@clipdone/cli 0.1.0

package/bin/clipdone.js

@@ -0,0 +1,1424 @@
+#!/usr/bin/env node
+
+// ../api/src/constants.ts
+var API_VERSION = "v1";
+var API_PREFIX = `/api/${API_VERSION}`;
+var API_OAUTH_RESOURCE = "urn:clipdone:agent-api";
+var API_MAX_JSON_BODY_BYTES = 256 * 1024;
+var API_MAX_UPLOAD_FILE_SIZE_BYTES = 500 * 1024 * 1024;
+var API_SCOPES = [
+  "projects:read",
+  "projects:write",
+  "files:write",
+  "processing:run",
+  "outputs:read"
+];
+var API_OAUTH_SCOPES = ["openid", "profile", "email", "offline_access", ...API_SCOPES];
+
+// ../api/src/client.ts
+var ClipDoneApiError = class extends Error {
+  constructor(message, status, code, requestId, details) {
+    super(message);
+    this.status = status;
+    this.code = code;
+    this.requestId = requestId;
+    this.details = details;
+  }
+  status;
+  code;
+  requestId;
+  details;
+};
+var ClipDoneClient = class {
+  constructor(options) {
+    this.options = options;
+    this.fetcher = options.fetch ?? globalThis.fetch;
+  }
+  options;
+  fetcher;
+  async request(path, init = {}) {
+    const token = await this.options.getAccessToken?.();
+    const headers = new Headers(init.headers);
+    headers.set("Accept", "application/json");
+    if (token) headers.set("Authorization", `Bearer ${token}`);
+    if (init.body && !headers.has("Content-Type")) headers.set("Content-Type", "application/json");
+    if (init.idempotencyKey) headers.set("Idempotency-Key", init.idempotencyKey);
+    const response = await this.fetcher(`${this.options.baseUrl.replace(/\/+$/, "")}${API_PREFIX}${path}`, {
+      ...init,
+      headers
+    });
+    const payload = await response.json().catch(() => null);
+    if (!response.ok) {
+      throw new ClipDoneApiError(
+        payload?.error?.message ?? `Request failed with HTTP ${response.status}`,
+        response.status,
+        payload?.error?.code ?? "request_failed",
+        payload?.error?.requestId,
+        payload?.error?.details
+      );
+    }
+    return payload;
+  }
+  async listAll(path, collectionKey) {
+    const items = [];
+    let cursor = null;
+    do {
+      const separator = path.includes("?") ? "&" : "?";
+      const page = await this.request(`${path}${cursor ? `${separator}cursor=${encodeURIComponent(cursor)}&limit=100` : `${separator}limit=100`}`);
+      if (Array.isArray(page?.[collectionKey])) items.push(...page[collectionKey]);
+      cursor = page?.page?.hasMore === true && typeof page?.page?.nextCursor === "string" ? page.page.nextCursor : null;
+    } while (cursor);
+    return items;
+  }
+  getMe() {
+    return this.request("/me");
+  }
+  listProjects(query = "") {
+    return this.request(`/projects${query}`);
+  }
+  createProject(body, idempotencyKey) {
+    return this.request("/projects", { method: "POST", body: JSON.stringify(body), idempotencyKey });
+  }
+  getProject(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}`);
+  }
+  updateProject(projectId, body) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}`, { method: "PATCH", body: JSON.stringify(body) });
+  }
+  deleteProject(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}`, { method: "DELETE" });
+  }
+  getStatus(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/status`);
+  }
+  listFiles(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/files`);
+  }
+  createUpload(projectId, body) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/uploads`, { method: "POST", body: JSON.stringify(body) });
+  }
+  completeUpload(uploadId) {
+    return this.request(`/uploads/${encodeURIComponent(uploadId)}/complete`, { method: "POST" });
+  }
+  updateFile(fileId, body) {
+    return this.request(`/files/${encodeURIComponent(fileId)}`, { method: "PATCH", body: JSON.stringify(body) });
+  }
+  deleteFile(fileId) {
+    return this.request(`/files/${encodeURIComponent(fileId)}`, { method: "DELETE" });
+  }
+  createRun(projectId, body, idempotencyKey) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/runs`, { method: "POST", body: JSON.stringify(body), idempotencyKey });
+  }
+  listRuns(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/runs`);
+  }
+  resumeRun(runId) {
+    return this.request(`/runs/${encodeURIComponent(runId)}/resume`, { method: "POST" });
+  }
+  listOutputs(projectId) {
+    return this.request(`/projects/${encodeURIComponent(projectId)}/outputs`);
+  }
+  createDownloadUrl(outputId, body = {}) {
+    return this.request(`/outputs/${encodeURIComponent(outputId)}/download-url`, { method: "POST", body: JSON.stringify(body) });
+  }
+};
+
+// src/clipdone.js
+import http from "node:http";
+import {
+  createReadStream,
+  createWriteStream,
+  existsSync,
+  chmodSync,
+  lstatSync,
+  mkdirSync,
+  readFileSync,
+  statSync,
+  writeFileSync
+} from "node:fs";
+import { basename, dirname, join } from "node:path";
+import { homedir, platform } from "node:os";
+import { spawn } from "node:child_process";
+import { webcrypto } from "node:crypto";
+import { Readable } from "node:stream";
+import { pipeline } from "node:stream/promises";
+import { fileURLToPath } from "node:url";
+var CONFIG_PATH = join(homedir(), ".clipdone", "config.json");
+var OAUTH_AUTHORIZE_PATH = "/api/auth/oauth2/authorize";
+var OAUTH_REGISTER_PATH = "/api/auth/oauth2/register";
+var OAUTH_TOKEN_PATH = "/api/auth/oauth2/token";
+var OAUTH_REVOKE_PATH = "/api/auth/oauth2/revoke";
+var PRODUCTION_APP_URL = "https://app.clipdone.app";
+var LOCAL_APP_URL = "http://localhost:3000";
+var REQUEST_TIMEOUT_MS = 15e3;
+var REQUEST_GET_RETRY_COUNT = 1;
+var runtimeArgs = {};
+var configCache;
+var BIN_DIR = dirname(fileURLToPath(import.meta.url));
+var SHORT_FLAGS = {
+  h: "help",
+  p: "project",
+  n: "name",
+  t: "type",
+  o: "out",
+  f: "feedback",
+  k: "key"
+};
+function parseArgs(argv) {
+  const args = { _: [] };
+  for (let i = 0; i < argv.length; i += 1) {
+    const value = argv[i];
+    if (!value.startsWith("-") || value === "-") {
+      args._.push(value);
+      continue;
+    }
+    const key = value.startsWith("--") ? value.slice(2) : SHORT_FLAGS[value.slice(1)] ?? value.slice(1);
+    const next = argv[i + 1];
+    if (!next || next.startsWith("-")) {
+      args[key] = true;
+    } else {
+      args[key] = next;
+      i += 1;
+    }
+  }
+  return args;
+}
+function cloneJsonValue(value) {
+  if (value === null || value === void 0) return value;
+  return JSON.parse(JSON.stringify(value));
+}
+function readConfig() {
+  if (configCache) {
+    return cloneJsonValue(configCache);
+  }
+  let parsed = {};
+  if (existsSync(CONFIG_PATH)) {
+    assertSafeConfigPath();
+    hardenConfigPathPermissions();
+    try {
+      parsed = JSON.parse(readFileSync(CONFIG_PATH, "utf8"));
+    } catch {
+      parsed = {};
+    }
+  }
+  configCache = cloneJsonValue(parsed);
+  return cloneJsonValue(parsed);
+}
+function writeConfig(config) {
+  hardenConfigPathPermissions();
+  assertSafeConfigPath();
+  writeFileSync(CONFIG_PATH, `${JSON.stringify(config, null, 2)}
+`, { mode: 384 });
+  hardenConfigPathPermissions();
+  configCache = cloneJsonValue(config);
