@fixprompt/cli 0.2.1 → 0.4.0

package/dist/cli.js

@@ -87,11 +87,18 @@ function detectContext() {
 }
 
 // src/connect.ts
-import { readFileSync, readdirSync, statSync } from "fs";
+import { appendFileSync, existsSync, readFileSync, readdirSync, statSync, writeFileSync } from "fs";
 import { join } from "path";
 import { spawnSync } from "child_process";
 var DEFAULT_ENDPOINT = "https://geosloghub-production.up.railway.app";
-var TOKEN_ENV_VAR_NAME = "FIXPROMPT_DEPLOY_TOKEN";
+var ENV_VAR_BY_SCOPE = {
+  deploy: "FIXPROMPT_DEPLOY_TOKEN",
+  read: "FIXPROMPT_READ_TOKEN"
+};
+var ENDPOINT_BY_SCOPE = {
+  deploy: "deploy-tokens",
+  read: "read-tokens"
+};
 function fileExists(p) {
   try {
     return statSync(p).isFile();
@@ -123,8 +130,9 @@ function detectProvider(cwd) {
   }
   return null;
 }
-async function mintDeployToken(opts) {
-  const url = `${opts.endpoint.replace(/\/$/, "")}/admin/projects/${opts.projectId}/deploy-tokens`;
+async function mintToken(opts) {
+  const path = ENDPOINT_BY_SCOPE[opts.scope];
+  const url = `${opts.endpoint.replace(/\/$/, "")}/admin/projects/${opts.projectId}/${path}`;
   const res = await fetch(url, {
     method: "POST",
     headers: {
@@ -135,20 +143,21 @@ async function mintDeployToken(opts) {
   });
   const text = await res.text();
   if (!res.ok) {
-    throw new Error(`broker /admin/projects/${opts.projectId}/deploy-tokens responded ${res.status}: ${text.slice(0, 200)}`);
+    throw new Error(
+      `broker /admin/projects/${opts.projectId}/${path} responded ${res.status}: ${text.slice(0, 200)}`
+    );
   }
   return JSON.parse(text);
 }
-function writeEas(token, env, force) {
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to EAS env '${env}'\u2026`);
+function writeEas(envVar, token, env, force) {
+  console.log(`  \xB7 writing ${envVar} to EAS env '${env}'\u2026`);
   const useShell = process.platform === "win32";
   const args = [
     "eas-cli",
     "env:create",
     env,
     "--name",
-    TOKEN_ENV_VAR_NAME,
+    envVar,
     "--value",
     token,
     "--type",
@@ -171,11 +180,10 @@ function writeEas(token, env, force) {
     );
   }
 }
-function writeGitHubActions(token, cwd) {
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to GitHub Actions repo secrets\u2026`);
+function writeGitHubActions(envVar, token, cwd) {
+  console.log(`  \xB7 writing ${envVar} to GitHub Actions repo secrets\u2026`);
   const useShell = process.platform === "win32";
-  const args = ["secret", "set", TOKEN_ENV_VAR_NAME, "--body", "-"];
+  const args = ["secret", "set", envVar, "--body", "-"];
   const r = spawnSync("gh", useShell ? args.map((a) => `"${a.replace(/"/g, '\\"')}"`) : args, {
     input: token,
     cwd,
@@ -190,7 +198,7 @@ function writeGitHubActions(token, cwd) {
     );
   }
 }
-async function writeVercel(token, target) {
+async function writeVercel(envVar, token, target) {
   const vt = process.env.VERCEL_TOKEN;
   if (!vt) {
     throw new Error(
@@ -216,8 +224,7 @@ directory or pass --vercel-project-id <prj_\u2026>.`
     }
   }
   const targets = target.vercelTargets ?? ["production", "preview"];
-  console.log(`
-\u2022 Writing ${TOKEN_ENV_VAR_NAME} to Vercel project ${projectId} (${targets.join(", ")})\u2026`);
+  console.log(`  \xB7 writing ${envVar} to Vercel project ${projectId} (${targets.join(", ")})\u2026`);
   const res = await fetch(`https://api.vercel.com/v10/projects/${projectId}/env`, {
     method: "POST",
     headers: {
@@ -225,7 +232,7 @@ directory or pass --vercel-project-id <prj_\u2026>.`
       "Content-Type": "application/json"
     },
     body: JSON.stringify({
-      key: TOKEN_ENV_VAR_NAME,
+      key: envVar,
       value: token,
       type: "plain",
       target: targets
@@ -236,8 +243,100 @@ directory or pass --vercel-project-id <prj_\u2026>.`
     throw new Error(`Vercel /env responded ${res.status}: ${text.slice(0, 200)}`);
   }
 }
+function writeToProvider(envVar, token, provider, target, force, cwd) {
+  switch (provider) {
+    case "eas":
+      writeEas(envVar, token, target.easEnv, force);
+      return;
+    case "github-actions":
+      writeGitHubActions(envVar, token, cwd);
+      return;
+    case "vercel":
+      return writeVercel(envVar, token, target);
+  }
+}
+function ensureGitignoreHas(cwd, pattern) {
+  const gi = join(cwd, ".gitignore");
+  let s = "";
+  try {
+    s = readFileSync(gi, "utf8");
+  } catch {
+  }
+  const lines = s.split(/\r?\n/);
+  if (lines.some((l) => l.trim() === pattern)) return false;
+  const sep = s.length === 0 || s.endsWith("\n") ? "" : "\n";
