drawer-so 0.9.0

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Joshua Munsch
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OF OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,92 @@
+# drawer-so
+
+Publish files and directories to [Drawer](https://drawer.so) from the terminal.
+
+The CLI targets `https://drawer.so` by default; override with `DRAWER_BASE_URL`.
+
+## Install
+
+```bash
+npm install -g drawer-so
+# verify
+drawer --help
+```
+
+## Quick start
+
+```bash
+# one-time: paste your drawer API key (drw_…)
+drawer auth login
+
+# publish a single file
+drawer publish ./report.html --title "Q3 report"
+
+# publish a directory (zipped + uploaded as a multi-file artifact)
+drawer publish ./site --title "demo site"
+
+# update an existing artifact in place
+drawer publish ./report.html --update art_abc1234567
+
+# patch — surgical find/replace
+drawer patch art_abc1234567 --find "Q3" --replace "Q4"
+
+# list / open
+drawer list
+drawer open art_abc1234567
+```
+
+## Config
+
+API key + base URL are stored in `~/.config/drawer/cli-config.json` (chmod 600).
+
+Override per-invocation with env vars:
+
+- `DRAWER_API_KEY` — override the saved key
+- `DRAWER_BASE_URL` — override the base URL (default `https://drawer.so`)
+
+## Commands
+
+```
+drawer auth login                         Paste an API key and save it
+drawer auth logout                        Delete saved key
+drawer auth whoami                        Show stored key prefix + base URL
+
+drawer publish <file|dir>                 Publish a file or directory
+  --title <text>                          Title shown in the browser tab
+  --visibility <tier>                     public | unlisted (default) | password
+  --password <text>                       Required when --visibility=password
+  --update <artifact_id>                  Update an existing artifact instead
+
+drawer list                               List your artifacts
+drawer get <artifact_id>                  Print artifact metadata as JSON
+drawer open <artifact_id>                 Open the artifact URL in your default browser
+drawer delete <artifact_id> [--yes]       Permanently delete (asks first)
+
+drawer patch <artifact_id>                Find/replace surgical edit
+  --file <path>                           Defaults to the artifact's entry file
+  --find <text>                           Required
+  --replace <text>                        Required
+  --replace-all                           Replace every occurrence
+
+drawer revert <artifact_id> [--to <ver>]  Promote a prior version back to current
+drawer diff <artifact_id> <from> [to]     Unified diff between versions
+```
+
+## Notes
+
+- Uploads use the unified `/api/artifacts/upload` endpoint, which dispatches by `Content-Type` (single file vs. zip archive).
+- Directories are bundled into a zip in-memory and uploaded; `node_modules` and `.git` are skipped by default.
+- Uploads cap at 100 MB raw / 200 MB extracted.
+- All commands honor per-API-key rate limits (60 mutating requests/min, 1000/hour).
+
+## For maintainers — publishing
+
+One-liner to publish a release from a clean checkout:
+
+```bash
+git pull && cd cli && npm install && npm run build && npm publish --access public
+```
+
+- `npm login` is a one-time setup on the publishing machine.
+- Bumping versions: `npm version patch && git push --follow-tags && npm publish --access public` (use `minor` or `major` as appropriate). The `prepublishOnly` script re-runs the build.
+- See [PUBLISHING.md](./PUBLISHING.md) for the full pre-flight checklist.

package/dist/drawer.js

@@ -0,0 +1,355 @@
+#!/usr/bin/env node
+
+// src/drawer.ts
+import { cac } from "cac";
+import { promises as fs } from "fs";
+import path from "path";
+import os from "os";
+import readline from "readline/promises";
+import { stdin, stdout } from "process";
+import { zipSync } from "fflate";
+import { exec } from "child_process";
+var DEFAULT_BASE = "https://drawer.so";
+var CONFIG_DIR = path.join(os.homedir(), ".config", "drawer");
+var CONFIG_FILE = path.join(CONFIG_DIR, "cli-config.json");
+async function loadConfig() {
+  try {
+    const raw = await fs.readFile(CONFIG_FILE, "utf-8");
+    return JSON.parse(raw);
+  } catch {
+    return {};
+  }
+}
+async function saveConfig(cfg) {
+  await fs.mkdir(CONFIG_DIR, { recursive: true, mode: 448 });
+  await fs.writeFile(CONFIG_FILE, JSON.stringify(cfg, null, 2));
+  await fs.chmod(CONFIG_FILE, 384);
+}
+function baseUrl(cfg) {
+  return process.env.DRAWER_BASE_URL || cfg.base_url || DEFAULT_BASE;
+}
+async function requireKey(cfg) {
+  const key = process.env.DRAWER_API_KEY || cfg.api_key;
+  if (!key) {
+    die(
+      "no API key found.\n  Run `drawer auth login` to save one, or set DRAWER_API_KEY.\n  Get a key by signing in at " + DEFAULT_BASE + " (one is minted on first GitHub sign-in)."
