npm - @planckspace/cli - Versions diffs - 0.1.1 → 0.2.0 - Mend

@planckspace/cli 0.1.1 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (190) hide show

package/README.md +24 -1
package/dist/anomaly/constants.d.ts +13 -0
package/dist/anomaly/constants.d.ts.map +1 -0
package/dist/anomaly/constants.js +13 -0
package/dist/anomaly/constants.js.map +1 -0
package/dist/anomaly/detector.d.ts +12 -0
package/dist/anomaly/detector.d.ts.map +1 -0
package/dist/anomaly/detector.js +98 -0
package/dist/anomaly/detector.js.map +1 -0
package/dist/anomaly/types.d.ts +19 -0
package/dist/anomaly/types.d.ts.map +1 -0
package/dist/anomaly/types.js +2 -0
package/dist/anomaly/types.js.map +1 -0
package/dist/commands/budget.d.ts +26 -0
package/dist/commands/budget.d.ts.map +1 -0
package/dist/commands/budget.js +91 -0
package/dist/commands/budget.js.map +1 -0
package/dist/commands/config.d.ts +4 -0
package/dist/commands/config.d.ts.map +1 -0
package/dist/commands/config.js +45 -0
package/dist/commands/config.js.map +1 -0
package/dist/commands/connect.d.ts +17 -0
package/dist/commands/connect.d.ts.map +1 -0
package/dist/commands/connect.js +191 -0
package/dist/commands/connect.js.map +1 -0
package/dist/commands/daemon.d.ts +8 -0
package/dist/commands/daemon.d.ts.map +1 -0
package/dist/commands/daemon.js +310 -0
package/dist/commands/daemon.js.map +1 -0
package/dist/commands/diagnose.d.ts +2 -0
package/dist/commands/diagnose.d.ts.map +1 -0
package/dist/commands/diagnose.js +81 -0
package/dist/commands/diagnose.js.map +1 -0
package/dist/commands/doctor.d.ts +2 -0
package/dist/commands/doctor.d.ts.map +1 -0
package/dist/commands/doctor.js +67 -0
package/dist/commands/doctor.js.map +1 -0
package/dist/commands/export.d.ts +40 -0
package/dist/commands/export.d.ts.map +1 -0
package/dist/commands/export.js +184 -0
package/dist/commands/export.js.map +1 -0
package/dist/commands/init.d.ts +3 -1
package/dist/commands/init.d.ts.map +1 -1
package/dist/commands/init.js +14 -1
package/dist/commands/init.js.map +1 -1
package/dist/commands/insights.d.ts +2 -0
package/dist/commands/insights.d.ts.map +1 -0
package/dist/commands/insights.js +71 -0
package/dist/commands/insights.js.map +1 -0
package/dist/commands/inspect.d.ts +2 -0
package/dist/commands/inspect.d.ts.map +1 -0
package/dist/commands/inspect.js +81 -0
package/dist/commands/inspect.js.map +1 -0
package/dist/commands/integrations.d.ts +2 -0
package/dist/commands/integrations.d.ts.map +1 -0
package/dist/commands/integrations.js +46 -0
package/dist/commands/integrations.js.map +1 -0
package/dist/commands/login.d.ts +1 -1
package/dist/commands/login.d.ts.map +1 -1
package/dist/commands/login.js +45 -6
package/dist/commands/login.js.map +1 -1
package/dist/commands/metrics.d.ts +6 -0
package/dist/commands/metrics.d.ts.map +1 -0
package/dist/commands/metrics.js +85 -0
package/dist/commands/metrics.js.map +1 -0
package/dist/commands/reconcile.d.ts +2 -0
package/dist/commands/reconcile.d.ts.map +1 -0
package/dist/commands/reconcile.js +63 -0
package/dist/commands/reconcile.js.map +1 -0
package/dist/commands/scan.d.ts.map +1 -1
package/dist/commands/scan.js +53 -10
package/dist/commands/scan.js.map +1 -1
package/dist/commands/status.d.ts +1 -1
package/dist/commands/status.d.ts.map +1 -1
package/dist/commands/status.js +84 -14
package/dist/commands/status.js.map +1 -1
package/dist/commands/subscription.d.ts +15 -0
package/dist/commands/subscription.d.ts.map +1 -0
package/dist/commands/subscription.js +62 -0
package/dist/commands/subscription.js.map +1 -0
package/dist/commands/sync.d.ts +1 -1
package/dist/commands/sync.d.ts.map +1 -1
package/dist/commands/sync.js +77 -10
package/dist/commands/sync.js.map +1 -1
package/dist/commands/value.d.ts +5 -0
package/dist/commands/value.d.ts.map +1 -0
package/dist/commands/value.js +95 -0
package/dist/commands/value.js.map +1 -0
package/dist/config.d.ts +28 -3
package/dist/config.d.ts.map +1 -1
package/dist/config.js +9 -1
package/dist/config.js.map +1 -1
package/dist/correlate.d.ts +7 -0
package/dist/correlate.d.ts.map +1 -1
package/dist/correlate.js +102 -15
package/dist/correlate.js.map +1 -1
package/dist/daemon/daemon.d.ts +2 -0
package/dist/daemon/daemon.d.ts.map +1 -0
package/dist/daemon/daemon.js +188 -0
package/dist/daemon/daemon.js.map +1 -0
package/dist/daemon/daemonState.d.ts +25 -0
package/dist/daemon/daemonState.d.ts.map +1 -0
package/dist/daemon/daemonState.js +82 -0
package/dist/daemon/daemonState.js.map +1 -0
package/dist/daemon/logger.d.ts +7 -0
package/dist/daemon/logger.d.ts.map +1 -0
package/dist/daemon/logger.js +61 -0
package/dist/daemon/logger.js.map +1 -0
package/dist/daemon/syncLoop.d.ts +38 -0
package/dist/daemon/syncLoop.d.ts.map +1 -0
package/dist/daemon/syncLoop.js +119 -0
package/dist/daemon/syncLoop.js.map +1 -0
package/dist/daemon/watcher.d.ts +26 -0
package/dist/daemon/watcher.d.ts.map +1 -0
package/dist/daemon/watcher.js +187 -0
package/dist/daemon/watcher.js.map +1 -0
package/dist/db/store.d.ts +123 -2
package/dist/db/store.d.ts.map +1 -1
package/dist/db/store.js +397 -11
package/dist/db/store.js.map +1 -1
package/dist/detectors/cache-gap.d.ts +3 -0
package/dist/detectors/cache-gap.d.ts.map +1 -0
package/dist/detectors/cache-gap.js +70 -0
package/dist/detectors/cache-gap.js.map +1 -0
package/dist/detectors/context-bloat.d.ts +3 -0
package/dist/detectors/context-bloat.d.ts.map +1 -0
package/dist/detectors/context-bloat.js +68 -0
package/dist/detectors/context-bloat.js.map +1 -0
package/dist/detectors/fileTokens.d.ts +3 -0
package/dist/detectors/fileTokens.d.ts.map +1 -0
package/dist/detectors/fileTokens.js +12 -0
package/dist/detectors/fileTokens.js.map +1 -0
package/dist/detectors/index.d.ts +20 -0
package/dist/detectors/index.d.ts.map +1 -0
package/dist/detectors/index.js +41 -0
package/dist/detectors/index.js.map +1 -0
package/dist/detectors/model-routing.d.ts +3 -0
package/dist/detectors/model-routing.d.ts.map +1 -0
package/dist/detectors/model-routing.js +71 -0
package/dist/detectors/model-routing.js.map +1 -0
package/dist/detectors/repeat-read.d.ts +3 -0
package/dist/detectors/repeat-read.d.ts.map +1 -0
package/dist/detectors/repeat-read.js +69 -0
package/dist/detectors/repeat-read.js.map +1 -0
package/dist/detectors/seat-efficiency.d.ts +4 -0
package/dist/detectors/seat-efficiency.d.ts.map +1 -0
package/dist/detectors/seat-efficiency.js +86 -0
package/dist/detectors/seat-efficiency.js.map +1 -0
package/dist/detectors/types.d.ts +46 -0
package/dist/detectors/types.d.ts.map +1 -0
package/dist/detectors/types.js +2 -0
package/dist/detectors/types.js.map +1 -0
package/dist/health.d.ts +59 -0
package/dist/health.d.ts.map +1 -0
package/dist/health.js +106 -0
package/dist/health.js.map +1 -0
package/dist/index.js +389 -5
package/dist/index.js.map +1 -1
package/dist/metrics.d.ts +29 -0
package/dist/metrics.d.ts.map +1 -0
package/dist/metrics.js +205 -0
package/dist/metrics.js.map +1 -0
package/dist/scrapers/claudeCode.d.ts +1 -0
package/dist/scrapers/claudeCode.d.ts.map +1 -1
package/dist/scrapers/claudeCode.js +43 -13
package/dist/scrapers/claudeCode.js.map +1 -1
package/dist/scrapers/cursor.d.ts +3 -2
package/dist/scrapers/cursor.d.ts.map +1 -1
package/dist/scrapers/cursor.js +56 -16
package/dist/scrapers/cursor.js.map +1 -1
package/dist/scrapers/jetbrains.d.ts +15 -0
package/dist/scrapers/jetbrains.d.ts.map +1 -0
package/dist/scrapers/jetbrains.js +232 -0
package/dist/scrapers/jetbrains.js.map +1 -0
package/dist/scrapers/types.d.ts +4 -1
package/dist/scrapers/types.d.ts.map +1 -1
package/dist/scrapers/windsurf.d.ts +3 -2
package/dist/scrapers/windsurf.d.ts.map +1 -1
package/dist/scrapers/windsurf.js +25 -9
package/dist/scrapers/windsurf.js.map +1 -1
package/dist/sync/payload.d.ts +4 -5
package/dist/sync/payload.d.ts.map +1 -1
package/dist/sync/payload.js +88 -7
package/dist/sync/payload.js.map +1 -1
package/dist/sync/syncEngine.d.ts +19 -3
package/dist/sync/syncEngine.d.ts.map +1 -1
package/dist/sync/syncEngine.js +116 -10
package/dist/sync/syncEngine.js.map +1 -1
package/install.sh +27 -10
package/package.json +43 -42

