create-githat-app 1.3.0 → 1.4.1

package/package.json

@@ -1,36 +1,58 @@
 {
   "name": "create-githat-app",
-  "version": "1.3.0",
-  "description": "Scaffold enterprise-grade apps with GitHat identity — for humans, AI agents, and MCP servers",
+  "version": "1.4.1",
+  "description": "GitHat CLI — scaffold apps and manage the skills marketplace",
   "type": "module",
   "bin": {
-    "create-githat-app": "./bin/index.js"
+    "create-githat-app": "./bin/index.js",
+    "githat": "./bin/index.js"
   },
-  "files": ["bin", "dist", "templates"],
+  "files": [
+    "bin",
+    "dist",
+    "templates"
+  ],
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",
     "test": "node bin/index.js --help"
   },
   "dependencies": {
-    "@clack/prompts": "^0.9.1",
+    "@clack/prompts": "^1.0.1",
     "chalk": "^5.4.1",
-    "commander": "^13.1.0",
+    "commander": "^14.0.3",
     "figlet": "^1.8.0",
     "fs-extra": "^11.2.0",
     "gradient-string": "^3.0.0",
     "handlebars": "^4.7.8",
-    "ora": "^8.1.1"
+    "ora": "^9.3.0",
+    "unzipper": "^0.12.3"
   },
   "devDependencies": {
     "@types/figlet": "^1.7.0",
     "@types/fs-extra": "^11.0.4",
     "@types/gradient-string": "^1.1.6",
+    "@types/unzipper": "^0.10.10",
     "tsup": "^8.4.0",
     "typescript": "^5.9.0"
   },
-  "keywords": ["githat", "nextjs", "react", "vite", "create-app", "cli", "auth", "identity", "mcp", "ai-agents"],
-  "license": "SEE LICENSE IN LICENSE",
+  "keywords": [
+    "githat",
+    "nextjs",
+    "react",
+    "vite",
+    "create-app",
+    "cli",
+    "auth",
+    "identity",
+    "mcp",
+    "ai-agents"
+  ],
+  "license": "Proprietary",
+  "homepage": "https://githat.io",
+  "bugs": {
+    "url": "https://github.com/GitHat-IO/create-githat-app/issues"
+  },
   "publishConfig": {
     "access": "public",
     "registry": "https://registry.npmjs.org/"
@@ -38,5 +60,8 @@
   "repository": {
     "type": "git",
     "url": "git+https://github.com/GitHat-IO/create-githat-app.git"
+  },
+  "engines": {
+    "node": ">=20.10"
   }
 }

package/templates/agent/app/(auth)/sign-in/page.tsx.hbs

@@ -0,0 +1,9 @@
+import { SignInForm } from '@githat/nextjs';
+
+export default function SignInPage() {
+  return (
+    <main {{#if useTailwind}}className="flex items-center justify-center min-h-screen bg-[#09090b]"{{else}}style=\{{ display: 'flex', alignItems: 'center', justifyContent: 'center', minHeight: '100vh', background: '#09090b' }}{{/if}}>
+      <SignInForm signUpUrl="/sign-up" {{#if includeForgotPassword}}forgotPasswordUrl="/forgot-password"{{/if}} />
+    </main>
+  );
+}

package/templates/agent/app/(auth)/sign-up/page.tsx.hbs

@@ -0,0 +1,9 @@
+import { SignUpForm } from '@githat/nextjs';
+
+export default function SignUpPage() {
+  return (
+    <main {{#if useTailwind}}className="flex items-center justify-center min-h-screen bg-[#09090b]"{{else}}style=\{{ display: 'flex', alignItems: 'center', justifyContent: 'center', minHeight: '100vh', background: '#09090b' }}{{/if}}>
+      <SignUpForm signInUrl="/sign-in" />
+    </main>
+  );
+}

