@equilateral_ai/mindmeld 3.0.0 → 3.1.2

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@equilateral_ai/mindmeld",
-  "version": "3.0.0",
+  "version": "3.1.2",
   "description": "Intelligent standards injection for AI coding sessions - context-aware, self-documenting, scales to large codebases",
   "main": "src/index.js",
   "bin": {

package/scripts/init-project.js

@@ -1,28 +1,475 @@
 #!/usr/bin/env node
 /**
- * MindMeld CLI - Initialize project for intelligent standards injection
+ * MindMeld CLI - Intelligent standards injection for AI coding sessions
  *
  * Usage:
- *   mindmeld init              # Initialize for solo/private use
- *   mindmeld init --team       # Initialize with team collaboration
- *   mindmeld init /path/to/project
+ *   mindmeld init              # Initialize project (requires authentication)
+ *   mindmeld inject            # Generate context-aware standards
+ *   mindmeld harvest           # Capture patterns from git history
+ *   mindmeld logout            # Clear stored authentication
  *
- * @equilateral_ai/mindmeld v3.0.0
+ * @equilateral_ai/mindmeld v3.1.0
  */
 
 const fs = require('fs').promises;
+const fsSync = require('fs');
 const path = require('path');
+const http = require('http');
+const https = require('https');
+const crypto = require('crypto');
 const { exec } = require('child_process');
 const { promisify } = require('util');
+const os = require('os');
 
 const execAsync = promisify(exec);
 
