@enactprotocol/cli 1.2.3 → 1.2.5

package/dist/index.js.bak

@@ -157,31 +157,52 @@ var require_src = __commonJS((exports, module) => {
 });
 
 // ../shared/dist/utils/config.js
-import { homedir as homedir2 } from "os";
-import { join as join2 } from "path";
-import { existsSync as existsSync2 } from "fs";
-import { mkdir as mkdir2, readFile as readFile2, writeFile as writeFile2 } from "fs/promises";
+import { homedir } from "os";
+import { join } from "path";
+import { existsSync } from "fs";
+import { mkdir, readFile, writeFile } from "fs/promises";
 async function ensureConfig() {
-  if (!existsSync2(CONFIG_DIR2)) {
-    await mkdir2(CONFIG_DIR2, { recursive: true });
+  if (!existsSync(CONFIG_DIR)) {
+    await mkdir(CONFIG_DIR, { recursive: true });
   }
-  if (!existsSync2(CONFIG_FILE)) {
-    await writeFile2(CONFIG_FILE, JSON.stringify({ history: [] }, null, 2));
+  if (!existsSync(CONFIG_FILE)) {
+    const defaultConfig = {
+      history: [],
+      urls: {
+        frontend: DEFAULT_FRONTEND_URL,
+        api: DEFAULT_API_URL
+      }
+    };
+    await writeFile(CONFIG_FILE, JSON.stringify(defaultConfig, null, 2));
   }
 }
 async function readConfig() {
   await ensureConfig();
   try {
-    const data = await readFile2(CONFIG_FILE, "utf8");
-    return JSON.parse(data);
+    const data = await readFile(CONFIG_FILE, "utf8");
+    const config = JSON.parse(data);
+    if (!config.urls) {
+      config.urls = {
+        frontend: DEFAULT_FRONTEND_URL,
+        api: DEFAULT_API_URL
+      };
+      await writeConfig(config);
+    }
+    return config;
   } catch (error) {
     console.error("Failed to read config:", error.message);
-    return { history: [] };
+    return {
+      history: [],
+      urls: {
+        frontend: DEFAULT_FRONTEND_URL,
+        api: DEFAULT_API_URL
+      }
+    };
   }
 }
 async function writeConfig(config) {
   await ensureConfig();
-  await writeFile2(CONFIG_FILE, JSON.stringify(config, null, 2));
+  await writeFile(CONFIG_FILE, JSON.stringify(config, null, 2));
 }
 async function addToHistory(filePath) {
   const config = await readConfig();
@@ -207,10 +228,190 @@ async function getDefaultUrl() {
   const config = await readConfig();
   return config.defaultUrl;
 }
-var CONFIG_DIR2, CONFIG_FILE;
+async function getFrontendUrl() {
+  if (process.env.ENACT_FRONTEND_URL) {
+    return process.env.ENACT_FRONTEND_URL;
+  }
+  const config = await readConfig();
+  if (config.urls?.frontend) {
+    return config.urls.frontend;
+  }
+  return DEFAULT_FRONTEND_URL;
+}
+async function getApiUrl() {
+  if (process.env.ENACT_API_URL) {
+    return process.env.ENACT_API_URL;
+  }
+  const config = await readConfig();
+  if (config.urls?.api) {
+    return config.urls.api;
+  }
+  return DEFAULT_API_URL;
+}
+async function setFrontendUrl(url) {
+  const config = await readConfig();
+  if (!config.urls) {
+    config.urls = {};
+  }
+  config.urls.frontend = url;
+  await writeConfig(config);
+}
+async function setApiUrl(url) {
+  const config = await readConfig();
+  if (!config.urls) {
+    config.urls = {};
+  }
+  config.urls.api = url;
+  await writeConfig(config);
+}
+async function resetUrls() {
+  const config = await readConfig();
+  if (config.urls) {
+    delete config.urls.frontend;
+    delete config.urls.api;
+  }
+  await writeConfig(config);
+}
+async function getUrlConfig() {
+  const config = await readConfig();
+  let frontendValue = DEFAULT_FRONTEND_URL;
+  let frontendSource = "default";
+  if (config.urls?.frontend) {
+    frontendValue = config.urls.frontend;
+    frontendSource = "config";
+  }
+  if (process.env.ENACT_FRONTEND_URL) {
+    frontendValue = process.env.ENACT_FRONTEND_URL;
+    frontendSource = "environment";
+  }
+  let apiValue = DEFAULT_API_URL;
+  let apiSource = "default";
+  if (config.urls?.api) {
+    apiValue = config.urls.api;
+    apiSource = "config";
+  }
+  if (process.env.ENACT_API_URL) {
+    apiValue = process.env.ENACT_API_URL;
+    apiSource = "environment";
+  }
+  return {
+    frontend: { value: frontendValue, source: frontendSource },
+    api: { value: apiValue, source: apiSource }
+  };
+}
+async function ensureTrustedKeysDir() {
+  if (!existsSync(CONFIG_DIR)) {
+    await mkdir(CONFIG_DIR, { recursive: true });
+  }
+  if (!existsSync(TRUSTED_KEYS_DIR)) {
+    await mkdir(TRUSTED_KEYS_DIR, { recursive: true });
+  }
+  const defaultKeyFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.pem");
+  const defaultMetaFile = join(TRUSTED_KEYS_DIR, "enact-protocol-official.meta");
+  if (!existsSync(defaultKeyFile)) {
+    await writeFile(defaultKeyFile, DEFAULT_ENACT_PUBLIC_KEY);
+  }
+  if (!existsSync(defaultMetaFile)) {
+    const defaultMeta = {
+      name: "Enact Protocol Official",
+      description: "Official Enact Protocol signing key for verified tools",
+      addedAt: new Date().toISOString(),
+      source: "default",
+      keyFile: "enact-protocol-official.pem"
+    };
+    await writeFile(defaultMetaFile, JSON.stringify(defaultMeta, null, 2));
+  }
+}
+async function getTrustedKeys() {
+  await ensureTrustedKeysDir();
+  const keys = [];
+  try {
+    const { readdir } = await import("fs/promises");
+    const files = await readdir(TRUSTED_KEYS_DIR);
+    const pemFiles = files.filter((f) => f.endsWith(".pem"));
+    for (const pemFile of pemFiles) {
+      try {
+        const keyId = pemFile.replace(".pem", "");
+        const keyPath = join(TRUSTED_KEYS_DIR, pemFile);
+        const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+        const publicKey = await readFile(keyPath, "utf8");
+        let meta = {
+          name: keyId,
+          addedAt: new Date().toISOString(),
+          source: "user",
+          keyFile: pemFile
+        };
+        if (existsSync(metaPath)) {
+          try {
+            const metaData = await readFile(metaPath, "utf8");
+            meta = { ...meta, ...JSON.parse(metaData) };
+          } catch {}
+        }
+        keys.push({
+          id: keyId,
+          name: meta.name,
+          publicKey: publicKey.trim(),
+          description: meta.description,
+          addedAt: meta.addedAt,
+          source: meta.source,
+          keyFile: pemFile
+        });
+      } catch (error) {
+        console.warn(`Warning: Could not read key file ${pemFile}:`, error);
+      }
+    }
+  } catch (error) {
+    console.error("Failed to read trusted keys directory:", error);
+  }
+  return keys;
+}
+async function addTrustedKey(keyData) {
+  await ensureTrustedKeysDir();
+  const keyFile = `${keyData.id}.pem`;
+  const metaFile = `${keyData.id}.meta`;
+  const keyPath = join(TRUSTED_KEYS_DIR, keyFile);
+  const metaPath = join(TRUSTED_KEYS_DIR, metaFile);
+  if (existsSync(keyPath)) {
+    throw new Error(`Key with ID '${keyData.id}' already exists`);
+  }
+  await writeFile(keyPath, keyData.publicKey);
+  const meta = {
+    name: keyData.name,
+    description: keyData.description,
+    addedAt: new Date().toISOString(),
+    source: keyData.source || "user",
+    keyFile
+  };
+  await writeFile(metaPath, JSON.stringify(meta, null, 2));
+}
+async function removeTrustedKey(keyId) {
+  const keyPath = join(TRUSTED_KEYS_DIR, `${keyId}.pem`);
+  const metaPath = join(TRUSTED_KEYS_DIR, `${keyId}.meta`);
+  if (!existsSync(keyPath)) {
+    throw new Error(`Trusted key '${keyId}' not found`);
+  }
+  const { unlink } = await import("fs/promises");
+  await unlink(keyPath);
+  if (existsSync(metaPath)) {
+    await unlink(metaPath);
+  }
+}
+async function getTrustedKey(keyId) {
+  const keys = await getTrustedKeys();
+  return keys.find((k3) => k3.id === keyId) || null;
+}
+async function isKeyTrusted(publicKey) {
+  const keys = await getTrustedKeys();
+  return keys.some((k3) => k3.publicKey.trim() === publicKey.trim());
+}
+var CONFIG_DIR, CONFIG_FILE, TRUSTED_KEYS_DIR, DEFAULT_FRONTEND_URL = "https://enact.tools", DEFAULT_API_URL = "https://xjnhhxwxovjifdxdwzih.supabase.co", DEFAULT_ENACT_PUBLIC_KEY = `-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8VyE3jGm5yT2mKnPx1dQF7q8Z2Kv
+7mX9YnE2mK8vF3tY9pL6xH2dF8sK3mN7wQ5vT2gR8sL4xN6pM9uE3wF2Qw==
+-----END PUBLIC KEY-----`;
 var init_config = __esm(() => {
-  CONFIG_DIR2 = join2(homedir2(), ".enact");
-  CONFIG_FILE = join2(CONFIG_DIR2, "config.json");
+  CONFIG_DIR = join(homedir(), ".enact");
+  CONFIG_FILE = join(CONFIG_DIR, "config.json");
+  TRUSTED_KEYS_DIR = join(CONFIG_DIR, "trusted-keys");
 });
 
