@switchboard.spot/cli 0.2.4 → 0.2.5

package/lib/commands/setup.js

@@ -5,16 +5,8 @@
 import { configureEnvironment } from "./env.js";
 import { accountRequest } from "../client.js";
 import { emit, fail, globalFlags, redactSecrets } from "../output.js";
-import { resolveConfig } from "../config.js";
+import { resolveConfig, saveConfig } from "../config.js";
 import { runDoctorChecks } from "./doctor.js";
-import {
-  ensureProject,
-  fetchProject,
-  provisionManagedTurnstile,
-  requestAccessIfNeeded,
-  saveProjectConfig,
-  validateLaunchOptions,
-} from "./launch.js";
 
 export function registerSetupCommand(program) {
   const setup = program
@@ -28,24 +20,14 @@ export function registerSetupCommand(program) {
     .option("--project-name <name>", "Create a project when no project id is provided")
     .option("--project-slug <slug>", "Slug for a project created by this command")
     .requiredOption("--origin <origin>", "Exact local, preview, or sandbox browser origin")
-    .option("--target <target>", "client, server, or both", "client")
+    .option("--target <target>", "client", "client")
     .option("--file <path>", "Local env file to update", ".env.local")
-    .option("--secret-target <target>", "local or exec", "local")
-    .option("--secret-command <command>", "Command that stores secrets from stdin JSON")
     .option("--force", "Replace existing Switchboard-managed env values and project origins")
-    .option(
-      "--production-origin <origin>",
-      "Exact HTTPS production origin, for example https://app.example.com",
-    )
+    .option("--production-origin <origin>", "Exact HTTPS production origin to add as an allowed origin")
     .option("--end-user-terms-url <url>")
     .option("--end-user-privacy-url <url>")
     .option("--support-url <url>")
     .option("--support-email <email>")
-    .option("--contact-email <email>")
-    .option("--use-case <text>")
-    .option("--expected-monthly-volume <volume>")
-    .option("--needed-billing-mode <mode>", "Billing mode needed for production")
-    .option("--notes <text>")
     .action(async (opts, cmd) => {
       const flags = globalFlags(cmd);
       const result = await setupProject(opts, { json: flags.json });
@@ -59,8 +41,6 @@ export async function setupSwitchboard(opts, dependencies = {}) {
     {
       mode: target,
       file: opts.file,
-      target: opts.secretTarget,
-      secretCommand: opts.secretCommand,
       projectId: opts.projectId,
       force: opts.force,
     },
@@ -76,11 +56,11 @@ export async function setupSwitchboard(opts, dependencies = {}) {
 }
 
 function normalizeSetupTarget(target, json) {
-  if (target === "client" || target === "server" || target === "both") {
+  if (target === "client" || target === undefined) {
     return target;
   }
 
-  fail("--target must be client, server, or both", 1, json);
+  fail("--target must be client", 1, json);
 }
 
 function smokeCheck(result) {
@@ -94,11 +74,6 @@ function smokeCheck(result) {
     ok: true,
     checks: [
       clientEnvConfigured ? "client_env" : null,
-      result.changed.includes("SWITCHBOARD_BASE_URL") ||
-        result.skipped.includes("SWITCHBOARD_BASE_URL")
-        ? "server_env"
-        : null,
-      result.secrets.length > 0 ? "server_secret" : null,
     ].filter(Boolean),
   };
 }
@@ -119,9 +94,6 @@ export async function setupProject(
     config = resolveConfig(),
     cwd,
     json = false,
-    getSecret,
-    setSecret,
-    runSecretCommand,
   } = {},
 ) {
   validateProjectSetupOptions(opts, { json });
@@ -140,12 +112,10 @@ export async function setupProject(
     {
       mode: normalizeSetupTarget(opts.target, json),
       file: opts.file,
-      target: opts.secretTarget,
-      secretCommand: opts.secretCommand,
       projectId: String(configured.id),
       force: opts.force,
     },
-    { request, cwd, json, getSecret, setSecret, runSecretCommand },
+    { request, cwd, json },
   );
 
   const idempotencyKey = `setup-project-${configured.id}`;
@@ -153,18 +123,13 @@ export async function setupProject(
     request,
   });
 