+  writeFileSync(gi, s + sep + "\n# FixLoop\n" + pattern + "\n");
+  return true;
+}
+function appendEnvLocal(cwd, token, projectId, projectSlug, endpoint) {
+  const envPath = join(cwd, ".env.local");
+  const lines = [
+    "",
+    "# FixLoop \u2014 read token for the local coding agent. Gitignored.",
+    `# Generated ${(/* @__PURE__ */ new Date()).toISOString()}`,
+    `# Manage / revoke: https://fixloop-dashboard.vercel.app/integrations/${projectId}`,
+    `FIXPROMPT_PROJECT_ID=${projectId}`
+  ];
+  if (projectSlug) lines.push(`FIXPROMPT_PROJECT_SLUG=${projectSlug}`);
+  lines.push(`FIXPROMPT_READ_TOKEN=${token}`);
+  lines.push(`FIXPROMPT_BROKER_URL=${endpoint}`);
+  lines.push("");
+  const block = lines.join("\n");
+  if (existsSync(envPath)) {
+    appendFileSync(envPath, block);
+  } else {
+    writeFileSync(envPath, block.replace(/^\n/, ""));
+  }
+}
+function appendClaudeMdGuidance(cwd, projectId, projectSlug) {
+  const claudePath = join(cwd, "CLAUDE.md");
+  const section = [
+    "",
+    "## FixLoop \u2014 production error logs (auto-fetch on bug reports)",
+    "",
+    'This project ships errors to FixLoop. When the user reports a bug, crash, error, "X is broken", or pastes an error stack:',
+    "",
+    "1. Read the FixLoop env vars from `.env.local` (gitignored \u2014 never commit).",
+    "2. `curl` the broker for recent error lines.",
+    "3. Parse the response `entries[]` \u2014 each has `ts`, `level`, `message`, optional `attrs` + `stack`. Match against the user's symptom.",
+    "4. Propose a fix grounded in what the logs show. **Do not ask the user to paste log lines \u2014 fetch them yourself.**",
+    "",
+    "### Fetch logs",
+    "",
+    "```sh",
+    'curl -sH "x-fixprompt-read-token: $FIXPROMPT_READ_TOKEN" \\',
+    '  "$FIXPROMPT_BROKER_URL/projects/$FIXPROMPT_PROJECT_ID/logs?since=24h&level=error,warn,fatal&limit=200"',
+    "```",
+    "",
+    "Query params: `since` (15m..7d), `level` (csv: debug,info,warn,error,fatal), `q` (substring), `limit` (1..500).",
+    "",
+    projectSlug ? `**Project**: \`${projectSlug}\`.` : "",
+    `Manage / revoke: https://fixloop-dashboard.vercel.app/integrations/${projectId}`,
+    ""
+  ].filter(Boolean).join("\n");
+  if (existsSync(claudePath)) {
+    const existing = readFileSync(claudePath, "utf8");
+    if (existing.includes("## FixLoop \u2014")) return;
+    appendFileSync(claudePath, section);
+  } else {
+    writeFileSync(claudePath, "# Project\n" + section);
+  }
+}
+function writeLocalDiscovery(opts) {
+  console.log(`  \xB7 writing .env.local + CLAUDE.md guidance to ${opts.cwd}\u2026`);
+  const giChanged = ensureGitignoreHas(opts.cwd, ".env.local");
+  if (giChanged) console.log("    + appended .env.local to .gitignore");
+  appendEnvLocal(opts.cwd, opts.token, opts.projectId, opts.projectSlug, opts.endpoint);
+  appendClaudeMdGuidance(opts.cwd, opts.projectId, opts.projectSlug);
+}
 async function connect(args) {
   const cwd = process.cwd();
+  const scopeRaw = (args.flags.scope ?? "deploy").toLowerCase();
+  if (scopeRaw !== "deploy" && scopeRaw !== "read" && scopeRaw !== "both") {
+    console.error(`Invalid --scope '${scopeRaw}'. Allowed: deploy | read | both.`);
+    process.exit(1);
+  }
+  const scope = scopeRaw;
   const adminToken = args.flags["admin-token"] ?? process.env.FIXPROMPT_ADMIN_TOKEN ?? process.env.INTERNAL_ADMIN_TOKEN;
   if (!adminToken) {
     console.error(
@@ -247,7 +346,7 @@ async function connect(args) {
   }
   const endpoint = (args.flags.endpoint ?? process.env.FIXPROMPT_ENDPOINT ?? DEFAULT_ENDPOINT).replace(/\/$/, "");
   let projectId = args.flags["project-id"] ?? process.env.FIXPROMPT_PROJECT_ID ?? null;
-  const projectSlug = args.flags["project-slug"] ?? null;
+  let projectSlug = args.flags["project-slug"] ?? null;
   if (!projectId && projectSlug) {
     const res = await fetch(`${endpoint}/admin/projects/by-slug/${encodeURIComponent(projectSlug)}`, {
       headers: { "x-internal-admin-token": adminToken }
@@ -259,6 +358,7 @@ async function connect(args) {
     }
     const parsed = JSON.parse(text);
     projectId = parsed.id;
+    projectSlug = parsed.slug;
     console.log(`  resolved --project-slug=${projectSlug} \u2192 ${parsed.id} (${parsed.name})`);
   }
   if (!projectId) {
@@ -268,8 +368,9 @@ async function connect(args) {
     process.exit(1);
   }
   const explicit = args.flags.provider;
-  const provider = explicit ?? detectProvider(cwd);
-  if (!provider) {
+  const detectedProvider = explicit ?? detectProvider(cwd);
+  const scopeNeedsProvider = scope !== "read";
