@barekey/cli 0.4.0 → 0.5.1

package/dist/contracts/index.js

@@ -0,0 +1,313 @@
+import { Schema } from "effect";
+export const DeclaredTypeSchema = Schema.Literal("string", "boolean", "int64", "float", "date", "json");
+export const VisibilitySchema = Schema.Literal("private", "public");
+export const RolloutFunctionSchema = Schema.Literal("linear", "step", "ease_in_out");
+export const RuntimeModeSchema = Schema.Literal("centralized", "standalone");
+export const TypegenModeSchema = Schema.Literal("semantic", "minimal");
+const TrimmedStringSchema = Schema.String;
+const NonEmptyStringSchema = Schema.String.pipe(Schema.minLength(1));
+export const RuntimeConfigSchema = Schema.Struct({
+    organization: Schema.optional(Schema.NullOr(TrimmedStringSchema)),
+    org: Schema.optional(Schema.NullOr(TrimmedStringSchema)),
+    project: Schema.optional(Schema.NullOr(TrimmedStringSchema)),
+    environment: Schema.optional(Schema.NullOr(TrimmedStringSchema)),
+    stage: Schema.optional(Schema.NullOr(TrimmedStringSchema)),
+    typegen: Schema.optional(Schema.NullOr(TypegenModeSchema)),
+    config: Schema.optional(Schema.Struct({
+        typegen: Schema.optional(TypegenModeSchema),
+        mode: Schema.optional(RuntimeModeSchema),
+    })),
+});
+export const CliConfigSchema = Schema.Union(Schema.Struct({
+    baseUrl: NonEmptyStringSchema,
+    activeSessionId: NonEmptyStringSchema,
+}), Schema.Struct({
+    baseUrl: NonEmptyStringSchema,
+    activeAccountId: NonEmptyStringSchema,
+}));
+export const CliSessionSchema = Schema.Union(Schema.Struct({
+    accessToken: NonEmptyStringSchema,
+    refreshToken: NonEmptyStringSchema,
+    accessTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    refreshTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    clerkUserId: NonEmptyStringSchema,
+    orgId: Schema.NullOr(NonEmptyStringSchema),
+    orgSlug: Schema.NullOr(NonEmptyStringSchema),
+    lastOrgId: Schema.optional(Schema.NullOr(NonEmptyStringSchema)),
+    lastOrgSlug: Schema.optional(Schema.NullOr(NonEmptyStringSchema)),
+}), Schema.Struct({
+    accessToken: NonEmptyStringSchema,
+    refreshToken: NonEmptyStringSchema,
+    accessTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    refreshTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    clerkUserId: NonEmptyStringSchema,
+    orgId: NonEmptyStringSchema,
+    orgSlug: NonEmptyStringSchema,
+}));
+export const ErrorEnvelopeSchema = Schema.Struct({
+    error: Schema.Struct({
+        code: Schema.optional(Schema.String),
+        message: Schema.optional(Schema.String),
+        requestId: Schema.optional(Schema.NullOr(Schema.String)),
+    }),
+});
+export const CliSessionResponseSchema = Schema.Struct({
+    clerkUserId: Schema.String,
+    displayName: Schema.NullOr(Schema.String),
+    email: Schema.NullOr(Schema.String),
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    source: Schema.Literal("clerk", "cli"),
+    requestId: Schema.optional(Schema.String),
+});
+export const DeviceStartResponseSchema = Schema.Struct({
+    deviceCode: Schema.String,
+    userCode: Schema.String,
+    verificationUri: Schema.String,
+    intervalSec: Schema.Number.pipe(Schema.finite()),
+    expiresInSec: Schema.Number.pipe(Schema.finite()),
+    requestId: Schema.optional(Schema.String),
+});
+export const DevicePollPendingSchema = Schema.Struct({
+    status: Schema.Literal("pending"),
+    intervalSec: Schema.Number.pipe(Schema.finite()),
+    requestId: Schema.optional(Schema.String),
+});
+export const DevicePollApprovedSchema = Schema.Struct({
+    status: Schema.Literal("approved"),
+    intervalSec: Schema.Number.pipe(Schema.finite()),
+    accessToken: Schema.String,
+    refreshToken: Schema.String,
