@bagdock/cli 0.1.4 → 0.3.0

package/dist/bagdock.js

@@ -2085,31 +2085,87 @@ var require_commander = __commonJS((exports) => {
 import { homedir } from "os";
 import { join } from "path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+function setProfileOverride(name) {
+  profileOverride = name;
+}
 function ensureConfigDir() {
   if (!existsSync(CONFIG_DIR)) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
   }
 }
-function loadCredentials() {
+function loadStore() {
   try {
-    if (!existsSync(CREDENTIALS_FILE))
-      return null;
-    const raw = readFileSync(CREDENTIALS_FILE, "utf-8");
-    return JSON.parse(raw);
+    if (!existsSync(CREDENTIALS_FILE)) {
+      return { activeProfile: "default", profiles: {} };
+    }
+    const raw = JSON.parse(readFileSync(CREDENTIALS_FILE, "utf-8"));
+    if (raw.accessToken && !raw.profiles) {
+      const migrated = {
+        activeProfile: "default",
+        profiles: { default: raw }
+      };
+      saveStore(migrated);
+      return migrated;
+    }
+    return raw;
   } catch {
-    return null;
+    return { activeProfile: "default", profiles: {} };
   }
 }
-function saveCredentials(creds) {
+function saveStore(store) {
   ensureConfigDir();
-  writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), { mode: 384 });
+  writeFileSync(CREDENTIALS_FILE, JSON.stringify(store, null, 2), { mode: 384 });
+}
+function resolveProfile() {
+  if (profileOverride)
+    return profileOverride;
+  if (process.env.BAGDOCK_PROFILE)
+    return process.env.BAGDOCK_PROFILE;
+  return loadStore().activeProfile;
+}
+function loadCredentials() {
+  const store = loadStore();
+  const name = resolveProfile();
+  return store.profiles[name] ?? null;
+}
+function saveCredentials(creds, profileName) {
+  const store = loadStore();
+  const name = profileName ?? resolveProfile();
+  store.profiles[name] = creds;
+  if (!store.activeProfile || Object.keys(store.profiles).length === 1) {
+    store.activeProfile = name;
+  }
+  saveStore(store);
 }
 function clearCredentials() {
-  try {
-    if (existsSync(CREDENTIALS_FILE)) {
-      writeFileSync(CREDENTIALS_FILE, "{}", { mode: 384 });
-    }
-  } catch {}
+  const store = loadStore();
+  const name = resolveProfile();
+  delete store.profiles[name];
+  if (store.activeProfile === name) {
+    const remaining = Object.keys(store.profiles);
+    store.activeProfile = remaining[0] ?? "default";
+  }
+  saveStore(store);
+}
+function listProfiles() {
+  const store = loadStore();
+  return Object.entries(store.profiles).map(([name, creds]) => ({
+    name,
+    email: creds.email,
+    operatorId: creds.operatorId,
+    active: name === store.activeProfile
+  }));
+}
+function switchProfile(name) {
+  const store = loadStore();
+  if (!store.profiles[name])
+    return false;
+  store.activeProfile = name;
+  saveStore(store);
+  return true;
+}
+function getActiveProfileName() {
+  return resolveProfile();
 }
 function loadBagdockJson(dir) {
   const file = join(dir, "bagdock.json");
@@ -2121,7 +2177,7 @@ function loadBagdockJson(dir) {
     return null;
   }
 }
-var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE;
+var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE, profileOverride;
 var init_config = __esm(() => {
   CONFIG_DIR = join(homedir(), ".bagdock");
   CREDENTIALS_FILE = join(CONFIG_DIR, "credentials.json");
@@ -2618,6 +2674,59 @@ var init_source = __esm(() => {
   source_default = chalk;
 });
 
+// src/output.ts
+function setOutputMode(opts) {
+  quiet = !!opts.quiet;
+  forceJson = !!opts.json || !!opts.quiet;
+}
+function isJsonMode() {
+  return forceJson || !process.stdout.isTTY;
+}
+function isQuiet() {
+  return quiet;
+}
+function outputSuccess(data) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify(data, null, 2) + `
+`);
+  }
+}
+function outputError(code, message, details) {
+  if (isJsonMode()) {
+    const err = { error: { code, message } };
+    if (details)
+      err.error.details = details;
+    process.stderr.write(JSON.stringify(err) + `
+`);
+    process.exit(1);
+  } else {
+    console.error(source_default.red(`Error [${code}]:`), message);
+    if (details)
+      console.error(details);
+    process.exit(1);
+  }
+}
+function outputList(objectType, data, hasMore) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify({ object: "list", data, has_more: hasMore }, null, 2) + `
+`);
+  }
+}
+function status(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.dim(message));
+  }
+}
+function success(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.green(message));
+  }
+}
+var forceJson = false, quiet = false;
+var init_output = __esm(() => {
+  init_source();
+});
+
 // node_modules/is-docker/index.js
 import fs from "node:fs";
 function hasDockerEnv() {
@@ -3158,13 +3267,367 @@ var init_open = __esm(() => {
   open_default = open;
 });
 
+// src/auth.ts
+function setApiKeyOverride(key) {
+  apiKeyOverride = key;
+}
+function getAuthToken() {
+  if (apiKeyOverride)
+    return apiKeyOverride;
+  if (process.env.BAGDOCK_API_KEY)
+    return process.env.BAGDOCK_API_KEY;
+  if (process.env.BAGDOCK_TOKEN)
+    return process.env.BAGDOCK_TOKEN;
+  const creds = loadCredentials();
+  return creds?.accessToken ?? null;
+}
+function getAuthSource() {
+  if (apiKeyOverride)
+    return { token: apiKeyOverride, source: "flag" };
+  if (process.env.BAGDOCK_API_KEY)
+    return { token: process.env.BAGDOCK_API_KEY, source: "env (BAGDOCK_API_KEY)" };
+  if (process.env.BAGDOCK_TOKEN)
+    return { token: process.env.BAGDOCK_TOKEN, source: "env (BAGDOCK_TOKEN)" };
+  const creds = loadCredentials();
+  if (creds?.accessToken)
+    return { token: creds.accessToken, source: `config (${getActiveProfileName()})` };
+  return { token: null, source: "none" };
+}
+async function login() {
+  const existing = loadCredentials();
+  if (existing?.accessToken && existing.expiresAt && existing.expiresAt > Date.now()) {
+    console.log(source_default.green("Already logged in as"), source_default.bold(existing.email ?? "unknown"));
+    console.log("Run", source_default.cyan("bagdock logout"), "to sign out first.");
+    return;
+  }
+  console.log(source_default.cyan(`
+Requesting device authorization...
