@bagdock/cli 0.2.0 → 0.4.0

package/dist/bagdock.js

@@ -2085,31 +2085,87 @@ var require_commander = __commonJS((exports) => {
 import { homedir } from "os";
 import { join } from "path";
 import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+function setProfileOverride(name) {
+  profileOverride = name;
+}
 function ensureConfigDir() {
   if (!existsSync(CONFIG_DIR)) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
   }
 }
-function loadCredentials() {
+function loadStore() {
   try {
-    if (!existsSync(CREDENTIALS_FILE))
-      return null;
-    const raw = readFileSync(CREDENTIALS_FILE, "utf-8");
-    return JSON.parse(raw);
+    if (!existsSync(CREDENTIALS_FILE)) {
+      return { activeProfile: "default", profiles: {} };
+    }
+    const raw = JSON.parse(readFileSync(CREDENTIALS_FILE, "utf-8"));
+    if (raw.accessToken && !raw.profiles) {
+      const migrated = {
+        activeProfile: "default",
+        profiles: { default: raw }
+      };
+      saveStore(migrated);
+      return migrated;
+    }
+    return raw;
   } catch {
-    return null;
+    return { activeProfile: "default", profiles: {} };
   }
 }
-function saveCredentials(creds) {
+function saveStore(store) {
   ensureConfigDir();
-  writeFileSync(CREDENTIALS_FILE, JSON.stringify(creds, null, 2), { mode: 384 });
+  writeFileSync(CREDENTIALS_FILE, JSON.stringify(store, null, 2), { mode: 384 });
+}
+function resolveProfile() {
+  if (profileOverride)
+    return profileOverride;
+  if (process.env.BAGDOCK_PROFILE)
+    return process.env.BAGDOCK_PROFILE;
+  return loadStore().activeProfile;
+}
+function loadCredentials() {
+  const store = loadStore();
+  const name = resolveProfile();
+  return store.profiles[name] ?? null;
+}
+function saveCredentials(creds, profileName) {
+  const store = loadStore();
+  const name = profileName ?? resolveProfile();
+  store.profiles[name] = creds;
+  if (!store.activeProfile || Object.keys(store.profiles).length === 1) {
+    store.activeProfile = name;
+  }
+  saveStore(store);
 }
 function clearCredentials() {
-  try {
-    if (existsSync(CREDENTIALS_FILE)) {
-      writeFileSync(CREDENTIALS_FILE, "{}", { mode: 384 });
-    }
-  } catch {}
+  const store = loadStore();
+  const name = resolveProfile();
+  delete store.profiles[name];
+  if (store.activeProfile === name) {
+    const remaining = Object.keys(store.profiles);
+    store.activeProfile = remaining[0] ?? "default";
+  }
+  saveStore(store);
+}
+function listProfiles() {
+  const store = loadStore();
+  return Object.entries(store.profiles).map(([name, creds]) => ({
+    name,
+    email: creds.email,
+    operatorId: creds.operatorId,
+    active: name === store.activeProfile
+  }));
+}
+function switchProfile(name) {
+  const store = loadStore();
+  if (!store.profiles[name])
+    return false;
+  store.activeProfile = name;
+  saveStore(store);
+  return true;
+}
+function getActiveProfileName() {
+  return resolveProfile();
 }
 function loadBagdockJson(dir) {
   const file = join(dir, "bagdock.json");
@@ -2121,7 +2177,7 @@ function loadBagdockJson(dir) {
     return null;
   }
 }
-var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE;
+var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE, profileOverride;
 var init_config = __esm(() => {
   CONFIG_DIR = join(homedir(), ".bagdock");
   CREDENTIALS_FILE = join(CONFIG_DIR, "credentials.json");
@@ -2618,6 +2674,59 @@ var init_source = __esm(() => {
   source_default = chalk;
 });
 
+// src/output.ts
+function setOutputMode(opts) {
+  quiet = !!opts.quiet;
+  forceJson = !!opts.json || !!opts.quiet;
+}
+function isJsonMode() {
+  return forceJson || !process.stdout.isTTY;
+}
+function isQuiet() {
+  return quiet;
+}
+function outputSuccess(data) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify(data, null, 2) + `
+`);
+  }
+}
+function outputError(code, message, details) {
+  if (isJsonMode()) {
+    const err = { error: { code, message } };
+    if (details)
+      err.error.details = details;
+    process.stderr.write(JSON.stringify(err) + `
+`);
+    process.exit(1);
+  } else {
+    console.error(source_default.red(`Error [${code}]:`), message);
+    if (details)
+      console.error(details);
+    process.exit(1);
+  }
+}
+function outputList(objectType, data, hasMore) {
+  if (isJsonMode()) {
+    process.stdout.write(JSON.stringify({ object: "list", data, has_more: hasMore }, null, 2) + `
+`);
+  }
+}
+function status(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.dim(message));
+  }
+}
+function success(message) {
+  if (!isQuiet() && !isJsonMode()) {
+    console.log(source_default.green(message));
+  }
+}
+var forceJson = false, quiet = false;
+var init_output = __esm(() => {
+  init_source();
+});
+
 // node_modules/is-docker/index.js
 import fs from "node:fs";
 function hasDockerEnv() {
@@ -3172,6 +3281,18 @@ function getAuthToken() {
   const creds = loadCredentials();
   return creds?.accessToken ?? null;
 }
+function getAuthSource() {
+  if (apiKeyOverride)
+    return { token: apiKeyOverride, source: "flag" };
+  if (process.env.BAGDOCK_API_KEY)
+    return { token: process.env.BAGDOCK_API_KEY, source: "env (BAGDOCK_API_KEY)" };
+  if (process.env.BAGDOCK_TOKEN)
+    return { token: process.env.BAGDOCK_TOKEN, source: "env (BAGDOCK_TOKEN)" };
+  const creds = loadCredentials();
+  if (creds?.accessToken)
+    return { token: creds.accessToken, source: `config (${getActiveProfileName()})` };
+  return { token: null, source: "none" };
+}
 async function login() {
   const existing = loadCredentials();
   if (existing?.accessToken && existing.expiresAt && existing.expiresAt > Date.now()) {
@@ -3228,12 +3349,12 @@ Requesting device authorization...
