next-anteater 0.1.0

package/bin/setup-anteater.mjs

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import { main } from "../lib/setup.mjs";
+
+main().catch((err) => {
+  console.error(`\n  \x1b[31mError:\x1b[39m ${err.message}\n`);
+  process.exit(1);
+});

package/lib/detect.mjs

@@ -0,0 +1,106 @@
+/**
+ * Project detection — figures out what kind of project we're in.
+ */
+import { readFile, access } from "node:fs/promises";
+import { join } from "node:path";
+import { execSync } from "node:child_process";
+
+async function fileExists(path) {
+  try {
+    await access(path);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function readJson(path) {
+  try {
+    return JSON.parse(await readFile(path, "utf-8"));
+  } catch {
+    return null;
+  }
+}
+
+export async function detectProject(cwd) {
+  const result = {
+    isNextJs: false,
+    nextVersion: null,
+    isAppRouter: false,
+    isPagesRouter: false,
+    isTypeScript: false,
+    hasGit: false,
+    gitRemote: null, // "owner/repo"
+    hasPnpm: false,
+    hasYarn: false,
+    hasNpm: false,
+    packageManager: "npm",
+    layoutFile: null,
+    rootDir: cwd,
+  };
+
+  // Check package.json
+  const pkg = await readJson(join(cwd, "package.json"));
+  if (pkg) {
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    if (deps.next) {
+      result.isNextJs = true;
+      result.nextVersion = deps.next.replace(/[\^~]/, "");
+    }
+    result.isTypeScript = !!deps.typescript;
+  }
+
+  // Detect router type
+  if (await fileExists(join(cwd, "app", "layout.tsx")) || await fileExists(join(cwd, "app", "layout.js"))) {
+    result.isAppRouter = true;
+    result.layoutFile = (await fileExists(join(cwd, "app", "layout.tsx")))
+      ? "app/layout.tsx"
+      : "app/layout.js";
+  }
+  if (await fileExists(join(cwd, "pages", "_app.tsx")) || await fileExists(join(cwd, "pages", "_app.js"))) {
+    result.isPagesRouter = true;
+  }
+
+  // Detect package manager
+  if (await fileExists(join(cwd, "pnpm-lock.yaml")) || await fileExists(join(cwd, "pnpm-workspace.yaml"))) {
+    result.hasPnpm = true;
+    result.packageManager = "pnpm";
+  } else if (await fileExists(join(cwd, "yarn.lock"))) {
+    result.hasYarn = true;
+    result.packageManager = "yarn";
+  } else {
+    result.hasNpm = true;
+    result.packageManager = "npm";
+  }
+
+  // Detect git
+  if (await fileExists(join(cwd, ".git"))) {
+    result.hasGit = true;
+    try {
+      const remote = execSync("git remote get-url origin", { cwd, encoding: "utf-8" }).trim();
+      // Extract owner/repo from various URL formats
+      const match = remote.match(/github\.com[:/]([^/]+\/[^/.]+)/);
+      if (match) {
+        result.gitRemote = match[1].replace(/\.git$/, "");
+      }
+    } catch {
+      // No remote configured
+    }
+
+    // Detect default branch (what HEAD points to on the remote)
+    try {
+      const head = execSync("git symbolic-ref refs/remotes/origin/HEAD", { cwd, encoding: "utf-8" }).trim();
+      result.defaultBranch = head.replace("refs/remotes/origin/", "");
+    } catch {
+      // Fallback: check local HEAD branch name
+      try {
+        const branch = execSync("git rev-parse --abbrev-ref HEAD", { cwd, encoding: "utf-8" }).trim();
+        result.defaultBranch = branch;
+      } catch {
+        result.defaultBranch = "main";
+      }
+    }
+  }
+
+  return result;
+}

package/lib/scaffold.mjs

@@ -0,0 +1,631 @@
+/**
+ * File scaffolding — generates and writes Anteater files into the target project.
+ */
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { join, dirname } from "node:path";
+
+async function writeIfNotExists(path, content) {
+  try {
+    await readFile(path);
+    return false; // already exists
+  } catch {
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, content, "utf-8");
+    return true;
+  }
+}
+
+/**
+ * Generate anteater.config.ts
+ */
+export function generateConfig({ repo, allowedGlobs, blockedGlobs, autoMerge, isTypeScript, productionBranch }) {
+  const ext = isTypeScript ? "ts" : "js";
+  const typeImport = isTypeScript
+    ? `import type { AnteaterConfig } from "@anteater/next";\n\n`
+    : "";
+  const typeAnnotation = isTypeScript ? ": AnteaterConfig" : "";
+
+  return {
+    filename: `anteater.config.${ext}`,
+    content: `${typeImport}const config${typeAnnotation} = {
+  repo: "${repo}",
+  productionBranch: "${productionBranch}",
+  modes: ["prod", "copy"],
+  autoMerge: ${autoMerge},
+
+  allowedGlobs: [
+${allowedGlobs.map((g) => `    "${g}",`).join("\n")}
+  ],
+
+  blockedGlobs: [
+${blockedGlobs.map((g) => `    "${g}",`).join("\n")}
+  ],
+
+  requireReviewFor: ["auth", "billing", "payments", "dependencies"],
+  maxFilesChanged: 20,
+  maxDiffBytes: 120000,
+};
+
+export default config;
+`,
+  };
+}
+
+/**
+ * Generate API route handler.
+ *
+ * Uses string concatenation instead of nested template literals to avoid
+ * escape-sequence hell (template literals inside template literals).
