@cognite/cli 0.6.0-alpha.8 → 0.7.0

package/README.md

@@ -1,6 +1,6 @@
 # @cognite/cli
 
-Build and deploy React apps to [Cognite Data Fusion](https://docs.cognite.com/).
+Build and deploy React apps to [Cognite Data Fusion](https://docs.cognite.com/). Apps built with this CLI run inside Cognite Flows — Cognite's app-hosting platform for embedding custom UIs in CDF.
 
 ## Quick start
 
@@ -12,34 +12,10 @@ npx @cognite/cli apps create
 
 This prompts for your app name, org, project, and cluster, then generates a fully configured React + TypeScript project.
 
-> Top-level commands (`dune create`, `dune deploy`, `dune deploy:interactive`, `dune skills`) still work as deprecated aliases that print a one-line warning. Migrate to `dune apps <verb>`.
-
 ## Authentication
 
 New apps created with `npx @cognite/cli apps create` depend on [`@cognite/app-sdk`](https://www.npmjs.com/package/@cognite/app-sdk) — **not `@cognite/cli`** — for auth and host integration. `@cognite/cli` is the CLI used to scaffold, develop, and deploy the app; the generated app itself talks to the Fusion app host via `@cognite/app-sdk`'s Comlink handshake. The template wires this up for you.
 
-### Legacy apps (`--classic`)
-
-Apps created with `--classic` use the older Files API path and wrap their root in `DuneAuthProvider` from `@cognite/dune/auth`:
-
-```tsx
-import { DuneAuthProvider, useDune } from '@cognite/dune/auth';
-
-function App() {
-  const { sdk, isLoading } = useDune();
-  if (isLoading) return <div>Loading...</div>;
-  return <MyApp sdk={sdk} />;
-}
-
-export default function Root() {
-  return (
-    <DuneAuthProvider>
-      <App />
-    </DuneAuthProvider>
-  );
-}
-```
-
 ## Deployment
 
 Deploy interactively via browser OAuth:
@@ -58,7 +34,7 @@ Deployment targets are configured in `app.json` at the project root.
 
 ## AI skills
 
-Skills guide your AI agent (Claude Code, Cursor, etc.) through Dune-specific tasks like adding auth, building chat UIs, or reviewing code. They are pulled automatically on `npx @cognite/cli apps create` and can be synced later:
+Skills guide your AI agent (Claude Code, Cursor, etc.) through CDF app-specific tasks like adding auth, building chat UIs, or reviewing code. They are pulled automatically on `npx @cognite/cli apps create` and can be synced later:
 
 ```bash
 npx @cognite/cli apps skills pull
@@ -100,14 +76,14 @@ pnpm mock:deploy
 
 | Env var | Purpose |
 |---|---|
-| `DUNE_BASE_URL=http://localhost:9090` | Overrides `baseUrl` from `app.json` — all API calls go to the mock |
-| `DUNE_DEPLOY_TOKEN=test-token` | Skips OAuth entirely — no real client secret needed |
+| `COGNITE_BASE_URL=http://localhost:9090` | Overrides `baseUrl` from `app.json` — all API calls go to the mock |
+| `COGNITE_TOKEN=test-token` | Skips OAuth entirely — no real client secret needed |
 
 To test against your own app instead of the fixture:
 
 ```bash
 cd apps/my-app
-DUNE_DEPLOY_TOKEN=test-token DUNE_BASE_URL=http://localhost:9090 pnpm exec dune apps deploy --skip-build
+COGNITE_TOKEN=test-token COGNITE_BASE_URL=http://localhost:9090 pnpm exec dune apps deploy --skip-build
 ```
 
 #### Simulating error scenarios
@@ -132,7 +108,6 @@ MOCK_SCENARIO=403 pnpm mock:server
 | `republish` | `ensureApp` recovers (409), then `uploadVersion` fails (409 — version already published) |
 
 The mock server and MSW handlers live in `cli/testing/msw/`. The same handlers are used by the Vitest integration tests in `src/deploy/apphosting-deployer.msw.test.ts`.
-
 ## Maintenance
 
 ### Updating the spec-kit vendor snapshot
@@ -140,7 +115,7 @@ The mock server and MSW handlers live in `cli/testing/msw/`. The same handlers a
 The AI skill commands under `_vendor/spec-kit/` are generated by [spec-kit](https://github.com/github/spec-kit) and checked in. To update to a new release, pass the target tag (requires [`uv`](https://docs.astral.sh/uv/), which provides `uvx`):
 
