@ascdong/nexus 0.1.0

package/README.md

@@ -0,0 +1,181 @@
+# nexus
+
+Unified Azure data access CLI for **Log Analytics**, **Kusto** (Azure Data Explorer), and **Azure SQL Database**. One command surface, named connectors, and Agent-friendly output.
+
+## Why
+
+`nexus` connects multiple Azure data resources through named *connectors* and exposes a single way to query them and inspect their schema. It is built primarily for **Agent consumption** (stable parsing, token-efficient output) while staying usable by humans.
+
+## Install
+
+End users install from npm — no Bun required, it runs on Node:
+
+```bash
+npm install -g nexus    # or: npm install nexus
+```
+
+Requires Node 20+.
+
+## Authentication
+
+`nexus` authenticates to Azure with **Microsoft Entra ID (AAD)** via `DefaultAzureCredential`. Before running queries, sign in with one of the standard mechanisms it understands:
+
+```bash
+az login        # most common for local use
+```
+
+`DefaultAzureCredential` also picks up environment variables, Managed Identity, and VS Code sign-in automatically.
+
+### Token cache
+
+Acquiring an AAD token cold is slow (~2–3s, because `DefaultAzureCredential` spawns the `az` CLI). To avoid paying that on every command, `nexus` caches the acquired token to `~/.nexus/token-cache.json` (file mode `0600`), keyed by scope, and refreshes it 1 minute before expiry. The first query in ~an hour is cold; subsequent queries reuse the cached token (token lookup drops from ~2s to ~0ms).
+
+> **Security note:** unlike `config.json`, the token cache **does contain a live access token** — anyone who can read the file can act as you against those resources until the token expires (typically ~1 hour). It is written `0600` (owner-only) and never committed to git. Clear it any time with:
+
+```bash
+nexus auth clear-cache
+```
+
+The query round-trip and process startup are not affected by the cache; only token acquisition is.
+
+## Connectors
+
+Connectors are named aliases stored in `~/.nexus/config.json` (override the directory with `NEXUS_CONFIG_DIR`). The config holds **connection coordinates only — never tokens or secrets**.
+
+```bash
+# Log Analytics
+nexus connector add prod-logs --type log-analytics --workspace-id <workspace-guid>
+
+# Kusto / Azure Data Explorer
+nexus connector add telemetry --type kusto \
+  --cluster-uri https://help.kusto.windows.net --database Samples
+
+# Azure SQL Database
+nexus connector add warehouse --type azure-sql \
+  --server myserver.database.windows.net --database Sales
+
+# Storage Account (Table + Blob + Queue)
+nexus connector add mydata --type storage-account --account <storageacct>
+
+nexus connector list            # list all connectors (JSON)
+nexus connector test prod-logs  # verify connectivity
+nexus connector remove prod-logs
+```
+
+## Query
+
+```bash
+nexus query <alias> "<statement>" [--output <fmt>] [--max-rows N] [--timeout MS]
+```
+
+The statement is KQL for Log Analytics / Kusto, and SQL for Azure SQL:
+
+```bash
+nexus query telemetry "StormEvents | take 5"
+nexus query warehouse "SELECT TOP 5 * FROM Orders"
+```
+
+`--max-rows` caps the returned rows (default 1000) to protect downstream context; when the cap is hit, the result is flagged `truncated`.
+
+## Schema introspection
+
+```bash
+nexus schema tables <alias>                 # list tables
+nexus schema describe <alias> <table>       # columns + normalized types
+```
+
+## Storage Account
+
+A `storage-account` connector exposes three services under `nexus sa` (alias of
+`storageaccount`). It is **not** used with `query`/`schema` — those are for the query
+languages. All operations are read-only.
+
+```bash
+# Table Storage — query is table + OData filter + select (not a single-string language)
+nexus sa table list  mydata
+nexus sa table query mydata MyTable --filter "PartitionKey eq 'orders'" --select RowKey,Amount
+
+# Blob
+nexus sa blob containers mydata
+nexus sa blob list mydata mycontainer --prefix logs/
+nexus sa blob read mydata mycontainer report.csv               # bytes -> stdout
+nexus sa blob read mydata mycontainer image.png -o image.png   # binary -> file
+
+# Queue
+nexus sa queue list  mydata
+nexus sa queue peek  mydata myqueue --count 10                 # does not dequeue
+nexus sa queue count mydata myqueue
+```
+
+The tabular commands (`table list/query`, `blob containers/list`, `queue list/peek`) honor
+`--output table|json|envelope`. `blob read` returns raw bytes and ignores output formatting
+by design — use `-o <file>` for binary blobs. All three services authenticate with the same
+AAD identity (scope `https://storage.azure.com/.default`); data access requires a data-plane
+role such as *Storage Blob/Table/Queue Data Reader* (control-plane roles like *Owner* do not
+grant data access).
+
+## Output formats
+
+`--output` selects the format. Default is **table** (human-readable). Agents should use `json` or `envelope`.
+
+| Format | Shape | Best for |
+|---|---|---|
+| `table` (default) | aligned columns | humans |
+| `json` | array of objects keyed by column name | quick scripting |
+| `envelope` | columns declared once + rows as arrays + metadata | Agents (token-efficient) |
+
+Example `envelope` output:
+
+```json
+{
+  "status": "ok",
+  "columns": [{ "name": "Name", "type": "string" }, { "name": "Count", "type": "long" }],
+  "rows": [["a", 1], ["b", 2]],
+  "row_count": 2,
+  "truncated": false
+}
+```
+
+The `envelope` form declares column names once (instead of repeating them on every row), which keeps large result sets compact in an Agent's context window. Column types are normalized to a unified vocabulary (`string`, `long`, `real`, `datetime`, `bool`, `dynamic`) across all three resource types.
+
+## Output channels & exit codes
+
+- **Results** go to **stdout**; **logs and errors** go to **stderr** — so an Agent can parse stdout cleanly.
+- Exit codes: `0` success, `1` query/connection/auth error, `2` usage/config error.
+
+On error, `json`/`envelope` output a structured `{ "status": "error", "code": "...", "message": "..." }`.
+
+## Extending
+
+- **New resource type:** implement the `Connector` interface in `src/connectors/`, then register it in `src/cli.ts` — no changes to commands or core.
+- **New auth method:** implement `CredentialProvider` in `src/core/credential.ts` and select it in `createCredential` — connectors are unaffected, since each connector supplies its own token scope.
+
+## Development
+
+Development uses [Bun](https://bun.sh) for fast installs, running, and tests. The published package is plain Node — Bun is a dev-time tool only.
+
+```bash
+bun install            # install deps (generates bun.lock)
+bun test               # run the test suite
+bun run dev <args>     # run from source, no build step
+bun run typecheck      # tsc --noEmit
+bun run build          # tsc → dist/ (the Node-runnable artifact that ships)
+```
+
+**Publishing:** `bun run build` (via `prepublishOnly`) compiles `src/` to standard Node ESM in `dist/` with a `#!/usr/bin/env node` shebang, then `bun publish` (or `npm publish`) uploads it. End users `npm install` and run it on Node — they never need Bun.
+
+### Known limitation: Azure SQL under the Bun runtime
+
+Querying **Azure SQL** fails under `bun run` (`ESOCKET — Connection lost / socket hang up`). This is an open Bun regression in its `node:net` compatibility layer that breaks the `tedious` (mssql) TDS-over-TLS handshake on some kernels (including WSL2); it is **not** a bug in this project — the same `mssql` call works under Node. Kusto and Log Analytics use plain HTTPS and are unaffected.
+
+The fix is to run Azure SQL queries on **Node** during development:
+
+```bash
+bun run build                                   # produce dist/ once
+node dist/cli.js query <sql-alias> "SELECT ..."  # Azure SQL: use node
+bun run dev query <kusto-or-la-alias> "..."      # Kusto / LA: bun is fine
+```
+
+The published package runs on Node, so **end users are never affected** — all three resource types work normally via `npm install`.
+
+See `docs/superpowers/specs/` and `docs/superpowers/plans/` for the full design and implementation plan.

