htmlship 0.2.0__tar.gz → 0.3.1__tar.gz

{htmlship-0.2.0 → htmlship-0.3.1}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: htmlship
-Version: 0.2.0
+Version: 0.3.1
 Summary: Host and share HTML pages from LLMs and coding agents in one line.
 Project-URL: Homepage, https://htmlship.com
 Project-URL: Repository, https://github.com/htmlship/htmlship
@@ -136,32 +136,44 @@ The CLI stores owner keys in `~/.htmlship/keys.json` so `update`, `delete`, and
 
 ## Deploy built apps
 
-`deploy` builds a modern frontend project (React, Vite, Svelte, etc.) and publishes the **compiled** app as a single self-contained page — no separate asset hosting required.
+`deploy` builds a modern frontend project (React, Vite, Svelte, Next.js, …) **locally** and publishes the compiled output. Single-page apps are inlined into one self-contained page; multi-file sites (Next.js static export — auto-detected — Astro, Docusaurus, VitePress, …) are hosted as a file tree at `view.htmlship.com/{slug}/`. No separate asset hosting required either way.
 
 ```bash
-htmlship deploy ./my-app            # detect build script, build, inline, publish
-htmlship deploy --dry-run           # build + inline, but don't publish (inspect first)
+htmlship deploy ./my-app                         # SPA -> one inlined page
+htmlship deploy ./my-next-app                    # Next.js -> multi-file site (auto-detected)
+htmlship deploy ./my-app --site --out dist       # force multi-file hosting (Astro, etc.)
+htmlship deploy ./my-app --single-file           # force single-file inlining
+htmlship deploy ./my-app --password "demo-pass"  # password-protect the deploy
+htmlship deploy --dry-run                         # build, but don't publish (inspect first)
 htmlship deploy --build-cmd "vite build" --out dist
-npx htmlship deploy ./my-app        # same, no install
+npx htmlship deploy ./my-app                      # same, no install
 ```
 
 How it works:
 
 1. **The build runs locally, on your machine — never on the server.** `deploy` detects your package manager (npm/pnpm/yarn/bun) and runs the `build` script (falling back to `build:prod`, or `--build-cmd` to override). This is what keeps the service from ever executing untrusted build steps.
-2. The build output (`dist/` or `build/`, or `--out`) is **inlined into one HTML file**: scripts and stylesheets are embedded, and referenced images/icons/fonts become data URIs. The result must be ≤ 10 MB.
-3. It's published with `sandbox_mode: "relaxed"` so the app's JavaScript can run (see [Rendering](#rendering)).
+2. **Single-file** (default for SPAs): the output (`dist/`, `build/`, or `--out`) is inlined into one HTML file — scripts and stylesheets embedded, images/icons/fonts as data URIs — and published with `sandbox_mode: "relaxed"`.
+3. **Multi-file** (Next.js auto-detected, or `--site`): the whole output tree is uploaded as a base64 file manifest to `POST /api/v1/sites` and served at `view.htmlship.com/{slug}/`, each response carrying a path-scoped per-slug sandbox CSP.
+
+Both kinds run with relaxed sandboxing (see [Rendering](#rendering)) and are capped at 10 MB. `--single-file` and `--site` force a mode when you don't want the auto-detected one.
 
 The same flow is available programmatically (Python library) and via the `deploy_project` MCP tool:
 
 ```python
 import htmlship
 
-# Library: build ./my-app locally and publish the compiled app
-page = htmlship.HTMLShipClient().deploy("./my-app", expires_in=1440)
+# build ./my-app locally and publish (auto-detects single-file vs. multi-file site)
+page = htmlship.HTMLShipClient().deploy_project("./my-app", password="demo-pass", expires_in=1440)
 print(page.url)
 ```
 