+`));
+  const deviceRes = await fetch(`${API_BASE}/oauth2/device/authorize`, {
+    method: "POST",
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify({ client_id: CLIENT_ID, scope: "developer:read developer:write" })
+  });
+  if (!deviceRes.ok) {
+    const err = await deviceRes.text();
+    console.log(source_default.red("Failed to start login:"), err);
+    process.exit(1);
+  }
+  const device = await deviceRes.json();
+  const pollInterval = (device.interval ?? 5) * 1000;
+  console.log(`  Visit ${source_default.bold(device.verification_uri)} and enter code:
+`);
+  console.log(`    ${source_default.bold.cyan(device.user_code)}
+`);
+  const open2 = (await Promise.resolve().then(() => (init_open(), exports_open))).default;
+  await open2(device.verification_uri_complete).catch(() => {});
+  console.log(source_default.dim("  Waiting for authorization..."));
+  const startedAt = Date.now();
+  while (Date.now() - startedAt < MAX_POLL_DURATION_MS) {
+    await sleep(pollInterval);
+    const tokenRes = await fetch(`${API_BASE}/oauth2/token`, {
+      method: "POST",
+      headers: { "Content-Type": "application/json" },
+      body: JSON.stringify({
+        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
+        client_id: CLIENT_ID,
+        device_code: device.device_code
+      })
+    });
+    if (tokenRes.ok) {
+      const tokens = await tokenRes.json();
+      saveCredentials({
+        accessToken: tokens.access_token,
+        refreshToken: tokens.refresh_token,
+        expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
+        email: tokens.email,
+        operatorId: tokens.operator_id
+      });
+      console.log(source_default.green(`
+  Logged in successfully!`));
+      if (tokens.email)
+        console.log("  Email:", source_default.bold(tokens.email));
+      if (tokens.operator_id)
+        console.log("  Operator:", source_default.bold(tokens.operator_id));
+      console.log("  Profile:", source_default.bold(getActiveProfileName()));
+      return;
+    }
+    const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
+    if (error.error === "authorization_pending")
+      continue;
+    if (error.error === "slow_down") {
+      await sleep(pollInterval);
+      continue;
+    }
+    if (error.error === "expired_token") {
+      console.log(source_default.red(`
+  Device code expired. Please try again.`));
+      process.exit(1);
+    }
+    if (error.error === "access_denied") {
+      console.log(source_default.red(`
+  Authorization denied.`));
+      process.exit(1);
+    }
+    console.log(source_default.red(`
+  Login failed:`), error.error_description ?? error.error);
+    process.exit(1);
+  }
+  console.log(source_default.red(`
+  Login timed out. Please try again.`));
+  process.exit(1);
+}
+async function logout() {
+  clearCredentials();
+  console.log(source_default.green(`Logged out of profile "${getActiveProfileName()}".`));
+}
+async function whoami() {
+  const token = getAuthToken();
+  if (!token) {
+    console.log(source_default.yellow("Not logged in."), "Run", source_default.cyan("bagdock login"));
+    process.exit(1);
+  }
+  try {
+    const res = await fetch(`${API_BASE}/v1/auth/me`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!res.ok) {
+      console.log(source_default.red("Session expired or invalid."), "Run", source_default.cyan("bagdock login"));
+      process.exit(1);
+    }
+    const user = await res.json();
+    if (isJsonMode()) {
+      outputSuccess({ ...user, profile: getActiveProfileName() });
+    } else {
+      console.log(source_default.green("Logged in as"), source_default.bold(user.email));
+      if (user.operator_id)
+        console.log("Operator:", source_default.bold(user.operator_id));
+      if (user.name)
+        console.log("Name:", user.name);
+      console.log("Profile:", source_default.bold(getActiveProfileName()));
+    }
+  } catch (err) {
+    console.log(source_default.red("Failed to reach API:"), err.message);
+    process.exit(1);
+  }
+}
+async function authList() {
+  const profiles = listProfiles();
+  if (isJsonMode()) {
+    outputSuccess({ profiles });
+    return;
+  }
+  if (!profiles.length) {
+    console.log(source_default.yellow(`
+  No profiles found.`), "Run", source_default.cyan("bagdock login"), `to create one.
