npm - shiply-cli - Versions diffs - 0.5.0 → 0.7.0 - Mend

shiply-cli 0.5.0 → 0.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/drive.js ADDED Viewed

@@ -0,0 +1,77 @@
+import { createHash } from 'node:crypto';
+import { readFile, writeFile } from 'node:fs/promises';
+import { basename } from 'node:path';
+import { api, resolveBase } from './publish.js';
+const sha256 = (b) => createHash('sha256').update(b).digest('hex');
+const headers = (apiKey) => ({ 'content-type': 'application/json', authorization: `Bearer ${apiKey}` });
+async function defaultDrive(ctx) {
+    const base = resolveBase(ctx.base);
+    const d = await api(`${base}/api/v1/drives/default`, { headers: headers(ctx.apiKey) });
+    return d.publicId;
+}
+export async function driveLs(ctx, prefix = '') {
+    const base = resolveBase(ctx.base);
+    const id = await defaultDrive(ctx);
+    const out = await api(`${base}/api/v1/drives/${id}/files?prefix=${encodeURIComponent(prefix)}&limit=200`, { headers: headers(ctx.apiKey) });
+    if (out.files.length === 0) {
+        console.log('  (empty)');
+        return;
+    }
+    for (const f of out.files)
+        console.log(`  ${f.path}  ${Math.ceil(f.size / 1024)}KB`);
+}
+export async function drivePut(ctx, file, asPath) {
+    const base = resolveBase(ctx.base);
+    const id = await defaultDrive(ctx);
+    const body = await readFile(file);
+    const path = asPath ?? basename(file);
+    const hash = sha256(body);
+    const meta = { path, size: body.length, contentType: 'application/octet-stream', hash };
+    const stage = await api(`${base}/api/v1/drives/${id}/files/uploads`, { method: 'POST', headers: headers(ctx.apiKey), body: JSON.stringify({ files: [meta] }) });
+    for (const u of stage.uploads) {
+        const res = await fetch(u.url, { method: 'PUT', body: new Uint8Array(body) });
+        if (!res.ok)
+            throw new Error(`upload failed for ${u.path}`);
+    }
+    await api(`${base}/api/v1/drives/${id}/files/finalize`, {
+        method: 'POST',
+        headers: headers(ctx.apiKey),
+        body: JSON.stringify({ files: [meta] }),
+    });
+    console.log(`✔ put ${path}`);
+}
+export async function driveGet(ctx, path, out) {
+    const base = resolveBase(ctx.base);
+    const id = await defaultDrive(ctx);
+    const { url } = await api(`${base}/api/v1/drives/${id}/files/${path.split('/').map(encodeURIComponent).join('/')}`, { headers: headers(ctx.apiKey) });
+    const res = await fetch(url);
+    if (!res.ok)
+        throw new Error(`download failed (${res.status})`);
+    const buf = Buffer.from(await res.arrayBuffer());
+    if (out) {
+        await writeFile(out, buf);
+        console.log(`✔ saved ${out}`);
+    }
+    else {
+        process.stdout.write(buf);
+    }
+}
+export async function driveRm(ctx, path) {
+    const base = resolveBase(ctx.base);
+    const id = await defaultDrive(ctx);
+    await api(`${base}/api/v1/drives/${id}/files/${path.split('/').map(encodeURIComponent).join('/')}`, {
+        method: 'DELETE',
+        headers: headers(ctx.apiKey),
+    });
+    console.log(`✔ removed ${path}`);
+}
+export async function drivePublish(ctx, prefix) {
+    const base = resolveBase(ctx.base);
+    const id = await defaultDrive(ctx);
+    const out = await api(`${base}/api/v1/publish/from-drive`, {
+        method: 'POST',
+        headers: headers(ctx.apiKey),
+        body: JSON.stringify({ driveId: id, ...(prefix ? { prefix } : {}) }),
+    });
+    console.log(`✔ published drive (${out.filesCount} files)\n\n  ${out.siteUrl}\n`);
+}

