unbound-cli 0.1.5 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "0.1.5",
+  "version": "0.1.7",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/api.js

@@ -3,7 +3,8 @@ const http = require('http');
 const { URL } = require('url');
 const config = require('./config');
 
-const USER_AGENT = 'UnboundCLI/0.1.0';
+const { version } = require('../package.json');
+const USER_AGENT = `UnboundCLI/${version}`;
 
 const STATUS_MESSAGES = {
   400: 'Bad request. Check your input and try again.',
@@ -79,6 +80,11 @@ function request(method, path, { body, query, apiKey } = {}) {
       });
     });
 
+    req.setTimeout(30000, () => {
+      req.destroy();
+      reject(new Error(`Request to ${url.host} timed out after 30s. Please try again.`));
+    });
+
     req.on('error', (err) => {
       if (err.code === 'ECONNREFUSED') {
         reject(new Error(`Could not connect to ${url.host}. Check that the server is running.`));

package/src/auth.js

@@ -66,7 +66,7 @@ async function loginWithBrowser(frontendUrl) {
 
   const port = server.address().port;
   const callbackUrl = `http://localhost:${port}/callback`;
-  const authUrl = `${frontendUrl}/cli/auth?callback=${encodeURIComponent(callbackUrl)}`;
+  const authUrl = `${frontendUrl}/automations/api-key-callback?callback_url=${encodeURIComponent(callbackUrl)}&app_type=cli`;
 
   const open = (await import('open')).default;
 
@@ -74,19 +74,29 @@ async function loginWithBrowser(frontendUrl) {
   output.info(`If the browser does not open, visit:\n${authUrl}`);
   output.info('Waiting for authentication...');
 
-  await open(authUrl);
+  try {
+    await open(authUrl);
+  } catch {
+    // Browser failed to open — URL is already printed above
+  }
 
   const timeout = setTimeout(() => {
     callbackReject(new Error('Authentication timed out after 120 seconds'));
     server.close();
   }, 120_000);
 
+  const reminder = setInterval(() => {
+    output.info('Still waiting for browser authentication...');
+  }, 30_000);
+
   try {
     const result = await callbackPromise;
     clearTimeout(timeout);
+    clearInterval(reminder);
     return result;
   } catch (err) {
     clearTimeout(timeout);
+    clearInterval(reminder);
     throw err;
   }
 }

package/src/commands/login.js

@@ -41,23 +41,31 @@ Examples:
 
         if (opts.apiKey) {
           apiKey = opts.apiKey;
+          // Validate the key before storing
+          const spin = output.spinner('Validating API key...');
+          try {
+            await api.get('/api/v1/users/privileges/', { apiKey });
+            spin.stop();
+          } catch (err) {
+            spin.fail('Invalid API key. Check your key and try again.');
+            process.exitCode = 1;
+            return;
+          }
+          config.setApiKey(apiKey);
         } else {
-          // Determine frontend URL: --domain flag or default
+          // Browser flow — key is already saved by auth.loginWithBrowser()
           let frontendUrl;
           if (opts.domain) {
             frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
           } else {
             frontendUrl = config.getFrontendUrl();
           }
-
           await loginWithBrowser(frontendUrl);
           apiKey = config.getApiKey();
+          // Validate the stored key
+          await api.get('/api/v1/users/privileges/');
         }
 
-        // Store the API key and validate through the backend
-        config.setApiKey(apiKey);
-        await api.get('/api/v1/users/privileges/');
-
         const cfg = config.readConfig();
         const parts = [];
         if (cfg.email) parts.push(`as ${cfg.email}`);

package/src/commands/logout.js

@@ -4,20 +4,24 @@ const output = require('../output');
 function register(program) {
   program
     .command('logout')
-    .description('Log out of Unbound. Removes stored credentials and configuration from ~/.unbound/config.json.')
+    .description('Log out of Unbound. Removes stored credentials from ~/.unbound/config.json while preserving custom URL settings.')
     .addHelpText('after', `
 What this does:
-  Clears all stored credentials (API key, email, organization) from
+  Clears stored credentials (API key, email, organization) from
   ~/.unbound/config.json. Custom URL settings (base_url, frontend_url)
-  are also removed.
+  are preserved so you don't need to reconfigure them.
 
