@ait-co/console-cli 0.1.27 → 0.1.29

package/dist/cli.mjs

@@ -8,7 +8,8 @@ import { unzipSync } from "fflate";
 import { checkbox, confirm, editor, input, password, select } from "@inquirer/prompts";
 import { imageSize } from "image-size";
 import { execFile, spawn } from "node:child_process";
-import { constants, createReadStream } from "node:fs";
+import { constants, createReadStream, existsSync } from "node:fs";
+import { createInterface } from "node:readline/promises";
 import { promisify } from "node:util";
 import { createHash } from "node:crypto";
 //#region src/api/http.ts
@@ -2448,7 +2449,7 @@ function optionalPathArray(input, key, configDir) {
 	});
 }
 const EMAIL_REGEX = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/;
-function isValidEmail(v) {
+function isValidEmail$1(v) {
 	return EMAIL_REGEX.test(v.toLowerCase());
 }
 const TITLE_KO_REGEX = /^[가-힣A-Za-z0-9 :·?]+$/;
@@ -2510,7 +2511,7 @@ function validateManifest(raw, configDir) {
 	}
 	const appName = requireString(raw, "appName");
 	const csEmail = requireString(raw, "csEmail");
-	if (!isValidEmail(csEmail)) throw new ManifestError("invalid-config", `csEmail is not a valid email address (got ${csEmail})`, "csEmail");
+	if (!isValidEmail$1(csEmail)) throw new ManifestError("invalid-config", `csEmail is not a valid email address (got ${csEmail})`, "csEmail");
 	const subtitle = requireString(raw, "subtitle");
 	if (subtitle.length > MANIFEST_LIMITS.subtitleMaxChars) throw new ManifestError("invalid-config", `subtitle must be ${MANIFEST_LIMITS.subtitleMaxChars} characters or fewer (got ${subtitle.length})`, "subtitle");
 	const description = requireString(raw, "description");
@@ -2792,7 +2793,7 @@ function validateAppName(raw) {
 	return true;
 }
 function validateEmail(raw) {
-	if (!isValidEmail(raw)) return "not a valid email address";
+	if (!isValidEmail$1(raw)) return "not a valid email address";
 	return true;
 }
 function validateSubtitle(raw) {
@@ -3601,7 +3602,7 @@ function serviceStatusFor(entry) {
 }
 const POLL_MIN_INTERVAL_SEC = 30;
 const POLL_MAX_INTERVAL_SEC = 3600;
-const statusCommand$1 = defineCommand({
+const statusCommand$2 = defineCommand({
 	meta: {
 		name: "status",
 		description: "Show the derived review state of a mini-app (under-review / rejected / approved)."
@@ -5702,7 +5703,7 @@ const appCommand = defineCommand({
 		}),
 		ls: lsCommand$4,
 		show: showCommand$2,
-		status: statusCommand$1,
+		status: statusCommand$2,
 		ratings: ratingsCommand,
 		reports: reportsCommand,
 		bundles: bundlesCommand,
@@ -8695,6 +8696,46 @@ async function fetchWorkspaceMembers(workspaceId, cookies, opts = {}) {
 	if (!Array.isArray(raw)) throw new Error(`Unexpected members shape for workspace=${workspaceId}: not an array`);
 	return raw.map((entry, index) => normalizeMember(entry, workspaceId, index));
 }
+/**
+* Invite a user by email to the workspace.
+*
+* Maps to `POST /workspaces/:wid/invites/send/by-email`. Payload shape is
+* inferred from static bundle analysis (PR #118); `role` is optional —
+* omit to use the server default.
+*
+* ⚠️ Inferred endpoint: method/path confirmed, payload/response/errorCodes
+* not live-captured. See docs/api/members.md "Invite 관련 endpoint".
