@zoobbe/cli 1.1.1 → 1.2.1

package/src/commands/analytics.js

@@ -0,0 +1,281 @@
+const { Command } = require('commander');
+const chalk = require('chalk');
+const config = require('../lib/config');
+const client = require('../lib/client');
+const { output, success, error } = require('../lib/output');
+const { withSpinner } = require('../utils/spinner');
+const { formatDuration } = require('../utils/format');
+
+const analytics = new Command('analytics')
+  .alias('an')
+  .description('Analytics and reporting commands');
+
+analytics
+  .command('board <boardId>')
+  .description('Show board analytics overview')
+  .action(async (boardId) => {
+    try {
+      const data = await withSpinner('Fetching analytics...', () =>
+        client.get(`/analytics/board/${boardId}`)
+      );
+
+      const a = data.analytics || data.data || data;
+      console.log();
+      console.log(chalk.bold('  Board Analytics'));
+      console.log(chalk.bold('  ─────────────────'));
+      console.log(chalk.bold('  Total Cards:     '), a.totalCards ?? 0);
+      console.log(chalk.bold('  Completed:       '), a.completedCards ?? 0);
+      console.log(chalk.bold('  In Progress:     '), a.inProgressCards ?? 0);
+      console.log(chalk.bold('  Overdue:         '), a.overdueCards ?? 0);
+      console.log(chalk.bold('  Members:         '), a.totalMembers ?? 0);
+      console.log(chalk.bold('  Completion Rate: '), `${a.completionRate ?? 0}%`);
+      console.log();
+    } catch (err) {
+      error(`Failed to fetch analytics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('metrics <boardId>')
+  .description('Show board metrics')
+  .option('--range <range>', 'Time range (7d|30d|90d)', '30d')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Fetching metrics...', () =>
+        client.get(`/analytics/board/${boardId}/metrics?range=${options.range}`)
+      );
+
+      const metrics = data.metrics || data.data || data;
+      if (Array.isArray(metrics)) {
+        const rows = metrics.map(m => ({
+          metric: m.name || m.metric || 'N/A',
+          value: String(m.value ?? 0),
+          change: m.change ? `${m.change > 0 ? '+' : ''}${m.change}%` : '-',
+        }));
+        output(rows, {
+          headers: ['Metric', 'Value', 'Change'],
+          format: options.format,
+        });
+      } else {
+        console.log();
+        for (const [key, val] of Object.entries(metrics)) {
+          console.log(chalk.bold(`  ${key}: `), val);
+        }
+        console.log();
+      }
+    } catch (err) {
+      error(`Failed to fetch metrics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('time <boardId>')
+  .description('Show time analytics for a board')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Fetching time analytics...', () =>
+        client.get(`/analytics/board/${boardId}/time-analytics`)
+      );
+
+      const time = data.analytics || data.data || data;
+      if (Array.isArray(time)) {
+        const rows = time.map(t => ({
+          list: t.list || t.name || 'N/A',
+          avgTime: t.avgTime ? formatDuration(t.avgTime) : '-',
+          totalCards: String(t.totalCards ?? 0),
+        }));
+        output(rows, {
+          headers: ['List', 'Avg Time', 'Cards'],
+          format: options.format,
+        });
+      } else {
+        console.log();
+        console.log(chalk.bold('  Avg Completion: '), time.avgCompletion ? formatDuration(time.avgCompletion) : 'N/A');
+        console.log(chalk.bold('  Total Tracked:  '), time.totalTracked ? formatDuration(time.totalTracked) : '0s');
+        console.log();
+      }
+    } catch (err) {
+      error(`Failed to fetch time analytics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('timeline <boardId>')
+  .description('Show full timeline for a board')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Fetching timeline...', () =>
+        client.get(`/analytics/board/${boardId}/full-timeline`)
+      );
+
+      const timeline = data.timeline || data.data || data;
+      const rows = (Array.isArray(timeline) ? timeline : []).map(t => ({
+        date: t.date || 'N/A',
+        created: String(t.created ?? 0),
+        completed: String(t.completed ?? 0),
+        active: String(t.active ?? 0),
+      }));
+
+      output(rows, {
+        headers: ['Date', 'Created', 'Completed', 'Active'],
+        format: options.format,
+      });
+    } catch (err) {
+      error(`Failed to fetch timeline: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('productivity <boardId>')
+  .description('Show user productivity for a board')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Fetching productivity...', () =>
+        client.get(`/analytics/board/${boardId}/user-productivity`)
+      );
+
+      const users = data.users || data.data || data;
