@startanaicompany/cli 1.0.0 → 1.1.0

package/bin/saac.js

@@ -14,6 +14,8 @@ const register = require('../src/commands/register');
 const login = require('../src/commands/login');
 const verify = require('../src/commands/verify');
 const logout = require('../src/commands/logout');
+const logoutAll = require('../src/commands/logoutAll');
+const sessions = require('../src/commands/sessions');
 const init = require('../src/commands/init');
 const create = require('../src/commands/create');
 const deploy = require('../src/commands/deploy');
@@ -54,9 +56,20 @@ program
 
 program
   .command('logout')
-  .description('Clear saved credentials')
+  .description('Logout from current device')
   .action(logout);
 
+program
+  .command('logout-all')
+  .description('Logout from all devices (revoke all sessions)')
+  .option('-y, --yes', 'Skip confirmation')
+  .action(logoutAll);
+
+program
+  .command('sessions')
+  .description('List all active sessions')
+  .action(sessions);
+
 // Application management
 program
   .command('init')

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@startanaicompany/cli",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Official CLI for StartAnAiCompany.com - Deploy AI recruitment sites with ease",
   "main": "src/index.js",
   "bin": {

package/src/commands/login.js

@@ -10,65 +10,59 @@ const logger = require('../lib/logger');
 
 async function login(options) {
   try {
-    logger.section('Login to StartAnAiCompany');
-
-    // Get email
-    let email = options.email;
-    if (!email) {
-      const answers = await inquirer.prompt([
-        {
-          type: 'input',
-          name: 'email',
-          message: 'Email address:',
-          validate: (input) => {
-            if (!validator.isEmail(input)) {
-              return 'Please enter a valid email address';
-            }
-            return true;
-          },
-        },
-      ]);
-      email = answers.email;
+    // Require both email and API key flags (no interactive prompts)
+    if (!options.email || !options.apiKey) {
+      logger.error('Email and API key are required');
+      logger.newline();
+      logger.info('Usage:');
+      logger.log('  saac login -e <email> -k <api-key>');
+      logger.log('  saac login --email <email> --api-key <api-key>');
+      logger.newline();
+      logger.info('Example:');
+      logger.log('  saac login -e user@example.com -k cw_your_api_key');
+      process.exit(1);
     }
 
-    // Get API key
-    let apiKey = options.apiKey;
-    if (!apiKey) {
-      const answers = await inquirer.prompt([
-        {
-          type: 'password',
-          name: 'apiKey',
-          message: 'API Key:',
-          mask: '*',
-        },
-      ]);
-      apiKey = answers.apiKey;
+    const email = options.email;
+    const apiKey = options.apiKey;
+
+    // Validate email format
+    if (!validator.isEmail(email)) {
+      logger.error('Invalid email address');
+      process.exit(1);
     }
 
-    // Verify credentials by getting user info
-    const spin = logger.spinner('Verifying credentials...').start();
+    logger.section('Login to StartAnAiCompany');
 
-    try {
-      // Save temporarily to make API call
-      saveUser({ email, apiKey });
+    // Login and get session token
+    const spin = logger.spinner('Logging in...').start();
 
-      const userInfo = await api.getUserInfo();
+    try {
+      // Call /auth/login endpoint to get session token
+      const result = await api.login(email, apiKey);
 
       spin.succeed('Login successful!');
 
-      // Update with full user info
+      // Save session token and expiration
       saveUser({
-        email: userInfo.email,
-        userId: userInfo.id,
-        apiKey,
-        verified: userInfo.email_verified,
+        email: result.user.email || email,
+        userId: result.user.id,
+        sessionToken: result.session_token,
+        expiresAt: result.expires_at,
+        verified: result.user.verified,
       });
 
       logger.newline();
       logger.success('You are now logged in!');
       logger.newline();
-      logger.field('Email', userInfo.email);
-      logger.field('Verified', userInfo.email_verified ? 'Yes' : 'No');
+      logger.field('Email', result.user.email || email);
+      logger.field('Verified', result.user.verified ? 'Yes' : 'No');
+
+      // Show expiration date
+      if (result.expires_at) {
+        const expirationDate = new Date(result.expires_at);
+        logger.field('Session expires', expirationDate.toLocaleDateString());
+      }
 
