next-anteater 0.2.4 → 0.2.6

package/README.md

@@ -0,0 +1,47 @@
+# next-anteater
+
+Let users make your app.
+
+Anteater adds a prompt bar to your Next.js app. When a user describes a change, Claude edits the code, opens a PR, and redeploys automatically via GitHub Actions.
+
+## Security Warning
+
+**Anteater gives users the ability to modify your application's code via AI. Only expose it to trusted users in a sandboxed environment.**
+
+- Users with access to the prompt bar can make **arbitrary code changes**, including destructive ones.
+- The AI agent runs in GitHub Actions with access to your **repository secrets and deployment pipeline**.
+- A malicious or careless prompt could **access sensitive data, delete files, or break your app**.
+- Anteater does **not** provide authentication or authorization. You must protect the prompt bar behind your own auth layer.
+
+> Treat Anteater like giving someone commit access to your repo. Never expose it to the public internet with real credentials or production data.
+
+## Setup
+
+```
+npx next-anteater setup
+```
+
+Three steps: Anthropic key, GitHub PAT, editable paths. Everything else is automatic.
+
+## How it works
+
+```
+User types change → GitHub Action runs AI agent → PR auto-merges → Vercel redeploys
+```
+
+## Configuration
+
+After setup, edit `anteater.config.ts` to control:
+
+- `allowedGlobs` / `blockedGlobs` — which files the agent can modify
+- `autoMerge` — whether PRs merge automatically
+- `requireReviewFor` — keywords that block auto-merge (e.g., "auth", "billing")
+- `maxFilesChanged` / `maxDiffBytes` — safety limits on change size
+
+## Security Disclaimer ⚠️
+
+This software is provided "as is", without warranty of any kind. Use it at your own risk. The authors and contributors are not responsible for any damage, data loss, security breaches, or other harm resulting from the use of this software. By using Anteater, you accept full responsibility for how it is deployed, configured, and who is granted access. See [LICENSE](https://github.com/scottgriffinm/anteater/blob/master/LICENSE) for the full terms.
+
+## License
+
+[MIT](https://github.com/scottgriffinm/anteater/blob/master/LICENSE)

package/bin/setup-anteater.mjs

@@ -1,4 +1,4 @@
-#!/usr/bin/env node
+#!/usr/bin/env node
 import { main } from "../lib/setup.mjs";
 
 main().catch((err) => {

package/lib/scaffold.mjs

@@ -27,7 +27,14 @@ export function generateConfig({ repo, allowedGlobs, blockedGlobs, autoMerge, is
 
   return {
     filename: `anteater.config.${ext}`,
-    content: `${typeImport}const config${typeAnnotation} = {
+    content: `/**
+ * SECURITY: Anteater lets users modify your app's code via AI.
+ * Only expose the prompt bar to trusted users behind your own auth layer.
+ * Users can make destructive changes and potentially access sensitive data.
+ * Never use this in a production environment with real credentials.
+ * See: https://github.com/scottgriffinm/anteater#security-warning
+ */
+${typeImport}const config${typeAnnotation} = {
   repo: "${repo}",
   productionBranch: "${productionBranch}",
   modes: ["prod", "copy"],
@@ -792,12 +799,12 @@ export async function scaffoldFiles(cwd, options) {
     results.push(".github/workflows/anteater.yml");
   }
 
-  // Claude Code agent settings
+  // Claude Code agent settings (always overwrite — reflects current choices)
   if (options.model && options.permissionsMode) {
     const settingsPath = join(cwd, ".claude/settings.local.json");
-    if (await writeIfNotExists(settingsPath, generateClaudeSettings(options))) {
-      results.push(".claude/settings.local.json");
-    }
+    await mkdir(dirname(settingsPath), { recursive: true });
+    await writeFile(settingsPath, generateClaudeSettings(options), "utf-8");
+    results.push(".claude/settings.local.json");
   }
 