-**Relaxed-mode limits (by design):** a deployed app runs in an isolated, opaque origin and **cannot** make network requests (`connect-src 'none'`), read cookies, access other pages, or use `eval`. It's intended for self-contained client-side apps and demos — not for apps that call external APIs at runtime.
+**Relaxed-mode limits (by design):** a deployed app runs in an isolated, opaque origin and **cannot** make network requests (`connect-src 'none'`), read cookies, access other pages, or use `eval`. For a multi-file Next.js site that means client-side data fetches fail closed and Next falls back to full-page navigation — links still work, runtime API calls don't. It's intended for self-contained client-side apps, demos, and static content — not for apps that call external APIs at runtime.
+
+**What `deploy` supports:**
+
+- **Single-page apps** that build to one `index.html` plus assets — Vite, Create React App, SvelteKit (`adapter-static`), Vue CLI, plain static-site generators. Auto-detects `dist/`, `build/`, and `out/` with no flags.
+- **Next.js** (auto-detected): the CLI transparently builds a **static export based at the slug path** — you don't edit `next.config`. The app must be statically exportable (no middleware, SSR, or server features). One exception: a `next.config.ts` can't be rewritten automatically yet, so `deploy` asks you to set `output: "export"` plus `basePath`/`assetPrefix = "/__htmlship_base__"` yourself, or convert the config to `next.config.mjs`.
+- **Other multi-file frameworks** via `--site` (Astro, Docusaurus, VitePress, multi-page builds): build with your framework's base path set to `/__htmlship_base__` (e.g. Astro's `base`, or `vite build --base=/__htmlship_base__/`) so root-absolute asset URLs resolve under `/{slug}/`; the server rewrites that placeholder to the real slug at upload. Automatic base injection is currently Next.js-only.
 
 ## API
 
@@ -172,6 +184,7 @@ Base URL: `https://api.htmlship.com`.
 | `GET` | `/health` | Health check with service version. |
 | `GET` | `/version` | Service version. |
 | `POST` | `/api/v1/pages` | Create a page. |
+| `POST` | `/api/v1/sites` | Upload a multi-file static site (base64 file manifest); served at `view.htmlship.com/{slug}/`. |
 | `GET` | `/api/v1/pages/{slug}` | Fetch page metadata. |
 | `PATCH` | `/api/v1/pages/{slug}` | Replace HTML or title. Requires `X-Owner-Key`. |
 | `DELETE` | `/api/v1/pages/{slug}` | Soft-delete a page. Requires `X-Owner-Key`. |
@@ -198,7 +211,7 @@ Notes:
 - `sandbox_mode` accepts `strict` (default) or `relaxed`. `strict` blocks all scripts; `relaxed` lets the page's own inline scripts run inside an isolated, opaque origin (used by `deploy` for compiled apps). See [Rendering](#rendering).
 - Password-protected views set a signed, HTTP-only session cookie after the correct password is submitted.
 
-There is no server-side build endpoint, by design: builds always run on the client (see [Deploy built apps](#deploy-built-apps)). The API only ever receives already-inlined HTML, so deploying via the API is simply a `POST /api/v1/pages` with `"sandbox_mode": "relaxed"`.
+There is no server-side build endpoint, by design: builds always run on the client (see [Deploy built apps](#deploy-built-apps)). The API only ever receives already-built output — single-file deploys are a `POST /api/v1/pages` with `"sandbox_mode": "relaxed"`; multi-file sites are a `POST /api/v1/sites` with a base64 file manifest, served per-slug at `view.htmlship.com/{slug}/`.
 
 ## Rendering
 
@@ -214,11 +227,13 @@ Rendered HTML is served from `view.htmlship.com/{slug}`. **Strict** pages (the d
 
 **Relaxed** pages (`sandbox_mode: "relaxed"`, used by `deploy`) let the page's own inline scripts run but isolate them with `Content-Security-Policy: sandbox allow-scripts` — deliberately *without* `allow-same-origin`. That forces an opaque origin, so a deployed app cannot read cookies, touch `localStorage`, or fetch other pages same-origin. `connect-src 'none'` additionally blocks network egress. The body is still served verbatim; isolation is enforced entirely by response headers, with no change to the single-file storage model.
 
+**Multi-file sites** (`deploy` of a Next.js export or `--site`) are served at `view.htmlship.com/{slug}/` from a per-slug file tree. Each response carries the same opaque-origin `sandbox` CSP, additionally path-scoped to `/{slug}/` (`script-src`/`style-src`/`img-src`/`font-src` are pinned to that prefix). Per-slug isolation therefore comes from the CSP, not from the URL path — one slug's scripts can't read another's, and `connect-src 'none'` blocks egress just as for single-file pages.
+
 The app routes by `Host` header:
 
 - `htmlship.com` serves the landing page
 - `api.htmlship.com` serves the API and landing assets
-- `view.htmlship.com/{slug}` serves sandboxed HTML
+- `view.htmlship.com/{slug}` serves a sandboxed single page; `view.htmlship.com/{slug}/…` serves a multi-file site's tree
 
 For local development without DNS, append `?_host=view.htmlship.com` (or your configured view host) to spoof the host header, for example:
 

{htmlship-0.2.0 → htmlship-0.3.1}/README.md

@@ -91,32 +91,44 @@ The CLI stores owner keys in `~/.htmlship/keys.json` so `update`, `delete`, and
 
