@bonnard/cli 0.1.3 → 0.1.5

package/dist/bin/bon.mjs

@@ -3,18 +3,129 @@ import { createRequire } from "node:module";
 import { program } from "commander";
 import fs from "node:fs";
 import path from "node:path";
+import { fileURLToPath } from "node:url";
 import pc from "picocolors";
 import http from "node:http";
 import crypto from "node:crypto";
 import os from "node:os";
+import YAML from "yaml";
+import { execFileSync } from "node:child_process";
+import { confirm } from "@inquirer/prompts";
 import { encode } from "@toon-format/toon";
 
+//#region rolldown:runtime
+var __defProp = Object.defineProperty;
+var __exportAll = (all, symbols) => {
+	let target = {};
+	for (var name in all) {
+		__defProp(target, name, {
+			get: all[name],
+			enumerable: true
+		});
+	}
+	if (symbols) {
+		__defProp(target, Symbol.toStringTag, { value: "Module" });
+	}
+	return target;
+};
+var __require = /* @__PURE__ */ createRequire(import.meta.url);
+
+//#endregion
 //#region src/commands/init.ts
+const __filename$1 = fileURLToPath(import.meta.url);
+const __dirname$1 = path.dirname(__filename$1);
+const TEMPLATES_DIR = path.join(__dirname$1, "..", "templates");
 const BON_YAML_TEMPLATE = (projectName) => `project:
   name: ${projectName}
 `;
 const GITIGNORE_TEMPLATE = `.bon/
 `;
+/**
+* Load a template file from the templates directory
+*/
+function loadTemplate(relativePath) {
+	const templatePath = path.join(TEMPLATES_DIR, relativePath);
+	return fs.readFileSync(templatePath, "utf-8");
+}
+/**
+* Load a JSON template file
+*/
+function loadJsonTemplate(relativePath) {
+	const content = loadTemplate(relativePath);
+	return JSON.parse(content);
+}
+/**
+* Write a template file, appending if target exists and doesn't already have Bonnard content
+*/
+function writeTemplateFile(content, targetPath, createdFiles) {
+	if (fs.existsSync(targetPath)) {
+		if (!fs.readFileSync(targetPath, "utf-8").includes("# Bonnard")) {
+			fs.appendFileSync(targetPath, `\n\n${content}`);
+			createdFiles.push(`${path.relative(process.cwd(), targetPath)} (appended)`);
+		}
+	} else {
+		fs.writeFileSync(targetPath, content);
+		createdFiles.push(path.relative(process.cwd(), targetPath));
+	}
+}
+/**
+* Merge settings.json, preserving existing settings
+*/
+function mergeSettingsJson(templateSettings, targetPath, createdFiles) {
+	if (fs.existsSync(targetPath)) {
+		const existingContent = JSON.parse(fs.readFileSync(targetPath, "utf-8"));
+		const templatePerms = templateSettings.permissions;
+		if (templatePerms?.allow) {
+			existingContent.permissions = existingContent.permissions || {};
+			existingContent.permissions.allow = existingContent.permissions.allow || [];
+			for (const permission of templatePerms.allow) if (!existingContent.permissions.allow.includes(permission)) existingContent.permissions.allow.push(permission);
+		}
+		fs.writeFileSync(targetPath, JSON.stringify(existingContent, null, 2) + "\n");
+		createdFiles.push(`${path.relative(process.cwd(), targetPath)} (merged)`);
+	} else {
+		fs.writeFileSync(targetPath, JSON.stringify(templateSettings, null, 2) + "\n");
+		createdFiles.push(path.relative(process.cwd(), targetPath));
+	}
+}
+/**
+* Add Cursor frontmatter to shared content
+*/
+function withCursorFrontmatter(content, description, alwaysApply) {
+	return `---
+description: "${description}"
+alwaysApply: ${alwaysApply}
+---
+
+` + content;
+}
+/**
+* Create agent templates (Claude Code, Cursor, and Codex)
+*/
+function createAgentTemplates(cwd) {
+	const createdFiles = [];
+	const sharedBonnard = loadTemplate("shared/bonnard.md");
+	const claudeRulesDir = path.join(cwd, ".claude", "rules");
+	const claudeSkillsDir = path.join(cwd, ".claude", "skills");
+	fs.mkdirSync(claudeRulesDir, { recursive: true });
+	fs.mkdirSync(path.join(claudeSkillsDir, "bonnard-cli"), { recursive: true });
+	fs.mkdirSync(path.join(claudeSkillsDir, "bonnard-queries"), { recursive: true });
+	writeTemplateFile(sharedBonnard, path.join(claudeRulesDir, "bonnard.md"), createdFiles);
+	writeTemplateFile(loadTemplate("claude/skills/bonnard-cli/SKILL.md"), path.join(claudeSkillsDir, "bonnard-cli", "SKILL.md"), createdFiles);
+	writeTemplateFile(loadTemplate("claude/skills/bonnard-queries/SKILL.md"), path.join(claudeSkillsDir, "bonnard-queries", "SKILL.md"), createdFiles);
+	mergeSettingsJson(loadJsonTemplate("claude/settings.json"), path.join(cwd, ".claude", "settings.json"), createdFiles);
+	const cursorRulesDir = path.join(cwd, ".cursor", "rules");
+	fs.mkdirSync(cursorRulesDir, { recursive: true });
+	writeTemplateFile(withCursorFrontmatter(sharedBonnard, "Bonnard semantic layer project context", true), path.join(cursorRulesDir, "bonnard.mdc"), createdFiles);
+	writeTemplateFile(loadTemplate("cursor/rules/bonnard-cli.mdc"), path.join(cursorRulesDir, "bonnard-cli.mdc"), createdFiles);
+	writeTemplateFile(loadTemplate("cursor/rules/bonnard-queries.mdc"), path.join(cursorRulesDir, "bonnard-queries.mdc"), createdFiles);
+	const codexSkillsDir = path.join(cwd, ".agents", "skills");
+	fs.mkdirSync(path.join(codexSkillsDir, "bonnard-cli"), { recursive: true });
+	fs.mkdirSync(path.join(codexSkillsDir, "bonnard-queries"), { recursive: true });
+	writeTemplateFile(sharedBonnard, path.join(cwd, "AGENTS.md"), createdFiles);
+	writeTemplateFile(loadTemplate("claude/skills/bonnard-cli/SKILL.md"), path.join(codexSkillsDir, "bonnard-cli", "SKILL.md"), createdFiles);
+	writeTemplateFile(loadTemplate("claude/skills/bonnard-queries/SKILL.md"), path.join(codexSkillsDir, "bonnard-queries", "SKILL.md"), createdFiles);
+	return createdFiles;
+}
 async function initCommand() {
 	const cwd = process.cwd();
 	const projectName = path.basename(cwd);
@@ -27,13 +138,20 @@ async function initCommand() {
 	fs.mkdirSync(path.join(cwd, ".bon"), { recursive: true });
 	fs.writeFileSync(path.join(cwd, "bon.yaml"), BON_YAML_TEMPLATE(projectName));
 	fs.writeFileSync(path.join(cwd, ".gitignore"), GITIGNORE_TEMPLATE);
+	const agentFiles = createAgentTemplates(cwd);
 	console.log(pc.green(`Initialised Bonnard project "${projectName}"`));
 	console.log();
+	console.log(pc.bold("Core files:"));
 	console.log(`  ${pc.dim("bon.yaml")}        project config`);
 	console.log(`  ${pc.dim("models/")}         model definitions`);
 	console.log(`  ${pc.dim("views/")}          view definitions`);
 	console.log(`  ${pc.dim(".bon/")}           local state (gitignored)`);
 	console.log(`  ${pc.dim(".gitignore")}      git ignore rules`);
+	if (agentFiles.length > 0) {
+		console.log();
+		console.log(pc.bold("Agent support:"));
+		for (const file of agentFiles) console.log(`  ${pc.dim(file)}`);
+	}
 }
 
 //#endregion
@@ -65,7 +183,7 @@ function clearCredentials() {
 
 //#endregion
 //#region src/commands/login.ts
-const APP_URL$1 = process.env.BON_APP_URL || "http://localhost:3000";
+const APP_URL$1 = process.env.BON_APP_URL || "https://app.bonnard.dev";
 const TIMEOUT_MS = 120 * 1e3;
 async function loginCommand() {
 	const state = crypto.randomUUID();
@@ -201,7 +319,14 @@ async function logoutCommand() {
 
