layero 0.1.0

package/README.md

@@ -0,0 +1,61 @@
+# layero
+
+CLI for [Layero](https://layero.ru) — publish a local site with one command.
+
+## Install
+
+```bash
+npm install -g layero
+```
+
+Requires Node.js ≥ 20.
+
+## Quick start
+
+```bash
+layero login          # opens browser for OAuth (GitHub / Google / Yandex)
+cd my-site
+layero deploy         # packs the current dir, uploads, builds and publishes
+```
+
+The first `layero deploy` in a directory creates a project and links it via
+`./.layero/project.json`. Subsequent runs reuse the same project.
+
+## Commands
+
+| Command | Description |
+|---|---|
+| `layero login` | Authenticate via browser. |
+| `layero logout` | Remove the saved auth token. |
+| `layero whoami` | Show current account. |
+| `layero projects list` | List projects on your account. |
+| `layero link <id_or_slug>` | Link cwd to an existing project. |
+| `layero deploy` | Pack cwd and deploy. |
+| `layero token` | Manage the auth token directly. |
+
+Run `layero <cmd> --help` for full options.
+
+## `layero deploy` flags
+
+- `--type <preset>` — framework preset: `vite`, `next`, `astro`, `cra`,
+  `sveltekit`, `nuxt`, `gatsby`, `static`.
+- `--name <name>` — project name (only on first deploy).
+- `--project <id_or_slug>` — deploy into an existing project, ignoring
+  `./.layero/project.json` (useful for CI).
+- `--yes` / `-y` — non-interactive mode.
+
+## Ignore rules
+
+`layero deploy` honours `.gitignore` and `.layeroignore`. The following are
+always excluded: `node_modules`, `.git`, `dist`, `build`, `.next`, `.env*`,
+`.DS_Store`. Maximum archive size is 200 MB.
+
+## Config
+
+- Auth token: `~/.layero/config.json` (chmod 600).
+- Per-project link: `./.layero/project.json`.
+
+## Links
+
+- Website: https://layero.ru
+- Issues: https://github.com/layero/layero/issues

package/dist/api.js

@@ -0,0 +1,94 @@
+export class ApiError extends Error {
+    status;
+    body;
+    constructor(message, status, body) {
+        super(message);
+        this.status = status;
+        this.body = body;
+    }
+}
+export class ApiClient {
+    cfg;
+    constructor(cfg) {
+        this.cfg = cfg;
+    }
+    headers(extra) {
+        const h = { ...extra };
+        if (this.cfg.token) {
+            h.Authorization = `Bearer ${this.cfg.token}`;
+        }
+        return h;
+    }
+    async request(method, path, body) {
+        const url = `${this.cfg.apiUrl.replace(/\/+$/, "")}${path}`;
+        const init = {
+            method,
+            headers: this.headers(body !== undefined ? { "Content-Type": "application/json" } : undefined),
+        };
+        if (body !== undefined) {
+            init.body = JSON.stringify(body);
+        }
+        const resp = await fetch(url, init);
+        const text = await resp.text();
+        if (!resp.ok) {
+            throw new ApiError(`API ${method} ${path} → ${resp.status}: ${text.slice(0, 500)}`, resp.status, text);
+        }
+        if (!text) {
+            return undefined;
+        }
+        return JSON.parse(text);
+    }
+    me() {
+        return this.request("GET", "/auth/me");
+    }
+    listProjects() {
+        return this.request("GET", "/projects");
+    }
+    getProject(idOrSlug) {
+        return this.request("GET", `/projects/${idOrSlug}`);
+    }
+    createCliProject(input) {
+        return this.request("POST", "/projects", {
+            name: input.name,
+            slug: input.slug,
+            source_type: "cli",
+            framework_hint: input.framework_hint,
+        });
+    }
+    initUpload(projectId) {
+        return this.request("POST", `/projects/${projectId}/uploads`);
+    }
+    triggerDeploy(projectId, input) {
+        return this.request("POST", `/projects/${projectId}/deploy`, input);
+    }
+    pollLogs(deployId, afterId) {
+        return this.request("GET", `/deploys/${deployId}/logs?after_id=${afterId}`);
+    }
+    setHandle(value) {
+        return this.request("POST", "/me/handle", { value });
+    }
+    checkHandle(value) {
+        return this.request("GET", `/me/handle/check?value=${encodeURIComponent(value)}`);
+    }
+}
+export async function uploadArchive(init, filePath) {
+    const fs = await import("node:fs");
+    const stat = await fs.promises.stat(filePath);
+    // Use Node fetch with a stream body. Duplex 'half' is required when the
+    // body is a stream — Node refuses otherwise.
+    const stream = fs.createReadStream(filePath);
+    const resp = await fetch(init.upload_url, {
+        method: "PUT",
+        headers: {
+            ...init.headers,
+            "Content-Length": String(stat.size),
+        },
+        // @ts-expect-error duplex is a Node-specific option for streamed bodies
+        duplex: "half",
+        body: stream,
+    });
+    if (!resp.ok) {
+        const text = await resp.text();
+        throw new Error(`S3 PUT ${resp.status}: ${text.slice(0, 500)}`);
+    }
+}

