@fiodos/cli 0.1.0 → 0.1.3

package/src/wireWeb.js

@@ -206,7 +206,7 @@ function printMountPreview(plan, colors) {
 }
 
 async function wireWebOrb(appRoot, opts = {}) {
-  const { colors = {}, assumeYes = false, noWire = false } = opts;
+  const { colors = {}, assumeYes = false, noWire = false, runTest = true } = opts;
   if (noWire) return { status: 'skipped' };
 
   const framework = detectFramework(appRoot);
@@ -232,20 +232,53 @@ async function wireWebOrb(appRoot, opts = {}) {
     return { status: 'declined', file: plan.rel };
   }
 
+  const build = async () => {
+    try {
+      return await runPostWireTest(appRoot, { timeoutMs: 180000 });
+    } catch (e) {
+      return { ok: false, stage: 'runner', command: '(runner)', output: String((e && e.message) || e) };
+    }
+  };
+
   const backups = backupFiles(plan.files);
   try {
     applyMount(plan);
     if (!verifyMounted(plan)) {
-      throw new Error('post-edit verification failed — FiodosAgent not found in edited files');
+      revertFiles(backups);
+      printSnippet(target, framework, colors, appRoot, 'post-edit verification failed — FiodosAgent not found in edited files');
+      return { status: 'failed', file: plan.rel };
     }
-    const test = await runPostWireTest(appRoot, { timeoutMs: 180000 });
-    if (!test.ok && test.stage !== 'skipped-no-deps') {
+
+    // The orb is a single, trivial component mount — it must APPEAR. We therefore
+    // only revert when WE are demonstrably the cause: the app built fine on its
+    // own but breaks once the orb is mounted (e.g. the SDK package isn't installed
+    // yet). A pre-existing build failure, a timeout, or a missing toolchain must
+    // NOT make the orb vanish — that was the silent "orb never shows up" bug.
+    // Fast path: one build. Only when it fails do we spend a second build (on the
+    // reverted original) to tell "we broke it" from "it was already broken".
+    if (runTest) {
+      const test = await build();
+      if (test.ok || test.stage === 'skipped-no-deps') {
+        writeConsentDoc(appRoot, plan);
+        return { status: 'added', file: plan.rel, test };
+      }
+      // Build failed with the orb mounted — was the app building WITHOUT it?
       revertFiles(backups);
-      printSnippet(target, framework, colors, appRoot, `build/typecheck failed after mount — reverted (${test.command})`);
-      return { status: 'reverted', file: plan.rel, test, reason: test.output };
+      const baseline = await build();
+      if (baseline.ok) {
+        // Built before, fails now → the mount is the regression. Keep it reverted.
+        printSnippet(target, framework, colors, appRoot, `mount caused a build regression — reverted (${test.command})`);
+        return { status: 'reverted', file: plan.rel, test, reason: test.output };
+      }
+      // It was already not building (or not verifiable) before us → keep the orb.
+      applyMount(plan);
+      verifyMounted(plan);
+      writeConsentDoc(appRoot, plan);
+      return { status: 'added', file: plan.rel, test, preexistingFailure: true };
     }
+
     writeConsentDoc(appRoot, plan);
-    return { status: 'added', file: plan.rel, test };
+    return { status: 'added', file: plan.rel };
   } catch (err) {
     revertFiles(backups);
     printSnippet(target, framework, colors, appRoot, err.message || String(err));
@@ -259,7 +292,9 @@ function reportWireResult(result, colors = {}) {
   switch (result.status) {
     case 'added':
       console.error(`${tag} · ✓ orb added to ${result.file}. Start your web app (e.g. \`npm run dev\`) to see it.`);
-      if (result.test && result.test.stage === 'skipped-no-deps') {
+      if (result.preexistingFailure) {
+        console.error(`${tag} · ${dim || ''}Note: your app was ALREADY not building before the orb was added (${result.test && result.test.stage}); not caused by Fiodos — the orb is kept so it appears once your build is fixed.${reset || ''}`);
+      } else if (result.test && result.test.stage === 'skipped-no-deps') {
         console.error(`${tag} · ${dim || ''}build not verified (no node_modules) — run npm install && npm run build locally.${reset || ''}`);
       } else if (result.test && result.test.ok) {
         console.error(`${tag} · ✓ ${result.test.command} passed after mount.`);

