@bagdock/cli 0.3.0 → 0.5.0

package/dist/bagdock.js

@@ -2088,6 +2088,12 @@ import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
 function setProfileOverride(name) {
   profileOverride = name;
 }
+function setEnvironmentOverride(env) {
+  envOverride = env;
+}
+function getEnvironmentOverride() {
+  return envOverride;
+}
 function ensureConfigDir() {
   if (!existsSync(CONFIG_DIR)) {
     mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
@@ -2153,6 +2159,8 @@ function listProfiles() {
     name,
     email: creds.email,
     operatorId: creds.operatorId,
+    operatorSlug: creds.operatorSlug,
+    environment: creds.environment,
     active: name === store.activeProfile
   }));
 }
@@ -2167,6 +2175,46 @@ function switchProfile(name) {
 function getActiveProfileName() {
   return resolveProfile();
 }
+function resolveLinkEnvironment() {
+  try {
+    const p = join(process.cwd(), ".bagdock", "link.json");
+    if (!existsSync(p))
+      return;
+    const data = JSON.parse(readFileSync(p, "utf-8"));
+    if (data.environment === "live" || data.environment === "test")
+      return data.environment;
+    return;
+  } catch {
+    return;
+  }
+}
+function resolveEnvironment() {
+  if (envOverride)
+    return envOverride;
+  const envVar = process.env.BAGDOCK_ENV;
+  if (envVar === "test" || envVar === "live")
+    return envVar;
+  const creds = loadCredentials();
+  return creds?.environment ?? "live";
+}
+function resolveOperatorSlug() {
+  const envVar = process.env.BAGDOCK_OPERATOR;
+  if (envVar)
+    return envVar;
+  const creds = loadCredentials();
+  return creds?.operatorSlug;
+}
+function updateProfileContext(operatorId, operatorSlug, environment) {
+  const creds = loadCredentials();
+  if (!creds)
+    return;
+  saveCredentials({
+    ...creds,
+    operatorId,
+    operatorSlug,
+    environment
+  });
+}
 function loadBagdockJson(dir) {
   const file = join(dir, "bagdock.json");
   if (!existsSync(file))
@@ -2177,7 +2225,7 @@ function loadBagdockJson(dir) {
     return null;
   }
 }
-var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE, profileOverride;
+var CONFIG_DIR, CREDENTIALS_FILE, API_BASE, DASHBOARD_BASE, profileOverride, envOverride;
 var init_config = __esm(() => {
   CONFIG_DIR = join(homedir(), ".bagdock");
   CREDENTIALS_FILE = join(CONFIG_DIR, "credentials.json");
@@ -3341,15 +3389,27 @@ Requesting device authorization...
         refreshToken: tokens.refresh_token,
         expiresAt: tokens.expires_in ? Date.now() + tokens.expires_in * 1000 : undefined,
         email: tokens.email,
-        operatorId: tokens.operator_id
+        operatorId: tokens.operator_id,
+        operatorSlug: tokens.operator_slug,
+        environment: "live"
       });
       console.log(source_default.green(`
   Logged in successfully!`));
       if (tokens.email)
         console.log("  Email:", source_default.bold(tokens.email));
-      if (tokens.operator_id)
-        console.log("  Operator:", source_default.bold(tokens.operator_id));
+      if (tokens.operator_slug) {
+        console.log("  Operator:", source_default.bold(tokens.operator_slug));
+      } else if (tokens.operator_id) {
+        console.log("  Operator ID:", source_default.bold(tokens.operator_id));
+      }
+      console.log("  Environment:", source_default.bold("live"));
       console.log("  Profile:", source_default.bold(getActiveProfileName()));
+      if (!tokens.operator_slug) {
+        await resolveOperatorAfterLogin(tokens.access_token);
+      } else {
+        console.log();
+        console.log(source_default.dim("  Tip: run"), source_default.cyan("bagdock switch"), source_default.dim("to change operator or environment."));
+      }
       return;
     }
     const error = await tokenRes.json().catch(() => ({ error: "unknown" }));
@@ -3396,12 +3456,22 @@ async function whoami() {
       process.exit(1);
     }
     const user = await res.json();
+    const creds = loadCredentials();
     if (isJsonMode()) {
-      outputSuccess({ ...user, profile: getActiveProfileName() });
+      outputSuccess({
+        ...user,
+        profile: getActiveProfileName(),
+        operator_slug: creds?.operatorSlug,
+        environment: creds?.environment ?? "live"
+      });
     } else {
       console.log(source_default.green("Logged in as"), source_default.bold(user.email));
-      if (user.operator_id)
-        console.log("Operator:", source_default.bold(user.operator_id));
+      if (creds?.operatorSlug) {
+        console.log("Operator:", source_default.bold(creds.operatorSlug));
+      } else if (user.operator_id) {
+        console.log("Operator ID:", source_default.bold(user.operator_id));
+      }
+      console.log("Environment:", source_default.bold(creds?.environment ?? "live"));
       if (user.name)
         console.log("Name:", user.name);
       console.log("Profile:", source_default.bold(getActiveProfileName()));
@@ -3428,8 +3498,9 @@ async function authList() {
     const marker = p.active ? source_default.green("* ") : "  ";
     const label = p.active ? source_default.bold(p.name) : p.name;
     const email = p.email ? source_default.dim(` (${p.email})`) : "";
-    const op = p.operatorId ? source_default.dim(` [${p.operatorId}]`) : "";
-    console.log(`  ${marker}${label}${email}${op}`);
+    const operator = p.operatorSlug ? source_default.dim(` ${p.operatorSlug}`) : p.operatorId ? source_default.dim(` ${p.operatorId}`) : "";
+    const env2 = p.environment ? source_default.dim(` [${p.environment}]`) : "";