   // Patch layout

package/lib/setup.mjs

@@ -1,324 +1,330 @@
-/**
- * anteater setup — Interactive CLI to install and configure Anteater.
- *
- * Core logic extracted from bin/setup-anteater.mjs so it can be
- * imported by tests without hitting the shebang line.
- */
-
-import { execSync } from "node:child_process";
-import {
-  bold, dim, green, red, yellow, cyan,
-  ok, fail, warn, info, heading, blank,
-  ask, confirm, select, spinner, closeRL,
-} from "./ui.mjs";
-import { detectProject } from "./detect.mjs";
-import { scaffoldFiles } from "./scaffold.mjs";
-import {
-  validateAnthropicKey, validateGitHubToken, setGitHubSecret, setVercelEnv,
-  writeEnvLocal, hasCommand,
-} from "./secrets.mjs";
-
-const cwd = process.cwd();
-
-export async function main() {
-  console.log();
-  console.log(`  ${bold("\u{1F41C} Anteater Setup")}`);
-  console.log(`  ${"\u2500".repeat(17)}`);
-  blank();
-
-  // ─── Preflight checks ──────────────────────────────────────
-  heading("Preflight");
-
-  if (!hasCommand("gh")) {
-    fail("GitHub CLI (gh) is required. Install it: https://cli.github.com");
-    process.exit(1);
-  }
-  ok("GitHub CLI installed");
-
-  if (!hasCommand("vercel")) {
-    fail("Vercel CLI is required. Install it: npm i -g vercel");
-    process.exit(1);
-  }
-  ok("Vercel CLI installed");
-
-  // ─── Detect project ─────────────────────────────────────────
-  const project = await detectProject(cwd);
-
-  if (!project.isNextJs) {
-    fail("No Next.js project found. Run this from your Next.js project root.");
-    process.exit(1);
-  }
-  ok(`Next.js ${project.nextVersion ?? ""} ${project.isAppRouter ? "(App Router)" : "(Pages Router)"}`);
-
-  if (!project.hasGit || !project.gitRemote) {
-    fail("No GitHub remote found. Run: git remote add origin <url>");
-    process.exit(1);
-  }
-  ok(`Repo: ${project.gitRemote}`);
-  ok(`Branch: ${project.defaultBranch || "main"}`);
-  ok(`Package manager: ${project.packageManager}`);
-  blank();
-
-  // ─── Step 1: Anthropic API key ──────────────────────────────
-  heading("Step 1 of 4 \u2014 AI Provider");
-  info(`Get a key at ${cyan("https://console.anthropic.com/keys")}`);
-  blank();
-
-  let anthropicKey;
-  while (true) {
-    anthropicKey = await ask("Anthropic API key:", { mask: true });
-    if (!anthropicKey) { warn("Required."); continue; }
-    const valid = await spinner("Validating", () => validateAnthropicKey(anthropicKey));
-    if (valid) break;
-    fail("Invalid key. Check that it starts with sk-ant- and try again.");
-  }
-  blank();
-
-  // ─── Step 2: GitHub access ──────────────────────────────────
-  heading("Step 2 of 4 \u2014 GitHub Access");
-
-  let githubToken;
-  try {
-    githubToken = execSync("gh auth token", { encoding: "utf-8" }).trim();
-  } catch {
-    fail("GitHub CLI not authenticated. Run: gh auth login");
-    process.exit(1);
-  }
-
-  // OAuth tokens (gho_*) expire in ~8 hours \u2014 not suitable for Vercel env
-  if (githubToken.startsWith("gho_")) {
-    warn("Your GitHub CLI token is a short-lived OAuth token (expires in ~8 hours).");
-    info("Anteater needs a long-lived Personal Access Token (PAT) for the deployed API route.");
-    blank();
-    info(`${bold("Create a Fine-grained token:")} ${cyan("https://github.com/settings/tokens?type=beta")}`);
-    info(`  1. Click ${bold("Generate new token")}`);
-    info(`  2. Select ${bold("Only select repositories")} → pick your repo`);
-    info(`  3. Set permissions: ${bold("Contents")}, ${bold("Pull requests")}, ${bold("Actions")} → Read and write`);
-    info(`  4. Generate and copy the token`);
-    blank();
-    githubToken = await ask("Paste your GitHub PAT (ghp_... or github_pat_...):");
-    if (!githubToken) {
-      fail("A GitHub PAT is required.");
-      process.exit(1);
-    }
-  } else {
-    ok("Using token from GitHub CLI");
-  }
-
-  const check = await spinner("Checking permissions", () =>
-    validateGitHubToken(githubToken, project.gitRemote)
-  );
-
-  if (!check.ok && check.missing.length > 0 && !check.missing.includes("unknown")) {
-    if (githubToken.startsWith("ghp_") || githubToken.startsWith("github_pat_")) {
-      fail("Token is missing required scopes: " + check.missing.join(", "));
-      info(`Create a new Fine-grained PAT at ${cyan("https://github.com/settings/tokens?type=beta")}`);
-      info(`Set permissions: ${bold("Contents")}, ${bold("Pull requests")}, ${bold("Actions")} → Read and write`);
-      process.exit(1);
-    }
-    info("Upgrading token scopes...");
-    try {
-      execSync(`gh auth refresh --scopes ${check.missing.join(",")}`, { stdio: "inherit" });
-      githubToken = execSync("gh auth token", { encoding: "utf-8" }).trim();
-      ok("Token scopes updated");
-    } catch {
-      fail("Could not upgrade token. Run: gh auth refresh --scopes repo,workflow");
-      process.exit(1);
-    }
-  } else if (check.ok) {
-    ok("Token has required permissions");
-  }
-  blank();
-
-  // ─── Step 3: Configure paths ────────────────────────────────
-  heading("Step 3 of 4 \u2014 Editable Paths");
-
