@01.software/cli 0.6.0 → 0.7.1

package/dist/index.js

@@ -9,7 +9,6 @@ import {
   CollectionClient,
   ServerCommerceClient
 } from "@01.software/sdk";
-import pc from "picocolors";
 
 // src/lib/credentials.ts
 import {
@@ -93,7 +92,7 @@ function loadTenantList() {
     const data = JSON.parse(raw);
     if (!Array.isArray(data)) return null;
     const valid = data.filter(
-      (t) => typeof t?.id === "string" && typeof t?.name === "string"
+      (t2) => typeof t2?.id === "string" && typeof t2?.name === "string"
     );
     return valid.length > 0 ? valid : null;
   } catch {
@@ -126,77 +125,209 @@ ${entry}
   }
 }
 
-// src/lib/client.ts
-function isValidBearerToken(secret) {
-  return secret.startsWith("sk01_") || secret.startsWith("pat01_");
+// src/lib/output.ts
+import pc from "picocolors";
+
+// src/lib/api-error.ts
+var PERMISSION_CODES = [
+  "tenant_mismatch",
+  "account_suspended",
+  "feature_disabled",
+  "role_denied",
+  "credential_invalid",
+  "pat_tenant_unpinned",
+  "publishable_key_mismatch",
+  "scope_denied"
+];
+var DEGRADED_CODES = [
+  "redis_unavailable",
+  "provider_unavailable",
+  "rate_limited"
+];
+var NETWORK_CODES = [
+  "upstream_timeout",
+  "upstream_5xx",
+  "dns_failure"
+];
+function isPermissionCode(code) {
+  return PERMISSION_CODES.includes(code);
 }
-var tenantHeaderInterceptorInstalled = false;
-function installTenantHeaderInterceptor(tenantId) {
-  if (tenantHeaderInterceptorInstalled) return;
-  tenantHeaderInterceptorInstalled = true;
-  const originalFetch = globalThis.fetch.bind(globalThis);
-  globalThis.fetch = async (input, init) => {
-    const headers = new Headers(init?.headers);
-    if (!headers.has("X-Tenant-Id")) headers.set("X-Tenant-Id", tenantId);
-    return originalFetch(input, { ...init, headers });
-  };
+function isDegradedCode(code) {
+  return DEGRADED_CODES.includes(code);
 }
-function resolveClient(apiKeyFlag) {
-  let publishableKey = process.env.SOFTWARE_PUBLISHABLE_KEY;
-  let secretKey = apiKeyFlag ?? process.env.SOFTWARE_SECRET_KEY;
-  let tenantId;
-  if (!publishableKey || !secretKey) {
-    const local = loadLocalCredentials();
-    if (local) {
-      publishableKey = publishableKey ?? local.publishableKey;
-      secretKey = secretKey ?? local.secretKey;
-      tenantId = local.tenantId;
+function isNetworkCode(code) {
+  return NETWORK_CODES.includes(code);
+}
+function classifyError(err) {
+  if (err && typeof err === "object") {
+    const obj = err;
+    if (typeof obj.code === "string") {
+      const code = obj.code;
+      if (isPermissionCode(code)) {
+        return { type: "permission", code };
+      }
+      if (isDegradedCode(code)) {
+        const out = { type: "degraded", code };
+        if (typeof obj.retryAfter === "number") {
+          out.retryAfter = obj.retryAfter;
+        }
+        return out;
+      }
+      if (isNetworkCode(code)) {
+        return { type: "network", code };
+      }
     }
-  }
-  if (!publishableKey || !secretKey) {
-    const stored = loadCredentials();
-    if (stored) {
-      publishableKey = publishableKey ?? stored.publishableKey;
-      secretKey = secretKey ?? stored.secretKey;
-      tenantId = tenantId ?? stored.tenantId;
+    if (obj.type === "validation" && typeof obj.code === "string") {
+      const out = { type: "validation", code: obj.code };
+      if (typeof obj.field === "string") out.field = obj.field;
+      if (obj.detail && typeof obj.detail === "object") {
+        out.detail = obj.detail;
+      }
+      return out;
+    }
+    const name = typeof obj.name === "string" ? obj.name : void 0;
+    const status = typeof obj.status === "number" ? obj.status : void 0;
+    if (name === "ConfigError" || status === 401) {
+      return { type: "permission", code: "credential_invalid" };
+    }
+    if (name === "NetworkError" || name === "TimeoutError" || status === 408 || status === 503) {
+      return { type: "network", code: "upstream_timeout" };
+    }
+    if (name === "GoneError" || status === 404) {
+      return {
+        type: "validation",
+        code: "not_found",
+        detail: typeof obj.message === "string" ? { message: obj.message } : void 0
+      };
+    }
+    if (name === "UsageLimitError" || status === 429) {
+      const out = { type: "degraded", code: "rate_limited" };
+      if (typeof obj.retryAfter === "number") out.retryAfter = obj.retryAfter;
+      return out;
+    }
+    if (name === "ValidationError" || status === 400 || status === 422) {
+      return {
+        type: "validation",
+        code: "invalid_argument",
+        detail: typeof obj.message === "string" ? { message: obj.message } : void 0
+      };
     }
   }
-  if (!publishableKey || !secretKey) {
-    console.error(pc.red("Authentication required."));
-    console.error(
-      pc.dim(
-        'Run "01 login" to authenticate via browser,\nor pass --api-key <token>,\nor set SOFTWARE_PUBLISHABLE_KEY and SOFTWARE_SECRET_KEY environment variables.'
