@botdocs/cli 0.12.1 → 0.13.0

package/dist/commands/propose.js

@@ -0,0 +1,202 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { ApiError, apiFetch, fetchRawContent, friendlyApiErrorDetail, getApiUrl } from '../lib/api.js';
+import { loadAuth } from '../lib/config.js';
+import { parseRef } from '../lib/ref.js';
+import { fileSetHash } from '../lib/proposals.js';
+import { collectFromDirectory, collectFromFile } from './publish.js';
+/** Bail before any file reading if the user isn't logged in. Mirrors
+ * publish.ts's preflight: one friendly line, exit 1. Proposing requires auth
+ * (the server attributes the proposal to the caller). */
+function requireAuth(options) {
+    if (loadAuth())
+        return;
+    if (options.json) {
+        console.log(JSON.stringify({ ok: false, error: 'not logged in', hint: 'Run `botdocs login` first.' }));
+    }
+    else {
+        console.error('\n  ✗ Not logged in. Run `botdocs login` first.\n');
+    }
+    process.exit(1);
+}
+/** True when the logged-in user owns this ref. A skill ref's username IS the
+ * author's username (the registry resolves `@user/slug` by the author's
+ * handle), so ownership is a case-insensitive username match. Used only to
+ * tailor the success copy — the server is the authority on what the proposal
+ * actually does (an owner proposing still gets a proposal row, not a publish).
+ */
+function isOwnRef(username) {
+    const me = loadAuth()?.username;
+    if (!me)
+        return false;
+    return me.toLowerCase() === username.toLowerCase();
+}
+/** Pull the live published file set (filename + content) so we can compute the
+ * canonical basedFileHash the server uses for drift detection. The manifest
+ * lists files by rawUrl; we fetch each body. Returns null on a non-SKILL
+ * manifest (proposals only apply to skills). */
+async function fetchLiveFileSet(username, slug) {
+    const manifest = await apiFetch(`/api/skills/${username}/${slug}/manifest`);
+    if (manifest.type !== 'SKILL' || !manifest.files)
+        return null;
+    const files = await Promise.all(manifest.files.map(async (f) => ({
+        filename: f.filename,
+        content: await fetchRawContent(f.rawUrl),
+    })));
+    return files;
+}
+/**
+ * `botdocs propose @user/slug [path]` — queue a change to a skill for the
+ * author to review, instead of publishing directly.
+ *
+ * Collects the local files (directory or single markdown file, default cwd),
+ * computes `basedFileHash` over the skill's CURRENT live file set (the base
+ * the author will diff against), and POSTs the proposal. The author reviews +
+ * accepts/rejects from the Proposals tab or `botdocs proposals accept`.
+ */
+export async function propose(rawRef, pathArg, options) {
+    requireAuth(options);
+    let ref;
+    try {
+        ref = parseRef(rawRef);
+    }
+    catch (err) {
+        console.error(`\n  ✗ ${err instanceof Error ? err.message : String(err)}\n`);
+        process.exit(1);
+    }
+    const refStr = `@${ref.username}/${ref.slug}`;
+    // Collect the proposed files from the local path (default: cwd).
+    const source = pathArg ?? '.';
+    const resolved = path.resolve(source);
+    if (!fs.existsSync(resolved)) {
+        console.error(`\n  ✗ Source not found: ${source}\n`);
+        process.exit(1);
+    }
+    let files;
+    const stat = fs.statSync(resolved);
+    if (stat.isDirectory()) {
+        files = collectFromDirectory(resolved);
+    }
+    else {
+        files = collectFromFile(resolved);
+    }
+    if (files.length === 0) {
+        console.error('\n  ✗ No markdown files found to propose.\n');
+        process.exit(1);
+    }
+    if (!files.some((f) => f.filename.endsWith('.md') || f.filename.endsWith('.mdc'))) {
+        console.error('\n  ✗ A proposal needs at least one markdown file (.md or .mdc).\n');
+        process.exit(1);
+    }
+    // Fetch the live file set so basedFileHash anchors the proposal to the exact
