@bagdock/cli 0.1.4 → 0.2.0

package/dist/bagdock.js

@@ -3158,6 +3158,200 @@ var init_open = __esm(() => {
   open_default = open;
 });
 
+// src/auth.ts
+function setApiKeyOverride(key) {
+  apiKeyOverride = key;
+}
+function getAuthToken() {
+  if (apiKeyOverride)
+    return apiKeyOverride;
+  if (process.env.BAGDOCK_API_KEY)
+    return process.env.BAGDOCK_API_KEY;
+  if (process.env.BAGDOCK_TOKEN)
+    return process.env.BAGDOCK_TOKEN;
+  const creds = loadCredentials();
+  return creds?.accessToken ?? null;
+}
+async function login() {
+  const existing = loadCredentials();
+  if (existing?.accessToken && existing.expiresAt && existing.expiresAt > Date.now()) {
+    console.log(source_default.green("Already logged in as"), source_default.bold(existing.email ?? "unknown"));
+    console.log("Run", source_default.cyan("bagdock logout"), "to sign out first.");
+    return;
+  }
+  console.log(source_default.cyan(`
+Requesting device authorization...
+`));
+  const deviceRes = await fetch(`${API_BASE}/oauth2/device/authorize`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ client_id: CLIENT_ID, scope: "developer:read developer:write" })
+  });
+  if (!deviceRes.ok) {
+    const err = await deviceRes.text();
+    console.log(source_default.red("Failed to start login:"), err);
+    process.exit(1);
+  }
+  const device = await deviceRes.json();
+  const pollInterval = (device.interval ?? 5) * 1000;
+  console.log(`  Visit ${source_default.bold(device.verification_uri)} and enter code:
+`);
+  console.log(`    ${source_default.bold.cyan(device.user_code)}
+`);
+  const open2 = (await Promise.resolve().then(() => (init_open(), exports_open))).default;
+  await open2(device.verification_uri_complete).catch(() => {});
+  console.log(source_default.dim("  Waiting for authorization..."));
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < MAX_POLL_DURATION_MS) {
+    await sleep(pollInterval);
+    const tokenRes = await fetch(`${API_BASE}/oauth2/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        client_id: CLIENT_ID,
+        device_code: device.device_code
+      })
+    });
+    if (tokenRes.ok) {
+      const tokens = await tokenRes.json();
+      saveCredentials({
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
+        email: tokens.email,
+        operatorId: tokens.operator_id
+      });
+      console.log(source_default.green(`
+  Logged in successfully!`));
+      if (tokens.email)
+        console.log("  Email:", source_default.bold(tokens.email));
+      if (tokens.operator_id)
+        console.log("  Operator:", source_default.bold(tokens.operator_id));
+      return;
+    }
+    const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
+    if (error.error === "authorization_pending") {
+      continue;
+    }
+    if (error.error === "slow_down") {
+      await sleep(pollInterval);
+      continue;
+    }
+    if (error.error === "expired_token") {
+      console.log(source_default.red(`
+  Device code expired. Please try again.`));
+      process.exit(1);
+    }
+    if (error.error === "access_denied") {
+      console.log(source_default.red(`
+  Authorization denied.`));
+      process.exit(1);
+    }
+    console.log(source_default.red(`
+  Login failed:`), error.error_description ?? error.error);
+    process.exit(1);
+  }
+  console.log(source_default.red(`
+  Login timed out. Please try again.`));
+  process.exit(1);
+}
+async function logout() {
+  clearCredentials();
+  console.log(source_default.green("Logged out."));
+}
+async function whoami() {
+  const token = getAuthToken();
+  if (!token) {
+    console.log(source_default.yellow("Not logged in."), "Run", source_default.cyan("bagdock login"));
+    process.exit(1);
+  }
+  try {
+    const res = await fetch(`${API_BASE}/v1/auth/me`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!res.ok) {
