@haystackeditor/cli 0.4.0 → 0.6.0

package/README.md

@@ -9,7 +9,7 @@ npx @haystackeditor/cli init
 ```
 
 This auto-detects your framework, package manager, and ports, then creates:
-- `.haystack.yml` - Configuration for the verification agent
+- `.haystack.json` - Configuration for the verification agent
 - `.agents/skills/haystack.md` - Skill file for AI agent discovery
 
 ## Commands
@@ -75,7 +75,7 @@ npx @haystackeditor/cli secrets set API_KEY xxx --scope repo --scope-id owner/re
 
 ## Configuration
 
-The `init` command creates `.haystack.yml`:
+The `init` command creates `.haystack.json`:
 
 ```yaml
 version: "1"

package/dist/commands/config.d.ts

@@ -0,0 +1,19 @@
+/**
+ * Config commands - manage user preferences stored on Haystack Platform
+ */
+/**
+ * Get current sandbox status
+ */
+export declare function getSandboxStatus(): Promise<void>;
+/**
+ * Enable sandbox mode
+ */
+export declare function enableSandbox(): Promise<void>;
+/**
+ * Disable sandbox mode
+ */
+export declare function disableSandbox(): Promise<void>;
+/**
+ * Handle sandbox subcommand
+ */
+export declare function handleSandbox(action?: string): Promise<void>;

package/dist/commands/config.js

@@ -0,0 +1,133 @@
+/**
+ * Config commands - manage user preferences stored on Haystack Platform
+ */
+import chalk from 'chalk';
+import { loadToken } from './login.js';
+const API_BASE = 'https://haystackeditor.com/api/preferences';
+async function requireAuth() {
+    const token = await loadToken();
+    if (!token) {
+        console.error(chalk.red('\nNot logged in. Run `haystack login` first.\n'));
+        process.exit(1);
+    }
+    return token;
+}
+async function apiRequest(method, token, body) {
+    const response = await fetch(API_BASE, {
+        method,
+        headers: {
+            'Authorization': `Bearer ${token}`,
+            'Content-Type': 'application/json',
+            'User-Agent': 'Haystack-CLI',
+        },
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    return response;
+}
+/**
+ * Get current sandbox status
+ */
+export async function getSandboxStatus() {
+    const token = await requireAuth();
+    console.log(chalk.dim('\nFetching preferences...\n'));
+    try {
+        const response = await apiRequest('GET', token);
+        if (!response.ok) {
+            if (response.status === 401) {
+                console.error(chalk.red('Session expired. Run `haystack login` again.\n'));
+                process.exit(1);
+            }
+            throw new Error(`Failed to get preferences: ${response.status}`);
+        }
+        const data = await response.json();
+        console.log(chalk.bold('Sandbox mode:'), data.sandbox_enabled
+            ? chalk.green('enabled')
+            : chalk.yellow('disabled'));
+        console.log();
+        if (data.sandbox_enabled) {
+            console.log(chalk.dim('Haystack can clone and store your repos for verification.'));
+            console.log(chalk.dim('All data is deleted after 24 hours.'));
+        }
+        else {
+            console.log(chalk.dim('Sandbox mode is disabled. Automated verification will not work.'));
+            console.log(chalk.dim('Enable with: haystack config sandbox on'));
+        }
+        console.log();
+    }
+    catch (error) {
+        console.error(chalk.red(`\nError: ${error.message}\n`));
+        process.exit(1);
+    }
+}
+/**
+ * Enable sandbox mode
+ */
+export async function enableSandbox() {
+    const token = await requireAuth();
+    console.log(chalk.dim('\nEnabling sandbox mode...'));
+    try {
+        const response = await apiRequest('PUT', token, { sandbox_enabled: true });
+        if (!response.ok) {
+            if (response.status === 401) {
+                console.error(chalk.red('Session expired. Run `haystack login` again.\n'));
+                process.exit(1);
+            }
+            const error = await response.json().catch(() => ({}));
+            throw new Error(error.error || `Failed to update preferences: ${response.status}`);
+        }
+        console.log(chalk.green('\nSandbox mode enabled.\n'));
+        console.log(chalk.dim('Haystack can now clone and store your repos for verification.'));
+        console.log(chalk.dim('All data is deleted after 24 hours.\n'));
+    }
+    catch (error) {
+        console.error(chalk.red(`\nError: ${error.message}\n`));
+        process.exit(1);
+    }
+}
+/**
+ * Disable sandbox mode
+ */
+export async function disableSandbox() {
+    const token = await requireAuth();
+    console.log(chalk.dim('\nDisabling sandbox mode...'));
+    try {
+        const response = await apiRequest('PUT', token, { sandbox_enabled: false });
+        if (!response.ok) {
+            if (response.status === 401) {
+                console.error(chalk.red('Session expired. Run `haystack login` again.\n'));
+                process.exit(1);
+            }
+            const error = await response.json().catch(() => ({}));
+            throw new Error(error.error || `Failed to update preferences: ${response.status}`);
+        }
+        console.log(chalk.yellow('\nSandbox mode disabled.\n'));
+        console.log(chalk.dim('Automated verification will not work until you re-enable sandbox mode.'));
+        console.log(chalk.dim('Re-enable with: haystack config sandbox on\n'));
+    }
+    catch (error) {
+        console.error(chalk.red(`\nError: ${error.message}\n`));
+        process.exit(1);
+    }
+}
+/**
+ * Handle sandbox subcommand
+ */
+export async function handleSandbox(action) {
+    switch (action?.toLowerCase()) {
+        case 'on':
+        case 'enable':
+        case 'true':
+            return enableSandbox();
+        case 'off':
+        case 'disable':
+        case 'false':
+            return disableSandbox();
+        case 'status':
+        case undefined:
+            return getSandboxStatus();
+        default:
+            console.error(chalk.red(`\nUnknown action: ${action}`));
+            console.log('\nUsage: haystack config sandbox [on|off|status]\n');
+            process.exit(1);
+    }
+}