+*/
+async function inviteMember(workspaceId, email, role, cookies, opts = {}) {
+	const url = `${BASE$1}/workspaces/${workspaceId}/invites/send/by-email`;
+	const body = { email };
+	if (role !== void 0) body.role = role;
+	return { raw: await requestConsoleApi({
+		method: "POST",
+		url,
+		cookies,
+		body,
+		...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+	}) };
+}
+/**
+* Remove a member from the workspace by their `bizUserNo`.
+*
+* Maps to `DELETE /workspaces/:wid/members/:memberBizUserNo`. The path
+* param name `memberBizUserNo` is confirmed from bundle analysis (PR #118).
+* Response body shape is uncaptured; we treat any SUCCESS as success.
+*
+* ⚠️ Inferred endpoint: method/path confirmed, response/errorCodes not
+* live-captured. See docs/api/members.md "DELETE …/members/<memberBizUserNo>".
+*/
+async function removeMember(workspaceId, memberBizUserNo, cookies, opts = {}) {
+	await requestConsoleApi({
+		method: "DELETE",
+		url: `${BASE$1}/workspaces/${workspaceId}/members/${memberBizUserNo}`,
+		cookies,
+		...opts.fetchImpl ? { fetchImpl: opts.fetchImpl } : {}
+	});
+}
 function normalizeMember(raw, workspaceId, index) {
 	if (raw === null || typeof raw !== "object") throw new Error(`Unexpected member entry at index ${index} for workspace=${workspaceId}: not an object`);
 	const rec = raw;
@@ -8719,60 +8760,185 @@ function normalizeMember(raw, workspaceId, index) {
 		isAdult: Boolean(rec.isAdult)
 	};
 }
+//#endregion
+//#region src/commands/members.ts
+const lsCommand$2 = defineCommand({
+	meta: {
+		name: "ls",
+		description: "List members of the selected workspace."
+	},
+	args: {
+		workspace: {
+			type: "string",
+			description: "Workspace ID. Defaults to the selected workspace (`aitcc workspace use`)."
+		},
+		json: {
+			type: "boolean",
+			description: "Emit machine-readable JSON to stdout.",
+			default: false
+		}
+	},
+	async run({ args }) {
+		const ctx = await resolveWorkspaceContext(args);
+		if (!ctx) return;
+		const { session, workspaceId } = ctx;
+		printContextHeader(ctx, { json: args.json });
+		try {
+			const members = await fetchWorkspaceMembers(workspaceId, session.cookies);
+			if (args.json) {
+				emitJson({
+					ok: true,
+					workspaceId,
+					members: members.map((m) => ({
+						bizUserNo: m.bizUserNo,
+						name: m.name,
+						email: m.email,
+						status: m.status,
+						role: m.role,
+						isOwnerDelegationRequested: m.isOwnerDelegationRequested
+					}))
+				});
+				return exitAfterFlush(ExitCode.Ok);
+			}
+			if (members.length === 0) {
+				process.stdout.write(`No members in workspace ${workspaceId}.\n`);
+				return exitAfterFlush(ExitCode.Ok);
+			}
+			for (const m of members) process.stdout.write(`${m.bizUserNo}\t${m.name}\t${m.email}\t${m.role}\t${m.status}\n`);
+			return exitAfterFlush(ExitCode.Ok);
+		} catch (err) {
+			return emitFailureFromError(args.json, err);
+		}
+	}
+});
+function isValidEmail(email) {
+	const at = email.indexOf("@");
+	if (at <= 0) return false;
+	const domain = email.slice(at + 1);
+	return domain.length > 0 && domain.includes(".");
+}
 const membersCommand = defineCommand({
 	meta: {
 		name: "members",
-		description: "Inspect workspace members."
+		description: "Inspect and manage workspace members."
 	},
-	subCommands: { ls: defineCommand({
-		meta: {
-			name: "ls",
-			description: "List members of the selected workspace."
-		},
-		args: {
-			workspace: {
-				type: "string",
-				description: "Workspace ID. Defaults to the selected workspace (`aitcc workspace use`)."
