@jumpgroup/laravel-tools 3.3.0

package/src/aws/config.js

@@ -0,0 +1,39 @@
+import { fromIni } from '@aws-sdk/credential-provider-ini';
+import { STSClient, GetCallerIdentityCommand } from '@aws-sdk/client-sts';
+
+const DEFAULT_REGION = 'eu-central-1';
+const DEFAULT_PROFILE = 'default';
+const CLOUDFRONT_REGION = 'us-east-1';
+
+export const getAwsProfile = () => process.env.AWS_PROFILE || DEFAULT_PROFILE;
+
+export const getAwsRegion = () =>
+  process.env.AWS_REGION || process.env.AWS_DEFAULT_REGION || DEFAULT_REGION;
+
+export const getCloudFrontRegion = () =>
+  process.env.AWS_CLOUDFRONT_REGION || CLOUDFRONT_REGION;
+
+export const getAwsCredentials = () =>
+  fromIni({
+    profile: getAwsProfile(),
+  });
+
+let cachedAccountId = null;
+export const getAwsAccountId = async () => {
+  if (cachedAccountId) {
+    return cachedAccountId;
+  }
+
+  const sts = new STSClient({
+    region: getCloudFrontRegion(),
+    credentials: getAwsCredentials(),
+  });
+
+  const data = await sts.send(new GetCallerIdentityCommand({}));
+  if (!data.Account) {
+    throw new Error('Impossibile determinare AWS account ID.');
+  }
+
+  cachedAccountId = data.Account;
+  return cachedAccountId;
+};

package/src/aws/iam.js

@@ -0,0 +1,189 @@
+import {
+  IAMClient,
+  GetUserCommand,
+  CreateUserCommand,
+  PutUserPolicyCommand,
+  CreateAccessKeyCommand,
+  ListAccessKeysCommand,
+  DeleteAccessKeyCommand,
+  TagUserCommand,
+} from '@aws-sdk/client-iam';
+
+import { getAwsCredentials } from './config.js';
+import { getAppName } from '../utilities/command.js';
+
+const createIamClient = () =>
+  new IAMClient({
+    region: 'us-east-1',
+    endpoint: 'https://iam.amazonaws.com',
+    credentials: getAwsCredentials(),
+  });
+
+const MEDIA_POLICY_NAME = 'MediaBucketAccessPolicy';
+
+const getLegacyAndPreferredUsernames = (projectName) => ({
+  preferred: `${projectName}-media`,
+  legacy: `media-user.${projectName}`,
+});
+
+const userExists = async (client, username) => {
+  try {
+    await client.send(new GetUserCommand({ UserName: username }));
+    return true;
+  } catch {
+    return false;
+  }
+};
+
+const ensureUser = async (client, projectName, options = {}) => {
+  const dryRun = Boolean(options.dryRun);
+  const { preferred, legacy } = getLegacyAndPreferredUsernames(projectName);
+
+  if (await userExists(client, preferred)) {
+    return { username: preferred, exists: true };
+  }
+
+  if (await userExists(client, legacy)) {
+    return { username: legacy, exists: true };
+  }
+
+  if (dryRun) {
+    console.log(`🧪 [dry-run] Creo IAM user ${preferred}`);
+    return { username: preferred, exists: false };
+  }
+
+  await client.send(new CreateUserCommand({ UserName: preferred }));
+  return { username: preferred, exists: false };
+};
+
+const rotateAccessKeysSafely = async (client, username, options = {}) => {
+  const dryRun = Boolean(options.dryRun);
+  const userExists = options.userExists !== false;
+
+  if (dryRun && !userExists) {
+    console.log(`🧪 [dry-run] Creo nuova access key per ${username}`);
+    return {
+      AccessKeyId: `DRYRUNACCESSKEY-${username}`,
+      SecretAccessKey: 'DRYRUN-SECRET',
+    };
+  }
+
+  const existing = await client.send(new ListAccessKeysCommand({ UserName: username }));
+  const keys = existing.AccessKeyMetadata || [];