 // ../../node_modules/dotenv/package.json
@@ -288,7 +489,7 @@ var require_main = __commonJS((exports, module) => {
   var packageJson = require_package();
   var version = packageJson.version;
   var LINE = /(?:^|^)\s*(?:export\s+)?([\w.-]+)(?:\s*=\s*?|:\s+?)(\s*'(?:\\'|[^'])*'|\s*"(?:\\"|[^"])*"|\s*`(?:\\`|[^`])*`|[^#\r\n]+)?\s*(?:#.*)?(?:$|$)/mg;
-  function parse2(src) {
+  function parse(src) {
     const obj = {};
     let lines = src.toString();
     lines = lines.replace(/\r\n?/mg, `
@@ -556,7 +757,7 @@ var require_main = __commonJS((exports, module) => {
     _parseVault,
     config,
     decrypt,
-    parse: parse2,
+    parse,
     populate
   };
   exports.configDotenv = DotenvModule.configDotenv;
@@ -570,10 +771,10 @@ var require_main = __commonJS((exports, module) => {
 });
 
 // ../shared/dist/utils/env-loader.js
-import { join as join3 } from "path";
-import { homedir as homedir3 } from "os";
-import { existsSync as existsSync3 } from "fs";
-import { readFile as readFile3 } from "fs/promises";
+import { join as join2 } from "path";
+import { homedir as homedir2 } from "os";
+import { existsSync as existsSync2 } from "fs";
+import { readFile as readFile2 } from "fs/promises";
 function extractPackageNamespace(toolName) {
   const parts = toolName.split("/");
   if (parts.length < 2) {
@@ -585,7 +786,7 @@ function extractPackageNamespace(toolName) {
   return parts[0];
 }
 function getPackageEnvPath(packageNamespace) {
-  return join3(CONFIG_DIR3, "env", packageNamespace, ".env");
+  return join2(CONFIG_DIR2, "env", packageNamespace, ".env");
 }
 function decryptValue(encryptedValue) {
   try {
@@ -596,11 +797,11 @@ function decryptValue(encryptedValue) {
 }
 async function readPackageEnvConfig(packageNamespace) {
   const envFile = getPackageEnvPath(packageNamespace);
-  if (!existsSync3(envFile)) {
+  if (!existsSync2(envFile)) {
     return { variables: {} };
   }
   try {
-    const data = await readFile3(envFile, "utf8");
+    const data = await readFile2(envFile, "utf8");
     if (data.trim().startsWith("{")) {
       return JSON.parse(data);
     } else {
@@ -629,7 +830,7 @@ function loadPackageEnvFile(toolName) {
   try {
     const packageNamespace = extractPackageNamespace(toolName);
     const packageEnvPath = getPackageEnvPath(packageNamespace);
-    if (!existsSync3(packageEnvPath)) {
+    if (!existsSync2(packageEnvPath)) {
       return {};
     }
     const result = import_dotenv.config({ path: packageEnvPath });
@@ -740,10 +941,10 @@ function generateConfigLink(missingVars, toolName) {
   const encodedPackage = encodeURIComponent(packageNamespace);
   return `${webUrl}/?vars=${encodedVars}&package=${encodedPackage}`;
 }
-var import_dotenv, CONFIG_DIR3;
+var import_dotenv, CONFIG_DIR2;
 var init_env_loader = __esm(() => {
   import_dotenv = __toESM(require_main(), 1);
-  CONFIG_DIR3 = join3(homedir3(), ".enact");
+  CONFIG_DIR2 = join2(homedir2(), ".enact");
   import_dotenv.config();
 });
 
@@ -819,10 +1020,10 @@ var require_picocolors2 = __commonJS((exports, module) => {
 