+ */
+export function generateApiRoute({ isTypeScript, productionBranch }) {
+  const ext = isTypeScript ? "ts" : "js";
+  const TS = isTypeScript; // shorthand
+  const lines = [];
+  const add = (s) => lines.push(s);
+
+  // --- Imports ---
+  add('import { NextRequest, NextResponse } from "next/server";');
+  if (TS) add('import type { AnteaterRequest, AnteaterResponse, AnteaterStatusResponse } from "@anteater/next";');
+  add("");
+
+  // --- Helpers ---
+  add("/** Auto-detect repo from Vercel system env vars, fall back to ANTEATER_GITHUB_REPO */");
+  add("function getRepo()" + (TS ? ": string | undefined" : "") + " {");
+  add("  if (process.env.ANTEATER_GITHUB_REPO) return process.env.ANTEATER_GITHUB_REPO;");
+  add("  const owner = process.env.VERCEL_GIT_REPO_OWNER;");
+  add("  const slug = process.env.VERCEL_GIT_REPO_SLUG;");
+  add("  if (owner && slug) return `${owner}/${slug}`;");
+  add("  return undefined;");
+  add("}");
+  add("");
+  add("function ghFetch(url" + (TS ? ": string" : "") + ") {");
+  add("  const token = process.env.GITHUB_TOKEN;");
+  add("  return fetch(url, {");
+  add("    headers: {");
+  add("      Authorization: `Bearer ${token}`,");
+  add('      Accept: "application/vnd.github+json",');
+  add('      "X-GitHub-Api-Version": "2022-11-28",');
+  add("    },");
+  add('    cache: "no-store",');
+  add("  });");
+  add("}");
+  add("");
+  add("/** Return status response with deployment ID for client-side deploy detection */");
+  add("function status(body" + (TS ? ": AnteaterStatusResponse" : "") + ", httpStatus" + (TS ? "?: number" : "") + ") {");
+  add("  const deploymentId = process.env.VERCEL_DEPLOYMENT_ID;");
+  add("  return NextResponse.json({ ...body, deploymentId }, httpStatus ? { status: httpStatus } : undefined);");
+  add("}");
+  add("");
+
+  // --- POST handler ---
+  add("export async function POST(request" + (TS ? ": NextRequest" : "") + ") {");
+  add("  try {");
+  add("    const body" + (TS ? ": AnteaterRequest" : "") + " = await request.json();");
+  add("");
+  add("    if (!body.prompt?.trim()) {");
+  add("      return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "(");
+  add('        { requestId: "", branch: "", status: "error", error: "Prompt is required" },');
+  add("        { status: 400 }");
+  add("      );");
+  add("    }");
+  add("");
+  add("    // Auth: sec-fetch-site for same-origin (AnteaterBar), x-anteater-secret for external");
+  add("    const secret = process.env.ANTEATER_SECRET;");
+  add("    if (secret) {");
+  add('      const fetchSite = request.headers.get("sec-fetch-site");');
+  add('      const isSameOrigin = fetchSite === "same-origin";');
+  add("      if (!isSameOrigin) {");
+  add('        const authHeader = request.headers.get("x-anteater-secret");');
+  add("        if (authHeader !== secret) {");
+  add("          return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "(");
+  add('            { requestId: "", branch: "", status: "error", error: "Unauthorized" },');
+  add("            { status: 401 }");
+  add("          );");
+  add("        }");
+  add("      }");
+  add("    }");
+  add("");
+  add("    const repo = getRepo();");
+  add("    const token = process.env.GITHUB_TOKEN;");
+  add("    if (!repo || !token) {");
+  add("      return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "(");
+  add('        { requestId: "", branch: "", status: "error", error: "Server misconfigured" },');
+  add("        { status: 500 }");
+  add("      );");
+  add("    }");
+  add("");
+  add("    const requestId = crypto.randomUUID().slice(0, 8);");
+  add("    const branch = body.mode === \"copy\"");
+  add("      ? `anteater/friend-${requestId}`");
+  add("      : `anteater/run-${requestId}`;");
+  add("");
+  add("    const dispatchRes = await fetch(");
+  add("      `https://api.github.com/repos/${repo}/actions/workflows/anteater.yml/dispatches`,");
+  add("      {");
+  add('        method: "POST",');
+  add("        headers: {");
+  add("          Authorization: `Bearer ${token}`,");
+  add('          Accept: "application/vnd.github+json",');
+  add('          "X-GitHub-Api-Version": "2022-11-28",');
+  add("        },");
+  add("        body: JSON.stringify({");
+  add('          ref: "' + productionBranch + '",');
+  add("          inputs: {");
+  add("            requestId,");
+  add("            prompt: body.prompt,");
+  add('            mode: body.mode || "prod",');
+  add("            branch,");
+  add('            baseBranch: "' + productionBranch + '",');
+  add('            autoMerge: String(body.mode !== "copy"),');
+  add("          },");
+  add("        }),");
+  add("      }");
+  add("    );");
+  add("");
+  add("    if (!dispatchRes.ok) {");
+  add("      const err = await dispatchRes.text();");
+  add("      return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "(");
+  add("        { requestId, branch, status: \"error\", error: `GitHub dispatch failed: ${dispatchRes.status}` },");
+  add("        { status: 502 }");
+  add("      );");
+  add("    }");
+  add("");
+  add("    return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "({ requestId, branch, status: \"queued\" });");
+  add("  } catch {");
+  add("    return NextResponse.json" + (TS ? "<AnteaterResponse>" : "") + "(");
+  add('      { requestId: "", branch: "", status: "error", error: "Invalid request body" },');
+  add("      { status: 400 }");
+  add("    );");
+  add("  }");
+  add("}");
+  add("");
+
+  // --- GET handler (status polling) ---
+  add("/**");
+  add(" * GET /api/anteater?branch=anteater/run-xxx");
+  add(" * Polls pipeline status. Deploy detection handled client-side via deployment ID.");
+  add(" */");
+  add("export async function GET(request" + (TS ? ": NextRequest" : "") + ") {");
+  add("  const branch = request.nextUrl.searchParams.get(\"branch\");");
+  add("  if (!branch) {");
+  add('    return status({ step: "error", completed: true, error: "Missing branch param" }, 400);');
+  add("  }");
+  add("");
+  add("  const repo = getRepo();");
+  add("  const token = process.env.GITHUB_TOKEN;");
+  add("  if (!repo || !token) {");