+`);
+    return;
+  }
+  console.log();
+  for (const p of profiles) {
+    const marker = p.active ? source_default.green("* ") : "  ";
+    const label = p.active ? source_default.bold(p.name) : p.name;
+    const email = p.email ? source_default.dim(` (${p.email})`) : "";
+    const op = p.operatorId ? source_default.dim(` [${p.operatorId}]`) : "";
+    console.log(`  ${marker}${label}${email}${op}`);
+  }
+  console.log();
+}
+async function authSwitch(name) {
+  const profiles = listProfiles();
+  if (!profiles.length) {
+    console.log(source_default.yellow("No profiles found."), "Run", source_default.cyan("bagdock login"), "first.");
+    process.exit(1);
+  }
+  if (name) {
+    if (switchProfile(name)) {
+      if (isJsonMode()) {
+        outputSuccess({ active_profile: name });
+      } else {
+        console.log(source_default.green(`Switched to profile "${name}".`));
+      }
+    } else {
+      outputError("NOT_FOUND", `Profile "${name}" not found. Available: ${profiles.map((p) => p.name).join(", ")}`);
+    }
+    return;
+  }
+  if (!process.stdout.isTTY) {
+    outputError("MISSING_PROFILE", "Pass a profile name in non-interactive mode: bagdock auth switch <name>");
+  }
+  console.log(source_default.cyan(`
+Available profiles:
+`));
+  profiles.forEach((p, i) => {
+    const marker = p.active ? source_default.green("* ") : "  ";
+    const email = p.email ? source_default.dim(` (${p.email})`) : "";
+    console.log(`  ${marker}${i + 1}. ${p.name}${email}`);
+  });
+  const readline = await import("readline");
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  const answer = await new Promise((resolve) => {
+    rl.question(source_default.cyan(`
+  Enter profile number or name: `), resolve);
+  });
+  rl.close();
+  const idx = parseInt(answer, 10);
+  const target = idx > 0 && idx <= profiles.length ? profiles[idx - 1].name : answer.trim();
+  if (switchProfile(target)) {
+    console.log(source_default.green(`
+  Switched to profile "${target}".
+`));
+  } else {
+    console.log(source_default.red(`
+  Profile "${target}" not found.
+`));
+    process.exit(1);
+  }
+}
+function sleep(ms) {
+  return new Promise((resolve) => setTimeout(resolve, ms));
+}
+var apiKeyOverride, CLIENT_ID = "bagdock-cli", MAX_POLL_DURATION_MS = 300000;
+var init_auth = __esm(() => {
+  init_config();
+  init_source();
+  init_output();
+});
+
+// src/doctor.ts
+var exports_doctor = {};
+__export(exports_doctor, {
+  doctor: () => doctor
+});
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { join as join3, dirname } from "path";
+import { homedir as homedir2, platform as platform2 } from "os";
+import { fileURLToPath as fileURLToPath2 } from "url";
+function maskKey(key) {
+  if (key.length <= 12)
+    return key.slice(0, 4) + "...";
+  return key.slice(0, 8) + "..." + key.slice(-4);
+}
+function getLocalVersion() {
+  try {
+    const pkgPath = join3(dirname(fileURLToPath2(import.meta.url)), "..", "package.json");
+    const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+    return pkg.version ?? "unknown";
+  } catch {
+    return "unknown";
+  }
+}
+async function checkVersion() {
+  const local = getLocalVersion();
+  try {
+    const res = await fetch("https://registry.npmjs.org/@bagdock/cli/latest", {
+      signal: AbortSignal.timeout(5000)
+    });
+    if (res.ok) {
+      const data = await res.json();
+      if (data.version === local) {
+        return { name: "CLI Version", status: "pass", message: `v${local} (latest)` };
+      }
+      return { name: "CLI Version", status: "warn", message: `v${local} (update available: v${data.version})` };
+    }
+  } catch {}
+  return { name: "CLI Version", status: "pass", message: `v${local} (registry unreachable)` };
+}
+function checkAuth() {
+  const { token, source } = getAuthSource();
+  if (!token) {
+    return { name: "API Key", status: "fail", message: "No API key found. Run `bagdock login` or set BAGDOCK_API_KEY." };
+  }
+  return { name: "API Key", status: "pass", message: `${maskKey(token)} (source: ${source})` };
+}
+function checkProjectConfig() {
+  const config = loadBagdockJson(process.cwd());
+  if (!config) {
+    return { name: "Project Config", status: "warn", message: "No bagdock.json found in current directory" };
+  }
+  const issues = [];
+  if (!config.slug)
+    issues.push("missing slug");
+  if (!config.type)
+    issues.push("missing type");
+  if (!config.main)
+    issues.push("missing main");
+  if (issues.length) {
+    return { name: "Project Config", status: "warn", message: `bagdock.json has issues: ${issues.join(", ")}` };
+  }
+  return { name: "Project Config", status: "pass", message: `${config.slug} (${config.type}/${config.kind ?? config.category})` };
+}
+function checkAgents() {
+  const detected = [];
+  const home = homedir2();
+  if (existsSync3(join3(home, ".cursor")))
+    detected.push("Cursor");
+  if (existsSync3(join3(home, ".windsurf")))
+    detected.push("Windsurf");
+  if (existsSync3(join3(home, "clawd", "skills")) || existsSync3(join3(home, ".codex")))
+    detected.push("OpenClaw/Codex");
+  const p = platform2();
+  if (p === "darwin" && existsSync3(join3(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  } else if (p === "win32" && existsSync3(join3(process.env.APPDATA ?? "", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  } else if (p === "linux" && existsSync3(join3(home, ".config", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  }
+  if (existsSync3(join3(process.cwd(), ".vscode", "mcp.json")))
+    detected.push("VS Code");
+  if (!detected.length) {