package/dist/bin/layero.js

@@ -0,0 +1,70 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import chalk from "chalk";
+import { whoamiCmd } from "../commands/whoami.js";
+import { logoutCmd } from "../commands/logout.js";
+import { projectsListCmd } from "../commands/projects.js";
+import { linkCmd } from "../commands/link.js";
+import { tokenSetCmd } from "../commands/token.js";
+import { deployCmd } from "../commands/deploy.js";
+import { loginCmd } from "../commands/login.js";
+const VERSION = "0.1.0";
+async function main() {
+    const program = new Command();
+    program
+        .name("layero")
+        .description("Layero CLI — publish a local site with one command.")
+        .version(VERSION);
+    program
+        .command("login")
+        .description("Authenticate via browser (GitHub / Google / Yandex).")
+        .option("-p, --provider <provider>", "OAuth provider to use (github | google | yandex)", "github")
+        .option("--port <port>", "fixed loopback port (default: random)", (v) => Number(v))
+        .addHelpText("after", "\nExamples:\n  $ layero login\n  $ layero login --provider google")
+        .action(async (opts) => {
+        await loginCmd({ provider: opts.provider, port: opts.port });
+    });
+    program
+        .command("logout")
+        .description("Remove the saved auth token.")
+        .action(logoutCmd);
+    program
+        .command("whoami")
+        .description("Show the currently logged-in account.")
+        .action(whoamiCmd);
+    const projects = program
+        .command("projects")
+        .description("Inspect projects on your account.");
+    projects
+        .command("list")
+        .description("List your projects.")
+        .action(projectsListCmd);
+    program
+        .command("link <id_or_slug>")
+        .description("Link the current directory to an existing project.")
+        .action(linkCmd);
+    const token = program
+        .command("token")
+        .description("Manage the auth token directly (advanced).");
+    token
+        .command("set <jwt>")
+        .description("Persist a JWT obtained out-of-band (e.g. from the web UI). " +
+        "Use this until `layero login` is fully wired up.")
+        .action(tokenSetCmd);
+    program
+        .command("deploy")
+        .description("Pack the current directory and deploy it.")
+        .option("-t, --type <preset>", "framework hint (vite | next | astro | cra | sveltekit | nuxt | gatsby | static)")
+        .option("--name <name>", "project name (only used on first deploy)")
+        .option("--project <id_or_slug>", "deploy into an existing project, ignoring local config")
+        .option("-y, --yes", "non-interactive: accept defaults, fail if anything is missing")
+        .addHelpText("after", "\nExamples:\n  $ layero deploy\n  $ layero deploy --type vite\n  $ layero deploy --project my-site --yes")
+        .action(async (opts) => {
+        await deployCmd(opts);
+    });
+    await program.parseAsync(process.argv);
+}
+main().catch((err) => {
+    console.error(chalk.red(err.message ?? String(err)));
+    process.exit(1);
+});