+      const rows = (Array.isArray(users) ? users : []).map(u => ({
+        user: u.userName || u.name || 'N/A',
+        completed: String(u.completedCards ?? 0),
+        assigned: String(u.assignedCards ?? 0),
+        timeTracked: u.timeTracked ? formatDuration(u.timeTracked) : '-',
+      }));
+
+      output(rows, {
+        headers: ['User', 'Completed', 'Assigned', 'Time Tracked'],
+        format: options.format,
+      });
+    } catch (err) {
+      error(`Failed to fetch productivity: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('workflow <boardId>')
+  .description('Show workflow analytics for a board')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Fetching workflow analytics...', () =>
+        client.get(`/analytics/board/${boardId}/workflow-analytics`)
+      );
+
+      const workflow = data.workflow || data.data || data;
+      const rows = (Array.isArray(workflow) ? workflow : []).map(w => ({
+        list: w.list || w.name || 'N/A',
+        cards: String(w.cardCount ?? 0),
+        avgTime: w.avgTime ? formatDuration(w.avgTime) : '-',
+        throughput: String(w.throughput ?? 0),
+      }));
+
+      output(rows, {
+        headers: ['List', 'Cards', 'Avg Time', 'Throughput'],
+        format: options.format,
+      });
+    } catch (err) {
+      error(`Failed to fetch workflow analytics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('workspace')
+  .description('Show workspace analytics')
+  .action(async () => {
+    try {
+      const workspaceId = config.get('activeWorkspace');
+      if (!workspaceId) return error('No active workspace.');
+
+      const data = await withSpinner('Fetching workspace analytics...', () =>
+        client.get(`/analytics/workspace/${workspaceId}`)
+      );
+
+      const a = data.analytics || data.data || data;
+      console.log();
+      console.log(chalk.bold('  Workspace Analytics'));
+      console.log(chalk.bold('  ─────────────────────'));
+      console.log(chalk.bold('  Total Boards:  '), a.totalBoards ?? 0);
+      console.log(chalk.bold('  Total Cards:   '), a.totalCards ?? 0);
+      console.log(chalk.bold('  Active Members:'), a.activeMembers ?? 0);
+      console.log(chalk.bold('  Completion:    '), `${a.completionRate ?? 0}%`);
+      console.log();
+    } catch (err) {
+      error(`Failed to fetch workspace analytics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('user')
+  .description('Show your personal analytics')
+  .action(async () => {
+    try {
+      const userId = config.get('userId');
+      const data = await withSpinner('Fetching user analytics...', () =>
+        client.get(`/analytics/user/${userId}`)
+      );
+
+      const a = data.analytics || data.data || data;
+      console.log();
+      console.log(chalk.bold('  Your Analytics'));
+      console.log(chalk.bold('  ──────────────'));
+      console.log(chalk.bold('  Cards Completed: '), a.completedCards ?? 0);
+      console.log(chalk.bold('  Cards Assigned:  '), a.assignedCards ?? 0);
+      console.log(chalk.bold('  Time Tracked:    '), a.timeTracked ? formatDuration(a.timeTracked) : '0s');
+      console.log(chalk.bold('  Active Boards:   '), a.activeBoards ?? 0);
+      console.log();
+    } catch (err) {
+      error(`Failed to fetch user analytics: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('trends')
+  .description('Show analytics trends')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (options) => {
+    try {
+      const data = await withSpinner('Fetching trends...', () =>
+        client.get('/analytics/trends')
+      );
+
+      const trends = data.trends || data.data || data;
+      const rows = (Array.isArray(trends) ? trends : []).map(t => ({
+        period: t.period || t.date || 'N/A',
+        cards: String(t.cardsCreated ?? 0),
+        completed: String(t.cardsCompleted ?? 0),
+        members: String(t.activeMembers ?? 0),
+      }));
+
+      output(rows, {
+        headers: ['Period', 'Created', 'Completed', 'Active Members'],
+        format: options.format,
+      });
+    } catch (err) {
+      error(`Failed to fetch trends: ${err.message}`);
+    }
+  });
+
+analytics
+  .command('export <boardId>')
+  .description('Export board analytics')
+  .option('-o, --output <file>', 'Output file path', 'analytics-export.json')
+  .action(async (boardId, options) => {
+    try {
+      const data = await withSpinner('Exporting analytics...', () =>
+        client.get(`/analytics/export/${boardId}`)
+      );
+
+      const fs = require('fs');
+      const exportData = data.export || data.data || data;
+      fs.writeFileSync(options.output, JSON.stringify(exportData, null, 2));
+      success(`Analytics exported to ${chalk.bold(options.output)}`);
+    } catch (err) {
+      error(`Failed to export analytics: ${err.message}`);
+    }
+  });
+
+module.exports = analytics;