+    );
+  }
+  return key;
+}
+function die(msg, code = 1) {
+  console.error("drawer: " + msg);
+  process.exit(code);
+}
+async function apiRequest(cfg, pathname, init = {}) {
+  const key = await requireKey(cfg);
+  const url = baseUrl(cfg).replace(/\/+$/, "") + pathname;
+  const headers = new Headers(init.headers ?? {});
+  headers.set("Authorization", `Bearer ${key}`);
+  let body = init.body;
+  if (init.rawBody) {
+    body = init.rawBody;
+  } else if (init.jsonBody !== void 0) {
+    headers.set("Content-Type", "application/json");
+    body = JSON.stringify(init.jsonBody);
+  }
+  const res = await fetch(url, { ...init, body, headers });
+  return res;
+}
+async function readBodySafely(res) {
+  const ct = res.headers.get("content-type") ?? "";
+  if (ct.includes("application/json")) {
+    try {
+      return await res.json();
+    } catch {
+      return await res.text().catch(() => "");
+    }
+  }
+  return res.text().catch(() => "");
+}
+function failOnNon2xx(res, body, hint) {
+  if (res.ok) return;
+  let detail;
+  if (typeof body === "string") {
+    detail = body;
+  } else if (body && typeof body === "object") {
+    const rec = body;
+    if (typeof rec.message === "string") {
+      detail = rec.message;
+    } else if (typeof rec.error === "string") {
+      detail = rec.error;
+    } else if (rec.error && typeof rec.error === "object" && typeof rec.error.message === "string") {
+      detail = String(rec.error.message);
+    } else {
+      detail = JSON.stringify(body);
+    }
+  } else {
+    detail = String(body ?? "");
+  }
+  const statusLabel = res.statusText || statusName(res.status);
+  die(
+    `request failed (${res.status}${statusLabel ? ` ${statusLabel}` : ""})${hint ? ` \u2014 ${hint}` : ""}
+  ${detail || "(empty body)"}`,
+    1
+  );
+}
+function statusName(status) {
+  switch (status) {
+    case 400:
+      return "Bad Request";
+    case 401:
+      return "Unauthorized";
+    case 402:
+      return "Payment Required";
+    case 403:
+      return "Forbidden";
+    case 404:
+      return "Not Found";
+    case 409:
+      return "Conflict";
+    case 413:
+      return "Payload Too Large";
+    case 429:
+      return "Too Many Requests";
+    case 500:
+      return "Internal Server Error";
+    case 502:
+      return "Bad Gateway";
+    case 503:
+      return "Service Unavailable";
+    default:
+      return "";
+  }
+}
+var cli = cac("drawer");
+async function doAuthLogin() {
+  const rl = readline.createInterface({ input: stdin, output: stdout });
+  const key = (await rl.question("Paste your drawer API key (drw_...): ")).trim();
+  rl.close();
+  if (!key.startsWith("drw_")) {
+    die("expected key to start with 'drw_'");
+  }
+  const cfg = await loadConfig();
+  cfg.api_key = key;
+  if (!cfg.base_url) cfg.base_url = DEFAULT_BASE;
+  await saveConfig(cfg);
+  console.log(`saved to ${CONFIG_FILE} (key prefix: ${key.slice(0, 12)}\u2026, base: ${cfg.base_url})`);
+}
+async function doAuthLogout() {
+  try {
+    await fs.unlink(CONFIG_FILE);
+    console.log("removed", CONFIG_FILE);
+  } catch {
+    console.log("no config to remove");
+  }
+}
+async function doAuthWhoami() {
+  const cfg = await loadConfig();
+  const key = process.env.DRAWER_API_KEY || cfg.api_key;
+  console.log("base:", baseUrl(cfg));
+  console.log("key: ", key ? `${key.slice(0, 12)}\u2026 (source: ${process.env.DRAWER_API_KEY ? "env" : "config"})` : "(none)");
+}
+cli.command("auth <action>", "Manage credentials: login | logout | whoami").action(async (action) => {
+  switch (action) {
+    case "login":
+      return doAuthLogin();
+    case "logout":
+      return doAuthLogout();
+    case "whoami":
+      return doAuthWhoami();
+    default:
+      die(`unknown auth action '${action}' (expected login | logout | whoami)`);
+  }
+});
+cli.command("publish <path>", "Publish a file or directory and return the URL").option("--title <title>", "Title shown in the browser tab").option("--visibility <visibility>", "public | unlisted | password (default unlisted)").option("--password <password>", "Required if visibility=password").option("--update <artifact_id>", "Update an existing artifact instead of creating a new one").action(async (target, flags) => {