package/templates/agent/app/admin/agent/page.tsx.hbs

@@ -0,0 +1,127 @@
+'use client';
+
+import Link from 'next/link';
+import { useAuth } from '@githat/nextjs';
+
+/**
+ * Agent operator dashboard — control the agent you registered.
+ *
+ * Three core actions an operator does:
+ *   1. See live status (active / paused / revoked)
+ *   2. Adjust capabilities (which tools the agent can call)
+ *   3. Hit the kill switch
+ *
+ * Real apps fetch the agent record from GitHat's
+ * GET /agent/{walletAddress}. Stub below shows the data shape.
+ */
+export default function AgentAdminPage() {
+  const { isSignedIn, isLoading } = useAuth();
+
+  if (isLoading) return <div style=\{{ padding: 'var(--space-8)', color: 'var(--fg-muted)' }}>Loading…</div>;
+  if (!isSignedIn) {
+    return (
+      <div style=\{{ padding: 'var(--space-8)', textAlign: 'center' }}>
+        <Link href="/sign-in" style=\{{ color: 'var(--primary)' }}>Sign in →</Link>
+      </div>
+    );
+  }
+
+  const agent = {
+    name: 'My research agent',
+    wallet: '0xAB12…CDEf',
+    status: 'active' as 'active' | 'paused' | 'revoked',
+    capabilities: ['web.search', 'web.fetch', 'arxiv.read'],
+    actionsLast24h: 47,
+    verifyUrl: 'https://githat.io/verify/agent/0xAB12...CDEf',
+  };
+
+  return (
+    <div style=\{{ padding: 'var(--space-8) var(--space-4)', maxWidth: '48rem', margin: '0 auto' }}>
+      <h1 style=\{{ fontFamily: 'var(--font-wordmark)', fontSize: '2rem', marginBottom: 'var(--space-2)' }}>
+        {agent.name}
+      </h1>
+      <p style=\{{ color: 'var(--fg-muted)', fontSize: '0.875rem', marginBottom: 'var(--space-6)' }}>
+        Wallet: <code>{agent.wallet}</code>
+      </p>
+
+      <section style=\{{
+        padding: 'var(--space-5)',
+        borderRadius: 'var(--radius-md, 0.5rem)',
+        border: '1px solid var(--border)',
+        background: 'var(--surface)',
+        marginBottom: 'var(--space-6)',
+      }}>
+        <div style=\{{ display: 'flex', justifyContent: 'space-between', alignItems: 'center', marginBottom: 'var(--space-3)' }}>
+          <span style=\{{ fontSize: '0.875rem', color: 'var(--fg-muted)' }}>Status</span>
+          <span style=\{{
+            padding: 'var(--space-1) var(--space-3)',
+            borderRadius: 'var(--radius-full, 9999px)',
+            background: agent.status === 'active' ? 'var(--success)' : agent.status === 'paused' ? 'var(--warn)' : 'var(--danger)',
+            color: 'var(--bg)',
+            fontSize: '0.75rem',
+            fontWeight: 700,
+          }}>
+            {agent.status.toUpperCase()}
+          </span>
+        </div>
+        <div style=\{{ fontSize: '2rem', fontWeight: 600, marginBottom: 'var(--space-1)' }}>
+          {agent.actionsLast24h}
+        </div>
+        <div style=\{{ fontSize: '0.75rem', color: 'var(--fg-subtle)' }}>actions in the last 24 hours</div>
+      </section>
+
+      <section style=\{{ marginBottom: 'var(--space-6)' }}>
+        <h2 style=\{{ fontSize: '1.125rem', marginBottom: 'var(--space-3)' }}>Capabilities</h2>
+        <ul style=\{{ listStyle: 'none', padding: 0, margin: 0, display: 'flex', flexWrap: 'wrap', gap: 'var(--space-2)' }}>
+          {agent.capabilities.map((cap) => (
+            <li key={cap} style=\{{
+              padding: 'var(--space-2) var(--space-3)',
+              borderRadius: 'var(--radius-md, 0.5rem)',
+              border: '1px solid var(--border)',
+              background: 'var(--surface)',
+              fontSize: '0.875rem',
+              fontFamily: 'var(--font-mono, monospace)',
+            }}>
+              {cap}
+            </li>
+          ))}
+        </ul>
+      </section>
+
+      <section style=\{{ display: 'flex', gap: 'var(--space-3)', flexWrap: 'wrap' }}>
+        <a href={agent.verifyUrl} target="_blank" rel="noopener noreferrer" style=\{{
+          padding: 'var(--space-3) var(--space-4)',
+          borderRadius: 'var(--radius-md, 0.5rem)',
+          border: '1px solid var(--border)',
+          color: 'var(--fg)',
+          textDecoration: 'none',
+        }}>
+          Public verify URL ↗
+        </a>
+        <Link href="/admin/mcp" style=\{{
+          padding: 'var(--space-3) var(--space-4)',
+          borderRadius: 'var(--radius-md, 0.5rem)',
+          border: '1px solid var(--border)',
+          color: 'var(--fg)',
+          textDecoration: 'none',
+        }}>
+          MCP servers
+        </Link>
+        <button
+          onClick={() => { /* TODO: POST /api/agent/kill */ }}
+          style=\{{
+            padding: 'var(--space-3) var(--space-4)',
+            borderRadius: 'var(--radius-md, 0.5rem)',
+            border: '1px solid var(--danger)',
+            background: 'transparent',
+            color: 'var(--danger)',
+            fontWeight: 600,
+            cursor: 'pointer',
+          }}
+        >
+          Kill switch
+        </button>
+      </section>
+    </div>
+  );
+}