 ## Deploy built apps
 
-`deploy` builds a modern frontend project (React, Vite, Svelte, etc.) and publishes the **compiled** app as a single self-contained page — no separate asset hosting required.
+`deploy` builds a modern frontend project (React, Vite, Svelte, Next.js, …) **locally** and publishes the compiled output. Single-page apps are inlined into one self-contained page; multi-file sites (Next.js static export — auto-detected — Astro, Docusaurus, VitePress, …) are hosted as a file tree at `view.htmlship.com/{slug}/`. No separate asset hosting required either way.
 
 ```bash
-htmlship deploy ./my-app            # detect build script, build, inline, publish
-htmlship deploy --dry-run           # build + inline, but don't publish (inspect first)
+htmlship deploy ./my-app                         # SPA -> one inlined page
+htmlship deploy ./my-next-app                    # Next.js -> multi-file site (auto-detected)
+htmlship deploy ./my-app --site --out dist       # force multi-file hosting (Astro, etc.)
+htmlship deploy ./my-app --single-file           # force single-file inlining
+htmlship deploy ./my-app --password "demo-pass"  # password-protect the deploy
+htmlship deploy --dry-run                         # build, but don't publish (inspect first)
 htmlship deploy --build-cmd "vite build" --out dist
-npx htmlship deploy ./my-app        # same, no install
+npx htmlship deploy ./my-app                      # same, no install
 ```
 
 How it works:
 
 1. **The build runs locally, on your machine — never on the server.** `deploy` detects your package manager (npm/pnpm/yarn/bun) and runs the `build` script (falling back to `build:prod`, or `--build-cmd` to override). This is what keeps the service from ever executing untrusted build steps.
-2. The build output (`dist/` or `build/`, or `--out`) is **inlined into one HTML file**: scripts and stylesheets are embedded, and referenced images/icons/fonts become data URIs. The result must be ≤ 10 MB.
-3. It's published with `sandbox_mode: "relaxed"` so the app's JavaScript can run (see [Rendering](#rendering)).
+2. **Single-file** (default for SPAs): the output (`dist/`, `build/`, or `--out`) is inlined into one HTML file — scripts and stylesheets embedded, images/icons/fonts as data URIs — and published with `sandbox_mode: "relaxed"`.
+3. **Multi-file** (Next.js auto-detected, or `--site`): the whole output tree is uploaded as a base64 file manifest to `POST /api/v1/sites` and served at `view.htmlship.com/{slug}/`, each response carrying a path-scoped per-slug sandbox CSP.
+
+Both kinds run with relaxed sandboxing (see [Rendering](#rendering)) and are capped at 10 MB. `--single-file` and `--site` force a mode when you don't want the auto-detected one.
 
 The same flow is available programmatically (Python library) and via the `deploy_project` MCP tool:
 
 ```python
 import htmlship
 
-# Library: build ./my-app locally and publish the compiled app
-page = htmlship.HTMLShipClient().deploy("./my-app", expires_in=1440)
+# build ./my-app locally and publish (auto-detects single-file vs. multi-file site)
+page = htmlship.HTMLShipClient().deploy_project("./my-app", password="demo-pass", expires_in=1440)
 print(page.url)
 ```
 
-**Relaxed-mode limits (by design):** a deployed app runs in an isolated, opaque origin and **cannot** make network requests (`connect-src 'none'`), read cookies, access other pages, or use `eval`. It's intended for self-contained client-side apps and demos — not for apps that call external APIs at runtime.
+**Relaxed-mode limits (by design):** a deployed app runs in an isolated, opaque origin and **cannot** make network requests (`connect-src 'none'`), read cookies, access other pages, or use `eval`. For a multi-file Next.js site that means client-side data fetches fail closed and Next falls back to full-page navigation — links still work, runtime API calls don't. It's intended for self-contained client-side apps, demos, and static content — not for apps that call external APIs at runtime.
+
+**What `deploy` supports:**
+
+- **Single-page apps** that build to one `index.html` plus assets — Vite, Create React App, SvelteKit (`adapter-static`), Vue CLI, plain static-site generators. Auto-detects `dist/`, `build/`, and `out/` with no flags.
+- **Next.js** (auto-detected): the CLI transparently builds a **static export based at the slug path** — you don't edit `next.config`. The app must be statically exportable (no middleware, SSR, or server features). One exception: a `next.config.ts` can't be rewritten automatically yet, so `deploy` asks you to set `output: "export"` plus `basePath`/`assetPrefix = "/__htmlship_base__"` yourself, or convert the config to `next.config.mjs`.
+- **Other multi-file frameworks** via `--site` (Astro, Docusaurus, VitePress, multi-page builds): build with your framework's base path set to `/__htmlship_base__` (e.g. Astro's `base`, or `vite build --base=/__htmlship_base__/`) so root-absolute asset URLs resolve under `/{slug}/`; the server rewrites that placeholder to the real slug at upload. Automatic base injection is currently Next.js-only.
 