-// Parse CLI arguments
+// ============================================================================
+// Configuration
+// ============================================================================
+
+const CONFIG = {
+  // Cognito settings (production)
+  cognito: {
+    domain: 'mindmeld-auth.auth.us-east-2.amazoncognito.com',
+    clientId: '1al1vftuoh55a8n08ea6kr8heq',
+    region: 'us-east-2'
+  },
+  // API settings (production)
+  api: {
+    baseUrl: 'https://api.mindmeld.dev'
+  },
+  // Local callback ports (fixed range for security)
+  callbackPorts: [9876, 9877, 9878, 9879, 9880],
+  // Auth file location
+  authFile: path.join(os.homedir(), '.mindmeld', 'auth.json')
+};
+
+// ============================================================================
+// Authentication Module
+// ============================================================================
+
+/**
+ * Load stored authentication
+ */
+function loadAuth() {
+  try {
+    const data = fsSync.readFileSync(CONFIG.authFile, 'utf-8');
+    return JSON.parse(data);
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Save authentication to disk
+ */
+async function saveAuth(auth) {
+  const dir = path.dirname(CONFIG.authFile);
+  await fs.mkdir(dir, { recursive: true });
+  await fs.writeFile(CONFIG.authFile, JSON.stringify(auth, null, 2));
+}
+
+/**
+ * Clear stored authentication
+ */
+async function clearAuth() {
+  try {
+    await fs.unlink(CONFIG.authFile);
+  } catch {
+    // File doesn't exist, that's fine
+  }
+}
+
+/**
+ * Decode JWT payload (without verification - Cognito already verified)
+ */
+function decodeJwt(token) {
+  const parts = token.split('.');
+  if (parts.length !== 3) throw new Error('Invalid JWT');
+  const payload = Buffer.from(parts[1], 'base64url').toString('utf-8');
+  return JSON.parse(payload);
+}
+
+/**
+ * Check if token is expired (with 5 min buffer)
+ */
+function isTokenExpired(expiresAt) {
+  return Date.now() > (expiresAt - 5 * 60 * 1000);
+}
+
+/**
+ * Refresh tokens using refresh token
+ */
+async function refreshTokens(refreshToken) {
+  const tokenUrl = `https://${CONFIG.cognito.domain}/oauth2/token`;
+
+  const params = new URLSearchParams({
+    grant_type: 'refresh_token',
+    client_id: CONFIG.cognito.clientId,
+    refresh_token: refreshToken
+  });
+
+  return new Promise((resolve, reject) => {
+    const req = https.request(tokenUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded'
+      }
+    }, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        if (res.statusCode !== 200) {
+          reject(new Error('Token refresh failed'));
+          return;
+        }
+        try {
+          const tokens = JSON.parse(data);
+          const decoded = decodeJwt(tokens.id_token);
+          resolve({
+            id_token: tokens.id_token,
+            access_token: tokens.access_token,
+            refresh_token: refreshToken, // Cognito doesn't return new refresh token
+            expires_at: Date.now() + (tokens.expires_in * 1000),
+            email: decoded.email
+          });
+        } catch (e) {
+          reject(e);
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.write(params.toString());
+    req.end();
+  });
+}
+
+/**
+ * Find an available port from the allowed list
+ */
+async function findAvailablePort() {
+  for (const port of CONFIG.callbackPorts) {
+    const available = await new Promise((resolve) => {
+      const server = http.createServer();
+      server.listen(port, '127.0.0.1');
+      server.on('listening', () => {
+        server.close();
+        resolve(true);
+      });
+      server.on('error', () => {
+        resolve(false);
+      });
+    });
+    if (available) return port;
+  }
+  throw new Error('No available ports for OAuth callback');
+}
+
+/**
+ * Start local server to receive OAuth callback
+ */
+function startCallbackServer(port, expectedState) {
+  return new Promise((resolve, reject) => {
+    const server = http.createServer((req, res) => {
+      const url = new URL(req.url, `http://localhost:${port}`);
+
+      if (url.pathname === '/callback') {
+        const code = url.searchParams.get('code');
+        const state = url.searchParams.get('state');
+        const error = url.searchParams.get('error');
+
+        if (error) {
+          res.writeHead(200, { 'Content-Type': 'text/html' });
+          res.end(`
+            <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
+              <h1>Authentication Failed</h1>
+              <p>Error: ${error}</p>
+              <p>You can close this window.</p>
+            </body></html>
+          `);
+          server.close();
+          reject(new Error(`OAuth error: ${error}`));
+          return;
+        }
+
+        if (state !== expectedState) {
+          res.writeHead(400, { 'Content-Type': 'text/html' });
+          res.end(`
+            <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
+              <h1>Authentication Failed</h1>
+              <p>Invalid state parameter (possible CSRF attack)</p>
+              <p>You can close this window.</p>
+            </body></html>
+          `);
+          server.close();
+          reject(new Error('Invalid state parameter'));
+          return;
+        }
+
+        res.writeHead(200, { 'Content-Type': 'text/html' });
+        res.end(`
+          <html><body style="font-family: system-ui; padding: 40px; text-align: center;">
+            <h1>Authentication Successful!</h1>
+            <p>You can close this window and return to your terminal.</p>
+          </body></html>
+        `);
+        server.close();
+        resolve(code);
+      } else {
+        res.writeHead(404);
+        res.end('Not found');
+      }
+    });
+
+    server.listen(port, '127.0.0.1');
+
+    // Timeout after 5 minutes
+    setTimeout(() => {
+      server.close();
+      reject(new Error('Authentication timed out'));
+    }, 5 * 60 * 1000);
+  });
+}
+
+/**
+ * Exchange authorization code for tokens
+ */
+async function exchangeCodeForTokens(code, codeVerifier, port) {
+  const tokenUrl = `https://${CONFIG.cognito.domain}/oauth2/token`;
+  const redirectUri = `http://localhost:${port}/callback`;
+
+  const params = new URLSearchParams({
+    grant_type: 'authorization_code',
+    client_id: CONFIG.cognito.clientId,
+    code: code,
+    redirect_uri: redirectUri,
+    code_verifier: codeVerifier
+  });
+
+  return new Promise((resolve, reject) => {
