claudekit-cli 1.1.0 → 1.2.0

package/src/utils/file-scanner.ts

@@ -0,0 +1,134 @@
+import { join, relative, resolve } from "node:path";
+import { lstat, pathExists, readdir } from "fs-extra";
+import { logger } from "./logger.js";
+
+/**
+ * Utility class for scanning directories and comparing file structures
+ */
+export class FileScanner {
+	/**
+	 * Get all files in a directory recursively
+	 *
+	 * @param dirPath - Directory path to scan
+	 * @param relativeTo - Base path for calculating relative paths (defaults to dirPath)
+	 * @returns Array of relative file paths
+	 *
+	 * @example
+	 * ```typescript
+	 * const files = await FileScanner.getFiles('/path/to/dir');
+	 * // Returns: ['file1.txt', 'subdir/file2.txt', ...]
+	 * ```
+	 */
+	static async getFiles(dirPath: string, relativeTo?: string): Promise<string[]> {
+		const basePath = relativeTo || dirPath;
+		const files: string[] = [];
+
+		// Check if directory exists
+		if (!(await pathExists(dirPath))) {
+			return files;
+		}
+
+		try {
+			const entries = await readdir(dirPath);
+
+			for (const entry of entries) {
+				const fullPath = join(dirPath, entry);
+
+				// Security: Validate path to prevent traversal
+				if (!FileScanner.isSafePath(basePath, fullPath)) {
+					logger.warning(`Skipping potentially unsafe path: ${entry}`);
+					continue;
+				}
+
+				const stats = await lstat(fullPath);
+
+				// Skip symlinks for security
+				if (stats.isSymbolicLink()) {
+					logger.debug(`Skipping symlink: ${entry}`);
+					continue;
+				}
+
+				if (stats.isDirectory()) {
+					// Recursively scan subdirectories
+					const subFiles = await FileScanner.getFiles(fullPath, basePath);
+					files.push(...subFiles);
+				} else if (stats.isFile()) {
+					// Add relative path
+					const relativePath = relative(basePath, fullPath);
+					files.push(relativePath);
+				}
+			}
+		} catch (error) {
+			const errorMessage =
+				error instanceof Error
+					? `Failed to scan directory: ${dirPath} - ${error.message}`
+					: `Failed to scan directory: ${dirPath}`;
+			logger.error(errorMessage);
+			throw error;
+		}
+
+		return files;
+	}
+
+	/**
+	 * Find files in destination that don't exist in source
+	 *
+	 * @param destDir - Destination directory path
+	 * @param sourceDir - Source directory path
+	 * @param subPath - Subdirectory to compare (e.g., '.claude')
+	 * @returns Array of relative file paths that are custom (exist in dest but not in source)
+	 *
+	 * @example
+	 * ```typescript
+	 * const customFiles = await FileScanner.findCustomFiles(
+	 *   '/path/to/project',
+	 *   '/path/to/release',
+	 *   '.claude'
+	 * );
+	 * // Returns: ['.claude/custom-command.md', '.claude/workflows/my-workflow.md']
+	 * ```
+	 */
+	static async findCustomFiles(
+		destDir: string,
+		sourceDir: string,
+		subPath: string,
+	): Promise<string[]> {
+		const destSubDir = join(destDir, subPath);
+		const sourceSubDir = join(sourceDir, subPath);
+
+		// Get files from both directories
+		const destFiles = await FileScanner.getFiles(destSubDir, destDir);
+		const sourceFiles = await FileScanner.getFiles(sourceSubDir, sourceDir);
+
+		// Create a Set of source files for O(1) lookup
+		const sourceFileSet = new Set(sourceFiles);
+
+		// Find files in destination that don't exist in source
+		const customFiles = destFiles.filter((file) => !sourceFileSet.has(file));
+
+		if (customFiles.length > 0) {
+			logger.info(`Found ${customFiles.length} custom file(s) in ${subPath}/`);
+			customFiles.slice(0, 5).forEach((file) => logger.debug(`  - ${file}`));
+			if (customFiles.length > 5) {
+				logger.debug(`  ... and ${customFiles.length - 5} more`);
+			}
+		}
+
+		return customFiles;
+	}
+
+	/**
+	 * Validate path to prevent path traversal attacks
+	 *
+	 * @param basePath - Base directory path
+	 * @param targetPath - Target path to validate
+	 * @returns true if path is safe, false otherwise
+	 */
+	private static isSafePath(basePath: string, targetPath: string): boolean {
+		const resolvedBase = resolve(basePath);
+		const resolvedTarget = resolve(targetPath);
+
+		// Ensure target is within base
+		return resolvedTarget.startsWith(resolvedBase);
+	}
+}

package/src/utils/logger.ts

@@ -1,37 +1,124 @@
+import { type WriteStream, createWriteStream } from "node:fs";
 import pc from "picocolors";
 
