@forcefield/mcp-server 0.1.0

package/build/setup/index.js

@@ -0,0 +1,1044 @@
+#!/usr/bin/env node
+
+// setup/wizard.ts
+import * as p from "@clack/prompts";
+import pc from "picocolors";
+import figlet from "figlet";
+import gradient from "gradient-string";
+import { readFile as readFile5, writeFile as writeFile5, access as access3 } from "fs/promises";
+import { join as join7, dirname as dirname2 } from "path";
+import { fileURLToPath as fileURLToPath2 } from "url";
+
+// setup/ide-detect.ts
+import { access } from "fs/promises";
+import { join } from "path";
+var IDE_MARKERS = [
+  { ide: "claude-code", marker: ".claude", isDir: true },
+  { ide: "cursor", marker: ".cursor", isDir: true },
+  { ide: "codex", marker: "AGENTS.md", isDir: false },
+  { ide: "windsurf", marker: ".windsurfrules", isDir: false }
+];
+async function detectIde(projectDir) {
+  const found = [];
+  for (const { ide, marker } of IDE_MARKERS) {
+    const markerPath = join(projectDir, marker);
+    try {
+      await access(markerPath);
+      found.push({ ide, marker });
+    } catch {
+    }
+  }
+  return {
+    detected: found.length === 1 ? found[0].ide : null,
+    markers: found
+  };
+}
+
+// setup/ide-adapters/claude-code.ts
+import { mkdir, readdir, copyFile, rm, readFile, writeFile } from "fs/promises";
+import { join as join3 } from "path";
+
+// setup/ide-adapters/mcp-runtime.ts
+import { access as access2 } from "fs/promises";
+import { dirname, join as join2 } from "path";
+import { fileURLToPath } from "url";
+var __dirname = dirname(fileURLToPath(import.meta.url));
+var LOCAL_ENTRY_CANDIDATES = [
+  join2(__dirname, "..", "..", "build", "index.js"),
+  join2(__dirname, "..", "..", "index.js")
+];
+var FORWARDED_ENV_KEYS = [
+  "SUPABASE_URL",
+  "SUPABASE_ANON_KEY",
+  "FORCEFIELD_LOCAL_DEV",
+  "FORCEFIELD_DISABLE_GATING",
+  "FORCEFIELD_LOCAL_DATA_FALLBACK"
+];
+function isTruthy(value) {
+  if (!value) return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on";
+}
+async function resolveLocalEntry() {
+  for (const candidate of LOCAL_ENTRY_CANDIDATES) {
+    try {
+      await access2(candidate);
+      return candidate;
+    } catch {
+    }
+  }
+  return null;
+}
+async function getMcpLaunchConfig() {
+  if (isTruthy(process.env.FORCEFIELD_LOCAL_DEV) || isTruthy(process.env.FORCEFIELD_SETUP_USE_LOCAL_BUILD)) {
+    const localEntry = await resolveLocalEntry();
+    if (localEntry) {
+      return {
+        command: process.execPath,
+        args: [localEntry]
+      };
+    }
+  }
+  return {
+    command: "npx",
+    args: ["-y", "@forcefield/mcp-server", "forcefield-mcp"]
+  };
+}
+function buildMcpEnv(apiKey) {
+  const env = {
+    FORCEFIELD_API_KEY: apiKey
+  };
+  for (const key of FORWARDED_ENV_KEYS) {
+    const value = process.env[key];
+    if (value && value.trim().length > 0) {
+      env[key] = value;
+    }
+  }
+  return env;
+}
+
+// setup/ide-adapters/claude-code.ts
+var claudeCodeAdapter = {
+  name: "Claude Code",
+  async configureMcp(projectDir, apiKey) {
+    const claudeDir = join3(projectDir, ".claude");
+    await mkdir(claudeDir, { recursive: true });
+    const launch = await getMcpLaunchConfig();
+    const mcpPath = join3(projectDir, ".mcp.json");
+    let existing = {};
+    try {
+      existing = JSON.parse(await readFile(mcpPath, "utf-8"));
+    } catch {
+    }
+    const existingServers = typeof existing.mcpServers === "object" && existing.mcpServers != null ? existing.mcpServers : {};
+    existingServers.forcefield = {
+      command: launch.command,
+      args: launch.args,
+      env: buildMcpEnv(apiKey)
+    };
+    const nextConfig = {
+      ...existing,
+      mcpServers: existingServers
+    };
+    await writeFile(mcpPath, JSON.stringify(nextConfig, null, 2) + "\n", "utf-8");
+  },
+  async installWorkflows(projectDir, workflowsDir) {
+    const commandsDir = join3(projectDir, ".claude", "commands");
+    await mkdir(commandsDir, { recursive: true });
+    const files = await readdir(workflowsDir);
