@prave/cli 1.4.11 → 1.4.13

package/dist/index.js

@@ -23,6 +23,7 @@ import { updateCommand } from './commands/update.js';
 import { usageHookInstallCommand, usageHookUninstallCommand, usageReportCommand, } from './commands/usage.js';
 import { whatdoesCommand } from './commands/whatdoes.js';
 import { whoamiCommand } from './commands/whoami.js';
+import { maybeShowAccountBridge } from './lib/account-bridge.js';
 import { initAnalytics } from './lib/analytics.js';
 import { captureAuthSnapshot, nudgeFirstRun } from './lib/nudge.js';
 import { maybeCheckForUpdate } from './lib/update-check.js';
@@ -244,6 +245,34 @@ program.hook('postAction', async () => {
         /* nudges are decorative — never block on them */
     }
 });
+// Account bridge — pull SIGNED-IN users back to the web dashboard with
+// a rotating tip after authenticated commands. Counterpart to the
+// nudgeFirstRun banner above which targets ANON users.
+//
+// Skip-list: commands that already own a meaningful conversion surface,
+// run silently as hooks (`usage report`), or are themselves about
+// leaving the CLI for the browser (`docs`). `login` is on the list
+// because the first-run banner above is the right surface for a brand
+// new signed-in user — wait until their NEXT command to bridge.
+const BRIDGE_SKIP_COMMANDS = new Set([
+    'login',
+    'logout',
+    'docs',
+    'whoami',
+    'mcp-server',
+    'mcp-install',
+    'report', // `usage report` runs as a hook on every PostToolUse fire
+]);
+program.hook('postAction', async (_thisCommand, actionCommand) => {
+    try {
+        if (BRIDGE_SKIP_COMMANDS.has(actionCommand.name()))
+            return;
+        await maybeShowAccountBridge();
+    }
+    catch {
+        /* bridges are decorative — never block on them */
+    }
+});
 program.parseAsync().catch((err) => {
     console.error(err.message);
     process.exit(1);

package/dist/lib/account-bridge.js

@@ -0,0 +1,66 @@
+import chalk from 'chalk';
+import { isAuthenticated } from './nudge.js';
+import { readState, writeState } from './state.js';
+/**
+ * Account Bridge — pull signed-in CLI users back into the web app.
+ *
+ * Counterpart to nudge.ts, which targets anonymous users with a sign-up
+ * pitch. This module targets *authenticated* users with a "you have an
+ * account, here's what you're missing in the dashboard" tip — a soft
+ * conversion from CLI-only usage to engaged web user.
+ *
+ * Rules:
+ *   • Silent for anonymous users. Always.
+ *   • Throttled to ~2× per day per machine via `last_bridge_shown_at`
+ *     in ~/.prave/state.json (12h cool-down between shows).
+ *   • Skipped on non-TTY (CI, piped output), PRAVE_QUIET=1,
+ *     PRAVE_TELEMETRY=0, and PRAVE_NO_BRIDGE=1.
+ *   • Skipped on commands that already have their own conversion
+ *     surface (login/logout/docs/whoami/usage hook/mcp-server) — the
+ *     skip-list is consulted by the postAction hook caller, not here.
+ *   • Prints to stderr so --json output stays clean for callers piping
+ *     a command into jq.
+ */
+const TWELVE_HOURS_MS = 12 * 60 * 60 * 1000;
+const TIPS = [
+    '💡 Audit your stack: https://prave.app/dashboard/intelligence',
+    '📊 See real trigger fires per day: https://prave.app/dashboard/intelligence',
+    '🔌 Wire Prave into Claude Desktop: prave mcp install',
+    '🤝 Share a Skill via magic-link: https://prave.app/dashboard/my-skills',
+    '📈 Your stack at a glance: https://prave.app/dashboard',
+];
+let alreadyShownThisProcess = false;
+/**
+ * Try to print the bridge. Safe to call from a postAction hook on
+ * every command — internal gates make it cheap (no I/O when the env
+ * disables it, single state read on the hot path).
+ */
+export async function maybeShowAccountBridge() {
+    if (alreadyShownThisProcess)
+        return;
+    if (!process.stdout.isTTY)
+        return;
+    if (process.env.PRAVE_QUIET === '1')
+        return;
+    if (process.env.PRAVE_TELEMETRY === '0')
+        return;
+    if (process.env.PRAVE_NO_BRIDGE === '1')
+        return;
+    // Anonymous users get the existing nudge from nudge.ts — they don't
+    // need an account bridge until they have an account.
+    if (!(await isAuthenticated()))
+        return;
+    const state = await readState();
+    const last = state.last_bridge_shown_at ?? 0;
+    if (Date.now() - last < TWELVE_HOURS_MS)
+        return;
+    const tip = TIPS[Math.floor(Math.random() * TIPS.length)];
+    if (!tip)
+        return;
+    // stderr so JSON consumers (`prave list --json | jq ...`) get clean
+    // stdout. Padding above + below gives the tip breathing room without
+    // a heavy box rule — this is a hint, not a wall.
+    process.stderr.write(`\n  ${chalk.dim(tip)}\n\n`);
+    alreadyShownThisProcess = true;
+    await writeState({ last_bridge_shown_at: Date.now() });
+}

