npm - @aiaiai-pt/martha-cli - Versions diffs - 0.4.0 → 0.5.1 - Mend

@aiaiai-pt/martha-cli 0.4.0 → 0.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md +28 -1
package/README.md +36 -9
package/dist/index.js +487 -96
package/package.json +1 -1
package/skills/martha-cli/SKILL.md +133 -38

package/dist/index.js CHANGED Viewed

@@ -5,43 +5,25 @@ var __getProtoOf = Object.getPrototypeOf;
 var __defProp = Object.defineProperty;
 var __getOwnPropNames = Object.getOwnPropertyNames;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
-function __accessProp(key) {
-  return this[key];
-}
-var __toESMCache_node;
-var __toESMCache_esm;
 var __toESM = (mod, isNodeMode, target) => {
-  var canCache = mod != null && typeof mod === "object";
-  if (canCache) {
-    var cache = isNodeMode ? __toESMCache_node ??= new WeakMap : __toESMCache_esm ??= new WeakMap;
-    var cached = cache.get(mod);
-    if (cached)
-      return cached;
-  }
   target = mod != null ? __create(__getProtoOf(mod)) : {};
   const to = isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target;
   for (let key of __getOwnPropNames(mod))
     if (!__hasOwnProp.call(to, key))
       __defProp(to, key, {
-        get: __accessProp.bind(mod, key),
+        get: () => mod[key],
         enumerable: true
       });
-  if (canCache)
-    cache.set(mod, to);
   return to;
 };
 var __commonJS = (cb, mod) => () => (mod || cb((mod = { exports: {} }).exports, mod), mod.exports);
-var __returnValue = (v) => v;
-function __exportSetter(name, newValue) {
-  this[name] = __returnValue.bind(null, newValue);
-}
 var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, {
       get: all[name],
       enumerable: true,
       configurable: true,
-      set: __exportSetter.bind(all, name)
+      set: (newValue) => all[name] = () => newValue
     });
 };
 var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
@@ -1019,7 +1001,7 @@ Expecting one of '${allowedValues.join("', '")}'`);
         this._exitCallback = (err) => {
           if (err.code !== "commander.executeSubCommandAsync") {
             throw err;
-          }
+          } else {}
         };
       }
       return this;
@@ -11043,7 +11025,31 @@ import { createInterface as createInterface2 } from "node:readline";
 init_errors();
 // src/version.ts
-var CLI_VERSION = "0.3.0";
+import fs5 from "node:fs";
+import path4 from "node:path";
+import { fileURLToPath } from "node:url";
+function readPackageVersion() {
+  let dir = path4.dirname(fileURLToPath(import.meta.url));
+  for (let i = 0;i < 5; i += 1) {
+    const packagePath = path4.join(dir, "package.json");
+    if (fs5.existsSync(packagePath)) {
+      try {
+        const parsed = JSON.parse(fs5.readFileSync(packagePath, "utf-8"));
+        if (parsed.name === "@aiaiai-pt/martha-cli" && parsed.version) {
+          return parsed.version;
+        }
+      } catch {
+        return "0.0.0-dev";
+      }
+    }
+    const parent = path4.dirname(dir);
+    if (parent === dir)
+      break;
+    dir = parent;
+  }
+  return "0.0.0-dev";
+}
+var CLI_VERSION = readPackageVersion();
 // src/commands/sessions.ts
 function relativeTime(iso) {
@@ -11105,7 +11111,8 @@ function printSessionTable(sessions) {
     { header: "LAST ACTIVE", accessor: (r) => r.active },
     { header: "CLIENT", accessor: (r) => r.client }
   ];
-  const stripAnsi = (s) => s.replace(/\x1B\[[0-9;]*m/g, "");
+  const ansiPattern = new RegExp(`${String.fromCharCode(27)}\\[[0-9;]*m`, "g");
+  const stripAnsi = (s) => s.replace(ansiPattern, "");
   const widths = cols.map((col) => Math.max(col.header.length, ...rows.map((r) => stripAnsi(col.accessor(r)).length)));
   const header = cols.map((col, i) => col.header.padEnd(widths[i])).join("  ");
   console.log(source_default.bold(header));
@@ -11879,7 +11886,7 @@ function registerConfigCommand(program2) {
       config.current_profile = name;
     }
     saveConfig(config);
-    if (!!program2.opts().json) {
+    if (program2.opts().json) {
       console.log(JSON.stringify({
         name,
         profile,
@@ -11923,7 +11930,7 @@ function registerConfigCommand(program2) {
       config.current_profile = remaining[0] ?? "default";
     }
     saveConfig(config);
-    if (!!program2.opts().json) {
+    if (program2.opts().json) {
       console.log(JSON.stringify({ name, deleted: true }));
       return;
     }
@@ -11932,8 +11939,8 @@ function registerConfigCommand(program2) {
 }
 // src/commands/definitions-apply.ts
-import fs5 from "node:fs";
-import path4 from "node:path";
+import fs6 from "node:fs";
+import path5 from "node:path";
 init_dist();
 init_errors();
 var VALID_KINDS = new Set(["Function", "Workflow", "Agent"]);
@@ -11968,20 +11975,20 @@ var SERVER_GENERATED_FIELDS = new Set([
 ]);
 var AGENT_MANAGED_FIELDS = new Set(["functions", "workflows"]);
 function loadDefinitions(inputPath) {
-  const resolved = path4.resolve(inputPath);
-  if (!fs5.existsSync(resolved)) {
+  const resolved = path5.resolve(inputPath);
+  if (!fs6.existsSync(resolved)) {
     throw new CLIError(`Path not found: ${inputPath}`, 1 /* Error */);
   }
-  const stat = fs5.statSync(resolved);
+  const stat = fs6.statSync(resolved);
   if (stat.isDirectory()) {
     return loadDirectory(resolved);
   }
   return loadFile(resolved);
 }
 function loadDirectory(dirPath) {
-  const entries = fs5.readdirSync(dirPath).sort();
+  const entries = fs6.readdirSync(dirPath).sort();
   const validExts = new Set([".yaml", ".yml", ".json"]);
-  const files = entries.filter((e) => validExts.has(path4.extname(e).toLowerCase())).map((e) => path4.join(dirPath, e));
+  const files = entries.filter((e) => validExts.has(path5.extname(e).toLowerCase())).map((e) => path5.join(dirPath, e));
   if (files.length === 0) {
     throw new CLIError(`No YAML or JSON files found in ${dirPath}`, 4 /* Validation */);
   }
@@ -11992,8 +11999,8 @@ function loadDirectory(dirPath) {
   return results;
 }
 function loadFile(filePath) {
-  const content = fs5.readFileSync(filePath, "utf-8");
-  const ext = path4.extname(filePath).toLowerCase();
+  const content = fs6.readFileSync(filePath, "utf-8");
+  const ext = path5.extname(filePath).toLowerCase();
   if (ext === ".json") {
     const parsed = parseJsonFile(content, filePath);
     return [toLocalDefinition(parsed, filePath)];
@@ -12415,7 +12422,7 @@ Examples:
 }
 // src/commands/definitions-export.ts
