@gurulu/cli 0.4.4 → 0.4.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -12,6 +12,12 @@ export interface CliApiOptions extends RequestInit {
12
12
  preloadedProfile?: ActiveProfile;
13
13
  /** Disable process.exit for tests. */
14
14
  noExitOnError?: boolean;
15
+ /**
16
+ * Surface raw error bodies on 5xx instead of the generic "temporarily
17
+ * unavailable" message. Caller should pass true when --json / --show-sql
18
+ * / any verbose flag is set. GURULU_DEBUG=1 also forces verbose globally.
19
+ */
20
+ verbose?: boolean;
15
21
  }
16
22
  export declare class CliApiError extends Error {
17
23
  status: number;
@@ -129,6 +129,31 @@ async function cliApi(path, init = {}) {
129
129
  fatal(`Rate limited by Gurulu${retry ? ` — try again in ${retry}s` : ''}. Try again shortly.`, init);
130
130
  }
131
131
  if (res.status >= 500) {
132
+ const verbose = init.verbose === true || process.env.GURULU_DEBUG === '1';
133
+ if (verbose) {
134
+ let detail = '';
135
+ try {
136
+ const body = await res.clone().json();
137
+ const msg = body?.error || body?.message;
138
+ if (msg) {
139
+ detail = ` ${typeof msg === 'string' ? msg : JSON.stringify(msg)}`;
140
+ }
141
+ else {
142
+ detail = ` ${JSON.stringify(body)}`;
143
+ }
144
+ }
145
+ catch {
146
+ try {
147
+ const txt = await res.clone().text();
148
+ if (txt)
149
+ detail = ` ${txt.slice(0, 500)}`;
150
+ }
151
+ catch {
152
+ /* ignore */
153
+ }
154
+ }
155
+ fatal(`Gurulu is temporarily unavailable (HTTP ${res.status}).${detail}`, init);
156
+ }
132
157
  fatal(`Gurulu is temporarily unavailable (HTTP ${res.status}).`, init);
133
158
  }
134
159
  return res;
@@ -15,5 +15,9 @@ export interface AudiencesArgs {
15
15
  rules?: string;
16
16
  yes?: boolean;
17
17
  dryRun?: boolean;
18
+ format?: 'csv' | 'json' | string;
19
+ output?: string;
20
+ preview?: boolean;
21
+ limit?: number;
18
22
  }
19
23
  export declare function audiencesCommand(args: AudiencesArgs): Promise<void>;
@@ -5,6 +5,7 @@
5
5
  */
6
6
  Object.defineProperty(exports, "__esModule", { value: true });
7
7
  exports.audiencesCommand = audiencesCommand;
8
+ const node_fs_1 = require("node:fs");
8
9
  const api_client_1 = require("../api-client");
9
10
  const ui_1 = require("../utils/ui");
10
11
  const confirm_1 = require("../utils/confirm");
@@ -23,9 +24,11 @@ async function audiencesCommand(args) {
23
24
  return updateCmd(args);
24
25
  case 'delete':
25
26
  return deleteCmd(args);
27
+ case 'export':
28
+ return exportCmd(args);
26
29
  default:
27
30
  (0, ui_1.error)(`Unknown audiences action: ${action}`);
28
- (0, ui_1.info)('Usage: gurulu audiences [list|show|create|update|delete]');
31
+ (0, ui_1.info)('Usage: gurulu audiences [list|show|create|update|delete|export]');
29
32
  process.exit(1);
30
33
  }
31
34
  }
@@ -205,3 +208,36 @@ async function deleteCmd(args) {
205
208
  });
206
209
  (0, ui_1.success)(`Deleted audience ${id}`);
207
210
  }
211
+ /**
212
+ * AU5 (audit-2026-04-29-audience.md) — `gurulu audiences export <name-or-id>`.
213
+ * Streams the current audience membership as CSV (default) or JSON. With
214
+ * `--output <path>` we write to disk; otherwise the body goes to stdout.
