@eve-horizon/cli 0.2.9 → 0.2.11

package/README.md

@@ -6,18 +6,38 @@ Published CLI (npx) for interacting with the Eve Horizon API. Dev/ops tooling li
 npx @eve/cli --help
 ```
 
+## Local Development & Global Parity
+
+When testing CLI changes locally, you have two options:
+
+```bash
+# Option 1: run the repo-local build directly
+pnpm -C packages/cli build
+node packages/cli/bin/eve.js --help
+
+# Option 2: link the CLI so the global `eve` binary matches your local build
+pnpm -C packages/cli build
+cd packages/cli && npm link
+eve --help
+```
+
+To update global installs for others, publish a new CLI version via the `cli-v*` tag flow
+(see root AGENTS.md for release instructions).
+
 ## Philosophy
 
 The CLI is the **primary interface** for Eve Horizon, designed for humans and AI agents. The REST API is the substrate: every operation is exposed via HTTP, and the CLI is a thin wrapper that handles argument parsing and output formatting. It does not bypass the API or contain business logic.
 
 See [API Philosophy](../../docs/system/api-philosophy.md) and [OpenAPI](../../docs/system/openapi.md).
 
-## Profiles (defaults + credentials)
+## Profiles (repo-local defaults)
 
 Profiles store API URL, default org/project IDs, default harness, and Supabase auth config.
+Profiles are **repo-local** and live in `.eve/profile.yaml` so each project keeps its own
+defaults without impacting other checkouts.
 
 ```bash
-# Create or update a profile
+# Create or update a profile (repo-local)
 eve profile set local \
   --api-url http://localhost:4801 \
   --org org_defaulttestorg \
@@ -27,7 +47,7 @@ eve profile set local \
 eve profile set --harness mclaude
 eve profile set --harness mclaude:fast   # harness with variant
 
-# Set active profile
+# Set active profile (repo-local)
 eve profile use local
 
 # Show active profile
@@ -54,12 +74,16 @@ eve profile set prod \
 Auth is **required** for cloud stacks. The default flow uses GitHub SSH keys; Supabase remains an
 optional adapter for legacy deployments.
 
-The CLI will refresh Supabase access tokens automatically if a refresh token is available.
+Credentials are stored globally in `~/.eve/credentials.json`, keyed by API URL. The CLI will
+refresh Supabase access tokens automatically if a refresh token is available.
 
 ```bash
 # SSH login (default)
 eve auth login --email you@example.com --ssh-key ~/.ssh/id_ed25519
 
+# SSH login with custom token TTL (1-90 days)
+eve auth login --email you@example.com --ttl 30
+
 # Supabase login (optional)
 eve auth login --email you@example.com --password '...' \
   --supabase-url https://your-project.supabase.co \
@@ -151,6 +175,32 @@ eve job approve MyProj-abc123 --comment "LGTM"
 eve job reject MyProj-abc123 --reason "Missing tests"
 ```
 
+### Agents
+
+```bash
+# Inspect agent policy + harness readiness
+eve agents config --json
+
+# Sync agents/teams/chat config from repo (deterministic)
+eve agents sync --project proj_xxx --ref main
+
+# Local dev sync (requires local API + allow dirty)
+eve agents sync --project proj_xxx --local --allow-dirty
+```
+
+### Integrations + Chat
+
+```bash
+# Connect Slack workspace (stub OAuth)
+eve integrations slack connect --org org_xxx --team-id T123 --token xoxb-...
+
+# List integrations for org
+eve integrations list --org org_xxx
+
+# Simulate inbound Slack message
+eve chat simulate --project proj_xxx --team-id T123 --channel-id C123 --user-id U123 --text "hello"
+```
+
 #### Job Results
 
