@bragduck/cli 2.28.0 → 2.29.2

package/dist/bin/bragduck.js

@@ -22,7 +22,7 @@ var init_esm_shims = __esm({
 import { config } from "dotenv";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { dirname, join } from "path";
-var __filename, __dirname, APP_NAME, CONFIG_KEYS, DEFAULT_CONFIG, OAUTH_CONFIG, API_ENDPOINTS, ENCRYPTION_CONFIG, STORAGE_PATHS, HTTP_STATUS, CONFIG_FILES;
+var __filename, __dirname, APP_NAME, CONFIG_KEYS, DEFAULT_CONFIG, OAUTH_CONFIG, ATLASSIAN_OAUTH_CONFIG, API_ENDPOINTS, ENCRYPTION_CONFIG, STORAGE_PATHS, HTTP_STATUS, CONFIG_FILES;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
@@ -57,11 +57,23 @@ var init_constants = __esm({
       MIN_PORT: 8e3,
       MAX_PORT: 9e3
     };
+    ATLASSIAN_OAUTH_CONFIG = {
+      CLIENT_ID: "kJlsd66DLTnENE8p7Ru2JwqZg1Sie4yZ",
+      AUTH_URL: "https://auth.atlassian.com/authorize",
+      AUDIENCE: "api.atlassian.com",
+      SCOPES: "read:jira-work read:jira-user read:page:confluence read:confluence-user offline_access read:me",
+      ACCESSIBLE_RESOURCES_URL: "https://api.atlassian.com/oauth/token/accessible-resources",
+      API_GATEWAY_URL: "https://api.atlassian.com"
+    };
     API_ENDPOINTS = {
       AUTH: {
         INITIATE: "/v1/auth/cli/initiate",
         TOKEN: "/v1/auth/cli/token"
       },
+      ATLASSIAN: {
+        TOKEN: "/v1/auth/atlassian/token",
+        REFRESH: "/v1/auth/atlassian/refresh"
+      },
       BRAGS: {
         CREATE: "/v1/brags",
         LIST: "/v1/brags",
@@ -157,7 +169,7 @@ var init_env_loader = __esm({
 });
 
 // src/utils/errors.ts
-var BragduckError, AuthenticationError, GitError, ApiError, NetworkError, ValidationError, OAuthError, TokenExpiredError, GitHubError, BitbucketError, GitLabError, JiraError, ConfluenceError;
+var BragduckError, AuthenticationError, GitError, ApiError, NetworkError, ValidationError, OAuthError, TokenExpiredError, GitHubError, BitbucketError, GitLabError, JiraError, ConfluenceError, AtlassianError;
 var init_errors = __esm({
   "src/utils/errors.ts"() {
     "use strict";
@@ -248,6 +260,12 @@ var init_errors = __esm({
         this.name = "ConfluenceError";
       }
     };
+    AtlassianError = class extends BragduckError {
+      constructor(message, details) {
+        super(message, "ATLASSIAN_ERROR", details);
+        this.name = "AtlassianError";
+      }
+    };
   }
 });
 
@@ -1241,15 +1259,15 @@ __export(version_exports, {
   getCurrentVersion: () => getCurrentVersion,
   version: () => version
 });
-import { readFileSync as readFileSync3 } from "fs";
-import { fileURLToPath as fileURLToPath4 } from "url";
-import { dirname as dirname3, join as join5 } from "path";
+import { readFileSync as readFileSync4 } from "fs";
+import { fileURLToPath as fileURLToPath5 } from "url";
+import { dirname as dirname4, join as join6 } from "path";
 import chalk4 from "chalk";
 import boxen2 from "boxen";
 function getCurrentVersion() {
   try {
-    const packageJsonPath2 = join5(__dirname4, "../../package.json");
-    const packageJson2 = JSON.parse(readFileSync3(packageJsonPath2, "utf-8"));
+    const packageJsonPath2 = join6(__dirname5, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync4(packageJsonPath2, "utf-8"));
     return packageJson2.version;
   } catch {
     logger.debug("Failed to read package.json version");
@@ -1331,7 +1349,7 @@ function formatVersion(includePrefix = true) {
   const prefix = includePrefix ? "v" : "";
   return `${prefix}${version}`;
 }
-var __filename4, __dirname4, version;
+var __filename5, __dirname5, version;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
@@ -1339,22 +1357,22 @@ var init_version = __esm({
     init_api_service();
     init_storage_service();
     init_logger();
-    __filename4 = fileURLToPath4(import.meta.url);
-    __dirname4 = dirname3(__filename4);
+    __filename5 = fileURLToPath5(import.meta.url);
+    __dirname5 = dirname4(__filename5);
     version = getCurrentVersion();
   }
 });
 
 // src/services/api.service.ts
-import { ofetch as ofetch2 } from "ofetch";
-import { readFileSync as readFileSync4 } from "fs";
-import { fileURLToPath as fileURLToPath5 } from "url";
-import { URLSearchParams as URLSearchParams2 } from "url";
-import { dirname as dirname4, join as join6 } from "path";
+import { ofetch as ofetch3 } from "ofetch";
+import { readFileSync as readFileSync5 } from "fs";
+import { fileURLToPath as fileURLToPath6 } from "url";
+import { URLSearchParams as URLSearchParams3 } from "url";
+import { dirname as dirname5, join as join7 } from "path";
 function getCliVersion() {
   try {
-    const packageJsonPath2 = join6(__dirname5, "../../package.json");
-    const packageJson2 = JSON.parse(readFileSync4(packageJsonPath2, "utf-8"));
+    const packageJsonPath2 = join7(__dirname6, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync5(packageJsonPath2, "utf-8"));
     return packageJson2.version;
   } catch {
     logger.debug("Failed to read package.json version");
@@ -1366,7 +1384,7 @@ function getPlatformInfo() {
   const arch = process.arch;
   return `${platform}-${arch}`;
 }
-var __filename5, __dirname5, ApiService, apiService;
+var __filename6, __dirname6, ApiService, apiService;
 var init_api_service = __esm({
   "src/services/api.service.ts"() {
     "use strict";
@@ -1375,14 +1393,14 @@ var init_api_service = __esm({
     init_constants();
     init_errors();
     init_logger();
-    __filename5 = fileURLToPath5(import.meta.url);
-    __dirname5 = dirname4(__filename5);
+    __filename6 = fileURLToPath6(import.meta.url);
