unbound-cli 0.1.0

package/src/commands/setup.js

@@ -0,0 +1,341 @@
+const { execSync } = require('child_process');
+const readline = require('readline');
+const config = require('../config');
+const output = require('../output');
+const { ensureLoggedIn } = require('../auth');
+
+const SETUP_BASE_URL = 'https://raw.githubusercontent.com/websentry-ai/setup/refs/heads/main';
+
+/**
+ * Runs a Python setup script from the setup repo, passing the stored API key.
+ */
+function runSetupScript(scriptPath, apiKey) {
+  const url = `${SETUP_BASE_URL}/${scriptPath}`;
+  const cmd = `curl -fsSL "${url}" | python3 - --api-key "${apiKey}"`;
+
+  console.log('');
+  execSync(cmd, { stdio: 'inherit' });
+}
+
+/**
+ * Ensures login, gets the stored API key, and runs the setup script(s).
+ */
+function makeAction(...scriptPaths) {
+  return async () => {
+    try {
+      await ensureLoggedIn();
+      const apiKey = config.getApiKey();
+
+      for (const scriptPath of scriptPaths) {
+        runSetupScript(scriptPath, apiKey);
+      }
+    } catch (err) {
+      output.error(err.message);
+      process.exitCode = 1;
+    }
+  };
+}
+
+function register(program) {
+  const setup = program
+    .command('setup')
+    .description(
+      'Configure AI coding tools to use Unbound as their API gateway. ' +
+      'Supported tools: cursor, claude-code, gemini-cli, codex, roo-code, cline, kilo-code, custom-access.'
+    )
+    .addHelpText('after', `
+Automated setup (downloads scripts, sets env vars, configures tool):
+  $ unbound setup cursor         # Download hooks, set env, restart Cursor
+  $ unbound setup claude-code    # Set up gateway + hooks for Claude Code
+  $ unbound setup gemini-cli     # Set GEMINI_API_KEY and base URL
+  $ unbound setup codex          # Set OPENAI_API_KEY and base URL
+
+Instruction-only (shows API key and base URL to configure manually):
+  $ unbound setup roo-code       # Show Roo Code config values
+  $ unbound setup cline          # Show Cline config values
+  $ unbound setup kilo-code      # Show Kilo Code config values
+  $ unbound setup custom-access  # Show API key and base URL for direct API access
+
+All setup commands require login. If not logged in, the browser will
+open automatically to authenticate before proceeding.
+`);
+
+  setup
+    .command('cursor')
+    .description(
+      'Set up Cursor to use Unbound. Downloads hook scripts, sets the ' +
+      'UNBOUND_CURSOR_API_KEY environment variable, and restarts Cursor.'
+    )
+    .addHelpText('after', `
+What this does:
+  1. Downloads Cursor hook scripts from the Unbound setup repository
+  2. Sets the UNBOUND_CURSOR_API_KEY environment variable in your shell profile
+  3. Restarts Cursor to apply changes
+
+Prerequisites:
+  - Must be logged in (will auto-open browser to authenticate if not)
+  - Python 3 and curl must be installed
+  - Cursor must be installed
+
+Examples:
+  $ unbound setup cursor
+`)
+    .action(makeAction('cursor/setup.py'));
+
+  setup
+    .command('claude-code')
+    .description(
+      'Set up Claude Code to use Unbound. Prompts whether to use your existing ' +
+      'Claude subscription or use Unbound as the AI provider.'
+    )
+    .option('--subscription', 'Use your existing Claude subscription (hooks only)')
+    .option('--gateway', 'Use Unbound as the AI provider (gateway mode)')
+    .addHelpText('after', `
+Modes:
+  Subscription (hooks only):
+    Keep your existing Claude subscription. Installs Unbound hooks for
+    policy enforcement (security guardrails, cost limits) without changing
+    the AI provider. Runs claude-code/hooks/setup.py.
+
+  Gateway:
+    Use Unbound as the AI provider. Routes all Claude Code requests through
+    the Unbound gateway for full policy enforcement and model management.
+    Runs claude-code/gateway/setup.py.
+
+  If neither --subscription nor --gateway is provided, an interactive
+  prompt will ask you to choose.