+    const mdFiles = files.filter((f) => f.startsWith("ff-") && f.endsWith(".md"));
+    for (const file of mdFiles) {
+      await copyFile(join3(workflowsDir, file), join3(commandsDir, file));
+    }
+    return mdFiles.length;
+  },
+  async removeWorkflows(projectDir) {
+    const commandsDir = join3(projectDir, ".claude", "commands");
+    try {
+      const files = await readdir(commandsDir);
+      for (const file of files) {
+        if (file.startsWith("ff-") && file.endsWith(".md")) {
+          await rm(join3(commandsDir, file));
+        }
+      }
+    } catch {
+    }
+  }
+};
+
+// setup/ide-adapters/cursor.ts
+import { mkdir as mkdir2, readdir as readdir2, copyFile as copyFile2, rm as rm2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+import { join as join4 } from "path";
+var cursorAdapter = {
+  name: "Cursor",
+  async configureMcp(projectDir, apiKey) {
+    const cursorDir = join4(projectDir, ".cursor");
+    await mkdir2(cursorDir, { recursive: true });
+    const configPath = join4(cursorDir, "mcp.json");
+    const launch = await getMcpLaunchConfig();
+    let existing = {};
+    try {
+      existing = JSON.parse(await readFile2(configPath, "utf-8"));
+    } catch {
+    }
+    const existingServers = typeof existing.mcpServers === "object" && existing.mcpServers != null ? existing.mcpServers : {};
+    existingServers.forcefield = {
+      command: launch.command,
+      args: launch.args,
+      env: buildMcpEnv(apiKey)
+    };
+    const merged = {
+      ...existing,
+      mcpServers: existingServers
+    };
+    await writeFile2(configPath, JSON.stringify(merged, null, 2) + "\n", "utf-8");
+  },
+  async installWorkflows(projectDir, workflowsDir) {
+    const rulesDir = join4(projectDir, ".cursor", "rules");
+    await mkdir2(rulesDir, { recursive: true });
+    const files = await readdir2(workflowsDir);
+    const mdFiles = files.filter((f) => f.startsWith("ff-") && f.endsWith(".md"));
+    for (const file of mdFiles) {
+      await copyFile2(join4(workflowsDir, file), join4(rulesDir, file));
+    }
+    return mdFiles.length;
+  },
+  async removeWorkflows(projectDir) {
+    const rulesDir = join4(projectDir, ".cursor", "rules");
+    try {
+      const files = await readdir2(rulesDir);
+      for (const file of files) {
+        if (file.startsWith("ff-") && file.endsWith(".md")) {
+          await rm2(join4(rulesDir, file));
+        }
+      }
+    } catch {
+    }
+  }
+};
+
+// setup/ide-adapters/codex.ts
+import { mkdir as mkdir3, readFile as readFile3, writeFile as writeFile3 } from "fs/promises";
+import { join as join5 } from "path";
+var START_MARKER = "<!-- forcefield:start -->";
+var END_MARKER = "<!-- forcefield:end -->";
+var MCP_START_MARKER = "# forcefield:mcp:start";
+var MCP_END_MARKER = "# forcefield:mcp:end";
+var codexAdapter = {
+  name: "Codex",
+  async configureMcp(projectDir, apiKey) {
+    const codexDir = join5(projectDir, ".codex");
+    await mkdir3(codexDir, { recursive: true });
+    const configPath = join5(codexDir, "config.toml");
+    const launch = await getMcpLaunchConfig();
+    const env = buildMcpEnv(apiKey);
+    const forcefieldBlock = buildForcefieldTomlBlock(launch.command, launch.args, env);
+    let existing = "";
+    try {
+      existing = await readFile3(configPath, "utf-8");
+    } catch {
+    }
+    const cleaned = removeTomlForcefieldSection(existing).trim();
+    const final = cleaned ? `${cleaned}
+
+${forcefieldBlock}
+` : `${forcefieldBlock}
+`;
+    await writeFile3(configPath, final, "utf-8");
+  },
+  async installWorkflows(projectDir, workflowsDir) {
+    const agentsPath = join5(projectDir, "AGENTS.md");
+    const { readdir: readdir3 } = await import("fs/promises");
+    const files = await readdir3(workflowsDir);
+    const mdFiles = files.filter((f) => f.startsWith("ff-") && f.endsWith(".md"));
+    const workflowContents = [];
+    for (const file of mdFiles) {
+      const content = await readFile3(join5(workflowsDir, file), "utf-8");
+      workflowContents.push(content);
+    }
+    const forcefieldSection = [
