@odla-ai/cli 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +120 -0
- package/REQUIREMENTS.md +55 -0
- package/dist/bin.cjs +845 -0
- package/dist/bin.cjs.map +1 -0
- package/dist/bin.d.cts +2 -0
- package/dist/bin.d.ts +2 -0
- package/dist/bin.js +11 -0
- package/dist/bin.js.map +1 -0
- package/dist/chunk-AXCZKIVY.js +818 -0
- package/dist/chunk-AXCZKIVY.js.map +1 -0
- package/dist/index.cjs +863 -0
- package/dist/index.cjs.map +1 -0
- package/dist/index.d.cts +133 -0
- package/dist/index.d.ts +133 -0
- package/dist/index.js +16 -0
- package/dist/index.js.map +1 -0
- package/llms.txt +260 -0
- package/package.json +63 -0
package/README.md
ADDED
|
@@ -0,0 +1,120 @@
|
|
|
1
|
+
# @odla-ai/cli
|
|
2
|
+
|
|
3
|
+
Project-neutral provisioning CLI for odla apps. It creates and validates an
|
|
4
|
+
`odla.config.mjs`, then uses that config to register an app, enable services,
|
|
5
|
+
push odla-db schema/rules, configure platform AI, configure Clerk auth, record
|
|
6
|
+
deployment links, and write local runtime credentials.
|
|
7
|
+
|
|
8
|
+
It does not know about any specific app. App identity, environments, services,
|
|
9
|
+
schema, rules, auth, AI provider, and links all come from config.
|
|
10
|
+
|
|
11
|
+
## Install
|
|
12
|
+
|
|
13
|
+
No install needed — the package ships a single `odla-ai` binary, so npx can run
|
|
14
|
+
it directly:
|
|
15
|
+
|
|
16
|
+
```bash
|
|
17
|
+
npx @odla-ai/cli init --app-id my-app --name "My App"
|
|
18
|
+
```
|
|
19
|
+
|
|
20
|
+
For a project you keep working in, install it as a dev dependency so the
|
|
21
|
+
shorter `npx odla-ai` form works and the version is pinned by your lockfile:
|
|
22
|
+
|
|
23
|
+
```bash
|
|
24
|
+
npm i -D @odla-ai/cli
|
|
25
|
+
```
|
|
26
|
+
|
|
27
|
+
## Prerequisites
|
|
28
|
+
|
|
29
|
+
- Node.js 20 or newer (`node --version`).
|
|
30
|
+
- odla apps usually deploy as Cloudflare Workers. If you have never used
|
|
31
|
+
Cloudflare:
|
|
32
|
+
1. Create a free account at <https://dash.cloudflare.com/sign-up>.
|
|
33
|
+
2. You do not need to install anything: `npx wrangler login` opens the
|
|
34
|
+
browser once to link your account, `npx wrangler dev` runs a Worker
|
|
35
|
+
locally, and `npx wrangler deploy` ships it.
|
|
36
|
+
3. The `.dev.vars` file this CLI writes with `provision --write-dev-vars` is
|
|
37
|
+
wrangler's local secrets file — `wrangler dev` picks it up automatically.
|
|
38
|
+
It is chmod `0600` and gitignored; never commit it or paste its contents
|
|
39
|
+
into `wrangler.toml`.
|
|
40
|
+
|
|
41
|
+
## Commands
|
|
42
|
+
|
|
43
|
+
```bash
|
|
44
|
+
npx odla-ai init --app-id my-app --name "My App"
|
|
45
|
+
npx odla-ai doctor
|
|
46
|
+
npx odla-ai provision --dry-run
|
|
47
|
+
npx odla-ai provision --write-dev-vars
|
|
48
|
+
npx odla-ai smoke --env dev
|
|
49
|
+
npx odla-ai version
|
|
50
|
+
```
|
|
51
|
+
|
|
52
|
+
`init` writes:
|
|
53
|
+
|
|
54
|
+
- `odla.config.mjs`
|
|
55
|
+
- `src/odla/schema.mjs`
|
|
56
|
+
- `src/odla/rules.mjs`
|
|
57
|
+
- `.gitignore` entries for local credentials
|
|
58
|
+
|
|
59
|
+
`provision` performs the standard safe setup flow:
|
|
60
|
+
|
|
61
|
+
1. Gets an `odla_dev_...` token by device handshake, or reuses
|
|
62
|
+
`ODLA_DEV_TOKEN` / `.odla/dev-token.json`.