+      console.log(source_default.red("Session expired or invalid."), "Run", source_default.cyan("bagdock login"));
+      process.exit(1);
+    }
+    const user = await res.json();
+    console.log(source_default.green("Logged in as"), source_default.bold(user.email));
+    if (user.operator_id)
+      console.log("Operator:", source_default.bold(user.operator_id));
+    if (user.name)
+      console.log("Name:", user.name);
+  } catch (err) {
+    console.log(source_default.red("Failed to reach API:"), err.message);
+    process.exit(1);
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var apiKeyOverride, CLIENT_ID = "bagdock-cli", MAX_POLL_DURATION_MS = 300000;
+var init_auth = __esm(() => {
+  init_config();
+  init_source();
+});
+
+// src/output.ts
+function setOutputMode(opts) {
+  if (opts.quiet) {
+    quiet = true;
+    forceJson = true;
+  }
+  if (opts.json) {
+    forceJson = true;
+  }
+}
+function isJsonMode() {
+  return forceJson || !process.stdout.isTTY;
+}
+function isQuiet() {
+  return quiet;
+}
+function outputSuccess(data) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify(data, null, 2) + `
+`);
+  }
+}
+function outputError(code, message, details) {
+  if (isJsonMode()) {
+    const err = { error: { code, message } };
+    if (details)
+      err.error.details = details;
+    process.stderr.write(JSON.stringify(err) + `
+`);
+    process.exit(1);
+  } else {
+    console.error(source_default.red(`Error [${code}]:`), message);
+    if (details)
+      console.error(details);
+    process.exit(1);
+  }
+}
+function outputList(objectType, data, hasMore) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify({ object: "list", data, has_more: hasMore }, null, 2) + `
+`);
+  }
+}
+function status(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.dim(message));
+  }
+}
+function success(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.green(message));
+  }
+}
+var forceJson = false, quiet = false;
+var init_output = __esm(() => {
+  init_source();
+});
+
 // src/dev.ts
 var exports_dev = {};
 __export(exports_dev, {
@@ -3251,9 +3445,9 @@ async function deploy(opts) {
     console.error(source_default.red("No bagdock.json found. Run"), source_default.cyan("bagdock init"), source_default.red("first."));
     process.exit(1);
   }
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("first."));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
   let environment = opts.env ?? "staging";
@@ -3318,7 +3512,7 @@ Deploying ${config.slug}@${config.version} → ${envLabel}
     const res = await fetch(`${API_BASE}/api/v1/developer/apps/${config.slug}/deploy`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${creds.accessToken}`
+        Authorization: `Bearer ${token}`
       },
       body: formData
     });
@@ -3374,6 +3568,7 @@ function confirm(prompt) {
 var init_deploy = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
 // src/submit.ts
@@ -3387,9 +3582,9 @@ async function submit() {
     console.error(source_default.red("No bagdock.json found. Run"), source_default.cyan("bagdock init"), source_default.red("first."));
     process.exit(1);
   }
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("first."));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
   console.log(source_default.cyan(`
@@ -3399,7 +3594,7 @@ Submitting ${source_default.bold(config.slug)} for marketplace review...
     const res = await fetch(`${API_BASE}/api/v1/developer/apps/${config.slug}/submit`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${creds.accessToken}`,
+        Authorization: `Bearer ${token}`,
         "Content-Type": "application/json"
       }
     });
@@ -3427,6 +3622,7 @@ Submitting ${source_default.bold(config.slug)} for marketplace review...
