unbound-cli 0.3.1 → 0.5.0

package/src/commands/setup.js

@@ -27,6 +27,10 @@ const MDM_TOOLS = {
 // Default tools for --all (uses subscription mode for Claude Code and Codex since only one can be active)
 const MDM_ALL_TOOLS = ['cursor', 'claude-code-subscription', 'gemini-cli', 'codex-subscription'];
 
+// Default tools for user-level `unbound setup --all`.
+// Includes Cursor, Claude Code hooks, and Codex hooks (no Gemini CLI).
+const ALL_TOOLS = ['cursor', 'claude-code-subscription', 'codex-subscription'];
+
 // Tool name → script mapping for automated tools
 const SETUP_TOOL_MAP = {
   'cursor':                   { label: 'Cursor',                     script: 'cursor/setup.py' },
@@ -130,11 +134,12 @@ function runScriptPiped(scriptPath, args) {
 /**
  * Checks that the process is running as root (macOS/Linux).
  * Windows admin check is handled by the Python MDM scripts themselves.
+ * Pass a customized hint for the calling command (defaults to "setup mdm").
  */
-function checkRoot() {
+function checkRoot(commandHint = 'setup mdm') {
   if (process.platform === 'win32') return;
   if (typeof process.getuid !== 'function' || process.getuid() !== 0) {
-    throw new Error('MDM setup requires root. Run with: sudo unbound setup mdm ...');
+    throw new Error(`MDM setup requires root. Run with: sudo unbound ${commandHint} ...`);
   }
 }
 
@@ -171,6 +176,7 @@ function register(program) {
     .option('--clear', 'Remove Unbound configuration for the specified tools')
     .option('--subscription', 'Use subscription mode for Claude Code / Codex (hooks only)')
     .option('--gateway', 'Use gateway mode for Claude Code / Codex (Unbound as AI provider)')
+    .option('--all', 'Set up the default bundle: Cursor, Claude Code (hooks), Codex (hooks)')
     .addHelpText('after', `
 Available tools:
   cursor                    Cursor IDE
@@ -195,6 +201,10 @@ Examples:
   $ unbound setup claude-code --subscription               Claude Code hooks only
   $ unbound setup codex --gateway                          Codex gateway mode
 
+  Install the default bundle (Cursor + Claude Code hooks + Codex hooks):
+  $ unbound setup --all                                    Set up the default bundle
+  $ unbound setup --all --api-key <key>                    Login + set up the bundle
+
   One-step login and setup:
   $ unbound setup cursor --api-key <key>                   Login + set up Cursor
   $ unbound setup cursor claude-code-gateway --api-key <key>
@@ -217,6 +227,16 @@ automatically to authenticate before proceeding.
         const apiKey = config.getApiKey();
         const frontendUrl = config.getFrontendUrl();
 
+        // --all expands to the default bundle. Cannot be combined with explicit tool names.
+        if (opts.all) {
+          if (tools.length > 0) {
+            output.error('Cannot combine --all with explicit tool names.');
+            process.exitCode = 1;
+            return;
+          }
+          tools = [...ALL_TOOLS];
+        }
+
         // No tools specified → interactive multi-select (existing flow)
         if (tools.length === 0) {
           const selected = await output.multiSelect(
@@ -477,4 +497,34 @@ Examples:
     });
 }
 
-module.exports = { register };
+/**
+ * Runs the user-level default bundle (Cursor, Claude Code hooks, Codex hooks) with spinners.
+ * Assumes the caller has already ensured the user is logged in.
+ * Returns true on success, false on failure.
+ */
+async function runSetupAllBundle(apiKey) {
+  const resolvedTools = ALL_TOOLS.map(name => ({ name, ...SETUP_TOOL_MAP[name] }));
+  const args = `--api-key ${shellEscape(apiKey)}`;
+  return runBatch(resolvedTools, (tool) => runScriptPiped(tool.script, args));
+}
+
+/**
+ * Runs the MDM default bundle (Cursor, Claude Code hooks, Gemini CLI, Codex hooks) with spinners.
+ * Caller must ensure the process is running as root.
+ * Returns true on success, false on failure.
+ */
+async function runMdmSetupAllBundle(adminApiKey, { url } = {}) {
+  const resolvedTools = MDM_ALL_TOOLS.map(name => ({ name, ...MDM_TOOLS[name] }));
+  let args = `--api-key ${shellEscape(adminApiKey)}`;
+  if (url) args += ` --url ${shellEscape(url)}`;
+  return runBatch(resolvedTools, (tool) => runScriptPiped(tool.script, args));
+}
+
+module.exports = {
+  register,
+  runSetupAllBundle,
+  runMdmSetupAllBundle,
+  checkRoot,
+  ALL_TOOLS,
+  MDM_ALL_TOOLS,
+};

