claudekit-cli 1.0.1 → 1.2.0

package/src/lib/github.ts

@@ -154,4 +154,60 @@ export class GitHubClient {
 			);
 		}
 	}
+
+	/**
+	 * Get downloadable asset or source code URL from release
+	 * Priority:
+	 * 1. "ClaudeKit Engineer Package" or "ClaudeKit Marketing Package" zip file
+	 * 2. Other custom uploaded assets (.tar.gz, .tgz, .zip)
+	 * 3. GitHub's automatic tarball URL
+	 */
+	static getDownloadableAsset(release: GitHubRelease): {
+		type: "asset" | "tarball" | "zipball";
+		url: string;
+		name: string;
+		size?: number;
+	} {
+		// First priority: Look for official ClaudeKit package assets
+		const packageAsset = release.assets.find(
+			(a) =>
+				a.name.toLowerCase().includes("claudekit") &&
+				a.name.toLowerCase().includes("package") &&
+				a.name.endsWith(".zip"),
+		);
+
+		if (packageAsset) {
+			logger.debug(`Using ClaudeKit package asset: ${packageAsset.name}`);
+			return {
+				type: "asset",
+				url: packageAsset.browser_download_url,
+				name: packageAsset.name,
+				size: packageAsset.size,
+			};
+		}
+
+		// Second priority: Look for any custom uploaded assets
+		const customAsset = release.assets.find(
+			(a) => a.name.endsWith(".tar.gz") || a.name.endsWith(".tgz") || a.name.endsWith(".zip"),
+		);
+
+		if (customAsset) {
+			logger.debug(`Using custom asset: ${customAsset.name}`);
+			return {
+				type: "asset",
+				url: customAsset.browser_download_url,
+				name: customAsset.name,
+				size: customAsset.size,
+			};
+		}
+
+		// Fall back to GitHub's automatic tarball
+		logger.debug("Using GitHub automatic tarball");
+		return {
+			type: "tarball",
+			url: release.tarball_url,
+			name: `${release.tag_name}.tar.gz`,
+			size: undefined, // Size unknown for automatic tarballs
+		};
+	}
 }

package/src/lib/prompts.ts

@@ -1,5 +1,6 @@
 import * as clack from "@clack/prompts";
 import { AVAILABLE_KITS, type KitType } from "../types.js";
+import { intro, note, outro } from "../utils/safe-prompts.js";
 
 export class PromptsManager {
 	/**
@@ -94,20 +95,20 @@ export class PromptsManager {
 	 * Show intro message
 	 */
 	intro(message: string): void {
-		clack.intro(message);
+		intro(message);
 	}
 
 	/**
 	 * Show outro message
 	 */
 	outro(message: string): void {
-		clack.outro(message);
+		outro(message);
 	}
 
 	/**
 	 * Show note
 	 */
 	note(message: string, title?: string): void {
-		clack.note(message, title);
+		note(message, title);
 	}
 }

package/src/types.ts

@@ -19,6 +19,13 @@ export const UpdateCommandOptionsSchema = z.object({
 });
 export type UpdateCommandOptions = z.infer<typeof UpdateCommandOptionsSchema>;
 
+export const VersionCommandOptionsSchema = z.object({
+	kit: KitType.optional(),
+	limit: z.number().optional(),
+	all: z.boolean().optional(),
+});
+export type VersionCommandOptions = z.infer<typeof VersionCommandOptionsSchema>;
+
 // Config schemas
 export const ConfigSchema = z.object({
 	github: z
@@ -53,6 +60,8 @@ export const GitHubReleaseSchema = z.object({
 	prerelease: z.boolean(),
 	assets: z.array(GitHubReleaseAssetSchema),
 	published_at: z.string().optional(),
+	tarball_url: z.string().url(),
+	zipball_url: z.string().url(),
 });
 export type GitHubRelease = z.infer<typeof GitHubReleaseSchema>;
 
@@ -70,13 +79,13 @@ export const AVAILABLE_KITS: Record<KitType, KitConfig> = {
 	engineer: {
 		name: "ClaudeKit Engineer",
 		repo: "claudekit-engineer",
-		owner: "mrgoonie",
+		owner: "claudekit",
 		description: "Engineering toolkit for building with Claude",
 	},
 	marketing: {
 		name: "ClaudeKit Marketing",
 		repo: "claudekit-marketing",
-		owner: "mrgoonie",
+		owner: "claudekit",
 		description: "[Coming Soon] Marketing toolkit",
 	},
 };

