@blinkdotnew/cli 0.3.6 → 0.4.0

package/dist/cli.js

@@ -50,7 +50,14 @@ function resolveProjectId(explicitId) {
 function requireProjectId(explicitId) {
   const id = resolveProjectId(explicitId);
   if (!id) {
-    console.error("Error: No project linked. Run `blink link <project_id>` or use `blink use <project_id>`.");
+    process.stderr.write(
+      `Error: No project context.
+  1. blink link <project_id>                   Link to current directory
+  2. export BLINK_ACTIVE_PROJECT=proj_xxx       Set env var (CI/agents)
+  3. Pass project_id as argument                e.g. blink db query proj_xxx "SELECT 1"
+  Don't have a project yet? Run: blink init
+`
+    );
     process.exit(1);
   }
   return id;
@@ -136,10 +143,10 @@ function readConfig(profile = "default") {
   return sections[profile];
 }
 function writeConfig(data, profile = "default") {
-  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true });
+  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
   const existing = existsSync(CONFIG_FILE) ? parseToml(readFileSync(CONFIG_FILE, "utf-8")) : {};
   existing[profile] = { ...existing[profile], ...data };
-  writeFileSync(CONFIG_FILE, serializeToml(existing));
+  writeFileSync(CONFIG_FILE, serializeToml(existing), { mode: 384 });
 }
 function clearConfig(profile = "default") {
   if (!existsSync(CONFIG_FILE)) return;
@@ -166,7 +173,9 @@ function resolveToken() {
 function requireToken() {
   const token = resolveToken();
   if (!token) {
-    console.error("Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY env var.");
+    process.stderr.write(
+      "Error: Not authenticated.\n  Get your API key at: blink.new/settings?tab=api-keys (starts with blnk_ak_)\n  Then: blink login --interactive           Save to ~/.config/blink/config.toml\n    or: export BLINK_API_KEY=blnk_ak_...    Set env var (CI/agents)\n"
+    );
     process.exit(1);
   }
   return token;
@@ -197,9 +206,17 @@ async function resourcesRequest(path, opts = {}) {
     const errText = await res.text();
     let errMsg = `HTTP ${res.status}`;
     try {
-      errMsg = JSON.parse(errText).error ?? errMsg;
+      const parsed = JSON.parse(errText);
+      const err = parsed.error;
+      if (typeof err === "string") errMsg = err;
+      else if (err?.message) errMsg = err.message;
+      else if (parsed.message) errMsg = parsed.message;
+      else if (err) errMsg = JSON.stringify(err);
     } catch {
     }
+    if (res.status === 401) errMsg += " \u2014 check your API key (blink login --interactive)";
+    if (res.status === 403) errMsg += " \u2014 check project permissions or workspace tier";
+    if (res.status === 404) errMsg += " \u2014 resource not found (check project ID)";
     throw new Error(errMsg);
   }
   const ct = res.headers.get("content-type") ?? "";
@@ -212,6 +229,13 @@ import chalk from "chalk";
 import Table from "cli-table3";
 var isJsonMode = () => process.argv.includes("--json");
 var isCI = () => !process.stdout.isTTY;
+function printSuccess(msg) {
+  if (!isJsonMode()) console.log(chalk.green("\u2713") + " " + msg);
+}
+function printError(msg, hint) {
+  console.error(chalk.red("Error:") + " " + msg);
+  if (hint) console.error("       " + chalk.dim(hint));
+}
 function printUrl(label, url) {
   if (!isJsonMode()) console.log(chalk.bold(label.padEnd(12)) + chalk.cyan(url));
 }
@@ -1391,7 +1415,7 @@ async function liExec(method, httpMethod, params, agentId) {
   return result.data;
 }
 async function getPersonId(agentId) {
-  const data = await liExec("v2/userinfo", "GET", {}, agentId);
+  const data = await liExec("userinfo", "GET", {}, agentId);
   const id = data?.sub ?? data?.id;
   if (!id) throw new Error("Could not resolve LinkedIn person ID");
   return id;
@@ -1436,7 +1460,7 @@ Examples:
     const agentId = requireAgentId(opts.agent);
     const data = await withSpinner(
       "Fetching LinkedIn profile...",
-      () => liExec("v2/userinfo", "GET", {}, agentId)
+      () => liExec("userinfo", "GET", {}, agentId)
     );
     if (isJsonMode()) return printJson(data);
     const name = data?.name ?? [data?.given_name, data?.family_name].filter(Boolean).join(" ");
@@ -1515,7 +1539,7 @@ Examples:
     const encoded = encodeURIComponent(postUrn);
     const data = await withSpinner(
       "Liking post...",
-      () => liExec(`v2/socialActions/${encoded}/likes`, "POST", {
+      () => liExec(`socialActions/${encoded}/likes`, "POST", {
         actor: `urn:li:person:${personId}`
       }, agentId)
     );
@@ -1537,7 +1561,7 @@ Examples:
     const encodedPerson = encodeURIComponent(`urn:li:person:${personId}`);
     await withSpinner(
       "Unliking post...",
-      () => liExec(`v2/socialActions/${encodedPost}/likes/${encodedPerson}`, "DELETE", {}, agentId)
+      () => liExec(`socialActions/${encodedPost}/likes/${encodedPerson}`, "DELETE", {}, agentId)
     );
     if (isJsonMode()) return printJson({ unliked: true });
     console.log(chalk7.green("\u2713 Post unliked"));
@@ -1558,7 +1582,7 @@ Examples:
     const encoded = encodeURIComponent(postUrn);
     const data = await withSpinner(
       "Adding comment...",
-      () => liExec(`v2/socialActions/${encoded}/comments`, "POST", {
+      () => liExec(`socialActions/${encoded}/comments`, "POST", {
         actor: `urn:li:person:${personId}`,
         message: { text }
       }, agentId)
@@ -1797,9 +1821,13 @@ async function appRequest(path, opts = {}) {
     const errText = await res.text();
     let errMsg = `HTTP ${res.status}`;
     try {
-      errMsg = JSON.parse(errText).error ?? errMsg;
+      const parsed = JSON.parse(errText);
+      errMsg = parsed.error ?? parsed.message ?? errMsg;
     } catch {
     }
+    if (res.status === 401) errMsg += " \u2014 check your API key (blink login --interactive)";
+    if (res.status === 403) errMsg += " \u2014 check project permissions or workspace tier";
+    if (res.status === 404) errMsg += " \u2014 resource not found (check project ID)";
     throw new Error(errMsg);
   }
   const ct = res.headers.get("content-type") ?? "";
@@ -2298,87 +2326,1511 @@ Examples:
   });
 }
 
-// src/cli.ts
-var require2 = createRequire(import.meta.url);
-var pkg = require2("../package.json");
-var program = new Command();
-program.name("blink").description("Blink platform CLI \u2014 build, deploy, and manage AI-powered apps").version(pkg.version).option("--token <key>", "Override API token for this command").option("--json", "Machine-readable JSON output (no colors, great for scripting)").option("-y, --yes", "Skip confirmation prompts").option("--debug", "Verbose request logging").option("--profile <name>", "Use named config profile from ~/.config/blink/config.toml").addHelpText("after", `
-Auth:
-  API key lives at blink.new \u2192 Settings \u2192 API Keys (starts with blnk_ak_)
-  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
-  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
-
-Quick Start:
-  $ blink login --interactive          Authenticate
-  $ blink link                         Link current dir to a project (interactive picker)
-  $ npm run build && blink deploy ./dist --prod   Build then deploy to production
+// src/commands/auth-config.ts
+init_project();
+import chalk13 from "chalk";
+function printAuthConfig(auth) {
+  printKv("Mode", auth.mode ?? "redirect");
+  console.log();
+  console.log(chalk13.bold("Providers:"));
+  for (const [name, cfg] of Object.entries(auth.providers ?? {})) {
+    const status = cfg.enabled ? chalk13.green("enabled") : chalk13.dim("disabled");
+    console.log(`  ${name.padEnd(12)} ${status}`);
+  }
+}
+function registerAuthConfigCommands(program2) {
+  const authConfig = program2.command("auth-config").description("Configure Blink Auth \u2014 providers, mode, and BYOC credentials").addHelpText("after", `
+Manage authentication settings for your Blink project.
+Configure OAuth providers (Google, GitHub, Microsoft, Apple, Email)
+and set managed/headless mode.
