@dboio/cli 0.8.0 → 0.8.2

package/README.md

@@ -185,8 +185,26 @@ A gitignore-style file in the project root that controls which files and directo
 
 **Used by:**
 - `dbo init` — scaffold empty-check (determines if directory is "effectively empty")
-- `dbo add .` — directory scanning (which files/dirs to skip)
-- `dbo push` — metadata file discovery (which dirs to skip)
+- `dbo add .` — directory scanning (which files/dirs to skip); also checked in single-file mode (`dbo add file.html`)
+- `dbo push` — metadata file discovery: skips matching `.metadata.json` / `_output~*.json` files AND any record whose companion content file (`@reference`) matches an ignore pattern
+
+**Bypass:** Use `dbo input -d '...'` to submit expressions for a file that would otherwise be ignored — `dbo input` never does file discovery so `.dboignore` does not apply.
+
+**Pattern examples:**
+
+```gitignore
+# Ignore all SQL companion files (output records with CustomSQL)
+**/*.CustomSQL.sql
+
+# Ignore a specific record (by metadata file path)
+Bins/app/my-draft-page.metadata.json
+
+# Ignore an entire directory
+Bins/staging/
+
+# Ignore all content in Bins/ (still push entity-dir records like Extensions/)
+Bins/
+```
 
 **Syntax:** Same as `.gitignore` — glob patterns, `#` comments, blank lines, negation with `!`, directory-only patterns with trailing `/`.
 
@@ -250,7 +268,7 @@ dbo init --scaffold --yes                             # scaffold dirs non-intera
 | `--domain <host>` | DBO instance domain |
 | `--username <user>` | DBO username (stored for login default) |
 | `--force` | Overwrite existing configuration. Triggers a domain-change confirmation prompt when the new domain differs from the project reference domain |
-| `--app <shortName>` | App short name (triggers clone after init) |
+| `--app <shortName>` | App short name (triggers clone after init). Prompts for password and authenticates automatically before fetching app data from the server |
 | `--clone` | Clone the app after initialization |
 | `-g, --global` | Install Claude commands globally (`~/.claude/commands/`) |
 | `--local` | Install Claude commands to project (`.claude/commands/`) |
@@ -305,12 +323,12 @@ The project's reference domain is stored in `app.json._domain` (committed to git
 
 #### What clone does
 
-1. **Loads app JSON** — from a local file, server API, or interactive prompt
+1. **Loads app JSON** — from a local file, server API, or interactive prompt. A spinner shows progress while fetching from the server (responses can be slow as the JSON is assembled on demand)
 2. **Updates `.dbo/config.json`** — saves `AppID`, `AppUID`, `AppName`, `AppShortName`, `AppModifyKey` (if the app is locked), and `cloneSource` (the source used for this clone)
 3. **Updates `package.json`** — populates `name`, `productName`, `description`, `homepage`, and `deploy` script
 4. **Creates directories** — processes `children.bin` to build the directory hierarchy based on `ParentBinID` relationships
 5. **Saves `.dbo/structure.json`** — maps BinIDs to directory paths for file placement
-6. **Writes content files** — decodes base64 content, creates `*.metadata.json` + content files in the correct bin directory
+6. **Writes content files** — decodes base64 content, creates `*.metadata.json` + content files in the correct bin directory. When a record's `Extension` field is empty, prompts you to choose from `css`, `js`, `html`, `xml`, `txt`, `md`, `cs`, `json`, `sql` (or skip to keep no extension). The chosen extension is saved back into the `metadata.json` `Extension` field
 7. **Downloads media files** — fetches binary files (images, CSS, fonts) from the server via `/api/media/{uid}` and saves with metadata
 8. **Processes entity-dir records** — entities matching project directories (`extension`, `app_version`, `data_source`, `site`, `group`, `integration`, `automation`) are saved as `.metadata.json` files in their corresponding directory (e.g., `Extensions/`, `Data Sources/`)
 9. **Processes other entities** — remaining entities with a `BinID` are placed in the corresponding bin directory
@@ -1015,6 +1033,8 @@ After accepting changes, file modification times are synced to the server's `_La
 
 Push local files back to DBO.io using metadata from a previous pull. This is the counterpart to `dbo content pull` and `dbo output --save`.
 
