claudekit-cli 1.1.0 → 1.2.1

package/src/types.ts

@@ -46,7 +46,8 @@ export type Config = z.infer<typeof ConfigSchema>;
 export const GitHubReleaseAssetSchema = z.object({
 	id: z.number(),
 	name: z.string(),
-	browser_download_url: z.string().url(),
+	url: z.string().url(), // API endpoint for authenticated downloads
+	browser_download_url: z.string().url(), // Direct download URL (public only)
 	size: z.number(),
 	content_type: z.string(),
 });
@@ -60,6 +61,8 @@ export const GitHubReleaseSchema = z.object({
 	prerelease: z.boolean(),
 	assets: z.array(GitHubReleaseAssetSchema),
 	published_at: z.string().optional(),
+	tarball_url: z.string().url(),
+	zipball_url: z.string().url(),
 });
 export type GitHubRelease = z.infer<typeof GitHubReleaseSchema>;
 
@@ -77,13 +80,13 @@ export const AVAILABLE_KITS: Record<KitType, KitConfig> = {
 	engineer: {
 		name: "ClaudeKit Engineer",
 		repo: "claudekit-engineer",
-		owner: "mrgoonie",
+		owner: "claudekit",
 		description: "Engineering toolkit for building with Claude",
 	},
 	marketing: {
 		name: "ClaudeKit Marketing",
 		repo: "claudekit-marketing",
-		owner: "mrgoonie",
+		owner: "claudekit",
 		description: "[Coming Soon] Marketing toolkit",
 	},
 };

package/src/utils/file-scanner.ts

@@ -0,0 +1,134 @@
+import { join, relative, resolve } from "node:path";
+import { lstat, pathExists, readdir } from "fs-extra";
+import { logger } from "./logger.js";
+
+/**
+ * Utility class for scanning directories and comparing file structures
+ */
+export class FileScanner {
+	/**
+	 * Get all files in a directory recursively
+	 *
+	 * @param dirPath - Directory path to scan
+	 * @param relativeTo - Base path for calculating relative paths (defaults to dirPath)
+	 * @returns Array of relative file paths
+	 *
+	 * @example
+	 * ```typescript
+	 * const files = await FileScanner.getFiles('/path/to/dir');
+	 * // Returns: ['file1.txt', 'subdir/file2.txt', ...]
+	 * ```
+	 */
+	static async getFiles(dirPath: string, relativeTo?: string): Promise<string[]> {
+		const basePath = relativeTo || dirPath;
+		const files: string[] = [];
+
+		// Check if directory exists
+		if (!(await pathExists(dirPath))) {
+			return files;
+		}
+
+		try {
+			const entries = await readdir(dirPath);
+
+			for (const entry of entries) {
+				const fullPath = join(dirPath, entry);
+
+				// Security: Validate path to prevent traversal
+				if (!FileScanner.isSafePath(basePath, fullPath)) {
+					logger.warning(`Skipping potentially unsafe path: ${entry}`);
+					continue;
+				}
+
+				const stats = await lstat(fullPath);
+
+				// Skip symlinks for security
+				if (stats.isSymbolicLink()) {
+					logger.debug(`Skipping symlink: ${entry}`);
+					continue;
+				}
+
+				if (stats.isDirectory()) {
+					// Recursively scan subdirectories
+					const subFiles = await FileScanner.getFiles(fullPath, basePath);
+					files.push(...subFiles);
+				} else if (stats.isFile()) {
+					// Add relative path
+					const relativePath = relative(basePath, fullPath);
+					files.push(relativePath);
+				}
+			}
+		} catch (error) {
+			const errorMessage =
+				error instanceof Error
+					? `Failed to scan directory: ${dirPath} - ${error.message}`
+					: `Failed to scan directory: ${dirPath}`;
+			logger.error(errorMessage);
+			throw error;
+		}
+
+		return files;
+	}
+
+	/**
+	 * Find files in destination that don't exist in source
+	 *
+	 * @param destDir - Destination directory path
+	 * @param sourceDir - Source directory path
+	 * @param subPath - Subdirectory to compare (e.g., '.claude')
+	 * @returns Array of relative file paths that are custom (exist in dest but not in source)
+	 *
+	 * @example
+	 * ```typescript
+	 * const customFiles = await FileScanner.findCustomFiles(
+	 *   '/path/to/project',
+	 *   '/path/to/release',
+	 *   '.claude'
+	 * );
+	 * // Returns: ['.claude/custom-command.md', '.claude/workflows/my-workflow.md']
+	 * ```
+	 */
+	static async findCustomFiles(
+		destDir: string,
+		sourceDir: string,
+		subPath: string,
+	): Promise<string[]> {
+		const destSubDir = join(destDir, subPath);
+		const sourceSubDir = join(sourceDir, subPath);
+
+		// Get files from both directories
+		const destFiles = await FileScanner.getFiles(destSubDir, destDir);
+		const sourceFiles = await FileScanner.getFiles(sourceSubDir, sourceDir);
+
+		// Create a Set of source files for O(1) lookup
+		const sourceFileSet = new Set(sourceFiles);
+
+		// Find files in destination that don't exist in source
+		const customFiles = destFiles.filter((file) => !sourceFileSet.has(file));
+
+		if (customFiles.length > 0) {
+			logger.info(`Found ${customFiles.length} custom file(s) in ${subPath}/`);
+			customFiles.slice(0, 5).forEach((file) => logger.debug(`  - ${file}`));
+			if (customFiles.length > 5) {
+				logger.debug(`  ... and ${customFiles.length - 5} more`);
+			}
+		}
+
+		return customFiles;
+	}
+
+	/**
+	 * Validate path to prevent path traversal attacks
+	 *
+	 * @param basePath - Base directory path
+	 * @param targetPath - Target path to validate
+	 * @returns true if path is safe, false otherwise
+	 */
+	private static isSafePath(basePath: string, targetPath: string): boolean {
+		const resolvedBase = resolve(basePath);
+		const resolvedTarget = resolve(targetPath);
+
+		// Ensure target is within base
+		return resolvedTarget.startsWith(resolvedBase);
+	}
+}

