@seanpropapp/cli 0.1.0-beta.7 → 0.1.0-beta.8

package/dist/commands/pair-url.d.ts

@@ -1,5 +1,5 @@
-export declare const PROD_APP_URL = "https://prop.seanoneill.com";
-export declare const PAIR_BASE_URL = "https://prop.seanoneill.com/pair";
+export declare const PROD_APP_URL = "https://seanpropapp.com";
+export declare const PAIR_BASE_URL = "https://seanpropapp.com/pair";
 /**
  * Base URL of the SeanPropApp web app the CLI pairs against. Defaults to
  * production. Override with the SEANPROPAPP_URL env var to point the connect /

package/dist/commands/pair-url.js

@@ -1,5 +1,8 @@
 import { randomBytes } from "node:crypto";
-export const PROD_APP_URL = "https://prop.seanoneill.com";
+// Canonical brand domain. New users land on seanpropapp.com, so connect/pair/
+// sample open there. prop.seanoneill.com remains allowlisted in the bridge CORS
+// (src/http/cors.ts) so already-paired sessions on the old domain keep working.
+export const PROD_APP_URL = "https://seanpropapp.com";
 export const PAIR_BASE_URL = `${PROD_APP_URL}/pair`;
 /**
  * Base URL of the SeanPropApp web app the CLI pairs against. Defaults to

package/dist/commands/pair-url.js.map

@@ -1 +1 @@
-{"version":3,"file":"pair-url.js","sourceRoot":"","sources":["../../src/commands/pair-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,MAAM,CAAC,MAAM,YAAY,GAAG,6BAA6B,CAAC;AAC1D,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,YAAY,OAAO,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IACrD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,GAAG,UAAU,EAAE,WAAW,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;AAEtC;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW,EAAE,KAAa;IACjD,MAAM,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC;IACtB,OAAO,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,KAAK,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;AAChD,CAAC"}
+{"version":3,"file":"pair-url.js","sourceRoot":"","sources":["../../src/commands/pair-url.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAE1C,8EAA8E;AAC9E,gFAAgF;AAChF,gFAAgF;AAChF,MAAM,CAAC,MAAM,YAAY,GAAG,yBAAyB,CAAC;AACtD,MAAM,CAAC,MAAM,aAAa,GAAG,GAAG,YAAY,OAAO,CAAC;AAEpD;;;;;;;;;;GAUG;AACH,MAAM,UAAU,UAAU;IACxB,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,EAAE,IAAI,EAAE,CAAC;IACrD,IAAI,QAAQ;QAAE,OAAO,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IAClD,OAAO,YAAY,CAAC;AACtB,CAAC;AAED,wDAAwD;AACxD,MAAM,UAAU,iBAAiB;IAC/B,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;AACzC,CAAC;AAED,kEAAkE;AAClE,MAAM,UAAU,OAAO,CAAC,KAAa;IACnC,OAAO,GAAG,UAAU,EAAE,WAAW,KAAK,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,CAAC;AAEtC;;;;;GAKG;AACH,MAAM,UAAU,QAAQ,CAAC,GAAW,EAAE,KAAa;IACjD,MAAM,GAAG,GAAG,GAAG,GAAG,MAAM,CAAC;IACzB,MAAM,EAAE,GAAG,GAAG,GAAG,IAAI,CAAC;IACtB,OAAO,GAAG,GAAG,GAAG,GAAG,GAAG,EAAE,GAAG,KAAK,GAAG,GAAG,GAAG,EAAE,EAAE,CAAC;AAChD,CAAC"}