package/dist/cli.js

@@ -0,0 +1,46 @@
+#!/usr/bin/env node
+import { Command } from "commander";
+import { register } from "./core/registry.js";
+import { ConnectorError, exitCodeFor } from "./core/errors.js";
+import { makeLogAnalyticsConnector } from "./connectors/logAnalytics.js";
+import { makeKustoConnector } from "./connectors/kusto.js";
+import { makeAzureSqlConnector } from "./connectors/azureSql.js";
+import { registerConnectorCommand } from "./commands/connector.js";
+import { registerQueryCommand } from "./commands/query.js";
+import { registerSchemaCommand } from "./commands/schema.js";
+import { registerAuthCommand } from "./commands/auth.js";
+import { registerStorageAccountCommand } from "./commands/storageaccount.js";
+export function registerConnectors() {
+    register("log-analytics", makeLogAnalyticsConnector);
+    register("kusto", makeKustoConnector);
+    register("azure-sql", makeAzureSqlConnector);
+}
+export function buildProgram() {
+    const program = new Command();
+    program.name("nexus").description("Unified Azure data access CLI").version("0.1.0");
+    registerConnectorCommand(program);
+    registerQueryCommand(program);
+    registerSchemaCommand(program);
+    registerAuthCommand(program);
+    registerStorageAccountCommand(program);
+    return program;
+}
+async function main() {
+    registerConnectors();
+    const program = buildProgram();
+    try {
+        await program.parseAsync(process.argv);
+    }
+    catch (e) {
+        if (e instanceof ConnectorError) {
+            process.stderr.write(`error [${e.code}]: ${e.message}\n`);
+            process.exit(exitCodeFor(e.code));
+        }
+        process.stderr.write(`error: ${e.message}\n`);
+        process.exit(1);
+    }
+}
+const invokedDirectly = process.argv[1] && import.meta.url === `file://${process.argv[1]}`;
+if (invokedDirectly) {
+    main();
+}

package/dist/commands/auth.js

@@ -0,0 +1,10 @@
+import { clearTokenCache } from "../core/tokenCache.js";
+export function registerAuthCommand(program) {
+    const cmd = program.command("auth").description("Manage authentication state");
+    cmd.command("clear-cache")
+        .description("Delete the on-disk AAD token cache")
+        .action(() => {
+        const removed = clearTokenCache();
+        process.stderr.write(removed ? "Token cache cleared.\n" : "No token cache to clear.\n");
+    });
+}

package/dist/commands/connector.js

@@ -0,0 +1,59 @@
+import { addConnector, listConnectors, removeConnector, getConnector } from "../core/config.js";
+import { build } from "../core/registry.js";
+import { createCredential } from "../core/credential.js";
+import { ConnectorError } from "../core/errors.js";
+export function buildConnectorConfig(type, opts) {
+    switch (type) {
+        case "log-analytics":
+            if (!opts.workspaceId)
+                throw new ConnectorError("USAGE_ERROR", "--workspace-id is required for log-analytics");
+            return { type, workspaceId: opts.workspaceId };
+        case "kusto":
+            if (!opts.clusterUri)
+                throw new ConnectorError("USAGE_ERROR", "--cluster-uri is required for kusto");
+            if (!opts.database)
+                throw new ConnectorError("USAGE_ERROR", "--database is required for kusto");
+            return { type, clusterUri: opts.clusterUri, database: opts.database };
+        case "azure-sql":
+            if (!opts.server)
+                throw new ConnectorError("USAGE_ERROR", "--server is required for azure-sql");
+            if (!opts.database)
+                throw new ConnectorError("USAGE_ERROR", "--database is required for azure-sql");
+            return { type, server: opts.server, database: opts.database };
+        case "storage-account":
+            if (!opts.account)
+                throw new ConnectorError("USAGE_ERROR", "--account is required for storage-account");
+            return { type, account: opts.account };
+        default:
+            throw new ConnectorError("USAGE_ERROR", `Unknown connector type: ${type}`);
+    }
+}
+export function registerConnectorCommand(program) {
+    const cmd = program.command("connector").description("Manage named connectors");
+    cmd.command("add <alias>")
+        .requiredOption("--type <type>", "log-analytics | kusto | azure-sql | storage-account")
+        .option("--workspace-id <id>")
+        .option("--cluster-uri <uri>")
+        .option("--database <db>")
+        .option("--server <host>")
+        .option("--account <name>", "storage account name (storage-account)")
+        .action((alias, opts) => {
+        const config = buildConnectorConfig(opts.type, opts);
+        addConnector(alias, config);
+        process.stderr.write(`Added connector '${alias}' (${opts.type})\n`);
+    });
+    cmd.command("list").action(() => {
+        const rows = listConnectors();
+        process.stdout.write(JSON.stringify(rows) + "\n");
+    });
+    cmd.command("remove <alias>").action((alias) => {
+        removeConnector(alias);
+        process.stderr.write(`Removed connector '${alias}'\n`);
+    });
+    cmd.command("test <alias>").action(async (alias) => {
+        const config = getConnector(alias);
+        const connector = build(config, createCredential("aad"));
+        await connector.testConnection();
+        process.stderr.write(`Connector '${alias}' OK\n`);
+    });
+}