 ```bash
-pnpm --filter @cognite/dune refresh-spec-kit v0.9.0
+pnpm --filter @cognite/cli refresh-spec-kit v0.9.0
 ```
 
 The refresh script stages the generated commands, templates, and shell scripts before replacing `_vendor/spec-kit/`. Then review the diff under `_vendor/spec-kit/` and commit it.

package/_templates/app/new/config/vite.config.ts.ejs.t

@@ -3,7 +3,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>vite.config.ts'
 ---
 import path from 'node:path';
 
-import { fusionOpenPlugin } from '@cognite/dune/vite';
+import { fusionOpenPlugin, manifestCspPlugin } from '@cognite/app-sdk/vite';
 import tailwindcss from '@tailwindcss/vite';
 import react from '@vitejs/plugin-react';
 import { defineConfig } from 'vite';
@@ -11,7 +11,9 @@ import mkcert from 'vite-plugin-mkcert';
 
 export default defineConfig({
   base: './',
-  plugins: [react(), mkcert(), fusionOpenPlugin(), tailwindcss()],
+  // manifestCspPlugin() must stay first — its middleware sets the
+  // Content-Security-Policy header before any HTML response is sent.
+  plugins: [manifestCspPlugin(), react(), mkcert(), fusionOpenPlugin(), tailwindcss()],
   resolve: {
     alias: {
       '@': path.resolve(__dirname, './src'),

package/_templates/app/new/root/app.json.ejs.t

@@ -2,13 +2,11 @@
 to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>app.json'
 ---
 {
-  "name": "<%= displayName %>",
-  "description": "<%= description %>",
+  "name": <%- JSON.stringify(displayName) %>,
+  "description": <%- JSON.stringify(description) %>,
   "externalId": "<%= name %>",
   "versionTag": "0.0.1",
-<% if (infra === 'appsApi') { -%>
   "infra": "appsApi",
-<% } -%>
   "deployments": [
     {
       "org": "<%= org %>",
@@ -16,7 +14,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>app.json'
       "baseUrl": "<%= baseUrl %>",
       "published": false,
       "deployClientId": "",
-      "deploySecretName": "<%= org %>_<%= project %>_<%= cluster %>"
+      "deploySecretName": "<%= (org + '_' + project + '_' + cluster).replace(/-/g, '_').toUpperCase() %>"
     }
   ]
 }

package/_templates/app/new/root/manifest.json.ejs.t

@@ -0,0 +1,9 @@
+---
+to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>manifest.json'
+---
+{
+  "manifestVersion": 1,
+  "permissions": {
+    "network": []
+  }
+}

package/_templates/app/new/root/package.json.ejs.t

@@ -20,16 +20,13 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "test:ui": "vitest --ui",
     "lint": "eslint . --ext .js,.mjs,.cjs,.ts,.tsx",
     "lint:fix": "eslint . --fix --ext .js,.mjs,.cjs,.ts,.tsx",
-    "deploy": "npx @cognite/dune@latest deploy:interactive --published",
-    "deploy-preview": "npx @cognite/dune@latest deploy:interactive"
+    "deploy": "npx @cognite/cli@latest apps deploy --interactive --published",
+    "deploy-preview": "npx @cognite/cli@latest apps deploy --interactive"
   },
   "dependencies": {
     "@cognite/aura": "^0.1.7",
     "@cognite/sdk": "^10.3.0",
-    "@cognite/dune": "^3.1.3",
-<% if (infra === 'appsApi') { -%>
-    "@cognite/app-sdk": "^0.3.0",
-<% } -%>
+    "@cognite/app-sdk": "^0.4.0",
     "@tabler/icons-react": "^3.35.0",
     "@tanstack/react-query": "^5.90.10",
     "clsx": "^2.1.1",
@@ -60,7 +57,7 @@ to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>package.json'
     "tailwindcss": "^4.1.17",
     "typescript": "^5.0.0",
     "typescript-eslint": "^8.46.4",
-    "vite": "^7.2.4",
+    "vite": "7.3.2",
     "vite-plugin-mkcert": "^1.17.9",
     "vitest": "^2.1.8"
   }

package/_templates/app/new/src/App.test.tsx.ejs.t

@@ -40,6 +40,6 @@ describe('App', () => {
     expect(screen.getByText('<%= org %>')).toBeInTheDocument();
     expect(screen.getByText('<%= project %>')).toBeInTheDocument();
     expect(screen.getAllByText(/SPEC\.md/).length).toBeGreaterThan(0);
