nexusapp-cli 1.2.4 → 2.1.0

package/dist/commands/token.js

@@ -0,0 +1,179 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.registerToken = registerToken;
+const inquirer_1 = __importDefault(require("inquirer"));
+const chalk_1 = __importDefault(require("chalk"));
+const client_js_1 = require("../client.js");
+const output_js_1 = require("../output.js");
+function parseDuration(str) {
+    const match = str.match(/^(\d+)(d|h|m)$/);
+    if (!match) {
+        throw new Error(`Invalid duration "${str}". Use format like: 90d, 4h, 30m`);
+    }
+    const value = parseInt(match[1], 10);
+    const unit = match[2];
+    const msMap = { d: 86400000, h: 3600000, m: 60000 };
+    return new Date(Date.now() + value * msMap[unit]);
+}
+function formatScopes(scopes) {
+    return scopes
+        .split(',')
+        .map((s) => s.trim())
+        .join(', ');
+}
+function tokenStatus(t) {
+    if (t.revokedAt)
+        return chalk_1.default.red('revoked');
+    if (t.expiresAt && new Date(t.expiresAt) < new Date())
+        return chalk_1.default.yellow('expired');
+    return chalk_1.default.green('active');
+}
+function registerToken(program) {
+    const token = program.command('token').description('Access token management commands');
+    // list
+    token
+        .command('list')
+        .description('List access tokens')
+        .option('--json', 'Output raw JSON')
+        .option('--show-last-used', 'Show last used column')
+        .option('--no-expiry', 'Show only tokens with no expiry date')
+        .option('--unused-since <days>', 'Show tokens unused for N or more days')
+        .action(async (opts) => {
+        try {
+            const res = await client_js_1.client.get('/api/tokens');
+            let tokens = (0, client_js_1.unwrap)(res.data);
+            if (!Array.isArray(tokens))
+                tokens = [];
+            if (opts.noExpiry) {
+                tokens = tokens.filter((t) => !t.expiresAt);
+            }
+            if (opts.unusedSince) {
+                const days = parseInt(opts.unusedSince, 10);
+                if (isNaN(days) || days < 0) {
+                    (0, output_js_1.errorMsg)('--unused-since requires a positive integer (number of days)');
+                    process.exit(1);
+                }
+                const cutoff = new Date(Date.now() - days * 86400000);
+                tokens = tokens.filter((t) => {
+                    if (!t.lastUsedAt)
+                        return true;
+                    return new Date(t.lastUsedAt) < cutoff;
+                });
+            }
+            if (opts.json) {
+                (0, output_js_1.printJson)(tokens);
+                return;
+            }
+            if (!tokens.length) {
+                console.log('No tokens found.');
+                return;
+            }
+            const headers = ['ID', 'NAME', 'SCOPES', 'STATUS', 'EXPIRES', 'CREATED'];
+            if (opts.showLastUsed)
+                headers.push('LAST USED');
+            (0, output_js_1.printTable)(headers, tokens.map((t) => {
+                const row = [
+                    t.id,
+                    t.name,
+                    formatScopes(t.scopes || ''),
+                    tokenStatus(t),
+                    t.expiresAt ? (0, output_js_1.timeAgo)(t.expiresAt) : '—',
+                    t.createdAt ? (0, output_js_1.timeAgo)(t.createdAt) : '—',
+                ];
+                if (opts.showLastUsed) {
+                    row.push(t.lastUsedAt ? (0, output_js_1.timeAgo)(t.lastUsedAt) : 'never');
+                }
+                return row;
+            }));
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    // create
+    token
+        .command('create')
+        .description('Create a new access token')
+        .requiredOption('--name <name>', 'Token name')
+        .requiredOption('--scopes <scopes>', 'Comma-separated scopes (e.g. deploy:write,secrets:read)')
+        .option('--expires <duration>', 'Expiry duration (e.g. 90d, 4h, 30m)')
+        .option('--json', 'Output raw JSON')
+        .action(async (opts) => {
+        let expiresAt;
+        if (opts.expires) {
+            try {
+                expiresAt = parseDuration(opts.expires).toISOString();
+            }
+            catch (e) {
+                (0, output_js_1.errorMsg)(e.message);
+                process.exit(1);
+            }
+        }
+        try {
+            const res = await client_js_1.client.post('/api/tokens', {
+                name: opts.name,
+                scopes: opts.scopes,
+                ...(expiresAt ? { expiresAt } : {}),
+            });
+            const data = (0, client_js_1.unwrap)(res.data);
+            if (opts.json) {
+                (0, output_js_1.printJson)(data);
+                return;
+            }
+            console.log('');
+            console.log(chalk_1.default.bold('Token created'));
+            console.log('');
+            console.log(`  ${chalk_1.default.dim('ID:')}      ${data.id}`);
+            console.log(`  ${chalk_1.default.dim('Name:')}    ${data.name}`);
+            console.log(`  ${chalk_1.default.dim('Scopes:')}  ${formatScopes(data.scopes)}`);
+            if (data.expiresAt) {
+                console.log(`  ${chalk_1.default.dim('Expires:')} ${new Date(data.expiresAt).toLocaleDateString()}`);
+            }
+            console.log('');
+            console.log(`  ${chalk_1.default.dim('Token value (shown once — copy it now):')}`);
+            console.log('');
+            console.log(`  ${chalk_1.default.cyan(data.token)}`);
+            console.log('');
+            console.log(chalk_1.default.yellow('  This value will not be shown again.'));
+            console.log('');
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+    // revoke
+    token
+        .command('revoke <id>')
+        .description('Revoke an access token')
+        .option('--yes', 'Skip confirmation prompt')
+        .action(async (id, opts) => {
+        if (!opts.yes) {
+            const { confirm } = await inquirer_1.default.prompt([
+                {
+                    type: 'confirm',
+                    name: 'confirm',
+                    message: `Revoke token "${id}"? This cannot be undone.`,
+                    default: false,
+                },
+            ]);
+            if (!confirm) {
+                console.log('Cancelled.');
+                return;
+            }
+        }
+        try {
+            await client_js_1.client.post(`/api/tokens/${id}/revoke`, {});
+            (0, output_js_1.success)(`Token ${id} revoked.`);
+        }
+        catch (err) {
+            (0, output_js_1.errorMsg)((0, client_js_1.apiError)(err));
+            process.exit(1);
+        }
+    });
+}
+//# sourceMappingURL=token.js.map

