clishop 1.2.4 → 1.3.0

package/README.md

@@ -31,12 +31,12 @@ CLISHOP is an open-source CLI that lets AI agents and humans search for products
 
 ## Highlights
 
-- **Multi-store search:** one query searches every store in the network and only returns items that ship to your address
-- **Safety thresholds:** cap how much can be spent per order, require email confirmation before anything ships, or skip confirmation entirely
-- **MCP server:** native [Model Context Protocol](https://modelcontextprotocol.io/) support with 19 tools so AI agents (VS Code Copilot, Claude, Cursor, Windsurf, etc.) can shop on your behalf
-- **Advertise requests:** can't find what you need? Publicly post a request and let stores try to find it for you
-- **Support & reviews:** if something goes wrong, create support tickets and handle the entire process from the CLI — write product and store reviews too
-- **Open marketplace:** anyone can start selling on CLISHOP by deploying a [Dark Store](https://github.com/DavooxBv2/CLISHOP-DARKSTORE) — no website required
+- One query searches every store in the network. Results are filtered to what actually ships to your address.
+- Set spending caps per order, require email confirmation before anything ships, or let it go through automatically — your call.
+- Ships as a native [MCP server](https://modelcontextprotocol.io/) with 44 tools. Works with VS Code Copilot, Claude, Cursor, Windsurf, and anything else that speaks MCP.
+- Can't find what you need? Post an advertise request and let vendors compete to fulfill it.
+- Support tickets, product reviews, store reviews — all from the terminal.
+- Anyone can sell on CLISHOP by deploying a [Dark Store](https://github.com/DavooxBv2/CLISHOP-DARKSTORE). No website needed.
 
 ---
 
@@ -132,7 +132,7 @@ clishop buy 1
 
 ## Sell on CLISHOP
 
-Want to sell your own products? Use the [Dark Store](https://github.com/DavooxBv2/CLISHOP-DARKSTORE) template to create your own store — no website needed. Configure your catalog, shipping, and pricing in a few YAML files, deploy to Vercel, and start receiving orders.
+You can run your own store with the [Dark Store](https://github.com/DavooxBv2/CLISHOP-DARKSTORE) template. Define your catalog, shipping rules, and pricing in YAML, deploy to Vercel, and you're live. No website needed.
 