 //#endregion
 //#region src/lib/api.ts
-const APP_URL = process.env.BON_APP_URL || "http://localhost:3000";
+var api_exports = /* @__PURE__ */ __exportAll({
+	del: () => del,
+	get: () => get,
+	getRemoteDatasources: () => getRemoteDatasources,
+	post: () => post
+});
+const APP_URL = process.env.BON_APP_URL || "https://app.bonnard.dev";
+const VERCEL_BYPASS = process.env.VERCEL_AUTOMATION_BYPASS_SECRET;
 function getToken() {
 	const creds = loadCredentials();
 	if (!creds) {
@@ -213,12 +338,14 @@ function getToken() {
 async function request(method, path, body) {
 	const token = getToken();
 	const url = `${APP_URL}${path}`;
+	const headers = {
+		Authorization: `Bearer ${token}`,
+		"Content-Type": "application/json"
+	};
+	if (VERCEL_BYPASS) headers["x-vercel-protection-bypass"] = VERCEL_BYPASS;
 	const res = await fetch(url, {
 		method,
-		headers: {
-			Authorization: `Bearer ${token}`,
-			"Content-Type": "application/json"
-		},
+		headers,
 		body: body ? JSON.stringify(body) : void 0
 	});
 	const data = await res.json();
@@ -237,13 +364,383 @@ function post(path, body) {
 function del(path) {
 	return request("DELETE", path);
 }
+/**
+* Fetch remote datasources from Bonnard server
+*/
+async function getRemoteDatasources() {
+	return (await get("/api/datasources")).dataSources || [];
+}
+
+//#endregion
+//#region src/commands/whoami.ts
+async function whoamiCommand(options = {}) {
+	const credentials = loadCredentials();
+	if (!credentials) {
+		console.log(pc.yellow("Not logged in."));
+		console.log(pc.dim("Run `bon login` to authenticate."));
+		process.exit(1);
+	}
+	if (options.verify) try {
+		const result = await get("/api/cli/whoami");
+		console.log(pc.green(`Logged in as ${result.email}`));
+		if (result.orgName) console.log(pc.dim(`Organization: ${result.orgName}`));
+	} catch (err) {
+		console.log(pc.red("Session expired or invalid."));
+		console.log(pc.dim("Run `bon login` to re-authenticate."));
+		process.exit(1);
+	}
+	else {
+		console.log(pc.green(`Logged in as ${credentials.email}`));
+		console.log(pc.dim("Use --verify to check if session is still valid."));
+	}
+}
+
+//#endregion
+//#region src/lib/local/datasources.ts
+/**
+* Local datasource storage (.bon/datasources.yaml)
+*
+* Single file containing both config and credentials.
+* Credentials may contain:
+* - Plain values: "my_password"
+* - dbt env var syntax: "{{ env_var('MY_PASSWORD') }}"
+*
+* Env vars are resolved at deploy time, not import time.
+*/
+const BON_DIR$1 = ".bon";
+const DATASOURCES_FILE$1 = "datasources.yaml";
+function getBonDir(cwd = process.cwd()) {
+	return path.join(cwd, BON_DIR$1);
+}
+function getDatasourcesPath$1(cwd = process.cwd()) {
+	return path.join(getBonDir(cwd), DATASOURCES_FILE$1);
+}
+/**
+* Ensure .bon directory exists
+*/
+function ensureBonDir(cwd = process.cwd()) {
+	const bonDir = getBonDir(cwd);
+	if (!fs.existsSync(bonDir)) fs.mkdirSync(bonDir, { recursive: true });
+}
+/**
+* Load all local datasources
+*/
+function loadLocalDatasources(cwd = process.cwd()) {
+	const filePath = getDatasourcesPath$1(cwd);
+	if (!fs.existsSync(filePath)) return [];
+	try {
+		const content = fs.readFileSync(filePath, "utf-8");
+		return YAML.parse(content)?.datasources ?? [];
+	} catch {
+		return [];
+	}
+}
+/**
+* Save all local datasources (with secure permissions since it contains credentials)
+*/
+function saveLocalDatasources(datasources, cwd = process.cwd()) {
+	ensureBonDir(cwd);
+	const filePath = getDatasourcesPath$1(cwd);
+	const file = { datasources };
+	const content = `# Bonnard datasources configuration
+# This file contains credentials - add to .gitignore
+# Env vars like {{ env_var('PASSWORD') }} are resolved at deploy time
+
+` + YAML.stringify(file, { indent: 2 });
+	fs.writeFileSync(filePath, content, { mode: 384 });
+}
+/**
+* Add a single datasource (updates existing or appends new)
+*/
+function addLocalDatasource(datasource, cwd = process.cwd()) {
+	const existing = loadLocalDatasources(cwd);
+	const index = existing.findIndex((ds) => ds.name === datasource.name);
+	if (index >= 0) existing[index] = datasource;
+	else existing.push(datasource);
+	saveLocalDatasources(existing, cwd);
+}
+/**
+* Remove a datasource by name
+*/
+function removeLocalDatasource(name, cwd = process.cwd()) {
+	const existing = loadLocalDatasources(cwd);
+	const filtered = existing.filter((ds) => ds.name !== name);
+	if (filtered.length === existing.length) return false;
+	saveLocalDatasources(filtered, cwd);
+	return true;
+}
+/**
+* Get a single datasource by name
+*/
+function getLocalDatasource(name, cwd = process.cwd()) {
+	return loadLocalDatasources(cwd).find((ds) => ds.name === name) ?? null;
+}
+/**
+* Check if a datasource name already exists locally
+*/
+function datasourceExists(name, cwd = process.cwd()) {
+	return getLocalDatasource(name, cwd) !== null;
+}
+/**
+* Resolve {{ env_var('VAR_NAME') }} patterns in credentials
+* Used at deploy time to resolve env vars before uploading
+*/
+function resolveEnvVarsInCredentials(credentials) {
+	const resolved = {};
+	const missing = [];
+	const envVarPattern = /\{\{\s*env_var\(['"]([\w_]+)['"]\)\s*\}\}/;
+	for (const [key, value] of Object.entries(credentials)) {
+		const match = value.match(envVarPattern);
+		if (match) {
+			const varName = match[1];
+			const envValue = process.env[varName];
+			if (envValue !== void 0) resolved[key] = envValue;
+			else {
+				missing.push(varName);
+				resolved[key] = value;
+			}
+		} else resolved[key] = value;
+	}
+	return {
+		resolved,
+		missing
+	};
+}
+
+//#endregion
+//#region src/lib/local/credentials.ts
+/**
+* Credential utilities (git tracking check)
+*/
+const BON_DIR = ".bon";
+const DATASOURCES_FILE = "datasources.yaml";
+function getDatasourcesPath(cwd = process.cwd()) {
+	return path.join(cwd, BON_DIR, DATASOURCES_FILE);
+}
+/**
+* Check if datasources file is tracked by git (it shouldn't be - contains credentials)
+*/
+function isDatasourcesTrackedByGit(cwd = process.cwd()) {
+	const filePath = getDatasourcesPath(cwd);
+	if (!fs.existsSync(filePath)) return false;
+	try {
+		execFileSync("git", [
+			"ls-files",
+			"--error-unmatch",
+			filePath
+		], {
+			cwd,
+			stdio: "pipe"
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+
+//#endregion
+//#region src/lib/local/index.ts
+var local_exports = /* @__PURE__ */ __exportAll({
+	addLocalDatasource: () => addLocalDatasource,
+	datasourceExists: () => datasourceExists,
+	ensureBonDir: () => ensureBonDir,
+	getLocalDatasource: () => getLocalDatasource,
+	isDatasourcesTrackedByGit: () => isDatasourcesTrackedByGit,
+	loadLocalDatasources: () => loadLocalDatasources,
+	removeLocalDatasource: () => removeLocalDatasource,
+	resolveEnvVarsInCredentials: () => resolveEnvVarsInCredentials,
+	saveLocalDatasources: () => saveLocalDatasources
+});
+
+//#endregion
+//#region src/lib/dbt/profiles.ts
+/**
+* dbt profiles.yml parser
+*
+* Parses ~/.dbt/profiles.yml and extracts connection configs.
+* Does NOT resolve env vars - they are kept as-is for deploy time resolution.
+*/
+const DBT_PROFILES_PATH = path.join(os.homedir(), ".dbt", "profiles.yml");
+/**
+* Check if dbt profiles.yml exists
+*/
+function dbtProfilesExist(profilesPath = DBT_PROFILES_PATH) {
+	return fs.existsSync(profilesPath);
+}
+/**
+* Get the default dbt profiles path
+*/
+function getDefaultProfilesPath() {
+	return DBT_PROFILES_PATH;
+}
+/**
+* Map dbt type to Bonnard warehouse type
+*/
+function mapDbtType(dbtType) {
+	return {
+		snowflake: "snowflake",
+		postgres: "postgres",
+		postgresql: "postgres",
+		bigquery: "bigquery",
+		databricks: "databricks"
+	}[dbtType.toLowerCase()] ?? null;
+}
+/**
+* Parse dbt profiles.yml and return all connections
+* Config values are kept as-is (including {{ env_var(...) }} patterns)
+*/
+function parseDbtProfiles(profilesPath = DBT_PROFILES_PATH) {
+	if (!fs.existsSync(profilesPath)) throw new Error(`dbt profiles not found at ${profilesPath}`);
+	const content = fs.readFileSync(profilesPath, "utf-8");
+	const profiles = YAML.parse(content);
+	if (!profiles || typeof profiles !== "object") throw new Error("Invalid dbt profiles.yml format");
+	const connections = [];
+	for (const [profileName, profile] of Object.entries(profiles)) {
+		if (profileName === "config") continue;
+		if (!profile.outputs || typeof profile.outputs !== "object") continue;
+		const defaultTarget = profile.target || "dev";
+		for (const [targetName, target] of Object.entries(profile.outputs)) {
+			if (!target || typeof target !== "object" || !target.type) continue;
+			const warehouseType = mapDbtType(target.type);
+			if (!warehouseType) continue;
+			connections.push({
+				profileName,
+				targetName,
+				isDefaultTarget: targetName === defaultTarget,
+				type: warehouseType,
+				config: target
+			});
+		}
+	}
+	return connections;
+}
+
+//#endregion
+//#region src/lib/dbt/mapping.ts
+/**
+* Generate a datasource name from profile/target
+*/
+function generateDatasourceName(profileName, targetName) {
+	return `${profileName}-${targetName}`.toLowerCase().replace(/[^a-z0-9-]/g, "-");
+}
+/**
+* Extract string value from config, handling numbers
+*/
+function getString(config, key) {
+	const value = config[key];
+	if (value === void 0 || value === null) return void 0;
+	return String(value);
+}
+/**
+* Map Snowflake dbt config to Bonnard format
+*/
+function mapSnowflake(config) {
+	return {
+		config: {
+			...getString(config, "account") && { account: getString(config, "account") },
+			...getString(config, "database") && { database: getString(config, "database") },
+			...getString(config, "warehouse") && { warehouse: getString(config, "warehouse") },
+			...getString(config, "schema") && { schema: getString(config, "schema") },
+			...getString(config, "role") && { role: getString(config, "role") }
+		},
+		credentials: {
+			...getString(config, "user") && { username: getString(config, "user") },
+			...getString(config, "password") && { password: getString(config, "password") }
+		}
+	};
+}
+/**
+* Map Postgres dbt config to Bonnard format
+*/
+function mapPostgres(config) {
+	const database = getString(config, "dbname") || getString(config, "database");
+	return {
+		config: {
+			...getString(config, "host") && { host: getString(config, "host") },
+			...getString(config, "port") && { port: getString(config, "port") },
+			...database && { database },
+			...getString(config, "schema") && { schema: getString(config, "schema") },
+			...getString(config, "sslmode") && { sslmode: getString(config, "sslmode") }
+		},
+		credentials: {
+			...getString(config, "user") && { username: getString(config, "user") },
+			...getString(config, "password") && { password: getString(config, "password") }
+		}
+	};
+}
+/**
+* Map BigQuery dbt config to Bonnard format
+*/
+function mapBigQuery(config) {
+	const credentials = {};
+	if (config.keyfile && typeof config.keyfile === "string") try {
+		credentials.service_account_json = __require("node:fs").readFileSync(config.keyfile, "utf-8");
+	} catch {
+		credentials.keyfile_path = config.keyfile;
+	}
+	else if (config.keyfile_json) credentials.service_account_json = JSON.stringify(config.keyfile_json);
+	return {
+		config: {
+			...getString(config, "project") && { project_id: getString(config, "project") },
+			...getString(config, "dataset") && { dataset: getString(config, "dataset") },
+			...getString(config, "location") && { location: getString(config, "location") }
+		},
+		credentials
+	};
+}
+/**
+* Map Databricks dbt config to Bonnard format
+*/
+function mapDatabricks(config) {
+	return {
+		config: {
+			...getString(config, "host") && { hostname: getString(config, "host") },
+			...getString(config, "http_path") && { http_path: getString(config, "http_path") },
+			...getString(config, "catalog") && { catalog: getString(config, "catalog") },
+			...getString(config, "schema") && { schema: getString(config, "schema") }
+		},
+		credentials: { ...getString(config, "token") && { token: getString(config, "token") } }
+	};
+}
+/**
+* Map a parsed dbt connection to Bonnard format
+* Values are copied as-is, including {{ env_var(...) }} patterns
+*/
+function mapDbtConnection(connection) {
+	const { profileName, targetName, type, config } = connection;
+	let mapped;
+	switch (type) {
+		case "snowflake":
+			mapped = mapSnowflake(config);
+			break;
+		case "postgres":
+			mapped = mapPostgres(config);
+			break;
+		case "bigquery":
+			mapped = mapBigQuery(config);
+			break;
+		case "databricks":
+			mapped = mapDatabricks(config);
+			break;
+		default: throw new Error(`Unsupported warehouse type: ${type}`);
+	}
+	return { datasource: {
+		name: generateDatasourceName(profileName, targetName),
+		type,
+		source: "dbt",
+		dbtProfile: profileName,
+		dbtTarget: targetName,
+		config: mapped.config,
+		credentials: mapped.credentials
+	} };
+}
 
