@fixprompt/cli 0.1.0 → 0.2.1

package/dist/cli.js

@@ -86,12 +86,251 @@ function detectContext() {
   return merged;
 }
 
+// src/connect.ts
+import { readFileSync, readdirSync, statSync } from "fs";
+import { join } from "path";
+import { spawnSync } from "child_process";
+var DEFAULT_ENDPOINT = "https://geosloghub-production.up.railway.app";
+var TOKEN_ENV_VAR_NAME = "FIXPROMPT_DEPLOY_TOKEN";
+function fileExists(p) {
+  try {
+    return statSync(p).isFile();
+  } catch {
+    return false;
+  }
+}
+function dirExists(p) {
+  try {
+    return statSync(p).isDirectory();
+  } catch {
+    return false;
+  }
+}
+function detectProvider(cwd) {
+  if (fileExists(join(cwd, "app.json")) || fileExists(join(cwd, "app.config.js")) || fileExists(join(cwd, "app.config.ts")) || fileExists(join(cwd, "eas.json"))) {
+    return "eas";
+  }
+  if (fileExists(join(cwd, "vercel.json")) || fileExists(join(cwd, ".vercel", "project.json"))) {
+    return "vercel";
+  }
+  const wfDir = join(cwd, ".github", "workflows");
+  if (dirExists(wfDir)) {
+    try {
+      const files = readdirSync(wfDir);
+      if (files.some((f) => /\.ya?ml$/i.test(f))) return "github-actions";
+    } catch {
+    }
+  }
+  return null;
+}
+async function mintDeployToken(opts) {
+  const url = `${opts.endpoint.replace(/\/$/, "")}/admin/projects/${opts.projectId}/deploy-tokens`;
+  const res = await fetch(url, {
+    method: "POST",
+    headers: {
+      "x-internal-admin-token": opts.adminToken,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({ label: opts.label })
+  });
+  const text = await res.text();
+  if (!res.ok) {
+    throw new Error(`broker /admin/projects/${opts.projectId}/deploy-tokens responded ${res.status}: ${text.slice(0, 200)}`);
+  }
+  return JSON.parse(text);
+}
+function writeEas(token, env, force) {
+  console.log(`
+\u2022 Writing ${TOKEN_ENV_VAR_NAME} to EAS env '${env}'\u2026`);
+  const useShell = process.platform === "win32";
+  const args = [
+    "eas-cli",
+    "env:create",
+    env,
+    "--name",
+    TOKEN_ENV_VAR_NAME,
+    "--value",
+    token,
+    "--type",
+    "string",
+    "--visibility",
+    "plaintext",
+    "--non-interactive"
+  ];
+  if (force) args.push("--force");
+  const r = spawnSync("npx", useShell ? args.map((a) => `"${a.replace(/"/g, '\\"')}"`) : args, {
+    stdio: "inherit",
+    shell: useShell
+  });
+  if (r.status !== 0) {
+    throw new Error(
+      `eas env:create exited ${r.status}. Common causes:
+  \u2022 Not logged in to EAS \u2014 run 'eas login'
+  \u2022 Wrong env name \u2014 pass --eas-env <production|preview|development>
+  \u2022 Variable already exists \u2014 re-run with --force to overwrite.`
+    );
+  }
+}
+function writeGitHubActions(token, cwd) {
+  console.log(`
+\u2022 Writing ${TOKEN_ENV_VAR_NAME} to GitHub Actions repo secrets\u2026`);
+  const useShell = process.platform === "win32";
+  const args = ["secret", "set", TOKEN_ENV_VAR_NAME, "--body", "-"];
+  const r = spawnSync("gh", useShell ? args.map((a) => `"${a.replace(/"/g, '\\"')}"`) : args, {
+    input: token,
+    cwd,
+    stdio: ["pipe", "inherit", "inherit"],
+    shell: useShell
+  });
+  if (r.status !== 0) {
+    throw new Error(
+      `gh secret set exited ${r.status}. Common causes:
+  \u2022 Not logged in to gh \u2014 run 'gh auth login'
+  \u2022 Wrong repo \u2014 run 'fixprompt connect' from the repo root, or set GH_REPO.`
+    );
+  }
+}
+async function writeVercel(token, target) {
+  const vt = process.env.VERCEL_TOKEN;
+  if (!vt) {
+    throw new Error(
+      `Vercel provider needs VERCEL_TOKEN env. Generate one at
+  https://vercel.com/account/tokens
+then re-run with that token exported.`
+    );
+  }
+  let projectId = target.vercelProjectId;
+  if (!projectId) {
+    const pj = join(process.cwd(), ".vercel", "project.json");
+    if (!fileExists(pj)) {
+      throw new Error(
+        `Could not resolve Vercel project id. Either run from a 'vercel link'-ed
+directory or pass --vercel-project-id <prj_\u2026>.`
+      );
+    }
+    try {
+      const parsed = JSON.parse(readFileSync(pj, "utf8"));
+      projectId = parsed.projectId;
+    } catch (e) {
+      throw new Error(`failed to read .vercel/project.json: ${e.message}`);
+    }
+  }
+  const targets = target.vercelTargets ?? ["production", "preview"];
+  console.log(`
+\u2022 Writing ${TOKEN_ENV_VAR_NAME} to Vercel project ${projectId} (${targets.join(", ")})\u2026`);
