shiply-cli 0.4.1 → 0.6.0

package/dist/framework.js

@@ -0,0 +1,52 @@
+import { readFile, stat } from 'node:fs/promises';
+import { join } from 'node:path';
+const exists = async (p) => stat(p).then((s) => s.isFile() || s.isDirectory(), () => false);
+/** Detect a framework *source* directory (package.json, no root index.html)
+ *  so `shiply publish .` on a React/Vue/etc project can do the right thing:
+ *  publish the build output with SPA mode instead of raw source files. */
+export async function detectFramework(dir) {
+    if (await exists(join(dir, 'index.html'))) {
+        // Vite keeps index.html at the root of the *source* too — only treat it as
+        // a source dir when a vite config is present alongside it.
+        const viteConfig = (await Promise.all(['vite.config.ts', 'vite.config.js', 'vite.config.mjs'].map((f) => exists(join(dir, f))))).some(Boolean);
+        if (!viteConfig)
+            return null;
+    }
+    let pkgRaw;
+    try {
+        pkgRaw = await readFile(join(dir, 'package.json'), 'utf8');
+    }
+    catch {
+        return null;
+    }
+    let deps;
+    try {
+        const pkg = JSON.parse(pkgRaw);
+        deps = { ...pkg.dependencies, ...pkg.devDependencies };
+    }
+    catch {
+        return null;
+    }
+    const has = (name) => name in deps;
+    if (has('next')) {
+        return { framework: 'Next.js', outputDir: 'out', spa: false, buildCommand: 'npm run build  (needs `output: "export"` in next.config)' };
+    }
+    if (has('astro'))
+        return { framework: 'Astro', outputDir: 'dist', spa: false, buildCommand: 'npm run build' };
+    if (has('@sveltejs/kit')) {
+        return { framework: 'SvelteKit', outputDir: 'build', spa: true, buildCommand: 'npm run build  (use adapter-static)' };
+    }
+    if (has('vite'))
+        return { framework: 'Vite', outputDir: 'dist', spa: true, buildCommand: 'npm run build' };
+    if (has('react-scripts'))
+        return { framework: 'Create React App', outputDir: 'build', spa: true, buildCommand: 'npm run build' };
+    if (has('react') || has('vue') || has('svelte')) {
+        return { framework: 'JavaScript app', outputDir: 'dist', spa: true, buildCommand: 'npm run build' };
+    }
+    return null;
+}
+/** If the detected output dir exists and has an index.html, return it. */
+export async function findBuildOutput(dir, hint) {
+    const out = join(dir, hint.outputDir);
+    return (await exists(join(out, 'index.html'))) ? out : null;
+}

package/dist/index.js

@@ -1,7 +1,9 @@
 #!/usr/bin/env node
 import { createInterface } from 'node:readline/promises';
+import { join } from 'node:path';
 import { parseArgs } from 'node:util';
 import { confetti } from './confetti.js';
+import { detectFramework, findBuildOutput } from './framework.js';
 import { loadApiKey, saveApiKey } from './config.js';
 import { api, DEFAULT_BASE, publish, resolveBase } from './publish.js';
 import { installSkill } from './skill.js';
@@ -14,6 +16,7 @@ Usage:
                                               Re-running UPDATES the same site (state in .shiply.json)
   shiply update <dir>                         Same as publish when .shiply.json exists
   shiply status <slug-or-domain> [--wait]     SSL + readiness check (agent-friendly output)
+  shiply duplicate <slug>                     Server-side copy of an owned site → new URL
   shiply skill [--project]                    Install the shiply skill for your AI agent
                                               (global ~/.claude/skills, or ./.claude/skills with --project)
   shiply login [--email <address>]            Email a 6-digit code, mint + save an API key
@@ -89,8 +92,29 @@ async function main() {
             if (!dir)
                 throw new Error(`usage: shiply ${cmd} <dir>`);
             const apiKey = values.anonymous ? undefined : (values.key ?? (await loadApiKey()));
+            // Full React/Vue/etc apps work great — but you publish the BUILD OUTPUT,
+            // not the source. Detect source dirs and do the right thing.