+	subCommands: {
+		ls: lsCommand$2,
+		invite: defineCommand({
+			meta: {
+				name: "invite",
+				description: "Invite a user to the workspace by email."
 			},
-			json: {
-				type: "boolean",
-				description: "Emit machine-readable JSON to stdout.",
-				default: false
-			}
-		},
-		async run({ args }) {
-			const ctx = await resolveWorkspaceContext(args);
-			if (!ctx) return;
-			const { session, workspaceId } = ctx;
-			printContextHeader(ctx, { json: args.json });
-			try {
-				const members = await fetchWorkspaceMembers(workspaceId, session.cookies);
-				if (args.json) {
-					emitJson({
-						ok: true,
-						workspaceId,
-						members: members.map((m) => ({
-							bizUserNo: m.bizUserNo,
-							name: m.name,
-							email: m.email,
-							status: m.status,
-							role: m.role,
-							isOwnerDelegationRequested: m.isOwnerDelegationRequested
-						}))
+			args: {
+				email: {
+					type: "positional",
+					required: true,
+					description: "Email address of the user to invite."
+				},
+				role: {
+					type: "string",
+					description: "Role to assign (default: server default). Example: MEMBER."
+				},
+				workspace: {
+					type: "string",
+					description: "Workspace ID. Defaults to the selected workspace (`aitcc workspace use`)."
+				},
+				json: {
+					type: "boolean",
+					description: "Emit machine-readable JSON to stdout.",
+					default: false
+				}
+			},
+			async run({ args }) {
+				const ctx = await resolveWorkspaceContext(args);
+				if (!ctx) return;
+				const { session, workspaceId } = ctx;
+				printContextHeader(ctx, { json: args.json });
+				const email = String(args.email).trim();
+				if (!isValidEmail(email)) {
+					const message = `<email> must be a valid email address (got ${JSON.stringify(email)})`;
+					if (args.json) emitJson({
+						ok: false,
+						reason: "invalid-email",
+						message
 					});
+					else process.stderr.write(`${message}\n`);
+					return exitAfterFlush(ExitCode.Usage);
+				}
+				const role = args.role ? String(args.role).trim() : void 0;
+				try {
+					await inviteMember(workspaceId, email, role, session.cookies);
+					if (args.json) {
+						emitJson({
+							ok: true,
+							workspaceId,
+							email
+						});
+						return exitAfterFlush(ExitCode.Ok);
+					}
+					process.stdout.write(`Invited ${email} to workspace ${workspaceId}.\n`);
 					return exitAfterFlush(ExitCode.Ok);
+				} catch (err) {
+					return emitFailureFromError(args.json, err);
+				}
+			}
+		}),
+		remove: defineCommand({
+			meta: {
+				name: "remove",
+				description: "Remove a member from the workspace by their bizUserNo."
+			},
+			args: {
+				bizUserNo: {
+					type: "positional",
+					required: true,
+					description: "bizUserNo of the member to remove (from `aitcc members ls`)."
+				},
+				workspace: {
+					type: "string",
+					description: "Workspace ID. Defaults to the selected workspace (`aitcc workspace use`)."