+  if (scopeNeedsProvider && !detectedProvider) {
     console.error(
       `Couldn't detect a provider from ${cwd}. Pass --provider <eas|vercel|github-actions>.
   Detection looks for: app.json/eas.json (EAS), .vercel/project.json (Vercel),
@@ -277,57 +378,73 @@ async function connect(args) {
     );
     process.exit(1);
   }
+  const provider = detectedProvider;
   const target = {
-    provider,
+    provider: provider ?? "eas",
+    // unused when provider is null; placeholder
     easEnv: args.flags["eas-env"] ?? "production",
     vercelProjectId: args.flags["vercel-project-id"] ?? void 0,
     vercelTargets: typeof args.flags["vercel-targets"] === "string" ? args.flags["vercel-targets"].split(",").map((t) => t.trim()) : void 0
   };
-  const label = args.flags.label ?? `${provider}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19)}`;
+  const labelBase = args.flags.label ?? `${provider}-${(/* @__PURE__ */ new Date()).toISOString().replace(/[:.]/g, "-").slice(0, 19)}`;
   console.log(`fixprompt connect`);
-  console.log(`  provider     : ${provider}`);
+  console.log(`  scope        : ${scope}`);
+  console.log(`  provider     : ${provider ?? "(none \u2014 read-only, writing local files)"}`);
   console.log(`  project_id   : ${projectId}`);
   console.log(`  endpoint     : ${endpoint}`);
-  console.log(`  label        : ${label}`);
+  console.log(`  label        : ${labelBase}`);
   if (provider === "eas") console.log(`  eas-env      : ${target.easEnv}`);
-  console.log(`
-\u2022 Minting deploy token via broker\u2026`);
-  const minted = await mintDeployToken({
-    endpoint,
-    adminToken,
-    projectId,
-    label
-  });
-  console.log(`  \u2713 token_id ${minted.token_id} (value hidden \u2014 written to CI store only)`);
   const force = args.flags.force === true;
-  switch (provider) {
-    case "eas":
-      writeEas(minted.token, target.easEnv, force);
-      break;
-    case "github-actions":
-      writeGitHubActions(minted.token, cwd);
-      break;
-    case "vercel":
-      await writeVercel(minted.token, target);
-      break;
+  const scopes = scope === "both" ? ["deploy", "read"] : [scope];
+  const mintedTokens = [];
+  for (const s of scopes) {
+    const envVar = ENV_VAR_BY_SCOPE[s];
+    const label = scope === "both" ? `${labelBase}-${s}` : labelBase;
+    console.log(`
+\u2022 Minting ${s} token via broker\u2026`);
+    const minted = await mintToken({ endpoint, adminToken, projectId, label, scope: s });
+    console.log(`  \u2713 token_id ${minted.token_id}`);
+    if (s === "read") {
+      writeLocalDiscovery({
+        cwd,
+        token: minted.token,
+        projectId,
+        projectSlug,
+        endpoint
+      });
+    } else if (provider) {
+      await writeToProvider(envVar, minted.token, provider, target, force, cwd);
+    }
+    mintedTokens.push({ scope: s, token_id: minted.token_id, envVar });
   }
-  console.log(`
-\u2713 ${TOKEN_ENV_VAR_NAME} is now set on ${provider}.`);
-  console.log(`  Next deploy can run with no shell paste:`);
-  if (provider === "eas") {
-    console.log(`    npm run release:ota --branch=production --message="..."`);
-  } else if (provider === "github-actions") {
-    console.log(`    Reference \${{ secrets.${TOKEN_ENV_VAR_NAME} }} in your workflow.`);
-  } else {
-    console.log(`    The token is in your Vercel project env for the next deploy.`);
+  const readMinted = mintedTokens.some((m) => m.scope === "read");
+  const deployMinted = mintedTokens.some((m) => m.scope === "deploy");
+  console.log("");
+  if (deployMinted && provider) {
+    console.log(`\u2713 FIXPROMPT_DEPLOY_TOKEN set on ${provider}.`);
+    if (provider === "eas") {
+      console.log(`  Next OTA: npm run release:ota --branch=production --message="..."`);
+    } else if (provider === "github-actions") {
+      console.log(`  Reference \${{ secrets.FIXPROMPT_DEPLOY_TOKEN }} in your workflow.`);
+    } else {
+      console.log(`  The deploy token is in your Vercel project env.`);
+    }
+  }
+  if (readMinted) {
+    console.log(`\u2713 FIXPROMPT_READ_TOKEN written to .env.local; CLAUDE.md updated.`);
+    console.log(`  Coding agents (Claude Code / Cursor / Copilot) opening this repo will see`);
+    console.log(`  the FixLoop section in CLAUDE.md and know to fetch logs on bug reports.`);
   }
   console.log(`
-  To revoke later: dashboard \u2192 Integrations \u2192 Deploy tokens \u2192 ${minted.token_id}.`);
+  Revoke any of these from the dashboard \u2192 Integrations.`);
+  for (const m of mintedTokens) {
+    console.log(`    ${m.scope}: ${m.token_id}`);
+  }
 }
 