-import fs6 from "node:fs";
+import fs7 from "node:fs";
 init_errors();
 async function exportDefinitions(ctx, opts, isJsonMode) {
   const params = {};
@@ -12431,7 +12438,7 @@ async function exportDefinitions(ctx, opts, isJsonMode) {
   const text = await res.text();
   if (opts.output) {
     try {
-      fs6.writeFileSync(opts.output, text);
+      fs7.writeFileSync(opts.output, text);
     } catch (err) {
       throw new CLIError(`Failed to write ${opts.output}: ${err instanceof Error ? err.message : String(err)}`, 1 /* Error */);
     }
@@ -13029,6 +13036,7 @@ Usage: martha workflows execute ${name} --inputs '${JSON.stringify(Object.fromEn
       label: n.label || "-",
       connections: (outgoing.get(n.id) ?? []).join(", ") || "-"
     }));
+    const ansiPattern = new RegExp(`${String.fromCharCode(27)}\\[[0-9;]*m`, "g");
     const cols = [
       { header: "ID", accessor: (r) => r.id, raw: (r) => r.id },
       { header: "TYPE", accessor: (r) => r.type, raw: (r) => r.type },
@@ -13036,7 +13044,7 @@ Usage: martha workflows execute ${name} --inputs '${JSON.stringify(Object.fromEn
       {
         header: "CONNECTIONS",
         accessor: (r) => r.connections,
-        raw: (r) => (outgoing.get(r.id) ?? []).map((t) => t.replace(/\x1B\[[0-9;]*m/g, "")).join(", ") || "-"
+        raw: (r) => (outgoing.get(r.id) ?? []).map((t) => t.replace(ansiPattern, "")).join(", ") || "-"
       }
     ];
     const widths = cols.map((col) => Math.max(col.header.length, ...rows.map((r) => col.raw(r).length)));
@@ -13154,8 +13162,8 @@ function registerProjectionCommands(parentCmd, getCtx, isJson) {
       } catch {}
     }
     if (opts.output) {
-      const fs7 = await import("node:fs/promises");
-      await fs7.writeFile(opts.output, toWrite, "utf-8");
+      const fs8 = await import("node:fs/promises");
+      await fs8.writeFile(opts.output, toWrite, "utf-8");
       if (!isJson()) {
         console.error(source_default.dim(`Wrote ${format} projection of '${name}' to ${opts.output}`));
       }
@@ -13218,6 +13226,27 @@ var workflowsConfig = {
 // src/commands/agents.ts
 init_errors();
+// src/lib/collections.ts
+init_errors();
+var UUID_RE = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+async function resolveCollectionIdForGrant(ctx, ref) {
+  if (UUID_RE.test(ref)) {
+    return ref;
+  }
+  const all = await ctx.api.get("/api/admin/collections", {
+    params: { active_only: "false" }
+  });
+  const bySlug = all.find((c) => c.slug === ref);
+  if (bySlug)
+    return bySlug.id;
+  const byName = all.find((c) => c.name === ref);
+  if (byName)
+    return byName.id;
+  throw new CLIError(`Collection '${ref}' not found (tried UUID, slug, and name).`, 3 /* NotFound */, "Run `martha documents collections --tree` to see available collections.");
+}
+// src/commands/agents.ts
 function parseSetFlags(items) {
   const result = {};
   for (const item of items) {
@@ -13297,16 +13326,20 @@ var agentsConfig = {
   },
   normalizeBody: normalizeAgentBody,
   extraCreateOptions: (cmd) => {
-    cmd.option("--name <name>", "Agent name").option("--type <type>", "Agent type (cloud or external)", "cloud").option("--model <model>", "LLM model (e.g. anthropic/claude-sonnet-4-6)").option("--provider <provider>", "LLM provider (anthropic, openai)").option("--prompt <text>", "System prompt").option("--description <text>", "Agent description").option("--temperature <n>", "Temperature (0-1)").option("--max-tokens <n>", "Max output tokens").option("--tags <tags>", "Capability domains (comma-separated)").option("--local-tools <tools>", "Local tools (comma-separated)").option("--auth <method>", "Auth method for external agents: service-account or api-key");
+    cmd.option("--name <name>", "Agent name").option("--type <type>", "Agent type (cloud or external)", "cloud").option("--model <model>", "LLM model (e.g. anthropic/claude-sonnet-4-6)").option("--provider <provider>", "LLM provider (anthropic, openai)").option("--system-prompt <text>", "System prompt").option("--prompt <text>", "Deprecated alias for --system-prompt").option("--description <text>", "Agent description").option("--temperature <n>", "Temperature (0-1)").option("--max-tokens <n>", "Max output tokens").option("--tags <tags>", "Capability domains (comma-separated)").option("--local-tools <tools>", "Local tools (comma-separated)").option("--auth <method>", "Auth method for external agents: service-account or api-key");
   },
   buildInlineBody: (opts) => {
     if (!opts.name)
       return null;
+    if (opts.systemPrompt && opts.prompt) {
+      throw new CLIError("Use only one of --system-prompt or --prompt.", 4 /* Validation */, "--prompt is a backwards-compatible alias; prefer --system-prompt.");
+    }
     const body = { name: opts.name };
     if (opts.description)
       body.description = opts.description;
-    if (opts.prompt)
-      body.system_prompt = opts.prompt;
+    const systemPrompt = opts.systemPrompt ?? opts.prompt;
+    if (systemPrompt)
+      body.system_prompt = systemPrompt;
     if (opts.type)
       body.agent_type = opts.type;
     if (opts.model)
@@ -13375,7 +13408,7 @@ var agentsConfig = {
       console.log(`  Updated:     ${agent.updated_at}`);
   },
   extraCommands: (parentCmd, getCtx, isJson) => {
-    parentCmd.command("add-function <agent> <functionName>").description("Add a function to an agent").option("--set <items...>", "Config overrides (key=value)").action(async (agent, functionName, opts) => {
+    parentCmd.command("add-function <agent> <functionName>").description("Add a function to an agent").option("--set <items...>", "Config overrides (key=value)").option("--collection <slug-or-id>", "Scope the grant to one collection (#372 PR2). " + "Server rejects with 400 if the function is collection-agnostic.").action(async (agent, functionName, opts) => {
       const ctx = getCtx();
       const body = {
         function_name: functionName
@@ -13383,25 +13416,36 @@ var agentsConfig = {
       if (opts.set) {
         body.config_overrides = parseSetFlags(opts.set);
       }
+      if (opts.collection) {
+        body.collection_id = await resolveCollectionIdForGrant(ctx, opts.collection);
+      }
       const result = await ctx.api.post(`${API_PATH}/${encodeURIComponent(agent)}/functions`, body);
       if (isJson()) {
         console.log(JSON.stringify(result, null, 2));
         return;
       }