-    expect(screen.getByText(/deploy:interactive/)).toBeInTheDocument();
+    expect(screen.getByText(/apps deploy --interactive/)).toBeInTheDocument();
   });
 });

package/_templates/app/new/src/App.tsx.ejs.t

@@ -1,9 +1,7 @@
 ---
 to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>src/App.tsx'
 ---
-<% if (infra === 'appsApi') { -%>
 import { connectToHostApp } from '@cognite/app-sdk';
-<% } -%>
 import {
   Alert,
   AlertDescription,
@@ -19,13 +17,8 @@ import {
   Loader,
   Separator,
 } from '@cognite/aura/components';
-<% if (infra !== 'appsApi') { -%>
-import { useDune } from '@cognite/dune';
-<% } -%>
 import { IconCaretUpDown, IconRocket } from '@tabler/icons-react';
-<% if (infra === 'appsApi') { -%>
 import { useEffect, useState } from 'react';
-<% } -%>
 
 import appConfig from '../app.json';
 
@@ -62,7 +55,7 @@ const CHECKLIST_STEPS = [
     badge: 'Step 3',
     body: (
       <>
-        When ready to deploy, run <code>npx @cognite/dune deploy:interactive</code> in the terminal. Your app will
+        When ready to deploy, run <code>npx @cognite/cli apps deploy --interactive</code> in the terminal. Your app will
         appear in the Fusion portal under Custom apps. Run the command again to redeploy new changes.
       </>
     ),
@@ -70,7 +63,6 @@ const CHECKLIST_STEPS = [
 ] as const;
 
 function App() {
-<% if (infra === 'appsApi') { -%>
   // Connect to the Fusion host via @cognite/app-sdk. The handshake is
   // asynchronous — `project` is only populated after Comlink finishes
   // exposing the host API, so we render a loader until then.
@@ -98,9 +90,6 @@ function App() {
       cancelled = true;
     };
   }, []);
-<% } else { -%>
-  const { sdk, isLoading, error } = useDune();
-<% } -%>
 
   if (isLoading) {
     return (
@@ -121,7 +110,6 @@ function App() {
     );
   }
 
-<% if (infra === 'appsApi') { -%>
   if (error) {
     return (
       <main className="min-h-screen bg-muted/50 text-foreground">
@@ -135,29 +123,10 @@ function App() {
       </main>
     );
   }
-<% } else { -%>
-  if (error) {
-    return (
-      <main className="min-h-screen bg-muted/50 text-foreground">
-        <section className="mx-auto flex min-h-screen w-full max-w-lg flex-col justify-center p-4 sm:p-8">
-          <div className="mx-auto w-full max-w-sm">
-            <Alert>
-              <AlertDescription>{error}</AlertDescription>
-            </Alert>
-          </div>
-        </section>
-      </main>
-    );
-  }
-<% } -%>
 
   const deployment = appConfig.deployments?.[0];
   const orgLabel = deployment?.org ?? '';
-<% if (infra === 'appsApi') { -%>
   const projectLabel = deployment?.project ?? project ?? '';
-<% } else { -%>
-  const projectLabel = deployment?.project ?? sdk.project;
-<% } -%>
 
   return (
     <main className="min-h-screen bg-muted/50 text-foreground">

package/_templates/app/new/src/main.tsx.ejs.t

@@ -1,9 +1,6 @@
 ---
 to: '<%= useCurrentDir ? "" : ((directoryName || name) + "/") %>src/main.tsx'
 ---
-<% if (infra !== 'appsApi') { -%>
-import { DuneAuthProvider } from '@cognite/dune';
-<% } -%>
 import { QueryClient, QueryClientProvider } from '@tanstack/react-query';
 import React from 'react';
 import ReactDOM from 'react-dom/client';
@@ -24,13 +21,7 @@ const queryClient = new QueryClient({
 ReactDOM.createRoot(document.getElementById('root')!).render(
   <React.StrictMode>
     <QueryClientProvider client={queryClient}>
-<% if (infra === 'appsApi') { -%>
       <App />
-<% } else { -%>
-      <DuneAuthProvider>
-        <App />
-      </DuneAuthProvider>
-<% } -%>
     </QueryClientProvider>
   </React.StrictMode>
 );

package/_vendor/spec-kit/README.md

@@ -13,7 +13,7 @@ Instead, Dune maintainers refresh spec-kit inside this monorepo, commit the sele
 The refresh script is for Dune monorepo maintainers only:
 
