@agent-team-foundation/first-tree-hub 0.5.0 → 0.6.1

package/dist/cli/index.mjs

@@ -1,12 +1,12 @@
 #!/usr/bin/env node
-import { A as createAdminUser, C as printResults, F as cleanWorkspaces, M as FirstTreeHubSDK, N as SdkError, O as stopPostgres, P as SessionRegistry, S as checkWebSocket, _ as checkGitHubToken, a as formatCheckReport, b as checkServerHealth, c as onboardCreate, d as checkAgentConfigs, f as checkAgentTokens, g as checkDocker, h as checkDatabase, i as promptMissingFields, k as ClientRuntime, l as saveOnboardState, m as checkContextTreeRepo, n as isInteractive, o as loadOnboardState, p as checkClientConfig, r as promptAddAgent, s as onboardCheck, t as startServer, u as runMigrations, v as checkNodeVersion, x as checkServerReachable, y as checkServerConfig } from "../core-jjk1xFW_.mjs";
-import { S as setConfigValue, _ as readConfigFile, c as DEFAULT_CONFIG_DIR, d as agentConfigSchema, f as clientConfigSchema, g as loadAgents, h as initConfig, l as DEFAULT_DATA_DIR, m as getConfigValue, o as resolveAgentToken, s as resolveServerUrl, t as bootstrapToken, u as DEFAULT_HOME_DIR, v as resetConfig, x as serverConfigSchema, y as resetConfigMeta } from "../bootstrap-BU_7B03u.mjs";
+import { C as resetConfig, D as setConfigValue, E as serverConfigSchema, S as readConfigFile, _ as clientConfigSchema, b as initConfig, c as maskToken, d as saveAgentConfig, f as saveCredentials, g as agentConfigSchema, h as DEFAULT_HOME_DIR, i as ensureFreshAdminToken, l as resolveAgentToken, m as DEFAULT_DATA_DIR, p as DEFAULT_CONFIG_DIR, t as bootstrapToken, u as resolveServerUrl, w as resetConfigMeta, x as loadAgents, y as getConfigValue } from "../bootstrap-Dq_k_6ZD.mjs";
+import { A as FirstTreeHubSDK, D as ClientRuntime, E as stopPostgres, M as SessionRegistry, N as cleanWorkspaces, O as createOwner, _ as checkServerConfig, a as formatCheckReport, b as checkWebSocket, c as onboardCreate, d as checkAgentConfigs, f as checkAgentTokens, g as checkNodeVersion, h as checkDocker, i as promptMissingFields, j as SdkError, l as saveOnboardState, m as checkDatabase, n as isInteractive, o as loadOnboardState, p as checkClientConfig, r as promptAddAgent, s as onboardCheck, t as startServer, u as runMigrations, v as checkServerHealth, x as printResults, y as checkServerReachable } from "../core-Dt3yNBTm.mjs";
 import { n as bindFeishuUser, t as bindFeishuBot } from "../feishu-Y4m2zFc3.mjs";
 import { createRequire } from "node:module";
 import { Command } from "commander";
 import { existsSync, mkdirSync, readdirSync, rmSync } from "node:fs";
 import { join } from "node:path";
-import { confirm, input, select } from "@inquirer/prompts";
+import { confirm, input, password, select } from "@inquirer/prompts";
 //#region src/cli/output.ts
 /** Write a success JSON envelope to stdout. */
 function success(data) {
@@ -30,11 +30,15 @@ function fail(code, message, exitCode = 1) {
 //#region src/commands/agent.ts
 const DEFAULT_WORKSPACE_TTL_MS = 10080 * 60 * 1e3;
 function resolveAgentConfig() {
-	const token = process.env.FIRST_TREE_HUB_TOKEN;
-	if (!token) fail("MISSING_TOKEN", "FIRST_TREE_HUB_TOKEN environment variable is required.", 2);
+	let token;
+	try {
+		token = resolveAgentToken();
+	} catch (error) {
+		fail("MISSING_TOKEN", error instanceof Error ? error.message : String(error), 2);
+	}
 	let serverUrl;
 	try {
-		serverUrl = resolveServerUrl(process.env.FIRST_TREE_HUB_SERVER);
+		serverUrl = resolveServerUrl(process.env.FIRST_TREE_HUB_SERVER_URL);
 	} catch {
 		serverUrl = "http://localhost:8000";
 	}
@@ -78,6 +82,20 @@ function readStdin() {
 		process.stdin.on("error", reject);
 	});
 }
+/**
+* Resolve an agent name (or UUID) to its record via the admin agents API.