-export const logger = {
-	info: (message: string) => {
-		console.log(pc.blue("ℹ"), message);
-	},
+// Use ASCII-safe symbols to avoid unicode rendering issues in certain terminals
+const symbols = {
+	info: "[i]",
+	success: "[✓]",
+	warning: "[!]",
+	error: "[✗]",
+};
+
+interface LogContext {
+	[key: string]: any;
+}
+
+class Logger {
+	private verboseEnabled = false;
+	private logFileStream?: WriteStream;
 
-	success: (message: string) => {
-		console.log(pc.green("✔"), message);
-	},
+	info(message: string): void {
+		console.log(pc.blue(symbols.info), message);
+	}
 
-	warning: (message: string) => {
-		console.log(pc.yellow("⚠"), message);
-	},
+	success(message: string): void {
+		console.log(pc.green(symbols.success), message);
+	}
 
-	error: (message: string) => {
-		console.error(pc.red("✖"), message);
-	},
+	warning(message: string): void {
+		console.log(pc.yellow(symbols.warning), message);
+	}
 
-	debug: (message: string) => {
+	error(message: string): void {
+		console.error(pc.red(symbols.error), message);
+	}
+
+	debug(message: string): void {
 		if (process.env.DEBUG) {
 			console.log(pc.gray("[DEBUG]"), message);
 		}
-	},
+	}
+
+	verbose(message: string, context?: LogContext): void {
+		if (!this.verboseEnabled) return;
+
+		const timestamp = this.getTimestamp();
+		const sanitizedMessage = this.sanitize(message);
+		const formattedContext = context ? this.formatContext(context) : "";
+
+		const logLine = `${timestamp} ${pc.gray("[VERBOSE]")} ${sanitizedMessage}${formattedContext}`;
+
+		console.error(logLine);
+
+		if (this.logFileStream) {
+			const plainLogLine = `${timestamp} [VERBOSE] ${sanitizedMessage}${formattedContext}`;
+			this.logFileStream.write(`${plainLogLine}\n`);
+		}
+	}
+
+	setVerbose(enabled: boolean): void {
+		this.verboseEnabled = enabled;
+		if (enabled) {
+			this.verbose("Verbose logging enabled");
+		}
+	}
+
+	isVerbose(): boolean {
+		return this.verboseEnabled;
+	}
+
+	setLogFile(path?: string): void {
+		if (this.logFileStream) {
+			this.logFileStream.end();
+			this.logFileStream = undefined;
+		}
+
+		if (path) {
+			this.logFileStream = createWriteStream(path, {
+				flags: "a",
+				mode: 0o600,
+			});
+			this.verbose(`Logging to file: ${path}`);
+		}
+	}
 
-	// Sanitize sensitive data from logs
-	sanitize: (text: string): string => {
-		// Remove GitHub tokens
+	sanitize(text: string): string {
 		return text
 			.replace(/ghp_[a-zA-Z0-9]{36}/g, "ghp_***")
 			.replace(/github_pat_[a-zA-Z0-9_]{82}/g, "github_pat_***")
 			.replace(/gho_[a-zA-Z0-9]{36}/g, "gho_***")
 			.replace(/ghu_[a-zA-Z0-9]{36}/g, "ghu_***")
 			.replace(/ghs_[a-zA-Z0-9]{36}/g, "ghs_***")
-			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***");
-	},
-};
+			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***")
+			.replace(/Bearer [a-zA-Z0-9_-]+/g, "Bearer ***")
+			.replace(/token=[a-zA-Z0-9_-]+/g, "token=***");
+	}
+
+	private getTimestamp(): string {
+		return new Date().toISOString();
+	}
+
+	private formatContext(context: LogContext): string {
+		const sanitized = Object.entries(context).reduce((acc, [key, value]) => {
+			if (typeof value === "string") {
+				acc[key] = this.sanitize(value);
+			} else if (value && typeof value === "object") {
+				// Recursively sanitize nested objects
+				try {
+					const stringified = JSON.stringify(value);
+					const sanitizedStr = this.sanitize(stringified);
+					acc[key] = JSON.parse(sanitizedStr);
+				} catch {
+					acc[key] = "[Object]";
+				}
+			} else {
+				acc[key] = value;
+			}
+			return acc;
+		}, {} as LogContext);
+
+		return `\n  ${JSON.stringify(sanitized, null, 2).split("\n").join("\n  ")}`;
+	}
+}
+
+export const logger = new Logger();