+    const req = https.request(tokenUrl, {
+      method: 'POST',
+      headers: {
+        'Content-Type': 'application/x-www-form-urlencoded'
+      }
+    }, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        if (res.statusCode !== 200) {
+          reject(new Error(`Token exchange failed: ${data}`));
+          return;
+        }
+        try {
+          const tokens = JSON.parse(data);
+          const decoded = decodeJwt(tokens.id_token);
+          resolve({
+            id_token: tokens.id_token,
+            access_token: tokens.access_token,
+            refresh_token: tokens.refresh_token,
+            expires_at: Date.now() + (tokens.expires_in * 1000),
+            email: decoded.email
+          });
+        } catch (e) {
+          reject(e);
+        }
+      });
+    });
+
+    req.on('error', reject);
+    req.write(params.toString());
+    req.end();
+  });
+}
+
+/**
+ * Open browser for authentication
+ */
+async function openBrowser(url) {
+  const platform = process.platform;
+  let command;
+
+  if (platform === 'darwin') {
+    command = `open "${url}"`;
+  } else if (platform === 'win32') {
+    command = `start "" "${url}"`;
+  } else {
+    command = `xdg-open "${url}"`;
+  }
+
+  try {
+    await execAsync(command);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Full browser authentication flow (PKCE)
+ */
+async function browserAuth() {
+  // Generate PKCE challenge
+  const codeVerifier = crypto.randomBytes(32).toString('base64url');
+  const codeChallenge = crypto.createHash('sha256').update(codeVerifier).digest('base64url');
+  const state = crypto.randomBytes(16).toString('hex');
+
+  // Find available port
+  const port = await findAvailablePort();
+  const redirectUri = `http://localhost:${port}/callback`;
+
+  // Build Cognito authorization URL
+  const authUrl = `https://${CONFIG.cognito.domain}/login?` + new URLSearchParams({
+    client_id: CONFIG.cognito.clientId,
+    response_type: 'code',
+    scope: 'openid email profile',
+    redirect_uri: redirectUri,
+    state: state,
+    code_challenge: codeChallenge,
+    code_challenge_method: 'S256'
+  }).toString();
+
+  // Start callback server
+  const codePromise = startCallbackServer(port, state);
+
+  // Open browser
+  console.log('\n🔐 Opening browser for authentication...');
+  console.log(`   Callback server listening on port ${port}`);
+
+  const opened = await openBrowser(authUrl);
+
+  if (!opened) {
+    console.log('\n   Could not open browser automatically.');
+  }
+
+  console.log('\n   If login page doesn\'t appear, paste this URL in your browser:\n');
+  console.log(`   ${authUrl}\n`);
+
+  console.log('   Waiting for authentication (5 minute timeout)...\n');
+
+  // Wait for callback
+  const code = await codePromise;
+
+  // Exchange code for tokens
+  const tokens = await exchangeCodeForTokens(code, codeVerifier, port);
+  await saveAuth(tokens);
+
+  return tokens;
+}
+
+/**
+ * Ensure user is authenticated (main entry point)
+ */
+async function ensureAuth() {
+  let auth = loadAuth();
+
+  // Check if we have valid tokens
+  if (auth?.id_token && !isTokenExpired(auth.expires_at)) {
+    return auth;
+  }
+
+  // Try silent refresh
+  if (auth?.refresh_token) {
+    try {
+      console.log('🔄 Refreshing authentication...');
+      const newAuth = await refreshTokens(auth.refresh_token);
+      await saveAuth(newAuth);
+      return newAuth;
+    } catch (e) {
+      console.log('   Refresh failed, need to re-authenticate.\n');
+    }
+  }
+
+  // Full browser auth
+  return await browserAuth();
+}
+
+// ============================================================================
+// API Module
+// ============================================================================
+
+/**
+ * Make authenticated API call
+ */
+function callApi(method, endpoint, token, body = null) {
+  // Construct full URL - endpoint is relative, baseUrl may include path like /dev
+  const baseUrl = new URL(CONFIG.api.baseUrl);
+  const fullPath = baseUrl.pathname.replace(/\/$/, '') + endpoint;
+
+  return new Promise((resolve, reject) => {
+    const options = {
+      method,
+      hostname: baseUrl.hostname,
+      path: fullPath,
+      headers: {
+        'Authorization': `Bearer ${token}`,
+        'Content-Type': 'application/json'
+      }
+    };
+
+    const req = https.request(options, (res) => {
+      let data = '';
+      res.on('data', chunk => data += chunk);
+      res.on('end', () => {
+        try {
+          const parsed = JSON.parse(data);
+          if (res.statusCode >= 200 && res.statusCode < 300) {
+            resolve({ success: true, data: parsed });
+          } else {
+            resolve({ success: false, error: parsed.message || parsed.error || 'API error', status: res.statusCode });
+          }
+        } catch {
+          resolve({ success: false, error: data, status: res.statusCode });
+        }
+      });
+    });
+
+    req.on('error', (e) => {
+      resolve({ success: false, error: e.message });
+    });
+
+    if (body) {
+      req.write(JSON.stringify(body));
+    }
+    req.end();
+  });
+}
+
+/**
+ * Poll for subscription activation after Stripe checkout
+ */
+async function pollForSubscription(token, maxAttempts = 60) {
+  console.log('\n⏳ Waiting for subscription activation...');
+  console.log('   (Complete the checkout in your browser)\n');
+
+  for (let i = 0; i < maxAttempts; i++) {
+    await new Promise(r => setTimeout(r, 3000)); // Wait 3 seconds
+
+    const response = await callApi('GET', '/api/users/me', token);
+    if (response.success && response.data?.Records?.[0]) {
+      const user = response.data.Records[0];
+      const tier = user.subscription?.tier || user.client?.subscription_tier || 'free';
+      if (tier !== 'free') {
+        console.log(`✅ Subscription activated: ${tier}\n`);
+        return tier;
+      }
+    }
+    process.stdout.write('.');
+  }
+
+  console.log('\n⚠️  Subscription not detected. You can continue setup and it will sync later.\n');
+  return 'free';
+}
+
+// ============================================================================
+// CLI Arguments
+// ============================================================================
+
 function parseArgs(args) {
   const parsed = {
     command: null,
     projectPath: null,
-    team: false,
     format: 'raw',
     since: '7d',
     commits: 10,
@@ -32,19 +479,17 @@ function parseArgs(args) {
 