+  add('    return status({ step: "error", completed: true, error: "Server misconfigured" }, 500);');
+  add("  }");
+  add("");
+  add("  try {");
+  add("    const prRes = await ghFetch(");
+  add("      `https://api.github.com/repos/${repo}/pulls?head=${repo.split(\"/\")[0]}:${branch}&state=all&per_page=1`,");
+  add("    );");
+  add("    if (prRes.ok) {");
+  add("      const prs = await prRes.json();");
+  add("      if (prs.length) {");
+  add("        const pr = prs[0];");
+  add("        if (pr.merged_at) {");
+  add("          const mergedAgo = Date.now() - new Date(pr.merged_at).getTime();");
+  add("          const step = mergedAgo > 150000 ? \"done\" : \"redeploying\";");
+  add("          return status({ step, completed: step === \"done\" });");
+  add("        }");
+  add("        if (pr.state === \"closed\") {");
+  add('          return status({ step: "error", completed: true, error: "PR was closed without merging" });');
+  add("        }");
+  add("        return status({ step: \"merging\", completed: false });");
+  add("      }");
+  add("    }");
+  add("");
+  add("    const branchRes = await ghFetch(");
+  add("      `https://api.github.com/repos/${repo}/git/refs/heads/${branch}`,");
+  add("    );");
+  add("    if (branchRes.ok) {");
+  add("      return status({ step: \"merging\", completed: false });");
+  add("    }");
+  add("");
+  add("    const runsRes = await ghFetch(");
+  add("      `https://api.github.com/repos/${repo}/actions/workflows/anteater.yml/runs?per_page=5`,");
+  add("    );");
+  add("    if (runsRes.ok) {");
+  add("      const { workflow_runs: runs } = await runsRes.json();");
+  add("      const recentFailed = runs?.find(");
+  add('        (r' + (TS ? ": { status: string; conclusion: string; created_at: string }" : "") + ') => r.status === "completed" && r.conclusion === "failure" &&');
+  add("          Date.now() - new Date(r.created_at).getTime() < 5 * 60 * 1000,");
+  add("      );");
+  add("      if (recentFailed) {");
+  add('        return status({ step: "error", completed: true, error: "Workflow failed — check GitHub Actions" });');
+  add("      }");
+  add("    }");
+  add("");
+  add("    return status({ step: \"working\", completed: false });");
+  add("  } catch {");
+  add('    return status({ step: "error", completed: true, error: "Status check failed" }, 500);');
+  add("  }");
+  add("}");
+
+  return {
+    filename: `route.${ext}`,
+    content: lines.join("\n") + "\n",
+  };
+}
+
+/**
+ * Generate .claude/settings.local.json for agent permissions.
+ */
+export function generateClaudeSettings({ model, permissionsMode }) {
+  if (permissionsMode === "unrestricted") {
+    return JSON.stringify({
+      model,
+      alwaysThinkingEnabled: true,
+      skipDangerousModePermissionPrompt: true,
+      permissions: {
+        defaultMode: "bypassPermissions",
+        allow: [
+          "Bash", "Edit", "Write", "MultiEdit", "NotebookEdit",
+          "WebFetch", "WebSearch", "Skill", "mcp__*",
+        ],
+        deny: [],
+      },
+    }, null, 2) + "\n";
+  }
+
+  // Sandboxed (default)
+  return JSON.stringify({
+    model,
+    alwaysThinkingEnabled: true,
+    skipDangerousModePermissionPrompt: true,
+    permissions: {
+      defaultMode: "bypassPermissions",
+      allow: [
+        "Read", "Edit", "Write", "Glob", "Grep",
+        "Bash(git *)", "Bash(npm *)", "Bash(pnpm *)",
+        "Bash(npx *)", "Bash(node *)", "Bash(ls *)",
+        "Bash(find *)", "Bash(mkdir *)", "Bash(rm *)",
+        "Bash(cp *)", "Bash(mv *)",
+      ],
+      deny: [
+        "WebFetch", "WebSearch",
+        "Bash(curl *)", "Bash(wget *)",
+        "Bash(gh *)", "Bash(vercel *)",
+        "mcp__*",
+      ],
+    },
+  }, null, 2) + "\n";
+}
+
+/**
+ * Generate the GitHub Actions workflow.
+ */
+export function generateWorkflow({ allowedGlobs, blockedGlobs, productionBranch, model }) {
+  const allowed = allowedGlobs.join(", ");
+  const blocked = blockedGlobs.join(", ");
+
+  return `name: Anteater Apply
+
+on:
+  workflow_dispatch:
+    inputs:
+      requestId:
+        description: "Unique request ID"
+        required: true
+      prompt:
+        description: "Natural language change request"
+        required: true
+      mode:
+        description: "prod or copy"
+        required: true
+        default: "prod"
+      branch:
+        description: "Branch to create and commit to"
+        required: true
+      baseBranch:
+        description: "Base branch to fork from"
+        required: true
+        default: "${productionBranch}"
+      autoMerge:
+        description: "Auto-merge the PR if true"
+        required: false
+        default: "true"
+
+permissions:
+  contents: write
+  pull-requests: write
+  id-token: write
+
+jobs:
+  apply:
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    steps:
+      - name: Checkout base branch
+        uses: actions/checkout@v4
+        with:
+          ref: \${{ inputs.baseBranch }}
+          fetch-depth: 0
+
+      - name: Create and switch to target branch
+        run: git checkout -b "\${{ inputs.branch }}"
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install dependencies
+        run: |
+          npm install -g pnpm@9 --silent
+          pnpm install --frozen-lockfile
+
+      - name: Run Anteater agent
+        uses: anthropics/claude-code-action@v1
+        with:
+          prompt: |
+            You are Anteater, an AI agent that modifies a web app based on user requests.
+
+            USER REQUEST: \${{ inputs.prompt }}
+
+            RULES:
+            - Only edit files under: ${allowed}
+            - NEVER edit: ${blocked}
+            - Make minimal, focused changes
+            - Preserve existing code style
+            - After making changes, run the build command to verify the build passes
+            - If the build fails, read the error output and fix the issues, then build again
+            - Keep iterating until the build passes or you've tried 3 times
+            - Do NOT commit — just leave the changed files on disk
+
+            IMPORTANT: Always verify your changes compile by running the build command.
