npm - @blinkdotnew/cli - Versions diffs - 0.3.7 → 0.4.1 - Mend

@blinkdotnew/cli 0.3.7 → 0.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (22) hide show

package/README.md +152 -321
package/dist/cli.js +1538 -80
package/package.json +28 -2
package/src/cli.ts +88 -1
package/src/commands/auth-config.ts +129 -0
package/src/commands/backend.ts +175 -0
package/src/commands/billing.ts +56 -0
package/src/commands/domains.ts +211 -0
package/src/commands/env.ts +215 -0
package/src/commands/functions.ts +136 -0
package/src/commands/hosting.ts +117 -0
package/src/commands/init.ts +77 -0
package/src/commands/project.ts +2 -2
package/src/commands/security.ts +136 -0
package/src/commands/tokens.ts +98 -0
package/src/commands/versions.ts +95 -0
package/src/commands/workspace.ts +130 -0
package/src/lib/api-app.ts +7 -1
package/src/lib/api-resources.ts +3 -0
package/src/lib/auth.ts +6 -1
package/src/lib/config.ts +2 -2
package/src/lib/project.ts +7 -1

package/dist/cli.js CHANGED Viewed

@@ -50,7 +50,14 @@ function resolveProjectId(explicitId) {
 function requireProjectId(explicitId) {
   const id = resolveProjectId(explicitId);
   if (!id) {
-    console.error("Error: No project linked. Run `blink link <project_id>` or use `blink use <project_id>`.");
+    process.stderr.write(
+      `Error: No project context.
+  1. blink link <project_id>                   Link to current directory
+  2. export BLINK_ACTIVE_PROJECT=proj_xxx       Set env var (CI/agents)
+  3. Pass project_id as argument                e.g. blink db query proj_xxx "SELECT 1"
+  Don't have a project yet? Run: blink init
+`
+    );
     process.exit(1);
   }
   return id;
@@ -136,10 +143,10 @@ function readConfig(profile = "default") {
   return sections[profile];
 }
 function writeConfig(data, profile = "default") {
-  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true });
+  if (!existsSync(CONFIG_DIR)) mkdirSync(CONFIG_DIR, { recursive: true, mode: 448 });
   const existing = existsSync(CONFIG_FILE) ? parseToml(readFileSync(CONFIG_FILE, "utf-8")) : {};
   existing[profile] = { ...existing[profile], ...data };
-  writeFileSync(CONFIG_FILE, serializeToml(existing));
+  writeFileSync(CONFIG_FILE, serializeToml(existing), { mode: 384 });
 }
 function clearConfig(profile = "default") {
   if (!existsSync(CONFIG_FILE)) return;
@@ -166,7 +173,9 @@ function resolveToken() {
 function requireToken() {
   const token = resolveToken();
   if (!token) {
-    console.error("Error: Not authenticated. Run `blink login --interactive` or set BLINK_API_KEY env var.");
+    process.stderr.write(
+      "Error: Not authenticated.\n  Get your API key at: blink.new/settings?tab=api-keys (starts with blnk_ak_)\n  Then: blink login --interactive           Save to ~/.config/blink/config.toml\n    or: export BLINK_API_KEY=blnk_ak_...    Set env var (CI/agents)\n"
+    );
     process.exit(1);
   }
   return token;
@@ -205,6 +214,9 @@ async function resourcesRequest(path, opts = {}) {
       else if (err) errMsg = JSON.stringify(err);
     } catch {
     }
+    if (res.status === 401) errMsg += " \u2014 check your API key (blink login --interactive)";
+    if (res.status === 403) errMsg += " \u2014 check project permissions or workspace tier";
+    if (res.status === 404) errMsg += " \u2014 resource not found (check project ID)";
     throw new Error(errMsg);
   }
   const ct = res.headers.get("content-type") ?? "";
@@ -217,6 +229,13 @@ import chalk from "chalk";
 import Table from "cli-table3";
 var isJsonMode = () => process.argv.includes("--json");
 var isCI = () => !process.stdout.isTTY;
+function printSuccess(msg) {
+  if (!isJsonMode()) console.log(chalk.green("\u2713") + " " + msg);
+}
+function printError(msg, hint) {
+  console.error(chalk.red("Error:") + " " + msg);
+  if (hint) console.error("       " + chalk.dim(hint));
+}
 function printUrl(label, url) {
   if (!isJsonMode()) console.log(chalk.bold(label.padEnd(12)) + chalk.cyan(url));
 }
@@ -1802,9 +1821,13 @@ async function appRequest(path, opts = {}) {
     const errText = await res.text();
     let errMsg = `HTTP ${res.status}`;
     try {
-      errMsg = JSON.parse(errText).error ?? errMsg;
+      const parsed = JSON.parse(errText);
+      errMsg = parsed.error ?? parsed.message ?? errMsg;
     } catch {
     }
+    if (res.status === 401) errMsg += " \u2014 check your API key (blink login --interactive)";
+    if (res.status === 403) errMsg += " \u2014 check project permissions or workspace tier";
+    if (res.status === 404) errMsg += " \u2014 resource not found (check project ID)";
     throw new Error(errMsg);
   }
   const ct = res.headers.get("content-type") ?? "";
@@ -1957,7 +1980,7 @@ After creating a project, link it to your current directory:
 `);
   project.command("list").description("List all projects").action(async () => {
     requireToken();
-    const result = await withSpinner("Loading projects...", () => appRequest("/api/projects"));
+    const result = await withSpinner("Loading projects...", () => appRequest("/api/v1/projects"));
     if (isJsonMode()) return printJson(result);
     const projects = result?.projects ?? result ?? [];
     const table = createTable(["ID", "Name", "URL"]);
@@ -2003,7 +2026,7 @@ After linking, most commands work without specifying a project_id:
     requireToken();
     let id = projectId;
     if (!id) {
-      const result = await withSpinner("Loading projects...", () => appRequest("/api/projects"));
+      const result = await withSpinner("Loading projects...", () => appRequest("/api/v1/projects"));
       const projects = result?.projects ?? result ?? [];
       if (!projects.length) {
         console.log("No projects found. Create one with `blink project create <name>`.");
@@ -2303,87 +2326,1511 @@ Examples:
   });
 }
-// src/cli.ts
-var require2 = createRequire(import.meta.url);
-var pkg = require2("../package.json");
-var program = new Command();
-program.name("blink").description("Blink platform CLI \u2014 build, deploy, and manage AI-powered apps").version(pkg.version).option("--token <key>", "Override API token for this command").option("--json", "Machine-readable JSON output (no colors, great for scripting)").option("-y, --yes", "Skip confirmation prompts").option("--debug", "Verbose request logging").option("--profile <name>", "Use named config profile from ~/.config/blink/config.toml").addHelpText("after", `
-Auth:
-  API key lives at blink.new \u2192 Settings \u2192 API Keys (starts with blnk_ak_)
-  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
-  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
-Quick Start:
-  $ blink login --interactive          Authenticate
-  $ blink link                         Link current dir to a project (interactive picker)
-  $ npm run build && blink deploy ./dist --prod   Build then deploy to production
+// src/commands/auth-config.ts
+init_project();
+import chalk13 from "chalk";
+function printAuthConfig(auth) {
+  printKv("Mode", auth.mode ?? "redirect");
+  console.log();
+  console.log(chalk13.bold("Providers:"));
+  for (const [name, cfg] of Object.entries(auth.providers ?? {})) {
+    const status = cfg.enabled ? chalk13.green("enabled") : chalk13.dim("disabled");
+    console.log(`  ${name.padEnd(12)} ${status}`);
+  }
+}
+function registerAuthConfigCommands(program2) {
+  const authConfig = program2.command("auth-config").description("Configure Blink Auth \u2014 providers, mode, and BYOC credentials").addHelpText("after", `
+Manage authentication settings for your Blink project.
+Configure OAuth providers (Google, GitHub, Microsoft, Apple, Email)
+and set managed/headless mode.
