unbound-cli 1.0.0 → 1.1.1

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "unbound-cli",
-  "version": "1.0.0",
+  "version": "1.1.1",
   "description": "CLI tool for Unbound - AI Gateway management",
   "main": "src/index.js",
   "bin": {

package/src/commands/setup.js

@@ -7,6 +7,7 @@ const https = require('https');
 const config = require('../config');
 const output = require('../output');
 const { ensureLoggedIn } = require('../auth');
+const { confirm } = require('../utils');
 
 const SETUP_BASE_URL = 'https://raw.githubusercontent.com/websentry-ai/setup/refs/heads/main';
 
@@ -59,6 +60,17 @@ const SETUP_TOOL_MAP = {
   'codex-gateway':            { label: 'Codex (gateway)',            script: 'codex/gateway/setup.py' },
 };
 
+/**
+ * Resolves the tool list for `setup --all`. Installing uses the subscription
+ * bundle (one mode per tool, no Gemini CLI), but clearing must remove EVERY
+ * tool Unbound can configure — both modes plus Gemini CLI — so a prior
+ * gateway-mode or Gemini setup isn't silently left behind. Mirrors the
+ * `setup mdm --all` split.
+ */
+function resolveSetupAllTools(clear) {
+  return clear ? Object.keys(SETUP_TOOL_MAP) : [...SETUP_ALL_TOOLS];
+}
+
 // Instruction-only tools (display config values, no setup scripts)
 const INSTRUCTION_TOOLS = {
   'roo-code':      { label: 'Roo Code',     values: (apiKey) => [['API Provider', 'unbound'], ['API Key', apiKey]] },
@@ -320,6 +332,23 @@ function checkRoot(commandHint = 'setup mdm') {
   }
 }
 
+/**
+ * Returns true when the process has the privileges needed to touch system-level
+ * (MDM) configuration. On Windows, `net session` succeeds only when elevated, so
+ * it doubles as an Administrator check — this keeps nuke's scope (and the copy it
+ * shows) accurate instead of assuming admin.
+ */
+function hasRootPrivileges() {
+  if (process.platform === 'win32') {
+    try {
+      return spawnSync('net', ['session'], { stdio: 'ignore', windowsHide: true }).status === 0;
+    } catch {
+      return false;
+    }
+  }
+  return typeof process.getuid === 'function' && process.getuid() === 0;
+}
+
 /**
  * Runs a batch of tools sequentially with spinners.
  * Stops on first failure. Returns true if all succeeded.
@@ -341,6 +370,30 @@ async function runBatch(tools, runFn, { clear = false } = {}) {
   return true;
 }
 
+/**
+ * Clears a set of tools best-effort: a single tool failing does not abort the
+ * rest (unlike runBatch, which stops on first failure). Used by `uninstall`,
+ * where the goal is to remove as much as possible. Returns the labels that failed.
+ */
+async function clearToolsBestEffort(layer, tools, { mdm, backendUrl, gatewayUrl, frontendUrl } = {}) {
+  const failed = [];
+  for (const tool of tools) {
+    const s = output.spinner(`Clearing ${layer}: ${tool.label}...`);
+    try {
+      // frontendUrl is forwarded for parity with `setup --clear`; buildScriptArgs
+      // only appends --domain for non-MDM tools, so MDM clears stay unaffected.
+      const args = buildScriptArgs(null, { backendUrl, gatewayUrl, frontendUrl, clear: true, mdm });
+      await runScriptPiped(tool.script, args);
+      s.succeed(`${layer}: ${tool.label}`);
+    } catch (err) {
+      const reason = (err.message || 'failed').split('\n')[0].slice(0, 80);
+      s.fail(`${layer}: ${tool.label} (${reason})`);
+      failed.push(tool.label);
+    }
+  }
+  return failed;
+}
+
 function register(program) {
   const setup = program
     .command('setup')
@@ -403,6 +456,10 @@ Examples:
   $ unbound setup copilot --clear                          Remove GitHub Copilot config
   $ unbound setup claude-code --clear                      Remove BOTH Claude Code modes (subscription + gateway)
   $ unbound setup codex --clear                            Remove BOTH Codex modes (subscription + gateway)
+  $ unbound setup --all --clear                            Remove EVERY tool's config (both modes + Gemini CLI)
+
+  To also remove MDM config for all users and wipe credentials, use:
+  $ sudo unbound nuke
 
   Interactive:
   $ unbound setup                                          Select tools interactively
@@ -447,7 +504,7 @@ requires authentication.
             process.exitCode = 1;
             return;
           }
-          tools = [...SETUP_ALL_TOOLS];
+          tools = resolveSetupAllTools(opts.clear);
         }
 