+Files and records matching `.dboignore` patterns are skipped — both by metadata file path (e.g. `*.metadata.json`) and by companion content file path (e.g. a record whose `@Content` points to an ignored `.sql` file). To push an ignored file directly, use `dbo input -d '...'` with an explicit expression.
+
 #### Round-trip workflow
 
 ```bash
@@ -1188,6 +1208,8 @@ The next `dbo push` processes all pending deletions before pushing file changes.
 
 Add a new file to DBO.io by creating a server record. Similar to `git add`, this registers a local file with the server.
 
+Files matching `.dboignore` patterns are skipped — both in directory-scan mode (`dbo add .`) and single-file mode (`dbo add file.html`). Use `dbo input` to create a record for an ignored file directly.
+
 #### Single file
 
 ```bash

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dboio/cli",
-  "version": "0.8.0",
+  "version": "0.8.2",
   "description": "CLI for the DBO.io framework",
   "type": "module",
   "bin": {

package/src/commands/add.js

@@ -73,6 +73,14 @@ async function detectDocumentationFile(filePath) {
 }
 
 async function addSingleFile(filePath, client, options, batchDefaults) {
+  // Check .dboignore before doing any processing
+  const ig = await loadIgnore();
+  const relPath = relative(process.cwd(), filePath).replace(/\\/g, '/');
+  if (ig.ignores(relPath)) {
+    log.dim(`Skipped (dboignored): ${relPath}`);
+    return null;
+  }
+
   const dir = dirname(filePath);
   const ext = extname(filePath);
   const base = basename(filePath, ext);

package/src/commands/clone.js

@@ -444,10 +444,22 @@ export const cloneCommand = new Command('clone')
 async function resolveAppSource(source, options, config) {
   if (source) {
     if (source.startsWith('http://') || source.startsWith('https://')) {
-      log.info(`Fetching app JSON from ${source}...`);
-      const res = await fetch(source);
-      if (!res.ok) throw new Error(`HTTP ${res.status} fetching ${source}`);
-      return await res.json();
+      const ora = (await import('ora')).default;
+      const spinner = ora(`Fetching app JSON from ${source}...`).start();
+      let res;
+      try {
+        res = await fetch(source);
+      } catch (err) {
+        spinner.fail(`Failed to fetch from ${source}`);
+        throw err;
+      }
+      if (!res.ok) {
+        spinner.fail(`HTTP ${res.status} fetching ${source}`);
+        throw new Error(`HTTP ${res.status} fetching ${source}`);
+      }
+      const json = await res.json();
+      spinner.succeed('Loaded app JSON');
+      return json;
     }
     log.info(`Loading app JSON from ${source}...`);
     const raw = await readFile(source, 'utf8');
@@ -460,10 +472,22 @@ async function resolveAppSource(source, options, config) {
     if (storedSource && storedSource !== 'default') {
       // Stored source is a local file path or URL — reuse it
       if (storedSource.startsWith('http://') || storedSource.startsWith('https://')) {
-        log.info(`Fetching app JSON from ${storedSource} (stored source)...`);
-        const res = await fetch(storedSource);
-        if (!res.ok) throw new Error(`HTTP ${res.status} fetching ${storedSource}`);
-        return await res.json();
+        const ora = (await import('ora')).default;
+        const spinner = ora(`Fetching app JSON from ${storedSource} (stored source)...`).start();
+        let res;
+        try {
+          res = await fetch(storedSource);
+        } catch (err) {
+          spinner.fail(`Failed to fetch from ${storedSource}`);
+          throw err;
+        }
+        if (!res.ok) {
+          spinner.fail(`HTTP ${res.status} fetching ${storedSource}`);
+          throw new Error(`HTTP ${res.status} fetching ${storedSource}`);
+        }
+        const json = await res.json();
+        spinner.succeed('Loaded app JSON');
+        return json;
       }
       if (await fileExists(storedSource)) {
         log.info(`Loading app JSON from ${storedSource} (stored source)...`);
@@ -960,19 +984,45 @@ async function resolvePlacementPreferences(appJson, options) {
  */
 async function fetchAppFromServer(appShortName, options, config) {
   const client = new DboClient({ domain: options.domain, verbose: options.verbose });
-  log.info(`Fetching app "${appShortName}" from server...`);
 