package/dist/commands/deploy.js

@@ -0,0 +1,117 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+import readline from "node:readline/promises";
+import chalk from "chalk";
+import { ApiClient, uploadArchive } from "../api.js";
+import { loadConfig } from "../config.js";
+import { loadProjectConfig, saveProjectConfig, } from "../project-config.js";
+import { packCwd } from "../pack.js";
+import { streamDeployLogs } from "../logs.js";
+const VALID_TYPES = new Set([
+    "vite",
+    "next",
+    "nextjs",
+    "astro",
+    "cra",
+    "sveltekit",
+    "svelte",
+    "nuxt",
+    "gatsby",
+    "static",
+]);
+async function prompt(question, fallback) {
+    const rl = readline.createInterface({
+        input: process.stdin,
+        output: process.stdout,
+    });
+    try {
+        const answer = (await rl.question(`${question} [${fallback}]: `)).trim();
+        return answer || fallback;
+    }
+    finally {
+        rl.close();
+    }
+}
+async function resolveProject(api, cwd, opts) {
+    if (opts.project) {
+        const all = await api.listProjects();
+        const match = all.find((p) => p.id === opts.project) ??
+            all.find((p) => p.slug === opts.project);
+        if (!match) {
+            throw new Error(`no project with id/slug "${opts.project}"`);
+        }
+        return { project: match, createdNow: false };
+    }
+    const existing = await loadProjectConfig(cwd);
+    if (existing) {
+        const project = await api.getProject(existing.project_id);
+        return { project, createdNow: false };
+    }
+    // No project_id locally — create one.
+    const me = await api.me();
+    if (!me.handle) {
+        throw new Error("no handle set on your account. open https://app.layero.ru/onboarding " +
+            "and pick one, then re-run.");
+    }
+    const fallbackName = path.basename(cwd);
+    const name = opts.name ?? (opts.yes ? fallbackName : await prompt("project name", fallbackName));
+    const project = await api.createCliProject({
+        name,
+        framework_hint: opts.type,
+    });
+    await saveProjectConfig(cwd, {
+        project_id: project.id,
+        slug: project.slug,
+        owner_slug: project.owner.slug,
+        apex_hostname: project.apex_hostname,
+        framework_hint: opts.type ?? null,
+    });
+    return { project, createdNow: true };
+}
+export async function deployCmd(opts) {
+    if (opts.type && !VALID_TYPES.has(opts.type.toLowerCase())) {
+        throw new Error(`unknown --type "${opts.type}". valid: ${[...VALID_TYPES].join(", ")}`);
+    }
+    const cfg = await loadConfig();
+    if (!cfg.token) {
+        throw new Error("not logged in. run `layero login` first.");
+    }
+    const api = new ApiClient(cfg);
+    const cwd = process.cwd();
+    const { project, createdNow } = await resolveProject(api, cwd, opts);
+    if (project.source_type !== "cli") {
+        throw new Error(`project "${project.slug}" is a GitHub-source project; ` +
+            "use the dashboard's Deploy button or push to the linked repo.");
+    }
+    if (createdNow) {
+        console.log(chalk.green(`created project ${project.slug} → https://${project.apex_hostname}`));
+    }
+    console.log(chalk.cyan("packing source..."));
+    const pack = await packCwd(cwd, project.slug);
+    console.log(chalk.dim(`  ${pack.fileCount} files, ${(pack.size / (1024 * 1024)).toFixed(2)} MB, sha256=${pack.sha256.slice(0, 12)}`));
+    try {
+        console.log(chalk.cyan("requesting upload URL..."));
+        const init = await api.initUpload(project.id);
+        console.log(chalk.cyan("uploading archive..."));
+        await uploadArchive(init, pack.archivePath);
+        console.log(chalk.cyan("triggering deploy..."));
+        const deploy = await api.triggerDeploy(project.id, {
+            source_archive_key: init.source_archive_key,
+            commit_sha: pack.sha256,
+            commit_message: "CLI deploy",
+            framework_hint: opts.type,
+        });
+        console.log(chalk.dim(`  deploy_id=${deploy.id}`));
+        const final = await streamDeployLogs(api, deploy.id);
+        if (final.status !== "ready") {
+            console.error(chalk.red(`deploy failed (${final.status})${final.error_message ? `: ${final.error_message}` : ""}`));
+            process.exitCode = 1;
+            return;
+        }
+        console.log(chalk.green(`deploy ready → https://${project.apex_hostname}`));
+    }
+    finally {
+        // Always clean up the local archive.
+        await fs.unlink(pack.archivePath).catch(() => undefined);
+    }
+}

