npm - komplian - Versions diffs - 0.6.0 → 0.7.0 - Mend

komplian 0.6.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/README.md CHANGED Viewed

@@ -6,26 +6,22 @@
 2. Browser login: `gh auth login -h github.com -s repo -s read:org -w`
 3. `npx komplian onboard --yes` (sin `@versión`: usa `latest` del registry público).
-**Orden típico del equipo:** onboard → `postman login` / `postman --yes` → `mcp-tools --yes` → **`db:all:dev`** → `localhost --yes`. Ver **`ONBOARDING.md`**.
+**Orden típico del equipo:** **`npx komplian setup`** (todo en uno; formulario local en navegador si hace falta) **o** paso a paso: onboard → **`postman --yes`** → `mcp-tools --yes` → **`db:all:dev`** → `localhost --yes`. Ver **`ONBOARDING.md`**.
-**`npm ERR! ETARGET` / “No matching version”** (también si falló **`postman`**, no solo `onboard`): es el mismo paquete npm. Usa **`npx komplian postman login`** / **`npx komplian postman --yes`** **sin** `@0.4.x`; comprueba `npm config get registry` → `https://registry.npmjs.org/`; `npm cache clean --force`. Detalle: `ONBOARDING.md` en el monorepo.
+**`npm ERR! ETARGET` / “No matching version”** (también si falló **`postman`**, no solo `onboard`): es el mismo paquete npm. Usa **`npx komplian postman --yes`** **sin** `@0.4.x`; comprueba `npm config get registry` → `https://registry.npmjs.org/`; `npm cache clean --force`. Detalle: `ONBOARDING.md` en el monorepo.
 ### Postman (colección + entornos)
 1. En [Postman](https://postman.com) usa una cuenta con email **`@komplian.com`** (o añade ese email a tu perfil).
 2. Crea una **API key**: Settings → **API keys** → Generate.
-3. **Una vez por máquina** (guarda la clave en `~/.komplian/postman-api-key`; no hace falta `export` después):
-```bash
-npx komplian postman login
-```
-4. Cuando quieras sincronizar la colección:
+3. **Sincronizar** (la primera vez en terminal interactiva **te pide** la API key y la guarda en `~/.komplian/postman-api-key`; no hace falta `export` después):
 ```bash
 npx komplian postman --yes
 ```
+Opcional: **`npx komplian postman login`** solo para guardar o rotar la clave sin ejecutar el sync.
 Opcional: `export POSTMAN_API_KEY=…` solo para la sesión actual (tiene prioridad sobre el archivo).
 El comando llama a `GET https://api.getpostman.com/me` y **solo continúa** si el email de la cuenta es `@komplian.com`. **Si ya existen** la colección **Komplian API** y los entornos con el mismo nombre en ese workspace, se **actualizan**; si no, se crean.

package/komplian-onboard.mjs CHANGED Viewed

@@ -394,10 +394,11 @@ function npmInstallEach(workspace) {
 }
 function usage() {
-  log(`Uso: komplian onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
-  log(`  ${c.bold}Setup estándar (orden):${c.reset}`);
+  log(`Uso: komplian setup | onboard | postman | mcp-tools | db:all:dev | localhost | db …`);
+  log(`  ${c.bold}Todo en uno:${c.reset} ${c.cyan}npx komplian setup${c.reset} ${c.dim}(onboard+postman+mcp+db+localhost; formulario en navegador si hace falta)${c.reset}`);
+  log(`  ${c.bold}Setup por pasos:${c.reset}`);
   log(`  1. npx komplian onboard --yes`);
-  log(`  2. npx komplian postman login → npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
+  log(`  2. npx komplian postman --yes  ${c.dim}(@komplian.com)${c.reset}`);
   log(`  3. npx komplian mcp-tools --yes`);
   log(`  4. npx komplian db:all:dev  ${c.dim}(Postman + 3 URLs dev → ~/.komplian + .env.local)${c.reset}`);
   log(`  5. npx komplian localhost --yes`);
@@ -486,6 +487,11 @@ function normalizeArgv(argv) {
 async function main() {
   const rawArgv = process.argv.slice(2);
+  if (rawArgv[0] === "setup") {
+    const { runSetup } = await import("./komplian-setup.mjs");
+    await runSetup(rawArgv.slice(1));
+    return;
+  }
   if (rawArgv[0] === "postman") {
     const { runPostman } = await import("./komplian-postman.mjs");
     await runPostman(rawArgv.slice(1));

package/komplian-postman.mjs CHANGED Viewed

@@ -2,9 +2,10 @@
 /**
  * Komplian Postman — API key + email @komplian.com (Postman /me), luego colección + entornos.