 
-Deploy:
-  $ blink deploy ./dist --prod         Deploy build output to production
-  $ blink deploy ./dist                Preview deployment (safe, non-destructive)
-  $ blink deployments                  List past deployments
-  $ blink rollback                     Rollback production to previous version
+Examples:
+  $ blink auth-config get                     Show current auth config
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --mode managed
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-remove --provider google
+`);
+  authConfig.command("get [project_id]").description("Show current auth configuration").addHelpText("after", `
+Examples:
+  $ blink auth-config get                Show auth config for linked project
+  $ blink auth-config get proj_xxx       Show auth config for specific project
+  $ blink auth-config get --json         Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading auth config...",
+      () => appRequest(`/api/projects/${projectId}/auth`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const auth = result?.auth ?? result;
+    printAuthConfig(auth);
+  });
+  authConfig.command("set [project_id]").description("Update auth provider or mode").option("--provider <name>", "Provider to update (google/github/microsoft/apple/email)").option("--enabled <bool>", "Enable or disable provider (true/false)").option("--mode <mode>", "Auth mode (managed/headless)").addHelpText("after", `
+Examples:
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --provider email --enabled false
+  $ blink auth-config set --mode managed
+  $ blink auth-config set proj_xxx --provider github --enabled true
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const current = await appRequest(`/api/projects/${projectId}/auth`);
+    const auth = current?.auth ?? current ?? {};
+    if (opts.mode) auth.mode = opts.mode;
+    if (opts.provider && opts.enabled !== void 0) {
+      if (!auth.providers) auth.providers = {};
+      const existing = auth.providers[opts.provider];
+      const providerConfig = typeof existing === "object" && existing ? existing : {};
+      auth.providers[opts.provider] = { ...providerConfig, enabled: opts.enabled === "true" };
+    }
+    const result = await withSpinner(
+      "Updating auth config...",
+      () => appRequest(`/api/projects/${projectId}/auth`, { method: "PUT", body: auth })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Auth config updated");
+  });
+  registerByocCommands(authConfig);
+}
+function registerByocCommands(authConfig) {
+  authConfig.command("byoc-set [project_id]").description("Set BYOC (Bring Your Own Credentials) for an OAuth provider").requiredOption("--provider <name>", "Provider (google/github/microsoft/apple)").requiredOption("--client-id <id>", "OAuth client ID").requiredOption("--client-secret <secret>", "OAuth client secret").addHelpText("after", `
+Examples:
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-set proj_xxx --provider github --client-id xxx --client-secret yyy
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const body = { provider: opts.provider, client_id: opts.clientId, client_secret: opts.clientSecret };
+    await withSpinner(
+      "Setting BYOC credentials...",
+      () => appRequest(`/api/projects/${projectId}/auth/byoc`, { body })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", provider: opts.provider });
+    printSuccess(`BYOC credentials set for ${opts.provider}`);
+  });
+  authConfig.command("byoc-remove [project_id]").description("Remove BYOC credentials for an OAuth provider").requiredOption("--provider <name>", "Provider (google/github/microsoft/apple)").addHelpText("after", `
+Examples:
+  $ blink auth-config byoc-remove --provider google
+  $ blink auth-config byoc-remove proj_xxx --provider github
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    await withSpinner(
+      "Removing BYOC credentials...",
+      () => appRequest(`/api/projects/${projectId}/auth/byoc`, {
+        method: "DELETE",
+        body: { provider: opts.provider }
+      })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", provider: opts.provider });
+    printSuccess(`BYOC credentials removed for ${opts.provider}`);
+  });
+}
 
-Database (requires linked project or project_id):
-  $ blink db query "SELECT * FROM users LIMIT 10"
-  $ blink db query proj_xxx "SELECT count(*) FROM orders"
-  $ blink db exec schema.sql           Run a SQL file
-  $ blink db list                      Show all tables
-  $ blink db list users                Show rows in the users table
+// src/commands/domains.ts
+init_project();
+import chalk14 from "chalk";
+function printDomainRow(d) {
+  const status = d.verified ? chalk14.green("verified") : chalk14.yellow("pending");
+  return [d.id ?? "-", d.domain, status, d.dns_type ?? "-"];
+}
+function registerDomainsCommands(program2) {
+  const domains = program2.command("domains").description("Custom domain management \u2014 add, verify, remove, purchase, and connect").addHelpText("after", `
+Manage custom domains for your Blink projects.
+Search and purchase domains directly, or connect existing ones.
 
-Storage:
-  $ blink storage upload ./photo.jpg
-  $ blink storage list
-  $ blink storage url images/photo.jpg
-  $ blink storage download images/photo.jpg ./local.jpg
+Examples:
+  $ blink domains list                       List domains on linked project
+  $ blink domains add example.com            Add a custom domain
+  $ blink domains verify dom_xxx             Trigger DNS verification
+  $ blink domains remove dom_xxx --yes       Remove a domain
+  $ blink domains search cool-app            Search available domains
+  $ blink domains purchase cool-app.com      Purchase a domain
+  $ blink domains my                         List your purchased domains
+  $ blink domains connect example.com        Connect a purchased domain to project
+`);
+  domains.command("list [project_id]").description("List all domains on a project").addHelpText("after", `
+Examples:
+  $ blink domains list                   List domains for linked project
+  $ blink domains list proj_xxx          List domains for specific project
+  $ blink domains list --json            Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading domains...",
+      () => appRequest(`/api/project/${projectId}/domains`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.domains ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("(no domains \u2014 use `blink domains add <domain>`)"));
+      return;
+    }
+    const table = createTable(["ID", "Domain", "Status", "DNS"]);
+    for (const d of items) table.push(printDomainRow(d));
+    console.log(table.toString());
+  });
+  domains.command("add <domain> [project_id]").description("Add a custom domain to a project").addHelpText("after", `
+Examples:
+  $ blink domains add example.com            Add to linked project
+  $ blink domains add example.com proj_xxx   Add to specific project
+`).action(async (domain, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Adding ${domain}...`,
+      () => appRequest(`/api/project/${projectId}/domains`, { body: { domain } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Domain ${domain} added`);
+    const domainId = result?.domain?.id ?? result?.id;
+    if (domainId) printKv("Domain ID", domainId);
+    console.log(chalk14.dim("Run `blink domains verify " + (domainId ?? "<domain_id>") + "` after configuring DNS"));
+  });
+  registerDomainActions(domains);
+  registerGlobalDomainCommands(domains);
+}
+function registerDomainActions(domains) {
+  domains.command("verify <domain_id> [project_id]").description("Trigger DNS verification for a domain").addHelpText("after", `
+Examples:
+  $ blink domains verify dom_xxx
+  $ blink domains verify dom_xxx proj_xxx
+`).action(async (domainId, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Verifying DNS...",
+      () => appRequest(`/api/project/${projectId}/domains/${domainId}`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    const verified = result?.hostname_status === "active";
+    if (verified) printSuccess("Domain verified");
+    else console.log(chalk14.yellow("!") + " DNS not yet propagated \u2014 try again in a few minutes");
+  });
+  domains.command("remove <domain_id> [project_id]").description("Remove a domain from a project").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink domains remove dom_xxx --yes
+  $ blink domains remove dom_xxx proj_xxx
+`).action(async (domainId, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    if (!shouldSkipConfirm(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Remove domain ${domainId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Removing domain...",
+      () => appRequest(`/api/project/${projectId}/domains/${domainId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", domain_id: domainId });
+    printSuccess("Domain removed");
+  });
+}
+function registerGlobalDomainCommands(domains) {
+  domains.command("search <query>").description("Search available domains for purchase (no auth needed)").addHelpText("after", `
+Examples:
+  $ blink domains search cool-app
+  $ blink domains search my-startup --json
+`).action(async (query) => {
+    const result = await withSpinner(
+      "Searching domains...",
+      () => appRequest(`/api/domains/search?q=${encodeURIComponent(query)}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.results ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("No results"));
+      return;
+    }
+    const table = createTable(["Domain", "Available", "Price"]);
+    for (const d of items) {
+      const avail = d.available ? chalk14.green("yes") : chalk14.red("no");
+      table.push([d.domain, avail, d.price ?? "-"]);
+    }
+    console.log(table.toString());
+  });
+  domains.command("purchase <domain>").description("Purchase a domain").option("--period <years>", "Registration period in years", "1").addHelpText("after", `
