npm - commitshow - Versions diffs - 0.3.12 → 0.3.15 - Mend

commitshow 0.3.12 → 0.3.15

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/commands/audit.js CHANGED Viewed

@@ -1,12 +1,21 @@
 import { resolveTarget, verifyRemoteExists, TargetError } from '../lib/target.js';
 import { findProjectByGithubUrl, fetchLatestSnapshot, fetchStanding, runPreviewAudit, waitForPreviewSnapshot, } from '../lib/api.js';
-import { renderAudit, renderMarkdown, renderJson, renderUpsell, renderQuotaFooter, renderRateLimitDeny, renderAuditError, writeAuditMarkdown, writeAuditJson, } from '../lib/render.js';
+import { renderAudit, renderMarkdown, renderJson, renderUpsell, renderStarCta, renderQuotaFooter, renderRateLimitDeny, renderAuditError, writeAuditMarkdown, writeAuditJson, } from '../lib/render.js';
 import { c } from '../lib/colors.js';
 import { Spinner } from '../lib/spinner.js';
 export async function audit(args) {
     const asJson = args.includes('--json');
     const force = args.includes('--refresh') || args.includes('--force');
-    const positional = args.find(a => !a.startsWith('--'));
+    // --source=<name> · self-reported call origin (claude-code · cursor ·
+    // antigravity · gemini-cli · codex · raw-cli · etc.). Falls back to
+    // the COMMITSHOW_SOURCE env var (used by IDE plugins that wrap the
+    // CLI) and ultimately empty string. Surfaced in /admin > CLI 사용
+    // tab as a distribution chart.
+    const sourceFlag = args.find(a => a.startsWith('--source='))?.split('=')[1]
+        ?? args[args.indexOf('--source') + 1]?.replace(/^-/, '') // tolerate --source X
+        ?? process.env.COMMITSHOW_SOURCE
+        ?? null;
+    const positional = args.find(a => !a.startsWith('--') && a !== sourceFlag);
     let target;
     try {
         target = resolveTarget(positional);
@@ -93,6 +102,9 @@ export async function audit(args) {
                 console.log('');
                 console.log(renderUpsell(project.github_url ?? target.github_url));
             }
+            // Star CTA always lands last · highest-leverage moment for a star.
+            console.log('');
+            console.log(renderStarCta());
             console.log('');
         }
         if (target.kind === 'local') {
@@ -115,7 +127,7 @@ export async function audit(args) {
         else
             console.log(c.dim('First time on commit.show for this repo — running a preview audit…'));
     }
-    const result = await runPreviewAudit(target.github_url, undefined, { force });
+    const result = await runPreviewAudit(target.github_url, undefined, { force, source: sourceFlag });
     // Error envelope
     if ('error' in result) {
         const err = result;

