feat(cli): add insforge config export/plan/apply (MVP)

[tonychang04]

Companion to: InsForge/InsForge#1216 (backend half — extends `/api/metadata` to surface `auth.allowed_redirect_urls`)

What

Adds three CLI commands that round-trip a single TOML field — [auth] allowed_redirect_urls — between `insforge.toml` and the live project state:

```bash
insforge config export # GET /api/metadata → write insforge.toml
insforge config plan # diff TOML vs metadata, print plan
insforge config apply # plan → confirm → PUT /api/auth/config
```

This is the smallest possible vertical slice of the config-as-code feature. Everything else (SMTP, OAuth providers, custom domains, etc.) is matrix-fill on top of this architecture.

Why

Agents can't make fine-grained config changes today — setting up a custom domain, configuring SMTP, changing an auth redirect URL all require dashboard clicks (invisible, not reproducible) or per-field CLI subcommands (sprawls fast, no PR diff). With ~100 config knobs across the platform, per-field CLI is the wrong shape.

This PR ships the TOML + apply loop with the smallest possible scope so the architecture proves out before we widen the surface. Full design in `spec-toml-mvp.md` and `proposal-insforge-config-toml.md`.

What this PR contains

9 commits, all on `feat/insforge-toml-mvp` off `main`:

• `chore(cli): add smol-toml for insforge.toml parsing`
• `feat(cli): add config schema for v1 MVP` — types + validator
• `feat(cli): add TOML <-> JSON codec` — parse + stringify with stable ordering
• `feat(cli): add structured per-section config diff` — default-keep semantics
• `feat(cli): add human-readable plan formatter` — human + JSON output
• `feat(cli): scaffold insforge config subcommand` — registrar in src/index.ts
• `feat(cli): add insforge config export`
• `feat(cli): add insforge config plan`
• `feat(cli): add insforge config apply` — plan-confirm-apply with --dry-run / --auto-approve

Lib: 6 files in `src/lib/config-{schema,toml,diff,format}.ts` + tests
Commands: 4 files in `src/commands/config/{index,export,plan,apply}.ts`
Tests: 12 vitest tests, all green

What this PR does NOT do

• No new server endpoints (read uses existing `/api/metadata`; write uses existing `PUT /api/auth/config`)
• No matrix-fill — only `[auth] allowed_redirect_urls` is wired. Future sections each add ~50 LOC to this same dispatch table.
• No `config pull` — `config export` does that job (overwrites with --force, prompts otherwise)
• No three-way diff with `last_applied` — v1 stateless; `plan` shows file ↔ live, that's enough for now

Behaviors that distinguish this from Supabase `config push`

1. Plan first, always. `apply` prints the diff before any write; prompts (unless `--auto-approve`).
2. Default-keep. Items in DB that aren't in the file are kept (no silent overwrite). `--prune` opt-in coming with future sections that need it.
3. Idempotent. Re-applying converged state is a strict no-op — verified in the smoke test.

Smoke test (against mock backend)

End-to-end loop verified locally:

1. `config export` writes `insforge.toml` from `GET /api/metadata` ✓
2. `config plan` on converged state: "No changes. Live state matches insforge.toml." ✓
3. Edit TOML → `config plan` shows: `~ allowed_redirect_urls: ["a"] → ["a","b","c"]` ✓
4. `config apply --auto-approve` calls `PUT /api/auth/config`, reports `✓ Applied (0 added, 1 modified, 0 removed)` ✓
5. Re-apply is a no-op (idempotence) ✓
6. Mock backend live state matches what's in TOML ✓

Test plan

• `npx vitest run src/lib/config-toml.test.ts src/lib/config-diff.test.ts src/lib/config-format.test.ts` — 12/12 green
• `npm run build` — clean, 311KB ESM dist
• `node dist/index.js config --help` shows export/plan/apply
• End-to-end against mock backend (above)
• Live E2E against running InsForge backend (requires backend PR `#1216` merged + project linked)

🤖 Generated with Claude Code

---

Summary by cubic

Adds insforge config export/plan/apply to manage [auth] allowed_redirect_urls via insforge.toml, now with backend capability probing. Unsupported fields are skipped safely; export only writes fields the backend exposes, and JSON output is a single, machine‑readable document.