+Examples:
+  $ blink domains purchase cool-app.com
+  $ blink domains purchase cool-app.com --period 2
+  $ blink domains purchase cool-app.com --json
+`).option("--yes", "Skip confirmation").action(async (domain, opts) => {
+    requireToken();
+    if (!shouldSkipConfirm(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Purchase ${domain} for ${opts.period} year(s)? This will charge your account.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const result = await withSpinner(
+      `Purchasing ${domain}...`,
+      () => appRequest("/api/domains/purchase", { body: { domain, period: Number(opts.period) } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Domain ${domain} purchased`);
+    if (result?.domain_id) printKv("Domain ID", result.domain_id);
+  });
+  domains.command("connect <domain> [project_id]").description("Connect a purchased domain to a project").addHelpText("after", `
+Examples:
+  $ blink domains connect example.com            Connect to linked project
+  $ blink domains connect example.com proj_xxx   Connect to specific project
+`).action(async (domain, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Connecting ${domain}...`,
+      () => appRequest("/api/domains/connect", { body: { domainId: domain, projectId } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`${domain} connected to ${projectId}`);
+  });
+  domains.command("my").description("List your purchased domains").addHelpText("after", `
+Examples:
+  $ blink domains my
+  $ blink domains my --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading your domains...",
+      () => appRequest("/api/domains/my")
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.domains ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("(no purchased domains)"));
+      return;
+    }
+    const table = createTable(["Domain", "Status", "Expires"]);
+    for (const d of items) table.push([d.domain, d.status ?? "-", d.expiration_date ?? "-"]);
+    console.log(table.toString());
+  });
+}
+function shouldSkipConfirm(opts) {
+  return opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+}
 
-AI (no project needed \u2014 workspace-scoped):
-  $ blink ai image "a futuristic city at sunset"
-  $ blink ai text "Summarize this: ..." --model anthropic/claude-sonnet-4.5
-  $ blink ai video "ocean waves at sunset" --duration 10s
-  $ blink ai speech "Hello world" --voice nova --output hello.mp3
-  $ blink ai transcribe ./meeting.mp3
+// src/commands/hosting.ts
+init_project();
+import chalk15 from "chalk";
+var STATE_COLORS = {
+  active: chalk15.green,
+  inactive: chalk15.dim,
+  grace: chalk15.yellow,
+  offline: chalk15.red
+};
+function printHostingStatus(data) {
+  const state = String(data.status ?? data.state ?? "unknown");
+  const colorFn = STATE_COLORS[state] ?? chalk15.white;
+  printKv("State", colorFn(state));
+  if (data.hosting_tier) printKv("Tier", String(data.hosting_tier));
+  if (data.hosting_prod_url) printKv("URL", String(data.hosting_prod_url));
+}
+function registerHostingCommands(program2) {
+  const hosting = program2.command("hosting").description("Hosting management \u2014 activate, deactivate, and check status").addHelpText("after", `
+Manage hosting for your Blink project.
+Hosting gives your project a live URL on blinkpowered.com or a custom domain.
 
-Web & Data:
-  $ blink search "latest AI news" --count 10
-  $ blink fetch https://api.github.com/users/octocat
-  $ blink fetch https://api.example.com --method POST --body '{"key":"val"}'
-  $ blink scrape https://example.com --text              Clean text (no HTML)
-  $ blink scrape https://example.com --extract "prices"  AI-extract specific data
+Examples:
+  $ blink hosting status                 Check hosting state and URLs
+  $ blink hosting activate               Activate hosting
+  $ blink hosting deactivate --yes       Deactivate hosting
+  $ blink hosting reactivate             Reactivate after deactivation
+`);
+  hosting.command("status [project_id]").description("Show hosting state, tier, and URLs").addHelpText("after", `
+Examples:
+  $ blink hosting status                 Status for linked project
+  $ blink hosting status proj_xxx        Status for specific project
+  $ blink hosting status --json          Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading hosting status...",
+      () => appRequest(`/api/project/${projectId}/hosting/status`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printHostingStatus(result);
+  });
+  hosting.command("activate [project_id]").description("Activate hosting for a project").addHelpText("after", `
+Examples:
+  $ blink hosting activate
+  $ blink hosting activate proj_xxx
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Activating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/activate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Hosting activated");
+    if (result?.hosting_prod_url) printKv("URL", result.hosting_prod_url);
+  });
+  hosting.command("deactivate [project_id]").description("Deactivate hosting for a project").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink hosting deactivate --yes
+  $ blink hosting deactivate proj_xxx
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    if (!shouldSkipConfirm2(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: "Deactivate hosting? Your site will go offline." });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Deactivating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/deactivate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", project_id: projectId });
+    printSuccess("Hosting deactivated");
+  });
+  hosting.command("reactivate [project_id]").description("Reactivate hosting after deactivation").addHelpText("after", `
+Examples:
+  $ blink hosting reactivate
+  $ blink hosting reactivate proj_xxx
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Reactivating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/reactivate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Hosting reactivated");
+    if (result?.hosting_prod_url) printKv("URL", result.hosting_prod_url);
+  });
+}
+function shouldSkipConfirm2(opts) {
+  return opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+}
 
-Realtime / RAG / Notify:
-  $ blink realtime publish updates '{"type":"refresh"}'
-  $ blink rag search "how does billing work" --ai
-  $ blink notify email user@example.com "Subject" "Body"
+// src/commands/security.ts
+init_project();
+import chalk16 from "chalk";
+function printSecurityPolicy(data) {
+  const modules = data.modules ?? data;
+  const table = createTable(["Module", "Require Auth"]);
+  for (const [name, cfg] of Object.entries(modules)) {
+    const status = cfg.require_auth ? chalk16.green("yes") : chalk16.dim("no");
+    table.push([name, status]);
+  }
+  console.log(table.toString());
+}
+function printCorsOrigins(origins) {
+  if (!origins.length) {
+    console.log(chalk16.dim("(no CORS origins configured \u2014 all origins allowed)"));
+    return;
+  }
+  for (const o of origins) console.log(`  ${o}`);
+  console.log(chalk16.dim(`
+${origins.length} origin${origins.length === 1 ? "" : "s"}`));
+}
+function registerSecurityCommands(program2) {
+  registerSecurityGroup(program2);
+  registerCorsGroup(program2);
+}
+function registerSecurityGroup(program2) {
+  const security = program2.command("security").description("Security policy \u2014 require auth per module (db/ai/storage/realtime/rag)").addHelpText("after", `
+Control which backend modules require user authentication.
+When require_auth is true, unauthenticated requests are rejected.
 
-Phone Numbers (10 credits/month per number):
-  $ blink phone list               List all workspace phone numbers
-  $ blink phone buy --label Sales  Buy a new number (US, UK, CA, AU)
-  $ blink phone label <id> Sales   Update label
-  $ blink phone release <id>       Release a number
+Examples:
+  $ blink security get                                Show security policy
+  $ blink security set --module db --require-auth true
+  $ blink security set --module ai --require-auth false
+`);
+  security.command("get [project_id]").description("Show current security policy").addHelpText("after", `
+Examples:
+  $ blink security get                  Show policy for linked project
+  $ blink security get proj_xxx         Show policy for specific project
+  $ blink security get --json           Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading security policy...",
+      () => appRequest(`/api/project/${projectId}/security`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printSecurityPolicy(result?.policy ?? result);
+  });
+  security.command("set [project_id]").description("Update security policy for a module").requiredOption("--module <name>", "Module (db/ai/storage/realtime/rag)").requiredOption("--require-auth <bool>", "Require auth (true/false)").addHelpText("after", `
+Examples:
+  $ blink security set --module db --require-auth true
+  $ blink security set --module ai --require-auth false
+  $ blink security set proj_xxx --module storage --require-auth true
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const requireAuth = opts.requireAuth === "true";
+    const body = { policy: { modules: { [opts.module]: { require_auth: requireAuth } } } };
+    await withSpinner(
+      "Updating security policy...",
+      () => appRequest(`/api/project/${projectId}/security`, { method: "PUT", body })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", module: opts.module, require_auth: requireAuth });
+    printSuccess(`${opts.module}: require_auth = ${requireAuth}`);
+  });
+}
+function registerCorsGroup(program2) {
+  const cors = program2.command("cors").description("CORS origin management \u2014 control which origins can access your project APIs").addHelpText("after", `
+Manage allowed CORS origins for your project.
+When no origins are configured, all origins are allowed.