 Fetch and display completed job results:

package/dist/commands/agents.js

@@ -1,6 +1,7 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.handleAgents = handleAgents;
+const node_child_process_1 = require("node:child_process");
 const node_fs_1 = require("node:fs");
 const node_path_1 = require("node:path");
 const yaml_1 = require("yaml");
@@ -8,6 +9,7 @@ const harness_capabilities_js_1 = require("../lib/harness-capabilities.js");
 const args_1 = require("../lib/args");
 const client_1 = require("../lib/client");
 const output_1 = require("../lib/output");
+const git_js_1 = require("../lib/git.js");
 function readYamlFile(filePath) {
     const raw = (0, node_fs_1.readFileSync)(filePath, 'utf-8');
     const parsed = (0, yaml_1.parse)(raw);
@@ -16,6 +18,41 @@ function readYamlFile(filePath) {
     }
     return parsed;
 }
+function resolveAgentsConfigPaths(repoRoot, manifest) {
+    const xEve = manifest['x-eve'] ||
+        manifest['x_eve'] ||
+        {};
+    const agentsBlock = xEve['agents'] || {};
+    const chatBlock = xEve['chat'] || {};
+    const manifestChat = manifest['chat'] || {};
+    const agentsPath = (0, node_path_1.resolve)(repoRoot, pickString(agentsBlock.config_path) ?? 'agents/agents.yaml');
+    const teamsPath = (0, node_path_1.resolve)(repoRoot, pickString(agentsBlock.teams_path) ?? 'agents/teams.yaml');
+    const chatPath = (0, node_path_1.resolve)(repoRoot, pickString(chatBlock.config_path) ?? pickString(manifestChat.config_path) ?? 'agents/chat.yaml');
+    return { agentsPath, teamsPath, chatPath };
+}
+function pickString(value) {
+    return typeof value === 'string' && value.trim().length > 0 ? value : undefined;
+}
+function ensureFileExists(path, label) {
+    if (!(0, node_fs_1.existsSync)(path)) {
+        throw new Error(`Missing ${label} at ${path}. Update manifest config_path or add the file.`);
+    }
+    return path;
+}
+function isLocalApiUrl(apiUrl) {
+    try {
+        const url = new URL(apiUrl);
+        const host = url.hostname.toLowerCase();
+        return (host === 'localhost' ||
+            host === '127.0.0.1' ||
+            host === '0.0.0.0' ||
+            host.endsWith('.lvh.me') ||
+            host.endsWith('.localhost'));
+    }
+    catch {
+        return false;
+    }
+}
 function loadAgentsConfig(repoRoot) {
     const eveDir = (0, node_path_1.join)(repoRoot, '.eve');
     const manifestPath = (0, node_path_1.join)(eveDir, 'manifest.yaml');
@@ -34,45 +71,126 @@ async function handleAgents(subcommand, positionals, flags, context) {
     const command = subcommand ?? 'config';
     const json = Boolean(flags.json);
     const includeHarnesses = !((0, args_1.getBooleanFlag)(flags, ['no-harnesses']) ?? false);
-    const repoRoot = (0, node_path_1.resolve)((0, args_1.getStringFlag)(flags, ['path']) ?? process.cwd());
-    if (command !== 'config') {
-        throw new Error('Usage: eve agents config [--path <dir>] [--no-harnesses]');
-    }
-    const result = loadAgentsConfig(repoRoot);
-    const response = {
-        repo_root: repoRoot,
-        source: result.source,
-        policy: result.policy,
-    };
-    if (result.manifest_defaults) {
-        response.manifest_defaults = result.manifest_defaults;
-    }
-    if (includeHarnesses) {
-        const harnesses = await (0, client_1.requestJson)(context, '/harnesses');
-        response.harnesses = harnesses.data;
-        response.capabilities = harness_capabilities_js_1.HARNESS_CAPABILITIES;
-    }
-    if (json) {