+      START_MARKER,
+      "",
+      "# Forcefield Workflows",
+      "",
+      "The following workflows are available for compliance management:",
+      "",
+      ...workflowContents.map((c) => c + "\n\n---\n"),
+      END_MARKER
+    ].join("\n");
+    let existing = "";
+    try {
+      existing = await readFile3(agentsPath, "utf-8");
+    } catch {
+    }
+    const cleaned = removeSection(existing);
+    const final = cleaned.trim() ? cleaned.trim() + "\n\n" + forcefieldSection : forcefieldSection;
+    await writeFile3(agentsPath, final, "utf-8");
+    return mdFiles.length;
+  },
+  async removeWorkflows(projectDir) {
+    const agentsPath = join5(projectDir, "AGENTS.md");
+    try {
+      const content = await readFile3(agentsPath, "utf-8");
+      const cleaned = removeSection(content);
+      await writeFile3(agentsPath, cleaned, "utf-8");
+    } catch {
+    }
+  }
+};
+function removeSection(content) {
+  const startIdx = content.indexOf(START_MARKER);
+  const endIdx = content.indexOf(END_MARKER);
+  if (startIdx === -1 || endIdx === -1) return content;
+  const before = content.slice(0, startIdx).trimEnd();
+  const after = content.slice(endIdx + END_MARKER.length).trimStart();
+  return before + (after ? "\n\n" + after : "");
+}
+function removeTomlForcefieldSection(content) {
+  const markerStart = content.indexOf(MCP_START_MARKER);
+  const markerEnd = content.indexOf(MCP_END_MARKER);
+  if (markerStart !== -1 && markerEnd !== -1) {
+    const before = content.slice(0, markerStart).trimEnd();
+    const after = content.slice(markerEnd + MCP_END_MARKER.length).trimStart();
+    return before + (after ? "\n\n" + after : "");
+  }
+  return content.replace(/^\[mcp_servers\.forcefield\]\n[\s\S]*?(?=^\[|$)/gm, "").replace(/^\[mcp_servers\.forcefield\.env\]\n[\s\S]*?(?=^\[|$)/gm, "").trim();
+}
+function buildForcefieldTomlBlock(command, args, env) {
+  const envLines = Object.entries(env).map(([key, value]) => `${key} = "${escapeTomlString(value)}"`);
+  return [
+    MCP_START_MARKER,
+    "[mcp_servers.forcefield]",
+    `command = "${escapeTomlString(command)}"`,
+    `args = [${args.map((arg) => `"${escapeTomlString(arg)}"`).join(", ")}]`,
+    "[mcp_servers.forcefield.env]",
+    ...envLines,
+    MCP_END_MARKER
+  ].join("\n");
+}
+function escapeTomlString(value) {
+  return value.replace(/\\/g, "\\\\").replace(/"/g, '\\"');
+}
+
+// setup/ide-adapters/windsurf.ts
+import { mkdir as mkdir4, readFile as readFile4, writeFile as writeFile4 } from "fs/promises";
+import { join as join6 } from "path";
+var START_MARKER2 = "<!-- forcefield:start -->";
+var END_MARKER2 = "<!-- forcefield:end -->";
+var windsurfAdapter = {
+  name: "Windsurf",
+  async configureMcp(projectDir, apiKey) {
+    const configDir = join6(projectDir, ".windsurf");
+    await mkdir4(configDir, { recursive: true });
+    const configPath = join6(configDir, "mcp_config.json");
+    const launch = await getMcpLaunchConfig();
+    let existing = {};
+    try {
+      existing = JSON.parse(await readFile4(configPath, "utf-8"));
+    } catch {
+    }
+    const existingServers = typeof existing.mcpServers === "object" && existing.mcpServers != null ? existing.mcpServers : {};
+    existingServers.forcefield = {
+      command: launch.command,
+      args: launch.args,
+      env: buildMcpEnv(apiKey)
+    };
+    const merged = {
+      ...existing,
+      mcpServers: existingServers
+    };
+    await writeFile4(configPath, JSON.stringify(merged, null, 2) + "\n", "utf-8");
+  },
+  async installWorkflows(projectDir, workflowsDir) {
+    const rulesPath = join6(projectDir, ".windsurfrules");
+    const { readdir: readdir3 } = await import("fs/promises");
+    const files = await readdir3(workflowsDir);
+    const mdFiles = files.filter((f) => f.startsWith("ff-") && f.endsWith(".md"));
+    const workflowContents = [];
+    for (const file of mdFiles) {
+      const content = await readFile4(join6(workflowsDir, file), "utf-8");
+      workflowContents.push(content);
+    }