  *
- * Requisitos: Node 18+. Primera vez: npx komplian postman login
+ * Requisitos: Node 18+. Primera vez: ejecuta `npx komplian postman --yes` (o `postman` sin clave):
+ * en terminal interactiva te pide la API key una vez y la guarda; o `npx komplian postman login`.
  *
- * Clave: POSTMAN_API_KEY o ~/.komplian/postman-api-key (npx komplian postman login)
+ * Clave: POSTMAN_API_KEY, ~/.komplian/postman-api-key, o prompt la primera vez (TTY).
  * Seguridad: no registrar secretos; errores API redactados; login sin eco (TTY); ~/.komplian 700 + key 600.
  * Opcional: POSTMAN_WORKSPACE_ID, KOMPLIAN_EMAIL_DOMAIN, KOMPLIAN_POSTMAN_KEY_FILE, KOMPLIAN_DEBUG
  */
@@ -215,7 +216,7 @@ function defaultKeyPath() {
 /**
  * Orden: POSTMAN_API_KEY → ~/.komplian/postman-api-key (o KOMPLIAN_POSTMAN_KEY_FILE).
  */
-function resolveApiKey() {
+export function resolveApiKey() {
   const env = process.env.POSTMAN_API_KEY?.trim();
   if (env) return { key: env, source: "POSTMAN_API_KEY" };
   const path = defaultKeyPath();
@@ -226,20 +227,90 @@ function resolveApiKey() {
   return { key: "", source: null };
 }
+/** Guarda la clave en ~/.komplian/postman-api-key (uso: `komplian setup` vía navegador). */
+export function savePostmanApiKeyToKomplianHome(apiKey) {
+  const k = (apiKey || "").trim();
+  if (!k) return false;
+  const keyPath = defaultKeyPath();
+  ensureSecureKomplianDir();
+  writeFileSync(keyPath, `${k}\n`, { encoding: "utf8", mode: 0o600 });
+  try {
+    chmodSync(keyPath, 0o600);
+  } catch {
+    /* Windows u otros */
+  }
+  return true;
+}
 function printMissingKeyHelp() {
   log(`${c.red}✗${c.reset} No hay API key de Postman.`);
   log(``);
-  log(`  ${c.bold}Una vez por máquina:${c.reset}`);
-  log(`    ${c.cyan}npx komplian postman login${c.reset}`);
-  log(`    (pega la clave de Postman → Settings → API keys → Generate)`);
+  log(`  ${c.bold}Terminal interactiva (primera vez):${c.reset}`);
+  log(
+    `    ${c.cyan}npx komplian postman --yes${c.reset}  (pide la clave y sigue con el sync)`
+  );
+  log(
+    `    ${c.cyan}npx komplian postman login${c.reset}  (solo guardar clave; luego postman --yes)`
+  );
   log(``);
-  log(`  ${c.dim}O en la sesión actual: export POSTMAN_API_KEY=…${c.reset}`);
+  log(`  ${c.bold}Sin TTY (CI, pipes):${c.reset}`);
+  log(`  ${c.dim}export POSTMAN_API_KEY=…${c.reset}`);
   log(
-    `${c.dim}  Archivo manual: ${formatHomePath(defaultKeyPath())}${c.reset}`
+    `${c.dim}  Archivo: ${formatHomePath(defaultKeyPath())} (permiso 600)${c.reset}`
   );
   process.exit(1);
 }
+/**
+ * POSTMAN_API_KEY o ~/.komplian/postman-api-key. Si falta y hay TTY, pide la clave
+ * (misma validación que `postman login`), guarda y devuelve la resolución.