package/src/commands/api-key.js

@@ -0,0 +1,140 @@
+const { Command } = require('commander');
+const chalk = require('chalk');
+const client = require('../lib/client');
+const { output, success, error, warn } = require('../lib/output');
+const { withSpinner } = require('../utils/spinner');
+const { confirmAction } = require('../utils/prompts');
+
+const apiKey = new Command('api-key')
+  .alias('ak')
+  .description('API key management commands (some operations require session auth)');
+
+const AUTH_NOTE = 'Note: API key management may be restricted when authenticated via API key. Use browser session if this fails.';
+
+apiKey
+  .command('list')
+  .alias('ls')
+  .description('List your API keys')
+  .option('-f, --format <format>', 'Output format')
+  .action(async (options) => {
+    try {
+      const data = await withSpinner('Fetching API keys...', () =>
+        client.get('/api-keys')
+      );
+
+      const keys = data.apiKeys || data.data || data;
+      const rows = (Array.isArray(keys) ? keys : []).map(k => ({
+        name: k.name || 'Unnamed',
+        prefix: k.prefix || k.key?.substring(0, 8) || 'N/A',
+        created: new Date(k.createdAt).toLocaleDateString(),
+        lastUsed: k.lastUsedAt ? new Date(k.lastUsedAt).toLocaleDateString() : 'Never',
+        id: k._id,
+      }));
+
+      output(rows, {
+        headers: ['Name', 'Prefix', 'Created', 'Last Used', 'ID'],
+        format: options.format,
+      });
+    } catch (err) {
+      warn(AUTH_NOTE);
+      error(`Failed to list API keys: ${err.message}`);
+    }
+  });
+
+apiKey
+  .command('create')
+  .description('Create a new API key')
+  .option('--name <name>', 'Key name (required)')
+  .action(async (options) => {
+    try {
+      if (!options.name) return error('Key name is required. Use --name <name>.');
+
+      const data = await withSpinner('Creating API key...', () =>
+        client.post('/api-keys', { name: options.name })
+      );
+
+      const key = data.apiKey || data.key || data.data || data;
+      console.log();
+      success(`Created API key: ${chalk.bold(options.name)}`);
+      if (key.key || key.token) {
+        console.log();
+        console.log(chalk.yellow('  Save this key — it won\'t be shown again:'));
+        console.log(chalk.bold(`  ${key.key || key.token}`));
+        console.log();
+      }
+    } catch (err) {
+      warn(AUTH_NOTE);
+      error(`Failed to create API key: ${err.message}`);
+    }
+  });
+
+apiKey
+  .command('delete <keyId>')
+  .description('Delete an API key')
+  .option('--force', 'Skip confirmation')
+  .action(async (keyId, options) => {
+    try {
+      if (!options.force) {
+        const confirmed = await confirmAction('Delete this API key? Any integrations using it will stop working.');
+        if (!confirmed) return;
+      }
+
+      await withSpinner('Deleting API key...', () =>
+        client.delete(`/api-keys/${keyId}`)
+      );
+      success('Deleted API key');
+    } catch (err) {
+      warn(AUTH_NOTE);
+      error(`Failed to delete API key: ${err.message}`);
+    }
+  });
+
+apiKey
+  .command('rename <keyId>')
+  .description('Rename an API key')
+  .option('--name <name>', 'New name (required)')
+  .action(async (keyId, options) => {
+    try {
+      if (!options.name) return error('Name is required. Use --name <name>.');
+
+      await withSpinner('Renaming API key...', () =>
+        client.put(`/api-keys/${keyId}`, { name: options.name })
+      );
+      success(`Renamed API key to: ${chalk.bold(options.name)}`);
+    } catch (err) {
+      warn(AUTH_NOTE);
+      error(`Failed to rename API key: ${err.message}`);
+    }
+  });
+
+apiKey
+  .command('regenerate <keyId>')
+  .description('Regenerate an API key')
+  .option('--force', 'Skip confirmation')
+  .action(async (keyId, options) => {
+    try {
+      if (!options.force) {
+        const confirmed = await confirmAction('Regenerate this API key? The old key will stop working immediately.');
+        if (!confirmed) return;
+      }
+
+      const data = await withSpinner('Regenerating API key...', () =>
+        client.post(`/api-keys/${keyId}/regenerate`)
+      );
+
+      const key = data.apiKey || data.key || data.data || data;
+      console.log();
+      success('API key regenerated');
+      if (key.key || key.token) {
+        console.log();
+        console.log(chalk.yellow('  Save this key — it won\'t be shown again:'));
+        console.log(chalk.bold(`  ${key.key || key.token}`));
+        console.log();
+      }
+    } catch (err) {
+      warn(AUTH_NOTE);
+      error(`Failed to regenerate API key: ${err.message}`);
+    }
+  });
+
+module.exports = apiKey;

