piezas 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md ADDED
@@ -0,0 +1,309 @@
1
+ # piezas
2
+
3
+ Set up [Piezas](https://piezas.ai) in your project with one command. Installs the SDK and configures your AI coding agent (Claude Code, Cursor, Codex, Windsurf) to use Piezas as your backend.
4
+
5
+ ## Quick Start
6
+
7
+ ```bash
8
+ npx piezas init
9
+ ```
10
+
11
+ Then generate a spec before coding:
12
+
13
+ ```bash
14
+ # Claude Code
15
+ /piezas-spec "booking app for a small consulting team"
16
+
17
+ # Cursor, Codex, Windsurf, or other agents
18
+ /piezas-spec booking app for a small consulting team
19
+ ```
20
+
21
+ Or create and initialize a new folder:
22
+
23
+ ```bash
24
+ npx piezas init my-app
25
+ ```
26
+
27
+ Choose a deployment mode when you already know it:
28
+
29
+ ```bash
30
+ npx piezas init --mode next-bff # "frontend with a small server layer" — any framework
31
+ ```
32
+
33
+ Piezas is framework-agnostic: the platform is plain HTTPS/OpenAPI, and the
34
+ generated agent instructions tell your coding agent to honor *your* framework
35
+ choice (Vite+Express, Remix, SvelteKit, Next.js, or a non-JS stack) rather
36
+ than prescribing one. Mode names are historical labels, not requirements.
37
+
38
+ (`--mode static` also exists for server-less static hosting, but is **not
39
+ recommended yet**: static apps must rely on public guest tokens, and per-token
40
+ permission enforcement hasn't shipped platform-wide. Prefer a server-capable
41
+ mode like `next-bff` until it does.)
42
+
43
+ For server-capable apps, add an SDK-backed MCP route for agent tool access:
44
+
45
+ ```bash
46
+ npx piezas init --mode next-bff --mcp
47
+ ```
48
+
49
+ Add recipe guidance for common product shapes:
50
+
51
+ ```bash
52
+ npx piezas init --recipe booking-site
53
+ npx piezas init --recipe crm-project-finance --recipe client-services-os
54
+ ```
55
+
56
+ Bring your API key from the dashboard (any one of these):
57
+
58
+ ```bash
59
+ npx piezas init --key sk_live_xxx # pass it directly
60
+ npx piezas init # paste it at the prompt (TTY only)
61
+ npx piezas init --wait # watch the folder for the dashboard's downloaded .env
62
+ npx piezas init --wait --wait-timeout 600 # ... for up to 10 minutes
63
+ ```
64
+
65
+ `init` looks for a key in this order: `--key` (replaces an existing `.env`
66
+ value — passing it explicitly means you want it set), an existing
67
+ `PIEZAS_API_KEY` in the project's `.env` (kept as-is), `PIEZAS_API_KEY` in
68
+ your environment (never overrides an already-configured project), an
69
+ interactive paste prompt, then `--wait` (polls every 2s for a dropped-in
70
+ `.env`, `.env.download`, or `env.txt`; the drop file is removed once the key
71
+ is moved into `.env`). A missing key is not an error — the project is still
72
+ scaffolded and the summary tells you where to put the key.
73
+
74
+ ## Sign In From the Terminal
75
+
76
+ No dashboard needed — sign in once, then let `init` create the app and key:
77
+
78
+ ```bash
79
+ npx piezas login # prints a short code and opens your browser to approve it
80
+ npx piezas whoami # shows the signed-in tenant and email (exit 1 when logged out)
81
+ npx piezas logout # removes the saved session
82
+ ```
83
+
84
+ `login` starts a device-code sign-in: it shows a short code, opens
85
+ `app.piezas.ai/device` in your browser (the URL is always printed in case the
86
+ browser does not open), and waits for you to approve the code — sign-up works
87
+ on the same page. The session is saved to `~/.piezas/credentials.json`
88
+ (permissions `600`; override the directory with `PIEZAS_HOME`). The API base
89
+ is `https://api.piezas.ai` by default; override with `--api-base <url>` or
90
+ `PIEZAS_API_BASE`. All three commands support `--json`.