package/dist/commands/link.js

@@ -0,0 +1,37 @@
+import chalk from "chalk";
+import { ApiClient } from "../api.js";
+import { loadConfig } from "../config.js";
+import { saveProjectConfig } from "../project-config.js";
+export async function linkCmd(idOrSlug) {
+    const cfg = await loadConfig();
+    if (!cfg.token) {
+        console.error(chalk.yellow("not logged in. run `layero login` first."));
+        process.exitCode = 1;
+        return;
+    }
+    const api = new ApiClient(cfg);
+    // The backend accepts UUIDs only on /projects/{id}; for slug we fall back
+    // to listing — this is fine because users typically have <100 projects.
+    let proj;
+    try {
+        proj = await api.getProject(idOrSlug);
+    }
+    catch {
+        const all = await api.listProjects();
+        const match = all.find((p) => p.slug === idOrSlug);
+        if (!match) {
+            console.error(chalk.red(`no project with id/slug "${idOrSlug}"`));
+            process.exitCode = 1;
+            return;
+        }
+        proj = match;
+    }
+    await saveProjectConfig(process.cwd(), {
+        project_id: proj.id,
+        slug: proj.slug,
+        owner_slug: proj.owner.slug,
+        apex_hostname: proj.apex_hostname,
+        framework_hint: proj.framework_hint,
+    });
+    console.log(chalk.green(`linked ${proj.slug} (${proj.id}) → ./.layero/project.json`));
+}

package/dist/commands/login.js

@@ -0,0 +1,93 @@
+import http from "node:http";
+import { randomBytes } from "node:crypto";
+import chalk from "chalk";
+import open from "open";
+import { loadConfig, saveConfig } from "../config.js";
+import { ApiClient } from "../api.js";
+const LOGIN_TIMEOUT_MS = 5 * 60 * 1000;
+/**
+ * Browser-based OAuth login. Runs a one-shot loopback HTTP server on
+ * 127.0.0.1, opens the browser at /auth/cli/start, waits for the
+ * frontend's CliBridge page to POST the JWT back. Server stops as soon
+ * as a valid token arrives or LOGIN_TIMEOUT_MS elapses.
+ *
+ * NOTE: this command depends on backend endpoints that may not be live yet
+ * (`/auth/cli/start`, frontend `/oauth/cli-bridge`). If you can already
+ * obtain a JWT through the web UI, use `layero token set <jwt>` as a
+ * temporary alternative.
+ */
+export async function loginCmd(opts) {
+    const cfg = await loadConfig();
+    const state = randomBytes(16).toString("hex");
+    const provider = opts.provider ?? "github";
+    const desiredPort = opts.port ?? Number(process.env.LAYERO_LOGIN_PORT ?? 0);
+    const tokenPromise = new Promise((resolve, reject) => {
+        const server = http.createServer(async (req, res) => {
+            const url = new URL(req.url ?? "/", "http://127.0.0.1");
+            if (url.pathname !== "/callback") {
+                res.writeHead(404).end("not found");
+                return;
+            }
+            // Accept token via POST body (preferred) or GET query (fallback).
+            let body = "";
+            if (req.method === "POST") {
+                for await (const chunk of req)
+                    body += chunk;
+            }
+            let token;
+            let receivedState;
+            if (body) {
+                try {
+                    const parsed = JSON.parse(body);
+                    token = parsed.token;
+                    receivedState = parsed.state;
+                }
+                catch {
+                    // ignore; fall through to query
+                }
+            }
+            token ??= url.searchParams.get("token") ?? undefined;
+            receivedState ??= url.searchParams.get("state") ?? undefined;
+            if (!token || receivedState !== state) {
+                res.writeHead(400, { "Access-Control-Allow-Origin": "*" }).end("bad state");
+                return;
+            }
+            res
+                .writeHead(200, {
+                "Content-Type": "text/plain",
+                "Access-Control-Allow-Origin": "*",
+            })
+                .end("ok — you can close this tab");
+            server.close();
+            resolve(token);
+        });
+        server.on("error", reject);
+        server.listen(desiredPort, "127.0.0.1", () => {
+            const port = server.address().port;
+            const callback = `http://127.0.0.1:${port}/callback`;
+            const startUrl = `${cfg.apiUrl.replace(/\/+$/, "")}/auth/cli/start` +
+                `?provider=${provider}` +
+                `&callback=${encodeURIComponent(callback)}` +
+                `&state=${state}`;
+            console.log(chalk.cyan(`opening browser for ${provider} login...`));
+            console.log(chalk.dim(`if it doesn't open, paste this URL: ${startUrl}`));
+            open(startUrl).catch(() => {
+                // open failure is non-fatal — user can paste the URL manually.
+            });
+        });
+        setTimeout(() => {
+            server.close();
+            reject(new Error(`login timed out after ${LOGIN_TIMEOUT_MS / 1000}s`));
+        }, LOGIN_TIMEOUT_MS);
+    });
+    const token = await tokenPromise;
+    cfg.token = token;
+    const probe = new ApiClient(cfg);
+    const me = await probe.me();
+    cfg.user = { id: me.id, handle: me.handle, email: me.email };
+    await saveConfig(cfg);
+    console.log(chalk.green(`logged in as ${me.handle ?? me.email ?? me.id}`));
+    if (!me.handle) {
+        console.log(chalk.yellow("no handle set — open https://app.layero.ru/onboarding to pick one."));
+    }
+}

