@lpm-registry/cli 0.2.0

package/bin/lpm.js

@@ -0,0 +1,334 @@
+#!/usr/bin/env node
+
+import fs from "node:fs"
+import path from "node:path"
+import { fileURLToPath } from "node:url"
+import { Command } from "commander"
+import updateNotifier from "update-notifier"
+import { add } from "../lib/commands/add.js"
+import { audit } from "../lib/commands/audit.js"
+import { cache } from "../lib/commands/cache.js"
+import { checkName } from "../lib/commands/check-name.js"
+import { config } from "../lib/commands/config.js"
+import { doctor } from "../lib/commands/doctor.js"
+import { info } from "../lib/commands/info.js"
+import { init } from "../lib/commands/init.js"
+import { install } from "../lib/commands/install.js"
+import { login } from "../lib/commands/login.js"
+import { logout } from "../lib/commands/logout.js"
+import { marketplaceCompare } from "../lib/commands/marketplace-compare.js"
+import { marketplaceEarnings } from "../lib/commands/marketplace-earnings.js"
+import { mcpRemove, mcpSetup, mcpStatus } from "../lib/commands/mcp-setup.js"
+import { openDashboard } from "../lib/commands/open.js"
+import { outdated } from "../lib/commands/outdated.js"
+import { poolStats } from "../lib/commands/pool-stats.js"
+import { publish } from "../lib/commands/publish.js"
+import { quality } from "../lib/commands/quality.js"
+import { remove } from "../lib/commands/remove.js"
+import { run } from "../lib/commands/run.js"
+import { search } from "../lib/commands/search.js"
+import { setup } from "../lib/commands/setup.js"
+import {
+	skillsClean,
+	skillsInstall,
+	skillsList,
+	skillsValidate,
+} from "../lib/commands/skills.js"
+import { rotateToken } from "../lib/commands/token-rotate.js"
+import { whoami } from "../lib/commands/whoami.js"
+
+// Load package.json
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+const pkg = JSON.parse(
+	fs.readFileSync(path.join(__dirname, "../package.json"), "utf-8"),
+)
+
+// Check for updates
+updateNotifier({ pkg }).notify()
+
+const program = new Command()
+
+program
+	.name("lpm")
+	.description("CLI for Licensed Package Manager")
+	.version(pkg.version)
+
+// ============================================================================
+// Authentication Commands
+// ============================================================================
+
+program
+	.command("login")
+	.alias("l")
+	.description("Authenticate with the registry")
+	.action(login)
+
+program
+	.command("logout")
+	.alias("lo")
+	.description("Clear stored authentication token")
+	.option("--revoke", "Also revoke the token on the server")
+	.option("--clear-cache", "Clear local package cache")
+	.action(logout)
+
+program
+	.command("whoami")
+	.description("Check current authenticated user")
+	.option("--json", "Output in JSON format")
+	.action(whoami)
+
+// ============================================================================
+// Package Management Commands
+// ============================================================================
+
+program
+	.command("init")
+	.description("Interactively create a package.json for LPM")
+	.action(init)
+
+program
+	.command("install [packages...]")
+	.alias("i")
+	.description("Install packages with automatic registry authentication")
+	.option("--json", "Machine-readable JSON output")
+	.option("--no-skills", "Skip fetching Agent Skills after install")
+	.action(install)
+
+program
+	.command("publish")
+	.alias("p")
+	.description("Publish a package to the registry")
+	.option("--check", "Run quality checks and display report without publishing")
+	.option(
+		"--min-score <score>",
+		"Minimum quality score required to publish (0-100)",
+	)
+	.action(publish)
+
+program
+	.command("add <package>")
+	.description("Download and extract a package source code to your project")
+	.option("-p, --path <path>", "Target directory for the component")
+	.option("-f, --force", "Overwrite existing files without prompting")
+	.option("-y, --yes", "Accept defaults, skip interactive config prompts")
+	.option("--alias <alias>", "Import alias prefix (e.g., @/components/ui)")
+	.option("--target <name>", "Swift SPM target name")
+	.option("--install-deps", "Auto-install npm dependencies (default: true)")
+	.option("--no-install-deps", "Skip npm dependency installation")
+	.option("--json", "Machine-readable JSON output")
+	.option("--dry-run", "Preview what would happen without writing files")
+	.option("--no-skills", "Skip fetching Agent Skills after add")
+	.action(add)
+
+program
+	.command("remove <package>")
+	.alias("rm")
+	.description(
+		"Remove a previously added package (e.g., MCP servers from editors)",
+	)
+	.action(remove)
+
+// ============================================================================
+// Package Discovery Commands
+// ============================================================================
+
+program
+	.command("search <query>")
+	.description("Search for packages in the marketplace")
+	.option("--limit <n>", "Maximum number of results", "20")
+	.option("--json", "Output in JSON format")
+	.action((query, options) =>
+		search(query, { ...options, limit: parseInt(options.limit, 10) }),
+	)
+
+program
+	.command("info <package>")
+	.description("Show detailed information about a package")
+	.option("--json", "Output in JSON format")
+	.option("-a, --all-versions", "Show all versions")
+	.action(info)
+
+program
+	.command("check-name <name>")
+	.description("Check if a package name is available on the registry")
+	.option("--json", "Output in JSON format")
+	.action(checkName)
+
+program
+	.command("quality <package>")
