launchpd 1.0.0 → 1.0.2

package/README.md

@@ -1,96 +1,100 @@
 # Launchpd
 
-Deploy static sites instantly to a live URL. No config, no complexity.
+**Deploy static sites instantly to a live URL. No config, no complexity.**
 
-## Quick Start
-
-```bash
-npm install -g launchpd
-launchpd deploy ./my-site
-```
-
-## Installation
-
-```bash
-npm install -g launchpd
-```
-
-Requires Node.js 20 or higher.
-
-## Usage
-
-### Deploy a folder
-
-```bash
-launchpd deploy ./my-folder
-```
-
-### Use a custom subdomain
-
-```bash
-launchpd deploy ./my-folder --name my-project
-```
-
-### Set expiration time
-
-```bash
-launchpd deploy ./my-folder --expires 2h
-# Auto-deletes after 2 hours
-```
-
-
-
-### List your deployments
-
-```bash
-launchpd list
-```
-
-### View version history
-
-```bash
-launchpd versions my-subdomain
-```
+[![npm version](https://img.shields.io/npm/v/launchpd.svg)](https://www.npmjs.com/package/launchpd)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+[![GitHub stars](https://img.shields.io/github/stars/kents00/launchpd.svg?style=social)](https://github.com/kents00/launchpd)
 
-### Rollback to previous version
+---
 
-```bash
-launchpd rollback my-subdomain
-launchpd rollback my-subdomain --to 2
-```
+## Features
 
-## Authentication
+*   **Blazing Fast**: Deploy folders in seconds with a single command.
+*   **Project-Based**: Link local folders to subdomains once and deploy without re-typing names.
+*   **Zero Config**: No complex setup; optionally use `.launchpd.json` for project persistence.
+*   **Version Control**: Every deployment is versioned with messages. Roll back instantly.
+*   **Static-Only Security**: Strict validation ensures only high-performance static assets are deployed.
+*   **Secure**: Private uploads with API key authentication or safe anonymous testing.
+*   **Auto-Expiration**: Set temporary deployments that delete themselves automatically.
 
-### Register for a free account
+## Quick Start
 
 ```bash
-launchpd register
-```
-
-### Login with your API key
+# Install globally
+npm install -g launchpd
 
-```bash
-launchpd login
+# Deploy your current folder
+launchpd deploy .
 ```
 
-### Check current user and quota
+---
 
-```bash
-launchpd whoami
-launchpd quota
-```
-
-### Logout
+## Installation
 
 ```bash
-launchpd logout
+npm install -g launchpd
 ```
+*Requires **Node.js 20** or higher.*
+
+---
+
+## Command Reference
+
+### Deployment
+| Command | Description |
+| :--- | :--- |
+| `launchpd init` | Link current folder to a subdomain (persisted in `.launchpd.json`) |
+| `launchpd deploy <folder>` | Deploy a local folder (uses linked subdomain if available) |
+| `launchpd deploy . -m "Fix layout"` | Deploy with a message (like a git commit) |
+| `launchpd deploy . --name site` | Deploy with a custom subdomain explicitly |
+| `launchpd deploy . --expires 2h` | Set auto-deletion (e.g., `30m`, `1d`, `7d`) |
+| `launchpd deploy . --open` | Deploy and immediately open the site in your browser |
+
+### Management
+| Command | Description |
+| :--- | :--- |
+| `launchpd status` | Show linked subdomain and latest deployment info |
+| `launchpd list` | View your active deployments |
+| `launchpd versions <subdomain>` | See version history with messages |
+| `launchpd rollback <subdomain>` | Rollback to the previous version |
+| `launchpd rollback <subdomain> --to <v>` | Rollback to a specific version number |
+
+### Identity & Auth
+| Command | Description |
+| :--- | :--- |
+| `launchpd register` | Open the dashboard to create an account |
+| `launchpd login` | Authenticate with your API key |
+| `launchpd whoami` | Show current account status |
+| `launchpd quota` | View storage and site limits |
+| `launchpd logout` | Remove stored credentials |
+
+---
+
+## Why Register?
+
+While anonymous deployments are great for testing, registered users get more power:
+
+| Feature | Anonymous | Registered (Free) |
+| :--- | :--- | :--- |
+| **Max Sites** | 3 | 10+ |
+| **Storage** | 50MB | 100MB+ |
+| **Custom Names** | No | **Yes** |
+| **Retention** | 7 Days | **Permanent** |
+| **Versions** | 1 per site | 10 per site |
+
+Run `launchpd register` to unlock these benefits!
+
+---
 
 ## Support
 
-- [Report issues](https://github.com/kents00/launchpd/issues)
-- [Documentation](https://launchpd.cloud/docs)
+*   **Bugs & Feedback**: [GitHub Issues](https://github.com/kents00/launchpd/issues)
+*   **Website**: [launchpd.cloud](https://launchpd.cloud)
+*   **Docs**: [launchpd.cloud/docs](https://launchpd.cloud/docs)
+
+---
 
 ## License
 
-MIT
+[MIT](LICENSE) © [Kent Edoloverio](https://github.com/kents00)

package/bin/cli.js

@@ -1,11 +1,8 @@
 #!/usr/bin/env node
 
 import { Command } from 'commander';
-import { deploy } from '../src/commands/deploy.js';
-import { list } from '../src/commands/list.js';
-import { rollback } from '../src/commands/rollback.js';
-import { versions } from '../src/commands/versions.js';
-import { login, logout, register, whoami, quota } from '../src/commands/auth.js';
+import { deploy, list, rollback, versions, init, status, login, logout, register, whoami, quota } from '../src/commands/index.js';
+
 
 const program = new Command();
 