-      )
-    );
-    process.exit(2);
-  }
-  if (!isValidBearerToken(secretKey)) {
-    console.error(
-      pc.red(
-        "Invalid API key format. Expected sk01_ or pat01_ token.\nLegacy hex credentials are no longer accepted \u2014 run `01 login` to re-authenticate."
-      )
-    );
-    process.exit(2);
-  }
-  if (tenantId) installTenantHeaderInterceptor(tenantId);
-  const serverOptions = { publishableKey, secretKey, tenantId };
   return {
-    collections: new CollectionClient(publishableKey, secretKey),
-    commerce: new ServerCommerceClient(serverOptions),
-    publishableKey,
-    secretKey
+    type: "validation",
+    code: "unknown",
+    detail: { message: err instanceof Error ? err.message : String(err) }
   };
 }
+function adminErrorExitCode(err) {
+  if (err.code === "unknown") return 1;
+  switch (err.type) {
+    case "permission":
+      return 2;
+    case "validation":
+      return err.code === "not_found" ? 5 : 3;
+    case "network":
+      return 4;
+    case "degraded":
+      return err.code === "rate_limited" ? 6 : 4;
+  }
+}
+
+// src/lib/i18n.ts
+var CLI_I18N_KO = {
+  // CLI-surface microcopy
+  AuthenticationRequired: "\uC778\uC99D\uC774 \uD544\uC694\uD569\uB2C8\uB2E4",
+  RunLoginToAuthenticate: "`01 login` \uBA85\uB839\uC73C\uB85C \uBE0C\uB77C\uC6B0\uC800 \uC778\uC99D\uC744 \uC9C4\uD589\uD558\uAC70\uB098,",
+  PassApiKey: "`--api-key <token>` \uC635\uC158\uC744 \uC804\uB2EC\uD558\uAC70\uB098,",
+  SetEnvVars: "`SOFTWARE_PUBLISHABLE_KEY` / `SOFTWARE_SECRET_KEY` \uD658\uACBD \uBCC0\uC218\uB97C \uC124\uC815\uD558\uC138\uC694.",
+  InvalidApiKeyFormat: "API \uD0A4 \uD615\uC2DD\uC774 \uC62C\uBC14\uB974\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4. `sk01_` \uB610\uB294 `pat01_` \uD1A0\uD070\uC774 \uD544\uC694\uD569\uB2C8\uB2E4.",
+  LegacyHexCredentialsRejected: "\uB808\uAC70\uC2DC hex \uC790\uACA9 \uC99D\uBA85\uC740 \uB354 \uC774\uC0C1 \uD5C8\uC6A9\uB418\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4 \u2014 `01 login`\uC73C\uB85C \uB2E4\uC2DC \uC778\uC99D\uD558\uC138\uC694.",
+  InvalidJsonObject: "`--{{label}}` \uC778\uC790\uB294 JSON \uAC1D\uCCB4\uC5EC\uC57C \uD569\uB2C8\uB2E4.",
+  InvalidJsonArray: "`--{{label}}` \uC778\uC790\uB294 JSON \uBC30\uC5F4\uC774\uC5B4\uC57C \uD569\uB2C8\uB2E4.",
+  InvalidJsonValue: "`--{{label}}` \uC778\uC790\uC758 JSON \uD615\uC2DD\uC774 \uC62C\uBC14\uB974\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4: {{value}}",
+  Empty: "(\uC5C6\uC74C)",
+  Total: "\uCD1D {{n}}\uAC1C",
+  PageOf: "{{page}} / {{total}} \uD398\uC774\uC9C0",
+  // AdminError code translations (mirrors apps/console admin.ts).
