@suronai/cli 0.1.35 → 0.1.37

package/package.json

@@ -1,23 +1,23 @@
-{
-  "name": "@suronai/cli",
-  "version": "0.1.35",
-  "description": "CLI for Suron — suron login, init, whoami, recover",
-  "type": "module",
-  "bin": {
-    "suron": "./src/index.js"
-  },
-  "files": [
-    "src"
-  ],
-  "scripts": {
-    "build": "node --check src/index.js src/commands/login.js src/commands/init.js src/commands/whoami.js src/commands/recover.js src/utils/config.js src/utils/dotenvx.js src/utils/colors.js",
-    "lint": "node --check src/index.js src/commands/login.js src/commands/init.js src/commands/whoami.js src/commands/recover.js src/utils/config.js src/utils/dotenvx.js src/utils/colors.js"
-  },
-  "dependencies": {
-    "@dotenvx/dotenvx": "latest",
-    "commander": "latest"
-  },
-  "engines": {
-    "node": ">=18.0.0"
-  }
-}
+{
+  "name": "@suronai/cli",
+  "version": "0.1.37",
+  "description": "Suron CLI — secrets delivery",
+  "type": "module",
+  "bin": {
+    "suron": "./src/index.js"
+  },
+  "files": [
+    "src"
+  ],
+  "scripts": {
+    "start": "bun src/index.js",
+    "dev": "bun --watch src/index.js"
+  },
+  "dependencies": {
+    "@clack/prompts": "^1.3.0",
+    "commander": "^14.0.3"
+  },
+  "engines": {
+    "bun": ">=1.0.0"
+  }
+}

