unbound-cli 0.1.3 → 0.1.5

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "unbound-cli",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {
-    "unbound": "src/index.js"
+    "unbound": "src/index.js",
+    "unbound-cli": "src/index.js"
   },
   "scripts": {
     "start": "node src/index.js",

package/src/api.js

@@ -5,9 +5,22 @@ const config = require('./config');
 
 const USER_AGENT = 'UnboundCLI/0.1.0';
 
+const STATUS_MESSAGES = {
+  400: 'Bad request. Check your input and try again.',
+  401: 'Authentication failed. Your API key may be invalid or expired. Run `unbound login` to re-authenticate.',
+  403: 'Permission denied. You may not have the required role for this action.',
+  404: 'Not found. Check the ID and try again.',
+  409: 'Conflict. The resource may already exist.',
+  422: 'Invalid input. Check your parameters and try again.',
+  429: 'Too many requests. Please wait and try again.',
+  500: 'Something went wrong on the server. Please try again later.',
+  502: 'The server is temporarily unavailable. Please try again later.',
+  503: 'The server is temporarily unavailable. Please try again later.',
+};
+
 class ApiError extends Error {
   constructor(statusCode, body) {
-    const message = body?.error || body?.message || `HTTP ${statusCode}`;
+    const message = body?.error || body?.message || STATUS_MESSAGES[statusCode] || `Unexpected error (HTTP ${statusCode})`;
     super(message);
     this.name = 'ApiError';
     this.statusCode = statusCode;
@@ -66,7 +79,17 @@ function request(method, path, { body, query, apiKey } = {}) {
       });
     });
 
-    req.on('error', reject);
+    req.on('error', (err) => {
+      if (err.code === 'ECONNREFUSED') {
+        reject(new Error(`Could not connect to ${url.host}. Check that the server is running.`));
+      } else if (err.code === 'ENOTFOUND') {
+        reject(new Error(`Could not resolve ${url.host}. Check your internet connection and the API URL.`));
+      } else if (err.code === 'ETIMEDOUT' || err.code === 'ESOCKETTIMEDOUT') {
+        reject(new Error(`Connection to ${url.host} timed out. Please try again.`));
+      } else {
+        reject(new Error(`Network error: ${err.message}`));
+      }
+    });
     if (payload) req.write(payload);
     req.end();
   });

package/src/auth.js

@@ -70,9 +70,9 @@ async function loginWithBrowser(frontendUrl) {
 
   const open = (await import('open')).default;
 
-  console.log('Opening browser for authentication...');
-  console.log(`If the browser does not open, visit:\n${authUrl}\n`);
-  console.log('Waiting for authentication...');
+  output.info('Opening browser for authentication...');
+  output.info(`If the browser does not open, visit:\n${authUrl}`);
+  output.info('Waiting for authentication...');
 
   await open(authUrl);
 
@@ -100,14 +100,14 @@ async function ensureLoggedIn() {
     return true;
   }
 
-  output.warn('Not logged in. Opening browser to authenticate...\n');
+  output.warn('Not logged in. Opening browser to authenticate...');
   const frontendUrl = config.getFrontendUrl();
   const result = await loginWithBrowser(frontendUrl);
 
   const parts = [];
   if (result.email) parts.push(`as ${result.email}`);
   if (result.orgName) parts.push(`to ${result.orgName}`);
-  output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.\n`);
+  output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.`);
 
   return true;
 }

package/src/commands/login.js

@@ -1,5 +1,6 @@
 const config = require('../config');
 const output = require('../output');
+const api = require('../api');
 const { loginWithBrowser } = require('../auth');
 
 function register(program) {
@@ -8,7 +9,7 @@ function register(program) {
     .description('Authenticate with Unbound. Opens a browser for interactive login, or use --api-key for CI/CD environments.')
     .option('--api-key <key>', 'Authenticate with an API key directly (non-interactive)')
     .option('--base-url <url>', 'Set a custom API base URL before logging in')
-    .option('--frontend-url <url>', 'Set a custom frontend URL for browser login')
+    .option('--domain <domain>', 'Use a custom domain for login (e.g. custom.example.com)')
     .addHelpText('after', `
 Authentication methods:
   Browser login (default):
@@ -21,14 +22,14 @@ Authentication methods:
     API key directly without browser interaction.
 
