@lpm-registry/cli 0.2.0

package/lib/commands/token-rotate.js

@@ -0,0 +1,25 @@
+import { request } from "../api.js"
+import { setToken } from "../config.js"
+import { createSpinner, printHeader } from "../ui.js"
+
+export async function rotateToken() {
+	printHeader()
+	const spinner = createSpinner("Rotating token...").start()
+	try {
+		const response = await request("/-/token/rotate", {
+			method: "POST",
+		})
+
+		if (!response.ok) {
+			throw new Error(`Request failed with status ${response.status}`)
+		}
+
+		const data = await response.json()
+		const newToken = data.token
+
+		await setToken(newToken)
+		spinner.succeed("Token rotated successfully! Local config updated.")
+	} catch (error) {
+		spinner.fail(`Error: ${error.message}`)
+	}
+}

package/lib/commands/whoami.js

@@ -0,0 +1,129 @@
+import { request } from "../api.js"
+import { getRegistryUrl } from "../config.js"
+import { log, printHeader } from "../ui.js"
+
+export async function whoami(options = {}) {
+	if (!options.json) printHeader()
+	try {
+		const response = await request("/-/whoami")
+
+		if (!response.ok) {
+			throw new Error(`Request failed with status ${response.status}`)
+		}
+
+		const data = await response.json()
+
+		if (options.json) {
+			const result = {
+				username: data.username,
+				profileUsername: data.profile_username || null,
+				email: data.email || null,
+				plan: data.plan_tier || null,
+				hasPoolAccess: data.has_pool_access || false,
+				usage: data.usage || null,
+				limits: data.limits || null,
+				orgs: (data.organizations || []).map(org => ({
+					slug: org.slug,
+					name: org.name,
+					role: org.role,
+				})),
+			}
+			console.log(JSON.stringify(result, null, 2))
+			return
+		}
+
+		log.success(`Logged in as: ${data.username}`)
+
+		if (data.plan_tier) {
+			console.log("") // Spacer
+			log.info(`Plan: ${data.plan_tier.toUpperCase()}`)
+
+			// Pool subscription status
+			if (data.has_pool_access) {
+				log.success("Pool: Active")
+			} else {
+				log.info("Pool: Not subscribed")
+			}
+
+			if (data.usage) {
+				const storageMB = (data.usage.storage_bytes / (1024 * 1024)).toFixed(2)
+				const limits = data.limits || {}
+
+				// Storage Check - backend returns storageBytes (not storage_gb)
+				if (limits.storageBytes) {
+					const limitMB = (limits.storageBytes / (1024 * 1024)).toFixed(0)
+					const storageMsg = `Storage Used: ${storageMB}MB / ${limitMB}MB`
+					if (data.usage.storage_bytes > limits.storageBytes) {
+						log.error(`${storageMsg} (OVER LIMIT)`)
+					} else {
+						log.info(storageMsg)
+					}
+				} else {
+					log.info(`Storage Used: ${storageMB}MB`)
+				}
+
+				// Package Count Check - backend returns privatePackages (not private_packages)
+				if (limits.privatePackages !== undefined) {
+					if (
+						limits.privatePackages === Number.POSITIVE_INFINITY ||
+						limits.privatePackages === null
+					) {
+						log.info(
+							`Private Packages: ${data.usage.private_packages} (Unlimited)`,
+						)
+					} else {
+						const pkgMsg = `Private Packages: ${data.usage.private_packages} / ${limits.privatePackages}`
+						if (data.usage.private_packages > limits.privatePackages) {
+							log.error(`${pkgMsg} (OVER LIMIT)`)
+						} else {
+							log.info(pkgMsg)
+						}
+					}
+				} else {
+					log.info(`Private Packages: ${data.usage.private_packages}`)
+				}
+
+				// Over limit warning
+				const overStorage =
+					limits.storageBytes && data.usage.storage_bytes > limits.storageBytes
+				const overPackages =
+					limits.privatePackages &&
+					limits.privatePackages !== Number.POSITIVE_INFINITY &&
+					limits.privatePackages !== null &&
+					data.usage.private_packages > limits.privatePackages
+
+				if (overStorage || overPackages) {
+					const registryUrl = getRegistryUrl()
+					console.log("")
+					log.warn("Your account is over its plan limits.")
+					log.warn("Write access (publishing, inviting members) is restricted.")
+					log.warn(
+						`Upgrade your plan: ${registryUrl}/dashboard/settings/billing`,
+					)
+				}
+			}
+		}
+
+		// Display available scopes for publishing
+		const registryUrl = getRegistryUrl()
+		console.log("")
+		log.info("Available Scopes:")
+
+		// Personal scope
+		if (data.profile_username) {
+			log.info(`  Personal: @lpm.dev/${data.profile_username}.*`)
+		} else {
+			log.warn(`  Personal: Not set (${registryUrl}/dashboard/settings)`)
+		}
+
+		// Organization scopes
+		if (data.organizations?.length > 0) {
+			log.info("  Organizations:")
+			for (const org of data.organizations) {
+				log.info(`    @lpm.dev/${org.slug}.* (${org.role})`)
+			}
+		}
+	} catch (error) {
+		log.error(`Error: ${error.message}`)
+	}
+}

