@vibecodemax/cli 0.1.0

package/LICENSE

@@ -0,0 +1,201 @@
+Apache License
+Version 2.0, January 2004
+http://www.apache.org/licenses/
+
+TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+1. Definitions.
+
+"License" shall mean the terms and conditions for use, reproduction, and
+ distribution as defined by Sections 1 through 9 of this document.
+
+"Licensor" shall mean the copyright owner or entity authorized by
+the copyright owner that is granting the License.
+
+"Legal Entity" shall mean the union of the acting entity and all
+other entities that control, are controlled by, or are under common
+control with that entity. For the purposes of this definition,
+"control" means (i) the power, direct or indirect, to cause the
+direction or management of such entity, whether by contract or
+otherwise, or (ii) ownership of fifty percent (50%) or more of the
+outstanding shares, or (iii) beneficial ownership of such entity.
+
+"You" (or "Your") shall mean an individual or Legal Entity
+exercising permissions granted by this License.
+
+"Source" form shall mean the preferred form for making modifications,
+including but not limited to software source code, documentation
+source, and configuration files.
+
+"Object" form shall mean any form resulting from mechanical
+transformation or translation of a Source form, including but
+not limited to compiled object code, generated documentation,
+and conversions to other media types.
+
+"Work" shall mean the work of authorship, whether in Source or
+Object form, made available under the License, as indicated by a
+copyright notice that is included in or attached to the work
+(an example is provided in the Appendix below).
+
+"Derivative Works" shall mean any work, whether in Source or Object
+form, that is based on (or derived from) the Work and for which the
+editorial revisions, annotations, elaborations, or other modifications
+represent, as a whole, an original work of authorship. For the purposes
+of this License, Derivative Works shall not include works that remain
+separable from, or merely link (or bind by name) to the interfaces of,
+the Work and Derivative Works thereof.
+
+"Contribution" shall mean any work of authorship, including
+the original version of the Work and any modifications or additions
+to that Work or Derivative Works thereof, that is intentionally
+submitted to Licensor for inclusion in the Work by the copyright owner
+or by an individual or Legal Entity authorized to submit on behalf of
+the copyright owner. For the purposes of this definition, "submitted"
+means any form of electronic, verbal, or written communication sent
+to the Licensor or its representatives, including but not limited to
+communication on electronic mailing lists, source code control systems,
+and issue tracking systems that are managed by, or on behalf of, the
+Licensor for the purpose of discussing and improving the Work, but
+excluding communication that is conspicuously marked or otherwise
+designated in writing by the copyright owner as "Not a Contribution."
+
+"Contributor" shall mean Licensor and any individual or Legal Entity
+on behalf of whom a Contribution has been received by Licensor and
+subsequently incorporated within the Work.
+
+2. Grant of Copyright License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+copyright license to reproduce, prepare Derivative Works of,
+publicly display, publicly perform, sublicense, and distribute the
+Work and such Derivative Works in Source or Object form.
+
+3. Grant of Patent License. Subject to the terms and conditions of
+this License, each Contributor hereby grants to You a perpetual,
+worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+(except as stated in this section) patent license to make, have made,
+use, offer to sell, sell, import, and otherwise transfer the Work,
+where such license applies only to those patent claims licensable
+by such Contributor that are necessarily infringed by their
+Contribution(s) alone or by combination of their Contribution(s)
+with the Work to which such Contribution(s) was submitted. If You
+institute patent litigation against any entity (including a
+cross-claim or counterclaim in a lawsuit) alleging that the Work
+or a Contribution incorporated within the Work constitutes direct
+or contributory patent infringement, then any patent licenses
+granted to You under this License for that Work shall terminate
+as of the date such litigation is filed.