 Options:
+  --domain sets a custom domain for organizations with self-hosted frontends.
   --base-url sets the backend API URL before authenticating (persisted).
-  --frontend-url sets the frontend URL for browser login (persisted).
 
 Examples:
-  $ unbound login                        # Interactive browser-based login
-  $ unbound login --api-key sk-abc123    # Non-interactive login with API key
-  $ unbound login --base-url http://localhost:8000 --frontend-url http://localhost:3000
-  $ unbound login --base-url https://custom.api.example.com --api-key sk-abc123
+  $ unbound login                              # Login via default gateway
+  $ unbound login --domain custom.example.com  # Login via custom domain
+  $ unbound login --api-key sk-abc123          # Non-interactive login
+  $ unbound login --base-url http://localhost:8000  # Use local backend
 `)
     .action(async (opts) => {
       try {
@@ -36,22 +37,31 @@ Examples:
           config.setBaseUrl(opts.baseUrl);
         }
 
-        if (opts.frontendUrl) {
-          config.setFrontendUrl(opts.frontendUrl);
-        }
+        let apiKey;
 
         if (opts.apiKey) {
-          config.setApiKey(opts.apiKey);
-          output.success('Logged in successfully with API key.');
-          return;
+          apiKey = opts.apiKey;
+        } else {
+          // Determine frontend URL: --domain flag or default
+          let frontendUrl;
+          if (opts.domain) {
+            frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
+          } else {
+            frontendUrl = config.getFrontendUrl();
+          }
+
+          await loginWithBrowser(frontendUrl);
+          apiKey = config.getApiKey();
         }
 
-        const frontendUrl = config.getFrontendUrl();
-        const result = await loginWithBrowser(frontendUrl);
+        // Store the API key and validate through the backend
+        config.setApiKey(apiKey);
+        await api.get('/api/v1/users/privileges/');
 
+        const cfg = config.readConfig();
         const parts = [];
-        if (result.email) parts.push(`as ${result.email}`);
-        if (result.orgName) parts.push(`to ${result.orgName}`);
+        if (cfg.email) parts.push(`as ${cfg.email}`);
+        if (cfg.org_name) parts.push(`to ${cfg.org_name}`);
         output.success(`Logged in successfully${parts.length ? ' ' + parts.join(' ') : ''}.`);
       } catch (err) {
         output.error(err.message);

package/src/commands/policy.js

@@ -1,12 +1,7 @@
-const readline = require('readline');
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate, confirm, parseCommaSeparated } = require('../utils');
 
 function formatScope(groups) {
   if (!groups || groups.length === 0) return '-';
@@ -52,21 +47,6 @@ function displayEffectivePolicies(data, opts) {
   ]);
 }
 
-function confirm(message) {
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve) => {
-    rl.question(`${message} (y/N) `, (answer) => {
-      rl.close();
-      resolve(answer.toLowerCase() === 'y');
-    });
-  });
-}
-
-function parseCommaSeparated(value) {
-  if (!value) return undefined;
-  return value.split(',').map((s) => s.trim()).filter(Boolean);
-}
-
 function register(program) {
   const policy = program
     .command('policy')
@@ -335,22 +315,25 @@ Examples:
 
         // Display each section of the form data
         if (data.user_groups) {
-          console.log('\nUser Groups:');
+          console.log('');
+          output.info('User Groups');
           output.table(data.user_groups, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },
           ]);
         }
 