+* Accepts either a name or a UUID; throws via fail() if not found.
+*/
+async function resolveAgent(serverUrl, adminToken, agentName) {
+	const res = await fetch(`${serverUrl}/api/v1/admin/agents?limit=100`, {
+		headers: { Authorization: `Bearer ${adminToken}` },
+		signal: AbortSignal.timeout(1e4)
+	});
+	if (!res.ok) fail("FETCH_ERROR", `Failed to list agents: ${res.status}`, 1);
+	const found = (await res.json()).items.find((a) => a.name === agentName || a.uuid === agentName);
+	if (!found) fail("NOT_FOUND", `Agent "${agentName}" not found`, 1);
+	return found;
+}
 function registerAgentCommands(program) {
 	const agent = program.command("agent").description("Agent management — config, tokens, bindings, messaging");
 	agent.command("add [name]").description("Add an agent instance").option("-t, --token <token>", "Agent token").action(async (name, options) => {
@@ -135,14 +153,46 @@ function registerAgentCommands(program) {
 				process.stderr.write("  No agents configured.\n");
 				return;
 			}
-			for (const [name, config] of agents) {
-				const masked = config.token.length > 8 ? `${config.token.slice(0, 6)}***${config.token.slice(-2)}` : "***";
-				process.stderr.write(`  ${name.padEnd(20)} type: ${config.type.padEnd(14)} token: ${masked}\n`);
-			}
+			for (const [name, config] of agents) process.stderr.write(`  ${name.padEnd(20)} runtime: ${config.runtime.padEnd(14)} token: ${maskToken(config.token)}\n`);
 		} catch {
 			process.stderr.write("  No agents configured.\n");
 		}
 	});
+	agent.command("create <name>").description("Create an agent on Hub and bind it locally (CLI-first)").requiredOption("--type <type>", "Agent type (human, personal_assistant, autonomous_agent)").option("--runtime <runtime>", "Runtime handler (default: claude-code)", "claude-code").option("--display-name <name>", "Display name").option("--server <url>", "Hub server URL").action(async (name, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const headers = {
+				Authorization: `Bearer ${await ensureFreshAdminToken()}`,
+				"Content-Type": "application/json"
+			};
+			const createBody = {
+				name,
+				type: options.type
+			};
+			if (options.displayName) createBody.displayName = options.displayName;
+			const createRes = await fetch(`${serverUrl}/api/v1/admin/agents`, {
+				method: "POST",
+				headers,
+				body: JSON.stringify(createBody),
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!createRes.ok) fail("CREATE_ERROR", (await createRes.json().catch(() => ({}))).error ?? `Failed to create agent (HTTP ${createRes.status})`, 1);
+			const agent = await createRes.json();
+			process.stderr.write(`  \u2713 Agent created: ${agent.name ?? agent.uuid}\n`);
+			const tokenRes = await fetch(`${serverUrl}/api/v1/admin/agents/${agent.uuid}/tokens`, {
+				method: "POST",
+				headers,
+				body: JSON.stringify({ name: "default" }),
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!tokenRes.ok) fail("TOKEN_ERROR", `Failed to generate token (HTTP ${tokenRes.status})`, 1);
+			const agentDir = saveAgentConfig(name, (await tokenRes.json()).token, options.runtime);
+			process.stderr.write(`  \u2713 Token saved: ${agentDir}/agent.yaml\n`);
+			process.stderr.write(`  \u2713 Agent ready — running client will auto-bind\n`);
+		} catch (error) {
+			fail("CREATE_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
 	agent.command("workspace").description("Manage agent workspaces").command("clean [agent-name]").description("Remove stale workspace directories (older than TTL with no active session)").option("--ttl <days>", "TTL in days", String(DEFAULT_WORKSPACE_TTL_MS / (1440 * 60 * 1e3))).action((agentName, options) => {
 		const defaultDays = DEFAULT_WORKSPACE_TTL_MS / (1440 * 60 * 1e3);
 		const ttlMs = Number.parseInt(options?.ttl ?? String(defaultDays), 10) * 24 * 60 * 60 * 1e3;
@@ -258,6 +308,214 @@ function registerAgentCommands(program) {
 			handleSdkError(error);
 		}
 	});