package/src/utils/file-scanner.ts

@@ -0,0 +1,134 @@
+import { join, relative, resolve } from "node:path";
+import { lstat, pathExists, readdir } from "fs-extra";
+import { logger } from "./logger.js";
+
+/**
+ * Utility class for scanning directories and comparing file structures
+ */
+export class FileScanner {
+	/**
+	 * Get all files in a directory recursively
+	 *
+	 * @param dirPath - Directory path to scan
+	 * @param relativeTo - Base path for calculating relative paths (defaults to dirPath)
+	 * @returns Array of relative file paths
+	 *
+	 * @example
+	 * ```typescript
+	 * const files = await FileScanner.getFiles('/path/to/dir');
+	 * // Returns: ['file1.txt', 'subdir/file2.txt', ...]
+	 * ```
+	 */
+	static async getFiles(dirPath: string, relativeTo?: string): Promise<string[]> {
+		const basePath = relativeTo || dirPath;
+		const files: string[] = [];
+
+		// Check if directory exists
+		if (!(await pathExists(dirPath))) {
+			return files;
+		}
+
+		try {
+			const entries = await readdir(dirPath);
+
+			for (const entry of entries) {
+				const fullPath = join(dirPath, entry);
+
+				// Security: Validate path to prevent traversal
+				if (!FileScanner.isSafePath(basePath, fullPath)) {
+					logger.warning(`Skipping potentially unsafe path: ${entry}`);
+					continue;
+				}
+
+				const stats = await lstat(fullPath);
+
+				// Skip symlinks for security
+				if (stats.isSymbolicLink()) {
+					logger.debug(`Skipping symlink: ${entry}`);
+					continue;
+				}
+
+				if (stats.isDirectory()) {
+					// Recursively scan subdirectories
+					const subFiles = await FileScanner.getFiles(fullPath, basePath);
+					files.push(...subFiles);
+				} else if (stats.isFile()) {
+					// Add relative path
+					const relativePath = relative(basePath, fullPath);
+					files.push(relativePath);
+				}
+			}
+		} catch (error) {
+			const errorMessage =
+				error instanceof Error
+					? `Failed to scan directory: ${dirPath} - ${error.message}`
+					: `Failed to scan directory: ${dirPath}`;
+			logger.error(errorMessage);
+			throw error;
+		}
+
+		return files;
+	}
+
+	/**
+	 * Find files in destination that don't exist in source
+	 *
+	 * @param destDir - Destination directory path
+	 * @param sourceDir - Source directory path
+	 * @param subPath - Subdirectory to compare (e.g., '.claude')
+	 * @returns Array of relative file paths that are custom (exist in dest but not in source)
+	 *
+	 * @example
+	 * ```typescript
+	 * const customFiles = await FileScanner.findCustomFiles(
+	 *   '/path/to/project',
+	 *   '/path/to/release',
+	 *   '.claude'
+	 * );
+	 * // Returns: ['.claude/custom-command.md', '.claude/workflows/my-workflow.md']
+	 * ```
+	 */
+	static async findCustomFiles(
+		destDir: string,
+		sourceDir: string,
+		subPath: string,
+	): Promise<string[]> {
+		const destSubDir = join(destDir, subPath);
+		const sourceSubDir = join(sourceDir, subPath);
+
+		// Get files from both directories
+		const destFiles = await FileScanner.getFiles(destSubDir, destDir);
+		const sourceFiles = await FileScanner.getFiles(sourceSubDir, sourceDir);
+
+		// Create a Set of source files for O(1) lookup
+		const sourceFileSet = new Set(sourceFiles);
+
+		// Find files in destination that don't exist in source
+		const customFiles = destFiles.filter((file) => !sourceFileSet.has(file));
+
+		if (customFiles.length > 0) {
+			logger.info(`Found ${customFiles.length} custom file(s) in ${subPath}/`);
+			customFiles.slice(0, 5).forEach((file) => logger.debug(`  - ${file}`));
+			if (customFiles.length > 5) {
+				logger.debug(`  ... and ${customFiles.length - 5} more`);
+			}
+		}
+
+		return customFiles;
+	}
+
+	/**
+	 * Validate path to prevent path traversal attacks
+	 *
+	 * @param basePath - Base directory path
+	 * @param targetPath - Target path to validate
+	 * @returns true if path is safe, false otherwise
+	 */
+	private static isSafePath(basePath: string, targetPath: string): boolean {
+		const resolvedBase = resolve(basePath);
+		const resolvedTarget = resolve(targetPath);
+
+		// Ensure target is within base
+		return resolvedTarget.startsWith(resolvedBase);
+	}
+}

package/src/utils/logger.ts

@@ -1,37 +1,124 @@
+import { type WriteStream, createWriteStream } from "node:fs";
 import pc from "picocolors";
 
-export const logger = {
-	info: (message: string) => {
-		console.log(pc.blue("ℹ"), message);
-	},
+// Use ASCII-safe symbols to avoid unicode rendering issues in certain terminals
+const symbols = {
+	info: "[i]",
+	success: "[✓]",
+	warning: "[!]",
+	error: "[✗]",
+};
+
+interface LogContext {
+	[key: string]: any;
+}
+
+class Logger {
+	private verboseEnabled = false;
+	private logFileStream?: WriteStream;
 
-	success: (message: string) => {
-		console.log(pc.green("✔"), message);
-	},
+	info(message: string): void {
+		console.log(pc.blue(symbols.info), message);
+	}
 
-	warning: (message: string) => {
-		console.log(pc.yellow("⚠"), message);
-	},
+	success(message: string): void {
+		console.log(pc.green(symbols.success), message);
+	}
 