-  const result = await client.get(`/api/app/object/${appShortName}`);
+  const ora = (await import('ora')).default;
+  const spinner = ora(`Fetching app "${appShortName}" from server...`).start();
+
+  let result;
+  try {
+    result = await client.get(`/api/app/object/${appShortName}`);
+  } catch (err) {
+    spinner.fail(`Failed to fetch app "${appShortName}"`);
+    throw err;
+  }
 
   const data = result.payload || result.data;
-  const rows = Array.isArray(data) ? data : (data?.Rows || data?.rows || []);
 
-  if (rows.length === 0) {
+  // Handle all response shapes:
+  //   1. Array of rows: [{ UID, ShortName, ... }]
+  //   2. Object with Rows key: { Rows: [...] }
+  //   3. Single app object: { UID, ShortName, children, ... }
+  let appRecord;
+  if (Array.isArray(data)) {
+    appRecord = data.length > 0 ? data[0] : null;
+  } else if (data?.Rows?.length > 0) {
+    appRecord = data.Rows[0];
+  } else if (data?.rows?.length > 0) {
+    appRecord = data.rows[0];
+  } else if (data && typeof data === 'object' && (data.UID || data.ShortName)) {
+    // Single app object returned directly as payload
+    appRecord = data;
+  } else {
+    appRecord = null;
+  }
+
+  if (!appRecord) {
+    spinner.fail(`No app found with ShortName "${appShortName}"`);
     throw new Error(`No app found with ShortName "${appShortName}"`);
   }
 
-  log.success(`Found app on server`);
-  return rows[0];
+  spinner.succeed(`Found app on server`);
+  return appRecord;
 }
 
 /**
@@ -2114,6 +2164,41 @@ async function processRecord(entityName, record, structure, options, usedNames,
   }
   // If still no extension, ext remains '' (no extension)
 
+  // If no extension determined and Content column has data, prompt user to choose one
+  if (!ext && !options.yes && record.Content) {
+    const cv = record.Content;
+    const hasContentData = cv && (
+      (typeof cv === 'object' && cv.value !== null && cv.value !== undefined) ||
+      (typeof cv === 'string' && cv.length > 0)
+    );
+    if (hasContentData) {
+      // Decode a snippet for preview
+      let snippet = '';
+      try {
+        const decoded = resolveContentValue(cv);
+        if (decoded) {
+          snippet = decoded.substring(0, 80).replace(/\n/g, ' ').replace(/\s+/g, ' ').trim();
+          if (decoded.length > 80) snippet += '...';
+        }
+      } catch { /* ignore decode errors */ }
+      const preview = snippet ? ` (${snippet})` : '';
+      const VALID_CONTENT_EXTENSIONS = ['css', 'js', 'html', 'xml', 'txt', 'md', 'cs', 'json', 'sql'];
+      const inquirer = (await import('inquirer')).default;
+      const { chosenExt } = await inquirer.prompt([{
+        type: 'list',
+        name: 'chosenExt',
+        message: `No extension found for "${record.Name || record.UID}". Choose a file extension for the Content:${preview}`,
+        choices: [
+          ...VALID_CONTENT_EXTENSIONS.map(e => ({ name: `.${e}`, value: e })),
+          { name: 'No extension (skip)', value: '' },
+        ],
+      }]);
+      if (chosenExt) {
+        ext = chosenExt;
+      }
+    }
+  }
+
   // Avoid double extension: if name already ends with .ext, strip it
   if (ext) {
     const extWithDot = `.${ext}`;
@@ -2320,6 +2405,13 @@ async function processRecord(entityName, record, structure, options, usedNames,
     meta._contentColumns = ['Content'];
   }
 
