npm - kasy-cli - Versions diffs - 1.18.0 → 1.19.1 - Mend

kasy-cli 1.18.0 → 1.19.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (34) hide show

package/bin/kasy.js CHANGED Viewed

@@ -354,7 +354,9 @@ function buildProgram(language) {
       .argument('[directory]', 'Project folder (default: current directory)', '.')
       .option('--ios', 'Run on iOS simulator/device')
       .option('--android', 'Run on Android emulator/device')
-      .option('--web', 'Run on Chrome (web)')
+      .option('--web', 'Run on web — prints localhost URL in lime so you open it in your own browser (your extensions, your accounts)')
+      .option('--open', 'With --web: auto-launch a clean Chrome window (Flutter profile, no extensions) instead of just printing the URL')
+      .option('--web-port <port>', 'Fixed port for web (default 5555) — keeps the origin stable so Firebase Auth sessions persist between runs')
       .option('-d, --device <id>', 'Run on specific device ID')
       .option('--prod', 'Use production dart-defines (from launch.json)')
       .option('--no-defines', 'Skip dart-defines from launch.json')

package/lib/commands/new.js CHANGED Viewed

@@ -29,7 +29,7 @@ function openUrl(url) {
   } catch (_) {}
 }
 const ui = require('../utils/ui');
-const { printBanner, infoBox, successBox, paintLime } = require('../utils/brand');
+const { printBanner, successBox, paintLime } = require('../utils/brand');
 const fs = require('fs-extra');
 const { createTranslator } = require('../utils/i18n');
 const { getStoredLanguage, setStoredLanguage } = require('../utils/license');
@@ -187,26 +187,6 @@ function printPrerequisites(tr, backend, firebaseSetupMode = 'existing', checkRe
   }
 }
-function printSummary(tr, answers) {
-  const modules = answers.modules.length > 0
-    ? answers.modules.join(', ')
-    : tr('new.firebase.confirm.none');
-  const backendLabel = { firebase: '🔥 Firebase', supabase: '🟢 Supabase', api: '🔗 API REST' }[answers.backend] || answers.backend;
-  const rows = [
-    `${kleur.dim(tr('new.firebase.confirm.app') + ':')}        ${kleur.white(answers.appName)}`,
-    `${kleur.dim('Bundle:')}        ${kleur.white(answers.bundleId)}`,
-    `${kleur.dim('Backend:')}       ${kleur.white(backendLabel)}`,
-  ];
-  if (answers.firebaseProjectId) rows.push(`${kleur.dim('Firebase:')}      ${kleur.white(answers.firebaseProjectId)}`);
-  if (answers.supabaseUrl)       rows.push(`${kleur.dim('Supabase URL:')}  ${kleur.white(answers.supabaseUrl)}`);
-  if (answers.apiBaseUrl)        rows.push(`${kleur.dim('API URL:')}       ${kleur.white(answers.apiBaseUrl)}`);
-  rows.push(`${kleur.dim(tr('new.firebase.confirm.modules') + ':')}     ${kleur.white(modules)}`);
-  console.log(infoBox(`📦 ${tr('new.firebase.confirm.title')}`, rows.join('\n')));
-}
 const STEP_LABELS = {
   'project-setup':  { en: 'Project configured',                     pt: 'Projeto configurado',                   es: 'Proyecto configurado' },
   'pub-get':        { en: 'Packages installed',                      pt: 'Pacotes instalados',                    es: 'Paquetes instalados' },
@@ -254,6 +234,7 @@ const STEP_LABELS = {
   'service-account': { en: 'Service account key created', pt: 'Chave de conta de servico criada', es: 'Clave de cuenta de servicio creada' },
   'firestore': { en: 'Firestore database created', pt: 'Banco Firestore criado', es: 'Base de datos Firestore creada' },
   'storage': { en: 'Firebase Storage bucket created', pt: 'Bucket Firebase Storage criado', es: 'Bucket Firebase Storage creado' },
+  'storage-cors': { en: 'CORS enabled on Storage (web images)', pt: 'CORS ativado no Storage (imagens na web)', es: 'CORS activado en Storage (imágenes en web)' },
 };
 const STEP_PROGRESS = {
@@ -275,6 +256,7 @@ const STEP_PROGRESS = {