         console.log("  Email:", source_default.bold(tokens.email));
       if (tokens.operator_id)
         console.log("  Operator:", source_default.bold(tokens.operator_id));
+      console.log("  Profile:", source_default.bold(getActiveProfileName()));
       return;
     }
     const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
-    if (error.error === "authorization_pending") {
+    if (error.error === "authorization_pending")
       continue;
-    }
     if (error.error === "slow_down") {
       await sleep(pollInterval);
       continue;
@@ -3258,7 +3379,7 @@ Requesting device authorization...
 }
 async function logout() {
   clearCredentials();
-  console.log(source_default.green("Logged out."));
+  console.log(source_default.green(`Logged out of profile "${getActiveProfileName()}".`));
 }
 async function whoami() {
   const token = getAuthToken();
@@ -3275,16 +3396,92 @@ async function whoami() {
       process.exit(1);
     }
     const user = await res.json();
-    console.log(source_default.green("Logged in as"), source_default.bold(user.email));
-    if (user.operator_id)
-      console.log("Operator:", source_default.bold(user.operator_id));
-    if (user.name)
-      console.log("Name:", user.name);
+    if (isJsonMode()) {
+      outputSuccess({ ...user, profile: getActiveProfileName() });
+    } else {
+      console.log(source_default.green("Logged in as"), source_default.bold(user.email));
+      if (user.operator_id)
+        console.log("Operator:", source_default.bold(user.operator_id));
+      if (user.name)
+        console.log("Name:", user.name);
+      console.log("Profile:", source_default.bold(getActiveProfileName()));
+    }
   } catch (err) {
     console.log(source_default.red("Failed to reach API:"), err.message);
     process.exit(1);
   }
 }
+async function authList() {
+  const profiles = listProfiles();
+  if (isJsonMode()) {
+    outputSuccess({ profiles });
+    return;
+  }
+  if (!profiles.length) {
+    console.log(source_default.yellow(`
+  No profiles found.`), "Run", source_default.cyan("bagdock login"), `to create one.
+`);
+    return;
+  }
+  console.log();
+  for (const p of profiles) {
+    const marker = p.active ? source_default.green("* ") : "  ";
+    const label = p.active ? source_default.bold(p.name) : p.name;
+    const email = p.email ? source_default.dim(` (${p.email})`) : "";
+    const op = p.operatorId ? source_default.dim(` [${p.operatorId}]`) : "";
+    console.log(`  ${marker}${label}${email}${op}`);
+  }
+  console.log();
+}
+async function authSwitch(name) {
+  const profiles = listProfiles();
+  if (!profiles.length) {
+    console.log(source_default.yellow("No profiles found."), "Run", source_default.cyan("bagdock login"), "first.");
+    process.exit(1);
+  }
+  if (name) {
+    if (switchProfile(name)) {
+      if (isJsonMode()) {
+        outputSuccess({ active_profile: name });
+      } else {
+        console.log(source_default.green(`Switched to profile "${name}".`));
+      }
+    } else {
+      outputError("NOT_FOUND", `Profile "${name}" not found. Available: ${profiles.map((p) => p.name).join(", ")}`);
+    }
+    return;
+  }
+  if (!process.stdout.isTTY) {
+    outputError("MISSING_PROFILE", "Pass a profile name in non-interactive mode: bagdock auth switch <name>");
+  }
+  console.log(source_default.cyan(`
+Available profiles:
+`));
+  profiles.forEach((p, i) => {
+    const marker = p.active ? source_default.green("* ") : "  ";
+    const email = p.email ? source_default.dim(` (${p.email})`) : "";
+    console.log(`  ${marker}${i + 1}. ${p.name}${email}`);
+  });
+  const readline = await import("readline");
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  const answer = await new Promise((resolve) => {
+    rl.question(source_default.cyan(`
+  Enter profile number or name: `), resolve);
+  });
+  rl.close();
+  const idx = parseInt(answer, 10);
+  const target = idx > 0 && idx <= profiles.length ? profiles[idx - 1].name : answer.trim();
+  if (switchProfile(target)) {
+    console.log(source_default.green(`
+  Switched to profile "${target}".
+`));
+  } else {
+    console.log(source_default.red(`
+  Profile "${target}" not found.