+    __dirname6 = dirname5(__filename6);
     ApiService = class {
       baseURL;
       client;
       constructor() {
         this.baseURL = process.env.API_BASE_URL || "https://api.bragduck.com";
-        this.client = ofetch2.create({
+        this.client = ofetch3.create({
           baseURL: this.baseURL,
           // Request interceptor
           onRequest: async ({ request, options }) => {
@@ -1546,7 +1564,7 @@ var init_api_service = __esm({
         const { limit = 50, offset = 0, tags, search } = params;
         logger.debug(`Listing brags: limit=${limit}, offset=${offset}`);
         try {
-          const queryParams = new URLSearchParams2({
+          const queryParams = new URLSearchParams3({
             limit: limit.toString(),
             offset: offset.toString()
           });
@@ -1643,7 +1661,7 @@ var init_api_service = __esm({
        */
       setBaseURL(url) {
         this.baseURL = url;
-        this.client = ofetch2.create({
+        this.client = ofetch3.create({
           baseURL: url
         });
       }
@@ -1661,18 +1679,267 @@ var init_api_service = __esm({
 // src/cli.ts
 init_esm_shims();
 import { Command } from "commander";
-import { readFileSync as readFileSync5 } from "fs";
-import { fileURLToPath as fileURLToPath6 } from "url";
-import { dirname as dirname5, join as join7 } from "path";
+import { readFileSync as readFileSync6 } from "fs";
+import { fileURLToPath as fileURLToPath7 } from "url";
+import { dirname as dirname6, join as join8 } from "path";
 
 // src/commands/auth.ts
 init_esm_shims();
 init_auth_service();
-init_storage_service();
 import boxen from "boxen";
 import chalk3 from "chalk";
 import { input } from "@inquirer/prompts";
 
+// src/services/atlassian-auth.service.ts
+init_esm_shims();
+init_constants();
+init_storage_service();
+init_oauth_server();
+init_browser();
+init_errors();
+init_logger();
+import { randomBytes as randomBytes3 } from "crypto";
+import { readFileSync as readFileSync3 } from "fs";
+import { fileURLToPath as fileURLToPath4, URLSearchParams as URLSearchParams2 } from "url";
+import { dirname as dirname3, join as join4 } from "path";
+import { ofetch as ofetch2 } from "ofetch";
+import { select } from "@inquirer/prompts";
+var __filename4 = fileURLToPath4(import.meta.url);
+var __dirname4 = dirname3(__filename4);
+function getUserAgent2() {
+  try {
+    const packageJsonPath2 = join4(__dirname4, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync3(packageJsonPath2, "utf-8"));
+    const version2 = packageJson2.version;
+    const platform = process.platform;
+    const arch = process.arch;
+    return `BragDuck-CLI/${version2} (${platform}-${arch})`;
+  } catch {
+    logger.debug("Failed to read package.json version");
+    return "BragDuck-CLI/2.0.0";
+  }
+}
+var AtlassianAuthService = class {
+  apiBaseUrl;
+  refreshPromise = null;
+  constructor() {
+    this.apiBaseUrl = process.env.API_BASE_URL || "https://api.bragduck.com";
+  }
+  /**
+   * Generate a random state string for CSRF protection
+   */
+  generateState() {
+    return randomBytes3(32).toString("hex");
+  }
+  /**
+   * Build the Atlassian OAuth authorization URL
+   */
+  buildAuthUrl(state, callbackUrl) {
+    const params = new URLSearchParams2({
+      audience: ATLASSIAN_OAUTH_CONFIG.AUDIENCE,
+      client_id: ATLASSIAN_OAUTH_CONFIG.CLIENT_ID,
+      scope: ATLASSIAN_OAUTH_CONFIG.SCOPES,
+      redirect_uri: callbackUrl,
+      state,
+      response_type: "code",
+      prompt: "consent"
+    });
+    return `${ATLASSIAN_OAUTH_CONFIG.AUTH_URL}?${params.toString()}`;
+  }
+  /**
+   * Exchange authorization code for tokens via BragDuck backend
+   */
+  async exchangeCodeForToken(code, redirectUri) {
+    try {
+      logger.debug("Exchanging Atlassian authorization code for token via backend");
+      const response = await ofetch2(
+        `${this.apiBaseUrl}${API_ENDPOINTS.ATLASSIAN.TOKEN}`,
+        {
+          method: "POST",
+          body: {
+            code,
+            redirect_uri: redirectUri
+          },
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": getUserAgent2()
+          }
+        }
+      );
+      logger.debug("Atlassian token exchange successful");
+      return response;
+    } catch (error) {
+      logger.debug(`Atlassian token exchange failed: ${error.message}`);
+      throw new AtlassianError("Failed to exchange Atlassian authorization code", {
+        originalError: error.message
+      });
+    }
+  }
+  /**
+   * Fetch accessible Atlassian Cloud resources (sites) using the access token
+   */
+  async fetchAccessibleResources(accessToken) {
+    try {
+      logger.debug("Fetching accessible Atlassian resources");
+      const resources = await ofetch2(
+        ATLASSIAN_OAUTH_CONFIG.ACCESSIBLE_RESOURCES_URL,
+        {
+          headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: "application/json"
+          }
+        }
+      );
+      logger.debug(`Found ${resources.length} accessible resource(s)`);
+      return resources;
+    } catch (error) {
+      logger.debug(`Failed to fetch accessible resources: ${error.message}`);
+      throw new AtlassianError("Failed to fetch Atlassian Cloud sites", {
+        originalError: error.message
+      });
+    }
+  }
+  /**
+   * Let user pick a site if multiple accessible resources exist
+   */
+  async selectSite(resources) {
+    if (resources.length === 0) {
+      throw new AtlassianError(
+        "No accessible Atlassian Cloud sites found. Make sure your account has access to at least one site."