+
+  if (keys.length >= 2) {
+    throw new Error(
+      `L'utente IAM ${username} ha già 2 access key. Rotazione non-safe: elimina manualmente una key e rilancia.`
+    );
+  }
+
+  if (dryRun) {
+    console.log(
+      `🧪 [dry-run] Creo nuova access key per ${username}${keys.length === 1 ? ' e poi rimuovo la precedente' : ''}`
+    );
+    return {
+      AccessKeyId: `DRYRUNACCESSKEY-${username}`,
+      SecretAccessKey: 'DRYRUN-SECRET',
+    };
+  }
+
+  const createResponse = await client.send(new CreateAccessKeyCommand({ UserName: username }));
+  const newKey = createResponse.AccessKey;
+  if (!newKey) {
+    throw new Error(`Creazione access key fallita per ${username}.`);
+  }
+
+  if (keys.length === 1) {
+    await client.send(
+      new DeleteAccessKeyCommand({
+        UserName: username,
+        AccessKeyId: keys[0].AccessKeyId,
+      })
+    );
+  }
+
+  return newKey;
+};
+
+const buildMediaPolicy = ({ bucketName, cloudfrontId }) => {
+  const statements = [
+    {
+      Sid: 'BucketListAndLocation',
+      Effect: 'Allow',
+      Action: ['s3:ListBucket', 's3:GetBucketLocation'],
+      Resource: `arn:aws:s3:::${bucketName}`,
+    },
+    {
+      Sid: 'BucketObjectsReadWrite',
+      Effect: 'Allow',
+      Action: ['s3:GetObject', 's3:PutObject', 's3:DeleteObject'],
+      Resource: `arn:aws:s3:::${bucketName}/*`,
+    },
+  ];
+
+  if (cloudfrontId) {
+    statements.push({
+      Sid: 'CloudFrontInvalidation',
+      Effect: 'Allow',
+      Action: ['cloudfront:CreateInvalidation', 'cloudfront:GetInvalidation'],
+      Resource: '*',
+    });
+  }
+
+  return {
+    Version: '2012-10-17',
+    Statement: statements,
+  };
+};
+
+export const createIAMUser = async (projectName, cloudfrontId = null, options = {}) => {
+  const client = createIamClient();
+  const resolvedProjectName = projectName || getAppName();
+  const dryRun = Boolean(options.dryRun);
+  const userInfo = await ensureUser(client, resolvedProjectName, { dryRun });
+  const username = userInfo.username;
+  const bucketName = `${resolvedProjectName}-media`;
+
+  const policy = buildMediaPolicy({ bucketName, cloudfrontId });
+  if (dryRun) {
+    console.log(`🧪 [dry-run] Applico/aggiorno inline policy ${MEDIA_POLICY_NAME} su ${username}`);
+  } else {
+    await client.send(
+      new PutUserPolicyCommand({
+        UserName: username,
+        PolicyName: MEDIA_POLICY_NAME,
+        PolicyDocument: JSON.stringify(policy),
+      })
+    );
+  }
+
+  if (dryRun) {
+    console.log(`🧪 [dry-run] Aggiungo/aggiorno tag site=${resolvedProjectName} su ${username}`);
+  } else {
+    await client.send(
+      new TagUserCommand({
+        UserName: username,
+        Tags: [{ Key: 'site', Value: resolvedProjectName }],
+      })
+    );
+  }
+
+  const accessKey = await rotateAccessKeysSafely(client, username, {
+    dryRun,
+    userExists: userInfo.exists,
+  });
+
+  const credentials = {
+    username,
+    AWS_ACCESS_KEY_ID: accessKey.AccessKeyId,
+    AWS_SECRET_ACCESS_KEY: accessKey.SecretAccessKey,
+    AWS_BUCKET: bucketName,
+    ...(cloudfrontId ? { CLOUDFRONT_DISTRIBUTION_ID: cloudfrontId } : {}),
+  };
+
+  console.log(`✅ IAM media user pronto: ${username}`);
+  return credentials;
+};
+
+// Backward-compatible alias (old laravel-tools naming).