 var init_submit = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
 // src/env-cmd.ts
@@ -3437,12 +3633,12 @@ __export(exports_env_cmd, {
   envList: () => envList
 });
 function requireAuth() {
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
-  return creds;
+  return token;
 }
 function requireConfig() {
   const config = loadBagdockJson(process.cwd());
@@ -3453,11 +3649,11 @@ function requireConfig() {
   return config;
 }
 async function envList() {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
+      headers: { Authorization: `Bearer ${token}` }
     });
     if (!res.ok) {
       console.error(source_default.red(`Failed to list env vars (${res.status})`));
@@ -3482,14 +3678,14 @@ Environment variables for ${config.slug}:
   }
 }
 async function envSet(key, value) {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
       method: "PUT",
       headers: {
         "Content-Type": "application/json",
-        Authorization: `Bearer ${creds.accessToken}`
+        Authorization: `Bearer ${token}`
       },
       body: JSON.stringify({ key, value })
     });
@@ -3505,12 +3701,12 @@ async function envSet(key, value) {
   }
 }
 async function envRemove(key) {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env/${key}`, {
       method: "DELETE",
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
+      headers: { Authorization: `Bearer ${token}` }
     });
     if (!res.ok) {
       console.error(source_default.red(`Failed to remove ${key} (${res.status})`));
@@ -3525,146 +3721,339 @@ async function envRemove(key) {
 var init_env_cmd = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
-// node_modules/commander/esm.mjs
-var import__ = __toESM(require_commander(), 1);
-var {
-  program,
-  createCommand,
-  createArgument,
-  createOption,
-  CommanderError,
-  InvalidArgumentError,
-  InvalidOptionArgumentError,
-  Command,
-  Argument,
-  Option,
-  Help
-} = import__.default;
-
-// src/auth.ts
-init_config();
-init_source();
-var CLIENT_ID = "bagdock-cli";
-var MAX_POLL_DURATION_MS = 300000;
-async function login() {
-  const existing = loadCredentials();
-  if (existing?.accessToken && existing.expiresAt && existing.expiresAt > Date.now()) {
-    console.log(source_default.green("Already logged in as"), source_default.bold(existing.email ?? "unknown"));
-    console.log("Run", source_default.cyan("bagdock logout"), "to sign out first.");
-    return;
+// src/keys.ts
+var exports_keys = {};
+__export(exports_keys, {
+  keysList: () => keysList,
+  keysDelete: () => keysDelete,
+  keysCreate: () => keysCreate
+});
+async function apiRequest(method, path2, body) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
   }
-  console.log(source_default.cyan(`
-Requesting device authorization...
+  const headers = { Authorization: `Bearer ${token}` };
+  const init2 = { method, headers };
+  if (body) {
+    headers["Content-Type"] = "application/json";
+    init2.body = JSON.stringify(body);
+  }
+  const res = await fetch(`${API_BASE}${path2}`, init2);
+  return res;
+}
+async function keysCreate(opts) {
+  status("Creating API key...");
+  const res = await apiRequest("POST", "/api/v1/operator/api-keys", {
+    name: opts.name,
+    key_type: opts.type || "secret",
+    key_category: opts.category || "standard",
+    environment: opts.environment || "live",
+    scopes: opts.scopes || []
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const data = await res.json();
+  if (isJsonMode()) {
+    outputSuccess(data);
+  } else {
+    console.log(source_default.green(`
+  API key created successfully!
 `));
-  const deviceRes = await fetch(`${API_BASE}/oauth2/device/authorize`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ client_id: CLIENT_ID, scope: "developer:read developer:write" })
+    console.log(`  ${source_default.bold("Name:")}         ${data.name}`);
+    console.log(`  ${source_default.bold("Key:")}          ${source_default.yellow(data.key)}`);
+    console.log(`  ${source_default.bold("ID:")}           ${data.id}`);
+    console.log(`  ${source_default.bold("Environment:")}  ${data.environment}`);
+    console.log(`  ${source_default.bold("Type:")}         ${data.key_type}`);
+    console.log(`  ${source_default.bold("Category:")}     ${data.key_category}`);
+    if (data.scopes?.length) {
+      console.log(`  ${source_default.bold("Scopes:")}       ${data.scopes.join(", ")}`);
+    }
+    console.log();
+    console.log(source_default.yellow("  Save this key — it will not be shown again."));
+    console.log();
+  }
+}
+async function keysList(opts) {
+  status("Fetching API keys...");
+  let path2 = "/api/v1/operator/api-keys";
+  if (opts.environment)
+    path2 += `?environment=${opts.environment}`;
+  const res = await apiRequest("GET", path2);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("api_key", result.data, result.has_more);
+  } else {
+    if (!result.data.length) {
+      console.log(source_default.yellow(`
+  No API keys found.
