@bankr/cli 0.1.0-beta.6 → 0.1.0

package/dist/commands/login.js

@@ -1,37 +1,422 @@
 import { confirm, input, select } from "@inquirer/prompts";
 import open from "open";
-import { DEFAULT_API_URL, getApiUrl, getConfigPath, readConfig, writeConfig, } from "../lib/config.js";
+import { CLI_USER_AGENT, DEFAULT_API_URL, getApiUrl, getConfigPath, readConfig, writeConfig, } from "../lib/config.js";
 import * as output from "../lib/output.js";
 const DEFAULT_DASHBOARD_URL = "https://bankr.bot/api";
+const MAX_OTP_ATTEMPTS = 3;
+const INVALID_CODE_STATUSES = [400, 401, 422];
+function fatal(message) {
+    output.error(message);
+    process.exit(1);
+}
 function deriveDashboardUrl(apiUrl) {
     if (apiUrl === DEFAULT_API_URL) {
         return DEFAULT_DASHBOARD_URL;
     }
     return (apiUrl.replace(/\/+$/, "").replace("api.", "").replace("api-", "") + "/api");
 }
+async function fetchPrivyConfig(apiUrl) {
+    const res = await fetch(`${apiUrl}/cli/config`, {
+        headers: { "User-Agent": CLI_USER_AGENT },
+    });
+    if (!res.ok) {
+        throw new Error(`Failed to fetch auth config (${res.status})`);
+    }
+    return (await res.json());
+}
+async function sendPrivyOtp(privyConfig, email) {
+    const res = await fetch("https://auth.privy.io/api/v1/passwordless/init", {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "privy-app-id": privyConfig.privyAppId,
+            "privy-client-id": privyConfig.privyClientId,
+        },
+        body: JSON.stringify({ email, type: "email" }),
+    });
+    if (!res.ok) {
+        if (res.status === 429) {
+            throw new Error("Too many attempts. Please wait and try again.");
+        }
+        const body = await res.text().catch(() => "");
+        throw new Error(`Failed to send verification code: ${body || res.status}`);
+    }
+}
+async function verifyPrivyOtp(privyConfig, email, code) {
+    const res = await fetch("https://auth.privy.io/api/v1/passwordless/authenticate", {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "privy-app-id": privyConfig.privyAppId,
+            "privy-client-id": privyConfig.privyClientId,
+        },
+        body: JSON.stringify({ email, code, mode: "login-or-sign-up" }),
+    });
+    if (!res.ok) {
+        if (INVALID_CODE_STATUSES.includes(res.status)) {
+            throw new Error("INVALID_CODE");
+        }
+        if (res.status === 429) {
+            throw new Error("Too many attempts. Please wait and try again.");
+        }
+        throw new Error(`Verification failed (${res.status})`);
+    }
+    return (await res.json());
+}
+async function callGenerateWallet(apiUrl, identityToken) {
+    const res = await fetch(`${apiUrl}/cli/generate-wallet`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "User-Agent": CLI_USER_AGENT,
+            "privy-id-token": identityToken,
+        },
+    });
+    const body = (await res.json());
+    if (!res.ok) {
+        throw new Error(body.message || body.error || `Wallet generation failed (${res.status})`);
+    }
+    return body;
+}
+async function callAcceptTerms(apiUrl, identityToken) {
+    const res = await fetch(`${apiUrl}/user/accept-terms`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "User-Agent": CLI_USER_AGENT,
+            "privy-id-token": identityToken,
+        },
+    });
+    if (!res.ok) {
+        const body = (await res.json().catch(() => ({})));
+        throw new Error(body.message || body.error || `Accept terms failed (${res.status})`);
+    }
+}
+async function callGenerateApiKey(apiUrl, identityToken, opts) {
+    const res = await fetch(`${apiUrl}/generate-api-key`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "User-Agent": CLI_USER_AGENT,
+            "privy-id-token": identityToken,
+        },
+        body: JSON.stringify(opts),
+    });
+    const body = (await res.json());
+    if (!res.ok) {
+        throw new Error(body.message || body.error || `API key generation failed (${res.status})`);
+    }
+    return body;
+}
+// ── OTP verification helpers ─────────────────────────────────────────
+async function fetchPrivyConfigOrFail(apiUrl) {
+    const config = await fetchPrivyConfig(apiUrl).catch(() => null);
+    if (!config) {
+        fatal("Could not connect to Bankr API. Check your connection and try again.");
