boringpm 0.1.2

package/README.md

@@ -0,0 +1,170 @@
+# CLI
+
+Project manager CLI for scripts, automation, and agent workflows.
+
+## Commands
+
+When installed globally, the command is:
+
+- `boringpm`
+
+## Scripts
+
+```bash
+npm run dev -- --help
+npm run lint
+npm run build
+```
+
+## Login UX (recommended)
+
+Interactive login with persisted token:
+
+```bash
+npm run dev -- login
+npm run dev -- whoami
+npm run dev -- project list
+npm run dev -- logout
+```
+
+This stores auth session data in:
+
+- `~/.projectmanager/auth.json`
+
+## Project reference behavior
+
+Commands that target a project accept either:
+
+- project ID
+- project name (case-insensitive exact match)
+
+If multiple projects have the same name, use the project ID.
+
+## Team management examples
+
+```bash
+# Create and manage teams
+npm run dev -- team create "Engineering Team"
+npm run dev -- team list
+npm run dev -- team view <team-id>
+npm run dev -- team update <team-id> --name "New Team Name"
+
+# Add and remove team members (owner only)
+npm run dev -- team add-member <team-id> <user-id>
+npm run dev -- team remove-member <team-id> <user-id>
+
+# List projects in a team
+npm run dev -- team projects <team-id>
+
+# Delete team (owner only, blocked if projects exist)
+npm run dev -- team delete <team-id>
+```
+
+## Project management examples
+
+```bash
+# Create project (optionally linked to team)
+npm run dev -- project create "My Project"
+npm run dev -- project create "Team Project" --team <team-id>
+
+# View projects
+npm run dev -- project list
+npm run dev -- project view minigta
+```
+
+## Single-entity view examples
+
+```bash
+npm run dev -- plan view <plan-id>
+npm run dev -- task view <task-id>
+```
+
+## Spec-first workflow examples
+
+```bash
+# Create and approve spec first
+npm run dev -- plan create minigta "Auth hardening spec" --content "..."
+npm run dev -- plan approve <plan-id>
+
+# Create task linked to approved spec
+npm run dev -- task create minigta "Implement auth guard" --plan <plan-id>
+```
+
+## Agent workflow examples
+
+```bash
+# See only tasks assigned to you in one project
+npm run dev -- task list minigta --mine
+
+# See your tasks across all visible projects
+npm run dev -- task mine --status in_progress
+
+# Claim a specific task
+npm run dev -- task claim <task-id>
+
+# Claim the next pending task in the project
+npm run dev -- task next minigta
+
+# Add test scenarios and record results
+npm run dev -- task test-add minigta <task-id> "happy path" --steps "..." --expected "..."
+npm run dev -- task tests minigta <task-id>
+npm run dev -- task test-result minigta <task-id> <scenario-id> pass --evidence "CI run #123"
+
+# Move task to testing, then complete with note
+npm run dev -- task move <task-id> testing
+npm run dev -- task done <task-id> --note "Implemented endpoint + tests"
+
+# Forced completion requires waiver metadata
+npm run dev -- task done <task-id> --force --waiver-reason "prod incident" --approved-by lead-user-id
+
+# Release assignment (defaults to pending when in_progress/testing)
+npm run dev -- task release <task-id>
+
+# Add or read task comments
+npm run dev -- task comment minigta <task-id> "started implementation"
+npm run dev -- task comments minigta <task-id>
+
+# Legacy alias (also clears assignee)
+npm run dev -- task unclaim <task-id>
+
+# Delete commands prompt for confirmation by default
+npm run dev -- task delete <task-id>
+npm run dev -- plan delete <plan-id>
+
+# Use --force / -f for non-interactive runs
+npm run dev -- task delete <task-id> --force
+npm run dev -- plan delete <plan-id> -f
+```
+
+## Completion gate
+
+`task done` is server-enforced and succeeds only when:
+
+- task status is `testing`
+- linked spec plan is `approved`
+- at least one test scenario exists
+- every test scenario has `status=pass`
+
+Use `--force --waiver-reason --approved-by` only for audited exceptions.