package/dist/commands/login.js CHANGED Viewed

@@ -1,16 +1,125 @@
-// Device flow placeholder. Needs the /cli/link web page + token-exchange
-// Edge Function on the server side (V1 backend work · see CLAUDE.md §15-C.4
-// rollout). Until that lands, we fail fast with a clear message so the user
-// knows their audit/status commands still work read-only.
+// commitshow login — device-flow authorization.
+//
+// Default flow:
+//   1. POST /functions/v1/cli-link-init · receive { code, poll_token, verification_url }
+//   2. Print the code + URL · open the URL in the user's browser (unless --no-open)
+//   3. Poll /functions/v1/cli-link-poll every 2s until 'ok' (token returned),
+//      'expired', or timeout (10 min).
+//   4. Save the api_token + member info to ~/.commitshow/config.json
+//
+// --token mode: skip the browser handshake and accept a pre-minted JWT
+//   (useful for headless / CI environments).
+//
+// --no-open: don't auto-launch the browser, just print the URL.
+import { readConfig, writeConfig } from '../lib/config.js';
 import { c } from '../lib/colors.js';
-export async function login(_args) {
+const POLL_INTERVAL_MS = 2000;
+const POLL_TIMEOUT_MS = 10 * 60 * 1000;
+const DEFAULT_BASE_URL = 'https://tekemubwihsjdzittoqf.supabase.co';
+const DEFAULT_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRla2VtdWJ3aWhzamR6aXR0b3FmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzY0MzQ1NzUsImV4cCI6MjA5MjAxMDU3NX0.n2K-3lFVvlXQx-bV9evdNRSQCtG5oC4uQushxB2ja9Y';
+function baseUrl() {
+    return readConfig().base_url ?? DEFAULT_BASE_URL;
+}
+function tryOpen(url) {
+    // Best-effort cross-platform open. Failure is silent — user still has
+    // the URL printed and can copy/paste manually.
+    const cmd = process.platform === 'darwin' ? 'open'
+        : process.platform === 'win32' ? 'cmd'
+            : 'xdg-open';
+    const args = process.platform === 'win32' ? ['/c', 'start', '', url] : [url];
+    try {
+        // eslint-disable-next-line @typescript-eslint/no-require-imports
+        const { spawn } = require('node:child_process');
+        spawn(cmd, args, { stdio: 'ignore', detached: true }).unref();
+    }
+    catch { /* ignore */ }
+}
+async function fetchUser(token) {
+    try {
+        const res = await fetch(`${baseUrl()}/auth/v1/user`, {
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok)
+            return null;
+        const j = await res.json();
+        return { id: j.id, email: j.email ?? null };
+    }
+    catch {
+        return null;
+    }
+}
+export async function login(args) {
+    const noOpen = args.includes('--no-open');
+    const tokenIdx = args.indexOf('--token');
+    const presetToken = tokenIdx >= 0 ? args[tokenIdx + 1] : null;
+    // Headless / CI path · skip the browser handshake.
+    if (presetToken) {
+        const user = await fetchUser(presetToken);
+        if (!user) {
+            console.error(c.scarlet('✗ Token rejected · invalid or expired.'));
+            return 1;
+        }
+        writeConfig({ ...readConfig(), token: presetToken, member_id: user.id, display_name: user.email ?? undefined });
+        console.log(c.gold('✓ Logged in · token saved to ~/.commitshow/config.json'));
+        return 0;
+    }
+    // 1. Init the device-flow.
+    let init;
+    try {
+        const res = await fetch(`${baseUrl()}/functions/v1/cli-link-init`, {
+            method: 'POST',
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${DEFAULT_ANON_KEY}`, 'Content-Type': 'application/json' },
+            body: '{}',
+        });
+        init = await res.json();
+        if (!res.ok || !init.code || !init.poll_token) {
+            console.error(c.scarlet(`✗ Init failed: ${init.error ?? `HTTP ${res.status}`}`));
+            return 1;
+        }
+    }
+    catch (e) {
+        console.error(c.scarlet(`✗ Init network error: ${e?.message ?? e}`));
+        return 1;
+    }
+    console.log('');
+    console.log(c.cream('  Authorize commitshow CLI to act on your account.'));
     console.log('');
-    console.log(c.cream('Login is not yet available in 0.1.'));
+    console.log(`  Verification code:  ${c.gold(init.code)}`);
+    console.log(`  Approve at:         ${init.verification_url}`);
     console.log('');
-    console.log(c.muted('  Read-only commands (audit, status, whoami) already work against public data.'));
-    console.log(c.muted('  Write commands (submit, re-audit, install) unlock once the device-flow'));
-    console.log(c.muted('  endpoint ships — tracked as a V1 item in the roadmap.'));
+    console.log(c.dim('  Waiting for approval (10 min timeout)…'));
     console.log('');
-    console.log(c.dim('  Sign in on the web for now → https://commit.show'));
+    if (!noOpen && init.verification_url)
+        tryOpen(init.verification_url);
+    // 2. Poll until approved / expired / timeout.
+    const deadline = Date.now() + POLL_TIMEOUT_MS;
+    while (Date.now() < deadline) {
+        await new Promise(r => setTimeout(r, POLL_INTERVAL_MS));
+        try {
+            const res = await fetch(`${baseUrl()}/functions/v1/cli-link-poll`, {
+                method: 'POST',
+                headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${DEFAULT_ANON_KEY}`, 'Content-Type': 'application/json' },
+                body: JSON.stringify({ poll_token: init.poll_token }),
+            });
+            const resp = await res.json();
+            if (resp.status === 'ok' && resp.api_token) {
+                writeConfig({ ...readConfig(), token: resp.api_token, member_id: resp.user_id ?? undefined });
+                console.log(c.gold('  ✓ Authorized · token saved to ~/.commitshow/config.json'));
+                const user = await fetchUser(resp.api_token);
+                if (user?.email)
+                    writeConfig({ ...readConfig(), display_name: user.email });
+                return 0;
+            }
+            if (resp.status === 'expired' || resp.status === 'consumed') {
+                console.error(c.scarlet(`  ✗ ${resp.message ?? resp.status}`));
+                return 1;
+            }
+            // status === 'pending' · keep polling.
+        }
+        catch {
+            // transient · keep polling.
+        }
+    }
+    console.error(c.scarlet('  ✗ Timed out waiting for approval (10 min). Re-run commitshow login.'));
     return 1;
 }

