cli4ai 0.9.2 → 1.0.1

package/LICENSE

@@ -0,0 +1,109 @@
+Business Source License 1.1
+
+License text copyright (c) 2017 MariaDB Corporation Ab, All Rights Reserved.
+"Business Source License" is a trademark of MariaDB Corporation Ab.
+
+-----------------------------------------------------------------------------
+
+Parameters
+
+Licensor:             cli4ai
+Licensed Work:        cli4ai
+                      The Licensed Work is (c) 2024 cli4ai
+Additional Use Grant: You may make use of the Licensed Work, provided that
+                      you do not use the Licensed Work for a Commercial
+                      Purpose.
+
+                      A "Commercial Purpose" means use in production for
+                      commercial or for-profit purposes including, but not
+                      limited to: (a) integrating the Licensed Work into a
+                      commercial product or service; (b) using the Licensed
+                      Work to provide commercial services to third parties;
+                      (c) using the Licensed Work in a business's internal
+                      production environment.
+
+                      Non-commercial use, personal projects, evaluation,
+                      development, testing, educational use, and use by
+                      non-profit organizations are permitted.
+
+Change Date:          December 19, 2029
+Change License:       Apache License, Version 2.0
+
+-----------------------------------------------------------------------------
+
+Terms
+
+The Licensor hereby grants you the right to copy, modify, create derivative
+works, redistribute, and make non-production use of the Licensed Work. The
+Licensor may make an Additional Use Grant, above, permitting limited
+production use.
+
+Effective on the Change Date, or the fourth anniversary of the first publicly
+available distribution of a specific version of the Licensed Work under this
+License, whichever comes first, the Licensor hereby grants you rights under
+the terms of the Change License, and the rights granted in the paragraph
+above terminate.
+
+If your use of the Licensed Work does not comply with the requirements
+currently in effect as described in this License, you must purchase a
+commercial license from the Licensor, its affiliated entities, or authorized
+resellers, or you must refrain from using the Licensed Work.
+
+All copies of the original and modified Licensed Work, and derivative works
+of the Licensed Work, are subject to this License. This License applies
+separately for each version of the Licensed Work and the Change Date may vary
+for each version of the Licensed Work released by Licensor.
+
+You must conspicuously display this License on each original or modified copy
+of the Licensed Work. If you receive the Licensed Work in original or
+modified form from a third party, the terms and conditions set forth in this
+License apply to your use of that work.
+
+Any use of the Licensed Work in violation of this License will automatically
+terminate your rights under this License for the current and all other
+versions of the Licensed Work.
+
+This License does not grant you any right in any trademark or logo of
+Licensor or its affiliates (provided that you may use a trademark or logo of
+Licensor as expressly required by this License).
+
+TO THE EXTENT PERMITTED BY APPLICABLE LAW, THE LICENSED WORK IS PROVIDED ON
+AN "AS IS" BASIS. LICENSOR HEREBY DISCLAIMS ALL WARRANTIES AND CONDITIONS,
+EXPRESS OR IMPLIED, INCLUDING (WITHOUT LIMITATION) WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND
+TITLE.
+
+MariaDB hereby grants you permission to use this License's text to license
+your works, and to refer to it using the trademark "Business Source License",
+as long as you comply with the Covenants of Licensor below.
+
+-----------------------------------------------------------------------------
+
+Covenants of Licensor
+
+In consideration of the right to use this License's text and the "Business
+Source License" name and trademark, Licensor covenants to MariaDB, and to all
+other recipients of the licensed work to be provided by Licensor:
+
+1. To specify as the Change License the GPL Version 2.0 or any later version,
+   or a license that is compatible with GPL Version 2.0 or a later version,
+   where "compatible" means that software provided under the Change License can
+   be included in a program with software provided under GPL Version 2.0 or a
+   later version. Licensor may specify additional Change Licenses without
+   limitation.
+
+2. To either: (a) specify an additional grant of rights to use that does not
+   impose any additional restriction on the right granted in this License, as
+   the Additional Use Grant; or (b) insert the text "None".
+
+3. To specify a Change Date.
+
+4. Not to modify this License in any other way.
+
+-----------------------------------------------------------------------------
+
+Notice
+
+The Business Source License (this document, or the "License") is not an Open
+Source license. However, the Licensed Work will eventually be made available
+under an Open Source License, as stated in this License.