@@ -17,12 +14,16 @@ program
 program
     .command('deploy')
     .description('Deploy a folder to a live URL')
-    .argument('<folder>', 'Path to the folder to deploy')
+    .argument('[folder]', 'Path to the folder to deploy', '.')
     .option('--name <subdomain>', 'Use a custom subdomain (optional)')
+    .option('-m, --message <text>', 'Deployment message (optional)')
     .option('--expires <time>', 'Auto-delete after time (e.g., 30m, 2h, 1d). Minimum: 30m')
+    .option('-y, --yes', 'Auto-confirm all prompts')
+    .option('--force', 'Force deployment even with warnings')
+    .option('-o, --open', 'Open the site URL in the default browser after deployment')
     .option('--verbose', 'Show detailed error information')
     .action(async (folder, options) => {
-        await deploy(folder, options);
+        await deploy(folder || '.', options);
     });
 
 program
@@ -40,6 +41,7 @@ program
     .description('List all versions for a subdomain')
     .argument('<subdomain>', 'The subdomain to list versions for')
     .option('--json', 'Output as JSON')
+    .option('--to <n>', 'Specific version number to rollback to (use with rollback)')
     .option('--verbose', 'Show detailed error information')
     .action(async (subdomain, options) => {
         await versions(subdomain, options);
@@ -55,6 +57,21 @@ program
         await rollback(subdomain, options);
     });
 
+program
+    .command('init')
+    .description('Initialize a new project in the current directory')
+    .option('--name <subdomain>', 'Subdomain to link to')
+    .action(async (options) => {
+        await init(options);
+    });
+
+program
+    .command('status')
+    .description('Show current project status')
+    .action(async () => {
+        await status();
+    });
+
 // Authentication commands
 program
     .command('login')

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "launchpd",
-    "version": "1.0.0",
+    "version": "1.0.2",
     "description": "Deploy static sites instantly to a live URL",
     "keywords": [
         "static",
@@ -51,15 +51,16 @@
     "dependencies": {
         "chalk": "^5.4.0",
         "commander": "^14.0.0",
+        "launchpd": "^1.0.0",
         "mime-types": "^2.1.35",
         "nanoid": "^5.1.0",
         "ora": "^8.0.1"
     },
     "devDependencies": {
         "@eslint/js": "^9.39.2",
-        "@vitest/coverage-v8": "^2.1.0",
+        "@vitest/coverage-v8": "^4.0.17",
         "eslint": "^9.0.0",
-        "vitest": "^2.1.0"
+        "vitest": "^4.0.17"
     },
     "engines": {
         "node": ">=20.0.0"

package/src/commands/deploy.js

@@ -1,15 +1,21 @@
 import { existsSync, statSync } from 'node:fs';
+import { exec } from 'node:child_process';
+import chalk from 'chalk';
 import { readdir } from 'node:fs/promises';
-import { resolve, basename, join } from 'node:path';
+import { resolve, basename, join, relative, sep } from 'node:path';
 import { generateSubdomain } from '../utils/id.js';
 import { uploadFolder, finalizeUpload } from '../utils/upload.js';
 import { getNextVersion } from '../utils/metadata.js';
 import { saveLocalDeployment } from '../utils/localConfig.js';
-import { getNextVersionFromAPI } from '../utils/api.js';
+import { getNextVersionFromAPI, checkSubdomainAvailable, listSubdomains } from '../utils/api.js';
+import { getProjectConfig, findProjectRoot, updateProjectConfig } from '../utils/projectConfig.js';
 import { success, errorWithSuggestions, info, warning, spinner, formatSize } from '../utils/logger.js';
 import { calculateExpiresAt, formatTimeRemaining } from '../utils/expiration.js';
 import { checkQuota, displayQuotaWarnings } from '../utils/quota.js';
 import { getCredentials } from '../utils/credentials.js';
+import { validateStaticOnly } from '../utils/validator.js';
+import { isIgnored } from '../utils/ignore.js';
+import { prompt } from '../utils/prompt.js';
 
 /**
  * Calculate total size of a folder
@@ -19,10 +25,17 @@ async function calculateFolderSize(folderPath) {
     let totalSize = 0;
 
     for (const file of files) {
+        const parentDir = file.parentPath || file.path;
+        const relativePath = relative(folderPath, join(parentDir, file.name));
+        const pathParts = relativePath.split(sep);
+
+        // Skip ignored directories/files in the path
+        if (pathParts.some(part => isIgnored(part, file.isDirectory()))) {
+            continue;
+        }
+
         if (file.isFile()) {
-            const fullPath = file.parentPath
-                ? join(file.parentPath, file.name)
-                : join(folderPath, file.name);
+            const fullPath = join(parentDir, file.name);
             try {
                 const stats = statSync(fullPath);
                 totalSize += stats.size;
@@ -62,6 +75,16 @@ export async function deploy(folder, options) {
         }
     }
 
+    // Validate deployment message is provided
+    if (!options.message) {
+        errorWithSuggestions('Deployment message is required.', [
+            'Use -m or --message to provide a description',
+            'Example: launchpd deploy . -m "Fix layout"',
+            'Example: launchpd deploy . -m "Initial deployment"'
+        ], { verbose });
+        process.exit(1);
+    }
+
     // Validate folder exists
     if (!existsSync(folderPath)) {
         errorWithSuggestions(`Folder not found: ${folderPath}`, [
@@ -75,17 +98,52 @@ export async function deploy(folder, options) {
     // Check folder is not empty
     const scanSpinner = spinner('Scanning folder...');
     const files = await readdir(folderPath, { recursive: true, withFileTypes: true });
-    const fileCount = files.filter(f => f.isFile()).length;
+
+    // Filter out ignored files for the count
+    const activeFiles = files.filter(file => {
+        if (!file.isFile()) return false;
+        const parentDir = file.parentPath || file.path;
+        const relativePath = relative(folderPath, join(parentDir, file.name));
+        const pathParts = relativePath.split(sep);
+        return !pathParts.some(part => isIgnored(part, file.isDirectory()));
+    });
+
+    const fileCount = activeFiles.length;
 
