@athsra/cli 1.0.4 → 1.1.1

package/src/commands/ls.ts

@@ -1,23 +1,30 @@
 import { loadAuthContext } from '../lib/auth-context.ts';
+import { configTag, projectRef, resolveProject } from '../lib/auto-project.ts';
 import { partitionEnv } from '../lib/env-format.ts';
 import { readPlain } from '../lib/envelope.ts';
 
+/** ls 자체 flag — project/config 해석 전에 args 에서 제거 (positional 오인 방지). */
+const LS_FLAGS = ['--all', '--include-deleted', '--configs'];
+
 /**
  * athsra ls                       — active projects only
  * athsra ls --all                 — active + soft-deleted (deleted 표시)
  * athsra ls --include-deleted     — alias of --all
- * athsra ls <project>             — keys of project (decrypt 필요)
+ * athsra ls <project>[:<env>]     — keys of a project/environment (decrypt 필요)
+ * athsra ls <project> --configs   — environments(config) of a project + active/deleted 상태
  */
 export async function lsCmd(args: string[]): Promise<number> {
   const ctx = await loadAuthContext();
   if (!ctx) return 1;
   const client = ctx.client;
 
-  const positional = args.filter((a) => !a.startsWith('-'));
+  const wantConfigs = args.includes('--configs');
   const includeDeleted = args.includes('--all') || args.includes('--include-deleted');
+  const cleaned = args.filter((a) => !LS_FLAGS.includes(a));
+  const { project, config } = resolveProject(cleaned, { requirePositional: true });
 
   // ls — project 목록
-  if (positional.length === 0) {
+  if (!project) {
     const result = await client.listProjectsExtended({ includeDeleted });
     if (result.count === 0) {
       console.log('(no projects yet — run `athsra set <project> KEY=value`)');
@@ -37,30 +44,45 @@ export async function lsCmd(args: string[]): Promise<number> {
     return 0;
   }
 
-  // ls <project> — key 목록 + 값 상태 ((empty) 또는 길이, decrypt 필요)
-  const project = positional[0];
-  if (!project) return 0;
+  // ls <project> --configs — 환경(config) 목록 + 각 active/deleted 상태 (default 는 * 표시)
+  if (wantConfigs) {
+    const result = await client.listConfigs(project);
+    if (result.count === 0) {
+      console.log(`(no environments for ${project})`);
+      return 0;
+    }
+    const width = Math.max(...result.configs.map((cfg) => cfg.config.length));
+    for (const cfg of result.configs) {
+      const status = cfg.deleted ? '(deleted)' : cfg.active ? 'active' : '(empty)';
+      const star = cfg.config === 'default' ? '*' : ' ';
+      console.log(`${star} ${cfg.config.padEnd(width)}  ${status}`);
+    }
+    console.log(`(${result.count} environment${result.count > 1 ? 's' : ''})`);
+    return 0;
+  }
 
-  const plain = await readPlain(ctx, project);
+  // ls <project>[:<env>] — key 목록 + 값 상태 ((empty) 또는 길이, decrypt 필요)
+  const plain = await readPlain(ctx, project, config);
   if (!plain) {
-    console.error(`project not found: ${project}`);
+    console.error(`project not found: ${project}${configTag(config)}`);
     return 1;
   }
   const keys = Object.keys(plain).sort();
   if (keys.length === 0) {
-    console.log('(no keys)');
+    console.log(`(no keys${configTag(config)})`);
     return 0;
   }
   const { filled, emptyKeys } = partitionEnv(plain);
   const emptySet = new Set(emptyKeys);
   const width = Math.max(...keys.map((k) => k.length));
+  if (config !== 'default') console.log(`# config: ${config}`);
   for (const k of keys) {
     const status = emptySet.has(k) ? '(empty)' : `${(filled[k] ?? '').length} chars`;
     console.log(`${k.padEnd(width)}  ${status}`);
   }
   if (emptyKeys.length > 0) {
     console.error(
-      `\n${emptyKeys.length} of ${keys.length} key${keys.length > 1 ? 's' : ''} empty — \`athsra run\` skips empty keys (parent env used). Set values: \`athsra set ${project} KEY=value\``,
+      `\n${emptyKeys.length} of ${keys.length} key${keys.length > 1 ? 's' : ''} empty — \`athsra run\` skips empty keys (parent env used). Set values: \`athsra set ${projectRef(project, config)} KEY=value\``,
     );
   }
   return 0;