package/dist/http/cors.d.ts

@@ -1,5 +1,5 @@
 import type { MiddlewareHandler } from "hono";
-export declare const ALLOWED_ORIGINS: readonly ["https://prop.seanoneill.com", "http://localhost:3000"];
+export declare const ALLOWED_ORIGINS: readonly ["https://seanpropapp.com", "https://prop.seanoneill.com", "http://localhost:3000"];
 export declare const PREFLIGHT_MAX_AGE_SECONDS = 86400;
 export declare function isOriginAllowed(origin: string | null | undefined): boolean;
 /**
@@ -19,7 +19,8 @@ export declare function isOriginAllowed(origin: string | null | undefined): bool
  */
 export declare function streamingResponseCorsHeaders(origin: string | null | undefined): Record<string, string>;
 /**
- * Strict CORS middleware: only allows the SeanPropApp prod origin + local dev.
+ * Strict CORS middleware: allows the brand domain (seanpropapp.com), the legacy
+ * prop.seanoneill.com origin, localhost dev, and any SEANPROPAPP_URL override.
  * Rejects all other origins with 403. Preflights cached for 24h.
  */
 export declare const corsMiddleware: MiddlewareHandler;

package/dist/http/cors.js

@@ -1,4 +1,8 @@
 export const ALLOWED_ORIGINS = [
+    // seanpropapp.com is the canonical brand domain (new users land here);
+    // prop.seanoneill.com stays allowlisted for back-compat with already-paired
+    // sessions; localhost:3000 is local dev.
+    "https://seanpropapp.com",
     "https://prop.seanoneill.com",
     "http://localhost:3000",
 ];
@@ -6,7 +10,23 @@ export const PREFLIGHT_MAX_AGE_SECONDS = 86400;
 export function isOriginAllowed(origin) {
     if (!origin)
         return false;
-    return ALLOWED_ORIGINS.includes(origin);
+    if (ALLOWED_ORIGINS.includes(origin))
+        return true;
+    // Honor the SEANPROPAPP_URL override (preview / local dev) so the CORS allow
+    // list follows the same base URL the connect/pair flow targets. Without this,
+    // overriding SEANPROPAPP_URL repointed the pair URL but the bridge still 403'd
+    // the overridden origin (e.g. a Vercel preview domain). Compare on origin
+    // (scheme://host[:port]) only; ignore any path in the override value.
+    const override = process.env["SEANPROPAPP_URL"]?.trim();
+    if (override) {
+        try {
+            return new URL(override).origin === origin;
+        }
+        catch {
+            return false;
+        }
+    }
+    return false;
 }
 /**
  * Headers a streaming response must carry alongside its own Content-Type so
@@ -33,7 +53,8 @@ export function streamingResponseCorsHeaders(origin) {
     };
 }
 /**
- * Strict CORS middleware: only allows the SeanPropApp prod origin + local dev.
+ * Strict CORS middleware: allows the brand domain (seanpropapp.com), the legacy
+ * prop.seanoneill.com origin, localhost dev, and any SEANPROPAPP_URL override.
  * Rejects all other origins with 403. Preflights cached for 24h.
  */
 export const corsMiddleware = async (c, next) => {