+	agent.command("status [name]").description("Show agent runtime status from Hub server").option("--server <url>", "Hub server URL").action(async (name, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options?.server);
+			const response = await fetch(`${serverUrl}/api/v1/admin/agents/activity`, {
+				headers: { Authorization: `Bearer ${await ensureFreshAdminToken()}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) fail("FETCH_ERROR", `Server returned ${response.status}`, 1);
+			const data = await response.json();
+			if (name) {
+				const agent = data.agents.find((a) => a.agentId === name);
+				if (!agent) {
+					process.stderr.write(`\n  Agent "${name}" is not running.\n\n`);
+					return;
+				}
+				process.stderr.write(`\n  Agent: ${agent.agentId}\n`);
+				process.stderr.write(`  Runtime: ${agent.runtimeType ?? "—"}\n`);
+				process.stderr.write(`  State: ${agent.runtimeState ?? "—"}\n`);
+				if (agent.activeSessions !== null) process.stderr.write(`  Sessions: ${agent.activeSessions} active / ${agent.totalSessions ?? 0} total\n`);
+				if (agent.clientId) process.stderr.write(`  Client: ${agent.clientId}\n`);
+				process.stderr.write("\n");
+				return;
+			}
+			process.stderr.write(`\n  Hub: ${serverUrl}\n\n`);
+			process.stderr.write(`  Clients: ${data.clients} connected\n`);
+			process.stderr.write(`  Agents: ${data.running} running / ${data.total} total\n`);
+			process.stderr.write(`  Errors: ${data.byState.error} | Blocked: ${data.byState.blocked} | Working: ${data.byState.working} | Idle: ${data.byState.idle}\n\n`);
+			if (data.agents.length > 0) {
+				const header = `  ${"AGENT".padEnd(18)} ${"RUNTIME".padEnd(14)} ${"STATE".padEnd(10)} SESSIONS`;
+				process.stderr.write(`${header}\n`);
+				process.stderr.write(`  ${"─".repeat(header.length - 2)}\n`);
+				for (const a of data.agents) {
+					const sessions = a.activeSessions !== null ? `${a.activeSessions}/${a.totalSessions ?? 0}` : "—";
+					process.stderr.write(`  ${(a.agentId ?? "").padEnd(18)} ${(a.runtimeType ?? "—").padEnd(14)} ${(a.runtimeState ?? "—").padEnd(10)} ${sessions}\n`);
+				}
+				process.stderr.write("\n");
+			}
+		} catch (error) {
+			if (error instanceof Error && error.message.includes("ADMIN_TOKEN")) {
+				try {
+					const me = await createSdk().register();
+					process.stderr.write(`\n  Agent: ${me.agentId} (${me.displayName ?? "no name"})\n`);
+					process.stderr.write(`  Type: ${me.type}\n`);
+					process.stderr.write(`  Status: ${me.status}\n\n`);
+				} catch (sdkError) {
+					handleSdkError(sdkError);
+				}
+				return;
+			}
+			fail("STATUS_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+	agent.command("reset <name>").description("Reset agent error state to idle").option("--server <url>", "Hub server URL").action(async (name, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const response = await fetch(`${serverUrl}/api/v1/admin/agents/activity/${name}/reset-activity`, {
+				method: "POST",
+				headers: { Authorization: `Bearer ${await ensureFreshAdminToken()}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) fail("RESET_ERROR", `Server returned ${response.status}`, 1);
+			process.stderr.write(`  Agent "${name}" reset to idle.\n`);
+		} catch (error) {
+			fail("RESET_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+	agent.command("sessions <agent-name>").description("List sessions for an agent").option("--server <url>", "Hub server URL").option("--state <state>", "Filter by session state (active/suspended/evicted)").action(async (agentName, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const adminToken = await ensureFreshAdminToken();
+			const agentId = (await resolveAgent(serverUrl, adminToken, agentName)).uuid;
+			const qs = options.state ? `?state=${options.state}` : "";
+			const response = await fetch(`${serverUrl}/api/v1/admin/sessions/agents/${agentId}${qs}`, {
