npm - kasy-cli - Versions diffs - 1.20.0 → 1.20.1 - Mend

kasy-cli 1.20.0 → 1.20.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (52) hide show

package/README.md CHANGED Viewed

@@ -4,14 +4,22 @@ CLI for scaffolding production-ready Flutter SaaS apps.
 ## Install
+**macOS & Linux**
 ```bash
-npm install -g kasy-cli
+curl -fsSL https://kasy.dev/install | bash
+```
+**Windows (PowerShell)**
+```powershell
+irm https://kasy.dev/install.ps1 | iex
 ```
-Or run without installing:
+Or via npm:
 ```bash
-npx kasy-cli new
+npm install -g kasy-cli
 ```
 ## Quick start

package/lib/commands/new.js CHANGED Viewed

@@ -50,7 +50,7 @@ const { generateFirebaseProject } = require('../scaffold/backends/firebase/gener
 const { generateSupabaseProject } = require('../scaffold/backends/supabase/generator');
 const { generateApiProject } = require('../scaffold/backends/api/generator');
 const { createProjectAndGetKeys, setupLinkedProject, checkLoggedIn, getOrgsList, getProjectsByOrg, getProjectKeys } = require('../scaffold/backends/supabase/deploy');
-const { writeSupabaseGoogleAuthOptions, readSupabaseGoogleCredentials, getGoogleClientSecretViaGcloud, flutterfireConfigure, writeGoogleAuthOptions, writeGoogleIosUrlScheme } = require('../scaffold/shared/post-build');
+const { writeSupabaseGoogleAuthOptions, readSupabaseGoogleCredentials, getGoogleClientSecretViaGcloud, flutterfireConfigure, writeGoogleAuthOptions, writeGoogleIosUrlScheme, writeGoogleIosUrlSchemeFromClientId } = require('../scaffold/shared/post-build');
 const { toPackageName } = require('../scaffold/backends/firebase/tokens');
 const { setupFromScratch, setupExistingProject, listBillingAccounts, listGcpOrganizations, checkGcloudAuth, getGcloudInstallInstructions, enableAuthProviders, registerDebugSha1 } = require('../scaffold/backends/firebase/setup-from-scratch');
 const { enableAuthViaFirebaseCli } = require('../scaffold/backends/firebase/enable-auth-via-cli');
@@ -212,7 +212,7 @@ const STEP_LABELS = {
   'supabase db push':  { en: 'Database migrated',    pt: 'Banco migrado',        es: 'Base de datos migrada' },
   'anonymous sign-in': { en: 'Anonymous sign-in enabled', pt: 'Login anonimo ativado', es: 'Inicio de sesion anonimo activado' },
   'google sign-in': { en: 'Google Sign-In enabled', pt: 'Google Sign-In ativado', es: 'Google Sign-In activado' },
-  'apple sign-in': { en: 'Apple Sign-In ready (configure credentials before testing — kasy.dev/docs/apple)', pt: 'Apple Sign-In preparado (configure as credenciais antes de testar — kasy.dev/docs/apple)', es: 'Apple Sign-In listo (configura las credenciales antes de probar — kasy.dev/docs/apple)' },
+  'apple sign-in': { en: 'Apple Sign-In enabled (native iOS ready; for web add a Service ID at kasy.dev/docs/apple)', pt: 'Apple Sign-In ativado (iOS nativo pronto; para web adicione um Service ID em kasy.dev/docs/apple)', es: 'Apple Sign-In activado (iOS nativo listo; para web añade un Service ID en kasy.dev/docs/apple)' },
   'google-auth-options': { en: 'Google client IDs written', pt: 'Client IDs do Google gravados', es: 'Client IDs de Google escritos' },
   'ios-url-scheme': { en: 'iOS URL scheme registered', pt: 'URL scheme iOS registrado', es: 'URL scheme iOS registrado' },
   'google-ios-url-scheme': { en: 'iOS Google URL scheme registered', pt: 'URL scheme Google iOS registrado', es: 'URL scheme Google iOS registrado' },
@@ -220,7 +220,7 @@ const STEP_LABELS = {
   'secret REVENUECAT_WEBHOOK_KEY': { en: 'RevenueCat webhook secret', pt: 'Secret webhook RevenueCat', es: 'Secret webhook RevenueCat' },
   'secret META_ACCESS_TOKEN': { en: 'Meta Access Token', pt: 'Meta Access Token', es: 'Meta Access Token' },
   'secret META_DATASET_ID': { en: 'Meta Dataset ID', pt: 'Meta Dataset ID', es: 'Meta Dataset ID' },
-  'fcm-key': { en: 'FCM Service Account key generated', pt: 'Chave FCM gerada automaticamente', es: 'Clave FCM generada automáticamente' },
+  'fcm-key': { en: 'FCM Service Account key', pt: 'Chave de Service Account FCM', es: 'Clave de Service Account FCM' },
   'fcm-key-saved': { en: 'FCM key saved to .kasy/', pt: 'Chave FCM salva em .kasy/', es: 'Clave FCM guardada en .kasy/' },