• New Features

  • insforge config export: reads /api/metadata, writes insforge.toml; emits only supported fields and reports skipped.
  • insforge config plan: diffs file vs live (human or JSON) and lists skipped paths when the backend omits a field.
  • insforge config apply: shows plan, prompts unless --auto-approve/-y, supports --dry-run; per-change gate applies only supported fields; writes via PUT /api/auth/config.
  • Minimal v1 schema, TOML↔JSON codec with stable ordering, and a plan formatter. Plan-first, default-keep, idempotent.

• Bug Fixes

  • Diff normalizes allowed_redirect_urls (sort + dedupe); reordering/duplicates produce no diff; emitted values are normalized.
  • apply --json prints one JSON object { plan, applied, skipped }, honors -y/--yes, and requires explicit consent in --json.
  • export --json fails fast if the output file exists without --force instead of prompting.
  • Improved error reporting and lint cleanup: TOML parse errors preserve the original cause; strict equality and type-only imports applied.

^{Written for commit d8d34a6. Summary will update on new commits.}

Summary by CodeRabbit

• New Features

  • Added a top-level "config" command with export, plan, and apply subcommands; plan shows diffs (text or JSON), export writes TOML with overwrite/force handling, apply supports dry‑run, auto‑approve, and JSON output.

• Bug Fixes / Behavior

  • Apply only updates allowed redirect URLs, skips unsupported sections and reports skipped items with reasons.

• Tests

  • Added comprehensive tests for diffing, plan formatting, TOML parse/serialize, validation, capability probing, and CLI flows.

• Chores

  • Added smol-toml dependency and updated posthog-node.

[coderabbitai]

Walkthrough

This PR introduces a config management system for the InsForge CLI. It adds TOML parsing via smol-toml, defines configuration schemas with validation, and implements three new CLI commands (config export, config plan, config apply) to manage project configuration stored in insforge.toml files.

Changes

Config Management System

Layer / File(s)	Summary
Dependencies package.json	Added smol-toml ^1.6.1 for TOML parsing; posthog-node ^5.28.9 is present.
Config Data Schema src/lib/config-schema.ts	Introduces InsforgeConfig, AuthConfig interfaces and ConfigValidationError class; adds validateConfig for shape checks.
TOML Parsing & Serialization src/lib/config-toml.ts, src/lib/config-toml.test.ts	Implements parseConfigToml (TOML → validated config) and stringifyConfigToml (config → deterministic TOML) with round-trip and parse/error tests.
Diff Computation src/lib/config-diff.ts, src/lib/config-diff.test.ts	Implements diffConfig to detect normalized modifications to auth.allowed_redirect_urls and produce DiffResult with summary counts.
Plan Formatting src/lib/config-format.ts, src/lib/config-format.test.ts	Implements formatPlan to render grouped, human-readable plans and summary lines; tests for formatted and empty outputs.
Backend Capability Probing src/lib/config-capabilities.ts, src/lib/config-capabilities.test.ts	Adds metadataSupports and changePath to detect backend support from raw /api/metadata shapes; includes presence/null/empty tests.
Config CLI Commands src/commands/config/index.ts, src/commands/config/export.ts, src/commands/config/plan.ts, src/commands/config/apply.ts	Adds config command group and three subcommands: export (fetch metadata → write TOML), plan (diff → print/JSON), and apply (confirm and PUT changes; supports auth.allowed_redirect_urls).
CLI Command Tests src/commands/config/*.test.ts	Adds Vitest suites for config export, config plan, and config apply exercising capability probing, JSON outputs, file writing, and apply semantics with mocked API responses.
Main CLI Integration src/index.ts	Imports and registers the config command group into the root CLI program.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~25 minutes

Poem

🐰 I sniffed the TOML in the breeze,
I sorted URLs with gentle ease,
I planned the diff beneath the moon,
I wrote the file and hummed a tune,
Now tiny configs hop into place.