 Examples:
   $ unbound logout
 `)
     .action(() => {
       try {
-        config.clearConfig();
-        output.success('Logged out successfully.');
+        const cfg = config.readConfig();
+        delete cfg.api_key;
+        delete cfg.email;
+        delete cfg.org_name;
+        config.writeConfig(cfg);
+        output.success('Logged out successfully. Custom URL settings preserved.');
       } catch (err) {
         output.error(err.message);
         process.exitCode = 1;

package/src/commands/status.js

@@ -41,21 +41,28 @@ Examples:
         // Check API connectivity
         let connectivity = 'Not checked (not logged in)';
         if (loggedIn) {
+          const spin = output.spinner('Checking API connectivity...');
           try {
             await api.get('/api/v1/users/privileges/');
+            spin.stop();
             connectivity = 'Connected';
           } catch (err) {
+            spin.stop();
             connectivity = `Error: ${err.message}`;
           }
         }
         pairs.push(['API status', connectivity]);
 
         if (opts.json) {
-          const obj = {};
-          for (const [key, value] of pairs) {
-            obj[key.toLowerCase().replace(/\s+/g, '_')] = value;
-          }
-          output.json(obj);
+          output.json({
+            config_file: config.CONFIG_FILE,
+            logged_in: loggedIn,
+            email: loggedIn ? (cfg.email || null) : null,
+            organization: loggedIn ? (cfg.org_name || null) : null,
+            api_base_url: loggedIn ? config.getBaseUrl() : null,
+            frontend_url: loggedIn ? config.getFrontendUrl() : null,
+            api_status: connectivity,
+          });
           return;
         }
 

package/src/commands/whoami.js

@@ -25,15 +25,18 @@ Examples:
 `)
     .option('--json', 'Output raw JSON')
     .action(async (opts) => {
-      try {
-        if (!config.isLoggedIn()) {
-          output.error('Not logged in. Run `unbound login` first.');
-          process.exitCode = 1;
-          return;
-        }
+      if (!config.isLoggedIn()) {
+        output.error('Not logged in. Run `unbound login` first.');
+        process.exitCode = 1;
+        return;
+      }
 
-        const cfg = config.readConfig();
+      const cfg = config.readConfig();
+      const spin = output.spinner('Fetching user info...');
+      try {
         const privileges = await api.get('/api/v1/users/privileges/');
+        spin.stop();
+
         const role = roleFromPrivileges(privileges);
 
         if (opts.json) {
@@ -47,7 +50,7 @@ Examples:
           ['Role', role],
         ]);
       } catch (err) {
-        output.error(err.message);
+        spin.fail(err.message);
         process.exitCode = 1;
       }
     });

package/src/config.js

@@ -19,7 +19,7 @@ function readConfig() {
       return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
     }
   } catch {
-    // Corrupted config, start fresh
+    console.error(`\x1b[33mWarning: Config file at ${CONFIG_FILE} is corrupted. Using defaults.\x1b[0m`);
   }
   return {};
 }

package/src/index.js

@@ -9,31 +9,79 @@ const program = new Command();
 
