feat: initial @launchdarkly/setup quickstart wizard

[dakotasanchez]

Summary

Implements npx @launchdarkly/setup — a terminal-native wizard that connects any project to LaunchDarkly in a single command, without leaving the terminal.

• Detects framework/stack from filesystem fingerprints (React, Next.js, Node.js, Python, Go, Java)
• Authenticates via LD_API_TOKEN env var, saved credentials, or interactive prompt
• Guides the user through project/environment selection (or creation), SDK install, code injection with diff preview, flag creation, and live SDK connection verification
• Uses a local claude CLI (if available) to suggest how to run the app during connection verification

What's included

Core

• src/index.ts — wizard orchestrator (7-step flow)
• src/api.ts — LDApiClient wrapping native fetch (projects, environments, flags, SDK-active polling)
• src/detect.ts — filesystem-based framework detection
• src/sdks.ts — SDK definitions with install commands and init/eval code snippets for 6 frameworks
• src/credentials.ts — token persistence at ~/.config/launchdarkly/credentials.json

Steps

• src/steps/authenticate.ts — API token auth with retry on failure
• src/steps/select-project.ts — project + environment selection/creation
• src/steps/install-sdk.ts — package install via execa
• src/steps/inject-sdk.ts — code injection into entry point with colored diff preview
• src/steps/create-flag.ts — boolean flag creation
• src/steps/detect-run-cmd.ts — LLM-assisted run command detection
• src/steps/verify-connection.ts — polls /internal/usage/sdk-active every 3s (2 min timeout)

Tooling

• 75 unit tests across 4 test files (vitest)
• ESLint (typescript-eslint) + Prettier configured
• Full README with flow diagram, supported stacks, dev commands, publishing instructions, and catalogued TODOs

Test plan

• npm run typecheck — zero type errors
• npm run lint — zero errors/warnings
• npm run format:check — all files formatted
• npm test — 75/75 tests pass
• npm run dev — wizard launches and walks through interactive flow

[ari-launchdarkly]

Kids are awake, I'll keep reviewing when I'm back online

[ari-launchdarkly]

This is pretty brittle. We have a js client that would fit for package.json client apps, whereas the node-server-sdk would fit for server ones. (We also have a node-client-sdk but i've yet to see a use case for that one)

[ari-launchdarkly]

We should flesh this out to include our top-10 SDKs

[ari-launchdarkly]

We can use the /api/v2/projects/{projectKey}/environments/{environmentKey}/sdk-active since that's a public-facing endpoint we should be able to hit. It should handle auth correctly and isn't internal. It was ported over so that the CLI and MCP could make direct requests. The sdk_name cna help us scope it down to the specific SDK

Added `GET /api/v2/projects/{projectKey}/environments/{environmentKey}/sdk-active` (Account usage beta) endpoint. It returns whether LaunchDarkly has recorded an SDK diagnostic initialization event for the environment. Optional query parameters `sdk_name` and `sdk_wrapper_name` apply when time-bounded diagnostic queries are enabled for the account.

Suggested change

	- [ ] **Verify `/internal/usage/sdk-active` endpoint** — the SDK connection polling step uses this internal LD endpoint. Confirm the exact path, query parameters, and auth requirements with the LD API team before release. It may need to be replaced with a public endpoint or a different detection strategy.
	- [ ] **Verify `/api/v2/projects/{projectKey}/environments/{environmentKey}/sdk-active`** — the SDK connection polling step uses this internal LD endpoint. Confirm the exact path, query parameters, and auth requirements with the LD API team before release. It may need to be replaced with a public endpoint or a different detection strategy.

[ari-launchdarkly]

Didn't we get the terraform PR to create the repo?

[ari-launchdarkly]

The marketing site might be a good place to set it too

[ari-launchdarkly]

Slight difference, but would we want to have the user append the LD_API_TOKEN to the command as an environment variable? So something like:

```npx @launchdarkly/setup LD_API_TOKEN=api-....`

[ari-launchdarkly]

We might want to point them directly to the creation flow:

Suggested change

	`Create one at: ${chalk.cyan('https://app.launchdarkly.com/settings/authorization')}`,
	`Create one at: ${chalk.cyan('https://app.launchdarkly.com/settings/authorization/tokens/new')}`,

But just thinking out loud, I'm not sure if our federal or EU instance is the same URL?

[ari-launchdarkly]

I'm curious what the advantage of this is from a user perspective? Given that these access tokens can be used for many things, I'd be concerned that this could create a security vulnerability (or provide agents with an avenue to perform actions without proper guardrails)

[ari-launchdarkly]

This is for most cases, but not for EU or federal

[ari-launchdarkly]

Random question - it seems like we're recreating a trimmed down version of the LDCLI, i wonder if we can just utilize that under the hood and use the api-token as the basis for authenticating the LDCLI?