 ## API
 
@@ -127,6 +139,7 @@ Base URL: `https://api.htmlship.com`.
 | `GET` | `/health` | Health check with service version. |
 | `GET` | `/version` | Service version. |
 | `POST` | `/api/v1/pages` | Create a page. |
+| `POST` | `/api/v1/sites` | Upload a multi-file static site (base64 file manifest); served at `view.htmlship.com/{slug}/`. |
 | `GET` | `/api/v1/pages/{slug}` | Fetch page metadata. |
 | `PATCH` | `/api/v1/pages/{slug}` | Replace HTML or title. Requires `X-Owner-Key`. |
 | `DELETE` | `/api/v1/pages/{slug}` | Soft-delete a page. Requires `X-Owner-Key`. |
@@ -153,7 +166,7 @@ Notes:
 - `sandbox_mode` accepts `strict` (default) or `relaxed`. `strict` blocks all scripts; `relaxed` lets the page's own inline scripts run inside an isolated, opaque origin (used by `deploy` for compiled apps). See [Rendering](#rendering).
 - Password-protected views set a signed, HTTP-only session cookie after the correct password is submitted.
 
-There is no server-side build endpoint, by design: builds always run on the client (see [Deploy built apps](#deploy-built-apps)). The API only ever receives already-inlined HTML, so deploying via the API is simply a `POST /api/v1/pages` with `"sandbox_mode": "relaxed"`.
+There is no server-side build endpoint, by design: builds always run on the client (see [Deploy built apps](#deploy-built-apps)). The API only ever receives already-built output — single-file deploys are a `POST /api/v1/pages` with `"sandbox_mode": "relaxed"`; multi-file sites are a `POST /api/v1/sites` with a base64 file manifest, served per-slug at `view.htmlship.com/{slug}/`.
 
 ## Rendering
 
@@ -169,11 +182,13 @@ Rendered HTML is served from `view.htmlship.com/{slug}`. **Strict** pages (the d
 
 **Relaxed** pages (`sandbox_mode: "relaxed"`, used by `deploy`) let the page's own inline scripts run but isolate them with `Content-Security-Policy: sandbox allow-scripts` — deliberately *without* `allow-same-origin`. That forces an opaque origin, so a deployed app cannot read cookies, touch `localStorage`, or fetch other pages same-origin. `connect-src 'none'` additionally blocks network egress. The body is still served verbatim; isolation is enforced entirely by response headers, with no change to the single-file storage model.
 
+**Multi-file sites** (`deploy` of a Next.js export or `--site`) are served at `view.htmlship.com/{slug}/` from a per-slug file tree. Each response carries the same opaque-origin `sandbox` CSP, additionally path-scoped to `/{slug}/` (`script-src`/`style-src`/`img-src`/`font-src` are pinned to that prefix). Per-slug isolation therefore comes from the CSP, not from the URL path — one slug's scripts can't read another's, and `connect-src 'none'` blocks egress just as for single-file pages.
+
 The app routes by `Host` header:
 
 - `htmlship.com` serves the landing page
 - `api.htmlship.com` serves the API and landing assets
-- `view.htmlship.com/{slug}` serves sandboxed HTML
+- `view.htmlship.com/{slug}` serves a sandboxed single page; `view.htmlship.com/{slug}/…` serves a multi-file site's tree
 
 For local development without DNS, append `?_host=view.htmlship.com` (or your configured view host) to spoof the host header, for example:
 

{htmlship-0.2.0 → htmlship-0.3.1}/pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "htmlship"
-version = "0.2.0"
+version = "0.3.1"
 description = "Host and share HTML pages from LLMs and coding agents in one line."
 readme = "README.md"
 requires-python = ">=3.12"

htmlship-0.3.1/src/htmlship/_version.py

@@ -0,0 +1 @@
+__version__ = "0.3.1"

{htmlship-0.2.0 → htmlship-0.3.1}/src/htmlship/build.py

@@ -115,8 +115,42 @@ def _exec(command: str, cwd: Path, timeout: int, log: LogFn) -> None:
         raise HTMLShipError(f"build exited with code {result.returncode}: `{command}`")
 