+    }
+    return config;
+}
+async function sendOtpWithSpinner(privyConfig, email) {
+    const spin = output.spinner("Sending verification code...");
+    try {
+        await sendPrivyOtp(privyConfig, email);
+        spin.succeed(`Verification code sent to ${email}`);
+    }
+    catch (err) {
+        spin.fail("Failed to send verification code");
+        fatal(err.message);
+    }
+}
+async function verifyOtpWithSpinner(privyConfig, email, code) {
+    const spin = output.spinner("Verifying...");
+    try {
+        const result = await verifyPrivyOtp(privyConfig, email, code);
+        spin.succeed("Email verified");
+        return result;
+    }
+    catch (err) {
+        const errMsg = err.message;
+        spin.fail("Verification failed");
+        fatal(errMsg === "INVALID_CODE" ? "Invalid verification code." : errMsg);
+    }
+}
+// ── Email authentication flow ───────────────────────────────────────
+async function authenticateWithEmail(apiUrl, providedEmail, providedCode) {
+    const email = providedEmail?.trim() ||
+        (await input({
+            message: "Email address:",
+            theme: output.bankrTheme,
+            validate: (v) => {
+                const trimmed = v.trim();
+                if (!trimmed)
+                    return "Email is required.";
+                if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(trimmed))
+                    return "Invalid email address.";
+                return true;
+            },
+        })).trim();
+    const privyConfig = await fetchPrivyConfigOrFail(apiUrl);
+    // Headless: code already provided, verify directly
+    if (providedCode) {
+        const result = await verifyOtpWithSpinner(privyConfig, email, providedCode.trim());
+        return { identityToken: result.identity_token, email };
+    }
+    // Interactive: send OTP, then prompt for code with retries
+    await sendOtpWithSpinner(privyConfig, email);
+    for (let attempt = 0; attempt < MAX_OTP_ATTEMPTS; attempt++) {
+        const code = await input({
+            message: "Enter the 6-digit code:",
+            theme: output.bankrTheme,
+            validate: (v) => /^\d{6}$/.test(v.trim()) ? true : "Enter a 6-digit code.",
+        });
+        const verifySpin = output.spinner("Verifying...");
+        try {
+            const result = await verifyPrivyOtp(privyConfig, email, code.trim());
+            verifySpin.succeed("Email verified");
+            return { identityToken: result.identity_token, email };
+        }
+        catch (err) {
+            const errMsg = err.message;
+            if (errMsg === "INVALID_CODE") {
+                if (attempt < MAX_OTP_ATTEMPTS - 1) {
+                    verifySpin.fail("Invalid code, please try again");
+                    continue;
+                }
+                verifySpin.fail("Invalid code");
+                fatal("Too many invalid attempts. Please restart login.");
+            }
+            verifySpin.fail("Verification failed");
+            fatal(errMsg);
+        }
+    }
+    fatal("Verification failed. Please try again.");
+}
+// ── Email login flow ────────────────────────────────────────────────
+async function emailLoginFlow(apiUrl, opts) {
+    // Step 1: Authenticate via email OTP
+    const { identityToken } = await authenticateWithEmail(apiUrl, opts.email, opts.code);
+    // Step 2: Generate/resolve wallet
+    const walletSpin = output.spinner("Setting up wallet...");
+    let wallet;
+    try {
+        wallet = await callGenerateWallet(apiUrl, identityToken);
+        walletSpin.stop();
+    }
+    catch (err) {
+        walletSpin.fail("Wallet setup failed");
+        fatal(err.message);
+    }
+    // Show wallet info
+    output.blank();
+    if (wallet.isNewUser) {
+        output.success("Welcome to Bankr!");
+    }
+    else {
+        output.success("Authenticated");
+    }
+    output.dim(`  EVM:  ${wallet.evmAddress}`);
+    if (wallet.solAddress) {
+        output.dim(`  SOL:  ${wallet.solAddress}`);
+    }
+    // Step 3: Accept terms if needed
+    if (!wallet.hasAcceptedTerms) {
+        output.blank();
+        output.dim("  Please review our Terms of Service: https://bankr.bot/terms");
+        output.blank();
+        const accepted = opts.acceptTerms ??