+
+4. Redistribution. You may reproduce and distribute copies of the
+Work or Derivative Works thereof in any medium, with or without
+modifications, and in Source or Object form, provided that You
+meet the following conditions:
+
+(a) You must give any other recipients of the Work or
+    Derivative Works a copy of this License; and
+
+(b) You must cause any modified files to carry prominent notices
+    stating that You changed the files; and
+
+(c) You must retain, in the Source form of any Derivative Works
+    that You distribute, all copyright, patent, trademark, and
+    attribution notices from the Source form of the Work,
+    excluding those notices that do not pertain to any part of
+    the Derivative Works; and
+
+(d) If the Work includes a "NOTICE" text file as part of its
+    distribution, then any Derivative Works that You distribute must
+    include a readable copy of the attribution notices contained
+    within such NOTICE file, excluding those notices that do not
+    pertain to any part of the Derivative Works, in at least one
+    of the following places: within a NOTICE text file distributed
+    as part of the Derivative Works; within the Source form or
+    documentation, if provided along with the Derivative Works; or,
+    within a display generated by the Derivative Works, if and
+    wherever such third-party notices normally appear. The contents
+    of the NOTICE file are for informational purposes only and
+    do not modify the License. You may add Your own attribution
+    notices within Derivative Works that You distribute, alongside
+    or as an addendum to the NOTICE text from the Work, provided
+    that such additional attribution notices cannot be construed
+    as modifying the License.
+
+You may add Your own copyright statement to Your modifications and
+may provide additional or different license terms and conditions
+for use, reproduction, or distribution of Your modifications, or
+for any such Derivative Works as a whole, provided Your use,
+reproduction, and distribution of the Work otherwise complies with
+the conditions stated in this License.
+
+5. Submission of Contributions. Unless You explicitly state otherwise,
+any Contribution intentionally submitted for inclusion in the Work
+by You to the Licensor shall be under the terms and conditions of
+this License, without any additional terms or conditions.
+Notwithstanding the above, nothing herein shall supersede or modify
+the terms of any separate license agreement you may have executed
+with Licensor regarding such Contributions.
+
+6. Trademarks. This License does not grant permission to use the trade
+names, trademarks, service marks, or product names of the Licensor,
+except as required for reasonable and customary use in describing the
+origin of the Work and reproducing the content of the NOTICE file.
+
+7. Disclaimer of Warranty. Unless required by applicable law or
+agreed to in writing, Licensor provides the Work (and each
+Contributor provides its Contributions) on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+implied, including, without limitation, any warranties or conditions
+of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+PARTICULAR PURPOSE. You are solely responsible for determining the
+appropriateness of using or redistributing the Work and assume any
+risks associated with Your exercise of permissions under this License.
+
+8. Limitation of Liability. In no event and under no legal theory,
+whether in tort (including negligence), contract, or otherwise,
+unless required by applicable law (such as deliberate and grossly
+negligent acts) or agreed to in writing, shall any Contributor be
+liable to You for damages, including any direct, indirect, special,
+incidental, or consequential damages of any character arising as a
+result of this License or out of the use or inability to use the
+Work (including but not limited to damages for loss of goodwill,
+work stoppage, computer failure or malfunction, or any and all
+other commercial damages or losses), even if such Contributor
+has been advised of the possibility of such damages.
+
+9. Accepting Warranty or Additional Liability. While redistributing
+the Work or Derivative Works thereof, You may choose to offer,
+and charge a fee for, acceptance of support, warranty, indemnity,
+or other liability obligations and/or rights consistent with this
+License. However, in accepting such obligations, You may act only
+on Your own behalf and on Your sole responsibility, not on behalf
+of any other Contributor, and only if You agree to indemnify,
+defend, and hold each Contributor harmless for any liability
+incurred by, or claims asserted against, such Contributor by reason
+of your accepting any such warranty or additional liability.
+
+END OF TERMS AND CONDITIONS
+
+APPENDIX: How to apply the Apache License to your work.
+
+To apply the Apache License to your work, attach the following
+boilerplate notice, with the fields enclosed by brackets "[]"
+replaced with your own identifying information. (Don't include
+the brackets!)  The text should be enclosed in the appropriate
+comment syntax for the file format. We also recommend that a
+file or class name and description of purpose be included on the
+same "printed page" as the copyright notice for easier
+identification within third-party archives.
+
+Copyright 2026 VibeCodeMax
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

package/README.md

@@ -0,0 +1,156 @@
+# @vibecodemax/cli
+
+Local VibeCodeMax CLI for bootstrap and future project operations.
