alif-fund 0.1.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Alif
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,130 @@
+# Alif CLI
+
+Apply to Alif from your terminal, then let your coding agent keep your application updated with real traction.
+
+Alif CLI is for founders using Codex, Claude Code, Hermes, Cursor agents, CI, cron, or custom scripts. You submit once, define the metric that matters, and your agent can keep that metric fresh.
+
+## Quickstart
+
+Target command after npm publishing:
+
+```bash
+npx alif-fund apply
+```
+
+Packaging note: npm package names use the normal ASCII hyphen, so the package is `alif-fund`.
+
+You can run directly from GitHub today:
+
+```bash
+npx github:alifdotbuild/alifcli apply
+```
+
+Apply:
+
+```bash
+npx alif-fund apply
+```
+
+The CLI will:
+
+- send an email login code
+- collect your company/application details
+- create your primary metric
+- save a local agent token
+- print the command your agent should run next
+
+Update traction:
+
+```bash
+npx alif-fund metric update weekly_revenue 12000
+```
+
+Check status:
+
+```bash
+npx alif-fund status
+```
+
+Generate an agent command:
+
+```bash
+npx alif-fund setup-agent weekly_revenue
+```
+
+## Agent Usage
+
+Agents and CI should use `ALIF_API_TOKEN`:
+
+```bash
+ALIF_API_TOKEN=alif_live_... \
+npx alif-fund metric update weekly_revenue 12000 \
+  --timestamp 2026-06-07T16:00:00Z \
+  --idempotency-key acme-weekly-revenue-2026-W23 \
+  --source codex
+```
+
+Use the same idempotency key when retrying the same reporting period. Duplicate retries are ignored.
+
+Examples:
+
+- [Codex](examples/codex.md)
+- [Claude Code](examples/claude-code.md)
+- [Hermes](examples/hermes.md)
+- [GitHub Actions](examples/github-actions.yml)
+- [Cron](examples/cron.sh)
+
+## Commands
+
+```bash
+npx alif-fund apply
+npx alif-fund login --email founder@example.com
+npx alif-fund status
+npx alif-fund whoami
+npx alif-fund setup-agent weekly_revenue
+npx alif-fund metric create weekly_active_users --unit users --cadence weekly
+npx alif-fund metric update weekly_revenue 12000
+```
+
+## Hosted API
+
+By default, the CLI uses:
+
+```text
+https://alif-api.imuthuvappa.workers.dev
+```
+
+Override it when developing or self-hosting:
+
+```bash
+ALIF_API_URL=http://localhost:8787 npx alif-fund apply
+```
+
+## Local Development
+
+```bash
+npm install
+npm run build
+npm run db:migrate:local
+npm run dev
+```
+
+In another terminal:
+
+```bash
+npm exec -- alif-fund apply --api-url http://localhost:8787
+```
+
+## Docs
+
+- [Self-hosting on Cloudflare](docs/self-hosting.md)
+- [Auth model](docs/auth.md)
+- [Security notes](docs/security.md)
+
+## Status
+
+This is an early MVP. The core loop works:
+
+```text
+email login -> apply -> create metric -> agent updates traction -> detect growth spike
+```

package/dist/cli.js

@@ -0,0 +1,381 @@
+#!/usr/bin/env node
+import { createInterface } from "node:readline/promises";
+import { stdin as input, stdout as output } from "node:process";
+import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { dirname, join } from "node:path";
+const defaultApiUrl = "https://alif-api.imuthuvappa.workers.dev";
+const configPath = join(homedir(), ".alif", "config.json");
+async function main() {
+    const [command, ...args] = process.argv.slice(2);
+    if (!command || command === "help" || command === "--help") {
+        printHelp();
+        return;
+    }
+    if (command === "apply") {
+        await apply(args);
+        return;
+    }
+    if (command === "login") {
+        await login(args);
+        return;
+    }
+    if (command === "status") {
+        await status(args);
+        return;
+    }
+    if (command === "metric") {
+        await metric(args);
+        return;
+    }
+    if (command === "whoami") {
+        await whoami();
+        return;
+    }
+    if (command === "setup-agent") {
+        await setupAgent(args);
+        return;
+    }
+    throw new CliError(`Unknown command: ${command}`);
+}
+async function apply(args) {
+    const flags = parseFlags(args);
+    const existing = await loadConfig();
+    const rl = createInterface({ input, output });