package/README.md

@@ -1,21 +1,15 @@
 # cli4ai
 
-> Official CLI4AI package • https://cli4ai.com
+[![npm version](https://img.shields.io/npm/v/cli4ai.svg)](https://www.npmjs.com/package/cli4ai)
+[![License: BSL 1.1](https://img.shields.io/badge/License-BSL_1.1-blue.svg)](./LICENSE)
 
-The package manager for AI CLI tools.
+**The package manager for AI CLI tools.**
 
-## Setup
+Give your AI agents superpowers with ready-to-use tools for GitHub, Slack, Gmail, databases, and more. Install in seconds, run from anywhere, integrate with Claude via MCP.
 
 ```bash
-# Install cli4ai
 npm i -g cli4ai
-# or (optional)
-bun install -g cli4ai
-
-# Install a package
 cli4ai add -g github
-
-# Run it
 cli4ai run github notifs
 ```
 
@@ -23,30 +17,53 @@ cli4ai run github notifs
 
 AI agents need tools. MCP servers are complex to set up. cli4ai makes it simple:
 
-- **Install tools in seconds** - `cli4ai add github` just works
-- **Run from anywhere** - `cli4ai run <tool> <command>`
-- **No MCP boilerplate** - cli4ai wraps CLI tools as MCP servers automatically
-- **Local-first** - Tools are just scripts, no cloud required
+- **Install tools in seconds** — `cli4ai add github` just works
+- **Run from anywhere** — `cli4ai run <tool> <command>`
+- **MCP integration** — Wrap any CLI tool as an MCP server automatically
+- **Local-first** — Tools are just TypeScript scripts, no cloud required
+- **Unified interface** — All tools output JSON for easy parsing
+
+## Available Packages
+
+See the [packages repo](https://github.com/cli4ai/packages) for source code and documentation.
+
+| Package | Description |
+|---------|-------------|
+| `github` | GitHub notifications, repos, issues, PRs |
+| `slack` | Slack messages, channels, users |
+| `gmail` | Gmail inbox, threads, send/reply |
+| `twitter` | Twitter/X timeline, search, post |
+| `youtube` | YouTube transcripts and metadata |
+| `mongodb` | MongoDB queries and schemas |
+| `postgres` | PostgreSQL read-only queries |
+| `snowflake` | Snowflake data warehouse queries |
+| `chrome` | Browser automation with Puppeteer |
+| `linkedin` | LinkedIn feed and profiles |
+| `fireflies` | Fireflies.ai meeting transcripts |
+| `dataforseo` | SEO keywords, trends, backlinks |
+| `ipinfo` | IP address geolocation |
+| `history` | Chrome browser history |
+| `openapi` | Turn any OpenAPI spec into a CLI |
+
+Browse all packages: `cli4ai browse`
 
 ## Quick Start
 
 ```bash
-# Add a local registry (directory containing tools)
-cli4ai config --add-registry ~/my-tools
-
-# Search for tools
-cli4ai search github
+# Install cli4ai globally
+npm i -g cli4ai
 
-# Install globally (available everywhere)
+# Install a tool
 cli4ai add -g github
 
-# Install locally (project-scoped)
-cd ~/my-project
-cli4ai add mongodb
-
-# Run tools
+# Run a command
 cli4ai run github notifs
-cli4ai run mongodb databases
+
+# See available commands
+cli4ai info github
+
+# Update all tools
+cli4ai update
 ```
 
 ## Commands
@@ -58,14 +75,14 @@ cli4ai run mongodb databases
 | `cli4ai add <pkg>` | Install package locally |
 | `cli4ai add -g <pkg>` | Install package globally |
 | `cli4ai remove <pkg>` | Uninstall package |
-| `cli4ai remove -g <pkg>` | Uninstall global package |
-| `cli4ai list` | List local packages |
-| `cli4ai list -g` | List global packages |
+| `cli4ai list` | List installed packages |
+| `cli4ai update` | Update all packages |
 