package/src/utils/safe-prompts.ts

@@ -0,0 +1,54 @@
+import * as clack from "@clack/prompts";
+
+/**
+ * Safe wrapper around clack prompts that handles unicode rendering issues.
+ * Sets up proper environment to minimize encoding problems.
+ */
+
+// Store original methods
+const originalIntro = clack.intro;
+const originalOutro = clack.outro;
+const originalNote = clack.note;
+
+/**
+ * Wrapped intro that handles encoding better
+ */
+export function intro(message: string): void {
+	try {
+		originalIntro(message);
+	} catch {
+		// Fallback to simple console log if clack fails
+		console.log(`\n=== ${message} ===\n`);
+	}
+}
+
+/**
+ * Wrapped outro that handles encoding better
+ */
+export function outro(message: string): void {
+	try {
+		originalOutro(message);
+	} catch {
+		// Fallback to simple console log if clack fails
+		console.log(`\n=== ${message} ===\n`);
+	}
+}
+
+/**
+ * Wrapped note that handles encoding better
+ */
+export function note(message: string, title?: string): void {
+	try {
+		originalNote(message, title);
+	} catch {
+		// Fallback to simple console log if clack fails
+		if (title) {
+			console.log(`\n--- ${title} ---`);
+		}
+		console.log(message);
+		console.log();
+	}
+}
+
+// Re-export other clack functions unchanged
+export { select, confirm, text, isCancel } from "@clack/prompts";

package/tests/commands/version.test.ts

@@ -54,14 +54,14 @@ describe("Version Command", () => {
 			const engineerKit = AVAILABLE_KITS.engineer;
 			expect(engineerKit.name).toBe("ClaudeKit Engineer");
 			expect(engineerKit.repo).toBe("claudekit-engineer");
-			expect(engineerKit.owner).toBe("mrgoonie");
+			expect(engineerKit.owner).toBe("claudekit");
 		});
 
 		test("should have marketing kit configured", () => {
 			const marketingKit = AVAILABLE_KITS.marketing;
 			expect(marketingKit.name).toBe("ClaudeKit Marketing");
 			expect(marketingKit.repo).toBe("claudekit-marketing");
-			expect(marketingKit.owner).toBe("mrgoonie");
+			expect(marketingKit.owner).toBe("claudekit");
 		});
 	});
 