 ```sh
-pnpm --filter @cognite/dune refresh-spec-kit <tag>
+pnpm --filter @cognite/cli refresh-spec-kit <tag>
 ```
 
 It requires `uv` locally, which provides `uvx`. That is acceptable for maintainers; it must not become a requirement for generated Dune apps.

package/dist/auth/index.d.ts

@@ -0,0 +1,51 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import * as react from 'react';
+import { ReactNode } from 'react';
+import { CogniteClient } from '@cognite/sdk';
+
+interface AppSdkAuthProviderProps {
+    children: ReactNode;
+    loadingComponent?: ReactNode;
+    errorComponent?: (error: string) => ReactNode;
+}
+/**
+ * Auth provider for apps running in the new Fusion app host (dune-app-host).
+ * Uses @cognite/app-sdk's Comlink handshake to connect to the host and obtain
+ * tokens on-demand. Exposes the same DuneContextValue ({ sdk, isLoading,
+ * error }) as DuneAuthProvider so useDune() works unchanged.
+ */
+declare const AppSdkAuthProvider: ({ children, loadingComponent, errorComponent, }: AppSdkAuthProviderProps) => react_jsx_runtime.JSX.Element;
+
+interface DuneContextValue {
+    sdk: CogniteClient;
+    isLoading: boolean;
+    error?: string;
+}
+declare const DuneAuthProviderContext: react.Context<DuneContextValue>;
+interface DuneAuthProviderProps {
+    children: ReactNode;
+    useIFrameAuthentication?: boolean;
+    useLocalConfiguration?: {
+        org: string;
+        project: string;
+        baseUrl: string;
+    };
+    loadingComponent?: ReactNode;
+    errorComponent?: (error: string) => ReactNode;
+}
+declare const DuneAuthProvider: ({ children, loadingComponent, errorComponent, }: DuneAuthProviderProps) => react_jsx_runtime.JSX.Element;
+
+declare const useDune: () => DuneContextValue;
+
+interface CDFConfig {
+    project: string;
+    baseUrl: string;
+    clientId: string;
+    clientSecret: string;
+    appId?: string;
+}
+declare const getToken: (clientId: string, clientSecret: string) => Promise<any>;
+declare const createCDFSDK: (config: CDFConfig) => Promise<CogniteClient>;
+declare const EMPTY_SDK: CogniteClient;
+
+export { AppSdkAuthProvider, type CDFConfig, DuneAuthProvider, DuneAuthProviderContext, type DuneAuthProviderProps, type DuneContextValue, EMPTY_SDK, createCDFSDK, getToken, useDune };

package/dist/auth/index.js

@@ -0,0 +1 @@
+import{a,b,c,d,e,f,g}from"../chunk-QGJ3VKXY.js";import"../chunk-EI7MMDWY.js";export{f as AppSdkAuthProvider,e as DuneAuthProvider,d as DuneAuthProviderContext,c as EMPTY_SDK,b as createCDFSDK,a as getToken,g as useDune};

package/dist/chunk-A5ASLC6T.js

@@ -0,0 +1,7 @@