-        if (data.tool_types) {
-          console.log('\nTool Types:');
+        if (data.tool_types && data.tool_types.length > 0) {
+          console.log('');
+          output.info('Tool Types');
           for (const type of data.tool_types) {
             console.log(`  ${type}`);
           }
         }
 
         if (data.guardrails) {
-          console.log('\nGuardrails:');
+          console.log('');
+          output.info('Guardrails');
           output.table(data.guardrails, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },
@@ -359,7 +342,8 @@ Examples:
         }
 
         if (data.models) {
-          console.log('\nModels:');
+          console.log('');
+          output.info('Models');
           output.table(data.models, [
             { key: 'id', header: 'ID' },
             { key: 'name', header: 'Name' },

package/src/commands/setup.js

@@ -9,9 +9,10 @@ const SETUP_BASE_URL = 'https://raw.githubusercontent.com/websentry-ai/setup/ref
 /**
  * Runs a Python setup script from the setup repo, passing the stored API key.
  */
-function runSetupScript(scriptPath, apiKey) {
+function runSetupScript(scriptPath, apiKey, { clear = false } = {}) {
   const url = `${SETUP_BASE_URL}/${scriptPath}`;
-  const cmd = `curl -fsSL "${url}" | python3 - --api-key "${apiKey}"`;
+  const extraArgs = clear ? ' --clear' : '';
+  const cmd = `curl -fsSL "${url}" | python3 - --api-key "${apiKey}"${extraArgs}`;
 
   console.log('');
   execSync(cmd, { stdio: 'inherit' });
@@ -21,13 +22,13 @@ function runSetupScript(scriptPath, apiKey) {
  * Ensures login, gets the stored API key, and runs the setup script(s).
  */
 function makeAction(...scriptPaths) {
-  return async () => {
+  return async (opts) => {
     try {
       await ensureLoggedIn();
       const apiKey = config.getApiKey();
 
       for (const scriptPath of scriptPaths) {
-        runSetupScript(scriptPath, apiKey);
+        runSetupScript(scriptPath, apiKey, { clear: opts.clear });
       }
     } catch (err) {
       output.error(err.message);
@@ -66,6 +67,7 @@ open automatically to authenticate before proceeding.
       'Set up Cursor to use Unbound. Downloads hook scripts, sets the ' +
       'UNBOUND_CURSOR_API_KEY environment variable, and restarts Cursor.'
     )
+    .option('--clear', 'Remove Unbound configuration for Cursor')
     .addHelpText('after', `
 What this does:
   1. Downloads Cursor hook scripts from the Unbound setup repository
@@ -79,6 +81,7 @@ Prerequisites:
 
 Examples:
   $ unbound setup cursor
+  $ unbound setup cursor --clear   # Remove Unbound configuration
 `)
     .action(makeAction('cursor/setup.py'));
 
@@ -90,6 +93,7 @@ Examples:
     )
     .option('--subscription', 'Use your existing Claude subscription (hooks only)')
     .option('--gateway', 'Use Unbound as the AI provider (gateway mode)')
+    .option('--clear', 'Remove Unbound configuration for Claude Code')
     .addHelpText('after', `
 Modes:
   Subscription (hooks only):
@@ -114,14 +118,16 @@ Examples:
   $ unbound setup claude-code                # Interactive mode selection
   $ unbound setup claude-code --subscription # Hooks only (keep your subscription)
   $ unbound setup claude-code --gateway      # Use Unbound as AI provider
+  $ unbound setup claude-code --clear        # Remove Unbound configuration
 `)
     .action(async (opts) => {
       try {
         await ensureLoggedIn();
         const apiKey = config.getApiKey();
+        const scriptOpts = { clear: opts.clear };
 
         let useSubscription = opts.subscription;
-        if (!opts.subscription && !opts.gateway) {
+        if (!opts.clear && !opts.subscription && !opts.gateway) {
           const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
           const answer = await new Promise((resolve) => {
             console.log('\nHow do you want to use Claude Code with Unbound?\n');
@@ -133,10 +139,13 @@ Examples:
           useSubscription = answer.trim() === '1';
         }
 