-Deploy:
-  $ blink deploy ./dist --prod         Deploy build output to production
-  $ blink deploy ./dist                Preview deployment (safe, non-destructive)
-  $ blink deployments                  List past deployments
-  $ blink rollback                     Rollback production to previous version
+Examples:
+  $ blink auth-config get                     Show current auth config
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --mode managed
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-remove --provider google
+`);
+  authConfig.command("get [project_id]").description("Show current auth configuration").addHelpText("after", `
+Examples:
+  $ blink auth-config get                Show auth config for linked project
+  $ blink auth-config get proj_xxx       Show auth config for specific project
+  $ blink auth-config get --json         Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading auth config...",
+      () => appRequest(`/api/projects/${projectId}/auth`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const auth = result?.auth ?? result;
+    printAuthConfig(auth);
+  });
+  authConfig.command("set [project_id]").description("Update auth provider or mode").option("--provider <name>", "Provider to update (google/github/microsoft/apple/email)").option("--enabled <bool>", "Enable or disable provider (true/false)").option("--mode <mode>", "Auth mode (managed/headless)").addHelpText("after", `
+Examples:
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config set --provider email --enabled false
+  $ blink auth-config set --mode managed
+  $ blink auth-config set proj_xxx --provider github --enabled true
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const current = await appRequest(`/api/projects/${projectId}/auth`);
+    const auth = current?.auth ?? current ?? {};
+    if (opts.mode) auth.mode = opts.mode;
+    if (opts.provider && opts.enabled !== void 0) {
+      if (!auth.providers) auth.providers = {};
+      const existing = auth.providers[opts.provider];
+      const providerConfig = typeof existing === "object" && existing ? existing : {};
+      auth.providers[opts.provider] = { ...providerConfig, enabled: opts.enabled === "true" };
+    }
+    const result = await withSpinner(
+      "Updating auth config...",
+      () => appRequest(`/api/projects/${projectId}/auth`, { method: "PUT", body: auth })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Auth config updated");
+  });
+  registerByocCommands(authConfig);
+}
+function registerByocCommands(authConfig) {
+  authConfig.command("byoc-set [project_id]").description("Set BYOC (Bring Your Own Credentials) for an OAuth provider").requiredOption("--provider <name>", "Provider (google/github/microsoft/apple)").requiredOption("--client-id <id>", "OAuth client ID").requiredOption("--client-secret <secret>", "OAuth client secret").addHelpText("after", `
+Examples:
+  $ blink auth-config byoc-set --provider google --client-id xxx --client-secret yyy
+  $ blink auth-config byoc-set proj_xxx --provider github --client-id xxx --client-secret yyy
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const body = { provider: opts.provider, client_id: opts.clientId, client_secret: opts.clientSecret };
+    await withSpinner(
+      "Setting BYOC credentials...",
+      () => appRequest(`/api/projects/${projectId}/auth/byoc`, { body })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", provider: opts.provider });
+    printSuccess(`BYOC credentials set for ${opts.provider}`);
+  });
+  authConfig.command("byoc-remove [project_id]").description("Remove BYOC credentials for an OAuth provider").requiredOption("--provider <name>", "Provider (google/github/microsoft/apple)").addHelpText("after", `
+Examples:
+  $ blink auth-config byoc-remove --provider google
+  $ blink auth-config byoc-remove proj_xxx --provider github
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    await withSpinner(
+      "Removing BYOC credentials...",
+      () => appRequest(`/api/projects/${projectId}/auth/byoc`, {
+        method: "DELETE",
+        body: { provider: opts.provider }
+      })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", provider: opts.provider });
+    printSuccess(`BYOC credentials removed for ${opts.provider}`);
+  });
+}
-Database (requires linked project or project_id):
-  $ blink db query "SELECT * FROM users LIMIT 10"
-  $ blink db query proj_xxx "SELECT count(*) FROM orders"
-  $ blink db exec schema.sql           Run a SQL file
-  $ blink db list                      Show all tables
-  $ blink db list users                Show rows in the users table
+// src/commands/domains.ts
+init_project();
+import chalk14 from "chalk";
+function printDomainRow(d) {
+  const status = d.verified ? chalk14.green("verified") : chalk14.yellow("pending");
+  return [d.id ?? "-", d.domain, status, d.dns_type ?? "-"];
+}
+function registerDomainsCommands(program2) {
+  const domains = program2.command("domains").description("Custom domain management \u2014 add, verify, remove, purchase, and connect").addHelpText("after", `
+Manage custom domains for your Blink projects.
+Search and purchase domains directly, or connect existing ones.
-Storage:
-  $ blink storage upload ./photo.jpg
-  $ blink storage list
-  $ blink storage url images/photo.jpg
-  $ blink storage download images/photo.jpg ./local.jpg
+Examples:
+  $ blink domains list                       List domains on linked project
+  $ blink domains add example.com            Add a custom domain
+  $ blink domains verify dom_xxx             Trigger DNS verification
+  $ blink domains remove dom_xxx --yes       Remove a domain
+  $ blink domains search cool-app            Search available domains
+  $ blink domains purchase cool-app.com      Purchase a domain
+  $ blink domains my                         List your purchased domains
+  $ blink domains connect example.com        Connect a purchased domain to project
+`);
+  domains.command("list [project_id]").description("List all domains on a project").addHelpText("after", `
+Examples:
+  $ blink domains list                   List domains for linked project
+  $ blink domains list proj_xxx          List domains for specific project
+  $ blink domains list --json            Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading domains...",
+      () => appRequest(`/api/project/${projectId}/domains`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.domains ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("(no domains \u2014 use `blink domains add <domain>`)"));
+      return;
+    }
+    const table = createTable(["ID", "Domain", "Status", "DNS"]);
+    for (const d of items) table.push(printDomainRow(d));
+    console.log(table.toString());
+  });
+  domains.command("add <domain> [project_id]").description("Add a custom domain to a project").addHelpText("after", `
+Examples:
+  $ blink domains add example.com            Add to linked project
+  $ blink domains add example.com proj_xxx   Add to specific project
+`).action(async (domain, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Adding ${domain}...`,
+      () => appRequest(`/api/project/${projectId}/domains`, { body: { domain } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Domain ${domain} added`);
+    const domainId = result?.domain?.id ?? result?.id;
+    if (domainId) printKv("Domain ID", domainId);
+    console.log(chalk14.dim("Run `blink domains verify " + (domainId ?? "<domain_id>") + "` after configuring DNS"));
+  });
+  registerDomainActions(domains);
+  registerGlobalDomainCommands(domains);
+}
+function registerDomainActions(domains) {
+  domains.command("verify <domain_id> [project_id]").description("Trigger DNS verification for a domain").addHelpText("after", `
+Examples:
+  $ blink domains verify dom_xxx
+  $ blink domains verify dom_xxx proj_xxx
+`).action(async (domainId, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Verifying DNS...",
+      () => appRequest(`/api/project/${projectId}/domains/${domainId}`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    const verified = result?.hostname_status === "active";
+    if (verified) printSuccess("Domain verified");
+    else console.log(chalk14.yellow("!") + " DNS not yet propagated \u2014 try again in a few minutes");
+  });
+  domains.command("remove <domain_id> [project_id]").description("Remove a domain from a project").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink domains remove dom_xxx --yes
+  $ blink domains remove dom_xxx proj_xxx
+`).action(async (domainId, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    if (!shouldSkipConfirm(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Remove domain ${domainId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Removing domain...",
+      () => appRequest(`/api/project/${projectId}/domains/${domainId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", domain_id: domainId });
+    printSuccess("Domain removed");
+  });
+}
+function registerGlobalDomainCommands(domains) {
+  domains.command("search <query>").description("Search available domains for purchase (no auth needed)").addHelpText("after", `
+Examples:
+  $ blink domains search cool-app
+  $ blink domains search my-startup --json
+`).action(async (query) => {
+    const result = await withSpinner(
+      "Searching domains...",
+      () => appRequest(`/api/domains/search?q=${encodeURIComponent(query)}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.results ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("No results"));
+      return;
+    }
+    const table = createTable(["Domain", "Available", "Price"]);
+    for (const d of items) {
+      const avail = d.available ? chalk14.green("yes") : chalk14.red("no");
+      table.push([d.domain, avail, d.price ?? "-"]);
+    }
+    console.log(table.toString());
+  });
+  domains.command("purchase <domain>").description("Purchase a domain").option("--period <years>", "Registration period in years", "1").addHelpText("after", `
+Examples:
+  $ blink domains purchase cool-app.com
+  $ blink domains purchase cool-app.com --period 2
+  $ blink domains purchase cool-app.com --json
+`).option("--yes", "Skip confirmation").action(async (domain, opts) => {
+    requireToken();
+    if (!shouldSkipConfirm(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Purchase ${domain} for ${opts.period} year(s)? This will charge your account.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const result = await withSpinner(
+      `Purchasing ${domain}...`,
+      () => appRequest("/api/domains/purchase", { body: { domain, period: Number(opts.period) } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Domain ${domain} purchased`);
+    if (result?.domain_id) printKv("Domain ID", result.domain_id);
+  });
+  domains.command("connect <domain> [project_id]").description("Connect a purchased domain to a project").addHelpText("after", `
+Examples:
+  $ blink domains connect example.com            Connect to linked project
+  $ blink domains connect example.com proj_xxx   Connect to specific project
+`).action(async (domain, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Connecting ${domain}...`,
+      () => appRequest("/api/domains/connect", { body: { domainId: domain, projectId } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`${domain} connected to ${projectId}`);
+  });
+  domains.command("my").description("List your purchased domains").addHelpText("after", `
+Examples:
+  $ blink domains my
+  $ blink domains my --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading your domains...",
+      () => appRequest("/api/domains/my")
+    );
+    if (isJsonMode()) return printJson(result);
+    const items = result?.domains ?? result ?? [];
+    if (!items.length) {
+      console.log(chalk14.dim("(no purchased domains)"));
+      return;
+    }
+    const table = createTable(["Domain", "Status", "Expires"]);
+    for (const d of items) table.push([d.domain, d.status ?? "-", d.expiration_date ?? "-"]);
+    console.log(table.toString());
+  });
+}
+function shouldSkipConfirm(opts) {
+  return opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+}
-AI (no project needed \u2014 workspace-scoped):
-  $ blink ai image "a futuristic city at sunset"
-  $ blink ai text "Summarize this: ..." --model anthropic/claude-sonnet-4.5
-  $ blink ai video "ocean waves at sunset" --duration 10s
-  $ blink ai speech "Hello world" --voice nova --output hello.mp3
-  $ blink ai transcribe ./meeting.mp3
+// src/commands/hosting.ts
+init_project();
+import chalk15 from "chalk";
+var STATE_COLORS = {
+  active: chalk15.green,
+  inactive: chalk15.dim,
+  grace: chalk15.yellow,
+  offline: chalk15.red
+};
+function printHostingStatus(data) {
+  const state = String(data.status ?? data.state ?? "unknown");
+  const colorFn = STATE_COLORS[state] ?? chalk15.white;
+  printKv("State", colorFn(state));
+  if (data.hosting_tier) printKv("Tier", String(data.hosting_tier));
+  if (data.hosting_prod_url) printKv("URL", String(data.hosting_prod_url));
+}
+function registerHostingCommands(program2) {
+  const hosting = program2.command("hosting").description("Hosting management \u2014 activate, deactivate, and check status").addHelpText("after", `
+Manage hosting for your Blink project.