-  let access = null;
-  if (hasProductionOptions(opts)) {
-    access = await requestAccessIfNeeded(configured.id, configured, opts, flags, { request });
-  }
-
   const latest = await fetchProject(configured.id, flags, { request });
   saveProject(latest);
 
   const doctorConfig = {
     ...config,
     projectId: String(latest.id),
-    virtualMicroserviceUrl: latest.virtual_microservice_url || config.virtualMicroserviceUrl,
+    clientGatewayUrl: latest.client_gateway_url || config.clientGatewayUrl,
   };
   const readiness = await doctor({ config: doctorConfig, request });
 
@@ -173,7 +138,6 @@ export async function setupProject(
     env,
     challenge,
     readiness,
-    access,
     origin: opts.origin,
     origins,
   });
@@ -188,19 +152,15 @@ function validateProjectSetupOptions(opts, flags) {
     fail("--origin must be an exact browser origin such as http://127.0.0.1:4173", 1, flags.json);
   }
 
-  if (!hasProductionOptions(opts)) return;
+  if (!opts.productionOrigin) return;
 
-  validateLaunchOptions(opts, flags);
+  if (!productionHttpsOrigin(opts.productionOrigin)) {
+    fail("--production-origin must be an exact HTTPS production origin", 1, flags.json);
+  }
 
-  for (const name of [
-    "endUserTermsUrl",
-    "endUserPrivacyUrl",
-    "supportEmail",
-    "contactEmail",
-    "useCase",
-  ]) {
+  for (const name of ["endUserTermsUrl", "endUserPrivacyUrl", "supportEmail"]) {
     if (!opts[name]) {
-      fail(`--${dasherize(name)} is required when production launch fields are provided`, 1, flags.json);
+      fail(`--${dasherize(name)} is required when --production-origin is provided`, 1, flags.json);
     }
   }
 }
@@ -212,11 +172,6 @@ function hasProductionOptions(opts) {
     "endUserPrivacyUrl",
     "supportUrl",
     "supportEmail",
-    "contactEmail",
-    "useCase",
-    "expectedMonthlyVolume",
-    "neededBillingMode",
-    "notes",
   ].some((key) => opts[key] != null);
 }
 
@@ -233,7 +188,7 @@ function configuredOrigins(project, opts) {
 async function updateSetupProject(projectId, opts, origins, flags, { request, save }) {
   const body = {
     allowed_origins: origins,
-    virtual_microservice_enabled: true,
+    client_gateway_enabled: true,
   };
 
   if (hasProductionOptions(opts)) {
@@ -251,25 +206,20 @@ async function updateSetupProject(projectId, opts, origins, flags, { request, sa
   return data;
 }
 
-function projectSetupSummary({ project, env, challenge, readiness, access, origin, origins }) {
+function projectSetupSummary({ project, env, challenge, readiness, origin, origins }) {
   const hardFailures = readiness.checks.filter((check) => !check.ok).map((check) => check.name);
   const configured = hardFailures.length === 0;
-  const productionRequested = Boolean(access);
 
   return {
     object: "setup_project_result",
     ok: configured,
-    status: !configured
-      ? "failed"
-      : productionRequested
-        ? "production_requested"
-        : "ready_for_browser_manual_check",
+    status: configured ? "ready_for_browser_manual_check" : "failed",
     configured,
     ready_for_browser_manual_check: configured,
-    production_requested: productionRequested,
+    production_requested: false,
     project_id: project.id,
     project_slug: project.slug,
-    client_gateway_url: project.virtual_microservice_url,
+    client_gateway_url: project.client_gateway_url,
     allowed_origins: origins,
     local_origin: origin,
     turnstile: challenge,
@@ -277,13 +227,11 @@ function projectSetupSummary({ project, env, challenge, readiness, access, origi
     env,
     doctor: readiness,
     hard_failures: hardFailures,
-    production_access: access,
+    production_access: null,
     next_steps: [
       "Use the SDK-managed browser challenge in your app to confirm browser chat manually.",
       "Run switchboard verify setup after the app integration is wired.",
-      productionRequested
-        ? "Run switchboard verify publish after approval and billing readiness are complete."
-        : "Use switchboard launch prepare when you are ready for production approval.",
+      "Run switchboard verify publish after production billing readiness is complete.",
     ],
   };
 }
@@ -298,16 +246,6 @@ export function humanProjectSetupMessage(result) {
     `Readiness: ${result.configured ? "ready for browser manual check" : "failed"}`,
   ];
 