 
+# Static-site output directories, in priority order. `out` covers static
+# exports (e.g. Next.js `output: "export"`, Nuxt `nuxi generate`).
+_OUTPUT_DIR_CANDIDATES = ["dist", "build", "out"]
+_NEXT_CONFIGS = ("next.config.js", "next.config.mjs", "next.config.ts", "next.config.cjs")
+
+
+def _looks_like_nextjs(directory: Path) -> bool:
+    if (directory / ".next").exists():
+        return True
+    return any((directory / f).exists() for f in _NEXT_CONFIGS)
+
+
+def _is_next_server_build(directory: Path) -> bool:
+    # A Next.js server build (`.next`, or renamed via `distDir`) has a BUILD_ID
+    # and server/ chunks but no static HTML entry.
+    return (directory / "BUILD_ID").exists() or (
+        (directory / "server").exists() and (directory / "static").exists()
+    )
+
+
+def _no_output_message(directory: Path) -> str:
+    looked = ", ".join(f"{c}/" for c in _OUTPUT_DIR_CANDIDATES)
+    base = f"no build output found (looked for {looked}; use out to specify)"
+    if _looks_like_nextjs(directory):
+        return (
+            base + ". This looks like a Next.js app: `next build` writes a server build to "
+            '.next/, which is not statically hostable. Add `output: "export"` to your '
+            "next.config to emit a static out/ folder, then re-run. Note: deploy inlines a "
+            "single-page static app — server-rendered or multi-route Next.js sites are not "
+            "supported."
+        )
+    return base
+
+
 def resolve_output_dir(directory: Path, override: str | None = None) -> Path:
-    candidates = [override] if override else ["dist", "build"]
+    candidates = [override] if override else _OUTPUT_DIR_CANDIDATES
     for c in candidates:
         assert c is not None
         p = Path(c) if Path(c).is_absolute() else directory / c
@@ -124,7 +158,44 @@ def resolve_output_dir(directory: Path, override: str | None = None) -> Path:
             return p
     if override:
         raise HTMLShipError(f"build output dir not found: {override}")
-    raise HTMLShipError("no build output found (looked for dist/ and build/; use out to specify)")
+    raise HTMLShipError(_no_output_message(directory))
+
+
+def _no_entry_message(out_dir: Path, htmls: list[str]) -> str:
+    if _is_next_server_build(out_dir):
+        return (
+            f"no static HTML entry in {out_dir} — this looks like a Next.js server build, not a "
+            'static site. Set `output: "export"` in your next.config (this emits a fully static '
+            "out/ folder); changing distDir alone only renames the server build. Note: apps that "
+            "use middleware or server rendering cannot be statically exported."
+        )
+    if len(htmls) > 1:
+        shown = ", ".join(htmls[:4]) + (", …" if len(htmls) > 4 else "")
+        return (
+            f"no index.html in {out_dir}, but found {len(htmls)} HTML files ({shown}). deploy "
+            "ships a single page — pass entry to choose one."
+        )
+    return f"entry HTML not found in {out_dir} (looked for index.html); pass entry to specify it."
+
+
+def resolve_entry(out_dir: Path, entry_override: str | None = None) -> Path:
+    """Pick the entry HTML in the output dir, trying common single-page names."""
+    if entry_override:
+        p = out_dir / entry_override
+        if p.exists():
+            return p
+        raise HTMLShipError(f"entry HTML not found: {p}")
+    for name in ("index.html", "200.html", "index.htm"):
+        p = out_dir / name
+        if p.exists():
+            return p
+    try:
+        htmls = sorted(f.name for f in out_dir.iterdir() if f.suffix.lower() == ".html")
+    except OSError:
+        htmls = []
+    if len(htmls) == 1:
+        return out_dir / htmls[0]
+    raise HTMLShipError(_no_entry_message(out_dir, htmls))
 
 
 # --- single-file inliner ----------------------------------------------------
@@ -297,6 +368,125 @@ def format_bytes(n: int) -> str:
     return f"{n / (1024 * 1024):.2f} MB"
 