+            (await confirm({
+                message: "Do you accept the Terms of Service?",
+                default: false,
+                theme: output.bankrTheme,
+            }));
+        if (!accepted) {
+            fatal("Terms must be accepted to continue.");
+        }
+        const termsSpin = output.spinner("Accepting terms...");
+        try {
+            await callAcceptTerms(apiUrl, identityToken);
+            termsSpin.succeed("Terms accepted");
+        }
+        catch (err) {
+            termsSpin.fail("Failed to accept terms");
+            fatal(err.message);
+        }
+    }
+    // Step 4: Generate API key
+    output.blank();
+    const defaultKeyName = `CLI-${new Date().toISOString().slice(0, 10)}`;
+    const keyName = opts.keyName ??
+        (await input({
+            message: "Key name:",
+            default: defaultKeyName,
+            theme: output.bankrTheme,
+            validate: (v) => v.trim().length >= 3 ? true : "Name must be at least 3 characters.",
+        }));
+    const enableWrite = opts.readWrite ??
+        (await confirm({
+            message: "Enable write operations?",
+            default: false,
+            theme: output.bankrTheme,
+        }));
+    if (enableWrite) {
+        output.dim("  Includes: transactions, transfers, automations, order management");
+    }
+    else {
+        output.dim("  Read-only: portfolio, balances, prices, research");
+    }
+    const enableLlm = opts.llm ??
+        (await confirm({
+            message: "Enable LLM gateway?",
+            default: false,
+            theme: output.bankrTheme,
+        }));
+    const keySpin = output.spinner("Generating API key...");
+    let apiKeyResult;
+    try {
+        apiKeyResult = await callGenerateApiKey(apiUrl, identityToken, {
+            name: keyName.trim(),
+            agentApiEnabled: { readOnly: !enableWrite },
+            llmGatewayEnabled: enableLlm,
+        });
+        keySpin.stop();
+    }
+    catch (err) {
+        keySpin.fail("Failed to generate API key");
+        fatal(err.message);
+    }
+    // Show result
+    output.blank();
+    const mode = enableWrite ? "read-write" : "read-only";
+    output.success(`API key "${apiKeyResult.name}" saved`);
+    output.dim(`  Mode: ${mode}`);
+    output.dim(`  LLM:  ${apiKeyResult.llmGatewayEnabled ? "enabled" : "disabled"}`);
+    output.dim("  Manage keys at bankr.bot/api");
+    return apiKeyResult.apiKey;
+}
+// ── SIWE login flow ─────────────────────────────────────────────────
+async function siweLoginFlow(apiUrl, opts) {
+    // Dynamic import to avoid loading viem for non-SIWE flows
+    const { privateKeyToAccount } = await import("viem/accounts");
+    const account = privateKeyToAccount(opts.privateKey);
+    // 1. Fetch nonce
+    const nonceSpinner = output.spinner("Fetching SIWE nonce...");
+    const nonceRes = await fetch(`${apiUrl}/cli/siwe/nonce`, {
+        headers: { "User-Agent": CLI_USER_AGENT },
+    });
+    if (!nonceRes.ok) {
+        nonceSpinner.fail("Failed to fetch nonce");
+        fatal(`Nonce request failed (${nonceRes.status})`);
+    }
+    const { nonce } = (await nonceRes.json());
+    nonceSpinner.succeed("Nonce received");
+    // 2. Create and sign SIWE message
+    const domain = new URL(apiUrl).host;
+    const message = [
+        `${domain} wants you to sign in with your Ethereum account:`,
+        account.address,
+        "",
+        "Sign in to Bankr",
+        "",
+        `URI: ${apiUrl}/cli/siwe/verify`,
+        `Version: 1`,
+        `Chain ID: 1`,
+        `Nonce: ${nonce}`,
+        `Issued At: ${new Date().toISOString()}`,
+    ].join("\n");
+    const signSpinner = output.spinner("Signing SIWE message...");
+    const signature = await account.signMessage({ message });
+    signSpinner.succeed("Message signed");
+    // 3. Verify with API
+    const verifySpinner = output.spinner("Verifying and creating wallet...");
+    const verifyRes = await fetch(`${apiUrl}/cli/siwe/verify`, {
+        method: "POST",
+        headers: {
+            "Content-Type": "application/json",
+            "User-Agent": CLI_USER_AGENT,
+        },
+        body: JSON.stringify({
+            message,
+            signature,
+            partnerApiKey: opts.partnerKey,
+            keyName: opts.keyName ?? `SIWE-${new Date().toISOString().slice(0, 10)}`,
+            readOnly: opts.readOnly ?? false,
+        }),
+    });
+    if (!verifyRes.ok) {
+        verifySpinner.fail("SIWE verification failed");
+        const body = (await verifyRes.json().catch(() => ({})));