+    console.log(`  ${marker}${label}${email}${operator}${env2}`);
   }
   console.log();
 }
@@ -3482,6 +3553,28 @@ Available profiles:
     process.exit(1);
   }
 }
+async function resolveOperatorAfterLogin(accessToken) {
+  try {
+    const res = await fetch(`${API_BASE}/api/v1/me/operators`, {
+      headers: { Authorization: `Bearer ${accessToken}` }
+    });
+    if (!res.ok)
+      return;
+    const body = await res.json();
+    const operators = body.data ?? [];
+    if (operators.length === 1) {
+      const op = operators[0];
+      updateProfileContext(op.id, op.slug, "live");
+      console.log("  Operator:", source_default.bold(`${op.name} (${op.slug})`));
+      console.log();
+      console.log(source_default.dim("  Tip: run"), source_default.cyan("bagdock switch"), source_default.dim("to change environment to test/sandbox."));
+    } else if (operators.length > 1) {
+      console.log();
+      console.log(source_default.dim(`  You have access to ${operators.length} operators.`));
+      console.log(source_default.dim("  Run"), source_default.cyan("bagdock switch"), source_default.dim("to select one."));
+    }
+  } catch {}
+}
 function sleep(ms) {
   return new Promise((resolve) => setTimeout(resolve, ms));
 }
@@ -3492,6 +3585,175 @@ var init_auth = __esm(() => {
   init_output();
 });
 
+// src/api.ts
+function resolveFullEnvironment() {
+  const flagOverride = getEnvironmentOverride();
+  if (flagOverride)
+    return flagOverride;
+  const linkEnv = resolveLinkEnvironment();
+  if (linkEnv)
+    return linkEnv;
+  return resolveEnvironment();
+}
+async function apiFetch(path2, init2) {
+  const token = getAuthToken();
+  if (!token) {
+    outputError("auth_error", "Not authenticated. Run bagdock login or set BAGDOCK_API_KEY.");
+    process.exit(1);
+  }
+  const env2 = resolveFullEnvironment();
+  const opSlug = resolveOperatorSlug();
+  const headers = new Headers(init2?.headers);
+  headers.set("Authorization", `Bearer ${token}`);
+  headers.set("X-Environment", env2);
+  if (opSlug)
+    headers.set("X-Operator-Slug", opSlug);
+  return fetch(`${API_BASE}${path2}`, { ...init2, headers });
+}
+async function apiFetchJson(path2, method, body) {
+  return apiFetch(path2, {
+    method,
+    headers: { "Content-Type": "application/json" },
+    body: JSON.stringify(body)
+  });
+}
+var init_api = __esm(() => {
+  init_config();
+  init_auth();
+  init_output();
+});
+
+// src/switch.ts
+var exports_switch = {};
+__export(exports_switch, {
+  switchContext: () => switchContext
+});
+async function fetchOperators() {
+  const res = await apiFetch("/api/v1/me/operators");
+  if (!res.ok) {
+    const err = await res.json().catch(() => ({}));
+    throw new Error(err?.error?.message || `API returned ${res.status}`);
+  }
+  const body = await res.json();
+  return body.data ?? [];
+}
+async function fetchSandboxes() {
+  const res = await apiFetch("/api/v1/me/sandboxes");
+  if (!res.ok)
+    return [];
+  const body = await res.json();
+  return body.data ?? [];
+}
+function prompt(question) {
+  const readline = __require("readline");
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise((resolve) => rl.question(question, (answer) => {
+    rl.close();
+    resolve(answer.trim());
+  }));
+}
+async function switchContext(opts) {
+  status("Fetching your operators...");
+  let operators;
+  try {
+    operators = await fetchOperators();
+  } catch (err) {
+    outputError("api_error", `Failed to list operators: ${err.message}`);
+    return;
+  }
+  if (!operators.length) {
+    outputError("no_operators", "No operators found for your account.");
+    return;
+  }
+  let selected;
+  if (opts.operator) {
+    const match = operators.find((o) => o.slug === opts.operator || o.id === opts.operator);
+    if (!match) {
+      outputError("not_found", `Operator "${opts.operator}" not found. Available: ${operators.map((o) => o.slug).join(", ")}`);
+      return;
+    }
+    selected = match;
+  } else if (operators.length === 1) {
+    selected = operators[0];
+    if (!isJsonMode()) {
+      console.log(source_default.dim(`  Auto-selected: ${selected.name} (${selected.slug})`));
+    }
+  } else if (!process.stdout.isTTY || isJsonMode()) {
+    outputError("operator_required", `Multiple operators available. Pass --operator <slug>. Available: ${operators.map((o) => o.slug).join(", ")}`);
+    return;
+  } else {
+    console.log(source_default.bold(`
+  Select operator:
+`));
+    operators.forEach((op, i) => {
+      console.log(`    ${source_default.cyan(String(i + 1))} ${op.name} ${source_default.dim(`(${op.slug})`)}`);
+    });
+    console.log();
+    const answer = await prompt("  > ");
+    const idx = parseInt(answer, 10) - 1;
+    if (isNaN(idx) || idx < 0 || idx >= operators.length) {
+      outputError("invalid_selection", "Invalid selection.");
+      return;
+    }
+    selected = operators[idx];
+  }
+  let environment = "live";
+  if (opts.env) {
+    if (opts.env !== "live" && opts.env !== "test") {
+      outputError("invalid_env", 'Environment must be "live" or "test".');
+      return;
+    }
+    environment = opts.env;
+  } else if (process.stdout.isTTY && !isJsonMode()) {
+    status("Fetching sandboxes...");
+    updateProfileContext(selected.id, selected.slug, "live");
+    const sandboxes = await fetchSandboxes();
+    console.log(source_default.bold(`
+  Select environment:
+`));
+    console.log(`    ${source_default.cyan("1")} Live`);
