@ampersend_ai/ampersend-sdk 0.0.25 → 0.0.27

package/dist/cli/config.js

@@ -11,7 +11,7 @@ import { err, ok } from "./envelope.js";
  * Returns an `err` envelope when the local config isn't ready, so the
  * caller can print it and exit.
  */
-export function loadCredentials() {
+export function loadCredentials(opts = {}) {
     try {
         const envConfig = parseEnvConfig();
         return {
@@ -26,19 +26,20 @@ export function loadCredentials() {
     catch {
         // Fall back to config file
     }
-    const fileConfig = getRuntimeConfig();
-    if (fileConfig?.status === "ready" && fileConfig.agentAccount && fileConfig.agentKey) {
-        const apiUrl = process.env.AMPERSEND_API_URL ?? fileConfig.apiUrl;
+    const selected = getSelectedContext(opts);
+    if (selected?.context.status === "ready") {
+        // AMPERSEND_API_URL is a hard bypass: if set, it always wins.
+        const apiUrl = process.env.AMPERSEND_API_URL ?? selected.context.apiUrl;
         return {
             ok: true,
             credentials: {
-                agentAccount: fileConfig.agentAccount,
-                agentKey: fileConfig.agentKey,
+                agentAccount: selected.context.agentAccount,
+                agentKey: selected.context.agentKey,
                 ...(apiUrl ? { apiUrl } : {}),
             },
         };
     }
-    const status = fileConfig?.status ?? "not_initialized";
+    const status = getConfigStatus(opts).status;
     const code = status === "not_initialized" ? "NOT_CONFIGURED" : "SETUP_INCOMPLETE";
     return {
         ok: false,
@@ -49,19 +50,22 @@ export function loadCredentials() {
 const CONFIG_DIR = join(homedir(), ".ampersend");
 export const CONFIG_FILE = join(CONFIG_DIR, "config.json");
 /** Current config version */
-const CONFIG_VERSION = 1;
+const CONFIG_VERSION = 2;
 /** Hard-coded approval expiration: 30 minutes */
 const APPROVAL_EXPIRY_MS = 30 * 60 * 1000;
 /** Default API URL (production) */
 export const DEFAULT_API_URL = "https://api.ampersend.ai";
-const HexString = Schema.TemplateLiteral(Schema.Literal("0x"), Schema.String);
+const HexString = Schema.TemplateLiteral([Schema.Literal("0x"), Schema.String]);
 /**
  * Cached Laso Bearer token for `card details`/`list`, so a warm read costs
  * nothing. Stamped with the identity (`agentKey`) and `apiUrl` it was minted
  * under: `readLasoToken` treats it as absent if either no longer matches the
- * active config (covers env-var overrides) or it has expired. Self-correcting,
+ * active context (covers env-var overrides) or it has expired. Self-correcting,
  * so the identity/URL write paths only need to drop it, not re-thread it.
  *
+ * Lives inside the context it was minted under, so switching the active context
+ * (`config use`) keeps each context's token intact without any explicit drop.
+ *
  * Schema is the source of truth; the `LasoToken` type is derived from it so the
  * two can't drift (the same pattern as the schemas in `src/ampersend/`).
  */
@@ -71,11 +75,41 @@ const LasoTokenSchema = Schema.Struct({
     agentKey: HexString,
     apiUrl: Schema.optional(Schema.String),
 });
-/** Schema for validating stored config read from disk.
+// ─── Context model (V2) ──────────────────────────────────────────────────────
+/**
+ * A named identity in the config. A context is either:
+ *  - `ready`:   resolved, carrying an active key + on-chain account (+ optional
+ *               per-context apiUrl and cached lasoToken).
+ *  - `pending`: an in-flight `setup start` — a generated key plus the approval
+ *               token and its local expiry, but no account yet. `setup finish`
+ *               promotes it to `ready`.
  *
- * Effect Schema strips unknown keys, so legacy fields like `network` written
- * by older versions are silently dropped on next write. */
-const StoredConfigSchema = Schema.Struct({
+ * Each context carries its own `apiUrl`, so e.g. a sandbox and a prod context
+ * can coexist pointed at different environments.