   for (let i = 0; i < args.length; i++) {
     const arg = args[i];
-    if (arg === '--team') parsed.team = true;
-    else if (arg === '--dry-run') parsed.dryRun = true;
+    if (arg === '--dry-run') parsed.dryRun = true;
     else if (arg === '--help' || arg === '-h') parsed.help = true;
     else if (arg === '--format' && args[i + 1]) { parsed.format = args[++i]; }
     else if (arg === '--path' && args[i + 1]) { parsed.projectPath = args[++i]; }
     else if (arg === '--since' && args[i + 1]) { parsed.since = args[++i]; }
     else if (arg === '--commits' && args[i + 1]) { parsed.commits = parseInt(args[++i]); }
-    else if (['init', 'inject', 'harvest'].includes(arg)) parsed.command = arg;
+    else if (['init', 'inject', 'harvest', 'logout', 'login', 'status'].includes(arg)) parsed.command = arg;
     else if (!arg.startsWith('-') && !parsed.command) parsed.command = arg;
     else if (!arg.startsWith('-') && !parsed.projectPath) parsed.projectPath = arg;
   }
 
-  // Default command is 'init'
   if (!parsed.command) parsed.command = 'init';
 
   return parsed;
@@ -58,24 +503,25 @@ Usage:
   mindmeld <command> [options]
 
 Commands:
-  init [path]     Initialize project for MindMeld
+  init [path]     Initialize project for MindMeld (requires login)
   inject          Generate context-aware standards for any AI tool
   harvest         Manually capture patterns from recent git history
+  login           Authenticate with MindMeld
+  logout          Clear stored authentication
+  status          Show current authentication status
 
 Options:
-  --team          Enable team collaboration (init only)
   --format <type> Output format: raw, cursorrules, windsurfrules, aider, claude
   --path <dir>    Project path (default: current directory)
   --help, -h      Show this help message
 
 Examples:
-  mindmeld init --team                         # Init with team collaboration
-  mindmeld inject --format cursorrules         # Update .cursorrules
-  mindmeld inject --format windsurfrules       # Update .windsurfrules
-  mindmeld inject --format aider              # Update aider conventions
-  mindmeld inject                              # Raw markdown to stdout
-  mindmeld inject | ollama run qwen3-coder     # Pipe to local model
-  mindmeld harvest                             # Capture patterns from git diff
+  mindmeld init                              # Initialize with authentication
+  mindmeld inject --format cursorrules       # Update .cursorrules
+  mindmeld inject --format windsurfrules     # Update .windsurfrules
+  mindmeld inject                            # Raw markdown to stdout
+  mindmeld harvest                           # Capture patterns from git diff
+  mindmeld status                            # Check auth status
 
 Works with: Claude Code, Cursor, Windsurf, Codex CLI, Aider, Ollama, LM Studio
 
@@ -83,18 +529,68 @@ Learn more: https://mindmeld.dev
 `);
 }
 
-async function initProject(projectPath, options = {}) {
+// ============================================================================
+// Init Command
+// ============================================================================
+
+async function initProject(projectPath) {
   projectPath = projectPath || process.cwd();
 