-  if (result.production_requested) {
-    lines.push(
-      `Production access: ${
-        result.production_access?.project_production_access_status ||
-        result.production_access?.status ||
-        "requested"
-      }`,
-    );
-  }
-
   if (result.hard_failures.length > 0) {
     lines.push(`Hard failures: ${result.hard_failures.join(", ")}`);
   }
@@ -315,12 +253,79 @@ export function humanProjectSetupMessage(result) {
   lines.push(
     "Next: integrate the SDK browser challenge in your app, then run switchboard verify setup.",
   );
+  return lines.join("\n");
+}
 
-  if (result.production_requested) {
-    lines.push("Next: run switchboard verify publish after production approval and billing readiness.");
+export async function ensureProject(opts, flags, { request = accountRequest, save = saveProjectConfig } = {}) {
+  if (opts.projectId) {
+    const project = await fetchProject(opts.projectId, flags, { request });
+    save(project);
+    return project;
   }
 
-  return lines.join("\n");
+  if (opts.projectName) {
+    const { data } = await request("POST", "/projects", {
+      body: { name: opts.projectName, slug: opts.projectSlug },
+      json: flags.json,
+    });
+    save(data);
+    return data;
+  }
+
+  const { data } = await request("GET", "/me", { json: flags.json });
+  if (!data.project?.id) {
+    fail(
+      "No default project is selected. Use --project-id or --project-name with --project-slug.",
+      1,
+      flags.json,
+    );
+  }
+  save(data.project);
+  return data.project;
+}
+
+export async function fetchProject(projectId, flags, { request = accountRequest } = {}) {
+  const { data } = await request("GET", `/projects/${projectId}`, { json: flags.json });
+  return data;
+}
+
+export async function provisionManagedTurnstile(
+  projectId,
+  idempotencyKey,
+  flags,
+  { request = accountRequest } = {},
+) {
+  const { data } = await request("POST", `/projects/${projectId}/turnstile/provision`, {
+    body: { idempotency_key: `${idempotencyKey}:turnstile` },
+    json: flags.json,
+  });
+  return data;
+}
+
+export function saveProjectConfig(project) {
+  saveConfig({
+    projectId: String(project.id),
+    clientGatewayUrl: project.client_gateway_url || null,
+    endUserSession: null,
+  });
+}
+
+function productionHttpsOrigin(origin) {
+  try {
+    const url = new URL(origin);
+    return (
+      url.protocol === "https:" &&
+      url.username === "" &&
+      url.password === "" &&
+      url.pathname === "/" &&
+      url.search === "" &&
+      url.hash === "" &&
+      !["localhost", "127.0.0.1", "::1"].includes(url.hostname) &&
+      !url.hostname.includes("*")
+    );
+  } catch {
+    return false;
+  }
 }
 
 function turnstileStatus(challenge) {

package/lib/commands/usage.js

@@ -26,27 +26,4 @@ export function registerUsageCommands(program) {
         console.log(`Dev margin (micros): ${data.dev_margin_micros}`);
       }
     });
-
-  usage
-    .command("requests")
-    .description("List recent gateway requests")
-    .option("--mode <mode>", "all, sandbox, or live", "all")
-    .option("--range <range>", "mtd, 7d, 30d, or all", "mtd")
-    .option("--status <status>")
-    .option("--q <query>")
-    .option("--limit <limit>", "Maximum rows", parseInt)
-    .action(async (opts, cmd) => {
-      const flags = globalFlags(cmd);
-      const params = new URLSearchParams();
-      params.set("mode", opts.mode);
-      params.set("range", opts.range);
-      if (opts.status) params.set("status", opts.status);
-      if (opts.q) params.set("q", opts.q);
-      if (opts.limit != null) params.set("limit", String(opts.limit));
-
-      const { data } = await accountRequest("GET", `/usage/requests?${params}`, {
-        json: flags.json,
-      });
-      emit(flags.json ? data : JSON.stringify(data, null, 2), flags);
-    });
 }