 
-Connectors (38 OAuth providers \u2014 GitHub, Notion, Slack, Stripe, Shopify, Jira, Linear, and more):
-  $ blink connector providers                                    List all 38 providers
-  $ blink connector status                                       Show all connected accounts
-  $ blink connector status github                                Check a specific provider
-  $ blink connector exec github /user/repos GET                  Call any REST endpoint
-  $ blink connector exec notion /search POST '{"query":"notes"}' Notion search
-  $ blink connector exec slack /chat.postMessage POST '{"channel":"C123","text":"hi"}'
-  $ blink connector exec stripe /customers GET '{"limit":5}'
-  $ blink connector exec jira /search GET '{"jql":"assignee=currentUser()"}'
-  $ blink connector exec linear '{ viewer { id name } }' POST   GraphQL (Linear)
-  Connect accounts at: blink.new/settings?tab=connectors
+Examples:
+  $ blink cors get                                                Show allowed origins
+  $ blink cors set --origins https://example.com https://app.example.com
+`);
+  cors.command("get [project_id]").description("Show allowed CORS origins").addHelpText("after", `
+Examples:
+  $ blink cors get                   Show origins for linked project
+  $ blink cors get proj_xxx          Show origins for specific project
+  $ blink cors get --json            Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading CORS config...",
+      () => appRequest(`/api/project/${projectId}/cors`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const origins = result?.custom_origins ?? result?.origins ?? [];
+    printCorsOrigins(origins);
+  });
+  cors.command("set [project_id]").description("Set allowed CORS origins").requiredOption("--origins <urls...>", "Allowed origins (space-separated)").addHelpText("after", `
+Examples:
+  $ blink cors set --origins https://example.com
+  $ blink cors set --origins https://example.com https://app.example.com
+  $ blink cors set proj_xxx --origins https://example.com
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const origins = opts.origins;
+    await withSpinner(
+      "Updating CORS origins...",
+      () => appRequest(`/api/project/${projectId}/cors`, { method: "PUT", body: { custom_origins: origins } })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", origins });
+    printSuccess(`CORS origins set: ${origins.join(", ")}`);
+  });
+}
 
-LinkedIn (dedicated commands for the LinkedIn connector):
-  $ blink linkedin me                               Show your LinkedIn profile
-  $ blink linkedin posts                            List your 10 most recent posts
-  $ blink linkedin post "Hello LinkedIn!"           Publish a text post
-  $ blink linkedin comments "urn:li:ugcPost:123"    Read comments on a post
-  $ blink linkedin comment "urn:li:ugcPost:123" "Nice!"  Add a comment
-  $ blink linkedin like "urn:li:ugcPost:123"        Like a post
+// src/commands/env.ts
+init_project();
+import { readFileSync as readFileSync9, existsSync as existsSync4 } from "fs";
+import chalk17 from "chalk";
+async function resolveSecretId(projectId, keyName) {
+  const result = await appRequest(`/api/projects/${projectId}/secrets`);
+  const secrets = result?.secrets ?? result ?? [];
+  const match = secrets.find((s) => s.key === keyName);
+  if (!match) {
+    printError(`Env var "${keyName}" not found in project ${projectId}`);
+    process.exit(1);
+  }
+  return match.id;
+}
+function parseEnvFile(filePath) {
+  if (!existsSync4(filePath)) {
+    printError(`File not found: ${filePath}`);
+    process.exit(1);
+  }
+  const content = readFileSync9(filePath, "utf-8");
+  const entries = [];
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIdx = trimmed.indexOf("=");
+    if (eqIdx === -1) continue;
+    const key = trimmed.slice(0, eqIdx).trim();
+    let value = trimmed.slice(eqIdx + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    if (key) entries.push({ key, value });
+  }
+  return entries;
+}
+function registerEnvCommands(program2) {
+  const env = program2.command("env").description("Manage project environment variables (secrets)").addHelpText("after", `
+Environment variables are encrypted key-value pairs for your project.
+They are injected at runtime in backend functions and edge workers.
+Use "env pull > .env.local" to export as a file.
+
+Note: For Claw agent secrets, use "blink secrets" instead.
+
+Examples:
+  $ blink env list                          List env vars
+  $ blink env set DATABASE_URL postgres://...
+  $ blink env delete OLD_KEY
+  $ blink env push .env                     Bulk import from .env file
+  $ blink env pull > .env.local             Export all vars to stdout
+`);
+  registerEnvList(env);
+  registerEnvSet(env);
+  registerEnvDelete(env);
+  registerEnvPush(env);
+  registerEnvPull(env);
+}
+function registerEnvList(env) {
+  env.command("list [project_id]").description("List environment variables").addHelpText("after", `
+Examples:
+  $ blink env list                      List for linked project
+  $ blink env list proj_xxx             List for specific project
+  $ blink env list --json               Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading env vars...",
+      () => appRequest(`/api/projects/${projectId}/secrets`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const secrets = result?.secrets ?? result ?? [];
+    if (!secrets.length) {
+      console.log(chalk17.dim("(no env vars \u2014 use `blink env set KEY value`)"));
+      return;
+    }
+    const table = createTable(["Key", "Value"]);
+    for (const s of secrets) table.push([chalk17.bold(s.key), s.value ?? ""]);
+    console.log(table.toString());
+    console.log(chalk17.dim(`
+${secrets.length} variable${secrets.length === 1 ? "" : "s"}`));
+  });
+}
+function registerEnvSet(env) {
+  env.command("set <key> <value>").description("Create or update an environment variable").option("--project <id>", "Project ID (defaults to linked project)").addHelpText("after", `
+Examples:
+  $ blink env set DATABASE_URL postgres://user:pass@host/db
+  $ blink env set STRIPE_KEY sk_live_xxx
+  $ blink env set API_SECRET mysecret --project proj_xxx
+`).action(async (key, value, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    await withSpinner(
+      `Setting ${key}...`,
+      () => appRequest(`/api/projects/${projectId}/secrets`, {
+        method: "POST",
+        body: { key, value }
+      })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", key, project_id: projectId });
+    printSuccess(`${key} saved to project ${projectId}`);
+  });
+}
+function registerEnvDelete(env) {
+  env.command("delete <key>").description("Delete an environment variable").option("--project <id>", "Project ID (defaults to linked project)").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink env delete OLD_KEY
+  $ blink env delete OLD_KEY --yes
+  $ blink env delete OLD_KEY --project proj_xxx
+`).action(async (key, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete env var "${key}" from project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const secretId = await resolveSecretId(projectId, key);
+    await withSpinner(
+      `Deleting ${key}...`,
+      () => appRequest(`/api/projects/${projectId}/secrets/${secretId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", key, project_id: projectId });
+    printSuccess(`Deleted ${key}`);
+  });
+}
+function registerEnvPush(env) {
+  env.command("push <file>").description("Bulk import environment variables from a .env file").option("--project <id>", "Project ID (defaults to linked project)").option("--yes", "Skip confirmation").addHelpText("after", `
+Reads KEY=VALUE pairs from the file and upserts each one.
+Lines starting with # and blank lines are skipped.
+
+Examples:
+  $ blink env push .env
+  $ blink env push .env.production --project proj_xxx
+  $ blink env push .env --yes
+`).action(async (file, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    const entries = parseEnvFile(file);
+    if (!entries.length) {
+      printError(`No KEY=VALUE pairs found in ${file}`);
+      process.exit(1);
+    }
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+    if (!skipConfirm) {
+      console.log(chalk17.dim(`  Will upsert ${entries.length} vars: ${entries.map((e) => e.key).join(", ")}`));
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Push ${entries.length} env vars to project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(`Pushing ${entries.length} vars from ${file}...`, async () => {
+      for (const { key, value } of entries) {
+        await appRequest(`/api/projects/${projectId}/secrets`, {
+          method: "POST",
+          body: { key, value }
+        });
+      }
+    });
+    if (isJsonMode()) return printJson({ status: "ok", count: entries.length, project_id: projectId });
+    printSuccess(`Pushed ${entries.length} env var${entries.length === 1 ? "" : "s"} to ${projectId}`);
+  });
+}
+function registerEnvPull(env) {
+  env.command("pull [project_id]").description("Export all environment variables as KEY=VALUE to stdout").addHelpText("after", `
+Prints all env vars as KEY=VALUE lines to stdout.