-        (0, output_1.outputJson)(response, json);
-        return;
-    }
-    console.log(`Agents config source: ${result.source.type}`);
-    if ('path' in result.source) {
-        console.log(`Path: ${result.source.path}`);
-    }
-    if (!result.policy) {
-        console.log('No policy found. Add x-eve.agents to .eve/manifest.yaml.');
-    }
-    else {
-        const profiles = result.policy.profiles || {};
-        const profileNames = Object.keys(profiles);
-        console.log(`Profiles: ${profileNames.length ? profileNames.join(', ') : 'none'}`);
-    }
-    if (includeHarnesses) {
-        const harnesses = response.harnesses;
-        if (harnesses?.length) {
-            const ready = harnesses.filter((h) => h.auth.available).length;
-            console.log(`Harnesses: ${harnesses.length} (${ready} ready)`);
+    const repoRoot = (0, node_path_1.resolve)((0, args_1.getStringFlag)(flags, ['repo-dir', 'repo_dir', 'dir', 'path']) ?? process.cwd());
+    switch (command) {
+        case 'config': {
+            const result = loadAgentsConfig(repoRoot);
+            const response = {
+                repo_root: repoRoot,
+                source: result.source,
+                policy: result.policy,
+            };
+            if (result.manifest_defaults) {
+                response.manifest_defaults = result.manifest_defaults;
+            }
+            if (includeHarnesses) {
+                const harnesses = await (0, client_1.requestJson)(context, '/harnesses');
+                response.harnesses = harnesses.data;
+                response.capabilities = harness_capabilities_js_1.HARNESS_CAPABILITIES;
+            }
+            if (json) {
+                (0, output_1.outputJson)(response, json);
+                return;
+            }
+            console.log(`Agents config source: ${result.source.type}`);
+            if ('path' in result.source) {
+                console.log(`Path: ${result.source.path}`);
+            }
+            if (!result.policy) {
+                console.log('No policy found. Add x-eve.agents to .eve/manifest.yaml.');
+            }
+            else {
+                const profiles = result.policy.profiles || {};
+                const profileNames = Object.keys(profiles);
+                console.log(`Profiles: ${profileNames.length ? profileNames.join(', ') : 'none'}`);
+            }
+            if (includeHarnesses) {
+                const harnesses = response.harnesses;
+                if (harnesses?.length) {
+                    const ready = harnesses.filter((h) => h.auth.available).length;
+                    console.log(`Harnesses: ${harnesses.length} (${ready} ready)`);
+                }
+            }
+            return;
+        }
+        case 'sync': {
+            const projectId = (0, args_1.getStringFlag)(flags, ['project']) ?? context.projectId;
+            if (!projectId) {
+                throw new Error('Missing project id. Provide --project or set a profile default.');
+            }
+            const ref = (0, args_1.getStringFlag)(flags, ['ref']);
+            const local = (0, args_1.getBooleanFlag)(flags, ['local']) ?? false;
+            const allowDirty = (0, args_1.getBooleanFlag)(flags, ['allow-dirty', 'allow_dirty']) ?? false;
+            const forceNonlocal = (0, args_1.getBooleanFlag)(flags, ['force-nonlocal', 'force_nonlocal']) ?? false;
+            if (local && ref) {
+                throw new Error('Use either --local or --ref, not both.');
+            }
+            if (!local && !ref) {
