@heetmehta18/autodev 0.2.0 → 0.3.1

package/README.md

@@ -1,33 +1,91 @@
-# AutoDev NPM CLI Wrapper
+# AutoDev CLI — The App Store for Developers ⚡
 
-This package provides a lightweight Node.js wrapper around the native Go compiled binaries for AutoDev. It allows developers to run AutoDev seamlessly using standard Node package execution engines like `npx` or `pnpm dlx`, or by installing it globally via npm.
+[![npm version](https://img.shields.io/npm/v/@heetmehta18/autodev.svg)](https://www.npmjs.com/package/@heetmehta18/autodev)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
-## Usage
+**AutoDev** is an open-source, cross-platform developer environment bootstrapper. It acts as an **App Store for Developers**, simplifying complex toolchain setups through intelligent, profile-based automation.
 
-### Run via npx (No Installation Needed)
+---
+
+## 🚀 Key Features
+
+*   🔍 **Polyglot Codebase Scanner**: Detects 30+ languages, frameworks, package managers, and DevOps infrastructure.
+*   🛡️ **Supply-Chain Security Audits**: Queries the OSV (Open Source Vulnerabilities) database to find safety risks in your dependencies.
+*   ⚙️ **Ballast Installer**: Automatically extracts and links compilers/runtimes (like Node.js, Go, Python, Rust) to your path.
+*   📦 **Monorepo / Multi-project Scanner**: Groups and maps nested modules dynamically within a monorepo structure.
+*   🛰️ **Cloud IDE Scaffolding**: Runs `autodev containerize` to generate `.devcontainer.json` environment setups.
+*   🔄 **Config Migrator**: Seamlessly upgrades legacy profile configurations to standard YAML.
+
+---
+
+## 📦 Installation & Quick Start
+
+You can run AutoDev on the fly using Node's package executor, or install it globally.
+
+### 1. Run Instantly (No Installation)
+Scan your workspace and bootstrap dependencies without installing anything permanently:
 ```bash
-npx @heetmehta18/autodev --help
+npx @heetmehta18/autodev setup
 ```
 
-### Install Globally
+### 2. Install Globally
+Install the package globally for instant local terminal access:
 ```bash
 npm install -g @heetmehta18/autodev
+```
+
+### 3. Usage
+Verify that the CLI is installed and ready:
+```bash
 autodev --help
 ```
 
-## How It Works
-1. **Platform Detection:** The JavaScript wrapper reads `process.platform` and `process.arch` to map the user's platform to the target release asset names (e.g. `linux/amd64`, `windows/arm64`, `darwin/arm64`).
-2. **Dynamic Download:** If the native binary is not yet cached locally in this package's `bin/` directory, the wrapper automatically downloads the correct compressed release (`.tar.gz` or `.zip`) directly from the corresponding GitHub Release tag (matching the `package.json` version).
-3. **Execution Delegation:** The wrapper spawns the native binary as a subprocess, forwarding all arguments, stdio streams, and exit codes. Future runs bypass the download step entirely for instant execution.
-4. **Development DX Mode:** During local development, if a compiled binary is found under `packages/cli/bin/autodev`, the wrapper forwards execution directly to the local dev build, bypassing remote GitHub requests.
-
-## Publishing
-To publish updates to the npm registry:
-1. Ensure the package version matches the GitHub release tag:
-   ```bash
-   pnpm --filter=@heetmehta18/autodev version <new-version>
-   ```
-2. Publish to npm:
-   ```bash
-   pnpm --filter=@heetmehta18/autodev publish
-   ```
+---
+
+## 🛠️ Main CLI Commands
+
+### 🔍 scan
+Analyzes your current working directory for configuration markers, lockfiles, and monorepo folders:
+```bash
+autodev scan
+```
+
+### 📦 setup
+Scans the project and aligns your local development environment by downloading missing runtimes:
+```bash
+autodev setup
+autodev setup --yes  # Skip confirmation prompts
+```
+
+### 🩺 doctor
+Inspects your system configuration, checks tool versions against the `.autodev.lock.json` lockfile, and scans for exposed secrets (like AWS keys or GitHub tokens):
+```bash
+autodev doctor
+autodev doctor --fix  # Restore lockfile mismatches automatically
+```
+
+### 🛡️ audit
+Scans lockfiles and dependencies for known supply-chain vulnerabilities using the OSV database:
+```bash
+autodev audit
+```
+
+### 💻 containerize
+Generates dev container setup configurations (`.devcontainer.json`) and VSCode plugin recommendations based on the detected stack:
+```bash
+autodev containerize
+```
+
+### 🔄 migrate
+Upgrades legacy `.json` profile configs to the standard `.autodev.yaml` schema:
+```bash
+autodev migrate
+```
+
+---
+
+## ⚙️ How It Works
+
+1.  **Platform Detection**: The wrapper maps your OS and CPU architecture (e.g. `linux/amd64`, `darwin/arm64`) to the corresponding compiled Go binary.
+2.  **Binary Caching**: Downloads the pre-compiled binary directly from the matching GitHub Release tag. Subsequent executions are run instantly from cache.
+3.  **Process Delegation**: Delegated execution forwards all streams, signals, exit codes, and Model Context Protocol (MCP) servers seamlessly.