+
+## Non-interactive auth options
+
+### 1) Environment token
+
+```bash
+export PM_AUTH_TOKEN=<token>
+```
+
+### 2) Per-command token
+
+```bash
+npm run dev -- --token <token> project list
+```
+
+### 3) Raw auth endpoints
+
+```bash
+npm run dev -- auth send-link you@company.com
+npm run dev -- auth verify you@company.com <code>
+npm run dev -- auth me --token <token>
+```

package/dist/api.js

@@ -0,0 +1,487 @@
+import { z } from "zod";
+const apiResponseSchema = (dataSchema) => z.object({
+    data: dataSchema,
+});
+const teamSchema = z.object({
+    id: z.string(),
+    name: z.string(),
+    owner: z.string(),
+    members: z.array(z.string()),
+    created_at: z.string(),
+    updated_at: z.string(),
+});
+const projectSchema = z.object({
+    id: z.string(),
+    name: z.string(),
+    created_at: z.string(),
+    owner: z.string(),
+    participants: z.array(z.string()),
+    team: z.string().nullable(),
+});
+const planSchema = z.object({
+    id: z.string(),
+    title: z.string(),
+    content: z.string(),
+    created_at: z.string(),
+    updated_at: z.string(),
+    owner: z.string(),
+    project: z.string(),
+    spec_status: z.enum(["draft", "approved", "deprecated"]),
+});
+const validationSnapshotSchema = z.object({
+    spec_plan_id: z.string(),
+    spec_plan_status: z.enum(["draft", "approved", "deprecated"]),
+    total_scenarios: z.number(),
+    pass_scenarios: z.number(),
+    all_passed: z.boolean(),
+    validated_by: z.string(),
+    validated_at: z.string(),
+    waived: z.boolean(),
+    waiver_reason: z.string().nullable(),
+    approved_by: z.string().nullable(),
+    scenario_statuses: z.array(z.object({
+        id: z.string(),
+        status: z.enum(["pending", "pass", "fail", "blocked"]),
+        ran_at: z.string().nullable(),
+        ran_by: z.string().nullable(),
+    })),
+});
+const taskSchema = z.object({
+    id: z.string(),
+    title: z.string(),
+    description: z.string(),
+    created_at: z.string(),
+    owner: z.string(),
+    assignee: z.string().nullable(),
+    agent: z.string().nullable(),
+    status: z.enum(["pending", "in_progress", "testing", "completed", "archived"]),
+    project: z.string(),
+    plan: z.string().nullable(),
+    updated_at: z.string(),
+    completed_note: z.string().nullable(),
+    completed_at: z.string().nullable(),
+    validation_snapshot: validationSnapshotSchema.nullable(),
+});
+const testScenarioSchema = z.object({
+    id: z.string(),
+    task: z.string(),
+    title: z.string(),
+    type: z.enum(["manual", "automated", "integration", "e2e"]),
+    steps: z.string(),
+    expected_result: z.string(),
+    status: z.enum(["pending", "pass", "fail", "blocked"]),
+    evidence: z.string().nullable(),
+    ran_by: z.string().nullable(),
+    ran_at: z.string().nullable(),
+    created_at: z.string(),
+    updated_at: z.string(),
+});
+const commentSchema = z.object({
+    id: z.string(),
+    task: z.string(),
+    author: z.string(),
+    content: z.string(),
+    created_at: z.string(),
+});
+const boardDataSchema = z.object({
+    project: projectSchema,
+    plans: z.array(planSchema),
+    tasks: z.array(taskSchema),
+    groupedTasks: z.record(z.array(taskSchema)),
+});
+const authUserSchema = z.object({
+    id: z.string(),
+    email: z.string().nullable(),
+});
+export class ApiClient {
+    baseUrl;
+    authToken;
+    actorName;
+    constructor(config) {
+        this.baseUrl = config.baseUrl.replace(/\/$/, "");
+        this.authToken = config.authToken;
+        this.actorName = config.actorName;
+    }
+    async health() {
+        return this.request("/health", {
+            method: "GET",
+        });
+    }
+    async sendMagicLink(email) {
+        const payload = await this.request("/auth/magic-link", {
+            method: "POST",
+            body: { email },
+        });
+        return apiResponseSchema(z.object({ sent: z.boolean() })).parse(payload).data;
+    }
+    async verifyMagicCode(email, code) {
+        const payload = await this.request("/auth/verify", {
+            method: "POST",
+            body: { email, code },
+        });
+        return apiResponseSchema(z.object({ token: z.string(), user: authUserSchema })).parse(payload)
+            .data;
+    }
+    async me() {
+        const payload = await this.request("/auth/me", {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(authUserSchema).parse(payload).data;
+    }
+    async createTeam(input) {
+        const payload = await this.request("/teams", {
+            method: "POST",
+            body: input,
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(teamSchema).parse(payload).data;
+    }
+    async listTeams() {
+        const payload = await this.request("/teams", {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(teamSchema)).parse(payload).data;
+    }
+    async getTeam(teamId) {
+        const payload = await this.request(`/teams/${teamId}`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(teamSchema).parse(payload).data;
+    }
+    async updateTeam(input) {
+        const payload = await this.request(`/teams/${input.teamId}`, {
+            method: "PATCH",
+            body: {
+                name: input.name,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(teamSchema).parse(payload).data;
+    }
+    async deleteTeam(teamId) {
+        const payload = await this.request(`/teams/${teamId}`, {
+            method: "DELETE",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.object({
+            id: z.string(),
+            deleted: z.boolean(),
+        })).parse(payload).data;
+    }
+    async addTeamMember(teamId, userId) {
+        const payload = await this.request(`/teams/${teamId}/members`, {
+            method: "POST",
+            body: { userId },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(teamSchema).parse(payload).data;