package/dist/commands/query.js

@@ -0,0 +1,27 @@
+import { render } from "../core/output.js";
+import { getConnector } from "../core/config.js";
+import { build } from "../core/registry.js";
+import { createCredential } from "../core/credential.js";
+import { ConnectorError } from "../core/errors.js";
+export function resolveFormat(value) {
+    const v = value ?? "table";
+    if (v === "table" || v === "json" || v === "envelope")
+        return v;
+    throw new ConnectorError("USAGE_ERROR", `Unknown --output format: ${v} (use table|json|envelope)`);
+}
+export function registerQueryCommand(program) {
+    program.command("query <alias> <statement>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .option("--max-rows <n>", "max rows to return")
+        .option("--timeout <ms>", "query timeout in ms")
+        .action(async (alias, statement, opts) => {
+        const format = resolveFormat(opts.output);
+        const config = getConnector(alias);
+        const connector = build(config, createCredential("aad"));
+        const rs = await connector.query(statement, {
+            maxRows: opts.maxRows ? Number(opts.maxRows) : undefined,
+            timeoutMs: opts.timeout ? Number(opts.timeout) : undefined,
+        });
+        process.stdout.write(render(rs, format) + "\n");
+    });
+}

package/dist/commands/schema.js

@@ -0,0 +1,40 @@
+import { render } from "../core/output.js";
+import { getConnector } from "../core/config.js";
+import { build } from "../core/registry.js";
+import { createCredential } from "../core/credential.js";
+import { resolveFormat } from "./query.js";
+export function tablesToResultSet(tables) {
+    return {
+        columns: [{ name: "schema", type: "string" }, { name: "name", type: "string" }],
+        rows: tables.map((t) => [t.schema ?? "", t.name]),
+        rowCount: tables.length,
+        truncated: false,
+    };
+}
+export function columnsToResultSet(cols) {
+    return {
+        columns: [{ name: "name", type: "string" }, { name: "type", type: "string" }],
+        rows: cols.map((c) => [c.name, c.type]),
+        rowCount: cols.length,
+        truncated: false,
+    };
+}
+export function registerSchemaCommand(program) {
+    const cmd = program.command("schema").description("Inspect connector schema");
+    cmd.command("tables <alias>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, opts) => {
+        const format = resolveFormat(opts.output);
+        const connector = build(getConnector(alias), createCredential("aad"));
+        const rs = tablesToResultSet(await connector.listTables());
+        process.stdout.write(render(rs, format) + "\n");
+    });
+    cmd.command("describe <alias> <table>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, table, opts) => {
+        const format = resolveFormat(opts.output);
+        const connector = build(getConnector(alias), createCredential("aad"));
+        const rs = columnsToResultSet(await connector.describeTable(table));
+        process.stdout.write(render(rs, format) + "\n");
+    });
+}

package/dist/commands/storageaccount.js

@@ -0,0 +1,112 @@
+import { getConnector } from "../core/config.js";
+import { createCredential } from "../core/credential.js";
+import { ConnectorError } from "../core/errors.js";
+import { render } from "../core/output.js";
+import { resolveFormat } from "./query.js";
+import { storageEndpoints } from "../connectors/storage/endpoints.js";
+import { makeTableService } from "../connectors/storage/table.js";
+import { makeBlobService } from "../connectors/storage/blob.js";
+import { makeQueueService } from "../connectors/storage/queue.js";
+import { DEFAULT_MAX_ROWS } from "../core/connector.js";
+export function parseSelect(value) {
+    if (!value)
+        return undefined;
+    const parts = value.split(",").map((s) => s.trim()).filter((s) => s.length > 0);
+    return parts.length > 0 ? parts : undefined;
+}
+export function buildStorageServices(alias) {
+    const config = getConnector(alias);
+    if (config.type !== "storage-account" || !config.account) {
+        throw new ConnectorError("CONFIG_ERROR", `Connector '${alias}' is not a storage-account`);
+    }
+    const ep = storageEndpoints(config.account);
+    const cred = createCredential("aad");
+    return {
+        table: makeTableService(ep.table, cred),
+        blob: makeBlobService(ep.blob, cred),
+        queue: makeQueueService(ep.queue, cred),
+    };
+}
+export function registerStorageAccountCommand(program) {
+    const sa = program.command("storageaccount").alias("sa")
+        .description("Access an Azure Storage Account (table | blob | queue)");
+    // ---- table ----
+    const table = sa.command("table").description("Table Storage");
+    table.command("list <alias>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).table.listTables();
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    table.command("query <alias> <table>")
+        .option("--filter <odata>", "OData $filter predicate")
+        .option("--select <cols>", "comma-separated property names")
+        .option("--max-rows <n>", "max rows")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, tableName, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).table.queryTable(tableName, {
+            filter: opts.filter,
+            select: parseSelect(opts.select),
+            maxRows: opts.maxRows ? Number(opts.maxRows) : DEFAULT_MAX_ROWS,
+        });
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    // ---- blob ----
+    const blob = sa.command("blob").description("Blob Storage");
+    blob.command("containers <alias>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).blob.listContainers();
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    blob.command("list <alias> <container>")
+        .option("--prefix <p>", "blob name prefix")
+        .option("--max-rows <n>", "max rows")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, container, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).blob.listObjects(container, {
+            prefix: opts.prefix,
+            maxRows: opts.maxRows ? Number(opts.maxRows) : DEFAULT_MAX_ROWS,
+        });
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    blob.command("read <alias> <container> <path>")
+        .option("-o, --out <file>", "write bytes to a file instead of stdout")
+        .action(async (alias, container, path, opts) => {
+        const payload = await buildStorageServices(alias).blob.readObject(container, path);
+        if (opts.out) {
+            const { writeFileSync } = await import("node:fs");
+            writeFileSync(opts.out, payload.content);
+            process.stderr.write(`wrote ${payload.contentLength} bytes to ${opts.out}\n`);
+        }
+        else {
+            process.stdout.write(payload.content);
+        }
+    });
+    // ---- queue ----
+    const queue = sa.command("queue").description("Queue Storage");
+    queue.command("list <alias>")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).queue.listQueues();
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    queue.command("peek <alias> <queue>")
+        .option("--count <n>", "messages to peek (max 32)", "1")
+        .option("--output <fmt>", "table | json | envelope", "table")
+        .action(async (alias, queueName, opts) => {
+        const fmt = resolveFormat(opts.output);
+        const rs = await buildStorageServices(alias).queue.peek(queueName, opts.count ? Number(opts.count) : 1);
+        process.stdout.write(render(rs, fmt) + "\n");
+    });
+    queue.command("count <alias> <queue>")
+        .action(async (alias, queueName) => {
+        const n = await buildStorageServices(alias).queue.count(queueName);
+        process.stdout.write(String(n) + "\n");
+    });
+}