package/tests/lib/github-download-priority.test.ts

@@ -0,0 +1,301 @@
+import { describe, expect, test } from "bun:test";
+import { GitHubClient } from "../../src/lib/github.js";
+import type { GitHubRelease } from "../../src/types.js";
+
+describe("GitHubClient - Asset Download Priority", () => {
+	describe("getDownloadableAsset", () => {
+		test("should prioritize ClaudeKit Engineer Package zip file", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "other-file.tar.gz",
+						browser_download_url: "https://github.com/test/other-file.tar.gz",
+						size: 1024,
+						content_type: "application/gzip",
+					},
+					{
+						id: 2,
+						name: "ClaudeKit-Engineer-Package.zip",
+						browser_download_url: "https://github.com/test/claudekit-package.zip",
+						size: 2048,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("ClaudeKit-Engineer-Package.zip");
+			expect(result.url).toBe("https://github.com/test/claudekit-package.zip");
+			expect(result.size).toBe(2048);
+		});
+
+		test("should prioritize ClaudeKit Marketing Package zip file", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "random.zip",
+						browser_download_url: "https://github.com/test/random.zip",
+						size: 512,
+						content_type: "application/zip",
+					},
+					{
+						id: 2,
+						name: "ClaudeKit-Marketing-Package.zip",
+						browser_download_url: "https://github.com/test/marketing-package.zip",
+						size: 2048,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("ClaudeKit-Marketing-Package.zip");
+			expect(result.url).toBe("https://github.com/test/marketing-package.zip");
+		});
+
+		test("should match ClaudeKit package case-insensitively", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "claudekit-engineer-package.zip",
+						browser_download_url: "https://github.com/test/package.zip",
+						size: 2048,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("claudekit-engineer-package.zip");
+		});
+
+		test("should fallback to other zip files if no ClaudeKit package found", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "source-code.zip",
+						browser_download_url: "https://github.com/test/source.zip",
+						size: 1024,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("source-code.zip");
+		});
+
+		test("should fallback to tar.gz files if no zip found", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "release.tar.gz",
+						browser_download_url: "https://github.com/test/release.tar.gz",
+						size: 1024,
+						content_type: "application/gzip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("release.tar.gz");
+		});
+
+		test("should fallback to tgz files", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "release.tgz",
+						browser_download_url: "https://github.com/test/release.tgz",
+						size: 1024,
+						content_type: "application/gzip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("release.tgz");
+		});
+
+		test("should fallback to GitHub automatic tarball if no assets", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("tarball");
+			expect(result.url).toBe("https://api.github.com/repos/test/repo/tarball/v1.0.0");
+			expect(result.name).toBe("v1.0.0.tar.gz");
+			expect(result.size).toBeUndefined();
+		});
+
+		test("should fallback to tarball if assets have no archive files", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "README.md",
+						browser_download_url: "https://github.com/test/README.md",
+						size: 128,
+						content_type: "text/markdown",
+					},
+					{
+						id: 2,
+						name: "checksums.txt",
+						browser_download_url: "https://github.com/test/checksums.txt",
+						size: 64,
+						content_type: "text/plain",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("tarball");
+			expect(result.url).toBe("https://api.github.com/repos/test/repo/tarball/v1.0.0");
+		});
+
+		test("should prioritize ClaudeKit package over other archives", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "source.tar.gz",
+						browser_download_url: "https://github.com/test/source.tar.gz",
+						size: 5000,
+						content_type: "application/gzip",
+					},
+					{
+						id: 2,
+						name: "docs.zip",
+						browser_download_url: "https://github.com/test/docs.zip",
+						size: 3000,
+						content_type: "application/zip",
+					},
+					{
+						id: 3,
+						name: "ClaudeKit-Engineer-Package.zip",
+						browser_download_url: "https://github.com/test/package.zip",
+						size: 2000,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			// Should pick the ClaudeKit package even though it's listed last
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("ClaudeKit-Engineer-Package.zip");
+			expect(result.size).toBe(2000);
+		});
+
+		test("should handle assets with variations in naming", () => {
+			const release: GitHubRelease = {
+				id: 1,
+				tag_name: "v1.0.0",
+				name: "Release 1.0.0",
+				draft: false,
+				prerelease: false,
+				tarball_url: "https://api.github.com/repos/test/repo/tarball/v1.0.0",
+				zipball_url: "https://api.github.com/repos/test/repo/zipball/v1.0.0",
+				assets: [
+					{
+						id: 1,
+						name: "claudekit_marketing_package.zip",
+						browser_download_url: "https://github.com/test/package.zip",
+						size: 2000,
+						content_type: "application/zip",
+					},
+				],
+			};
+
+			const result = GitHubClient.getDownloadableAsset(release);
+
+			expect(result.type).toBe("asset");
+			expect(result.name).toBe("claudekit_marketing_package.zip");
+		});
+	});
+});

package/tests/lib/github.test.ts

@@ -36,13 +36,13 @@ describe("GitHubClient", () => {
 	describe("integration scenarios", () => {
 		test("should handle kit configuration correctly", () => {
 			const engineerKit = AVAILABLE_KITS.engineer;
-			expect(engineerKit.owner).toBe("mrgoonie");
+			expect(engineerKit.owner).toBe("claudekit");
 			expect(engineerKit.repo).toBe("claudekit-engineer");
 		});
 
 		test("should handle marketing kit configuration", () => {
 			const marketingKit = AVAILABLE_KITS.marketing;
-			expect(marketingKit.owner).toBe("mrgoonie");
+			expect(marketingKit.owner).toBe("claudekit");
 			expect(marketingKit.repo).toBe("claudekit-marketing");
 		});
 	});