@vibe-assurance/cli 1.6.0 → 1.7.1

package/bin/vibe.js

@@ -14,6 +14,7 @@ const whoami = require('../src/commands/whoami');
 const mcpServer = require('../src/commands/mcp-server');
 const setupClaude = require('../src/commands/setup-claude');
 const { registerProjectCommands } = require('../src/commands/projects');
+const { registerEnvCommands } = require('../src/commands/env');  // CR-2026-061
 
 program
   .name('vibe')
@@ -48,4 +49,7 @@ program
 // CR-2026-043: Register project management commands
 registerProjectCommands(program);
 
+// CR-2026-061: Register environment management commands
+registerEnvCommands(program);
+
 program.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@vibe-assurance/cli",
-  "version": "1.6.0",
+  "version": "1.7.1",
   "description": "Vibe Assurance CLI - Connect AI coding agents to your governance platform via MCP",
   "main": "src/index.js",
   "bin": {
@@ -21,7 +21,7 @@
   ],
   "author": "Vibe Assurance",
   "license": "MIT",
-  "homepage": "https://agent-platform-prod.azurewebsites.net/docs-cli.html",
+  "homepage": "https://vibeassurance.app/docs-cli.html",
   "engines": {
     "node": ">=18.0.0"
   },

package/src/api/client.js

@@ -1,12 +1,31 @@
 const axios = require('axios');
-const { getCredentials, storeCredentials, deleteCredentials, getProjectId } = require('../config/credentials');
+const { getCredentials, storeCredentials, deleteCredentials, getProjectId, getEnvironment } = require('../config/credentials');
+const { getEnvironmentUrl, DEFAULT_ENVIRONMENT } = require('../config/environments');
 
-// Default to dev Azure URL, can be overridden via environment variable
-const API_BASE_URL = process.env.VIBE_API_URL || 'https://agent-platform-dev.azurewebsites.net';
+/**
+ * CR-2026-061: Get API base URL
+ * Priority: VIBE_API_URL env var > stored environment > default (prod)
+ * @returns {Promise<string>} API base URL
+ */
+async function getApiBaseUrl() {
+  // Environment variable takes precedence (backward compatibility)
+  if (process.env.VIBE_API_URL) {
+    return process.env.VIBE_API_URL;
+  }
+
+  // Use stored environment
+  const envName = await getEnvironment();
+  return getEnvironmentUrl(envName);
+}
+
+// For backward compatibility - synchronous version for simple cases
+// Uses env var or default, doesn't read stored credentials
+const API_BASE_URL = process.env.VIBE_API_URL || getEnvironmentUrl(DEFAULT_ENVIRONMENT);
 
 /**
  * Create an authenticated axios instance with token refresh handling
  * CR-2026-043: Now includes X-Project-Id header for project scoping
+ * CR-2026-061: Uses stored environment for API URL
  * @returns {Promise<import('axios').AxiosInstance>}
  */
 async function createClient() {
@@ -15,13 +34,16 @@ async function createClient() {
     throw new Error('Not authenticated. Run: vibe login');
   }
 
+  // CR-2026-061: Get API URL from stored environment
+  const apiBaseUrl = await getApiBaseUrl();
+
   // CR-2026-043: Get current project ID for scoping
   const projectId = await getProjectId();
 
   const headers = {
     'Authorization': `Bearer ${creds.accessToken}`,
     'Content-Type': 'application/json',
-    'User-Agent': 'vibe-cli/1.0.0'
+    'User-Agent': 'vibe-cli/1.7.0'
   };
 
   // CR-2026-043: Add project header if available
@@ -30,7 +52,7 @@ async function createClient() {
   }
 
   const client = axios.create({
-    baseURL: API_BASE_URL,
+    baseURL: apiBaseUrl,  // CR-2026-061: Dynamic URL
     headers,
     timeout: 30000 // 30 second timeout
   });
@@ -73,11 +95,13 @@ async function createClient() {
 
 /**
  * Refresh access token using refresh token
+ * CR-2026-061: Uses dynamic API URL
  * @param {string} refreshTokenValue
  * @returns {Promise<Object>} New token object
  */
 async function refreshToken(refreshTokenValue) {
-  const response = await axios.post(`${API_BASE_URL}/api/auth/refresh`, {
+  const apiBaseUrl = await getApiBaseUrl();  // CR-2026-061
+  const response = await axios.post(`${apiBaseUrl}/api/auth/refresh`, {
     refreshToken: refreshTokenValue
   });
 