-	error: (message: string) => {
-		console.error(pc.red("✖"), message);
-	},
+	warning(message: string): void {
+		console.log(pc.yellow(symbols.warning), message);
+	}
 
-	debug: (message: string) => {
+	error(message: string): void {
+		console.error(pc.red(symbols.error), message);
+	}
+
+	debug(message: string): void {
 		if (process.env.DEBUG) {
 			console.log(pc.gray("[DEBUG]"), message);
 		}
-	},
+	}
+
+	verbose(message: string, context?: LogContext): void {
+		if (!this.verboseEnabled) return;
+
+		const timestamp = this.getTimestamp();
+		const sanitizedMessage = this.sanitize(message);
+		const formattedContext = context ? this.formatContext(context) : "";
+
+		const logLine = `${timestamp} ${pc.gray("[VERBOSE]")} ${sanitizedMessage}${formattedContext}`;
+
+		console.error(logLine);
+
+		if (this.logFileStream) {
+			const plainLogLine = `${timestamp} [VERBOSE] ${sanitizedMessage}${formattedContext}`;
+			this.logFileStream.write(`${plainLogLine}\n`);
+		}
+	}
+
+	setVerbose(enabled: boolean): void {
+		this.verboseEnabled = enabled;
+		if (enabled) {
+			this.verbose("Verbose logging enabled");
+		}
+	}
+
+	isVerbose(): boolean {
+		return this.verboseEnabled;
+	}
+
+	setLogFile(path?: string): void {
+		if (this.logFileStream) {
+			this.logFileStream.end();
+			this.logFileStream = undefined;
+		}
+
+		if (path) {
+			this.logFileStream = createWriteStream(path, {
+				flags: "a",
+				mode: 0o600,
+			});
+			this.verbose(`Logging to file: ${path}`);
+		}
+	}
 
-	// Sanitize sensitive data from logs
-	sanitize: (text: string): string => {
-		// Remove GitHub tokens
+	sanitize(text: string): string {
 		return text
 			.replace(/ghp_[a-zA-Z0-9]{36}/g, "ghp_***")
 			.replace(/github_pat_[a-zA-Z0-9_]{82}/g, "github_pat_***")
 			.replace(/gho_[a-zA-Z0-9]{36}/g, "gho_***")
 			.replace(/ghu_[a-zA-Z0-9]{36}/g, "ghu_***")
 			.replace(/ghs_[a-zA-Z0-9]{36}/g, "ghs_***")
-			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***");
-	},
-};
+			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***")
+			.replace(/Bearer [a-zA-Z0-9_-]+/g, "Bearer ***")
+			.replace(/token=[a-zA-Z0-9_-]+/g, "token=***");
+	}
+
+	private getTimestamp(): string {
+		return new Date().toISOString();
+	}
+
+	private formatContext(context: LogContext): string {
+		const sanitized = Object.entries(context).reduce((acc, [key, value]) => {
+			if (typeof value === "string") {
+				acc[key] = this.sanitize(value);
+			} else if (value && typeof value === "object") {
+				// Recursively sanitize nested objects
+				try {
+					const stringified = JSON.stringify(value);
+					const sanitizedStr = this.sanitize(stringified);
+					acc[key] = JSON.parse(sanitizedStr);
+				} catch {
+					acc[key] = "[Object]";
+				}
+			} else {
+				acc[key] = value;
+			}
+			return acc;
+		}, {} as LogContext);
+
+		return `\n  ${JSON.stringify(sanitized, null, 2).split("\n").join("\n  ")}`;
+	}
+}
+
+export const logger = new Logger();

package/src/utils/safe-prompts.ts

@@ -0,0 +1,54 @@
+import * as clack from "@clack/prompts";
+
+/**
+ * Safe wrapper around clack prompts that handles unicode rendering issues.
+ * Sets up proper environment to minimize encoding problems.
+ */
+
+// Store original methods
+const originalIntro = clack.intro;
+const originalOutro = clack.outro;
+const originalNote = clack.note;
+
+/**
+ * Wrapped intro that handles encoding better
+ */
+export function intro(message: string): void {
+	try {
+		originalIntro(message);
+	} catch {
+		// Fallback to simple console log if clack fails
+		console.log(`\n=== ${message} ===\n`);
+	}
+}
+
+/**
+ * Wrapped outro that handles encoding better
+ */
+export function outro(message: string): void {
+	try {
+		originalOutro(message);
+	} catch {
+		// Fallback to simple console log if clack fails
+		console.log(`\n=== ${message} ===\n`);
+	}
+}
+
+/**
+ * Wrapped note that handles encoding better
+ */
+export function note(message: string, title?: string): void {
+	try {
+		originalNote(message, title);
+	} catch {
+		// Fallback to simple console log if clack fails
+		if (title) {
+			console.log(`\n--- ${title} ---`);
+		}
+		console.log(message);
+		console.log();
+	}
+}
+
+// Re-export other clack functions unchanged
+export { select, confirm, text, isCancel } from "@clack/prompts";