+export const createMediaIAMUser = createIAMUser;

package/src/cache.js

@@ -0,0 +1,49 @@
+import { checkIfEnvFilesExist, getEnvironment } from './utilities/utilities.js';
+import { executeCommand, getIp, getSshUser, getAppName, getServerPath } from './utilities/command.js';
+
+// The four standard Laravel cache layers to clear.
+// Equivalent of `wp cache flush` in trellis-tools, but Laravel has separate
+// caches for application data, config, routes, and compiled views.
+export const ARTISAN_CLEAR_COMMANDS = ['cache:clear', 'config:clear', 'route:clear', 'view:clear'];
+
+// Clears all Laravel caches inside the local Docker app container.
+// Equivalent of trellis-tools `cache flush-local` (which flushed Memcached).
+export const flushLocal = async () => {
+  checkIfEnvFilesExist();
+
+  const appName = getAppName();
+
+  console.log(`🔧 Clearing Laravel caches in ${appName}-app...`);
+  for (const cmd of ARTISAN_CLEAR_COMMANDS) {
+    console.log(`   php artisan ${cmd}`);
+    await executeCommand('docker', ['exec', `${appName}-api`, 'php', 'artisan', cmd]);
+  }
+
+  console.log('✅ Cache locale svuotata!');
+};
+
+// Clears all Laravel caches on a remote server via SSH.
+// Equivalent of trellis-tools `cache flush-remote`.
+export const flushRemote = async (options = {}) => {
+  checkIfEnvFilesExist();
+
+  const { environment } = options;
+  const env = environment || (await getEnvironment());
+  const ip = getIp(env);
+  const sshUser = getSshUser(env);
+  const appName = getAppName();
+  const serverPath = getServerPath(env);
+
+  console.log(`🔧 Clearing Laravel caches on ${env} (${sshUser}@${ip})...`);
+  const clearCmd = ARTISAN_CLEAR_COMMANDS.map((cmd) => `php artisan ${cmd}`).join(' && ');
+  await executeCommand('ssh', [`${sshUser}@${ip}`, `cd ${serverPath} && ${clearCmd}`]);
+
+  console.log('✅ Cache remota svuotata!');
+};
+
+// Clears caches both locally and on the remote server.
+// Equivalent of trellis-tools `cache flush-all`.
+export const flushAll = async (options = {}) => {
+  await flushLocal();
+  await flushRemote(options);
+};

package/src/database.js

@@ -0,0 +1,315 @@
+import { readFileSync } from 'fs';
+import { basename } from 'path';
+import { parse } from 'dotenv';
+import select from '@inquirer/select';
+
+import { checkIfEnvFilesExist, getEnvironment, getUserName } from './utilities/utilities.js';
+import { executeCommand, getIp, getSshUser, getAppName, getServerPath } from './utilities/command.js';
+import { getCurrentDateString } from './utilities/dateUtils.js';
+import { find10LatestFiles } from './utilities/fileUtils.js';
+import { resolveDatabasePath, ensureDirectoryExists } from './utilities/pathUtils.js';
+import { askYesNo, generateDatabaseFilename } from './utilities/userInput.js';
+import { ARTISAN_CLEAR_COMMANDS } from './cache.js';
+
+// Reads DB credentials from the local .env file.
+// Prefers Laravel's DB_DATABASE but still accepts legacy DB_NAME.