   'service-account': { en: 'Creating service account key…',         pt: 'Criando chave de conta de servico…',      es: 'Creando clave de cuenta de servicio…' },
   'firestore':     { en: 'Creating Firestore database…',            pt: 'Criando banco Firestore…',                es: 'Creando base de datos Firestore…' },
   'storage':       { en: 'Creating Firebase Storage bucket…',       pt: 'Criando bucket Firebase Storage…',        es: 'Creando bucket Firebase Storage…' },
+  'storage-cors':  { en: 'Enabling CORS on Storage…',                pt: 'Ativando CORS no Storage…',               es: 'Activando CORS en Storage…' },
   'deploy-retry-wait':   { en: 'Waiting 4 min for GCP permissions to propagate… (do not close terminal)', pt: 'Aguardando 4 min para permissões do GCP propagarem… (não feche o terminal)', es: 'Esperando 4 min para propagar permisos de GCP… (no cierres la terminal)' },
   'deploy-retry-wait-2': { en: 'Retrying with updated permissions, 2 more min… (almost there!)', pt: 'Tentando novamente com permissões atualizadas, mais 2 min… (quase lá!)', es: 'Reintentando con permisos actualizados, 2 min más… (¡casi listo!)' },
 };
@@ -632,7 +614,13 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     await ensureBilling();
   }
+  // Visible section header for Advanced — helps the user track where they are.
+  const section = (key) => {
+    if (!isQuick) ui.log.info(paintLime(`── ${tr(key)} ──`));
+  };
   // ── Bundle ID — Quick uses derived value silently; Step-by-step lets user override ─
+  section('new.advanced.section.config');
   if (!isQuick) {
     const bundleId = await ui.text({
       message: tr('new.firebase.q.bundleId'),
@@ -767,7 +755,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
       ui.log.info(tr('new.firebase.create.estimatedTime'));
       const selectedOrgId = await promptOrganizationIfNeeded(tr, cancel);
       let selectedBillingId = await promptBillingAccountIfNeeded(tr, cancel);
-      const ps1 = isQuick ? ui.makeQuickStepper({ color: paintLime }) : ui.makeTimedStepper();
+      const ps1 = ui.makeQuickStepper({ color: paintLime });
       ps1.next(tr('new.firebase.create.creating'));
       const ps1OnProgress = (key, data) => {
         if (key === 'wait-propagate') {
@@ -776,6 +764,11 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
           ps1.next(stepProgress('firestore', language));
         } else if (key === 'storage') {
           ps1.next(stepProgress('storage', language));
+        } else if (key === 'storage-cors') {
+          ps1.next(stepProgress('storage-cors', language));
+        } else if (key === 'storage-cors-warn') {
+          ps1.stop();
+          ui.log.warn(`Storage CORS: ${(data?.error || '').slice(0, 80)}\n${kleur.cyan(data?.url || '')}`);
         } else if (key === 'auth-providers-warn') {
           ps1.stop();
           ui.log.warn(`${tr('new.firebase.interactive.authWarn')}\n${kleur.cyan(data?.url || '')}`);
@@ -864,7 +857,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
           }
           ui.log.message(tr('new.firebase.create.billingRetry.retrying'));
           selectedBillingId = await promptBillingAccountIfNeeded(tr, cancel);
-          const ps2 = isQuick ? ui.makeQuickStepper({ color: paintLime }) : ui.makeTimedStepper();
+          const ps2 = ui.makeQuickStepper({ color: paintLime });
           ps2.next(tr('new.firebase.create.creating'));
           lastResult = await setupFromScratch(core.appName.trim(), core.bundleId.trim(), {
                 includeWeb: firebaseIncludeWeb,
@@ -953,7 +946,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
       ui.log.info(tr('new.firebase.create.estimatedTime'));
       const selectedOrgId = await promptOrganizationIfNeeded(tr, cancel);
       const selectedBillingId = await promptBillingAccountIfNeeded(tr, cancel);