-  const defaultAllowed = [];
-  const defaultBlocked = ["lib/auth/**", "lib/billing/**", ".env*"];
-
-  if (project.isAppRouter) {
-    defaultAllowed.push("app/**", "components/**", "styles/**");
-    defaultBlocked.push("app/api/**");
-  } else {
-    defaultAllowed.push("pages/**", "components/**", "styles/**");
-    defaultBlocked.push("pages/api/**");
-  }
-
-  console.log(`  ${green("Allowed:")} ${defaultAllowed.join(", ")}`);
-  console.log(`  ${red("Blocked:")} ${defaultBlocked.join(", ")}`);
-  blank();
-
-  const useDefaults = await confirm("Use these defaults?");
-  let allowedGlobs = defaultAllowed;
-  let blockedGlobs = defaultBlocked;
-
-  if (!useDefaults) {
-    const customAllowed = await ask("Allowed globs (comma-separated):");
-    const customBlocked = await ask("Blocked globs (comma-separated):");
-    if (customAllowed) allowedGlobs = customAllowed.split(",").map((s) => s.trim());
-    if (customBlocked) blockedGlobs = customBlocked.split(",").map((s) => s.trim());
-  }
-  blank();
-
-  // ─── Step 4: Agent configuration ─────────────────────────────
-  heading("Step 4 of 4 \u2014 Agent Configuration");
-
-  const model = await select("Select AI model:", [
-    { label: "Sonnet (recommended)", hint: "fast, cost-effective, great for most changes", value: "sonnet" },
-    { label: "Opus", hint: "most capable, higher cost", value: "opus" },
-    { label: "Opus 1M", hint: "Opus with extended context (1M tokens)", value: "opus[1m]" },
-    { label: "Haiku", hint: "fastest, lowest cost, best for simple changes", value: "haiku" },
-  ]);
-  ok(`Model: ${model}`);
-  blank();
-
-  let permissionsMode = await select("Select agent permissions mode:", [
-    { label: "Sandboxed (recommended)", hint: "full local access, no internet or external services", value: "sandboxed" },
-    { label: "Unrestricted", hint: "full access including web, GitHub CLI, Vercel, and all MCP tools", value: "unrestricted" },
-  ]);
-
-  if (permissionsMode === "unrestricted") {
-    blank();
-    warn("Unrestricted mode grants the AI agent full access to:");
-    info("  - Internet (web fetches, searches, curl)");
-    info("  - GitHub CLI (push, PR creation, issue management)");
-    info("  - Vercel CLI (deployments, env vars)");
-    info("  - All MCP tools (browser automation, etc.)");
-    info("  - File deletion and system commands");
-    blank();
-    warn("The agent will run with bypassPermissions \u2014 no confirmation prompts.");
-    warn("Only use this if you trust the prompts your users will submit.");
-    blank();
-    const confirmed = await confirm("Confirm unrestricted mode?", false);
-    if (!confirmed) {
-      permissionsMode = "sandboxed";
-      ok("Falling back to Sandboxed mode");
-    } else {
-      ok("Unrestricted mode confirmed");
-    }
-  } else {
-    ok("Sandboxed mode \u2014 agent cannot access internet or external services");
-  }
-  blank();
-
-  // ─── Install & scaffold ─────────────────────────────────────
-  heading("Installing");
-
-  const installCmd = {
-    pnpm: "pnpm add next-anteater",
-    yarn: "yarn add next-anteater",
-    npm: "npm install next-anteater",
-  }[project.packageManager];
-
-  await spinner("Installing next-anteater", () => {
-    execSync(installCmd, { cwd, stdio: "ignore" });
-  });
-
-  const productionBranch = project.defaultBranch || "main";
-  const scaffolded = await spinner("Creating files", () =>
-    scaffoldFiles(cwd, {
-      repo: project.gitRemote,
-      allowedGlobs,
-      blockedGlobs,
-      autoMerge: true,
-      productionBranch,
-      isTypeScript: project.isTypeScript,
-      isAppRouter: project.isAppRouter,
-      layoutFile: project.layoutFile,
-      model,
-      permissionsMode,
-      packageManager: project.packageManager,
-    })
-  );
-
-  for (const f of scaffolded) ok(`Created ${f}`);
-
-  // ─── Set secrets ────────────────────────────────────────────
-  heading("Configuring secrets");
-
-  // GitHub Actions secret
-  try {
-    await spinner("Setting ANTHROPIC_API_KEY in GitHub secrets", () => {
-      setGitHubSecret(project.gitRemote, "ANTHROPIC_API_KEY", anthropicKey);
-    });
-  } catch (err) {
-    warn(`Could not set secret: ${err.message}`);
-    info("Set manually: gh secret set ANTHROPIC_API_KEY --repo " + project.gitRemote);
-  }
-
-  // .env.local for local dev (only GITHUB_TOKEN needed)
-  await spinner("Writing .env.local", () =>
-    writeEnvLocal(cwd, { GITHUB_TOKEN: githubToken })
-  );
-
-  // Vercel: only GITHUB_TOKEN needed (repo auto-detected, deploy detection automatic)
-  await spinner("Setting GITHUB_TOKEN in Vercel", () => {
-    setVercelEnv("GITHUB_TOKEN", githubToken);
-  });
-
-  // ─── Push workflow ──────────────────────────────────────────
-  if (scaffolded.some((f) => f.includes("anteater.yml"))) {
-    await spinner("Pushing workflow to GitHub", () => {
-      execSync(`git add .github/workflows/anteater.yml`, { cwd, stdio: "ignore" });
-      execSync(`git commit -m "chore: add Anteater workflow"`, { cwd, stdio: "ignore" });
-      execSync(`git push origin ${productionBranch}`, { cwd, stdio: "ignore" });