+Hosting gives your project a live URL on blinkpowered.com or a custom domain.
-Web & Data:
-  $ blink search "latest AI news" --count 10
-  $ blink fetch https://api.github.com/users/octocat
-  $ blink fetch https://api.example.com --method POST --body '{"key":"val"}'
-  $ blink scrape https://example.com --text              Clean text (no HTML)
-  $ blink scrape https://example.com --extract "prices"  AI-extract specific data
+Examples:
+  $ blink hosting status                 Check hosting state and URLs
+  $ blink hosting activate               Activate hosting
+  $ blink hosting deactivate --yes       Deactivate hosting
+  $ blink hosting reactivate             Reactivate after deactivation
+`);
+  hosting.command("status [project_id]").description("Show hosting state, tier, and URLs").addHelpText("after", `
+Examples:
+  $ blink hosting status                 Status for linked project
+  $ blink hosting status proj_xxx        Status for specific project
+  $ blink hosting status --json          Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading hosting status...",
+      () => appRequest(`/api/project/${projectId}/hosting/status`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printHostingStatus(result);
+  });
+  hosting.command("activate [project_id]").description("Activate hosting for a project").addHelpText("after", `
+Examples:
+  $ blink hosting activate
+  $ blink hosting activate proj_xxx
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Activating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/activate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Hosting activated");
+    if (result?.hosting_prod_url) printKv("URL", result.hosting_prod_url);
+  });
+  hosting.command("deactivate [project_id]").description("Deactivate hosting for a project").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink hosting deactivate --yes
+  $ blink hosting deactivate proj_xxx
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    if (!shouldSkipConfirm2(opts)) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: "Deactivate hosting? Your site will go offline." });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Deactivating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/deactivate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", project_id: projectId });
+    printSuccess("Hosting deactivated");
+  });
+  hosting.command("reactivate [project_id]").description("Reactivate hosting after deactivation").addHelpText("after", `
+Examples:
+  $ blink hosting reactivate
+  $ blink hosting reactivate proj_xxx
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Reactivating hosting...",
+      () => appRequest(`/api/project/${projectId}/hosting/reactivate`, { method: "POST" })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Hosting reactivated");
+    if (result?.hosting_prod_url) printKv("URL", result.hosting_prod_url);
+  });
+}
+function shouldSkipConfirm2(opts) {
+  return opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+}
-Realtime / RAG / Notify:
-  $ blink realtime publish updates '{"type":"refresh"}'
-  $ blink rag search "how does billing work" --ai
-  $ blink notify email user@example.com "Subject" "Body"
+// src/commands/security.ts
+init_project();
+import chalk16 from "chalk";
+function printSecurityPolicy(data) {
+  const modules = data.modules ?? data;
+  const table = createTable(["Module", "Require Auth"]);
+  for (const [name, cfg] of Object.entries(modules)) {
+    const status = cfg.require_auth ? chalk16.green("yes") : chalk16.dim("no");
+    table.push([name, status]);
+  }
+  console.log(table.toString());
+}
+function printCorsOrigins(origins) {
+  if (!origins.length) {
+    console.log(chalk16.dim("(no CORS origins configured \u2014 all origins allowed)"));
+    return;
+  }
+  for (const o of origins) console.log(`  ${o}`);
+  console.log(chalk16.dim(`
+${origins.length} origin${origins.length === 1 ? "" : "s"}`));
+}
+function registerSecurityCommands(program2) {
+  registerSecurityGroup(program2);
+  registerCorsGroup(program2);
+}
+function registerSecurityGroup(program2) {
+  const security = program2.command("security").description("Security policy \u2014 require auth per module (db/ai/storage/realtime/rag)").addHelpText("after", `
+Control which backend modules require user authentication.
+When require_auth is true, unauthenticated requests are rejected.
-Phone Numbers (10 credits/month per number):
-  $ blink phone list               List all workspace phone numbers
-  $ blink phone buy --label Sales  Buy a new number (US, UK, CA, AU)
-  $ blink phone label <id> Sales   Update label
-  $ blink phone release <id>       Release a number
+Examples:
+  $ blink security get                                Show security policy
+  $ blink security set --module db --require-auth true
+  $ blink security set --module ai --require-auth false
+`);
+  security.command("get [project_id]").description("Show current security policy").addHelpText("after", `
+Examples:
+  $ blink security get                  Show policy for linked project
+  $ blink security get proj_xxx         Show policy for specific project
+  $ blink security get --json           Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading security policy...",
+      () => appRequest(`/api/project/${projectId}/security`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printSecurityPolicy(result?.policy ?? result);
+  });
+  security.command("set [project_id]").description("Update security policy for a module").requiredOption("--module <name>", "Module (db/ai/storage/realtime/rag)").requiredOption("--require-auth <bool>", "Require auth (true/false)").addHelpText("after", `
+Examples:
+  $ blink security set --module db --require-auth true
+  $ blink security set --module ai --require-auth false
+  $ blink security set proj_xxx --module storage --require-auth true
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const requireAuth = opts.requireAuth === "true";
+    const body = { policy: { modules: { [opts.module]: { require_auth: requireAuth } } } };
+    await withSpinner(
+      "Updating security policy...",
+      () => appRequest(`/api/project/${projectId}/security`, { method: "PUT", body })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", module: opts.module, require_auth: requireAuth });
+    printSuccess(`${opts.module}: require_auth = ${requireAuth}`);
+  });
+}
+function registerCorsGroup(program2) {
+  const cors = program2.command("cors").description("CORS origin management \u2014 control which origins can access your project APIs").addHelpText("after", `
+Manage allowed CORS origins for your project.
+When no origins are configured, all origins are allowed.