+`));
+      return;
+    }
+    console.log();
+    for (const key of result.data) {
+      const usedAt = key.last_used_at ? new Date(key.last_used_at).toLocaleDateString() : "never";
+      console.log(`  ${source_default.bold(key.name)}`);
+      console.log(`    ${source_default.dim("Prefix:")} ${key.key_prefix}...  ${source_default.dim("Env:")} ${key.environment}  ${source_default.dim("Last used:")} ${usedAt}`);
+      console.log(`    ${source_default.dim("ID:")} ${key.id}  ${source_default.dim("Category:")} ${key.key_category}`);
+      console.log();
+    }
+  }
+}
+async function keysDelete(id, opts) {
+  if (!opts.yes && !process.stdout.isTTY) {
+    outputError("CONFIRMATION_REQUIRED", "Pass --yes to confirm deletion in non-interactive mode.");
+  }
+  status(`Revoking API key ${id}...`);
+  const res = await apiRequest("DELETE", `/api/v1/operator/api-keys/${id}`, {
+    reason: opts.reason
   });
-  if (!deviceRes.ok) {
-    const err = await deviceRes.text();
-    console.log(source_default.red("Failed to start login:"), err);
-    process.exit(1);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
   }
-  const device = await deviceRes.json();
-  const pollInterval = (device.interval ?? 5) * 1000;
-  console.log(`  Visit ${source_default.bold(device.verification_uri)} and enter code:
+  if (isJsonMode()) {
+    outputSuccess({ id, status: "revoked" });
+  } else {
+    success(`
+  API key ${id} revoked.
 `);
-  console.log(`    ${source_default.bold.cyan(device.user_code)}
+  }
+}
+var init_keys = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/apps.ts
+var exports_apps = {};
+__export(exports_apps, {
+  appsList: () => appsList,
+  appsGet: () => appsGet
+});
+async function apiRequest2(method, path2) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
+  }
+  return fetch(`${API_BASE}${path2}`, {
+    method,
+    headers: { Authorization: `Bearer ${token}` }
+  });
+}
+async function appsList() {
+  status("Fetching apps...");
+  const res = await apiRequest2("GET", "/api/v1/developer/apps");
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("app", result.data, false);
+  } else {
+    if (!result.data.length) {
+      console.log(source_default.yellow(`
+  No apps found. Create one with`), source_default.cyan("bagdock init"), `
 `);
-  const open2 = (await Promise.resolve().then(() => (init_open(), exports_open))).default;
-  await open2(device.verification_uri_complete).catch(() => {});
-  console.log(source_default.dim("  Waiting for authorization..."));
-  const startedAt = Date.now();
-  while (Date.now() - startedAt < MAX_POLL_DURATION_MS) {
-    await sleep(pollInterval);
-    const tokenRes = await fetch(`${API_BASE}/oauth2/token`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-        client_id: CLIENT_ID,
-        device_code: device.device_code
-      })
-    });
-    if (tokenRes.ok) {
-      const tokens = await tokenRes.json();
-      saveCredentials({
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
-        email: tokens.email,
-        operatorId: tokens.operator_id
-      });
-      console.log(source_default.green(`
-  Logged in successfully!`));
-      if (tokens.email)
-        console.log("  Email:", source_default.bold(tokens.email));
-      if (tokens.operator_id)
-        console.log("  Operator:", source_default.bold(tokens.operator_id));
       return;
     }
-    const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
-    if (error.error === "authorization_pending") {
-      continue;
-    }
-    if (error.error === "slow_down") {
-      await sleep(pollInterval);
-      continue;
-    }
-    if (error.error === "expired_token") {
-      console.log(source_default.red(`
-  Device code expired. Please try again.`));
-      process.exit(1);
-    }
-    if (error.error === "access_denied") {
-      console.log(source_default.red(`
-  Authorization denied.`));
-      process.exit(1);
+    console.log();
+    for (const app of result.data) {
+      const status2 = app.is_active ? source_default.green("active") : source_default.dim("inactive");
+      const review = app.review_status ? source_default.dim(`[${app.review_status}]`) : "";