+  // If the extension picker chose an extension (record.Extension was null),
+  // set it in metadata only — not in the record — so the baseline preserves
+  // the server's null and push detects the change.
+  if (ext && !record.Extension) {
+    meta.Extension = ext;
+  }
+
   await writeFile(metaPath, JSON.stringify(meta, null, 2) + '\n');
   log.dim(`  → ${metaPath}`);
 

package/src/commands/init.js

@@ -7,6 +7,7 @@ import { scaffoldProjectDirs, logScaffoldResult } from '../lib/scaffold.js';
 import { createDboignore, loadIgnore } from '../lib/ignore.js';
 import { log } from '../lib/logger.js';
 import { checkDomainChange, writeAppJsonDomain } from '../lib/domain-guard.js';
+import { performLogin } from './login.js';
 
 export const initCommand = new Command('init')
   .description('Initialize DBO CLI configuration for the current directory')
@@ -165,7 +166,7 @@ export const initCommand = new Command('init')
         logScaffoldResult(result);
       }
 
-      // Clone if requested
+      // Clone if requested — requires authentication first
       if (options.clone || options.app) {
         let appShortName = options.app;
         if (!appShortName) {
@@ -177,6 +178,13 @@ export const initCommand = new Command('init')
           }]);
           appShortName = appName;
         }
+
+        // Authenticate before fetching app data from the server
+        if (!options.nonInteractive) {
+          log.info('Login required to fetch app data from the server.');
+          await performLogin(domain, username);
+        }
+
         const { performClone } = await import('./clone.js');
         await performClone(null, { app: appShortName, domain });
       }

package/src/commands/login.js

@@ -3,6 +3,75 @@ import { loadConfig, saveUserInfo, saveUserProfile, ensureGitignore } from '../l
 import { DboClient } from '../lib/client.js';
 import { log } from '../lib/logger.js';
 
+/**
+ * Perform authentication against a DBO instance.
+ * Prompts for missing credentials interactively.
+ * Returns true on success, throws on failure.
+ *
+ * @param {string|null} domain - Override domain (null = use config)
+ * @param {string|null} knownUsername - Pre-filled username (will prompt if null)
+ */
+export async function performLogin(domain, knownUsername) {
+  const config = await loadConfig();
+  const client = new DboClient({ domain });
+
+  let username = knownUsername || config.username;
+  let password;
+
+  // Interactive prompt for missing credentials
+  const inquirer = (await import('inquirer')).default;
+  const answers = await inquirer.prompt([
+    { type: 'input', name: 'username', message: 'Username (email):', default: username || undefined, when: !username },
+    { type: 'password', name: 'password', message: 'Password:', mask: '*' },
+  ]);
+  username = username || answers.username;
+  password = answers.password;
+
+  const params = new URLSearchParams();
+  params.append('_username', username);
+  params.append('_password', password);
+
+  const result = await client.postUrlEncoded('/api/authenticate', params.toString());
+
+  if (!result.successful) {
+    throw new Error('Authentication failed');
+  }
+
+  log.success(`Authenticated as ${username} on ${await client.getDomain()}`);
+  await ensureGitignore(['.dbo/credentials.json', '.dbo/cookies.txt', '.dbo/ticketing.local.json']);
+
+  // Fetch and store user info (non-critical)
+  try {
+    const userResult = await client.get('/api/output/31799e38f0854956a47f10', { '_format': 'json_raw' });
+    const userData = userResult.payload || userResult.data;
+    const rows = Array.isArray(userData) ? userData : (userData?.Rows || userData?.rows || []);
+    if (rows.length > 0) {
+      const row = rows[0];
+      const userId = row.ID || row.id || row.UserID || row.userId;
+      if (userId) {
+        await saveUserInfo({ userId: String(userId) });
+        log.dim(`  User ID: ${userId}`);
+      }
+      const firstName = row.FirstName || row.firstname || row.first_name;
+      const lastName = row.LastName || row.lastname || row.last_name;
+      const email = row.Email || row.email;
+      const profile = {};
+      if (firstName) profile.FirstName = firstName;
+      if (lastName) profile.LastName = lastName;
+      if (email) profile.Email = email;
+      if (Object.keys(profile).length > 0) {
+        await saveUserProfile(profile);
+        if (firstName || lastName) log.dim(`  Name:     ${[firstName, lastName].filter(Boolean).join(' ')}`);
+        if (email) log.dim(`  Email:    ${email}`);
+      }
+    }
+  } catch {
+    log.dim('  Could not retrieve user info (non-critical)');
+  }
+
+  return true;
+}
+
 export const loginCommand = new Command('login')
   .description('Authenticate with a DBO.io instance')
   .option('-u, --username <value>', 'Username')