+    // base the author will see. A drift between this and what the server stores
+    // becomes the "skill moved while you reviewed" guard on accept.
+    let liveFiles;
+    try {
+        liveFiles = await fetchLiveFileSet(ref.username, ref.slug);
+    }
+    catch (err) {
+        if (err instanceof ApiError && err.status === 404) {
+            console.error(`\n  ✗ Skill not found: ${refStr}\n`);
+            process.exit(1);
+        }
+        if (err instanceof ApiError) {
+            console.error(`\n  ✗ ${refStr}: ${friendlyApiErrorDetail(err, refStr)}\n`);
+            process.exit(1);
+        }
+        throw err;
+    }
+    if (liveFiles === null) {
+        console.error('\n  ✗ Proposals only apply to skills (not bundles).\n');
+        process.exit(1);
+    }
+    const basedFileHash = fileSetHash(liveFiles);
+    let result;
+    try {
+        result = await apiFetch(`/api/skills/${ref.username}/${ref.slug}/proposals`, {
+            method: 'POST',
+            auth: true,
+            body: {
+                files: files.map((f) => ({
+                    filename: f.filename,
+                    content: f.content,
+                    sortOrder: f.sortOrder,
+                })),
+                changelog: options.message,
+                agentLabel: options.agentLabel,
+                basedFileHash,
+            },
+        });
+    }
+    catch (err) {
+        handleProposeError(err, refStr, options);
+        return;
+    }
+    const own = isOwnRef(ref.username);
+    // The #proposals deep link only renders for the author, so we only print it
+    // when the proposer owns the skill. A non-author operator gets the plain
+    // "queued for review" line with no dead link.
+    const reviewUrl = own
+        ? `${getApiUrl()}/${refStr}#proposals`
+        : `${getApiUrl()}/${refStr}`;
+    if (options.json) {
+        console.log(JSON.stringify({
+            ok: true,
+            ref: refStr,
+            proposalId: result.proposalId,
+            status: result.status,
+            baseVersion: result.baseVersion,
+            url: reviewUrl,
+        }));
+        return;
+    }
+    console.log(`\n  ✓ Proposal queued for ${refStr} (id ${result.proposalId}).`);
+    if (own) {
+        console.log(`    Review it at ${reviewUrl}\n`);
+    }
+    else {
+        console.log(`    The skill author will review it. ${reviewUrl}\n`);
+    }
+}
+/** Map a propose API error to a friendly, actionable CLI message.
+ *
+ * 404 — skill not found (or unreadable; the server collapses both to 404).
+ * 413 — proposal too large.
+ * 429 — per-skill OPEN cap or per-proposer/day cap; the server sends a
+ *       structured `{ error, message }` we surface.
+ * Everything else routes through the shared helper. */
+function handleProposeError(err, refStr, options) {
+    if (!(err instanceof ApiError)) {
+        throw err;
+    }
+    const body = err.body;
+    if (options.json) {
+        console.log(JSON.stringify({
+            ok: false,
+            ref: refStr,
+            status: err.status,
+            error: err.message,
+            message: body?.message ?? null,
+        }));
+        process.exit(1);
+    }
+    if (err.status === 404) {
+        console.error(`\n  ✗ Skill not found: ${refStr}\n`);
+    }
+    else if (err.status === 413) {
+        console.error(`\n  ✗ Proposal too large for ${refStr}. Trim the files and try again.\n`);
+    }
+    else if (err.status === 429) {
+        // The review queue is full or you've hit the per-day proposal limit. The
+        // server's structured message is the most specific; fall back to a generic
+        // line.
+        console.error(`\n  ✗ ${body?.message ?? 'Proposal rate limit reached — try again later.'}\n`);
+    }
+    else if (err.status === 401) {
+        console.error(`\n  ✗ ${err.message}\n`);
+    }
+    else {
+        console.error(`\n  ✗ ${refStr}: ${friendlyApiErrorDetail(err, refStr)}\n`);
+    }
+    process.exit(1);
+}

