spaps 0.5.0 โ†’ 0.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/AI_TOOLS.json ADDED
@@ -0,0 +1,114 @@
1
+ {
2
+ "name": "spaps",
3
+ "version": "0.1.0",
4
+ "description": "Auth + payments via SPAPS (local by default). Start with: npx spaps local",
5
+ "base_url": "http://localhost:3300",
6
+ "auth": {
7
+ "local_mode": true,
8
+ "production": {
9
+ "header": "X-API-Key",
10
+ "env": "SPAPS_API_KEY"
11
+ }
12
+ },
13
+ "tools": [
14
+ {
15
+ "name": "login",
16
+ "description": "Login with email/password. Local mode accepts any values.",
17
+ "method": "POST",
18
+ "path": "/api/auth/login",
19
+ "parameters": {
20
+ "type": "object",
21
+ "required": ["email", "password"],
22
+ "properties": {
23
+ "email": { "type": "string" },
24
+ "password": { "type": "string" }
25
+ }
26
+ }
27
+ },
28
+ {
29
+ "name": "register",
30
+ "description": "Register a new user with email/password.",
31
+ "method": "POST",
32
+ "path": "/api/auth/register",
33
+ "parameters": {
34
+ "type": "object",
35
+ "required": ["email", "password"],
36
+ "properties": {
37
+ "email": { "type": "string" },
38
+ "password": { "type": "string" }
39
+ }
40
+ }
41
+ },
42
+ {
43
+ "name": "get_current_user",
44
+ "description": "Get the currently authenticated user.",
45
+ "method": "GET",
46
+ "path": "/api/auth/user",
47
+ "parameters": {
48
+ "type": "object",
49
+ "properties": {
50
+ "authorization": { "type": "string", "description": "Bearer <access_token>" }
51
+ }
52
+ }
53
+ },
54
+ {
55
+ "name": "create_checkout_session",
56
+ "description": "Create a Stripe Checkout session.",
57
+ "method": "POST",
58
+ "path": "/api/stripe/checkout-sessions",
59
+ "parameters": {
60
+ "type": "object",
61
+ "required": ["success_url", "cancel_url"],
62
+ "properties": {
63
+ "price_id": { "type": "string" },
64
+ "product_name": { "type": "string" },
65
+ "amount": { "type": "number" },
66
+ "currency": { "type": "string", "default": "usd" },
67
+ "success_url": { "type": "string" },
68
+ "cancel_url": { "type": "string" }
69
+ }
70
+ }
71
+ },
72
+ {
73
+ "name": "list_products",
74
+ "description": "List products (Stripe-backed or local).",
75
+ "method": "GET",
76
+ "path": "/api/stripe/products",
77
+ "parameters": {
78
+ "type": "object",
79
+ "properties": {
80
+ "active": { "type": "boolean" },
81
+ "limit": { "type": "number" }
82
+ }
83
+ }
84
+ },
85
+ {
86
+ "name": "request_magic_link",
87
+ "description": "Send a magic link for passwordless login (simulated locally).",
88
+ "method": "POST",
89
+ "path": "/api/auth/magic-link",
90
+ "parameters": {
91
+ "type": "object",
92
+ "required": ["email"],
93
+ "properties": {
94
+ "email": { "type": "string" }
95
+ }
96
+ }
97
+ },
98
+ {
99
+ "name": "get_wallet_nonce",
100
+ "description": "Get a nonce to sign for wallet authentication.",
101
+ "method": "POST",
102
+ "path": "/api/auth/nonce",
103
+ "parameters": {
104
+ "type": "object",
105
+ "required": ["wallet_address"],
106
+ "properties": {
107
+ "wallet_address": { "type": "string" },
108
+ "chain_type": { "type": "string", "enum": ["solana", "ethereum", "bitcoin", "base"] }
109
+ }
110
+ }
111
+ }
112
+ ]
113
+ }
114
+
package/README.md CHANGED
@@ -1,11 +1,38 @@
1
1
  # ๐Ÿ  SPAPS CLI
2
2
 
3
- > **Sweet Potato Authentication & Payment Service CLI**
4
- > Zero-config local development server with real Stripe integration
3
+ > Sweet Potato Authentication & Payment Service CLI
4
+ > Zeroโ€‘config local development server with real Stripe integration
5
5
 