package/lib/config.js

@@ -0,0 +1,240 @@
+/**
+ * CLI Configuration Management
+ *
+ * Handles both secure credential storage and general configuration.
+ * Token storage migrated to secure-store for keychain integration.
+ *
+ * @module cli/lib/config
+ */
+
+import Conf from "conf"
+import {
+	DEFAULT_REGISTRY_URL,
+	MAX_RETRIES,
+	REQUEST_TIMEOUT_MS,
+} from "./constants.js"
+import {
+	isUsingKeychain,
+	clearToken as secureClearToken,
+	getToken as secureGetToken,
+	setToken as secureSetToken,
+} from "./secure-store.js"
+
+// ============================================================================
+// General Configuration Store (non-sensitive data)
+// ============================================================================
+
+const config = new Conf({
+	projectName: "lpm-cli",
+	defaults: {
+		registryUrl: DEFAULT_REGISTRY_URL,
+		timeout: REQUEST_TIMEOUT_MS,
+		retries: MAX_RETRIES,
+	},
+})
+
+// ============================================================================
+// Token Management (Secure Storage)
+// ============================================================================
+
+/**
+ * Get the stored auth token from secure storage.
+ * Priority: LPM_TOKEN env var > secure storage > legacy storage
+ * @returns {Promise<string | null>}
+ */
+export async function getToken() {
+	// Check environment variable first (useful for CI/CD and testing)
+	const envToken = process.env.LPM_TOKEN
+	if (envToken) return envToken
+
+	// Try secure store
+	const secureToken = await secureGetToken()
+	if (secureToken) return secureToken
+
+	// Migration: check if token exists in old storage
+	const legacyToken = config.get("token")
+	if (legacyToken) {
+		// Migrate to secure storage
+		await secureSetToken(legacyToken)
+		config.delete("token")
+		return legacyToken
+	}
+
+	return null
+}
+
+/**
+ * Set the auth token in secure storage.
+ * @param {string | null} token
+ * @returns {Promise<void>}
+ */
+export async function setToken(token) {
+	if (token === null) {
+		await secureClearToken()
+	} else {
+		await secureSetToken(token)
+	}
+	// Ensure legacy token is cleared
+	config.delete("token")
+}
+
+/**
+ * Clear the auth token from secure storage.
+ * @returns {Promise<void>}
+ */
+export async function clearToken() {
+	await secureClearToken()
+	config.delete("token")
+}
+
+// ============================================================================
+// Registry URL Configuration
+// ============================================================================
+
+/**
+ * Get the registry URL.
+ * Priority: LPM_REGISTRY_URL env var > stored config > default
+ * @returns {string}
+ */
+export function getRegistryUrl() {
+	// Check environment variables first (useful for CI/CD and testing)
+	const envUrl = process.env.LPM_REGISTRY_URL
+	if (envUrl) return envUrl
+
+	return config.get("registryUrl", DEFAULT_REGISTRY_URL)
+}
+
+/**
+ * Set the registry URL.
+ * @param {string} url
+ */
+export function setRegistryUrl(url) {
+	config.set("registryUrl", url)
+}
+
+// ============================================================================
+// Timeout Configuration
+// ============================================================================
+
+/**
+ * Get the request timeout in milliseconds.
+ * @returns {number}
+ */
+export function getTimeout() {
+	return config.get("timeout", REQUEST_TIMEOUT_MS)
+}
+
+/**
+ * Set the request timeout in milliseconds.
+ * @param {number} ms
+ */
+export function setTimeout(ms) {
+	config.set("timeout", ms)
+}
+
+// ============================================================================
+// Retry Configuration
+// ============================================================================
+
+/**
+ * Get the maximum retry count.
+ * @returns {number}
+ */
+export function getRetries() {
+	return config.get("retries", MAX_RETRIES)
+}
+
+/**
+ * Set the maximum retry count.
+ * @param {number} count
+ */
+export function setRetries(count) {
+	config.set("retries", count)
+}
+
+// ============================================================================
+// General Configuration Access
+// ============================================================================
+
+/**
+ * Get all configuration values.
+ * @returns {Promise<Record<string, unknown>>}
+ */
+export async function getAllConfig() {
+	const usingKeychain = await isUsingKeychain()
+	const hasToken = !!(await getToken())
+
+	return {
+		registryUrl: getRegistryUrl(),
+		timeout: getTimeout(),
+		retries: getRetries(),
+		secureStorage: usingKeychain ? "keychain" : "encrypted-file",
+		authenticated: hasToken,
+	}
+}
+
+/**
+ * Get a specific configuration value.
+ * @param {string} key
+ * @returns {unknown}
+ */
+export function getConfigValue(key) {
+	const configMap = {
+		registry: getRegistryUrl,
+		registryUrl: getRegistryUrl,
+		timeout: getTimeout,
+		retries: getRetries,
+	}
+
+	const getter = configMap[key]
+	if (getter) return getter()
+	return config.get(key)
+}
+
+/**
+ * Set a specific configuration value.
+ * @param {string} key
+ * @param {unknown} value
+ * @returns {boolean} - True if set successfully
+ */
+export function setConfigValue(key, value) {
+	const configMap = {
+		registry: setRegistryUrl,
+		registryUrl: setRegistryUrl,
+		timeout: val => setTimeout(Number(val)),
+		retries: val => setRetries(Number(val)),
+	}
+
+	const setter = configMap[key]
+	if (setter) {
+		setter(value)
+		return true
+	}
+
+	// Allow setting arbitrary config values
+	config.set(key, value)
+	return true
+}
+
+/**
+ * Delete a specific configuration value.
+ * @param {string} key
+ * @returns {boolean} - True if deleted
+ */
+export function deleteConfigValue(key) {
+	const protectedKeys = ["registryUrl", "registry", "timeout", "retries"]
+	if (protectedKeys.includes(key)) {
+		// Reset to default instead of deleting
+		const defaults = {
+			registryUrl: DEFAULT_REGISTRY_URL,
+			registry: DEFAULT_REGISTRY_URL,
+			timeout: REQUEST_TIMEOUT_MS,
+			retries: MAX_RETRIES,
+		}
+		config.set(key === "registry" ? "registryUrl" : key, defaults[key])
+		return true
+	}
+
+	config.delete(key)
+	return true
+}