package/dist/commands/publish.d.ts

@@ -18,7 +18,7 @@ interface PublishOptions {
      * draft → published flag is already cheap and reversible via `unpublish`). */
     dryRun?: boolean;
 }
-interface FileEntry {
+export interface FileEntry {
     filename: string;
     content: string;
     sortOrder: number;
@@ -49,6 +49,8 @@ declare function publishRef(rawRef: string, options: PublishOptions): Promise<vo
  */
 declare function handlePublishToggleError(err: unknown, refLabel: string, options: PublishOptions): void;
 export { publishRef, handlePublishToggleError };
+export declare function collectFromFile(filePath: string): FileEntry[];
+export declare function collectFromDirectory(dirPath: string): FileEntry[];
 /**
  * Recursively collect publishable markdown files under `currentDir`.
  *

package/dist/commands/publish.js

@@ -460,12 +460,12 @@ function derivePublishSlug(source) {
         .replace(/[^a-z0-9]+/g, '-')
         .replace(/^-+|-+$/g, '');
 }
-function collectFromFile(filePath) {
+export function collectFromFile(filePath) {
     const content = fs.readFileSync(filePath, 'utf-8');
     const filename = path.basename(filePath);
     return [{ filename, content, sortOrder: 0 }];
 }
-function collectFromDirectory(dirPath) {
+export function collectFromDirectory(dirPath) {
     const files = [];
     walkDirectory(dirPath, dirPath, files);
     files.sort((a, b) => a.sortOrder - b.sortOrder);

package/dist/commands/sync.js

@@ -269,7 +269,7 @@ async function installTeamSkill(teamSlug, skill, options, silent) {
     // version locking.)
     let manifest;
     try {
-        manifest = await apiFetch(`/api/skills/${skill.username}/${skill.slug}/manifest`);
+        manifest = await apiFetch(`/api/skills/${skill.username}/${skill.slug}/manifest`, { auth: 'optional' });
     }
     catch (err) {
         if (err instanceof ApiError) {
@@ -376,7 +376,7 @@ async function runSyncCore(rawRef, targets, options, deps) {
         const { username, slug } = refToPath(entry.ref);
         let manifest;
         try {
-            manifest = await apiFetch(`/api/skills/${username}/${slug}/manifest`);
+            manifest = await apiFetch(`/api/skills/${username}/${slug}/manifest`, { auth: 'optional' });
         }
         catch (err) {
             if (err instanceof ApiError) {

package/dist/commands/team.js

@@ -237,7 +237,7 @@ export function registerTeamCommands(program) {
     });
     team
         .command('push <slug> <ref>')
-        .description('Pin a published skill to a team (WRITE+ only)')
+        .description('Pin one of your own published skills to a team (WRITE+ only; you can only pin skills you own)')
         .option('--version <v>', 'Pin to a specific version (omit to float to latest)')
         .action(async (slug, ref, opts) => {
         await teamPush(slug, ref, { ...opts, json: program.opts().json });

package/dist/index.js

@@ -110,7 +110,6 @@ function genericFriendlyMessage(reason) {
 }
 import { Command } from 'commander';
 import { checkAuthFilePerms } from './lib/config.js';
-import { search } from './commands/search.js';
 import { publish } from './commands/publish.js';
 import { unpublish } from './commands/unpublish.js';
 import { delete_ as deleteCmd } from './commands/delete.js';
@@ -127,6 +126,8 @@ import { ingest, SUPPORTED_TOOLS as INGEST_SUPPORTED_TOOLS } from './commands/in
 import { checkUpdates } from './commands/check-updates.js';
 import { compile } from './commands/compile.js';
 import { edit } from './commands/edit.js';
+import { propose } from './commands/propose.js';
+import { registerProposalsCommands } from './commands/proposals.js';
 import { registerTeamCommands } from './commands/team.js';
 import { registerBackupCommands } from './commands/backups.js';
 import { undo } from './commands/undo.js';
@@ -179,12 +180,6 @@ program
     .action(async (source) => {
     await validate(source, { json: program.opts().json });
 });
-program
-    .command('search <query>')
-    .description('Search for BotDocs')
-    .action(async (query) => {
-    await search(query, { json: program.opts().json });
-});
 program
     .command('publish <source>')
     .description('Publish a BotDoc — pass a local path to upload, or @user/slug to mark an existing draft live')
@@ -332,6 +327,19 @@ program
     .action(async (ref, opts) => {
     await edit(ref, { ...opts, json: program.opts().json });
 });
+program
+    .command('propose <ref> [path]')
+    .description('Queue a change to a skill for its author to review (instead of publishing directly)')
+    .option('--message <message>', 'Changelog describing the proposed change')
+    .option('--agent-label <label>', 'Self-reported agent identity (e.g. hermes-v2); shown to the author as unverified')
+    .action(async (ref, pathArg, opts) => {
+    await propose(ref, pathArg, { ...opts, json: program.opts().json });
+});
+// `proposals` (list, default) + its `accept` subcommand. Registered via a
+// helper (like team/backups) so the nested `accept` lives in proposals.ts —
+// `botdocs proposals @user/slug` lists; `botdocs proposals accept @user/slug
+// --id X` accepts.
+registerProposalsCommands(program);
 registerTeamCommands(program);
 registerBackupCommands(program);
 program