+`));
+    process.exit(1);
+  }
+}
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -3292,64 +3489,136 @@ var apiKeyOverride, CLIENT_ID = "bagdock-cli", MAX_POLL_DURATION_MS = 300000;
 var init_auth = __esm(() => {
   init_config();
   init_source();
+  init_output();
 });
 
-// src/output.ts
-function setOutputMode(opts) {
-  if (opts.quiet) {
-    quiet = true;
-    forceJson = true;
+// src/doctor.ts
+var exports_doctor = {};
+__export(exports_doctor, {
+  doctor: () => doctor
+});
+import { existsSync as existsSync3, readFileSync as readFileSync2 } from "fs";
+import { join as join3, dirname } from "path";
+import { homedir as homedir2, platform as platform2 } from "os";
+import { fileURLToPath as fileURLToPath2 } from "url";
+function maskKey(key) {
+  if (key.length <= 12)
+    return key.slice(0, 4) + "...";
+  return key.slice(0, 8) + "..." + key.slice(-4);
+}
+function getLocalVersion() {
+  try {
+    const pkgPath = join3(dirname(fileURLToPath2(import.meta.url)), "..", "package.json");
+    const pkg = JSON.parse(readFileSync2(pkgPath, "utf-8"));
+    return pkg.version ?? "unknown";
+  } catch {
+    return "unknown";
   }
-  if (opts.json) {
-    forceJson = true;
+}
+async function checkVersion() {
+  const local = getLocalVersion();
+  try {
+    const res = await fetch("https://registry.npmjs.org/@bagdock/cli/latest", {
+      signal: AbortSignal.timeout(5000)
+    });
+    if (res.ok) {
+      const data = await res.json();
+      if (data.version === local) {
+        return { name: "CLI Version", status: "pass", message: `v${local} (latest)` };
+      }
+      return { name: "CLI Version", status: "warn", message: `v${local} (update available: v${data.version})` };
+    }
+  } catch {}
+  return { name: "CLI Version", status: "pass", message: `v${local} (registry unreachable)` };
+}
+function checkAuth() {
+  const { token, source } = getAuthSource();
+  if (!token) {
+    return { name: "API Key", status: "fail", message: "No API key found. Run `bagdock login` or set BAGDOCK_API_KEY." };
   }
+  return { name: "API Key", status: "pass", message: `${maskKey(token)} (source: ${source})` };
 }
-function isJsonMode() {
-  return forceJson || !process.stdout.isTTY;
+function checkProjectConfig() {
+  const config = loadBagdockJson(process.cwd());
+  if (!config) {
+    return { name: "Project Config", status: "warn", message: "No bagdock.json found in current directory" };
+  }
+  const issues = [];
+  if (!config.slug)
+    issues.push("missing slug");
+  if (!config.type)
+    issues.push("missing type");
+  if (!config.main)
+    issues.push("missing main");
+  if (issues.length) {
+    return { name: "Project Config", status: "warn", message: `bagdock.json has issues: ${issues.join(", ")}` };
+  }
+  return { name: "Project Config", status: "pass", message: `${config.slug} (${config.type}/${config.kind ?? config.category})` };
 }
-function isQuiet() {
-  return quiet;
+function checkAgents() {
+  const detected = [];
+  const home = homedir2();
+  if (existsSync3(join3(home, ".cursor")))
+    detected.push("Cursor");
+  if (existsSync3(join3(home, ".windsurf")))
+    detected.push("Windsurf");
+  if (existsSync3(join3(home, "clawd", "skills")) || existsSync3(join3(home, ".codex")))
+    detected.push("OpenClaw/Codex");
+  const p = platform2();
+  if (p === "darwin" && existsSync3(join3(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  } else if (p === "win32" && existsSync3(join3(process.env.APPDATA ?? "", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  } else if (p === "linux" && existsSync3(join3(home, ".config", "Claude", "claude_desktop_config.json"))) {
+    detected.push("Claude Desktop");
+  }
+  if (existsSync3(join3(process.cwd(), ".vscode", "mcp.json")))
+    detected.push("VS Code");
+  if (!detected.length) {
+    return { name: "AI Agents", status: "pass", message: "None detected" };
+  }
+  return { name: "AI Agents", status: "pass", message: `Detected: ${detected.join(", ")}` };
 }
-function outputSuccess(data) {
+async function doctor() {
+  const checks = [];
   if (isJsonMode()) {
-    process.stdout.write(JSON.stringify(data, null, 2) + `
-`);
+    checks.push(await checkVersion());
+    checks.push(checkAuth());
+    checks.push(checkProjectConfig());
+    checks.push(checkAgents());
+    const ok = checks.every((c) => c.status !== "fail");
+    outputSuccess({ ok, checks });
+    return;
   }
-}
-function outputError(code, message, details) {
-  if (isJsonMode()) {
-    const err = { error: { code, message } };
-    if (details)
-      err.error.details = details;
-    process.stderr.write(JSON.stringify(err) + `
+  console.log(source_default.bold(`
+  Bagdock Doctor
+`));
+  process.stdout.write("  Checking CLI version...");
+  const versionCheck = await checkVersion();
+  checks.push(versionCheck);
+  process.stdout.write(`\r  ${ICON[versionCheck.status]} ${versionCheck.name}: ${versionCheck.message}
 `);
+  const authCheck = checkAuth();
+  checks.push(authCheck);
+  console.log(`  ${ICON[authCheck.status]} ${authCheck.name}: ${authCheck.message}`);
+  const configCheck = checkProjectConfig();
+  checks.push(configCheck);
+  console.log(`  ${ICON[configCheck.status]} ${configCheck.name}: ${configCheck.message}`);
+  const agentCheck = checkAgents();
+  checks.push(agentCheck);