+      );
+    }
+    if (resources.length === 1) {
+      const site = resources[0];
+      logger.debug(`Auto-selecting single site: ${site.name}`);
+      return site;
+    }
+    const selectedId = await select({
+      message: "Select your Atlassian Cloud site:",
+      choices: resources.map((r) => ({
+        name: `${r.name} (${r.url})`,
+        value: r.id
+      }))
+    });
+    return resources.find((r) => r.id === selectedId);
+  }
+  /**
+   * Full OAuth login flow:
+   * 1. Open browser to Atlassian consent screen
+   * 2. Wait for callback with authorization code
+   * 3. Exchange code for tokens via BragDuck backend
+   * 4. Fetch accessible resources and pick site
+   * 5. Store credentials for jira, confluence, and atlassian services
+   */
+  async login() {
+    logger.debug("Starting Atlassian OAuth login flow");
+    const state = this.generateState();
+    const callbackUrl = await getCallbackUrl();
+    storageService.setOAuthState({
+      state,
+      createdAt: Date.now()
+    });
+    logger.debug(`OAuth state: ${state}`);
+    logger.debug(`Callback URL: ${callbackUrl}`);
+    const authUrl = this.buildAuthUrl(state, callbackUrl);
+    logger.debug(`Authorization URL: ${authUrl}`);
+    const serverPromise = startOAuthCallbackServer(state);
+    try {
+      await openBrowser(authUrl);
+    } catch {
+      logger.warning("Could not open browser automatically");
+      logger.info("Please open this URL in your browser:");
+      logger.log(authUrl);
+    }
+    let callbackResult;
+    try {
+      callbackResult = await serverPromise;
+    } catch (error) {
+      storageService.deleteOAuthState();
+      throw error;
+    }
+    storageService.deleteOAuthState();
+    const tokenResponse = await this.exchangeCodeForToken(callbackResult.code, callbackUrl);
+    const resources = await this.fetchAccessibleResources(tokenResponse.access_token);
+    const site = await this.selectSite(resources);
+    const expiresAt = tokenResponse.expires_in ? Date.now() + tokenResponse.expires_in * 1e3 : void 0;
+    const credentials = {
+      accessToken: tokenResponse.access_token,
+      refreshToken: tokenResponse.refresh_token,
+      expiresAt,
+      instanceUrl: site.url,
+      // Real Cloud URL for browse links
+      cloudId: site.id,
+      authMethod: "oauth"
+    };
+    await storageService.setServiceCredentials("jira", credentials);
+    await storageService.setServiceCredentials("confluence", credentials);
+    await storageService.setServiceCredentials("atlassian", credentials);
+    logger.debug("Atlassian OAuth login successful");
+    return { siteName: site.name, siteUrl: site.url };
+  }
+  /**
+   * Refresh Atlassian OAuth tokens via BragDuck backend.
+   * Uses a singleton promise to prevent concurrent refresh race conditions
+   * (Atlassian uses rotating refresh tokens - each refresh invalidates the previous one).
+   */
+  async refreshToken() {
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    this.refreshPromise = this.doRefreshToken();
+    try {
+      await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  async doRefreshToken() {
+    logger.debug("Refreshing Atlassian OAuth token");
+    const creds = await storageService.getServiceCredentials("jira");
+    if (!creds?.refreshToken) {
+      throw new AtlassianError("No Atlassian refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    try {
+      const response = await ofetch2(
+        `${this.apiBaseUrl}${API_ENDPOINTS.ATLASSIAN.REFRESH}`,
+        {
+          method: "POST",
+          body: {
+            refresh_token: creds.refreshToken
+          },
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": getUserAgent2()
+          }
+        }
+      );
+      const expiresAt = response.expires_in ? Date.now() + response.expires_in * 1e3 : void 0;
+      const updatedCreds = {
+        ...creds,
+        accessToken: response.access_token,
+        refreshToken: response.refresh_token,
+        expiresAt
+      };
+      await storageService.setServiceCredentials("jira", updatedCreds);
+      await storageService.setServiceCredentials("confluence", updatedCreds);
+      await storageService.setServiceCredentials("atlassian", updatedCreds);
+      logger.debug("Atlassian token refresh successful");
+    } catch (error) {
+      logger.debug(`Atlassian token refresh failed: ${error.message}`);
+      throw new AtlassianError(
+        'Atlassian token refresh failed. Please run "bragduck auth atlassian" to re-authenticate.',
+        { originalError: error.message }
+      );
+    }
+  }
+};
+var atlassianAuthService = new AtlassianAuthService();
+
+// src/commands/auth.ts
+init_storage_service();
+
 // src/services/github.service.ts
 init_esm_shims();
 init_errors();
@@ -1688,9 +1955,9 @@ import simpleGit from "simple-git";
 init_esm_shims();
 init_errors();
 import { existsSync as existsSync2 } from "fs";
-import { join as join4 } from "path";
+import { join as join5 } from "path";
 function validateGitRepository(path4) {
-  const gitDir = join4(path4, ".git");
+  const gitDir = join5(path4, ".git");
   if (!existsSync2(gitDir)) {
     throw new GitError(
       "Not a git repository. Please run this command from within a git repository.",
@@ -2404,7 +2671,14 @@ async function authStatus() {
   }
   for (const service of services) {
     if (service !== "bragduck") {
-      logger.info(`${colors.success("\u2713")} ${service}: Authenticated`);
+      const creds = await storageService.getServiceCredentials(service);
+      let methodLabel = "";
+      if (creds?.authMethod === "oauth") {
+        methodLabel = " (Cloud - OAuth)";
+      } else if (creds?.authMethod === "basic") {
+        methodLabel = " (Server - API Token)";
+      }
+      logger.info(`${colors.success("\u2713")} ${service}: Authenticated${methodLabel}`);
     }
   }
   logger.log("");
@@ -2556,68 +2830,21 @@ User: ${user.name} (@${user.username})`,
 }
 async function authAtlassian() {
   logger.log("");
-  logger.log(
-    boxen(
-      theme.info("Atlassian API Token Authentication") + "\n\nThis token works for Jira, Confluence, and Bitbucket\n\nCreate an API Token at:\n" + colors.highlight("https://id.atlassian.com/manage-profile/security/api-tokens") + "\n\nRequired access:\n  \u2022 Jira: Read issues\n  \u2022 Confluence: Read pages\n  \u2022 Bitbucket: Read repositories",
