npm - @bragduck/cli - Versions diffs - 2.28.1 → 2.30.2 - Mend

@bragduck/cli 2.28.1 → 2.30.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/dist/bin/bragduck.js CHANGED Viewed

@@ -9,11 +9,11 @@ var __export = (target, all) => {
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-// node_modules/tsup/assets/esm_shims.js
+// ../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/esm_shims.js
 import path from "path";
 import { fileURLToPath } from "url";
 var init_esm_shims = __esm({
-  "node_modules/tsup/assets/esm_shims.js"() {
+  "../../node_modules/.pnpm/tsup@8.5.1_jiti@2.6.1_postcss@8.5.6_tsx@4.21.0_typescript@5.9.3_yaml@2.8.2/node_modules/tsup/assets/esm_shims.js"() {
     "use strict";
   }
 });
@@ -22,7 +22,7 @@ var init_esm_shims = __esm({
 import { config } from "dotenv";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { dirname, join } from "path";
-var __filename, __dirname, APP_NAME, CONFIG_KEYS, DEFAULT_CONFIG, OAUTH_CONFIG, API_ENDPOINTS, ENCRYPTION_CONFIG, STORAGE_PATHS, HTTP_STATUS, CONFIG_FILES;
+var __filename, __dirname, APP_NAME, CONFIG_KEYS, DEFAULT_CONFIG, OAUTH_CONFIG, ATLASSIAN_OAUTH_CONFIG, API_ENDPOINTS, ENCRYPTION_CONFIG, STORAGE_PATHS, HTTP_STATUS, CONFIG_FILES;
 var init_constants = __esm({
   "src/constants.ts"() {
     "use strict";
@@ -55,13 +55,25 @@ var init_constants = __esm({
       TIMEOUT_MS: 12e4,
       // 2 minutes
       MIN_PORT: 8e3,
-      MAX_PORT: 9e3
+      MAX_PORT: 8004
+    };
+    ATLASSIAN_OAUTH_CONFIG = {
+      CLIENT_ID: "kJlsd66DLTnENE8p7Ru2JwqZg1Sie4yZ",
+      AUTH_URL: "https://auth.atlassian.com/authorize",
+      AUDIENCE: "api.atlassian.com",
+      SCOPES: "read:jira-work read:jira-user read:page:confluence read:confluence-user offline_access read:me",
+      ACCESSIBLE_RESOURCES_URL: "https://api.atlassian.com/oauth/token/accessible-resources",
+      API_GATEWAY_URL: "https://api.atlassian.com"
     };
     API_ENDPOINTS = {
       AUTH: {
         INITIATE: "/v1/auth/cli/initiate",
         TOKEN: "/v1/auth/cli/token"
       },
+      ATLASSIAN: {
+        TOKEN: "/v1/auth/atlassian/token",
+        REFRESH: "/v1/auth/atlassian/refresh"
+      },
       BRAGS: {
         CREATE: "/v1/brags",
         LIST: "/v1/brags",
@@ -157,7 +169,7 @@ var init_env_loader = __esm({
 });
 // src/utils/errors.ts
-var BragduckError, AuthenticationError, GitError, ApiError, NetworkError, ValidationError, OAuthError, TokenExpiredError, GitHubError, BitbucketError, GitLabError, JiraError, ConfluenceError;
+var BragduckError, AuthenticationError, GitError, ApiError, NetworkError, ValidationError, OAuthError, TokenExpiredError, GitHubError, BitbucketError, GitLabError, JiraError, ConfluenceError, AtlassianError;
 var init_errors = __esm({
   "src/utils/errors.ts"() {
     "use strict";
@@ -248,6 +260,12 @@ var init_errors = __esm({
         this.name = "ConfluenceError";
       }
     };
+    AtlassianError = class extends BragduckError {
+      constructor(message, details) {
+        super(message, "ATLASSIAN_ERROR", details);
+        this.name = "AtlassianError";
+      }
+    };
   }
 });
@@ -770,92 +788,95 @@ async function findAvailablePort() {
 async function startOAuthCallbackServer(expectedState) {
   const port = await findAvailablePort();
   const timeout = OAUTH_CONFIG.TIMEOUT_MS;
-  return new Promise((resolve, reject) => {
+  const callbackUrl = `http://127.0.0.1:${port}${OAUTH_CONFIG.CALLBACK_PATH}`;
+  return new Promise((resolveHandle, rejectHandle) => {
     let server = null;
     let timeoutId = null;
-    const cleanup = () => {
-      if (timeoutId) {
-        globalThis.clearTimeout(timeoutId);
-      }
-      if (server) {
-        if (typeof server.closeAllConnections === "function") {
-          server.closeAllConnections();
-        }
-        server.close(() => {
-          logger.debug("OAuth server closed");
-        });
-        server.unref();
-      }
-    };
-    const handleRequest = (req, res) => {
-      const parsedUrl = parse(req.url || "", true);
-      logger.debug(`OAuth callback received: ${req.url}`);
-      if (parsedUrl.pathname === OAUTH_CONFIG.CALLBACK_PATH) {
-        const { code, state, error, error_description } = parsedUrl.query;
-        if (error) {
-          const errorMsg = error_description || error;
-          logger.debug(`OAuth error: ${errorMsg}`);
-          res.writeHead(400, { "Content-Type": "text/html" });
-          res.end(ERROR_HTML(String(errorMsg)));
-          cleanup();
-          reject(new OAuthError(`OAuth error: ${errorMsg}`));
-          return;
+    const resultPromise = new Promise((resolveResult, rejectResult) => {
+      const cleanup = () => {
+        if (timeoutId) {
+          globalThis.clearTimeout(timeoutId);
         }
-        if (!code || !state) {
-          const errorMsg = "Missing code or state parameter";
-          logger.debug(errorMsg);
-          res.writeHead(400, { "Content-Type": "text/html" });
-          res.end(ERROR_HTML(errorMsg));
-          cleanup();
-          reject(new OAuthError(errorMsg));
-          return;
+        if (server) {
+          if (typeof server.closeAllConnections === "function") {
+            server.closeAllConnections();
+          }
+          server.close(() => {
+            logger.debug("OAuth server closed");
+          });
+          server.unref();
         }
-        if (state !== expectedState) {
-          const errorMsg = "Invalid state parameter (possible CSRF attack)";
-          logger.debug(errorMsg);
-          res.writeHead(400, { "Content-Type": "text/html" });
-          res.end(ERROR_HTML(errorMsg));
-          cleanup();
-          reject(new OAuthError(errorMsg));
+      };
+      const handleRequest = (req, res) => {
+        const parsedUrl = parse(req.url || "", true);
+        logger.debug(`OAuth callback received: ${req.url}`);
+        if (parsedUrl.pathname === OAUTH_CONFIG.CALLBACK_PATH) {
+          const { code, state, error, error_description } = parsedUrl.query;
+          if (error) {
+            const errorMsg = error_description || error;
+            logger.debug(`OAuth error: ${errorMsg}`);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(ERROR_HTML(String(errorMsg)));
+            cleanup();
+            rejectResult(new OAuthError(`OAuth error: ${errorMsg}`));
+            return;
+          }
+          if (!code || !state) {
+            const errorMsg = "Missing code or state parameter";
+            logger.debug(errorMsg);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(ERROR_HTML(errorMsg));
+            cleanup();
+            rejectResult(new OAuthError(errorMsg));
+            return;
+          }
+          if (state !== expectedState) {
+            const errorMsg = "Invalid state parameter (possible CSRF attack)";
+            logger.debug(errorMsg);
+            res.writeHead(400, { "Content-Type": "text/html" });
+            res.end(ERROR_HTML(errorMsg));
+            cleanup();
+            rejectResult(new OAuthError(errorMsg));
+            return;
+          }
+          res.writeHead(200, { "Content-Type": "text/html" });
+          res.end(SUCCESS_HTML);
+          globalThis.setTimeout(() => {
+            cleanup();
+            resolveResult({
+              code: String(code),
+              state: String(state),
+              port
+            });
+          }, 100);
           return;
         }
-        res.writeHead(200, { "Content-Type": "text/html" });
-        res.end(SUCCESS_HTML);
-        globalThis.setTimeout(() => {
-          cleanup();
-          resolve({
-            code: String(code),
-            state: String(state),
-            port
-          });
-        }, 100);
-        return;
-      }
-      res.writeHead(404, { "Content-Type": "text/plain" });
-      res.end("Not Found");
-    };
-    server = createServer(handleRequest);
-    server.on("error", (error) => {
-      logger.debug(`OAuth server error: ${error.message}`);
-      cleanup();
-      reject(new OAuthError(`OAuth server error: ${error.message}`));
-    });
-    server.listen(port, "127.0.0.1", () => {
-      logger.debug(
-        `OAuth callback server listening on http://127.0.0.1:${port}${OAUTH_CONFIG.CALLBACK_PATH}`
-      );
+        res.writeHead(404, { "Content-Type": "text/plain" });
+        res.end("Not Found");
+      };
+      server = createServer(handleRequest);
+      server.on("error", (error) => {
+        logger.debug(`OAuth server error: ${error.message}`);
+        cleanup();
+        rejectResult(new OAuthError(`OAuth server error: ${error.message}`));
+        rejectHandle(new OAuthError(`OAuth server error: ${error.message}`));
+      });
+      server.listen(port, "127.0.0.1", () => {
+        logger.debug(
+          `OAuth callback server listening on http://127.0.0.1:${port}${OAUTH_CONFIG.CALLBACK_PATH}`
+        );
+        resolveHandle({ callbackUrl, resultPromise });
+      });
+      timeoutId = globalThis.setTimeout(() => {
+        logger.debug("OAuth callback timeout");
+        cleanup();
+        rejectResult(
+          new OAuthError("Authentication timeout - no callback received within 2 minutes")
+        );
+      }, timeout);
     });
-    timeoutId = globalThis.setTimeout(() => {
-      logger.debug("OAuth callback timeout");
-      cleanup();
-      reject(new OAuthError("Authentication timeout - no callback received within 2 minutes"));
-    }, timeout);
   });
 }
-async function getCallbackUrl() {
-  const port = await findAvailablePort();
-  return `http://127.0.0.1:${port}${OAUTH_CONFIG.CALLBACK_PATH}`;
-}
 var SUCCESS_HTML, ERROR_HTML;
 var init_oauth_server = __esm({
   "src/utils/oauth-server.ts"() {
@@ -1118,7 +1139,7 @@ var init_auth_service = __esm({
       async login() {