+				headers: { Authorization: `Bearer ${adminToken}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) fail("FETCH_ERROR", `Server returned ${response.status}`, 1);
+			const sessions = await response.json();
+			if (sessions.length === 0) {
+				process.stderr.write(`\n  No sessions for "${agentName}".\n\n`);
+				return;
+			}
+			process.stderr.write(`\n  Sessions for "${agentName}":\n\n`);
+			const header = `  ${"CHAT".padEnd(40)} ${"STATE".padEnd(12)} ${"RUNTIME".padEnd(10)} LAST ACTIVITY`;
+			process.stderr.write(`${header}\n`);
+			process.stderr.write(`  ${"─".repeat(header.length - 2)}\n`);
+			for (const s of sessions) {
+				const chatShort = s.chatId.length > 38 ? `${s.chatId.slice(0, 35)}...` : s.chatId;
+				process.stderr.write(`  ${chatShort.padEnd(40)} ${s.state.padEnd(12)} ${(s.runtimeState ?? "—").padEnd(10)} ${s.lastActivityAt}\n`);
+			}
+			process.stderr.write("\n");
+		} catch (error) {
+			fail("SESSIONS_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+	const sessionCmd = agent.command("session").description("Session lifecycle commands");
+	for (const [cmd, desc] of [
+		["suspend", "Suspend a session"],
+		["resume", "Resume a suspended session"],
+		["terminate", "Terminate a session"]
+	]) sessionCmd.command(`${cmd} <agent-name> <chat-id>`).description(desc).option("--server <url>", "Hub server URL").action(async (agentName, chatId, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const adminToken = await ensureFreshAdminToken();
+			const agentId = (await resolveAgent(serverUrl, adminToken, agentName)).uuid;
+			const response = await fetch(`${serverUrl}/api/v1/admin/sessions/agents/${agentId}/${chatId}/${cmd}`, {
+				method: "POST",
+				headers: { Authorization: `Bearer ${adminToken}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) {
+				const body = await response.text();
+				fail("SESSION_CMD_ERROR", `Server returned ${response.status}: ${body}`, 1);
+			}
+			process.stderr.write(`  Session ${cmd}: ${chatId} → sent\n`);
+		} catch (error) {
+			fail("SESSION_CMD_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+	agent.command("chat <agent-name>").description("Open an interactive chat with an agent (as admin human agent)").option("--server <url>", "Hub server URL").action(async (agentName, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const adminToken = await ensureFreshAdminToken();
+			const headers = {
+				Authorization: `Bearer ${adminToken}`,
+				"Content-Type": "application/json"
+			};
+			const targetAgent = await resolveAgent(serverUrl, adminToken, agentName);
+			const dmRes = await fetch(`${serverUrl}/api/v1/admin/agents/${targetAgent.uuid}/chats`, {
+				method: "POST",
+				headers,
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!dmRes.ok) {
+				const body = await dmRes.text();
+				fail("DM_ERROR", `Failed to create DM: ${dmRes.status} — ${body}`, 1);
+			}
+			const dm = await dmRes.json();
+			process.stderr.write(`\n  Chat with ${targetAgent.displayName ?? targetAgent.name ?? targetAgent.uuid}\n`);
+			process.stderr.write(`  Chat ID: ${dm.id}\n`);
+			process.stderr.write(`  Type a message and press Enter. Ctrl+C to exit.\n\n`);
+			const rl = (await import("node:readline")).createInterface({
+				input: process.stdin,
+				output: process.stderr,
+				prompt: "  > "
+			});
+			let lastSeenAt = null;
+			const pollMessages = async () => {
+				try {
+					const qs = lastSeenAt ? `?limit=50` : `?limit=10`;
+					const msgRes = await fetch(`${serverUrl}/api/v1/admin/chats/${dm.id}/messages${qs}`, {
+						headers,
+						signal: AbortSignal.timeout(1e4)
+					});
+					if (!msgRes.ok) return;
+					const msgData = await msgRes.json();
+					const cutoff = lastSeenAt;
+					const newMessages = cutoff ? msgData.items.filter((m) => m.createdAt > cutoff && m.senderId === targetAgent.uuid).reverse() : [];
+					for (const msg of newMessages) {
+						const content = typeof msg.content === "string" ? msg.content : JSON.stringify(msg.content);