package/src/utils/logger.ts

@@ -1,37 +1,124 @@
+import { type WriteStream, createWriteStream } from "node:fs";
 import pc from "picocolors";
 
-export const logger = {
-	info: (message: string) => {
-		console.log(pc.blue("ℹ"), message);
-	},
+// Use ASCII-safe symbols to avoid unicode rendering issues in certain terminals
+const symbols = {
+	info: "[i]",
+	success: "[+]",
+	warning: "[!]",
+	error: "[x]",
+};
+
+interface LogContext {
+	[key: string]: any;
+}
+
+class Logger {
+	private verboseEnabled = false;
+	private logFileStream?: WriteStream;
 
-	success: (message: string) => {
-		console.log(pc.green("✔"), message);
-	},
+	info(message: string): void {
+		console.log(pc.blue(symbols.info), message);
+	}
 
-	warning: (message: string) => {
-		console.log(pc.yellow("⚠"), message);
-	},
+	success(message: string): void {
+		console.log(pc.green(symbols.success), message);
+	}
 
-	error: (message: string) => {
-		console.error(pc.red("✖"), message);
-	},
+	warning(message: string): void {
+		console.log(pc.yellow(symbols.warning), message);
+	}
 
-	debug: (message: string) => {
+	error(message: string): void {
+		console.error(pc.red(symbols.error), message);
+	}
+
+	debug(message: string): void {
 		if (process.env.DEBUG) {
 			console.log(pc.gray("[DEBUG]"), message);
 		}
-	},
+	}
+
+	verbose(message: string, context?: LogContext): void {
+		if (!this.verboseEnabled) return;
+
+		const timestamp = this.getTimestamp();
+		const sanitizedMessage = this.sanitize(message);
+		const formattedContext = context ? this.formatContext(context) : "";
+
+		const logLine = `${timestamp} ${pc.gray("[VERBOSE]")} ${sanitizedMessage}${formattedContext}`;
+
+		console.error(logLine);
+
+		if (this.logFileStream) {
+			const plainLogLine = `${timestamp} [VERBOSE] ${sanitizedMessage}${formattedContext}`;
+			this.logFileStream.write(`${plainLogLine}\n`);
+		}
+	}
+
+	setVerbose(enabled: boolean): void {
+		this.verboseEnabled = enabled;
+		if (enabled) {
+			this.verbose("Verbose logging enabled");
+		}
+	}
+
+	isVerbose(): boolean {
+		return this.verboseEnabled;
+	}
+
+	setLogFile(path?: string): void {
+		if (this.logFileStream) {
+			this.logFileStream.end();
+			this.logFileStream = undefined;
+		}
+
+		if (path) {
+			this.logFileStream = createWriteStream(path, {
+				flags: "a",
+				mode: 0o600,
+			});
+			this.verbose(`Logging to file: ${path}`);
+		}
+	}
 