         logger.debug("Starting OAuth login flow");
         const state = this.generateState();
-        const callbackUrl = await getCallbackUrl();
+        const { callbackUrl, resultPromise } = await startOAuthCallbackServer(state);
         storageService.setOAuthState({
           state,
           createdAt: Date.now()
@@ -1127,7 +1148,6 @@ var init_auth_service = __esm({
         logger.debug(`Callback URL: ${callbackUrl}`);
         const authUrl = await this.buildAuthUrl(state, callbackUrl);
         logger.debug(`Authorization URL: ${authUrl}`);
-        const serverPromise = startOAuthCallbackServer(state);
         try {
           await openBrowser(authUrl);
         } catch {
@@ -1137,7 +1157,7 @@ var init_auth_service = __esm({
         }
         let callbackResult;
         try {
-          callbackResult = await serverPromise;
+          callbackResult = await resultPromise;
         } catch (error) {
           storageService.deleteOAuthState();
           throw error;
@@ -1241,15 +1261,15 @@ __export(version_exports, {
   getCurrentVersion: () => getCurrentVersion,
   version: () => version
 });
-import { readFileSync as readFileSync3 } from "fs";
-import { fileURLToPath as fileURLToPath4 } from "url";
-import { dirname as dirname3, join as join5 } from "path";
+import { readFileSync as readFileSync4 } from "fs";
+import { fileURLToPath as fileURLToPath5 } from "url";
+import { dirname as dirname4, join as join6 } from "path";
 import chalk4 from "chalk";
 import boxen2 from "boxen";
 function getCurrentVersion() {
   try {
-    const packageJsonPath2 = join5(__dirname4, "../../package.json");
-    const packageJson2 = JSON.parse(readFileSync3(packageJsonPath2, "utf-8"));
+    const packageJsonPath2 = join6(__dirname5, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync4(packageJsonPath2, "utf-8"));
     return packageJson2.version;
   } catch {
     logger.debug("Failed to read package.json version");
@@ -1331,7 +1351,7 @@ function formatVersion(includePrefix = true) {
   const prefix = includePrefix ? "v" : "";
   return `${prefix}${version}`;
 }
-var __filename4, __dirname4, version;
+var __filename5, __dirname5, version;
 var init_version = __esm({
   "src/utils/version.ts"() {
     "use strict";
@@ -1339,22 +1359,22 @@ var init_version = __esm({
     init_api_service();
     init_storage_service();
     init_logger();
-    __filename4 = fileURLToPath4(import.meta.url);
-    __dirname4 = dirname3(__filename4);
+    __filename5 = fileURLToPath5(import.meta.url);
+    __dirname5 = dirname4(__filename5);
     version = getCurrentVersion();
   }
 });
 // src/services/api.service.ts
-import { ofetch as ofetch2 } from "ofetch";
-import { readFileSync as readFileSync4 } from "fs";
-import { fileURLToPath as fileURLToPath5 } from "url";
-import { URLSearchParams as URLSearchParams2 } from "url";
-import { dirname as dirname4, join as join6 } from "path";
+import { ofetch as ofetch3 } from "ofetch";
+import { readFileSync as readFileSync5 } from "fs";
+import { fileURLToPath as fileURLToPath6 } from "url";
+import { URLSearchParams as URLSearchParams3 } from "url";
+import { dirname as dirname5, join as join7 } from "path";
 function getCliVersion() {
   try {
-    const packageJsonPath2 = join6(__dirname5, "../../package.json");
-    const packageJson2 = JSON.parse(readFileSync4(packageJsonPath2, "utf-8"));
+    const packageJsonPath2 = join7(__dirname6, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync5(packageJsonPath2, "utf-8"));
     return packageJson2.version;
   } catch {
     logger.debug("Failed to read package.json version");
@@ -1366,7 +1386,7 @@ function getPlatformInfo() {
   const arch = process.arch;
   return `${platform}-${arch}`;
 }
-var __filename5, __dirname5, ApiService, apiService;
+var __filename6, __dirname6, ApiService, apiService;
 var init_api_service = __esm({
   "src/services/api.service.ts"() {
     "use strict";
@@ -1375,14 +1395,14 @@ var init_api_service = __esm({
     init_constants();
     init_errors();
     init_logger();
-    __filename5 = fileURLToPath5(import.meta.url);
-    __dirname5 = dirname4(__filename5);
+    __filename6 = fileURLToPath6(import.meta.url);
+    __dirname6 = dirname5(__filename6);
     ApiService = class {
       baseURL;
       client;
       constructor() {
         this.baseURL = process.env.API_BASE_URL || "https://api.bragduck.com";
-        this.client = ofetch2.create({
+        this.client = ofetch3.create({
           baseURL: this.baseURL,
           // Request interceptor
           onRequest: async ({ request, options }) => {
@@ -1546,7 +1566,7 @@ var init_api_service = __esm({
         const { limit = 50, offset = 0, tags, search } = params;
         logger.debug(`Listing brags: limit=${limit}, offset=${offset}`);
         try {
-          const queryParams = new URLSearchParams2({
+          const queryParams = new URLSearchParams3({
             limit: limit.toString(),
             offset: offset.toString()
           });
@@ -1643,7 +1663,7 @@ var init_api_service = __esm({
        */
       setBaseURL(url) {
         this.baseURL = url;
-        this.client = ofetch2.create({
+        this.client = ofetch3.create({
           baseURL: url
         });
       }
@@ -1661,18 +1681,266 @@ var init_api_service = __esm({
 // src/cli.ts
 init_esm_shims();
 import { Command } from "commander";
-import { readFileSync as readFileSync5 } from "fs";
-import { fileURLToPath as fileURLToPath6 } from "url";
-import { dirname as dirname5, join as join7 } from "path";
+import { readFileSync as readFileSync6 } from "fs";
+import { fileURLToPath as fileURLToPath7 } from "url";
+import { dirname as dirname6, join as join8 } from "path";
 // src/commands/auth.ts
 init_esm_shims();
 init_auth_service();
-init_storage_service();
 import boxen from "boxen";
 import chalk3 from "chalk";
 import { input } from "@inquirer/prompts";
+// src/services/atlassian-auth.service.ts
+init_esm_shims();
+init_constants();
+init_storage_service();
+init_oauth_server();
+init_browser();
+init_errors();
+init_logger();
+import { randomBytes as randomBytes3 } from "crypto";
+import { readFileSync as readFileSync3 } from "fs";
+import { fileURLToPath as fileURLToPath4, URLSearchParams as URLSearchParams2 } from "url";
+import { dirname as dirname3, join as join4 } from "path";
+import { ofetch as ofetch2 } from "ofetch";
+import { select } from "@inquirer/prompts";
+var __filename4 = fileURLToPath4(import.meta.url);
+var __dirname4 = dirname3(__filename4);
+function getUserAgent2() {
+  try {
+    const packageJsonPath2 = join4(__dirname4, "../../package.json");
+    const packageJson2 = JSON.parse(readFileSync3(packageJsonPath2, "utf-8"));
+    const version2 = packageJson2.version;
+    const platform = process.platform;
+    const arch = process.arch;
+    return `BragDuck-CLI/${version2} (${platform}-${arch})`;
+  } catch {
+    logger.debug("Failed to read package.json version");
+    return "BragDuck-CLI/2.0.0";
+  }
+}
+var AtlassianAuthService = class {
+  apiBaseUrl;
+  refreshPromise = null;
+  constructor() {
+    this.apiBaseUrl = process.env.API_BASE_URL || "https://api.bragduck.com";
+  }
+  /**
+   * Generate a random state string for CSRF protection
+   */
+  generateState() {
+    return randomBytes3(32).toString("hex");
+  }
+  /**
+   * Build the Atlassian OAuth authorization URL
+   */
+  buildAuthUrl(state, callbackUrl) {
+    const params = new URLSearchParams2({
+      audience: ATLASSIAN_OAUTH_CONFIG.AUDIENCE,
+      client_id: ATLASSIAN_OAUTH_CONFIG.CLIENT_ID,
+      scope: ATLASSIAN_OAUTH_CONFIG.SCOPES,
+      redirect_uri: callbackUrl,
+      state,
+      response_type: "code",
+      prompt: "consent"
+    });
+    return `${ATLASSIAN_OAUTH_CONFIG.AUTH_URL}?${params.toString()}`;
+  }
+  /**
+   * Exchange authorization code for tokens via BragDuck backend
+   */
+  async exchangeCodeForToken(code, redirectUri) {
+    try {
+      logger.debug("Exchanging Atlassian authorization code for token via backend");
+      const response = await ofetch2(
+        `${this.apiBaseUrl}${API_ENDPOINTS.ATLASSIAN.TOKEN}`,
+        {
+          method: "POST",
+          body: {
+            code,
+            redirect_uri: redirectUri
+          },
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": getUserAgent2()
+          }
+        }
+      );
+      logger.debug("Atlassian token exchange successful");
+      return response;
+    } catch (error) {
+      logger.debug(`Atlassian token exchange failed: ${error.message}`);
+      throw new AtlassianError("Failed to exchange Atlassian authorization code", {
+        originalError: error.message
+      });
+    }
+  }
+  /**
+   * Fetch accessible Atlassian Cloud resources (sites) using the access token
+   */
+  async fetchAccessibleResources(accessToken) {
+    try {
+      logger.debug("Fetching accessible Atlassian resources");
+      const resources = await ofetch2(
+        ATLASSIAN_OAUTH_CONFIG.ACCESSIBLE_RESOURCES_URL,
+        {
+          headers: {
+            Authorization: `Bearer ${accessToken}`,
+            Accept: "application/json"
+          }
+        }
+      );
+      logger.debug(`Found ${resources.length} accessible resource(s)`);
+      return resources;
+    } catch (error) {
+      logger.debug(`Failed to fetch accessible resources: ${error.message}`);
+      throw new AtlassianError("Failed to fetch Atlassian Cloud sites", {
+        originalError: error.message
+      });
+    }
+  }
+  /**
+   * Let user pick a site if multiple accessible resources exist
+   */
+  async selectSite(resources) {
+    if (resources.length === 0) {
+      throw new AtlassianError(
+        "No accessible Atlassian Cloud sites found. Make sure your account has access to at least one site."