 // ../shared/dist/utils/help.js
 import { readFileSync } from "fs";
-import { join as join4 } from "path";
+import { join as join3 } from "path";
 function getVersion() {
   try {
-    const packageJsonPath = join4(__dirname, "../../package.json");
+    const packageJsonPath = join3(__dirname, "../../package.json");
     const packageJson = JSON.parse(readFileSync(packageJsonPath, "utf8"));
     return packageJson.version || "0.1.0";
   } catch (error) {
@@ -832,47 +1033,47 @@ function getVersion() {
 function showHelp() {
   const version = getVersion();
   console.error(`
-${import_picocolors4.default.bold("Enact CLI")} ${import_picocolors4.default.dim(`v${version}`)}
-${import_picocolors4.default.dim("A CLI tool for managing and publishing Enact tools")}
-
-${import_picocolors4.default.bold("Usage:")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("<command>")} [options]
-
-${import_picocolors4.default.bold("Commands:")}
-  ${import_picocolors4.default.green("auth")}       Manage authentication (login, logout, status, token)
-  ${import_picocolors4.default.green("env")}        Manage environment variables (set, get, list, delete)
-  ${import_picocolors4.default.green("exec")}       Execute a tool by fetching and running it
-  ${import_picocolors4.default.green("init")}       Create a new tool definition
-  ${import_picocolors4.default.green("mcp")}        MCP client integration (install, list, status)
-  ${import_picocolors4.default.green("publish")}    Publish a tool to the registry
-  ${import_picocolors4.default.green("search")}     Search for tools in the registry
-  ${import_picocolors4.default.green("sign")}       Sign and verify tools with cryptographic signatures
-  ${import_picocolors4.default.green("remote")}     Manage remote servers (add, list, remove)
-  ${import_picocolors4.default.green("user")}       User operations (get public key)
-
-${import_picocolors4.default.bold("Global Options:")}
-  ${import_picocolors4.default.yellow("--help, -h")}     Show help message
-  ${import_picocolors4.default.yellow("--version, -v")}  Show version information
-
-${import_picocolors4.default.bold("Examples:")}
-  ${import_picocolors4.default.cyan("enact")}                           ${import_picocolors4.default.dim("# Interactive mode")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("search")} ${import_picocolors4.default.yellow("--tags")} web,api         ${import_picocolors4.default.dim("# Search tools by tags")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("exec")} enact/text/slugify      ${import_picocolors4.default.dim("# Execute a tool")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("mcp")} install ${import_picocolors4.default.yellow("--client")} claude-desktop ${import_picocolors4.default.dim("# Install MCP server")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("mcp")} install ${import_picocolors4.default.yellow("--client")} goose       ${import_picocolors4.default.dim("# Install for Goose AI")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("env")} set API_KEY --encrypt   ${import_picocolors4.default.dim("# Set encrypted env var")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("sign")} verify my-tool.yaml     ${import_picocolors4.default.dim("# Verify tool signatures")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("publish")} my-tool.yaml           ${import_picocolors4.default.dim("# Publish a tool")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("auth")} login                   ${import_picocolors4.default.dim("# Login with OAuth")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("init")} ${import_picocolors4.default.yellow("--minimal")}               ${import_picocolors4.default.dim("# Create minimal tool template")}
-
-${import_picocolors4.default.bold("More Help:")}
-  ${import_picocolors4.default.cyan("enact")} ${import_picocolors4.default.green("<command>")} ${import_picocolors4.default.yellow("--help")}          ${import_picocolors4.default.dim("# Show command-specific help")}
+${import_picocolors3.default.bold("Enact CLI")} ${import_picocolors3.default.dim(`v${version}`)}
+${import_picocolors3.default.dim("A CLI tool for managing and publishing Enact tools")}
+
+${import_picocolors3.default.bold("Usage:")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("<command>")} [options]
+
+${import_picocolors3.default.bold("Commands:")}
+  ${import_picocolors3.default.green("auth")}       Manage authentication (login, logout, status, token)
+  ${import_picocolors3.default.green("env")}        Manage environment variables (set, get, list, delete)
+  ${import_picocolors3.default.green("exec")}       Execute a tool by fetching and running it
+  ${import_picocolors3.default.green("init")}       Create a new tool definition
+  ${import_picocolors3.default.green("mcp")}        MCP client integration (install, list, status)
+  ${import_picocolors3.default.green("publish")}    Publish a tool to the registry
+  ${import_picocolors3.default.green("search")}     Search for tools in the registry
+  ${import_picocolors3.default.green("sign")}       Sign and verify tools with cryptographic signatures
+  ${import_picocolors3.default.green("remote")}     Manage remote servers (add, list, remove)
+  ${import_picocolors3.default.green("user")}       User operations (get public key)
+
+${import_picocolors3.default.bold("Global Options:")}
+  ${import_picocolors3.default.yellow("--help, -h")}     Show help message
+  ${import_picocolors3.default.yellow("--version, -v")}  Show version information
+
+${import_picocolors3.default.bold("Examples:")}
+  ${import_picocolors3.default.cyan("enact")}                           ${import_picocolors3.default.dim("# Interactive mode")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("search")} ${import_picocolors3.default.yellow("--tags")} web,api         ${import_picocolors3.default.dim("# Search tools by tags")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("exec")} enact/text/slugify      ${import_picocolors3.default.dim("# Execute a tool")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("mcp")} install ${import_picocolors3.default.yellow("--client")} claude-desktop ${import_picocolors3.default.dim("# Install MCP server")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("mcp")} install ${import_picocolors3.default.yellow("--client")} goose       ${import_picocolors3.default.dim("# Install for Goose AI")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("env")} set API_KEY --encrypt   ${import_picocolors3.default.dim("# Set encrypted env var")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("sign")} verify my-tool.yaml     ${import_picocolors3.default.dim("# Verify tool signatures")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("publish")} my-tool.yaml           ${import_picocolors3.default.dim("# Publish a tool")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("auth")} login                   ${import_picocolors3.default.dim("# Login with OAuth")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("init")} ${import_picocolors3.default.yellow("--minimal")}               ${import_picocolors3.default.dim("# Create minimal tool template")}
+
+${import_picocolors3.default.bold("More Help:")}
+  ${import_picocolors3.default.cyan("enact")} ${import_picocolors3.default.green("<command>")} ${import_picocolors3.default.yellow("--help")}          ${import_picocolors3.default.dim("# Show command-specific help")}
 `);
 }
-var import_picocolors4, __dirname = "/Users/keithgroves/projects/enact/enact-cli/packages/shared/dist/utils";
+var import_picocolors3, __dirname = "/Users/keithgroves/projects/enact/enact-cli/packages/shared/dist/utils";
 var init_help = __esm(() => {
-  import_picocolors4 = __toESM(require_picocolors2(), 1);
+  import_picocolors3 = __toESM(require_picocolors2(), 1);
 });
 