+    return { name: "AI Agents", status: "pass", message: "None detected" };
+  }
+  return { name: "AI Agents", status: "pass", message: `Detected: ${detected.join(", ")}` };
+}
+async function doctor() {
+  const checks = [];
+  if (isJsonMode()) {
+    checks.push(await checkVersion());
+    checks.push(checkAuth());
+    checks.push(checkProjectConfig());
+    checks.push(checkAgents());
+    const ok = checks.every((c) => c.status !== "fail");
+    outputSuccess({ ok, checks });
+    return;
+  }
+  console.log(source_default.bold(`
+  Bagdock Doctor
+`));
+  process.stdout.write("  Checking CLI version...");
+  const versionCheck = await checkVersion();
+  checks.push(versionCheck);
+  process.stdout.write(`\r  ${ICON[versionCheck.status]} ${versionCheck.name}: ${versionCheck.message}
+`);
+  const authCheck = checkAuth();
+  checks.push(authCheck);
+  console.log(`  ${ICON[authCheck.status]} ${authCheck.name}: ${authCheck.message}`);
+  const configCheck = checkProjectConfig();
+  checks.push(configCheck);
+  console.log(`  ${ICON[configCheck.status]} ${configCheck.name}: ${configCheck.message}`);
+  const agentCheck = checkAgents();
+  checks.push(agentCheck);
+  console.log(`  ${ICON[agentCheck.status]} ${agentCheck.name}: ${agentCheck.message}`);
+  console.log();
+  const hasFail = checks.some((c) => c.status === "fail");
+  if (hasFail)
+    process.exit(1);
+}
+var ICON;
+var init_doctor = __esm(() => {
+  init_source();
+  init_auth();
+  init_config();
+  init_output();
+  ICON = { pass: source_default.green("✔"), warn: source_default.yellow("!"), fail: source_default.red("✘") };
+});
+
 // src/dev.ts
 var exports_dev = {};
 __export(exports_dev, {
   dev: () => dev
 });
-import { existsSync as existsSync3, writeFileSync as writeFileSync3 } from "fs";
-import { join as join3 } from "path";
+import { existsSync as existsSync4, writeFileSync as writeFileSync3 } from "fs";
+import { join as join4 } from "path";
 import { spawn } from "child_process";
 async function dev(opts) {
   const cwd = process.cwd();
@@ -3175,11 +3638,11 @@ async function dev(opts) {
   }
   const port = opts.port ?? "8787";
   const wranglerToml = generateWranglerToml(config, port);
-  const wranglerPath = join3(cwd, "wrangler.toml");
+  const wranglerPath = join4(cwd, "wrangler.toml");
   writeFileSync3(wranglerPath, wranglerToml);
   console.log(source_default.green("Generated"), source_default.cyan("wrangler.toml"), source_default.green("from bagdock.json"));
-  const devVarsPath = join3(cwd, ".dev.vars");
-  if (!existsSync3(devVarsPath) && config.env) {
+  const devVarsPath = join4(cwd, ".dev.vars");
+  if (!existsSync4(devVarsPath) && config.env) {
     const hint = Object.entries(config.env).map(([key, meta]) => `# ${meta.description ?? key}${meta.required ? " (required)" : ""}
 ${key}=`).join(`
 `);
@@ -3240,8 +3703,8 @@ var exports_deploy = {};
 __export(exports_deploy, {
   deploy: () => deploy
 });
-import { existsSync as existsSync4, readFileSync as readFileSync2 } from "fs";
-import { join as join4 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync3 } from "fs";
+import { join as join5 } from "path";
 import { execSync } from "child_process";
 import { createInterface } from "readline";
 async function deploy(opts) {
@@ -3251,9 +3714,9 @@ async function deploy(opts) {
     console.error(source_default.red("No bagdock.json found. Run"), source_default.cyan("bagdock init"), source_default.red("first."));
     process.exit(1);
   }
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("first."));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
   let environment = opts.env ?? "staging";
@@ -3282,8 +3745,8 @@ async function deploy(opts) {
   console.log(source_default.cyan(`
 Deploying ${config.slug}@${config.version} → ${envLabel}
 `));
-  const outDir = join4(cwd, ".bagdock");
-  const outFile = join4(outDir, "worker.mjs");
+  const outDir = join5(cwd, ".bagdock");
+  const outFile = join5(outDir, "worker.mjs");
   console.log(source_default.dim("  Building worker bundle..."));
   execSync(`mkdir -p ${outDir}`, { cwd });
   try {
@@ -3299,11 +3762,11 @@ Deploying ${config.slug}@${config.version} → ${envLabel}
       process.exit(1);
     }
   }
-  if (!existsSync4(outFile)) {
+  if (!existsSync5(outFile)) {
     console.error(source_default.red("  Build output not found at"), outFile);
     process.exit(1);
   }
-  const scriptContent = readFileSync2(outFile);
+  const scriptContent = readFileSync3(outFile);
   const sizeKb = (scriptContent.length / 1024).toFixed(1);
   console.log(source_default.dim(`  Bundle size: ${sizeKb} KB`));
   console.log(source_default.dim("  Uploading to Bagdock platform..."));
@@ -3318,7 +3781,7 @@ Deploying ${config.slug}@${config.version} → ${envLabel}
     const res = await fetch(`${API_BASE}/api/v1/developer/apps/${config.slug}/deploy`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${creds.accessToken}`
+        Authorization: `Bearer ${token}`
       },
       body: formData
     });
@@ -3374,6 +3837,7 @@ function confirm(prompt) {
 var init_deploy = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
 // src/submit.ts
@@ -3387,9 +3851,9 @@ async function submit() {
     console.error(source_default.red("No bagdock.json found. Run"), source_default.cyan("bagdock init"), source_default.red("first."));
     process.exit(1);
   }
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("first."));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
   console.log(source_default.cyan(`
@@ -3399,7 +3863,7 @@ Submitting ${source_default.bold(config.slug)} for marketplace review...