package/src/commands.js

@@ -0,0 +1,237 @@
+import { Command } from "commander";
+import { intro, outro, spinner, select, text, isCancel } from "@clack/prompts";
+import { existsSync, readFileSync, writeFileSync } from "fs";
+import { join } from "path";
+import { exec } from "child_process";
+import ui from "./utils/colors.js";
+import { getToken, requireToken, saveConfig, clearToken } from "./utils/config.js";
+import { api, BASE_URL } from "./utils/api.js";
+
+function cancel(msg) {
+  console.log(ui.blank());
+  console.log(ui.errBlock(msg));
+  console.log(ui.blank());
+  process.exit(1);
+}
+
+export const loginCommand = new Command("login")
+  .description("Authenticate via browser")
+  .option("--force", "Re-authenticate even if already logged in")
+  .action(async (opts) => {
+    const existing = getToken();
+    if (existing && !opts.force) {
+      console.log(ui.blank());
+      console.log(ui.errBlock("already logged in", "use --force to re-authenticate"));
+      console.log(ui.blank());
+      process.exit(1);
+    }
+
+    console.log(ui.logo());
+    console.log(ui.blank());
+    console.log(ui.hr());
+    console.log(ui.blank());
+
+    const chars = "abcdefghijklmnopqrstuvwxyz0123456789";
+    let code = "";
+    for (let i = 0; i < 6; i++) code += chars[Math.floor(Math.random() * chars.length)];
+
+    await api("/cli/auth-code", {
+      method: "POST",
+      body: JSON.stringify({ code }),
+    });
+
+    const loginUrl = `${BASE_URL}/clilogin?code=${code}`;
+
+    console.log(ui.infoBlock("Opening browser to complete login..."));
+    console.log(ui.blank());
+    console.log(ui.kv("URL", loginUrl, 6));
+    console.log(ui.blank());
+
+    exec(`open "${loginUrl}" 2>/dev/null || xdg-open "${loginUrl}" 2>/dev/null || cmd /c start "" "${loginUrl}" 2>/dev/null`);
+
+    const s = spinner();
+    s.start("Waiting for approval");
+
+    const deadline = Date.now() + 300_000;
+    let token = null;
+
+    while (Date.now() < deadline) {
+      await new Promise(r => setTimeout(r, 2000));
+      try {
+        const result = await api(`/cli/auth-code/status?code=${code}`);
+        if (result.status === "approved" && result.token) {
+          token = result.token;
+          break;
+        }
+      } catch {}
+    }
+
+    s.stop(token ? "Approved" : "Timed out");
+
+    if (!token) {
+      console.log(ui.blank());
+      console.log(ui.errBlock("login timed out", "try again"));
+      process.exit(1);
+    }
+
+    saveConfig({ token });
+
+    console.log(ui.blank());
+    console.log(ui.step("done", "logged in"));
+    console.log(ui.step("done", "saved  ~/.suron-config"));
+    console.log(ui.blank());
+    console.log(ui.hr());
+    console.log(ui.blank());
+    console.log(ui.infoBlock("next  ›  cd your-project  &&  " + ui.code("suron init")));
+    console.log(ui.blank());
+  });
+
+export const logoutCommand = new Command("logout")
+  .description("Clear local session token")
+  .action(async () => {
+    clearToken();
+    try {
+      await api("/auth/logout", { method: "POST" });
+    } catch {}
+    console.log(ui.blank());
+    console.log(ui.okBlock("logged out"));
+    console.log(ui.blank());
+  });
+
+export const initCommand = new Command("init")
+  .description("Initialize Suron in this project")
+  .action(async () => {
+    const token = requireToken();
+
+    if (existsSync(".suron.json")) {
+      console.log(ui.blank());
+      console.log(ui.errBlock(".suron.json already exists", "use suron up to push a new version"));
+      console.log(ui.blank());
+      process.exit(1);
+    }
+
+    if (!existsSync(".env")) {
+      console.log(ui.blank());
+      console.log(ui.errBlock(".env not found", "create a .env file first"));
+      console.log(ui.blank());
+      process.exit(1);
+    }
+
+    console.log(ui.logo());
+    console.log(ui.blank());
+    console.log(ui.hr());
+    console.log(ui.blank());
+
+    const mode = await select({
+      message: "How do you want to link this project?",
+      options: [
+        { value: "new", label: "Create new app" },
+        { value: "existing", label: "Link to existing app" },
+      ],
+    });
+
+    if (isCancel(mode)) cancel("cancelled");
+
+    let app_id, app_name;
+
+    if (mode === "new") {
+      const name = await text({
+        message: "App name (alphanumeric)",
+        validate: v => /^[a-zA-Z0-9]+$/.test(v) ? undefined : "Alphanumeric only",
+      });
+      if (isCancel(name)) cancel("cancelled");
+
+      const result = await api("/apps", {
+        method: "POST",
+        body: JSON.stringify({ name }),
+      }).catch(err => cancel(err.message));
+
+      app_id = result.app_id;
+      app_name = result.name;
+    } else {
+      const apps = await api("/apps").catch(err => cancel(err.message));
+
+      if (!apps.length) {
+        console.log(ui.blank());
+        console.log(ui.errBlock("no apps found", "use 'Create new app' instead"));
+        process.exit(1);
+      }
+
+      const chosen = await select({
+        message: "Select an app",
+        options: apps.map(a => ({ value: a.app_id, label: a.name })),
+      });
+      if (isCancel(chosen)) cancel("cancelled");
+
+      const found = apps.find(a => a.app_id === chosen);
+      app_id = found.app_id;
+      app_name = found.name;
+    }
+
+    const env_plaintext = readFileSync(".env", "utf-8");
+
+    const s = spinner();
+    s.start("Pushing v1");
+
+    const result = await api(`/apps/${app_id}/versions`, {
+      method: "POST",
+      body: JSON.stringify({ env_plaintext }),
+    }).catch(err => { s.stop("failed"); cancel(err.message); });
+
+    s.stop("Done");
+
+    const suronJson = { app_name, app_id, version: result.version };
+    writeFileSync(".suron.json", JSON.stringify(suronJson, null, 2) + "\n");
+
+    console.log(ui.blank());
+    console.log(ui.step("done", "encrypted and uploaded .env"));
+    console.log(ui.step("done", `version  ${result.version}`));
+    console.log(ui.step("done", "wrote  .suron.json"));
+    console.log(ui.blank());
+    console.log(ui.hr());
+    console.log(ui.blank());
+    console.log(ui.infoBlock("add .suron.json to git  ·  add .env to .gitignore"));
+    console.log(ui.blank());
+  });
+
+export const upCommand = new Command("up")
+  .description("Push a new version of .env")
+  .action(async () => {
+    requireToken();
+
+    if (!existsSync(".suron.json")) {
+      console.log(ui.blank());
+      console.log(ui.errBlock(".suron.json not found", "run: suron init"));
+      console.log(ui.blank());
+      process.exit(1);
+    }
+
+    if (!existsSync(".env")) {
+      console.log(ui.blank());
+      console.log(ui.errBlock(".env not found"));
+      console.log(ui.blank());
+      process.exit(1);
+    }
+
+    const suronJson = JSON.parse(readFileSync(".suron.json", "utf-8"));
+    const { app_id, app_name } = suronJson;
+
+    const env_plaintext = readFileSync(".env", "utf-8");
+
+    const s = spinner();
+    s.start("Pushing new version");
+
+    const result = await api(`/apps/${app_id}/versions`, {
+      method: "POST",
+      body: JSON.stringify({ env_plaintext }),
+    }).catch(err => { s.stop("failed"); cancel(err.message); });
+
+    s.stop("Done");
+
+    suronJson.version = result.version;
+    writeFileSync(".suron.json", JSON.stringify(suronJson, null, 2) + "\n");
+
+    console.log(ui.blank());
+    console.log(ui.step("done", `version  ${result.version}  pushed`));
+    console.log(ui.blank());
+  });