package/src/commands/push.js

@@ -12,6 +12,7 @@ import { checkModifyKey, isModifyKeyError, handleModifyKeyError } from '../lib/m
 import { resolveTransactionKey } from '../lib/transaction-key.js';
 import { setFileTimestamps } from '../lib/timestamps.js';
 import { findMetadataFiles } from '../lib/diff.js';
+import { loadIgnore } from '../lib/ignore.js';
 import { detectChangedColumns, findBaselineEntry } from '../lib/delta.js';
 
 /**
@@ -178,7 +179,8 @@ async function pushSingleFile(filePath, client, options, modifyKey = null, trans
  * Push all records found in a directory (recursive)
  */
 async function pushDirectory(dirPath, client, options, modifyKey = null, transactionKey = 'RowUID') {
-  const metaFiles = await findMetadataFiles(dirPath);
+  const ig = await loadIgnore();
+  const metaFiles = await findMetadataFiles(dirPath, ig);
 
   if (metaFiles.length === 0) {
     log.warn(`No .metadata.json files found in "${dirPath}".`);
@@ -238,6 +240,26 @@ async function pushDirectory(dirPath, client, options, modifyKey = null, transac
     }
     if (missingFiles) { skipped++; continue; }
 
+    // Check if any companion content file is ignored by .dboignore
+    {
+      const metaDir = dirname(metaPath);
+      let contentIgnored = false;
+      for (const col of contentCols) {
+        const ref = meta[col];
+        if (ref && String(ref).startsWith('@')) {
+          const refFile = String(ref).substring(1);
+          const contentPath = resolveAtReference(refFile, metaDir);
+          const relContent = relative(process.cwd(), contentPath).replace(/\\/g, '/');
+          if (ig.ignores(relContent)) {
+            log.dim(`  Skipped (dboignored): ${basename(metaPath)}`);
+            contentIgnored = true;
+            break;
+          }
+        }
+      }
+      if (contentIgnored) { skipped++; continue; }
+    }
+
     // Detect changed columns (delta detection)
     let changedColumns = null;
     if (baseline) {
@@ -263,7 +285,8 @@ async function pushDirectory(dirPath, client, options, modifyKey = null, transac
 
   // Pre-flight ticket validation (only if no --ticket flag)
   if (!options.ticket && toPush.length > 0) {
-    const ticketCheck = await checkStoredTicket(options);
+    const recordSummary = toPush.map(r => basename(r.metaPath, '.metadata.json')).join(', ');
+    const ticketCheck = await checkStoredTicket(options, `${toPush.length} record(s): ${recordSummary}`);
     if (ticketCheck.cancel) {
       log.info('Submission cancelled');
       return;
@@ -397,31 +420,61 @@ async function pushFromMetadata(meta, metaPath, client, options, changedColumns
     }
   }
 
-  if (dataExprs.length === 0) {
+  // Detect media file upload (binary file changed for media entity)
+  const isMediaUpload = entity === 'media' && meta._mediaFile
+    && String(meta._mediaFile).startsWith('@')
+    && changedColumns?.includes('_mediaFile');
+
+  if (dataExprs.length === 0 && !isMediaUpload) {
     log.warn(`Nothing to push for ${basename(metaPath)}`);
     return false;
   }
 
-  const fieldLabel = changedColumns ? `${dataExprs.length} changed field(s)` : `${dataExprs.length} field(s)`;
+  const fieldLabel = changedColumns ? `${dataExprs.length} changed field(s)${isMediaUpload ? ' + media file' : ''}` : `${dataExprs.length} field(s)`;
   log.info(`Pushing ${basename(metaPath, '.metadata.json')} (${entity}:${rowKeyValue}) — ${fieldLabel}`);
 