215
+ */
216
+ async function exportCmd(args) {
217
+ const target = args.target;
218
+ if (!target) {
219
+ (0, ui_1.error)('Usage: gurulu audiences export <name-or-id> [--format csv|json] [--output file]');
220
+ process.exit(1);
221
+ }
222
+ const id = await resolveId(target, args.profile);
223
+ const format = (args.format || 'csv').toLowerCase();
224
+ if (format !== 'csv' && format !== 'json') {
225
+ (0, ui_1.error)('--format must be csv or json');
226
+ process.exit(1);
227
+ }
228
+ const path = `/api/cli/audiences/${encodeURIComponent(id)}/export?format=${format}&destination=download`;
229
+ const res = await (0, api_client_1.cliApi)(path, { profile: args.profile });
230
+ const body = await res.text();
231
+ if (!res.ok) {
232
+ (0, ui_1.error)(`Export failed (HTTP ${res.status}): ${body.slice(0, 200)}`);
233
+ process.exit(1);
234
+ }
235
+ if (args.output) {
236
+ (0, node_fs_1.writeFileSync)(args.output, body, 'utf8');
237
+ (0, ui_1.success)(`Wrote ${body.length} bytes to ${args.output}`);
238
+ return;
239
+ }
240
+ process.stdout.write(body);
241
+ if (!body.endsWith('\n'))
242
+ process.stdout.write('\n');
243
+ }
@@ -54,22 +54,38 @@ const login_1 = require("./login");
54
54
  const config_1 = require("../config");
55
55
  const api_client_1 = require("../api-client");
56
56
  const ui_1 = require("../utils/ui");
57
+ function isHeadless() {
58
+ if (!process.stdout.isTTY)
59
+ return true;
60
+ if (process.env.SSH_CLIENT || process.env.SSH_TTY || process.env.SSH_CONNECTION)
61
+ return true;
62
+ if (process.platform === 'linux' && !process.env.DISPLAY && !process.env.WAYLAND_DISPLAY)
63
+ return true;
64
+ return false;
65
+ }
57
66
  function tryOpenBrowser(url) {
58
67
  const platform = process.platform;
59
68
  const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'start' : 'xdg-open';
69
+ // On Windows the URL goes as a positional after an empty title arg to `start`.
70
+ const args = platform === 'win32' ? ['', url] : [url];
60
71
  try {
61
- const child = (0, child_process_1.spawn)(cmd, [url], {
72
+ const child = (0, child_process_1.spawn)(cmd, args, {
62
73
  detached: true,
63
74
  stdio: 'ignore',
64
75
  shell: platform === 'win32',
65
76
  });
77
+ let errored = false;
66
78
  child.on('error', () => {
67
- /* ignore — fall back to manual */
79
+ errored = true;
68
80
  });
69
81
  child.unref();
82
+ // spawn() returns synchronously; if the binary is missing on PATH we'll
83
+ // catch the synchronous throw below. The async 'error' handler covers
84
+ // post-fork failures but we can't await it here without blocking the flow.
85
+ return !errored;
70
86
  }
71
87
  catch {
72
- /* ignore — we printed the URL already */
88
+ return false;
73
89
  }
74
90
  }
75
91
  function sleep(ms) {
@@ -121,8 +137,17 @@ async function authCommand(args) {
121
137
  console.log(` ${(0, ui_1.dim)('Visit:')} ${verifyUrl}`);
122
138
  console.log(` ${(0, ui_1.dim)('Device:')} CLI — ${deviceLabel}`);
123
139
  console.log('');
124
- if (!args.noBrowser) {
125
- tryOpenBrowser(verifyUrl);
140
+ if (args.noBrowser) {
141
+ (0, ui_1.info)(`Open this URL manually: ${verifyUrl}`);
142
+ }
143
+ else if (isHeadless()) {
144
+ (0, ui_1.info)(`Headless/SSH session detected — open this URL on another device: ${verifyUrl}`);
145
+ }
146
+ else {
147
+ const opened = tryOpenBrowser(verifyUrl);
148
+ if (!opened) {
149
+ (0, ui_1.info)(`Could not auto-open the browser. Open this URL manually: ${verifyUrl}`);
150
+ }
126
151
  }
127
152
  const expiresAtMs = new Date(expiresAt).getTime();
128
153
  const interval = Math.max(1000, pollIntervalMs || 2000);
@@ -195,16 +220,26 @@ async function authCommand(args) {
195
220
  process.exit(1);
196
221
  }
197
222
  const fullKey = approved.secretKey.fullKey;
223
+ const userRequestedKeychain = args.useKeychain === true;
224
+ const keychainAvailable = (0, config_1.isKeychainAvailable)();