-      const ps3 = isQuick ? ui.makeQuickStepper({ color: paintLime }) : ui.makeTimedStepper();
+      const ps3 = ui.makeQuickStepper({ color: paintLime });
       ps3.next(tr('new.firebase.create.creatingPush'));
       const setupResult = await setupFromScratch(core.appName.trim(), core.bundleId.trim(), {
         includeWeb: true,
@@ -1162,7 +1155,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
   // ── Firebase existing project: enable APIs + create Firestore/Storage ───
   if (backend === 'firebase' && firebaseSetupMode === 'existing' && core.firebaseProjectId) {
-    const ps4 = ui.makeTimedStepper();
+    const ps4 = ui.makeQuickStepper({ color: paintLime });
     ps4.next(stepProgress('enable-apis', language));
     const existingSetup = await setupExistingProject(core.firebaseProjectId, {
       onProgress: (key, data) => {
@@ -1175,6 +1168,11 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
           ps4.next(stepProgress('firestore', language));
         } else if (key === 'storage') {
           ps4.next(stepProgress('storage', language));
+        } else if (key === 'storage-cors') {
+          ps4.next(stepProgress('storage-cors', language));
+        } else if (key === 'storage-cors-warn') {
+          ps4.stop();
+          ui.log.warn(`Storage CORS: ${(data?.error || '').slice(0, 80)}\n${kleur.cyan(data?.url || '')}`);
         } else if (key === 'auth-providers-warn') {
           ps4.stop();
           ui.log.warn(`${tr('new.firebase.interactive.authWarn')}\n${kleur.cyan(data?.url || '')}`);
@@ -1216,6 +1214,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     // it later with `kasy add facebook` when they have the credentials.
     modules = (MODULE_PRESETS.full || []).filter((m) => m !== 'facebook');
   } else {
+    section('new.advanced.section.features');
     // Advanced mode: full multiselect — built from catalog, filtered by audience + backend.
     const visibleFeatures = getVisibleFeatures({ audience: KASY_AUDIENCE, backend });
@@ -1251,10 +1250,15 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
       }
     }
+    // Pre-select everything available except Facebook — faster than ticking
+    // 8 boxes; user just deselects what they don't want.
+    const defaultSelected = moduleOptions
+      .map((o) => o.value)
+      .filter((id) => id !== 'facebook');
     const rawModules = await ui.multiselect({
       message: tr('new.firebase.q.modules'),
       options: moduleOptions,
-      initialValues: [],
+      initialValues: defaultSelected,
       required: false,
       onCancel: cancel,
     });
@@ -1265,13 +1269,30 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     modules = [...new Set([...modules, 'web'])];
   }
+  // ── Credentials shortcut for Advanced ─────────────────────────────────────
+  // Default: defer (no prompts). Matches Quick's "scaffold first, secrets later"
+  // philosophy. User can opt-in to enter everything inline if they prefer.
+  let configureCredsNow = false;
+  if (!isQuick) {
+    const FEATURES_WITH_CREDS = ['revenuecat', 'sentry', 'analytics', 'llm_chat', 'facebook'];
+    if (modules.some((m) => FEATURES_WITH_CREDS.includes(m))) {
+      section('new.advanced.section.creds');
+      configureCredsNow = await ui.confirm({
+        message: tr('new.advanced.q.configureCredsNow'),
+        initialValue: false,
+        onCancel: cancel,
+      });
+    }
+  }
+  const askCreds = !isQuick && configureCredsNow;
   // ── Module-specific questions ───────────────────────────────────────────
   const moduleAnswers = {};
   if (modules.includes('revenuecat')) {
-    if (isQuick) {
-      // Quick mode: ship RevenueCat scaffolded with empty keys + default paywall.
-      // The user fills the keys later via `kasy configure revenuecat`.