-      boxStyles.info
-    )
-  );
+  logger.info("Opening browser for Atlassian Cloud authentication...");
   logger.log("");
   try {
-    const instanceUrl = await input({
-      message: "Atlassian instance URL (e.g., company.atlassian.net):",
-      validate: (value) => value.length > 0 ? true : "Instance URL cannot be empty"
-    });
-    const email = await input({
-      message: "Atlassian account email:",
-      validate: (value) => value.includes("@") ? true : "Please enter a valid email address"
-    });
-    const apiToken = await input({
-      message: "API Token:",
-      validate: (value) => value.length > 0 ? true : "API token cannot be empty"
-    });
-    const testInstanceUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const response = await fetch(`${testInstanceUrl}/rest/api/2/myself`, {
-      headers: { Authorization: `Basic ${auth}` }
-    });
-    if (!response.ok) {
-      logger.log("");
-      logger.log(
-        boxen(
-          theme.error("\u2717 Authentication Failed") + "\n\nInvalid instance URL, email, or API token\nMake sure the instance URL is correct (e.g., company.atlassian.net)",
-          boxStyles.error
-        )
-      );
-      logger.log("");
-      process.exit(1);
-    }
-    const user = await response.json();
-    const credentials = {
-      accessToken: apiToken,
-      username: email,
-      instanceUrl: instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`
-    };
-    await storageService.setServiceCredentials("jira", credentials);
-    await storageService.setServiceCredentials("confluence", credentials);
-    await storageService.setServiceCredentials("bitbucket", {
-      ...credentials,
-      instanceUrl: "https://api.bitbucket.org"
-      // Bitbucket uses different API base
-    });
+    const result = await atlassianAuthService.login();
     logger.log("");
     logger.log(
       boxen(
-        theme.success("\u2713 Successfully authenticated with Atlassian") + `
+        theme.success("\u2713 Successfully authenticated with Atlassian Cloud") + `
 
-Instance: ${instanceUrl}
-User: ${user.displayName}
-Email: ${user.emailAddress}
+Site: ${result.siteName}
+URL: ${result.siteUrl}
 
 Services configured:
-  \u2022 Jira
-  \u2022 Confluence
-  \u2022 Bitbucket`,
+  - Jira (OAuth)
+  - Confluence (OAuth)`,
         boxStyles.success
       )
     );
@@ -2650,7 +2877,7 @@ var CancelPromptError = class extends Error {
 init_api_service();
 init_storage_service();
 init_auth_service();
-import { select as select3 } from "@inquirer/prompts";
+import { select as select4 } from "@inquirer/prompts";
 import boxen6 from "boxen";
 
 // src/utils/source-detector.ts
@@ -2659,7 +2886,7 @@ init_errors();
 init_storage_service();
 import { exec as exec3 } from "child_process";
 import { promisify as promisify3 } from "util";
-import { select } from "@inquirer/prompts";
+import { select as select2 } from "@inquirer/prompts";
 var execAsync3 = promisify3(exec3);
 var SourceDetector = class {
   /**
@@ -2715,7 +2942,7 @@ var SourceDetector = class {
         description: source.remoteUrl
       };
     });
-    return await select({
+    return await select2({
       message: "Multiple sources detected. Which do you want to sync?",
       choices
     });
@@ -3231,7 +3458,7 @@ init_logger();
 init_storage_service();
 import { exec as exec5 } from "child_process";
 import { promisify as promisify5 } from "util";
-import { URLSearchParams as URLSearchParams3 } from "url";
+import { URLSearchParams as URLSearchParams4 } from "url";
 var execAsync5 = promisify5(exec5);
 var GitLabService = class {
   DEFAULT_INSTANCE = "https://gitlab.com";
@@ -3377,7 +3604,7 @@ var GitLabService = class {
   async getMergedMRs(options = {}) {
     const { projectPath } = await this.getProjectFromGit();
     const encodedPath = encodeURIComponent(projectPath);
-    const params = new URLSearchParams3({
+    const params = new URLSearchParams4({
       state: "merged",
       order_by: "updated_at",
       sort: "desc",
@@ -3543,41 +3770,76 @@ init_esm_shims();
 init_errors();
 init_logger();
 init_storage_service();
+init_constants();
 var JiraService = class {
   MAX_DESCRIPTION_LENGTH = 5e3;
   /**
-   * Get stored Jira credentials
+   * Get stored Jira credentials, auto-refreshing OAuth tokens if expired
    */
   async getCredentials() {
     const creds = await storageService.getServiceCredentials("jira");
-    if (!creds || !creds.username || !creds.accessToken || !creds.instanceUrl) {
+    if (!creds || !creds.accessToken) {
       throw new JiraError("Not authenticated with Jira", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    if (creds.expiresAt && creds.expiresAt < Date.now()) {
+    if (creds.authMethod !== "oauth" && (!creds.username || !creds.instanceUrl)) {
+      throw new JiraError("Not authenticated with Jira", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && !creds.cloudId) {
+      throw new JiraError("Missing Atlassian Cloud ID", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
+      if (creds.refreshToken) {
+        logger.debug("Jira OAuth token expired, refreshing...");
+        await atlassianAuthService.refreshToken();
+        const refreshed = await storageService.getServiceCredentials("jira");
+        if (!refreshed?.accessToken) {
+          throw new JiraError("Token refresh failed", {
+            hint: "Run: bragduck auth atlassian"
+          });
+        }
+        return refreshed;
+      }
+      throw new JiraError("OAuth token has expired and no refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod !== "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
       throw new JiraError("API token has expired", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    return {
-      email: creds.username,
-      apiToken: creds.accessToken,
-      instanceUrl: creds.instanceUrl
-    };
+    return creds;
   }
   /**
-   * Make authenticated request to Jira API
+   * Make authenticated request to Jira API.
+   * Uses OAuth Bearer + API gateway for Cloud, Basic Auth for Server/DC.
+   * Retries once on 401 for OAuth (auto-refresh).
