@lizard-build/cli 0.1.0 → 0.3.30

package/src/lib/api.ts

@@ -1,7 +1,10 @@
 import { getToken } from "./auth.js";
+import { CURRENT_VERSION } from "./updater.js";
+import * as https from "node:https";
+import * as http from "node:http";
 
 const DEFAULT_BASE_URL = "https://lizard.build";
-const USER_AGENT = "lizard-cli/0.1";
+const USER_AGENT = `lizard-cli/${CURRENT_VERSION}`;
 
 let baseURL = process.env.LIZARD_API_URL || DEFAULT_BASE_URL;
 let _accessToken: string | null = null;
@@ -10,13 +13,56 @@ export function setBaseURL(url: string) { baseURL = url; }
 export function getBaseURL() { return baseURL; }
 export function setAccessToken(token: string) { _accessToken = token; }
 
+// ── Scoping ───────────────────────────────────────────────────────────
+//
+// Every project-scoped endpoint takes `?workspaceId=…` — mirrors
+// lizard-client's `withScope` so server-side state is shared across
+// CLI and browser. Build URLs through these helpers, never by hand.
+
+export interface ResourceScope {
+  workspaceId?: string | null;
+}
+
+export interface Workspace {
+  id: string;
+  name: string;
+  slug: string;
+  role: "owner" | "member";
+  isPersonal?: boolean;
+  projectCount?: number;
+  createdAt?: number;
+}
+
+export function withQuery(
+  path: string,
+  params: Record<string, string | number | boolean | null | undefined>,
+): string {
+  const search = new URLSearchParams();
+  for (const [key, value] of Object.entries(params)) {
+    if (value === null || value === undefined || value === "") continue;
+    search.set(key, String(value));
+  }
+  const query = search.toString();
+  if (!query) return path;
+  return `${path}${path.includes("?") ? "&" : "?"}${query}`;
+}
+
+export function withScope(path: string, scope?: ResourceScope): string {
+  if (!scope) return path;
+  return withQuery(path, {
+    workspaceId: scope.workspaceId,
+  });
+}
+
 export class APIError extends Error {
   status: number;
   code: string;
-  constructor(status: number, message: string, code = "") {
+  body: unknown;
+  constructor(status: number, message: string, code = "", body: unknown = null) {
     super(message);
     this.status = status;
     this.code = code;
+    this.body = body;
   }
 }
 
@@ -32,12 +78,14 @@ async function request<T = any>(
   method: string,
   path: string,
   body?: unknown,
+  extraHeaders: Record<string, string> = {},
 ): Promise<T> {
   const url = baseURL + path;
   const token = _accessToken || getToken();
 
   const headers: Record<string, string> = {
     "User-Agent": USER_AGENT,
+    ...extraHeaders,
   };
   if (token) {
     headers["Authorization"] = `Bearer ${token}`;
@@ -55,12 +103,14 @@ async function request<T = any>(
   if (!res.ok) {
     let msg = res.statusText;
     let code = "";
+    let body: unknown = null;
     try {
       const j = (await res.json()) as any;
+      body = j;
       msg = j.error || j.message || msg;
       code = j.code || "";
     } catch {}
-    throw new APIError(res.status, msg, code);
+    throw new APIError(res.status, msg, code, body);
   }
 
   const text = await res.text();
@@ -70,8 +120,8 @@ async function request<T = any>(
 
 export const api = {
   get: <T = any>(path: string) => request<T>("GET", path),
-  post: <T = any>(path: string, body?: unknown) =>
-    request<T>("POST", path, body),
+  post: <T = any>(path: string, body?: unknown, headers?: Record<string, string>) =>
+    request<T>("POST", path, body, headers),
   put: <T = any>(path: string, body?: unknown) =>
     request<T>("PUT", path, body),
   patch: <T = any>(path: string, body?: unknown) =>
@@ -80,55 +130,68 @@ export const api = {
 };
 