 // ../shared/dist/utils/logger.js
@@ -881,29 +1082,29 @@ function setLogLevel(level) {
 }
 function debug(message) {
   if (currentLogLevel <= LogLevel.DEBUG) {
-    console.error(import_picocolors5.default.dim(`\uD83D\uDD0D ${message}`));
+    console.error(import_picocolors4.default.dim(`\uD83D\uDD0D ${message}`));
   }
 }
 function info(message) {
   if (currentLogLevel <= LogLevel.INFO) {
-    console.error(import_picocolors5.default.blue(`ℹ️ ${message}`));
+    console.error(import_picocolors4.default.blue(`ℹ️ ${message}`));
   }
 }
 function success(message) {
   if (currentLogLevel <= LogLevel.SUCCESS) {
-    console.error(import_picocolors5.default.green(`✓ ${message}`));
+    console.error(import_picocolors4.default.green(`✓ ${message}`));
   }
 }
 function warn(message) {
   if (currentLogLevel <= LogLevel.WARN) {
-    console.error(import_picocolors5.default.yellow(`⚠️ ${message}`));
+    console.error(import_picocolors4.default.yellow(`⚠️ ${message}`));
   }
 }
 function error(message, details) {
   if (currentLogLevel <= LogLevel.ERROR) {
-    console.error(import_picocolors5.default.red(`✗ Error: ${message}`));
+    console.error(import_picocolors4.default.red(`✗ Error: ${message}`));
     if (details && currentLogLevel === LogLevel.DEBUG) {
-      console.error(import_picocolors5.default.dim("Details:"));
+      console.error(import_picocolors4.default.dim("Details:"));
       console.error(details);
     }
   }
@@ -917,9 +1118,9 @@ function table(data, columns) {
     }
   }
 }
-var import_picocolors5, LogLevel, currentLogLevel;
+var import_picocolors4, LogLevel, currentLogLevel;
 var init_logger = __esm(() => {
-  import_picocolors5 = __toESM(require_picocolors2(), 1);
+  import_picocolors4 = __toESM(require_picocolors2(), 1);
   (function(LogLevel2) {
     LogLevel2[LogLevel2["DEBUG"] = 0] = "DEBUG";
     LogLevel2[LogLevel2["INFO"] = 1] = "INFO";
@@ -1155,7 +1356,7 @@ function parseTimeout(timeout) {
 
 // ../shared/dist/utils/version.js
 import { readFileSync as readFileSync2 } from "fs";
-import { join as join5, dirname } from "path";
+import { join as join4, dirname } from "path";
 import { fileURLToPath } from "url";
 function showVersion() {
   let version = "0.0.1-dev";
@@ -1165,7 +1366,7 @@ function showVersion() {
     } else {
       const currentFile = typeof __filename !== "undefined" ? __filename : fileURLToPath(import.meta.url);
       const sharedDir = dirname(dirname(dirname(currentFile)));
-      const packageJsonPath = join5(sharedDir, "package.json");
+      const packageJsonPath = join4(sharedDir, "package.json");
       const packageJson = JSON.parse(readFileSync2(packageJsonPath, "utf8"));
       version = packageJson.version;
     }
@@ -1174,13 +1375,13 @@ function showVersion() {
   }
   const versionText = `v${version}`;
   console.error(`
-${import_picocolors6.default.bold("Enact CLI")} ${import_picocolors6.default.cyan(versionText)}
-${import_picocolors6.default.dim("A tool to create and publish enact documents.")}
+${import_picocolors5.default.bold("Enact CLI")} ${import_picocolors5.default.cyan(versionText)}
+${import_picocolors5.default.dim("A tool to create and publish enact documents.")}
 `);
 }
-var import_picocolors6, __filename = "/Users/keithgroves/projects/enact/enact-cli/packages/shared/dist/utils/version.js";
+var import_picocolors5, __filename = "/Users/keithgroves/projects/enact/enact-cli/packages/shared/dist/utils/version.js";
 var init_version = __esm(() => {
-  import_picocolors6 = __toESM(require_picocolors2(), 1);
+  import_picocolors5 = __toESM(require_picocolors2(), 1);
 });
 
 // ../shared/dist/utils/index.js
@@ -1197,23 +1398,34 @@ __export(exports_utils, {
   showVersion: () => showVersion,
   showHelp: () => showHelp,
   setLogLevel: () => setLogLevel,
+  setFrontendUrl: () => setFrontendUrl,
   setDefaultUrl: () => setDefaultUrl,
+  setApiUrl: () => setApiUrl,
   resolveToolEnvironmentVariables: () => resolveToolEnvironmentVariables,
+  resetUrls: () => resetUrls,
+  removeTrustedKey: () => removeTrustedKey,
   readConfig: () => readConfig,
   parseTimeout: () => parseTimeout,
   loadPackageEnvironmentVariables: () => loadPackageEnvironmentVariables,
+  isKeyTrusted: () => isKeyTrusted,
   info: () => info,
   globalMonitor: () => globalMonitor,
   getWebServerUrl: () => getWebServerUrl,
+  getUrlConfig: () => getUrlConfig,
+  getTrustedKeys: () => getTrustedKeys,
+  getTrustedKey: () => getTrustedKey,
   getPackageEnvironmentVariables: () => getPackageEnvironmentVariables,
   getHistory: () => getHistory,
+  getFrontendUrl: () => getFrontendUrl,
   getDefaultUrl: () => getDefaultUrl,
+  getApiUrl: () => getApiUrl,
   generateConfigLink: () => generateConfigLink,
   extractPackageNamespace: () => extractPackageNamespace,
   error: () => error,
   ensureSilent: () => ensureSilent,
   ensureConfig: () => ensureConfig,
   debug: () => debug,
+  addTrustedKey: () => addTrustedKey,
   addToHistory: () => addToHistory,
   McpSilentOperationMonitor: () => McpSilentOperationMonitor,
   LogLevel: () => LogLevel
@@ -214302,11 +214514,11 @@ var Y2 = ({ indicator: t = "dots" } = {}) => {
 };
 
 // src/commands/auth.ts
-var import_picocolors3 = __toESM(require_picocolors(), 1);
-import { existsSync } from "fs";
-import { readFile, writeFile, mkdir } from "fs/promises";
-import { join } from "path";
-import { homedir } from "os";
+var import_picocolors6 = __toESM(require_picocolors(), 1);
+import { existsSync as existsSync3 } from "fs";
+import { readFile as readFile3, writeFile as writeFile2, mkdir as mkdir2 } from "fs/promises";
+import { join as join5 } from "path";
+import { homedir as homedir3 } from "os";
 import { createServer } from "http";
 import { parse } from "url";
 import { randomBytes, createHash } from "crypto";
@@ -214314,11 +214526,18 @@ import { exec } from "child_process";
 import { promisify } from "util";
 
 // ../shared/dist/api/enact-api.js
+init_config();
+
 class EnactApiClient {
-  constructor(baseUrl = "https://enact.tools", supabaseUrl = "https://xjnhhxwxovjifdxdwzih.supabase.co") {
+  constructor(baseUrl, supabaseUrl) {
     this.baseUrl = baseUrl.replace(/\/$/, "");
     this.supabaseUrl = supabaseUrl.replace(/\/$/, "");
   }
+  static async create(baseUrl, supabaseUrl) {
+    const frontendUrl = baseUrl || await getFrontendUrl();
+    const apiUrl = supabaseUrl || await getApiUrl();
+    return new EnactApiClient(frontendUrl, apiUrl);
+  }
   async makeRequest(endpoint, options = {}, token, tokenType = "jwt") {
     const url = endpoint.startsWith("http") ? endpoint : `${this.supabaseUrl}${endpoint}`;
     const headers = {
@@ -214600,7 +214819,7 @@ class EnactApiClient {
     };
   }
 }
-var enactApi = new EnactApiClient;
+var enactApi = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
 
 class EnactApiError extends Error {
   constructor(message, statusCode, endpoint) {
@@ -214611,14 +214830,17 @@ class EnactApiError extends Error {
   }
 }
 function createEnactApiClient(baseUrl, supabaseUrl) {
-  return new EnactApiClient(baseUrl, supabaseUrl);
+  const defaultFrontend = "https://enact.tools";
+  const defaultApi = "https://xjnhhxwxovjifdxdwzih.supabase.co";
+  return new EnactApiClient(baseUrl || defaultFrontend, supabaseUrl || defaultApi);
 }
 // src/commands/auth.ts
+init_utils();
 var execAsync = promisify(exec);
-var CONFIG_DIR = join(homedir(), ".enact");
-var AUTH_FILE = join(CONFIG_DIR, "auth.json");
-var DEFAULT_SERVER = "https://enact.tools";
+var CONFIG_DIR3 = join5(homedir3(), ".enact");
+var AUTH_FILE = join5(CONFIG_DIR3, "auth.json");
 async function handleAuthCommand(args, options) {
+  const defaultServer = await getFrontendUrl();
   if (options.help || !args[0]) {
     console.error(`
 Usage: enact auth <subcommand> [options]
@@ -214633,16 +214855,16 @@ Subcommands:
 