+    if (!askCreds) {
+      // Defer mode: scaffold with empty keys + default paywall; user fills
+      // them later via `kasy configure revenuecat`.
       moduleAnswers.rcTestKey = '';
       moduleAnswers.rcIosProdKey = '';
       moduleAnswers.rcAndroidProdKey = '';
@@ -1327,26 +1348,26 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     }
   }
-  // RC web key — only in advanced mode (optional credential, can configure later).
-  if (!isQuick && modules.includes('revenuecat') && modules.includes('web')) {
-    const rcWebKey = await ui.text({
-      message: tr('new.firebase.q.revenuecat.webKey'),
-      validate: (v) => {
-        if (!v || !v.trim()) return undefined; // optional — blank is fine
-        return /^rcb_/.test(v.trim()) ? undefined : tr('new.firebase.q.revenuecat.webKey.invalid');
-      },
-      onCancel: cancel,
-    });
+  // RC web key — only when configuring inline. Otherwise mark scaffolded.
+  if (modules.includes('revenuecat') && modules.includes('web')) {
     moduleAnswers.revenuecatWeb = true;
-    moduleAnswers.rcWebKey = (rcWebKey || '').trim();
-  } else if (modules.includes('revenuecat') && modules.includes('web')) {
-    // Quick mode: mark web billing as included but key will be configured later.
-    moduleAnswers.revenuecatWeb = true;
-    moduleAnswers.rcWebKey = '';
+    if (askCreds) {
+      const rcWebKey = await ui.text({
+        message: tr('new.firebase.q.revenuecat.webKey'),
+        validate: (v) => {
+          if (!v || !v.trim()) return undefined; // optional — blank is fine
+          return /^rcb_/.test(v.trim()) ? undefined : tr('new.firebase.q.revenuecat.webKey.invalid');
+        },
+        onCancel: cancel,
+      });
+      moduleAnswers.rcWebKey = (rcWebKey || '').trim();
+    } else {
+      moduleAnswers.rcWebKey = '';
+    }
   }
-  // Sentry DSN — already optional (blank = configure later). Skip in quick mode.
-  if (!isQuick && modules.includes('sentry')) {
+  // Sentry DSN — only when configuring inline.
+  if (askCreds && modules.includes('sentry')) {
     moduleAnswers.sentryDsn = await ui.text({
       message: tr('new.firebase.q.sentry.dsn'),
       validate: (v) => {
@@ -1359,23 +1380,17 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     });
   }
-  // Mixpanel token — already optional. Skip in quick mode.
-  if (!isQuick && modules.includes('analytics')) {
+  // Mixpanel token — only when configuring inline.
+  if (askCreds && modules.includes('analytics')) {
     moduleAnswers.mixpanelToken = await ui.text({
       message: tr('new.firebase.q.mixpanel.token'),
       onCancel: cancel,
     });
   }
-  // LLM Chat credentials — skip in quick mode, all fields optional.
-  if (!isQuick && modules.includes('llm_chat')) {
-    const configureLlmNow = await ui.confirm({
-      message: tr('new.q.llm_chat.configureNow'),
-      initialValue: true,
-      onCancel: cancel,
-    });
-    if (configureLlmNow) {
+  // LLM Chat credentials.
+  if (modules.includes('llm_chat')) {
+    if (askCreds) {
       moduleAnswers.llmProvider = await ui.select({
         message: tr('add.prompt.llmProvider'),
         initialValue: 'openai',
@@ -1396,40 +1411,33 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     } else {
       moduleAnswers.llmConfigureLater = true;
     }
-  } else if (isQuick && modules.includes('llm_chat')) {
-    moduleAnswers.llmConfigureLater = true;
   }
-  // Facebook — required credentials. Quick mode ships scaffolded but empty
-  // (user adds credentials later via `kasy configure facebook`).
-  if (modules.includes('facebook') && !isQuick) {
-    moduleAnswers.fbAppId = await ui.text({
-      message: tr('new.firebase.q.facebook.appId'),
-      validate: (v) => {