 /** Stream SSE and call handler for each data line. Return false to stop. */
-export async function streamSSE(
+export function streamSSE(
   path: string,
   handler: (event: string, data: string) => boolean | void,
 ): Promise<void> {
-  const url = baseURL + path;
-  const token = _accessToken || getToken();
-  const headers: Record<string, string> = {
-    "User-Agent": USER_AGENT,
-    Accept: "text/event-stream",
-  };
-  if (token) headers["Authorization"] = `Bearer ${token}`;
+  return new Promise((resolve, reject) => {
+    const url = new URL(baseURL + path);
+    const token = _accessToken || getToken();
+    const reqHeaders: Record<string, string> = {
+      "User-Agent": USER_AGENT,
+      Accept: "text/event-stream",
+    };
+    if (token) reqHeaders["Authorization"] = `Bearer ${token}`;
+
+    const transport = url.protocol === "https:" ? https : http;
+    const req = transport.request(
+      { hostname: url.hostname, port: url.port || (url.protocol === "https:" ? 443 : 80),
+        path: url.pathname + url.search, method: "GET", headers: reqHeaders },
+      (res) => {
+        if (res.statusCode && res.statusCode >= 400) {
+          let body = "";
+          res.on("data", (c: Buffer) => body += c.toString());
+          res.on("end", () => reject(new APIError(res.statusCode!, `SSE failed: ${body}`)));
+          return;
+        }
 
-  const res = await fetch(url, { headers });
-  if (!res.ok) {
-    throw new APIError(res.status, `SSE failed: ${res.statusText}`);
-  }
-  if (!res.body) return;
-
-  const reader = res.body.getReader();
-  const decoder = new TextDecoder();
-  let buffer = "";
-  let currentEvent = "";
-  let currentData = "";
-
-  while (true) {
-    const { done, value } = await reader.read();
-    if (done) break;
-
-    buffer += decoder.decode(value, { stream: true });
-    const lines = buffer.split("\n");
-    buffer = lines.pop() || "";
-
-    for (const line of lines) {
-      const trimmed = line.replace(/\r$/, "");
-      if (trimmed === "") {
-        if (currentData) {
-          const cont = handler(currentEvent, currentData);
-          if (cont === false) {
-            reader.cancel();
-            return;
+        let buffer = "";
+        let currentEvent = "";
+        let currentData = "";
+
+        res.setEncoding("utf8");
+        res.on("data", (chunk: string) => {
+          buffer += chunk;
+          const lines = buffer.split("\n");
+          buffer = lines.pop() ?? "";
+
+          for (const line of lines) {
+            const trimmed = line.replace(/\r$/, "");
+            if (trimmed === "") {
+              if (currentData) {
+                const cont = handler(currentEvent, currentData);
+                if (cont === false) {
+                  req.destroy();
+                  resolve();
+                  return;
+                }
+              }
+              currentEvent = "";
+              currentData = "";
+            } else if (trimmed.startsWith("event:")) {
+              currentEvent = trimmed.slice(6).trim();
+            } else if (trimmed.startsWith("data:")) {
+              currentData = trimmed.slice(5).trimStart();
+            }
           }
-        }
-        currentEvent = "";
-        currentData = "";
-      } else if (trimmed.startsWith("event:")) {
-        currentEvent = trimmed.slice(6).trim();
-      } else if (trimmed.startsWith("data:")) {
-        currentData = trimmed.slice(5).trimStart();
-      }
-    }
-  }
+        });
+
+        res.on("end", resolve);
+        res.on("error", reject);
+      },
+    );
+
+    req.on("error", reject);
+    req.end();
+  });
 }

package/src/lib/auth.ts

@@ -1,55 +1,32 @@
-import fs from "node:fs";
-import path from "node:path";
-import os from "node:os";
 import open from "open";
+import {
+  loadConfig,
+  saveConfig,
+  type Credentials,
+} from "./config.js";
 
-const LIZARD_DIR = path.join(os.homedir(), ".lizard");
-const CREDENTIALS_FILE = path.join(LIZARD_DIR, "credentials.json");
+export type { Credentials } from "./config.js";
 