 ---
 
@@ -150,7 +150,7 @@ npm run lint                         # Type-check
 
 ## MCP Server
 
-CLISHOP ships as a native MCP server with 19 tools. Any MCP-compatible client gets shopping capabilities out of the box.
+CLISHOP ships as a native MCP server with 44 tools. Any MCP-compatible client gets shopping capabilities out of the box.
 
 ```bash
 clishop-mcp              # If installed globally

package/dist/{chunk-CVK6G342.js → chunk-3BBLDX6L.js}

@@ -3,12 +3,116 @@ import {
 } from "./chunk-X3H7SYR4.js";
 
 // src/auth.ts
-import keytar from "keytar";
+import { createRequire } from "module";
 import axios from "axios";
+
+// src/auth-file-store.ts
+import { readFileSync, writeFileSync, mkdirSync, chmodSync } from "fs";
+import { join } from "path";
+import { homedir } from "os";
+var CONFIG_DIR = join(homedir(), ".config", "clishop");
+var AUTH_FILE = join(CONFIG_DIR, "auth.json");
+function ensureDir() {
+  mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
+}
+function readStore() {
+  try {
+    return JSON.parse(readFileSync(AUTH_FILE, "utf-8"));
+  } catch {
+    return {};
+  }
+}
+function writeStore(data) {
+  ensureDir();
+  writeFileSync(AUTH_FILE, JSON.stringify(data, null, 2), { mode: 384 });
+  try {
+    chmodSync(AUTH_FILE, 384);
+  } catch {
+  }
+}
+function fileSetPassword(service, account, password) {
+  const store = readStore();
+  store[`${service}:${account}`] = password;
+  writeStore(store);
+}
+function fileGetPassword(service, account) {
+  const store = readStore();
+  return store[`${service}:${account}`] ?? null;
+}
+function fileDeletePassword(service, account) {
+  const store = readStore();
+  delete store[`${service}:${account}`];
+  writeStore(store);
+}
+
+// src/auth.ts
+var require2 = createRequire(import.meta.url);
+var _keytar = null;
+var _keytarChecked = false;
+function getKeytar() {
+  if (_keytarChecked) return _keytar;
+  _keytarChecked = true;
+  try {
+    _keytar = require2("keytar");
+  } catch {
+    _keytar = null;
+  }
+  return _keytar;
+}
 var SERVICE_NAME = "clishop";
 var ACCOUNT_TOKEN = "auth-token";
 var ACCOUNT_REFRESH = "refresh-token";
 var ACCOUNT_USER = "user-info";
+var _activeBackend = null;
+function resolveBackend() {
+  if (_activeBackend) return _activeBackend;
+  if (process.env.CLISHOP_TOKEN) {
+    _activeBackend = "env";
+    return _activeBackend;
+  }
+  const kt = getKeytar();
+  if (kt) {
+    _activeBackend = "keytar";
+    return _activeBackend;
+  }
+  if (!process.env.CLISHOP_QUIET) {
+    console.warn(
+      "[clishop] Secure keychain unavailable \u2014 using file-based token storage (~/.config/clishop/auth.json).\n          To enable keychain on Ubuntu/WSL: sudo apt install libsecret-1-0\n"
+    );
+  }
+  _activeBackend = "file";
+  return _activeBackend;
+}
+function isKeytarAvailable() {
+  return getKeytar() !== null;
+}
+async function setPassword(account, value) {
+  const backend = resolveBackend();
+  if (backend === "env") return;
+  if (backend === "keytar") {
+    return getKeytar().setPassword(SERVICE_NAME, account, value);
+  }
+  fileSetPassword(SERVICE_NAME, account, value);
+}
+async function getPassword(account) {
+  const backend = resolveBackend();
+  if (backend === "env" && account === ACCOUNT_TOKEN) {
+    return process.env.CLISHOP_TOKEN;
+  }
+  if (backend === "keytar") {
+    return getKeytar().getPassword(SERVICE_NAME, account);
+  }
+  return fileGetPassword(SERVICE_NAME, account);
+}
+async function deletePassword(account) {
+  const backend = resolveBackend();
+  if (backend === "env") return;
+  if (backend === "keytar") {
+    await getKeytar().deletePassword(SERVICE_NAME, account);
+    return;
+  }
+  fileDeletePassword(SERVICE_NAME, account);
+}
 function assertAuthResponse(data) {
   const payload = data;
   if (!payload || typeof payload !== "object") {
@@ -29,22 +133,22 @@ function assertAuthResponse(data) {
   return payload;