+ */
+async function resolveApiKeyWithOptionalInteractiveSetup(domain) {
+  let r = resolveApiKey();
+  if (r.key) return r;
+  if (!input.isTTY) {
+    printMissingKeyHelp();
+  }
+  log(`${c.cyan}━━ Primera vez: Postman API key ━━${c.reset}`);
+  log(
+    `${c.dim}Cuenta @${domain}. Postman → Settings → API keys → Generate. Se guarda en ${formatHomePath(defaultKeyPath())}.${c.reset}`
+  );
+  log("");
+  const raw = await readPasswordLine(
+    "Postman API key (no se muestra al escribir; Settings → API keys): "
+  );
+  const k = (raw || "").trim();
+  if (!k) {
+    log(`${c.red}✗${c.reset} Clave vacía.`);
+    process.exit(1);
+  }
+  await verifyKomplianEmail(k, domain, { quietSuccess: true });
+  const keyPath = defaultKeyPath();
+  ensureSecureKomplianDir();
+  writeFileSync(keyPath, `${k}\n`, { encoding: "utf8", mode: 0o600 });
+  try {
+    chmodSync(keyPath, 0o600);
+  } catch {
+    /* Windows u otros */
+  }
+  log("");
+  log(
+    `${c.green}✓${c.reset} Guardada en ${c.bold}${formatHomePath(keyPath)}${c.reset} — continuando…`
+  );
+  r = resolveApiKey();
+  if (!r.key) {
+    log(`${c.red}✗${c.reset} No se pudo leer la clave guardada.`);
+    process.exit(1);
+  }
+  return r;
+}
 /** Parseo mínimo .env (sin dependencia dotenv). */
 function parseEnvFile(text) {
   const out = {};
@@ -600,7 +671,34 @@ async function pickWorkspaceId(apiKey, explicit) {
   return w.id;
 }
-async function verifyKomplianEmail(apiKey, domain) {
+/** Validación sin `process.exit` (p. ej. formulario web local en `komplian setup`). */
+export async function validatePostmanApiKeyForKomplian(apiKey, domain) {
+  const d = (domain || "komplian.com").trim().replace(/^@/, "");
+  const { ok, status, body } = await pmFetch(apiKey, "/me");
+  if (!ok) {
+    return {
+      ok: false,
+      error: `Postman rechazó la clave (HTTP ${status}).`,
+    };
+  }
+  const email = extractEmail(body);
+  if (!email) {
+    return {
+      ok: false,
+      error: "La API de Postman no devolvió email en /me.",
+    };
+  }
+  if (!emailAllowed(email, d)) {
+    return {
+      ok: false,
+      error: `Se requiere una cuenta con email @${d}.`,
+    };
+  }
+  return { ok: true };
+}
+async function verifyKomplianEmail(apiKey, domain, opts = {}) {
+  const quietOk = opts.quietSuccess === true;
   const { ok, status, body } = await pmFetch(apiKey, "/me");
   if (!ok) {
     log(
@@ -624,9 +722,11 @@ async function verifyKomplianEmail(apiKey, domain) {
     );
     process.exit(1);
   }
-  log(
-    `${c.green}✓${c.reset} Postman: ${c.bold}${maskEmail(email)}${c.reset} (${c.dim}dominio permitido${c.reset})`
-  );
+  if (!quietOk) {
+    log(
+      `${c.green}✓${c.reset} Postman: ${c.bold}${maskEmail(email)}${c.reset} (${c.dim}dominio permitido${c.reset})`
+    );
+  }
   return email;
 }
@@ -759,7 +859,7 @@ function usage() {
   log(`  Clave: ${c.dim}POSTMAN_API_KEY${c.reset} o archivo ${c.dim}~/.komplian/postman-api-key${c.reset} (véase ${c.cyan}postman login${c.reset})`);
   log(`  Dominio email: solo @komplian.com (GET /me)`);
   log(``);
-  log(`  -y, --yes           Sin prompts extra`);
+  log(`  -y, --yes           Sin prompts extra (si falta API key y hay TTY, pide la clave una vez y guarda)`);
   log(`  --export-only       Solo escribe JSON en disco (no llama a la API de Postman)`);
   log(`  --out <dir>         Carpeta para export (por defecto: ./komplian-postman)`);
   log(`  --dotenv <ruta>     .env extra (además de api/.env, .env, KOMPLIAN_DOTENV)`);
@@ -771,8 +871,8 @@ function usage() {
 function usageLogin() {
   log(`Uso: komplian postman login`);
-  log(`  Guarda la API key de Postman en ${c.dim}~/.komplian/postman-api-key${c.reset} (permiso 600).`);
-  log(`  Tras esto: ${c.cyan}npx komplian postman --yes${c.reset} sin exportar variables.`);
+  log(`  Guarda o sustituye la API key en ${c.dim}~/.komplian/postman-api-key${c.reset} (permiso 600).`);
+  log(`  Opcional: ${c.cyan}npx komplian postman --yes${c.reset} ya pide la clave la primera vez si falta.`);
   log(``);
   log(`  Postman → Settings (avatar) → API keys → Generate`);
 }
@@ -841,15 +941,13 @@ export async function runPostman(argv) {
     return;
   }
-  const { key: apiKey, source } = resolveApiKey();
-  if (!apiKey) {
-    printMissingKeyHelp();
-  }
+  const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
+  const { key: apiKey, source } =
+    await resolveApiKeyWithOptionalInteractiveSetup(domain);
   if (source && source !== "POSTMAN_API_KEY") {
     log(`${c.dim}→ API key Postman desde: ${formatHomePath(source)}${c.reset}`);
   }
-  const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
   await verifyKomplianEmail(apiKey, domain);
   const collection = buildCollection();
@@ -940,16 +1038,12 @@ export async function runPostman(argv) {
 }
 /**
- * Misma verificación que `postman --yes`: GET /me y dominio @komplian.com.