+        fatal(body.message || `Verification failed (${verifyRes.status})`);
+    }
+    const result = (await verifyRes.json());
+    verifySpinner.succeed("Wallet created");
+    output.blank();
+    output.success("SIWE authentication successful");
+    output.dim(`  EVM:  ${result.walletAddress}`);
+    if (result.solAddress) {
+        output.dim(`  SOL:  ${result.solAddress}`);
+    }
+    output.dim(`  Mode: ${result.readOnly ? "read-only" : "read-write"}`);
+    return { apiKey: result.apiKey, walletAddress: result.walletAddress };
+}
+// ── API key validation helper ────────────────────────────────────────
+async function validateApiKey(apiUrl, apiKey) {
+    const spin = output.spinner("Validating Bankr API key...");
+    try {
+        const res = await fetch(`${apiUrl}/agent/me`, {
+            headers: { "X-API-Key": apiKey, "User-Agent": CLI_USER_AGENT },
+        });
+        if (res.ok) {
+            spin.succeed("Bankr API key validated successfully");
+        }
+        else if (res.status === 401 || res.status === 403) {
+            const body = (await res.json().catch(() => ({})));
+            const errorType = body.error ?? "";
+            if (res.status === 403 || errorType === "Agent API access not enabled") {
+                spin.warn("Agent API access is not enabled");
+                output.warn("Your API key is valid but does not have Agent API access enabled.");
+                output.info("Go to https://bankr.bot/api and enable Agent API access for this key.");
+                output.info("Your key has been saved — once enabled, the CLI will work without re-login.");
+            }
+            else if (errorType === "Authentication required") {
+                spin.fail("API key is not linked to a wallet");
+                output.error("This API key is not associated with a wallet. Generate a new key at https://bankr.bot/api");
+                process.exit(1);
+            }
+            else {
+                spin.fail("Invalid Bankr API key");
+                output.error("The provided API key is invalid or inactive. Generate a new key at https://bankr.bot/api");
+                process.exit(1);
+            }
+        }
+        else {
+            spin.warn("Could not validate Bankr API key (API unreachable), saving anyway");
+        }
+    }
+    catch {
+        spin.warn("Could not validate Bankr API key (network error), saving anyway");
+    }
+}
+// ── Main login command ──────────────────────────────────────────────
 export async function loginCommand(opts) {
-    // Fail fast if --api-key was passed with an empty value (e.g., from unset env var)
+    // Fail fast if flags were passed with empty values
     if (opts.apiKey !== undefined && !opts.apiKey.trim()) {
-        output.error("--api-key requires a non-empty value");
-        process.exit(1);
+        fatal("--api-key requires a non-empty value");
     }
-    if (opts.llmKey !== undefined && !opts.llmKey.trim()) {
-        output.error("--llm-key requires a non-empty value");
-        process.exit(1);
-    }
-    const nonInteractive = !!(opts.apiKey || opts.url);
     const config = readConfig();
     const resolvedApiUrl = opts.apiUrl ?? getApiUrl();
     if (resolvedApiUrl !== DEFAULT_API_URL) {
+        const nonInteractive = !!(opts.apiKey ||
+            opts.url ||
+            opts.email !== undefined ||
+            opts.siwe);
         if (nonInteractive) {
-            // Non-interactive: accept the custom URL silently
             config.apiUrl = resolvedApiUrl;
         }
         else {
-            console.log();
+            output.blank();
             output.warn(`Bankr API URL is set to a non-official URL: ${resolvedApiUrl}`);
             output.dim(`  Official URL: ${DEFAULT_API_URL}`);
-            console.log();
+            output.blank();
             const proceed = await confirm({
                 message: "Continue with this URL?",
                 default: false,
@@ -50,15 +435,43 @@ export async function loginCommand(opts) {
         config.apiUrl = opts.apiUrl;
     }
     const apiUrl = config.apiUrl || DEFAULT_API_URL;
+    function saveCredentials(apiKey, llmKey) {
+        config.apiKey = apiKey;
+        if (llmKey) {
+            config.llmKey = llmKey.trim();
+        }
+        writeConfig(config);
+        output.success(`Credentials saved to ${getConfigPath()}`);
+        output.dim(`Bankr API URL: ${apiUrl}`);
+    }
+    // --siwe: SIWE login flow (headless agent onboarding)
+    if (opts.siwe) {
+        if (!opts.privateKey) {