package/bin/index.js

@@ -1,66 +1,71 @@
 #!/usr/bin/env node
 
-const { spawnSync, execSync } = require('child_process');
-const path = require('path');
-const fs = require('fs');
-const os = require('os');
-const https = require('https');
-const http = require('http');
+const { spawn, execSync, execFileSync } = require("child_process");
+const path = require("path");
+const fs = require("fs");
+const os = require("os");
+const https = require("https");
+const http = require("http");
 
 // Determine OS & Arch mapping
 const platformMap = {
-  darwin: 'darwin',
-  linux: 'linux',
-  win32: 'windows',
+  darwin: "darwin",
+  linux: "linux",
+  win32: "windows",
 };
 
 const archMap = {
-  x64: 'amd64',
-  arm64: 'arm64',
+  x64: "amd64",
+  arm64: "arm64",
 };
 
 const platform = platformMap[process.platform];
 const arch = archMap[process.arch];
 
 if (!platform || !arch) {
-  console.error(`[autodev] Unsupported platform/architecture: ${process.platform}/${process.arch}`);
+  console.error(
+    `[autodev] Unsupported platform/architecture: ${process.platform}/${process.arch}`,
+  );
   process.exit(1);
 }
 
-const ext = platform === 'windows' ? 'zip' : 'tar.gz';
-const binaryName = platform === 'windows' ? 'autodev.exe' : 'autodev';
+const ext = platform === "windows" ? "zip" : "tar.gz";
+const binaryName = platform === "windows" ? "autodev.exe" : "autodev";
 
 // Version: prefer the latest GitHub release tag; fall back to package.json
-const pkgJson = require('../package.json');
+const pkgJson = require("../package.json");
 const fallbackVersion = `v${pkgJson.version}`;
 
 function getLatestReleaseTag() {
   return new Promise((resolve) => {
     const options = {
-      hostname: 'api.github.com',
-      path: '/repos/HEETMEHTA18/autodev/releases/latest',
+      hostname: "api.github.com",
+      path: "/repos/HEETMEHTA18/autodev/releases/latest",
       headers: {
-        'User-Agent': 'autodev-npm-cli'
+        "User-Agent": "autodev-npm-cli",
       },
-      timeout: 5000
+      timeout: 5000,
     };
 
-    https.get(options, (res) => {
-      let body = '';
-      res.on('data', (chunk) => body += chunk);
-      res.on('end', () => {
-        try {
-          const json = JSON.parse(body);
-          if (json.tag_name) {
-            resolve(json.tag_name);
-            return;
-          }
-        } catch (_) {}
+    https
+      .get(options, (res) => {
+        let body = "";
+        res.on("data", (chunk) => (body += chunk));
+        res.on("end", () => {
+          try {
+            const json = JSON.parse(body);
+            const versionRegex = /^v?\d+\.\d+\.\d+(-[a-zA-Z0-9.]+)?$/;
+            if (json.tag_name && versionRegex.test(json.tag_name)) {
+              resolve(json.tag_name);
+              return;
+            }
+          } catch (_) {}
+          resolve(fallbackVersion);
+        });
+      })
+      .on("error", () => {
         resolve(fallbackVersion);
       });
-    }).on('error', () => {
-      resolve(fallbackVersion);
-    });
   });
 }
 
@@ -70,9 +75,9 @@ const binaryPath = path.join(binDir, binaryName);
 
 // Development fallback paths
 const devPaths = [
-  path.join(__dirname, '..', '..', 'cli', 'bin', binaryName),
-  path.join(__dirname, '..', '..', '..', 'bin', binaryName),
-  path.join(__dirname, '..', '..', '..', 'packages', 'cli', 'bin', binaryName),
+  path.join(__dirname, "..", "..", "cli", "bin", binaryName),
+  path.join(__dirname, "..", "..", "..", "bin", binaryName),
+  path.join(__dirname, "..", "..", "..", "packages", "cli", "bin", binaryName),
 ];
 
 let activeBinaryPath = binaryPath;
@@ -92,35 +97,43 @@ for (const devPath of devPaths) {
  */
 function download(url, destPath, maxRedirects = 5) {
   return new Promise((resolve, reject) => {
-    if (maxRedirects <= 0) return reject(new Error('Too many redirects'));
-
-    const client = url.startsWith('https') ? https : http;
-    client.get(url, (res) => {
-      // Follow redirects (GitHub releases return 302)
-      if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-        return download(res.headers.location, destPath, maxRedirects - 1)
-          .then(resolve)
-          .catch(reject);
-      }
+    if (maxRedirects <= 0) return reject(new Error("Too many redirects"));
 