+
+This package is intended to run on the user's machine from the project root. It reads local environment files such as `.env.local` and `.env.bootstrap.local`, performs provider configuration locally, and prints JSON-only results to stdout.
+
+## Principles
+
+- Secrets stay local to the user's machine
+- No secret values are passed through MCP payloads
+- No secret values are printed to stdout
+- Commands return structured JSON only
+- Exit code `0` means success; non-zero means failure
+
+## Requirements
+
+- Node.js 20+
+- npm, pnpm, or yarn
+
+## Development
+
+Install dependencies:
+
+```bash
+npm install
+```
+
+Build the CLI:
+
+```bash
+npm run build
+```
+
+Type-check without emitting files:
+
+```bash
+npm run typecheck
+```
+
+Run the built CLI help command:
+
+```bash
+node dist/cli.js help
+```
+
+## Local Execution
+
+Use an exact package version when invoking the published package.
+
+npm:
+
+```bash
+npx @vibecodemax/cli@0.1.0 help
+```
+
+pnpm:
+
+```bash
+pnpm dlx @vibecodemax/cli@0.1.0 help
+```
+
+yarn:
+
+```bash
+yarn dlx @vibecodemax/cli@0.1.0 help
+```
+
+## Commands
+
+### `configure-site-redirects`
+
+Configures Supabase auth site URL and redirect allow-list for test or production mode.
+
+Example:
+
+```bash
+node dist/cli.js configure-site-redirects --mode test
+```
+
+Production example:
+
+```bash
+node dist/cli.js configure-site-redirects --mode production --production-domain https://yourdomain.com
+```
+
+### `configure-email-password`
+
+Configures email/password signup behavior in Supabase.
+
+Example:
+
+```bash
+node dist/cli.js configure-email-password --email-confirmation yes
+```
+
+### `enable-google-provider`
+
+Enables Google auth in Supabase using local credentials from `.env.bootstrap.local`.
+
+Example:
+
+```bash
+node dist/cli.js enable-google-provider
+```
+
+### `apply-auth-templates`
+
+Applies custom auth email template content from local project files.
+
+Example:
+
+```bash
+node dist/cli.js apply-auth-templates \
+  --confirm-email-enabled true \
+  --confirm-email-path src/email/confirm-email.html \
+  --reset-password-enabled true \
+  --reset-password-path src/email/reset-password.html
+```
+
+## Output Contract
+
+Success example:
+
+```json
+{
+  "ok": true,
+  "command": "configure-site-redirects",
+  "applied": ["site_url", "uri_allow_list", "NEXT_PUBLIC_SITE_URL"]
+}
+```
+
+Failure example:
+
+```json
+{
+  "ok": false,
+  "code": "MISSING_ENV",
+  "message": "SUPABASE_MANAGEMENT_TOKEN is missing. Add it to .env.bootstrap.local."
+}
+```
+
+Error output must reference file names and environment variable names, not secret values.