package/src/commands/auth.js

@@ -1,10 +1,181 @@
 const { Command } = require('commander');
 const chalk = require('chalk');
+const http = require('http');
+const crypto = require('crypto');
 const inquirer = require('inquirer');
 const config = require('../lib/config');
 const client = require('../lib/client');
 const { success, error, info } = require('../lib/output');
 
+const LOGIN_TIMEOUT = 120_000; // 2 minutes
+
+/**
+ * Start a temporary localhost HTTP server to receive the OAuth callback.
+ * Returns a promise that resolves with the API key token.
+ */
+function waitForCallback(state, webUrl) {
+  return new Promise((resolve, reject) => {
+    let resolved = false;
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url, `http://127.0.0.1`);
+
+      if (url.pathname !== '/callback') {
+        res.writeHead(404);
+        res.end('Not found');
+        return;
+      }
+
+      // Prevent duplicate callbacks
+      if (resolved) {
+        res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+        res.end(errorPage('Already authenticated.'));
+        return;
+      }
+
+      const token = url.searchParams.get('token');
+      const returnedState = url.searchParams.get('state') || '';
+
+      // Timing-safe CSRF state validation
+      const stateMatch = returnedState.length === state.length &&
+        crypto.timingSafeEqual(Buffer.from(returnedState), Buffer.from(state));
+      if (!stateMatch) {
+        res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+        res.end(errorPage('State mismatch. Please try logging in again from the CLI.'));
+        return;
+      }
+
+      if (!token || !/^zb_live_[a-zA-Z0-9_\-]{16,}$/.test(token)) {
+        res.writeHead(400, { 'Content-Type': 'text/html; charset=utf-8' });
+        res.end(errorPage('Invalid token received. Please try again.'));
+        return;
+      }
+
+      // Send success page and resolve
+      resolved = true;
+      res.writeHead(200, { 'Content-Type': 'text/html; charset=utf-8' });
+      res.end(successPage());
+
+      server.close();
+      resolve(token);
+    });
+
+    // Listen on random available port
+    server.listen(0, '127.0.0.1', () => {
+      const port = server.address().port;
+      const authUrl = `${webUrl}/cli/auth?state=${encodeURIComponent(state)}&port=${port}`;
+
+      info('Opening browser for authentication...');
+      info(`If it doesn't open, visit: ${chalk.underline(authUrl)}`);
+
+      require('open')(authUrl).catch(() => {});
+    });
+
+    server.on('error', (err) => {
+      reject(new Error(`Failed to start auth server: ${err.message}`));
+    });
+
+    // Timeout — shut down and fall back to manual
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new Error('TIMEOUT'));
+    }, LOGIN_TIMEOUT);
+
+    // Clean up timeout if resolved
+    const origResolve = resolve;
+    resolve = (val) => {
+      clearTimeout(timeout);
+      origResolve(val);