-export interface Credentials {
-  accessToken: string;
-  refreshToken?: string;
-  expiresAt?: string;
-  userId: string;
-  username: string;
-  email?: string;
-  avatarUrl?: string;
-}
-
-let tokenOverride: string | null = null;
-
-export function setTokenOverride(token: string) {
-  tokenOverride = token;
-}
-
-/** Get the active token in priority order: override → env → file */
+/** Get the active token in priority order: env → file */
 export function getToken(): string | null {
-  if (tokenOverride) return tokenOverride;
   if (process.env.LIZARD_TOKEN) return process.env.LIZARD_TOKEN;
-  const creds = loadCredentials();
-  return creds?.accessToken ?? null;
+  return loadCredentials()?.accessToken ?? null;
 }
 
 export function loadCredentials(): Credentials | null {
-  try {
-    const data = fs.readFileSync(CREDENTIALS_FILE, "utf-8");
-    return JSON.parse(data) as Credentials;
-  } catch {
-    return null;
-  }
+  return loadConfig().credentials ?? null;
 }
 
 export function saveCredentials(creds: Credentials) {
-  fs.mkdirSync(LIZARD_DIR, { recursive: true });
-  fs.writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), {
-    mode: 0o600,
-  });
+  const config = loadConfig();
+  config.credentials = creds;
+  saveConfig(config);
 }
 
 export function clearCredentials() {
-  try {
-    fs.unlinkSync(CREDENTIALS_FILE);
-  } catch {}
+  const config = loadConfig();
+  delete config.credentials;
+  saveConfig(config);
 }
 
 export function isLoggedIn(): boolean {
@@ -65,10 +42,9 @@ function isTTY(): boolean {
  * Returns credentials or throws.
  */
 export async function requireAuth(): Promise<Credentials> {
-  // Token override or env var — we don't have full Credentials, fake it
-  if (tokenOverride || process.env.LIZARD_TOKEN) {
+  if (process.env.LIZARD_TOKEN) {
     return {
-      accessToken: (tokenOverride || process.env.LIZARD_TOKEN)!,
+      accessToken: process.env.LIZARD_TOKEN,
       userId: "",
       username: "",
     };
@@ -77,14 +53,14 @@ export async function requireAuth(): Promise<Credentials> {
   const creds = loadCredentials();
   if (creds) return creds;
 
-  // Not logged in
   if (!isTTY()) {
-    throw new Error(
+    const err = new Error(
       "Not authenticated. Set LIZARD_TOKEN or run `lizard login` first.",
-    );
+    ) as Error & { code: string };
+    err.code = "NOT_AUTHENTICATED";
+    throw err;
   }
 
-  // Auto-login
   const { performLogin } = await import("../commands/login.js");
   return performLogin();
 }
@@ -101,7 +77,7 @@ export async function openURL(url: string) {
     !process.env.WAYLAND_DISPLAY;
 
   if (isSSH || isCI || noDisplay) {
-    return false; // caller should show URL manually
+    return false;
   }
 
   try {

package/src/lib/config.ts

@@ -2,92 +2,127 @@ import fs from "node:fs";
 import path from "node:path";
 import os from "node:os";
 
-const CONFIG_DIR = ".lizard";
-const CONFIG_FILE = "config.json";
-const GLOBAL_SETTINGS_FILE = path.join(os.homedir(), ".lizard", "settings.json");
+export const DEFAULT_REGION = "us-east-1";
 
-export interface ProjectConfig {
-  workspaceId?: string;
-  projectId: string;
-  projectName?: string;
-  environment?: string;
+// Resolve at every call so tests (and exotic shells that mutate HOME) get a
+// fresh path. Cost is negligible — we hit disk anyway. LIZARD_HOME lets tests
+// (and power users) point the config dir somewhere other than ~/.lizard.
+function configDir(): string {
+  return process.env.LIZARD_HOME
+    ? path.join(process.env.LIZARD_HOME, ".lizard")
+    : path.join(os.homedir(), ".lizard");
 }
-
-export interface GlobalSettings {
-  defaultWorkspace?: string;
+function configFile(): string {
+  return path.join(configDir(), "config.json");
 }
 
-/** Find project config by walking up from cwd */
-export function findProjectConfig(): ProjectConfig | null {
-  let dir = process.cwd();
-  while (true) {
-    const configPath = path.join(dir, CONFIG_DIR, CONFIG_FILE);
-    if (fs.existsSync(configPath)) {
-      try {
-        return JSON.parse(fs.readFileSync(configPath, "utf-8"));
-      } catch {
-        return null;
-      }
-    }
-    const parent = path.dirname(dir);
-    if (parent === dir) break;
-    dir = parent;
-  }
-  return null;
+export interface Credentials {
+  accessToken: string;
+  refreshToken?: string;
+  expiresAt?: string;
+  userId: string;
+  username: string;
+  email?: string;
+  avatarUrl?: string;
 }
 