+    const forcefieldSection = [
+      START_MARKER2,
+      "",
+      "# Forcefield Workflows",
+      "",
+      ...workflowContents.map((c) => c + "\n\n---\n"),
+      END_MARKER2
+    ].join("\n");
+    let existing = "";
+    try {
+      existing = await readFile4(rulesPath, "utf-8");
+    } catch {
+    }
+    const cleaned = removeSection2(existing);
+    const final = cleaned.trim() ? cleaned.trim() + "\n\n" + forcefieldSection : forcefieldSection;
+    await writeFile4(rulesPath, final, "utf-8");
+    return mdFiles.length;
+  },
+  async removeWorkflows(projectDir) {
+    const rulesPath = join6(projectDir, ".windsurfrules");
+    try {
+      const content = await readFile4(rulesPath, "utf-8");
+      const cleaned = removeSection2(content);
+      await writeFile4(rulesPath, cleaned, "utf-8");
+    } catch {
+    }
+  }
+};
+function removeSection2(content) {
+  const startIdx = content.indexOf(START_MARKER2);
+  const endIdx = content.indexOf(END_MARKER2);
+  if (startIdx === -1 || endIdx === -1) return content;
+  const before = content.slice(0, startIdx).trimEnd();
+  const after = content.slice(endIdx + END_MARKER2.length).trimStart();
+  return before + (after ? "\n\n" + after : "");
+}
+
+// setup/ide-adapters/index.ts
+var adapters = {
+  "claude-code": claudeCodeAdapter,
+  "cursor": cursorAdapter,
+  "codex": codexAdapter,
+  "windsurf": windsurfAdapter
+};
+function getAdapter(ide) {
+  return adapters[ide];
+}
+var IDE_CHOICES = [
+  { value: "claude-code", label: "Claude Code", hint: ".claude/commands/" },
+  { value: "cursor", label: "Cursor", hint: ".cursor/rules/" },
+  { value: "codex", label: "Codex (OpenAI)", hint: "AGENTS.md" },
+  { value: "windsurf", label: "Windsurf", hint: ".windsurfrules" }
+];
+
+// setup/auth.ts
+import { createHash, randomBytes } from "crypto";
+import { createClient } from "@supabase/supabase-js";
+var API_KEY_PREFIX = "ff_live_";
+var MAX_RETRIES = 3;
+var LOCAL_SUPABASE_URL = "http://127.0.0.1:54321";
+var LOCAL_SUPABASE_ANON_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6ImFub24iLCJleHAiOjE5ODM4MTI5OTZ9.CRXP1A7WOeoJeXxjNni43kdQwgnWNReilDMblYTn_I0";
+var LOCAL_SUPABASE_SERVICE_ROLE_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZS1kZW1vIiwicm9sZSI6InNlcnZpY2Vfcm9sZSIsImV4cCI6MTk4MzgxMjk5Nn0.EGIM96RAZx35lJzdJsyH-qQwv8Hdp7fsn3W0YpN81IU";
+function isTruthy2(value) {
+  if (!value) return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized === "1" || normalized === "true" || normalized === "yes" || normalized === "on";
+}
+function getSupabaseUrl(options) {
+  return options?.supabaseUrl ?? process.env.SUPABASE_URL ?? LOCAL_SUPABASE_URL;
+}
+function isLocalSupabaseUrl(supabaseUrl) {
+  try {
+    const parsed = new URL(supabaseUrl);
+    return parsed.hostname === "127.0.0.1" || parsed.hostname === "localhost";
+  } catch {
+    return false;
+  }
+}
+function isLocalMode(options) {
+  if (options?.localDev !== void 0) return options.localDev;
+  if (isTruthy2(process.env.FORCEFIELD_LOCAL_DEV)) return true;
+  return isLocalSupabaseUrl(getSupabaseUrl(options));
+}
+function getAnonKey(supabaseUrl, options) {
+  const explicit = options?.anonKey ?? process.env.SUPABASE_ANON_KEY;
+  if (explicit && explicit.trim().length > 0) return explicit;
+  if (isLocalSupabaseUrl(supabaseUrl)) {
+    return LOCAL_SUPABASE_ANON_KEY;
+  }
+  throw new Error("Missing SUPABASE_ANON_KEY for hosted setup authentication.");
+}
+function getServiceRoleKey(supabaseUrl) {
+  const explicit = process.env.SUPABASE_SERVICE_ROLE_KEY;
+  if (explicit && explicit.trim().length > 0) return explicit;
+  if (isLocalSupabaseUrl(supabaseUrl)) {
+    return LOCAL_SUPABASE_SERVICE_ROLE_KEY;
+  }
+  return null;
+}
+function validateApiKeyFormat(key) {
+  return key.startsWith(API_KEY_PREFIX) && key.length > API_KEY_PREFIX.length + 8;
+}
+async function verifyApiKey(apiKey, options) {
+  if (!validateApiKeyFormat(apiKey)) {
+    return {
+      valid: false,
+      apiKey: "",
+      error: 'Invalid API key format. Keys must start with "ff_live_".'