+    };
+  });
+}
+
+function pageStyles() {
+  return `
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: "DM Sans", -apple-system, system-ui, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif;
+      display: flex; align-items: center; justify-content: center;
+      min-height: 100vh; background: #181717; color: rgba(255,255,255,0.8);
+    }
+    .card {
+      text-align: center; background: #181717; padding: 48px 40px;
+      border-radius: 12px; border: 1px solid #242526;
+      box-shadow: 0 4px 24px rgba(0,0,0,0.3); max-width: 420px; width: 90%;
+    }
+    .icon { font-size: 48px; margin-bottom: 20px; }
+    .icon-success { color: #10b981; }
+    .icon-error { color: #ef4444; }
+    h1 { font-size: 20px; font-weight: 600; margin: 0 0 8px; }
+    .subtitle { color: #9aa0a6; font-size: 14px; line-height: 1.5; }
+    .hint { color: #6c757d; font-size: 12px; margin-top: 16px; }
+    .brand { color: #0966ff; font-weight: 600; }
+  `;
+}
+
+function successPage() {
+  return `<!DOCTYPE html>
+<html><head><title>Zoobbe CLI — Authorized</title>
+<style>${pageStyles()}</style></head>
+<body>
+<div class="card">
+  <div class="icon icon-success">&#10003;</div>
+  <h1>Authorization Successful</h1>
+  <p class="subtitle">Your CLI is now connected to <span class="brand">Zoobbe</span>.</p>
+  <p class="hint">You can close this tab and return to the terminal.</p>
+</div>
+</body></html>`;
+}
+
+function escapeHtml(str) {
+  return str.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+}
+
+function errorPage(message) {
+  return `<!DOCTYPE html>
+<html><head><title>Zoobbe CLI — Error</title>
+<style>${pageStyles()}</style></head>
+<body>
+<div class="card">
+  <div class="icon icon-error">&#10007;</div>
+  <h1 style="color:#ef4444">Authorization Failed</h1>
+  <p class="subtitle">${escapeHtml(message)}</p>
+  <p class="hint">Please return to the terminal and try again.</p>
+</div>
+</body></html>`;
+}
+
+/**
+ * Verify the API key and store user info.
+ */
+async function verifyAndStore(apiKey) {
+  config.set('apiKey', apiKey);
+
+  const userData = await client.get('/users/me');
+  const user = userData.user || userData.data || userData;
+
+  config.set('userId', user._id || user.id || '');
+  config.set('userName', user.name || user.userName || '');
+  config.set('email', user.email || '');
+
+  return user;
+}
+
+/**
+ * Manual paste fallback when browser callback times out.
+ */
+async function manualLogin() {
+  info('Falling back to manual entry...');
+  const answers = await inquirer.prompt([{
+    type: 'input',
+    name: 'apiKey',
+    message: 'Paste your API key:',
+    validate: v => v.startsWith('zb_live_') ? true : 'Invalid API key format (should start with zb_live_)',
+  }]);
+  return answers.apiKey;
+}
+
+// ─── Commands ────────────────────────────────────────────────
+
 const auth = new Command('auth')
   .description('Authentication commands');
 