package/templates/agent/app/globals.css.hbs

@@ -0,0 +1,87 @@
+/*
+ * Tailwind v4 — required because @githat/nextjs/styles is processed
+ * through @tailwindcss/postcss. Plain doesn't ship utility classes,
+ * but the import is needed for the auth pages to render styled.
+ */
+@import "tailwindcss";
+
+/*
+ * Plain template — self-contained globals.
+ *
+ * Defines the minimum CSS variables a GitHat app uses for layout and
+ * the auth-page styling that ships with @githat/nextjs/styles.
+ * Override these in your own files when you want a real theme.
+ *
+ * Light theme by default; flip --bg/--fg for dark.
+ */
+
+:root {
+  /* Surface */
+  --bg:           #ffffff;
+  --surface:      #fafafa;
+  --surface-sub:  #f4f4f5;
+
+  /* Borders */
+  --border:       #e5e7eb;
+
+  /* Foreground */
+  --fg:           #0a0a0a;
+  --fg-muted:     #525252;
+  --fg-subtle:    #737373;
+
+  /* Brand — change these two to re-skin the whole auth flow */
+  --primary:      #6366f1;
+  --accent:       #f59e0b;
+
+  /* Semantic */
+  --success:      #16a34a;
+  --warn:         #d97706;
+  --danger:       #dc2626;
+
+  /* Spacing — used by @githat/nextjs/styles */
+  --space-1: 0.25rem;
+  --space-2: 0.5rem;
+  --space-3: 0.75rem;
+  --space-4: 1rem;
+  --space-6: 1.5rem;
+  --space-8: 2rem;
+
+  /* Radius */
+  --radius:    0.5rem;
+  --radius-md: 0.5rem;
+  --radius-lg: 0.75rem;
+
+  /* Fonts */
+  --font-sans:     'Inter', system-ui, -apple-system, BlinkMacSystemFont, sans-serif;
+  --font-wordmark: 'Instrument Serif', Georgia, serif;
+}
+
+@media (prefers-color-scheme: dark) {
+  :root {
+    --bg:           #0a0a0a;
+    --surface:      #18181b;
+    --surface-sub:  #27272a;
+    --border:       #3f3f46;
+    --fg:           #fafafa;
+    --fg-muted:     #a1a1aa;
+    --fg-subtle:    #71717a;
+  }
+}
+
+* {
+  box-sizing: border-box;
+  margin: 0;
+  padding: 0;
+}
+
+body {
+  font-family: var(--font-sans);
+  background: var(--bg);
+  color: var(--fg);
+  line-height: 1.5;
+}
+
+a {
+  color: inherit;
+  text-decoration: none;
+}

