@letterapp/cli 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 letter.app
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,56 @@
+# @letterapp/cli
+
+Connect your app to [Letter](https://letter.app) in one command. The CLI runs an
+interactive, secure device login: the API key is provisioned by a browser
+confirmation and written straight to your project's env file. **The key never
+appears in your shell history, terminal output, or an agent's chat transcript.**
+
+## Usage
+
+From your project root:
+
+```bash
+npx @letterapp/cli
+```
+
+What happens:
+
+1. The CLI prints a short confirmation code and (after you press Enter) opens
+   your browser to the Letter dashboard.
+2. You confirm the code matches and pick the project to connect.
+3. Letter mints a project API key and sends it to the CLI over a secure back
+   channel. The CLI writes `LETTER_API_KEY` to `.env.local` and stores a copy in
+   `~/.letter/credentials.json` for tooling (such as `@letterapp/mcp`).
+4. It detects your package manager and installs `@letterapp/node`.
+
+## Options
+
+| Flag | Description |
+| --- | --- |
+| `--no-open` | Don't auto-open the browser; print the URL to open manually (headless/remote). |
+| `--yes`, `-y` | Non-interactive: don't wait for Enter. Useful when an agent runs the command. |
+| `--no-install` | Skip installing `@letterapp/node`. |
+| `--base-url <url>` | Target a self-hosted or local Letter instance. |
+| `--api-key <key>` | CI only. Writes the key without the device flow. Do not use interactively or in chat. |
+
+## Security
+
+The interactive flow follows the OAuth 2.0 Device Authorization Grant pattern
+(`gh auth login` / `vercel login` style). The key is minted server-side only
+after a human approves in the browser, then delivered to the CLI out of band. The
+CLI confirms success without ever echoing the secret. Treat `.env.local` and
+`~/.letter/credentials.json` as secrets and keep them out of source control.
+
+## Roadmap
+
+v1 ships the setup/login flow. The command registry and credential store are
+built to extend: future versions add authenticated subcommands that reuse the
+same stored credential, for example:
+
+- `letter sequences` - list / create / configure automation sequences
+- `letter broadcast` - create and send broadcasts
+- `letter contacts`, `letter events`, `letter keys`, `letter status`
+
+## License
+
+MIT