+}
+function assertSafeConfigPath() {
+  if (!existsSync(CONFIG_PATH)) return;
+  const stats = lstatSync(CONFIG_PATH);
+  if (stats.isSymbolicLink() || !stats.isFile()) {
+    throw new Error(`Refusing to use unsafe ClipDone config path: ${CONFIG_PATH}`);
+  }
+}
+function hardenConfigPathPermissions() {
+  const configDir = dirname(CONFIG_PATH);
+  mkdirSync(configDir, { recursive: true, mode: 448 });
+  try {
+    chmodSync(configDir, 448);
+  } catch {
+  }
+  if (existsSync(CONFIG_PATH)) {
+    assertSafeConfigPath();
+    try {
+      chmodSync(CONFIG_PATH, 384);
+    } catch {
+    }
+  }
+}
+function clearStoredAuth() {
+  const config = readConfig();
+  delete config.token;
+  delete config.tokenExpiresAt;
+  delete config.oauth;
+  writeConfig(config);
+}
+function readStoredOAuthClientRegistration(scope, resource) {
+  const registration = readConfig().oauthClient;
+  if (!registration || typeof registration !== "object") return null;
+  const clientId = normalizeString(registration.clientId);
+  const apiUrl = normalizeString(registration.apiUrl);
+  const storedScope = normalizeString(registration.scope);
+  const storedResource = normalizeString(registration.resource);
+  if (!clientId || !apiUrl || !storedScope || !storedResource) return null;
+  if (apiUrl !== apiBase()) return null;
+  if (storedScope !== normalizeString(scope)) return null;
+  if (storedResource !== normalizeString(resource)) return null;
+  return { clientId };
+}
+function writeStoredOAuthClientRegistration(clientId, scope, resource) {
+  const normalizedClientId = normalizeString(clientId);
+  const normalizedScope = normalizeString(scope);
+  const normalizedResource = normalizeString(resource);
+  if (!normalizedClientId || !normalizedScope || !normalizedResource) return;
+  const config = readConfig();
+  config.oauthClient = {
+    clientId: normalizedClientId,
+    apiUrl: apiBase(),
+    scope: normalizedScope,
+    resource: normalizedResource
+  };
+  writeConfig(config);
+}
+var CliHttpError = class extends Error {
+  constructor(message, options = {}) {
+    super(message);
+    this.name = "CliHttpError";
+    this.status = Number.isFinite(options.status) ? options.status : null;
+    this.errorCode = typeof options.errorCode === "string" ? options.errorCode : null;
+    this.transient = options.transient === true;
+  }
+};
+function createCliHttpError(message, options = {}) {
+  return new CliHttpError(message, options);
+}
+function extractErrorCode(data) {
+  return data && typeof data === "object" && typeof data.error === "string" && data.error.trim() ? data.error.trim() : null;
+}
+function shouldClearStoredAuthOnRefreshError(error) {
+  return error instanceof CliHttpError && (error.errorCode === "invalid_grant" || error.errorCode === "invalid_client");
+}
+async function fetchWithTimeout(url, init = {}, options = {}) {
+  const timeoutMs = Number.isFinite(options.timeoutMs) ? options.timeoutMs : REQUEST_TIMEOUT_MS;
+  const retries = Number.isFinite(options.retries) ? options.retries : 0;
+  for (let attempt = 0; attempt <= retries; attempt += 1) {
+    const controller = new AbortController();
+    const timeout = setTimeout(() => controller.abort(), timeoutMs);
+    try {
+      return await fetch(url, {
+        ...init,
+        signal: controller.signal
+      });
+    } catch (error) {
+      const timedOut = error instanceof DOMException && (error.name === "AbortError" || error.name === "TimeoutError");
+      if (attempt >= retries) {
+        throw createCliHttpError(
+          timedOut ? `Request timed out after ${Math.round(timeoutMs / 1e3)}s.` : `Could not reach ${apiTargetLabel()}.`,
+          { transient: true }
+        );
+      }
+    } finally {
+      clearTimeout(timeout);
+    }
+  }
+  throw createCliHttpError(`Could not reach ${apiTargetLabel()}.`, { transient: true });
+}
+function resolveTarget() {
+  if (runtimeArgs.local === true) return { target: "local", locked: true, dev: true };
+  if (runtimeArgs.prod === true || runtimeArgs.production === true) return { target: "production", locked: true, dev: false };
+  const env = String(process.env.CLIPDONE_ENV || process.env.CLIPDONE_TARGET || "").trim().toLowerCase();
+  if (env === "local" || env === "dev" || env === "development") return { target: "local", locked: true, dev: true };
+  if (env === "prod" || env === "production") return { target: "production", locked: true, dev: false };
+  if (existsSync(join(BIN_DIR, "..", "src", "clipdone.js"))) {
+    return { target: "local", locked: false, dev: true };
+  }
+  return { target: "production", locked: false, dev: false };
+}
+function envUrl(...names) {
+  for (const name of names) {
+    const value = process.env[name]?.trim();
+    if (value) return value;
+  }
+  return void 0;
+}
+function defaultBaseForTarget(kind, target) {
+  if (target === "local") {
+    if (kind === "api") {
+      return envUrl("CLIPDONE_API_URL") || LOCAL_APP_URL;
+    }
+    return envUrl("CLIPDONE_APP_URL") || LOCAL_APP_URL;
+  }
+  if (kind === "api") return envUrl("CLIPDONE_API_URL") || PRODUCTION_APP_URL;
+  return envUrl("CLIPDONE_APP_URL") || PRODUCTION_APP_URL;
+}
+function configuredBase(kind) {
+  const config = readConfig();
+  const { target, locked } = resolveTarget();
+  const targetDefault = defaultBaseForTarget(kind, target);
+  const override = kind === "api" ? runtimeArgs["api-url"] : runtimeArgs["app-url"];
+  if (override) return override;
+  if (target === "production") return targetDefault;
+  if (kind === "api") {
+    return locked ? targetDefault : config.apiUrl || targetDefault;
+  }
+  return locked ? targetDefault : config.appUrl || targetDefault;
+}
+function apiBase() {
+  return configuredBase("api").replace(/\/+$/, "");
+}
+function appBase() {
+  return configuredBase("app").replace(/\/+$/, "");
+}
+function normalizeString(value) {
+  return typeof value === "string" && value.trim() ? value.trim() : null;
+}
+function getManualTokenOverride() {
+  return normalizeString(process.env.CLIPDONE_TOKEN);
+}
+function apiTargetLabel() {
+  return resolveTarget().target === "local" ? "the local ClipDone API" : "ClipDone";
+}
+function targetLabel() {
+  return resolveTarget().target === "local" ? "local" : "production";
+}
+function readStoredOAuthSession() {
+  const oauth = readConfig().oauth;
+  if (!oauth || typeof oauth !== "object") return null;
+  const accessToken = normalizeString(oauth.accessToken);
+  const refreshToken = normalizeString(oauth.refreshToken);
+  const clientId = normalizeString(oauth.clientId);
+  const scope = normalizeString(oauth.scope);
+  const resource = normalizeString(oauth.resource);
+  if (!accessToken || !refreshToken || !clientId || !scope || !resource) {
+    return null;
+  }
+  const accessTokenExpiresAt = Number(oauth.accessTokenExpiresAt);
+  return {
+    accessToken,
+    refreshToken,
+    clientId,
+    scope,
+    resource,
+    accessTokenExpiresAt: Number.isFinite(accessTokenExpiresAt) ? accessTokenExpiresAt : 0
+  };
+}
+function writeStoredOAuthSession(session) {
+  const config = readConfig();