+				},
+				json: {
+					type: "boolean",
+					description: "Emit machine-readable JSON to stdout.",
+					default: false
 				}
-				if (members.length === 0) {
-					process.stdout.write(`No members in workspace ${workspaceId}.\n`);
+			},
+			async run({ args }) {
+				const ctx = await resolveWorkspaceContext(args);
+				if (!ctx) return;
+				const { session, workspaceId } = ctx;
+				printContextHeader(ctx, { json: args.json });
+				const rawId = String(args.bizUserNo);
+				const parsed = parsePositiveInt$1(rawId);
+				if (parsed === null) {
+					const message = `<bizUserNo> must be a positive integer (got ${JSON.stringify(rawId)})`;
+					if (args.json) emitJson({
+						ok: false,
+						reason: "invalid-id",
+						message
+					});
+					else process.stderr.write(`${message}\n`);
+					return exitAfterFlush(ExitCode.Usage);
+				}
+				try {
+					await removeMember(workspaceId, parsed, session.cookies);
+					if (args.json) {
+						emitJson({
+							ok: true,
+							workspaceId,
+							bizUserNo: parsed
+						});
+						return exitAfterFlush(ExitCode.Ok);
+					}
+					process.stdout.write(`Removed member ${parsed} from workspace ${workspaceId}.\n`);
 					return exitAfterFlush(ExitCode.Ok);
+				} catch (err) {
+					return emitFailureFromError(args.json, err);
 				}
-				for (const m of members) process.stdout.write(`${m.bizUserNo}\t${m.name}\t${m.email}\t${m.role}\t${m.status}\n`);
-				return exitAfterFlush(ExitCode.Ok);
-			} catch (err) {
-				return emitFailureFromError(args.json, err);
 			}
-		}
-	}) }
+		})
+	}
 });
 const BASE = "https://api-public.toss.im/api-public/v3/ipd-thor/api/v1";
 async function fetchNotices(params, cookies, opts = {}) {
@@ -9026,6 +9192,393 @@ const noticesCommand = defineCommand({
 	}
 });
 //#endregion
+//#region src/version.ts
+function resolveVersion() {
+	try {
+		const injected = globalThis.AITCC_VERSION;
+		if (typeof injected === "string" && injected.length > 0) return injected;
+	} catch {}
+	try {
+		return "0.1.29";
+	} catch {}
+	return "0.0.0-dev";
+}
+const VERSION = resolveVersion();
+//#endregion
+//#region src/telemetry/state.ts
+/**
+* Telemetry consent state + anon_id I/O for console-cli.
+*
+* Storage: ~/.config/aitcc/telemetry.json  (0600, XDG-aware via configDir())
+* Consistent with devtools' localStorage schema names where applicable.
+*/
+/** Current policy version. Bump whenever the privacy policy changes. */
+const CURRENT_POLICY_VERSION = "2026-05-12";
+function telemetryFilePath() {
+	return join(configDir(), "telemetry.json");
+}
+async function readStateFile() {
+	let raw;
+	try {
+		raw = await readFile(telemetryFilePath(), "utf8");
+	} catch {
+		return null;
+	}
+	let parsed;
+	try {
+		parsed = JSON.parse(raw);
+	} catch {
+		return null;
+	}
+	if (!parsed || typeof parsed !== "object") return null;
+	const obj = parsed;
+	if (obj.schemaVersion !== 1) return null;
+	if (obj.consent !== "granted" && obj.consent !== "denied" && obj.consent !== "undecided") return null;
+	if (typeof obj.policyVersion !== "string") return null;
+	return {
+		schemaVersion: 1,
+		consent: obj.consent,
+		policyVersion: obj.policyVersion,
+		...typeof obj.anonId === "string" ? { anonId: obj.anonId } : {}
+	};
+}
+async function writeStateFile(state) {
+	const path = telemetryFilePath();
+	await mkdir(dirname(path), {
+		recursive: true,
+		mode: 448
+	});
+	const tmp = `${path}.${process.pid}.${Date.now()}.tmp`;
+	try {
+		await writeFile(tmp, JSON.stringify(state, null, 2), { mode: 384 });
+		await rename(tmp, path);
+	} catch (err) {
+		await unlink(tmp).catch(() => {});
+		throw err;
+	}
+}
+/** Read the raw consent from disk. Returns 'undecided' if no file. */
+async function readConsentState() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	return s.consent;
+}
+/**
+* Resolve effective consent with policy-version bump rule:
+*   - Previously 'granted' but on an old policy version → revert to 'undecided'
+*   - Previously 'denied' on any version → stay 'denied'
+*/
+async function resolveEffectiveConsent() {
+	const s = await readStateFile();
+	if (!s) return "undecided";
+	if (s.consent === "granted") {
+		if (s.policyVersion !== "2026-05-12") return "undecided";
+		return "granted";
+	}
+	return s.consent;
+}
+/**
+* Returns the stored anon_id, or generates + persists a new UUID v4.