+						const preview = content.length > 500 ? `${content.slice(0, 500)}...` : content;
+						process.stderr.write(`\r  [${targetAgent.displayName ?? targetAgent.name ?? "agent"}] ${preview}\n`);
+					}
+					if (msgData.items.length > 0 && msgData.items[0]) {
+						const newest = msgData.items[0].createdAt;
+						if (!lastSeenAt || newest > lastSeenAt) lastSeenAt = newest;
+					}
+				} catch {}
+			};
+			await pollMessages();
+			const pollTimer = setInterval(() => {
+				pollMessages().then(() => rl.prompt());
+			}, 2e3);
+			rl.prompt();
+			rl.on("line", async (line) => {
+				const text = line.trim();
+				if (!text) {
+					rl.prompt();
+					return;
+				}
+				try {
+					const sendRes = await fetch(`${serverUrl}/api/v1/admin/chats/${dm.id}/messages`, {
+						method: "POST",
+						headers,
+						body: JSON.stringify({
+							format: "text",
+							content: text
+						}),
+						signal: AbortSignal.timeout(1e4)
+					});
+					if (!sendRes.ok) {
+						const body = await sendRes.text();
+						process.stderr.write(`  [error] Failed to send: ${sendRes.status} — ${body}\n`);
+					} else lastSeenAt = (await sendRes.json()).createdAt;
+				} catch (err) {
+					process.stderr.write(`  [error] ${err instanceof Error ? err.message : String(err)}\n`);
+				}
+				rl.prompt();
+			});
+			rl.on("close", () => {
+				clearInterval(pollTimer);
+				process.stderr.write("\n  Chat ended.\n");
+				process.exit(0);
+			});
+		} catch (error) {
+			fail("CHAT_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
 	agent.command("register").description("Register this agent and return identity info").action(async () => {
 		try {
 			success(await createSdk().register());
@@ -292,21 +550,19 @@ function registerClientCommands(program) {
 				schema: clientConfigSchema,
 				role: "client"
 			});
+			const agentsDir = join(DEFAULT_CONFIG_DIR, "agents");
 			const agents = loadAgents({
 				schema: agentConfigSchema,
-				agentsDir: join(DEFAULT_CONFIG_DIR, "agents")
+				agentsDir
 			});
-			if (agents.size === 0) {
-				process.stderr.write("  No agents configured.\n");
-				process.stderr.write("  Add one with: first-tree-hub agent add <name> --token <token>\n");
-				process.exit(1);
-			}
 			process.stderr.write(`\n  Connecting to ${config.server.url}...\n`);
 			const runtime = new ClientRuntime(config.server.url);
 			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
 			await runtime.start();
+			runtime.watchAgentsDir(agentsDir);
 			const shutdown = async () => {
 				process.stderr.write("\n  Shutting down...\n");
+				runtime.unwatchAgentsDir();
 				await runtime.stop();
 				process.exit(0);
 			};
@@ -349,15 +605,64 @@ function registerClientCommands(program) {
 				return;
 			}
 			process.stderr.write("\n  Configured agents:\n\n");
-			for (const [name, config] of agents) {
-				const masked = config.token.length > 8 ? `${config.token.slice(0, 6)}***${config.token.slice(-2)}` : "***";
-				process.stderr.write(`  ${name.padEnd(20)} type: ${config.type.padEnd(14)} token: ${masked}\n`);
-			}
+			for (const [name, config] of agents) process.stderr.write(`  ${name.padEnd(20)} runtime: ${config.runtime.padEnd(14)} token: ${maskToken(config.token)}\n`);
 			process.stderr.write("\n");
 		} catch {
 			process.stderr.write("  No agents directory found.\n");
 		}
 	});
+	client.command("hub-list").description("List connected clients on the Hub server").option("--server <url>", "Hub server URL").action(async (options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const token = await ensureFreshAdminToken();
+			const response = await fetch(`${serverUrl}/api/v1/admin/clients`, {
+				headers: { Authorization: `Bearer ${token}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) fail("FETCH_ERROR", `Server returned ${response.status}`, 1);
+			const clients = await response.json();
+			if (clients.length === 0) {
+				process.stderr.write("  No connected clients.\n");