+      );
+    }
+    if (resources.length === 1) {
+      const site = resources[0];
+      logger.debug(`Auto-selecting single site: ${site.name}`);
+      return site;
+    }
+    const selectedId = await select({
+      message: "Select your Atlassian Cloud site:",
+      choices: resources.map((r) => ({
+        name: `${r.name} (${r.url})`,
+        value: r.id
+      }))
+    });
+    return resources.find((r) => r.id === selectedId);
+  }
+  /**
+   * Full OAuth login flow:
+   * 1. Open browser to Atlassian consent screen
+   * 2. Wait for callback with authorization code
+   * 3. Exchange code for tokens via BragDuck backend
+   * 4. Fetch accessible resources and pick site
+   * 5. Store credentials for jira, confluence, and atlassian services
+   */
+  async login() {
+    logger.debug("Starting Atlassian OAuth login flow");
+    const state = this.generateState();
+    const { callbackUrl, resultPromise } = await startOAuthCallbackServer(state);
+    storageService.setOAuthState({
+      state,
+      createdAt: Date.now()
+    });
+    logger.debug(`OAuth state: ${state}`);
+    logger.debug(`Callback URL: ${callbackUrl}`);
+    const authUrl = this.buildAuthUrl(state, callbackUrl);
+    logger.debug(`Authorization URL: ${authUrl}`);
+    try {
+      await openBrowser(authUrl);
+    } catch {
+      logger.warning("Could not open browser automatically");
+      logger.info("Please open this URL in your browser:");
+      logger.log(authUrl);
+    }
+    let callbackResult;
+    try {
+      callbackResult = await resultPromise;
+    } catch (error) {
+      storageService.deleteOAuthState();
+      throw error;
+    }
+    storageService.deleteOAuthState();
+    const tokenResponse = await this.exchangeCodeForToken(callbackResult.code, callbackUrl);
+    const resources = await this.fetchAccessibleResources(tokenResponse.access_token);
+    const site = await this.selectSite(resources);
+    const expiresAt = tokenResponse.expires_in ? Date.now() + tokenResponse.expires_in * 1e3 : void 0;
+    const credentials = {
+      accessToken: tokenResponse.access_token,
+      refreshToken: tokenResponse.refresh_token,
+      expiresAt,
+      instanceUrl: site.url,
+      // Real Cloud URL for browse links
+      cloudId: site.id,
+      authMethod: "oauth"
+    };
+    await storageService.setServiceCredentials("jira", credentials);
+    await storageService.setServiceCredentials("confluence", credentials);
+    await storageService.setServiceCredentials("atlassian", credentials);
+    logger.debug("Atlassian OAuth login successful");
+    return { siteName: site.name, siteUrl: site.url };
+  }
+  /**
+   * Refresh Atlassian OAuth tokens via BragDuck backend.
+   * Uses a singleton promise to prevent concurrent refresh race conditions
+   * (Atlassian uses rotating refresh tokens - each refresh invalidates the previous one).
+   */
+  async refreshToken() {
+    if (this.refreshPromise) {
+      return this.refreshPromise;
+    }
+    this.refreshPromise = this.doRefreshToken();
+    try {
+      await this.refreshPromise;
+    } finally {
+      this.refreshPromise = null;
+    }
+  }
+  async doRefreshToken() {
+    logger.debug("Refreshing Atlassian OAuth token");
+    const creds = await storageService.getServiceCredentials("jira");
+    if (!creds?.refreshToken) {
+      throw new AtlassianError("No Atlassian refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    try {
+      const response = await ofetch2(
+        `${this.apiBaseUrl}${API_ENDPOINTS.ATLASSIAN.REFRESH}`,
+        {
+          method: "POST",
+          body: {
+            refresh_token: creds.refreshToken
+          },
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": getUserAgent2()
+          }
+        }
+      );
+      const expiresAt = response.expires_in ? Date.now() + response.expires_in * 1e3 : void 0;
+      const updatedCreds = {
+        ...creds,
+        accessToken: response.access_token,
+        refreshToken: response.refresh_token,
+        expiresAt
+      };
+      await storageService.setServiceCredentials("jira", updatedCreds);
+      await storageService.setServiceCredentials("confluence", updatedCreds);
+      await storageService.setServiceCredentials("atlassian", updatedCreds);
+      logger.debug("Atlassian token refresh successful");
+    } catch (error) {
+      logger.debug(`Atlassian token refresh failed: ${error.message}`);
+      throw new AtlassianError(
+        'Atlassian token refresh failed. Please run "bragduck auth atlassian" to re-authenticate.',
+        { originalError: error.message }
+      );
+    }
+  }
+};
+var atlassianAuthService = new AtlassianAuthService();
+// src/commands/auth.ts
+init_storage_service();
 // src/services/github.service.ts
 init_esm_shims();
 init_errors();
@@ -1688,9 +1956,9 @@ import simpleGit from "simple-git";
 init_esm_shims();
 init_errors();
 import { existsSync as existsSync2 } from "fs";
-import { join as join4 } from "path";
+import { join as join5 } from "path";
 function validateGitRepository(path4) {
-  const gitDir = join4(path4, ".git");
+  const gitDir = join5(path4, ".git");
   if (!existsSync2(gitDir)) {
     throw new GitError(
       "Not a git repository. Please run this command from within a git repository.",
@@ -2404,7 +2672,14 @@ async function authStatus() {
   }
   for (const service of services) {
     if (service !== "bragduck") {
-      logger.info(`${colors.success("\u2713")} ${service}: Authenticated`);
+      const creds = await storageService.getServiceCredentials(service);
+      let methodLabel = "";
+      if (creds?.authMethod === "oauth") {
+        methodLabel = " (Cloud - OAuth)";
+      } else if (creds?.authMethod === "basic") {
+        methodLabel = " (Server - API Token)";
+      }
+      logger.info(`${colors.success("\u2713")} ${service}: Authenticated${methodLabel}`);
     }
   }
   logger.log("");
@@ -2556,68 +2831,21 @@ User: ${user.name} (@${user.username})`,
 }
 async function authAtlassian() {
   logger.log("");
-  logger.log(
-    boxen(
-      theme.info("Atlassian API Token Authentication") + "\n\nThis token works for Jira, Confluence, and Bitbucket\n\nCreate an API Token at:\n" + colors.highlight("https://id.atlassian.com/manage-profile/security/api-tokens") + "\n\nRequired access:\n  \u2022 Jira: Read issues\n  \u2022 Confluence: Read pages\n  \u2022 Bitbucket: Read repositories",
-      boxStyles.info
-    )
-  );
+  logger.info("Opening browser for Atlassian Cloud authentication...");
   logger.log("");
   try {
-    const instanceUrl = await input({
-      message: "Atlassian instance URL (e.g., company.atlassian.net):",
-      validate: (value) => value.length > 0 ? true : "Instance URL cannot be empty"
-    });
-    const email = await input({
-      message: "Atlassian account email:",
-      validate: (value) => value.includes("@") ? true : "Please enter a valid email address"
-    });
-    const apiToken = await input({
-      message: "API Token:",
-      validate: (value) => value.length > 0 ? true : "API token cannot be empty"
-    });
-    const testInstanceUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const response = await fetch(`${testInstanceUrl}/rest/api/2/myself`, {
-      headers: { Authorization: `Basic ${auth}` }
-    });
-    if (!response.ok) {
-      logger.log("");
-      logger.log(
-        boxen(
-          theme.error("\u2717 Authentication Failed") + "\n\nInvalid instance URL, email, or API token\nMake sure the instance URL is correct (e.g., company.atlassian.net)",
-          boxStyles.error
-        )
-      );
-      logger.log("");
-      process.exit(1);
-    }
-    const user = await response.json();
-    const credentials = {
-      accessToken: apiToken,
-      username: email,
-      instanceUrl: instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`
-    };
-    await storageService.setServiceCredentials("jira", credentials);
-    await storageService.setServiceCredentials("confluence", credentials);
-    await storageService.setServiceCredentials("bitbucket", {
-      ...credentials,
-      instanceUrl: "https://api.bitbucket.org"
-      // Bitbucket uses different API base
-    });
+    const result = await atlassianAuthService.login();
     logger.log("");
     logger.log(
       boxen(
-        theme.success("\u2713 Successfully authenticated with Atlassian") + `
+        theme.success("\u2713 Successfully authenticated with Atlassian Cloud") + `
-Instance: ${instanceUrl}
-User: ${user.displayName}
-Email: ${user.emailAddress}
+Site: ${result.siteName}
+URL: ${result.siteUrl}