package/dist/connectors/azureSql.js

@@ -0,0 +1,84 @@
+import sql from "mssql";
+import { DEFAULT_MAX_ROWS } from "../core/connector.js";
+import { ConnectorError } from "../core/errors.js";
+const SCOPE = "https://database.windows.net/.default";
+export function normalizeSqlType(t) {
+    const s = t.toLowerCase();
+    if (s.includes("bigint") || s === "int" || s.includes("smallint") || s.includes("tinyint"))
+        return "long";
+    if (s.includes("decimal") || s.includes("float") || s.includes("real") || s.includes("numeric") || s.includes("money"))
+        return "real";
+    if (s.includes("date") || s.includes("time"))
+        return "datetime";
+    if (s.includes("bit"))
+        return "bool";
+    return "string";
+}
+export function toResultSet(recordset, maxRows) {
+    const colsMeta = recordset.columns ?? {};
+    const ordered = Object.entries(colsMeta)
+        .map(([name, meta]) => ({ name, index: meta.index ?? 0, typeName: meta.type?.name ?? meta.type ?? "nvarchar" }))
+        .sort((a, b) => a.index - b.index);
+    const columns = ordered.map((c) => ({ name: c.name, type: normalizeSqlType(String(c.typeName)) }));
+    const all = recordset.map((rowObj) => ordered.map((c) => rowObj[c.name]));
+    const rows = all.slice(0, maxRows);
+    return { columns, rows, rowCount: rows.length, truncated: all.length > maxRows };
+}
+export function makeAzureSqlConnector(config, cred) {
+    if (!config.server)
+        throw new ConnectorError("CONFIG_ERROR", "azure-sql requires server");
+    if (!config.database)
+        throw new ConnectorError("CONFIG_ERROR", "azure-sql requires database");
+    const server = config.server;
+    const database = config.database;
+    async function withPool(fn) {
+        const token = (await cred.getToken(SCOPE)).token;
+        const pool = new sql.ConnectionPool({
+            server, database,
+            authentication: { type: "azure-active-directory-access-token", options: { token } },
+            options: { encrypt: true },
+        });
+        try {
+            await pool.connect();
+            return await fn(pool);
+        }
+        catch (e) {
+            if (e instanceof ConnectorError)
+                throw e;
+            throw new ConnectorError("CONNECTION_FAILED", `Azure SQL error: ${e.message}`, e);
+        }
+        finally {
+            await pool.close().catch(() => { });
+        }
+    }
+    async function run(query, maxRows) {
+        return withPool(async (pool) => {
+            let result;
+            try {
+                result = await pool.request().query(query);
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Azure SQL query failed: ${e.message}`, e);
+            }
+            return toResultSet(result.recordset, maxRows);
+        });
+    }
+    return {
+        async query(statement, options) {
+            return run(statement, options?.maxRows ?? DEFAULT_MAX_ROWS);
+        },
+        async listTables() {
+            const rs = await run("SELECT TABLE_SCHEMA, TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE='BASE TABLE' ORDER BY TABLE_SCHEMA, TABLE_NAME", 5000);
+            return rs.rows.map((r) => ({ schema: String(r[0]), name: String(r[1]) }));
+        },
+        async describeTable(table) {
+            const bare = table.includes(".") ? table.split(".").pop() : table;
+            const safe = bare.replace(/'/g, "''");
+            const rs = await run(`SELECT COLUMN_NAME, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='${safe}' ORDER BY ORDINAL_POSITION`, 5000);
+            return rs.rows.map((r) => ({ name: String(r[0]), type: normalizeSqlType(String(r[1])) }));
+        },
+        async testConnection() {
+            await run("SELECT 1 AS x", 1);
+        },
+    };
+}