package/src/commands/manifest.ts

@@ -195,7 +195,7 @@ async function cmdInit(flags: ParsedFlags): Promise<number> {
       return 2;
     }
     const ctx = await loadAuthContext();
-    if (!ctx || ctx.kind !== 'user') {
+    if (ctx?.kind !== 'user') {
       console.error('✗ user token (master pw) 필요. service token 거부.');
       return 1;
     }
@@ -299,7 +299,7 @@ async function cmdValidate(flags: ParsedFlags): Promise<number> {
     return 0;
   }
   const ctx = await loadAuthContext();
-  if (!ctx || ctx.kind !== 'user') {
+  if (ctx?.kind !== 'user') {
     console.error('✗ envelope diff 위해 user token (master pw) 필요');
     return 1;
   }

package/src/commands/mcp.ts

@@ -35,15 +35,47 @@
  *     모든 로그/에러는 console.error (stderr) 로.
  */
 
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from 'node:fs';
+import { dirname, resolve } from 'node:path';
 import { Server } from '@modelcontextprotocol/sdk/server/index.js';
 import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
 import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
-import { READ_TOOLS, type ToolDef, WRITE_TOOLS } from '../lib/mcp-tools/defs.ts';
 import {
+  buildEntry,
+  freshFileContent,
+  type McpClient,
+  type McpScope,
+  resolveTarget,
+  upsertServerEntry,
+} from '../lib/mcp-register.ts';
+import {
+  handleOrgInvite,
+  handleOrgRemoveMember,
+  handleProjectShare,
+  handleProjectUnshare,
+  handlePurge,
+  handleServiceTokenCreate,
+  handleServiceTokenRevoke,
+} from '../lib/mcp-tools/admin.ts';
+import {
+  ADMIN_TOOLS,
+  READ_TOOLS,
+  type ToolDef,
+  VALUE_TOOLS,
+  WRITE_TOOLS,
+} from '../lib/mcp-tools/defs.ts';
+import { handleLoginStart, handleLoginStatus } from '../lib/mcp-tools/login.ts';
+import {
+  handleAudit,
+  handleDoctor,
   handleGetProjectKeys,
+  handleGetSecretValue,
+  handleListOrgs,
   handleListProjects,
+  handleOrgInfo,
   handleShowManifest,
   handleValidateManifest,
+  handleVersions,
   handleWhoami,
 } from '../lib/mcp-tools/read.ts';
 import {
@@ -52,18 +84,26 @@ import {
   notLoggedIn,
   type ToolTextResult,
 } from '../lib/mcp-tools/result.ts';
+import { handleRun } from '../lib/mcp-tools/run.ts';
 import {
+  handleBulkSet,
+  handleDeleteProject,
   handleManifestInit,
   handleManifestModify,
+  handleRestoreProject,
+  handleRollback,
   handleSetSecret,
   handleUnsetSecret,
 } from '../lib/mcp-tools/write.ts';
 
 const USAGE = [
   'usage: athsra mcp [--help]',
+  '   or: athsra mcp install [--target <dir>] [--client claude|cursor|vscode]',
+  '                          [--scope project|user] [--write] [--admin] [--read-values] [--apply]',
   '',
   'Model Context Protocol stdio server — Claude Code / MCP client 가 envelope',
   '을 도구로 사용. stdio JSON-RPC. 다른 출력 X (logs → stderr).',
+  'install: MCP client 설정에 athsra 등록 (dry-run 기본 — `athsra mcp install --help`).',
   '',
   'Claude Code 등록 예시 (~/.claude/settings.json or .mcp.json):',
   '  "mcpServers": {',
@@ -71,34 +111,67 @@ const USAGE = [
   '  }',
   '',
   'Tools (read-only, 항상 노출):',
-  '  athsra_whoami            — 인증 상태 + 신원 (미인증 시 `athsra login --sso` 안내). 온보딩 시 먼저 호출',
+  '  athsra_whoami            — 인증 상태 + 신원. 온보딩 시 먼저 호출',
+  '  athsra_login_start/status — in-chat 브라우저 로그인 (터미널 불필요, device_code 무노출)',
   '  athsra_list_projects     — envelope 이름 목록',
   '  athsra_get_project_keys  — envelope 키 목록 (값 X — 값은 `athsra run` 으로 주입)',
   '  athsra_show_manifest     — sibling worker manifest 조회',
   '  athsra_validate_manifest — envelope vs manifest diff',
   'Tools (write, ATHSRA_MCP_WRITE=1 opt-in):',
   '  athsra_set_secret / athsra_unset_secret / athsra_manifest_init / athsra_manifest_modify',
+  '  athsra_rollback / athsra_delete_project / athsra_restore_project / athsra_bulk_set',
+  'Tools (value, ATHSRA_MCP_READ_VALUES=1 opt-in — 평문이 응답 경계를 넘음):',
+  '  athsra_get_secret_value (기본 마스킹; full=true+confirm 시 평문) / athsra_run (값 미노출 주입 실행)',
+  'Tools (admin, ATHSRA_MCP_ADMIN=1 opt-in — destructive 는 confirm 정확일치):',
+  '  athsra_org_invite / athsra_org_remove_member / athsra_project_share / athsra_project_unshare',
+  '  athsra_service_token_create / athsra_service_token_revoke / athsra_purge',
 ].join('\n');
 