-Connectors (38 OAuth providers \u2014 GitHub, Notion, Slack, Stripe, Shopify, Jira, Linear, and more):
-  $ blink connector providers                                    List all 38 providers
-  $ blink connector status                                       Show all connected accounts
-  $ blink connector status github                                Check a specific provider
-  $ blink connector exec github /user/repos GET                  Call any REST endpoint
-  $ blink connector exec notion /search POST '{"query":"notes"}' Notion search
-  $ blink connector exec slack /chat.postMessage POST '{"channel":"C123","text":"hi"}'
-  $ blink connector exec stripe /customers GET '{"limit":5}'
-  $ blink connector exec jira /search GET '{"jql":"assignee=currentUser()"}'
-  $ blink connector exec linear '{ viewer { id name } }' POST   GraphQL (Linear)
-  Connect accounts at: blink.new/settings?tab=connectors
+Examples:
+  $ blink cors get                                                Show allowed origins
+  $ blink cors set --origins https://example.com https://app.example.com
+`);
+  cors.command("get [project_id]").description("Show allowed CORS origins").addHelpText("after", `
+Examples:
+  $ blink cors get                   Show origins for linked project
+  $ blink cors get proj_xxx          Show origins for specific project
+  $ blink cors get --json            Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading CORS config...",
+      () => appRequest(`/api/project/${projectId}/cors`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const origins = result?.custom_origins ?? result?.origins ?? [];
+    printCorsOrigins(origins);
+  });
+  cors.command("set [project_id]").description("Set allowed CORS origins").requiredOption("--origins <urls...>", "Allowed origins (space-separated)").addHelpText("after", `
+Examples:
+  $ blink cors set --origins https://example.com
+  $ blink cors set --origins https://example.com https://app.example.com
+  $ blink cors set proj_xxx --origins https://example.com
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const origins = opts.origins;
+    await withSpinner(
+      "Updating CORS origins...",
+      () => appRequest(`/api/project/${projectId}/cors`, { method: "PUT", body: { custom_origins: origins } })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", origins });
+    printSuccess(`CORS origins set: ${origins.join(", ")}`);
+  });
+}
-LinkedIn (dedicated commands for the LinkedIn connector):
-  $ blink linkedin me                               Show your LinkedIn profile
-  $ blink linkedin posts                            List your 10 most recent posts
-  $ blink linkedin post "Hello LinkedIn!"           Publish a text post
-  $ blink linkedin comments "urn:li:ugcPost:123"    Read comments on a post
-  $ blink linkedin comment "urn:li:ugcPost:123" "Nice!"  Add a comment
+// src/commands/env.ts
+init_project();
+import { readFileSync as readFileSync9, existsSync as existsSync4 } from "fs";
+import chalk17 from "chalk";
+async function resolveSecretId(projectId, keyName) {
+  const result = await appRequest(`/api/projects/${projectId}/secrets`);
+  const secrets = result?.secrets ?? result ?? [];
+  const match = secrets.find((s) => s.key === keyName);
+  if (!match) {
+    printError(`Env var "${keyName}" not found in project ${projectId}`);
+    process.exit(1);
+  }
+  return match.id;
+}
+function parseEnvFile(filePath) {
+  if (!existsSync4(filePath)) {
+    printError(`File not found: ${filePath}`);
+    process.exit(1);
+  }
+  const content = readFileSync9(filePath, "utf-8");
+  const entries = [];
+  for (const line of content.split("\n")) {
+    const trimmed = line.trim();
+    if (!trimmed || trimmed.startsWith("#")) continue;
+    const eqIdx = trimmed.indexOf("=");
+    if (eqIdx === -1) continue;
+    const key = trimmed.slice(0, eqIdx).trim();
+    let value = trimmed.slice(eqIdx + 1).trim();
+    if (value.startsWith('"') && value.endsWith('"') || value.startsWith("'") && value.endsWith("'")) {
+      value = value.slice(1, -1);
+    }
+    if (key) entries.push({ key, value });
+  }
+  return entries;
+}
+function registerEnvCommands(program2) {
+  const env = program2.command("env").description("Manage project environment variables (secrets)").addHelpText("after", `
+Environment variables are encrypted key-value pairs for your project.
+They are injected at runtime in backend functions and edge workers.
+Use "env pull > .env.local" to export as a file.
+Note: For Claw agent secrets, use "blink secrets" instead.
+Examples:
+  $ blink env list                          List env vars
+  $ blink env set DATABASE_URL postgres://...
+  $ blink env delete OLD_KEY
+  $ blink env push .env                     Bulk import from .env file
+  $ blink env pull > .env.local             Export all vars to stdout
+`);
+  registerEnvList(env);
+  registerEnvSet(env);
+  registerEnvDelete(env);
+  registerEnvPush(env);
+  registerEnvPull(env);
+}
+function registerEnvList(env) {
+  env.command("list [project_id]").description("List environment variables").addHelpText("after", `
+Examples:
+  $ blink env list                      List for linked project
+  $ blink env list proj_xxx             List for specific project
+  $ blink env list --json               Machine-readable output
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading env vars...",
+      () => appRequest(`/api/projects/${projectId}/secrets`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const secrets = result?.secrets ?? result ?? [];
+    if (!secrets.length) {
+      console.log(chalk17.dim("(no env vars \u2014 use `blink env set KEY value`)"));
+      return;
+    }
+    const table = createTable(["Key", "Value"]);
+    for (const s of secrets) table.push([chalk17.bold(s.key), s.value ?? ""]);
+    console.log(table.toString());
+    console.log(chalk17.dim(`
+${secrets.length} variable${secrets.length === 1 ? "" : "s"}`));
+  });
+}
+function registerEnvSet(env) {
+  env.command("set <key> <value>").description("Create or update an environment variable").option("--project <id>", "Project ID (defaults to linked project)").addHelpText("after", `
+Examples:
+  $ blink env set DATABASE_URL postgres://user:pass@host/db
+  $ blink env set STRIPE_KEY sk_live_xxx
+  $ blink env set API_SECRET mysecret --project proj_xxx
+`).action(async (key, value, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    await withSpinner(
+      `Setting ${key}...`,
+      () => appRequest(`/api/projects/${projectId}/secrets`, {
+        method: "POST",
+        body: { key, value }
+      })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", key, project_id: projectId });
+    printSuccess(`${key} saved to project ${projectId}`);
+  });
+}
+function registerEnvDelete(env) {
+  env.command("delete <key>").description("Delete an environment variable").option("--project <id>", "Project ID (defaults to linked project)").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink env delete OLD_KEY
+  $ blink env delete OLD_KEY --yes
+  $ blink env delete OLD_KEY --project proj_xxx
+`).action(async (key, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete env var "${key}" from project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const secretId = await resolveSecretId(projectId, key);
+    await withSpinner(
+      `Deleting ${key}...`,
+      () => appRequest(`/api/projects/${projectId}/secrets/${secretId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", key, project_id: projectId });
+    printSuccess(`Deleted ${key}`);
+  });
+}
+function registerEnvPush(env) {
+  env.command("push <file>").description("Bulk import environment variables from a .env file").option("--project <id>", "Project ID (defaults to linked project)").option("--yes", "Skip confirmation").addHelpText("after", `
+Reads KEY=VALUE pairs from the file and upserts each one.
+Lines starting with # and blank lines are skipped.
+Examples:
+  $ blink env push .env
+  $ blink env push .env.production --project proj_xxx
+  $ blink env push .env --yes
+`).action(async (file, opts) => {
+    requireToken();
+    const projectId = requireProjectId(opts.project);
+    const entries = parseEnvFile(file);
+    if (!entries.length) {
+      printError(`No KEY=VALUE pairs found in ${file}`);
+      process.exit(1);
+    }
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y") || isJsonMode() || !process.stdout.isTTY;
+    if (!skipConfirm) {
+      console.log(chalk17.dim(`  Will upsert ${entries.length} vars: ${entries.map((e) => e.key).join(", ")}`));
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Push ${entries.length} env vars to project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(`Pushing ${entries.length} vars from ${file}...`, async () => {
+      for (const { key, value } of entries) {
+        await appRequest(`/api/projects/${projectId}/secrets`, {
+          method: "POST",
+          body: { key, value }
+        });
+      }
+    });
+    if (isJsonMode()) return printJson({ status: "ok", count: entries.length, project_id: projectId });
+    printSuccess(`Pushed ${entries.length} env var${entries.length === 1 ? "" : "s"} to ${projectId}`);
+  });
+}
+function registerEnvPull(env) {
+  env.command("pull [project_id]").description("Export all environment variables as KEY=VALUE to stdout").addHelpText("after", `
+Prints all env vars as KEY=VALUE lines to stdout.