package/dist/commands/login.js

@@ -0,0 +1,151 @@
+import { parseArgs, flagString, flagBool } from "../lib/args.js";
+import { resolveApiBase, DEFAULT_API_BASE, saveCredential } from "../lib/config.js";
+import { startDeviceAuth, pollDeviceAuth } from "../lib/api.js";
+import { openUrl } from "../lib/browser.js";
+import { upsertEnv } from "../lib/env-file.js";
+import { detectFramework, detectPackageManager, installCommand, runInstall, } from "../lib/pm.js";
+import { banner, color, error, info, log, prompt, success, warn, } from "../lib/ui.js";
+const SDK_PACKAGE = "@letterapp/node";
+const ENV_FILE = ".env.local";
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+/**
+ * `letter login` / `letter init` (the default command). Runs the interactive
+ * device-authorization flow, writes the minted key to the project env + the
+ * shared credential store, and installs the SDK. The API key is NEVER printed.
+ */
+export async function runLogin(argv) {
+    const { flags } = parseArgs(argv);
+    const base = resolveApiBase(flagString(flags, "base-url"));
+    const cwd = process.cwd();
+    const autoYes = flagBool(flags, "yes") === true || flags.y === true;
+    const allowOpen = flagBool(flags, "open") !== false; // --no-open disables
+    const doInstall = flagBool(flags, "install") !== false; // --no-install disables
+    const ciKey = flagString(flags, "api-key");
+    banner();
+    // CI escape hatch: write the provided key non-interactively. Documented as
+    // for automation only - interactive/agent use should rely on the device flow
+    // so no secret is passed through the command line / chat.
+    if (ciKey) {
+        const entries = { LETTER_API_KEY: ciKey };
+        if (base !== DEFAULT_API_BASE)
+            entries.LETTER_BASE_URL = base;
+        const file = await upsertEnv(cwd, ENV_FILE, entries);
+        success(`Saved LETTER_API_KEY to ${rel(cwd, file)} (--api-key).`);
+        warn("--api-key is for CI. For interactive setup, run `letter login`.");
+        return 0;
+    }
+    // 1. Begin the flow.
+    let flow;
+    try {
+        flow = await startDeviceAuth(base);
+    }
+    catch (err) {
+        error(err.message);
+        return 1;
+    }
+    log(`${color.bold("Confirm this code in your browser:")}`);
+    log();
+    log(`    ${color.cyan(color.bold(flow.user_code))}`);
+    log();
+    // 2. Open the browser (interactive: wait for Enter; otherwise auto/print).
+    const interactive = process.stdin.isTTY && !autoYes;
+    if (interactive && allowOpen) {
+        await prompt(color.dim("Press Enter to open your browser… "));
+    }
+    if (allowOpen)
+        openUrl(flow.verification_uri_complete);
+    info(`If your browser didn't open, visit:`);
+    log(`    ${color.blue(flow.verification_uri_complete)}`);
+    log();
+    info("Waiting for you to approve… (Ctrl+C to cancel)");
+    // 3. Poll until the user approves/denies or the code expires.
+    const deadline = Date.now() + flow.expires_in * 1000;
+    let intervalMs = Math.max(1, flow.interval) * 1000;
+    while (Date.now() < deadline) {
+        await sleep(intervalMs);
+        let res;
+        try {
+            res = await pollDeviceAuth(base, flow.device_code);
+        }
+        catch (err) {
+            error(err.message);
+            return 1;
+        }
+        if (res.status === "authorization_pending")
+            continue;
+        if (res.status === "slow_down") {
+            intervalMs += 1000;
+            continue;
+        }
+        if (res.status === "access_denied") {
+            error("Request denied in the browser. Nothing was changed.");
+            return 1;
+        }
+        if (res.status === "expired_token") {
+            error("This login expired. Run the command again to retry.");
+            return 1;
+        }
+        // Approved.
+        return finish(res.api_key, res.base_url, res.project, cwd, doInstall);
+    }
+    error("Timed out waiting for approval. Run the command again to retry.");
+    return 1;
+}
+async function finish(apiKey, baseUrl, project, cwd, doInstall) {
+    log();
+    success(`Approved for project ${color.bold(project.name)}.`);
+    // Write the key to the project env (value never printed) + shared store.
+    const entries = { LETTER_API_KEY: apiKey };
+    if (baseUrl && baseUrl !== DEFAULT_API_BASE)
+        entries.LETTER_BASE_URL = baseUrl;
+    const envFile = await upsertEnv(cwd, ENV_FILE, entries);
+    success(`Saved LETTER_API_KEY to ${rel(cwd, envFile)}.`);
+    try {
+        const credFile = await saveCredential({
+            apiKey,
+            baseUrl: baseUrl || DEFAULT_API_BASE,
+            project,
+            savedAt: new Date().toISOString(),
+        });
+        success(`Stored credentials in ${tildify(credFile)} for tooling (MCP).`);
+    }
+    catch {
+        warn("Could not write ~/.letter/credentials.json (continuing).");
+    }
+    // Install the SDK.
+    const pm = await detectPackageManager(cwd);
+    if (doInstall) {
+        info(`Installing ${SDK_PACKAGE} with ${pm}…`);
+        const code = await runInstall(pm, SDK_PACKAGE, cwd);
+        if (code === 0)
+            success(`Installed ${SDK_PACKAGE}.`);
+        else
+            warn(`Install failed. Run: ${installCommand(pm, SDK_PACKAGE)}`);
+    }
+    else {
+        info(`Skipped install. Run: ${installCommand(pm, SDK_PACKAGE)}`);
+    }
+    const framework = await detectFramework(cwd);
+    printNextSteps(framework);
+    return 0;
+}
+function printNextSteps(framework) {
+    log();
+    log(color.bold("Next steps"));
+    if (framework)
+        log(color.dim(`Detected ${framework}.`));
+    log(`  1. Create a server-side client that reads ${color.cyan("process.env.LETTER_API_KEY")}.`);
+    log(`  2. Call ${color.cyan("letter.identify(...)")} where users sign up or log in.`);
+    log(`  3. Call ${color.cyan("letter.track(...)")} on 2-3 key actions.`);
+    log();
+    log(color.dim("Full guide: https://letter.app/docs/agent-setup"));
+    log(color.dim("Your API key is in .env.local - keep it out of source control."));
+    log();
+}
+function rel(cwd, file) {
+    return file.startsWith(cwd) ? file.slice(cwd.length + 1) || file : file;
+}
+function tildify(file) {
+    const home = process.env.HOME || process.env.USERPROFILE;
+    return home && file.startsWith(home) ? `~${file.slice(home.length)}` : file;
+}