+    const apiUrl = flags["api-url"] ?? process.env.ALIF_API_URL ?? existing.apiUrl ?? defaultApiUrl;
+    const founderEmail = (flags["founder-email"] ?? existing.email ?? await ask(rl, "Founder email")).toLowerCase();
+    const sessionConfig = await ensureSession({ apiUrl, email: founderEmail, flags, existing, rl });
+    const companyName = flags["company"] ?? await ask(rl, "Company name");
+    const website = flags.website ?? await ask(rl, "Website", "");
+    const founderName = flags["founder-name"] ?? await ask(rl, "Founder name");
+    const oneLiner = flags["one-liner"] ?? await ask(rl, "One-liner");
+    const metricKey = flags["metric-key"] ?? await ask(rl, "Primary metric key", "weekly_revenue");
+    const metricUnit = flags["metric-unit"] ?? await ask(rl, "Primary metric unit", "usd");
+    rl.close();
+    const signupSecret = flags["signup-secret"] ?? process.env.ALIF_SIGNUP_SECRET;
+    const sessionToken = flags["session-token"] ?? process.env.ALIF_SESSION_TOKEN ?? sessionConfig.sessionToken;
+    const response = await api(apiUrl, "/v1/applications", {
+        method: "POST",
+        token: sessionToken,
+        headers: signupSecret ? { "x-alif-signup-secret": signupSecret } : undefined,
+        body: {
+            company_name: companyName,
+            website: website || undefined,
+            founder_name: founderName,
+            founder_email: founderEmail,
+            narrative: { one_liner: oneLiner },
+            primary_metric: {
+                key: metricKey,
+                display_name: titleize(metricKey),
+                unit: metricUnit,
+                cadence: "weekly",
+                direction: "up"
+            }
+        }
+    });
+    const nextConfig = {
+        ...sessionConfig,
+        apiUrl,
+        email: founderEmail,
+        token: response.token,
+        companyId: response.company_id,
+        applicationId: response.application_id
+    };
+    await saveConfig(nextConfig);
+    console.log("");
+    console.log("Application submitted.");
+    console.log(`Application: ${response.application_id}`);
+    console.log(`Company: ${response.company_id}`);
+    console.log(`Primary metric: ${metricKey}`);
+    console.log("");
+    console.log("Update traction:");
+    console.log(`  npx alif-fund metric update ${metricKey} 12000`);
+    console.log("");
+    console.log("For agents/CI:");
+    console.log(`  export ALIF_API_TOKEN=${response.token}`);
+    console.log(`  npx alif-fund metric update ${metricKey} 12000 --source <agent-name>`);
+    console.log("");
+    console.log(`Credentials saved to ${configPath}`);
+}
+async function login(args) {
+    const flags = parseFlags(args);
+    const existing = await loadConfig();
+    const rl = createInterface({ input, output });
+    const apiUrl = flags["api-url"] ?? process.env.ALIF_API_URL ?? existing.apiUrl ?? defaultApiUrl;
+    const email = (flags.email ?? existing.email ?? await ask(rl, "Email")).toLowerCase();
+    const nextConfig = await runEmailOtp({ apiUrl, email, flags, existing, rl });
+    rl.close();
+    await saveConfig(nextConfig);
+    console.log(`Logged in as ${email}`);
+    console.log(`Session saved to ${configPath}`);
+}
+async function status(args) {
+    const flags = parseFlags(args);
+    const config = await requireConfig(flags);
+    const response = await api(config.apiUrl, "/v1/status", {
+        method: "GET",
+        token: config.token
+    });
+    console.log(`${response.application.company_name} (${response.application.status})`);
+    console.log(`Application: ${response.application.id}`);
+    console.log("");
+    if (response.metrics.length === 0) {
+        console.log("No metrics yet.");
+    }
+    else {
+        for (const metric of response.metrics) {
+            const latest = metric.latest_value === null || metric.latest_value === undefined
+                ? "no points"
+                : `${metric.latest_value} ${metric.unit} at ${metric.latest_timestamp}`;
+            console.log(`${metric.key}: ${latest}`);
+        }
+    }
+    if (response.alerts.length > 0) {
+        console.log("");