+* Once generated it is never overwritten except after a successful deleteMyData call.
+*/
+async function getOrCreateAnonId() {
+	const s = await readStateFile();
+	if (s?.anonId) return s.anonId;
+	const id = crypto.randomUUID();
+	await writeStateFile({
+		...s ?? {
+			schemaVersion: 1,
+			consent: "undecided",
+			policyVersion: "2026-05-12"
+		},
+		anonId: id
+	});
+	return id;
+}
+async function acceptConsent() {
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "granted",
+		policyVersion: CURRENT_POLICY_VERSION,
+		anonId: (await readStateFile())?.anonId ?? crypto.randomUUID()
+	});
+}
+async function denyConsent() {
+	const s = await readStateFile();
+	await writeStateFile({
+		schemaVersion: 1,
+		consent: "denied",
+		policyVersion: CURRENT_POLICY_VERSION,
+		...s?.anonId ? { anonId: s.anonId } : {}
+	});
+}
+/**
+* Delete data: send DELETE /e?anon_id=... to the server (if we have an id),
+* then rotate local anon_id so subsequent events are unlinkable.
+*/
+async function deleteMyData(endpoint) {
+	const s = await readStateFile();
+	if (!s?.anonId) return false;
+	try {
+		if (!(await fetch(`${endpoint}/e?anon_id=${encodeURIComponent(s.anonId)}`, { method: "DELETE" })).ok) return false;
+		await writeStateFile({
+			...s,
+			anonId: crypto.randomUUID()
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+//#endregion
+//#region src/telemetry/send.ts
+/**
+* Telemetry send — fire-and-forget with one retry.
+*
+* Rules:
+*   1. If consent ≠ "granted" — drop silently.
+*   2. POST event as JSON with 5 s timeout.
+*   3. On network error or non-2xx: retry ONCE after 2 s. On second failure: drop.
+*   4. Meta is capped at 256 bytes (JSON-serialized); oversized meta is dropped.
+*   5. All calls are non-blocking — caller never awaits send().
+*/
+/** Meta size cap per server contract (JSON bytes). */
+const META_BYTE_CAP = 256;
+function sanitizeMeta(meta) {
+	if (meta === void 0) return void 0;
+	const serialized = JSON.stringify(meta);
+	if (new TextEncoder().encode(serialized).byteLength > META_BYTE_CAP) return void 0;
+	return meta;
+}
+async function doFetch(endpoint, payload) {
+	const controller = new AbortController();
+	const timeoutId = setTimeout(() => controller.abort(), 5e3);
+	try {
+		return (await fetch(`${endpoint}/e`, {
+			method: "POST",
+			headers: { "Content-Type": "application/json" },
+			body: JSON.stringify(payload),
+			signal: controller.signal
+		})).ok;
+	} catch {
+		return false;
+	} finally {
+		clearTimeout(timeoutId);
+	}
+}
+function delay(ms) {
+	return new Promise((resolve) => setTimeout(resolve, ms));
+}
+/** Retry delay in ms — injectable for tests. */
+let RETRY_DELAY_MS = 2e3;
+/**
+* Send a telemetry event. Drops silently if consent is not 'granted'.
+* Returns a Promise but callers should NOT await it — fire-and-forget only.