package/dist/commands/registry.js

@@ -0,0 +1,21 @@
+import { runLogin } from "./login.js";
+/**
+ * Command registry. v1 ships only the device-login setup flow (as `login`,
+ * `init`, and the default), but the shape here is the extension point: future
+ * authenticated subcommands (`sequences`, `broadcast`, `contacts`, `events`,
+ * `keys`, `status`) register the same way and reuse the credential store in
+ * lib/config.ts + the API client in lib/api.ts. See README "Roadmap".
+ */
+export const COMMANDS = [
+    {
+        name: "login",
+        aliases: ["init"],
+        summary: "Connect this project to Letter (interactive device login)",
+        run: runLogin,
+    },
+];
+/** The command that runs when none is given. */
+export const DEFAULT_COMMAND = "login";
+export function findCommand(name) {
+    return COMMANDS.find((c) => c.name === name || c.aliases?.includes(name));
+}

package/dist/index.js

@@ -0,0 +1,56 @@
+#!/usr/bin/env node
+import { COMMANDS, DEFAULT_COMMAND, findCommand } from "./commands/registry.js";
+import { banner, color, error, log } from "./lib/ui.js";
+const VERSION = "0.1.0";
+function printHelp() {
+    banner();
+    log(`${color.bold("Usage")}  letter <command> [options]`);
+    log();
+    log(color.bold("Commands"));
+    for (const c of COMMANDS) {
+        const names = [c.name, ...(c.aliases ?? [])].join(", ");
+        log(`  ${names.padEnd(18)} ${color.dim(c.summary)}`);
+    }
+    log(`  ${"help".padEnd(18)} ${color.dim("Show this help")}`);
+    log();
+    log(color.bold("Login options"));
+    log(`  ${"--no-open".padEnd(18)} ${color.dim("Don't auto-open the browser; print the URL")}`);
+    log(`  ${"--yes, -y".padEnd(18)} ${color.dim("Non-interactive (for agents/CI prompts)")}`);
+    log(`  ${"--no-install".padEnd(18)} ${color.dim("Skip installing @letterapp/node")}`);
+    log(`  ${"--base-url <url>".padEnd(18)} ${color.dim("Target a self-hosted / local Letter")}`);
+    log(`  ${"--api-key <key>".padEnd(18)} ${color.dim("CI only: write a key without the device flow")}`);
+    log();
+    log(color.dim("Docs: https://letter.app/docs/agent-setup"));
+    log();
+}
+async function main() {
+    const argv = process.argv.slice(2);
+    const first = argv[0];
+    if (first === "--version" || first === "-v") {
+        log(VERSION);
+        return 0;
+    }
+    if (first === "help" || first === "--help" || first === "-h") {
+        printHelp();
+        return 0;
+    }
+    // No command, or a flag-first invocation (e.g. `letter --no-open`): run the
+    // default command with all args.
+    if (!first || first.startsWith("-")) {
+        const cmd = findCommand(DEFAULT_COMMAND);
+        return cmd.run(argv);
+    }
+    const cmd = findCommand(first);
+    if (!cmd) {
+        error(`Unknown command: ${first}`);
+        log(`Run ${color.cyan("letter help")} to see available commands.`);
+        return 1;
+    }
+    return cmd.run(argv.slice(1));
+}
+main()
+    .then((code) => process.exit(code))
+    .catch((err) => {
+    error(err instanceof Error ? err.message : String(err));
+    process.exit(1);
+});

