npm - @switchboard.spot/cli - Versions diffs - 0.2.3 → 0.2.4 - Mend

@switchboard.spot/cli 0.2.3 → 0.2.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -56,9 +56,9 @@ If a first publish fails, `npm view @switchboard.spot/cli` will continue to retu
 switchboard auth login
 switchboard projects create --name "My App" --slug my-app
 switchboard setup project --origin http://localhost:5173 --json
-switchboard verify setup
+switchboard verify setup --app-url <app-url>
 switchboard launch prepare --production-origin https://app.example.com --end-user-terms-url https://app.example.com/terms --end-user-privacy-url https://app.example.com/privacy --support-email support@example.com --contact-email owner@example.com --use-case "Browser chat for signed-in customers"
-switchboard verify publish
+switchboard verify publish --app-url <preview-url>
 ```
 Use `--json` for automation, CI, and coding agents.
@@ -67,7 +67,7 @@ Use `--json` for automation, CI, and coding agents.
 CLI account login does not create Client Gateway end-user sessions. End-user sign-up, sign-in, and refresh require the SDK-managed browser challenge; curl, Node scripts, CI, and CLI account login cannot mint browser sessions without running that real browser/mobile flow.
-For local Switchboard development, `switchboard verify setup --client-url http://localhost:4000/m/<slug>/v1` uses the built-in `dev_browser_challenge` token unless a scenario supplies an explicit `browserChallengeToken`. Hosted Switchboard should use managed Turnstile and the SDK-managed real browser challenge. A local sandbox smoke path is: configure allowed origin plus legal/support fields, create an anonymous session through the SDK or browser verification flow, then call Client Gateway chat.
+For local Switchboard development, `switchboard verify setup --app-url <app-url> --client-url http://localhost:4000/m/<slug>/v1` uses the built-in `dev_browser_challenge` token unless a scenario supplies an explicit `browserChallengeToken`. Hosted Switchboard should use managed Turnstile and the SDK-managed real browser challenge. A local sandbox smoke path is: configure allowed origin plus legal/support fields, create an anonymous session through the SDK or browser verification flow, then call Client Gateway chat.
 Model discovery is global. Use `GET /v1/models` for OpenAI-compatible discovery or `GET /v1/catalog/models` for catalog/pricing metadata; Client Gateway chat is project-scoped at `/m/<slug>/v1/chat/completions`.

package/lib/commands/auth.js CHANGED Viewed

@@ -320,8 +320,8 @@ function waitForCallback(callbackServer, timeoutSeconds, json) {
 export function callbackPage(title, message, tone) {
   const success = tone === "success";
   const accent = success ? "#14b8a6" : "#ef4444";
-  const accentSoft = success ? "#ccfbf1" : "#fee2e2";
-  const mark = success ? "✓" : "!";
+  const mark = success ? "✓" : "×";
+  const ariaLabel = success ? "Switchboard CLI login complete" : "Switchboard CLI login failed";
   return `<!doctype html>
 <html lang="en">
@@ -340,114 +340,41 @@ export function callbackPage(title, message, tone) {
       body {
         min-height: 100vh;
         margin: 0;
+        display: grid;
+        place-items: center;
         color: #1f2937;
         background:
           repeating-linear-gradient(125deg, transparent, transparent 6px, #e8e8e8 6px, #e8e8e8 7px),
           #ffffff;
       }
-      .page {
-        min-height: 100vh;
-        width: min(100%, 80rem);
-        margin: 0 auto;
-        display: flex;
-        flex-direction: column;
-        border-inline: 1px solid #e5e7eb;
-        background:
-          repeating-linear-gradient(125deg, transparent, transparent 6px, #e8e8e8 6px, #e8e8e8 7px),
-          #ffffff;
-      }
-      header {
-        height: 4.5rem;
-        display: flex;
-        align-items: center;
-        justify-content: space-between;
-        padding: 0 1.5rem;
-        border-bottom: 1px solid #e5e7eb;
-        background: rgba(255, 255, 255, 0.88);
-        backdrop-filter: blur(12px);
-      }
-      .logo {
-        color: #1f2937;
-        font-size: 0.95rem;
-        font-weight: 800;
-        letter-spacing: 0;
-      }
-      .pill {
-        border: 1px solid #e5e7eb;
-        border-radius: 999px;
-        padding: 0.45rem 0.8rem;
-        background: #ffffff;
-        color: #4b5563;
-        font-size: 0.82rem;
-        font-weight: 600;