     const res = await fetch(`${API_BASE}/api/v1/developer/apps/${config.slug}/submit`, {
       method: "POST",
       headers: {
-        Authorization: `Bearer ${creds.accessToken}`,
+        Authorization: `Bearer ${token}`,
         "Content-Type": "application/json"
       }
     });
@@ -3427,6 +3891,7 @@ Submitting ${source_default.bold(config.slug)} for marketplace review...
 var init_submit = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
 // src/env-cmd.ts
@@ -3437,12 +3902,12 @@ __export(exports_env_cmd, {
   envList: () => envList
 });
 function requireAuth() {
-  const creds = loadCredentials();
-  if (!creds?.accessToken) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"));
+  const token = getAuthToken();
+  if (!token) {
+    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
     process.exit(1);
   }
-  return creds;
+  return token;
 }
 function requireConfig() {
   const config = loadBagdockJson(process.cwd());
@@ -3453,11 +3918,11 @@ function requireConfig() {
   return config;
 }
 async function envList() {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
+      headers: { Authorization: `Bearer ${token}` }
     });
     if (!res.ok) {
       console.error(source_default.red(`Failed to list env vars (${res.status})`));
@@ -3482,14 +3947,14 @@ Environment variables for ${config.slug}:
   }
 }
 async function envSet(key, value) {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
       method: "PUT",
       headers: {
         "Content-Type": "application/json",
-        Authorization: `Bearer ${creds.accessToken}`
+        Authorization: `Bearer ${token}`
       },
       body: JSON.stringify({ key, value })
     });
@@ -3505,12 +3970,12 @@ async function envSet(key, value) {
   }
 }
 async function envRemove(key) {
-  const creds = requireAuth();
+  const token = requireAuth();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env/${key}`, {
       method: "DELETE",
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
+      headers: { Authorization: `Bearer ${token}` }
     });
     if (!res.ok) {
       console.error(source_default.red(`Failed to remove ${key} (${res.status})`));
@@ -3525,146 +3990,339 @@ async function envRemove(key) {
 var init_env_cmd = __esm(() => {
   init_source();
   init_config();
+  init_auth();
 });
 
-// node_modules/commander/esm.mjs
-var import__ = __toESM(require_commander(), 1);
-var {
-  program,
-  createCommand,
-  createArgument,
-  createOption,
-  CommanderError,
-  InvalidArgumentError,
-  InvalidOptionArgumentError,
-  Command,
-  Argument,
-  Option,
-  Help
-} = import__.default;
-
-// src/auth.ts
-init_config();
-init_source();
-var CLIENT_ID = "bagdock-cli";
-var MAX_POLL_DURATION_MS = 300000;
-async function login() {
-  const existing = loadCredentials();
-  if (existing?.accessToken && existing.expiresAt && existing.expiresAt > Date.now()) {
-    console.log(source_default.green("Already logged in as"), source_default.bold(existing.email ?? "unknown"));
-    console.log("Run", source_default.cyan("bagdock logout"), "to sign out first.");
-    return;
+// src/keys.ts
+var exports_keys = {};
+__export(exports_keys, {
+  keysList: () => keysList,
+  keysDelete: () => keysDelete,
+  keysCreate: () => keysCreate
+});
+async function apiRequest(method, path2, body) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
   }
-  console.log(source_default.cyan(`
-Requesting device authorization...
+  const headers = { Authorization: `Bearer ${token}` };
+  const init2 = { method, headers };
+  if (body) {
+    headers["Content-Type"] = "application/json";
+    init2.body = JSON.stringify(body);
+  }
+  const res = await fetch(`${API_BASE}${path2}`, init2);
+  return res;
+}
+async function keysCreate(opts) {
+  status("Creating API key...");
+  const res = await apiRequest("POST", "/api/v1/operator/api-keys", {
+    name: opts.name,
+    key_type: opts.type || "secret",
+    key_category: opts.category || "standard",
+    environment: opts.environment || "live",
+    scopes: opts.scopes || []
+  });
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const data = await res.json();
+  if (isJsonMode()) {
+    outputSuccess(data);
+  } else {
+    console.log(source_default.green(`
+  API key created successfully!
 `));
-  const deviceRes = await fetch(`${API_BASE}/oauth2/device/authorize`, {
-    method: "POST",
-    headers: { "Content-Type": "application/json" },
-    body: JSON.stringify({ client_id: CLIENT_ID, scope: "developer:read developer:write" })
+    console.log(`  ${source_default.bold("Name:")}         ${data.name}`);
+    console.log(`  ${source_default.bold("Key:")}          ${source_default.yellow(data.key)}`);
+    console.log(`  ${source_default.bold("ID:")}           ${data.id}`);
+    console.log(`  ${source_default.bold("Environment:")}  ${data.environment}`);
+    console.log(`  ${source_default.bold("Type:")}         ${data.key_type}`);
+    console.log(`  ${source_default.bold("Category:")}     ${data.key_category}`);
+    if (data.scopes?.length) {
+      console.log(`  ${source_default.bold("Scopes:")}       ${data.scopes.join(", ")}`);
+    }
+    console.log();
+    console.log(source_default.yellow("  Save this key — it will not be shown again."));
+    console.log();
+  }
+}
+async function keysList(opts) {
+  status("Fetching API keys...");
+  let path2 = "/api/v1/operator/api-keys";
+  if (opts.environment)
+    path2 += `?environment=${opts.environment}`;
+  const res = await apiRequest("GET", path2);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("api_key", result.data, result.has_more);
+  } else {
+    if (!result.data.length) {
+      console.log(source_default.yellow(`
+  No API keys found.