-        if (!v || !v.trim()) return tr('new.firebase.q.facebook.appId.required');
-        return /^\d+$/.test(v.trim()) ? undefined : tr('new.firebase.q.facebook.appId.invalid');
-      },
-      onCancel: cancel,
-    });
-    moduleAnswers.fbToken = await ui.password({
-      message: tr('new.firebase.q.facebook.token'),
-      validate: (v) => (v && v.trim() ? undefined : tr('new.firebase.q.facebook.token.required')),
-      onCancel: cancel,
-    });
-  } else if (modules.includes('facebook') && isQuick) {
-    moduleAnswers.fbAppId = '';
-    moduleAnswers.fbToken = '';
+  // Facebook — required credentials when inline; scaffold-only otherwise.
+  if (modules.includes('facebook')) {
+    if (askCreds) {
+      moduleAnswers.fbAppId = await ui.text({
+        message: tr('new.firebase.q.facebook.appId'),
+        validate: (v) => {
+          if (!v || !v.trim()) return tr('new.firebase.q.facebook.appId.required');
+          return /^\d+$/.test(v.trim()) ? undefined : tr('new.firebase.q.facebook.appId.invalid');
+        },
+        onCancel: cancel,
+      });
+      moduleAnswers.fbToken = await ui.password({
+        message: tr('new.firebase.q.facebook.token'),
+        validate: (v) => (v && v.trim() ? undefined : tr('new.firebase.q.facebook.token.required')),
+        onCancel: cancel,
+      });
+    } else {
+      moduleAnswers.fbAppId = '';
+      moduleAnswers.fbToken = '';
+    }
   }
-  // Server secrets (webhook, Meta Ads) — skip in quick mode, configure later via `kasy deploy`.
-  if (!isQuick && modules.includes('revenuecat') && (backend === 'supabase' || backend === 'firebase')) {
-    const configureSecretsNow = await ui.confirm({
-      message: tr('new.firebase.q.secrets.configureNow'),
-      initialValue: true,
-      onCancel: cancel,
-    });
-    if (configureSecretsNow) {
+  // Server secrets (webhook, Meta Ads) — only when configuring inline.
+  if (modules.includes('revenuecat') && (backend === 'supabase' || backend === 'firebase')) {
+    if (askCreds) {
       moduleAnswers.rcWebhookKey = await ui.text({
         message: tr('new.firebase.q.revenuecat.webhookKey'),
         initialValue: generateWebhookKey(),
@@ -1451,9 +1459,6 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     } else {
       moduleAnswers.secretsConfigureLater = true;
     }
-  } else if (isQuick && modules.includes('revenuecat')) {
-    // Quick mode: always defer secrets to `kasy deploy`.
-    moduleAnswers.secretsConfigureLater = true;
   }
   // ── Deploy is now a separate command (`kasy deploy`) ─────────────
@@ -1474,24 +1479,13 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     apiBaseUrl: core.apiBaseUrl?.trim(),
   };
-  // Step-by-step mode shows summary before generating so the user can confirm.
-  // Quick mode skips it here — the summary is shown at the end with the success card.
-  if (!yes && !isQuick) {
-    printSummary(tr, answers);
-    const proceed = await ui.confirm({
-      message: tr('new.firebase.confirm.proceed'),
-      initialValue: true,
-      onCancel: cancel,
-    });
-    if (!proceed) {
-      ui.cancel(tr('prompt.cancelled'));
-      process.exit(0);
-    }
-  }
+  // No mid-flow confirmation: both Quick and Advanced go straight to the
+  // generation step once choices are made. The success card at the end shows
+  // the full summary. Cancel any time with Ctrl+C.
   // ── Generate ────────────────────────────────────────────────────────────
   // Quick: single rolling line that mutates message. Advanced: stack each step.
-  const stepper = isQuick ? ui.makeQuickStepper({ color: paintLime }) : ui.makeTimedStepper();
+  const stepper = ui.makeQuickStepper({ color: paintLime });
   // First step started here so even silent prep work shows progress.
   stepper.next(stepProgress('project-setup', language));