+    };
+  }
+  const supabaseUrl = getSupabaseUrl(options);
+  const endpoint = `${supabaseUrl}/functions/v1/key-exchange`;
+  try {
+    const response = await fetch(endpoint, {
+      method: "POST",
+      headers: {
+        Authorization: `Bearer ${apiKey}`,
+        "Content-Type": "application/json"
+      }
+    });
+    if (!response.ok) {
+      const payload = await response.json().catch(() => ({}));
+      const detail = payload.error ?? "API key invalid or revoked.";
+      return {
+        valid: false,
+        apiKey: "",
+        error: `Authentication failed (${response.status}): ${detail}`
+      };
+    }
+    return { valid: true, apiKey };
+  } catch {
+    return {
+      valid: false,
+      apiKey: "",
+      error: `Could not reach Forcefield backend at ${supabaseUrl}. Check SUPABASE_URL/network and retry.`
+    };
+  }
+}
+async function authenticateWithRetry(getKey, options) {
+  let lastError;
+  for (let attempt = 1; attempt <= MAX_RETRIES; attempt++) {
+    const key = await getKey();
+    if (!key) {
+      return { valid: false, apiKey: "", error: "No API key provided." };
+    }
+    const verified = await verifyApiKey(key, options);
+    if (verified.valid) {
+      return verified;
+    }
+    lastError = verified.error;
+    if (attempt < MAX_RETRIES) {
+      continue;
+    }
+  }
+  return {
+    valid: false,
+    apiKey: "",
+    error: lastError ?? `Authentication failed after ${MAX_RETRIES} attempts.`
+  };
+}
+function generateApiKey() {
+  const raw = randomBytes(32).toString("hex");
+  const plaintext = `${API_KEY_PREFIX}${raw}`;
+  const hash = createHash("sha256").update(plaintext).digest("hex");
+  const prefix = plaintext.slice(0, 12);
+  return { plaintext, hash, prefix };
+}
+async function authenticateAccountAndCreateApiKey(email, password, options) {
+  const supabaseUrl = getSupabaseUrl(options);
+  const anonKey = getAnonKey(supabaseUrl, options);
+  const supabase = createClient(supabaseUrl, anonKey, {
+    auth: {
+      persistSession: false,
+      autoRefreshToken: false
+    }
+  });
+  let signIn = await supabase.auth.signInWithPassword({ email, password });
+  if (signIn.error || !signIn.data.user) {
+    await supabase.auth.signUp({ email, password });
+    signIn = await supabase.auth.signInWithPassword({ email, password });
+  }
+  if (signIn.error || !signIn.data.user) {
+    const message = signIn.error?.message ?? "Invalid login credentials";
+    throw new Error(`Authentication failed: ${message}`);
+  }
+  const userId = signIn.data.user.id;
+  const { plaintext, hash, prefix } = generateApiKey();
+  const { error: insertError } = await supabase.from("api_keys").insert({
+    user_id: userId,
+    key_hash: hash,
+    key_prefix: prefix,
+    label: options?.label ?? "Setup Wizard Key",
+    tier: "free"
+  });
+  if (insertError) {
+    if (isLocalMode(options)) {
+      const serviceRoleKey = getServiceRoleKey(supabaseUrl);
+      if (serviceRoleKey) {
+        return createApiKeyViaServiceRole({
+          supabaseUrl,
+          serviceRoleKey,
+          email,
+          password,
+          label: options?.label ?? "Setup Wizard Key"
+        });
+      }
+    }
+    throw new Error(`Failed to create API key: ${insertError.message}`);
+  }
+  return {
+    apiKey: plaintext,
+    userId,
+    email
+  };
+}
+async function authenticateLocalAndCreateApiKey(email, password, options) {
+  return authenticateAccountAndCreateApiKey(email, password, {
+    ...options,
+    localDev: true,
+    label: options?.label ?? "Local Setup Key"
+  });
+}
+async function createApiKeyViaServiceRole(params) {
+  const admin = createClient(params.supabaseUrl, params.serviceRoleKey, {
+    auth: {
+      persistSession: false,
+      autoRefreshToken: false
+    }
+  });
+  let userId;
+  const createUser = await admin.auth.admin.createUser({
+    email: params.email,
+    password: params.password,
+    email_confirm: true
+  });
+  if (createUser.data.user?.id) {
+    userId = createUser.data.user.id;
+  } else if (createUser.error) {
+    const authDb = createClient(params.supabaseUrl, params.serviceRoleKey, {
+      db: { schema: "auth" },
+      auth: {
+        persistSession: false,
+        autoRefreshToken: false
+      }
+    });
+    const existingUser = await authDb.from("users").select("id,email").eq("email", params.email).limit(1).maybeSingle();
+    if (existingUser.error) {
+      throw new Error(`Local login failed: ${createUser.error.message}`);
+    }
+    userId = existingUser.data?.id;
+  }
+  if (!userId) {
+    throw new Error("Local login failed: could not resolve user account");
+  }
+  const { plaintext, hash, prefix } = generateApiKey();
+  const { error: insertError } = await admin.from("api_keys").insert({
+    user_id: userId,
+    key_hash: hash,
+    key_prefix: prefix,
+    label: params.label,
+    tier: "free"
+  });
+  if (insertError) {
+    throw new Error(`Failed to create local API key: ${insertError.message}`);
+  }