-  console.log(`\n🎯 Initializing MindMeld for: ${projectPath}\n`);
+  console.log('\n🎯 MindMeld CLI\n');
+
+  // 1. Authenticate
+  const auth = await ensureAuth();
+  console.log(`✅ Authenticated as ${auth.email}\n`);
+
+  // 2. Check subscription
+  const userResponse = await callApi('GET', '/api/users/me', auth.id_token);
+  if (!userResponse.success) {
+    throw new Error(`Failed to get user info: ${userResponse.error}`);
+  }
+
+  const user = userResponse.data.data?.Records?.[0];
+  if (!user) {
+    throw new Error('User not found. Please sign up at https://app.mindmeld.dev');
+  }
+
+  let tier = user.subscription?.tier || user.client?.subscription_tier || 'free';
+  const clientId = user.client_id;
+
+  // 3. Handle free tier - prompt for upgrade
+  if (tier === 'free') {
+    console.log('📋 Current plan: Free\n');
+    console.log('   MindMeld requires a subscription for full features.');
+    console.log('   Free tier provides local-only pattern storage.\n');
+
+    const upgrade = await promptYesNo('   Would you like to upgrade now? (y/n): ');
+
+    if (upgrade) {
+      // Create checkout session
+      const checkoutResponse = await callApi('POST', '/api/stripe/subscription/create', auth.id_token, {
+        tier: 'team',
+        contributionMode: 'contributing'
+      });
 
-  if (options.team) {
-    console.log('   Mode: Team collaboration\n');
+      if (checkoutResponse.success && checkoutResponse.data?.data?.url) {
+        console.log('\n🛒 Opening checkout...');
+        await openBrowser(checkoutResponse.data.data.url);
+        tier = await pollForSubscription(auth.id_token);
+      } else {
+        console.log(`\n⚠️  Could not create checkout: ${checkoutResponse.error}`);
+        console.log('   Visit https://app.mindmeld.dev to subscribe.\n');
+      }
+    } else {
+      console.log('\n   Continuing with free tier (local-only mode).\n');
+    }
   } else {
-    console.log('   Mode: Private (solo)\n');
+    console.log(`📋 Current plan: ${tier}\n`);
   }
 
-  // 1. Check if already initialized
+  // 4. Get project info
+  const projectName = path.basename(projectPath);
+  const projectId = projectName.toLowerCase().replace(/[^a-z0-9]+/g, '-');
+
+  // 5. Check if already initialized
   const mindmeldDir = path.join(projectPath, '.mindmeld');
   const configPath = path.join(mindmeldDir, 'config.json');
 
@@ -103,7 +599,7 @@ async function initProject(projectPath, options = {}) {
     console.log('⚠️  Project already initialized!');
     console.log(`   Config exists at: ${configPath}\n`);
 
-    const answer = await promptYesNo('Reinitialize? (y/n): ');
+    const answer = await promptYesNo('   Reinitialize? (y/n): ');
     if (!answer) {
       console.log('Aborted.');
       process.exit(0);
@@ -112,13 +608,32 @@ async function initProject(projectPath, options = {}) {
     // Not initialized, continue
   }
 
-  // 2. Get project name
-  const projectName = path.basename(projectPath);
-  const projectId = projectName.toLowerCase().replace(/[^a-z0-9]+/g, '-');
+  // 6. Create project on backend (if subscribed)
+  let backendProjectId = null;
+  if (tier !== 'free') {
+    console.log('📡 Registering project with MindMeld...');
+    // Company_ID is client_id + '_main' for personal workspaces
+    const companyId = `${clientId}_main`;
+    const projectResponse = await callApi('POST', '/api/projects', auth.id_token, {
+      Company_ID: companyId,
+      project_name: projectName
+    });
 
-  // 3. Discover collaborators from git
-  let collaborators = [];
+    if (projectResponse.success) {
+      backendProjectId = projectResponse.data?.data?.Records?.[0]?.project_id || projectId;
+      console.log(`   Project registered: ${backendProjectId}\n`);
+    } else if (projectResponse.status === 409) {
+      // Project already exists, that's fine
+      backendProjectId = projectId;
+      console.log(`   Project already registered: ${projectId}\n`);
+    } else {
+      console.log(`   Warning: Could not register project: ${projectResponse.error}`);
+      console.log('   Continuing with local-only setup.\n');
+    }
+  }
 