package/lib/commands/run.js CHANGED Viewed

@@ -4,7 +4,7 @@ const fs = require('fs-extra');
 const kleur = require('kleur');
 const ui = require('../utils/ui');
 const { createTranslator, detectDefaultLanguage } = require('../utils/i18n');
-const { printCompactHeader } = require('../utils/brand');
+const { printCompactHeader, paintLime } = require('../utils/brand');
 const { spawnFlutterWithSpinner } = require('../utils/flutter-run');
 function listFlutterDevices(projectDir) {
@@ -251,18 +251,32 @@ async function runRun(directory, options = {}) {
   const deviceArgs = [];
   let resolvedDeviceLabel = null;
   let pickedDevice = null;
+  let isChromeTarget = false;
+  let isWebServerTarget = false;
   if (options.web) {
-    deviceArgs.push('-d', 'chrome');
+    // Default: web-server (no auto-launched Chrome window with a throwaway
+    // profile). The URL is printed in lime so the user opens it in their own
+    // browser — keeping access to extensions, logged-in accounts, etc.
+    // Pass --open to fall back to flutter's auto-Chrome behavior.
+    if (options.open) {
+      isChromeTarget = true;
+      deviceArgs.push('-d', 'chrome');
+    } else {
+      isWebServerTarget = true;
+      deviceArgs.push('-d', 'web-server');
+    }
   } else if (options.ios) {
     deviceArgs.push('-d', 'ios');
   } else if (options.android) {
     deviceArgs.push('-d', 'android');
   } else if (options.device) {
+    if (options.device === 'chrome' || options.device === 'web-server') {
+      isChromeTarget = true;
+    }
     deviceArgs.push('-d', options.device);
   } else {
     const devices = listFlutterDevices(projectDir);
     if (devices.length > 1) {
-      printCompactHeader(t);
       pickedDevice = await pickDevice(devices, t);
       if (!pickedDevice) {
         console.log(kleur.yellow(`  ⚠  ${t('run.warn.nothingSelected')}`));
@@ -270,9 +284,18 @@ async function runRun(directory, options = {}) {
       }
       deviceArgs.push('-d', pickedDevice.id);
       resolvedDeviceLabel = `${pickedDevice.name} (${pickedDevice.id})`;
+      if (classifyDevice(pickedDevice) === 'web') isChromeTarget = true;
+    } else if (devices.length === 1 && classifyDevice(devices[0]) === 'web') {
+      // Single auto-picked Chrome — still force the fixed port.
+      isChromeTarget = true;
     }
-    // 0 or 1 device → let flutter handle it; it picks the only one or
-    // prints its own "no devices" message.
+  }
+  if (isChromeTarget || isWebServerTarget) {
+    // Pin a fixed port so the Chrome origin stays the same between runs.
+    // Firebase Auth persists sessions per-origin (IndexedDB) — a random port
+    // each run means the user gets logged out every restart.
+    deviceArgs.push('--web-port', options.webPort || '5555');
   }
   // Read dart-defines from .vscode/launch.json (skip if --no-defines)
@@ -307,7 +330,7 @@ async function runRun(directory, options = {}) {
   const envDefine = dartDefines.find((a) => a.startsWith('--dart-define=ENV='));
   const envValue = envDefine ? envDefine.split('=').pop() : null;
   const deviceLabel = options.web
-    ? 'chrome'
+    ? (isWebServerTarget ? 'web-server' : 'chrome')
     : options.ios
     ? 'ios'
     : options.android
@@ -320,6 +343,11 @@ async function runRun(directory, options = {}) {
   printCompactHeader(t);
   console.log(kleur.bold(`${t('run.launching')}${summary}`));
+  if (isWebServerTarget) {
+    const url = `http://localhost:${options.webPort || '5555'}`;
+    console.log(`  ${paintLime(`✦ ${t('run.web.open')}: ${url}`)}`);
+    console.log(kleur.dim(`  ${t('run.web.openHint')}`));
+  }
   if (rcInfo && rcInfo.mode !== 'legacy') {
     const mode = (options.rc || 'auto').toLowerCase();
     let label;