+      console.log(`  ${source_default.bold(app.name)} ${source_default.dim(`(${app.slug})`)} ${status2} ${review}`);
+      console.log(`    ${source_default.dim("Type:")} ${app.type}/${app.category}  ${source_default.dim("Version:")} ${app.version}`);
+      if (app.worker_url) {
+        console.log(`    ${source_default.dim("URL:")} ${app.worker_url}`);
+      }
+      console.log();
     }
-    console.log(source_default.red(`
-  Login failed:`), error.error_description ?? error.error);
-    process.exit(1);
   }
-  console.log(source_default.red(`
-  Login timed out. Please try again.`));
-  process.exit(1);
 }
-async function logout() {
-  clearCredentials();
-  console.log(source_default.green("Logged out."));
+async function appsGet(slug) {
+  status(`Fetching app ${slug}...`);
+  const res = await apiRequest2("GET", `/api/v1/developer/apps/${slug}`);
+  if (!res.ok) {
+    if (res.status === 404) {
+      outputError("NOT_FOUND", `App "${slug}" not found`);
+    }
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  const app = result.data;
+  if (isJsonMode()) {
+    outputSuccess(app);
+  } else {
+    console.log();
+    console.log(`  ${source_default.bold(app.name)} ${source_default.dim(`(${app.slug})`)}`);
+    console.log(`  ${source_default.dim("ID:")}           ${app.id}`);
+    console.log(`  ${source_default.dim("Type:")}         ${app.type}`);
+    console.log(`  ${source_default.dim("Category:")}     ${app.category}`);
+    console.log(`  ${source_default.dim("Kind:")}         ${app.kind ?? "-"}`);
+    console.log(`  ${source_default.dim("Version:")}      ${app.version}`);
+    console.log(`  ${source_default.dim("Visibility:")}   ${app.visibility}`);
+    console.log(`  ${source_default.dim("Maintainer:")}   ${app.maintainer}`);
+    console.log(`  ${source_default.dim("Review:")}       ${app.review_status ?? "draft"}`);
+    console.log(`  ${source_default.dim("Active:")}       ${app.is_active ? "yes" : "no"}`);
+    if (app.worker_url) {
+      console.log(`  ${source_default.dim("Worker URL:")}   ${app.worker_url}`);
+    }
+    console.log(`  ${source_default.dim("Created:")}      ${app.created_at}`);
+    console.log(`  ${source_default.dim("Updated:")}      ${app.updated_at}`);
+    console.log();
+  }
 }
-async function whoami() {
-  const envToken = process.env.BAGDOCK_TOKEN;
-  const creds = envToken ? { accessToken: envToken, email: "(M2M token)" } : loadCredentials();
-  if (!creds?.accessToken) {
-    console.log(source_default.yellow("Not logged in."), "Run", source_default.cyan("bagdock login"));
-    process.exit(1);
+var init_apps = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/logs.ts
+var exports_logs = {};
+__export(exports_logs, {
+  logsTail: () => logsTail,
+  logsList: () => logsList,
+  logsGet: () => logsGet
+});
+async function apiRequest3(method, path2) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
   }
-  try {
-    const res = await fetch(`${API_BASE}/v1/auth/me`, {
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
-    });
-    if (!res.ok) {
-      console.log(source_default.red("Session expired or invalid."), "Run", source_default.cyan("bagdock login"));
-      process.exit(1);
+  return fetch(`${API_BASE}${path2}`, {
+    method,
+    headers: { Authorization: `Bearer ${token}` }
+  });
+}
+function resolveSlug(slug) {
+  if (slug)
+    return slug;
+  const config = loadBagdockJson(process.cwd());
+  if (config?.slug)
+    return config.slug;
+  outputError("MISSING_CONFIG", "No slug specified and no bagdock.json found. Pass --app <slug> or run from a project directory.");
+  return "";
+}
+async function logsList(opts) {
+  const slug = resolveSlug(opts.app);
+  const limit = opts.limit || "50";
+  status(`Fetching logs for ${slug}...`);
+  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?limit=${limit}`);
+  if (!res.ok) {
+    if (res.status === 404) {
+      outputError("NOT_FOUND", `App "${slug}" not found or no logs available`);
+    }
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("log_entry", result.data, false);
+  } else {
+    if (!result.data?.length) {
+      console.log(source_default.yellow(`
+  No logs found for ${slug}.