     if (fileCount === 0) {
-        scanSpinner.fail('Folder is empty');
+        scanSpinner.fail('Folder is empty or only contains ignored files');
         errorWithSuggestions('Nothing to deploy.', [
             'Add some files to your folder',
+            'Make sure your files are not in ignored directories (like node_modules)',
             'Make sure index.html exists for static sites',
         ], { verbose });
         process.exit(1);
     }
-    scanSpinner.succeed(`Found ${fileCount} file(s)`);
+    scanSpinner.succeed(`Found ${fileCount} file(s) (ignored system files skipped)`);
+
+    // Static-Only Validation
+    const validationSpinner = spinner('Validating files...');
+    const validation = await validateStaticOnly(folderPath);
+    if (!validation.success) {
+        if (options.force) {
+            validationSpinner.warn('Static-only validation failed, but proceeding due to --force');
+            warning('Non-static files detected.');
+            warning(chalk.bold.red('IMPORTANT: Launchpd only hosts STATIC files.'));
+            warning('Backend code (Node.js, PHP, etc.) will NOT be executed on the server.');
+        } else {
+            validationSpinner.fail('Deployment blocked: Non-static files detected');
+            errorWithSuggestions('Your project contains files that are not allowed.', [
+                'Launchpd only supports static files (HTML, CSS, JS, images, etc.)',
+                'Remove framework files, backend code, and build metadata:',
+                ...validation.violations.map(v => `   - ${v}`).slice(0, 10),
+                validation.violations.length > 10 ? `   - ...and ${validation.violations.length - 10} more` : '',
+                'If you use a framework (React, Vue, etc.), deploy the "dist" or "build" folder instead.',
+            ], { verbose });
+            process.exit(1);
+        }
+    } else {
+        validationSpinner.succeed('Project validated (Static files only)');
+    }
 
     // Generate or use provided subdomain
     // Anonymous users cannot use custom subdomains
@@ -97,14 +155,44 @@ export async function deploy(folder, options) {
         console.log('');
     }
 
-    const subdomain = (options.name && creds?.email) ? options.name.toLowerCase() : generateSubdomain();
+    // Detect project config if no name provided
+    let subdomain = (options.name && creds?.email) ? options.name.toLowerCase() : null;
+    let configSubdomain = null;
+
+    const projectRoot = findProjectRoot(folderPath);
+    const config = await getProjectConfig(projectRoot);
+    if (config?.subdomain) {
+        configSubdomain = config.subdomain;
+    }
+
+    if (!subdomain) {
+        if (configSubdomain) {
+            subdomain = configSubdomain;
+            info(`Using project subdomain: ${chalk.bold(subdomain)}`);
+        } else {
+            subdomain = generateSubdomain();
+        }
+    } else if (configSubdomain && subdomain !== configSubdomain) {
+        warning(`Mismatch: This project is linked to ${chalk.bold(configSubdomain)} but you are deploying to ${chalk.bold(subdomain)}`);
+
+        let shouldUpdate = options.yes;
+        if (!shouldUpdate) {
+            const confirm = await prompt(`Would you like to update this project's default subdomain to "${subdomain}"? (Y/N): `);
+            shouldUpdate = (confirm.toLowerCase() === 'y' || confirm.toLowerCase() === 'yes');
+        }
+
+        if (shouldUpdate) {
+            await updateProjectConfig({ subdomain }, projectRoot);
+            success(`Project configuration updated to: ${subdomain}`);
+        }
+    }
+
     const url = `https://${subdomain}.launchpd.cloud`;
 
-    // Check if custom subdomain is taken
-    if (options.name && creds?.email) {
+    // Check if custom subdomain is taken (only if explicitly provided or new)
+    if (options.name || !subdomain) {
         const checkSpinner = spinner('Checking subdomain availability...');
         try {
-            const { checkSubdomainAvailable, listSubdomains } = await import('../utils/api.js');
             const isAvailable = await checkSubdomainAvailable(subdomain);
 
             if (!isAvailable) {
@@ -134,13 +222,23 @@ export async function deploy(folder, options) {
 
     // Check quota before deploying
     const quotaSpinner = spinner('Checking quota...');
-    const quotaCheck = await checkQuota(subdomain, estimatedBytes);
+    const isUpdate = (configSubdomain && subdomain === configSubdomain);
+
+    const quotaCheck = await checkQuota(subdomain, estimatedBytes, { isUpdate });
 
     if (!quotaCheck.allowed) {
-        quotaSpinner.fail('Deployment blocked due to quota limits');
-        process.exit(1);
+        if (options.force) {
+            quotaSpinner.warn('Deployment blocked due to quota limits, but proceeding due to --force');
+            warning('Uploading anyway... (server might still reject if physical limit is hit)');
+        } else {
+            quotaSpinner.fail('Deployment blocked due to quota limits');
+            info('Try running "launchpd quota" to check your storage.');
+            info('Use --force to try anyway (if you think this is a mistake)');
+            process.exit(1);
+        }
+    } else {
+        quotaSpinner.succeed('Quota check passed');
     }
-    quotaSpinner.succeed('Quota check passed');
 
     // Display any warnings
     displayQuotaWarnings(quotaCheck.warnings);
@@ -183,7 +281,8 @@ export async function deploy(folder, options) {
             fileCount,
             totalBytes,
             folderName,
-            expiresAt?.toISOString() || null
+            expiresAt?.toISOString() || null,
+            options.message
         );
         finalizeSpinner.succeed('Deployment finalized');
 