package/dist/connectors/kusto.js

@@ -0,0 +1,86 @@
+import { Client, KustoConnectionStringBuilder } from "azure-kusto-data";
+import { DEFAULT_MAX_ROWS } from "../core/connector.js";
+import { ConnectorError } from "../core/errors.js";
+export function normalizeKustoType(t) {
+    const s = t.toLowerCase();
+    if (s.includes("int") || s === "long")
+        return "long";
+    if (s.includes("real") || s.includes("double") || s.includes("decimal"))
+        return "real";
+    if (s.includes("datetime") || s.includes("date"))
+        return "datetime";
+    if (s.includes("bool"))
+        return "bool";
+    if (s.includes("dynamic"))
+        return "dynamic";
+    return "string";
+}
+function scopeFor(clusterUri) {
+    return `${clusterUri.replace(/\/+$/, "")}/.default`;
+}
+export function toResultSet(primary, maxRows) {
+    const columns = (primary.columns ?? []).map((c) => ({
+        name: c.name ?? c.columnName,
+        type: normalizeKustoType(String(c.type ?? c.columnType)),
+    }));
+    const all = [];
+    // The Kusto SDK exposes rows via a `rows()` generator yielding KustoResultRow
+    // objects; each row's ordered cell values are on `.raw` (fallback: `values()`).
+    const rowIterable = typeof primary.rows === "function" ? primary.rows() : primary;
+    for (const row of rowIterable) {
+        if (Array.isArray(row)) {
+            all.push(row);
+        }
+        else if (Array.isArray(row?.raw)) {
+            all.push(row.raw);
+        }
+        else if (typeof row?.values === "function") {
+            all.push([...row.values()]);
+        }
+        else {
+            all.push(Object.values(row));
+        }
+    }
+    const rows = all.slice(0, maxRows);
+    return { columns, rows, rowCount: rows.length, truncated: all.length > maxRows };
+}
+export function makeKustoConnector(config, cred) {
+    if (!config.clusterUri)
+        throw new ConnectorError("CONFIG_ERROR", "kusto requires clusterUri");
+    if (!config.database)
+        throw new ConnectorError("CONFIG_ERROR", "kusto requires database");
+    const clusterUri = config.clusterUri;
+    const database = config.database;
+    const scope = scopeFor(clusterUri);
+    const kcsb = KustoConnectionStringBuilder.withTokenProvider(clusterUri, async () => (await cred.getToken(scope)).token);
+    const client = new Client(kcsb);
+    async function run(query, maxRows) {
+        let res;
+        try {
+            res = await client.execute(database, query);
+        }
+        catch (e) {
+            throw new ConnectorError("QUERY_FAILED", `Kusto query failed: ${e.message}`, e);
+        }
+        const primary = res.primaryResults?.[0];
+        if (!primary)
+            return { columns: [], rows: [], rowCount: 0, truncated: false };
+        return toResultSet(primary, maxRows);
+    }
+    return {
+        async query(statement, options) {
+            return run(statement, options?.maxRows ?? DEFAULT_MAX_ROWS);
+        },
+        async listTables() {
+            const rs = await run(".show tables | project TableName", 5000);
+            return rs.rows.map((r) => ({ name: String(r[0]) }));
+        },
+        async describeTable(table) {
+            const rs = await run(`${table} | getschema | project ColumnName, ColumnType`, 5000);
+            return rs.rows.map((r) => ({ name: String(r[0]), type: normalizeKustoType(String(r[1])) }));
+        },
+        async testConnection() {
+            await run("print x=1", 1);
+        },
+    };
+}

package/dist/connectors/logAnalytics.js

@@ -0,0 +1,70 @@
+import { LogsQueryClient } from "@azure/monitor-query";
+import { DEFAULT_MAX_ROWS } from "../core/connector.js";
+import { ConnectorError } from "../core/errors.js";
+const SCOPE = "https://api.loganalytics.io/.default";
+export function normalizeLaType(t) {
+    switch (t) {
+        case "long":
+        case "int": return "long";
+        case "real":
+        case "decimal": return "real";
+        case "datetime": return "datetime";
+        case "bool":
+        case "boolean": return "bool";
+        case "dynamic": return "dynamic";
+        default: return "string";
+    }
+}
+export function toResultSet(table, maxRows) {
+    const descriptors = table.columnDescriptors ?? table.columns ?? [];
+    const columns = descriptors.map((c) => ({
+        name: c.name, type: normalizeLaType(String(c.type)),
+    }));
+    const allRows = (table.rows ?? []);
+    const rows = allRows.slice(0, maxRows);
+    return { columns, rows, rowCount: rows.length, truncated: allRows.length > maxRows };
+}
+function tokenAdapter(cred) {
+    return {
+        getToken: async (_scopes) => {
+            const t = await cred.getToken(SCOPE);
+            return { token: t.token, expiresOnTimestamp: t.expiresOnTimestamp };
+        },
+    };
+}
+export function makeLogAnalyticsConnector(config, cred) {
+    if (!config.workspaceId)
+        throw new ConnectorError("CONFIG_ERROR", "log-analytics requires workspaceId");
+    const workspaceId = config.workspaceId;
+    const client = new LogsQueryClient(tokenAdapter(cred));
+    async function runQuery(kql, maxRows) {
+        let res;
+        try {
+            res = await client.queryWorkspace(workspaceId, kql, { duration: "P1D" });
+        }
+        catch (e) {
+            throw new ConnectorError("QUERY_FAILED", `Log Analytics query failed: ${e.message}`, e);
+        }
+        const tables = res.tables;
+        if (!tables || tables.length === 0) {
+            return { columns: [], rows: [], rowCount: 0, truncated: false };
+        }
+        return toResultSet(tables[0], maxRows);
+    }
+    return {
+        async query(statement, options) {
+            return runQuery(statement, options?.maxRows ?? DEFAULT_MAX_ROWS);
+        },
+        async listTables() {
+            const rs = await runQuery("union withsource=TableName * | distinct TableName | sort by TableName asc", 5000);
+            return rs.rows.map((r) => ({ name: String(r[0]) }));
+        },
+        async describeTable(table) {
+            const rs = await runQuery(`${table} | getschema | project ColumnName, ColumnType`, 5000);
+            return rs.rows.map((r) => ({ name: String(r[0]), type: normalizeLaType(String(r[1])) }));
+        },
+        async testConnection() {
+            await runQuery("print x=1", 1);
+        },
+    };
+}