+        console.log("Recent alerts:");
+        for (const alert of response.alerts) {
+            console.log(`[${alert.severity}] ${alert.summary}`);
+        }
+    }
+}
+async function metric(args) {
+    const [subcommand, ...rest] = args;
+    if (subcommand === "create") {
+        await createMetric(rest);
+        return;
+    }
+    if (subcommand === "update") {
+        await updateMetric(rest);
+        return;
+    }
+    throw new CliError("Expected `alif metric create` or `alif metric update`.");
+}
+async function createMetric(args) {
+    const flags = parseFlags(args);
+    const key = flags._[0] ?? flags.key;
+    if (!key)
+        throw new CliError("Metric key is required.");
+    const config = await requireConfig(flags);
+    const response = await api(config.apiUrl, "/v1/metrics", {
+        method: "POST",
+        token: config.token,
+        body: {
+            key,
+            display_name: flags.name ?? titleize(key),
+            unit: flags.unit ?? "count",
+            cadence: flags.cadence ?? "weekly",
+            direction: flags.direction ?? "up",
+            source_type: flags.source ?? "self_reported"
+        }
+    });
+    console.log(`Metric created: ${response.key} (${response.id})`);
+}
+async function updateMetric(args) {
+    const flags = parseFlags(args);
+    const key = flags._[0] ?? flags.key;
+    const rawValue = flags.value ?? flags._[1];
+    if (!key)
+        throw new CliError("Metric key is required.");
+    if (!rawValue)
+        throw new CliError("Metric value is required.");
+    const value = Number(rawValue);
+    if (!Number.isFinite(value))
+        throw new CliError("Metric value must be a number.");
+    const config = await requireConfig(flags);
+    const timestamp = flags.timestamp ?? new Date().toISOString();
+    const idempotencyKey = flags["idempotency-key"] ?? `${config.companyId ?? "company"}:${key}:${timestamp}`;
+    const response = await api(config.apiUrl, `/v1/metrics/${encodeURIComponent(key)}/points`, {
+        method: "POST",
+        token: config.token,
+        idempotencyKey,
+        body: {
+            value,
+            timestamp,
+            source: flags.source ?? "alif-cli",
+            confidence: flags.confidence ? Number(flags.confidence) : undefined,
+            raw_event_id: flags["raw-event-id"],
+            idempotency_key: idempotencyKey
+        }
+    });
+    console.log(response.duplicate ? `Duplicate ignored: ${response.id}` : `Metric point created: ${response.id}`);
+}
+async function whoami() {
+    const config = await loadConfig();
+    console.log(`API URL: ${config.apiUrl ?? "not configured"}`);
+    console.log(`Email: ${config.email ?? "not configured"}`);
+    console.log(`Session: ${config.sessionToken ? `configured until ${config.sessionExpiresAt ?? "unknown"}` : "not configured"}`);
+    console.log(`Company: ${config.companyId ?? "not configured"}`);
+    console.log(`Application: ${config.applicationId ?? "not configured"}`);
+    console.log(`Agent token: ${config.token ? "configured" : "not configured"}`);
+}
+async function setupAgent(args) {
+    const flags = parseFlags(args);
+    const config = await loadConfig();
+    const apiUrl = flags["api-url"] ?? process.env.ALIF_API_URL ?? config.apiUrl ?? defaultApiUrl;
+    const token = flags.token ?? process.env.ALIF_API_TOKEN ?? config.token;
+    const metric = flags.metric ?? flags._[0] ?? "weekly_revenue";
+    if (!token) {
+        throw new CliError("Missing agent token. Run `npx alif-fund apply` first, or pass --token / ALIF_API_TOKEN.");
+    }
+    console.log(`Agent setup
+
+Use this command from Codex, Claude Code, Hermes, CI, or cron:
+
+ALIF_API_URL=${apiUrl} \\
+ALIF_API_TOKEN=${token} \\
+npx alif-fund metric update ${metric} <value> \\
+  --timestamp <period_end_iso> \\
+  --idempotency-key <company>-${metric}-<period> \\
+  --source <agent-name>
+
+Suggested agent instruction:
+
+Calculate ${metric} from the source of truth for the reporting period. Then run the command above with a stable idempotency key for that period. If the command fails transiently, retry with the same idempotency key.