 ### Discovery
 
 | Command | Description |
 |---------|-------------|
+| `cli4ai browse` | Interactive package browser |
 | `cli4ai search <query>` | Search for packages |
 | `cli4ai info <pkg>` | Show package details |
 
@@ -76,108 +93,24 @@ cli4ai run mongodb databases
 | `cli4ai run <pkg> <cmd> [args]` | Run a tool command |
 | `cli4ai start <pkg>` | Start package as MCP server |
 
-Notes:
-- Tool flags are supported: `cli4ai run chrome screenshot https://example.com --full-page`
-- If a flag conflicts with `cli4ai run` options, use `--` to pass-through: `cli4ai run <pkg> <cmd> -- --help`
-
-### Configuration
-
-| Command | Description |
-|---------|-------------|
-| `cli4ai config` | Show current config |
-| `cli4ai config --add-registry <path>` | Add local registry |
-| `cli4ai config --remove-registry <path>` | Remove registry |
-
-### Project Setup
-
-| Command | Description |
-|---------|-------------|
-| `cli4ai init [name]` | Create a new tool project |
-| `cli4ai mcp-config` | Generate Claude Code MCP config |
-
-## Package Format
-
-Tools are defined by a `cli4ai.json` manifest:
-
-```json
-{
-  "name": "github",
-  "version": "1.0.0",
-  "description": "GitHub CLI wrapper",
-  "entry": "run.ts",
-  "runtime": "bun",
-  "commands": {
-    "notifs": {
-      "description": "Your notifications"
-    },
-    "repos": {
-      "description": "List repositories",
-      "args": [
-        { "name": "user", "required": false }
-      ]
-    }
-  },
-  "env": {
-    "GITHUB_TOKEN": {
-      "required": false,
-      "description": "Personal access token"
-    }
-  },
-  "mcp": {
-    "enabled": true
-  }
-}
-```
-
-### Manifest Fields
-
-| Field | Required | Description |
-|-------|----------|-------------|
-| `name` | Yes | Package name (lowercase, hyphens ok) |
-| `version` | Yes | Semver version |
-| `entry` | Yes | Entry point script |
-| `description` | No | Package description |
-| `runtime` | No | Runtime: `bun` (default), `node`, `deno` |
-| `commands` | No | Command definitions for MCP |
-| `env` | No | Environment variable requirements |
-| `mcp.enabled` | No | Enable MCP server mode |
-
-## Storage Locations
-
-```
-~/.cli4ai/
-├── config.json          # Global configuration
-├── packages/            # Globally installed packages
-│   └── github/
-└── bin/                 # PATH-linked executables (optional)
-
-./
-├── cli4ai.json            # Project manifest (if a tool)
-├── cli4ai.lock            # Lock file (reproducible installs)
-└── .cli4ai/
-    └── packages/        # Locally installed packages
-```
-
 ## MCP Integration
 
-cli4ai can generate configuration for Claude Code:
+cli4ai tools can run as MCP servers for Claude:
 
 ```bash
-# Generate config for all installed packages
+# Generate Claude Code config
 cli4ai mcp-config
 
-# Generate for specific packages
-cli4ai mcp-config --packages github,slack
-
-# Get snippet for a single package
-cli4ai mcp-config --package github --snippet
+# Start a tool as MCP server
+cli4ai start github
 ```
 
-Output:
+Add to your Claude Code MCP settings:
+
 ```json
 {
   "mcpServers": {
-    "cli4ai-github": {
+    "github": {
       "command": "cli4ai",
       "args": ["start", "github"]
     }
@@ -185,50 +118,26 @@ Output:
 }
 ```
 