    */
   async request(endpoint, method = "GET", body) {
-    const { email, apiToken, instanceUrl } = await this.getCredentials();
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+    const creds = await this.getCredentials();
+    const isOAuth = creds.authMethod === "oauth";
+    let baseUrl;
+    let authHeader;
+    if (isOAuth) {
+      baseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/jira/${creds.cloudId}`;
+      authHeader = `Bearer ${creds.accessToken}`;
+    } else {
+      const instanceUrl = creds.instanceUrl;
+      baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+      const auth = Buffer.from(`${creds.username}:${creds.accessToken}`).toString("base64");
+      authHeader = `Basic ${auth}`;
+    }
     logger.debug(`Jira API: ${method} ${endpoint}`);
     const options = {
       method,
       headers: {
-        Authorization: `Basic ${auth}`,
+        Authorization: authHeader,
         "Content-Type": "application/json",
         Accept: "application/json"
       }
@@ -3585,7 +3847,17 @@ var JiraService = class {
     if (body) {
       options.body = JSON.stringify(body);
     }
-    const response = await fetch(`${baseUrl}${endpoint}`, options);
+    let response = await fetch(`${baseUrl}${endpoint}`, options);
+    if (response.status === 401 && isOAuth && creds.refreshToken) {
+      logger.debug("Jira OAuth 401, attempting token refresh and retry");
+      await atlassianAuthService.refreshToken();
+      const refreshedCreds = await storageService.getServiceCredentials("jira");
+      if (refreshedCreds?.accessToken) {
+        options.headers.Authorization = `Bearer ${refreshedCreds.accessToken}`;
+        const newBaseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/jira/${refreshedCreds.cloudId}`;
+        response = await fetch(`${newBaseUrl}${endpoint}`, options);
+      }
+    }
     if (!response.ok) {
       const statusText = response.statusText;
       const status = response.status;
@@ -3653,33 +3925,6 @@ var JiraService = class {
       return null;
     }
   }
-  /**
-   * Check if a user object matches the given identifier (accountId, email, or username)
-   */
-  isMatchingUser(candidate, userIdentifier) {
-    if (!candidate) return false;
-    return candidate.email === userIdentifier || candidate.emailAddress === userIdentifier || candidate.accountId === userIdentifier || candidate.username === userIdentifier || candidate.name === userIdentifier;
-  }
-  /**
-   * Filter issues to only those where the user made contributions within the date range.
-   * Excludes issues where the user's only involvement is a static role (creator/assignee)
-   * with a date outside the scan period.
-   */
-  filterIssuesByUserContribution(issues, userIdentifier, sinceDate) {
-    const results = [];
-    for (const issue of issues) {
-      const userChanges = (issue.changelog?.histories || []).filter(
-        (h) => this.isMatchingUser(h.author, userIdentifier) && new Date(h.created) >= sinceDate
-      );
-      const isCreatorInRange = this.isMatchingUser(issue.fields.creator, userIdentifier) && new Date(issue.fields.created) >= sinceDate;
-      if (userChanges.length > 0 || isCreatorInRange) {
-        results.push({ issue, userChanges });
-      } else {
-        logger.debug(`Excluding issue ${issue.key} - no user contributions in date range`);
-      }
-    }
-    return results;
-  }
   /**
    * Build JQL query from options
    */
@@ -3737,7 +3982,7 @@ var JiraService = class {
     }
     const isAssigned = issue.fields.assignee?.emailAddress === userEmail;
     const isResolved = issue.fields.resolutiondate !== null && issue.fields.resolutiondate !== void 0;
-    const userEdits = issue.changelog?.histories?.filter((history) => history.author?.emailAddress === userEmail) || [];
+    const userEdits = issue.changelog?.histories?.filter((history) => history.author.emailAddress === userEmail) || [];
     const hasEdits = userEdits.length > 0;
     if (isAssigned && isResolved) {
       return {
@@ -3772,77 +4017,6 @@ var JiraService = class {
     };
     return Math.ceil(baseComplexity * multipliers[contributionType]);
   }
-  /**
-   * Summarize the user's specific changes from changelog entries into human-readable lines.
-   * This enriches the brag message so the AI refinement can generate a more specific brag.
-   */
-  summarizeUserChanges(userChanges) {
-    const MAX_LINES = 10;
-    const allItems = [];
-    for (const entry of userChanges) {
-      for (const item of entry.items) {
-        allItems.push(item);
-      }
-    }
-    if (allItems.length === 0) return "";
-    const latestByField = /* @__PURE__ */ new Map();
-    for (const item of allItems) {
-      latestByField.set(item.field, { fromString: item.fromString, toString: item.toString });
-    }
-    const lines = [];
-    for (const [field, change] of latestByField) {
-      if (lines.length >= MAX_LINES) break;
-      const from = change.fromString || "";
-      const to = change.toString || "";
-      switch (field.toLowerCase()) {
-        case "status":
-          lines.push(from ? `Moved status from '${from}' to '${to}'` : `Set status to '${to}'`);
-          break;
-        case "resolution":
-          lines.push(to ? `Resolved as '${to}'` : "Reopened issue");
-          break;
-        case "assignee":
-          lines.push(to ? `Assigned to ${to}` : "Unassigned");
-          break;
-        case "priority":
-          lines.push(
-            from ? `Changed priority from '${from}' to '${to}'` : `Set priority to '${to}'`
-          );
-          break;
-        case "summary":
-          lines.push("Updated issue title");
-          break;
-        case "description":
-          lines.push("Updated description");
-          break;
-        case "comment":
-          lines.push("Added comment");
-          break;
-        case "labels":
-          lines.push(to ? `Updated labels: ${to}` : "Removed labels");
-          break;
-        case "fix version":
-        case "fixversions":
-          lines.push(to ? `Set fix version: ${to}` : "Removed fix version");
-          break;
-        case "sprint":
-          lines.push(to ? `Moved to sprint: ${to}` : "Removed from sprint");
-          break;
-        case "story points":
-        case "story point estimate":
-          lines.push(`Set story points to ${to}`);
-          break;
-        default:
-          if (to) {
-            lines.push(`Updated ${field}`);
-          }
-          break;
-      }
-    }
-    if (lines.length === 0) return "";
-    return `User changes:
-${lines.map((l) => `- ${l}`).join("\n")}`;
-  }
   /**
    * Fetch issues with optional filtering
    */
@@ -3880,7 +4054,7 @@ ${lines.map((l) => `- ${l}`).join("\n")}`;
         );
         break;
       }
-      const endpoint = `/rest/api/3/search/jql?jql=${encodeURIComponent(jql)}&startAt=${startAt}&maxResults=${maxResults}&fields=${fields.join(",")}&expand=changelog`;
+      const endpoint = `/rest/api/3/search/jql?jql=${encodeURIComponent(jql)}&startAt=${startAt}&maxResults=${maxResults}&fields=${fields.join(",")}`;
       try {
         const response = await this.request(endpoint);
         if (response.issues.length === 0) {
@@ -3906,7 +4080,14 @@ ${lines.map((l) => `- ${l}`).join("\n")}`;
           break;
         }
         if (options.limit && allIssues.length >= options.limit) {
-          break;
+          const email2 = await this.getCurrentUser();
+          const limitedIssues = allIssues.slice(0, options.limit);
+          const commits2 = [];
+          for (const issue of limitedIssues) {
+            const commit = await this.transformIssueToCommit(issue, void 0, email2 || void 0);