-      console.log(`Added function '${functionName}' to agent '${agent}'`);
+      const scopeLabel = opts.collection ? ` (scope: ${opts.collection})` : "";
+      console.log(`Added function '${functionName}' to agent '${agent}'${scopeLabel}`);
     });
-    parentCmd.command("remove-function <agent> <functionName>").description("Remove a function from an agent").action(async (agent, functionName) => {
+    parentCmd.command("remove-function <agent> <functionName>").description("Remove a function from an agent").option("--collection <slug-or-id>", "Revoke just the given collection scope (#372 PR2). " + "Omit to revoke the root grant (collection_id IS NULL).").action(async (agent, functionName, opts) => {
       const ctx = getCtx();
-      await ctx.api.del(`${API_PATH}/${encodeURIComponent(agent)}/functions/${encodeURIComponent(functionName)}`);
+      let endpoint = `${API_PATH}/${encodeURIComponent(agent)}/functions/${encodeURIComponent(functionName)}`;
+      if (opts.collection) {
+        const collId = await resolveCollectionIdForGrant(ctx, opts.collection);
+        endpoint += `?collection_id=${encodeURIComponent(collId)}`;
+      }
+      await ctx.api.del(endpoint);
       if (isJson()) {
         console.log(JSON.stringify({
           agent,
           function_name: functionName,
+          collection: opts.collection ?? null,
           removed: true
         }));
         return;
       }
-      console.log(`Removed function '${functionName}' from agent '${agent}'`);
+      const scopeLabel = opts.collection ? ` (scope: ${opts.collection})` : "";
+      console.log(`Removed function '${functionName}' from agent '${agent}'${scopeLabel}`);
     });
     parentCmd.command("provision-auth <agent>").description("Provision, switch, or rotate agent auth credentials").requiredOption("--method <method>", "Auth method: service-account or api-key").action(async (agent, opts) => {
       const ctx = getCtx();
@@ -13487,7 +13531,7 @@ Usage:
 };
 // src/commands/documents.ts
-import fs7 from "node:fs";
+import fs8 from "node:fs";
 init_errors();
 var TERMINAL_STATUSES2 = new Set(["ready", "error"]);
 var SPINNER_FRAMES2 = ["⠋", "⠙", "⠹", "⠸", "⠼", "⠴", "⠦", "⠧", "⠇", "⠏"];
@@ -13507,6 +13551,32 @@ function formatBytes(bytes) {
     return `${(bytes / 1024).toFixed(1)} KB`;
   return `${(bytes / (1024 * 1024)).toFixed(1)} MB`;
 }
+function renderCollectionTree(items) {
+  const byParent = new Map;
+  const ids = new Set(items.map((c) => c.id));
+  for (const c of items) {
+    const key = c.parent_collection_id && ids.has(c.parent_collection_id) ? c.parent_collection_id : null;
+    const list = byParent.get(key);
+    if (list)
+      list.push(c);
+    else
+      byParent.set(key, [c]);
+  }
+  const byName = (a, b) => a.name.localeCompare(b.name, undefined, { sensitivity: "base" });
+  for (const list of byParent.values())
+    list.sort(byName);
+  const roots = byParent.get(null) ?? [];
+  function walk(node, prefix, isLast) {
+    const connector = isLast ? "└── " : "├── ";
+    const count = node.document_count ?? 0;
+    const status = node.is_active === false ? source_default.dim(" [inactive]") : "";
+    console.log(`${prefix}${connector}${node.name}${source_default.dim(` (${count})`)}${status}`);
+    const children = byParent.get(node.id) ?? [];
+    const nextPrefix = prefix + (isLast ? "    " : "│   ");
+    children.forEach((child, idx) => walk(child, nextPrefix, idx === children.length - 1));
+  }
+  roots.forEach((root, idx) => walk(root, "", idx === roots.length - 1));
+}
 var STATUS_COLORS2 = {
   ready: source_default.green,
   active: source_default.green,
@@ -13626,7 +13696,25 @@ function registerDocumentCommands(program2) {
   function isJson() {
     return !!program2.opts().json;
   }
-  cmd.command("collections").description("List document collections").option("--inactive", "Include inactive collections").option("--limit <n>", "Max results", "50").action(async (opts) => {
+  async function resolveCollection(ctx, ref) {
+    const looksLikeUuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(ref);
+    if (looksLikeUuid) {
+      try {
+        return await ctx.api.get(`/api/admin/collections/${encodeURIComponent(ref)}`);
+      } catch {}
+    }
+    const all = await ctx.api.get("/api/admin/collections", {
+      params: { active_only: "false" }
+    });
+    const bySlug = all.find((c) => c.slug === ref);
+    if (bySlug)
+      return bySlug;
+    const byName = all.find((c) => c.name === ref);
+    if (byName)
+      return byName;
+    throw new CLIError(`Collection '${ref}' not found (tried UUID, slug, and name).`, 3 /* NotFound */);
+  }
+  cmd.command("collections").description("List document collections").option("--inactive", "Include inactive collections").option("--limit <n>", "Max results", "50").option("--tree", "Render the hierarchy as ASCII (--limit ignored in tree mode)").action(async (opts) => {
     const ctx = getCtx();
     const limitN = parseInt(opts.limit ?? "50", 10);
     if (isNaN(limitN) || limitN < 1) {
@@ -13635,13 +13723,17 @@ function registerDocumentCommands(program2) {
     const params = {};
     if (!opts.inactive)
       params.active_only = "true";
-    const items = await ctx.api.get("/api/admin/collections", {
-      params
-    });
+    const items = await ctx.api.get("/api/admin/collections", { params });
     if (isJson()) {
       console.log(JSON.stringify(items, null, 2));
       return;
     }
+    if (opts.tree) {
+      renderCollectionTree(items);
+      console.log(source_default.dim(`
+${items.length} collections`));
+      return;
+    }
     const columns = [
       { header: "NAME", accessor: (i) => i.name },
       {
@@ -13693,7 +13785,7 @@ ${items.length} collections`));
     if (col.updated_at)
       console.log(`  Updated:   ${col.updated_at}`);
   });
-  cmd.command("create-collection").description("Create a new document collection").requiredOption("--name <name>", "Collection name").option("--description <text>", "Collection description").action(async (opts) => {
+  cmd.command("create-collection").description("Create a new document collection").requiredOption("--name <name>", "Collection name").option("--description <text>", "Collection description").option("--parent <slug-or-id>", "Create as a sub-collection of the given collection (#372 PR1)").action(async (opts) => {
     const ctx = getCtx();