package/dist/commands/token.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"token.js","sourceRoot":"","sources":["../../src/commands/token.ts"],"names":[],"mappings":";;;;;AA8BA,sCA8IC;AA3KD,wDAAgC;AAChC,kDAA0B;AAC1B,4CAAwD;AACxD,4CAAiF;AAEjF,SAAS,aAAa,CAAC,GAAW;IAChC,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;IAC1C,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,qBAAqB,GAAG,kCAAkC,CAAC,CAAC;IAC9E,CAAC;IACD,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACtB,MAAM,KAAK,GAA2B,EAAE,CAAC,EAAE,QAAQ,EAAE,CAAC,EAAE,OAAO,EAAE,CAAC,EAAE,KAAK,EAAE,CAAC;IAC5E,OAAO,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,GAAG,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC;AACpD,CAAC;AAED,SAAS,YAAY,CAAC,MAAc;IAClC,OAAO,MAAM;SACV,KAAK,CAAC,GAAG,CAAC;SACV,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;SACpB,IAAI,CAAC,IAAI,CAAC,CAAC;AAChB,CAAC;AAED,SAAS,WAAW,CAAC,CAAM;IACzB,IAAI,CAAC,CAAC,SAAS;QAAE,OAAO,eAAK,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;IAC7C,IAAI,CAAC,CAAC,SAAS,IAAI,IAAI,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC,GAAG,IAAI,IAAI,EAAE;QAAE,OAAO,eAAK,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACtF,OAAO,eAAK,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,aAAa,CAAC,OAAgB;IAC5C,MAAM,KAAK,GAAG,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,WAAW,CAAC,kCAAkC,CAAC,CAAC;IAEvF,OAAO;IACP,KAAK;SACF,OAAO,CAAC,MAAM,CAAC;SACf,WAAW,CAAC,oBAAoB,CAAC;SACjC,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC;SACnC,MAAM,CAAC,kBAAkB,EAAE,uBAAuB,CAAC;SACnD,MAAM,CAAC,aAAa,EAAE,sCAAsC,CAAC;SAC7D,MAAM,CAAC,uBAAuB,EAAE,uCAAuC,CAAC;SACxE,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,kBAAM,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC;YAC5C,IAAI,MAAM,GAAU,IAAA,kBAAM,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YACrC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC;gBAAE,MAAM,GAAG,EAAE,CAAC;YAExC,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;gBAClB,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC;YACnD,CAAC;YAED,IAAI,IAAI,CAAC,WAAW,EAAE,CAAC;gBACrB,MAAM,IAAI,GAAG,QAAQ,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;gBAC5C,IAAI,KAAK,CAAC,IAAI,CAAC,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;oBAC5B,IAAA,oBAAQ,EAAC,6DAA6D,CAAC,CAAC;oBACxE,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;gBAClB,CAAC;gBACD,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,GAAG,QAAQ,CAAC,CAAC;gBACtD,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,CAAM,EAAE,EAAE;oBAChC,IAAI,CAAC,CAAC,CAAC,UAAU;wBAAE,OAAO,IAAI,CAAC;oBAC/B,OAAO,IAAI,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,GAAG,MAAM,CAAC;gBACzC,CAAC,CAAC,CAAC;YACL,CAAC;YAED,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAAC,IAAA,qBAAS,EAAC,MAAM,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAC7C,IAAI,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAEhE,MAAM,OAAO,GAAG,CAAC,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YACzE,IAAI,IAAI,CAAC,YAAY;gBAAE,OAAO,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC;YAEjD,IAAA,sBAAU,EACR,OAAO,EACP,MAAM,CAAC,GAAG,CAAC,CAAC,CAAM,EAAE,EAAE;gBACpB,MAAM,GAAG,GAAsB;oBAC7B,CAAC,CAAC,EAAE;oBACJ,CAAC,CAAC,IAAI;oBACN,YAAY,CAAC,CAAC,CAAC,MAAM,IAAI,EAAE,CAAC;oBAC5B,WAAW,CAAC,CAAC,CAAC;oBACd,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,mBAAO,EAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG;oBACxC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,IAAA,mBAAO,EAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,GAAG;iBACzC,CAAC;gBACF,IAAI,IAAI,CAAC,YAAY,EAAE,CAAC;oBACtB,GAAG,CAAC,IAAI,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAA,mBAAO,EAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBAC3D,CAAC;gBACD,OAAO,GAAG,CAAC;YACb,CAAC,CAAC,CACH,CAAC;QACJ,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAA,oBAAQ,EAAC,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,SAAS;IACT,KAAK;SACF,OAAO,CAAC,QAAQ,CAAC;SACjB,WAAW,CAAC,2BAA2B,CAAC;SACxC,cAAc,CAAC,eAAe,EAAE,YAAY,CAAC;SAC7C,cAAc,CAAC,mBAAmB,EAAE,yDAAyD,CAAC;SAC9F,MAAM,CAAC,sBAAsB,EAAE,qCAAqC,CAAC;SACrE,MAAM,CAAC,QAAQ,EAAE,iBAAiB,CAAC;SACnC,MAAM,CAAC,KAAK,EAAE,IAAI,EAAE,EAAE;QACrB,IAAI,SAA6B,CAAC;QAElC,IAAI,IAAI,CAAC,OAAO,EAAE,CAAC;YACjB,IAAI,CAAC;gBACH,SAAS,GAAG,aAAa,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;YACxD,CAAC;YAAC,OAAO,CAAM,EAAE,CAAC;gBAChB,IAAA,oBAAQ,EAAC,CAAC,CAAC,OAAO,CAAC,CAAC;gBACpB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;YAClB,CAAC;QACH,CAAC;QAED,IAAI,CAAC;YACH,MAAM,GAAG,GAAG,MAAM,kBAAM,CAAC,IAAI,CAAC,aAAa,EAAE;gBAC3C,IAAI,EAAE,IAAI,CAAC,IAAI;gBACf,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;aACpC,CAAC,CAAC;YAEH,MAAM,IAAI,GAAG,IAAA,kBAAM,EAAC,GAAG,CAAC,IAAI,CAAC,CAAC;YAE9B,IAAI,IAAI,CAAC,IAAI,EAAE,CAAC;gBAAC,IAAA,qBAAS,EAAC,IAAI,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;YAE3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC,CAAC;YACzC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,GAAG,CAAC,KAAK,CAAC,SAAS,IAAI,CAAC,EAAE,EAAE,CAAC,CAAC;YACrD,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,GAAG,CAAC,OAAO,CAAC,OAAO,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;YACvD,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,GAAG,CAAC,SAAS,CAAC,KAAK,YAAY,CAAC,IAAI,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YACvE,IAAI,IAAI,CAAC,SAAS,EAAE,CAAC;gBACnB,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,GAAG,CAAC,UAAU,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,kBAAkB,EAAE,EAAE,CAAC,CAAC;YAC7F,CAAC;YACD,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,GAAG,CAAC,yCAAyC,CAAC,EAAE,CAAC,CAAA;YACxE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,KAAK,eAAK,CAAC,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;YAC3C,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAChB,OAAO,CAAC,GAAG,CAAC,eAAK,CAAC,MAAM,CAAC,uCAAuC,CAAC,CAAC,CAAC;YACnE,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;QAClB,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAA,oBAAQ,EAAC,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;IAEL,SAAS;IACT,KAAK;SACF,OAAO,CAAC,aAAa,CAAC;SACtB,WAAW,CAAC,wBAAwB,CAAC;SACrC,MAAM,CAAC,OAAO,EAAE,0BAA0B,CAAC;SAC3C,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE,IAAI,EAAE,EAAE;QACzB,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;YACd,MAAM,EAAE,OAAO,EAAE,GAAG,MAAM,kBAAQ,CAAC,MAAM,CAAC;gBACxC;oBACE,IAAI,EAAE,SAAS;oBACf,IAAI,EAAE,SAAS;oBACf,OAAO,EAAE,iBAAiB,EAAE,2BAA2B;oBACvD,OAAO,EAAE,KAAK;iBACf;aACF,CAAC,CAAC;YACH,IAAI,CAAC,OAAO,EAAE,CAAC;gBAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,CAAC;gBAAC,OAAO;YAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAM,CAAC,IAAI,CAAC,eAAe,EAAE,SAAS,EAAE,EAAE,CAAC,CAAC;YAClD,IAAA,mBAAO,EAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QAClC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,IAAA,oBAAQ,EAAC,IAAA,oBAAQ,EAAC,GAAG,CAAC,CAAC,CAAC;YACxB,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC;IACH,CAAC,CAAC,CAAC;AACP,CAAC"}