+            commits2.push(commit);
+          }
+          return commits2;
         }
         startAt += maxResults;
       } catch (error) {
@@ -3930,23 +4111,9 @@ ${lines.map((l) => `- ${l}`).join("\n")}`;
         throw error;
       }
     }
-    const issuesToProcess = options.limit ? allIssues.slice(0, options.limit) : allIssues;
     const email = await this.getCurrentUser();
-    const sinceDate = options.days ? new Date(Date.now() - options.days * 24 * 60 * 60 * 1e3) : void 0;
-    if (sinceDate && email) {
-      const filtered = this.filterIssuesByUserContribution(issuesToProcess, email, sinceDate);
-      logger.debug(
-        `Date-scoped filtering: ${issuesToProcess.length} issues -> ${filtered.length} with user contributions in range`
-      );
-      const commits2 = [];
-      for (const { issue, userChanges } of filtered) {
-        const commit = await this.transformIssueToCommit(issue, void 0, email, userChanges);
-        commits2.push(commit);
-      }
-      return commits2;
-    }
     const commits = [];
-    for (const issue of issuesToProcess) {
+    for (const issue of allIssues) {
       const commit = await this.transformIssueToCommit(issue, void 0, email || void 0);
       commits.push(commit);
     }
@@ -3968,7 +4135,7 @@ ${lines.map((l) => `- ${l}`).join("\n")}`;
   /**
    * Transform Jira issue to GitCommit format with contribution-specific data
    */
-  async transformIssueToCommit(issue, instanceUrl, userEmail, userChanges) {
+  async transformIssueToCommit(issue, instanceUrl, userEmail) {
     let contribution = null;
     if (userEmail) {
       contribution = await this.determineJiraContributionType(issue, userEmail);
@@ -4005,21 +4172,11 @@ ${contribution.details}`;
 ${truncatedDesc}`;
       }
     }
-    if (userChanges && userChanges.length > 0) {
-      const changeSummary = this.summarizeUserChanges(userChanges);
-      if (changeSummary) {
-        message += `
-
-${changeSummary}`;
-      }
-    }
     let date;
     if (contribution?.type === "created" || contribution?.type === "reported") {
       date = issue.fields.created;
     } else if (contribution?.type === "assigned-resolved" && issue.fields.resolutiondate) {
       date = issue.fields.resolutiondate;
-    } else if (userChanges && userChanges.length > 0) {
-      date = userChanges[userChanges.length - 1].created;
     } else {
       date = issue.fields.updated;
     }
@@ -4106,40 +4263,75 @@ init_esm_shims();
 init_errors();
 init_logger();
 init_storage_service();
+init_constants();
 var ConfluenceService = class {
   /**
-   * Get stored Confluence credentials
+   * Get stored Confluence credentials, auto-refreshing OAuth tokens if expired
    */
   async getCredentials() {
     const creds = await storageService.getServiceCredentials("confluence");
-    if (!creds || !creds.username || !creds.accessToken || !creds.instanceUrl) {
+    if (!creds || !creds.accessToken) {
       throw new ConfluenceError("Not authenticated with Confluence", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    if (creds.expiresAt && creds.expiresAt < Date.now()) {
+    if (creds.authMethod !== "oauth" && (!creds.username || !creds.instanceUrl)) {
+      throw new ConfluenceError("Not authenticated with Confluence", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && !creds.cloudId) {
+      throw new ConfluenceError("Missing Atlassian Cloud ID", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
+      if (creds.refreshToken) {
+        logger.debug("Confluence OAuth token expired, refreshing...");
+        await atlassianAuthService.refreshToken();
+        const refreshed = await storageService.getServiceCredentials("confluence");
+        if (!refreshed?.accessToken) {
+          throw new ConfluenceError("Token refresh failed", {
+            hint: "Run: bragduck auth atlassian"
+          });
+        }
+        return refreshed;
+      }
+      throw new ConfluenceError("OAuth token has expired and no refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod !== "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
       throw new ConfluenceError("API token has expired", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    return {
-      email: creds.username,
-      apiToken: creds.accessToken,
-      instanceUrl: creds.instanceUrl
-    };
+    return creds;
   }
   /**
-   * Make authenticated request to Confluence API
+   * Make authenticated request to Confluence API.
+   * Uses OAuth Bearer + API gateway for Cloud, Basic Auth for Server/DC.
+   * Retries once on 401 for OAuth (auto-refresh).
    */
   async request(endpoint, method = "GET", body) {
-    const { email, apiToken, instanceUrl } = await this.getCredentials();
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+    const creds = await this.getCredentials();
+    const isOAuth = creds.authMethod === "oauth";
+    let baseUrl;
+    let authHeader;
+    if (isOAuth) {
+      baseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/confluence/${creds.cloudId}`;
+      authHeader = `Bearer ${creds.accessToken}`;
+    } else {
+      const instanceUrl = creds.instanceUrl;
+      baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+      const auth = Buffer.from(`${creds.username}:${creds.accessToken}`).toString("base64");
+      authHeader = `Basic ${auth}`;
+    }
     logger.debug(`Confluence API: ${method} ${endpoint}`);
     const options = {
       method,
       headers: {
-        Authorization: `Basic ${auth}`,
+        Authorization: authHeader,
         "Content-Type": "application/json",
         Accept: "application/json"
       }
@@ -4147,7 +4339,17 @@ var ConfluenceService = class {
     if (body) {
       options.body = JSON.stringify(body);
     }
-    const response = await fetch(`${baseUrl}${endpoint}`, options);
+    let response = await fetch(`${baseUrl}${endpoint}`, options);
+    if (response.status === 401 && isOAuth && creds.refreshToken) {
+      logger.debug("Confluence OAuth 401, attempting token refresh and retry");
+      await atlassianAuthService.refreshToken();
+      const refreshedCreds = await storageService.getServiceCredentials("confluence");
+      if (refreshedCreds?.accessToken) {
+        options.headers.Authorization = `Bearer ${refreshedCreds.accessToken}`;
+        const newBaseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/confluence/${refreshedCreds.cloudId}`;
+        response = await fetch(`${newBaseUrl}${endpoint}`, options);
+      }
+    }
     if (!response.ok) {
       const statusText = response.statusText;
       const status = response.status;
@@ -4209,60 +4411,6 @@ var ConfluenceService = class {
       return null;
     }
   }
-  /**
-   * Check if a user object matches the given identifier (accountId, email, or username)
-   */
-  isMatchingUser(candidate, userIdentifier) {
-    if (!candidate) return false;
-    return candidate.email === userIdentifier || candidate.emailAddress === userIdentifier || candidate.accountId === userIdentifier || candidate.username === userIdentifier || candidate.name === userIdentifier;
-  }
-  /**
-   * Fetch full version history for a page
-   */
-  async getPageVersionHistory(pageId) {
-    const allVersions = [];
-    let start = 0;
-    const limit = 50;
-    while (true) {
-      const response = await this.request(
-        `/wiki/rest/api/content/${pageId}/version?start=${start}&limit=${limit}`
-      );
-      allVersions.push(...response.results);
-      if (response.size < limit) break;
-      start += limit;
-    }
-    return allVersions;
-  }
-  /**
-   * Filter pages to only those where the user made contributions within the date range.