-      if (res.statusCode !== 200) {
-        return reject(new Error(`HTTP ${res.statusCode} from ${url}`));
-      }
+    const client = url.startsWith("https") ? https : http;
+    client
+      .get(url, (res) => {
+        // Follow redirects (GitHub releases return 302)
+        if (
+          res.statusCode >= 300 &&
+          res.statusCode < 400 &&
+          res.headers.location
+        ) {
+          return download(res.headers.location, destPath, maxRedirects - 1)
+            .then(resolve)
+            .catch(reject);
+        }
 
-      const fileStream = fs.createWriteStream(destPath);
-      res.pipe(fileStream);
-      fileStream.on('finish', () => {
-        fileStream.close();
-        resolve();
-      });
-      fileStream.on('error', reject);
-    }).on('error', reject);
+        if (res.statusCode !== 200) {
+          return reject(new Error(`HTTP ${res.statusCode} from ${url}`));
+        }
+
+        const fileStream = fs.createWriteStream(destPath);
+        res.pipe(fileStream);
+        fileStream.on("finish", () => {
+          fileStream.close();
+          resolve();
+        });
+        fileStream.on("error", reject);
+      })
+      .on("error", reject);
   });
 }
 
 async function downloadBinary() {
   let version = await getLatestReleaseTag();
-  console.log(`\n[autodev] Native binary not found. Downloading AutoDev ${version} for ${platform}/${arch}...`);
+  console.log(
+    `\n[autodev] Native binary not found. Downloading AutoDev ${version} for ${platform}/${arch}...`,
+  );
 
   if (!fs.existsSync(binDir)) {
     fs.mkdirSync(binDir, { recursive: true });
@@ -131,29 +144,40 @@ async function downloadBinary() {
   const archiveFile = `${archiveName}.${ext}`;
   let url = `https://github.com/HEETMEHTA18/autodev/releases/download/${version}/${archiveFile}`;
 
-  const tempFile = path.join(os.tmpdir(), `autodev_download_${Date.now()}.${ext}`);
+  const tempFile = path.join(
+    os.tmpdir(),
+    `autodev_download_${Date.now()}.${ext}`,
+  );
 
   // Download using Node.js built-in HTTPS (handles redirects properly)
   try {
     console.log(`[autodev] Downloading from: ${url}`);
     await download(url, tempFile);
   } catch (err) {
-    const stableFallback = 'v0.2.0';
+    const stableFallback = "v0.3.0";
     if (version !== stableFallback) {
-      console.warn(`\n[autodev] Failed to download version ${version}: ${err.message}`);
-      console.warn(`[autodev] Falling back to last known stable release: ${stableFallback}...`);
+      console.warn(
+        `\n[autodev] Failed to download version ${version}: ${err.message}`,
+      );
+      console.warn(
+        `[autodev] Falling back to last known stable release: ${stableFallback}...`,
+      );
       version = stableFallback;
       url = `https://github.com/HEETMEHTA18/autodev/releases/download/${version}/${archiveFile}`;
       try {
         console.log(`[autodev] Downloading from: ${url}`);
         await download(url, tempFile);
       } catch (retryErr) {
-        console.error(`\n[autodev] Error downloading stable release asset: ${retryErr.message}`);
+        console.error(
+          `\n[autodev] Error downloading stable release asset: ${retryErr.message}`,
+        );
         console.error(`[autodev] Please verify your network connection.`);
         process.exit(1);
       }
     } else {
-      console.error(`\n[autodev] Error downloading release asset: ${err.message}`);
+      console.error(
+        `\n[autodev] Error downloading release asset: ${err.message}`,
+      );
       console.error(`[autodev] URL: ${url}`);
       process.exit(1);
     }
@@ -162,13 +186,17 @@ async function downloadBinary() {
   try {
     // Verify the file was actually downloaded
     if (!fs.existsSync(tempFile)) {
-      throw new Error('Download completed but file not found on disk.');
+      throw new Error("Download completed but file not found on disk.");
     }
     const stat = fs.statSync(tempFile);
     if (stat.size < 1000) {
-      throw new Error(`Downloaded file is too small (${stat.size} bytes), likely an error page.`);
+      throw new Error(
+        `Downloaded file is too small (${stat.size} bytes), likely an error page.`,
+      );
     }
-    console.log(`[autodev] Downloaded ${(stat.size / 1024 / 1024).toFixed(1)} MB`);
+    console.log(
+      `[autodev] Downloaded ${(stat.size / 1024 / 1024).toFixed(1)} MB`,
+    );
   } catch (err) {
     console.error(`\n[autodev] Error verifying download: ${err.message}`);
     process.exit(1);
@@ -177,14 +205,23 @@ async function downloadBinary() {
   // Extract
   console.log(`[autodev] Extracting binary...`);
   try {
-    if (ext === 'zip') {
-      if (process.platform === 'win32') {
-        execSync(`powershell -Command "Expand-Archive -Path '${tempFile}' -DestinationPath '${binDir}' -Force"`, { stdio: 'inherit' });
+    if (ext === "zip") {
+      if (process.platform === "win32") {
+        const escapedTempFile = tempFile.replace(/'/g, "''");
+        const escapedBinDir = binDir.replace(/'/g, "''");
+        execSync(
+          `powershell -Command "Expand-Archive -Path '${escapedTempFile}' -DestinationPath '${escapedBinDir}' -Force"`,
+          { stdio: "inherit" },
+        );
       } else {
-        execSync(`unzip -o "${tempFile}" -d "${binDir}"`, { stdio: 'inherit' });
+        execFileSync("unzip", ["-o", tempFile, "-d", binDir], {
+          stdio: "inherit",
+        });
       }
     } else {
-      execSync(`tar -xzf "${tempFile}" -C "${binDir}"`, { stdio: 'inherit' });
+      execFileSync("tar", ["-xzf", tempFile, "-C", binDir], {
+        stdio: "inherit",
+      });
     }
 
