@l4yercak3/cli 1.0.0 → 1.0.2

package/.claude/settings.local.json

@@ -12,7 +12,9 @@
       "Bash(git add:*)",
       "Bash(git commit:*)",
       "Bash(gh repo create:*)",
-      "Bash(npm whoami:*)"
+      "Bash(npm whoami:*)",
+      "Bash(npm pkg fix:*)",
+      "Bash(git push:*)"
     ]
   }
 }

package/CLAUDE.md

@@ -0,0 +1,100 @@
+# L4YERCAK3 CLI - Claude Code Configuration
+
+## About This Project
+
+This is **L4YERCAK3 CLI** (`@l4yercak3/cli`) - the official CLI tool for integrating Next.js projects with the Layer Cake platform. It handles authentication, project setup, and generates boilerplate code for L4YERCAK3 features.
+
+## Installation
+
+```bash
+npm install -g @l4yercak3/cli
+```
+
+## CLI Commands
+
+| Command | Description |
+|---------|-------------|
+| `l4yercak3 login` | Authenticate with the L4YERCAK3 platform (opens browser) |
+| `l4yercak3 logout` | Log out and clear session |
+| `l4yercak3 status` | Show authentication status and session info |
+| `l4yercak3 spread` | Initialize L4YERCAK3 in a Next.js project (interactive setup) |
+| `icing` | Alias for `l4yercak3` command |
+
+## Project Structure
+
+```
+src/
+├── api/                 # Backend API client
+│   └── backend-client.js
+├── commands/            # CLI command handlers
+│   ├── login.js         # Browser-based OAuth login
+│   ├── logout.js        # Session cleanup
+│   ├── spread.js        # Project initialization wizard
+│   └── status.js        # Auth status display
+├── config/              # Configuration management
+│   └── config-manager.js
+├── detectors/           # Project analysis
+│   ├── nextjs-detector.js
+│   ├── github-detector.js
+│   ├── oauth-detector.js
+│   └── api-client-detector.js
+├── generators/          # Code generators
+│   ├── api-client-generator.js
+│   ├── env-generator.js
+│   ├── nextauth-generator.js
+│   ├── oauth-guide-generator.js
+│   └── gitignore-generator.js
+├── index.js             # Main entry point
+└── logo.js              # ASCII art branding
+```
+
+## Development Commands
+
+```bash
+npm run build          # Build for production
+npm run lint           # Run ESLint
+npm run lint:fix       # Fix ESLint issues
+npm run type-check     # TypeScript type checking (via JSDoc)
+npm test               # Run Jest tests
+npm run test:watch     # Run tests in watch mode
+npm run test:coverage  # Run tests with coverage report
+npm run verify         # Run lint + type-check + test + build
+```
+
+## Code Style
+
+- JavaScript with JSDoc type annotations
+- ESLint with Prettier formatting
+- Jest for testing with mocks for fs, fetch, and external dependencies
+- Keep files focused and under 500 lines
+- Use async/await for asynchronous operations
+
+## Testing Patterns
+
+When writing tests:
+- Mock `fs` module for file operations
+- Mock `node-fetch` for API calls
+- Mock `chalk` to return plain strings
+- Use `jest.spyOn(console, 'error').mockImplementation(() => {})` to silence expected errors
+- For singleton modules that instantiate on require, set up mocks BEFORE requiring the module
+
+## Configuration Storage
+
+User config is stored at `~/.l4yercak3/config.json` with:
+- Session tokens and expiration
+- Organization memberships
+- Project configurations by path
+- Backend URL settings
+
+## Available Features
+
+The `spread` command can set up:
+- **CRM** - Customer relationship management integration
+- **OAuth** - Social login with Google, GitHub, Discord, etc.
+- **Stripe** - Payment processing integration
+- **Analytics** - Usage tracking and metrics
+
+## Links
+
+- npm: https://www.npmjs.com/package/@l4yercak3/cli
+- GitHub: https://github.com/voundbrand/l4yercak3-cli