package/templates/agent/app/layout.tsx.hbs

@@ -0,0 +1,41 @@
+import { GitHatProvider } from '@githat/nextjs';
+import '@githat/nextjs/styles';
+import './globals.css';
+
+export const metadata = {
+  title: '{{businessName}}',
+  description: '{{description}}',
+};
+
+export default function RootLayout({ children }{{#if typescript}}: { children: React.ReactNode }{{/if}}) {
+  return (
+    <html lang="en">
+      <body>
+        {/*
+          Plain template: no @githat/ui dep, no Wordmark. The
+          full-kit (`nextjs`) template uses @githat/ui for the
+          shared design system; the plain scaffold is the smallest
+          working app, so we avoid extra deps.
+        */}
+        <GitHatProvider config=\{{
+          publishableKey: process.env.NEXT_PUBLIC_GITHAT_PUBLISHABLE_KEY || '',
+          signInUrl: '/sign-in',
+          signUpUrl: '/sign-up',
+          afterSignInUrl: '/',
+          afterSignOutUrl: '/',
+        }}>
+          <header style=\{{
+            padding: '1rem 1.5rem',
+            borderBottom: '1px solid var(--border, #e5e7eb)',
+            fontFamily: 'system-ui, -apple-system, sans-serif',
+          }}>
+            <a href="/" style=\{{ textDecoration: 'none', color: 'inherit', fontWeight: 600 }}>
+              {{businessName}}
+            </a>
+          </header>
+          <main>{children}</main>
+        </GitHatProvider>
+      </body>
+    </html>
+  );
+}

package/templates/agent/app/page.tsx.hbs

@@ -0,0 +1,100 @@
+'use client';
+
+import Link from 'next/link';
+import { useAuth } from '@githat/nextjs';
+
+/**
+ * AI Agent template — Web4 identity, MCP, public verification.
+ *
+ * The pitch: every other auth platform stops at humans. GitHat
+ * extends identity to autonomous agents — wallet-bound (Ethereum
+ * sigs), capability-scoped, kill-switchable, audit-logged. Anyone
+ * can verify an agent at /verify/agent/<wallet>.
+ *
+ * This template is the agent operator's dashboard, plus the public
+ * /verify endpoint anyone can hit to check an agent's status.
+ */
+export default function Home() {
+  const { isSignedIn } = useAuth();
+
+  return (
+    <div style=\{{ background: 'var(--bg)', color: 'var(--fg)', minHeight: 'calc(100vh - 64px)' }}>
+      <section style=\{{
+        padding: 'var(--space-12) var(--space-4)',
+        textAlign: 'center',
+        maxWidth: '40rem',
+        margin: '0 auto',
+      }}>
+        <h1 style=\{{
+          fontFamily: 'var(--font-wordmark, Georgia, serif)',
+          fontSize: 'clamp(2rem, 5vw, 3rem)',
+          lineHeight: 1.1,
+          marginBottom: 'var(--space-3)',
+        }}>
+          {{businessName}}
+        </h1>
+        <p style=\{{ color: 'var(--fg-muted)', fontSize: '1.125rem', marginBottom: 'var(--space-6)' }}>
+          Wallet-bound identity for autonomous AI agents. Capability
+          scoping, kill switch, audit trail — and a public /verify
+          endpoint anyone can hit.
+        </p>
+        {!isSignedIn ? (
+          <Link href="/sign-up" style=\{{
+            display: 'inline-block',
+            padding: 'var(--space-3) var(--space-6)',
+            borderRadius: 'var(--radius-md, 0.5rem)',
+            background: 'var(--primary)',
+            color: 'var(--bg)',
+            fontWeight: 600,
+            textDecoration: 'none',
+          }}>
+            Register an agent →
+          </Link>
+        ) : (
+          <Link href="/admin/agent" style=\{{
+            display: 'inline-block',
+            padding: 'var(--space-3) var(--space-6)',
+            borderRadius: 'var(--radius-md, 0.5rem)',
+            background: 'var(--primary)',
+            color: 'var(--bg)',
+            fontWeight: 600,
+            textDecoration: 'none',
+          }}>
+            Open agent dashboard →
+          </Link>
+        )}
+      </section>
+
+      <section style=\{{ padding: 'var(--space-8) var(--space-4)', background: 'var(--surface-sub)' }}>
+        <div style=\{{ maxWidth: '48rem', margin: '0 auto' }}>
+          <h2 style=\{{ fontSize: '1.5rem', marginBottom: 'var(--space-4)' }}>What you get</h2>
+          <ul style=\{{ listStyle: 'none', padding: 0, margin: 0, display: 'flex', flexDirection: 'column', gap: 'var(--space-3)' }}>
+            <Item emoji="🪪" title="Wallet-bound identity" body="Ethereum-style key pair. The agent signs requests; clients verify the signature. No shared secrets to leak." />
+            <Item emoji="🎚" title="Capability scopes" body="Each agent can only call the tools you explicitly granted. Add or revoke at any time." />
+            <Item emoji="🛑" title="Kill switch" body="One click and the agent is revoked everywhere. Existing tokens stop working immediately." />
+            <Item emoji="📜" title="Audit log" body="Every action is logged with timestamp, capability used, and signature. Prove what happened." />
+            <Item emoji="🔍" title="Public verification" body="Anyone can hit githat.io/verify/agent/<wallet> and see the agent's status, capabilities, and recent actions." />
+          </ul>
+        </div>
+      </section>
+    </div>
+  );
+}
+
+function Item({ emoji, title, body }: { emoji: string; title: string; body: string }) {
+  return (
+    <li style=\{{
+      display: 'flex',
+      gap: 'var(--space-4)',
+      padding: 'var(--space-4)',
+      borderRadius: 'var(--radius-md, 0.5rem)',
+      background: 'var(--surface)',
+    }}>
+      <span style=\{{ fontSize: '1.5rem' }} aria-hidden>{emoji}</span>
+      <div>
+        <div style=\{{ fontWeight: 600, marginBottom: 'var(--space-1)' }}>{title}</div>
+        <div style=\{{ fontSize: '0.875rem', color: 'var(--fg-muted)' }}>{body}</div>
+      </div>
+    </li>
+  );
+}