+  console.log(`  ${ICON[agentCheck.status]} ${agentCheck.name}: ${agentCheck.message}`);
+  console.log();
+  const hasFail = checks.some((c) => c.status === "fail");
+  if (hasFail)
     process.exit(1);
-  } else {
-    console.error(source_default.red(`Error [${code}]:`), message);
-    if (details)
-      console.error(details);
-    process.exit(1);
-  }
-}
-function outputList(objectType, data, hasMore) {
-  if (isJsonMode()) {
-    process.stdout.write(JSON.stringify({ object: "list", data, has_more: hasMore }, null, 2) + `
-`);
-  }
-}
-function status(message) {
-  if (!isQuiet() && !isJsonMode()) {
-    console.log(source_default.dim(message));
-  }
 }
-function success(message) {
-  if (!isQuiet() && !isJsonMode()) {
-    console.log(source_default.green(message));
-  }
-}
-var forceJson = false, quiet = false;
-var init_output = __esm(() => {
+var ICON;
+var init_doctor = __esm(() => {
   init_source();
+  init_auth();
+  init_config();
+  init_output();
+  ICON = { pass: source_default.green("✔"), warn: source_default.yellow("!"), fail: source_default.red("✘") };
 });
 
 // src/dev.ts
@@ -3357,8 +3626,8 @@ var exports_dev = {};
 __export(exports_dev, {
   dev: () => dev
 });
-import { existsSync as existsSync3, writeFileSync as writeFileSync3 } from "fs";
-import { join as join3 } from "path";
+import { existsSync as existsSync4, writeFileSync as writeFileSync3 } from "fs";
+import { join as join4 } from "path";
 import { spawn } from "child_process";
 async function dev(opts) {
   const cwd = process.cwd();
@@ -3369,11 +3638,11 @@ async function dev(opts) {
   }
   const port = opts.port ?? "8787";
   const wranglerToml = generateWranglerToml(config, port);
-  const wranglerPath = join3(cwd, "wrangler.toml");
+  const wranglerPath = join4(cwd, "wrangler.toml");
   writeFileSync3(wranglerPath, wranglerToml);
   console.log(source_default.green("Generated"), source_default.cyan("wrangler.toml"), source_default.green("from bagdock.json"));
-  const devVarsPath = join3(cwd, ".dev.vars");
-  if (!existsSync3(devVarsPath) && config.env) {
+  const devVarsPath = join4(cwd, ".dev.vars");
+  if (!existsSync4(devVarsPath) && config.env) {
     const hint = Object.entries(config.env).map(([key, meta]) => `# ${meta.description ?? key}${meta.required ? " (required)" : ""}
 ${key}=`).join(`
 `);
@@ -3434,8 +3703,8 @@ var exports_deploy = {};
 __export(exports_deploy, {
   deploy: () => deploy
 });
-import { existsSync as existsSync4, readFileSync as readFileSync2 } from "fs";
-import { join as join4 } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync3 } from "fs";
+import { join as join5 } from "path";
 import { execSync } from "child_process";
 import { createInterface } from "readline";
 async function deploy(opts) {
@@ -3476,8 +3745,8 @@ async function deploy(opts) {
   console.log(source_default.cyan(`
 Deploying ${config.slug}@${config.version} → ${envLabel}
 `));
-  const outDir = join4(cwd, ".bagdock");
-  const outFile = join4(outDir, "worker.mjs");
+  const outDir = join5(cwd, ".bagdock");
+  const outFile = join5(outDir, "worker.mjs");
   console.log(source_default.dim("  Building worker bundle..."));
   execSync(`mkdir -p ${outDir}`, { cwd });
   try {
@@ -3493,11 +3762,11 @@ Deploying ${config.slug}@${config.version} → ${envLabel}
       process.exit(1);
     }
   }
-  if (!existsSync4(outFile)) {
+  if (!existsSync5(outFile)) {
     console.error(source_default.red("  Build output not found at"), outFile);
     process.exit(1);
   }
-  const scriptContent = readFileSync2(outFile);
+  const scriptContent = readFileSync3(outFile);
   const sizeKb = (scriptContent.length / 1024).toFixed(1);
   console.log(source_default.dim(`  Bundle size: ${sizeKb} KB`));
   console.log(source_default.dim("  Uploading to Bagdock platform..."));
@@ -3625,14 +3894,430 @@ var init_submit = __esm(() => {
   init_auth();
 });
 
+// src/link.ts
+var exports_link = {};
+__export(exports_link, {
+  resolveSlug: () => resolveSlug,
+  requireSlug: () => requireSlug,
+  link: () => link
+});
+import { existsSync as existsSync6, mkdirSync as mkdirSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync4 } from "fs";
+import { join as join6 } from "path";
+function resolveSlug() {
+  const config = loadBagdockJson(process.cwd());
+  if (config?.slug)
+    return config.slug;
+  const linkPath = join6(process.cwd(), LINK_DIR, LINK_FILE);
+  if (existsSync6(linkPath)) {
+    try {
+      const data = JSON.parse(readFileSync4(linkPath, "utf-8"));
+      return data.slug ?? null;
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function requireSlug(slugArg) {
+  const slug = slugArg ?? resolveSlug();
+  if (!slug) {
+    if (isJsonMode()) {
+      outputError("no_project", "No project found. Pass --slug, add bagdock.json, or run bagdock link.");
+    }
+    console.error(source_default.red("No project found."), "Pass a slug, create bagdock.json, or run", source_default.cyan("bagdock link"));
+    process.exit(1);
+  }
+  return slug;
+}
+async function link(opts) {
+  let slug = opts.slug;
+  if (!slug) {
+    const config = loadBagdockJson(process.cwd());
+    if (config?.slug) {
+      slug = config.slug;
+      status(`Found bagdock.json — linking to ${slug}`);
+    }
+  }
+  if (!slug && process.stdout.isTTY && !isJsonMode()) {
+    const token = getAuthToken();
+    if (!token) {
