@fixprompt/cli 0.2.0 → 0.3.0

package/dist/cli.js

@@ -91,7 +91,14 @@ import { readFileSync, readdirSync, statSync } from "fs";
 import { join } from "path";
 import { spawnSync } from "child_process";
 var DEFAULT_ENDPOINT = "https://geosloghub-production.up.railway.app";
-var TOKEN_ENV_VAR_NAME = "FIXPROMPT_DEPLOY_TOKEN";
+var ENV_VAR_BY_SCOPE = {
+  deploy: "FIXPROMPT_DEPLOY_TOKEN",
+  read: "FIXPROMPT_READ_TOKEN"
+};
+var ENDPOINT_BY_SCOPE = {
+  deploy: "deploy-tokens",
+  read: "read-tokens"
+};
 function fileExists(p) {
   try {
     return statSync(p).isFile();
@@ -123,8 +130,9 @@ function detectProvider(cwd) {
   }
   return null;
 }
-async function mintDeployToken(opts) {
-  const url = `${opts.endpoint.replace(/\/$/, "")}/admin/projects/${opts.projectId}/deploy-tokens`;
+async function mintToken(opts) {
+  const path = ENDPOINT_BY_SCOPE[opts.scope];
+  const url = `${opts.endpoint.replace(/\/$/, "")}/admin/projects/${opts.projectId}/${path}`;
   const res = await fetch(url, {
     method: "POST",
     headers: {
@@ -135,28 +143,30 @@ async function mintDeployToken(opts) {
   });
   const text = await res.text();
   if (!res.ok) {
-    throw new Error(`broker /admin/projects/${opts.projectId}/deploy-tokens responded ${res.status}: ${text.slice(0, 200)}`);
+    throw new Error(
+      `broker /admin/projects/${opts.projectId}/${path} responded ${res.status}: ${text.slice(0, 200)}`
+    );
   }
   return JSON.parse(text);
 }
-function writeEas(token, env) {
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to EAS env '${env}'\u2026`);
+function writeEas(envVar, token, env, force) {
+  console.log(`  \xB7 writing ${envVar} to EAS env '${env}'\u2026`);
   const useShell = process.platform === "win32";
   const args = [
     "eas-cli",
     "env:create",
     env,
     "--name",
-    TOKEN_ENV_VAR_NAME,
+    envVar,
     "--value",
     token,
     "--type",
-    "plain",
+    "string",
     "--visibility",
     "plaintext",
     "--non-interactive"
   ];
+  if (force) args.push("--force");
   const r = spawnSync("npx", useShell ? args.map((a) => `"${a.replace(/"/g, '\\"')}"`) : args, {
     stdio: "inherit",
     shell: useShell
@@ -166,15 +176,14 @@ function writeEas(token, env) {
       `eas env:create exited ${r.status}. Common causes:
   \u2022 Not logged in to EAS \u2014 run 'eas login'
   \u2022 Wrong env name \u2014 pass --eas-env <production|preview|development>
-  \u2022 Variable already exists with a different value \u2014 delete it first or use the rotate flow.`
+  \u2022 Variable already exists \u2014 re-run with --force to overwrite.`
     );
   }
 }
-function writeGitHubActions(token, cwd) {
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to GitHub Actions repo secrets\u2026`);
+function writeGitHubActions(envVar, token, cwd) {
+  console.log(`  \xB7 writing ${envVar} to GitHub Actions repo secrets\u2026`);
   const useShell = process.platform === "win32";
-  const args = ["secret", "set", TOKEN_ENV_VAR_NAME, "--body", "-"];
+  const args = ["secret", "set", envVar, "--body", "-"];
   const r = spawnSync("gh", useShell ? args.map((a) => `"${a.replace(/"/g, '\\"')}"`) : args, {
     input: token,
     cwd,
@@ -189,7 +198,7 @@ function writeGitHubActions(token, cwd) {
     );
   }
 }
-async function writeVercel(token, target) {
+async function writeVercel(envVar, token, target) {
   const vt = process.env.VERCEL_TOKEN;
   if (!vt) {
     throw new Error(
@@ -215,8 +224,7 @@ directory or pass --vercel-project-id <prj_\u2026>.`
     }
   }
   const targets = target.vercelTargets ?? ["production", "preview"];
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to Vercel project ${projectId} (${targets.join(", ")})\u2026`);
+  console.log(`  \xB7 writing ${envVar} to Vercel project ${projectId} (${targets.join(", ")})\u2026`);
   const res = await fetch(`https://api.vercel.com/v10/projects/${projectId}/env`, {
     method: "POST",
     headers: {
@@ -224,7 +232,7 @@ directory or pass --vercel-project-id <prj_\u2026>.`
       "Content-Type": "application/json"
     },
     body: JSON.stringify({
-      key: TOKEN_ENV_VAR_NAME,
+      key: envVar,
       value: token,
       type: "plain",
       target: targets
@@ -235,15 +243,26 @@ directory or pass --vercel-project-id <prj_\u2026>.`
     throw new Error(`Vercel /env responded ${res.status}: ${text.slice(0, 200)}`);
   }
 }
+function writeToProvider(envVar, token, provider, target, force, cwd) {
+  switch (provider) {
+    case "eas":
+      writeEas(envVar, token, target.easEnv, force);
+      return;
+    case "github-actions":
+      writeGitHubActions(envVar, token, cwd);
+      return;
+    case "vercel":
+      return writeVercel(envVar, token, target);
+  }
+}
 async function connect(args) {
   const cwd = process.cwd();
-  const projectId = args.flags["project-id"] ?? process.env.FIXPROMPT_PROJECT_ID;
-  if (!projectId) {
-    console.error(
-      "Missing --project-id (or $FIXPROMPT_PROJECT_ID).\n  Find it in the FixPrompt dashboard URL after picking your project."
-    );
+  const scopeRaw = (args.flags.scope ?? "deploy").toLowerCase();
+  if (scopeRaw !== "deploy" && scopeRaw !== "read" && scopeRaw !== "both") {
