@eve-horizon/cli 0.0.1 → 0.1.0

package/README.md

@@ -19,7 +19,7 @@ Profiles store API URL, default org/project IDs, default harness, and Supabase a
 ```bash
 # Create or update a profile
 eve profile set local \
-  --api-url http://localhost:4701 \
+  --api-url http://localhost:4801 \
   --org org_defaulttestorg \
   --project proj_xxx
 
@@ -51,16 +51,19 @@ eve profile set prod \
 
 ## Auth
 
-Auth is **optional** per stack. When the server has `EVE_AUTH_ENABLED=false`, login is not required.
-Supabase settings can be stored in a profile or provided via `EVE_SUPABASE_URL` and
-`EVE_SUPABASE_ANON_KEY`.
+Auth is **required** for cloud stacks. The default flow uses GitHub SSH keys; Supabase remains an
+optional adapter for legacy deployments.
 
-The CLI will refresh access tokens automatically if a refresh token is available.
+The CLI will refresh Supabase access tokens automatically if a refresh token is available.
 
 ```bash
-# Login (cloud)
+# SSH login (default)
+eve auth login --email you@example.com --ssh-key ~/.ssh/id_ed25519
+
+# Supabase login (optional)
 eve auth login --email you@example.com --password '...' \
-  --profile prod
+  --supabase-url https://your-project.supabase.co \
+  --supabase-anon-key <anon-key>
 
 # Status / whoami
 eve auth status
@@ -100,6 +103,15 @@ Jobs created without a `--phase` flag default to `ready`, making them immediatel
 eve job create --description "Fix the login bug in auth.ts"
 eve job create --description "Add dark mode" --priority 1 --harness mclaude
 
+# Create a job with git controls
+eve job create \
+  --description "Fix checkout" \
+  --git-ref main \
+  --git-branch job/fix-checkout \
+  --git-create-branch if_missing \
+  --git-commit auto \
+  --git-push on_success
+
 # List and filter jobs
 eve job list --phase ready
 eve job ready                    # Schedulable jobs (ready, not blocked)
@@ -271,5 +283,4 @@ Local dev/ops tooling:
 ./bin/eh dev start
 ./bin/eh k8s start     # Default runtime
 ./bin/eh docker start  # Quick dev loop
-./bin/eh db migrate
 ```

package/dist/commands/admin.js

@@ -0,0 +1,84 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleAdmin = handleAdmin;
+const args_1 = require("../lib/args");
+const client_1 = require("../lib/client");
+const output_1 = require("../lib/output");
+async function handleAdmin(subcommand, positionals, flags, context) {
+    const json = Boolean(flags.json);
+    switch (subcommand) {
+        case 'invite': {
+            const githubUsername = (0, args_1.getStringFlag)(flags, ['github']);
+            const email = (0, args_1.getStringFlag)(flags, ['email']);
+            const role = (0, args_1.getStringFlag)(flags, ['role']) ?? 'member';
+            const orgId = (0, args_1.getStringFlag)(flags, ['org']) ?? context.orgId;
+            if (!email) {
+                throw new Error('Usage: eve admin invite --email <email> [--github <username>] [--role <role>] [--org <org_id>]');
+            }
+            if (!['owner', 'admin', 'member'].includes(role)) {
+                throw new Error(`Invalid role: ${role}. Must be one of: owner, admin, member`);
+            }
+            const results = {
+                keys_registered: 0,
+                identities: [],
+            };
+            // Fetch and register GitHub SSH keys if username provided
+            if (githubUsername) {
+                const keys = await fetchGitHubKeys(githubUsername);
+                if (keys.length === 0) {
+                    throw new Error(`No SSH keys found for GitHub user: ${githubUsername}`);
+                }
+                for (const publicKey of keys) {
+                    const identity = await (0, client_1.requestJson)(context, '/auth/identities', {
+                        method: 'POST',
+                        body: {
+                            email,
+                            public_key: publicKey,
+                            label: `github-${githubUsername}`,
+                        },
+                    });
+                    results.identities.push(identity);
+                    results.keys_registered += 1;
+                }
+            }
+            // Add user to org if org_id provided
+            if (orgId) {
+                // Get user_id from the first registered identity, or look up by email
+                let userId;
+                if (results.identities.length > 0) {
+                    userId = results.identities[0].user_id;
+                }
+                if (userId) {
+                    const membership = await (0, client_1.requestJson)(context, `/orgs/${orgId}/members`, {
+                        method: 'POST',
+                        body: {
+                            user_id: userId,
+                            role,
+                        },
+                    });
+                    results.membership = membership;
+                }
+            }
+            const summary = [
+                `Invited ${email}`,
+                results.keys_registered > 0 ? `${results.keys_registered} SSH key(s) registered` : null,
+                results.membership ? `Added to ${orgId} as ${role}` : null,
+            ].filter(Boolean).join(', ');
+            (0, output_1.outputJson)(results, json, `+ ${summary}`);
+            return;
+        }
+        default:
+            throw new Error('Usage: eve admin <invite>');
+    }
+}
+async function fetchGitHubKeys(username) {
+    const response = await fetch(`https://github.com/${username}.keys`);
+    if (!response.ok) {
+        if (response.status === 404) {
+            throw new Error(`GitHub user not found: ${username}`);
+        }
+        throw new Error(`Failed to fetch GitHub keys: HTTP ${response.status}`);
+    }
+    const text = await response.text();
+    return text.trim().split('\n').filter(k => k.length > 0);
+}