+`));
+      return;
     }
-    const user = await res.json();
-    console.log(source_default.green("Logged in as"), source_default.bold(user.email));
-    if (user.operator_id)
-      console.log("Operator:", source_default.bold(user.operator_id));
-    if (user.name)
-      console.log("Name:", user.name);
-  } catch (err) {
-    console.log(source_default.red("Failed to reach API:"), err.message);
-    process.exit(1);
+    console.log();
+    for (const entry of result.data) {
+      const ts = source_default.dim(new Date(entry.timestamp).toISOString());
+      const level = entry.level === "error" ? source_default.red(entry.level) : source_default.dim(entry.level);
+      console.log(`  ${ts} ${level} ${entry.message}`);
+    }
+    console.log();
   }
 }
-function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+async function logsGet(id, opts) {
+  const slug = resolveSlug(opts.app);
+  status(`Fetching log entry ${id}...`);
+  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs/${id}`);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const data = await res.json();
+  if (isJsonMode()) {
+    outputSuccess(data);
+  } else {
+    console.log(JSON.stringify(data, null, 2));
+  }
 }
+async function logsTail(opts) {
+  const slug = resolveSlug(opts.app);
+  if (isJsonMode()) {
+    outputError("UNSUPPORTED", "Log tailing is not supported in JSON mode. Use `logs list` instead.");
+  }
+  console.log(source_default.cyan(`
+  Tailing logs for ${slug}... (Ctrl+C to stop)
+`));
+  let lastTimestamp = new Date().toISOString();
+  const poll = async () => {
+    try {
+      const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?since=${encodeURIComponent(lastTimestamp)}&limit=100`);
+      if (res.ok) {
+        const result = await res.json();
+        for (const entry of result.data || []) {
+          const ts = source_default.dim(new Date(entry.timestamp).toISOString());
+          const level = entry.level === "error" ? source_default.red(entry.level) : source_default.dim(entry.level);
+          console.log(`  ${ts} ${level} ${entry.message}`);
+          lastTimestamp = entry.timestamp;
+        }
+      }
+    } catch {}
+  };
+  const interval = setInterval(poll, 2000);
+  await poll();
+  process.on("SIGINT", () => {
+    clearInterval(interval);
+    console.log(source_default.dim(`
+  Stopped tailing.