package/dist/commands/init.d.ts

@@ -1,7 +1,7 @@
 /**
  * haystack init - Interactive setup wizard
  *
- * Creates .haystack.yml with auto-detected settings.
+ * Creates .haystack.json with auto-detected settings.
  */
 interface InitOptions {
     yes?: boolean;

package/dist/commands/init.js

@@ -1,7 +1,7 @@
 /**
  * haystack init - Interactive setup wizard
  *
- * Creates .haystack.yml with auto-detected settings.
+ * Creates .haystack.json with auto-detected settings.
  */
 import inquirer from 'inquirer';
 import chalk from 'chalk';
@@ -24,7 +24,7 @@ export async function initCommand(options) {
             {
                 type: 'confirm',
                 name: 'overwrite',
-                message: '.haystack.yml already exists. Overwrite?',
+                message: '.haystack.json already exists. Overwrite?',
                 default: false,
             },
         ]);
@@ -62,20 +62,32 @@ export async function initCommand(options) {
         console.log(chalk.green(`✓ Created ${commandPath} (use /haystack in Claude Code)\n`));
         // Security validation
         await runSecurityCheck(configPath);
-        // Explain purpose and next steps
+        // Print the prompt for the AI agent to follow
         console.log(chalk.cyan('━'.repeat(70)));
-        console.log(chalk.cyan.bold('\n📋 WHAT IS HAYSTACK?\n'));
-        console.log(chalk.white('When a PR is opened, Haystack spins up your app in a sandbox and'));
-        console.log(chalk.white('an AI agent verifies the changes work correctly by:\n'));
-        console.log(chalk.white('  • Frontend: Navigating pages, clicking buttons, taking screenshots'));
-        console.log(chalk.white('  • Backend: Calling API endpoints, checking responses\n'));
-        console.log(chalk.white('The "flows" in .haystack.yml tell the agent WHAT to verify.\n'));
-        console.log(chalk.cyan.bold('⚠️  ACTION REQUIRED:\n'));
-        console.log(chalk.white('The config above only has dev server settings. You MUST add flows.\n'));
-        console.log(chalk.white.bold('1. Run: cat .agents/skills/haystack.md'));
-        console.log(chalk.white.bold('2. Read the "Codebase Discovery Guide" section'));
-        console.log(chalk.white.bold('3. Follow it to discover features and add flows to .haystack.yml\n'));
-        console.log(chalk.dim('Without flows, Haystack has nothing to verify.\n'));
+        console.log(chalk.cyan.bold('\n📋 NEXT STEP: Add verification flows\n'));
+        console.log(chalk.white('The config has dev server settings. Now add flows to tell Haystack'));
+        console.log(chalk.white('what to verify when PRs are opened.\n'));
+        console.log(chalk.yellow.bold('Give this prompt to your AI coding agent:\n'));
+        console.log(chalk.cyan('━'.repeat(70)));
+        console.log(`
+${chalk.white('Add Haystack verification flows to .haystack.json')}
+
+${chalk.bold('STEP 1: Understand the app')}
+- Read src/App.tsx and the main components