     const tenantId = await ctx.getTenantId();
     const body = {
@@ -13702,16 +13794,45 @@ ${items.length} collections`));
     };
     if (opts.description)
       body.description = opts.description;
+    if (opts.parent) {
+      const parent = await resolveCollection(ctx, opts.parent);
+      body.parent_collection_id = parent.id;
+    }
     const result = await ctx.api.post("/api/admin/collections", body);
     if (isJson()) {
       console.log(JSON.stringify(result, null, 2));
       return;
     }
-    console.log(`Created collection '${result.name}' (${result.id})`);
+    const parentLabel = opts.parent ? ` under '${opts.parent}'` : "";
+    console.log(`Created collection '${result.name}' (${result.id})${parentLabel}`);
+  });
+  cmd.command("move-collection <id>").description("Move a collection to a new parent or to the root (#372 PR1)").option("--parent <slug-or-id>", "New parent collection (mutually exclusive with --root)").option("--root", "Move to the top level (no parent)").action(async (id, opts) => {
+    if (!!opts.parent === !!opts.root) {
+      throw new CLIError("Pass exactly one of --parent <slug-or-id> or --root", 4 /* Validation */);
+    }
+    const ctx = getCtx();
+    const moving = await resolveCollection(ctx, id);
+    let newParentId;
+    if (opts.root) {
+      newParentId = null;
+    } else {
+      const parent = await resolveCollection(ctx, opts.parent);
+      if (parent.id === moving.id) {
+        throw new CLIError("Cannot move a collection into itself.", 4 /* Validation */);
+      }
+      newParentId = parent.id;
+    }
+    const result = await ctx.api.put(`/api/admin/collections/${encodeURIComponent(moving.id)}`, { parent_collection_id: newParentId });
+    if (isJson()) {
+      console.log(JSON.stringify(result, null, 2));
+      return;
+    }
+    const target = newParentId ? `under '${opts.parent}'` : "to root (top-level)";
+    console.log(`Moved collection '${moving.name}' ${target}`);
   });
   cmd.command("upload <collection-id> <file>").description("Upload a document to a collection").option("--wait", "Wait for ingestion to complete").option("--follow", "Follow ingestion progress in real time").action(async (collectionId, filePath, opts) => {
     const ctx = getCtx();
-    if (!fs7.existsSync(filePath)) {
+    if (!fs8.existsSync(filePath)) {
       throw new CLIError(`File not found: ${filePath}`, 4 /* Validation */);
     }
     const result = await ctx.api.upload(`/api/admin/collections/${encodeURIComponent(collectionId)}/documents`, filePath);
@@ -14028,6 +14149,69 @@ ${source_default.bold(`Sources (${result.sources.length} chunks):`)}`);
   });
 }
+// src/commands/document-sync.ts
+init_errors();
+function registerDocumentSyncCommands(program2) {
+  const cmd = program2.command("document-sync").description("Manage durable document sync sources (Google Drive, etc.)");
+  function getCtx() {
+    const ctx = createContext({
+      profileOverride: program2.opts().profile,
+      verbose: program2.opts().verbose
+    });
+    if (program2.opts().apiUrl)
+      ctx.profile.api_url = program2.opts().apiUrl;
+    return ctx;
+  }
+  function isJson() {
+    return !!program2.opts().json;
+  }
+  function printSummary(name, s) {
+    const tag = s.dry_run ? source_default.yellow(" (dry-run)") : "";
+    console.log(source_default.bold(`
+${name}${tag}`));
+    console.log(source_default.dim("-".repeat(40)));
+    console.log(`  Folders walked : ${s.folders_walked}`);
+    console.log(`  Linked         : ${source_default.cyan(String(s.linked))}`);
+    console.log(`  Created        : ${source_default.green(String(s.created))}`);
+    console.log(`  Skipped        : ${source_default.dim(String(s.skipped))}`);
+  }
+  cmd.command("reconcile-tree").description("Walk a Google Drive source's folder tree and mirror it into the " + "collection hierarchy (stamps drive_folder_id, creates sub-collections). " + "Idempotent.").option("--source <id>", "Reconcile a single sync source by id").option("--all", "Reconcile every google_drive source for the tenant").option("--dry-run", "Preview what would change without writing", false).action(async (opts) => {
+    const ctx = getCtx();
+    const dryRun = !!opts.dryRun;
+    if (!opts.source && !opts.all) {
+      throw new CLIError("Specify --source <id> or --all", 4 /* Validation */, "Use `martha document-sync reconcile-tree --source <id>` or `--all`.");
+    }
+    if (opts.source && opts.all) {
+      throw new CLIError("--source and --all are mutually exclusive", 4 /* Validation */);
+    }
+    const params = { dry_run: String(dryRun) };
+    let sources;
+    if (opts.all) {
+      const all = await ctx.api.get("/api/admin/document-sync/sources", { params: { provider: "google_drive" } });
+      sources = all;
+    } else {
+      sources = [
+        { id: opts.source, name: opts.source, provider: "google_drive" }
+      ];
+    }
+    const results = [];
+    for (const src of sources) {
+      const summary = await ctx.api.post(`/api/admin/document-sync/sources/${encodeURIComponent(src.id)}/reconcile-tree`, undefined, { params });
+      results.push(summary);
+      if (!isJson())
+        printSummary(src.name, summary);
+    }
+    if (isJson()) {
+      console.log(JSON.stringify({ dry_run: dryRun, results }, null, 2));
+      return;
+    }
+    if (results.length === 0) {
+      console.log(source_default.dim(`
+No google_drive sources found.`));
+    }
+  });
+}
 // src/commands/approvals.ts
 init_errors();
 var truncate = (s, n) => s.length > n ? s.slice(0, n - 1) + "…" : s;
@@ -15094,8 +15278,8 @@ ${data.length} spec(s)`));
 Resources:
 `));
       for (const r of resources) {
-        const path5 = r.path || `/${r.name}`;
-        console.log(`  ${source_default.cyan(r.label || r.name)}` + source_default.dim(` → ${path5}`));
+        const path6 = r.path || `/${r.name}`;
+        console.log(`  ${source_default.cyan(r.label || r.name)}` + source_default.dim(` → ${path6}`));
       }
     }
     try {
@@ -15115,14 +15299,14 @@ Functions:
     console.log(source_default.dim(`
 Proxy: martha integrations proxy ${name} GET /<path>`));
   });
-  cmd.command("proxy <name> <method> <path>").description("Send a request through the plugin proxy").option("--data <json>", "JSON request body").option("--query <params>", "Query params as key=val&key=val").action(async (name, method, path5, opts) => {
