feat: initial release of DeepL CLI (1.0.0)

Command-line interface for the DeepL API: translation, writing
enhancement, voice translation, glossary management, and developer
workflow automation.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: sjsyrek

.github/dependabot.yml

@@ -0,0 +1,15 @@
+version: 2
+
+updates:
+  - package-ecosystem: npm
+    directory: /
+    schedule:
+      interval: weekly
+    target-branch: main
+    open-pull-requests-limit: 10
+
+  - package-ecosystem: github-actions
+    directory: /
+    schedule:
+      interval: weekly
+    target-branch: main

.github/workflows/ci.yml

@@ -0,0 +1,32 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  test:
+    name: Node ${{ matrix.node-version }}
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        node-version: [20, 22]
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: ${{ matrix.node-version }}
+          cache: npm
+
+      - run: npm ci
+      - run: npm run lint
+      - run: npm run type-check
+      - run: npm run build
+      - name: Link CLI for E2E tests
+        run: npm link
+      - run: npm test

.github/workflows/release.yml

@@ -0,0 +1,32 @@
+name: Publish to npm
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+jobs:
+  publish:
+    # Disabled until npm publish permission is granted.
+    # To enable: remove the `if: false` line and add an NPM_TOKEN secret.
+    if: false
+    runs-on: ubuntu-latest
+
+    permissions:
+      contents: read
+      id-token: write
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          registry-url: https://registry.npmjs.org
+          cache: npm
+
+      - run: npm ci
+      - run: npm run build
+      - run: npm publish --provenance --access public
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

.github/workflows/security.yml

@@ -0,0 +1,27 @@
+name: Security Audit
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+  schedule:
+    - cron: '0 2 * * *'
+
+jobs:
+  security:
+    name: npm audit
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: actions/setup-node@v6
+        with:
+          node-version: '20'
+          cache: npm
+
+      - run: npm ci
+
+      - name: Run npm audit (production only)
+        run: npm audit --audit-level=moderate --omit=dev

.gitignore

@@ -0,0 +1,73 @@
+# Dependencies
+node_modules/
+.npm
+
+# Build outputs
+dist/
+build/
+lib/
+*.tsbuildinfo
+
+# Testing
+coverage/
+.nyc_output/
+
+# Environment variables
+.env
+.env.*
+
+# Secrets and credentials
+*.pem
+*.key
+*.p12
+*.pfx
+*.cert
+*.crt
+credentials.json
+
+# IDEs and editors
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS files
+.DS_Store
+Thumbs.db
+Desktop.ini
+
+# Debug logs
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+pnpm-debug.log*
+
+# Runtime data
+*.pid
+*.seed
+*.pid.lock
+
+# Logs
+logs/
+*.log
+
+# Cache and temporary files
+.cache/
+.temp/
+.tmp/
+*.tmp
+.eslintcache
+
+# DeepL CLI specific
+.deepl-cli/
+*.db
+*.db-journal
+*.db-wal
+*.db-shm
+
+# Claude Code local settings
+.claude/settings.local.json
+
+# Beads issue tracking (local)
+.beads/

.npmignore

@@ -0,0 +1,20 @@
+# Build artifacts
+dist/*.tsbuildinfo
+dist/**/*.tsbuildinfo
+
+# Source maps
+dist/**/*.js.map
+dist/**/*.d.ts.map
+
+# Development files
+tsconfig.json
+.eslintrc*
+eslint.config.*
+.prettierrc*
+jest.config.*
+.github/
+tests/
+examples/
+docs/
+src/
+.beads/

.nvmrc

@@ -0,0 +1 @@
+20

.prettierignore

@@ -0,0 +1,5 @@
+node_modules
+dist
+coverage
+*.log
+.DS_Store

.prettierrc

@@ -0,0 +1,12 @@
+{
+  "semi": true,
+  "trailingComma": "es5",
+  "singleQuote": true,
+  "printWidth": 80,
+  "tabWidth": 2,
+  "useTabs": false,
+  "arrowParens": "always",
+  "endOfLine": "lf",
+  "bracketSpacing": true,
+  "quoteProps": "as-needed"
+}

CHANGELOG.md

@@ -0,0 +1,48 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.0] - 2026-02-17
+
+### Added
+- Text translation via DeepL's next-generation LLM (`deepl translate`)
+- Document translation for PDF, DOCX, PPTX, XLSX, HTML, SRT, XLIFF, and images with formatting preservation
+- Structured file translation for JSON and YAML i18n locale files (keys, nesting, comments preserved)
+- Writing enhancement with grammar, style, and tone suggestions (`deepl write`) via the DeepL Write API
+- Real-time speech translation via WebSocket streaming (`deepl voice`) with automatic reconnection
+- Watch mode for real-time file monitoring with auto-translation (`deepl watch`)
+- Batch directory translation with parallel processing, glob filtering, and concurrency control
+- Glossary management with full v3 API support including multilingual glossaries (`deepl glossary`)
+- Language detection (`deepl detect`)
+- Git hooks for pre-commit, pre-push, commit-msg, and post-commit translation workflows (`deepl hooks`)
+- Interactive setup wizard (`deepl init`)
+- Admin API for key management and organization usage analytics (`deepl admin`)
+- Shell completion for bash, zsh, and fish (`deepl completion`)
+- SQLite-based translation cache with LRU eviction and configurable TTL
+- Custom translation instructions (`--custom-instruction`) and style rules (`--style-id`)
+- XDG Base Directory Specification support with legacy path migration
+- JSON output format (`--format json`) across all commands for CI/CD scripting
+- Table output format (`--format table`) for structured comparison views
+- Semantic exit codes (0–9) for CI/CD integration and scripted error handling
+- HTTP/HTTPS proxy support via standard environment variables
+- Automatic retry with exponential backoff and `Retry-After` header support
+- Dry-run mode (`--dry-run`) for previewing destructive and batch operations
+- Cost transparency with `--show-billed-characters` flag
+- Multi-target translation to multiple languages in a single command
+- Context-aware translation (`--context`) for disambiguation
+- Model type selection (`--model-type`) for quality vs. latency trade-offs
+- Advanced XML/HTML tag handling with splitting, non-splitting, and ignore tags
+
+### Security
+- HTTPS enforcement for all API communication (localhost exempted for testing)
+- Symlink rejection on all file-reading paths to prevent directory traversal
+- API key masking in logs, config output, and error messages
+- Config file permissions restricted to owner read/write (0o600)
+- Path traversal defense for batch output patterns
+- Atomic writes for translated output and config files to prevent corruption
+
+### Changed
+- Requires Node.js >= 20