package/dist/lib/api.js

@@ -103,6 +103,37 @@ async function ensureFreshAccessToken(creds) {
     const refreshed = await refreshTokens();
     return refreshed ?? creds;
 }
+/**
+ * Process-once gate for buffered-telemetry replay. We kick off the
+ * flush the first time any authenticated call succeeds — that drains
+ * `~/.prave/telemetry-queue.jsonl` opportunistically without forcing
+ * the user through a fresh `prave login` after every offline window.
+ *
+ * Flag is set BEFORE the import to ensure that the POSTs made by the
+ * flush itself don't recursively re-trigger the kickoff (each goes
+ * back through `call()` which sees the flag already set).
+ */
+let telemetryFlushKickedOff = false;
+function kickoffTelemetryFlush() {
+    if (telemetryFlushKickedOff)
+        return;
+    telemetryFlushKickedOff = true;
+    // Fire-and-forget. Node keeps the event loop alive until the
+    // dynamic-import + HTTP POSTs resolve, so the process won't exit
+    // mid-flush — but the synchronous command output already printed
+    // before we got here. Telemetry-buffer atomic-removes only after
+    // each successful POST, so an aborted flush leaves unsynced events
+    // in place for next run.
+    void (async () => {
+        try {
+            const { flushBufferedTelemetry } = await import('./flush-telemetry.js');
+            await flushBufferedTelemetry();
+        }
+        catch {
+            /* never let a telemetry hiccup surface to the user */
+        }
+    })();
+}
 async function call(method, path, body, withAuth = false, attempt = 0) {
     const headers = { 'Content-Type': 'application/json' };
     if (withAuth) {
@@ -118,8 +149,11 @@ async function call(method, path, body, withAuth = false, attempt = 0) {
         body: body ? JSON.stringify(body) : undefined,
     });
     const text = await resBody.text();
-    if (statusCode === 204)
+    if (statusCode === 204) {
+        if (withAuth)
+            kickoffTelemetryFlush();
         return { data: undefined, status: statusCode };
+    }
     const payload = text ? JSON.parse(text) : { success: true, data: null, error: null };
     // 401 with a refresh token on file → swap the access token and retry once.
     // Any other status, or a second 401, falls through to the normal error path.
@@ -131,6 +165,10 @@ async function call(method, path, body, withAuth = false, attempt = 0) {
     if (statusCode >= 400 || payload.success === false) {
         throw new ApiError(payload.error ?? `HTTP ${statusCode}`, statusCode);
     }
+    // Successful authenticated call — opportunistic moment to drain the
+    // offline telemetry buffer. No-op when there's nothing pending.
+    if (withAuth)
+        kickoffTelemetryFlush();
     return { data: payload.data, status: statusCode };
 }
 export const api = {

package/dist/lib/credentials.js

@@ -1,14 +1,39 @@
-import { chmod, mkdir, readFile, unlink, writeFile } from 'node:fs/promises';
+import { chmod, mkdir, readFile, rename, unlink, writeFile } from 'node:fs/promises';
 import { dirname } from 'node:path';
 import { CONFIG } from './config.js';
+/**
+ * Persist credentials atomically.
+ *
+ * The PostToolUse hook fires once per tool call, so two concurrent CLI
+ * processes refreshing the access token at the same second is the
+ * common case, not the edge. A plain `writeFile` then leaves the file
+ * in a partial / interleaved state for the brief window the bytes are
+ * being flushed — a concurrent `loadCredentials` reads that partial
+ * blob, `JSON.parse` throws, the catch swallows it and returns null,
+ * and the user is silently treated as logged out for every subsequent
+ * hook fire until they manually run `prave login` again.
+ *
+ * Writing to a sibling temp file and renaming over the target is
+ * atomic on POSIX (rename(2)) so readers either see the previous
+ * complete file or the new complete file — never a half-written one.
+ */
 export async function saveCredentials(creds) {
-    await mkdir(dirname(CONFIG.credentialsPath), { recursive: true });
-    await writeFile(CONFIG.credentialsPath, JSON.stringify(creds, null, 2), 'utf8');
-    await chmod(CONFIG.credentialsPath, 0o600);
+    const target = CONFIG.credentialsPath;
+    await mkdir(dirname(target), { recursive: true });
+    // Per-process tmp suffix so two parallel writers don't stomp each
+    // other's tmp file — the OS still serialises the final rename.
+    const tmp = `${target}.${process.pid}.${Date.now()}.tmp`;
+    await writeFile(tmp, JSON.stringify(creds, null, 2), 'utf8');
+    await chmod(tmp, 0o600);
+    await rename(tmp, target);
 }
 export async function loadCredentials() {
     try {
         const raw = await readFile(CONFIG.credentialsPath, 'utf8');
+        // Belt + suspenders: even with atomic writes, a credentials file
+        // can land truncated if a previous CLI version was killed mid-write
+        // or the FS had a power loss. Treat unparseable content as logged
+        // out instead of crashing — the next `prave login` repairs it.
         return JSON.parse(raw);
     }
     catch {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prave/cli",
-  "version": "1.4.11",
+  "version": "1.4.13",
   "description": "Prave CLI — discover, install, version, test, and ship Claude Skills. The developer platform for the complete Skill lifecycle.",
   "type": "module",
   "keywords": [
@@ -54,7 +54,7 @@
     "ora": "^8.0.1",
     "tar": "^7.4.3",
     "undici": "^6.18.0",
-    "@prave/shared": "1.4.11"
+    "@prave/shared": "1.4.13"
   },
   "devDependencies": {
     "@types/node": "^20.12.7",
@@ -71,6 +71,6 @@
     "build": "tsc -p tsconfig.json && node scripts/inject-config.mjs",
     "typecheck": "tsc -p tsconfig.json --noEmit",
     "lint": "tsc -p tsconfig.json --noEmit",
-    "postinstall": "node scripts/postinstall.mjs || true"
+    "postinstall": "test -f scripts/postinstall.mjs && node scripts/postinstall.mjs || true"
   }
 }