-        if (useSubscription) {
-          runSetupScript('claude-code/hooks/setup.py', apiKey);
+        if (opts.clear) {
+          runSetupScript('claude-code/hooks/setup.py', apiKey, scriptOpts);
+          runSetupScript('claude-code/gateway/setup.py', apiKey, scriptOpts);
+        } else if (useSubscription) {
+          runSetupScript('claude-code/hooks/setup.py', apiKey, scriptOpts);
         } else {
-          runSetupScript('claude-code/gateway/setup.py', apiKey);
+          runSetupScript('claude-code/gateway/setup.py', apiKey, scriptOpts);
         }
       } catch (err) {
         output.error(err.message);
@@ -150,6 +159,7 @@ Examples:
       'Set up Gemini CLI to use Unbound. Sets GEMINI_API_KEY and ' +
       'GOOGLE_GEMINI_BASE_URL environment variables.'
     )
+    .option('--clear', 'Remove Unbound configuration for Gemini CLI')
     .addHelpText('after', `
 What this does:
   1. Sets GEMINI_API_KEY to your Unbound API key in your shell profile
@@ -163,6 +173,7 @@ Prerequisites:
 
 Examples:
   $ unbound setup gemini-cli
+  $ unbound setup gemini-cli --clear   # Remove Unbound configuration
 `)
     .action(makeAction('gemini-cli/gateway/setup.py'));
 
@@ -172,6 +183,7 @@ Examples:
       'Set up Codex to use Unbound. Sets OPENAI_API_KEY and ' +
       'OPENAI_BASE_URL environment variables.'
     )
+    .option('--clear', 'Remove Unbound configuration for Codex')
     .addHelpText('after', `
 What this does:
   1. Sets OPENAI_API_KEY to your Unbound API key in your shell profile
@@ -185,6 +197,7 @@ Prerequisites:
 
 Examples:
   $ unbound setup codex
+  $ unbound setup codex --clear   # Remove Unbound configuration
 `)
     .action(makeAction('codex/gateway/setup.py'));
 

package/src/commands/status.js

@@ -18,8 +18,10 @@ Output fields:
 
 Examples:
   $ unbound status
+  $ unbound status --json
 `)
-    .action(async () => {
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
       try {
         const loggedIn = config.isLoggedIn();
         const cfg = config.readConfig();
@@ -48,6 +50,15 @@ Examples:
         }
         pairs.push(['API status', connectivity]);
 
+        if (opts.json) {
+          const obj = {};
+          for (const [key, value] of pairs) {
+            obj[key.toLowerCase().replace(/\s+/g, '_')] = value;
+          }
+          output.json(obj);
+          return;
+        }
+
         output.keyValue(pairs);
       } catch (err) {
         output.error(err.message);

package/src/commands/tools.js

@@ -1,11 +1,7 @@
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate } = require('../utils');
 
 const SUPPORTED_TOOL_TYPES = [
   'CLAUDE_CODE',
@@ -92,8 +88,10 @@ Examples:
   $ unbound tools connect CLAUDE_CODE
   $ unbound tools connect CURSOR
   $ unbound tools connect GEMINI_CLI
+  $ unbound tools connect CLAUDE_CODE --json
 `)
-    .action(async (toolType) => {
+    .option('--json', 'Output raw JSON')
+    .action(async (toolType, opts) => {
       try {
         if (!config.isLoggedIn()) {
           output.error('Not logged in. Run `unbound login` first.');
@@ -110,6 +108,11 @@ Examples:
 
         const data = await api.post('/api/v1/agents/connect/', { body: { tool_type: normalized } });
 
