Add Grid CLI core infrastructure

[jklein24]

• Add CLI package with TypeScript configuration
• Add config module for credential loading (~/.grid-credentials or env vars)
• Add HTTP client with Basic Auth support
• Add JSON output formatting utilities
• Add minimal CLI entry point with Commander.js setup
• Update project .gitignore, Makefile, and package.json with CLI targets

[jklein24]

• Add Grid API Claude skill #136
• Add Grid CLI commands #135
• Add Grid CLI core infrastructure #134 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[greptile-apps]

Greptile Overview

Greptile Summary

This PR adds a new cli/ TypeScript package (grid-cli) with a minimal Commander.js entrypoint, a config module for loading credentials from env or ~/.grid-credentials, a fetch-based HTTP client using Basic Auth, and JSON output helpers. It also wires up root-level Makefile and npm scripts for installing/building/running the CLI, and updates .gitignore for local credential/build artifacts.

Key issues to address are around request URL construction (base URL + relative path) and ensuring credential file permissions are actually tightened when overwriting existing files.

Confidence Score: 3/5

• This PR is mergeable but has a couple of correctness/security-footgun issues to fix first.
• Most changes are straightforward scaffolding, but URL joining semantics in the client can easily send requests to the wrong endpoint depending on how paths are passed, and credential file permissions may not be tightened on overwrite as intended. Prior-thread items (DOM lib for fetch types, JSON.parse error handling) should also land to avoid runtime/TS issues.
• cli/src/client.ts, cli/src/config.ts, cli/src/index.ts

Important Files Changed

Filename	Overview
.gitignore	Adds ignores for CLI credentials and cli/dist output.
Makefile	Adds make targets for installing/building/running the new CLI; fixes missing newline.
cli/package.json	Introduces standalone CLI package with commander, TypeScript build, and Node>=18 engine.
cli/src/client.ts	Adds fetch-based HTTP client with Basic Auth; watch out for URL joining semantics if baseUrl lacks trailing slash.
cli/src/config.ts	Adds config loading from env or JSON file and saves credentials; consider ensuring credential file permissions are tightened on overwrite.
cli/src/index.ts	Adds commander program entrypoint and exports helpers; parsing on import can cause side effects for consumers.
cli/src/output.ts	Adds JSON output formatting helpers and exit code handling on error responses.
cli/tsconfig.json	Adds TS config for CLI build output; may need DOM lib for fetch types (already noted in prior thread).
package.json	Adds root npm scripts to install/build/run the CLI package.

Sequence Diagram

sequenceDiagram
  participant User as User
  participant CLI as grid CLI (commander)
  participant Config as config.ts
  participant FS as ~/.grid-credentials (fs)
  participant Env as process.env
  participant Client as GridClient
  participant API as Grid API

  User->>CLI: run `grid ...` (options)
  CLI->>Config: loadConfig({configPath, baseUrl})
  alt configPath provided
    Config->>FS: readFileSync(configPath)
    FS-->>Config: JSON string
    Config-->>CLI: GridConfig
  else no configPath
    Config->>Env: read GRID_* vars
    Config->>FS: readFileSync(~/.grid-credentials) if exists
    FS-->>Config: JSON string
    Config-->>CLI: GridConfig
  end

  CLI->>Client: new GridClient(config)
  CLI->>Client: request(method, path, {params, body})
  Client->>API: fetch(url, headers: Basic Auth)
  API-->>Client: JSON or text response
  Client-->>CLI: ApiResponse{success,data|error}
  CLI-->>User: output JSON (output.ts)
  opt error
    CLI-->>User: sets process.exitCode = 1
  end

Loading

[greptile-apps]

_{3 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[jklein24]

Greptile Review Response

Comment 1 (cli/src/config.ts:22) - JSON.parse for credentials

Applied. Added try-catch around JSON.parse with a clear error message for malformed credentials files.

Comment 2 (cli/src/config.ts:38) - JSON.parse for config

Applied. Added try-catch around JSON.parse with a clear error message for malformed config files.

