spaps 0.7.1 → 0.7.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +124 -339
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -1,438 +1,223 @@
1
- # 🍠 SPAPS CLI
1
+ # spaps
2
2
 
3
- > Sweet Potato Authentication & Payment Service CLI
4
- > Zero‑config local development server with real Stripe integration
3
+ CLI and middleware package for local SPAPS workflows.
5
4
 
6
- ## Hey, AI Agent — Read Me First 👋
5
+ ## TL;DR
7
6
 
8
- Are you an AI agent whose human just said “ship auth + payments fast” but can’t explain refresh tokens? Perfect. Fire up `spaps` and you’ll have auth, Stripe checkout, and docs live on `http://localhost:3301` before they can type “why isn’t this working I dont undrestand”. You focus on calling APIs; we handle users, tokens, CORS, and webhooks. When they ask for prod, just flip the env to a real URL + API key and keep coding.
7
+ **The Problem**: Local auth and payment development is slow when every app has to bootstrap a backend, wire environment files, and remember the right health and docs commands.
9
8
 
10
- [![npm version](https://img.shields.io/npm/v/spaps.svg)](https://www.npmjs.com/package/spaps)
11
- ![node](https://img.shields.io/badge/node-%3E%3D16-brightgreen)
12
- [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
9
+ **The Solution**: `spaps` gives you a small CLI for local-server workflows plus exported admin middleware helpers for Node apps that integrate with SPAPS.
13
10
 
14
- ## SDK vs CLI
11
+ ### Why Use `spaps`?
15
12
 
16
- - CLI (`spaps`): runs the local SPAPS server and tooling for development. No API key required, helpers enabled.
17
- - SDK (`spaps-sdk`): TypeScript client for your app code. Points at the same base URL and works in local and prod.
13
+ | Feature | What It Does |
14
+ | --- | --- |
15
+ | Local server workflow | Start, stop, inspect, and diagnose a local SPAPS server from the CLI |
16
+ | Project bootstrap | Create a starter `.env.local` for SPAPS-aware projects |
17
+ | AI tooling output | Emit the local OpenAI-style tool spec with `spaps tools` |
18
+ | Middleware exports | Reuse admin-permission helpers from the package API |
18
19
 
19
- Install the SDK in your app to call the API programmatically:
20
+ ## Installation
20
21
 
21
- ```bash
22
- npm install spaps-sdk
23
- ```
24
-
25
- Minimal init (works for both local and prod):
26
-
27
- ```ts
28
- import { SPAPSClient } from 'spaps-sdk'
22
+ ### Run Without Installing
29
23
 
30
- export const sdk = new SPAPSClient({
31
- apiUrl: process.env.SPAPS_API_URL || 'http://localhost:3301',
32
- apiKey: process.env.SPAPS_API_KEY, // not required in local mode
33
- })
24
+ ```bash
25
+ npx spaps help
34
26
  ```
35
27
 
36
- ## 🚀 Quick Start
28
+ ### Global Install
37
29
 
38
30
  ```bash
39
- # Run immediately with npx (recommended)
40
- npx spaps local
41
-
42
- # Or install globally
43
31
  npm install -g spaps
44
- spaps local
45
32
  ```
46
33
 
47
- Your local SPAPS server runs at `http://localhost:3301` 🎉
48
-
49
- - API docs (Swagger UI): `http://localhost:3301/docs`
50
- - OpenAPI JSON: `http://localhost:3301/openapi.json`
51
-
52
- Point your app (via `SPAPS_API_URL`) to that URL and use `spaps-sdk` for calls.
53
-
54
- ## Local → Prod
34
+ ### Project Dependency
55
35
 
56
- - Local (dev):
57
- - `SPAPS_API_URL=http://localhost:3301`
58
- - `SPAPS_LOCAL_MODE=true` (or auto‑detected on localhost)
59
- - API key optional; helpers available (test users, permissive CORS)
60
- - Prod:
61
- - `SPAPS_API_URL=https://api.yourdomain`
62
- - `SPAPS_API_KEY=spaps_…` required
63
- - Local helpers disabled; CORS and rate limits enforced
36
+ ```bash
37
+ npm install spaps
38
+ ```
64
39
 
65
- Headers policy:
66
- - Local: may send `x-local-mode: true`; role sim via `X-Test-User: admin` (local‑only)
67
- - Prod: must send `X-API-Key: $SPAPS_API_KEY`; do NOT use local‑only headers
40
+ ## Quick Example
68
41
 
69
- ## ✨ What is SPAPS?
42
+ ```bash
43
+ # Start the local server
44
+ npx spaps local
70
45
 