package/dist/connectors/storage/blob.js

@@ -0,0 +1,72 @@
+import { BlobServiceClient } from "@azure/storage-blob";
+import { ConnectorError } from "../../core/errors.js";
+import { storageTokenCredential } from "./credentialAdapter.js";
+import { storageErrorMessage } from "./errors.js";
+function isoOrEmpty(d) {
+    return d instanceof Date ? d.toISOString() : (d ? String(d) : "");
+}
+export function makeBlobService(endpoint, cred, deps) {
+    const sdkCred = storageTokenCredential(cred);
+    const serviceClient = deps?.serviceClient ?? new BlobServiceClient(endpoint, sdkCred);
+    return {
+        async listContainers() {
+            const rows = [];
+            try {
+                for await (const c of serviceClient.listContainers()) {
+                    rows.push([c.name ?? "", isoOrEmpty(c.properties?.lastModified)]);
+                }
+            }
+            catch (e) {
+                throw new ConnectorError("CONNECTION_FAILED", `Storage container list failed: ${storageErrorMessage(e)}`, e);
+            }
+            return {
+                columns: [{ name: "name", type: "string" }, { name: "lastModified", type: "datetime" }],
+                rows, rowCount: rows.length, truncated: false,
+            };
+        },
+        async listObjects(container, opts) {
+            const rows = [];
+            let truncated = false;
+            try {
+                const cc = serviceClient.getContainerClient(container);
+                const listOpts = opts.prefix ? { prefix: opts.prefix } : {};
+                for await (const b of cc.listBlobsFlat(listOpts)) {
+                    if (rows.length >= opts.maxRows) {
+                        truncated = true;
+                        break;
+                    }
+                    rows.push([
+                        b.name ?? "",
+                        b.properties?.contentLength ?? 0,
+                        b.properties?.contentType ?? "",
+                        isoOrEmpty(b.properties?.lastModified),
+                    ]);
+                }
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Storage blob list failed: ${storageErrorMessage(e)}`, e);
+            }
+            return {
+                columns: [
+                    { name: "name", type: "string" }, { name: "size", type: "long" },
+                    { name: "contentType", type: "string" }, { name: "lastModified", type: "datetime" },
+                ],
+                rows, rowCount: rows.length, truncated,
+            };
+        },
+        async readObject(container, path) {
+            try {
+                const blob = serviceClient.getContainerClient(container).getBlockBlobClient(path);
+                const [content, props] = await Promise.all([blob.downloadToBuffer(), blob.getProperties()]);
+                return {
+                    content,
+                    contentType: props.contentType ?? "application/octet-stream",
+                    contentLength: props.contentLength ?? content.length,
+                };
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Storage blob read failed: ${storageErrorMessage(e)}`, e);
+            }
+        },
+    };
+}

package/dist/connectors/storage/credentialAdapter.js

@@ -0,0 +1,9 @@
+import { STORAGE_SCOPE } from "./endpoints.js";
+export function storageTokenCredential(cred) {
+    return {
+        async getToken(_scopes) {
+            const t = await cred.getToken(STORAGE_SCOPE);
+            return { token: t.token, expiresOnTimestamp: t.expiresOnTimestamp };
+        },
+    };
+}

package/dist/connectors/storage/endpoints.js

@@ -0,0 +1,9 @@
+export const STORAGE_SCOPE = "https://storage.azure.com/.default";
+export function storageEndpoints(account) {
+    const suffix = "core.windows.net";
+    return {
+        table: `https://${account}.table.${suffix}`,
+        blob: `https://${account}.blob.${suffix}`,
+        queue: `https://${account}.queue.${suffix}`,
+    };
+}

package/dist/connectors/storage/errors.js

@@ -0,0 +1,10 @@
+export function storageErrorMessage(e) {
+    const err = e;
+    const base = (err?.message && err.message.trim().length > 0)
+        ? err.message
+        : (err?.code ?? (err?.statusCode !== undefined ? `HTTP ${err.statusCode}` : "unknown error"));
+    if (err?.statusCode === 403) {
+        return `${base} (403 — missing a data-plane role such as Storage Blob/Table/Queue Data Reader; control-plane roles like Owner do not grant data access)`;
+    }
+    return base;
+}

package/dist/connectors/storage/queue.js

@@ -0,0 +1,54 @@
+import { QueueServiceClient } from "@azure/storage-queue";
+import { ConnectorError } from "../../core/errors.js";
+import { storageTokenCredential } from "./credentialAdapter.js";
+import { storageErrorMessage } from "./errors.js";
+export const PEEK_MAX = 32;
+function isoOrEmpty(d) {
+    return d instanceof Date ? d.toISOString() : (d ? String(d) : "");
+}
+export function makeQueueService(endpoint, cred, deps) {
+    const sdkCred = storageTokenCredential(cred);
+    const serviceClient = deps?.serviceClient ?? new QueueServiceClient(endpoint, sdkCred);
+    return {
+        async listQueues() {
+            const rows = [];
+            try {
+                for await (const q of serviceClient.listQueues())
+                    rows.push([q.name ?? ""]);
+            }
+            catch (e) {
+                throw new ConnectorError("CONNECTION_FAILED", `Storage queue list failed: ${storageErrorMessage(e)}`, e);
+            }
+            return { columns: [{ name: "name", type: "string" }], rows, rowCount: rows.length, truncated: false };
+        },
+        async peek(queue, count) {
+            const n = Math.min(Math.max(1, count), PEEK_MAX);
+            let res;
+            try {
+                res = await serviceClient.getQueueClient(queue).peekMessages({ numberOfMessages: n });
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Storage queue peek failed: ${storageErrorMessage(e)}`, e);
+            }
+            const rows = (res.peekedMessageItems ?? []).map((m) => [
+                m.messageId ?? "", isoOrEmpty(m.insertedOn), m.dequeueCount ?? 0, m.messageText ?? "",
+            ]);
+            return {
+                columns: [
+                    { name: "messageId", type: "string" }, { name: "insertedOn", type: "datetime" },
+                    { name: "dequeueCount", type: "long" }, { name: "text", type: "string" },
+                ],
+                rows, rowCount: rows.length, truncated: false,
+            };
+        },
+        async count(queue) {
+            try {
+                const props = await serviceClient.getQueueClient(queue).getProperties();
+                return props.approximateMessagesCount ?? 0;
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Storage queue count failed: ${storageErrorMessage(e)}`, e);
+            }
+        },
+    };
+}