@@ -200,6 +299,17 @@ export async function deploy(folder, options) {
 
         success(`Deployed successfully! (v${version})`);
         console.log(`\n${url}`);
+
+        if (options.open) {
+            const platform = process.platform;
+            let cmd;
+            if (platform === 'darwin') cmd = `open "${url}"`;
+            else if (platform === 'win32') cmd = `start "" "${url}"`;
+            else cmd = `xdg-open "${url}"`;
+
+            exec(cmd);
+        }
+
         if (expiresAt) {
             warning(`Expires: ${formatTimeRemaining(expiresAt)}`);
         }

package/src/commands/index.js

@@ -6,4 +6,7 @@ export { deploy } from './deploy.js';
 export { list } from './list.js';
 export { rollback } from './rollback.js';
 export { versions } from './versions.js';
+export { init } from './init.js';
+export { status } from './status.js';
 export { login, logout, register, whoami, quota } from './auth.js';
+

package/src/commands/init.js

@@ -0,0 +1,90 @@
+import { initProjectConfig, findProjectRoot, getProjectConfig, saveProjectConfig } from '../utils/projectConfig.js';
+import { checkSubdomainAvailable, reserveSubdomain, listSubdomains } from '../utils/api.js';
+import { isLoggedIn } from '../utils/credentials.js';
+import { success, errorWithSuggestions, info, spinner, warning } from '../utils/logger.js';
+import { prompt } from '../utils/prompt.js';
+import chalk from 'chalk';
+
+/**
+ * Initialize a new project in the current directory
+ * @param {object} options - Command options
+ * @param {string} options.name - Optional subdomain name
+ */
+export async function init(options) {
+    const projectRoot = findProjectRoot();
+    if (projectRoot) {
+        const config = await getProjectConfig(projectRoot);
+        warning(`This directory is already part of a Launchpd project linked to: ${chalk.bold(config?.subdomain)}`);
+
+        const confirm = await prompt('Would you like to re-link this project to a different subdomain? (y/N): ');
+        if (confirm.toLowerCase() !== 'y' && confirm.toLowerCase() !== 'yes') {
+            return;
+        }
+    }
+
+    if (!await isLoggedIn()) {
+        errorWithSuggestions('You must be logged in to initialize a project.', [
+            'Run "launchpd login" to log in',
+            'Run "launchpd register" to create an account'
+        ]);
+        return;
+    }
+
+    let subdomain = options.name;
+
+    if (!subdomain) {
+        info('Linking this directory to a Launchpd subdomain...');
+        subdomain = await prompt('Enter subdomain name (e.g. my-awesome-site): ');
+    }
+
+    if (!subdomain || !/^[a-z0-9-]+$/.test(subdomain)) {
+        errorWithSuggestions('Invalid subdomain. Use lowercase alphanumeric and hyphens only.', [
+            'Example: my-site-123',
+            'No spaces or special characters'
+        ]);
+        return;
+    }
+
+    const checkSpinner = spinner(`Checking if "${subdomain}" is available...`);
+    try {
+        const isAvailable = await checkSubdomainAvailable(subdomain);
+        let owned = false;
+
+        if (!isAvailable) {
+            // Check if user owns it
+            const apiResult = await listSubdomains();
+            const ownedSubdomains = apiResult?.subdomains || [];
+            owned = ownedSubdomains.some(s => s.subdomain === subdomain);
+
+            if (!owned) {
+                checkSpinner.fail(`Subdomain "${subdomain}" is already taken.`);
+                return;
+            }
+            checkSpinner.info(`Subdomain "${subdomain}" is already yours.`);
+        } else {
+            checkSpinner.succeed(`Subdomain "${subdomain}" is available!`);
+        }
+
+        const reserveStatus = owned ? true : await reserveSubdomain(subdomain);
+        if (reserveStatus) {
+            if (projectRoot) {
+                // Re-link
+                const config = await getProjectConfig(projectRoot);
+                config.subdomain = subdomain;
+                config.updatedAt = new Date().toISOString();
+                await saveProjectConfig(config, projectRoot);
+                success(`Project re-linked! New subdomain: ${subdomain}.launchpd.cloud`);
+            } else {
+                await initProjectConfig(subdomain);
+                success(`Project initialized! Linked to: ${subdomain}.launchpd.cloud`);
+            }
+            info('Now you can run "launchpd deploy" without specifying a name.');
+        }
+    } catch (err) {
+        checkSpinner.fail('Failed to initialize project');
+        errorWithSuggestions(err.message, [
+            'Check your internet connection',
+            'Try a different subdomain name'
+        ]);
+    }
+}

package/src/commands/list.js

@@ -32,6 +32,7 @@ export async function list(options) {
                     version: d.version,
                     timestamp: d.created_at,
                     expiresAt: d.expires_at,
+                    message: d.message,
                     isActive: d.active_version === d.version,
                 }));
                 source = 'api';
@@ -65,12 +66,13 @@ export async function list(options) {
         // Header
         console.log(
             chalk.gray(
-                padRight('URL', 40) +
-                padRight('Folder', 15) +
-                padRight('Files', 7) +
-                padRight('Size', 12) +
-                padRight('Date', 12) +
-                'Status'
+                padRight('URL', 35) +
+                padRight('VER', 6) +
+                padRight('FOLDER', 15) +
+                padRight('FILES', 7) +
+                padRight('SIZE', 10) +
+                padRight('DATE', 12) +
+                'STATUS'
             )
         );
         console.log(chalk.gray('─'.repeat(100)));
@@ -84,26 +86,28 @@ export async function list(options) {
 
             // Determine status with colors
             let status;
-            if (dep.expiresAt) {
-                if (isExpired(dep.expiresAt)) {
-                    status = chalk.red.bold('● expired');
-                } else {
-                    status = chalk.yellow(`⏱ ${formatTimeRemaining(dep.expiresAt)}`);
-                }
-            } else {
+            if (dep.expiresAt && isExpired(dep.expiresAt)) {
+                status = chalk.red.bold('● expired');
+            } else if (dep.isActive) {
                 status = chalk.green.bold('● active');
+            } else if (dep.expiresAt) {
+                status = chalk.yellow(`⏱ ${formatTimeRemaining(dep.expiresAt)}`);
+            } else {
+                status = chalk.gray('○ inactive');
             }
 