package/dist/index.js

@@ -7,6 +7,8 @@ const deploy_js_1 = require("./commands/deploy.js");
 const secret_js_1 = require("./commands/secret.js");
 const project_js_1 = require("./commands/project.js");
 const domain_js_1 = require("./commands/domain.js");
+const token_js_1 = require("./commands/token.js");
+const member_js_1 = require("./commands/member.js");
 const program = new commander_1.Command();
 program
     .name('nexus')
@@ -17,6 +19,8 @@ program
 (0, secret_js_1.registerSecret)(program);
 (0, project_js_1.registerProject)(program);
 (0, domain_js_1.registerDomain)(program);
+(0, token_js_1.registerToken)(program);
+(0, member_js_1.registerMember)(program);
 program.parseAsync(process.argv).catch((err) => {
     console.error(err.message || String(err));
     process.exit(1);

package/dist/index.js.map

@@ -1 +1 @@
-{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,yCAAoC;AACpC,gDAAkD;AAClD,oDAAsD;AACtD,oDAAsD;AACtD,sDAAwD;AACxD,oDAAsD;AAEtD,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,iCAAiC,CAAC;KAC9C,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,IAAA,sBAAY,EAAC,OAAO,CAAC,CAAC;AACtB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AACxB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AACxB,IAAA,4BAAe,EAAC,OAAO,CAAC,CAAC;AACzB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AAExB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;AACA,yCAAoC;AACpC,gDAAkD;AAClD,oDAAsD;AACtD,oDAAsD;AACtD,sDAAwD;AACxD,oDAAsD;AACtD,kDAAoD;AACpD,oDAAsD;AAEtD,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAE9B,OAAO;KACJ,IAAI,CAAC,OAAO,CAAC;KACb,WAAW,CAAC,iCAAiC,CAAC;KAC9C,OAAO,CAAC,OAAO,CAAC,CAAC;AAEpB,IAAA,sBAAY,EAAC,OAAO,CAAC,CAAC;AACtB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AACxB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AACxB,IAAA,4BAAe,EAAC,OAAO,CAAC,CAAC;AACzB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AACxB,IAAA,wBAAa,EAAC,OAAO,CAAC,CAAC;AACvB,IAAA,0BAAc,EAAC,OAAO,CAAC,CAAC;AAExB,OAAO,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IAC7C,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,OAAO,IAAI,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC;IAC1C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nexusapp-cli",
-  "version": "1.2.4",
+  "version": "2.1.0",
   "description": "NEXUS AI command-line interface",
   "main": "dist/index.js",
   "bin": {
@@ -11,12 +11,7 @@
     "dev": "ts-node src/index.ts",
     "prepublishOnly": "npm run build"
   },
-  "keywords": [
-    "nexusai",
-    "cli",
-    "deployments",
-    "cloud"
-  ],
+  "keywords": ["nexusai", "cli", "deployments", "cloud"],
   "license": "MIT",
   "dependencies": {
     "axios": "^1.6.0",
@@ -24,7 +19,6 @@
     "cli-table3": "^0.6.3",
     "commander": "^12.0.0",
     "inquirer": "^9.2.0",
-    "nexusapp-cli": "^1.2.3",
     "ora": "^8.0.0"
   },
   "devDependencies": {

