not include source contents.
|
|
151
|
+
`--include-archive` is explicit opt-in for BYO local/S3 storage.
|
|
152
|
+
|
|
153
|
+
`generate` runs local inference. `codex` uses the user's local Codex
|
|
154
|
+
subscription/session through the Codex CLI. API-key providers read the key from a
|
|
155
|
+
local environment variable. CodeSummary does not receive the key and hosted
|
|
156
|
+
infrastructure is not called.
|
|
157
|
+
|
|
158
|
+
`configure` persists local generation defaults in `.codesummary/config.json`.
|
|
159
|
+
It stores provider choice, output directory, model, and API-key environment
|
|
160
|
+
variable name. It does not store provider key values. Bare `codesummary` is
|
|
161
|
+
reserved for the hosted interactive flow. Local generation stays explicit with
|
|
162
|
+
`codesummary generate` so local provider credits are never spent by surprise.
|
|
163
|
+
|
|
164
|
+
Design rules:
|
|
165
|
+
|
|
166
|
+
- no source archive upload to CodeSummary
|
|
167
|
+
- no hosted job unless the user explicitly selects hosted mode
|
|
168
|
+
- optional local export to markdown/json
|
|
169
|
+
- optional BYO S3 output using the user's AWS credentials
|
|
170
|
+
- optional BYO model key through environment variables
|
|
171
|
+
|
|
172
|
+
This mode should not require a CodeSummary API key unless hosted services are
|
|
173
|
+
used.
|
|
174
|
+
|
|
175
|
+
Remaining work:
|
|
176
|
+
|
|
177
|
+
- publish locally generated docs back to a linked CodeSummary site as generated
|
|
178
|
+
docs, without uploading raw source
|
|
179
|
+
- support direct S3 output for generated docs
|
|
180
|
+
- add richer file-planning and multi-pass generation for large repositories
|
|
181
|
+
- package the CLI as a closed-source distributable binary
|
|
182
|
+
|
|
183
|
+
## MCP Workflow
|
|
184
|
+
|
|
185
|
+
MCP should stay thin. It should call the same public API paths that the CLI uses
|
|
186
|
+
instead of owning separate ingestion logic.
|
|
187
|
+
|
|
188
|
+
Candidate tools:
|
|
189
|
+
|
|
190
|
+
- `codesummary_link_site`
|
|
191
|
+
- `codesummary_submit_workspace`
|
|
192
|
+
- `codesummary_job_status`
|
|
193
|
+
- `codesummary_diff_manifest`
|
|
194
|
+
- `codesummary_publish_site`
|
|
195
|
+
|
|
196
|
+
The MCP server should return concrete job ids, site ids, source ids, and next
|
|
197
|
+
commands so coding agents can continue without guessing.
|
|
198
|
+
|
|
199
|
+
## Manifests, Diffs, And Locks
|
|
200
|
+
|
|
201
|
+
Manifests should remain first-class:
|
|
202
|
+
|
|
203
|
+
- every submit sends file path, byte size, mtime, and sha256
|
|
204
|
+
- successful submits save `.codesummary/last-submitted-manifest.json`
|
|
205
|
+
- manifests are stored separately from temporary source archives
|
|
206
|
+
- source archives are temporary and should be deleted after worker processing
|
|
207
|
+
- manifests enable cheap diffing before upload
|
|
208
|
+
|
|
209
|
+
Concurrency rule:
|
|
210
|
+
|
|
211
|
+
- one active job per manual source
|
|
212
|
+
- later submits should return a clear conflict with the active job id
|
|
213
|
+
- future UX can offer `--replace-active` only if cancellation is implemented
|
|
214
|
+
|
|
215
|
+
## Source Adapters
|
|
216
|
+
|
|
217
|
+
Target adapter model:
|
|
218
|
+
|
|
219
|
+
```text
|
|
220
|
+
github
|
|
221
|
+
gitlab
|
|
222
|
+
bitbucket
|
|
223
|
+
azure_devops
|
|
224
|
+
cli
|
|
225
|
+
s3
|
|
226
|
+
local_export
|
|
227
|
+
api
|
|
228
|
+
```
|
|
229
|
+
|
|
230
|
+
Sites should link to one or more sources through a stable source id. The source
|
|
231
|
+
adapter determines how content arrives; sites should not care whether a source
|
|
232
|
+
came from GitHub, CLI, S3, or another provider.
|
|
233
|
+
|
|
234
|
+
## Security Defaults
|
|
235
|
+
|
|
236
|
+
- exclude `.codesummary`, `.env*`, npm/yarn auth files, git internals, build
|
|
237
|
+
caches, and dependency folders from uploads
|
|
238
|
+
- store product tokens only locally unless the user explicitly chooses hosted
|
|
239
|
+
auth storage
|
|
240
|
+
- never store source archives permanently in hosted mode
|
|
241
|
+
- keep manifests because they do not contain source contents
|
|
242
|
+
- separate knowledge-write, docs-read, and publish scopes
|