-            // Version badge
-            const versionBadge = chalk.magenta(`v${dep.version || 1}`);
+            // Version info
+            const versionStr = `v${dep.version || 1}`;
 
             console.log(
-                chalk.cyan(padRight(url, 40)) +
+                chalk.cyan(padRight(url, 35)) +
+                chalk.magenta(padRight(versionStr, 6)) +
                 chalk.white(padRight(dep.folderName || '-', 15)) +
                 chalk.white(padRight(String(dep.fileCount), 7)) +
-                chalk.white(padRight(size, 12)) +
+                chalk.white(padRight(size, 10)) +
                 chalk.gray(padRight(date, 12)) +
-                status + ' ' + versionBadge
+                status +
+                (dep.message ? chalk.gray(` - ${dep.message}`) : '')
             );
         }
 

package/src/commands/rollback.js

@@ -28,6 +28,7 @@ export async function rollback(subdomainInput, options) {
                 version: v.version,
                 timestamp: v.created_at,
                 fileCount: v.file_count,
+                message: v.message,
             }));
             currentActive = apiResult.activeVersion || 1;
             useAPI = true;
@@ -67,7 +68,8 @@ export async function rollback(subdomainInput, options) {
                 versions.forEach(v => {
                     const isActive = v.version === currentActive;
                     const marker = isActive ? chalk.green(' (active)') : '';
-                    console.log(`  ${chalk.cyan(`v${v.version}`)} - ${chalk.gray(v.timestamp)}${marker}`);
+                    const message = v.message ? ` - "${v.message}"` : '';
+                    console.log(`  ${chalk.cyan(`v${v.version}`)}${message} - ${chalk.gray(v.timestamp)}${marker}`);
                 });
                 process.exit(1);
             }
@@ -106,6 +108,9 @@ export async function rollback(subdomainInput, options) {
 
         rollbackSpinner.succeed(`Rolled back to ${chalk.cyan(`v${targetVersion}`)}`);
         console.log(`\n  🔄 https://${subdomain}.launchpd.cloud\n`);
+        if (targetDeployment?.message) {
+            info(`Version message: "${chalk.italic(targetDeployment.message)}"`);
+        }
         info(`Restored deployment from: ${chalk.gray(targetDeployment?.timestamp || 'unknown')}`);
 
     } catch (err) {

package/src/commands/status.js

@@ -0,0 +1,64 @@
+import { getProjectConfig, findProjectRoot } from '../utils/projectConfig.js';
+import { getDeployment } from '../utils/api.js';
+import { errorWithSuggestions, info, spinner, warning, formatSize } from '../utils/logger.js';
+import { formatTimeRemaining } from '../utils/expiration.js';
+import chalk from 'chalk';
+
+/**
+ * Show current project status
+ */
+export async function status(_options) {
+    const projectRoot = findProjectRoot();
+    if (!projectRoot) {
+        warning('Not a Launchpd project (no .launchpd.json found)');
+        info('Run "launchpd init" to link this directory to a subdomain.');
+        return;
+    }
+
+    const config = await getProjectConfig(projectRoot);
+    if (!config || !config.subdomain) {
+        errorWithSuggestions('Invalid project configuration.', [
+            'Try deleting .launchpd.json and running "launchpd init" again'
+        ]);
+        return;
+    }
+
+    info(`Project root: ${chalk.cyan(projectRoot)}`);
+    info(`Linked subdomain: ${chalk.bold.green(config.subdomain)}.launchpd.cloud`);
+
+    const statusSpinner = spinner('Fetching latest deployment info...');
+    try {
+        const deploymentData = await getDeployment(config.subdomain);
+        statusSpinner.stop();
+
+        if (deploymentData && deploymentData.versions && deploymentData.versions.length > 0) {
+            const active = deploymentData.versions.find(v => v.version === deploymentData.activeVersion) || deploymentData.versions[0];
+
+            console.log('\nDeployment Status:');
+            console.log(`  Active Version:  ${chalk.cyan(`v${active.version}`)}`);
+            console.log(`  Deployed At:     ${new Date(active.created_at || active.timestamp).toLocaleString()}`);
+            if (active.message) {
+                console.log(`  Message:         ${chalk.italic(active.message)}`);
+            }
+            console.log(`  File Count:      ${active.file_count || active.fileCount}`);
+            console.log(`  Total Size:      ${formatSize(active.total_bytes || active.totalBytes)}`);
+
+            // Show expiration if set
+            if (active.expires_at || active.expiresAt) {
+                const expiryStr = formatTimeRemaining(active.expires_at || active.expiresAt);
+                const expiryColor = expiryStr === 'expired' ? chalk.red : chalk.yellow;
+                console.log(`  Expires:         ${expiryColor(expiryStr)}`);
+            }
+
+            console.log(`  URL:             ${chalk.underline.blue(`https://${config.subdomain}.launchpd.cloud`)}`);
+            console.log('');
+        } else {
+            warning('\nNo deployments found for this project yet.');
+            info('Run "launchpd deploy <folder>" to push your first version.');
+        }
+    } catch {
+        statusSpinner.fail('Failed to fetch deployment status');
+        info(`Subdomain: ${config.subdomain}`);
+        // Don't exit, just show what we have
+    }
+}

package/src/commands/versions.js

@@ -1,7 +1,7 @@
 import { getVersionsForSubdomain, getActiveVersion } from '../utils/metadata.js';
 import { getVersions as getVersionsFromAPI } from '../utils/api.js';
 import { isLoggedIn } from '../utils/credentials.js';
-import { success, errorWithSuggestions, info, spinner, formatSize } from '../utils/logger.js';
+import { success, errorWithSuggestions, info, spinner, warning, formatSize } from '../utils/logger.js';
 import chalk from 'chalk';
 
 /**
@@ -23,6 +23,12 @@ export async function versions(subdomainInput, options) {
         process.exit(1);
     }
 
+    if (options.to) {
+        warning(`The --to option is for the ${chalk.bold('rollback')} command.`);
+        info(`Try: ${chalk.cyan(`launchpd rollback ${subdomain} --to ${options.to}`)}`);
+        console.log('');
+    }
+
     try {
         const fetchSpinner = spinner(`Fetching versions for ${subdomain}...`);
 