@@ -139,5 +163,6 @@ module.exports = {
   post,
   put,
   delete: del,
-  API_BASE_URL
+  API_BASE_URL,      // Sync version for backward compat
+  getApiBaseUrl      // CR-2026-061: Async version
 };

package/src/commands/env.js

@@ -0,0 +1,211 @@
+/**
+ * Environment management commands
+ * CR-2026-061: CLI Environment Switching with Production Default
+ *
+ * Security: dev/local environments are restricted to platform admins only.
+ * Regular users can only use production.
+ */
+
+const chalk = require('chalk');
+const ora = require('ora');
+const { getEnvironment, setEnvironment, isAdmin, hasValidCredentials } = require('../config/credentials');
+const {
+  ENVIRONMENTS,
+  getEnvironmentConfig,
+  isInternalOnly,
+  getEnvironmentNames
+} = require('../config/environments');
+
+/**
+ * CR-2026-061: Show current environment
+ */
+async function showCurrentEnv() {
+  const spinner = ora('Checking environment...').start();
+
+  try {
+    const currentEnv = await getEnvironment();
+    const config = getEnvironmentConfig(currentEnv);
+    const userIsAdmin = await isAdmin();
+    spinner.stop();
+
+    console.log('');
+    console.log(chalk.cyan('Current Environment:'));
+    console.log('');
+    console.log(`  ${chalk.bold(config.name)} ${chalk.dim('(' + currentEnv + ')')}`);
+    console.log(`  ${chalk.dim(config.url)}`);
+
+    if (config.internal) {
+      console.log(`  ${chalk.yellow('⚠ Internal environment (admin only)')}`);
+    }
+
+    // Check if VIBE_API_URL override is active
+    if (process.env.VIBE_API_URL) {
+      console.log('');
+      console.log(chalk.yellow('Note: VIBE_API_URL environment variable is set'));
+      console.log(chalk.dim(`  Override URL: ${process.env.VIBE_API_URL}`));
+    }
+
+    console.log('');
+  } catch (err) {
+    spinner.fail('Failed to get environment');
+    console.error(chalk.red(err.message));
+    process.exit(1);
+  }
+}
+
+/**
+ * CR-2026-061: List all available environments
+ * Only shows internal environments to admins
+ */
+async function listEnvironments() {
+  const currentEnv = await getEnvironment();
+  const userIsAdmin = await isAdmin();
+
+  console.log('');
+  console.log(chalk.cyan('Available Environments:'));
+  console.log('');
+
+  for (const [name, config] of Object.entries(ENVIRONMENTS)) {
+    // Only show internal environments to admins
+    if (config.internal && !userIsAdmin) {
+      continue;
+    }
+
+    const isCurrent = name === currentEnv;
+    const prefix = isCurrent ? chalk.green('✓') : ' ';
+    const envName = isCurrent ? chalk.green.bold(name) : chalk.bold(name);
+    const label = config.internal ? chalk.yellow(' (admin only)') : '';
+
+    console.log(`  ${prefix} ${envName}${label}`);
+    console.log(`    ${chalk.dim(config.description)}`);
+    console.log(`    ${chalk.dim(config.url)}`);
+    console.log('');
+  }
+
+  if (!userIsAdmin) {
+    console.log(chalk.dim('  Only production environment is available.'));
+    console.log('');
+  }
+}
+
+/**
+ * CR-2026-061: Switch to a specific environment
+ * Internal environments require admin role
+ * @param {string} envName - Environment name (prod, dev, local)
+ */
+async function switchEnvironment(envName) {
+  const config = getEnvironmentConfig(envName);
+
+  if (!config) {
+    console.error(chalk.red(`Unknown environment: ${envName}`));
+    console.log(chalk.dim('Available: prod'));
+    process.exit(1);
+  }
+
+  // Check if internal environment - require admin
+  if (isInternalOnly(envName)) {
+    // Must be logged in first
+    if (!await hasValidCredentials()) {
+      console.error(chalk.red('You must be logged in to switch environments.'));
+      console.log(chalk.dim('Run `vibe login` first.'));
+      process.exit(1);
+    }
+
+    // Must be admin
+    if (!await isAdmin()) {
+      console.error(chalk.red('Access denied.'));
+      console.log('');
+      console.log(chalk.yellow('Internal environments are restricted to platform administrators.'));
+      console.log(chalk.dim('Contact your administrator if you need access.'));
+      console.log('');
+      process.exit(1);
+    }
+  }
+
+  const spinner = ora(`Switching to ${config.name}...`).start();
+
+  try {
+    await setEnvironment(envName);
+    spinner.succeed(`Switched to ${chalk.bold(config.name)}`);
+
+    console.log('');
+    console.log(`  ${chalk.dim('API URL:')} ${config.url}`);
+
+    if (config.internal) {
+      console.log('');
+      console.log(chalk.yellow('⚠ You are now using an internal environment.'));
+      console.log(chalk.dim('  Run `vibe env prod` to switch back to production.'));
+    }
+
+    console.log('');
+    console.log(chalk.dim('Note: You may need to run `vibe login` to authenticate with this environment.'));
+    console.log('');
+  } catch (err) {
+    spinner.fail('Failed to switch environment');
+    console.error(chalk.red(err.message));
+    process.exit(1);
+  }
+}
+
+/**
+ * CR-2026-061: Register environment commands with Commander
+ * @param {import('commander').Command} program - Commander program instance
+ */
+function registerEnvCommands(program) {
+  const env = program
+    .command('env')
+    .description('Manage API environment');
+
+  // vibe env (no subcommand) - show current
+  env
+    .action(async () => {
+      await showCurrentEnv();
+    });
+
+  // vibe env current
+  env
+    .command('current')
+    .description('Show current environment')
+    .action(async () => {
+      await showCurrentEnv();
+    });
+
+  // vibe env list
+  env
+    .command('list')
+    .description('List available environments')
+    .action(async () => {
+      await listEnvironments();
+    });
+
+  // vibe env prod
+  env
+    .command('prod')
+    .description('Switch to production environment')
+    .action(async () => {
+      await switchEnvironment('prod');
+    });
+
+  // vibe env dev (admin only - not shown in description)
+  env
+    .command('dev')
+    .description('Switch to development environment')
+    .action(async () => {
+      await switchEnvironment('dev');
+    });
+
+  // vibe env local (admin only - not shown in description)
+  env
+    .command('local')
+    .description('Switch to local environment')
+    .action(async () => {
+      await switchEnvironment('local');
+    });
+}
+
+module.exports = {
+  registerEnvCommands,
+  showCurrentEnv,
+  listEnvironments,
+  switchEnvironment
+};