-   * Fetches version history per page and checks if the user has versions in range.
-   */
-  async filterPagesByUserContribution(pages, userIdentifier, sinceDate) {
-    const results = [];
-    for (let i = 0; i < pages.length; i++) {
-      const page = pages[i];
-      if (i > 0) {
-        await new Promise((resolve) => globalThis.setTimeout(resolve, 100));
-      }
-      try {
-        const versions = await this.getPageVersionHistory(page.id);
-        const userVersions = versions.filter(
-          (v) => this.isMatchingUser(v.by, userIdentifier) && new Date(v.when) >= sinceDate
-        );
-        const userCommentsInRange = page.children?.comment?.results?.filter(
-          (comment) => this.isMatchingUser(comment.version?.by || {}, userIdentifier) && new Date(comment.version?.when || 0) >= sinceDate
-        ) || [];
-        if (userVersions.length > 0 || userCommentsInRange.length > 0) {
-          results.push({ page, userVersions });
-        } else {
-          logger.debug(`Excluding page "${page.title}" - no user contributions in date range`);
-        }
-      } catch (error) {
-        logger.debug(`Skipping version history for page ${page.id}: ${error}`);
-      }
-    }
-    return results;
-  }
   /**
    * Build CQL query from options
    * Returns empty string if no filters need CQL (will use simple endpoint instead)
@@ -4298,31 +4446,28 @@ var ConfluenceService = class {
    * Determine the type of contribution the current user made to a page
    * Returns: 'created' | 'edited' | 'commented'
    */
-  async determineContributionType(page, userEmail, userVersions) {
-    const createdByUser = page.history?.createdBy ? this.isMatchingUser(page.history.createdBy, userEmail) : false;
-    if (createdByUser) {
+  async determineContributionType(page, userEmail) {
+    if (page.history?.createdBy?.email === userEmail) {
       return {
         type: "created",
         details: `Created page with ${page.version?.number || 1} version${(page.version?.number || 1) > 1 ? "s" : ""}`
       };
     }
-    const hasEdits = userVersions ? userVersions.some((v) => !v.minorEdit || v.number > 1) : page.version?.by ? this.isMatchingUser(page.version.by, userEmail) && (page.version?.number || 0) > 1 : false;
+    const hasEdits = page.version?.by?.email === userEmail && (page.version?.number || 0) > 1;
     const userComments = page.children?.comment?.results?.filter(
-      (comment) => comment.version?.by ? this.isMatchingUser(comment.version.by, userEmail) : false
+      (comment) => comment.version?.by?.email === userEmail
     ) || [];
     const hasComments = userComments.length > 0;
     if (hasEdits && hasComments) {
-      const editCount = userVersions?.length || 1;
       return {
         type: "edited",
-        details: `Edited page (${editCount} edit${editCount > 1 ? "s" : ""}) and added ${userComments.length} comment${userComments.length > 1 ? "s" : ""}`
+        details: `Edited page (v${page.version?.number || 1}) and added ${userComments.length} comment${userComments.length > 1 ? "s" : ""}`
       };
     }
     if (hasEdits) {
-      const editCount = userVersions?.length || 1;
       return {
         type: "edited",
-        details: `Edited page (${editCount} edit${editCount > 1 ? "s" : ""})`
+        details: `Edited page to version ${page.version?.number || 1}`
       };
     }
     if (hasComments) {
@@ -4350,31 +4495,6 @@ var ConfluenceService = class {
     };
     return Math.ceil(baseSize * multipliers[contributionType]);
   }
-  /**
-   * Summarize the user's version edits into human-readable lines.
-   * This enriches the brag message so the AI refinement can generate a more specific brag.