     } catch (error) {
       spin.fail('Login failed');

package/src/commands/logout.js

@@ -1,9 +1,47 @@
-const { clearUser } = require('../lib/config');
+const api = require('../lib/api');
+const { clearUser, getUser } = require('../lib/config');
 const logger = require('../lib/logger');
 
 async function logout() {
-  clearUser();
-  logger.success('Logged out successfully');
+  try {
+    const user = getUser();
+
+    if (!user || (!user.sessionToken && !user.apiKey)) {
+      logger.warn('You are not logged in');
+      return;
+    }
+
+    logger.section('Logout from StartAnAiCompany');
+
+    const spin = logger.spinner('Logging out...').start();
+
+    try {
+      // Try to revoke session on server
+      const client = api.createClient();
+      await client.post('/auth/logout');
+
+      // Clear local config
+      clearUser();
+
+      spin.succeed('Logout successful!');
+      logger.success('You have been logged out from this device');
+
+    } catch (error) {
+      // Even if server call fails, clear local config
+      clearUser();
+
+      if (error.response?.status === 401) {
+        // Session already invalid
+        spin.succeed('Logged out locally (session was expired)');
+      } else {
+        spin.warn('Logged out locally (server error)');
+        logger.warn('Session may still be active on server');
+      }
+    }
+  } catch (error) {
+    logger.error(error.message);
+    process.exit(1);
+  }
 }
 
 module.exports = logout;

package/src/commands/logoutAll.js

@@ -0,0 +1,74 @@
+/**
+ * Logout All command - Revoke all sessions
+ */
+
+const inquirer = require('inquirer');
+const api = require('../lib/api');
+const { clearUser, isAuthenticated } = require('../lib/config');
+const logger = require('../lib/logger');
+
+async function logoutAll(options) {
+  try {
+    // Check authentication
+    if (!isAuthenticated()) {
+      logger.error('Not logged in');
+      process.exit(1);
+    }
+
+    logger.section('Logout from All Devices');
+
+    // Confirm unless --yes flag is provided
+    if (!options.yes) {
+      logger.warn('This will logout from ALL devices where you are logged in');
+      logger.newline();
+
+      const answers = await inquirer.prompt([
+        {
+          type: 'confirm',
+          name: 'confirm',
+          message: 'Are you sure you want to continue?',
+          default: false,
+        },
+      ]);
+
+      if (!answers.confirm) {
+        logger.info('Cancelled');
+        return;
+      }
+    }
+
+    const spin = logger.spinner('Revoking all sessions...').start();
+
+    try {
+      const client = api.createClient();
+      const response = await client.post('/auth/logout-all');
+
+      // Clear local config
+      clearUser();
+
+      const count = response.data.sessions_revoked || 0;
+      spin.succeed(`Logged out from ${count} device(s)!`);
+
+      logger.newline();
+      logger.success('All sessions have been revoked');
+      logger.info('You will need to login again on all devices');
+
+    } catch (error) {
+      // Even if server call fails, clear local config
+      clearUser();
+
+      if (error.response?.status === 401) {
+        spin.succeed('Logged out locally (session was expired)');
+      } else {
+        spin.fail('Failed to revoke sessions on server');
+        logger.warn('Logged out locally, but server sessions may still be active');
+        throw error;
+      }
+    }
+  } catch (error) {
+    logger.error(error.response?.data?.message || error.message);
+    process.exit(1);
+  }
+}
+
+module.exports = logoutAll;

package/src/commands/register.js

@@ -10,40 +10,32 @@ const logger = require('../lib/logger');
 
 async function register(options) {
   try {
-    logger.section('Register for StartAnAiCompany');
-
-    // Get email (from flag or prompt)
-    let email = options.email;
-    if (!email) {
-      const answers = await inquirer.prompt([
-        {
-          type: 'input',
-          name: 'email',
-          message: 'Email address:',
-          validate: (input) => {
-            if (!validator.isEmail(input)) {
-              return 'Please enter a valid email address';
-            }
-            return true;
-          },
-        },
-      ]);
-      email = answers.email;
+    // Require email flag (no interactive prompt)
+    if (!options.email) {
+      logger.error('Email is required');
+      logger.newline();
+      logger.info('Usage:');
+      logger.log('  saac register -e <email>');
+      logger.log('  saac register --email <email> [--gitea-username <username>]');
+      logger.newline();
+      logger.info('Example:');
+      logger.log('  saac register -e user@example.com');
+      logger.log('  saac register -e user@example.com --gitea-username myuser');
+      process.exit(1);
     }
 
-    // Get Gitea username (optional, auto-detected from git)
-    let giteaUsername = options.giteaUsername;
-    if (!giteaUsername) {
-      const answers = await inquirer.prompt([
-        {
-          type: 'input',
-          name: 'giteaUsername',
-          message: 'Gitea username (optional, press Enter to skip):',
-        },
-      ]);
-      giteaUsername = answers.giteaUsername || undefined;
+    const email = options.email;
+
+    // Validate email format
+    if (!validator.isEmail(email)) {
+      logger.error('Invalid email address');
+      process.exit(1);
     }
 