package/src/commands/login.js

@@ -5,8 +5,9 @@ const chalk = require('chalk');
 const ora = require('ora');
 const inquirer = require('inquirer');
 const axios = require('axios');
-const { storeCredentials, hasValidCredentials, setProjectId, setUserInfo } = require('../config/credentials');
-const { API_BASE_URL } = require('../api/client');
+const { storeCredentials, hasValidCredentials, setProjectId, setUserInfo, getEnvironment } = require('../config/credentials');
+const { getApiBaseUrl } = require('../api/client');
+const { getEnvironmentConfig } = require('../config/environments');
 
 // Local callback server port (chosen to be unlikely to conflict)
 const CALLBACK_PORT = 38274;
@@ -14,6 +15,7 @@ const CALLBACK_URL = `http://localhost:${CALLBACK_PORT}/callback`;
 
 /**
  * Login command - authenticates user via OAuth flow
+ * CR-2026-061: Uses dynamic environment URL
  */
 async function login() {
   // Check if already logged in
@@ -23,6 +25,13 @@ async function login() {
     return;
   }
 
+  // CR-2026-061: Show current environment
+  const envName = await getEnvironment();
+  const envConfig = getEnvironmentConfig(envName);
+  if (envConfig.internal) {
+    console.log(chalk.yellow(`⚠ Logging in to ${envConfig.name} environment (${envConfig.url})`));
+  }
+
   const spinner = ora('Opening browser for authentication...').start();
 
   // Track server for cleanup
@@ -122,7 +131,8 @@ async function login() {
     // Start listening and open browser
     server.listen(CALLBACK_PORT, async () => {
       try {
-        const authUrl = `${API_BASE_URL}/api/auth/cli?callback=${encodeURIComponent(CALLBACK_URL)}`;
+        const apiBaseUrl = await getApiBaseUrl();  // CR-2026-061: Dynamic URL
+        const authUrl = `${apiBaseUrl}/api/auth/cli?callback=${encodeURIComponent(CALLBACK_URL)}`;
         await open(authUrl);
         spinner.text = 'Waiting for authentication in browser...';
       } catch (err) {
@@ -172,21 +182,25 @@ async function selectProject() {
     const { getCredentials } = require('../config/credentials');
     const creds = await getCredentials();
 