+ */
+const ReadyContextSchema = Schema.Struct({
+    status: Schema.Literal("ready"),
+    agentKey: HexString,
+    agentAccount: HexString,
+    createdAt: Schema.String, // ISO timestamp the context was first created
+    apiUrl: Schema.optional(Schema.String),
+    lasoToken: Schema.optional(LasoTokenSchema),
+});
+const PendingContextSchema = Schema.Struct({
+    status: Schema.Literal("pending"),
+    agentKey: HexString,
+    token: Schema.String,
+    expiresAt: Schema.String, // ISO timestamp — informational; `setup finish` lets the API decide
+    createdAt: Schema.String, // ISO timestamp the context was first created
+    apiUrl: Schema.optional(Schema.String),
+});
+const ContextSchema = Schema.Union([ReadyContextSchema, PendingContextSchema]);
+const StoredConfigV2Schema = Schema.Struct({
+    version: Schema.Literal(2),
+    activeContext: Schema.optional(Schema.String),
+    contexts: Schema.Record(Schema.String, ContextSchema),
+});
+const StoredConfigV1Schema = Schema.Struct({
     version: Schema.Literal(1),
     agentKey: Schema.optional(HexString),
     agentAccount: Schema.optional(HexString),
@@ -87,6 +121,51 @@ const StoredConfigSchema = Schema.Struct({
     })),
     lasoToken: Schema.optional(LasoTokenSchema),
 });
+/** Decodes either version; V1 is normalized to V2 by `readConfig`. */
+const StoredConfigSchema = Schema.Union([StoredConfigV2Schema, StoredConfigV1Schema]);
+/**
+ * Migrate a legacy single-account V1 config to the V2 context model. There is
+ * no `default` context in V2 — both migrated contexts are auto-named from their
+ * key (the same scheme `setup`/`config set` use), and `createdAt` is stamped to
+ * the migration time since a V1 file carries no creation timestamp.
+ *
+ *  - A complete identity (key + account) becomes a `ready` context carrying the
+ *    old top-level apiUrl/lasoToken; it becomes active.
+ *  - A standalone pending approval becomes a `pending` context. If there was no
+ *    active identity, the pending context becomes active.
+ *  - A key-only V1 file (no account, no pending) was already non-functional for
+ *    reads, so we drop the orphan key and migrate to an empty (not_initialized)
+ *    config.
+ */
+function migrateV1toV2(v1) {
+    const config = { version: 2, contexts: {} };
+    const createdAt = new Date().toISOString();
+    if (v1.agentKey && v1.agentAccount) {
+        const name = uniqueContextName(config, v1.apiUrl, privateKeyToAddress(v1.agentKey));
+        config.contexts[name] = {
+            status: "ready",
+            agentKey: v1.agentKey,
+            agentAccount: v1.agentAccount,
+            createdAt,
+            ...(v1.apiUrl ? { apiUrl: v1.apiUrl } : {}),
+            ...(v1.lasoToken ? { lasoToken: v1.lasoToken } : {}),
+        };
+        config.activeContext = name;
+    }
+    if (v1.pendingApproval) {
+        const name = uniqueContextName(config, v1.apiUrl, privateKeyToAddress(v1.pendingApproval.agentKey));
+        config.contexts[name] = {
+            status: "pending",
+            agentKey: v1.pendingApproval.agentKey,
+            token: v1.pendingApproval.token,
+            expiresAt: v1.pendingApproval.expiresAt,
+            createdAt,
+            ...(v1.apiUrl ? { apiUrl: v1.apiUrl } : {}),
+        };
+        config.activeContext ??= name;
+    }
+    return config;
+}
 /**
  * Ensure config directory exists with secure permissions
  */
@@ -96,7 +175,7 @@ function ensureConfigDir() {
     }
 }
 /**
- * Read config file if it exists.
+ * Read config file if it exists, normalized to the V2 context model.
  * Returns null if the file is missing or corrupt.