+                throw new Error('Missing --ref. Use --ref <sha|branch> or --local for dev sync.');
+            }
+            if (local && !forceNonlocal && !isLocalApiUrl(context.apiUrl)) {
+                throw new Error(`--local sync is only allowed for local API URLs (localhost or *.lvh.me). ` +
+                    `Current API: ${context.apiUrl}. Use --force-nonlocal to override.`);
+            }
+            const gitRoot = (0, git_js_1.getGitRoot)(repoRoot);
+            if (!gitRoot) {
+                throw new Error('Not a git repository. Run from the repo root or pass --repo-dir <path>.');
+            }
+            const dirty = (0, git_js_1.isGitDirty)(gitRoot);
+            if (dirty && !allowDirty) {
+                throw new Error('Working tree is dirty. Commit changes or pass --allow-dirty to sync anyway.');
+            }
+            const manifestPath = (0, node_path_1.join)(repoRoot, '.eve', 'manifest.yaml');
+            if (!(0, node_fs_1.existsSync)(manifestPath)) {
+                throw new Error(`Missing manifest at ${manifestPath}. Expected .eve/manifest.yaml.`);
+            }
+            const manifest = readYamlFile(manifestPath);
+            const configPaths = resolveAgentsConfigPaths(repoRoot, manifest);
+            const agentsYaml = (0, node_fs_1.readFileSync)(ensureFileExists(configPaths.agentsPath, 'agents config'), 'utf-8');
+            const teamsYaml = (0, node_fs_1.readFileSync)(ensureFileExists(configPaths.teamsPath, 'teams config'), 'utf-8');
+            const chatYaml = (0, node_fs_1.readFileSync)(ensureFileExists(configPaths.chatPath, 'chat config'), 'utf-8');
+            let gitSha;
+            let branch;
+            let gitRef = ref ?? 'local';
+            if (ref) {
+                gitSha = await (0, git_js_1.resolveGitRef)(context, projectId, ref, repoRoot);
+                branch = (0, git_js_1.resolveGitBranch)(gitRoot, ref) ?? undefined;
+            }
+            else {
+                gitSha = (0, node_child_process_1.execSync)('git rev-parse HEAD', { cwd: gitRoot, encoding: 'utf-8' }).trim();
+                branch = (0, git_js_1.getGitBranch)(gitRoot) ?? undefined;
+            }
+            if (dirty) {
+                gitRef = `dirty:${gitRef}`;
+            }
+            const response = await (0, client_1.requestJson)(context, `/projects/${projectId}/agents/sync`, {
+                method: 'POST',
+                body: {
+                    agents_yaml: agentsYaml,
+                    teams_yaml: teamsYaml,
+                    chat_yaml: chatYaml,
+                    git_sha: gitSha,
+                    branch,
+                    git_ref: gitRef,
+                },
+            });
+            if (json) {
+                (0, output_1.outputJson)(response, json);
+                return;
+            }
+            console.log(`✓ Agents config synced to ${projectId}`);
+            console.log(`  Agents: ${configPaths.agentsPath}`);
+            console.log(`  Teams:  ${configPaths.teamsPath}`);
+            console.log(`  Chat:   ${configPaths.chatPath}`);
+            if (gitSha)
+                console.log(`  Git SHA: ${gitSha.substring(0, 8)}`);
+            if (branch)
+                console.log(`  Branch: ${branch}`);
+            if (dirty)
+                console.log('  Warning: working tree dirty — marked non-deployable');
+            return;
         }
+        default:
+            throw new Error('Usage: eve agents <config|sync>');
     }
 }