+            fatal("--private-key is required with --siwe");
+        }
+        const { apiKey } = await siweLoginFlow(apiUrl, {
+            privateKey: opts.privateKey,
+            partnerKey: opts.partnerKey,
+            keyName: opts.keyName,
+            readOnly: !opts.readWrite,
+        });
+        config.apiKey = apiKey;
+        if (opts.partnerKey) {
+            config.partnerKey = opts.partnerKey;
+        }
+        writeConfig(config);
+        output.success(`Credentials saved to ${getConfigPath()}`);
+        return;
+    }
     // --url: print the dashboard URL and exit
     if (opts.url) {
         const dashboardUrl = deriveDashboardUrl(apiUrl);
-        console.log();
+        output.blank();
         output.brandBold("  Bankr CLI Login");
-        console.log();
+        output.blank();
         output.info("Generate your Bankr API key at:");
         output.brandBold(`  ${dashboardUrl}`);
-        console.log();
+        output.blank();
         output.dim("Once you have the key, run: bankr login --api-key bk_YOUR_KEY");
         return;
     }
@@ -66,50 +479,40 @@ export async function loginCommand(opts) {
     if (opts.apiKey) {
         const apiKey = opts.apiKey.trim();
         if (!apiKey.startsWith("bk_")) {
-            output.error('Invalid format. Bankr API keys start with "bk_".');
-            process.exit(1);
-        }
-        const spin = output.spinner("Validating Bankr API key...");
-        try {
-            const res = await fetch(`${apiUrl}/agent/me`, {
-                headers: { "X-API-Key": apiKey },
-            });
-            if (res.ok) {
-                spin.succeed("Bankr API key validated successfully");
-            }
-            else if (res.status === 401 || res.status === 403) {
-                spin.fail("Invalid Bankr API key");
-                output.error("API rejected the provided key.");
-                process.exit(1);
-            }
-            else {
-                spin.warn("Could not validate Bankr API key (API unreachable), saving anyway");
-            }
-        }
-        catch {
-            spin.warn("Could not validate Bankr API key (network error), saving anyway");
+            fatal('Invalid format. Bankr API keys start with "bk_".');
         }
-        config.apiKey = apiKey;
-        if (opts.llmKey) {
-            config.llmKey = opts.llmKey.trim();
-        }
-        writeConfig(config);
-        output.success(`Credentials saved to ${getConfigPath()}`);
-        output.dim(`Bankr API URL: ${apiUrl}`);
-        if (opts.llmKey) {
-            output.dim(`Bankr LLM Key: (saved separately)`);
+        await validateApiKey(apiUrl, apiKey);
+        saveCredentials(apiKey, opts.llmKey);
+        return;
+    }
+    // `login email [address]` subcommand
+    if (opts.email !== undefined) {
+        // Headless step 1: email provided but no code -- send OTP and exit
+        if (opts.email && !opts.code) {
+            const privyConfig = await fetchPrivyConfigOrFail(apiUrl);
+            await sendOtpWithSpinner(privyConfig, opts.email);
+            output.blank();
+            output.info(`Complete login with: bankr login email ${opts.email} --code <code>`);
+            return;
         }
+        const apiKey = await emailLoginFlow(apiUrl, opts);
+        output.blank();
+        saveCredentials(apiKey, opts.llmKey);
         return;
     }
-    // Interactive flow (original behavior)
-    console.log();
+    // Interactive flow
+    output.blank();
     output.brandBold("  Bankr CLI Login");
-    console.log();
+    output.blank();
     const choice = await select({
-        message: "How would you like to authenticate?",
+        message: "How would you like to log in?",
         choices: [
             {
-                name: "Open bankr.bot/api to generate a new Bankr API key",
+                name: "Sign in with email",
+                value: "email",
+            },
+            {
+                name: "Open bankr.bot to generate an API key",
                 value: "browser",
             },
             {
@@ -119,6 +522,12 @@ export async function loginCommand(opts) {
         ],
         theme: output.bankrTheme,
     });
+    if (choice === "email") {
+        const apiKey = await emailLoginFlow(apiUrl, {});
+        output.blank();
+        saveCredentials(apiKey, opts.llmKey);
+        return;
+    }
     if (choice === "browser") {
         const dashboardUrl = deriveDashboardUrl(apiUrl);
         output.info("Opening Bankr dashboard...");
@@ -130,9 +539,9 @@ export async function loginCommand(opts) {