+    accessTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    refreshTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    clerkUserId: Schema.String,
+    displayName: Schema.NullOr(Schema.String),
+    email: Schema.NullOr(Schema.String),
+    requestId: Schema.optional(Schema.String),
+});
+export const DevicePollResponseSchema = Schema.Union(DevicePollPendingSchema, DevicePollApprovedSchema);
+export const RefreshResponseSchema = Schema.Struct({
+    accessToken: Schema.String,
+    refreshToken: Schema.String,
+    accessTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    refreshTokenExpiresAtMs: Schema.Number.pipe(Schema.finite()),
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    clerkUserId: Schema.String,
+    displayName: Schema.NullOr(Schema.String),
+    email: Schema.NullOr(Schema.String),
+    requestId: Schema.optional(Schema.String),
+});
+export const EnvDecisionSchema = Schema.Struct({
+    bucket: Schema.Number.pipe(Schema.finite()),
+    chance: Schema.Number.pipe(Schema.finite()),
+    seed: Schema.optional(Schema.String),
+    key: Schema.optional(Schema.String),
+    matchedRule: Schema.String,
+});
+export const EnvResolvedValueSchema = Schema.Struct({
+    name: Schema.String,
+    kind: Schema.Literal("secret", "ab_roll", "rollout"),
+    declaredType: DeclaredTypeSchema,
+    visibility: VisibilitySchema,
+    value: Schema.Unknown,
+    decision: Schema.optional(EnvDecisionSchema),
+});
+export const EnvEvaluateResponseSchema = Schema.Struct({
+    name: Schema.String,
+    kind: Schema.Literal("secret", "ab_roll", "rollout"),
+    declaredType: DeclaredTypeSchema,
+    visibility: VisibilitySchema,
+    value: Schema.Unknown,
+    decision: Schema.optional(EnvDecisionSchema),
+});
+export const EnvEvaluateBatchResponseSchema = Schema.Struct({
+    values: Schema.Array(EnvResolvedValueSchema),
+});
+export const RolloutMilestoneSchema = Schema.Struct({
+    at: Schema.String,
+    percentage: Schema.Number.pipe(Schema.finite()),
+});
+export const EnvVariableListItemSchema = Schema.Struct({
+    name: Schema.String,
+    visibility: VisibilitySchema,
+    kind: Schema.Literal("secret", "ab_roll", "rollout"),
+    declaredType: DeclaredTypeSchema,
+    createdAtMs: Schema.Number.pipe(Schema.finite()),
+    updatedAtMs: Schema.Number.pipe(Schema.finite()),
+    chance: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+    rolloutFunction: Schema.NullOr(RolloutFunctionSchema),
+    rolloutMilestones: Schema.NullOr(Schema.Array(RolloutMilestoneSchema)),
+});
+export const EnvListResponseSchema = Schema.Struct({
+    variables: Schema.Array(EnvVariableListItemSchema),
+});
+export const EnvWriteResponseSchema = Schema.Struct({
+    createdCount: Schema.Number.pipe(Schema.finite()),
+    updatedCount: Schema.Number.pipe(Schema.finite()),
+    deletedCount: Schema.Number.pipe(Schema.finite()),
+});
+export const EnvPullValueSchema = Schema.Struct({
+    name: Schema.String,
+    kind: Schema.Literal("secret", "ab_roll", "rollout"),
+    declaredType: DeclaredTypeSchema,
+    value: Schema.String,
+});
+export const EnvPullResponseSchema = Schema.Struct({
+    values: Schema.Array(EnvPullValueSchema),
+    byName: Schema.Record({ key: Schema.String, value: Schema.String }),
+});
+export const TypegenVariableSchema = Schema.Struct({
+    name: Schema.String,
+    visibility: VisibilitySchema,
+    kind: Schema.Literal("secret", "ab_roll", "rollout"),
+    declaredType: DeclaredTypeSchema,
+    required: Schema.Boolean,
+    updatedAtMs: Schema.Number.pipe(Schema.finite()),
+    typeScriptType: Schema.String,
+    valueATypeScriptType: Schema.NullOr(Schema.String),
+    valueBTypeScriptType: Schema.NullOr(Schema.String),
+    rolloutFunction: Schema.NullOr(RolloutFunctionSchema),