+  tenant_mismatch: "\uAD8C\uD55C\uC774 \uC5C6\uB294 \uD14C\uB10C\uD2B8",
+  account_suspended: "\uACC4\uC815\uC774 \uC815\uC9C0\uB418\uC5C8\uC2B5\uB2C8\uB2E4",
+  feature_disabled: "\uC774 \uAE30\uB2A5\uC774 \uBE44\uD65C\uC131\uD654\uB418\uC5C8\uC2B5\uB2C8\uB2E4",
+  role_denied: "\uAD8C\uD55C\uC774 \uBD80\uC871\uD569\uB2C8\uB2E4",
+  credential_invalid: "\uC790\uACA9 \uC99D\uBA85\uC774 \uC720\uD6A8\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4",
+  pat_tenant_unpinned: "PAT \uD1A0\uD070\uC758 \uD14C\uB10C\uD2B8\uAC00 \uACE0\uC815\uB418\uC9C0 \uC54A\uC558\uC2B5\uB2C8\uB2E4",
+  publishable_key_mismatch: "\uACF5\uAC1C \uD0A4\uAC00 \uC77C\uCE58\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4",
+  scope_denied: "\uBC94\uC704 \uAD8C\uD55C\uC774 \uC5C6\uC2B5\uB2C8\uB2E4",
+  redis_unavailable: "\uCE90\uC2DC\uAC00 \uC77C\uC2DC\uC801\uC73C\uB85C \uC0AC\uC6A9 \uBD88\uAC00\uD569\uB2C8\uB2E4",
+  provider_unavailable: "\uC678\uBD80 \uACF5\uAE09\uC790\uAC00 \uC751\uB2F5\uD558\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4",
+  rate_limited: "\uC694\uCCAD\uC774 \uB108\uBB34 \uB9CE\uC2B5\uB2C8\uB2E4 \u2014 \uC7A0\uC2DC \uD6C4 \uB2E4\uC2DC \uC2DC\uB3C4\uD558\uC138\uC694",
+  upstream_timeout: "\uC751\uB2F5 \uC2DC\uAC04\uC774 \uCD08\uACFC\uB418\uC5C8\uC2B5\uB2C8\uB2E4",
+  upstream_5xx: "\uC678\uBD80 \uC11C\uBE44\uC2A4 \uC624\uB958",
+  dns_failure: "\uB124\uD2B8\uC6CC\uD06C \uC5F0\uACB0 \uC624\uB958",
+  not_found: "\uB9AC\uC18C\uC2A4\uB97C \uCC3E\uC744 \uC218 \uC5C6\uC2B5\uB2C8\uB2E4",
+  invalid_argument: "\uC778\uC790\uAC00 \uC62C\uBC14\uB974\uC9C0 \uC54A\uC2B5\uB2C8\uB2E4",
+  unknown: "\uC54C \uC218 \uC5C6\uB294 \uC624\uB958"
+};
+var CLI_I18N_EN = {
+  AuthenticationRequired: "Authentication required",
+  RunLoginToAuthenticate: "Run `01 login` to authenticate via browser, or",
+  PassApiKey: "pass `--api-key <token>`, or",
+  SetEnvVars: "set `SOFTWARE_PUBLISHABLE_KEY` and `SOFTWARE_SECRET_KEY` environment variables.",
+  InvalidApiKeyFormat: "Invalid API key format. Expected `sk01_` or `pat01_` token.",
+  LegacyHexCredentialsRejected: "Legacy hex credentials are no longer accepted \u2014 run `01 login` to re-authenticate.",
+  InvalidJsonObject: "--{{label}} must be a JSON object.",
+  InvalidJsonArray: "--{{label}} must be a JSON array.",
+  InvalidJsonValue: "Invalid JSON for --{{label}}: {{value}}",
+  Empty: "(empty)",
+  Total: "{{n}} total",
+  PageOf: "page {{page}}/{{total}}",
+  tenant_mismatch: "Tenant access denied",
+  account_suspended: "Your account has been suspended",
+  feature_disabled: "This feature is disabled",
+  role_denied: "Insufficient role permissions",
+  credential_invalid: "Invalid credentials",
+  pat_tenant_unpinned: "PAT token tenant is not pinned",
+  publishable_key_mismatch: "Publishable key mismatch",
+  scope_denied: "Scope permission denied",
+  redis_unavailable: "Cache temporarily unavailable",
+  provider_unavailable: "Upstream provider unavailable",
+  rate_limited: "Too many requests \u2014 please try again shortly",
+  upstream_timeout: "Upstream request timed out",
+  upstream_5xx: "Upstream service error",
+  dns_failure: "Network connection error",
+  not_found: "Resource not found",
+  invalid_argument: "Invalid argument",
+  unknown: "Unknown error"
+};
+var activeLocale = null;
+function detectLocale() {
+  if (activeLocale) return activeLocale;
+  const raw = process.env.LC_ALL ?? process.env.LANG ?? process.env.LANGUAGE ?? "";
+  return raw.toLowerCase().startsWith("ko") ? "ko" : "en";
+}
+function setLocale(locale) {
+  activeLocale = locale ?? null;