-const VERSION = '1.0.0';
+const VERSION = '1.1.0';
 
-/** Write tools opt-in via env var. 기본 false — secret 변경은 명시적 ack 필요. */
+/** Write/admin tools opt-in via env var. 기본 false — secret 변경·고위험은 명시적 ack 필요. */
 const WRITE_ENABLED = process.env.ATHSRA_MCP_WRITE === '1';
+const ADMIN_ENABLED = process.env.ATHSRA_MCP_ADMIN === '1';
+/** value tier — secret 평문 노출(get_secret_value full)·주입 실행(run). write(변경)와 직교. */
+const VALUE_ENABLED = process.env.ATHSRA_MCP_READ_VALUES === '1';
 
-const TOOLS: ToolDef[] = WRITE_ENABLED ? [...READ_TOOLS, ...WRITE_TOOLS] : READ_TOOLS;
+const TOOLS: ToolDef[] = [
+  ...READ_TOOLS,
+  ...(WRITE_ENABLED ? WRITE_TOOLS : []),
+  ...(ADMIN_ENABLED ? ADMIN_TOOLS : []),
+  ...(VALUE_ENABLED ? VALUE_TOOLS : []),
+];
 
 const WRITE_TOOL_NAMES = new Set(WRITE_TOOLS.map((t) => t.name));
+const ADMIN_TOOL_NAMES = new Set(ADMIN_TOOLS.map((t) => t.name));
+const VALUE_TOOL_NAMES = new Set(VALUE_TOOLS.map((t) => t.name));
 