+				return;
+			}
+			process.stderr.write(`\n  Connected Clients: ${clients.length}\n\n`);
+			const header = `  ${"CLIENT".padEnd(20)} ${"HOST".padEnd(25)} ${"AGENTS".padEnd(8)} CONNECTED`;
+			process.stderr.write(`${header}\n`);
+			process.stderr.write(`  ${"─".repeat(header.length - 2)}\n`);
+			for (const c of clients) {
+				const since = c.connectedAt ? timeSince(c.connectedAt) : "—";
+				process.stderr.write(`  ${c.id.padEnd(20)} ${(c.hostname ?? "—").padEnd(25)} ${String(c.agentCount).padEnd(8)} ${since}\n`);
+			}
+			process.stderr.write("\n");
+		} catch (error) {
+			fail("CLIENT_LIST_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+	client.command("hub-disconnect <clientId>").description("Force-disconnect a client from the Hub server").option("--server <url>", "Hub server URL").action(async (clientId, options) => {
+		try {
+			const serverUrl = resolveServerUrl(options.server);
+			const token = await ensureFreshAdminToken();
+			const response = await fetch(`${serverUrl}/api/v1/admin/clients/${clientId}/disconnect`, {
+				method: "POST",
+				headers: { Authorization: `Bearer ${token}` },
+				signal: AbortSignal.timeout(1e4)
+			});
+			if (!response.ok) fail("DISCONNECT_ERROR", `Server returned ${response.status}`, 1);
+			process.stderr.write(`  Client "${clientId}" disconnected.\n`);
+		} catch (error) {
+			fail("DISCONNECT_ERROR", error instanceof Error ? error.message : String(error));
+		}
+	});
+}
+function timeSince(isoDate) {
+	const ms = Date.now() - new Date(isoDate).getTime();
+	const seconds = Math.floor(ms / 1e3);
+	if (seconds < 60) return `${seconds}s`;
+	const minutes = Math.floor(seconds / 60);
+	if (minutes < 60) return `${minutes}m`;
+	const hours = Math.floor(minutes / 60);
+	if (hours < 24) return `${hours}h ${minutes % 60}m`;
+	return `${Math.floor(hours / 24)}d ${hours % 24}h`;
 }
 //#endregion
 //#region src/commands/config.ts
@@ -453,16 +758,100 @@ function isSecretField(schema, dotPath) {
 	return false;
 }
 //#endregion
+//#region src/commands/connect.ts
+/**
+* Authenticate via connect token — exchange for full JWT credentials.
+*/
+async function authenticateWithToken(url, token) {
+	const res = await fetch(`${url}/api/v1/auth/connect-token`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({ token }),
+		signal: AbortSignal.timeout(1e4)
+	});
+	if (!res.ok) fail("AUTH_ERROR", (await res.json().catch(() => ({}))).error ?? `Token exchange failed (HTTP ${res.status})`, 1);
+	return await res.json();
+}
+/**
+* Authenticate via interactive username/password login.
+*/
+async function authenticateInteractive(url) {
+	process.stderr.write("\n  Log in to Hub:\n");
+	const username = await input({ message: "  Username:" });
+	const pw = await password({ message: "  Password:" });
+	const loginRes = await fetch(`${url}/api/v1/auth/login`, {
+		method: "POST",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify({
+			username,
+			password: pw
+		}),
+		signal: AbortSignal.timeout(1e4)
+	});
+	if (!loginRes.ok) fail("AUTH_ERROR", (await loginRes.json().catch(() => ({}))).error ?? `Login failed (HTTP ${loginRes.status})`, 1);
+	return await loginRes.json();
+}
+function registerConnectCommand(program) {
+	program.command("connect <server-url>").description("Connect to a Hub server — configure, authenticate, and start client").option("--token <token>", "Connect token (from Hub web console) — skips interactive login").action(async (serverUrl, options) => {
+		try {
+			const url = serverUrl.replace(/\/+$/, "");
+			setConfigValue(join(DEFAULT_CONFIG_DIR, "client.yaml"), "server.url", url);
+			process.stderr.write(`\n  \u2713 Server configured: ${url}\n`);
+			saveCredentials({
+				...options.token ? await authenticateWithToken(url, options.token) : await authenticateInteractive(url),
+				serverUrl: url
+			});
+			process.stderr.write("  ✓ Authenticated\n");
+			resetConfig();
+			resetConfigMeta();
+			const config = await initConfig({