package/dist/connectors/storage/table.js

@@ -0,0 +1,84 @@
+import { TableServiceClient, TableClient } from "@azure/data-tables";
+import { ConnectorError } from "../../core/errors.js";
+import { storageTokenCredential } from "./credentialAdapter.js";
+import { storageErrorMessage } from "./errors.js";
+const SYSTEM_FIRST = ["partitionKey", "rowKey", "timestamp"];
+export function normalizeEdmValue(v) {
+    if (typeof v === "number")
+        return { type: Number.isInteger(v) ? "long" : "real" };
+    if (typeof v === "boolean")
+        return { type: "bool" };
+    if (v instanceof Date)
+        return { type: "datetime" };
+    return { type: "string" };
+}
+export function entitiesToResultSet(entities, select, maxRows) {
+    const capped = entities.slice(0, maxRows);
+    const truncated = entities.length > maxRows;
+    let names;
+    if (select && select.length > 0) {
+        names = select;
+    }
+    else {
+        const seen = new Set();
+        const rest = [];
+        for (const e of capped) {
+            for (const k of Object.keys(e)) {
+                if (k === "etag")
+                    continue;
+                if (SYSTEM_FIRST.includes(k))
+                    continue;
+                if (!seen.has(k)) {
+                    seen.add(k);
+                    rest.push(k);
+                }
+            }
+        }
+        const present = SYSTEM_FIRST.filter((s) => capped.some((e) => s in e));
+        names = [...present, ...rest];
+    }
+    const columns = names.map((name) => {
+        const sample = capped.find((e) => e[name] !== undefined);
+        return { name, type: sample ? normalizeEdmValue(sample[name]).type : "string" };
+    });
+    const rows = capped.map((e) => names.map((n) => (n in e ? e[n] : undefined)));
+    return { columns, rows, rowCount: rows.length, truncated };
+}
+export function makeTableService(endpoint, cred, deps) {
+    const sdkCred = storageTokenCredential(cred);
+    const serviceClient = deps?.serviceClient ?? new TableServiceClient(endpoint, sdkCred);
+    const tableClientFor = deps?.tableClientFor ?? ((t) => new TableClient(endpoint, t, sdkCred));
+    return {
+        async listTables() {
+            const names = [];
+            try {
+                for await (const t of serviceClient.listTables())
+                    names.push([t.name ?? ""]);
+            }
+            catch (e) {
+                throw new ConnectorError("CONNECTION_FAILED", `Storage table list failed: ${storageErrorMessage(e)}`, e);
+            }
+            return { columns: [{ name: "name", type: "string" }], rows: names, rowCount: names.length, truncated: false };
+        },
+        async queryTable(table, opts) {
+            const queryOptions = {};
+            if (opts.filter)
+                queryOptions.filter = opts.filter;
+            if (opts.select && opts.select.length > 0)
+                queryOptions.select = opts.select;
+            const collected = [];
+            try {
+                const client = tableClientFor(table);
+                for await (const ent of client.listEntities({ queryOptions })) {
+                    collected.push(ent);
+                    if (collected.length > opts.maxRows)
+                        break;
+                }
+            }
+            catch (e) {
+                throw new ConnectorError("QUERY_FAILED", `Storage table query failed: ${storageErrorMessage(e)}`, e);
+            }
+            return entitiesToResultSet(collected, opts.select, opts.maxRows);
+        },
+    };
+}

package/dist/core/config.js

@@ -0,0 +1,48 @@
+import { mkdirSync, readFileSync, writeFileSync, existsSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+import { ConnectorError } from "./errors.js";
+function configDir() {
+    return process.env.NEXUS_CONFIG_DIR ?? join(homedir(), ".nexus");
+}
+function configPath() {
+    return join(configDir(), "config.json");
+}
+function load() {
+    const p = configPath();
+    if (!existsSync(p))
+        return { version: 1, connectors: {} };
+    try {
+        return JSON.parse(readFileSync(p, "utf8"));
+    }
+    catch (e) {
+        throw new ConnectorError("CONFIG_ERROR", `Corrupt config at ${p}`, e);
+    }
+}
+function save(c) {
+    mkdirSync(configDir(), { recursive: true });
+    writeFileSync(configPath(), JSON.stringify(c, null, 2), "utf8");
+}
+export function addConnector(alias, config) {
+    const c = load();
+    c.connectors[alias] = config;
+    save(c);
+}
+export function getConnector(alias) {
+    const c = load();
+    const found = c.connectors[alias];
+    if (!found)
+        throw new ConnectorError("CONFIG_ERROR", `Unknown connector: '${alias}'`);
+    return found;
+}
+export function removeConnector(alias) {
+    const c = load();
+    if (!c.connectors[alias])
+        throw new ConnectorError("CONFIG_ERROR", `Unknown connector: '${alias}'`);
+    delete c.connectors[alias];
+    save(c);
+}
+export function listConnectors() {
+    const c = load();
+    return Object.entries(c.connectors).map(([alias, config]) => ({ alias, config }));
+}

package/dist/core/connector.js

@@ -0,0 +1,8 @@
+export const DEFAULT_MAX_ROWS = 1000;
+export function isResultSet(v) {
+    if (typeof v !== "object" || v === null)
+        return false;
+    const r = v;
+    return Array.isArray(r.columns) && Array.isArray(r.rows)
+        && typeof r.rowCount === "number" && typeof r.truncated === "boolean";
+}

package/dist/core/credential.js

@@ -0,0 +1,28 @@
+import { DefaultAzureCredential } from "@azure/identity";
+import { ConnectorError } from "./errors.js";
+import { CachingCredentialProvider } from "./tokenCache.js";
+export class AadCredentialProvider {
+    cred;
+    kind = "aad";
+    constructor(cred = new DefaultAzureCredential()) {
+        this.cred = cred;
+    }
+    async getToken(scope) {
+        let t;
+        try {
+            t = await this.cred.getToken(scope);
+        }
+        catch (e) {
+            throw new ConnectorError("AUTH_FAILED", `Failed to acquire AAD token for ${scope}. Try 'az login' or check credentials.`, e);
+        }
+        if (!t) {
+            throw new ConnectorError("AUTH_FAILED", `No AAD token returned for ${scope}. Try 'az login'.`);
+        }
+        return { token: t.token, expiresOnTimestamp: t.expiresOnTimestamp };
+    }
+}
+export function createCredential(kind = "aad") {
+    if (kind === "aad")
+        return new CachingCredentialProvider(new AadCredentialProvider());
+    throw new ConnectorError("USAGE_ERROR", `Unsupported auth kind: ${kind}`);
+}

package/dist/core/errors.js

@@ -0,0 +1,19 @@
+export class ConnectorError extends Error {
+    code;
+    cause;
+    constructor(code, message, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = "ConnectorError";
+    }
+}
+export function exitCodeFor(code) {
+    switch (code) {
+        case "CONFIG_ERROR":
+        case "USAGE_ERROR":
+            return 2;
+        default:
+            return 1;
+    }
+}