+`);
+}
+async function api(apiUrl, path, options) {
+    if (!apiUrl)
+        throw new CliError("Missing API URL. Run `alif apply --api-url <url>` first.");
+    const headers = {
+        accept: "application/json",
+        ...options.headers
+    };
+    if (options.token)
+        headers.authorization = `Bearer ${options.token}`;
+    if (options.idempotencyKey)
+        headers["idempotency-key"] = options.idempotencyKey;
+    if (options.body)
+        headers["content-type"] = "application/json";
+    const response = await fetch(new URL(path, apiUrl), {
+        method: options.method,
+        headers,
+        body: options.body ? JSON.stringify(options.body) : undefined
+    });
+    const payload = await response.json().catch(() => ({}));
+    if (!response.ok) {
+        throw new CliError(payload.message ?? payload.error ?? `HTTP ${response.status}`);
+    }
+    return payload;
+}
+async function requireConfig(flags) {
+    const config = await loadConfig();
+    const apiUrl = flags["api-url"] ?? process.env.ALIF_API_URL ?? config.apiUrl ?? defaultApiUrl;
+    const token = flags.token ?? process.env.ALIF_API_TOKEN ?? config.token;
+    if (!token)
+        throw new CliError("Missing token. Pass --token, set ALIF_API_TOKEN, or run `alif apply`.");
+    return { ...config, apiUrl, token };
+}
+async function ensureSession(input) {
+    const explicit = input.flags["session-token"] ?? process.env.ALIF_SESSION_TOKEN;
+    if (explicit) {
+        return {
+            ...input.existing,
+            apiUrl: input.apiUrl,
+            email: input.email,
+            sessionToken: explicit
+        };
+    }
+    const existingSessionMatches = input.existing.sessionToken
+        && input.existing.email === input.email
+        && (!input.existing.sessionExpiresAt || Date.parse(input.existing.sessionExpiresAt) > Date.now() + 60_000);
+    if (existingSessionMatches) {
+        return { ...input.existing, apiUrl: input.apiUrl, email: input.email };
+    }
+    console.log(`Sending login code to ${input.email}`);
+    return runEmailOtp(input);
+}
+async function runEmailOtp(input) {
+    const start = await api(input.apiUrl, "/v1/auth/otp/start", {
+        method: "POST",
+        body: { email: input.email }
+    });
+    if (start.dev_otp) {
+        console.log(`Development OTP: ${start.dev_otp}`);
+    }
+    else {
+        console.log(`Sent login code to ${input.email}`);
+    }
+    const code = input.flags.code ?? await ask(input.rl, "OTP code");
+    const verified = await api(input.apiUrl, "/v1/auth/otp/verify", {
+        method: "POST",
+        body: { email: input.email, code }
+    });
+    return {
+        ...input.existing,
+        apiUrl: input.apiUrl,
+        email: input.email,
+        sessionToken: verified.session_token,
+        sessionExpiresAt: verified.expires_at
+    };
+}
+async function loadConfig() {
+    try {
+        return JSON.parse(await readFile(configPath, "utf8"));
+    }
+    catch {
+        return {};
+    }
+}
+async function saveConfig(config) {
+    await mkdir(dirname(configPath), { recursive: true, mode: 0o700 });
+    await writeFile(configPath, `${JSON.stringify(config, null, 2)}\n`, { mode: 0o600 });
+}
+async function ask(rl, label, fallback) {
+    const suffix = fallback !== undefined ? ` [${fallback}]` : "";
+    const answer = (await rl.question(`${label}${suffix}: `)).trim();
+    if (answer)
+        return answer;
+    if (fallback !== undefined)
+        return fallback;
+    return ask(rl, label, fallback);
+}
+function parseFlags(args) {
+    const flags = { _: [] };
+    for (let i = 0; i < args.length; i += 1) {
+        const arg = args[i];
+        if (arg.startsWith("--")) {
+            const [name, inlineValue] = arg.slice(2).split("=", 2);
+            const next = args[i + 1];
+            if (inlineValue !== undefined) {
+                flags[name] = inlineValue;
+            }
+            else if (next && !next.startsWith("--")) {
+                flags[name] = next;
+                i += 1;
+            }
+            else {
+                flags[name] = "true";
+            }
+        }
+        else {
+            flags._.push(arg);
+        }
+    }
+    return flags;
+}
+function titleize(value) {
+    return value.replace(/[_-]+/g, " ").replace(/\b\w/g, (char) => char.toUpperCase());
+}
+function printHelp() {
+    console.log(`alif-fund
+
+Usage:
+  alif-fund apply
+  alif-fund login [--email founder@example.com]
+  alif-fund status
+  alif-fund whoami
+  alif-fund setup-agent [metric_key]
+  alif-fund metric create <key> [--unit count] [--cadence weekly]
+  alif-fund metric update <key> <value> [--timestamp ISO_DATE] [--source agent]
+
+Automation:
+  ALIF_API_TOKEN=alif_live_... \\
+    alif-fund metric update weekly_revenue 12000
+`);
+}
+class CliError extends Error {
+}
+main().catch((error) => {
+    console.error(error instanceof CliError ? error.message : error);
+    process.exitCode = 1;
+});