+    rolloutMilestones: Schema.NullOr(Schema.Array(RolloutMilestoneSchema)),
+});
+export const TypegenManifestSchema = Schema.Struct({
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    projectSlug: Schema.String,
+    stageSlug: Schema.String,
+    generatedAtMs: Schema.Number.pipe(Schema.finite()),
+    manifestVersion: Schema.String,
+    variables: Schema.Array(TypegenVariableSchema),
+});
+export const OrganizationSummarySchema = Schema.Struct({
+    id: Schema.String,
+    slug: Schema.String,
+    name: Schema.String,
+    role: Schema.String,
+    imageUrl: Schema.String,
+});
+export const OrganizationsResponseSchema = Schema.Struct({
+    organizations: Schema.Array(OrganizationSummarySchema),
+});
+export const ProjectSummarySchema = Schema.Struct({
+    id: Schema.String,
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    name: Schema.String,
+    slug: Schema.String,
+    slugBase: Schema.String,
+    createdByClerkUserId: Schema.String,
+    createdAtMs: Schema.Number.pipe(Schema.finite()),
+    updatedAtMs: Schema.Number.pipe(Schema.finite()),
+});
+export const ProjectListItemSchema = Schema.Struct({
+    id: Schema.String,
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    name: Schema.String,
+    slug: Schema.String,
+    slugBase: Schema.String,
+    createdByClerkUserId: Schema.String,
+    createdAtMs: Schema.Number.pipe(Schema.finite()),
+    updatedAtMs: Schema.Number.pipe(Schema.finite()),
+    secretCount: Schema.Number.pipe(Schema.finite()),
+});
+export const ProjectsListResponseSchema = Schema.Struct({
+    projects: Schema.Array(ProjectListItemSchema),
+});
+export const ProjectCreateResponseSchema = Schema.Struct({
+    project: ProjectSummarySchema,
+});
+export const ProjectDeleteResponseSchema = Schema.Struct({
+    deletedProjectId: Schema.String,
+    deletedProjectSlug: Schema.String,
+});
+export const StageSummarySchema = Schema.Struct({
+    id: Schema.String,
+    projectId: Schema.String,
+    orgId: Schema.String,
+    slug: Schema.String,
+    name: Schema.String,
+    isDefault: Schema.Boolean,
+    variableCount: Schema.Number.pipe(Schema.finite()),
+    createdAtMs: Schema.Number.pipe(Schema.finite()),
+    updatedAtMs: Schema.Number.pipe(Schema.finite()),
+});
+export const StagesListResponseSchema = Schema.Struct({
+    stages: Schema.Array(StageSummarySchema),
+});
+export const StageCreateResponseSchema = Schema.Struct({
+    stage: StageSummarySchema,
+});
+export const StageRenameResponseSchema = Schema.Struct({
+    stage: StageSummarySchema,
+});
+export const StageDeleteResponseSchema = Schema.Struct({
+    deletedStageSlug: Schema.String,
+});
+export const FeatureUsageSchema = Schema.Struct({
+    featureId: Schema.String,
+    allowed: Schema.Boolean,
+    usage: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+    includedUsage: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+    usageLimit: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+    overageAllowed: Schema.NullOr(Schema.Boolean),
+    nextResetAtMs: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+});
+export const BillingCatalogResponseSchema = Schema.Struct({
+    variants: Schema.Array(Schema.Unknown),
+    featureIds: Schema.Struct({
+        staticRequests: Schema.String,
+        dynamicRequests: Schema.String,
+        storageBytes: Schema.String,
+    }),
+});
+export const BillingStatusResponseSchema = Schema.Struct({
+    orgId: Schema.String,
+    orgRole: Schema.NullOr(Schema.String),
+    canManageBilling: Schema.Boolean,
+    currentProductId: Schema.NullOr(Schema.String),
+    currentTier: Schema.NullOr(Schema.String),
+    currentInterval: Schema.NullOr(Schema.String),
+    currentOverageMode: Schema.NullOr(Schema.String),