+- Write 2 sentences: What does this app do? What's the core feature?
+
+${chalk.bold('STEP 2: Identify what PRs would touch')}
+- List the 5 most important UI areas that PRs change
+- These need the most thorough flows
+
+${chalk.bold('STEP 3: Add flows')}
+- Read .agents/skills/haystack.md for the flow format
+- Add flows for the 5 core areas first, then secondary pages
+
+${chalk.bold('STEP 4: Validate')}
+- Confirm the core feature from Step 1 has flows
+- Verify selectors are specific (not generic like "#root")
+`);
         console.log(chalk.cyan('━'.repeat(70)));
         return;
     }
@@ -129,8 +141,7 @@ export async function initCommand(options) {
     // Show the generated config
     console.log(chalk.dim('Generated configuration:'));
     console.log(chalk.dim('─'.repeat(40)));
-    const yaml = await import('yaml');
-    console.log(yaml.stringify(config));
+    console.log(JSON.stringify(config, null, 2));
     console.log(chalk.dim('─'.repeat(40)));
     // Security validation
     await runSecurityCheck(configPath);
@@ -252,12 +263,15 @@ async function configureMonorepo(detected, name) {
             const [key, value] = authBypass.split('=');
             env[key] = value || 'true';
         }
+        // Check if this service has detected dependencies
+        const dependsOn = detectedService?.suggestedDependsOn?.filter((dep) => selectedServices.includes(dep));
         services[serviceName] = {
             ...(answers.root !== './' ? { root: answers.root } : {}),
             command: answers.command,
             ...(answers.type === 'server' ? { port: answers.port } : { type: 'batch' }),
             ready_pattern: 'ready|started|listening|Local:',
             ...(Object.keys(env).length > 0 ? { env } : {}),
+            ...(dependsOn?.length ? { depends_on: dependsOn } : {}),
         };
     }
     return {
@@ -282,6 +296,7 @@ function buildConfigFromDetection(detected) {
                 ...(s.type === 'batch' ? { type: 'batch' } : {}),
                 ready_pattern: 'ready|started|listening|Local:',
                 ...(Object.keys(env).length > 0 ? { env } : {}),
+                ...(s.suggestedDependsOn?.length ? { depends_on: s.suggestedDependsOn } : {}),
             };
         }
         return {
@@ -315,8 +330,8 @@ function buildConfigFromDetection(detected) {
 }
 function printNextSteps() {
     console.log(chalk.cyan('Next steps:'));
-    console.log(`  1. Review .haystack.yml and adjust as needed`);
+    console.log(`  1. Review .haystack.json and adjust as needed`);
     console.log(`  2. Add auth bypass env var if your app requires login`);
     console.log(`  3. Add flows to describe key user journeys to verify`);
-    console.log(`  4. Commit: ${chalk.green('git add .haystack.yml .agents/ && git commit -m "Add Haystack"')}\n`);
+    console.log(`  4. Commit: ${chalk.green('git add .haystack.json .agents/ && git commit -m "Add Haystack"')}\n`);
 }