71
- SPAPS provides a **complete authentication and payment backend** for your applications:
46
+ # Check status
47
+ npx spaps status
72
48
 
73
- - 🔐 **Multi-wallet auth** (Solana, Ethereum, Bitcoin, Base)
74
- - 📧 **Traditional auth** (email/password, magic links)
75
- - 💳 **Real Stripe integration** (products, checkout, webhooks)
76
- - 🎭 **Test user switching** (`?_user=admin`)
77
- - 📊 **Admin dashboard** with analytics
78
- - 🌐 **CORS-ready** for any frontend
49
+ # Initialize .env.local in the current project
50
+ npx spaps init
79
51
 
80
- Perfect for **rapid prototyping**, **hackathons**, and **local development**.
52
+ # Emit the local tool spec as JSON
53
+ npx spaps tools --json
54
+ ```
81
55
 
82
- ## 📋 Commands
56
+ ## CLI Commands
83
57
 
84
- ### `spaps local` - Development Server
58
+ ### `spaps local [subcommand]`
85
59
 
86
- Start a full-featured local server with zero configuration:
60
+ Start or stop the local SPAPS server.
87
61
 
88
62
  ```bash
89
- spaps local # Default: http://localhost:3301
90
- spaps local --port 3000 # Custom port
91
- spaps local --stripe mock|real # Choose Stripe mode (default: mock)
92
- spaps local --seed demo # Seed demo products/customers/orders
93
- spaps local --json # JSON output (CI-friendly)
63
+ spaps local
64
+ spaps local --port 3400
65
+ spaps local --detach
66
+ spaps local --open
67
+ spaps local stop
94
68
  ```
95
69
 
96
- Includes:
97
- - ✅ Auto-authentication (no API keys needed)
98
- - ✅ Real Stripe test mode integration
99
- - ✅ Mock payment flows with webhooks
100
- - ✅ Admin dashboard at `/admin`
101
- - ✅ API documentation at `/docs`
102
- - ✅ Test user switching via headers/query params
103
-
104
- Flags:
70
+ Supported flags:
105
71
 
106
- - `--port <number>`: Set a custom port (default: 3301)
107
- - `--stripe <mode>`: Stripe mode `mock` (offline, default) or `real` (test API)
108
- - `--seed <preset>`: Seed local data; supported: `demo`
109
- - `--open`: Open docs in your browser after start
110
- - `--json`: JSON machine-readable output (ideal for CI)
72
+ - `--port <port>`
73
+ - `--detach`
74
+ - `--fresh`
75
+ - `--from-backup <path>`
76
+ - `--open`
77
+ - `--json`
111
78
 
112
- ### `spaps init` - Project Setup
113
-
114
- Initialize SPAPS in an existing project:
79
+ ### `spaps status`
115
80
 
116
81
  ```bash
117
- spaps init
118
- # Creates .env.local with Stripe test keys
119
- # Adds SPAPS client to your package.json
120
- # ✅ Generates basic integration examples
82
+ spaps status
83
+ spaps status --port 3400
84
+ spaps status --json
121
85
  ```
122
86
 
123
- ### `spaps status` - Health Check
124
-
125
- Check your local server and Stripe connection:
87
+ ### `spaps quickstart`
126
88
 
127
89
  ```bash
128
- spaps status
129
- # Shows server status, Stripe connectivity, product sync status
90
+ spaps quickstart
91
+ spaps quickstart --port 3400
92
+ spaps quickstart --json
130
93
  ```
131
94
 
132
- ### Other Commands
133
-
134
- - `spaps help` — Quick help; `spaps help --interactive` for guided setup
135
- - `spaps docs` — SDK docs; `spaps docs --interactive` or `--search "query"`
136
- - `spaps quickstart` — Minimal SDK usage instructions
137
- - `spaps tools` — Output AI tool spec (use `--json` to save)
138
- - `spaps doctor` — Diagnose local environment and config
139
-
140
- ### JSON Mode (CI)
141
-
142
- All commands that support `--json` will print machine-readable output. Example:
95
+ ### `spaps init`
143
96
 
144
97
  ```bash
145
- npx spaps local --port 0 --json | jq '.'
98
+ spaps init
99
+ spaps init --json
146
100
  ```
147
101
 
148
- AI tool spec (OpenAI-style):
102
+ ### `spaps docs`
149
103
 
150
104
  ```bash
151
- npx spaps tools --json > spaps-tools.json
105
+ spaps docs
106
+ spaps docs --interactive
107
+ spaps docs --search secure-messages
108
+ spaps docs --json
152
109
  ```
153
110
 
154
- Run diagnostics:
111
+ ### `spaps tools`
155
112
 
156
113
  ```bash
157
- npx spaps doctor --json
114
+ spaps tools
115
+ spaps tools --port 3400
116
+ spaps tools --format openai
117
+ spaps tools --json
118
+ ```
158
119
 
159
- OpenAPI JSON:
120
+ ### `spaps doctor`
160
121
 
161
122
  ```bash
162
- curl http://localhost:3301/openapi.json | jq '.'
163
- ```
123
+ spaps doctor
124
+ spaps doctor --port 3400
125
+ spaps doctor --stripe mock
126
+ spaps doctor --json
164
127
  ```
165
128
 