package/README.md CHANGED Viewed

@@ -8,7 +8,7 @@ PlanckSpace CLI — sync AI token usage from Claude Code, Cursor, and Windsurf t
 curl -fsSL https://planckspace.dev/install | sh
 ```
-With an invite token:
+With an invite token (skips the manual login step):
 ```sh
 curl -fsSL https://planckspace.dev/install | sh -s -- --token pk_live_xxx
@@ -22,6 +22,22 @@ npm install -g @planckspace/cli
 See [docs/INSTALL.md](docs/INSTALL.md) for manual steps and troubleshooting.
+## VS Code extension
+Install the companion extension to see spend, insights, and skill recommendations right in your editor:
+- **VS Code Marketplace** — search "Planckspace" in the Extensions view, or run:
+  ```sh
+  code --install-extension planckspace.planckspace-extension
+  ```
+- **Open VSX** (Cursor / Windsurf / VS Codium): [open-vsx.org/extension/planckspace/planckspace-extension](https://open-vsx.org/extension/planckspace/planckspace-extension)
+- **Headless / CI**:
+  ```sh
+  code --install-extension planckspace.planckspace-extension
+  # or install from VSIX:
+  code --install-extension planckspace-extension-win32-x64-0.2.0.vsix
+  ```
 ## Commands
 | Command | Description |
@@ -56,6 +72,13 @@ planck scan --sync
 See [docs/COVERAGE.md](docs/COVERAGE.md) for per-tool capture details.
+## What's new in 0.2.0
+- **Cost insights** — the CLI now detects patterns that inflate spend (large CLAUDE.md, low cache hit rates, repeated context) and writes them to `~/.planckspace/local.db`. The VS Code extension surfaces these with estimated monthly savings.
+- **Audit scoring** — `planck status` reports a workspace configuration score across five dimensions: CLAUDE.md token budget, prompt-cache hit rate, hooks, installed skills, and MCP servers.
+- **Improved Windsurf support** — schema detection updated for recent Windsurf session log changes.
+- **Anomaly detection** — the CLI flags sessions with unusually high token counts or cost spikes.
 ## Supported editors
 | Editor | Sessions | Tokens / cost | Notes |

package/dist/anomaly/constants.d.ts ADDED Viewed

@@ -0,0 +1,13 @@
+/** Tunable thresholds for anomaly detection and budget alerting. */
+/** Daily cost must exceed this multiple of the 7-day median to fire a daily spike. */
+export declare const DAILY_SPIKE_RATIO = 3;
+/** Daily cost must also exceed this absolute floor (USD) to fire a daily spike. */
+export declare const DAILY_SPIKE_MIN_USD = 20;
+/** Session cost must exceed this multiple of the developer's p90 to fire a session spike. */
+export declare const SESSION_SPIKE_RATIO = 5;
+/** Minimum number of sessions a developer must have in the trailing 30 days before a p90
+ *  baseline is meaningful enough to fire session-level anomalies. */
+export declare const SESSION_P90_MIN_SAMPLES = 5;
+/** Fraction of monthly budget consumed before a warning is printed at the end of scan. */
+export declare const BUDGET_WARN_THRESHOLD = 0.8;
+//# sourceMappingURL=constants.d.ts.map