package/dist/commands/auth.js

@@ -59,6 +59,11 @@ async function handleAuth(subcommand, flags, context, credentials) {
             const email = (0, args_1.getStringFlag)(flags, ['email']) ?? process.env.EVE_AUTH_EMAIL ?? context.profile.default_email;
             const userId = (0, args_1.getStringFlag)(flags, ['user-id']);
             const password = (0, args_1.getStringFlag)(flags, ['password']) ?? process.env.EVE_AUTH_PASSWORD;
+            const ttlStr = (0, args_1.getStringFlag)(flags, ['ttl']);
+            const ttlDays = ttlStr ? parseInt(ttlStr, 10) : undefined;
+            if (ttlDays !== undefined && (isNaN(ttlDays) || ttlDays < 1 || ttlDays > 90)) {
+                throw new Error('--ttl must be between 1 and 90 days');
+            }
             const supabaseUrl = (0, args_1.getStringFlag)(flags, ['supabase-url']) ||
                 process.env.EVE_SUPABASE_URL ||
                 context.profile.supabase_url;
@@ -102,7 +107,7 @@ async function handleAuth(subcommand, flags, context, credentials) {
                 const expiresAt = payload.expires_in
                     ? Math.floor(Date.now() / 1000) + payload.expires_in
                     : undefined;
-                credentials.profiles[context.profileName] = {
+                credentials.tokens[context.authKey] = {
                     access_token: payload.access_token,
                     refresh_token: payload.refresh_token,
                     expires_at: expiresAt,
@@ -116,7 +121,7 @@ async function handleAuth(subcommand, flags, context, credentials) {
                 throw new Error('Usage: eve auth login --email <email> or --user-id <id>');
             }
             // Attempt SSH key login with GitHub key auto-discovery on failure
-            const loginResult = await attemptSshLogin(context, credentials, flags, email, userId);
+            const loginResult = await attemptSshLogin(context, credentials, flags, email, userId, ttlDays);
             if (loginResult.success) {
                 (0, output_1.outputJson)({ profile: context.profileName, token_type: loginResult.tokenType }, json, '✓ Logged in');
                 return;
@@ -136,7 +141,7 @@ async function handleAuth(subcommand, flags, context, credentials) {
             }
             // Retry login after key registration
             console.log('\nRetrying login with registered keys...');
-            const retryResult = await attemptSshLogin(context, credentials, flags, email, userId);
+            const retryResult = await attemptSshLogin(context, credentials, flags, email, userId, ttlDays);
             if (retryResult.success) {
                 (0, output_1.outputJson)({ profile: context.profileName, token_type: retryResult.tokenType }, json, '✓ Logged in');
                 return;
@@ -144,8 +149,14 @@ async function handleAuth(subcommand, flags, context, credentials) {
             throw new Error(retryResult.error ?? 'Auth verify failed after key registration');
         }
         case 'logout': {
-            if (credentials.profiles[context.profileName]) {
+            const hadToken = Boolean(credentials.tokens[context.authKey] || credentials.profiles?.[context.profileName]);
+            if (credentials.tokens[context.authKey]) {
+                delete credentials.tokens[context.authKey];
+            }
+            if (credentials.profiles?.[context.profileName]) {
                 delete credentials.profiles[context.profileName];
+            }
+            if (hadToken) {
                 (0, config_1.saveCredentials)(credentials);
             }
             (0, output_1.outputJson)({ profile: context.profileName }, json, '✓ Logged out');
@@ -251,7 +262,7 @@ async function handleAuth(subcommand, flags, context, credentials) {
             if (!payload.access_token) {
                 throw new Error('Bootstrap response missing access_token');
             }
-            credentials.profiles[context.profileName] = {
+            credentials.tokens[context.authKey] = {
                 access_token: payload.access_token,
                 expires_at: payload.expires_at,
                 token_type: payload.token_type,
@@ -262,7 +273,7 @@ async function handleAuth(subcommand, flags, context, credentials) {
         }
         case 'token': {
             // Print the current access token to stdout for use in scripts
-            const tokenEntry = credentials.profiles[context.profileName];
+            const tokenEntry = credentials.tokens[context.authKey] || credentials.profiles?.[context.profileName];
             if (!tokenEntry || !tokenEntry.access_token) {
                 console.error('No valid token found. Please login first with: eve auth login');
                 process.exit(1);
@@ -691,7 +702,7 @@ function signNonceWithSsh(keyPath, nonce) {
         (0, node_fs_1.rmSync)(tempDir, { recursive: true, force: true });
     }
 }
-async function attemptSshLogin(context, credentials, flags, email, userId) {
+async function attemptSshLogin(context, credentials, flags, email, userId, ttlDays) {
     const challengeResponse = await (0, client_1.requestRaw)(context, '/auth/challenge', {
         method: 'POST',
         body: {
@@ -723,7 +734,7 @@ async function attemptSshLogin(context, credentials, flags, email, userId) {
     }
     const verifyResponse = await (0, client_1.requestRaw)(context, '/auth/verify', {
         method: 'POST',
-        body: { challenge_id: challenge.challenge_id, signature },
+        body: { challenge_id: challenge.challenge_id, signature, ...(ttlDays !== undefined && { ttl_days: ttlDays }) },
     });
     if (!verifyResponse.ok) {
         const message = typeof verifyResponse.data === 'string'
@@ -735,7 +746,7 @@ async function attemptSshLogin(context, credentials, flags, email, userId) {
     if (!payload.access_token) {
         return { success: false, error: 'Auth verify response missing access_token' };
     }
-    credentials.profiles[context.profileName] = {
+    credentials.tokens[context.authKey] = {
         access_token: payload.access_token,
         expires_at: payload.expires_at,
         token_type: payload.token_type,