- * Requiere `npx komplian postman login` (o POSTMAN_API_KEY en la sesión).
+ * GET /me y dominio @komplian.com. Si no hay clave y hay TTY, pide guardarla (como `postman --yes`).
  */
 export async function assertKomplianEmployeePostman() {
   const domain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
-  const { key, source } = resolveApiKey();
-  if (!key) {
-    printMissingKeyHelp();
-    process.exit(1);
-  }
+  const { key, source } =
+    await resolveApiKeyWithOptionalInteractiveSetup(domain);
   if (source && source !== "POSTMAN_API_KEY") {
     log(`${c.dim}→ Postman API key desde: ${formatHomePath(source)}${c.reset}`);
   }

package/komplian-setup.mjs ADDED Viewed

@@ -0,0 +1,477 @@
+#!/usr/bin/env node
+/**
+ * Komplian setup — un solo comando: onboard → postman → mcp-tools → db:all:dev → localhost.
+ * Por defecto abre el navegador en localhost para datos sensibles (Postman API key, URLs Neon dev)
+ * con texto de ayuda; alternativa: --terminal-only (sin navegador).
+ */
+import { spawnSync } from "node:child_process";
+import { createServer } from "node:http";
+import { randomBytes } from "node:crypto";
+import { existsSync, mkdirSync } from "node:fs";
+import { dirname, join, resolve } from "node:path";
+import { fileURLToPath } from "node:url";
+import { homedir } from "node:os";
+import {
+  resolveApiKey,
+  validatePostmanApiKeyForKomplian,
+  savePostmanApiKeyToKomplianHome,
+  runPostman,
+} from "./komplian-postman.mjs";
+import { runDbAllDev } from "./komplian-db-all-dev.mjs";
+import { runMcpTools } from "./komplian-mcp-tools.mjs";
+import { runLocalhost, findWorkspaceRoot } from "./komplian-localhost.mjs";
+import { loadHomeDevDatabases } from "./komplian-db.mjs";
+const __dirname = dirname(fileURLToPath(import.meta.url));
+const IS_WIN = process.platform === "win32";
+function spawnWin(extra = {}) {
+  return IS_WIN ? { ...extra, shell: true } : extra;
+}
+const c = {
+  reset: "\x1b[0m",
+  dim: "\x1b[2m",
+  bold: "\x1b[1m",
+  cyan: "\x1b[36m",
+  green: "\x1b[32m",
+  red: "\x1b[31m",
+  yellow: "\x1b[33m",
+};
+function log(s = "") {
+  console.log(s);
+}
+const PLACEHOLDER = "komplian_localhost_placeholder";
+function isValidPostgresUrl(s) {
+  const t = (s || "").trim();
+  if (!t.startsWith("postgresql://") && !t.startsWith("postgres://")) return false;
+  if (t.includes(PLACEHOLDER)) return false;
+  try {
+    const u = new URL(t);
+    return !!u.hostname;
+  } catch {
+    return false;
+  }
+}
+function isValidTriplet(d) {
+  return (
+    isValidPostgresUrl(d.app) &&
+    isValidPostgresUrl(d.admin) &&
+    isValidPostgresUrl(d.web)
+  );
+}
+function collectUrlsFromEnv() {
+  return {
+    app: process.env.KOMPLIAN_DEV_APP_DATABASE_URL?.trim() || "",
+    admin: process.env.KOMPLIAN_DEV_ADMIN_DATABASE_URL?.trim() || "",
+    web: process.env.KOMPLIAN_DEV_WEB_DATABASE_URL?.trim() || "",
+  };
+}
+function openBrowserSync(url) {
+  try {
+    if (process.platform === "darwin") {
+      spawnSync("open", [url], { stdio: "ignore" });
+    } else if (process.platform === "win32") {
+      spawnSync("cmd", ["/c", "start", "", url], { ...spawnWin(), stdio: "ignore" });
+    } else {
+      spawnSync("xdg-open", [url], { stdio: "ignore" });
+    }
+  } catch {
+    log(`${c.yellow}○${c.reset} No se pudo abrir el navegador. Abre manualmente: ${c.bold}${url}${c.reset}`);
+  }
+}
+function buildSetupPageHtml(token, { needsPostmanKey, needsDbUrls, emailDomain }) {
+  const esc = (s) =>
+    String(s)
+      .replace(/&/g, "&amp;")
+      .replace(/</g, "&lt;")
+      .replace(/"/g, "&quot;");
+  const postmanBlock = needsPostmanKey
+    ? `
+    <section class="card">
+      <h2>1. Postman API key</h2>
+      <p class="help">Crea una clave en Postman → <strong>Settings</strong> → <strong>API keys</strong> → Generate. Cuenta con email <strong>@${esc(emailDomain)}</strong>. Se guarda en <code>~/.komplian/postman-api-key</code>. Si la dejas vacía, la terminal te la pedirá en el paso Postman.</p>