 Services configured:
-  \u2022 Jira
-  \u2022 Confluence
-  \u2022 Bitbucket`,
+  - Jira (OAuth)
+  - Confluence (OAuth)`,
         boxStyles.success
       )
     );
@@ -2639,7 +2867,7 @@ Services configured:
 // src/commands/sync.ts
 init_esm_shims();
-// node_modules/@inquirer/core/dist/esm/lib/errors.mjs
+// ../../node_modules/.pnpm/@inquirer+core@9.2.1/node_modules/@inquirer/core/dist/esm/lib/errors.mjs
 init_esm_shims();
 var CancelPromptError = class extends Error {
   name = "CancelPromptError";
@@ -2650,8 +2878,8 @@ var CancelPromptError = class extends Error {
 init_api_service();
 init_storage_service();
 init_auth_service();
-import { select as select3 } from "@inquirer/prompts";
-import boxen6 from "boxen";
+import { select as select4 } from "@inquirer/prompts";
+import boxen5 from "boxen";
 // src/utils/source-detector.ts
 init_esm_shims();
@@ -2659,7 +2887,7 @@ init_errors();
 init_storage_service();
 import { exec as exec3 } from "child_process";
 import { promisify as promisify3 } from "util";
-import { select } from "@inquirer/prompts";
+import { select as select2 } from "@inquirer/prompts";
 var execAsync3 = promisify3(exec3);
 var SourceDetector = class {
   /**
@@ -2715,7 +2943,7 @@ var SourceDetector = class {
         description: source.remoteUrl
       };
     });
-    return await select({
+    return await select2({
       message: "Multiple sources detected. Which do you want to sync?",
       choices
     });
@@ -3231,7 +3459,7 @@ init_logger();
 init_storage_service();
 import { exec as exec5 } from "child_process";
 import { promisify as promisify5 } from "util";
-import { URLSearchParams as URLSearchParams3 } from "url";
+import { URLSearchParams as URLSearchParams4 } from "url";
 var execAsync5 = promisify5(exec5);
 var GitLabService = class {
   DEFAULT_INSTANCE = "https://gitlab.com";
@@ -3377,7 +3605,7 @@ var GitLabService = class {
   async getMergedMRs(options = {}) {
     const { projectPath } = await this.getProjectFromGit();
     const encodedPath = encodeURIComponent(projectPath);
-    const params = new URLSearchParams3({
+    const params = new URLSearchParams4({
       state: "merged",
       order_by: "updated_at",
       sort: "desc",
@@ -3543,41 +3771,76 @@ init_esm_shims();
 init_errors();
 init_logger();
 init_storage_service();
+init_constants();
 var JiraService = class {
   MAX_DESCRIPTION_LENGTH = 5e3;
   /**
-   * Get stored Jira credentials
+   * Get stored Jira credentials, auto-refreshing OAuth tokens if expired
    */
   async getCredentials() {
     const creds = await storageService.getServiceCredentials("jira");
-    if (!creds || !creds.username || !creds.accessToken || !creds.instanceUrl) {
+    if (!creds || !creds.accessToken) {
       throw new JiraError("Not authenticated with Jira", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    if (creds.expiresAt && creds.expiresAt < Date.now()) {
+    if (creds.authMethod !== "oauth" && (!creds.username || !creds.instanceUrl)) {
+      throw new JiraError("Not authenticated with Jira", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && !creds.cloudId) {
+      throw new JiraError("Missing Atlassian Cloud ID", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
+      if (creds.refreshToken) {
+        logger.debug("Jira OAuth token expired, refreshing...");
+        await atlassianAuthService.refreshToken();
+        const refreshed = await storageService.getServiceCredentials("jira");
+        if (!refreshed?.accessToken) {
+          throw new JiraError("Token refresh failed", {
+            hint: "Run: bragduck auth atlassian"
+          });
+        }
+        return refreshed;
+      }
+      throw new JiraError("OAuth token has expired and no refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod !== "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
       throw new JiraError("API token has expired", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    return {
-      email: creds.username,
-      apiToken: creds.accessToken,
-      instanceUrl: creds.instanceUrl
-    };
+    return creds;
   }
   /**
-   * Make authenticated request to Jira API
+   * Make authenticated request to Jira API.
+   * Uses OAuth Bearer + API gateway for Cloud, Basic Auth for Server/DC.
+   * Retries once on 401 for OAuth (auto-refresh).
    */
   async request(endpoint, method = "GET", body) {
-    const { email, apiToken, instanceUrl } = await this.getCredentials();
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+    const creds = await this.getCredentials();
+    const isOAuth = creds.authMethod === "oauth";
+    let baseUrl;
+    let authHeader;
+    if (isOAuth) {
+      baseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/jira/${creds.cloudId}`;
+      authHeader = `Bearer ${creds.accessToken}`;
+    } else {
+      const instanceUrl = creds.instanceUrl;
+      baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+      const auth = Buffer.from(`${creds.username}:${creds.accessToken}`).toString("base64");
+      authHeader = `Basic ${auth}`;
+    }
     logger.debug(`Jira API: ${method} ${endpoint}`);
     const options = {
       method,
       headers: {
-        Authorization: `Basic ${auth}`,
+        Authorization: authHeader,
         "Content-Type": "application/json",
         Accept: "application/json"
       }
@@ -3585,7 +3848,17 @@ var JiraService = class {
     if (body) {
       options.body = JSON.stringify(body);
     }
-    const response = await fetch(`${baseUrl}${endpoint}`, options);
+    let response = await fetch(`${baseUrl}${endpoint}`, options);
+    if (response.status === 401 && isOAuth && creds.refreshToken) {
+      logger.debug("Jira OAuth 401, attempting token refresh and retry");
+      await atlassianAuthService.refreshToken();
+      const refreshedCreds = await storageService.getServiceCredentials("jira");
+      if (refreshedCreds?.accessToken) {
+        options.headers.Authorization = `Bearer ${refreshedCreds.accessToken}`;
+        const newBaseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/jira/${refreshedCreds.cloudId}`;
+        response = await fetch(`${newBaseUrl}${endpoint}`, options);
+      }
+    }
     if (!response.ok) {
       const statusText = response.statusText;
       const status = response.status;
@@ -3991,40 +4264,75 @@ init_esm_shims();
 init_errors();
 init_logger();
 init_storage_service();
+init_constants();
 var ConfluenceService = class {
   /**
-   * Get stored Confluence credentials
+   * Get stored Confluence credentials, auto-refreshing OAuth tokens if expired
    */
   async getCredentials() {
     const creds = await storageService.getServiceCredentials("confluence");
-    if (!creds || !creds.username || !creds.accessToken || !creds.instanceUrl) {
+    if (!creds || !creds.accessToken) {
       throw new ConfluenceError("Not authenticated with Confluence", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    if (creds.expiresAt && creds.expiresAt < Date.now()) {
+    if (creds.authMethod !== "oauth" && (!creds.username || !creds.instanceUrl)) {
+      throw new ConfluenceError("Not authenticated with Confluence", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && !creds.cloudId) {
+      throw new ConfluenceError("Missing Atlassian Cloud ID", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod === "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
+      if (creds.refreshToken) {
+        logger.debug("Confluence OAuth token expired, refreshing...");
+        await atlassianAuthService.refreshToken();
+        const refreshed = await storageService.getServiceCredentials("confluence");
+        if (!refreshed?.accessToken) {
+          throw new ConfluenceError("Token refresh failed", {
+            hint: "Run: bragduck auth atlassian"
+          });
+        }
+        return refreshed;
+      }
+      throw new ConfluenceError("OAuth token has expired and no refresh token available", {
+        hint: "Run: bragduck auth atlassian"
+      });
+    }
+    if (creds.authMethod !== "oauth" && creds.expiresAt && creds.expiresAt < Date.now()) {
       throw new ConfluenceError("API token has expired", {
         hint: "Run: bragduck auth atlassian"
       });
     }
-    return {
-      email: creds.username,
-      apiToken: creds.accessToken,
-      instanceUrl: creds.instanceUrl
-    };
+    return creds;
   }
   /**
-   * Make authenticated request to Confluence API
+   * Make authenticated request to Confluence API.
+   * Uses OAuth Bearer + API gateway for Cloud, Basic Auth for Server/DC.
+   * Retries once on 401 for OAuth (auto-refresh).