package/dist/commands/build.js

@@ -4,7 +4,7 @@ exports.handleBuild = handleBuild;
 const args_1 = require("../lib/args");
 const client_1 = require("../lib/client");
 const output_1 = require("../lib/output");
-const node_child_process_1 = require("node:child_process");
+const git_js_1 = require("../lib/git.js");
 const ERROR_CODES = {
     auth_error: { code: 'auth_error', label: 'Authentication Error', hint: "Check GITHUB_TOKEN via 'eve secrets set'" },
     clone_error: { code: 'clone_error', label: 'Git Clone Error', hint: "Verify repo URL and access. Check 'eve secrets list'" },
@@ -63,23 +63,14 @@ async function handleCreate(flags, context, json) {
     const ref = (0, args_1.getStringFlag)(flags, ['ref']);
     const manifestHash = (0, args_1.getStringFlag)(flags, ['manifest-hash', 'manifest']);
     const services = (0, args_1.getStringFlag)(flags, ['services']);
+    const repoDir = (0, args_1.getStringFlag)(flags, ['repo-dir', 'repo_dir', 'dir']);
     if (!projectId || !ref || !manifestHash) {
-        throw new Error('Usage: eve build create --project <id> --ref <sha> --manifest-hash <hash> [--services <s1,s2>]');
+        throw new Error('Usage: eve build create --project <id> --ref <sha> --manifest-hash <hash> [--services <s1,s2>] [--repo-dir <path>]');
     }
     // Resolve git ref to actual 40-char SHA
-    let gitSha;
-    try {
-        gitSha = (0, node_child_process_1.execSync)(`git rev-parse ${ref}`, {
-            encoding: 'utf-8',
-            stdio: ['pipe', 'pipe', 'pipe'],
-        }).trim();
-        if (!json) {
-            console.log(`Resolved ref '${ref}' → ${gitSha.substring(0, 8)}...`);
-        }
-    }
-    catch (error) {
-        throw new Error(`Failed to resolve git ref '${ref}': ${error instanceof Error ? error.message : String(error)}\n` +
-            'Make sure you are in a git repository and the ref exists.');
+    const gitSha = await (0, git_js_1.resolveGitRef)(context, projectId, ref, repoDir);
+    if (!json && ref !== gitSha) {
+        console.log(`Resolved ref '${ref}' → ${gitSha.substring(0, 8)}...`);
     }
     const body = { git_sha: gitSha, manifest_hash: manifestHash };
     if (services) {