+          anthropic_api_key: \${{ secrets.ANTHROPIC_API_KEY }}
+          model: "${model}"
+          claude_args: "--allowedTools Edit,Read,Write,Bash,Glob,Grep --max-turns 25"
+
+      - name: Check for changes
+        id: changes
+        run: |
+          git add -A
+          if git diff --staged --quiet; then
+            echo "has_changes=false" >> "\\$GITHUB_OUTPUT"
+          else
+            echo "has_changes=true" >> "\\$GITHUB_OUTPUT"
+          fi
+
+      - name: Commit changes
+        if: steps.changes.outputs.has_changes == 'true'
+        env:
+          PROMPT: \${{ inputs.prompt }}
+        run: |
+          git config user.name "anteater[bot]"
+          git config user.email "anteater[bot]@users.noreply.github.com"
+          git commit -m "anteater: \${PROMPT}"
+
+      - name: Push branch
+        if: steps.changes.outputs.has_changes == 'true'
+        run: |
+          git remote set-url origin "https://x-access-token:\${GITHUB_TOKEN}@github.com/\${{ github.repository }}.git"
+          git push origin "\${{ inputs.branch }}"
+        env:
+          GITHUB_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+
+      - name: Create pull request
+        if: steps.changes.outputs.has_changes == 'true'
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+          PROMPT: \${{ inputs.prompt }}
+          REQUEST_ID: \${{ inputs.requestId }}
+          MODE: \${{ inputs.mode }}
+        run: |
+          gh pr create \\
+            --base "\${{ inputs.baseBranch }}" \\
+            --head "\${{ inputs.branch }}" \\
+            --title "anteater: \${PROMPT}" \\
+            --body "Automated change by Anteater (request \\\`\${REQUEST_ID}\\\`).
+
+          **Prompt:** \${PROMPT}
+          **Mode:** \${MODE}"
+
+      - name: Auto-merge PR
+        if: steps.changes.outputs.has_changes == 'true' && inputs.autoMerge == 'true'
+        env:
+          GH_TOKEN: \${{ secrets.GITHUB_TOKEN }}
+        run: gh pr merge "\${{ inputs.branch }}" --squash --delete-branch
+`;
+}
+
+/**
+ * Generate the AI apply script.
+ */
+export function generateApplyScript() {
+  // Read from the existing script in the monorepo — or inline it
+  return `#!/usr/bin/env node
+
+import { readFile, writeFile, mkdir } from "node:fs/promises";
+import { dirname, relative, resolve } from "node:path";
+import { glob } from "node:fs/promises";
+import { parseArgs } from "node:util";
+
+const { values: args } = parseArgs({
+  options: {
+    prompt: { type: "string" },
+    "allowed-paths": { type: "string" },
+    "blocked-paths": { type: "string", default: "" },
+  },
+});
+
+const ANTHROPIC_API_KEY = process.env.ANTHROPIC_API_KEY;
+if (!ANTHROPIC_API_KEY) { console.error("Missing ANTHROPIC_API_KEY"); process.exit(1); }
+if (!args.prompt) { console.error("Missing --prompt"); process.exit(1); }
+
+const allowedGlobs = args["allowed-paths"]?.split(",").map((s) => s.trim()) ?? [];
+const blockedGlobs = args["blocked-paths"]?.split(",").filter(Boolean).map((s) => s.trim()) ?? [];
+
+async function collectFiles() {
+  const files = new Set();
+  for (const pattern of allowedGlobs) {
+    for await (const entry of glob(pattern)) {
+      const rel = relative(process.cwd(), resolve(entry)).replace(/\\\\/g, "/");
+      let blocked = false;
+      for (const bp of blockedGlobs) {
+        const prefix = bp.replace(/\\/?\\*\\*?$/, "");
+        if (rel === prefix || rel.startsWith(prefix + "/")) { blocked = true; break; }
+      }
+      if (!blocked && !rel.includes("node_modules")) files.add(rel);
+    }
+  }
+  return [...files].sort();
+}
+
+async function readFiles(paths) {
+  const result = {};
+  for (const p of paths) {
+    try { result[p] = await readFile(p, "utf-8"); } catch {}
+  }
+  return result;
+}
+
+async function callClaude(prompt, fileContents) {
+  const fileList = Object.entries(fileContents)
+    .map(([path, content]) => \`--- \${path} ---\\n\${content}\`).join("\\n\\n");
+
+  const res = await fetch("https://api.anthropic.com/v1/messages", {
+    method: "POST",
+    headers: {
+      "Content-Type": "application/json",
+      "x-api-key": ANTHROPIC_API_KEY,
+      "anthropic-version": "2023-06-01",
+    },
+    body: JSON.stringify({
+      model: "claude-sonnet-4-20250514",
+      max_tokens: 16384,
+      system: \`You are Anteater, an AI coding agent. You modify web application source files based on user requests.
+RULES: Make minimal, focused changes. Only modify files that need to change. Preserve existing code style.
+Never modify environment files, API routes, or configuration.
+CRITICAL: The "path" in each output object MUST exactly match one of the input file paths. Do NOT shorten, rename, or strip prefixes from paths.
+OUTPUT FORMAT: Return a JSON array of objects with "path" and "content". Return ONLY valid JSON, no markdown fences.
+If no changes are needed, return an empty array: []\`,
+      messages: [{ role: "user", content: \`Files:\\n\\n\${fileList}\\n\\nRequest: \${prompt}\` }],
+    }),
+  });
+
+  if (!res.ok) throw new Error(\`Anthropic API error \${res.status}: \${await res.text()}\`);
+  const data = await res.json();
+  if (data.stop_reason === "max_tokens") throw new Error("Response truncated — max_tokens exceeded");
+  return JSON.parse(data.content?.[0]?.text || "[]");
+}
+
+async function main() {
+  console.log(\`Anteater agent: "\${args.prompt}"\`);
+  const paths = await collectFiles();
+  console.log(\`Found \${paths.length} editable files\`);
+  if (!paths.length) { console.log("No files matched."); process.exit(0); }
+
+  const contents = await readFiles(paths);
+  console.log("Calling Claude...");
+  const changes = await callClaude(args.prompt, contents);
+
+  if (!changes?.length) { console.log("No changes needed."); process.exit(0); }
+
+  // Validate returned paths match input files
+  const validPathSet = new Set(Object.keys(contents));
+  const validated = [];
+  for (const change of changes) {
+    if (validPathSet.has(change.path)) {
+      validated.push(change);
+    } else {
+      console.warn(\`  Rejected: \${change.path} (not in allowed input files)\`);
+      const basename = change.path.split("/").pop();
+      const match = [...validPathSet].find((p) => p.endsWith("/" + basename));
+      if (match) {
+        console.log(\`  Corrected: \${change.path} → \${match}\`);
+        validated.push({ path: match, content: change.content });
+      }
+    }
+  }
+
+  if (!validated.length) { console.log("No valid changes after path validation."); process.exit(0); }
+  console.log(\`Modifying \${validated.length} file(s)\`);
+  for (const { path, content } of validated) {
+    await mkdir(dirname(path), { recursive: true });
+    await writeFile(path, content, "utf-8");
+    console.log(\`  Updated: \${path}\`);
+  }
+  console.log("Done!");
+}
+
+main().catch((err) => { console.error("Agent failed:", err); process.exit(1); });
+`;
+}
+
+/**
+ * Patch the layout file to include AnteaterBar.