         // No tools specified → interactive multi-select (existing flow)
@@ -792,6 +849,99 @@ Clear examples (no API key required):
         process.exitCode = 1;
       }
     });
+
+  // --- Full uninstall ---
+
+  program
+    .command('nuke')
+    .alias('uninstall')
+    .description(
+      'Remove Unbound and start fresh: clears AI-tool configuration and deletes ' +
+      'stored credentials. Scope follows your privileges — run with sudo to also ' +
+      'remove MDM (system-level) config for all users; without root it clears only ' +
+      'the current user.'
+    )
+    .option('-y, --yes', 'Skip the confirmation prompt')
+    .addHelpText('after', `
+Scope is chosen automatically from your privileges:
+  Run with sudo (root)   Clears every user-level AND MDM (system-level) tool
+                         config for all users on the device, then deletes
+                         credentials.
+  Run without root       Clears only the current user's tool config and
+                         credentials. MDM (system-level) config is skipped —
+                         re-run with sudo to remove it too.
+
+What it clears:
+  - USER-level tool config — Cursor, GitHub Copilot, Claude Code (subscription +
+    gateway), Gemini CLI, Codex (subscription + gateway).
+  - MDM (system-level) tool config across all users          [only when run as root]
+  - Stored credentials and settings (~/.unbound/config.json).
+
+After it finishes, run \`unbound login\` (or \`unbound onboard\`) to set things up
+fresh. Clearing never contacts the Unbound API, so no API key is needed.
+
+Examples:
+  $ sudo unbound nuke              Remove everything on the device (asks to confirm)
+  $ sudo unbound nuke --yes        Remove everything, no confirmation
+  $ unbound nuke                   Clear just your tools + credentials (no sudo)
+  $ unbound nuke --yes             Same, no confirmation
+  $ unbound uninstall              'uninstall' is an alias for 'nuke'
+`)
+    .action(async (opts) => {
+      try {
+        // Scope follows privileges: with root (or Windows Administrator) we also
+        // remove system-level MDM config for all users; otherwise we clear only
+        // this user. Detecting elevation up front keeps the confirmation honest
+        // (no promising MDM removal we can't perform).
+        const includeMdm = hasRootPrivileges();
+
+        if (!opts.yes) {
+          output.warn(includeMdm
+            ? 'This removes ALL Unbound tool configuration on this device (user-level and MDM) and deletes your stored credentials.'
+            : 'This removes your user-level Unbound tool configuration and deletes your stored credentials. (MDM/system-level config needs root and will be skipped — re-run with sudo to remove it too.)');
+          const ok = await confirm('Continue?');
+          if (!ok) {
+            output.info('Cancelled. Nothing was changed.');
+            return;
+          }
+        }
+
+        // Resolve URLs before wiping config so the clear scripts get consistent
+        // flags. Clearing is URL-independent, but this matches the other clear paths.
+        const backendUrl = config.getBaseUrl();
+        const gatewayUrl = config.getGatewayUrl();
+        const frontendUrl = config.getFrontendUrl();
+
+        console.log('');
+        const userTools = Object.keys(SETUP_TOOL_MAP).map(name => ({ name, ...SETUP_TOOL_MAP[name] }));
+        const userFailed = await clearToolsBestEffort('user', userTools, { mdm: false, backendUrl, gatewayUrl, frontendUrl });
+
+        // MDM clears need root and touch all users — run them only when we have it.
+        let mdmFailed = [];
+        if (includeMdm) {
+          const mdmTools = Object.keys(MDM_TOOLS).map(name => ({ name, ...MDM_TOOLS[name] }));
+          mdmFailed = await clearToolsBestEffort('mdm', mdmTools, { mdm: true, backendUrl, gatewayUrl });
+        } else {
+          output.info('Skipped MDM (system-level) config — that needs root. Re-run with sudo to remove it too.');
+        }
+
+        // Wipe credentials + settings last, regardless of tool-clear outcomes.
+        config.clearConfig();
+        output.success('Stored credentials and settings removed.');
+
+        console.log('');
+        const failed = [...userFailed, ...mdmFailed];
+        const scope = includeMdm ? 'on this device' : 'for your user';
+        if (failed.length === 0) {
+          output.success(`Unbound removed ${scope}. The CLI is back to a fresh state — run "unbound login" to start over.`);
+        } else {
+          output.warn(`Done ${scope}, but ${failed.length} tool clear(s) reported issues: ${failed.join(', ')}. Credentials were still removed.`);
+        }
+      } catch (err) {
+        output.error(err.message);
+        process.exitCode = 1;
+      }
+    });
 }
 
 /**
@@ -849,4 +999,5 @@ module.exports = {
   MDM_ALL_TOOLS,
   buildScriptArgs,
   scriptSupportsBackfill,
+  resolveSetupAllTools,
 };

package/src/index.js

@@ -73,18 +73,23 @@ TOOL SETUP
   $ unbound setup kilo-code                Show Kilo Code config values
   $ unbound setup custom-access            Show API key and base URL
 