+}
+function t(key, vars) {
+  const table = detectLocale() === "ko" ? CLI_I18N_KO : CLI_I18N_EN;
+  let s = table[key];
+  if (vars) {
+    for (const [k, v] of Object.entries(vars)) {
+      const escaped = k.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+      s = s.replace(new RegExp(`\\{\\{${escaped}\\}\\}`, "g"), String(v));
+    }
+  }
+  return s;
+}
 
 // src/lib/output.ts
-import pc2 from "picocolors";
+var CLI_I18N_KEYS = Object.keys(CLI_I18N_KO);
 function printJson(data) {
   console.log(JSON.stringify(data, null, 2));
 }
 function printTable(data) {
   if (Array.isArray(data)) {
     if (data.length === 0) {
-      console.log(pc2.dim("(empty)"));
+      console.log(pc.dim(t("Empty")));
       return;
     }
     const keys = Object.keys(data[0]);
@@ -224,7 +355,7 @@ function printTable(data) {
     const maxKey = Math.max(...entries.map(([k]) => k.length));
     for (const [key, value] of entries) {
       const display = typeof value === "object" ? JSON.stringify(value) : String(value);
-      console.log(`${pc2.bold(key.padEnd(maxKey))}  ${display}`);
+      console.log(`${pc.bold(key.padEnd(maxKey))}  ${display}`);
     }
   } else {
     console.log(String(data));
@@ -250,9 +381,12 @@ function printResult(data, format) {
       const resp = data;
       printTable(resp.docs);
       console.log(
-        pc2.dim(
+        pc.dim(
           `
-${resp.totalDocs} total | page ${resp.page}/${resp.totalPages}`
+${t("Total", { n: resp.totalDocs })} | ${t("PageOf", {
+            page: resp.page,
+            total: resp.totalPages
+          })}`
         )
       );
       return;
@@ -263,35 +397,107 @@ ${resp.totalDocs} total | page ${resp.page}/${resp.totalPages}`
   }
 }
 function getExitCode(error) {
-  if (!error || typeof error !== "object") return 1;
-  const err = error;
-  if (err.name === "ConfigError") return 2;
-  if (err.name === "ValidationError") return 3;
-  if (err.name === "NetworkError" || err.name === "TimeoutError") return 4;
-  if (err.name === "GoneError") return 5;
-  if (err.name === "UsageLimitError") return 6;
-  const s = err.status;
-  if (s === 401) return 2;
-  if (s === 400 || s === 422) return 3;
-  if (s === 408 || s === 503) return 4;
-  if (s === 404) return 5;
-  if (s === 429) return 6;
-  return 1;
+  return adminErrorExitCode(classifyError(error));
 }
-function exitWithError(error) {
-  printError(error);
-  process.exit(getExitCode(error));
+function resolveFormat(options) {
+  return options.format ?? process.env.OUTPUT_FORMAT ?? "json";
 }
-function printError(error) {
-  if (error && typeof error === "object" && "message" in error) {
-    const err = error;
-    console.error(pc2.red(`Error: ${err.message}`));
-    if (err.code) console.error(pc2.dim(`Code: ${err.code}`));
-    if (err.status) console.error(pc2.dim(`Status: ${err.status}`));
-    if (err.suggestion) console.error(pc2.yellow(err.suggestion));
+function printError(error, options = {}) {
+  const adminError = classifyError(error);
+  const knownKey = CLI_I18N_KEYS.includes(adminError.code) ? adminError.code : null;
+  const localized = knownKey ? t(knownKey) : null;
+  const rawErr = error && typeof error === "object" ? error : null;
+  const rawMessage = rawErr && typeof rawErr.message === "string" ? rawErr.message : "";
+  const stringErr = typeof error === "string" ? error : "";
+  const detailMessage = rawErr && rawErr.detail && typeof rawErr.detail === "object" && typeof rawErr.detail.message === "string" ? String(rawErr.detail.message) : "";
