unbound-cli 0.1.6 → 0.1.8

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/api.js

@@ -3,7 +3,8 @@ const http = require('http');
 const { URL } = require('url');
 const config = require('./config');
 
-const USER_AGENT = 'UnboundCLI/0.1.0';
+const { version } = require('../package.json');
+const USER_AGENT = `UnboundCLI/${version}`;
 
 const STATUS_MESSAGES = {
   400: 'Bad request. Check your input and try again.',
@@ -79,6 +80,11 @@ function request(method, path, { body, query, apiKey } = {}) {
       });
     });
 
+    req.setTimeout(30000, () => {
+      req.destroy();
+      reject(new Error(`Request to ${url.host} timed out after 30s. Please try again.`));
+    });
+
     req.on('error', (err) => {
       if (err.code === 'ECONNREFUSED') {
         reject(new Error(`Could not connect to ${url.host}. Check that the server is running.`));

package/src/auth.js

@@ -74,19 +74,29 @@ async function loginWithBrowser(frontendUrl) {
   output.info(`If the browser does not open, visit:\n${authUrl}`);
   output.info('Waiting for authentication...');
 
-  await open(authUrl);
+  try {
+    await open(authUrl);
+  } catch {
+    // Browser failed to open — URL is already printed above
+  }
 
   const timeout = setTimeout(() => {
     callbackReject(new Error('Authentication timed out after 120 seconds'));
     server.close();
   }, 120_000);
 
+  const reminder = setInterval(() => {
+    output.info('Still waiting for browser authentication...');
+  }, 30_000);
+
   try {
     const result = await callbackPromise;
     clearTimeout(timeout);
+    clearInterval(reminder);
     return result;
   } catch (err) {
     clearTimeout(timeout);
+    clearInterval(reminder);
     throw err;
   }
 }

package/src/commands/login.js

@@ -1,3 +1,4 @@
+const { Option } = require('commander');
 const config = require('../config');
 const output = require('../output');
 const api = require('../api');
@@ -8,7 +9,7 @@ function register(program) {
     .command('login')
     .description('Authenticate with Unbound. Opens a browser for interactive login, or use --api-key for CI/CD environments.')
     .option('--api-key <key>', 'Authenticate with an API key directly (non-interactive)')
-    .option('--base-url <url>', 'Set a custom API base URL before logging in')
+    .addOption(new Option('--base-url <url>', 'Set a custom API base URL').hideHelp())
     .option('--domain <domain>', 'Use a custom domain for login (e.g. custom.example.com)')
     .addHelpText('after', `
 Authentication methods:
@@ -23,13 +24,11 @@ Authentication methods:
 
 Options:
   --domain sets a custom domain for organizations with self-hosted frontends.
-  --base-url sets the backend API URL before authenticating (persisted).
 
 Examples:
   $ unbound login                              # Login via default gateway
   $ unbound login --domain custom.example.com  # Login via custom domain
   $ unbound login --api-key sk-abc123          # Non-interactive login
-  $ unbound login --base-url http://localhost:8000  # Use local backend
 `)
     .action(async (opts) => {
       try {
@@ -41,23 +40,31 @@ Examples:
 
         if (opts.apiKey) {
           apiKey = opts.apiKey;
+          // Validate the key before storing
+          const spin = output.spinner('Validating API key...');
+          try {
+            await api.get('/api/v1/users/privileges/', { apiKey });
+            spin.stop();
+          } catch (err) {
+            spin.fail('Invalid API key. Check your key and try again.');
+            process.exitCode = 1;
+            return;
+          }
+          config.setApiKey(apiKey);
         } else {
-          // Determine frontend URL: --domain flag or default
+          // Browser flow — key is already saved by auth.loginWithBrowser()
           let frontendUrl;
           if (opts.domain) {
             frontendUrl = opts.domain.startsWith('http') ? opts.domain : `https://${opts.domain}`;
           } else {
             frontendUrl = config.getFrontendUrl();
           }
-
           await loginWithBrowser(frontendUrl);
           apiKey = config.getApiKey();
+          // Validate the stored key
+          await api.get('/api/v1/users/privileges/');
         }
 
-        // Store the API key and validate through the backend
-        config.setApiKey(apiKey);
-        await api.get('/api/v1/users/privileges/');
-
         const cfg = config.readConfig();
         const parts = [];
         if (cfg.email) parts.push(`as ${cfg.email}`);

package/src/commands/logout.js

@@ -4,20 +4,24 @@ const output = require('../output');
 function register(program) {
   program
     .command('logout')
-    .description('Log out of Unbound. Removes stored credentials and configuration from ~/.unbound/config.json.')
+    .description('Log out of Unbound. Removes stored credentials from ~/.unbound/config.json while preserving custom URL settings.')
     .addHelpText('after', `
 What this does:
-  Clears all stored credentials (API key, email, organization) from
+  Clears stored credentials (API key, email, organization) from
   ~/.unbound/config.json. Custom URL settings (base_url, frontend_url)
-  are also removed.
+  are preserved so you don't need to reconfigure them.
 