  */
 export function readConfig() {
@@ -106,7 +185,8 @@ export function readConfig() {
     const content = readFileSync(CONFIG_FILE, "utf-8");
     try {
         const parsed = JSON.parse(content);
-        return Schema.decodeUnknownSync(StoredConfigSchema)(parsed);
+        const decoded = Schema.decodeUnknownSync(StoredConfigSchema)(parsed);
+        return decoded.version === 1 ? migrateV1toV2(decoded) : decoded;
     }
     catch {
         // Corrupt or unrecognised config — treat as absent so commands can re-initialise
@@ -114,34 +194,65 @@ export function readConfig() {
     }
 }
 /**
- * Write config file with secure permissions
+ * Drop expired *pending* contexts so the map can't grow without bound. Ready
+ * contexts are never auto-pruned (only `config rm` removes them). If the active
+ * context is pruned, `activeContext` is cleared.
+ */
+function prunePendingExpired(config) {
+    const contexts = {};
+    for (const [name, ctx] of Object.entries(config.contexts)) {
+        if (ctx.status === "pending" && isPendingExpired(ctx))
+            continue;
+        contexts[name] = ctx;
+    }
+    const activeContext = config.activeContext && contexts[config.activeContext] ? config.activeContext : undefined;
+    return { version: 2, ...(activeContext ? { activeContext } : {}), contexts };
+}
+/**
+ * Write config file with secure permissions. Always writes V2 and prunes
+ * expired pending contexts on the way out.
  */
 export function writeConfig(config) {
     ensureConfigDir();
-    const withVersion = { version: CONFIG_VERSION, ...config };
-    writeFileSync(CONFIG_FILE, JSON.stringify(withVersion, null, 2), { mode: 0o600 });
+    const pruned = prunePendingExpired({ version: CONFIG_VERSION, ...config });
+    writeFileSync(CONFIG_FILE, JSON.stringify(pruned, null, 2), { mode: 0o600 });
+}
+/**
+ * The context name to use this invocation: `--context` flag > `AMPERSEND_CONTEXT`
+ * env > persisted `activeContext`. Returns undefined if none resolves.
+ */
+export function resolveContextName(opts = {}) {
+    return opts.context ?? process.env.AMPERSEND_CONTEXT ?? readConfig()?.activeContext ?? undefined;
 }
 /**
- * Get runtime config with status
+ * The selected context (name + value) after applying flag/env/active precedence,
+ * or null if no config file exists or the resolved name has no context.
  */
-export function getRuntimeConfig() {
-    const stored = readConfig();
-    if (!stored) {
+export function getSelectedContext(opts = {}) {
+    const config = readConfig();
+    const name = resolveContextName(opts);
+    if (!config || !name)
         return null;
-    }
-    const { version: _, ...rest } = stored;
-    const status = rest.agentKey && rest.agentAccount ? "ready" : "pending_agent";
-    return { ...rest, status };
+    const context = config.contexts[name];
+    if (!context)
+        return null;
+    return { name, context };
 }
 /**
- * Get configuration status for error messages
+ * Effective API URL for unauthenticated calls and setup flows.
+ * Precedence: AMPERSEND_API_URL (hard bypass) > selected context's apiUrl > default.
  */
-export function getConfigStatus() {
-    const config = getRuntimeConfig();
-    if (!config) {
+export function getActiveApiUrl(opts = {}) {
+    return process.env.AMPERSEND_API_URL ?? getSelectedContext(opts)?.context.apiUrl ?? DEFAULT_API_URL;
+}
+/**
+ * Per-context status for the selected context, for error messages and `status`.
+ */
+export function getConfigStatus(opts = {}) {
+    const selected = getSelectedContext(opts);
+    if (!selected)
         return { status: "not_initialized" };
-    }
-    return { status: config.status };
+    return { status: selected.context.status === "ready" ? "ready" : "pending_agent" };
 }
 /**
  * Check if a pending approval has expired locally.