91
+
92
+ Once signed in, `init` can finish the whole setup from the terminal. When no
93
+ API key is found by the intake order above, `init` offers to create an app
94
+ named after your folder (or `--app <name>`) and mint a live key bound to it,
95
+ writing the key straight into `.env`:
96
+
97
+ ```bash
98
+ npx piezas login
99
+ npx piezas init --from-login # non-interactive: always use the saved login
100
+ npx piezas init # interactive: you'll be offered the same thing
101
+ ```
102
+
103
+ If the app name already exists in your account, the existing app is reused
104
+ and a fresh key is minted for it. If the saved session has expired, `init`
105
+ says so and continues without a key — run `npx piezas login` again. Without a
106
+ saved session, `init` behaves exactly as before.
107
+
108
+ Agent-friendly flags: `--yes` never prompts, `--app <name>` records the app
109
+ name in `piezas.manifest.json`, `--from-login` mints a key with the saved
110
+ `piezas login` session when none is found, and `--json` prints a
111
+ machine-readable summary (`apiKey`, `apiKeySource`, `envPath`,
112
+ `gitignoreUpdated`, `cursorRulesPath`, `appName`) on stdout. Exit codes: `0`
113
+ success (even without a key), `1` failure, `2` usage error.
114
+
115
+ This will:
116
+
117
+ - Install `@piezas/sdk`
118
+ - Create `package.json` when one does not exist
119
+ - Create `piezas.manifest.json` as the app/Piezas ownership and deployment-mode source of truth (records `appName` and `apiBaseUrl`)
120
+ - Write `PIEZAS_API_KEY` into `.env` and make sure `.gitignore` covers `.env` (existing patterns like `*.env` are respected)
121
+ - Add recipe ownership and setup-order guidance when `--recipe` is provided
122
+ - Optionally scaffold `app/api/piezas/mcp/route.ts` when `--mcp` is used with a server-capable mode
123
+ - Add Piezas instructions to `CLAUDE.md`, `.cursor/rules/piezas.mdc`, `.cursorrules`, `AGENTS.md`, and `.windsurfrules`
124
+ - Create a `.claude/commands/piezas.md` slash command for Claude Code
125
+ - Create `.claude/commands/piezas-spec.md` and `.piezas/spec-builder.md` for spec-first app generation
126
+
127
+ The generated instructions are an operating manual for AI coding agents. They
128
+ cover the init -> spec -> code workflow, the Piezas/app ownership boundary,
129
+ static vs server-runtime deployment mode, server-side API key handling, SDK
130
+ usage, live OpenAPI specs, integration OAuth rules, app-scoped connector
131
+ configuration, public sessions, durable access logs, durable/sync jobs, document
132
+ extraction, e-signature state, accounting posting helpers, search/import/export,
133
+ reconciliation helpers, thin server adapters, SDK-backed MCP routes, and common
134
+ CRM, public intake, booking, finance, and project-tracker patterns.
135
+
136
+ ## Spec-First Workflow
137
+
138
+ Use this sequence for broad product requests:
139
+
140
+ 1. Run `npx piezas init`.
141
+ 2. Run `/piezas-spec [idea]` in Claude Code, or ask Cursor/Codex/Windsurf for `/piezas-spec [idea]` or "Piezas spec mode".
142
+ 3. The agent interviews the user one question at a time and writes `SPEC.md` or `specs/`.
143
+ 4. Ask the agent to code from the finalized spec.
144
+ 5. Run `npx piezas doctor` before deployment.
145
+
146
+ Spec mode does not implement code. It creates the buildable product/architecture
147
+ spec first so the coding agent has a concrete target and a Piezas service map.
148
+
149
+ ## Guardrail Scan
150
+
151
+ After an AI coding agent generates or edits the app, run:
152
+
153
+ ```bash
154
+ npx piezas doctor
155
+ ```
156
+
157
+ `doctor` checks for architecture mistakes that sparse prompts often miss:
158
+
159
+ - `PIEZAS_API_KEY` exposed to browser/client code
160
+ - static deployments that accidentally contain server routes or server actions
161
+ - admin tokens/passwords passed through URL query params
162
+ - public booking flows that trust hidden time fields without server-side slot revalidation
163
+ - local database dependencies that may duplicate Piezas-owned business records
164
+ - OAuth token storage in app code
165
+ - dynamic route params that appear unused
166
+ - hardcoded integration action IDs without connector action discovery
167
+ - coverage configs that exclude app/API/server-action code
168
+
169
+ Use strict mode in CI when you want warnings to fail:
170
+
171
+ ```bash
172
+ npx piezas doctor --strict
173
+ ```
174
+
175
+ Print machine-readable output:
176
+
177
+ ```bash
178
+ npx piezas doctor --json
179
+ ```
180
+
181
+ ## What is Piezas?