 
+# --- multi-file site deploy -------------------------------------------------
+
+SITE_BASE_PLACEHOLDER = "/__htmlship_base__"
+_NEXT_CONFIG_FILES = ("next.config.mjs", "next.config.js", "next.config.cjs", "next.config.ts")
+
+
+def is_next_project(directory: Path) -> bool:
+    if any((directory / f).exists() for f in _NEXT_CONFIG_FILES):
+        return True
+    pkg = directory / "package.json"
+    if not pkg.exists():
+        return False
+    try:
+        data = json.loads(pkg.read_text(encoding="utf-8"))
+    except Exception:
+        return False
+    deps = {**(data.get("dependencies") or {}), **(data.get("devDependencies") or {})}
+    return "next" in deps
+
+
+def _inject_next_base(directory: Path) -> Callable[[], None]:
+    """Make a Next build emit a static export based at the placeholder; return cleanup()."""
+    existing = next((f for f in _NEXT_CONFIG_FILES if (directory / f).exists()), None)
+    if existing and existing.endswith(".ts"):
+        raise HTMLShipError(
+            "Next .ts config isn't auto-configured yet. Temporarily set basePath and "
+            f'assetPrefix to "{SITE_BASE_PLACEHOLDER}" and output: "export" in '
+            "next.config.ts, or convert it to next.config.mjs, then re-run."
+        )
+    wrapper = directory / "next.config.mjs"
+    base = SITE_BASE_PLACEHOLDER
+
+    if not existing:
+        wrapper.write_text(
+            f"export default {{ output: 'export', basePath: '{base}', assetPrefix: '{base}', "
+            f"images: {{ unoptimized: true }}, trailingSlash: true }};\n",
+            encoding="utf-8",
+        )
+
+        def cleanup_new() -> None:
+            wrapper.unlink(missing_ok=True)
+
+        return cleanup_new
+
+    ext = Path(existing).suffix
+    backup = directory / f"next.config.__hsorig__{ext}"
+    (directory / existing).rename(backup)
+    wrapper.write_text(
+        f"import orig from './{backup.name}';\n"
+        f"const base = '{base}';\n"
+        "const over = { output: 'export', basePath: base, assetPrefix: base, "
+        "images: { ...(typeof orig === 'object' && orig ? orig.images : {}), unoptimized: true }, "
+        "trailingSlash: true };\n"
+        "export default typeof orig === 'function' "
+        "? ((...a) => ({ ...orig(...a), ...over })) : { ...orig, ...over };\n",
+        encoding="utf-8",
+    )
+
+    def cleanup_wrap() -> None:
+        wrapper.unlink(missing_ok=True)
+        if backup.exists():
+            backup.rename(directory / existing)
+
+    return cleanup_wrap
+
+
+def package_site(out_dir: Path, max_bytes: int = 10 * 1024 * 1024) -> tuple[list[dict], int]:
+    """Walk an output dir into a base64 file manifest, enforcing the size cap."""
+    files: list[dict] = []
+    total = 0
+    for p in sorted(out_dir.rglob("*")):
+        if p.is_file():
+            data = p.read_bytes()
+            total += len(data)
+            if total > max_bytes:
+                raise HTMLShipError(f"site exceeds the {max_bytes // (1024 * 1024)} MB limit")
+            files.append(
+                {
+                    "path": p.relative_to(out_dir).as_posix(),
+                    "content": base64.b64encode(data).decode("ascii"),
+                }
+            )
+    return files, total
+
+
+def build_and_package_site(
+    directory: Path,
+    *,
+    build_cmd: str | None = None,
+    out: str | None = None,
+    entry: str | None = None,
+    install: bool = False,
+    timeout: int = DEFAULT_BUILD_TIMEOUT,
+    log: LogFn = _noop,
+) -> tuple[list[dict], int, str]:
+    """Detect, build (with Next base injection), and package a multi-file site."""
+    project = detect_project(directory, build_cmd)
+    is_next = not build_cmd and is_next_project(directory)
+    log(f"project:   {directory}")
+    log(f"pkg mgr:   {project.package_manager}")
+    log(f"framework: {'next.js (static export)' if is_next else 'multi-file'}")
+
+    cleanup = _inject_next_base(directory) if is_next else (lambda: None)
+    try:
+        if is_next:
+            log(f"base:      {SITE_BASE_PLACEHOLDER} (injected for path hosting)")
+        run_build(project, install=install, build_cmd=build_cmd, timeout=timeout, log=log)
+    finally:
+        cleanup()
+
+    out_dir = resolve_output_dir(directory, out)
+    entry_file = resolve_entry(out_dir, entry)
+    entry_rel = entry_file.relative_to(out_dir).as_posix()
+    files, total = package_site(out_dir)
+    log(f"output:    {out_dir}")
+    log(f"packaged:  {len(files)} files, {format_bytes(total)}")
+    return files, total, entry_rel
+
+
 def build_and_inline(
     directory: Path,
     *,
@@ -316,7 +506,7 @@ def build_and_inline(
     run_build(project, install=install, build_cmd=build_cmd, timeout=timeout, log=log)
 
     out_dir = resolve_output_dir(directory, out)
-    entry_file = out_dir / (entry or "index.html")
+    entry_file = resolve_entry(out_dir, entry)
     result = inline_html(out_dir, entry_file)
     log(f"output:    {out_dir}")
     log(f"inlined:   {format_bytes(result.bytes)} single HTML")

