@insforge/cli 0.1.85 → 0.1.87

package/README.md

@@ -654,6 +654,58 @@ Running `npx @insforge/cli link` creates a `.insforge/` directory in your projec
 
 Add `.insforge/` to your `.gitignore` — it contains your project API key.
 
+### Declarative project config — `insforge.toml`
+
+Use `config export`, `config plan`, and `config apply` to manage project settings through `insforge.toml`:
+
+```bash
+npx @insforge/cli config export --out insforge.toml
+npx @insforge/cli config plan --file insforge.toml
+npx @insforge/cli config apply --file insforge.toml --auto-approve
+```
+
+Supported TOML sections include auth redirects and verification flags, password policy, SMTP, storage upload size, realtime/schedule retention, and cloud deployment subdomain:
+
+```toml
+[auth]
+allowed_redirect_urls = ["https://app.example.com"]
+require_email_verification = true
+verify_email_method = "link"
+reset_password_method = "code"
+disable_signup = false
+
+[auth.password]
+min_length = 12
+require_number = true
+require_lowercase = true
+require_uppercase = false
+require_special_char = true
+
+[auth.smtp]
+enabled = true
+host = "smtp.example.com"
+port = 587
+username = "mailer@example.com"
+password = "env(SMTP_PASSWORD)"
+sender_email = "noreply@example.com"
+sender_name = "Example"
+min_interval_seconds = 60
+
+[storage]
+max_file_size_mb = 100
+
+[realtime]
+retention_days = 7
+
+[schedules]
+retention_days = 0 # 0 disables retention cleanup
+
+[deployments]
+subdomain = "my-app"
+```
+
+`config apply` uses backend admin APIs and skips sections that the connected backend version does not expose. It does not manage external provider resources such as OAuth apps, storage bucket lifecycle, realtime channels, deployment environment variables, functions, or secrets.
+
 Global configuration is stored in `~/.insforge/`:
 
 ```

package/dist/index.js

@@ -263,10 +263,11 @@ import * as clack4 from "@clack/prompts";
 
 // src/lib/errors.ts
 var CLIError = class extends Error {
-  constructor(message, exitCode = 1, code) {
+  constructor(message, exitCode = 1, code, statusCode) {
     super(message);
     this.exitCode = exitCode;
     this.code = code;
+    this.statusCode = statusCode;
     this.name = "CLIError";
   }
 };
@@ -1172,7 +1173,7 @@ import * as clack5 from "@clack/prompts";
 
 // src/lib/analytics.ts
 import { PostHog } from "posthog-node";
-var POSTHOG_API_KEY = "";
+var POSTHOG_API_KEY = "phc_ueV1ii62wdBTkH7E70ugyeqHIHu8dFDdjs0qq3TZhJz";
 var POSTHOG_HOST = process.env.POSTHOG_HOST || "https://us.i.posthog.com";
 var client = null;
 function getClient() {
@@ -2066,7 +2067,7 @@ ${err.nextActions}`;
     if (res.status === 404 && isRouteLevel404 && path6.startsWith("/api/ai")) {
       message = "AI Model Gateway setup is not available on this backend.\nUpgrade your InsForge project to a version with Model Gateway support, or keep using the legacy @insforge/sdk AI modules for projects that still rely on the older AI API surface.";
     }
-    throw new CLIError(message);
+    throw new CLIError(message, 1, err.error, res.status);
   }
   return res;
 }
@@ -3033,6 +3034,9 @@ Browse available templates: https://insforge.dev/templates`
             json
           );
           if (downloaded) {
+            captureEvent(orgId, "marketplace_template_downloaded", {
+              template: opts.marketplace
+            });
             void reportMarketplaceDownload(opts.marketplace);
           }
         } else if (githubTemplates.includes(template)) {
@@ -7185,7 +7189,7 @@ function registerDiagnoseCommands(diagnoseCmd2) {
         const s = !json ? clack16.spinner() : null;
         s?.start("Collecting diagnostic data...");
         const data2 = await collectDiagnosticData(projectId, ossMode, apiUrl);