-	// Sanitize sensitive data from logs
-	sanitize: (text: string): string => {
-		// Remove GitHub tokens
+	sanitize(text: string): string {
 		return text
 			.replace(/ghp_[a-zA-Z0-9]{36}/g, "ghp_***")
 			.replace(/github_pat_[a-zA-Z0-9_]{82}/g, "github_pat_***")
 			.replace(/gho_[a-zA-Z0-9]{36}/g, "gho_***")
 			.replace(/ghu_[a-zA-Z0-9]{36}/g, "ghu_***")
 			.replace(/ghs_[a-zA-Z0-9]{36}/g, "ghs_***")
-			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***");
-	},
-};
+			.replace(/ghr_[a-zA-Z0-9]{36}/g, "ghr_***")
+			.replace(/Bearer [a-zA-Z0-9_-]+/g, "Bearer ***")
+			.replace(/token=[a-zA-Z0-9_-]+/g, "token=***");
+	}
+
+	private getTimestamp(): string {
+		return new Date().toISOString();
+	}
+
+	private formatContext(context: LogContext): string {
+		const sanitized = Object.entries(context).reduce((acc, [key, value]) => {
+			if (typeof value === "string") {
+				acc[key] = this.sanitize(value);
+			} else if (value && typeof value === "object") {
+				// Recursively sanitize nested objects
+				try {
+					const stringified = JSON.stringify(value);
+					const sanitizedStr = this.sanitize(stringified);
+					acc[key] = JSON.parse(sanitizedStr);
+				} catch {
+					acc[key] = "[Object]";
+				}
+			} else {
+				acc[key] = value;
+			}
+			return acc;
+		}, {} as LogContext);
+
+		return `\n  ${JSON.stringify(sanitized, null, 2).split("\n").join("\n  ")}`;
+	}
+}
+
+export const logger = new Logger();

package/src/utils/safe-prompts.ts

@@ -0,0 +1,44 @@
+import picocolors from "picocolors";
+
+/**
+ * Safe wrapper around clack prompts that uses simple ASCII characters
+ * instead of unicode box drawing to avoid rendering issues.
+ */
+
+/**
+ * Simple intro with ASCII characters
+ */
+export function intro(message: string): void {
+	console.log();
+	console.log(picocolors.cyan(`> ${message}`));
+	console.log();
+}
+
+/**
+ * Simple outro with ASCII characters
+ */
+export function outro(message: string): void {
+	console.log();
+	console.log(picocolors.green(`[OK] ${message}`));
+	console.log();
+}
+
+/**
+ * Simple note with ASCII box drawing
+ */
+export function note(message: string, title?: string): void {
+	console.log();
+	if (title) {
+		console.log(picocolors.cyan(`  ${title}:`));
+		console.log();
+	}
+	// Split message into lines and indent each
+	const lines = message.split("\n");
+	for (const line of lines) {
+		console.log(`  ${line}`);
+	}
+	console.log();
+}
+
+// Re-export other clack functions unchanged
+export { select, confirm, text, isCancel } from "@clack/prompts";

package/src/utils/safe-spinner.ts

@@ -0,0 +1,38 @@
+import ora, { type Ora, type Options } from "ora";
+
+/**
+ * Create a spinner with simple ASCII characters to avoid unicode rendering issues
+ */
+export function createSpinner(options: string | Options): Ora {
+	const spinnerOptions: Options = typeof options === "string" ? { text: options } : options;
+
+	const spinner = ora({
+		...spinnerOptions,
+		// Use simple ASCII spinner instead of unicode
+		spinner: "dots",
+		// Override symbols to use ASCII
+		prefixText: "",
+	});
+
+	// Override succeed and fail methods to use ASCII symbols
+	spinner.succeed = (text?: string) => {
+		spinner.stopAndPersist({
+			symbol: "[+]",
+			text: text || spinner.text,
+		});
+		return spinner;
+	};
+
+	spinner.fail = (text?: string) => {
+		spinner.stopAndPersist({
+			symbol: "[x]",
+			text: text || spinner.text,
+		});
+		return spinner;
+	};
+
+	return spinner;
+}
+
+// Re-export Ora type for convenience
+export type { Ora } from "ora";

package/tests/commands/version.test.ts

@@ -54,14 +54,14 @@ describe("Version Command", () => {
 			const engineerKit = AVAILABLE_KITS.engineer;
 			expect(engineerKit.name).toBe("ClaudeKit Engineer");
 			expect(engineerKit.repo).toBe("claudekit-engineer");
-			expect(engineerKit.owner).toBe("mrgoonie");
+			expect(engineerKit.owner).toBe("claudekit");
 		});
 
 		test("should have marketing kit configured", () => {
 			const marketingKit = AVAILABLE_KITS.marketing;
 			expect(marketingKit.name).toBe("ClaudeKit Marketing");
 			expect(marketingKit.repo).toBe("claudekit-marketing");
-			expect(marketingKit.owner).toBe("mrgoonie");
+			expect(marketingKit.owner).toBe("claudekit");
 		});
 	});