 Options:
   --help, -h          Show this help message
-  --server <url>      Specify the enact server URL (default: ${DEFAULT_SERVER})
+  --server <url>      Specify the enact server URL (default: ${defaultServer})
   --port <number>     Local callback port for OAuth (default: 8080)
 `);
     return;
   }
   const subCommand = args[0];
-  const serverUrl = options.server || DEFAULT_SERVER;
+  const serverUrl = options.server || defaultServer;
   const callbackPort = options.port || 8080;
   await ensureAuthConfig();
-  Ie(import_picocolors3.default.bgBlue(import_picocolors3.default.white(" Enact Authentication ")));
+  Ie(import_picocolors6.default.bgBlue(import_picocolors6.default.white(" Enact Authentication ")));
   switch (subCommand) {
     case "login": {
       await handleLogin(serverUrl, callbackPort);
@@ -214661,7 +214883,7 @@ Options:
       break;
     }
     default:
-      Se(import_picocolors3.default.red(`✗ Unknown auth subcommand "${subCommand}"`));
+      Se(import_picocolors6.default.red(`✗ Unknown auth subcommand "${subCommand}"`));
       return;
   }
 }
@@ -214673,7 +214895,7 @@ async function handleLogin(serverUrl, callbackPort) {
         message: "You are already authenticated. Continue with new login?"
       });
       if (!useExisting) {
-        Se(import_picocolors3.default.yellow("Login cancelled"));
+        Se(import_picocolors6.default.yellow("Login cancelled"));
         return;
       }
     }
@@ -214695,14 +214917,14 @@ async function handleLogin(serverUrl, callbackPort) {
     try {
       server2 = await startCallbackServerWithFallback(callbackPort, serverUrl, codeVerifier, state);
       s.stop("OAuth server started");
-    } catch (error) {
+    } catch (error2) {
       s.stop("OAuth server could not start, using manual mode");
       server2 = null;
     }
     Me(`Opening browser to: ${authUrl}`, "OAuth Login");
     try {
       await openBrowser(authUrl);
-    } catch (error) {
+    } catch (error2) {
       Me(`Please open this URL in your browser: ${authUrl}`, "Manual Browser Open Required");
     }
     if (server2) {
@@ -214729,14 +214951,14 @@ async function handleLogin(serverUrl, callbackPort) {
         }
       });
       if (typeof authCode === "symbol") {
-        Se(import_picocolors3.default.yellow("Login cancelled"));
+        Se(import_picocolors6.default.yellow("Login cancelled"));
         return;
       }
       await exchangeCodeForToken(authCode, redirectUri, codeVerifier, serverUrl);
     }
-    Se(import_picocolors3.default.green("✓ Successfully authenticated with Enact!"));
-  } catch (error) {
-    Se(import_picocolors3.default.red(`✗ Login failed: ${error.message}`));
+    Se(import_picocolors6.default.green("✓ Successfully authenticated with Enact!"));
+  } catch (error2) {
+    Se(import_picocolors6.default.red(`✗ Login failed: ${error2.message}`));
   } finally {
     process.exit(0);
   }
@@ -214750,13 +214972,13 @@ async function startCallbackServerWithFallback(port, serverUrl, codeVerifier, st
         const {
           code,
           state: returnedState,
-          error,
+          error: error2,
           error_description
         } = parsedUrl.query;
         res.setHeader("Access-Control-Allow-Origin", "*");
         res.setHeader("Content-Type", "text/html");
-        if (error) {
-          const errorMsg = error_description || error;
+        if (error2) {
+          const errorMsg = error_description || error2;
           res.writeHead(400);
           res.end(`
             <html>
@@ -214815,19 +215037,19 @@ async function startCallbackServerWithFallback(port, serverUrl, codeVerifier, st
           `);
           server2.close();
           server2.emit("authComplete");
-        } catch (error2) {
-          console.error("Token exchange error:", error2);
+        } catch (error3) {
+          console.error("Token exchange error:", error3);
           res.writeHead(500);
           res.end(`
             <html>
               <body style="font-family: Arial, sans-serif; text-align: center; padding: 50px;">
                 <h1 style="color: red;">❌ Authentication Failed</h1>
-                <p><strong>Error:</strong> ${error2.message}</p>
+                <p><strong>Error:</strong> ${error3.message}</p>
                 <p>You can close this window and check your terminal for more details.</p>
               </body>
             </html>
           `);
-          server2.emit("authError", error2);
+          server2.emit("authError", error3);
         }
       } else {
         res.writeHead(404);
@@ -214846,11 +215068,11 @@ async function startCallbackServerWithFallback(port, serverUrl, codeVerifier, st
       console.error(`OAuth callback server listening on http://localhost:${port}`);
       resolve(server2);
     });
-    server2.on("error", (error) => {
-      if (error.code === "EADDRINUSE") {
+    server2.on("error", (error2) => {
+      if (error2.code === "EADDRINUSE") {
         reject(new Error(`Port ${port} is already in use`));
       } else {
-        reject(error);
+        reject(error2);
       }
     });
   });
@@ -214879,11 +215101,11 @@ async function exchangeCodeForToken(code, redirectUri, codeVerifier, serverUrl)
       server: serverUrl
     });
     console.error("✓ Token stored successfully");
-  } catch (error) {
-    if (error instanceof EnactApiError) {
-      throw new Error(`Token exchange failed: ${error.message}`);
+  } catch (error2) {
+    if (error2 instanceof EnactApiError) {
+      throw new Error(`Token exchange failed: ${error2.message}`);
     }
-    throw error;
+    throw error2;
   }
 }
 async function handleLogout() {
@@ -214897,45 +215119,45 @@ async function handleLogout() {
     message: "Are you sure you want to logout?"
   });
   if (!shouldLogout) {
-    Se(import_picocolors3.default.yellow("Logout cancelled"));
+    Se(import_picocolors6.default.yellow("Logout cancelled"));
     return;
   }
   const s = Y2();
   s.start("Logging out...");
   await writeAuthConfig({});
   s.stop("Logged out successfully");
-  Se(import_picocolors3.default.green("✓ You have been logged out"));
+  Se(import_picocolors6.default.green("✓ You have been logged out"));
 }
 async function handleStatus() {
   const currentAuth = await readAuthConfig();
   if (!currentAuth.token) {
     Me("Not authenticated", "Status");
-    Se(import_picocolors3.default.yellow('Run "enact auth login" to authenticate'));
+    Se(import_picocolors6.default.yellow('Run "enact auth login" to authenticate'));
     return;
   }
   const isExpired = currentAuth.expiresAt && new Date(currentAuth.expiresAt) <= new Date;
   if (isExpired) {
     Me("Token has expired", "Status");
-    Se(import_picocolors3.default.yellow('Run "enact auth login" to re-authenticate'));
+    Se(import_picocolors6.default.yellow('Run "enact auth login" to re-authenticate'));
     return;
   }
   const expiresIn = currentAuth.expiresAt ? Math.round((new Date(currentAuth.expiresAt).getTime() - Date.now()) / 1000 / 60 / 60) : "unknown";
   Me(`Authenticated
 Expires: ${currentAuth.expiresAt || "unknown"}
 Expires in: ${expiresIn} hours`, "Status");
-  Se(import_picocolors3.default.green("✓ Authentication valid"));
+  Se(import_picocolors6.default.green("✓ Authentication valid"));
 }
 async function handleShowToken() {
   const currentAuth = await readAuthConfig();
   if (!currentAuth.token) {
     Me("Not authenticated", "Status");
-    Se(import_picocolors3.default.yellow('Run "enact auth login" to authenticate'));
+    Se(import_picocolors6.default.yellow('Run "enact auth login" to authenticate'));
     return;
   }
   const isExpired = currentAuth.expiresAt && new Date(currentAuth.expiresAt) <= new Date;
   if (isExpired) {
     Me("Token has expired", "Status");
-    Se(import_picocolors3.default.yellow('Run "enact auth login" to re-authenticate'));
+    Se(import_picocolors6.default.yellow('Run "enact auth login" to re-authenticate'));
     return;
   }
   const maskedToken = currentAuth.token.length > 12 ? `${currentAuth.token.slice(0, 8)}...${currentAuth.token.slice(-4)}` : currentAuth.token;
@@ -214970,23 +215192,23 @@ async function openBrowser(url) {
   await execAsync(command);
 }
 async function ensureAuthConfig() {
-  if (!existsSync(CONFIG_DIR)) {
-    await mkdir(CONFIG_DIR, { recursive: true });
+  if (!existsSync3(CONFIG_DIR3)) {
+    await mkdir2(CONFIG_DIR3, { recursive: true });
   }
-  if (!existsSync(AUTH_FILE)) {
+  if (!existsSync3(AUTH_FILE)) {
     await writeAuthConfig({});
   }
 }
 async function readAuthConfig() {
   try {
-    const text = await readFile(AUTH_FILE, "utf8");
+    const text = await readFile3(AUTH_FILE, "utf8");
     return JSON.parse(text);
   } catch (e2) {
     return {};
   }
 }
-async function writeAuthConfig(config) {
-  await writeFile(AUTH_FILE, JSON.stringify(config, null, 2), "utf8");
+async function writeAuthConfig(config2) {
+  await writeFile2(AUTH_FILE, JSON.stringify(config2, null, 2), "utf8");
 }
 async function getCurrentToken() {
   try {
@@ -214998,7 +215220,7 @@ async function getCurrentToken() {
       return null;
     }
     return auth.token;
-  } catch (error) {
+  } catch (error2) {
     return null;
   }
 }
@@ -216536,6 +216758,7 @@ async function checkMcpServerInstalled(client, serverType = "main") {
 