+      <label for="postman_api_key">API key (opcional aquí)</label>
+      <input type="password" id="postman_api_key" name="postman_api_key" autocomplete="off" placeholder="PMAK-…" />
+    </section>`
+    : "";
+  const dbBlock = needsDbUrls
+    ? `
+    <section class="card">
+      <h2>${needsPostmanKey ? "2" : "1"}. Bases de datos (solo desarrollo)</h2>
+      <p class="help">Pega las connection strings <strong>postgresql://…</strong> de Neon (rama <em>development</em> u homólogo). Tres bases: <strong>app</strong> (también usa la API), <strong>admin</strong> y <strong>web</strong> (pilot). Se escriben en <code>~/.komplian/dev-databases.json</code> y en cada <code>.env.local</code> del monorepo.</p>
+      <label for="db_app">URL APP (app + API)</label>
+      <textarea id="db_app" name="db_app" rows="2" placeholder="postgresql://…"></textarea>
+      <label for="db_admin">URL ADMIN</label>
+      <textarea id="db_admin" name="db_admin" rows="2" placeholder="postgresql://…"></textarea>
+      <label for="db_web">URL WEB (pilot)</label>
+      <textarea id="db_web" name="db_web" rows="2" placeholder="postgresql://…"></textarea>
+    </section>`
+    : "";
+  return `<!DOCTYPE html>
+<html lang="es">
+<head>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1" />
+  <title>Komplian setup</title>
+  <style>
+    :root { font-family: system-ui, sans-serif; background: #0a0a0a; color: #e5e5e5; }
+    body { max-width: 640px; margin: 2rem auto; padding: 0 1rem; }
+    h1 { font-size: 1.25rem; font-weight: 600; }
+    .card { background: #171717; border: 1px solid #262626; border-radius: 10px; padding: 1.25rem; margin-bottom: 1.25rem; }
+    .help { color: #a3a3a3; font-size: 0.9rem; line-height: 1.5; margin: 0 0 1rem; }
+    label { display: block; font-size: 0.8rem; color: #737373; margin: 0.75rem 0 0.35rem; }
+    input, textarea { width: 100%; box-sizing: border-box; padding: 0.6rem 0.75rem; border-radius: 8px; border: 1px solid #404040; background: #0a0a0a; color: #fafafa; font-family: ui-monospace, monospace; font-size: 0.85rem; }
+    button { margin-top: 1.25rem; width: 100%; padding: 0.85rem; border: none; border-radius: 8px; background: #fafafa; color: #0a0a0a; font-weight: 600; cursor: pointer; font-size: 1rem; }
+    button:disabled { opacity: 0.5; cursor: not-allowed; }
+    .err { color: #f87171; font-size: 0.9rem; margin-top: 0.75rem; white-space: pre-wrap; }
+    .ok { color: #4ade80; margin-top: 1rem; }
+    code { font-size: 0.8em; background: #262626; padding: 0.1em 0.35em; border-radius: 4px; }
+  </style>
+</head>
+<body>
+  <h1>Komplian — asistente de setup</h1>
+  <p class="help">Esta ventana es local (solo tu ordenador). Rellena lo que pida el asistente y pulsa <strong>Continuar</strong>. Puedes cerrar la pestaña después del mensaje de éxito.</p>
+  ${postmanBlock}
+  ${dbBlock}
+  <div id="err" class="err" style="display:none"></div>
+  <div id="ok" class="ok" style="display:none"></div>
+  <button type="button" id="go">Continuar</button>
+  <script>
+    const TOKEN = ${JSON.stringify(token)};
+    const needsPostman = ${JSON.stringify(needsPostmanKey)};
+    const needsDb = ${JSON.stringify(needsDbUrls)};
+    document.getElementById("go").onclick = async () => {
+      const err = document.getElementById("err");
+      const ok = document.getElementById("ok");
+      err.style.display = "none";
+      ok.style.display = "none";
+      const body = { token: TOKEN };
+      if (needsPostman) body.postman_api_key = (document.getElementById("postman_api_key") || {}).value || "";
+      if (needsDb) {
+        body.db_app = (document.getElementById("db_app") || {}).value || "";
+        body.db_admin = (document.getElementById("db_admin") || {}).value || "";