package/dist/commands/status.d.ts

@@ -1,4 +1,4 @@
 /**
- * haystack status - Check if .haystack.yml exists and is valid
+ * haystack status - Check if .haystack.json exists and is valid
  */
 export declare function statusCommand(): Promise<void>;

package/dist/commands/status.js

@@ -1,12 +1,12 @@
 /**
- * haystack status - Check if .haystack.yml exists and is valid
+ * haystack status - Check if .haystack.json exists and is valid
  */
 import chalk from 'chalk';
 import { loadConfig, findConfigPath } from '../utils/config.js';
 export async function statusCommand() {
     const configPath = await findConfigPath();
     if (!configPath) {
-        console.log(chalk.yellow('⚠ No .haystack.yml found'));
+        console.log(chalk.yellow('⚠ No .haystack.json found'));
         console.log(chalk.dim('\nRun `haystack init` to create one.\n'));
         process.exit(1);
     }

package/dist/index.d.ts

@@ -6,7 +6,7 @@
  * This enables AI agents to spin up sandboxes of your app for testing.
  *
  * Usage:
- *   npx @haystackeditor/cli init           # Set up .haystack.yml
+ *   npx @haystackeditor/cli init           # Set up .haystack.json
  *   npx @haystackeditor/cli status         # Check configuration
  *   npx @haystackeditor/cli login          # Authenticate with GitHub
  *   npx @haystackeditor/cli secrets list   # List stored secrets

package/dist/index.js

@@ -6,7 +6,7 @@
  * This enables AI agents to spin up sandboxes of your app for testing.
  *
  * Usage:
- *   npx @haystackeditor/cli init           # Set up .haystack.yml
+ *   npx @haystackeditor/cli init           # Set up .haystack.json
  *   npx @haystackeditor/cli status         # Check configuration
  *   npx @haystackeditor/cli login          # Authenticate with GitHub
  *   npx @haystackeditor/cli secrets list   # List stored secrets
@@ -16,6 +16,7 @@ import { statusCommand } from './commands/status.js';
 import { initCommand } from './commands/init.js';
 import { loginCommand, logoutCommand } from './commands/login.js';
 import { listSecrets, setSecret, deleteSecret } from './commands/secrets.js';
+import { handleSandbox } from './commands/config.js';
 const program = new Command();
 program
     .name('haystack')
@@ -23,10 +24,10 @@ program
     .version('0.3.0');
 program
     .command('init')
-    .description('Create .haystack.yml configuration')
+    .description('Create .haystack.json configuration')
     .option('-y, --yes', 'Use auto-detected defaults without prompting')
     .addHelpText('after', `
-This creates a .haystack.yml file that configures:
+This creates a .haystack.json file that configures:
   • How to start your dev server
   • Verification commands (build, lint, typecheck)
   • Auth bypass for sandbox environments
@@ -36,7 +37,7 @@ Once set up, AI agents can automatically spin up and test your app.
     .action(initCommand);
 program
     .command('status')
-    .description('Check if .haystack.yml exists and is valid')
+    .description('Check if .haystack.json exists and is valid')
     .action(statusCommand);
 program
     .command('login')
@@ -66,6 +67,25 @@ secrets
     .command('delete <key>')
     .description('Delete a secret')
     .action(deleteSecret);
+// Config subcommands
+const config = program
+    .command('config')
+    .description('Manage user preferences');
+config
+    .command('sandbox [action]')
+    .description('Manage sandbox mode (on|off|status)')
+    .addHelpText('after', `
+Actions:
+  on, enable    Enable sandbox mode (allow repo cloning)
+  off, disable  Disable sandbox mode
+  status        Show current status (default)
+
+Examples:
+  haystack config sandbox         # Show current status
+  haystack config sandbox on      # Enable sandbox mode
+  haystack config sandbox off     # Disable sandbox mode
+`)
+    .action(handleSandbox);
 // Show help if no command provided
 if (process.argv.length === 2) {
     program.help();