-Add this to your Claude Code MCP settings.
-
-## Local Registries
-
-cli4ai discovers packages from local directories:
-
-```bash
-# Add a registry
-cli4ai config --add-registry ~/agent-tools
-
-# Now packages in ~/agent-tools are discoverable
-cli4ai search github  # Finds ~/agent-tools/github/
-```
-
-A registry is just a directory containing tool folders, each with a `cli4ai.json`.
-
 ## Creating Tools
 
 ```bash
-# Create a new tool
-cli4ai init my-tool
-cd my-tool
+# Quick scaffold with defaults
+npx create-cli4ai my-tool -y
 
-# Edit `run.ts` and `cli4ai.json`
+# Interactive mode (prompts for commands, args, env vars)
+npx create-cli4ai
 
-# Test locally
-bun run run.ts hello world
-
-# Install for testing
-cd ~/some-project
-cli4ai add --local ~/path/to/my-tool -y
-cli4ai run my-tool hello world
+# Or use the built-in init
+cli4ai init my-tool
 ```
 
-### Tool Entry Point
-
-Tools are simple CLI scripts that output JSON:
+Tools are TypeScript scripts with a `cli4ai.json` manifest:
 
 ```typescript
-#!/usr/bin/env bun
-
+#!/usr/bin/env npx tsx
 import { cli, output } from '@cli4ai/lib/cli.ts';
 
-const program = cli('my-tool', '1.0.0', 'Example tool');
+const program = cli('my-tool', '1.0.0', 'My awesome tool');
 
 program
   .command('hello [name]')
@@ -240,36 +149,45 @@ program
 program.parse();
 ```
 
-When run via `cli4ai run`, these env vars are set for convenience:
-- `CLI4AI_CWD`: directory where you invoked `cli4ai`
-- `C4AI_PACKAGE_DIR`: installed package directory
-- `C4AI_PACKAGE_NAME`: resolved package name
-- `C4AI_ENTRY`: absolute path to the tool entry file
-
-## Global vs Local Install
-
-| Aspect | Global (`-g`) | Local (default) |
-|--------|---------------|-----------------|
-| Location | `~/.cli4ai/packages/` | `./.cli4ai/packages/` |
-| Scope | Available everywhere | Project only |
-| Lock file | No | Yes (`cli4ai.lock`) |
-| Use case | Utilities (github, slack) | Project-specific (mongodb) |
-
-## Environment Variables
-
-Tools can require environment variables:
-
 ```json
 {
-  "env": {
-    "API_KEY": { "required": true },
-    "DEBUG": { "required": false, "default": "false" }
+  "name": "my-tool",
+  "version": "1.0.0",
+  "description": "My awesome tool",
+  "entry": "run.ts",
+  "runtime": "node",
+  "commands": {
+    "hello": {
+      "description": "Say hello",
+      "args": [{ "name": "name", "required": false }]
+    }
   }
 }
 ```
 
-Set them in your shell or `.env` file.
+## Storage
+
+```
+~/.cli4ai/
+├── config.json       # Global configuration
+├── packages/         # Globally installed packages
+└── bin/              # PATH-linked executables
+
+./.cli4ai/
+└── packages/         # Locally installed packages
+```
+
+## Requirements
+
+- Node.js 18+
+- npm or bun
+
+## Related
+
+- [cli4ai/packages](https://github.com/cli4ai/packages) — Official tool packages
+- [cli4ai/create-cli4ai](https://github.com/cli4ai/create-cli4ai) — Scaffold new tools
+- [cli4ai.com](https://cli4ai.com) — Website and documentation
 
 ## License
 
-MIT
+[BSL 1.1](./LICENSE) — Free for non-commercial use. Converts to Apache 2.0 on December 19, 2029.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cli4ai",
-  "version": "0.9.2",
+  "version": "1.0.1",
   "description": "The package manager for AI CLI tools - cli4ai.com",
   "type": "module",
   "bin": {
@@ -26,7 +26,7 @@
     "vitest": "^2.0.0"
   },
   "author": "cliforai",
-  "license": "MIT",
+  "license": "BUSL-1.1",
   "repository": {
     "type": "git",
     "url": "https://github.com/cliforai/framework"