225
+ if (userRequestedKeychain && !keychainAvailable) {
226
+ (0, ui_1.warn)('Keychain requested via --keychain but the optional `keytar` module is not installed. ' +
227
+ 'Falling back to plaintext storage in ~/.gurulu/config.json. ' +
228
+ 'Install `keytar` (`npm i -g keytar`) or unset --keychain to silence this warning.');
229
+ }
198
230
  const { storedInKeychain } = await (0, config_1.saveProfile)(profileName, {
199
231
  email: `cli-${deviceLabel}@gurulu.local`,
200
232
  secret_key: fullKey,
201
233
  api_base: apiBase,
202
- }, { useKeychain: args.useKeychain ?? (0, config_1.isKeychainAvailable)() });
234
+ }, { useKeychain: args.useKeychain ?? keychainAvailable });
203
235
  const tail = fullKey.slice(-6);
204
236
  (0, ui_1.success)(`Device paired. Key …${tail} saved to profile "${profileName}".`);
205
237
  if (storedInKeychain) {
206
238
  (0, ui_1.info)(` Stored in macOS Keychain (${(0, ui_1.dim)('io.gurulu.cli')})`);
207
239
  }
240
+ else if (userRequestedKeychain) {
241
+ (0, ui_1.info)(` Stored in plaintext at ~/.gurulu/config.json (keychain unavailable).`);
242
+ }
208
243
  if (approved.secretKey.expiresAt) {
209
244
  (0, ui_1.info)(` Expires: ${approved.secretKey.expiresAt}`);
210
245
  }
@@ -23,6 +23,9 @@ async function doctorCommand(args) {
23
23
  const checks = [];
24
24
  // 1. Framework detection
25
25
  const framework = (0, detect_1.detectFramework)(projectDir);
26
+ // If the user explicitly passed --site, the cwd-derived checks should not
27
+ // imply that the *production site* is broken — they're informational only.
28
+ const isLocalProjectDetected = framework !== 'unknown';
26
29
  checks.push({
27
30
  name: 'Framework Detection',
28
31
  status: framework !== 'unknown' ? 'pass' : 'warn',
@@ -30,6 +33,7 @@ async function doctorCommand(args) {
30
33
  ? `Detected ${(0, detect_1.getFrameworkDisplayName)(framework)}`
31
34
  : 'Could not detect framework',
32
35
  fix: framework === 'unknown' ? 'Run "gurulu init --framework <name>" to specify manually' : undefined,
36
+ section: 'local',
33
37
  });
34
38
  // 2. SDK installed
35
39
  const pkgPath = path_1.default.join(projectDir, 'package.json');
@@ -78,18 +82,35 @@ async function doctorCommand(args) {
78
82
  : hasAndroidSDK ? 'Android SDK found in build.gradle'
79
83
  : setupFiles.length > 0 ? `Setup file found: ${setupFiles[0]}`
80
84
  : 'No client SDK detected';
85
+ // When --site was passed but cwd is not a Gurulu project, downgrade local
86
+ // SDK failures to "skip" so they don't masquerade as production-site issues.
87
+ const localChecksAreInformational = !!siteId && !isLocalProjectDetected;
81
88
  checks.push({
82
89
  name: 'Client SDK',
83
- status: hasSetup ? 'pass' : 'fail',
84
- message: sdkLabel,
85
- fix: !hasSetup ? 'Run "gurulu init" to set up analytics' : undefined,
90
+ status: hasSetup ? 'pass' : localChecksAreInformational ? 'skip' : 'fail',
91
+ message: hasSetup
92
+ ? sdkLabel
93
+ : localChecksAreInformational
94
+ ? 'No client SDK detected in this directory (informational — site checks below)'
95
+ : sdkLabel,
96
+ fix: !hasSetup && !localChecksAreInformational
97
+ ? 'Run "gurulu init" to set up analytics'
98
+ : undefined,
99
+ section: 'local',
86
100
  });
87
101
  // 3. Server SDK
88
102
  checks.push({
89
103
  name: 'Server SDK',
90
- status: hasNodeSDK ? 'pass' : 'warn',
91
- message: hasNodeSDK ? '@gurulu/node installed' : 'Server SDK not installed (optional)',
92
- fix: !hasNodeSDK ? 'Run "gurulu add-server" for server-side tracking' : undefined,
104
+ status: hasNodeSDK ? 'pass' : localChecksAreInformational ? 'skip' : 'warn',
105
+ message: hasNodeSDK
106
+ ? '@gurulu/node installed'
107
+ : localChecksAreInformational
108
+ ? 'Server SDK check skipped (no local project detected)'
109
+ : 'Server SDK not installed (optional)',
110
+ fix: !hasNodeSDK && !localChecksAreInformational