+`));
+      return;
+    }
+    console.log();
+    for (const key of result.data) {
+      const usedAt = key.last_used_at ? new Date(key.last_used_at).toLocaleDateString() : "never";
+      console.log(`  ${source_default.bold(key.name)}`);
+      console.log(`    ${source_default.dim("Prefix:")} ${key.key_prefix}...  ${source_default.dim("Env:")} ${key.environment}  ${source_default.dim("Last used:")} ${usedAt}`);
+      console.log(`    ${source_default.dim("ID:")} ${key.id}  ${source_default.dim("Category:")} ${key.key_category}`);
+      console.log();
+    }
+  }
+}
+async function keysDelete(id, opts) {
+  if (!opts.yes && !process.stdout.isTTY) {
+    outputError("CONFIRMATION_REQUIRED", "Pass --yes to confirm deletion in non-interactive mode.");
+  }
+  status(`Revoking API key ${id}...`);
+  const res = await apiRequest("DELETE", `/api/v1/operator/api-keys/${id}`, {
+    reason: opts.reason
   });
-  if (!deviceRes.ok) {
-    const err = await deviceRes.text();
-    console.log(source_default.red("Failed to start login:"), err);
-    process.exit(1);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
   }
-  const device = await deviceRes.json();
-  const pollInterval = (device.interval ?? 5) * 1000;
-  console.log(`  Visit ${source_default.bold(device.verification_uri)} and enter code:
+  if (isJsonMode()) {
+    outputSuccess({ id, status: "revoked" });
+  } else {
+    success(`
+  API key ${id} revoked.
 `);
-  console.log(`    ${source_default.bold.cyan(device.user_code)}
+  }
+}
+var init_keys = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/apps.ts
+var exports_apps = {};
+__export(exports_apps, {
+  appsList: () => appsList,
+  appsGet: () => appsGet
+});
+async function apiRequest2(method, path2) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
+  }
+  return fetch(`${API_BASE}${path2}`, {
+    method,
+    headers: { Authorization: `Bearer ${token}` }
+  });
+}
+async function appsList() {
+  status("Fetching apps...");
+  const res = await apiRequest2("GET", "/api/v1/developer/apps");
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("app", result.data, false);
+  } else {
+    if (!result.data.length) {
+      console.log(source_default.yellow(`
+  No apps found. Create one with`), source_default.cyan("bagdock init"), `
 `);
-  const open2 = (await Promise.resolve().then(() => (init_open(), exports_open))).default;
-  await open2(device.verification_uri_complete).catch(() => {});
-  console.log(source_default.dim("  Waiting for authorization..."));
-  const startedAt = Date.now();
-  while (Date.now() - startedAt < MAX_POLL_DURATION_MS) {
-    await sleep(pollInterval);
-    const tokenRes = await fetch(`${API_BASE}/oauth2/token`, {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({
-        grant_type: "urn:ietf:params:oauth:grant-type:device_code",
-        client_id: CLIENT_ID,
-        device_code: device.device_code
-      })
-    });
-    if (tokenRes.ok) {
-      const tokens = await tokenRes.json();
-      saveCredentials({
-        accessToken: tokens.access_token,
-        refreshToken: tokens.refresh_token,
-        expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
-        email: tokens.email,
-        operatorId: tokens.operator_id
-      });
-      console.log(source_default.green(`
-  Logged in successfully!`));
-      if (tokens.email)
-        console.log("  Email:", source_default.bold(tokens.email));
-      if (tokens.operator_id)
-        console.log("  Operator:", source_default.bold(tokens.operator_id));
       return;
     }
-    const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
-    if (error.error === "authorization_pending") {
-      continue;
-    }
-    if (error.error === "slow_down") {
-      await sleep(pollInterval);
-      continue;
-    }
-    if (error.error === "expired_token") {
-      console.log(source_default.red(`
-  Device code expired. Please try again.`));
-      process.exit(1);
-    }
-    if (error.error === "access_denied") {
-      console.log(source_default.red(`
-  Authorization denied.`));
-      process.exit(1);
+    console.log();
+    for (const app of result.data) {
+      const status2 = app.is_active ? source_default.green("active") : source_default.dim("inactive");
+      const review = app.review_status ? source_default.dim(`[${app.review_status}]`) : "";
+      console.log(`  ${source_default.bold(app.name)} ${source_default.dim(`(${app.slug})`)} ${status2} ${review}`);
+      console.log(`    ${source_default.dim("Type:")} ${app.type}/${app.category}  ${source_default.dim("Version:")} ${app.version}`);
+      if (app.worker_url) {
+        console.log(`    ${source_default.dim("URL:")} ${app.worker_url}`);
+      }
+      console.log();
     }
-    console.log(source_default.red(`
-  Login failed:`), error.error_description ?? error.error);
-    process.exit(1);
   }
-  console.log(source_default.red(`
-  Login timed out. Please try again.`));
-  process.exit(1);
 }
-async function logout() {
-  clearCredentials();
-  console.log(source_default.green("Logged out."));
+async function appsGet(slug) {
+  status(`Fetching app ${slug}...`);
+  const res = await apiRequest2("GET", `/api/v1/developer/apps/${slug}`);
+  if (!res.ok) {
+    if (res.status === 404) {
+      outputError("NOT_FOUND", `App "${slug}" not found`);
+    }
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  const app = result.data;
+  if (isJsonMode()) {
+    outputSuccess(app);
+  } else {
+    console.log();
+    console.log(`  ${source_default.bold(app.name)} ${source_default.dim(`(${app.slug})`)}`);