+    if (sandboxes.length > 0) {
+      sandboxes.forEach((sb, i) => {
+        const tag = sb.is_default ? source_default.dim(" (default)") : "";
+        console.log(`    ${source_default.cyan(String(i + 2))} Sandbox: ${sb.name}${tag}`);
+      });
+    } else {
+      console.log(`    ${source_default.cyan("2")} Test ${source_default.dim("(default sandbox)")}`);
+    }
+    console.log();
+    const envAnswer = await prompt("  > ");
+    const envIdx = parseInt(envAnswer, 10);
+    if (envIdx === 1) {
+      environment = "live";
+    } else if (sandboxes.length > 0 && envIdx >= 2 && envIdx <= sandboxes.length + 1) {
+      environment = "test";
+    } else if (envIdx === 2 && sandboxes.length === 0) {
+      environment = "test";
+    } else {
+      outputError("invalid_selection", "Invalid selection.");
+      return;
+    }
+  }
+  updateProfileContext(selected.id, selected.slug, environment);
+  if (isJsonMode()) {
+    outputSuccess({
+      operator: { id: selected.id, slug: selected.slug, name: selected.name },
+      environment
+    });
+  } else {
+    const envLabel = environment === "test" ? source_default.yellow("test") : source_default.green("live");
+    console.log();
+    console.log(source_default.green("  Switched to"), source_default.bold(selected.name), source_default.dim(`(${selected.slug})`), `[${envLabel}]`);
+    console.log();
+  }
+}
+var init_switch = __esm(() => {
+  init_source();
+  init_config();
+  init_api();
+  init_output();
+});
+
 // src/doctor.ts
 var exports_doctor = {};
 __export(exports_doctor, {
@@ -3579,11 +3841,30 @@ function checkAgents() {
   }
   return { name: "AI Agents", status: "pass", message: `Detected: ${detected.join(", ")}` };
 }
+function checkOperatorContext() {
+  const creds = loadCredentials();
+  const slug = resolveOperatorSlug();
+  const env2 = resolveEnvironment();
+  const profile = getActiveProfileName();
+  if (!slug) {
+    return {
+      name: "Operator Context",
+      status: "warn",
+      message: `No operator selected (profile: ${profile}). Run \`bagdock switch\` to set one.`
+    };
+  }
+  return {
+    name: "Operator Context",
+    status: "pass",
+    message: `${slug} [${env2}] (profile: ${profile})`
+  };
+}
 async function doctor() {
   const checks = [];
   if (isJsonMode()) {
     checks.push(await checkVersion());
     checks.push(checkAuth());
+    checks.push(checkOperatorContext());
     checks.push(checkProjectConfig());
     checks.push(checkAgents());
     const ok = checks.every((c) => c.status !== "fail");
@@ -3601,6 +3882,9 @@ async function doctor() {
   const authCheck = checkAuth();
   checks.push(authCheck);
   console.log(`  ${ICON[authCheck.status]} ${authCheck.name}: ${authCheck.message}`);
+  const contextCheck = checkOperatorContext();
+  checks.push(contextCheck);
+  console.log(`  ${ICON[contextCheck.status]} ${contextCheck.name}: ${contextCheck.message}`);
   const configCheck = checkProjectConfig();
   checks.push(configCheck);
   console.log(`  ${ICON[configCheck.status]} ${configCheck.name}: ${configCheck.message}`);
@@ -3825,10 +4109,10 @@ Deploying ${config.slug}@${config.version} → ${envLabel}
     process.exit(1);
   }
 }
-function confirm(prompt) {
+function confirm(prompt2) {
   return new Promise((resolve) => {
     const rl = createInterface({ input: process.stdin, output: process.stdout });
-    rl.question(prompt, (answer) => {
+    rl.question(prompt2, (answer) => {
       rl.close();
       resolve(answer.toLowerCase() === "y" || answer.toLowerCase() === "yes");
     });
@@ -3894,21 +4178,412 @@ var init_submit = __esm(() => {
   init_auth();
 });
 
+// src/link.ts
+var exports_link = {};
+__export(exports_link, {
+  resolveSlug: () => resolveSlug,
+  requireSlug: () => requireSlug,
+  link: () => link
+});
+import { existsSync as existsSync6, mkdirSync as mkdirSync3, readFileSync as readFileSync4, writeFileSync as writeFileSync4 } from "fs";
+import { join as join6 } from "path";
+function resolveSlug() {
+  const config = loadBagdockJson(process.cwd());
+  if (config?.slug)
+    return config.slug;
+  const linkPath = join6(process.cwd(), LINK_DIR, LINK_FILE);
+  if (existsSync6(linkPath)) {
+    try {
+      const data = JSON.parse(readFileSync4(linkPath, "utf-8"));
+      return data.slug ?? null;
+    } catch {
+      return null;
+    }
+  }
+  return null;
+}
+function requireSlug(slugArg) {
+  const slug = slugArg ?? resolveSlug();
+  if (!slug) {
+    if (isJsonMode()) {
+      outputError("no_project", "No project found. Pass --slug, add bagdock.json, or run bagdock link.");
+    }
+    console.error(source_default.red("No project found."), "Pass a slug, create bagdock.json, or run", source_default.cyan("bagdock link"));
+    process.exit(1);
+  }
+  return slug;
+}
+async function link(opts) {
+  let slug = opts.slug;
+  const linkEnv = opts.env === "test" || opts.env === "live" ? opts.env : undefined;
+  if (!slug) {
+    const config = loadBagdockJson(process.cwd());
+    if (config?.slug) {
+      slug = config.slug;
+      status(`Found bagdock.json — linking to ${slug}`);
+    }
+  }
+  if (!slug && process.stdout.isTTY && !isJsonMode()) {
+    const token = getAuthToken();
+    if (!token) {
+      console.error(source_default.red("Not authenticated."), "Run", source_default.cyan("bagdock login"), "first.");
+      process.exit(1);
+    }
+    status("Fetching your apps...");
+    try {
+      const res = await apiFetch("/api/v1/developer/apps");
