unbound-cli 0.1.0 → 0.1.4

package/.github/workflows/publish.yml

@@ -8,6 +8,9 @@ on:
 jobs:
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
     steps:
       - name: Checkout
         uses: actions/checkout@v4

package/README.md

@@ -1,6 +1,6 @@
 # Unbound CLI
 
-Command-line tool for managing your Unbound AI Gateway. Configure policies, manage users and groups, connect AI coding tools, and set up tools like Cursor, Claude Code, Gemini CLI, and more.
+Command-line tool for managing your [Unbound AI Gateway](https://getunbound.ai). Configure policies, manage users and groups, connect AI coding tools, and set up tools like Cursor, Claude Code, Gemini CLI, and more.
 
 ## Installation
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "0.1.0",
+  "version": "0.1.4",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {
@@ -16,7 +16,8 @@
     "ai-gateway",
     "cli"
   ],
-  "license": "MIT",
+  "license": "UNLICENSED",
+  "private": false,
   "dependencies": {
     "commander": "^12.1.0",
     "open": "^10.1.0"

package/src/api.js

@@ -5,9 +5,22 @@ const config = require('./config');
 
 const USER_AGENT = 'UnboundCLI/0.1.0';
 
+const STATUS_MESSAGES = {
+  400: 'Bad request. Check your input and try again.',
+  401: 'Authentication failed. Your API key may be invalid or expired. Run `unbound login` to re-authenticate.',
+  403: 'Permission denied. You may not have the required role for this action.',
+  404: 'Not found. Check the ID and try again.',
+  409: 'Conflict. The resource may already exist.',
+  422: 'Invalid input. Check your parameters and try again.',
+  429: 'Too many requests. Please wait and try again.',
+  500: 'Something went wrong on the server. Please try again later.',
+  502: 'The server is temporarily unavailable. Please try again later.',
+  503: 'The server is temporarily unavailable. Please try again later.',
+};
+
 class ApiError extends Error {
   constructor(statusCode, body) {
-    const message = body?.error || body?.message || `HTTP ${statusCode}`;
+    const message = body?.error || body?.message || STATUS_MESSAGES[statusCode] || `Unexpected error (HTTP ${statusCode})`;
     super(message);
     this.name = 'ApiError';
     this.statusCode = statusCode;
@@ -66,7 +79,17 @@ function request(method, path, { body, query, apiKey } = {}) {
       });
     });
 
-    req.on('error', reject);
+    req.on('error', (err) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new Error(`Could not connect to ${url.host}. Check that the server is running.`));
+      } else if (err.code === 'ENOTFOUND') {
+        reject(new Error(`Could not resolve ${url.host}. Check your internet connection and the API URL.`));
+      } else if (err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
+        reject(new Error(`Connection to ${url.host} timed out. Please try again.`));
+      } else {
+        reject(new Error(`Network error: ${err.message}`));
+      }
+    });
     if (payload) req.write(payload);
     req.end();
   });

package/src/auth.js

@@ -70,9 +70,9 @@ async function loginWithBrowser(frontendUrl) {
 
   const open = (await import('open')).default;
 
-  console.log('Opening browser for authentication...');
-  console.log(`If the browser does not open, visit:\n${authUrl}\n`);
-  console.log('Waiting for authentication...');
+  output.info('Opening browser for authentication...');
+  output.info(`If the browser does not open, visit:\n${authUrl}`);
+  output.info('Waiting for authentication...');
 
   await open(authUrl);
 
@@ -100,14 +100,14 @@ async function ensureLoggedIn() {
     return true;
   }
 
-  output.warn('Not logged in. Opening browser to authenticate...\n');
+  output.warn('Not logged in. Opening browser to authenticate...');
   const frontendUrl = config.getFrontendUrl();
   const result = await loginWithBrowser(frontendUrl);
 
   const parts = [];
   if (result.email) parts.push(`as ${result.email}`);
   if (result.orgName) parts.push(`to ${result.orgName}`);
-  output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.\n`);
+  output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.`);
 
   return true;
 }

package/src/commands/login.js

@@ -1,5 +1,6 @@
 const config = require('../config');
 const output = require('../output');
+const api = require('../api');
 const { loginWithBrowser } = require('../auth');
 
 function register(program) {
@@ -8,7 +9,7 @@ function register(program) {
     .description('Authenticate with Unbound. Opens a browser for interactive login, or use --api-key for CI/CD environments.')
     .option('--api-key <key>', 'Authenticate with an API key directly (non-interactive)')
     .option('--base-url <url>', 'Set a custom API base URL before logging in')
-    .option('--frontend-url <url>', 'Set a custom frontend URL for browser login')
+    .option('--domain <domain>', 'Use a custom domain for login (e.g. custom.example.com)')
     .addHelpText('after', `
 Authentication methods:
   Browser login (default):
@@ -21,14 +22,14 @@ Authentication methods:
     API key directly without browser interaction.
 