+    }
+    async removeTeamMember(teamId, userId) {
+        const payload = await this.request(`/teams/${teamId}/members/${userId}`, {
+            method: "DELETE",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(teamSchema).parse(payload).data;
+    }
+    async listTeamProjects(teamId) {
+        const payload = await this.request(`/teams/${teamId}/projects`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(projectSchema)).parse(payload).data;
+    }
+    async createTeamProject(input) {
+        const payload = await this.request(`/teams/${input.teamId}/projects`, {
+            method: "POST",
+            body: {
+                name: input.name,
+                participants: input.participants,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(projectSchema).parse(payload).data;
+    }
+    async listProjects() {
+        const payload = await this.request("/projects", {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(projectSchema)).parse(payload).data;
+    }
+    async getProject(projectId) {
+        const payload = await this.request(`/projects/${projectId}`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(projectSchema).parse(payload).data;
+    }
+    async createProject(input) {
+        const payload = await this.request("/projects", {
+            method: "POST",
+            body: input,
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(projectSchema).parse(payload).data;
+    }
+    async addProjectParticipant(projectId, participantUserId) {
+        const payload = await this.request(`/projects/${projectId}/participants`, {
+            method: "POST",
+            body: { userId: participantUserId },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(projectSchema).parse(payload).data;
+    }
+    async removeProjectParticipant(projectId, participantUserId) {
+        const payload = await this.request(`/projects/${projectId}/participants/${participantUserId}`, {
+            method: "DELETE",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(projectSchema).parse(payload).data;
+    }
+    async listPlans(projectId) {
+        const payload = await this.request(`/projects/${projectId}/plans`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(planSchema)).parse(payload).data;
+    }
+    async getPlan(planId) {
+        const payload = await this.request(`/plans/${planId}`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(planSchema).parse(payload).data;
+    }
+    async createPlan(input) {
+        const payload = await this.request(`/projects/${input.projectId}/plans`, {
+            method: "POST",
+            body: {
+                title: input.title,
+                content: input.content,
+                spec_status: input.spec_status,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(planSchema).parse(payload).data;
+    }
+    async updatePlan(input) {
+        const payload = await this.request(`/plans/${input.planId}`, {
+            method: "PATCH",
+            body: {
+                title: input.title,
+                content: input.content,
+                spec_status: input.spec_status,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(planSchema).parse(payload).data;
+    }
+    async deletePlan(planId) {
+        const payload = await this.request(`/plans/${planId}`, {
+            method: "DELETE",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.object({
+            id: z.string(),
+            deleted: z.boolean(),
+            unlinkedTasks: z.number(),
+        })).parse(payload).data;
+    }
+    async listTasks(projectId, filters) {
+        const query = new URLSearchParams();
+        if (filters?.status) {
+            query.set("status", filters.status);
+        }
+        if (filters?.mine) {
+            query.set("mine", "true");
+        }
+        if (filters?.assignee !== undefined) {
+            query.set("assignee", filters.assignee === null ? "none" : filters.assignee);
+        }
+        if (filters?.agent !== undefined) {
+            query.set("agent", filters.agent === null ? "none" : filters.agent);
+        }
+        const queryString = query.toString();
+        const path = queryString
+            ? `/projects/${projectId}/tasks?${queryString}`
+            : `/projects/${projectId}/tasks`;
+        const payload = await this.request(path, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(taskSchema)).parse(payload).data;
+    }
+    async getTask(taskId) {
+        const payload = await this.request(`/tasks/${taskId}`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async createTask(input) {
+        const payload = await this.request(`/projects/${input.projectId}/tasks`, {
+            method: "POST",
+            body: {
+                title: input.title,
+                description: input.description,
+                status: input.status,
+                plan: input.plan,
+                agent: input.agent,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async updateTask(input) {
+        const payload = await this.request(`/tasks/${input.taskId}`, {
+            method: "PATCH",
+            body: {
+                title: input.title,
+                description: input.description,
+                status: input.status,
+                plan: input.plan,
+                assignee: input.assignee,
+                agent: input.agent,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async claimTask(taskId) {
+        const payload = await this.request(`/tasks/${taskId}/claim`, {
+            method: "POST",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async releaseTask(input) {
+        const payload = await this.request(`/tasks/${input.taskId}/release`, {
+            method: "POST",
+            body: {