+	.description("Show the server-side quality report for a package")
+	.option("--json", "Output in JSON format")
+	.action(quality)
+
+// ============================================================================
+// Security & Maintenance Commands
+// ============================================================================
+
+program
+	.command("audit [action]")
+	.description("Scan dependencies for known vulnerabilities")
+	.option("--json", "Output in JSON format")
+	.option(
+		"--level <level>",
+		"Minimum severity to report (low, moderate, high, critical)",
+	)
+	.action(audit)
+
+program
+	.command("outdated")
+	.description("Check for outdated dependencies")
+	.option("--json", "Output in JSON format")
+	.option("--all", "Show all dependencies, not just outdated ones")
+	.action(outdated)
+
+program
+	.command("doctor")
+	.description("Check the health of your LPM setup")
+	.action(doctor)
+
+// ============================================================================
+// Configuration Commands
+// ============================================================================
+
+program
+	.command("setup")
+	.description("Configure .npmrc for LPM packages (@lpm.dev scope)")
+	.option("-r, --registry <url>", "Custom registry URL")
+	.action(setup)
+
+program
+	.command("config [action] [key] [value]")
+	.description("Manage CLI configuration (list, get, set, delete)")
+	.action(config)
+
+program
+	.command("set <key> <value>")
+	.description('Shortcut for "lpm config set"')
+	.action((key, value) => config("set", key, value))
+
+program
+	.command("cache <action>")
+	.description("Manage local package cache (clean, list, path)")
+	.action(cache)
+
+// ============================================================================
+// Utility Commands
+// ============================================================================
+
+program
+	.command("open")
+	.description("Open the dashboard or package page in your browser")
+	.action(openDashboard)
+
+program
+	.command("run <script>")
+	.description("Run npm scripts (forwards to npm run)")
+	.allowUnknownOption()
+	.action(run)
+
+// ============================================================================
+// Token Management (Subcommand)
+// ============================================================================
+
+const token = program
+	.command("token")
+	.description("Manage authentication tokens")
+
+token
+	.command("rotate")
+	.description("Rotate the current token")
+	.action(rotateToken)
+
+// ============================================================================
+// Pool Revenue (Subcommand)
+// ============================================================================
+
+const pool = program.command("pool").description("Pool revenue commands")
+
+pool
+	.command("stats")
+	.description("Show your Pool earnings estimate for the current month")
+	.option("--json", "Output in JSON format")
+	.action(poolStats)
+
+// ============================================================================
+// MCP Server (Subcommand)
+// ============================================================================
+
+const mcp = program.command("mcp").description("MCP server commands")
+
+mcp
+	.command("setup")
+	.description("Configure the LPM MCP server in your AI coding editors")
+	.option("--project", "Add to project-level config instead of global")
+	.action(mcpSetup)
+
+mcp
+	.command("remove")
+	.description("Remove the LPM MCP server from all configured editors")
+	.option("--project", "Remove from project-level config only")
+	.action(mcpRemove)
+
+mcp
+	.command("status")
+	.description("Show where the LPM MCP server is configured")
+	.option("--verbose", "Show command and args diagnostics for each editor")
+	.action(mcpStatus)
+
+// ============================================================================
+// Agent Skills (Subcommand)
+// ============================================================================
+
+const skills = program
+	.command("skills")
+	.description("Manage Agent Skills for AI coding assistants")
+
+skills
+	.command("validate")
+	.description("Validate .lpm/skills/ files in the current directory")
+	.option("--json", "Output in JSON format")
+	.action(skillsValidate)
+
+skills
+	.command("install [package]")
+	.description(
+		"Fetch and install skills from the registry (all deps or specific package)",
+	)
+	.option("--json", "Output in JSON format")
+	.action(skillsInstall)
+
+skills
+	.command("list")
+	.description("List available skills for installed @lpm.dev/* packages")
+	.option("--json", "Output in JSON format")
+	.action(skillsList)
+
+skills
+	.command("clean")
+	.description("Remove locally installed skills (.lpm/skills/ directory)")
+	.option("--json", "Output in JSON format")
+	.action(skillsClean)
+
+// ============================================================================
+// Marketplace (Subcommand)
+// ============================================================================
+
+const marketplace = program
+	.command("marketplace")
+	.description("Marketplace commands")
+
+marketplace
+	.command("compare <input>")
+	.description("Find comparable packages by name or category")
+	.option("--json", "Output in JSON format")
+	.option("--category <category>", "Filter by category")
+	.option("--limit <n>", "Maximum number of results")
+	.action(marketplaceCompare)
+
+marketplace
+	.command("earnings")
+	.description("Show your Marketplace revenue summary")
+	.option("--json", "Output in JSON format")
+	.action(marketplaceEarnings)
+
+program.parse()