    */
   async request(endpoint, method = "GET", body) {
-    const { email, apiToken, instanceUrl } = await this.getCredentials();
-    const auth = Buffer.from(`${email}:${apiToken}`).toString("base64");
-    const baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+    const creds = await this.getCredentials();
+    const isOAuth = creds.authMethod === "oauth";
+    let baseUrl;
+    let authHeader;
+    if (isOAuth) {
+      baseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/confluence/${creds.cloudId}`;
+      authHeader = `Bearer ${creds.accessToken}`;
+    } else {
+      const instanceUrl = creds.instanceUrl;
+      baseUrl = instanceUrl.startsWith("http") ? instanceUrl : `https://${instanceUrl}`;
+      const auth = Buffer.from(`${creds.username}:${creds.accessToken}`).toString("base64");
+      authHeader = `Basic ${auth}`;
+    }
     logger.debug(`Confluence API: ${method} ${endpoint}`);
     const options = {
       method,
       headers: {
-        Authorization: `Basic ${auth}`,
+        Authorization: authHeader,
         "Content-Type": "application/json",
         Accept: "application/json"
       }
@@ -4032,7 +4340,17 @@ var ConfluenceService = class {
     if (body) {
       options.body = JSON.stringify(body);
     }
-    const response = await fetch(`${baseUrl}${endpoint}`, options);
+    let response = await fetch(`${baseUrl}${endpoint}`, options);
+    if (response.status === 401 && isOAuth && creds.refreshToken) {
+      logger.debug("Confluence OAuth 401, attempting token refresh and retry");
+      await atlassianAuthService.refreshToken();
+      const refreshedCreds = await storageService.getServiceCredentials("confluence");
+      if (refreshedCreds?.accessToken) {
+        options.headers.Authorization = `Bearer ${refreshedCreds.accessToken}`;
+        const newBaseUrl = `${ATLASSIAN_OAUTH_CONFIG.API_GATEWAY_URL}/ex/confluence/${refreshedCreds.cloudId}`;
+        response = await fetch(`${newBaseUrl}${endpoint}`, options);
+      }
+    }
     if (!response.ok) {
       const statusText = response.statusText;
       const status = response.status;
@@ -4441,138 +4759,13 @@ init_logger();
 // src/utils/auth-helper.ts
 init_esm_shims();
 init_auth_service();
-import boxen5 from "boxen";
+import boxen4 from "boxen";
+init_logger();
-// src/commands/init.ts
+// src/ui/prompts.ts
 init_esm_shims();
-init_auth_service();
-init_logger();
-import ora from "ora";
+import { checkbox, confirm, input as input2, select as select3, editor } from "@inquirer/prompts";
 import boxen3 from "boxen";
-import chalk5 from "chalk";
-async function initCommand() {
-  logger.log("");
-  logger.log(
-    boxen3(
-      chalk5.yellow.bold("\u26A0 Deprecation Notice") + `
-The ${chalk5.cyan("init")} command is deprecated.
-Please use ${chalk5.cyan("bragduck auth login")} instead.
-` + chalk5.dim("This command will be removed in v3.0.0"),
-      {
-        padding: 1,
-        borderStyle: "round",
-        borderColor: "yellow",
-        dimBorder: true
-      }
-    )
-  );
-  logger.log("");
-  logger.info("Starting authentication flow...");
-  logger.log("");
-  const isAuthenticated = await authService.isAuthenticated();
-  if (isAuthenticated) {
-    const userInfo = authService.getUserInfo();
-    if (userInfo) {
-      logger.log(
-        boxen3(
-          `${chalk5.yellow("Already authenticated!")}
-${chalk5.gray("User:")} ${userInfo.name}
-${chalk5.gray("Email:")} ${userInfo.email}
-${chalk5.dim("Run")} ${chalk5.cyan("bragduck logout")} ${chalk5.dim("to sign out")}`,
-          {
-            padding: 1,
-            margin: 1,
-            borderStyle: "round",
-            borderColor: "yellow"
-          }
-        )
-      );
-      logger.log("");
-      globalThis.setTimeout(() => {
-        process.exit(0);
-      }, 100);
-      return;
-    }
-  }
-  const spinner = ora("Opening browser for authentication...").start();
-  try {
-    spinner.text = "Waiting for authentication...";
-    const userInfo = await authService.login();
-    spinner.succeed("Authentication successful!");
-    logger.log("");
-    logger.log(
-      boxen3(
-        `${chalk5.green.bold("\u2713 Successfully authenticated!")}
-${chalk5.gray("Welcome,")} ${chalk5.cyan(userInfo.name)}
-${chalk5.gray("Email:")} ${userInfo.email}
-${chalk5.dim("You can now use")} ${chalk5.cyan("bragduck scan")} ${chalk5.dim("to create brags!")}`,
-        {
-          padding: 1,
-          margin: 1,
-          borderStyle: "round",
-          borderColor: "green"
-        }
-      )
-    );
-    logger.log("");
-    globalThis.setTimeout(() => {
-      process.exit(0);
-    }, 100);
-    return;
-  } catch (error) {
-    spinner.fail("Authentication failed");
-    logger.log("");
-    const err = error;
-    logger.log(
-      boxen3(
-        `${chalk5.red.bold("\u2717 Authentication Failed")}
-${err.message}
-${chalk5.dim("Hint:")} ${getErrorHint(err)}`,
-        {
-          padding: 1,
-          margin: 1,
-          borderStyle: "round",
-          borderColor: "red"
-        }
-      )
-    );
-    process.exit(1);
-  }
-}
-function getErrorHint(error) {
-  if (error.name === "OAuthError") {
-    if (error.message.includes("timeout")) {
-      return "Try again and complete the authentication within 2 minutes";
-    }
-    if (error.message.includes("CSRF")) {
-      return "This might be a security issue. Try running the command again";
-    }
-    return "Check your internet connection and try again";
-  }
-  if (error.name === "NetworkError") {
-    return "Check your internet connection and firewall settings";
-  }
-  if (error.name === "AuthenticationError") {
-    return "Verify your credentials and try again";
-  }
-  return "Try running the command again or check the logs with DEBUG=* bragduck init";
-}
-// src/utils/auth-helper.ts
-init_logger();
-// src/ui/prompts.ts
-init_esm_shims();
-import { checkbox, confirm, input as input2, select as select2, editor } from "@inquirer/prompts";
-import boxen4 from "boxen";
 // src/ui/formatters.ts
 init_esm_shims();
@@ -4661,7 +4854,13 @@ function formatRefinedCommitsTable(brags, selectedCommits) {
     } else {
       displaySha = `#${index + 1}`;
     }
-    const original = isNewBragType ? typeof brag.original_input === "string" ? brag.original_input.split("\n")[0] || "" : "Raw input" : brag.original_message.split("\n")[0] || "";
+    let original;
+    if (isNewBragType) {
+      const input3 = brag.original_input;
+      original = typeof input3 === "string" ? input3.split("\n")[0] || "" : "Raw input";
+    } else {
+      original = brag.original_message.split("\n")[0] || "";
+    }
     const title = brag.refined_title;
     const description = brag.refined_description.length > 100 ? brag.refined_description.substring(0, 97) + "..." : brag.refined_description;
     const tags = (brag.suggested_tags || []).join(", ") || "none";
@@ -4786,7 +4985,7 @@ async function promptDaysToScan(defaultDays = 30) {
     { name: "90 days", value: "90", description: "Last 3 months" },
     { name: "Custom", value: "custom", description: "Enter custom number of days" }
   ];
-  const selected = await select2({
+  const selected = await select3({
     message: "How many days back should we scan for PRs?",
     choices,
     default: "30"
@@ -4820,7 +5019,7 @@ async function promptScanMode() {
       description: "Scan git commits directly"
     }
   ];
-  return await select2({
+  return await select3({
     message: "What would you like to scan?",
     choices,
     default: "prs"
@@ -4837,7 +5036,7 @@ async function promptSortOption() {
     { name: "By files (most files)", value: "files", description: "Most files changed" },
     { name: "No sorting", value: "none", description: "Keep original order" }
   ];
-  return await select2({
+  return await select3({
     message: "How would you like to sort the PRs?",
     choices,
     default: "date"
@@ -4851,7 +5050,7 @@ async function promptSelectOrganisation(organisations) {
       value: org.id
     }))
   ];
-  const selected = await select2({
+  const selected = await select3({
     message: "Attach brags to which company?",
     choices,
     default: "none"
@@ -4914,9 +5113,9 @@ ${theme.label("Impact Score")} ${colors.highlight(impactScore)}`;
 ${theme.label("PR Link")} ${colors.link(prUrl)}`;