 Examples:
   $ unbound logout
 `)
     .action(() => {
       try {
-        config.clearConfig();
-        output.success('Logged out successfully.');
+        const cfg = config.readConfig();
+        delete cfg.api_key;
+        delete cfg.email;
+        delete cfg.org_name;
+        config.writeConfig(cfg);
+        output.success('Logged out successfully. Custom URL settings preserved.');
       } catch (err) {
         output.error(err.message);
         process.exitCode = 1;

package/src/commands/status.js

@@ -8,13 +8,12 @@ function register(program) {
     .description('Show the current CLI status including config location, login state, and API connectivity. Useful for debugging connection issues.')
     .addHelpText('after', `
 Output fields:
-  Config file   - Path to the config file (~/.unbound/config.json)
-  Logged in     - Whether credentials are stored (Yes/No)
-  Email         - The authenticated user's email (if logged in)
-  Organization  - The organization name (if logged in)
-  API base URL  - The backend API URL being used (if logged in)
-  Frontend URL  - The frontend URL for browser auth (if logged in)
-  API status    - Connectivity check result (Connected / Error)
+  Config file      - Path to the config file (~/.unbound/config.json)
+  Logged in        - Whether credentials are stored (Yes/No)
+  Email            - The authenticated user's email (if logged in)
+  Organization     - The organization name (if logged in)
+  Unbound Gateway  - The Unbound gateway URL (if logged in)
+  API status       - Connectivity check result (Connected / Error)
 
 Examples:
   $ unbound status
@@ -34,28 +33,33 @@ Examples:
         if (loggedIn) {
           pairs.push(['Email', cfg.email || '-']);
           pairs.push(['Organization', cfg.org_name || '-']);
-          pairs.push(['API base URL', config.getBaseUrl()]);
-          pairs.push(['Frontend URL', config.getFrontendUrl()]);
+          pairs.push(['Unbound Gateway', config.getFrontendUrl()]);
         }
 
         // Check API connectivity
         let connectivity = 'Not checked (not logged in)';
         if (loggedIn) {
+          const spin = output.spinner('Checking API connectivity...');
           try {
             await api.get('/api/v1/users/privileges/');
+            spin.stop();
             connectivity = 'Connected';
           } catch (err) {
+            spin.stop();
             connectivity = `Error: ${err.message}`;
           }
         }
         pairs.push(['API status', connectivity]);
 
         if (opts.json) {
-          const obj = {};
-          for (const [key, value] of pairs) {
-            obj[key.toLowerCase().replace(/\s+/g, '_')] = value;
-          }
-          output.json(obj);
+          output.json({
+            config_file: config.CONFIG_FILE,
+            logged_in: loggedIn,
+            email: loggedIn ? (cfg.email || null) : null,
+            organization: loggedIn ? (cfg.org_name || null) : null,
+            gateway_url: loggedIn ? config.getFrontendUrl() : null,
+            api_status: connectivity,
+          });
           return;
         }
 

package/src/commands/whoami.js

@@ -25,15 +25,18 @@ Examples:
 `)
     .option('--json', 'Output raw JSON')
     .action(async (opts) => {
-      try {
-        if (!config.isLoggedIn()) {
-          output.error('Not logged in. Run `unbound login` first.');
-          process.exitCode = 1;
-          return;
-        }
+      if (!config.isLoggedIn()) {
+        output.error('Not logged in. Run `unbound login` first.');
+        process.exitCode = 1;
+        return;
+      }
 
-        const cfg = config.readConfig();
+      const cfg = config.readConfig();
+      const spin = output.spinner('Fetching user info...');
+      try {
         const privileges = await api.get('/api/v1/users/privileges/');
+        spin.stop();
+
         const role = roleFromPrivileges(privileges);
 
         if (opts.json) {
@@ -47,7 +50,7 @@ Examples:
           ['Role', role],
         ]);
       } catch (err) {
-        output.error(err.message);
+        spin.fail(err.message);
         process.exitCode = 1;
       }
     });

package/src/config.js

@@ -19,7 +19,7 @@ function readConfig() {
       return JSON.parse(fs.readFileSync(CONFIG_FILE, 'utf-8'));
     }
   } catch {
-    // Corrupted config, start fresh
+    console.error(`\x1b[33mWarning: Config file at ${CONFIG_FILE} is corrupted. Using defaults.\x1b[0m`);
   }
   return {};
 }