111
+ ? 'Run "gurulu add-server" for server-side tracking'
112
+ : undefined,
113
+ section: 'local',
93
114
  });
94
115
  // 4. Site ID configured
95
116
  checks.push({
@@ -263,6 +284,7 @@ async function doctorCommand(args) {
263
284
  status: envHasSiteId ? 'pass' : 'warn',
264
285
  message: envHasSiteId ? 'Site ID found in env file' : 'No GURULU_SITE_ID in env files',
265
286
  fix: !envHasSiteId ? 'Run "gurulu init" to auto-configure .env.local' : undefined,
287
+ section: 'local',
266
288
  });
267
289
  }
268
290
  // Output
@@ -281,16 +303,36 @@ async function doctorCommand(args) {
281
303
  };
282
304
  let failCount = 0;
283
305
  let warnCount = 0;
284
- for (const check of checks) {
285
- const icon = icons[check.status];
286
- console.log(` ${icon} ${(0, ui_1.bold)(check.name)}: ${check.message}`);
287
- if (check.fix) {
288
- console.log(` ${(0, ui_1.dim)('\u2192')} ${(0, ui_1.dim)(check.fix)}`);
306
+ const localChecks = checks.filter((c) => c.section === 'local');
307
+ const siteChecks = checks.filter((c) => c.section !== 'local');
308
+ const printGroup = (title, items, note) => {
309
+ if (items.length === 0)
310
+ return;
311
+ console.log(` ${(0, ui_1.bold)(title)}`);
312
+ if (note)
313
+ console.log(` ${(0, ui_1.dim)(note)}`);
314
+ for (const check of items) {
315
+ const icon = icons[check.status];
316
+ console.log(` ${icon} ${(0, ui_1.bold)(check.name)}: ${check.message}`);
317
+ if (check.fix) {
318
+ console.log(` ${(0, ui_1.dim)('\u2192')} ${(0, ui_1.dim)(check.fix)}`);
319
+ }
320
+ if (check.status === 'fail')
321
+ failCount++;
322
+ if (check.status === 'warn')
323
+ warnCount++;
289
324
  }
290
- if (check.status === 'fail')
291
- failCount++;
292
- if (check.status === 'warn')
293
- warnCount++;
325
+ console.log('');
326
+ };
327
+ if (localChecks.length > 0) {
328
+ const localNote = siteId && !isLocalProjectDetected
329
+ ? `(Local project not detected \u2014 running site-only checks for ${siteId}.)`
330
+ : undefined;
331
+ printGroup('Local Project', localChecks, localNote);
332
+ }
333
+ if (siteChecks.length > 0) {
334
+ const siteTitle = siteId ? `Site (${siteId})` : 'Site';
335
+ printGroup(siteTitle, siteChecks);
294
336
  }
295
337
  console.log('');
296
338
  if (failCount === 0 && warnCount === 0) {
@@ -76,10 +76,10 @@ async function listCmd(args) {
76
76
  process.stdout.write(['TS', 'EVENT', 'SITE', 'URL'].join('\t') + '\n');
77
77
  for (const e of events) {
78
78
  process.stdout.write([
79
- String(e.event_ts || '-'),
79
+ String(e.timestamp || e.event_ts || '-'),
80
80
  String(e.event_name || '-'),
81
81
  String(e.site_id || '-'),
82
- String(e.url || '-').slice(0, 60),
82
+ String(e.page_url || e.url || '-').slice(0, 60),
83
83
  ].join('\t') + '\n');
84
84
  }
85
85
  }
@@ -184,7 +184,13 @@ async function defineCmd(args) {
184
184
  process.exit(1);
185
185
  }
186
186
  }
187
- const eventName = args.eventName.startsWith('$') ? args.eventName : `$${args.eventName}`;
187
+ // Use the user-provided name verbatim. The CLI used to force a `$` prefix
188
+ // because Gurulu's built-ins use one (`$page_view`, `$session_start`), but
189
+ // built-ins are inconsistent (`click`, `engaged_session` have none) and
190
+ // mutating the customer's chosen name silently broke schema lookups + made
191
+ // the generated SDK snippets reference a name that no longer matched the
192
+ // ingest payload.
193
+ const eventName = args.eventName;
188
194
  const body = {
189
195
  siteId: args.site,
190
196
  eventName,
@@ -207,10 +213,14 @@ async function verifyCmd(args) {
207
213
  (0, ui_1.error)('--site is required.');
208
214
  process.exit(1);
209
215
  }
216
+ // Accept both `--event` (verify-original) and `--event-name` (used by
217
+ // every other events subcommand). Removes the surprising flag-name
218
+ // inconsistency without breaking existing scripts.