+    hasScheduledPlanChange: Schema.Boolean,
+    scheduledPlanChange: Schema.NullOr(Schema.Unknown),
+    usage: Schema.Struct({
+        staticRequests: FeatureUsageSchema,
+        dynamicRequests: FeatureUsageSchema,
+        storageBytes: FeatureUsageSchema,
+    }),
+    storageMirrorBytes: Schema.Number.pipe(Schema.finite()),
+    variants: Schema.Array(Schema.Unknown),
+});
+export const AuditEventSchema = Schema.Struct({
+    id: Schema.String,
+    orgId: Schema.String,
+    orgSlug: Schema.String,
+    projectId: Schema.NullOr(Schema.String),
+    projectSlug: Schema.NullOr(Schema.String),
+    stageSlug: Schema.NullOr(Schema.String),
+    eventType: Schema.String,
+    category: Schema.String,
+    occurredAtMs: Schema.Number.pipe(Schema.finite()),
+    actorSource: Schema.String,
+    actorClerkUserId: Schema.NullOr(Schema.String),
+    actorDisplayName: Schema.NullOr(Schema.String),
+    actorEmail: Schema.NullOr(Schema.String),
+    subjectType: Schema.String,
+    subjectId: Schema.NullOr(Schema.String),
+    subjectName: Schema.NullOr(Schema.String),
+    title: Schema.String,
+    description: Schema.String,
+    severity: Schema.String,
+    payloadJson: Schema.String,
+    retentionTier: Schema.String,
+    expiresAtMs: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+});
+export const AuditListResponseSchema = Schema.Struct({
+    items: Schema.Array(AuditEventSchema),
+    nextBeforeOccurredAtMs: Schema.NullOr(Schema.Number.pipe(Schema.finite())),
+    hasMore: Schema.Boolean,
+});

package/dist/credentials-store.js

@@ -2,10 +2,22 @@ import { mkdir, readFile, rm, writeFile } from "node:fs/promises";
 import { homedir } from "node:os";
 import path from "node:path";
 import { spawn } from "node:child_process";
+import { Either, Schema } from "effect";
+import { CliConfigSchema, CliSessionSchema } from "./contracts/index.js";
 const SERVICE_NAME = "barekey-cli";
-const CONFIG_DIR = path.join(homedir(), ".config", "barekey");
-const CONFIG_PATH = path.join(CONFIG_DIR, "config.json");
-const CREDENTIALS_DIR = path.join(CONFIG_DIR, "credentials");
+function resolveHomeDir() {
+    const configuredHome = process.env.HOME?.trim();
+    return configuredHome && configuredHome.length > 0 ? configuredHome : homedir();
+}
+function getConfigDirPath() {
+    return path.join(resolveHomeDir(), ".config", "barekey");
+}
+function getConfigPath() {
+    return path.join(getConfigDirPath(), "config.json");
+}
+function getCredentialsDirPath() {
+    return path.join(getConfigDirPath(), "credentials");
+}
 function runCommand(command, args, input) {
     return new Promise((resolve) => {
         const child = spawn(command, args, {
@@ -32,14 +44,14 @@ function runCommand(command, args, input) {
     });
 }
 async function ensureConfigDir() {
-    await mkdir(CONFIG_DIR, {
+    await mkdir(getConfigDirPath(), {
         recursive: true,
         mode: 0o700,
     });
 }
 async function ensureCredentialsDir() {
     await ensureConfigDir();
-    await mkdir(CREDENTIALS_DIR, {
+    await mkdir(getCredentialsDirPath(), {
         recursive: true,
         mode: 0o700,
     });
@@ -61,7 +73,7 @@ async function writeJsonFile(filePath, value) {
     });
 }
 function credentialsPathForAccount(accountId) {
-    return path.join(CREDENTIALS_DIR, `${encodeURIComponent(accountId)}.json`);
+    return path.join(getCredentialsDirPath(), `${encodeURIComponent(accountId)}.json`);
 }
 async function canUseLinuxSecretTool() {
     if (process.platform !== "linux") {
@@ -153,13 +165,30 @@ async function deleteFromKeychain(account) {
     return false;
 }
 export async function saveConfig(config) {
-    await writeJsonFile(CONFIG_PATH, config);
+    await writeJsonFile(getConfigPath(), config);
 }
 export async function loadConfig() {