-    });
-
-    // Verify
-    const activated = await spinner("Verifying workflow", async () => {
-      await new Promise((r) => setTimeout(r, 2000));
-      try {
-        const res = await fetch(
-          `https://api.github.com/repos/${project.gitRemote}/actions/workflows`,
-          { headers: { Authorization: `Bearer ${githubToken}`, Accept: "application/vnd.github+json" } }
-        );
-        const data = await res.json();
-        return data.workflows?.some((w) => w.path === ".github/workflows/anteater.yml" && w.state === "active");
-      } catch { return false; }
-    });
-
-    if (activated) ok("Workflow active");
-    else warn(`Check: ${cyan(`https://github.com/${project.gitRemote}/actions`)}`);
-  }
-
-  // ─── Test ───────────────────────────────────────────────────
-  const dispatchOk = await spinner("Running test dispatch", async () => {
-    try {
-      const res = await fetch(
-        `https://api.github.com/repos/${project.gitRemote}/actions/workflows/anteater.yml/dispatches`,
-        {
-          method: "POST",
-          headers: {
-            Authorization: `Bearer ${githubToken}`,
-            Accept: "application/vnd.github+json",
-            "X-GitHub-Api-Version": "2022-11-28",
-          },
-          body: JSON.stringify({
-            ref: productionBranch,
-            inputs: {
-              requestId: "setup-test",
-              prompt: "setup verification \u2014 no changes expected",
-              mode: "prod",
-              branch: "anteater/setup-test",
-              baseBranch: productionBranch,
-              autoMerge: "false",
-            },
-          }),
-        }
-      );
-      return res.status === 204;
-    } catch { return false; }
-  });
-
-  if (dispatchOk) ok("Pipeline is working");
-  else warn("Test dispatch failed \u2014 check GitHub Actions");
-
-  // ─── Done! ──────────────────────────────────────────────────
-  closeRL();
-  blank();
-  console.log(`  ${bold(green("\u{1F41C} Anteater is ready."))}`);
-  blank();
-  info(`Deploy your app and look for the "${green("Edit this page")}" button.`);
-  info("Users can modify your app by typing changes in the Anteater bar.");
-  blank();
-}
+/**
+ * anteater setup — Interactive CLI to install and configure Anteater.
+ *
+ * Core logic extracted from bin/setup-anteater.mjs so it can be
+ * imported by tests without hitting the shebang line.
+ */
+
+import { execSync } from "node:child_process";
+import {
+  bold, dim, green, red, yellow, cyan,
+  ok, fail, warn, info, heading, blank,
+  ask, confirm, select, spinner, closeRL,
+} from "./ui.mjs";
+import { detectProject } from "./detect.mjs";
+import { scaffoldFiles } from "./scaffold.mjs";
+import {
+  validateAnthropicKey, validateGitHubToken, setGitHubSecret, setVercelEnv,
+  writeEnvLocal, hasCommand,
+} from "./secrets.mjs";
+
+const cwd = process.cwd();
+
+export async function main() {
+  console.log();
+  console.log(`  ${bold("\u{1F41C} Anteater Setup")}`);
+  console.log(`  ${"\u2500".repeat(17)}`);
+  blank();
+
+  // ─── Agent piping guide ────────────────────────────────────
+  if (!process.stdin.isTTY) {
+    console.log(`  ${bold("Piped input detected — Agent Guide")}`);
+    console.log(`  ${"─".repeat(40)}`);
+    console.log(`  Prompts (one per line, in order):`);
+    console.log(`    1. Anthropic API key`);
+    console.log(`    2. GitHub PAT (ghp_... or github_pat_...)`);
+    console.log(`    3. Use default paths? (Y/n)`);
+    console.log(`    4. Model (1=Sonnet 2=Opus 3=Opus1M 4=Haiku)`);
+    console.log(`    5. Permissions (1=Sandboxed 2=Unrestricted)`);
+    console.log(`    6. Confirm unrestricted? (y/N) — only if 5=2`);
+    console.log();
+    console.log(`  If paths=n, 2 extra prompts after #3:`);
+    console.log(`    3a. Allowed globs (comma-separated)`);
+    console.log(`    3b. Blocked globs (comma-separated)`);
+    console.log(`  ${"─".repeat(40)}`);
+    blank();
+  }
+
+  // ─── Security notice ───────────────────────────────────────
+  warn("SECURITY: Anteater lets users modify your app's code via AI.");
+  info("Only expose it to trusted users in a sandboxed environment.");
+  info("Users can make destructive changes and potentially access sensitive data.");
+  info(`Learn more: ${cyan("https://github.com/scottgriffinm/anteater#security-warning")}`);
+  blank();
+
+  // ─── Preflight checks ──────────────────────────────────────
+  heading("Preflight");
+
+  if (!hasCommand("gh")) {
+    fail("GitHub CLI (gh) is required. Install it: https://cli.github.com");
+    process.exit(1);
+  }
+  ok("GitHub CLI installed");
+
+  if (!hasCommand("vercel")) {
+    fail("Vercel CLI is required. Install it: npm i -g vercel");
+    process.exit(1);
+  }
+  ok("Vercel CLI installed");
+
+  // ─── Detect project ─────────────────────────────────────────
+  const project = await detectProject(cwd);
+
+  if (!project.isNextJs) {
+    fail("No Next.js project found. Run this from your Next.js project root.");
+    process.exit(1);
+  }