package/dist/commands/whoami.js CHANGED Viewed

@@ -1,14 +1,56 @@
-import { readConfig } from '../lib/config.js';
+import { readConfig, writeConfig } from '../lib/config.js';
 import { c } from '../lib/colors.js';
-export async function whoami(_args) {
+const DEFAULT_BASE_URL = 'https://tekemubwihsjdzittoqf.supabase.co';
+const DEFAULT_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhYmFzZSIsInJlZiI6InRla2VtdWJ3aWhzamR6aXR0b3FmIiwicm9sZSI6ImFub24iLCJpYXQiOjE3NzY0MzQ1NzUsImV4cCI6MjA5MjAxMDU3NX0.n2K-3lFVvlXQx-bV9evdNRSQCtG5oC4uQushxB2ja9Y';
+async function verifyToken(token) {
+    try {
+        const res = await fetch(`${DEFAULT_BASE_URL}/auth/v1/user`, {
+            headers: { apikey: DEFAULT_ANON_KEY, Authorization: `Bearer ${token}` },
+        });
+        if (!res.ok)
+            return null;
+        const j = await res.json();
+        return { id: j.id, email: j.email ?? null };
+    }
+    catch {
+        return null;
+    }
+}
+export async function whoami(args) {
     const cfg = readConfig();
-    if (!cfg.token || !cfg.display_name) {
+    // --logout · convenience flag · clears token from local config.
+    if (args.includes('--logout')) {
+        if (!cfg.token) {
+            console.log(c.dim('Already signed out.'));
+            return 0;
+        }
+        const next = { ...cfg };
+        delete next.token;
+        delete next.member_id;
+        delete next.display_name;
+        delete next.refresh_token;
+        writeConfig(next);
+        console.log(c.gold('✓ Signed out · token cleared from ~/.commitshow/config.json'));
+        return 0;
+    }
+    if (!cfg.token) {
         console.log(c.muted('Not signed in.'));
-        console.log(c.dim('  Read-only commands still work. Login coming in the next CLI release.'));
+        console.log(c.dim('  Run `commitshow login` to authorize a 90-day API token.'));
+        return 1;
+    }
+    // Verify the saved token is still valid (not expired or revoked).
+    const user = await verifyToken(cfg.token);
+    if (!user) {
+        console.log(c.scarlet('✗ Token rejected (expired or revoked).'));
+        console.log(c.dim('  Re-run `commitshow login`.'));
         return 1;
     }
-    console.log(c.cream(cfg.display_name));
-    if (cfg.member_id)
-        console.log(c.muted(`  ${cfg.member_id}`));
+    console.log('');
+    if (cfg.display_name)
+        console.log(`  ${c.cream(cfg.display_name)}`);
+    if (user.email && user.email !== cfg.display_name)
+        console.log(`  email:      ${user.email}`);
+    console.log(`  member id:  ${user.id}`);
+    console.log('');
     return 0;
 }