package/dist/types.d.ts

@@ -1,10 +1,10 @@
 /**
  * Haystack CLI Types
  *
- * These types define the .haystack.yml schema that sandbox.py reads.
+ * These types define the .haystack.json schema that sandbox.py reads.
  */
 /**
- * Main configuration file schema (.haystack.yml)
+ * Main configuration file schema (.haystack.json)
  */
 export interface HaystackConfig {
     /** Schema version - must be "1" */
@@ -27,6 +27,26 @@ export interface HaystackConfig {
     services?: Record<string, Service>;
     /** Verification configuration */
     verification?: VerificationConfig;
+    /**
+     * Network egress configuration for the sandbox.
+     * By default, sandbox can only reach Cloudflare + GitHub IPs.
+     * Add your own destinations here (staging servers, S3, etc.).
+     */
+    network?: NetworkConfig;
+    /**
+     * Secrets for fixture fetching and other operations.
+     * These are injected as environment variables in the sandbox.
+     * Supports tokens for staging APIs, S3 credentials, etc.
+     *
+     * ⚠️ SECURITY: Never commit real secrets to git!
+     * Use environment variable references: $ENV_VAR or ${ENV_VAR}
+     *
+     * @example
+     * secrets:
+     *   STAGING_TOKEN: "$STAGING_API_TOKEN"    # Read from local env
+     *   AWS_ACCESS_KEY_ID: "${AWS_ACCESS_KEY_ID}"
+     */
+    secrets?: Record<string, string>;
 }
 /**
  * Dev server configuration (simple mode)
@@ -57,6 +77,16 @@ export interface Service {
     type?: 'server' | 'batch';
     /** Environment variables to set */
     env?: Record<string, string>;
+    /**
+     * Services that must be started before this service.
+     * Used when a service proxies to another (e.g., frontend → API worker).
+     * Auto-detected from vite.config.ts proxy configuration.
+     *
+     * @example
+     * depends_on:
+     *   - haystack-worker  # Start review-chat worker first
+     */
+    depends_on?: string[];
 }
 /**
  * Verification configuration
@@ -67,6 +97,28 @@ export interface VerificationConfig {
     /** Fixture definitions - array of pattern/source pairs */
     fixtures?: Fixture[];
 }
+/**
+ * Network egress configuration
+ */
+export interface NetworkConfig {
+    /**
+     * Additional hosts/domains to allow egress to.
+     * The sandbox always allows Cloudflare and GitHub IPs.
+     * Add your own destinations here.
+     *
+     * Supports:
+     * - Exact domains: "staging.mycompany.com"
+     * - Wildcards: "*.s3.amazonaws.com"
+     * - CIDR blocks: "10.0.0.0/8"
+     *
+     * @example
+     * allow:
+     *   - "staging.mycompany.com"
+     *   - "*.s3.amazonaws.com"
+     *   - "internal-api.example.com"
+     */
+    allow?: string[];
+}
 /**
  * Fixture definition - pattern to match and source to load from
  */
@@ -155,6 +207,21 @@ export interface DetectedService {
     framework?: string;
     suggestedCommand?: string;
     suggestedPort?: number;
+    /** Auto-detected dependencies from proxy configuration */
+    suggestedDependsOn?: string[];
+}
+/**
+ * Proxy dependency detection result
+ */
+export interface ProxyDependency {
+    /** Proxy path pattern (e.g., "/api/review-chat") */
+    path: string;
+    /** Target port (e.g., 8787) */
+    port: number;
+    /** Target host (usually localhost) */
+    host: string;
+    /** Matched service name if found */
+    matchedService?: string;
 }
 /**
  * Auth credentials stored in Haystack