       }
-      console.log(boxen4(bragDetails, boxStyles.info));
+      console.log(boxen3(bragDetails, boxStyles.info));
       console.log("");
-      const action = await select2({
+      const action = await select3({
         message: `What would you like to do with this brag?`,
         choices: [
           { name: "\u2713 Accept", value: "accept", description: "Add this brag as-is" },
@@ -4991,7 +5190,7 @@ async function ensureAuthenticated() {
   }
   logger.log("");
   logger.log(
-    boxen5(
+    boxen4(
       theme.warning("Not authenticated") + "\n\nYou need to be logged in to use this command.\n\nWould you like to authenticate now?",
       boxStyles.warning
     )
@@ -5007,7 +5206,7 @@ async function ensureAuthenticated() {
     return false;
   }
   try {
-    await initCommand();
+    await authCommand("login");
     return true;
   } catch {
     return false;
@@ -5016,9 +5215,9 @@ async function ensureAuthenticated() {
 // src/ui/spinners.ts
 init_esm_shims();
-import ora2 from "ora";
+import ora from "ora";
 function createSpinner(text) {
-  return ora2({
+  return ora({
     text,
     color: "cyan",
     spinner: "dots"
@@ -5026,7 +5225,7 @@ function createSpinner(text) {
 }
 function createStepSpinner(currentStep, totalSteps, text) {
   const stepIndicator = theme.step(currentStep, totalSteps);
-  return ora2({
+  return ora({
     text: `${stepIndicator} ${text}`,
     color: "cyan",
     spinner: "dots"
@@ -5329,7 +5528,10 @@ async function syncSingleRepository(repo, days, sortOption, scanMode, orgId, opt
         repository: repoInfo.url,
         date: originalCommit?.date || (/* @__PURE__ */ new Date()).toISOString(),
         commit_url: originalCommit?.url || "",
+        impactLevel: refined.suggested_impactLevel,
+        typeId: refined.suggested_typeId,
         impact_score: refined.suggested_impactLevel,
+        impactDescription: refined.impact_description,
         impact_description: refined.impact_description,
         attachments: originalCommit?.url ? [originalCommit.url] : [],
         orgId: orgId || void 0,
@@ -5533,7 +5735,7 @@ async function promptSelectService() {
       description: `Sync all ${authenticatedSyncServices.length} authenticated service${authenticatedSyncServices.length > 1 ? "s" : ""}`
     });
   }
-  const selected = await select3({
+  const selected = await select4({
     message: "Select a service to sync:",
     choices: serviceChoices
   });
@@ -5739,7 +5941,10 @@ async function syncSingleService(sourceType, options, TOTAL_STEPS, sharedDays, s
         repository: repoInfo.url,
         date: originalCommit?.date || (/* @__PURE__ */ new Date()).toISOString(),
         commit_url: originalCommit?.url || "",
+        impactLevel: refined.suggested_impactLevel,
+        typeId: refined.suggested_typeId,
         impact_score: refined.suggested_impactLevel,
+        impactDescription: refined.impact_description,
         impact_description: refined.impact_description,
         attachments: originalCommit?.url ? [originalCommit.url] : [],
         orgId: selectedOrgId || void 0,
@@ -5943,10 +6148,10 @@ async function syncAllAuthenticatedServices(options) {
   }
   if (totalCreated > 0) {
     const allCreatedBrags = results.filter((r) => r.createdBrags).flatMap((r) => r.createdBrags);
-    logger.log(boxen6(formatSuccessMessage(totalCreated, allCreatedBrags), boxStyles.success));
+    logger.log(boxen5(formatSuccessMessage(totalCreated, allCreatedBrags), boxStyles.success));
   } else if (successful.length > 0) {
     logger.log(
-      boxen6(
+      boxen5(
         theme.secondary("No new brags created (all items already exist or were skipped)"),
         boxStyles.info
       )
@@ -5970,7 +6175,7 @@ async function syncCommand(options = {}) {
       logger.debug("FREE tier detected - blocking sync command");
       logger.log("");
       logger.log(
-        boxen6(
+        boxen5(
           theme.warning("CLI Access Requires Subscription") + "\n\nThe Bragduck CLI is available for Plus and Pro subscribers.\nUpgrade now to unlock:\n\n  \u2022 Automatic work item scanning\n  \u2022 AI-powered brag generation\n  \u2022 Unlimited brags\n\n" + colors.highlight("Start your free trial today"),
           {
             ...boxStyles.warning,
@@ -6029,7 +6234,7 @@ async function syncCommand(options = {}) {
         const result2 = await syncMultipleRepositories(repos, options);
         if (result2.totalCreated > 0 || result2.totalSkipped > 0) {
           logger.log("");
-          logger.log(boxen6(formatMultiRepoSummary(result2), boxStyles.success));
+          logger.log(boxen5(formatMultiRepoSummary(result2), boxStyles.success));
         } else {
           logger.log("");
           logger.info("No brags created.");
@@ -6062,7 +6267,7 @@ async function syncCommand(options = {}) {
       const result = await syncSingleService(sourceType, options, TOTAL_STEPS);
       if (result.created > 0) {
         logger.log(
-          boxen6(formatSuccessMessage(result.created, result.createdBrags), boxStyles.success)
+          boxen5(formatSuccessMessage(result.created, result.createdBrags), boxStyles.success)
         );
       } else if (result.skipped > 0) {
         logger.log("");
@@ -6089,12 +6294,12 @@ async function syncCommand(options = {}) {
     const err = error;
     logger.log("");
     logger.log(
-      boxen6(formatErrorMessage(err.message, getErrorHint2(err, sourceType)), boxStyles.error)
+      boxen5(formatErrorMessage(err.message, getErrorHint(err, sourceType)), boxStyles.error)
     );
     process.exit(1);
   }
 }
-function getErrorHint2(error, sourceType) {
+function getErrorHint(error, sourceType) {
   if (error.name === "GitHubError") {
     return 'Make sure you are in a GitHub repository and have authenticated with "gh auth login"';
   }
@@ -6121,17 +6326,17 @@ init_esm_shims();
 init_auth_service();
 init_logger();
 import { confirm as confirm2 } from "@inquirer/prompts";
-import boxen7 from "boxen";
-import chalk6 from "chalk";
-import ora3 from "ora";
+import boxen6 from "boxen";
+import chalk5 from "chalk";
+import ora2 from "ora";
 async function logoutCommand() {
   const isAuthenticated = await authService.isAuthenticated();
   if (!isAuthenticated) {
     logger.log(
-      boxen7(
-        `${chalk6.yellow("Not currently authenticated")}
+      boxen6(
+        `${chalk5.yellow("Not currently authenticated")}
-${chalk6.dim("Nothing to logout from")}`,
+${chalk5.dim("Nothing to logout from")}`,
         {
           padding: 1,
           margin: 1,
@@ -6146,25 +6351,25 @@ ${chalk6.dim("Nothing to logout from")}`,
   const userName = userInfo?.name || "Unknown User";
   logger.log("");
   const shouldLogout = await confirm2({
-    message: `Are you sure you want to logout? (${chalk6.cyan(userName)})`,
+    message: `Are you sure you want to logout? (${chalk5.cyan(userName)})`,
     default: false
   });
   if (!shouldLogout) {
     logger.info("Logout cancelled");
     return;
   }
-  const spinner = ora3("Logging out...").start();
+  const spinner = ora2("Logging out...").start();
   try {
     await authService.logout();
     spinner.succeed("Logged out successfully");
     logger.log("");
     logger.log(
-      boxen7(
-        `${chalk6.green.bold("\u2713 Logged out successfully")}
+      boxen6(
+        `${chalk5.green.bold("\u2713 Logged out successfully")}
-${chalk6.dim("Your credentials have been cleared")}
+${chalk5.dim("Your credentials have been cleared")}
-${chalk6.dim("Run")} ${chalk6.cyan("bragduck init")} ${chalk6.dim("to login again")}`,
+${chalk5.dim("Run")} ${chalk5.cyan("bragduck init")} ${chalk5.dim("to login again")}`,
         {
           padding: 1,
           margin: 1,
@@ -6180,293 +6385,10 @@ ${chalk6.dim("Run")} ${chalk6.cyan("bragduck init")} ${chalk6.dim("to login agai
   }
 }
-// src/commands/scan.ts
-init_esm_shims();
-import boxen8 from "boxen";
-import chalk7 from "chalk";
-init_api_service();
-init_storage_service();
-init_logger();
-init_browser();
-init_auth_service();
-async function scanCommand(options = {}) {
-  logger.log("");
-  logger.log(
-    boxen8(
-      chalk7.yellow.bold("\u26A0 Deprecation Notice") + `
-The ${chalk7.cyan("scan")} command is deprecated.
-Please use ${chalk7.cyan("bragduck sync")} instead.