package/dist/lib/api.js

@@ -0,0 +1,29 @@
+const USER_AGENT = "@letterapp/cli";
+/** Starts a device-authorization flow against the given API base. */
+export async function startDeviceAuth(base) {
+    const res = await fetch(`${base}/v1/cli/auth/start`, {
+        method: "POST",
+        headers: { "content-type": "application/json", "user-agent": USER_AGENT },
+        body: "{}",
+    });
+    if (!res.ok) {
+        throw new Error(`Could not start login (HTTP ${res.status}). Is ${base} reachable?`);
+    }
+    return (await res.json());
+}
+/** Polls once for approval. */
+export async function pollDeviceAuth(base, deviceCode) {
+    const res = await fetch(`${base}/v1/cli/auth/poll`, {
+        method: "POST",
+        headers: { "content-type": "application/json", "user-agent": USER_AGENT },
+        body: JSON.stringify({ device_code: deviceCode }),
+    });
+    if (res.status === 429) {
+        const retryAfter = Number(res.headers.get("retry-after") ?? "5");
+        return { status: "slow_down", retryAfter };
+    }
+    if (!res.ok) {
+        throw new Error(`Login poll failed (HTTP ${res.status}).`);
+    }
+    return (await res.json());
+}

package/dist/lib/args.js

@@ -0,0 +1,49 @@
+export function parseArgs(argv) {
+    const positionals = [];
+    const flags = {};
+    for (let i = 0; i < argv.length; i++) {
+        const arg = argv[i];
+        if (arg.startsWith("--")) {
+            const body = arg.slice(2);
+            const eq = body.indexOf("=");
+            if (eq !== -1) {
+                flags[body.slice(0, eq)] = body.slice(eq + 1);
+            }
+            else if (body.startsWith("no-")) {
+                flags[body.slice(3)] = false;
+            }
+            else {
+                const next = argv[i + 1];
+                if (next && !next.startsWith("-")) {
+                    flags[body] = next;
+                    i++;
+                }
+                else {
+                    flags[body] = true;
+                }
+            }
+        }
+        else if (arg.startsWith("-") && arg.length > 1) {
+            for (const ch of arg.slice(1))
+                flags[ch] = true;
+        }
+        else {
+            positionals.push(arg);
+        }
+    }
+    return { positionals, flags };
+}
+export function flagString(flags, ...names) {
+    for (const n of names) {
+        const v = flags[n];
+        if (typeof v === "string")
+            return v;
+    }
+    return undefined;
+}
+export function flagBool(flags, name) {
+    const v = flags[name];
+    if (typeof v === "boolean")
+        return v;
+    return undefined;
+}

package/dist/lib/browser.js

@@ -0,0 +1,33 @@
+import { spawn } from "node:child_process";
+/**
+ * Opens `url` in the default browser. Best-effort and non-blocking: if it fails
+ * (headless box, no DISPLAY) the caller has already printed the URL so the user
+ * can open it manually. Returns true if a launcher was spawned.
+ */
+export function openUrl(url) {
+    const platform = process.platform;
+    let command;
+    let args;
+    if (platform === "darwin") {
+        command = "open";
+        args = [url];
+    }
+    else if (platform === "win32") {
+        command = "cmd";
+        // `start` needs an empty title arg; the comma-free form avoids quoting woes.
+        args = ["/c", "start", "", url];
+    }
+    else {
+        command = "xdg-open";
+        args = [url];
+    }
+    try {
+        const child = spawn(command, args, { stdio: "ignore", detached: true });
+        child.on("error", () => { });
+        child.unref();
+        return true;
+    }
+    catch {
+        return false;
+    }
+}