Comment 3 (cli/src/config.ts:69) - JSON.parse for save credentials

Applied. Added try-catch that starts fresh with an empty object if the existing credentials file is malformed.

Comment 4 (cli/tsconfig.json:5) - Add DOM to lib

Not applicable. Node.js 18+ has native fetch and @types/node already provides the type definitions. Adding DOM lib would introduce browser-specific types (window, document, etc.) that don't exist in Node.

Comment 5 (cli/package.json:25) - Add engines field

Applied. Added engines field specifying Node.js >=18.0.0 to document the native fetch requirement.

---

Review response generated using /pr-review-respond Claude command.

[greptile-apps]

_{9 files reviewed, 3 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

new URL(path, this.config.baseUrl) will drop the last path segment of baseUrl when baseUrl doesn’t end with / and path is relative (e.g., baseUrl https://api.lightspark.com/grid/2025-10-13 + path customers becomes https://api.lightspark.com/grid/customers). This will cause requests to hit the wrong endpoint unless callers always pass an absolute /... path or baseUrl always includes a trailing slash.

Also affects request() calls via buildUrl().

Consider normalizing baseUrl to include a trailing / (or always prefix path with /) before constructing the URL.

Context Used: Context from dashboard - CLAUDE.md (source)

Prompt To Fix With AI

This is a comment left during a code review.
Path: cli/src/client.ts
Line: 37:37

Comment:
`new URL(path, this.config.baseUrl)` will drop the last path segment of `baseUrl` when `baseUrl` doesn’t end with `/` and `path` is relative (e.g., baseUrl `https://api.lightspark.com/grid/2025-10-13` + path `customers` becomes `https://api.lightspark.com/grid/customers`). This will cause requests to hit the wrong endpoint unless callers always pass an absolute `/...` path or `baseUrl` always includes a trailing slash.

Also affects `request()` calls via `buildUrl()`.

Consider normalizing `baseUrl` to include a trailing `/` (or always prefix `path` with `/`) before constructing the URL.

**Context Used:** Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=21abe025-35ab-4ae8-a4a1-0071c2ac3b98))

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

fs.writeFileSync(..., { mode: 0o600 }) only reliably sets permissions on file creation; if the file already exists with broader permissions, Node won’t necessarily tighten them. This can leave credentials readable by other users depending on the prior mode.

If you want to guarantee 0600, you likely need to chmod after writing when the file already exists.

Context Used: Context from dashboard - CLAUDE.md (source)

Prompt To Fix With AI

This is a comment left during a code review.
Path: cli/src/config.ts
Line: 85:87

Comment:
`fs.writeFileSync(..., { mode: 0o600 })` only reliably sets permissions on file creation; if the file already exists with broader permissions, Node won’t necessarily tighten them. This can leave credentials readable by other users depending on the prior mode.

If you want to guarantee `0600`, you likely need to `chmod` after writing when the file already exists.

**Context Used:** Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=21abe025-35ab-4ae8-a4a1-0071c2ac3b98))

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

program.parse(process.argv) runs on import, which makes this module hard to use as a library (and can surprise tests/other code that imports program or GridClient). This is especially relevant since you also export { program, getClient, ... }.

If you intend index.ts to be both the CLI entrypoint and an importable module, consider moving program.parse(...) behind a require.main === module / import.meta guard or into a separate bin entry file.

Context Used: Context from dashboard - CLAUDE.md (source)

Prompt To Fix With AI

This is a comment left during a code review.
Path: cli/src/index.ts
Line: 40:42

Comment:
`program.parse(process.argv)` runs on import, which makes this module hard to use as a library (and can surprise tests/other code that imports `program` or `GridClient`). This is especially relevant since you also `export { program, getClient, ... }`.

If you intend `index.ts` to be both the CLI entrypoint and an importable module, consider moving `program.parse(...)` behind a `require.main === module` / `import.meta` guard or into a separate `bin` entry file.

**Context Used:** Context from `dashboard` - CLAUDE.md ([source](https://app.greptile.com/review/custom-context?memory=21abe025-35ab-4ae8-a4a1-0071c2ac3b98))

How can I resolve this? If you propose a fix, please make it concise.