+var r=Object.defineProperty;var s=(l,i)=>r(l,"name",{value:i,configurable:!0});import{execFileSync as c}from"child_process";import{createRequire as a}from"module";import{InvalidArgumentError as p}from"commander";var e="cognitedata/builder-skills",o=["claude-code","cursor"],t=o.flatMap(l=>["-a",l]),u=a(import.meta.url).resolve("skills/bin/cli.mjs");function n(l,i={}){c(process.execPath,[u,...l],{stdio:"inherit",cwd:process.cwd(),...i})}s(n,"execSkillsCli");function S(){return["add",e,...t,"--skill","*","-y"]}s(S,"pullAllArgs");function d(l){if(!/^[\w.-]+\/[\w.-]+$/.test(l))throw new p("Expected owner/repo format (e.g., cognitedata/builder-skills)");return l}s(d,"validateSource");function m(l){let i=["add",l.source,...t];return l.skill?i.push("--skill",l.skill):l.interactive||i.push("--skill","*","-y"),l.global&&i.push("--global"),i}s(m,"buildPullArgs");function k(l){console.log(`\u{1F504} Pulling skills from ${l.source}...`),n(m(l)),console.log(`
+\u2705 Skills pulled successfully`)}s(k,"handlePull");function P(l){let i=l.command("skills").summary("Manage AI agent skills for your app").description(`Manage AI agent skills for your app.
+Supports: ${o.join(", ")}`).addHelpText("after",`
+Examples:
+  npx @cognite/cli apps skills pull                               Pull all skills
+  npx @cognite/cli apps skills pull --skill create-client-tool    Pull a specific skill
+  npx @cognite/cli apps skills list                               List installed skills`);return i.command("pull").description("Pull all skills into your project").option("--source <owner/repo>","Skills repository",d,e).option("--skill <name>","Pull a specific skill by name").option("-i, --interactive","Interactively select which skills to install",!1).option("--global","Install skills globally",!1).action(k),i.command("list").description("List installed skills").action(()=>{n(["list"])}),i}s(P,"registerSkillsCommand");export{s as a,n as b,S as c,m as d,P as e};

package/dist/chunk-EI7MMDWY.js

@@ -0,0 +1 @@
+var c=Object.defineProperty;var d=(a,b)=>c(a,"name",{value:b,configurable:!0});export{d as a};

package/dist/chunk-QGJ3VKXY.js

@@ -0,0 +1 @@
+import{a as t}from"./chunk-EI7MMDWY.js";import{connectToHostApp as b}from"@cognite/app-sdk";import{CogniteClient as U}from"@cognite/sdk";import{useEffect as N,useState as v}from"react";import{CogniteClient as R}from"@cognite/sdk";import{createContext as I,useEffect as L,useState as P}from"react";import{CogniteClient as A}from"@cognite/sdk";var D=t(async(n,e)=>{let o=`Basic ${btoa(`${n}:${e}`)}`;return(await(await fetch("https://auth.cognite.com/oauth2/token",{method:"POST",headers:{Authorization:o,"Content-Type":"application/x-www-form-urlencoded"},body:new URLSearchParams({grant_type:"client_credentials"})})).json()).access_token},"getToken"),T=t(async n=>{let{project:e,baseUrl:o,clientId:r,clientSecret:d,appId:c="cdf-authentication-package"}=n;if(!e||!o||!r||!d)throw new Error("Missing required configuration. Please provide: project, baseUrl, clientId, clientSecret");let u=new A({appId:c,project:e,baseUrl:o,oidcTokenProvider:t(async()=>await D(r,d),"oidcTokenProvider")});return await u.authenticate(),u},"createCDFSDK"),p=new A({appId:"cdf-authentication-package",project:"",oidcTokenProvider:t(async()=>"","oidcTokenProvider")}),E=t(()=>{console.log("\u{1F511} Requesting credentials from parent..."),window.parent&&window.parent!