219
+ const filterEvent = args.event || args.eventName;
210
220
  const qs = new URLSearchParams();
211
221
  qs.set('siteId', args.site);
212
- if (args.event)
213
- qs.set('eventName', args.event);
222
+ if (filterEvent)
223
+ qs.set('eventName', filterEvent);
214
224
  const path = `/api/cli/events/health?${qs.toString()}`;
215
225
  const data = await (0, api_client_1.cliApiJson)(path, { profile: args.profile });
216
226
  if (args.json) {
@@ -220,7 +230,7 @@ async function verifyCmd(args) {
220
230
  console.log((0, ui_1.bold)('\nEvent Health Report'));
221
231
  console.log(`Site: ${args.site}`);
222
232
  console.log('');
223
- if (Array.isArray(data.events)) {
233
+ if (Array.isArray(data.events) && data.events.length > 0) {
224
234
  for (const ev of data.events) {
225
235
  const statusIcon = ev.status === 'active'
226
236
  ? (0, ui_1.green)('●')
@@ -237,6 +247,17 @@ async function verifyCmd(args) {
237
247
  console.log(`Total events (24h): ${data.total_events}`);
238
248
  console.log(`Unique event types: ${data.unique_types ?? 'N/A'}`);
239
249
  }
250
+ else {
251
+ // Empty: no telemetry yet for the requested filter / definition. Without
252
+ // this branch the report printed only its header — users couldn't tell
253
+ // success from "no data found".
254
+ if (filterEvent) {
255
+ (0, ui_1.info)(`No telemetry yet for "${filterEvent}". Track it from your app and run verify again.`);
256
+ }
257
+ else {
258
+ (0, ui_1.info)('No telemetry data found for this site in the last 24h.');
259
+ }
260
+ }
240
261
  console.log('');
241
262
  }
242
263
  /* ── templates: list vertical event template catalogs ───────────── */
@@ -0,0 +1,27 @@
1
+ /**
2
+ * Sprint J-Heat HM10 — `gurulu heatmap ...` subcommands.
3
+ *
4
+ * Read-only surface backed by `/api/cli/heatmap/list` and
5
+ * `/api/cli/heatmap/get`. Lets agents and operators inspect heatmap
6
+ * snapshots without opening the dashboard.
7
+ *
8
+ * gurulu heatmap list --site <id|name> [--range 7d|30d] [--json]
9
+ * gurulu heatmap export --site <id|name> --page <pageUrl>
10
+ * [--type click|scroll]
11
+ * [--range 7d|30d]
12
+ * [--viewport mobile|tablet|desktop]
13
+ * [--page-id <hash>]
14
+ * [--json]
15
+ */
16
+ export interface HeatmapArgs {
17
+ action?: string;
18
+ site?: string;
19
+ page?: string;
20
+ pageId?: string;
21
+ type?: string;
22
+ range?: string;
23
+ viewport?: string;
24
+ json?: boolean;
25
+ profile?: string;
26
+ }
27
+ export declare function heatmapCommand(args: HeatmapArgs): Promise<void>;
@@ -0,0 +1,112 @@
1
+ "use strict";
2
+ /**
3
+ * Sprint J-Heat HM10 — `gurulu heatmap ...` subcommands.
4
+ *
5
+ * Read-only surface backed by `/api/cli/heatmap/list` and
6
+ * `/api/cli/heatmap/get`. Lets agents and operators inspect heatmap
7
+ * snapshots without opening the dashboard.