|
|
63
|
+
In an interactive terminal it opens the approval page in your browser when
|
|
64
|
+
the code is displayed. Pass `--open` to force browser launch from a
|
|
65
|
+
non-interactive shell, or `--no-open` to suppress it. Browser launch is
|
|
66
|
+
best-effort; the printed URL and code always remain the fallback.
|
|
67
|
+
2. Creates the platform app if needed.
|
|
68
|
+
3. Enables configured services in every configured environment.
|
|
69
|
+
4. Mints or reuses each env's odla-db app key.
|
|
70
|
+
5. Pushes the configured schema and rules.
|
|
71
|
+
6. Configures platform AI and stores provider keys in the tenant vault when the
|
|
72
|
+
configured key env var is set.
|
|
73
|
+
7. Writes `.odla/credentials.local.json` with mode `0600`.
|
|
74
|
+
|
|
75
|
+
Pass `--rotate-keys` to mint fresh db keys. Pass `--no-write-credentials` to
|
|
76
|
+
skip writing the local credentials file.
|
|
77
|
+
|
|
78
|
+
`smoke` verifies a provisioned environment from local credentials. It fetches
|
|
79
|
+
the platform public config, checks the configured AI provider, fetches the live
|
|
80
|
+
odla-db schema with the tenant key, compares expected schema entities, and runs
|
|
81
|
+
a count aggregate against the first entity. It fails early with a clear message
|
|
82
|
+
when provisioning has not written `.odla/credentials.local.json`.
|
|
83
|
+
|
|
84
|
+
## Config
|
|
85
|
+
|
|
86
|
+
```js
|
|
87
|
+
export default {
|
|
88
|
+
platformUrl: process.env.ODLA_PLATFORM_URL ?? "https://odla.ai",
|
|
89
|
+
dbEndpoint: process.env.ODLA_ENDPOINT ?? process.env.ODLA_DB_ENDPOINT ?? "https://db.odla.ai",
|
|
90
|
+
app: { id: "my-app", name: "My App" },
|
|
91
|
+
envs: ["prod", "dev"],
|
|
92
|
+
services: ["db", "ai"],
|
|
93
|
+
db: {
|
|
94
|
+
schema: "./src/odla/schema.mjs",
|
|
95
|
+
rules: "./src/odla/rules.mjs",
|
|
96
|
+
defaultRules: "deny",
|
|
97
|
+
},
|
|
98
|
+
ai: {
|
|
99
|
+
provider: process.env.ODLA_AI_PROVIDER ?? "anthropic",
|
|
100
|
+
keyEnv: "ANTHROPIC_API_KEY",
|
|
101
|
+
},
|
|
102
|
+
auth: {
|
|
103
|
+
clerk: {
|
|
104
|
+
dev: "$CLERK_PUBLISHABLE_KEY",
|
|
105
|
+
prod: "$CLERK_PUBLISHABLE_KEY",
|
|
106
|
+
},
|
|
107
|
+
},
|
|
108
|
+
links: {
|
|
109
|
+
dev: "https://dev.example.com",
|
|
110
|
+
prod: "https://example.com",
|
|
111
|
+
},
|
|
112
|
+
};
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
`db.schema` and `db.rules` may be inline objects, JSON files, or JS modules
|
|
116
|
+
exporting `default`, `schema` / `SCHEMA`, or `rules` / `RULES`.