+            let publishDir = dir;
+            let spa = values.spa;
+            const hint = await detectFramework(dir);
+            if (hint) {
+                const out = await findBuildOutput(dir, hint);
+                if (out) {
+                    publishDir = out;
+                    if (hint.spa && spa === undefined)
+                        spa = true;
+                    console.log(`✔ ${hint.framework} project detected — publishing ${out}${hint.spa ? ' with SPA mode' : ''}`);
+                }
+                else {
+                    throw new Error(`this looks like a ${hint.framework} project (source code, not a built site).\n` +
+                        `  Build it first, then publish the output:\n` +
+                        `    ${hint.buildCommand}\n` +
+                        `    shiply ${cmd} ${join(dir, hint.outputDir)}${hint.spa ? ' --spa' : ''}\n` +
+                        `  (or pass the built folder directly if it lives elsewhere)`);
+                }
+            }
             // same command, same URL: reuse this directory's site automatically
-            const state = await readState(dir);
+            const state = await readState(publishDir);
             let claimToken = values['claim-token'] ?? state?.claimToken;
             let slug = state?.owned && apiKey ? state.slug : undefined;
             if (values['new-site']) {
@@ -101,14 +125,14 @@ async function main() {
                 throw new Error('nothing to update here — publish first (shiply remembers the site in .shiply.json), or pass --claim-token');
             }
             const updating = Boolean(claimToken || slug);
-            const res = await publish(dir, {
+            const res = await publish(publishDir, {
                 apiKey,
                 base: values.base,
-                spaMode: values.spa,
+                spaMode: spa,
                 claimToken,
                 slug,
             });
-            await writeState(dir, {
+            await writeState(publishDir, {
                 slug: res.slug,
                 siteUrl: res.siteUrl,
                 ...(res.claimToken ? { claimToken: res.claimToken } : state?.claimToken && updating ? { claimToken: state.claimToken } : {}),
@@ -169,6 +193,22 @@ async function main() {
                 await new Promise((r) => setTimeout(r, 5000));
             }
         }
+        case 'duplicate': {
+            if (!dir)
+                throw new Error('usage: shiply duplicate <slug>');
+            const apiKey = values.key ?? (await loadApiKey());
+            if (!apiKey)
+                throw new Error('duplicate needs an API key — run `shiply login` first');
+            const base = resolveBase(values.base);
+            const out = await api(`${base}/api/v1/publishes/${dir}/duplicate`, {
+                method: 'POST',
+                headers: { 'content-type': 'application/json', authorization: `Bearer ${apiKey}` },
+                body: JSON.stringify({}),
+            });
+            console.log(`✔ duplicated ${dir} → ${out.slug} (${out.filesCount} files)`);
+            console.log(`\n  ${out.siteUrl}\n`);
+            return;
+        }
         case 'skill': {
             const written = await installSkill(Boolean(values.project));
             for (const w of written)

package/dist/manifest.js

@@ -36,7 +36,8 @@ export const contentTypeFor = (path) => MIME[extname(path).toLowerCase()] ?? 'ap
 const SKIP_DIRS = new Set(['node_modules']);
 /** Walk a directory into the publish manifest: posix-relative paths, byte
  *  sizes, sha256 hex hashes (server hash-skips unchanged files on update).