+  delete config.token;
+  delete config.tokenExpiresAt;
+  config.oauth = {
+    accessToken: session.accessToken,
+    refreshToken: session.refreshToken,
+    clientId: session.clientId,
+    scope: session.scope,
+    resource: session.resource,
+    accessTokenExpiresAt: session.accessTokenExpiresAt
+  };
+  config.apiUrl = apiBase();
+  config.appUrl = appBase();
+  writeConfig(config);
+}
+function hasStoredAuth() {
+  return Boolean(getManualTokenOverride() || readStoredOAuthSession());
+}
+function authFailureMessage() {
+  if (getManualTokenOverride()) {
+    return "The current `CLIPDONE_TOKEN` is not valid. Update it or run `clipdone login` without that override.";
+  }
+  return "Stored CLI login is no longer valid. Run `clipdone login` again.";
+}
+function parseResponseBody(text) {
+  if (!text) return null;
+  try {
+    return JSON.parse(text);
+  } catch {
+    return text;
+  }
+}
+function isHtmlDocument(value) {
+  if (typeof value !== "string") return false;
+  const normalized = value.trim().toLowerCase();
+  return normalized.startsWith("<!doctype html") || normalized.startsWith("<html");
+}
+function compactText(value, maxLength = 220) {
+  if (typeof value !== "string") return null;
+  const normalized = value.replace(/\s+/g, " ").trim();
+  if (!normalized) return null;
+  return normalized.length > maxLength ? `${normalized.slice(0, maxLength - 1)}\u2026` : normalized;
+}
+function summarizeHttpFailure(response, data, fallbackLabel) {
+  const contentType = response.headers.get("content-type") || "";
+  const statusLabel = response.statusText ? ` ${response.statusText}` : "";
+  if (data && typeof data === "object") {
+    if (typeof data.error_description === "string" && data.error_description.trim()) {
+      return data.error_description.trim();
+    }
+    if (typeof data.error === "string" && data.error.trim()) {
+      return data.error.trim();
+    }
+    if (typeof data.message === "string" && data.message.trim()) {
+      return data.message.trim();
+    }
+  }
+  if (typeof data === "string") {
+    const compact = compactText(data);
+    if (compact && !isHtmlDocument(compact) && !contentType.toLowerCase().includes("text/html")) {
+      return compact;
+    }
+  }
+  if (response.status === 404) {
+    return `${fallbackLabel} failed with HTTP 404. The selected ${targetLabel()} target is likely not serving the ClipDone API routes.`;
+  }
+  return `${fallbackLabel} failed with HTTP ${response.status}${statusLabel ? statusLabel : ""}.`;
+}
+function normalizeOAuthExpiry(data) {
+  const expiresAt = Number(data?.expires_at);
+  if (Number.isFinite(expiresAt) && expiresAt > 0) {
+    return expiresAt > 1e12 ? expiresAt : expiresAt * 1e3;
+  }
+  const expiresIn = Number(data?.expires_in);
+  if (Number.isFinite(expiresIn) && expiresIn > 0) {
+    return Date.now() + expiresIn * 1e3;
+  }
+  return Date.now() + 60 * 60 * 1e3;
+}
+function parseOAuthTokenPayload(data, fallback) {
+  const accessToken = normalizeString(data?.access_token);
+  const refreshToken = normalizeString(data?.refresh_token) || fallback?.refreshToken || null;
+  const clientId = normalizeString(fallback?.clientId);
+  const scope = normalizeString(data?.scope) || fallback?.scope || null;
+  const resource = normalizeString(fallback?.resource);
+  if (!accessToken || !refreshToken || !clientId || !scope || !resource) {
+    throw new Error("OAuth token response was incomplete.");
+  }
+  return {
+    accessToken,
+    refreshToken,
+    clientId,
+    scope,
+    resource,
+    accessTokenExpiresAt: normalizeOAuthExpiry(data)
+  };
+}
+async function oauthTokenRequest(params, fallbackSession) {
+  let response;
+  try {
+    response = await fetchWithTimeout(`${apiBase()}${OAUTH_TOKEN_PATH}`, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams(params).toString()
+    });
+  } catch (error) {
+    if (error instanceof CliHttpError) throw error;
+    throw createCliHttpError(`Could not reach ${apiTargetLabel()}.`, { transient: true });
+  }
+  const text = await response.text();
+  const data = parseResponseBody(text);
+  if (!response.ok) {
+    throw createCliHttpError(summarizeHttpFailure(response, data, "OAuth token request"), {
+      status: response.status,
+      errorCode: extractErrorCode(data),
+      transient: response.status >= 500
+    });
+  }
+  return parseOAuthTokenPayload(data, fallbackSession);
+}
+async function oauthRegisterClient({ scope }) {
+  let response;
+  try {
+    response = await fetchWithTimeout(`${apiBase()}${OAUTH_REGISTER_PATH}`, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/json"
+      },
+      body: JSON.stringify({
+        client_name: "ClipDone CLI",
+        redirect_uris: ["http://127.0.0.1/callback"],
+        grant_types: ["authorization_code", "refresh_token"],
+        response_types: ["code"],
+        token_endpoint_auth_method: "none",
+        type: "native",
+        scope
+      })
+    });
+  } catch (error) {
+    if (error instanceof CliHttpError) throw error;
+    throw createCliHttpError(`Could not reach ${apiTargetLabel()}.`, { transient: true });
+  }
+  const text = await response.text();
+  const data = parseResponseBody(text);
+  if (!response.ok) {
+    throw createCliHttpError(summarizeHttpFailure(response, data, "OAuth client registration"), {
+      status: response.status,
+      errorCode: extractErrorCode(data),
+      transient: response.status >= 500
+    });
+  }
+  const clientId = normalizeString(data?.client_id);
+  if (!clientId) {
+    throw new Error("OAuth client registration did not return a client_id.");
+  }
+  return { clientId };
+}
+async function resolveOAuthClient(authConfig) {
+  const cached = readStoredOAuthClientRegistration(authConfig?.scope, authConfig?.resource);
+  if (cached) {
+    return cached;
+  }
+  const registered = await oauthRegisterClient({ scope: authConfig.scope });
+  writeStoredOAuthClientRegistration(registered.clientId, authConfig.scope, authConfig.resource);
+  return registered;
+}
+async function refreshStoredAccessToken(force = false) {
+  const manualToken = getManualTokenOverride();
+  if (manualToken) return manualToken;
+  const session = readStoredOAuthSession();
+  if (!session) return null;
+  if (!force && session.accessTokenExpiresAt > Date.now() + 6e4) {
+    return session.accessToken;
+  }
+  try {
+    const refreshed = await oauthTokenRequest(
+      {
+        grant_type: "refresh_token",
+        client_id: session.clientId,
+        refresh_token: session.refreshToken,
+        resource: session.resource
+      },
+      session
+    );
+    writeStoredOAuthSession(refreshed);
+    return refreshed.accessToken;
+  } catch (error) {
+    if (shouldClearStoredAuthOnRefreshError(error)) {
+      clearStoredAuth();
+      throw new Error(authFailureMessage());
+    }
+    if (error instanceof Error) throw error;
+    throw new Error("Could not refresh the CLI login.");
+  }
+}
+async function revokeOAuthToken(token, clientId, hint) {
+  if (!token || !clientId) return;
+  let response;
+  try {