+ */
+export async function patchLayout(layoutPath, cwd) {
+  const fullPath = join(cwd, layoutPath);
+  let content = await readFile(fullPath, "utf-8");
+
+  // Don't patch if already has AnteaterBar
+  if (content.includes("AnteaterBar")) {
+    return false;
+  }
+
+  // Add import at the top (after last import line)
+  const importLine = `import { AnteaterBar } from "@anteater/next";\n`;
+  const lastImportIdx = content.lastIndexOf("import ");
+  if (lastImportIdx !== -1) {
+    const endOfLine = content.indexOf("\n", lastImportIdx);
+    content = content.slice(0, endOfLine + 1) + importLine + content.slice(endOfLine + 1);
+  }
+
+  // Add <AnteaterBar /> before closing </body>
+  content = content.replace(
+    /([ \t]*)<\/body>/,
+    `$1  <AnteaterBar />\n$1</body>`
+  );
+
+  await writeFile(fullPath, content, "utf-8");
+  return true;
+}
+
+/**
+ * Write all scaffolded files.
+ */
+export async function scaffoldFiles(cwd, options) {
+  const results = [];
+
+  // anteater.config
+  const config = generateConfig(options);
+  if (await writeIfNotExists(join(cwd, config.filename), config.content)) {
+    results.push(config.filename);
+  }
+
+  // API route
+  const route = generateApiRoute(options);
+  const routeDir = options.isAppRouter ? "app/api/anteater" : "pages/api/anteater";
+  const routePath = join(cwd, routeDir, route.filename);
+  if (await writeIfNotExists(routePath, route.content)) {
+    results.push(join(routeDir, route.filename));
+  }
+
+  // GitHub Action workflow
+  const workflowPath = join(cwd, ".github/workflows/anteater.yml");
+  if (await writeIfNotExists(workflowPath, generateWorkflow(options))) {
+    results.push(".github/workflows/anteater.yml");
+  }
+
+  // Claude Code agent settings
+  if (options.model && options.permissionsMode) {
+    const settingsPath = join(cwd, ".claude/settings.local.json");
+    if (await writeIfNotExists(settingsPath, generateClaudeSettings(options))) {
+      results.push(".claude/settings.local.json");
+    }
+  }
+
+  // Patch layout
+  if (options.layoutFile) {
+    if (await patchLayout(options.layoutFile, cwd)) {
+      results.push(`${options.layoutFile} (patched)`);
+    }
+  }
+
+  return results;
+}

package/lib/secrets.mjs

@@ -0,0 +1,165 @@
+/**
+ * Secrets management — sets GitHub Actions secrets and Vercel env vars.
+ */
+import { execSync } from "node:child_process";
+import crypto from "node:crypto";
+
+/**
+ * Check if a CLI tool is available.
+ */
+export function hasCommand(cmd) {
+  try {
+    execSync(`${cmd} --version`, { stdio: "ignore" });
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Generate a random secret.
+ */
+export function generateSecret() {
+  return `ak_${crypto.randomBytes(16).toString("hex")}`;
+}
+
+/**
+ * Validate an Anthropic API key by making a lightweight API call.
+ */
+export async function validateAnthropicKey(key) {
+  try {
+    const res = await fetch("https://api.anthropic.com/v1/messages", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        "x-api-key": key,
+        "anthropic-version": "2023-06-01",
+      },
+      body: JSON.stringify({
+        model: "claude-sonnet-4-20250514",
+        max_tokens: 1,
+        messages: [{ role: "user", content: "hi" }],
+      }),
+    });
+    // 200 = valid key, 400 = valid key (bad request is fine), 401 = invalid
+    return res.status !== 401 && res.status !== 403;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Check if a GitHub token has the scopes needed to dispatch workflows.
+ * Returns { ok, scopes, missing } — missing lists what's absent.
+ */
+export async function validateGitHubToken(token, repo) {
+  try {
+    // Check token scopes via the API
+    const res = await fetch("https://api.github.com/", {
+      headers: {
+        Authorization: `Bearer ${token}`,
+        Accept: "application/vnd.github+json",
+      },
+    });
+    const scopeHeader = res.headers.get("x-oauth-scopes") || "";
+    const scopes = scopeHeader.split(",").map((s) => s.trim()).filter(Boolean);
+
+    // Fine-grained PATs don't return x-oauth-scopes — test dispatch directly
+    if (!scopes.length) {
+      const dispatchOk = await testDispatchAccess(token, repo);
+      return { ok: dispatchOk, scopes: ["fine-grained"], missing: dispatchOk ? [] : ["actions:write"] };
+    }
+
+    const missing = [];
+    if (!scopes.includes("repo")) missing.push("repo");
+    if (!scopes.includes("workflow")) missing.push("workflow");
+    return { ok: missing.length === 0, scopes, missing };
+  } catch {
+    return { ok: false, scopes: [], missing: ["unknown"] };
+  }
+}
+
+/**
+ * Test if a token can actually dispatch the anteater workflow.
+ * Uses a dry-run approach: checks if the workflow exists and is accessible.
+ */
+async function testDispatchAccess(token, repo) {
+  try {
+    const res = await fetch(
+      `https://api.github.com/repos/${repo}/actions/workflows`,
+      {
+        headers: {
+          Authorization: `Bearer ${token}`,
+          Accept: "application/vnd.github+json",
+        },
+      }
+    );
+    return res.ok;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Set a GitHub Actions secret using the gh CLI.
+ */
+export function setGitHubSecret(repo, name, value) {
+  if (!hasCommand("gh")) {
+    throw new Error("GitHub CLI (gh) is not installed. Install it: https://cli.github.com");
+  }
+  execSync(`gh secret set ${name} --repo ${repo} --body -`, {
+    input: value,
+    stdio: ["pipe", "ignore", "pipe"],
+  });
+}
+
+/**
+ * Set a Vercel environment variable using the vercel CLI.