+  ok(`Next.js ${project.nextVersion ?? ""} ${project.isAppRouter ? "(App Router)" : "(Pages Router)"}`);
+
+  if (!project.hasGit || !project.gitRemote) {
+    fail("No GitHub remote found. Run: git remote add origin <url>");
+    process.exit(1);
+  }
+  ok(`Repo: ${project.gitRemote}`);
+  ok(`Branch: ${project.defaultBranch || "main"}`);
+  ok(`Package manager: ${project.packageManager}`);
+  blank();
+
+  // ─── Step 1: Anthropic API key ──────────────────────────────
+  heading("Step 1 of 4 \u2014 AI Provider");
+  info(`Get a key at ${cyan("https://console.anthropic.com/keys")}`);
+  blank();
+
+  let anthropicKey;
+  while (true) {
+    anthropicKey = await ask("Anthropic API key:", { mask: true });
+    if (!anthropicKey) { warn("Required."); continue; }
+    const valid = await spinner("Validating", () => validateAnthropicKey(anthropicKey));
+    if (valid) break;
+    fail("Invalid key. Check that it starts with sk-ant- and try again.");
+  }
+  blank();
+
+  // ─── Step 2: GitHub PAT ─────────────────────────────────────
+  heading("Step 2 of 4 \u2014 GitHub Access");
+
+  info("Anteater needs a long-lived Personal Access Token (PAT) for the deployed API route.");
+  blank();
+  info(`${bold("Create a Fine-grained token:")} ${cyan("https://github.com/settings/tokens?type=beta")}`);
+  info(`  1. Click ${bold("Generate new token")}`);
+  info(`  2. Select ${bold("Only select repositories")} \u2192 pick your repo`);
+  info(`  3. Set permissions: ${bold("Contents")}, ${bold("Pull requests")}, ${bold("Actions")} \u2192 Read and write`);
+  info(`  4. Generate and copy the token`);
+  blank();
+  const githubToken = await ask("Paste your GitHub PAT (ghp_... or github_pat_...):");
+  if (!githubToken) {
+    fail("A GitHub PAT is required.");
+    process.exit(1);
+  }
+
+  const check = await spinner("Checking permissions", () =>
+    validateGitHubToken(githubToken, project.gitRemote)
+  );
+
+  if (!check.ok && check.missing.length > 0 && !check.missing.includes("unknown")) {
+    fail("Token is missing required scopes: " + check.missing.join(", "));
+    info(`Create a new Fine-grained PAT at ${cyan("https://github.com/settings/tokens?type=beta")}`);
+    info(`Set permissions: ${bold("Contents")}, ${bold("Pull requests")}, ${bold("Actions")} \u2192 Read and write`);
+    process.exit(1);
+  } else if (check.ok) {
+    ok("Token has required permissions");
+  }
+  blank();
+
+  // ─── Step 3: Configure paths ────────────────────────────────
+  heading("Step 3 of 4 \u2014 Editable Paths");
+
+  const defaultAllowed = [];
+  const defaultBlocked = ["lib/auth/**", "lib/billing/**", ".env*"];
+
+  if (project.isAppRouter) {
+    defaultAllowed.push("app/**", "components/**", "styles/**");
+    defaultBlocked.push("app/api/**");
+  } else {
+    defaultAllowed.push("pages/**", "components/**", "styles/**");
+    defaultBlocked.push("pages/api/**");
+  }
+
+  console.log(`  ${green("Allowed:")} ${defaultAllowed.join(", ")}`);
+  console.log(`  ${red("Blocked:")} ${defaultBlocked.join(", ")}`);
+  blank();
+
+  const useDefaults = await confirm("Use these defaults?");
+  let allowedGlobs = defaultAllowed;
+  let blockedGlobs = defaultBlocked;
+
+  if (!useDefaults) {
+    const customAllowed = await ask("Allowed globs (comma-separated):");
+    const customBlocked = await ask("Blocked globs (comma-separated):");
+    if (customAllowed) allowedGlobs = customAllowed.split(",").map((s) => s.trim());
+    if (customBlocked) blockedGlobs = customBlocked.split(",").map((s) => s.trim());
+  }
+  blank();
+
+  // ─── Step 4: Agent configuration ─────────────────────────────
+  heading("Step 4 of 4 \u2014 Agent Configuration");
+
+  const model = await select("Select AI model:", [
+    { label: "Sonnet (recommended)", hint: "fast, cost-effective, great for most changes", value: "sonnet" },
+    { label: "Opus", hint: "most capable, higher cost", value: "opus" },
+    { label: "Opus 1M", hint: "Opus with extended context (1M tokens)", value: "opus[1m]" },
+    { label: "Haiku", hint: "fastest, lowest cost, best for simple changes", value: "haiku" },
+  ]);
+  ok(`Model: ${model}`);
+  blank();
+
+  let permissionsMode = await select("Select agent permissions mode:", [
+    { label: "Sandboxed (recommended)", hint: "full local access, no internet or external services", value: "sandboxed" },
+    { label: "Unrestricted", hint: "full access including web, GitHub CLI, Vercel, and all MCP tools", value: "unrestricted" },
+  ]);
+
+  if (permissionsMode === "unrestricted") {
+    blank();
+    warn("Unrestricted mode grants the AI agent full access to:");
+    info("  - Internet (web fetches, searches, curl)");
+    info("  - GitHub CLI (push, PR creation, issue management)");
+    info("  - Vercel CLI (deployments, env vars)");
+    info("  - All MCP tools (browser automation, etc.)");
+    info("  - File deletion and system commands");
+    blank();
+    warn("The agent will run with bypassPermissions \u2014 no confirmation prompts.");
+    warn("Only use this if you trust the prompts your users will submit.");
+    blank();