+Pipe to a file to create a local .env:
+Examples:
+  $ blink env pull > .env.local
+  $ blink env pull proj_xxx > .env.production
+  $ blink env pull --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await appRequest(`/api/projects/${projectId}/secrets`);
+    const secrets = result?.secrets ?? result ?? [];
+    if (isJsonMode()) return printJson(secrets);
+    if (process.stdout.isTTY) {
+      process.stderr.write(chalk17.yellow("\u26A0 Printing secret values to terminal. Pipe to file: blink env pull > .env.local\n"));
+    }
+    for (const s of secrets) {
+      process.stdout.write(`${s.key}=${s.value ?? ""}
+`);
+    }
+  });
+}
+// src/commands/backend.ts
+init_project();
+import { readdirSync as readdirSync2, readFileSync as readFileSync10, statSync } from "fs";
+import { join as join4, relative as relative2 } from "path";
+import chalk18 from "chalk";
+var EXCLUDED_FILES = /* @__PURE__ */ new Set(["package-lock.json", "bun.lockb", "yarn.lock", "pnpm-lock.yaml"]);
+function collectBackendFiles(dir) {
+  const files = [];
+  function walk(current) {
+    for (const entry of readdirSync2(current, { withFileTypes: true })) {
+      if (entry.name === "node_modules" || entry.name.startsWith(".")) continue;
+      const fullPath = join4(current, entry.name);
+      if (entry.isDirectory()) {
+        walk(fullPath);
+        continue;
+      }
+      if (EXCLUDED_FILES.has(entry.name)) continue;
+      const ext = entry.name.split(".").pop()?.toLowerCase() ?? "";
+      if (!["ts", "js", "tsx", "jsx", "json"].includes(ext)) continue;
+      files.push({
+        path: join4("backend", relative2(dir, fullPath)),
+        source_code: readFileSync10(fullPath, "utf-8")
+      });
+    }
+  }
+  walk(dir);
+  return files;
+}
+function resolveProjectAndDir(arg1, arg2) {
+  if (arg2) return { projectId: requireProjectId(arg1), dir: arg2 };
+  if (arg1?.startsWith("proj_")) return { projectId: requireProjectId(arg1), dir: "backend" };
+  return { projectId: requireProjectId(), dir: arg1 ?? "backend" };
+}
+function registerBackendCommands(program2) {
+  const backend = program2.command("backend").description("Manage backend (CF Workers for Platforms) for your project").addHelpText("after", `
+Deploy, monitor, and manage your project's backend worker.
+The backend is a Hono server running on Cloudflare Workers for Platforms.
+Examples:
+  $ blink backend deploy                   Deploy backend/ folder
+  $ blink backend deploy ./server          Deploy from custom dir
+  $ blink backend status                   Check deployment status
+  $ blink backend logs                     View recent logs
+  $ blink backend delete --yes             Remove backend worker
+`);
+  registerBackendDeploy(backend);
+  registerBackendStatus(backend);
+  registerBackendLogs(backend);
+  registerBackendDelete(backend);
+}
+function registerBackendDeploy(backend) {
+  backend.command("deploy [project_id] [dir]").description("Deploy backend files to CF Workers for Platforms").addHelpText("after", `
+Reads all .ts/.js/.json files from the backend/ directory (or specified dir),
+bundles and deploys them as a Cloudflare Worker.
+Examples:
+  $ blink backend deploy                       Deploy backend/ for linked project
+  $ blink backend deploy ./server              Deploy from custom directory
+  $ blink backend deploy proj_xxx              Deploy backend/ for specific project
+  $ blink backend deploy proj_xxx ./api        Deploy ./api for specific project
+`).action(async (arg1, arg2) => {
+    requireToken();
+    const { projectId, dir } = resolveProjectAndDir(arg1, arg2);
+    if (!statSync(dir, { throwIfNoEntry: false })?.isDirectory()) {
+      printError(`Directory not found: ${dir}`, `Create a backend/ folder with index.ts`);
+      process.exit(1);
+    }
+    const files = collectBackendFiles(dir);
+    if (!files.length) {
+      printError(`No .ts/.js files found in ${dir}`);
+      process.exit(1);
+    }
+    if (!isJsonMode()) console.log(chalk18.dim(`  ${files.length} file${files.length === 1 ? "" : "s"} in ${dir}`));
+    const result = await withSpinner(
+      "Deploying backend...",
+      () => appRequest(`/api/v1/projects/${projectId}/backend/deploy`, { body: { files } })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess("Backend deployed");
+    if (result?.url) printUrl("URL", result.url);
+    printKv("Project", projectId);
+  });
+}
+function registerBackendStatus(backend) {
+  backend.command("status [project_id]").description("Check backend deployment status").addHelpText("after", `
+Examples:
+  $ blink backend status
+  $ blink backend status proj_xxx
+  $ blink backend status --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Checking status...",
+      () => appRequest(`/api/v1/projects/${projectId}/backend/status`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printKv("Project", projectId);
+    printKv("Enabled", result?.enabled ? "yes" : "no");
+    printKv("Tier", result?.tier ?? "-");
+    printKv("Requests", String(result?.requests_this_month ?? 0));
+    if (result?.enabled) printUrl("URL", `https://${projectId.slice(-8)}.backend.blink.new`);
+  });
+}
+function registerBackendLogs(backend) {
+  backend.command("logs [project_id]").description("View recent backend logs").option("--minutes <n>", "Minutes of logs to fetch", "30").option("--slug <name>", "Function slug", "index").addHelpText("after", `
+Examples:
+  $ blink backend logs                         Last 30 min of logs
+  $ blink backend logs --minutes 60            Last hour
+  $ blink backend logs proj_xxx --minutes 5
+  $ blink backend logs --json
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const slug = opts.slug ?? "index";
+    const since = new Date(Date.now() - parseInt(opts.minutes ?? "30") * 60 * 1e3).toISOString();
+    const result = await withSpinner(
+      "Fetching logs...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}/logs?since=${since}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const logs = result?.logs ?? result ?? [];
+    if (!logs.length) {
+      console.log(chalk18.dim("(no logs)"));
+      return;
+    }
+    for (const log of logs) {
+      const ts = log.timestamp ? chalk18.dim(new Date(log.timestamp).toLocaleTimeString()) + " " : "";
+      const err = log.error ? chalk18.red(`  ${log.error}`) : "";
+      console.log(`${ts}${log.method ?? ""} ${log.path ?? ""} ${log.status_code ?? ""} ${log.latency_ms ?? ""}ms${err}`);
+    }
+  });
+}
+function registerBackendDelete(backend) {
+  backend.command("delete [project_id]").description("Delete the backend worker").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink backend delete --yes
+  $ blink backend delete proj_xxx --yes
+`).action(async (projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete backend for project ${projectId}? This cannot be undone.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Deleting backend...",
+      () => appRequest(`/api/project/${projectId}/backend`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", project_id: projectId });
+    printSuccess(`Backend deleted for ${projectId}`);
+  });
+}
+// src/commands/functions.ts
+init_project();
+import chalk19 from "chalk";
+var toDate = (ts) => new Date(typeof ts === "number" && ts < 1e11 ? ts * 1e3 : ts);
+function registerFunctionsCommands(program2) {
+  const fns = program2.command("functions").description("Manage edge functions (legacy) for your project").addHelpText("after", `
+List, inspect, and manage edge functions deployed to your project.
+For the newer backend worker (CF Workers for Platforms), use "blink backend".
+Examples:
+  $ blink functions list                     List all functions
+  $ blink functions get index                Get function details
+  $ blink functions logs index               View function logs
+  $ blink functions delete old-fn --yes      Delete a function
+`);
+  registerFnList(fns);
+  registerFnGet(fns);
+  registerFnDelete(fns);
+  registerFnLogs(fns);
+}
+function registerFnList(fns) {
+  fns.command("list [project_id]").description("List all edge functions").addHelpText("after", `
+Examples:
+  $ blink functions list
+  $ blink functions list proj_xxx
+  $ blink functions list --json
+`).action(async (projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      "Loading functions...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions`)
+    );
+    const functions = result?.functions ?? result ?? [];
+    if (isJsonMode()) return printJson(functions);
+    if (!functions.length) {
+      console.log(chalk19.dim("(no functions)"));
+      return;
+    }
+    const table = createTable(["Slug", "Status", "Created"]);
+    for (const fn of functions) {
+      table.push([fn.slug, fn.status ?? "-", fn.created_at ? toDate(fn.created_at).toLocaleDateString() : "-"]);
+    }
+    console.log(table.toString());
+  });
+}
+function registerFnGet(fns) {
+  fns.command("get <slug> [project_id]").description("Get details of a specific function").addHelpText("after", `
+Examples:
+  $ blink functions get index
+  $ blink functions get my-api proj_xxx
+  $ blink functions get index --json
+`).action(async (slug, projectArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const result = await withSpinner(
+      `Loading ${slug}...`,
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const fn = result?.function ?? result;
+    console.log(chalk19.bold("Slug:    ") + (fn?.slug ?? slug));
+    if (fn?.status) console.log(chalk19.bold("Status:  ") + fn.status);
+    if (fn?.url) console.log(chalk19.bold("URL:     ") + chalk19.cyan(fn.url));
+    if (fn?.created_at) console.log(chalk19.bold("Created: ") + toDate(fn.created_at).toLocaleString());
+  });
+}
+function registerFnDelete(fns) {
+  fns.command("delete <slug> [project_id]").description("Delete an edge function").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink functions delete old-fn --yes
+  $ blink functions delete my-api proj_xxx --yes
+`).action(async (slug, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Delete function "${slug}" from project ${projectId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      `Deleting ${slug}...`,
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", slug, project_id: projectId });
+    printSuccess(`Deleted function ${slug}`);
+  });
+}
+function registerFnLogs(fns) {
+  fns.command("logs <slug> [project_id]").description("View logs for a specific function").option("--minutes <n>", "Minutes of logs to fetch", "30").option("--limit <n>", "Max number of log entries").addHelpText("after", `
+Examples:
+  $ blink functions logs index                   Last 30 min
+  $ blink functions logs my-api --minutes 60     Last hour
+  $ blink functions logs index proj_xxx --limit 100
+  $ blink functions logs index --json
+`).action(async (slug, projectArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectArg);
+    const since = new Date(Date.now() - parseInt(opts.minutes ?? "30") * 60 * 1e3).toISOString();
+    const params = new URLSearchParams({ since });
+    if (opts.limit) params.set("limit", opts.limit);
+    const result = await withSpinner(
+      "Fetching logs...",
+      () => appRequest(`/api/v1/projects/${projectId}/functions/${slug}/logs?${params}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    const logs = result?.logs ?? result ?? [];
+    if (!logs.length) {
+      console.log(chalk19.dim("(no logs)"));
+      return;
+    }
+    for (const log of logs) {
+      const ts = log.timestamp ? chalk19.dim(new Date(log.timestamp).toLocaleTimeString()) + " " : "";
+      const level = log.level ? chalk19.yellow(`[${log.level}] `) : "";
+      console.log(`${ts}${level}${log.message ?? JSON.stringify(log)}`);
+    }
+  });
+}
+// src/commands/init.ts
+init_project();
+import { basename as basename3 } from "path";
+import chalk20 from "chalk";
+function registerInitCommands(program2) {
+  program2.command("init").description("Initialize a new Blink project and link it to the current directory").option("--name <name>", "Project name (defaults to current directory name)").option("--from <project_id>", "Create a new project named after an existing one").addHelpText("after", `
+Creates a new Blink project and writes .blink/project.json in the current directory.