+  return {
+    apiKey: plaintext,
+    userId,
+    email: params.email
+  };
+}
+
+// setup/wizard.ts
+var __dirname2 = dirname2(fileURLToPath2(import.meta.url));
+var WORKFLOW_DIR_CANDIDATES = [
+  join7(__dirname2, "..", "workflows"),
+  join7(__dirname2, "..", "..", "workflows")
+];
+var CONFIG_FILE = ".forcefield.json";
+var VERSION = "0.1.0";
+var BANNER_TEXT = "Forcefield";
+var BANNER_FONT = "Rowan Cap";
+var BANNER_MIN_COLUMNS = 80;
+var BANNER_FALLBACK_TEXT = "  Forcefield";
+var BANNER_SUBTITLE = "  Corporate compliance copilot\n";
+var BANNER_GRADIENT_STOPS = ["#ff3b3b", "#ff9f1a", "#ffe74c", "#2ed573", "#1e90ff", "#7d5fff", "#e056fd"];
+var bannerGradient = gradient(BANNER_GRADIENT_STOPS);
+async function resolveWorkflowsDir() {
+  for (const dir of WORKFLOW_DIR_CANDIDATES) {
+    try {
+      await access3(dir);
+      return dir;
+    } catch {
+    }
+  }
+  throw new Error(
+    `Unable to locate workflow templates. Checked: ${WORKFLOW_DIR_CANDIDATES.join(", ")}`
+  );
+}
+async function runWizard(projectDir, args) {
+  if (args.status) {
+    await showStatus(projectDir);
+    return;
+  }
+  if (args.ide && args.mode && (args.token || args.localAuth || args.email && args.password)) {
+    await runNonInteractive(projectDir, args);
+    return;
+  }
+  await runInteractive(projectDir, args);
+}
+function showBanner() {
+  const cols = process.stdout.columns || 80;
+  if (cols >= BANNER_MIN_COLUMNS) {
+    try {
+      const banner = figlet.textSync(BANNER_TEXT, { font: BANNER_FONT });
+      const colored = applyBannerGradient(banner);
+      console.log(colored);
+    } catch {
+      console.log(pc.bold(applyBannerGradient(BANNER_FALLBACK_TEXT)));
+    }
+  } else {
+    console.log(pc.bold(applyBannerGradient(BANNER_FALLBACK_TEXT)));
+  }
+  console.log(pc.dim(BANNER_SUBTITLE));
+}
+function applyBannerGradient(text2) {
+  return bannerGradient.multiline(text2);
+}
+async function showStatus(projectDir) {
+  const config = await readConfig(projectDir);
+  if (!config) {
+    console.log(pc.yellow("No Forcefield setup found in this directory."));
+    console.log(`Run ${pc.cyan("forcefield-setup")} to get started.`);
+    process.exit(1);
+  }
+  console.log(pc.bold("Forcefield Setup Status"));
+  console.log(`  IDE: ${pc.cyan(config.ide)}`);
+  console.log(`  Mode: ${pc.cyan(config.mode)}`);
+  console.log(`  Version: ${pc.cyan(config.version)}`);
+  console.log(`  Installed: ${pc.dim(config.installed_at)}`);
+}
+async function runNonInteractive(projectDir, args) {
+  const ide = args.ide;
+  const mode = args.mode;
+  let apiKey = args.token;
+  if (args.localAuth) {
+    if (!args.email || !args.password) {
+      console.error(pc.red("Non-interactive local auth requires --email and --password."));
+      process.exit(1);
+    }
+    const auth = await authenticateLocalAndCreateApiKey(args.email, args.password, {
+      label: "Setup Wizard (Local)"
+    });
+    apiKey = auth.apiKey;
+    console.log(`Created local API key for ${auth.email}.`);
+  } else if (!apiKey && args.email && args.password) {
+    const auth = await authenticateAccountAndCreateApiKey(args.email, args.password, {
+      label: "Setup Wizard Key",
+      localDev: isLocalSetupMode(args)
+    });
+    apiKey = auth.apiKey;
+    console.log(`Created API key for ${auth.email}.`);
+  } else if (apiKey) {
+    const verified = await authenticateWithRetry(async () => apiKey ?? null, {
+      localDev: isLocalSetupMode(args)
+    });
+    if (!verified.valid) {
+      console.error(pc.red(verified.error ?? "API key validation failed."));
+      process.exit(1);
+    }
+    apiKey = verified.apiKey;
+  }
+  if (!apiKey) {
+    console.error(pc.red("Missing auth input. Pass --token, --local-auth, or --email/--password."));
+    process.exit(1);
+  }
+  console.log(`Setting up Forcefield for ${ide} in ${mode} mode...`);
+  await configure(projectDir, ide, mode, apiKey);
+  console.log(pc.green("Setup complete!"));
+  for (const line of getPostSetupInstructions(ide, mode, projectDir)) {
+    console.log(line);
+  }
+}
+async function runInteractive(projectDir, preArgs) {
+  showBanner();
+  p.intro(pc.bgCyan(pc.black(" Forcefield Setup ")));
+  const existingConfig = await readConfig(projectDir);
+  if (existingConfig) {
+    const updateChoice = await p.select({
+      message: `Forcefield is already set up (${existingConfig.ide}, ${existingConfig.mode} mode).`,
+      options: [
+        { value: "update", label: "Update existing setup", hint: "Refresh workflows + auth" },
+        { value: "fresh", label: "Start fresh", hint: "Remove existing config and reconfigure" }
+      ]
+    });
+    if (p.isCancel(updateChoice)) {
+      p.cancel("Setup cancelled.");
+      process.exit(0);
+    }
+    if (updateChoice === "update") {
+      const apiKey2 = await promptApiKey();
+      if (!apiKey2) return;
+      await configure(projectDir, existingConfig.ide, existingConfig.mode, apiKey2);
+      showSuccess(existingConfig.ide, existingConfig.mode, projectDir);