package/src/commands/deploy.ts

@@ -1,4 +1,5 @@
 import { randomBytes } from 'crypto';
+import { readFileSync } from 'fs';
 import { Command } from 'commander';
 import inquirer from 'inquirer';
 import { client, apiError, unwrap } from '../client.js';
@@ -48,6 +49,40 @@ async function pollUntilDone(deploymentId: string, spin: ReturnType<typeof spinn
   }
 }
 
+/**
+ * Parse a .env-style file into a key→value map.
+ * Supports: KEY=VALUE, KEY="quoted value", KEY='quoted value', # comments, blank lines.
+ * --env pairs always win over file values (caller merges file first, then pairs).
+ */
+function parseEnvFile(filePath: string): Record<string, string> {
+  let raw: string;
+  try {
+    raw = readFileSync(filePath, 'utf8');
+  } catch {
+    errorMsg(`Cannot read env file: ${filePath}`);
+    process.exit(1);
+  }
+  const result: Record<string, string> = {};
+  for (const line of raw.split('\n')) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith('#')) continue;
+    const idx = trimmed.indexOf('=');
+    if (idx <= 0) continue;
+    const key = trimmed.slice(0, idx).trim();
+    let val = trimmed.slice(idx + 1);
+    // Strip inline comments after unquoted values
+    if ((val.startsWith('"') && val.includes('"', 1)) || (val.startsWith("'") && val.includes("'", 1))) {
+      const q = val[0];
+      const close = val.indexOf(q, 1);
+      val = val.slice(1, close);
+    } else {
+      val = val.split('#')[0].trim();
+    }
+    if (key) result[key] = val;
+  }
+  return result;
+}
+
 export function registerDeploy(program: Command): void {
   const deploy = program.command('deploy').description('Deployment commands');
 
@@ -126,11 +161,13 @@ export function registerDeploy(program: Command): void {
     .option('--project <id>', 'Project ID')
     .option('--provider <provider>', 'Provider (docker|gcp_cloud_run|aws_ecs_fargate|azure_container_apps)')
     .option('--env <pairs...>', 'Environment variables as KEY=VALUE')
+    .option('--env-file <file>', 'Load environment variables from a .env file')
     .option('--no-health-check', 'Disable health checks for this deployment')
     .option('--wait', 'Wait until deployment is RUNNING or FAILED')
     .option('--json', 'Output raw JSON')
     .action(async (opts) => {
       const envVars: Record<string, string> = {};
+      if (opts.envFile) Object.assign(envVars, parseEnvFile(opts.envFile));
       if (opts.env) {
         for (const pair of opts.env) {
           const idx = pair.indexOf('=');
@@ -170,6 +207,7 @@ export function registerDeploy(program: Command): void {
     .option('--branch <branch>', 'Git branch')
     .option('--provider <provider>', 'Provider (docker|gcp_cloud_run|aws_ecs_fargate|azure_container_apps)')
     .option('--env <pairs...>', 'Environment variables as KEY=VALUE')
+    .option('--env-file <file>', 'Load environment variables from a .env file')
     .option('--framework <framework>', 'Framework hint (e.g. node, python, go)')
     .option('--build-command <cmd>', 'Custom build command')
     .option('--start-command <cmd>', 'Custom start command')
@@ -184,6 +222,7 @@ export function registerDeploy(program: Command): void {
     .option('--json', 'Output raw JSON')
     .action(async (opts) => {
       const envVars: Record<string, string> = {};
+      if (opts.envFile) Object.assign(envVars, parseEnvFile(opts.envFile));
       if (opts.env) {
         for (const pair of opts.env) {
           const idx = pair.indexOf('=');
@@ -231,6 +270,7 @@ export function registerDeploy(program: Command): void {
     .option('--name <name>', 'Override deployment name')
     .option('--provider <provider>', 'Override provider')
     .option('--env <pairs...>', 'Override / add environment variables as KEY=VALUE')
+    .option('--env-file <file>', 'Load environment variables from a .env file (merged with existing, --env wins)')
     .option('--wait', 'Wait until deployment is RUNNING or FAILED')
     .option('--yes', 'Skip confirmation prompt')
     .option('--json', 'Output raw JSON')
@@ -251,6 +291,7 @@ export function registerDeploy(program: Command): void {
       }
 