+    // CR-2026-061: Get API URL from stored environment
+    const apiBaseUrl = await getApiBaseUrl();
+
     // Fetch user profile which now includes projects (CR-2026-043 backend change)
-    const response = await axios.get(`${API_BASE_URL}/api/auth/me`, {
+    const response = await axios.get(`${apiBaseUrl}/api/auth/me`, {
       headers: {
         'Authorization': `Bearer ${creds.accessToken}`,
         'Content-Type': 'application/json'
       }
     });
 
-    const { username, email, projects, defaultProjectId } = response.data;
+    const { username, email, role, projects, defaultProjectId } = response.data;
     spinner.stop();
 
-    // Store and display user info
+    // Store and display user info (CR-2026-061: now includes role for admin checks)
     if (username && email) {
-      await setUserInfo(username, email);
-      console.log(chalk.cyan(`\nSigned in as ${chalk.bold(username)} (${email})`));
+      await setUserInfo(username, email, role || 'user');
+      const roleLabel = role === 'admin' ? chalk.magenta(' [admin]') : '';
+      console.log(chalk.cyan(`\nSigned in as ${chalk.bold(username)} (${email})${roleLabel}`));
     }
 
     if (!projects || projects.length === 0) {

package/src/commands/whoami.js

@@ -1,12 +1,14 @@
 /**
  * Whoami command - shows current authenticated user
+ * CR-2026-061: Added environment display
  */
 
 const chalk = require('chalk');
 const ora = require('ora');
 const axios = require('axios');
-const { hasValidCredentials, getUserInfo, getCredentials, getProjectName } = require('../config/credentials');
-const { API_BASE_URL } = require('../api/client');
+const { hasValidCredentials, getUserInfo, getCredentials, getProjectName, getEnvironment } = require('../config/credentials');
+const { getApiBaseUrl } = require('../api/client');
+const { getEnvironmentConfig } = require('../config/environments');
 
 /**
  * Show current user info
@@ -24,11 +26,21 @@ async function whoami() {
   const cachedUser = await getUserInfo();
   const projectName = await getProjectName();
 
+  // CR-2026-061: Get current environment
+  const envName = await getEnvironment();
+  const envConfig = getEnvironmentConfig(envName);
+  const envLabel = envConfig.internal
+    ? chalk.yellow(`${envConfig.name} (internal)`)
+    : chalk.green(envConfig.name);
+
   if (cachedUser) {
     console.log(chalk.cyan(`\nSigned in as ${chalk.bold(cachedUser.username)} (${cachedUser.email})`));
     if (projectName) {
       console.log(chalk.dim(`Current project: ${projectName}`));
     }
+    // CR-2026-061: Show environment
+    console.log(`Environment: ${envLabel}`);
+    console.log(chalk.dim(`  ${envConfig.url}`));
     return;
   }
 
@@ -37,7 +49,8 @@ async function whoami() {
 
   try {
     const creds = await getCredentials();
-    const response = await axios.get(`${API_BASE_URL}/api/auth/me`, {
+    const apiBaseUrl = await getApiBaseUrl();  // CR-2026-061: Dynamic URL
+    const response = await axios.get(`${apiBaseUrl}/api/auth/me`, {
       headers: {
         'Authorization': `Bearer ${creds.accessToken}`,
         'Content-Type': 'application/json'
@@ -52,6 +65,9 @@ async function whoami() {
       if (projectName) {
         console.log(chalk.dim(`Current project: ${projectName}`));
       }
+      // CR-2026-061: Show environment
+      console.log(`Environment: ${envLabel}`);
+      console.log(chalk.dim(`  ${envConfig.url}`));
     } else {
       console.log(chalk.yellow('Could not retrieve user info.'));
     }

package/src/config/credentials.js

@@ -2,6 +2,7 @@ const keytar = require('keytar');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
+const { DEFAULT_ENVIRONMENT } = require('./environments');
 
 const SERVICE_NAME = 'vibe-assurance';
 const ACCOUNT_NAME = 'auth-token';
@@ -158,14 +159,15 @@ async function setProjectId(projectId, projectName) {
 