-  Remove configuration:
+  Remove configuration (no API key needed to clear):
   $ unbound setup cursor --clear           Remove Unbound config for Cursor
   $ unbound setup copilot --clear          Remove Unbound config for GitHub Copilot
   $ unbound setup claude-code --clear      Remove Unbound config for Claude Code
   $ unbound setup gemini-cli --clear       Remove Unbound config for Gemini CLI
   $ unbound setup codex --clear            Remove Unbound config for Codex
+  $ unbound setup --all --clear            Remove config for every tool
+
+  Full uninstall (all tools + credentials):
+  $ sudo unbound nuke                      Wipe everything on the device (MDM + user)
+  $ unbound nuke                           Wipe just your tools + credentials (no sudo)
 
 MDM SETUP (admin, requires root)
   $ sudo unbound setup mdm --admin-api-key KEY --all
   $ sudo unbound setup mdm --admin-api-key KEY cursor copilot codex-subscription
   $ sudo unbound setup mdm --admin-api-key KEY claude-code-subscription codex-subscription gemini-cli
-  $ sudo unbound setup mdm --admin-api-key KEY --clear cursor codex-subscription
+  $ sudo unbound setup mdm --clear cursor codex-subscription   (no API key needed to clear)
 
 MDM AI TOOLS DISCOVERY
   --domain defaults to the configured backend URL (set via "unbound config set-backend-url")

package/test/setup-args.test.js

@@ -1,6 +1,6 @@
 const { test } = require('node:test');
 const assert = require('node:assert/strict');
-const { buildScriptArgs, scriptSupportsBackfill } = require('../src/commands/setup');
+const { buildScriptArgs, scriptSupportsBackfill, resolveSetupAllTools } = require('../src/commands/setup');
 
 // shellEscape single-quotes every value, so a real key surfaces as
 // --api-key '<key>' at the head of the argv tail.
@@ -102,3 +102,46 @@ test('buildScriptArgs: result is always trimmed', () => {
     assert.equal(args, args.trim(), JSON.stringify([key, opts]));
   }
 });
+
+// WEB-4587: clearing never needs an API key — including the MDM path. The
+// help/examples say so, and buildScriptArgs must back that up: clear+mdm with
+// no key emits --clear, no --api-key, no --domain (MDM has no browser auth).
+test('buildScriptArgs: mdm clear without key emits --clear and no --api-key/--domain', () => {
+  const args = buildScriptArgs(null, {
+    clear: true,
+    mdm: true,
+    backendUrl: 'https://backend.acme.com',
+    gatewayUrl: 'https://gateway.acme.com',
+    frontendUrl: 'https://gateway.acme.com',
+  });
+  assert.ok(args.includes('--clear'), args);
+  assert.ok(!args.includes('--api-key'), args);
+  assert.ok(!args.includes('--domain'), args); // mdm:true never passes the frontend URL
+});
+
+// WEB-4587 core fix: `setup --all --clear` must remove EVERY tool Unbound can
+// configure, not just the subscription install bundle. Otherwise a prior
+// gateway-mode or Gemini CLI setup is silently left behind.
+test('resolveSetupAllTools(false): install bundle is subscription-only, no gateway/gemini', () => {
+  const tools = resolveSetupAllTools(false);
+  // Membership + length (order-independent) so reordering SETUP_ALL_TOOLS doesn't break this.
+  assert.equal(tools.length, 4, `expected 4 tools, got ${tools.join(',')}`);
+  for (const t of ['cursor', 'claude-code-subscription', 'codex-subscription', 'copilot']) {
+    assert.ok(tools.includes(t), `install bundle missing ${t}: ${tools.join(',')}`);
+  }
+  assert.ok(!tools.includes('claude-code-gateway'), tools.join(','));
+  assert.ok(!tools.includes('codex-gateway'), tools.join(','));
+  assert.ok(!tools.includes('gemini-cli'), tools.join(','));
+});
+
+test('resolveSetupAllTools(true): clear-all covers every tool incl. gateway modes + gemini', () => {
+  const tools = resolveSetupAllTools(true);
+  for (const t of ['cursor', 'copilot', 'claude-code-subscription', 'claude-code-gateway',
+                   'gemini-cli', 'codex-subscription', 'codex-gateway']) {
+    assert.ok(tools.includes(t), `clear-all missing ${t}: ${tools.join(',')}`);
+  }
+  // The clear set must be a superset of the install bundle.
+  for (const t of resolveSetupAllTools(false)) {
+    assert.ok(tools.includes(t), `clear-all missing install-bundle tool ${t}`);
+  }
+});