+
+## Publishing
+
+Verify the package contents:
+
+```bash
+npm pack --dry-run
+```
+
+Publish publicly:
+
+```bash
+npm publish --access public
+```

package/dist/cli.js

@@ -0,0 +1,378 @@
+#!/usr/bin/env node
+import * as fs from "node:fs";
+import * as path from "node:path";
+const MANAGEMENT_API_BASE = "https://api.supabase.com";
+const DEFAULT_LOCALHOST_URL = "http://localhost:3000";
+function printJson(value) {
+    process.stdout.write(`${JSON.stringify(value)}\n`);
+}
+function fail(code, message, exitCode = 1, extra = {}) {
+    printJson({ ok: false, code, message, ...extra });
+    process.exit(exitCode);
+}
+function parseArgs(argv) {
+    const [command, ...rest] = argv;
+    const flags = {};
+    for (let index = 0; index < rest.length; index += 1) {
+        const token = rest[index];
+        if (!token.startsWith("--"))
+            continue;
+        const key = token.slice(2);
+        const next = rest[index + 1];
+        if (!next || next.startsWith("--")) {
+            flags[key] = true;
+            continue;
+        }
+        flags[key] = next;
+        index += 1;
+    }
+    return { command, flags };
+}
+function readFileIfExists(filePath) {
+    try {
+        return fs.readFileSync(filePath, "utf8");
+    }
+    catch {
+        return "";
+    }
+}
+function parseDotEnv(content) {
+    const env = {};
+    for (const rawLine of content.split(/\r?\n/)) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith("#"))
+            continue;
+        const eq = line.indexOf("=");
+        if (eq === -1)
+            continue;
+        const key = line.slice(0, eq).trim();
+        const value = line.slice(eq + 1).trim();
+        if (!key)
+            continue;
+        env[key] = value;
+    }
+    return env;
+}
+function loadLocalEnv(cwd = process.cwd()) {
+    const envLocalPath = path.join(cwd, ".env.local");
+    const envBootstrapPath = path.join(cwd, ".env.bootstrap.local");
+    return {
+        envLocalPath,
+        envBootstrapPath,
+        values: {
+            ...parseDotEnv(readFileIfExists(envLocalPath)),
+            ...parseDotEnv(readFileIfExists(envBootstrapPath)),
+        },
+    };
+}
+function isNonEmptyString(value) {
+    return typeof value === "string" && value.trim().length > 0;
+}
+function readStringFlag(flags, key) {
+    const value = flags[key];
+    return typeof value === "string" ? value.trim() : "";
+}
+function normalizeBaseUrl(value) {
+    if (!isNonEmptyString(value))
+        return "";
+    try {
+        const parsed = new URL(value.trim());
+        if (parsed.protocol !== "https:")
+            return "";
+        return `${parsed.protocol}//${parsed.host}`;
+    }
+    catch {
+        return "";
+    }
+}
+function normalizeLocalUrl(value) {
+    if (!isNonEmptyString(value))
+        return DEFAULT_LOCALHOST_URL;
+    try {
+        const parsed = new URL(value.trim());
+        if (parsed.protocol !== "http:" || parsed.hostname !== "localhost") {
+            return DEFAULT_LOCALHOST_URL;
+        }
+        return `${parsed.protocol}//${parsed.host}`;
+    }
+    catch {
+        return DEFAULT_LOCALHOST_URL;
+    }
+}
+function parseUriAllowList(value) {
+    if (!isNonEmptyString(value))
+        return [];
+    return value.split(",").map((entry) => entry.trim()).filter(Boolean);
+}
+function dedupe(values) {
+    return [...new Set(values.filter((value) => isNonEmptyString(value)).map((value) => value.trim()))];
+}
+function buildRequiredRedirects(productionBaseUrl, localhostBaseUrl = DEFAULT_LOCALHOST_URL) {
+    const bases = dedupe([productionBaseUrl, localhostBaseUrl]);
+    const routes = ["/auth/confirm", "/auth/callback"];
+    return bases.flatMap((baseUrl) => routes.map((route) => `${baseUrl}${route}`));
+}
+function resolvePrimarySiteUrl(productionBaseUrl, localhostBaseUrl) {
+    return productionBaseUrl || localhostBaseUrl;
+}
+function parseProjectRefFromUrl(value) {
+    if (!isNonEmptyString(value))
+        return "";
+    try {
+        const parsed = new URL(value.trim());