@@ -155,11 +266,62 @@ export function isPendingExpired(pending) {
 export function computeApprovalExpiry() {
     return new Date(Date.now() + APPROVAL_EXPIRY_MS).toISOString();
 }
+/** Empty V2 config used when starting from scratch. */
+function emptyConfig() {
+    return { version: 2, contexts: {} };
+}
+/** Return a copy of `record` without `key` (avoids dynamic `delete`). */
+function omitKey(record, key) {
+    const { [key]: _omitted, ...rest } = record;
+    return rest;
+}
+/**
+ * Production = the default URL, or no URL at all. Auto-derived context names get
+ * the URL host prepended only for non-production environments.
+ */
+export function isProductionUrl(apiUrl) {
+    return !apiUrl || apiUrl === DEFAULT_API_URL;
+}
+/**
+ * Auto-derive a context name from the agent key when `--context` is omitted.
+ * The base is `ctx-<4 hex of key address>`; non-production URLs prepend the host
+ * so contexts targeting different environments stay distinct (e.g.
+ * `api.sandbox.ampersend.ai-ctx-1a2b`). Not guaranteed unique on its own —
+ * callers go through `uniqueContextName` to disambiguate.
+ */
+export function autoContextName(apiUrl, keyAddress) {
+    const base = `ctx-${keyAddress.slice(2, 6).toLowerCase()}`;
+    if (isProductionUrl(apiUrl))
+        return base;
+    try {
+        return `${new URL(apiUrl).host}-${base}`;
+    }
+    catch {
+        return base;
+    }
+}
+/**
+ * An auto-derived context name guaranteed free in `config`. Appends `-2`, `-3`,
+ * … if the base name (or a prior counter) is already taken.
+ */
+export function uniqueContextName(config, apiUrl, keyAddress) {
+    const base = autoContextName(apiUrl, keyAddress);
+    if (!config.contexts[base])
+        return base;
+    for (let n = 2;; n++) {
+        const candidate = `${base}-${n}`;
+        if (!config.contexts[candidate])
+            return candidate;
+    }
+}
 /**
- * Set active config directly using "agentKey:::agentAccount" format.
- * Replaces the old `config init` + `config set-agent` flow.
+ * Set a context's identity directly using "agentKey:::agentAccount" format and
+ * make it active. With `--context <name>` the identity is written to that named
+ * context (creating or overwriting it); without one, a fresh auto-named context
+ * is minted. A context's `apiUrl` is fixed at creation — `setConfig` only sets
+ * it on a brand-new context, never edits an existing one's URL.
  */
-export function setConfig(secret) {
+export function setConfig(secret, opts = {}) {
     const parts = secret.split(":::");
     if (parts.length !== 2) {
         return err("INVALID_FORMAT", 'Expected format: "agentKey:::agentAccount"');
@@ -171,123 +333,148 @@ export function setConfig(secret) {
     if (!isAddress(agentAccount)) {
         return err("INVALID_ADDRESS", "Invalid Ethereum address format for agent account");
     }
-    const existing = readConfig();
-    // lasoToken intentionally not carried over: changing the active identity
-    // invalidates any cached Laso token (it's stamped with the old agentKey).
-    writeConfig({
-        agentKey: agentKey,
-        agentAccount: agentAccount,
-        ...(existing?.apiUrl ? { apiUrl: existing.apiUrl } : {}),
-        // Preserve pending approval if any
-        ...(existing?.pendingApproval ? { pendingApproval: existing.pendingApproval } : {}),
-    });
-    const agentKeyAddress = privateKeyToAddress(agentKey);
-    return ok({
-        agentKeyAddress,
-        agentAccount,
-        status: "ready",
-    });
-}
-/**
- * Set API URL in config. Pass undefined to clear (revert to production default).
- */
-export function setApiUrl(apiUrl) {
-    if (apiUrl != null) {
+    if (opts.apiUrl != null) {
         try {
-            new URL(apiUrl);
+            new URL(opts.apiUrl);
         }
         catch {
             return err("INVALID_URL", "Invalid URL format.");
         }
     }
-    const existing = readConfig();
-    // lasoToken intentionally not carried over: changing the API URL points reads
-    // at a different Laso/facilitator context, so a token minted under the old
-    // URL no longer applies.