-        const cliVersion = "0.1.85";
+        const cliVersion = "0.1.87";
         s?.stop("Data collected");
         if (!json) {
           console.log(`
@@ -8947,9 +8951,47 @@ function validateConfig(input) {
     out.project_id = obj.project_id;
   }
   if ("auth" in obj) out.auth = validateAuth(obj.auth);
+  if ("storage" in obj) out.storage = validateStorage(obj.storage);
+  if ("realtime" in obj) out.realtime = validateRetentionSection("realtime", obj.realtime);
+  if ("schedules" in obj) out.schedules = validateRetentionSection("schedules", obj.schedules);
   if ("deployments" in obj) out.deployments = validateDeployments(obj.deployments);
   return out;
 }
+function validateStorage(input) {
+  if (input === null || typeof input !== "object" || Array.isArray(input)) {
+    throw new ConfigValidationError("storage", "must be an object");
+  }
+  const obj = input;
+  const out = {};
+  if ("max_file_size_mb" in obj) {
+    if (typeof obj.max_file_size_mb !== "number" || !Number.isInteger(obj.max_file_size_mb) || obj.max_file_size_mb < 1 || obj.max_file_size_mb > 200) {
+      throw new ConfigValidationError(
+        "storage.max_file_size_mb",
+        "must be an integer between 1 and 200"
+      );
+    }
+    out.max_file_size_mb = obj.max_file_size_mb;
+  }
+  return out;
+}
+function validateRetentionSection(path6, input) {
+  if (input === null || typeof input !== "object" || Array.isArray(input)) {
+    throw new ConfigValidationError(path6, "must be an object");
+  }
+  const obj = input;
+  const out = {};
+  if ("retention_days" in obj) {
+    const v = obj.retention_days;
+    if (v !== null && (typeof v !== "number" || !Number.isInteger(v) || v < 0)) {
+      throw new ConfigValidationError(
+        `${path6}.retention_days`,
+        "must be a non-negative integer or null"
+      );
+    }
+    out.retention_days = v;
+  }
+  return out;
+}
 function validateDeployments(input) {
   if (input === null || typeof input !== "object" || Array.isArray(input)) {
     throw new ConfigValidationError("deployments", "must be an object");
@@ -9005,6 +9047,12 @@ function validateAuth(input) {
       obj.reset_password_method
     );
   }
+  if ("disable_signup" in obj) {
+    if (typeof obj.disable_signup !== "boolean") {
+      throw new ConfigValidationError("auth.disable_signup", "must be a boolean");
+    }
+    out.disable_signup = obj.disable_signup;
+  }
   if ("password" in obj) out.password = validatePassword(obj.password);
   if ("smtp" in obj) out.smtp = validateSmtp(obj.smtp);
   return out;
@@ -9140,6 +9188,21 @@ function stringifyConfigToml(config) {
       lines.push("");
     }
   }
+  if (config.storage) {
+    lines.push("[storage]");
+    renderStorageFields(config.storage, lines);
+    lines.push("");
+  }
+  if (config.realtime) {
+    lines.push("[realtime]");
+    renderRetentionFields(config.realtime, lines);
+    lines.push("");
+  }
+  if (config.schedules) {
+    lines.push("[schedules]");
+    renderRetentionFields(config.schedules, lines);
+    lines.push("");
+  }
   if (config.deployments) {
     if (typeof config.deployments.subdomain === "string" && config.deployments.subdomain !== "") {
       lines.push("[deployments]");
@@ -9163,6 +9226,9 @@ function renderAuthFlatFields(auth, lines) {
   if (auth.reset_password_method !== void 0) {
     lines.push(`reset_password_method = ${JSON.stringify(auth.reset_password_method)}`);
   }
+  if (auth.disable_signup !== void 0) {
+    lines.push(`disable_signup = ${auth.disable_signup}`);
+  }
 }
 function renderPasswordFields(pw, lines) {
   if (pw.min_length !== void 0) lines.push(`min_length = ${pw.min_length}`);
@@ -9199,9 +9265,19 @@ function renderSmtpFields(smtp, lines) {