+        const match = parsed.hostname.match(/^([a-z0-9]{20})\.supabase\.co$/);
+        return match ? match[1] : "";
+    }
+    catch {
+        return "";
+    }
+}
+function resolveProjectRef(flags, envValues) {
+    return String(readStringFlag(flags, "project-ref")
+        || envValues.SUPABASE_PROJECT_REF
+        || parseProjectRefFromUrl(envValues.NEXT_PUBLIC_SUPABASE_URL)
+        || parseProjectRefFromUrl(envValues.SUPABASE_URL)
+        || "").trim();
+}
+function requireEnvValue(envValues, key, fileHint) {
+    const value = envValues[key];
+    if (!isNonEmptyString(value)) {
+        fail("MISSING_ENV", `${key} is missing. Add it to ${fileHint}.`);
+    }
+    return value.trim();
+}
+function mergeEnvFile(filePath, nextValues) {
+    const existing = parseDotEnv(readFileIfExists(filePath));
+    const merged = { ...existing, ...nextValues };
+    const keys = Object.keys(merged).sort();
+    const content = `${keys.map((key) => `${key}=${merged[key]}`).join("\n")}\n`;
+    fs.writeFileSync(filePath, content, "utf8");
+}
+async function managementRequest({ method, projectRef, token, body }) {
+    const endpoint = `${MANAGEMENT_API_BASE}/v1/projects/${projectRef}/config/auth`;
+    const response = await fetch(endpoint, {
+        method,
+        headers: {
+            Accept: "application/json",
+            "Content-Type": "application/json",
+            Authorization: `Bearer ${token}`,
+        },
+        body: body ? JSON.stringify(body) : undefined,
+    });
+    let json = null;
+    try {
+        json = await response.json();
+    }
+    catch {
+        json = null;
+    }
+    if (!response.ok) {
+        const message = isNonEmptyString(json?.message)
+            ? json.message
+            : isNonEmptyString(json?.error)
+                ? json.error
+                : `Supabase returned ${response.status}`;
+        fail("MANAGEMENT_API_ERROR", `${message}. Check project ref and local token configuration.`, 1, { status: response.status });
+    }
+    return json;
+}
+function readAuthConfigEnvelope(responseJson) {
+    if (!responseJson || typeof responseJson !== "object")
+        return {};
+    const envelope = responseJson;
+    if (envelope.auth && typeof envelope.auth === "object")
+        return envelope.auth;
+    if (envelope.config?.auth && typeof envelope.config.auth === "object")
+        return envelope.config.auth;
+    return responseJson;
+}
+function normalizeTemplateText(value) {
+    if (!isNonEmptyString(value))
+        return "";
+    return value.replace(/\r\n/g, "\n").trim();
+}
+function buildTemplateDesiredFields(options) {
+    const desired = {};
+    if (options.confirmEmailEnabled) {
+        const confirmHtml = normalizeTemplateText(readFileIfExists(path.resolve(process.cwd(), options.confirmEmailPath || "")));
+        if (!confirmHtml) {
+            fail("MISSING_TEMPLATE_FILE", `Confirm email template content is missing. Check ${options.confirmEmailPath}.`);
+        }
+        desired.mailer_subjects_confirmation = isNonEmptyString(options.confirmEmailSubject)
+            ? options.confirmEmailSubject.trim()
+            : "Confirm your signup";
+        desired.mailer_templates_confirmation_content = confirmHtml;
+    }
+    if (options.resetPasswordEnabled) {
+        const resetHtml = normalizeTemplateText(readFileIfExists(path.resolve(process.cwd(), options.resetPasswordPath || "")));
+        if (!resetHtml) {
+            fail("MISSING_TEMPLATE_FILE", `Reset password template content is missing. Check ${options.resetPasswordPath}.`);
+        }
+        desired.mailer_subjects_recovery = isNonEmptyString(options.resetPasswordSubject)
+            ? options.resetPasswordSubject.trim()
+            : "Reset your password";
+        desired.mailer_templates_recovery_content = resetHtml;
+    }
+    return desired;
+}
+function diffTemplateFields(currentAuthConfig = {}, desiredFields) {
+    const patch = {};
+    const changedKeys = [];
+    for (const [key, desiredValue] of Object.entries(desiredFields)) {
+        const currentValue = currentAuthConfig[key];