 program
   .name('unbound')
-  .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, and more.')
+  .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, Codex, and more.')
   .version(version)
   .addHelpText('after', `
-Examples:
-  $ unbound login                        Sign in via browser
-  $ unbound login --api-key <key>        Sign in with an API key
-  $ unbound whoami                       Show current user info
-  $ unbound policy list                  List all policies
-  $ unbound policy list --type SECURITY  List security policies
-  $ unbound users list                   List organization users
-  $ unbound user-groups list             List user groups
-  $ unbound tools list                   List connected AI tools
-  $ unbound setup cursor                 Configure Cursor to use Unbound
-  $ unbound setup claude-code            Configure Claude Code to use Unbound
-  $ unbound config set-url http://localhost:8000           Use local backend
-  $ unbound config set-frontend-url http://localhost:3000  Use local frontend
-
-Environment Variables:
+AUTHENTICATION
+  $ unbound login                          Sign in via browser
+  $ unbound login --api-key <key>          Sign in with an API key (for CI/CD)
+  $ unbound login --domain custom.co       Sign in via custom domain
+  $ unbound logout                         Remove stored credentials
+  $ unbound whoami                         Show current user and organization
+  $ unbound status                         Show CLI status and API connectivity
+
+TOOL SETUP
+  Automated setup (installs hooks, sets env vars, configures tool):
+  $ unbound setup cursor                   Set up Cursor
+  $ unbound setup claude-code              Set up Claude Code (interactive mode selection)
+  $ unbound setup claude-code --gateway    Use Unbound as AI provider
+  $ unbound setup claude-code --subscription  Hooks only (keep your subscription)
+  $ unbound setup gemini-cli               Set up Gemini CLI
+  $ unbound setup codex                    Set up Codex
+
+  Instruction-only (shows config values to set manually):
+  $ unbound setup roo-code                 Show Roo Code config values
+  $ unbound setup cline                    Show Cline config values
+  $ unbound setup kilo-code                Show Kilo Code config values
+  $ unbound setup custom-access            Show API key and base URL
+
+  Remove configuration:
+  $ unbound setup cursor --clear           Remove Unbound config for Cursor
+  $ unbound setup claude-code --clear      Remove Unbound config for Claude Code
+  $ unbound setup gemini-cli --clear       Remove Unbound config for Gemini CLI
+  $ unbound setup codex --clear            Remove Unbound config for Codex
+
+POLICY MANAGEMENT
+  $ unbound policy list                    List all policies
+  $ unbound policy list --type SECURITY    Filter by type (SECURITY, MODEL, COST)
+  $ unbound policy get <id>                View policy details
+  $ unbound policy create --name <n> --type <t>  Create a new policy
+  $ unbound policy update <id> --name <n>  Update a policy
+  $ unbound policy delete <id>             Delete a policy
+  $ unbound policy effective <id>          View effective policies for a user/group
+  $ unbound policy form-data               Get reference data for policy creation
+
+USER & GROUP MANAGEMENT
+  $ unbound users list                     List organization members
+  $ unbound users effective-policies <id>  View effective policies for a user
+  $ unbound user-groups list               List user groups
+  $ unbound user-groups get <id>           View group details and members
+  $ unbound user-groups create --name <n>  Create a user group
+  $ unbound user-groups update <id>        Update a user group
+  $ unbound user-groups delete <id>        Delete a user group
+
+TOOL CONNECTIONS
+  $ unbound tools list                     List connected AI tools
+  $ unbound tools connect <type>           Connect a new tool
+  $ unbound tools approved                 List approved tool types
+
+CONFIGURATION
+  $ unbound config show                    Show all settings
+  $ unbound config set-url <url>           Set API base URL
+  $ unbound config set-frontend-url <url>  Set frontend URL
+  $ unbound config reset-url               Reset API URL to default
+  $ unbound config reset-frontend-url      Reset frontend URL to default
+
+ENVIRONMENT VARIABLES
   UNBOUND_API_URL       Override the API base URL (e.g. http://localhost:8000)
   UNBOUND_FRONTEND_URL  Override the frontend URL (e.g. http://localhost:3000)
 
-Configuration:
-  Config is stored in ~/.unbound/config.json
-  Production backend:  https://backend.getunbound.ai
-  Production frontend: https://gateway.getunbound.ai
+FILES
+  ~/.unbound/config.json    Credentials and CLI settings
+
+LEARN MORE
+  Use "unbound <command> --help" for more information about a command.
+  Use "unbound <command> <subcommand> --help" for subcommand details.
 `);
 
 // Register all command modules

package/src/output.js

@@ -77,4 +77,34 @@ function info(msg) {
   console.error(c.cyan(`\u2139 ${msg}`));
 }
 
-module.exports = { table, json, keyValue, success, error, warn, info };
+function spinner(message) {
+  if (!process.stderr.isTTY) {
+    console.error(message);
+    return { stop: () => {}, succeed: (msg) => success(msg), fail: (msg) => error(msg) };
+  }
+
+  const frames = ['\u280B', '\u2819', '\u2839', '\u2838', '\u283C', '\u2834', '\u2826', '\u2827', '\u2807', '\u280F'];
+  let i = 0;
+  const interval = setInterval(() => {
+    process.stderr.write(`\r${c.cyan(frames[i++ % frames.length])} ${message}`);
+  }, 80);
+
+  return {
+    stop() {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+    },
+    succeed(msg) {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+      success(msg);
+    },
+    fail(msg) {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+      error(msg);
+    },
+  };
+}
+
+module.exports = { table, json, keyValue, success, error, warn, info, spinner };