 // src/commands/config.ts
 var import_picocolors12 = __toESM(require_picocolors(), 1);
+init_utils();
 import fs from "fs/promises";
 import path from "path";
 import { existsSync as existsSync8 } from "fs";
@@ -216723,6 +216946,13 @@ function showConfigHelp() {
   console.log("  get <key>           Get specific configuration value");
   console.log("  set <key> <value>   Set configuration value");
   console.log("  reset               Reset to default configuration");
+  console.log("  urls                Show current URL configuration");
+  console.log("  set-frontend-url    Set frontend URL (for OAuth, registry)");
+  console.log("  set-api-url         Set API URL (for backend calls)");
+  console.log("  reset-urls          Reset URLs to defaults");
+  console.log("  keys                Show trusted public keys");
+  console.log("  add-key             Add a trusted public key");
+  console.log("  remove-key <id>     Remove a trusted public key");
   console.log(`
 Options:`);
   console.log("  --global            Use global configuration (~/.enact-config.json)");
@@ -216743,6 +216973,160 @@ Examples:`);
   console.log("  enact config set daggerOptions.baseImage ubuntu:22.04");
   console.log("  enact config get executionProvider");
   console.log("  enact config list --global");
+  console.log("  enact config urls");
+  console.log("  enact config set-frontend-url https://my-instance.example.com");
+  console.log("  enact config set-api-url https://api.example.com");
+  console.log("  enact config keys");
+  console.log("  enact config add-key");
+  console.log("  enact config remove-key my-org-key");
+}
+async function showUrls() {
+  const urlConfig = await getUrlConfig();
+  console.log(import_picocolors12.default.cyan(`
+\uD83C\uDF10 URL Configuration:
+`));
+  console.log(import_picocolors12.default.white("Frontend URL:"));
+  console.log(`  ${import_picocolors12.default.green(urlConfig.frontend.value)} ${import_picocolors12.default.gray(`(${urlConfig.frontend.source})`)}`);
+  console.log(import_picocolors12.default.white("API URL:"));
+  console.log(`  ${import_picocolors12.default.green(urlConfig.api.value)} ${import_picocolors12.default.gray(`(${urlConfig.api.source})`)}`);
+  console.log(import_picocolors12.default.gray(`
+Sources: default < config < environment`));
+}
+async function setUrl(type, url) {
+  try {
+    if (type === "frontend") {
+      await setFrontendUrl(url);
+      console.log(import_picocolors12.default.green(`✅ Frontend URL set to: ${url}`));
+    } else {
+      await setApiUrl(url);
+      console.log(import_picocolors12.default.green(`✅ API URL set to: ${url}`));
+    }
+    console.log(import_picocolors12.default.gray("Use 'enact config urls' to view current configuration"));
+  } catch (error2) {
+    console.error(import_picocolors12.default.red(`Error setting ${type} URL: ${error2}`));
+    process.exit(1);
+  }
+}
+async function resetUrlsConfig() {
+  try {
+    await resetUrls();
+    console.log(import_picocolors12.default.green("✅ URLs reset to defaults"));
+    await showUrls();
+  } catch (error2) {
+    console.error(import_picocolors12.default.red(`Error resetting URLs: ${error2}`));
+    process.exit(1);
+  }
+}
+async function showTrustedKeys() {
+  try {
+    const keys = await getTrustedKeys();
+    console.log(import_picocolors12.default.cyan(`
+\uD83D\uDD10 Trusted Keys:
+`));
+    if (keys.length === 0) {
+      console.log(import_picocolors12.default.gray("No trusted keys found"));
+      return;
+    }
+    for (const key of keys) {
+      const sourceColor = key.source === "default" ? import_picocolors12.default.blue : key.source === "organization" ? import_picocolors12.default.yellow : import_picocolors12.default.green;
+      console.log(import_picocolors12.default.white(`${key.name} (${key.id})`));
+      console.log(`  ${sourceColor(`[${key.source}]`)} ${import_picocolors12.default.gray(`Added: ${new Date(key.addedAt).toLocaleDateString()}`)}`);
+      if (key.description) {
+        console.log(`  ${import_picocolors12.default.gray(key.description)}`);
+      }
+      console.log(`  ${import_picocolors12.default.gray(`Key: ${key.publicKey.substring(0, 50)}...`)}`);
+      console.log();
+    }
+  } catch (error2) {
+    console.error(import_picocolors12.default.red(`Error reading trusted keys: ${error2}`));
+    process.exit(1);
+  }
+}
+async function addTrustedKeyInteractive() {
+  try {
+    console.log(import_picocolors12.default.cyan(`
+\uD83D\uDD10 Add Trusted Key
+`));
+    const id = await he({
+      message: "Key ID (unique identifier):",
+      placeholder: "my-org-key",
+      validate: (value) => {
+        if (!value)
+          return "ID is required";
+        if (!/^[a-zA-Z0-9-_]+$/.test(value))
+          return "ID must contain only letters, numbers, hyphens, and underscores";
+      }
+    });
+    const name = await he({
+      message: "Key name (display name):",
+      placeholder: "My Organization Key",
+      validate: (value) => value ? undefined : "Name is required"
+    });
+    const description = await he({
+      message: "Description (optional):",
+      placeholder: "Key for verifying my organization's tools"
+    });
+    const publicKey = await he({
+      message: "Public key (PEM format):",
+      placeholder: "-----BEGIN PUBLIC KEY-----\\n...\\n-----END PUBLIC KEY-----",
+      validate: (value) => {
+        if (!value)
+          return "Public key is required";
+        if (!value.includes("BEGIN PUBLIC KEY"))
+          return "Invalid PEM format";
+      }
+    });
+    const source = await ve({
+      message: "Key source:",
+      options: [
+        { value: "user", label: "Personal key" },
+        { value: "organization", label: "Organization key" }
+      ]
+    });
+    const keyData = {
+      id,
+      name,
+      publicKey: publicKey.replace(/\\n/g, `
+`),
+      description: description || undefined,
+      source
+    };
+    await addTrustedKey(keyData);
+    console.log(import_picocolors12.default.green(`✅ Trusted key '${keyData.name}' added successfully`));
+  } catch (error2) {
+    console.error(import_picocolors12.default.red(`Error adding trusted key: ${error2}`));
+    process.exit(1);
+  }
+}
+async function removeTrustedKeyById(keyId) {
+  try {
+    const key = await getTrustedKey(keyId);
+    if (!key) {
+      console.error(import_picocolors12.default.red(`Trusted key '${keyId}' not found`));
+      process.exit(1);
+    }
+    let confirmMessage = `Remove trusted key '${key.name}' (${keyId})?`;
+    if (keyId === "enact-protocol-official") {
+      confirmMessage = `${import_picocolors12.default.yellow("⚠️  Warning:")} You are about to remove the default Enact Protocol key. This may prevent verification of official tools.
+
+Remove trusted key '${key.name}' (${keyId})?`;
+    }
+    const confirm = await ye({
+      message: confirmMessage
+    });
+    if (!confirm) {
+      console.log(import_picocolors12.default.yellow("Operation cancelled"));
+      return;
+    }
+    await removeTrustedKey(keyId);
+    console.log(import_picocolors12.default.green(`✅ Trusted key '${key.name}' removed successfully`));
+    if (keyId === "enact-protocol-official") {
+      console.log(import_picocolors12.default.yellow("\uD83D\uDCA1 You can re-add the Enact Protocol key anytime with 'enact config add-key'"));
+    }
+  } catch (error2) {
+    console.error(import_picocolors12.default.red(`Error removing trusted key: ${error2}`));
+    process.exit(1);
+  }
 }
 async function handleConfigCommand(args, options) {
   if (options.help) {
@@ -216777,6 +217161,42 @@ async function handleConfigCommand(args, options) {
     case "reset":
       await resetConfig(global2);
       break;
+    case "urls":
+      await showUrls();
+      break;
+    case "set-frontend-url":
+      if (!args[1]) {
+        console.error(import_picocolors12.default.red("Error: Missing URL"));
+        console.log("Usage: enact config set-frontend-url <url>");
+        process.exit(1);
+      }
+      await setUrl("frontend", args[1]);
+      break;
+    case "set-api-url":
+      if (!args[1]) {
+        console.error(import_picocolors12.default.red("Error: Missing URL"));
+        console.log("Usage: enact config set-api-url <url>");
+        process.exit(1);
+      }
+      await setUrl("api", args[1]);
+      break;
+    case "reset-urls":
+      await resetUrlsConfig();
+      break;
+    case "keys":
+      await showTrustedKeys();
+      break;
+    case "add-key":
+      await addTrustedKeyInteractive();
+      break;
+    case "remove-key":
+      if (!args[1]) {
+        console.error(import_picocolors12.default.red("Error: Missing key ID"));
+        console.log("Usage: enact config remove-key <key-id>");
+        process.exit(1);
+      }
+      await removeTrustedKeyById(args[1]);
+      break;
     default:
       if (!subcommand) {
         await interactiveConfig(global2);
@@ -225967,6 +226387,49 @@ class DaggerExecutionProvider extends ExecutionProvider {
       });
     });
   }
+  async setupDirectoryMount(client, container, mountSpec) {
+    try {
+      let localPath2;
+      let containerPath;
+      const colonIndex = mountSpec.indexOf(":");
+      if (colonIndex > 0) {
+        const potentialDriveLetter = mountSpec.substring(0, colonIndex);
+        const isWindowsDrive = potentialDriveLetter.length === 1 && /[A-Za-z]/.test(potentialDriveLetter);
+        if (isWindowsDrive) {
+          const nextColonIndex = mountSpec.indexOf(":", colonIndex + 1);
+          if (nextColonIndex > 0) {
+            localPath2 = mountSpec.substring(0, nextColonIndex);
+            containerPath = mountSpec.substring(nextColonIndex + 1);
+          } else {
+            localPath2 = mountSpec;
+            containerPath = "/workspace/src";
+          }
+        } else {
+          localPath2 = mountSpec.substring(0, colonIndex);
+          containerPath = mountSpec.substring(colonIndex + 1);
+        }
+      } else if (colonIndex === 0) {
+        localPath2 = "";
+        containerPath = mountSpec.substring(1);
+      } else {
+        localPath2 = mountSpec;
+        containerPath = "/workspace/src";
+      }
+      const path8 = __require("path");
+      const resolvedLocalPath = path8.resolve(localPath2);
+      const fs5 = __require("fs");
+      if (!fs5.existsSync(resolvedLocalPath)) {
+        throw new Error(`Mount source directory does not exist: ${resolvedLocalPath}`);
+      }
+      const hostDirectory = client.host().directory(resolvedLocalPath);
+      container = container.withMountedDirectory(containerPath, hostDirectory);
+      logger_default.debug(`\uD83D\uDCC2 Mounted ${resolvedLocalPath} -> ${containerPath}`);
+      return container;
+    } catch (error2) {
+      logger_default.error(`Failed to setup directory mount: ${error2}`);
+      throw error2;
+    }
+  }
   async setupContainer(client, environment, inputs, tool) {
     const containerImage = tool?.from || this.options.baseImage;
     logger_default.debug(`\uD83D\uDE80 Setting up container with image: ${containerImage}${tool?.from ? " (from tool.from)" : " (default baseImage)"}`);
@@ -225974,6 +226437,9 @@ class DaggerExecutionProvider extends ExecutionProvider {
     logger_default.debug("\uD83D\uDCE6 Base container created");
     container = container.withWorkdir(this.options.workdir);
     logger_default.debug(`\uD83D\uDCC1 Working directory set to: ${this.options.workdir}`);
+    if (environment.mount) {
+      container = await this.setupDirectoryMount(client, container, environment.mount);
+    }
     for (const [key, value] of Object.entries(environment.vars)) {
       container = container.withEnvVariable(key, String(value));
     }
@@ -226298,37 +226764,6 @@ class DaggerExecutionProvider extends ExecutionProvider {
       process.exit(1);
     }
   }
-  forceCleanup() {
-    if (this.isShuttingDown)
-      return;
-    try {
-      logger_default.info("\uD83D\uDD04 Force cleaning up Dagger engines...");
-      const result = spawnSync("docker", [
-        "ps",
-        "--all",
-        "--filter",
-        "name=dagger-engine",
-        "--format",
-        "{{.Names}}"
-      ], {
-        encoding: "utf8",
-        timeout: 5000
-      });
-      if (result.stdout) {
-        const names = result.stdout.trim().split(`
-`).filter((n) => n.trim());
-        if (names.length > 0) {
-          logger_default.info(`Found ${names.length} engine containers, force removing...`);
-          for (const name of names) {
-            spawnSync("docker", ["rm", "-f", name.trim()], { timeout: 3000 });
-          }
-          logger_default.info("✅ Force cleanup completed");
-        }
-      }
-    } catch (error2) {
-      logger_default.debug("Force cleanup failed (this is usually fine):", error2);
-    }
-  }
   getEngineStatus() {
     return {
       health: { ...this.engineHealth },
@@ -229062,6 +229497,8 @@ class SigningService {
 }
 