package/src/index.js

@@ -2,12 +2,9 @@
 
 import { Command } from "commander";
 import { createRequire } from "module";
-import { loginCommand }   from "./commands/login.js";
-import { initCommand }    from "./commands/init.js";
-import { whoamiCommand }  from "./commands/whoami.js";
-import { recoverCommand } from "./commands/recover.js";
+import { loginCommand, logoutCommand, initCommand, upCommand } from "./commands.js";
 
-const require  = createRequire(import.meta.url);
+const require = createRequire(import.meta.url);
 const { version } = require("../package.json");
 
 const program = new Command();
@@ -18,8 +15,8 @@ program
   .version(version);
 
 program.addCommand(loginCommand);
+program.addCommand(logoutCommand);
 program.addCommand(initCommand);
-program.addCommand(whoamiCommand);
-program.addCommand(recoverCommand);
+program.addCommand(upCommand);
 
 program.parse(process.argv);

package/src/utils/api.js

@@ -0,0 +1,20 @@
+import { getToken } from "./config.js";
+
+const BASE_URL = "https://suronai.com";
+
+export async function api(path, options = {}) {
+  const token = getToken();
+  const headers = { "Content-Type": "application/json", ...options.headers };
+  if (token) headers["Authorization"] = `Bearer ${token}`;
+
+  const res = await fetch(`${BASE_URL}${path}`, { ...options, headers });
+
+  if (!res.ok) {
+    const data = await res.json().catch(() => ({}));
+    throw new Error(data.error ?? `HTTP ${res.status}`);
+  }
+
+  return res.json();
+}
+
+export { BASE_URL };