- *  Dot entries and node_modules are never published. */
+ *  Dot entries and node_modules are never published — except the .shiply/
+ *  config directory (proxy.json, data.json), which the server consumes. */
 export async function buildManifest(dir) {
     const out = [];
     await walk(dir, '', out);
@@ -45,6 +46,10 @@ export async function buildManifest(dir) {
 async function walk(abs, rel, out) {
     const entries = await readdir(abs, { withFileTypes: true });
     for (const e of entries) {
+        if (e.name === '.shiply' && e.isDirectory() && rel === '') {
+            await walk(join(abs, e.name), '.shiply', out);
+            continue;
+        }
         if (e.name.startsWith('.') || SKIP_DIRS.has(e.name))
             continue;
         const childAbs = join(abs, e.name);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "shiply-cli",
-  "version": "0.4.1",
+  "version": "0.6.0",
   "description": "Publish static sites to shiply.now from the command line — instant web hosting for agents.",
   "license": "MIT",
   "type": "module",

package/skill/SKILL.md

@@ -1,75 +1,115 @@
----
-name: shiply
-description: Publish static sites to the web instantly with shiply.now and manage them (updates, SSL checks, custom domains, variables). Use when the user asks to publish, host, deploy, share, or update a website/page/demo/report, or wants a live URL for generated files. Triggers - "publish this", "host this", "put this online", "give me a link", "update the site", shiply.
----
-
-# shiply — instant web hosting for agents
-
-shiply.now puts files on the web in seconds. No account needed to start:
-anonymous sites are live immediately, last 24 hours, and can be claimed into
-an account to keep them. The cardinal rule:
-
-**NEVER create a new site to update an existing one. Always re-publish to the
-same site** — otherwise you litter subdomains and lose the user's URL.
-
-## Pick your interface (best first)
-
-### 1. MCP (native tools)
-If the `shiply` MCP server is connected (https://shiply.now/mcp), use
-`publish_site`. Every result includes a `toUpdate` field telling you the exact
-call for updates — follow it. Other tools: `site_status`, `list_sites`,
-`set_handle`, `set_variable`, `add_domain`, `check_domain`, `get_analytics`,
-`delete_site`, `rollback` via dashboard.
-
-### 2. CLI
-```bash
-npm i -g shiply-cli        # or: curl -fsSL https://shiply.now/install.sh | bash
-shiply publish ./dir       # live URL + confetti
-shiply publish ./dir       # run AGAIN after edits → updates the SAME site
-shiply status <slug> --wait  # SSL + readiness; prints SSL_READY / SITE_READY
-shiply login               # email code → API key → sites become permanent
-```
-The CLI stores each directory's site in `.shiply.json` (slug + update token),
-so repeat publishes reuse the URL automatically. `--new-site` opts out.
-Gitignore `.shiply.json` in public repos. Parse `SITE_READY` / `SSL_READY`
-lines for automation; exit code 0 = ready.
-
-### 3. Raw HTTP (no installs)
-```
-1. POST https://shiply.now/api/v1/publish
-   {"files":[{"path":"index.html","size":<bytes>,"contentType":"text/html","hash":"<sha256, optional>"}]}
-   (+ "Authorization: Bearer shp_…" for permanent owned sites)
-2. PUT each file's bytes to response upload.uploads[].url
-3. POST upload.finalizeUrl with {"versionId":"..."}
-```
-**Updates:** anonymous → include `"claimToken":"..."` (returned ONCE by the
-first publish — save it); owned → include `"slug":"..."`. Hashes make updates
-cheap: unchanged files are skipped server-side.
-
-## The lifecycle to explain to users
-- Anonymous site: live instantly, expires in 24 h. Give the user the
-  `claimUrl` — claiming keeps it forever on a free account.
-- API key (`shiply login` or POST /api/auth/agent/request-code →
-  verify-code): publishes are permanent and manageable.
-- Paid plans add vanity handles (<name>.shiply.now), more custom domains,
-  storage, analytics: https://shiply.now/dashboard/plan
-
-## Power features (Bearer key)
-- **Custom domains**: POST /api/v1/domains {"hostname","slug"} → tell the
-  user to CNAME the hostname to `cname.shiply.now` → cert auto-issues; poll
-  GET /api/v1/domains/{id}/check until `ready:true`.