package/dist/lib/config.js

@@ -0,0 +1,35 @@
+import { homedir } from "node:os";
+import path from "node:path";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+/** The SDK's built-in default; when the resolved base equals this we don't
+ * write LETTER_BASE_URL to the project env. */
+export const DEFAULT_API_BASE = "https://api.letter.app";
+/** Resolve the API base: explicit flag > env > prod default. */
+export function resolveApiBase(flagValue) {
+    const raw = flagValue || process.env.LETTER_BASE_URL || DEFAULT_API_BASE;
+    return raw.replace(/\/$/, "");
+}
+function credentialsPath() {
+    return path.join(homedir(), ".letter", "credentials.json");
+}
+/**
+ * Persists the credential to ~/.letter/credentials.json with owner-only
+ * permissions. Read by tools like @letterapp/mcp so the secret never has to be
+ * pasted into an MCP config.
+ */
+export async function saveCredential(cred) {
+    const file = credentialsPath();
+    await mkdir(path.dirname(file), { recursive: true, mode: 0o700 });
+    await writeFile(file, `${JSON.stringify(cred, null, 2)}\n`, { mode: 0o600 });
+    return file;
+}
+/** Reads the stored credential, or null if none. */
+export async function readCredential() {
+    try {
+        const raw = await readFile(credentialsPath(), "utf8");
+        return JSON.parse(raw);
+    }
+    catch {
+        return null;
+    }
+}

package/dist/lib/env-file.js

@@ -0,0 +1,45 @@
+import path from "node:path";
+import { readFile, writeFile, stat } from "node:fs/promises";
+/**
+ * Upserts `key=value` in an env file, creating it if needed. Existing keys are
+ * replaced in place; new keys are appended. Returns the file path. The value is
+ * never logged by this module - callers print only the key name.
+ */
+export async function upsertEnv(cwd, file, entries) {
+    const filePath = path.join(cwd, file);
+    let contents = "";
+    try {
+        contents = await readFile(filePath, "utf8");
+    }
+    catch {
+        contents = "";
+    }
+    let next = contents;
+    for (const [key, value] of Object.entries(entries)) {
+        const line = `${key}=${value}`;
+        const re = new RegExp(`^${escapeRegExp(key)}=.*$`, "m");
+        if (re.test(next)) {
+            next = next.replace(re, line);
+        }
+        else {
+            if (next.length && !next.endsWith("\n"))
+                next += "\n";
+            next += `${line}\n`;
+        }
+    }
+    await writeFile(filePath, next, "utf8");
+    return filePath;
+}
+/** True if a file exists at `cwd/name`. */
+export async function fileExists(cwd, name) {
+    try {
+        await stat(path.join(cwd, name));
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+function escapeRegExp(s) {
+    return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}

package/dist/lib/pm.js

@@ -0,0 +1,72 @@
+import { spawn } from "node:child_process";
+import { fileExists } from "./env-file.js";
+/**
+ * Detects the package manager from lockfiles (then the `npm_config_user_agent`
+ * of the running process), defaulting to npm.
+ */
+export async function detectPackageManager(cwd) {
+    if (await fileExists(cwd, "pnpm-lock.yaml"))
+        return "pnpm";
+    if (await fileExists(cwd, "yarn.lock"))
+        return "yarn";
+    if (await fileExists(cwd, "bun.lockb"))
+        return "bun";
+    if (await fileExists(cwd, "package-lock.json"))
+        return "npm";
+    const ua = process.env.npm_config_user_agent ?? "";
+    if (ua.startsWith("pnpm"))
+        return "pnpm";
+    if (ua.startsWith("yarn"))
+        return "yarn";
+    if (ua.startsWith("bun"))
+        return "bun";
+    return "npm";
+}
+/** Detects a likely web framework for friendlier guidance. */
+export async function detectFramework(cwd) {
+    try {
+        const pkgPath = `${cwd}/package.json`;
+        const { readFile } = await import("node:fs/promises");
+        const pkg = JSON.parse(await readFile(pkgPath, "utf8"));
+        const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+        if (deps.next)
+            return "Next.js";
+        if (deps.nuxt)
+            return "Nuxt";
+        if (deps["@remix-run/node"] || deps["@remix-run/react"])
+            return "Remix";
+        if (deps.express)
+            return "Express";
+        if (deps.fastify)
+            return "Fastify";
+        if (deps.hono)
+            return "Hono";
+        if (deps["@sveltejs/kit"])
+            return "SvelteKit";
+        return null;
+    }
+    catch {
+        return null;
+    }
+}
+export function installCommand(pm, pkg) {
+    switch (pm) {
+        case "pnpm":
+            return `pnpm add ${pkg}`;
+        case "yarn":
+            return `yarn add ${pkg}`;
+        case "bun":
+            return `bun add ${pkg}`;
+        default:
+            return `npm install ${pkg}`;
+    }
+}
+/** Runs the install command, streaming output. Resolves to the exit code. */
+export function runInstall(pm, pkg, cwd) {
+    const args = pm === "npm" ? ["install", pkg] : pm === "yarn" ? ["add", pkg] : ["add", pkg];
+    return new Promise((resolve) => {
+        const child = spawn(pm, args, { cwd, stdio: "inherit", shell: process.platform === "win32" });
+        child.on("error", () => resolve(1));
+        child.on("close", (code) => resolve(code ?? 1));
+    });
+}