 async function dispatch(
   name: string,
   args: Record<string, unknown> | undefined,
-  writeEnabled: boolean = WRITE_ENABLED,
+  gatesIn: Partial<{ write: boolean; admin: boolean; value: boolean }> = {},
 ): Promise<ToolTextResult> {
-  if (WRITE_TOOL_NAMES.has(name) && !writeEnabled) {
+  const gates = {
+    write: gatesIn.write ?? WRITE_ENABLED,
+    admin: gatesIn.admin ?? ADMIN_ENABLED,
+    value: gatesIn.value ?? VALUE_ENABLED,
+  };
+  if (WRITE_TOOL_NAMES.has(name) && !gates.write) {
     return jsonError(
       `write tool '${name}' disabled. Set ATHSRA_MCP_WRITE=1 in the MCP server env to enable.`,
     );
   }
+  if (ADMIN_TOOL_NAMES.has(name) && !gates.admin) {
+    return jsonError(
+      `admin tool '${name}' disabled. Set ATHSRA_MCP_ADMIN=1 in the MCP server env to enable.`,
+    );
+  }
+  if (VALUE_TOOL_NAMES.has(name) && !gates.value) {
+    return jsonError(
+      `value tool '${name}' disabled. Set ATHSRA_MCP_READ_VALUES=1 in the MCP server env to ` +
+        'enable secret value reveal / run injection (plaintext crosses the response boundary — opt-in only).',
+    );
+  }
   try {
     switch (name) {
       case 'athsra_whoami':
@@ -107,10 +180,28 @@ async function dispatch(
         return await handleListProjects(args);
       case 'athsra_get_project_keys':
         return await handleGetProjectKeys(args);
+      case 'athsra_get_secret_value':
+        return await handleGetSecretValue(args);
+      case 'athsra_run':
+        return await handleRun(args);
       case 'athsra_show_manifest':
         return handleShowManifest(args);
       case 'athsra_validate_manifest':
         return await handleValidateManifest(args);
+      case 'athsra_versions':
+        return await handleVersions(args);
+      case 'athsra_audit':
+        return await handleAudit(args);
+      case 'athsra_list_orgs':
+        return await handleListOrgs();
+      case 'athsra_org_info':
+        return await handleOrgInfo();
+      case 'athsra_doctor':
+        return await handleDoctor();
+      case 'athsra_login_start':
+        return await handleLoginStart();
+      case 'athsra_login_status':
+        return await handleLoginStatus();
       case 'athsra_set_secret':
         return await handleSetSecret(args);
       case 'athsra_unset_secret':
@@ -119,6 +210,28 @@ async function dispatch(
         return handleManifestInit(args);
       case 'athsra_manifest_modify':
         return handleManifestModify(args);
+      case 'athsra_rollback':
+        return await handleRollback(args);
+      case 'athsra_delete_project':
+        return await handleDeleteProject(args);
+      case 'athsra_restore_project':
+        return await handleRestoreProject(args);
+      case 'athsra_bulk_set':
+        return await handleBulkSet(args);
+      case 'athsra_org_invite':
+        return await handleOrgInvite(args);
+      case 'athsra_org_remove_member':
+        return await handleOrgRemoveMember(args);
+      case 'athsra_project_share':
+        return await handleProjectShare(args);
+      case 'athsra_project_unshare':
+        return await handleProjectUnshare(args);
+      case 'athsra_service_token_create':
+        return await handleServiceTokenCreate(args);
+      case 'athsra_service_token_revoke':
+        return await handleServiceTokenRevoke(args);
+      case 'athsra_purge':
+        return await handlePurge(args);
       default:
         return jsonError(`unknown tool: ${name}`);
     }
@@ -145,7 +258,142 @@ function buildServer(): Server {
   return server;
 }
 