+                status: input.status,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async claimNextTask(projectId) {
+        const payload = await this.request(`/projects/${projectId}/tasks/next`, {
+            method: "POST",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async completeTask(input) {
+        const payload = await this.request(`/tasks/${input.taskId}/done`, {
+            method: "POST",
+            body: {
+                note: input.note,
+                force: input.force,
+                waiver_reason: input.waiver_reason,
+                approved_by: input.approved_by,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(taskSchema).parse(payload).data;
+    }
+    async listTestScenarios(taskId) {
+        const payload = await this.request(`/tasks/${taskId}/test-scenarios`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(testScenarioSchema)).parse(payload).data;
+    }
+    async createTestScenario(input) {
+        const payload = await this.request(`/tasks/${input.taskId}/test-scenarios`, {
+            method: "POST",
+            body: {
+                title: input.title,
+                type: input.type,
+                steps: input.steps,
+                expected_result: input.expected_result,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(testScenarioSchema).parse(payload).data;
+    }
+    async updateTestScenarioResult(input) {
+        const payload = await this.request(`/tasks/${input.taskId}/test-scenarios/${input.scenarioId}/result`, {
+            method: "PATCH",
+            body: {
+                status: input.status,
+                evidence: input.evidence,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(testScenarioSchema).parse(payload).data;
+    }
+    async listTaskComments(taskId) {
+        const payload = await this.request(`/tasks/${taskId}/comments`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.array(commentSchema)).parse(payload).data;
+    }
+    async createTaskComment(taskId, content) {
+        const payload = await this.request(`/tasks/${taskId}/comments`, {
+            method: "POST",
+            body: {
+                content,
+            },
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(commentSchema).parse(payload).data;
+    }
+    async deleteTask(taskId) {
+        const payload = await this.request(`/tasks/${taskId}`, {
+            method: "DELETE",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(z.object({
+            id: z.string(),
+            deleted: z.boolean(),
+        })).parse(payload).data;
+    }
+    async board(projectId) {
+        const payload = await this.request(`/projects/${projectId}/board`, {
+            method: "GET",
+            authToken: this.requireToken(),
+        });
+        return apiResponseSchema(boardDataSchema).parse(payload).data;
+    }
+    requireToken() {
+        if (!this.authToken) {
+            throw new Error("Missing auth token. Provide --token, PM_AUTH_TOKEN, or log in to save a session token.");
+        }
+        return this.authToken;
+    }
+    async request(path, options = {}) {
+        const headers = {
+            "Content-Type": "application/json",
+        };
+        if (options.authToken) {
+            headers.Authorization = `Bearer ${options.authToken}`;
+            headers["x-auth-token"] = options.authToken;
+        }
+        if (this.actorName) {
+            headers["x-actor-name"] = this.actorName;
+        }
+        const response = await fetch(`${this.baseUrl}${path}`, {
+            method: options.method ?? "GET",
+            headers,
+            body: options.body !== undefined ? JSON.stringify(options.body) : undefined,
+        });
+        const text = await response.text();
+        const payload = text ? JSON.parse(text) : {};
+        if (!response.ok) {
+            const message = typeof payload?.error === "string"
+                ? payload.error
+                : `Request failed with status ${response.status}`;
+            throw new Error(message);
+        }
+        return payload;
+    }
+}

package/dist/auth-store.js

@@ -0,0 +1,50 @@
+import { existsSync, readFileSync } from "node:fs";
+import { mkdir, rm, writeFile } from "node:fs/promises";
+import { homedir } from "node:os";
+import { join } from "node:path";
+const AUTH_DIRECTORY = join(homedir(), ".projectmanager");
+const AUTH_FILE = join(AUTH_DIRECTORY, "auth.json");
+export function getAuthFilePath() {
+    return AUTH_FILE;
+}
+export function loadStoredAuthSession() {
+    if (!existsSync(AUTH_FILE)) {
+        return null;
+    }
+    try {
+        const raw = readFileSync(AUTH_FILE, "utf8");
+        const parsed = JSON.parse(raw);
+        if (typeof parsed.token !== "string" || !parsed.token.trim()) {
+            return null;
+        }
+        return {
+            token: parsed.token,
+            user: parsed.user &&
+                typeof parsed.user.id === "string" &&
+                (typeof parsed.user.email === "string" || parsed.user.email === null)
+                ? {
+                    id: parsed.user.id,
+                    email: parsed.user.email,
+                }
+                : undefined,
+            savedAt: typeof parsed.savedAt === "string" && parsed.savedAt.trim()
+                ? parsed.savedAt
+                : new Date().toISOString(),
+        };
+    }
+    catch {
+        return null;
+    }
+}
+export function loadStoredAuthToken() {
+    return loadStoredAuthSession()?.token;
+}
+export async function saveStoredAuthSession(session) {
+    await mkdir(AUTH_DIRECTORY, { recursive: true });
+    await writeFile(AUTH_FILE, JSON.stringify(session, null, 2), {
+        mode: 0o600,
+    });
+}
+export async function clearStoredAuthSession() {
+    await rm(AUTH_FILE, { force: true });
+}