package/src/writeEnv.js

@@ -0,0 +1,230 @@
+/**
+ * writeEnv — optional, consent-based convenience that ties the app's RUNTIME
+ * key/URL to the SAME key/URL the CLI just published with.
+ *
+ * The #1 silent-failure cause is a mismatch: you publish with key A against
+ * production, but your app runs with key B against localhost, so the orb fetches
+ * its manifest from the wrong place, finds nothing, and renders invisibly. This
+ * removes the second manual copy of the key by offering to write it into the
+ * correct env file for the detected framework.
+ *
+ * SAFEGUARDS (mirrors the handler-wiring philosophy — never act blindly):
+ *  - Never overwrites silently: if the var exists and DIFFERS, it warns and asks.
+ *  - Always asks for consent (unless --yes), showing the exact file/var/value.
+ *  - Warns to keep the key out of git (suggests .gitignore) for committed files.
+ *  - On unknown framework / no package.json / Angular (no .env convention), it
+ *    does NOT write — it prints manual instructions instead.
+ */
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+const readline = require('readline');
+
+function readJsonSafe(file) {
+  try {
+    return JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Decide which env file + variable names the detected framework uses. Returns
+ * null when there is no safe .env convention to write (Angular, or unknown).
+ */
+function resolveEnvPlan(appRoot) {
+  const pkg = readJsonSafe(path.join(appRoot, 'package.json'));
+  const has = (rel) => fs.existsSync(path.join(appRoot, rel));
+  if (!pkg && !has('angular.json')) {
+    return { framework: null, file: null, keyVar: null, urlVar: null };
+  }
+  const deps = pkg ? { ...(pkg.dependencies || {}), ...(pkg.devDependencies || {}) } : {};
+
+  if (deps.next) {
+    return { framework: 'next', file: '.env.local', keyVar: 'NEXT_PUBLIC_FYODOS_API_KEY', urlVar: 'NEXT_PUBLIC_FYODOS_API_URL' };
+  }
+  if (deps['@angular/core'] || has('angular.json')) {
+    // Angular has no .env convention (values live in environment.ts), so we
+    // never write a file blindly — the caller prints manual guidance instead.
+    return { framework: 'angular', file: null, keyVar: null, urlVar: null };
+  }
+  if (
+    deps['@sveltejs/kit'] ||
+    deps.svelte ||
+    deps.vue ||
+    deps['@vitejs/plugin-vue'] ||
+    deps.vite ||
+    deps['@vitejs/plugin-react'] ||
+    deps['react-scripts']
+  ) {
+    return { framework: 'vite', file: '.env', keyVar: 'VITE_FYODOS_API_KEY', urlVar: 'VITE_FYODOS_API_URL' };
+  }
+  return { framework: null, file: null, keyVar: null, urlVar: null };
+}
+
+/** Find the value of VAR in the parsed lines, or undefined if not present. */
+function readEnvVar(lines, name) {
+  const re = new RegExp(`^\\s*${name}\\s*=(.*)$`);
+  for (const line of lines) {
+    const m = line.match(re);
+    if (m) return stripQuotes(m[1].trim());
+  }
+  return undefined;
+}
+
+function stripQuotes(v) {
+  return v.replace(/^['"]/, '').replace(/['"]$/, '');
+}
+
+/** Upsert VAR=value: replace the existing line, or append a new one. */
+function upsertEnvVar(lines, name, value) {
+  const re = new RegExp(`^\\s*${name}\\s*=`);
+  const idx = lines.findIndex((l) => re.test(l));
+  if (idx >= 0) {
+    lines[idx] = `${name}=${value}`;
+    return lines;
+  }
+  lines.push(`${name}=${value}`);
+  return lines;
+}
+
+function maskKey(key) {
+  if (!key) return '';
+  return key.length <= 14 ? key : `${key.slice(0, 12)}…`;
+}
+
+function askYesNo(question) {
+  return new Promise((resolve) => {
+    if (!process.stdin.isTTY) {
+      resolve(false);
+      return;
+    }
+    const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(/^(y|yes|s|si|sí)/i.test((answer || '').trim()));
+    });
+  });
+}
+
+function isGitIgnored(appRoot, fileName) {
+  const gi = path.join(appRoot, '.gitignore');
+  if (!fs.existsSync(gi)) return false;
+  try {
+    const content = fs.readFileSync(gi, 'utf8');
+    const patterns = content.split('\n').map((l) => l.trim());
+    return patterns.some(
+      (p) => p === fileName || p === `/${fileName}` || p === '.env*' || p === '*.local' || p === '.env.local',