+				schema: clientConfigSchema,
+				role: "client"
+			});
+			const agentsDir = join(DEFAULT_CONFIG_DIR, "agents");
+			const agents = loadAgents({
+				schema: agentConfigSchema,
+				agentsDir
+			});
+			process.stderr.write(`\n  Starting client...\n`);
+			const runtime = new ClientRuntime(config.server.url);
+			for (const [name, agentConfig] of agents) runtime.addAgent(name, agentConfig);
+			await runtime.start();
+			runtime.watchAgentsDir(agentsDir);
+			const shutdown = async () => {
+				process.stderr.write("\n  Shutting down...\n");
+				runtime.unwatchAgentsDir();
+				await runtime.stop();
+				process.exit(0);
+			};
+			process.on("SIGINT", () => void shutdown());
+			process.on("SIGTERM", () => void shutdown());
+			await new Promise(() => {});
+		} catch (error) {
+			if (error.name === "ExitPromptError") {
+				process.stderr.write("\n  Cancelled.\n");
+				return;
+			}
+			const msg = error instanceof Error ? error.message : String(error);
+			process.stderr.write(`  Error: ${msg}\n`);
+			process.exit(1);
+		} finally {
+			resetConfig();
+			resetConfigMeta();
+		}
+	});
+}
+//#endregion
 //#region src/commands/onboard.ts
 async function promptMissing(args) {
 	if (!args.server) try {
-		const { resolveServerUrl } = await import("../bootstrap-BU_7B03u.mjs").then((n) => n.n);
+		const { resolveServerUrl } = await import("../bootstrap-Dq_k_6ZD.mjs").then((n) => n.n);
 		resolveServerUrl();
 	} catch {
 		args.server = await input({ message: "Hub server URL:" });
 		saveOnboardState(args);
 	}
-	const { resolveServerUrl } = await import("../bootstrap-BU_7B03u.mjs").then((n) => n.n);
+	const { resolveServerUrl } = await import("../bootstrap-Dq_k_6ZD.mjs").then((n) => n.n);
 	const serverUrl = resolveServerUrl(args.server).replace(/\/+$/, "");
 	try {
 		const res = await fetch(`${serverUrl}/api/v1/bootstrap/config`);
@@ -474,7 +863,7 @@ async function promptMissing(args) {
 	}
 	let ghUsername = null;
 	try {
-		const { getGitHubUsername } = await import("../bootstrap-BU_7B03u.mjs").then((n) => n.n);
+		const { getGitHubUsername } = await import("../bootstrap-Dq_k_6ZD.mjs").then((n) => n.n);
 		ghUsername = getGitHubUsername();
 	} catch {}
 	if (!args.id) {
@@ -626,8 +1015,6 @@ function registerServerCommands(program) {
 			checkDocker(),
 			checkServerConfig(),
 			await checkDatabase(),
-			await checkGitHubToken(),
-			await checkContextTreeRepo(),
 			await checkServerHealth()
 		]);
 	});
@@ -660,12 +1047,12 @@ function registerServerCommands(program) {
 			process.exit(1);
 		}
 	});
-	server.command("admin:create").description("Create an admin user").option("-u, --username <name>", "Admin username", "admin").option("-p, --password <pass>", "Admin password (auto-generated if omitted)").action(async (options) => {
+	server.command("admin:create").description("Create an admin user with organization").option("-u, --username <name>", "Admin username", "admin").option("-n, --name <name>", "Display name", "Admin").option("-o, --org <org>", "Organization slug", "default").option("-p, --password <pass>", "Password (auto-generated if omitted)").action(async (options) => {
 		try {
-			const result = await createAdminUser((await initConfig({
+			const result = await createOwner((await initConfig({
 				schema: serverConfigSchema,
 				role: "server"
-			})).database.url, options.username, options.password);
+			})).database.url, options.username, options.org, options.name, options.password);
 			process.stderr.write(`  Admin user "${result.username}" created.\n`);
 			if (!options.password) process.stderr.write(`  Password: ${result.password}  (save this — shown only once)\n`);
 		} catch (error) {
@@ -742,6 +1129,7 @@ registerClientCommands(program);
 registerAgentCommands(program);
 registerConfigCommands(program);
 registerStatusCommand(program);
+registerConnectCommand(program);
 registerOnboardCommand(program);
 program.parse();
 //#endregion