+      if (!res.ok)
+        throw new Error(`API returned ${res.status}`);
+      const { data } = await res.json();
+      if (!data?.length) {
+        console.error(source_default.yellow("No apps found."), "Create one with", source_default.cyan("bagdock init"));
+        process.exit(1);
+      }
+      console.log(source_default.bold(`
+Your apps:
+`));
+      data.forEach((app, i) => console.log(`  ${source_default.cyan(i + 1)} ${app.name} ${source_default.dim(`(${app.slug})`)}`));
+      console.log();
+      const readline = await import("readline");
+      const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+      const answer = await new Promise((resolve) => rl.question("Select app number: ", resolve));
+      rl.close();
+      const idx = parseInt(answer, 10) - 1;
+      if (isNaN(idx) || idx < 0 || idx >= data.length) {
+        console.error(source_default.red("Invalid selection"));
+        process.exit(1);
+      }
+      slug = data[idx].slug;
+    } catch (err) {
+      console.error(source_default.red("Failed to fetch apps:"), err.message);
+      process.exit(1);
+    }
+  }
+  if (!slug) {
+    outputError("missing_slug", "Slug required. Pass --slug in non-interactive mode.");
+    process.exit(1);
+  }
+  const dir = join6(process.cwd(), LINK_DIR);
+  if (!existsSync6(dir))
+    mkdirSync3(dir, { recursive: true });
+  const linkData = { slug, environment: linkEnv, linkedAt: new Date().toISOString() };
+  writeFileSync4(join6(dir, LINK_FILE), JSON.stringify(linkData, null, 2));
+  if (isJsonMode()) {
+    outputSuccess({ slug, environment: linkEnv, path: join6(dir, LINK_FILE) });
+  } else {
+    const envLabel = linkEnv ? ` [${linkEnv}]` : "";
+    console.log(source_default.green(`Linked to ${source_default.bold(slug)}${envLabel}`));
+    console.log(source_default.dim(`  Stored in ${LINK_DIR}/${LINK_FILE}`));
+  }
+}
+var LINK_DIR = ".bagdock", LINK_FILE = "link.json";
+var init_link = __esm(() => {
+  init_source();
+  init_config();
+  init_auth();
+  init_api();
+  init_output();
+});
+
+// src/validate.ts
+var exports_validate = {};
+__export(exports_validate, {
+  validate: () => validate
+});
+import { existsSync as existsSync7, statSync } from "fs";
+import { join as join7 } from "path";
+async function validate() {
+  const checks = [];
+  const dir = process.cwd();
+  const config = loadBagdockJson(dir);
+  if (!config) {
+    checks.push({ name: "bagdock.json", status: "fail", message: "Not found or invalid JSON" });
+    return finish(checks);
+  }
+  checks.push({ name: "bagdock.json", status: "pass", message: "Found and parsed" });
+  const required = ["name", "slug", "version", "type", "category", "main"];
+  const missing = required.filter((f) => !config[f]);
+  if (missing.length) {
+    checks.push({ name: "Required fields", status: "fail", message: `Missing: ${missing.join(", ")}` });
+  } else {
+    checks.push({ name: "Required fields", status: "pass", message: "All present" });
+  }
+  if (!VALID_TYPES.includes(config.type)) {
+    checks.push({ name: "Type", status: "fail", message: `Invalid type "${config.type}". Must be: ${VALID_TYPES.join(", ")}` });
+  } else {
+    checks.push({ name: "Type", status: "pass", message: config.type });
+  }
+  if (config.kind && !VALID_KINDS.includes(config.kind)) {
+    checks.push({ name: "Kind", status: "warn", message: `Unknown kind "${config.kind}". Expected: ${VALID_KINDS.join(", ")}` });
+  }
+  const entryPath = join7(dir, config.main);
+  if (!existsSync7(entryPath)) {
+    checks.push({ name: "Entry point", status: "fail", message: `File not found: ${config.main}` });
+  } else {
+    const size = statSync(entryPath).size;
+    checks.push({ name: "Entry point", status: "pass", message: `${config.main} (${(size / 1024).toFixed(1)} KB)` });
+    if (size > MAX_BUNDLE_BYTES) {
+      checks.push({ name: "Bundle size", status: "fail", message: `${(size / 1024 / 1024).toFixed(1)} MB exceeds ${MAX_BUNDLE_BYTES / 1024 / 1024} MB limit` });
+    } else if (size > MAX_BUNDLE_BYTES * 0.8) {
+      checks.push({ name: "Bundle size", status: "warn", message: `${(size / 1024 / 1024).toFixed(1)} MB — approaching limit` });
+    } else {
+      checks.push({ name: "Bundle size", status: "pass", message: `${(size / 1024).toFixed(1)} KB` });
+    }
+  }
+  const linked = resolveSlug();
+  if (linked && linked !== config.slug) {
+    checks.push({ name: "Project link", status: "warn", message: `bagdock.json slug "${config.slug}" differs from linked project "${linked}"` });
+  }
+  return finish(checks);
+}
+function finish(checks) {
+  const hasFail = checks.some((c) => c.status === "fail");
+  const hasWarn = checks.some((c) => c.status === "warn");
+  if (isJsonMode()) {
+    outputSuccess({ ok: !hasFail, checks });
+    if (hasFail)
+      process.exit(1);
+    return;
+  }
+  console.log(source_default.bold(`
+  Bagdock Validate
+`));
+  for (const c of checks) {
+    const icon = c.status === "pass" ? source_default.green("✔") : c.status === "warn" ? source_default.yellow("⚠") : source_default.red("✖");
+    console.log(`  ${icon} ${c.name}: ${c.message}`);
+  }
+  console.log();
+  if (hasFail) {
+    console.log(source_default.red(`  Validation failed. Fix errors before submitting.
+`));
+    process.exit(1);
+  } else if (hasWarn) {
+    console.log(source_default.yellow(`  Passed with warnings.
+`));
+  } else {
+    console.log(source_default.green(`  All checks passed. Ready to submit.