-- **SSL/readiness checker**: `shiply status <slug-or-domain> --wait` or the
-  check endpoint — confirms certificate + serving before telling the user
-  it's done.
-- **Variables**: encrypted per-user KV for API keys the user's sites need
-  (GET/PUT /api/v1/variables, DELETE /api/v1/variables/{NAME}); Supabase can
-  be connected from the dashboard and lands here as SUPABASE_URL +
-  SUPABASE_ANON_KEY.
-- **Rollback**: POST /api/v1/publish/{slug}/rollback {"versionId"} flips any
-  finalized version live instantly.
-- **SPA**: pass `"spaMode":true` so deep links serve index.html.
-
-## Limits & references
-≤1000 files/site (≤50 inline via MCP), ≤100 MiB/file, 1 GiB total.
-Machine guide: https://shiply.now/llms.txt · OpenAPI:
-https://shiply.now/openapi.json · Docs: https://shiply.now/docs
+---
+name: shiply
+description: Publish static sites to the web instantly with shiply.now and manage them (updates, SSL checks, custom domains, variables). Use when the user asks to publish, host, deploy, share, or update a website/page/demo/report, or wants a live URL for generated files. Triggers - "publish this", "host this", "put this online", "give me a link", "update the site", shiply.
+---
+
+# shiply — instant web hosting for agents
+
+shiply.now puts files on the web in seconds. No account needed to start:
+anonymous sites are live immediately, last 24 hours, and can be claimed into
+an account to keep them. The cardinal rule:
+
+**NEVER create a new site to update an existing one. Always re-publish to the
+same site** — otherwise you litter subdomains and lose the user's URL.
+
+## Pick your interface (best first)
+
+### 1. MCP (native tools)
+If the `shiply` MCP server is connected (https://shiply.now/mcp), use
+`publish_site`. Every result includes a `toUpdate` field telling you the exact
+call for updates — follow it. Other tools: `site_status`, `list_sites`,
+`set_handle`, `set_variable`, `add_domain`, `check_domain`, `get_analytics`,
+`delete_site`, `rollback` via dashboard.
+
+### 2. CLI
+```bash
+npm i -g shiply-cli        # or: curl -fsSL https://shiply.now/install.sh | bash
+shiply publish ./dir       # live URL + confetti
+shiply publish ./dir       # run AGAIN after edits → updates the SAME site
+shiply status <slug> --wait  # SSL + readiness; prints SSL_READY / SITE_READY
+shiply login               # email code → API key → sites become permanent
+```
+The CLI stores each directory's site in `.shiply.json` (slug + update token),
+so repeat publishes reuse the URL automatically. `--new-site` opts out.
+Gitignore `.shiply.json` in public repos. Parse `SITE_READY` / `SSL_READY`
+lines for automation; exit code 0 = ready.
+
+### 3. Raw HTTP (no installs)
+```
+1. POST https://shiply.now/api/v1/publish
+   {"files":[{"path":"index.html","size":<bytes>,"contentType":"text/html","hash":"<sha256, optional>"}]}
+   (+ "Authorization: Bearer shp_…" for permanent owned sites)
+2. PUT each file's bytes to response upload.uploads[].url
+3. POST upload.finalizeUrl with {"versionId":"..."}
+```
+**Updates:** anonymous → include `"claimToken":"..."` (returned ONCE by the
+first publish — save it); owned → include `"slug":"..."`. Hashes make updates
+cheap: unchanged files are skipped server-side.
+
+## The lifecycle to explain to users
+- Anonymous site: live instantly, expires in 24 h. Give the user the
+  `claimUrl` — claiming keeps it forever on a free account.
+- API key (`shiply login` or POST /api/auth/agent/request-code →
+  verify-code): publishes are permanent and manageable.