package/src/index.js

@@ -23,8 +23,13 @@ AUTHENTICATION
   $ unbound whoami                         Show current user and organization
   $ unbound status                         Show CLI status and API connectivity
 
+ONBOARDING (one-step install + discover)
+  $ unbound onboard --api-key <USER_KEY> --discovery-key <DISCOVERY_KEY>
+  $ sudo unbound onboard-mdm --admin-api-key <ADMIN_KEY> --discovery-key <DISCOVERY_KEY>
+
 TOOL SETUP
   $ unbound setup                          Select and install multiple tools interactively
+  $ unbound setup --all                    Set up the default bundle (Cursor + Claude Code hooks + Codex hooks)
   $ unbound setup cursor                   Set up Cursor
   $ unbound setup claude-code              Set up Claude Code (interactive mode selection)
   $ unbound setup claude-code --gateway    Use Unbound as AI provider
@@ -68,14 +73,33 @@ MDM AI TOOLS DISCOVERY
   $ unbound discover status                           Show scan schedule and logs
 
 POLICY MANAGEMENT
-  $ unbound policy list                    List all policies
-  $ unbound policy list --type SECURITY    Filter by type (SECURITY, MODEL, COST)
-  $ unbound policy get <id>                View policy details
-  $ unbound policy create --name <n> --type <t>  Create a new policy
-  $ unbound policy update <id> --name <n>  Update a policy
+  Unbound has four policy types. Each type has its own subcommand with guided flags.
+  Docs: https://docs.getunbound.ai/policies
+
+  $ unbound policy                         Overview and subcommand list
+  $ unbound policy form-data               Reference data (user groups, models, guardrails, etc.)
+  $ unbound policy list                    List Cost/Model/Security policies
+  $ unbound policy get <id>                View a policy's details
   $ unbound policy delete <id>             Delete a policy
-  $ unbound policy effective <id>          View effective policies for a user/group
-  $ unbound policy form-data               Get reference data for policy creation
+  $ unbound policy effective <id>          View effective policies for a user or group
+
+  Cost policies — monthly budget limits per user group:
+  $ unbound policy cost create --name "Eng Budget" --monthly-budget 1000 --group engg
+
+  Model policies — control which AI models are available:
+  $ unbound policy model create --name "No Opus" --all-models --excluded claude-3-opus
+
+  Security policies — guardrails for PII/secrets and routing rules:
+  $ unbound policy security create --name "Block PII" --sub-type guardrails --guardrail PII:BLOCK
+
+  Tool policies — shell command and MCP tool controls (separate backend):
+  $ unbound policy tool list
+  $ unbound policy tool create-terminal --name "Block rm -rf" --command-family filesystem \\
+      --field command='rm -rf*' --action BLOCK --custom-message "Destructive command blocked."
+  $ unbound policy tool create-mcp --name "Audit Linear writes" --mcp-server Linear \\
+      --mcp-action-type write --action AUDIT
+  $ unbound policy tool families           Discover terminal command families
+  $ unbound policy tool mcp-servers        Discover MCP servers and their tools
 
 USER & GROUP MANAGEMENT
   $ unbound users list                     List organization members
@@ -113,6 +137,7 @@ require('./commands/user-groups').register(program);
 require('./commands/tools').register(program);
 require('./commands/setup').register(program);
 require('./commands/discover').register(program);
+require('./commands/onboard').register(program);
 
 // config command for managing CLI settings
 const configCmd = program