package/dist/lib/api.d.ts

@@ -40,7 +40,14 @@ export declare class WaitlistError extends ApiError {
 interface FetchOptions {
     method?: string;
     body?: unknown;
-    auth?: boolean;
+    /** Authorization behavior:
+     * - `false` (default): never attach a bearer token.
+     * - `true`: REQUIRE a saved token — throw `ApiError(401)` when absent.
+     * - `'optional'`: attach the bearer IF a token is saved, but don't throw
+     *   when it's missing. Used by read paths (manifest/versions) that gate on
+     *   the server side: a signed-in user reaches their PRIVATE skills, while an
+     *   anonymous caller still fetches PUBLIC/bootstrap skills tokenlessly. */
+    auth?: boolean | 'optional';
     /** Per-call override of the default request timeout (ms). When the timer
      * fires we abort the underlying fetch and throw an ApiError(0, "timed out…").
      * Defaults to {@link DEFAULT_TIMEOUT_MS}. Set higher for known-slow paths
@@ -71,6 +78,14 @@ export declare function apiFetch<T>(path: string, options?: FetchOptions): Promi
  * network failures and timeouts both surface as `ApiError(0, …)` so the
  * callers don't need to special-case fetchRawContent vs apiFetch in
  * their `instanceof ApiError` catch arms.
+ *
+ * Attaches `Authorization: Bearer <token>` when one is saved so a signed-in
+ * user can read the raw bytes of their PRIVATE skills (the server gates
+ * `/api/raw` on the same predicate as the manifest). PUBLIC and platform
+ * bootstrap skills still resolve with no token, so first-run fetches (e.g.
+ * `@botdocs/cli-quickstart`) keep working unauthenticated. The TLS guard in
+ * getApiUrl() refuses to emit the bearer over plaintext to a non-loopback
+ * host — see {@link getApiUrl}.
  */
 export declare function fetchRawContent(rawUrl: string, options?: {
     timeoutMs?: number;

package/dist/lib/api.js

@@ -131,12 +131,24 @@ export async function apiFetch(path, options = {}) {
     if (auth) {
         const config = loadAuth();
         if (!config?.token) {
-            // Shape this as an ApiError(401) so callers that already branch on auth
-            // failures (e.g. sync's optional team-skill path) handle it uniformly
-            // without a separate "no token saved" code path.
-            throw new ApiError(401, 'Not authenticated. Run `botdocs login` first.');
+            // `auth: 'optional'` means "attach the bearer if we have one, otherwise
+            // proceed anonymously" — the server gates the read. Only the strict
+            // `auth: true` path throws when no token is saved. Shape that as an
+            // ApiError(401) so callers that already branch on auth failures (e.g.
+            // sync's optional team-skill path) handle it uniformly without a
+            // separate "no token saved" code path.
+            if (auth === 'optional') {
+                // No token — fall through and send the request without Authorization.
+                // The TLS guard in getApiUrl() above already ran, so the (absent)
+                // bearer can't leak over plaintext regardless.
+            }
+            else {
+                throw new ApiError(401, 'Not authenticated. Run `botdocs login` first.');
+            }
+        }
+        else {
+            headers['Authorization'] = `Bearer ${config.token}`;
         }
-        headers['Authorization'] = `Bearer ${config.token}`;
     }
     // AbortController + setTimeout is the lowest-overhead way to enforce a hard
     // per-request deadline on Node's fetch — there's no built-in `timeout`
@@ -216,18 +228,31 @@ export async function apiFetch(path, options = {}) {
  * network failures and timeouts both surface as `ApiError(0, …)` so the
  * callers don't need to special-case fetchRawContent vs apiFetch in
  * their `instanceof ApiError` catch arms.
+ *
+ * Attaches `Authorization: Bearer <token>` when one is saved so a signed-in
+ * user can read the raw bytes of their PRIVATE skills (the server gates
+ * `/api/raw` on the same predicate as the manifest). PUBLIC and platform
+ * bootstrap skills still resolve with no token, so first-run fetches (e.g.
+ * `@botdocs/cli-quickstart`) keep working unauthenticated. The TLS guard in
+ * getApiUrl() refuses to emit the bearer over plaintext to a non-loopback
+ * host — see {@link getApiUrl}.
  */
 export async function fetchRawContent(rawUrl, options = {}) {
     const { timeoutMs = DEFAULT_TIMEOUT_MS } = options;
     const baseUrl = getApiUrl();
     const url = rawUrl.startsWith('http') ? rawUrl : `${baseUrl}${rawUrl}`;
+    const headers = {};
+    const config = loadAuth();
+    if (config?.token) {
+        headers['Authorization'] = `Bearer ${config.token}`;
+    }
     // Same pattern as apiFetch — AbortController + clearTimeout in finally so
     // the timer never outlives the request and blocks process exit.
     const controller = new AbortController();
     const timer = setTimeout(() => controller.abort(), timeoutMs);
     let response;
     try {
-        response = await fetch(url, { signal: controller.signal });
+        response = await fetch(url, { headers, signal: controller.signal });
     }
     catch (err) {
         if (isAbortError(err)) {