package/lib/config.js

@@ -73,14 +73,13 @@ export function resolveConfig() {
   const file = loadConfig();
   return {
     baseUrl: process.env.SWITCHBOARD_BASE_URL || file.baseUrl || DEFAULT_BASE_URL,
-    virtualMicroserviceUrl:
+    clientGatewayUrl:
       process.env.SWITCHBOARD_CLIENT_URL ||
       process.env.VITE_SWITCHBOARD_CLIENT_URL ||
-      file.virtualMicroserviceUrl ||
+      file.clientGatewayUrl ||
       null,
     accountToken: null,
     accountTokenSource: null,
-    apiKey: process.env.SWITCHBOARD_API_KEY || null,
     endUserSession:
       process.env.SWITCHBOARD_END_USER_SESSION || file.endUserSession || null,
     projectId: process.env.SWITCHBOARD_PROJECT_ID || file.projectId || null,

package/lib/credentialStore.js

@@ -17,7 +17,6 @@ import { promisify } from "node:util";
 const execFileAsync = promisify(execFile);
 const SERVICE = "Switchboard CLI";
 const ACCOUNT = "account-session";
-const PROJECT_SECRET_PREFIX = "project-secret";
 const ACCOUNT_SESSION_FILE = "account-session.json";
 
 /**
@@ -197,139 +196,6 @@ function chmodAccountSessionFile(configDir) {
   }
 }
 
-/**
- * Reads a stored project secret key from the OS keychain.
- */
-export async function getProjectSecretKey(projectId, mode = "sandbox") {
-  return getCredential(projectSecretAccount(projectId, mode));
-}
-
-/**
- * Stores a project secret key in the OS keychain.
- */
-export async function setProjectSecretKey(projectId, mode, token) {
-  if (!token) {
-    throw new Error("Cannot store an empty Switchboard project secret key");
-  }
-
-  return setCredential(projectSecretAccount(projectId, mode), token);
-}
-
-/**
- * Deletes a stored project secret key from the OS keychain.
- */
-export async function deleteProjectSecretKey(projectId, mode = "sandbox") {
-  return deleteCredential(projectSecretAccount(projectId, mode));
-}
-
-function projectSecretAccount(projectId, mode) {
-  if (!projectId) {
-    throw new Error("Project id is required for Switchboard project secret storage");
-  }
-
-  return `${PROJECT_SECRET_PREFIX}:${projectId}:${mode}`;
-}
-
-async function getCredential(account) {
-  try {
-    if (process.platform === "darwin") {
-      const { stdout } = await execFileAsync("security", [
-        "find-generic-password",
-        "-a",
-        account,
-        "-s",
-        SERVICE,
-        "-w",
-      ]);
-      return stdout.trim() || null;
-    }
-
-    if (process.platform === "linux") {
-      const { stdout } = await execFileAsync("secret-tool", [
-        "lookup",
-        "service",
-        SERVICE,
-        "account",
-        account,
-      ]);
-      return stdout.trim() || null;
-    }
-
-    throw unsupportedPlatformError();
-  } catch (error) {
-    if (credentialMissing(error)) {
-      return null;
-    }
-
-    throw normalizeKeychainError(error);
-  }
-}
-
-async function setCredential(account, token) {
-  try {
-    if (process.platform === "darwin") {
-      await execFileAsync("security", [
-        "add-generic-password",
-        "-a",
-        account,
-        "-s",
-        SERVICE,
-        "-w",
-        token,
-        "-U",
-      ]);
-      return;
-    }
-
-    if (process.platform === "linux") {
-      await execFileWithInput(
-        "secret-tool",
-        ["store", "--label", SERVICE, "service", SERVICE, "account", account],
-        token,
-      );
-      return;
-    }
-
-    throw unsupportedPlatformError();
-  } catch (error) {
-    throw normalizeKeychainError(error);
-  }
-}
-
-async function deleteCredential(account) {
-  try {
-    if (process.platform === "darwin") {
-      await execFileAsync("security", [
-        "delete-generic-password",
-        "-a",
-        account,
-        "-s",
-        SERVICE,
-      ]);
-      return;
-    }
-
-    if (process.platform === "linux") {
-      await execFileAsync("secret-tool", [
-        "clear",
-        "service",
-        SERVICE,
-        "account",
-        account,
-      ]);
-      return;
-    }
-
-    throw unsupportedPlatformError();
-  } catch (error) {
-    if (credentialMissing(error)) {
-      return;
-    }
-
-    throw normalizeKeychainError(error);
-  }
-}
-
 function credentialMissing(error) {
   return error?.code === 44 || error?.code === 1;
 }