+  const headline = rawMessage || stringErr || detailMessage || localized || adminError.code;
+  console.error(pc.red(`Error: ${headline}`));
+  if (rawErr && typeof rawErr.code === "string" && rawErr.code !== adminError.code) {
+    console.error(pc.dim(`Code: ${rawErr.code}`));
   } else {
-    console.error(pc2.red(String(error)));
+    console.error(pc.dim(`Code: ${adminError.code}`));
+  }
+  if (rawErr && typeof rawErr.status === "number") {
+    console.error(pc.dim(`Status: ${rawErr.status}`));
   }
+  console.error(pc.dim(`Type: ${adminError.type}`));
+  if (adminError.type === "degraded" && typeof adminError.retryAfter === "number") {
+    console.error(pc.yellow(`Retry after: ${adminError.retryAfter}s`));
+  }
+  if (rawErr && typeof rawErr.suggestion === "string") {
+    console.error(pc.yellow(rawErr.suggestion));
+  }
+  if (resolveFormat(options) === "json") {
+    console.log(JSON.stringify(adminError));
+  }
+}
+function exitWithError(error, options = {}) {
+  printError(error, options);
+  process.exit(getExitCode(error));
+}
+
+// src/lib/client.ts
+function isValidBearerToken(secret) {
+  return secret.startsWith("sk01_") || secret.startsWith("pat01_");
+}
+function resolveClient(apiKeyFlag) {
+  let publishableKey = process.env.SOFTWARE_PUBLISHABLE_KEY;
+  let secretKey = apiKeyFlag ?? process.env.SOFTWARE_SECRET_KEY;
+  let tenantId;
+  if (!publishableKey || !secretKey) {
+    const local = loadLocalCredentials();
+    if (local) {
+      publishableKey = publishableKey ?? local.publishableKey;
+      secretKey = secretKey ?? local.secretKey;
+      tenantId = tenantId ?? local.tenantId;
+    }
+  }
+  if (!publishableKey || !secretKey) {
+    const stored = loadCredentials();
+    if (stored) {
+      publishableKey = publishableKey ?? stored.publishableKey;
+      secretKey = secretKey ?? stored.secretKey;
+      tenantId = tenantId ?? stored.tenantId;
+    }
+  }
+  if (!publishableKey || !secretKey) {
+    exitWithError({
+      type: "permission",
+      code: "credential_invalid",
+      detail: {
+        message: t("AuthenticationRequired"),
+        steps: [
+          t("RunLoginToAuthenticate"),
+          t("PassApiKey"),
+          t("SetEnvVars")
+        ]
+      }
+    });
+  }
+  if (!isValidBearerToken(secretKey)) {
+    exitWithError({
+      type: "permission",
+      code: "credential_invalid",
+      detail: {
+        message: t("InvalidApiKeyFormat"),
+        suggestion: t("LegacyHexCredentialsRejected")
+      }
+    });
+  }
+  const serverOptions = { publishableKey, secretKey, tenantId };
+  return {
+    collections: new CollectionClient(
+      publishableKey,
+      secretKey,
+      void 0,
+      void 0,
+      void 0,
+      tenantId
+    ),
+    commerce: new ServerCommerceClient(serverOptions),
+    publishableKey,
+    secretKey
+  };
 }
 
 // src/commands/crud.ts
@@ -300,32 +506,44 @@ import { basename } from "path";
 import { COLLECTIONS } from "@01.software/sdk";
 
 // src/lib/parse.ts
-import pc3 from "picocolors";
-function parseJson(value, label) {
+function failArg(label, value, expectedKind) {
+  const message = expectedKind === "object" ? t("InvalidJsonObject", { label }) : expectedKind === "array" ? t("InvalidJsonArray", { label }) : t("InvalidJsonValue", { label, value });
+  exitWithError({
+    type: "validation",
+    code: "invalid_argument",
+    field: label,
+    // `message` is read by `printError` for the stderr headline so the
+    // user sees the label/value in the one-line summary; `detail` carries
+    // the structured fields for `--format json` consumers.