+`));
+    process.exit(0);
+  });
+  await new Promise(() => {});
+}
+var init_logs = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// node_modules/commander/esm.mjs
+var import__ = __toESM(require_commander(), 1);
+var {
+  program,
+  createCommand,
+  createArgument,
+  createOption,
+  CommanderError,
+  InvalidArgumentError,
+  InvalidOptionArgumentError,
+  Command,
+  Argument,
+  Option,
+  Help
+} = import__.default;
+
+// bin/bagdock.ts
+init_auth();
 
 // src/init.ts
 init_source();
@@ -3914,8 +4303,14 @@ function toPascalCase(s) {
 }
 
 // bin/bagdock.ts
+init_output();
 var program2 = new Command;
-program2.name("bagdock").description("Bagdock developer CLI").version("0.1.0");
+program2.name("bagdock").description("Bagdock developer CLI").version("0.1.4").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").hook("preAction", (_thisCommand, actionCommand) => {
+  const opts = program2.opts();
+  setOutputMode({ json: opts.json, quiet: opts.quiet });
+  if (opts.apiKey)
+    setApiKeyOverride(opts.apiKey);
+});
 program2.command("login").description("Authenticate with Bagdock (opens browser)").action(login);
 program2.command("logout").description("Clear stored credentials").action(logout);
 program2.command("whoami").description("Show current authenticated user").action(whoami);
@@ -3924,7 +4319,7 @@ program2.command("dev").description("Start local dev server").option("-p, --port
   const { dev: dev2 } = await Promise.resolve().then(() => (init_dev(), exports_dev));
   await dev2(opts);
 });
-program2.command("deploy").description("Build locally and deploy via Bagdock API → CF Workers for Platforms").option("--env <environment>", "Target environment (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
+program2.command("deploy").description("Build locally and deploy via Bagdock API").option("--env <environment>", "Target environment (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
   const { deploy: deploy2 } = await Promise.resolve().then(() => (init_deploy(), exports_deploy));
   await deploy2(opts);
 });
@@ -3945,4 +4340,39 @@ envCmd.command("remove <key>").description("Remove an environment variable").act
   const { envRemove: envRemove2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
   await envRemove2(key);
 });
+var keysCmd = program2.command("keys").description("Manage operator API keys");
+keysCmd.command("create").description("Create a new API key (raw key shown once)").requiredOption("--name <name>", "Key name").option("--type <type>", "Key type (secret, publishable)", "secret").option("--category <category>", "Key category (standard, restricted, personal)", "standard").option("--environment <env>", "Environment (live, test)", "live").option("--scopes <scopes...>", "Permission scopes").action(async (opts) => {
+  const { keysCreate: keysCreate2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysCreate2(opts);
+});
+keysCmd.command("list").description("List API keys").option("--environment <env>", "Filter by environment (live, test)").action(async (opts) => {
+  const { keysList: keysList2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysList2(opts);
+});
+keysCmd.command("delete <id>").description("Revoke an API key").option("-y, --yes", "Skip confirmation (required in non-TTY)").option("--reason <reason>", "Revocation reason").action(async (id, opts) => {
+  const { keysDelete: keysDelete2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysDelete2(id, opts);
+});
+var appsCmd = program2.command("apps").description("List and inspect deployed apps and edges");
+appsCmd.command("list").description("List all apps for the authenticated operator").action(async () => {
+  const { appsList: appsList2 } = await Promise.resolve().then(() => (init_apps(), exports_apps));
+  await appsList2();
+});
+appsCmd.command("get <slug>").description("Get details for a specific app").action(async (slug) => {
+  const { appsGet: appsGet2 } = await Promise.resolve().then(() => (init_apps(), exports_apps));
+  await appsGet2(slug);
+});
+var logsCmd = program2.command("logs").description("View execution logs for deployed apps");
+logsCmd.command("list").description("List recent log entries").option("--app <slug>", "App slug (defaults to bagdock.json slug)").option("--limit <n>", "Number of entries", "50").action(async (opts) => {
+  const { logsList: logsList2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsList2(opts);
+});
+logsCmd.command("get <id>").description("Get a specific log entry").option("--app <slug>", "App slug (defaults to bagdock.json slug)").action(async (id, opts) => {
+  const { logsGet: logsGet2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsGet2(id, opts);
+});
+logsCmd.command("tail").description("Stream logs in real-time").option("--app <slug>", "App slug (defaults to bagdock.json slug)").action(async (opts) => {
+  const { logsTail: logsTail2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsTail2(opts);
+});
 program2.parse();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bagdock/cli",
-  "version": "0.1.4",
+  "version": "0.2.0",
   "description": "Bagdock developer CLI — build, test, and deploy apps and edges on the Bagdock platform",
   "keywords": [
     "bagdock",