+    response = await fetchWithTimeout(`${apiBase()}${OAUTH_REVOKE_PATH}`, {
+      method: "POST",
+      headers: {
+        Accept: "application/json",
+        "Content-Type": "application/x-www-form-urlencoded"
+      },
+      body: new URLSearchParams({
+        client_id: clientId,
+        token,
+        token_type_hint: hint
+      }).toString()
+    });
+  } catch (error) {
+    if (error instanceof CliHttpError) throw error;
+    throw createCliHttpError(`Could not reach ${apiTargetLabel()}.`, { transient: true });
+  }
+  if (!response.ok) {
+    const text = await response.text();
+    const data = parseResponseBody(text);
+    throw createCliHttpError(summarizeHttpFailure(response, data, "OAuth revocation"), {
+      status: response.status,
+      errorCode: extractErrorCode(data),
+      transient: response.status >= 500
+    });
+  }
+}
+async function request(path, options = {}) {
+  const authMode = options.auth === false || options.auth === "none" ? "none" : options.auth === "optional" ? "optional" : "required";
+  const manualToken = getManualTokenOverride();
+  const token = authMode === "none" ? null : manualToken || await refreshStoredAccessToken(false);
+  if (authMode === "required" && !token) {
+    throw new Error("Not logged in. Run `clipdone login` first.");
+  }
+  const execute = async (bearerToken) => {
+    try {
+      const client = new ClipDoneClient({
+        baseUrl: apiBase(),
+        getAccessToken: () => bearerToken,
+        fetch: (url, init) => fetchWithTimeout(url, init, {
+          retries: (options.method || "GET").toUpperCase() === "GET" ? REQUEST_GET_RETRY_COUNT : 0
+        })
+      });
+      return await client.request(path, {
+        method: options.method || "GET",
+        headers: options.headers,
+        body: options.body ? JSON.stringify(options.body) : void 0,
+        idempotencyKey: options.idempotencyKey
+      });
+    } catch (error) {
+      if (error instanceof ClipDoneApiError) throw error;
+      if (error instanceof CliHttpError) throw error;
+      throw createCliHttpError(`Could not reach ${apiTargetLabel()}.`, { transient: true });
+    }
+  };
+  try {
+    return await execute(token);
+  } catch (error) {
+    if (error instanceof ClipDoneApiError && error.status === 401 && !manualToken && authMode !== "none" && readStoredOAuthSession()) {
+      try {
+        return await execute(await refreshStoredAccessToken(true));
+      } catch (retryError) {
+        error = retryError;
+      }
+    }
+    if (error instanceof ClipDoneApiError && error.status === 401) {
+      if (!manualToken) {
+        clearStoredAuth();
+        if (authMode === "optional") return null;
+      }
+      throw new Error(authFailureMessage());
+    }
+    throw error;
+  }
+}
+async function requestAll(path, collectionKey) {
+  const values = [];
+  let cursor = null;
+  do {
+    const separator = path.includes("?") ? "&" : "?";
+    const page = await request(`${path}${separator}limit=100${cursor ? `&cursor=${encodeURIComponent(cursor)}` : ""}`);
+    if (Array.isArray(page?.[collectionKey])) values.push(...page[collectionKey]);
+    cursor = page?.page?.hasMore === true && typeof page?.page?.nextCursor === "string" ? page.page.nextCursor : null;
+  } while (cursor);
+  return values;
+}
+function printJson(value) {
+  process.stdout.write(`${JSON.stringify(value, null, 2)}
+`);
+}
+function writeLine(text = "") {
+  process.stdout.write(`${text}
+`);
+}
+function output(value) {
+  printJson(value);
+}
+function formatBytes(bytes) {
+  if (typeof bytes !== "number" || !Number.isFinite(bytes) || bytes <= 0) return null;
+  const units = ["B", "KB", "MB", "GB", "TB"];
+  let value = bytes;
+  let index = 0;
+  while (value >= 1024 && index < units.length - 1) {
+    value /= 1024;
+    index += 1;
+  }
+  return `${value.toFixed(value >= 10 || index === 0 ? 0 : 1)} ${units[index]}`;
+}
+function normalizeStatus(value) {
+  const text = String(value ?? "").trim();
+  if (!text) return null;
+  return text.toLowerCase();
+}
+function pickObjectEntries(entries) {
+  return Object.fromEntries(entries.filter(([, value]) => value !== void 0 && value !== null && value !== ""));
+}
+function buildMeView(data) {
+  if (!data || data.authenticated !== true) {
+    return { authenticated: false };
+  }
+  return pickObjectEntries([
+    ["authenticated", true],
+    ["name", data?.name ?? void 0],
+    ["email", data?.email ?? void 0],
+    ["company", data?.company ?? void 0]
+  ]);
+}
+function buildUploadView(data, args, stats, fileName, category) {
+  return pickObjectEntries([
+    ["message", "Upload complete."],
+    ["projectId", args.project],
+    ["fileId", data?.fileId ? String(data.fileId) : void 0],
+    ["type", category],
+    ["file", fileName],
+    ["sizeBytes", stats.size],
+    ["size", formatBytes(stats.size)]
+  ]);
+}
+function buildProcessView(data, args, command) {
+  return pickObjectEntries([
+    ["message", command === "revise" ? "Revision queued." : "Processing started."],
+    ["projectId", args.project],
+    ["queued", data?.queued === true],
+    ["currentStage", normalizeStatus(data?.bootstrapStage)],
+    ["timelineVersionId", data?.timelineVersionId ? String(data.timelineVersionId) : void 0],
+    ["renderSkipped", data?.skippedRender === true]
+  ]);
+}
+function buildDownloadView(data, outPath) {
+  return outPath ? { message: `Downloaded to ${outPath}`, path: outPath } : pickObjectEntries([["downloadUrl", data?.url ?? void 0]]);
+}
+var AUTH_COMMANDS = /* @__PURE__ */ new Set(["login", "me", "logout", "revoke"]);
+var PROJECT_RESOURCE_COMMANDS = /* @__PURE__ */ new Set(["project", "projects"]);
+var FILE_RESOURCE_COMMANDS = /* @__PURE__ */ new Set(["file", "files"]);
+var OUTPUT_RESOURCE_COMMANDS = /* @__PURE__ */ new Set(["output", "outputs"]);
+function commandUsageError(message, usage) {
+  return new Error(usage ? `${message}
+Usage: ${usage}` : message);
+}
+function requireExactPositionals(parts, count, usage) {
+  if (parts.length !== count) {
+    throw commandUsageError("Unexpected positional arguments.", usage);
+  }
+}
+function normalizeProjectAction(value) {
+  if (value === "show") return "get";
+  if (value === "run") return "process";
+  if (["get", "create", "update", "delete", "upload", "files", "process", "revise", "status", "outputs", "runs"].includes(value)) {
+    return value;
+  }
+  return null;
+}
+function normalizeFileAction(value) {
+  if (value === "remove") return "delete";
+  if (["update", "delete"].includes(value)) return value;
+  return null;
+}
+function normalizeOutputAction(value) {
+  if (["download"].includes(value)) return value;
+  return null;
+}
+function parseProjectScopedCommand(args, parts, action, actionIndex) {
+  const canonicalAction = normalizeProjectAction(action);
+  if (!canonicalAction) {
+    throw commandUsageError(
+      `Unknown projects action: ${action}.`,
+      "clipdone projects [list|create|<project_id> [get|update|delete|upload|files|process|revise|status|outputs|runs]]"
+    );
+  }
+  if (canonicalAction === "create") {