+    message,
+    detail: { message, value, field: label }
+  });
+}
+function parseJson(value, label, options = {}) {
+  let parsed;
   try {
-    const parsed = JSON.parse(value);
-    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
-      console.error(pc3.red(`--${label} must be a JSON object.`));
-      process.exit(3);
-    }
-    return parsed;
+    parsed = JSON.parse(value);
   } catch {
-    console.error(pc3.red(`Invalid JSON for --${label}: ${value}`));
-    process.exit(3);
+    return failArg(label, value, "value");
   }
+  if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+    return failArg(label, value, "object");
+  }
+  void options;
+  return parsed;
 }
-function parseJsonArray(value, label) {
+function parseJsonArray(value, label, options = {}) {
+  let parsed;
   try {
-    const parsed = JSON.parse(value);
-    if (!Array.isArray(parsed)) {
-      console.error(pc3.red(`--${label} must be a JSON array.`));
-      process.exit(3);
-    }
-    return parsed;
+    parsed = JSON.parse(value);
   } catch {
-    console.error(pc3.red(`Invalid JSON for --${label}: ${value}`));
-    process.exit(3);
+    return failArg(label, value, "value");
+  }
+  if (!Array.isArray(parsed)) {
+    return failArg(label, value, "array");
   }
+  void options;
+  return parsed;
 }
 
 // src/commands/crud.ts
@@ -854,7 +1072,7 @@ import { createServer } from "http";
 import { execFile, exec } from "child_process";
 import { platform } from "os";
 import { URL } from "url";
-import pc4 from "picocolors";
+import pc2 from "picocolors";
 var WEB_URL = process.env.SOFTWARE_WEB_URL || "https://01.software";
 var TIMEOUT_MS = 3 * 60 * 1e3;
 function escapeHtml(s) {
@@ -864,7 +1082,7 @@ function openBrowser(url) {
   const os = platform();
   const onError = () => {
     console.log(
-      pc4.yellow(
+      pc2.yellow(
         `Could not open browser automatically. Open this URL manually:
 ${url}`
       )
@@ -910,7 +1128,7 @@ async function exchangeCode(code) {
     if (!res.ok) {
       const body = await res.text().catch(() => "");
       console.error(
-        pc4.red(
+        pc2.red(
           `Exchange failed: HTTP ${res.status} from ${url}${body ? ` \u2014 ${body.slice(0, 200)}` : ""}`
         )
       );
@@ -918,7 +1136,7 @@ async function exchangeCode(code) {
     }
     const data = await res.json();
     if (typeof data.publishableKey !== "string" || typeof data.secretKey !== "string" || typeof data.tenantName !== "string" || typeof data.tenantId !== "string") {
-      console.error(pc4.red(`Exchange failed: malformed response from ${url}`));
+      console.error(pc2.red(`Exchange failed: malformed response from ${url}`));
       return null;
     }
     return {
@@ -927,12 +1145,12 @@ async function exchangeCode(code) {
       tenantName: data.tenantName,
       tenantId: data.tenantId,
       tenants: Array.isArray(data.tenants) ? data.tenants.filter(
-        (t) => typeof t?.id === "string" && typeof t?.name === "string"
+        (t2) => typeof t2?.id === "string" && typeof t2?.name === "string"
       ) : void 0
     };
   } catch (err) {
     console.error(
-      pc4.red(
+      pc2.red(
         `Exchange request to ${url} failed: ${err instanceof Error ? err.message : String(err)}`
       )
     );
@@ -954,7 +1172,7 @@ function startAuthServer(options) {
       const error = url.searchParams.get("error");
       if (error) {
         res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML(error));
-        console.error(pc4.red(`Login failed: ${error}`));
+        console.error(pc2.red(`Login failed: ${error}`));
         cleanup(2);
         return;
       }
@@ -967,14 +1185,14 @@ function startAuthServer(options) {
       }
       if (receivedState !== options.state) {
         res.writeHead(403, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML('State mismatch. Start over with "01 login".'));
-        console.error(pc4.red("Login failed: state mismatch."));
+        console.error(pc2.red("Login failed: state mismatch."));
         cleanup(2);
         return;
       }
       exchangeCode(code).then((creds) => {
         if (!creds) {
           res.writeHead(400, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(ERROR_HTML('Invalid or expired code. Start over with "01 login".'));
-          console.error(pc4.red("Login failed: code exchange failed."));
+          console.error(pc2.red("Login failed: code exchange failed."));
           cleanup(2);
           return;
         }
@@ -987,9 +1205,9 @@ function startAuthServer(options) {
         if (creds.tenants && creds.tenants.length > 0) {
           saveTenantList(creds.tenants);
         }
-        console.log(pc4.green(`
+        console.log(pc2.green(`
 Logged in successfully!`));
-        console.log(pc4.dim(`Tenant: ${creds.tenantName}`));
+        console.log(pc2.dim(`Tenant: ${creds.tenantName}`));
         res.writeHead(200, { "Content-Type": "text/html; charset=utf-8", Connection: "close" }).end(SUCCESS_HTML);
         cleanup(0);
       });
@@ -1011,7 +1229,7 @@ Logged in successfully!`));
       }
       timeout = setTimeout(() => {
         console.error(
-          pc4.red("\nLogin timed out (3 minutes). Please try again.")
+          pc2.red("\nLogin timed out (3 minutes). Please try again.")