package/src/utils/colors.js

@@ -1,11 +1,181 @@
-// Minimal ANSI helpers — no deps, works in any Node.js
-export const c = {
-  bold:   (s) => `\x1b[1m${s}\x1b[0m`,
-  dim:    (s) => `\x1b[2m${s}\x1b[0m`,
-  green:  (s) => `\x1b[32m${s}\x1b[0m`,
-  red:    (s) => `\x1b[31m${s}\x1b[0m`,
-  yellow: (s) => `\x1b[33m${s}\x1b[0m`,
-  cyan:   (s) => `\x1b[36m${s}\x1b[0m`,
+/**
+ * SURON — Terminal Design System
+ *
+ * Aesthetic: Dieter Rams × Teenage Engineering
+ * Principle: Less, but better. Every character earns its place.
+ *
+ * Palette:
+ *   Amber      — primary signal, values, focus       #FFB347 → \x1b[38;5;214m
+ *   Warm white — labels, structural text             \x1b[97m
+ *   Slate      — secondary / dim                     \x1b[2m
+ *   Green      — success / done                      \x1b[38;5;71m
+ *   Red        — error / fail                        \x1b[38;5;167m
+ *   No blue. No purple. No cyan.
+ *
+ * Grid: all content lives at a 2-space left indent.
+ * Rule width: 58 chars of content (60 total with indent).
+ */
+
+const ESC = "\x1b[";
+const R   = "\x1b[0m";
+
+// Core palette
+const amber     = (s) => `${ESC}38;5;214m${s}${R}`;
+const warm      = (s) => `${ESC}97m${s}${R}`;
+const slate     = (s) => `${ESC}2m${s}${R}`;
+const green     = (s) => `${ESC}38;5;71m${s}${R}`;
+const red       = (s) => `${ESC}38;5;167m${s}${R}`;
+const bold      = (s) => `${ESC}1m${s}${R}`;
+const italic    = (s) => `${ESC}3m${s}${R}`;
+
+// Semantic aliases
+const value     = amber;   // user-supplied values, app names, URLs
+const label     = slate;   // column headers, static labels
+const ok        = green;   // success states
+const fail      = red;     // error states
+const em        = warm;    // emphasis within a line
+
+// ── Structural primitives ────────────────────────────────────────────────────
+
+const INDENT    = "  ";
+const COL_W     = 58;
+
+/** Horizontal rule — thin, full-width */
+const hr        = () => INDENT + slate("─".repeat(COL_W));
+
+/** Thick rule — section separator */
+const hrThick   = () => INDENT + slate("━".repeat(COL_W));
+
+/** Blank line */
+const blank     = () => "";
+
+/** Section header — sparse, uppercase, no decoration */
+const header    = (text) =>
+  INDENT + bold(warm(text.toUpperCase()));
+
+/**
+ * Key-value row — strict two-column layout
+ * key is left-padded to `keyWidth` (default 14), value is amber
+ * @param {string} key
+ * @param {string} val
+ * @param {number} [keyWidth=14]
+ */
+const kv        = (key, val, keyWidth = 14) =>
+  INDENT + label(key.padEnd(keyWidth)) + value(val);
+
+/**
+ * Status row — used in step lists
+ * States: "pending" | "run" | "done" | "skip" | "fail"
+ * @param {"pending"|"run"|"done"|"skip"|"fail"} state
+ * @param {string} text
+ * @param {string} [note]
+ */
+const STATUS_GLYPHS = {
+  pending: slate("·"),
+  run:     amber("▶"),
+  done:    green("✔"),
+  skip:    slate("○"),
+  fail:    red("✘"),
+};
+const STATUS_LABELS = {
+  pending: slate("···"),
+  run:     amber("RUN"),
+  done:    green("OK "),
+  skip:    slate("SKP"),
+  fail:    red("ERR"),
+};
+
+const step = (state, text, note) => {
+  const glyph  = STATUS_GLYPHS[state] ?? STATUS_GLYPHS.pending;
+  const status = STATUS_LABELS[state] ?? STATUS_LABELS.pending;
+  const body   = state === "fail"   ? red(text)
+               : state === "done"   ? slate(text)
+               : state === "skip"   ? slate(text)
+               : state === "run"    ? warm(text)
+               :                      slate(text);
+  const tail   = note ? "  " + slate(italic(note)) : "";
+  return INDENT + glyph + "  " + status + "  " + body + tail;
+};
+
+/**
+ * Inline prompt indicator — shown before user input
+ * @param {string} question
+ * @returns {string}
+ */
+const promptLine = (question) =>
+  INDENT + amber("▸") + "  " + warm(question) + "  " + slate("›") + " ";
+
+/**
+ * Error block — tight, no wasted space
+ * @param {string} msg
+ * @param {string} [hint]
+ */
+const errBlock = (msg, hint) => {
+  const lines = [INDENT + red("✘") + "  " + red(msg)];
+  if (hint) lines.push(INDENT + "   " + slate(hint));
+  return lines.join("\n");
 };
 