-    return readJsonFile(CONFIG_PATH);
+    const decoded = await readJsonFile(getConfigPath());
+    if (decoded === null) {
+        return null;
+    }
+    const result = Schema.decodeUnknownEither(CliConfigSchema)(decoded);
+    if (Either.isLeft(result)) {
+        return null;
+    }
+    if ("activeSessionId" in result.right) {
+        return {
+            baseUrl: result.right.baseUrl,
+            activeSessionId: result.right.activeSessionId,
+        };
+    }
+    return {
+        baseUrl: result.right.baseUrl,
+        activeSessionId: result.right.activeAccountId,
+    };
 }
 export async function clearConfig() {
-    await rm(CONFIG_PATH, {
+    await rm(getConfigPath(), {
         force: true,
     });
 }
@@ -182,14 +211,44 @@ export async function loadCredentials(accountId) {
     const fromKeychain = await getFromKeychain(accountId);
     if (fromKeychain !== null) {
         try {
-            return JSON.parse(fromKeychain);
+            const decoded = Schema.decodeUnknownEither(CliSessionSchema)(JSON.parse(fromKeychain));
+            if (Either.isRight(decoded)) {
+                return {
+                    accessToken: decoded.right.accessToken,
+                    refreshToken: decoded.right.refreshToken,
+                    accessTokenExpiresAtMs: decoded.right.accessTokenExpiresAtMs,
+                    refreshTokenExpiresAtMs: decoded.right.refreshTokenExpiresAtMs,
+                    clerkUserId: decoded.right.clerkUserId,
+                    orgId: decoded.right.orgId ?? null,
+                    orgSlug: decoded.right.orgSlug ?? null,
+                    lastOrgId: ("lastOrgId" in decoded.right ? decoded.right.lastOrgId : undefined) ?? decoded.right.orgId ?? null,
+                    lastOrgSlug: ("lastOrgSlug" in decoded.right ? decoded.right.lastOrgSlug : undefined) ?? decoded.right.orgSlug ?? null,
+                };
+            }
         }
         catch {
             // Fall back to file credentials when keychain data is malformed.
         }
     }
     const fromFile = await readJsonFile(credentialsPathForAccount(accountId));
-    return fromFile;
+    if (fromFile === null) {
+        return null;
+    }
+    const decoded = Schema.decodeUnknownEither(CliSessionSchema)(fromFile);
+    if (Either.isLeft(decoded)) {
+        return null;
+    }
+    return {
+        accessToken: decoded.right.accessToken,
+        refreshToken: decoded.right.refreshToken,
+        accessTokenExpiresAtMs: decoded.right.accessTokenExpiresAtMs,
+        refreshTokenExpiresAtMs: decoded.right.refreshTokenExpiresAtMs,
+        clerkUserId: decoded.right.clerkUserId,
+        orgId: decoded.right.orgId ?? null,
+        orgSlug: decoded.right.orgSlug ?? null,
+        lastOrgId: ("lastOrgId" in decoded.right ? decoded.right.lastOrgId : undefined) ?? decoded.right.orgId ?? null,
+        lastOrgSlug: ("lastOrgSlug" in decoded.right ? decoded.right.lastOrgSlug : undefined) ?? decoded.right.orgSlug ?? null,
+    };
 }
 export async function deleteCredentials(accountId) {
     await deleteFromKeychain(accountId);

package/dist/http.d.ts

@@ -1,3 +1,4 @@
+import { Effect, Schema } from "effect";
 export declare class CliHttpError extends Error {
     readonly code: string;
     readonly status: number;
@@ -14,9 +15,42 @@ export declare function postJson<TResponse>(input: {
     path: string;
     payload: unknown;
     accessToken?: string | null;
+    schema?: Schema.Schema<TResponse>;
 }): Promise<TResponse>;
 export declare function getJson<TResponse>(input: {
     baseUrl: string;
     path: string;
     accessToken?: string | null;
+    schema?: Schema.Schema<TResponse>;
 }): Promise<TResponse>;
+/**
+ * Executes one typed HTTP POST request as an Effect program.