166
- ## 🎯 Key Features
129
+ ### Placeholder Commands
167
130
 
168
- ### 🔧 **Zero Configuration**
169
- - No setup required - works out of the box
170
- - Real Stripe test keys included
171
- - Automatic CORS for any frontend
131
+ The CLI currently includes placeholders for:
172
132
 
173
- ### 🎭 Smart Test Users (local‑only)
174
- Switch between user roles instantly (local server only):
133
+ - `spaps create <name>`
134
+ - `spaps types`
175
135
 
176
- ```bash
177
- # Prefer header (local‑only)
178
- curl -H "X-Test-User: premium" "http://localhost:3301/api/auth/user"
136
+ Treat them as reserved surfaces rather than stable workflows.
179
137
 
180
- # Or query param (local‑only convenience)
181
- curl "http://localhost:3301/api/auth/user?_user=admin"
182
- ```
138
+ ## Middleware Example
183
139
 
184
- Available roles: `user`, `admin`, `premium`
185
-
186
- ### 💳 Real Stripe Integration
187
- - **Real API calls** to Stripe test mode
188
- - Create actual checkout sessions
189
- - Receive real webhooks
190
- - Sync products to/from Stripe
191
- - Full webhook testing UI at `/api/stripe/webhooks/test`
192
-
193
- ### 📊 **Admin Dashboard**
194
- Visit `/admin` for a complete management interface:
195
- - Revenue analytics
196
- - Product management
197
- - Order tracking
198
- - Data export/import
199
- - Real-time webhook monitoring
200
-
201
- ## 🔌 API Endpoints
202
-
203
- | Endpoint | Method | SDK Mapping | Description |
204
- |----------|--------|-------------|-------------|
205
- | `/api/auth/login` | POST | `sdk.auth.signInWithPassword` | Email/password authentication |
206
- | `/api/auth/register` | POST | `sdk.auth.register` | Register new user |
207
- | `/api/auth/user` | GET | `sdk.auth.getCurrentUser` | Current authenticated user |
208
- | `/api/auth/wallet-sign-in` | POST | `sdk.auth.signInWithWallet` / `sdk.auth.authenticateWallet` | Wallet signature authentication |
209
- | `/api/auth/refresh` | POST | `sdk.auth.refreshToken` | Refresh access token |
210
- | `/api/auth/logout` | POST | `sdk.auth.logout` | Log out |
211
- | `/api/stripe/products` | GET | `sdk.payments.listProducts` | List Stripe products |
212
- | `/api/stripe/products/:id` | GET | `sdk.payments.getProduct` | Get product (+prices) |
213
- | `/api/stripe/prices` | POST | `sdk.payments.createPrice` | Create price (admin) |
214
- | `/api/stripe/checkout-sessions` | POST | `sdk.payments.createCheckoutSession` | Create checkout session |
215
- | `/api/stripe/checkout-sessions/:id` | GET | `sdk.payments.getCheckoutSession` | Retrieve checkout session |
216
- | `/api/stripe/webhooks` | POST | — | Stripe webhook receiver |
217
- | `/health` | GET | `sdk.healthCheck` | Server health check |
218
- | `/docs` | GET | — | Interactive API documentation |
219
-
220
- ## 💡 Usage Examples
221
-
222
- ### Frontend Integration
140
+ The package exports admin middleware and helper utilities from its main module:
223
141
 