         );
         cleanup(4);
       }, TIMEOUT_MS);
@@ -1030,18 +1248,18 @@ function registerAuthCommands(program2) {
         state,
         saveFn: (creds) => {
           saveCredentials(creds);
-          console.log(pc4.dim(`Credentials saved to ${getCredentialsPath()}`));
+          console.log(pc2.dim(`Credentials saved to ${getCredentialsPath()}`));
         }
       });
       const params = new URLSearchParams({ port: String(port), state });
       const loginUrl = `${WEB_URL}/cli-auth?${params.toString()}`;
-      console.log(pc4.dim("Opening browser for login..."));
-      console.log(pc4.dim(`If the browser does not open, visit:
+      console.log(pc2.dim("Opening browser for login..."));
+      console.log(pc2.dim(`If the browser does not open, visit:
 ${loginUrl}`));
       openBrowser(loginUrl);
     } catch (err) {
       console.error(
-        pc4.red(
+        pc2.red(
           `Server error: ${err instanceof Error ? err.message : String(err)}`
         )
       );
@@ -1051,9 +1269,9 @@ ${loginUrl}`));
   program2.command("logout").description("Remove stored credentials").action(() => {
     const deleted = deleteCredentials();
     if (deleted) {
-      console.log(pc4.green("Logged out. Credentials removed."));
+      console.log(pc2.green("Logged out. Credentials removed."));
     } else {
-      console.log(pc4.dim("No stored credentials found."));
+      console.log(pc2.dim("No stored credentials found."));
     }
   });
   program2.command("whoami").description("Show current authentication status").action(() => {
@@ -1062,23 +1280,23 @@ ${loginUrl}`));
     const creds = localCreds || globalCreds;
     const isLocal = !!localCreds;
     if (!creds) {
-      console.log(pc4.dim('Not logged in. Run "01 login" to authenticate.'));
+      console.log(pc2.dim('Not logged in. Run "01 login" to authenticate.'));
       return;
     }
     const masked = creds.publishableKey.length > 8 ? creds.publishableKey.slice(0, 4) + "..." + creds.publishableKey.slice(-4) : "****";
-    const scope = isLocal ? pc4.cyan(" (local)") : "";
-    console.log(`Tenant:     ${pc4.bold(creds.tenantName)}${scope}`);
-    console.log(`Publishable Key: ${pc4.dim(masked)}`);
-    console.log(`Stored at:  ${pc4.dim(creds.storedAt)}`);
+    const scope = isLocal ? pc2.cyan(" (local)") : "";
+    console.log(`Tenant:     ${pc2.bold(creds.tenantName)}${scope}`);
+    console.log(`Publishable Key: ${pc2.dim(masked)}`);
+    console.log(`Stored at:  ${pc2.dim(creds.storedAt)}`);
     console.log(
-      `File:       ${pc4.dim(isLocal ? getLocalCredentialsPath() : getCredentialsPath())}`
+      `File:       ${pc2.dim(isLocal ? getLocalCredentialsPath() : getCredentialsPath())}`
     );
   });
   const tenant = program2.command("tenant").description("Manage tenant switching");
   tenant.command("list").description("Show cached tenant list").action(() => {
     const tenants = loadTenantList();
     if (!tenants || tenants.length === 0) {
-      console.log(pc4.dim('No cached tenants. Run "01 login" first.'));
+      console.log(pc2.dim('No cached tenants. Run "01 login" first.'));
       return;
     }
     const localCreds = loadLocalCredentials();
@@ -1086,30 +1304,30 @@ ${loginUrl}`));
     const activeCreds = localCreds || globalCreds;
     const activeId = activeCreds?.tenantId;
     const activeName = activeCreds?.tenantName;
-    console.log(pc4.bold("Cached tenants:\n"));
-    for (const t of tenants) {
-      const active = (activeId ? t.id === activeId : t.name === activeName) ? pc4.green(" *") : "";
-      console.log(`  ${t.name}${active}`);
+    console.log(pc2.bold("Cached tenants:\n"));
+    for (const t2 of tenants) {
+      const active = (activeId ? t2.id === activeId : t2.name === activeName) ? pc2.green(" *") : "";
+      console.log(`  ${t2.name}${active}`);
     }
     console.log();
     if (activeName) {
       const scope = localCreds ? "(local)" : "(global)";
-      console.log(pc4.dim(`* active ${scope}`));
+      console.log(pc2.dim(`* active ${scope}`));
     }
   });
   tenant.command("use <name>").description("Switch to a different tenant via browser").option("--local", "Save credentials locally in the current project").action(async (name, opts) => {
     const tenants = loadTenantList();
     if (!tenants || tenants.length === 0) {
-      console.error(pc4.red('No cached tenants. Run "01 login" first.'));
+      console.error(pc2.red('No cached tenants. Run "01 login" first.'));
       process.exit(2);
     }
     const match = tenants.find(
-      (t) => t.name.toLowerCase() === name.toLowerCase()
+      (t2) => t2.name.toLowerCase() === name.toLowerCase()