package/dist/commands/logout.js

@@ -0,0 +1,6 @@
+import chalk from "chalk";
+import { clearConfig, configPath } from "../config.js";
+export async function logoutCmd() {
+    await clearConfig();
+    console.log(chalk.green(`logged out (removed ${configPath()})`));
+}

package/dist/commands/projects.js

@@ -0,0 +1,21 @@
+import chalk from "chalk";
+import { ApiClient } from "../api.js";
+import { loadConfig } from "../config.js";
+export async function projectsListCmd() {
+    const cfg = await loadConfig();
+    if (!cfg.token) {
+        console.error(chalk.yellow("not logged in. run `layero login` first."));
+        process.exitCode = 1;
+        return;
+    }
+    const api = new ApiClient(cfg);
+    const list = await api.listProjects();
+    if (list.length === 0) {
+        console.log("no projects yet — `layero deploy` to create one.");
+        return;
+    }
+    for (const p of list) {
+        const tag = p.source_type === "cli" ? chalk.magenta("[cli]") : chalk.blue("[gh] ");
+        console.log(`${tag} ${chalk.bold(p.slug)}  ${chalk.dim(p.id)}  https://${p.apex_hostname}`);
+    }
+}

package/dist/commands/token.js

@@ -0,0 +1,24 @@
+import chalk from "chalk";
+import { loadConfig, saveConfig } from "../config.js";
+import { ApiClient } from "../api.js";
+export async function tokenSetCmd(jwt) {
+    const cfg = await loadConfig();
+    cfg.token = jwt.trim();
+    // Probe /auth/me to validate the token before persisting.
+    const probe = new ApiClient(cfg);
+    try {
+        const me = await probe.me();
+        cfg.user = { id: me.id, handle: me.handle, email: me.email };
+    }
+    catch (err) {
+        console.error(chalk.red(`token rejected by API: ${err.message}`));
+        process.exitCode = 1;
+        return;
+    }
+    await saveConfig(cfg);
+    console.log(chalk.green(`saved token for ${cfg.user?.handle ?? cfg.user?.email ?? cfg.user?.id}`));
+    if (!cfg.user?.handle) {
+        console.log(chalk.yellow("no handle set — open https://app.layero.ru/onboarding to pick one " +
+            "before `layero deploy`."));
+    }
+}

package/dist/commands/whoami.js

@@ -0,0 +1,19 @@
+import chalk from "chalk";
+import { ApiClient } from "../api.js";
+import { loadConfig } from "../config.js";
+export async function whoamiCmd() {
+    const cfg = await loadConfig();
+    if (!cfg.token) {
+        console.error(chalk.yellow("not logged in. run `layero login` first."));
+        process.exitCode = 1;
+        return;
+    }
+    const api = new ApiClient(cfg);
+    const me = await api.me();
+    console.log(`id:     ${me.id}`);
+    console.log(`handle: ${me.handle ?? chalk.yellow("(not set)")}`);
+    console.log(`email:  ${me.email ?? "(none)"}`);
+    if (me.github_login) {
+        console.log(`github: ${me.github_login}`);
+    }
+}