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@l4yercak3/cli",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "Icing on the L4yercak3 - The sweet finishing touch for your Layer Cake integration",
   "main": "src/index.js",
   "bin": {
-    "l4yercak3": "./bin/cli.js",
-    "icing": "./bin/cli.js"
+    "l4yercak3": "bin/cli.js",
+    "icing": "bin/cli.js"
   },
   "scripts": {
     "start": "node bin/cli.js",
@@ -21,9 +21,15 @@
   },
   "jest": {
     "testEnvironment": "node",
-    "testMatch": ["**/tests/**/*.test.js"],
-    "collectCoverageFrom": ["src/**/*.js"],
-    "coveragePathIgnorePatterns": ["/node_modules/"]
+    "testMatch": [
+      "**/tests/**/*.test.js"
+    ],
+    "collectCoverageFrom": [
+      "src/**/*.js"
+    ],
+    "coveragePathIgnorePatterns": [
+      "/node_modules/"
+    ]
   },
   "keywords": [
     "l4yercak3",

package/src/api/backend-client.js

@@ -3,6 +3,7 @@
  * Handles communication with L4YERCAK3 backend API
  */
 
+const crypto = require('crypto');
 const fetch = require('node-fetch');
 const configManager = require('../config/config-manager');
 
@@ -11,6 +12,13 @@ class BackendClient {
     this.baseUrl = configManager.getBackendUrl();
   }
 
+  /**
+   * Generate a cryptographically secure state token for CSRF protection
+   */
+  generateState() {
+    return crypto.randomBytes(32).toString('hex');
+  }
+
   /**
    * Get headers for API requests
    */
@@ -98,18 +106,21 @@ class BackendClient {
   }
 
   /**
-   * Get CLI login URL (uses unified OAuth signup endpoint)
+   * Get CLI login URL with state parameter for CSRF protection
+   * @param {string} state - The state token generated by the CLI
+   * @param {string|null} provider - Optional OAuth provider for direct auth
+   * @returns {string} The login URL
    */
-  getLoginUrl(provider = null) {
+  getLoginUrl(state, provider = null) {
     const backendUrl = configManager.getBackendUrl();
-    const callbackUrl = 'http://localhost:3001/callback';
-    
+    const callbackUrl = 'http://localhost:3000/callback';
+
     if (provider) {
       // Direct OAuth provider URL
-      return `${backendUrl}/api/auth/oauth-signup?provider=${provider}&sessionType=cli&callback=${encodeURIComponent(callbackUrl)}`;
+      return `${backendUrl}/api/auth/oauth-signup?provider=${provider}&sessionType=cli&state=${state}&callback=${encodeURIComponent(callbackUrl)}`;
     } else {
-      // Provider selection page (still uses old endpoint for now, but could be updated)
-      return `${backendUrl}/auth/cli-login?callback=${encodeURIComponent(callbackUrl)}`;
+      // Provider selection page
+      return `${backendUrl}/auth/cli-login?state=${state}&callback=${encodeURIComponent(callbackUrl)}`;
     }
   }
 

package/src/commands/login.js

@@ -10,17 +10,37 @@ const chalk = require('chalk');
 
 /**
  * Start local server to receive OAuth callback
+ * @param {string} expectedState - The state token to verify against
  */
-function startCallbackServer() {
+function startCallbackServer(expectedState) {
   return new Promise((resolve, reject) => {
     const http = require('http');
-    
+
     const server = http.createServer((req, res) => {
-      const url = new URL(req.url, 'http://localhost:3001');
-      
+      const url = new URL(req.url, 'http://localhost:3000');
+
       if (url.pathname === '/callback') {
         const token = url.searchParams.get('token');
-        
+        const returnedState = url.searchParams.get('state');
+
+        // Verify state to prevent CSRF attacks
+        if (returnedState !== expectedState) {
+          res.writeHead(400, { 'Content-Type': 'text/html' });
+          res.end(`
+            <html>
+              <head><title>CLI Login Error</title></head>
+              <body style="font-family: system-ui; padding: 40px; text-align: center;">
+                <h1 style="color: #EF4444;">❌ Security Error</h1>
+                <p>State mismatch - possible CSRF attack. Please try again.</p>
+              </body>
+            </html>
+          `);
+
+          server.close();
+          reject(new Error('State mismatch - security validation failed'));
+          return;
+        }
+
         if (token) {
           res.writeHead(200, { 'Content-Type': 'text/html' });
           res.end(`
@@ -32,7 +52,7 @@ function startCallbackServer() {
               </body>
             </html>
           `);
-          
+
           server.close();
           resolve(token);
         } else {
@@ -46,7 +66,7 @@ function startCallbackServer() {
               </body>
             </html>
           `);
-          
+
           server.close();
           reject(new Error('No token received'));
         }
@@ -56,7 +76,7 @@ function startCallbackServer() {
       }
     });
 
-    server.listen(3001, 'localhost', () => {
+    server.listen(3000, 'localhost', () => {
       console.log(chalk.gray('  Waiting for authentication...'));
     });
 