       const baseEnvVars: Record<string, string> = { ...(deployment.envVars || {}) };
+      if (opts.envFile) Object.assign(baseEnvVars, parseEnvFile(opts.envFile));
       if (opts.env) {
         for (const pair of (opts.env as string[])) {
           const idx = pair.indexOf('=');
@@ -503,6 +544,7 @@ export function registerDeploy(program: Command): void {
     .option('--claude-web-cookie <cookie>', 'CLAUDE_WEB_COOKIE value')
     .option('--provider <provider>', 'Provider (docker|gcp_cloud_run|aws_ecs_fargate|azure_container_apps)')
     .option('--env <pairs...>', 'Additional environment variables as KEY=VALUE')
+    .option('--env-file <file>', 'Load environment variables from a .env file')
     .option('--wait', 'Wait until deployment is RUNNING or FAILED')
     .option('--json', 'Output raw JSON')
     .action(async (opts) => {
@@ -516,6 +558,7 @@ export function registerDeploy(program: Command): void {
       if (opts.claudeApiKey) envVars['CLAUDE_AI_SESSION_KEY'] = opts.claudeApiKey;
       if (opts.claudeWebSession) envVars['CLAUDE_WEB_SESSION_KEY'] = opts.claudeWebSession;
       if (opts.claudeWebCookie) envVars['CLAUDE_WEB_COOKIE'] = opts.claudeWebCookie;
+      if (opts.envFile) Object.assign(envVars, parseEnvFile(opts.envFile));
       if (opts.env) {
         for (const pair of opts.env as string[]) {
           const idx = pair.indexOf('=');
@@ -527,7 +570,7 @@ export function registerDeploy(program: Command): void {
         port: 18789,
         name: opts.name,
         envVars,
-        startCommand: 'mkdir -p /home/node/.openclaw && echo \'{"gateway":{"controlUi":{"dangerouslyAllowHostHeaderOriginFallback":true}}}\' > /home/node/.openclaw/openclaw.json && node dist/index.js gateway --bind lan --port 18789 --allow-unconfigured',
+        startCommand: 'mkdir -p /home/node/.openclaw && echo \'{"gateway":{"controlUi":{"dangerouslyAllowHostHeaderOriginFallback":true,"dangerouslyDisableDeviceAuth":true},"trustedProxies":["172.16.0.0/12","10.0.0.0/8"]}}\' > /home/node/.openclaw/openclaw.json && node dist/index.js gateway --bind lan --port 18789 --allow-unconfigured',
         healthCheckEnabled: false, // OpenClaw gateway has no HTTP health endpoint
       };
       if (opts.provider) payload.provider = opts.provider;
@@ -551,6 +594,88 @@ export function registerDeploy(program: Command): void {
       }
     });
 