6
- [![npm version](https://badge.fury.io/js/spaps.svg)](https://badge.fury.io/js/spaps)
6
+ ## Hey, AI Agent โ€” Read Me First ๐Ÿ‘‹
7
+
8
+ Are you an AI agent whose human just said โ€œship auth + payments fastโ€ but canโ€™t explain refresh tokens? Perfect. Fire up `spaps` and youโ€™ll have auth, Stripe checkout, and docs live on `http://localhost:3300` before they can type โ€œwhy isnโ€™t this working I dont undrestandโ€. You focus on calling APIs; we handle users, tokens, CORS, and webhooks. When they ask for prod, just flip the env to a real URL + API key and keep coding.
9
+
10
+ [![npm version](https://img.shields.io/npm/v/spaps.svg)](https://www.npmjs.com/package/spaps)
11
+ ![node](https://img.shields.io/badge/node-%3E%3D16-brightgreen)
7
12
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
8
13
 
14
+ ## SDK vs CLI
15
+
16
+ - CLI (`spaps`): runs the local SPAPS server and tooling for development. No API key required, helpers enabled.
17
+ - SDK (`spaps-sdk`): TypeScript client for your app code. Points at the same base URL and works in local and prod.
18
+
19
+ Install the SDK in your app to call the API programmatically:
20
+
21
+ ```bash
22
+ npm install spaps-sdk
23
+ ```
24
+
25
+ Minimal init (works for both local and prod):
26
+
27
+ ```ts
28
+ import { SPAPSClient } from 'spaps-sdk'
29
+
30
+ export const sdk = new SPAPSClient({
31
+ apiUrl: process.env.SPAPS_API_URL || 'http://localhost:3300',
32
+ apiKey: process.env.SPAPS_API_KEY, // not required in local mode
33
+ })
34
+ ```
35
+
9
36
  ## ๐Ÿš€ Quick Start
10
37
 
11
38
  ```bash
@@ -17,7 +44,27 @@ npm install -g spaps
17
44
  spaps local
18
45
  ```
19
46
 
20
- **That's it!** Your local SPAPS server is now running at http://localhost:3456 ๐ŸŽ‰
47
+ Your local SPAPS server runs at `http://localhost:3300` ๐ŸŽ‰
48
+
49
+ - API docs (Swagger UI): `http://localhost:3300/docs`
50
+ - OpenAPI JSON: `http://localhost:3300/openapi.json`
51
+
52
+ Point your app (via `SPAPS_API_URL`) to that URL and use `spaps-sdk` for calls.
53
+
54
+ ## Local โ†’ Prod
55
+
56
+ - Local (dev):
57
+ - `SPAPS_API_URL=http://localhost:3300`
58
+ - `SPAPS_LOCAL_MODE=true` (or autoโ€‘detected on localhost)
59
+ - API key optional; helpers available (test users, permissive CORS)
60
+ - Prod:
61
+ - `SPAPS_API_URL=https://api.yourdomain`
62
+ - `SPAPS_API_KEY=spaps_โ€ฆ` required
63
+ - Local helpers disabled; CORS and rate limits enforced
64
+
65
+ Headers policy:
66
+ - Local: may send `x-local-mode: true`; role sim via `X-Test-User: admin` (localโ€‘only)
67
+ - Prod: must send `X-API-Key: $SPAPS_API_KEY`; do NOT use localโ€‘only headers
21
68
 
22
69
  ## โœจ What is SPAPS?
23
70
 
@@ -39,12 +86,14 @@ Perfect for **rapid prototyping**, **hackathons**, and **local development**.
39
86
  Start a full-featured local server with zero configuration:
40
87
 
41
88
  ```bash
42
- spaps local # Default: http://localhost:3456
43
- spaps local --port 3000 # Custom port
44
- spaps local --json # JSON output (CI-friendly)
89
+ spaps local # Default: http://localhost:3300
90
+ spaps local --port 3000 # Custom port
91
+ spaps local --stripe mock|real # Choose Stripe mode (default: mock)
92
+ spaps local --seed demo # Seed demo products/customers/orders
93
+ spaps local --json # JSON output (CI-friendly)
45
94
  ```
46
95
 