+const readLocalDbCredentials = () => {
+  try {
+    const env = parse(readFileSync('.env'));
+    const DB_DATABASE = env.DB_DATABASE || env.DB_NAME;
+    const { DB_USERNAME, DB_PASSWORD } = env;
+    if (!DB_DATABASE || !DB_USERNAME || !DB_PASSWORD) {
+      throw new Error('DB_DATABASE/DB_NAME, DB_USERNAME, or DB_PASSWORD missing in .env');
+    }
+    return { DB_DATABASE, DB_USERNAME, DB_PASSWORD };
+  } catch {
+    throw new Error('Could not read DB credentials from .env — run local setup first.');
+  }
+};
+
+const getCurrentTimestamp = () => {
+  return new Date().toISOString().replace(/[-:]/g, '').replace(/\..*$/, '').replace('T', '_');
+};
+
+const renderCommand = (command, args = []) => [command, ...args].join(' ');
+
+const executeOrDryRun = async (command, args = [], options = {}) => {
+  const { dryRun = false, summary = null } = options;
+  if (dryRun) {
+    if (summary) {
+      console.log(`🧪 [dry-run] ${summary}`);
+    }
+    console.log(`   ${renderCommand(command, args)}`);
+    return;
+  }
+  await executeCommand(command, args);
+};
+
+// Equivalent of trellis-tools `database remote-export`.
+// Connects via SSH, runs mysqldump on the server (using the server's own .env),
+// downloads the file via scp, then removes the remote copy.
+export const remoteDownload = async (options = {}) => {
+  const { amsMode = false, name: customName, dryRun = false } = options;
+
+  checkIfEnvFilesExist();
+
+  const env = options.environment || (await getEnvironment());
+  const ip = getIp(env);
+  const sshUser = getSshUser(env);
+  const appName = getAppName();
+  const serverPath = getServerPath(env);
+  const date = getCurrentDateString();
+  const username = dryRun ? null : await getUserName();
+  const filename = generateDatabaseFilename(appName, env, date, customName, amsMode, username);
+
+  const localPath = await resolveDatabasePath(appName);
+  ensureDirectoryExists(localPath);
+
+  console.log(`🚀 Esportando il database da ${env} (${sshUser}@${ip})...`);
+  await executeOrDryRun('ssh', [
+    `${sshUser}@${ip}`,
+    `cd ${serverPath} && source .env && mysqldump -u"$DB_USERNAME" -p"$DB_PASSWORD" "$DB_DATABASE" > ${filename}`,
+  ], { dryRun, summary: 'Eseguo dump DB remoto sul server' });
+
+  console.log(`📥 Scaricando ${filename}...`);
+  await executeOrDryRun('scp', [
+    `${sshUser}@${ip}:${serverPath}/${filename}`,
+    `${localPath}/${filename}`,
+  ], { dryRun, summary: 'Scarico dump remoto in locale' });
+
+  console.log('🗑️  Eliminando il file temporaneo dal server...');
+  await executeOrDryRun('ssh', [`${sshUser}@${ip}`, `rm ${serverPath}/${filename}`], {
+    dryRun,
+    summary: 'Pulisco dump temporaneo dal server',
+  });
+
+  if (dryRun) {
+    console.log(`✅ [dry-run] Preview completata. File target: ${localPath}/${filename}`);
+    return;
+  }
+  console.log(`✅ Database salvato in: ${localPath}/${filename}`);
+};
+
+// Equivalent of trellis-tools `database local-import`.
+// Lists available dumps from Google Drive, lets the user pick one,
+// imports it into the local Docker MySQL container, then clears Laravel caches.