+    requireExactPositionals(parts, actionIndex + 1, "clipdone projects create [--name <name>] [--description <text>]");
+    return { key: "project-create" };
+  }
+  if (!args.project) {
+    throw commandUsageError(`Missing project ID for \`${canonicalAction}\`.`, `clipdone projects <project_id> ${canonicalAction}`);
+  }
+  if (canonicalAction === "upload") {
+    const fileIndex = actionIndex + 1;
+    if (typeof parts[fileIndex] !== "string") {
+      throw commandUsageError("Missing file path.", "clipdone projects <project_id> upload <file> --type footage|music|script");
+    }
+    requireExactPositionals(parts, fileIndex + 1, "clipdone projects <project_id> upload <file> --type footage|music|script");
+    if (!args.file) args.file = parts[fileIndex];
+    return { key: "project-upload" };
+  }
+  requireExactPositionals(parts, actionIndex + 1, `clipdone projects <project_id> ${canonicalAction}`);
+  return { key: canonicalAction === "get" ? "project-get" : `project-${canonicalAction}` };
+}
+function parseProjectCommand(args, parts) {
+  if (parts.length === 1) {
+    return { key: "projects-list" };
+  }
+  const second = parts[1];
+  if (second === "list" || second === "ls") {
+    requireExactPositionals(parts, 2, "clipdone projects list");
+    return { key: "projects-list" };
+  }
+  if (second === "create") {
+    return parseProjectScopedCommand(args, parts, "create", 1);
+  }
+  const secondAction = normalizeProjectAction(second);
+  if (secondAction && secondAction !== "create") {
+    if (typeof parts[2] !== "string") {
+      throw commandUsageError(`Missing project ID for \`${secondAction}\`.`, `clipdone projects <project_id> ${secondAction}`);
+    }
+    if (!args.project) args.project = parts[2];
+    if (secondAction === "upload") {
+      if (typeof parts[3] !== "string") {
+        throw commandUsageError("Missing file path.", "clipdone project upload <project_id> <file> --type footage|music|script");
+      }
+      requireExactPositionals(parts, 4, "clipdone project upload <project_id> <file> --type footage|music|script");
+      if (!args.file) args.file = parts[3];
+      return { key: "project-upload" };
+    }
+    requireExactPositionals(parts, 3, `clipdone project ${secondAction} <project_id>`);
+    return { key: secondAction === "get" ? "project-get" : `project-${secondAction}` };
+  }
+  if (!args.project) args.project = second;
+  if (parts.length === 2) {
+    return { key: "project-get" };
+  }
+  return parseProjectScopedCommand(args, parts, parts[2], 2);
+}
+function parseFileCommand(args, parts) {
+  if (parts.length === 1) {
+    if (args.project) {
+      return { key: "project-files" };
+    }
+    throw commandUsageError(
+      "Files are listed per project, and file mutations require a file ID.",
+      "clipdone projects <project_id> files | clipdone files <file_id> update | clipdone files <file_id> delete"
+    );
+  }
+  const secondAction = normalizeFileAction(parts[1]);
+  if (secondAction) {
+    if (typeof parts[2] !== "string") {
+      throw commandUsageError(`Missing file ID for \`${secondAction}\`.`, `clipdone files <file_id> ${secondAction}`);
+    }
+    if (!args.file) args.file = parts[2];
+    requireExactPositionals(parts, 3, `clipdone files <file_id> ${secondAction}`);
+    return { key: `file-${secondAction}` };
+  }
+  if (!args.file) args.file = parts[1];
+  const action = normalizeFileAction(parts[2]);
+  if (!action) {
+    throw commandUsageError(
+      `Unknown files action: ${String(parts[2] ?? "") || "(missing)"}.`,
+      "clipdone files <file_id> update | clipdone files <file_id> delete"
+    );
+  }
+  requireExactPositionals(parts, 3, `clipdone files <file_id> ${action}`);
+  return { key: `file-${action}` };
+}
+function parseOutputCommand(args, parts) {
+  if (parts.length === 1) {
+    if (args.project) {
+      return { key: "project-outputs" };
+    }
+    throw commandUsageError(
+      "Outputs are listed per project, and output downloads require an output ID.",
+      "clipdone projects <project_id> outputs | clipdone outputs <output_id> download"
+    );
+  }
+  const secondAction = normalizeOutputAction(parts[1]);
+  if (secondAction) {
+    if (typeof parts[2] !== "string") {
+      throw commandUsageError("Missing output ID.", "clipdone outputs <output_id> download");
+    }
+    if (!args.output) args.output = parts[2];
+    requireExactPositionals(parts, 3, "clipdone outputs <output_id> download");
+    return { key: "output-download" };
+  }
+  if (!args.output) args.output = parts[1];
+  const action = normalizeOutputAction(parts[2]);
+  if (!action) {
+    throw commandUsageError(
+      `Unknown outputs action: ${String(parts[2] ?? "") || "(missing)"}.`,
+      "clipdone outputs <output_id> download"
+    );
+  }
+  requireExactPositionals(parts, 3, "clipdone outputs <output_id> download");
+  return { key: "output-download" };
+}
+function parseAuthCommand(parts) {
+  if (!AUTH_COMMANDS.has(parts[1]) || parts.length !== 2) {
+    throw commandUsageError("Unknown auth command.", "clipdone auth login | me | logout | revoke");
+  }
+  return { key: parts[1] };
+}
+function parseLegacyCommand(args, parts) {
+  const command = parts[0];
+  if (AUTH_COMMANDS.has(command)) {
+    requireExactPositionals(parts, 1, `clipdone ${command}`);
+    return { key: command };
+  }
+  if (command === "profile") {
+    return { key: "profile" };
+  }
+  if (command === "upload") {
+    if (typeof parts[1] !== "string") {
+      throw commandUsageError("Missing file path.", "clipdone upload <file> --project <project_id> --type footage|music|script");
+    }
+    requireExactPositionals(parts, 2, "clipdone upload <file> --project <project_id> --type footage|music|script");
+    if (!args.file) args.file = parts[1];
+    return { key: "project-upload" };
+  }
+  if (command === "process" || command === "revise") {
+    requireExactPositionals(parts, 1, `clipdone ${command} --project <project_id>`);
+    return { key: `project-${command}` };
+  }
+  if (command === "status") {
+    requireExactPositionals(parts, 1, "clipdone status --project <project_id>");
+    return { key: "project-status" };
+  }
+  if (command === "download") {
+    if (typeof parts[1] !== "string") {
+      throw commandUsageError("Missing output ID.", "clipdone download <output_id> [--artifact <name>] [--out <file>]");
+    }
+    requireExactPositionals(parts, 2, "clipdone download <output_id> [--artifact <name>] [--out <file>]");
+    if (!args.output) args.output = parts[1];
+    return { key: "output-download" };
+  }
+  throw commandUsageError(`Unknown command: ${command}.`, "clipdone --help");
+}
+function parseTopLevelCommand(args) {
+  const parts = Array.isArray(args._) ? args._ : [];
+  if (parts.length === 0 || parts[0] === "help") {
+    return { key: "help" };
+  }
+  if (parts[0] === "auth") {
+    return parseAuthCommand(parts);
+  }
+  if (PROJECT_RESOURCE_COMMANDS.has(parts[0])) {
+    return parseProjectCommand(args, parts);
+  }
+  if (FILE_RESOURCE_COMMANDS.has(parts[0])) {
+    return parseFileCommand(args, parts);