+Pipe to a file to create a local .env:
+
+Examples:
+  $ blink env pull > .env.local
+  $ blink env pull proj_xxx > .env.production
+  $ blink env pull --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await appRequest(`/api/projects/${projectId}/secrets`);
+    const secrets = result?.secrets ?? result ?? [];
+    if (isJsonMode()) return printJson(secrets);
+    if (process.stdout.isTTY) {
+      process.stderr.write(chalk17.yellow("\u26A0 Printing secret values to terminal. Pipe to file: blink env pull > .env.local\n"));
+    }
+    for (const s of secrets) {
+      process.stdout.write(`${s.key}=${s.value ?? ""}
+`);
+    }
+  });
+}
+
+// src/commands/backend.ts
+init_project();
+import { readdirSync as readdirSync2, readFileSync as readFileSync10, statSync } from "fs";
+import { join as join4, relative as relative2 } from "path";
+import chalk18 from "chalk";
+var EXCLUDED_FILES = /* @__PURE__ */ new Set(["package-lock.json", "bun.lockb", "yarn.lock", "pnpm-lock.yaml"]);
+function collectBackendFiles(dir) {
+  const files = [];
+  function walk(current) {
+    for (const entry of readdirSync2(current, { withFileTypes: true })) {
+      if (entry.name === "node_modules" || entry.name.startsWith(".")) continue;
+      const fullPath = join4(current, entry.name);
+      if (entry.isDirectory()) {
+        walk(fullPath);
+        continue;
+      }
+      if (EXCLUDED_FILES.has(entry.name)) continue;
+      const ext = entry.name.split(".").pop()?.toLowerCase() ?? "";
+      if (!["ts", "js", "tsx", "jsx", "json"].includes(ext)) continue;
+      files.push({
+        path: join4("backend", relative2(dir, fullPath)),
+        source_code: readFileSync10(fullPath, "utf-8")
+      });
+    }
+  }
+  walk(dir);
+  return files;
+}
+function resolveProjectAndDir(arg1, arg2) {
+  if (arg2) return { projectId: requireProjectId(arg1), dir: arg2 };
+  if (arg1?.startsWith("proj_")) return { projectId: requireProjectId(arg1), dir: "backend" };
+  return { projectId: requireProjectId(), dir: arg1 ?? "backend" };
+}
+function registerBackendCommands(program2) {
+  const backend = program2.command("backend").description("Manage backend (CF Workers for Platforms) for your project").addHelpText("after", `
+Deploy, monitor, and manage your project's backend worker.
+The backend is a Hono server running on Cloudflare Workers for Platforms.
+
+Examples:
+  $ blink backend deploy                   Deploy backend/ folder
+  $ blink backend deploy ./server          Deploy from custom dir
+  $ blink backend status                   Check deployment status
+  $ blink backend logs                     View recent logs
+  $ blink backend delete --yes             Remove backend worker
+`);
+  registerBackendDeploy(backend);
+  registerBackendStatus(backend);
+  registerBackendLogs(backend);
+  registerBackendDelete(backend);
+}
+function registerBackendDeploy(backend) {
+  backend.command("deploy [project_id] [dir]").description("Deploy backend files to CF Workers for Platforms").addHelpText("after", `
+Reads all .ts/.js/.json files from the backend/ directory (or specified dir),
+bundles and deploys them as a Cloudflare Worker.
+
+Examples:
+  $ blink backend deploy                       Deploy backend/ for linked project
+  $ blink backend deploy ./server              Deploy from custom directory
+  $ blink backend deploy proj_xxx              Deploy backend/ for specific project
+  $ blink backend deploy proj_xxx ./api        Deploy ./api for specific project
+`).action(async (arg1, arg2) => {
+    requireToken();
+    const { projectId, dir } = resolveProjectAndDir(arg1, arg2);
+    if (!statSync(dir, { throwIfNoEntry: false })?.isDirectory()) {
+      printError(`Directory not found: ${dir}`, `Create a backend/ folder with index.ts`);
+      process.exit(1);
+    }
+    const files = collectBackendFiles(dir);
+    if (!files.length) {
+      printError(`No .ts/.js files found in ${dir}`);
+      process.exit(1);
+    }
+    if (!isJsonMode()) console.log(chalk18.dim(`  ${files.length} file${files.length === 1 ? "" : "s"} in ${dir}`));
+    const result = await withSpinner(
+      "Deploying backend...",
+      () => appRequest(`/api/v1/projects/${projectId}/backend/deploy`, { body: { files } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Backend deployed");
+    if (result?.url) printUrl("URL", result.url);
+    printKv("Project", projectId);
+  });
+}
+function registerBackendStatus(backend) {
+  backend.command("status [project_id]").description("Check backend deployment status").addHelpText("after", `
+Examples:
+  $ blink backend status
+  $ blink backend status proj_xxx
+  $ blink backend status --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Checking status...",
+      () => appRequest(`/api/v1/projects/${projectId}/backend/status`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printKv("Project", projectId);
+    printKv("Enabled", result?.enabled ? "yes" : "no");
+    printKv("Tier", result?.tier ?? "-");
+    printKv("Requests", String(result?.requests_this_month ?? 0));
+    if (result?.enabled) printUrl("URL", `https://${projectId.slice(-8)}.backend.blink.new`);
+  });
+}
+function registerBackendLogs(backend) {
+  backend.command("logs [project_id]").description("View recent backend logs").option("--minutes <n>", "Minutes of logs to fetch", "30").option("--slug <name>", "Function slug", "index").addHelpText("after", `
+Examples:
+  $ blink backend logs                         Last 30 min of logs
+  $ blink backend logs --minutes 60            Last hour
+  $ blink backend logs proj_xxx --minutes 5
+  $ blink backend logs --json
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const slug = opts.slug ?? "index";
+    const since = new Date(Date.now() - parseInt(opts.minutes ?? "30") * 60 * 1e3).toISOString();
+    const result = await withSpinner(
+      "Fetching logs...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}/logs?since=${since}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const logs = result?.logs ?? result ?? [];
+    if (!logs.length) {
+      console.log(chalk18.dim("(no logs)"));
+      return;
+    }
+    for (const log of logs) {
+      const ts = log.timestamp ? chalk18.dim(new Date(log.timestamp).toLocaleTimeString()) + " " : "";
+      const err = log.error ? chalk18.red(`  ${log.error}`) : "";
+      console.log(`${ts}${log.method ?? ""} ${log.path ?? ""} ${log.status_code ?? ""} ${log.latency_ms ?? ""}ms${err}`);
+    }
+  });
+}
+function registerBackendDelete(backend) {
+  backend.command("delete [project_id]").description("Delete the backend worker").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink backend delete --yes
+  $ blink backend delete proj_xxx --yes
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete backend for project ${projectId}? This cannot be undone.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Deleting backend...",
+      () => appRequest(`/api/project/${projectId}/backend`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", project_id: projectId });
+    printSuccess(`Backend deleted for ${projectId}`);
+  });
+}
+
+// src/commands/functions.ts
+init_project();
+import chalk19 from "chalk";
+var toDate = (ts) => new Date(typeof ts === "number" && ts < 1e11 ? ts * 1e3 : ts);
+function registerFunctionsCommands(program2) {
+  const fns = program2.command("functions").description("Manage edge functions (legacy) for your project").addHelpText("after", `
+List, inspect, and manage edge functions deployed to your project.
+For the newer backend worker (CF Workers for Platforms), use "blink backend".