+ * Returns false if vercel CLI is not available.
+ */
+export function setVercelEnv(name, value, environments = ["production", "preview", "development"]) {
+  if (!hasCommand("vercel")) {
+    return false;
+  }
+  for (const env of environments) {
+    try {
+      execSync(`vercel env add ${name} ${env} --force`, {
+        input: value,
+        stdio: ["pipe", "ignore", "pipe"],
+      });
+    } catch {
+      // May fail if not linked — that's okay
+      return false;
+    }
+  }
+  return true;
+}
+
+/**
+ * Write secrets to a local .env.local file (fallback).
+ */
+export async function writeEnvLocal(cwd, secrets) {
+  const { writeFile, readFile } = await import("node:fs/promises");
+  const { join } = await import("node:path");
+  const envPath = join(cwd, ".env.local");
+
+  let existing = "";
+  try {
+    existing = await readFile(envPath, "utf-8");
+  } catch {
+    // File doesn't exist yet
+  }
+
+  const lines = [];
+  for (const [key, value] of Object.entries(secrets)) {
+    // Don't duplicate existing keys
+    if (!existing.includes(`${key}=`)) {
+      lines.push(`${key}=${value}`);
+    }
+  }
+
+  if (lines.length > 0) {
+    const newContent = existing + (existing.endsWith("\n") || !existing ? "" : "\n") + lines.join("\n") + "\n";
+    await writeFile(envPath, newContent, "utf-8");
+  }
+}

package/lib/setup.mjs

@@ -0,0 +1,316 @@
+/**
+ * anteater setup — Interactive CLI to install and configure Anteater.
+ *
+ * Core logic extracted from bin/setup-anteater.mjs so it can be
+ * imported by tests without hitting the shebang line.
+ */
+
+import { execSync } from "node:child_process";
+import {
+  bold, dim, green, red, yellow, cyan,
+  ok, fail, warn, info, heading, blank,
+  ask, confirm, select, spinner,
+} from "./ui.mjs";
+import { detectProject } from "./detect.mjs";
+import { scaffoldFiles } from "./scaffold.mjs";
+import {
+  validateAnthropicKey, validateGitHubToken, setGitHubSecret, setVercelEnv,
+  writeEnvLocal, hasCommand,
+} from "./secrets.mjs";
+
+const cwd = process.cwd();
+
+export async function main() {
+  console.log();
+  console.log(`  ${bold("\u{1F41C} Anteater Setup")}`);
+  console.log(`  ${"\u2500".repeat(17)}`);
+  blank();
+
+  // ─── Preflight checks ──────────────────────────────────────
+  heading("Preflight");
+
+  if (!hasCommand("gh")) {
+    fail("GitHub CLI (gh) is required. Install it: https://cli.github.com");
+    process.exit(1);
+  }
+  ok("GitHub CLI installed");
+
+  if (!hasCommand("vercel")) {
+    fail("Vercel CLI is required. Install it: npm i -g vercel");
+    process.exit(1);
+  }
+  ok("Vercel CLI installed");
+
+  // ─── Detect project ─────────────────────────────────────────
+  const project = await detectProject(cwd);
+
+  if (!project.isNextJs) {
+    fail("No Next.js project found. Run this from your Next.js project root.");
+    process.exit(1);
+  }
+  ok(`Next.js ${project.nextVersion ?? ""} ${project.isAppRouter ? "(App Router)" : "(Pages Router)"}`);
+
+  if (!project.hasGit || !project.gitRemote) {
+    fail("No GitHub remote found. Run: git remote add origin <url>");
+    process.exit(1);
+  }
+  ok(`Repo: ${project.gitRemote}`);
+  ok(`Branch: ${project.defaultBranch || "main"}`);
+  ok(`Package manager: ${project.packageManager}`);
+  blank();
+
+  // ─── Step 1: Anthropic API key ──────────────────────────────
+  heading("Step 1 of 4 \u2014 AI Provider");
+  info(`Get a key at ${cyan("https://console.anthropic.com/keys")}`);
+  blank();
+
+  let anthropicKey;
+  while (true) {
+    anthropicKey = await ask("Anthropic API key:", { mask: true });
+    if (!anthropicKey) { warn("Required."); continue; }
+    const valid = await spinner("Validating", () => validateAnthropicKey(anthropicKey));
+    if (valid) break;
+    fail("Invalid key. Check that it starts with sk-ant- and try again.");
+  }
+  blank();
+
+  // ─── Step 2: GitHub access ──────────────────────────────────
+  heading("Step 2 of 4 \u2014 GitHub Access");
+
+  let githubToken;
+  try {
+    githubToken = execSync("gh auth token", { encoding: "utf-8" }).trim();
+  } catch {
+    fail("GitHub CLI not authenticated. Run: gh auth login");
+    process.exit(1);
+  }
+
+  // OAuth tokens (gho_*) expire in ~8 hours \u2014 not suitable for Vercel env
+  if (githubToken.startsWith("gho_")) {
+    warn("Your GitHub CLI token is a short-lived OAuth token (expires in ~8 hours).");
+    info("Anteater needs a long-lived Personal Access Token (PAT) for the deployed API route.");
+    info(`Create one at ${cyan("https://github.com/settings/tokens")} with ${bold("repo")} + ${bold("workflow")} scopes.`);
+    blank();
+    githubToken = await ask("Paste your GitHub PAT (ghp_... or github_pat_...):");
+    if (!githubToken) {
+      fail("A GitHub PAT is required.");
+      process.exit(1);
+    }
+  } else {
+    ok("Using token from GitHub CLI");
+  }
+
+  const check = await spinner("Checking permissions", () =>
+    validateGitHubToken(githubToken, project.gitRemote)
+  );
+
+  if (!check.ok && check.missing.length > 0 && !check.missing.includes("unknown")) {
+    if (githubToken.startsWith("ghp_") || githubToken.startsWith("github_pat_")) {
+      fail("Token is missing required scopes: " + check.missing.join(", "));
+      info("Create a new PAT with repo + workflow scopes.");
+      process.exit(1);
+    }
+    info("Upgrading token scopes...");
+    try {
+      execSync(`gh auth refresh --scopes ${check.missing.join(",")}`, { stdio: "inherit" });
+      githubToken = execSync("gh auth token", { encoding: "utf-8" }).trim();
+      ok("Token scopes updated");
+    } catch {