package/templates/agent/next.config.ts.hbs

@@ -0,0 +1,9 @@
+{{#if typescript}}import type { NextConfig } from 'next';
+{{/if}}import { withGitHat } from '@githat/nextjs/server';
+
+{{#if typescript}}const nextConfig: NextConfig = {
+{{else}}const nextConfig = {
+{{/if}}  output: 'standalone',
+};
+
+export default withGitHat(nextConfig);

package/templates/agent/postcss.config.mjs.hbs

@@ -0,0 +1,14 @@
+/*
+ * Plain template — Tailwind v4 PostCSS plugin is required even though
+ * the plain scaffold doesn't use Tailwind utility classes. The auth
+ * page CSS shipped by `@githat/nextjs/styles` is processed through
+ * @tailwindcss/postcss at build time. Drop this config and the
+ * auth pages render unstyled.
+ */
+const config = {
+  plugins: {
+    '@tailwindcss/postcss': {},
+  },
+};
+
+export default config;

package/templates/agent/proxy.ts.hbs

@@ -0,0 +1,10 @@
+import { authProxy } from '@githat/nextjs/proxy';
+
+export const proxy = authProxy({
+  publicRoutes: ['/', '/sign-in', '/sign-up'{{#if includeForgotPassword}}, '/forgot-password', '/reset-password'{{/if}}{{#if includeEmailVerification}}, '/verify-email'{{/if}}],
+  signInUrl: '/sign-in',
+});
+
+export const config = {
+  matcher: ['/((?!_next|api|.*\\..*).*)'],
+};

package/templates/agent/tsconfig.json.hbs

@@ -0,0 +1,21 @@
+{
+  "compilerOptions": {
+    "target": "ES2017",
+    "lib": ["dom", "dom.iterable", "esnext"],
+    "allowJs": true,
+    "skipLibCheck": true,
+    "strict": true,
+    "noEmit": true,
+    "esModuleInterop": true,
+    "module": "esnext",
+    "moduleResolution": "bundler",
+    "resolveJsonModule": true,
+    "isolatedModules": true,
+    "jsx": "preserve",
+    "incremental": true,
+    "plugins": [{ "name": "next" }],
+    "paths": { "@/*": ["./*"] }
+  },
+  "include": ["next-env.d.ts", "**/*.ts", "**/*.tsx", ".next/types/**/*.ts"],
+  "exclude": ["node_modules"]
+}