+    const confirmed = await confirm("Confirm unrestricted mode?", false);
+    if (!confirmed) {
+      permissionsMode = "sandboxed";
+      ok("Falling back to Sandboxed mode");
+    } else {
+      ok("Unrestricted mode confirmed");
+    }
+  } else {
+    ok("Sandboxed mode \u2014 agent cannot access internet or external services");
+  }
+  blank();
+
+  // ─── Install & scaffold ─────────────────────────────────────
+  heading("Installing");
+
+  const installCmd = {
+    pnpm: "pnpm add next-anteater",
+    yarn: "yarn add next-anteater",
+    npm: "npm install next-anteater",
+  }[project.packageManager];
+
+  await spinner("Installing next-anteater", () => {
+    execSync(installCmd, { cwd, stdio: "ignore" });
+  });
+
+  const productionBranch = project.defaultBranch || "main";
+  const scaffolded = await spinner("Creating files", () =>
+    scaffoldFiles(cwd, {
+      repo: project.gitRemote,
+      allowedGlobs,
+      blockedGlobs,
+      autoMerge: true,
+      productionBranch,
+      isTypeScript: project.isTypeScript,
+      isAppRouter: project.isAppRouter,
+      layoutFile: project.layoutFile,
+      model,
+      permissionsMode,
+      packageManager: project.packageManager,
+    })
+  );
+
+  for (const f of scaffolded) ok(`Created ${f}`);
+
+  // ─── Set secrets ────────────────────────────────────────────
+  heading("Configuring secrets");
+
+  // GitHub Actions secret
+  try {
+    await spinner("Setting ANTHROPIC_API_KEY in GitHub secrets", () => {
+      setGitHubSecret(project.gitRemote, "ANTHROPIC_API_KEY", anthropicKey);
+    });
+  } catch (err) {
+    warn(`Could not set secret: ${err.message}`);
+    info("Set manually: gh secret set ANTHROPIC_API_KEY --repo " + project.gitRemote);
+  }
+
+  // .env.local for local dev (only GITHUB_TOKEN needed)
+  await spinner("Writing .env.local", () =>
+    writeEnvLocal(cwd, { GITHUB_TOKEN: githubToken })
+  );
+
+  // Vercel: only GITHUB_TOKEN needed (repo auto-detected, deploy detection automatic)
+  await spinner("Setting GITHUB_TOKEN in Vercel", () => {
+    setVercelEnv("GITHUB_TOKEN", githubToken);
+  });
+
+  // ─── Push workflow ──────────────────────────────────────────
+  if (scaffolded.some((f) => f.includes("anteater.yml"))) {
+    await spinner("Pushing workflow to GitHub", () => {
+      execSync(`git add .github/workflows/anteater.yml`, { cwd, stdio: "ignore" });
+      execSync(`git commit -m "chore: add Anteater workflow"`, { cwd, stdio: "ignore" });
+      execSync(`git push origin ${productionBranch}`, { cwd, stdio: "ignore" });
+    });
+
+    // Verify
+    const activated = await spinner("Verifying workflow", async () => {
+      await new Promise((r) => setTimeout(r, 2000));
+      try {
+        const res = await fetch(
+          `https://api.github.com/repos/${project.gitRemote}/actions/workflows`,
+          { headers: { Authorization: `Bearer ${githubToken}`, Accept: "application/vnd.github+json" } }
+        );
+        const data = await res.json();
+        return data.workflows?.some((w) => w.path === ".github/workflows/anteater.yml" && w.state === "active");
+      } catch { return false; }
+    });
+
+    if (activated) ok("Workflow active");
+    else warn(`Check: ${cyan(`https://github.com/${project.gitRemote}/actions`)}`);
+  }
+
+  // ─── Test ───────────────────────────────────────────────────
+  const dispatchOk = await spinner("Running test dispatch", async () => {
+    try {
+      const res = await fetch(
+        `https://api.github.com/repos/${project.gitRemote}/actions/workflows/anteater.yml/dispatches`,
+        {
+          method: "POST",
+          headers: {
+            Authorization: `Bearer ${githubToken}`,
+            Accept: "application/vnd.github+json",
+            "X-GitHub-Api-Version": "2022-11-28",
+          },
+          body: JSON.stringify({
+            ref: productionBranch,
+            inputs: {
+              requestId: "setup-test",
+              prompt: "setup verification \u2014 no changes expected",
+              mode: "prod",
+              branch: "anteater/setup-test",
+              baseBranch: productionBranch,
+              autoMerge: "false",
+            },
+          }),
+        }
+      );
+      return res.status === 204;
+    } catch { return false; }
+  });
+
+  if (dispatchOk) ok("Pipeline is working");
+  else warn("Test dispatch failed \u2014 check GitHub Actions");
+
+  // ─── Done! ──────────────────────────────────────────────────
+  closeRL();
+  blank();
+  console.log(`  ${bold(green("\u{1F41C} Anteater is ready."))}`);
+  blank();
+  info(`Deploy your app and look for the "${green("Edit this page")}" button.`);
+  info("Users can modify your app by typing changes in the Anteater bar.");
+  blank();
+  warn("Reminder: only expose Anteater to trusted users.");
+  info("Users with access to the prompt bar can make arbitrary code changes.");
+  info("Use a sandboxed environment without real credentials or production data.");
+  info(`Protect the prompt bar behind your own auth layer \u2014 Anteater does ${bold("not")} provide auth.`);
+  blank();
+}