package/dist/commands/chat.js

@@ -0,0 +1,55 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleChat = handleChat;
+const args_1 = require("../lib/args");
+const client_1 = require("../lib/client");
+const output_1 = require("../lib/output");
+async function handleChat(subcommand, _positionals, flags, context) {
+    const json = Boolean(flags.json);
+    switch (subcommand) {
+        case 'simulate': {
+            const projectId = (0, args_1.getStringFlag)(flags, ['project']) ?? context.projectId;
+            if (!projectId) {
+                throw new Error('Missing project id. Provide --project or set a profile default.');
+            }
+            const provider = (0, args_1.getStringFlag)(flags, ['provider']) ?? 'slack';
+            const teamId = (0, args_1.getStringFlag)(flags, ['team-id']);
+            const text = (0, args_1.getStringFlag)(flags, ['text']);
+            if (!teamId || !text) {
+                throw new Error('Usage: eve chat simulate --project <id> --team-id <team> --text <message>');
+            }
+            const channelId = (0, args_1.getStringFlag)(flags, ['channel-id']);
+            const userId = (0, args_1.getStringFlag)(flags, ['user-id']);
+            const threadKey = (0, args_1.getStringFlag)(flags, ['thread-key']);
+            const metadataFlag = (0, args_1.getStringFlag)(flags, ['metadata']);
+            let metadata;
+            if (metadataFlag) {
+                try {
+                    const parsed = JSON.parse(metadataFlag);
+                    if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                        metadata = parsed;
+                    }
+                }
+                catch {
+                    throw new Error('Invalid --metadata (must be JSON object)');
+                }
+            }
+            const response = await (0, client_1.requestJson)(context, `/projects/${projectId}/chat/simulate`, {
+                method: 'POST',
+                body: {
+                    provider,
+                    team_id: teamId,
+                    channel_id: channelId,
+                    user_id: userId,
+                    text,
+                    thread_key: threadKey,
+                    metadata,
+                },
+            });
+            (0, output_1.outputJson)(response, json, `✓ Chat simulated (thread: ${response.thread_id})`);
+            return;
+        }
+        default:
+            throw new Error('Usage: eve chat <simulate>');
+    }
+}

package/dist/commands/env.js

@@ -37,7 +37,7 @@ exports.handleEnv = handleEnv;
 const args_1 = require("../lib/args");
 const client_1 = require("../lib/client");
 const output_1 = require("../lib/output");
-const child_process_1 = require("child_process");
+const git_js_1 = require("../lib/git.js");
 const readline = __importStar(require("node:readline/promises"));
 // ============================================================================
 // Main Handler
@@ -64,7 +64,7 @@ async function handleEnv(subcommand, positionals, flags, context) {
                 '  list [project]                          - list environments for a project\n' +
                 '  show <project> <name>                   - show details of an environment\n' +
                 '  create <name> --type=<type> [options]   - create an environment\n' +
-                '  deploy <env> --ref <sha> [--direct] [--inputs <json>]   - deploy to an environment\n' +
+                '  deploy <env> --ref <sha> [--direct] [--inputs <json>] [--repo-dir <path>]   - deploy to an environment\n' +
                 '  logs <project> <env> <service> [--since <seconds>] [--tail <n>] [--grep <text>] - get service logs\n' +
                 '  diagnose <project> <env>                - diagnose deployment health and events\n' +
                 '  delete <name> [--project=<id>] [--force] - delete an environment');
@@ -194,27 +194,18 @@ async function handleDeploy(positionals, flags, context, json) {
         envName = flagName;
     }
     if (!projectId || !envName) {
-        throw new Error('Usage: eve env deploy <env> --ref <sha> [--direct] [--inputs <json>] [--image-tag <tag>] [--project=<id>]');
+        throw new Error('Usage: eve env deploy <env> --ref <sha> [--direct] [--inputs <json>] [--image-tag <tag>] [--repo-dir <path>] [--project=<id>]');
     }
     // --ref flag is now required
     const ref = (0, args_1.getStringFlag)(flags, ['ref']);
     if (!ref) {
         throw new Error('Usage: eve env deploy <env> --ref <sha> [options]\n\nThe --ref flag is required (git SHA or commit reference)');
     }
+    const repoDir = (0, args_1.getStringFlag)(flags, ['repo-dir', 'repo_dir', 'dir']);
     // Resolve git ref to actual 40-char SHA
-    let gitSha;
-    try {
-        gitSha = (0, child_process_1.execSync)(`git rev-parse ${ref}`, {
-            encoding: 'utf-8',
-            stdio: ['pipe', 'pipe', 'pipe'],
-        }).trim();
-        if (!json) {
-            console.log(`Resolved ref '${ref}' → ${gitSha.substring(0, 8)}...`);
-        }
-    }
-    catch (error) {
-        throw new Error(`Failed to resolve git ref '${ref}': ${error instanceof Error ? error.message : String(error)}\n` +
-            'Make sure you are in a git repository and the ref exists.');
+    const gitSha = await (0, git_js_1.resolveGitRef)(context, projectId, ref, repoDir);
+    if (!json && ref !== gitSha) {
+        console.log(`Resolved ref '${ref}' → ${gitSha.substring(0, 8)}...`);
     }
     if (!json) {
         console.log(`Deploying commit ${gitSha.substring(0, 8)} to ${envName}...`);
@@ -434,21 +425,6 @@ function buildQuery(params) {
     const query = search.toString();
     return query ? `?${query}` : '';
 }
-/**
- * Get current git SHA from working directory
- */
-function getGitSha() {
-    try {
-        const sha = (0, child_process_1.execSync)('git rev-parse HEAD', {
-            encoding: 'utf8',
-            stdio: ['pipe', 'pipe', 'pipe'],
-        }).trim();
-        return sha;
-    }
-    catch {
-        return null;
-    }
-}
 /**
  * Format environments as a human-readable table
  */