package/templates/base/.env.example.hbs

@@ -1,11 +1,11 @@
 # GitHat Identity
-{{#ifEquals framework "nextjs"}}
+{{#ifNext framework}}
 NEXT_PUBLIC_GITHAT_PUBLISHABLE_KEY=pk_test_your_key_here
 NEXT_PUBLIC_GITHAT_API_URL={{apiUrl}}
 {{else}}
 VITE_GITHAT_PUBLISHABLE_KEY=pk_test_your_key_here
 VITE_GITHAT_API_URL={{apiUrl}}
-{{/ifEquals}}
+{{/ifNext}}
 {{#if useDatabase}}
 
 # Database

package/templates/base/.env.local.example.hbs

@@ -0,0 +1,20 @@
+{{#ifNext framework}}
+# GitHat — publishable key for this app.
+# Get yours at https://githat.io/dashboard/apps
+NEXT_PUBLIC_GITHAT_PUBLISHABLE_KEY=pk_live_your_key_here
+
+# GitHat API base URL (leave as-is unless using a self-hosted deployment)
+NEXT_PUBLIC_GITHAT_API_URL={{apiUrl}}
+{{else}}
+# GitHat — publishable key for this app.
+# Get yours at https://githat.io/dashboard/apps
+VITE_GITHAT_PUBLISHABLE_KEY=pk_live_your_key_here
+
+# GitHat API base URL (leave as-is unless using a self-hosted deployment)
+VITE_GITHAT_API_URL={{apiUrl}}
+{{/ifNext}}
+{{#if useDatabase}}
+
+# Database
+DATABASE_URL="postgresql://user:password@localhost:5432/{{projectName}}"
+{{/if}}

package/templates/base/.env.local.hbs

@@ -1,10 +1,21 @@
-{{#ifEquals framework "nextjs"}}
+{{#ifNext framework}}
+# ─── GitHat publishable key ──────────────────────────────────────────────
+# Paste your key from https://githat.io/dashboard/apps below.
+# This file is gitignored — your key never gets committed by accident.
+# (Don't put real keys on the command line. Shell history is forever.)
 NEXT_PUBLIC_GITHAT_PUBLISHABLE_KEY={{publishableKey}}
 NEXT_PUBLIC_GITHAT_API_URL={{apiUrl}}
 {{else}}
+# ─── GitHat publishable key ──────────────────────────────────────────────
+# Paste your key from https://githat.io/dashboard/apps below.
+# This file is gitignored — your key never gets committed by accident.
+# (Don't put real keys on the command line. Shell history is forever.)
 VITE_GITHAT_PUBLISHABLE_KEY={{publishableKey}}
 VITE_GITHAT_API_URL={{apiUrl}}
-{{/ifEquals}}
+{{/ifNext}}
 {{#if useDatabase}}
+
+# ─── Database ────────────────────────────────────────────────────────────
+# Replace with your real connection string.
 DATABASE_URL="postgresql://user:password@localhost:5432/{{projectName}}"
 {{/if}}

package/templates/base/.github/CODEOWNERS.hbs

@@ -0,0 +1 @@
+* @{{githubUsername}}

package/templates/base/.github/SECURITY.md

@@ -0,0 +1,10 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Please **do not** open a public GitHub issue for security vulnerabilities.
+
+Email: security@githat.io
+
+Include a description of the issue, steps to reproduce, and the potential impact.
+We aim to respond within 48 hours and will keep you updated as we work on a fix.

package/templates/base/.github/dependabot.yml

@@ -0,0 +1,19 @@
+version: 2
+updates:
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 5
+    labels: ["dependencies"]
+    groups:
+      dev-dependencies:
+        dependency-type: "development"
+      githat:
+        patterns: ["@githat/*"]
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+    open-pull-requests-limit: 3
+    labels: ["dependencies", "github-actions"]