@@ -34,9 +40,10 @@ export async function versions(subdomainInput, options) {
         if (apiResult && apiResult.versions) {
             versionList = apiResult.versions.map(v => ({
                 version: v.version,
-                timestamp: v.created_at,
-                fileCount: v.file_count,
-                totalBytes: v.total_bytes,
+                timestamp: v.created_at || v.timestamp,
+                fileCount: v.file_count || v.fileCount,
+                totalBytes: v.total_bytes || v.totalBytes,
+                message: v.message || '',
             }));
             activeVersion = apiResult.activeVersion || 1;
         } else {
@@ -67,6 +74,7 @@ export async function versions(subdomainInput, options) {
                     fileCount: v.fileCount,
                     totalBytes: v.totalBytes,
                     isActive: v.version === activeVersion,
+                    message: v.message,
                 })),
             }, null, 2));
             return;
@@ -77,8 +85,8 @@ export async function versions(subdomainInput, options) {
         console.log('');
 
         // Table header
-        console.log(chalk.gray('  Version   Date                     Files    Size         Status'));
-        console.log(chalk.gray('  ' + '─'.repeat(70)));
+        console.log(chalk.gray('  Version   Date                     Files    Size         Status       Message'));
+        console.log(chalk.gray('  ' + '─'.repeat(100)));
 
         for (const v of versionList) {
             const isActive = v.version === activeVersion;
@@ -95,13 +103,15 @@ export async function versions(subdomainInput, options) {
             const filesStr = chalk.white(filesRaw.padEnd(10));
             const sizeStr = chalk.white(sizeRaw.padEnd(12));
             const statusStr = isActive
-                ? chalk.green.bold('● active')
-                : chalk.gray('○ inactive');
+                ? chalk.green.bold('● active'.padEnd(12))
+                : chalk.gray('○ inactive'.padEnd(12));
+
+            const messageStr = chalk.italic.gray(v.message || '');
 
-            console.log(`  ${versionStr}${dateStr}${filesStr}${sizeStr}${statusStr}`);
+            console.log(`  ${versionStr}${dateStr}${filesStr}${sizeStr}${statusStr}${messageStr}`);
         }
 
-        console.log(chalk.gray('  ' + '─'.repeat(70)));
+        console.log(chalk.gray('  ' + '─'.repeat(100)));
         console.log('');
         info(`Use ${chalk.cyan(`launchpd rollback ${subdomain} --to <n>`)} to restore a version.`);
         console.log('');

package/src/utils/api.js

@@ -82,7 +82,7 @@ export async function getNextVersionFromAPI(subdomain) {
  * Record a new deployment in the API
  */
 export async function recordDeployment(deploymentData) {
-    const { subdomain, folderName, fileCount, totalBytes, version, expiresAt } = deploymentData;
+    const { subdomain, folderName, fileCount, totalBytes, version, expiresAt, message } = deploymentData;
 
     return apiRequest('/api/deployments', {
         method: 'POST',
@@ -94,6 +94,7 @@ export async function recordDeployment(deploymentData) {
             version,
             cliVersion: '0.1.0',
             expiresAt,
+            message,
         }),
     });
 }

package/src/utils/expiration.js

@@ -2,10 +2,9 @@
  * Parse a time string into milliseconds
  * Supports: 30m, 1h, 2h, 1d, 7d, etc.
  * Minimum: 30 minutes
- *
- * @param {string} timeStr - Time string (e.g., "30m", "2h", "1d")
- * @returns {number} Milliseconds
  */
+
+export const MIN_EXPIRATION_MS = 30 * 60 * 1000;
 export function parseTimeString(timeStr) {
     const regex = /^(\d+)([mhd])$/i;
     const match = regex.exec(timeStr);
@@ -33,8 +32,7 @@ export function parseTimeString(timeStr) {
     }
 
     // Minimum 30 minutes
-    const minMs = 30 * 60 * 1000;
-    if (ms < minMs) {
+    if (ms < MIN_EXPIRATION_MS) {
         throw new Error('Minimum expiration time is 30 minutes (30m)');
     }
 

package/src/utils/ignore.js

@@ -0,0 +1,53 @@
+
+/**
+ * Shared ignore lists for Launchpd CLI
+ */
+
+// Directories to ignore during scanning, validation, and upload
+export const IGNORE_DIRECTORIES = new Set([
+    'node_modules',
+    '.git',
+    '.svn',
+    '.hg',
+    'vendor',
+    'composer',
+    '.env',
+    '.env.local',
+    '.env.production',
+    '.env.development',
+    'dist',
+    'build',
+    '.next',
+    '.nuxt',
+    '.svelte-kit',
+    'coverage',
+    '.cache'
+]);
+
+// Files to ignore during scanning, validation, and upload
+export const IGNORE_FILES = new Set([
+    '.launchpd.json',
+    'package-lock.json',
+    'yarn.lock',
+    'pnpm-lock.yaml',
+    '.DS_Store',
+    'Thumbs.db',
+    'desktop.ini',
+    '.gitignore',
+    '.npmignore',
+    'README.md',
+    'LICENSE'
+]);
+
+/**
+ * Check if a path or filename should be ignored
+ * @param {string} name - Base name of the file or directory
+ * @param {boolean} isDir - Whether the path is a directory
+ * @returns {boolean}
+ */
+export function isIgnored(name, isDir = false) {
+    if (isDir) {
+        return IGNORE_DIRECTORIES.has(name);
+    }
+    return IGNORE_FILES.has(name) || IGNORE_DIRECTORIES.has(name);
+}