   // Apply stored ticket if no --ticket flag
-  await applyStoredTicketToSubmission(dataExprs, entity, uid || id, uid || id, options);
+  const storedTicket = await applyStoredTicketToSubmission(dataExprs, entity, uid || id, uid || id, options);
 
   const extraParams = { '_confirm': options.confirm };
   if (options.ticket) extraParams['_OverrideTicketID'] = options.ticket;
+  else if (storedTicket) extraParams['_OverrideTicketID'] = storedTicket;
   if (modifyKey) extraParams['_modify_key'] = modifyKey;
 
-  let body = await buildInputBody(dataExprs, extraParams);
-  let result = await client.postUrlEncoded('/api/input/submit', body);
+  let result;
 
-  // Reactive ModifyKey retry — server rejected because key wasn't set locally
-  if (!result.successful && result.messages?.some(m => isModifyKeyError(m))) {
-    const retryMK = await handleModifyKeyError();
-    if (retryMK.cancel) { log.info('Submission cancelled'); return false; }
-    extraParams['_modify_key'] = retryMK.modifyKey;
-    body = await buildInputBody(dataExprs, extraParams);
+  if (isMediaUpload) {
+    // Media file upload: use multipart/form-data
+    const mediaFileName = String(meta._mediaFile).substring(1);
+    const mediaFilePath = resolveAtReference(mediaFileName, metaDir);
+
+    // Ensure at least one data expression to identify the row for the server
+    if (dataExprs.length === 0 && meta.Filename) {
+      dataExprs.push(`${rowKeyPrefix}:${rowKeyValue};column:${entity}.Filename=${meta.Filename}`);
+    }
+
+    const fields = { ...extraParams };
+    for (const expr of dataExprs) {
+      const eqIdx = expr.indexOf('=');
+      if (eqIdx !== -1) {
+        fields[expr.substring(0, eqIdx)] = expr.substring(eqIdx + 1);
+      }
+    }
+
+    const files = [{ fieldName: 'file', filePath: mediaFilePath, fileName: mediaFileName }];
+    result = await client.postMultipart('/api/input/submit', fields, files);
+  } else {
+    let body = await buildInputBody(dataExprs, extraParams);
     result = await client.postUrlEncoded('/api/input/submit', body);
+
+    // Reactive ModifyKey retry — server rejected because key wasn't set locally
+    if (!result.successful && result.messages?.some(m => isModifyKeyError(m))) {
+      const retryMK = await handleModifyKeyError();
+      if (retryMK.cancel) { log.info('Submission cancelled'); return false; }
+      extraParams['_modify_key'] = retryMK.modifyKey;
+      body = await buildInputBody(dataExprs, extraParams);
+      result = await client.postUrlEncoded('/api/input/submit', body);
+    }
   }
 
   // Retry with prompted params if needed (ticket, user, repo mismatch)
@@ -445,8 +498,22 @@ async function pushFromMetadata(meta, metaPath, client, options, changedColumns
     const params = retryResult.retryParams || retryResult;
     Object.assign(extraParams, params);
 
-    body = await buildInputBody(dataExprs, extraParams);
-    result = await client.postUrlEncoded('/api/input/submit', body);
+    if (isMediaUpload) {
+      const mediaFileName = String(meta._mediaFile).substring(1);
+      const mediaFilePath = resolveAtReference(mediaFileName, metaDir);
+      const fields = { ...extraParams };
+      for (const expr of dataExprs) {
+        const eqIdx = expr.indexOf('=');
+        if (eqIdx !== -1) {
+          fields[expr.substring(0, eqIdx)] = expr.substring(eqIdx + 1);
+        }
+      }
+      const files = [{ fieldName: 'file', filePath: mediaFilePath, fileName: mediaFileName }];
+      result = await client.postMultipart('/api/input/submit', fields, files);
+    } else {
+      const body = await buildInputBody(dataExprs, extraParams);
+      result = await client.postUrlEncoded('/api/input/submit', body);
+    }
   }
 
   formatResponse(result, { json: options.json, jq: options.jq });
@@ -486,6 +553,11 @@ async function pushFromMetadata(meta, metaPath, client, options, changedColumns
               await setFileTimestamps(contentPath, meta._CreatedOn, updated, serverTz);
             }
           }
+          // Update media file mtime too
+          if (meta._mediaFile && String(meta._mediaFile).startsWith('@')) {
+            const mediaPath = join(dirname(metaPath), String(meta._mediaFile).substring(1));
+            await setFileTimestamps(mediaPath, meta._CreatedOn, updated, serverTz);
+          }
         }
       }
     }

package/src/lib/delta.js

@@ -1,4 +1,4 @@
-import { readFile } from 'fs/promises';
+import { readFile, stat } from 'fs/promises';
 import { join, dirname } from 'path';
 import { log } from './logger.js';
 