+      console.error(source_default.red("Not authenticated."), "Run", source_default.cyan("bagdock login"), "first.");
+      process.exit(1);
+    }
+    status("Fetching your apps...");
+    try {
+      const res = await fetch(`${API_BASE}/v1/developer/apps`, {
+        headers: { Authorization: `Bearer ${token}` }
+      });
+      if (!res.ok)
+        throw new Error(`API returned ${res.status}`);
+      const { data } = await res.json();
+      if (!data?.length) {
+        console.error(source_default.yellow("No apps found."), "Create one with", source_default.cyan("bagdock init"));
+        process.exit(1);
+      }
+      console.log(source_default.bold(`
+Your apps:
+`));
+      data.forEach((app, i) => console.log(`  ${source_default.cyan(i + 1)} ${app.name} ${source_default.dim(`(${app.slug})`)}`));
+      console.log();
+      const readline = await import("readline");
+      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      const answer = await new Promise((resolve) => rl.question("Select app number: ", resolve));
+      rl.close();
+      const idx = parseInt(answer, 10) - 1;
+      if (isNaN(idx) || idx < 0 || idx >= data.length) {
+        console.error(source_default.red("Invalid selection"));
+        process.exit(1);
+      }
+      slug = data[idx].slug;
+    } catch (err) {
+      console.error(source_default.red("Failed to fetch apps:"), err.message);
+      process.exit(1);
+    }
+  }
+  if (!slug) {
+    outputError("missing_slug", "Slug required. Pass --slug in non-interactive mode.");
+    process.exit(1);
+  }
+  const dir = join6(process.cwd(), LINK_DIR);
+  if (!existsSync6(dir))
+    mkdirSync3(dir, { recursive: true });
+  const linkData = { slug, linkedAt: new Date().toISOString() };
+  writeFileSync4(join6(dir, LINK_FILE), JSON.stringify(linkData, null, 2));
+  if (isJsonMode()) {
+    outputSuccess({ slug, path: join6(dir, LINK_FILE) });
+  } else {
+    console.log(source_default.green(`Linked to ${source_default.bold(slug)}`));
+    console.log(source_default.dim(`  Stored in ${LINK_DIR}/${LINK_FILE}`));
+  }
+}
+var LINK_DIR = ".bagdock", LINK_FILE = "link.json";
+var init_link = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/validate.ts
+var exports_validate = {};
+__export(exports_validate, {
+  validate: () => validate
+});
+import { existsSync as existsSync7, statSync } from "fs";
+import { join as join7 } from "path";
+async function validate() {
+  const checks = [];
+  const dir = process.cwd();
+  const config = loadBagdockJson(dir);
+  if (!config) {
+    checks.push({ name: "bagdock.json", status: "fail", message: "Not found or invalid JSON" });
+    return finish(checks);
+  }
+  checks.push({ name: "bagdock.json", status: "pass", message: "Found and parsed" });
+  const required = ["name", "slug", "version", "type", "category", "main"];
+  const missing = required.filter((f) => !config[f]);
+  if (missing.length) {
+    checks.push({ name: "Required fields", status: "fail", message: `Missing: ${missing.join(", ")}` });
+  } else {
+    checks.push({ name: "Required fields", status: "pass", message: "All present" });
+  }
+  if (!VALID_TYPES.includes(config.type)) {
+    checks.push({ name: "Type", status: "fail", message: `Invalid type "${config.type}". Must be: ${VALID_TYPES.join(", ")}` });
+  } else {
+    checks.push({ name: "Type", status: "pass", message: config.type });
+  }
+  if (config.kind && !VALID_KINDS.includes(config.kind)) {
+    checks.push({ name: "Kind", status: "warn", message: `Unknown kind "${config.kind}". Expected: ${VALID_KINDS.join(", ")}` });
+  }
+  const entryPath = join7(dir, config.main);
+  if (!existsSync7(entryPath)) {
+    checks.push({ name: "Entry point", status: "fail", message: `File not found: ${config.main}` });
+  } else {
+    const size = statSync(entryPath).size;
+    checks.push({ name: "Entry point", status: "pass", message: `${config.main} (${(size / 1024).toFixed(1)} KB)` });
+    if (size > MAX_BUNDLE_BYTES) {
+      checks.push({ name: "Bundle size", status: "fail", message: `${(size / 1024 / 1024).toFixed(1)} MB exceeds ${MAX_BUNDLE_BYTES / 1024 / 1024} MB limit` });
+    } else if (size > MAX_BUNDLE_BYTES * 0.8) {
+      checks.push({ name: "Bundle size", status: "warn", message: `${(size / 1024 / 1024).toFixed(1)} MB — approaching limit` });
+    } else {
+      checks.push({ name: "Bundle size", status: "pass", message: `${(size / 1024).toFixed(1)} KB` });
+    }
+  }
+  const linked = resolveSlug();
+  if (linked && linked !== config.slug) {
+    checks.push({ name: "Project link", status: "warn", message: `bagdock.json slug "${config.slug}" differs from linked project "${linked}"` });
+  }
+  return finish(checks);
+}
+function finish(checks) {
+  const hasFail = checks.some((c) => c.status === "fail");
+  const hasWarn = checks.some((c) => c.status === "warn");
+  if (isJsonMode()) {
+    outputSuccess({ ok: !hasFail, checks });
+    if (hasFail)
+      process.exit(1);
+    return;
+  }
+  console.log(source_default.bold(`
+  Bagdock Validate
+`));
+  for (const c of checks) {
+    const icon = c.status === "pass" ? source_default.green("✔") : c.status === "warn" ? source_default.yellow("⚠") : source_default.red("✖");
+    console.log(`  ${icon} ${c.name}: ${c.message}`);
+  }
+  console.log();
+  if (hasFail) {
+    console.log(source_default.red(`  Validation failed. Fix errors before submitting.