package/dist/anomaly/constants.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"constants.d.ts","sourceRoot":"","sources":["../../src/anomaly/constants.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,sFAAsF;AACtF,eAAO,MAAM,iBAAiB,IAAI,CAAC;AAEnC,mFAAmF;AACnF,eAAO,MAAM,mBAAmB,KAAK,CAAC;AAEtC,6FAA6F;AAC7F,eAAO,MAAM,mBAAmB,IAAI,CAAC;AAErC;qEACqE;AACrE,eAAO,MAAM,uBAAuB,IAAI,CAAC;AAEzC,0FAA0F;AAC1F,eAAO,MAAM,qBAAqB,MAAO,CAAC"}

package/dist/anomaly/constants.js ADDED Viewed

@@ -0,0 +1,13 @@
+/** Tunable thresholds for anomaly detection and budget alerting. */
+/** Daily cost must exceed this multiple of the 7-day median to fire a daily spike. */
+export const DAILY_SPIKE_RATIO = 3;
+/** Daily cost must also exceed this absolute floor (USD) to fire a daily spike. */
+export const DAILY_SPIKE_MIN_USD = 20;
+/** Session cost must exceed this multiple of the developer's p90 to fire a session spike. */
+export const SESSION_SPIKE_RATIO = 5;
+/** Minimum number of sessions a developer must have in the trailing 30 days before a p90
+ *  baseline is meaningful enough to fire session-level anomalies. */
+export const SESSION_P90_MIN_SAMPLES = 5;
+/** Fraction of monthly budget consumed before a warning is printed at the end of scan. */
+export const BUDGET_WARN_THRESHOLD = 0.80;
+//# sourceMappingURL=constants.js.map

package/dist/anomaly/constants.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"constants.js","sourceRoot":"","sources":["../../src/anomaly/constants.ts"],"names":[],"mappings":"AAAA,oEAAoE;AAEpE,sFAAsF;AACtF,MAAM,CAAC,MAAM,iBAAiB,GAAG,CAAC,CAAC;AAEnC,mFAAmF;AACnF,MAAM,CAAC,MAAM,mBAAmB,GAAG,EAAE,CAAC;AAEtC,6FAA6F;AAC7F,MAAM,CAAC,MAAM,mBAAmB,GAAG,CAAC,CAAC;AAErC;qEACqE;AACrE,MAAM,CAAC,MAAM,uBAAuB,GAAG,CAAC,CAAC;AAEzC,0FAA0F;AAC1F,MAAM,CAAC,MAAM,qBAAqB,GAAG,IAAI,CAAC"}

package/dist/anomaly/detector.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import type { AnomalyEvent } from "./types.js";
+/**
+ * Detect anomalous cost events.
+ *
+ * Two detectors run:
+ *   1. Daily cost spike — per repo, trailing 7-day median vs most-recent day.
+ *   2. Session cost spike — per developer, p90 over 30 days vs individual session.
+ *
+ * Pass `now` for deterministic testing (defaults to current time).
+ */
+export declare function detectAnomalies(now?: Date): AnomalyEvent[];
+//# sourceMappingURL=detector.d.ts.map

package/dist/anomaly/detector.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"detector.d.ts","sourceRoot":"","sources":["../../src/anomaly/detector.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,YAAY,EAAE,MAAM,YAAY,CAAC;AA8B/C;;;;;;;;GAQG;AACH,wBAAgB,eAAe,CAAC,GAAG,OAAa,GAAG,YAAY,EAAE,CA0EhE"}

package/dist/anomaly/detector.js ADDED Viewed

@@ -0,0 +1,98 @@
+import { getDailySessionCosts, getSessionsForAnomalyDetection, } from "../db/store.js";
+import { DAILY_SPIKE_RATIO, DAILY_SPIKE_MIN_USD, SESSION_SPIKE_RATIO, SESSION_P90_MIN_SAMPLES, } from "./constants.js";
+function median(sorted) {
+    if (sorted.length === 0)
+        return 0;
+    const mid = Math.floor(sorted.length / 2);
+    return sorted.length % 2 === 0
+        ? (sorted[mid - 1] + sorted[mid]) / 2
+        : sorted[mid];
+}
+function percentile90(sorted) {
+    if (sorted.length === 0)
+        return 0;
+    const idx = Math.ceil(0.9 * sorted.length) - 1;
+    return sorted[Math.max(0, Math.min(idx, sorted.length - 1))];
+}
+/**
+ * Detect anomalous cost events.
+ *
+ * Two detectors run:
+ *   1. Daily cost spike — per repo, trailing 7-day median vs most-recent day.
+ *   2. Session cost spike — per developer, p90 over 30 days vs individual session.
+ *
+ * Pass `now` for deterministic testing (defaults to current time).
+ */
+export function detectAnomalies(now = new Date()) {
+    const events = [];
+    const detectedAt = now.toISOString();
+    // ── 1. Daily cost spike per repo ──────────────────────────────────────────
+    const eightDaysAgo = new Date(now.getTime() - 8 * 24 * 60 * 60 * 1000).toISOString();
+    const dailyRows = getDailySessionCosts(eightDaysAgo);
+    // Group by repo, rows already ordered by day ASC from the query.
+    const byRepo = new Map();
+    for (const r of dailyRows) {
+        const key = r.repoName ?? null;
+        if (!byRepo.has(key))
+            byRepo.set(key, []);
+        byRepo.get(key).push({ day: r.day, dailyCost: r.dailyCost });
+    }
+    for (const [repoName, days] of byRepo) {
+        if (days.length < 2)
+            continue; // Need at least one baseline day + one current day.
+        const mostRecent = days[days.length - 1];
+        const baselineDays = days.slice(0, -1);
+        const sorted = baselineDays.map((d) => d.dailyCost).sort((a, b) => a - b);
+        const base = median(sorted);
+        if (base <= 0)
+            continue;
+        const ratio = mostRecent.dailyCost / base;
+        if (ratio > DAILY_SPIKE_RATIO && mostRecent.dailyCost > DAILY_SPIKE_MIN_USD) {
+            events.push({
+                id: `daily:${repoName ?? "unknown"}:${mostRecent.day}`,
+                type: "daily_cost_spike",
+                repoName,
+                sessionId: null,
+                costUsd: mostRecent.dailyCost,
+                baselineUsd: base,
+                ratio,
+                detectedAt,
+            });
+        }
+    }
+    // ── 2. Per-session cost spike (vs developer p90) ───────────────────────────
+    const thirtyDaysAgo = new Date(now.getTime() - 30 * 24 * 60 * 60 * 1000).toISOString();
+    const sessionRows = getSessionsForAnomalyDetection(thirtyDaysAgo);
+    // Group by developer email; rows already ordered by email, costUsd ASC.
+    const byDeveloper = new Map();
+    for (const r of sessionRows) {
+        if (!byDeveloper.has(r.gitAuthorEmail))
+            byDeveloper.set(r.gitAuthorEmail, []);
+        byDeveloper.get(r.gitAuthorEmail).push(r);
+    }
+    for (const sessions of byDeveloper.values()) {
+        if (sessions.length < SESSION_P90_MIN_SAMPLES)
+            continue;
+        const sortedCosts = sessions.map((s) => s.costUsd); // already sorted ASC from the query
+        const p90 = percentile90(sortedCosts);
+        if (p90 <= 0)
+            continue;
+        for (const s of sessions) {
+            const ratio = s.costUsd / p90;
+            if (ratio > SESSION_SPIKE_RATIO) {
+                events.push({
+                    id: `session:${s.id}`,
+                    type: "session_cost_spike",
+                    repoName: s.repoName,
+                    sessionId: s.id,
+                    costUsd: s.costUsd,
+                    baselineUsd: p90,
+                    ratio,
+                    detectedAt,
+                });
+            }
+        }
+    }
+    return events;
+}
+//# sourceMappingURL=detector.js.map