 // ../shared/dist/core/EnactCore.js
+init_config();
+
 class EnactCore {
   constructor(options = {}) {
     this.options = {
@@ -229074,6 +229511,15 @@ class EnactCore {
     this.apiClient = new EnactApiClient(this.options.apiUrl, this.options.supabaseUrl);
     this.executionProvider = this.createExecutionProvider();
   }
+  static async create(options = {}) {
+    const frontendUrl = options.apiUrl || await getFrontendUrl();
+    const apiUrl = options.supabaseUrl || await getApiUrl();
+    return new EnactCore({
+      ...options,
+      apiUrl: frontendUrl,
+      supabaseUrl: apiUrl
+    });
+  }
   setAuthToken(token) {
     this.options.authToken = token;
   }
@@ -229282,7 +229728,6 @@ class EnactCore {
       const messageHash = CryptoUtils.hash(docString);
       const directVerify = CryptoUtils.verify(referenceSignature.publicKey, messageHash, referenceSignature.signature);
       const isValid = SigningService.verifyDocument(documentForVerification, referenceSignature, { includeFields: ["command"] });
-      console.log("Final verification result:", isValid);
       if (!isValid) {
         throw new Error(`Tool ${tool.name} has invalid signatures`);
       }
@@ -229312,7 +229757,8 @@ class EnactCore {
         vars: { ...envVars, ...validatedInputs },
         resources: {
           timeout: options.timeout || tool.timeout || this.options.defaultTimeout
-        }
+        },
+        mount: options.mount
       });
     } catch (error2) {
       return {
@@ -229627,7 +230073,7 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
       author,
       format
     };
-    const apiClient = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
+    const apiClient = await EnactApiClient.create();
     const searchResults = await apiClient.searchTools(searchOptions);
     const results = [];
     for (const result of searchResults) {
@@ -229836,6 +230282,7 @@ Options:
   --timeout <time>    Override tool timeout (Go duration format: 30s, 5m, 1h)
   --dry               Show command that would be executed without running it
   --verbose, -v       Show detailed execution information
+  --mount <path>      Mount local directory to container (format: "local:container")
   --dangerously-skip-verification Skip all signature verification (DANGEROUS - not recommended for production)
   --verify-policy     Verification policy: permissive, enterprise, paranoid (default: permissive)
 