+  const res = await fetch(`https://api.vercel.com/v10/projects/${projectId}/env`, {
+    method: "POST",
+    headers: {
+      Authorization: `Bearer ${vt}`,
+      "Content-Type": "application/json"
+    },
+    body: JSON.stringify({
+      key: TOKEN_ENV_VAR_NAME,
+      value: token,
+      type: "plain",
+      target: targets
+    })
+  });
+  const text = await res.text();
+  if (!res.ok) {
+    throw new Error(`Vercel /env responded ${res.status}: ${text.slice(0, 200)}`);
+  }
+}
+async function connect(args) {
+  const cwd = process.cwd();
+  const adminToken = args.flags["admin-token"] ?? process.env.FIXPROMPT_ADMIN_TOKEN ?? process.env.INTERNAL_ADMIN_TOKEN;
+  if (!adminToken) {
+    console.error(
+      "Missing --admin-token (or $FIXPROMPT_ADMIN_TOKEN / $INTERNAL_ADMIN_TOKEN).\n  Per-user device-code auth lands in a later release; for now this is the\n  broker-wide admin token (single-tenant). Treat it as a root secret."
+    );
+    process.exit(1);
+  }
+  const endpoint = (args.flags.endpoint ?? process.env.FIXPROMPT_ENDPOINT ?? DEFAULT_ENDPOINT).replace(/\/$/, "");
+  let projectId = args.flags["project-id"] ?? process.env.FIXPROMPT_PROJECT_ID ?? null;
+  const projectSlug = args.flags["project-slug"] ?? null;
+  if (!projectId && projectSlug) {
+    const res = await fetch(`${endpoint}/admin/projects/by-slug/${encodeURIComponent(projectSlug)}`, {
+      headers: { "x-internal-admin-token": adminToken }
+    });
+    const text = await res.text();
+    if (!res.ok) {
+      console.error(`Project lookup failed (${res.status}): ${text.slice(0, 200)}`);
+      process.exit(1);
+    }
+    const parsed = JSON.parse(text);
+    projectId = parsed.id;
+    console.log(`  resolved --project-slug=${projectSlug} \u2192 ${parsed.id} (${parsed.name})`);
+  }
+  if (!projectId) {
+    console.error(
+      "Need --project-id or --project-slug (or $FIXPROMPT_PROJECT_ID).\n  --project-slug is easiest: it matches the value you see in the dashboard."
+    );
+    process.exit(1);
+  }
+  const explicit = args.flags.provider;
+  const provider = explicit ?? detectProvider(cwd);
+  if (!provider) {
+    console.error(
+      `Couldn't detect a provider from ${cwd}. Pass --provider <eas|vercel|github-actions>.
+  Detection looks for: app.json/eas.json (EAS), .vercel/project.json (Vercel),
+  .github/workflows/*.yml (GitHub Actions).`
+    );
+    process.exit(1);
+  }
+  const target = {
+    provider,
+    easEnv: args.flags["eas-env"] ?? "production",
+    vercelProjectId: args.flags["vercel-project-id"] ?? void 0,
+    vercelTargets: typeof args.flags["vercel-targets"] === "string" ? args.flags["vercel-targets"].split(",").map((t) => t.trim()) : void 0
+  };
+  const label = args.flags.label ?? `${provider}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19)}`;
+  console.log(`fixprompt connect`);
+  console.log(`  provider     : ${provider}`);
+  console.log(`  project_id   : ${projectId}`);
+  console.log(`  endpoint     : ${endpoint}`);
+  console.log(`  label        : ${label}`);
+  if (provider === "eas") console.log(`  eas-env      : ${target.easEnv}`);
+  console.log(`
+\u2022 Minting deploy token via broker\u2026`);
+  const minted = await mintDeployToken({
+    endpoint,
+    adminToken,
+    projectId,
+    label
+  });
+  console.log(`  \u2713 token_id ${minted.token_id} (value hidden \u2014 written to CI store only)`);
+  const force = args.flags.force === true;
+  switch (provider) {
+    case "eas":
+      writeEas(minted.token, target.easEnv, force);
+      break;
+    case "github-actions":
+      writeGitHubActions(minted.token, cwd);
+      break;
+    case "vercel":
+      await writeVercel(minted.token, target);
+      break;
+  }
+  console.log(`
+\u2713 ${TOKEN_ENV_VAR_NAME} is now set on ${provider}.`);
+  console.log(`  Next deploy can run with no shell paste:`);
+  if (provider === "eas") {
+    console.log(`    npm run release:ota --branch=production --message="..."`);
+  } else if (provider === "github-actions") {
+    console.log(`    Reference \${{ secrets.${TOKEN_ENV_VAR_NAME} }} in your workflow.`);
+  } else {
+    console.log(`    The token is in your Vercel project env for the next deploy.`);
+  }
+  console.log(`
+  To revoke later: dashboard \u2192 Integrations \u2192 Deploy tokens \u2192 ${minted.token_id}.`);
+}
+
 // src/version.ts
 var CLI_NAME = "@fixprompt/cli";
-var CLI_VERSION = "0.1.0";
+var CLI_VERSION = "0.2.1";
 