-      }
-      main {
-        flex: 1;
+      .panel {
+        width: min(100%, 12rem);
+        aspect-ratio: 1;
         display: grid;
         place-items: center;
-        padding: 5rem 1.5rem;
-      }
-      .panel {
-        width: min(100%, 34rem);
         border: 1px solid #e5e7eb;
         border-radius: 0.5rem;
-        padding: clamp(1.5rem, 5vw, 2.25rem);
+        padding: 1.5rem;
         background: rgba(255, 255, 255, 0.94);
         box-shadow:
           0 1.34368px 0.537473px -0.625px rgba(0, 0, 0, 0.09),
           0 15.5969px 6.23877px -3.125px rgba(0, 0, 0, 0.07),
           0 43.962px 17.5848px -4.375px rgba(0, 0, 0, 0.04);
-        text-align: center;
-      }
-      .eyebrow {
-        margin: 0 0 1.25rem;
-        color: #4b5563;
-        font-size: 0.78rem;
-        font-weight: 700;
-        letter-spacing: 0.12em;
-        text-transform: uppercase;
       }
       .mark {
-        width: 4rem;
-        height: 4rem;
-        margin: 0 auto 1.25rem;
+        width: 5rem;
+        height: 5rem;
         display: grid;
         place-items: center;
         border: 1px solid ${accent};
         border-radius: 0.5rem;
         background: ${accent};
         color: #111827;
-        font-size: 1.9rem;
+        font-size: 3rem;
+        line-height: 1;
         font-weight: 900;
         box-shadow: 0 18px 40px -20px ${accent};
       }
-      h1 {
-        margin: 0;
-        color: #1f2937;
-        font-size: clamp(2rem, 7vw, 3.5rem);
-        line-height: 0.98;
-        letter-spacing: 0;
-      }
-      p {
-        margin: 1rem auto 0;
-        max-width: 26rem;
-        color: #4b5563;
-        font-size: 1rem;
-        line-height: 1.65;
-      }
-      .status {
-        display: inline-flex;
-        align-items: center;
-        gap: 0.5rem;
-        margin-top: 1.5rem;
-        border: 1px solid ${accent};
-        border-radius: 999px;
-        padding: 0.5rem 0.8rem;
-        background: ${accentSoft};
-        color: #1f2937;
-        font-size: 0.86rem;
-        font-weight: 700;
-      }
       @media (prefers-color-scheme: dark) {
         :root {
           background: #020617;
@@ -459,53 +386,20 @@ export function callbackPage(title, message, tone) {
             repeating-linear-gradient(125deg, transparent, transparent 6px, rgba(55, 65, 81, 0.6) 6px, rgba(55, 65, 81, 0.6) 7px),
             #020617;
         }
-        .page {
-          border-color: #1f2937;
-          background:
-            repeating-linear-gradient(125deg, transparent, transparent 6px, rgba(55, 65, 81, 0.6) 6px, rgba(55, 65, 81, 0.6) 7px),
-            #020617;
-        }
-        header,
         .panel {
           border-color: #1f2937;
           background: rgba(2, 6, 23, 0.94);
         }
-        .logo,
-        h1 {
-          color: #f3f4f6;
-        }
-        .pill,
-        .eyebrow,
-        p {
-          color: #d1d5db;
-        }
-        .pill {
-          border-color: #1f2937;
-          background: #111827;
-        }
-        .mark,
-        .status {
+        .mark {
           color: #020617;
         }
       }
     </style>
   </head>
   <body>
-    <div class="page">
-      <header>
-        <div class="logo">Switchboard</div>
-        <div class="pill">CLI session</div>
-      </header>
-      <main>
-        <section class="panel" aria-labelledby="callback-title">
-          <p class="eyebrow">Switchboard CLI</p>
-          <div class="mark" aria-hidden="true">${mark}</div>
-          <h1 id="callback-title">${escapeHtml(title)}</h1>
-          <p>${escapeHtml(message)}</p>
-          <div class="status">${success ? "Session approved" : "Session not approved"}</div>
-        </section>
-      </main>
-    </div>
+    <main class="panel" aria-label="${ariaLabel}">
+      <div class="mark" aria-hidden="true">${mark}</div>
+    </main>
   </body>
 </html>`;
 }

package/lib/commands/doctor.js CHANGED Viewed

@@ -42,6 +42,10 @@ export async function runDoctorChecks({
   checks.push(
     await check("health", async () => {
       const result = await health(config);
+      if (!result.ok) {
+        throw new Error(result.data?.status || result.data?.message || `HTTP ${result.status}`);
+      }
       return { status: result.status, data: result.data };
     }),
   );

package/lib/commands/verify.js CHANGED Viewed

@@ -15,6 +15,7 @@ export function registerVerifyCommands(program) {