 }
 async function storeToken(token) {
-  await keytar.setPassword(SERVICE_NAME, ACCOUNT_TOKEN, token);
+  await setPassword(ACCOUNT_TOKEN, token);
 }
 async function storeRefreshToken(token) {
-  await keytar.setPassword(SERVICE_NAME, ACCOUNT_REFRESH, token);
+  await setPassword(ACCOUNT_REFRESH, token);
 }
 async function storeUserInfo(user) {
-  await keytar.setPassword(SERVICE_NAME, ACCOUNT_USER, JSON.stringify(user));
+  await setPassword(ACCOUNT_USER, JSON.stringify(user));
 }
 async function getToken() {
-  return keytar.getPassword(SERVICE_NAME, ACCOUNT_TOKEN);
+  return getPassword(ACCOUNT_TOKEN);
 }
 async function getRefreshToken() {
-  return keytar.getPassword(SERVICE_NAME, ACCOUNT_REFRESH);
+  return getPassword(ACCOUNT_REFRESH);
 }
 async function getUserInfo() {
-  const raw = await keytar.getPassword(SERVICE_NAME, ACCOUNT_USER);
+  const raw = await getPassword(ACCOUNT_USER);
   if (!raw) return null;
   try {
     return JSON.parse(raw);
@@ -53,13 +157,12 @@ async function getUserInfo() {
   }
 }
 async function clearAuth() {
-  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_TOKEN);
-  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_REFRESH);
-  await keytar.deletePassword(SERVICE_NAME, ACCOUNT_USER);
+  await deletePassword(ACCOUNT_TOKEN);
+  await deletePassword(ACCOUNT_REFRESH);
+  await deletePassword(ACCOUNT_USER);
 }
 async function isLoggedIn() {
-  const token = await getToken();
-  return !!token;
+  return !!await getToken();
 }
 async function login(email, password) {
   const baseUrl = getApiBaseUrl();
@@ -198,6 +301,9 @@ function handleApiError(error) {
 }
 
 export {
+  resolveBackend,
+  isKeytarAvailable,
+  getToken,
   getUserInfo,
   isLoggedIn,
   login,

package/dist/index.js

@@ -2,18 +2,22 @@
 import {
   ensureAgentOnBackend,
   getApiClient,
+  getToken,
   getUserInfo,
   handleApiError,
+  isKeytarAvailable,
   isLoggedIn,
   login,
   logout,
-  register
-} from "./chunk-CVK6G342.js";
+  register,
+  resolveBackend
+} from "./chunk-3BBLDX6L.js";
 import {
   createAgent,
   deleteAgent,
   getActiveAgent,
   getAgent,
+  getApiBaseUrl,
   getConfig,
   listAgents,
   setActiveAgent,
@@ -22,7 +26,7 @@ import {
 
 // src/index.ts
 import { Command } from "commander";
-import chalk15 from "chalk";
+import chalk16 from "chalk";
 
 // src/commands/auth.ts
 import chalk from "chalk";
@@ -932,7 +936,7 @@ async function runSetupWizard() {
   console.log();
   console.log(chalk4.bold.cyan("      W E L C O M E   T O   C L I S H O P"));
   console.log(chalk4.dim("      Order anything from your terminal."));
-  console.log(chalk4.dim(`      Build: ${"2026-03-04T15:39:11.106Z"}`));
+  console.log(chalk4.dim(`      Build: ${"2026-03-22T16:08:08.167Z"}`));
   console.log();
   divider(chalk4.cyan);
   console.log();
@@ -4580,16 +4584,74 @@ function registerFeedbackCommands(program2) {
   });
 }
 
+// src/commands/doctor.ts
+import chalk15 from "chalk";
+import { join } from "path";
+import { homedir } from "os";
+import { mkdirSync } from "fs";
+import axios from "axios";
+function registerDoctorCommand(program2) {
+  program2.command("doctor").description("Check system compatibility and auth status").action(async () => {
+    const checks = [];
+    const keytarOk = isKeytarAvailable();
+    checks.push({
+      name: "Secure keychain (keytar)",
+      ok: keytarOk,
+      detail: keytarOk ? "keytar loaded successfully" : "keytar unavailable \u2014 install libsecret:\n           sudo apt install libsecret-1-0"
+    });
+    const backend = resolveBackend();
+    checks.push({
+      name: "Auth backend",
+      ok: true,
+      detail: backend === "env" ? "Using CLISHOP_TOKEN environment variable" : backend === "keytar" ? "Using OS keychain" : "Using file store (~/.config/clishop/auth.json)"
+    });
+    try {
+      const dir = join(homedir(), ".config", "clishop");
+      mkdirSync(dir, { recursive: true, mode: 448 });