+    const giteaUsername = options.giteaUsername || undefined;
+
+    logger.section('Register for StartAnAiCompany');
+
     // Register via API
     const spin = logger.spinner('Creating account...').start();
 
@@ -53,12 +45,22 @@ async function register(options) {
       spin.succeed('Account created successfully!');
 
       // Save user info
-      saveUser({
+      // If backend returns session_token, use it; otherwise fall back to api_key
+      const userData = {
         email: result.email || email,
         userId: result.user_id,
-        apiKey: result.api_key,
         verified: result.verified || false,
-      });
+      };
+
+      if (result.session_token) {
+        userData.sessionToken = result.session_token;
+        userData.expiresAt = result.expires_at;
+      } else {
+        // Backward compatibility: use API key if session token not provided
+        userData.apiKey = result.api_key;
+      }
+
+      saveUser(userData);
 
       logger.newline();
       logger.success('Registration complete!');
@@ -81,7 +83,17 @@ async function register(options) {
 
       logger.newline();
       logger.field('Email', email);
-      logger.field('API Key', result.api_key.substring(0, 20) + '...');
+
+      // Show session token or API key info
+      if (result.session_token) {
+        logger.field('Session Token', result.session_token.substring(0, 20) + '...');
+        if (result.expires_at) {
+          const expirationDate = new Date(result.expires_at);
+          logger.field('Expires', expirationDate.toLocaleDateString());
+        }
+      } else if (result.api_key) {
+        logger.field('API Key', result.api_key.substring(0, 20) + '...');
+      }
 
     } catch (error) {
       spin.fail('Registration failed');

package/src/commands/sessions.js

@@ -0,0 +1,75 @@
+/**
+ * Sessions command - List active sessions
+ */
+
+const api = require('../lib/api');
+const { isAuthenticated } = require('../lib/config');
+const logger = require('../lib/logger');
+const { table } = require('table');
+
+async function sessions() {
+  try {
+    // Check authentication
+    if (!isAuthenticated()) {
+      logger.error('Not logged in');
+      logger.newline();
+      logger.info('Run:');
+      logger.log('  saac login -e <email> -k <api-key>');
+      process.exit(1);
+    }
+
+    logger.section('Active Sessions');
+
+    const spin = logger.spinner('Fetching sessions...').start();
+
+    try {
+      const client = api.createClient();
+      const response = await client.get('/auth/sessions');
+      const { sessions: sessionList, total } = response.data;
+
+      spin.succeed(`Found ${total} active session(s)`);
+
+      if (total === 0) {
+        logger.newline();
+        logger.info('No active sessions');
+        return;
+      }
+
+      logger.newline();
+
+      // Format sessions as table
+      const data = [
+        ['Created', 'Last Used', 'IP Address', 'Expires'],
+      ];
+
+      sessionList.forEach((session) => {
+        const created = new Date(session.created_at).toLocaleDateString();
+        const lastUsed = new Date(session.last_used_at).toLocaleString();
+        const expires = new Date(session.expires_at).toLocaleDateString();
+        const ip = session.created_ip || 'Unknown';
+
+        data.push([created, lastUsed, ip, expires]);
+      });
+
+      console.log(table(data, {
+        header: {
+          alignment: 'center',
+          content: `${total} Active Session(s)`,
+        },
+      }));
+
+      logger.newline();
+      logger.info('Tip: Use `saac logout` to logout from current device');
+      logger.info('     Use `saac logout-all` to logout from all devices');
+
+    } catch (error) {
+      spin.fail('Failed to fetch sessions');
+      throw error;
+    }
+  } catch (error) {
+    logger.error(error.response?.data?.message || error.message);
+    process.exit(1);
+  }
+}
+
+module.exports = sessions;

package/src/commands/verify.js

@@ -8,10 +8,24 @@ const logger = require('../lib/logger');
 
 async function verify(code) {
   try {
+    if (!code) {
+      logger.error('Verification code is required');
+      logger.newline();
+      logger.info('Usage:');
+      logger.log('  saac verify <code>');
+      logger.newline();
+      logger.info('Example:');
+      logger.log('  saac verify 123456');
+      process.exit(1);
+    }
+
     const user = getUser();
 
     if (!user || !user.email) {
-      logger.error('No user found. Please register first with: saac register');
+      logger.error('No user found. Please register first');
+      logger.newline();
+      logger.info('Run:');
+      logger.log('  saac register -e <email>');
       process.exit(1);
     }
 
@@ -29,16 +43,30 @@ async function verify(code) {
 
       spin.succeed('Email verified successfully!');
 