+        body.db_web = (document.getElementById("db_web") || {}).value || "";
+      }
+      const btn = document.getElementById("go");
+      btn.disabled = true;
+      try {
+        const r = await fetch("/submit", {
+          method: "POST",
+          headers: { "Content-Type": "application/json" },
+          body: JSON.stringify(body),
+        });
+        const j = await r.json().catch(() => ({}));
+        if (!r.ok || !j.ok) {
+          err.textContent = j.error || "Error al validar. Revisa los datos.";
+          err.style.display = "block";
+          btn.disabled = false;
+          return;
+        }
+        ok.textContent = "Listo. Vuelve a la terminal; puedes cerrar esta pestaña.";
+        ok.style.display = "block";
+      } catch (e) {
+        err.textContent = "No se pudo enviar. ¿Sigues en la misma red local?";
+        err.style.display = "block";
+        btn.disabled = false;
+      }
+    };
+  </script>
+</body>
+</html>`;
+}
+/**
+ * Servidor solo en 127.0.0.1. Devuelve { postmanKey?, db } según lo pedido.
+ */
+function runSetupBrowserForm(opts) {
+  const {
+    needsPostmanKey,
+    needsDbUrls,
+    emailDomain,
+    timeoutMs = 600_000,
+  } = opts;
+  return new Promise((resolvePromise, rejectPromise) => {
+    const token = randomBytes(24).toString("hex");
+    const server = createServer(async (req, res) => {
+      const url = new URL(req.url || "/", `http://127.0.0.1`);
+      if (req.method === "GET" && url.pathname === "/") {
+        res.writeHead(200, { "Content-Type": "text/html; charset=utf-8" });
+        res.end(
+          buildSetupPageHtml(token, {
+            needsPostmanKey,
+            needsDbUrls,
+            emailDomain,
+          })
+        );
+        return;
+      }
+      if (req.method === "POST" && url.pathname === "/submit") {
+        let raw = "";
+        for await (const ch of req) raw += ch;
+        let data;
+        try {
+          data = JSON.parse(raw || "{}");
+        } catch {
+          res.writeHead(400, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ ok: false, error: "JSON inválido." }));
+          return;
+        }
+        if (data.token !== token) {
+          res.writeHead(403, { "Content-Type": "application/json" });
+          res.end(JSON.stringify({ ok: false, error: "Token inválido." }));
+          return;
+        }
+        const out = { postmanKey: "", db: null };
+        if (needsPostmanKey) {
+          const pk = String(data.postman_api_key || "").trim();
+          if (pk) {
+            const v = await validatePostmanApiKeyForKomplian(pk, emailDomain);
+            if (!v.ok) {
+              res.writeHead(400, { "Content-Type": "application/json" });
+              res.end(JSON.stringify({ ok: false, error: v.error || "Postman inválido." }));
+              return;
+            }
+            out.postmanKey = pk;
+          }
+        }
+        if (needsDbUrls) {
+          const triplet = {
+            app: String(data.db_app || "").trim(),
+            admin: String(data.db_admin || "").trim(),
+            web: String(data.db_web || "").trim(),
+          };
+          if (!isValidTriplet(triplet)) {
+            res.writeHead(400, { "Content-Type": "application/json" });
+            res.end(
+              JSON.stringify({
+                ok: false,
+                error:
+                  "Las tres URLs deben ser postgresql:// o postgres:// válidas (sin placeholder).",
+              })
+            );
+            return;
+          }
+          out.db = triplet;
+        }
+        res.writeHead(200, { "Content-Type": "application/json" });
+        res.end(JSON.stringify({ ok: true }));
+        server.close(() => {
+          clearTimeout(timer);
+          resolvePromise(out);
+        });
+        return;
+      }
+      res.writeHead(404);