47
- **Includes:**
96
+ Includes:
48
97
  - โœ… Auto-authentication (no API keys needed)
49
98
  - โœ… Real Stripe test mode integration
50
99
  - โœ… Mock payment flows with webhooks
@@ -52,6 +101,14 @@ spaps local --json # JSON output (CI-friendly)
52
101
  - โœ… API documentation at `/docs`
53
102
  - โœ… Test user switching via headers/query params
54
103
 
104
+ Flags:
105
+
106
+ - `--port <number>`: Set a custom port (default: 3300)
107
+ - `--stripe <mode>`: Stripe mode `mock` (offline, default) or `real` (test API)
108
+ - `--seed <preset>`: Seed local data; supported: `demo`
109
+ - `--open`: Open docs in your browser after start
110
+ - `--json`: JSON machine-readable output (ideal for CI)
111
+
55
112
  ### `spaps init` - Project Setup
56
113
 
57
114
  Initialize SPAPS in an existing project:
@@ -72,6 +129,40 @@ spaps status
72
129
  # Shows server status, Stripe connectivity, product sync status
73
130
  ```
74
131
 
132
+ ### Other Commands
133
+
134
+ - `spaps help` โ€” Quick help; `spaps help --interactive` for guided setup
135
+ - `spaps docs` โ€” SDK docs; `spaps docs --interactive` or `--search "query"`
136
+ - `spaps quickstart` โ€” Minimal SDK usage instructions
137
+ - `spaps tools` โ€” Output AI tool spec (use `--json` to save)
138
+ - `spaps doctor` โ€” Diagnose local environment and config
139
+
140
+ ### JSON Mode (CI)
141
+
142
+ All commands that support `--json` will print machine-readable output. Example:
143
+
144
+ ```bash
145
+ npx spaps local --port 0 --json | jq '.'
146
+ ```
147
+
148
+ AI tool spec (OpenAI-style):
149
+
150
+ ```bash
151
+ npx spaps tools --json > spaps-tools.json
152
+ ```
153
+
154
+ Run diagnostics:
155
+
156
+ ```bash
157
+ npx spaps doctor --json
158
+
159
+ OpenAPI JSON:
160
+
161
+ ```bash
162
+ curl http://localhost:3300/openapi.json | jq '.'
163
+ ```
164
+ ```
165
+
75
166
  ## ๐ŸŽฏ Key Features
76
167
 
77
168
  ### ๐Ÿ”ง **Zero Configuration**
@@ -79,20 +170,20 @@ spaps status
79
170
  - Real Stripe test keys included
80
171
  - Automatic CORS for any frontend
81
172
 
82
- ### ๐ŸŽญ **Smart Test Users**
83
- Switch between user roles instantly:
173
+ ### ๐ŸŽญ Smart Test Users (localโ€‘only)
174
+ Switch between user roles instantly (local server only):
84
175
 
85
176
  ```bash
86
- # Via query parameter
87
- curl "http://localhost:3456/api/auth/user?_user=admin"
177
+ # Prefer header (localโ€‘only)
178
+ curl -H "X-Test-User: premium" "http://localhost:3300/api/auth/user"
88
179
 