+  cmd.command("proxy <name> <method> <path>").description("Send a request through the plugin proxy").option("--data <json>", "JSON request body").option("--query <params>", "Query params as key=val&key=val").action(async (name, method, path6, opts) => {
     const ctx = getCtx();
     const upperMethod = method.toUpperCase();
     const allowed = new Set(["GET", "POST", "PUT", "PATCH", "DELETE"]);
     if (!allowed.has(upperMethod)) {
       throw new CLIError(`Invalid method: ${method}`, 4 /* Validation */, "Allowed: GET, POST, PUT, PATCH, DELETE");
     }
-    const cleanPath = path5.startsWith("/") ? path5.slice(1) : path5;
+    const cleanPath = path6.startsWith("/") ? path6.slice(1) : path6;
     const proxyUrl = `/api/admin/plugins/${encodeURIComponent(name)}/${cleanPath}`;
     const params = {};
     if (opts.query) {
@@ -15180,6 +15364,194 @@ function renderTable(columns, items, opts) {
   }
 }
+// src/commands/connections.ts
+init_errors();
+function registerConnectionCommands(program2) {
+  const cmd = program2.command("connections").description("Manage Vault-backed integration connections (credentials live in Vault)");
+  function getCtx() {
+    const ctx = createContext({
+      profileOverride: program2.opts().profile,
+      verbose: program2.opts().verbose
+    });
+    if (program2.opts().apiUrl)
+      ctx.profile.api_url = program2.opts().apiUrl;
+    return ctx;
+  }
+  function isJson() {
+    return !!program2.opts().json;
+  }
+  cmd.command("list").description("List connections for the current tenant").option("--integration <name>", "Filter by integration name").option("--scope <scope>", "Filter by scope (tenant|client|system)").action(async (opts) => {
+    const ctx = getCtx();
+    const query = new URLSearchParams;
+    if (opts.integration)
+      query.set("integration_name", opts.integration);
+    if (opts.scope)
+      query.set("scope", opts.scope);
+    const suffix = query.toString() ? `?${query.toString()}` : "";
+    const connections = await ctx.api.get(`/api/admin/connections${suffix}`);
+    if (isJson()) {
+      console.log(JSON.stringify(connections, null, 2));
+      return;
+    }
+    if (connections.length === 0) {
+      console.log(source_default.dim("No connections configured."));
+      return;
+    }
+    console.log(source_default.bold(`
+Connections`));
+    console.log(source_default.dim("-".repeat(60)));
+    for (const c of connections) {
+      const dflt = c.is_default ? source_default.green(" [default]") : "";
+      console.log(`  ${source_default.cyan(c.integration_name.padEnd(18))} ${c.name}${dflt}  ` + `${source_default.dim(c.auth_type)}  (${c.status})  ${source_default.dim(c.id)}`);
+    }
+    console.log();
+  });
+  cmd.command("create").description("Create a connection. For service_account, --credential-value is the SA " + "JSON key (use '@path' to read a file or '-' for stdin) and --config " + `carries non-secret settings, e.g. '{"subject":"u@corp.com","scopes":["https://www.googleapis.com/auth/drive.readonly"]}'. ` + "OAuth2 connections must be created in the admin UI (browser consent).").requiredOption("--integration <name>", "Integration name (e.g. google_drive)").requiredOption("--name <name>", "Connection name (unique per integration)").option("--auth-type <type>", "Auth type: api_key | bearer | basic | service_account", "api_key").option("--credential-value <value>", "Secret material. For service_account: the SA JSON key. " + "Use '-' to read stdin, '@path' to read a file.").option("--config <json>", "Non-secret config JSON object (stored in Postgres, not Vault)").option("--scope <scope>", "Connection scope (tenant|client|system)", "tenant").option("--scope-ref <ref>", "Scope reference (required for client scope)").option("--not-default", "Do not mark as default for this integration").action(async (opts) => {
+    if (opts.authType === "oauth2") {
+      throw new CLIError("OAuth2 connections cannot be created from the CLI — they require " + "an interactive browser consent flow.", 4 /* Validation */, "Create OAuth2 connections in the admin UI under Integrations → Connections.");
+    }
+    const credentialValue = await resolveCredentialValue(opts.credentialValue);
+    if (!credentialValue) {
+      throw new CLIError("--credential-value is required (use '-' for stdin or '@path' for a file).", 4 /* Validation */);
+    }
+    if (opts.authType === "service_account") {
+      validateServiceAccountKey(credentialValue);
+    }
+    let config;
+    if (opts.config) {
+      let parsed;
+      try {
+        parsed = JSON.parse(opts.config);
+      } catch {
+        throw new CLIError("--config must be valid JSON.", 4 /* Validation */);
+      }
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new CLIError("--config must be a JSON object.", 4 /* Validation */);
+      }
+      config = parsed;
+    }
+    if (opts.scope === "client" && !opts.scopeRef) {
+      throw new CLIError("--scope-ref is required when --scope is 'client'.", 4 /* Validation */);
+    }
+    const ctx = getCtx();
+    const resp = await ctx.api.post("/api/admin/connections", {
+      integration_name: opts.integration,
+      name: opts.name,
+      auth_type: opts.authType,
+      credential_value: credentialValue,
+      config,
+      scope: opts.scope,
+      scope_ref: opts.scope === "client" ? opts.scopeRef : undefined,
+      is_default: !opts.notDefault
+    });
+    if (isJson()) {
+      console.log(JSON.stringify(resp, null, 2));
+      return;
+    }
+    console.log(source_default.green(`Created ${opts.integration} connection '${opts.name}' ` + `(id=${resp.id}, auth=${resp.auth_type}, status=${resp.status})`));
+  });
+  cmd.command("update <connection_id>").description("Update a connection — rotate the credential, rename, or change config/default. " + "For a service_account, --credential-value is the NEW SA JSON key; rotation " + "drops the cached SA token so the new key takes effect immediately.").option("--credential-value <value>", "New secret material. '@path' reads a file, '-' reads stdin.").option("--config <json>", "Replace the non-secret config JSON object.").option("--name <name>", "Rename the connection.").option("--default", "Mark as the default connection for this integration.").option("--not-default", "Unmark as default.").action(async (connectionId, opts) => {
+    const body = {};