+`));
+  }
+}
+var VALID_TYPES, VALID_KINDS, MAX_BUNDLE_BYTES;
+var init_validate = __esm(() => {
+  init_source();
+  init_config();
+  init_output();
+  init_link();
+  VALID_TYPES = ["edge", "app"];
+  VALID_KINDS = ["adapter", "comms", "webhook", "ui-extension", "microfrontend"];
+  MAX_BUNDLE_BYTES = 10 * 1024 * 1024;
+});
+
+// src/submission.ts
+var exports_submission = {};
+__export(exports_submission, {
+  submissionWithdraw: () => submissionWithdraw,
+  submissionStatus: () => submissionStatus,
+  submissionList: () => submissionList
+});
+async function submissionList(opts) {
+  const slug = requireSlug(opts.app);
+  status(`Fetching submissions for ${slug}...`);
+  try {
+    const res = await apiFetch(`/api/v1/developer/apps/${slug}/submissions`);
+    if (res.status === 404) {
+      outputError("not_found", `App "${slug}" not found or no submissions exist.`);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputList("submission", data, false);
+      return;
+    }
+    if (!data?.length) {
+      console.log(source_default.yellow("No submissions found for this app."));
+      console.log("Submit with", source_default.cyan("bagdock submit"));
+      return;
+    }
+    console.log(source_default.bold(`
+Submissions for ${slug}:
+`));
+    console.log(`  ${"ID".padEnd(22)} ${"Version".padEnd(10)} ${"Reason".padEnd(30)} ${"Date"}`);
+    console.log(source_default.dim("  " + "─".repeat(80)));
+    for (const s of data) {
+      console.log(`  ${source_default.cyan(s.id.padEnd(22))} ${(s.version ?? "").padEnd(10)} ${(s.change_reason ?? "").slice(0, 30).padEnd(30)} ${source_default.dim(new Date(s.created_at).toLocaleDateString())}`);
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+async function submissionStatus(id, opts) {
+  const slug = requireSlug(opts.app);
+  status(`Fetching submission ${id}...`);
+  try {
+    const res = await apiFetch(`/api/v1/developer/apps/${slug}/submissions/${id}`);
+    if (res.status === 404) {
+      outputError("not_found", `Submission "${id}" not found.`);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.bold(`
+  Submission ${source_default.cyan(data.id)}
+`));
+    const fields = [
+      ["App", `${data.name} (${data.slug})`],
+      ["Version", data.version],
+      ["Review Status", data.review_status],
+      ["Type", data.type],
+      ["Visibility", data.visibility],
+      ["Reason", data.change_reason],
+      ["Submitted by", data.changed_by],
+      ["Date", new Date(data.created_at).toLocaleString()]
+    ];
+    for (const [label, value] of fields) {
+      console.log(`  ${source_default.dim(label.padEnd(16))} ${value ?? source_default.dim("—")}`);
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+async function submissionWithdraw(id, opts) {
+  const slug = requireSlug(opts.app);
+  status(`Withdrawing submission ${id}...`);
+  try {
+    const res = await apiFetch(`/api/v1/developer/apps/${slug}/submissions/${id}/withdraw`, {
+      method: "POST"
+    });
+    if (res.status === 404) {
+      outputError("not_found", `App "${slug}" not found.`);
+    }
+    if (res.status === 409) {
+      const body = await res.json();
+      outputError(body.code ?? "invalid_status", body.message);
+    }
+    if (!res.ok) {
+      outputError("api_error", `API returned ${res.status}`);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.green(`Submission withdrawn.`), source_default.dim(`Status is now: ${data.review_status}`));
+    console.log("You can re-submit with", source_default.cyan("bagdock submit"));
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+var init_submission = __esm(() => {
+  init_source();
+  init_api();
+  init_output();
+  init_link();
+});
+
+// src/open.ts
+var exports_open2 = {};
+__export(exports_open2, {
+  open: () => open2
+});
+async function open2(slugArg) {
+  const slug = requireSlug(slugArg);
+  const operatorSlug = resolveOperatorSlug();
+  const env2 = resolveEnvironment();
+  if (!operatorSlug) {
+    outputError("no_operator", "No operator context. Run bagdock switch or bagdock login to set one.");
+    return;
+  }
+  const envSegment = env2 === "test" ? "/test" : "";
+  const url = `${DASHBOARD_BASE}/${operatorSlug}${envSegment}/developer/apps/${slug}`;
+  if (isJsonMode()) {
+    outputSuccess({ url, slug, operator: operatorSlug, environment: env2 });
+    return;
+  }
+  status(`Opening ${url}`);
+  await open_default(url);
+  console.log(source_default.green("Opened"), source_default.cyan(url));
+}
+var init_open2 = __esm(() => {
+  init_source();
+  init_open();
+  init_config();
+  init_output();
+  init_link();
+});
+
+// src/inspect.ts
+var exports_inspect = {};
+__export(exports_inspect, {
+  inspect: () => inspect
+});
+async function inspect(slugArg) {
+  const slug = requireSlug(slugArg);
+  status(`Inspecting ${slug}...`);
+  try {
+    const res = await apiFetch(`/api/v1/developer/apps/${slug}`);
+    if (res.status === 404)
+      outputError("not_found", `App "${slug}" not found.`);
+    if (!res.ok)
+      outputError("api_error", `API returned ${res.status}`);
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess(data);
+      return;
+    }
+    console.log(source_default.bold(`
+  ${data.name} ${source_default.dim(`(${data.slug})`)}
+`));
+    const fields = [
+      ["ID", data.id],
+      ["Type", data.type],
+      ["Category", data.category],
+      ["Version", data.version],
+      ["Maintainer", data.maintainer],
+      ["Visibility", data.visibility],
+      ["Review Status", data.review_status],
+      ["Active", data.is_active ? "yes" : "no"],
+      ["Worker URL", data.worker_url],
+      ["Namespace", data.worker_namespace],
+      ["Created", data.created_at ? new Date(data.created_at).toLocaleString() : undefined],
+      ["Updated", data.updated_at ? new Date(data.updated_at).toLocaleString() : undefined],