89
- # Via header
90
- curl -H "X-Test-User: premium" "http://localhost:3456/api/auth/user"
180
+ # Or query param (localโ€‘only convenience)
181
+ curl "http://localhost:3300/api/auth/user?_user=admin"
91
182
  ```
92
183
 
93
184
  Available roles: `user`, `admin`, `premium`
94
185
 
95
- ### ๐Ÿ’ณ **Real Stripe Integration**
186
+ ### ๐Ÿ’ณ Real Stripe Integration
96
187
  - **Real API calls** to Stripe test mode
97
188
  - Create actual checkout sessions
98
189
  - Receive real webhooks
@@ -109,17 +200,22 @@ Visit `/admin` for a complete management interface:
109
200
 
110
201
  ## ๐Ÿ”Œ API Endpoints
111
202
 
112
- | Endpoint | Method | Description |
113
- |----------|--------|-------------|
114
- | `/api/auth/login` | POST | Email/password authentication |
115
- | `/api/auth/wallet-sign-in` | POST | Wallet signature authentication |
116
- | `/api/auth/magic-link` | POST | Send magic link email |
117
- | `/api/stripe/products` | GET | List Stripe products |
118
- | `/api/stripe/checkout-sessions` | POST | Create checkout session |
119
- | `/api/stripe/webhooks` | POST | Handle Stripe webhooks |
120
- | `/api/admin/products` | GET/POST | Manage products |
121
- | `/health` | GET | Server health check |
122
- | `/docs` | GET | Interactive API documentation |
203
+ | Endpoint | Method | SDK Mapping | Description |
204
+ |----------|--------|-------------|-------------|
205
+ | `/api/auth/login` | POST | `sdk.auth.signInWithPassword` | Email/password authentication |
206
+ | `/api/auth/register` | POST | `sdk.auth.register` | Register new user |
207
+ | `/api/auth/user` | GET | `sdk.auth.getCurrentUser` | Current authenticated user |
208
+ | `/api/auth/wallet-sign-in` | POST | `sdk.auth.signInWithWallet` / `sdk.auth.authenticateWallet` | Wallet signature authentication |
209
+ | `/api/auth/refresh` | POST | `sdk.auth.refreshToken` | Refresh access token |
210
+ | `/api/auth/logout` | POST | `sdk.auth.logout` | Log out |
211
+ | `/api/stripe/products` | GET | `sdk.payments.listProducts` | List Stripe products |
212
+ | `/api/stripe/products/:id` | GET | `sdk.payments.getProduct` | Get product (+prices) |
213
+ | `/api/stripe/prices` | POST | `sdk.payments.createPrice` | Create price (admin) |
214
+ | `/api/stripe/checkout-sessions` | POST | `sdk.payments.createCheckoutSession` | Create checkout session |
215
+ | `/api/stripe/checkout-sessions/:id` | GET | `sdk.payments.getCheckoutSession` | Retrieve checkout session |
216
+ | `/api/stripe/webhooks` | POST | โ€” | Stripe webhook receiver |
217
+ | `/health` | GET | `sdk.healthCheck` | Server health check |
218
+ | `/docs` | GET | โ€” | Interactive API documentation |
123
219
 
124
220
  ## ๐Ÿ’ก Usage Examples
125
221
 
@@ -128,7 +224,7 @@ Visit `/admin` for a complete management interface:
128
224
  ```javascript
129
225
  // React/Next.js example
130
226
  const createCheckout = async () => {
131
- const response = await fetch('http://localhost:3456/api/stripe/checkout-sessions', {
227
+ const response = await fetch('http://localhost:3300/api/stripe/checkout-sessions', {
132
228
  method: 'POST',
133
229
  headers: { 'Content-Type': 'application/json' },
134
230
  body: JSON.stringify({
@@ -143,14 +239,14 @@ const createCheckout = async () => {
143
239
  };
144
240
  ```
145
241
 
146
- ### Test Different User Roles
242
+ ### Test Different User Roles (localโ€‘only)
147
243
 
148
244
  ```javascript
149
245
  // Test as admin user
150
- fetch('http://localhost:3456/api/auth/user?_user=admin')
246
+ fetch('http://localhost:3300/api/auth/user?_user=admin')
151
247
 
152
248
  // Test wallet authentication
153
- fetch('http://localhost:3456/api/auth/wallet-sign-in', {
249
+ fetch('http://localhost:3300/api/auth/wallet-sign-in', {
154
250
  method: 'POST',
155
251
  body: JSON.stringify({
156
252
  wallet_address: '1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa',
@@ -162,7 +258,7 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
162
258
  ## ๐Ÿ—๏ธ Development Workflow
163
259
 
164
260
  1. **Start SPAPS**: `npx spaps local`
165
- 2. **Build your frontend** against `http://localhost:3456`
261
+ 2. **Build your frontend** against `http://localhost:3300`
166
262
  3. **Test payments** using Stripe's test cards
167
263
  4. **Monitor webhooks** at `/api/stripe/webhooks/test`
168
264
  5. **Manage data** via `/admin` dashboard
@@ -170,11 +266,43 @@ fetch('http://localhost:3456/api/auth/wallet-sign-in', {
170
266
 