package/lib/docsClient.js

@@ -2,7 +2,7 @@
  * Public docs client used by CLI docs commands and the embedded MCP server.
  */
 
-import { gatewayApiUrl, resolveAccountConfig, resolveConfig, accountApiUrl } from "./config.js";
+import { gatewayApiUrl, resolveConfig } from "./config.js";
 import { redactSecrets } from "./output.js";
 
 const DEFAULT_TIMEOUT_MS = 15_000;
@@ -43,54 +43,6 @@ export async function models({ config } = {}) {
   return redactSecrets(data);
 }
 
-export async function integrationKit({ stack, config } = {}) {
-  let cfg;
-  try {
-    cfg = await resolveAccountConfig(config || resolveConfig());
-  } catch (error) {
-    return {
-      ok: false,
-      error: {
-        type: "keychain_unavailable",
-        message: error.message || "Could not read Switchboard account session from the OS keychain.",
-      },
-    };
-  }
-
-  if (!cfg.accountToken) {
-    return {
-      ok: false,
-      error: {
-        type: "authentication_required",
-        message: "Run `switchboard auth login`, then select a project with `switchboard projects use <id>`.",
-      },
-    };
-  }
-
-  if (!cfg.projectId) {
-    return {
-      ok: false,
-      error: {
-        type: "project_required",
-        message: "Select a project with `switchboard projects use <id>` or set SWITCHBOARD_PROJECT_ID.",
-      },
-    };
-  }
-
-  const params = new URLSearchParams({ project_id: cfg.projectId });
-  if (stack) params.set("stack", stack);
-
-  const url = `${accountApiUrl(cfg)}/integration_kit?${params}`;
-  const data = await fetchJson(url, {
-    headers: {
-      Authorization: `Bearer ${cfg.accountToken}`,
-      Accept: "application/json",
-    },
-  });
-
-  return redactSecrets(data);
-}
-
 export async function publicResource(name, options = {}) {
   switch (name) {
     case "docs":
@@ -101,8 +53,6 @@ export async function publicResource(name, options = {}) {
       return readDoc("knowledge", options);
     case "openapi":
       return openApi(options);
-    case "integration-kit":
-      return integrationKit(options);
     case "capabilities":
       return docsCapabilities(options);
     default:

package/lib/mcpServer.js

@@ -7,7 +7,6 @@ import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js"
 import { z } from "zod";
 import {
   docsCapabilities,
-  integrationKit,
   listDocs,
   models,
   openApi,
@@ -53,13 +52,6 @@ function registerResources(server) {
   registerJsonResource(server, "switchboard_openapi", "switchboard://openapi", "Switchboard OpenAPI schema", () =>
     openApi(),
   );
-  registerJsonResource(
-    server,
-    "switchboard_integration_kit",
-    "switchboard://integration-kit",
-    "Project Integration Kit for the selected CLI project",
-    () => integrationKit(),
-  );
   registerJsonResource(
     server,
     "switchboard_capabilities",
@@ -132,19 +124,6 @@ function registerTools(server) {
     async ({ id }) => jsonTool(await readDoc(id)),
   );
 
-  server.registerTool(
-    "switchboard_integration_kit",
-    {
-      title: "Switchboard Integration Kit",
-      description: "Return Integration Kit data for the logged-in selected CLI project.",
-      inputSchema: {
-        stack: z.string().optional(),
-      },
-      annotations: { readOnlyHint: true },
-    },
-    async ({ stack }) => jsonTool(await integrationKit({ stack })),
-  );
-
   server.registerTool(
     "switchboard_models",
     {