 Options:
+  --domain sets a custom domain for organizations with self-hosted frontends.
   --base-url sets the backend API URL before authenticating (persisted).
-  --frontend-url sets the frontend URL for browser login (persisted).
 
 Examples:
-  $ unbound login                        # Interactive browser-based login
-  $ unbound login --api-key sk-abc123    # Non-interactive login with API key
-  $ unbound login --base-url http://localhost:8000 --frontend-url http://localhost:3000
-  $ unbound login --base-url https://custom.api.example.com --api-key sk-abc123
+  $ unbound login                              # Login via default gateway
+  $ unbound login --domain custom.example.com  # Login via custom domain
+  $ unbound login --api-key sk-abc123          # Non-interactive login
+  $ unbound login --base-url http://localhost:8000  # Use local backend
 `)
     .action(async (opts) => {
       try {
@@ -36,22 +37,31 @@ Examples:
           config.setBaseUrl(opts.baseUrl);
         }
 
-        if (opts.frontendUrl) {
-          config.setFrontendUrl(opts.frontendUrl);
-        }
+        let apiKey;
 
         if (opts.apiKey) {
-          config.setApiKey(opts.apiKey);
-          output.success('Logged in successfully with API key.');
-          return;
+          apiKey = opts.apiKey;
+        } else {
+          // Determine frontend URL: --domain flag or default
+          let frontendUrl;
+          if (opts.domain) {
+            frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
+          } else {
+            frontendUrl = config.getFrontendUrl();
+          }
+
+          await loginWithBrowser(frontendUrl);
+          apiKey = config.getApiKey();
         }
 
-        const frontendUrl = config.getFrontendUrl();
-        const result = await loginWithBrowser(frontendUrl);
+        // Store the API key and validate through the backend
+        config.setApiKey(apiKey);
+        await api.get('/api/v1/users/privileges/');
 
+        const cfg = config.readConfig();
         const parts = [];
-        if (result.email) parts.push(`as ${result.email}`);
-        if (result.orgName) parts.push(`to ${result.orgName}`);
+        if (cfg.email) parts.push(`as ${cfg.email}`);
+        if (cfg.org_name) parts.push(`to ${cfg.org_name}`);
         output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.`);
       } catch (err) {
         output.error(err.message);

package/src/commands/policy.js

@@ -1,12 +1,7 @@
-const readline = require('readline');
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate, confirm, parseCommaSeparated } = require('../utils');
 
 function formatScope(groups) {
   if (!groups || groups.length === 0) return '-';
@@ -52,21 +47,6 @@ function displayEffectivePolicies(data, opts) {
   ]);
 }
 
-function confirm(message) {
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve) => {
-    rl.question(`${message} (y/N) `, (answer) => {
-      rl.close();
-      resolve(answer.toLowerCase() === 'y');
-    });
-  });
-}
-
-function parseCommaSeparated(value) {
-  if (!value) return undefined;
-  return value.split(',').map((s) => s.trim()).filter(Boolean);
-}
-
 function register(program) {
   const policy = program
     .command('policy')
@@ -335,22 +315,25 @@ Examples:
 
         // Display each section of the form data
         if (data.user_groups) {
-          console.log('\nUser Groups:');
+          console.log('');
+          output.info('User Groups');
           output.table(data.user_groups, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },
           ]);
         }
 
-        if (data.tool_types) {
-          console.log('\nTool Types:');
+        if (data.tool_types && data.tool_types.length > 0) {
+          console.log('');
+          output.info('Tool Types');
           for (const type of data.tool_types) {
             console.log(`  ${type}`);
           }
         }
 
         if (data.guardrails) {
-          console.log('\nGuardrails:');
+          console.log('');
+          output.info('Guardrails');
           output.table(data.guardrails, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },
@@ -359,7 +342,8 @@ Examples:
         }
 
         if (data.models) {
-          console.log('\nModels:');
+          console.log('');
+          output.info('Models');
           output.table(data.models, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },

package/src/commands/status.js

@@ -18,8 +18,10 @@ Output fields:
 