+  // 7. Discover collaborators from git
+  let collaborators = [];
   try {
     const { stdout } = await execAsync(
       'git log --format="%an|%ae" | sort | uniq -c | sort -rn | head -10',
@@ -144,95 +659,86 @@ async function initProject(projectPath, options = {}) {
     }
 
     if (collaborators.length > 0) {
-      console.log('📋 Discovered collaborators from git history:\n');
+      console.log('👥 Discovered collaborators from git history:\n');
       collaborators.forEach((c, i) => {
         console.log(`   ${i + 1}. ${c.name} <${c.email}> (${c.commits} commits)`);
       });
       console.log('');
     }
-  } catch (error) {
+  } catch {
     console.log('ℹ️  No git history found (not a git repo or no commits)\n');
   }
 
-  // 4. Create .mindmeld directory
+  // 8. Create .mindmeld directory and config
   await fs.mkdir(mindmeldDir, { recursive: true });
 
-  // 5. Create config.json
   const config = {
-    projectId,
+    projectId: backendProjectId || projectId,
     projectName,
-    created: new Date().toISOString(),
+    userEmail: auth.email,
+    clientId,
+    subscriptionTier: tier,
     collaborators,
-    private: !options.team,
-    team: options.team,
-    externalUsersAllowed: false,
-    mindmeldVersion: '3.0.0'
+    created: new Date().toISOString(),
+    mindmeldVersion: '3.1.0'
   };
 
   await fs.writeFile(configPath, JSON.stringify(config, null, 2));
 
   console.log('✅ MindMeld initialized!\n');
   console.log(`   Config: ${configPath}`);
-  console.log(`   Project ID: ${projectId}`);
-  console.log(`   Mode: ${options.team ? 'Team' : 'Private'}`);
-  console.log(`   Collaborators: ${collaborators.length}`);
+  console.log(`   Project ID: ${config.projectId}`);
+  console.log(`   User: ${auth.email}`);
+  console.log(`   Plan: ${tier}`);
   console.log('');
 
-  // 6. Check for community standards
+  // 9. Check for community standards
   const standardsDir = path.join(projectPath, '.equilateral-standards');
-
   try {
     await fs.access(standardsDir);
     console.log('ℹ️  Community standards (.equilateral-standards) available');
   } catch {
-    // Try to clone the community standards repo
-    try {
-      await execAsync(
-        'git clone https://github.com/Equilateral-AI/EquilateralAgents-Community-Standards.git .equilateral-standards',
-        { cwd: projectPath }
-      );
-      console.log('✅ Cloned community standards repo');
-    } catch {
-      console.log('ℹ️  Community standards not available (clone from:');
-      console.log('   https://github.com/Equilateral-AI/EquilateralAgents-Community-Standards)');
-      console.log('   Local patterns will still be captured in .mindmeld/');
+    if (tier !== 'free') {
+      try {
+        await execAsync(
+          'git clone https://github.com/Equilateral-AI/EquilateralAgents-Community-Standards.git .equilateral-standards',
+          { cwd: projectPath }
+        );
+        console.log('✅ Cloned community standards repo');
+      } catch {
+        console.log('ℹ️  Community standards not available (clone from:');
+        console.log('   https://github.com/Equilateral-AI/EquilateralAgents-Community-Standards)');
+      }
     }
   }
 
-  // 7. Bootstrap: harvest patterns from git history and promote to standards
-  await bootstrapFromHistory(projectPath, { team: options.team });
+  // 10. Bootstrap from git history
+  await bootstrapFromHistory(projectPath);
 
-  // 8. Configure Claude Code hooks
+  // 11. Configure Claude Code hooks
   await configureClaudeHooks(projectPath);
 