 //#endregion
 //#region src/commands/datasource/add.ts
 async function prompts() {
 	return import("@inquirer/prompts");
 }
-const WAREHOUSE_TYPES = [
+const WAREHOUSE_CONFIGS = [
 	{
 		value: "snowflake",
 		label: "Snowflake",
@@ -275,11 +772,14 @@ const WAREHOUSE_TYPES = [
 		],
 		credentialFields: [{
 			name: "username",
-			message: "Username"
+			flag: "user",
+			message: "Username",
+			required: true
 		}, {
 			name: "password",
 			message: "Password",
-			secret: true
+			secret: true,
+			required: true
 		}]
 	},
 	{
@@ -293,7 +793,8 @@ const WAREHOUSE_TYPES = [
 			},
 			{
 				name: "port",
-				message: "Port (default: 5432)"
+				message: "Port",
+				default: "5432"
 			},
 			{
 				name: "database",
@@ -302,16 +803,20 @@ const WAREHOUSE_TYPES = [
 			},
 			{
 				name: "schema",
-				message: "Schema (default: public)"
+				message: "Schema",
+				default: "public"
 			}
 		],
 		credentialFields: [{
 			name: "username",
-			message: "Username"
+			flag: "user",
+			message: "Username",
+			required: true
 		}, {
 			name: "password",
 			message: "Password",
-			secret: true
+			secret: true,
+			required: true
 		}]
 	},
 	{
@@ -320,6 +825,7 @@ const WAREHOUSE_TYPES = [
 		configFields: [
 			{
 				name: "project_id",
+				flag: "projectId",
 				message: "GCP Project ID",
 				required: true
 			},
@@ -335,7 +841,12 @@ const WAREHOUSE_TYPES = [
 		],
 		credentialFields: [{
 			name: "service_account_json",
-			message: "Service account JSON (paste or path)"
+			flag: "serviceAccountJson",
+			message: "Service account JSON"
+		}, {
+			name: "keyfile_path",
+			flag: "keyfile",
+			message: "Path to service account key file"
 		}]
 	},
 	{
@@ -349,96 +860,799 @@ const WAREHOUSE_TYPES = [
 			},
 			{
 				name: "http_path",
+				flag: "httpPath",
 				message: "HTTP path",
 				required: true
 			},
 			{
 				name: "catalog",
 				message: "Catalog name"
+			},
+			{
+				name: "schema",
+				message: "Schema name"
 			}
 		],
 		credentialFields: [{
 			name: "token",
 			message: "Personal access token",
-			secret: true
+			secret: true,
+			required: true
 		}]
 	}
 ];
-async function datasourceAddCommand() {
-	const { input, select, password } = await prompts();
-	let name;
-	while (true) {
-		name = await input({ message: "Name for this data source:" });
-		const { dataSources } = await get("/api/datasources");
-		if (dataSources.some((ds) => ds.name === name)) {
-			console.log(pc.red(`A data source named "${name}" already exists. Choose a different name.`));
+/**
+* Convert env var name to dbt-style reference
+*/
+function envVarRef(varName) {
+	return `{{ env_var('${varName}') }}`;
+}
+/**
+* Format warehouse type for display
+*/
+function formatType$1(type) {
+	return {
+		snowflake: "Snowflake",
+		postgres: "Postgres",
+		bigquery: "BigQuery",
+		databricks: "Databricks"
+	}[type] || type;
+}
+/**
+* Get value from options, checking both direct and flag name
+*/
+function getOptionValue(options, field) {
+	return options[(field.flag || field.name).replace(/_([a-z])/g, (_, c) => c.toUpperCase())];
+}
+/**
+* Check if running in non-interactive mode (name and type provided via flags)
+*/
+function isNonInteractive(options) {
+	return !!(options.name && options.type);
+}
+/**
+* Import datasources from dbt profiles.yml
+*/
+async function importFromDbt(options) {
+	const profilesPath = getDefaultProfilesPath();
+	if (!dbtProfilesExist(profilesPath)) {
+		console.error(pc.red(`dbt profiles not found at ${profilesPath}`));
+		console.log(pc.dim("Make sure dbt is configured with ~/.dbt/profiles.yml"));
+		process.exit(1);
+	}
+	let connections;
+	try {
+		connections = parseDbtProfiles(profilesPath);
+	} catch (err) {
+		console.error(pc.red(`Failed to parse dbt profiles: ${err.message}`));
+		process.exit(1);
+	}
+	if (connections.length === 0) {
+		console.log(pc.yellow("No supported connections found in dbt profiles."));
+		console.log(pc.dim("Supported types: snowflake, postgres, bigquery, databricks"));
+		process.exit(0);
+	}
+	if (typeof options.fromDbt === "string") {
+		const parts = options.fromDbt.split("/");
+		const profileName = parts[0];
+		const targetName = options.target || parts[1];
+		const filtered = connections.filter((c) => {
+			if (c.profileName !== profileName) return false;
+			if (targetName) return c.targetName === targetName;
+			return c.isDefaultTarget;
+		});
+		if (filtered.length === 0) {
+			console.error(pc.red(`Profile "${profileName}"${targetName ? `/${targetName}` : ""} not found`));
+			process.exit(1);
+		}
+		await importConnections(filtered);
+		return;
+	}
+	if (options.all) {
+		await importConnections(connections);
+		return;
+	}
+	if (options.defaultTargets) {
+		await importConnections(connections.filter((c) => c.isDefaultTarget));
+		return;
+	}
+	const { checkbox } = await prompts();
+	console.log();
+	console.log(pc.bold(`Found ${connections.length} connections in ~/.dbt/profiles.yml:`));
+	console.log();
+	const selected = await checkbox({
+		message: "Select connections to import:",
+		choices: connections.map((conn) => {
+			const name = `${conn.profileName}/${conn.targetName}`;
+			const typeLabel = formatType$1(conn.type);
+			const defaultLabel = conn.isDefaultTarget ? pc.cyan(" (default)") : "";
+			return {
+				name: `${name.padEnd(30)} ${typeLabel}${defaultLabel}`,
+				value: conn,
+				checked: conn.isDefaultTarget
+			};
+		}),
+		pageSize: 15
+	});
+	if (selected.length === 0) {
+		console.log(pc.yellow("No connections selected."));
+		return;
+	}
+	await importConnections(selected);
+}
+/**
+* Import selected connections
+*/
+async function importConnections(connections) {
+	console.log();
+	if (isDatasourcesTrackedByGit()) console.log(pc.yellow("Warning: .bon/datasources.yaml is tracked by git. Add it to .gitignore!"));
+	let imported = 0;
+	let skipped = 0;
+	for (const conn of connections) {
+		const { profileName, targetName } = conn;
+		const name = generateDatasourceName(profileName, targetName);
+		if (datasourceExists(name)) {
+			console.log(pc.dim(`• ${profileName}/${targetName} → ${name} (already exists, skipped)`));
+			skipped++;
 			continue;
 		}
-		break;
+		try {
+			addLocalDatasource(mapDbtConnection(conn).datasource);
+			console.log(pc.green(`✓ ${profileName}/${targetName} → ${name} (${conn.type})`));
+			imported++;
+		} catch (err) {
+			console.log(pc.red(`✗ ${profileName}/${targetName}: ${err.message}`));
+			skipped++;
+		}
+	}
+	console.log();
+	if (imported > 0) {
+		console.log(pc.green(`Imported ${imported} datasource${imported !== 1 ? "s" : ""}`));
+		console.log(pc.dim("  .bon/datasources.yaml"));
 	}
-	const warehouseType = await select({
+	if (skipped > 0) console.log(pc.dim(`Skipped ${skipped} connection${skipped !== 1 ? "s" : ""}`));
+}
+/**
+* Add datasource manually (with flags and/or interactive prompts)
+*/
+async function addManual(options) {
+	const { input, select, password, confirm } = await prompts();
+	const nonInteractive = isNonInteractive(options);
+	if (isDatasourcesTrackedByGit()) console.log(pc.yellow("Warning: .bon/datasources.yaml is tracked by git. Add it to .gitignore!"));
+	let name = options.name;
+	if (!name) name = await input({ message: "Datasource name:" });
+	if (datasourceExists(name)) {
+		if (options.force) console.log(pc.dim(`Overwriting existing datasource "${name}"`));
+		else if (nonInteractive) {
+			console.error(pc.red(`Datasource "${name}" already exists. Use --force to overwrite.`));
+			process.exit(1);
+		} else if (!await confirm({
+			message: `Datasource "${name}" already exists. Overwrite?`,
+			default: false
+		})) {
+			console.log(pc.yellow("Cancelled."));
+			return;
+		}
+	}
+	let warehouseType = options.type;
+	if (!warehouseType) warehouseType = await select({
 		message: "Warehouse type:",
-		choices: WAREHOUSE_TYPES.map((w) => ({
+		choices: WAREHOUSE_CONFIGS.map((w) => ({
 			name: w.label,
 			value: w.value
 		}))
 	});
-	const wt = WAREHOUSE_TYPES.find((w) => w.value === warehouseType);
+	const warehouseConfig = WAREHOUSE_CONFIGS.find((w) => w.value === warehouseType);
+	if (!warehouseConfig) {
+		console.error(pc.red(`Invalid warehouse type: ${warehouseType}`));
+		console.log(pc.dim("Valid types: snowflake, postgres, bigquery, databricks"));
+		process.exit(1);
+	}
 	const config = {};
-	for (const field of wt.configFields) {
-		const value = await input({
-			message: field.message,
-			required: field.required
-		});
+	for (const field of warehouseConfig.configFields) {
+		let value = getOptionValue(options, field);
+		if (!value && !nonInteractive) {
+			const defaultHint = field.default ? ` (default: ${field.default})` : "";
+			value = await input({
+				message: field.message + defaultHint + ":",
+				default: field.default
+			});
+		}
 		if (value) config[field.name] = value;
+		else if (field.required) {
+			console.error(pc.red(`Missing required field: ${field.name}`));
+			process.exit(1);
+		}
 	}
 	const credentials = {};
-	for (const field of wt.credentialFields) {
-		const value = field.secret ? await password({ message: field.message }) : await input({ message: field.message });
+	for (const field of warehouseConfig.credentialFields) {
+		let value;
+		if (field.name === "password" && options.passwordEnv) value = envVarRef(options.passwordEnv);
+		else if (field.name === "token" && options.tokenEnv) value = envVarRef(options.tokenEnv);
+		else value = getOptionValue(options, field);
+		if (!value && !nonInteractive) if (field.secret) value = await password({ message: field.message + ":" });
+		else value = await input({ message: field.message + ":" });
 		if (value) credentials[field.name] = value;
+		else if (field.required) {
+			console.error(pc.red(`Missing required credential: ${field.name}`));
+			process.exit(1);
+		}
 	}
-	try {
-		const result = await post("/api/datasources", {
-			name,
-			warehouse_type: warehouseType,
-			config,
-			credentials
-		});
-		console.log(pc.green(`Data source "${result.dataSource.name}" created (${result.dataSource.id})`));
-	} catch (err) {
-		console.error(pc.red(`Failed to create data source: ${err.message}`));
-		process.exit(1);
-	}
+	addLocalDatasource({
+		name,
+		type: warehouseType,
+		source: "manual",
+		config,
+		credentials
+	});
+	console.log();
+	console.log(pc.green(`✓ Datasource "${name}" saved to .bon/datasources.yaml`));
+	console.log();
+	console.log(pc.dim(`Test connection: bon datasource test ${name}`));
+}
+/**
+* Main datasource add command
+*/
+async function datasourceAddCommand(options = {}) {
+	if (options.fromDbt !== void 0) await importFromDbt(options);
+	else await addManual(options);
 }
 