-    writeConfig({
-        ...(existing?.agentKey ? { agentKey: existing.agentKey } : {}),
-        ...(existing?.agentAccount ? { agentAccount: existing.agentAccount } : {}),
-        ...(existing?.pendingApproval ? { pendingApproval: existing.pendingApproval } : {}),
-        ...(apiUrl != null ? { apiUrl } : {}),
-    });
-    return ok({ apiUrl: apiUrl ?? DEFAULT_API_URL });
+    const agentKeyAddress = privateKeyToAddress(agentKey);
+    const config = readConfig() ?? emptyConfig();
+    // Explicit --context names the target (create or overwrite); otherwise mint a
+    // fresh auto-named context.
+    const name = opts.name ?? uniqueContextName(config, opts.apiUrl, agentKeyAddress);
+    const existing = config.contexts[name];
+    // The URL is set only on a new context; an explicit opt on creation wins,
+    // otherwise inherit the URL an overwritten context already had. lasoToken is
+    // intentionally dropped: changing the identity invalidates a token stamped
+    // with the old key. createdAt is preserved when overwriting a named context.
+    const apiUrl = opts.apiUrl ?? existing?.apiUrl;
+    config.contexts[name] = {
+        status: "ready",
+        agentKey: agentKey,
+        agentAccount: agentAccount,
+        createdAt: existing?.createdAt ?? new Date().toISOString(),
+        ...(apiUrl ? { apiUrl } : {}),
+    };
+    config.activeContext = name;
+    writeConfig(config);
+    return ok({ agentKeyAddress, agentAccount, context: name, status: "ready" });
 }
 /**
- * Store a pending approval in config.
- * Called by `setup start`.
+ * Switch the active context without re-running setup. Errors if the name is
+ * unknown.
  */
-export function storePendingApproval(pending) {
-    const existing = readConfig();
-    writeConfig({
-        ...(existing?.agentKey ? { agentKey: existing.agentKey } : {}),
-        ...(existing?.agentAccount ? { agentAccount: existing.agentAccount } : {}),
-        ...(existing?.apiUrl ? { apiUrl: existing.apiUrl } : {}),
-        // Active identity is unchanged by a pending approval, so a cached Laso
-        // token stays valid — preserve it.
-        ...(existing?.lasoToken ? { lasoToken: existing.lasoToken } : {}),
-        pendingApproval: pending,
-    });
+export function useContext(name) {
+    const config = readConfig();
+    const context = config?.contexts[name];
+    if (!config || !context) {
+        return err("UNKNOWN_CONTEXT", `No context named "${name}". Run "ampersend config status" to list contexts.`);
+    }
+    config.activeContext = name;
+    writeConfig(config);
+    return ok({ context: name, status: context.status === "ready" ? "ready" : "pending_agent" });
 }
 /**
- * Clear pending approval from config.
+ * Delete a context. If it was the active one, the active selection is cleared.
+ * Errors if the name is unknown.
  */
-export function clearPendingApproval() {
-    const existing = readConfig();
-    if (!existing)
-        return;
-    const { pendingApproval: _, version: __, ...rest } = existing;
-    writeConfig(rest);
+export function removeContext(name) {
+    const config = readConfig();
+    if (!config || !config.contexts[name]) {
+        return err("UNKNOWN_CONTEXT", `No context named "${name}". Run "ampersend config status" to list contexts.`);
+    }
+    const wasActive = config.activeContext === name;
+    config.contexts = omitKey(config.contexts, name);
+    if (wasActive)
+        delete config.activeContext;
+    writeConfig(config);
+    return ok({ context: name, wasActive });
+}
+/**
+ * Create a `pending` context from a freshly-requested approval.
+ * Called by `setup start`. Makes it active unless `detach` is set.
+ */
+export function startContext(name, pending, opts = {}) {
+    const config = readConfig() ?? emptyConfig();
+    config.contexts[name] = {
+        status: "pending",
+        agentKey: pending.agentKey,
+        token: pending.token,
+        expiresAt: pending.expiresAt,
+        createdAt: config.contexts[name]?.createdAt ?? new Date().toISOString(),
+        ...(opts.apiUrl && !isProductionUrl(opts.apiUrl) ? { apiUrl: opts.apiUrl } : {}),
+    };
+    if (!opts.detach)
+        config.activeContext = name;
+    writeConfig(config);
 }
 /**
- * Promote a pending approval to active config.