+    );
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Offer to write key/URL to the app's env file. `log` is the branded logUser.
+ * Returns a short status string for the final report.
+ */
+async function offerWriteEnv({ appRoot, apiKey, apiUrl, defaultApiUrl, assumeYes, log }) {
+  if (!apiKey) return 'skipped (no API key)';
+
+  const plan = resolveEnvPlan(appRoot);
+  if (!plan.file) {
+    if (plan.framework === 'angular') {
+      log(
+        'Angular does not use .env: put these values in src/environments/environment.ts → ' +
+          `fyodosApiKey: '${maskKey(apiKey)}', fyodosApiUrl: '${apiUrl}'`,
+      );
+      return 'manual (angular)';
+    }
+    log(
+      'Could not identify the framework with confidence; add by hand to your .env: ' +
+        `(NEXT_PUBLIC_/VITE_)FYODOS_API_KEY=${maskKey(apiKey)} and the API URL ${apiUrl}`,
+    );
+    return 'manual (unknown framework)';
+  }
+
+  const filePath = path.join(appRoot, plan.file);
+  const exists = fs.existsSync(filePath);
+  const raw = exists ? fs.readFileSync(filePath, 'utf8') : '';
+  const lines = raw.length ? raw.replace(/\n$/, '').split('\n') : [];
+
+  const currentKey = readEnvVar(lines, plan.keyVar);
+  const currentUrl = readEnvVar(lines, plan.urlVar);
+
+  // Only write a URL var when it differs from the public default (the SDK
+  // already defaults to production). But if a STALE url var exists and differs
+  // from what we published against, we must offer to fix it — that is exactly
+  // the localhost-vs-production mismatch that hides the orb.
+  const wantUrl = apiUrl && apiUrl !== defaultApiUrl ? apiUrl : null;
+  const urlNeedsFix = currentUrl !== undefined && currentUrl !== apiUrl;
+
+  const keyMatches = currentKey === apiKey;
+  const urlOk = !urlNeedsFix && (wantUrl ? currentUrl === wantUrl : true);
+  if (keyMatches && urlOk) {
+    log(`✓ Your ${plan.file} already uses the same key/URL as the publication. Nothing to change.`);
+    return 'already aligned';
+  }
+
+  // Build the change description.
+  const changes = [];
+  if (!keyMatches) {
+    changes.push(
+      currentKey === undefined
+        ? `add ${plan.keyVar}=${maskKey(apiKey)}`
+        : `update ${plan.keyVar} (was ${maskKey(currentKey)}) → ${maskKey(apiKey)}`,
+    );
+  }
+  if (wantUrl && currentUrl !== wantUrl) {
+    changes.push(
+      currentUrl === undefined
+        ? `add ${plan.urlVar}=${wantUrl}`
+        : `update ${plan.urlVar} (was ${currentUrl}) → ${wantUrl}`,
+    );
+  } else if (urlNeedsFix && !wantUrl) {
+    // The app points somewhere (e.g. localhost) but we published against the
+    // public default; the var is misleading. Offer to align it explicitly.
+    changes.push(`update ${plan.urlVar} (was ${currentUrl}) → ${apiUrl}`);
+  }
+
+  if (!changes.length) {
+    log(`✓ Your ${plan.file} is already aligned.`);
+    return 'already aligned';
+  }
+
+  // Loud warning when we are about to CHANGE an existing, different value.
+  const isOverwrite = (currentKey !== undefined && !keyMatches) || urlNeedsFix;
+  log(
+    `${isOverwrite ? '⚠︎ ' : ''}For the orb to find its manifest, your app should use the SAME ` +
+      `key/URL you just published with. Proposed in ${plan.file}: ${changes.join('; ')}.`,
+  );
+
+  let proceed = assumeYes;
+  if (!proceed) {
+    proceed = await askYesNo(
+      `◉ Fiodos · Write/update ${plan.file} with the published key/URL? [yes/no] `,
+    );
+  }
+  if (!proceed) {
+    log(`Left your ${plan.file} untouched. Do it by hand: ${changes.join('; ')}.`);
+    return 'declined by user';
+  }
+
+  let out = lines.slice();
+  if (!keyMatches) out = upsertEnvVar(out, plan.keyVar, apiKey);
+  if (wantUrl) {
+    out = upsertEnvVar(out, plan.urlVar, wantUrl);
+  } else if (urlNeedsFix) {
+    out = upsertEnvVar(out, plan.urlVar, apiUrl);
+  }
+  fs.writeFileSync(filePath, `${out.join('\n')}\n`);
+  log(`✓ ${plan.file} updated (${changes.join('; ')}).`);
+
+  if (!isGitIgnored(appRoot, plan.file)) {
+    log(`Reminder: add ${plan.file} to .gitignore so you don't commit your API key.`);
+  }
+  return 'written';
+}
+
+module.exports = { offerWriteEnv, resolveEnvPlan };