+    if (opts.name)
+      body.name = opts.name;
+    if (opts.default)
+      body.is_default = true;
+    if (opts.notDefault)
+      body.is_default = false;
+    if (opts.config) {
+      let parsed;
+      try {
+        parsed = JSON.parse(opts.config);
+      } catch {
+        throw new CLIError("--config must be valid JSON.", 4 /* Validation */);
+      }
+      if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+        throw new CLIError("--config must be a JSON object.", 4 /* Validation */);
+      }
+      body.config = parsed;
+    }
+    const credentialValue = await resolveCredentialValue(opts.credentialValue);
+    if (credentialValue)
+      body.credential_value = credentialValue;
+    if (Object.keys(body).length === 0) {
+      throw new CLIError("Nothing to update — pass --credential-value, --config, --name, or --default/--not-default.", 4 /* Validation */);
+    }
+    const ctx = getCtx();
+    const resp = await ctx.api.put(`/api/admin/connections/${connectionId}`, body);
+    if (isJson()) {
+      console.log(JSON.stringify(resp, null, 2));
+      return;
+    }
+    const rotated = body.credential_value ? " (credential rotated)" : "";
+    console.log(source_default.green(`Updated connection ${resp.id}${rotated}`));
+  });
+  cmd.command("test <connection_id>").description("Test a connection's credentials against the integration").action(async (connectionId) => {
+    const ctx = getCtx();
+    const result = await ctx.api.post(`/api/admin/connections/${connectionId}/test`, {});
+    if (isJson()) {
+      console.log(JSON.stringify(result, null, 2));
+      return;
+    }
+    if (result.ok) {
+      console.log(source_default.green("OK: connection test passed"));
+    } else {
+      console.log(source_default.red(`FAILED: ${result.error ?? "unknown error"}`));
+      process.exitCode = 1;
+    }
+  });
+  cmd.command("delete <connection_id>").description("Delete a connection (and its Vault credential). Requires --yes; " + "interactive prompts are intentionally NOT supported (CI would hang).").option("--yes", "Confirm deletion. Required.").action(async (connectionId, opts) => {
+    if (!opts.yes) {
+      throw new CLIError(`Pass --yes to confirm deletion of connection ${connectionId}.`, 4 /* Validation */, `Example: martha connections delete ${connectionId} --yes`);
+    }
+    const ctx = getCtx();
+    await ctx.api.del(`/api/admin/connections/${connectionId}`);
+    if (isJson()) {
+      console.log(JSON.stringify({ deleted: connectionId }, null, 2));
+      return;
+    }
+    console.log(source_default.green(`Deleted connection ${connectionId}`));
+  });
+}
+async function resolveCredentialValue(value) {
+  if (!value)
+    return;
+  if (value === "-")
+    return readStdin();
+  if (value.startsWith("@")) {
+    const fs9 = await import("node:fs/promises");
+    return (await fs9.readFile(value.slice(1), "utf-8")).trim();
+  }
+  return value;
+}
+function validateServiceAccountKey(raw) {
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch {
+    throw new CLIError("service_account --credential-value must be valid JSON (the SA key file).", 4 /* Validation */);
+  }
+  if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
+    throw new CLIError("service_account key must be a JSON object.", 4 /* Validation */);
+  }
+  const key = parsed;
+  if (key.type !== "service_account") {
+    throw new CLIError('This is not a service account key (expected "type": "service_account").', 4 /* Validation */, "Download the key from GCP → IAM → Service Accounts → Keys → JSON.");
+  }
+  if (typeof key.client_email !== "string" || !key.client_email.trim()) {
+    throw new CLIError("service_account key is missing client_email.", 4 /* Validation */);
+  }
+}
+async function readStdin() {
+  if (process.stdin.isTTY) {
+    throw new CLIError("--credential-value '-' requires piped stdin, but stdin is a terminal.", 4 /* Validation */, "Pipe the key in: `cat sa.json | martha connections create ... --credential-value -`, or use '@path' to read from a file.");
+  }
+  let out = "";
+  process.stdin.setEncoding("utf-8");
+  for await (const chunk of process.stdin)
+    out += chunk;
+  return out.trim();
+}
 // src/commands/notifications.ts
 var CHANNEL_IDS = new Set(["resend", "slack_webhook", "webhook"]);
 function registerNotificationCommands(program2) {
@@ -15260,10 +15632,10 @@ Notification connections`));
     }
     let credentialValue = opts.credentialValue;
     if (credentialValue === "-") {
-      credentialValue = await readStdin();
+      credentialValue = await readStdin2();
     } else if (credentialValue?.startsWith("@")) {
-      const fs8 = await import("node:fs/promises");
-      credentialValue = await fs8.readFile(credentialValue.slice(1), "utf-8");
+      const fs9 = await import("node:fs/promises");
+      credentialValue = await fs9.readFile(credentialValue.slice(1), "utf-8");
     }
     if (!credentialValue) {
       throw new Error("--credential-value is required (use '-' for stdin or '@path' for file).");
@@ -15300,7 +15672,7 @@ Notification connections`));
     console.log(source_default.green(`Deleted connection ${connectionId}`));
   });
 }
-async function readStdin() {
+async function readStdin2() {
   if (process.stdin.isTTY) {
     throw new Error("--credential-value '-' requires piped stdin, but stdin is a terminal. " + 'Either pipe JSON in: `echo \'{"...": "..."}\' | martha ...`, ' + "or use '@path' to read from a file.");
   }
@@ -15313,11 +15685,11 @@ async function readStdin() {
 // src/commands/messaging.ts
 init_errors();
-async function messagingFetch(baseUrl, path5, opts) {
-  if (/^(https?:)?\/\//i.test(path5)) {
+async function messagingFetch(baseUrl, path6, opts) {
+  if (/^(https?:)?\/\//i.test(path6)) {
     throw new CLIError("Absolute URL paths are not allowed", 1 /* Error */);
   }
-  const url = new URL(path5, baseUrl);
+  const url = new URL(path6, baseUrl);
   const headers = {
     "Content-Type": "application/json"
   };
@@ -16137,7 +16509,7 @@ ${clients.length} client(s)`));
     }
     console.log(`Deleted client '${nameOrId}'`);
   });
-  cmd.command("grant <clientNameOrId> <type> <defName>").description("Grant a client access to a function, workflow, or agent").option("--config <items...>", "Config overrides (key=value, functions/agents only)").action(async (clientNameOrId, type, defName, opts) => {