-  // 9. Register with API if team mode
-  if (options.team) {
-    console.log('\n📡 Team mode enabled.');
-    console.log('   Sign in at https://app.mindmeld.dev to connect this project.');
-    console.log('   Your coding sessions will contribute to team-wide standards.\n');
-  }
-
-  // 10. Summary
+  // 12. Summary
   console.log('\n🚀 Next steps:');
   console.log('   1. Start a Claude Code session in this project');
   console.log('   2. MindMeld hooks will inject relevant standards automatically');
   console.log('   3. Patterns from your sessions will be harvested and validated');
-  if (options.team) {
-    console.log('   4. Sign in at https://app.mindmeld.dev to manage team standards');
+  if (tier !== 'free') {
+    console.log('   4. Visit https://app.mindmeld.dev to manage team standards');
   }
   console.log('');
 }
 
-/**
- * Bootstrap: scan 90 days of git history, detect patterns, promote to standards
- */
-async function bootstrapFromHistory(projectPath, options = {}) {
+// ============================================================================
+// Bootstrap & Hooks (unchanged)
+// ============================================================================
+
+async function bootstrapFromHistory(projectPath) {
   console.log('\n📊 Bootstrapping from git history...\n');
 
   try {
     const { getGitHistory, detectPatterns, savePatterns, promotePatterns, harvestPlans, promoteDecisions } = require('./harvest');
 
-    // Get extended git history
     const gitHistory = await getGitHistory(projectPath, { since: '90d', commits: 50 });
     const patterns = detectPatterns(gitHistory);
 
@@ -242,10 +748,7 @@ async function bootstrapFromHistory(projectPath, options = {}) {
       return;
     }
 
-    // Save raw patterns
     await savePatterns(projectPath, patterns);
-
-    // Promote high-confidence patterns to provisional standards
     const promoted = await promotePatterns(projectPath, patterns, { threshold: 0.5 });
 
     console.log(`   Detected ${patterns.length} pattern(s) from git history`);
@@ -256,7 +759,6 @@ async function bootstrapFromHistory(projectPath, options = {}) {
       }
     }
 
-    // Harvest decisions from Claude Code plan files
     const planDecisions = await harvestPlans(projectPath);
     if (planDecisions.length > 0) {
       const promotedDecisions = await promoteDecisions(projectPath, planDecisions);
@@ -279,20 +781,14 @@ async function bootstrapFromHistory(projectPath, options = {}) {
   }
 }
 
-/**
- * Configure Claude Code hooks in .claude/settings.json
- * This wires up MindMeld's session-start and pre-compact hooks
- */
 async function configureClaudeHooks(projectPath) {
   const claudeDir = path.join(projectPath, '.claude');
   const settingsPath = path.join(claudeDir, 'settings.json');
 
-  // Resolve hook paths from installed package location
   const packageRoot = path.resolve(__dirname, '..');
   const sessionStartHook = path.join(packageRoot, 'hooks', 'session-start.js');
   const preCompactHook = path.join(packageRoot, 'hooks', 'pre-compact.js');
 
-  // Verify hooks exist
   try {
     await fs.access(sessionStartHook);
     await fs.access(preCompactHook);
@@ -302,50 +798,37 @@ async function configureClaudeHooks(projectPath) {
     return;
   }
 
-  // MindMeld hook definitions
   const mindmeldHooks = {
-    SessionStart: [
-      {
-        hooks: [
-          {
-            type: 'command',
-            command: `node "${sessionStartHook}"`,
-            timeout: 5
-          }
-        ]
-      }
-    ],
-    PreCompact: [
-      {
-        hooks: [
-          {
-            type: 'command',
-            command: `node "${preCompactHook}"`,
-            timeout: 30
-          }
-        ]
-      }
-    ]
+    SessionStart: [{
+      hooks: [{
+        type: 'command',
+        command: `node "${sessionStartHook}"`,
+        timeout: 5
+      }]
+    }],
+    PreCompact: [{
+      hooks: [{
+        type: 'command',
+        command: `node "${preCompactHook}"`,
+        timeout: 30
+      }]
+    }]
   };
 
-  // Create .claude directory
   await fs.mkdir(claudeDir, { recursive: true });
 
-  // Load existing settings if present
   let settings = {};
   try {
     const existing = await fs.readFile(settingsPath, 'utf-8');
     settings = JSON.parse(existing);
   } catch {
-    // No existing settings, start fresh
+    // No existing settings
   }
 
-  // Merge hooks (preserve existing non-MindMeld hooks)
   if (!settings.hooks) {
     settings.hooks = {};
   }
 