 //#endregion
 //#region src/commands/datasource/list.ts
-async function datasourceListCommand() {
+/**
+* Format warehouse type for display
+*/
+function formatType(type) {
+	return {
+		snowflake: "Snowflake",
+		postgres: "Postgres",
+		bigquery: "BigQuery",
+		databricks: "Databricks"
+	}[type] || type;
+}
+/**
+* Format source for display
+*/
+function formatSource(source) {
+	return {
+		dbt: "dbt",
+		manual: "manual",
+		mcp: "mcp"
+	}[source] || source;
+}
+/**
+* List local datasources
+*/
+function listLocalDatasources() {
+	const datasources = loadLocalDatasources();
+	if (datasources.length === 0) {
+		console.log(pc.dim("No local data sources found."));
+		console.log(pc.dim("Run `bon datasource add` or `bon datasource add --from-dbt` to create one."));
+		return;
+	}
+	console.log(pc.bold("Local Data Sources") + pc.dim(" (.bon/datasources.yaml)"));
+	console.log();
+	const maxNameLen = Math.max(...datasources.map((ds) => ds.name.length), 4);
+	const maxTypeLen = Math.max(...datasources.map((ds) => formatType(ds.type).length), 4);
+	const header = `  ${"NAME".padEnd(maxNameLen)}  ${"TYPE".padEnd(maxTypeLen)}  SOURCE     ORIGIN`;
+	console.log(pc.dim(header));
+	console.log(pc.dim("  " + "─".repeat(header.length - 2)));
+	for (const ds of datasources) {
+		const name = ds.name.padEnd(maxNameLen);
+		const type = formatType(ds.type).padEnd(maxTypeLen);
+		const source = formatSource(ds.source).padEnd(10);
+		let origin = "";
+		if (ds.source === "dbt" && ds.dbtProfile) origin = `${ds.dbtProfile}/${ds.dbtTarget}`;
+		console.log(`  ${pc.bold(name)}  ${type}  ${source} ${pc.dim(origin)}`);
+	}
+	console.log();
+	console.log(pc.dim(`${datasources.length} datasource${datasources.length !== 1 ? "s" : ""}`));
+}
+/**
+* List remote datasources (requires login)
+*/
+async function listRemoteDatasources() {
+	if (!loadCredentials()) {
+		console.log(pc.dim("Not logged in. Run `bon login` to see remote data sources."));
+		return;
+	}
 	try {
+		const { get } = await Promise.resolve().then(() => api_exports);
 		const result = await get("/api/datasources");
 		if (result.dataSources.length === 0) {
-			console.log(pc.dim("No data sources found. Run `bon datasource add` to create one."));
+			console.log(pc.dim("No remote data sources found."));
 			return;
 		}
-		console.log(pc.bold("Data Sources\n"));
+		console.log(pc.bold("Remote Data Sources") + pc.dim(" (Bonnard server)"));
+		console.log();
+		const maxNameLen = Math.max(...result.dataSources.map((ds) => ds.name.length), 4);
+		const maxTypeLen = Math.max(...result.dataSources.map((ds) => ds.warehouse_type.length), 4);
+		const header = `  ${"NAME".padEnd(maxNameLen)}  ${"TYPE".padEnd(maxTypeLen)}  STATUS`;
+		console.log(pc.dim(header));
+		console.log(pc.dim("  " + "─".repeat(header.length - 2)));
 		for (const ds of result.dataSources) {
+			const name = ds.name.padEnd(maxNameLen);
+			const type = ds.warehouse_type.padEnd(maxTypeLen);
 			const statusColor = ds.status === "active" ? pc.green : ds.status === "error" ? pc.red : pc.yellow;
-			console.log(`  ${pc.bold(ds.name)}`);
-			console.log(`    ID:        ${pc.dim(ds.id)}`);
-			console.log(`    Type:      ${ds.warehouse_type}`);
-			console.log(`    Status:    ${statusColor(ds.status)}`);
-			console.log(`    Created:   ${new Date(ds.created_at).toLocaleDateString()}`);
-			console.log();
+			console.log(`  ${pc.bold(name)}  ${type}  ${statusColor(ds.status)}`);
 		}
+		console.log();
+		console.log(pc.dim(`${result.dataSources.length} datasource${result.dataSources.length !== 1 ? "s" : ""}`));
 	} catch (err) {
-		console.error(pc.red(`Failed to list data sources: ${err.message}`));
-		process.exit(1);
+		console.log(pc.yellow(`Could not fetch remote sources: ${err.message}`));
+	}
+}
+/**
+* Main list command
+*/
+async function datasourceListCommand(options = {}) {
+	const showLocal = options.local || !options.local && !options.remote;
+	const showRemote = options.remote || !options.local && !options.remote;
+	if (showLocal) listLocalDatasources();
+	if (showLocal && showRemote) console.log();
+	if (showRemote) await listRemoteDatasources();
+}
+
+//#endregion
+//#region src/lib/connection/snowflake.ts
+/**
+* Snowflake connection testing and querying
+*/
+const require$4 = createRequire(import.meta.url);
+function loadSnowflake() {
+	try {
+		const snowflake = require$4("snowflake-sdk");
+		snowflake.configure({ logLevel: "ERROR" });
+		return snowflake;
+	} catch {
+		return null;
+	}
+}
+async function testSnowflakeConnection(config, credentials) {
+	const snowflake = loadSnowflake();
+	if (!snowflake) return {
+		success: false,
+		message: "Snowflake driver not installed",
+		error: "Run: pnpm add snowflake-sdk"
+	};
+	const startTime = Date.now();
+	return new Promise((resolve) => {
+		const connection = snowflake.createConnection({
+			account: config.account,
+			username: credentials.username,
+			password: credentials.password,
+			database: config.database,
+			warehouse: config.warehouse,
+			schema: config.schema,
+			role: config.role
+		});
+		connection.connect((err) => {
+			if (err) {
+				resolve({
+					success: false,
+					message: "Connection failed",
+					error: err.message
+				});
+				return;
+			}
+			connection.execute({
+				sqlText: "SELECT 1",
+				complete: (queryErr) => {
+					const latencyMs = Date.now() - startTime;
+					connection.destroy(() => {});
+					if (queryErr) resolve({
+						success: false,
+						message: "Query failed",
+						error: queryErr.message,
+						latencyMs
+					});
+					else resolve({
+						success: true,
+						message: "Connection successful",
+						latencyMs
+					});
+				}
+			});
+		});
+	});
+}
+async function querySnowflake(config, credentials, sql, options = {}) {
+	const snowflake = loadSnowflake();
+	if (!snowflake) return {
+		columns: [],
+		rows: [],
+		rowCount: 0,
+		truncated: false,
+		error: "Snowflake driver not installed. Run: pnpm add snowflake-sdk"
+	};
+	const limit = options.limit ?? 1e3;
+	return new Promise((resolve) => {
+		const connection = snowflake.createConnection({
+			account: config.account,
+			username: credentials.username,
+			password: credentials.password,
+			database: options.database || config.database,
+			warehouse: config.warehouse,
+			schema: options.schema || config.schema,
+			role: config.role
+		});
+		connection.connect((err) => {
+			if (err) {
+				resolve({
+					columns: [],
+					rows: [],
+					rowCount: 0,
+					truncated: false,
+					error: err.message
+				});
+				return;
+			}
+			connection.execute({
+				sqlText: sql,
+				complete: (queryErr, _stmt, rows) => {
+					connection.destroy(() => {});
+					if (queryErr) {
+						resolve({
+							columns: [],
+							rows: [],
+							rowCount: 0,
+							truncated: false,
+							error: queryErr.message
+						});
+						return;
+					}
+					const allRows = rows || [];
+					const truncated = allRows.length > limit;
+					const resultRows = truncated ? allRows.slice(0, limit) : allRows;
+					resolve({
+						columns: resultRows.length > 0 ? Object.keys(resultRows[0]) : [],
+						rows: resultRows,
+						rowCount: resultRows.length,
+						truncated
+					});
+				}
+			});
+		});
+	});
+}
+
+//#endregion
+//#region src/lib/connection/postgres.ts
+/**
+* Postgres connection testing and querying
+*/
+const require$3 = createRequire(import.meta.url);
+function loadPg() {
+	try {
+		return require$3("pg");
+	} catch {
+		return null;
+	}
+}
+function createClient(config, credentials, pg) {
+	return new pg.Client({
+		host: config.host,
+		port: config.port ? parseInt(config.port, 10) : 5432,
+		database: config.database,
+		user: credentials.username,
+		password: credentials.password,
+		ssl: config.sslmode === "require" ? { rejectUnauthorized: false } : void 0
+	});
+}
+async function testPostgresConnection(config, credentials) {
+	const pg = loadPg();
+	if (!pg) return {
+		success: false,
+		message: "Postgres driver not installed",
+		error: "Run: pnpm add pg"
+	};
+	const startTime = Date.now();
+	const client = createClient(config, credentials, pg);
+	try {
+		await client.connect();
+		await client.query("SELECT 1");
+		const latencyMs = Date.now() - startTime;
+		await client.end();
+		return {
+			success: true,
+			message: "Connection successful",
+			latencyMs
+		};
+	} catch (err) {
+		try {
+			await client.end();
+		} catch {}
+		return {
+			success: false,
+			message: "Connection failed",
+			error: err.message
+		};
+	}
+}
+async function queryPostgres(config, credentials, sql, options = {}) {
+	const pg = loadPg();
+	if (!pg) return {
+		columns: [],
+		rows: [],
+		rowCount: 0,
+		truncated: false,
+		error: "Postgres driver not installed. Run: pnpm add pg"
+	};
+	const limit = options.limit ?? 1e3;
+	const client = createClient(config, credentials, pg);
+	try {
+		await client.connect();
+		const schema = options.schema || config.schema;
+		if (schema) await client.query(`SET search_path TO ${schema}`);
+		const result = await client.query(sql);
+		await client.end();
+		const columns = result.fields?.map((f) => f.name) || [];
+		const allRows = result.rows || [];
+		const truncated = allRows.length > limit;
+		const rows = truncated ? allRows.slice(0, limit) : allRows;
+		return {
+			columns,
+			rows,
+			rowCount: rows.length,
+			truncated
+		};
+	} catch (err) {
+		try {
+			await client.end();
+		} catch {}
+		return {
+			columns: [],
+			rows: [],
+			rowCount: 0,
+			truncated: false,
+			error: err.message
+		};
+	}
+}
+
+//#endregion
+//#region src/lib/connection/bigquery.ts
+/**
+* BigQuery connection testing
+*/
+const require$2 = createRequire(import.meta.url);
+async function testBigQueryConnection(config, credentials) {
+	let BigQuery;
+	try {
+		BigQuery = require$2("@google-cloud/bigquery").BigQuery;
+	} catch {
+		return {
+			success: false,
+			message: "BigQuery driver not installed",
+			error: "Run: pnpm add @google-cloud/bigquery"
+		};
+	}
+	const startTime = Date.now();
+	try {
+		const options = { projectId: config.project_id };
+		if (config.location) options.location = config.location;
+		if (credentials.service_account_json) options.credentials = JSON.parse(credentials.service_account_json);
+		else if (credentials.keyfile_path) options.keyFilename = credentials.keyfile_path;
+		await new BigQuery(options).query("SELECT 1");
+		return {
+			success: true,
+			message: "Connection successful",
+			latencyMs: Date.now() - startTime
+		};
+	} catch (err) {
+		return {
+			success: false,
+			message: "Connection failed",
+			error: err.message
+		};
+	}
+}
+
+//#endregion
+//#region src/lib/connection/databricks.ts
+/**
+* Databricks connection testing
+*/
+const require$1 = createRequire(import.meta.url);
+async function testDatabricksConnection(config, credentials) {
+	let DBSQLClient;
+	try {
+		const module = require$1("@databricks/sql");
+		DBSQLClient = module.default || module;
+	} catch {
+		return {
+			success: false,
+			message: "Databricks driver not installed",
+			error: "Run: pnpm add @databricks/sql"
+		};
+	}
+	const startTime = Date.now();
+	const client = new DBSQLClient();
+	try {
+		const connection = await client.connect({
+			host: config.hostname,
+			path: config.http_path,
+			token: credentials.token
+		});
+		const session = await connection.openSession({
+			initialCatalog: config.catalog,
+			initialSchema: config.schema
+		});
+		const operation = await session.executeStatement("SELECT 1");
+		await operation.fetchAll();
+		await operation.close();
+		const latencyMs = Date.now() - startTime;
+		await session.close();
+		await connection.close();
+		return {
+			success: true,
+			message: "Connection successful",
+			latencyMs
+		};
+	} catch (err) {
+		try {
+			await client.close();
+		} catch {}
+		return {
+			success: false,
+			message: "Connection failed",
+			error: err.message
+		};
+	}
+}
+
+//#endregion
+//#region src/lib/connection/index.ts
+var connection_exports = /* @__PURE__ */ __exportAll({
+	executeQuery: () => executeQuery,
+	testConnection: () => testConnection
+});
+/**
+* Test connection to a datasource
+*/
+async function testConnection(datasource) {
+	const { type, config, credentials } = datasource;
+	switch (type) {
+		case "snowflake": return testSnowflakeConnection({
+			account: config.account,
+			database: config.database,
+			warehouse: config.warehouse,
+			schema: config.schema,
+			role: config.role
+		}, {
+			username: credentials.username,
+			password: credentials.password
+		});
+		case "postgres": return testPostgresConnection({
+			host: config.host,
+			port: config.port,
+			database: config.database,
+			schema: config.schema,
+			sslmode: config.sslmode
+		}, {
+			username: credentials.username,
+			password: credentials.password
+		});
+		case "bigquery": return testBigQueryConnection({
+			project_id: config.project_id,
+			dataset: config.dataset,
+			location: config.location
+		}, {
+			service_account_json: credentials.service_account_json,
+			keyfile_path: credentials.keyfile_path
+		});
+		case "databricks": return testDatabricksConnection({
+			hostname: config.hostname,
+			http_path: config.http_path,
+			catalog: config.catalog,
+			schema: config.schema
+		}, { token: credentials.token });
+		default: return {
+			success: false,
+			message: `Unsupported warehouse type: ${type}`
+		};
+	}
+}
+/**
+* Execute a query against a datasource
+*/
+async function executeQuery(datasource, sql, options = {}) {
+	const { type, config, credentials } = datasource;
+	switch (type) {
+		case "snowflake": return querySnowflake({
+			account: config.account,
+			database: config.database,
+			warehouse: config.warehouse,
+			schema: config.schema,
+			role: config.role
+		}, {
+			username: credentials.username,
+			password: credentials.password
+		}, sql, options);
+		case "postgres": return queryPostgres({
+			host: config.host,
+			port: config.port,
+			database: config.database,
+			schema: config.schema,
+			sslmode: config.sslmode
+		}, {
+			username: credentials.username,
+			password: credentials.password
+		}, sql, options);
+		case "bigquery": return {
+			columns: [],
+			rows: [],
+			rowCount: 0,
+			truncated: false,
+			error: "BigQuery local querying not yet implemented"
+		};
+		case "databricks": return {
+			columns: [],
+			rows: [],
+			rowCount: 0,
+			truncated: false,
+			error: "Databricks local querying not yet implemented"
+		};
+		default: return {
+			columns: [],
+			rows: [],
+			rowCount: 0,
+			truncated: false,
+			error: `Unsupported warehouse type: ${type}`
+		};
 	}
 }
 