+
+Examples:
+  $ blink functions list                     List all functions
+  $ blink functions get index                Get function details
+  $ blink functions logs index               View function logs
+  $ blink functions delete old-fn --yes      Delete a function
+`);
+  registerFnList(fns);
+  registerFnGet(fns);
+  registerFnDelete(fns);
+  registerFnLogs(fns);
+}
+function registerFnList(fns) {
+  fns.command("list [project_id]").description("List all edge functions").addHelpText("after", `
+Examples:
+  $ blink functions list
+  $ blink functions list proj_xxx
+  $ blink functions list --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading functions...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions`)
+    );
+    const functions = result?.functions ?? result ?? [];
+    if (isJsonMode()) return printJson(functions);
+    if (!functions.length) {
+      console.log(chalk19.dim("(no functions)"));
+      return;
+    }
+    const table = createTable(["Slug", "Status", "Created"]);
+    for (const fn of functions) {
+      table.push([fn.slug, fn.status ?? "-", fn.created_at ? toDate(fn.created_at).toLocaleDateString() : "-"]);
+    }
+    console.log(table.toString());
+  });
+}
+function registerFnGet(fns) {
+  fns.command("get <slug> [project_id]").description("Get details of a specific function").addHelpText("after", `
+Examples:
+  $ blink functions get index
+  $ blink functions get my-api proj_xxx
+  $ blink functions get index --json
+`).action(async (slug, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Loading ${slug}...`,
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const fn = result?.function ?? result;
+    console.log(chalk19.bold("Slug:    ") + (fn?.slug ?? slug));
+    if (fn?.status) console.log(chalk19.bold("Status:  ") + fn.status);
+    if (fn?.url) console.log(chalk19.bold("URL:     ") + chalk19.cyan(fn.url));
+    if (fn?.created_at) console.log(chalk19.bold("Created: ") + toDate(fn.created_at).toLocaleString());
+  });
+}
+function registerFnDelete(fns) {
+  fns.command("delete <slug> [project_id]").description("Delete an edge function").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink functions delete old-fn --yes
+  $ blink functions delete my-api proj_xxx --yes
+`).action(async (slug, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete function "${slug}" from project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      `Deleting ${slug}...`,
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", slug, project_id: projectId });
+    printSuccess(`Deleted function ${slug}`);
+  });
+}
+function registerFnLogs(fns) {
+  fns.command("logs <slug> [project_id]").description("View logs for a specific function").option("--minutes <n>", "Minutes of logs to fetch", "30").option("--limit <n>", "Max number of log entries").addHelpText("after", `
+Examples:
+  $ blink functions logs index                   Last 30 min
+  $ blink functions logs my-api --minutes 60     Last hour
+  $ blink functions logs index proj_xxx --limit 100
+  $ blink functions logs index --json
+`).action(async (slug, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const since = new Date(Date.now() - parseInt(opts.minutes ?? "30") * 60 * 1e3).toISOString();
+    const params = new URLSearchParams({ since });
+    if (opts.limit) params.set("limit", opts.limit);
+    const result = await withSpinner(
+      "Fetching logs...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}/logs?${params}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const logs = result?.logs ?? result ?? [];
+    if (!logs.length) {
+      console.log(chalk19.dim("(no logs)"));
+      return;
+    }
+    for (const log of logs) {
+      const ts = log.timestamp ? chalk19.dim(new Date(log.timestamp).toLocaleTimeString()) + " " : "";
+      const level = log.level ? chalk19.yellow(`[${log.level}] `) : "";
+      console.log(`${ts}${level}${log.message ?? JSON.stringify(log)}`);
+    }
+  });
+}
+
+// src/commands/init.ts
+init_project();
+import { basename as basename3 } from "path";
+import chalk20 from "chalk";
+function registerInitCommands(program2) {
+  program2.command("init").description("Initialize a new Blink project and link it to the current directory").option("--name <name>", "Project name (defaults to current directory name)").option("--from <project_id>", "Create a new project named after an existing one").addHelpText("after", `
+Creates a new Blink project and writes .blink/project.json in the current directory.
+After init, all commands work without specifying a project_id.
+
+Examples:
+  $ blink init                             Create project named after current dir
+  $ blink init --name "My SaaS App"        Create with custom name
+  $ blink init --from proj_xxx             Clone from existing project
+  $ blink init --json                      Machine-readable output
+
+After init:
+  $ blink deploy ./dist --prod
+  $ blink db query "SELECT * FROM users"
+  $ blink env set DATABASE_URL postgres://...
+`).action(async (opts) => {
+    requireToken();
+    if (opts.from) {
+      await initFromExisting(opts.from);
+    } else {
+      await initNew(opts.name);
+    }
+  });
+}
+async function initNew(nameOpt) {
+  const name = nameOpt ?? basename3(process.cwd());
+  const result = await withSpinner(
+    `Creating project "${name}"...`,
+    () => appRequest("/api/projects/create", { method: "POST", body: { prompt: name } })
+  );
+  const proj = result?.project ?? result;
+  if (!proj?.id) {
+    printError("Failed to create project \u2014 no ID returned");
+    process.exit(1);
+  }
+  writeProjectConfig({ projectId: proj.id });
+  if (isJsonMode()) return printJson({ project_id: proj.id, name: proj.name ?? name });
+  printSuccess(`Project created and linked`);
+  printKv("ID", proj.id);
+  printKv("Name", proj.name ?? name);
+  console.log(chalk20.dim("\n  Run `blink deploy ./dist --prod` to deploy"));
+}
+async function initFromExisting(sourceId) {
+  const source = await withSpinner(
+    "Loading source project...",
+    () => appRequest(`/api/projects/${sourceId}`)
+  );
+  const sourceName = source?.project?.name ?? source?.name ?? sourceId;
+  const name = `${sourceName} (copy)`;
+  const result = await withSpinner(
+    `Creating project "${name}"...`,
+    () => appRequest("/api/projects/create", { method: "POST", body: { prompt: name } })
+  );
+  const proj = result?.project ?? result;
+  if (!proj?.id) {
+    printError("Failed to create project \u2014 no ID returned");
+    process.exit(1);
+  }
+  writeProjectConfig({ projectId: proj.id });
+  if (isJsonMode()) return printJson({ project_id: proj.id, name: proj.name ?? name, from: sourceId });
+  printSuccess(`Project created from ${sourceId} and linked`);
+  printKv("ID", proj.id);
+  printKv("Name", proj.name ?? name);
+  printKv("From", sourceId);
+}
+
+// src/commands/workspace.ts
+import chalk21 from "chalk";
+function printWorkspaceTable(workspaces) {
+  const table = createTable(["ID", "Name", "Slug", "Tier", "Role"]);
+  for (const w of workspaces) table.push([w.id, w.name, w.slug ?? "-", w.tier ?? "-", w.role ?? "-"]);
+  console.log(table.toString());
+}
+function printMemberTable(members) {
+  const table = createTable(["Name", "Email", "Role"]);
+  for (const m of members) table.push([m.name ?? "-", m.email, m.role ?? "-"]);
+  console.log(table.toString());
+}
+function registerWorkspaceCommands(program2) {
+  const workspace = program2.command("workspace").description("Manage workspaces, members, and invitations").addHelpText("after", `
+Examples:
+  $ blink workspace list
+  $ blink workspace create "My Team"
+  $ blink workspace switch wsp_xxx
+  $ blink workspace members wsp_xxx
+  $ blink workspace invite user@example.com wsp_xxx --role admin
+`);
+  workspace.command("list").description("List all workspaces you belong to").addHelpText("after", `
+Examples:
+  $ blink workspace list
+  $ blink workspace list --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner("Loading workspaces...", () => appRequest("/api/workspaces"));
+    const workspaces = result?.workspaces ?? result ?? [];
+    if (isJsonMode()) return printJson(workspaces);
+    if (!workspaces.length) return console.log(chalk21.dim("No workspaces found."));
+    printWorkspaceTable(workspaces);
+  });
+  workspace.command("create <name>").description("Create a new workspace").addHelpText("after", `
+Examples:
+  $ blink workspace create "My Team"
+  $ blink workspace create "Acme Corp" --json
+`).action(async (name) => {
+    requireToken();
+    const result = await withSpinner(
+      `Creating "${name}"...`,
+      () => appRequest("/api/workspaces", { method: "POST", body: { name } })
+    );
+    if (isJsonMode()) return printJson(result);
+    const ws = result?.workspace ?? result;
+    printSuccess(`Created workspace: ${ws.name} (${ws.id})`);
+  });
+  workspace.command("switch <workspace_id>").description("Switch your active workspace").addHelpText("after", `
+Examples:
+  $ blink workspace switch wsp_xxx
+`).action(async (workspaceId) => {
+    requireToken();
+    await withSpinner(
+      "Switching workspace...",
+      () => appRequest("/api/workspaces/switch", { method: "POST", body: { workspace_id: workspaceId } })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", workspace_id: workspaceId });
+    printSuccess(`Switched to workspace ${workspaceId}`);
+  });
+  workspace.command("members [workspace_id]").description("List members of a workspace").option("--workspace <id>", "Workspace ID").addHelpText("after", `