 // src/version.ts
 var CLI_NAME = "@fixprompt/cli";
-var CLI_VERSION = "0.2.1";
+var CLI_VERSION = "0.4.0";
 
 // src/cli.ts
 var DEFAULT_ENDPOINT2 = "https://geosloghub-production.up.railway.app";
@@ -366,15 +483,21 @@ Usage:
   fixprompt help
 
 connect options:
-  --project-id <uuid>        FixPrompt project id (or $FIXPROMPT_PROJECT_ID)
+  --scope <s>                deploy | read | both (default: deploy)
+                             deploy \u2192 mints fpd_\u2026, writes FIXPROMPT_DEPLOY_TOKEN
+                             read   \u2192 mints fpr_\u2026, writes FIXPROMPT_READ_TOKEN
+                                       (lets a customer's coding agent fetch
+                                        production logs from FixLoop directly)
+                             both   \u2192 does both in one pass
+  --project-id <uuid>        FixLoop project id (or $FIXPROMPT_PROJECT_ID)
+  --project-slug <slug>      Look up project_id by slug (no UUID needed)
   --admin-token <fpa_\u2026>      Broker admin token (or $FIXPROMPT_ADMIN_TOKEN)
   --provider <name>          eas | vercel | github-actions (auto-detected from cwd)
   --eas-env <env>            EAS env to write to (default: production)
   --vercel-project-id <id>   Override Vercel project id (default: .vercel/project.json)
   --vercel-targets <list>    Comma-separated (default: production,preview)
   --label <text>             Token label (default: <provider>-<timestamp>)
-  --force                    Overwrite an existing FIXPROMPT_DEPLOY_TOKEN value
-  --project-slug <slug>      Look up project_id by slug (no UUID needed)
+  --force                    Overwrite an existing env var value
 
 deploy-start auth (pick one):
   --deploy-token <fpd_...>  Deploy-only token from dashboard (recommended for CI)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fixprompt/cli",
-  "version": "0.2.1",
+  "version": "0.4.0",
   "description": "FixPrompt CLI — annotate deployments and ship them to the broker so the dashboard knows what changed.",
   "license": "UNLICENSED",
   "repository": {