+  const cfg = await loadConfig();
+  const abs = path.resolve(target);
+  let stat;
+  try {
+    stat = await fs.stat(abs);
+  } catch (e) {
+    die(`cannot read '${target}': ${e.message}`);
+  }
+  const visibility = (flags.visibility ?? "unlisted").toLowerCase();
+  if (!["public", "unlisted", "password"].includes(visibility)) {
+    die(`invalid visibility '${visibility}' (expected public | unlisted | password)`);
+  }
+  if (visibility === "password" && !flags.password) {
+    die("--password is required when --visibility=password");
+  }
+  const headers = new Headers();
+  if (flags.title) headers.set("X-Drawer-Title", encodeURIComponent(flags.title));
+  headers.set("X-Drawer-Visibility", visibility);
+  if (flags.password) headers.set("X-Drawer-Password", flags.password);
+  let body;
+  let contentType;
+  if (stat.isDirectory()) {
+    const zipped = await zipDirectory(abs);
+    body = Buffer.from(zipped);
+    contentType = "application/zip";
+  } else {
+    body = await fs.readFile(abs);
+    contentType = mimeForExt(path.extname(abs).slice(1));
+  }
+  headers.set("Content-Type", contentType);
+  const endpoint = flags.update ? `/api/artifacts/${encodeURIComponent(flags.update)}/upload` : "/api/artifacts/upload";
+  const res = await apiRequest(cfg, endpoint, {
+    method: "POST",
+    rawBody: body,
+    headers
+  });
+  const responseBody = await readBodySafely(res);
+  failOnNon2xx(res, responseBody, "publish failed");
+  const r = responseBody;
+  const url = String(r.url ?? "");
+  const id = String(r.artifact_id ?? flags.update ?? "");
+  if (url) console.log(url);
+  if (id) console.log("artifact_id:", id);
+  if (r.version_id) console.log("version_id:", r.version_id);
+});
+async function zipDirectory(dir) {
+  const zippable = {};
+  const stack = [dir];
+  while (stack.length > 0) {
+    const cur = stack.pop();
+    const entries = await fs.readdir(cur, { withFileTypes: true });
+    for (const ent of entries) {
+      const full = path.join(cur, ent.name);
+      if (ent.isDirectory()) {
+        if (ent.name === "node_modules" || ent.name.startsWith(".git")) continue;
+        stack.push(full);
+      } else if (ent.isFile()) {
+        const rel = path.relative(dir, full).split(path.sep).join("/");
+        zippable[rel] = new Uint8Array(await fs.readFile(full));
+      }
+    }
+  }
+  if (Object.keys(zippable).length === 0) {
+    die(`directory '${dir}' is empty`);
+  }
+  return zipSync(zippable);
+}
+function mimeForExt(ext) {
+  const map = {
+    html: "text/html",
+    htm: "text/html",
+    md: "text/markdown",
+    markdown: "text/markdown",
+    txt: "text/plain",
+    json: "application/json",
+    css: "text/css",
+    js: "text/javascript",
+    svg: "image/svg+xml"
+  };
+  return map[ext.toLowerCase()] || "text/html";
+}
+cli.command("list", "List your artifacts").action(async () => {
+  const cfg = await loadConfig();
+  const res = await apiRequest(cfg, "/api/artifacts", { method: "GET" });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "list failed");
+  const artifacts = body.artifacts ?? [];
+  if (artifacts.length === 0) {
+    console.log("(no artifacts yet \u2014 `drawer publish <file>` to create one)");
+    return;
+  }
+  for (const a of artifacts) {
+    console.log(`${a.artifact_id}  ${a.visibility.padEnd(11)}  ${a.title ?? "(untitled)"}`);
+    console.log(`  ${a.url}`);
+  }
+});
+cli.command("get <artifact_id>", "Show artifact metadata").action(async (id) => {
+  const cfg = await loadConfig();
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}`, { method: "GET" });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "get failed");
+  console.log(JSON.stringify(body, null, 2));
+});
+cli.command("open <artifact_id>", "Open the artifact URL in your default browser").action(async (id) => {
+  const cfg = await loadConfig();
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}`, { method: "GET" });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "lookup failed");
+  if (!body.url) die("no url in response");
+  const url = body.url;
+  console.log(url);
+  const opener = process.platform === "darwin" ? `open ${shellQuote(url)}` : process.platform === "win32" ? `start "" ${shellQuote(url)}` : `xdg-open ${shellQuote(url)}`;