+Examples:
+  $ blink workspace members wsp_xxx
+  $ blink workspace members --workspace wsp_xxx
+  $ blink workspace members wsp_xxx --json
+`).action(async (workspaceIdArg, opts) => {
+    requireToken();
+    const workspaceId = workspaceIdArg ?? opts.workspace;
+    if (!workspaceId) {
+      printError("Workspace ID required", "blink workspace members wsp_xxx");
+      process.exit(1);
+    }
+    const result = await withSpinner(
+      "Loading members...",
+      () => appRequest(`/api/workspaces/${workspaceId}/members`)
+    );
+    const members = result?.members ?? result ?? [];
+    if (isJsonMode()) return printJson(members);
+    if (!members.length) return console.log(chalk21.dim("No members found."));
+    printMemberTable(members);
+  });
+  workspace.command("invite <email> [workspace_id]").description("Invite a member to a workspace").option("--workspace <id>", "Workspace ID").option("--role <role>", "Role: admin, member, viewer", "member").addHelpText("after", `
+Examples:
+  $ blink workspace invite user@example.com wsp_xxx
+  $ blink workspace invite user@example.com --workspace wsp_xxx --role admin
+  $ blink workspace invite user@example.com wsp_xxx --role viewer
+`).action(async (email, workspaceIdArg, opts) => {
+    requireToken();
+    const workspaceId = workspaceIdArg ?? opts.workspace;
+    if (!workspaceId) {
+      printError("Workspace ID required", "blink workspace invite user@example.com wsp_xxx");
+      process.exit(1);
+    }
+    const result = await withSpinner(
+      `Inviting ${email}...`,
+      () => appRequest(`/api/workspaces/${workspaceId}/invites`, {
+        method: "POST",
+        body: { emails: [email], role: opts.role }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Invited ${email} as ${opts.role} to ${workspaceId}`);
+  });
+}
+
+// src/commands/versions.ts
+init_project();
+import chalk22 from "chalk";
+function printVersionTable(versions) {
+  const table = createTable(["ID", "Description", "Created"]);
+  for (const v of versions) {
+    table.push([v.id, v.description ?? v.message ?? "-", new Date(v.created_at).toLocaleString()]);
+  }
+  console.log(table.toString());
+}
+function registerVersionCommands(program2) {
+  const versions = program2.command("versions").description("Manage project version snapshots").addHelpText("after", `
+Examples:
+  $ blink versions list
+  $ blink versions save --message "before refactor"
+  $ blink versions restore ver_xxx
+`);
+  versions.command("list [project_id]").description("List saved versions for a project").addHelpText("after", `
+Examples:
+  $ blink versions list
+  $ blink versions list proj_xxx
+  $ blink versions list --json
+`).action(async (projectIdArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const result = await withSpinner(
+      "Loading versions...",
+      () => appRequest(`/api/versions?projectId=${projectId}`)
+    );
+    const versionsList = result?.versions ?? result ?? [];
+    if (isJsonMode()) return printJson(versionsList);
+    if (!versionsList.length) return console.log(chalk22.dim("No versions saved yet."));
+    printVersionTable(versionsList);
+  });
+  versions.command("save [project_id]").description("Save a version snapshot of the current project state").requiredOption("--message <msg>", "Version description (required)").addHelpText("after", `
+Examples:
+  $ blink versions save --message "stable v1"
+  $ blink versions save proj_xxx --message "pre-deploy"
+  $ blink versions save --json
+`).action(async (projectIdArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const result = await withSpinner(
+      "Saving version...",
+      () => appRequest("/api/save-version", {
+        method: "POST",
+        body: { projectId, description: opts.message }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    const ver = result?.version ?? result;
+    printSuccess(`Version saved: ${ver?.id ?? "ok"}`);
+  });
+  versions.command("restore <version_id> [project_id]").description("Restore a project to a saved version").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink versions restore ver_xxx
+  $ blink versions restore ver_xxx proj_xxx --yes
+`).action(async (versionId, projectIdArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Restore project ${projectId} to version ${versionId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const result = await withSpinner(
+      "Restoring version...",
+      () => appRequest("/api/versions/restore", {
+        method: "POST",
+        body: { projectId, identifier: versionId }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Restored to version ${versionId}`);
+  });
+}
+
+// src/commands/billing.ts
+import chalk23 from "chalk";
+function printUsage(data) {
+  console.log();
+  printKv("Total", `${data.total ?? 0} credits used`);
+  const breakdown = data.breakdown ?? [];
+  if (breakdown.length) {
+    console.log();
+    console.log(chalk23.bold("Breakdown:"));
+    for (const item of breakdown) printKv(`  ${item.category}`, `${item.amount}`);
+  }
+  console.log();
+}
+function registerBillingCommands(program2) {
+  program2.command("credits").description("Check your credit balance and tier").addHelpText("after", `
+Examples:
+  $ blink credits
+  $ blink credits --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading usage...",
+      () => appRequest("/api/usage/summary?period=month")
+    );
+    if (isJsonMode()) return printJson(result);
+    const data = result ?? {};
+    console.log();
+    printKv("Used", `${data.total ?? 0} credits this month`);
+    console.log();
+  });
+  program2.command("usage").description("Show usage summary for the current billing period").option("--period <granularity>", "Period granularity: hour, day, week, month", "day").addHelpText("after", `
+Examples:
+  $ blink usage
+  $ blink usage --period month
+  $ blink usage --json
+`).action(async (opts) => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading usage...",
+      () => appRequest(`/api/usage/summary?period=${opts.period}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printUsage(result);
+  });
+}
+
+// src/commands/tokens.ts
+import chalk24 from "chalk";
+function printTokenTable(tokens) {
+  const table = createTable(["ID", "Name", "Prefix", "Created", "Last Used"]);
+  for (const t of tokens) {
+    table.push([
+      t.id,
+      t.name ?? "-",
+      t.key_prefix ?? "-",
+      t.created_at ? new Date(t.created_at).toLocaleDateString() : "-",
+      t.last_used_at ? new Date(t.last_used_at).toLocaleDateString() : "never"
+    ]);
+  }
+  console.log(table.toString());
+}
+function printNewToken(token) {
+  console.log();
+  printSuccess(`Token created: ${token.name}`);
+  console.log();
+  console.log(chalk24.bold("  Token: ") + chalk24.green(token.key));
+  console.log();
+  console.log(chalk24.yellow("  \u26A0 Save this token now \u2014 it will not be shown again!"));
+  console.log(chalk24.dim("  Use as: export BLINK_API_KEY=" + token.key));
+  console.log();
+}
+function registerTokenCommands(program2) {
+  const tokens = program2.command("tokens").description("Manage personal access tokens (API keys)").addHelpText("after", `
+Examples:
+  $ blink tokens list
+  $ blink tokens create --name "CI deploy key"
+  $ blink tokens revoke tok_xxx --yes
+`);
+  tokens.command("list").description("List all personal access tokens").addHelpText("after", `
+Examples:
+  $ blink tokens list
+  $ blink tokens list --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner("Loading tokens...", () => appRequest("/api/tokens"));
+    const tokensList = result?.tokens ?? result ?? [];
+    if (isJsonMode()) return printJson(tokensList);
+    if (!tokensList.length) return console.log(chalk24.dim('No tokens found. Create one with `blink tokens create --name "my key"`.'));
+    printTokenTable(tokensList);
+  });
+  tokens.command("create").description("Create a new personal access token").requiredOption("--name <name>", 'Name for the token (e.g. "CI deploy key")').addHelpText("after", `
+Examples:
+  $ blink tokens create --name "CI deploy key"
+  $ blink tokens create --name "staging" --json
+`).action(async (opts) => {
+    requireToken();
+    const result = await withSpinner(
+      "Creating token...",
+      () => appRequest("/api/tokens", { method: "POST", body: { name: opts.name } })
+    );
+    if (isJsonMode()) return printJson(result);
+    const token = result?.token ?? result;
+    printNewToken(token);
+  });
+  tokens.command("revoke <token_id>").description("Revoke (delete) a personal access token").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink tokens revoke tok_xxx
+  $ blink tokens revoke tok_xxx --yes
+`).action(async (tokenId, opts) => {
+    requireToken();
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Revoke token ${tokenId}? This cannot be undone.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Revoking token...",
+      () => appRequest(`/api/tokens/${tokenId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", token_id: tokenId });
+    printSuccess(`Revoked token ${tokenId}`);
+  });
+}
+
+// src/cli.ts
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../package.json");
+var program = new Command();
+program.name("blink").description("Blink platform CLI \u2014 build, deploy, and manage AI-powered apps").version(pkg.version).option("--token <key>", "Override API token for this command").option("--json", "Machine-readable JSON output (no colors, great for scripting)").option("-y, --yes", "Skip confirmation prompts").option("--debug", "Verbose request logging").option("--profile <name>", "Use named config profile from ~/.config/blink/config.toml").addHelpText("after", `