package/lib/constants.js

@@ -0,0 +1,190 @@
+/**
+ * CLI Constants Configuration
+ * Centralized configuration for all CLI behavior.
+ *
+ * @module cli/lib/constants
+ */
+
+// ============================================================================
+// Network Configuration
+// ============================================================================
+
+/** Maximum number of retry attempts for failed requests */
+export const MAX_RETRIES = 3
+
+/** Request timeout in milliseconds (30 seconds) */
+export const REQUEST_TIMEOUT_MS = 30_000
+
+/** Base delay for exponential backoff in milliseconds */
+export const RETRY_BASE_DELAY_MS = 1_000
+
+/** Maximum delay between retries in milliseconds */
+export const RETRY_MAX_DELAY_MS = 10_000
+
+/** Multiplier for exponential backoff */
+export const RETRY_BACKOFF_MULTIPLIER = 2
+
+// ============================================================================
+// Cache Configuration
+// ============================================================================
+
+/** Cache directory name (relative to user's home) */
+export const CACHE_DIR_NAME = ".lpm-cache"
+
+/** Maximum cache size in bytes (500 MB) */
+export const MAX_CACHE_SIZE_BYTES = 500 * 1024 * 1024
+
+/** Cache entry TTL in milliseconds (7 days) */
+export const CACHE_TTL_MS = 7 * 24 * 60 * 60 * 1000
+
+// ============================================================================
+// Security Configuration
+// ============================================================================
+
+/** Keytar service name for credential storage */
+export const KEYTAR_SERVICE_NAME = "lpm-cli"
+
+/** Keytar account name for token storage */
+export const KEYTAR_ACCOUNT_NAME = "auth-token"
+
+/** Token scopes that allow publishing */
+export const PUBLISH_SCOPES = ["publish", "write", "full"]
+
+/** Token scopes that allow reading */
+export const READ_SCOPES = ["read", "publish", "write", "full"]
+
+// ============================================================================
+// API Configuration
+// ============================================================================
+
+/** Default registry URL */
+export const DEFAULT_REGISTRY_URL = "https://lpm.dev"
+
+/** API version prefix */
+export const API_VERSION = "v1"
+
+/** HTTP status codes that trigger retries */
+export const RETRYABLE_STATUS_CODES = [408, 429, 500, 502, 503, 504]
+
+/** HTTP status codes that indicate rate limiting */
+export const RATE_LIMIT_STATUS_CODES = [429]
+
+// ============================================================================
+// CLI Configuration
+// ============================================================================
+
+/** CLI name for display purposes */
+export const CLI_NAME = "lpm"
+
+/** Default pagination limit for list commands */
+export const DEFAULT_PAGE_LIMIT = 20
+
+/** Maximum pagination limit */
+export const MAX_PAGE_LIMIT = 100
+
+// ============================================================================
+// File System Configuration
+// ============================================================================
+
+/** Default source directory for component extraction */
+export const DEFAULT_COMPONENTS_DIR = "components"
+
+/** Allowed file extensions for source code extraction */
+export const ALLOWED_SOURCE_EXTENSIONS = [
+	".js",
+	".jsx",
+	".ts",
+	".tsx",
+	".css",
+	".scss",
+	".json",
+	".md",
+]
+
+/** Maximum file size for source extraction (10 MB) */
+export const MAX_SOURCE_FILE_SIZE_BYTES = 10 * 1024 * 1024
+
+// ============================================================================
+// Integrity Verification
+// ============================================================================
+
+/** Default hash algorithm for tarball verification */
+export const DEFAULT_HASH_ALGORITHM = "sha512"