+  }
+  if (OUTPUT_RESOURCE_COMMANDS.has(parts[0])) {
+    return parseOutputCommand(args, parts);
+  }
+  return parseLegacyCommand(args, parts);
+}
+function resolveUploadCategory(rawValue) {
+  const value = String(rawValue ?? "footage").trim().toLowerCase();
+  if (!value) return "footage";
+  if (["footage", "video", "visual", "image", "photo", "picture", "broll", "b-roll"].includes(value)) return "footage";
+  if (["music", "audio", "song"].includes(value)) return "music";
+  if (["script", "text"].includes(value)) return "script";
+  throw new Error("Unsupported upload type. Use footage, music, or script.");
+}
+function summarizeUploadFailure(response, bodyText) {
+  const compact = compactText(bodyText);
+  const codeMatch = typeof bodyText === "string" ? bodyText.match(/<Code>([^<]+)<\/Code>/i) : null;
+  const messageMatch = typeof bodyText === "string" ? bodyText.match(/<Message>([^<]+)<\/Message>/i) : null;
+  const errorCode = codeMatch?.[1]?.trim();
+  const errorMessage = messageMatch?.[1]?.trim();
+  if (errorCode || errorMessage) {
+    return `Upload failed with HTTP ${response.status}${errorCode ? ` (${errorCode})` : ""}${errorMessage ? `: ${errorMessage}` : ""}`;
+  }
+  if (compact && !isHtmlDocument(compact)) {
+    return `Upload failed with HTTP ${response.status}: ${compact}`;
+  }
+  return `Upload failed with HTTP ${response.status}`;
+}
+function printHelp() {
+  const target = resolveTarget();
+  const devHelp = target.dev;
+  writeLine("Usage: clipdone <command> [options]");
+  writeLine();
+  writeLine("Preferred commands:");
+  writeLine("  auth login                         Authorize this CLI in your browser");
+  writeLine("  me                                 Show the current CLI login");
+  writeLine("  auth logout                        Remove the local login only");
+  writeLine("  auth revoke                        Revoke the current CLI login");
+  writeLine("                                     Login options: --no-open --print-auth-url");
+  writeLine("  projects                           List projects");
+  writeLine("  projects create [--name <name>]    Create a project");
+  writeLine("                                     If omitted, ClipDone uses the same default name as the web app");
+  writeLine("  projects <project_id>              Show a project summary");
+  writeLine("  projects <project_id> update [--name <name>] [--description <text>] [--slug <slug>]");
+  writeLine("                                     Optional: --settings-file <json> or --settings '<json>'");
+  writeLine("  projects <project_id> delete       Delete a project");
+  writeLine("  projects <project_id> upload <file> --type footage|music|script");
+  writeLine("                                     Upload media or script files");
+  writeLine("  projects <project_id> files        List uploaded project files");
+  writeLine("  projects <project_id> process      Start the first edit pass");
+  writeLine("  projects <project_id> revise       Create a revised version from feedback");
+  writeLine("  projects <project_id> status       Show project and processing status");
+  writeLine("  projects <project_id> outputs      List exported versions");
+  writeLine("  projects <project_id> runs         List processing and revision runs");
+  writeLine("  outputs <output_id> download [--artifact <name>] [--out <file>]");
+  writeLine("                                     Download the final video or a targeted artifact");
+  writeLine("  files <file_id> update [--name <name>] [--description <text>]");
+  writeLine("  files <file_id> delete             Delete an uploaded file");
+  writeLine();
+  writeLine("Compatibility aliases still work:");
+  writeLine("  login, logout, revoke, project ..., file ..., output ..., upload, process, revise, status, download");
+  writeLine();
+  writeLine("Notes:");
+  writeLine("  Account setup, billing, legal acceptance, and account-profile changes stay in the browser.");
+  writeLine("  Project creation, uploads, processing, revisions, status, and downloads are supported here.");
+  writeLine();
+  writeLine("Examples:");
+  writeLine("  clipdone projects");
+  writeLine("  clipdone projects create");
+  writeLine('  clipdone projects create --name "Project name"');
+  writeLine("  clipdone projects <id> upload ./IMG_825.mp4 --type footage");
+  writeLine('  clipdone projects <id> upload "/path/with spaces/video (1).mp4" --type footage');
+  writeLine("  clipdone projects <id> process");
+  writeLine("  clipdone projects <id> status");
+  writeLine("  clipdone auth login --no-open");
+  writeLine();
+  writeLine("Useful options:");
+  writeLine("  --help                             Show command help");
+  if (devHelp) {
+    writeLine();
+    writeLine("Development target options:");
+    writeLine("  --local                            Use the local ClipDone target");
+    writeLine("  --prod                             Use the production ClipDone target");
+    writeLine("  --app-url <url>                    Override browser authorization URL");
+    writeLine("  --api-url <url>                    Override ClipDone API URL");
+  }
+}
+function readJsonFile(filePath) {
+  try {
+    return JSON.parse(readFileSync(filePath, "utf8"));
+  } catch (error) {
+    throw new Error(`Could not read JSON from ${filePath}: ${error instanceof Error ? error.message : String(error)}`);
+  }
+}
+function normalizeFeedbackNotes(value) {
+  if (!value) return [];
+  if (Array.isArray(value)) return value;
+  if (Array.isArray(value.feedbackNotes)) return value.feedbackNotes;
+  if (typeof value.content === "string") return [value];
+  throw new Error("Feedback JSON must be an array, an object with feedbackNotes, or a single feedback note.");
+}
+function normalizeSubtitleEdits(value) {
+  if (!value) return [];
+  if (Array.isArray(value)) return value;
+  if (Array.isArray(value.subtitles)) return value.subtitles;
+  throw new Error("Subtitle JSON must be an array or an object with subtitles.");
+}
+function readSettingsInput(args) {
+  if (typeof args["settings-file"] === "string") {
+    const value = readJsonFile(args["settings-file"]);
+    if (!value || typeof value !== "object" || Array.isArray(value)) {
+      throw new Error("Settings file must contain a JSON object.");
+    }
+    return value;
+  }
+  if (typeof args.settings === "string") {
+    try {
+      const value = JSON.parse(args.settings);
+      if (!value || typeof value !== "object" || Array.isArray(value)) {
+        throw new Error("Settings value must be a JSON object.");
+      }
+      return value;
+    } catch (error) {
+      throw new Error(`Could not parse JSON from --settings: ${error instanceof Error ? error.message : String(error)}`);
+    }
+  }
+  return null;
+}
+function openBrowser(url) {
+  const command = platform() === "darwin" ? "open" : platform() === "win32" ? "cmd" : "xdg-open";
+  const args = platform() === "win32" ? ["/c", "start", "", url] : [url];
+  const child = spawn(command, args, { detached: true, stdio: "ignore" });
+  child.unref();
+}