+      res.end();
+    });
+    const timer = setTimeout(() => {
+      server.close();
+      rejectPromise(new Error("Tiempo agotado esperando el formulario en el navegador."));
+    }, timeoutMs);
+    server.listen(0, "127.0.0.1", () => {
+      const addr = server.address();
+      const port = typeof addr === "object" && addr ? addr.port : 0;
+      const openUrl = `http://127.0.0.1:${port}/`;
+      log("");
+      log(
+        `${c.cyan}━━ Navegador (formulario local) ━━${c.reset} ${c.bold}${openUrl}${c.reset}`
+      );
+      log(
+        `${c.dim}Solo escucha en tu máquina (127.0.0.1). Cierra la pestaña tras el mensaje de éxito.${c.reset}`
+      );
+      openBrowserSync(openUrl);
+    });
+    server.on("error", (e) => {
+      clearTimeout(timer);
+      rejectPromise(e);
+    });
+  });
+}
+function parseArgs(argv) {
+  const out = {
+    terminalOnly: false,
+    workspace: "",
+    help: false,
+    team: "",
+    ssh: false,
+    allRepos: false,
+    noInstall: false,
+  };
+  for (let i = 0; i < argv.length; i++) {
+    const a = argv[i];
+    if (a === "--terminal-only" || a === "--no-browser")
+      out.terminalOnly = true;
+    else if (a === "-w" || a === "--workspace") out.workspace = argv[++i] || "";
+    else if (a === "-t" || a === "--team") out.team = argv[++i] || "";
+    else if (a === "--ssh") out.ssh = true;
+    else if (a === "--all-repos") out.allRepos = true;
+    else if (a === "--no-install") out.noInstall = true;
+    else if (a === "-h" || a === "--help") out.help = true;
+    else if (a.startsWith("-")) {
+      log(`${c.red}✗${c.reset} Opción desconocida: ${a}`);
+      process.exit(1);
+    } else if (!out.workspace) out.workspace = a;
+  }
+  return out;
+}
+function usage() {
+  log(`Uso: npx komplian setup [opciones] [carpeta-workspace]`);
+  log(``);
+  log(
+    `  Orden: ${c.bold}onboard${c.reset} → ${c.bold}postman${c.reset} → ${c.bold}mcp-tools${c.reset} → ${c.bold}db:all:dev${c.reset} → ${c.bold}localhost${c.reset}`
+  );
+  log(
+    `  Por defecto abre el ${c.bold}navegador${c.reset} para Postman API key (si falta) y las 3 URLs Neon dev (si faltan).`
+  );
+  log(``);
+  log(`  --terminal-only     Sin formulario web; postman/db usan terminal o env`);
+  log(`  -w, --workspace     Raíz del monorepo (destino del clone)`);
+  log(`  -t, --team          Equipo (komplian-team-repos.json)`);
+  log(`  --all-repos         Clonar todos los repos del JSON`);
+  log(`  --ssh               Clonar por SSH`);
+  log(`  --no-install        No npm install tras clone`);
+  log(`  -h, --help`);
+}
+function runOnboardChild(args) {
+  const script = join(__dirname, "komplian-onboard.mjs");
+  const argv = ["onboard", ...args];
+  const r = spawnSync(process.execPath, [script, ...argv], {
+    stdio: "inherit",
+    windowsHide: true,
+  });
+  return r.status === 0;
+}
+export async function runSetup(argv) {
+  const opts = parseArgs(argv);
+  if (opts.help) {
+    usage();
+    return;
+  }
+  const nodeMajor = Number(process.versions.node.split(".")[0], 10);
+  if (nodeMajor < 18) {
+    log(`${c.red}✗${c.reset} Hace falta Node 18+.`);
+    process.exit(1);
+  }
+  let workspaceArg = (opts.workspace || "").trim();
+  if (!workspaceArg) workspaceArg = process.cwd();
+  const workspaceAbs = resolve(
+    workspaceArg.replace(/^~(?=$|[/\\])/, homedir())
+  );
+  mkdirSync(workspaceAbs, { recursive: true });
+  log(`${c.cyan}${c.bold}━━ Komplian setup ━━${c.reset}`);
+  log(`${c.dim}Workspace:${c.reset} ${workspaceAbs}`);
+  log("");
+  const onboardArgs = ["--yes"];
+  if (opts.team) onboardArgs.push("-t", opts.team);
+  if (opts.allRepos) onboardArgs.push("--all-repos");
+  if (opts.ssh) onboardArgs.push("--ssh");
+  if (opts.noInstall) onboardArgs.push("--no-install");
+  onboardArgs.push(workspaceAbs);
+  log(`${c.cyan}━━ 1/5 Onboard ━━${c.reset}`);