   'secret FIREBASE_SERVICE_ACCOUNT_JSON': { en: 'FCM Service Account configured', pt: 'Service Account FCM configurado', es: 'Service Account FCM configurado' },
   'gcp-project': { en: 'GCP project created', pt: 'Projeto GCP criado', es: 'Proyecto GCP creado' },
@@ -233,6 +233,7 @@ const STEP_LABELS = {
   'sha1': { en: 'SHA-1 added for Google Sign-In', pt: 'SHA-1 adicionado para Google Sign-In', es: 'SHA-1 añadido para Google Sign-In' },
   'service-account': { en: 'Service account key created', pt: 'Chave de conta de servico criada', es: 'Clave de cuenta de servicio creada' },
   'firestore': { en: 'Firestore database created', pt: 'Banco Firestore criado', es: 'Base de datos Firestore creada' },
+  'firestore-rules': { en: 'Firestore security rules deployed', pt: 'Regras de seguranca Firestore publicadas', es: 'Reglas de seguridad Firestore desplegadas' },
   'storage': { en: 'Firebase Storage bucket created', pt: 'Bucket Firebase Storage criado', es: 'Bucket Firebase Storage creado' },
   'storage-cors': { en: 'CORS enabled on Storage (web images)', pt: 'CORS ativado no Storage (imagens na web)', es: 'CORS activado en Storage (imágenes en web)' },
 };
@@ -255,6 +256,7 @@ const STEP_PROGRESS = {
   'sha1':          { en: 'Adding SHA-1 for Google Sign-In…',        pt: 'Adicionando SHA-1 para Google Sign-In…', es: 'Añadiendo SHA-1 para Google Sign-In…' },
   'service-account': { en: 'Creating service account key…',         pt: 'Criando chave de conta de servico…',      es: 'Creando clave de cuenta de servicio…' },
   'firestore':     { en: 'Creating Firestore database…',            pt: 'Criando banco Firestore…',                es: 'Creando base de datos Firestore…' },
+  'firestore-rules': { en: 'Deploying Firestore security rules…',  pt: 'Publicando regras de seguranca Firestore…', es: 'Desplegando reglas de seguridad Firestore…' },
   'storage':       { en: 'Creating Firebase Storage bucket…',       pt: 'Criando bucket Firebase Storage…',        es: 'Creando bucket Firebase Storage…' },
   'storage-cors':  { en: 'Enabling CORS on Storage…',                pt: 'Ativando CORS no Storage…',               es: 'Activando CORS en Storage…' },
   'deploy-retry-wait':   { en: 'Waiting 4 min for GCP permissions to propagate… (do not close terminal)', pt: 'Aguardando 4 min para permissões do GCP propagarem… (não feche o terminal)', es: 'Esperando 4 min para propagar permisos de GCP… (no cierres la terminal)' },
@@ -1215,16 +1217,23 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     // --with flag was passed: use those modules directly, skip preset prompt.
     modules = preselectedModules;
   } else if (isQuick) {
-    // Quick mode: ship all features by default. Facebook is excluded because
-    // it requires App ID + token that we can't auto-generate — the user adds
-    // it later with `kasy add facebook` when they have the credentials.
-    modules = (MODULE_PRESETS.full || []).filter((m) => m !== 'facebook');
+    // Quick mode: ship all features the backend supports. Facebook is excluded
+    // because it requires App ID + token that we can't auto-generate — the user
+    // adds it later with `kasy add facebook` when they have the credentials.
+    // Filter by availableIn so backend-specific features (e.g. feedback needs a
+    // DB) don't leak into a backend that can't support them.
+    const quickAvailable = new Set(
+      getVisibleFeatures({ audience: KASY_AUDIENCE, backend }).map((f) => f.id)
+    );
+    modules = (MODULE_PRESETS.full || []).filter((m) => m !== 'facebook' && quickAvailable.has(m));
   } else {
     section('new.advanced.section.features');
     // Advanced mode: full multiselect — built from catalog, filtered by audience + backend.
     const visibleFeatures = getVisibleFeatures({ audience: KASY_AUDIENCE, backend });
-    // web has an extra runtime constraint: firebase create-mode only
+    // In Firebase create-mode the web app is already decided by the
+    // `firebaseIncludeWeb` prompt above, so hide `web` from the multiselect there
+    // to avoid asking twice. Supabase, API and Firebase existing-mode show it.