-/** Save project config in cwd */
-export function saveProjectConfig(config: ProjectConfig) {
-  const dir = path.join(process.cwd(), CONFIG_DIR);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(path.join(dir, CONFIG_FILE), JSON.stringify(config, null, 2));
+export interface ProjectLink {
+  projectId: string;
+  projectName?: string;
+  /** Workspace the project belongs to. Lazy-filled for legacy links. */
+  workspaceId?: string;
+  workspaceName?: string;
+  /** Active service for this cwd. `appId/appName` are kept as aliases for backwards compat. */
+  serviceId?: string;
+  serviceName?: string;
+  /** @deprecated use serviceId */
+  appId?: string;
+  /** @deprecated use serviceName */
+  appName?: string;
+}
 
-  // Add .lizard/ to .gitignore if not already there
-  const gitignorePath = path.join(process.cwd(), ".gitignore");
-  try {
-    const existing = fs.existsSync(gitignorePath)
-      ? fs.readFileSync(gitignorePath, "utf-8")
-      : "";
-    if (!existing.includes(".lizard/")) {
-      fs.appendFileSync(
-        gitignorePath,
-        (existing.endsWith("\n") ? "" : "\n") + ".lizard/\n",
-      );
-    }
-  } catch {}
+export interface Config {
+  credentials?: Credentials;
+  projects?: Record<string, ProjectLink>;
 }
 
-export function loadGlobalSettings(): GlobalSettings {
+export function loadConfig(): Config {
   try {
-    return JSON.parse(fs.readFileSync(GLOBAL_SETTINGS_FILE, "utf-8"));
+    return JSON.parse(fs.readFileSync(configFile(), "utf-8")) as Config;
   } catch {
     return {};
   }
 }
 
-export function saveGlobalSettings(settings: GlobalSettings) {
-  const dir = path.dirname(GLOBAL_SETTINGS_FILE);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(GLOBAL_SETTINGS_FILE, JSON.stringify(settings, null, 2));
+export function saveConfig(config: Config) {
+  fs.mkdirSync(configDir(), { recursive: true });
+  fs.writeFileSync(configFile(), JSON.stringify(config, null, 2), {
+    mode: 0o600,
+  });
 }
 
 /**
- * Resolve projectId from: --project flag → .lizard/config.json → error
+ * Read the link for a directory. Normalises legacy `appId/appName` into
+ * `serviceId/serviceName` so callers only have to look at one pair.
  */
-export function resolveProjectId(flagValue?: string): string {
-  if (flagValue) return flagValue;
-  const config = findProjectConfig();
-  if (config?.projectId) return config.projectId;
-  throw new Error(
-    "No project linked. Run `lizard init` or `lizard link` first, or use --project <id>.",
-  );
+export function getProjectLink(cwd: string = process.cwd()): ProjectLink | null {
+  const raw = loadConfig().projects?.[cwd];
+  if (!raw) return null;
+  return {
+    ...raw,
+    serviceId: raw.serviceId ?? raw.appId,
+    serviceName: raw.serviceName ?? raw.appName,
+  };
+}
+
+export function setProjectLink(link: ProjectLink, cwd: string = process.cwd()) {
+  const config = loadConfig();
+  config.projects ??= {};
+  // Mirror service↔app for older readers.
+  const normalised: ProjectLink = {
+    ...link,
+    appId: link.serviceId ?? link.appId,
+    appName: link.serviceName ?? link.appName,
+    serviceId: link.serviceId ?? link.appId,
+    serviceName: link.serviceName ?? link.appName,
+  };
+  config.projects[cwd] = normalised;
+  saveConfig(config);
+}
+
+export function updateProjectLink(
+  patch: Partial<ProjectLink>,
+  cwd: string = process.cwd(),
+) {
+  const existing = getProjectLink(cwd);
+  if (!existing) return;
+  setProjectLink({ ...existing, ...patch }, cwd);
+}
+
+export function clearProjectLink(cwd: string = process.cwd()) {
+  const config = loadConfig();
+  if (config.projects) {
+    delete config.projects[cwd];
+    saveConfig(config);
+  }
 }
 