+      fail("Could not upgrade token. Run: gh auth refresh --scopes repo,workflow");
+      process.exit(1);
+    }
+  } else if (check.ok) {
+    ok("Token has required permissions");
+  }
+  blank();
+
+  // ─── Step 3: Configure paths ────────────────────────────────
+  heading("Step 3 of 4 \u2014 Editable Paths");
+
+  const defaultAllowed = [];
+  const defaultBlocked = ["lib/auth/**", "lib/billing/**", ".env*"];
+
+  if (project.isAppRouter) {
+    defaultAllowed.push("app/**", "components/**", "styles/**");
+    defaultBlocked.push("app/api/**");
+  } else {
+    defaultAllowed.push("pages/**", "components/**", "styles/**");
+    defaultBlocked.push("pages/api/**");
+  }
+
+  console.log(`  ${green("Allowed:")} ${defaultAllowed.join(", ")}`);
+  console.log(`  ${red("Blocked:")} ${defaultBlocked.join(", ")}`);
+  blank();
+
+  const useDefaults = await confirm("Use these defaults?");
+  let allowedGlobs = defaultAllowed;
+  let blockedGlobs = defaultBlocked;
+
+  if (!useDefaults) {
+    const customAllowed = await ask("Allowed globs (comma-separated):");
+    const customBlocked = await ask("Blocked globs (comma-separated):");
+    if (customAllowed) allowedGlobs = customAllowed.split(",").map((s) => s.trim());
+    if (customBlocked) blockedGlobs = customBlocked.split(",").map((s) => s.trim());
+  }
+  blank();
+
+  // ─── Step 4: Agent configuration ─────────────────────────────
+  heading("Step 4 of 4 \u2014 Agent Configuration");
+
+  const model = await select("Select AI model:", [
+    { label: "Sonnet (recommended)", hint: "fast, cost-effective, great for most changes", value: "sonnet" },
+    { label: "Opus", hint: "most capable, higher cost", value: "opus" },
+    { label: "Opus 1M", hint: "Opus with extended context (1M tokens)", value: "opus[1m]" },
+    { label: "Haiku", hint: "fastest, lowest cost, best for simple changes", value: "haiku" },
+  ]);
+  ok(`Model: ${model}`);
+  blank();
+
+  let permissionsMode = await select("Select agent permissions mode:", [
+    { label: "Sandboxed (recommended)", hint: "full local access, no internet or external services", value: "sandboxed" },
+    { label: "Unrestricted", hint: "full access including web, GitHub CLI, Vercel, and all MCP tools", value: "unrestricted" },
+  ]);
+
+  if (permissionsMode === "unrestricted") {
+    blank();
+    warn("Unrestricted mode grants the AI agent full access to:");
+    info("  - Internet (web fetches, searches, curl)");
+    info("  - GitHub CLI (push, PR creation, issue management)");
+    info("  - Vercel CLI (deployments, env vars)");
+    info("  - All MCP tools (browser automation, etc.)");
+    info("  - File deletion and system commands");
+    blank();
+    warn("The agent will run with bypassPermissions \u2014 no confirmation prompts.");
+    warn("Only use this if you trust the prompts your users will submit.");
+    blank();
+    const confirmed = await confirm("Confirm unrestricted mode?", false);
+    if (!confirmed) {
+      permissionsMode = "sandboxed";
+      ok("Falling back to Sandboxed mode");
+    } else {
+      ok("Unrestricted mode confirmed");
+    }
+  } else {
+    ok("Sandboxed mode \u2014 agent cannot access internet or external services");
+  }
+  blank();
+
+  // ─── Install & scaffold ─────────────────────────────────────
+  heading("Installing");
+
+  const installCmd = {
+    pnpm: "pnpm add @anteater/next",
+    yarn: "yarn add @anteater/next",
+    npm: "npm install @anteater/next",
+  }[project.packageManager];
+
+  await spinner("Installing @anteater/next", () => {
+    execSync(installCmd, { cwd, stdio: "ignore" });
+  });
+
+  const productionBranch = project.defaultBranch || "main";
+  const scaffolded = await spinner("Creating files", () =>
+    scaffoldFiles(cwd, {
+      repo: project.gitRemote,
+      allowedGlobs,
+      blockedGlobs,
+      autoMerge: true,
+      productionBranch,
+      isTypeScript: project.isTypeScript,
+      isAppRouter: project.isAppRouter,
+      layoutFile: project.layoutFile,
+      model,
+      permissionsMode,
+    })
+  );
+
+  for (const f of scaffolded) ok(`Created ${f}`);
+
+  // ─── Set secrets ────────────────────────────────────────────
+  heading("Configuring secrets");
+
+  // GitHub Actions secret
+  try {
+    await spinner("Setting ANTHROPIC_API_KEY in GitHub secrets", () => {
+      setGitHubSecret(project.gitRemote, "ANTHROPIC_API_KEY", anthropicKey);
+    });
+  } catch (err) {
+    warn(`Could not set secret: ${err.message}`);
+    info("Set manually: gh secret set ANTHROPIC_API_KEY --repo " + project.gitRemote);
+  }
+
+  // .env.local for local dev (only GITHUB_TOKEN needed)
+  await spinner("Writing .env.local", () =>
+    writeEnvLocal(cwd, { GITHUB_TOKEN: githubToken })
+  );
+
+  // Vercel: only GITHUB_TOKEN needed (repo auto-detected, deploy detection automatic)
+  await spinner("Setting GITHUB_TOKEN in Vercel", () => {
+    setVercelEnv("GITHUB_TOKEN", githubToken);
+  });
+
+  // ─── Push workflow ──────────────────────────────────────────
+  if (scaffolded.some((f) => f.includes("anteater.yml"))) {
+    await spinner("Pushing workflow to GitHub", () => {
+      execSync(`git add .github/workflows/anteater.yml`, { cwd, stdio: "ignore" });
+      execSync(`git commit -m "chore: add Anteater workflow"`, { cwd, stdio: "ignore" });
+      execSync(`git push origin ${productionBranch}`, { cwd, stdio: "ignore" });
+    });
+
+    // Verify
+    const activated = await spinner("Verifying workflow", async () => {
+      await new Promise((r) => setTimeout(r, 2000));
+      try {
+        const res = await fetch(
+          `https://api.github.com/repos/${project.gitRemote}/actions/workflows`,