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 26.32% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately summarizes the main change: adding three new CLI config commands (export/plan/apply) to manage the insforge.toml configuration file.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/insforge-toml-mvp

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/commands/config/apply.ts`:
- Around line 85-88: The applyChange function currently declares an unused
parameter file; remove file from the applyChange signature (async function
applyChange(change: DiffChange): Promise<void>) and update all callers to stop
passing that argument, and update any related overload/alternate applyChange
declaration that also lists file to match (remove the unused file parameter
there as well); ensure TypeScript types and imports remain consistent after the
signature change.
- Around line 42-44: The code emits two JSON objects when the json flag is set
(see the if (json) { console.log(JSON.stringify(result, null, 2)); } else { ...
} blocks and the similar block at lines 69-71), breaking callers expecting a
single JSON payload; change both places to avoid multiple prints by composing a
single JSON document (e.g., create a combined object containing plan and apply
fields or replace the earlier plan print with storing plan data into a shared
result object) and call JSON.stringify exactly once at the end when json is
true, leaving the non-json branches unchanged; update the branches that
reference json, result, and any planResult/applyResult variables so only one
console.log(JSON.stringify(...)) is executed per invocation.

In `@src/commands/config/export.ts`:
- Around line 26-35: The current export flow prompts via p.confirm (and checks
p.isCancel) when the target exists, which will hang in non-interactive runs when
opts.json is true; change the logic in the block that checks existsSync(target)
to first check opts.json and, if opts.json is set and opts.force is not true,
fail fast (emit an error/JSON error output or return non-zero) instead of
calling p.confirm; otherwise preserve the existing behavior (if not json and not
force, call p.confirm and handle p.isCancel). Ensure you update the branch that
references target, opts.out, opts.force, p.confirm and p.isCancel accordingly.

In `@src/lib/config-diff.ts`:
- Around line 40-42: The comparison of allowed_redirect_urls is order-sensitive
and can produce churn; before calling arrayEquals on fromV and toV, normalize
both allowed_redirect_urls (e.g., in the logic surrounding fromV/toV) by making
deterministic sets—sort the arrays (and optionally deduplicate) so order
differences don't trigger arrayEquals, and apply the same normalization for the
other occurrence referenced around lines 64-67; update the code that builds
fromV/toV to use the normalized arrays before comparing.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d9b09d7d-6581-47e7-9c99-46d96f39511d

📥 Commits

Reviewing files that changed from the base of the PR and between e94452a and 6db1718.

⛔ Files ignored due to path filters (1)

• package-lock.json is excluded by !**/package-lock.json

📒 Files selected for processing (13)

• package.json
• src/commands/config/apply.ts
• src/commands/config/export.ts
• src/commands/config/index.ts
• src/commands/config/plan.ts
• src/index.ts
• src/lib/config-diff.test.ts
• src/lib/config-diff.ts
• src/lib/config-format.test.ts
• src/lib/config-format.ts
• src/lib/config-schema.ts
• src/lib/config-toml.test.ts
• src/lib/config-toml.ts

[cubic-dev-ai]

3 issues found across 14 files

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/commands/config/apply.ts">

<violation number="1" location="src/commands/config/apply.ts:43">
P2: `--json` apply emits two JSON documents (plan and applied result), which makes machine parsing unreliable.</violation>

<violation number="2" location="src/commands/config/apply.ts:53">
P2: The confirmation guard does not honor global `-y/--yes`, so non-interactive runs can still block on a prompt.</violation>
</file>

<file name="src/commands/config/export.ts">

<violation number="1" location="src/commands/config/export.ts:26">
P2: Skip the overwrite confirmation prompt in `--json` mode so export remains non-interactive and machine-readable.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review, or fix all with cubic.}

[cubic-dev-ai]

1 issue found across 9 files (changes from recent commits).

Prompt for AI agents (unresolved issues)

Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.