+After init, all commands work without specifying a project_id.
+Examples:
+  $ blink init                             Create project named after current dir
+  $ blink init --name "My SaaS App"        Create with custom name
+  $ blink init --from proj_xxx             Clone from existing project
+  $ blink init --json                      Machine-readable output
+After init:
+  $ blink deploy ./dist --prod
+  $ blink db query "SELECT * FROM users"
+  $ blink env set DATABASE_URL postgres://...
+`).action(async (opts) => {
+    requireToken();
+    if (opts.from) {
+      await initFromExisting(opts.from);
+    } else {
+      await initNew(opts.name);
+    }
+  });
+}
+async function initNew(nameOpt) {
+  const name = nameOpt ?? basename3(process.cwd());
+  const result = await withSpinner(
+    `Creating project "${name}"...`,
+    () => appRequest("/api/projects/create", { method: "POST", body: { prompt: name } })
+  );
+  const proj = result?.project ?? result;
+  if (!proj?.id) {
+    printError("Failed to create project \u2014 no ID returned");
+    process.exit(1);
+  }
+  writeProjectConfig({ projectId: proj.id });
+  if (isJsonMode()) return printJson({ project_id: proj.id, name: proj.name ?? name });
+  printSuccess(`Project created and linked`);
+  printKv("ID", proj.id);
+  printKv("Name", proj.name ?? name);
+  console.log(chalk20.dim("\n  Run `blink deploy ./dist --prod` to deploy"));
+}
+async function initFromExisting(sourceId) {
+  const source = await withSpinner(
+    "Loading source project...",
+    () => appRequest(`/api/projects/${sourceId}`)
+  );
+  const sourceName = source?.project?.name ?? source?.name ?? sourceId;
+  const name = `${sourceName} (copy)`;
+  const result = await withSpinner(
+    `Creating project "${name}"...`,
+    () => appRequest("/api/projects/create", { method: "POST", body: { prompt: name } })
+  );
+  const proj = result?.project ?? result;
+  if (!proj?.id) {
+    printError("Failed to create project \u2014 no ID returned");
+    process.exit(1);
+  }
+  writeProjectConfig({ projectId: proj.id });
+  if (isJsonMode()) return printJson({ project_id: proj.id, name: proj.name ?? name, from: sourceId });
+  printSuccess(`Project created from ${sourceId} and linked`);
+  printKv("ID", proj.id);
+  printKv("Name", proj.name ?? name);
+  printKv("From", sourceId);
+}
+// src/commands/workspace.ts
+import chalk21 from "chalk";
+function printWorkspaceTable(workspaces) {
+  const table = createTable(["ID", "Name", "Slug", "Tier", "Role"]);
+  for (const w of workspaces) table.push([w.id, w.name, w.slug ?? "-", w.tier ?? "-", w.role ?? "-"]);
+  console.log(table.toString());
+}
+function printMemberTable(members) {
+  const table = createTable(["Name", "Email", "Role"]);
+  for (const m of members) table.push([m.name ?? "-", m.email, m.role ?? "-"]);
+  console.log(table.toString());
+}
+function registerWorkspaceCommands(program2) {
+  const workspace = program2.command("workspace").description("Manage workspaces, members, and invitations").addHelpText("after", `
+Examples:
+  $ blink workspace list
+  $ blink workspace create "My Team"
+  $ blink workspace switch wsp_xxx
+  $ blink workspace members wsp_xxx
+  $ blink workspace invite user@example.com wsp_xxx --role admin
+`);
+  workspace.command("list").description("List all workspaces you belong to").addHelpText("after", `
+Examples:
+  $ blink workspace list
+  $ blink workspace list --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner("Loading workspaces...", () => appRequest("/api/workspaces"));
+    const workspaces = result?.workspaces ?? result ?? [];
+    if (isJsonMode()) return printJson(workspaces);
+    if (!workspaces.length) return console.log(chalk21.dim("No workspaces found."));
+    printWorkspaceTable(workspaces);
+  });
+  workspace.command("create <name>").description("Create a new workspace").addHelpText("after", `
+Examples:
+  $ blink workspace create "My Team"
+  $ blink workspace create "Acme Corp" --json
+`).action(async (name) => {
+    requireToken();
+    const result = await withSpinner(
+      `Creating "${name}"...`,
+      () => appRequest("/api/workspaces", { method: "POST", body: { name } })
+    );
+    if (isJsonMode()) return printJson(result);
+    const ws = result?.workspace ?? result;
+    printSuccess(`Created workspace: ${ws.name} (${ws.id})`);
+  });
+  workspace.command("switch <workspace_id>").description("Switch your active workspace").addHelpText("after", `
+Examples:
+  $ blink workspace switch wsp_xxx
+`).action(async (workspaceId) => {
+    requireToken();
+    await withSpinner(
+      "Switching workspace...",
+      () => appRequest("/api/workspaces/switch", { method: "POST", body: { workspace_id: workspaceId } })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", workspace_id: workspaceId });
+    printSuccess(`Switched to workspace ${workspaceId}`);
+  });
+  workspace.command("members [workspace_id]").description("List members of a workspace").option("--workspace <id>", "Workspace ID").addHelpText("after", `
+Examples:
+  $ blink workspace members wsp_xxx
+  $ blink workspace members --workspace wsp_xxx
+  $ blink workspace members wsp_xxx --json
+`).action(async (workspaceIdArg, opts) => {
+    requireToken();
+    const workspaceId = workspaceIdArg ?? opts.workspace;
+    if (!workspaceId) {
+      printError("Workspace ID required", "blink workspace members wsp_xxx");
+      process.exit(1);
+    }
+    const result = await withSpinner(
+      "Loading members...",
+      () => appRequest(`/api/workspaces/${workspaceId}/members`)
+    );
+    const members = result?.members ?? result ?? [];
+    if (isJsonMode()) return printJson(members);
+    if (!members.length) return console.log(chalk21.dim("No members found."));
+    printMemberTable(members);
+  });
+  workspace.command("invite <email> [workspace_id]").description("Invite a member to a workspace").option("--workspace <id>", "Workspace ID").option("--role <role>", "Role: admin, member, viewer", "member").addHelpText("after", `
+Examples:
+  $ blink workspace invite user@example.com wsp_xxx
+  $ blink workspace invite user@example.com --workspace wsp_xxx --role admin
+  $ blink workspace invite user@example.com wsp_xxx --role viewer
+`).action(async (email, workspaceIdArg, opts) => {
+    requireToken();
+    const workspaceId = workspaceIdArg ?? opts.workspace;
+    if (!workspaceId) {
+      printError("Workspace ID required", "blink workspace invite user@example.com wsp_xxx");
+      process.exit(1);
+    }
+    const result = await withSpinner(
+      `Inviting ${email}...`,
+      () => appRequest(`/api/workspaces/${workspaceId}/invites`, {
+        method: "POST",
+        body: { emails: [email], role: opts.role }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Invited ${email} as ${opts.role} to ${workspaceId}`);
+  });
+}
+// src/commands/versions.ts
+init_project();
+import chalk22 from "chalk";
+function printVersionTable(versions) {
+  const table = createTable(["ID", "Description", "Created"]);
+  for (const v of versions) {
+    table.push([v.id, v.description ?? v.message ?? "-", new Date(v.created_at).toLocaleString()]);
+  }
+  console.log(table.toString());
+}
+function registerVersionCommands(program2) {
+  const versions = program2.command("versions").description("Manage project version snapshots").addHelpText("after", `
+Examples:
+  $ blink versions list
+  $ blink versions save --message "before refactor"
+  $ blink versions restore ver_xxx
+`);
+  versions.command("list [project_id]").description("List saved versions for a project").addHelpText("after", `
+Examples:
+  $ blink versions list
+  $ blink versions list proj_xxx
+  $ blink versions list --json
+`).action(async (projectIdArg) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const result = await withSpinner(
+      "Loading versions...",
+      () => appRequest(`/api/versions?projectId=${projectId}`)
+    );
+    const versionsList = result?.versions ?? result ?? [];
+    if (isJsonMode()) return printJson(versionsList);
+    if (!versionsList.length) return console.log(chalk22.dim("No versions saved yet."));
+    printVersionTable(versionsList);
+  });