package/dist/commands/integrations.js

@@ -0,0 +1,73 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.handleIntegrations = handleIntegrations;
+const args_1 = require("../lib/args");
+const client_1 = require("../lib/client");
+const output_1 = require("../lib/output");
+async function handleIntegrations(subcommand, positionals, flags, context) {
+    const json = Boolean(flags.json);
+    const orgId = (0, args_1.getStringFlag)(flags, ['org']) ?? context.orgId;
+    switch (subcommand) {
+        case 'list': {
+            if (!orgId) {
+                throw new Error('Usage: eve integrations list --org <org_id>');
+            }
+            const response = await (0, client_1.requestJson)(context, `/orgs/${orgId}/integrations`);
+            (0, output_1.outputJson)(response, json);
+            return;
+        }
+        case 'slack': {
+            const action = positionals[0];
+            if (action !== 'connect') {
+                throw new Error('Usage: eve integrations slack connect --org <org_id> --team-id <team_id> [--token <token>]');
+            }
+            if (!orgId) {
+                throw new Error('Missing org id. Provide --org or set a profile default.');
+            }
+            const teamId = (0, args_1.getStringFlag)(flags, ['team-id']);
+            if (!teamId) {
+                throw new Error('Missing --team-id');
+            }
+            const token = (0, args_1.getStringFlag)(flags, ['token']);
+            const tokensJsonFlag = (0, args_1.getStringFlag)(flags, ['tokens-json']);
+            const status = (0, args_1.getStringFlag)(flags, ['status']);
+            let tokensJson;
+            if (tokensJsonFlag) {
+                try {
+                    const parsed = JSON.parse(tokensJsonFlag);
+                    if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
+                        tokensJson = parsed;
+                    }
+                }
+                catch (error) {
+                    throw new Error('Invalid --tokens-json (must be JSON object)');
+                }
+            }
+            if (!tokensJson && token) {
+                tokensJson = { access_token: token };
+            }
+            const body = { team_id: teamId };
+            if (tokensJson)
+                body.tokens_json = tokensJson;
+            if (status)
+                body.status = status;
+            const response = await (0, client_1.requestJson)(context, `/orgs/${orgId}/integrations/slack/connect`, { method: 'POST', body });
+            (0, output_1.outputJson)(response, json, `✓ Slack integration connected: ${response.id}`);
+            return;
+        }
+        case 'test': {
+            const integrationId = positionals[0];
+            if (!integrationId) {
+                throw new Error('Usage: eve integrations test <integration_id>');
+            }
+            if (!orgId) {
+                throw new Error('Missing org id. Provide --org or set a profile default.');
+            }
+            const response = await (0, client_1.requestJson)(context, `/orgs/${orgId}/integrations/${integrationId}/test`, { method: 'POST' });
+            (0, output_1.outputJson)(response, json, response.ok ? '✓ Integration test ok' : 'Integration test failed');
+            return;
+        }
+        default:
+            throw new Error('Usage: eve integrations <list|slack|test>');
+    }
+}