+      return;
+    }
+  }
+  const ide = preArgs.ide ?? await promptIde(projectDir);
+  if (!ide) return;
+  const mode = preArgs.mode ?? await promptMode();
+  if (!mode) return;
+  const apiKey = preArgs.token ?? await promptApiKey(preArgs);
+  if (!apiKey) return;
+  const s = p.spinner();
+  s.start("Configuring Forcefield...");
+  try {
+    await configure(projectDir, ide, mode, apiKey);
+    s.stop("Configuration complete.");
+  } catch (err) {
+    s.stop("Configuration failed.");
+    p.cancel(err instanceof Error ? err.message : "Unknown error");
+    process.exit(1);
+  }
+  showSuccess(ide, mode, projectDir);
+}
+async function promptIde(projectDir) {
+  const detection = await detectIde(projectDir);
+  if (detection.detected) {
+    const adapter = getAdapter(detection.detected);
+    const confirm2 = await p.confirm({
+      message: `Detected ${adapter.name} (${detection.markers[0].marker} found). Use ${adapter.name}?`
+    });
+    if (p.isCancel(confirm2)) {
+      p.cancel("Setup cancelled.");
+      return null;
+    }
+    if (confirm2) return detection.detected;
+  }
+  const choice = await p.select({
+    message: "Which IDE do you use?",
+    options: IDE_CHOICES
+  });
+  if (p.isCancel(choice)) {
+    p.cancel("Setup cancelled.");
+    return null;
+  }
+  return choice;
+}
+async function promptMode() {
+  const choice = await p.select({
+    message: "Installation type:",
+    options: [
+      { value: "full", label: "Full \u2014 MCP server + guided workflows", hint: "Recommended" },
+      { value: "core", label: "Core \u2014 MCP server only", hint: "Minimal" }
+    ]
+  });
+  if (p.isCancel(choice)) {
+    p.cancel("Setup cancelled.");
+    return null;
+  }
+  return choice;
+}
+async function promptApiKey(preArgs) {
+  if (preArgs?.localAuth) {
+    const preEmail = preArgs.email ?? await promptTextValue("Local test email:", "alice@test.local");
+    const prePassword = preArgs.password ?? await promptTextValue("Local test password:", "password123", true);
+    if (!preEmail || !prePassword) return null;
+    try {
+      const result = await authenticateLocalAndCreateApiKey(preEmail, prePassword, {
+        label: "Setup Wizard (Local)"
+      });
+      p.log.success(`Created local API key for ${result.email}.`);
+      return result.apiKey;
+    } catch (err) {
+      p.log.error(err instanceof Error ? err.message : "Failed local auth");
+      return null;
+    }
+  }
+  const localMode = isLocalSetupMode(preArgs);
+  const methodOptions = [
+    { value: "account", label: "Sign in / create account + API key", hint: "Recommended" },
+    { value: "paste", label: "Paste existing API key", hint: "Use an existing ff_live_... key" }
+  ];
+  if (localMode) {
+    methodOptions.push({
+      value: "local",
+      label: "Create local account + API key",
+      hint: "For local Supabase testing"
+    });
+  }
+  const method = await p.select({
+    message: "How do you want to authenticate?",
+    options: methodOptions
+  });
+  if (p.isCancel(method)) {
+    p.cancel("Setup cancelled.");
+    return null;
+  }
+  if (method === "account") {
+    const email = await promptTextValue("Account email:", preArgs?.email ?? "you@company.com");
+    const password = await promptTextValue("Account password:", "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022", true);
+    if (!email || !password) return null;
+    try {
+      const result = await authenticateAccountAndCreateApiKey(email, password, {
+        label: "Setup Wizard Key",
+        localDev: localMode
+      });
+      p.log.success(`Created API key for ${result.email}.`);
+      return result.apiKey;
+    } catch (err) {
+      p.log.error(err instanceof Error ? err.message : "Account authentication failed");
+      return null;
+    }
+  }
+  if (method === "local") {
+    const email = await promptTextValue("Local test email:", "alice@test.local");
+    const password = await promptTextValue("Local test password:", "password123", true);
+    if (!email || !password) return null;
+    try {
+      const result = await authenticateLocalAndCreateApiKey(email, password, {
+        label: "Setup Wizard (Local)"
+      });
+      p.log.success(`Created local API key for ${result.email}.`);
+      return result.apiKey;
+    } catch (err) {
+      p.log.error(err instanceof Error ? err.message : "Failed local auth");
+      return null;
+    }
+  }
+  const auth = await authenticateWithRetry(
+    async () => {
+      const key = await p.text({
+        message: "Enter your Forcefield API key:",
+        placeholder: "ff_live_...",
+        validate: (value) => {
+          if (!value) return "API key is required.";
+          if (!value.startsWith("ff_live_")) return 'Key must start with "ff_live_".';
+          if (value.length < 20) return "Key seems too short.";
+          return void 0;
+        }
+      });
+      if (p.isCancel(key)) {
+        p.cancel("Setup cancelled.");
+        return null;
+      }