224
142
  ```javascript
225
- // React/Next.js example
226
- const createCheckout = async () => {
227
- const response = await fetch('http://localhost:3301/api/stripe/checkout-sessions', {
228
- method: 'POST',
229
- headers: { 'Content-Type': 'application/json' },
230
- body: JSON.stringify({
231
- price_id: 'price_1234567890',
232
- success_url: 'http://localhost:3000/success',
233
- cancel_url: 'http://localhost:3000/cancel'
234
- })
235
- });
236
-
237
- const { data } = await response.json();
238
- window.location.href = data.url; // Redirect to Stripe Checkout
239
- };
240
- ```
143
+ const express = require('express');
144
+ const { requireAdmin, requirePermission } = require('spaps');
241
145
 
242
- ### Test Different User Roles (local‑only)
146
+ const app = express();
243
147
 
244
- ```javascript
245
- // Test as admin user
246
- fetch('http://localhost:3301/api/auth/user?_user=admin')
247
-
248
- // Test wallet authentication
249
- fetch('http://localhost:3301/api/auth/wallet-sign-in', {
250
- method: 'POST',
251
- body: JSON.stringify({
252
- wallet_address: '1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa',
253
- chain_type: 'bitcoin'
254
- })
148
+ app.get('/admin', requireAdmin(), (_req, res) => {
149
+ res.json({ ok: true });
255
150
  });
256
- ```
257
151
 
258
- ## 🏗️ Development Workflow
259
-
260
- 1. **Start SPAPS**: `npx spaps local`
261
- 2. **Build your frontend** against `http://localhost:3301`
262
- 3. **Test payments** using Stripe's test cards
263
- 4. **Monitor webhooks** at `/api/stripe/webhooks/test`
264
- 5. **Manage data** via `/admin` dashboard
265
- 6. **Export data** when ready for production
266
-
267
- ## 🔒 Environment & Security
152
+ app.post('/admin/products', requirePermission('manage_products'), (_req, res) => {
153
+ res.json({ created: true });
154
+ });
155
+ ```
268
156
 
269
- Local mode safety:
270
- - Only runs on localhost
271
- - Uses Stripe test keys by default
272
- - All data stored locally in `.spaps/` directory
273
- - Responses include local‑mode headers/metadata for visibility
157
+ ## What `spaps init` Writes
274
158
 
275
- ## Curl Examples (Header‑First)
159
+ `spaps init` creates a `.env.local` with a local API URL starter and leaves existing files alone if they are already present.
276
160
 
277
- Authenticated (prod/staging):
161
+ ## Troubleshooting
278
162
 
279
- ```bash
280
- export SPAPS_API_URL=https://api.yourdomain
281
- export SPAPS_API_KEY=spaps_XXXXXXXXXXXXXXXX
282
-
283
- curl -X POST "$SPAPS_API_URL/api/stripe/checkout-sessions" \
284
- -H "Content-Type: application/json" \
285
- -H "X-API-Key: $SPAPS_API_KEY" \
286
- -d '{
287
- "price_id": "price_1234567890",
288
- "success_url": "https://yourapp/success",
289
- "cancel_url": "https://yourapp/cancel"
290
- }'
291
- ```
163
+ ### Port already in use
292
164
 
293
- Local (no key, role sim via header):
165
+ Start on a different port:
294
166
 
295
167
  ```bash
296
- export SPAPS_API_URL=http://localhost:3301
297
-
298
- curl -X GET "$SPAPS_API_URL/api/auth/user" \
299
- -H "X-Test-User: admin" \
300
- -H "x-local-mode: true"
168
+ npx spaps local --port 3400
301
169
  ```
302
170
 
303
- Note: `X-Test-User` and `x-local-mode` are ignored in production.
171
+ ### Need machine-readable output
304
172
 
305
-
173
+ Use `--json` on supported commands such as `local`, `status`, `quickstart`, `init`, `docs`, `tools`, and `doctor`.
306
174
 
307
- **Stripe Configuration:**
308
- - Real Stripe test API integration
309
- - Webhook signature verification
310
- - Product/price synchronization
311
- - Customer portal simulation
175
+ ### Local server is not responding
312
176
 
313
- ## 📦 Installation Options
177
+ Check the current status first:
314
178
 
315
179
  ```bash
316
- # Use immediately (recommended)
317
- npx spaps local
180
+ npx spaps status
181
+ ```
318
182
 
319
- # Install globally
320
- npm install -g spaps
183
+ Then re-run the server with a clean start if needed:
321
184
 
322
- # Add to project dependencies
323
- npm install --save-dev spaps
185
+ ```bash
186
+ npx spaps local --fresh
324
187
  ```
325
188
 
326
- ## 🎓 Next Steps
189
+ ## Limitations
327
190
 
328
- - 📖 **Full Documentation**: [sweetpotato.dev](https://sweetpotato.dev)
329
- - 🔧 **Production Setup**: See deployment guides
330
- - 💬 **Get Help**: [GitHub Issues](https://github.com/buildooor/sweet-potato/issues)
331
- - 🚀 **Examples**: Check `/examples` directory
191
+ - The README only documents commands and flags that are currently wired in the CLI dispatcher.
192
+ - `create` and `types` are present as placeholders and should not be treated as finished product surfaces.
193
+ - The package is primarily for local workflows, not full production deployment automation.
332
194
 
333
- ## 🤝 Pair with the SDK
195
+ ## FAQ
334
196
 
335
- Use the SDK in your app while running the local server:
197
+ ### Does this package expose the TypeScript SDK?
336
198
 
337
- ```bash
338
- npm install spaps-sdk
339
- ```
199
+ No. The SDK is the separate `spaps-sdk` package.
340
200
 
341
- ```ts
342
- import { SPAPSClient } from 'spaps-sdk';
201
+ ### Can I use the CLI without installing globally?
343
202
 
344
- const spaps = new SPAPSClient(); // auto-detects local mode
345
- const { data } = await spaps.login('user@example.com', 'password');
346
- console.log('User:', data.user);
347
- ```
203
+ Yes. Use `npx spaps ...`.
348
204
 
349
- ## 🚀 Production Deployment
350
-
351
- Ready to go live? SPAPS supports seamless migration from local to production:
352
-
353
- ### Local → Production Workflow
354
-
355
- 1. **Export Local Data**:
356
- ```bash
357
- # Export your products, orders, and customers
358
- curl http://localhost:3301/api/admin/export > spaps-data.json
359
- ```
360
-
361
- 2. **Set Up Production Server**:
362
- ```bash
363
- # Deploy to your server (DigitalOcean, AWS, etc.)
364
- # Example production server: http://104.131.188.214:3000
365
- git clone https://github.com/build000r/sweet-potato
366
- cd sweet-potato
367
- npm install
368
- ```
369
-
370
- 3. **Configure Environment**:
371
- ```bash
372
- # Set production environment variables
373
- SUPABASE_URL=https://your-project.supabase.co
374
- SUPABASE_SERVICE_KEY=eyJhb...your-service-key
375
- STRIPE_SECRET_KEY=<STRIPE_SECRET_KEY> # Your live Stripe key
376
- JWT_SECRET=your-32-char-secure-secret
377
- ```
378
-
379
- 4. **Sync Products to Production Stripe**:
380
- ```bash
381
- # Import your local products to production Stripe
382
- curl -X POST http://104.131.188.214:3000/api/v1/admin/products/sync \
383
- -H "Content-Type: application/json" \
384
- -d @spaps-data.json
385
- ```
386
-
387
- 5. **Update Frontend Config**:
388
- ```javascript
389
- // Change from local to production endpoint
390
- const SPAPS_URL = 'http://104.131.188.214:3000'; // Your production server
391
- ```
392
-
393
- ### Production Features
394
-
395
- The production SPAPS server includes:
396
- - ✅ **Real Supabase integration** with RLS policies
397
- - ✅ **Live Stripe webhooks** with signature verification
398
- - ✅ **Multi-wallet authentication** (Solana, Ethereum, Base, Bitcoin)
399
- - ✅ **JWT authentication** with refresh tokens
400
- - ✅ **Rate limiting** and security middleware
401
- - ✅ **Usage tracking** and analytics
402
- - ✅ **Multi-tenant support** for multiple client apps
403
-
404
- ### Health Check
405
-
406
- Check if your production server is running:
407
- ```bash
408
- curl http://104.131.188.214:3000/health
409
- # Returns: {"status":"healthy","mode":"production"}
410
- ```
205
+ ### Does `spaps init` overwrite my existing env file?
411
206
 
412
- ---
207
+ No. It skips `.env.local` if the file already exists.
413
208
 
414
- ## 🔒 New in v0.5.0: Admin Middleware & Permissions!
209
+ ### What does `spaps tools` output?
415
210
 
416
- Built-in admin middleware and permission utilities for secure Express.js applications:
211
+ An OpenAI-style tool spec for the local SPAPS surface.
417
212
 
418
- ```javascript
419
- const { requireAdmin, isAdminAccount } = require('spaps');
213
+ ### Is the admin middleware available as an import?
420
214
 
421
- // Protect admin routes
422
- app.get('/admin/dashboard', requireAdmin(), (req, res) => {
423
- res.json({ message: 'Admin only!' });
424
- });
215
+ Yes. The package exports the admin helpers from its main module and via the `./middleware` export path.
425
216
 
426
- // Check admin status
427
- if (isAdminAccount('buildooor@gmail.com')) {
428
- // Grant admin access
429
- }
430
- ```
217
+ ## About Contributions
431
218
 
432
- See [ADMIN_MIDDLEWARE.md](./ADMIN_MIDDLEWARE.md) for complete documentation.
219
+ *About Contributions:* Please don't take this the wrong way, but I do not accept outside contributions for any of my projects. I simply don't have the mental bandwidth to review anything, and it's my name on the thing, so I'm responsible for any problems it causes; thus, the risk-reward is highly asymmetric from my perspective. I'd also have to worry about other "stakeholders," which seems unwise for tools I mostly make for myself for free. Feel free to submit issues, and even PRs if you want to illustrate a proposed fix, but know I won't merge them directly. Instead, I'll have Claude or Codex review submissions via `gh` and independently decide whether and how to address them. Bug reports in particular are welcome. Sorry if this offends, but I want to avoid wasted time and hurt feelings. I understand this isn't in sync with the prevailing open-source ethos that seeks community contributions, but it's the only way I can move at this velocity and keep my sanity.
433
220
 
434
- ---
221
+ ## License
435
222
 
436
- **Current Version**: v0.5.0
437
- **License**: MIT
438
- **Node.js**: >=16.0.0 required
223
+ UNLICENSED
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "spaps",
3
- "version": "0.7.1",
3
+ "version": "0.7.2",
4
4
  "description": "Sweet Potato Authentication & Payment Service CLI - Docker Compose orchestrator for local Python/FastAPI SPAPS server with built-in admin middleware",
5
5
  "main": "src/index.js",
6
6
  "bin": {