package/dist/anomaly/detector.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"detector.js","sourceRoot":"","sources":["../../src/anomaly/detector.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,oBAAoB,EACpB,8BAA8B,GAC/B,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,iBAAiB,EACjB,mBAAmB,EACnB,mBAAmB,EACnB,uBAAuB,GACxB,MAAM,gBAAgB,CAAC;AAUxB,SAAS,MAAM,CAAC,MAAgB;IAC9B,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;IAC1C,OAAO,MAAM,CAAC,MAAM,GAAG,CAAC,KAAK,CAAC;QAC5B,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,GAAG,CAAC,CAAE,GAAG,MAAM,CAAC,GAAG,CAAE,CAAC,GAAG,CAAC;QACvC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAE,CAAC;AACnB,CAAC;AAED,SAAS,YAAY,CAAC,MAAgB;IACpC,IAAI,MAAM,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,CAAC,CAAC;IAClC,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,GAAG,MAAM,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IAC/C,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,EAAE,IAAI,CAAC,GAAG,CAAC,GAAG,EAAE,MAAM,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC,CAAE,CAAC;AAChE,CAAC;AAED;;;;;;;;GAQG;AACH,MAAM,UAAU,eAAe,CAAC,GAAG,GAAG,IAAI,IAAI,EAAE;IAC9C,MAAM,MAAM,GAAmB,EAAE,CAAC;IAClC,MAAM,UAAU,GAAG,GAAG,CAAC,WAAW,EAAE,CAAC;IAErC,6EAA6E;IAC7E,MAAM,YAAY,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACrF,MAAM,SAAS,GAAG,oBAAoB,CAAC,YAAY,CAAe,CAAC;IAEnE,iEAAiE;IACjE,MAAM,MAAM,GAAG,IAAI,GAAG,EAAuD,CAAC;IAC9E,KAAK,MAAM,CAAC,IAAI,SAAS,EAAE,CAAC;QAC1B,MAAM,GAAG,GAAG,CAAC,CAAC,QAAQ,IAAI,IAAI,CAAC;QAC/B,IAAI,CAAC,MAAM,CAAC,GAAG,CAAC,GAAG,CAAC;YAAE,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,CAAC,GAAG,CAAC,GAAG,CAAE,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC,CAAC,GAAG,EAAE,SAAS,EAAE,CAAC,CAAC,SAAS,EAAE,CAAC,CAAC;IAChE,CAAC;IAED,KAAK,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,IAAI,MAAM,EAAE,CAAC;QACtC,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC;YAAE,SAAS,CAAC,oDAAoD;QACnF,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAE,CAAC;QAC1C,MAAM,YAAY,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,MAAM,GAAG,YAAY,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC;QAC1E,MAAM,IAAI,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC;QAC5B,IAAI,IAAI,IAAI,CAAC;YAAE,SAAS;QAExB,MAAM,KAAK,GAAG,UAAU,CAAC,SAAS,GAAG,IAAI,CAAC;QAC1C,IAAI,KAAK,GAAG,iBAAiB,IAAI,UAAU,CAAC,SAAS,GAAG,mBAAmB,EAAE,CAAC;YAC5E,MAAM,CAAC,IAAI,CAAC;gBACV,EAAE,EAAE,SAAS,QAAQ,IAAI,SAAS,IAAI,UAAU,CAAC,GAAG,EAAE;gBACtD,IAAI,EAAE,kBAAkB;gBACxB,QAAQ;gBACR,SAAS,EAAE,IAAI;gBACf,OAAO,EAAE,UAAU,CAAC,SAAS;gBAC7B,WAAW,EAAE,IAAI;gBACjB,KAAK;gBACL,UAAU;aACX,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,8EAA8E;IAC9E,MAAM,aAAa,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC;IACvF,MAAM,WAAW,GAAG,8BAA8B,CAAC,aAAa,CAAwB,CAAC;IAEzF,wEAAwE;IACxE,MAAM,WAAW,GAAG,IAAI,GAAG,EAA+B,CAAC;IAC3D,KAAK,MAAM,CAAC,IAAI,WAAW,EAAE,CAAC;QAC5B,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,CAAC;YAAE,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;QAC9E,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,cAAc,CAAE,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC7C,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,WAAW,CAAC,MAAM,EAAE,EAAE,CAAC;QAC5C,IAAI,QAAQ,CAAC,MAAM,GAAG,uBAAuB;YAAE,SAAS;QACxD,MAAM,WAAW,GAAG,QAAQ,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,oCAAoC;QACxF,MAAM,GAAG,GAAG,YAAY,CAAC,WAAW,CAAC,CAAC;QACtC,IAAI,GAAG,IAAI,CAAC;YAAE,SAAS;QAEvB,KAAK,MAAM,CAAC,IAAI,QAAQ,EAAE,CAAC;YACzB,MAAM,KAAK,GAAG,CAAC,CAAC,OAAO,GAAG,GAAG,CAAC;YAC9B,IAAI,KAAK,GAAG,mBAAmB,EAAE,CAAC;gBAChC,MAAM,CAAC,IAAI,CAAC;oBACV,EAAE,EAAE,WAAW,CAAC,CAAC,EAAE,EAAE;oBACrB,IAAI,EAAE,oBAAoB;oBAC1B,QAAQ,EAAE,CAAC,CAAC,QAAQ;oBACpB,SAAS,EAAE,CAAC,CAAC,EAAE;oBACf,OAAO,EAAE,CAAC,CAAC,OAAO;oBAClB,WAAW,EAAE,GAAG;oBAChB,KAAK;oBACL,UAAU;iBACX,CAAC,CAAC;YACL,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/anomaly/types.d.ts ADDED Viewed