+*/
+async function send(endpoint, event, version, meta) {
+	if (await readConsentState() !== "granted") return;
+	const sanitized = sanitizeMeta(meta);
+	const payload = {
+		source: "console-cli",
+		event,
+		anon_id: await getOrCreateAnonId(),
+		version,
+		ts: Date.now(),
+		...sanitized !== void 0 ? { meta: sanitized } : {}
+	};
+	if (await doFetch(endpoint, payload)) return;
+	await delay(RETRY_DELAY_MS);
+	await doFetch(endpoint, payload);
+}
+//#endregion
+//#region src/telemetry/index.ts
+/**
+* Telemetry client — internal to @ait-co/console-cli.
+*
+* Usage: import { trackInvocation, trackInstall } from './telemetry/index.js'
+*
+* Events are fire-and-forget (non-blocking). Consent is opt-in only.
+* First invocation on a TTY prompts the user; non-TTY (CI) defaults to deny.
+*
+* Endpoint override for staging: AITCC_TELEMETRY_ENV=staging
+* (or automatically when VERSION contains '-dev').
+*/
+function resolveEndpoint() {
+	if (process.env.AITCC_TELEMETRY_ENV === "staging") return "https://t-staging.aitc.dev";
+	if (VERSION.includes("-dev")) return "https://t-staging.aitc.dev";
+	return "https://t.aitc.dev";
+}
+const TELEMETRY_ENDPOINT = resolveEndpoint();
+/** Returns true if this is the very first run (telemetry.json does not exist). */
+function isFirstRun() {
+	return !existsSync(telemetryFilePath());
+}
+/**
+* Prompt for consent on TTY. Defaults to deny on any non-TTY or error.
+* Called once per install (no file yet) when stdin/stdout are both TTYs.
+*/
+async function promptConsent() {
+	if (!process.stdin.isTTY || !process.stdout.isTTY) {
+		await denyConsent();
+		return;
+	}
+	const rl = createInterface({
+		input: process.stdin,
+		output: process.stdout
+	});
+	try {
+		process.stderr.write([
+			"",
+			"aitcc 사용 개선을 위해 익명 사용 통계를 수집해도 될까요?",
+			"  · 개인 식별 정보 없음  · 랜덤 익명 ID만 사용  · 언제든 off 가능",
+			"  자세한 내용: https://docs.aitc.dev/privacy",
+			""
+		].join("\n"));
+		if ((await rl.question("보내도 될까요? [y/N] ")).trim().toLowerCase() === "y") await acceptConsent();
+		else await denyConsent();
+	} catch {
+		await denyConsent();
+	} finally {
+		rl.close();
+	}
+}
+/** True only on the first invocation after a fresh install. */
+async function isNewInstall() {
+	const markerPath = `${telemetryFilePath()}.install`;
+	if (existsSync(markerPath)) return false;
+	try {
+		await writeFile(markerPath, "1", { mode: 384 });
+		return true;
+	} catch {
+		return false;
+	}
+}
+/**
+* Called at CLI entry point with the resolved top-level command name.
+* Handles first-run consent prompt, install detection, and event send.
+* Fire-and-forget: do NOT await this.
+*/
+async function trackInvocation(command) {
+	try {
+		if (isFirstRun()) await promptConsent();
+		if (await resolveEffectiveConsent() !== "granted") return;
+		if (await isNewInstall()) send(TELEMETRY_ENDPOINT, "cli_install", VERSION, {
+			platform: process.platform,
+			arch: process.arch
+		});
+		send(TELEMETRY_ENDPOINT, "cli_invoked", VERSION, { command });
+	} catch {}
+}
+const telemetryCommand = defineCommand({
+	meta: {
+		name: "telemetry",
+		description: "Manage anonymous usage telemetry (opt-in)."