+ *
+ * @param input The request configuration and response schema.
+ * @returns An Effect that succeeds with the decoded JSON response.
+ * @remarks CLI command programs use this so schema decode failures and transport failures share one typed path.
+ * @lastModified 2026-03-19
+ * @author GPT-5.4
+ */
+export declare function postJsonEffect<TResponse>(input: {
+    baseUrl: string;
+    path: string;
+    payload: unknown;
+    accessToken?: string | null;
+    schema: Schema.Schema<TResponse>;
+}): Effect.Effect<TResponse, CliHttpError, never>;
+/**
+ * Executes one typed HTTP GET request as an Effect program.
+ *
+ * @param input The request configuration and response schema.
+ * @returns An Effect that succeeds with the decoded JSON response.
+ * @remarks CLI command programs use this so schema decode failures and transport failures share one typed path.
+ * @lastModified 2026-03-19
+ * @author GPT-5.4
+ */
+export declare function getJsonEffect<TResponse>(input: {
+    baseUrl: string;
+    path: string;
+    accessToken?: string | null;
+    schema: Schema.Schema<TResponse>;
+}): Effect.Effect<TResponse, CliHttpError, never>;

package/dist/http.js

@@ -1,3 +1,4 @@
+import { Effect, Either, Schema } from "effect";
 export class CliHttpError extends Error {
     code;
     status;
@@ -18,6 +19,17 @@ async function parseJson(response) {
         return null;
     }
 }
+function decodeResponse(schema, payload) {
+    const decoded = Schema.decodeUnknownEither(schema)(payload);
+    if (Either.isLeft(decoded)) {
+        throw new CliHttpError({
+            code: "INVALID_RESPONSE",
+            status: 500,
+            message: "Barekey returned an unexpected response payload.",
+        });
+    }
+    return decoded.right;
+}
 export async function postJson(input) {
     const response = await fetch(`${input.baseUrl.replace(/\/$/, "")}${input.path}`, {
         method: "POST",
@@ -41,7 +53,7 @@ export async function postJson(input) {
             requestId: payload?.error?.requestId ?? null,
         });
     }
-    return parsed;
+    return input.schema ? decodeResponse(input.schema, parsed) : parsed;
 }
 export async function getJson(input) {
     const response = await fetch(`${input.baseUrl.replace(/\/$/, "")}${input.path}`, {
@@ -62,5 +74,47 @@ export async function getJson(input) {
             requestId: payload?.error?.requestId ?? null,
         });
     }
-    return parsed;
+    return input.schema ? decodeResponse(input.schema, parsed) : parsed;
+}
+/**
+ * Executes one typed HTTP POST request as an Effect program.
+ *
+ * @param input The request configuration and response schema.
+ * @returns An Effect that succeeds with the decoded JSON response.
+ * @remarks CLI command programs use this so schema decode failures and transport failures share one typed path.
+ * @lastModified 2026-03-19
+ * @author GPT-5.4
+ */
+export function postJsonEffect(input) {
+    return Effect.tryPromise({
+        try: () => postJson(input),
+        catch: (error) => error instanceof CliHttpError
+            ? error
+            : new CliHttpError({
+                code: "HTTP_ERROR",
+                status: 500,
+                message: error instanceof Error ? error.message : "HTTP request failed.",
+            }),
+    });
+}
+/**
+ * Executes one typed HTTP GET request as an Effect program.
+ *
+ * @param input The request configuration and response schema.
+ * @returns An Effect that succeeds with the decoded JSON response.
+ * @remarks CLI command programs use this so schema decode failures and transport failures share one typed path.