@@ -85,13 +105,16 @@ async function handleLogin() {
 
     console.log(chalk.cyan('  🔐 Opening browser for authentication...\n'));
 
-    // Start callback server
-    const callbackPromise = startCallbackServer();
+    // Generate state for CSRF protection
+    const state = backendClient.generateState();
+
+    // Start callback server with expected state
+    const callbackPromise = startCallbackServer(state);
 
-    // Open browser
-    const loginUrl = backendClient.getLoginUrl();
+    // Open browser with state parameter
+    const loginUrl = backendClient.getLoginUrl(state);
     console.log(chalk.gray(`  Login URL: ${loginUrl}\n`));
-    
+
     await open(loginUrl);
 
     // Wait for callback

package/src/config/config-manager.js

@@ -33,7 +33,7 @@ class ConfigManager {
         session: null,
         organizations: [],
         settings: {
-          backendUrl: process.env.L4YERCAK3_BACKEND_URL || 'https://backend.l4yercak3.com',
+          backendUrl: process.env.L4YERCAK3_BACKEND_URL || 'https://app.l4yercak3.com',
         },
       };
     }
@@ -118,7 +118,7 @@ class ConfigManager {
    */
   getBackendUrl() {
     const config = this.getConfig();
-    return config.settings?.backendUrl || process.env.L4YERCAK3_BACKEND_URL || 'https://backend.l4yercak3.com';
+    return config.settings?.backendUrl || process.env.L4YERCAK3_BACKEND_URL || 'https://app.l4yercak3.com';
   }
 
   /**

package/src/generators/oauth-guide-generator.js

@@ -267,7 +267,7 @@ Once OAuth is set up:
 
 ---
 
-**Need Help?** Check the [L4YERCAK3 Documentation](https://docs.l4yercak3.com) or contact support.
+**Need Help?** Check the [L4YERCAK3 Documentation](https://www.l4yercak3.com/docs) or contact support.
 `;
 
     return content;

package/templates/CLAUDE.md

@@ -0,0 +1,86 @@
+# L4YERCAK3 Integration - Claude Code Configuration
+
+## About This Integration
+
+This project uses **L4YERCAK3** for backend services. The integration was set up using `@l4yercak3/cli`.
+
+## L4YERCAK3 CLI
+
+Install the CLI globally to manage your L4YERCAK3 integration:
+
+```bash
+npm install -g @l4yercak3/cli
+```
+
+### Commands
+
+| Command | Description |
+|---------|-------------|
+| `l4yercak3 login` | Authenticate with L4YERCAK3 platform |
+| `l4yercak3 logout` | Log out from L4YERCAK3 |
+| `l4yercak3 status` | Check authentication and session status |
+| `l4yercak3 spread` | Re-run setup wizard to add/update features |
+| `icing` | Shorthand alias for `l4yercak3` |
+
+## Generated Files
+
+The CLI generates these files based on selected features:
+
+| File | Purpose |
+|------|---------|
+| `.env.local` | Environment variables (API keys, secrets) |
+| `src/lib/api-client.js` | API client for L4YERCAK3 backend (or `.ts` for TypeScript) |
+| `src/app/api/auth/[...nextauth]/route.js` | NextAuth.js configuration (if OAuth enabled) |
+| `OAUTH_SETUP_GUIDE.md` | OAuth provider setup instructions (if OAuth enabled) |
+
+## Environment Variables
+
+Required variables in `.env.local`:
+
+```bash
+L4YERCAK3_API_KEY=        # Your L4YERCAK3 API key
+L4YERCAK3_BACKEND_URL=    # Backend API URL
+L4YERCAK3_ORG_ID=         # Your organization ID
+NEXTAUTH_SECRET=          # NextAuth secret (if using OAuth)
+NEXTAUTH_URL=             # Your app URL (if using OAuth)
+```
+
+## Using the API Client
+
+```javascript
+import L4YERCAK3Client from '@/lib/api-client';
+
+// Create client instance (uses env defaults if no args)
+const client = new L4YERCAK3Client();
+
+// CRM Methods
+const contacts = await client.getContacts();
+const contact = await client.getContact('contact-id');
+const newContact = await client.createContact({ email: 'user@example.com', name: 'John Doe' });
+await client.updateContact('contact-id', { name: 'Jane Doe' });
+await client.deleteContact('contact-id');
+
+// Projects Methods
+const projects = await client.getProjects();
+const project = await client.createProject({ name: 'New Project' });
+
+// Invoices Methods
+const invoices = await client.getInvoices();
+const invoice = await client.createInvoice({ amount: 100, contactId: 'contact-id' });
+```
+
+## Re-running Setup
+
+To add new features or update configuration:
+
+```bash
+l4yercak3 spread
+```
+
+This will detect existing setup and allow you to add additional features without overwriting current configuration.
+
+## Support
+
+- Documentation: https://docs.l4yercak3.com
+- CLI GitHub: https://github.com/voundbrand/l4yercak3-cli
+- npm: https://www.npmjs.com/package/@l4yercak3/cli