{htmlship-0.2.0 → htmlship-0.3.1}/src/htmlship/cli.py

@@ -179,10 +179,12 @@ def publish(
 @main.command()
 @click.argument("dir", required=False, default=".")
 @click.option("--build-cmd", default=None, help="Override the build command (default: detected from package.json).")
-@click.option("--out", default=None, help="Build output dir (default: auto-detect dist/ or build/).")
+@click.option("--out", default=None, help="Build output dir (default: auto-detect dist/, build/, out/).")
 @click.option("--entry", default=None, help="Entry HTML within the output dir (default: index.html).")
+@click.option("--site", is_flag=True, help="Force multi-file site hosting (auto-detected for Next.js).")
+@click.option("--single-file", is_flag=True, help="Force single-file inlining (one self-contained page).")
 @click.option("--install", is_flag=True, help="Run dependency install before building.")
-@click.option("--dry-run", is_flag=True, help="Build and inline, but report a summary instead of publishing.")
+@click.option("--dry-run", is_flag=True, help="Build, but report a summary instead of publishing.")
 @click.option("--title", default=None, help="Optional title.")
 @click.option("--password", default=None, help="Password-protect the page.")
 @click.option(
@@ -200,6 +202,8 @@ def deploy(
     build_cmd: str | None,
     out: str | None,
     entry: str | None,
+    site: bool,
+    single_file: bool,
     install: bool,
     dry_run: bool,
     title: str | None,
@@ -208,56 +212,76 @@ def deploy(
     no_clipboard: bool,
     quiet: bool,
 ) -> None:
-    """Build a frontend project and publish the compiled app as one self-contained page.
+    """Build a frontend project and deploy it.
 
-    Runs the project's build script locally, inlines the output into a single
-    HTML file, and publishes it with relaxed sandboxing so its JavaScript runs
-    in an isolated origin.
+    Single-page apps (Vite/CRA) are inlined into one self-contained page;
+    multi-file sites (Next.js static export, auto-detected) are hosted at
+    view.htmlship.com/{slug}/. Either way the build runs locally and the result
+    runs with relaxed sandboxing (isolated origin).
 
     Examples:
 
       htmlship deploy ./my-app
-      htmlship deploy --build-cmd "vite build" --out dist
+      htmlship deploy ./my-next-app           # multi-file, auto-detected
+      htmlship deploy --site --build-cmd "astro build" --out dist
     """
     from pathlib import Path
 
-    from .build import MAX_PAYLOAD_BYTES, build_and_inline, format_bytes
+    from .build import (
+        MAX_PAYLOAD_BYTES,
+        build_and_inline,
+        build_and_package_site,
+        format_bytes,
+        is_next_project,
+    )
 
     project_dir = Path(dir).resolve()
     log = (lambda _m: None) if quiet else (lambda m: click.echo(m, err=True))
-
-    try:
-        result = build_and_inline(
-            project_dir,
-            build_cmd=build_cmd,
-            out=out,
-            entry=entry,
-            install=install,
-            log=log,
-        )
-    except HTMLShipError as exc:
-        raise click.ClickException(str(exc)) from exc
-
-    if result.bytes > MAX_PAYLOAD_BYTES:
-        raise click.ClickException(
-            f"inlined page is {format_bytes(result.bytes)}, exceeds the 10 MB limit"
-        )
-
-    if dry_run:
-        log("dry-run:   built and inlined OK; not published")
-        return
+    use_site = False if single_file else (site or is_next_project(project_dir))
 