package/dist/http/cors.js.map

@@ -1 +1 @@
-{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/http/cors.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,6BAA6B;IAC7B,uBAAuB;CACf,CAAC;AAEX,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,CAAC;AAE/C,MAAM,UAAU,eAAe,CAAC,MAAiC;IAC/D,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,OAAQ,eAAqC,CAAC,QAAQ,CAAC,MAAM,CAAC,CAAC;AACjE,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,4BAA4B,CAC1C,MAAiC;IAEjC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IACxC,OAAO;QACL,6BAA6B,EAAE,MAAgB;QAC/C,kCAAkC,EAAE,OAAO;QAC3C,IAAI,EAAE,QAAQ;KACf,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,MAAM,cAAc,GAAsB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;IACjE,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEtC,iFAAiF;IACjF,iDAAiD;IACjD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7F,CAAC;QACD,CAAC,CAAC,MAAM,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;QAChD,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3B,CAAC,CAAC,MAAM,CAAC,kCAAkC,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,CAAC,CAAC,MAAM,CACN,8BAA8B,EAC9B,oBAAoB,CACrB,CAAC;QACF,CAAC,CAAC,MAAM,CACN,8BAA8B,EAC9B,6BAA6B,CAC9B,CAAC;QACF,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,sEAAsE;QACtE,8CAA8C;QAC9C,iDAAiD;QACjD,0EAA0E;QAC1E,gEAAgE;QAChE,uEAAuE;QACvE,0DAA0D;QAC1D,CAAC,CAAC,MAAM,CAAC,sCAAsC,EAAE,MAAM,CAAC,CAAC;QACzD,CAAC,CAAC,MAAM,CAAC,wBAAwB,EAAE,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,IAAI,EAAE,CAAC;AACf,CAAC,CAAC"}
+{"version":3,"file":"cors.js","sourceRoot":"","sources":["../../src/http/cors.ts"],"names":[],"mappings":"AAEA,MAAM,CAAC,MAAM,eAAe,GAAG;IAC7B,uEAAuE;IACvE,4EAA4E;IAC5E,yCAAyC;IACzC,yBAAyB;IACzB,6BAA6B;IAC7B,uBAAuB;CACf,CAAC;AAEX,MAAM,CAAC,MAAM,yBAAyB,GAAG,KAAK,CAAC;AAE/C,MAAM,UAAU,eAAe,CAAC,MAAiC;IAC/D,IAAI,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAC1B,IAAK,eAAqC,CAAC,QAAQ,CAAC,MAAM,CAAC;QAAE,OAAO,IAAI,CAAC;IACzE,6EAA6E;IAC7E,8EAA8E;IAC9E,+EAA+E;IAC/E,0EAA0E;IAC1E,sEAAsE;IACtE,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,IAAI,EAAE,CAAC;IACxD,IAAI,QAAQ,EAAE,CAAC;QACb,IAAI,CAAC;YACH,OAAO,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC,MAAM,KAAK,MAAM,CAAC;QAC7C,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,KAAK,CAAC;QACf,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED;;;;;;;;;;;;;;GAcG;AACH,MAAM,UAAU,4BAA4B,CAC1C,MAAiC;IAEjC,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC;QAAE,OAAO,EAAE,CAAC;IACxC,OAAO;QACL,6BAA6B,EAAE,MAAgB;QAC/C,kCAAkC,EAAE,OAAO;QAC3C,IAAI,EAAE,QAAQ;KACf,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,MAAM,cAAc,GAAsB,KAAK,EAAE,CAAC,EAAE,IAAI,EAAE,EAAE;IACjE,MAAM,MAAM,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAEtC,iFAAiF;IACjF,iDAAiD;IACjD,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,IAAI,CAAC,eAAe,CAAC,MAAM,CAAC,EAAE,CAAC;YAC7B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE,OAAO,EAAE,oBAAoB,EAAE,EAAE,EAAE,GAAG,CAAC,CAAC;QAC7F,CAAC;QACD,CAAC,CAAC,MAAM,CAAC,6BAA6B,EAAE,MAAM,CAAC,CAAC;QAChD,CAAC,CAAC,MAAM,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAC3B,CAAC,CAAC,MAAM,CAAC,kCAAkC,EAAE,OAAO,CAAC,CAAC;IACxD,CAAC;IAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,SAAS,EAAE,CAAC;QAC/B,CAAC,CAAC,MAAM,CACN,8BAA8B,EAC9B,oBAAoB,CACrB,CAAC;QACF,CAAC,CAAC,MAAM,CACN,8BAA8B,EAC9B,6BAA6B,CAC9B,CAAC;QACF,wEAAwE;QACxE,2EAA2E;QAC3E,wEAAwE;QACxE,sEAAsE;QACtE,8CAA8C;QAC9C,iDAAiD;QACjD,0EAA0E;QAC1E,gEAAgE;QAChE,uEAAuE;QACvE,0DAA0D;QAC1D,CAAC,CAAC,MAAM,CAAC,sCAAsC,EAAE,MAAM,CAAC,CAAC;QACzD,CAAC,CAAC,MAAM,CAAC,wBAAwB,EAAE,MAAM,CAAC,yBAAyB,CAAC,CAAC,CAAC;QACtE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;IAC3B,CAAC;IAED,MAAM,IAAI,EAAE,CAAC;AACf,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@seanpropapp/cli",
-  "version": "0.1.0-beta.7",
+  "version": "0.1.0-beta.8",
   "description": "Run SeanPropApp proposition analyses on your existing Claude Pro or ChatGPT Plus subscription via a local bridge.",
   "type": "module",
   "license": "MIT",