spec.md

Create C1 App - NPM Package Specification

Overview

A CLI tool that creates a Next.js project, authenticates users with an API service, generates API keys, and stores them using dotenv.

Architecture

Core Components

1. CLI Interface (bin/create-c1-app)

   • Entry point for the tool
   • Interactive prompts using inquirer
   • Progress indicators and user feedback

2. Project Generator (src/generators/project.ts)

   • Creates Next.js project using create-next-app
   • Configures project structure
   • Installs additional dependencies

3. Authentication Module (src/auth/authenticator.ts)

   • Handles user authentication flow
   • Manages session tokens
   • Validates credentials

4. API Key Manager (src/api/keyManager.ts)

   • Generates API keys via authenticated API calls
   • Validates key permissions
   • Handles key refresh/rotation

5. Environment Manager (src/env/envManager.ts)

   • Integrates with dotenv
   • Securely stores API keys
   • Manages environment configuration

Workflow

Step 1: Project Initialization

1. Prompt for project name and configuration
2. Create Next.js project using create-next-app
3. Navigate to project directory
4. Install additional dependencies (dotenv, API client)

Step 2: User Authentication (Optional)

1. Prompt for API service credentials (email/password or token)
2. Authenticate with API service
3. Store session token securely
4. Validate authentication status
Note: Skipped when --api-key flag is provided

Step 3: API Key Generation (Optional)

1. Use authenticated session to request API key
2. Specify key permissions/scopes if needed
3. Receive and validate API key
4. Handle any rate limiting or quota restrictions
Note: Skipped when --api-key flag is provided

Step 4: Environment Setup

1. Set up dotenv in project
2. Create .env file with API key
3. Add .env to .gitignore
4. Configure Next.js for environment variables

Dependencies

Core Dependencies

• inquirer - Interactive CLI prompts
• chalk - Terminal colors and styling
• ora - Loading spinners
• execa - Process execution
• fs-extra - Enhanced file system operations

TypeScript Dependencies

• typescript - TypeScript compiler
• @types/node - Node.js type definitions
• @types/inquirer - Inquirer type definitions
• ts-node - TypeScript execution environment

Project Dependencies (installed in generated project)

• dotenv - Environment variables
• Custom API client library (if applicable)

File Structure

create-c1-app/
├── package.json
├── tsconfig.json              # TypeScript configuration
├── bin/
│   └── create-c1-app              # CLI entry point
├── src/
│   ├── index.ts               # Main orchestrator
│   ├── types/
│   │   └── index.ts           # TypeScript type definitions
│   ├── generators/
│   │   └── project.ts         # Next.js project creation
│   ├── auth/
│   │   └── authenticator.ts   # Authentication handling
│   ├── api/
│   │   └── keyManager.ts      # API key management
│   ├── env/
│   │   └── envManager.ts      # Environment setup
│   └── utils/
│       ├── logger.ts          # Logging utilities
│       ├── validation.ts      # Input validation
│       └── spinner.ts         # Progress indicators
├── dist/                      # Compiled JavaScript output
├── templates/
│   └── nextjs/                # Next.js templates/configs
└── README.md

Configuration Options

CLI Arguments

• --project-name (-n) - Specify project name
• --template (-t) - Next.js template (app/pages router)
• --api-key (-k) - API key to use (skips authentication and key generation)
• --debug (-d) - Enable debug logging

Environment Variables

• CREATE_C1_APP_ENDPOINT - Default API endpoint
• CREATE_C1_APP_TOKEN - Pre-existing auth token
• CREATE_C1_APP_DEBUG - Enable debug logging

Security Considerations

1. Credential Storage

   • Never store plaintext credentials
   • Use system keychain when possible
   • Temporary session tokens only

2. API Key Protection

   • Set up with dotenv
   • Generate unique keys per project
   • Implement key rotation capabilities

3. Network Security

   • Use HTTPS for all API calls
   • Validate SSL certificates
   • Implement request timeout/retry logic

Error Handling

Authentication Errors

• Invalid credentials → Re-prompt with helpful message
• Network errors → Retry with exponential backoff
• Rate limiting → Wait and inform user

Project Creation Errors

• Directory exists → Prompt for overwrite/rename
• Permission errors → Suggest alternative location
• Dependency installation fails → Provide manual steps

API Key Errors

• Generation fails → Retry with user confirmation
• Invalid permissions → Show available options
• Quota exceeded → Display usage information

Testing Strategy

1. Unit Tests

   • Each module independently tested
   • Mock external API calls
   • Validate input/output contracts

2. Integration Tests

   • End-to-end tool flow
   • Real API interactions (test environment)
   • File system operations

3. CLI Tests

   • Command parsing and validation
   • Interactive prompt flows
   • Error scenario handling

Future Enhancements

1. Developer Experience
   • Auto-completion for bash/zsh
   • VS Code extension
   • Documentation generation
   • Usage analytics (opt-in)

Success Criteria

1. ✅ Creates functional Next.js project
2. ✅ Successfully authenticates users
3. ✅ Generates valid API keys
4. ✅ Stores credentials with dotenv
5. ✅ Provides clear error messages
6. ✅ Works across platforms (macOS, Linux, Windows)
7. ✅ Complete in under 2 minutes for typical usage

Implementation Phases

Phase 1: Core Functionality

• Basic CLI structure
• Next.js project creation
• Simple authentication flow

Phase 2: Security & Environment

• dotenv integration
• Secure credential storage
• Environment validation

Phase 3: Polish & Testing

• Error handling improvements
• Comprehensive testing
• Documentation and examples