+`));
+    process.exit(1);
+  } else if (hasWarn) {
+    console.log(source_default.yellow(`  Passed with warnings.
+`));
+  } else {
+    console.log(source_default.green(`  All checks passed. Ready to submit.
+`));
+  }
+}
+var VALID_TYPES, VALID_KINDS, MAX_BUNDLE_BYTES;
+var init_validate = __esm(() => {
+  init_source();
+  init_config();
+  init_output();
+  init_link();
+  VALID_TYPES = ["edge", "app"];
+  VALID_KINDS = ["adapter", "comms", "webhook", "ui-extension", "microfrontend"];
+  MAX_BUNDLE_BYTES = 10 * 1024 * 1024;
+});
+
+// src/submission.ts
+var exports_submission = {};
+__export(exports_submission, {
+  submissionWithdraw: () => submissionWithdraw,
+  submissionStatus: () => submissionStatus,
+  submissionList: () => submissionList
+});
+function requireAuth() {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("auth_error", "Not authenticated. Run bagdock login or set BAGDOCK_API_KEY.");
+    process.exit(1);
+  }
+  return token;
+}
+async function submissionList(opts) {
+  const token = requireAuth();
+  const slug = requireSlug(opts.app);
+  status(`Fetching submissions for ${slug}...`);
+  try {
+    const res = await fetch(`${API_BASE}/v1/developer/apps/${slug}/submissions`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (res.status === 404) {
+      outputError("not_found", `App "${slug}" not found or no submissions exist.`);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputList("submission", data, false);
+      return;
+    }
+    if (!data?.length) {
+      console.log(source_default.yellow("No submissions found for this app."));
+      console.log("Submit with", source_default.cyan("bagdock submit"));
+      return;
+    }
+    console.log(source_default.bold(`
+Submissions for ${slug}:
+`));
+    console.log(`  ${"ID".padEnd(22)} ${"Version".padEnd(10)} ${"Reason".padEnd(30)} ${"Date"}`);
+    console.log(source_default.dim("  " + "─".repeat(80)));
+    for (const s of data) {
+      console.log(`  ${source_default.cyan(s.id.padEnd(22))} ${(s.version ?? "").padEnd(10)} ${(s.change_reason ?? "").slice(0, 30).padEnd(30)} ${source_default.dim(new Date(s.created_at).toLocaleDateString())}`);
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+async function submissionStatus(id, opts) {
+  const token = requireAuth();
+  const slug = requireSlug(opts.app);
+  status(`Fetching submission ${id}...`);
+  try {
+    const res = await fetch(`${API_BASE}/v1/developer/apps/${slug}/submissions/${id}`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (res.status === 404) {
+      outputError("not_found", `Submission "${id}" not found.`);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.bold(`
+  Submission ${source_default.cyan(data.id)}
+`));
+    const fields = [
+      ["App", `${data.name} (${data.slug})`],
+      ["Version", data.version],
+      ["Review Status", data.review_status],
+      ["Type", data.type],
+      ["Visibility", data.visibility],
+      ["Reason", data.change_reason],
+      ["Submitted by", data.changed_by],
+      ["Date", new Date(data.created_at).toLocaleString()]
+    ];
+    for (const [label, value] of fields) {
+      console.log(`  ${source_default.dim(label.padEnd(16))} ${value ?? source_default.dim("—")}`);
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+async function submissionWithdraw(id, opts) {
+  const token = requireAuth();
+  const slug = requireSlug(opts.app);
+  status(`Withdrawing submission ${id}...`);
+  try {
+    const res = await fetch(`${API_BASE}/v1/developer/apps/${slug}/submissions/${id}/withdraw`, {
+      method: "POST",
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (res.status === 404) {
+      outputError("not_found", `App "${slug}" not found.`);
+    }
+    if (res.status === 409) {
+      const body = await res.json();
+      outputError(body.code ?? "invalid_status", body.message);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.green(`Submission withdrawn.`), source_default.dim(`Status is now: ${data.review_status}`));
+    console.log("You can re-submit with", source_default.cyan("bagdock submit"));
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+var init_submission = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+  init_link();
+});
+
+// src/open.ts
+var exports_open2 = {};
+__export(exports_open2, {
+  open: () => open2
+});
+async function open2(slugArg) {
+  const slug = requireSlug(slugArg);
+  const url = `${DASHBOARD_BASE}/developer/apps/${slug}`;
+  if (isJsonMode()) {
+    outputSuccess({ url, slug });
+    return;
+  }
+  status(`Opening ${url}`);
+  await open_default(url);
+  console.log(source_default.green("Opened"), source_default.cyan(url));
+}
+var init_open2 = __esm(() => {
+  init_source();
+  init_open();
+  init_config();
+  init_output();
+  init_link();
+});
+
+// src/inspect.ts
+var exports_inspect = {};
+__export(exports_inspect, {
+  inspect: () => inspect
+});
+async function inspect(slugArg) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("auth_error", "Not authenticated. Run bagdock login or set BAGDOCK_API_KEY.");
+    process.exit(1);
+  }
+  const slug = requireSlug(slugArg);
+  status(`Inspecting ${slug}...`);
+  try {
+    const res = await fetch(`${API_BASE}/v1/developer/apps/${slug}`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (res.status === 404)
+      outputError("not_found", `App "${slug}" not found.`);
+    if (!res.ok)
+      outputError("api_error", `API returned ${res.status}`);