+export const dbLocalImport = async (options = {}) => {
+  const { dryRun = false } = options;
+
+  checkIfEnvFilesExist();
+
+  const env = options.environment || (await getEnvironment());
+  const appName = getAppName();
+  const localPath = await resolveDatabasePath(appName);
+  const files = find10LatestFiles(localPath, env);
+
+  if (files.length === 0) {
+    console.log(`❌ Nessun dump trovato per '${env}' in:\n   ${localPath}`);
+    return;
+  }
+
+  const selected = await select({
+    message: 'Seleziona il database da importare:',
+    choices: files.map((f) => ({ name: f.display, value: f.path })),
+  });
+
+  if (dryRun) {
+    await executeOrDryRun('sh', [
+      '-c',
+      `docker exec -i ${appName}-mysql mysql -u"<DB_USERNAME>" -p"<DB_PASSWORD>" "<DB_DATABASE>" < "${selected}"`,
+    ], { dryRun, summary: `Import locale simulato di ${basename(selected)}` });
+    for (const cmd of ARTISAN_CLEAR_COMMANDS) {
+      await executeOrDryRun('docker', ['exec', `${appName}-api`, 'php', 'artisan', cmd], {
+        dryRun,
+        summary: `Clear cache locale (${cmd})`,
+      });
+    }
+    console.log('✅ [dry-run] Import locale simulato con successo.');
+    return;
+  }
+
+  const { DB_DATABASE, DB_USERNAME, DB_PASSWORD } = readLocalDbCredentials();
+
+  console.log(`🚀 Importando ${basename(selected)}...`);
+  await executeCommand('sh', [
+    '-c',
+    `docker exec -i ${appName}-mysql mysql -u"${DB_USERNAME}" -p"${DB_PASSWORD}" "${DB_DATABASE}" < "${selected}"`,
+  ]);
+
+  console.log('🔧 Clearing Laravel caches...');
+  for (const cmd of ARTISAN_CLEAR_COMMANDS) {
+    await executeCommand('docker', ['exec', `${appName}-api`, 'php', 'artisan', cmd]);
+  }
+  console.log('✅ Database importato con successo!');
+};
+
+// Equivalent of trellis-tools `database local-export`.
+// Dumps the local Docker MySQL database and saves it to Google Drive.
+export const dbLocalExport = async (options = {}) => {
+  const { amsMode = false, name: customName, dryRun = false } = options;
+
+  checkIfEnvFilesExist();
+
+  const appName = getAppName();
+  const date = getCurrentDateString();
+  const username = dryRun ? null : await getUserName();
+  const filename = generateDatabaseFilename(appName, 'local', date, customName, amsMode, username);
+
+  const localPath = await resolveDatabasePath(appName);
+  ensureDirectoryExists(localPath);
+
+  if (dryRun) {
+    await executeOrDryRun('sh', [
+      '-c',
+      `docker exec ${appName}-mysql mysqldump -u"<DB_USERNAME>" -p"<DB_PASSWORD>" "<DB_DATABASE>" > "${localPath}/${filename}"`,
+    ], { dryRun, summary: 'Esportazione DB locale simulata' });
+    console.log(`✅ [dry-run] Preview completata. File target: ${localPath}/${filename}`);
+    return;
+  }
+
+  const { DB_DATABASE, DB_USERNAME, DB_PASSWORD } = readLocalDbCredentials();
+
+  console.log('🚀 Esportando il database locale...');
+  await executeCommand('sh', [
+    '-c',
+    `docker exec ${appName}-mysql mysqldump -u"${DB_USERNAME}" -p"${DB_PASSWORD}" "${DB_DATABASE}" > "${localPath}/${filename}"`,
+  ]);
+
+  console.log(`✅ Database salvato in: ${localPath}/${filename}`);
+};
+
+// Equivalent of trellis-tools `database remote-import`.
+// Uploads a local dump to the server via scp and imports it, then clears remote caches.