+
+Prerequisites:
+  - Must be logged in (will auto-open browser to authenticate if not)
+  - Python 3 and curl must be installed
+  - Claude Code must be installed
+
+Examples:
+  $ unbound setup claude-code                # Interactive mode selection
+  $ unbound setup claude-code --subscription # Hooks only (keep your subscription)
+  $ unbound setup claude-code --gateway      # Use Unbound as AI provider
+`)
+    .action(async (opts) => {
+      try {
+        await ensureLoggedIn();
+        const apiKey = config.getApiKey();
+
+        let useSubscription = opts.subscription;
+        if (!opts.subscription && !opts.gateway) {
+          const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+          const answer = await new Promise((resolve) => {
+            console.log('\nHow do you want to use Claude Code with Unbound?\n');
+            console.log('  1. I have my own Claude subscription (hooks only - policy enforcement)');
+            console.log('  2. Use Unbound as the AI provider (gateway mode)\n');
+            rl.question('Choose (1 or 2): ', resolve);
+          });
+          rl.close();
+          useSubscription = answer.trim() === '1';
+        }
+
+        if (useSubscription) {
+          runSetupScript('claude-code/hooks/setup.py', apiKey);
+        } else {
+          runSetupScript('claude-code/gateway/setup.py', apiKey);
+        }
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  setup
+    .command('gemini-cli')
+    .description(
+      'Set up Gemini CLI to use Unbound. Sets GEMINI_API_KEY and ' +
+      'GOOGLE_GEMINI_BASE_URL environment variables.'
+    )
+    .addHelpText('after', `
+What this does:
+  1. Sets GEMINI_API_KEY to your Unbound API key in your shell profile
+  2. Sets GOOGLE_GEMINI_BASE_URL to the Unbound gateway endpoint
+  3. Gemini CLI will route all requests through Unbound
+
+Prerequisites:
+  - Must be logged in (will auto-open browser to authenticate if not)
+  - Python 3 and curl must be installed
+  - Gemini CLI must be installed
+
+Examples:
+  $ unbound setup gemini-cli
+`)
+    .action(makeAction('gemini-cli/gateway/setup.py'));
+
+  setup
+    .command('codex')
+    .description(
+      'Set up Codex to use Unbound. Sets OPENAI_API_KEY and ' +
+      'OPENAI_BASE_URL environment variables.'
+    )
+    .addHelpText('after', `
+What this does:
+  1. Sets OPENAI_API_KEY to your Unbound API key in your shell profile
+  2. Sets OPENAI_BASE_URL to the Unbound gateway endpoint
+  3. Codex will route all requests through Unbound
+
+Prerequisites:
+  - Must be logged in (will auto-open browser to authenticate if not)
+  - Python 3 and curl must be installed
+  - Codex must be installed
+
+Examples:
+  $ unbound setup codex
+`)
+    .action(makeAction('codex/gateway/setup.py'));
+
+  // --- Instruction-only tools ---
+
+  setup
+    .command('roo-code')
+    .description('Show setup values for Roo Code (VS Code extension). Displays the API provider and API key to configure in Roo Code settings.')
+    .addHelpText('after', `
+Output:
+  API Provider - Select "unbound" in Roo Code provider settings
+  API Key      - Your Unbound API key to paste into the extension
+
+To configure:
+  1. Open Command Palette (Ctrl/Cmd + Shift + P)
+  2. Type "Roo Code: Open Settings"
+  3. Select "unbound" as the API provider
+  4. Paste the API key shown below
+  5. Select your preferred model from the dropdown
+
+Examples:
+  $ unbound setup roo-code
+`)
+    .action(async () => {
+      try {
+        await ensureLoggedIn();
+        const apiKey = config.getApiKey();
+
+        output.keyValue([
+          ['API Provider', 'unbound'],
+          ['API Key', apiKey],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  setup
+    .command('cline')
+    .description('Show setup values for Cline (VS Code extension). Displays the API provider, Base URL, and API key to configure in Cline settings.')
+    .addHelpText('after', `
+Output:
+  API Provider - Use "OpenAI Compatible" in Cline provider settings
+  Base URL     - The Unbound gateway URL to paste as the Base URL
+  API Key      - Your Unbound API key to paste into the extension
+
+To configure:
+  1. Open Cline extension in VS Code
+  2. Select "Bring your own API key"
+  3. Set API Provider to "OpenAI Compatible"
+  4. Paste the Base URL and API Key shown below
+  5. Select a model (e.g., gpt-5.1)
+
+Examples:
+  $ unbound setup cline
+`)
+    .action(async () => {
+      try {
+        await ensureLoggedIn();
+        const apiKey = config.getApiKey();
+        const frontendUrl = config.getFrontendUrl();
+
+        output.keyValue([
+          ['API Provider', 'OpenAI Compatible'],
+          ['Base URL', frontendUrl],
+          ['API Key', apiKey],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  setup
+    .command('kilo-code')
+    .description('Show setup values for Kilo Code (VS Code extension or CLI). Displays the API provider and API key to configure in Kilo Code.')