+    console.error(`Invalid --scope '${scopeRaw}'. Allowed: deploy | read | both.`);
     process.exit(1);
   }
+  const scope = scopeRaw;
   const adminToken = args.flags["admin-token"] ?? process.env.FIXPROMPT_ADMIN_TOKEN ?? process.env.INTERNAL_ADMIN_TOKEN;
   if (!adminToken) {
     console.error(
@@ -252,6 +271,27 @@ async function connect(args) {
     process.exit(1);
   }
   const endpoint = (args.flags.endpoint ?? process.env.FIXPROMPT_ENDPOINT ?? DEFAULT_ENDPOINT).replace(/\/$/, "");
+  let projectId = args.flags["project-id"] ?? process.env.FIXPROMPT_PROJECT_ID ?? null;
+  const projectSlug = args.flags["project-slug"] ?? null;
+  if (!projectId && projectSlug) {
+    const res = await fetch(`${endpoint}/admin/projects/by-slug/${encodeURIComponent(projectSlug)}`, {
+      headers: { "x-internal-admin-token": adminToken }
+    });
+    const text = await res.text();
+    if (!res.ok) {
+      console.error(`Project lookup failed (${res.status}): ${text.slice(0, 200)}`);
+      process.exit(1);
+    }
+    const parsed = JSON.parse(text);
+    projectId = parsed.id;
+    console.log(`  resolved --project-slug=${projectSlug} \u2192 ${parsed.id} (${parsed.name})`);
+  }
+  if (!projectId) {
+    console.error(
+      "Need --project-id or --project-slug (or $FIXPROMPT_PROJECT_ID).\n  --project-slug is easiest: it matches the value you see in the dashboard."
+    );
+    process.exit(1);
+  }
   const explicit = args.flags.provider;
   const provider = explicit ?? detectProvider(cwd);
   if (!provider) {
@@ -268,50 +308,52 @@ async function connect(args) {
     vercelProjectId: args.flags["vercel-project-id"] ?? void 0,
     vercelTargets: typeof args.flags["vercel-targets"] === "string" ? args.flags["vercel-targets"].split(",").map((t) => t.trim()) : void 0
   };
-  const label = args.flags.label ?? `${provider}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19)}`;
+  const labelBase = args.flags.label ?? `${provider}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19)}`;
   console.log(`fixprompt connect`);
+  console.log(`  scope        : ${scope}`);
   console.log(`  provider     : ${provider}`);
   console.log(`  project_id   : ${projectId}`);
   console.log(`  endpoint     : ${endpoint}`);
-  console.log(`  label        : ${label}`);
+  console.log(`  label        : ${labelBase}`);
   if (provider === "eas") console.log(`  eas-env      : ${target.easEnv}`);
-  console.log(`
-\u2022 Minting deploy token via broker\u2026`);
-  const minted = await mintDeployToken({
-    endpoint,
-    adminToken,
-    projectId,
-    label
-  });
-  console.log(`  \u2713 token_id ${minted.token_id} (value hidden \u2014 written to CI store only)`);
-  switch (provider) {
-    case "eas":
-      writeEas(minted.token, target.easEnv);
-      break;
-    case "github-actions":
-      writeGitHubActions(minted.token, cwd);
-      break;
-    case "vercel":
-      await writeVercel(minted.token, target);
-      break;
+  const force = args.flags.force === true;
+  const scopes = scope === "both" ? ["deploy", "read"] : [scope];
+  const mintedTokens = [];
+  for (const s of scopes) {
+    const envVar = ENV_VAR_BY_SCOPE[s];
+    const label = scope === "both" ? `${labelBase}-${s}` : labelBase;
+    console.log(`
+\u2022 Minting ${s} token via broker\u2026`);
+    const minted = await mintToken({ endpoint, adminToken, projectId, label, scope: s });
+    console.log(`  \u2713 token_id ${minted.token_id}`);
+    await writeToProvider(envVar, minted.token, provider, target, force, cwd);
+    mintedTokens.push({ scope: s, token_id: minted.token_id, envVar });
   }
   console.log(`
-\u2713 ${TOKEN_ENV_VAR_NAME} is now set on ${provider}.`);
-  console.log(`  Next deploy can run with no shell paste:`);
-  if (provider === "eas") {
-    console.log(`    npm run release:ota --branch=production --message="..."`);
-  } else if (provider === "github-actions") {
-    console.log(`    Reference \${{ secrets.${TOKEN_ENV_VAR_NAME} }} in your workflow.`);
-  } else {
-    console.log(`    The token is in your Vercel project env for the next deploy.`);
+\u2713 ${mintedTokens.map((m) => m.envVar).join(" + ")} now set on ${provider}.`);
+  if (mintedTokens.some((m) => m.scope === "deploy")) {
+    if (provider === "eas") {
+      console.log(`  Next OTA: npm run release:ota --branch=production --message="..."`);
+    } else if (provider === "github-actions") {
+      console.log(`  Reference \${{ secrets.FIXPROMPT_DEPLOY_TOKEN }} in your workflow.`);
+    } else {
+      console.log(`  The deploy token is in your Vercel project env.`);
+    }
+  }
+  if (mintedTokens.some((m) => m.scope === "read")) {
+    console.log(`  Customer-side agents can now fetch logs via FIXPROMPT_READ_TOKEN \u2014`);
+    console.log(`  see the fixprompt-debug skill at fixloop-dashboard.vercel.app/claude-skill.md.`);
   }
   console.log(`
-  To revoke later: dashboard \u2192 Integrations \u2192 Deploy tokens \u2192 ${minted.token_id}.`);
+  Revoke any of these from the dashboard \u2192 Integrations.`);
+  for (const m of mintedTokens) {
+    console.log(`    ${m.scope}: ${m.token_id}`);
+  }
 }
 