+        if (opts.json) {
+          output.json(data);
+          return;
+        }
+
         output.success(`Connected ${normalized}.`);
         output.keyValue([
           ['Tool Type', data.tool_type],
@@ -153,18 +156,21 @@ Examples:
           return;
         }
 
-        if (data.restriction_enabled !== undefined) {
-          console.log(`Restriction Enabled: ${data.restriction_enabled}`);
-          console.log('');
-        }
+        output.keyValue([
+          ['Restriction Enabled', data.restriction_enabled !== undefined ? String(data.restriction_enabled) : '-'],
+        ]);
 
         if (data.approved_tools && data.approved_tools.length > 0) {
-          console.log('Approved Tool Types:');
-          for (const tool of data.approved_tools) {
-            console.log(`  ${typeof tool === 'string' ? tool : tool.tool_type || tool.name || JSON.stringify(tool)}`);
-          }
+          console.log('');
+          output.table(data.approved_tools.map((tool) => {
+            const name = typeof tool === 'string' ? tool : tool.tool_type || tool.name || JSON.stringify(tool);
+            return { name };
+          }), [
+            { key: 'name', header: 'Tool Type' },
+          ]);
         } else {
-          console.log('No approved tools configured.');
+          console.log('');
+          output.info('No approved tools configured.');
         }
       } catch (err) {
         output.error(err.message);

package/src/commands/user-groups.js

@@ -1,12 +1,7 @@
-const readline = require('readline');
 const config = require('../config');
 const api = require('../api');
 const output = require('../output');
-
-function formatDate(dateStr) {
-  if (!dateStr) return '-';
-  return new Date(dateStr).toLocaleDateString();
-}
+const { formatDate, confirm, parseCommaSeparated } = require('../utils');
 
 function displayGroup(group) {
   output.keyValue([
@@ -19,7 +14,7 @@ function displayGroup(group) {
   ]);
 
   if (!group.all_org_users && group.members && group.members.length > 0) {
-    console.log('\nMembers:');
+    console.log('');
     output.table(group.members, [
       { key: 'id', header: 'ID' },
       { key: 'email', header: 'Email' },
@@ -29,21 +24,6 @@ function displayGroup(group) {
   }
 }
 
-function confirm(message) {
-  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-  return new Promise((resolve) => {
-    rl.question(`${message} (y/N) `, (answer) => {
-      rl.close();
-      resolve(answer.toLowerCase() === 'y');
-    });
-  });
-}
-
-function parseCommaSeparated(value) {
-  if (!value) return undefined;
-  return value.split(',').map((s) => s.trim()).filter(Boolean);
-}
-
 function register(program) {
   const userGroups = program
     .command('user-groups')

package/src/commands/whoami.js

@@ -21,8 +21,10 @@ Output fields:
 
 Examples:
   $ unbound whoami
+  $ unbound whoami --json
 `)
-    .action(async () => {
+    .option('--json', 'Output raw JSON')
+    .action(async (opts) => {
       try {
         if (!config.isLoggedIn()) {
           output.error('Not logged in. Run `unbound login` first.');
@@ -34,6 +36,11 @@ Examples:
         const privileges = await api.get('/api/v1/users/privileges/');
         const role = roleFromPrivileges(privileges);
 
+        if (opts.json) {
+          output.json({ email: cfg.email || null, organization: cfg.org_name || null, role });
+          return;
+        }
+
         output.keyValue([
           ['Email', cfg.email || '-'],
           ['Organization', cfg.org_name || '-'],

package/src/index.js

@@ -3,13 +3,14 @@
 const { Command } = require('commander');
 const config = require('./config');
 const output = require('./output');
+const { version } = require('../package.json');
 
 const program = new Command();
 