+- Paid plans add vanity handles (<name>.shiply.now), more custom domains,
+  storage, analytics: https://shiply.now/dashboard/plan
+
+## Power features (Bearer key)
+- **Custom domains**: POST /api/v1/domains {"hostname","slug"} → tell the
+  user to CNAME the hostname to `cname.shiply.now` → cert auto-issues; poll
+  GET /api/v1/domains/{id}/check until `ready:true`.
+- **SSL/readiness checker**: `shiply status <slug-or-domain> --wait` or the
+  check endpoint — confirms certificate + serving before telling the user
+  it's done.
+- **Variables**: encrypted per-user KV for API keys the user's sites need
+  (GET/PUT /api/v1/variables, DELETE /api/v1/variables/{NAME}); Supabase can
+  be connected from the dashboard and lands here as SUPABASE_URL +
+  SUPABASE_ANON_KEY.
+- **Rollback**: POST /api/v1/publish/{slug}/rollback {"versionId"} flips any
+  finalized version live instantly.
+- **SPA**: pass `"spaMode":true` so deep links serve index.html.
+
+## Proxy routes — AI/API calls WITHOUT exposing keys
+NEVER embed API keys in published HTML/JS. Instead: store the key as a
+Variable (PUT /api/v1/variables), then include `.shiply/proxy.json` in the
+published files declaring routes, e.g. {"proxies":{"/api/chat":{"upstream":
+"https://openrouter.ai/api/v1/chat/completions","method":"POST","headers":
+{"Authorization":"Bearer ${OPENROUTER_API_KEY}"}}}}. The page then calls the
+relative path (fetch('/api/chat')) and shiply injects the secret server-side.
+Prefix routes "/api/db/*" forward subpaths (great for Supabase REST).
+Owned sites only; https public upstreams only. Docs: /docs/proxy-routes
+
+## Site Data — forms/waitlists/guestbooks with ZERO backend
+When the user wants to collect anything from visitors (waitlist, contact
+form, RSVP, guestbook): include `.shiply/data.json` in the published files,
+e.g. {"collections":{"signups":{"fields":{"email":{"type":"email",
+"required":true}},"access":{"read":"owner","insert":"public"}}}}, then have
+the page POST JSON to the relative path /.shiply/data/signups. Records are
+validated server-side; the owner reads them in the dashboard (Data section,
+CSV export) or GET /api/v1/publishes/<slug>/data/<collection> with a Bearer
+key. Owned sites only. Docs: /docs/site-data
+
+## Make a site private (paid plans)
+To password-protect or restrict a site: PATCH /api/v1/publishes/<slug>/access
+with {"mode":"password","password":"..."} or {"mode":"restricted",
+"allowedEmails":[...],"allowedDomains":[...]}, or set mode "public" to open it.
+MCP tool set_site_access does the same. Enforced before any content is served;
+changing settings signs current visitors out. Docs: /docs/access-control
+
+## Full React / Vue / Svelte / Astro apps — YES, they work
+shiply hosts complete framework apps. Publish the BUILD OUTPUT, never the
+source: run the build, then publish the output dir with SPA mode for
+client-routed apps. The CLI auto-detects source dirs and tells you the
+right command.
+- Vite/React/Vue/Svelte: `npm run build` then `shiply publish dist --spa`
+- Create React App: `npm run build` then `shiply publish build --spa`
+- Next.js: set `output: "export"` in next.config, `npm run build`, then
+  `shiply publish out` (no --spa; export emits real HTML per route)
+- Astro/static generators: `shiply publish dist`
+Use the CLI (not inline MCP files) for builds — hashed bundles often exceed
+the 50-file inline cap, and the CLI hash-skips unchanged chunks on updates.
+
+## Limits & references
+≤1000 files/site (≤50 inline via MCP), ≤100 MiB/file, 1 GiB total.
+Machine guide: https://shiply.now/llms.txt · OpenAPI:
+https://shiply.now/openapi.json · Docs: https://shiply.now/docs