package/dist/config.js

@@ -0,0 +1,50 @@
+import { promises as fs } from "node:fs";
+import { homedir } from "node:os";
+import path from "node:path";
+const CONFIG_DIR = path.join(homedir(), ".layero");
+const CONFIG_FILE = path.join(CONFIG_DIR, "config.json");
+const DEFAULT_API_URL = process.env.LAYERO_API_URL ?? "https://api.layero.ru";
+async function ensureDir() {
+    await fs.mkdir(CONFIG_DIR, { recursive: true });
+}
+export async function loadConfig() {
+    try {
+        const raw = await fs.readFile(CONFIG_FILE, "utf-8");
+        const parsed = JSON.parse(raw);
+        return {
+            apiUrl: parsed.apiUrl ?? DEFAULT_API_URL,
+            token: parsed.token,
+            user: parsed.user,
+        };
+    }
+    catch (err) {
+        if (err?.code === "ENOENT") {
+            return { apiUrl: DEFAULT_API_URL };
+        }
+        throw err;
+    }
+}
+export async function saveConfig(cfg) {
+    await ensureDir();
+    const data = JSON.stringify(cfg, null, 2);
+    await fs.writeFile(CONFIG_FILE, data, { encoding: "utf-8", mode: 0o600 });
+    // Re-chmod in case the file already existed with looser perms. On Windows
+    // this is a no-op (NTFS ignores POSIX bits) — file ACLs default to the
+    // user's profile, which is the right scope.
+    if (process.platform !== "win32") {
+        await fs.chmod(CONFIG_FILE, 0o600);
+    }
+}
+export async function clearConfig() {
+    try {
+        await fs.unlink(CONFIG_FILE);
+    }
+    catch (err) {
+        if (err?.code !== "ENOENT") {
+            throw err;
+        }
+    }
+}
+export function configPath() {
+    return CONFIG_FILE;
+}

package/dist/logs.js

@@ -0,0 +1,34 @@
+import chalk from "chalk";
+const POLL_INTERVAL_MS = 1500;
+function colorForStream(stream) {
+    switch (stream) {
+        case "meta":
+            return chalk.cyan;
+        case "stderr":
+            return chalk.red;
+        default:
+            return (s) => s;
+    }
+}
+export async function streamDeployLogs(api, deployId) {
+    let afterId = 0;
+    let lastStage = null;
+    // Loop until terminal — the server's per-stage timeouts bound duration.
+    // eslint-disable-next-line no-constant-condition
+    while (true) {
+        const poll = await api.pollLogs(deployId, afterId);
+        if (poll.current_stage && poll.current_stage !== lastStage) {
+            lastStage = poll.current_stage;
+            process.stderr.write(chalk.bold.blue(`▶ stage: ${poll.current_stage}\n`));
+        }
+        for (const line of poll.lines) {
+            afterId = Math.max(afterId, line.id);
+            const paint = colorForStream(line.stream);
+            process.stdout.write(paint(line.line) + "\n");
+        }
+        if (poll.terminal) {
+            return poll;
+        }
+        await new Promise((res) => setTimeout(res, POLL_INTERVAL_MS));
+    }
+}