     lines.push(`min_interval_seconds = ${smtp.min_interval_seconds}`);
   }
 }
+function renderStorageFields(storage, lines) {
+  if (storage.max_file_size_mb !== void 0) {
+    lines.push(`max_file_size_mb = ${storage.max_file_size_mb}`);
+  }
+}
+function renderRetentionFields(config, lines) {
+  if ("retention_days" in config) {
+    lines.push(`retention_days = ${config.retention_days ?? 0}`);
+  }
+}
 
 // src/lib/config-metadata.ts
-function liveFromMetadata(raw) {
+function liveFromMetadata(raw, endpointConfig = {}) {
   const live = { auth: {} };
   const a = isPlainObject(raw.auth) ? raw.auth : void 0;
   if (a && "allowedRedirectUrls" in a) {
@@ -9216,6 +9292,9 @@ function liveFromMetadata(raw) {
   if (a && "resetPasswordMethod" in a && (a.resetPasswordMethod === "code" || a.resetPasswordMethod === "link")) {
     live.auth.reset_password_method = a.resetPasswordMethod;
   }
+  if (a && "disableSignup" in a) {
+    live.auth.disable_signup = a.disableSignup ?? false;
+  }
   if (a && ("passwordMinLength" in a || "requireNumber" in a || "requireLowercase" in a || "requireUppercase" in a || "requireSpecialChar" in a)) {
     live.auth.password = {
       min_length: a.passwordMinLength ?? 8,
@@ -9244,6 +9323,18 @@ function liveFromMetadata(raw) {
       subdomain: typeof d.customSlug === "string" && d.customSlug ? d.customSlug : null
     };
   }
+  const maxFileSizeMb = asNumber(endpointConfig.storageConfig?.maxFileSizeMb);
+  if (maxFileSizeMb !== void 0) {
+    live.storage = { max_file_size_mb: maxFileSizeMb };
+  }
+  const realtimeRetention = asRetentionDays(endpointConfig.realtimeConfig?.retentionDays);
+  if (realtimeRetention !== void 0) {
+    live.realtime = { retention_days: realtimeRetention };
+  }
+  const schedulesRetention = asRetentionDays(endpointConfig.schedulesConfig?.retentionDays);
+  if (schedulesRetention !== void 0) {
+    live.schedules = { retention_days: schedulesRetention };
+  }
   return live;
 }
 function isPlainObject(v) {
@@ -9252,7 +9343,14 @@ function isPlainObject(v) {
 function asStringArray(v) {
   return Array.isArray(v) && v.every((x) => typeof x === "string") ? v : null;
 }
-function configFromMetadata(raw) {
+function asNumber(v) {
+  return typeof v === "number" && Number.isInteger(v) ? v : void 0;
+}
+function asRetentionDays(v) {
+  if (v === null) return null;
+  return asNumber(v);
+}
+function configFromMetadata(raw, endpointConfig = {}) {
   const config = {};
   const skipped = [];
   const a = isPlainObject(raw.auth) ? raw.auth : void 0;
@@ -9280,6 +9378,12 @@ function configFromMetadata(raw) {
   } else {
     skipped.push("auth.reset_password_method");
   }
+  if (a && "disableSignup" in a) {
+    config.auth = config.auth ?? {};
+    config.auth.disable_signup = a.disableSignup ?? false;
+  } else {
+    skipped.push("auth.disable_signup");
+  }
   if (a && ("passwordMinLength" in a || "requireNumber" in a || "requireLowercase" in a || "requireUppercase" in a || "requireSpecialChar" in a)) {
     config.auth = config.auth ?? {};
     config.auth.password = {};
@@ -9323,6 +9427,24 @@ function configFromMetadata(raw) {
   } else {
     skipped.push("deployments.subdomain");
   }
+  const maxFileSizeMb = asNumber(endpointConfig.storageConfig?.maxFileSizeMb);
+  if (maxFileSizeMb !== void 0) {
+    config.storage = { max_file_size_mb: maxFileSizeMb };
+  } else {
+    skipped.push("storage.max_file_size_mb");
+  }
+  const realtimeRetention = asRetentionDays(endpointConfig.realtimeConfig?.retentionDays);
+  if (realtimeRetention !== void 0) {
+    config.realtime = { retention_days: realtimeRetention };
+  } else {
+    skipped.push("realtime.retention_days");
+  }