 /**
- * Resolve environment from: --environment flag → .lizard/config.json → "production"
+ * Resolve a project flag (name, slug, or ID) to an actual project ID.
+ * When no flag is given, falls back to the linked cwd. Hits the API only
+ * when a flag is provided so name/slug lookups work as advertised.
  */
-export function resolveEnvironment(flagValue?: string): string {
-  if (flagValue) return flagValue;
-  const config = findProjectConfig();
-  return config?.environment ?? "production";
+export async function resolveProjectId(flagValue?: string): Promise<string> {
+  if (!flagValue) {
+    const link = getProjectLink();
+    if (link?.projectId) return link.projectId;
+    throw new Error("No project linked. Run `lizard init` or pass --project <id>.");
+  }
+  const { api } = await import("./api.js");
+  const projects = await api.get<Array<{ id: string; name: string; slug: string }>>("/api/projects");
+  const match = projects.find(
+    (p) => p.id === flagValue || p.slug === flagValue || p.name === flagValue,
+  );
+  if (!match) throw new Error(`Project "${flagValue}" not found.`);
+  return match.id;
 }

package/src/lib/format.ts

@@ -34,29 +34,43 @@ export function info(msg: string) {
   process.stderr.write(msg + "\n");
 }
 
+export function link(url: string, text?: string): string {
+  const label = text ?? url;
+  if (!isTTY()) return label;
+  return `\x1b]8;;${url}\x1b\\${label}\x1b]8;;\x1b\\`;
+}
+
+const ANSI_RE = /\x1b\[[0-9;]*m/g;
+function visibleLength(s: string): number {
+  return s.replace(ANSI_RE, "").length;
+}
+function padVisible(s: string, width: number): string {
+  return s + " ".repeat(Math.max(0, width - visibleLength(s)));
+}
+
 export function table(
   headers: string[],
   rows: string[][],
 ) {
   if (rows.length === 0) return;
 
-  const widths = headers.map((h) => h.length);
+  const widths = headers.map((h) => visibleLength(h));
   for (const row of rows) {
     for (let i = 0; i < row.length; i++) {
       if (i < widths.length) {
-        widths[i] = Math.max(widths[i], (row[i] || "").length);
+        widths[i] = Math.max(widths[i], visibleLength(row[i] || ""));
       }
     }
   }
 
   const header = headers
-    .map((h, i) => h.toUpperCase().padEnd(widths[i]))
+    .map((h, i) => padVisible(h.toUpperCase(), widths[i]))
     .join("  ");
   console.log(chalk.dim(header));
 
   for (const row of rows) {
     const line = headers
-      .map((_, i) => (row[i] || "").padEnd(widths[i]))
+      .map((_, i) => padVisible(row[i] || "", widths[i]))
       .join("  ");
     console.log(line);
   }

package/src/lib/name.ts

@@ -0,0 +1,27 @@
+// Shared name validator. Mirrors server/src/services/var-transform.ts.
+// LIZARD-55: 1–40 chars, [a-z0-9-], must start and end with [a-z0-9].
+
+export const NAME_REGEX = /^[a-z0-9]([a-z0-9-]{0,38}[a-z0-9])?$/;
+export const NAME_VALIDATION_HINT =
+  "1–40 chars, lowercase a–z, digits, hyphens; can't start or end with a hyphen";
+
+export function validateName(name: string): string | null {
+  if (!name) return "name is required";
+  if (name.length > 40) return "name must be 40 characters or fewer";
+  if (!NAME_REGEX.test(name)) return `invalid name (${NAME_VALIDATION_HINT})`;
+  return null;
+}
+
+/** Mirrors `slugifyName` in lizard-client/src/lib/api.ts. */
+export function slugifyName(name: string): string {
+  return name
+    .toLowerCase()
+    .replace(/[^a-z0-9_-]+/g, "-")
+    .replace(/^-+|-+$/g, "");
+}
+
+/** Mirrors `addonRefName` in lizard-client — what users type inside ${{...}}. */
+export function addonRefName(addon: { name?: string | null; type?: string; addonType?: string }): string {
+  const display = addon.name || addon.type || addon.addonType || "";
+  return slugifyName(display) || display;
+}