package/dist/pack.js

@@ -0,0 +1,111 @@
+import { createHash } from "node:crypto";
+import { promises as fs, createReadStream } from "node:fs";
+import { tmpdir } from "node:os";
+import path from "node:path";
+import { create as tarCreate } from "tar";
+import ignore from "ignore";
+const MAX_BYTES = 200 * 1024 * 1024;
+const DEFAULT_IGNORE = [
+    "node_modules",
+    ".git",
+    ".svn",
+    ".hg",
+    "dist",
+    "build",
+    ".next",
+    ".nuxt",
+    ".output",
+    ".cache",
+    ".turbo",
+    ".vercel",
+    ".netlify",
+    ".env",
+    ".env.*",
+    "*.log",
+    ".DS_Store",
+    "Thumbs.db",
+    ".layero",
+];
+async function readIgnoreFile(filePath) {
+    try {
+        const text = await fs.readFile(filePath, "utf-8");
+        return text
+            .replace(/\r\n/g, "\n")
+            .split("\n")
+            .map((l) => l.trim())
+            .filter((l) => l && !l.startsWith("#"));
+    }
+    catch (err) {
+        if (err?.code === "ENOENT")
+            return [];
+        throw err;
+    }
+}
+async function buildIgnore(cwd) {
+    const ig = ignore();
+    ig.add(DEFAULT_IGNORE);
+    ig.add(await readIgnoreFile(path.join(cwd, ".gitignore")));
+    ig.add(await readIgnoreFile(path.join(cwd, ".layeroignore")));
+    return ig;
+}
+async function walk(cwd, ig) {
+    const out = [];
+    async function visit(rel) {
+        const abs = rel === "" ? cwd : path.join(cwd, rel);
+        const entries = await fs.readdir(abs, { withFileTypes: true });
+        for (const e of entries) {
+            const childRel = rel === "" ? e.name : path.join(rel, e.name);
+            // The ignore package wants forward slashes regardless of platform.
+            const childPosix = childRel.split(path.sep).join("/");
+            const isDir = e.isDirectory();
+            const probe = isDir ? `${childPosix}/` : childPosix;
+            if (ig.ignores(probe))
+                continue;
+            if (isDir) {
+                await visit(childRel);
+            }
+            else if (e.isFile() || e.isSymbolicLink()) {
+                out.push(childRel);
+            }
+        }
+    }
+    await visit("");
+    return out;
+}
+async function sha256OfFile(p) {
+    const hash = createHash("sha256");
+    const stream = createReadStream(p);
+    for await (const chunk of stream) {
+        hash.update(chunk);
+    }
+    return hash.digest("hex");
+}
+export async function packCwd(cwd, projectName) {
+    const ig = await buildIgnore(cwd);
+    const files = await walk(cwd, ig);
+    if (files.length === 0) {
+        throw new Error("no files to upload after applying .gitignore/.layeroignore — " +
+            "check that you're in the right directory");
+    }
+    const stamp = Date.now();
+    const safeName = projectName.replace(/[^a-zA-Z0-9._-]/g, "_");
+    const archivePath = path.join(tmpdir(), `layero-${safeName}-${stamp}.tgz`);
+    // Single root directory inside the archive — matches the github_archive
+    // contract on the builder side, which strips one root prefix.
+    const rootName = `layero-${safeName}-${stamp}`;
+    await tarCreate({
+        file: archivePath,
+        gzip: { level: 6 },
+        cwd,
+        portable: true,
+        prefix: rootName,
+    }, files);
+    const stat = await fs.stat(archivePath);
+    if (stat.size > MAX_BYTES) {
+        await fs.unlink(archivePath).catch(() => undefined);
+        throw new Error(`archive is ${(stat.size / (1024 * 1024)).toFixed(1)}MB — over the 200MB limit. ` +
+            "Add large directories to .layeroignore.");
+    }
+    const sha256 = await sha256OfFile(archivePath);
+    return { archivePath, sha256, size: stat.size, fileCount: files.length };
+}

package/dist/project-config.js

@@ -0,0 +1,22 @@
+import { promises as fs } from "node:fs";
+import path from "node:path";
+export function projectConfigPath(cwd) {
+    return path.join(cwd, ".layero", "project.json");
+}
+export async function loadProjectConfig(cwd) {
+    try {
+        const raw = await fs.readFile(projectConfigPath(cwd), "utf-8");
+        return JSON.parse(raw);
+    }
+    catch (err) {
+        if (err?.code === "ENOENT") {
+            return null;
+        }
+        throw err;
+    }
+}
+export async function saveProjectConfig(cwd, cfg) {
+    const dir = path.join(cwd, ".layero");
+    await fs.mkdir(dir, { recursive: true });
+    await fs.writeFile(projectConfigPath(cwd), JSON.stringify(cfg, null, 2), "utf-8");
+}

package/package.json

@@ -0,0 +1,33 @@
+{
+  "name": "layero",
+  "version": "0.1.0",
+  "description": "Layero CLI — publish a local site with one command.",
+  "license": "MIT",
+  "type": "module",
+  "engines": {
+    "node": ">=20"
+  },
+  "bin": {
+    "layero": "./dist/bin/layero.js"
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsc -p tsconfig.json",
+    "prepublishOnly": "npm run build",
+    "dev": "tsc -p tsconfig.json --watch"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "ignore": "^5.3.2",
+    "open": "^10.1.0",
+    "tar": "^7.4.3"
+  },
+  "devDependencies": {
+    "@types/node": "^20.14.10",
+    "typescript": "^5.5.4"
+  }
+}