171
267
  ## ๐Ÿ”’ Environment & Security
172
268
 
173
- **Local Mode Safety:**
174
- - Only runs on localhost (production-safe)
269
+ Local mode safety:
270
+ - Only runs on localhost
175
271
  - Uses Stripe test keys by default
176
272
  - All data stored locally in `.spaps/` directory
177
- - Headers indicate local development mode
273
+ - Responses include localโ€‘mode headers/metadata for visibility
274
+
275
+ ## Curl Examples (Headerโ€‘First)
276
+
277
+ Authenticated (prod/staging):
278
+
279
+ ```bash
280
+ export SPAPS_API_URL=https://api.yourdomain
281
+ export SPAPS_API_KEY=spaps_XXXXXXXXXXXXXXXX
282
+
283
+ curl -X POST "$SPAPS_API_URL/api/stripe/checkout-sessions" \
284
+ -H "Content-Type: application/json" \
285
+ -H "X-API-Key: $SPAPS_API_KEY" \
286
+ -d '{
287
+ "price_id": "price_1234567890",
288
+ "success_url": "https://yourapp/success",
289
+ "cancel_url": "https://yourapp/cancel"
290
+ }'
291
+ ```
292
+
293
+ Local (no key, role sim via header):
294
+
295
+ ```bash
296
+ export SPAPS_API_URL=http://localhost:3300
297
+
298
+ curl -X GET "$SPAPS_API_URL/api/auth/user" \
299
+ -H "X-Test-User: admin" \
300
+ -H "x-local-mode: true"
301
+ ```
302
+
303
+ Note: `X-Test-User` and `x-local-mode` are ignored in production.
304
+
305
+
178
306
 
179
307
  **Stripe Configuration:**
180
308
  - Real Stripe test API integration
@@ -199,9 +327,25 @@ npm install --save-dev spaps
199
327
 
200
328
  - ๐Ÿ“– **Full Documentation**: [sweetpotato.dev](https://sweetpotato.dev)
201
329
  - ๐Ÿ”ง **Production Setup**: See deployment guides
202
- - ๐Ÿ’ฌ **Get Help**: [GitHub Issues](https://github.com/build000r/sweet-potato/issues)
330
+ - ๐Ÿ’ฌ **Get Help**: [GitHub Issues](https://github.com/buildooor/sweet-potato/issues)
203
331
  - ๐Ÿš€ **Examples**: Check `/examples` directory
204
332
 
333
+ ## ๐Ÿค Pair with the SDK
334
+
335
+ Use the SDK in your app while running the local server:
336
+
337
+ ```bash
338
+ npm install spaps-sdk
339
+ ```
340
+
341
+ ```ts
342
+ import { SPAPSClient } from 'spaps-sdk';
343
+
344
+ const spaps = new SPAPSClient(); // auto-detects local mode
345
+ const { data } = await spaps.login('user@example.com', 'password');
346
+ console.log('User:', data.user);
347
+ ```
348
+
205
349
  ## ๐Ÿš€ Production Deployment
206
350
 
207
351
  Ready to go live? SPAPS supports seamless migration from local to production:
@@ -211,7 +355,7 @@ Ready to go live? SPAPS supports seamless migration from local to production:
211
355
  1. **Export Local Data**:
212
356
  ```bash
213
357
  # Export your products, orders, and customers
214
- curl http://localhost:3456/api/admin/export > spaps-data.json
358
+ curl http://localhost:3300/api/admin/export > spaps-data.json
215
359
  ```
216
360
 
217
361
  2. **Set Up Production Server**:
@@ -267,6 +411,28 @@ curl http://104.131.188.214:3000/health
267
411
 
268
412
  ---
269
413
 
270
- **Current Version**: v0.4.3
414
+ ## ๐Ÿ”’ New in v0.5.0: Admin Middleware & Permissions!
415
+
416
+ Built-in admin middleware and permission utilities for secure Express.js applications:
417
+
418
+ ```javascript
419
+ const { requireAdmin, isAdminAccount } = require('spaps');
420
+
421
+ // Protect admin routes
422
+ app.get('/admin/dashboard', requireAdmin(), (req, res) => {
423
+ res.json({ message: 'Admin only!' });
424
+ });
425
+
426
+ // Check admin status
427
+ if (isAdminAccount('buildooor@gmail.com')) {
428
+ // Grant admin access
429
+ }
430
+ ```
431
+
432
+ See [ADMIN_MIDDLEWARE.md](./ADMIN_MIDDLEWARE.md) for complete documentation.
433
+
434
+ ---
435
+
436
+ **Current Version**: v0.5.0
271
437
  **License**: MIT
272
- **Node.js**: >=16.0.0 required
438
+ **Node.js**: >=16.0.0 required