     client = _make_client(ctx.obj["api_url"])
     try:
-        page = client.publish(
-            result.html,
-            title=title,
-            password=password,
-            expires_in=expires_in,
-            sandbox_mode="relaxed",
-        )
-    except HTMLShipError as exc:
-        raise click.ClickException(str(exc)) from exc
+        if use_site:
+            try:
+                files, _bytes, entry_rel = build_and_package_site(
+                    project_dir, build_cmd=build_cmd, out=out, entry=entry, install=install, log=log
+                )
+            except HTMLShipError as exc:
+                raise click.ClickException(str(exc)) from exc
+            if dry_run:
+                log("dry-run:   built and packaged OK; not published")
+                return
+            try:
+                page = client.deploy_site(
+                    files, entry=entry_rel, title=title, password=password, expires_in=expires_in
+                )
+            except HTMLShipError as exc:
+                raise click.ClickException(str(exc)) from exc
+        else:
+            try:
+                result = build_and_inline(
+                    project_dir, build_cmd=build_cmd, out=out, entry=entry, install=install, log=log
+                )
+            except HTMLShipError as exc:
+                raise click.ClickException(str(exc)) from exc
+            if result.bytes > MAX_PAYLOAD_BYTES:
+                raise click.ClickException(
+                    f"inlined page is {format_bytes(result.bytes)}, exceeds the 10 MB limit "
+                    "— try --site for multi-file hosting"
+                )
+            if dry_run:
+                log("dry-run:   built and inlined OK; not published")
+                return
+            try:
+                page = client.publish(
+                    result.html,
+                    title=title,
+                    password=password,
+                    expires_in=expires_in,
+                    sandbox_mode="relaxed",
+                )
+            except HTMLShipError as exc:
+                raise click.ClickException(str(exc)) from exc
     finally:
         client.close()
 
@@ -270,7 +294,8 @@ def deploy(
     click.echo(page.url)
     click.echo(f"slug:      {page.slug}", err=True)
     click.echo(f"owner_key: {page.owner_key}  (saved to {KEYS_FILE})", err=True)
-    click.echo("sandbox:   relaxed (scripts run in an isolated origin)", err=True)
+    suffix = " · multi-file site" if use_site else ""
+    click.echo(f"sandbox:   relaxed{suffix} (scripts run in an isolated origin)", err=True)
     if page.expires_at:
         click.echo(f"expires:   {page.expires_at.isoformat()}", err=True)
     if not no_clipboard and _try_clipboard(page.url):

{htmlship-0.2.0 → htmlship-0.3.1}/src/htmlship/client.py

@@ -132,6 +132,74 @@ class HTMLShipClient:
             sandbox_mode="relaxed",
         )
 
+    def deploy_site(
+        self,
+        files: list[dict],
+        *,
+        entry: str = "index.html",
+        title: str | None = None,
+        password: str | None = None,
+        expires_in: int | None = None,
+    ) -> Page:
+        """Upload a multi-file static site (built locally). Returns a Page."""
+        body: dict[str, Any] = {"files": files, "entry": entry}
+        if title is not None:
+            body["title"] = title
+        if password is not None:
+            body["password"] = password
+        if expires_in is not None:
+            body["expires_in"] = expires_in
+        r = self._http.post("/api/v1/sites", json=body)
+        data = self._handle(r)
+        return Page(
+            slug=data["slug"],
+            url=data["url"],
+            owner_key=data["owner_key"],
+            expires_at=_parse_dt(data.get("expires_at")),
+            created_at=_parse_dt(data.get("created_at")),
+            _client=self,
+        )
+
+    def deploy_project(
+        self,
+        project_dir: str | Any,
+        *,
+        site: bool | None = None,
+        single_file: bool = False,
+        build_cmd: str | None = None,
+        out: str | None = None,
+        entry: str | None = None,
+        install: bool = False,
+        title: str | None = None,
+        password: str | None = None,
+        expires_in: int | None = None,
+    ) -> Page:
+        """Build a local project and deploy it, auto-choosing single-file inlining
+        (SPA) vs. multi-file site hosting (Next.js, or when ``site`` is set)."""
+        from pathlib import Path
+
+        from .build import build_and_package_site, is_next_project
+
+        directory = Path(project_dir)
+        use_site = False if single_file else (site if site is not None else is_next_project(directory))
+        if use_site:
+            files, _bytes, entry_rel = build_and_package_site(
+                directory, build_cmd=build_cmd, out=out, entry=entry, install=install
+            )
+            return self.deploy_site(
+                files, entry=entry_rel, title=title, password=password, expires_in=expires_in
+            )
+        return self.deploy(
+            project_dir,
+            build_cmd=build_cmd,
+            out=out,
+            entry=entry,
+            install=install,
+            title=title,
+            password=password,
+            expires_in=expires_in,
+        )
+
     def get(self, slug: str) -> Page:
         """Fetch metadata for a page. owner_key is None on the returned object."""
         r = self._http.get(f"/api/v1/pages/{slug}")

htmlship-0.3.1/src/htmlship_mcp/__init__.py

@@ -0,0 +1 @@
+__version__ = "0.3.1"