package/dist/index.js CHANGED Viewed

@@ -4,6 +4,7 @@ import { join } from 'node:path';
 import { parseArgs } from 'node:util';
 import { confetti } from './confetti.js';
 import { detectFramework, findBuildOutput } from './framework.js';
+import { driveGet, driveLs, drivePublish, drivePut, driveRm } from './drive.js';
 import { loadApiKey, saveApiKey } from './config.js';
 import { api, DEFAULT_BASE, publish, resolveBase } from './publish.js';
 import { installSkill } from './skill.js';
@@ -16,6 +17,8 @@ Usage:
                                               Re-running UPDATES the same site (state in .shiply.json)
   shiply update <dir>                         Same as publish when .shiply.json exists
   shiply status <slug-or-domain> [--wait]     SSL + readiness check (agent-friendly output)
+  shiply duplicate <slug>                     Server-side copy of an owned site → new URL
+  shiply drive <ls|put|get|rm|publish>        Private cloud storage (drive publish → live site)
   shiply skill [--project]                    Install the shiply skill for your AI agent
                                               (global ~/.claude/skills, or ./.claude/skills with --project)
   shiply login [--email <address>]            Email a 6-digit code, mint + save an API key
@@ -192,6 +195,56 @@ async function main() {
                 await new Promise((r) => setTimeout(r, 5000));
             }
         }
+        case 'duplicate': {
+            if (!dir)
+                throw new Error('usage: shiply duplicate <slug>');
+            const apiKey = values.key ?? (await loadApiKey());
+            if (!apiKey)
+                throw new Error('duplicate needs an API key — run `shiply login` first');
+            const base = resolveBase(values.base);
+            const out = await api(`${base}/api/v1/publishes/${dir}/duplicate`, {
+                method: 'POST',
+                headers: { 'content-type': 'application/json', authorization: `Bearer ${apiKey}` },
+                body: JSON.stringify({}),
+            });
+            console.log(`✔ duplicated ${dir} → ${out.slug} (${out.filesCount} files)`);
+            console.log(`\n  ${out.siteUrl}\n`);
+            return;
+        }
+        case 'drive': {
+            const apiKey = values.key ?? (await loadApiKey());
+            if (!apiKey)
+                throw new Error('drive commands need an API key — run `shiply login` first');
+            const dctx = { base: values.base, apiKey };
+            const sub = dir; // positionals[1]
+            const arg = positionals[2];
+            const arg2 = positionals[3];
+            switch (sub) {
+                case 'ls':
+                    await driveLs(dctx, arg);
+                    return;
+                case 'put':
+                    if (!arg)
+                        throw new Error('usage: shiply drive put <file> [as-path]');
+                    await drivePut(dctx, arg, arg2);
+                    return;
+                case 'get':
+                    if (!arg)
+                        throw new Error('usage: shiply drive get <path> [-o out]');
+                    await driveGet(dctx, arg, values.timeout ? undefined : arg2);
+                    return;
+                case 'rm':
+                    if (!arg)
+                        throw new Error('usage: shiply drive rm <path>');
+                    await driveRm(dctx, arg);
+                    return;
+                case 'publish':
+                    await drivePublish(dctx, arg);
+                    return;
+                default:
+                    throw new Error('usage: shiply drive <ls|put|get|rm|publish>');
+            }
+        }
         case 'skill': {
             const written = await installSkill(Boolean(values.project));
             for (const w of written)

package/dist/manifest.js CHANGED Viewed

@@ -36,7 +36,8 @@ export const contentTypeFor = (path) => MIME[extname(path).toLowerCase()] ?? 'ap
 const SKIP_DIRS = new Set(['node_modules']);
 /** Walk a directory into the publish manifest: posix-relative paths, byte
  *  sizes, sha256 hex hashes (server hash-skips unchanged files on update).
- *  Dot entries and node_modules are never published. */
+ *  Dot entries and node_modules are never published — except the .shiply/
+ *  config directory (proxy.json, data.json), which the server consumes. */
 export async function buildManifest(dir) {
     const out = [];
     await walk(dir, '', out);
@@ -45,6 +46,10 @@ export async function buildManifest(dir) {
 async function walk(abs, rel, out) {
     const entries = await readdir(abs, { withFileTypes: true });
     for (const e of entries) {
+        if (e.name === '.shiply' && e.isDirectory() && rel === '') {
+            await walk(join(abs, e.name), '.shiply', out);
+            continue;
+        }
         if (e.name.startsWith('.') || SKIP_DIRS.has(e.name))
             continue;
         const childAbs = join(abs, e.name);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "shiply-cli",
-  "version": "0.5.0",
+  "version": "0.7.0",
   "description": "Publish static sites to shiply.now from the command line — instant web hosting for agents.",
   "license": "MIT",
   "type": "module",

package/skill/SKILL.md CHANGED Viewed

@@ -69,6 +69,33 @@ cheap: unchanged files are skipped server-side.
   finalized version live instantly.
 - **SPA**: pass `"spaMode":true` so deep links serve index.html.
+## Proxy routes — AI/API calls WITHOUT exposing keys
+NEVER embed API keys in published HTML/JS. Instead: store the key as a
+Variable (PUT /api/v1/variables), then include `.shiply/proxy.json` in the
+published files declaring routes, e.g. {"proxies":{"/api/chat":{"upstream":
+"https://openrouter.ai/api/v1/chat/completions","method":"POST","headers":
+{"Authorization":"Bearer ${OPENROUTER_API_KEY}"}}}}. The page then calls the
+relative path (fetch('/api/chat')) and shiply injects the secret server-side.
+Prefix routes "/api/db/*" forward subpaths (great for Supabase REST).
+Owned sites only; https public upstreams only. Docs: /docs/proxy-routes
+## Site Data — forms/waitlists/guestbooks with ZERO backend
+When the user wants to collect anything from visitors (waitlist, contact
+form, RSVP, guestbook): include `.shiply/data.json` in the published files,
+e.g. {"collections":{"signups":{"fields":{"email":{"type":"email",
+"required":true}},"access":{"read":"owner","insert":"public"}}}}, then have
+the page POST JSON to the relative path /.shiply/data/signups. Records are
+validated server-side; the owner reads them in the dashboard (Data section,
+CSV export) or GET /api/v1/publishes/<slug>/data/<collection> with a Bearer
+key. Owned sites only. Docs: /docs/site-data
+## Make a site private (paid plans)
+To password-protect or restrict a site: PATCH /api/v1/publishes/<slug>/access
+with {"mode":"password","password":"..."} or {"mode":"restricted",
+"allowedEmails":[...],"allowedDomains":[...]}, or set mode "public" to open it.
+MCP tool set_site_access does the same. Enforced before any content is served;
+changing settings signs current visitors out. Docs: /docs/access-control
 ## Full React / Vue / Svelte / Astro apps — YES, they work
 shiply hosts complete framework apps. Publish the BUILD OUTPUT, never the
 source: run the build, then publish the output dir with SPA mode for