 // src/version.ts
 var CLI_NAME = "@fixprompt/cli";
-var CLI_VERSION = "0.2.0";
+var CLI_VERSION = "0.3.0";
 
 // src/cli.ts
 var DEFAULT_ENDPOINT2 = "https://geosloghub-production.up.railway.app";
@@ -350,13 +392,21 @@ Usage:
   fixprompt help
 
 connect options:
-  --project-id <uuid>        FixPrompt project id (or $FIXPROMPT_PROJECT_ID)
+  --scope <s>                deploy | read | both (default: deploy)
+                             deploy \u2192 mints fpd_\u2026, writes FIXPROMPT_DEPLOY_TOKEN
+                             read   \u2192 mints fpr_\u2026, writes FIXPROMPT_READ_TOKEN
+                                       (lets a customer's coding agent fetch
+                                        production logs from FixLoop directly)
+                             both   \u2192 does both in one pass
+  --project-id <uuid>        FixLoop project id (or $FIXPROMPT_PROJECT_ID)
+  --project-slug <slug>      Look up project_id by slug (no UUID needed)
   --admin-token <fpa_\u2026>      Broker admin token (or $FIXPROMPT_ADMIN_TOKEN)
   --provider <name>          eas | vercel | github-actions (auto-detected from cwd)
   --eas-env <env>            EAS env to write to (default: production)
   --vercel-project-id <id>   Override Vercel project id (default: .vercel/project.json)
   --vercel-targets <list>    Comma-separated (default: production,preview)
   --label <text>             Token label (default: <provider>-<timestamp>)
+  --force                    Overwrite an existing env var value
 
 deploy-start auth (pick one):
   --deploy-token <fpd_...>  Deploy-only token from dashboard (recommended for CI)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fixprompt/cli",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "description": "FixPrompt CLI — annotate deployments and ship them to the broker so the dashboard knows what changed.",
   "license": "UNLICENSED",
   "repository": {