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.bold(`
+  ${data.name} ${source_default.dim(`(${data.slug})`)}
+`));
+    const fields = [
+      ["ID", data.id],
+      ["Type", data.type],
+      ["Category", data.category],
+      ["Version", data.version],
+      ["Maintainer", data.maintainer],
+      ["Visibility", data.visibility],
+      ["Review Status", data.review_status],
+      ["Active", data.is_active ? "yes" : "no"],
+      ["Worker URL", data.worker_url],
+      ["Namespace", data.worker_namespace],
+      ["Created", data.created_at ? new Date(data.created_at).toLocaleString() : undefined],
+      ["Updated", data.updated_at ? new Date(data.updated_at).toLocaleString() : undefined],
+      ["Published", data.published_at ? new Date(data.published_at).toLocaleString() : undefined]
+    ];
+    for (const [label, value] of fields) {
+      if (value !== undefined && value !== null) {
+        console.log(`  ${source_default.dim(label.padEnd(16))} ${value}`);
+      }
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+var init_inspect = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_output();
+  init_link();
+});
+
 // src/env-cmd.ts
 var exports_env_cmd = {};
 __export(exports_env_cmd, {
   envSet: () => envSet,
   envRemove: () => envRemove,
+  envPull: () => envPull,
   envList: () => envList
 });
-function requireAuth() {
+import { writeFileSync as writeFileSync5 } from "fs";
+import { resolve } from "path";
+function requireAuth2() {
   const token = getAuthToken();
   if (!token) {
     console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
@@ -3649,7 +4334,7 @@ function requireConfig() {
   return config;
 }
 async function envList() {
-  const token = requireAuth();
+  const token = requireAuth2();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
@@ -3678,7 +4363,7 @@ Environment variables for ${config.slug}:
   }
 }
 async function envSet(key, value) {
-  const token = requireAuth();
+  const token = requireAuth2();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
@@ -3701,7 +4386,7 @@ async function envSet(key, value) {
   }
 }
 async function envRemove(key) {
-  const token = requireAuth();
+  const token = requireAuth2();
   const config = requireConfig();
   try {
     const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env/${key}`, {
@@ -3718,10 +4403,52 @@ async function envRemove(key) {
     process.exit(1);
   }
 }
+async function envPull(file) {
+  const token = requireAuth2();
+  const slug = requireSlug();
+  const target = resolve(file ?? ".env.local");
+  status(`Pulling env vars for ${slug}...`);
+  try {
+    const res = await fetch(`${API_BASE}/v1/developer/apps/${slug}/env`, {
+      headers: { Authorization: `Bearer ${token}` }
+    });
+    if (!res.ok) {
+      outputError("api_error", `Failed to pull env vars (${res.status})`);
+      process.exit(1);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess({ file: target, keys: data.map((v) => v.key) });
+      return;
+    }
+    if (!data?.length) {
+      console.log(source_default.yellow("No environment variables set."));
+      return;
+    }
+    const lines = [
+      `# Pulled from Bagdock — ${slug}`,
+      `# ${new Date().toISOString()}`,
+      `# Values are placeholders — the API does not expose secrets.`,
+      `# Fill in real values for local development.`,
+      "",
+      ...data.map((v) => `${v.key}=`),
+      ""
+    ];
+    writeFileSync5(target, lines.join(`
+`));
+    console.log(source_default.green(`Wrote ${data.length} keys to ${target}`));
+    console.log(source_default.yellow("Note:"), "Values are empty — fill them in for local dev.");
+  } catch (err) {
+    console.error(source_default.red("Failed:"), err.message);
+    process.exit(1);
+  }
+}
 var init_env_cmd = __esm(() => {
   init_source();
   init_config();
   init_auth();
+  init_output();
+  init_link();
 });
 
 // src/keys.ts
@@ -3940,7 +4667,7 @@ async function apiRequest3(method, path2) {
     headers: { Authorization: `Bearer ${token}` }
   });
 }
-function resolveSlug(slug) {
+function resolveSlug2(slug) {
   if (slug)
     return slug;
   const config = loadBagdockJson(process.cwd());
@@ -3950,7 +4677,7 @@ function resolveSlug(slug) {
   return "";
 }
 async function logsList(opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   const limit = opts.limit || "50";
   status(`Fetching logs for ${slug}...`);
   const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?limit=${limit}`);
@@ -3981,7 +4708,7 @@ async function logsList(opts) {
   }
 }
 async function logsGet(id, opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   status(`Fetching log entry ${id}...`);
   const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs/${id}`);
   if (!res.ok) {
@@ -3996,7 +4723,7 @@ async function logsGet(id, opts) {
   }
 }
 async function logsTail(opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   if (isJsonMode()) {
     outputError("UNSUPPORTED", "Log tailing is not supported in JSON mode. Use `logs list` instead.");
   }
@@ -4304,16 +5031,26 @@ function toPascalCase(s) {
 
 // bin/bagdock.ts
 init_output();
+init_config();
 var program2 = new Command;
-program2.name("bagdock").description("Bagdock developer CLI").version("0.1.4").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").hook("preAction", (_thisCommand, actionCommand) => {