package/src/index.js

@@ -9,31 +9,71 @@ const program = new Command();
 
 program
   .name('unbound')
-  .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, and more.')
+  .description('Unbound CLI - Manage your AI Gateway from the command line.\n\nUnbound is an AI gateway that provides centralized policy management,\ncost controls, and security guardrails for AI coding tools like\nClaude Code, Cursor, Gemini CLI, Codex, and more.')
   .version(version)
   .addHelpText('after', `
-Examples:
-  $ unbound login                        Sign in via browser
-  $ unbound login --api-key <key>        Sign in with an API key
-  $ unbound whoami                       Show current user info
-  $ unbound policy list                  List all policies
-  $ unbound policy list --type SECURITY  List security policies
-  $ unbound users list                   List organization users
-  $ unbound user-groups list             List user groups
-  $ unbound tools list                   List connected AI tools
-  $ unbound setup cursor                 Configure Cursor to use Unbound
-  $ unbound setup claude-code            Configure Claude Code to use Unbound
-  $ unbound config set-url http://localhost:8000           Use local backend
-  $ unbound config set-frontend-url http://localhost:3000  Use local frontend
-
-Environment Variables:
-  UNBOUND_API_URL       Override the API base URL (e.g. http://localhost:8000)
-  UNBOUND_FRONTEND_URL  Override the frontend URL (e.g. http://localhost:3000)
-
-Configuration:
-  Config is stored in ~/.unbound/config.json
-  Production backend:  https://backend.getunbound.ai
-  Production frontend: https://gateway.getunbound.ai
+AUTHENTICATION
+  $ unbound login                          Sign in via browser
+  $ unbound login --api-key <key>          Sign in with an API key (for CI/CD)
+  $ unbound login --domain custom.co       Sign in via custom domain
+  $ unbound logout                         Remove stored credentials
+  $ unbound whoami                         Show current user and organization
+  $ unbound status                         Show CLI status and API connectivity
+
+TOOL SETUP
+  Automated setup (installs hooks, sets env vars, configures tool):
+  $ unbound setup cursor                   Set up Cursor
+  $ unbound setup claude-code              Set up Claude Code (interactive mode selection)
+  $ unbound setup claude-code --gateway    Use Unbound as AI provider
+  $ unbound setup claude-code --subscription  Hooks only (keep your subscription)
+  $ unbound setup gemini-cli               Set up Gemini CLI
+  $ unbound setup codex                    Set up Codex
+
+  Instruction-only (shows config values to set manually):
+  $ unbound setup roo-code                 Show Roo Code config values
+  $ unbound setup cline                    Show Cline config values
+  $ unbound setup kilo-code                Show Kilo Code config values
+  $ unbound setup custom-access            Show API key and base URL
+
+  Remove configuration:
+  $ unbound setup cursor --clear           Remove Unbound config for Cursor
+  $ unbound setup claude-code --clear      Remove Unbound config for Claude Code
+  $ unbound setup gemini-cli --clear       Remove Unbound config for Gemini CLI
+  $ unbound setup codex --clear            Remove Unbound config for Codex
+
+POLICY MANAGEMENT
+  $ unbound policy list                    List all policies
+  $ unbound policy list --type SECURITY    Filter by type (SECURITY, MODEL, COST)
+  $ unbound policy get <id>                View policy details
+  $ unbound policy create --name <n> --type <t>  Create a new policy
+  $ unbound policy update <id> --name <n>  Update a policy
+  $ unbound policy delete <id>             Delete a policy
+  $ unbound policy effective <id>          View effective policies for a user/group
+  $ unbound policy form-data               Get reference data for policy creation
+
+USER & GROUP MANAGEMENT
+  $ unbound users list                     List organization members
+  $ unbound users effective-policies <id>  View effective policies for a user
+  $ unbound user-groups list               List user groups
+  $ unbound user-groups get <id>           View group details and members
+  $ unbound user-groups create --name <n>  Create a user group
+  $ unbound user-groups update <id>        Update a user group
+  $ unbound user-groups delete <id>        Delete a user group
+
+TOOL CONNECTIONS
+  $ unbound tools list                     List connected AI tools
+  $ unbound tools connect <type>           Connect a new tool
+  $ unbound tools approved                 List approved tool types
+
+CONFIGURATION
+  $ unbound config show                    Show all settings
+
+FILES
+  ~/.unbound/config.json    Credentials and CLI settings
+
+LEARN MORE
+  Use "unbound <command> --help" for more information about a command.
+  Use "unbound <command> <subcommand> --help" for subcommand details.
 `);
 