+function base64UrlEncode(bytes) {
+  return Buffer.from(bytes).toString("base64").replaceAll("+", "-").replaceAll("/", "_").replaceAll("=", "");
+}
+function randomState() {
+  return base64UrlEncode(webcrypto.getRandomValues(new Uint8Array(24)));
+}
+function generateCodeVerifier() {
+  return base64UrlEncode(webcrypto.getRandomValues(new Uint8Array(48)));
+}
+async function generateCodeChallenge(verifier) {
+  const digest = await webcrypto.subtle.digest("SHA-256", new TextEncoder().encode(verifier));
+  return base64UrlEncode(new Uint8Array(digest));
+}
+async function login(args) {
+  const authConfig = { resource: API_OAUTH_RESOURCE, scope: API_OAUTH_SCOPES.join(" ") };
+  const oauthClient = await resolveOAuthClient(authConfig);
+  const state = randomState();
+  const codeVerifier = generateCodeVerifier();
+  const codeChallenge = await generateCodeChallenge(codeVerifier);
+  const server = http.createServer();
+  const port = await new Promise((resolve, reject) => {
+    server.once("error", reject);
+    server.listen(0, "127.0.0.1", () => resolve(server.address().port));
+  });
+  const redirectUri = `http://127.0.0.1:${port}/callback`;
+  const authUrl = new URL(OAUTH_AUTHORIZE_PATH, appBase());
+  authUrl.searchParams.set("client_id", oauthClient.clientId);
+  authUrl.searchParams.set("response_type", "code");
+  authUrl.searchParams.set("scope", authConfig.scope);
+  authUrl.searchParams.set("state", state);
+  authUrl.searchParams.set("redirect_uri", redirectUri);
+  authUrl.searchParams.set("code_challenge", codeChallenge);
+  authUrl.searchParams.set("code_challenge_method", "S256");
+  authUrl.searchParams.set("resource", authConfig.resource);
+  const browserStartUrl = new URL("/agents/start", appBase());
+  browserStartUrl.search = authUrl.search;
+  const authUrlText = browserStartUrl.toString();
+  const shouldOpenBrowser = args["no-open"] !== true;
+  const shouldPrintAuthUrl = args["print-auth-url"] === true || !shouldOpenBrowser;
+  await new Promise((resolve, reject) => {
+    let settled = false;
+    const timeout = setTimeout(() => {
+      server.close();
+      reject(new Error("Login timed out."));
+    }, 5 * 60 * 1e3);
+    server.on("request", async (req, res) => {
+      try {
+        const url = new URL(req.url || "/", redirectUri);
+        if (url.pathname !== "/callback") {
+          res.writeHead(404).end("Not found");
+          return;
+        }
+        if (settled) {
+          res.writeHead(409).end("Authorization already completed");
+          return;
+        }
+        if (url.searchParams.get("state") !== state) {
+          res.writeHead(400).end("State mismatch");
+          return;
+        }
+        const returnedCode = url.searchParams.get("code");
+        const returnedError = url.searchParams.get("error");
+        if (!returnedCode) {
+          const message = returnedError ? `Authorization failed: ${returnedError}` : "Missing authorization code.";
+          res.writeHead(400).end(message);
+          clearTimeout(timeout);
+          server.close();
+          reject(new Error(message));
+          return;
+        }
+        settled = true;
+        const session = await oauthTokenRequest(
+          {
+            grant_type: "authorization_code",
+            client_id: oauthClient.clientId,
+            code: returnedCode,
+            code_verifier: codeVerifier,
+            redirect_uri: redirectUri,
+            resource: authConfig.resource
+          },
+          {
+            clientId: oauthClient.clientId,
+            scope: authConfig.scope,
+            resource: authConfig.resource
+          }
+        );
+        writeStoredOAuthSession(session);
+        res.writeHead(200, { "Content-Type": "text/plain" }).end("ClipDone CLI authorized. You can close this tab.");
+        clearTimeout(timeout);
+        server.close();
+        resolve(void 0);
+      } catch (error) {
+        const message = error instanceof Error ? error.message : String(error);
+        if (!res.headersSent) {
+          res.writeHead(500, { "Content-Type": "text/plain" }).end(`ClipDone CLI authorization failed: ${message}`);
+        }
+        clearTimeout(timeout);
+        server.close();
+        reject(error);
+      }
+    });
+    if (shouldPrintAuthUrl) {
+      process.stderr.write(`Open this URL in a browser:
+${authUrlText}
+`);
+    }
+    if (shouldOpenBrowser) {
+      process.stderr.write("Opening browser for ClipDone sign-in...\n");
+      try {
+        openBrowser(authUrlText);
+      } catch {
+        if (!shouldPrintAuthUrl) {
+          process.stderr.write(`Open this URL in a browser:
+${authUrlText}
+`);
+        }
+      }
+    } else {
+      process.stderr.write("Waiting for ClipDone sign-in in your browser...\n");
+    }
+  });
+  writeLine("Logged in.");
+}
+async function upload(args) {
+  const filePath = typeof args.file === "string" ? args.file : args._[0] === "upload" ? args._[1] : null;
+  if (!args.project) throw new Error("--project is required");
+  if (!filePath) throw new Error("File path is required");
+  const stats = statSync(filePath);
+  const category = resolveUploadCategory(args.type);
+  const fileName = args.name || basename(filePath);
+  const contentType = args.contentType || inferContentType(fileName);
+  const presign = await request(`/projects/${encodeURIComponent(args.project)}/uploads`, {
+    method: "POST",
+    body: {
+      fileName,
+      fileSize: stats.size,
+      contentType,
+      category
+    }
+  });
+  const uploadResponse = await fetch(presign.uploadUrl, {
+    method: "PUT",
+    headers: {
+      "Content-Type": contentType,
+      "Content-Length": String(stats.size)
+    },
+    body: createReadStream(filePath),
+    duplex: "half"
+  });
+  if (!uploadResponse.ok) {
+    throw new Error(summarizeUploadFailure(uploadResponse, await uploadResponse.text()));
+  }
+  const asset = await request(`/uploads/${encodeURIComponent(presign.uploadId)}/complete`, { method: "POST" });
+  output(buildUploadView(asset, args, stats, fileName, category));
+}
+function inferContentType(fileName) {
+  const lower = fileName.toLowerCase();
+  if (lower.endsWith(".mp4")) return "video/mp4";
+  if (lower.endsWith(".mov")) return "video/quicktime";
+  if (lower.endsWith(".webm")) return "video/webm";
+  if (lower.endsWith(".png")) return "image/png";
+  if (lower.endsWith(".jpg") || lower.endsWith(".jpeg")) return "image/jpeg";
+  if (lower.endsWith(".mp3")) return "audio/mpeg";
+  if (lower.endsWith(".wav")) return "audio/wav";
+  if (lower.endsWith(".txt") || lower.endsWith(".md")) return "text/plain";
+  return "application/octet-stream";
+}
+async function download(args) {
+  const body = {
+    artifact: args.artifact,
+    filename: args.filename
+  };
+  if (!args.output) throw new Error("Output ID is required");
+  const result = await request(`/outputs/${encodeURIComponent(args.output)}/download-url`, { method: "POST", body });
+  if (!args.out) {
+    output(buildDownloadView(result));
+    return;
+  }
+  const response = await fetch(result.url);