 //#endregion
 //#region src/commands/datasource/test.ts
-async function datasourceTestCommand(name) {
+async function datasourceTestCommand(name, options = {}) {
+	const localDs = getLocalDatasource(name);
+	if (options.remote || !localDs) {
+		await testRemote(name, !localDs);
+		return;
+	}
+	await testLocal(name, localDs);
+}
+/**
+* Test datasource locally using direct connection
+*/
+async function testLocal(name, ds) {
+	console.log(pc.dim(`Testing ${name} locally...`));
+	console.log();
+	const { resolved, missing } = resolveEnvVarsInCredentials(ds.credentials);
+	if (missing.length > 0) {
+		console.log(pc.red(`Missing environment variables: ${missing.join(", ")}`));
+		console.log(pc.dim("Set these env vars or update .bon/datasources.yaml with actual values."));
+		process.exit(1);
+	}
+	const result = await testConnection({
+		type: ds.type,
+		config: ds.config,
+		credentials: resolved
+	});
+	if (result.success) {
+		console.log(pc.green(`✓ ${result.message}`));
+		if (result.latencyMs) console.log(pc.dim(`  Latency: ${result.latencyMs}ms`));
+	} else {
+		console.log(pc.red(`✗ ${result.message}`));
+		if (result.error) console.log(pc.dim(`  ${result.error}`));
+		process.exit(1);
+	}
+}
+/**
+* Test datasource via remote API (requires login)
+*/
+async function testRemote(name, notFoundLocally) {
+	if (!loadCredentials()) {
+		if (notFoundLocally) {
+			console.log(pc.red(`Datasource "${name}" not found locally.`));
+			console.log(pc.dim("Run `bon datasource add` to create it, or `bon login` to test remote datasources."));
+		} else console.log(pc.red("Not logged in. Run `bon login` to test remote datasources."));
+		process.exit(1);
+	}
+	console.log(pc.dim(`Testing ${name} via remote API...`));
+	console.log();
 	try {
 		const result = await post("/api/datasources/test", { name });
 		if (result.success) {
@@ -448,7 +1662,10 @@ async function datasourceTestCommand(name) {
 				if (result.details.account) console.log(pc.dim(`  Account:   ${result.details.account}`));
 				if (result.details.latencyMs != null) console.log(pc.dim(`  Latency:   ${result.details.latencyMs}ms`));
 			}
-		} else console.log(pc.red(result.message));
+		} else {
+			console.log(pc.red(result.message));
+			process.exit(1);
+		}
 	} catch (err) {
 		console.error(pc.red(`Failed to test data source: ${err.message}`));
 		process.exit(1);
@@ -457,60 +1674,176 @@ async function datasourceTestCommand(name) {
 
 //#endregion
 //#region src/commands/datasource/remove.ts
-async function datasourceRemoveCommand(name) {
+async function datasourceRemoveCommand(name, options = {}) {
+	const existsLocally = datasourceExists(name);
+	if (options.remote) {
+		await removeRemote(name);
+		return;
+	}
+	if (existsLocally) {
+		if (removeLocalDatasource(name)) console.log(pc.green(`✓ Removed "${name}" from local storage`));
+	} else {
+		console.error(pc.red(`Datasource "${name}" not found.`));
+		console.log(pc.dim("Use --remote to remove from remote server."));
+		process.exit(1);
+	}
+}
+/**
+* Remove datasource from remote server
+*/
+async function removeRemote(name) {
+	if (!loadCredentials()) {
+		console.error(pc.red("Not logged in. Run `bon login` to remove remote datasources."));
+		process.exit(1);
+	}
 	try {
+		const { del } = await Promise.resolve().then(() => api_exports);
 		await del(`/api/datasources/${encodeURIComponent(name)}`);
-		console.log(pc.green(`Data source "${name}" removed.`));
+		console.log(pc.green(`✓ Removed "${name}" from remote server`));
 	} catch (err) {
-		console.error(pc.red(`Failed to remove data source: ${err.message}`));
+		console.error(pc.red(`Failed to remove remote datasource: ${err.message}`));
 		process.exit(1);
 	}
 }
 