package/lib/scaffold/backends/firebase/setup-from-scratch.js CHANGED Viewed

@@ -317,6 +317,66 @@ async function createFirebaseStorageBucket(projectId, location = 'us-central1')
   return { ok: false, error: 'Max retries exceeded' };
 }
+/**
+ * Apply default CORS config to a Cloud Storage bucket so the browser can load
+ * objects (e.g. user avatars) from a Flutter web app. Without this the GET
+ * request hits a CORS error and the image silently fails to render.
+ *
+ * Tries the Firebase default bucket name first (<projectId>.firebasestorage.app
+ * for projects created after Oct 2024, <projectId>.appspot.com for legacy
+ * projects) and falls back to the other if the first 404s. Safe to call
+ * repeatedly — it overwrites the bucket-level cors config.
+ *
+ * Reads the policy from cli/templates/firebase/storage.cors.json so the same
+ * file is shipped to the user's project for visibility and manual re-runs.
+ *
+ * @param {string} projectId
+ * @returns {{ ok: boolean, bucket?: string, error?: string }}
+ */
+async function applyStorageCors(projectId, options = {}) {
+  const { corsFilePath } = options;
+  const defaultCorsPath = path.join(__dirname, '..', '..', '..', '..', 'templates', 'firebase', 'storage.cors.json');
+  const resolvedPath = corsFilePath || defaultCorsPath;
+  let corsConfig;
+  try {
+    corsConfig = await fs.readJson(resolvedPath);
+  } catch (e) {
+    return { ok: false, error: `Failed to read CORS config at ${resolvedPath}: ${e.message}` };
+  }
+  let token;
+  try {
+    token = await getAccessToken();
+  } catch (e) {
+    return { ok: false, error: 'Could not get access token' };
+  }
+  const candidates = [
+    `${projectId}.firebasestorage.app`,
+    `${projectId}.appspot.com`,
+  ];
+  let lastError = null;
+  for (const bucket of candidates) {
+    const url = `https://storage.googleapis.com/storage/v1/b/${bucket}?fields=cors`;
+    const res = await fetch(url, {
+      method: 'PATCH',
+      headers: {
+        Authorization: `Bearer ${token}`,
+        'Content-Type': 'application/json',
+        'X-Goog-User-Project': projectId,
+      },
+      body: JSON.stringify({ cors: corsConfig }),
+    });
+    if (res.ok) return { ok: true, bucket };
+    const text = await res.text();
+    lastError = `${res.status}: ${text}`;
+    // 404 means the bucket name doesn't exist — try the next candidate.
+    if (res.status !== 404) break;
+  }
+  return { ok: false, error: lastError || 'No matching bucket found' };
+}
 /**
  * Enable required Google Cloud APIs.
  */
@@ -864,6 +924,15 @@ async function setupFromScratch(appName, bundleId, options = {}) {
       error: storageResult.error,
       url: `https://console.firebase.google.com/project/${projectId}/storage`,
     });
+  } else {
+    onProgress('storage-cors');
+    const corsResult = await applyStorageCors(projectId);
+    if (!corsResult.ok) {
+      onProgress('storage-cors-warn', {
+        error: corsResult.error,
+        url: `https://console.cloud.google.com/storage/browser?project=${projectId}`,
+      });
+    }
   }
   onProgress('android-app');
@@ -970,6 +1039,15 @@ async function setupExistingProject(projectId, options = {}) {
       error: storageResult.error,
       url: `https://console.firebase.google.com/project/${projectId}/storage`,
     });
+  } else {
+    onProgress('storage-cors');
+    const corsResult = await applyStorageCors(projectId);
+    if (!corsResult.ok) {
+      onProgress('storage-cors-warn', {
+        error: corsResult.error,
+        url: `https://console.cloud.google.com/storage/browser?project=${projectId}`,
+      });
+    }
   }
   return {
@@ -1033,6 +1111,7 @@ async function registerDebugSha1(projectId, bundleId) {
 module.exports = {
   setupFromScratch,
   setupExistingProject,
+  applyStorageCors,
   checkBillingEnabled,
   enableAuthProviders,
   listBillingAccounts,

package/lib/utils/brand.js CHANGED Viewed

@@ -19,7 +19,7 @@ const boxen = boxenPackage.default || boxenPackage;
 //
 // kleur 4 in this repo doesn't ship `.hex()`, so we emit 24-bit ANSI directly.
 // Truecolor is supported by every macOS/Linux terminal we care about.
-const BRAND_RGB = { r: 210, g: 245, b: 30 }; // #D2F51E lime
+const BRAND_RGB = { r: 132, g: 204, b: 22 }; // #84CC16 lime (Tailwind lime-500, balanced for dark and light terminals)
 const paintLime = (text) => `\x1b[38;2;${BRAND_RGB.r};${BRAND_RGB.g};${BRAND_RGB.b}m${text}\x1b[0m`;
 const wordmark = paintLime;
 const DOMAIN_SUFFIX = kleur.gray('.dev');

package/lib/utils/i18n/messages-en.js CHANGED Viewed

@@ -575,6 +575,10 @@ module.exports = {
     'new.firebase.confirm.modules': 'Features',
     'new.firebase.confirm.none': 'none',
     'new.firebase.confirm.proceed': 'Create project now?',
+    'new.advanced.section.config': 'App configuration',
+    'new.advanced.section.features': 'Features',
+    'new.advanced.section.creds': 'Credentials',
+    'new.advanced.q.configureCredsNow': 'Enter credentials now? (you can defer to `kasy configure` later)',
     'new.firebase.step.copying': 'Setting up your project...',
     'new.firebase.step.pubGet': 'Installing Flutter packages...',
@@ -712,6 +716,8 @@ module.exports = {
     // run command
     'cli.command.run.description': 'Run your app on phone, simulator, or browser',
     'run.launching': 'Launching Flutter app...',
+    'run.web.open': 'Open in your browser',
+    'run.web.openHint': 'Cmd+click the link above (or copy/paste it). Use --open to auto-launch a dedicated Flutter Chrome window instead.',
     'run.prompt.pickDevice': 'Multiple devices detected. Which one do you want to run on?',
     'run.warn.nothingSelected': 'No device selected.',
     'run.updateHint.prefix': 'Project improvements available —',