+  versions.command("save [project_id]").description("Save a version snapshot of the current project state").requiredOption("--message <msg>", "Version description (required)").addHelpText("after", `
+Examples:
+  $ blink versions save --message "stable v1"
+  $ blink versions save proj_xxx --message "pre-deploy"
+  $ blink versions save --json
+`).action(async (projectIdArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const result = await withSpinner(
+      "Saving version...",
+      () => appRequest("/api/save-version", {
+        method: "POST",
+        body: { projectId, description: opts.message }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    const ver = result?.version ?? result;
+    printSuccess(`Version saved: ${ver?.id ?? "ok"}`);
+  });
+  versions.command("restore <version_id> [project_id]").description("Restore a project to a saved version").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink versions restore ver_xxx
+  $ blink versions restore ver_xxx proj_xxx --yes
+`).action(async (versionId, projectIdArg, opts) => {
+    requireToken();
+    const projectId = requireProjectId(projectIdArg);
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Restore project ${projectId} to version ${versionId}?` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    const result = await withSpinner(
+      "Restoring version...",
+      () => appRequest("/api/versions/restore", {
+        method: "POST",
+        body: { projectId, identifier: versionId }
+      })
+    );
+    if (isJsonMode()) return printJson(result);
+    printSuccess(`Restored to version ${versionId}`);
+  });
+}
+// src/commands/billing.ts
+import chalk23 from "chalk";
+function printUsage(data) {
+  console.log();
+  printKv("Total", `${data.total ?? 0} credits used`);
+  const breakdown = data.breakdown ?? [];
+  if (breakdown.length) {
+    console.log();
+    console.log(chalk23.bold("Breakdown:"));
+    for (const item of breakdown) printKv(`  ${item.category}`, `${item.amount}`);
+  }
+  console.log();
+}
+function registerBillingCommands(program2) {
+  program2.command("credits").description("Check your credit balance and tier").addHelpText("after", `
+Examples:
+  $ blink credits
+  $ blink credits --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading usage...",
+      () => appRequest("/api/usage/summary?period=month")
+    );
+    if (isJsonMode()) return printJson(result);
+    const data = result ?? {};
+    console.log();
+    printKv("Used", `${data.total ?? 0} credits this month`);
+    console.log();
+  });
+  program2.command("usage").description("Show usage summary for the current billing period").option("--period <granularity>", "Period granularity: hour, day, week, month", "day").addHelpText("after", `
+Examples:
+  $ blink usage
+  $ blink usage --period month
+  $ blink usage --json
+`).action(async (opts) => {
+    requireToken();
+    const result = await withSpinner(
+      "Loading usage...",
+      () => appRequest(`/api/usage/summary?period=${opts.period}`)
+    );
+    if (isJsonMode()) return printJson(result);
+    printUsage(result);
+  });
+}
+// src/commands/tokens.ts
+import chalk24 from "chalk";
+function printTokenTable(tokens) {
+  const table = createTable(["ID", "Name", "Prefix", "Created", "Last Used"]);
+  for (const t of tokens) {
+    table.push([
+      t.id,
+      t.name ?? "-",
+      t.key_prefix ?? "-",
+      t.created_at ? new Date(t.created_at).toLocaleDateString() : "-",
+      t.last_used_at ? new Date(t.last_used_at).toLocaleDateString() : "never"
+    ]);
+  }
+  console.log(table.toString());
+}
+function printNewToken(token) {
+  console.log();
+  printSuccess(`Token created: ${token.name}`);
+  console.log();
+  console.log(chalk24.bold("  Token: ") + chalk24.green(token.key));
+  console.log();
+  console.log(chalk24.yellow("  \u26A0 Save this token now \u2014 it will not be shown again!"));
+  console.log(chalk24.dim("  Use as: export BLINK_API_KEY=" + token.key));
+  console.log();
+}
+function registerTokenCommands(program2) {
+  const tokens = program2.command("tokens").description("Manage personal access tokens (API keys)").addHelpText("after", `
+Examples:
+  $ blink tokens list
+  $ blink tokens create --name "CI deploy key"
+  $ blink tokens revoke tok_xxx --yes
+`);
+  tokens.command("list").description("List all personal access tokens").addHelpText("after", `
+Examples:
+  $ blink tokens list
+  $ blink tokens list --json
+`).action(async () => {
+    requireToken();
+    const result = await withSpinner("Loading tokens...", () => appRequest("/api/tokens"));
+    const tokensList = result?.tokens ?? result ?? [];
+    if (isJsonMode()) return printJson(tokensList);
+    if (!tokensList.length) return console.log(chalk24.dim('No tokens found. Create one with `blink tokens create --name "my key"`.'));
+    printTokenTable(tokensList);
+  });
+  tokens.command("create").description("Create a new personal access token").requiredOption("--name <name>", 'Name for the token (e.g. "CI deploy key")').addHelpText("after", `
+Examples:
+  $ blink tokens create --name "CI deploy key"
+  $ blink tokens create --name "staging" --json
+`).action(async (opts) => {
+    requireToken();
+    const result = await withSpinner(
+      "Creating token...",
+      () => appRequest("/api/tokens", { method: "POST", body: { name: opts.name } })
+    );
+    if (isJsonMode()) return printJson(result);
+    const token = result?.token ?? result;
+    printNewToken(token);
+  });
+  tokens.command("revoke <token_id>").description("Revoke (delete) a personal access token").option("--yes", "Skip confirmation").addHelpText("after", `
+Examples:
+  $ blink tokens revoke tok_xxx
+  $ blink tokens revoke tok_xxx --yes
+`).action(async (tokenId, opts) => {
+    requireToken();
+    const skipConfirm = opts.yes || process.argv.includes("--yes") || process.argv.includes("-y");
+    if (!skipConfirm && !isJsonMode() && process.stdout.isTTY) {
+      const { confirm } = await import("@clack/prompts");
+      const ok = await confirm({ message: `Revoke token ${tokenId}? This cannot be undone.` });
+      if (!ok) {
+        console.log("Cancelled.");
+        return;
+      }
+    }
+    await withSpinner(
+      "Revoking token...",
+      () => appRequest(`/api/tokens/${tokenId}`, { method: "DELETE" })
+    );
+    if (isJsonMode()) return printJson({ status: "ok", token_id: tokenId });
+    printSuccess(`Revoked token ${tokenId}`);
+  });
+}
+// src/cli.ts
+var require2 = createRequire(import.meta.url);
+var pkg = require2("../package.json");
+var program = new Command();
+program.name("blink").description("Blink platform CLI \u2014 build, deploy, and manage AI-powered apps").version(pkg.version).option("--token <key>", "Override API token for this command").option("--json", "Machine-readable JSON output (no colors, great for scripting)").option("-y, --yes", "Skip confirmation prompts").option("--debug", "Verbose request logging").option("--profile <name>", "Use named config profile from ~/.config/blink/config.toml").addHelpText("after", `
+Auth:
+  API key lives at blink.new \u2192 Settings \u2192 API Keys (starts with blnk_ak_)
+  $ blink login --interactive          Save your API key to ~/.config/blink/config.toml
+  $ export BLINK_API_KEY=blnk_ak_...  Or set env var directly (used in CI/agents)
+Quick Start:
+  $ blink login --interactive          Authenticate
+  $ blink link                         Link current dir to a project (interactive picker)
+  $ npm run build && blink deploy ./dist --prod   Build then deploy to production
+Deploy:
+  $ blink deploy ./dist --prod         Deploy build output to production
+  $ blink deploy ./dist                Preview deployment (safe, non-destructive)
+  $ blink deployments                  List past deployments
+  $ blink rollback                     Rollback production to previous version
+Database (requires linked project or project_id):
+  $ blink db query "SELECT * FROM users LIMIT 10"
+  $ blink db query proj_xxx "SELECT count(*) FROM orders"
+  $ blink db exec schema.sql           Run a SQL file
+  $ blink db list                      Show all tables
+  $ blink db list users                Show rows in the users table