+  // flixty
+  deploy
+    .command('flixty')
+    .description('Deploy Flixty social media creator studio from source (github.com/nexusrun/flixty)')
+    .option('--name <name>', 'Deployment name', 'flixty')
+    .option('--session-secret <secret>', 'Express session secret (auto-generated if not set)')
+    .option('--base-url <url>', 'Public URL of the deployment (for OAuth redirect URIs)')
+    .option('--anthropic-api-key <key>', 'Anthropic API key for AI Assist')
+    .option('--x-client-id <id>', 'X/Twitter OAuth 2.0 Client ID')
+    .option('--x-client-secret <secret>', 'X/Twitter OAuth 2.0 Client Secret')
+    .option('--linkedin-client-id <id>', 'LinkedIn OAuth Client ID')
+    .option('--linkedin-client-secret <secret>', 'LinkedIn OAuth Client Secret')
+    .option('--fb-app-id <id>', 'Facebook App ID')
+    .option('--fb-app-secret <secret>', 'Facebook App Secret')
+    .option('--tiktok-client-key <key>', 'TikTok Client Key')
+    .option('--tiktok-client-secret <secret>', 'TikTok Client Secret')
+    .option('--google-client-id <id>', 'Google Client ID (YouTube)')
+    .option('--google-client-secret <secret>', 'Google Client Secret')
+    .option('--provider <provider>', 'Provider (docker|gcp_cloud_run|aws_ecs_fargate|azure_container_apps)')
+    .option('--env <pairs...>', 'Additional environment variables as KEY=VALUE')
+    .option('--env-file <file>', 'Load environment variables from a .env file')
+    .option('--wait', 'Wait until deployment is RUNNING or FAILED')
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
+      const sessionSecret = opts.sessionSecret || randomBytes(32).toString('hex');
+      const envVars: Record<string, string> = {
+        SESSION_SECRET: sessionSecret,
+        PORT: '3000',
+        NODE_ENV: 'production',
+      };
+      if (opts.baseUrl) envVars['BASE_URL'] = opts.baseUrl;
+      if (opts.anthropicApiKey) envVars['ANTHROPIC_API_KEY'] = opts.anthropicApiKey;
+      if (opts.xClientId) envVars['X_CLIENT_ID'] = opts.xClientId;
+      if (opts.xClientSecret) envVars['X_CLIENT_SECRET'] = opts.xClientSecret;
+      if (opts.linkedinClientId) envVars['LINKEDIN_CLIENT_ID'] = opts.linkedinClientId;
+      if (opts.linkedinClientSecret) envVars['LINKEDIN_CLIENT_SECRET'] = opts.linkedinClientSecret;
+      if (opts.fbAppId) envVars['FB_APP_ID'] = opts.fbAppId;
+      if (opts.fbAppSecret) envVars['FB_APP_SECRET'] = opts.fbAppSecret;
+      if (opts.tiktokClientKey) envVars['TIKTOK_CLIENT_KEY'] = opts.tiktokClientKey;
+      if (opts.tiktokClientSecret) envVars['TIKTOK_CLIENT_SECRET'] = opts.tiktokClientSecret;
+      if (opts.googleClientId) envVars['GOOGLE_CLIENT_ID'] = opts.googleClientId;
+      if (opts.googleClientSecret) envVars['GOOGLE_CLIENT_SECRET'] = opts.googleClientSecret;
+      if (opts.envFile) Object.assign(envVars, parseEnvFile(opts.envFile));
+      if (opts.env) {
+        for (const pair of opts.env as string[]) {
+          const idx = pair.indexOf('=');
+          if (idx > 0) envVars[pair.slice(0, idx)] = pair.slice(idx + 1);
+        }
+      }
+      const payload: Record<string, any> = {
+        sourceType: 'repo',
+        repoUrl: 'https://github.com/nexusrun/flixty.git',
+        name: opts.name,
+        environment: 'PRODUCTION',
+        startCommand: 'node server.js',
+        envVars,
+        healthCheckEnabled: true,
+      };
+      if (opts.provider) payload.provider = opts.provider;
+
+      try {
+        const res = await client.post('/api/gpt/deploy/source', payload);
+        const d = res.data;
+        if (opts.json) { printJson({ ...d, sessionSecret }); return; }
+        if (opts.wait) {
+          const spin = spinner('Deploying Flixty...');
+          await pollUntilDone(d.id, spin);
+        } else {
+          success(`Flixty queued: ${d.name || d.id}`);
+          console.log(`  Session secret: ${sessionSecret}`);
+          console.log(`  Port: 3000`);
+          if (!opts.baseUrl) {
+            console.log(`  Note: once running, redeploy with --base-url <public-url> for OAuth to work`);
+          }
+          console.log(`  Run 'nexus deploy status ${d.id} --watch' to track progress`);
+        }
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+
   // status
   deploy
     .command('status <name-or-id>')