+  if (!response.ok || !response.body) throw new Error(`Download failed with HTTP ${response.status}`);
+  await pipeline(Readable.fromWeb(response.body), createWriteStream(args.out));
+  output(buildDownloadView(result, args.out));
+}
+function buildProcessingBody(args) {
+  if (!args.project) throw new Error("--project is required");
+  const feedbackNotes = [];
+  if (typeof args.feedback === "string" && args.feedback.trim()) {
+    feedbackNotes.push({ content: args.feedback.trim() });
+  }
+  if (typeof args["feedback-file"] === "string") {
+    feedbackNotes.push(...normalizeFeedbackNotes(readJsonFile(args["feedback-file"])));
+  }
+  const subtitles = typeof args["subtitles-file"] === "string" ? normalizeSubtitleEdits(readJsonFile(args["subtitles-file"])) : [];
+  return {
+    skipRender: args["skip-render"] === true,
+    processFeedback: args["process-feedback"] === true || feedbackNotes.length > 0,
+    ...feedbackNotes.length > 0 ? { feedbackNotes } : {},
+    ...subtitles.length > 0 ? { subtitles } : {}
+  };
+}
+async function main() {
+  const args = parseArgs(process.argv.slice(2));
+  runtimeArgs = args;
+  if (args.help) {
+    printHelp();
+    return;
+  }
+  const commandSpec = parseTopLevelCommand(args);
+  const command = commandSpec.key;
+  if (command === "help") {
+    printHelp();
+    return;
+  }
+  if (command === "login") return await login(args);
+  if (command === "logout") {
+    if (!hasStoredAuth()) {
+      output({ message: "Already logged out." });
+      return;
+    }
+    clearStoredAuth();
+    output({ message: "Logged out locally." });
+    return;
+  }
+  if (command === "revoke") {
+    if (!hasStoredAuth()) {
+      output({ message: "Already logged out." });
+      return;
+    }
+    if (getManualTokenOverride()) {
+      throw new Error("`clipdone revoke` is not available while `CLIPDONE_TOKEN` is set. Remove the override or use `clipdone logout`.");
+    }
+    const session = readStoredOAuthSession();
+    if (!session) {
+      clearStoredAuth();
+      output({ message: "Already logged out." });
+      return;
+    }
+    await revokeOAuthToken(session.refreshToken, session.clientId, "refresh_token");
+    await revokeOAuthToken(session.accessToken, session.clientId, "access_token");
+    clearStoredAuth();
+    return output({ message: "Access revoked and local token removed." });
+  }
+  if (command === "me") {
+    if (!getManualTokenOverride() && !hasStoredAuth()) return output({ authenticated: false });
+    const result = await request("/me", { auth: "optional" });
+    return output(buildMeView(result ? { authenticated: true, name: result.name, email: result.email, company: result.company } : null));
+  }
+  if (command === "profile") {
+    throw new Error("Account profile changes are only available in the ClipDone web app.");
+  }
+  if (command === "project-get") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    const result = await request(`/projects/${encodeURIComponent(args.project)}`);
+    return output(result);
+  }
+  if (command === "project-create") {
+    const result = await request("/projects", {
+      method: "POST",
+      body: { name: args.name, description: args.description },
+      idempotencyKey: `cli-project-${Date.now()}-${Math.random().toString(36).slice(2)}`
+    });
+    return output({ message: `Created project${result?.project?.name ? ` "${result.project.name}"` : ""}.`, projectId: result?.project?.id, name: result?.project?.name });
+  }
+  if (command === "project-update") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    const settings = readSettingsInput(args);
+    const result = await request(`/projects/${encodeURIComponent(args.project)}`, {
+      method: "PATCH",
+      body: {
+        ...typeof args.name === "string" ? { name: args.name } : {},
+        ...typeof args.description === "string" ? { description: args.description } : {},
+        ...typeof args.slug === "string" ? { slug: args.slug } : {},
+        ...settings ? { settings } : {}
+      }
+    });
+    return output({ message: "Project updated.", projectId: String(result?.project?.id ?? args.project) });
+  }
+  if (command === "project-delete") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    await request(`/projects/${encodeURIComponent(args.project)}`, { method: "DELETE" });
+    return output({ message: "Project deleted.", projectId: args.project });
+  }
+  if (command === "project-upload") return await upload(args);
+  if (command === "project-files") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    return output({ files: await requestAll(`/projects/${encodeURIComponent(args.project)}/files`, "files") });
+  }
+  if (command === "project-process" || command === "project-revise") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    const result = await request(`/projects/${encodeURIComponent(args.project)}/runs`, {
+      method: "POST",
+      body: buildProcessingBody(args),
+      idempotencyKey: `cli-run-${Date.now()}-${Math.random().toString(36).slice(2)}`
+    });
+    return output(buildProcessView(result, args, command === "project-revise" ? "revise" : "process"));
+  }
+  if (command === "project-status") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    const result = await request(`/projects/${encodeURIComponent(args.project)}/status`);
+    return output(result);
+  }
+  if (command === "project-outputs") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    return output({ outputs: await requestAll(`/projects/${encodeURIComponent(args.project)}/outputs`, "outputs") });
+  }
+  if (command === "project-runs") {
+    if (!args.project) throw new Error("project_id or --project is required");
+    return output({ runs: await requestAll(`/projects/${encodeURIComponent(args.project)}/runs`, "runs") });
+  }
+  if (command === "projects-list") {
+    return output({ projects: await requestAll("/projects", "projects") });
+  }
+  if (command === "file-update") {
+    const fileId = args.file || args.id;
+    if (!fileId) throw new Error("--file is required");
+    const result = await request(`/files/${encodeURIComponent(fileId)}`, {
+      method: "PATCH",
+      body: {
+        ...typeof args.name === "string" ? { label: args.name } : {},
+        ...typeof args.description === "string" ? { description: args.description } : {}
+      }
+    });
+    return output({ message: "File updated.", fileId: String(result?.fileId ?? fileId) });
+  }
+  if (command === "file-delete") {
+    const fileId = args.file || args.id;
+    if (!fileId) throw new Error("--file is required");
+    const result = await request(`/files/${encodeURIComponent(fileId)}`, { method: "DELETE" });
+    return output({ message: "File deleted.", fileId: String(result?.fileId ?? fileId) });
+  }
+  if (command === "output-download") return await download(args);
+  throw new Error(`Unknown command: ${command}. Run \`clipdone --help\` for available commands.`);
+}
+main().catch((error) => {
+  process.stderr.write(`${error instanceof Error ? error.message : String(error)}
+`);
+  process.exit(1);
+});