+  exec(opener, () => {
+  });
+});
+function shellQuote(s) {
+  return `'${s.replace(/'/g, "'\\''")}'`;
+}
+cli.command("delete <artifact_id>", "Permanently delete an artifact (asks first)").option("-y, --yes", "Skip the confirmation prompt").action(async (id, flags) => {
+  const cfg = await loadConfig();
+  if (!flags.yes) {
+    const rl = readline.createInterface({ input: stdin, output: stdout });
+    const ans = (await rl.question(`Delete artifact ${id}? This is permanent. [y/N] `)).trim().toLowerCase();
+    rl.close();
+    if (ans !== "y" && ans !== "yes") {
+      console.log("aborted");
+      return;
+    }
+  }
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}`, { method: "DELETE" });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "delete failed");
+  console.log("deleted", id);
+});
+cli.command("patch <artifact_id>", "Surgical find/replace on an existing artifact").option("--file <file>", "File within the artifact (default: entry file, usually index.html)").option("--find <text>", "Text to find (must be unique unless --replace-all)").option("--replace <text>", "Replacement text").option("--replace-all", "Replace every occurrence of --find").action(async (id, flags) => {
+  if (flags.find === void 0 || flags.replace === void 0) {
+    die("--find and --replace are both required");
+  }
+  const cfg = await loadConfig();
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}/patch`, {
+    method: "POST",
+    jsonBody: {
+      edits: [
+        {
+          file: flags.file,
+          old: flags.find,
+          new: flags.replace,
+          replace_all: Boolean(flags.replaceAll)
+        }
+      ]
+    }
+  });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "patch failed");
+  console.log(JSON.stringify(body, null, 2));
+});
+cli.command("revert <artifact_id>", "Promote a previous version back to current").option("--to <version_id>", "Specific version to revert to (default: previous)").action(async (id, flags) => {
+  const cfg = await loadConfig();
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}/revert`, {
+    method: "POST",
+    jsonBody: flags.to ? { to_version_id: flags.to } : {}
+  });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "revert failed");
+  console.log(JSON.stringify(body, null, 2));
+});
+cli.command("diff <artifact_id> <from_version_id> [to_version_id]", "Unified diff between two versions").action(async (id, from, to) => {
+  const cfg = await loadConfig();
+  const qs = new URLSearchParams();
+  qs.set("from", from);
+  if (to) qs.set("to", to);
+  const res = await apiRequest(cfg, `/api/artifacts/${encodeURIComponent(id)}/diff?${qs}`, {
+    method: "GET"
+  });
+  const body = await readBodySafely(res);
+  failOnNon2xx(res, body, "diff failed");
+  const r = body;
+  if (!r.files) {
+    console.log(JSON.stringify(body, null, 2));
+    return;
+  }
+  console.log(`${r.files_changed ?? 0} files changed`);
+  for (const [p, info] of Object.entries(r.files)) {
+    console.log(`
+--- ${p} (${info.status}) ---`);
+    if (info.diff) console.log(info.diff);
+  }
+});
+cli.help();
+cli.version("0.9.0");
+cli.parse();

package/package.json

@@ -0,0 +1,50 @@
+{
+  "name": "drawer-so",
+  "version": "0.9.0",
+  "description": "Drawer CLI — publish files and directories to drawer.so from the terminal.",
+  "keywords": [
+    "drawer",
+    "cli",
+    "publish",
+    "artifacts",
+    "agent",
+    "mcp"
+  ],
+  "homepage": "https://drawer.so",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/junofaux/drawer.git",
+    "directory": "cli"
+  },
+  "bugs": {
+    "url": "https://github.com/junofaux/drawer/issues"
+  },
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "drawer": "./dist/drawer.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup src/drawer.ts --format esm --target node18 --clean --shims",
+    "dev": "tsx src/drawer.ts",
+    "prepublishOnly": "npm run build",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "cac": "^6.7.14",
+    "fflate": "^0.8.2"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.5",
+    "tsup": "^8.3.5",
+    "tsx": "^4.19.2",
+    "typescript": "^5.7.2"
+  },
+  "engines": {
+    "node": ">=18"
+  }
+}