@@ -229848,6 +230295,7 @@ Examples:
   enact exec enact/text/slugify --input "Hello World"
   enact exec org/ai/review --params '{"file": "README.md"}' --verify-policy enterprise
   enact exec ./my-tool.yaml --input "test data"
+  enact exec kgroves/tools/prettier --mount ./src:/workspace/src
   enact exec untrusted/tool --dangerously-skip-verification  # DANGEROUS, not recommended
     `);
     return;
@@ -229885,7 +230333,7 @@ Examples:
       toolDefinition = await loadLocalTool(toolIdentifier);
       spinner.stop("Local tool definition loaded");
     } else {
-      const apiClient = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
+      const apiClient = await EnactApiClient.create();
       toolDefinition = await apiClient.getTool(toolIdentifier);
       spinner.stop("Tool definition fetched");
     }
@@ -230042,7 +230490,8 @@ Environment variables:`));
     timeout: options.timeout,
     dryRun: options.dry,
     verbose: options.verbose,
-    isLocalFile
+    isLocalFile,
+    mount: options.mount
   };
   try {
     console.error(import_picocolors13.default.cyan(`
@@ -230113,7 +230562,7 @@ Environment variables:`));
       }
       if (!isLocalFile) {
         try {
-          const apiClient = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
+          const apiClient = await EnactApiClient.create();
           await apiClient.logToolUsage(toolIdentifier, {
             action: "execute",
             metadata: {
@@ -230216,7 +230665,7 @@ ${import_picocolors13.default.bold("EXAMPLES:")}
     Ie(import_picocolors13.default.bgBlue(import_picocolors13.default.black(" Getting Tool Info ")));
     const spinner = Y2();
     spinner.start(`Fetching ${toolName}...`);
-    const apiClient = new EnactApiClient("https://enact.tools", "https://xjnhhxwxovjifdxdwzih.supabase.co");
+    const apiClient = await EnactApiClient.create();
     const toolDefinition = await apiClient.getTool(toolName);
     if (!toolDefinition) {
       spinner.stop("Tool not found");
@@ -230698,6 +231147,9 @@ var { values, positionals } = parseArgs({
     },
     client: {
       type: "string"
+    },
+    mount: {
+      type: "string"
     }
   },
   allowPositionals: true,
@@ -230768,7 +231220,8 @@ async function main() {
           timeout: values.timeout,
           dry: values.dry,
           verbose: values.verbose,
-          dangerouslySkipVerification: values["dangerously-skip-verification"]
+          dangerouslySkipVerification: values["dangerously-skip-verification"],
+          mount: values.mount
         });
         break;
       case "get":