package/lib/uninstall.mjs

@@ -3,7 +3,8 @@
  */
 import { readFile, writeFile, rm, access } from "node:fs/promises";
 import { join } from "node:path";
-import { bold, green, red, dim, ok, fail, heading, blank } from "./ui.mjs";
+import { execSync } from "node:child_process";
+import { bold, green, red, dim, ok, fail, info, heading, blank } from "./ui.mjs";
 
 const cwd = process.cwd();
 
@@ -25,6 +26,9 @@ async function removeFile(path, label) {
   return false;
 }
 
+/**
+ * Remove AnteaterBar import and component usage from the layout file.
+ */
 async function unpatchLayout() {
   for (const layoutFile of ["app/layout.tsx", "app/layout.js"]) {
     const fullPath = join(cwd, layoutFile);
@@ -33,11 +37,17 @@ async function unpatchLayout() {
     let content = await readFile(fullPath, "utf-8");
     if (!content.includes("AnteaterBar")) return false;
 
-    // Remove import lines
+    // Remove import lines that contain AnteaterBar
     content = content.replace(/^.*AnteaterBar.*\n/gm, "");
-    // Remove component usage
-    content = content.replace(/^\s*<AnteaterBar[^]*?\/>\s*\n?/gm, "");
+
+    // Remove <AnteaterBar /> or <AnteaterBar ... /> on its own line
+    content = content.replace(/^\s*<AnteaterBar\b[^>]*\/>\s*\n?/gm, "");
+    // Remove inline <AnteaterBar /> (e.g., "{children}  <AnteaterBar />")
+    content = content.replace(/\s*<AnteaterBar\b[^>]*\/>/g, "");
+
+    // Remove <AnteaterBarWrapper /> on its own line or inline
     content = content.replace(/^\s*<AnteaterBarWrapper\s*\/>\s*\n?/gm, "");
+    content = content.replace(/\s*<AnteaterBarWrapper\s*\/>/g, "");
 
     await writeFile(fullPath, content, "utf-8");
     ok(`Unpatched ${layoutFile}`);
@@ -46,6 +56,9 @@ async function unpatchLayout() {
   return false;
 }
 
+/**
+ * Remove next-anteater from package.json dependencies.
+ */
 async function removeDependency() {
   const pkgPath = join(cwd, "package.json");
   if (!(await fileExists(pkgPath))) return false;
@@ -69,44 +82,141 @@ async function removeDependency() {
   return changed;
 }
 
+/**
+ * Remove GITHUB_TOKEN line from .env.local if present.
+ */
+async function cleanEnvLocal() {
+  const envPath = join(cwd, ".env.local");
+  if (!(await fileExists(envPath))) return false;
+
+  const content = await readFile(envPath, "utf-8");
+  if (!content.includes("GITHUB_TOKEN=")) return false;
+
+  const cleaned = content
+    .split("\n")
+    .filter((line) => !line.startsWith("GITHUB_TOKEN="))
+    .join("\n");
+
+  await writeFile(envPath, cleaned, "utf-8");
+  ok("Removed GITHUB_TOKEN from .env.local");
+  return true;
+}
+
+/**
+ * Detect the git remote (owner/repo) for secret cleanup.
+ */
+function detectRepo() {
+  try {
+    const url = execSync("git remote get-url origin", { encoding: "utf-8" }).trim();
+    const match = url.match(/github\.com[/:](.+?)(?:\.git)?$/);
+    return match ? match[1] : null;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Remove ANTHROPIC_API_KEY from GitHub Actions secrets.
+ */
+async function removeGitHubSecret(repo) {
+  try {
+    execSync(`gh secret delete ANTHROPIC_API_KEY --repo ${repo}`, {
+      stdio: ["pipe", "ignore", "pipe"],
+    });
+    ok("Removed ANTHROPIC_API_KEY from GitHub secrets");
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Remove GITHUB_TOKEN from Vercel environment variables.
+ */
+async function removeVercelEnv() {
+  try {
+    execSync("vercel --version", { stdio: "ignore" });
+  } catch {
+    return false; // Vercel CLI not installed
+  }
+
+  let removed = false;
+  for (const env of ["production", "preview", "development"]) {
+    try {
+      execSync(`vercel env rm GITHUB_TOKEN ${env} --yes`, {
+        stdio: ["pipe", "ignore", "pipe"],
+      });
+      removed = true;
+    } catch {
+      // May not exist in this environment
+    }
+  }
+  if (removed) ok("Removed GITHUB_TOKEN from Vercel environment variables");
+  return removed;
+}
+
 export async function main() {
   console.log();
   console.log(`  ${bold("\u{1F41C} Anteater Uninstall")}`);
   console.log(`  ${"\u2500".repeat(20)}`);
   blank();
 