@@ -16,10 +187,10 @@ auth
   .action(async (options) => {
     try {
       if (options.url) {
-        // Validate URL format and enforce HTTPS
         try {
           const parsed = new URL(options.url);
-          if (parsed.protocol !== 'https:' && !parsed.hostname.match(/^(localhost|127\.0\.0\.1)$/)) {
+          const isLocal = ['localhost', '127.0.0.1', '::1', '[::1]'].includes(parsed.hostname);
+          if (parsed.protocol !== 'https:' && !isLocal) {
             return error('API URL must use HTTPS. Only localhost is allowed over HTTP.');
           }
           config.set('apiUrl', options.url);
@@ -31,41 +202,37 @@ auth
       let apiKey = options.token;
 
       if (!apiKey) {
-        // Interactive login — open browser for auth
+        // Try automatic browser callback flow
+        const state = crypto.randomBytes(16).toString('hex');
+
+        // Resolve the frontend URL before opening the browser
+        const apiUrl = config.get('apiUrl').replace(/\/$/, '');
+        let webUrl = config.getWebUrl();
         try {
-          const open = require('open');
-          const apiUrl = config.get('apiUrl');
-          const authUrl = `${apiUrl.replace('api.', '')}/cli/auth`;
-          info(`Opening browser for authentication...`);
-          info(`If it doesn't open, visit: ${chalk.underline(authUrl)}`);
-          await open(authUrl);
-        } catch {
-          // open may fail in headless environments
-        }
+          const cfgRes = await fetch(`${apiUrl}/v1/cli/config`);
+          if (cfgRes.ok) {
+            const cfgData = await cfgRes.json();
+            if (cfgData.webUrl) webUrl = cfgData.webUrl;
+          }
+        } catch { /* use derived webUrl as fallback */ }
 
-        const answers = await inquirer.prompt([{
-          type: 'input',
-          name: 'apiKey',
-          message: 'Paste your API key:',
-          validate: v => v.startsWith('zb_live_') ? true : 'Invalid API key format (should start with zb_live_)',
-        }]);
-        apiKey = answers.apiKey;
+        try {
+          apiKey = await waitForCallback(state, webUrl);
+        } catch (err) {
+          if (err.message === 'TIMEOUT') {
+            // Browser flow timed out — fall back to manual paste
+            apiKey = await manualLogin();
+          } else {
+            throw err;
+          }
+        }
       }
 
-      if (!apiKey.startsWith('zb_live_')) {
+      if (!apiKey || !apiKey.startsWith('zb_live_')) {
         return error('Invalid API key format. Keys start with "zb_live_".');
       }
 
-      config.set('apiKey', apiKey);
-
-      // Verify the key works
-      const userData = await client.get('/users/me');
-      const user = userData.user || userData.data || userData;
-
-      config.set('userId', user._id || user.id || '');
-      config.set('userName', user.name || user.userName || '');
-      config.set('email', user.email || '');
-
+      const user = await verifyAndStore(apiKey);
       success(`Logged in as ${chalk.bold(user.name || user.email)}`);
     } catch (err) {
       config.set('apiKey', '');
@@ -78,6 +245,8 @@ auth
   .description('Clear stored credentials')
   .action(() => {
     config.set('apiKey', '');
+    config.set('apiUrl', 'https://api.zoobbe.com');
+    config.set('webUrl', '');
     config.set('userId', '');
     config.set('userName', '');
     config.set('email', '');