-   */
-  summarizeUserVersions(userVersions) {
-    const MAX_ENTRIES = 5;
-    const versionsWithMessages = userVersions.filter((v) => v.message && v.message.trim());
-    if (versionsWithMessages.length > 0) {
-      const lines = versionsWithMessages.slice(0, MAX_ENTRIES).map((v) => {
-        const suffix = v.minorEdit ? " (minor edit)" : "";
-        return `- v${v.number}: ${v.message.trim()}${suffix}`;
-      });
-      return `Edit notes:
-${lines.join("\n")}`;
-    }
-    if (userVersions.length > 0) {
-      const major = userVersions.filter((v) => !v.minorEdit).length;
-      const minor = userVersions.filter((v) => v.minorEdit).length;
-      const parts = [];
-      if (major > 0) parts.push(`${major} major`);
-      if (minor > 0) parts.push(`${minor} minor`);
-      return `Made ${userVersions.length} edit${userVersions.length > 1 ? "s" : ""} to this page (${parts.join(", ")})`;
-    }
-    return "";
-  }
   /**
    * Fetch pages with optional filtering
    */
@@ -4445,7 +4565,14 @@ ${lines.join("\n")}`;
           break;
         }
         if (options.limit && allPages.length >= options.limit) {
-          break;
+          const email2 = await this.getCurrentUser();
+          const limitedPages = allPages.slice(0, options.limit);
+          const commits2 = [];
+          for (const page of limitedPages) {
+            const commit = await this.transformPageToCommit(page, void 0, email2 || void 0);
+            commits2.push(commit);
+          }
+          return commits2;
         }
         start += limit;
       } catch (error) {
@@ -4469,23 +4596,9 @@ ${lines.join("\n")}`;
         throw error;
       }
     }
-    const pagesToProcess = options.limit ? allPages.slice(0, options.limit) : allPages;
     const email = await this.getCurrentUser();
-    const sinceDate = options.days ? new Date(Date.now() - options.days * 24 * 60 * 60 * 1e3) : void 0;
-    if (sinceDate && email) {
-      const filtered = await this.filterPagesByUserContribution(pagesToProcess, email, sinceDate);
-      logger.debug(
-        `Date-scoped filtering: ${pagesToProcess.length} pages -> ${filtered.length} with user contributions in range`
-      );
-      const commits2 = [];
-      for (const { page, userVersions } of filtered) {
-        const commit = await this.transformPageToCommit(page, void 0, email, userVersions);
-        commits2.push(commit);
-      }
-      return commits2;
-    }
     const commits = [];
-    for (const page of pagesToProcess) {
+    for (const page of allPages) {
       const commit = await this.transformPageToCommit(page, void 0, email || void 0);
       commits.push(commit);
     }
@@ -4507,10 +4620,10 @@ ${lines.join("\n")}`;
   /**
    * Transform Confluence page to GitCommit format with contribution-specific data
    */
-  async transformPageToCommit(page, instanceUrl, userEmail, userVersions) {
+  async transformPageToCommit(page, instanceUrl, userEmail) {
     let contribution = null;
     if (userEmail) {
-      contribution = await this.determineContributionType(page, userEmail, userVersions);
+      contribution = await this.determineContributionType(page, userEmail);
     }
     let message;
     let contributionPrefix = "";
@@ -4531,14 +4644,6 @@ ${contribution.details}
 
 [Confluence Page v${page.version?.number || 1}]`;
     }
-    if (userVersions && userVersions.length > 0) {
-      const versionSummary = this.summarizeUserVersions(userVersions);
-      if (versionSummary) {
-        message += `
-
-${versionSummary}`;
-      }
-    }
     let baseUrl = "https://confluence.atlassian.net";
     if (instanceUrl) {
       baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
@@ -4556,14 +4661,7 @@ ${versionSummary}`;
     const impactScore = contribution ? this.calculateContributionImpact(contribution.type, baseSize) : baseSize;
     const author = page.history?.createdBy?.displayName || page.version?.by?.displayName || "Unknown Author";
     const authorEmail = page.history?.createdBy?.email || page.version?.by?.email || "unknown@example.com";
-    let date;
-    if (contribution?.type === "created") {
-      date = page.history?.createdDate || page.version?.when;
-    } else if (userVersions && userVersions.length > 0) {
-      date = userVersions[userVersions.length - 1].when;
-    } else {
-      date = page.version?.when || (/* @__PURE__ */ new Date()).toISOString();
-    }
+    const date = contribution?.type === "created" ? page.history?.createdDate || page.version?.when : page.version?.when || (/* @__PURE__ */ new Date()).toISOString();
     return {
       sha: page.id,
       message,
@@ -4790,7 +4888,7 @@ init_logger();
 
 // src/ui/prompts.ts
 init_esm_shims();
-import { checkbox, confirm, input as input2, select as select2, editor } from "@inquirer/prompts";
+import { checkbox, confirm, input as input2, select as select3, editor } from "@inquirer/prompts";
 import boxen4 from "boxen";
 
 // src/ui/formatters.ts
@@ -5005,7 +5103,7 @@ async function promptDaysToScan(defaultDays = 30) {
     { name: "90 days", value: "90", description: "Last 3 months" },
     { name: "Custom", value: "custom", description: "Enter custom number of days" }
   ];
-  const selected = await select2({
+  const selected = await select3({
     message: "How many days back should we scan for PRs?",
     choices,
     default: "30"
@@ -5039,7 +5137,7 @@ async function promptScanMode() {
       description: "Scan git commits directly"
     }
   ];
-  return await select2({
+  return await select3({
     message: "What would you like to scan?",
     choices,
     default: "prs"
@@ -5056,7 +5154,7 @@ async function promptSortOption() {
     { name: "By files (most files)", value: "files", description: "Most files changed" },
     { name: "No sorting", value: "none", description: "Keep original order" }
   ];
-  return await select2({
+  return await select3({
     message: "How would you like to sort the PRs?",
     choices,
     default: "date"
@@ -5070,7 +5168,7 @@ async function promptSelectOrganisation(organisations) {
       value: org.id
     }))
   ];
-  const selected = await select2({
+  const selected = await select3({
     message: "Attach brags to which company?",
     choices,
     default: "none"
@@ -5135,7 +5233,7 @@ ${theme.label("PR Link")} ${colors.link(prUrl)}`;
       }
       console.log(boxen4(bragDetails, boxStyles.info));
       console.log("");
-      const action = await select2({
+      const action = await select3({
         message: `What would you like to do with this brag?`,
         choices: [
           { name: "\u2713 Accept", value: "accept", description: "Add this brag as-is" },
@@ -5752,7 +5850,7 @@ async function promptSelectService() {
       description: `Sync all ${authenticatedSyncServices.length} authenticated service${authenticatedSyncServices.length > 1 ? "s" : ""}`
     });
   }
-  const selected = await select3({
+  const selected = await select4({
     message: "Select a service to sync:",
     choices: serviceChoices
   });
@@ -7053,10 +7151,10 @@ function getConfigHint(error) {
 // src/cli.ts
 init_version();
 init_logger();
-var __filename6 = fileURLToPath6(import.meta.url);
-var __dirname6 = dirname5(__filename6);
-var packageJsonPath = join7(__dirname6, "../../package.json");
-var packageJson = JSON.parse(readFileSync5(packageJsonPath, "utf-8"));
+var __filename7 = fileURLToPath7(import.meta.url);
+var __dirname7 = dirname6(__filename7);
+var packageJsonPath = join8(__dirname7, "../../package.json");
+var packageJson = JSON.parse(readFileSync6(packageJsonPath, "utf-8"));
 var program = new Command();
 program.name("bragduck").description("CLI tool for managing developer achievements and brags\nAliases: bd, duck, brag").version(packageJson.version, "-v, --version", "Display version number").helpOption("-h, --help", "Display help information").option("--skip-version-check", "Skip automatic version check on startup").option("--debug", "Enable debug mode (shows detailed logs)");
 program.command("auth [subcommand]").description("Manage authentication (subcommands: login, status, bitbucket, gitlab)").action(async (subcommand) => {