 //#endregion
-//#region src/commands/query.ts
-async function queryCommand(datasourceName, sql, options) {
-	const limit = options.limit ? parseInt(options.limit, 10) : 1e3;
-	const format = options.format ?? "toon";
+//#region src/commands/datasource/push.ts
+var push_exports = /* @__PURE__ */ __exportAll({
+	datasourcePushCommand: () => datasourcePushCommand,
+	pushDatasource: () => pushDatasource
+});
+/**
+* Push a local datasource to Bonnard server
+*/
+async function datasourcePushCommand(name, options = {}) {
+	if (!loadCredentials()) {
+		console.error(pc.red("Not logged in. Run `bon login` first."));
+		process.exit(1);
+	}
+	const datasource = getLocalDatasource(name);
+	if (!datasource) {
+		console.error(pc.red(`Datasource "${name}" not found in .bon/datasources.yaml`));
+		console.log(pc.dim("Run `bon datasource list --local` to see available datasources."));
+		process.exit(1);
+	}
+	const { resolved, missing } = resolveEnvVarsInCredentials(datasource.credentials);
+	if (missing.length > 0) {
+		console.error(pc.red(`Missing environment variables: ${missing.join(", ")}`));
+		console.log(pc.dim("Set them in your environment or use plain values in .bon/datasources.yaml"));
+		process.exit(1);
+	}
 	try {
-		const result = await post("/api/datasources/query", {
-			name: datasourceName,
-			sql,
-			options: {
-				schema: options.schema,
-				database: options.database,
-				limit
+		if ((await getRemoteDatasources()).some((ds) => ds.name === name) && !options.force) {
+			if (!await confirm({
+				message: `Datasource "${name}" already exists on remote. Overwrite?`,
+				default: false
+			})) {
+				console.log(pc.dim("Aborted."));
+				process.exit(0);
 			}
+		}
+	} catch (err) {
+		console.log(pc.dim(`Note: Could not check remote datasources: ${err.message}`));
+	}
+	console.log(pc.dim(`Pushing "${name}"...`));
+	try {
+		await post("/api/datasources", {
+			name: datasource.name,
+			warehouse_type: datasource.type,
+			config: datasource.config,
+			credentials: resolved
 		});
-		if (result.error) {
-			console.error(pc.red(result.error));
+		console.log(pc.green(`✓ Datasource "${name}" pushed to Bonnard`));
+	} catch (err) {
+		const message = err.message;
+		if (message.includes("already exists")) {
+			console.error(pc.red(`Datasource "${name}" already exists on remote.`));
+			console.log(pc.dim("Use --force to overwrite."));
 			process.exit(1);
 		}
-		if (result.rowCount === 0) {
-			console.log("No rows returned.");
-			return;
-		}
-		if (format === "json") console.log(JSON.stringify(result, null, 2));
-		else {
-			const toon = encode({ results: result.rows });
-			console.log(toon);
-		}
-		if (result.truncated) console.log(pc.dim(`(truncated to ${result.rowCount} rows)`));
-	} catch (err) {
-		console.error(pc.red(`Query failed: ${err.message}`));
+		console.error(pc.red(`Failed to push datasource: ${message}`));
+		process.exit(1);
+	}
+}
+/**
+* Push a datasource programmatically (for use by deploy command)
+* Returns true on success, false on failure
+*/
+async function pushDatasource(name, options = {}) {
+	const datasource = getLocalDatasource(name);
+	if (!datasource) {
+		if (!options.silent) console.error(pc.red(`Datasource "${name}" not found locally`));
+		return false;
+	}
+	const { resolved, missing } = resolveEnvVarsInCredentials(datasource.credentials);
+	if (missing.length > 0) {
+		if (!options.silent) console.error(pc.red(`Missing env vars for "${name}": ${missing.join(", ")}`));
+		return false;
+	}
+	try {
+		await post("/api/datasources", {
+			name: datasource.name,
+			warehouse_type: datasource.type,
+			config: datasource.config,
+			credentials: resolved
+		});
+		return true;
+	} catch {
+		return false;
+	}
+}
+
+//#endregion
+//#region src/commands/preview.ts
+async function previewCommand(datasourceName, sql, options) {
+	const limit = options.limit ? parseInt(options.limit, 10) : 1e3;
+	const format = options.format ?? "toon";
+	const ds = getLocalDatasource(datasourceName);
+	if (!ds) {
+		console.error(pc.red(`Datasource "${datasourceName}" not found in .bon/datasources.yaml`));
+		console.log(pc.dim("Run `bon datasource add` to create it."));
+		process.exit(1);
+	}
+	const { resolved, missing } = resolveEnvVarsInCredentials(ds.credentials);
+	if (missing.length > 0) {
+		console.error(pc.red(`Missing environment variables: ${missing.join(", ")}`));
+		console.log(pc.dim("Set these env vars or update .bon/datasources.yaml with actual values."));
 		process.exit(1);
 	}
+	const result = await executeQuery({
+		type: ds.type,
+		config: ds.config,
+		credentials: resolved
+	}, sql, {
+		limit,
+		schema: options.schema,
+		database: options.database
+	});
+	if (result.error) {
+		console.error(pc.red(result.error));
+		process.exit(1);
+	}
+	if (result.rowCount === 0) {
+		console.log("No rows returned.");
+		return;
+	}
+	if (format === "json") console.log(JSON.stringify(result, null, 2));
+	else {
+		const toon = encode({ results: result.rows });
+		console.log(toon);
+	}
+	if (result.truncated) console.log(pc.dim(`(truncated to ${result.rowCount} rows)`));
 }
 
 //#endregion
 //#region src/commands/validate.ts
-async function validateCommand() {
+async function validateCommand(options = {}) {
 	const cwd = process.cwd();
 	if (!fs.existsSync(path.join(cwd, "bon.yaml"))) {
 		console.log(pc.red("No bon.yaml found. Are you in a Bonnard project?"));
 		process.exit(1);
 	}
-	const { validate } = await import("./validate-Bd1D39Bj.mjs");
+	const { validate } = await import("./validate-C4EHvJzJ.mjs");
 	const result = await validate(cwd);
 	if (result.cubes.length === 0 && result.views.length === 0 && result.valid) {
 		console.log(pc.yellow("No model or view files found in models/ or views/."));
@@ -525,6 +1858,75 @@ async function validateCommand() {
 	console.log();
 	if (result.cubes.length > 0) console.log(`  ${pc.dim("Cubes")}  (${result.cubes.length}): ${result.cubes.join(", ")}`);
 	if (result.views.length > 0) console.log(`  ${pc.dim("Views")}  (${result.views.length}): ${result.views.join(", ")}`);
+	if (result.missingDescriptions.length > 0) {
+		console.log();
+		console.log(pc.yellow(`⚠ ${result.missingDescriptions.length} items missing descriptions`));
+		console.log(pc.dim("  Descriptions help AI agents and analysts discover the right metrics."));
+		const byParent = /* @__PURE__ */ new Map();
+		for (const m of result.missingDescriptions) {
+			const list = byParent.get(m.parent) || [];
+			const label = m.type === "cube" || m.type === "view" ? `(${m.type})` : m.name;
+			list.push(label);
+			byParent.set(m.parent, list);
+		}
+		for (const [parent, items] of byParent) console.log(pc.dim(`  ${parent}: ${items.join(", ")}`));
+	}
+	if (options.testConnection) {
+		console.log();
+		await testReferencedConnections(cwd);
+	}
+}
+/**
+* Test connections for datasources referenced by models
+* Lenient: warns but doesn't fail validation
+*/
+async function testReferencedConnections(cwd) {
+	const { extractDatasourcesFromModels } = await import("./models-IsV2sX74.mjs");
+	const { loadLocalDatasources, resolveEnvVarsInCredentials } = await Promise.resolve().then(() => local_exports);
+	const { testConnection } = await Promise.resolve().then(() => connection_exports);
+	const references = extractDatasourcesFromModels(cwd);
+	if (references.length === 0) {
+		console.log(pc.dim("No datasource references found in models."));
+		return;
+	}
+	console.log(pc.bold("Testing connections..."));
+	console.log();
+	const localDatasources = loadLocalDatasources(cwd);
+	let warnings = 0;
+	for (const ref of references) {
+		const ds = localDatasources.find((d) => d.name === ref.name);
+		if (!ds) {
+			console.log(pc.yellow(`⚠ ${ref.name}: not found in .bon/datasources.yaml`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			warnings++;
+			continue;
+		}
+		const { resolved, missing } = resolveEnvVarsInCredentials(ds.credentials);
+		if (missing.length > 0) {
+			console.log(pc.yellow(`⚠ ${ref.name}: missing env vars: ${missing.join(", ")}`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			warnings++;
+			continue;
+		}
+		const result = await testConnection({
+			type: ds.type,
+			config: ds.config,
+			credentials: resolved
+		});
+		if (result.success) {
+			const latency = result.latencyMs ? pc.dim(` (${result.latencyMs}ms)`) : "";
+			console.log(pc.green(`✓ ${ref.name}${latency}`));
+		} else {
+			console.log(pc.yellow(`⚠ ${ref.name}: ${result.error || result.message}`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			warnings++;
+		}
+	}
+	if (warnings > 0) {
+		console.log();
+		console.log(pc.yellow(`${warnings} connection warning(s)`));
+		console.log(pc.dim("Connection issues won't block file validation, but will fail at deploy."));
+	}
 }
 