+export const remoteImport = async (options = {}) => {
+  const {
+    dryRun = false,
+  } = options;
+
+  checkIfEnvFilesExist();
+
+  const env = options.environment || (await getEnvironment());
+  const ip = getIp(env);
+  const sshUser = getSshUser(env);
+  const appName = getAppName();
+  const serverPath = getServerPath(env);
+
+  const localPath = await resolveDatabasePath(appName);
+  const files = find10LatestFiles(localPath, env);
+
+  if (files.length === 0) {
+    console.log(`❌ Nessun dump trovato per '${env}' in:\n   ${localPath}`);
+    return;
+  }
+
+  const selected = await select({
+    message: 'Seleziona il database da importare sul server:',
+    choices: files.map((f) => ({ name: f.display, value: f.path })),
+  });
+  const filename = basename(selected);
+
+  if (!dryRun) {
+    const confirmed = await askYesNo(
+      `Confermi import REMOTO su '${env}' (${sshUser}@${ip}) usando '${filename}'?`
+    );
+    if (!confirmed) {
+      console.log('⏹️  Operazione annullata.');
+      return;
+    }
+  }
+
+  let createBackupBeforeImport = true;
+  if (!dryRun) {
+    createBackupBeforeImport = await askYesNo(
+      "Vuoi creare un backup del DB remoto prima dell'import?"
+    );
+  }
+
+  const backupFilename = `${appName}_${env}_preimport_${getCurrentTimestamp()}.sql`;
+
+  if (createBackupBeforeImport) {
+    console.log(`🛟 Creazione backup pre-import su ${env}: ${backupFilename}`);
+    await executeOrDryRun('ssh', [
+      `${sshUser}@${ip}`,
+      `cd ${serverPath} && source .env && mysqldump -u"$DB_USERNAME" -p"$DB_PASSWORD" "$DB_DATABASE" > ${backupFilename}`,
+    ], { dryRun, summary: 'Creo backup pre-import remoto' });
+  } else {
+    console.log('⚠️  Backup pre-import disabilitato (--no-create-backup-before-import).');
+  }
+
+  console.log(`📤 Caricando ${filename} su ${env} (${sshUser}@${ip})...`);
+  await executeOrDryRun('scp', [selected, `${sshUser}@${ip}:${serverPath}/${filename}`], {
+    dryRun,
+    summary: 'Carico dump locale sul server remoto',
+  });
+
+  let imported = false;
+  try {
+    console.log(`🚀 Importando il database su ${env}...`);
+    await executeOrDryRun('ssh', [
+      `${sshUser}@${ip}`,
+      `cd ${serverPath} && source .env && mysql -u"$DB_USERNAME" -p"$DB_PASSWORD" "$DB_DATABASE" < ${filename}`,
+    ], { dryRun, summary: 'Import DB remoto da dump caricato' });
+
+    await executeOrDryRun('ssh', [
+      `${sshUser}@${ip}`,
+      `cd ${serverPath} && source .env && mysql -u"$DB_USERNAME" -p"$DB_PASSWORD" "$DB_DATABASE" -e "SELECT 1;"`,
+    ], { dryRun, summary: 'Health check DB remoto (SELECT 1)' });
+
+    console.log('🔧 Clearing Laravel caches sul server...');
+    const clearCmd = ARTISAN_CLEAR_COMMANDS.map((cmd) => `php artisan ${cmd}`).join(' && ');
+    await executeOrDryRun('ssh', [`${sshUser}@${ip}`, `cd ${serverPath} && ${clearCmd}`], {
+      dryRun,
+      summary: 'Clear cache Laravel remoto post-import',
+    });
+
+    imported = true;
+  } catch (error) {
+    if (createBackupBeforeImport) {
+      console.error('🚨 Import remoto fallito. Backup pre-import disponibile per rollback.');
+      console.error(
+        `Rollback command: ssh ${sshUser}@${ip} "cd ${serverPath} && source .env && mysql -u\\"$DB_USERNAME\\" -p\\"$DB_PASSWORD\\" \\"$DB_DATABASE\\" < ${backupFilename}"`
+      );
+    }
+    throw error;
+  } finally {
+    if (imported) {
+      console.log('🗑️  Eliminando il file temporaneo dal server...');
+      await executeOrDryRun('ssh', [`${sshUser}@${ip}`, `rm ${serverPath}/${filename}`], {
+        dryRun,
+        summary: 'Pulizia dump temporaneo remoto post-import',
+      });
+    } else {
+      console.log('ℹ️  File dump remoto non rimosso automaticamente (import non completato).');
+    }
+  }
+
+  if (dryRun) {
+    console.log('✅ [dry-run] Remote import simulato con successo.');
+    return;
+  }
+  console.log('✅ Database importato con successo!');
+};
+
+// Equivalent of trellis-tools `database list`.