-  heading("Removing scaffolded files");
+  let totalRemoved = 0;
 
-  let removed = 0;
+  // ── Scaffolded files ──────────────────────────────────
+  heading("Removing scaffolded files");
 
   // Config file
-  if (await removeFile(join(cwd, "anteater.config.ts"), "anteater.config.ts")) removed++;
-  if (await removeFile(join(cwd, "anteater.config.js"), "anteater.config.js")) removed++;
+  if (await removeFile(join(cwd, "anteater.config.ts"), "anteater.config.ts")) totalRemoved++;
+  if (await removeFile(join(cwd, "anteater.config.js"), "anteater.config.js")) totalRemoved++;
 
   // API routes
-  if (await removeFile(join(cwd, "app/api/anteater"), "app/api/anteater/")) removed++;
-  if (await removeFile(join(cwd, "pages/api/anteater"), "pages/api/anteater/")) removed++;
+  if (await removeFile(join(cwd, "app/api/anteater"), "app/api/anteater/")) totalRemoved++;
+  if (await removeFile(join(cwd, "pages/api/anteater"), "pages/api/anteater/")) totalRemoved++;
 
   // Wrapper component
-  if (await removeFile(join(cwd, "components/anteater-bar-wrapper.tsx"), "components/anteater-bar-wrapper.tsx")) removed++;
-  if (await removeFile(join(cwd, "components/anteater-bar-wrapper.js"), "components/anteater-bar-wrapper.js")) removed++;
+  if (await removeFile(join(cwd, "components/anteater-bar-wrapper.tsx"), "components/anteater-bar-wrapper.tsx")) totalRemoved++;
+  if (await removeFile(join(cwd, "components/anteater-bar-wrapper.js"), "components/anteater-bar-wrapper.js")) totalRemoved++;
 
   // GitHub workflow
-  if (await removeFile(join(cwd, ".github/workflows/anteater.yml"), ".github/workflows/anteater.yml")) removed++;
+  if (await removeFile(join(cwd, ".github/workflows/anteater.yml"), ".github/workflows/anteater.yml")) totalRemoved++;
+
+  // Claude Code agent settings
+  if (await removeFile(join(cwd, ".claude/settings.local.json"), ".claude/settings.local.json")) totalRemoved++;
 
-  // Unpatch layout
+  // ── Layout cleanup ────────────────────────────────────
   heading("Cleaning up layout");
-  await unpatchLayout();
+  if (await unpatchLayout()) totalRemoved++;
 
-  // Remove dependency
+  // ── Package dependency ────────────────────────────────
   heading("Removing dependency");
-  await removeDependency();
+  if (await removeDependency()) totalRemoved++;
+
+  // ── Environment & secrets ─────────────────────────────
+  heading("Cleaning up secrets & environment");
+
+  // .env.local
+  if (await cleanEnvLocal()) totalRemoved++;
+
+  // GitHub secret
+  const repo = detectRepo();
+  if (repo) {
+    if (await removeGitHubSecret(repo)) totalRemoved++;
+  } else {
+    info("Could not detect repo — skip GitHub secret cleanup");
+    info("Run manually: gh secret delete ANTHROPIC_API_KEY --repo <owner>/<repo>");
+  }
+
+  // Vercel env var
+  if (await removeVercelEnv()) totalRemoved++;
 
+  // ── Summary ───────────────────────────────────────────
   blank();
-  if (removed > 0) {
-    console.log(`  ${green("\u2713")} Anteater uninstalled. Run ${dim("npx next-anteater setup")} to reinstall.`);
+  if (totalRemoved > 0) {
+    console.log(`  ${green("\u2713")} Anteater fully uninstalled (${totalRemoved} items removed).`);
+    console.log(`  ${dim("Run npx next-anteater setup to reinstall.")}`);
   } else {
-    console.log(`  ${dim("No Anteater files found — nothing to remove.")}`);
+    console.log(`  ${dim("No Anteater files found \u2014 nothing to remove.")}`);
   }
   console.log();
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "next-anteater",
-  "version": "0.2.4",
+  "version": "0.2.6",
   "description": "AI-powered live editing for your Next.js app",
   "bin": {
     "anteater": "bin/setup-anteater.mjs",