-  // Check if MindMeld hooks already configured
   const hasSessionStart = (settings.hooks.SessionStart || []).some(h =>
     h.hooks?.some(hk => hk.command?.includes('mindmeld') || hk.command?.includes('session-start'))
   );
@@ -358,7 +841,6 @@ async function configureClaudeHooks(projectPath) {
     return;
   }
 
-  // Add MindMeld hooks (append to existing, don't replace)
   if (!hasSessionStart) {
     settings.hooks.SessionStart = [
       ...(settings.hooks.SessionStart || []),
@@ -379,6 +861,39 @@ async function configureClaudeHooks(projectPath) {
   console.log(`   PreCompact: ${preCompactHook}`);
 }
 
+// ============================================================================
+// Utility Commands
+// ============================================================================
+
+async function showStatus() {
+  const auth = loadAuth();
+
+  console.log('\n🎯 MindMeld Status\n');
+
+  if (!auth) {
+    console.log('   Not authenticated.');
+    console.log('   Run "mindmeld login" to authenticate.\n');
+    return;
+  }
+
+  console.log(`   Email: ${auth.email}`);
+  console.log(`   Token expires: ${new Date(auth.expires_at).toLocaleString()}`);
+  console.log(`   Token status: ${isTokenExpired(auth.expires_at) ? 'Expired' : 'Valid'}`);
+  console.log(`   Refresh token: ${auth.refresh_token ? 'Present' : 'Missing'}`);
+  console.log('');
+}
+
+async function logout() {
+  await clearAuth();
+  console.log('\n✅ Logged out successfully.\n');
+}
+
+async function login() {
+  console.log('\n🎯 MindMeld Login\n');
+  const auth = await browserAuth();
+  console.log(`\n✅ Logged in as ${auth.email}\n`);
+}
+
 async function promptYesNo(question) {
   process.stdout.write(question);
 
@@ -390,7 +905,10 @@ async function promptYesNo(question) {
   });
 }
 
+// ============================================================================
 // Main
+// ============================================================================
+
 const args = parseArgs(process.argv.slice(2));
 
 if (args.help && !args.command) {
@@ -400,7 +918,7 @@ if (args.help && !args.command) {
 
 if (args.command === 'init') {
   if (args.help) { showHelp(); process.exit(0); }
-  initProject(args.projectPath, { team: args.team })
+  initProject(args.projectPath)
     .then(() => process.exit(0))
     .catch(error => {
       console.error('\n❌ Error:', error.message);
@@ -408,10 +926,7 @@ if (args.command === 'init') {
     });
 } else if (args.command === 'inject') {
   const { inject, showInjectHelp } = require('./inject');
-  if (args.help) {
-    showInjectHelp();
-    process.exit(0);
-  }
+  if (args.help) { showInjectHelp(); process.exit(0); }
   inject({ format: args.format, path: args.projectPath })
     .then(() => process.exit(0))
     .catch(error => {
@@ -420,16 +935,34 @@ if (args.command === 'init') {
     });
 } else if (args.command === 'harvest') {
   const { harvest, showHarvestHelp } = require('./harvest');
-  if (args.help) {
-    showHarvestHelp();
-    process.exit(0);
-  }
+  if (args.help) { showHarvestHelp(); process.exit(0); }
   harvest({ path: args.projectPath, since: args.since, commits: args.commits, dryRun: args.dryRun })
     .then(() => process.exit(0))
     .catch(error => {
       console.error('\n❌ Error:', error.message);
       process.exit(1);
     });
+} else if (args.command === 'logout') {
+  logout()
+    .then(() => process.exit(0))
+    .catch(error => {
+      console.error('\n❌ Error:', error.message);
+      process.exit(1);
+    });
+} else if (args.command === 'login') {
+  login()
+    .then(() => process.exit(0))
+    .catch(error => {
+      console.error('\n❌ Error:', error.message);
+      process.exit(1);
+    });
+} else if (args.command === 'status') {
+  showStatus()
+    .then(() => process.exit(0))
+    .catch(error => {
+      console.error('\n❌ Error:', error.message);
+      process.exit(1);
+    });
 } else {
   console.error(`Unknown command: ${args.command}`);
   console.error('Run "mindmeld --help" for usage.');