 // src/cli.ts
-var DEFAULT_ENDPOINT = "https://geosloghub-production.up.railway.app";
+var DEFAULT_ENDPOINT2 = "https://geosloghub-production.up.railway.app";
 function parseArgs(argv) {
   const flags = {};
   const positional = [];
@@ -122,9 +361,21 @@ function helpText() {
   return `${CLI_NAME} v${CLI_VERSION}
 
 Usage:
+  fixprompt connect [options]
   fixprompt deploy-start [options]
   fixprompt help
 
+connect options:
+  --project-id <uuid>        FixPrompt project id (or $FIXPROMPT_PROJECT_ID)
+  --admin-token <fpa_\u2026>      Broker admin token (or $FIXPROMPT_ADMIN_TOKEN)
+  --provider <name>          eas | vercel | github-actions (auto-detected from cwd)
+  --eas-env <env>            EAS env to write to (default: production)
+  --vercel-project-id <id>   Override Vercel project id (default: .vercel/project.json)
+  --vercel-targets <list>    Comma-separated (default: production,preview)
+  --label <text>             Token label (default: <provider>-<timestamp>)
+  --force                    Overwrite an existing FIXPROMPT_DEPLOY_TOKEN value
+  --project-slug <slug>      Look up project_id by slug (no UUID needed)
+
 deploy-start auth (pick one):
   --deploy-token <fpd_...>  Deploy-only token from dashboard (recommended for CI)
                             (or $FIXPROMPT_DEPLOY_TOKEN env)
@@ -134,7 +385,7 @@ deploy-start auth (pick one):
 deploy-start options:
   --source <slug>     LOGHUB_SOURCE (required only with --key; optional with --deploy-token)
                       (default: $LOGHUB_SOURCE or $FIXPROMPT_SOURCE env)
-  --endpoint <url>    Broker URL (default: $FIXPROMPT_ENDPOINT or ${DEFAULT_ENDPOINT})
+  --endpoint <url>    Broker URL (default: $FIXPROMPT_ENDPOINT or ${DEFAULT_ENDPOINT2})
   --status <state>    in_progress | success | failed (default: in_progress)
   --commit-sha <sha>  Override auto-detected commit
   --branch <name>     Override auto-detected branch
@@ -161,7 +412,7 @@ function readKey(flags) {
   return v || null;
 }
 function readEndpoint(flags) {
-  const v = flags.endpoint ?? process.env.FIXPROMPT_ENDPOINT ?? DEFAULT_ENDPOINT;
+  const v = flags.endpoint ?? process.env.FIXPROMPT_ENDPOINT ?? DEFAULT_ENDPOINT2;
   return v.replace(/\/$/, "");
 }
 async function deployStart(args) {
@@ -231,6 +482,9 @@ async function deployStart(args) {
 async function main() {
   const args = parseArgs(process.argv.slice(2));
   switch (args.command) {
+    case "connect":
+      await connect(args);
+      break;
     case "deploy-start":
       await deployStart(args);
       break;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fixprompt/cli",
-  "version": "0.1.0",
+  "version": "0.2.1",
   "description": "FixPrompt CLI — annotate deployments and ship them to the broker so the dashboard knows what changed.",
   "license": "UNLICENSED",
   "repository": {