package/index.d.ts

@@ -0,0 +1,131 @@
+/// <reference types="node" />
+
+// Type declarations for @lpm-registry/cli
+
+// --- integrity.js ---
+
+export interface IntegrityHash {
+	algorithm: string
+	digest: string
+}
+
+export interface IntegrityResult {
+	valid: boolean
+	algorithm?: string
+	error?: string
+	actual?: string
+}
+
+export function generateIntegrity(buffer: Buffer, algorithm?: string): string
+export function verifyIntegrity(
+	buffer: Buffer,
+	expectedIntegrity: string,
+): IntegrityResult
+export function verifyIntegrityMultiple(
+	buffer: Buffer,
+	integrities: string[],
+): IntegrityResult
+export function parseIntegrity(integrity: string): IntegrityHash
+
+// --- safe-path.js ---
+
+export interface PathValidation {
+	valid: boolean
+	resolvedPath?: string
+	error?: string
+}
+
+export interface TarballPathValidation {
+	valid: boolean
+	invalidPaths?: string[]
+}
+
+export function validateComponentPath(
+	projectRoot: string,
+	componentPath: string,
+): PathValidation
+export function validateTarballPaths(
+	extractDir: string,
+	filePaths: string[],
+): TarballPathValidation
+export function resolveSafePath(
+	basePath: string,
+	userPath: string,
+): PathValidation
+export function sanitizeFilename(filename: string): string
+
+// --- quality/score.js ---
+
+export interface QualityCheck {
+	id: string
+	category: "documentation" | "code" | "testing" | "health"
+	label: string
+	passed: boolean
+	points: number
+	maxPoints: number
+	serverOnly?: boolean
+}
+
+export interface QualityMeta {
+	tier: "excellent" | "good" | "fair" | "needs-work"
+	score: number
+	maxScore: number
+	categories: Record<string, { score: number; max: number }>
+}
+
+export interface QualityResult {
+	score: number
+	checks: QualityCheck[]
+	meta: QualityMeta
+}
+
+export interface QualityInput {
+	packageJson: Record<string, unknown>
+	readme: string | null
+	lpmConfig: Record<string, unknown> | null
+	files: Array<{ path: string }>
+	unpackedSize: number
+}
+
+export function runQualityChecks(input: QualityInput): QualityResult
+
+// --- lpm-config.js ---
+
+export interface PackageReference {
+	name: string
+	version: string
+	inlineConfig: Record<string, string>
+	providedParams: Set<string>
+}
+
+export interface LpmConfig {
+	files?: Array<{
+		src: string
+		dest?: string
+		when?: string
+	}>
+	configSchema?: Record<string, unknown>
+	defaultConfig?: Record<string, string>
+	dependencies?: Record<string, unknown>
+}
+
+export interface LpmConfigValidation {
+	valid: boolean
+	errors?: string[]
+}
+
+export function parseLpmPackageReference(ref: string): PackageReference
+export function readLpmConfig(extractDir: string): LpmConfig | null
+export function validateLpmConfig(config: unknown): LpmConfigValidation
+export function filterFiles(
+	files: LpmConfig["files"],
+	mergedConfig: Record<string, string>,
+	providedParams: Set<string>,
+): NonNullable<LpmConfig["files"]>
+// --- project-utils.js ---
+
+export type Framework = "nextjs" | "vite" | "remix" | "astro" | "unknown"
+
+export function detectFramework(): Framework
+export function getDefaultPath(framework: Framework): string
+export function getUserImportPrefix(): string

package/index.js

@@ -0,0 +1,31 @@
+/**
+ * @lpm-registry/cli - CLI for Licensed Package Manager
+ *
+ * This module re-exports key utilities for programmatic use.
+ * For CLI usage, run `lpm` directly.
+ */
+
+export {
+	generateIntegrity,
+	parseIntegrity,
+	verifyIntegrity,
+	verifyIntegrityMultiple,
+} from "./lib/integrity.js"
+export {
+	filterFiles,
+	parseLpmPackageReference,
+	readLpmConfig,
+	validateLpmConfig,
+} from "./lib/lpm-config.js"
+export {
+	detectFramework,
+	getDefaultPath,
+	getUserImportPrefix,
+} from "./lib/project-utils.js"
+export { runQualityChecks } from "./lib/quality/score.js"
+export {
+	resolveSafePath,
+	sanitizeFilename,
+	validateComponentPath,
+	validateTarballPaths,
+} from "./lib/safe-path.js"