@@ -0,0 +1,19 @@
+export type AnomalyType = "daily_cost_spike" | "session_cost_spike";
+export type AnomalyEvent = {
+    /** Stable ID used for deduplication across consecutive scans:
+     *  daily:  `daily:<repoName>:<YYYY-MM-DD>`
+     *  session: `session:<sessionId>` */
+    id: string;
+    type: AnomalyType;
+    repoName: string | null;
+    /** Only set for session-level anomalies. */
+    sessionId: string | null;
+    /** The cost that tripped the threshold. */
+    costUsd: number;
+    /** Baseline the cost was compared against (7-day median per day, or developer p90). */
+    baselineUsd: number;
+    /** costUsd / baselineUsd */
+    ratio: number;
+    detectedAt: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/anomaly/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/anomaly/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,WAAW,GAAG,kBAAkB,GAAG,oBAAoB,CAAC;AAEpE,MAAM,MAAM,YAAY,GAAG;IACzB;;yCAEqC;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,IAAI,EAAE,WAAW,CAAC;IAClB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACxB,4CAA4C;IAC5C,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,2CAA2C;IAC3C,OAAO,EAAE,MAAM,CAAC;IAChB,uFAAuF;IACvF,WAAW,EAAE,MAAM,CAAC;IACpB,4BAA4B;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB,CAAC"}

package/dist/anomaly/types.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=types.js.map

package/dist/anomaly/types.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/anomaly/types.ts"],"names":[],"mappings":""}

package/dist/commands/budget.d.ts ADDED Viewed

@@ -0,0 +1,26 @@
+import { type Budget } from "../config.js";
+export type BudgetSetOptions = {
+    scope: string;
+    name: string;
+    monthly: number;
+};
+export type BudgetRemoveOptions = {
+    scope: string;
+    name: string;
+};
+export declare function runBudgetSet(opts: BudgetSetOptions): void;
+export declare function runBudgetList(): void;
+export declare function runBudgetRemove(opts: BudgetRemoveOptions): void;
+/**
+ * Compute which budgets are at or over the warn threshold and return
+ * human-readable warning strings.
+ *
+ * `monthStart` is the ISO timestamp of the first moment of the current billing month.
+ */
+export declare function getBudgetWarnings(budgets: Budget[], monthStart: string): string[];
+/**
+ * Returns a summary line for each budget showing spend vs cap and burn %.
+ * Intended for use in `planck status`.
+ */
+export declare function getBudgetBurnLines(budgets: Budget[], monthStart: string): string[];
+//# sourceMappingURL=budget.d.ts.map

package/dist/commands/budget.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"budget.d.ts","sourceRoot":"","sources":["../../src/commands/budget.ts"],"names":[],"mappings":"AAAA,OAAO,EAA2B,KAAK,MAAM,EAAE,MAAM,cAAc,CAAC;AAIpE,MAAM,MAAM,gBAAgB,GAAG;IAC7B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,MAAM,CAAC;CACjB,CAAC;AAEF,MAAM,MAAM,mBAAmB,GAAG;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;CACd,CAAC;AAIF,wBAAgB,YAAY,CAAC,IAAI,EAAE,gBAAgB,GAAG,IAAI,CA4BzD;AAED,wBAAgB,aAAa,IAAI,IAAI,CAiBpC;AAED,wBAAgB,eAAe,CAAC,IAAI,EAAE,mBAAmB,GAAG,IAAI,CAc/D;AAED;;;;;GAKG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAkBjF;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE,UAAU,EAAE,MAAM,GAAG,MAAM,EAAE,CAiBlF"}

package/dist/commands/budget.js ADDED Viewed

@@ -0,0 +1,91 @@
+import { readConfig, writeConfig } from "../config.js";
+import { getMonthlyCosts } from "../db/store.js";
+import { BUDGET_WARN_THRESHOLD } from "../anomaly/constants.js";
+const VALID_SCOPES = new Set(["repo", "workspace"]);
+export function runBudgetSet(opts) {
+    if (!VALID_SCOPES.has(opts.scope)) {
+        throw new Error(`--scope must be one of: ${[...VALID_SCOPES].join(", ")}`);
+    }
+    if (opts.monthly <= 0) {
+        throw new Error("--monthly must be a positive number");
+    }
+    const config = readConfig();
+    const existing = config.budgets.findIndex((b) => b.scope === opts.scope && b.name === opts.name);
+    const entry = {
+        scope: opts.scope,
+        name: opts.name,
+        monthly: opts.monthly,
+    };
+    if (existing >= 0) {
+        config.budgets[existing] = entry;
+        console.log(`Updated budget: ${opts.scope} "${opts.name}" → $${opts.monthly.toFixed(2)}/month`);
+    }
+    else {
+        config.budgets.push(entry);
+        console.log(`Set budget: ${opts.scope} "${opts.name}" → $${opts.monthly.toFixed(2)}/month`);
+    }
+    writeConfig(config);
+}
+export function runBudgetList() {
+    const { budgets } = readConfig();
+    if (budgets.length === 0) {
+        console.log("No budgets set. Use `planck budget set --scope repo --name <repo> --monthly <amount>`");
+        return;
+    }
+    console.log("Configured budgets:");
+    console.log("─────────────────────────────────────");
+    for (const b of budgets) {
+        console.log(`  ${b.scope.padEnd(10)} ${b.name.padEnd(30)} $${b.monthly.toFixed(2)}/month`);
+    }
+}
+export function runBudgetRemove(opts) {
+    const config = readConfig();
+    const before = config.budgets.length;
+    config.budgets = config.budgets.filter((b) => !(b.scope === opts.scope && b.name === opts.name));
+    if (config.budgets.length === before) {
+        console.log(`No budget found for scope=${opts.scope} name="${opts.name}"`);
+        return;
+    }
+    writeConfig(config);
+    console.log(`Removed budget: ${opts.scope} "${opts.name}"`);
+}
+/**
+ * Compute which budgets are at or over the warn threshold and return
+ * human-readable warning strings.
+ *
+ * `monthStart` is the ISO timestamp of the first moment of the current billing month.
+ */
+export function getBudgetWarnings(budgets, monthStart) {
+    if (budgets.length === 0)
+        return [];
+    const { byRepo, total } = getMonthlyCosts(monthStart);
+    const warnings = [];
+    for (const b of budgets) {
+        const spent = b.scope === "repo" ? (byRepo.get(b.name) ?? 0) : total;
+        const pct = spent / b.monthly;
+        if (pct >= BUDGET_WARN_THRESHOLD) {
+            warnings.push(`WARNING: "${b.name}" (${b.scope}) is at ${(pct * 100).toFixed(0)}% of ` +
+                `$${b.monthly.toFixed(2)}/month budget ($${spent.toFixed(2)} spent so far this month)`);
+        }
+    }
+    return warnings;
+}
+/**
+ * Returns a summary line for each budget showing spend vs cap and burn %.
+ * Intended for use in `planck status`.
+ */
+export function getBudgetBurnLines(budgets, monthStart) {
+    if (budgets.length === 0)
+        return [];
+    const { byRepo, total } = getMonthlyCosts(monthStart);
+    const lines = [];
+    for (const b of budgets) {
+        const spent = b.scope === "repo" ? (byRepo.get(b.name) ?? 0) : total;
+        const pct = spent / b.monthly;
+        const bar = pct >= BUDGET_WARN_THRESHOLD ? " ⚠" : "";
+        lines.push(`  ${b.scope.padEnd(10)} ${b.name.padEnd(30)} ` +
+            `$${spent.toFixed(2)} / $${b.monthly.toFixed(2)} (${(pct * 100).toFixed(0)}%)${bar}`);
+    }
+    return lines;
+}
+//# sourceMappingURL=budget.js.map

