✨ Require --public-link flag for private project previews

Private projects now require the --public-link flag when uploading
previews. This ensures users explicitly acknowledge that preview URLs
grant access to anyone with the link (until expiration).

Without the flag, private project previews will fail with a clear
error message explaining the access model and how to proceed.

Author: Robdel12

src/cli.js

@@ -582,6 +582,10 @@ program
   .option('--base <path>', 'Override auto-detected base path')
   .option('--open', 'Open preview URL in browser after upload')
   .option('--dry-run', 'Show what would be uploaded without uploading')
+  .option(
+    '--public-link',
+    'Acknowledge that preview URL grants access to anyone with the link (required for private projects)'
+  )
   .option(
     '-x, --exclude <pattern>',
     'Exclude files/dirs (repeatable, e.g. -x "*.log" -x "temp/")',

src/commands/preview.js

@@ -14,6 +14,7 @@ import { join, resolve } from 'node:path';
 import { promisify } from 'node:util';
 import {
   createApiClient as defaultCreateApiClient,
+  getBuild as defaultGetBuild,
   uploadPreviewZip as defaultUploadPreviewZip,
 } from '../api/index.js';
 import { openBrowser as defaultOpenBrowser } from '../utils/browser.js';
@@ -336,6 +337,7 @@ export async function previewCommand(
   let {
     loadConfig = defaultLoadConfig,
     createApiClient = defaultCreateApiClient,
+    getBuild = defaultGetBuild,
     uploadPreviewZip = defaultUploadPreviewZip,
     readSession = defaultReadSession,
     formatSessionAge = defaultFormatSessionAge,
@@ -436,6 +438,35 @@ export async function previewCommand(
       return { success: false, reason: 'no-build' };
     }
 
+    // Check project visibility for private projects (skip for dry-run)
+    if (!options.dryRun) {
+      let client = createApiClient({
+        baseUrl: config.apiUrl,
+        token: config.apiKey,
+        command: 'preview',
+      });
+
+      let build = await getBuild(client, buildId);
+
+      // Check if project is private and user hasn't acknowledged public link access
+      if (build.project && !build.project.isPublic && !options.publicLink) {
+        output.error('This project is private.');
+        output.blank();
+        output.print(
+          '  Preview URLs grant access to anyone with the link (until expiration).'
+        );
+        output.blank();
+        output.print('  To proceed, acknowledge this by using:');
+        output.blank();
+        output.print('    vizzly preview ./dist --public-link');
+        output.blank();
+        output.print('  Or set your project to public in Vizzly settings.');
+        output.blank();
+        exit(1);
+        return { success: false, reason: 'private-project-no-flag' };
+      }
+    }
+
     // Check for zip command availability (skip for dry-run)
     if (!options.dryRun) {
       let zipInfo = getZipCommand();