+const INSTALL_USAGE = [
+  'usage: athsra mcp install [--target <dir>] [--client claude|cursor|vscode]',
+  '                          [--scope project|user] [--write] [--admin] [--read-values] [--apply]',
+  '',
+  'MCP client 설정 파일에 athsra server 를 등록/갱신 (upsert). dry-run 기본 — 변경은 --apply.',
+  '',
+  '  --target <dir>   대상 repo (기본: cwd)',
+  '  --client         claude(기본) | cursor | vscode',
+  '  --scope          project(기본) | user',
+  '                   claude/project=.mcp.json(없으면 생성) · claude/user=~/.claude.json',
+  '                   cursor=.cursor/mcp.json · vscode=.vscode/mcp.json(servers+type:stdio)',
+  '  --write/--admin  ATHSRA_MCP_WRITE/ADMIN=1 env 동봉 (write/admin tier opt-in)',
+  '  --read-values    ATHSRA_MCP_READ_VALUES=1 env 동봉 (value tier — get_secret_value/run)',
+  '  --apply          실제 파일 변경 (기본은 계획만 출력)',
+].join('\n');
+
+const isClient = (v: string): v is McpClient => v === 'claude' || v === 'cursor' || v === 'vscode';
+const isScope = (v: string): v is McpScope => v === 'project' || v === 'user';
+
+/** `athsra mcp install` — Phase 5 B6. MCP client 설정 upsert (lib/mcp-register.ts 코어). */
+export async function installCmd(args: string[]): Promise<number> {
+  let targetDir = process.cwd();
+  let client: McpClient = 'claude';
+  let scope: McpScope = 'project';
+  let write = false;
+  let admin = false;
+  let readValues = false;
+  let apply = false;
+
+  for (let i = 0; i < args.length; i++) {
+    const a = args[i] ?? '';
+    const value = (flag: string): string | null => {
+      if (a.startsWith(`${flag}=`)) return a.slice(flag.length + 1);
+      if (a === flag) {
+        const v = args[i + 1];
+        if (v !== undefined) {
+          i++;
+          return v;
+        }
+      }
+      return null;
+    };
+    if (a === '--help' || a === '-h') {
+      console.log(INSTALL_USAGE);
+      return 0;
+    }
+    if (a === '--write') {
+      write = true;
+      continue;
+    }
+    if (a === '--admin') {
+      admin = true;
+      continue;
+    }
+    if (a === '--read-values') {
+      readValues = true;
+      continue;
+    }
+    if (a === '--apply') {
+      apply = true;
+      continue;
+    }
+    const target = value('--target') ?? value('-t');
+    if (target !== null) {
+      targetDir = resolve(target);
+      continue;
+    }
+    const c = value('--client');
+    if (c !== null) {
+      if (!isClient(c)) {
+        console.error(`✗ --client 는 claude|cursor|vscode 중 하나: ${c}`);
+        return 2;
+      }
+      client = c;
+      continue;
+    }
+    const s = value('--scope');
+    if (s !== null) {
+      if (!isScope(s)) {
+        console.error(`✗ --scope 는 project|user 중 하나: ${s}`);
+        return 2;
+      }
+      scope = s;
+      continue;
+    }
+    console.error(`✗ unknown flag: ${a}`);
+    console.error(INSTALL_USAGE);
+    return 2;
+  }
+
+  const resolved = resolveTarget(client, scope, targetDir);
+  if ('error' in resolved) {
+    console.error(`✗ ${resolved.error}`);
+    return 2;
+  }
+  const entry = buildEntry(client, { write, admin, readValues });
+  const { path, rootKey } = resolved;
+
+  if (!existsSync(path)) {
+    console.log(`${apply ? '✏' : '○'} ${path} (신규 생성 — athsra MCP entry)`);
+    if (apply) {
+      mkdirSync(dirname(path), { recursive: true });
+      writeFileSync(path, freshFileContent(rootKey, entry));
+      console.log('  ✓ 적용 완료 — MCP client 재시작 후 athsra_whoami 호출');
+    } else {
+      console.log('  적용: --apply');
+    }
+    return 0;
+  }
+
+  const raw = readFileSync(path, 'utf-8');
+  let res: ReturnType<typeof upsertServerEntry>;
+  try {
+    res = upsertServerEntry(raw, rootKey, entry);
+  } catch (err) {
+    console.error(`✗ ${path} parse 실패: ${(err as Error).message}`);
+    return 1;
+  }
+  if (!res.result.changed) {
+    console.log(`= ${path} (${res.result.reason})`);
+    return 0;
+  }
+  console.log(`${apply ? '✏' : '○'} ${path} (athsra MCP ${res.result.reason})`);
+  if (apply && res.output) {
+    writeFileSync(path, res.output);
+    console.log('  ✓ 적용 완료 — MCP client 재시작 후 athsra_whoami 호출');
+  } else {
+    console.log('  적용: --apply');
+  }
+  return 0;
+}
+
 export async function mcpCmd(args: string[]): Promise<number> {
+  if (args[0] === 'install') {
+    return installCmd(args.slice(1));
+  }
   if (args.includes('--help') || args.includes('-h')) {
     console.error(USAGE);
     return 0;
@@ -175,5 +423,9 @@ export const __test = {
   TOOLS,
   READ_TOOLS,
   WRITE_TOOLS,
+  ADMIN_TOOLS,
+  VALUE_TOOLS,
   WRITE_ENABLED,
+  ADMIN_ENABLED,
+  VALUE_ENABLED,
 };

package/src/commands/migrate-envelopes.ts

@@ -1,16 +1,20 @@
 import { migrateV1ToV2 } from '@athsra/crypto';
 import { loadAuthContext } from '../lib/auth-context.ts';
+import type { AthsraClient } from '../lib/client.ts';
+import { grantOrgAccess } from '../lib/org-rewrap.ts';
 
 const USAGE = [
-  'usage: athsra migrate-envelopes [--apply] [--include=p1,p2,...]',
+  'usage: athsra migrate-envelopes [--self] [--apply] [--include=p1,p2,...]',
   '',
   '모든 v1 envelope 를 v2 (DEK + master recipient) 로 일괄 마이그레이션.',
   '  - default dry-run — read-only survey, 어떤 project 가 마이그레이션될지만 출력.',
   '  - --apply        — 실제 PUT. 각 project 는 새 version 으로 기록 (versions 보존).',
   '  - --include=...  — 특정 project 만 (쉼표 구분, 점진 적용용).',
+  '  - --self         — v1→v2 대신, 내 모든 v2 envelope 에 member:self recipient 추가.',
+  '                     identity 로그인 머신(master pw 없음)에서 멤버 경로로 복호 가능해진다.',
   '',
   'service token 추가 전 사전 작업으로 권장 (자동 migrate 도 동작하지만 일괄 처리가 운영',
-  '가시성 ↑). 이미 v2 인 project 는 자동 skip — idempotent.',
+  '가시성 ↑). 이미 v2/member:self 인 project 는 자동 skip — idempotent.',
 ].join('\n');
 