+      ["Published", data.published_at ? new Date(data.published_at).toLocaleString() : undefined]
+    ];
+    for (const [label, value] of fields) {
+      if (value !== undefined && value !== null) {
+        console.log(`  ${source_default.dim(label.padEnd(16))} ${value}`);
+      }
+    }
+    console.log();
+  } catch (err) {
+    outputError("network_error", err.message);
+  }
+}
+var init_inspect = __esm(() => {
+  init_source();
+  init_api();
+  init_output();
+  init_link();
+});
+
 // src/env-cmd.ts
 var exports_env_cmd = {};
 __export(exports_env_cmd, {
   envSet: () => envSet,
   envRemove: () => envRemove,
+  envPull: () => envPull,
   envList: () => envList
 });
-function requireAuth() {
-  const token = getAuthToken();
-  if (!token) {
-    console.error(source_default.red("Not authenticated. Run"), source_default.cyan("bagdock login"), source_default.red("or set BAGDOCK_API_KEY."));
-    process.exit(1);
-  }
-  return token;
-}
+import { writeFileSync as writeFileSync5 } from "fs";
+import { resolve } from "path";
 function requireConfig() {
   const config = loadBagdockJson(process.cwd());
   if (!config) {
@@ -3918,12 +4593,9 @@ function requireConfig() {
   return config;
 }
 async function envList() {
-  const token = requireAuth();
   const config = requireConfig();
   try {
-    const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
-      headers: { Authorization: `Bearer ${token}` }
-    });
+    const res = await apiFetch(`/api/v1/developer/apps/${config.slug}/env`);
     if (!res.ok) {
       console.error(source_default.red(`Failed to list env vars (${res.status})`));
       process.exit(1);
@@ -3947,17 +4619,9 @@ Environment variables for ${config.slug}:
   }
 }
 async function envSet(key, value) {
-  const token = requireAuth();
   const config = requireConfig();
   try {
-    const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env`, {
-      method: "PUT",
-      headers: {
-        "Content-Type": "application/json",
-        Authorization: `Bearer ${token}`
-      },
-      body: JSON.stringify({ key, value })
-    });
+    const res = await apiFetchJson(`/api/v1/developer/apps/${config.slug}/env`, "PUT", { key, value });
     if (!res.ok) {
       const body = await res.text();
       console.error(source_default.red(`Failed to set ${key} (${res.status}):`), body.slice(0, 200));
@@ -3970,13 +4634,9 @@ async function envSet(key, value) {
   }
 }
 async function envRemove(key) {
-  const token = requireAuth();
   const config = requireConfig();
   try {
-    const res = await fetch(`${API_BASE}/v1/developer/apps/${config.slug}/env/${key}`, {
-      method: "DELETE",
-      headers: { Authorization: `Bearer ${token}` }
-    });
+    const res = await apiFetch(`/api/v1/developer/apps/${config.slug}/env/${key}`, { method: "DELETE" });
     if (!res.ok) {
       console.error(source_default.red(`Failed to remove ${key} (${res.status})`));
       process.exit(1);
@@ -3987,10 +4647,49 @@ async function envRemove(key) {
     process.exit(1);
   }
 }
+async function envPull(file) {
+  const slug = requireSlug();
+  const target = resolve(file ?? ".env.local");
+  status(`Pulling env vars for ${slug}...`);
+  try {
+    const res = await apiFetch(`/api/v1/developer/apps/${slug}/env`);
+    if (!res.ok) {
+      outputError("api_error", `Failed to pull env vars (${res.status})`);
+      process.exit(1);
+    }
+    const { data } = await res.json();
+    if (isJsonMode()) {
+      outputSuccess({ file: target, keys: data.map((v) => v.key) });
+      return;
+    }
+    if (!data?.length) {
+      console.log(source_default.yellow("No environment variables set."));
+      return;
+    }
+    const lines = [
+      `# Pulled from Bagdock — ${slug}`,
+      `# ${new Date().toISOString()}`,
+      `# Values are placeholders — the API does not expose secrets.`,
+      `# Fill in real values for local development.`,
+      "",
+      ...data.map((v) => `${v.key}=`),
+      ""
+    ];
+    writeFileSync5(target, lines.join(`
+`));
+    console.log(source_default.green(`Wrote ${data.length} keys to ${target}`));
+    console.log(source_default.yellow("Note:"), "Values are empty — fill them in for local dev.");
+  } catch (err) {
+    console.error(source_default.red("Failed:"), err.message);
+    process.exit(1);
+  }
+}
 var init_env_cmd = __esm(() => {
   init_source();
   init_config();
-  init_auth();
+  init_api();
+  init_output();
+  init_link();
 });
 
 // src/keys.ts
@@ -4000,23 +4699,9 @@ __export(exports_keys, {
   keysDelete: () => keysDelete,
   keysCreate: () => keysCreate
 });
-async function apiRequest(method, path2, body) {
-  const token = getAuthToken();
-  if (!token) {
-    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
-  }
-  const headers = { Authorization: `Bearer ${token}` };
-  const init2 = { method, headers };
-  if (body) {
-    headers["Content-Type"] = "application/json";
-    init2.body = JSON.stringify(body);
-  }
-  const res = await fetch(`${API_BASE}${path2}`, init2);
-  return res;
-}
 async function keysCreate(opts) {
   status("Creating API key...");
-  const res = await apiRequest("POST", "/api/v1/operator/api-keys", {
+  const res = await apiFetchJson("/api/v1/operator/api-keys", "POST", {
     name: opts.name,
     key_type: opts.type || "secret",
     key_category: opts.category || "standard",
@@ -4053,7 +4738,7 @@ async function keysList(opts) {
   let path2 = "/api/v1/operator/api-keys";
   if (opts.environment)
     path2 += `?environment=${opts.environment}`;
-  const res = await apiRequest("GET", path2);
+  const res = await apiFetch(path2);
   if (!res.ok) {
     const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
     outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
@@ -4083,7 +4768,7 @@ async function keysDelete(id, opts) {