package/dist/lib/proposals.d.ts

@@ -0,0 +1,37 @@
+/** A file for hashing — ONLY filename + content participate. */
+export interface HashableFile {
+    filename: string;
+    content: string;
+}
+/**
+ * Canonical file-set hash. Mirrors the server's `fileSetHash` exactly so the
+ * `basedFileHash` the CLI sends matches what the server would compute over the
+ * same live file set. Sort is by filename ascending using the same comparison
+ * the server uses (`<` / `>` on the raw filename string).
+ */
+export declare function fileSetHash(files: ReadonlyArray<HashableFile>): string;
+/**
+ * Canonical SYNTHESIS idempotency hash. DISTINCT from {@link fileSetHash}
+ * (which is the drift anchor / `basedFileHash`). The server keys the
+ * partial-unique index `botdoc_proposals_synthesis_hash_uq` on this value so
+ * the same OPEN synthesis (same sources + same merged content) can't be
+ * created twice — the CLI computes it before POSTing only so the value is
+ * stable client-side; the server recomputes + enforces it.
+ *
+ * MUST match `apps/web/src/lib/proposals.ts#sourceHash` byte-for-byte:
+ *
+ *   sha256-hex( JSON.stringify({
+ *     sources: [...new Set(synthesizedFrom)].sort(),
+ *     files:   [...mergedFiles]
+ *                .sort by filename ascending (same `<`/`>` compare as fileSetHash)
+ *                .map(f => [f.filename, sha256hex(f.content)]),
+ *   }) )
+ *
+ * Notes (identical exclusions to fileSetHash):
+ *   - `sources` is deduplicated + lexicographically sorted, so source-id
+ *     ordering / duplicates don't change the hash.
+ *   - `files` pairs each filename with the sha256 of its content (not the raw
+ *     body) to keep the JSON small.
+ *   - `mode`/`sortOrder` are NOT part of the hash.
+ */
+export declare function sourceHash(synthesizedFrom: ReadonlyArray<string>, mergedFiles: ReadonlyArray<HashableFile>): string;