+	},
+	subCommands: {
+		status: defineCommand({
+			meta: {
+				name: "status",
+				description: "Show current telemetry consent state and anon_id."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const consent = await resolveEffectiveConsent();
+				const anonId = consent === "granted" ? await getOrCreateAnonId() : null;
+				const filePath = telemetryFilePath();
+				if (args.json) {
+					process.stdout.write(`${JSON.stringify({
+						ok: true,
+						consent,
+						policyVersion: CURRENT_POLICY_VERSION,
+						endpoint: TELEMETRY_ENDPOINT,
+						...anonId ? { anonId } : {},
+						filePath
+					})}\n`);
+					return exitAfterFlush(ExitCode.Ok);
+				}
+				process.stdout.write(`Telemetry: ${consent}\n`);
+				process.stdout.write(`Policy version: ${CURRENT_POLICY_VERSION}\n`);
+				process.stdout.write(`Endpoint: ${TELEMETRY_ENDPOINT}\n`);
+				if (anonId) process.stdout.write(`Anon ID: ${anonId}\n`);
+				process.stdout.write(`State file: ${filePath}\n`);
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		enable: defineCommand({
+			meta: {
+				name: "enable",
+				description: "Enable anonymous usage telemetry (opt-in)."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await acceptConsent();
+				const anonId = await getOrCreateAnonId();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "granted",
+					anonId
+				})}\n`);
+				else {
+					process.stdout.write("Telemetry enabled. Thank you!\n");
+					process.stdout.write(`Anon ID: ${anonId}\n`);
+				}
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		disable: defineCommand({
+			meta: {
+				name: "disable",
+				description: "Disable anonymous usage telemetry."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				await denyConsent();
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok: true,
+					consent: "denied"
+				})}\n`);
+				else process.stdout.write("Telemetry disabled.\n");
+				return exitAfterFlush(ExitCode.Ok);
+			}
+		}),
+		delete: defineCommand({
+			meta: {
+				name: "delete",
+				description: "Delete your telemetry data from the server and rotate the local anon_id."
+			},
+			args: { json: {
+				type: "boolean",
+				description: "Emit machine-readable JSON.",
+				default: false
+			} },
+			async run({ args }) {
+				const beforeConsent = await readConsentState();
+				const ok = await deleteMyData(TELEMETRY_ENDPOINT);
+				if (args.json) process.stdout.write(`${JSON.stringify({
+					ok,
+					...ok ? {} : { reason: beforeConsent === "undecided" ? "no-data" : "server-error" }
+				})}\n`);
+				else if (ok) process.stdout.write("Deletion request sent. Your data has been removed and a new anon ID assigned.\n");
+				else if (beforeConsent === "undecided") process.stdout.write("No telemetry data to delete (telemetry was never enabled).\n");
+				else process.stderr.write("Deletion request failed. Please try again or contact the maintainers.\n");
+				return exitAfterFlush(ok || beforeConsent === "undecided" ? ExitCode.Ok : ExitCode.NetworkError);
+			}
+		})
+	}
+});
+//#endregion
 //#region src/github.ts
 const REPO_OWNER = "apps-in-toss-community";
 const REPO_NAME = "console-cli";
@@ -9159,19 +9712,6 @@ function sha256OfFile(path) {
 	});
 }
 //#endregion
-//#region src/version.ts
-function resolveVersion() {
-	try {
-		const injected = globalThis.AITCC_VERSION;
-		if (typeof injected === "string" && injected.length > 0) return injected;
-	} catch {}
-	try {
-		return "0.1.27";
-	} catch {}
-	return "0.0.0-dev";
-}
-const VERSION = resolveVersion();
-//#endregion
 //#region src/commands/upgrade.ts
 const execFileP = promisify(execFile);
 function isStandaloneBinary() {
@@ -10319,10 +10859,12 @@ const main = defineCommand({
 		keys: keysCommand,
 		notices: noticesCommand,
 		me: meCommand,
+		telemetry: telemetryCommand,
 		completion: completionCommand
 	}
 });
 cleanupStaleUpgradeArtifacts().catch(() => {});
+trackInvocation(process.argv.slice(2).find((a) => !a.startsWith("-")) ?? "(none)");
 runMain(main);
 //#endregion
 export {};