package/dist/lib/api.js CHANGED Viewed

@@ -18,12 +18,37 @@ const DEFAULT_ANON_KEY = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzdXBhY
 function baseUrl() {
     return readConfig().base_url ?? DEFAULT_BASE_URL;
 }
+// Self-identifying User-Agent so the server can break down CLI hits by
+// version + runtime + platform (visible in /admin > CLI 사용 탭).
+// Anonymous — no PII, just version/runtime breakdown for traction signal.
+// Format: 'commitshow-cli/<ver> node/<v> <platform>-<arch>'
+//   e.g. 'commitshow-cli/0.3.13 node/v20.10.0 darwin-arm64'
+const CLI_USER_AGENT = (() => {
+    // package.json version is bundled at build time via tsc resolution; we
+    // still hardcode a fallback so a stripped binary doesn't crash.
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    let version = 'unknown';
+    try {
+        // Lazy-require so this import doesn't break in Deno-like envs.
+        // The build script copies package.json next to the bundle.
+        // eslint-disable-next-line @typescript-eslint/no-var-requires
+        const pkg = require('../../package.json');
+        if (typeof pkg?.version === 'string')
+            version = pkg.version;
+    }
+    catch { /* fall through · version stays 'unknown' */ }
+    const node = process.version || 'node';
+    const plat = `${process.platform}-${process.arch}`;
+    return `commitshow-cli/${version} node/${node} ${plat}`;
+})();
 function headers(extra = {}) {
     const cfg = readConfig();
     return {
         apikey: DEFAULT_ANON_KEY,
         Authorization: `Bearer ${cfg.token ?? DEFAULT_ANON_KEY}`,
         'Content-Type': 'application/json',
+        'User-Agent': CLI_USER_AGENT,
+        'X-Commitshow-Source': process.env.COMMITSHOW_SOURCE ?? '',
         ...extra,
     };
 }
@@ -68,7 +93,12 @@ export async function runPreviewAudit(githubUrl, liveUrl, opts = {}) {
     const res = await fetch(`${baseUrl()}/functions/v1/audit-preview`, {
         method: 'POST',
         headers: headers(),
-        body: JSON.stringify({ github_url: githubUrl, live_url: liveUrl, force: opts.force === true }),
+        body: JSON.stringify({
+            github_url: githubUrl,
+            live_url: liveUrl,
+            force: opts.force === true,
+            source: opts.source ?? null,
+        }),
     });
     const body = await res.json().catch(() => ({ error: 'invalid_json' }));
     if (res.status === 202)

package/dist/lib/render.js CHANGED Viewed

@@ -401,6 +401,17 @@ export function renderAudit(view) {
     lines.push(' '.repeat(footerPad) + c.gold(wordmark));
     return lines.join('\n');
 }
+/**
+ * Star CTA · single line, brand-colored. The CLI prints this last on a
+ * successful audit (after renderAudit + any renderUpsell box) — the
+ * audit just delivered concrete value (concerns + score), which is the
+ * highest-leverage moment to ask for a GitHub star. Caller controls the
+ * placement so it always lands at the bottom of the full output.
+ */
+export function renderStarCta() {
+    return '  ' + c.muted('★ Like what you see? Star us · ')
+        + c.cream('github.com/commitshow/commitshow');
+}
 function vibeChecklistLines(vc) {
     const out = [];
     // 1. Webhook idempotency

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "commitshow",
-  "version": "0.3.12",
+  "version": "0.3.15",
   "description": "commit.show CLI — audit any vibe-coded project from your terminal.",
   "type": "module",
   "bin": {