+// Lists the 10 most recent dumps in Google Drive for this project.
+export const listDatabases = async (options = {}) => {
+  const { environment } = options;
+
+  checkIfEnvFilesExist();
+
+  const appName = getAppName();
+  const localPath = await resolveDatabasePath(appName);
+  const files = find10LatestFiles(localPath, environment || null);
+
+  if (files.length === 0) {
+    const envLabel = environment ? `per '${environment}' ` : '';
+    console.log(`📋 Nessun dump trovato ${envLabel}in:\n   ${localPath}`);
+    return;
+  }
+
+  console.log(`\n📋 Database dumps — ${appName}:`);
+  files.forEach((f, i) => {
+    console.log(`  ${i + 1}. ${f.display}`);
+  });
+  console.log('');
+};

package/src/forge/client.js

@@ -0,0 +1,43 @@
+import { getForgeToken } from './config.js';
+
+const BASE_URL = 'https://forge.laravel.com/api/v1';
+
+const request = async (method, path, body = null) => {
+  const token = getForgeToken();
+
+  const options = {
+    method,
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: 'application/json',
+      'Content-Type': 'application/json',
+    },
+  };
+
+  if (body) {
+    options.body = JSON.stringify(body);
+  }
+
+  const response = await fetch(`${BASE_URL}${path}`, options);
+
+  if (response.status === 204) return null;
+
+  const data = await response.json().catch(() => null);
+
+  if (!response.ok) {
+    const message = data?.message || data?.error || `HTTP ${response.status}`;
+    if (response.status === 401) throw new Error(`Token Forge non valido o scaduto. Esegui: laravel-tools forge token set`);
+    if (response.status === 403) throw new Error(`Accesso negato: ${message}`);
+    if (response.status === 404) throw new Error(`Risorsa non trovata: ${message}`);
+    if (response.status === 422) throw new Error(`Dati non validi:\n${JSON.stringify(data, null, 2)}`);
+    if (response.status === 429) throw new Error(`Rate limit Forge raggiunto. Riprova tra qualche secondo.`);
+    throw new Error(`Errore Forge API (${response.status}): ${message}`);
+  }
+
+  return data;
+};
+
+export const get = (path) => request('GET', path);
+export const post = (path, body) => request('POST', path, body);
+export const put = (path, body) => request('PUT', path, body);
+export const del = (path) => request('DELETE', path);

package/src/forge/config.js

@@ -0,0 +1,33 @@
+import { readFileSync, writeFileSync, existsSync } from 'fs';
+import { homedir } from 'os';
+import { join } from 'path';
+
+const CONFIG_PATH = join(homedir(), '.laravel-tools');
+
+const readConfig = () => {
+  if (!existsSync(CONFIG_PATH)) return {};
+  try {
+    return JSON.parse(readFileSync(CONFIG_PATH, 'utf8'));
+  } catch {
+    return {};
+  }
+};
+
+const writeConfig = (data) => {
+  writeFileSync(CONFIG_PATH, JSON.stringify(data, null, 2), 'utf8');
+};
+
+export const getForgeToken = () => {
+  const token = readConfig().forgeToken;
+  if (!token) {
+    throw new Error(
+      'Forge API token non trovato. Esegui prima: laravel-tools forge token set'
+    );
+  }
+  return token;
+};
+
+export const setForgeToken = (token) => {
+  const config = readConfig();
+  writeConfig({ ...config, forgeToken: token });
+};