8
+ *
9
+ * gurulu heatmap list --site <id|name> [--range 7d|30d] [--json]
10
+ * gurulu heatmap export --site <id|name> --page <pageUrl>
11
+ * [--type click|scroll]
12
+ * [--range 7d|30d]
13
+ * [--viewport mobile|tablet|desktop]
14
+ * [--page-id <hash>]
15
+ * [--json]
16
+ */
17
+ Object.defineProperty(exports, "__esModule", { value: true });
18
+ exports.heatmapCommand = heatmapCommand;
19
+ const api_client_1 = require("../api-client");
20
+ const ui_1 = require("../utils/ui");
21
+ async function resolveSiteId(target, profile) {
22
+ if (!target)
23
+ throw new Error('--site is required');
24
+ const body = await (0, api_client_1.cliApiJson)('/api/cli/sites', { profile });
25
+ const sites = body.sites || [];
26
+ const byId = sites.find((s) => s.id === target);
27
+ if (byId)
28
+ return byId.id;
29
+ const byName = sites.find((s) => s.name === target);
30
+ if (byName)
31
+ return byName.id;
32
+ const byDomain = sites.find((s) => s.domain === target);
33
+ if (byDomain)
34
+ return byDomain.id;
35
+ const prefix = sites.find((s) => s.id.startsWith(target));
36
+ if (prefix)
37
+ return prefix.id;
38
+ throw new Error(`Site '${target}' not found.`);
39
+ }
40
+ async function heatmapCommand(args) {
41
+ const action = args.action || 'list';
42
+ switch (action) {
43
+ case 'list':
44
+ return listCmd(args);
45
+ case 'export':
46
+ return exportCmd(args);
47
+ default:
48
+ (0, ui_1.error)(`Unknown heatmap action: ${action}`);
49
+ (0, ui_1.info)('Usage: gurulu heatmap [list|export]');
50
+ process.exit(1);
51
+ }
52
+ }
53
+ async function listCmd(args) {
54
+ if (!args.site) {
55
+ (0, ui_1.error)('--site is required.');
56
+ process.exit(1);
57
+ }
58
+ const siteId = await resolveSiteId(args.site, args.profile);
59
+ const range = args.range === '30d' ? '30d' : '7d';
60
+ const body = await (0, api_client_1.cliApiJson)(`/api/cli/heatmap/list?siteId=${encodeURIComponent(siteId)}&range=${range}`, {
61
+ profile: args.profile,
62
+ });
63
+ if (args.json) {
64
+ process.stdout.write(JSON.stringify(body, null, 2) + '\n');
65
+ return;
66
+ }
67
+ const pages = body.pages || [];
68
+ if (pages.length === 0) {
69
+ (0, ui_1.info)(`No heatmap data for site '${body.siteName}' (range=${range}).`);
70
+ return;
71
+ }
72
+ process.stdout.write(['CLICKS', 'VISITORS', 'M/T/D', 'LAST SEEN', 'PAGE URL'].join('\t') + '\n');
73
+ for (const p of pages) {
74
+ const mtd = `${p.viewportBuckets.mobile}/${p.viewportBuckets.tablet}/${p.viewportBuckets.desktop}`;
75
+ process.stdout.write([
76
+ String(p.clickCount),
77
+ String(p.visitors),
78
+ mtd,
79
+ String(p.lastSeen).slice(0, 19),
80
+ p.pageUrl,
81
+ ].join('\t') + '\n');
82
+ }
83
+ }
84
+ async function exportCmd(args) {
85
+ if (!args.site) {
86
+ (0, ui_1.error)('--site is required.');
87
+ process.exit(1);
88
+ }
89
+ if (!args.page) {
90
+ (0, ui_1.error)('--page <pageUrl> is required.');
91
+ process.exit(1);
92
+ }
93
+ const siteId = await resolveSiteId(args.site, args.profile);
94
+ const range = args.range === '30d' ? '30d' : '7d';
95
+ const type = args.type === 'scroll' ? 'scroll' : 'click';
96
+ const qp = new URLSearchParams({
97
+ siteId,
98
+ pageUrl: args.page,
99
+ range,
100
+ type,
101
+ });
102
+ if (args.pageId)
103
+ qp.set('pageId', args.pageId);
104
+ if (args.viewport)
105
+ qp.set('viewportBucket', args.viewport);
106
+ const body = await (0, api_client_1.cliApiJson)(`/api/cli/heatmap/get?${qp.toString()}`, {
107
+ profile: args.profile,
108
+ });
109
+ // Export commands always emit machine-readable output by default; the
110
+ // `--json` flag is accepted for symmetry with the rest of the CLI.