+  const schedulesRetention = asRetentionDays(endpointConfig.schedulesConfig?.retentionDays);
+  if (schedulesRetention !== void 0) {
+    config.schedules = { retention_days: schedulesRetention };
+  } else {
+    skipped.push("schedules.retention_days");
+  }
   return { config, skipped };
 }
 
@@ -9360,7 +9482,16 @@ function registerConfigExportCommand(cfg) {
       }
       const res = await ossFetch("/api/metadata");
       const raw = await res.json();
-      const { config, skipped } = configFromMetadata(raw);
+      const [storageConfig, realtimeConfig, schedulesConfig] = await Promise.all([
+        fetchOptionalConfig("/api/storage/config"),
+        fetchOptionalConfig("/api/realtime/config"),
+        fetchOptionalConfig("/api/schedules/config")
+      ]);
+      const { config, skipped } = configFromMetadata(raw, {
+        storageConfig,
+        realtimeConfig,
+        schedulesConfig
+      });
       const toml = stringifyConfigToml(config);
       writeFileSync8(target, toml, "utf8");
       if (json) {
@@ -9396,6 +9527,18 @@ function registerConfigExportCommand(cfg) {
     }
   });
 }
+async function fetchOptionalConfig(path6) {
+  try {
+    const res = await ossFetch(path6);
+    return await res.json();
+  } catch (err) {
+    if (isMissingOptionalEndpoint(err)) return void 0;
+    throw err;
+  }
+}
+function isMissingOptionalEndpoint(err) {
+  return err instanceof CLIError && err.statusCode === 404 && (err.code === void 0 || err.code === "NOT_FOUND");
+}
 
 // src/commands/config/plan.ts
 import { readFileSync as readFileSync9 } from "fs";
@@ -9459,6 +9602,19 @@ function diffConfig({ live, file }) {
       });
     }
   }
+  if (fileAuth && "disable_signup" in fileAuth) {
+    const fromV = liveAuth.disable_signup ?? false;
+    const toV = fileAuth.disable_signup ?? false;
+    if (fromV !== toV) {
+      changes.push({
+        section: "auth",
+        op: "modify",
+        key: "disable_signup",
+        from: fromV,
+        to: toV
+      });
+    }
+  }
   if (fileAuth?.password) {
     diffPassword(liveAuth.password, fileAuth.password, changes);
   }
@@ -9466,6 +9622,15 @@ function diffConfig({ live, file }) {
     const smtpChange = diffSmtp(liveAuth.smtp, fileAuth.smtp);
     if (smtpChange) changes.push(smtpChange);
   }
+  if (file.storage !== void 0) {
+    diffStorage(live.storage, file.storage, changes);
+  }
+  if (file.realtime !== void 0) {
+    diffRetention("realtime", live.realtime, file.realtime, changes);
+  }
+  if (file.schedules !== void 0) {
+    diffRetention("schedules", live.schedules, file.schedules, changes);
+  }
   const fileDeployments = file.deployments;
   const liveDeployments = live.deployments ?? {};
   if (fileDeployments && "subdomain" in fileDeployments) {
@@ -9514,6 +9679,36 @@ function diffPassword(live, file, changes) {
     }
   }
 }
+function diffStorage(live, file, changes) {
+  if (file.max_file_size_mb === void 0) return;
+  const fromV = live?.max_file_size_mb ?? EMPTY_STORAGE_CONFIG.max_file_size_mb;
+  if (fromV !== file.max_file_size_mb) {
+    changes.push({
+      section: "storage",
+      op: "modify",
+      key: "max_file_size_mb",
+      from: fromV,
+      to: file.max_file_size_mb
+    });
+  }
+}
+function diffRetention(section, live, file, changes) {
+  if (!("retention_days" in file)) return;
+  const fromV = normalizeRetentionDays(live?.retention_days);
+  const toV = normalizeRetentionDays(file.retention_days);
+  if (fromV !== toV) {
+    changes.push({
+      section,
+      op: "modify",
+      key: "retention_days",
+      from: fromV,
+      to: toV
+    });
+  }
+}
+function normalizeRetentionDays(value) {
+  return value === void 0 || value === null || value === 0 ? null : value;