 // Register all command modules
@@ -50,31 +90,27 @@ require('./commands/setup').register(program);
 // config command for managing CLI settings
 const configCmd = program
   .command('config')
-  .description('Manage CLI configuration. Set or view the API base URL and other settings.');
+  .description('Manage CLI configuration settings.');
 
+// Internal/dev commands — hidden from help but still functional
 configCmd
-  .command('set-url <url>')
-  .description('Set the API base URL. Use http://localhost:8000 for local development.')
-  .addHelpText('after', `
-Examples:
-  $ unbound config set-url http://localhost:8000       # Local development
-  $ unbound config set-url https://backend.getunbound.ai  # Production (default)
-`)
+  .command('set-url <url>', { hidden: true })
+  .description('Set the API base URL (internal)')
   .action((url) => {
     config.setBaseUrl(url);
     output.success(`API base URL set to ${url}`);
   });
 
 configCmd
-  .command('get-url')
-  .description('Show the current API base URL.')
+  .command('get-url', { hidden: true })
+  .description('Show the current API base URL (internal)')
   .action(() => {
     console.log(config.getBaseUrl());
   });
 
 configCmd
-  .command('reset-url')
-  .description('Reset the API base URL to the default (https://backend.getunbound.ai).')
+  .command('reset-url', { hidden: true })
+  .description('Reset the API base URL to default (internal)')
   .action(() => {
     const cfg = config.readConfig();
     delete cfg.base_url;
@@ -83,28 +119,23 @@ configCmd
   });
 
 configCmd
-  .command('set-frontend-url <url>')
-  .description('Set the frontend URL. Use http://localhost:3000 for local development.')
-  .addHelpText('after', `
-Examples:
-  $ unbound config set-frontend-url http://localhost:3000       # Local development
-  $ unbound config set-frontend-url https://gateway.getunbound.ai  # Production (default)
-`)
+  .command('set-frontend-url <url>', { hidden: true })
+  .description('Set the frontend URL (internal)')
   .action((url) => {
     config.setFrontendUrl(url);
     output.success(`Frontend URL set to ${url}`);
   });
 
 configCmd
-  .command('get-frontend-url')
-  .description('Show the current frontend URL.')
+  .command('get-frontend-url', { hidden: true })
+  .description('Show the current frontend URL (internal)')
   .action(() => {
     console.log(config.getFrontendUrl());
   });
 
 configCmd
-  .command('reset-frontend-url')
-  .description('Reset the frontend URL to the default (https://gateway.getunbound.ai).')
+  .command('reset-frontend-url', { hidden: true })
+  .description('Reset the frontend URL to default (internal)')
   .action(() => {
     const cfg = config.readConfig();
     delete cfg.frontend_url;
@@ -122,8 +153,7 @@ configCmd
     if (opts.json) {
       output.json({
         config_file: config.CONFIG_FILE,
-        api_base_url: config.getBaseUrl(),
-        frontend_url: config.getFrontendUrl(),
+        gateway_url: config.getFrontendUrl(),
         logged_in: config.isLoggedIn(),
         email: cfg.email || null,
         organization: cfg.org_name || null,
@@ -133,8 +163,7 @@ configCmd
 
     output.keyValue([
       ['Config file', config.CONFIG_FILE],
-      ['API base URL', config.getBaseUrl()],
-      ['Frontend URL', config.getFrontendUrl()],
+      ['Unbound Gateway', config.getFrontendUrl()],
       ['Logged in', config.isLoggedIn() ? 'Yes' : 'No'],
       ['Email', cfg.email || '-'],
       ['Organization', cfg.org_name || '-'],

package/src/output.js

@@ -77,4 +77,34 @@ function info(msg) {
   console.error(c.cyan(`\u2139 ${msg}`));
 }
 
-module.exports = { table, json, keyValue, success, error, warn, info };
+function spinner(message) {
+  if (!process.stderr.isTTY) {
+    console.error(message);
+    return { stop: () => {}, succeed: (msg) => success(msg), fail: (msg) => error(msg) };
+  }
+
+  const frames = ['\u280B', '\u2819', '\u2839', '\u2838', '\u283C', '\u2834', '\u2826', '\u2827', '\u2807', '\u280F'];
+  let i = 0;
+  const interval = setInterval(() => {
+    process.stderr.write(`\r${c.cyan(frames[i++ % frames.length])} ${message}`);
+  }, 80);
+
+  return {
+    stop() {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+    },
+    succeed(msg) {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+      success(msg);
+    },
+    fail(msg) {
+      clearInterval(interval);
+      process.stderr.write('\r\x1b[K');
+      error(msg);
+    },
+  };
+}
+
+module.exports = { table, json, keyValue, success, error, warn, info, spinner };