package/dist/commands/budget.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"budget.js","sourceRoot":"","sources":["../../src/commands/budget.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAe,MAAM,cAAc,CAAC;AACpE,OAAO,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AACjD,OAAO,EAAE,qBAAqB,EAAE,MAAM,yBAAyB,CAAC;AAahE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAS,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC,CAAC;AAE5D,MAAM,UAAU,YAAY,CAAC,IAAsB;IACjD,IAAI,CAAC,YAAY,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC;QAClC,MAAM,IAAI,KAAK,CAAC,2BAA2B,CAAC,GAAG,YAAY,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IAC7E,CAAC;IACD,IAAI,IAAI,CAAC,OAAO,IAAI,CAAC,EAAE,CAAC;QACtB,MAAM,IAAI,KAAK,CAAC,qCAAqC,CAAC,CAAC;IACzD,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,QAAQ,GAAG,MAAM,CAAC,OAAO,CAAC,SAAS,CACvC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CACtD,CAAC;IAEF,MAAM,KAAK,GAAW;QACpB,KAAK,EAAE,IAAI,CAAC,KAA6B;QACzC,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,OAAO;KACtB,CAAC;IAEF,IAAI,QAAQ,IAAI,CAAC,EAAE,CAAC;QAClB,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,GAAG,KAAK,CAAC;QACjC,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAClG,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,eAAe,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,IAAI,QAAQ,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC;IAC9F,CAAC;IAED,WAAW,CAAC,MAAM,CAAC,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,MAAM,EAAE,OAAO,EAAE,GAAG,UAAU,EAAE,CAAC;IAEjC,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;QACzB,OAAO,CAAC,GAAG,CACT,uFAAuF,CACxF,CAAC;QACF,OAAO;IACT,CAAC;IAED,OAAO,CAAC,GAAG,CAAC,qBAAqB,CAAC,CAAC;IACnC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACrD,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,OAAO,CAAC,GAAG,CACT,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,QAAQ,CAC9E,CAAC;IACJ,CAAC;AACH,CAAC;AAED,MAAM,UAAU,eAAe,CAAC,IAAyB;IACvD,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,MAAM,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC;IACrC,MAAM,CAAC,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,MAAM,CACpC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,KAAK,IAAI,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CACzD,CAAC;IAEF,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,KAAK,MAAM,EAAE,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,6BAA6B,IAAI,CAAC,KAAK,UAAU,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;QAC3E,OAAO;IACT,CAAC;IAED,WAAW,CAAC,MAAM,CAAC,CAAC;IACpB,OAAO,CAAC,GAAG,CAAC,mBAAmB,IAAI,CAAC,KAAK,KAAK,IAAI,CAAC,IAAI,GAAG,CAAC,CAAC;AAC9D,CAAC;AAED;;;;;GAKG;AACH,MAAM,UAAU,iBAAiB,CAAC,OAAiB,EAAE,UAAkB;IACrE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,QAAQ,GAAa,EAAE,CAAC;IAE9B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACrE,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC;QAC9B,IAAI,GAAG,IAAI,qBAAqB,EAAE,CAAC;YACjC,QAAQ,CAAC,IAAI,CACX,aAAa,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,KAAK,WAAW,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO;gBACxE,IAAI,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,mBAAmB,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,2BAA2B,CACvF,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,OAAiB,EAAE,UAAkB;IACtE,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC;QAAE,OAAO,EAAE,CAAC;IAEpC,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,GAAG,eAAe,CAAC,UAAU,CAAC,CAAC;IACtD,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,CAAC,IAAI,OAAO,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,KAAK,MAAM,CAAC,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC;QACrE,MAAM,GAAG,GAAG,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC;QAC9B,MAAM,GAAG,GAAG,GAAG,IAAI,qBAAqB,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC;QACrD,KAAK,CAAC,IAAI,CACR,KAAK,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,GAAG;YAC/C,IAAI,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,CAAC,GAAG,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,KAAK,GAAG,EAAE,CACrF,CAAC;IACJ,CAAC;IAED,OAAO,KAAK,CAAC;AACf,CAAC"}

package/dist/commands/config.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export declare function runConfigSet(key: string, value: string): void;
+export declare function runConfigGet(key: string): void;
+export declare function runConfigShow(): void;
+//# sourceMappingURL=config.d.ts.map

package/dist/commands/config.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../src/commands/config.ts"],"names":[],"mappings":"AAYA,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,IAAI,CAe7D;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,IAAI,CAQ9C;AAED,wBAAgB,aAAa,IAAI,IAAI,CAepC"}

package/dist/commands/config.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { readConfig, writeConfig, CONFIG_PATH } from "../config.js";
+// Keys a developer is allowed to set via `planck config set`.
+// Structured arrays (budgets, subscriptions, teamMappings) have their own commands.
+const SETTABLE_KEYS = ["apiUrl", "privacyMode"];
+function isSettable(key) {
+    return SETTABLE_KEYS.includes(key);
+}
+export function runConfigSet(key, value) {
+    if (!isSettable(key)) {
+        console.error(`Unknown or non-settable key: "${key}"\n` +
+            `Settable keys: ${SETTABLE_KEYS.join(", ")}\n` +
+            `(Use dedicated commands for budgets / subscriptions / teamMappings)`);
+        process.exit(1);
+    }
+    const config = readConfig();
+    const updated = { ...config, [key]: value };
+    writeConfig(updated);
+    console.log(`${key} = ${value}`);
+    console.log(`Saved to ${CONFIG_PATH}`);
+}
+export function runConfigGet(key) {
+    const config = readConfig();
+    if (!(key in config)) {
+        console.error(`Unknown config key: "${key}"`);
+        process.exit(1);
+    }
+    const val = config[key];
+    console.log(val === null || val === undefined ? "(not set)" : String(val));
+}
+export function runConfigShow() {
+    const config = readConfig();
+    const token = config.token;
+    const maskedToken = token ? `...${token.slice(-4)}` : "(not set)";
+    console.log("PlanckSpace Config");
+    console.log("─────────────────────────────────────");
+    console.log(`File          : ${CONFIG_PATH}`);
+    console.log(`apiUrl        : ${config.apiUrl}`);
+    console.log(`workspaceId   : ${config.workspaceId ?? "(not set)"}`);
+    console.log(`workspaceName : ${config.workspaceName ?? "(not set)"}`);
+    console.log(`token         : ${maskedToken}`);
+    console.log(`privacyMode   : ${config.privacyMode}`);
+    console.log(`budgets       : ${config.budgets.length}`);
+    console.log(`subscriptions : ${config.subscriptions.length}`);
+}
+//# sourceMappingURL=config.js.map

