unbound-cli 0.1.0

package/src/commands/user-groups.js

@@ -0,0 +1,282 @@
+const readline = require('readline');
+const config = require('../config');
+const api = require('../api');
+const output = require('../output');
+
+function formatDate(dateStr) {
+  if (!dateStr) return '-';
+  return new Date(dateStr).toLocaleDateString();
+}
+
+function displayGroup(group) {
+  output.keyValue([
+    ['ID', String(group.id)],
+    ['Name', group.name],
+    ['All Org Users', String(group.all_org_users)],
+    ['Member Count', String(group.member_count ?? '-')],
+    ['Created', formatDate(group.created_at)],
+    ['Updated', formatDate(group.updated_at)],
+  ]);
+
+  if (!group.all_org_users && group.members && group.members.length > 0) {
+    console.log('\nMembers:');
+    output.table(group.members, [
+      { key: 'id', header: 'ID' },
+      { key: 'email', header: 'Email' },
+      { key: 'first_name', header: 'First Name', format: (v) => v || '-' },
+      { key: 'last_name', header: 'Last Name', format: (v) => v || '-' },
+    ]);
+  }
+}
+
+function confirm(message) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(`${message} (y/N) `, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === 'y');
+    });
+  });
+}
+
+function parseCommaSeparated(value) {
+  if (!value) return undefined;
+  return value.split(',').map((s) => s.trim()).filter(Boolean);
+}
+
+function register(program) {
+  const userGroups = program
+    .command('user-groups')
+    .alias('groups')
+    .description('Manage user groups. Groups organize users for policy scoping and access control.');
+
+  // user-groups list
+  userGroups
+    .command('list')
+    .description('List all user groups. Supports searching by name.')
+    .option('--search <term>', 'Search groups by name')
+    .option('--json', 'Output raw JSON instead of a table')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups list
+  $ unbound groups list
+  $ unbound user-groups list --search "engineering"
+  $ unbound user-groups list --json
+`)
+    .action(async (opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const query = {};
+        if (opts.search) query.search = opts.search;
+
+        const data = await api.get('/api/v1/user_groups/', { query });
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        output.table(data.user_groups, [
+          { key: 'id', header: 'ID' },
+          { key: 'name', header: 'Name' },
+          { key: 'all_org_users', header: 'All Org Users' },
+          { key: 'member_count', header: 'Member Count', format: (v) => (v != null ? String(v) : '-') },
+          { key: 'created_at', header: 'Created', format: (v) => formatDate(v) },
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // user-groups get
+  userGroups
+    .command('get <id>')
+    .description('Get detailed information about a specific user group, including its members.')
+    .option('--json', 'Output raw JSON instead of formatted key-value pairs')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups get 1
+  $ unbound groups get 1 --json
+`)
+    .action(async (id, opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get(`/api/v1/user_groups/${id}/`);
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        displayGroup(data.user_group);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // user-groups create
+  userGroups
+    .command('create')
+    .description('Create a new user group. By default, the group includes all organization users.')
+    .requiredOption('--name <name>', 'Group name (required)')
+    .option('--all-org-users', 'Include all organization users (default: true)', true)
+    .option('--no-all-org-users', 'Do not include all organization users')
+    .option('--user-ids <ids>', 'Comma-separated user IDs to add to this group')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups create --name "Engineering"
+  $ unbound groups create --name "Backend Team" --no-all-org-users --user-ids 1,2,3
+`)
+    .action(async (opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const body = {
+          name: opts.name,
+          all_org_users: opts.allOrgUsers,
+        };
+
+        if (opts.userIds) {
+          body.user_ids = parseCommaSeparated(opts.userIds).map(Number);
+        }
+
+        const data = await api.post('/api/v1/user_groups/', { body });
+        output.success('User group created.');
+        displayGroup(data.user_group);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // user-groups update
+  userGroups
+    .command('update <id>')
+    .description('Update an existing user group. Only provided fields will be changed.')
+    .option('--name <name>', 'Update group name')
+    .option('--all-org-users', 'Include all organization users')
+    .option('--no-all-org-users', 'Do not include all organization users')
+    .option('--user-ids <ids>', 'Comma-separated user IDs to set as group members')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups update 1 --name "New Name"
+  $ unbound groups update 1 --no-all-org-users --user-ids 1,2,3
+  $ unbound user-groups update 1 --all-org-users
+`)
+    .action(async (id, opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const body = {};
+        if (opts.name !== undefined) body.name = opts.name;
+        if (opts.allOrgUsers !== undefined) body.all_org_users = opts.allOrgUsers;
+
+        if (opts.userIds) {
+          body.user_ids = parseCommaSeparated(opts.userIds).map(Number);
+        }
+
+        const data = await api.put(`/api/v1/user_groups/${id}/`, { body });
+        output.success('User group updated.');
+        displayGroup(data.user_group);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // user-groups delete
+  userGroups
+    .command('delete <id>')
+    .description('Delete a user group by its ID. Prompts for confirmation unless --yes is provided.')
+    .option('--yes', 'Skip confirmation prompt')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups delete 1
+  $ unbound groups delete 1 --yes
+`)
+    .action(async (id, opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        if (!opts.yes) {
+          const confirmed = await confirm(`Are you sure you want to delete user group ${id}?`);
+          if (!confirmed) {
+            output.warn('Aborted.');
+            return;
+          }
+        }
+
+        await api.del(`/api/v1/user_groups/${id}/`);
+        output.success(`User group ${id} deleted.`);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // user-groups effective-policies
+  userGroups
+    .command('effective-policies <id>')
+    .description('View the effective policies applied to a specific user group. Shows the resolved set of policies after inheritance and priority.')
+    .option('--json', 'Output raw JSON')
+    .addHelpText('after', `
+Examples:
+  $ unbound user-groups effective-policies 1
+  $ unbound groups effective-policies 1 --json
+`)
+    .action(async (id, opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get(`/api/v1/user_groups/${id}/effective_policies/`);
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        const policies = data.effective_policies || data.policies || [];
+        output.table(policies, [
+          { key: 'id', header: 'ID' },
+          { key: 'name', header: 'Name' },
+          { key: 'type', header: 'Type' },
+          { key: 'enabled', header: 'Enabled' },
+          { key: 'priority', header: 'Priority', format: (v) => (v != null ? String(v) : '-') },
+          { key: 'config_summary', header: 'Config Summary', format: (v) => v || '-' },
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };

package/src/commands/users.js

@@ -0,0 +1,88 @@
+const config = require('../config');
+const api = require('../api');
+const output = require('../output');
+
+function register(program) {
+  const users = program
+    .command('users')
+    .description('Manage organization users. List members and view their effective policies.');
+
+  // users list
+  users
+    .command('list')
+    .description('List all members in the organization.')
+    .option('--json', 'Output raw JSON instead of a table')
+    .addHelpText('after', `
+Examples:
+  $ unbound users list
+  $ unbound users list --json
+`)
+    .action(async (opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get('/api/v1/user_groups/members/');
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        output.table(data.members, [
+          { key: 'id', header: 'ID' },
+          { key: 'email', header: 'Email' },
+          { key: 'first_name', header: 'First Name', format: (v) => v || '-' },
+          { key: 'last_name', header: 'Last Name', format: (v) => v || '-' },
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+
+  // users effective-policies
+  users
+    .command('effective-policies <user-id>')
+    .description('View the effective policies applied to a specific user. Shows the resolved set of policies after inheritance and priority.')
+    .option('--json', 'Output raw JSON')
+    .addHelpText('after', `
+Examples:
+  $ unbound users effective-policies 42
+  $ unbound users effective-policies 42 --json
+`)
+    .action(async (userId, opts) => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const data = await api.get(`/api/v1/users/${userId}/effective_policies/`);
+
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
+        const policies = data.effective_policies || data.policies || [];
+        output.table(policies, [
+          { key: 'id', header: 'ID' },
+          { key: 'name', header: 'Name' },
+          { key: 'type', header: 'Type' },
+          { key: 'enabled', header: 'Enabled' },
+          { key: 'priority', header: 'Priority', format: (v) => (v != null ? String(v) : '-') },
+          { key: 'config_summary', header: 'Config Summary', format: (v) => v || '-' },
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };

package/src/commands/whoami.js

@@ -0,0 +1,49 @@
+const config = require('../config');
+const api = require('../api');
+const output = require('../output');
+
+function roleFromPrivileges(privileges) {
+  if (privileges.is_admin) return 'Admin';
+  if (privileges.is_manager) return 'Manager';
+  if (privileges.is_member) return 'Member';
+  return 'Unknown';
+}
+
+function register(program) {
+  program
+    .command('whoami')
+    .description('Display the currently authenticated user, organization, and role. Requires an active login session.')
+    .addHelpText('after', `
+Output fields:
+  Email        - The authenticated user's email address
+  Organization - The organization the user belongs to
+  Role         - One of: Admin, Manager, Member
+
+Examples:
+  $ unbound whoami
+`)
+    .action(async () => {
+      try {
+        if (!config.isLoggedIn()) {
+          output.error('Not logged in. Run `unbound login` first.');
+          process.exitCode = 1;
+          return;
+        }
+
+        const cfg = config.readConfig();
+        const privileges = await api.get('/api/v1/users/privileges/');
+        const role = roleFromPrivileges(privileges);
+
+        output.keyValue([
+          ['Email', cfg.email || '-'],
+          ['Organization', cfg.org_name || '-'],
+          ['Role', role],
+        ]);
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
+}
+
+module.exports = { register };