-      // Update user verification status
-      saveUser({
+      // Update user verification status and session token if provided
+      const updatedUser = {
         ...user,
         verified: true,
-      });
+      };
+
+      // If backend returns new session token after verification, update it
+      if (result.session_token) {
+        updatedUser.sessionToken = result.session_token;
+        updatedUser.expiresAt = result.expires_at;
+      }
+
+      saveUser(updatedUser);
 
       logger.newline();
       logger.success('Your account is now verified!');
       logger.info('You can now create and deploy applications.');
 
+      // Show expiration if session token was updated
+      if (result.expires_at) {
+        const expirationDate = new Date(result.expires_at);
+        logger.field('Session expires', expirationDate.toLocaleDateString());
+      }
+
     } catch (error) {
       spin.fail('Verification failed');
       throw error;

package/src/lib/api.js

@@ -3,22 +3,56 @@
  */
 
 const axios = require('axios');
+const os = require('os');
 const { getApiUrl, getUser } = require('./config');
+const pkg = require('../../package.json');
 
 /**
  * Create axios instance with base configuration
  */
 function createClient() {
   const user = getUser();
+  const envApiKey = process.env.SAAC_API_KEY; // For CI/CD
+
+  const headers = {
+    'Content-Type': 'application/json',
+    'User-Agent': `saac-cli/${pkg.version} (${os.platform()}; ${os.arch()})`,
+  };
+
+  // Priority order:
+  // 1. Environment variable (for CI/CD, scripts)
+  // 2. Session token (for CLI users)
+  // 3. API key (backward compatibility)
+  if (envApiKey) {
+    headers['X-API-Key'] = envApiKey;
+  } else if (user?.sessionToken) {
+    headers['X-Session-Token'] = user.sessionToken;
+  } else if (user?.apiKey) {
+    headers['X-API-Key'] = user.apiKey;
+  }
 
   return axios.create({
+    baseURL: getApiUrl(),
+    timeout: 30000,
+    headers,
+  });
+}
+
+/**
+ * Login and get session token
+ */
+async function login(email, apiKey) {
+  const client = axios.create({
     baseURL: getApiUrl(),
     timeout: 30000,
     headers: {
       'Content-Type': 'application/json',
-      ...(user?.apiKey && { 'X-API-Key': user.apiKey }),
+      'X-API-Key': apiKey, // Use API key for login
     },
   });
+
+  const response = await client.post('/auth/login', { email });
+  return response.data;
 }
 
 /**
@@ -141,6 +175,8 @@ async function healthCheck() {
 }
 
 module.exports = {
+  createClient,
+  login,
   register,
   verifyEmail,
   getUserInfo,

package/src/lib/config.js

@@ -51,12 +51,58 @@ function saveProjectConfig(config) {
 }
 
 /**
- * Check if user is authenticated
+ * Check if user is authenticated and token is valid
  */
 function isAuthenticated() {
-  const apiKey = globalConfig.get('user.apiKey');
-  const email = globalConfig.get('user.email');
-  return !!(apiKey && email);
+  const user = getUser();
+
+  if (!user || !user.email) {
+    return false;
+  }
+
+  // Check for session token
+  if (user.sessionToken) {
+    // Check if token is expired
+    if (user.expiresAt) {
+      const expirationDate = new Date(user.expiresAt);
+      const now = new Date();
+
+      if (now >= expirationDate) {
+        return false; // Token expired
+      }
+    }
+    return true;
+  }
+
+  // Fallback: Check for API key (for backward compatibility)
+  return !!user.apiKey;
+}
+
+/**
+ * Check if session token is expired
+ */
+function isTokenExpired() {
+  const user = getUser();
+  if (!user?.expiresAt) return false;
+
+  const expirationDate = new Date(user.expiresAt);
+  const now = new Date();
+
+  return now >= expirationDate;
+}
+
+/**
+ * Check if token expires soon (within 7 days)
+ */
+function isTokenExpiringSoon() {
+  const user = getUser();
+  if (!user?.expiresAt) return false;
+
+  const expirationDate = new Date(user.expiresAt);
+  const now = new Date();
+  const sevenDaysFromNow = new Date(now.getTime() + 7 * 24 * 60 * 60 * 1000);
+
+  return expirationDate <= sevenDaysFromNow && !isTokenExpired();
 }
 
 /**
@@ -99,6 +145,8 @@ module.exports = {
   getProjectConfig,
   saveProjectConfig,
   isAuthenticated,
+  isTokenExpired,
+  isTokenExpiringSoon,
   getUser,
   saveUser,
   clearUser,