package/src/utils/projectConfig.js

@@ -0,0 +1,73 @@
+import { existsSync } from 'node:fs';
+import { readFile, writeFile } from 'node:fs/promises';
+import { join, resolve } from 'node:path';
+
+const PROJECT_CONFIG_FILE = '.launchpd.json';
+
+/**
+ * Find project root by looking for .launchpd.json upwards
+ */
+export function findProjectRoot(startDir = process.cwd()) {
+    let current = resolve(startDir);
+    while (true) {
+        if (existsSync(join(current, PROJECT_CONFIG_FILE))) {
+            return current;
+        }
+        const parent = resolve(current, '..');
+        if (parent === current) return null;
+        current = parent;
+    }
+}
+
+/**
+ * Get project configuration
+ */
+export async function getProjectConfig(projectDir = findProjectRoot()) {
+    if (!projectDir) return null;
+
+    const configPath = join(projectDir, PROJECT_CONFIG_FILE);
+    try {
+        if (existsSync(configPath)) {
+            const content = await readFile(configPath, 'utf8');
+            return JSON.parse(content);
+        }
+    } catch {
+        // Silently fail or handle corrupted config
+    }
+    return null;
+}
+
+/**
+ * Save project configuration
+ */
+export async function saveProjectConfig(config, projectDir = process.cwd()) {
+    const configPath = join(projectDir, PROJECT_CONFIG_FILE);
+    await writeFile(configPath, JSON.stringify(config, null, 2), 'utf8');
+    return configPath;
+}
+
+/**
+ * Update project configuration
+ */
+export async function updateProjectConfig(updates, projectDir = findProjectRoot()) {
+    if (!projectDir) return null;
+    const config = await getProjectConfig(projectDir);
+    const newConfig = {
+        ...config,
+        ...updates,
+        updatedAt: new Date().toISOString()
+    };
+    return await saveProjectConfig(newConfig, projectDir);
+}
+
+/**
+ * Initialize a new project config
+ */
+export async function initProjectConfig(subdomain, projectDir = process.cwd()) {
+    const config = {
+        subdomain,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString()
+    };
+    return await saveProjectConfig(config, projectDir);
+}

package/src/utils/prompt.js

@@ -8,12 +8,15 @@ export function prompt(question) {
     const rl = createInterface({
         input: process.stdin,
         output: process.stdout,
+        terminal: true
     });
 
     return new Promise((resolve) => {
         rl.question(question, (answer) => {
             rl.close();
-            resolve(answer.trim());
+            // Small delay to allow Windows handles to cleanup before process.exit might be called
+            // Increased to 100ms to be safer against UV_HANDLE_CLOSING assertion on Windows
+            setTimeout(() => resolve(answer.trim()), 100);
         });
     });
 }

package/src/utils/quota.js

@@ -15,20 +15,49 @@ const API_BASE_URL = `https://api.${config.domain}`;
  *
  * @param {string} subdomain - Target subdomain (null for new site)
  * @param {number} estimatedBytes - Estimated upload size in bytes
+ * @param {object} options - Options
+ * @param {boolean} options.isUpdate - Whether this is known to be an update
  * @returns {Promise<{allowed: boolean, isNewSite: boolean, quota: object, warnings: string[]}>}
  */
-export async function checkQuota(subdomain, estimatedBytes = 0) {
+export async function checkQuota(subdomain, estimatedBytes = 0, options = {}) {
     const creds = await getCredentials();
 
     let quotaData;
 
     if (creds?.apiKey) {
         // Authenticated user
-        quotaData = await checkAuthenticatedQuota(creds.apiKey);
+        quotaData = await checkAuthenticatedQuota(creds.apiKey, options.isUpdate);
     } else {
         // Anonymous user
         quotaData = await checkAnonymousQuota();
     }
+    // ... skipped ...
+    /**
+     * Check quota for authenticated user
+     */
+    async function checkAuthenticatedQuota(apiKey, isUpdate = false) {
+        try {
+            const url = new URL(`${API_BASE_URL}/api/quota`);
+            if (isUpdate) {
+                url.searchParams.append('is_update', 'true');
+            }
+
+            const response = await fetch(url.toString(), {
+                headers: {
+                    'X-API-Key': apiKey,
+                },
+            });
+
+            if (!response.ok) {
+                return null;
+            }
+
+            return await response.json();
+        } catch {
+            return null;
+        }
+    }
+    // ... skipped ...
 
     if (!quotaData) {
         // API unavailable, allow deployment (fail-open for MVP)
@@ -40,10 +69,25 @@ export async function checkQuota(subdomain, estimatedBytes = 0) {
         };
     }
 
+    // DEBUG: Write input options to file
+    try {
+        const { appendFileSync } = await import('node:fs');
+        appendFileSync('quota_debug_trace.txt', `\n[${new Date().toISOString()}] Check: ${subdomain}, isUpdate: ${options.isUpdate}, type: ${typeof options.isUpdate}`);
+    } catch {
+        // Ignore trace errors
+    }
+
     // Check if this is an existing site the user owns
-    const isNewSite = subdomain ? !await userOwnsSite(creds?.apiKey, subdomain) : true;
+    // If explicitly marked as update, assume user owns it
+    let isNewSite = true;
+    if (options.isUpdate) {
+        isNewSite = false;
+    } else if (subdomain) {
+        isNewSite = !await userOwnsSite(creds?.apiKey, subdomain);
+    }
 
     const warnings = [...(quotaData.warnings || [])];
+
     const allowed = true;
 
     // Check if blocked (anonymous limit reached)
@@ -107,6 +151,8 @@ export async function checkQuota(subdomain, estimatedBytes = 0) {
         }
     }
 
+
+
     return {
         allowed,
         isNewSite,
@@ -115,26 +161,6 @@ export async function checkQuota(subdomain, estimatedBytes = 0) {
     };
 }
 
-/**
- * Check quota for authenticated user
- */
-async function checkAuthenticatedQuota(apiKey) {
-    try {
-        const response = await fetch(`${API_BASE_URL}/api/quota`, {
-            headers: {
-                'X-API-Key': apiKey,
-            },
-        });
-
-        if (!response.ok) {
-            return null;
-        }
-
-        return await response.json();
-    } catch {
-        return null;
-    }
-}
 