     outputError("CONFIRMATION_REQUIRED", "Pass --yes to confirm deletion in non-interactive mode.");
   }
   status(`Revoking API key ${id}...`);
-  const res = await apiRequest("DELETE", `/api/v1/operator/api-keys/${id}`, {
+  const res = await apiFetchJson(`/api/v1/operator/api-keys/${id}`, "DELETE", {
     reason: opts.reason
   });
   if (!res.ok) {
@@ -4100,8 +4785,7 @@ async function keysDelete(id, opts) {
 }
 var init_keys = __esm(() => {
   init_source();
-  init_config();
-  init_auth();
+  init_api();
   init_output();
 });
 
@@ -4111,19 +4795,9 @@ __export(exports_apps, {
   appsList: () => appsList,
   appsGet: () => appsGet
 });
-async function apiRequest2(method, path2) {
-  const token = getAuthToken();
-  if (!token) {
-    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
-  }
-  return fetch(`${API_BASE}${path2}`, {
-    method,
-    headers: { Authorization: `Bearer ${token}` }
-  });
-}
 async function appsList() {
   status("Fetching apps...");
-  const res = await apiRequest2("GET", "/api/v1/developer/apps");
+  const res = await apiFetch("/api/v1/developer/apps");
   if (!res.ok) {
     const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
     outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
@@ -4153,7 +4827,7 @@ async function appsList() {
 }
 async function appsGet(slug) {
   status(`Fetching app ${slug}...`);
-  const res = await apiRequest2("GET", `/api/v1/developer/apps/${slug}`);
+  const res = await apiFetch(`/api/v1/developer/apps/${slug}`);
   if (!res.ok) {
     if (res.status === 404) {
       outputError("NOT_FOUND", `App "${slug}" not found`);
@@ -4187,8 +4861,7 @@ async function appsGet(slug) {
 }
 var init_apps = __esm(() => {
   init_source();
-  init_config();
-  init_auth();
+  init_api();
   init_output();
 });
 
@@ -4199,17 +4872,7 @@ __export(exports_logs, {
   logsList: () => logsList,
   logsGet: () => logsGet
 });
-async function apiRequest3(method, path2) {
-  const token = getAuthToken();
-  if (!token) {
-    outputError("UNAUTHENTICATED", "Not logged in. Run `bagdock login` or set BAGDOCK_API_KEY.");
-  }
-  return fetch(`${API_BASE}${path2}`, {
-    method,
-    headers: { Authorization: `Bearer ${token}` }
-  });
-}
-function resolveSlug(slug) {
+function resolveSlug2(slug) {
   if (slug)
     return slug;
   const config = loadBagdockJson(process.cwd());
@@ -4219,10 +4882,10 @@ function resolveSlug(slug) {
   return "";
 }
 async function logsList(opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   const limit = opts.limit || "50";
   status(`Fetching logs for ${slug}...`);
-  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?limit=${limit}`);
+  const res = await apiFetch(`/api/v1/developer/apps/${slug}/logs?limit=${limit}`);
   if (!res.ok) {
     if (res.status === 404) {
       outputError("NOT_FOUND", `App "${slug}" not found or no logs available`);
@@ -4250,9 +4913,9 @@ async function logsList(opts) {
   }
 }
 async function logsGet(id, opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   status(`Fetching log entry ${id}...`);
-  const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs/${id}`);
+  const res = await apiFetch(`/api/v1/developer/apps/${slug}/logs/${id}`);
   if (!res.ok) {
     const err = await res.json().catch(() => ({ error: { message: res.statusText } }));
     outputError(err.error?.code || "API_ERROR", err.error?.message || `HTTP ${res.status}`);
@@ -4265,7 +4928,7 @@ async function logsGet(id, opts) {
   }
 }
 async function logsTail(opts) {
-  const slug = resolveSlug(opts.app);
+  const slug = resolveSlug2(opts.app);
   if (isJsonMode()) {
     outputError("UNSUPPORTED", "Log tailing is not supported in JSON mode. Use `logs list` instead.");
   }
@@ -4275,7 +4938,7 @@ async function logsTail(opts) {
   let lastTimestamp = new Date().toISOString();
   const poll = async () => {
     try {
-      const res = await apiRequest3("GET", `/api/v1/developer/apps/${slug}/logs?since=${encodeURIComponent(lastTimestamp)}&limit=100`);
+      const res = await apiFetch(`/api/v1/developer/apps/${slug}/logs?since=${encodeURIComponent(lastTimestamp)}&limit=100`);
       if (res.ok) {
         const result = await res.json();
         for (const entry of result.data || []) {
@@ -4301,7 +4964,7 @@ async function logsTail(opts) {
 var init_logs = __esm(() => {
   init_source();
   init_config();
-  init_auth();
+  init_api();
   init_output();
 });
 
@@ -4575,13 +5238,20 @@ function toPascalCase(s) {
 init_output();
 init_config();
 var program2 = new Command;
-program2.name("bagdock").description("Bagdock developer CLI — built for humans, AI agents, and CI/CD pipelines").version("0.3.0").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").option("-p, --profile <name>", "Profile to use (overrides BAGDOCK_PROFILE)").hook("preAction", (_thisCommand, actionCommand) => {
+program2.name("bagdock").description("Bagdock developer CLI — built for humans, AI agents, and CI/CD pipelines").version("0.5.0").option("--json", "Force JSON output (auto-enabled in non-TTY)").option("-q, --quiet", "Suppress status messages (implies --json)").option("--api-key <key>", "API key to use for this invocation").option("-p, --profile <name>", "Profile to use (overrides BAGDOCK_PROFILE)").option("--env <environment>", "Override environment for this invocation (live, test)").hook("preAction", (_thisCommand, actionCommand) => {
   const opts = program2.opts();
   setOutputMode({ json: opts.json, quiet: opts.quiet });
   if (opts.apiKey)
     setApiKeyOverride(opts.apiKey);
   if (opts.profile)
     setProfileOverride(opts.profile);
+  if (opts.env) {
+    if (opts.env !== "live" && opts.env !== "test") {
+      console.error('Error: --env must be "live" or "test"');
+      process.exit(1);
+    }
+    setEnvironmentOverride(opts.env);
+  }
 });