package/src/bin.ts

@@ -92,10 +92,8 @@ function checkUpdatesInBackground(): void {
     const packages = getNpmGlobalPackages();
     if (packages.length > 0) {
       // Spawn a background process to check updates and cache results
-      const child = Bun.spawn(['sh', '-c', `
-        # Quick npm check (with timeout)
-        timeout 3 npm view cli4ai version 2>/dev/null > /tmp/.cli4ai-update-check 2>&1 &
-      `], {
+      const { spawn } = require('child_process');
+      const child = spawn('sh', ['-c', 'timeout 3 npm view cli4ai version 2>/dev/null > /tmp/.cli4ai-update-check 2>&1 &'], {
         detached: true,
         stdio: ['ignore', 'ignore', 'ignore']
       });

package/src/commands/add.ts

@@ -18,6 +18,7 @@ import {
 } from '../core/config.js';
 import { lockPackage, computeDirectoryIntegrity, type LockedPackage } from '../core/lockfile.js';
 import { linkPackageDirect, isBinInPath, getPathInstructions } from '../core/link.js';
+import { getRegistryIntegrity, verifyPackageIntegrity } from '../core/registry.js';
 
 interface AddOptions {
   local?: boolean;
@@ -217,11 +218,10 @@ async function downloadFromNpm(packageName: string, targetDir: string): Promise<
 /**
  * Check if a CLI tool is available
  */
-async function checkCliTool(name: string): Promise<boolean> {
+function checkCliTool(name: string): boolean {
   try {
-    const proc = Bun.spawn(['which', name], { stdout: 'pipe', stderr: 'pipe' });
-    await proc.exited;
-    return proc.exitCode === 0;
+    const result = spawnSync('which', [name], { stdio: 'pipe' });
+    return result.status === 0;
   } catch {
     return false;
   }
@@ -369,7 +369,7 @@ export async function addCommand(packages: string[], options: AddOptions): Promi
     for (const peer of plan.peerDependencies) {
       // Check if it's a CLI tool (not a cli4ai package reference)
       if (!peer.version.includes('cli4ai')) {
-        const available = await checkCliTool(peer.name);
+        const available = checkCliTool(peer.name);
         if (!available) {
           peerWarnings.push(`${peer.name} is not installed on your system`);
         }
@@ -417,6 +417,27 @@ export async function addCommand(packages: string[], options: AddOptions): Promi
         await installNpmDependencies(result.path, plan.manifest.dependencies);
       }
 
+      // SECURITY: Verify integrity against registry
+      let integrity: string | undefined;
+      try {
+        const verification = await verifyPackageIntegrity(result.name, result.path);
+        integrity = verification.actual;
+
+        if (verification.expected) {
+          if (verification.valid) {
+            log(`  integrity: ${integrity.slice(0, 20)}... ✓`);
+          } else {
+            log(`  ⚠️  Integrity mismatch!`);
+            log(`     Expected: ${verification.expected.slice(0, 30)}...`);
+            log(`     Actual:   ${verification.actual.slice(0, 30)}...`);
+          }
+        } else {
+          log(`  integrity: ${integrity.slice(0, 20)}...`);
+        }
+      } catch (err) {
+        log(`  warning: could not compute integrity hash`);
+      }
+
       // Link to PATH for global installs
       if (options.global) {
         result.binPath = linkPackageDirect(plan.manifest, result.path);
@@ -424,15 +445,6 @@ export async function addCommand(packages: string[], options: AddOptions): Promi
       } else {
         log(`✓ ${result.name}@${result.version}`);
 
-        // SECURITY: Compute integrity hash for the installed package
-        let integrity: string | undefined;
-        try {
-          integrity = computeDirectoryIntegrity(result.path);
-          log(`  integrity: ${integrity.slice(0, 20)}...`);
-        } catch (err) {
-          log(`  warning: could not compute integrity hash`);
-        }
-
         // Update lockfile (only for local/project installs)
         const lockedPkg: LockedPackage = {
           name: result.name,

package/src/commands/init.ts

@@ -146,7 +146,7 @@ function getBaseManifest(templateName: string, runtime: 'node' | 'bun'): Partial
     runtime,
     description: `${templateName === 'basic' ? 'CLI' : templateName} tool`,
     author,
-    license: 'MIT',
+    license: 'BUSL-1.1',
     keywords,
     mcp: { enabled: true, transport: 'stdio' },
   };