     // Clean up temp archive
@@ -193,7 +230,7 @@ async function downloadBinary() {
     }
 
     // Set execution permissions on Linux/macOS
-    if (process.platform !== 'win32' && fs.existsSync(binaryPath)) {
+    if (process.platform !== "win32" && fs.existsSync(binaryPath)) {
       fs.chmodSync(binaryPath, 0o755);
     }
     console.log(`[autodev] Installation successful.\n`);
@@ -213,11 +250,36 @@ async function main() {
     await downloadBinary();
   }
 
-  // Forward execution
+  // Forward execution asynchronously to handle long-running / interactive processes properly
   const args = process.argv.slice(2);
-  const result = spawnSync(activeBinaryPath, args, { stdio: 'inherit' });
+  const child = spawn(activeBinaryPath, args, { stdio: "inherit" });
+
+  // Forward termination signals to the child process (critical for long-running servers / MCP)
+  const signals = ["SIGINT", "SIGTERM", "SIGHUP", "SIGQUIT"];
+  signals.forEach((signal) => {
+    process.on(signal, () => {
+      if (!child.killed) {
+        child.kill(signal);
+      }
+    });
+  });
+
+  child.on("close", (code, signal) => {
+    if (code !== null) {
+      process.exit(code);
+    } else if (signal) {
+      // Exit with standard 128 + signal number
+      const signalCodes = { SIGINT: 2, SIGTERM: 15, SIGHUP: 1, SIGQUIT: 3 };
+      process.exit(128 + (signalCodes[signal] || 0));
+    } else {
+      process.exit(0);
+    }
+  });
 
-  process.exit(result.status ?? 0);
+  child.on("error", (err) => {
+    console.error(`[autodev] Failed to run binary: ${err.message}`);
+    process.exit(1);
+  });
 }
 
 main().catch((err) => {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heetmehta18/autodev",
-  "version": "0.2.0",
+  "version": "0.3.1",
   "description": "The App Store for Developers. Install languages, frameworks, and databases with a single command.",
   "main": "bin/index.js",
   "bin": {
@@ -9,6 +9,9 @@
   "publishConfig": {
     "access": "public"
   },
+  "scripts": {
+    "test": "node bin/index.js --help"
+  },
   "repository": {
     "type": "git",
     "url": "git+https://github.com/HEETMEHTA18/autodev.git"
@@ -27,8 +30,5 @@
   "bugs": {
     "url": "https://github.com/HEETMEHTA18/autodev/issues"
   },
-  "homepage": "https://github.com/HEETMEHTA18/autodev#readme",
-  "scripts": {
-    "test": "node bin/index.js --help"
-  }
-}
+  "homepage": "https://github.com/HEETMEHTA18/autodev#readme"
+}

package/LICENSE

@@ -1,21 +0,0 @@
-MIT License
-
-Copyright (c) 2026 AutoDev Contributors
-
-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
-
-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.