+    .addHelpText('after', `
+Output:
+  API Provider - Select "Unbound" in Kilo Code provider settings
+  API Key      - Your Unbound API key to paste into the extension or CLI
+
+To configure (IDE extension):
+  1. Open Extensions (Ctrl/Cmd + Shift + X), install Kilo Code
+  2. Select "Use your own API key"
+  3. Set API Provider to "Unbound"
+  4. Paste the API Key shown below
+  5. Select a model (e.g., claude-opus-4-5, gpt-5.1)
+
+To configure (CLI):
+  1. Install: npm install -g @kilocode/cli
+  2. Run: kilocode
+  3. Set API Provider to "Unbound"
+  4. Paste the API Key shown below
+
+Examples:
+  $ unbound setup kilo-code
+`)
+    .action(async () => {
+      try {
+        await ensureLoggedIn();
+        const apiKey = config.getApiKey();
+
+        output.keyValue([
+          ['API Provider', 'Unbound'],
+          ['API Key', apiKey],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  setup
+    .command('custom-access')
+    .description('Show API key and base URL for direct API access. Use this to build custom integrations with the Unbound gateway.')
+    .addHelpText('after', `
+Output:
+  API Key   - Your Unbound API key for authentication
+  Base URL  - The Unbound gateway endpoint for API requests
+
+The Base URL is OpenAI-compatible. Use it with any OpenAI SDK or HTTP client:
+
+  curl -X POST {base_url}/v1/chat/completions \\
+    -H "Authorization: Bearer {api_key}" \\
+    -H "Content-Type: application/json" \\
+    -d '{"model": "gpt-4o-mini", "messages": [{"role": "user", "content": "Hello"}]}'
+
+Or with the Python SDK:
+  pip install unbound-gateway
+  from unbound import Unbound
+  client = Unbound(base_url="{base_url}", api_key="{api_key}")
+
+Examples:
+  $ unbound setup custom-access
+`)
+    .action(async () => {
+      try {
+        await ensureLoggedIn();
+        const apiKey = config.getApiKey();
+        const frontendUrl = config.getFrontendUrl();
+
+        output.keyValue([
+          ['API Key', apiKey],
+          ['Base URL', frontendUrl],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };

package/src/commands/status.js

@@ -0,0 +1,59 @@
+const config = require('../config');
+const api = require('../api');
+const output = require('../output');
+
+function register(program) {
+  program
+    .command('status')
+    .description('Show the current CLI status including config location, login state, and API connectivity. Useful for debugging connection issues.')
+    .addHelpText('after', `
+Output fields:
+  Config file   - Path to the config file (~/.unbound/config.json)
+  Logged in     - Whether credentials are stored (Yes/No)
+  Email         - The authenticated user's email (if logged in)
+  Organization  - The organization name (if logged in)
+  API base URL  - The backend API URL being used (if logged in)
+  Frontend URL  - The frontend URL for browser auth (if logged in)
+  API status    - Connectivity check result (Connected / Error)
+
+Examples:
+  $ unbound status
+`)
+    .action(async () => {
+      try {
+        const loggedIn = config.isLoggedIn();
+        const cfg = config.readConfig();
+
+        const pairs = [
+          ['Config file', config.CONFIG_FILE],
+          ['Logged in', loggedIn ? 'Yes' : 'No'],
+        ];
+
+        if (loggedIn) {
+          pairs.push(['Email', cfg.email || '-']);
+          pairs.push(['Organization', cfg.org_name || '-']);
+          pairs.push(['API base URL', config.getBaseUrl()]);
+          pairs.push(['Frontend URL', config.getFrontendUrl()]);
+        }
+
+        // Check API connectivity
+        let connectivity = 'Not checked (not logged in)';
+        if (loggedIn) {
+          try {
+            await api.get('/api/v1/users/privileges/');
+            connectivity = 'Connected';
+          } catch (err) {
+            connectivity = `Error: ${err.message}`;
+          }
+        }
+        pairs.push(['API status', connectivity]);
+
+        output.keyValue(pairs);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };

package/src/commands/tools.js

@@ -0,0 +1,176 @@
+const config = require('../config');
+const api = require('../api');
+const output = require('../output');
+
+function formatDate(dateStr) {
+  if (!dateStr) return '-';
+  return new Date(dateStr).toLocaleDateString();
+}
+
+const SUPPORTED_TOOL_TYPES = [
+  'CLAUDE_CODE',
+  'CURSOR',
+  'COPILOT',
+  'ROO_CODE',
+  'CLINE',
+  'GEMINI_CLI',
+  'CODEX',
+  'KILO_CODE',
+  'CUSTOM_ACCESS',
+];
+
+function register(program) {
+  const tools = program
+    .command('tools')
+    .description(
+      'Manage connected AI coding tools. List active tool connections, ' +
+      'connect new tools, and view approved tool types. ' +
+      `Supported types: ${SUPPORTED_TOOL_TYPES.join(', ')}.`
+    );
+
+  // tools list
+  tools
+    .command('list')
+    .description('List all connected tools across the organization, showing their status and usage.')