package/dist/lib/ui.js

@@ -0,0 +1,57 @@
+import readline from "node:readline";
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR && process.env.TERM !== "dumb";
+function wrap(open, close) {
+    return (s) => useColor ? `\u001b[${open}m${s}\u001b[${close}m` : s;
+}
+export const color = {
+    bold: wrap(1, 22),
+    dim: wrap(2, 22),
+    red: wrap(31, 39),
+    green: wrap(32, 39),
+    yellow: wrap(33, 39),
+    blue: wrap(34, 39),
+    cyan: wrap(36, 39),
+    gray: wrap(90, 39),
+};
+export function log(msg = "") {
+    process.stdout.write(`${msg}\n`);
+}
+export function info(msg) {
+    log(`${color.cyan("›")} ${msg}`);
+}
+export function success(msg) {
+    log(`${color.green("✓")} ${msg}`);
+}
+export function warn(msg) {
+    log(`${color.yellow("!")} ${msg}`);
+}
+export function error(msg) {
+    process.stderr.write(`${color.red("✗")} ${msg}\n`);
+}
+export function step(n, total, msg) {
+    log(`${color.dim(`[${n}/${total}]`)} ${msg}`);
+}
+/** The Letter wordmark banner. */
+export function banner() {
+    log();
+    log(`  ${color.bold("Letter")}${color.red(".")} ${color.dim("CLI")}`);
+    log();
+}
+/**
+ * Prompts the user and resolves with their input. Returns "" immediately on a
+ * non-interactive stdin so automated/agent runs don't hang.
+ */
+export function prompt(question) {
+    if (!process.stdin.isTTY)
+        return Promise.resolve("");
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    return new Promise((resolve) => {
+        rl.question(question, (answer) => {
+            rl.close();
+            resolve(answer);
+        });
+    });
+}

package/package.json

@@ -0,0 +1,48 @@
+{
+  "name": "@letterapp/cli",
+  "version": "0.1.0",
+  "description": "Letter CLI - connect your app to Letter in one command. Interactive, secure device login: no API key ever touches your shell or chat.",
+  "license": "MIT",
+  "homepage": "https://letter.app",
+  "author": "letter.app",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/vincenzor/letter-cli.git"
+  },
+  "bugs": {
+    "url": "https://github.com/vincenzor/letter-cli/issues"
+  },
+  "type": "module",
+  "bin": {
+    "letter": "dist/index.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "engines": {
+    "node": ">=18"
+  },
+  "keywords": [
+    "letter",
+    "letterapp",
+    "cli",
+    "analytics",
+    "email",
+    "onboarding"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "clean": "rm -rf dist tsconfig.tsbuildinfo",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run clean && npm run build"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.2",
+    "typescript": "^5.7.2"
+  }
+}