package/dist/commands/config.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"config.js","sourceRoot":"","sources":["../../src/commands/config.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,MAAM,cAAc,CAAC;AAGpE,8DAA8D;AAC9D,oFAAoF;AACpF,MAAM,aAAa,GAAG,CAAC,QAAQ,EAAE,aAAa,CAAU,CAAC;AAGzD,SAAS,UAAU,CAAC,GAAW;IAC7B,OAAQ,aAAmC,CAAC,QAAQ,CAAC,GAAG,CAAC,CAAC;AAC5D,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAW,EAAE,KAAa;IACrD,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,KAAK,CACX,iCAAiC,GAAG,KAAK;YACvC,kBAAkB,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;YAC9C,qEAAqE,CACxE,CAAC;QACF,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IAED,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,OAAO,GAAgB,EAAE,GAAG,MAAM,EAAE,CAAC,GAAG,CAAC,EAAE,KAAK,EAAE,CAAC;IACzD,WAAW,CAAC,OAAO,CAAC,CAAC;IACrB,OAAO,CAAC,GAAG,CAAC,GAAG,GAAG,MAAM,KAAK,EAAE,CAAC,CAAC;IACjC,OAAO,CAAC,GAAG,CAAC,YAAY,WAAW,EAAE,CAAC,CAAC;AACzC,CAAC;AAED,MAAM,UAAU,YAAY,CAAC,GAAW;IACtC,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,IAAI,CAAC,CAAC,GAAG,IAAI,MAAM,CAAC,EAAE,CAAC;QACrB,OAAO,CAAC,KAAK,CAAC,wBAAwB,GAAG,GAAG,CAAC,CAAC;QAC9C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAClB,CAAC;IACD,MAAM,GAAG,GAAG,MAAM,CAAC,GAAwB,CAAC,CAAC;IAC7C,OAAO,CAAC,GAAG,CAAC,GAAG,KAAK,IAAI,IAAI,GAAG,KAAK,SAAS,CAAC,CAAC,CAAC,WAAW,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;AAC7E,CAAC;AAED,MAAM,UAAU,aAAa;IAC3B,MAAM,MAAM,GAAG,UAAU,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC;IAC3B,MAAM,WAAW,GAAG,KAAK,CAAC,CAAC,CAAC,MAAM,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,WAAW,CAAC;IAElE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,CAAC;IAClC,OAAO,CAAC,GAAG,CAAC,uCAAuC,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC;IAChD,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,WAAW,IAAI,WAAW,EAAE,CAAC,CAAC;IACpE,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,aAAa,IAAI,WAAW,EAAE,CAAC,CAAC;IACtE,OAAO,CAAC,GAAG,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;IACrD,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,OAAO,CAAC,MAAM,EAAE,CAAC,CAAC;IACxD,OAAO,CAAC,GAAG,CAAC,mBAAmB,MAAM,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC,CAAC;AAChE,CAAC"}

package/dist/commands/connect.d.ts ADDED Viewed

@@ -0,0 +1,17 @@
+/**
+ * Strip anything that looks like an API key/token from text before it is printed.
+ * Provider rejection errors are relayed by our backend (a 422 whose body embeds,
+ * e.g. OpenAI's "Incorrect API key provided: sk-..."). This is the last line of
+ * defence for the privacy guarantee: no credential value reaches a log line.
+ */
+export declare function redactSecrets(text: string): string;
+export declare function runConnectAnthropic(opts: {
+    adminKey: string;
+}): Promise<void>;
+export declare function runConnectOpenAI(opts: {
+    apiKey: string;
+}): Promise<void>;
+export declare function runConnectBedrock(opts: {
+    roleArn: string;
+}): Promise<void>;
+//# sourceMappingURL=connect.d.ts.map

package/dist/commands/connect.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"connect.d.ts","sourceRoot":"","sources":["../../src/commands/connect.ts"],"names":[],"mappings":"AAYA;;;;;GAKG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,CAMlD;AAwHD,wBAAsB,mBAAmB,CAAC,IAAI,EAAE;IAC9C,QAAQ,EAAE,MAAM,CAAC;CAClB,GAAG,OAAO,CAAC,IAAI,CAAC,CAiBhB;AAID,wBAAsB,gBAAgB,CAAC,IAAI,EAAE;IAAE,MAAM,EAAE,MAAM,CAAA;CAAE,GAAG,OAAO,CAAC,IAAI,CAAC,CAiB9E;AAiBD,wBAAsB,iBAAiB,CAAC,IAAI,EAAE;IAC5C,OAAO,EAAE,MAAM,CAAC;CACjB,GAAG,OAAO,CAAC,IAAI,CAAC,CA8BhB"}