<file name="src/commands/config/apply.ts">

<violation number="1" location="src/commands/config/apply.ts:103">
P2: `--json` output now uses inconsistent types for `applied` across branches (boolean vs array), which can break automation parsing idempotent/no-op runs.</violation>
</file>

_{Tip: Review your code locally with the cubic CLI to iterate faster.
Fix all with cubic}

[cubic-dev-ai]

P2: --json output now uses inconsistent types for applied across branches (boolean vs array), which can break automation parsing idempotent/no-op runs.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At src/commands/config/apply.ts, line 103:

<comment>`--json` output now uses inconsistent types for `applied` across branches (boolean vs array), which can break automation parsing idempotent/no-op runs.</comment>

<file context>
@@ -78,19 +79,44 @@ export function registerConfigApplyCommand(cfg: Command): void {
         if (json) {
           console.log(
-            JSON.stringify({ plan: result, applied: true, changes: result.changes }, null, 2),
+            JSON.stringify({ plan: result, applied, skipped }, null, 2),
           );
         } else {
</file context>

Suggested change

	JSON.stringify({ plan: result, applied, skipped }, null, 2),
	JSON.stringify({ plan: result, applied: applied.length > 0, changes: applied, skipped }, null, 2),

_{Tip: Review your code locally with the cubic CLI to iterate faster.}

[coderabbitai]

Actionable comments posted: 4

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/commands/config/apply.test.ts`:
- Around line 35-44: The test's vi.mock call is using a TypeScript "typeof
import('../../lib/errors.js')" annotation on the orig call which breaks CI;
change the mock to call the original factory without the typeof import
annotation (i.e. use await orig() to get the actual module) and keep the
override of handleError (vi.fn((err: unknown) => { throw err; })) intact so
tests can inspect thrown errors — update the code around the vi.mock(...) block
and the const actual assignment that currently uses typeof import(...) to
instead use await orig() or equivalent.

In `@src/commands/config/export.test.ts`:
- Around line 28-36: The vi.mock call is using the lint-problematic pattern
"await orig<typeof import(... )>()"; change it to get the original module
without the typeof-import generic and then cast the result to the module type
before spreading. Concretely, inside the vi.mock callback for the errors module,
replace the generic await orig<typeof import('../../lib/errors.js')>() with
const actual = await orig() and then treat actual as the proper module type
(e.g., cast to typeof import('../../lib/errors.js')) before returning
{...actual, handleError: vi.fn((err: unknown) => { throw err; })}; this removes
the typeof import() usage while preserving the handleError mock.

In `@src/commands/config/plan.test.ts`:
- Around line 28-36: Remove the inline typeof import() generic on the await orig
call and instead import the module type with a top-level type import (e.g. add
"import type * as ErrorsModule from '../../lib/errors.js'"), then call "const
actual = await orig()" (no generic) and cast it like "actual as unknown as
typeof ErrorsModule" before spreading and replacing handleError in the vi.mock
callback; keep references to vi.mock, orig, and handleError as in the diff.

In `@src/lib/config-capabilities.ts`:
- Around line 39-43: Replace the loose inequality in the predicate check: change
the `raw?.auth != null` usage to a strict check so ESLint's eqeqeq rule is
satisfied; update the condition at the start of the boolean return (the
`raw?.auth != null` expression) to use `!==` (or explicitly check both `!==
undefined` and `!== null`) while keeping the rest of the checks (`typeof
raw.auth === 'object'` and `'allowedRedirectUrls' in raw.auth`) unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: d25398f8-4638-4972-a0a6-ad7056325a1e

📥 Commits

Reviewing files that changed from the base of the PR and between af577bf and 6570301.

📒 Files selected for processing (8)

• src/commands/config/apply.test.ts
• src/commands/config/apply.ts
• src/commands/config/export.test.ts
• src/commands/config/export.ts
• src/commands/config/plan.test.ts
• src/commands/config/plan.ts
• src/lib/config-capabilities.test.ts
• src/lib/config-capabilities.ts

[coderabbitai]

🧹 Nitpick comments (2)

src/commands/config/apply.test.ts (1)

76-79: ⚡ Quick win

Move temp directory cleanup to afterEach to avoid leaks on test failure.

rmSync at the bottom of each it block is never reached when an assertion throws, leaving temp dirs behind in CI. Moving cleanup to afterEach is idiomatic and guarantees cleanup regardless of test outcome.