 program
   .name('unbound')
   .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, and more.')
-  .version('0.1.0')
+  .version(version)
   .addHelpText('after', `
 Examples:
   $ unbound login                        Sign in via browser
@@ -114,8 +115,22 @@ configCmd
 configCmd
   .command('show')
   .description('Show all current configuration values.')
-  .action(() => {
+  .option('--json', 'Output raw JSON')
+  .action((opts) => {
     const cfg = config.readConfig();
+
+    if (opts.json) {
+      output.json({
+        config_file: config.CONFIG_FILE,
+        api_base_url: config.getBaseUrl(),
+        frontend_url: config.getFrontendUrl(),
+        logged_in: config.isLoggedIn(),
+        email: cfg.email || null,
+        organization: cfg.org_name || null,
+      });
+      return;
+    }
+
     output.keyValue([
       ['Config file', config.CONFIG_FILE],
       ['API base URL', config.getBaseUrl()],

package/src/output.js

@@ -3,9 +3,19 @@
  * Provides table, JSON, and key-value output for terminal display.
  */
 
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const c = {
+  green: (s) => useColor ? `\x1b[32m${s}\x1b[0m` : s,
+  red: (s) => useColor ? `\x1b[31m${s}\x1b[0m` : s,
+  yellow: (s) => useColor ? `\x1b[33m${s}\x1b[0m` : s,
+  cyan: (s) => useColor ? `\x1b[36m${s}\x1b[0m` : s,
+  dim: (s) => useColor ? `\x1b[2m${s}\x1b[0m` : s,
+  bold: (s) => useColor ? `\x1b[1m${s}\x1b[0m` : s,
+};
+
 function table(rows, columns) {
   if (!rows || rows.length === 0) {
-    console.log('No results found.');
+    console.log(c.dim('No results found.'));
     return;
   }
 
@@ -22,8 +32,8 @@ function table(rows, columns) {
   }
 
   // Header
-  const header = columns.map((col) => col.header.padEnd(widths[col.key])).join('  ');
-  const separator = columns.map((col) => '-'.repeat(widths[col.key])).join('  ');
+  const header = columns.map((col) => c.bold(c.dim(col.header.padEnd(widths[col.key])))).join('  ');
+  const separator = columns.map((col) => '\u2500'.repeat(widths[col.key])).join('  ');
   console.log(header);
   console.log(separator);
 
@@ -46,20 +56,25 @@ function json(data) {
 function keyValue(pairs) {
   const maxKey = Math.max(...pairs.map(([k]) => k.length));
   for (const [key, value] of pairs) {
-    console.log(`${key.padEnd(maxKey)}  ${value ?? '-'}`);
+    console.log(`${c.dim(key.padEnd(maxKey))}  ${value ?? '-'}`);
   }
 }
 
 function success(msg) {
-  console.log(`\u2713 ${msg}`);
+  const check = process.stdout.isTTY ? '\u2714' : '\u221A';
+  console.log(c.green(`${check} ${msg}`));
 }
 
 function error(msg) {
-  console.error(`Error: ${msg}`);
+  console.error(c.red(c.bold(`Error: ${msg}`)));
 }
 
 function warn(msg) {
-  console.error(`Warning: ${msg}`);
+  console.error(c.yellow(`Warning: ${msg}`));
+}
+
+function info(msg) {
+  console.error(c.cyan(`\u2139 ${msg}`));
 }
 
-module.exports = { table, json, keyValue, success, error, warn };
+module.exports = { table, json, keyValue, success, error, warn, info };

package/src/utils.js

@@ -0,0 +1,23 @@
+const readline = require('readline');
+
+function formatDate(dateStr) {
+  if (!dateStr) return '-';
+  return new Date(dateStr).toLocaleDateString();
+}
+
+function confirm(message) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => {
+    rl.question(`${message} (y/N) `, (answer) => {
+      rl.close();
+      resolve(answer.toLowerCase() === 'y');
+    });
+  });
+}
+
+function parseCommaSeparated(value) {
+  if (!value) return undefined;
+  return value.split(',').map((s) => s.trim()).filter(Boolean);
+}
+
+module.exports = { formatDate, confirm, parseCommaSeparated };