111
+ process.stdout.write(JSON.stringify(body, null, args.json ? 2 : 0) + '\n');
112
+ }
@@ -31,7 +31,10 @@ async function whoamiCommand(args) {
31
31
  const sites = (me.sites || []).length;
32
32
  const keys = (me.apiKeys || []).length;
33
33
  const installs = me.quota?.installsThisMonth ?? 0;
34
- const limit = me.quota?.installsLimit ?? '∞';
34
+ const rawLimit = me.quota?.installsLimit;
35
+ const limit = rawLimit === -1 || rawLimit === null || rawLimit === undefined
36
+ ? 'unlimited'
37
+ : rawLimit;
35
38
  process.stdout.write(`${me.user?.email} · ${me.tenant?.name} · ${me.tenant?.plan} plan · ${me.tenant?.id}\n`);
36
39
  process.stdout.write(`Sites: ${sites} | API keys: ${keys} | Installs this month: ${installs}/${limit}\n`);
37
40
  }
package/dist/index.js CHANGED
@@ -34,6 +34,8 @@ const audit_1 = require("./commands/audit");
34
34
  // Goals & Funnels CRUD
35
35
  const goals_1 = require("./commands/goals");
36
36
  const funnels_1 = require("./commands/funnels");
37
+ // Sprint J-Heat HM10 — heatmap read surface
38
+ const heatmap_1 = require("./commands/heatmap");
37
39
  // Gurulu Chat — NL → SQL analytics
38
40
  const chat_1 = require("./commands/chat");
39
41
  // Error tracking — source map upload
@@ -97,7 +99,7 @@ const secrets_1 = require("./commands/secrets");
97
99
  .option('key', { type: 'string', describe: 'Secret key (gsk_live_... or gsk_test_...) — legacy manual flow' })
98
100
  .option('email', { type: 'string', describe: 'Email address (legacy flow)' })
99
101
  .option('secret-key', { type: 'string', describe: 'Secret key (legacy flow alias for --key)' })
100
- .option('no-browser', { type: 'boolean', describe: 'Do not auto-open the browser' })
102
+ .option('browser', { type: 'boolean', default: true, describe: 'Auto-open the browser (use --no-browser to disable)' })
101
103
  .option('no-interactive', { type: 'boolean', describe: 'Non-interactive mode (legacy flow)' })
102
104
  .option('keychain', { type: 'boolean', describe: 'Store secret in macOS Keychain if available' })
103
105
  .option('api-base', { type: 'string', describe: 'Override API base URL' }), (args) => (0, auth_1.authCommand)({
@@ -108,7 +110,7 @@ const secrets_1 = require("./commands/secrets");
108
110
  noInteractive: args['no-interactive'],
109
111
  useKeychain: args.keychain,
110
112
  apiBase: args['api-base'],
111
- noBrowser: args['no-browser'],
113
+ noBrowser: args.browser === false ? true : undefined,
112
114
  }))
113
115
  .command('logout', 'Remove a stored profile', (y) => y
114
116
  .option('all', { type: 'boolean', describe: 'Remove all profiles' })
@@ -323,8 +325,11 @@ const secrets_1 = require("./commands/secrets");
323
325
  });
324
326
  })
325
327
  // ── Phase 19.5 W2 — read-surface subcommands ─────────────────────────
326
- .command('audiences <action> [target]', 'Manage audiences (list, show, create, update, delete)', (y) => y
327
- .positional('action', { type: 'string', describe: 'list | show | create | update | delete' })
328
+ .command('audiences <action> [target]', 'Manage audiences (list, show, create, update, delete, export)', (y) => y
329
+ .positional('action', {
330
+ type: 'string',
331
+ describe: 'list | show | create | update | delete | export',
332
+ })
328
333
  .positional('target', { type: 'string', describe: 'Audience name or id' })
329
334
  .option('site', { type: 'string', describe: 'Site ID' })
330
335
  .option('id', { type: 'string', describe: 'Audience ID (for update/delete)' })
@@ -334,6 +339,15 @@ const secrets_1 = require("./commands/secrets");
334
339
  .option('from-file', { type: 'string', describe: 'Load payload from JSON file' })
335
340
  .option('dry-run', { type: 'boolean', describe: 'Show what would be done' })
336
341
  .option('yes', { type: 'boolean', alias: 'y', describe: 'Skip confirmation' })
342
+ // AU5 — export options
343
+ .option('format', {
344
+ type: 'string',
345
+ describe: 'Export format: csv | json (default csv)',
346
+ })
347
+ .option('output', {
348
+ type: 'string',
349
+ describe: 'Write export body to this file (default stdout)',
350
+ })
337
351
  .option('json', { type: 'boolean', describe: 'JSON output' }), (args) => (0, audiences_1.audiencesCommand)({
338
352
  action: args.action,
339
353
  target: args.target,
@@ -345,6 +359,8 @@ const secrets_1 = require("./commands/secrets");
345
359
  fromFile: args['from-file'],
346
360
  dryRun: args['dry-run'],
347
361
  yes: args.yes,
362
+ format: args.format,
363
+ output: args.output,
348
364
  json: args.json,
349
365
  profile: args.profile,
350
366
  }))
@@ -400,6 +416,10 @@ const secrets_1 = require("./commands/secrets");
400
416
  }))
401
417
  .command('insights <action>', 'View daily insights (today, history, weekly)', (y) => y
402
418
  .positional('action', { type: 'string', describe: 'today | history | weekly' })
419
+ // `--site` is accepted but ignored: insights are computed at tenant
420
+ // scope (across all sites). Accept it so the flag is consistent with
421
+ // the rest of the CLI and doesn't reject scripts that pass it.