 program2.command("login").description("Authenticate with Bagdock (opens browser)").action(login);
 program2.command("logout").description("Clear stored credentials").action(logout);
@@ -4589,6 +5259,10 @@ program2.command("whoami").description("Show current authenticated user").action
 var authCmd = program2.command("auth").description("Manage authentication profiles");
 authCmd.command("list").description("List all stored profiles").action(authList);
 authCmd.command("switch [name]").description("Switch active profile").action(async (name) => authSwitch(name));
+program2.command("switch").description("Switch operator and environment context (live/test)").option("--operator <slug>", "Operator slug (required in non-interactive mode)").option("--env <environment>", "Environment: live or test").action(async (opts) => {
+  const { switchContext: switchContext2 } = await Promise.resolve().then(() => (init_switch(), exports_switch));
+  await switchContext2(opts);
+});
 program2.command("doctor").description("Run environment diagnostics").action(async () => {
   const { doctor: doctor2 } = await Promise.resolve().then(() => (init_doctor(), exports_doctor));
   await doctor2();
@@ -4598,7 +5272,7 @@ program2.command("dev").description("Start local dev server").option("-p, --port
   const { dev: dev2 } = await Promise.resolve().then(() => (init_dev(), exports_dev));
   await dev2(opts);
 });
-program2.command("deploy").description("Build locally and deploy via Bagdock API").option("--env <environment>", "Target environment (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
+program2.command("deploy").description("Build locally and deploy via Bagdock API").option("--target <target>", "Deploy target (preview, staging, production)", "staging").option("--preview", "Deploy an ephemeral preview ({slug}-{hash}.pre.bdok.dev)").option("--production", "Deploy to production ({slug}.bdok.dev)").option("-y, --yes", "Skip confirmation prompts").action(async (opts) => {
   const { deploy: deploy2 } = await Promise.resolve().then(() => (init_deploy(), exports_deploy));
   await deploy2(opts);
 });
@@ -4606,6 +5280,35 @@ program2.command("submit").description("Submit app for Bagdock marketplace revie
   const { submit: submit2 } = await Promise.resolve().then(() => (init_submit(), exports_submit));
   await submit2();
 });
+program2.command("validate").description("Run local pre-submission checks on bagdock.json and bundle").action(async () => {
+  const { validate: validate2 } = await Promise.resolve().then(() => (init_validate(), exports_validate));
+  await validate2();
+});
+var subCmd = program2.command("submission").description("Track marketplace submission status");
+subCmd.command("list").description("List submission history for the current app").option("--app <slug>", "App slug (defaults to bagdock.json or linked project)").action(async (opts) => {
+  const { submissionList: submissionList2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionList2(opts);
+});
+subCmd.command("status <id>").description("Fetch detailed review state for a submission").option("--app <slug>", "App slug").action(async (id, opts) => {
+  const { submissionStatus: submissionStatus2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionStatus2(id, opts);
+});
+subCmd.command("withdraw <id>").description("Cancel a pending submission before approval").option("--app <slug>", "App slug").action(async (id, opts) => {
+  const { submissionWithdraw: submissionWithdraw2 } = await Promise.resolve().then(() => (init_submission(), exports_submission));
+  await submissionWithdraw2(id, opts);
+});
+program2.command("open [slug]").description("Open project in the Bagdock dashboard").action(async (slug) => {
+  const { open: open3 } = await Promise.resolve().then(() => (init_open2(), exports_open2));
+  await open3(slug);
+});
+program2.command("inspect [slug]").description("Show deployment details and status for an app").action(async (slug) => {
+  const { inspect: inspect2 } = await Promise.resolve().then(() => (init_inspect(), exports_inspect));
+  await inspect2(slug);
+});
+program2.command("link").description("Link current directory to a Bagdock app or edge").option("--slug <slug>", "App slug (required in non-interactive mode)").option("--env <environment>", "Default environment for this link (live, test)").action(async (opts) => {
+  const { link: link2 } = await Promise.resolve().then(() => (init_link(), exports_link));
+  await link2(opts);
+});
 var envCmd = program2.command("env").description("Manage app environment variables");
 envCmd.command("list").description("List environment variables for this app").action(async () => {
   const { envList: envList2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
@@ -4619,6 +5322,10 @@ envCmd.command("remove <key>").description("Remove an environment variable").act
   const { envRemove: envRemove2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
   await envRemove2(key);
 });
+envCmd.command("pull [file]").description("Pull remote env var keys to a local .env file").action(async (file) => {
+  const { envPull: envPull2 } = await Promise.resolve().then(() => (init_env_cmd(), exports_env_cmd));
+  await envPull2(file);
+});
 var keysCmd = program2.command("keys").description("Manage operator API keys");
 keysCmd.command("create").description("Create a new API key (raw key shown once)").requiredOption("--name <name>", "Key name").option("--type <type>", "Key type (secret, publishable)", "secret").option("--category <category>", "Key category (standard, restricted, personal)", "standard").option("--environment <env>", "Environment (live, test)", "live").option("--scopes <scopes...>", "Permission scopes").action(async (opts) => {
   const { keysCreate: keysCreate2 } = await Promise.resolve().then(() => (init_keys(), exports_keys));