# Core Bootstrap

Device verification package for authorized developers.

## How It Works

1. Reads your developer ID from `developer-allowlist.json`
2. Gets your device MAC address
3. Sends both to verification API
4. Returns whether you're authorized to work on the project

## Installation

```bash
npm install @anisrh/core-bootstrap
```

## Setup for Developers

### Step 1: Get Your MAC Address

First, get your device MAC address:

```bash
npx @anisrh/device-fingerprint
```

Send this MAC address to your team lead.

### Step 2: Receive Allowlist File

Your team lead will give you a `developer-allowlist.json` file containing your developer ID.

### Step 3: Store the Allowlist File

Create the directory and save the file:

**Windows:**
```bash
mkdir %USERPROFILE%\.dev-allowlist
```

**Mac/Linux:**
```bash
mkdir -p ~/.dev-allowlist
```

Then save `developer-allowlist.json` in this folder.

### Step 4: Set API URL

Set the verification API URL as an environment variable:

**Windows (PowerShell):**
```powershell
$env:DEV_VERIFY_API_URL="https://your-api.com/verify-device"
```

**Mac/Linux:**
```bash
export DEV_VERIFY_API_URL="https://your-api.com/verify-device"
```

Or add it to your project's `.env` file.

### Step 5: Run Verification

```bash
npx @anisrh/core-bootstrap
```

## Usage in Your Project

Add to your project's startup script:

```javascript
const { bootstrap } = require('@anisrh/core-bootstrap');

async function startApp() {
  const result = await bootstrap({
    allowlistPath: require('path').join(require('os').homedir(), '.dev-allowlist', 'developer-allowlist.json'),
    apiUrl: process.env.DEV_VERIFY_API_URL
  });

  if (!result.allowed) {
    console.error('Device not authorized!');
    process.exit(1);
  }

  // Continue with your app...
}

startApp();
```

## CLI Options

```bash
# Use default paths
core-bootstrap

# Custom allowlist path
core-bootstrap --allowlist /path/to/developer-allowlist.json

# Custom API URL
core-bootstrap --api https://your-api.com/verify

# Show help
core-bootstrap --help
```

## API Response Format

Your verification API should accept POST requests with:

```json
{
  "developerId": "dev-12345",
  "deviceFingerprint": "AA:BB:CC:DD:EE:FF"
}
```

And respond with:

```json
{
  "allowed": true,
  "message": "Device authorized"
}
```

Or:

```json
{
  "allowed": false,
  "message": "Device not authorized"
}
```