+}
 function diffSmtp(live, fileSmtp) {
   const livedView = renderLiveSmtp(live);
   const tomlView = renderFileSmtp(fileSmtp);
@@ -9572,6 +9767,9 @@ var EMPTY_SMTP_VIEW = {
   sender_name: "",
   min_interval_seconds: 60
 };
+var EMPTY_STORAGE_CONFIG = {
+  max_file_size_mb: 50
+};
 var EMPTY_PASSWORD_POLICY = {
   min_length: 8,
   require_number: false,
@@ -9652,7 +9850,7 @@ function formatChange(c) {
 }
 
 // src/lib/config-capabilities.ts
-function metadataSupports(raw, change) {
+function metadataSupports(raw, change, endpointConfig = {}) {
   if (change.section === "auth" && change.key === "allowed_redirect_urls") {
     return hasAuthKey(raw, "allowedRedirectUrls");
   }
@@ -9665,12 +9863,24 @@ function metadataSupports(raw, change) {
   if (change.section === "auth" && change.key === "reset_password_method") {
     return hasAuthKey(raw, "resetPasswordMethod");
   }
+  if (change.section === "auth" && change.key === "disable_signup") {
+    return hasAuthKey(raw, "disableSignup");
+  }
   if (change.section === "auth.password") {
     return hasAuthKey(raw, AUTH_PASSWORD_WIRE_KEY[change.key]);
   }
   if (change.section === "auth.smtp") {
     return hasAuthKey(raw, "smtpConfig");
   }
+  if (change.section === "storage" && change.key === "max_file_size_mb") {
+    return hasConfigKey(endpointConfig.storageConfig, "maxFileSizeMb");
+  }
+  if (change.section === "realtime" && change.key === "retention_days") {
+    return hasConfigKey(endpointConfig.realtimeConfig, "retentionDays");
+  }
+  if (change.section === "schedules" && change.key === "retention_days") {
+    return hasConfigKey(endpointConfig.schedulesConfig, "retentionDays");
+  }
   if (change.section === "deployments" && change.key === "subdomain") {
     return raw?.deployments !== void 0 && raw.deployments !== null && typeof raw.deployments === "object";
   }
@@ -9682,6 +9892,9 @@ function hasAuthKey(raw, key) {
   const auth = raw?.auth;
   return auth !== void 0 && auth !== null && typeof auth === "object" && key in auth;
 }
+function hasConfigKey(slice, key) {
+  return slice !== void 0 && slice !== null && typeof slice === "object" && key in slice;
+}
 var AUTH_PASSWORD_WIRE_KEY = {
   min_length: "passwordMinLength",
   require_number: "requireNumber",
@@ -9710,9 +9923,25 @@ function registerConfigPlanCommand(cfg) {
       const file = parseConfigToml(tomlSource);
       const res = await ossFetch("/api/metadata");
       const raw = await res.json();
-      const live = liveFromMetadata(raw);
+      const endpointConfig = {};
+      if (file.storage !== void 0) {
+        endpointConfig.storageConfig = await fetchOptionalConfig2(
+          "/api/storage/config"
+        );
+      }
+      if (file.realtime !== void 0) {
+        endpointConfig.realtimeConfig = await fetchOptionalConfig2(
+          "/api/realtime/config"
+        );
+      }
+      if (file.schedules !== void 0) {
+        endpointConfig.schedulesConfig = await fetchOptionalConfig2(
+          "/api/schedules/config"
+        );
+      }
+      const live = liveFromMetadata(raw, endpointConfig);
       const result = diffConfig({ live, file });
-      const skipped = result.changes.filter((c) => !metadataSupports(raw, c)).map((c) => changePath(c));
+      const skipped = result.changes.filter((c) => !metadataSupports(raw, c, endpointConfig)).map((c) => changePath(c));
       if (json) {
         console.log(JSON.stringify({ ...result, skipped }, null, 2));
       } else {
@@ -9748,6 +9977,18 @@ function registerConfigPlanCommand(cfg) {
     }
   });
 }
+async function fetchOptionalConfig2(path6) {
+  try {
+    const res = await ossFetch(path6);
+    return await res.json();
+  } catch (err) {