+Auth:
+  API key lives at blink.new \u2192 Settings \u2192 API Keys (starts with blnk_ak_)
+  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
+  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
+
+Quick Start:
+  $ blink login --interactive          Authenticate
+  $ blink link                         Link current dir to a project (interactive picker)
+  $ npm run build && blink deploy ./dist --prod   Build then deploy to production
+
+Deploy:
+  $ blink deploy ./dist --prod         Deploy build output to production
+  $ blink deploy ./dist                Preview deployment (safe, non-destructive)
+  $ blink deployments                  List past deployments
+  $ blink rollback                     Rollback production to previous version
+
+Database (requires linked project or project_id):
+  $ blink db query "SELECT * FROM users LIMIT 10"
+  $ blink db query proj_xxx "SELECT count(*) FROM orders"
+  $ blink db exec schema.sql           Run a SQL file
+  $ blink db list                      Show all tables
+  $ blink db list users                Show rows in the users table
+
+Storage:
+  $ blink storage upload ./photo.jpg
+  $ blink storage list
+  $ blink storage url images/photo.jpg
+  $ blink storage download images/photo.jpg ./local.jpg
+
+AI (no project needed \u2014 workspace-scoped):
+  $ blink ai image "a futuristic city at sunset"
+  $ blink ai text "Summarize this: ..." --model anthropic/claude-sonnet-4.5
+  $ blink ai video "ocean waves at sunset" --duration 10s
+  $ blink ai speech "Hello world" --voice nova --output hello.mp3
+  $ blink ai transcribe ./meeting.mp3
+
+Web & Data:
+  $ blink search "latest AI news" --count 10
+  $ blink fetch https://api.github.com/users/octocat
+  $ blink fetch https://api.example.com --method POST --body '{"key":"val"}'
+  $ blink scrape https://example.com --text              Clean text (no HTML)
+  $ blink scrape https://example.com --extract "prices"  AI-extract specific data
+
+Realtime / RAG / Notify:
+  $ blink realtime publish updates '{"type":"refresh"}'
+  $ blink rag search "how does billing work" --ai
+  $ blink notify email user@example.com "Subject" "Body"
+
+Phone Numbers (10 credits/month per number):
+  $ blink phone list               List all workspace phone numbers
+  $ blink phone buy --label Sales  Buy a new number (US, UK, CA, AU)
+  $ blink phone label <id> Sales   Update label
+  $ blink phone release <id>       Release a number
+
+Connectors (38 OAuth providers \u2014 GitHub, Notion, Slack, Stripe, Shopify, Jira, Linear, and more):
+  $ blink connector providers                                    List all 38 providers
+  $ blink connector status                                       Show all connected accounts
+  $ blink connector status github                                Check a specific provider
+  $ blink connector exec github /user/repos GET                  Call any REST endpoint
+  $ blink connector exec notion /search POST '{"query":"notes"}' Notion search
+  $ blink connector exec slack /chat.postMessage POST '{"channel":"C123","text":"hi"}'
+  $ blink connector exec stripe /customers GET '{"limit":5}'
+  $ blink connector exec jira /search GET '{"jql":"assignee=currentUser()"}'
+  $ blink connector exec linear '{ viewer { id name } }' POST   GraphQL (Linear)
+  Connect accounts at: blink.new/settings?tab=connectors
+
+LinkedIn (dedicated commands for the LinkedIn connector):
+  $ blink linkedin me                               Show your LinkedIn profile
+  $ blink linkedin posts                            List your 10 most recent posts
+  $ blink linkedin post "Hello LinkedIn!"           Publish a text post
+  $ blink linkedin comments "urn:li:ugcPost:123"    Read comments on a post
+  $ blink linkedin comment "urn:li:ugcPost:123" "Nice!"  Add a comment
+  $ blink linkedin like "urn:li:ugcPost:123"        Like a post
   $ blink linkedin unlike "urn:li:ugcPost:123"      Unlike a post
   Link LinkedIn at: blink.new/claw (Agent Integrations tab)
 
+Environment Variables (project secrets):
+  $ blink env list                             List env var names
+  $ blink env set STRIPE_KEY sk_live_xxx       Set an env var
+  $ blink env delete OLD_KEY                   Remove an env var
+  $ blink env push .env                        Bulk import from .env file
+  $ blink env pull > .env.local                Export as KEY=VALUE
+
+Backend (Hono server on CF Workers):
+  $ blink backend deploy ./backend             Deploy backend/ to Cloudflare Workers
+  $ blink backend status                       Check backend status + URL
+  $ blink backend logs                         Tail backend request logs
+  $ blink backend delete --yes                 Remove backend
+
+Auth Config (Blink Auth providers):
+  $ blink auth-config get                      Show auth configuration
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config byoc-set --provider google --client-id X --client-secret Y
+
+Domains:
+  $ blink domains list                         List custom domains
+  $ blink domains add myapp.com                Add a custom domain
+  $ blink domains verify <domain_id>           Verify DNS
+  $ blink domains search "myapp"               Search available domains
+  $ blink domains purchase myapp.com           Buy a domain
+
+Hosting:
+  $ blink hosting status                       Check hosting state + URLs
+  $ blink hosting activate                     Activate production hosting
+  $ blink hosting deactivate --yes             Deactivate hosting
+
+Security & CORS:
+  $ blink security get                         Show per-module auth policy
+  $ blink security set --module db --require-auth true
+  $ blink cors get                             Show allowed CORS origins
+  $ blink cors set --origins https://example.com
+
+Functions (legacy edge functions):
+  $ blink functions list                       List edge functions
+  $ blink functions logs index                 View function logs
+  $ blink functions delete old-fn --yes        Delete a function
+
+Versions:
+  $ blink versions list                        List saved versions
+  $ blink versions save --message "v1.0"       Save a snapshot
+  $ blink versions restore ver_xxx --yes       Restore to a version
+
+Workspace:
+  $ blink workspace list                       List workspaces
+  $ blink workspace create "My Team"           Create workspace
+  $ blink workspace members                    List members + roles
+
+Billing:
+  $ blink credits                              Check credit balance
+  $ blink usage                                Usage breakdown
+
+Tokens (Personal Access Tokens):
+  $ blink tokens list                          List PATs
+  $ blink tokens create --name "CI"            Create PAT (shown once!)
+  $ blink tokens revoke <id> --yes             Revoke a PAT
+
+Init:
+  $ blink init                                 Create project + link to current dir
+  $ blink init --name "My App"                 Create with custom name
+
 Agents (Claw \u2014 zero config on Fly machines, BLINK_AGENT_ID is already set):
   $ blink agent list                           List all agents in workspace
   $ blink agent status                         Show current agent details
@@ -2388,7 +3840,6 @@ Secrets (encrypted agent vault \u2014 values never shown):
   $ blink secrets list                         List secret key names
   $ blink secrets set GITHUB_TOKEN ghp_xxx     Add/update a secret
   $ blink secrets delete OLD_KEY               Remove a secret
-  $ blink secrets set --agent clw_other KEY v  Set secret on another agent (agent manager pattern)
 
 Tip \u2014 check full context (agent + project + auth):
   $ blink status
@@ -2420,6 +3871,18 @@ registerConnectorCommands(program);
 registerLinkedInCommands(program);
 registerPhoneCommands(program);
 registerSmsCommands(program);
+registerAuthConfigCommands(program);
+registerDomainsCommands(program);
+registerHostingCommands(program);
+registerSecurityCommands(program);
+registerEnvCommands(program);
+registerBackendCommands(program);
+registerFunctionsCommands(program);
+registerInitCommands(program);
+registerWorkspaceCommands(program);
+registerVersionCommands(program);
+registerBillingCommands(program);
+registerTokenCommands(program);
 program.command("use <project_id>").description("Set active project for this shell session (alternative to blink link)").option("--export", "Output a shell export statement \u2014 use with eval to actually set it").addHelpText("after", `
 Examples:
   $ blink use proj_xxx                        Shows the export command to run
@@ -2435,10 +3898,10 @@ After setting:
     process.stdout.write(`export BLINK_ACTIVE_PROJECT=${projectId}
 `);
   } else {
-    const { default: chalk13 } = await import("chalk");
-    console.log(chalk13.bold("Active project: ") + projectId);
-    console.log(chalk13.dim(`Run: export BLINK_ACTIVE_PROJECT=${projectId}`));
-    console.log(chalk13.dim(`Or:  eval $(blink use ${projectId} --export)`));
+    const { default: chalk25 } = await import("chalk");
+    console.log(chalk25.bold("Active project: ") + projectId);
+    console.log(chalk25.dim(`Run: export BLINK_ACTIVE_PROJECT=${projectId}`));
+    console.log(chalk25.dim(`Or:  eval $(blink use ${projectId} --export)`));
   }
 });
 program.action(async () => {