+
+/** Supported hash algorithms */
+export const SUPPORTED_HASH_ALGORITHMS = ["sha256", "sha384", "sha512"]
+
+// ============================================================================
+// Spinner Messages
+// ============================================================================
+
+export const SPINNER_MESSAGES = {
+	authenticating: "Authenticating...",
+	downloading: "Downloading package...",
+	extracting: "Extracting files...",
+	publishing: "Publishing package...",
+	verifying: "Verifying integrity...",
+	retrying: (attempt, max) => `Retrying (${attempt}/${max})...`,
+	rateLimited: seconds => `Rate limited. Waiting ${seconds}s...`,
+	readingConfig: "Reading package configuration...",
+	filteringFiles: "Filtering files based on configuration...",
+}
+
+// ============================================================================
+// Error Messages
+// ============================================================================
+
+export const ERROR_MESSAGES = {
+	notAuthenticated: "Not authenticated. Run `lpm login` first.",
+	tokenExpired: "Token expired. Run `lpm login` to refresh.",
+	tokenMissingScope: scope =>
+		`Token missing required scope: ${scope}. Run \`lpm token-rotate --scope ${scope}\` to fix.`,
+	networkError: "Network error. Check your connection and try again.",
+	rateLimited: "Rate limited. Please wait and try again.",
+	integrityMismatch:
+		"Package integrity check failed. Download may be corrupted.",
+	pathTraversal: "Invalid path: path traversal detected.",
+	timeout:
+		"Request timed out. Try again or increase timeout with `lpm config set timeout <ms>`.",
+	invalidLpmConfig: "Invalid lpm.config.json: ",
+	invalidConfigValue: (key, value, allowed) =>
+		`Invalid value "${value}" for "${key}". Allowed: ${allowed.join(", ")}`,
+	missingRequiredConfig: key =>
+		`Required config parameter "${key}" not provided. Use ?${key}=value in the package URL.`,
+}
+
+// ============================================================================
+// Warning Messages
+// ============================================================================
+
+export const WARNING_MESSAGES = {
+	usernameNotSet: "Your personal username is not set.",
+	usernameNotSetHint: registryUrl =>
+		`Set it to publish packages under your personal owner:\n  ${registryUrl}/dashboard/settings`,
+	ownerMismatch: owner =>
+		`Package owner "@lpm.dev/${owner}" doesn't match your available owners.`,
+	// Legacy - kept for backward compatibility
+	scopeMismatch: scope =>
+		`Package owner "@lpm.dev/${scope}" doesn't match your available owners.`,
+	noOrganizations: "You have no organizations.",
+	createOrgHint: registryUrl =>
+		`Create one at: ${registryUrl}/dashboard/orgs/new`,
+	ownerFixHint:
+		'Either:\n  1. Set your username/org slug to match the package owner\n  2. Change package.json "name" to use @lpm.dev/YOUR_OWNER.package-name',
+	// Legacy - kept for backward compatibility
+	scopeFixHint:
+		'Either:\n  1. Set your username/org slug to match the package owner\n  2. Change package.json "name" to use @lpm.dev/YOUR_OWNER.package-name',
+}
+
+// ============================================================================
+// Success Messages
+// ============================================================================
+
+export const SUCCESS_MESSAGES = {
+	// Updated for new format: @lpm.dev/owner.package-name
+	// owner = username or org slug, pkgName = package name (without owner prefix)
+	publishPersonal: (registryUrl, owner, pkgName, version) =>
+		`Successfully published @lpm.dev/${owner}.${pkgName}@${version}\n  ${registryUrl}/${owner}.${pkgName}`,
+	publishOrg: (registryUrl, owner, pkgName, version) =>
+		`Successfully published @lpm.dev/${owner}.${pkgName}@${version}\n  ${registryUrl}/${owner}.${pkgName}`,
+}