@@ -132,6 +132,19 @@ export async function detectChangedColumns(metaPath, baseline) {
     }
   }
 
+  // Check _mediaFile for binary file changes (media entities)
+  if (metadata._mediaFile && isReference(metadata._mediaFile)) {
+    const mediaPath = resolveReferencePath(metadata._mediaFile, metaDir);
+    try {
+      const mediaStat = await stat(mediaPath);
+      const metaStat = await stat(metaPath);
+      // Media file modified more recently than metadata = local change
+      if (mediaStat.mtimeMs > metaStat.mtimeMs + 2000) {
+        changedColumns.push('_mediaFile');
+      }
+    } catch { /* missing file, skip */ }
+  }
+
   return changedColumns;
 }
 

package/src/lib/diff.js

@@ -45,10 +45,12 @@ export async function findMetadataFiles(dir, ig) {
       if (ig.ignores(relPath + '/') || ig.ignores(relPath)) continue;
       results.push(...await findMetadataFiles(fullPath, ig));
     } else if (entry.name.endsWith('.metadata.json')) {
-      results.push(fullPath);
+      const relPath = relative(process.cwd(), fullPath).replace(/\\/g, '/');
+      if (!ig.ignores(relPath)) results.push(fullPath);
     } else if (entry.name.startsWith('_output~') && entry.name.endsWith('.json') && !entry.name.includes('.CustomSQL.')) {
       // Output hierarchy files: _output~<name>~<uid>.json and nested entity files
-      results.push(fullPath);
+      const relPath = relative(process.cwd(), fullPath).replace(/\\/g, '/');
+      if (!ig.ignores(relPath)) results.push(fullPath);
     }
   }
 

package/src/lib/ticketing.js

@@ -145,7 +145,7 @@ export function buildTicketExpression(entity, rowId, ticketId) {
  *
  * @param {Object} options - Command options (checks options.ticket for flag override)
  */
-export async function checkStoredTicket(options) {
+export async function checkStoredTicket(options, context = '') {
   // --ticket flag takes precedence; skip stored-ticket prompt
   if (options.ticket) {
     return { useTicket: false, clearTicket: false, cancel: false };
@@ -162,11 +162,12 @@ export async function checkStoredTicket(options) {
     return { useTicket: true, clearTicket: false, cancel: false };
   }
 
+  const suffix = context ? ` (${context})` : '';
   const inquirer = (await import('inquirer')).default;
   const { action } = await inquirer.prompt([{
     type: 'list',
     name: 'action',
-    message: `Use stored Ticket ID "${data.ticket_id}" for this submission?`,
+    message: `Use stored Ticket ID "${data.ticket_id}" for this submission?${suffix}`,
     choices: [
       { name: `Yes, use "${data.ticket_id}"`, value: 'use' },
       { name: 'Use a different ticket for this submission only', value: 'alt_once' },
@@ -213,7 +214,7 @@ export async function checkStoredTicket(options) {
  * @param {string|null} [sessionOverride] - One-time ticket override from pre-flight prompt
  */
 export async function applyStoredTicketToSubmission(dataExprs, entity, rowId, uid, options, sessionOverride = null) {
-  if (options.ticket) return; // --ticket flag takes precedence
+  if (options.ticket) return null; // --ticket flag takes precedence
 
   const recordTicket = await getRecordTicket(uid);
   const globalTicket = await getGlobalTicket();
@@ -223,5 +224,7 @@ export async function applyStoredTicketToSubmission(dataExprs, entity, rowId, ui
     const ticketExpr = buildTicketExpression(entity, rowId, ticketToUse);
     dataExprs.push(ticketExpr);
     log.dim(`  Applying ticket: ${ticketToUse}`);
+    return ticketToUse;
   }
+  return null;
 }