+    .option('--json', 'Output raw JSON instead of a table')
+    .addHelpText('after', `
+Output columns:
+  Tool Type     - The type of AI tool (e.g. CURSOR, CLAUDE_CODE)
+  User Email    - The user who connected the tool
+  Status        - Connection status
+  Monthly Cost  - Cost incurred this month
+  Connected At  - Date the tool was connected
+
+Examples:
+  $ unbound tools list
+  $ unbound tools list --json
+`)
+    .action(async (opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get('/api/v1/agents/');
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        output.table(data.agents, [
+          { key: 'tool_type', header: 'Tool Type' },
+          { key: 'user', header: 'User Email', format: (v) => (v ? v.email : '-') },
+          { key: 'status', header: 'Status' },
+          { key: 'monthly_cost', header: 'Monthly Cost', format: (v) => (v != null ? String(v) : '-') },
+          { key: 'connected_at', header: 'Connected At', format: (v) => formatDate(v) },
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // tools connect
+  tools
+    .command('connect <tool-type>')
+    .description(`Connect a new AI coding tool. Generates an API key and connection details for the specified tool type. Supported types: ${SUPPORTED_TOOL_TYPES.join(', ')}.`)
+    .addHelpText('after', `
+Supported tool types:
+  ${SUPPORTED_TOOL_TYPES.join(', ')}
+
+Output fields:
+  Tool Type        - The connected tool type
+  Status           - Connection status
+  API Key          - Generated API key for the tool
+  Application ID   - Application identifier
+  Application Name - Application display name
+
+Examples:
+  $ unbound tools connect CLAUDE_CODE
+  $ unbound tools connect CURSOR
+  $ unbound tools connect GEMINI_CLI
+`)
+    .action(async (toolType) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const normalized = toolType.toUpperCase();
+        if (!SUPPORTED_TOOL_TYPES.includes(normalized)) {
+          output.error(`Unsupported tool type: ${toolType}. Supported types: ${SUPPORTED_TOOL_TYPES.join(', ')}`);
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.post('/api/v1/agents/connect/', { body: { tool_type: normalized } });
+
+        output.success(`Connected ${normalized}.`);
+        output.keyValue([
+          ['Tool Type', data.tool_type],
+          ['Status', data.status],
+          ['API Key', data.api_key || '-'],
+          ['Application ID', data.application_id || '-'],
+          ['Application Name', data.application_name || '-'],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // tools approved
+  tools
+    .command('approved')
+    .description('List approved tool types for the organization and whether tool restrictions are enforced.')
+    .option('--json', 'Output raw JSON')
+    .addHelpText('after', `
+Output:
+  Restriction Enabled - Whether the organization restricts which tools can connect
+  Approved Tool Types - List of tool types allowed to connect
+
+Examples:
+  $ unbound tools approved
+  $ unbound tools approved --json
+`)
+    .action(async (opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get('/api/v1/organizations/approved-tools/');
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        if (data.restriction_enabled !== undefined) {
+          console.log(`Restriction Enabled: ${data.restriction_enabled}`);
+          console.log('');
+        }
+
+        if (data.approved_tools && data.approved_tools.length > 0) {
+          console.log('Approved Tool Types:');
+          for (const tool of data.approved_tools) {
+            console.log(`  ${typeof tool === 'string' ? tool : tool.tool_type || tool.name || JSON.stringify(tool)}`);
+          }
+        } else {
+          console.log('No approved tools configured.');
+        }
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };