@cxtms/cx-schema 1.7.17 → 1.8.1

package/dist/cli.js

@@ -42,47 +42,16 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const http = __importStar(require("http"));
-const https = __importStar(require("https"));
-const crypto = __importStar(require("crypto"));
-const os = __importStar(require("os"));
 const chalk_1 = __importDefault(require("chalk"));
 const yaml_1 = __importStar(require("yaml"));
 const validator_1 = require("./validator");
 const workflowValidator_1 = require("./workflowValidator");
 const extractUtils_1 = require("./extractUtils");
 // ============================================================================
-// .env loader — load KEY=VALUE pairs from .env in CWD into process.env
-// ============================================================================
-function loadEnvFile() {
-    const envPath = path.join(process.cwd(), '.env');
-    if (!fs.existsSync(envPath))
-        return;
-    const lines = fs.readFileSync(envPath, 'utf-8').split('\n');
-    for (const line of lines) {
-        const trimmed = line.trim();
-        if (!trimmed || trimmed.startsWith('#'))
-            continue;
-        const eqIdx = trimmed.indexOf('=');
-        if (eqIdx < 1)
-            continue;
-        const key = trimmed.slice(0, eqIdx).trim();
-        let value = trimmed.slice(eqIdx + 1).trim();
-        // Strip surrounding quotes
-        if ((value.startsWith('"') && value.endsWith('"')) || (value.startsWith("'") && value.endsWith("'"))) {
-            value = value.slice(1, -1);
-        }
-        if (!process.env[key]) {
-            process.env[key] = value;
-        }
-    }
-}
-loadEnvFile();
-// ============================================================================
 // Constants
 // ============================================================================
 const VERSION = require('../package.json').version;
-const PROGRAM_NAME = 'cxtms';
+const PROGRAM_NAME = 'cx-cli';
 // ============================================================================
 // Help Text
 // ============================================================================
@@ -110,16 +79,6 @@ ${chalk_1.default.bold.yellow('COMMANDS:')}
   ${chalk_1.default.green('install-skills')}  Install Claude Code skills into project .claude/skills/
   ${chalk_1.default.green('setup-claude')}    Add CX project instructions to CLAUDE.md
   ${chalk_1.default.green('update')}          Update @cxtms/cx-schema to the latest version
-  ${chalk_1.default.green('login')}           Login to a CX environment (OAuth2 + PKCE)
-  ${chalk_1.default.green('logout')}          Logout from a CX environment
-  ${chalk_1.default.green('pat')}             Manage personal access tokens (create, list, revoke)
-  ${chalk_1.default.green('orgs')}            List, select, or set active organization
-  ${chalk_1.default.green('appmodule')}       Manage app modules on a CX server (deploy, undeploy)
-  ${chalk_1.default.green('workflow')}        Manage workflows on a CX server (deploy, undeploy, execute, logs, log)
-  ${chalk_1.default.green('publish')}         Publish all modules and workflows to a CX server
-  ${chalk_1.default.green('app')}             Manage app manifests (install/upgrade from git, release to git, list)
-  ${chalk_1.default.green('query')}           Run a GraphQL query against the CX server
-  ${chalk_1.default.green('gql')}             Explore GraphQL schema (types, queries, mutations)
   ${chalk_1.default.green('schema')}          Show JSON schema for a component or task
   ${chalk_1.default.green('example')}         Show example YAML for a component or task
   ${chalk_1.default.green('list')}            List available schemas (modules, workflows, tasks)
@@ -142,17 +101,6 @@ ${chalk_1.default.bold.yellow('OPTIONS:')}
   ${chalk_1.default.green('--tasks <list>')}         Comma-separated task enums for create task-schema
   ${chalk_1.default.green('--to <file>')}            Target file for extract command
   ${chalk_1.default.green('--copy')}                 Copy component instead of moving (source unchanged, target gets higher priority)
-  ${chalk_1.default.green('--org <id>')}             Organization ID for server commands
-  ${chalk_1.default.green('--vars <json>')}          JSON variables for workflow execute
-  ${chalk_1.default.green('--from <date>')}          Filter logs from date (YYYY-MM-DD)
-  ${chalk_1.default.green('--to <date>')}            Filter logs to date (YYYY-MM-DD)
-  ${chalk_1.default.green('--output <file>')}        Save workflow log to file (or -o)
-  ${chalk_1.default.green('--console')}              Print workflow log to stdout
-  ${chalk_1.default.green('--json')}                 Download JSON log instead of text
-  ${chalk_1.default.green('-m, --message <msg>')}     Release message for app release (required)
-  ${chalk_1.default.green('-b, --branch <branch>')}   Branch override for app install/publish
-  ${chalk_1.default.green('--force')}                Force install (even if same version) or publish all
-  ${chalk_1.default.green('--skip-changed')}         Skip modules with unpublished changes during install
 
 ${chalk_1.default.bold.yellow('VALIDATION EXAMPLES:')}
   ${chalk_1.default.gray('# Validate a module YAML file')}
@@ -218,136 +166,6 @@ ${chalk_1.default.bold.yellow('SCHEMA COMMANDS:')}
   ${chalk_1.default.cyan(`${PROGRAM_NAME} list`)}
   ${chalk_1.default.cyan(`${PROGRAM_NAME} list --type workflow`)}
 
-${chalk_1.default.bold.yellow('AUTH COMMANDS:')}
-  ${chalk_1.default.gray('# Login to a CX environment')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} login https://qa.storevista.acuitive.net`)}
-
-  ${chalk_1.default.gray('# Logout from current session')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} logout`)}
-
-${chalk_1.default.bold.yellow('PAT COMMANDS:')}
-  ${chalk_1.default.gray('# Check PAT token status and setup instructions')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} pat setup`)}
-
-  ${chalk_1.default.gray('# Create a new PAT token')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} pat create "my-token-name"`)}
-
-  ${chalk_1.default.gray('# List active PAT tokens')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} pat list`)}
-
-  ${chalk_1.default.gray('# Revoke a PAT token by ID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} pat revoke <tokenId>`)}
-
-${chalk_1.default.bold.yellow('ORG COMMANDS:')}
-  ${chalk_1.default.gray('# List organizations on the server')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} orgs list`)}
-
-  ${chalk_1.default.gray('# Interactively select an organization')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} orgs select`)}
-
-  ${chalk_1.default.gray('# Set active organization by ID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} orgs use <orgId>`)}
-
-  ${chalk_1.default.gray('# Show current context (server, org, app)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} orgs use`)}
-
-${chalk_1.default.bold.yellow('APPMODULE COMMANDS:')}
-  ${chalk_1.default.gray('# Deploy a module YAML to the server (creates or updates)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} appmodule deploy modules/my-module.yaml`)}
-
-  ${chalk_1.default.gray('# Deploy with explicit org ID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} appmodule deploy modules/my-module.yaml --org 42`)}
-
-  ${chalk_1.default.gray('# Undeploy an app module by UUID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} appmodule undeploy <appModuleId>`)}
-
-${chalk_1.default.bold.yellow('WORKFLOW COMMANDS:')}
-  ${chalk_1.default.gray('# Deploy a workflow YAML to the server (creates or updates)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow deploy workflows/my-workflow.yaml`)}
-
-  ${chalk_1.default.gray('# Undeploy a workflow by UUID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow undeploy <workflowId>`)}
-
-  ${chalk_1.default.gray('# Execute a workflow')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow execute <workflowId|file.yaml>`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow execute <workflowId> --vars '{"city":"London"}'`)}
-
-  ${chalk_1.default.gray('# List execution logs for a workflow (sorted desc)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow logs <workflowId|file.yaml>`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow logs <workflowId> --from 2026-01-01 --to 2026-01-31`)}
-
-  ${chalk_1.default.gray('# Download a specific execution log')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow log <executionId>`)}                  ${chalk_1.default.gray('# save txt log to temp dir')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow log <executionId> --output log.txt`)}  ${chalk_1.default.gray('# save to file')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow log <executionId> --console`)}         ${chalk_1.default.gray('# print to stdout')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow log <executionId> --json`)}            ${chalk_1.default.gray('# download JSON log (more detail)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} workflow log <executionId> --json --console`)}  ${chalk_1.default.gray('# JSON log to stdout')}
-
-${chalk_1.default.bold.yellow('PUBLISH COMMANDS:')}
-  ${chalk_1.default.gray('# Publish all modules and workflows from current project')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} publish`)}
-
-  ${chalk_1.default.gray('# Publish only a specific feature directory')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} publish --feature billing`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} publish billing`)}
-
-  ${chalk_1.default.gray('# Publish with explicit org ID')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} publish --org 42`)}
-
-${chalk_1.default.bold.yellow('APP COMMANDS:')}
-  ${chalk_1.default.gray('# Install/refresh app from git repository into the CX server')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app install`)}
-
-  ${chalk_1.default.gray('# Force reinstall even if same version')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app install --force`)}
-
-  ${chalk_1.default.gray('# Install from a specific branch')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app install --branch develop`)}
-
-  ${chalk_1.default.gray('# Install but skip modules that have local changes')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app install --skip-changed`)}
-
-  ${chalk_1.default.gray('# Upgrade app from git (alias for install)')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app upgrade`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app upgrade --force`)}
-
-  ${chalk_1.default.gray('# Release server changes to git (creates a PR) — message is required')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app release -m "Add new shipping module"`)}
-
-  ${chalk_1.default.gray('# Release specific workflows and/or modules by YAML file')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app release -m "Fix order workflow" workflows/my-workflow.yaml`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app release -m "Update billing" workflows/a.yaml modules/b.yaml`)}
-
-  ${chalk_1.default.gray('# Force release all modules and workflows')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app release -m "Full republish" --force`)}
-
-  ${chalk_1.default.gray('# List installed app manifests on the server')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} app list`)}
-
-${chalk_1.default.bold.yellow('QUERY COMMANDS:')}
-  ${chalk_1.default.gray('# Run an inline GraphQL query')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} query '{ organizations(take: 5) { items { organizationId companyName } } }'`)}
-
-  ${chalk_1.default.gray('# Run a query from a .graphql file')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} query my-query.graphql`)}
-
-  ${chalk_1.default.gray('# Pass variables as JSON')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} query my-query.graphql --vars '{"id": 42}'`)}
-
-${chalk_1.default.bold.yellow('GRAPHQL SCHEMA EXPLORATION:')}
-  ${chalk_1.default.gray('# List all queries, mutations, and types')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql queries`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql mutations`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql types`)}
-
-  ${chalk_1.default.gray('# Filter by name')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql types --filter audit`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql queries --filter order`)}
-
-  ${chalk_1.default.gray('# Inspect a specific type')}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql type OrderGqlDto`)}
-  ${chalk_1.default.cyan(`${PROGRAM_NAME} gql type AuditChangeEntry`)}
-
 ${chalk_1.default.bold.yellow('VALIDATION TYPES:')}
   ${chalk_1.default.bold('module')}     - CargoXplorer UI module definitions (components, routes, entities)
   ${chalk_1.default.bold('workflow')}   - CargoXplorer workflow definitions (activities, tasks, triggers)
@@ -364,8 +182,6 @@ ${chalk_1.default.bold.yellow('EXIT CODES:')}
   ${chalk_1.default.red('2')}  - CLI error (invalid arguments, file not found, etc.)
 
 ${chalk_1.default.bold.yellow('ENVIRONMENT VARIABLES:')}
-  ${chalk_1.default.green('CXTMS_AUTH')}         - PAT token for authentication (skips OAuth login)
-  ${chalk_1.default.green('CXTMS_SERVER')}       - Server URL when using PAT auth (or set \`server\` in app.yaml)
   ${chalk_1.default.green('CX_SCHEMA_PATH')}     - Default path to schemas directory
   ${chalk_1.default.green('NO_COLOR')}           - Disable colored output
 
@@ -511,8 +327,7 @@ function generateAppYaml(name) {
     const dirName = path.basename(process.cwd());
     const appName = name || dirName;
     const scopedName = appName.startsWith('@') ? appName : `@cargox/${appName}`;
-    return `id: "${generateUUID()}"
-name: "${scopedName}"
+    return `name: "${scopedName}"
 description: ""
 author: "CargoX"
 version: "1.0.0"
@@ -552,39 +367,39 @@ npm install @cxtms/cx-schema
 
 \`\`\`bash
 # Validate all modules
-npx cxtms modules/*.yaml
+npx cx-cli modules/*.yaml
 
 # Validate all workflows
-npx cxtms workflows/*.yaml
+npx cx-cli workflows/*.yaml
 
 # Validate with detailed output
-npx cxtms --verbose modules/my-module.yaml
+npx cx-cli --verbose modules/my-module.yaml
 
 # Generate validation report
-npx cxtms report modules/*.yaml workflows/*.yaml --report report.html
+npx cx-cli report modules/*.yaml workflows/*.yaml --report report.html
 \`\`\`
 
 ### Create new files
 
 \`\`\`bash
 # Create a new module
-npx cxtms create module my-module
+npx cx-cli create module my-module
 
 # Create a new workflow
-npx cxtms create workflow my-workflow
+npx cx-cli create workflow my-workflow
 \`\`\`
 
 ### View schemas and examples
 
 \`\`\`bash
 # List available schemas
-npx cxtms list
+npx cx-cli list
 
 # View schema for a component
-npx cxtms schema form
+npx cx-cli schema form
 
 # View example YAML
-npx cxtms example workflow
+npx cx-cli example workflow
 \`\`\`
 
 ## Documentation
@@ -605,13 +420,13 @@ When making changes to YAML files, always validate them:
 
 \`\`\`bash
 # Validate a specific module file
-npx cxtms modules/<module-name>.yaml
+npx cx-cli modules/<module-name>.yaml
 
 # Validate a specific workflow file
-npx cxtms workflows/<workflow-name>.yaml
+npx cx-cli workflows/<workflow-name>.yaml
 
 # Validate all files with a report
-npx cxtms report modules/*.yaml workflows/*.yaml --report validation-report.md
+npx cx-cli report modules/*.yaml workflows/*.yaml --report validation-report.md
 \`\`\`
 
 ## Schema Reference
@@ -620,14 +435,14 @@ Before editing components or tasks, check the schema:
 
 \`\`\`bash
 # View schema for components
-npx cxtms schema form
-npx cxtms schema dataGrid
-npx cxtms schema layout
+npx cx-cli schema form
+npx cx-cli schema dataGrid
+npx cx-cli schema layout
 
 # View schema for workflow tasks
-npx cxtms schema foreach
-npx cxtms schema graphql
-npx cxtms schema switch
+npx cx-cli schema foreach
+npx cx-cli schema graphql
+npx cx-cli schema switch
 \`\`\`
 
 ## Creating New Files
@@ -636,16 +451,16 @@ Use templates to create properly structured files:
 
 \`\`\`bash
 # Create a new module
-npx cxtms create module <name>
+npx cx-cli create module <name>
 
 # Create a new workflow
-npx cxtms create workflow <name>
+npx cx-cli create workflow <name>
 
 # Create from a specific template variant
-npx cxtms create workflow <name> --template basic
+npx cx-cli create workflow <name> --template basic
 
 # Create inside a feature folder (features/<name>/workflows/)
-npx cxtms create workflow <name> --feature billing
+npx cx-cli create workflow <name> --feature billing
 \`\`\`
 
 ## Module Structure
@@ -890,23 +705,6 @@ function applyFieldsToForm(form, fields) {
         }
     }
 }
-function applyFieldsToConfiguration(layout, fields) {
-    // Configuration fields are stored under customValues, so prefix all field names
-    const configFields = fields.map(f => ({
-        component: 'field',
-        name: `customValues.${f.name}`,
-        props: {
-            type: f.type,
-            label: { 'en-US': f.label || fieldNameToLabel(f.name) },
-            ...(f.required ? { required: true } : {})
-        }
-    }));
-    if (!layout.children)
-        layout.children = [];
-    layout.children.push(...configFields);
-    // Update defaultValue in configurations if present
-    // (handled separately since configurations is a top-level key)
-}
 function findDataGridComponents(obj) {
     const grids = [];
     if (!obj || typeof obj !== 'object')
@@ -1034,16 +832,9 @@ function applyCreateOptions(content, optionsArg) {
     if (!doc)
         throw new Error('Failed to parse template YAML for --options processing');
     let applied = false;
-    const isConfiguration = Array.isArray(doc.configurations);
     if (doc.components && Array.isArray(doc.components)) {
         for (const comp of doc.components) {
-            // Apply to configuration templates (fields go directly into layout children)
-            if (isConfiguration && comp.layout) {
-                applyFieldsToConfiguration(comp.layout, fields);
-                applied = true;
-                continue;
-            }
-            // Apply to form components
+            // Apply to form components (configuration template)
             const forms = findFormComponents(comp);
             for (const form of forms) {
                 applyFieldsToForm(form, fields);
@@ -1071,18 +862,6 @@ function applyCreateOptions(content, optionsArg) {
         applyFieldsToEntities(doc, fields, opts.entityName);
         applied = true;
     }
-    // Apply defaults to configuration defaultValue
-    if (isConfiguration && doc.configurations) {
-        for (const config of doc.configurations) {
-            if (!config.defaultValue)
-                config.defaultValue = {};
-            for (const f of fields) {
-                if (f.default !== undefined) {
-                    config.defaultValue[f.name] = f.default;
-                }
-            }
-        }
-    }
     if (!applied) {
         console.warn(chalk_1.default.yellow('Warning: --options provided but no form or dataGrid component found in template'));
         return content;
@@ -1445,27 +1224,19 @@ function runUpdate() {
     const { execSync } = require('child_process');
     console.log('  Updating to latest version...\n');
     try {
-        execSync('npm install @cxtms/cx-schema@latest', {
+        const output = execSync('npm install @cxtms/cx-schema@latest', {
             stdio: 'inherit',
             cwd: process.cwd()
         });
-        // Read installed version from the updated package
-        const installedPkgPath = path.join(process.cwd(), 'node_modules', '@cxtms', 'cx-schema', 'package.json');
-        let installedVersion = 'unknown';
-        if (fs.existsSync(installedPkgPath)) {
-            installedVersion = JSON.parse(fs.readFileSync(installedPkgPath, 'utf-8')).version;
-        }
         console.log('');
-        console.log(chalk_1.default.green(`✓ @cxtms/cx-schema updated to v${installedVersion}`));
+        console.log(chalk_1.default.green('✓ @cxtms/cx-schema updated successfully!'));
+        console.log('');
     }
     catch (error) {
         console.error(chalk_1.default.red('\nError: Failed to update @cxtms/cx-schema'));
         console.error(chalk_1.default.gray(error.message));
         process.exit(1);
     }
-    // Reinstall skills and update CLAUDE.md (postinstall handles schemas)
-    runInstallSkills();
-    runSetupClaude();
 }
 // ============================================================================
 // Setup Claude Command
@@ -1489,23 +1260,23 @@ features/             # Feature-scoped modules and workflows
     workflows/
 \`\`\`
 
-### CLI — \`cxtms\`
+### CLI — \`cx-cli\`
 
 **Always scaffold via CLI, never write YAML from scratch.**
 
 | Command | Description |
 |---------|-------------|
-| \`npx cxtms create module <name>\` | Scaffold a UI module |
-| \`npx cxtms create workflow <name>\` | Scaffold a workflow |
-| \`npx cxtms create module <name> --template <t>\` | Use a specific template |
-| \`npx cxtms create workflow <name> --template <t>\` | Use a specific template |
-| \`npx cxtms create module <name> --feature <f>\` | Place under features/<f>/modules/ |
-| \`npx cxtms <file.yaml>\` | Validate a YAML file |
-| \`npx cxtms <file.yaml> --verbose\` | Validate with detailed errors |
-| \`npx cxtms schema <name>\` | Show JSON schema for a component or task |
-| \`npx cxtms example <name>\` | Show example YAML |
-| \`npx cxtms list\` | List all available schemas |
-| \`npx cxtms extract <src> <comp> --to <tgt>\` | Move component between modules |
+| \`npx cx-cli create module <name>\` | Scaffold a UI module |
+| \`npx cx-cli create workflow <name>\` | Scaffold a workflow |
+| \`npx cx-cli create module <name> --template <t>\` | Use a specific template |
+| \`npx cx-cli create workflow <name> --template <t>\` | Use a specific template |
+| \`npx cx-cli create module <name> --feature <f>\` | Place under features/<f>/modules/ |
+| \`npx cx-cli <file.yaml>\` | Validate a YAML file |
+| \`npx cx-cli <file.yaml> --verbose\` | Validate with detailed errors |
+| \`npx cx-cli schema <name>\` | Show JSON schema for a component or task |
+| \`npx cx-cli example <name>\` | Show example YAML |
+| \`npx cx-cli list\` | List all available schemas |
+| \`npx cx-cli extract <src> <comp> --to <tgt>\` | Move component between modules |
 
 **Module templates:** \`default\`, \`form\`, \`grid\`, \`select\`, \`configuration\`
 **Workflow templates:** \`basic\`, \`entity-trigger\`, \`document\`, \`scheduled\`, \`utility\`, \`webhook\`, \`public-api\`, \`mcp-tool\`, \`ftp-tracking\`, \`ftp-edi\`, \`api-tracking\`
@@ -1520,10 +1291,10 @@ features/             # Feature-scoped modules and workflows
 
 ### Workflow: Scaffold → Customize → Validate
 
-1. **Scaffold** — \`npx cxtms create module|workflow <name> --template <t>\`
+1. **Scaffold** — \`npx cx-cli create module|workflow <name> --template <t>\`
 2. **Read** the generated file
 3. **Customize** for the use case
-4. **Validate** — \`npx cxtms <file.yaml>\` — run after every change, fix all errors
+4. **Validate** — \`npx cx-cli <file.yaml>\` — run after every change, fix all errors
 ${CX_CLAUDE_MARKER}`;
 }
 function runSetupClaude() {
@@ -1558,1960 +1329,149 @@ function runSetupClaude() {
     console.log('');
 }
 // ============================================================================
-// Auth (Login / Logout)
+// Extract Command
 // ============================================================================
-const AUTH_CALLBACK_PORT = 9000;
-const AUTH_TIMEOUT_MS = 2 * 60 * 1000; // 2 minutes
-function getSessionDir() {
-    const projectName = path.basename(process.cwd());
-    return path.join(os.homedir(), '.cxtms', projectName);
-}
-function getSessionFilePath() {
-    return path.join(getSessionDir(), '.session.json');
-}
-function readSessionFile() {
-    const filePath = getSessionFilePath();
-    if (!fs.existsSync(filePath))
-        return null;
-    try {
-        return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+function runExtract(sourceFile, componentName, targetFile, copy) {
+    // Validate args
+    if (!sourceFile || !componentName || !targetFile) {
+        console.error(chalk_1.default.red('Error: Missing required arguments'));
+        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} extract <source-file> <component-name> --to <target-file> [--copy]`));
+        process.exit(2);
     }
-    catch {
-        return null;
+    // Check source exists
+    if (!fs.existsSync(sourceFile)) {
+        console.error(chalk_1.default.red(`Error: Source file not found: ${sourceFile}`));
+        process.exit(2);
     }
-}
-function writeSessionFile(data) {
-    const dir = getSessionDir();
-    if (!fs.existsSync(dir)) {
-        fs.mkdirSync(dir, { recursive: true });
+    // Read and parse source (Document API preserves comments)
+    const sourceContent = fs.readFileSync(sourceFile, 'utf-8');
+    const srcDoc = yaml_1.default.parseDocument(sourceContent);
+    const sourceJS = srcDoc.toJS();
+    if (!sourceJS || !Array.isArray(sourceJS.components)) {
+        console.error(chalk_1.default.red(`Error: Source file is not a valid module (missing components array): ${sourceFile}`));
+        process.exit(2);
     }
-    fs.writeFileSync(getSessionFilePath(), JSON.stringify(data, null, 2), 'utf-8');
-}
-function deleteSessionFile() {
-    const filePath = getSessionFilePath();
-    if (fs.existsSync(filePath)) {
-        fs.unlinkSync(filePath);
+    // Get the AST components sequence
+    const srcComponents = srcDoc.get('components', true);
+    if (!(0, yaml_1.isSeq)(srcComponents)) {
+        console.error(chalk_1.default.red(`Error: Source components is not a sequence: ${sourceFile}`));
+        process.exit(2);
     }
-}
-function generateCodeVerifier() {
-    return crypto.randomBytes(32).toString('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-function generateCodeChallenge(verifier) {
-    return crypto.createHash('sha256').update(verifier).digest('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/=/g, '');
-}
-function httpsPost(url, body, contentType) {
-    return new Promise((resolve, reject) => {
-        const parsed = new URL(url);
-        const isHttps = parsed.protocol === 'https:';
-        const lib = isHttps ? https : http;
-        const req = lib.request({
-            hostname: parsed.hostname,
-            port: parsed.port || (isHttps ? 443 : 80),
-            path: parsed.pathname + parsed.search,
-            method: 'POST',
-            headers: {
-                'Content-Type': contentType,
-                'Content-Length': Buffer.byteLength(body),
-            },
-        }, (res) => {
-            let data = '';
-            res.on('data', (chunk) => data += chunk);
-            res.on('end', () => resolve({ statusCode: res.statusCode || 0, body: data }));
-        });
-        req.on('error', reject);
-        req.write(body);
-        req.end();
+    // Find component by exact name match
+    const compIndex = srcComponents.items.findIndex((item) => {
+        return (0, yaml_1.isMap)(item) && item.get('name') === componentName;
     });
-}
-function openBrowser(url) {
-    const { exec } = require('child_process');
-    const cmd = process.platform === 'win32' ? `start "" "${url}"`
-        : process.platform === 'darwin' ? `open "${url}"`
-            : `xdg-open "${url}"`;
-    exec(cmd);
-}
-function startCallbackServer() {
-    return new Promise((resolve, reject) => {
-        const server = http.createServer((req, res) => {
-            const reqUrl = new URL(req.url || '/', `http://127.0.0.1:${AUTH_CALLBACK_PORT}`);
-            if (reqUrl.pathname === '/callback') {
-                const code = reqUrl.searchParams.get('code');
-                const error = reqUrl.searchParams.get('error');
-                if (error) {
-                    res.writeHead(200, { 'Content-Type': 'text/html' });
-                    res.end('<html><body><h2>Login failed</h2><p>You can close this tab.</p></body></html>');
-                    reject(new Error(`OAuth error: ${error} - ${reqUrl.searchParams.get('error_description') || ''}`));
-                    server.close();
-                    return;
-                }
-                if (code) {
-                    res.writeHead(200, { 'Content-Type': 'text/html' });
-                    res.end('<html><body><h2>Login successful!</h2><p>You can close this tab and return to the terminal.</p></body></html>');
-                    resolve({ code, close: () => server.close() });
-                    return;
-                }
-            }
-            res.writeHead(404);
-            res.end();
-        });
-        server.on('error', (err) => {
-            if (err.code === 'EADDRINUSE') {
-                reject(new Error(`Port ${AUTH_CALLBACK_PORT} is already in use. Close the process using it and try again.`));
-            }
-            else {
-                reject(err);
+    if (compIndex === -1) {
+        const available = sourceJS.components.map((c) => c.name).filter(Boolean);
+        console.error(chalk_1.default.red(`Error: Component not found: ${componentName}`));
+        if (available.length > 0) {
+            console.error(chalk_1.default.gray('Available components:'));
+            for (const name of available) {
+                console.error(chalk_1.default.gray(`  - ${name}`));
             }
-        });
-        server.listen(AUTH_CALLBACK_PORT, '127.0.0.1');
-    });
-}
-async function registerOAuthClient(domain) {
-    const res = await httpsPost(`${domain}/connect/register`, JSON.stringify({
-        client_name: `cxtms-${crypto.randomBytes(4).toString('hex')}`,
-        redirect_uris: [`http://localhost:${AUTH_CALLBACK_PORT}/callback`],
-        grant_types: ['authorization_code', 'refresh_token'],
-        response_types: ['code'],
-        token_endpoint_auth_method: 'none',
-    }), 'application/json');
-    if (res.statusCode !== 200 && res.statusCode !== 201) {
-        throw new Error(`Client registration failed (${res.statusCode}): ${res.body}`);
-    }
-    const data = JSON.parse(res.body);
-    if (!data.client_id) {
-        throw new Error('Client registration response missing client_id');
-    }
-    return data.client_id;
-}
-async function exchangeCodeForTokens(domain, clientId, code, codeVerifier) {
-    const body = new URLSearchParams({
-        grant_type: 'authorization_code',
-        client_id: clientId,
-        code,
-        redirect_uri: `http://localhost:${AUTH_CALLBACK_PORT}/callback`,
-        code_verifier: codeVerifier,
-    }).toString();
-    const res = await httpsPost(`${domain}/connect/token`, body, 'application/x-www-form-urlencoded');
-    if (res.statusCode !== 200) {
-        throw new Error(`Token exchange failed (${res.statusCode}): ${res.body}`);
-    }
-    const data = JSON.parse(res.body);
-    return {
-        domain,
-        client_id: clientId,
-        access_token: data.access_token,
-        refresh_token: data.refresh_token,
-        expires_at: Math.floor(Date.now() / 1000) + (data.expires_in || 3600),
-    };
-}
-async function revokeToken(domain, clientId, token) {
-    try {
-        await httpsPost(`${domain}/connect/revoke`, new URLSearchParams({ client_id: clientId, token }).toString(), 'application/x-www-form-urlencoded');
-    }
-    catch {
-        // Revocation failures are non-fatal
-    }
-}
-async function refreshTokens(stored) {
-    const body = new URLSearchParams({
-        grant_type: 'refresh_token',
-        client_id: stored.client_id,
-        refresh_token: stored.refresh_token,
-    }).toString();
-    const res = await httpsPost(`${stored.domain}/connect/token`, body, 'application/x-www-form-urlencoded');
-    if (res.statusCode !== 200) {
-        throw new Error(`Token refresh failed (${res.statusCode}): ${res.body}`);
-    }
-    const data = JSON.parse(res.body);
-    const updated = {
-        ...stored,
-        access_token: data.access_token,
-        refresh_token: data.refresh_token || stored.refresh_token,
-        expires_at: Math.floor(Date.now() / 1000) + (data.expires_in || 3600),
-    };
-    writeSessionFile(updated);
-    return updated;
-}
-async function runLogin(domain) {
-    // Normalize URL
-    if (!domain.startsWith('http://') && !domain.startsWith('https://')) {
-        domain = `https://${domain}`;
-    }
-    domain = domain.replace(/\/+$/, '');
-    try {
-        new URL(domain);
-    }
-    catch {
-        console.error(chalk_1.default.red('Error: Invalid URL'));
+        }
         process.exit(2);
     }
-    console.log(chalk_1.default.bold.cyan('\n  CX CLI Login\n'));
-    // Step 1: Register client
-    console.log(chalk_1.default.gray('  Registering OAuth client...'));
-    const clientId = await registerOAuthClient(domain);
-    console.log(chalk_1.default.green('  ✓ Client registered'));
-    // Step 2: PKCE
-    const codeVerifier = generateCodeVerifier();
-    const codeChallenge = generateCodeChallenge(codeVerifier);
-    // Step 3: Start callback server
-    const callbackPromise = startCallbackServer();
-    // Step 4: Open browser
-    const authUrl = `${domain}/connect/authorize?` + new URLSearchParams({
-        client_id: clientId,
-        redirect_uri: `http://localhost:${AUTH_CALLBACK_PORT}/callback`,
-        response_type: 'code',
-        scope: 'openid offline_access TMS.ApiAPI',
-        code_challenge: codeChallenge,
-        code_challenge_method: 'S256',
-    }).toString();
-    console.log(chalk_1.default.gray('  Opening browser for login...'));
-    openBrowser(authUrl);
-    console.log(chalk_1.default.gray(`  Waiting for login (timeout: 2 min)...`));
-    // Step 5: Wait for callback with timeout
-    const timeoutPromise = new Promise((_, reject) => setTimeout(() => reject(new Error('Login timed out after 2 minutes. Please try again.')), AUTH_TIMEOUT_MS));
-    const { code, close } = await Promise.race([callbackPromise, timeoutPromise]);
-    // Step 6: Exchange code for tokens
-    console.log(chalk_1.default.gray('  Exchanging authorization code...'));
-    const tokens = await exchangeCodeForTokens(domain, clientId, code, codeVerifier);
-    // Step 7: Store session locally
-    writeSessionFile(tokens);
-    close();
-    console.log(chalk_1.default.green(`  ✓ Logged in to ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Session stored at: ${getSessionFilePath()}\n`));
-}
-async function runLogout(_domain) {
-    const session = readSessionFile();
-    if (!session) {
-        console.log(chalk_1.default.gray('\n  No active session in this project.\n'));
-        console.log(chalk_1.default.gray(`  Login first: ${PROGRAM_NAME} login <url>\n`));
-        return;
-    }
-    console.log(chalk_1.default.bold.cyan('\n  CX CLI Logout\n'));
-    console.log(chalk_1.default.gray(`  Server: ${new URL(session.domain).hostname}`));
-    // Revoke tokens (non-fatal)
-    if (session.client_id && session.refresh_token) {
-        console.log(chalk_1.default.gray('  Revoking tokens...'));
-        await revokeToken(session.domain, session.client_id, session.access_token);
-        await revokeToken(session.domain, session.client_id, session.refresh_token);
-    }
-    // Delete local session file
-    deleteSessionFile();
-    console.log(chalk_1.default.green(`  ✓ Logged out from ${new URL(session.domain).hostname}\n`));
-}
-// ============================================================================
-// AppModule Commands
-// ============================================================================
-async function graphqlRequest(domain, token, query, variables) {
-    const body = JSON.stringify({ query, variables });
-    let res = await graphqlPostWithAuth(domain, token, body);
-    if (res.statusCode === 401) {
-        // PAT tokens have no refresh — fail immediately
-        if (process.env.CXTMS_AUTH)
-            throw new Error('PAT token unauthorized (401). Check your CXTMS_AUTH token.');
-        // Try refresh for OAuth sessions
-        const stored = readSessionFile();
-        if (!stored)
-            throw new Error('Session expired. Run `cxtms login <url>` again.');
-        try {
-            const refreshed = await refreshTokens(stored);
-            res = await graphqlPostWithAuth(domain, refreshed.access_token, body);
-        }
-        catch {
-            throw new Error('Session expired. Run `cxtms login <url>` again.');
+    // Get the component AST node (clone for copy, take for move)
+    const componentNode = copy
+        ? srcDoc.createNode(sourceJS.components[compIndex])
+        : srcComponents.items[compIndex];
+    // Capture comment: if this is the first item, the comment lives on the parent seq
+    let componentComment;
+    if (compIndex === 0 && srcComponents.commentBefore) {
+        componentComment = srcComponents.commentBefore;
+        if (!copy) {
+            // Transfer the comment away from the source seq (it belongs to the extracted component)
+            srcComponents.commentBefore = undefined;
         }
     }
-    // Try to parse GraphQL errors from 400 responses too
-    let json;
-    try {
-        json = JSON.parse(res.body);
+    else {
+        componentComment = componentNode.commentBefore;
     }
-    catch {
-        if (res.statusCode !== 200) {
-            throw new Error(`GraphQL request failed (${res.statusCode}): ${res.body}`);
-        }
-        throw new Error('Invalid JSON response from GraphQL endpoint');
-    }
-    if (json.errors && json.errors.length > 0) {
-        const messages = json.errors.map((e) => {
-            const parts = [e.message];
-            const ext = e.extensions?.message;
-            if (ext && ext !== e.message)
-                parts.push(ext);
-            if (e.path)
-                parts.push(`path: ${e.path.join('.')}`);
-            return parts.join(' — ');
+    // Find matching routes (by index in AST)
+    const srcRoutes = srcDoc.get('routes', true);
+    const matchedRouteIndices = [];
+    if ((0, yaml_1.isSeq)(srcRoutes)) {
+        srcRoutes.items.forEach((item, idx) => {
+            if ((0, yaml_1.isMap)(item) && item.get('component') === componentName) {
+                matchedRouteIndices.push(idx);
+            }
         });
-        throw new Error(`GraphQL error: ${messages.join('; ')}`);
     }
-    if (res.statusCode !== 200) {
-        throw new Error(`GraphQL request failed (${res.statusCode}): ${res.body}`);
-    }
-    return json.data;
-}
-function graphqlPostWithAuth(domain, token, body) {
-    return new Promise((resolve, reject) => {
-        const url = `${domain}/api/graphql`;
-        const parsed = new URL(url);
-        const isHttps = parsed.protocol === 'https:';
-        const lib = isHttps ? https : http;
-        const req = lib.request({
-            hostname: parsed.hostname,
-            port: parsed.port || (isHttps ? 443 : 80),
-            path: parsed.pathname + parsed.search,
-            method: 'POST',
-            headers: {
-                'Content-Type': 'application/json',
-                'Content-Length': Buffer.byteLength(body),
-                'Authorization': `Bearer ${token}`,
-            },
-        }, (res) => {
-            let data = '';
-            res.on('data', (chunk) => data += chunk);
-            res.on('end', () => resolve({ statusCode: res.statusCode || 0, body: data }));
-        });
-        req.on('error', reject);
-        req.write(body);
-        req.end();
+    // Collect route AST nodes (clone for copy, reference for move)
+    const routeNodes = matchedRouteIndices.map(idx => {
+        if (copy) {
+            return srcDoc.createNode(sourceJS.routes[idx]);
+        }
+        return srcRoutes.items[idx];
     });
-}
-function resolveDomainFromAppYaml() {
-    const appYamlPath = path.join(process.cwd(), 'app.yaml');
-    if (!fs.existsSync(appYamlPath))
-        return null;
-    const appYaml = yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-    const serverDomain = appYaml?.server || appYaml?.domain;
-    if (!serverDomain)
-        return null;
-    let domain = serverDomain;
-    if (!domain.startsWith('http://') && !domain.startsWith('https://')) {
-        domain = `https://${domain}`;
-    }
-    return domain.replace(/\/+$/, '');
-}
-function resolveSession() {
-    // 0. Check for PAT token in env (CXTMS_AUTH) — skips OAuth entirely
-    const patToken = process.env.CXTMS_AUTH;
-    if (patToken) {
-        const domain = process.env.CXTMS_SERVER ? process.env.CXTMS_SERVER.replace(/\/+$/, '') : resolveDomainFromAppYaml();
-        if (!domain) {
-            console.error(chalk_1.default.red('CXTMS_AUTH is set but no server domain found.'));
-            console.error(chalk_1.default.gray('Add `server` to app.yaml or set CXTMS_SERVER in .env'));
+    // Load or create target document
+    let tgtDoc;
+    let targetCreated = false;
+    if (fs.existsSync(targetFile)) {
+        const targetContent = fs.readFileSync(targetFile, 'utf-8');
+        tgtDoc = yaml_1.default.parseDocument(targetContent);
+        const targetJS = tgtDoc.toJS();
+        if (!targetJS || !Array.isArray(targetJS.components)) {
+            console.error(chalk_1.default.red(`Error: Target file is not a valid module (missing components array): ${targetFile}`));
             process.exit(2);
         }
-        return {
-            domain,
-            client_id: '',
-            access_token: patToken,
-            refresh_token: '',
-            expires_at: 0,
-        };
-    }
-    // 1. Check local .cxtms/.session.json
-    const session = readSessionFile();
-    if (session)
-        return session;
-    // 2. Not logged in
-    console.error(chalk_1.default.red('Not logged in. Run `cxtms login <url>` first.'));
-    process.exit(2);
-}
-async function resolveOrgId(domain, token, override) {
-    // 1. Explicit override
-    if (override !== undefined)
-        return override;
-    // 2. Cached in session file
-    const stored = readSessionFile();
-    if (stored?.organization_id)
-        return stored.organization_id;
-    // 3. Query server
-    const data = await graphqlRequest(domain, token, `
-    query { organizations(take: 100) { items { organizationId companyName } } }
-  `, {});
-    const orgs = data?.organizations?.items;
-    if (!orgs || orgs.length === 0) {
-        throw new Error('No organizations found for this account.');
-    }
-    if (orgs.length === 1) {
-        const orgId = orgs[0].organizationId;
-        // Cache it
-        if (stored) {
-            stored.organization_id = orgId;
-            writeSessionFile(stored);
+        // Check for duplicate component name
+        const duplicate = targetJS.components.find((c) => c.name === componentName);
+        if (duplicate) {
+            console.error(chalk_1.default.red(`Error: Target already contains a component named "${componentName}"`));
+            process.exit(2);
         }
-        return orgId;
-    }
-    // Multiple orgs — list and exit
-    console.error(chalk_1.default.yellow('\n  Multiple organizations found:\n'));
-    for (const org of orgs) {
-        console.error(chalk_1.default.white(`    ${org.organizationId}  ${org.companyName}`));
-    }
-    console.error(chalk_1.default.gray(`\n  Run \`cxtms orgs select\` to choose, or pass --org <id>.\n`));
-    process.exit(2);
-}
-async function runAppModuleDeploy(file, orgOverride) {
-    if (!file) {
-        console.error(chalk_1.default.red('Error: File path required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} appmodule deploy <file.yaml> [--org <id>]`));
-        process.exit(2);
-    }
-    if (!fs.existsSync(file)) {
-        console.error(chalk_1.default.red(`Error: File not found: ${file}`));
-        process.exit(2);
     }
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    // Read and parse YAML
-    const yamlContent = fs.readFileSync(file, 'utf-8');
-    const parsed = yaml_1.default.parse(yamlContent);
-    const appModuleId = parsed?.module?.appModuleId;
-    if (!appModuleId) {
-        console.error(chalk_1.default.red('Error: Module YAML is missing module.appModuleId'));
-        process.exit(2);
+    else {
+        // Create new module scaffold
+        const baseName = path.basename(targetFile, path.extname(targetFile));
+        const moduleName = baseName
+            .split('-')
+            .map((w) => w.charAt(0).toUpperCase() + w.slice(1))
+            .join('');
+        const sourceModule = typeof sourceJS.module === 'object' ? sourceJS.module : null;
+        const displayName = moduleName.replace(/([a-z])([A-Z])/g, '$1 $2');
+        const moduleObj = {
+            name: moduleName,
+            appModuleId: generateUUID(),
+            displayName: { 'en-US': displayName },
+            description: { 'en-US': `${displayName} module` },
+            application: sourceModule?.application || sourceJS.application || 'cx',
+        };
+        // In copy mode, set priority higher than source
+        if (copy) {
+            const sourcePriority = sourceModule?.priority;
+            moduleObj.priority = (0, extractUtils_1.computeExtractPriority)(sourcePriority);
+        }
+        // Parse from string so the document has proper AST context for comment preservation
+        const scaffoldStr = yaml_1.default.stringify({
+            module: moduleObj,
+            entities: [],
+            permissions: [],
+            components: [],
+            routes: []
+        }, { indent: 2, lineWidth: 0, singleQuote: false });
+        tgtDoc = yaml_1.default.parseDocument(scaffoldStr);
+        targetCreated = true;
     }
-    // Read app.yaml for appManifestId
-    let appManifestId;
-    const appYamlPath = path.join(process.cwd(), 'app.yaml');
-    if (fs.existsSync(appYamlPath)) {
-        const appYaml = yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-        appManifestId = appYaml?.id;
-    }
-    console.log(chalk_1.default.bold.cyan('\n  AppModule Deploy\n'));
-    console.log(chalk_1.default.gray(`  Server:  ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:     ${orgId}`));
-    console.log(chalk_1.default.gray(`  Module:  ${appModuleId}`));
-    console.log('');
-    // Check if module exists
-    const checkData = await graphqlRequest(domain, token, `
-    query ($organizationId: Int!, $appModuleId: UUID!) {
-      appModule(organizationId: $organizationId, appModuleId: $appModuleId) {
-        appModuleId
-      }
-    }
-  `, { organizationId: orgId, appModuleId });
-    if (checkData?.appModule) {
-        // Update
-        console.log(chalk_1.default.gray('  Updating existing module...'));
-        const updateValues = { appModuleYamlDocument: yamlContent };
-        if (appManifestId)
-            updateValues.appManifestId = appManifestId;
-        const result = await graphqlRequest(domain, token, `
-      mutation ($input: UpdateAppModuleInput!) {
-        updateAppModule(input: $input) {
-          appModule { appModuleId name }
+    // Add component to target (ensure block style so comments are preserved)
+    const tgtComponents = tgtDoc.get('components', true);
+    if ((0, yaml_1.isSeq)(tgtComponents)) {
+        tgtComponents.flow = false;
+        // Apply the captured comment: if it's the first item in target, set on seq; otherwise on node
+        if (componentComment) {
+            if (tgtComponents.items.length === 0) {
+                tgtComponents.commentBefore = componentComment;
+            }
+            else {
+                componentNode.commentBefore = componentComment;
+            }
         }
-      }
-    `, {
-            input: {
-                organizationId: orgId,
-                appModuleId,
-                values: updateValues,
-            },
-        });
-        const mod = result?.updateAppModule?.appModule;
-        console.log(chalk_1.default.green(`  ✓ Updated: ${mod?.name || appModuleId}\n`));
+        tgtComponents.items.push(componentNode);
     }
     else {
-        // Create
-        console.log(chalk_1.default.gray('  Creating new module...'));
-        const values = { appModuleYamlDocument: yamlContent };
-        if (appManifestId)
-            values.appManifestId = appManifestId;
-        const result = await graphqlRequest(domain, token, `
-      mutation ($input: CreateAppModuleInput!) {
-        createAppModule(input: $input) {
-          appModule { appModuleId name }
-        }
-      }
-    `, {
-            input: {
-                organizationId: orgId,
-                values,
-            },
-        });
-        const mod = result?.createAppModule?.appModule;
-        console.log(chalk_1.default.green(`  ✓ Created: ${mod?.name || appModuleId}\n`));
-    }
-}
-async function runAppModuleUndeploy(uuid, orgOverride) {
-    if (!uuid) {
-        console.error(chalk_1.default.red('Error: AppModule ID required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} appmodule undeploy <appModuleId> [--org <id>]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    console.log(chalk_1.default.bold.cyan('\n  AppModule Undeploy\n'));
-    console.log(chalk_1.default.gray(`  Server:  ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:     ${orgId}`));
-    console.log(chalk_1.default.gray(`  Module:  ${uuid}`));
-    console.log('');
-    await graphqlRequest(domain, token, `
-    mutation ($input: DeleteAppModuleInput!) {
-      deleteAppModule(input: $input) {
-        deleteResult { __typename }
-      }
-    }
-  `, {
-        input: {
-            organizationId: orgId,
-            appModuleId: uuid,
-        },
-    });
-    console.log(chalk_1.default.green(`  ✓ Deleted: ${uuid}\n`));
-}
-async function runOrgsList() {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const data = await graphqlRequest(domain, token, `
-    query { organizations(take: 100) { items { organizationId companyName } } }
-  `, {});
-    const orgs = data?.organizations?.items;
-    if (!orgs || orgs.length === 0) {
-        console.log(chalk_1.default.gray('\n  No organizations found.\n'));
-        return;
-    }
-    console.log(chalk_1.default.bold.cyan('\n  Organizations\n'));
-    console.log(chalk_1.default.gray(`  Server: ${new URL(domain).hostname}\n`));
-    for (const org of orgs) {
-        const current = session.organization_id === org.organizationId;
-        const marker = current ? chalk_1.default.green(' ← current') : '';
-        console.log(chalk_1.default.white(`    ${org.organizationId}  ${org.companyName}${marker}`));
-    }
-    console.log('');
-}
-async function runOrgsUse(orgIdStr) {
-    if (!orgIdStr) {
-        // Show current context
-        const session = resolveSession();
-        const domain = session.domain;
-        console.log(chalk_1.default.bold.cyan('\n  Current Context\n'));
-        console.log(chalk_1.default.white(`  Server:  ${new URL(domain).hostname}`));
-        if (session.organization_id) {
-            console.log(chalk_1.default.white(`  Org:     ${session.organization_id}`));
-        }
-        else {
-            console.log(chalk_1.default.gray(`  Org:     (not set)`));
-        }
-        const appYamlPath = path.join(process.cwd(), 'app.yaml');
-        if (fs.existsSync(appYamlPath)) {
-            const appYaml = yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-            if (appYaml?.id) {
-                console.log(chalk_1.default.white(`  App:     ${appYaml.id} ${chalk_1.default.gray('(from app.yaml)')}`));
-            }
-            else {
-                console.log(chalk_1.default.gray(`  App:     (not set)`));
-            }
-        }
-        else {
-            console.log(chalk_1.default.gray(`  App:     (not set)`));
-        }
-        console.log('');
-        return;
-    }
-    const orgId = parseInt(orgIdStr, 10);
-    if (isNaN(orgId)) {
-        console.error(chalk_1.default.red(`Invalid organization ID: ${orgIdStr}. Must be a number.`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    // Validate the org exists
-    const data = await graphqlRequest(domain, token, `
-    query { organizations(take: 100) { items { organizationId companyName } } }
-  `, {});
-    const orgs = data?.organizations?.items;
-    const match = orgs?.find((o) => o.organizationId === orgId);
-    if (!match) {
-        console.error(chalk_1.default.red(`Organization ${orgId} not found.`));
-        if (orgs?.length) {
-            console.error(chalk_1.default.gray('\n  Available organizations:'));
-            for (const org of orgs) {
-                console.error(chalk_1.default.white(`    ${org.organizationId}  ${org.companyName}`));
-            }
-        }
-        console.error('');
-        process.exit(2);
-    }
-    // Save to session file
-    session.organization_id = orgId;
-    writeSessionFile(session);
-    console.log(chalk_1.default.green(`\n  ✓ Context set to: ${match.companyName} (${orgId})\n`));
-}
-async function runOrgsSelect() {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const data = await graphqlRequest(domain, token, `
-    query { organizations(take: 100) { items { organizationId companyName } } }
-  `, {});
-    const orgs = data?.organizations?.items;
-    if (!orgs || orgs.length === 0) {
-        console.log(chalk_1.default.gray('\n  No organizations found.\n'));
-        return;
-    }
-    console.log(chalk_1.default.bold.cyan('\n  Select Organization\n'));
-    console.log(chalk_1.default.gray(`  Server: ${new URL(domain).hostname}\n`));
-    for (let i = 0; i < orgs.length; i++) {
-        const org = orgs[i];
-        const current = session.organization_id === org.organizationId;
-        const marker = current ? chalk_1.default.green(' ← current') : '';
-        console.log(chalk_1.default.white(`    ${i + 1}) ${org.organizationId}  ${org.companyName}${marker}`));
-    }
-    console.log('');
-    const readline = require('readline');
-    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    const answer = await new Promise((resolve) => {
-        rl.question(chalk_1.default.yellow('  Enter number: '), (ans) => {
-            rl.close();
-            resolve(ans.trim());
-        });
-    });
-    const idx = parseInt(answer, 10) - 1;
-    if (isNaN(idx) || idx < 0 || idx >= orgs.length) {
-        console.error(chalk_1.default.red('\n  Invalid selection.\n'));
-        process.exit(2);
-    }
-    const selected = orgs[idx];
-    session.organization_id = selected.organizationId;
-    writeSessionFile(session);
-    console.log(chalk_1.default.green(`\n  ✓ Context set to: ${selected.companyName} (${selected.organizationId})\n`));
-}
-// ============================================================================
-// Workflow Commands
-// ============================================================================
-async function runWorkflowDeploy(file, orgOverride) {
-    if (!file) {
-        console.error(chalk_1.default.red('Error: File path required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow deploy <file.yaml> [--org <id>]`));
-        process.exit(2);
-    }
-    if (!fs.existsSync(file)) {
-        console.error(chalk_1.default.red(`Error: File not found: ${file}`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    const yamlContent = fs.readFileSync(file, 'utf-8');
-    const parsed = yaml_1.default.parse(yamlContent);
-    const workflowId = parsed?.workflow?.workflowId;
-    if (!workflowId) {
-        console.error(chalk_1.default.red('Error: Workflow YAML is missing workflow.workflowId'));
-        process.exit(2);
-    }
-    const workflowName = parsed?.workflow?.name || workflowId;
-    // Read app.yaml for appManifestId
-    let appManifestId;
-    const appYamlPath = path.join(process.cwd(), 'app.yaml');
-    if (fs.existsSync(appYamlPath)) {
-        const appYaml = yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-        appManifestId = appYaml?.id;
-    }
-    console.log(chalk_1.default.bold.cyan('\n  Workflow Deploy\n'));
-    console.log(chalk_1.default.gray(`  Server:    ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:       ${orgId}`));
-    console.log(chalk_1.default.gray(`  Workflow:  ${workflowName}`));
-    console.log('');
-    // Check if workflow exists
-    const checkData = await graphqlRequest(domain, token, `
-    query ($organizationId: Int!, $workflowId: UUID!) {
-      workflow(organizationId: $organizationId, workflowId: $workflowId) {
-        workflowId
-      }
-    }
-  `, { organizationId: orgId, workflowId });
-    if (checkData?.workflow) {
-        console.log(chalk_1.default.gray('  Updating existing workflow...'));
-        const updateInput = {
-            organizationId: orgId,
-            workflowId,
-            workflowYamlDocument: yamlContent,
-        };
-        if (appManifestId)
-            updateInput.appManifestId = appManifestId;
-        const result = await graphqlRequest(domain, token, `
-      mutation ($input: UpdateWorkflowInput!) {
-        updateWorkflow(input: $input) {
-          workflow { workflowId }
-        }
-      }
-    `, {
-            input: updateInput,
-        });
-        console.log(chalk_1.default.green(`  ✓ Updated: ${workflowName}\n`));
-    }
-    else {
-        console.log(chalk_1.default.gray('  Creating new workflow...'));
-        const createInput = {
-            organizationId: orgId,
-            workflowYamlDocument: yamlContent,
-        };
-        if (appManifestId)
-            createInput.appManifestId = appManifestId;
-        const result = await graphqlRequest(domain, token, `
-      mutation ($input: CreateWorkflowInput!) {
-        createWorkflow(input: $input) {
-          workflow { workflowId }
-        }
-      }
-    `, {
-            input: createInput,
-        });
-        console.log(chalk_1.default.green(`  ✓ Created: ${workflowName}\n`));
-    }
-}
-async function runWorkflowUndeploy(uuid, orgOverride) {
-    if (!uuid) {
-        console.error(chalk_1.default.red('Error: Workflow ID required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow undeploy <workflowId> [--org <id>]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    console.log(chalk_1.default.bold.cyan('\n  Workflow Undeploy\n'));
-    console.log(chalk_1.default.gray(`  Server:    ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:       ${orgId}`));
-    console.log(chalk_1.default.gray(`  Workflow:  ${uuid}`));
-    console.log('');
-    await graphqlRequest(domain, token, `
-    mutation ($input: DeleteWorkflowInput!) {
-      deleteWorkflow(input: $input) {
-        deleteResult { __typename }
-      }
-    }
-  `, {
-        input: {
-            organizationId: orgId,
-            workflowId: uuid,
-        },
-    });
-    console.log(chalk_1.default.green(`  ✓ Deleted: ${uuid}\n`));
-}
-async function uploadFileToServer(domain, token, orgId, localPath) {
-    const fileName = path.basename(localPath);
-    const ext = path.extname(localPath).toLowerCase();
-    const contentTypeMap = {
-        '.csv': 'text/csv', '.json': 'application/json', '.xml': 'application/xml',
-        '.xlsx': 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet',
-        '.xls': 'application/vnd.ms-excel', '.pdf': 'application/pdf',
-        '.txt': 'text/plain', '.zip': 'application/zip',
-    };
-    const contentType = contentTypeMap[ext] || 'application/octet-stream';
-    // Step 1: Get presigned upload URL
-    const data = await graphqlRequest(domain, token, `
-    query ($organizationId: Int!, $fileName: String!, $contentType: String!) {
-      uploadUrl(organizationId: $organizationId, fileName: $fileName, contentType: $contentType) {
-        presignedUrl
-        fileUrl
-      }
-    }
-  `, { organizationId: orgId, fileName, contentType });
-    const presignedUrl = data?.uploadUrl?.presignedUrl;
-    const fileUrl = data?.uploadUrl?.fileUrl;
-    if (!presignedUrl || !fileUrl) {
-        throw new Error('Failed to get upload URL from server');
-    }
-    // Step 2: PUT file content to presigned URL
-    const fileContent = fs.readFileSync(localPath);
-    const url = new URL(presignedUrl);
-    const httpModule = url.protocol === 'https:' ? https : http;
-    await new Promise((resolve, reject) => {
-        const req = httpModule.request(url, {
-            method: 'PUT',
-            headers: {
-                'Content-Type': contentType,
-                'Content-Length': fileContent.length,
-                'x-ms-blob-type': 'BlockBlob',
-            },
-        }, (res) => {
-            let body = '';
-            res.on('data', (chunk) => body += chunk);
-            res.on('end', () => {
-                if (res.statusCode && res.statusCode >= 200 && res.statusCode < 300) {
-                    resolve();
-                }
-                else {
-                    reject(new Error(`File upload failed (${res.statusCode}): ${body}`));
-                }
-            });
-        });
-        req.on('error', reject);
-        req.write(fileContent);
-        req.end();
-    });
-    return fileUrl;
-}
-async function runWorkflowExecute(workflowIdOrFile, orgOverride, variables, fileArgs) {
-    if (!workflowIdOrFile) {
-        console.error(chalk_1.default.red('Error: Workflow ID or YAML file required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow execute <workflowId|file.yaml> [--org <id>] [--vars '{"key":"value"}'] [--file varName=path]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    // Resolve workflowId
-    let workflowId = workflowIdOrFile;
-    let workflowName = workflowIdOrFile;
-    if (workflowIdOrFile.endsWith('.yaml') || workflowIdOrFile.endsWith('.yml')) {
-        if (!fs.existsSync(workflowIdOrFile)) {
-            console.error(chalk_1.default.red(`Error: File not found: ${workflowIdOrFile}`));
-            process.exit(2);
-        }
-        const parsed = yaml_1.default.parse(fs.readFileSync(workflowIdOrFile, 'utf-8'));
-        workflowId = parsed?.workflow?.workflowId;
-        workflowName = parsed?.workflow?.name || path.basename(workflowIdOrFile);
-        if (!workflowId) {
-            console.error(chalk_1.default.red('Error: Workflow YAML is missing workflow.workflowId'));
-            process.exit(2);
-        }
-    }
-    // Parse variables if provided
-    let vars;
-    if (variables) {
-        try {
-            vars = JSON.parse(variables);
-        }
-        catch {
-            console.error(chalk_1.default.red('Error: --vars must be valid JSON'));
-            process.exit(2);
-        }
-    }
-    // Process --file args: upload files and set URLs as variables
-    if (fileArgs && fileArgs.length > 0) {
-        if (!vars)
-            vars = {};
-        for (const fileArg of fileArgs) {
-            const eqIdx = fileArg.indexOf('=');
-            if (eqIdx < 1) {
-                console.error(chalk_1.default.red(`Error: --file must be in format varName=path (got: ${fileArg})`));
-                process.exit(2);
-            }
-            const varName = fileArg.substring(0, eqIdx);
-            const filePath = fileArg.substring(eqIdx + 1);
-            if (!fs.existsSync(filePath)) {
-                console.error(chalk_1.default.red(`Error: File not found: ${filePath}`));
-                process.exit(2);
-            }
-            console.log(chalk_1.default.gray(`  Uploading ${path.basename(filePath)}...`));
-            const fileUrl = await uploadFileToServer(domain, token, orgId, filePath);
-            vars[varName] = fileUrl;
-            console.log(chalk_1.default.gray(`  → ${varName} = ${fileUrl}`));
-        }
-    }
-    console.log(chalk_1.default.bold.cyan('\n  Workflow Execute\n'));
-    console.log(chalk_1.default.gray(`  Server:    ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:       ${orgId}`));
-    console.log(chalk_1.default.gray(`  Workflow:  ${workflowName}`));
-    if (vars)
-        console.log(chalk_1.default.gray(`  Variables: ${JSON.stringify(vars)}`));
-    console.log('');
-    const input = { organizationId: orgId, workflowId };
-    if (vars)
-        input.variables = vars;
-    const data = await graphqlRequest(domain, token, `
-    mutation ($input: ExecuteWorkflowInput!) {
-      executeWorkflow(input: $input) {
-        workflowExecutionResult {
-          executionId workflowId isAsync outputs
-        }
-      }
-    }
-  `, { input });
-    const result = data?.executeWorkflow?.workflowExecutionResult;
-    if (!result) {
-        console.error(chalk_1.default.red('  No execution result returned.\n'));
-        process.exit(2);
-    }
-    console.log(chalk_1.default.green(`  ✓ Executed: ${workflowName}`));
-    console.log(chalk_1.default.white(`  Execution ID: ${result.executionId}`));
-    console.log(chalk_1.default.white(`  Async:        ${result.isAsync}`));
-    if (result.outputs && Object.keys(result.outputs).length > 0) {
-        console.log(chalk_1.default.white(`  Outputs:`));
-        console.log(chalk_1.default.gray(`    ${JSON.stringify(result.outputs, null, 2).split('\n').join('\n    ')}`));
-    }
-    console.log('');
-}
-function resolveWorkflowId(workflowIdOrFile) {
-    if (workflowIdOrFile.endsWith('.yaml') || workflowIdOrFile.endsWith('.yml')) {
-        if (!fs.existsSync(workflowIdOrFile)) {
-            console.error(chalk_1.default.red(`Error: File not found: ${workflowIdOrFile}`));
-            process.exit(2);
-        }
-        const parsed = yaml_1.default.parse(fs.readFileSync(workflowIdOrFile, 'utf-8'));
-        const id = parsed?.workflow?.workflowId;
-        if (!id) {
-            console.error(chalk_1.default.red('Error: Workflow YAML is missing workflow.workflowId'));
-            process.exit(2);
-        }
-        return id;
-    }
-    return workflowIdOrFile;
-}
-async function runWorkflowLogs(workflowIdOrFile, orgOverride, fromDate, toDate) {
-    if (!workflowIdOrFile) {
-        console.error(chalk_1.default.red('Error: Workflow ID or YAML file required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow logs <workflowId|file.yaml> [--from <date>] [--to <date>]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    const workflowId = resolveWorkflowId(workflowIdOrFile);
-    // Parse date filters
-    const fromTs = fromDate ? new Date(fromDate).getTime() : 0;
-    const toTs = toDate ? new Date(toDate + 'T23:59:59').getTime() : Infinity;
-    if (fromDate && isNaN(fromTs)) {
-        console.error(chalk_1.default.red(`Invalid --from date: ${fromDate}. Use YYYY-MM-DD format.`));
-        process.exit(2);
-    }
-    if (toDate && isNaN(toTs)) {
-        console.error(chalk_1.default.red(`Invalid --to date: ${toDate}. Use YYYY-MM-DD format.`));
-        process.exit(2);
-    }
-    const data = await graphqlRequest(domain, token, `
-    query ($organizationId: Int!, $workflowId: UUID!) {
-      workflowExecutions(organizationId: $organizationId, workflowId: $workflowId, take: 100) {
-        totalCount
-        items { executionId executionStatus executedAt durationMs txtLogUrl user { fullName email } }
-      }
-    }
-  `, { organizationId: orgId, workflowId });
-    let items = data?.workflowExecutions?.items || [];
-    const total = data?.workflowExecutions?.totalCount || 0;
-    // Filter by date range
-    if (fromDate || toDate) {
-        items = items.filter((ex) => {
-            const t = new Date(ex.executedAt).getTime();
-            return t >= fromTs && t <= toTs;
-        });
-    }
-    // Sort descending
-    items.sort((a, b) => new Date(b.executedAt).getTime() - new Date(a.executedAt).getTime());
-    console.log(chalk_1.default.bold.cyan('\n  Workflow Logs\n'));
-    console.log(chalk_1.default.gray(`  Server:    ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Workflow:  ${workflowId}`));
-    console.log(chalk_1.default.gray(`  Total:     ${total}`));
-    if (fromDate || toDate) {
-        console.log(chalk_1.default.gray(`  Filter:    ${fromDate || '...'} → ${toDate || '...'}`));
-    }
-    console.log(chalk_1.default.gray(`  Showing:   ${items.length}\n`));
-    if (items.length === 0) {
-        console.log(chalk_1.default.gray('  No executions found.\n'));
-        return;
-    }
-    for (const ex of items) {
-        const date = new Date(ex.executedAt).toLocaleString();
-        const duration = ex.durationMs != null ? `${(ex.durationMs / 1000).toFixed(1)}s` : '?';
-        const statusColor = ex.executionStatus === 'Success' ? chalk_1.default.green : ex.executionStatus === 'Failed' ? chalk_1.default.red : chalk_1.default.yellow;
-        const logIcon = ex.txtLogUrl ? chalk_1.default.green('●') : chalk_1.default.gray('○');
-        const user = ex.user?.fullName || ex.user?.email || '';
-        console.log(`  ${logIcon} ${chalk_1.default.white(ex.executionId)}  ${statusColor(ex.executionStatus.padEnd(10))}  ${date}  ${chalk_1.default.gray(duration)}${user ? '  ' + chalk_1.default.gray(user) : ''}`);
-    }
-    console.log();
-    console.log(chalk_1.default.gray(`  ${chalk_1.default.green('●')} log available  ${chalk_1.default.gray('○')} no log`));
-    console.log(chalk_1.default.gray(`  Download: ${PROGRAM_NAME} workflow log <executionId> [--output <file>] [--console]\n`));
-}
-function fetchGzipText(url) {
-    const zlib = require('zlib');
-    return new Promise((resolve, reject) => {
-        const lib = url.startsWith('https') ? https : http;
-        lib.get(url, (res) => {
-            if (res.statusCode !== 200) {
-                reject(new Error(`HTTP ${res.statusCode}`));
-                res.resume();
-                return;
-            }
-            const rawChunks = [];
-            res.on('data', (chunk) => rawChunks.push(chunk));
-            res.on('end', () => {
-                const raw = Buffer.concat(rawChunks);
-                if (raw.length === 0) {
-                    resolve('(empty log)');
-                    return;
-                }
-                zlib.gunzip(raw, (err, result) => {
-                    if (err) {
-                        resolve(raw.toString('utf-8'));
-                        return;
-                    }
-                    resolve(result.toString('utf-8'));
-                });
-            });
-        }).on('error', reject);
-    });
-}
-async function runWorkflowLog(executionId, orgOverride, outputFile, toConsole, useJson) {
-    if (!executionId) {
-        console.error(chalk_1.default.red('Error: Execution ID required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow log <executionId> [--output <file>] [--console] [--json]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    const data = await graphqlRequest(domain, token, `
-    query ($organizationId: Int!, $executionId: UUID!) {
-      workflowExecution(organizationId: $organizationId, executionId: $executionId) {
-        executionId workflowId executionStatus executedAt durationMs
-        txtLogUrl jsonLogUrl
-        user { fullName email }
-      }
-    }
-  `, { organizationId: orgId, executionId });
-    const ex = data?.workflowExecution;
-    if (!ex) {
-        console.error(chalk_1.default.red(`Execution not found: ${executionId}`));
-        process.exit(2);
-    }
-    const logUrl = useJson ? ex.jsonLogUrl : ex.txtLogUrl;
-    const logType = useJson ? 'json' : 'txt';
-    const ext = useJson ? '.json' : '.log';
-    if (!logUrl) {
-        console.error(chalk_1.default.yellow(`No ${logType} log available for this execution.`));
-        process.exit(0);
-    }
-    const date = new Date(ex.executedAt).toLocaleString();
-    const duration = ex.durationMs != null ? `${(ex.durationMs / 1000).toFixed(1)}s` : '?';
-    const statusColor = ex.executionStatus === 'Success' ? chalk_1.default.green : ex.executionStatus === 'Failed' ? chalk_1.default.red : chalk_1.default.yellow;
-    const userName = ex.user?.fullName || ex.user?.email || '';
-    // Download log
-    let logText;
-    try {
-        logText = await fetchGzipText(logUrl);
-    }
-    catch (e) {
-        console.error(chalk_1.default.red(`Failed to download log: ${e.message}`));
-        process.exit(2);
-    }
-    // Pretty-print JSON if it's valid JSON
-    if (useJson) {
-        try {
-            const parsed = JSON.parse(logText);
-            logText = JSON.stringify(parsed, null, 2);
-        }
-        catch { /* keep as-is */ }
-    }
-    if (toConsole) {
-        console.log(chalk_1.default.bold.cyan('\n  Workflow Execution\n'));
-        console.log(chalk_1.default.white(`  ID:        ${ex.executionId}`));
-        console.log(chalk_1.default.white(`  Workflow:  ${ex.workflowId}`));
-        console.log(chalk_1.default.white(`  Status:    ${statusColor(ex.executionStatus)}`));
-        console.log(chalk_1.default.white(`  Executed:  ${date}`));
-        console.log(chalk_1.default.white(`  Duration:  ${duration}`));
-        if (userName)
-            console.log(chalk_1.default.white(`  User:      ${userName}`));
-        console.log(chalk_1.default.gray(`\n  --- ${logType.toUpperCase()} Log ---\n`));
-        console.log(logText);
-        return;
-    }
-    // Save to file
-    let filePath;
-    if (outputFile) {
-        filePath = path.resolve(outputFile);
-    }
-    else {
-        const tmpDir = os.tmpdir();
-        const dateStr = new Date(ex.executedAt).toISOString().slice(0, 10);
-        filePath = path.join(tmpDir, `workflow-${ex.workflowId}-${dateStr}-${executionId}${ext}`);
-    }
-    fs.writeFileSync(filePath, logText, 'utf-8');
-    console.log(chalk_1.default.green(`  ✓ ${logType.toUpperCase()} log saved: ${filePath}`));
-    console.log(chalk_1.default.gray(`    Execution: ${executionId}  ${statusColor(ex.executionStatus)}  ${date}  ${duration}`));
-}
-// ============================================================================
-// Publish Command
-// ============================================================================
-async function pushWorkflowQuiet(domain, token, orgId, file, appManifestId) {
-    let name = path.basename(file);
-    try {
-        const yamlContent = fs.readFileSync(file, 'utf-8');
-        const parsed = yaml_1.default.parse(yamlContent);
-        const workflowId = parsed?.workflow?.workflowId;
-        name = parsed?.workflow?.name || name;
-        if (!workflowId)
-            return { ok: false, name, error: 'Missing workflow.workflowId' };
-        const checkData = await graphqlRequest(domain, token, `
-      query ($organizationId: Int!, $workflowId: UUID!) {
-        workflow(organizationId: $organizationId, workflowId: $workflowId) { workflowId }
-      }
-    `, { organizationId: orgId, workflowId });
-        if (checkData?.workflow) {
-            const updateInput = { organizationId: orgId, workflowId, workflowYamlDocument: yamlContent };
-            if (appManifestId)
-                updateInput.appManifestId = appManifestId;
-            await graphqlRequest(domain, token, `
-        mutation ($input: UpdateWorkflowInput!) {
-          updateWorkflow(input: $input) { workflow { workflowId } }
-        }
-      `, { input: updateInput });
-        }
-        else {
-            const createInput = { organizationId: orgId, workflowYamlDocument: yamlContent };
-            if (appManifestId)
-                createInput.appManifestId = appManifestId;
-            await graphqlRequest(domain, token, `
-        mutation ($input: CreateWorkflowInput!) {
-          createWorkflow(input: $input) { workflow { workflowId } }
-        }
-      `, { input: createInput });
-        }
-        return { ok: true, name };
-    }
-    catch (e) {
-        return { ok: false, name, error: e.message };
-    }
-}
-async function pushModuleQuiet(domain, token, orgId, file, appManifestId) {
-    let name = path.basename(file);
-    try {
-        const yamlContent = fs.readFileSync(file, 'utf-8');
-        const parsed = yaml_1.default.parse(yamlContent);
-        const appModuleId = parsed?.module?.appModuleId;
-        name = parsed?.module?.name || name;
-        if (!appModuleId)
-            return { ok: false, name, error: 'Missing module.appModuleId' };
-        const checkData = await graphqlRequest(domain, token, `
-      query ($organizationId: Int!, $appModuleId: UUID!) {
-        appModule(organizationId: $organizationId, appModuleId: $appModuleId) { appModuleId }
-      }
-    `, { organizationId: orgId, appModuleId });
-        if (checkData?.appModule) {
-            const updateValues = { appModuleYamlDocument: yamlContent };
-            if (appManifestId)
-                updateValues.appManifestId = appManifestId;
-            await graphqlRequest(domain, token, `
-        mutation ($input: UpdateAppModuleInput!) {
-          updateAppModule(input: $input) { appModule { appModuleId name } }
-        }
-      `, { input: { organizationId: orgId, appModuleId, values: updateValues } });
-        }
-        else {
-            const values = { appModuleYamlDocument: yamlContent };
-            if (appManifestId)
-                values.appManifestId = appManifestId;
-            await graphqlRequest(domain, token, `
-        mutation ($input: CreateAppModuleInput!) {
-          createAppModule(input: $input) { appModule { appModuleId name } }
-        }
-      `, { input: { organizationId: orgId, values } });
-        }
-        return { ok: true, name };
-    }
-    catch (e) {
-        return { ok: false, name, error: e.message };
-    }
-}
-// ============================================================================
-// PAT Token Commands
-// ============================================================================
-async function runPatCreate(name) {
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const data = await graphqlRequest(domain, token, `
-    mutation ($input: CreatePersonalAccessTokenInput!) {
-      createPersonalAccessToken(input: $input) {
-        createPatPayload {
-          token
-          personalAccessToken { id name scopes }
-        }
-      }
-    }
-  `, { input: { input: { name, scopes: ['TMS.ApiAPI'] } } });
-    const payload = data?.createPersonalAccessToken?.createPatPayload;
-    const patToken = payload?.token;
-    const pat = payload?.personalAccessToken;
-    if (!patToken) {
-        console.error(chalk_1.default.red('Failed to create PAT token — no token returned.'));
-        process.exit(2);
-    }
-    console.log(chalk_1.default.green('PAT token created successfully!'));
-    console.log();
-    console.log(chalk_1.default.bold('  Token:'), chalk_1.default.cyan(patToken));
-    console.log(chalk_1.default.bold('  ID:   '), chalk_1.default.gray(pat?.id || 'unknown'));
-    console.log(chalk_1.default.bold('  Name: '), pat?.name || name);
-    console.log();
-    console.log(chalk_1.default.yellow('⚠  Copy the token now — it will not be shown again.'));
-    console.log();
-    console.log(chalk_1.default.bold('To use PAT authentication, add to your project .env file:'));
-    console.log();
-    console.log(chalk_1.default.cyan(`  CXTMS_AUTH=${patToken}`));
-    console.log(chalk_1.default.cyan(`  CXTMS_SERVER=${domain}`));
-    console.log();
-    console.log(chalk_1.default.gray('When CXTMS_AUTH is set, cxtms will skip OAuth login and use the PAT token directly.'));
-    console.log(chalk_1.default.gray('You can also export these as environment variables instead of using .env.'));
-}
-async function runPatList() {
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const data = await graphqlRequest(domain, token, `
-    {
-      personalAccessTokens(skip: 0, take: 50) {
-        items { id name createdAt expiresAt lastUsedAt scopes }
-        totalCount
-      }
-    }
-  `, {});
-    const items = data?.personalAccessTokens?.items || [];
-    const total = data?.personalAccessTokens?.totalCount ?? items.length;
-    if (items.length === 0) {
-        console.log(chalk_1.default.gray('No active PAT tokens found.'));
-        return;
-    }
-    console.log(chalk_1.default.bold(`PAT tokens (${total}):\n`));
-    for (const t of items) {
-        const expires = t.expiresAt ? new Date(t.expiresAt).toLocaleDateString() : 'never';
-        const lastUsed = t.lastUsedAt ? new Date(t.lastUsedAt).toLocaleDateString() : 'never';
-        console.log(`  ${chalk_1.default.cyan(t.name || '(unnamed)')}`);
-        console.log(`    ID:        ${chalk_1.default.gray(t.id)}`);
-        console.log(`    Created:   ${new Date(t.createdAt).toLocaleDateString()}`);
-        console.log(`    Expires:   ${expires}`);
-        console.log(`    Last used: ${lastUsed}`);
-        console.log(`    Scopes:    ${(t.scopes || []).join(', ') || 'none'}`);
-        console.log();
-    }
-}
-async function runPatRevoke(id) {
-    const session = resolveSession();
-    const { domain, access_token: token } = session;
-    const data = await graphqlRequest(domain, token, `
-    mutation ($input: RevokePersonalAccessTokenInput!) {
-      revokePersonalAccessToken(input: $input) {
-        personalAccessToken { id name revokedAt }
-      }
-    }
-  `, { input: { id } });
-    const revoked = data?.revokePersonalAccessToken?.personalAccessToken;
-    if (revoked) {
-        console.log(chalk_1.default.green(`PAT token revoked: ${revoked.name || revoked.id}`));
-    }
-    else {
-        console.log(chalk_1.default.green('PAT token revoked.'));
-    }
-}
-async function runPatSetup() {
-    const patToken = process.env.CXTMS_AUTH;
-    const server = process.env.CXTMS_SERVER || resolveDomainFromAppYaml();
-    console.log(chalk_1.default.bold('PAT Token Status:\n'));
-    if (patToken) {
-        const masked = patToken.slice(0, 8) + '...' + patToken.slice(-4);
-        console.log(chalk_1.default.green(`  CXTMS_AUTH is set: ${masked}`));
-    }
-    else {
-        console.log(chalk_1.default.yellow('  CXTMS_AUTH is not set'));
-    }
-    if (server) {
-        console.log(chalk_1.default.green(`  Server:           ${server}`));
-    }
-    else {
-        console.log(chalk_1.default.yellow('  Server:           not configured (add `server` to app.yaml or set CXTMS_SERVER)'));
-    }
-    console.log();
-    if (patToken && server) {
-        console.log(chalk_1.default.green('PAT authentication is active. OAuth login will be skipped.'));
-    }
-    else {
-        console.log(chalk_1.default.bold('To set up PAT authentication:'));
-        console.log();
-        console.log(chalk_1.default.white('  1. Create a token:'));
-        console.log(chalk_1.default.cyan('     cxtms pat create "my-token-name"'));
-        console.log();
-        console.log(chalk_1.default.white('  2. Add to your project .env file:'));
-        console.log(chalk_1.default.cyan('     CXTMS_AUTH=pat_xxxxx'));
-        console.log(chalk_1.default.cyan('     CXTMS_SERVER=https://your-server.com'));
-        console.log();
-        console.log(chalk_1.default.gray('  Or set `server` in app.yaml instead of CXTMS_SERVER.'));
-    }
-}
-async function runPublish(featureDir, orgOverride) {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    // Read app.yaml
-    const appYamlPath = path.join(process.cwd(), 'app.yaml');
-    if (!fs.existsSync(appYamlPath)) {
-        console.error(chalk_1.default.red('Error: app.yaml not found in current directory'));
-        process.exit(2);
-    }
-    const appYaml = yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-    const appManifestId = appYaml?.id;
-    const appName = appYaml?.name || 'unknown';
-    console.log(chalk_1.default.bold.cyan('\n  Publish\n'));
-    console.log(chalk_1.default.gray(`  Server:  ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:     ${orgId}`));
-    console.log(chalk_1.default.gray(`  App:     ${appName}`));
-    if (featureDir) {
-        console.log(chalk_1.default.gray(`  Feature: ${featureDir}`));
-    }
-    console.log('');
-    // Step 1: Create or update app manifest
-    if (appManifestId) {
-        console.log(chalk_1.default.gray('  Publishing app manifest...'));
-        try {
-            const checkData = await graphqlRequest(domain, token, `
-        query ($organizationId: Int!, $appManifestId: UUID!) {
-          appManifest(organizationId: $organizationId, appManifestId: $appManifestId) { appManifestId }
-        }
-      `, { organizationId: orgId, appManifestId });
-            if (checkData?.appManifest) {
-                await graphqlRequest(domain, token, `
-          mutation ($input: UpdateAppManifestInput!) {
-            updateAppManifest(input: $input) { appManifest { appManifestId name } }
-          }
-        `, { input: { organizationId: orgId, appManifestId, values: { name: appName, description: appYaml?.description || '' } } });
-                console.log(chalk_1.default.green('  ✓ App manifest updated'));
-            }
-            else {
-                await graphqlRequest(domain, token, `
-          mutation ($input: CreateAppManifestInput!) {
-            createAppManifest(input: $input) { appManifest { appManifestId name } }
-          }
-        `, { input: { organizationId: orgId, values: { appManifestId, name: appName, description: appYaml?.description || '' } } });
-                console.log(chalk_1.default.green('  ✓ App manifest created'));
-            }
-        }
-        catch (e) {
-            console.log(chalk_1.default.red(`  ✗ App manifest failed: ${e.message}`));
-        }
-    }
-    // Step 2: Discover files
-    const baseDir = featureDir ? path.join(process.cwd(), 'features', featureDir) : process.cwd();
-    if (featureDir && !fs.existsSync(baseDir)) {
-        console.error(chalk_1.default.red(`Error: Feature directory not found: features/${featureDir}`));
-        process.exit(2);
-    }
-    const workflowDirs = [path.join(baseDir, 'workflows')];
-    const moduleDirs = [path.join(baseDir, 'modules')];
-    // Collect YAML files
-    const workflowFiles = [];
-    const moduleFiles = [];
-    for (const dir of workflowDirs) {
-        if (fs.existsSync(dir)) {
-            for (const f of fs.readdirSync(dir)) {
-                if (f.endsWith('.yaml') || f.endsWith('.yml')) {
-                    workflowFiles.push(path.join(dir, f));
-                }
-            }
-        }
-    }
-    for (const dir of moduleDirs) {
-        if (fs.existsSync(dir)) {
-            for (const f of fs.readdirSync(dir)) {
-                if (f.endsWith('.yaml') || f.endsWith('.yml')) {
-                    moduleFiles.push(path.join(dir, f));
-                }
-            }
-        }
-    }
-    console.log(chalk_1.default.gray(`\n  Found ${workflowFiles.length} workflow(s), ${moduleFiles.length} module(s)\n`));
-    let succeeded = 0;
-    let failed = 0;
-    // Step 3: Deploy workflows
-    for (const file of workflowFiles) {
-        const relPath = path.relative(process.cwd(), file);
-        const result = await pushWorkflowQuiet(domain, token, orgId, file, appManifestId);
-        if (result.ok) {
-            console.log(chalk_1.default.green(`  ✓ ${relPath}`));
-            succeeded++;
-        }
-        else {
-            console.log(chalk_1.default.red(`  ✗ ${relPath}: ${result.error}`));
-            failed++;
-        }
-    }
-    // Step 4: Deploy modules
-    for (const file of moduleFiles) {
-        const relPath = path.relative(process.cwd(), file);
-        const result = await pushModuleQuiet(domain, token, orgId, file, appManifestId);
-        if (result.ok) {
-            console.log(chalk_1.default.green(`  ✓ ${relPath}`));
-            succeeded++;
-        }
-        else {
-            console.log(chalk_1.default.red(`  ✗ ${relPath}: ${result.error}`));
-            failed++;
-        }
-    }
-    // Summary
-    console.log('');
-    if (failed === 0) {
-        console.log(chalk_1.default.green(`  ✓ Published ${succeeded} file(s) successfully\n`));
-    }
-    else {
-        console.log(chalk_1.default.yellow(`  Published ${succeeded} file(s), ${failed} failed\n`));
-    }
-}
-// ============================================================================
-// App Manifest Commands (install from git, publish to git, list)
-// ============================================================================
-function readAppYaml() {
-    const appYamlPath = path.join(process.cwd(), 'app.yaml');
-    if (!fs.existsSync(appYamlPath)) {
-        console.error(chalk_1.default.red('Error: app.yaml not found in current directory'));
-        process.exit(2);
-    }
-    return yaml_1.default.parse(fs.readFileSync(appYamlPath, 'utf-8'));
-}
-async function runAppInstall(orgOverride, branch, force, skipChanged) {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    const appYaml = readAppYaml();
-    const repository = appYaml.repository;
-    if (!repository) {
-        console.error(chalk_1.default.red('Error: app.yaml must have a `repository` field'));
-        process.exit(2);
-    }
-    const repositoryBranch = branch || appYaml.branch || 'main';
-    console.log(chalk_1.default.bold.cyan('\n  App Install\n'));
-    console.log(chalk_1.default.gray(`  Server:     ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:        ${orgId}`));
-    console.log(chalk_1.default.gray(`  Repository: ${repository}`));
-    console.log(chalk_1.default.gray(`  Branch:     ${repositoryBranch}`));
-    if (force)
-        console.log(chalk_1.default.gray(`  Force:      yes`));
-    if (skipChanged)
-        console.log(chalk_1.default.gray(`  Skip changed: yes`));
-    console.log('');
-    try {
-        const data = await graphqlRequest(domain, token, `
-      mutation ($input: InstallAppManifestInput!) {
-        installAppManifest(input: $input) {
-          appManifest {
-            appManifestId
-            name
-            currentVersion
-            isEnabled
-            hasUnpublishedChanges
-            isUpdateAvailable
-          }
-        }
-      }
-    `, {
-            input: {
-                organizationId: orgId,
-                values: {
-                    repository,
-                    repositoryBranch,
-                    force: force || false,
-                    skipModulesWithChanges: skipChanged || false,
-                }
-            }
-        });
-        const manifest = data?.installAppManifest?.appManifest;
-        if (manifest) {
-            console.log(chalk_1.default.green(`  ✓ Installed ${manifest.name} v${manifest.currentVersion}`));
-            if (manifest.hasUnpublishedChanges) {
-                console.log(chalk_1.default.yellow(`    Has unpublished changes`));
-            }
-        }
-        else {
-            console.log(chalk_1.default.green('  ✓ Install completed'));
-        }
-    }
-    catch (e) {
-        console.error(chalk_1.default.red(`  ✗ Install failed: ${e.message}`));
-        process.exit(1);
-    }
-    console.log('');
-}
-async function runAppPublish(orgOverride, message, branch, force, targetFiles) {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    if (!message) {
-        console.error(chalk_1.default.red('Error: --message (-m) is required for app release'));
-        console.error(chalk_1.default.gray('Describe what changed, similar to a git commit message.'));
-        console.error(chalk_1.default.gray(`Example: ${PROGRAM_NAME} app release -m "Add new shipping module"`));
-        process.exit(2);
-    }
-    const appYaml = readAppYaml();
-    const appManifestId = appYaml.id;
-    if (!appManifestId) {
-        console.error(chalk_1.default.red('Error: app.yaml must have an `id` field'));
-        process.exit(2);
-    }
-    console.log(chalk_1.default.bold.cyan('\n  App Release\n'));
-    console.log(chalk_1.default.gray(`  Server:  ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:     ${orgId}`));
-    console.log(chalk_1.default.gray(`  App:     ${appYaml.name || appManifestId}`));
-    if (message)
-        console.log(chalk_1.default.gray(`  Message: ${message}`));
-    if (branch)
-        console.log(chalk_1.default.gray(`  Branch:  ${branch}`));
-    if (force)
-        console.log(chalk_1.default.gray(`  Force:   yes`));
-    // Extract workflow/module IDs from target files
-    const workflowIds = [];
-    const moduleIds = [];
-    if (targetFiles && targetFiles.length > 0) {
-        for (const file of targetFiles) {
-            if (!fs.existsSync(file)) {
-                console.error(chalk_1.default.red(`  Error: File not found: ${file}`));
-                process.exit(2);
-            }
-            const parsed = yaml_1.default.parse(fs.readFileSync(file, 'utf-8'));
-            if (parsed?.workflow?.workflowId) {
-                workflowIds.push(parsed.workflow.workflowId);
-                console.log(chalk_1.default.gray(`  Workflow: ${parsed.workflow.name || parsed.workflow.workflowId}`));
-            }
-            else if (parsed?.module?.appModuleId) {
-                moduleIds.push(parsed.module.appModuleId);
-                console.log(chalk_1.default.gray(`  Module:   ${parsed.module.name || parsed.module.appModuleId}`));
-            }
-            else {
-                console.error(chalk_1.default.red(`  Error: Cannot identify file type: ${file}`));
-                process.exit(2);
-            }
-        }
-    }
-    console.log('');
-    try {
-        const publishValues = {
-            message: message || undefined,
-            branch: branch || undefined,
-            force: force || false,
-        };
-        if (workflowIds.length > 0)
-            publishValues.workflowIds = workflowIds;
-        if (moduleIds.length > 0)
-            publishValues.moduleIds = moduleIds;
-        const data = await graphqlRequest(domain, token, `
-      mutation ($input: PublishAppManifestInput!) {
-        publishAppManifest(input: $input) {
-          appManifest {
-            appManifestId
-            name
-            currentVersion
-            hasUnpublishedChanges
-          }
-        }
-      }
-    `, {
-            input: {
-                organizationId: orgId,
-                appManifestId,
-                values: publishValues,
-            }
-        });
-        const manifest = data?.publishAppManifest?.appManifest;
-        if (manifest) {
-            console.log(chalk_1.default.green(`  ✓ Published ${manifest.name} v${manifest.currentVersion}`));
-        }
-        else {
-            console.log(chalk_1.default.green('  ✓ Publish completed'));
-        }
-    }
-    catch (e) {
-        console.error(chalk_1.default.red(`  ✗ Publish failed: ${e.message}`));
-        process.exit(1);
-    }
-    console.log('');
-}
-async function runAppList(orgOverride) {
-    const session = resolveSession();
-    const domain = session.domain;
-    const token = session.access_token;
-    const orgId = await resolveOrgId(domain, token, orgOverride);
-    console.log(chalk_1.default.bold.cyan('\n  App Manifests\n'));
-    console.log(chalk_1.default.gray(`  Server: ${new URL(domain).hostname}`));
-    console.log(chalk_1.default.gray(`  Org:    ${orgId}\n`));
-    try {
-        const data = await graphqlRequest(domain, token, `
-      query ($organizationId: Int!) {
-        appManifests(organizationId: $organizationId) {
-          items {
-            appManifestId
-            name
-            currentVersion
-            isEnabled
-            hasUnpublishedChanges
-            isUpdateAvailable
-            repository
-            repositoryBranch
-          }
-        }
-      }
-    `, { organizationId: orgId });
-        const items = data?.appManifests?.items || [];
-        if (items.length === 0) {
-            console.log(chalk_1.default.gray('  No app manifests installed\n'));
-            return;
-        }
-        for (const app of items) {
-            const flags = [];
-            if (!app.isEnabled)
-                flags.push(chalk_1.default.red('disabled'));
-            if (app.hasUnpublishedChanges)
-                flags.push(chalk_1.default.yellow('unpublished'));
-            if (app.isUpdateAvailable)
-                flags.push(chalk_1.default.cyan('update available'));
-            const flagStr = flags.length > 0 ? ` [${flags.join(', ')}]` : '';
-            console.log(`  ${chalk_1.default.bold(app.name)} ${chalk_1.default.gray(`v${app.currentVersion}`)}${flagStr}`);
-            console.log(chalk_1.default.gray(`    ID:   ${app.appManifestId}`));
-            if (app.repository) {
-                console.log(chalk_1.default.gray(`    Repo: ${app.repository} (${app.repositoryBranch || 'main'})`));
-            }
-        }
-        console.log('');
-    }
-    catch (e) {
-        console.error(chalk_1.default.red(`  ✗ Failed to list apps: ${e.message}`));
-        process.exit(1);
-    }
-}
-// ============================================================================
-// Query Command
-// ============================================================================
-async function runQuery(queryArg, variables) {
-    if (!queryArg) {
-        console.error(chalk_1.default.red('Error: query argument required (inline GraphQL string or .graphql/.gql file path)'));
-        process.exit(2);
-    }
-    // Resolve query: file path or inline string
-    let query;
-    if (queryArg.endsWith('.graphql') || queryArg.endsWith('.gql')) {
-        if (!fs.existsSync(queryArg)) {
-            console.error(chalk_1.default.red(`Error: file not found: ${queryArg}`));
-            process.exit(2);
-        }
-        query = fs.readFileSync(queryArg, 'utf-8');
-    }
-    else {
-        query = queryArg;
-    }
-    // Parse variables if provided
-    let vars = {};
-    if (variables) {
-        try {
-            vars = JSON.parse(variables);
-        }
-        catch {
-            console.error(chalk_1.default.red('Error: --vars must be valid JSON'));
-            process.exit(2);
-        }
-    }
-    const session = resolveSession();
-    const data = await graphqlRequest(session.domain, session.access_token, query, vars);
-    console.log(JSON.stringify(data, null, 2));
-}
-// ============================================================================
-// GQL Schema Exploration Command
-// ============================================================================
-async function runGql(sub, filter) {
-    if (!sub) {
-        console.error(chalk_1.default.red('Error: subcommand required'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} gql <queries|mutations|types|type> [name] [--filter <text>]`));
-        process.exit(2);
-    }
-    const session = resolveSession();
-    if (sub === 'type') {
-        if (!filter) {
-            console.error(chalk_1.default.red('Error: type name required'));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} gql type <TypeName>`));
-            process.exit(2);
-        }
-        await runGqlType(session, filter);
-    }
-    else if (sub === 'queries') {
-        await runGqlRootFields(session, 'queryType', filter);
-    }
-    else if (sub === 'mutations') {
-        await runGqlRootFields(session, 'mutationType', filter);
-    }
-    else if (sub === 'types') {
-        await runGqlTypes(session, filter);
-    }
-    else {
-        console.error(chalk_1.default.red(`Unknown gql subcommand: ${sub}`));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} gql <queries|mutations|types|type> [--filter <text>]`));
-        process.exit(2);
-    }
-}
-function formatGqlType(t) {
-    if (!t)
-        return 'unknown';
-    if (t.kind === 'NON_NULL')
-        return `${formatGqlType(t.ofType)}!`;
-    if (t.kind === 'LIST')
-        return `[${formatGqlType(t.ofType)}]`;
-    return t.name || 'unknown';
-}
-async function runGqlType(session, typeName) {
-    const query = `{
-    __type(name: "${typeName}") {
-      name kind description
-      fields { name description type { name kind ofType { name kind ofType { name kind ofType { name kind } } } } args { name type { name kind ofType { name kind ofType { name kind } } } defaultValue } }
-      inputFields { name type { name kind ofType { name kind ofType { name kind } } } defaultValue }
-      enumValues { name description }
-    }
-  }`;
-    const data = await graphqlRequest(session.domain, session.access_token, query, {});
-    const type = data.__type;
-    if (!type) {
-        console.error(chalk_1.default.red(`Type "${typeName}" not found`));
-        process.exit(1);
-    }
-    console.log(chalk_1.default.bold.cyan(`${type.name}`) + chalk_1.default.gray(` (${type.kind})`));
-    if (type.description)
-        console.log(chalk_1.default.gray(type.description));
-    console.log('');
-    if (type.fields && type.fields.length > 0) {
-        console.log(chalk_1.default.bold.yellow('Fields:'));
-        for (const f of type.fields) {
-            const typeStr = formatGqlType(f.type);
-            let line = `  ${chalk_1.default.green(f.name)}: ${chalk_1.default.cyan(typeStr)}`;
-            if (f.args && f.args.length > 0) {
-                const argsStr = f.args.map((a) => {
-                    const argType = formatGqlType(a.type);
-                    return a.defaultValue ? `${a.name}: ${argType} = ${a.defaultValue}` : `${a.name}: ${argType}`;
-                }).join(', ');
-                line += chalk_1.default.gray(` (${argsStr})`);
-            }
-            if (f.description)
-                line += chalk_1.default.gray(` — ${f.description}`);
-            console.log(line);
-        }
-    }
-    if (type.inputFields && type.inputFields.length > 0) {
-        console.log(chalk_1.default.bold.yellow('Input Fields:'));
-        for (const f of type.inputFields) {
-            const typeStr = formatGqlType(f.type);
-            let line = `  ${chalk_1.default.green(f.name)}: ${chalk_1.default.cyan(typeStr)}`;
-            if (f.defaultValue)
-                line += chalk_1.default.gray(` = ${f.defaultValue}`);
-            console.log(line);
-        }
-    }
-    if (type.enumValues && type.enumValues.length > 0) {
-        console.log(chalk_1.default.bold.yellow('Enum Values:'));
-        for (const v of type.enumValues) {
-            let line = `  ${chalk_1.default.green(v.name)}`;
-            if (v.description)
-                line += chalk_1.default.gray(` — ${v.description}`);
-            console.log(line);
-        }
-    }
-}
-async function runGqlRootFields(session, rootType, filter) {
-    const query = `{
-    __schema {
-      ${rootType} {
-        fields { name description args { name type { name kind ofType { name kind ofType { name kind } } } defaultValue } type { name kind ofType { name kind ofType { name kind } } } }
-      }
-    }
-  }`;
-    const data = await graphqlRequest(session.domain, session.access_token, query, {});
-    const fields = data.__schema?.[rootType]?.fields || [];
-    const filtered = filter
-        ? fields.filter((f) => f.name.toLowerCase().includes(filter.toLowerCase()))
-        : fields;
-    const label = rootType === 'queryType' ? 'Queries' : 'Mutations';
-    console.log(chalk_1.default.bold.yellow(`${label}${filter ? ` (filter: "${filter}")` : ''}:`));
-    console.log('');
-    for (const f of filtered) {
-        const returnType = formatGqlType(f.type);
-        console.log(`  ${chalk_1.default.green(f.name)}: ${chalk_1.default.cyan(returnType)}`);
-        if (f.description)
-            console.log(`    ${chalk_1.default.gray(f.description)}`);
-        if (f.args && f.args.length > 0) {
-            for (const a of f.args) {
-                const argType = formatGqlType(a.type);
-                const def = a.defaultValue ? chalk_1.default.gray(` = ${a.defaultValue}`) : '';
-                console.log(`    ${chalk_1.default.white(a.name)}: ${chalk_1.default.cyan(argType)}${def}`);
-            }
-        }
-        console.log('');
-    }
-    console.log(chalk_1.default.gray(`${filtered.length} ${label.toLowerCase()} found`));
-}
-async function runGqlTypes(session, filter) {
-    const query = `{
-    __schema {
-      types { name kind description }
-    }
-  }`;
-    const data = await graphqlRequest(session.domain, session.access_token, query, {});
-    const types = (data.__schema?.types || [])
-        .filter((t) => !t.name.startsWith('__'))
-        .filter((t) => !filter || t.name.toLowerCase().includes(filter.toLowerCase()));
-    const grouped = {};
-    for (const t of types) {
-        const kind = t.kind || 'OTHER';
-        if (!grouped[kind])
-            grouped[kind] = [];
-        grouped[kind].push(t);
-    }
-    const kindOrder = ['OBJECT', 'INPUT_OBJECT', 'ENUM', 'INTERFACE', 'UNION', 'SCALAR'];
-    for (const kind of kindOrder) {
-        const items = grouped[kind];
-        if (!items || items.length === 0)
-            continue;
-        console.log(chalk_1.default.bold.yellow(`${kind} (${items.length}):`));
-        for (const t of items.sort((a, b) => a.name.localeCompare(b.name))) {
-            let line = `  ${chalk_1.default.green(t.name)}`;
-            if (t.description)
-                line += chalk_1.default.gray(` — ${t.description}`);
-            console.log(line);
-        }
-        console.log('');
-    }
-    console.log(chalk_1.default.gray(`${types.length} types found${filter ? ` matching "${filter}"` : ''}`));
-}
-// ============================================================================
-// Extract Command
-// ============================================================================
-function runExtract(sourceFile, componentName, targetFile, copy) {
-    // Validate args
-    if (!sourceFile || !componentName || !targetFile) {
-        console.error(chalk_1.default.red('Error: Missing required arguments'));
-        console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} extract <source-file> <component-name> --to <target-file> [--copy]`));
-        process.exit(2);
-    }
-    // Check source exists
-    if (!fs.existsSync(sourceFile)) {
-        console.error(chalk_1.default.red(`Error: Source file not found: ${sourceFile}`));
-        process.exit(2);
-    }
-    // Read and parse source (Document API preserves comments)
-    const sourceContent = fs.readFileSync(sourceFile, 'utf-8');
-    const srcDoc = yaml_1.default.parseDocument(sourceContent);
-    const sourceJS = srcDoc.toJS();
-    if (!sourceJS || !Array.isArray(sourceJS.components)) {
-        console.error(chalk_1.default.red(`Error: Source file is not a valid module (missing components array): ${sourceFile}`));
-        process.exit(2);
-    }
-    // Get the AST components sequence
-    const srcComponents = srcDoc.get('components', true);
-    if (!(0, yaml_1.isSeq)(srcComponents)) {
-        console.error(chalk_1.default.red(`Error: Source components is not a sequence: ${sourceFile}`));
-        process.exit(2);
-    }
-    // Find component by exact name match
-    const compIndex = srcComponents.items.findIndex((item) => {
-        return (0, yaml_1.isMap)(item) && item.get('name') === componentName;
-    });
-    if (compIndex === -1) {
-        const available = sourceJS.components.map((c) => c.name).filter(Boolean);
-        console.error(chalk_1.default.red(`Error: Component not found: ${componentName}`));
-        if (available.length > 0) {
-            console.error(chalk_1.default.gray('Available components:'));
-            for (const name of available) {
-                console.error(chalk_1.default.gray(`  - ${name}`));
-            }
-        }
-        process.exit(2);
-    }
-    // Get the component AST node (clone for copy, take for move)
-    const componentNode = copy
-        ? srcDoc.createNode(sourceJS.components[compIndex])
-        : srcComponents.items[compIndex];
-    // Capture comment: if this is the first item, the comment lives on the parent seq
-    let componentComment;
-    if (compIndex === 0 && srcComponents.commentBefore) {
-        componentComment = srcComponents.commentBefore;
-        if (!copy) {
-            // Transfer the comment away from the source seq (it belongs to the extracted component)
-            srcComponents.commentBefore = undefined;
-        }
-    }
-    else {
-        componentComment = componentNode.commentBefore;
-    }
-    // Find matching routes (by index in AST)
-    const srcRoutes = srcDoc.get('routes', true);
-    const matchedRouteIndices = [];
-    if ((0, yaml_1.isSeq)(srcRoutes)) {
-        srcRoutes.items.forEach((item, idx) => {
-            if ((0, yaml_1.isMap)(item) && item.get('component') === componentName) {
-                matchedRouteIndices.push(idx);
-            }
-        });
-    }
-    // Collect route AST nodes (clone for copy, reference for move)
-    const routeNodes = matchedRouteIndices.map(idx => {
-        if (copy) {
-            return srcDoc.createNode(sourceJS.routes[idx]);
-        }
-        return srcRoutes.items[idx];
-    });
-    // Load or create target document
-    let tgtDoc;
-    let targetCreated = false;
-    if (fs.existsSync(targetFile)) {
-        const targetContent = fs.readFileSync(targetFile, 'utf-8');
-        tgtDoc = yaml_1.default.parseDocument(targetContent);
-        const targetJS = tgtDoc.toJS();
-        if (!targetJS || !Array.isArray(targetJS.components)) {
-            console.error(chalk_1.default.red(`Error: Target file is not a valid module (missing components array): ${targetFile}`));
-            process.exit(2);
-        }
-        // Check for duplicate component name
-        const duplicate = targetJS.components.find((c) => c.name === componentName);
-        if (duplicate) {
-            console.error(chalk_1.default.red(`Error: Target already contains a component named "${componentName}"`));
-            process.exit(2);
-        }
-    }
-    else {
-        // Create new module scaffold
-        const baseName = path.basename(targetFile, path.extname(targetFile));
-        const moduleName = baseName
-            .split('-')
-            .map((w) => w.charAt(0).toUpperCase() + w.slice(1))
-            .join('');
-        const sourceModule = typeof sourceJS.module === 'object' ? sourceJS.module : null;
-        const displayName = moduleName.replace(/([a-z])([A-Z])/g, '$1 $2');
-        const moduleObj = {
-            name: moduleName,
-            appModuleId: generateUUID(),
-            displayName: { 'en-US': displayName },
-            description: { 'en-US': `${displayName} module` },
-            application: 'System',
-        };
-        // In copy mode, set priority higher than source
-        if (copy) {
-            const sourcePriority = sourceModule?.priority;
-            moduleObj.priority = (0, extractUtils_1.computeExtractPriority)(sourcePriority);
-        }
-        // Parse from string so the document has proper AST context for comment preservation
-        const scaffoldStr = yaml_1.default.stringify({
-            module: moduleObj,
-            entities: [],
-            permissions: [],
-            components: [],
-            routes: []
-        }, { indent: 2, lineWidth: 0, singleQuote: false });
-        tgtDoc = yaml_1.default.parseDocument(scaffoldStr);
-        targetCreated = true;
-    }
-    // Add component to target (ensure block style so comments are preserved)
-    const tgtComponents = tgtDoc.get('components', true);
-    if ((0, yaml_1.isSeq)(tgtComponents)) {
-        tgtComponents.flow = false;
-        // Apply the captured comment: if it's the first item in target, set on seq; otherwise on node
-        if (componentComment) {
-            if (tgtComponents.items.length === 0) {
-                tgtComponents.commentBefore = componentComment;
-            }
-            else {
-                componentNode.commentBefore = componentComment;
-            }
-        }
-        tgtComponents.items.push(componentNode);
-    }
-    else {
-        tgtDoc.addIn(['components'], componentNode);
+        tgtDoc.addIn(['components'], componentNode);
     }
     // In move mode, remove component from source
     if (!copy) {
@@ -3579,7 +1539,7 @@ function parseArgs(args) {
         reportFormat: 'json'
     };
     // Check for commands
-    const commands = ['validate', 'schema', 'example', 'list', 'help', 'version', 'report', 'init', 'create', 'extract', 'sync-schemas', 'install-skills', 'update', 'setup-claude', 'login', 'logout', 'pat', 'appmodule', 'orgs', 'workflow', 'publish', 'query', 'gql', 'app'];
+    const commands = ['validate', 'schema', 'example', 'list', 'help', 'version', 'report', 'init', 'create', 'extract', 'sync-schemas', 'install-skills', 'update', 'setup-claude'];
     if (args.length > 0 && commands.includes(args[0])) {
         command = args[0];
         args = args.slice(1);
@@ -3655,50 +1615,6 @@ function parseArgs(args) {
         else if (arg === '--copy') {
             options.extractCopy = true;
         }
-        else if (arg === '--org') {
-            const orgArg = args[++i];
-            const parsed = parseInt(orgArg, 10);
-            if (isNaN(parsed)) {
-                console.error(chalk_1.default.red(`Invalid --org value: ${orgArg}. Must be a number.`));
-                process.exit(2);
-            }
-            options.orgId = parsed;
-        }
-        else if (arg === '--vars') {
-            options.vars = args[++i];
-        }
-        else if (arg === '--from') {
-            options.from = args[++i];
-        }
-        else if (arg === '--to') {
-            options.to = args[++i];
-        }
-        else if (arg === '--output' || arg === '-o') {
-            options.output = args[++i];
-        }
-        else if (arg === '--console') {
-            options.console = true;
-        }
-        else if (arg === '--message' || arg === '-m') {
-            options.message = args[++i];
-        }
-        else if (arg === '--branch' || arg === '-b') {
-            options.branch = args[++i];
-        }
-        else if (arg === '--file') {
-            if (!options.file)
-                options.file = [];
-            options.file.push(args[++i]);
-        }
-        else if (arg === '--filter') {
-            options.filter = args[++i];
-        }
-        else if (arg === '--force') {
-            options.force = true;
-        }
-        else if (arg === '--skip-changed') {
-            options.skipChanged = true;
-        }
         else if (!arg.startsWith('-')) {
             files.push(arg);
         }
@@ -4105,13 +2021,13 @@ function getSuggestion(error) {
                 return 'Check that the value type matches the expected type (string, number, boolean, etc.)';
             }
             if (error.message.includes('additionalProperties')) {
-                return 'Remove unrecognized properties. Use `cxtms schema <type>` to see allowed properties.';
+                return 'Remove unrecognized properties. Use `cx-cli schema <type>` to see allowed properties.';
             }
             return 'Review the schema requirements for this property';
         case 'yaml_syntax_error':
             return 'Check YAML indentation and syntax. Use a YAML linter to identify issues.';
         case 'invalid_task_type':
-            return `Use 'cxtms list --type workflow' to see available task types`;
+            return `Use 'cx-cli list --type workflow' to see available task types`;
         case 'invalid_activity':
             return 'Each activity must have a "name" and "steps" array';
         default:
@@ -4485,151 +2401,7 @@ async function main() {
     }
     // Handle version
     if (options.version) {
-        console.log(`cxtms v${VERSION}`);
-        process.exit(0);
-    }
-    // Handle login command (no schemas needed)
-    if (command === 'login') {
-        if (!files[0]) {
-            console.error(chalk_1.default.red('Error: URL required'));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} login <url>`));
-            process.exit(2);
-        }
-        await runLogin(files[0]);
-        process.exit(0);
-    }
-    // Handle logout command (no schemas needed)
-    if (command === 'logout') {
-        await runLogout(files[0]);
-        process.exit(0);
-    }
-    // Handle pat command (no schemas needed)
-    if (command === 'pat') {
-        const sub = files[0];
-        if (sub === 'create') {
-            if (!files[1]) {
-                console.error(chalk_1.default.red('Error: Token name required'));
-                console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} pat create <name>`));
-                process.exit(2);
-            }
-            await runPatCreate(files[1]);
-        }
-        else if (sub === 'list' || !sub) {
-            await runPatList();
-        }
-        else if (sub === 'revoke') {
-            if (!files[1]) {
-                console.error(chalk_1.default.red('Error: Token ID required'));
-                console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} pat revoke <tokenId>`));
-                process.exit(2);
-            }
-            await runPatRevoke(files[1]);
-        }
-        else if (sub === 'setup') {
-            await runPatSetup();
-        }
-        else {
-            console.error(chalk_1.default.red(`Unknown pat subcommand: ${sub}`));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} pat <create|list|revoke|setup>`));
-            process.exit(2);
-        }
-        process.exit(0);
-    }
-    // Handle orgs command (no schemas needed)
-    if (command === 'orgs') {
-        const sub = files[0];
-        if (sub === 'list' || !sub) {
-            await runOrgsList();
-        }
-        else if (sub === 'use') {
-            await runOrgsUse(files[1]);
-        }
-        else if (sub === 'select') {
-            await runOrgsSelect();
-        }
-        else {
-            console.error(chalk_1.default.red(`Unknown orgs subcommand: ${sub}`));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} orgs <list|use|select>`));
-            process.exit(2);
-        }
-        process.exit(0);
-    }
-    // Handle appmodule command (no schemas needed)
-    if (command === 'appmodule') {
-        const sub = files[0];
-        if (sub === 'deploy') {
-            await runAppModuleDeploy(files[1], options.orgId);
-        }
-        else if (sub === 'undeploy') {
-            await runAppModuleUndeploy(files[1], options.orgId);
-        }
-        else {
-            console.error(chalk_1.default.red(`Unknown appmodule subcommand: ${sub || '(none)'}`));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} appmodule <deploy|undeploy> ...`));
-            process.exit(2);
-        }
-        process.exit(0);
-    }
-    // Handle workflow command (no schemas needed)
-    if (command === 'workflow') {
-        const sub = files[0];
-        if (sub === 'deploy') {
-            await runWorkflowDeploy(files[1], options.orgId);
-        }
-        else if (sub === 'undeploy') {
-            await runWorkflowUndeploy(files[1], options.orgId);
-        }
-        else if (sub === 'execute') {
-            await runWorkflowExecute(files[1], options.orgId, options.vars, options.file);
-        }
-        else if (sub === 'logs') {
-            await runWorkflowLogs(files[1], options.orgId, options.from, options.to);
-        }
-        else if (sub === 'log') {
-            await runWorkflowLog(files[1], options.orgId, options.output, options.console, options.format === 'json');
-        }
-        else {
-            console.error(chalk_1.default.red(`Unknown workflow subcommand: ${sub || '(none)'}`));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} workflow <deploy|undeploy|execute|logs|log> ...`));
-            process.exit(2);
-        }
-        process.exit(0);
-    }
-    // Handle publish command (no schemas needed)
-    if (command === 'publish') {
-        await runPublish(files[0] || options.feature, options.orgId);
-        process.exit(0);
-    }
-    // Handle app command (no schemas needed)
-    if (command === 'app') {
-        const sub = files[0];
-        if (sub === 'install' || sub === 'upgrade') {
-            await runAppInstall(options.orgId, options.branch, options.force, options.skipChanged);
-        }
-        else if (sub === 'release' || sub === 'publish') {
-            await runAppPublish(options.orgId, options.message, options.branch, options.force, files.slice(1));
-        }
-        else if (sub === 'list' || !sub) {
-            await runAppList(options.orgId);
-        }
-        else {
-            console.error(chalk_1.default.red(`Unknown app subcommand: ${sub}`));
-            console.error(chalk_1.default.gray(`Usage: ${PROGRAM_NAME} app <install|upgrade|release|list>`));
-            process.exit(2);
-        }
-        process.exit(0);
-    }
-    // Handle gql command (no schemas needed)
-    if (command === 'gql') {
-        const sub = files[0];
-        // For 'gql type <name>', the type name is in files[1] — use it as filter
-        const filterArg = sub === 'type' ? (files[1] || options.filter) : options.filter;
-        await runGql(sub, filterArg);
-        process.exit(0);
-    }
-    // Handle query command (no schemas needed)
-    if (command === 'query') {
-        await runQuery(files[0], options.vars);
+        console.log(`cx-cli v${VERSION}`);
         process.exit(0);
     }
     // Find schemas path