+    console.log(`  ${source_default.dim("ID:")}           ${app.id}`);
+    console.log(`  ${source_default.dim("Type:")}         ${app.type}`);
+    console.log(`  ${source_default.dim("Category:")}     ${app.category}`);
+    console.log(`  ${source_default.dim("Kind:")}         ${app.kind ?? "-"}`);
+    console.log(`  ${source_default.dim("Version:")}      ${app.version}`);
+    console.log(`  ${source_default.dim("Visibility:")}   ${app.visibility}`);
+    console.log(`  ${source_default.dim("Maintainer:")}   ${app.maintainer}`);
+    console.log(`  ${source_default.dim("Review:")}       ${app.review_status ?? "draft"}`);
+    console.log(`  ${source_default.dim("Active:")}       ${app.is_active ? "yes" : "no"}`);
+    if (app.worker_url) {
+      console.log(`  ${source_default.dim("Worker URL:")}   ${app.worker_url}`);
+    }
+    console.log(`  ${source_default.dim("Created:")}      ${app.created_at}`);
+    console.log(`  ${source_default.dim("Updated:")}      ${app.updated_at}`);
+    console.log();
+  }
 }
-async function whoami() {
-  const envToken = process.env.BAGDOCK_TOKEN;
-  const creds = envToken ? { accessToken: envToken, email: "(M2M token)" } : loadCredentials();
-  if (!creds?.accessToken) {
-    console.log(source_default.yellow("Not logged in."), "Run", source_default.cyan("bagdock login"));
-    process.exit(1);
+var init_apps = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/logs.ts
+var exports_logs = {};
+__export(exports_logs, {
+  logsTail: () => logsTail,
+  logsList: () => logsList,
+  logsGet: () => logsGet
+});
+async function apiRequest3(method, path2) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
   }
-  try {
-    const res = await fetch(`${API_BASE}/v1/auth/me`, {
-      headers: { Authorization: `Bearer ${creds.accessToken}` }
-    });
-    if (!res.ok) {
-      console.log(source_default.red("Session expired or invalid."), "Run", source_default.cyan("bagdock login"));
-      process.exit(1);
+  return fetch(`${API_BASE}${path2}`, {
+    method,
+    headers: { Authorization: `Bearer ${token}` }
+  });
+}
+function resolveSlug(slug) {
+  if (slug)
+    return slug;
+  const config = loadBagdockJson(process.cwd());
+  if (config?.slug)
+    return config.slug;
+  outputError("MISSING_CONFIG", "No slug specified and no bagdock.json found. Pass --app <slug> or run from a project directory.");
+  return "";
+}
+async function logsList(opts) {
+  const slug = resolveSlug(opts.app);
+  const limit = opts.limit || "50";
+  status(`Fetching logs for ${slug}...`);
+  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?limit=${limit}`);
+  if (!res.ok) {
+    if (res.status === 404) {
+      outputError("NOT_FOUND", `App "${slug}" not found or no logs available`);
+    }
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const result = await res.json();
+  if (isJsonMode()) {
+    outputList("log_entry", result.data, false);
+  } else {
+    if (!result.data?.length) {
+      console.log(source_default.yellow(`
+  No logs found for ${slug}.
+`));
+      return;
     }
-    const user = await res.json();
-    console.log(source_default.green("Logged in as"), source_default.bold(user.email));
-    if (user.operator_id)
-      console.log("Operator:", source_default.bold(user.operator_id));
-    if (user.name)
-      console.log("Name:", user.name);
-  } catch (err) {
-    console.log(source_default.red("Failed to reach API:"), err.message);
-    process.exit(1);
+    console.log();
+    for (const entry of result.data) {
+      const ts = source_default.dim(new Date(entry.timestamp).toISOString());
+      const level = entry.level === "error" ? source_default.red(entry.level) : source_default.dim(entry.level);
+      console.log(`  ${ts} ${level} ${entry.message}`);
+    }
+    console.log();
   }
 }
-function sleep(ms) {
-  return new Promise((resolve) => setTimeout(resolve, ms));
+async function logsGet(id, opts) {
+  const slug = resolveSlug(opts.app);
+  status(`Fetching log entry ${id}...`);
+  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs/${id}`);
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
+    outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
+  }
+  const data = await res.json();
+  if (isJsonMode()) {
+    outputSuccess(data);
+  } else {
+    console.log(JSON.stringify(data, null, 2));
+  }
 }
+async function logsTail(opts) {
+  const slug = resolveSlug(opts.app);
+  if (isJsonMode()) {
+    outputError("UNSUPPORTED", "Log tailing is not supported in JSON mode. Use `logs list` instead.");
+  }
+  console.log(source_default.cyan(`
+  Tailing logs for ${slug}... (Ctrl+C to stop)
+`));
+  let lastTimestamp = new Date().toISOString();
+  const poll = async () => {
+    try {
+      const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?since=${encodeURIComponent(lastTimestamp)}&limit=100`);
+      if (res.ok) {
+        const result = await res.json();
+        for (const entry of result.data || []) {
+          const ts = source_default.dim(new Date(entry.timestamp).toISOString());
+          const level = entry.level === "error" ? source_default.red(entry.level) : source_default.dim(entry.level);
+          console.log(`  ${ts} ${level} ${entry.message}`);
+          lastTimestamp = entry.timestamp;
+        }
+      }
+    } catch {}
+  };
+  const interval = setInterval(poll, 2000);
+  await poll();
+  process.on("SIGINT", () => {
+    clearInterval(interval);
+    console.log(source_default.dim(`
+  Stopped tailing.