-` + chalk7.dim("This command will be removed in v3.0.0"),
-      {
-        padding: 1,
-        borderStyle: "round",
-        borderColor: "yellow",
-        dimBorder: true
-      }
-    )
-  );
-  logger.log("");
-  const TOTAL_STEPS = 5;
-  try {
-    const isAuthenticated = await ensureAuthenticated();
-    if (!isAuthenticated) {
-      process.exit(1);
-    }
-    logger.debug("Fetching subscription status...");
-    const subscriptionStatus = await apiService.getSubscriptionStatus();
-    logger.debug("Subscription status response:", JSON.stringify(subscriptionStatus, null, 2));
-    logger.debug(
-      `Checking tier: "${subscriptionStatus.tier}" (type: ${typeof subscriptionStatus.tier})`
-    );
-    logger.debug(`Tier === 'FREE': ${subscriptionStatus.tier === "FREE"}`);
-    if (subscriptionStatus.tier === "FREE") {
-      logger.debug("FREE tier detected - blocking scan command");
-      logger.log("");
-      logger.log(
-        boxen8(
-          theme.warning("CLI Access Requires Subscription") + "\n\nThe Bragduck CLI is available for Plus and Pro subscribers.\nUpgrade now to unlock:\n\n  \u2022 Automatic PR scanning\n  \u2022 AI-powered brag generation\n  \u2022 Unlimited brags\n\n" + colors.highlight("Start your free trial today!"),
-          {
-            ...boxStyles.warning,
-            padding: 1,
-            margin: 1
-          }
-        )
-      );
-      logger.log("");
-      const shouldOpenBrowser = await promptConfirm(
-        "Open subscription plans in your browser?",
-        true
-      );
-      if (shouldOpenBrowser) {
-        logger.log("");
-        const plansUrl = "https://bragduck.com/app/settings/plans";
-        try {
-          await openBrowser(plansUrl);
-          logger.info(theme.secondary("Opening browser..."));
-        } catch {
-          logger.warning("Could not open browser automatically");
-          logger.info(`Please visit: ${theme.value(plansUrl)}`);
-        }
-      }
-      logger.log("");
-      return;
-    }
-    logger.debug(`Subscription tier "${subscriptionStatus.tier}" - proceeding with scan`);
-    const repoSpinner = createStepSpinner(1, TOTAL_STEPS, "Validating GitHub repository");
-    repoSpinner.start();
-    await githubService.validateGitHubRepository();
-    const repoInfo = await githubService.getRepositoryInfo();
-    succeedStepSpinner(
-      repoSpinner,
-      1,
-      TOTAL_STEPS,
-      `Repository: ${theme.value(repoInfo.fullName)}`
-    );
-    logger.log("");
-    let days = options.days;
-    if (!days) {
-      const defaultDays = storageService.getConfig("defaultCommitDays");
-      days = await promptDaysToScan(defaultDays);
-      logger.log("");
-    }
-    const prSpinner = createStepSpinner(
-      2,
-      TOTAL_STEPS,
-      `Fetching merged PRs from the last ${days} days`
-    );
-    prSpinner.start();
-    let prs;
-    if (options.all) {
-      prs = await githubService.getMergedPRs({ days });
-    } else {
-      prs = await githubService.getPRsByCurrentUser({ days });
-    }
-    const commits = prs.map((pr) => githubService.transformPRToCommit(pr));
-    if (commits.length === 0) {
-      failStepSpinner(prSpinner, 2, TOTAL_STEPS, `No merged PRs found in the last ${days} days`);
-      logger.log("");
-      logger.info("Try increasing the number of days or check your GitHub activity");
-      return;
-    }
-    succeedStepSpinner(
-      prSpinner,
-      2,
-      TOTAL_STEPS,
-      `Found ${theme.count(commits.length)} PR${commits.length > 1 ? "s" : ""}`
-    );
-    logger.log("");
-    logger.log(formatCommitStats(commits));
-    logger.log("");
-    let sortedCommits = [...commits];
-    if (commits.length > 1) {
-      const sortOption = await promptSortOption();
-      logger.log("");
-      if (sortOption === "date") {
-        sortedCommits.sort((a, b) => new Date(b.date).getTime() - new Date(a.date).getTime());
-      } else if (sortOption === "size") {
-        sortedCommits.sort((a, b) => {
-          const sizeA = (a.diffStats?.insertions || 0) + (a.diffStats?.deletions || 0);
-          const sizeB = (b.diffStats?.insertions || 0) + (b.diffStats?.deletions || 0);
-          return sizeB - sizeA;
-        });
-      } else if (sortOption === "files") {
-        sortedCommits.sort((a, b) => {
-          const filesA = a.diffStats?.filesChanged || 0;
-          const filesB = b.diffStats?.filesChanged || 0;
-          return filesB - filesA;
-        });
-      }
-    }
-    const selectedShas = await promptSelectCommits(sortedCommits);
-    if (selectedShas.length === 0) {
-      logger.log("");
-      logger.info(theme.secondary("No PRs selected. Scan cancelled."));
-      logger.log("");
-      return;
-    }
-    const selectedCommits = sortedCommits.filter((c) => selectedShas.includes(c.sha));
-    logger.log(formatSelectionSummary(selectedCommits.length, selectedCommits));
-    logger.log("");
-    const existingBrags = await apiService.listBrags({ limit: 100 });
-    logger.debug(`Fetched ${existingBrags.brags.length} existing brags`);
-    const existingUrls = new Set(existingBrags.brags.flatMap((b) => b.attachments || []));
-    logger.debug(`Existing PR URLs in attachments: ${existingUrls.size}`);
-    const duplicates = selectedCommits.filter((c) => c.url && existingUrls.has(c.url));
-    const newCommits = selectedCommits.filter((c) => !c.url || !existingUrls.has(c.url));
-    logger.debug(`Duplicates: ${duplicates.length}, New: ${newCommits.length}`);
-    if (duplicates.length > 0) {
-      logger.log("");
-      logger.info(
-        colors.warning(
-          `${duplicates.length} PR${duplicates.length > 1 ? "s" : ""} already added to Bragduck - skipping`
-        )
-      );
-      logger.log("");
-    }
-    if (newCommits.length === 0) {
-      logger.log("");
-      logger.info(
-        theme.secondary("All selected PRs already exist in Bragduck. Nothing to refine.")
-      );
-      logger.log("");
-      return;
-    }
-    const refineSpinner = createStepSpinner(
-      3,
-      TOTAL_STEPS,
-      `Refining ${theme.count(newCommits.length)} PR${newCommits.length > 1 ? "s" : ""} with AI`
-    );
-    refineSpinner.start();
-    const refineRequest = {
-      brags: newCommits.map((c) => ({
-        text: c.message,
-        date: c.date,
-        title: c.message.split("\n")[0]
-        // First line as initial title
-      }))
-    };
-    const refineResponse = await apiService.refineBrags(refineRequest);
-    let refinedBrags = refineResponse.refined_brags;
-    succeedStepSpinner(refineSpinner, 3, TOTAL_STEPS, "PRs refined successfully");
-    logger.log("");
-    logger.info("Preview of refined brags:");
-    logger.log("");
-    logger.log(formatRefinedCommitsTable(refinedBrags, newCommits));
-    logger.log("");
-    const acceptedBrags = await promptReviewBrags(refinedBrags, newCommits);
-    if (acceptedBrags.length === 0) {
-      logger.log("");
-      logger.info(theme.secondary("No brags selected for creation. Scan cancelled."));
-      logger.log("");
-      return;
-    }
-    logger.log("");
-    let selectedOrgId = null;
-    const userInfo = authService.getUserInfo();
-    if (userInfo?.id) {
-      try {
-        const orgsResponse = await apiService.listUserOrganisations(userInfo.id);
-        if (orgsResponse.items.length > 0) {
-          selectedOrgId = await promptSelectOrganisation(orgsResponse.items);
-          logger.log("");
-        }
-      } catch {
-        logger.debug("Failed to fetch organisations, skipping org selection");
-      }
-    }
-    const createSpinner2 = createStepSpinner(
-      4,
-      TOTAL_STEPS,
-      `Creating ${theme.count(acceptedBrags.length)} brag${acceptedBrags.length > 1 ? "s" : ""}`
-    );
-    createSpinner2.start();
-    const createRequest = {
-      brags: acceptedBrags.map((refined, index) => {
-        const originalCommit = newCommits[index];
-        const repoTag = repoInfo.name;
-        const tagsWithRepo = refined.suggested_tags.includes(repoTag) ? refined.suggested_tags : [repoTag, ...refined.suggested_tags];
-        return {
-          commit_sha: originalCommit?.sha || `brag-${index}`,
-          title: refined.refined_title,
-          description: refined.refined_description,
-          tags: tagsWithRepo,
-          repository: repoInfo.url,
-          date: originalCommit?.date || "",
-          commit_url: originalCommit?.url || "",
-          impact_score: refined.suggested_impactLevel,
-          impact_description: refined.impact_description,
-          attachments: originalCommit?.url ? [originalCommit.url] : [],
-          orgId: selectedOrgId || void 0
-        };
-      })
-    };
-    const createResponse = await apiService.createBrags(createRequest);
-    succeedStepSpinner(
-      createSpinner2,
-      4,
-      TOTAL_STEPS,
-      `Created ${theme.count(createResponse.created)} brag${createResponse.created > 1 ? "s" : ""}`
-    );
-    logger.log("");
-    logger.log(boxen8(formatSuccessMessage(createResponse.created), boxStyles.success));
-  } catch (error) {
-    if (error instanceof CancelPromptError) {
-      logger.log("");
-      logger.info(theme.secondary("Scan cancelled."));
-      logger.log("");
-      return;
-    }
-    const err = error;
-    logger.log("");
-    logger.log(boxen8(formatErrorMessage(err.message, getErrorHint3(err)), boxStyles.error));
-    process.exit(1);
-  }
-}
-function getErrorHint3(error) {
-  if (error.name === "GitHubError") {
-    return 'Make sure you are in a GitHub repository and have authenticated with "gh auth login"';
-  }
-  if (error.name === "GitError") {
-    return "Make sure you are in a git repository. Note: Only GitHub repositories are supported for PR scanning.";