 //#endregion
@@ -545,14 +1947,14 @@ function collectFiles(dir, rootDir) {
 	walk(dir);
 	return files;
 }
-async function deployCommand() {
+async function deployCommand(options = {}) {
 	const cwd = process.cwd();
 	if (!fs.existsSync(path.join(cwd, "bon.yaml"))) {
 		console.log(pc.red("No bon.yaml found. Are you in a Bonnard project?"));
 		process.exit(1);
 	}
 	console.log(pc.dim("Validating models..."));
-	const { validate } = await import("./validate-Bd1D39Bj.mjs");
+	const { validate } = await import("./validate-C4EHvJzJ.mjs");
 	const result = await validate(cwd);
 	if (!result.valid) {
 		console.log(pc.red("Validation failed:\n"));
@@ -564,38 +1966,455 @@ async function deployCommand() {
 		process.exit(1);
 	}
 	console.log(pc.dim(`  Found ${result.cubes.length} cube(s) and ${result.views.length} view(s)`));
+	if (await testAndSyncDatasources(cwd, options)) process.exit(1);
 	const files = {
 		...collectFiles(path.join(cwd, "models"), cwd),
 		...collectFiles(path.join(cwd, "views"), cwd)
 	};
 	const fileCount = Object.keys(files).length;
-	console.log(pc.dim(`  Deploying ${fileCount} file(s)...\n`));
+	console.log(pc.dim(`Deploying ${fileCount} file(s)...`));
+	console.log();
 	try {
 		const response = await post("/api/deploy", { files });
 		console.log(pc.green("Deploy successful!"));
 		console.log(`Deployment ID: ${pc.cyan(response.deployment.id)}`);
 		console.log(`Cube API: ${pc.cyan(`${response.deployment.cubeApiUrl}/cubejs-api/v1`)}`);
+		console.log();
+		console.log(pc.bold("Connect AI agents via MCP:"));
+		console.log(`  MCP URL: ${pc.cyan("https://mcp.bonnard.dev/mcp")}`);
+		console.log(pc.dim(`  Run \`bon mcp\` for setup instructions`));
 	} catch (err) {
 		console.log(pc.red(`Deploy failed: ${err instanceof Error ? err.message : err}`));
 		process.exit(1);
 	}
 }
+/**
+* Test connections and sync datasources to remote
+* Returns true if any connection failed (strict mode)
+*/
+async function testAndSyncDatasources(cwd, options = {}) {
+	const { extractDatasourcesFromModels } = await import("./models-IsV2sX74.mjs");
+	const { loadLocalDatasources, resolveEnvVarsInCredentials } = await Promise.resolve().then(() => local_exports);
+	const { testConnection } = await Promise.resolve().then(() => connection_exports);
+	const { pushDatasource } = await Promise.resolve().then(() => push_exports);
+	const references = extractDatasourcesFromModels(cwd);
+	if (references.length === 0) return false;
+	console.log();
+	console.log(pc.dim("Testing datasource connections..."));
+	const localDatasources = loadLocalDatasources(cwd);
+	let failed = false;
+	const validatedDatasources = [];
+	for (const ref of references) {
+		const ds = localDatasources.find((d) => d.name === ref.name);
+		if (!ds) {
+			console.log(pc.red(`✗ ${ref.name}: not found in .bon/datasources.yaml`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			console.log(pc.dim(`    Run: bon datasource add --from-dbt`));
+			failed = true;
+			continue;
+		}
+		const { resolved, missing } = resolveEnvVarsInCredentials(ds.credentials);
+		if (missing.length > 0) {
+			console.log(pc.red(`✗ ${ref.name}: missing env vars: ${missing.join(", ")}`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			failed = true;
+			continue;
+		}
+		const result = await testConnection({
+			type: ds.type,
+			config: ds.config,
+			credentials: resolved
+		});
+		if (result.success) {
+			const latency = result.latencyMs ? pc.dim(` (${result.latencyMs}ms)`) : "";
+			console.log(pc.green(`✓ ${ref.name}${latency}`));
+			validatedDatasources.push(ref.name);
+		} else {
+			console.log(pc.red(`✗ ${ref.name}: ${result.error || result.message}`));
+			console.log(pc.dim(`    Used by: ${ref.cubes.join(", ")}`));
+			failed = true;
+		}
+	}
+	console.log();
+	if (failed) {
+		console.log(pc.red("Connection tests failed. Fix datasource issues before deploying."));
+		return true;
+	}
+	console.log(pc.dim("Checking remote datasources..."));
+	let remoteDatasources;
+	try {
+		remoteDatasources = await getRemoteDatasources();
+	} catch (err) {
+		console.log(pc.red(`Failed to fetch remote datasources: ${err.message}`));
+		return true;
+	}
+	const remoteNames = new Set(remoteDatasources.map((ds) => ds.name));
+	const missingRemote = validatedDatasources.filter((name) => !remoteNames.has(name));
+	if (missingRemote.length === 0) {
+		console.log(pc.green("✓ All datasources exist on remote"));
+		console.log();
+		return false;
+	}
+	console.log();
+	console.log(pc.yellow(`⚠ Missing remote datasource${missingRemote.length > 1 ? "s" : ""}: ${missingRemote.join(", ")}`));
+	console.log();
+	if (options.ci) {
+		console.log(pc.red("Deploy aborted (--ci mode)."));
+		console.log(pc.dim(`Run: bon datasource push <name>`));
+		return true;
+	}
+	if (options.pushDatasources) {
+		for (const name of missingRemote) {
+			console.log(pc.dim(`Pushing "${name}"...`));
+			if (await pushDatasource(name, { silent: true })) console.log(pc.green(`✓ Pushed "${name}"`));
+			else {
+				console.log(pc.red(`✗ Failed to push "${name}"`));
+				return true;
+			}
+		}
+		console.log();
+		return false;
+	}
+	if (!await confirm({
+		message: `Push ${missingRemote.length > 1 ? "these datasources" : `"${missingRemote[0]}"`} to Bonnard? (credentials will be encrypted)`,
+		default: true
+	})) {
+		console.log(pc.dim("Deploy aborted."));
+		return true;
+	}
+	console.log();
+	for (const name of missingRemote) {
+		console.log(pc.dim(`Pushing "${name}"...`));
+		if (await pushDatasource(name, { silent: true })) console.log(pc.green(`✓ Pushed "${name}"`));
+		else {
+			console.log(pc.red(`✗ Failed to push "${name}"`));
+			return true;
+		}
+	}
+	console.log();
+	return false;
+}
+
+//#endregion
+//#region src/commands/mcp.ts
+const MCP_URL = "https://mcp.bonnard.dev/mcp";
+function mcpCommand() {
+	console.log(pc.bold("MCP Connection Info"));
+	console.log();
+	console.log(`MCP URL: ${pc.cyan(MCP_URL)}`);
+	console.log();
+	console.log(pc.bold("Setup Instructions"));
+	console.log();
+	console.log(pc.underline("Claude Desktop"));
+	console.log(`Add to ${pc.dim("~/Library/Application Support/Claude/claude_desktop_config.json")}:`);
+	console.log();
+	console.log(pc.dim(`  {`));
+	console.log(pc.dim(`    "mcpServers": {`));
+	console.log(pc.dim(`      "bonnard": {`));
+	console.log(pc.dim(`        "url": "${MCP_URL}"`));
+	console.log(pc.dim(`      }`));
+	console.log(pc.dim(`    }`));
+	console.log(pc.dim(`  }`));
+	console.log();
+	console.log(pc.underline("Cursor"));
+	console.log(`Add to ${pc.dim(".cursor/mcp.json")} in your project:`);
+	console.log();
+	console.log(pc.dim(`  {`));
+	console.log(pc.dim(`    "mcpServers": {`));
+	console.log(pc.dim(`      "bonnard": {`));
+	console.log(pc.dim(`        "url": "${MCP_URL}"`));
+	console.log(pc.dim(`      }`));
+	console.log(pc.dim(`    }`));
+	console.log(pc.dim(`  }`));
+	console.log();
+	console.log(pc.underline("Claude Code"));
+	console.log(`Add to ${pc.dim(".mcp.json")} in your project:`);
+	console.log();
+	console.log(pc.dim(`  {`));
+	console.log(pc.dim(`    "mcpServers": {`));
+	console.log(pc.dim(`      "bonnard": {`));
+	console.log(pc.dim(`        "type": "url",`));
+	console.log(pc.dim(`        "url": "${MCP_URL}"`));
+	console.log(pc.dim(`      }`));
+	console.log(pc.dim(`    }`));
+	console.log(pc.dim(`  }`));
+	console.log();
+	console.log(pc.dim("OAuth authentication happens automatically when you first connect."));
+	console.log(pc.dim("Run `bon mcp test` to verify the MCP server is reachable."));
+}
+
+//#endregion
+//#region src/commands/mcp-test.ts
+const MCP_SERVER_BASE = "https://mcp.bonnard.dev";
+async function mcpTestCommand() {
+	console.log(pc.dim("Testing MCP server connection..."));
+	console.log();
+	const url = `${MCP_SERVER_BASE}/.well-known/oauth-authorization-server`;
+	try {
+		const res = await fetch(url);
+		if (!res.ok) {
+			console.log(pc.red(`✗ MCP server returned ${res.status}`));
+			process.exit(1);
+		}
+		const metadata = await res.json();
+		console.log(pc.green("✓ MCP server is reachable"));
+		console.log();
+		console.log(`  Issuer: ${pc.dim(metadata.issuer || "unknown")}`);
+		console.log(`  Authorization: ${pc.dim(metadata.authorization_endpoint || "unknown")}`);
+		console.log(`  Token: ${pc.dim(metadata.token_endpoint || "unknown")}`);
+		console.log(`  Registration: ${pc.dim(metadata.registration_endpoint || "unknown")}`);
+		console.log();
+		console.log(pc.dim("OAuth endpoints are healthy. Agents can connect."));
+	} catch (err) {
+		console.log(pc.red(`✗ Failed to reach MCP server: ${err instanceof Error ? err.message : err}`));
+		process.exit(1);
+	}
+}
+
+//#endregion
+//#region src/commands/docs.ts
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const DOCS_DIR = path.join(__dirname, "..", "docs");
+/**
+* Get list of all available topics by scanning the topics directory
+*/
+function getAvailableTopics() {
+	const topicsDir = path.join(DOCS_DIR, "topics");
+	if (!fs.existsSync(topicsDir)) return [];
+	return fs.readdirSync(topicsDir).filter((f) => f.endsWith(".md")).map((f) => f.replace(".md", "")).sort();
+}
+/**
+* Load the index file
+*/
+function loadIndex() {
+	const indexPath = path.join(DOCS_DIR, "_index.md");
+	if (!fs.existsSync(indexPath)) return null;
+	return fs.readFileSync(indexPath, "utf-8");
+}
+/**
+* Load a specific topic
+*/
+function loadTopic(topicId) {
+	const topicPath = path.join(DOCS_DIR, "topics", `${topicId}.md`);
+	if (!fs.existsSync(topicPath)) return null;
+	return fs.readFileSync(topicPath, "utf-8");
+}
+/**
+* Load a JSON schema
+*/
+function loadSchema(schemaName) {
+	const schemaPath = path.join(DOCS_DIR, "schemas", `${schemaName}.schema.json`);
+	if (!fs.existsSync(schemaPath)) return null;
+	return JSON.parse(fs.readFileSync(schemaPath, "utf-8"));
+}
+/**
+* Get child topics for a given topic
+*/
+function getChildTopics(topicId) {
+	const allTopics = getAvailableTopics();
+	const prefix = topicId + ".";
+	return allTopics.filter((t) => t.startsWith(prefix) && !t.slice(prefix.length).includes("."));
+}
+/**
+* Search topics for a query string
+*/
+function searchTopics(query) {
+	const results = [];
+	const queryLower = query.toLowerCase();
+	for (const topic of getAvailableTopics()) {
+		const content = loadTopic(topic);
+		if (!content) continue;
+		const lines = content.split("\n");
+		const matches = [];
+		for (const line of lines) if (line.toLowerCase().includes(queryLower)) matches.push(line.trim());
+		if (matches.length > 0) results.push({
+			topic,
+			matches: matches.slice(0, 3)
+		});
+	}
+	return results;
+}
+/**
+* Format topic as JSON
+*/
+function formatAsJson(topicId, content) {
+	const lines = content.split("\n");
+	const title = lines.find((l) => l.startsWith("# "))?.replace("# ", "") || topicId;
+	const description = lines.find((l) => l.startsWith("> "))?.replace("> ", "") || "";
+	const children = getChildTopics(topicId);
+	const seeAlsoIndex = lines.findIndex((l) => l.includes("## See Also"));
+	const seeAlso = [];
+	if (seeAlsoIndex !== -1) for (let i = seeAlsoIndex + 1; i < lines.length; i++) {
+		const match = lines[i].match(/^- (.+)$/);
+		if (match) seeAlso.push(match[1]);
+		else if (lines[i].startsWith("##")) break;
+	}
+	const moreInfoIndex = lines.findIndex((l) => l.includes("## More Information"));
+	let reference;
+	if (moreInfoIndex !== -1 && lines[moreInfoIndex + 2]) {
+		const url = lines[moreInfoIndex + 2].trim();
+		if (url.startsWith("http")) reference = url;
+	}
+	return JSON.stringify({
+		topic: topicId,
+		title,
+		description,
+		children,
+		seeAlso,
+		reference
+	}, null, 2);
+}
+/**
+* Main docs command
+*/
+async function docsCommand(topic, options = {}) {
+	if (options.search) {
+		const results = searchTopics(options.search);
+		if (results.length === 0) {
+			console.log(pc.yellow(`No topics found matching "${options.search}"`));
+			return;
+		}
+		console.log(pc.bold(`Found ${results.length} topic(s) matching "${options.search}":\n`));
+		for (const result of results) {
+			console.log(pc.cyan(`  ${result.topic}`));
+			for (const match of result.matches) console.log(pc.dim(`    ${match.slice(0, 80)}${match.length > 80 ? "..." : ""}`));
+			console.log();
+		}
+		return;
+	}
+	if (!topic) {
+		const index = loadIndex();
+		if (!index) {
+			console.log(pc.red("Documentation index not found."));
+			console.log(pc.dim("Expected at: " + path.join(DOCS_DIR, "_index.md")));
+			process.exit(1);
+		}
+		console.log(index);
+		return;
+	}
+	const content = loadTopic(topic);
+	if (!content) {
+		const available = getAvailableTopics();
+		console.log(pc.red(`Topic "${topic}" not found.`));
+		console.log();
+		const similar = available.filter((t) => t.includes(topic) || topic.includes(t) || t.split(".").some((part) => topic.includes(part)));
+		if (similar.length > 0) {
+			console.log(pc.dim("Similar topics:"));
+			for (const s of similar.slice(0, 5)) console.log(pc.dim(`  - ${s}`));
+		} else console.log(pc.dim("Run `bon docs` to see available topics."));
+		process.exit(1);
+	}
+	if (options.format === "json") console.log(formatAsJson(topic, content));
+	else console.log(content);
+	if (options.recursive) {
+		const children = getChildTopics(topic);
+		for (const child of children) {
+			const childContent = loadTopic(child);
+			if (childContent) {
+				console.log("\n" + "─".repeat(60) + "\n");
+				if (options.format === "json") console.log(formatAsJson(child, childContent));
+				else console.log(childContent);
+			}
+		}
+	}
+}
+/**
+* Schema subcommand
+*/
+async function docsSchemaCommand(schemaName) {
+	const schema = loadSchema(schemaName);
+	if (!schema) {
+		const schemasDir = path.join(DOCS_DIR, "schemas");
+		const available = fs.existsSync(schemasDir) ? fs.readdirSync(schemasDir).filter((f) => f.endsWith(".schema.json")).map((f) => f.replace(".schema.json", "")) : [];
+		console.log(pc.red(`Schema "${schemaName}" not found.`));
+		if (available.length > 0) {
+			console.log(pc.dim("\nAvailable schemas:"));
+			for (const s of available) console.log(pc.dim(`  - ${s}`));
+		}
+		process.exit(1);
+	}
+	console.log(JSON.stringify(schema, null, 2));
+}
+
+//#endregion
+//#region src/commands/cube/query.ts
+/**
+* Query the deployed Cube semantic layer
+*
+* Supports two formats:
+* - JSON (default): bon cube query '{"measures": ["orders.count"]}'
+* - SQL: bon cube query --sql "SELECT MEASURE(count) FROM orders"
+*/
+async function cubeQueryCommand(queryInput, options = {}) {
+	if (!loadCredentials()) {
+		console.error(pc.red("Not logged in. Run `bon login` first."));
+		process.exit(1);
+	}
+	const format = options.format ?? "toon";
+	const limit = options.limit ? parseInt(options.limit, 10) : void 0;
+	try {
+		let payload;
+		if (options.sql) payload = { sql: queryInput };
+		else {
+			let query;
+			try {
+				query = JSON.parse(queryInput);
+			} catch {
+				console.error(pc.red("Invalid JSON query. Use --sql for SQL queries."));
+				console.log(pc.dim("Example: bon cube query '{\"measures\": [\"orders.count\"]}'"));
+				process.exit(1);
+			}
+			if (limit && !query.limit) query.limit = limit;
+			payload = { query };
+		}
+		const result = await post("/api/cube/query", payload);
+		if (result.error) {
+			console.error(pc.red(`Query error: ${result.error}`));
+			process.exit(1);
+		}
+		if (result.sql) {
+			console.log(pc.dim("Generated SQL:"));
+			console.log(result.sql.sql.join("\n"));
+			return;
+		}
+		const data = result.results?.[0]?.data ?? result.data ?? [];
+		if (data.length === 0) {
+			console.log("No rows returned.");
+			return;
+		}
+		if (format === "json") console.log(JSON.stringify(data, null, 2));
+		else {
+			const toon = encode({ results: data });
+			console.log(toon);
+		}
+		if (limit && data.length >= limit) console.log(pc.dim(`(limited to ${limit} rows)`));
+	} catch (err) {
+		console.error(pc.red(`Query failed: ${err.message}`));
+		process.exit(1);
+	}
+}
 