package/dist/core/output.js

@@ -0,0 +1,37 @@
+export function render(rs, format) {
+    switch (format) {
+        case "envelope":
+            return JSON.stringify({
+                status: "ok",
+                columns: rs.columns,
+                rows: rs.rows.map((row) => row.map((cell) => (cell === undefined ? "" : cell))),
+                row_count: rs.rowCount,
+                truncated: rs.truncated,
+            });
+        case "json":
+            return JSON.stringify(rs.rows.map((row) => {
+                const obj = {};
+                rs.columns.forEach((c, i) => { obj[c.name] = row[i]; });
+                return obj;
+            }));
+        case "table":
+            return renderTable(rs);
+    }
+}
+function renderTable(rs) {
+    const headers = rs.columns.map((c) => c.name);
+    const widths = headers.map((h, i) => Math.max(h.length, ...rs.rows.map((r) => String(r[i] ?? "").length)));
+    const pad = (s, w) => s.padEnd(w);
+    const line = (cells) => cells.map((c, i) => pad(c, widths[i])).join("  ");
+    const out = [line(headers), line(widths.map((w) => "-".repeat(w)))];
+    for (const r of rs.rows)
+        out.push(line(r.map((c) => String(c ?? ""))));
+    if (rs.truncated)
+        out.push(`... (truncated at ${rs.rowCount} rows)`);
+    return out.join("\n");
+}
+export function renderError(code, message, format) {
+    if (format === "table")
+        return `error [${code}]: ${message}`;
+    return JSON.stringify({ status: "error", code, message });
+}

package/dist/core/registry.js

@@ -0,0 +1,18 @@
+import { ConnectorError } from "./errors.js";
+const factories = new Map();
+export function register(type, factory) {
+    factories.set(type, factory);
+}
+export function clearRegistry() {
+    factories.clear();
+}
+export function build(config, credential) {
+    const f = factories.get(config.type);
+    if (!f) {
+        if (config.type === "storage-account") {
+            throw new ConnectorError("CONFIG_ERROR", "'storage-account' connectors are accessed via 'nexus sa ...', not 'query'/'schema'");
+        }
+        throw new ConnectorError("CONFIG_ERROR", `No connector registered for type '${config.type}'`);
+    }
+    return f(config, credential);
+}

package/dist/core/tokenCache.js

@@ -0,0 +1,68 @@
+import { mkdirSync, readFileSync, writeFileSync, existsSync, rmSync, chmodSync } from "node:fs";
+import { homedir } from "node:os";
+import { join } from "node:path";
+/** Refresh a token this long before its real expiry, so a query never dies mid-flight. */
+export const EXPIRY_SKEW_MS = 60_000;
+function configDir() {
+    return process.env.NEXUS_CONFIG_DIR ?? join(homedir(), ".nexus");
+}
+function cachePath() {
+    return join(configDir(), "token-cache.json");
+}
+function loadCache() {
+    const p = cachePath();
+    if (!existsSync(p))
+        return {};
+    try {
+        return JSON.parse(readFileSync(p, "utf8"));
+    }
+    catch {
+        // A corrupt cache is non-fatal — treat as empty and overwrite on next write.
+        return {};
+    }
+}
+function saveCache(cache) {
+    const dir = configDir();
+    mkdirSync(dir, { recursive: true });
+    const p = cachePath();
+    writeFileSync(p, JSON.stringify(cache, null, 2), { encoding: "utf8", mode: 0o600 });
+    // Ensure 0600 even if the file pre-existed with looser perms.
+    chmodSync(p, 0o600);
+}
+function isValid(entry) {
+    return entry.expiresOnTimestamp - Date.now() > EXPIRY_SKEW_MS;
+}
+/**
+ * Wraps another CredentialProvider and persists acquired tokens to
+ * ~/.nexus/token-cache.json (0600), keyed by scope. On a cache hit with a
+ * still-valid token, returns it without delegating — skipping the slow
+ * `az`-spawn path inside DefaultAzureCredential.
+ */
+export class CachingCredentialProvider {
+    inner;
+    constructor(inner) {
+        this.inner = inner;
+    }
+    get kind() {
+        return this.inner.kind;
+    }
+    async getToken(scope) {
+        const cache = loadCache();
+        const hit = cache[scope];
+        if (hit && isValid(hit)) {
+            return { token: hit.token, expiresOnTimestamp: hit.expiresOnTimestamp };
+        }
+        const fresh = await this.inner.getToken(scope);
+        cache[scope] = { token: fresh.token, expiresOnTimestamp: fresh.expiresOnTimestamp };
+        saveCache(cache);
+        return fresh;
+    }
+}
+/** Delete the on-disk token cache. Returns true if a file was removed. */
+export function clearTokenCache() {
+    const p = cachePath();
+    if (!existsSync(p))
+        return false;
+    rmSync(p, { force: true });
+    return true;
+}

package/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "@ascdong/nexus",
+  "version": "0.1.0",
+  "description": "Unified Azure data access CLI for Log Analytics, Kusto, Azure SQL, and Storage Account",
+  "type": "module",
+  "bin": {
+    "nexus": "dist/cli.js"
+  },
+  "files": ["dist", "README.md"],
+  "scripts": {
+    "build": "tsc",
+    "dev": "bun run src/cli.ts",
+    "test": "bun test",
+    "test:watch": "bun test --watch",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "bun run build"
+  },
+  "engines": {
+    "node": ">=20"
+  },
+  "dependencies": {
+    "@azure/data-tables": "^13.3.2",
+    "@azure/identity": "^4.5.0",
+    "@azure/monitor-query": "^1.3.0",
+    "@azure/storage-blob": "^12.32.0",
+    "@azure/storage-queue": "^12.30.0",
+    "azure-kusto-data": "^6.0.0",
+    "commander": "^12.1.0",
+    "mssql": "^11.0.1"
+  },
+  "devDependencies": {
+    "@types/bun": "^1.1.0",
+    "@types/mssql": "^9.1.5",
+    "@types/node": "^22.0.0",
+    "typescript": "^5.6.0"
+  }
+}