package/dist/lib/proposals.js

@@ -0,0 +1,72 @@
+/**
+ * proposals.ts — shared helpers for the CLI proposal lane.
+ *
+ * The load-bearing piece here is {@link fileSetHash}: the canonical file-set
+ * hash that the server computes in `apps/web/src/lib/proposals.ts#fileSetHash`.
+ * The two MUST agree byte-for-byte — the server uses it as the drift anchor
+ * (`basedFileHash`) the CLI sends on every `propose`. Any divergence (sort
+ * order, framing byte, included fields) would make the server reject or
+ * mis-detect drift for every proposal.
+ *
+ * Canonical spec (identical on both sides):
+ *   - sha256, hex digest
+ *   - over each file sorted by filename ascending (JS default string compare)
+ *   - of:  filename + "\u0000" + content + "\u0000"
+ *   - `mode` and `sortOrder` are NOT part of the hash.
+ */
+import { createHash } from 'node:crypto';
+/** NUL framing byte between/after each (filename, content) pair. Defined once
+ * so the intent is obvious and it can never be mistaken for a space. */
+const NUL = '\u0000';
+/**
+ * Canonical file-set hash. Mirrors the server's `fileSetHash` exactly so the
+ * `basedFileHash` the CLI sends matches what the server would compute over the
+ * same live file set. Sort is by filename ascending using the same comparison
+ * the server uses (`<` / `>` on the raw filename string).
+ */
+export function fileSetHash(files) {
+    const sorted = [...files].sort((a, b) => a.filename < b.filename ? -1 : a.filename > b.filename ? 1 : 0);
+    const hash = createHash('sha256');
+    for (const f of sorted) {
+        hash.update(f.filename);
+        hash.update(NUL);
+        hash.update(f.content);
+        hash.update(NUL);
+    }
+    return hash.digest('hex');
+}
+/** sha256-hex of a single string (a file's content). Helper for {@link sourceHash}. */
+function sha256Hex(value) {
+    return createHash('sha256').update(value).digest('hex');
+}
+/**
+ * Canonical SYNTHESIS idempotency hash. DISTINCT from {@link fileSetHash}
+ * (which is the drift anchor / `basedFileHash`). The server keys the
+ * partial-unique index `botdoc_proposals_synthesis_hash_uq` on this value so
+ * the same OPEN synthesis (same sources + same merged content) can't be
+ * created twice — the CLI computes it before POSTing only so the value is
+ * stable client-side; the server recomputes + enforces it.
+ *
+ * MUST match `apps/web/src/lib/proposals.ts#sourceHash` byte-for-byte:
+ *
+ *   sha256-hex( JSON.stringify({
+ *     sources: [...new Set(synthesizedFrom)].sort(),
+ *     files:   [...mergedFiles]
+ *                .sort by filename ascending (same `<`/`>` compare as fileSetHash)
+ *                .map(f => [f.filename, sha256hex(f.content)]),
+ *   }) )
+ *
+ * Notes (identical exclusions to fileSetHash):
+ *   - `sources` is deduplicated + lexicographically sorted, so source-id
+ *     ordering / duplicates don't change the hash.
+ *   - `files` pairs each filename with the sha256 of its content (not the raw
+ *     body) to keep the JSON small.
+ *   - `mode`/`sortOrder` are NOT part of the hash.
+ */
+export function sourceHash(synthesizedFrom, mergedFiles) {
+    const sources = [...new Set(synthesizedFrom)].sort();
+    const files = [...mergedFiles]
+        .sort((a, b) => (a.filename < b.filename ? -1 : a.filename > b.filename ? 1 : 0))
+        .map((f) => [f.filename, sha256Hex(f.content)]);
+    return sha256Hex(JSON.stringify({ sources, files }));
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@botdocs/cli",
-  "version": "0.12.1",
+  "version": "0.13.0",
   "description": "CLI for BotDocs — author, publish, install, and sync agent skills across Claude, Claude Code, Cursor, Codex, ChatGPT, Windsurf, Copilot, Gemini, Antigravity, and OpenCode.",
   "keywords": [
     "botdocs",

package/dist/commands/search.d.ts

@@ -1,3 +0,0 @@
-export declare function search(query: string, options?: {
-    json?: boolean;
-}): Promise<void>;

package/dist/commands/search.js

@@ -1,58 +0,0 @@
-import { apiFetch } from '../lib/api.js';
-export async function search(query, options = {}) {
-    if (!query.trim()) {
-        console.error('Please provide a search query.');
-        process.exit(1);
-    }
-    const encoded = encodeURIComponent(query);
-    const data = await apiFetch(`/api/search?q=${encoded}`);
-    if (options.json) {
-        console.log(JSON.stringify(data, null, 2));
-        return;
-    }
-    if (data.results.length === 0) {
-        console.log(`No results for "${query}".`);
-        return;
-    }
-    console.log(`${data.total} result(s) for "${query}":\n`);
-    // Print formatted table
-    const maxTitle = Math.min(40, Math.max(...data.results.map((r) => r.title.length)));
-    const maxAuthor = Math.max(...data.results.map((r) => r.author.length));
-    const header = [
-        'Title'.padEnd(maxTitle),
-        'Author'.padEnd(maxAuthor),
-        'Stars'.padStart(5),
-        'Clones'.padStart(6),
-        'Category',
-    ].join('  ');
-    const separator = '-'.repeat(header.length);
-    console.log(header);
-    console.log(separator);
-    for (const result of data.results) {
-        const title = result.title.length > maxTitle
-            ? result.title.slice(0, maxTitle - 1) + '…'
-            : result.title.padEnd(maxTitle);
-        const row = [
-            title,
-            result.author.padEnd(maxAuthor),
-            String(result.starCount).padStart(5),
-            String(result.cloneCount).padStart(6),
-            formatCategory(result.category),
-        ].join('  ');
-        console.log(row);
-    }
-    if (data.totalPages > 1) {
-        console.log(`\nPage ${data.page}/${data.totalPages}`);
-    }
-}
-function formatCategory(category) {
-    const labels = {
-        KNOWLEDGE_MANAGEMENT: 'Knowledge',
-        DEV_WORKFLOW: 'Dev Workflow',
-        AUTOMATION: 'Automation',
-        AGENT_CONFIG: 'Agent Config',
-        PROJECT_SCAFFOLD: 'Scaffold',
-        OTHER: 'Other',
-    };
-    return labels[category] ?? category;
-}