+      checks.push({ name: "File store writable", ok: true, detail: dir });
+    } catch (e) {
+      checks.push({
+        name: "File store writable",
+        ok: false,
+        detail: e instanceof Error ? e.message : String(e)
+      });
+    }
+    const token = await getToken();
+    checks.push({
+      name: "Authenticated",
+      ok: !!token,
+      detail: token ? "Token present" : "Not logged in \u2014 run: clishop setup"
+    });
+    const apiUrl = getApiBaseUrl();
+    try {
+      await axios.get(`${apiUrl}/health`, { timeout: 5e3 });
+      checks.push({ name: "API reachable", ok: true, detail: apiUrl });
+    } catch {
+      checks.push({
+        name: "API reachable",
+        ok: false,
+        detail: `Cannot reach ${apiUrl}`
+      });
+    }
+    console.log(chalk15.bold("\n  CLISHOP Doctor\n"));
+    for (const c of checks) {
+      const icon = c.ok ? chalk15.green("\u2713") : chalk15.red("\u2717");
+      console.log(`  ${icon}  ${chalk15.bold(c.name)}: ${c.detail}`);
+    }
+    console.log();
+  });
+}
+
 // src/index.ts
 var program = new Command();
-program.name("clishop").version("1.2.3").description(
-  chalk15.bold("CLISHOP") + ' \u2014 Order anything from your terminal.\n\n  Use agents to set safety limits, addresses, and payment methods.\n  The "default" agent is used when no agent is specified.'
+program.name("clishop").version("1.3.0").description(
+  chalk16.bold("CLISHOP") + ' \u2014 Order anything from your terminal.\n\n  Use agents to set safety limits, addresses, and payment methods.\n  The "default" agent is used when no agent is specified.'
 ).option("--agent <name>", "Use a specific agent for this command").hook("preAction", (thisCommand) => {
   const agentOpt = thisCommand.opts().agent;
   if (agentOpt) {
     const config = getConfig();
     if (!config.store.agents[agentOpt]) {
-      console.error(chalk15.red(`\u2717 Agent "${agentOpt}" does not exist.`));
+      console.error(chalk16.red(`\u2717 Agent "${agentOpt}" does not exist.`));
       process.exit(1);
     }
     process.env.__CLISHOP_AGENT_OVERRIDE = agentOpt;
@@ -4609,6 +4671,7 @@ registerSetupCommand(program);
 registerAdvertiseCommands(program);
 registerSupportCommands(program);
 registerFeedbackCommands(program);
+registerDoctorCommand(program);
 async function main() {
   if (process.argv.includes("--mcp")) {
     const { startMcpServer } = await import("./mcp.js");
@@ -4626,6 +4689,6 @@ async function main() {
   await program.parseAsync(process.argv);
 }
 main().catch((err) => {
-  console.error(chalk15.red(err.message));
+  console.error(chalk16.red(err.message));
   process.exit(1);
 });

package/dist/mcp.js

@@ -3,7 +3,7 @@ import {
   getApiClient,
   getUserInfo,
   isLoggedIn
-} from "./chunk-CVK6G342.js";
+} from "./chunk-3BBLDX6L.js";
 import {
   __export,
   getActiveAgent,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clishop",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "mcpName": "io.github.StefDCL/clishop",
   "description": "CLISHOP — Order anything from your terminal",
   "main": "dist/index.js",
@@ -17,7 +17,8 @@
     "dev:mcp": "tsx src/mcp.ts",
     "start": "node dist/index.js",
     "start:mcp": "node dist/mcp.js",
-    "lint": "tsc --noEmit"
+    "lint": "tsc --noEmit",
+    "postinstall": "node -e \"try{require('keytar')}catch{console.warn('\\n[clishop] Optional: install libsecret for secure keychain storage:\\n  sudo apt install libsecret-1-0\\nWithout it, clishop uses file-based token storage.\\n')}\""
   },
   "repository": {
     "type": "git",
@@ -49,10 +50,12 @@
     "commander": "^14.0.3",
     "conf": "^15.1.0",
     "inquirer": "^13.2.4",
-    "keytar": "^7.9.0",
     "open": "^11.0.0",
     "ora": "^9.3.0"
   },
+  "optionalDependencies": {
+    "keytar": "^7.9.0"
+  },
   "devDependencies": {
     "@types/inquirer": "^9.0.9",
     "@types/keytar": "^4.4.0",