+        const normalizedCurrent = typeof currentValue === "string" ? normalizeTemplateText(currentValue) : currentValue;
+        const normalizedDesired = typeof desiredValue === "string" ? normalizeTemplateText(desiredValue) : desiredValue;
+        if (normalizedCurrent !== normalizedDesired) {
+            patch[key] = desiredValue;
+            changedKeys.push(key);
+        }
+    }
+    return { patch, changedKeys, noChanges: changedKeys.length === 0 };
+}
+async function configureSiteRedirects(flags) {
+    const { envLocalPath, envBootstrapPath, values } = loadLocalEnv();
+    const projectRef = resolveProjectRef(flags, values);
+    if (!projectRef) {
+        fail("MISSING_PROJECT_REF", "SUPABASE_PROJECT_REF is missing. Add it to .env.bootstrap.local or ensure NEXT_PUBLIC_SUPABASE_URL is present in .env.local.");
+    }
+    const accessToken = requireEnvValue(values, "SUPABASE_ACCESS_TOKEN", path.basename(envBootstrapPath));
+    const mode = readStringFlag(flags, "mode") === "production" ? "production" : "test";
+    const productionDomain = mode === "production" ? normalizeBaseUrl(readStringFlag(flags, "production-domain")) : "";
+    if (mode === "production" && !productionDomain) {
+        fail("MISSING_PRODUCTION_DOMAIN", "Production mode requires --production-domain https://yourdomain.com.");
+    }
+    const localhostUrl = normalizeLocalUrl(readStringFlag(flags, "localhost-url"));
+    const primarySiteUrl = resolvePrimarySiteUrl(productionDomain, localhostUrl);
+    const requiredRedirects = buildRequiredRedirects(productionDomain, localhostUrl);
+    const current = await managementRequest({ method: "GET", projectRef, token: accessToken });
+    const currentAuthConfig = readAuthConfigEnvelope(current);
+    const mergedAllowList = dedupe([...parseUriAllowList(currentAuthConfig.uri_allow_list), ...requiredRedirects]);
+    await managementRequest({
+        method: "PATCH",
+        projectRef,
+        token: accessToken,
+        body: {
+            site_url: primarySiteUrl,
+            uri_allow_list: mergedAllowList.join(","),
+        },
+    });
+    mergeEnvFile(envLocalPath, { NEXT_PUBLIC_SITE_URL: primarySiteUrl });
+    printJson({
+        ok: true,
+        command: "configure-site-redirects",
+        mode,
+        projectRef,
+        siteUrl: primarySiteUrl,
+        redirectUrls: requiredRedirects,
+        applied: ["site_url", "uri_allow_list", "NEXT_PUBLIC_SITE_URL"],
+    });
+}
+async function configureEmailPassword(flags) {
+    const { envBootstrapPath, values } = loadLocalEnv();
+    const projectRef = resolveProjectRef(flags, values);
+    if (!projectRef) {
+        fail("MISSING_PROJECT_REF", "SUPABASE_PROJECT_REF is missing. Add it to .env.bootstrap.local or ensure NEXT_PUBLIC_SUPABASE_URL is present in .env.local.");
+    }
+    const accessToken = requireEnvValue(values, "SUPABASE_ACCESS_TOKEN", path.basename(envBootstrapPath));
+    const emailConfirmation = readStringFlag(flags, "email-confirmation") !== "no";
+    await managementRequest({
+        method: "PATCH",
+        projectRef,
+        token: accessToken,
+        body: {
+            disable_signup: false,
+            mailer_autoconfirm: !emailConfirmation,
+        },
+    });
+    printJson({
+        ok: true,
+        command: "configure-email-password",
+        projectRef,
+        emailConfirmationEnabled: emailConfirmation,
+        applied: ["disable_signup", "mailer_autoconfirm"],
+    });
+}
+async function enableGoogleProvider(flags) {
+    const { envBootstrapPath, values } = loadLocalEnv();
+    const projectRef = resolveProjectRef(flags, values);
+    if (!projectRef) {
+        fail("MISSING_PROJECT_REF", "SUPABASE_PROJECT_REF is missing. Add it to .env.bootstrap.local or ensure NEXT_PUBLIC_SUPABASE_URL is present in .env.local.");
+    }
+    const managementToken = requireEnvValue(values, "SUPABASE_MANAGEMENT_TOKEN", path.basename(envBootstrapPath));
+    const googleClientId = requireEnvValue(values, "GOOGLE_CLIENT_ID", path.basename(envBootstrapPath));