+program2.name("bagdock").description("Bagdock developer CLI — built for humans, AI agents, and CI/CD pipelines").version("0.4.0").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").option("-p, --profile <name>", "Profile to use (overrides BAGDOCK_PROFILE)").hook("preAction", (_thisCommand, actionCommand) => {
   const opts = program2.opts();
   setOutputMode({ json: opts.json, quiet: opts.quiet });
   if (opts.apiKey)
     setApiKeyOverride(opts.apiKey);
+  if (opts.profile)
+    setProfileOverride(opts.profile);
 });
 program2.command("login").description("Authenticate with Bagdock (opens browser)").action(login);
 program2.command("logout").description("Clear stored credentials").action(logout);
 program2.command("whoami").description("Show current authenticated user").action(whoami);
+var authCmd = program2.command("auth").description("Manage authentication profiles");
+authCmd.command("list").description("List all stored profiles").action(authList);
+authCmd.command("switch [name]").description("Switch active profile").action(async (name) => authSwitch(name));
+program2.command("doctor").description("Run environment diagnostics").action(async () => {
+  const { doctor: doctor2 } = await Promise.resolve().then(() => (init_doctor(), exports_doctor));
+  await doctor2();
+});
 program2.command("init [dir]").description("Scaffold a new project with bagdock.json").option("-t, --type <type>", "Project type (edge, app)").option("-k, --kind <kind>", "Project kind (adapter, comms, webhook, ui-extension, microfrontend)").option("-c, --category <category>", "Category").option("-s, --slug <slug>", "Unique project slug").option("-n, --name <name>", "Display name").action((dir, opts) => init(dir ?? ".", opts));
 program2.command("dev").description("Start local dev server").option("-p, --port <port>", "Local dev port", "8787").action(async (opts) => {
   const { dev: dev2 } = await Promise.resolve().then(() => (init_dev(), exports_dev));
@@ -4327,6 +5064,35 @@ program2.command("submit").description("Submit app for Bagdock marketplace revie
   const { submit: submit2 } = await Promise.resolve().then(() => (init_submit(), exports_submit));
   await submit2();
 });
+program2.command("validate").description("Run local pre-submission checks on bagdock.json and bundle").action(async () => {
+  const { validate: validate2 } = await Promise.resolve().then(() => (init_validate(), exports_validate));
+  await validate2();
+});
+var subCmd = program2.command("submission").description("Track marketplace submission status");
+subCmd.command("list").description("List submission history for the current app").option("--app <slug>", "App slug (defaults to bagdock.json or linked project)").action(async (opts) => {
+  const { submissionList: submissionList2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionList2(opts);
+});
+subCmd.command("status <id>").description("Fetch detailed review state for a submission").option("--app <slug>", "App slug").action(async (id, opts) => {
+  const { submissionStatus: submissionStatus2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionStatus2(id, opts);
+});
+subCmd.command("withdraw <id>").description("Cancel a pending submission before approval").option("--app <slug>", "App slug").action(async (id, opts) => {
+  const { submissionWithdraw: submissionWithdraw2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionWithdraw2(id, opts);
+});
+program2.command("open [slug]").description("Open project in the Bagdock dashboard").action(async (slug) => {
+  const { open: open3 } = await Promise.resolve().then(() => (init_open2(), exports_open2));
+  await open3(slug);
+});
+program2.command("inspect [slug]").description("Show deployment details and status for an app").action(async (slug) => {
+  const { inspect: inspect2 } = await Promise.resolve().then(() => (init_inspect(), exports_inspect));
+  await inspect2(slug);
+});
+program2.command("link").description("Link current directory to a Bagdock app or edge").option("--slug <slug>", "Project slug (required in non-interactive mode)").action(async (opts) => {
+  const { link: link2 } = await Promise.resolve().then(() => (init_link(), exports_link));
+  await link2(opts);
+});
 var envCmd = program2.command("env").description("Manage app environment variables");
 envCmd.command("list").description("List environment variables for this app").action(async () => {
   const { envList: envList2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
@@ -4340,6 +5106,10 @@ envCmd.command("remove <key>").description("Remove an environment variable").act
   const { envRemove: envRemove2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
   await envRemove2(key);
 });
+envCmd.command("pull [file]").description("Pull remote env var keys to a local .env file").action(async (file) => {
+  const { envPull: envPull2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
+  await envPull2(file);
+});
 var keysCmd = program2.command("keys").description("Manage operator API keys");
 keysCmd.command("create").description("Create a new API key (raw key shown once)").requiredOption("--name <name>", "Key name").option("--type <type>", "Key type (secret, publishable)", "secret").option("--category <category>", "Key category (standard, restricted, personal)", "standard").option("--environment <env>", "Environment (live, test)", "live").option("--scopes <scopes...>", "Permission scopes").action(async (opts) => {
   const { keysCreate: keysCreate2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));