+      return key;
+    },
+    {
+      localDev: localMode
+    }
+  );
+  if (!auth.valid) {
+    p.log.error(auth.error ?? "Authentication failed. Check your credentials and retry.");
+    return null;
+  }
+  return auth.apiKey;
+}
+function isLocalSetupMode(preArgs) {
+  if (preArgs?.localAuth) return true;
+  const localValue = process.env.FORCEFIELD_LOCAL_DEV;
+  if (localValue) {
+    const normalized = localValue.trim().toLowerCase();
+    if (["1", "true", "yes", "on"].includes(normalized)) {
+      return true;
+    }
+  }
+  const supabaseUrl = process.env.SUPABASE_URL;
+  if (!supabaseUrl) return false;
+  try {
+    const parsed = new URL(supabaseUrl);
+    return parsed.hostname === "127.0.0.1" || parsed.hostname === "localhost";
+  } catch {
+    return false;
+  }
+}
+async function promptTextValue(message, placeholder, secret = false) {
+  const value = await p.text({
+    message,
+    placeholder,
+    ...secret ? { placeholder: "\u2022\u2022\u2022\u2022\u2022\u2022\u2022\u2022" } : {},
+    validate: (input) => {
+      if (!input) return "This field is required.";
+      return void 0;
+    }
+  });
+  if (p.isCancel(value)) {
+    p.cancel("Setup cancelled.");
+    return null;
+  }
+  return value;
+}
+async function configure(projectDir, ide, mode, apiKey) {
+  const adapter = getAdapter(ide);
+  await adapter.configureMcp(projectDir, apiKey);
+  let workflowCount = 0;
+  if (mode === "full") {
+    const workflowsDir = await resolveWorkflowsDir();
+    workflowCount = await adapter.installWorkflows(projectDir, workflowsDir);
+  }
+  const config = {
+    ide,
+    mode,
+    installed_at: (/* @__PURE__ */ new Date()).toISOString(),
+    version: VERSION
+  };
+  await writeConfig(projectDir, config);
+  void workflowCount;
+}
+function getPostSetupInstructions(ide, mode, projectDir) {
+  const repo = pc.cyan(projectDir);
+  const dashboardHint = `Optional beta companion: run local dashboard in the Forcefield repo via ${pc.cyan("pnpm run dev:dashboard")} and sign in at ${pc.cyan("http://localhost:3000")}.`;
+  if (mode === "core") {
+    return [
+      `Next: open your coding agent in ${repo} and use Forcefield MCP tools directly (e.g. ${pc.cyan('ff_system(action: "health")')}).`,
+      dashboardHint
+    ];
+  }
+  const common = [
+    `Next: start your coding agent in ${repo}.`,
+    `Then in IDE chat (not terminal), run ${pc.cyan("/ff-onboard")} to set up your company profile and deadlines.`,
+    `Optional: run ${pc.cyan("/ff-start")} only if you want a command primer or connection troubleshooting.`,
+    dashboardHint
+  ];
+  if (ide === "claude-code") {
+    return [
+      ...common,
+      `If tools are missing, run ${pc.cyan("/mcp")} and confirm ${pc.cyan("forcefield")} is connected.`
+    ];
+  }
+  return common;
+}
+function showSuccess(ide, mode, projectDir) {
+  const adapter = getAdapter(ide);
+  const workflowStatus = mode === "full" ? `${pc.green("\u2713")} Project workflow commands installed` : `${pc.yellow("\u2022")} Core mode selected (no slash-command workflows installed)`;
+  p.note(
+    [
+      `${pc.green("\u2713")} MCP server configured`,
+      workflowStatus,
+      `${pc.green("\u2713")} IDE: ${adapter.name}`
+    ].join("\n"),
+    "Setup Complete"
+  );
+  p.outro(getPostSetupInstructions(ide, mode, projectDir).join("\n"));
+}
+async function readConfig(projectDir) {
+  const configPath = join7(projectDir, CONFIG_FILE);
+  try {
+    await access3(configPath);
+    const raw = await readFile5(configPath, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+async function writeConfig(projectDir, config) {
+  const configPath = join7(projectDir, CONFIG_FILE);
+  await writeFile5(configPath, JSON.stringify(config, null, 2) + "\n", "utf-8");
+}
+
+// setup/index.ts
+function parseArgs(argv) {
+  const args = {};
+  for (let i = 2; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === "--status") {
+      args.status = true;
+    } else if (arg === "--ide" && argv[i + 1]) {
+      const ide = argv[++i];
+      if (["claude-code", "cursor", "codex", "windsurf"].includes(ide)) {
+        args.ide = ide;
+      }
+    } else if (arg === "--mode" && argv[i + 1]) {
+      const mode = argv[++i];
+      if (["full", "core"].includes(mode)) {
+        args.mode = mode;
+      }
+    } else if (arg === "--token" && argv[i + 1]) {
+      args.token = argv[++i];
+    } else if (arg === "--email" && argv[i + 1]) {
+      args.email = argv[++i];
+    } else if (arg === "--password" && argv[i + 1]) {
+      args.password = argv[++i];
+    } else if (arg === "--local-auth") {
+      args.localAuth = true;
+    }
+  }
+  return args;
+}
+async function main() {
+  const args = parseArgs(process.argv);
+  const projectDir = process.cwd();
+  try {
+    await runWizard(projectDir, args);
+  } catch (err) {
+    console.error("Setup failed:", err instanceof Error ? err.message : err);
+    process.exit(1);
+  }
+}
+main();
+export {
+  parseArgs
+};
+//# sourceMappingURL=index.js.map