xtra-cli 0.1.6 → 0.1.9

package/dist/bin/xtra.js

@@ -76,8 +76,11 @@ program
     .description("XtraSync CLI - Secure Runtime Secret Injection")
     .version(pkg.version)
     .option("--profile <name>", "Use a specific named profile for this command");
-// Apply profile before any subcommand runs
-program.hook("preSubcommand", (thisCommand) => {
+// Commands that do NOT require authentication
+const PUBLIC_COMMANDS = new Set(["login", "completion", "doctor", "help"]);
+// Apply profile + auth guard before any subcommand runs
+program.hook("preSubcommand", (thisCommand, subCommand) => {
+    // ── Profile override ──────────────────────────────────────────
     const profileName = thisCommand.opts().profile;
     if (profileName) {
         try {
@@ -88,6 +91,17 @@ program.hook("preSubcommand", (thisCommand) => {
             process.exit(1);
         }
     }
+    // ── Auth guard ────────────────────────────────────────────────
+    const cmdName = subCommand.name();
+    if (PUBLIC_COMMANDS.has(cmdName))
+        return; // allow unauthenticated
+    const { getAuthToken } = require("../lib/config");
+    const token = getAuthToken();
+    if (!token) {
+        console.error("\x1b[31m✖ You are not logged in.\x1b[0m\n" +
+            "  Run \x1b[36mxtra login\x1b[0m to authenticate before using this command.\n");
+        process.exit(1);
+    }
 });
 program.addCommand(login_1.loginCommand);
 program.addCommand(run_1.runCommand);

package/dist/commands/init.js

@@ -74,20 +74,34 @@ exports.initCommand = new commander_1.Command("init")
     // Interactive prompts if not --yes
     if (!options.yes) {
         // ── API Projects Fetch ─────────────────────────────────────────────
+        const { getAuthToken } = await Promise.resolve().then(() => __importStar(require("../lib/config")));
+        const token = getAuthToken();
         const ora = (await Promise.resolve().then(() => __importStar(require("ora")))).default;
-        const apiSpinner = ora("Fetching your projects...").start();
         let remoteProjects = [];
-        try {
-            const { api } = await Promise.resolve().then(() => __importStar(require("../lib/api")));
-            remoteProjects = await api.getProjects();
-            apiSpinner.succeed(`Found ${remoteProjects.length} projects`);
-            if (remoteProjects.length === 0) {
-                console.log(chalk_1.default.yellow("\nYou don't have any projects in this workspace yet."));
-                console.log(chalk_1.default.yellow("Create one in the web dashboard first, or manually paste a Project ID below."));
-            }
+        if (!token) {
+            console.log(chalk_1.default.yellow("  ℹ  Not logged in — project list unavailable. Run `xtra login` first."));
+            console.log(chalk_1.default.yellow("     You can still enter a Project ID manually below.\n"));
         }
-        catch (err) {
-            apiSpinner.warn(chalk_1.default.yellow("Could not fetch projects. You will need to enter the ID manually."));
+        else {
+            const apiSpinner = ora("Fetching your projects...").start();
+            try {
+                const { api } = await Promise.resolve().then(() => __importStar(require("../lib/api")));
+                const result = await api.getProjects();
+                // API might return { projects: [...] } or directly an array
+                remoteProjects = Array.isArray(result) ? result : result.projects ?? [];
+                if (remoteProjects.length === 0) {
+                    apiSpinner.warn(chalk_1.default.yellow("No projects found in your workspace. Create one at xtra-security.vercel.app first."));
+                }
+                else {
+                    apiSpinner.succeed(`Found ${remoteProjects.length} project${remoteProjects.length > 1 ? "s" : ""}`);
+                }
+            }
+            catch (err) {
+                const reason = err?.response?.status === 401
+                    ? "session expired — run `xtra login` again"
+                    : err?.response?.data?.error || err?.message || "network error";
+                apiSpinner.warn(chalk_1.default.yellow(`Could not fetch projects (${reason}). Enter the Project ID manually.`));
+            }
         }
         const fallbackProject = project || (0, config_1.getConfigValue)("project") || "";
         const { project: selectedProject } = await inquirer_1.default.prompt([

package/dist/lib/config.js

@@ -5,15 +5,22 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.getProjectConfig = exports.getAuthToken = exports.clearConfig = exports.setConfig = exports.getConfigValue = exports.getConfig = void 0;
 const conf_1 = __importDefault(require("conf"));
+const PRODUCTION_API_URL = "https://xtra-security.vercel.app/api";
 const config = new conf_1.default({
     projectName: "xtra-cli",
     defaults: {
-        apiUrl: "https://xtra-security.vercel.app/api", // Default to production
+        apiUrl: PRODUCTION_API_URL,
     },
 });
+// Auto-heal: if an old localhost value was persisted, clear it so we use production.
+// Users who intentionally want localhost should set XTRA_API_URL env var instead.
+const _storedApiUrl = config.get("apiUrl");
+if (_storedApiUrl && _storedApiUrl.includes("localhost") && !process.env.XTRA_API_URL) {
+    config.set("apiUrl", PRODUCTION_API_URL);
+}
 const getConfig = () => ({
     ...config.store,
-    apiUrl: process.env.XTRA_API_URL || config.get("apiUrl") || "https://xtra-security.vercel.app/api"
+    apiUrl: process.env.XTRA_API_URL || config.get("apiUrl") || PRODUCTION_API_URL
 });
 exports.getConfig = getConfig;
 const getConfigValue = (key) => config.get(key);

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "xtra-cli",
-    "version": "0.1.6",
+    "version": "0.1.9",
     "description": "CLI for XtraSecurity Platform",
     "main": "dist/index.js",
     "bin": {