182
+
183
+ Piezas by [Softmax Data](https://softmaxdata.com) is a suite of backend services so you don't have to build your own. It includes:
184
+
185
+ - **Entity Records** — Store any business data (contacts, products, cases)
186
+ - **Pipeline Engine** — Kanban boards and stage workflows
187
+ - **Task Engine** — Task management with priorities and due dates
188
+ - **Notifications** — Email and in-app notifications
189
+ - **Calendar** — Event scheduling
190
+ - **Messaging** — Sequences and campaigns
191
+ - **Workflow** — Automation and triggers
192
+ - **Durable Jobs** — Deferred work, retries, stale-lock recovery, reminders, imports, and sync state
193
+ - **Forms** — Form builder and submissions
194
+ - **Documents** — File storage and management
195
+ - **Document Workflows** — Extraction jobs and signature request state
196
+ - **Reporting** — Analytics and dashboards
197
+ - **Pricing** — Product and pricing management
198
+ - **Discussion** — Threaded conversations
199
+ - **Knowledge Base** — Document ingestion, semantic search, and AI Q&A
200
+ - **Integrations** — OAuth connections, scoped grants, and provider actions
201
+ - **Connector Pack** — Google Calendar, Gmail, Google Drive, Zoom, HubSpot, DocuSign, QuickBooks, and AWS Textract-compatible proxy actions
202
+ - **Admin/access** — Tenant users, invite-only signup, app registry, public sessions, durable access logs, and audit events
203
+ - **MCP-ready SDK surface** — Server apps can expose Piezas entity, pipeline, and task tools to approved agents through `piezasMcp`
204
+
205
+ ## App-Scoped Integrations
206
+
207
+ For products with multiple generated apps, domains, OAuth callback URLs, or provider permission sets, create one Piezas tenant app per app/use case. The tenant app stores allowed origins, redirect URIs, auth policy metadata, and connector/purpose policy. Integrations can then store provider client credentials with `appId` and `purpose`, and OAuth calls pass the same `appId`/`purpose`.
208
+
209
+ That means a booking app that needs Google Calendar and Zoom can stay separate from an internal app that only needs Google identity or Gmail-backed sending. Generated apps should store only the Piezas tenant app slug/id, connection IDs, grant IDs, and business record references.
210
+
211
+ ## MCP Route
212
+
213
+ `@piezas/sdk` includes `piezasMcp`, so there is no separate public MCP package to install. For Next.js/server-runtime apps:
214
+
215
+ ```bash
216
+ npx piezas init --mode next-bff --mcp
217
+ ```
218
+
219
+ This creates `app/api/piezas/mcp/route.ts`, wired to `piezasMcp` from `@piezas/sdk`. The generated route rejects anonymous requests until the app supplies auth plus tenant/user context. Replace the placeholder guard with your real session check before exposing it to users or agents. Static deployments should not host this route; use a separate server adapter if agent tool access is needed.