package/src/commands/member.ts

@@ -0,0 +1,168 @@
+import { Command } from 'commander';
+import inquirer from 'inquirer';
+import chalk from 'chalk';
+import { client, apiError, unwrap } from '../client.js';
+import { printTable, printJson, success, errorMsg, timeAgo } from '../output.js';
+
+const VALID_ROLES = ['OWNER', 'ADMIN', 'MEMBER', 'DEPLOYMENT_MANAGER', 'AUDITOR', 'BILLING_MANAGER'];
+
+const ROLE_LABELS: Record<string, string> = {
+  OWNER: 'Owner',
+  ADMIN: 'Admin',
+  MEMBER: 'Developer',
+  DEPLOYMENT_MANAGER: 'Deployment Manager',
+  AUDITOR: 'Auditor',
+  BILLING_MANAGER: 'Billing Manager',
+};
+
+function roleLabel(role: string): string {
+  return ROLE_LABELS[role] || role;
+}
+
+function statusBadge(status: string): string {
+  if (status === 'active') return chalk.green(status);
+  if (status === 'suspended') return chalk.yellow(status);
+  return chalk.gray(status);
+}
+
+export function registerMember(program: Command): void {
+  const member = program.command('member').description('Team member management commands');
+
+  // list
+  member
+    .command('list')
+    .description('List all team members in the organization')
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
+      try {
+        const res = await client.get('/api/organizations/users');
+        let members: any[] = unwrap(res.data);
+        if (!Array.isArray(members)) members = [];
+
+        if (opts.json) { printJson(members); return; }
+        if (!members.length) { console.log('No members found.'); return; }
+
+        printTable(
+          ['ID', 'NAME', 'EMAIL', 'ROLE', 'STATUS', 'JOINED'],
+          members.map((m: any) => [
+            m.id,
+            m.name || '—',
+            m.email,
+            roleLabel(m.role),
+            statusBadge(m.status),
+            m.createdAt ? timeAgo(m.createdAt) : '—',
+          ])
+        );
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+
+  // invite
+  member
+    .command('invite <email>')
+    .description('Invite a new member to the organization')
+    .requiredOption('--role <role>', `Role to assign (${VALID_ROLES.filter(r => r !== 'OWNER').join(', ')})`)
+    .option('--json', 'Output raw JSON')
+    .action(async (email, opts) => {
+      const role = opts.role.toUpperCase();
+
+      if (!VALID_ROLES.includes(role) || role === 'OWNER') {
+        errorMsg(`Invalid role "${opts.role}". Valid roles: ${VALID_ROLES.filter(r => r !== 'OWNER').join(', ')}`);
+        process.exit(1);
+      }
+
+      try {
+        const res = await client.post('/api/organizations/users/invite', { email, role });
+        const data = unwrap(res.data);
+        const user = data.user || data;
+
+        if (opts.json) { printJson(data); return; }
+
+        success(`Invited ${email} as ${roleLabel(role)}.`);
+        console.log(`  ${chalk.dim('User ID:')} ${user.id}`);
+        console.log(`  ${chalk.dim('An email with login credentials has been sent.')}`);
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+
+  // role
+  member
+    .command('role <userId> <role>')
+    .description('Update the role of a team member')
+    .option('--json', 'Output raw JSON')
+    .action(async (userId, roleArg, opts) => {
+      const role = roleArg.toUpperCase();
+
+      if (!VALID_ROLES.includes(role) || role === 'OWNER') {
+        errorMsg(`Invalid role "${roleArg}". Valid roles: ${VALID_ROLES.filter(r => r !== 'OWNER').join(', ')}`);
+        process.exit(1);
+      }
+
+      try {
+        const res = await client.patch(`/api/organizations/users/${userId}/role`, { role });
+        const updated = unwrap(res.data);
+
+        if (opts.json) { printJson(updated); return; }
+
+        success(`Updated ${updated.email} to ${roleLabel(updated.role)}.`);
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+
+  // suspend
+  member
+    .command('suspend <userId>')
+    .description('Suspend a team member (blocks their access)')
+    .option('--yes', 'Skip confirmation prompt')
+    .option('--json', 'Output raw JSON')
+    .action(async (userId, opts) => {
+      if (!opts.yes) {
+        const { confirm } = await inquirer.prompt([
+          {
+            type: 'confirm',
+            name: 'confirm',
+            message: `Suspend member "${userId}"? They will lose access immediately.`,
+            default: false,
+          },
+        ]);
+        if (!confirm) { console.log('Cancelled.'); return; }
+      }
+
+      try {
+        const res = await client.post(`/api/organizations/users/${userId}/suspend`, {});
+        const updated = unwrap(res.data);
+
+        if (opts.json) { printJson(updated); return; }
+
+        success(`${updated.email} suspended.`);
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+
+  // activate
+  member
+    .command('activate <userId>')
+    .description('Restore access for a suspended team member')
+    .option('--json', 'Output raw JSON')
+    .action(async (userId, opts) => {
+      try {
+        const res = await client.post(`/api/organizations/users/${userId}/activate`, {});
+        const updated = unwrap(res.data);
+
+        if (opts.json) { printJson(updated); return; }
+
+        success(`${updated.email} activated.`);
+      } catch (err) {
+        errorMsg(apiError(err));
+        process.exit(1);
+      }
+    });
+}