     const isWebExcluded = backend === 'firebase' && firebaseSetupMode === 'create';
     // Visual groups in display order (header key → feature ids in this group)
@@ -1479,7 +1488,9 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     firebaseProjectId: core.firebaseProjectId.trim(),
     modules: modules || [],
     backend,
-    includeWeb: backend === 'firebase' ? firebaseIncludeWeb : true,
+    // Web platform follows the `web` feature so the flutterfire web app and the
+    // web/ folder stay in sync across all backends (Firebase, Supabase, API).
+    includeWeb: modules.includes('web'),
     supabaseUrl: core.supabaseUrl?.trim(),
     supabaseAnonKey: core.supabaseAnonKey?.trim(),
     apiBaseUrl: core.apiBaseUrl?.trim(),
@@ -1587,38 +1598,66 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
     : (supabaseExistingResult?.ok ? { projectRef: supabaseExistingResult.projectRef, dbPassword: supabaseExistingResult.dbPassword } : null);
   if (backend === 'supabase') {
-    // ── Auto-resolve Google credentials from flutterfire output files ────────
+    // ── Google Sign-In: create a real Google OAuth client, then push it to Supabase ──
     const flutterfireOk = result.steps.find((s) => s.name === 'flutterfire')?.ok;
-    if (flutterfireOk) {
+    if (flutterfireOk && answers.firebaseProjectId) {
+      // Supabase Google Sign-In needs a genuine OAuth Web Client (id + secret).
+      // The only reliable way to create it is the Firebase CLI auth deploy, the
+      // same path the Firebase backend uses. The REST API cannot create the OAuth
+      // client, which is why Google used to come out disabled on Supabase projects.
+      const googleSpinner = ui.spinner();
+      googleSpinner.start(tr('new.google.enabling'));
+      const cliResult = await enableAuthViaFirebaseCli({
+        projectDir: targetDir,
+        projectId: answers.firebaseProjectId,
+        appName: answers.appName,
+      });
+      googleSpinner.stop(tr('new.google.enabling'));
+      if (cliResult.ok) {
+        // The deploy created the OAuth Web Client + iOS client. Re-run flutterfire so
+        // google-services.json and GoogleService-Info.plist pick up the new Client IDs.
+        const rerunSpinner = ui.spinner();
+        rerunSpinner.start(tr('new.google.refreshConfigs'));
+        await flutterfireConfigure(targetDir, answers.firebaseProjectId, {
+          includeWeb: answers.includeWeb !== false,
+        });
+        rerunSpinner.stop(tr('new.google.refreshConfigs'));
+      } else if (cliResult.error === 'support_email_required') {
+        ui.log.warn(tr('new.google.manualHint.noEmail'));
+      }
+      // Read the Web + iOS Client IDs from the refreshed config files.
       const fileCreds = await readSupabaseGoogleCredentials(targetDir);
       googleWebClientId = fileCreds.webClientId;
       googleIosClientId = fileCreds.iosClientId;
-      // Enable Google Sign-In in Firebase Auth so Identity Toolkit stores the client secret.
-      // This is the same step that setupFromScratch runs for Firebase backend.
-      // For Supabase, Firebase Auth is not used for auth, but enabling Google here is the
-      // only way to make the client secret available via the Identity Toolkit API.
-      // Non-fatal: silently ignored if it fails (e.g. API not yet propagated).
-      if (answers.firebaseProjectId) {
-        const authResult = await enableAuthProviders(answers.firebaseProjectId);
-        if (authResult.ok && !authResult.googleSignInSkipped) {
-          printStepResult({ name: 'google sign-in', ok: true }, language);
-        }
-        if (authResult.appleEnabled) {
-          printStepResult({ name: 'apple sign-in', ok: true }, language);
+      // Read the OAuth Client Secret from the Identity Toolkit now that the client
+      // exists. It can lag a moment behind the deploy, so retry briefly.
+      if (googleWebClientId) {
+        for (let attempt = 1; attempt <= 3 && !googleClientSecret; attempt++) {
+          googleClientSecret = await getGoogleClientSecretViaGcloud(answers.firebaseProjectId);
+          if (!googleClientSecret && attempt < 3) {
+            await new Promise((resolve) => setTimeout(resolve, 2000));
+          }
         }
       }
-      // Try to get the Client Secret from Identity Toolkit API (requires gcloud auth)
-      if (answers.firebaseProjectId && googleWebClientId) {
-        googleClientSecret = await getGoogleClientSecretViaGcloud(answers.firebaseProjectId);
-      }
-      // Always write google_auth_options.dart with whatever credentials we have
+      // Persist the Client IDs into the app and register the iOS URL scheme.
       if (googleWebClientId) {
         const gaResult = await writeSupabaseGoogleAuthOptions(targetDir, googleWebClientId, googleIosClientId);
         printStepResult({ name: 'google-auth-options', ok: gaResult.ok, detail: gaResult.error }, language);
       }
+      if (googleIosClientId) {
+        const iosResult = await writeGoogleIosUrlSchemeFromClientId(targetDir, googleIosClientId);
+        printStepResult({ name: 'google-ios-url-scheme', ok: iosResult.ok, detail: iosResult.error }, language);
+      }
+      // Google is only enabled on Supabase when we have both the Web Client ID and
+      // its secret. If either is missing, point the user to the dashboard to finish.
+      if (!googleWebClientId || !googleClientSecret) {
+        ui.log.warn(tr('new.google.supabaseManual'));
+      }
     }
     if (supabaseSetupPayload) {
@@ -1631,9 +1670,9 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         fcmSpinner.stop(tr('new.fcm.generating'));
         if (fcmResult.ok) {
           fcmServiceAccountJson = fcmResult.json;
-          printStepResult({ name: 'fcm-key', ok: true }, language);
+          printStepResult({ name: 'fcm-key', ok: true, detail: tr('new.fcm.ok') }, language);
         } else {
-          printStepResult({ name: 'fcm-key', ok: false, detail: 'configure FIREBASE_SERVICE_ACCOUNT_JSON manualmente' }, language);
+          printStepResult({ name: 'fcm-key', ok: false, detail: tr('new.fcm.failSupabase') }, language);
         }
       }
@@ -1657,12 +1696,14 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         const google = googleWebClientId && googleClientSecret
           ? { webClientId: googleWebClientId, clientSecret: googleClientSecret }
           : {};
+        const apple = answers.bundleId ? { bundleId: answers.bundleId } : {};
         const setupSteps = await setupLinkedProject(
           targetDir,
           supabaseSetupPayload.projectRef,
           supabaseSetupPayload.dbPassword,
           secrets,
-          google
+          google,
+          apple
         );
         setupSpinner.stop(tr('new.supabase.setup'));
         setupSteps.forEach((s) => printStepResult(s, language));
@@ -1724,7 +1765,7 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
         printStepResult({ name: 'fcm-key-saved', ok: false, detail: 'salvar arquivo de chave falhou' }, language);
       }
     } else {
-      printStepResult({ name: 'fcm-key', ok: false, detail: 'configure FIREBASE_SERVICE_ACCOUNT_JSON manualmente' }, language);
+      printStepResult({ name: 'fcm-key', ok: false, detail: tr('new.fcm.failApi') }, language);
     }
   }
@@ -1765,12 +1806,12 @@ async function runNew(directory, { language: langHint = null, backend: backendHi
   }
   // ── Google + Apple Sign-In: use Firebase CLI for Google (creates OAuth client),
-  // then REST API for Apple as best-effort. ───────────────────────────────────
+  // then REST API for Apple as best-effort.
   // Firebase CLI's `deploy --only auth` is the only documented path that auto-
-  // creates the OAuth 2.0 Web Client without manual Console clicks — the same
+  // creates the OAuth 2.0 Web Client without manual Console clicks, the same
   // backend that the Console hits internally.
-  // (Supabase backend keeps the REST-only retry — its OAuth client is provisioned
-  // differently via the linked Firebase Web app.)
+  // (The Supabase backend runs the same CLI deploy earlier, in its own block, then
+  // pushes the resulting Google + Apple credentials to Supabase via the Mgmt API.)
   if (backend === 'firebase' && answers.firebaseProjectId && flutterfireStep?.ok) {
     const googleSpinner = ui.spinner();
     googleSpinner.start(tr('new.google.enabling'));