422
+ .option('site', { type: 'string', describe: 'Site ID (accepted for consistency, currently tenant-scoped)' })
403
423
  .option('days', { type: 'number', describe: 'History window in days (1..30)' })
404
424
  .option('json', { type: 'boolean', describe: 'JSON output' }), (args) => (0, insights_1.insightsCommand)({
405
425
  action: args.action,
@@ -494,6 +514,40 @@ const secrets_1 = require("./commands/secrets");
494
514
  yes: args.yes,
495
515
  json: args.json,
496
516
  profile: args.profile,
517
+ }))
518
+ .command('heatmap <action>', 'Inspect click + scroll heatmaps (list, export)', (y) => y
519
+ .positional('action', { type: 'string', describe: 'list | export' })
520
+ .option('site', { type: 'string', describe: 'Site name or id' })
521
+ .option('page', { type: 'string', describe: 'Page URL (for export)' })
522
+ .option('page-id', {
523
+ type: 'string',
524
+ describe: 'Virtual-page id (HM6, optional)',
525
+ })
526
+ .option('type', {
527
+ type: 'string',
528
+ choices: ['click', 'scroll'],
529
+ describe: 'Heatmap type for export (default click)',
530
+ })
531
+ .option('range', {
532
+ type: 'string',
533
+ choices: ['7d', '30d'],
534
+ describe: 'Lookback window (default 7d)',
535
+ })
536
+ .option('viewport', {
537
+ type: 'string',
538
+ choices: ['mobile', 'tablet', 'desktop'],
539
+ describe: 'Filter to a viewport bucket (HM9)',
540
+ })
541
+ .option('json', { type: 'boolean', describe: 'JSON output' }), (args) => (0, heatmap_1.heatmapCommand)({
542
+ action: args.action,
543
+ site: args.site,
544
+ page: args.page,
545
+ pageId: args['page-id'],
546
+ type: args.type,
547
+ range: args.range,
548
+ viewport: args.viewport,
549
+ json: args.json,
550
+ profile: args.profile,
497
551
  }))
498
552
  .command('identity <action> [sub]', 'Identity state + writes (decay stats | transfers list | cdc-sources list | identify | alias | merge | bulk)', (y) => y
499
553
  .positional('action', {
@@ -581,8 +635,8 @@ const secrets_1 = require("./commands/secrets");
581
635
  // ── Error tracking — source map upload ────────────────────────────────
582
636
  .command('sourcemap <action>', 'Upload source maps for error deobfuscation (upload). Supports web/server JS .map and native dSYM/ProGuard.', (y) => y
583
637
  .positional('action', { type: 'string', describe: 'upload' })
584
- .option('release', { type: 'string', describe: 'Release version (e.g. v1.0.0). Web/server only — alias of --version.' })
585
- .option('version', { type: 'string', describe: 'App version (e.g. 1.4.2). Required for native uploads.' })
638
+ .option('release', { type: 'string', describe: 'Release version (e.g. v1.0.0). Web/server only — alias of --app-version.' })
639
+ .option('app-version', { type: 'string', describe: 'App version (e.g. 1.4.2). Required for native uploads.' })
586
640
  .option('dir', { type: 'string', describe: 'Directory containing .map files (web/server)' })
587
641
  .option('file', { type: 'string', describe: 'Path to dSYM zip (iOS) or mapping.txt (Android)' })
588
642
  .option('bundle-id', { type: 'string', describe: 'iOS bundleId or Android applicationId (native only)' })
@@ -591,7 +645,7 @@ const secrets_1 = require("./commands/secrets");
591
645
  .option('json', { type: 'boolean', describe: 'JSON output' }), (args) => (0, sourcemap_1.sourcemapCommand)({
592
646
  action: args.action,
593
647
  release: args.release,
594
- version: args.version,
648
+ version: args['app-version'],
595
649
  dir: args.dir,
596
650
  file: args.file,
597
651
  bundleId: args['bundle-id'],
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@gurulu/cli",
3
- "version": "0.4.4",
3
+ "version": "0.4.6",
4
4
  "description": "Gurulu.io CLI — setup analytics in seconds",
5
5
  "bin": {
6
6
  "gurulu": "bin/gurulu.js"