 //#endregion
 //#region src/bin/bon.ts
 const { version } = createRequire(import.meta.url)("../../package.json");
 program.name("bon").description("Bonnard semantic layer CLI").version(version);
-program.command("init").description("Create a new Bonnard project in the current directory").action(initCommand);
+program.command("init").description("Create bon.yaml, models/, views/, .bon/, and agent templates (.claude/, .cursor/)").action(initCommand);
 program.command("login").description("Authenticate with Bonnard via your browser").action(loginCommand);
 program.command("logout").description("Remove stored credentials").action(logoutCommand);
+program.command("whoami").description("Show current login status").option("--verify", "Verify session is still valid with the server").action(whoamiCommand);
 const datasource = program.command("datasource").description("Manage warehouse data source connections");
-datasource.command("add").description("Add a new data source connection").action(datasourceAddCommand);
-datasource.command("list").description("List configured data sources").action(datasourceListCommand);
-datasource.command("test").description("Test data source connectivity").argument("<name>", "Data source name").action(datasourceTestCommand);
-datasource.command("remove").description("Remove a data source").argument("<name>", "Data source name").action(datasourceRemoveCommand);
-program.command("query").description("Run a SQL query against a warehouse").argument("<datasource-name>", "Data source name").argument("<sql>", "SQL query to execute").option("--schema <schema>", "Override schema").option("--database <database>", "Override database").option("--limit <limit>", "Max rows to return", "1000").option("--format <format>", "Output format: toon or json", "toon").action(queryCommand);
-program.command("validate").description("Validate Cube model and view YAML files").action(validateCommand);
-program.command("deploy").description("Deploy models to your Bonnard Cube instance").action(deployCommand);
+datasource.command("add").description("Add a data source to .bon/datasources.yaml. Use --name and --type together for non-interactive mode").option("--from-dbt [profile]", "Import from dbt profiles.yml (optionally specify profile/target)").option("--target <target>", "Target name when using --from-dbt").option("--all", "Import all connections from dbt profiles").option("--default-targets", "Import only default targets from dbt profiles (non-interactive)").option("--name <name>", "Datasource name (required for non-interactive mode)").option("--type <type>", "Warehouse type: snowflake, postgres, bigquery, databricks (required for non-interactive mode)").option("--account <account>", "Snowflake account identifier").option("--database <database>", "Database name").option("--schema <schema>", "Schema name").option("--warehouse <warehouse>", "Warehouse name (Snowflake)").option("--role <role>", "Role (Snowflake)").option("--host <host>", "Host (Postgres)").option("--port <port>", "Port (Postgres, default: 5432)").option("--project-id <projectId>", "GCP Project ID (BigQuery)").option("--dataset <dataset>", "Dataset name (BigQuery)").option("--location <location>", "Location (BigQuery)").option("--hostname <hostname>", "Server hostname (Databricks)").option("--http-path <httpPath>", "HTTP path (Databricks)").option("--catalog <catalog>", "Catalog name (Databricks)").option("--user <user>", "Username").option("--password <password>", "Password (use --password-env for env var reference)").option("--token <token>", "Access token (use --token-env for env var reference)").option("--service-account-json <json>", "Service account JSON (BigQuery)").option("--keyfile <path>", "Path to service account key file (BigQuery)").option("--password-env <varName>", "Env var name for password, stores as {{ env_var('NAME') }}").option("--token-env <varName>", "Env var name for token, stores as {{ env_var('NAME') }}").option("--force", "Overwrite existing datasource without prompting").action(datasourceAddCommand);
+datasource.command("list").description("List data sources (shows both local and remote by default)").option("--local", "Show only local data sources from .bon/datasources.yaml").option("--remote", "Show only remote data sources from Bonnard server (requires login)").action(datasourceListCommand);
+datasource.command("test").description("Test data source connectivity by connecting directly to the warehouse").argument("<name>", "Data source name from .bon/datasources.yaml").option("--remote", "Test via Bonnard API instead of direct connection (requires login)").action(datasourceTestCommand);
+datasource.command("remove").description("Remove a data source from .bon/datasources.yaml (local by default)").argument("<name>", "Data source name").option("--remote", "Remove from Bonnard server instead of local (requires login)").action(datasourceRemoveCommand);
+datasource.command("push").description("Push a local data source to Bonnard server (requires login)").argument("<name>", "Data source name from .bon/datasources.yaml").option("--force", "Overwrite if already exists on remote").action(datasourcePushCommand);
+program.command("preview").description("Preview data from a local warehouse using raw SQL (for development/exploration)").argument("<datasource>", "Data source name from .bon/datasources.yaml").argument("<sql>", "SQL query to execute").option("--schema <schema>", "Override schema").option("--database <database>", "Override database").option("--limit <limit>", "Max rows to return", "1000").option("--format <format>", "Output format: toon or json", "toon").action(previewCommand);
+program.command("validate").description("Validate YAML syntax in models/ and views/").option("--test-connection", "Also test datasource connections (warns on failure, doesn't block)").action(validateCommand);
+program.command("deploy").description("Deploy models to Bonnard. Requires login, validates models, tests connections (fails on error)").option("--ci", "Non-interactive mode (fail if missing datasources)").option("--push-datasources", "Auto-push missing datasources without prompting").action(deployCommand);
+program.command("mcp").description("MCP connection info and setup instructions").action(mcpCommand).command("test").description("Test MCP server connectivity").action(mcpTestCommand);
+program.command("cube").description("Query the deployed Cube semantic layer").command("query").description("Execute a query against the deployed semantic layer").argument("<query>", "JSON query or SQL (with --sql flag)").option("--sql", "Use Cube SQL API instead of JSON format").option("--limit <limit>", "Max rows to return").option("--format <format>", "Output format: toon or json", "toon").action(cubeQueryCommand);
+program.command("docs").description("Browse Cube documentation for building models and views").argument("[topic]", "Topic to display (e.g., cubes, cubes.measures)").option("-r, --recursive", "Show topic and all child topics").option("-s, --search <query>", "Search topics for a keyword").option("-f, --format <format>", "Output format: markdown or json", "markdown").action(docsCommand).command("schema").description("Show JSON schema for a type (cube, view, measure, etc.)").argument("<type>", "Schema type to display").action(docsSchemaCommand);
 program.parse();
 
 //#endregion