|
|
117
|
+
|
|
118
|
+
If schema is present and rules are omitted, `defaultRules: "deny"` generates
|
|
119
|
+
deny-all rules for every schema entity. That is the safe default for Workers
|
|
120
|
+
that mediate reads and writes with an app key.
|
package/REQUIREMENTS.md
ADDED
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
# CLI Requirements From the Agnacl Rebuild
|
|
2
|
+
|
|
3
|
+
These are requirements for a generic odla-ai npm CLI. They came from rebuilding
|
|
4
|
+
Agnacl, but none should mention or special-case Agnacl.
|
|
5
|
+
|
|
6
|
+
## Core Contract
|
|
7
|
+
|
|
8
|
+
- A project must declare intent in a checked-in config file:
|
|
9
|
+
app id/name, envs, platform URL, db endpoint, services, schema, rules, auth,
|
|
10
|
+
AI provider/model, deployment links, and local credential paths.
|
|
11
|
+
- The CLI must validate that contract without network calls.
|
|
12
|
+
- The CLI must show a dry-run plan before creating platform state or writing
|
|
13
|
+
credentials.
|
|
14
|
+
- The CLI must treat platform registry and odla-db as separate endpoints. They
|
|
15
|
+
may be the same in some deployments, but generated configs must not imply it.
|
|
16
|
+
|
|
17
|
+
## Human Approval
|
|
18
|
+
|
|
19
|
+
- Provisioning must default to device-handshake auth, never a platform admin
|
|
20
|
+
secret in chat or config.
|
|
21
|
+
- The approval code must be printed in a copyable URL.
|
|
22
|
+
- Interactive provisioning should launch the browser to the approval page when
|
|
23
|
+
possible. `--open` should force launch; `--no-open` should suppress it.
|
|
24
|
+
- Cached developer tokens must be mode `0600`, gitignored, and reused until
|
|
25
|
+
expiry.
|
|
26
|
+
|
|
27
|
+
## Safe Provisioning
|
|
28
|
+
|
|
29
|
+
- Re-runs must be idempotent: reuse existing app registration and local db keys.
|
|
30
|
+
- Key rotation must be explicit (`--rotate-keys`).
|
|
31
|
+
- Local runtime files (`.dev.vars`, local credentials) must be gitignored.
|
|
32
|
+
- Schema pushes must be explicit and visible in dry-run.
|
|
33
|
+
- If rules are omitted, schema-derived deny-all rules are the safe default.
|
|
34
|
+
|
|
35
|
+
## App Scaffolding Gaps
|
|
36
|
+
|
|
37
|
+
- A future `scaffold worker --kg` command should create the generic runtime
|
|
38
|
+
wiring now hand-written in this rebuild:
|
|
39
|
+
`getEnv`, platform public-config fetch, Clerk JWT verification,
|
|
40
|
+
`@odla-ai/db` initialization, `@odla-ai/ai initFromPlatform`, and
|
|
41
|
+
`@odla-ai/kg writeFragment` seed/ingest helpers.
|
|
42
|
+
- `smoke` should verify:
|
|
43
|
+
public-config fetch, db schema presence, a simple db aggregate/query, and AI
|
|
44
|
+
config resolution. Tenant-vault key availability is still a follow-up because
|
|
45
|
+
checking it requires knowing the provider secret name and deliberately
|
|
46
|
+
touching the secret read path.
|
|
47
|
+
- A future `inspect` command should scan an existing app and report likely auth,
|
|
48
|
+
DB, AI, and graph surfaces before migration.
|
|
49
|
+
|
|
50
|
+
## LLM Ergonomics
|
|
51
|
+
|
|
52
|
+
- Every command must produce machine-readable enough output for an LLM to decide
|
|
53
|
+
the next action from stdout alone.
|
|
54
|
+
- Failures should name the exact config key or external capability missing.
|
|
55
|
+
- The package must ship `llms.txt` so agents can use it without reading source.
|