 Examples:
   $ unbound status
+  $ unbound status --json
 `)
-    .action(async () => {
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
       try {
         const loggedIn = config.isLoggedIn();
         const cfg = config.readConfig();
@@ -48,6 +50,15 @@ Examples:
         }
         pairs.push(['API status', connectivity]);
 
+        if (opts.json) {
+          const obj = {};
+          for (const [key, value] of pairs) {
+            obj[key.toLowerCase().replace(/\s+/g, '_')] = value;
+          }
+          output.json(obj);
+          return;
+        }
+
         output.keyValue(pairs);
       } catch (err) {
         output.error(err.message);

package/src/commands/tools.js

@@ -1,11 +1,7 @@
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate } = require('../utils');
 
 const SUPPORTED_TOOL_TYPES = [
   'CLAUDE_CODE',
@@ -92,8 +88,10 @@ Examples:
   $ unbound tools connect CLAUDE_CODE
   $ unbound tools connect CURSOR
   $ unbound tools connect GEMINI_CLI
+  $ unbound tools connect CLAUDE_CODE --json
 `)
-    .action(async (toolType) => {
+    .option('--json', 'Output raw JSON')
+    .action(async (toolType, opts) => {
       try {
         if (!config.isLoggedIn()) {
           output.error('Not logged in. Run `unbound login` first.');
@@ -110,6 +108,11 @@ Examples:
 
         const data = await api.post('/api/v1/agents/connect/', { body: { tool_type: normalized } });
 
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
         output.success(`Connected ${normalized}.`);
         output.keyValue([
           ['Tool Type', data.tool_type],
@@ -153,18 +156,21 @@ Examples:
           return;
         }
 
-        if (data.restriction_enabled !== undefined) {
-          console.log(`Restriction Enabled: ${data.restriction_enabled}`);
-          console.log('');
-        }
+        output.keyValue([
+          ['Restriction Enabled', data.restriction_enabled !== undefined ? String(data.restriction_enabled) : '-'],
+        ]);
 
         if (data.approved_tools && data.approved_tools.length > 0) {
-          console.log('Approved Tool Types:');
-          for (const tool of data.approved_tools) {
-            console.log(`  ${typeof tool === 'string' ? tool : tool.tool_type || tool.name || JSON.stringify(tool)}`);
-          }
+          console.log('');
+          output.table(data.approved_tools.map((tool) => {
+            const name = typeof tool === 'string' ? tool : tool.tool_type || tool.name || JSON.stringify(tool);
+            return { name };
+          }), [
+            { key: 'name', header: 'Tool Type' },
+          ]);
         } else {
-          console.log('No approved tools configured.');
+          console.log('');
+          output.info('No approved tools configured.');
         }
       } catch (err) {
         output.error(err.message);

package/src/commands/user-groups.js

@@ -1,12 +1,7 @@
-const readline = require('readline');
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate, confirm, parseCommaSeparated } = require('../utils');
 
 function displayGroup(group) {
   output.keyValue([
@@ -19,7 +14,7 @@ function displayGroup(group) {
   ]);
 
   if (!group.all_org_users && group.members && group.members.length > 0) {
-    console.log('\nMembers:');
+    console.log('');
     output.table(group.members, [
       { key: 'id', header: 'ID' },
       { key: 'email', header: 'Email' },
@@ -29,21 +24,6 @@ function displayGroup(group) {
   }
 }
 
-function confirm(message) {
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve) => {
-    rl.question(`${message} (y/N) `, (answer) => {
-      rl.close();
-      resolve(answer.toLowerCase() === 'y');
-    });
-  });
-}
-
-function parseCommaSeparated(value) {
-  if (!value) return undefined;
-  return value.split(',').map((s) => s.trim()).filter(Boolean);
-}
-
 function register(program) {
   const userGroups = program
     .command('user-groups')

package/src/commands/whoami.js

@@ -21,8 +21,10 @@ Output fields:
 