+    if (isMissingOptionalEndpoint2(err)) return void 0;
+    throw err;
+  }
+}
+function isMissingOptionalEndpoint2(err) {
+  return err instanceof CLIError && err.statusCode === 404 && (err.code === void 0 || err.code === "NOT_FOUND");
+}
 
 // src/commands/config/apply.ts
 import { readFileSync as readFileSync10 } from "fs";
@@ -9766,7 +10007,23 @@ function registerConfigApplyCommand(cfg) {
       const file = parseConfigToml(tomlSource);
       const res = await ossFetch("/api/metadata");
       const raw = await res.json();
-      const live = liveFromMetadata(raw);
+      const endpointConfig = {};
+      if (file.storage !== void 0) {
+        endpointConfig.storageConfig = await fetchOptionalConfig3(
+          "/api/storage/config"
+        );
+      }
+      if (file.realtime !== void 0) {
+        endpointConfig.realtimeConfig = await fetchOptionalConfig3(
+          "/api/realtime/config"
+        );
+      }
+      if (file.schedules !== void 0) {
+        endpointConfig.schedulesConfig = await fetchOptionalConfig3(
+          "/api/schedules/config"
+        );
+      }
+      const live = liveFromMetadata(raw, endpointConfig);
       const result = diffConfig({ live, file });
       const approved = opts.autoApprove || yes;
       const sectionsChanged = Array.from(
@@ -9819,7 +10076,7 @@ function registerConfigApplyCommand(cfg) {
       const skipped = [];
       for (const change of result.changes) {
         const path6 = changePath(change);
-        if (!metadataSupports(raw, change)) {
+        if (!metadataSupports(raw, change, endpointConfig)) {
           skipped.push({
             key: path6,
             reason: `your backend doesn't expose ${path6} \u2014 upgrade the project to apply this section`
@@ -9870,6 +10127,18 @@ function registerConfigApplyCommand(cfg) {
     }
   });
 }
+async function fetchOptionalConfig3(path6) {
+  try {
+    const res = await ossFetch(path6);
+    return await res.json();
+  } catch (err) {
+    if (isMissingOptionalEndpoint3(err)) return void 0;
+    throw err;
+  }
+}
+function isMissingOptionalEndpoint3(err) {
+  return err instanceof CLIError && err.statusCode === 404 && (err.code === void 0 || err.code === "NOT_FOUND");
+}
 async function applyChange(change) {
   if (change.section === "auth" && change.key === "allowed_redirect_urls") {
     await ossFetch("/api/auth/config", {
@@ -9899,6 +10168,13 @@ async function applyChange(change) {
     });
     return;
   }
+  if (change.section === "auth" && change.key === "disable_signup") {
+    await ossFetch("/api/auth/config", {
+      method: "PUT",
+      body: JSON.stringify({ disableSignup: change.to })
+    });
+    return;
+  }
   if (change.section === "auth.password") {
     const wireKey = authPasswordWireKey(change.key);
     await ossFetch("/api/auth/config", {
@@ -9931,6 +10207,27 @@ async function applyChange(change) {
     });
     return;
   }
+  if (change.section === "storage" && change.key === "max_file_size_mb") {
+    await ossFetch("/api/storage/config", {
+      method: "PUT",
+      body: JSON.stringify({ maxFileSizeMb: change.to })
+    });
+    return;
+  }
+  if (change.section === "realtime" && change.key === "retention_days") {
+    await ossFetch("/api/realtime/config", {
+      method: "PATCH",
+      body: JSON.stringify({ retentionDays: change.to })
+    });
+    return;
+  }
+  if (change.section === "schedules" && change.key === "retention_days") {
+    await ossFetch("/api/schedules/config", {
+      method: "PATCH",
+      body: JSON.stringify({ retentionDays: change.to })
+    });
+    return;
+  }
   if (change.section === "deployments" && change.key === "subdomain") {
     await ossFetch("/api/deployments/slug", {
       method: "PUT",