             output.dim("Could not open browser automatically.");
             output.dim(`Visit ${dashboardUrl} to get your Bankr API key.`);
         }
-        console.log();
+        output.blank();
         output.dim("Generate a Bankr API key, then paste it below.");
-        console.log();
+        output.blank();
     }
     const apiKey = await input({
         message: "Paste your Bankr API key:",
@@ -147,99 +556,7 @@ export async function loginCommand(opts) {
             return true;
         },
     });
-    const spin = output.spinner("Validating Bankr API key...");
-    try {
-        const res = await fetch(`${apiUrl}/agent/me`, {
-            headers: { "X-API-Key": apiKey.trim() },
-        });
-        if (res.ok) {
-            spin.succeed("Bankr API key validated successfully");
-        }
-        else if (res.status === 401 || res.status === 403) {
-            const body = await res.json().catch(() => ({}));
-            const errorType = body.error ?? "";
-            if (res.status === 403 || errorType === "Agent API access not enabled") {
-                spin.fail("Agent API access is not enabled");
-                output.error("Your API key is valid but does not have Agent API access enabled.");
-                output.info("Go to https://bankr.bot/api and enable Agent API access for this key.");
-            }
-            else if (errorType === "Authentication required") {
-                spin.fail("API key is not linked to a wallet");
-                output.error("This API key is not associated with a wallet. Generate a new key at https://bankr.bot/api");
-            }
-            else {
-                spin.fail("Invalid Bankr API key");
-                output.error("The provided API key is invalid or inactive. Generate a new key at https://bankr.bot/api");
-            }
-            process.exit(1);
-        }
-        else {
-            spin.warn("Could not validate Bankr API key (API unreachable), saving anyway");
-        }
-    }
-    catch {
-        spin.warn("Could not validate Bankr API key (network error), saving anyway");
-    }
-    config.apiKey = apiKey.trim();
-    // Ask if user wants a separate LLM key (interactive only)
-    if (!opts.llmKey) {
-        console.log();
-        const useSeparateLlmKey = await confirm({
-            message: "Use a different key for the LLM gateway?",
-            default: false,
-            theme: output.bankrTheme,
-        });
-        if (useSeparateLlmKey) {
-            const llmChoice = await select({
-                message: "How would you like to provide the LLM gateway key?",
-                choices: [
-                    {
-                        name: "Open bankr.bot/api to generate a new key",
-                        value: "browser",
-                    },
-                    {
-                        name: "Paste an existing LLM gateway key",
-                        value: "paste",
-                    },
-                ],
-                theme: output.bankrTheme,
-            });
-            if (llmChoice === "browser") {
-                const dashboardUrl = deriveDashboardUrl(apiUrl);
-                output.info("Opening Bankr dashboard...");
-                output.dim(dashboardUrl);
-                try {
-                    await open(dashboardUrl);
-                }
-                catch {
-                    output.dim("Could not open browser automatically.");
-                    output.dim(`Visit ${dashboardUrl} to get your LLM gateway key.`);
-                }
-                console.log();
-                output.dim("Generate an LLM gateway key, then paste it below.");
-                console.log();
-            }
-            const llmKey = await input({
-                message: "Paste your LLM gateway key:",
-                theme: output.bankrTheme,
-                transformer: (value) => "*".repeat(value.length),
-                validate: (value) => {
-                    if (!value.trim())
-                        return "LLM key is required.";
-                    return true;
-                },
-            });
-            config.llmKey = llmKey.trim();
-        }
-    }
-    else {
-        config.llmKey = opts.llmKey.trim();
-    }
-    writeConfig(config);
-    output.success(`Credentials saved to ${getConfigPath()}`);
-    output.dim(`Bankr API URL: ${apiUrl}`);
-    if (config.llmKey) {
-        output.dim(`Bankr LLM Key: (saved separately)`);
-    }
+    await validateApiKey(apiUrl, apiKey.trim());
+    saveCredentials(apiKey.trim(), opts.llmKey);
 }
 //# sourceMappingURL=login.js.map