220
+
221
+ ## Next Steps
222
+
223
+ 1. Get an API key at [app.piezas.ai](https://app.piezas.ai)
224
+ 2. Add `PIEZAS_API_KEY=sk_live_xxx` to your server-side environment
225
+ 3. Run `/piezas-spec [idea]` or ask for Piezas spec mode
226
+ 4. Tell your AI agent to code from `SPEC.md` or `specs/`
227
+ 5. Run `npx piezas doctor` before deployment
228
+
229
+ ## SDK Usage
230
+
231
+ ```typescript
232
+ import { Piezas } from '@piezas/sdk';
233
+
234
+ const piezas = new Piezas({
235
+ apiKey: process.env.PIEZAS_API_KEY,
236
+ entitiesUrl: 'https://api.piezas.ai/entities',
237
+ pipelineUrl: 'https://api.piezas.ai/pipeline',
238
+ tasksUrl: 'https://api.piezas.ai/tasks',
239
+ notificationsUrl: 'https://api.piezas.ai/notify',
240
+ integrationsUrl: 'https://api.piezas.ai/integrations',
241
+ calendarUrl: 'https://api.piezas.ai/calendar',
242
+ workflowUrl: 'https://api.piezas.ai/workflow',
243
+ messagingUrl: 'https://api.piezas.ai/messaging',
244
+ formsUrl: 'https://api.piezas.ai/forms',
245
+ documentsUrl: 'https://api.piezas.ai/documents',
246
+ reportingUrl: 'https://api.piezas.ai/reporting',
247
+ pricingUrl: 'https://api.piezas.ai/pricing',
248
+ discussionUrl: 'https://api.piezas.ai/discussion',
249
+ knowledgeBaseUrl: 'https://api.piezas.ai/knowledge-base',
250
+ adminUrl: 'https://api.piezas.ai/admin',
251
+ });
252
+
253
+ // Define entity types (idempotent — safe to re-run)
254
+ await piezas.defineEntities({
255
+ contact: {
256
+ fields: {
257
+ email: { type: 'email', required: true },
258
+ status: { type: 'select', options: ['active', 'lead'] },
259
+ },
260
+ },
261
+ });
262
+
263
+ // CRUD
264
+ const record = await piezas.contacts.create({ title: 'Jane', data: { email: 'jane@example.com' } });
265
+ const list = await piezas.contacts.list({ limit: 50 });
266
+ const search = await piezas.contacts.search({ q: 'jane' });
267
+ const slots = await piezas.calendar.getAvailableSlots({
268
+ calendarId: 'calendar-id',
269
+ dateFrom: '2026-05-25T00:00:00Z',
270
+ dateTo: '2026-05-26T00:00:00Z',
271
+ });
272
+ await piezas.workflow.enqueueJob({ type: 'followup.reminder', payload: { recordId: record.id } });
273
+ await piezas.workflow.enqueueSyncJob({ connector: 'gmail', resource: 'messages', direction: 'pull' });
274
+ await piezas.documents.createExtractionJob({
275
+ documentId: 'document-id',
276
+ provider: 'aws_textract',
277
+ requestedFields: ['invoice_number', 'total'],
278
+ });
279
+ await piezas.documents.createSignatureRequest({
280
+ title: 'MSA',
281
+ documentId: 'document-id',
282
+ provider: 'docusign',
283
+ signers: [{ name: 'Jane Client', email: 'jane@example.com' }],
284
+ });
285
+ await piezas.admin.createTenantApp('tenant-id', {
286
+ slug: 'booking-portal',
287
+ name: 'Booking portal',
288
+ allowedOrigins: ['https://book.example.com'],
289
+ allowedRedirectUris: ['https://book.example.com/integrations/connected'],
290
+ integrationPolicy: {
291
+ connectors: {
292
+ google_calendar: { purposes: ['calendar_availability'] },
293
+ zoom: { purposes: ['meeting_links'] },
294
+ },
295
+ },
296
+ });
297
+ const authUrl = await piezas.integrations.getAuthorizationUrl('google_calendar', {
298
+ appId: 'booking-portal',
299
+ purpose: 'calendar_availability',
300
+ userId: 'app-user-1',
301
+ returnUrl: 'https://book.example.com/integrations/connected',
302
+ });
303
+ ```
304
+
305
+ See the [full SDK documentation](https://www.npmjs.com/package/@piezas/sdk) for more.
306
+
307
+ ## License
308
+
309
+ MIT
package/package.json ADDED
@@ -0,0 +1,27 @@
1
+ {
2
+ "name": "piezas",
3
+ "version": "0.2.0",
4
+ "description": "Set up Piezas in your project — installs the SDK and configures AI coding agents",
5
+ "type": "module",
6
+ "bin": {
7
+ "piezas": "src/index.js"
8
+ },
9
+ "scripts": {
10
+ "test": "node --test"
11
+ },
12
+ "files": [
13
+ "src",
14
+ "README.md"
15
+ ],
16
+ "keywords": [
17
+ "piezas",
18
+ "claude-code",
19
+ "ai-assisted-coding",
20
+ "ai-generated-apps",
21
+ "backend",
22
+ "api",
23
+ "sdk"
24
+ ],
25
+ "author": "Softmax Data Inc.",
26
+ "license": "MIT"
27
+ }