package/dist/commands/connect.js ADDED Viewed

@@ -0,0 +1,191 @@
+import { readConfig, resolveApiUrl } from "../config.js";
+// Backend (planckspace-backend) enforces exactly 12 account digits; match it so
+// the CLI rejects the same malformed ARNs locally before any round-trip.
+const BEDROCK_ARN_RE = /^arn:aws:iam::\d{12}:role\/.+$/;
+const PROVIDER_LABEL = {
+    anthropic: "Anthropic",
+    openai: "OpenAI",
+    bedrock: "AWS",
+};
+/**
+ * Strip anything that looks like an API key/token from text before it is printed.
+ * Provider rejection errors are relayed by our backend (a 422 whose body embeds,
+ * e.g. OpenAI's "Incorrect API key provided: sk-..."). This is the last line of
+ * defence for the privacy guarantee: no credential value reaches a log line.
+ */
+export function redactSecrets(text) {
+    return text
+        .replace(/sk-ant-admin-[A-Za-z0-9_-]+/g, "sk-ant-admin-***")
+        .replace(/sk-ant-[A-Za-z0-9_-]+/g, "sk-ant-***")
+        .replace(/sk-[A-Za-z0-9_-]+/g, "sk-***")
+        .replace(/Bearer\s+[A-Za-z0-9_.\-]+/gi, "Bearer ***");
+}
+/** Pull a concise, secret-free reason out of a provider/backend error body. */
+function summarizeBody(bodyText) {
+    let reason = bodyText.trim();
+    try {
+        const parsed = JSON.parse(bodyText);
+        const err = parsed.error;
+        if (typeof err === "string")
+            reason = err;
+        else if (err && typeof err === "object" && typeof err.message === "string")
+            reason = err.message;
+        else if (typeof parsed.message === "string")
+            reason = parsed.message;
+    }
+    catch {
+        // Not JSON — fall back to the raw (trimmed) text.
+    }
+    let out = typeof reason === "string" ? reason : JSON.stringify(reason);
+    if (out.length > 400)
+        out = `${out.slice(0, 400)}…`;
+    return redactSecrets(out);
+}
+/** Print a user-facing error and flag a non-zero exit WITHOUT killing the event
+ *  loop mid-fetch (process.exit() during an open undici socket aborts on Windows). */
+function fail(message) {
+    console.error(message);
+    process.exitCode = 1;
+}
+async function requireAuth() {
+    const config = readConfig();
+    if (!config.token) {
+        fail("Not connected. Run `planck login <token>` first.");
+        return null;
+    }
+    return {
+        token: config.token,
+        apiUrl: resolveApiUrl(),
+        workspaceId: config.workspaceId ?? null,
+    };
+}
+/**
+ * POST credentials to the backend over TLS. The backend stores them encrypted and
+ * forwards them to the real provider for validation. We never validate against the
+ * provider ourselves — that keeps the credential's only network destination our
+ * own backend, and makes provider rejections come back attributed (HTTP 422).
+ *
+ * Returns the outcome; never throws, never prints the credential. Returns null
+ * only on a network-level failure (already reported).
+ */
+async function postIntegration(apiUrl, token, provider, body) {
+    try {
+        const res = await fetch(`${apiUrl}/api/integrations/${provider}`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+                Authorization: `Bearer ${token}`,
+            },
+            body: JSON.stringify(body),
+        });
+        const bodyText = await res.text().catch(() => "");
+        return { ok: res.ok, status: res.status, bodyText };
+    }
+    catch (err) {
+        fail(`Could not reach backend: ${redactSecrets(String(err))}`);
+        return null;
+    }
+}
+/**
+ * Translate a backend response into a user-facing, provider-attributed message.
+ * Returns true only on success (2xx). The status taxonomy matters:
+ *   - 422 → the provider rejected the credential (the expected "bad key" path).
+ *   - 401 → our backend did not accept the caller's auth (a real regression).
+ *   - 403 → caller authenticated but lacks the admin role for integrations.
+ *   - 4xx/5xx → a backend-side problem, surfaced as such (not blamed on the provider).
+ */
+function reportConnectResult(provider, result) {
+    if (result.ok)
+        return true;
+    const label = PROVIDER_LABEL[provider];
+    const reason = summarizeBody(result.bodyText);
+    switch (result.status) {
+        case 422:
+            fail(`${label} rejected the credential (validation failed at ${label}): ${reason}\n` +
+                "Nothing was connected.");
+            break;
+        case 401:
+            fail(`Backend authentication failed (401): ${reason}`);
+            break;
+        case 403:
+            fail(`Backend denied the request (403): ${reason} — your token may lack the admin role.`);
+            break;
+        case 400:
+            fail(`Backend rejected the request (400): ${reason}`);
+            break;
+        default:
+            fail(`Backend error (status ${result.status}): ${reason}`);
+    }
+    return false;
+}
+// ─── anthropic ──────────────────────────────────────────────────────────────
+export async function runConnectAnthropic(opts) {
+    const auth = await requireAuth();
+    if (!auth)
+        return;
+    const result = await postIntegration(auth.apiUrl, auth.token, "anthropic", {
+        adminKey: opts.adminKey,
+    });
+    if (!result)
+        return;
+    if (!reportConnectResult("anthropic", result))
+        return;
+    console.log("Anthropic integration connected.");
+    console.log("PlanckSpace reads only the usage report endpoint (GET /v1/organizations/usage_report/messages).");
+    console.log("The admin key is stored encrypted server-side and never persisted locally.");
+}
+// ─── openai ─────────────────────────────────────────────────────────────────
+export async function runConnectOpenAI(opts) {
+    const auth = await requireAuth();
+    if (!auth)
+        return;
+    const result = await postIntegration(auth.apiUrl, auth.token, "openai", {
+        apiKey: opts.apiKey,
+    });
+    if (!result)
+        return;
+    if (!reportConnectResult("openai", result))
+        return;
+    console.log("OpenAI integration connected.");
+    console.log("PlanckSpace reads only the organization cost endpoint (GET /v1/organization/costs).");
+    console.log("The API key is stored encrypted server-side and never persisted locally.");
+}
+// ─── bedrock ────────────────────────────────────────────────────────────────
+function printBedrockInstructions(workspaceId) {
+    const externalId = workspaceId ?? "<your workspace ID — run `planck status`>";
+    console.log("AWS Bedrock connection — the IAM role must grant read-only access:\n");
+    console.log("  Permissions policy (inline on the role):");
+    console.log("    ce:GetCostAndUsage   — read Bedrock model costs from AWS Cost Explorer");
+    console.log("    (no write, no bedrock:InvokeModel, no other service)\n");
+    console.log("  Trust policy — let PlanckSpace assume the role:");
+    console.log("    Principal: { \"AWS\": \"arn:aws:iam::PLANCKSPACE_ACCOUNT_ID:root\" }");
+    console.log("    Action:    sts:AssumeRole");
+    console.log(`    Condition: StringEquals { "sts:ExternalId": "${externalId}" }`);
+    console.log("\nThe role is strictly read-only. PlanckSpace never writes to your AWS account.\n");
+}
+export async function runConnectBedrock(opts) {
+    const auth = await requireAuth();
+    if (!auth)
+        return;
+    if (!BEDROCK_ARN_RE.test(opts.roleArn)) {
+        fail("Invalid role ARN format. Expected: arn:aws:iam::<12-digit-account>:role/<role-name>");
+        return;
+    }
+    printBedrockInstructions(auth.workspaceId);
+    // Send the workspace ID as the STS ExternalId so the backend's AssumeRole
+    // satisfies the trust policy's condition above.
+    const body = { roleArn: opts.roleArn };
+    if (auth.workspaceId)
+        body.externalId = auth.workspaceId;
+    const result = await postIntegration(auth.apiUrl, auth.token, "bedrock", body);
+    if (!result)
+        return;
+    if (!reportConnectResult("bedrock", result)) {
+        if (result.status === 422) {
+            console.error("Fix the IAM role per the instructions above, then re-run `planck connect bedrock`.");
+        }
+        return;
+    }
+    console.log("Bedrock integration connected and validated.");
+}
+//# sourceMappingURL=connect.js.map