- * Called by `setup finish` when the approval is resolved.
+ * Promote a `pending` context to `ready` (key stays, account filled in).
+ * Called by `setup finish`. Makes the context active.
  */
-export function promotePending(agentAccount) {
-    const existing = readConfig();
-    if (!existing?.pendingApproval) {
-        return err("NO_PENDING", "No pending approval to promote");
+export function finishContext(name, agentAccount) {
+    const config = readConfig();
+    const context = config?.contexts[name];
+    if (!config || !context) {
+        return err("UNKNOWN_CONTEXT", `No context named "${name}".`);
     }
-    // Drop lasoToken alongside the old key: the active identity changes here, so
-    // a token minted under the previous key no longer matches. readLasoToken
-    // would reject it anyway; dropping it keeps the file honest.
-    const { agentKey: _oldKey, lasoToken: _lasoToken, pendingApproval, version: _version, ...rest } = existing;
-    const agentKeyAddress = privateKeyToAddress(pendingApproval.agentKey);
-    // Promote: pending key becomes active, pending cleared
-    writeConfig({
-        ...rest,
-        agentKey: pendingApproval.agentKey,
-        agentAccount,
-        // pendingApproval intentionally omitted — cleared on promote
-    });
-    return ok({
-        agentKeyAddress,
-        agentAccount,
+    if (context.status !== "pending") {
+        return err("NOT_PENDING", `Context "${name}" is already ready. Use "ampersend config use ${name}" to select it.`);
+    }
+    const agentKeyAddress = privateKeyToAddress(context.agentKey);
+    config.contexts[name] = {
         status: "ready",
-    });
+        agentKey: context.agentKey,
+        agentAccount,
+        createdAt: context.createdAt,
+        ...(context.apiUrl ? { apiUrl: context.apiUrl } : {}),
+    };
+    config.activeContext = name;
+    writeConfig(config);
+    return ok({ agentKeyAddress, agentAccount, context: name, status: "ready" });
+}
+/**
+ * Remove a pending context (e.g. when an approval is rejected). No-op if the
+ * context is missing or no longer pending.
+ */
+export function clearPendingContext(name) {
+    const config = readConfig();
+    const context = config?.contexts[name];
+    if (!config || !context || context.status !== "pending")
+        return;
+    config.contexts = omitKey(config.contexts, name);
+    if (config.activeContext === name)
+        delete config.activeContext;
+    writeConfig(config);
 }
 /**
- * Cache a Laso Bearer token, preserving the rest of the config file.
- * The token is stamped with the identity/URL it was minted under so
- * `readLasoToken` can reject it after an env-var or config change.
+ * Cache a Laso Bearer token on the selected context, preserving the rest of the
+ * config. The token is stamped with the identity/URL it was minted under so
+ * `readLasoToken` can reject it after an env-var or context change.
  *
- * No-op when credentials come purely from env vars (no file to write): the
- * config file is the only cache, and we don't create one just to hold a token.
+ * No-op when the selected context isn't a ready one (e.g. env-only credentials):
+ * the config file is the only cache, and we don't create one just to hold a token.
  */
-export function storeLasoToken(token) {
-    const existing = readConfig();
-    if (!existing)
+export function storeLasoToken(token, opts = {}) {
+    const config = readConfig();
+    const selected = getSelectedContext(opts);
+    if (!config || selected?.context.status !== "ready")
         return;
-    const { version: _version, ...rest } = existing;
-    writeConfig({ ...rest, lasoToken: token });
+    config.contexts[selected.name] = { ...selected.context, lasoToken: token };
+    writeConfig(config);
 }
 /**
- * Read the cached Laso token, or null if there's no usable one. Treated as
- * absent when: no token cached, expired, or its stamped `agentKey`/`apiUrl`
- * no longer match the active credentials (covers env-var overrides and any
- * write path that forgot to drop it). Self-correcting by construction.