 export async function migrateEnvelopesCmd(args: string[]): Promise<number> {
@@ -20,6 +24,7 @@ export async function migrateEnvelopesCmd(args: string[]): Promise<number> {
   }
 
   const apply = args.includes('--apply');
+  const self = args.includes('--self');
   let include: Set<string> | null = null;
   for (const a of args) {
     if (a.startsWith('--include=')) {
@@ -29,7 +34,7 @@ export async function migrateEnvelopesCmd(args: string[]): Promise<number> {
         .map((s) => s.trim())
         .filter(Boolean);
       include = new Set(list);
-    } else if (a.startsWith('-') && a !== '--apply') {
+    } else if (a.startsWith('-') && a !== '--apply' && a !== '--self') {
       console.error(`Unknown flag: ${a}`);
       console.error(USAGE);
       return 2;
@@ -44,6 +49,10 @@ export async function migrateEnvelopesCmd(args: string[]): Promise<number> {
   }
   const { client, masterPw } = ctx;
 
+  if (self) {
+    return migrateSelf(client, masterPw, apply);
+  }
+
   const projects = (await client.listProjects()).sort();
   const targets = include ? projects.filter((p) => include.has(p)) : projects;
   if (include) {
@@ -111,3 +120,46 @@ export async function migrateEnvelopesCmd(args: string[]): Promise<number> {
   }
   return 0;
 }
+
+/**
+ * --self — 내 모든 (v2) 공유 시크릿에 member:self recipient 를 추가 (grantOrgAccess 재사용).
+ * identity 로그인 머신(master pw 없음)이 멤버 경로로 복호 가능하게 하는 일괄 전환. 멱등 —
+ * 이미 member:self 면 skip. v1 은 먼저 v2 마이그레이션 필요. dry-run 기본(연산·PUT 없이 survey).
+ */
+async function migrateSelf(
+  client: AthsraClient,
+  masterPw: string,
+  apply: boolean,
+): Promise<number> {
+  const me = await client.whoami();
+  if (me.userId === undefined) {
+    console.error('whoami 에 user_id 없음 — 재로그인 필요 (`athsra login`).');
+    return 1;
+  }
+  console.log(
+    `${apply ? 'APPLY' : 'DRY-RUN'} — migrate-envelopes --self (member:${me.userId} recipient)\n`,
+  );
+  const result = await grantOrgAccess(client, masterPw, me.userId, { dryRun: !apply });
+  for (const p of result.granted) {
+    console.log(`  ${apply ? '✏' : '○'}  ${p}: member:self ${apply ? '추가됨' : '추가 예정'}`);
+  }
+  for (const p of result.skipped) {
+    console.log(`  =  ${p}: 이미 member:self (또는 envelope 없음) — skip`);
+  }
+  for (const p of result.legacyV1) {
+    console.log(`  !  ${p}: v1 — 먼저 \`athsra migrate-envelopes --apply\` 필요`);
+  }
+  for (const f of result.failed) {
+    console.log(`  ✗ ${f.project}: ${f.error}`);
+  }
+  console.log(
+    `\n요약: granted=${result.granted.length} skipped=${result.skipped.length} ` +
+      `legacyV1=${result.legacyV1.length} failed=${result.failed.length}` +
+      (apply ? '' : ' (dry-run — 변경 없음)'),
+  );
+  if (result.failed.length > 0) return 1;
+  if (!apply && result.granted.length > 0) {
+    console.log('\n적용: athsra migrate-envelopes --self --apply');
+  }
+  return 0;
+}

package/src/commands/purge.ts

@@ -1,26 +1,29 @@
 import { loadAuthContext } from '../lib/auth-context.ts';
+import { CONFIG_USAGE_HINT, configTag, resolveProject } from '../lib/auto-project.ts';
 import { promptConfirm } from '../lib/prompt.ts';
 
 const USAGE = [
-  'usage: athsra purge <project>          # hard-delete (모든 versions 영구 제거)',
-  '   or: athsra purge <project> --yes    # confirm 우회 (CI 용)',
+  'usage: athsra purge <project>[:<env>]          # hard-delete (모든 versions 영구 제거)',
+  '   or: athsra purge <project>[:<env>] --yes    # confirm 우회 (CI 용)',
   '',
   'note: athsra delete <project> --hard 와 동일. 명시적 별칭.',
+  CONFIG_USAGE_HINT,
 ].join('\n');
 