-export default c;
+/**
+ * Success block
+ * @param {string} msg
+ */
+const okBlock  = (msg) =>
+  INDENT + green("✔") + "  " + ok(msg);
+
+/**
+ * Info block (neutral)
+ * @param {string} msg
+ */
+const infoBlock = (msg) =>
+  INDENT + slate("·") + "  " + slate(msg);
+
+/**
+ * Code / path snippet — amber, stencil feel
+ * @param {string} text
+ */
+const code     = (text) =>
+  amber(text);
+
+/**
+ * Diff line — used in entry-point patching
+ * @param {"remove"|"add"|"unknown"} type
+ * @param {string} text
+ */
+const diff = (type, text) => {
+  if (type === "remove")  return INDENT + "   " + red("−") + "  " + slate(text);
+  if (type === "add")     return INDENT + "   " + green("+") + "  " + amber(text);
+  return                         INDENT + "   " + slate("?") + "  " + slate("(manual update required)");
+};
+
+/**
+ * Logo / wordmark — sparse, dot-matrix feel
+ * Only shown once per session (login/init headers).
+ */
+const logo = () => [
+  blank(),
+  INDENT + bold(warm("SURON")) + "  " + slate("·  secrets delivery"),
+].join("\n");
+
+/**
+ * Final "ready" block shown at end of init/encrypt
+ * @param {Array<{label:string, note:string}>} facts
+ */
+const readyBlock = (facts) => {
+  const lines = facts.map(f =>
+    INDENT + green("·") + "  " + label(f.label.padEnd(16)) + slate(f.note)
+  );
+  lines.push(blank());
+  lines.push(INDENT + green("▶") + "  " + bold(ok("READY")));
+  return lines.join("\n");
+};
+
+export default {
+  // palette
+  amber, warm, slate, green, red, bold, italic, value, label, ok, fail, em,
+  // layout
+  hr, hrThick, blank, header, kv, step, promptLine, errBlock, okBlock,
+  infoBlock, code, diff, logo, readyBlock,
+  // constants
+  INDENT, COL_W,
+};

package/src/utils/config.js

@@ -1,14 +1,10 @@
 import { homedir } from "os";
 import { join } from "path";
 import { readFileSync, writeFileSync, existsSync } from "fs";
-import readline from "readline";
-import c from "./colors.js";
+import ui from "./colors.js";
 
 const CONFIG_PATH = join(homedir(), ".suron-config");
 
-/**
- * @returns {{ apiUrl?: string }}
- */
 export function readConfig() {
   if (!existsSync(CONFIG_PATH)) return {};
   try {
@@ -19,7 +15,7 @@ export function readConfig() {
       const key = line.slice(0, eq).trim();
       const val = line.slice(eq + 1).trim();
       if (!val) continue;
-      if (key === "SURON_API_URL") config.apiUrl = val;
+      if (key === "SURON_TOKEN") config.token = val;
     }
     return config;
   } catch {
@@ -27,44 +23,28 @@ export function readConfig() {
   }
 }
 
-/**
- * @param {{ apiUrl?: string }} values
- */
 export function saveConfig(values) {
   const merged = { ...readConfig(), ...values };
   const lines = [];
-  if (merged.apiUrl) lines.push(`SURON_API_URL=${merged.apiUrl}`);
+  if (merged.token) lines.push(`SURON_TOKEN=${merged.token}`);
   writeFileSync(CONFIG_PATH, lines.join("\n") + "\n", { mode: 0o600 });
 }
 
-/** @returns {string | null} */
-export function getApiUrl() {
-  // Strip trailing slash from both sources so callers always get a clean URL.
-  const fromEnv    = process.env.SURON_API_URL?.replace(/\/$/, "");
-  const fromConfig = readConfig().apiUrl?.replace(/\/$/, "");
-  return fromEnv ?? fromConfig ?? null;
+export function getToken() {
+  return readConfig().token ?? null;
 }
 
-/** @returns {string} */
-export function requireApiUrl() {
-  const url = getApiUrl();
-  if (!url) {
-    console.error(c.red("  error:") + " not configured. Run: suron login");
+export function requireToken() {
+  const token = getToken();
+  if (!token) {
+    console.error(ui.blank());
+    console.error(ui.errBlock("not logged in", "run: suron login"));
+    console.error(ui.blank());
     process.exit(1);
   }
-  return url;
+  return token;
 }
 
-/**
- * @param {string} question
- * @returns {Promise<string>}
- */
-export function prompt(question) {
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve) => {
-    rl.question(question, (answer) => {
-      rl.close();
-      resolve(answer.trim());
-    });
-  });
+export function clearToken() {
+  writeFileSync(CONFIG_PATH, "", { mode: 0o600 });
 }

package/src/utils/crypto.js

@@ -0,0 +1,7 @@
+export function encryptEnv(plaintext) {
+  return plaintext;
+}
+
+export function decryptEnv(plaintext) {
+  return plaintext;
+}