package/dist/types.js

@@ -1,6 +1,6 @@
 /**
  * Haystack CLI Types
  *
- * These types define the .haystack.yml schema that sandbox.py reads.
+ * These types define the .haystack.json schema that sandbox.py reads.
  */
 export {};

package/dist/utils/config.d.ts

@@ -19,6 +19,6 @@ export declare function saveConfig(config: HaystackConfig, configPath?: string):
  */
 export declare function configExists(startDir?: string): Promise<boolean>;
 /**
- * Get the project root (directory containing .haystack.yml or current dir)
+ * Get the project root (directory containing .haystack.json or current dir)
  */
 export declare function getProjectRoot(): Promise<string>;

package/dist/utils/config.js

@@ -3,8 +3,7 @@
  */
 import * as fs from 'fs/promises';
 import * as path from 'path';
-import * as yaml from 'yaml';
-const CONFIG_FILENAME = '.haystack.yml';
+const CONFIG_FILENAME = '.haystack.json';
 /**
  * Find the config file by walking up the directory tree
  */
@@ -37,7 +36,7 @@ export async function loadConfig(configPath) {
     }
     try {
         const content = await fs.readFile(resolvedPath, 'utf-8');
-        return yaml.parse(content);
+        return JSON.parse(content);
     }
     catch (err) {
         throw new Error(`Failed to parse ${resolvedPath}: ${err.message}`);
@@ -48,10 +47,7 @@ export async function loadConfig(configPath) {
  */
 export async function saveConfig(config, configPath) {
     const resolvedPath = configPath || path.join(process.cwd(), CONFIG_FILENAME);
-    const content = yaml.stringify(config, {
-        indent: 2,
-        lineWidth: 0, // Don't wrap lines
-    });
+    const content = JSON.stringify(config, null, 2);
     await fs.writeFile(resolvedPath, content, 'utf-8');
     return resolvedPath;
 }
@@ -63,7 +59,7 @@ export async function configExists(startDir) {
     return configPath !== null;
 }
 /**
- * Get the project root (directory containing .haystack.yml or current dir)
+ * Get the project root (directory containing .haystack.json or current dir)
  */
 export async function getProjectRoot() {
     const configPath = await findConfigPath();

package/dist/utils/detect.d.ts

@@ -1,10 +1,43 @@
 /**
  * Project detection utilities
  *
- * Auto-detects framework, package manager, monorepo structure, and services.
+ * Auto-detects framework, package manager, monorepo structure, services,
+ * and inter-service dependencies from proxy configurations.
  */
-import type { DetectedProject } from '../types.js';
+import type { DetectedProject, DetectedService, ProxyDependency } from '../types.js';
 /**
  * Detect project configuration
  */
 export declare function detectProject(rootDir?: string): Promise<DetectedProject>;
+/**
+ * Detect proxy dependencies from vite.config.ts/js
+ *
+ * Parses the vite config file to find proxy targets that point to localhost,
+ * which indicate dependencies on other local services.
+ *
+ * @example
+ * // vite.config.ts with proxy
+ * server: {
+ *   proxy: {
+ *     '/api/review-chat': {
+ *       target: 'http://localhost:8787',
+ *     }
+ *   }
+ * }
+ * // Returns: [{ path: '/api/review-chat', port: 8787, host: 'localhost' }]
+ */
+export declare function detectProxyDependencies(rootDir: string): Promise<ProxyDependency[]>;
+/**
+ * Match proxy dependencies to detected services
+ *
+ * Given a list of proxy targets (ports) and detected services,
+ * determines which services are dependencies based on port matching.
+ */
+export declare function matchProxyToServices(proxyDeps: ProxyDependency[], services: DetectedService[]): Map<string, string[]>;
+/**
+ * Suggest depends_on for services based on proxy configuration
+ *
+ * For the main service (usually frontend), detect if it proxies to other local services
+ * and suggest those as dependencies.
+ */
+export declare function suggestServiceDependencies(rootDir: string, services: DetectedService[]): Promise<DetectedService[]>;