+  cmd.command("grant <clientNameOrId> <type> <defName>").description("Grant a client access to a function, workflow, or agent").option("--config <items...>", "Config overrides (key=value, functions/agents only)").option("--collection <slug-or-id>", "Scope the grant to one collection (function grants only; #372 PR2)").action(async (clientNameOrId, type, defName, opts) => {
     if (!VALID_TYPES.has(type)) {
       throw new CLIError(`Invalid type: '${type}'. Must be function, workflow, or agent.`, 4 /* Validation */);
     }
@@ -16165,20 +16537,30 @@ ${clients.length} client(s)`));
       }
       body.config_overrides = parseSetFlags(opts.config);
     }
+    if (opts.collection) {
+      if (accessType !== "function") {
+        throw new CLIError("--collection only applies to function grants (#372 PR2).", 4 /* Validation */);
+      }
+      body.collection_id = await resolveCollectionIdForGrant(ctx, opts.collection);
+    }
     const result = await ctx.api.post(endpoint, body);
     if (isJson()) {
       console.log(JSON.stringify(result, null, 2));
       return;
     }
-    console.log(`Granted ${accessType} '${defName}' to client '${clientNameOrId}'`);
+    const scopeLabel = opts.collection ? ` (scope: ${opts.collection})` : "";
+    console.log(`Granted ${accessType} '${defName}' to client '${clientNameOrId}'${scopeLabel}`);
   });
-  cmd.command("revoke <clientNameOrId> <type> <defName>").description("Revoke a client's access to a function, workflow, or agent").action(async (clientNameOrId, type, defName) => {
+  cmd.command("revoke <clientNameOrId> <type> <defName>").description("Revoke a client's access to a function, workflow, or agent").option("--collection <slug-or-id>", "Revoke just the given collection scope (function grants only; #372 PR2). " + "Omit to revoke the root grant (collection_id IS NULL).").action(async (clientNameOrId, type, defName, opts) => {
     if (!VALID_TYPES.has(type)) {
       throw new CLIError(`Invalid type: '${type}'. Must be function, workflow, or agent.`, 4 /* Validation */);
     }
     const accessType = type;
     const ctx = getCtx();
     const clientId = await resolveClientId(ctx, clientNameOrId);
+    if (opts.collection && accessType !== "function") {
+      throw new CLIError("--collection only applies to function grants (#372 PR2).", 4 /* Validation */);
+    }
     let endpoint;
     if (accessType === "agent") {
       endpoint = `${DEFS_API}/clients/${clientId}/agents/${encodeURIComponent(defName)}`;
@@ -16186,6 +16568,10 @@ ${clients.length} client(s)`));
       const defId = await resolveDefinitionId(ctx, accessType, defName);
       const typePlural = `${accessType}s`;
       endpoint = `${DEFS_API}/clients/${clientId}/${typePlural}/${encodeURIComponent(defId)}`;
+      if (opts.collection) {
+        const collId = await resolveCollectionIdForGrant(ctx, opts.collection);
+        endpoint += `?collection_id=${encodeURIComponent(collId)}`;
+      }
     }
     await ctx.api.del(endpoint);
     if (isJson()) {
@@ -16193,11 +16579,13 @@ ${clients.length} client(s)`));
         client: clientNameOrId,
         type: accessType,
         name: defName,
+        collection: opts.collection ?? null,
         revoked: true
       }));
       return;
     }
-    console.log(`Revoked ${accessType} '${defName}' from client '${clientNameOrId}'`);
+    const scopeLabel = opts.collection ? ` (scope: ${opts.collection})` : "";
+    console.log(`Revoked ${accessType} '${defName}' from client '${clientNameOrId}'${scopeLabel}`);
   });
   const embed = cmd.command("embed").description("Create, configure, and test embeddable chat clients");
   function addEmbedConfigOptions(command) {
@@ -16591,7 +16979,7 @@ ${models.length} models`));
 }
 // src/commands/wiki.ts
-import fs8 from "node:fs";
+import fs9 from "node:fs";
 init_errors();
 function registerWikiCommands(program2) {
   const cmd = program2.command("wiki").description("Manage tenant wiki pages, settings, schema, recompile (#245 D5.4)");
@@ -16638,14 +17026,14 @@ function registerWikiCommands(program2) {
     console.log(source_default.dim(`
 ${pages.length} pages`));
   });
-  cmd.command("get <path>").description("Fetch the raw markdown body of a wiki page").option("--out <file>", "Write body to file instead of stdout").action(async (path5, opts) => {
+  cmd.command("get <path>").description("Fetch the raw markdown body of a wiki page").option("--out <file>", "Write body to file instead of stdout").action(async (path6, opts) => {
     const ctx = getCtx();
-    const safe = path5.split("/").map(encodeURIComponent).join("/");
+    const safe = path6.split("/").map(encodeURIComponent).join("/");
     const resp = await ctx.api.getRaw(`/api/wiki/pages/${safe}`, {
       headers: { Accept: "text/markdown,*/*" }
     });
     if (resp.status === 404) {
-      throw new CLIError(`page not found: ${path5}`, 3 /* NotFound */);
+      throw new CLIError(`page not found: ${path6}`, 3 /* NotFound */);
     }
     if (!resp.ok) {
       const detail = await resp.text();
@@ -16653,16 +17041,16 @@ ${pages.length} pages`));
     }
     const body = await resp.text();
     if (opts.out) {
-      fs8.writeFileSync(opts.out, body);
+      fs9.writeFileSync(opts.out, body);
       if (!isJson()) {
         console.log(source_default.dim(`wrote ${body.length} bytes to ${opts.out}`));
       } else {
-        console.log(JSON.stringify({ path: path5, bytes: body.length, file: opts.out }));
+        console.log(JSON.stringify({ path: path6, bytes: body.length, file: opts.out }));
       }
       return;
     }
     if (isJson()) {
-      console.log(JSON.stringify({ path: path5, body, etag: resp.headers.get("ETag") }));
+      console.log(JSON.stringify({ path: path6, body, etag: resp.headers.get("ETag") }));
     } else {
       process.stdout.write(body);
     }
@@ -16757,10 +17145,10 @@ ${pages.length} pages`));
     }
     if (opts.compilePromptOverrideFile) {
       const file = String(opts.compilePromptOverrideFile);
-      if (!fs8.existsSync(file)) {
+      if (!fs9.existsSync(file)) {
         throw new CLIError(`override file not found: ${file}`, 3 /* NotFound */);
       }
-      const content = fs8.readFileSync(file, "utf8");
+      const content = fs9.readFileSync(file, "utf8");
       const bytes = Buffer.byteLength(content, "utf8");
       if (bytes > 16 * 1024) {