+Storage:
+  $ blink storage upload ./photo.jpg
+  $ blink storage list
+  $ blink storage url images/photo.jpg
+  $ blink storage download images/photo.jpg ./local.jpg
+AI (no project needed \u2014 workspace-scoped):
+  $ blink ai image "a futuristic city at sunset"
+  $ blink ai text "Summarize this: ..." --model anthropic/claude-sonnet-4.5
+  $ blink ai video "ocean waves at sunset" --duration 10s
+  $ blink ai speech "Hello world" --voice nova --output hello.mp3
+  $ blink ai transcribe ./meeting.mp3
+Web & Data:
+  $ blink search "latest AI news" --count 10
+  $ blink fetch https://api.github.com/users/octocat
+  $ blink fetch https://api.example.com --method POST --body '{"key":"val"}'
+  $ blink scrape https://example.com --text              Clean text (no HTML)
+  $ blink scrape https://example.com --extract "prices"  AI-extract specific data
+Realtime / RAG / Notify:
+  $ blink realtime publish updates '{"type":"refresh"}'
+  $ blink rag search "how does billing work" --ai
+  $ blink notify email user@example.com "Subject" "Body"
+Phone Numbers (10 credits/month per number):
+  $ blink phone list               List all workspace phone numbers
+  $ blink phone buy --label Sales  Buy a new number (US, UK, CA, AU)
+  $ blink phone label <id> Sales   Update label
+  $ blink phone release <id>       Release a number
+Connectors (38 OAuth providers \u2014 GitHub, Notion, Slack, Stripe, Shopify, Jira, Linear, and more):
+  $ blink connector providers                                    List all 38 providers
+  $ blink connector status                                       Show all connected accounts
+  $ blink connector status github                                Check a specific provider
+  $ blink connector exec github /user/repos GET                  Call any REST endpoint
+  $ blink connector exec notion /search POST '{"query":"notes"}' Notion search
+  $ blink connector exec slack /chat.postMessage POST '{"channel":"C123","text":"hi"}'
+  $ blink connector exec stripe /customers GET '{"limit":5}'
+  $ blink connector exec jira /search GET '{"jql":"assignee=currentUser()"}'
+  $ blink connector exec linear '{ viewer { id name } }' POST   GraphQL (Linear)
+  Connect accounts at: blink.new/settings?tab=connectors
+LinkedIn (dedicated commands for the LinkedIn connector):
+  $ blink linkedin me                               Show your LinkedIn profile
+  $ blink linkedin posts                            List your 10 most recent posts
+  $ blink linkedin post "Hello LinkedIn!"           Publish a text post
+  $ blink linkedin comments "urn:li:ugcPost:123"    Read comments on a post
+  $ blink linkedin comment "urn:li:ugcPost:123" "Nice!"  Add a comment
   $ blink linkedin like "urn:li:ugcPost:123"        Like a post
   $ blink linkedin unlike "urn:li:ugcPost:123"      Unlike a post
   Link LinkedIn at: blink.new/claw (Agent Integrations tab)
+Environment Variables (project secrets):
+  $ blink env list                             List env var names
+  $ blink env set STRIPE_KEY sk_live_xxx       Set an env var
+  $ blink env delete OLD_KEY                   Remove an env var
+  $ blink env push .env                        Bulk import from .env file
+  $ blink env pull > .env.local                Export as KEY=VALUE
+Backend (Hono server on CF Workers):
+  $ blink backend deploy ./backend             Deploy backend/ to Cloudflare Workers
+  $ blink backend status                       Check backend status + URL
+  $ blink backend logs                         Tail backend request logs
+  $ blink backend delete --yes                 Remove backend
+Auth Config (Blink Auth providers):
+  $ blink auth-config get                      Show auth configuration
+  $ blink auth-config set --provider google --enabled true
+  $ blink auth-config byoc-set --provider google --client-id X --client-secret Y
+Domains:
+  $ blink domains list                         List custom domains
+  $ blink domains add myapp.com                Add a custom domain
+  $ blink domains verify <domain_id>           Verify DNS
+  $ blink domains search "myapp"               Search available domains
+  $ blink domains purchase myapp.com           Buy a domain
+Hosting:
+  $ blink hosting status                       Check hosting state + URLs
+  $ blink hosting activate                     Activate production hosting
+  $ blink hosting deactivate --yes             Deactivate hosting
+Security & CORS:
+  $ blink security get                         Show per-module auth policy
+  $ blink security set --module db --require-auth true
+  $ blink cors get                             Show allowed CORS origins
+  $ blink cors set --origins https://example.com
+Functions (legacy edge functions):
+  $ blink functions list                       List edge functions
+  $ blink functions logs index                 View function logs
+  $ blink functions delete old-fn --yes        Delete a function
+Versions:
+  $ blink versions list                        List saved versions
+  $ blink versions save --message "v1.0"       Save a snapshot
+  $ blink versions restore ver_xxx --yes       Restore to a version
+Workspace:
+  $ blink workspace list                       List workspaces
+  $ blink workspace create "My Team"           Create workspace
+  $ blink workspace members                    List members + roles
+Billing:
+  $ blink credits                              Check credit balance
+  $ blink usage                                Usage breakdown
+Tokens (Personal Access Tokens):
+  $ blink tokens list                          List PATs
+  $ blink tokens create --name "CI"            Create PAT (shown once!)
+  $ blink tokens revoke <id> --yes             Revoke a PAT
+Init:
+  $ blink init                                 Create project + link to current dir
+  $ blink init --name "My App"                 Create with custom name
 Agents (Claw \u2014 zero config on Fly machines, BLINK_AGENT_ID is already set):
   $ blink agent list                           List all agents in workspace
   $ blink agent status                         Show current agent details
@@ -2393,7 +3840,6 @@ Secrets (encrypted agent vault \u2014 values never shown):
   $ blink secrets list                         List secret key names
   $ blink secrets set GITHUB_TOKEN ghp_xxx     Add/update a secret
   $ blink secrets delete OLD_KEY               Remove a secret
-  $ blink secrets set --agent clw_other KEY v  Set secret on another agent (agent manager pattern)
 Tip \u2014 check full context (agent + project + auth):
   $ blink status
@@ -2425,6 +3871,18 @@ registerConnectorCommands(program);
 registerLinkedInCommands(program);
 registerPhoneCommands(program);
 registerSmsCommands(program);
+registerAuthConfigCommands(program);
+registerDomainsCommands(program);
+registerHostingCommands(program);
+registerSecurityCommands(program);
+registerEnvCommands(program);
+registerBackendCommands(program);
+registerFunctionsCommands(program);
+registerInitCommands(program);
+registerWorkspaceCommands(program);
+registerVersionCommands(program);
+registerBillingCommands(program);
+registerTokenCommands(program);
 program.command("use <project_id>").description("Set active project for this shell session (alternative to blink link)").option("--export", "Output a shell export statement \u2014 use with eval to actually set it").addHelpText("after", `
 Examples:
   $ blink use proj_xxx                        Shows the export command to run
@@ -2440,10 +3898,10 @@ After setting:
     process.stdout.write(`export BLINK_ACTIVE_PROJECT=${projectId}
 `);
   } else {
-    const { default: chalk13 } = await import("chalk");
-    console.log(chalk13.bold("Active project: ") + projectId);
-    console.log(chalk13.dim(`Run: export BLINK_ACTIVE_PROJECT=${projectId}`));
-    console.log(chalk13.dim(`Or:  eval $(blink use ${projectId} --export)`));
+    const { default: chalk25 } = await import("chalk");
+    console.log(chalk25.bold("Active project: ") + projectId);
+    console.log(chalk25.dim(`Run: export BLINK_ACTIVE_PROJECT=${projectId}`));
+    console.log(chalk25.dim(`Or:  eval $(blink use ${projectId} --export)`));
   }
 });
 program.action(async () => {