package/lib/utils/i18n/messages-es.js CHANGED Viewed

@@ -575,6 +575,10 @@ module.exports = {
     'new.firebase.confirm.modules': 'Features',
     'new.firebase.confirm.none': 'ninguno',
     'new.firebase.confirm.proceed': '¿Crear el proyecto ahora?',
+    'new.advanced.section.config': 'Configuración del app',
+    'new.advanced.section.features': 'Funcionalidades',
+    'new.advanced.section.creds': 'Credenciales',
+    'new.advanced.q.configureCredsNow': '¿Configurar credenciales ahora? (puedes dejarlo para `kasy configure`)',
     'new.firebase.step.copying': 'Copiando plantilla del proyecto...',
     'new.firebase.step.pubGet': 'Instalando paquetes Flutter...',
@@ -745,6 +749,8 @@ module.exports = {
     'reset.warn.launcherCacheFailed': 'No se pudo limpiar la caché del launcher.',
     'reset.warn.launcherNotDetected': 'Launcher por defecto no detectado — saltando limpieza de caché.',
     'run.launching': 'Iniciando app Flutter...',
+    'run.web.open': 'Abre en tu navegador',
+    'run.web.openHint': 'Cmd+clic en el enlace de arriba (o copia/pega). Usa --open para abrir automáticamente una ventana dedicada de Chrome de Flutter.',
     'run.prompt.pickDevice': 'Varios dispositivos detectados. ¿En cuál quieres ejecutar?',
     'run.warn.nothingSelected': 'Ningún dispositivo seleccionado.',
     'run.updateHint.prefix': 'Mejoras disponibles para el proyecto —',

package/lib/utils/i18n/messages-pt.js CHANGED Viewed

@@ -575,6 +575,10 @@ module.exports = {
     'new.firebase.confirm.modules': 'Features',
     'new.firebase.confirm.none': 'nenhum',
     'new.firebase.confirm.proceed': 'Criar o projeto agora?',
+    'new.advanced.section.config': 'Configuração do app',
+    'new.advanced.section.features': 'Funcionalidades',
+    'new.advanced.section.creds': 'Credenciais',
+    'new.advanced.q.configureCredsNow': 'Configurar credenciais agora? (pode deixar pra depois com `kasy configure`)',
     'new.firebase.step.copying': 'Criando seu projeto...',
     'new.firebase.step.pubGet': 'Instalando pacotes Flutter...',
@@ -745,6 +749,8 @@ module.exports = {
     'reset.warn.launcherCacheFailed': 'Não foi possível limpar o cache do launcher.',
     'reset.warn.launcherNotDetected': 'Launcher padrão não detectado — pulando limpeza de cache.',
     'run.launching': 'Iniciando app Flutter...',
+    'run.web.open': 'Abra no seu navegador',
+    'run.web.openHint': 'Cmd+clique no link acima (ou copie e cole). Use --open pra abrir automaticamente num Chrome dedicado do Flutter.',
     'run.prompt.pickDevice': 'Vários dispositivos detectados. Em qual deles rodar?',
     'run.warn.nothingSelected': 'Nenhum dispositivo selecionado.',
     'run.updateHint.prefix': 'Melhorias disponíveis para o projeto —',

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "kasy-cli",
-  "version": "1.18.0",
+  "version": "1.19.1",
   "description": "CLI for scaffolding production-ready Flutter SaaS apps with Firebase, Supabase, or API REST backends.",
   "bin": {
     "kasy": "./bin/kasy.js"
@@ -51,7 +51,6 @@
     "boxen": "^8.0.1",
     "commander": "^12.0.0",
     "fs-extra": "^11.2.0",
-    "gradient-string": "^1.2.0",
     "kleur": "^4.1.5",
     "pngjs": "^7.0.0",
     "yaml": "^2.4.2"