         throw new CLIError(`compile prompt override exceeds 16 KB (${bytes} bytes)`, 4 /* Validation */);
@@ -16784,7 +17172,7 @@ ${pages.length} pages`));
     const ctx = getCtx();
     const resp = await ctx.api.get("/api/wiki/schema");
     if (opts.out) {
-      fs8.writeFileSync(opts.out, resp.body);
+      fs9.writeFileSync(opts.out, resp.body);
       if (!isJson()) {
         console.log(source_default.dim(`wrote ${resp.body.length} bytes to ${opts.out}`));
       } else {
@@ -16800,10 +17188,10 @@ ${pages.length} pages`));
   });
   schemaCmd.command("set").description("Replace the tenant wiki schema with the contents of <file>").requiredOption("--file <file>", "Path to schema markdown file").action(async (opts) => {
     const ctx = getCtx();
-    if (!fs8.existsSync(opts.file)) {
+    if (!fs9.existsSync(opts.file)) {
       throw new CLIError(`schema file not found: ${opts.file}`, 3 /* NotFound */);
     }
-    const body = fs8.readFileSync(opts.file, "utf8");
+    const body = fs9.readFileSync(opts.file, "utf8");
     const bytes = Buffer.byteLength(body, "utf8");
     if (bytes > 64 * 1024) {
       throw new CLIError(`schema body exceeds 64 KB (${bytes} bytes)`, 4 /* Validation */);
@@ -16841,7 +17229,7 @@ var PRESETS = {
   cloud: {
     name: "cloud",
     api_url: "https://martha.nomadriver.co",
-    keycloak_url: "https://auth.nomadriver.co",
+    keycloak_url: "https://keycloak.frank.nomadriver.co",
     keycloak_realm: "frank"
   },
   local: {
@@ -16856,7 +17244,7 @@ async function prompt2(rl, question, fallback) {
   return answer.trim() || fallback;
 }
 async function initCommand(opts) {
-  const presetKey = opts.preset ?? "cloud";
+  const presetKey = opts.preset ?? "local";
   const preset = PRESETS[presetKey];
   if (!preset) {
     throw new CLIError(`Unknown preset: ${presetKey}. Choose one of: ${Object.keys(PRESETS).join(", ")}.`, 4 /* Validation */);
@@ -16867,7 +17255,7 @@ async function initCommand(opts) {
     throw new CLIError(`Profile ${source_default.cyan(profileName)} already exists. Re-run with --force to overwrite, or pass --profile <name> to add a new one.`, 5 /* Conflict */);
   }
   const interactive = !opts.noInteractive && process.stdin.isTTY && !opts.apiUrl && !opts.keycloakUrl && !opts.keycloakRealm;
-  let profile = {
+  const profile = {
     api_url: opts.apiUrl ?? preset.api_url,
     keycloak_url: opts.keycloakUrl ?? preset.keycloak_url,
     keycloak_realm: opts.keycloakRealm ?? preset.keycloak_realm,
@@ -16899,6 +17287,7 @@ Martha CLI — first-run setup
   console.log();
   console.log(source_default.green(`Profile saved.
 `));
+  console.log(`  Preset:      ${source_default.cyan(preset.name)}`);
   console.log(`  Profile:     ${source_default.cyan(profileName)}`);
   console.log(`  API URL:     ${profile.api_url}`);
   console.log(`  Keycloak:    ${profile.keycloak_url}`);
@@ -16910,7 +17299,7 @@ Martha CLI — first-run setup
   console.log(source_default.dim("    martha doctor                        # verify setup"));
 }
 function registerInitCommand(program2) {
-  program2.command("init").description("Create or update a profile in ~/.martha/config.yaml").option("--preset <name>", "Preset: cloud or local", "cloud").option("--name <name>", "Profile name (defaults to preset name)").option("--force", "Overwrite an existing profile").option("--api-url <url>", "Override the API URL").option("--keycloak-url <url>", "Override the Keycloak URL").option("--keycloak-realm <realm>", "Override the Keycloak realm").option("--no-interactive", "Skip prompts; use defaults / overrides only").action(async (opts) => {
+  program2.command("init").description("Create or update a profile in ~/.martha/config.yaml").option("--preset <name>", "Preset: local or cloud", "local").option("--name <name>", "Profile name (defaults to preset name)").option("--force", "Overwrite an existing profile").option("--api-url <url>", "Override the API URL").option("--keycloak-url <url>", "Override the Keycloak URL").option("--keycloak-realm <realm>", "Override the Keycloak realm").option("--no-interactive", "Skip prompts; use defaults / overrides only").action(async (opts) => {
     await initCommand(opts);
   });
 }
@@ -17158,19 +17547,19 @@ function registerDoctorCommand(program2) {
 // src/commands/skill.ts
 init_errors();
-import fs9 from "node:fs";
-import path5 from "node:path";
-import { fileURLToPath } from "node:url";
+import fs10 from "node:fs";
+import path6 from "node:path";
+import { fileURLToPath as fileURLToPath2 } from "node:url";
 function locateSkill() {
-  const here = path5.dirname(fileURLToPath(import.meta.url));
+  const here = path6.dirname(fileURLToPath2(import.meta.url));
   const candidates = [
-    path5.join(here, "skills", "martha-cli", "SKILL.md"),
-    path5.join(here, "..", "skills", "martha-cli", "SKILL.md"),
-    path5.join(here, "..", "..", "..", "skills", "martha-cli", "SKILL.md"),
-    path5.join(here, "..", "..", "skills", "martha-cli", "SKILL.md")
+    path6.join(here, "skills", "martha-cli", "SKILL.md"),
+    path6.join(here, "..", "skills", "martha-cli", "SKILL.md"),
+    path6.join(here, "..", "..", "..", "skills", "martha-cli", "SKILL.md"),
+    path6.join(here, "..", "..", "skills", "martha-cli", "SKILL.md")
   ];
   for (const p of candidates) {
-    if (fs9.existsSync(p))
+    if (fs10.existsSync(p))
       return p;
   }
   return null;
@@ -17180,7 +17569,7 @@ async function skillCommand() {
   if (!skillPath) {
     throw new CLIError("SKILL.md not found in the installed package. Reinstall via `npm i -g @aiaiai-pt/martha-cli` or `npx -y @aiaiai-pt/martha-cli@latest skill`.", 1 /* Error */);
   }
-  const body = fs9.readFileSync(skillPath, "utf-8");
+  const body = fs10.readFileSync(skillPath, "utf-8");
   process.stdout.write(body);
 }
 function registerSkillCommand(program2) {
@@ -17239,11 +17628,13 @@ registerDefinitionCommands(program2, agentsConfig);
 registerDefinitionsApply(program2);
 registerDefinitionsExport(program2);
 registerDocumentCommands(program2);
+registerDocumentSyncCommands(program2);
 registerWikiCommands(program2);
 registerApprovalCommands(program2);
 registerTaskCommands(program2);
 registerTeamCommands(program2);
 registerIntegrationCommands(program2);
+registerConnectionCommands(program2);
 registerNotificationCommands(program2);
 registerMessagingCommands(program2);
 registerClientCommands(program2);