+ * Read the selected context's cached Laso token, or null if there's no usable
+ * one. Treated as absent when: no token cached, expired, or its stamped
+ * `agentKey`/`apiUrl` no longer match the active credentials (covers env-var
+ * overrides). Self-correcting by construction.
  */
-export function readLasoToken(active) {
-    const stored = readConfig()?.lasoToken;
+export function readLasoToken(active, opts = {}) {
+    const ctx = getSelectedContext(opts)?.context;
+    const stored = ctx?.status === "ready" ? ctx.lasoToken : undefined;
     if (!stored)
         return null;
     if (new Date(stored.expiresAt).getTime() <= Date.now())
@@ -302,6 +489,26 @@ export function readLasoToken(active) {
         return null;
     return stored;
 }
+/** Build a status summary for one context. */
+function summarizeContext(name, context, activeName) {
+    const summary = {
+        name,
+        status: context.status === "ready" ? "ready" : "pending_agent",
+        active: name === activeName,
+        createdAt: context.createdAt,
+        agentKeyAddress: privateKeyToAddress(context.agentKey),
+    };
+    if (context.status === "ready") {
+        summary.agentAccount = context.agentAccount;
+    }
+    else {
+        summary.pendingExpired = isPendingExpired(context);
+    }
+    if (context.apiUrl && context.apiUrl !== DEFAULT_API_URL) {
+        summary.apiUrl = context.apiUrl;
+    }
+    return summary;
+}
 /**
  * Get current configuration status.
  * Checks env vars first (takes precedence), then config file.
@@ -331,34 +538,34 @@ export function getStatus() {
         // No env vars, check file
     }
     // Check config file
-    const config = getRuntimeConfig();
-    if (!config) {
+    const config = readConfig();
+    if (!config || Object.keys(config.contexts).length === 0) {
         return ok({ status: "not_initialized", credentialSource: "none" });
     }
-    // Determine effective API URL (env var takes precedence over file)
-    const envApiUrl = process.env.AMPERSEND_API_URL;
-    const effectiveApiUrl = envApiUrl ?? config.apiUrl;
+    // Oldest-first so `config status` lists contexts in a stable creation order.
+    const contexts = Object.entries(config.contexts)
+        .map(([name, ctx]) => summarizeContext(name, ctx, config.activeContext))
+        .sort((a, b) => a.createdAt.localeCompare(b.createdAt));
+    // Hoist the active context's fields to the top level, reusing its summary
+    // (built above) rather than re-deriving the key address and account.
+    const activeSummary = contexts.find((c) => c.active);
     const result = {
-        status: config.status,
+        status: activeSummary?.status ?? "not_initialized",
         credentialSource: "file",
         configPath: CONFIG_FILE,
+        ...(config.activeContext ? { activeContext: config.activeContext } : {}),
+        contexts,
     };
-    if (config.agentKey) {
-        result.agentKeyAddress = privateKeyToAddress(config.agentKey);
-    }
-    if (config.agentAccount) {
-        result.agentAccount = config.agentAccount;
-    }
-    if (effectiveApiUrl && effectiveApiUrl !== DEFAULT_API_URL) {
-        result.apiUrl = effectiveApiUrl;
-    }
-    // Always show pending approval info if present
-    if (config.pendingApproval) {
-        const pendingKeyAddress = privateKeyToAddress(config.pendingApproval.agentKey);
-        result.pendingApproval = {
-            agentKeyAddress: pendingKeyAddress,
-            expired: isPendingExpired(config.pendingApproval),
-        };
+    if (activeSummary) {
+        if (activeSummary.agentKeyAddress)
+            result.agentKeyAddress = activeSummary.agentKeyAddress;
+        if (activeSummary.agentAccount)
+            result.agentAccount = activeSummary.agentAccount;
+        // Effective API URL for the active context (env var takes precedence).
+        const effectiveApiUrl = process.env.AMPERSEND_API_URL ?? activeSummary.apiUrl;
+        if (effectiveApiUrl && effectiveApiUrl !== DEFAULT_API_URL) {
+            result.apiUrl = effectiveApiUrl;
+        }
     }
     return ok(result);
 }