+    const googleClientSecret = requireEnvValue(values, "GOOGLE_CLIENT_SECRET", path.basename(envBootstrapPath));
+    await managementRequest({
+        method: "PATCH",
+        projectRef,
+        token: managementToken,
+        body: {
+            external_google_enabled: true,
+            external_google_client_id: googleClientId,
+            external_google_secret: googleClientSecret,
+        },
+    });
+    printJson({
+        ok: true,
+        command: "enable-google-provider",
+        projectRef,
+        externalGoogleEnabled: true,
+        applied: ["external_google_enabled", "external_google_client_id", "external_google_secret"],
+    });
+}
+async function applyAuthTemplates(flags) {
+    const { envBootstrapPath, values } = loadLocalEnv();
+    const projectRef = resolveProjectRef(flags, values);
+    if (!projectRef) {
+        fail("MISSING_PROJECT_REF", "SUPABASE_PROJECT_REF is missing. Add it to .env.bootstrap.local or ensure NEXT_PUBLIC_SUPABASE_URL is present in .env.local.");
+    }
+    const managementToken = requireEnvValue(values, "SUPABASE_MANAGEMENT_TOKEN", path.basename(envBootstrapPath));
+    const desiredFields = buildTemplateDesiredFields({
+        confirmEmailEnabled: readStringFlag(flags, "confirm-email-enabled") === "true",
+        confirmEmailSubject: readStringFlag(flags, "confirm-email-subject"),
+        confirmEmailPath: readStringFlag(flags, "confirm-email-path"),
+        resetPasswordEnabled: readStringFlag(flags, "reset-password-enabled") === "true",
+        resetPasswordSubject: readStringFlag(flags, "reset-password-subject"),
+        resetPasswordPath: readStringFlag(flags, "reset-password-path"),
+    });
+    const current = await managementRequest({ method: "GET", projectRef, token: managementToken });
+    const currentAuthConfig = readAuthConfigEnvelope(current);
+    const diff = diffTemplateFields(currentAuthConfig, desiredFields);
+    if (!diff.noChanges) {
+        await managementRequest({ method: "PATCH", projectRef, token: managementToken, body: diff.patch });
+    }
+    printJson({
+        ok: true,
+        command: "apply-auth-templates",
+        projectRef,
+        changedKeys: diff.changedKeys,
+        appliedKeys: diff.changedKeys,
+        noChanges: diff.noChanges,
+    });
+}
+async function main() {
+    const { command, flags } = parseArgs(process.argv.slice(2));
+    if (!command || command === "--help" || command === "help") {
+        printJson({
+            ok: true,
+            commands: [
+                "configure-site-redirects",
+                "configure-email-password",
+                "enable-google-provider",
+                "apply-auth-templates",
+            ],
+        });
+        return;
+    }
+    if (command === "configure-site-redirects")
+        return configureSiteRedirects(flags);
+    if (command === "configure-email-password")
+        return configureEmailPassword(flags);
+    if (command === "enable-google-provider")
+        return enableGoogleProvider(flags);
+    if (command === "apply-auth-templates")
+        return applyAuthTemplates(flags);
+    fail("UNKNOWN_COMMAND", `Unknown command: ${command}`);
+}
+main().catch((error) => {
+    fail("UNEXPECTED_ERROR", error instanceof Error ? error.message : "Unexpected CLI error");
+});

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@vibecodemax/cli",
+  "version": "0.1.0",
+  "description": "Local VibeCodeMax CLI for bootstrap and future project operations",
+  "type": "module",
+  "bin": {
+    "vibecodemax-cli": "./dist/cli.js"
+  },
+  "files": [
+    "dist",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "typecheck": "tsc -p tsconfig.json --noEmit"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "devDependencies": {
+    "@types/node": "^24.0.0",
+    "typescript": "^5.9.0"
+  },
+  "license": "Apache-2.0",
+  "author": "Gwinyai Nyatsoka",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/VibeCodeMax/cli"
+  },
+  "homepage": "https://github.com/VibeCodeMax/cli#readme",
+  "bugs": {
+    "url": "https://github.com/VibeCodeMax/cli/issues"
+  }
+}