package/src/config.js

@@ -0,0 +1,87 @@
+const fs = require('fs');
+const path = require('path');
+const os = require('os');
+
+const CONFIG_DIR = path.join(os.homedir(), '.unbound');
+const CONFIG_FILE = path.join(CONFIG_DIR, 'config.json');
+const DEFAULT_BASE_URL = 'https://backend.getunbound.ai';
+const DEFAULT_FRONTEND_URL = 'https://gateway.getunbound.ai';
+
+function ensureConfigDir() {
+  if (!fs.existsSync(CONFIG_DIR)) {
+    fs.mkdirSync(CONFIG_DIR, { recursive: true, mode: 0o700 });
+  }
+}
+
+function readConfig() {
+  try {
+    if (fs.existsSync(CONFIG_FILE)) {
+      return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
+    }
+  } catch {
+    // Corrupted config, start fresh
+  }
+  return {};
+}
+
+function writeConfig(config) {
+  ensureConfigDir();
+  fs.writeFileSync(CONFIG_FILE, JSON.stringify(config, null, 2), { mode: 0o600 });
+}
+
+function getApiKey() {
+  const config = readConfig();
+  return config.api_key || null;
+}
+
+function setApiKey(apiKey) {
+  const config = readConfig();
+  config.api_key = apiKey;
+  writeConfig(config);
+}
+
+function getBaseUrl() {
+  return process.env.UNBOUND_API_URL || readConfig().base_url || DEFAULT_BASE_URL;
+}
+
+function setBaseUrl(url) {
+  const config = readConfig();
+  config.base_url = url;
+  writeConfig(config);
+}
+
+function getFrontendUrl() {
+  return process.env.UNBOUND_FRONTEND_URL || readConfig().frontend_url || DEFAULT_FRONTEND_URL;
+}
+
+function setFrontendUrl(url) {
+  const config = readConfig();
+  config.frontend_url = url;
+  writeConfig(config);
+}
+
+function clearConfig() {
+  if (fs.existsSync(CONFIG_FILE)) {
+    fs.unlinkSync(CONFIG_FILE);
+  }
+}
+
+function isLoggedIn() {
+  return !!getApiKey();
+}
+
+module.exports = {
+  CONFIG_DIR,
+  CONFIG_FILE,
+  ensureConfigDir,
+  readConfig,
+  writeConfig,
+  getApiKey,
+  setApiKey,
+  getBaseUrl,
+  setBaseUrl,
+  getFrontendUrl,
+  setFrontendUrl,
+  clearConfig,
+  isLoggedIn,
+};