 Examples:
   $ unbound whoami
+  $ unbound whoami --json
 `)
-    .action(async () => {
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
       try {
         if (!config.isLoggedIn()) {
           output.error('Not logged in. Run `unbound login` first.');
@@ -34,6 +36,11 @@ Examples:
         const privileges = await api.get('/api/v1/users/privileges/');
         const role = roleFromPrivileges(privileges);
 
+        if (opts.json) {
+          output.json({ email: cfg.email || null, organization: cfg.org_name || null, role });
+          return;
+        }
+
         output.keyValue([
           ['Email', cfg.email || '-'],
           ['Organization', cfg.org_name || '-'],

package/src/index.js

@@ -114,8 +114,22 @@ configCmd
 configCmd
   .command('show')
   .description('Show all current configuration values.')
-  .action(() => {
+  .option('--json', 'Output raw JSON')
+  .action((opts) => {
     const cfg = config.readConfig();
+
+    if (opts.json) {
+      output.json({
+        config_file: config.CONFIG_FILE,
+        api_base_url: config.getBaseUrl(),
+        frontend_url: config.getFrontendUrl(),
+        logged_in: config.isLoggedIn(),
+        email: cfg.email || null,
+        organization: cfg.org_name || null,
+      });
+      return;
+    }
+
     output.keyValue([
       ['Config file', config.CONFIG_FILE],
       ['API base URL', config.getBaseUrl()],

package/src/output.js

@@ -3,9 +3,19 @@
  * Provides table, JSON, and key-value output for terminal display.
  */
 
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const c = {
+  green: (s) => useColor ? `\x1b[32m${s}\x1b[0m` : s,
+  red: (s) => useColor ? `\x1b[31m${s}\x1b[0m` : s,
+  yellow: (s) => useColor ? `\x1b[33m${s}\x1b[0m` : s,
+  cyan: (s) => useColor ? `\x1b[36m${s}\x1b[0m` : s,
+  dim: (s) => useColor ? `\x1b[2m${s}\x1b[0m` : s,
+  bold: (s) => useColor ? `\x1b[1m${s}\x1b[0m` : s,
+};
+
 function table(rows, columns) {
   if (!rows || rows.length === 0) {
-    console.log('No results found.');
+    console.log(c.dim('No results found.'));
     return;
   }
 
@@ -22,8 +32,8 @@ function table(rows, columns) {
   }
 
   // Header
-  const header = columns.map((col) => col.header.padEnd(widths[col.key])).join('  ');
-  const separator = columns.map((col) => '-'.repeat(widths[col.key])).join('  ');
+  const header = columns.map((col) => c.bold(c.dim(col.header.padEnd(widths[col.key])))).join('  ');
+  const separator = columns.map((col) => '\u2500'.repeat(widths[col.key])).join('  ');
   console.log(header);
   console.log(separator);
 
@@ -46,20 +56,25 @@ function json(data) {
 function keyValue(pairs) {
   const maxKey = Math.max(...pairs.map(([k]) => k.length));
   for (const [key, value] of pairs) {
-    console.log(`${key.padEnd(maxKey)}  ${value ?? '-'}`);
+    console.log(`${c.dim(key.padEnd(maxKey))}  ${value ?? '-'}`);
   }
 }
 
 function success(msg) {
-  console.log(`\u2713 ${msg}`);
+  const check = process.stdout.isTTY ? '\u2714' : '\u221A';
+  console.log(c.green(`${check} ${msg}`));
 }
 
 function error(msg) {
-  console.error(`Error: ${msg}`);
+  console.error(c.red(c.bold(`Error: ${msg}`)));
 }
 
 function warn(msg) {
-  console.error(`Warning: ${msg}`);
+  console.error(c.yellow(`Warning: ${msg}`));
+}
+
+function info(msg) {
+  console.error(c.cyan(`\u2139 ${msg}`));
 }
 
-module.exports = { table, json, keyValue, success, error, warn };
+module.exports = { table, json, keyValue, success, error, warn, info };

package/src/utils.js

@@ -0,0 +1,23 @@
+const readline = require('readline');
+
+function formatDate(dateStr) {
+  if (!dateStr) return '-';
+  return new Date(dateStr).toLocaleDateString();
+}
+
+function confirm(message) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(`${message} (y/N) `, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === 'y');
+    });
+  });
+}
+
+function parseCommaSeparated(value) {
+  if (!value) return undefined;
+  return value.split(',').map((s) => s.trim()).filter(Boolean);
+}
+
+module.exports = { formatDate, confirm, parseCommaSeparated };