       .command("setup")
       .description("Verify a local or preview Switchboard integration setup")
       .option("--url <app-url>", "Application URL to test")
+      .option("--app-url <app-url>", "Alias for --url")
       .option("--client-url <switchboard-client-url>", "Switchboard Client Gateway client URL"),
   ).action(async (opts, cmd) => {
     await runVerifyCommand("setup", opts, cmd);
@@ -25,6 +26,7 @@ export function registerVerifyCommands(program) {
       .command("publish")
       .description("Verify an HTTPS preview is safe to publish")
       .option("--url <preview-url>", "HTTPS preview URL to test")
+      .option("--app-url <preview-url>", "Alias for --url")
       .option("--client-url <switchboard-client-url>", "Switchboard Client Gateway client URL")
       .option("--production-origin <origin>", "Production origin that must be allowed"),
   )
@@ -38,6 +40,7 @@ export function registerVerifyCommands(program) {
       .command("browser")
       .description("Run a declarative browser verification scenario")
       .option("--url <app-url>", "Application URL to test")
+      .option("--app-url <app-url>", "Alias for --url")
       .option("--client-url <switchboard-client-url>", "Switchboard Client Gateway client URL"),
   ).action(async (opts, cmd) => {
     await runVerifyCommand("browser", opts, cmd);
@@ -60,6 +63,7 @@ async function runVerifyCommand(mode, opts, cmd) {
     const project = mode === "publish" ? await loadProject(opts, flags) : null;
     const report = await verifierForMode(mode)({
       url: opts.url,
+      appUrl: opts.appUrl,
       clientUrl: opts.clientUrl,
       productionOrigin: opts.productionOrigin,
       scenarioPath: opts.scenario,

package/lib/verify/index.js CHANGED Viewed

@@ -48,7 +48,6 @@ const CHECK_TYPE_TO_ID = new Map([
 ]);
 const SERVER_SECRET_PATTERNS = [
-  { name: "SWITCHBOARD_API_KEY", pattern: /\bSWITCHBOARD_API_KEY\b/ },
   { name: "switchboard live key", pattern: /\bsb_live_[A-Za-z0-9_-]{6,}\b/ },
   { name: "switchboard test key", pattern: /\bsb_test_[A-Za-z0-9_-]{6,}\b/ },
   { name: "account session token", pattern: /\bsb_sess_[A-Za-z0-9_-]{6,}\b/ },
@@ -125,7 +124,7 @@ export async function runVerification(options = {}) {
   const scenario = validateScenario(options.scenario ?? loadScenario(options.scenarioPath));
   const report = createReport(mode);
   const artifactsDir = options.artifactsDir ?? DEFAULT_ARTIFACTS_DIR;
-  const appUrl = parseRequiredUrl(options.url, "--url");
+  const appUrl = parseRequiredUrl(options.appUrl ?? options.url, options.appUrl ? "--app-url" : "--url");
   const clientUrl = options.clientUrl ? parseRequiredUrl(options.clientUrl, "--client-url") : null;
   const timeoutMs = normalizeTimeoutMs(options.timeoutMs);
   let productionOrigin = options.productionOrigin;
@@ -723,6 +722,7 @@ function normalizedHostname(url) {
 function browserChallengeTokenFor(check, clientUrl) {
   if (Object.prototype.hasOwnProperty.call(check, "browserChallengeToken")) {
+    validateBrowserChallengeToken(check.browserChallengeToken, clientUrl);
     return check.browserChallengeToken;
   }
@@ -730,13 +730,25 @@ function browserChallengeTokenFor(check, clientUrl) {
     return DEV_BROWSER_CHALLENGE_TOKEN;
   }
-  return DEFAULT_BROWSER_CHALLENGE_TOKEN;
+  throw new VerificationInputError(
+    "Hosted Switchboard verification cannot submit synthetic browser challenge tokens. Run the SDK-managed browser challenge in the real app, or target a localhost Switchboard URL for dev verification.",
+  );
 }
 function isLocalSwitchboardUrl(url) {
   return url instanceof URL && LOCAL_HOSTS.has(normalizedHostname(url));
 }
+export function validateBrowserChallengeToken(token, clientUrl) {
+  if (isLocalSwitchboardUrl(clientUrl)) return;
+  if (token === DEV_BROWSER_CHALLENGE_TOKEN || token === DEFAULT_BROWSER_CHALLENGE_TOKEN) {
+    throw new VerificationInputError(
+      "Synthetic browser challenge tokens are allowed only against localhost Switchboard URLs.",
+    );
+  }
+}
 function addFailure(report, checkId, message, finding) {
   addCheck(report, { id: checkId, status: "failed", message });
   report.findings.push({

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@switchboard.spot/cli",
-  "version": "0.2.3",
+  "version": "0.2.4",
   "description": "Switchboard CLI — full dashboard parity for agents and testing",
   "type": "module",
   "bin": {