package/src/index.js

@@ -0,0 +1,129 @@
+#!/usr/bin/env node
+
+const { Command } = require('commander');
+const config = require('./config');
+const output = require('./output');
+
+const program = new Command();
+
+program
+  .name('unbound')
+  .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, and more.')
+  .version('0.1.0')
+  .addHelpText('after', `
+Examples:
+  $ unbound login                        Sign in via browser
+  $ unbound login --api-key <key>        Sign in with an API key
+  $ unbound whoami                       Show current user info
+  $ unbound policy list                  List all policies
+  $ unbound policy list --type SECURITY  List security policies
+  $ unbound users list                   List organization users
+  $ unbound user-groups list             List user groups
+  $ unbound tools list                   List connected AI tools
+  $ unbound setup cursor                 Configure Cursor to use Unbound
+  $ unbound setup claude-code            Configure Claude Code to use Unbound
+  $ unbound config set-url http://localhost:8000           Use local backend
+  $ unbound config set-frontend-url http://localhost:3000  Use local frontend
+
+Environment Variables:
+  UNBOUND_API_URL       Override the API base URL (e.g. http://localhost:8000)
+  UNBOUND_FRONTEND_URL  Override the frontend URL (e.g. http://localhost:3000)
+
+Configuration:
+  Config is stored in ~/.unbound/config.json
+  Production backend:  https://backend.getunbound.ai
+  Production frontend: https://gateway.getunbound.ai
+`);
+
+// Register all command modules
+require('./commands/login').register(program);
+require('./commands/logout').register(program);
+require('./commands/whoami').register(program);
+require('./commands/status').register(program);
+require('./commands/policy').register(program);
+require('./commands/users').register(program);
+require('./commands/user-groups').register(program);
+require('./commands/tools').register(program);
+require('./commands/setup').register(program);
+
+// config command for managing CLI settings
+const configCmd = program
+  .command('config')
+  .description('Manage CLI configuration. Set or view the API base URL and other settings.');
+
+configCmd
+  .command('set-url <url>')
+  .description('Set the API base URL. Use http://localhost:8000 for local development.')
+  .addHelpText('after', `
+Examples:
+  $ unbound config set-url http://localhost:8000       # Local development
+  $ unbound config set-url https://backend.getunbound.ai  # Production (default)
+`)
+  .action((url) => {
+    config.setBaseUrl(url);
+    output.success(`API base URL set to ${url}`);
+  });
+
+configCmd
+  .command('get-url')
+  .description('Show the current API base URL.')
+  .action(() => {
+    console.log(config.getBaseUrl());
+  });
+
+configCmd
+  .command('reset-url')
+  .description('Reset the API base URL to the default (https://backend.getunbound.ai).')
+  .action(() => {
+    const cfg = config.readConfig();
+    delete cfg.base_url;
+    config.writeConfig(cfg);
+    output.success(`API base URL reset to ${config.getBaseUrl()}`);
+  });
+
+configCmd
+  .command('set-frontend-url <url>')
+  .description('Set the frontend URL. Use http://localhost:3000 for local development.')
+  .addHelpText('after', `
+Examples:
+  $ unbound config set-frontend-url http://localhost:3000       # Local development
+  $ unbound config set-frontend-url https://gateway.getunbound.ai  # Production (default)
+`)
+  .action((url) => {
+    config.setFrontendUrl(url);
+    output.success(`Frontend URL set to ${url}`);
+  });
+
+configCmd
+  .command('get-frontend-url')
+  .description('Show the current frontend URL.')
+  .action(() => {
+    console.log(config.getFrontendUrl());
+  });
+
+configCmd
+  .command('reset-frontend-url')
+  .description('Reset the frontend URL to the default (https://gateway.getunbound.ai).')
+  .action(() => {
+    const cfg = config.readConfig();
+    delete cfg.frontend_url;
+    config.writeConfig(cfg);
+    output.success(`Frontend URL reset to ${config.getFrontendUrl()}`);
+  });
+
+configCmd
+  .command('show')
+  .description('Show all current configuration values.')
+  .action(() => {
+    const cfg = config.readConfig();
+    output.keyValue([
+      ['Config file', config.CONFIG_FILE],
+      ['API base URL', config.getBaseUrl()],
+      ['Frontend URL', config.getFrontendUrl()],
+      ['Logged in', config.isLoggedIn() ? 'Yes' : 'No'],
+      ['Email', cfg.email || '-'],
+      ['Organization', cfg.org_name || '-'],
+    ]);
+  });
+
+program.parse(process.argv);

package/src/output.js

@@ -0,0 +1,65 @@
+/**
+ * Output formatting utilities for the Unbound CLI.
+ * Provides table, JSON, and key-value output for terminal display.
+ */
+
+function table(rows, columns) {
+  if (!rows || rows.length === 0) {
+    console.log('No results found.');
+    return;
+  }
+
+  // Calculate column widths
+  const widths = {};
+  for (const col of columns) {
+    widths[col.key] = col.header.length;
+  }
+  for (const row of rows) {
+    for (const col of columns) {
+      const val = String(col.format ? col.format(row[col.key], row) : row[col.key] ?? '');
+      widths[col.key] = Math.max(widths[col.key], val.length);
+    }
+  }
+
+  // Header
+  const header = columns.map((col) => col.header.padEnd(widths[col.key])).join('  ');
+  const separator = columns.map((col) => '-'.repeat(widths[col.key])).join('  ');
+  console.log(header);
+  console.log(separator);
+
+  // Rows
+  for (const row of rows) {
+    const line = columns
+      .map((col) => {
+        const val = String(col.format ? col.format(row[col.key], row) : row[col.key] ?? '');
+        return val.padEnd(widths[col.key]);
+      })
+      .join('  ');
+    console.log(line);
+  }
+}
+
+function json(data) {
+  console.log(JSON.stringify(data, null, 2));
+}
+
+function keyValue(pairs) {
+  const maxKey = Math.max(...pairs.map(([k]) => k.length));
+  for (const [key, value] of pairs) {
+    console.log(`${key.padEnd(maxKey)}  ${value ?? '-'}`);
+  }
+}
+
+function success(msg) {
+  console.log(`\u2713 ${msg}`);
+}
+
+function error(msg) {
+  console.error(`Error: ${msg}`);
+}
+
+function warn(msg) {
+  console.error(`Warning: ${msg}`);
+}
+
+module.exports = { table, json, keyValue, success, error, warn };