+  if (!runOnboardChild(onboardArgs)) {
+    log(`${c.red}✗${c.reset} Onboard falló. Revisa GitHub CLI (gh) y permisos.`);
+    process.exit(1);
+  }
+  let monorepoRoot = workspaceAbs;
+  if (!existsSync(join(monorepoRoot, "api", "package.json"))) {
+    monorepoRoot = findWorkspaceRoot(workspaceAbs);
+  }
+  if (!existsSync(join(monorepoRoot, "api", "package.json"))) {
+    log(
+      `${c.red}✗${c.reset} No se encontró monorepo con api/package.json bajo ${workspaceAbs}.`
+    );
+    process.exit(1);
+  }
+  process.chdir(monorepoRoot);
+  const emailDomain = (process.env.KOMPLIAN_EMAIL_DOMAIN || "komplian.com").trim();
+  const useBrowser =
+    !opts.terminalOnly && process.env.KOMPLIAN_SETUP_NO_BROWSER !== "1";
+  const envTriplet = collectUrlsFromEnv();
+  const envDbOk = isValidTriplet(envTriplet);
+  const saved = loadHomeDevDatabases();
+  const savedDbOk = saved && isValidTriplet(saved);
+  const { key: existingPmKey } = resolveApiKey();
+  const needsPostmanKey = !existingPmKey;
+  const needsDbUrls = !envDbOk && !savedDbOk;
+  if (useBrowser && (needsPostmanKey || needsDbUrls)) {
+    log(`${c.cyan}━━ Formulario en el navegador ━━${c.reset}`);
+    try {
+      const form = await runSetupBrowserForm({
+        needsPostmanKey,
+        needsDbUrls,
+        emailDomain,
+      });
+      if (form.postmanKey) {
+        savePostmanApiKeyToKomplianHome(form.postmanKey);
+        log(`${c.green}✓${c.reset} Postman API key guardada en ~/.komplian/`);
+      }
+      if (form.db) {
+        process.env.KOMPLIAN_DEV_APP_DATABASE_URL = form.db.app;
+        process.env.KOMPLIAN_DEV_ADMIN_DATABASE_URL = form.db.admin;
+        process.env.KOMPLIAN_DEV_WEB_DATABASE_URL = form.db.web;
+        log(`${c.green}✓${c.reset} URLs de desarrollo recibidas desde el formulario.`);
+      }
+    } catch (e) {
+      log(
+        `${c.red}✗${c.reset} Formulario web: ${e?.message || e}. Prueba ${c.bold}--terminal-only${c.reset} o define variables de entorno.`
+      );
+      process.exit(1);
+    }
+  }
+  log(`${c.cyan}━━ 2/5 Postman ━━${c.reset}`);
+  await runPostman(["--yes"]);
+  log(`${c.cyan}━━ 3/5 MCP tools ━━${c.reset}`);
+  await runMcpTools(["--yes"]);
+  log(`${c.cyan}━━ 4/5 Bases de datos (development) ━━${c.reset}`);
+  const dbArgs = ["--yes", "-w", monorepoRoot];
+  await runDbAllDev(dbArgs);
+  log(`${c.cyan}━━ 5/5 Localhost ━━${c.reset}`);
+  await runLocalhost(["--yes"]);
+  log("");
+  log(`${c.green}✓${c.reset} ${c.bold}Setup completado.${c.reset}`);
+  log(
+    `${c.dim}Monorepo:${c.reset} ${monorepoRoot}  ${c.dim}· Cursor: File → Open Folder${c.reset}`
+  );
+}

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "komplian",
-  "version": "0.6.0",
-  "description": "Komplian CLI: onboard, Postman, localhost, mcp-tools, db (psql). Node 18+. Published tarball has no .env / secrets.",
+  "version": "0.7.0",
+  "description": "Komplian CLI: setup (todo en uno), onboard, Postman, localhost, mcp-tools, db (psql). Node 18+.",
   "type": "module",
   "engines": {
     "node": ">=18"
@@ -11,6 +11,7 @@
   },
   "files": [
     "komplian-onboard.mjs",
+    "komplian-setup.mjs",
     "komplian-postman.mjs",
     "komplian-localhost.mjs",
     "komplian-mcp-tools.mjs",
@@ -23,7 +24,7 @@
     "access": "public"
   },
   "scripts": {
-    "prepublishOnly": "node --check komplian-onboard.mjs && node --check komplian-postman.mjs && node --check komplian-localhost.mjs && node --check komplian-mcp-tools.mjs && node --check komplian-db.mjs && node --check komplian-db-all-dev.mjs"
+    "prepublishOnly": "node --check komplian-onboard.mjs && node --check komplian-setup.mjs && node --check komplian-postman.mjs && node --check komplian-localhost.mjs && node --check komplian-mcp-tools.mjs && node --check komplian-db.mjs && node --check komplian-db-all-dev.mjs"
   },
   "keywords": [
     "komplian",