 /**
  * Get stored user info
- * @returns {Promise<{username: string, email: string}|null>} User info or null
+ * @returns {Promise<{username: string, email: string, role: string}|null>} User info or null
  */
 async function getUserInfo() {
   const creds = await getCredentials();
   if (creds?.username && creds?.email) {
     return {
       username: creds.username,
-      email: creds.email
+      email: creds.email,
+      role: creds.role || 'user'
     };
   }
   return null;
@@ -173,21 +175,61 @@ async function getUserInfo() {
 
 /**
  * Set user info (updates existing credentials)
+ * CR-2026-061: Now includes role for admin checks
  * @param {string} username - Username to store
  * @param {string} email - Email to store
+ * @param {string} role - User role ('user' or 'admin')
  * @returns {Promise<void>}
  */
-async function setUserInfo(username, email) {
+async function setUserInfo(username, email, role = 'user') {
   const creds = await getCredentials();
   if (creds) {
     await storeCredentials({
       ...creds,
       username,
-      email
+      email,
+      role
     });
   }
 }
 
+/**
+ * CR-2026-061: Check if user is a platform admin
+ * @returns {Promise<boolean>} True if user is admin
+ */
+async function isAdmin() {
+  const creds = await getCredentials();
+  return creds?.role === 'admin';
+}
+
+/**
+ * CR-2026-061: Get stored environment
+ * @returns {Promise<string>} Environment name (prod, dev, local)
+ */
+async function getEnvironment() {
+  const creds = await getCredentials();
+  return creds?.environment || DEFAULT_ENVIRONMENT;
+}
+
+/**
+ * CR-2026-061: Set environment (updates existing credentials)
+ * @param {string} environment - Environment name to store
+ * @returns {Promise<void>}
+ */
+async function setEnvironment(environment) {
+  const creds = await getCredentials();
+  if (creds) {
+    await storeCredentials({
+      ...creds,
+      environment
+    });
+  } else {
+    // No credentials yet - store just the environment
+    // This allows setting env before login
+    await storeCredentials({ environment });
+  }
+}
+
 module.exports = {
   storeCredentials,
   getCredentials,
@@ -197,5 +239,8 @@ module.exports = {
   getProjectName,
   setProjectId,
   getUserInfo,
-  setUserInfo
+  setUserInfo,
+  getEnvironment,    // CR-2026-061
+  setEnvironment,    // CR-2026-061
+  isAdmin            // CR-2026-061
 };

package/src/config/environments.js

@@ -0,0 +1,73 @@
+/**
+ * Environment configuration for Vibe Assurance CLI
+ * CR-2026-061: Environment switching with production default
+ */
+
+const ENVIRONMENTS = {
+  prod: {
+    name: 'Production',
+    url: 'https://vibeassurance.app',
+    internal: false,
+    description: 'Production server (default)'
+  },
+  dev: {
+    name: 'Development',
+    url: 'https://agent-platform-dev.azurewebsites.net',
+    internal: true,
+    description: 'Development server (internal only)'
+  },
+  local: {
+    name: 'Local',
+    url: 'http://localhost:3000',
+    internal: true,
+    description: 'Local development server (internal only)'
+  }
+};
+
+const DEFAULT_ENVIRONMENT = 'prod';
+
+/**
+ * Get environment configuration by name
+ * @param {string} envName - Environment name (prod, dev, local)
+ * @returns {Object|null} Environment config or null if not found
+ */
+function getEnvironmentConfig(envName) {
+  return ENVIRONMENTS[envName] || null;
+}
+
+/**
+ * Get API URL for an environment
+ * @param {string} envName - Environment name
+ * @returns {string} API URL
+ */
+function getEnvironmentUrl(envName) {
+  const env = ENVIRONMENTS[envName];
+  return env ? env.url : ENVIRONMENTS[DEFAULT_ENVIRONMENT].url;
+}
+
+/**
+ * Check if environment requires internal flag
+ * @param {string} envName - Environment name
+ * @returns {boolean} True if internal flag required
+ */
+function isInternalOnly(envName) {
+  const env = ENVIRONMENTS[envName];
+  return env ? env.internal : false;
+}
+
+/**
+ * Get all environment names
+ * @returns {string[]} Array of environment names
+ */
+function getEnvironmentNames() {
+  return Object.keys(ENVIRONMENTS);
+}
+
+module.exports = {
+  ENVIRONMENTS,
+  DEFAULT_ENVIRONMENT,
+  getEnvironmentConfig,
+  getEnvironmentUrl,
+  isInternalOnly,
+  getEnvironmentNames
+};