-  }
-  if (error.name === "TokenExpiredError" || error.name === "AuthenticationError") {
-    return 'Run "bragduck init" to login again';
-  }
-  if (error.name === "NetworkError") {
-    return "Check your internet connection and try again";
-  }
-  if (error.name === "ApiError") {
-    return "The server might be experiencing issues. Try again later";
-  }
-  return "Try running with DEBUG=* for more information";
-}
 // src/commands/list.ts
 init_esm_shims();
 init_api_service();
-import boxen9 from "boxen";
+import boxen7 from "boxen";
 import Table2 from "cli-table3";
 init_logger();
 async function listCommand(options = {}) {
@@ -6533,7 +6455,7 @@ async function listCommand(options = {}) {
   } catch (error) {
     const err = error;
     logger.log("");
-    logger.log(boxen9(formatErrorMessage(err.message, getErrorHint4(err)), boxStyles.error));
+    logger.log(boxen7(formatErrorMessage(err.message, getErrorHint2(err)), boxStyles.error));
     process.exit(1);
   }
 }
@@ -6555,7 +6477,7 @@ function formatBragsTable(brags) {
     const title = brag.title;
     const description = truncateText(brag.description, 100);
     const tags = brag.tags.length > 0 ? brag.tags.join(", ") : colors.dim("none");
-    const repository = brag.repository ? truncateText(extractRepoName(brag.repository), 25) : colors.dim("none");
+    const repository = brag.externalUrl ? truncateText(extractRepoName(brag.externalUrl), 25) : colors.dim("none");
     table.push([
       colors.highlight(date),
       colors.white(title),
@@ -6586,7 +6508,7 @@ function extractRepoName(url) {
     return url;
   }
 }
-function getErrorHint4(error) {
+function getErrorHint2(error) {
   if (error.name === "TokenExpiredError" || error.name === "AuthenticationError") {
     return 'Run "bragduck init" to login again';
   }
@@ -6604,8 +6526,8 @@ init_esm_shims();
 init_storage_service();
 init_logger();
 init_constants();
-import boxen10 from "boxen";
-import chalk8 from "chalk";
+import boxen8 from "boxen";
+import chalk6 from "chalk";
 import Table3 from "cli-table3";
 init_errors();
 var VALID_CONFIG_KEYS = Object.values(CONFIG_KEYS);
@@ -6640,7 +6562,7 @@ async function configCommand(subcommand, key, value) {
     const err = error;
     logger.log("");
     logger.log(
-      boxen10(formatErrorMessage(err.message, getConfigHint(err)), {
+      boxen8(formatErrorMessage(err.message, getConfigHint(err)), {
         padding: 1,
         margin: 1,
         borderStyle: "round",
@@ -6661,7 +6583,7 @@ async function handleListConfig() {
     gitlabInstance: storageService.getConfig("gitlabInstance")
   };
   const table = new Table3({
-    head: [chalk8.cyan("Key"), chalk8.cyan("Value"), chalk8.cyan("Default")],
+    head: [chalk6.cyan("Key"), chalk6.cyan("Value"), chalk6.cyan("Default")],
     colWidths: [25, 40, 40],
     wordWrap: true,
     style: {
@@ -6670,61 +6592,61 @@ async function handleListConfig() {
     }
   });
   table.push([
-    chalk8.white("defaultCommitDays"),
-    chalk8.yellow(String(config2.defaultCommitDays)),
-    chalk8.dim(String(DEFAULT_CONFIG.defaultCommitDays))
+    chalk6.white("defaultCommitDays"),
+    chalk6.yellow(String(config2.defaultCommitDays)),
+    chalk6.dim(String(DEFAULT_CONFIG.defaultCommitDays))
   ]);
   table.push([
-    chalk8.white("autoVersionCheck"),
-    chalk8.yellow(String(config2.autoVersionCheck)),
-    chalk8.dim(String(DEFAULT_CONFIG.autoVersionCheck))
+    chalk6.white("autoVersionCheck"),
+    chalk6.yellow(String(config2.autoVersionCheck)),
+    chalk6.dim(String(DEFAULT_CONFIG.autoVersionCheck))
   ]);
   table.push([
-    chalk8.white("defaultSource"),
-    chalk8.yellow(config2.defaultSource || "not set"),
-    chalk8.dim("not set")
+    chalk6.white("defaultSource"),
+    chalk6.yellow(config2.defaultSource || "not set"),
+    chalk6.dim("not set")
   ]);
   table.push([
-    chalk8.white("sourcePriority"),
-    chalk8.yellow(config2.sourcePriority ? config2.sourcePriority.join(", ") : "not set"),
-    chalk8.dim("not set")
+    chalk6.white("sourcePriority"),
+    chalk6.yellow(config2.sourcePriority ? config2.sourcePriority.join(", ") : "not set"),
+    chalk6.dim("not set")
   ]);
   table.push([
-    chalk8.white("jiraInstance"),
-    chalk8.yellow(config2.jiraInstance || "not set"),
-    chalk8.dim("not set")
+    chalk6.white("jiraInstance"),
+    chalk6.yellow(config2.jiraInstance || "not set"),
+    chalk6.dim("not set")
   ]);
   table.push([
-    chalk8.white("confluenceInstance"),
-    chalk8.yellow(config2.confluenceInstance || "not set"),
-    chalk8.dim("not set")
+    chalk6.white("confluenceInstance"),
+    chalk6.yellow(config2.confluenceInstance || "not set"),
+    chalk6.dim("not set")
   ]);
   table.push([
-    chalk8.white("gitlabInstance"),
-    chalk8.yellow(config2.gitlabInstance || "not set"),
-    chalk8.dim("not set")
+    chalk6.white("gitlabInstance"),
+    chalk6.yellow(config2.gitlabInstance || "not set"),
+    chalk6.dim("not set")
   ]);
   logger.info("Current configuration:");
   logger.log("");
   logger.log(table.toString());
   logger.log("");
-  logger.info(chalk8.dim("To change a value: ") + chalk8.cyan("bragduck config set <key> <value>"));
+  logger.info(chalk6.dim("To change a value: ") + chalk6.cyan("bragduck config set <key> <value>"));
   logger.log("");
 }
 async function handleGetConfig(key) {
   validateConfigKey(key);
   const value = storageService.getConfig(key);
   const defaultValue = DEFAULT_CONFIG[key];
-  logger.info(`Configuration for ${chalk8.cyan(key)}:`);
+  logger.info(`Configuration for ${chalk6.cyan(key)}:`);
   logger.log("");
-  logger.log(`  ${chalk8.white("Current:")} ${chalk8.yellow(String(value))}`);
-  logger.log(`  ${chalk8.white("Default:")} ${chalk8.dim(String(defaultValue))}`);
+  logger.log(`  ${chalk6.white("Current:")} ${chalk6.yellow(String(value))}`);
+  logger.log(`  ${chalk6.white("Default:")} ${chalk6.dim(String(defaultValue))}`);
   logger.log("");
   if (value === defaultValue) {
-    logger.info(chalk8.dim("Using default value"));
+    logger.info(chalk6.dim("Using default value"));
   } else {
     logger.info(
-      chalk8.dim("Custom value set. Reset with: ") + chalk8.cyan(`bragduck config set ${key} ${defaultValue}`)
+      chalk6.dim("Custom value set. Reset with: ") + chalk6.cyan(`bragduck config set ${key} ${defaultValue}`)
     );
   }
   logger.log("");
@@ -6734,10 +6656,10 @@ async function handleSetConfig(key, value) {
   const typedValue = validateAndConvertValue(key, value);
   storageService.setConfig(key, typedValue);
   logger.log(
-    boxen10(
-      `${chalk8.green.bold("\u2713 Configuration updated")}
+    boxen8(
+      `${chalk6.green.bold("\u2713 Configuration updated")}
-${chalk8.white(key)}: ${chalk8.yellow(String(typedValue))}`,
+${chalk6.white(key)}: ${chalk6.yellow(String(typedValue))}`,
       {
         padding: 1,
         margin: 1,
@@ -6834,12 +6756,12 @@ function getConfigHint(error) {
 // src/cli.ts
 init_version();
 init_logger();
-var __filename6 = fileURLToPath6(import.meta.url);
-var __dirname6 = dirname5(__filename6);
-var packageJsonPath = join7(__dirname6, "../../package.json");
-var packageJson = JSON.parse(readFileSync5(packageJsonPath, "utf-8"));
+var __filename7 = fileURLToPath7(import.meta.url);
+var __dirname7 = dirname6(__filename7);
+var packageJsonPath = join8(__dirname7, "../../package.json");
+var packageJson = JSON.parse(readFileSync6(packageJsonPath, "utf-8"));
 var program = new Command();
-program.name("bragduck").description("CLI tool for managing developer achievements and brags\nAliases: bd, duck, brag").version(packageJson.version, "-v, --version", "Display version number").helpOption("-h, --help", "Display help information").option("--skip-version-check", "Skip automatic version check on startup").option("--debug", "Enable debug mode (shows detailed logs)");
+program.name("bragduck").description("CLI tool for managing developer achievements and brags\nAliases: duck, brag").version(packageJson.version, "-v, --version", "Display version number").helpOption("-h, --help", "Display help information").option("--skip-version-check", "Skip automatic version check on startup").option("--debug", "Enable debug mode (shows detailed logs)");
 program.command("auth [subcommand]").description("Manage authentication (subcommands: login, status, bitbucket, gitlab)").action(async (subcommand) => {
   try {
     await authCommand(subcommand);
@@ -6856,22 +6778,6 @@ program.command("sync").description("Sync work items and create brags").option("
     process.exit(1);
   }
 });
-program.command("init").description("Authenticate with Bragduck").action(async () => {
-  try {
-    await initCommand();
-  } catch (error) {
-    console.error(error);
-    process.exit(1);
-  }
-});
-program.command("scan").description("Scan git commits and create brags (deprecated, use sync)").option("-d, --days <number>", "Number of days to scan", (val) => parseInt(val, 10)).option("-a, --all", "Include all commits (not just current user)").action(async (options) => {
-  try {
-    await scanCommand(options);
-  } catch (error) {
-    console.error(error);
-    process.exit(1);
-  }
-});
 program.command("list").description("List your existing brags").option("-l, --limit <number>", "Number of brags to display", (val) => parseInt(val, 10), 50).option("-o, --offset <number>", "Number of brags to skip", (val) => parseInt(val, 10), 0).option("-t, --tags <tags>", "Filter by tags (comma-separated)").option("-s, --search <query>", "Search brags by keyword").option("--oneline", "Show only date and title for each brag").action(async (options) => {
   try {
     await listCommand(options);