==window&&window.parent.postMessage({type:"REQUEST_CREDENTIALS"},"*")},"requestCredentials"),S=t(n=>{if(n.data?.type==="PROVIDE_CREDENTIALS"&&n.data?.credentials){let e=n.data.credentials;if(e.token&&e.baseUrl&&e.project)return console.log("\u{1F389} useCredentials received credentials:",{hasToken:!!e.token,tokenLength:e.token?.length||0,project:e.project,baseUrl:e.baseUrl}),e}},"handleCredentialsResponse");import{Fragment as w,jsx as l,jsxs as x}from"react/jsx-runtime";var g=I({sdk:p,isLoading:!1}),y=t(({children:n,loadingComponent:e=l("div",{children:"Loading CDF authentication..."}),errorComponent:o=t(r=>x("div",{children:["Authentication error: ",r]}),"errorComponent")})=>l(_,{loadingComponent:e,errorComponent:o,children:n}),"DuneAuthProvider"),_=t(({children:n,loadingComponent:e=l("div",{children:"Loading CDF authentication..."}),errorComponent:o=t(r=>x("div",{children:["Authentication error: ",r]}),"errorComponent")})=>{let[r,d]=P(!0),[c,u]=P(p),[s]=P();return L(()=>{E();let f=t(async i=>{console.log("\u{1F50D} Handling message from Fusion");let a=S(i);if(!a)return;let h=new R({appId:"dune-app",project:a.project,baseUrl:a.baseUrl,oidcTokenProvider:t(async()=>a.token,"oidcTokenProvider")});await h.authenticate(),u(h),d(!1)},"handleMessage");return console.log("\u{1F50D} Adding message listener"),window.addEventListener("message",f),()=>window.removeEventListener("message",f)},[]),console.log("\u{1F50D} CDFIframeAuthenticationInnerProvider",c,r,s),s&&o?l(w,{children:o(s)}):r&&e?l(w,{children:e}):l(g.Provider,{value:{sdk:c,isLoading:r,error:s},children:n})},"FusionIframeAuthenticationInnerProvider");import{Fragment as k,jsx as C,jsxs as j}from"react/jsx-runtime";var F=t(({children:n,loadingComponent:e=C("div",{children:"Loading CDF authentication..."}),errorComponent:o=t(r=>j("div",{children:["Authentication error: ",r]}),"errorComponent")})=>{let[r,d]=v(p),[c,u]=v(!0),[s,f]=v();return N(()=>{b().then(async({api:i})=>{let[a,h]=await Promise.all([i.getProject(),i.getBaseUrl()]),m=new U({appId:"dune-app",project:a,baseUrl:h,oidcTokenProvider:t(async()=>i.getAccessToken(),"oidcTokenProvider")});await m.authenticate(),d(m),f(void 0)}).catch(i=>{let a=i instanceof Error?i.message:String(i);f(a)}).finally(()=>{u(!1)})},[]),s&&o?C(k,{children:o(s)}):c&&e?C(k,{children:e}):C(g.Provider,{value:{sdk:r,isLoading:c,error:s},children:n})},"AppSdkAuthProvider");import{useContext as M}from"react";var Y=t(()=>{let n=M(g);if(!n)throw new Error("useDune must be used within a DuneAuthProvider");return n},"useDune");export{D as a,T as b,p as c,g as d,y as e,F as f,Y as g};