+          { headers: { Authorization: `Bearer ${githubToken}`, Accept: "application/vnd.github+json" } }
+        );
+        const data = await res.json();
+        return data.workflows?.some((w) => w.path === ".github/workflows/anteater.yml" && w.state === "active");
+      } catch { return false; }
+    });
+
+    if (activated) ok("Workflow active");
+    else warn(`Check: ${cyan(`https://github.com/${project.gitRemote}/actions`)}`);
+  }
+
+  // ─── Test ───────────────────────────────────────────────────
+  const dispatchOk = await spinner("Running test dispatch", async () => {
+    try {
+      const res = await fetch(
+        `https://api.github.com/repos/${project.gitRemote}/actions/workflows/anteater.yml/dispatches`,
+        {
+          method: "POST",
+          headers: {
+            Authorization: `Bearer ${githubToken}`,
+            Accept: "application/vnd.github+json",
+            "X-GitHub-Api-Version": "2022-11-28",
+          },
+          body: JSON.stringify({
+            ref: productionBranch,
+            inputs: {
+              requestId: "setup-test",
+              prompt: "setup verification \u2014 no changes expected",
+              mode: "prod",
+              branch: "anteater/setup-test",
+              baseBranch: productionBranch,
+              autoMerge: "false",
+            },
+          }),
+        }
+      );
+      return res.status === 204;
+    } catch { return false; }
+  });
+
+  if (dispatchOk) ok("Pipeline is working");
+  else warn("Test dispatch failed \u2014 check GitHub Actions");
+
+  // ─── Done! ──────────────────────────────────────────────────
+  blank();
+  console.log(`  ${bold(green("\u{1F41C} Anteater is ready."))}`);
+  blank();
+  info(`Deploy your app and look for the "${green("Edit this page")}" button.`);
+  info("Users can modify your app by typing changes in the Anteater bar.");
+  blank();
+}

package/lib/ui.mjs

@@ -0,0 +1,102 @@
+/**
+ * Terminal UI helpers — zero dependencies.
+ */
+import * as readline from "node:readline";
+
+// ANSI colors
+const esc = (code) => `\x1b[${code}m`;
+export const bold = (s) => `${esc(1)}${s}${esc(22)}`;
+export const dim = (s) => `${esc(2)}${s}${esc(22)}`;
+export const green = (s) => `${esc(32)}${s}${esc(39)}`;
+export const red = (s) => `${esc(31)}${s}${esc(39)}`;
+export const yellow = (s) => `${esc(33)}${s}${esc(39)}`;
+export const cyan = (s) => `${esc(36)}${s}${esc(39)}`;
+
+export const ok = (msg) => console.log(`  ${green("✓")} ${msg}`);
+export const fail = (msg) => console.log(`  ${red("✗")} ${msg}`);
+export const warn = (msg) => console.log(`  ${yellow("!")} ${msg}`);
+export const info = (msg) => console.log(`  ${dim(msg)}`);
+export const heading = (msg) => console.log(`\n  ${bold(msg)}\n  ${"─".repeat(msg.length)}`);
+export const blank = () => console.log();
+
+/**
+ * Prompt the user for text input.
+ */
+export function ask(question, { mask = false } = {}) {
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+    });
+
+    // If masking, mute output and write dots
+    if (mask) {
+      const origWrite = process.stdout.write.bind(process.stdout);
+      process.stdout.write = (chunk, encoding, cb) => {
+        // Let the question prompt through, mask everything after
+        if (typeof chunk === "string" && chunk.includes(question)) {
+          return origWrite(chunk, encoding, cb);
+        }
+        // Replace characters with bullets
+        const masked = typeof chunk === "string" ? chunk.replace(/[^\r\n]/g, "•") : chunk;
+        return origWrite(masked, encoding, cb);
+      };
+
+      rl.on("close", () => {
+        process.stdout.write = origWrite;
+      });
+    }
+
+    rl.question(`  ${cyan("?")} ${question} `, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+/**
+ * Prompt yes/no (defaults to yes).
+ */
+export async function confirm(question, defaultYes = true) {
+  const hint = defaultYes ? "Y/n" : "y/N";
+  const answer = await ask(`${question} ${dim(`(${hint})`)}`);
+  if (!answer) return defaultYes;
+  return answer.toLowerCase().startsWith("y");
+}
+
+/**
+ * Prompt user to select from a list.
+ */
+export async function select(question, options) {
+  console.log(`  ${cyan("?")} ${question}`);
+  for (let i = 0; i < options.length; i++) {
+    const marker = i === 0 ? green("❯") : " ";
+    console.log(`    ${marker} ${options[i].label}${options[i].hint ? dim(` — ${options[i].hint}`) : ""}`);
+  }
+  const answer = await ask(`Enter choice (1-${options.length}):`, {});
+  const idx = parseInt(answer, 10) - 1;
+  if (idx >= 0 && idx < options.length) return options[idx].value;
+  return options[0].value; // default to first
+}
+
+/**
+ * Show a spinner while an async function runs.
+ */
+export async function spinner(msg, fn) {
+  const frames = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
+  let i = 0;
+  const interval = setInterval(() => {
+    process.stdout.write(`\r  ${green(frames[i++ % frames.length])} ${msg}`);
+  }, 80);
+
+  try {
+    const result = await fn();
+    clearInterval(interval);
+    process.stdout.write(`\r  ${green("✓")} ${msg}\n`);
+    return result;
+  } catch (err) {
+    clearInterval(interval);
+    process.stdout.write(`\r  ${red("✗")} ${msg}\n`);
+    throw err;
+  }
+}

package/package.json

@@ -0,0 +1,15 @@
+{
+  "name": "next-anteater",
+  "version": "0.1.0",
+  "description": "AI-powered live editing for your Next.js app",
+  "bin": {
+    "anteater": "./bin/setup-anteater.mjs"
+  },
+  "type": "module",
+  "files": ["bin/", "lib/"],
+  "keywords": ["anteater", "ai", "nextjs", "github-actions", "vercel"],
+  "license": "MIT",
+  "engines": {
+    "node": ">=20"
+  }
+}