 /**
  * Check quota for anonymous user
@@ -180,12 +206,18 @@ async function userOwnsSite(apiKey, subdomain) {
         });
 
         if (!response.ok) {
+            console.log('Fetch subdomains failed:', response.status);
             return false;
         }
 
         const data = await response.json();
-        return data.subdomains?.some(s => s.subdomain === subdomain) || false;
-    } catch {
+        console.log('User subdomains:', data.subdomains?.map(s => s.subdomain));
+        console.log('Checking for:', subdomain);
+        const owns = data.subdomains?.some(s => s.subdomain === subdomain) || false;
+        console.log('Owns site?', owns);
+        return owns;
+    } catch (err) {
+        console.log('Error checking ownership:', err);
         return false;
     }
 }

package/src/utils/upload.js

@@ -4,6 +4,7 @@ import mime from 'mime-types';
 import { config } from '../config.js';
 import { getApiKey, getApiSecret } from './credentials.js';
 import { createHmac } from 'node:crypto';
+import { isIgnored } from './ignore.js';
 
 const API_BASE_URL = config.apiUrl;
 
@@ -72,7 +73,7 @@ async function uploadFile(content, subdomain, version, filePath, contentType) {
  * @param {string} folderName - Original folder name
  * @param {string|null} expiresAt - ISO expiration timestamp
  */
-async function completeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt) {
+async function completeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt, message) {
     const apiKey = await getApiKey();
     const apiSecret = await getApiSecret();
     const headers = {
@@ -87,6 +88,7 @@ async function completeUpload(subdomain, version, fileCount, totalBytes, folderN
         totalBytes,
         folderName,
         expiresAt,
+        message,
     });
 
     if (apiSecret) {
@@ -140,11 +142,26 @@ export async function uploadFolder(localPath, subdomain, version = 1, onProgress
     for (const file of files) {
         if (!file.isFile()) continue;
 
+        const fileName = file.name;
+        const parentDir = file.parentPath || file.path;
+
+        // Skip ignored directories in the path
+        const relativePath = relative(localPath, join(parentDir, fileName));
+        const pathParts = relativePath.split(sep);
+
+        if (pathParts.some(part => isIgnored(part, true))) {
+            continue;
+        }
+
+        // Skip ignored files
+        if (isIgnored(fileName, false)) {
+            continue;
+        }
+
         // Build full local path
-        const fullPath = join(file.parentPath || file.path, file.name);
+        const fullPath = join(parentDir, fileName);
 
         // Build relative path for R2 key
-        const relativePath = relative(localPath, fullPath);
         const posixPath = toPosixPath(relativePath);
 
         // Detect content type
@@ -176,6 +193,6 @@ export async function uploadFolder(localPath, subdomain, version = 1, onProgress
  * @param {string} folderName - Folder name
  * @param {string|null} expiresAt - Expiration ISO timestamp
  */
-export async function finalizeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt = null) {
-    return completeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt);
+export async function finalizeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt = null, message = null) {
+    return completeUpload(subdomain, version, fileCount, totalBytes, folderName, expiresAt, message);
 }

package/src/utils/validator.js

@@ -0,0 +1,90 @@
+import { readdir } from 'node:fs/promises';
+import { extname } from 'node:path';
+import { isIgnored } from './ignore.js';
+
+// Allowed static file extensions
+const ALLOWED_EXTENSIONS = new Set([
+    '.html', '.htm',
+    '.css', '.scss', '.sass',
+    '.js', '.mjs', '.cjs',
+    '.json', '.jsonld',
+    '.svg', '.png', '.jpg', '.jpeg', '.gif', '.webp', '.ico', '.avif',
+    '.woff', '.woff2', '.ttf', '.otf', '.eot',
+    '.mp4', '.webm', '.ogg', '.mp3', '.wav', '.flac',
+    '.pdf', '.txt', '.md', '.xml', '.yaml', '.yml'
+]);
+
+// Forbidden indicators (frameworks, build tools, backend code)
+const FORBIDDEN_INDICATORS = [
+    // Build systems & Frameworks
+    'package.json',
+    'package-lock.json',
+    'yarn.lock',
+    'pnpm-lock.yaml',
+    'node_modules',
+    'composer.json',
+    'vendor',
+    'requirements.txt',
+    'Gemfile',
+    'Makefile',
+    'tsconfig.json',
+    'next.config.js',
+    'nuxt.config.js',
+    'svelte.config.js',
+    'vite.config.js',
+    'webpack.config.js',
+    'rollup.config.js',
+    'angular.json',
+
+    // Backend/Source
+    '.jsx', '.tsx', '.ts', '.vue', '.svelte', '.php', '.py', '.rb', '.go', '.rs', '.java', '.cs', '.cpp', '.c',
+    '.env', '.env.local', '.env.production',
+    '.dockerfile', 'docker-compose.yml',
+
+    // Hidden/System
+    '.git', '.svn', '.hg'
+];
+
+/**
+ * Validates that a folder contains ONLY static files.
+ * @param {string} folderPath
+ * @returns {Promise<{success: boolean, violations: string[]}>}
+ */
+export async function validateStaticOnly(folderPath) {
+    const violations = [];
+
+    try {
+        const files = await readdir(folderPath, { recursive: true, withFileTypes: true });
+
+        for (const file of files) {
+            const fileName = file.name.toLowerCase();
+            const ext = extname(fileName);
+
+            // 1. Check if the file/dir itself is a forbidden indicator
+            if (FORBIDDEN_INDICATORS.includes(fileName) || FORBIDDEN_INDICATORS.includes(ext)) {
+                violations.push(file.name);
+                continue;
+            }
+
+            // 2. Skip ignored files and directories
+            if (isIgnored(fileName, file.isDirectory())) {
+                continue;
+            }
+
+            // 2. Check extension for non-allowed types (only for files)
+            if (file.isFile()) {
+                // Ignore files without extensions or if they start with a dot (but handle indicators above)
+                if (ext && !ALLOWED_EXTENSIONS.has(ext)) {
+                    violations.push(file.name);
+                }
+            }
+        }
+
+        return {
+            success: violations.length === 0,
+            violations: [...new Set(violations)] // Deduplicate
+        };
+    } catch (err) {
+        throw new Error(`Failed to validate folder: ${err.message}`);
+    }
+}