 /**
- * athsra purge <project>
- *   - hard-delete alias. 모든 versions + tombstone 영구 제거. 복원 불가능.
+ * athsra purge <project>[:<env>]
+ *   - hard-delete alias. 모든 versions + tombstone 영구 제거 (해당 환경(config) 한정). 복원 불가능.
  *   - delete --hard 와 동일 동작이지만 명시적 명령 — 위험성을 더 분명히 드러냄.
  *   - 무조건 double confirm (--yes 또는 ATHSRA_PURGE_CONFIRMED=1 로 우회)
  */
 export async function purgeCmd(args: string[]): Promise<number> {
-  const project = args[0];
+  const { project, config, rest } = resolveProject(args, { requirePositional: true });
   if (!project) {
     console.error(USAGE);
     return 2;
   }
-  const yes = args.includes('--yes') || args.includes('-y');
+  const yes = rest.includes('--yes') || rest.includes('-y');
+  const tag = configTag(config);
 
   const ctx = await loadAuthContext();
   if (!ctx) return 1;
@@ -28,17 +31,17 @@ export async function purgeCmd(args: string[]): Promise<number> {
 
   if (!yes && process.env.ATHSRA_PURGE_CONFIRMED !== '1') {
     const ok = await promptConfirm(
-      `PURGE ${project}? All version history permanently removed. NOT RECOVERABLE.`,
+      `PURGE ${project}${tag}? All version history permanently removed. NOT RECOVERABLE.`,
       false,
     );
     if (!ok) return 0;
-    const ok2 = await promptConfirm(`Type confirmation: really purge ${project}?`, false);
+    const ok2 = await promptConfirm(`Type confirmation: really purge ${project}${tag}?`, false);
     if (!ok2) return 0;
   }
 
-  const result = await client.deleteProject(project, { hard: true });
+  const result = await client.deleteProject(project, { hard: true, config });
   console.log(
-    `✓ ${project}: purged (${result.removed_versions ?? 0} version${(result.removed_versions ?? 0) === 1 ? '' : 's'} permanently removed)`,
+    `✓ ${project}${tag}: purged (${result.removed_versions ?? 0} version${(result.removed_versions ?? 0) === 1 ? '' : 's'} permanently removed)`,
   );
   return 0;
 }

package/src/commands/restore.ts

@@ -1,15 +1,19 @@
 import { loadAuthContext } from '../lib/auth-context.ts';
+import { CONFIG_USAGE_HINT, configTag, resolveProject } from '../lib/auto-project.ts';
 
-const USAGE = 'usage: athsra restore <project>   # tombstone 제거 + 최신 version 활성화';
+const USAGE = [
+  'usage: athsra restore <project>[:<env>]   # tombstone 제거 + 최신 version 활성화',
+  CONFIG_USAGE_HINT,
+].join('\n');
 
 /**
- * athsra restore <project>
- *   - soft-deleted project 복원 (tombstone 제거 + 가장 최신 version 으로 current 복원)
+ * athsra restore <project>[:<env>]
+ *   - soft-deleted project 복원 (tombstone 제거 + 가장 최신 version 으로 current 복원, 해당 환경(config) 한정)
  *   - tombstone 없으면 400 — 이미 활성
  *   - hard-delete 후엔 versions 가 없어 복원 불가
  */
 export async function restoreCmd(args: string[]): Promise<number> {
-  const project = args[0];
+  const { project, config } = resolveProject(args, { requirePositional: true });
   if (!project) {
     console.error(USAGE);
     return 2;
@@ -19,9 +23,9 @@ export async function restoreCmd(args: string[]): Promise<number> {
   if (!ctx) return 1;
   const { client } = ctx;
 
-  const result = await client.restoreProject(project);
+  const result = await client.restoreProject(project, config);
   console.log(
-    `✓ ${project}: restored to ${result.restored_version} (was deleted ${result.deleted_at} by ${result.deleted_by})`,
+    `✓ ${project}${configTag(config)}: restored to ${result.restored_version} (was deleted ${result.deleted_at} by ${result.deleted_by})`,
   );
   return 0;
 }