+`));
+    process.exit(0);
+  });
+  await new Promise(() => {});
+}
+var init_logs = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// node_modules/commander/esm.mjs
+var import__ = __toESM(require_commander(), 1);
+var {
+  program,
+  createCommand,
+  createArgument,
+  createOption,
+  CommanderError,
+  InvalidArgumentError,
+  InvalidOptionArgumentError,
+  Command,
+  Argument,
+  Option,
+  Help
+} = import__.default;
+
+// bin/bagdock.ts
+init_auth();
 
 // src/init.ts
 init_source();
@@ -3914,17 +4572,33 @@ function toPascalCase(s) {
 }
 
 // bin/bagdock.ts
+init_output();
+init_config();
 var program2 = new Command;
-program2.name("bagdock").description("Bagdock developer CLI").version("0.1.0");
+program2.name("bagdock").description("Bagdock developer CLI — built for humans, AI agents, and CI/CD pipelines").version("0.3.0").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").option("-p, --profile <name>", "Profile to use (overrides BAGDOCK_PROFILE)").hook("preAction", (_thisCommand, actionCommand) => {
+  const opts = program2.opts();
+  setOutputMode({ json: opts.json, quiet: opts.quiet });
+  if (opts.apiKey)
+    setApiKeyOverride(opts.apiKey);
+  if (opts.profile)
+    setProfileOverride(opts.profile);
+});
 program2.command("login").description("Authenticate with Bagdock (opens browser)").action(login);
 program2.command("logout").description("Clear stored credentials").action(logout);
 program2.command("whoami").description("Show current authenticated user").action(whoami);
+var authCmd = program2.command("auth").description("Manage authentication profiles");
+authCmd.command("list").description("List all stored profiles").action(authList);
+authCmd.command("switch [name]").description("Switch active profile").action(async (name) => authSwitch(name));
+program2.command("doctor").description("Run environment diagnostics").action(async () => {
+  const { doctor: doctor2 } = await Promise.resolve().then(() => (init_doctor(), exports_doctor));
+  await doctor2();
+});
 program2.command("init [dir]").description("Scaffold a new project with bagdock.json").option("-t, --type <type>", "Project type (edge, app)").option("-k, --kind <kind>", "Project kind (adapter, comms, webhook, ui-extension, microfrontend)").option("-c, --category <category>", "Category").option("-s, --slug <slug>", "Unique project slug").option("-n, --name <name>", "Display name").action((dir, opts) => init(dir ?? ".", opts));
 program2.command("dev").description("Start local dev server").option("-p, --port <port>", "Local dev port", "8787").action(async (opts) => {
   const { dev: dev2 } = await Promise.resolve().then(() => (init_dev(), exports_dev));
   await dev2(opts);
 });
-program2.command("deploy").description("Build locally and deploy via Bagdock API → CF Workers for Platforms").option("--env <environment>", "Target environment (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
+program2.command("deploy").description("Build locally and deploy via Bagdock API").option("--env <environment>", "Target environment (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
   const { deploy: deploy2 } = await Promise.resolve().then(() => (init_deploy(), exports_deploy));
   await deploy2(opts);
 });
@@ -3945,4 +4619,39 @@ envCmd.command("remove <key>").description("Remove an environment variable").act
   const { envRemove: envRemove2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
   await envRemove2(key);
 });
+var keysCmd = program2.command("keys").description("Manage operator API keys");
+keysCmd.command("create").description("Create a new API key (raw key shown once)").requiredOption("--name <name>", "Key name").option("--type <type>", "Key type (secret, publishable)", "secret").option("--category <category>", "Key category (standard, restricted, personal)", "standard").option("--environment <env>", "Environment (live, test)", "live").option("--scopes <scopes...>", "Permission scopes").action(async (opts) => {
+  const { keysCreate: keysCreate2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysCreate2(opts);
+});
+keysCmd.command("list").description("List API keys").option("--environment <env>", "Filter by environment (live, test)").action(async (opts) => {
+  const { keysList: keysList2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysList2(opts);
+});
+keysCmd.command("delete <id>").description("Revoke an API key").option("-y, --yes", "Skip confirmation (required in non-TTY)").option("--reason <reason>", "Revocation reason").action(async (id, opts) => {
+  const { keysDelete: keysDelete2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));
+  await keysDelete2(id, opts);
+});
+var appsCmd = program2.command("apps").description("List and inspect deployed apps and edges");
+appsCmd.command("list").description("List all apps for the authenticated operator").action(async () => {
+  const { appsList: appsList2 } = await Promise.resolve().then(() => (init_apps(), exports_apps));
+  await appsList2();
+});
+appsCmd.command("get <slug>").description("Get details for a specific app").action(async (slug) => {
+  const { appsGet: appsGet2 } = await Promise.resolve().then(() => (init_apps(), exports_apps));
+  await appsGet2(slug);
+});
+var logsCmd = program2.command("logs").description("View execution logs for deployed apps");
+logsCmd.command("list").description("List recent log entries").option("--app <slug>", "App slug (defaults to bagdock.json slug)").option("--limit <n>", "Number of entries", "50").action(async (opts) => {
+  const { logsList: logsList2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsList2(opts);
+});
+logsCmd.command("get <id>").description("Get a specific log entry").option("--app <slug>", "App slug (defaults to bagdock.json slug)").action(async (id, opts) => {
+  const { logsGet: logsGet2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsGet2(id, opts);
+});
+logsCmd.command("tail").description("Stream logs in real-time").option("--app <slug>", "App slug (defaults to bagdock.json slug)").action(async (opts) => {
+  const { logsTail: logsTail2 } = await Promise.resolve().then(() => (init_logs(), exports_logs));
+  await logsTail2(opts);
+});
 program2.parse();