+ * @lastModified 2026-03-19
+ * @author GPT-5.4
+ */
+export function getJsonEffect(input) {
+    return Effect.tryPromise({
+        try: () => getJson(input),
+        catch: (error) => error instanceof CliHttpError
+            ? error
+            : new CliHttpError({
+                code: "HTTP_ERROR",
+                status: 500,
+                message: error instanceof Error ? error.message : "HTTP request failed.",
+            }),
+    });
 }

package/dist/index.js

@@ -2,12 +2,24 @@
 import { Command } from "commander";
 import pc from "picocolors";
 import { registerAuthCommands } from "./commands/auth.js";
+import { registerAuditCommands } from "./commands/audit.js";
+import { registerBillingCommands } from "./commands/billing.js";
 import { registerEnvCommands } from "./commands/env.js";
+import { registerInitCommand } from "./commands/init.js";
+import { registerOrgCommands } from "./commands/org.js";
+import { registerProjectCommands } from "./commands/project.js";
+import { registerStageCommands } from "./commands/stage.js";
 import { registerTypegenCommand } from "./commands/typegen.js";
 import { CLI_DESCRIPTION, CLI_NAME, CLI_VERSION } from "./constants.js";
 const program = new Command();
 program.name(CLI_NAME).description(CLI_DESCRIPTION).version(CLI_VERSION);
 registerAuthCommands(program);
+registerAuditCommands(program);
+registerBillingCommands(program);
+registerInitCommand(program);
+registerOrgCommands(program);
+registerProjectCommands(program);
+registerStageCommands(program);
 registerEnvCommands(program);
 registerTypegenCommand(program);
 program.parseAsync(process.argv).catch((error) => {

package/dist/runtime-config.js

@@ -1,5 +1,7 @@
 import { access, readFile } from "node:fs/promises";
 import path from "node:path";
+import { Either, Schema } from "effect";
+import { RuntimeConfigSchema } from "./contracts/index.js";
 async function fileExists(filePath) {
     try {
         await access(filePath);
@@ -30,36 +32,22 @@ export async function loadRuntimeConfig() {
     }
     const raw = await readFile(configPath, "utf8");
     const parsed = JSON.parse(raw);
-    const config = typeof parsed.config === "object" && parsed.config !== null
-        ? parsed.config
-        : undefined;
+    const decoded = Schema.decodeUnknownEither(RuntimeConfigSchema)(parsed);
+    if (Either.isLeft(decoded)) {
+        throw new Error(`Invalid barekey.json at ${configPath}.`);
+    }
+    const config = decoded.right.config;
+    const mode = config?.mode ?? "centralized";
+    const typegen = mode === "standalone" ? "minimal" : (config?.typegen ?? decoded.right.typegen ?? "semantic");
     return {
         path: configPath,
         config: {
-            org: typeof parsed.organization === "string"
-                ? parsed.organization.trim()
-                : typeof parsed.org === "string"
-                    ? parsed.org.trim()
-                    : undefined,
-            project: typeof parsed.project === "string" ? parsed.project.trim() : undefined,
-            environment: typeof parsed.environment === "string"
-                ? parsed.environment.trim()
-                : typeof parsed.stage === "string"
-                    ? parsed.stage.trim()
-                    : undefined,
+            org: (decoded.right.organization ?? decoded.right.org ?? undefined)?.trim() || undefined,
+            project: decoded.right.project?.trim() || undefined,
+            environment: (decoded.right.environment ?? decoded.right.stage ?? undefined)?.trim() || undefined,
             config: {
-                mode: config?.mode === "centralized" || config?.mode === "standalone"
-                    ? config.mode
-                    : "centralized",
-                typegen: (config?.mode === "centralized" || config?.mode === "standalone"
-                    ? config.mode
-                    : "centralized") === "standalone"
-                    ? "minimal"
-                    : config?.typegen === "semantic" || config?.typegen === "minimal"
-                        ? config.typegen
-                        : parsed.typegen === "semantic" || parsed.typegen === "minimal"
-                            ? parsed.typegen
-                            : "semantic",
+                mode,
+                typegen,
             },
         },
     };