package/lib/commands/run.js CHANGED Viewed

@@ -303,6 +303,13 @@ async function runRun(directory, options = {}) {
     // Firebase Auth persists sessions per-origin (IndexedDB) — a random port
     // each run means the user gets logged out every restart.
     deviceArgs.push('--web-port', options.webPort || '5555');
+    // Google Sign-In opens an auth popup that must talk back to the app window.
+    // The web server's default Cross-Origin-Opener-Policy can sever that link
+    // ("Cross-Origin-Opener-Policy policy would block the window.closed call"),
+    // so in a plain browser tab (kasy run --web, no dedicated Chrome) the popup
+    // can't report success and sign-in appears to fail. `same-origin-allow-popups`
+    // keeps the opener relationship intact while staying same-origin safe.
+    deviceArgs.push('--web-header', 'Cross-Origin-Opener-Policy=same-origin-allow-popups');
   }
   // Read dart-defines from .vscode/launch.json (skip if --no-defines)

package/lib/scaffold/backends/api/patch/lib/core/data/api/meta_ads_api.dart CHANGED Viewed

@@ -10,7 +10,7 @@ final metaAdsApiProvider = Provider<MetaAdsApi>(
 ///
 /// Your backend must expose:
 ///   POST /meta-track-event
-///   Authorization: Bearer <user-token>
+///   Authorization: Bearer `<user-token>`
 ///   Body: { "event_name": "CompleteRegistration", "custom_data": {} }
 ///
 /// The backend is responsible for calling the Meta Graph API server-to-server.

package/lib/scaffold/backends/api/patch/lib/core/data/api/storage_api.dart CHANGED Viewed