     );
     if (!match) {
-      console.error(pc4.red(`Tenant "${name}" not found in cache.`));
+      console.error(pc2.red(`Tenant "${name}" not found in cache.`));
       console.error(
-        pc4.dim(`Available: ${tenants.map((t) => t.name).join(", ")}`)
+        pc2.dim(`Available: ${tenants.map((t2) => t2.name).join(", ")}`)
       );
       process.exit(3);
     }
@@ -1122,12 +1340,12 @@ ${loginUrl}`));
           if (isLocal) {
             saveLocalCredentials(creds);
             console.log(
-              pc4.dim(`Credentials saved to ${getLocalCredentialsPath()}`)
+              pc2.dim(`Credentials saved to ${getLocalCredentialsPath()}`)
             );
           } else {
             saveCredentials(creds);
             console.log(
-              pc4.dim(`Credentials saved to ${getCredentialsPath()}`)
+              pc2.dim(`Credentials saved to ${getCredentialsPath()}`)
             );
           }
         }
@@ -1138,13 +1356,13 @@ ${loginUrl}`));
         tenantId: match.id
       });
       const loginUrl = `${WEB_URL}/cli-auth?${params.toString()}`;
-      console.log(pc4.dim(`Switching to tenant "${match.name}"...`));
-      console.log(pc4.dim(`If the browser does not open, visit:
+      console.log(pc2.dim(`Switching to tenant "${match.name}"...`));
+      console.log(pc2.dim(`If the browser does not open, visit:
 ${loginUrl}`));
       openBrowser(loginUrl);
     } catch (err) {
       console.error(
-        pc4.red(
+        pc2.red(
           `Server error: ${err instanceof Error ? err.message : String(err)}`
         )
       );
@@ -1205,13 +1423,28 @@ import { existsSync as existsSync2 } from "fs";
 import { spawn } from "child_process";
 import { fileURLToPath } from "url";
 var __dirname = dirname(fileURLToPath(import.meta.url));
-function findStdioEntry() {
-  for (const depth of ["../../../..", "../../.."]) {
-    const candidate = resolve(__dirname, depth, "apps/mcp/.xmcp/stdio.js");
-    if (existsSync2(candidate)) return candidate;
+function findStdioEntry(baseDir = __dirname) {
+  const packaged = resolve(baseDir, "mcp/stdio.js");
+  if (existsSync2(packaged)) return packaged;
+  const roots = ["../../../..", "../../..", "../.."];
+  const entries = ["apps/mcp/dist/stdio.js", "apps/mcp/.xmcp/stdio.js"];
+  for (const entry of entries) {
+    for (const root of roots) {
+      const candidate = resolve(baseDir, root, entry);
+      if (existsSync2(candidate)) return candidate;
+    }
   }
   return null;
 }
+function createMcpEnv(baseEnv, client) {
+  const env = {
+    ...baseEnv,
+    SOFTWARE_PUBLISHABLE_KEY: client.publishableKey,
+    SOFTWARE_SECRET_KEY: client.secretKey
+  };
+  delete env.SOFTWARE_TENANT_ID;
+  return env;
+}
 function registerMcpCommands(program2) {
   program2.command("mcp").description("Start MCP server over stdio").action(() => {
     const client = resolveClient(program2.opts().apiKey);
@@ -1224,11 +1457,7 @@ function registerMcpCommands(program2) {
       );
     }
     const child = spawn(process.execPath, [stdioEntry], {
-      env: {
-        ...process.env,
-        SOFTWARE_PUBLISHABLE_KEY: client.publishableKey,
-        SOFTWARE_SECRET_KEY: client.secretKey
-      },
+      env: createMcpEnv(process.env, client),
       stdio: ["inherit", "inherit", "inherit"]
     });
     child.on("error", (err) => {
@@ -1243,12 +1472,17 @@ function registerMcpCommands(program2) {
 // src/index.ts
 var require2 = createRequire(import.meta.url);
 var { version } = require2("../package.json");
-process.on("unhandledRejection", (err) => {
-  exitWithError(err);
-});
 var program = new Command();
-program.name("01").description("CLI for the 01.software platform").version(version).option("--api-key <key>", "API key (sk01_... or pat01_... token)").option("--format <format>", "Output format: json, table, or ndjson");
+program.name("01").description("CLI for the 01.software platform").version(version).option("--api-key <key>", "API key (sk01_... or pat01_... token)").option("--format <format>", "Output format: json, table, or ndjson").option("--lang <locale>", "Force locale (ko or en)");
 var getFormat = () => program.opts().format ?? process.env.OUTPUT_FORMAT ?? "json";
+program.hook("preAction", () => {
+  const lang = program.opts().lang;
+  if (lang === "ko" || lang === "en") setLocale(lang);
+  process.env.OUTPUT_FORMAT = getFormat();
+});
+process.on("unhandledRejection", (err) => {
+  exitWithError(err, { format: getFormat() });
+});
 var getClient = () => resolveClient(program.opts().apiKey);
 registerCrudCommands(program, getClient, getFormat);
 registerOrderCommands(program, getClient, getFormat);