package/tests/backend-client.test.js

@@ -242,27 +242,47 @@ describe('BackendClient', () => {
     });
   });
 
+  describe('generateState', () => {
+    it('generates a 64-character hex string', () => {
+      const state = BackendClient.generateState();
+
+      expect(state).toMatch(/^[a-f0-9]{64}$/);
+    });
+
+    it('generates unique values each time', () => {
+      const state1 = BackendClient.generateState();
+      const state2 = BackendClient.generateState();
+
+      expect(state1).not.toBe(state2);
+    });
+  });
+
   describe('getLoginUrl', () => {
-    it('returns provider selection URL when no provider specified', () => {
-      const url = BackendClient.getLoginUrl();
+    it('returns provider selection URL with state when no provider specified', () => {
+      const state = 'test-state-token';
+      const url = BackendClient.getLoginUrl(state);
 
       expect(url).toContain('https://backend.test.com');
       expect(url).toContain('/auth/cli-login');
+      expect(url).toContain('state=test-state-token');
       expect(url).toContain('callback=');
     });
 
     it('returns direct OAuth URL when provider specified', () => {
-      const url = BackendClient.getLoginUrl('google');
+      const state = 'test-state-token';
+      const url = BackendClient.getLoginUrl(state, 'google');
 
       expect(url).toContain('/api/auth/oauth-signup');
       expect(url).toContain('provider=google');
       expect(url).toContain('sessionType=cli');
+      expect(url).toContain('state=test-state-token');
     });
 
     it('includes encoded callback URL', () => {
-      const url = BackendClient.getLoginUrl('github');
+      const state = 'test-state-token';
+      const url = BackendClient.getLoginUrl(state, 'github');
 
-      expect(url).toContain(encodeURIComponent('http://localhost:3001/callback'));
+      expect(url).toContain(encodeURIComponent('http://localhost:3000/callback'));
     });
   });
 

package/tests/config-manager.test.js

@@ -36,7 +36,7 @@ describe('ConfigManager', () => {
         session: null,
         organizations: [],
         settings: {
-          backendUrl: 'https://backend.l4yercak3.com',
+          backendUrl: 'https://app.l4yercak3.com',
         },
       });
     });
@@ -61,6 +61,8 @@ describe('ConfigManager', () => {
       fs.existsSync.mockReturnValue(true);
       fs.readFileSync.mockReturnValue('invalid json');
 
+      const consoleSpy = jest.spyOn(console, 'error').mockImplementation(() => {});
+
       const config = ConfigManager.getConfig();
 
       expect(config).toEqual({
@@ -68,6 +70,8 @@ describe('ConfigManager', () => {
         organizations: [],
         settings: {},
       });
+
+      consoleSpy.mockRestore();
     });
   });
 
@@ -106,9 +110,13 @@ describe('ConfigManager', () => {
         throw new Error('Write failed');
       });
 
+      const consoleSpy = jest.spyOn(console, 'error').mockImplementation(() => {});
+
       const result = ConfigManager.saveConfig({ test: true });
 
       expect(result).toBe(false);
+
+      consoleSpy.mockRestore();
     });
   });
 
@@ -196,7 +204,7 @@ describe('ConfigManager', () => {
 
       const url = ConfigManager.getBackendUrl();
 
-      expect(url).toBe('https://backend.l4yercak3.com');
+      expect(url).toBe('https://app.l4yercak3.com');
     });
 
     it('returns configured URL from settings', () => {

package/tests/oauth-guide-generator.test.js

@@ -266,7 +266,7 @@ describe('OAuthGuideGenerator', () => {
 
         expect(guide).toContain('## Next Steps');
         expect(guide).toContain('L4YERCAK3 Documentation');
-        expect(guide).toContain('docs.l4yercak3.com');
+        expect(guide).toContain('www.l4yercak3.com/docs');
       });
     });
   });