@@ -34,7 +34,7 @@ abstract class StorageApi {
 ///
 /// Expected endpoints:
 ///   POST   /storage/upload  — multipart/form-data with fields: file, folder, public
-///   DELETE /storage/file    — JSON body: { "path": "<imagePath>" }
+///   DELETE /storage/file    — JSON body: `{ "path": "<imagePath>" }`
 ///
 /// Expected upload response JSON:
 ///   { "path": "folder/filename.jpg", "url": "https://..." }

package/lib/scaffold/backends/api/patch/lib/core/data/entities/user_entity.dart CHANGED Viewed

@@ -29,7 +29,7 @@ class Credentials {
   final String id;
   // this is the user security token (example: JWT)
   // but your can use an Oauth2 token with a refresh token too
-  final String token;
+  final String? token;
   Credentials({
     required this.id,

package/lib/scaffold/backends/api/patch/lib/features/authentication/api/authentication_api.dart CHANGED Viewed

@@ -101,7 +101,7 @@ class HttpAuthenticationApi implements AuthenticationApi {
   }
   @override
-  Future<Credentials> signinAnonymously() async {
+  Future<Credentials> signinAnonymously() {
     // REST API backends typically do not support anonymous accounts natively.
     // Option A – skip anonymous sign-in: remove anonymous auth from the
     //   onboarding flow and require full registration before using the app.
@@ -145,7 +145,7 @@ class HttpAuthenticationApi implements AuthenticationApi {
   }
   @override
-  Future<Credentials> signinWithGooglePlay() async {
+  Future<Credentials> signinWithGooglePlay() {
     // google_sign_in 7.x removed SignInOption.games.
     // For Play Games support, use the games_services package separately.
     return signinWithGoogle();
@@ -166,14 +166,13 @@ class HttpAuthenticationApi implements AuthenticationApi {
       rethrow;
     }
     throw UnimplementedError('''
-    ❌ You must edit lib/features/authentication/api/authentication_api.dart
+    ❌ You must edit lib/features/authentication/api/authentication_api.dart
     to send the Oauth2 token result to your backend
+    Available token: ${credential.identityToken}
     ----------------
     Please follow the instructions here:
     https://pub.dev/packages/sign_in_with_apple
     ''');
   }
   @override

package/lib/scaffold/backends/api/patch/lib/features/feedbacks/api/feature_request_api.dart CHANGED Viewed

@@ -11,7 +11,7 @@ final featureRequestApiProvider = Provider<FeatureRequestApi>(
 );
 /// REST endpoints expected:
-///   GET  /feature-requests              → List<FeatureRequestEntity> (only active)
+///   GET  /feature-requests              → `List<FeatureRequestEntity>` (only active)
 ///   POST /feature-requests              body: {title, description} → 201 Created
 ///     Server creates with active: false and stores title/description in all locales.
 class FeatureRequestApi {

package/lib/scaffold/backends/api/patch/lib/features/feedbacks/api/feature_vote_api.dart CHANGED Viewed

@@ -11,7 +11,7 @@ final featureVoteApiProvider = Provider<FeatureVoteApi>(
 );
 /// REST endpoints expected:
-///   GET    /feature-votes          → List<UserFeatureVoteEntity> (filtered by authenticated user)
+///   GET    /feature-votes          → `List<UserFeatureVoteEntity>` (filtered by authenticated user)
 ///   POST   /feature-votes          → UserFeatureVoteEntity  body: {feature_id}
 ///   DELETE /feature-votes/:id      → 204 No Content
 class FeatureVoteApi {

package/lib/scaffold/backends/api/patch/lib/features/llm_chat/api/llm_chat_api.dart CHANGED Viewed

@@ -9,7 +9,7 @@ final llmChatApiProvider = Provider<LlmChatApi>(
 );
 /// REST endpoints expected on your backend:
-///   GET    /llm-messages            → List<LlmChatMessageEntity> (current user)
+///   GET    /llm-messages            → `List<LlmChatMessageEntity>` (current user)
 ///   POST   /llm-messages            → saves one message
 ///   DELETE /llm-messages            → clears all messages (current user)
 ///