♻️ Proposed refactor

+afterEach(() => {
+  if (tmp) rmSync(tmp, { recursive: true, force: true });
+});
+
 beforeEach(() => {
   vi.clearAllMocks();
   tmp = mkdtempSync(join(tmpdir(), 'insforge-apply-test-'));
 });

Then remove the three inline rmSync(tmp, { recursive: true, force: true }) calls from the end of each it block (lines 113, 144, 166).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/commands/config/apply.test.ts` around lines 76 - 79, The tests create a
temp directory in beforeEach via tmp = mkdtempSync(join(tmpdir(),
'insforge-apply-test-')), but cleanup is done with inline rmSync calls inside
individual it blocks which are skipped when a test throws; move the recursive
rmSync(tmp, { recursive: true, force: true }) call into an afterEach block to
guarantee deletion, keep the mkdtempSync creation in beforeEach, and remove the
three inline rmSync(...) invocations at the end of the individual it tests so
cleanup is centralized and always executed.

src/commands/config/export.test.ts (1)

68-71: ⚡ Quick win

Same afterEach cleanup gap as in apply.test.ts.

rmSync at lines 98 and 121 is unreachable when an assertion fails, leaving temp dirs in CI.

♻️ Proposed refactor

+afterEach(() => {
+  if (tmp) rmSync(tmp, { recursive: true, force: true });
+});
+
 beforeEach(() => {
   vi.clearAllMocks();
   tmp = mkdtempSync(join(tmpdir(), 'insforge-export-test-'));
 });

Then remove the inline rmSync calls from the end of each it block (lines 98 and 121).

🤖 Prompt for AI Agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In `@src/commands/config/export.test.ts` around lines 68 - 71, The tests create a
temp dir in beforeEach via mkdtempSync assigned to tmp but currently clean it up
with inline rmSync calls at the end of individual it blocks (e.g., the rmSync
calls referenced in the review), which are skipped on assertion failures; add a
shared afterEach that safely removes tmp (use fs.rmSync or fs.rmdirSync with
recursive:true or check fs.existsSync before removing and wrap in try/catch) to
guarantee cleanup, and then remove the inline rmSync calls from the it blocks;
reference the beforeEach/tmp initialization and update the test file’s afterEach
cleanup to always run.

🤖 Prompt for all review comments with AI agents

Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Nitpick comments:
In `@src/commands/config/apply.test.ts`:
- Around line 76-79: The tests create a temp directory in beforeEach via tmp =
mkdtempSync(join(tmpdir(), 'insforge-apply-test-')), but cleanup is done with
inline rmSync calls inside individual it blocks which are skipped when a test
throws; move the recursive rmSync(tmp, { recursive: true, force: true }) call
into an afterEach block to guarantee deletion, keep the mkdtempSync creation in
beforeEach, and remove the three inline rmSync(...) invocations at the end of
the individual it tests so cleanup is centralized and always executed.

In `@src/commands/config/export.test.ts`:
- Around line 68-71: The tests create a temp dir in beforeEach via mkdtempSync
assigned to tmp but currently clean it up with inline rmSync calls at the end of
individual it blocks (e.g., the rmSync calls referenced in the review), which
are skipped on assertion failures; add a shared afterEach that safely removes
tmp (use fs.rmSync or fs.rmdirSync with recursive:true or check fs.existsSync
before removing and wrap in try/catch) to guarantee cleanup, and then remove the
inline rmSync calls from the it blocks; reference the beforeEach/tmp
initialization and update the test file’s afterEach cleanup to always run.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a6babb16-be41-4e63-bf77-02999c5472f3

📥 Commits

Reviewing files that changed from the base of the PR and between 6570301 and d8d34a6.

📒 Files selected for processing (5)

• src/commands/config/apply.test.ts
• src/commands/config/export.test.ts
• src/commands/config/plan.test.ts
• src/lib/config-capabilities.ts
• src/lib/config-toml.ts

✅ Files skipped from review due to trivial changes (2)

• src/lib/config-toml.ts
• src/commands/config/plan.test.ts